diff --git a/Documentation/dontdiff b/Documentation/dontdiff
-index dfa6fc6..df93044 100644
+index 0c083c5..bf13011 100644
--- a/Documentation/dontdiff
+++ b/Documentation/dontdiff
@@ -2,9 +2,11 @@
*_vga16.c
*~
\#*#
-@@ -70,6 +75,7 @@ Kerntypes
+@@ -69,6 +74,7 @@ Image
Module.markers
Module.symvers
PENDING
SCCS
System.map*
TAGS
-@@ -93,19 +99,24 @@ bounds.h
+@@ -92,19 +98,24 @@ bounds.h
bsetup
btfixupprep
build
conmakehash
consolemap_deftbl.c*
cpustr.h
-@@ -116,9 +127,11 @@ devlist.h*
+@@ -115,9 +126,11 @@ devlist.h*
dnotify_test
docproc
dslm
fixdep
flask.h
fore200e_mkfirm
-@@ -126,12 +139,15 @@ fore200e_pca_fw.c*
+@@ -125,12 +138,15 @@ fore200e_pca_fw.c*
gconf
gconf.glade.h
gen-devlist
hpet_example
hugepage-mmap
hugepage-shm
-@@ -146,7 +162,7 @@ int32.c
+@@ -145,7 +161,7 @@ int32.c
int4.c
int8.c
kallsyms
keywords.c
ksym.c*
ksym.h*
-@@ -154,7 +170,7 @@ kxgettext
+@@ -153,7 +169,7 @@ kxgettext
lkc_defs.h
lex.c
lex.*.c
logo_*.c
logo_*_clut224.c
logo_*_mono.c
-@@ -166,14 +182,15 @@ machtypes.h
+@@ -165,14 +181,15 @@ machtypes.h
map
map_hugetlb
maui_boot.h
mkprep
mkregtable
mktables
-@@ -209,6 +226,7 @@ r300_reg_safe.h
+@@ -208,6 +225,7 @@ r300_reg_safe.h
r420_reg_safe.h
r600_reg_safe.h
recordmcount
relocs
rlim_names.h
rn50_reg_safe.h
-@@ -219,6 +237,7 @@ setup
+@@ -218,6 +236,7 @@ setup
setup.bin
setup.elf
sImage
sm_tbl*
split-include
syscalltab.h
-@@ -229,6 +248,7 @@ tftpboot.img
+@@ -228,6 +247,7 @@ tftpboot.img
timeconst.h
times.h*
trix_boot.h
utsrelease.h*
vdso-syms.lds
vdso.lds
-@@ -246,7 +266,9 @@ vmlinux
+@@ -245,7 +265,9 @@ vmlinux
vmlinux-*
vmlinux.aout
vmlinux.bin.all
vmlinuz
voffset.h
vsyscall.lds
-@@ -254,9 +276,11 @@ vsyscall_32.lds
+@@ -253,9 +275,11 @@ vsyscall_32.lds
wanxlfw.inc
uImage
unifdef
+zconf.lex.c
zoffset.h
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
-index 81c287f..d456d02 100644
+index d99fd9c..8689fef 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
-@@ -1935,6 +1935,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -1977,6 +1977,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
the specified number of seconds. This is to be used if
your oopses keep scrolling off the screen.
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 15e80f1..4fb87db 100644
+index 9cd6941..92e68ff 100644
--- a/Makefile
+++ b/Makefile
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
$(Q)$(MAKE) $(build)=scripts/basic
$(Q)rm -f .tmp_quiet_recordmcount
-@@ -564,6 +565,53 @@ else
+@@ -564,6 +565,55 @@ else
KBUILD_CFLAGS += -O2
endif
+ifndef DISABLE_PAX_PLUGINS
+ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y)
+ifndef DISABLE_PAX_CONSTIFY_PLUGIN
++ifndef CONFIG_UML
+CONSTIFY_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN
+endif
++endif
+ifdef CONFIG_PAX_MEMORY_STACKLEAK
+STACKLEAK_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -DSTACKLEAK_PLUGIN
+STACKLEAK_PLUGIN_CFLAGS += -fplugin-arg-stackleak_plugin-track-lowest-sp=100
+endif
+COLORIZE_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/colorize_plugin.so
+ifdef CONFIG_PAX_SIZE_OVERFLOW
-+SIZE_OVERFLOW_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/size_overflow_plugin.so -DSIZE_OVERFLOW_PLUGIN
++SIZE_OVERFLOW_PLUGIN := -fplugin=$(objtree)/tools/gcc/size_overflow_plugin.so -DSIZE_OVERFLOW_PLUGIN
+endif
+GCC_PLUGINS_CFLAGS := $(CONSTIFY_PLUGIN_CFLAGS) $(STACKLEAK_PLUGIN_CFLAGS) $(KALLOCSTAT_PLUGIN_CFLAGS)
-+GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS) $(SIZE_OVERFLOW_PLUGIN_CFLAGS)
++GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS) $(SIZE_OVERFLOW_PLUGIN)
+GCC_PLUGINS_AFLAGS := $(KERNEXEC_PLUGIN_AFLAGS)
+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN SIZE_OVERFLOW_PLUGIN
+ifeq ($(KBUILD_EXTMOD),)
include $(srctree)/arch/$(SRCARCH)/Makefile
ifneq ($(CONFIG_FRAME_WARN),0)
-@@ -708,7 +756,7 @@ export mod_strip_cmd
+@@ -708,7 +758,7 @@ export mod_strip_cmd
ifeq ($(KBUILD_EXTMOD),)
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -932,6 +980,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE
+@@ -932,6 +982,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE
# The actual objects are generated when descending,
# make sure no implicit rule kicks in
$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
# Handle descending into subdirectories listed in $(vmlinux-dirs)
-@@ -941,7 +991,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
+@@ -941,7 +993,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
$(Q)$(MAKE) $(build)=$@
# Store (new) KERNELRELASE string in include/config/kernel.release
-@@ -985,6 +1035,7 @@ prepare0: archprepare FORCE
+@@ -985,6 +1037,7 @@ prepare0: archprepare FORCE
$(Q)$(MAKE) $(build)=.
# All the preparing..
prepare: prepare0
# Generate some files
-@@ -1086,6 +1137,8 @@ all: modules
+@@ -1089,6 +1142,8 @@ all: modules
# using awk while concatenating to the final file.
PHONY += modules
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
@$(kecho) ' Building modules, stage 2.';
-@@ -1101,7 +1154,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
+@@ -1104,7 +1159,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
# Target to prepare building external modules
PHONY += modules_prepare
# Target to install modules
PHONY += modules_install
-@@ -1198,6 +1251,7 @@ distclean: mrproper
+@@ -1201,6 +1256,7 @@ distclean: mrproper
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
-o -name '.*.rej' \
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1358,6 +1412,8 @@ PHONY += $(module-dirs) modules
+@@ -1361,6 +1417,8 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1484,17 +1540,21 @@ else
+@@ -1487,17 +1545,21 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1504,11 +1564,15 @@ endif
+@@ -1507,11 +1569,15 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
/* $0 is set by ld.so to a pointer to a function which might be
registered using atexit. This provides a mean for the dynamic
linker to call DT_FINI functions for shared libraries that have
+diff --git a/arch/alpha/include/asm/pgalloc.h b/arch/alpha/include/asm/pgalloc.h
+index bc2a0da..8ad11ee 100644
+--- a/arch/alpha/include/asm/pgalloc.h
++++ b/arch/alpha/include/asm/pgalloc.h
+@@ -29,6 +29,12 @@ pgd_populate(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd)
+ pgd_set(pgd, pmd);
+ }
+
++static inline void
++pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd)
++{
++ pgd_populate(mm, pgd, pmd);
++}
++
+ extern pgd_t *pgd_alloc(struct mm_struct *mm);
+
+ static inline void
diff --git a/arch/alpha/include/asm/pgtable.h b/arch/alpha/include/asm/pgtable.h
index de98a73..bd4f1f8 100644
--- a/arch/alpha/include/asm/pgtable.h
/* Allow reads even for write-only mappings */
if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
-index 86976d0..683de93 100644
+index 86976d0..8e07f84 100644
--- a/arch/arm/include/asm/atomic.h
+++ b/arch/arm/include/asm/atomic.h
@@ -15,6 +15,10 @@
static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr)
{
unsigned long tmp, tmp2;
-@@ -207,6 +349,10 @@ static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr)
+@@ -165,7 +307,9 @@ static inline int atomic_add_return(int i, atomic_t *v)
+
+ return val;
+ }
++#define atomic_add_return_unchecked(i, v) atomic_add_return(i, v)
+ #define atomic_add(i, v) (void) atomic_add_return(i, v)
++#define atomic_add_unchecked(i, v) (void) atomic_add_return_unchecked(i, v)
+
+ static inline int atomic_sub_return(int i, atomic_t *v)
+ {
+@@ -179,7 +323,9 @@ static inline int atomic_sub_return(int i, atomic_t *v)
+
+ return val;
+ }
++#define atomic_sub_return_unchecked(i, v) atomic_sub_return(i, v)
+ #define atomic_sub(i, v) (void) atomic_sub_return(i, v)
++#define atomic_sub_unchecked(i, v) (void) atomic_sub_return_unchecked(i, v)
+
+ static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
+ {
+@@ -194,6 +340,7 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
+
+ return ret;
+ }
++#define atomic_cmpxchg_unchecked(v, o, n) atomic_cmpxchg(v, o, n)
+
+ static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr)
+ {
+@@ -207,6 +354,10 @@ static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr)
#endif /* __LINUX_ARM_ARCH__ */
#define atomic_xchg(v, new) (xchg(&((v)->counter), new))
static inline int __atomic_add_unless(atomic_t *v, int a, int u)
{
-@@ -219,11 +365,27 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
+@@ -219,11 +370,27 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
}
#define atomic_inc(v) atomic_add(1, v)
#define atomic_dec_return(v) (atomic_sub_return(1, v))
#define atomic_sub_and_test(i, v) (atomic_sub_return(i, v) == 0)
-@@ -239,6 +401,14 @@ typedef struct {
+@@ -239,6 +406,14 @@ typedef struct {
u64 __aligned(8) counter;
} atomic64_t;
#define ATOMIC64_INIT(i) { (i) }
static inline u64 atomic64_read(atomic64_t *v)
-@@ -254,6 +424,19 @@ static inline u64 atomic64_read(atomic64_t *v)
+@@ -254,6 +429,19 @@ static inline u64 atomic64_read(atomic64_t *v)
return result;
}
static inline void atomic64_set(atomic64_t *v, u64 i)
{
u64 tmp;
-@@ -268,6 +451,20 @@ static inline void atomic64_set(atomic64_t *v, u64 i)
+@@ -268,6 +456,20 @@ static inline void atomic64_set(atomic64_t *v, u64 i)
: "cc");
}
static inline void atomic64_add(u64 i, atomic64_t *v)
{
u64 result;
-@@ -276,6 +473,36 @@ static inline void atomic64_add(u64 i, atomic64_t *v)
+@@ -276,6 +478,36 @@ static inline void atomic64_add(u64 i, atomic64_t *v)
__asm__ __volatile__("@ atomic64_add\n"
"1: ldrexd %0, %H0, [%3]\n"
" adds %0, %0, %4\n"
" adc %H0, %H0, %H4\n"
" strexd %1, %0, %H0, [%3]\n"
" teq %1, #0\n"
-@@ -287,12 +514,49 @@ static inline void atomic64_add(u64 i, atomic64_t *v)
+@@ -287,12 +519,49 @@ static inline void atomic64_add(u64 i, atomic64_t *v)
static inline u64 atomic64_add_return(u64 i, atomic64_t *v)
{
"1: ldrexd %0, %H0, [%3]\n"
" adds %0, %0, %4\n"
" adc %H0, %H0, %H4\n"
-@@ -316,6 +580,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *v)
+@@ -316,6 +585,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *v)
__asm__ __volatile__("@ atomic64_sub\n"
"1: ldrexd %0, %H0, [%3]\n"
" subs %0, %0, %4\n"
" sbc %H0, %H0, %H4\n"
" strexd %1, %0, %H0, [%3]\n"
" teq %1, #0\n"
-@@ -327,18 +621,32 @@ static inline void atomic64_sub(u64 i, atomic64_t *v)
+@@ -327,18 +626,32 @@ static inline void atomic64_sub(u64 i, atomic64_t *v)
static inline u64 atomic64_sub_return(u64 i, atomic64_t *v)
{
: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter), "r" (i)
: "cc");
-@@ -372,6 +680,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new)
+@@ -372,6 +685,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new)
return oldval;
}
static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new)
{
u64 result;
-@@ -395,21 +727,34 @@ static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new)
+@@ -395,21 +732,34 @@ static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new)
static inline u64 atomic64_dec_if_positive(atomic64_t *v)
{
: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter)
: "cc");
-@@ -432,13 +777,25 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u)
+@@ -432,13 +782,25 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u)
" teq %0, %5\n"
" teqeq %H0, %H5\n"
" moveq %1, #0\n"
: "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter), "r" (u), "r" (a)
: "cc");
-@@ -451,10 +808,13 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u)
+@@ -451,10 +813,13 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u)
#define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0)
#define atomic64_inc(v) atomic64_add(1LL, (v))
#ifdef CONFIG_OUTER_CACHE
diff --git a/arch/arm/include/asm/page.h b/arch/arm/include/asm/page.h
-index ca94653..6ac0d56 100644
+index 97b440c..b7ff179 100644
--- a/arch/arm/include/asm/page.h
+++ b/arch/arm/include/asm/page.h
@@ -123,7 +123,7 @@ struct cpu_user_fns {
#ifdef MULTI_USER
extern struct cpu_user_fns cpu_user;
+diff --git a/arch/arm/include/asm/pgalloc.h b/arch/arm/include/asm/pgalloc.h
+index 943504f..bf8d667 100644
+--- a/arch/arm/include/asm/pgalloc.h
++++ b/arch/arm/include/asm/pgalloc.h
+@@ -43,6 +43,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
+ set_pud(pud, __pud(__pa(pmd) | PMD_TYPE_TABLE));
+ }
+
++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
++{
++ pud_populate(mm, pud, pmd);
++}
++
+ #else /* !CONFIG_ARM_LPAE */
+
+ /*
+@@ -51,6 +56,7 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
+ #define pmd_alloc_one(mm,addr) ({ BUG(); ((pmd_t *)2); })
+ #define pmd_free(mm, pmd) do { } while (0)
+ #define pud_populate(mm,pmd,pte) BUG()
++#define pud_populate_kernel(mm,pmd,pte) BUG()
+
+ #endif /* CONFIG_ARM_LPAE */
+
diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h
-index 984014b..a6d914f 100644
+index e4c96cc..1145653 100644
--- a/arch/arm/include/asm/system.h
+++ b/arch/arm/include/asm/system.h
-@@ -90,6 +90,8 @@ void hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int,
+@@ -98,6 +98,8 @@ void hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int,
#define xchg(ptr,x) \
((__typeof__(*(ptr)))__xchg((unsigned long)(x),(ptr),sizeof(*(ptr))))
extern asmlinkage void c_backtrace(unsigned long fp, int pmode);
-@@ -101,7 +103,7 @@ extern int __pure cpu_architecture(void);
- extern void cpu_init(void);
-
- void arm_machine_restart(char mode, const char *cmd);
--extern void (*arm_pm_restart)(char str, const char *cmd);
-+extern void (*arm_pm_restart)(char str, const char *cmd) __noreturn;
-
- #define UDBG_UNDEFINED (1 << 0)
- #define UDBG_SYSCALL (1 << 1)
-@@ -526,6 +528,13 @@ static inline unsigned long long __cmpxchg64_mb(volatile void *ptr,
+@@ -534,6 +536,13 @@ static inline unsigned long long __cmpxchg64_mb(volatile void *ptr,
#endif /* __LINUX_ARM_ARCH__ >= 6 */
#endif /* __ASSEMBLY__ */
#define arch_align_stack(x) (x)
+diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h
+index d4c24d4..4ac53e8 100644
+--- a/arch/arm/include/asm/thread_info.h
++++ b/arch/arm/include/asm/thread_info.h
+@@ -141,6 +141,12 @@ extern void vfp_flush_hwstate(struct thread_info *);
+ #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */
+ #define TIF_SYSCALL_TRACE 8
+ #define TIF_SYSCALL_AUDIT 9
++
++/* within 8 bits of TIF_SYSCALL_TRACE
++ to meet flexible second operand requirements
++*/
++#define TIF_GRSEC_SETXID 10
++
+ #define TIF_POLLING_NRFLAG 16
+ #define TIF_USING_IWMMXT 17
+ #define TIF_MEMDIE 18 /* is terminating due to OOM killer */
+@@ -156,9 +162,11 @@ extern void vfp_flush_hwstate(struct thread_info *);
+ #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT)
+ #define _TIF_RESTORE_SIGMASK (1 << TIF_RESTORE_SIGMASK)
+ #define _TIF_SECCOMP (1 << TIF_SECCOMP)
++#define _TIF_GRSEC_SETXID (1 << TIF_GRSEC_SETXID)
+
+ /* Checks for any syscall work in entry-common.S */
+-#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT)
++#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \
++ _TIF_GRSEC_SETXID)
+
+ /*
+ * Change these and you break ASM code in entry-common.S
diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h
-index b293616..96310e5 100644
+index 2958976..12ccac4 100644
--- a/arch/arm/include/asm/uaccess.h
+++ b/arch/arm/include/asm/uaccess.h
@@ -22,6 +22,8 @@
EXPORT_SYMBOL(__get_user_1);
diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c
-index 3d0c6fb..9d326fa 100644
+index 971d65c..cc936fb 100644
--- a/arch/arm/kernel/process.c
+++ b/arch/arm/kernel/process.c
@@ -28,7 +28,6 @@
#include <linux/hw_breakpoint.h>
#include <linux/cpuidle.h>
-@@ -92,7 +91,7 @@ static int __init hlt_setup(char *__unused)
- __setup("nohlt", nohlt_setup);
- __setup("hlt", hlt_setup);
-
--void arm_machine_restart(char mode, const char *cmd)
-+__noreturn void arm_machine_restart(char mode, const char *cmd)
- {
- /* Disable interrupts first */
- local_irq_disable();
-@@ -134,7 +133,7 @@ void arm_machine_restart(char mode, const char *cmd)
- void (*pm_power_off)(void);
- EXPORT_SYMBOL(pm_power_off);
-
--void (*arm_pm_restart)(char str, const char *cmd) = arm_machine_restart;
-+void (*arm_pm_restart)(char str, const char *cmd) __noreturn = arm_machine_restart;
- EXPORT_SYMBOL_GPL(arm_pm_restart);
-
- static void do_nothing(void *unused)
-@@ -248,6 +247,7 @@ void machine_power_off(void)
+@@ -273,9 +272,10 @@ void machine_power_off(void)
machine_shutdown();
if (pm_power_off)
pm_power_off();
+ BUG();
}
- void machine_restart(char *cmd)
-@@ -484,12 +484,6 @@ unsigned long get_wchan(struct task_struct *p)
+-void machine_restart(char *cmd)
++__noreturn void machine_restart(char *cmd)
+ {
+ machine_shutdown();
+
+@@ -517,12 +517,6 @@ unsigned long get_wchan(struct task_struct *p)
return 0;
}
#ifdef CONFIG_MMU
/*
* The vectors page is always readable from user space for the
+diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
+index f5ce8ab..4b73893 100644
+--- a/arch/arm/kernel/ptrace.c
++++ b/arch/arm/kernel/ptrace.c
+@@ -905,10 +905,19 @@ long arch_ptrace(struct task_struct *child, long request,
+ return ret;
+ }
+
++#ifdef CONFIG_GRKERNSEC_SETXID
++extern void gr_delayed_cred_worker(void);
++#endif
++
+ asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno)
+ {
+ unsigned long ip;
+
++#ifdef CONFIG_GRKERNSEC_SETXID
++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID)))
++ gr_delayed_cred_worker();
++#endif
++
+ if (why)
+ audit_syscall_exit(regs);
+ else
diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c
-index 8fc2c8f..064c150 100644
+index a255c39..4a19b25 100644
--- a/arch/arm/kernel/setup.c
+++ b/arch/arm/kernel/setup.c
-@@ -108,13 +108,13 @@ struct processor processor __read_mostly;
+@@ -109,13 +109,13 @@ struct processor processor __read_mostly;
struct cpu_tlb_fns cpu_tlb __read_mostly;
#endif
#ifdef MULTI_USER
#endif
diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
-index 99a5727..a3d5bb1 100644
+index f84dfe6..13e94f7 100644
--- a/arch/arm/kernel/traps.c
+++ b/arch/arm/kernel/traps.c
@@ -259,6 +259,8 @@ static int __die(const char *str, int err, struct thread_info *thread, struct pt
/*
* This function is protected against re-entrancy.
*/
-@@ -288,6 +290,9 @@ void die(const char *str, struct pt_regs *regs, int err)
+@@ -291,6 +293,9 @@ void die(const char *str, struct pt_regs *regs, int err)
panic("Fatal exception in interrupt");
if (panic_on_oops)
panic("Fatal exception");
.pushsection .fixup,"ax"
diff --git a/arch/arm/lib/uaccess.S b/arch/arm/lib/uaccess.S
-index d0ece2a..5ae2f39 100644
+index 5c908b1..e712687 100644
--- a/arch/arm/lib/uaccess.S
+++ b/arch/arm/lib/uaccess.S
@@ -20,7 +20,7 @@
* Purpose : copy a block to user memory from kernel memory
* Params : to - user memory
* : from - kernel memory
-@@ -40,7 +40,7 @@ USER( T(strgtb) r3, [r0], #1) @ May fault
+@@ -40,7 +40,7 @@ USER( TUSER( strgtb) r3, [r0], #1) @ May fault
sub r2, r2, ip
b .Lc2u_dest_aligned
stmfd sp!, {r2, r4 - r7, lr}
cmp r2, #4
blt .Lc2u_not_enough
-@@ -278,14 +278,14 @@ USER( T(strgeb) r3, [r0], #1) @ May fault
+@@ -278,14 +278,14 @@ USER( TUSER( strgeb) r3, [r0], #1) @ May fault
ldrgtb r3, [r1], #0
- USER( T(strgtb) r3, [r0], #1) @ May fault
+ USER( TUSER( strgtb) r3, [r0], #1) @ May fault
b .Lc2u_finished
-ENDPROC(__copy_to_user)
+ENDPROC(___copy_to_user)
* Purpose : copy a block from user memory to kernel memory
* Params : to - kernel memory
* : from - user memory
-@@ -304,7 +304,7 @@ USER( T(ldrgtb) r3, [r1], #1) @ May fault
+@@ -304,7 +304,7 @@ USER( TUSER( ldrgtb) r3, [r1], #1) @ May fault
sub r2, r2, ip
b .Lcfu_dest_aligned
stmfd sp!, {r0, r2, r4 - r7, lr}
cmp r2, #4
blt .Lcfu_not_enough
-@@ -544,7 +544,7 @@ USER( T(ldrgeb) r3, [r1], #1) @ May fault
- USER( T(ldrgtb) r3, [r1], #1) @ May fault
+@@ -544,7 +544,7 @@ USER( TUSER( ldrgeb) r3, [r1], #1) @ May fault
+ USER( TUSER( ldrgtb) r3, [r1], #1) @ May fault
strgtb r3, [r0], #1
b .Lcfu_finished
-ENDPROC(__copy_from_user)
/*
* This test is stubbed out of the main function above to keep
diff --git a/arch/arm/mach-omap2/board-n8x0.c b/arch/arm/mach-omap2/board-n8x0.c
-index e9d5f4a..f099699 100644
+index 6722627..8f97548c 100644
--- a/arch/arm/mach-omap2/board-n8x0.c
+++ b/arch/arm/mach-omap2/board-n8x0.c
-@@ -593,7 +593,7 @@ static int n8x0_menelaus_late_init(struct device *dev)
+@@ -597,7 +597,7 @@ static int n8x0_menelaus_late_init(struct device *dev)
}
#endif
static int mbox_show(struct seq_file *s, void *data)
{
diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
-index aa33949..d366075 100644
+index bb7eac3..3bade16 100644
--- a/arch/arm/mm/fault.c
+++ b/arch/arm/mm/fault.c
-@@ -183,6 +183,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr,
+@@ -172,6 +172,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr,
}
#endif
tsk->thread.address = addr;
tsk->thread.error_code = fsr;
tsk->thread.trap_no = 14;
-@@ -384,6 +391,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
+@@ -393,6 +400,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
}
#endif /* CONFIG_MMU */
/*
* First Level Translation Fault Handler
*
-@@ -628,6 +662,20 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs)
+@@ -573,6 +607,20 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs)
const struct fsr_info *inf = ifsr_info + fsr_fs(ifsr);
struct siginfo info;
return;
diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c
-index 44b628e..623ee2a 100644
+index ce8cb19..3ec539d 100644
--- a/arch/arm/mm/mmap.c
+++ b/arch/arm/mm/mmap.c
-@@ -54,6 +54,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -93,6 +93,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
if (len > TASK_SIZE)
return -ENOMEM;
if (addr) {
if (do_align)
addr = COLOUR_ALIGN(addr, pgoff);
-@@ -61,15 +65,14 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -100,15 +104,14 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
addr = PAGE_ALIGN(addr);
vma = find_vma(mm, addr);
- start_addr = addr = mm->free_area_cache;
+ start_addr = addr = mm->free_area_cache;
} else {
-- start_addr = addr = TASK_UNMAPPED_BASE;
+- start_addr = addr = mm->mmap_base;
- mm->cached_hole_size = 0;
+ start_addr = addr = mm->mmap_base;
+ mm->cached_hole_size = 0;
}
- /* 8 bits of randomness in 20 address space bits */
- if ((current->flags & PF_RANDOMIZE) &&
-@@ -89,14 +92,14 @@ full_search:
+
+ full_search:
+@@ -124,14 +127,14 @@ full_search:
* Start a new search - just in case we missed
* some holes.
*/
/*
* Remember the place where we stopped the search:
*/
+@@ -266,10 +269,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+
+ if (mmap_is_legacy()) {
+ mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
++
++#ifdef CONFIG_PAX_RANDMMAP
++ if (mm->pax_flags & MF_PAX_RANDMMAP)
++ mm->mmap_base += mm->delta_mmap;
++#endif
++
+ mm->get_unmapped_area = arch_get_unmapped_area;
+ mm->unmap_area = arch_unmap_area;
+ } else {
+ mm->mmap_base = mmap_base(random_factor);
++
++#ifdef CONFIG_PAX_RANDMMAP
++ if (mm->pax_flags & MF_PAX_RANDMMAP)
++ mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
++#endif
++
+ mm->get_unmapped_area = arch_get_unmapped_area_topdown;
+ mm->unmap_area = arch_unmap_area_topdown;
+ }
diff --git a/arch/arm/plat-samsung/include/plat/dma-ops.h b/arch/arm/plat-samsung/include/plat/dma-ops.h
-index 4c1a363..df311d0 100644
+index 71a6827..e7fbc23 100644
--- a/arch/arm/plat-samsung/include/plat/dma-ops.h
+++ b/arch/arm/plat-samsung/include/plat/dma-ops.h
-@@ -41,7 +41,7 @@ struct samsung_dma_ops {
+@@ -43,7 +43,7 @@ struct samsung_dma_ops {
int (*started)(unsigned ch);
int (*flush)(unsigned ch);
int (*stop)(unsigned ch);
#define PT_IA_64_UNWIND 0x70000001
/* IA-64 relocations: */
+diff --git a/arch/ia64/include/asm/pgalloc.h b/arch/ia64/include/asm/pgalloc.h
+index 96a8d92..617a1cf 100644
+--- a/arch/ia64/include/asm/pgalloc.h
++++ b/arch/ia64/include/asm/pgalloc.h
+@@ -39,6 +39,12 @@ pgd_populate(struct mm_struct *mm, pgd_t * pgd_entry, pud_t * pud)
+ pgd_val(*pgd_entry) = __pa(pud);
+ }
+
++static inline void
++pgd_populate_kernel(struct mm_struct *mm, pgd_t * pgd_entry, pud_t * pud)
++{
++ pgd_populate(mm, pgd_entry, pud);
++}
++
+ static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr)
+ {
+ return quicklist_alloc(0, GFP_KERNEL, NULL);
+@@ -57,6 +63,12 @@ pud_populate(struct mm_struct *mm, pud_t * pud_entry, pmd_t * pmd)
+ pud_val(*pud_entry) = __pa(pmd);
+ }
+
++static inline void
++pud_populate_kernel(struct mm_struct *mm, pud_t * pud_entry, pmd_t * pmd)
++{
++ pud_populate(mm, pud_entry, pmd);
++}
++
+ static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr)
+ {
+ return quicklist_alloc(0, GFP_KERNEL, NULL);
diff --git a/arch/ia64/include/asm/pgtable.h b/arch/ia64/include/asm/pgtable.h
index 1a97af3..7529d31 100644
--- a/arch/ia64/include/asm/pgtable.h
addr = ALIGN(vmm->vm_end, HPAGE_SIZE);
}
diff --git a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c
-index 00cb0e2..2ad8024 100644
+index 13df239d..cb52116 100644
--- a/arch/ia64/mm/init.c
+++ b/arch/ia64/mm/init.c
-@@ -120,6 +120,19 @@ ia64_init_addr_space (void)
+@@ -121,6 +121,19 @@ ia64_init_addr_space (void)
vma->vm_start = current->thread.rbs_bot & PAGE_MASK;
vma->vm_end = vma->vm_start + PAGE_SIZE;
vma->vm_flags = VM_DATA_DEFAULT_FLAGS|VM_GROWSUP|VM_ACCOUNT;
-
#endif /* _ASM_ELF_H */
diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h
-index e59cd1a..8e329d6 100644
+index da9bd7d..91aa7ab 100644
--- a/arch/mips/include/asm/page.h
+++ b/arch/mips/include/asm/page.h
-@@ -93,7 +93,7 @@ extern void copy_user_highpage(struct page *to, struct page *from,
+@@ -98,7 +98,7 @@ extern void copy_user_highpage(struct page *to, struct page *from,
#ifdef CONFIG_CPU_MIPS32
typedef struct { unsigned long pte_low, pte_high; } pte_t;
#define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32))
#else
typedef struct { unsigned long long pte; } pte_t;
#define pte_val(x) ((x).pte)
+diff --git a/arch/mips/include/asm/pgalloc.h b/arch/mips/include/asm/pgalloc.h
+index 881d18b..cea38bc 100644
+--- a/arch/mips/include/asm/pgalloc.h
++++ b/arch/mips/include/asm/pgalloc.h
+@@ -37,6 +37,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
+ {
+ set_pud(pud, __pud((unsigned long)pmd));
+ }
++
++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
++{
++ pud_populate(mm, pud, pmd);
++}
+ #endif
+
+ /*
diff --git a/arch/mips/include/asm/system.h b/arch/mips/include/asm/system.h
index 6018c80..7c37203 100644
--- a/arch/mips/include/asm/system.h
+#define arch_align_stack(x) ((x) & ~0xfUL)
#endif /* _ASM_SYSTEM_H */
+diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h
+index 0d85d8e..ec71487 100644
+--- a/arch/mips/include/asm/thread_info.h
++++ b/arch/mips/include/asm/thread_info.h
+@@ -123,6 +123,8 @@ register struct thread_info *__current_thread_info __asm__("$28");
+ #define TIF_32BIT_ADDR 23 /* 32-bit address space (o32/n32) */
+ #define TIF_FPUBOUND 24 /* thread bound to FPU-full CPU set */
+ #define TIF_LOAD_WATCH 25 /* If set, load watch registers */
++/* li takes a 32bit immediate */
++#define TIF_GRSEC_SETXID 29 /* update credentials on syscall entry/exit */
+ #define TIF_SYSCALL_TRACE 31 /* syscall trace active */
+
+ #ifdef CONFIG_MIPS32_O32
+@@ -146,15 +148,18 @@ register struct thread_info *__current_thread_info __asm__("$28");
+ #define _TIF_32BIT_ADDR (1<<TIF_32BIT_ADDR)
+ #define _TIF_FPUBOUND (1<<TIF_FPUBOUND)
+ #define _TIF_LOAD_WATCH (1<<TIF_LOAD_WATCH)
++#define _TIF_GRSEC_SETXID (1<<TIF_GRSEC_SETXID)
++
++#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_GRSEC_SETXID)
+
+ /* work to do in syscall_trace_leave() */
+-#define _TIF_WORK_SYSCALL_EXIT (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT)
++#define _TIF_WORK_SYSCALL_EXIT (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_GRSEC_SETXID)
+
+ /* work to do on interrupt/exception return */
+ #define _TIF_WORK_MASK (0x0000ffef & \
+ ~(_TIF_SECCOMP | _TIF_SYSCALL_AUDIT))
+ /* work to do on any return to u-space */
+-#define _TIF_ALLWORK_MASK (0x8000ffff & ~_TIF_SECCOMP)
++#define _TIF_ALLWORK_MASK ((0x8000ffff & ~_TIF_SECCOMP) | _TIF_GRSEC_SETXID)
+
+ #endif /* __KERNEL__ */
+
diff --git a/arch/mips/kernel/binfmt_elfn32.c b/arch/mips/kernel/binfmt_elfn32.c
index 9fdd8bc..4bd7f1a 100644
--- a/arch/mips/kernel/binfmt_elfn32.c
/*
diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c
-index c47f96e..661d418 100644
+index 7955409..ceaea7c 100644
--- a/arch/mips/kernel/process.c
+++ b/arch/mips/kernel/process.c
-@@ -481,15 +481,3 @@ unsigned long get_wchan(struct task_struct *task)
+@@ -483,15 +483,3 @@ unsigned long get_wchan(struct task_struct *task)
out:
return pc;
}
-
- return sp & ALMASK;
-}
+diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
+index 7786b60..3e38c72 100644
+--- a/arch/mips/kernel/ptrace.c
++++ b/arch/mips/kernel/ptrace.c
+@@ -529,6 +529,10 @@ static inline int audit_arch(void)
+ return arch;
+ }
+
++#ifdef CONFIG_GRKERNSEC_SETXID
++extern void gr_delayed_cred_worker(void);
++#endif
++
+ /*
+ * Notification of system call entry/exit
+ * - triggered by current->work.syscall_trace
+@@ -538,6 +542,11 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs)
+ /* do the secure computing check first */
+ secure_computing(regs->regs[2]);
+
++#ifdef CONFIG_GRKERNSEC_SETXID
++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID)))
++ gr_delayed_cred_worker();
++#endif
++
+ if (!(current->ptrace & PT_PTRACED))
+ goto out;
+
+diff --git a/arch/mips/kernel/scall32-o32.S b/arch/mips/kernel/scall32-o32.S
+index a632bc1..0b77c7c 100644
+--- a/arch/mips/kernel/scall32-o32.S
++++ b/arch/mips/kernel/scall32-o32.S
+@@ -52,7 +52,7 @@ NESTED(handle_sys, PT_SIZE, sp)
+
+ stack_done:
+ lw t0, TI_FLAGS($28) # syscall tracing enabled?
+- li t1, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT
++ li t1, _TIF_SYSCALL_WORK
+ and t0, t1
+ bnez t0, syscall_trace_entry # -> yes
+
+diff --git a/arch/mips/kernel/scall64-64.S b/arch/mips/kernel/scall64-64.S
+index 3b5a5e9..e1ee86d 100644
+--- a/arch/mips/kernel/scall64-64.S
++++ b/arch/mips/kernel/scall64-64.S
+@@ -54,7 +54,7 @@ NESTED(handle_sys64, PT_SIZE, sp)
+
+ sd a3, PT_R26(sp) # save a3 for syscall restarting
+
+- li t1, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT
++ li t1, _TIF_SYSCALL_WORK
+ LONG_L t0, TI_FLAGS($28) # syscall tracing enabled?
+ and t0, t1, t0
+ bnez t0, syscall_trace_entry
+diff --git a/arch/mips/kernel/scall64-n32.S b/arch/mips/kernel/scall64-n32.S
+index 6be6f70..1859577 100644
+--- a/arch/mips/kernel/scall64-n32.S
++++ b/arch/mips/kernel/scall64-n32.S
+@@ -53,7 +53,7 @@ NESTED(handle_sysn32, PT_SIZE, sp)
+
+ sd a3, PT_R26(sp) # save a3 for syscall restarting
+
+- li t1, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT
++ li t1, _TIF_SYSCALL_WORK
+ LONG_L t0, TI_FLAGS($28) # syscall tracing enabled?
+ and t0, t1, t0
+ bnez t0, n32_syscall_trace_entry
+diff --git a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S
+index 5422855..74e63a3 100644
+--- a/arch/mips/kernel/scall64-o32.S
++++ b/arch/mips/kernel/scall64-o32.S
+@@ -81,7 +81,7 @@ NESTED(handle_sys, PT_SIZE, sp)
+ PTR 4b, bad_stack
+ .previous
+
+- li t1, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT
++ li t1, _TIF_SYSCALL_WORK
+ LONG_L t0, TI_FLAGS($28) # syscall tracing enabled?
+ and t0, t1, t0
+ bnez t0, trace_a_syscall
diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c
-index 937cf33..adb39bb 100644
+index 69ebd58..e4bff83 100644
--- a/arch/mips/mm/fault.c
+++ b/arch/mips/mm/fault.c
@@ -28,6 +28,23 @@
/* This yields a mask that user programs can use to figure out what
instruction set this CPU supports. This could be done in user space,
but it's not easy, and we've already done it here. */
+diff --git a/arch/parisc/include/asm/pgalloc.h b/arch/parisc/include/asm/pgalloc.h
+index fc987a1..6e068ef 100644
+--- a/arch/parisc/include/asm/pgalloc.h
++++ b/arch/parisc/include/asm/pgalloc.h
+@@ -61,6 +61,11 @@ static inline void pgd_populate(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd)
+ (__u32)(__pa((unsigned long)pmd) >> PxD_VALUE_SHIFT));
+ }
+
++static inline void pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd)
++{
++ pgd_populate(mm, pgd, pmd);
++}
++
+ static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long address)
+ {
+ pmd_t *pmd = (pmd_t *)__get_free_pages(GFP_KERNEL|__GFP_REPEAT,
+@@ -93,6 +98,7 @@ static inline void pmd_free(struct mm_struct *mm, pmd_t *pmd)
+ #define pmd_alloc_one(mm, addr) ({ BUG(); ((pmd_t *)2); })
+ #define pmd_free(mm, x) do { } while (0)
+ #define pgd_populate(mm, pmd, pte) BUG()
++#define pgd_populate_kernel(mm, pmd, pte) BUG()
+
+ #endif
+
diff --git a/arch/parisc/include/asm/pgtable.h b/arch/parisc/include/asm/pgtable.h
index 22dadeb..f6c2be4 100644
--- a/arch/parisc/include/asm/pgtable.h
return (vm_flags & VM_SAO) ? __pgprot(_PAGE_SAO) : __pgprot(0);
}
diff --git a/arch/powerpc/include/asm/page.h b/arch/powerpc/include/asm/page.h
-index dd9c4fd..a2ced87 100644
+index f072e97..b436dee 100644
--- a/arch/powerpc/include/asm/page.h
+++ b/arch/powerpc/include/asm/page.h
-@@ -141,8 +141,9 @@ extern phys_addr_t kernstart_addr;
+@@ -220,8 +220,9 @@ extern long long virt_phys_offset;
* and needs to be executable. This means the whole heap ends
* up being executable.
*/
#define VM_DATA_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \
VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
-@@ -170,6 +171,9 @@ extern phys_addr_t kernstart_addr;
+@@ -249,6 +250,9 @@ extern long long virt_phys_offset;
#define is_kernel_addr(x) ((x) >= PAGE_OFFSET)
#endif
* Use the top bit of the higher-level page table entries to indicate whether
* the entries we point to contain hugepages. This works because we know that
diff --git a/arch/powerpc/include/asm/page_64.h b/arch/powerpc/include/asm/page_64.h
-index fb40ede..d3ce956 100644
+index fed85e6..da5c71b 100644
--- a/arch/powerpc/include/asm/page_64.h
+++ b/arch/powerpc/include/asm/page_64.h
-@@ -144,15 +144,18 @@ do { \
+@@ -146,15 +146,18 @@ do { \
* stack by default, so in the absence of a PT_GNU_STACK program header
* we turn execute permission off.
*/
#include <asm-generic/getorder.h>
+diff --git a/arch/powerpc/include/asm/pgalloc-64.h b/arch/powerpc/include/asm/pgalloc-64.h
+index 292725c..f87ae14 100644
+--- a/arch/powerpc/include/asm/pgalloc-64.h
++++ b/arch/powerpc/include/asm/pgalloc-64.h
+@@ -50,6 +50,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd)
+ #ifndef CONFIG_PPC_64K_PAGES
+
+ #define pgd_populate(MM, PGD, PUD) pgd_set(PGD, PUD)
++#define pgd_populate_kernel(MM, PGD, PUD) pgd_populate((MM), (PGD), (PUD))
+
+ static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr)
+ {
+@@ -67,6 +68,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
+ pud_set(pud, (unsigned long)pmd);
+ }
+
++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
++{
++ pud_populate(mm, pud, pmd);
++}
++
+ #define pmd_populate(mm, pmd, pte_page) \
+ pmd_populate_kernel(mm, pmd, page_address(pte_page))
+ #define pmd_populate_kernel(mm, pmd, pte) pmd_set(pmd, (unsigned long)(pte))
+@@ -76,6 +82,7 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
+ #else /* CONFIG_PPC_64K_PAGES */
+
+ #define pud_populate(mm, pud, pmd) pud_set(pud, (unsigned long)pmd)
++#define pud_populate_kernel(mm, pud, pmd) pud_populate((mm), (pud), (pmd))
+
+ static inline void pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmd,
+ pte_t *pte)
diff --git a/arch/powerpc/include/asm/pgtable.h b/arch/powerpc/include/asm/pgtable.h
-index 88b0bd9..e32bc67 100644
+index 2e0e411..7899c68 100644
--- a/arch/powerpc/include/asm/pgtable.h
+++ b/arch/powerpc/include/asm/pgtable.h
@@ -2,6 +2,7 @@
#define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */
#define _PAGE_WRITETHRU 0x040 /* W: cache write-through */
diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h
-index 559da19..7e5835c 100644
+index 7fdc2c0..e47a9b02d3 100644
--- a/arch/powerpc/include/asm/reg.h
+++ b/arch/powerpc/include/asm/reg.h
@@ -212,6 +212,7 @@
#define DSISR_ISSTORE 0x02000000 /* access was a store */
#define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */
diff --git a/arch/powerpc/include/asm/system.h b/arch/powerpc/include/asm/system.h
-index e30a13d..2b7d994 100644
+index c377457..3c69fbc 100644
--- a/arch/powerpc/include/asm/system.h
+++ b/arch/powerpc/include/asm/system.h
-@@ -530,7 +530,7 @@ __cmpxchg_local(volatile void *ptr, unsigned long old, unsigned long new,
+@@ -539,7 +539,7 @@ __cmpxchg_local(volatile void *ptr, unsigned long old, unsigned long new,
#define cmpxchg64_local(ptr, o, n) __cmpxchg64_local_generic((ptr), (o), (n))
#endif
/* Used in very early kernel initialization. */
extern unsigned long reloc_offset(void);
+diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h
+index 96471494..60ed5a2 100644
+--- a/arch/powerpc/include/asm/thread_info.h
++++ b/arch/powerpc/include/asm/thread_info.h
+@@ -104,13 +104,15 @@ static inline struct thread_info *current_thread_info(void)
+ #define TIF_PERFMON_CTXSW 6 /* perfmon needs ctxsw calls */
+ #define TIF_SYSCALL_AUDIT 7 /* syscall auditing active */
+ #define TIF_SINGLESTEP 8 /* singlestepping active */
+-#define TIF_MEMDIE 9 /* is terminating due to OOM killer */
+ #define TIF_SECCOMP 10 /* secure computing */
+ #define TIF_RESTOREALL 11 /* Restore all regs (implies NOERROR) */
+ #define TIF_NOERROR 12 /* Force successful syscall return */
+ #define TIF_NOTIFY_RESUME 13 /* callback before returning to user */
+ #define TIF_SYSCALL_TRACEPOINT 15 /* syscall tracepoint instrumentation */
+ #define TIF_RUNLATCH 16 /* Is the runlatch enabled? */
++#define TIF_MEMDIE 17 /* is terminating due to OOM killer */
++/* mask must be expressable within 16 bits to satisfy 'andi' instruction reqs */
++#define TIF_GRSEC_SETXID 9 /* update credentials on syscall entry/exit */
+
+ /* as above, but as bit values */
+ #define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE)
+@@ -128,8 +130,11 @@ static inline struct thread_info *current_thread_info(void)
+ #define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME)
+ #define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT)
+ #define _TIF_RUNLATCH (1<<TIF_RUNLATCH)
++#define _TIF_GRSEC_SETXID (1<<TIF_GRSEC_SETXID)
++
+ #define _TIF_SYSCALL_T_OR_A (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \
+- _TIF_SECCOMP | _TIF_SYSCALL_TRACEPOINT)
++ _TIF_SECCOMP | _TIF_SYSCALL_TRACEPOINT \
++ _TIF_GRSEC_SETXID)
+
+ #define _TIF_USER_WORK_MASK (_TIF_SIGPENDING | _TIF_NEED_RESCHED | \
+ _TIF_NOTIFY_RESUME)
diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
index bd0fb84..a42a14b 100644
--- a/arch/powerpc/include/asm/uaccess.h
ld r4,_DAR(r1)
bl .bad_page_fault
diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S
-index cf9c69b..ebc9640 100644
+index 15c5a4f..22a4000 100644
--- a/arch/powerpc/kernel/exceptions-64s.S
+++ b/arch/powerpc/kernel/exceptions-64s.S
@@ -1004,10 +1004,10 @@ handle_page_fault:
addi r3,r1,STACK_FRAME_OVERHEAD
lwz r4,_DAR(r1)
diff --git a/arch/powerpc/kernel/irq.c b/arch/powerpc/kernel/irq.c
-index 745c1e7..59d97a6 100644
+index 01e2877..a1ba360 100644
--- a/arch/powerpc/kernel/irq.c
+++ b/arch/powerpc/kernel/irq.c
-@@ -547,9 +547,6 @@ struct irq_host *irq_alloc_host(struct device_node *of_node,
+@@ -560,9 +560,6 @@ struct irq_host *irq_alloc_host(struct device_node *of_node,
host->ops = ops;
host->of_node = of_node_get(of_node);
raw_spin_lock_irqsave(&irq_big_lock, flags);
/* If it's a legacy controller, check for duplicates and
-@@ -622,7 +619,12 @@ struct irq_host *irq_find_host(struct device_node *node)
+@@ -635,7 +632,12 @@ struct irq_host *irq_find_host(struct device_node *node)
*/
raw_spin_lock_irqsave(&irq_big_lock, flags);
list_for_each_entry(h, &irq_hosts, link)
/* Find this entry, or if that fails, the next avail. entry */
while (entry->jump[0]) {
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
-index 6457574..08b28d3 100644
+index d817ab0..b23b18e 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
-@@ -660,8 +660,8 @@ void show_regs(struct pt_regs * regs)
+@@ -676,8 +676,8 @@ void show_regs(struct pt_regs * regs)
* Lookup NIP late so we have the best change of getting the
* above info out without failing
*/
#endif
show_stack(current, (unsigned long *) regs->gpr[1]);
if (!user_mode(regs))
-@@ -1165,10 +1165,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
+@@ -1181,10 +1181,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
newsp = stack[0];
ip = stack[STACK_FRAME_LR_SAVE];
if (!firstframe || ip != lr) {
(void *)current->ret_stack[curr_frame].ret);
curr_frame--;
}
-@@ -1188,7 +1188,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
+@@ -1204,7 +1204,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
struct pt_regs *regs = (struct pt_regs *)
(sp + STACK_FRAME_OVERHEAD);
lr = regs->link;
regs->trap, (void *)regs->nip, (void *)lr);
firstframe = 1;
}
-@@ -1263,58 +1263,3 @@ void thread_info_cache_init(void)
+@@ -1279,58 +1279,3 @@ void thread_info_cache_init(void)
}
#endif /* THREAD_SHIFT < PAGE_SHIFT */
-
- return ret;
-}
+diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
+index 5b43325..94a5bb4 100644
+--- a/arch/powerpc/kernel/ptrace.c
++++ b/arch/powerpc/kernel/ptrace.c
+@@ -1702,6 +1702,10 @@ long arch_ptrace(struct task_struct *child, long request,
+ return ret;
+ }
+
++#ifdef CONFIG_GRKERNSEC_SETXID
++extern void gr_delayed_cred_worker(void);
++#endif
++
+ /*
+ * We must return the syscall number to actually look up in the table.
+ * This can be -1L to skip running any syscall at all.
+@@ -1712,6 +1716,11 @@ long do_syscall_trace_enter(struct pt_regs *regs)
+
+ secure_computing(regs->gpr[0]);
+
++#ifdef CONFIG_GRKERNSEC_SETXID
++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID)))
++ gr_delayed_cred_worker();
++#endif
++
+ if (test_thread_flag(TIF_SYSCALL_TRACE) &&
+ tracehook_report_syscall_entry(regs))
+ /*
+@@ -1746,6 +1755,11 @@ void do_syscall_trace_leave(struct pt_regs *regs)
+ {
+ int step;
+
++#ifdef CONFIG_GRKERNSEC_SETXID
++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID)))
++ gr_delayed_cred_worker();
++#endif
++
+ audit_syscall_exit(regs);
+
+ if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
index 836a5a1..27289a3 100644
--- a/arch/powerpc/kernel/signal_32.c
} else {
err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]);
diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
-index 5459d14..10f8070 100644
+index c091527..5592625 100644
--- a/arch/powerpc/kernel/traps.c
+++ b/arch/powerpc/kernel/traps.c
-@@ -98,6 +98,8 @@ static void pmac_backlight_unblank(void)
- static inline void pmac_backlight_unblank(void) { }
- #endif
+@@ -131,6 +131,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs)
+ return flags;
+ }
+extern void gr_handle_kernel_exploit(void);
+
- int die(const char *str, struct pt_regs *regs, long err)
+ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
+ int signr)
{
- static struct {
-@@ -171,6 +173,8 @@ int die(const char *str, struct pt_regs *regs, long err)
+@@ -178,6 +180,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
+ panic("Fatal exception in interrupt");
if (panic_on_oops)
panic("Fatal exception");
-
++
+ gr_handle_kernel_exploit();
+
- oops_exit();
- do_exit(err);
+ do_exit(signr);
+ }
diff --git a/arch/powerpc/kernel/vdso.c b/arch/powerpc/kernel/vdso.c
index 7d14bb6..1305601 100644
EXPORT_SYMBOL(copy_in_user);
diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
-index 5efe8c9..db9ceef 100644
+index 2f0d1b0..36fb5cc 100644
--- a/arch/powerpc/mm/fault.c
+++ b/arch/powerpc/mm/fault.c
@@ -32,6 +32,10 @@
#include <mm/mmu_decl.h>
+#include <asm/ptrace.h>
- #ifdef CONFIG_KPROBES
- static inline int notify_page_fault(struct pt_regs *regs)
-@@ -66,6 +71,33 @@ static inline int notify_page_fault(struct pt_regs *regs)
+ #include "icswx.h"
+
+@@ -68,6 +73,33 @@ static inline int notify_page_fault(struct pt_regs *regs)
}
#endif
/*
* Check whether the instruction at regs->nip is a store using
* an update addressing form which will update r1.
-@@ -136,7 +168,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address,
+@@ -138,7 +170,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address,
* indicate errors in DSISR but can validly be set in SRR1.
*/
if (trap == 0x400)
else
is_write = error_code & DSISR_ISSTORE;
#else
-@@ -259,7 +291,7 @@ good_area:
+@@ -276,7 +308,7 @@ good_area:
* "undefined". Of those that can be set, this is the only
* one which seems bad.
*/
/* Guarded storage error. */
goto bad_area;
#endif /* CONFIG_8xx */
-@@ -274,7 +306,7 @@ good_area:
+@@ -291,7 +323,7 @@ good_area:
* processors use the same I/D cache coherency mechanism
* as embedded.
*/
goto bad_area;
#endif /* CONFIG_PPC_STD_MMU */
-@@ -343,6 +375,23 @@ bad_area:
+@@ -360,6 +392,23 @@ bad_area:
bad_area_nosemaphore:
/* User mode accesses cause a SIGSEGV */
if (user_mode(regs)) {
return 0;
}
diff --git a/arch/powerpc/mm/mmap_64.c b/arch/powerpc/mm/mmap_64.c
-index 5a783d8..c23e14b 100644
+index 67a42ed..1c7210c 100644
--- a/arch/powerpc/mm/mmap_64.c
+++ b/arch/powerpc/mm/mmap_64.c
-@@ -99,10 +99,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -91,10 +91,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
*/
if (mmap_is_legacy()) {
mm->mmap_base = TASK_UNMAPPED_BASE;
-
#endif
diff --git a/arch/s390/include/asm/system.h b/arch/s390/include/asm/system.h
-index ef573c1..75a1ce6 100644
+index d73cc6b..1a296ad 100644
--- a/arch/s390/include/asm/system.h
+++ b/arch/s390/include/asm/system.h
-@@ -262,7 +262,7 @@ extern void (*_machine_restart)(char *command);
+@@ -260,7 +260,7 @@ extern void (*_machine_restart)(char *command);
extern void (*_machine_halt)(void);
extern void (*_machine_power_off)(void);
if (r_type == R_390_GOTPC)
*(unsigned int *) loc = val;
diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c
-index 53088e2..9f44a36 100644
+index e795933..b32563c 100644
--- a/arch/s390/kernel/process.c
+++ b/arch/s390/kernel/process.c
-@@ -320,39 +320,3 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -323,39 +323,3 @@ unsigned long get_wchan(struct task_struct *p)
}
return 0;
}
bottomup:
/*
-diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig
-index f92602e..27060b2 100644
---- a/arch/sparc/Kconfig
-+++ b/arch/sparc/Kconfig
-@@ -31,6 +31,7 @@ config SPARC
-
- config SPARC32
- def_bool !64BIT
-+ select GENERIC_ATOMIC64
-
- config SPARC64
- def_bool 64BIT
diff --git a/arch/sparc/Makefile b/arch/sparc/Makefile
index eddcfb3..b117d90 100644
--- a/arch/sparc/Makefile
VMLINUX_MAIN += $(patsubst %/, %/lib.a, $(libs-y)) $(libs-y)
VMLINUX_MAIN += $(drivers-y) $(net-y)
-diff --git a/arch/sparc/include/asm/atomic_32.h b/arch/sparc/include/asm/atomic_32.h
-index 5c3c8b6..ba822fa 100644
---- a/arch/sparc/include/asm/atomic_32.h
-+++ b/arch/sparc/include/asm/atomic_32.h
-@@ -13,6 +13,8 @@
-
- #include <linux/types.h>
-
-+#include <asm-generic/atomic64.h>
-+
- #ifdef __KERNEL__
-
- #include <asm/system.h>
diff --git a/arch/sparc/include/asm/atomic_64.h b/arch/sparc/include/asm/atomic_64.h
index 9f421df..b81fc12 100644
--- a/arch/sparc/include/asm/atomic_64.h
extern unsigned long sparc64_elf_hwcap;
#define ELF_HWCAP sparc64_elf_hwcap
-diff --git a/arch/sparc/include/asm/page_32.h b/arch/sparc/include/asm/page_32.h
-index 156707b..aefa786 100644
---- a/arch/sparc/include/asm/page_32.h
-+++ b/arch/sparc/include/asm/page_32.h
-@@ -8,6 +8,8 @@
- #ifndef _SPARC_PAGE_H
- #define _SPARC_PAGE_H
+diff --git a/arch/sparc/include/asm/pgalloc_32.h b/arch/sparc/include/asm/pgalloc_32.h
+index ca2b344..c6084f89 100644
+--- a/arch/sparc/include/asm/pgalloc_32.h
++++ b/arch/sparc/include/asm/pgalloc_32.h
+@@ -37,6 +37,7 @@ BTFIXUPDEF_CALL(void, free_pgd_fast, pgd_t *)
+ BTFIXUPDEF_CALL(void, pgd_set, pgd_t *, pmd_t *)
+ #define pgd_set(pgdp,pmdp) BTFIXUP_CALL(pgd_set)(pgdp,pmdp)
+ #define pgd_populate(MM, PGD, PMD) pgd_set(PGD, PMD)
++#define pgd_populate_kernel(MM, PGD, PMD) pgd_populate((MM), (PGD), (PMD))
-+#include <linux/const.h>
-+
- #define PAGE_SHIFT 12
+ BTFIXUPDEF_CALL(pmd_t *, pmd_alloc_one, struct mm_struct *, unsigned long)
+ #define pmd_alloc_one(mm, address) BTFIXUP_CALL(pmd_alloc_one)(mm, address)
+diff --git a/arch/sparc/include/asm/pgalloc_64.h b/arch/sparc/include/asm/pgalloc_64.h
+index 40b2d7a..22a665b 100644
+--- a/arch/sparc/include/asm/pgalloc_64.h
++++ b/arch/sparc/include/asm/pgalloc_64.h
+@@ -26,6 +26,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd)
+ }
- #ifndef __ASSEMBLY__
+ #define pud_populate(MM, PUD, PMD) pud_set(PUD, PMD)
++#define pud_populate_kernel(MM, PUD, PMD) pud_populate((MM), (PUD), (PMD))
+
+ static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr)
+ {
diff --git a/arch/sparc/include/asm/pgtable_32.h b/arch/sparc/include/asm/pgtable_32.h
index a790cc6..091ed94 100644
--- a/arch/sparc/include/asm/pgtable_32.h
unsigned long mask, tmp1, tmp2, result;
diff --git a/arch/sparc/include/asm/thread_info_32.h b/arch/sparc/include/asm/thread_info_32.h
-index fa57532..e1a4c53 100644
+index c2a1080..21ed218 100644
--- a/arch/sparc/include/asm/thread_info_32.h
+++ b/arch/sparc/include/asm/thread_info_32.h
@@ -50,6 +50,8 @@ struct thread_info {
/*
diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h
-index 60d86be..952dea1 100644
+index 01d057f..13a7d2f 100644
--- a/arch/sparc/include/asm/thread_info_64.h
+++ b/arch/sparc/include/asm/thread_info_64.h
@@ -63,6 +63,8 @@ struct thread_info {
unsigned long fpregs[0] __attribute__ ((aligned(64)));
};
+@@ -214,10 +216,11 @@ register struct thread_info *current_thread_info_reg asm("g6");
+ #define TIF_UNALIGNED 5 /* allowed to do unaligned accesses */
+ /* flag bit 6 is available */
+ #define TIF_32BIT 7 /* 32-bit binary */
+-/* flag bit 8 is available */
++#define TIF_GRSEC_SETXID 8 /* update credentials on syscall entry/exit */
+ #define TIF_SECCOMP 9 /* secure computing */
+ #define TIF_SYSCALL_AUDIT 10 /* syscall auditing active */
+ #define TIF_SYSCALL_TRACEPOINT 11 /* syscall tracepoint instrumentation */
++
+ /* NOTE: Thread flags >= 12 should be ones we have no interest
+ * in using in assembly, else we can't use the mask as
+ * an immediate value in instructions such as andcc.
+@@ -236,12 +239,18 @@ register struct thread_info *current_thread_info_reg asm("g6");
+ #define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT)
+ #define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT)
+ #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
++#define _TIF_GRSEC_SETXID (1<<TIF_GRSEC_SETXID)
+
+ #define _TIF_USER_WORK_MASK ((0xff << TI_FLAG_WSAVED_SHIFT) | \
+ _TIF_DO_NOTIFY_RESUME_MASK | \
+ _TIF_NEED_RESCHED)
+ #define _TIF_DO_NOTIFY_RESUME_MASK (_TIF_NOTIFY_RESUME | _TIF_SIGPENDING)
+
++#define _TIF_WORK_SYSCALL \
++ (_TIF_SYSCALL_TRACE | _TIF_SECCOMP | _TIF_SYSCALL_AUDIT | \
++ _TIF_SYSCALL_TRACEPOINT | _TIF_GRSEC_SETXID)
++
++
+ /*
+ * Thread-synchronous status.
+ *
diff --git a/arch/sparc/include/asm/uaccess.h b/arch/sparc/include/asm/uaccess.h
index e88fbe5..96b0ce5 100644
--- a/arch/sparc/include/asm/uaccess.h
} while (++count < 16);
printk("\n");
diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c
-index 3739a06..48b2ff0 100644
+index 39d8b05..d1a7d90 100644
--- a/arch/sparc/kernel/process_64.c
+++ b/arch/sparc/kernel/process_64.c
-@@ -180,14 +180,14 @@ static void show_regwindow(struct pt_regs *regs)
+@@ -182,14 +182,14 @@ static void show_regwindow(struct pt_regs *regs)
printk("i4: %016lx i5: %016lx i6: %016lx i7: %016lx\n",
rwk->ins[4], rwk->ins[5], rwk->ins[6], rwk->ins[7]);
if (regs->tstate & TSTATE_PRIV)
printk("g0: %016lx g1: %016lx g2: %016lx g3: %016lx\n",
regs->u_regs[0], regs->u_regs[1], regs->u_regs[2],
regs->u_regs[3]);
-@@ -200,7 +200,7 @@ void show_regs(struct pt_regs *regs)
+@@ -202,7 +202,7 @@ void show_regs(struct pt_regs *regs)
printk("o4: %016lx o5: %016lx sp: %016lx ret_pc: %016lx\n",
regs->u_regs[12], regs->u_regs[13], regs->u_regs[14],
regs->u_regs[15]);
show_regwindow(regs);
show_stack(current, (unsigned long *) regs->u_regs[UREG_FP]);
}
-@@ -285,7 +285,7 @@ void arch_trigger_all_cpu_backtrace(void)
+@@ -287,7 +287,7 @@ void arch_trigger_all_cpu_backtrace(void)
((tp && tp->task) ? tp->task->pid : -1));
if (gp->tstate & TSTATE_PRIV) {
(void *) gp->tpc,
(void *) gp->o7,
(void *) gp->i7,
+diff --git a/arch/sparc/kernel/ptrace_64.c b/arch/sparc/kernel/ptrace_64.c
+index 9388844..0075fd2 100644
+--- a/arch/sparc/kernel/ptrace_64.c
++++ b/arch/sparc/kernel/ptrace_64.c
+@@ -1058,6 +1058,10 @@ long arch_ptrace(struct task_struct *child, long request,
+ return ret;
+ }
+
++#ifdef CONFIG_GRKERNSEC_SETXID
++extern void gr_delayed_cred_worker(void);
++#endif
++
+ asmlinkage int syscall_trace_enter(struct pt_regs *regs)
+ {
+ int ret = 0;
+@@ -1065,6 +1069,11 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs)
+ /* do the secure computing check first */
+ secure_computing(regs->u_regs[UREG_G1]);
+
++#ifdef CONFIG_GRKERNSEC_SETXID
++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID)))
++ gr_delayed_cred_worker();
++#endif
++
+ if (test_thread_flag(TIF_SYSCALL_TRACE))
+ ret = tracehook_report_syscall_entry(regs);
+
+@@ -1085,6 +1094,11 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs)
+
+ asmlinkage void syscall_trace_leave(struct pt_regs *regs)
+ {
++#ifdef CONFIG_GRKERNSEC_SETXID
++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID)))
++ gr_delayed_cred_worker();
++#endif
++
+ audit_syscall_exit(regs);
+
+ if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
diff --git a/arch/sparc/kernel/sys_sparc_32.c b/arch/sparc/kernel/sys_sparc_32.c
index 42b282f..28ce9f2 100644
--- a/arch/sparc/kernel/sys_sparc_32.c
addr = vmm->vm_end;
if (flags & MAP_SHARED)
diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c
-index 441521a..b767073 100644
+index 232df99..cee1f9c 100644
--- a/arch/sparc/kernel/sys_sparc_64.c
+++ b/arch/sparc/kernel/sys_sparc_64.c
@@ -124,7 +124,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
mm->get_unmapped_area = arch_get_unmapped_area_topdown;
mm->unmap_area = arch_unmap_area_topdown;
}
+diff --git a/arch/sparc/kernel/syscalls.S b/arch/sparc/kernel/syscalls.S
+index 1d7e274..b39c527 100644
+--- a/arch/sparc/kernel/syscalls.S
++++ b/arch/sparc/kernel/syscalls.S
+@@ -62,7 +62,7 @@ sys32_rt_sigreturn:
+ #endif
+ .align 32
+ 1: ldx [%g6 + TI_FLAGS], %l5
+- andcc %l5, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %g0
++ andcc %l5, _TIF_WORK_SYSCALL, %g0
+ be,pt %icc, rtrap
+ nop
+ call syscall_trace_leave
+@@ -179,7 +179,7 @@ linux_sparc_syscall32:
+
+ srl %i5, 0, %o5 ! IEU1
+ srl %i2, 0, %o2 ! IEU0 Group
+- andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %g0
++ andcc %l0, _TIF_WORK_SYSCALL, %g0
+ bne,pn %icc, linux_syscall_trace32 ! CTI
+ mov %i0, %l5 ! IEU1
+ call %l7 ! CTI Group brk forced
+@@ -202,7 +202,7 @@ linux_sparc_syscall:
+
+ mov %i3, %o3 ! IEU1
+ mov %i4, %o4 ! IEU0 Group
+- andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %g0
++ andcc %l0, _TIF_WORK_SYSCALL, %g0
+ bne,pn %icc, linux_syscall_trace ! CTI Group
+ mov %i0, %l5 ! IEU0
+ 2: call %l7 ! CTI Group brk forced
+@@ -226,7 +226,7 @@ ret_sys_call:
+
+ cmp %o0, -ERESTART_RESTARTBLOCK
+ bgeu,pn %xcc, 1f
+- andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %l6
++ andcc %l0, _TIF_WORK_SYSCALL, %l6
+ 80:
+ /* System call success, clear Carry condition code. */
+ andn %g3, %g2, %g3
+@@ -241,7 +241,7 @@ ret_sys_call:
+ /* System call failure, set Carry condition code.
+ * Also, get abs(errno) to return to the process.
+ */
+- andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %l6
++ andcc %l0, _TIF_WORK_SYSCALL, %l6
+ sub %g0, %o0, %o0
+ or %g3, %g2, %g3
+ stx %o0, [%sp + PTREGS_OFF + PT_V9_I0]
diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c
index 591f20c..0f1b925 100644
--- a/arch/sparc/kernel/traps_32.c
cmp %g1, %g7
bne,pn %xcc, BACKOFF_LABEL(2f, 1b)
diff --git a/arch/sparc/lib/ksyms.c b/arch/sparc/lib/ksyms.c
-index 1b30bb3..b4a16c7 100644
+index f73c224..662af10 100644
--- a/arch/sparc/lib/ksyms.c
+++ b/arch/sparc/lib/ksyms.c
-@@ -142,12 +142,18 @@ EXPORT_SYMBOL(__downgrade_write);
+@@ -136,12 +136,18 @@ EXPORT_SYMBOL(__downgrade_write);
/* Atomic counter implementation. */
EXPORT_SYMBOL(atomic_add);
/* bytes per L2 cache line */
#define L2_CACHE_SHIFT CHIP_L2_LOG_LINE_SIZE()
diff --git a/arch/um/Makefile b/arch/um/Makefile
-index 7730af6..cce5b19 100644
+index 28688e6..4c0aa1c 100644
--- a/arch/um/Makefile
+++ b/arch/um/Makefile
@@ -61,6 +61,10 @@ USER_CFLAGS = $(patsubst $(KERNEL_DEFINES),,$(patsubst -D__KERNEL__,,\
#ifndef __ASSEMBLY__
struct page;
+diff --git a/arch/um/include/asm/pgtable-3level.h b/arch/um/include/asm/pgtable-3level.h
+index 0032f92..cd151e0 100644
+--- a/arch/um/include/asm/pgtable-3level.h
++++ b/arch/um/include/asm/pgtable-3level.h
+@@ -58,6 +58,7 @@
+ #define pud_present(x) (pud_val(x) & _PAGE_PRESENT)
+ #define pud_populate(mm, pud, pmd) \
+ set_pud(pud, __pud(_PAGE_TABLE + __pa(pmd)))
++#define pud_populate_kernel(mm, pud, pmd) pud_populate((mm), (pud), (pmd))
+
+ #ifdef CONFIG_64BIT
+ #define set_pud(pudptr, pudval) set_64bit((u64 *) (pudptr), pud_val(pudval))
diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c
-index c533835..84db18e 100644
+index 69f2490..2634831 100644
--- a/arch/um/kernel/process.c
+++ b/arch/um/kernel/process.c
-@@ -406,22 +406,6 @@ int singlestepping(void * t)
+@@ -408,22 +408,6 @@ int singlestepping(void * t)
return 2;
}
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index efb4294..61bc18c 100644
+index 5bed94e..fbcf200 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
-@@ -235,7 +235,7 @@ config X86_HT
+@@ -226,7 +226,7 @@ config X86_HT
config X86_32_LAZY_GS
def_bool y
config ARCH_HWEIGHT_CFLAGS
string
-@@ -1022,7 +1022,7 @@ choice
+@@ -1058,7 +1058,7 @@ choice
config NOHIGHMEM
bool "off"
---help---
Linux can use up to 64 Gigabytes of physical memory on x86 systems.
However, the address space of 32-bit x86 processors is only 4
-@@ -1059,7 +1059,7 @@ config NOHIGHMEM
+@@ -1095,7 +1095,7 @@ config NOHIGHMEM
config HIGHMEM4G
bool "4GB"
---help---
Select this if you have a 32-bit processor and between 1 and 4
gigabytes of physical RAM.
-@@ -1113,7 +1113,7 @@ config PAGE_OFFSET
+@@ -1149,7 +1149,7 @@ config PAGE_OFFSET
hex
default 0xB0000000 if VMSPLIT_3G_OPT
default 0x80000000 if VMSPLIT_2G
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1496,6 +1496,7 @@ config SECCOMP
+@@ -1539,6 +1539,7 @@ config SECCOMP
config CC_STACKPROTECTOR
bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
---help---
This option turns on the -fstack-protector GCC feature. This
feature puts, at the beginning of functions, a canary value on
-@@ -1553,6 +1554,7 @@ config KEXEC_JUMP
+@@ -1596,6 +1597,7 @@ config KEXEC_JUMP
config PHYSICAL_START
hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP)
default "0x1000000"
---help---
This gives the physical address where the kernel is loaded.
-@@ -1616,6 +1618,7 @@ config X86_NEED_RELOCS
+@@ -1659,6 +1661,7 @@ config X86_NEED_RELOCS
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned" if X86_32
default "0x1000000"
range 0x2000 0x1000000
---help---
This value puts the alignment restrictions on physical address
-@@ -1647,9 +1650,10 @@ config HOTPLUG_CPU
+@@ -1690,9 +1693,10 @@ config HOTPLUG_CPU
Say N if you want to disable CPU hotplug.
config COMPAT_VDSO
Map the 32-bit VDSO to the predictable old-style address too.
diff --git a/arch/x86/Kconfig.cpu b/arch/x86/Kconfig.cpu
-index e3ca7e0..b30b28a 100644
+index 3c57033..22d44aa 100644
--- a/arch/x86/Kconfig.cpu
+++ b/arch/x86/Kconfig.cpu
-@@ -341,7 +341,7 @@ config X86_PPRO_FENCE
+@@ -335,7 +335,7 @@ config X86_PPRO_FENCE
config X86_F00F_BUG
def_bool y
config X86_INVD_BUG
def_bool y
-@@ -365,7 +365,7 @@ config X86_POPAD_OK
+@@ -359,7 +359,7 @@ config X86_POPAD_OK
config X86_ALIGNMENT_16
def_bool y
config X86_INTEL_USERCOPY
def_bool y
-@@ -411,7 +411,7 @@ config X86_CMPXCHG64
+@@ -405,7 +405,7 @@ config X86_CMPXCHG64
# generates cmov.
config X86_CMOV
def_bool y
config X86_MINIMUM_CPU_FAMILY
int
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
-index bf56e17..05f9891 100644
+index e46c214..7c72b55 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
-@@ -81,7 +81,7 @@ config X86_PTDUMP
+@@ -84,7 +84,7 @@ config X86_PTDUMP
config DEBUG_RODATA
bool "Write protect kernel read-only data structures"
default y
---help---
Mark the kernel read-only data as write-protected in the pagetables,
in order to catch accidental (and incorrect) writes to such const
-@@ -99,7 +99,7 @@ config DEBUG_RODATA_TEST
+@@ -102,7 +102,7 @@ config DEBUG_RODATA_TEST
config DEBUG_SET_MODULE_RONX
bool "Set loadable kernel module data as NX and text as RO"
This option helps catch unintended modifications to loadable
kernel module's text and read-only data. It also prevents execution
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
-index b02e509..2631e48 100644
+index 209ba12..15140db 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -46,6 +46,7 @@ else
KBUILD_AFLAGS += -m64
KBUILD_CFLAGS += -m64
-@@ -195,3 +196,12 @@ define archhelp
+@@ -201,3 +202,12 @@ define archhelp
echo ' FDARGS="..." arguments for the booted kernel'
echo ' FDINITRD=file initrd for the booted kernel'
endef
+archprepare:
+ $(if $(LDFLAGS_BUILD_ID),,$(error $(OLD_LD)))
diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
-index 95365a8..52f857b 100644
+index 5a747dd..ff7b12c 100644
--- a/arch/x86/boot/Makefile
+++ b/arch/x86/boot/Makefile
-@@ -63,6 +63,9 @@ KBUILD_CFLAGS := $(LINUXINCLUDE) -g -Os -D_SETUP -D__KERNEL__ \
+@@ -64,6 +64,9 @@ KBUILD_CFLAGS := $(LINUXINCLUDE) -g -Os -D_SETUP -D__KERNEL__ \
$(call cc-option, -fno-stack-protector) \
$(call cc-option, -mpreferred-stack-boundary=2)
KBUILD_CFLAGS += $(call cc-option, -m32)
return diff;
}
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
-index 09664ef..edc5d03 100644
+index fd55a2f..217b501 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -14,6 +14,9 @@ cflags-$(CONFIG_X86_64) := -mcmodel=small
KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__
GCOV_PROFILE := n
diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S
-index 67a655a..b924059 100644
+index c85e3ac..6f5aa80 100644
--- a/arch/x86/boot/compressed/head_32.S
+++ b/arch/x86/boot/compressed/head_32.S
-@@ -76,7 +76,7 @@ ENTRY(startup_32)
+@@ -106,7 +106,7 @@ preferred_addr:
notl %eax
andl %eax, %ebx
#else
#endif
/* Target address to relocate to for decompression */
-@@ -162,7 +162,7 @@ relocated:
+@@ -192,7 +192,7 @@ relocated:
* and where it was actually loaded.
*/
movl %ebp, %ebx
jz 2f /* Nothing to be done if loaded at compiled addr. */
/*
* Process relocations.
-@@ -170,8 +170,7 @@ relocated:
+@@ -200,8 +200,7 @@ relocated:
1: subl $4, %edi
movl (%edi), %ecx
jmp 1b
2:
diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
-index 35af09d..99c9676 100644
+index 87e03a1..0d94c76 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -91,7 +91,7 @@ ENTRY(startup_32)
#endif
/* Target address to relocate to for decompression */
-@@ -233,7 +233,7 @@ ENTRY(startup_64)
+@@ -263,7 +263,7 @@ preferred_addr:
notq %rax
andq %rax, %rbp
#else
/* Target address to relocate to for decompression */
diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
-index 3a19d04..7c1d55a 100644
+index 7116dcb..d9ae1d7 100644
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
@@ -310,7 +310,7 @@ static void parse_elf(void *output)
#else
dest = (void *)(phdr->p_paddr);
#endif
-@@ -363,7 +363,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap,
+@@ -365,7 +365,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap,
error("Destination address too large");
#endif
#ifndef CONFIG_RELOCATABLE
#endif
diff --git a/arch/x86/boot/compressed/relocs.c b/arch/x86/boot/compressed/relocs.c
-index 89bbf4e..869908e 100644
+index e77f4e4..17e511f 100644
--- a/arch/x86/boot/compressed/relocs.c
+++ b/arch/x86/boot/compressed/relocs.c
@@ -13,8 +13,11 @@
rel->r_info = elf32_to_cpu(rel->r_info);
}
}
-@@ -396,14 +440,14 @@ static void read_relocs(FILE *fp)
+@@ -396,13 +440,13 @@ static void read_relocs(FILE *fp)
static void print_absolute_symbols(void)
{
for (i = 0; i < ehdr.e_shnum; i++) {
struct section *sec = &secs[i];
char *sym_strtab;
- Elf32_Sym *sh_symtab;
- int j;
+ unsigned int j;
if (sec->shdr.sh_type != SHT_SYMTAB) {
continue;
-@@ -431,14 +475,14 @@ static void print_absolute_symbols(void)
+@@ -429,14 +473,14 @@ static void print_absolute_symbols(void)
static void print_absolute_relocs(void)
{
if (sec->shdr.sh_type != SHT_REL) {
continue;
}
-@@ -499,13 +543,13 @@ static void print_absolute_relocs(void)
+@@ -497,13 +541,13 @@ static void print_absolute_relocs(void)
static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym))
{
struct section *sec = &secs[i];
if (sec->shdr.sh_type != SHT_REL) {
-@@ -530,6 +574,22 @@ static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym))
+@@ -528,6 +572,22 @@ static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym))
!is_rel_reloc(sym_name(sym_strtab, sym))) {
continue;
}
switch (r_type) {
case R_386_NONE:
case R_386_PC32:
-@@ -571,7 +631,7 @@ static int cmp_relocs(const void *va, const void *vb)
+@@ -569,7 +629,7 @@ static int cmp_relocs(const void *va, const void *vb)
static void emit_relocs(int as_text)
{
/* Count how many relocations I have and allocate space for them. */
reloc_count = 0;
walk_relocs(count_reloc);
-@@ -665,6 +725,7 @@ int main(int argc, char **argv)
+@@ -663,6 +723,7 @@ int main(int argc, char **argv)
fname, strerror(errno));
}
read_ehdr(fp);
err = check_flags();
}
diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
-index bdb4d45..0476680 100644
+index f1bbeeb..aff09cb 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
-@@ -224,7 +224,7 @@ setup_data: .quad 0 # 64-bit physical pointer to
+@@ -372,7 +372,7 @@ setup_data: .quad 0 # 64-bit physical pointer to
# single linked list of
# struct setup_data
ret
+ENDPROC(aesni_ctr_enc)
#endif
+diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
+index 545d0ce..14841a6 100644
+--- a/arch/x86/crypto/aesni-intel_glue.c
++++ b/arch/x86/crypto/aesni-intel_glue.c
+@@ -929,6 +929,8 @@ out_free_ablkcipher:
+ }
+
+ static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key,
++ unsigned int key_len) __size_overflow(3);
++static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key,
+ unsigned int key_len)
+ {
+ int ret = 0;
diff --git a/arch/x86/crypto/blowfish-x86_64-asm_64.S b/arch/x86/crypto/blowfish-x86_64-asm_64.S
index 391d245..67f35c2 100644
--- a/arch/x86/crypto/blowfish-x86_64-asm_64.S
mov %rsi,%rdx
+ pax_force_retaddr
ret
+diff --git a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S
+index 7f24a15..9cd3ffe 100644
+--- a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S
++++ b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S
+@@ -24,6 +24,8 @@
+ *
+ */
+
++#include <asm/alternative-asm.h>
++
+ .file "serpent-sse2-x86_64-asm_64.S"
+ .text
+
+@@ -695,12 +697,14 @@ __serpent_enc_blk_8way:
+ write_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2);
+ write_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2);
+
++ pax_force_retaddr
+ ret;
+
+ __enc_xor8:
+ xor_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2);
+ xor_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2);
+
++ pax_force_retaddr
+ ret;
+
+ .align 8
+@@ -758,4 +762,5 @@ serpent_dec_blk_8way:
+ write_blocks(%rsi, RC1, RD1, RB1, RE1, RK0, RK1, RK2);
+ write_blocks(%rax, RC2, RD2, RB2, RE2, RK0, RK1, RK2);
+
++ pax_force_retaddr
+ ret;
diff --git a/arch/x86/crypto/sha1_ssse3_asm.S b/arch/x86/crypto/sha1_ssse3_asm.S
index b2c2f57..8470cab 100644
--- a/arch/x86/crypto/sha1_ssse3_asm.S
+ pax_force_retaddr 0, 1
ret
diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c
-index fd84387..887aa7e 100644
+index 39e4909..887aa7e 100644
--- a/arch/x86/ia32/ia32_aout.c
+++ b/arch/x86/ia32/ia32_aout.c
@@ -162,6 +162,8 @@ static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file,
fs = get_fs();
set_fs(KERNEL_DS);
has_dumped = 1;
-@@ -315,6 +317,13 @@ static int load_aout_binary(struct linux_binprm *bprm, struct pt_regs *regs)
- current->mm->free_area_cache = TASK_UNMAPPED_BASE;
- current->mm->cached_hole_size = 0;
-
-+ retval = setup_arg_pages(bprm, IA32_STACK_TOP, EXSTACK_DEFAULT);
-+ if (retval < 0) {
-+ /* Someone check-me: is this error path enough? */
-+ send_sig(SIGKILL, current, 0);
-+ return retval;
-+ }
-+
- install_exec_creds(bprm);
- current->flags &= ~PF_FORKNOEXEC;
-
-@@ -410,13 +419,6 @@ beyond_if:
-
- set_brk(current->mm->start_brk, current->mm->brk);
-
-- retval = setup_arg_pages(bprm, IA32_STACK_TOP, EXSTACK_DEFAULT);
-- if (retval < 0) {
-- /* Someone check-me: is this error path enough? */
-- send_sig(SIGKILL, current, 0);
-- return retval;
-- }
--
- current->mm->start_stack =
- (unsigned long)create_aout_tables((char __user *)bprm->p, bprm);
- /* start thread */
diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c
index 6557769..ef6ae89 100644
--- a/arch/x86/ia32/ia32_signal.c
if (err)
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
-index a6253ec..4ad2120 100644
+index e3e7340..05ed805 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
-@@ -13,7 +13,9 @@
+@@ -13,8 +13,10 @@
#include <asm/thread_info.h>
#include <asm/segment.h>
#include <asm/irqflags.h>
+#include <asm/pgtable.h>
#include <linux/linkage.h>
+ #include <linux/err.h>
+#include <asm/alternative-asm.h>
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
#include <linux/elf-em.h>
-@@ -95,6 +97,32 @@ ENTRY(native_irq_enable_sysexit)
+@@ -94,6 +96,32 @@ ENTRY(native_irq_enable_sysexit)
ENDPROC(native_irq_enable_sysexit)
#endif
/*
* 32bit SYSENTER instruction entry.
*
-@@ -121,12 +149,6 @@ ENTRY(ia32_sysenter_target)
+@@ -120,12 +148,6 @@ ENTRY(ia32_sysenter_target)
CFI_REGISTER rsp,rbp
SWAPGS_UNSAFE_STACK
movq PER_CPU_VAR(kernel_stack), %rsp
movl %ebp,%ebp /* zero extension */
pushq_cfi $__USER32_DS
/*CFI_REL_OFFSET ss,0*/
-@@ -134,25 +156,39 @@ ENTRY(ia32_sysenter_target)
+@@ -133,24 +155,39 @@ ENTRY(ia32_sysenter_target)
CFI_REL_OFFSET rsp,0
pushfq_cfi
/*CFI_REL_OFFSET rflags,0*/
-- movl 8*3-THREAD_SIZE+TI_sysenter_return(%rsp), %r10d
+- movl TI_sysenter_return+THREAD_INFO(%rsp,3*8-KERNEL_STACK_OFFSET),%r10d
- CFI_REGISTER rip,r10
+ orl $X86_EFLAGS_IF,(%rsp)
+ GET_THREAD_INFO(%r11)
.section __ex_table,"a"
.quad 1b,ia32_badarg
.previous
-- GET_THREAD_INFO(%r10)
-- orl $TS_COMPAT,TI_status(%r10)
-- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10)
+- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ GET_THREAD_INFO(%r11)
+ orl $TS_COMPAT,TI_status(%r11)
+ testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11)
CFI_REMEMBER_STATE
jnz sysenter_tracesys
cmpq $(IA32_NR_syscalls-1),%rax
-@@ -162,13 +198,15 @@ sysenter_do_call:
+@@ -160,12 +197,15 @@ sysenter_do_call:
sysenter_dispatch:
call *ia32_sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
-- GET_THREAD_INFO(%r10)
+ GET_THREAD_INFO(%r11)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
-- testl $_TIF_ALLWORK_MASK,TI_flags(%r10)
+- testl $_TIF_ALLWORK_MASK,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ testl $_TIF_ALLWORK_MASK,TI_flags(%r11)
jnz sysexit_audit
sysexit_from_sys_call:
-- andl $~TS_COMPAT,TI_status(%r10)
+- andl $~TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ pax_exit_kernel_user
+ pax_erase_kstack
+ andl $~TS_COMPAT,TI_status(%r11)
/* clear IF, that popfq doesn't enable interrupts early */
andl $~0x200,EFLAGS-R11(%rsp)
movl RIP-R11(%rsp),%edx /* User %eip */
-@@ -194,6 +232,9 @@ sysexit_from_sys_call:
+@@ -191,6 +231,9 @@ sysexit_from_sys_call:
movl %eax,%esi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */
- call audit_syscall_entry
+ call __audit_syscall_entry
+
+ pax_erase_kstack
+
movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */
cmpq $(IA32_NR_syscalls-1),%rax
ja ia32_badsys
-@@ -205,7 +246,7 @@ sysexit_from_sys_call:
+@@ -202,7 +245,7 @@ sysexit_from_sys_call:
.endm
.macro auditsys_exit exit
-- testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10)
+- testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r11)
jnz ia32_ret_from_sys_call
TRACE_IRQS_ON
sti
-@@ -215,12 +256,12 @@ sysexit_from_sys_call:
+@@ -213,11 +256,12 @@ sysexit_from_sys_call:
+ 1: setbe %al /* 1 if error, 0 if not */
movzbl %al,%edi /* zero-extend that into %edi */
- inc %edi /* first arg, 0->1(AUDITSC_SUCCESS), 1->2(AUDITSC_FAILURE) */
- call audit_syscall_exit
-- GET_THREAD_INFO(%r10)
+ call __audit_syscall_exit
+ GET_THREAD_INFO(%r11)
- movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall return value */
+ movq RAX-ARGOFFSET(%rsp),%rax /* reload syscall return value */
movl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),%edi
cli
TRACE_IRQS_OFF
-- testl %edi,TI_flags(%r10)
+- testl %edi,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ testl %edi,TI_flags(%r11)
jz \exit
CLEAR_RREGS -ARGOFFSET
jmp int_with_check
-@@ -238,7 +279,7 @@ sysexit_audit:
+@@ -235,7 +279,7 @@ sysexit_audit:
sysenter_tracesys:
#ifdef CONFIG_AUDITSYSCALL
-- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10)
+- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r11)
jz sysenter_auditsys
#endif
SAVE_REST
-@@ -246,6 +287,9 @@ sysenter_tracesys:
+@@ -243,6 +287,9 @@ sysenter_tracesys:
movq $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */
movq %rsp,%rdi /* &pt_regs -> arg1 */
call syscall_trace_enter
LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
RESTORE_REST
cmpq $(IA32_NR_syscalls-1),%rax
-@@ -277,19 +321,20 @@ ENDPROC(ia32_sysenter_target)
+@@ -274,19 +321,20 @@ ENDPROC(ia32_sysenter_target)
ENTRY(ia32_cstar_target)
CFI_STARTPROC32 simple
CFI_SIGNAL_FRAME
movl %eax,%eax /* zero extension */
movq %rax,ORIG_RAX-ARGOFFSET(%rsp)
movq %rcx,RIP-ARGOFFSET(%rsp)
-@@ -305,13 +350,19 @@ ENTRY(ia32_cstar_target)
+@@ -302,12 +350,19 @@ ENTRY(ia32_cstar_target)
/* no need to do an access_ok check here because r8 has been
32bit zero extended */
/* hardware stack frame is complete now */
.section __ex_table,"a"
.quad 1b,ia32_badarg
.previous
-- GET_THREAD_INFO(%r10)
-- orl $TS_COMPAT,TI_status(%r10)
-- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10)
+- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ GET_THREAD_INFO(%r11)
+ orl $TS_COMPAT,TI_status(%r11)
+ testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11)
CFI_REMEMBER_STATE
jnz cstar_tracesys
cmpq $IA32_NR_syscalls-1,%rax
-@@ -321,13 +372,15 @@ cstar_do_call:
+@@ -317,12 +372,15 @@ cstar_do_call:
cstar_dispatch:
call *ia32_sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
-- GET_THREAD_INFO(%r10)
+ GET_THREAD_INFO(%r11)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
-- testl $_TIF_ALLWORK_MASK,TI_flags(%r10)
+- testl $_TIF_ALLWORK_MASK,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ testl $_TIF_ALLWORK_MASK,TI_flags(%r11)
jnz sysretl_audit
sysretl_from_sys_call:
-- andl $~TS_COMPAT,TI_status(%r10)
+- andl $~TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ pax_exit_kernel_user
+ pax_erase_kstack
+ andl $~TS_COMPAT,TI_status(%r11)
RESTORE_ARGS 0,-ARG_SKIP,0,0,0
movl RIP-ARGOFFSET(%rsp),%ecx
CFI_REGISTER rip,rcx
-@@ -355,7 +408,7 @@ sysretl_audit:
+@@ -350,7 +408,7 @@ sysretl_audit:
cstar_tracesys:
#ifdef CONFIG_AUDITSYSCALL
-- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10)
+- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r11)
jz cstar_auditsys
#endif
xchgl %r9d,%ebp
-@@ -364,6 +417,9 @@ cstar_tracesys:
+@@ -359,6 +417,9 @@ cstar_tracesys:
movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */
movq %rsp,%rdi /* &pt_regs -> arg1 */
call syscall_trace_enter
LOAD_ARGS32 ARGOFFSET, 1 /* reload args from stack in case ptrace changed it */
RESTORE_REST
xchgl %ebp,%r9d
-@@ -409,20 +465,21 @@ ENTRY(ia32_syscall)
+@@ -404,19 +465,21 @@ ENTRY(ia32_syscall)
CFI_REL_OFFSET rip,RIP-RIP
PARAVIRT_ADJUST_EXCEPTION_FRAME
SWAPGS
/* note the registers are not zero extended to the sf.
this could be a problem. */
SAVE_ARGS 0,1,0
-- GET_THREAD_INFO(%r10)
-- orl $TS_COMPAT,TI_status(%r10)
-- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10)
+- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ pax_enter_kernel_user
+ /*
+ * No need to follow this irqs on/off section: the syscall
jnz ia32_tracesys
cmpq $(IA32_NR_syscalls-1),%rax
ja ia32_badsys
-@@ -441,6 +498,9 @@ ia32_tracesys:
+@@ -435,6 +498,9 @@ ia32_tracesys:
movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */
movq %rsp,%rdi /* &pt_regs -> arg1 */
call syscall_trace_enter
LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
RESTORE_REST
cmpq $(IA32_NR_syscalls-1),%rax
-@@ -455,6 +515,7 @@ ia32_badsys:
-
- quiet_ni_syscall:
- movq $-ENOSYS,%rax
-+ pax_force_retaddr
- ret
- CFI_ENDPROC
-
diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c
index f6f5c53..b358b28 100644
--- a/arch/x86/ia32/sys_ia32.c
set_fs(old_fs);
diff --git a/arch/x86/include/asm/alternative-asm.h b/arch/x86/include/asm/alternative-asm.h
-index 091508b..7692c6f 100644
+index 952bd01..7692c6f 100644
--- a/arch/x86/include/asm/alternative-asm.h
+++ b/arch/x86/include/asm/alternative-asm.h
-@@ -4,10 +4,10 @@
-
- #ifdef CONFIG_SMP
- .macro LOCK_PREFIX
--1: lock
-+672: lock
- .section .smp_locks,"a"
- .balign 4
-- .long 1b - .
-+ .long 672b - .
- .previous
- .endm
- #else
@@ -15,6 +15,45 @@
.endm
#endif
".previous"
diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h
-index 1a6c09a..fec2432 100644
+index 3ab9bdd..238033e 100644
--- a/arch/x86/include/asm/apic.h
+++ b/arch/x86/include/asm/apic.h
@@ -45,7 +45,7 @@ static inline void generic_apic_probe(void)
/*
* atomic_dec_if_positive - decrement by 1 if old value positive
diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h
-index 24098aa..1e37723 100644
+index fa13f0e..27c2e08 100644
--- a/arch/x86/include/asm/atomic64_32.h
+++ b/arch/x86/include/asm/atomic64_32.h
@@ -12,6 +12,14 @@ typedef struct {
* atomic64_read - read atomic64 variable
* @v: pointer to type atomic64_t
*
-@@ -93,6 +134,22 @@ static inline long long atomic64_read(atomic64_t *v)
+@@ -93,6 +134,22 @@ static inline long long atomic64_read(const atomic64_t *v)
}
/**
#define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h
-index 1775d6e..b65017f 100644
+index b97596e..9bd48b06 100644
--- a/arch/x86/include/asm/bitops.h
+++ b/arch/x86/include/asm/bitops.h
@@ -38,7 +38,7 @@
if (len)
diff --git a/arch/x86/include/asm/cmpxchg.h b/arch/x86/include/asm/cmpxchg.h
-index 5d3acdf..6447a02 100644
+index 99480e5..d81165b 100644
--- a/arch/x86/include/asm/cmpxchg.h
+++ b/arch/x86/include/asm/cmpxchg.h
-@@ -14,6 +14,8 @@ extern void __cmpxchg_wrong_size(void)
+@@ -14,8 +14,12 @@ extern void __cmpxchg_wrong_size(void)
__compiletime_error("Bad argument size for cmpxchg");
extern void __xadd_wrong_size(void)
__compiletime_error("Bad argument size for xadd");
+extern void __xadd_check_overflow_wrong_size(void)
+ __compiletime_error("Bad argument size for xadd_check_overflow");
+ extern void __add_wrong_size(void)
+ __compiletime_error("Bad argument size for add");
++extern void __add_check_overflow_wrong_size(void)
++ __compiletime_error("Bad argument size for add_check_overflow");
/*
* Constants for operation sizes. On 32-bit, the 64-bit size it set to
-@@ -195,6 +197,34 @@ extern void __xadd_wrong_size(void)
+@@ -67,6 +71,34 @@ extern void __add_wrong_size(void)
__ret; \
})
-+#define __xadd_check_overflow(ptr, inc, lock) \
++#define __xchg_op_check_overflow(ptr, arg, op, lock) \
+ ({ \
-+ __typeof__ (*(ptr)) __ret = (inc); \
++ __typeof__ (*(ptr)) __ret = (arg); \
+ switch (sizeof(*(ptr))) { \
+ case __X86_CASE_L: \
-+ asm volatile (lock "xaddl %0, %1\n" \
++ asm volatile (lock #op "l %0, %1\n" \
+ "jno 0f\n" \
+ "mov %0,%1\n" \
+ "int $4\n0:\n" \
+ : : "memory", "cc"); \
+ break; \
+ case __X86_CASE_Q: \
-+ asm volatile (lock "xaddq %q0, %1\n" \
++ asm volatile (lock #op "q %q0, %1\n" \
+ "jno 0f\n" \
+ "mov %0,%1\n" \
+ "int $4\n0:\n" \
+ : : "memory", "cc"); \
+ break; \
+ default: \
-+ __xadd_check_overflow_wrong_size(); \
++ __ ## op ## _check_overflow_wrong_size(); \
+ } \
+ __ret; \
+ })
+
/*
- * xadd() adds "inc" to "*ptr" and atomically returns the previous
- * value of "*ptr".
-@@ -207,4 +237,6 @@ extern void __xadd_wrong_size(void)
+ * Note: no "lock" prefix even on SMP: xchg always implies lock anyway.
+ * Since this is generally used to protect other memory information, we
+@@ -167,6 +199,9 @@ extern void __add_wrong_size(void)
#define xadd_sync(ptr, inc) __xadd((ptr), (inc), "lock; ")
#define xadd_local(ptr, inc) __xadd((ptr), (inc), "")
-+#define xadd_check_overflow(ptr, inc) __xadd_check_overflow((ptr), (inc), LOCK_PREFIX)
++#define __xadd_check_overflow(ptr, inc, lock) __xchg_op_check_overflow((ptr), (inc), xadd, lock)
++#define xadd_check_overflow(ptr, inc) __xadd_check_overflow((ptr), (inc), LOCK_PREFIX)
+
- #endif /* ASM_X86_CMPXCHG_H */
+ #define __add(ptr, inc, lock) \
+ ({ \
+ __typeof__ (*(ptr)) __ret = (inc); \
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
-index f3444f7..051a196 100644
+index 8d67d42..183d0eb 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
-@@ -363,7 +363,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit)
+@@ -367,7 +367,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit)
".section .discard,\"aw\",@progbits\n"
" .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */
".previous\n"
"4:\n"
".previous\n"
diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h
-index 41935fa..3b40db8 100644
+index e95822d..a90010e 100644
--- a/arch/x86/include/asm/desc.h
+++ b/arch/x86/include/asm/desc.h
@@ -4,6 +4,7 @@
desc->s = 1;
desc->dpl = 0x3;
-@@ -34,17 +36,12 @@ static inline void fill_ldt(struct desc_struct *desc, const struct user_desc *in
+@@ -34,19 +36,14 @@ static inline void fill_ldt(struct desc_struct *desc, const struct user_desc *in
}
extern struct desc_ptr idt_descr;
-extern gate_desc idt_table[];
+ extern struct desc_ptr nmi_idt_descr;
+-extern gate_desc nmi_idt_table[];
-
-struct gdt_page {
- struct desc_struct gdt[GDT_ENTRIES];
-
-DECLARE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page);
+extern gate_desc idt_table[256];
++extern gate_desc nmi_idt_table[256];
+extern struct desc_struct cpu_gdt_table[NR_CPUS][PAGE_SIZE / sizeof(struct desc_struct)];
static inline struct desc_struct *get_cpu_gdt_table(unsigned int cpu)
}
#ifdef CONFIG_X86_64
-@@ -69,8 +66,14 @@ static inline void pack_gate(gate_desc *gate, unsigned char type,
+@@ -71,8 +68,14 @@ static inline void pack_gate(gate_desc *gate, unsigned char type,
unsigned long base, unsigned dpl, unsigned flags,
unsigned short seg)
{
}
#endif
-@@ -115,12 +118,16 @@ static inline void paravirt_free_ldt(struct desc_struct *ldt, unsigned entries)
+@@ -117,12 +120,16 @@ static inline void paravirt_free_ldt(struct desc_struct *ldt, unsigned entries)
static inline void native_write_idt_entry(gate_desc *idt, int entry, const gate_desc *gate)
{
}
static inline void
-@@ -134,7 +141,9 @@ native_write_gdt_entry(struct desc_struct *gdt, int entry, const void *desc, int
+@@ -136,7 +143,9 @@ native_write_gdt_entry(struct desc_struct *gdt, int entry, const void *desc, int
default: size = sizeof(*gdt); break;
}
}
static inline void pack_descriptor(struct desc_struct *desc, unsigned long base,
-@@ -207,7 +216,9 @@ static inline void native_set_ldt(const void *addr, unsigned int entries)
+@@ -209,7 +218,9 @@ static inline void native_set_ldt(const void *addr, unsigned int entries)
static inline void native_load_tr_desc(void)
{
}
static inline void native_load_gdt(const struct desc_ptr *dtr)
-@@ -244,8 +255,10 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu)
+@@ -246,8 +257,10 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu)
struct desc_struct *gdt = get_cpu_gdt_table(cpu);
unsigned int i;
}
#define _LDT_empty(info) \
-@@ -307,7 +320,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit)
- desc->limit = (limit >> 16) & 0xf;
+@@ -310,7 +323,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit)
}
+ #ifdef CONFIG_X86_64
+-static inline void set_nmi_gate(int gate, void *addr)
++static inline void set_nmi_gate(int gate, const void *addr)
+ {
+ gate_desc s;
+
+@@ -319,7 +332,7 @@ static inline void set_nmi_gate(int gate, void *addr)
+ }
+ #endif
+
-static inline void _set_gate(int gate, unsigned type, void *addr,
+static inline void _set_gate(int gate, unsigned type, const void *addr,
unsigned dpl, unsigned ist, unsigned seg)
{
gate_desc s;
-@@ -326,7 +339,7 @@ static inline void _set_gate(int gate, unsigned type, void *addr,
+@@ -338,7 +351,7 @@ static inline void _set_gate(int gate, unsigned type, void *addr,
* Pentium F0 0F bugfix can have resulted in the mapped
* IDT being write-protected.
*/
{
BUG_ON((unsigned)n > 0xFF);
_set_gate(n, GATE_INTERRUPT, addr, 0, 0, __KERNEL_CS);
-@@ -356,19 +369,19 @@ static inline void alloc_intr_gate(unsigned int n, void *addr)
+@@ -368,19 +381,19 @@ static inline void alloc_intr_gate(unsigned int n, void *addr)
/*
* This routine sets up an interrupt gate at directory privilege level 3.
*/
{
BUG_ON((unsigned)n > 0xFF);
_set_gate(n, GATE_TRAP, addr, 0, 0, __KERNEL_CS);
-@@ -377,19 +390,31 @@ static inline void set_trap_gate(unsigned int n, void *addr)
+@@ -389,19 +402,31 @@ static inline void set_trap_gate(unsigned int n, void *addr)
static inline void set_task_gate(unsigned int n, unsigned int gdt_entry)
{
BUG_ON((unsigned)n > 0xFF);
} __attribute__((packed));
diff --git a/arch/x86/include/asm/e820.h b/arch/x86/include/asm/e820.h
-index 908b969..a1f4eb4 100644
+index 3778256..c5d4fce 100644
--- a/arch/x86/include/asm/e820.h
+++ b/arch/x86/include/asm/e820.h
@@ -69,7 +69,7 @@ struct e820map {
/* EISA */
extern void eisa_set_level_irq(unsigned int irq);
diff --git a/arch/x86/include/asm/i387.h b/arch/x86/include/asm/i387.h
-index a850b4d..bae26dc 100644
+index 2479049..3fb9795 100644
--- a/arch/x86/include/asm/i387.h
+++ b/arch/x86/include/asm/i387.h
-@@ -92,6 +92,11 @@ static inline int fxrstor_checking(struct i387_fxsave_struct *fx)
+@@ -93,6 +93,11 @@ static inline int fxrstor_checking(struct i387_fxsave_struct *fx)
{
int err;
/* See comment in fxsave() below. */
#ifdef CONFIG_AS_FXSAVEQ
asm volatile("1: fxrstorq %[fx]\n\t"
-@@ -121,6 +126,11 @@ static inline int fxsave_user(struct i387_fxsave_struct __user *fx)
+@@ -122,6 +127,11 @@ static inline int fxsave_user(struct i387_fxsave_struct __user *fx)
{
int err;
/*
* Clear the bytes not touched by the fxsave and reserved
* for the SW usage.
-@@ -424,7 +434,7 @@ static inline bool interrupted_kernel_fpu_idle(void)
+@@ -278,7 +288,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk)
+ "emms\n\t" /* clear stack tags */
+ "fildl %P[addr]", /* set F?P to defined value */
+ X86_FEATURE_FXSAVE_LEAK,
+- [addr] "m" (tsk->thread.fpu.has_fpu));
++ [addr] "m" (init_tss[smp_processor_id()].x86_tss.sp0));
+
+ return fpu_restore_checking(&tsk->thread.fpu);
+ }
+@@ -445,7 +455,7 @@ static inline bool interrupted_kernel_fpu_idle(void)
static inline bool interrupted_user_mode(void)
{
struct pt_regs *regs = get_irq_regs();
#define flush_insn_slot(p) do { } while (0)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
-index b4973f4..a42170a 100644
+index 52d6640..136b3bd 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
-@@ -459,7 +459,7 @@ struct kvm_arch {
- unsigned int n_requested_mmu_pages;
- unsigned int n_max_mmu_pages;
- unsigned int indirect_shadow_pages;
-- atomic_t invlpg_counter;
-+ atomic_unchecked_t invlpg_counter;
- struct hlist_head mmu_page_hash[KVM_NUM_MMU_PAGES];
- /*
- * Hash table of struct kvm_mmu_page.
-@@ -638,7 +638,7 @@ struct kvm_x86_ops {
+@@ -663,7 +663,7 @@ struct kvm_x86_ops {
int (*check_intercept)(struct kvm_vcpu *vcpu,
struct x86_instruction_info *info,
enum x86_intercept_stage stage);
struct kvm_arch_async_pf {
u32 token;
-@@ -667,9 +667,9 @@ void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned int kvm_nr_mmu_pages);
+@@ -694,7 +694,7 @@ void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned int kvm_nr_mmu_pages);
int load_pdptrs(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, unsigned long cr3);
int emulator_write_phys(struct kvm_vcpu *vcpu, gpa_t gpa,
- const void *val, int bytes);
+ const void *val, int bytes) __size_overflow(2);
- int kvm_pv_mmu_op(struct kvm_vcpu *vcpu, unsigned long bytes,
-- gpa_t addr, unsigned long *ret);
-+ gpa_t addr, unsigned long *ret) __size_overflow(2,3);
u8 kvm_get_guest_memory_type(struct kvm_vcpu *vcpu, gfn_t gfn);
extern bool tdp_enabled;
-@@ -730,7 +730,7 @@ void kvm_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l);
- int kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr);
+@@ -781,7 +781,7 @@ int fx_init(struct kvm_vcpu *vcpu);
- int kvm_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata);
--int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data);
-+int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data) __size_overflow(3);
-
- unsigned long kvm_get_rflags(struct kvm_vcpu *vcpu);
- void kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags);
-@@ -755,7 +755,7 @@ int fx_init(struct kvm_vcpu *vcpu);
void kvm_mmu_flush_tlb(struct kvm_vcpu *vcpu);
void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
- const u8 *new, int bytes,
-- bool guest_initiated);
-+ bool guest_initiated) __size_overflow(2);
+- const u8 *new, int bytes);
++ const u8 *new, int bytes) __size_overflow(2);
+ int kvm_mmu_unprotect_page(struct kvm *kvm, gfn_t gfn);
int kvm_mmu_unprotect_page_virt(struct kvm_vcpu *vcpu, gva_t gva);
void __kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu);
- int kvm_mmu_load(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/include/asm/local.h b/arch/x86/include/asm/local.h
index 9cdae5d..300d20f 100644
--- a/arch/x86/include/asm/local.h
/* This contains all the paravirt structures: we get a convenient
* number for each function using the offset which we use to indicate
diff --git a/arch/x86/include/asm/pgalloc.h b/arch/x86/include/asm/pgalloc.h
-index b4389a4..b7ff22c 100644
+index b4389a4..7024269 100644
--- a/arch/x86/include/asm/pgalloc.h
+++ b/arch/x86/include/asm/pgalloc.h
@@ -63,6 +63,13 @@ static inline void pmd_populate_kernel(struct mm_struct *mm,
set_pmd(pmd, __pmd(__pa(pte) | _PAGE_TABLE));
}
+@@ -99,12 +106,22 @@ static inline void __pmd_free_tlb(struct mmu_gather *tlb, pmd_t *pmd,
+
+ #ifdef CONFIG_X86_PAE
+ extern void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd);
++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd)
++{
++ pud_populate(mm, pudp, pmd);
++}
+ #else /* !CONFIG_X86_PAE */
+ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
+ {
+ paravirt_alloc_pmd(mm, __pa(pmd) >> PAGE_SHIFT);
+ set_pud(pud, __pud(_PAGE_TABLE | __pa(pmd)));
+ }
++
++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
++{
++ paravirt_alloc_pmd(mm, __pa(pmd) >> PAGE_SHIFT);
++ set_pud(pud, __pud(_KERNPG_TABLE | __pa(pmd)));
++}
+ #endif /* CONFIG_X86_PAE */
+
+ #if PAGETABLE_LEVELS > 3
+@@ -114,6 +131,12 @@ static inline void pgd_populate(struct mm_struct *mm, pgd_t *pgd, pud_t *pud)
+ set_pgd(pgd, __pgd(_PAGE_TABLE | __pa(pud)));
+ }
+
++static inline void pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pud_t *pud)
++{
++ paravirt_alloc_pud(mm, __pa(pud) >> PAGE_SHIFT);
++ set_pgd(pgd, __pgd(_KERNPG_TABLE | __pa(pud)));
++}
++
+ static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr)
+ {
+ return (pud_t *)get_zeroed_page(GFP_KERNEL|__GFP_REPEAT);
diff --git a/arch/x86/include/asm/pgtable-2level.h b/arch/x86/include/asm/pgtable-2level.h
index 98391db..8f6984e 100644
--- a/arch/x86/include/asm/pgtable-2level.h
/*
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
-index 18601c8..3d716d1 100644
+index 49afb3f..ed14d07 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page);
#define MODULES_END VMALLOC_END
#define MODULES_LEN (MODULES_VADDR - MODULES_END)
diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h
-index 975f709..107976d 100644
+index 975f709..9f779c9 100644
--- a/arch/x86/include/asm/pgtable_64.h
+++ b/arch/x86/include/asm/pgtable_64.h
@@ -16,10 +16,14 @@
}
static inline void native_pmd_clear(pmd_t *pmd)
-@@ -107,6 +113,13 @@ static inline void native_pud_clear(pud_t *pud)
+@@ -97,7 +103,9 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp)
+
+ static inline void native_set_pud(pud_t *pudp, pud_t pud)
+ {
++ pax_open_kernel();
+ *pudp = pud;
++ pax_close_kernel();
+ }
+
+ static inline void native_pud_clear(pud_t *pud)
+@@ -107,6 +115,13 @@ static inline void native_pud_clear(pud_t *pud)
static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd)
{
#define pgprot_writecombine pgprot_writecombine
extern pgprot_t pgprot_writecombine(pgprot_t prot);
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
-index bb3ee36..781a6b8 100644
+index 58545c9..fe6fc38e 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
-@@ -268,7 +268,7 @@ struct tss_struct {
+@@ -266,7 +266,7 @@ struct tss_struct {
} ____cacheline_aligned;
/*
* Save the original ist values for checking stack pointers during debugging
-@@ -861,11 +861,18 @@ static inline void spin_lock_prefetch(const void *x)
+@@ -860,11 +860,18 @@ static inline void spin_lock_prefetch(const void *x)
*/
#define TASK_SIZE PAGE_OFFSET
#define TASK_SIZE_MAX TASK_SIZE
.vm86_info = NULL, \
.sysenter_cs = __KERNEL_CS, \
.io_bitmap_ptr = NULL, \
-@@ -879,7 +886,7 @@ static inline void spin_lock_prefetch(const void *x)
+@@ -878,7 +885,7 @@ static inline void spin_lock_prefetch(const void *x)
*/
#define INIT_TSS { \
.x86_tss = { \
.ss0 = __KERNEL_DS, \
.ss1 = __KERNEL_CS, \
.io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \
-@@ -890,11 +897,7 @@ static inline void spin_lock_prefetch(const void *x)
+@@ -889,11 +896,7 @@ static inline void spin_lock_prefetch(const void *x)
extern unsigned long thread_saved_pc(struct task_struct *tsk);
#define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long))
/*
* The below -8 is to reserve 8 bytes on top of the ring0 stack.
-@@ -909,7 +912,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -908,7 +911,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
#define task_pt_regs(task) \
({ \
struct pt_regs *__regs__; \
__regs__ - 1; \
})
-@@ -919,13 +922,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -918,13 +921,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
/*
* User space process size. 47bits minus one guard page.
*/
#define TASK_SIZE (test_thread_flag(TIF_IA32) ? \
IA32_PAGE_OFFSET : TASK_SIZE_MAX)
-@@ -936,11 +939,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -935,11 +938,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
#define STACK_TOP_MAX TASK_SIZE_MAX
#define INIT_THREAD { \
}
/*
-@@ -962,6 +965,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
+@@ -961,6 +964,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
*/
#define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3))
#define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS*8+3)
#define __USER_CS (GDT_ENTRY_DEFAULT_USER_CS*8+3)
diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h
-index 73b11bc..d4a3b63 100644
+index 0434c40..1714bf0 100644
--- a/arch/x86/include/asm/smp.h
+++ b/arch/x86/include/asm/smp.h
@@ -36,7 +36,7 @@ DECLARE_PER_CPU(cpumask_var_t, cpu_core_map);
#endif
diff --git a/arch/x86/include/asm/spinlock.h b/arch/x86/include/asm/spinlock.h
-index 972c260..43ab1fd 100644
+index a82c2bf..2198f61 100644
--- a/arch/x86/include/asm/spinlock.h
+++ b/arch/x86/include/asm/spinlock.h
-@@ -188,6 +188,14 @@ static inline int arch_write_can_lock(arch_rwlock_t *lock)
+@@ -175,6 +175,14 @@ static inline int arch_write_can_lock(arch_rwlock_t *lock)
static inline void arch_read_lock(arch_rwlock_t *rw)
{
asm volatile(LOCK_PREFIX READ_LOCK_SIZE(dec) " (%0)\n\t"
"jns 1f\n"
"call __read_lock_failed\n\t"
"1:\n"
-@@ -197,6 +205,14 @@ static inline void arch_read_lock(arch_rwlock_t *rw)
+@@ -184,6 +192,14 @@ static inline void arch_read_lock(arch_rwlock_t *rw)
static inline void arch_write_lock(arch_rwlock_t *rw)
{
asm volatile(LOCK_PREFIX WRITE_LOCK_SUB(%1) "(%0)\n\t"
"jz 1f\n"
"call __write_lock_failed\n\t"
"1:\n"
-@@ -226,13 +242,29 @@ static inline int arch_write_trylock(arch_rwlock_t *lock)
+@@ -213,13 +229,29 @@ static inline int arch_write_trylock(arch_rwlock_t *lock)
static inline void arch_read_unlock(arch_rwlock_t *rw)
{
/*
* Force strict CPU ordering.
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
-index d7ef849..6af292e 100644
+index cfd8144..664ac89 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -10,6 +10,7 @@
struct exec_domain *exec_domain; /* execution domain */
__u32 flags; /* low level flags */
__u32 status; /* thread synchronous flags */
-@@ -34,18 +34,12 @@ struct thread_info {
+@@ -34,19 +34,13 @@ struct thread_info {
mm_segment_t addr_limit;
struct restart_block restart_block;
void __user *sysenter_return;
- __u8 supervisor_stack[0];
-#endif
+ unsigned long lowest_stack;
- int uaccess_err;
+ unsigned int sig_on_uaccess_error:1;
+ unsigned int uaccess_err:1; /* uaccess failed */
};
-#define INIT_THREAD_INFO(tsk) \
.exec_domain = &default_exec_domain, \
.flags = 0, \
.cpu = 0, \
-@@ -56,7 +50,7 @@ struct thread_info {
+@@ -57,7 +51,7 @@ struct thread_info {
}, \
}
#define init_stack (init_thread_union.stack)
#else /* !__ASSEMBLY__ */
-@@ -170,45 +164,40 @@ struct thread_info {
+@@ -95,6 +89,7 @@ struct thread_info {
+ #define TIF_BLOCKSTEP 25 /* set when we want DEBUGCTLMSR_BTF */
+ #define TIF_LAZY_MMU_UPDATES 27 /* task is updating the mmu lazily */
+ #define TIF_SYSCALL_TRACEPOINT 28 /* syscall tracepoint instrumentation */
++#define TIF_GRSEC_SETXID 29 /* update credentials on syscall entry/exit */
+
+ #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE)
+ #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME)
+@@ -116,16 +111,17 @@ struct thread_info {
+ #define _TIF_BLOCKSTEP (1 << TIF_BLOCKSTEP)
+ #define _TIF_LAZY_MMU_UPDATES (1 << TIF_LAZY_MMU_UPDATES)
+ #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT)
++#define _TIF_GRSEC_SETXID (1 << TIF_GRSEC_SETXID)
+
+ /* work to do in syscall_trace_enter() */
+ #define _TIF_WORK_SYSCALL_ENTRY \
+ (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_EMU | _TIF_SYSCALL_AUDIT | \
+- _TIF_SECCOMP | _TIF_SINGLESTEP | _TIF_SYSCALL_TRACEPOINT)
++ _TIF_SECCOMP | _TIF_SINGLESTEP | _TIF_SYSCALL_TRACEPOINT | _TIF_GRSEC_SETXID)
+
+ /* work to do in syscall_trace_leave() */
+ #define _TIF_WORK_SYSCALL_EXIT \
+ (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_SINGLESTEP | \
+- _TIF_SYSCALL_TRACEPOINT)
++ _TIF_SYSCALL_TRACEPOINT | _TIF_GRSEC_SETXID)
+
+ /* work to do on interrupt/exception return */
+ #define _TIF_WORK_MASK \
+@@ -135,7 +131,8 @@ struct thread_info {
+
+ /* work to do on any return to user space */
+ #define _TIF_ALLWORK_MASK \
+- ((0x0000FFFF & ~_TIF_SECCOMP) | _TIF_SYSCALL_TRACEPOINT)
++ ((0x0000FFFF & ~_TIF_SECCOMP) | _TIF_SYSCALL_TRACEPOINT | \
++ _TIF_GRSEC_SETXID)
+
+ /* Only used for 64 bit */
+ #define _TIF_DO_NOTIFY_MASK \
+@@ -169,45 +166,40 @@ struct thread_info {
ret; \
})
/*
* macros/functions for gaining access to the thread information structure
* preempt_count needs to be 1 initially, until the scheduler is functional.
-@@ -216,21 +205,8 @@ static inline struct thread_info *current_thread_info(void)
+@@ -215,27 +207,8 @@ static inline struct thread_info *current_thread_info(void)
#ifndef __ASSEMBLY__
DECLARE_PER_CPU(unsigned long, kernel_stack);
- movq PER_CPU_VAR(kernel_stack),reg ; \
- subq $(THREAD_SIZE-KERNEL_STACK_OFFSET),reg
-
+-/*
+- * Same if PER_CPU_VAR(kernel_stack) is, perhaps with some offset, already in
+- * a certain register (to be used in assembler memory operands).
+- */
+-#define THREAD_INFO(reg, off) KERNEL_STACK_OFFSET+(off)-THREAD_SIZE(reg)
+-
+/* how to get the current stack pointer from C */
+register unsigned long current_stack_pointer asm("rsp") __used;
#endif
#endif /* !X86_32 */
-@@ -264,5 +240,16 @@ extern void arch_task_cache_init(void);
+@@ -269,5 +242,16 @@ extern void arch_task_cache_init(void);
extern void free_thread_info(struct thread_info *ti);
extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src);
#define arch_task_cache_init arch_task_cache_init
#endif
#endif /* _ASM_X86_THREAD_INFO_H */
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
-index 36361bf..324f262 100644
+index 8be5f54..7ae826d 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -7,12 +7,15 @@
#endif
diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h
-index 1971e65..1e3559b 100644
+index a609c39..7a68dc7 100644
--- a/arch/x86/include/asm/x86_init.h
+++ b/arch/x86/include/asm/x86_init.h
-@@ -28,7 +28,7 @@ struct x86_init_mpparse {
+@@ -29,7 +29,7 @@ struct x86_init_mpparse {
void (*mpc_oem_bus_info)(struct mpc_bus *m, char *name);
void (*find_smp_config)(void);
void (*get_smp_config)(unsigned int early);
/**
* struct x86_init_resources - platform specific resource related ops
-@@ -42,7 +42,7 @@ struct x86_init_resources {
+@@ -43,7 +43,7 @@ struct x86_init_resources {
void (*probe_roms)(void);
void (*reserve_resources)(void);
char *(*memory_setup)(void);
/**
* struct x86_init_irqs - platform specific interrupt setup
-@@ -55,7 +55,7 @@ struct x86_init_irqs {
+@@ -56,7 +56,7 @@ struct x86_init_irqs {
void (*pre_vector_init)(void);
void (*intr_init)(void);
void (*trap_init)(void);
/**
* struct x86_init_oem - oem platform specific customizing functions
-@@ -65,7 +65,7 @@ struct x86_init_irqs {
+@@ -66,7 +66,7 @@ struct x86_init_irqs {
struct x86_init_oem {
void (*arch_setup)(void);
void (*banner)(void);
/**
* struct x86_init_mapping - platform specific initial kernel pagetable setup
-@@ -76,7 +76,7 @@ struct x86_init_oem {
+@@ -77,7 +77,7 @@ struct x86_init_oem {
*/
struct x86_init_mapping {
void (*pagetable_reserve)(u64 start, u64 end);
/**
* struct x86_init_paging - platform specific paging functions
-@@ -86,7 +86,7 @@ struct x86_init_mapping {
+@@ -87,7 +87,7 @@ struct x86_init_mapping {
struct x86_init_paging {
void (*pagetable_setup_start)(pgd_t *base);
void (*pagetable_setup_done)(pgd_t *base);
/**
* struct x86_init_timers - platform specific timer setup
-@@ -101,7 +101,7 @@ struct x86_init_timers {
+@@ -102,7 +102,7 @@ struct x86_init_timers {
void (*tsc_pre_init)(void);
void (*timer_init)(void);
void (*wallclock_init)(void);
/**
* struct x86_init_iommu - platform specific iommu setup
-@@ -109,7 +109,7 @@ struct x86_init_timers {
+@@ -110,7 +110,7 @@ struct x86_init_timers {
*/
struct x86_init_iommu {
int (*iommu_init)(void);
/**
* struct x86_init_pci - platform specific pci init functions
-@@ -123,7 +123,7 @@ struct x86_init_pci {
+@@ -124,7 +124,7 @@ struct x86_init_pci {
int (*init)(void);
void (*init_irq)(void);
void (*fixup_irqs)(void);
/**
* struct x86_init_ops - functions for platform specific setup
-@@ -139,7 +139,7 @@ struct x86_init_ops {
+@@ -140,7 +140,7 @@ struct x86_init_ops {
struct x86_init_timers timers;
struct x86_init_iommu iommu;
struct x86_init_pci pci;
/**
* struct x86_cpuinit_ops - platform specific cpu hotplug setups
-@@ -147,7 +147,7 @@ struct x86_init_ops {
- */
+@@ -149,7 +149,7 @@ struct x86_init_ops {
struct x86_cpuinit_ops {
void (*setup_percpu_clockev)(void);
+ void (*fixup_cpu_id)(struct cpuinfo_x86 *c, int node);
-};
+} __no_const;
/**
* struct x86_platform_ops - platform specific runtime functions
-@@ -169,7 +169,7 @@ struct x86_platform_ops {
+@@ -171,7 +171,7 @@ struct x86_platform_ops {
void (*nmi_init)(void);
unsigned char (*get_nmi_reason)(void);
int (*i8042_detect)(void);
struct pci_dev;
-@@ -177,7 +177,7 @@ struct x86_msi_ops {
- int (*setup_msi_irqs)(struct pci_dev *dev, int nvec, int type);
+@@ -180,7 +180,7 @@ struct x86_msi_ops {
void (*teardown_msi_irq)(unsigned int irq);
void (*teardown_msi_irqs)(struct pci_dev *dev);
+ void (*restore_msi_irqs)(struct pci_dev *dev, int irq);
-};
+} __no_const;
}
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
-index f98d84c..e402a69 100644
+index 5b3f88e..61232b4 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
-@@ -174,7 +174,7 @@ int first_system_vector = 0xfe;
+@@ -184,7 +184,7 @@ int first_system_vector = 0xfe;
/*
* Debug level, exported for io_apic.c
*/
int pic_mode;
-@@ -1853,7 +1853,7 @@ void smp_error_interrupt(struct pt_regs *regs)
+@@ -1912,7 +1912,7 @@ void smp_error_interrupt(struct pt_regs *regs)
apic_write(APIC_ESR, 0);
v1 = apic_read(APIC_ESR);
ack_APIC_irq();
apic_printk(APIC_DEBUG, KERN_DEBUG "APIC error on CPU%d: %02x(%02x)",
smp_processor_id(), v0 , v1);
diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
-index 6d939d7..0697fcc 100644
+index fb07275..e06bb59 100644
--- a/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
@@ -1096,7 +1096,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, int slot, int pin,
eoi_ioapic_irq(irq, cfg);
}
diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c
-index a46bd38..6b906d7 100644
+index f76623c..aab694f 100644
--- a/arch/x86/kernel/apm_32.c
+++ b/arch/x86/kernel/apm_32.c
@@ -411,7 +411,7 @@ static DEFINE_MUTEX(apm_mutex);
proc_create("apm", 0, NULL, &apm_file_ops);
diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c
-index 4f13faf..87db5d2 100644
+index 68de2dc..1f3c720 100644
--- a/arch/x86/kernel/asm-offsets.c
+++ b/arch/x86/kernel/asm-offsets.c
@@ -33,6 +33,8 @@ void common(void) {
BLANK();
OFFSET(XEN_vcpu_info_mask, vcpu_info, evtchn_upcall_mask);
diff --git a/arch/x86/kernel/asm-offsets_64.c b/arch/x86/kernel/asm-offsets_64.c
-index e72a119..6e2955d 100644
+index 834e897..dacddc8 100644
--- a/arch/x86/kernel/asm-offsets_64.c
+++ b/arch/x86/kernel/asm-offsets_64.c
-@@ -69,6 +69,7 @@ int main(void)
+@@ -70,6 +70,7 @@ int main(void)
BLANK();
#undef ENTRY
obj-y += proc.o capflags.o powerflags.o common.o
obj-y += vmware.o hypervisor.o sched.o mshyperv.o
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
-index 0bab2b1..d0a1bf8 100644
+index 80ab83d..0a7b34e 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
-@@ -664,7 +664,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c,
+@@ -670,7 +670,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c,
unsigned int size)
{
/* AMD errata T13 (order #21922) */
if (c->x86_model == 3 && c->x86_mask == 0)
size = 64;
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index aa003b1..47ea638 100644
+index 1a810e4..9fa8201 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -84,60 +84,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = {
gdt_descr.size = GDT_SIZE - 1;
load_gdt(&gdt_descr);
/* Reload the per-cpu base */
-@@ -844,6 +790,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
+@@ -839,6 +785,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
/* Filter out anything that depends on CPUID levels we don't have */
filter_cpuid_features(c, true);
/* If the model name is still unset, do table lookup. */
if (!c->x86_model_id[0]) {
const char *p;
-@@ -1024,6 +974,9 @@ static __init int setup_disablecpuid(char *arg)
+@@ -1019,10 +969,12 @@ static __init int setup_disablecpuid(char *arg)
}
__setup("clearcpuid=", setup_disablecpuid);
+
#ifdef CONFIG_X86_64
struct desc_ptr idt_descr = { NR_VECTORS * 16 - 1, (unsigned long) idt_table };
+-struct desc_ptr nmi_idt_descr = { NR_VECTORS * 16 - 1,
+- (unsigned long) nmi_idt_table };
++struct desc_ptr nmi_idt_descr = { NR_VECTORS * 16 - 1, (unsigned long) nmi_idt_table };
-@@ -1039,7 +992,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned =
+ DEFINE_PER_CPU_FIRST(union irq_stack_union,
+ irq_stack_union) __aligned(PAGE_SIZE);
+@@ -1036,7 +988,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned =
EXPORT_PER_CPU_SYMBOL(current_task);
DEFINE_PER_CPU(unsigned long, kernel_stack) =
EXPORT_PER_CPU_SYMBOL(kernel_stack);
DEFINE_PER_CPU(char *, irq_stack_ptr) =
-@@ -1104,7 +1057,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs)
+@@ -1126,7 +1078,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs)
{
memset(regs, 0, sizeof(struct pt_regs));
regs->fs = __KERNEL_PERCPU;
return regs;
}
-@@ -1159,7 +1112,7 @@ void __cpuinit cpu_init(void)
+@@ -1181,7 +1133,7 @@ void __cpuinit cpu_init(void)
int i;
cpu = stack_smp_processor_id();
oist = &per_cpu(orig_ist, cpu);
#ifdef CONFIG_NUMA
-@@ -1185,7 +1138,7 @@ void __cpuinit cpu_init(void)
+@@ -1207,7 +1159,7 @@ void __cpuinit cpu_init(void)
switch_to_new_gdt(cpu);
loadsegment(fs, 0);
memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8);
syscall_init();
-@@ -1194,7 +1147,6 @@ void __cpuinit cpu_init(void)
+@@ -1216,7 +1168,6 @@ void __cpuinit cpu_init(void)
wrmsrl(MSR_KERNEL_GS_BASE, 0);
barrier();
if (cpu != 0)
enable_x2apic();
-@@ -1248,7 +1200,7 @@ void __cpuinit cpu_init(void)
+@@ -1272,7 +1223,7 @@ void __cpuinit cpu_init(void)
{
int cpu = smp_processor_id();
struct task_struct *curr = current;
if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) {
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
-index 5231312..a78a987 100644
+index 3e6ff6c..54b4992 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -174,7 +174,7 @@ static void __cpuinit trap_init_f00f_bug(void)
}
#endif
diff --git a/arch/x86/kernel/cpu/mcheck/mce-inject.c b/arch/x86/kernel/cpu/mcheck/mce-inject.c
-index 319882e..993534e 100644
+index fc4beb3..f20a5a7 100644
--- a/arch/x86/kernel/cpu/mcheck/mce-inject.c
+++ b/arch/x86/kernel/cpu/mcheck/mce-inject.c
-@@ -173,6 +173,8 @@ static void raise_mce(struct mce *m)
+@@ -199,6 +199,8 @@ static void raise_mce(struct mce *m)
/* Error injection interface */
static ssize_t mce_write(struct file *filp, const char __user *ubuf,
{
struct mce m;
diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
-index 2af127d..8ff7ac0 100644
+index 5a11ae2..a1a1c8a 100644
--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -42,6 +42,7 @@
#include "mce-internal.h"
-@@ -202,7 +203,7 @@ static void print_mce(struct mce *m)
+@@ -250,7 +251,7 @@ static void print_mce(struct mce *m)
!(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "",
m->cs, m->ip);
print_symbol("{%s}", m->ip);
pr_cont("\n");
}
-@@ -235,10 +236,10 @@ static void print_mce(struct mce *m)
+@@ -283,10 +284,10 @@ static void print_mce(struct mce *m)
#define PANIC_TIMEOUT 5 /* 5 seconds */
/* Panic in progress. Enable interrupts and wait for final IPI */
static void wait_for_panic(void)
-@@ -262,7 +263,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp)
+@@ -310,7 +311,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp)
/*
* Make sure only one CPU runs in machine check panic
*/
wait_for_panic();
barrier();
-@@ -270,7 +271,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp)
+@@ -318,7 +319,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp)
console_verbose();
} else {
/* Don't log too much for fake panic */
return;
}
/* First print corrected ones that are still unlogged */
-@@ -610,7 +611,7 @@ static int mce_timed_out(u64 *t)
+@@ -658,7 +659,7 @@ static int mce_timed_out(u64 *t)
* might have been modified by someone else.
*/
rmb();
wait_for_panic();
if (!monarch_timeout)
goto out;
-@@ -1398,7 +1399,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code)
+@@ -1446,7 +1447,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code)
}
/* Call the installed machine check handler for this CPU setup. */
unexpected_machine_check;
/*
-@@ -1421,7 +1422,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c)
+@@ -1469,7 +1470,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c)
return;
}
__mcheck_cpu_init_generic();
__mcheck_cpu_init_vendor(c);
-@@ -1435,7 +1438,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c)
+@@ -1483,7 +1486,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c)
*/
static DEFINE_SPINLOCK(mce_chrdev_state_lock);
static int mce_chrdev_open_exclu; /* already open exclusive? */
static int mce_chrdev_open(struct inode *inode, struct file *file)
-@@ -1443,7 +1446,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
+@@ -1491,7 +1494,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
spin_lock(&mce_chrdev_state_lock);
if (mce_chrdev_open_exclu ||
spin_unlock(&mce_chrdev_state_lock);
return -EBUSY;
-@@ -1451,7 +1454,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
+@@ -1499,7 +1502,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
if (file->f_flags & O_EXCL)
mce_chrdev_open_exclu = 1;
spin_unlock(&mce_chrdev_state_lock);
-@@ -1462,7 +1465,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file)
+@@ -1510,7 +1513,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file)
{
spin_lock(&mce_chrdev_state_lock);
mce_chrdev_open_exclu = 0;
spin_unlock(&mce_chrdev_state_lock);
-@@ -2171,7 +2174,7 @@ struct dentry *mce_get_debugfs_dir(void)
+@@ -2229,7 +2232,7 @@ struct dentry *mce_get_debugfs_dir(void)
static void mce_reset(void)
{
cpu_missing = 0;
extern int generic_get_free_region(unsigned long base, unsigned long size,
int replace_reg);
diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c
-index 2bda212..78cc605 100644
+index 5adce10..99284ec 100644
--- a/arch/x86/kernel/cpu/perf_event.c
+++ b/arch/x86/kernel/cpu/perf_event.c
-@@ -1529,7 +1529,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
+@@ -1665,7 +1665,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
break;
perf_callchain_store(entry, frame.return_address);
.__cr3 = __pa_nodebug(swapper_pg_dir),
diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c
-index 1aae78f..aab3a3d 100644
+index 4025fe4..d8451c6 100644
--- a/arch/x86/kernel/dumpstack.c
+++ b/arch/x86/kernel/dumpstack.c
@@ -2,6 +2,9 @@
}
int __kprobes __die(const char *str, struct pt_regs *regs, long err)
-@@ -269,7 +274,7 @@ int __kprobes __die(const char *str, struct pt_regs *regs, long err)
+@@ -270,7 +275,7 @@ int __kprobes __die(const char *str, struct pt_regs *regs, long err)
show_registers(regs);
#ifdef CONFIG_X86_32
sp = regs->sp;
ss = regs->ss & 0xffff;
} else {
-@@ -297,7 +302,7 @@ void die(const char *str, struct pt_regs *regs, long err)
+@@ -298,7 +303,7 @@ void die(const char *str, struct pt_regs *regs, long err)
unsigned long flags = oops_begin();
int sig = SIGSEGV;
+EXPORT_SYMBOL(pax_check_alloca);
+#endif
diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c
-index 6d728d9..279514e 100644
+index 17107bd..b2deecf 100644
--- a/arch/x86/kernel/dumpstack_64.c
+++ b/arch/x86/kernel/dumpstack_64.c
@@ -119,9 +119,9 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
+EXPORT_SYMBOL(pax_check_alloca);
+#endif
diff --git a/arch/x86/kernel/early_printk.c b/arch/x86/kernel/early_printk.c
-index cd28a35..c72ed9a 100644
+index 9b9f18b..9fcaa04 100644
--- a/arch/x86/kernel/early_printk.c
+++ b/arch/x86/kernel/early_printk.c
@@ -7,6 +7,7 @@
#include <asm/processor.h>
#include <asm/fcntl.h>
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
-index f3f6f53..0841b66 100644
+index 7b784f4..db6b628 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
-@@ -186,13 +186,146 @@
+@@ -179,13 +179,146 @@
/*CFI_REL_OFFSET gs, PT_GS*/
.endm
.macro SET_KERNEL_GS reg
cld
PUSH_GS
pushl_cfi %fs
-@@ -215,7 +348,7 @@
+@@ -208,7 +341,7 @@
CFI_REL_OFFSET ecx, 0
pushl_cfi %ebx
CFI_REL_OFFSET ebx, 0
movl %edx, %ds
movl %edx, %es
movl $(__KERNEL_PERCPU), %edx
-@@ -223,6 +356,15 @@
+@@ -216,6 +349,15 @@
SET_KERNEL_GS %edx
.endm
.macro RESTORE_INT_REGS
popl_cfi %ebx
CFI_RESTORE ebx
-@@ -308,7 +450,7 @@ ENTRY(ret_from_fork)
+@@ -301,7 +443,7 @@ ENTRY(ret_from_fork)
popfl_cfi
jmp syscall_exit
CFI_ENDPROC
/*
* Interrupt exit functions should be protected against kprobes
-@@ -333,7 +475,15 @@ check_userspace:
- movb PT_CS(%esp), %al
- andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax
+@@ -335,7 +477,15 @@ resume_userspace_sig:
+ andl $SEGMENT_RPL_MASK, %eax
+ #endif
cmpl $USER_RPL, %eax
+
+#ifdef CONFIG_PAX_KERNEXEC
+ jae resume_userspace
+
-+ PAX_EXIT_KERNEL
++ pax_exit_kernel
+ jmp resume_kernel
+#else
jb resume_kernel # not returning to v8086 or userspace
ENTRY(resume_userspace)
LOCKDEP_SYS_EXIT
-@@ -345,8 +495,8 @@ ENTRY(resume_userspace)
+@@ -347,8 +497,8 @@ ENTRY(resume_userspace)
andl $_TIF_WORK_MASK, %ecx # is there any work to be done on
# int/exception return?
jne work_pending
#ifdef CONFIG_PREEMPT
ENTRY(resume_kernel)
-@@ -361,7 +511,7 @@ need_resched:
+@@ -363,7 +513,7 @@ need_resched:
jz restore_all
call preempt_schedule_irq
jmp need_resched
#endif
CFI_ENDPROC
/*
-@@ -395,23 +545,34 @@ sysenter_past_esp:
+@@ -397,23 +547,34 @@ sysenter_past_esp:
/*CFI_REL_OFFSET cs, 0*/
/*
* Push current_thread_info()->sysenter_return to the stack.
movl %ebp,PT_EBP(%esp)
.section __ex_table,"a"
.align 4
-@@ -434,12 +595,24 @@ sysenter_do_call:
+@@ -436,12 +597,24 @@ sysenter_do_call:
testl $_TIF_ALLWORK_MASK, %ecx
jne sysexit_audit
sysenter_exit:
PTGS_TO_GS
ENABLE_INTERRUPTS_SYSEXIT
-@@ -456,6 +629,9 @@ sysenter_audit:
+@@ -458,6 +631,9 @@ sysenter_audit:
movl %eax,%edx /* 2nd arg: syscall number */
movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */
- call audit_syscall_entry
+ call __audit_syscall_entry
+
+ pax_erase_kstack
+
pushl_cfi %ebx
movl PT_EAX(%esp),%eax /* reload syscall number */
jmp sysenter_do_call
-@@ -482,11 +658,17 @@ sysexit_audit:
+@@ -483,11 +659,17 @@ sysexit_audit:
CFI_ENDPROC
.pushsection .fixup,"ax"
.popsection
PTGS_TO_GS_EX
ENDPROC(ia32_sysenter_target)
-@@ -519,6 +701,15 @@ syscall_exit:
+@@ -520,6 +702,15 @@ syscall_exit:
testl $_TIF_ALLWORK_MASK, %ecx # current->work
jne syscall_exit_work
restore_all:
TRACE_IRQS_IRET
restore_all_notrace:
-@@ -578,14 +769,34 @@ ldt_ss:
+@@ -579,14 +770,34 @@ ldt_ss:
* compensating for the offset by changing to the ESPFIX segment with
* a base address that matches for the difference.
*/
pushl_cfi $__ESPFIX_SS
pushl_cfi %eax /* new kernel esp */
/* Disable interrupts, but do not irqtrace this section: we
-@@ -614,34 +825,28 @@ work_resched:
+@@ -615,38 +826,30 @@ work_resched:
movl TI_flags(%ebp), %ecx
andl $_TIF_WORK_MASK, %ecx # is there any work to be done other
# than syscall tracing?
- jne work_notifysig_v86 # returning to kernel-space or
+ jz 1f # returning to kernel-space or
# vm86-space
+- TRACE_IRQS_ON
+- ENABLE_INTERRUPTS(CLBR_NONE)
- xorl %edx, %edx
- call do_notify_resume
- jmp resume_userspace_sig
- movl %esp, %eax
+1:
#endif
+ TRACE_IRQS_ON
+ ENABLE_INTERRUPTS(CLBR_NONE)
xorl %edx, %edx
call do_notify_resume
jmp resume_userspace_sig
# perform syscall exit tracing
ALIGN
-@@ -649,11 +854,14 @@ syscall_trace_entry:
+@@ -654,11 +857,14 @@ syscall_trace_entry:
movl $-ENOSYS,PT_EAX(%esp)
movl %esp, %eax
call syscall_trace_enter
+ pax_erase_kstack
+
/* What it returned is what we'll actually use. */
- cmpl $(nr_syscalls), %eax
+ cmpl $(NR_syscalls), %eax
jnae syscall_call
jmp syscall_exit
-END(syscall_trace_entry)
# perform syscall exit tracing
ALIGN
-@@ -666,20 +874,24 @@ syscall_exit_work:
+@@ -671,20 +877,24 @@ syscall_exit_work:
movl %esp, %eax
call syscall_trace_leave
jmp resume_userspace
CFI_ENDPROC
/*
* End of kprobes section
-@@ -753,6 +965,36 @@ ptregs_clone:
+@@ -756,6 +966,36 @@ ENTRY(ptregs_clone)
CFI_ENDPROC
ENDPROC(ptregs_clone)
.macro FIXUP_ESPFIX_STACK
/*
* Switch back for ESPFIX stack to the normal zerobased stack
-@@ -762,8 +1004,15 @@ ENDPROC(ptregs_clone)
+@@ -765,8 +1005,15 @@ ENDPROC(ptregs_clone)
* normal stack and adjusts ESP with the matching offset.
*/
/* fixup the stack */
shl $16, %eax
addl %esp, %eax /* the adjusted stack pointer */
pushl_cfi $__KERNEL_DS
-@@ -816,7 +1065,7 @@ vector=vector+1
+@@ -819,7 +1066,7 @@ vector=vector+1
.endr
2: jmp common_interrupt
.endr
.previous
END(interrupt)
-@@ -864,7 +1113,7 @@ ENTRY(coprocessor_error)
+@@ -867,7 +1114,7 @@ ENTRY(coprocessor_error)
pushl_cfi $do_coprocessor_error
jmp error_code
CFI_ENDPROC
ENTRY(simd_coprocessor_error)
RING0_INT_FRAME
-@@ -885,7 +1134,7 @@ ENTRY(simd_coprocessor_error)
+@@ -888,7 +1135,7 @@ ENTRY(simd_coprocessor_error)
#endif
jmp error_code
CFI_ENDPROC
ENTRY(device_not_available)
RING0_INT_FRAME
-@@ -893,7 +1142,7 @@ ENTRY(device_not_available)
+@@ -896,7 +1143,7 @@ ENTRY(device_not_available)
pushl_cfi $do_device_not_available
jmp error_code
CFI_ENDPROC
#ifdef CONFIG_PARAVIRT
ENTRY(native_iret)
-@@ -902,12 +1151,12 @@ ENTRY(native_iret)
+@@ -905,12 +1152,12 @@ ENTRY(native_iret)
.align 4
.long native_iret, iret_exc
.previous
#endif
ENTRY(overflow)
-@@ -916,7 +1165,7 @@ ENTRY(overflow)
+@@ -919,7 +1166,7 @@ ENTRY(overflow)
pushl_cfi $do_overflow
jmp error_code
CFI_ENDPROC
ENTRY(bounds)
RING0_INT_FRAME
-@@ -924,7 +1173,7 @@ ENTRY(bounds)
+@@ -927,7 +1174,7 @@ ENTRY(bounds)
pushl_cfi $do_bounds
jmp error_code
CFI_ENDPROC
ENTRY(invalid_op)
RING0_INT_FRAME
-@@ -932,7 +1181,7 @@ ENTRY(invalid_op)
+@@ -935,7 +1182,7 @@ ENTRY(invalid_op)
pushl_cfi $do_invalid_op
jmp error_code
CFI_ENDPROC
ENTRY(coprocessor_segment_overrun)
RING0_INT_FRAME
-@@ -940,35 +1189,35 @@ ENTRY(coprocessor_segment_overrun)
+@@ -943,35 +1190,35 @@ ENTRY(coprocessor_segment_overrun)
pushl_cfi $do_coprocessor_segment_overrun
jmp error_code
CFI_ENDPROC
ENTRY(divide_error)
RING0_INT_FRAME
-@@ -976,7 +1225,7 @@ ENTRY(divide_error)
+@@ -979,7 +1226,7 @@ ENTRY(divide_error)
pushl_cfi $do_divide_error
jmp error_code
CFI_ENDPROC
#ifdef CONFIG_X86_MCE
ENTRY(machine_check)
-@@ -985,7 +1234,7 @@ ENTRY(machine_check)
+@@ -988,7 +1235,7 @@ ENTRY(machine_check)
pushl_cfi machine_check_vector
jmp error_code
CFI_ENDPROC
#endif
ENTRY(spurious_interrupt_bug)
-@@ -994,7 +1243,7 @@ ENTRY(spurious_interrupt_bug)
+@@ -997,7 +1244,7 @@ ENTRY(spurious_interrupt_bug)
pushl_cfi $do_spurious_interrupt_bug
jmp error_code
CFI_ENDPROC
/*
* End of kprobes section
*/
-@@ -1109,7 +1358,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
+@@ -1112,7 +1359,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
ENTRY(mcount)
ret
ENTRY(ftrace_caller)
cmpl $0, function_trace_stop
-@@ -1138,7 +1387,7 @@ ftrace_graph_call:
+@@ -1141,7 +1388,7 @@ ftrace_graph_call:
.globl ftrace_stub
ftrace_stub:
ret
#else /* ! CONFIG_DYNAMIC_FTRACE */
-@@ -1174,7 +1423,7 @@ trace:
+@@ -1177,7 +1424,7 @@ trace:
popl %ecx
popl %eax
jmp ftrace_stub
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -1195,7 +1444,7 @@ ENTRY(ftrace_graph_caller)
+@@ -1198,7 +1445,7 @@ ENTRY(ftrace_graph_caller)
popl %ecx
popl %eax
ret
.globl return_to_handler
return_to_handler:
-@@ -1209,7 +1458,6 @@ return_to_handler:
- jmp *%ecx
- #endif
-
--.section .rodata,"a"
- #include "syscall_table_32.S"
-
- syscall_table_size=(.-sys_call_table)
-@@ -1255,15 +1503,18 @@ error_code:
+@@ -1253,15 +1500,18 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
/*
* Debug traps and NMI can happen at the one SYSENTER instruction
-@@ -1305,7 +1556,7 @@ debug_stack_correct:
+@@ -1303,7 +1553,7 @@ debug_stack_correct:
call do_debug
jmp ret_from_exception
CFI_ENDPROC
/*
* NMI is doubly nasty. It can happen _while_ we're handling
-@@ -1342,6 +1593,9 @@ nmi_stack_correct:
+@@ -1340,6 +1590,9 @@ nmi_stack_correct:
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
call do_nmi
jmp restore_all_notrace
CFI_ENDPROC
-@@ -1378,12 +1632,15 @@ nmi_espfix_stack:
+@@ -1376,12 +1629,15 @@ nmi_espfix_stack:
FIXUP_ESPFIX_STACK # %eax == %esp
xorl %edx,%edx # zero error code
call do_nmi
ENTRY(int3)
RING0_INT_FRAME
-@@ -1395,14 +1652,14 @@ ENTRY(int3)
+@@ -1393,14 +1649,14 @@ ENTRY(int3)
call do_int3
jmp ret_from_exception
CFI_ENDPROC
#ifdef CONFIG_KVM_GUEST
ENTRY(async_page_fault)
-@@ -1410,7 +1667,7 @@ ENTRY(async_page_fault)
+@@ -1408,7 +1664,7 @@ ENTRY(async_page_fault)
pushl_cfi $do_async_page_fault
jmp error_code
CFI_ENDPROC
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index faf8d5e..4f16a68 100644
+index 1333d98..b340ca2 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
-@@ -55,6 +55,8 @@
- #include <asm/paravirt.h>
+@@ -56,6 +56,8 @@
#include <asm/ftrace.h>
#include <asm/percpu.h>
+ #include <linux/err.h>
+#include <asm/pgtable.h>
+#include <asm/alternative-asm.h>
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
#include <linux/elf-em.h>
-@@ -68,8 +70,9 @@
+@@ -69,8 +71,9 @@
#ifdef CONFIG_FUNCTION_TRACER
#ifdef CONFIG_DYNAMIC_FTRACE
ENTRY(mcount)
ENTRY(ftrace_caller)
cmpl $0, function_trace_stop
-@@ -92,8 +95,9 @@ GLOBAL(ftrace_graph_call)
+@@ -93,8 +96,9 @@ GLOBAL(ftrace_graph_call)
#endif
GLOBAL(ftrace_stub)
#else /* ! CONFIG_DYNAMIC_FTRACE */
ENTRY(mcount)
-@@ -112,6 +116,7 @@ ENTRY(mcount)
+@@ -113,6 +117,7 @@ ENTRY(mcount)
#endif
GLOBAL(ftrace_stub)
retq
trace:
-@@ -121,12 +126,13 @@ trace:
+@@ -122,12 +127,13 @@ trace:
movq 8(%rbp), %rsi
subq $MCOUNT_INSN_SIZE, %rdi
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -146,8 +152,9 @@ ENTRY(ftrace_graph_caller)
+@@ -147,8 +153,9 @@ ENTRY(ftrace_graph_caller)
MCOUNT_RESTORE_FRAME
GLOBAL(return_to_handler)
subq $24, %rsp
-@@ -163,6 +170,7 @@ GLOBAL(return_to_handler)
+@@ -164,6 +171,7 @@ GLOBAL(return_to_handler)
movq 8(%rsp), %rdx
movq (%rsp), %rax
addq $24, %rsp
jmp *%rdi
#endif
-@@ -178,6 +186,282 @@ ENTRY(native_usergs_sysret64)
+@@ -179,6 +187,282 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -231,8 +515,8 @@ ENDPROC(native_usergs_sysret64)
+@@ -232,8 +516,8 @@ ENDPROC(native_usergs_sysret64)
.endm
.macro UNFAKE_STACK_FRAME
.endm
/*
-@@ -319,7 +603,7 @@ ENDPROC(native_usergs_sysret64)
+@@ -320,7 +604,7 @@ ENDPROC(native_usergs_sysret64)
movq %rsp, %rsi
leaq -RBP(%rsp),%rdi /* arg1 for handler */
je 1f
SWAPGS
/*
-@@ -355,9 +639,10 @@ ENTRY(save_rest)
+@@ -356,9 +640,10 @@ ENTRY(save_rest)
movq_cfi r15, R15+16
movq %r11, 8(%rsp) /* return address */
FIXUP_TOP_OF_STACK %r11, 16
/* save complete stack frame */
.pushsection .kprobes.text, "ax"
-@@ -386,9 +671,10 @@ ENTRY(save_paranoid)
+@@ -387,9 +672,10 @@ ENTRY(save_paranoid)
js 1f /* negative -> in kernel */
SWAPGS
xorl %ebx,%ebx
.popsection
/*
-@@ -410,7 +696,7 @@ ENTRY(ret_from_fork)
+@@ -411,7 +697,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
- testl $3, CS-ARGOFFSET(%rsp) # from kernel_thread?
+ testb $3, CS-ARGOFFSET(%rsp) # from kernel_thread?
- je int_ret_from_sys_call
+ jz retint_restore_args
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -420,7 +706,7 @@ ENTRY(ret_from_fork)
+@@ -421,7 +707,7 @@ ENTRY(ret_from_fork)
jmp ret_from_sys_call # go to the SYSRET fastpath
CFI_ENDPROC
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -456,7 +742,7 @@ END(ret_from_fork)
+@@ -457,7 +743,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -469,12 +755,13 @@ ENTRY(system_call_after_swapgs)
+@@ -470,21 +756,23 @@ GLOBAL(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
movq %rax,ORIG_RAX-ARGOFFSET(%rsp)
movq %rcx,RIP-ARGOFFSET(%rsp)
CFI_REL_OFFSET rip,RIP-ARGOFFSET
-@@ -484,7 +771,7 @@ ENTRY(system_call_after_swapgs)
+- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
++ GET_THREAD_INFO(%rcx)
++ testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%rcx)
+ jnz tracesys
system_call_fastpath:
cmpq $__NR_syscall_max,%rax
ja badsys
call *sys_call_table(,%rax,8) # XXX: rip relative
movq %rax,RAX-ARGOFFSET(%rsp)
/*
-@@ -503,6 +790,8 @@ sysret_check:
+@@ -498,10 +786,13 @@ sysret_check:
+ LOCKDEP_SYS_EXIT
+ DISABLE_INTERRUPTS(CLBR_NONE)
+ TRACE_IRQS_OFF
+- movl TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET),%edx
++ GET_THREAD_INFO(%rcx)
++ movl TI_flags(%rcx),%edx
andl %edi,%edx
jnz sysret_careful
CFI_REMEMBER_STATE
/*
* sysretq will re-enable interrupts:
*/
-@@ -554,14 +843,18 @@ badsys:
+@@ -553,14 +844,18 @@ badsys:
* jump back to the normal fast path.
*/
auditsys:
movq %rdi,%rdx /* 3rd arg: 1st syscall arg */
movq %rax,%rsi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */
- call audit_syscall_entry
+ call __audit_syscall_entry
+
+ pax_erase_kstack
+
jmp system_call_fastpath
/*
-@@ -591,16 +884,20 @@ tracesys:
+@@ -581,7 +876,7 @@ sysret_audit:
+ /* Do syscall tracing */
+ tracesys:
+ #ifdef CONFIG_AUDITSYSCALL
+- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
++ testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%rcx)
+ jz auditsys
+ #endif
+ SAVE_REST
+@@ -589,16 +884,20 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
call *sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
/* Use IRET because user could have changed frame */
-@@ -612,7 +909,7 @@ tracesys:
- GLOBAL(int_ret_from_sys_call)
- DISABLE_INTERRUPTS(CLBR_NONE)
- TRACE_IRQS_OFF
-- testl $3,CS-ARGOFFSET(%rsp)
-+ testb $3,CS-ARGOFFSET(%rsp)
- je retint_restore_args
- movl $_TIF_ALLWORK_MASK,%edi
- /* edi: mask to check */
-@@ -623,6 +920,7 @@ GLOBAL(int_with_check)
+@@ -619,6 +918,7 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
jmp retint_swapgs
/* Either reschedule or signal or syscall exit tracking needed. */
-@@ -669,7 +967,7 @@ int_restore_rest:
+@@ -665,7 +965,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
/*
* Certain special system calls that need to save a complete full stack frame.
-@@ -685,7 +983,7 @@ ENTRY(\label)
+@@ -681,7 +981,7 @@ ENTRY(\label)
call \func
jmp ptregscall_common
CFI_ENDPROC
.endm
PTREGSCALL stub_clone, sys_clone, %r8
-@@ -703,9 +1001,10 @@ ENTRY(ptregscall_common)
+@@ -699,9 +999,10 @@ ENTRY(ptregscall_common)
movq_cfi_restore R12+8, r12
movq_cfi_restore RBP+8, rbp
movq_cfi_restore RBX+8, rbx
ENTRY(stub_execve)
CFI_STARTPROC
-@@ -720,7 +1019,7 @@ ENTRY(stub_execve)
+@@ -716,7 +1017,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -738,7 +1037,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -734,7 +1035,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
/*
* Build the entry stubs and pointer table with some assembler magic.
-@@ -773,7 +1072,7 @@ vector=vector+1
+@@ -769,7 +1070,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
.previous
END(interrupt)
-@@ -793,6 +1092,16 @@ END(interrupt)
+@@ -789,6 +1090,16 @@ END(interrupt)
subq $ORIG_RAX-RBP, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
SAVE_ARGS_IRQ
call \func
.endm
-@@ -824,7 +1133,7 @@ ret_from_intr:
+@@ -820,7 +1131,7 @@ ret_from_intr:
exit_intr:
GET_THREAD_INFO(%rcx)
je retint_kernel
/* Interrupt came from user space */
-@@ -846,12 +1155,15 @@ retint_swapgs: /* return to user-space */
+@@ -842,12 +1153,15 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
/*
* The iretq could re-enable interrupts:
*/
-@@ -940,7 +1252,7 @@ ENTRY(retint_kernel)
+@@ -936,7 +1250,7 @@ ENTRY(retint_kernel)
#endif
CFI_ENDPROC
/*
* End of kprobes section
*/
-@@ -956,7 +1268,7 @@ ENTRY(\sym)
+@@ -953,7 +1267,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
.endm
#ifdef CONFIG_SMP
-@@ -1021,12 +1333,22 @@ ENTRY(\sym)
+@@ -1026,12 +1340,22 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
.endm
.macro paranoidzeroentry sym do_sym
-@@ -1038,15 +1360,25 @@ ENTRY(\sym)
+@@ -1043,15 +1367,25 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1056,14 +1388,30 @@ ENTRY(\sym)
+@@ -1061,14 +1395,30 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
.endm
.macro errorentry sym do_sym
-@@ -1074,13 +1422,23 @@ ENTRY(\sym)
+@@ -1079,13 +1429,23 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
.endm
/* error code is on the stack already */
-@@ -1093,13 +1451,23 @@ ENTRY(\sym)
+@@ -1098,13 +1458,23 @@ ENTRY(\sym)
call save_paranoid
DEFAULT_FRAME 0
TRACE_IRQS_OFF
.endm
zeroentry divide_error do_divide_error
-@@ -1129,9 +1497,10 @@ gs_change:
+@@ -1134,9 +1504,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
.section __ex_table,"a"
.align 8
-@@ -1153,13 +1522,14 @@ ENTRY(kernel_thread_helper)
+@@ -1158,13 +1529,14 @@ ENTRY(kernel_thread_helper)
* Here we are in the child and the registers are set as they were
* at kernel_thread() invocation in the parent.
*/
/*
* execve(). This function needs to use IRET, not SYSRET, to set up all state properly.
-@@ -1186,11 +1556,11 @@ ENTRY(kernel_execve)
+@@ -1191,11 +1563,11 @@ ENTRY(kernel_execve)
RESTORE_REST
testq %rax,%rax
je int_ret_from_sys_call
/* Call softirq on interrupt stack. Interrupts are off. */
ENTRY(call_softirq)
-@@ -1208,9 +1578,10 @@ ENTRY(call_softirq)
+@@ -1213,9 +1585,10 @@ ENTRY(call_softirq)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
#ifdef CONFIG_XEN
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1248,7 +1619,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1253,7 +1626,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1307,7 +1678,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1312,7 +1685,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
apicinterrupt XEN_HVM_EVTCHN_CALLBACK \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1356,16 +1727,31 @@ ENTRY(paranoid_exit)
+@@ -1361,16 +1734,31 @@ ENTRY(paranoid_exit)
TRACE_IRQS_OFF
testl %ebx,%ebx /* swapgs needed? */
jnz paranoid_restore
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1394,7 +1780,7 @@ paranoid_schedule:
+@@ -1399,7 +1787,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1421,12 +1807,13 @@ ENTRY(error_entry)
+@@ -1426,12 +1814,13 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
ret
/*
-@@ -1453,7 +1840,7 @@ bstep_iret:
+@@ -1458,7 +1847,7 @@ bstep_iret:
movq %rcx,RIP+8(%rsp)
jmp error_swapgs
CFI_ENDPROC
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1473,7 +1860,7 @@ ENTRY(error_exit)
+@@ -1478,7 +1867,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
-END(error_exit)
+ENDPROC(error_exit)
-
- /* runs on exception stack */
-@@ -1485,6 +1872,16 @@ ENTRY(nmi)
- CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
+ /*
+ * Test if a given stack is an NMI stack or not.
+@@ -1535,9 +1924,11 @@ ENTRY(nmi)
+ * If %cs was not the kernel segment, then the NMI triggered in user
+ * space, which means it is definitely not nested.
+ */
++ cmpl $__KERNEXEC_KERNEL_CS, 16(%rsp)
++ je 1f
+ cmpl $__KERNEL_CS, 16(%rsp)
+ jne first_nmi
+-
++1:
+ /*
+ * Check the special variable on the stack to see if NMIs are
+ * executing.
+@@ -1659,6 +2050,16 @@ restart_nmi:
+ */
call save_paranoid
DEFAULT_FRAME 0
+#ifdef CONFIG_PAX_MEMORY_UDEREF
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
movq $-1,%rsi
-@@ -1495,12 +1892,28 @@ ENTRY(nmi)
- DISABLE_INTERRUPTS(CLBR_NONE)
+@@ -1666,14 +2067,25 @@ restart_nmi:
testl %ebx,%ebx /* swapgs needed? */
jnz nmi_restore
-- testl $3,CS(%rsp)
-+ testb $3,CS(%rsp)
- jnz nmi_userspace
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+ pax_exit_kernel
-+ SWAPGS_UNSAFE_STACK
-+ RESTORE_ALL 8
-+ pax_force_retaddr_bts
-+ jmp irq_return
-+#endif
nmi_swapgs:
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ pax_exit_kernel_user
+#endif
SWAPGS_UNSAFE_STACK
+ RESTORE_ALL 8
++ /* Clear the NMI executing stack variable */
++ movq $0, 10*8(%rsp)
+ jmp irq_return
nmi_restore:
+ pax_exit_kernel
RESTORE_ALL 8
+ pax_force_retaddr_bts
+ /* Clear the NMI executing stack variable */
+ movq $0, 10*8(%rsp)
jmp irq_return
- nmi_userspace:
- GET_THREAD_INFO(%rcx)
-@@ -1529,14 +1942,14 @@ nmi_schedule:
- jmp paranoid_exit
CFI_ENDPROC
- #endif
-END(nmi)
+ENDPROC(nmi)
- ENTRY(ignore_sysret)
- CFI_STARTPROC
+ /*
+ * If an NMI hit an iret because of an exception or breakpoint,
+@@ -1700,7 +2112,7 @@ ENTRY(ignore_sysret)
mov $-ENOSYS,%eax
sysret
CFI_ENDPROC
return -EFAULT;
diff --git a/arch/x86/kernel/head32.c b/arch/x86/kernel/head32.c
-index 3bb0850..55a56f4 100644
+index 51ff186..9e77418 100644
--- a/arch/x86/kernel/head32.c
+++ b/arch/x86/kernel/head32.c
@@ -19,6 +19,7 @@
static void __init i386_default_early_setup(void)
{
-@@ -33,7 +34,7 @@ void __init i386_start_kernel(void)
- {
- memblock_init();
+@@ -31,8 +32,7 @@ static void __init i386_default_early_setup(void)
-- memblock_x86_reserve_range(__pa_symbol(&_text), __pa_symbol(&__bss_stop), "TEXT DATA BSS");
-+ memblock_x86_reserve_range(LOAD_PHYSICAL_ADDR, __pa_symbol(&__bss_stop), "TEXT DATA BSS");
+ void __init i386_start_kernel(void)
+ {
+- memblock_reserve(__pa_symbol(&_text),
+- __pa_symbol(&__bss_stop) - __pa_symbol(&_text));
++ memblock_reserve(LOAD_PHYSICAL_ADDR, __pa_symbol(&__bss_stop) - LOAD_PHYSICAL_ADDR);
#ifdef CONFIG_BLK_DEV_INITRD
/* Reserve INITRD */
+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0
+ .endr
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
-index e11e394..9aebc5d 100644
+index 40f4eb3..6d24d9d 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -19,6 +19,8 @@
NEXT_PAGE(level2_kernel_pgt)
/*
-@@ -389,33 +429,55 @@ NEXT_PAGE(level2_kernel_pgt)
+@@ -389,37 +429,59 @@ NEXT_PAGE(level2_kernel_pgt)
* If you want to increase this then increase MODULES_VADDR
* too.)
*/
.align L1_CACHE_BYTES
ENTRY(idt_table)
- .skip IDT_ENTRIES * 16
++ .fill 512,8,0
+
+ .align L1_CACHE_BYTES
+ ENTRY(nmi_idt_table)
+- .skip IDT_ENTRIES * 16
+ .fill 512,8,0
__PAGE_ALIGNED_BSS
+EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR);
+#endif
diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c
-index 739d859..d1d6be7 100644
+index f239f30..aab2a58 100644
--- a/arch/x86/kernel/i387.c
+++ b/arch/x86/kernel/i387.c
-@@ -188,6 +188,9 @@ int xfpregs_active(struct task_struct *target, const struct user_regset *regset)
+@@ -189,6 +189,9 @@ int xfpregs_active(struct task_struct *target, const struct user_regset *regset)
int xfpregs_get(struct task_struct *target, const struct user_regset *regset,
unsigned int pos, unsigned int count,
void *kbuf, void __user *ubuf)
{
int ret;
-@@ -207,6 +210,9 @@ int xfpregs_get(struct task_struct *target, const struct user_regset *regset,
+@@ -208,6 +211,9 @@ int xfpregs_get(struct task_struct *target, const struct user_regset *regset,
int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
unsigned int pos, unsigned int count,
const void *kbuf, const void __user *ubuf)
{
int ret;
-@@ -240,6 +246,9 @@ int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
+@@ -241,6 +247,9 @@ int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
int xstateregs_get(struct task_struct *target, const struct user_regset *regset,
unsigned int pos, unsigned int count,
void *kbuf, void __user *ubuf)
{
int ret;
-@@ -269,6 +278,9 @@ int xstateregs_get(struct task_struct *target, const struct user_regset *regset,
+@@ -270,6 +279,9 @@ int xstateregs_get(struct task_struct *target, const struct user_regset *regset,
int xstateregs_set(struct task_struct *target, const struct user_regset *regset,
unsigned int pos, unsigned int count,
const void *kbuf, const void __user *ubuf)
{
int ret;
-@@ -439,6 +451,9 @@ static void convert_to_fxsr(struct task_struct *tsk,
+@@ -440,6 +452,9 @@ static void convert_to_fxsr(struct task_struct *tsk,
int fpregs_get(struct task_struct *target, const struct user_regset *regset,
unsigned int pos, unsigned int count,
void *kbuf, void __user *ubuf)
{
struct user_i387_ia32_struct env;
-@@ -471,6 +486,9 @@ int fpregs_get(struct task_struct *target, const struct user_regset *regset,
+@@ -472,6 +487,9 @@ int fpregs_get(struct task_struct *target, const struct user_regset *regset,
int fpregs_set(struct task_struct *target, const struct user_regset *regset,
unsigned int pos, unsigned int count,
const void *kbuf, const void __user *ubuf)
{
struct user_i387_ia32_struct env;
-@@ -619,6 +637,8 @@ static inline int restore_i387_fsave(struct _fpstate_ia32 __user *buf)
+@@ -620,6 +638,8 @@ static inline int restore_i387_fsave(struct _fpstate_ia32 __user *buf)
}
static int restore_i387_fxsave(struct _fpstate_ia32 __user *buf,
return -EPERM;
}
diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c
-index 429e0c9..17b3ece 100644
+index 7943e0c..dd32c5c 100644
--- a/arch/x86/kernel/irq.c
+++ b/arch/x86/kernel/irq.c
@@ -18,7 +18,7 @@
/* Function pointer for generic interrupt vector handling */
void (*x86_platform_ipi_callback)(void) = NULL;
-@@ -117,9 +117,9 @@ int arch_show_interrupts(struct seq_file *p, int prec)
+@@ -121,9 +121,9 @@ int arch_show_interrupts(struct seq_file *p, int prec)
seq_printf(p, "%10u ", per_cpu(mce_poll_count, j));
seq_printf(p, " Machine check polls\n");
#endif
#endif
return 0;
}
-@@ -159,10 +159,10 @@ u64 arch_irq_stat_cpu(unsigned int cpu)
+@@ -164,10 +164,10 @@ u64 arch_irq_stat_cpu(unsigned int cpu)
u64 arch_irq_stat(void)
{
return sum;
}
diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c
-index 7209070..cbcd71a 100644
+index 40fc861..9b8739b 100644
--- a/arch/x86/kernel/irq_32.c
+++ b/arch/x86/kernel/irq_32.c
-@@ -36,7 +36,7 @@ static int check_stack_overflow(void)
+@@ -39,7 +39,7 @@ static int check_stack_overflow(void)
__asm__ __volatile__("andl %%esp,%0" :
"=r" (sp) : "0" (THREAD_SIZE - 1));
}
static void print_stack_overflow(void)
-@@ -54,8 +54,8 @@ static inline void print_stack_overflow(void) { }
+@@ -59,8 +59,8 @@ static inline void print_stack_overflow(void) { }
* per-CPU IRQ handling contexts (thread information and stack)
*/
union irq_ctx {
} __attribute__((aligned(THREAD_SIZE)));
static DEFINE_PER_CPU(union irq_ctx *, hardirq_ctx);
-@@ -75,10 +75,9 @@ static void call_on_stack(void *func, void *stack)
+@@ -80,10 +80,9 @@ static void call_on_stack(void *func, void *stack)
static inline int
execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
{
irqctx = __this_cpu_read(hardirq_ctx);
/*
-@@ -87,21 +86,16 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
+@@ -92,21 +91,16 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
* handler) we can't do that and just have to keep using the
* current stack (which is the irq stack already after all)
*/
if (unlikely(overflow))
call_on_stack(print_stack_overflow, isp);
-@@ -113,6 +107,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
+@@ -118,6 +112,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
: "0" (irq), "1" (desc), "2" (isp),
"D" (desc->handle_irq)
: "memory", "cc", "ecx");
return 1;
}
-@@ -121,29 +120,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
+@@ -126,29 +125,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
*/
void __cpuinit irq_ctx_init(int cpu)
{
printk(KERN_DEBUG "CPU %u irqstacks, hard=%p soft=%p\n",
cpu, per_cpu(hardirq_ctx, cpu), per_cpu(softirq_ctx, cpu));
-@@ -152,7 +133,6 @@ void __cpuinit irq_ctx_init(int cpu)
+@@ -157,7 +138,6 @@ void __cpuinit irq_ctx_init(int cpu)
asmlinkage void do_softirq(void)
{
unsigned long flags;
union irq_ctx *irqctx;
u32 *isp;
-@@ -162,15 +142,22 @@ asmlinkage void do_softirq(void)
+@@ -167,15 +147,22 @@ asmlinkage void do_softirq(void)
local_irq_save(flags);
if (local_softirq_pending()) {
* Shouldn't happen, we returned above if in_interrupt():
*/
diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c
-index 69bca46..0bac999 100644
+index d04d3ec..ea4b374 100644
--- a/arch/x86/kernel/irq_64.c
+++ b/arch/x86/kernel/irq_64.c
-@@ -38,7 +38,7 @@ static inline void stack_overflow_check(struct pt_regs *regs)
- #ifdef CONFIG_DEBUG_STACKOVERFLOW
+@@ -44,7 +44,7 @@ static inline void stack_overflow_check(struct pt_regs *regs)
+ u64 estack_top, estack_bottom;
u64 curbase = (u64)task_stack_page(current);
- if (user_mode_vm(regs))
+ if (user_mode(regs))
return;
- WARN_ONCE(regs->sp >= curbase &&
+ if (regs->sp >= curbase + sizeof(struct thread_info) +
+diff --git a/arch/x86/kernel/kdebugfs.c b/arch/x86/kernel/kdebugfs.c
+index 90fcf62..e682cdd 100644
+--- a/arch/x86/kernel/kdebugfs.c
++++ b/arch/x86/kernel/kdebugfs.c
+@@ -28,6 +28,8 @@ struct setup_data_node {
+ };
+
+ static ssize_t setup_data_read(struct file *file, char __user *user_buf,
++ size_t count, loff_t *ppos) __size_overflow(3);
++static ssize_t setup_data_read(struct file *file, char __user *user_buf,
+ size_t count, loff_t *ppos)
+ {
+ struct setup_data_node *node = file->private_data;
diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c
-index faba577..93b9e71 100644
+index 2f45c4c..d95504f 100644
--- a/arch/x86/kernel/kgdb.c
+++ b/arch/x86/kernel/kgdb.c
-@@ -124,11 +124,11 @@ char *dbg_get_reg(int regno, void *mem, struct pt_regs *regs)
+@@ -126,11 +126,11 @@ char *dbg_get_reg(int regno, void *mem, struct pt_regs *regs)
#ifdef CONFIG_X86_32
switch (regno) {
case GDB_SS:
*(unsigned long *)mem = kernel_stack_pointer(regs);
break;
case GDB_GS:
-@@ -473,12 +473,12 @@ int kgdb_arch_handle_exception(int e_vector, int signo, int err_code,
+@@ -475,12 +475,12 @@ int kgdb_arch_handle_exception(int e_vector, int signo, int err_code,
case 'k':
/* clear the trace bit */
linux_regs->flags &= ~X86_EFLAGS_TF;
raw_smp_processor_id());
}
-@@ -543,7 +543,7 @@ static int __kgdb_notify(struct die_args *args, unsigned long cmd)
+@@ -545,7 +545,7 @@ static int __kgdb_notify(struct die_args *args, unsigned long cmd)
switch (cmd) {
case DIE_DEBUG:
RELATIVE_ADDR_SIZE);
insn_buf[0] = RELATIVEJUMP_OPCODE;
-diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
-index a9c2116..a52d4fc 100644
---- a/arch/x86/kernel/kvm.c
-+++ b/arch/x86/kernel/kvm.c
-@@ -437,6 +437,7 @@ static void __init paravirt_ops_setup(void)
- pv_mmu_ops.set_pud = kvm_set_pud;
- #if PAGETABLE_LEVELS == 4
- pv_mmu_ops.set_pgd = kvm_set_pgd;
-+ pv_mmu_ops.set_pgd_batched = kvm_set_pgd;
- #endif
- #endif
- pv_mmu_ops.flush_tlb_user = kvm_flush_tlb;
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
-index ea69726..8b497c9 100644
+index ea69726..a305f16 100644
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
@@ -67,13 +67,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
static int read_ldt(void __user *ptr, unsigned long bytecount)
{
int err;
-@@ -230,6 +249,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
+@@ -175,6 +194,7 @@ error_return:
+ return err;
+ }
+
++static int read_default_ldt(void __user *ptr, unsigned long bytecount) __size_overflow(2);
+ static int read_default_ldt(void __user *ptr, unsigned long bytecount)
+ {
+ /* CHECKME: Can we use _one_ random number ? */
+@@ -230,6 +250,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
}
}
static void microcode_fini_cpu(int cpu)
diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c
-index 925179f..267ac7a 100644
+index 925179f..1f0d561 100644
--- a/arch/x86/kernel/module.c
+++ b/arch/x86/kernel/module.c
-@@ -36,15 +36,60 @@
+@@ -36,15 +36,61 @@
#define DEBUGP(fmt...)
#endif
-void *module_alloc(unsigned long size)
++static inline void *__module_alloc(unsigned long size, pgprot_t prot) __size_overflow(1);
+static inline void *__module_alloc(unsigned long size, pgprot_t prot)
{
- if (PAGE_ALIGN(size) > MODULES_LEN)
#ifdef CONFIG_X86_32
int apply_relocate(Elf32_Shdr *sechdrs,
const char *strtab,
-@@ -55,14 +100,16 @@ int apply_relocate(Elf32_Shdr *sechdrs,
+@@ -55,14 +101,16 @@ int apply_relocate(Elf32_Shdr *sechdrs,
unsigned int i;
Elf32_Rel *rel = (void *)sechdrs[relsec].sh_addr;
Elf32_Sym *sym;
/* This is the symbol it is referring to. Note that all
undefined symbols have been resolved. */
sym = (Elf32_Sym *)sechdrs[symindex].sh_addr
-@@ -71,11 +118,15 @@ int apply_relocate(Elf32_Shdr *sechdrs,
+@@ -71,11 +119,15 @@ int apply_relocate(Elf32_Shdr *sechdrs,
switch (ELF32_R_TYPE(rel[i].r_info)) {
case R_386_32:
/* We add the value into the location given */
break;
default:
printk(KERN_ERR "module %s: Unknown relocation: %u\n",
-@@ -120,21 +171,30 @@ int apply_relocate_add(Elf64_Shdr *sechdrs,
+@@ -120,21 +172,30 @@ int apply_relocate_add(Elf64_Shdr *sechdrs,
case R_X86_64_NONE:
break;
case R_X86_64_64:
if ((s64)val != *(s32 *)loc)
goto overflow;
diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c
-index e88f37b..1353db6 100644
+index 47acaf3..ec48ab6 100644
--- a/arch/x86/kernel/nmi.c
+++ b/arch/x86/kernel/nmi.c
-@@ -408,6 +408,17 @@ static notrace __kprobes void default_do_nmi(struct pt_regs *regs)
+@@ -505,6 +505,17 @@ static inline void nmi_nesting_postprocess(void)
dotraplinkage notrace __kprobes void
do_nmi(struct pt_regs *regs, long error_code)
{
+ }
+#endif
+
- nmi_enter();
+ nmi_nesting_preprocess(regs);
- inc_irq_stat(__nmi_count);
+ nmi_enter();
diff --git a/arch/x86/kernel/paravirt-spinlocks.c b/arch/x86/kernel/paravirt-spinlocks.c
index 676b8c7..870ba04 100644
--- a/arch/x86/kernel/paravirt-spinlocks.c
#define DEBUG 1
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
-index ee5d4fb..426649b 100644
+index 15763af..da59ada 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -48,16 +48,33 @@ void free_thread_xstate(struct task_struct *tsk)
+}
+#endif
diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
-index 8598296..bfadef0 100644
+index c08d1ff..6ae1c81 100644
--- a/arch/x86/kernel/process_32.c
+++ b/arch/x86/kernel/process_32.c
@@ -67,6 +67,7 @@ asmlinkage void ret_from_fork(void) __asm__("ret_from_fork");
}
#ifndef CONFIG_SMP
-@@ -130,15 +131,14 @@ void __show_regs(struct pt_regs *regs, int all)
+@@ -132,15 +133,14 @@ void __show_regs(struct pt_regs *regs, int all)
unsigned long sp;
unsigned short ss, gs;
show_regs_common();
-@@ -200,13 +200,14 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
+@@ -202,13 +202,14 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
struct task_struct *tsk;
int err;
p->thread.ip = (unsigned long) ret_from_fork;
-@@ -296,7 +297,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -299,7 +300,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
struct thread_struct *prev = &prev_p->thread,
*next = &next_p->thread;
int cpu = smp_processor_id();
fpu_switch_t fpu;
/* never put a printk in __switch_to... printk() calls wake_up*() indirectly */
-@@ -320,6 +321,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -323,6 +324,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
*/
lazy_save_gs(prev->gs);
/*
* Load the per-thread Thread-Local Storage descriptor.
*/
-@@ -350,6 +355,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -353,6 +358,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
*/
arch_end_context_switch(next_p);
/*
* Restore %gs if needed (which is common)
*/
-@@ -358,8 +366,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -361,8 +369,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
switch_fpu_finish(next_p, fpu);
return prev_p;
}
-@@ -389,4 +395,3 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -392,4 +398,3 @@ unsigned long get_wchan(struct task_struct *p)
} while (count++ < 16);
return 0;
}
-
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
-index 6a364a6..b147d11 100644
+index cfa5c90..4facd28 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -89,7 +89,7 @@ static void __exit_idle(void)
return;
__exit_idle();
}
-@@ -264,8 +264,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
+@@ -270,8 +270,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
struct pt_regs *childregs;
struct task_struct *me = current;
*childregs = *regs;
childregs->ax = 0;
-@@ -277,6 +276,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
+@@ -283,6 +282,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
p->thread.sp = (unsigned long) childregs;
p->thread.sp0 = (unsigned long) (childregs+1);
p->thread.usersp = me->thread.usersp;
set_tsk_thread_flag(p, TIF_FORK);
-@@ -379,7 +379,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -385,7 +385,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
struct thread_struct *prev = &prev_p->thread;
struct thread_struct *next = &next_p->thread;
int cpu = smp_processor_id();
unsigned fsindex, gsindex;
fpu_switch_t fpu;
-@@ -461,10 +461,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -467,10 +467,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
prev->usersp = percpu_read(old_rsp);
percpu_write(old_rsp, next->usersp);
percpu_write(current_task, next_p);
/*
* Now maybe reload the debug registers and handle I/O bitmaps
-@@ -519,12 +518,11 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -525,12 +524,11 @@ unsigned long get_wchan(struct task_struct *p)
if (!p || p == current || p->state == TASK_RUNNING)
return 0;
stack = (unsigned long)task_stack_page(p);
ip = *(u64 *)(fp+8);
if (!in_sched_functions(ip))
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
-index 8252879..f367ec9 100644
+index 5026738..574f70a 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
-@@ -791,6 +791,10 @@ static int ioperm_active(struct task_struct *target,
+@@ -792,6 +792,10 @@ static int ioperm_active(struct task_struct *target,
static int ioperm_get(struct task_struct *target,
const struct user_regset *regset,
unsigned int pos, unsigned int count,
void *kbuf, void __user *ubuf)
{
if (!target->thread.io_bitmap_ptr)
-@@ -822,7 +826,7 @@ long arch_ptrace(struct task_struct *child, long request,
+@@ -823,7 +827,7 @@ long arch_ptrace(struct task_struct *child, long request,
unsigned long addr, unsigned long data)
{
int ret;
switch (request) {
/* read the word at location addr in the USER area. */
-@@ -907,14 +911,14 @@ long arch_ptrace(struct task_struct *child, long request,
+@@ -908,14 +912,14 @@ long arch_ptrace(struct task_struct *child, long request,
if ((int) addr < 0)
return -EIO;
ret = do_get_thread_area(child, addr,
break;
#endif
-@@ -1331,7 +1335,7 @@ static void fill_sigtrap_info(struct task_struct *tsk,
+@@ -1332,7 +1336,7 @@ static void fill_sigtrap_info(struct task_struct *tsk,
memset(info, 0, sizeof(*info));
info->si_signo = SIGTRAP;
info->si_code = si_code;
}
void user_single_step_siginfo(struct task_struct *tsk,
+@@ -1361,6 +1365,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs,
+ # define IS_IA32 0
+ #endif
+
++#ifdef CONFIG_GRKERNSEC_SETXID
++extern void gr_delayed_cred_worker(void);
++#endif
++
+ /*
+ * We must return the syscall number to actually look up in the table.
+ * This can be -1L to skip running any syscall at all.
+@@ -1369,6 +1377,11 @@ long syscall_trace_enter(struct pt_regs *regs)
+ {
+ long ret = 0;
+
++#ifdef CONFIG_GRKERNSEC_SETXID
++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID)))
++ gr_delayed_cred_worker();
++#endif
++
+ /*
+ * If we stepped into a sysenter/syscall insn, it trapped in
+ * kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP.
+@@ -1412,6 +1425,11 @@ void syscall_trace_leave(struct pt_regs *regs)
+ {
+ bool step;
+
++#ifdef CONFIG_GRKERNSEC_SETXID
++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID)))
++ gr_delayed_cred_worker();
++#endif
++
+ audit_syscall_exit(regs);
+
+ if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
diff --git a/arch/x86/kernel/pvclock.c b/arch/x86/kernel/pvclock.c
index 42eb330..139955c 100644
--- a/arch/x86/kernel/pvclock.c
return ret;
diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
-index 37a458b..e63d183 100644
+index d840e69..98e9581 100644
--- a/arch/x86/kernel/reboot.c
+++ b/arch/x86/kernel/reboot.c
@@ -35,7 +35,7 @@ void (*pm_power_off)(void);
enum reboot_type reboot_type = BOOT_ACPI;
int reboot_force;
-@@ -324,13 +324,17 @@ core_initcall(reboot_init);
+@@ -335,13 +335,17 @@ core_initcall(reboot_init);
extern const unsigned char machine_real_restart_asm[];
extern const u64 machine_real_restart_gdt[3];
local_irq_disable();
/* Write zero to CMOS register number 0x0f, which the BIOS POST
-@@ -356,14 +360,14 @@ void machine_real_restart(unsigned int type)
+@@ -367,14 +371,14 @@ void machine_real_restart(unsigned int type)
boot)". This seems like a fairly standard thing that gets set by
REBOOT.COM programs, and the previous reset routine did this
too. */
/* GDT[0]: GDT self-pointer */
lowmem_gdt[0] =
-@@ -374,7 +378,33 @@ void machine_real_restart(unsigned int type)
+@@ -385,7 +389,33 @@ void machine_real_restart(unsigned int type)
GDT_ENTRY(0x009b, restart_pa, 0xffff);
/* Jump to the identity-mapped low memory code */
}
#ifdef CONFIG_APM_MODULE
EXPORT_SYMBOL(machine_real_restart);
-@@ -540,7 +570,7 @@ void __attribute__((weak)) mach_reboot_fixups(void)
+@@ -556,7 +586,7 @@ void __attribute__((weak)) mach_reboot_fixups(void)
* try to force a triple fault and then cycle between hitting the keyboard
* controller and doing that
*/
{
int i;
int attempt = 0;
-@@ -664,13 +694,13 @@ void native_machine_shutdown(void)
+@@ -680,13 +710,13 @@ void native_machine_shutdown(void)
#endif
}
{
printk("machine restart\n");
-@@ -679,7 +709,7 @@ static void native_machine_restart(char *__unused)
+@@ -695,7 +725,7 @@ static void native_machine_restart(char *__unused)
__machine_emergency_restart(0);
}
{
/* stop other cpus and apics */
machine_shutdown();
-@@ -690,7 +720,7 @@ static void native_machine_halt(void)
+@@ -706,7 +736,7 @@ static void native_machine_halt(void)
stop_this_cpu(NULL);
}
{
if (pm_power_off) {
if (!reboot_force)
-@@ -699,6 +729,7 @@ static void native_machine_power_off(void)
+@@ -715,6 +745,7 @@ static void native_machine_power_off(void)
}
/* a fallback in case there is no PM info available */
tboot_shutdown(TB_SHUTDOWN_HALT);
1:
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index cf0ef98..e3f780b 100644
+index d7d5099..28555d0 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
-@@ -447,7 +447,7 @@ static void __init parse_setup_data(void)
+@@ -448,7 +448,7 @@ static void __init parse_setup_data(void)
switch (data->type) {
case SETUP_E820_EXT:
break;
case SETUP_DTB:
add_dtb(pa_data);
-@@ -650,7 +650,7 @@ static void __init trim_bios_range(void)
+@@ -649,7 +649,7 @@ static void __init trim_bios_range(void)
* area (640->1Mb) as ram even though it is not.
* take them out.
*/
sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map);
}
-@@ -773,14 +773,14 @@ void __init setup_arch(char **cmdline_p)
+@@ -767,14 +767,14 @@ void __init setup_arch(char **cmdline_p)
if (!boot_params.hdr.root_flags)
root_mountflags &= ~MS_RDONLY;
bss_resource.start = virt_to_phys(&__bss_start);
bss_resource.end = virt_to_phys(&__bss_stop)-1;
diff --git a/arch/x86/kernel/setup_percpu.c b/arch/x86/kernel/setup_percpu.c
-index 71f4727..217419b 100644
+index 5a98aa2..848d2be 100644
--- a/arch/x86/kernel/setup_percpu.c
+++ b/arch/x86/kernel/setup_percpu.c
@@ -21,19 +21,17 @@
write_gdt_entry(get_cpu_gdt_table(cpu),
GDT_ENTRY_PERCPU, &gdt, DESCTYPE_S);
#endif
-@@ -207,6 +209,11 @@ void __init setup_per_cpu_areas(void)
+@@ -219,6 +221,11 @@ void __init setup_per_cpu_areas(void)
/* alrighty, percpu areas up and running */
delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start;
for_each_possible_cpu(cpu) {
per_cpu_offset(cpu) = delta + pcpu_unit_offsets[cpu];
per_cpu(this_cpu_off, cpu) = per_cpu_offset(cpu);
per_cpu(cpu_number, cpu) = cpu;
-@@ -247,6 +254,12 @@ void __init setup_per_cpu_areas(void)
+@@ -259,6 +266,12 @@ void __init setup_per_cpu_areas(void)
*/
set_cpu_numa_node(cpu, early_cpu_to_node(cpu));
#endif
* Up to this point, the boot CPU has been using .init.data
* area. Reload any changed state for the boot CPU.
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
-index 54ddaeb2..22c3bdc 100644
+index 46a01bd..2e88e6d 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -198,7 +198,7 @@ static unsigned long align_sigframe(unsigned long sp)
} put_user_catch(err);
if (err)
-@@ -769,7 +772,7 @@ static void do_signal(struct pt_regs *regs)
+@@ -765,7 +768,7 @@ static void do_signal(struct pt_regs *regs)
* X86_32: vm86 regs switched out by assembly code before reaching
* here, so testing against kernel CS suffices.
*/
signr = get_signal_to_deliver(&info, &ka, regs, NULL);
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
-index 9f548cb..caf76f7 100644
+index 66d250c..f1b10bd 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
-@@ -709,17 +709,20 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu)
+@@ -715,17 +715,20 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu)
set_idle_for_cpu(cpu, c_idle.idle);
do_rest:
per_cpu(current_task, cpu) = c_idle.idle;
initial_code = (unsigned long)start_secondary;
stack_start = c_idle.idle->thread.sp;
-@@ -861,6 +864,12 @@ int __cpuinit native_cpu_up(unsigned int cpu)
+@@ -868,6 +871,12 @@ int __cpuinit native_cpu_up(unsigned int cpu)
per_cpu(cpu_state, cpu) = CPU_UP_PREPARE;
mm->cached_hole_size = ~0UL;
return addr;
-diff --git a/arch/x86/kernel/syscall_table_32.S b/arch/x86/kernel/syscall_table_32.S
-index 9a0e312..e6f66f2 100644
---- a/arch/x86/kernel/syscall_table_32.S
-+++ b/arch/x86/kernel/syscall_table_32.S
-@@ -1,3 +1,4 @@
-+.section .rodata,"a",@progbits
- ENTRY(sys_call_table)
- .long sys_restart_syscall /* 0 - old "setup()" system call, used for restarting */
- .long sys_exit
diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
index e2410e2..4fe3fbc 100644
--- a/arch/x86/kernel/tboot.c
return pc;
}
diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c
-index 6bb7b85..dd853e1 100644
+index bcfec2d..8f88b4a 100644
--- a/arch/x86/kernel/tls.c
+++ b/arch/x86/kernel/tls.c
@@ -85,6 +85,11 @@ int do_set_thread_area(struct task_struct *p, int idx,
.short 0
.quad 0x00cf9b000000ffff # __KERNEL32_CS
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
-index 31d9d0f..e244dd9 100644
+index 4bbe04d..41d0943 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -70,12 +70,6 @@ asmlinkage int system_call(void);
die("general protection fault", regs, error_code);
}
-@@ -414,7 +443,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
+@@ -421,7 +450,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
/* It's safe to allow irq's after DR6 has been saved */
preempt_conditional_sti(regs);
handle_vm86_trap((struct kernel_vm86_regs *) regs,
error_code, 1);
preempt_conditional_cli(regs);
-@@ -428,7 +457,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
+@@ -436,7 +465,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
* We already checked v86 mode above, so we can check for kernel mode
* by just checking the CPL of CS.
*/
tsk->thread.debugreg6 &= ~DR_STEP;
set_tsk_thread_flag(tsk, TIF_SINGLESTEP);
regs->flags &= ~X86_EFLAGS_TF;
-@@ -457,7 +486,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr)
+@@ -466,7 +495,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr)
return;
conditional_sti(regs);
{
if (!fixup_exception(regs)) {
task->thread.error_code = error_code;
-@@ -569,8 +598,8 @@ asmlinkage void __attribute__((weak)) smp_threshold_interrupt(void)
- void __math_state_restore(struct task_struct *tsk)
- {
- /* We need a safe address that is cheap to find and that is already
-- in L1. We've just brought in "tsk->thread.has_fpu", so use that */
--#define safe_address (tsk->thread.has_fpu)
-+ in L1. */
-+#define safe_address (init_tss[smp_processor_id()].x86_tss.sp0)
-
- /* AMD K7/K8 CPUs don't save/restore FDP/FIP/FOP unless an exception
- is pending. Clear the x87 state here by setting it to fixed
diff --git a/arch/x86/kernel/verify_cpu.S b/arch/x86/kernel/verify_cpu.S
index b9242ba..50c5edd 100644
--- a/arch/x86/kernel/verify_cpu.S
* verify_cpu, returns the status of longmode and SSE in register %eax.
* 0: Success 1: Failure
diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c
-index 863f875..4307295 100644
+index 328cb37..f37fee1 100644
--- a/arch/x86/kernel/vm86_32.c
+++ b/arch/x86/kernel/vm86_32.c
@@ -41,6 +41,7 @@
#include <asm/uaccess.h>
#include <asm/io.h>
-@@ -148,7 +149,7 @@ struct pt_regs *save_v86_state(struct kernel_vm86_regs *regs)
+@@ -109,6 +110,9 @@ static int copy_vm86_regs_to_user(struct vm86_regs __user *user,
+ /* convert vm86_regs to kernel_vm86_regs */
+ static int copy_vm86_regs_from_user(struct kernel_vm86_regs *regs,
+ const struct vm86_regs __user *user,
++ unsigned extra) __size_overflow(3);
++static int copy_vm86_regs_from_user(struct kernel_vm86_regs *regs,
++ const struct vm86_regs __user *user,
+ unsigned extra)
+ {
+ int ret = 0;
+@@ -148,7 +152,7 @@ struct pt_regs *save_v86_state(struct kernel_vm86_regs *regs)
do_exit(SIGSEGV);
}
current->thread.sp0 = current->thread.saved_sp0;
current->thread.sysenter_cs = __KERNEL_CS;
load_sp0(tss, ¤t->thread);
-@@ -208,6 +209,13 @@ int sys_vm86old(struct vm86_struct __user *v86, struct pt_regs *regs)
+@@ -210,6 +214,13 @@ int sys_vm86old(struct vm86_struct __user *v86, struct pt_regs *regs)
struct task_struct *tsk;
int tmp, ret = -EPERM;
tsk = current;
if (tsk->thread.saved_sp0)
goto out;
-@@ -238,6 +246,14 @@ int sys_vm86(unsigned long cmd, unsigned long arg, struct pt_regs *regs)
+@@ -240,6 +251,14 @@ int sys_vm86(unsigned long cmd, unsigned long arg, struct pt_regs *regs)
int tmp, ret;
struct vm86plus_struct __user *v86;
tsk = current;
switch (cmd) {
case VM86_REQUEST_IRQ:
-@@ -324,7 +340,7 @@ static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk
+@@ -326,7 +345,7 @@ static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk
tsk->thread.saved_fs = info->regs32->fs;
tsk->thread.saved_gs = get_user_gs(info->regs32);
tsk->thread.sp0 = (unsigned long) &info->VM86_TSS_ESP0;
if (cpu_has_sep)
tsk->thread.sysenter_cs = 0;
-@@ -529,7 +545,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i,
+@@ -533,7 +552,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i,
goto cannot_handle;
if (i == 0x21 && is_revectored(AH(regs), &KVM86->int21_revectored))
goto cannot_handle;
#ifdef CONFIG_SMP
diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c
-index e4d4a22..47ee71f 100644
+index b07ba93..a212969 100644
--- a/arch/x86/kernel/vsyscall_64.c
+++ b/arch/x86/kernel/vsyscall_64.c
@@ -57,15 +57,13 @@ DEFINE_VVAR(struct vsyscall_gtod_data, vsyscall_gtod_data) =
.lock = __SEQLOCK_UNLOCKED(__vsyscall_gtod_data.lock),
};
--static enum { EMULATE, NATIVE, NONE } vsyscall_mode = NATIVE;
+-static enum { EMULATE, NATIVE, NONE } vsyscall_mode = EMULATE;
+static enum { EMULATE, NONE } vsyscall_mode = EMULATE;
static int __init vsyscall_setup(char *str)
else if (!strcmp("none", str))
vsyscall_mode = NONE;
else
-@@ -178,7 +176,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address)
+@@ -207,7 +205,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address)
tsk = current;
if (seccomp_mode(&tsk->seccomp))
- do_exit(SIGKILL);
+ do_group_exit(SIGKILL);
- switch (vsyscall_nr) {
- case 0:
-@@ -220,8 +218,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address)
+ /*
+ * With a real vsyscall, page faults cause SIGSEGV. We want to
+@@ -279,8 +277,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address)
return true;
sigsegv:
}
/*
-@@ -274,10 +271,7 @@ void __init map_vsyscall(void)
+@@ -333,10 +330,7 @@ void __init map_vsyscall(void)
extern char __vvar_page;
unsigned long physaddr_vvar_page = __pa_symbol(&__vvar_page);
buf);
if (unlikely(err)) {
/*
+diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
+index 89b02bf..0f6511d 100644
+--- a/arch/x86/kvm/cpuid.c
++++ b/arch/x86/kvm/cpuid.c
+@@ -124,15 +124,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu,
+ struct kvm_cpuid2 *cpuid,
+ struct kvm_cpuid_entry2 __user *entries)
+ {
+- int r;
++ int r, i;
+
+ r = -E2BIG;
+ if (cpuid->nent > KVM_MAX_CPUID_ENTRIES)
+ goto out;
+ r = -EFAULT;
+- if (copy_from_user(&vcpu->arch.cpuid_entries, entries,
+- cpuid->nent * sizeof(struct kvm_cpuid_entry2)))
++ if (!access_ok(VERIFY_READ, entries, cpuid->nent * sizeof(struct kvm_cpuid_entry2)))
+ goto out;
++ for (i = 0; i < cpuid->nent; ++i) {
++ struct kvm_cpuid_entry2 cpuid_entry;
++ if (__copy_from_user(&cpuid_entry, entries + i, sizeof(cpuid_entry)))
++ goto out;
++ vcpu->arch.cpuid_entries[i] = cpuid_entry;
++ }
+ vcpu->arch.cpuid_nent = cpuid->nent;
+ kvm_apic_set_version(vcpu);
+ kvm_x86_ops->cpuid_update(vcpu);
+@@ -147,15 +152,19 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
+ struct kvm_cpuid2 *cpuid,
+ struct kvm_cpuid_entry2 __user *entries)
+ {
+- int r;
++ int r, i;
+
+ r = -E2BIG;
+ if (cpuid->nent < vcpu->arch.cpuid_nent)
+ goto out;
+ r = -EFAULT;
+- if (copy_to_user(entries, &vcpu->arch.cpuid_entries,
+- vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2)))
++ if (!access_ok(VERIFY_WRITE, entries, vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2)))
+ goto out;
++ for (i = 0; i < vcpu->arch.cpuid_nent; ++i) {
++ struct kvm_cpuid_entry2 cpuid_entry = vcpu->arch.cpuid_entries[i];
++ if (__copy_to_user(entries + i, &cpuid_entry, sizeof(cpuid_entry)))
++ goto out;
++ }
+ return 0;
+
+ out:
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index f1e3be18..588efc8 100644
+index 0982507..7f6d72f 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
-@@ -249,6 +249,7 @@ struct gprefix {
+@@ -250,6 +250,7 @@ struct gprefix {
#define ____emulate_2op(ctxt, _op, _x, _y, _suffix, _dsttype) \
do { \
__asm__ __volatile__ ( \
_PRE_EFLAGS("0", "4", "2") \
_op _suffix " %"_x"3,%1; " \
-@@ -263,8 +264,6 @@ struct gprefix {
+@@ -264,8 +265,6 @@ struct gprefix {
/* Raw emulation: instruction has two explicit operands. */
#define __emulate_2op_nobyte(ctxt,_op,_wx,_wy,_lx,_ly,_qx,_qy) \
do { \
switch ((ctxt)->dst.bytes) { \
case 2: \
____emulate_2op(ctxt,_op,_wx,_wy,"w",u16); \
-@@ -280,7 +279,6 @@ struct gprefix {
+@@ -281,7 +280,6 @@ struct gprefix {
#define __emulate_2op(ctxt,_op,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \
do { \
case 1: \
____emulate_2op(ctxt,_op,_bx,_by,"b",u8); \
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
-index 54abb40..a192606 100644
+index cfdc6e0..ab92e84 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
-@@ -53,7 +53,7 @@
+@@ -54,7 +54,7 @@
#define APIC_BUS_CYCLE_NS 1
/* #define apic_debug(fmt,arg...) printk(KERN_WARNING fmt,##arg) */
#define APIC_LVT_NUM 6
/* 14 is the version for Xeon and Pentium 8.4.8*/
-diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
-index f1b36cf..af8a124 100644
---- a/arch/x86/kvm/mmu.c
-+++ b/arch/x86/kvm/mmu.c
-@@ -3555,7 +3555,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
-
- pgprintk("%s: gpa %llx bytes %d\n", __func__, gpa, bytes);
-
-- invlpg_counter = atomic_read(&vcpu->kvm->arch.invlpg_counter);
-+ invlpg_counter = atomic_read_unchecked(&vcpu->kvm->arch.invlpg_counter);
-
- /*
- * Assume that the pte write on a page table of the same type
-@@ -3587,7 +3587,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
- }
-
- spin_lock(&vcpu->kvm->mmu_lock);
-- if (atomic_read(&vcpu->kvm->arch.invlpg_counter) != invlpg_counter)
-+ if (atomic_read_unchecked(&vcpu->kvm->arch.invlpg_counter) != invlpg_counter)
- gentry = 0;
- kvm_mmu_free_some_pages(vcpu);
- ++vcpu->kvm->stat.mmu_pte_write;
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
-index 9299410..ade2f9b 100644
+index 1561028..0ed7f14 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -197,7 +197,7 @@ retry_walk:
if (unlikely(__copy_from_user(&pte, ptep_user, sizeof(pte))))
goto error;
-@@ -705,7 +705,7 @@ static void FNAME(invlpg)(struct kvm_vcpu *vcpu, gva_t gva)
- if (need_flush)
- kvm_flush_remote_tlbs(vcpu->kvm);
-
-- atomic_inc(&vcpu->kvm->arch.invlpg_counter);
-+ atomic_inc_unchecked(&vcpu->kvm->arch.invlpg_counter);
-
- spin_unlock(&vcpu->kvm->mmu_lock);
-
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
-index 94a4672..1700ed1 100644
+index e385214..f8df033 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
-@@ -3037,6 +3037,7 @@ static int svm_set_vm_cr(struct kvm_vcpu *vcpu, u64 data)
- return 0;
- }
-
-+static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data) __size_overflow(3);
- static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data)
- {
- struct vcpu_svm *svm = to_svm(vcpu);
-@@ -3405,7 +3406,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
+@@ -3420,7 +3420,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
int cpu = raw_smp_processor_id();
struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
load_TR_desc();
}
-@@ -3783,6 +3788,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -3798,6 +3802,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
#endif
#endif
local_irq_disable();
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index 4ea7678..c715f2f 100644
+index a7a6f60..04b745a 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
-@@ -1305,7 +1305,11 @@ static void reload_tss(void)
+@@ -1306,7 +1306,11 @@ static void reload_tss(void)
struct desc_struct *descs;
descs = (void *)gdt->address;
load_TR_desc();
}
-@@ -2163,6 +2167,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata)
- * Returns 0 on success, non-0 otherwise.
- * Assumes vcpu_load() was already called.
- */
-+static int vmx_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data) __size_overflow(3);
- static int vmx_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data)
- {
- struct vcpu_vmx *vmx = to_vmx(vcpu);
-@@ -2633,8 +2638,11 @@ static __init int hardware_setup(void)
+@@ -2637,8 +2641,11 @@ static __init int hardware_setup(void)
if (!cpu_has_vmx_flexpriority())
flexpriority_enabled = 0;
if (enable_ept && !cpu_has_vmx_ept_2m_page())
kvm_disable_largepages();
-@@ -3648,7 +3656,7 @@ static void vmx_set_constant_host_state(void)
+@@ -3654,7 +3661,7 @@ static void vmx_set_constant_host_state(void)
vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */
asm("mov $.Lkvm_vmx_return, %0" : "=r"(tmpl));
rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
-@@ -6169,6 +6177,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6192,6 +6199,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
"jmp .Lkvm_vmx_return \n\t"
".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t"
".Lkvm_vmx_return: "
/* Save guest registers, load host registers, keep flags */
"mov %0, %c[wordsize](%%"R"sp) \n\t"
"pop %0 \n\t"
-@@ -6217,6 +6231,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6240,6 +6253,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
#endif
[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
[wordsize]"i"(sizeof(ulong))
: "cc", "memory"
, R"ax", R"bx", R"di", R"si"
#ifdef CONFIG_X86_64
-@@ -6245,7 +6264,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6268,7 +6286,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
}
}
vmx->exit_reason = vmcs_read32(VM_EXIT_REASON);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 4c938da..6cd8090 100644
+index 8d1c6c6..6e6d611 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
-@@ -907,6 +907,7 @@ static int do_set_msr(struct kvm_vcpu *vcpu, unsigned index, u64 *data)
+@@ -873,6 +873,7 @@ static int do_set_msr(struct kvm_vcpu *vcpu, unsigned index, u64 *data)
return kvm_set_msr(vcpu, index, *data);
}
static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock)
{
int version;
-@@ -1345,8 +1346,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
+@@ -1307,12 +1308,13 @@ static int set_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 data)
+ return 0;
+ }
+
++static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) __size_overflow(2);
+ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
{
struct kvm *kvm = vcpu->kvm;
int lm = is_long_mode(vcpu);
u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
: kvm->arch.xen_hvm_config.blob_size_32;
u32 page_num = data & ~PAGE_MASK;
-@@ -2165,6 +2166,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
+@@ -2145,6 +2147,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
if (n < msr_list.nmsrs)
goto out;
r = -EFAULT;
if (copy_to_user(user_msr_list->indices, &msrs_to_save,
num_msrs_to_save * sizeof(u32)))
goto out;
-@@ -2340,15 +2343,20 @@ static int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu,
- struct kvm_cpuid2 *cpuid,
- struct kvm_cpuid_entry2 __user *entries)
- {
-- int r;
-+ int r, i;
-
- r = -E2BIG;
- if (cpuid->nent > KVM_MAX_CPUID_ENTRIES)
- goto out;
- r = -EFAULT;
-- if (copy_from_user(&vcpu->arch.cpuid_entries, entries,
-- cpuid->nent * sizeof(struct kvm_cpuid_entry2)))
-+ if (!access_ok(VERIFY_READ, entries, cpuid->nent * sizeof(struct kvm_cpuid_entry2)))
- goto out;
-+ for (i = 0; i < cpuid->nent; ++i) {
-+ struct kvm_cpuid_entry2 cpuid_entry;
-+ if (__copy_from_user(&cpuid_entry, entries + i, sizeof(cpuid_entry)))
-+ goto out;
-+ vcpu->arch.cpuid_entries[i] = cpuid_entry;
-+ }
- vcpu->arch.cpuid_nent = cpuid->nent;
- kvm_apic_set_version(vcpu);
- kvm_x86_ops->cpuid_update(vcpu);
-@@ -2363,15 +2371,19 @@ static int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
- struct kvm_cpuid2 *cpuid,
- struct kvm_cpuid_entry2 __user *entries)
- {
-- int r;
-+ int r, i;
-
- r = -E2BIG;
- if (cpuid->nent < vcpu->arch.cpuid_nent)
- goto out;
- r = -EFAULT;
-- if (copy_to_user(entries, &vcpu->arch.cpuid_entries,
-- vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2)))
-+ if (!access_ok(VERIFY_WRITE, entries, vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2)))
- goto out;
-+ for (i = 0; i < vcpu->arch.cpuid_nent; ++i) {
-+ struct kvm_cpuid_entry2 cpuid_entry = vcpu->arch.cpuid_entries[i];
-+ if (__copy_to_user(entries + i, &cpuid_entry, sizeof(cpuid_entry)))
-+ goto out;
-+ }
- return 0;
-
- out:
-@@ -2746,7 +2758,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu,
+@@ -2266,7 +2270,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu,
static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu,
struct kvm_interrupt *irq)
{
return -EINVAL;
if (irqchip_in_kernel(vcpu->kvm))
return -ENXIO;
-@@ -3949,6 +3961,9 @@ gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *vcpu, gva_t gva,
+@@ -3499,6 +3503,9 @@ gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *vcpu, gva_t gva,
static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int bytes,
struct kvm_vcpu *vcpu, u32 access,
struct x86_exception *exception)
{
void *data = val;
-@@ -3980,6 +3995,9 @@ out:
+@@ -3530,6 +3537,9 @@ out:
/* used for instruction fetching */
static int kvm_fetch_guest_virt(struct x86_emulate_ctxt *ctxt,
gva_t addr, void *val, unsigned int bytes,
struct x86_exception *exception)
{
struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
-@@ -4004,6 +4022,9 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_virt);
+@@ -3554,6 +3564,9 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_virt);
static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt,
gva_t addr, void *val, unsigned int bytes,
struct x86_exception *exception)
{
struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
-@@ -4117,12 +4138,16 @@ static int read_prepare(struct kvm_vcpu *vcpu, void *val, int bytes)
+@@ -3667,12 +3680,16 @@ static int read_prepare(struct kvm_vcpu *vcpu, void *val, int bytes)
}
static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa,
void *val, int bytes)
{
return emulator_write_phys(vcpu, gpa, val, bytes);
-@@ -4273,6 +4298,12 @@ static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt,
+@@ -3823,6 +3840,12 @@ static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt,
const void *old,
const void *new,
unsigned int bytes,
struct x86_exception *exception)
{
struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
-@@ -5162,7 +5193,7 @@ static void kvm_set_mmio_spte_mask(void)
+@@ -4782,7 +4805,7 @@ static void kvm_set_mmio_spte_mask(void)
kvm_mmu_set_mmio_spte_mask(mask);
}
int r;
struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque;
diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
-index d36fe23..a4b189f 100644
+index cb80c29..aeee86c 100644
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
-@@ -119,10 +119,10 @@ void kvm_write_tsc(struct kvm_vcpu *vcpu, u64 data);
+@@ -116,11 +116,11 @@ void kvm_write_tsc(struct kvm_vcpu *vcpu, u64 data);
int kvm_read_guest_virt(struct x86_emulate_ctxt *ctxt,
gva_t addr, void *val, unsigned int bytes,
- struct x86_exception *exception);
+ struct x86_exception *exception) __size_overflow(2,4);
- #endif
+ extern u64 host_xcr0;
+
diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c
-index cf4603b..7cdde38 100644
+index 642d880..44e0f3f 100644
--- a/arch/x86/lguest/boot.c
+++ b/arch/x86/lguest/boot.c
-@@ -1195,9 +1195,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count)
+@@ -1200,9 +1200,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count)
* Rebooting also tells the Host we're finished, but the RESTART flag tells the
* Launcher to reboot us.
*/
movl %eax, (v)
movl %edx, 4(v)
diff --git a/arch/x86/lib/atomic64_cx8_32.S b/arch/x86/lib/atomic64_cx8_32.S
-index 391a083..d658e9f 100644
+index 391a083..3a2cf39 100644
--- a/arch/x86/lib/atomic64_cx8_32.S
+++ b/arch/x86/lib/atomic64_cx8_32.S
@@ -35,10 +35,20 @@ ENTRY(atomic64_read_cx8)
-.macro incdec_return func ins insc
-ENTRY(atomic64_\func\()_return_cx8)
-+.macro incdec_return func ins insc unchecked
++.macro incdec_return func ins insc unchecked=""
+ENTRY(atomic64_\func\()_return\unchecked\()_cx8)
CFI_STARTPROC
SAVE ebx
CFI_ENDPROC
END(bad_get_user)
diff --git a/arch/x86/lib/insn.c b/arch/x86/lib/insn.c
-index 374562e..a75830b 100644
+index 5a1f9f3..ba9f577 100644
--- a/arch/x86/lib/insn.c
+++ b/arch/x86/lib/insn.c
@@ -21,6 +21,11 @@
char c;
unsigned zero_len;
diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c
-index d0474ad..36e9257 100644
+index 1fb85db..8b3540b 100644
--- a/arch/x86/mm/extable.c
+++ b/arch/x86/mm/extable.c
@@ -8,7 +8,7 @@ int fixup_exception(struct pt_regs *regs)
extern u32 pnp_bios_is_utter_crap;
pnp_bios_is_utter_crap = 1;
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
-index 5db0490..2ddce45 100644
+index f0b4caf..d92fd42 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -13,11 +13,18 @@
printk(KERN_ALERT "BUG: unable to handle kernel ");
if (address < PAGE_SIZE)
printk(KERN_CONT "NULL pointer dereference");
-@@ -739,6 +820,21 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,
+@@ -748,6 +829,21 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,
}
#endif
if (unlikely(show_unhandled_signals))
show_signal_msg(regs, error_code, address, tsk);
-@@ -835,7 +931,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
+@@ -844,7 +940,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) {
printk(KERN_ERR
"MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n",
code = BUS_MCEERR_AR;
}
#endif
-@@ -890,6 +986,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
+@@ -900,6 +996,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
return 1;
}
/*
* Handle a spurious fault caused by a stale TLB entry.
*
-@@ -962,6 +1151,9 @@ int show_unhandled_signals = 1;
+@@ -972,6 +1161,9 @@ int show_unhandled_signals = 1;
static inline int
access_error(unsigned long error_code, struct vm_area_struct *vma)
{
if (error_code & PF_WRITE) {
/* write, present and write, not present: */
if (unlikely(!(vma->vm_flags & VM_WRITE)))
-@@ -995,18 +1187,32 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1005,18 +1197,32 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code)
{
struct vm_area_struct *vma;
struct task_struct *tsk;
/*
* Detect and handle instructions that would cause a page fault for
-@@ -1067,7 +1273,7 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1077,7 +1283,7 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code)
* User-mode registers count as a user access even for any
* potential system fault or CPU buglet:
*/
local_irq_enable();
error_code |= PF_USER;
} else {
-@@ -1122,6 +1328,11 @@ retry:
+@@ -1132,6 +1338,11 @@ retry:
might_sleep();
}
vma = find_vma(mm, address);
if (unlikely(!vma)) {
bad_area(regs, error_code, address);
-@@ -1133,18 +1344,24 @@ retry:
+@@ -1143,18 +1354,24 @@ retry:
bad_area(regs, error_code, address);
return;
}
if (unlikely(expand_stack(vma, address))) {
bad_area(regs, error_code, address);
return;
-@@ -1199,3 +1416,292 @@ good_area:
+@@ -1209,3 +1426,292 @@ good_area:
up_read(&mm->mmap_sem);
}
return (void *)vaddr;
diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c
-index f581a18..29efd37 100644
+index 8ecbb4b..a269cab 100644
--- a/arch/x86/mm/hugetlbpage.c
+++ b/arch/x86/mm/hugetlbpage.c
@@ -266,13 +266,20 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
/* don't allow allocations above current base */
if (mm->free_area_cache > base)
-@@ -321,64 +328,63 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
+@@ -321,14 +328,15 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
largest_hole = 0;
mm->free_area_cache = base;
}
+ addr = (mm->free_area_cache - len);
do {
+ addr &= huge_page_mask(h);
-+ vma = find_vma(mm, addr);
/*
* Lookup failure means no vma is above this address,
* i.e. return with success:
-- */
-- if (!(vma = find_vma_prev(mm, addr, &prev_vma)))
-- return addr;
--
-- /*
+@@ -341,46 +349,47 @@ try_again:
* new region fits between prev_vma->vm_end and
* vma->vm_start, use it:
*/
+- prev_vma = vma->vm_prev;
- if (addr + len <= vma->vm_start &&
- (!prev_vma || (addr >= prev_vma->vm_end))) {
+ if (check_heap_stack_gap(vma, addr, len)) {
mm->cached_hole_size = ~0UL;
addr = hugetlb_get_unmapped_area_bottomup(file, addr0,
len, pgoff, flags);
-@@ -386,6 +392,7 @@ fail:
+@@ -388,6 +397,7 @@ fail:
/*
* Restore the topdown base:
*/
mm->free_area_cache = base;
mm->cached_hole_size = ~0UL;
-@@ -399,10 +406,19 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+@@ -401,10 +411,19 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
struct hstate *h = hstate_file(file);
struct mm_struct *mm = current->mm;
struct vm_area_struct *vma;
return -ENOMEM;
if (flags & MAP_FIXED) {
-@@ -414,8 +430,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+@@ -416,8 +435,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
if (addr) {
addr = ALIGN(addr, huge_page_size(h));
vma = find_vma(mm, addr);
}
if (mm->get_unmapped_area == arch_get_unmapped_area)
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
-index 87488b9..399f416 100644
+index 6cabf65..77e9c1c 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
-@@ -15,6 +15,7 @@
- #include <asm/tlbflush.h>
+@@ -17,6 +17,7 @@
#include <asm/tlb.h>
#include <asm/proto.h>
+ #include <asm/dma.h> /* for MAX_DMA_PFN */
+#include <asm/desc.h>
unsigned long __initdata pgt_buf_start;
unsigned long __meminitdata pgt_buf_end;
-@@ -31,7 +32,7 @@ int direct_gbpages
+@@ -33,7 +34,7 @@ int direct_gbpages
static void __init find_early_table_space(unsigned long end, int use_pse,
int use_gbpages)
{
phys_addr_t base;
puds = (end + PUD_SIZE - 1) >> PUD_SHIFT;
-@@ -312,8 +313,29 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
+@@ -314,8 +315,29 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
*/
int devmem_is_allowed(unsigned long pagenr)
{
if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
return 0;
if (!page_is_ram(pagenr))
-@@ -372,6 +394,86 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
+@@ -374,6 +396,86 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
void free_initmem(void)
{
(unsigned long)(&__init_begin),
(unsigned long)(&__init_end));
diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
-index 29f7c6d..b46b35b 100644
+index 8663f6c..829ae76 100644
--- a/arch/x86/mm/init_32.c
+++ b/arch/x86/mm/init_32.c
@@ -74,36 +74,6 @@ static __init void *alloc_low_page(void)
prot = PAGE_KERNEL_EXEC;
pages_4k++;
-@@ -472,7 +473,7 @@ void __init native_pagetable_setup_start(pgd_t *base)
+@@ -466,7 +467,7 @@ void __init native_pagetable_setup_start(pgd_t *base)
pud = pud_offset(pgd, va);
pmd = pmd_offset(pud, va);
break;
pte = pte_offset_kernel(pmd, va);
-@@ -524,12 +525,10 @@ void __init early_ioremap_page_table_range_init(void)
+@@ -518,12 +519,10 @@ void __init early_ioremap_page_table_range_init(void)
static void __init pagetable_init(void)
{
EXPORT_SYMBOL_GPL(__supported_pte_mask);
/* user-defined highmem size */
-@@ -757,6 +756,12 @@ void __init mem_init(void)
+@@ -735,6 +734,12 @@ void __init mem_init(void)
pci_iommu_alloc();
#ifdef CONFIG_FLATMEM
BUG_ON(!mem_map);
#endif
-@@ -774,7 +779,7 @@ void __init mem_init(void)
- set_highmem_pages_init();
+@@ -761,7 +766,7 @@ void __init mem_init(void)
+ reservedpages++;
codesize = (unsigned long) &_etext - (unsigned long) &_text;
- datasize = (unsigned long) &_edata - (unsigned long) &_etext;
initsize = (unsigned long) &__init_end - (unsigned long) &__init_begin;
printk(KERN_INFO "Memory: %luk/%luk available (%dk kernel code, "
-@@ -815,10 +820,10 @@ void __init mem_init(void)
+@@ -802,10 +807,10 @@ void __init mem_init(void)
((unsigned long)&__init_end -
(unsigned long)&__init_begin) >> 10,
((unsigned long)&_etext - (unsigned long)&_text) >> 10);
/*
-@@ -896,6 +901,7 @@ void set_kernel_text_rw(void)
+@@ -883,6 +888,7 @@ void set_kernel_text_rw(void)
if (!kernel_set_to_readonly)
return;
pr_debug("Set kernel text: %lx - %lx for read write\n",
start, start+size);
-@@ -910,6 +916,7 @@ void set_kernel_text_ro(void)
+@@ -897,6 +903,7 @@ void set_kernel_text_ro(void)
if (!kernel_set_to_readonly)
return;
pr_debug("Set kernel text: %lx - %lx for read only\n",
start, start+size);
-@@ -938,6 +945,7 @@ void mark_rodata_ro(void)
+@@ -925,6 +932,7 @@ void mark_rodata_ro(void)
unsigned long start = PFN_ALIGN(_text);
unsigned long size = PFN_ALIGN(_etext) - start;
printk(KERN_INFO "Write protecting the kernel text: %luk\n",
size >> 10);
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
-index bbaaa00..796fa65 100644
+index 436a030..4f97ffc 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -75,7 +75,7 @@ early_param("gbpages", parse_direct_gbpages_on);
}
spin_unlock(&pgd_lock);
}
+@@ -162,7 +176,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr)
+ {
+ if (pgd_none(*pgd)) {
+ pud_t *pud = (pud_t *)spp_getpage();
+- pgd_populate(&init_mm, pgd, pud);
++ pgd_populate_kernel(&init_mm, pgd, pud);
+ if (pud != pud_offset(pgd, 0))
+ printk(KERN_ERR "PAGETABLE BUG #00! %p <-> %p\n",
+ pud, pud_offset(pgd, 0));
+@@ -174,7 +188,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr)
+ {
+ if (pud_none(*pud)) {
+ pmd_t *pmd = (pmd_t *) spp_getpage();
+- pud_populate(&init_mm, pud, pmd);
++ pud_populate_kernel(&init_mm, pud, pmd);
+ if (pmd != pmd_offset(pud, 0))
+ printk(KERN_ERR "PAGETABLE BUG #01! %p <-> %p\n",
+ pmd, pmd_offset(pud, 0));
@@ -203,7 +217,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte)
pmd = fill_pmd(pud, vaddr);
pte = fill_pte(pmd, vaddr);
adr = (void *)(((unsigned long)adr) | left);
return adr;
-@@ -693,6 +707,12 @@ void __init mem_init(void)
+@@ -546,7 +560,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end,
+ unmap_low_page(pmd);
+
+ spin_lock(&init_mm.page_table_lock);
+- pud_populate(&init_mm, pud, __va(pmd_phys));
++ pud_populate_kernel(&init_mm, pud, __va(pmd_phys));
+ spin_unlock(&init_mm.page_table_lock);
+ }
+ __flush_tlb_all();
+@@ -592,7 +606,7 @@ kernel_physical_mapping_init(unsigned long start,
+ unmap_low_page(pud);
+
+ spin_lock(&init_mm.page_table_lock);
+- pgd_populate(&init_mm, pgd, __va(pud_phys));
++ pgd_populate_kernel(&init_mm, pgd, __va(pud_phys));
+ spin_unlock(&init_mm.page_table_lock);
+ pgd_changed = true;
+ }
+@@ -684,6 +698,12 @@ void __init mem_init(void)
pci_iommu_alloc();
/* clear_bss() already clear the empty_zero_page */
reservedpages = 0;
-@@ -853,8 +873,8 @@ int kern_addr_valid(unsigned long addr)
+@@ -844,8 +864,8 @@ int kern_addr_valid(unsigned long addr)
static struct vm_area_struct gate_vma = {
.vm_start = VSYSCALL_START,
.vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE),
};
struct vm_area_struct *get_gate_vma(struct mm_struct *mm)
-@@ -888,7 +908,7 @@ int in_gate_area_no_mm(unsigned long addr)
+@@ -879,7 +899,7 @@ int in_gate_area_no_mm(unsigned long addr)
const char *arch_vma_name(struct vm_area_struct *vma)
{
mm->unmap_area = arch_unmap_area_topdown;
}
diff --git a/arch/x86/mm/mmio-mod.c b/arch/x86/mm/mmio-mod.c
-index de54b9b..799051e 100644
+index dc0b727..dc9d71a 100644
--- a/arch/x86/mm/mmio-mod.c
+++ b/arch/x86/mm/mmio-mod.c
@@ -194,7 +194,7 @@ static void pre(struct kmmio_probe *p, struct pt_regs *regs,
struct split_state {
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
-index f9e5267..77b1a40 100644
+index e1ebde3..b1e1db38 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -261,7 +261,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
p += get_opcode(p, &opcode);
for (i = 0; i < ARRAY_SIZE(imm_wop); i++)
diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c
-index 8573b83..c3b1a30 100644
+index 8573b83..7d9628f 100644
--- a/arch/x86/mm/pgtable.c
+++ b/arch/x86/mm/pgtable.c
-@@ -84,10 +84,52 @@ static inline void pgd_list_del(pgd_t *pgd)
+@@ -84,10 +84,60 @@ static inline void pgd_list_del(pgd_t *pgd)
list_del(&page->lru);
}
+#ifdef CONFIG_PAX_PER_CPU_PGD
+void __clone_user_pgds(pgd_t *dst, const pgd_t *src, int count)
+{
-+ while (count--)
++ while (count--) {
++ pgd_t pgd;
+
-+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+ *dst++ = __pgd(pgd_val(*src++) & clone_pgd_mask);
++#ifdef CONFIG_X86_64
++ pgd = __pgd(pgd_val(*src++) | _PAGE_USER);
+#else
-+ *dst++ = *src++;
++ pgd = *src++;
++#endif
++
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++ pgd = __pgd(pgd_val(pgd) & clone_pgd_mask);
+#endif
+
++ *dst++ = pgd;
++ }
++
+}
+#endif
+
static void pgd_set_mm(pgd_t *pgd, struct mm_struct *mm)
{
BUILD_BUG_ON(sizeof(virt_to_page(pgd)->index) < sizeof(mm));
-@@ -128,6 +170,7 @@ static void pgd_dtor(pgd_t *pgd)
+@@ -128,6 +178,7 @@ static void pgd_dtor(pgd_t *pgd)
pgd_list_del(pgd);
spin_unlock(&pgd_lock);
}
/*
* List of all pgd's needed for non-PAE so it can invalidate entries
-@@ -140,7 +183,7 @@ static void pgd_dtor(pgd_t *pgd)
+@@ -140,7 +191,7 @@ static void pgd_dtor(pgd_t *pgd)
* -- wli
*/
/*
* In PAE mode, we need to do a cr3 reload (=tlb flush) when
* updating the top-level pagetable entries to guarantee the
-@@ -152,7 +195,7 @@ static void pgd_dtor(pgd_t *pgd)
+@@ -152,7 +203,7 @@ static void pgd_dtor(pgd_t *pgd)
* not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate
* and initialize the kernel pmds here.
*/
void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd)
{
-@@ -170,36 +213,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd)
+@@ -170,36 +221,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd)
*/
flush_tlb_mm(mm);
}
return -ENOMEM;
}
-@@ -212,51 +257,55 @@ static int preallocate_pmds(pmd_t *pmds[])
+@@ -212,51 +265,55 @@ static int preallocate_pmds(pmd_t *pmds[])
* preallocate which never got a corresponding vma will need to be
* freed manually.
*/
pgd = (pgd_t *)__get_free_page(PGALLOC_GFP);
-@@ -265,11 +314,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
+@@ -265,11 +322,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
mm->pgd = pgd;
/*
* Make sure that pre-populating the pmds is atomic with
-@@ -279,14 +328,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
+@@ -279,14 +336,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
spin_lock(&pgd_lock);
pgd_ctor(mm, pgd);
out_free_pgd:
free_page((unsigned long)pgd);
out:
-@@ -295,7 +344,7 @@ out:
+@@ -295,7 +352,7 @@ out:
void pgd_free(struct mm_struct *mm, pgd_t *pgd)
{
+ pax_force_retaddr
ret
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
-index 7c1b765..8c072c6 100644
+index 5a5b6e4..201d42e 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -117,6 +117,10 @@ static inline void bpf_flush_icache(void *start, void *end)
/* Before first pass, make a rough estimation of addrs[]
* each bpf instruction is translated to less than 64 bytes
*/
-@@ -476,7 +484,7 @@ void bpf_jit_compile(struct sk_filter *fp)
- func = sk_load_word;
+@@ -477,7 +485,7 @@ void bpf_jit_compile(struct sk_filter *fp)
common_load: seen |= SEEN_DATAREF;
- if ((int)K < 0)
+ if ((int)K < 0) {
+ /* Abort the JIT because __load_pointer() is needed. */
- goto out;
+ goto error;
+ }
t_offset = func - (image + addrs[i]);
EMIT1_off32(0xbe, K); /* mov imm32,%esi */
- EMIT1_off32(0xe8, t_offset); /* call */
-@@ -586,17 +594,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -492,7 +500,7 @@ common_load: seen |= SEEN_DATAREF;
+ case BPF_S_LDX_B_MSH:
+ if ((int)K < 0) {
+ /* Abort the JIT because __load_pointer() is needed. */
+- goto out;
++ goto error;
+ }
+ seen |= SEEN_DATAREF | SEEN_XREG;
+ t_offset = sk_load_byte_msh - (image + addrs[i]);
+@@ -582,17 +590,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
break;
default:
/* hmm, too complex filter, give up with jit compiler */
}
proglen += ilen;
addrs[i] = proglen;
-@@ -617,11 +626,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -613,11 +622,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
break;
}
if (proglen == oldproglen) {
}
oldproglen = proglen;
}
-@@ -637,7 +644,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -633,7 +640,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
bpf_flush_icache(image, image + proglen);
fp->bpf_func = (void *)image;
out:
kfree(addrs);
return;
-@@ -645,18 +655,20 @@ out:
+@@ -641,18 +651,20 @@ out:
static void jit_free_defer(struct work_struct *arg)
{
return 1;
}
diff --git a/arch/x86/pci/pcbios.c b/arch/x86/pci/pcbios.c
-index db0e9a5..0372c14 100644
+index da8fe05..7ee6704 100644
--- a/arch/x86/pci/pcbios.c
+++ b/arch/x86/pci/pcbios.c
@@ -79,50 +79,93 @@ union bios32 {
ret
ENDPROC(efi_call6)
diff --git a/arch/x86/platform/mrst/mrst.c b/arch/x86/platform/mrst/mrst.c
-index ad4ec1c..686479e 100644
+index 475e2cd..1b8e708 100644
--- a/arch/x86/platform/mrst/mrst.c
+++ b/arch/x86/platform/mrst/mrst.c
@@ -76,18 +76,20 @@ struct sfi_rtc_table_entry sfi_mrtc_array[SFI_MRTC_MAX];
/* parse all the mtimer info to a static mtimer array */
diff --git a/arch/x86/platform/uv/tlb_uv.c b/arch/x86/platform/uv/tlb_uv.c
-index 81aee5a..9ad9aae 100644
+index 3ae0e61..4202d86 100644
--- a/arch/x86/platform/uv/tlb_uv.c
+++ b/arch/x86/platform/uv/tlb_uv.c
-@@ -1433,6 +1433,8 @@ static ssize_t tunables_read(struct file *file, char __user *userbuf,
+@@ -1424,6 +1424,8 @@ static ssize_t tunables_read(struct file *file, char __user *userbuf,
* 0: display meaning of the statistics
*/
static ssize_t ptc_proc_write(struct file *file, const char __user *user,
size_t count, loff_t *data)
{
int cpu;
-@@ -1548,6 +1550,8 @@ static int parse_tunables_write(struct bau_control *bcp, char *instr,
+@@ -1539,6 +1541,8 @@ static int parse_tunables_write(struct bau_control *bcp, char *instr,
* Handle a write to debugfs. (/sys/kernel/debug/sgi_uv/bau_tunables)
*/
static ssize_t tunables_write(struct file *file, const char __user *user,
-}
-__setup("vdso=", vdso_setup);
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
-index 1f92865..c843b20 100644
+index 4e517d4..68a48f5 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
-@@ -85,8 +85,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
+@@ -86,8 +86,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
struct shared_info xen_dummy_shared_info;
RESERVE_BRK(shared_info_page_brk, PAGE_SIZE);
__read_mostly int xen_have_vector_callback;
EXPORT_SYMBOL_GPL(xen_have_vector_callback);
-@@ -1029,7 +1027,7 @@ static const struct pv_apic_ops xen_apic_ops __initconst = {
+@@ -1030,30 +1028,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = {
#endif
};
{
struct sched_shutdown r = { .reason = reason };
-@@ -1037,17 +1035,17 @@ static void xen_reboot(int reason)
- BUG();
+- if (HYPERVISOR_sched_op(SCHEDOP_shutdown, &r))
+- BUG();
++ HYPERVISOR_sched_op(SCHEDOP_shutdown, &r);
++ BUG();
}
-static void xen_restart(char *msg)
{
xen_reboot(SHUTDOWN_poweroff);
}
-@@ -1153,7 +1151,17 @@ asmlinkage void __init xen_start_kernel(void)
+
+-static void xen_machine_power_off(void)
++static __noreturn void xen_machine_power_off(void)
+ {
+ if (pm_power_off)
+ pm_power_off();
+@@ -1156,7 +1154,17 @@ asmlinkage void __init xen_start_kernel(void)
__userpte_alloc_gfp &= ~__GFP_HIGHMEM;
/* Work out if we support NX */
xen_setup_features();
-@@ -1184,13 +1192,6 @@ asmlinkage void __init xen_start_kernel(void)
+@@ -1187,13 +1195,6 @@ asmlinkage void __init xen_start_kernel(void)
machine_ops = xen_machine_ops;
#ifdef CONFIG_ACPI_NUMA
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
-index 87f6673..e2555a6 100644
+index dc19347..1b07a2c 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
-@@ -1733,6 +1733,9 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd,
+@@ -1738,6 +1738,9 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd,
convert_pfn_mfn(init_level4_pgt);
convert_pfn_mfn(level3_ident_pgt);
convert_pfn_mfn(level3_kernel_pgt);
l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd);
l2 = m2v(l3[pud_index(__START_KERNEL_map)].pud);
-@@ -1751,7 +1754,11 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd,
+@@ -1756,7 +1759,11 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd,
set_page_prot(init_level4_pgt, PAGE_KERNEL_RO);
set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO);
set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO);
set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO);
set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO);
-@@ -1962,6 +1969,7 @@ static void __init xen_post_allocator_init(void)
+@@ -1963,6 +1970,7 @@ static void __init xen_post_allocator_init(void)
pv_mmu_ops.set_pud = xen_set_pud;
#if PAGETABLE_LEVELS == 4
pv_mmu_ops.set_pgd = xen_set_pgd;
#endif
/* This will work as long as patching hasn't happened yet
-@@ -2043,6 +2051,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
+@@ -2044,6 +2052,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
.pud_val = PV_CALLEE_SAVE(xen_pud_val),
.make_pud = PV_CALLEE_SAVE(xen_make_pud),
.set_pgd = xen_set_pgd_hyper,
.alloc_pud = xen_alloc_pmd_init,
.release_pud = xen_release_pmd_init,
diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
-index 041d4fe..7666b7e 100644
+index f2ce60a..14e08dc 100644
--- a/arch/x86/xen/smp.c
+++ b/arch/x86/xen/smp.c
-@@ -194,11 +194,6 @@ static void __init xen_smp_prepare_boot_cpu(void)
+@@ -209,11 +209,6 @@ static void __init xen_smp_prepare_boot_cpu(void)
{
BUG_ON(smp_processor_id() != 0);
native_smp_prepare_boot_cpu();
xen_filter_cpu_maps();
xen_setup_vcpu_info_placement();
}
-@@ -275,12 +270,12 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle)
+@@ -290,12 +285,12 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle)
gdt = get_cpu_gdt_table(cpu);
ctxt->flags = VGCF_IN_KERNEL;
#else
ctxt->gs_base_kernel = per_cpu_offset(cpu);
#endif
-@@ -331,13 +326,12 @@ static int __cpuinit xen_cpu_up(unsigned int cpu)
+@@ -346,13 +341,12 @@ static int __cpuinit xen_cpu_up(unsigned int cpu)
int rc;
per_cpu(current_task, cpu) = idle;
struct list_head *cpu_list, local_list;
diff --git a/block/bsg.c b/block/bsg.c
-index c0ab25c..9d49f8f 100644
+index ff64ae3..593560c 100644
--- a/block/bsg.c
+++ b/block/bsg.c
@@ -176,16 +176,24 @@ static int blk_fill_sgv4_hdr_rq(struct request_queue *q, struct request *rq,
if (blk_verify_command(rq->cmd, has_write_perm))
return -EPERM;
diff --git a/block/compat_ioctl.c b/block/compat_ioctl.c
-index 7b72502..646105c 100644
+index 7c668c8..db3521c 100644
--- a/block/compat_ioctl.c
+++ b/block/compat_ioctl.c
@@ -340,7 +340,7 @@ static int compat_fd_ioctl(struct block_device *bdev, fmode_t mode,
if (err) {
err = -EFAULT;
goto out;
+diff --git a/block/partitions/efi.c b/block/partitions/efi.c
+index 6296b40..417c00f 100644
+--- a/block/partitions/efi.c
++++ b/block/partitions/efi.c
+@@ -234,14 +234,14 @@ static gpt_entry *alloc_read_gpt_entries(struct parsed_partitions *state,
+ if (!gpt)
+ return NULL;
+
++ if (!le32_to_cpu(gpt->num_partition_entries))
++ return NULL;
++ pte = kcalloc(le32_to_cpu(gpt->num_partition_entries), le32_to_cpu(gpt->sizeof_partition_entry), GFP_KERNEL);
++ if (!pte)
++ return NULL;
++
+ count = le32_to_cpu(gpt->num_partition_entries) *
+ le32_to_cpu(gpt->sizeof_partition_entry);
+- if (!count)
+- return NULL;
+- pte = kzalloc(count, GFP_KERNEL);
+- if (!pte)
+- return NULL;
+-
+ if (read_lba(state, le64_to_cpu(gpt->partition_entry_lba),
+ (u8 *) pte,
+ count) < count) {
diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
-index 688be8a..8a37d98 100644
+index 260fa80..e8f3caf 100644
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -223,8 +223,20 @@ EXPORT_SYMBOL(blk_verify_command);
EXPORT_SYMBOL_GPL(cper_next_record_id);
diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c
-index 7711d94..8622811 100644
+index 86933ca..5cb1a69 100644
--- a/drivers/acpi/battery.c
+++ b/drivers/acpi/battery.c
@@ -787,6 +787,9 @@ static int acpi_battery_print_alarm(struct seq_file *seq, int result)
{
int result = 0;
diff --git a/drivers/acpi/ec_sys.c b/drivers/acpi/ec_sys.c
-index 6c47ae9..abfdd63 100644
+index b258cab..3fb7da7 100644
--- a/drivers/acpi/ec_sys.c
+++ b/drivers/acpi/ec_sys.c
@@ -12,6 +12,7 @@
bool enable = !device_may_wakeup(&dev->dev);
device_set_wakeup_enable(&dev->dev, enable);
diff --git a/drivers/acpi/processor_driver.c b/drivers/acpi/processor_driver.c
-index 9d7bc9f..a6fc091 100644
+index 8ae05ce..7dbbed9 100644
--- a/drivers/acpi/processor_driver.c
+++ b/drivers/acpi/processor_driver.c
-@@ -473,7 +473,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device)
+@@ -555,7 +555,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device)
return 0;
#endif
{
struct seq_file *seq = file->private_data;
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
-index c04ad68..0b99473 100644
+index c06e0ec..a2c06ba 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
-@@ -4733,7 +4733,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
+@@ -4736,7 +4736,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
struct ata_port *ap;
unsigned int tag;
ap = qc->ap;
qc->flags = 0;
-@@ -4749,7 +4749,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
+@@ -4752,7 +4752,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
struct ata_port *ap;
struct ata_link *link;
WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
ap = qc->ap;
link = qc->dev->link;
-@@ -5754,6 +5754,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5816,6 +5816,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
return;
spin_lock(&lock);
for (cur = ops->inherits; cur; cur = cur->inherits) {
void **inherit = (void **)cur;
-@@ -5767,8 +5768,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5829,8 +5830,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
if (IS_ERR(*pp))
*pp = NULL;
}
diff --git a/drivers/ata/pata_arasan_cf.c b/drivers/ata/pata_arasan_cf.c
-index e8574bb..f9f6a72 100644
+index 048589f..4002b98 100644
--- a/drivers/ata/pata_arasan_cf.c
+++ b/drivers/ata/pata_arasan_cf.c
@@ -862,7 +862,9 @@ static int __devinit arasan_cf_probe(struct platform_device *pdev)
fore200e->tx_sat++;
DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - heartbeat is %08x\n",
diff --git a/drivers/atm/he.c b/drivers/atm/he.c
-index 9a51df4..f3bb5f8 100644
+index b182c2f..1c6fa8a 100644
--- a/drivers/atm/he.c
+++ b/drivers/atm/he.c
@@ -1709,7 +1709,7 @@ he_service_rbrq(struct he_dev *he_dev, int group)
}
atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc);
diff --git a/drivers/atm/iphase.c b/drivers/atm/iphase.c
-index 3d0c2b0..45441fa 100644
+index 9e373ba..cf93727 100644
--- a/drivers/atm/iphase.c
+++ b/drivers/atm/iphase.c
@@ -1146,7 +1146,7 @@ static int rx_pkt(struct atm_dev *dev)
{
- atomic_inc(&vcc->stats->rx_err);
+ atomic_inc_unchecked(&vcc->stats->rx_err);
+ atm_return(vcc, skb->truesize);
dev_kfree_skb_any(skb);
- atm_return(vcc, atm_guess_pdu2truesize(len));
goto INCR_DLE;
@@ -1331,7 +1331,7 @@ static void rx_dle_intr(struct atm_dev *dev)
if ((length > iadev->rx_buf_sz) || (length >
+ atomic_inc_unchecked(&vcc->stats->rx_err);
IF_ERR(printk("rx_dle_intr: Bad AAL5 trailer %d (skb len %d)",
length, skb->len);)
- dev_kfree_skb_any(skb);
+ atm_return(vcc, skb->truesize);
@@ -1347,7 +1347,7 @@ static void rx_dle_intr(struct atm_dev *dev)
IF_RX(printk("rx_dle_intr: skb push");)
}
diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c
-index 5d1d076..12fbca4 100644
+index e8cd652..bbbd1fc 100644
--- a/drivers/atm/solos-pci.c
+++ b/drivers/atm/solos-pci.c
@@ -714,7 +714,7 @@ void solos_bh(unsigned long card_arg)
}
diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c
-index a4760e0..51283cf 100644
+index 8493536..31adee0 100644
--- a/drivers/base/devtmpfs.c
+++ b/drivers/base/devtmpfs.c
@@ -368,7 +368,7 @@ int devtmpfs_mount(const char *mntdir)
cmdlist_t *reqQ;
cmdlist_t *cmpQ;
diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h
-index 9cf2035..bffca95 100644
+index 8d68056..e67050f 100644
--- a/drivers/block/drbd/drbd_int.h
+++ b/drivers/block/drbd/drbd_int.h
@@ -736,7 +736,7 @@ struct drbd_request;
void drbd_bump_write_ordering(struct drbd_conf *mdev, enum write_ordering_e wo);
diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
-index 0358e55..bc33689 100644
+index 211fc44..c5116f1 100644
--- a/drivers/block/drbd/drbd_main.c
+++ b/drivers/block/drbd/drbd_main.c
@@ -2397,7 +2397,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packets cmd,
mdev->bm_writ_cnt =
mdev->read_cnt =
diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c
-index af2a250..219c74b 100644
+index af2a250..0fdeb75 100644
--- a/drivers/block/drbd/drbd_nl.c
+++ b/drivers/block/drbd/drbd_nl.c
+@@ -2297,7 +2297,7 @@ static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms
+ return;
+ }
+
+- if (!cap_raised(current_cap(), CAP_SYS_ADMIN)) {
++ if (!capable(CAP_SYS_ADMIN)) {
+ retcode = ERR_PERM;
+ goto fail;
+ }
@@ -2359,7 +2359,7 @@ static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms
module_put(THIS_MODULE);
}
}
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
-index 1e888c9..05cf1b0 100644
+index cd50435..ba1ffb5 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
-@@ -227,7 +227,7 @@ static int __do_lo_send_write(struct file *file,
+@@ -226,7 +226,7 @@ static int __do_lo_send_write(struct file *file,
mm_segment_t old_fs = get_fs();
set_fs(get_ds());
intf->proc_dir = NULL;
diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
-index 9397ab4..d01bee1 100644
+index 50fcf9c..91b5528 100644
--- a/drivers/char/ipmi/ipmi_si_intf.c
+++ b/drivers/char/ipmi/ipmi_si_intf.c
@@ -277,7 +277,7 @@ struct smi_info {
.part_num = MBCS_PART_NUM,
.mfg_num = MBCS_MFG_NUM,
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index 1451790..f705c30 100644
+index d6e9d08..4493e89 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -18,6 +18,7 @@
*ppos = i;
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 6035ab8..bdfe4fd 100644
+index 54ca8b2..4a092ed 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -261,8 +261,13 @@
#if 0
/* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */
{ 2048, 1638, 1231, 819, 411, 1 },
-@@ -909,7 +921,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
+@@ -913,7 +925,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
extract_buf(r, tmp);
i = min_t(int, nbytes, EXTRACT_SIZE);
ret = -EFAULT;
break;
}
-@@ -1228,7 +1240,7 @@ EXPORT_SYMBOL(generate_random_uuid);
+@@ -1238,7 +1250,7 @@ EXPORT_SYMBOL(generate_random_uuid);
#include <linux/sysctl.h>
static int min_read_thresh = 8, min_write_thresh;
static int max_write_thresh = INPUT_POOL_WORDS * 32;
static char sysctl_bootid[16];
+@@ -1260,10 +1272,15 @@ static int proc_do_uuid(ctl_table *table, int write,
+ uuid = table->data;
+ if (!uuid) {
+ uuid = tmp_uuid;
+- uuid[8] = 0;
+- }
+- if (uuid[8] == 0)
+ generate_random_uuid(uuid);
++ } else {
++ static DEFINE_SPINLOCK(bootid_spinlock);
++
++ spin_lock(&bootid_spinlock);
++ if (!uuid[8])
++ generate_random_uuid(uuid);
++ spin_unlock(&bootid_spinlock);
++ }
+
+ sprintf(buf, "%pU", uuid);
+
diff --git a/drivers/char/sonypi.c b/drivers/char/sonypi.c
index 1ee8ce7..b778bef 100644
--- a/drivers/char/sonypi.c
return 0;
diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c
-index 361a1df..2471eee 100644
+index ad7c732..5aa8054 100644
--- a/drivers/char/tpm/tpm.c
+++ b/drivers/char/tpm/tpm.c
-@@ -414,7 +414,7 @@ static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
+@@ -415,7 +415,7 @@ static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
chip->vendor.req_complete_val)
goto out_recv;
acpi_os_unmap_memory(virt, len);
return 0;
diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
-index 8e3c46d..c139b99 100644
+index b58b561..c9088c8 100644
--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
@@ -563,7 +563,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count,
}
static ssize_t port_fops_write(struct file *filp, const char __user *ubuf,
-diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c
-index eb1d864..39ee5a7 100644
---- a/drivers/dma/dmatest.c
-+++ b/drivers/dma/dmatest.c
-@@ -591,7 +591,7 @@ static int dmatest_add_channel(struct dma_chan *chan)
- }
- if (dma_has_cap(DMA_PQ, dma_dev->cap_mask)) {
- cnt = dmatest_add_threads(dtc, DMA_PQ);
-- thread_count += cnt > 0 ?: 0;
-+ thread_count += cnt > 0 ? cnt : 0;
- }
-
- pr_info("dmatest: Started %u threads using %s\n",
diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c
index c9eee6d..f9d5280 100644
--- a/drivers/edac/amd64_edac.c
PCI_VEND_DEV(INTEL, 7205_0), PCI_ANY_ID, PCI_ANY_ID, 0, 0,
E7205},
diff --git a/drivers/edac/edac_pci_sysfs.c b/drivers/edac/edac_pci_sysfs.c
-index 495198a..ac08c85 100644
+index 97f5064..202b6e6 100644
--- a/drivers/edac/edac_pci_sysfs.c
+++ b/drivers/edac/edac_pci_sysfs.c
@@ -26,8 +26,8 @@ static int edac_pci_log_pe = 1; /* log PCI parity errors */
PCI_VEND_DEV(INTEL, 3000_HB), PCI_ANY_ID, PCI_ANY_ID, 0, 0,
I3000},
diff --git a/drivers/edac/i3200_edac.c b/drivers/edac/i3200_edac.c
-index aa08497..7e6822a 100644
+index 73f55e200..5faaf59 100644
--- a/drivers/edac/i3200_edac.c
+++ b/drivers/edac/i3200_edac.c
-@@ -456,7 +456,7 @@ static void __devexit i3200_remove_one(struct pci_dev *pdev)
+@@ -445,7 +445,7 @@ static void __devexit i3200_remove_one(struct pci_dev *pdev)
edac_mc_free(mci);
}
{0,} /* 0 terminated list. */
};
diff --git a/drivers/edac/i7core_edac.c b/drivers/edac/i7core_edac.c
-index 70ad892..178943c 100644
+index 8568d9b..42b2fa8 100644
--- a/drivers/edac/i7core_edac.c
+++ b/drivers/edac/i7core_edac.c
@@ -391,7 +391,7 @@ static const struct pci_id_table pci_dev_table[] = {
PCI_VEND_DEV(INTEL, 82875_0), PCI_ANY_ID, PCI_ANY_ID, 0, 0,
I82875P},
diff --git a/drivers/edac/i82975x_edac.c b/drivers/edac/i82975x_edac.c
-index a5da732..983363b 100644
+index 4184e01..dcb2cd3 100644
--- a/drivers/edac/i82975x_edac.c
+++ b/drivers/edac/i82975x_edac.c
-@@ -604,7 +604,7 @@ static void __devexit i82975x_remove_one(struct pci_dev *pdev)
+@@ -612,7 +612,7 @@ static void __devexit i82975x_remove_one(struct pci_dev *pdev)
edac_mc_free(mci);
}
void amd_report_gart_errors(bool);
void amd_register_ecc_decoder(void (*f)(int, struct mce *));
diff --git a/drivers/edac/r82600_edac.c b/drivers/edac/r82600_edac.c
-index b153674..ad2ba9b 100644
+index e294e1b..a41b05b 100644
--- a/drivers/edac/r82600_edac.c
+++ b/drivers/edac/r82600_edac.c
@@ -373,7 +373,7 @@ static void __devexit r82600_remove_one(struct pci_dev *pdev)
PCI_DEVICE(PCI_VENDOR_ID_RADISYS, R82600_BRIDGE_ID)
},
diff --git a/drivers/edac/sb_edac.c b/drivers/edac/sb_edac.c
-index 7a402bf..af0b211 100644
+index 1dc118d..8c68af9 100644
--- a/drivers/edac/sb_edac.c
+++ b/drivers/edac/sb_edac.c
@@ -367,7 +367,7 @@ static const struct pci_id_table pci_dev_descr_sbridge_table[] = {
iounmap(buf);
return 0;
diff --git a/drivers/gpio/gpio-vr41xx.c b/drivers/gpio/gpio-vr41xx.c
-index 98723cb..10ca85b 100644
+index 82d5c20..44a7177 100644
--- a/drivers/gpio/gpio-vr41xx.c
+++ b/drivers/gpio/gpio-vr41xx.c
@@ -204,7 +204,7 @@ static int giu_get_irq(unsigned int irq)
return -EINVAL;
}
-diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c
-index 8323fc3..5c1d755 100644
---- a/drivers/gpu/drm/drm_crtc.c
-+++ b/drivers/gpu/drm/drm_crtc.c
-@@ -1379,7 +1379,7 @@ int drm_mode_getconnector(struct drm_device *dev, void *data,
- */
- if ((out_resp->count_modes >= mode_count) && mode_count) {
- copied = 0;
-- mode_ptr = (struct drm_mode_modeinfo *)(unsigned long)out_resp->modes_ptr;
-+ mode_ptr = (struct drm_mode_modeinfo __user *)(unsigned long)out_resp->modes_ptr;
- list_for_each_entry(mode, &connector->modes, head) {
- drm_crtc_convert_to_umode(&u_mode, mode);
- if (copy_to_user(mode_ptr + copied,
-@@ -1394,8 +1394,8 @@ int drm_mode_getconnector(struct drm_device *dev, void *data,
-
- if ((out_resp->count_props >= props_count) && props_count) {
- copied = 0;
-- prop_ptr = (uint32_t *)(unsigned long)(out_resp->props_ptr);
-- prop_values = (uint64_t *)(unsigned long)(out_resp->prop_values_ptr);
-+ prop_ptr = (uint32_t __user *)(unsigned long)(out_resp->props_ptr);
-+ prop_values = (uint64_t __user *)(unsigned long)(out_resp->prop_values_ptr);
- for (i = 0; i < DRM_CONNECTOR_MAX_PROPERTY; i++) {
- if (connector->property_ids[i] != 0) {
- if (put_user(connector->property_ids[i],
-@@ -1417,7 +1417,7 @@ int drm_mode_getconnector(struct drm_device *dev, void *data,
-
- if ((out_resp->count_encoders >= encoders_count) && encoders_count) {
- copied = 0;
-- encoder_ptr = (uint32_t *)(unsigned long)(out_resp->encoders_ptr);
-+ encoder_ptr = (uint32_t __user *)(unsigned long)(out_resp->encoders_ptr);
- for (i = 0; i < DRM_CONNECTOR_MAX_ENCODER; i++) {
- if (connector->encoder_ids[i] != 0) {
- if (put_user(connector->encoder_ids[i],
-@@ -1576,7 +1576,7 @@ int drm_mode_setcrtc(struct drm_device *dev, void *data,
- }
-
- for (i = 0; i < crtc_req->count_connectors; i++) {
-- set_connectors_ptr = (uint32_t *)(unsigned long)crtc_req->set_connectors_ptr;
-+ set_connectors_ptr = (uint32_t __user *)(unsigned long)crtc_req->set_connectors_ptr;
- if (get_user(out_id, &set_connectors_ptr[i])) {
- ret = -EFAULT;
- goto out;
-@@ -1857,7 +1857,7 @@ int drm_mode_dirtyfb_ioctl(struct drm_device *dev,
- fb = obj_to_fb(obj);
-
- num_clips = r->num_clips;
-- clips_ptr = (struct drm_clip_rect *)(unsigned long)r->clips_ptr;
-+ clips_ptr = (struct drm_clip_rect __user *)(unsigned long)r->clips_ptr;
-
- if (!num_clips != !clips_ptr) {
- ret = -EINVAL;
-@@ -2283,7 +2283,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev,
- out_resp->flags = property->flags;
-
- if ((out_resp->count_values >= value_count) && value_count) {
-- values_ptr = (uint64_t *)(unsigned long)out_resp->values_ptr;
-+ values_ptr = (uint64_t __user *)(unsigned long)out_resp->values_ptr;
- for (i = 0; i < value_count; i++) {
- if (copy_to_user(values_ptr + i, &property->values[i], sizeof(uint64_t))) {
- ret = -EFAULT;
-@@ -2296,7 +2296,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev,
- if (property->flags & DRM_MODE_PROP_ENUM) {
- if ((out_resp->count_enum_blobs >= enum_count) && enum_count) {
- copied = 0;
-- enum_ptr = (struct drm_mode_property_enum *)(unsigned long)out_resp->enum_blob_ptr;
-+ enum_ptr = (struct drm_mode_property_enum __user *)(unsigned long)out_resp->enum_blob_ptr;
- list_for_each_entry(prop_enum, &property->enum_blob_list, head) {
-
- if (copy_to_user(&enum_ptr[copied].value, &prop_enum->value, sizeof(uint64_t))) {
-@@ -2319,7 +2319,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev,
- if ((out_resp->count_enum_blobs >= blob_count) && blob_count) {
- copied = 0;
- blob_id_ptr = (uint32_t *)(unsigned long)out_resp->enum_blob_ptr;
-- blob_length_ptr = (uint32_t *)(unsigned long)out_resp->values_ptr;
-+ blob_length_ptr = (uint32_t __user *)(unsigned long)out_resp->values_ptr;
-
- list_for_each_entry(prop_blob, &property->enum_blob_list, head) {
- if (put_user(prop_blob->base.id, blob_id_ptr + copied)) {
-@@ -2380,7 +2380,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev,
- struct drm_mode_get_blob *out_resp = data;
- struct drm_property_blob *blob;
- int ret = 0;
-- void *blob_ptr;
-+ void __user *blob_ptr;
-
- if (!drm_core_check_feature(dev, DRIVER_MODESET))
- return -EINVAL;
-@@ -2394,7 +2394,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev,
- blob = obj_to_blob(obj);
-
- if (out_resp->length == blob->length) {
-- blob_ptr = (void *)(unsigned long)out_resp->data;
-+ blob_ptr = (void __user *)(unsigned long)out_resp->data;
- if (copy_to_user(blob_ptr, blob->data, blob->length)){
- ret = -EFAULT;
- goto done;
diff --git a/drivers/gpu/drm/drm_crtc_helper.c b/drivers/gpu/drm/drm_crtc_helper.c
-index d2619d7..bd6bd00 100644
+index 84a4a80..ce0306e 100644
--- a/drivers/gpu/drm/drm_crtc_helper.c
+++ b/drivers/gpu/drm/drm_crtc_helper.c
-@@ -279,7 +279,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder,
+@@ -280,7 +280,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder,
struct drm_crtc *tmp;
int crtc_mask = 1;
dev = crtc->dev;
diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
-index 40c187c..5746164 100644
+index ebf7d3f..d64c436 100644
--- a/drivers/gpu/drm/drm_drv.c
+++ b/drivers/gpu/drm/drm_drv.c
-@@ -308,7 +308,7 @@ module_exit(drm_core_exit);
+@@ -312,7 +312,7 @@ module_exit(drm_core_exit);
/**
* Copy and IOCTL return string to user space
*/
{
int len;
-@@ -387,7 +387,7 @@ long drm_ioctl(struct file *filp,
+@@ -391,7 +391,7 @@ long drm_ioctl(struct file *filp,
dev = file_priv->minor->dev;
atomic_inc(&dev->ioctl_count);
DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n",
diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
-index 828bf65..cdaa0e9 100644
+index 6263b01..7987f55 100644
--- a/drivers/gpu/drm/drm_fops.c
+++ b/drivers/gpu/drm/drm_fops.c
@@ -71,7 +71,7 @@ static int drm_setup(struct drm_device * dev)
mutex_lock(&drm_global_mutex);
- DRM_DEBUG("open_count = %d\n", dev->open_count);
-+ DRM_DEBUG("open_count = %d\n", local_read(&dev->open_count));
++ DRM_DEBUG("open_count = %ld\n", local_read(&dev->open_count));
if (dev->driver->preclose)
dev->driver->preclose(dev, file_priv);
-@@ -485,7 +485,7 @@ int drm_release(struct inode *inode, struct file *filp)
- DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %d\n",
+@@ -482,10 +482,10 @@ int drm_release(struct inode *inode, struct file *filp)
+ * Begin inline drm_release
+ */
+
+- DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %d\n",
++ DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %ld\n",
task_pid_nr(current),
(long)old_encode_dev(file_priv->minor->device),
- dev->open_count);
#if defined(__i386__)
pgprot = pgprot_val(vma->vm_page_prot);
diff --git a/drivers/gpu/drm/drm_ioc32.c b/drivers/gpu/drm/drm_ioc32.c
-index ddd70db..40321e6 100644
+index 637fcc3..e890b33 100644
--- a/drivers/gpu/drm/drm_ioc32.c
+++ b/drivers/gpu/drm/drm_ioc32.c
-@@ -456,7 +456,7 @@ static int compat_drm_infobufs(struct file *file, unsigned int cmd,
+@@ -457,7 +457,7 @@ static int compat_drm_infobufs(struct file *file, unsigned int cmd,
request = compat_alloc_user_space(nbytes);
if (!access_ok(VERIFY_WRITE, request, nbytes))
return -EFAULT;
if (__put_user(count, &request->count)
|| __put_user(list, &request->list))
-@@ -517,7 +517,7 @@ static int compat_drm_mapbufs(struct file *file, unsigned int cmd,
+@@ -518,7 +518,7 @@ static int compat_drm_mapbufs(struct file *file, unsigned int cmd,
request = compat_alloc_user_space(nbytes);
if (!access_ok(VERIFY_WRITE, request, nbytes))
return -EFAULT;
if (__put_user(count, &request->count)
|| __put_user(list, &request->list))
diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c
-index 904d7e9..ab88581 100644
+index 956fd38..e52167a 100644
--- a/drivers/gpu/drm/drm_ioctl.c
+++ b/drivers/gpu/drm/drm_ioctl.c
-@@ -256,7 +256,7 @@ int drm_getstats(struct drm_device *dev, void *data,
+@@ -251,7 +251,7 @@ int drm_getstats(struct drm_device *dev, void *data,
stats->data[i].value =
(file_priv->master->lock.hw_lock ? file_priv->master->lock.hw_lock->lock : 0);
else
}
diff --git a/drivers/gpu/drm/drm_lock.c b/drivers/gpu/drm/drm_lock.c
-index 632ae24..244cf4a 100644
+index c79c713..2048588 100644
--- a/drivers/gpu/drm/drm_lock.c
+++ b/drivers/gpu/drm/drm_lock.c
-@@ -89,7 +89,7 @@ int drm_lock(struct drm_device *dev, void *data, struct drm_file *file_priv)
+@@ -90,7 +90,7 @@ int drm_lock(struct drm_device *dev, void *data, struct drm_file *file_priv)
if (drm_lock_take(&master->lock, lock->context)) {
master->lock.file_priv = file_priv;
master->lock.lock_time = jiffies;
break; /* Got lock */
}
-@@ -160,7 +160,7 @@ int drm_unlock(struct drm_device *dev, void *data, struct drm_file *file_priv)
+@@ -161,7 +161,7 @@ int drm_unlock(struct drm_device *dev, void *data, struct drm_file *file_priv)
return -EINVAL;
}
if (drm_lock_free(&master->lock, lock->context)) {
/* FIXME: Should really bail out here. */
diff --git a/drivers/gpu/drm/i810/i810_dma.c b/drivers/gpu/drm/i810/i810_dma.c
-index 8f371e8..9f85d52 100644
+index 7f4b4e1..bf4def2 100644
--- a/drivers/gpu/drm/i810/i810_dma.c
+++ b/drivers/gpu/drm/i810/i810_dma.c
-@@ -950,8 +950,8 @@ static int i810_dma_vertex(struct drm_device *dev, void *data,
+@@ -948,8 +948,8 @@ static int i810_dma_vertex(struct drm_device *dev, void *data,
dma->buflist[vertex->idx],
vertex->discard, vertex->used);
sarea_priv->last_enqueue = dev_priv->counter - 1;
sarea_priv->last_dispatch = (int)hw_status[5];
-@@ -1111,8 +1111,8 @@ static int i810_dma_mc(struct drm_device *dev, void *data,
+@@ -1109,8 +1109,8 @@ static int i810_dma_mc(struct drm_device *dev, void *data,
i810_dma_dispatch_mc(dev, dma->buflist[mc->idx], mc->used,
mc->last_render);
int front_offset;
} drm_i810_private_t;
diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c
-index b2e3c97..58cf079 100644
+index deaa657..e0fd296 100644
--- a/drivers/gpu/drm/i915/i915_debugfs.c
+++ b/drivers/gpu/drm/i915/i915_debugfs.c
@@ -499,7 +499,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data)
for (i = 0; i < I915_NUM_RINGS; i++) {
if (IS_GEN6(dev) || IS_GEN7(dev)) {
seq_printf(m, "Graphics Interrupt mask (%s): %08x\n",
-@@ -1232,7 +1232,7 @@ static int i915_opregion(struct seq_file *m, void *unused)
+@@ -1321,7 +1321,7 @@ static int i915_opregion(struct seq_file *m, void *unused)
return ret;
if (opregion->header)
mutex_unlock(&dev->struct_mutex);
diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c
-index c4da951..3c59c5c 100644
+index ddfe3d9..f6e6b21 100644
--- a/drivers/gpu/drm/i915/i915_dma.c
+++ b/drivers/gpu/drm/i915/i915_dma.c
-@@ -1172,7 +1172,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev)
+@@ -1175,7 +1175,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev)
bool can_switch;
spin_lock(&dev->count_lock);
return can_switch;
}
diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
-index ae294a0..1755461 100644
+index 9689ca3..294f9c1 100644
--- a/drivers/gpu/drm/i915/i915_drv.h
+++ b/drivers/gpu/drm/i915/i915_drv.h
-@@ -229,7 +229,7 @@ struct drm_i915_display_funcs {
+@@ -231,7 +231,7 @@ struct drm_i915_display_funcs {
/* render clock increase/decrease */
/* display clock increase/decrease */
/* pll clock increase/decrease */
struct intel_device_info {
u8 gen;
-@@ -318,7 +318,7 @@ typedef struct drm_i915_private {
+@@ -320,7 +320,7 @@ typedef struct drm_i915_private {
int current_page;
int page_flipping;
/* protects the irq masks */
spinlock_t irq_lock;
-@@ -893,7 +893,7 @@ struct drm_i915_gem_object {
+@@ -896,7 +896,7 @@ struct drm_i915_gem_object {
* will be page flipped away on the next vblank. When it
* reaches 0, dev_priv->pending_flip_queue will be woken up.
*/
};
#define to_intel_bo(x) container_of(x, struct drm_i915_gem_object, base)
-@@ -1273,7 +1273,7 @@ extern int intel_setup_gmbus(struct drm_device *dev);
+@@ -1276,7 +1276,7 @@ extern int intel_setup_gmbus(struct drm_device *dev);
extern void intel_teardown_gmbus(struct drm_device *dev);
extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed);
extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit);
return container_of(adapter, struct intel_gmbus, adapter)->force_bit;
}
diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
-index b9da890..cad1d98 100644
+index e159e33..cdcc663 100644
--- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
@@ -189,7 +189,7 @@ i915_gem_object_set_to_gpu_domain(struct drm_i915_gem_object *obj,
for (i = 0; i < count; i++) {
char __user *ptr = (char __user *)(uintptr_t)exec[i].relocs_ptr;
diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c
-index d47a53b..61154c2 100644
+index 5bd4361..0241a42 100644
--- a/drivers/gpu/drm/i915/i915_irq.c
+++ b/drivers/gpu/drm/i915/i915_irq.c
@@ -475,7 +475,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS)
iir = I915_READ(IIR);
-@@ -1750,7 +1750,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
+@@ -1743,7 +1743,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
{
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func);
INIT_WORK(&dev_priv->error_work, i915_error_work_func);
-@@ -1938,7 +1938,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev)
+@@ -1932,7 +1932,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func);
INIT_WORK(&dev_priv->error_work, i915_error_work_func);
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index 9ec9755..6d1cf2d 100644
+index 2163818..cede019 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
-@@ -2230,7 +2230,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, int y,
+@@ -2238,7 +2238,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, int y,
wait_event(dev_priv->pending_flip_queue,
atomic_read(&dev_priv->mm.wedged) ||
/* Big Hammer, we also need to ensure that any pending
* MI_WAIT_FOR_EVENT inside a user batch buffer on the
-@@ -2851,7 +2851,7 @@ static void intel_crtc_wait_for_pending_flips(struct drm_crtc *crtc)
+@@ -2859,7 +2859,7 @@ static void intel_crtc_wait_for_pending_flips(struct drm_crtc *crtc)
obj = to_intel_framebuffer(crtc->fb)->obj;
dev_priv = crtc->dev->dev_private;
wait_event(dev_priv->pending_flip_queue,
}
static bool intel_crtc_driving_pch(struct drm_crtc *crtc)
-@@ -6952,7 +6952,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev,
+@@ -7171,7 +7171,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev,
atomic_clear_mask(1 << intel_crtc->plane,
&obj->pending_flip.counter);
wake_up(&dev_priv->pending_flip_queue);
schedule_work(&work->work);
-@@ -7242,7 +7242,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc,
+@@ -7354,7 +7354,13 @@ static int intel_gen6_queue_flip(struct drm_device *dev,
+ OUT_RING(fb->pitches[0] | obj->tiling_mode);
+ OUT_RING(obj->gtt_offset);
+
+- pf = I915_READ(PF_CTL(intel_crtc->pipe)) & PF_ENABLE;
++ /* Contrary to the suggestions in the documentation,
++ * "Enable Panel Fitter" does not seem to be required when page
++ * flipping with a non-native mode, and worse causes a normal
++ * modeset to fail.
++ * pf = I915_READ(PF_CTL(intel_crtc->pipe)) & PF_ENABLE;
++ */
++ pf = 0;
+ pipesrc = I915_READ(PIPESRC(intel_crtc->pipe)) & 0x0fff0fff;
+ OUT_RING(pf | pipesrc);
+ ADVANCE_LP_RING();
+@@ -7461,7 +7467,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc,
/* Block clients from rendering to the new back buffer until
* the flip occurs and the object is no longer visible.
*/
ret = dev_priv->display.queue_flip(dev, crtc, fb, obj);
if (ret)
-@@ -7256,7 +7256,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc,
+@@ -7475,7 +7481,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc,
return 0;
cleanup_pending:
*sequence = cur_fence;
diff --git a/drivers/gpu/drm/nouveau/nouveau_bios.c b/drivers/gpu/drm/nouveau/nouveau_bios.c
-index 5fc201b..7b032b9 100644
+index e5cbead..6c354a3 100644
--- a/drivers/gpu/drm/nouveau/nouveau_bios.c
+++ b/drivers/gpu/drm/nouveau/nouveau_bios.c
-@@ -201,7 +201,7 @@ struct methods {
+@@ -199,7 +199,7 @@ struct methods {
const char desc[8];
void (*loadbios)(struct drm_device *, uint8_t *);
const bool rw;
static struct methods shadow_methods[] = {
{ "PRAMIN", load_vbios_pramin, true },
-@@ -5474,7 +5474,7 @@ parse_bit_U_tbl_entry(struct drm_device *dev, struct nvbios *bios,
+@@ -5290,7 +5290,7 @@ parse_bit_U_tbl_entry(struct drm_device *dev, struct nvbios *bios,
struct bit_table {
const char id;
int (* const parse_fn)(struct drm_device *, struct nvbios *, struct bit_entry *);
#define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry })
diff --git a/drivers/gpu/drm/nouveau/nouveau_drv.h b/drivers/gpu/drm/nouveau/nouveau_drv.h
-index 4c0be3a..5757582 100644
+index b827098..c31a797 100644
--- a/drivers/gpu/drm/nouveau/nouveau_drv.h
+++ b/drivers/gpu/drm/nouveau/nouveau_drv.h
-@@ -238,7 +238,7 @@ struct nouveau_channel {
+@@ -242,7 +242,7 @@ struct nouveau_channel {
struct list_head pending;
uint32_t sequence;
uint32_t sequence_ack;
struct nouveau_vma vma;
} fence;
-@@ -319,7 +319,7 @@ struct nouveau_exec_engine {
+@@ -323,7 +323,7 @@ struct nouveau_exec_engine {
u32 handle, u16 class);
void (*set_tile_region)(struct drm_device *dev, int i);
void (*tlb_flush)(struct drm_device *, int engine);
struct nouveau_instmem_engine {
void *priv;
-@@ -341,13 +341,13 @@ struct nouveau_instmem_engine {
+@@ -345,13 +345,13 @@ struct nouveau_instmem_engine {
struct nouveau_mc_engine {
int (*init)(struct drm_device *dev);
void (*takedown)(struct drm_device *dev);
struct nouveau_fb_engine {
int num_tiles;
-@@ -558,7 +558,7 @@ struct nouveau_vram_engine {
+@@ -566,7 +566,7 @@ struct nouveau_vram_engine {
void (*put)(struct drm_device *, struct nouveau_mem **);
bool (*flags_valid)(struct drm_device *, u32 tile_flags);
struct nouveau_engine {
struct nouveau_instmem_engine instmem;
-@@ -706,7 +706,7 @@ struct drm_nouveau_private {
+@@ -714,7 +714,7 @@ struct drm_nouveau_private {
struct drm_global_reference mem_global_ref;
struct ttm_bo_global_ref bo_global_ref;
struct ttm_bo_device bdev;
if (++trycnt > 100000) {
NV_ERROR(dev, "%s failed and gave up.\n", __func__);
diff --git a/drivers/gpu/drm/nouveau/nouveau_state.c b/drivers/gpu/drm/nouveau/nouveau_state.c
-index d8831ab..0ba8356 100644
+index f80c5e0..936baa7 100644
--- a/drivers/gpu/drm/nouveau/nouveau_state.c
+++ b/drivers/gpu/drm/nouveau/nouveau_state.c
-@@ -542,7 +542,7 @@ static bool nouveau_switcheroo_can_switch(struct pci_dev *pdev)
+@@ -543,7 +543,7 @@ static bool nouveau_switcheroo_can_switch(struct pci_dev *pdev)
bool can_switch;
spin_lock(&dev->count_lock);
if (regcomp
(&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
-diff --git a/drivers/gpu/drm/radeon/r600_cs.c b/drivers/gpu/drm/radeon/r600_cs.c
-index cb1acff..8861bc5 100644
---- a/drivers/gpu/drm/radeon/r600_cs.c
-+++ b/drivers/gpu/drm/radeon/r600_cs.c
-@@ -1304,6 +1304,7 @@ static int r600_check_texture_resource(struct radeon_cs_parser *p, u32 idx,
- h0 = G_038004_TEX_HEIGHT(word1) + 1;
- d0 = G_038004_TEX_DEPTH(word1);
- nfaces = 1;
-+ array = 0;
- switch (G_038000_DIM(word0)) {
- case V_038000_SQ_TEX_DIM_1D:
- case V_038000_SQ_TEX_DIM_2D:
diff --git a/drivers/gpu/drm/radeon/radeon.h b/drivers/gpu/drm/radeon/radeon.h
-index 8227e76..ce0b195 100644
+index 1668ec1..30ebdab 100644
--- a/drivers/gpu/drm/radeon/radeon.h
+++ b/drivers/gpu/drm/radeon/radeon.h
-@@ -192,7 +192,7 @@ extern int sumo_get_temp(struct radeon_device *rdev);
- */
- struct radeon_fence_driver {
+@@ -250,7 +250,7 @@ struct radeon_fence_driver {
uint32_t scratch_reg;
+ uint64_t gpu_addr;
+ volatile uint32_t *cpu_addr;
- atomic_t seq;
+ atomic_unchecked_t seq;
uint32_t last_seq;
unsigned long last_jiffies;
unsigned long last_timeout;
-@@ -530,7 +530,7 @@ struct r600_blit_cp_primitives {
+@@ -752,7 +752,7 @@ struct r600_blit_cp_primitives {
int x2, int y2);
void (*draw_auto)(struct radeon_device *rdev);
void (*set_default_state)(struct radeon_device *rdev);
struct r600_blit {
struct mutex mutex;
-@@ -954,7 +954,7 @@ struct radeon_asic {
+@@ -1201,7 +1201,7 @@ struct radeon_asic {
void (*pre_page_flip)(struct radeon_device *rdev, int crtc);
u32 (*page_flip)(struct radeon_device *rdev, int crtc, u64 crtc_base);
void (*post_page_flip)(struct radeon_device *rdev, int crtc);
/*
* Asic structures
diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
-index 9231564..78b00fd 100644
+index 49f7cb7..2fcb48f 100644
--- a/drivers/gpu/drm/radeon/radeon_device.c
+++ b/drivers/gpu/drm/radeon/radeon_device.c
@@ -687,7 +687,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
uint32_t irq_enable_reg;
uint32_t r500_disp_irq_reg;
diff --git a/drivers/gpu/drm/radeon/radeon_fence.c b/drivers/gpu/drm/radeon/radeon_fence.c
-index 76ec0e9..6feb1a3 100644
+index 4bd36a3..e66fe9c 100644
--- a/drivers/gpu/drm/radeon/radeon_fence.c
+++ b/drivers/gpu/drm/radeon/radeon_fence.c
-@@ -78,7 +78,7 @@ int radeon_fence_emit(struct radeon_device *rdev, struct radeon_fence *fence)
- write_unlock_irqrestore(&rdev->fence_drv.lock, irq_flags);
+@@ -70,7 +70,7 @@ int radeon_fence_emit(struct radeon_device *rdev, struct radeon_fence *fence)
+ write_unlock_irqrestore(&rdev->fence_lock, irq_flags);
return 0;
}
-- fence->seq = atomic_add_return(1, &rdev->fence_drv.seq);
-+ fence->seq = atomic_add_return_unchecked(1, &rdev->fence_drv.seq);
- if (!rdev->cp.ready)
+- fence->seq = atomic_add_return(1, &rdev->fence_drv[fence->ring].seq);
++ fence->seq = atomic_add_return_unchecked(1, &rdev->fence_drv[fence->ring].seq);
+ if (!rdev->ring[fence->ring].ready)
/* FIXME: cp is not running assume everythings is done right
* away
-@@ -373,7 +373,7 @@ int radeon_fence_driver_init(struct radeon_device *rdev)
- return r;
- }
- radeon_fence_write(rdev, 0);
-- atomic_set(&rdev->fence_drv.seq, 0);
-+ atomic_set_unchecked(&rdev->fence_drv.seq, 0);
- INIT_LIST_HEAD(&rdev->fence_drv.created);
- INIT_LIST_HEAD(&rdev->fence_drv.emited);
- INIT_LIST_HEAD(&rdev->fence_drv.signaled);
+@@ -405,7 +405,7 @@ int radeon_fence_driver_start_ring(struct radeon_device *rdev, int ring)
+ }
+ rdev->fence_drv[ring].cpu_addr = &rdev->wb.wb[index/4];
+ rdev->fence_drv[ring].gpu_addr = rdev->wb.gpu_addr + index;
+- radeon_fence_write(rdev, atomic_read(&rdev->fence_drv[ring].seq), ring);
++ radeon_fence_write(rdev, atomic_read_unchecked(&rdev->fence_drv[ring].seq), ring);
+ rdev->fence_drv[ring].initialized = true;
+ DRM_INFO("fence driver on ring %d use gpu addr 0x%08Lx and cpu addr 0x%p\n",
+ ring, rdev->fence_drv[ring].gpu_addr, rdev->fence_drv[ring].cpu_addr);
+@@ -418,7 +418,7 @@ static void radeon_fence_driver_init_ring(struct radeon_device *rdev, int ring)
+ rdev->fence_drv[ring].scratch_reg = -1;
+ rdev->fence_drv[ring].cpu_addr = NULL;
+ rdev->fence_drv[ring].gpu_addr = 0;
+- atomic_set(&rdev->fence_drv[ring].seq, 0);
++ atomic_set_unchecked(&rdev->fence_drv[ring].seq, 0);
+ INIT_LIST_HEAD(&rdev->fence_drv[ring].created);
+ INIT_LIST_HEAD(&rdev->fence_drv[ring].emitted);
+ INIT_LIST_HEAD(&rdev->fence_drv[ring].signaled);
diff --git a/drivers/gpu/drm/radeon/radeon_ioc32.c b/drivers/gpu/drm/radeon/radeon_ioc32.c
index 48b7cea..342236f 100644
--- a/drivers/gpu/drm/radeon/radeon_ioc32.c
DRM_DEBUG("pid=%d\n", DRM_CURRENTPID);
diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c
-index 0b5468b..9c4b308 100644
+index c421e77..e6bf2e8 100644
--- a/drivers/gpu/drm/radeon/radeon_ttm.c
+++ b/drivers/gpu/drm/radeon/radeon_ttm.c
-@@ -672,8 +672,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma)
+@@ -842,8 +842,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma)
}
if (unlikely(ttm_vm_ops == NULL)) {
ttm_vm_ops = vma->vm_ops;
vma->vm_ops = &radeon_ttm_vm_ops;
return 0;
diff --git a/drivers/gpu/drm/radeon/rs690.c b/drivers/gpu/drm/radeon/rs690.c
-index a9049ed..501f284 100644
+index f68dff2..8df955c 100644
--- a/drivers/gpu/drm/radeon/rs690.c
+++ b/drivers/gpu/drm/radeon/rs690.c
@@ -304,9 +304,11 @@ void rs690_crtc_bandwidth_compute(struct radeon_device *rdev,
if (rdev->pm.max_bandwidth.full > rdev->pm.k8_bandwidth.full &&
rdev->pm.k8_bandwidth.full)
diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c
-index 727e93d..1565650 100644
+index 499debd..66fce72 100644
--- a/drivers/gpu/drm/ttm/ttm_page_alloc.c
+++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c
@@ -398,9 +398,9 @@ static int ttm_pool_get_num_unused_pages(void)
int shrink_pages = sc->nr_to_scan;
diff --git a/drivers/gpu/drm/via/via_drv.h b/drivers/gpu/drm/via/via_drv.h
-index 9cf87d9..2000b7d 100644
+index 88edacc..1e5412b 100644
--- a/drivers/gpu/drm/via/via_drv.h
+++ b/drivers/gpu/drm/via/via_drv.h
@@ -51,7 +51,7 @@ typedef struct drm_via_ring_buffer {
marker = list_first_entry(&queue->head,
struct vmw_marker, head);
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
-index bb656d8..4169fca 100644
+index 75dbe34..f9204a8 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
-@@ -2012,7 +2012,7 @@ static bool hid_ignore(struct hid_device *hdev)
+@@ -2021,7 +2021,7 @@ static bool hid_ignore(struct hid_device *hdev)
int hid_add_device(struct hid_device *hdev)
{
int ret;
if (WARN_ON(hdev->status & HID_STAT_ADDED))
-@@ -2027,7 +2027,7 @@ int hid_add_device(struct hid_device *hdev)
+@@ -2036,7 +2036,7 @@ int hid_add_device(struct hid_device *hdev)
/* XXX hack, any other cleaner solution after the driver core
* is converted to allow more than 20 bytes as the device name? */
dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
hid_debug_register(hdev, dev_name(&hdev->dev));
ret = device_add(&hdev->dev);
diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
-index 4ef02b2..8a96831 100644
+index b1ec0e2..c295a61 100644
--- a/drivers/hid/usbhid/hiddev.c
+++ b/drivers/hid/usbhid/hiddev.c
@@ -624,7 +624,7 @@ static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount);
if (ret)
diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
-index 0fb100e..baf87e5 100644
+index 12aa97f..c0679f7 100644
--- a/drivers/hv/hv.c
+++ b/drivers/hv/hv.c
@@ -132,7 +132,7 @@ static u64 do_hypercall(u64 control, void *input, void *output)
__asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi),
"=a"(hv_status_lo) : "d" (control_hi),
diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h
-index 0aee112..b72d21f 100644
+index 6d7d286..92b0873 100644
--- a/drivers/hv/hyperv_vmbus.h
+++ b/drivers/hv/hyperv_vmbus.h
@@ -556,7 +556,7 @@ enum vmbus_connect_state {
/*
* Represents channel interrupts. Each bit position represents a
diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c
-index d2d0a2a..90b8f4d 100644
+index a220e57..428f54d 100644
--- a/drivers/hv/vmbus_drv.c
+++ b/drivers/hv/vmbus_drv.c
@@ -663,10 +663,10 @@ int vmbus_device_register(struct hv_device *child_device_obj)
child_device_obj->device.bus = &hv_bus;
child_device_obj->device.parent = &hv_acpi_dev->dev;
diff --git a/drivers/hwmon/acpi_power_meter.c b/drivers/hwmon/acpi_power_meter.c
-index 66f6729..2d6de0a 100644
+index 554f046..f8b4729 100644
--- a/drivers/hwmon/acpi_power_meter.c
+++ b/drivers/hwmon/acpi_power_meter.c
@@ -316,8 +316,6 @@ static ssize_t set_trip(struct device *dev, struct device_attribute *devattr,
mutex_lock(&resource->lock);
resource->trip[attr->index - 7] = temp;
diff --git a/drivers/hwmon/sht15.c b/drivers/hwmon/sht15.c
-index 5357925..6cf0418 100644
+index 91fdd1f..b66a686 100644
--- a/drivers/hwmon/sht15.c
+++ b/drivers/hwmon/sht15.c
@@ -166,7 +166,7 @@ struct sht15_data {
}
}
diff --git a/drivers/ide/ide-pci-generic.c b/drivers/ide/ide-pci-generic.c
-index a743e68..1cfd674 100644
+index 7f56b73..dab5b67 100644
--- a/drivers/ide/ide-pci-generic.c
+++ b/drivers/ide/ide-pci-generic.c
@@ -53,7 +53,7 @@ static const struct ide_port_ops netcell_port_ops = {
.init_chipset = init_chipset_via82cxxx,
.enablebits = { { 0x40, 0x02, 0x02 }, { 0x40, 0x01, 0x01 } },
diff --git a/drivers/ieee802154/fakehard.c b/drivers/ieee802154/fakehard.c
-index eb0e2cc..14241c7 100644
+index 73d4531..c90cd2d 100644
--- a/drivers/ieee802154/fakehard.c
+++ b/drivers/ieee802154/fakehard.c
@@ -386,7 +386,7 @@ static int __devinit ieee802154fake_probe(struct platform_device *pdev)
priv = netdev_priv(dev);
priv->phy = phy;
diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c
-index 8b72f39..55df4c8 100644
+index c889aae..6cf5aa7 100644
--- a/drivers/infiniband/core/cm.c
+++ b/drivers/infiniband/core/cm.c
@@ -114,7 +114,7 @@ static char const counter_group_names[CM_COUNTER_GROUPS]
PDBG("%s stag_state 0x%0x type 0x%0x pdid 0x%0x, stag_idx 0x%x\n",
__func__, stag_state, type, pdid, stag_idx);
diff --git a/drivers/infiniband/hw/ipath/ipath_fs.c b/drivers/infiniband/hw/ipath/ipath_fs.c
-index 31ae1b1..641d285 100644
+index a4de9d5..5fa20c3 100644
--- a/drivers/infiniband/hw/ipath/ipath_fs.c
+++ b/drivers/infiniband/hw/ipath/ipath_fs.c
@@ -126,6 +126,8 @@ static const struct file_operations atomic_counters_ops = {
size_t count, loff_t *ppos)
{
struct ipath_devdata *dd;
+@@ -177,6 +179,8 @@ bail:
+ }
+
+ static ssize_t flash_write(struct file *file, const char __user *buf,
++ size_t count, loff_t *ppos) __size_overflow(3);
++static ssize_t flash_write(struct file *file, const char __user *buf,
+ size_t count, loff_t *ppos)
+ {
+ struct ipath_devdata *dd;
diff --git a/drivers/infiniband/hw/ipath/ipath_rc.c b/drivers/infiniband/hw/ipath/ipath_rc.c
index 79b3dbc..96e5fcc 100644
--- a/drivers/infiniband/hw/ipath/ipath_rc.c
sdata, wqe->wr.wr.atomic.swap);
goto send_comp;
diff --git a/drivers/infiniband/hw/nes/nes.c b/drivers/infiniband/hw/nes/nes.c
-index 5965b3d..16817fb 100644
+index 7140199..da60063 100644
--- a/drivers/infiniband/hw/nes/nes.c
+++ b/drivers/infiniband/hw/nes/nes.c
@@ -103,7 +103,7 @@ MODULE_PARM_DESC(limit_maxrdreqsz, "Limit max read request size to 256 Bytes");
/* Free the control structures */
diff --git a/drivers/infiniband/hw/nes/nes.h b/drivers/infiniband/hw/nes/nes.h
-index 568b4f1..5ea3eff 100644
+index c438e46..ca30356 100644
--- a/drivers/infiniband/hw/nes/nes.h
+++ b/drivers/infiniband/hw/nes/nes.h
@@ -178,17 +178,17 @@ extern unsigned int nes_debug_level;
extern u32 int_mod_timer_init;
extern u32 int_mod_cq_depth_256;
diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/nes/nes_cm.c
-index 0a52d72..0642f36 100644
+index a4972ab..1bcfc31 100644
--- a/drivers/infiniband/hw/nes/nes_cm.c
+++ b/drivers/infiniband/hw/nes/nes_cm.c
@@ -68,14 +68,14 @@ u32 cm_packets_dropped;
int nes_add_ref_cm_node(struct nes_cm_node *cm_node)
{
-@@ -1271,7 +1271,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core,
+@@ -1274,7 +1274,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core,
kfree(listener);
listener = NULL;
ret = 0;
dev_kfree_skb_any(skb);
}
break;
-@@ -2880,7 +2880,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp)
+@@ -2881,7 +2881,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp)
if ((cm_id) && (cm_id->event_handler)) {
if (issue_disconn) {
cm_event.event = IW_CM_EVENT_DISCONNECT;
cm_event.status = disconn_status;
cm_event.local_addr = cm_id->local_addr;
-@@ -2902,7 +2902,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp)
+@@ -2903,7 +2903,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp)
}
if (issue_close) {
nes_disconnect(nesqp, 1);
cm_id->provider_data = nesqp;
-@@ -3038,7 +3038,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
+@@ -3039,7 +3039,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
nes_debug(NES_DBG_CM, "QP%u, cm_node=%p, jiffies = %lu listener = %p\n",
nesqp->hwqp.qp_id, cm_node, jiffies, cm_node->listener);
nes_debug(NES_DBG_CM, "netdev refcnt = %u.\n",
netdev_refcnt_read(nesvnic->netdev));
-@@ -3240,7 +3240,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len)
+@@ -3241,7 +3241,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len)
struct nes_cm_core *cm_core;
u8 *start_buff;
cm_node = (struct nes_cm_node *)cm_id->provider_data;
loopback = cm_node->loopbackpartner;
cm_core = cm_node->cm_core;
-@@ -3300,7 +3300,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
+@@ -3301,7 +3301,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
ntohl(cm_id->local_addr.sin_addr.s_addr),
ntohs(cm_id->local_addr.sin_port));
nesqp->active_conn = 1;
/* cache the cm_id in the qp */
-@@ -3406,7 +3406,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog)
+@@ -3407,7 +3407,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog)
g_cm_core->api->stop_listener(g_cm_core, (void *)cm_node);
return err;
}
}
cm_id->add_ref(cm_id);
-@@ -3507,7 +3507,7 @@ static void cm_event_connected(struct nes_cm_event *event)
+@@ -3508,7 +3508,7 @@ static void cm_event_connected(struct nes_cm_event *event)
if (nesqp->destroyed)
return;
nes_debug(NES_DBG_CM, "QP%u attempting to connect to 0x%08X:0x%04X on"
" local port 0x%04X. jiffies = %lu.\n",
nesqp->hwqp.qp_id,
-@@ -3694,7 +3694,7 @@ static void cm_event_reset(struct nes_cm_event *event)
+@@ -3695,7 +3695,7 @@ static void cm_event_reset(struct nes_cm_event *event)
cm_id->add_ref(cm_id);
ret = cm_id->event_handler(cm_id, &cm_event);
cm_event.event = IW_CM_EVENT_CLOSE;
cm_event.status = 0;
cm_event.provider_data = cm_id->provider_data;
-@@ -3730,7 +3730,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event)
+@@ -3731,7 +3731,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event)
return;
cm_id = cm_node->cm_id;
nes_debug(NES_DBG_CM, "cm_node = %p - cm_id = %p, jiffies = %lu\n",
cm_node, cm_id, jiffies);
-@@ -3770,7 +3770,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event)
+@@ -3771,7 +3771,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event)
return;
cm_id = cm_node->cm_id;
cm_node, cm_id, jiffies);
diff --git a/drivers/infiniband/hw/nes/nes_mgt.c b/drivers/infiniband/hw/nes/nes_mgt.c
-index b3b2a24..7bfaf1e 100644
+index 3ba7be3..c81f6ff 100644
--- a/drivers/infiniband/hw/nes/nes_mgt.c
+++ b/drivers/infiniband/hw/nes/nes_mgt.c
@@ -40,8 +40,8 @@
}
diff --git a/drivers/infiniband/hw/nes/nes_nic.c b/drivers/infiniband/hw/nes/nes_nic.c
-index c00d2f3..8834298 100644
+index f3a3ecf..57d311d 100644
--- a/drivers/infiniband/hw/nes/nes_nic.c
+++ b/drivers/infiniband/hw/nes/nes_nic.c
@@ -1277,39 +1277,39 @@ static void nes_netdev_get_ethtool_stats(struct net_device *netdev,
/**
diff --git a/drivers/infiniband/hw/nes/nes_verbs.c b/drivers/infiniband/hw/nes/nes_verbs.c
-index 5095bc4..41e8fff 100644
+index 0927b5c..ed67986 100644
--- a/drivers/infiniband/hw/nes/nes_verbs.c
+++ b/drivers/infiniband/hw/nes/nes_verbs.c
@@ -46,9 +46,9 @@
#include "qib_common.h"
#include "qib_verbs.h"
diff --git a/drivers/infiniband/hw/qib/qib_fs.c b/drivers/infiniband/hw/qib/qib_fs.c
-index df7fa25..0c854f0 100644
+index 05e0f17..0275789 100644
--- a/drivers/infiniband/hw/qib/qib_fs.c
+++ b/drivers/infiniband/hw/qib/qib_fs.c
@@ -267,6 +267,8 @@ static const struct file_operations qsfp_ops[] = {
size_t count, loff_t *ppos)
{
struct qib_devdata *dd;
+@@ -318,6 +320,8 @@ bail:
+ }
+
+ static ssize_t flash_write(struct file *file, const char __user *buf,
++ size_t count, loff_t *ppos) __size_overflow(3);
++static ssize_t flash_write(struct file *file, const char __user *buf,
+ size_t count, loff_t *ppos)
+ {
+ struct qib_devdata *dd;
diff --git a/drivers/input/gameport/gameport.c b/drivers/input/gameport/gameport.c
index c351aa4..e6967c2 100644
--- a/drivers/input/gameport/gameport.c
gameport->dev.release = gameport_release_port;
if (gameport->parent)
diff --git a/drivers/input/input.c b/drivers/input/input.c
-index da38d97..2aa0b79 100644
+index 1f78c95..3cddc6c 100644
--- a/drivers/input/input.c
+++ b/drivers/input/input.c
@@ -1814,7 +1814,7 @@ static void input_cleanse_bitmasks(struct input_dev *dev)
#include <linux/input.h>
#include <linux/gameport.h>
diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c
-index d728875..844c89b 100644
+index fd7a0d5..a4af10c 100644
--- a/drivers/input/joystick/xpad.c
+++ b/drivers/input/joystick/xpad.c
@@ -710,7 +710,7 @@ static void xpad_led_set(struct led_classdev *led_cdev,
typedef struct _diva_os_xdi_adapter {
struct list_head link;
-diff --git a/drivers/isdn/i4l/isdn_net.c b/drivers/isdn/i4l/isdn_net.c
-index 2339d73..802ab87a 100644
---- a/drivers/isdn/i4l/isdn_net.c
-+++ b/drivers/isdn/i4l/isdn_net.c
-@@ -1901,7 +1901,7 @@ static int isdn_net_header(struct sk_buff *skb, struct net_device *dev,
- {
- isdn_net_local *lp = netdev_priv(dev);
- unsigned char *p;
-- ushort len = 0;
-+ int len = 0;
-
- switch (lp->p_encap) {
- case ISDN_NET_ENCAP_ETHER:
diff --git a/drivers/isdn/icn/icn.c b/drivers/isdn/icn/icn.c
index 1f355bb..43f1fea 100644
--- a/drivers/isdn/icn/icn.c
{
struct lguest *lg = file->private_data;
diff --git a/drivers/lguest/x86/core.c b/drivers/lguest/x86/core.c
-index 65af42f..530c87a 100644
+index 3980903..ce25c5e 100644
--- a/drivers/lguest/x86/core.c
+++ b/drivers/lguest/x86/core.c
@@ -59,7 +59,7 @@ static struct {
if (!*param->name) {
DMWARN("name not supplied when creating device");
return -EINVAL;
+diff --git a/drivers/md/dm-log-userspace-transfer.c b/drivers/md/dm-log-userspace-transfer.c
+index 1f23e04..08d9a20 100644
+--- a/drivers/md/dm-log-userspace-transfer.c
++++ b/drivers/md/dm-log-userspace-transfer.c
+@@ -134,7 +134,7 @@ static void cn_ulog_callback(struct cn_msg *msg, struct netlink_skb_parms *nsp)
+ {
+ struct dm_ulog_request *tfr = (struct dm_ulog_request *)(msg + 1);
+
+- if (!cap_raised(current_cap(), CAP_SYS_ADMIN))
++ if (!capable(CAP_SYS_ADMIN))
+ return;
+
+ spin_lock(&receiving_list_lock);
diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c
-index 9bfd057..01180bc 100644
+index 9bfd057..5373ff3 100644
--- a/drivers/md/dm-raid1.c
+++ b/drivers/md/dm-raid1.c
@@ -40,7 +40,7 @@ enum dm_raid1_error {
m = NULL;
if (likely(m))
-@@ -937,7 +937,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti,
+@@ -848,6 +848,10 @@ static void do_mirror(struct work_struct *work)
+ static struct mirror_set *alloc_context(unsigned int nr_mirrors,
+ uint32_t region_size,
+ struct dm_target *ti,
++ struct dm_dirty_log *dl) __size_overflow(1);
++static struct mirror_set *alloc_context(unsigned int nr_mirrors,
++ uint32_t region_size,
++ struct dm_target *ti,
+ struct dm_dirty_log *dl)
+ {
+ size_t len;
+@@ -937,7 +941,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti,
}
ms->mirror[mirror].ms = ms;
ms->mirror[mirror].error_type = 0;
ms->mirror[mirror].offset = offset;
-@@ -1347,7 +1347,7 @@ static void mirror_resume(struct dm_target *ti)
+@@ -1347,7 +1351,7 @@ static void mirror_resume(struct dm_target *ti)
*/
static char device_status_char(struct mirror *m)
{
return (test_bit(DM_RAID1_FLUSH_ERROR, &(m->error_type))) ? 'F' :
diff --git a/drivers/md/dm-stripe.c b/drivers/md/dm-stripe.c
-index 3d80cf0..b77cc47 100644
+index 3d80cf0..7d98e1a 100644
--- a/drivers/md/dm-stripe.c
+++ b/drivers/md/dm-stripe.c
@@ -20,7 +20,7 @@ struct stripe {
};
struct stripe_c {
-@@ -192,7 +192,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv)
+@@ -55,6 +55,7 @@ static void trigger_event(struct work_struct *work)
+ dm_table_event(sc->ti->table);
+ }
+
++static inline struct stripe_c *alloc_context(unsigned int stripes) __size_overflow(1);
+ static inline struct stripe_c *alloc_context(unsigned int stripes)
+ {
+ size_t len;
+@@ -192,7 +193,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv)
kfree(sc);
return r;
}
}
ti->private = sc;
-@@ -314,7 +314,7 @@ static int stripe_status(struct dm_target *ti,
+@@ -314,7 +315,7 @@ static int stripe_status(struct dm_target *ti,
DMEMIT("%d ", sc->stripes);
for (i = 0; i < sc->stripes; i++) {
DMEMIT("%s ", sc->stripe[i].dev->name);
'D' : 'A';
}
buffer[i] = '\0';
-@@ -361,8 +361,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio,
+@@ -361,8 +362,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio,
*/
for (i = 0; i < sc->stripes; i++)
if (!strcmp(sc->stripe[i].dev->name, major_minor)) {
schedule_work(&sc->trigger_event);
}
diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c
-index 8e91321..fd17aef 100644
+index 63cc542..8d45caf3 100644
--- a/drivers/md/dm-table.c
+++ b/drivers/md/dm-table.c
@@ -391,7 +391,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev,
pmd->bl_info.value_type.inc = data_block_inc;
pmd->bl_info.value_type.dec = data_block_dec;
diff --git a/drivers/md/dm.c b/drivers/md/dm.c
-index 4720f68..78d1df7 100644
+index b89c548..2af3ce4 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
-@@ -177,9 +177,9 @@ struct mapped_device {
+@@ -176,9 +176,9 @@ struct mapped_device {
/*
* Event handling.
*/
struct list_head uevent_list;
spinlock_t uevent_lock; /* Protect access to uevent_list */
-@@ -1845,8 +1845,8 @@ static struct mapped_device *alloc_dev(int minor)
+@@ -1844,8 +1844,8 @@ static struct mapped_device *alloc_dev(int minor)
rwlock_init(&md->map_lock);
atomic_set(&md->holders, 1);
atomic_set(&md->open_count, 0);
INIT_LIST_HEAD(&md->uevent_list);
spin_lock_init(&md->uevent_lock);
-@@ -1980,7 +1980,7 @@ static void event_callback(void *context)
+@@ -1979,7 +1979,7 @@ static void event_callback(void *context)
dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj);
wake_up(&md->eventq);
}
-@@ -2622,18 +2622,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
+@@ -2621,18 +2621,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
uint32_t dm_next_uevent_seq(struct mapped_device *md)
{
void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
diff --git a/drivers/md/md.c b/drivers/md/md.c
-index f47f1f8..b7f559e 100644
+index 58027d8..d9cddcd 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
-@@ -278,10 +278,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio);
+@@ -277,10 +277,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio);
* start build, activate spare
*/
static DECLARE_WAIT_QUEUE_HEAD(md_event_waiters);
wake_up(&md_event_waiters);
}
EXPORT_SYMBOL_GPL(md_new_event);
-@@ -291,7 +291,7 @@ EXPORT_SYMBOL_GPL(md_new_event);
+@@ -290,7 +290,7 @@ EXPORT_SYMBOL_GPL(md_new_event);
*/
static void md_new_event_inintr(struct mddev *mddev)
{
wake_up(&md_event_waiters);
}
-@@ -1525,7 +1525,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_
+@@ -1524,7 +1524,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_
rdev->preferred_minor = 0xffff;
rdev->data_offset = le64_to_cpu(sb->data_offset);
rdev->sb_size = le32_to_cpu(sb->max_dev) * 2 + 256;
bmask = queue_logical_block_size(rdev->bdev->bd_disk->queue)-1;
-@@ -1742,7 +1742,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev)
+@@ -1743,7 +1743,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev)
else
sb->resync_offset = cpu_to_le64(0);
sb->raid_disks = cpu_to_le32(mddev->raid_disks);
sb->size = cpu_to_le64(mddev->dev_sectors);
-@@ -2639,7 +2639,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store);
+@@ -2689,7 +2689,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store);
static ssize_t
errors_show(struct md_rdev *rdev, char *page)
{
}
static ssize_t
-@@ -2648,7 +2648,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len)
+@@ -2698,7 +2698,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len)
char *e;
unsigned long n = simple_strtoul(buf, &e, 10);
if (*buf && (*e == 0 || *e == '\n')) {
return len;
}
return -EINVAL;
-@@ -3039,8 +3039,8 @@ int md_rdev_init(struct md_rdev *rdev)
+@@ -3084,8 +3084,8 @@ int md_rdev_init(struct md_rdev *rdev)
rdev->sb_loaded = 0;
rdev->bb_page = NULL;
atomic_set(&rdev->nr_pending, 0);
INIT_LIST_HEAD(&rdev->same_set);
init_waitqueue_head(&rdev->blocked_wait);
-@@ -6683,7 +6683,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
+@@ -6736,7 +6736,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
spin_unlock(&pers_lock);
seq_printf(seq, "\n");
return 0;
}
if (v == (void*)2) {
-@@ -6772,7 +6772,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
+@@ -6828,7 +6828,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
chunk_kb ? "KB" : "B");
if (bitmap->file) {
seq_printf(seq, ", file: ");
}
seq_printf(seq, "\n");
-@@ -6803,7 +6803,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
+@@ -6859,7 +6859,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
return error;
seq = file->private_data;
return error;
}
-@@ -6817,7 +6817,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
+@@ -6873,7 +6873,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
/* always allow read */
mask = POLLIN | POLLRDNORM;
mask |= POLLERR | POLLPRI;
return mask;
}
-@@ -6861,7 +6861,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
+@@ -6917,7 +6917,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
struct gendisk *disk = rdev->bdev->bd_contains->bd_disk;
curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
(int)part_stat_read(&disk->part0, sectors[1]) -
* as sync_io is counted when a request starts, and
* disk_stats is counted when it completes.
diff --git a/drivers/md/md.h b/drivers/md/md.h
-index cf742d9..7c7c745 100644
+index 44c63df..b795d1a 100644
--- a/drivers/md/md.h
+++ b/drivers/md/md.h
-@@ -120,13 +120,13 @@ struct md_rdev {
+@@ -93,13 +93,13 @@ struct md_rdev {
* only maintained for arrays that
* support hot removal
*/
* for reporting to userspace and storing
* in superblock.
*/
-@@ -410,7 +410,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev)
+@@ -421,7 +421,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev)
static inline void md_sync_acct(struct block_device *bdev, unsigned long nr_sectors)
{
/*----------------------------------------------------------------*/
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
-index 7d9e071..015b1d5 100644
+index edc735a..e9b97f1 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
-@@ -1568,7 +1568,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
+@@ -1645,7 +1645,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
if (r1_sync_page_io(rdev, sect, s,
bio->bi_io_vec[idx].bv_page,
READ) != 0)
}
sectors -= s;
sect += s;
-@@ -1781,7 +1781,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
+@@ -1859,7 +1859,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
test_bit(In_sync, &rdev->flags)) {
if (r1_sync_page_io(rdev, sect, s,
conf->tmppage, READ)) {
"md/raid1:%s: read error corrected "
"(%d sectors at %llu on %s)\n",
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index 685ddf3..955b087 100644
+index 1898389..a3aa617 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
-@@ -1440,7 +1440,7 @@ static void end_sync_read(struct bio *bio, int error)
+@@ -1636,7 +1636,7 @@ static void end_sync_read(struct bio *bio, int error)
/* The write handler will notice the lack of
* R10BIO_Uptodate and record any errors etc
*/
&conf->mirrors[d].rdev->corrected_errors);
/* for reconstruct, we always reschedule after a read.
-@@ -1740,7 +1740,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
+@@ -1987,7 +1987,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
{
struct timespec cur_time_mon;
unsigned long hours_since_last;
ktime_get_ts(&cur_time_mon);
-@@ -1762,9 +1762,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
+@@ -2009,9 +2009,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
* overflowing the shift of read_errors by hours_since_last.
*/
if (hours_since_last >= 8 * sizeof(read_errors))
}
static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector,
-@@ -1814,8 +1814,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2065,8 +2065,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
return;
check_decay_read_errors(mddev, rdev);
char b[BDEVNAME_SIZE];
bdevname(rdev->bdev, b);
-@@ -1823,7 +1823,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2074,7 +2074,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
"md/raid10:%s: %s: Raid device exceeded "
"read_error threshold [cur %d:max %d]\n",
mdname(mddev), b,
printk(KERN_NOTICE
"md/raid10:%s: %s: Failing raid device\n",
mdname(mddev), b);
-@@ -1968,7 +1968,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2223,7 +2223,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
(unsigned long long)(
sect + rdev->data_offset),
bdevname(rdev->bdev, b));
rdev_dec_pending(rdev, mddev);
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index 858fdbb..b2dac95 100644
+index d1162e5..c7cd902 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
-@@ -1610,19 +1610,19 @@ static void raid5_end_read_request(struct bio * bi, int error)
+@@ -1687,18 +1687,18 @@ static void raid5_end_read_request(struct bio * bi, int error)
(unsigned long long)(sh->sector
+ rdev->data_offset),
bdevname(rdev->bdev, b));
clear_bit(R5_ReadError, &sh->dev[i].flags);
clear_bit(R5_ReWrite, &sh->dev[i].flags);
}
-- if (atomic_read(&conf->disks[i].rdev->read_errors))
-- atomic_set(&conf->disks[i].rdev->read_errors, 0);
-+ if (atomic_read_unchecked(&conf->disks[i].rdev->read_errors))
-+ atomic_set_unchecked(&conf->disks[i].rdev->read_errors, 0);
+- if (atomic_read(&rdev->read_errors))
+- atomic_set(&rdev->read_errors, 0);
++ if (atomic_read_unchecked(&rdev->read_errors))
++ atomic_set_unchecked(&rdev->read_errors, 0);
} else {
- const char *bdn = bdevname(conf->disks[i].rdev->bdev, b);
+ const char *bdn = bdevname(rdev->bdev, b);
int retry = 0;
- rdev = conf->disks[i].rdev;
clear_bit(R5_UPTODATE, &sh->dev[i].flags);
- atomic_inc(&rdev->read_errors);
+ atomic_inc_unchecked(&rdev->read_errors);
- if (conf->mddev->degraded >= conf->max_degraded)
+ if (test_bit(R5_ReadRepl, &sh->dev[i].flags))
printk_ratelimited(
KERN_WARNING
-@@ -1642,7 +1642,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
+@@ -1727,7 +1727,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
(unsigned long long)(sh->sector
+ rdev->data_offset),
bdn);
printk(KERN_WARNING
"md/raid:%s: Too many read errors, failing device %s.\n",
diff --git a/drivers/media/dvb/ddbridge/ddbridge-core.c b/drivers/media/dvb/ddbridge/ddbridge-core.c
-index ba9a643..e474ab5 100644
+index ce4f858..7bcfb46 100644
--- a/drivers/media/dvb/ddbridge/ddbridge-core.c
+++ b/drivers/media/dvb/ddbridge/ddbridge-core.c
@@ -1678,7 +1678,7 @@ static struct ddb_info ddb_v6 = {
struct dvb_demux *demux;
void *priv;
diff --git a/drivers/media/dvb/dvb-core/dvbdev.c b/drivers/media/dvb/dvb-core/dvbdev.c
-index f732877..d38c35a 100644
+index 00a6732..70a682e 100644
--- a/drivers/media/dvb/dvb-core/dvbdev.c
+++ b/drivers/media/dvb/dvb-core/dvbdev.c
@@ -192,7 +192,7 @@ int dvb_register_device(struct dvb_adapter *adap, struct dvb_device **pdvbdev,
int minor;
int id;
diff --git a/drivers/media/dvb/dvb-usb/cxusb.c b/drivers/media/dvb/dvb-usb/cxusb.c
-index 9f2a02c..5920f88 100644
+index 3940bb0..fb3952a 100644
--- a/drivers/media/dvb/dvb-usb/cxusb.c
+++ b/drivers/media/dvb/dvb-usb/cxusb.c
-@@ -1069,7 +1069,7 @@ static struct dib0070_config dib7070p_dib0070_config = {
+@@ -1068,7 +1068,7 @@ static struct dib0070_config dib7070p_dib0070_config = {
+
struct dib0700_adapter_state {
- int (*set_param_save) (struct dvb_frontend *,
- struct dvb_frontend_parameters *);
+ int (*set_param_save) (struct dvb_frontend *);
-};
+} __no_const;
- static int dib7070_set_param_override(struct dvb_frontend *fe,
- struct dvb_frontend_parameters *fep)
+ static int dib7070_set_param_override(struct dvb_frontend *fe)
+ {
diff --git a/drivers/media/dvb/dvb-usb/dw2102.c b/drivers/media/dvb/dvb-usb/dw2102.c
-index f103ec1..5e8968b 100644
+index 451c5a7..649f711 100644
--- a/drivers/media/dvb/dvb-usb/dw2102.c
+++ b/drivers/media/dvb/dvb-usb/dw2102.c
@@ -95,7 +95,7 @@ struct su3000_state {
#if defined(CONFIG_DVB_DIB3000MB) || (defined(CONFIG_DVB_DIB3000MB_MODULE) && defined(MODULE))
extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config,
-diff --git a/drivers/media/dvb/frontends/ds3000.c b/drivers/media/dvb/frontends/ds3000.c
-index 90bf573..e8463da 100644
---- a/drivers/media/dvb/frontends/ds3000.c
-+++ b/drivers/media/dvb/frontends/ds3000.c
-@@ -1210,7 +1210,7 @@ static int ds3000_set_frontend(struct dvb_frontend *fe,
-
- for (i = 0; i < 30 ; i++) {
- ds3000_read_status(fe, &status);
-- if (status && FE_HAS_LOCK)
-+ if (status & FE_HAS_LOCK)
- break;
-
- msleep(10);
diff --git a/drivers/media/dvb/ngene/ngene-cards.c b/drivers/media/dvb/ngene/ngene-cards.c
-index 0564192..75b16f5 100644
+index 8418c02..8555013 100644
--- a/drivers/media/dvb/ngene/ngene-cards.c
+++ b/drivers/media/dvb/ngene/ngene-cards.c
@@ -477,7 +477,7 @@ static struct ngene_info ngene_info_m780 = {
mutex_lock(&dev->lock);
if (dev->rdsstat == 0) {
dev->rdsstat = 1;
-diff --git a/drivers/media/rc/redrat3.c b/drivers/media/rc/redrat3.c
-index 61287fc..8b08712 100644
---- a/drivers/media/rc/redrat3.c
-+++ b/drivers/media/rc/redrat3.c
-@@ -905,7 +905,7 @@ static int redrat3_set_tx_carrier(struct rc_dev *dev, u32 carrier)
- return carrier;
- }
-
--static int redrat3_transmit_ir(struct rc_dev *rcdev, int *txbuf, u32 n)
-+static int redrat3_transmit_ir(struct rc_dev *rcdev, unsigned *txbuf, u32 n)
- {
- struct redrat3_dev *rr3 = rcdev->priv;
- struct device *dev = rr3->dev;
diff --git a/drivers/media/video/au0828/au0828.h b/drivers/media/video/au0828/au0828.h
index 9cde353..8c6a1c3 100644
--- a/drivers/media/video/au0828/au0828.h
struct i2c_client i2c_client;
u32 i2c_rc;
+diff --git a/drivers/media/video/cpia2/cpia2_core.c b/drivers/media/video/cpia2/cpia2_core.c
+index ee91e295..04ad048 100644
+--- a/drivers/media/video/cpia2/cpia2_core.c
++++ b/drivers/media/video/cpia2/cpia2_core.c
+@@ -86,6 +86,7 @@ static inline unsigned long kvirt_to_pa(unsigned long adr)
+ return ret;
+ }
+
++static void *rvmalloc(unsigned long size) __size_overflow(1);
+ static void *rvmalloc(unsigned long size)
+ {
+ void *mem;
+diff --git a/drivers/media/video/cx18/cx18-alsa-pcm.c b/drivers/media/video/cx18/cx18-alsa-pcm.c
+index 82d195b..181103c 100644
+--- a/drivers/media/video/cx18/cx18-alsa-pcm.c
++++ b/drivers/media/video/cx18/cx18-alsa-pcm.c
+@@ -229,6 +229,8 @@ static int snd_cx18_pcm_ioctl(struct snd_pcm_substream *substream,
+
+
+ static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs,
++ size_t size) __size_overflow(2);
++static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs,
+ size_t size)
+ {
+ struct snd_pcm_runtime *runtime = subs->runtime;
+diff --git a/drivers/media/video/cx231xx/cx231xx-audio.c b/drivers/media/video/cx231xx/cx231xx-audio.c
+index a2c2b7d..8f1bec7 100644
+--- a/drivers/media/video/cx231xx/cx231xx-audio.c
++++ b/drivers/media/video/cx231xx/cx231xx-audio.c
+@@ -389,6 +389,8 @@ static int cx231xx_init_audio_bulk(struct cx231xx *dev)
+ }
+
+ static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs,
++ size_t size) __size_overflow(2);
++static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs,
+ size_t size)
+ {
+ struct snd_pcm_runtime *runtime = subs->runtime;
diff --git a/drivers/media/video/cx88/cx88-alsa.c b/drivers/media/video/cx88/cx88-alsa.c
-index 68d1240..46b32eb 100644
+index 04bf662..e0ac026 100644
--- a/drivers/media/video/cx88/cx88-alsa.c
+++ b/drivers/media/video/cx88/cx88-alsa.c
@@ -766,7 +766,7 @@ static struct snd_kcontrol_new snd_cx88_alc_switch = {
{0x14f1,0x8801,PCI_ANY_ID,PCI_ANY_ID,0,0,0},
{0x14f1,0x8811,PCI_ANY_ID,PCI_ANY_ID,0,0,0},
{0, }
+diff --git a/drivers/media/video/em28xx/em28xx-audio.c b/drivers/media/video/em28xx/em28xx-audio.c
+index e2a7b77..753d0ee 100644
+--- a/drivers/media/video/em28xx/em28xx-audio.c
++++ b/drivers/media/video/em28xx/em28xx-audio.c
+@@ -225,6 +225,8 @@ static int em28xx_init_audio_isoc(struct em28xx *dev)
+ }
+
+ static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs,
++ size_t size) __size_overflow(2);
++static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs,
+ size_t size)
+ {
+ struct snd_pcm_runtime *runtime = subs->runtime;
+diff --git a/drivers/media/video/meye.c b/drivers/media/video/meye.c
+index b09a3c8..6dcba0a 100644
+--- a/drivers/media/video/meye.c
++++ b/drivers/media/video/meye.c
+@@ -72,6 +72,7 @@ static struct meye meye;
+ /****************************************************************************/
+ /* Memory allocation routines (stolen from bttv-driver.c) */
+ /****************************************************************************/
++static void *rvmalloc(unsigned long size) __size_overflow(1);
+ static void *rvmalloc(unsigned long size)
+ {
+ void *mem;
diff --git a/drivers/media/video/omap/omap_vout.c b/drivers/media/video/omap/omap_vout.c
-index ee0d0b3..63f6b78 100644
+index 1fb7d5b..3901e77 100644
--- a/drivers/media/video/omap/omap_vout.c
+++ b/drivers/media/video/omap/omap_vout.c
@@ -64,7 +64,6 @@ enum omap_vout_channels {
/* Variables configurable through module params*/
static u32 video1_numbuffers = 3;
static u32 video2_numbuffers = 3;
-@@ -999,6 +998,12 @@ static int omap_vout_open(struct file *file)
+@@ -1000,6 +999,12 @@ static int omap_vout_open(struct file *file)
{
struct videobuf_queue *q;
struct omap_vout_device *vout = NULL;
vout = video_drvdata(file);
v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, "Entering %s\n", __func__);
-@@ -1016,10 +1021,6 @@ static int omap_vout_open(struct file *file)
+@@ -1017,10 +1022,6 @@ static int omap_vout_open(struct file *file)
vout->type = V4L2_BUF_TYPE_VIDEO_OUTPUT;
q = &vout->vbq;
{
struct saa7164_vbi_fh *fh = file->private_data;
diff --git a/drivers/media/video/timblogiw.c b/drivers/media/video/timblogiw.c
-index a0895bf..b7ebb1b 100644
+index 4ed1c7c2..8f15e13 100644
--- a/drivers/media/video/timblogiw.c
+++ b/drivers/media/video/timblogiw.c
@@ -745,7 +745,7 @@ static int timblogiw_mmap(struct file *file, struct vm_area_struct *vma)
.owner = THIS_MODULE,
.open = timblogiw_open,
.release = timblogiw_close,
+diff --git a/drivers/media/video/videobuf-dma-contig.c b/drivers/media/video/videobuf-dma-contig.c
+index c969111..a7910f4 100644
+--- a/drivers/media/video/videobuf-dma-contig.c
++++ b/drivers/media/video/videobuf-dma-contig.c
+@@ -184,6 +184,7 @@ static int videobuf_dma_contig_user_get(struct videobuf_dma_contig_memory *mem,
+ return ret;
+ }
+
++static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) __size_overflow(1);
+ static struct videobuf_buffer *__videobuf_alloc_vb(size_t size)
+ {
+ struct videobuf_dma_contig_memory *mem;
+diff --git a/drivers/media/video/videobuf-dma-sg.c b/drivers/media/video/videobuf-dma-sg.c
+index f300dea..5fc9c4a 100644
+--- a/drivers/media/video/videobuf-dma-sg.c
++++ b/drivers/media/video/videobuf-dma-sg.c
+@@ -419,6 +419,7 @@ static const struct vm_operations_struct videobuf_vm_ops = {
+ struct videobuf_dma_sg_memory
+ */
+
++static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) __size_overflow(1);
+ static struct videobuf_buffer *__videobuf_alloc_vb(size_t size)
+ {
+ struct videobuf_dma_sg_memory *mem;
+diff --git a/drivers/media/video/videobuf-vmalloc.c b/drivers/media/video/videobuf-vmalloc.c
+index df14258..12cc7a3 100644
+--- a/drivers/media/video/videobuf-vmalloc.c
++++ b/drivers/media/video/videobuf-vmalloc.c
+@@ -135,6 +135,7 @@ static const struct vm_operations_struct videobuf_vm_ops = {
+ struct videobuf_dma_sg_memory
+ */
+
++static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) __size_overflow(1);
+ static struct videobuf_buffer *__videobuf_alloc_vb(size_t size)
+ {
+ struct videobuf_vmalloc_memory *mem;
diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c
-index e9c6a60..daf6a33 100644
+index a7dc467..a55c423 100644
--- a/drivers/message/fusion/mptbase.c
+++ b/drivers/message/fusion/mptbase.c
-@@ -6753,8 +6753,13 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v)
+@@ -6754,8 +6754,13 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v)
seq_printf(m, " MaxChainDepth = 0x%02x frames\n", ioc->facts.MaxChainDepth);
seq_printf(m, " MinBlockSize = 0x%02x bytes\n", 4*ioc->facts.BlockSize);
* Rounding UP to nearest 4-kB boundary here...
*/
diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c
-index 9d95042..b808101 100644
+index 551262e..7551198 100644
--- a/drivers/message/fusion/mptsas.c
+++ b/drivers/message/fusion/mptsas.c
@@ -446,6 +446,23 @@ mptsas_is_end_device(struct mptsas_devinfo * attached)
return h->info_kbuf;
}
diff --git a/drivers/message/i2o/i2o_proc.c b/drivers/message/i2o/i2o_proc.c
-index 07dbeaf..5533142 100644
+index 6d115c7..58ff7fd 100644
--- a/drivers/message/i2o/i2o_proc.c
+++ b/drivers/message/i2o/i2o_proc.c
@@ -255,13 +255,6 @@ static char *scsi_devices[] = {
};
diff --git a/drivers/mfd/janz-cmodio.c b/drivers/mfd/janz-cmodio.c
-index 5c2a06a..8fa077c 100644
+index a9223ed..4127b13 100644
--- a/drivers/mfd/janz-cmodio.c
+++ b/drivers/mfd/janz-cmodio.c
@@ -13,6 +13,7 @@
#include <linux/pci.h>
#include <linux/interrupt.h>
diff --git a/drivers/misc/lis3lv02d/lis3lv02d.c b/drivers/misc/lis3lv02d/lis3lv02d.c
-index 29d12a7..f900ba4 100644
+index a981e2a..5ca0c8b 100644
--- a/drivers/misc/lis3lv02d/lis3lv02d.c
+++ b/drivers/misc/lis3lv02d/lis3lv02d.c
-@@ -464,7 +464,7 @@ static irqreturn_t lis302dl_interrupt(int irq, void *data)
+@@ -466,7 +466,7 @@ static irqreturn_t lis302dl_interrupt(int irq, void *data)
* the lid is closed. This leads to interrupts as soon as a little move
* is done.
*/
wake_up_interruptible(&lis3->misc_wait);
kill_fasync(&lis3->async_queue, SIGIO, POLL_IN);
-@@ -550,7 +550,7 @@ static int lis3lv02d_misc_open(struct inode *inode, struct file *file)
+@@ -552,7 +552,7 @@ static int lis3lv02d_misc_open(struct inode *inode, struct file *file)
if (lis3->pm_dev)
pm_runtime_get_sync(lis3->pm_dev);
return 0;
}
-@@ -583,7 +583,7 @@ static ssize_t lis3lv02d_misc_read(struct file *file, char __user *buf,
+@@ -585,7 +585,7 @@ static ssize_t lis3lv02d_misc_read(struct file *file, char __user *buf,
add_wait_queue(&lis3->misc_wait, &wait);
while (true) {
set_current_state(TASK_INTERRUPTIBLE);
if (data)
break;
-@@ -624,7 +624,7 @@ static unsigned int lis3lv02d_misc_poll(struct file *file, poll_table *wait)
+@@ -626,7 +626,7 @@ static unsigned int lis3lv02d_misc_poll(struct file *file, poll_table *wait)
struct lis3lv02d, miscdev);
poll_wait(file, &lis3->misc_wait, wait);
mcs_op_statistics[op].max = nsec;
}
diff --git a/drivers/misc/sgi-gru/gruprocfs.c b/drivers/misc/sgi-gru/gruprocfs.c
-index 7768b87..f8aac38 100644
+index 950dbe9..eeef0f8 100644
--- a/drivers/misc/sgi-gru/gruprocfs.c
+++ b/drivers/misc/sgi-gru/gruprocfs.c
@@ -32,9 +32,9 @@
/*
* Timer function to enforce the timelimit on the partition disengage.
diff --git a/drivers/mmc/host/sdhci-pci.c b/drivers/mmc/host/sdhci-pci.c
-index 6878a94..fe5c5f1 100644
+index 6ebdc40..9edf5d8 100644
--- a/drivers/mmc/host/sdhci-pci.c
+++ b/drivers/mmc/host/sdhci-pci.c
-@@ -673,7 +673,7 @@ static const struct sdhci_pci_fixes sdhci_via = {
+@@ -631,7 +631,7 @@ static const struct sdhci_pci_fixes sdhci_via = {
.probe = via_probe,
};
.vendor = PCI_VENDOR_ID_RICOH,
.device = PCI_DEVICE_ID_RICOH_R5C822,
diff --git a/drivers/mtd/devices/doc2000.c b/drivers/mtd/devices/doc2000.c
-index e9fad91..0a7a16a 100644
+index 87a431c..4959b43 100644
--- a/drivers/mtd/devices/doc2000.c
+++ b/drivers/mtd/devices/doc2000.c
-@@ -773,7 +773,7 @@ static int doc_write(struct mtd_info *mtd, loff_t to, size_t len,
+@@ -764,7 +764,7 @@ static int doc_write(struct mtd_info *mtd, loff_t to, size_t len,
/* The ECC will not be calculated correctly if less than 512 is written */
/* DBB-
"ECC needs a full sector write (adr: %lx size %lx)\n",
(long) to, (long) len);
diff --git a/drivers/mtd/devices/doc2001.c b/drivers/mtd/devices/doc2001.c
-index a3f7a27..234016e 100644
+index 9eacf67..4534b5b 100644
--- a/drivers/mtd/devices/doc2001.c
+++ b/drivers/mtd/devices/doc2001.c
-@@ -392,7 +392,7 @@ static int doc_read (struct mtd_info *mtd, loff_t from, size_t len,
+@@ -384,7 +384,7 @@ static int doc_read (struct mtd_info *mtd, loff_t from, size_t len,
struct Nand *mychip = &this->chips[from >> (this->chipshift)];
/* Don't allow read past end of device */
#include "denali.h"
diff --git a/drivers/mtd/nftlmount.c b/drivers/mtd/nftlmount.c
-index ac40925..483b753 100644
+index 51b9d6a..52af9a7 100644
--- a/drivers/mtd/nftlmount.c
+++ b/drivers/mtd/nftlmount.c
@@ -24,6 +24,7 @@
#include <linux/mtd/mtd.h>
#include <linux/mtd/nand.h>
#include <linux/mtd/nftl.h>
-diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c
-index 6c3fb5a..5b2eeb0 100644
---- a/drivers/mtd/ubi/build.c
-+++ b/drivers/mtd/ubi/build.c
-@@ -1311,7 +1311,7 @@ module_exit(ubi_exit);
- static int __init bytes_str_to_int(const char *str)
- {
- char *endp;
-- unsigned long result;
-+ unsigned long result, scale = 1;
-
- result = simple_strtoul(str, &endp, 0);
- if (str == endp || result >= INT_MAX) {
-@@ -1322,11 +1322,11 @@ static int __init bytes_str_to_int(const char *str)
-
- switch (*endp) {
- case 'G':
-- result *= 1024;
-+ scale *= 1024;
- case 'M':
-- result *= 1024;
-+ scale *= 1024;
- case 'K':
-- result *= 1024;
-+ scale *= 1024;
- if (endp[1] == 'i' && endp[2] == 'B')
- endp += 2;
- case '\0':
-@@ -1337,7 +1337,13 @@ static int __init bytes_str_to_int(const char *str)
- return -EINVAL;
- }
-
-- return result;
-+ if (result*scale >= INT_MAX) {
-+ printk(KERN_ERR "UBI error: incorrect bytes count: \"%s\"\n",
-+ str);
-+ return -EINVAL;
-+ }
-+
-+ return result*scale;
- }
-
- /**
diff --git a/drivers/mtd/ubi/debug.c b/drivers/mtd/ubi/debug.c
-index ab80c0d..aec8580 100644
+index e2cdebf..d48183a 100644
--- a/drivers/mtd/ubi/debug.c
+++ b/drivers/mtd/ubi/debug.c
@@ -338,6 +338,8 @@ out:
{
unsigned long ubi_num = (unsigned long)file->private_data;
diff --git a/drivers/net/ethernet/atheros/atlx/atl2.c b/drivers/net/ethernet/atheros/atlx/atl2.c
-index 1feae59..c2a61d2 100644
+index 071f4c8..440862e 100644
--- a/drivers/net/ethernet/atheros/atlx/atl2.c
+++ b/drivers/net/ethernet/atheros/atlx/atl2.c
-@@ -2857,7 +2857,7 @@ static void atl2_force_ps(struct atl2_hw *hw)
+@@ -2862,7 +2862,7 @@ static void atl2_force_ps(struct atl2_hw *hw)
*/
#define ATL2_PARAM(X, desc) \
MODULE_PARM_DESC(X, desc);
#else
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h
-index 9a517c2..a50cfcb 100644
+index 66da39f..5dc436d 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h
-@@ -449,7 +449,7 @@ struct bnx2x_rx_mode_obj {
+@@ -473,7 +473,7 @@ struct bnx2x_rx_mode_obj {
int (*wait_comp)(struct bnx2x *bp,
struct bnx2x_rx_mode_ramrod_params *p);
/********************** Set multicast group ***********************************/
diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h
-index 94b4bd0..73c02de 100644
+index aea8f72..fcebf75 100644
--- a/drivers/net/ethernet/broadcom/tg3.h
+++ b/drivers/net/ethernet/broadcom/tg3.h
-@@ -134,6 +134,7 @@
+@@ -140,6 +140,7 @@
#define CHIPREV_ID_5750_A0 0x4000
#define CHIPREV_ID_5750_A1 0x4001
#define CHIPREV_ID_5750_A3 0x4003
#define CHIPREV_ID_5750_C2 0x4202
#define CHIPREV_ID_5752_A0_HW 0x5000
#define CHIPREV_ID_5752_A0 0x6000
+diff --git a/drivers/net/ethernet/chelsio/cxgb/sge.c b/drivers/net/ethernet/chelsio/cxgb/sge.c
+index 47a8435..248e4b3 100644
+--- a/drivers/net/ethernet/chelsio/cxgb/sge.c
++++ b/drivers/net/ethernet/chelsio/cxgb/sge.c
+@@ -1052,6 +1052,8 @@ MODULE_PARM_DESC(copybreak, "Receive copy threshold");
+ * be copied but there is no memory for the copy.
+ */
+ static inline struct sk_buff *get_packet(struct pci_dev *pdev,
++ struct freelQ *fl, unsigned int len) __size_overflow(3);
++static inline struct sk_buff *get_packet(struct pci_dev *pdev,
+ struct freelQ *fl, unsigned int len)
+ {
+ struct sk_buff *skb;
diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h
-index c5f5479..2e8c260 100644
+index c4e8643..0979484 100644
--- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h
+++ b/drivers/net/ethernet/chelsio/cxgb3/l2t.h
@@ -87,7 +87,7 @@ typedef void (*arp_failure_handler_func)(struct t3cdev * dev,
#define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb)
diff --git a/drivers/net/ethernet/chelsio/cxgb3/sge.c b/drivers/net/ethernet/chelsio/cxgb3/sge.c
-index cfb60e1..9c76da7 100644
+index cfb60e1..94af340 100644
--- a/drivers/net/ethernet/chelsio/cxgb3/sge.c
+++ b/drivers/net/ethernet/chelsio/cxgb3/sge.c
@@ -611,6 +611,8 @@ static void recycle_rx_buf(struct adapter *adap, struct sge_fl *q,
size_t sw_size, dma_addr_t * phys, void *metadata)
{
size_t len = nelem * elem_size;
+@@ -777,6 +779,8 @@ static inline unsigned int flits_to_desc(unsigned int n)
+ * be copied but there is no memory for the copy.
+ */
+ static struct sk_buff *get_packet(struct adapter *adap, struct sge_fl *fl,
++ unsigned int len, unsigned int drop_thres) __size_overflow(3);
++static struct sk_buff *get_packet(struct adapter *adap, struct sge_fl *fl,
+ unsigned int len, unsigned int drop_thres)
+ {
+ struct sk_buff *skb = NULL;
diff --git a/drivers/net/ethernet/chelsio/cxgb4/sge.c b/drivers/net/ethernet/chelsio/cxgb4/sge.c
-index 140254c..5b8a0a6 100644
+index 2dae795..73037d2 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/sge.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/sge.c
@@ -593,6 +593,9 @@ static inline void __refill_fl(struct adapter *adap, struct sge_fl *fl)
{
size_t len = nelem * elem_size + stat_size;
diff --git a/drivers/net/ethernet/chelsio/cxgb4vf/sge.c b/drivers/net/ethernet/chelsio/cxgb4vf/sge.c
-index 8d5d55a..a3c3474 100644
+index 0bd585b..d954ca5 100644
--- a/drivers/net/ethernet/chelsio/cxgb4vf/sge.c
+++ b/drivers/net/ethernet/chelsio/cxgb4vf/sge.c
-@@ -730,6 +730,9 @@ static inline void __refill_fl(struct adapter *adapter, struct sge_fl *fl)
+@@ -729,6 +729,9 @@ static inline void __refill_fl(struct adapter *adapter, struct sge_fl *fl)
*/
static void *alloc_ring(struct device *dev, size_t nelem, size_t hwsize,
size_t swsize, dma_addr_t *busaddrp, void *swringp,
{
/*
diff --git a/drivers/net/ethernet/dec/tulip/de4x5.c b/drivers/net/ethernet/dec/tulip/de4x5.c
-index 871bcaa..4043505 100644
+index 4d71f5a..8004440 100644
--- a/drivers/net/ethernet/dec/tulip/de4x5.c
+++ b/drivers/net/ethernet/dec/tulip/de4x5.c
-@@ -5397,7 +5397,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
+@@ -5392,7 +5392,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
for (i=0; i<ETH_ALEN; i++) {
tmp.addr[i] = dev->dev_addr[i];
}
break;
case DE4X5_SET_HWADDR: /* Set the hardware address */
-@@ -5437,7 +5437,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
+@@ -5432,7 +5432,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
spin_lock_irqsave(&lp->lock, flags);
memcpy(&statbuf, &lp->pktStats, ioc->len);
spin_unlock_irqrestore(&lp->lock, flags);
"21140 MII PHY",
"21142 Serial PHY",
diff --git a/drivers/net/ethernet/dec/tulip/winbond-840.c b/drivers/net/ethernet/dec/tulip/winbond-840.c
-index 4d01219..b58d26d 100644
+index 52da7b2..4ddfe1c 100644
--- a/drivers/net/ethernet/dec/tulip/winbond-840.c
+++ b/drivers/net/ethernet/dec/tulip/winbond-840.c
@@ -236,7 +236,7 @@ struct pci_id_info {
{ /* Sometime a Level-One switch card. */
"Winbond W89c840", CanHaveMII | HasBrokenTx | FDXOnNoMII},
{ "Winbond W89c840", CanHaveMII | HasBrokenTx},
+diff --git a/drivers/net/ethernet/dlink/dl2k.c b/drivers/net/ethernet/dlink/dl2k.c
+index b2dc2c8..2e09edb 100644
+--- a/drivers/net/ethernet/dlink/dl2k.c
++++ b/drivers/net/ethernet/dlink/dl2k.c
+@@ -1259,55 +1259,21 @@ rio_ioctl (struct net_device *dev, struct ifreq *rq, int cmd)
+ {
+ int phy_addr;
+ struct netdev_private *np = netdev_priv(dev);
+- struct mii_data *miidata = (struct mii_data *) &rq->ifr_ifru;
+-
+- struct netdev_desc *desc;
+- int i;
++ struct mii_ioctl_data *miidata = if_mii(rq);
+
+ phy_addr = np->phy_addr;
+ switch (cmd) {
+- case SIOCDEVPRIVATE:
++ case SIOCGMIIPHY:
++ miidata->phy_id = phy_addr;
+ break;
+-
+- case SIOCDEVPRIVATE + 1:
+- miidata->out_value = mii_read (dev, phy_addr, miidata->reg_num);
++ case SIOCGMIIREG:
++ miidata->val_out = mii_read (dev, phy_addr, miidata->reg_num);
+ break;
+- case SIOCDEVPRIVATE + 2:
+- mii_write (dev, phy_addr, miidata->reg_num, miidata->in_value);
++ case SIOCSMIIREG:
++ if (!capable(CAP_NET_ADMIN))
++ return -EPERM;
++ mii_write (dev, phy_addr, miidata->reg_num, miidata->val_in);
+ break;
+- case SIOCDEVPRIVATE + 3:
+- break;
+- case SIOCDEVPRIVATE + 4:
+- break;
+- case SIOCDEVPRIVATE + 5:
+- netif_stop_queue (dev);
+- break;
+- case SIOCDEVPRIVATE + 6:
+- netif_wake_queue (dev);
+- break;
+- case SIOCDEVPRIVATE + 7:
+- printk
+- ("tx_full=%x cur_tx=%lx old_tx=%lx cur_rx=%lx old_rx=%lx\n",
+- netif_queue_stopped(dev), np->cur_tx, np->old_tx, np->cur_rx,
+- np->old_rx);
+- break;
+- case SIOCDEVPRIVATE + 8:
+- printk("TX ring:\n");
+- for (i = 0; i < TX_RING_SIZE; i++) {
+- desc = &np->tx_ring[i];
+- printk
+- ("%02x:cur:%08x next:%08x status:%08x frag1:%08x frag0:%08x",
+- i,
+- (u32) (np->tx_ring_dma + i * sizeof (*desc)),
+- (u32)le64_to_cpu(desc->next_desc),
+- (u32)le64_to_cpu(desc->status),
+- (u32)(le64_to_cpu(desc->fraginfo) >> 32),
+- (u32)le64_to_cpu(desc->fraginfo));
+- printk ("\n");
+- }
+- printk ("\n");
+- break;
+-
+ default:
+ return -EOPNOTSUPP;
+ }
+diff --git a/drivers/net/ethernet/dlink/dl2k.h b/drivers/net/ethernet/dlink/dl2k.h
+index ba0adca..30c2da3 100644
+--- a/drivers/net/ethernet/dlink/dl2k.h
++++ b/drivers/net/ethernet/dlink/dl2k.h
+@@ -365,13 +365,6 @@ struct ioctl_data {
+ char *data;
+ };
+
+-struct mii_data {
+- __u16 reserved;
+- __u16 reg_num;
+- __u16 in_value;
+- __u16 out_value;
+-};
+-
+ /* The Rx and Tx buffer descriptors. */
+ struct netdev_desc {
+ __le64 next_desc;
diff --git a/drivers/net/ethernet/dlink/sundance.c b/drivers/net/ethernet/dlink/sundance.c
-index dcd7f7a..ecb7fb3 100644
+index 28a3a9b..d96cb63 100644
--- a/drivers/net/ethernet/dlink/sundance.c
+++ b/drivers/net/ethernet/dlink/sundance.c
@@ -218,7 +218,7 @@ enum {
{"D-Link DFE-550FX 100Mbps Fiber-optics Adapter"},
{"D-Link DFE-580TX 4 port Server Adapter"},
diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c
-index bf266a0..e024af7 100644
+index e703d64..d62ecf9 100644
--- a/drivers/net/ethernet/emulex/benet/be_main.c
+++ b/drivers/net/ethernet/emulex/benet/be_main.c
-@@ -397,7 +397,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val)
+@@ -402,7 +402,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val)
if (wrapped)
newacc += 65536;
void be_parse_stats(struct be_adapter *adapter)
diff --git a/drivers/net/ethernet/faraday/ftgmac100.c b/drivers/net/ethernet/faraday/ftgmac100.c
-index fb5579a..debdffa 100644
+index 47f85c3..82ab6c4 100644
--- a/drivers/net/ethernet/faraday/ftgmac100.c
+++ b/drivers/net/ethernet/faraday/ftgmac100.c
-@@ -30,6 +30,8 @@
+@@ -31,6 +31,8 @@
#include <linux/netdevice.h>
#include <linux/phy.h>
#include <linux/platform_device.h>
#include "ftgmac100.h"
diff --git a/drivers/net/ethernet/faraday/ftmac100.c b/drivers/net/ethernet/faraday/ftmac100.c
-index a127cb2..0d043cd 100644
+index bb336a0..4b472da 100644
--- a/drivers/net/ethernet/faraday/ftmac100.c
+++ b/drivers/net/ethernet/faraday/ftmac100.c
-@@ -30,6 +30,8 @@
+@@ -31,6 +31,8 @@
#include <linux/module.h>
#include <linux/netdevice.h>
#include <linux/platform_device.h>
#include "ftmac100.h"
diff --git a/drivers/net/ethernet/fealnx.c b/drivers/net/ethernet/fealnx.c
-index 61d2bdd..7f1154a 100644
+index c82d444..0007fb4 100644
--- a/drivers/net/ethernet/fealnx.c
+++ b/drivers/net/ethernet/fealnx.c
@@ -150,7 +150,7 @@ struct chip_info {
enum e1000_nvm_type type;
enum e1000_nvm_override override;
diff --git a/drivers/net/ethernet/intel/igb/e1000_hw.h b/drivers/net/ethernet/intel/igb/e1000_hw.h
-index 4519a13..f97fcd0 100644
+index f67cbd3..cef9e3d 100644
--- a/drivers/net/ethernet/intel/igb/e1000_hw.h
+++ b/drivers/net/ethernet/intel/igb/e1000_hw.h
@@ -314,6 +314,7 @@ struct e1000_mac_operations {
u32 timeout;
u32 usec_delay;
diff --git a/drivers/net/ethernet/intel/igbvf/vf.h b/drivers/net/ethernet/intel/igbvf/vf.h
-index d7ed58f..64cde36 100644
+index 57db3c6..aa825fc 100644
--- a/drivers/net/ethernet/intel/igbvf/vf.h
+++ b/drivers/net/ethernet/intel/igbvf/vf.h
@@ -189,9 +189,10 @@ struct e1000_mac_operations {
u32 timeout;
u32 usec_delay;
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h b/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h
-index 6c5cca8..de8ef63 100644
+index 9b95bef..7e254ee 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h
@@ -2708,6 +2708,7 @@ struct ixgbe_eeprom_operations {
- struct ixgbe_mac_operations ops;
+ ixgbe_mac_operations_no_const ops;
enum ixgbe_mac_type type;
- u8 addr[IXGBE_ETH_LENGTH_OF_ADDRESS];
- u8 perm_addr[IXGBE_ETH_LENGTH_OF_ADDRESS];
+ u8 addr[ETH_ALEN];
+ u8 perm_addr[ETH_ALEN];
@@ -2828,7 +2831,7 @@ struct ixgbe_mac_info {
};
u32 timeout;
u32 usec_delay;
diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.h b/drivers/net/ethernet/intel/ixgbevf/vf.h
-index 10306b4..28df758 100644
+index 25c951d..cc7cf33 100644
--- a/drivers/net/ethernet/intel/ixgbevf/vf.h
+++ b/drivers/net/ethernet/intel/ixgbevf/vf.h
@@ -70,6 +70,7 @@ struct ixgbe_mac_operations {
u32 timeout;
u32 udelay;
diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c
-index 94bbc85..78c12e6 100644
+index 8bf22b6..7f5baaa 100644
--- a/drivers/net/ethernet/mellanox/mlx4/main.c
+++ b/drivers/net/ethernet/mellanox/mlx4/main.c
-@@ -40,6 +40,7 @@
- #include <linux/dma-mapping.h>
+@@ -41,6 +41,7 @@
#include <linux/slab.h>
#include <linux/io-mapping.h>
+ #include <linux/delay.h>
+#include <linux/sched.h>
#include <linux/mlx4/device.h>
#define VXGE_HW_VIRTUAL_PATH_HANDLE(vpath) \
((struct __vxge_hw_vpath_handle *)(vpath)->vpath_handles.next)
diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
-index 0cf2351..56c4cef 100644
+index bbacb37..d60887d 100644
--- a/drivers/net/ethernet/realtek/r8169.c
+++ b/drivers/net/ethernet/realtek/r8169.c
-@@ -698,17 +698,17 @@ struct rtl8169_private {
+@@ -695,17 +695,17 @@ struct rtl8169_private {
struct mdio_ops {
void (*write)(void __iomem *, int, int);
int (*read)(void __iomem *, int);
int (*set_speed)(struct net_device *, u8 aneg, u16 sp, u8 dpx, u32 adv);
int (*get_settings)(struct net_device *, struct ethtool_cmd *);
diff --git a/drivers/net/ethernet/sis/sis190.c b/drivers/net/ethernet/sis/sis190.c
-index 1b4658c..a30dabb 100644
+index 5b118cd..858b523 100644
--- a/drivers/net/ethernet/sis/sis190.c
+++ b/drivers/net/ethernet/sis/sis190.c
-@@ -1624,7 +1624,7 @@ static int __devinit sis190_get_mac_addr_from_eeprom(struct pci_dev *pdev,
+@@ -1622,7 +1622,7 @@ static int __devinit sis190_get_mac_addr_from_eeprom(struct pci_dev *pdev,
static int __devinit sis190_get_mac_addr_from_apc(struct pci_dev *pdev,
struct net_device *dev)
{
struct pci_dev *isa_bridge;
u8 reg, tmp8;
diff --git a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c
-index 41e6b33..8e89b0f 100644
+index c07cfe9..81cbf7e 100644
--- a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c
+++ b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c
-@@ -139,8 +139,8 @@ void dwmac_mmc_ctrl(void __iomem *ioaddr, unsigned int mode)
+@@ -140,8 +140,8 @@ void dwmac_mmc_ctrl(void __iomem *ioaddr, unsigned int mode)
writel(value, ioaddr + MMC_CNTRL);
}
/* To mask all all interrupts.*/
+diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h
+index dec5836..6d4db7d 100644
+--- a/drivers/net/hyperv/hyperv_net.h
++++ b/drivers/net/hyperv/hyperv_net.h
+@@ -97,7 +97,7 @@ struct rndis_device {
+
+ enum rndis_device_state state;
+ bool link_state;
+- atomic_t new_req_id;
++ atomic_unchecked_t new_req_id;
+
+ spinlock_t request_lock;
+ struct list_head req_list;
+diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c
+index 133b7fb..d58c559 100644
+--- a/drivers/net/hyperv/rndis_filter.c
++++ b/drivers/net/hyperv/rndis_filter.c
+@@ -96,7 +96,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev,
+ * template
+ */
+ set = &rndis_msg->msg.set_req;
+- set->req_id = atomic_inc_return(&dev->new_req_id);
++ set->req_id = atomic_inc_return_unchecked(&dev->new_req_id);
+
+ /* Add to the request list */
+ spin_lock_irqsave(&dev->request_lock, flags);
+@@ -627,7 +627,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev)
+
+ /* Setup the rndis set */
+ halt = &request->request_msg.msg.halt_req;
+- halt->req_id = atomic_inc_return(&dev->new_req_id);
++ halt->req_id = atomic_inc_return_unchecked(&dev->new_req_id);
+
+ /* Ignore return since this msg is optional. */
+ rndis_filter_send_request(dev, request);
+diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
+index 58dc117..f140c77 100644
+--- a/drivers/net/macvtap.c
++++ b/drivers/net/macvtap.c
+@@ -526,6 +526,8 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from,
+ }
+ base = (unsigned long)from->iov_base + offset1;
+ size = ((base & ~PAGE_MASK) + len + ~PAGE_MASK) >> PAGE_SHIFT;
++ if (i + size >= MAX_SKB_FRAGS)
++ return -EFAULT;
+ num_pages = get_user_pages_fast(base, size, 0, &page[i]);
+ if ((num_pages != size) ||
+ (num_pages > MAX_SKB_FRAGS - skb_shinfo(skb)->nr_frags))
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
-index 486b404..0d6677d 100644
+index 3ed983c..a1bb418 100644
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
-@@ -987,7 +987,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
+@@ -986,7 +986,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data;
struct ppp_stats stats;
struct ppp_comp_stats cstats;
switch (cmd) {
case SIOCGPPPSTATS:
-@@ -1009,8 +1008,7 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
+@@ -1008,8 +1007,7 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
break;
case SIOCGPPPVER:
err = platform_driver_register(&sk_isa_driver);
if (err)
-diff --git a/drivers/net/tun.c b/drivers/net/tun.c
-index 7bea9c6..7ef073c 100644
---- a/drivers/net/tun.c
-+++ b/drivers/net/tun.c
-@@ -359,7 +359,7 @@ static void tun_free_netdev(struct net_device *dev)
- {
- struct tun_struct *tun = netdev_priv(dev);
-
-- sock_put(tun->socket.sk);
-+ sk_release_kernel(tun->socket.sk);
- }
-
- /* Net device open. */
-@@ -979,10 +979,18 @@ static int tun_recvmsg(struct kiocb *iocb, struct socket *sock,
- return ret;
- }
-
-+static int tun_release(struct socket *sock)
-+{
-+ if (sock->sk)
-+ sock_put(sock->sk);
-+ return 0;
-+}
-+
- /* Ops structure to mimic raw sockets with tun */
- static const struct proto_ops tun_socket_ops = {
- .sendmsg = tun_sendmsg,
- .recvmsg = tun_recvmsg,
-+ .release = tun_release,
- };
-
- static struct proto tun_proto = {
-@@ -1109,10 +1117,11 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
- tun->vnet_hdr_sz = sizeof(struct virtio_net_hdr);
-
- err = -ENOMEM;
-- sk = sk_alloc(net, AF_UNSPEC, GFP_KERNEL, &tun_proto);
-+ sk = sk_alloc(&init_net, AF_UNSPEC, GFP_KERNEL, &tun_proto);
- if (!sk)
- goto err_free_dev;
-
-+ sk_change_net(sk, net);
- tun->socket.wq = &tun->wq;
- init_waitqueue_head(&tun->wq.wait);
- tun->socket.ops = &tun_socket_ops;
-@@ -1173,7 +1182,7 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
- return 0;
-
- err_free_sk:
-- sock_put(sk);
-+ tun_free_netdev(dev);
- err_free_dev:
- free_netdev(dev);
- failed:
diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c
-index 304fe78..db112fa 100644
+index e1324b4..e1b0041 100644
--- a/drivers/net/usb/hso.c
+++ b/drivers/net/usb/hso.c
@@ -71,7 +71,7 @@
result =
hso_start_serial_device(serial_table[i], GFP_NOIO);
hso_kick_transmit(dev2ser(serial_table[i]));
-diff --git a/drivers/net/vmxnet3/vmxnet3_ethtool.c b/drivers/net/vmxnet3/vmxnet3_ethtool.c
-index e662cbc..8d4a102 100644
---- a/drivers/net/vmxnet3/vmxnet3_ethtool.c
-+++ b/drivers/net/vmxnet3/vmxnet3_ethtool.c
-@@ -601,8 +601,7 @@ vmxnet3_set_rss_indir(struct net_device *netdev,
- * Return with error code if any of the queue indices
- * is out of range
- */
-- if (p->ring_index[i] < 0 ||
-- p->ring_index[i] >= adapter->num_rx_queues)
-+ if (p->ring_index[i] >= adapter->num_rx_queues)
- return -EINVAL;
- }
-
diff --git a/drivers/net/wireless/ath/ath.h b/drivers/net/wireless/ath/ath.h
-index 0f9ee46..e2d6e65 100644
+index efc0111..79c8f5b 100644
--- a/drivers/net/wireless/ath/ath.h
+++ b/drivers/net/wireless/ath/ath.h
@@ -119,6 +119,7 @@ struct ath_ops {
{
struct ath5k_hw *ah = file->private_data;
diff --git a/drivers/net/wireless/ath/ath9k/ar9002_mac.c b/drivers/net/wireless/ath/ath9k/ar9002_mac.c
-index b592016..fe47870 100644
+index 7b6417b..ab5db98 100644
--- a/drivers/net/wireless/ath/ath9k/ar9002_mac.c
+++ b/drivers/net/wireless/ath/ath9k/ar9002_mac.c
@@ -183,8 +183,8 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
| set11nRateFlags(i->rates, 2)
| set11nRateFlags(i->rates, 3)
diff --git a/drivers/net/wireless/ath/ath9k/ar9003_mac.c b/drivers/net/wireless/ath/ath9k/ar9003_mac.c
-index f5ae3c6..7936af3 100644
+index 09b8c9d..905339e 100644
--- a/drivers/net/wireless/ath/ath9k/ar9003_mac.c
+++ b/drivers/net/wireless/ath/ath9k/ar9003_mac.c
@@ -35,47 +35,47 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads)
diff --git a/drivers/net/wireless/ath/ath9k/debug.c b/drivers/net/wireless/ath/ath9k/debug.c
-index 2741203..837a960 100644
+index 68d972b..1d9205b 100644
--- a/drivers/net/wireless/ath/ath9k/debug.c
+++ b/drivers/net/wireless/ath/ath9k/debug.c
@@ -60,6 +60,8 @@ static ssize_t read_file_debug(struct file *file, char __user *user_buf,
{
struct ath9k_htc_priv *priv = file->private_data;
diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h
-index 1bd8edf..10c6d30 100644
+index c8261d4..8d88929 100644
--- a/drivers/net/wireless/ath/ath9k/hw.h
+++ b/drivers/net/wireless/ath/ath9k/hw.h
-@@ -605,7 +605,7 @@ struct ath_hw_private_ops {
+@@ -773,7 +773,7 @@ struct ath_hw_private_ops {
/* ANI */
void (*ani_cache_ini_regs)(struct ath_hw *ah);
/**
* struct ath_hw_ops - callbacks used by hardware code and driver code
-@@ -635,7 +635,7 @@ struct ath_hw_ops {
+@@ -803,7 +803,7 @@ struct ath_hw_ops {
void (*antdiv_comb_conf_set)(struct ath_hw *ah,
struct ath_hw_antcomb_conf *antconf);
struct ath_nf_limits {
s16 max;
-@@ -655,7 +655,7 @@ enum ath_cal_list {
+@@ -823,7 +823,7 @@ enum ath_cal_list {
#define AH_FASTCC 0x4
struct ath_hw {
struct ieee80211_hw *hw;
struct ath_common common;
diff --git a/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h b/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h
-index bea8524..c677c06 100644
+index af00e2c..ab04d34 100644
--- a/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h
+++ b/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h
-@@ -547,7 +547,7 @@ struct phy_func_ptr {
+@@ -545,7 +545,7 @@ struct phy_func_ptr {
void (*carrsuppr)(struct brcms_phy *);
s32 (*rxsigpwr)(struct brcms_phy *, s32);
void (*detach)(struct brcms_phy *);
struct brcms_phy {
struct brcms_phy_pub pubpi_ro;
-diff --git a/drivers/net/wireless/iwlegacy/iwl3945-base.c b/drivers/net/wireless/iwlegacy/iwl3945-base.c
-index 05f2ad1..ae00eea 100644
---- a/drivers/net/wireless/iwlegacy/iwl3945-base.c
-+++ b/drivers/net/wireless/iwlegacy/iwl3945-base.c
-@@ -3685,7 +3685,9 @@ static int iwl3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *e
+diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c b/drivers/net/wireless/iwlegacy/3945-mac.c
+index a2ec369..36fdf14 100644
+--- a/drivers/net/wireless/iwlegacy/3945-mac.c
++++ b/drivers/net/wireless/iwlegacy/3945-mac.c
+@@ -3646,7 +3646,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
*/
- if (iwl3945_mod_params.disable_hw_scan) {
- IWL_DEBUG_INFO(priv, "Disabling hw_scan\n");
-- iwl3945_hw_ops.hw_scan = NULL;
+ if (il3945_mod_params.disable_hw_scan) {
+ D_INFO("Disabling hw_scan\n");
+- il3945_hw_ops.hw_scan = NULL;
+ pax_open_kernel();
-+ *(void **)&iwl3945_hw_ops.hw_scan = NULL;
++ *(void **)&il3945_hw_ops.hw_scan = NULL;
+ pax_close_kernel();
}
- IWL_DEBUG_INFO(priv, "*** LOAD DRIVER ***\n");
+ D_INFO("*** LOAD DRIVER ***\n");
diff --git a/drivers/net/wireless/iwlwifi/iwl-debug.h b/drivers/net/wireless/iwlwifi/iwl-debug.h
-index 69a77e2..552b42c 100644
+index f8fc239..8cade22 100644
--- a/drivers/net/wireless/iwlwifi/iwl-debug.h
+++ b/drivers/net/wireless/iwlwifi/iwl-debug.h
-@@ -71,8 +71,8 @@ do { \
+@@ -86,8 +86,8 @@ do { \
} while (0)
#else
+#define IWL_DEBUG(m, level, fmt, args...) do {} while (0)
+#define IWL_DEBUG_LIMIT(m, level, fmt, args...) do {} while (0)
#define iwl_print_hex_dump(m, level, p, len)
- #endif /* CONFIG_IWLWIFI_DEBUG */
-
+ #define IWL_DEBUG_QUIET_RFKILL(p, fmt, args...) \
+ do { \
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
-index 523ad55..f8c5dc5 100644
+index 4b9e730..7603659 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
-@@ -1678,9 +1678,11 @@ static int __init init_mac80211_hwsim(void)
+@@ -1677,9 +1677,11 @@ static int __init init_mac80211_hwsim(void)
return -EINVAL;
if (fake_hw_scan) {
spin_lock_init(&hwsim_radio_lock);
diff --git a/drivers/net/wireless/mwifiex/main.h b/drivers/net/wireless/mwifiex/main.h
-index 30f138b..c904585 100644
+index 3186aa4..b35b09f 100644
--- a/drivers/net/wireless/mwifiex/main.h
+++ b/drivers/net/wireless/mwifiex/main.h
-@@ -543,7 +543,7 @@ struct mwifiex_if_ops {
+@@ -536,7 +536,7 @@ struct mwifiex_if_ops {
void (*cleanup_mpa_buf) (struct mwifiex_adapter *);
int (*cmdrsp_complete) (struct mwifiex_adapter *, struct sk_buff *);
int (*event_complete) (struct mwifiex_adapter *, struct sk_buff *);
struct mwifiex_adapter {
u8 iface_type;
diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c
-index 0c13840..a5c3ed6 100644
+index a330c69..a81540f 100644
--- a/drivers/net/wireless/rndis_wlan.c
+++ b/drivers/net/wireless/rndis_wlan.c
-@@ -1275,7 +1275,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold)
+@@ -1278,7 +1278,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold)
netdev_dbg(usbdev->net, "%s(): %i\n", __func__, rts_threshold);
}
diff --git a/drivers/oprofile/oprof.c b/drivers/oprofile/oprof.c
-index f8c752e..28bf4fc 100644
+index ed2c3ec..deda85a 100644
--- a/drivers/oprofile/oprof.c
+++ b/drivers/oprofile/oprof.c
@@ -110,7 +110,7 @@ static void switch_worker(struct work_struct *work)
/* initialize our int15 lock */
diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c
-index 24f049e..051f66e 100644
+index 2275162..95f1a92 100644
--- a/drivers/pci/pcie/aspm.c
+++ b/drivers/pci/pcie/aspm.c
@@ -27,9 +27,9 @@
#define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1)
diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
-index dfee1b3..a454fb6 100644
+index 71eac9c..2de27ef 100644
--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -136,7 +136,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type,
&proc_bus_pci_dev_operations);
proc_initialized = 1;
diff --git a/drivers/platform/x86/asus_acpi.c b/drivers/platform/x86/asus_acpi.c
-index d9312b3..59f63f2 100644
+index 6f966d6..68e18ed 100644
--- a/drivers/platform/x86/asus_acpi.c
+++ b/drivers/platform/x86/asus_acpi.c
@@ -887,6 +887,8 @@ static int lcd_proc_open(struct inode *inode, struct file *file)
{
int rv, value;
diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c
-index 7b82868..b9344c9 100644
+index ea0c607..58c4628 100644
--- a/drivers/platform/x86/thinkpad_acpi.c
+++ b/drivers/platform/x86/thinkpad_acpi.c
@@ -2094,7 +2094,7 @@ static int hotkey_mask_get(void)
/* check if the resource is reserved */
diff --git a/drivers/power/bq27x00_battery.c b/drivers/power/bq27x00_battery.c
-index bb16f5b..c751eef 100644
+index 1ed6ea0..77c0bd2 100644
--- a/drivers/power/bq27x00_battery.c
+++ b/drivers/power/bq27x00_battery.c
-@@ -67,7 +67,7 @@
+@@ -72,7 +72,7 @@
struct bq27x00_device_info;
struct bq27x00_access_methods {
int (*read)(struct bq27x00_device_info *di, u8 reg, bool single);
enum bq27x00_chip { BQ27000, BQ27500 };
diff --git a/drivers/regulator/max8660.c b/drivers/regulator/max8660.c
-index 33f5d9a..d957d3f 100644
+index a838e66..a9e1665 100644
--- a/drivers/regulator/max8660.c
+++ b/drivers/regulator/max8660.c
@@ -383,8 +383,10 @@ static int __devinit max8660_probe(struct i2c_client *client,
/*
diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c
-index 023d17d..74ef35b 100644
+index e8cfc99..072aee2 100644
--- a/drivers/regulator/mc13892-regulator.c
+++ b/drivers/regulator/mc13892-regulator.c
-@@ -565,10 +565,12 @@ static int __devinit mc13892_regulator_probe(struct platform_device *pdev)
+@@ -574,10 +574,12 @@ static int __devinit mc13892_regulator_probe(struct platform_device *pdev)
}
mc13xxx_unlock(mc13892);
+ *(void **)&mc13892_regulators[MC13892_VCAM].desc.ops->get_mode
= mc13892_vcam_get_mode;
+ pax_close_kernel();
- for (i = 0; i < pdata->num_regulators; i++) {
- init_data = &pdata->regulators[i];
- priv->regulators[i] = regulator_register(
+
+ mc13xxx_data = mc13xxx_parse_regulators_dt(pdev, mc13892_regulators,
+ ARRAY_SIZE(mc13892_regulators));
diff --git a/drivers/rtc/rtc-dev.c b/drivers/rtc/rtc-dev.c
index cace6d3..f623fda 100644
--- a/drivers/rtc/rtc-dev.c
struct bfa_faa_cbfn_s {
diff --git a/drivers/scsi/bfa/bfa_fcpim.c b/drivers/scsi/bfa/bfa_fcpim.c
-index e07bd47..cd1bbbb 100644
+index f0f80e2..8ec946b 100644
--- a/drivers/scsi/bfa/bfa_fcpim.c
+++ b/drivers/scsi/bfa/bfa_fcpim.c
-@@ -4121,7 +4121,7 @@ bfa_fcp_attach(struct bfa_s *bfa, void *bfad, struct bfa_iocfc_cfg_s *cfg,
+@@ -3715,7 +3715,7 @@ bfa_fcp_attach(struct bfa_s *bfa, void *bfad, struct bfa_iocfc_cfg_s *cfg,
bfa_iotag_attach(fcp);
bfa_mem_kva_curp(fcp) = (u8 *)fcp->itn_arr +
(fcp->num_itns * sizeof(struct bfa_itn_s));
memset(fcp->itn_arr, 0,
-@@ -4179,7 +4179,7 @@ bfa_itn_create(struct bfa_s *bfa, struct bfa_rport_s *rport,
+@@ -3773,7 +3773,7 @@ bfa_itn_create(struct bfa_s *bfa, struct bfa_rport_s *rport,
void (*isr)(struct bfa_s *bfa, struct bfi_msg_s *m))
{
struct bfa_fcp_mod_s *fcp = BFA_FCP_MOD(bfa);
itn = BFA_ITN_FROM_TAG(fcp, rport->rport_tag);
itn->isr = isr;
diff --git a/drivers/scsi/bfa/bfa_fcpim.h b/drivers/scsi/bfa/bfa_fcpim.h
-index 1080bcb..a3b39e3 100644
+index 36f26da..38a34a8 100644
--- a/drivers/scsi/bfa/bfa_fcpim.h
+++ b/drivers/scsi/bfa/bfa_fcpim.h
@@ -37,6 +37,7 @@ struct bfa_iotag_s {
void bfa_itn_create(struct bfa_s *bfa, struct bfa_rport_s *rport,
void (*isr)(struct bfa_s *bfa, struct bfi_msg_s *m));
-@@ -149,7 +150,7 @@ struct bfa_fcp_mod_s {
+@@ -147,7 +148,7 @@ struct bfa_fcp_mod_s {
struct list_head iotag_tio_free_q; /* free IO resources */
struct list_head iotag_unused_q; /* unused IO resources*/
struct bfa_iotag_s *iotag_arr;
/* These three are default values which can be overridden */
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
-index 865d452..e9b7fa7 100644
+index b96962c..0c82ec2 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
-@@ -505,7 +505,7 @@ static inline u32 next_command(struct ctlr_info *h)
+@@ -507,7 +507,7 @@ static inline u32 next_command(struct ctlr_info *h)
u32 a;
if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant)))
if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) {
a = *(h->reply_pool_head); /* Next cmd in ring buffer */
-@@ -2989,7 +2989,7 @@ static void start_io(struct ctlr_info *h)
+@@ -2991,7 +2991,7 @@ static void start_io(struct ctlr_info *h)
while (!list_empty(&h->reqQ)) {
c = list_entry(h->reqQ.next, struct CommandList, list);
/* can't do anything if fifo is full */
dev_warn(&h->pdev->dev, "fifo full\n");
break;
}
-@@ -2999,7 +2999,7 @@ static void start_io(struct ctlr_info *h)
+@@ -3001,7 +3001,7 @@ static void start_io(struct ctlr_info *h)
h->Qdepth--;
/* Tell the controller execute command */
/* Put job onto the completed Q */
addQ(&h->cmpQ, c);
-@@ -3008,17 +3008,17 @@ static void start_io(struct ctlr_info *h)
+@@ -3010,17 +3010,17 @@ static void start_io(struct ctlr_info *h)
static inline unsigned long get_next_completion(struct ctlr_info *h)
{
(h->interrupts_enabled == 0);
}
-@@ -3917,7 +3917,7 @@ static int __devinit hpsa_pci_init(struct ctlr_info *h)
+@@ -3919,7 +3919,7 @@ static int __devinit hpsa_pci_init(struct ctlr_info *h)
if (prod_index < 0)
return -ENODEV;
h->product_name = products[prod_index].product_name;
if (hpsa_board_disabled(h->pdev)) {
dev_warn(&h->pdev->dev, "controller appears to be disabled\n");
-@@ -4162,7 +4162,7 @@ static void controller_lockup_detected(struct ctlr_info *h)
+@@ -4164,7 +4164,7 @@ static void controller_lockup_detected(struct ctlr_info *h)
assert_spin_locked(&lockup_detector_lock);
remove_ctlr_from_lockup_detector_list(h);
spin_lock_irqsave(&h->lock, flags);
h->lockup_detected = readl(h->vaddr + SA5_SCRATCHPAD_OFFSET);
spin_unlock_irqrestore(&h->lock, flags);
-@@ -4340,7 +4340,7 @@ reinit_after_soft_reset:
+@@ -4344,7 +4344,7 @@ reinit_after_soft_reset:
}
/* make sure the board interrupts are off */
if (hpsa_request_irq(h, do_hpsa_intr_msi, do_hpsa_intr_intx))
goto clean2;
-@@ -4374,7 +4374,7 @@ reinit_after_soft_reset:
+@@ -4378,7 +4378,7 @@ reinit_after_soft_reset:
* fake ones to scoop up any residual completions.
*/
spin_lock_irqsave(&h->lock, flags);
spin_unlock_irqrestore(&h->lock, flags);
free_irq(h->intr[h->intr_mode], h);
rc = hpsa_request_irq(h, hpsa_msix_discard_completions,
-@@ -4393,9 +4393,9 @@ reinit_after_soft_reset:
+@@ -4397,9 +4397,9 @@ reinit_after_soft_reset:
dev_info(&h->pdev->dev, "Board READY.\n");
dev_info(&h->pdev->dev,
"Waiting for stale completions to drain.\n");
rc = controller_reset_failed(h->cfgtable);
if (rc)
-@@ -4416,7 +4416,7 @@ reinit_after_soft_reset:
+@@ -4420,7 +4420,7 @@ reinit_after_soft_reset:
}
/* Turn the interrupts on so we can service requests */
hpsa_hba_inquiry(h);
hpsa_register_scsi(h); /* hook ourselves into SCSI subsystem */
-@@ -4468,7 +4468,7 @@ static void hpsa_shutdown(struct pci_dev *pdev)
+@@ -4472,7 +4472,7 @@ static void hpsa_shutdown(struct pci_dev *pdev)
* To write all data in the battery backed cache to disks
*/
hpsa_flush_cache(h);
free_irq(h->intr[h->intr_mode], h);
#ifdef CONFIG_PCI_MSI
if (h->msix_vector)
-@@ -4632,7 +4632,7 @@ static __devinit void hpsa_enter_performant_mode(struct ctlr_info *h,
+@@ -4636,7 +4636,7 @@ static __devinit void hpsa_enter_performant_mode(struct ctlr_info *h,
return;
}
/* Change the access methods to the performant access methods */
typedef struct ips_ha {
uint8_t ha_id[IPS_MAX_CHANNELS+1];
diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c
-index 9de9db2..1e09660 100644
+index 4d70d96..84d0573 100644
--- a/drivers/scsi/libfc/fc_exch.c
+++ b/drivers/scsi/libfc/fc_exch.c
@@ -105,12 +105,12 @@ struct fc_exch_mgr {
.qc_issue = sas_ata_qc_issue,
.qc_fill_rtf = sas_ata_qc_fill_rtf,
diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h
-index bb4c8e0..f33d849 100644
+index 825f930..ce42672 100644
--- a/drivers/scsi/lpfc/lpfc.h
+++ b/drivers/scsi/lpfc/lpfc.h
-@@ -425,7 +425,7 @@ struct lpfc_vport {
+@@ -413,7 +413,7 @@ struct lpfc_vport {
struct dentry *debug_nodelist;
struct dentry *vport_debugfs_root;
struct lpfc_debugfs_trc *disc_trc;
#endif
uint8_t stat_data_enabled;
uint8_t stat_data_blocked;
-@@ -835,8 +835,8 @@ struct lpfc_hba {
+@@ -821,8 +821,8 @@ struct lpfc_hba {
struct timer_list fabric_block_timer;
unsigned long bit_flags;
#define FABRIC_COMANDS_BLOCKED 0
unsigned long last_rsrc_error_time;
unsigned long last_ramp_down_time;
unsigned long last_ramp_up_time;
-@@ -866,7 +866,7 @@ struct lpfc_hba {
+@@ -852,7 +852,7 @@ struct lpfc_hba {
struct dentry *debug_slow_ring_trc;
struct lpfc_debugfs_trc *slow_ring_trc;
struct dentry *idiag_root;
struct dentry *idiag_pci_cfg;
diff --git a/drivers/scsi/lpfc/lpfc_debugfs.c b/drivers/scsi/lpfc/lpfc_debugfs.c
-index 2838259..a07cfb5 100644
+index 3587a3f..d45b81b 100644
--- a/drivers/scsi/lpfc/lpfc_debugfs.c
+++ b/drivers/scsi/lpfc/lpfc_debugfs.c
@@ -106,7 +106,7 @@ MODULE_PARM_DESC(lpfc_debugfs_mask_disc_trc,
dtp->jif = jiffies;
#endif
return;
-@@ -3986,7 +3986,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport)
+@@ -4040,7 +4040,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport)
"slow_ring buffer\n");
goto debug_failed;
}
memset(phba->slow_ring_trc, 0,
(sizeof(struct lpfc_debugfs_trc) *
lpfc_debugfs_max_slow_ring_trc));
-@@ -4032,7 +4032,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport)
+@@ -4086,7 +4086,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport)
"buffer\n");
goto debug_failed;
}
snprintf(name, sizeof(name), "discovery_trace");
vport->debug_disc_trc =
diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
-index 55bc4fc..a2a109c 100644
+index dfea2da..8e17227 100644
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
-@@ -10027,8 +10027,10 @@ lpfc_init(void)
+@@ -10145,8 +10145,10 @@ lpfc_init(void)
printk(LPFC_COPYRIGHT "\n");
if (lpfc_enable_npiv) {
lpfc_transport_template =
fc_attach_transport(&lpfc_transport_functions);
diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c
-index 2e1e54e..1af0a0d 100644
+index c60f5d0..751535c 100644
--- a/drivers/scsi/lpfc/lpfc_scsi.c
+++ b/drivers/scsi/lpfc/lpfc_scsi.c
@@ -305,7 +305,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba)
/**
diff --git a/drivers/scsi/pmcraid.c b/drivers/scsi/pmcraid.c
-index 5163edb..7b142bc 100644
+index ea8a0b4..812a124 100644
--- a/drivers/scsi/pmcraid.c
+++ b/drivers/scsi/pmcraid.c
@@ -200,8 +200,8 @@ static int pmcraid_slave_alloc(struct scsi_device *scsi_dev)
/* To indicate add/delete/modify during CCN */
u8 change_detected;
diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h
-index fcf052c..a8025a4 100644
+index af1003f..be55a75 100644
--- a/drivers/scsi/qla2xxx/qla_def.h
+++ b/drivers/scsi/qla2xxx/qla_def.h
-@@ -2244,7 +2244,7 @@ struct isp_operations {
- int (*get_flash_version) (struct scsi_qla_host *, void *);
+@@ -2247,7 +2247,7 @@ struct isp_operations {
int (*start_scsi) (srb_t *);
int (*abort_isp) (struct scsi_qla_host *);
+ int (*iospace_config)(struct qla_hw_data*);
-};
+} __no_const;
/* MSI-X Support *************************************************************/
diff --git a/drivers/scsi/qla4xxx/ql4_def.h b/drivers/scsi/qla4xxx/ql4_def.h
-index fd5edc6..4906148 100644
+index bfe6854..ceac088 100644
--- a/drivers/scsi/qla4xxx/ql4_def.h
+++ b/drivers/scsi/qla4xxx/ql4_def.h
-@@ -258,7 +258,7 @@ struct ddb_entry {
+@@ -261,7 +261,7 @@ struct ddb_entry {
* (4000 only) */
atomic_t relogin_timer; /* Max Time to wait for
* relogin to complete */
uint32_t default_time2wait; /* Default Min time between
* relogins (+aens) */
diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
-index 4169c8b..a8b896b 100644
+index ce6d3b7..73fac54 100644
--- a/drivers/scsi/qla4xxx/ql4_os.c
+++ b/drivers/scsi/qla4xxx/ql4_os.c
-@@ -2104,12 +2104,12 @@ void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess)
+@@ -2178,12 +2178,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess)
*/
if (!iscsi_is_session_online(cls_sess)) {
/* Reset retry relogin timer */
ddb_entry->default_time2wait + 4));
set_bit(DPC_RELOGIN_DEVICE, &ha->dpc_flags);
atomic_set(&ddb_entry->retry_relogin_timer,
-@@ -3835,7 +3835,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha,
+@@ -3953,7 +3953,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha,
atomic_set(&ddb_entry->retry_relogin_timer, INVALID_ENTRY);
atomic_set(&ddb_entry->relogin_timer, 0);
- atomic_set(&ddb_entry->relogin_retry_count, 0);
+ atomic_set_unchecked(&ddb_entry->relogin_retry_count, 0);
-
+ def_timeout = le16_to_cpu(ddb_entry->fw_ddb_entry.def_timeout);
ddb_entry->default_relogin_timeout =
- le16_to_cpu(ddb_entry->fw_ddb_entry.def_timeout);
+ (def_timeout > LOGIN_TOV) && (def_timeout < LOGIN_TOV * 10) ?
diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c
index 2aeb2e9..46e3925 100644
--- a/drivers/scsi/scsi.c
/* check if the device is still usable */
if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
-index f85cfa6..a57c9e8 100644
+index b2c95db..227d74e 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
-@@ -1416,7 +1416,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
+@@ -1411,7 +1411,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
shost = sdev->host;
scsi_init_cmd_errh(cmd);
cmd->result = DID_NO_CONNECT << 16;
/*
* SCSI request completion path will do scsi_device_unbusy(),
-@@ -1442,9 +1442,9 @@ static void scsi_softirq_done(struct request *rq)
+@@ -1437,9 +1437,9 @@ static void scsi_softirq_done(struct request *rq)
INIT_LIST_HEAD(&cmd->eh_entry);
/*
* TODO: need to fixup sg_tablesize, max_segment_size,
diff --git a/drivers/scsi/scsi_transport_fc.c b/drivers/scsi/scsi_transport_fc.c
-index 1b21491..1b7f60e 100644
+index f59d4a0..1d89407 100644
--- a/drivers/scsi/scsi_transport_fc.c
+++ b/drivers/scsi/scsi_transport_fc.c
@@ -484,7 +484,7 @@ static DECLARE_TRANSPORT_CLASS(fc_vport_class,
/*
* Check for overflow; dev_loss_tmo is u32
diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c
-index 96029e6..4d77fa0 100644
+index e3e3c7d..ebdab62 100644
--- a/drivers/scsi/scsi_transport_iscsi.c
+++ b/drivers/scsi/scsi_transport_iscsi.c
@@ -79,7 +79,7 @@ struct iscsi_internal {
static struct workqueue_struct *iscsi_eh_timer_workq;
static DEFINE_IDA(iscsi_sess_ida);
-@@ -1062,7 +1062,7 @@ int iscsi_add_session(struct iscsi_cls_session *session, unsigned int target_id)
+@@ -1063,7 +1063,7 @@ int iscsi_add_session(struct iscsi_cls_session *session, unsigned int target_id)
int err;
ihost = shost->shost_data;
if (target_id == ISCSI_MAX_TARGET) {
id = ida_simple_get(&iscsi_sess_ida, 0, 0, GFP_KERNEL);
-@@ -2663,7 +2663,7 @@ static __init int iscsi_transport_init(void)
+@@ -2680,7 +2680,7 @@ static __init int iscsi_transport_init(void)
printk(KERN_INFO "Loading iSCSI transport class v%s.\n",
ISCSI_TRANSPORT_VERSION);
transport_setup_device(&rport->dev);
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
-index 441a1c5..07cece7 100644
+index eacd46b..e3f4d62 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -1077,7 +1077,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
{"allow_dio", &adio_fops},
{"debug", &debug_fops},
{"def_reserved_size", &dressz_fops},
-@@ -2327,7 +2327,7 @@ sg_proc_init(void)
- {
- int k, mask;
- int num_leaves = ARRAY_SIZE(sg_proc_leaf_arr);
-- struct sg_proc_leaf * leaf;
-+ const struct sg_proc_leaf * leaf;
-
- sg_proc_sgp = proc_mkdir(sg_proc_sg_dirname, NULL);
+@@ -2332,7 +2332,7 @@ sg_proc_init(void)
if (!sg_proc_sgp)
+ return 1;
+ for (k = 0; k < num_leaves; ++k) {
+- struct sg_proc_leaf *leaf = &sg_proc_leaf_arr[k];
++ const struct sg_proc_leaf *leaf = &sg_proc_leaf_arr[k];
+ umode_t mask = leaf->fops->write ? S_IRUGO | S_IWUSR : S_IRUGO;
+ proc_create(leaf->name, mask, sg_proc_sgp, leaf->fops);
+ }
diff --git a/drivers/spi/spi-dw-pci.c b/drivers/spi/spi-dw-pci.c
index f64250e..1ee3049 100644
--- a/drivers/spi/spi-dw-pci.c
{ PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x0800) },
{},
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
-index 77eae99..b7cdcc9 100644
+index b2ccdea..84cde75 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -1024,7 +1024,7 @@ int spi_bus_unlock(struct spi_master *master)
static u8 *buf;
-diff --git a/drivers/staging/gma500/power.c b/drivers/staging/gma500/power.c
-index 436fe97..4082570 100644
---- a/drivers/staging/gma500/power.c
-+++ b/drivers/staging/gma500/power.c
-@@ -266,7 +266,7 @@ bool gma_power_begin(struct drm_device *dev, bool force_on)
- ret = gma_resume_pci(dev->pdev);
- if (ret == 0) {
- /* FIXME: we want to defer this for Medfield/Oaktrail */
-- gma_resume_display(dev);
-+ gma_resume_display(dev->pdev);
- psb_irq_preinstall(dev);
- psb_irq_postinstall(dev);
- pm_runtime_get(&dev->pdev->dev);
-diff --git a/drivers/staging/hv/rndis_filter.c b/drivers/staging/hv/rndis_filter.c
-index bafccb3..e3ac78d 100644
---- a/drivers/staging/hv/rndis_filter.c
-+++ b/drivers/staging/hv/rndis_filter.c
-@@ -42,7 +42,7 @@ struct rndis_device {
-
- enum rndis_device_state state;
- bool link_state;
-- atomic_t new_req_id;
-+ atomic_unchecked_t new_req_id;
-
- spinlock_t request_lock;
- struct list_head req_list;
-@@ -116,7 +116,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev,
- * template
- */
- set = &rndis_msg->msg.set_req;
-- set->req_id = atomic_inc_return(&dev->new_req_id);
-+ set->req_id = atomic_inc_return_unchecked(&dev->new_req_id);
-
- /* Add to the request list */
- spin_lock_irqsave(&dev->request_lock, flags);
-@@ -646,7 +646,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev)
-
- /* Setup the rndis set */
- halt = &request->request_msg.msg.halt_req;
-- halt->req_id = atomic_inc_return(&dev->new_req_id);
-+ halt->req_id = atomic_inc_return_unchecked(&dev->new_req_id);
-
- /* Ignore return since this msg is optional. */
- rndis_filter_send_request(dev, request);
-diff --git a/drivers/staging/iio/buffer_generic.h b/drivers/staging/iio/buffer_generic.h
-index 9e8f010..af9efb56 100644
---- a/drivers/staging/iio/buffer_generic.h
-+++ b/drivers/staging/iio/buffer_generic.h
-@@ -64,7 +64,7 @@ struct iio_buffer_access_funcs {
-
- int (*is_enabled)(struct iio_buffer *buffer);
- int (*enable)(struct iio_buffer *buffer);
--};
-+} __no_const;
-
- /**
- * struct iio_buffer_setup_ops - buffer setup related callbacks
diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c
-index 8b307b4..a97ac91 100644
+index 400df8c..065d4f4 100644
--- a/drivers/staging/octeon/ethernet-rx.c
+++ b/drivers/staging/octeon/ethernet-rx.c
@@ -420,11 +420,11 @@ static int cvm_oct_napi_poll(struct napi_struct *napi, int budget)
dev_kfree_skb_irq(skb);
}
diff --git a/drivers/staging/octeon/ethernet.c b/drivers/staging/octeon/ethernet.c
-index 076f866..2308070 100644
+index 9112cd8..92f8d51 100644
--- a/drivers/staging/octeon/ethernet.c
+++ b/drivers/staging/octeon/ethernet.c
@@ -258,11 +258,11 @@ static struct net_device_stats *cvm_oct_common_get_stats(struct net_device *dev)
#endif
}
-diff --git a/drivers/staging/pohmelfs/inode.c b/drivers/staging/pohmelfs/inode.c
-index 7a19555..466456d 100644
---- a/drivers/staging/pohmelfs/inode.c
-+++ b/drivers/staging/pohmelfs/inode.c
-@@ -1861,7 +1861,7 @@ static int pohmelfs_fill_super(struct super_block *sb, void *data, int silent)
- mutex_init(&psb->mcache_lock);
- psb->mcache_root = RB_ROOT;
- psb->mcache_timeout = msecs_to_jiffies(5000);
-- atomic_long_set(&psb->mcache_gen, 0);
-+ atomic_long_set_unchecked(&psb->mcache_gen, 0);
-
- psb->trans_max_pages = 100;
-
-@@ -1876,7 +1876,7 @@ static int pohmelfs_fill_super(struct super_block *sb, void *data, int silent)
- INIT_LIST_HEAD(&psb->crypto_ready_list);
- INIT_LIST_HEAD(&psb->crypto_active_list);
-
-- atomic_set(&psb->trans_gen, 1);
-+ atomic_set_unchecked(&psb->trans_gen, 1);
- atomic_long_set(&psb->total_inodes, 0);
-
- mutex_init(&psb->state_lock);
-diff --git a/drivers/staging/pohmelfs/mcache.c b/drivers/staging/pohmelfs/mcache.c
-index e22665c..a2a9390 100644
---- a/drivers/staging/pohmelfs/mcache.c
-+++ b/drivers/staging/pohmelfs/mcache.c
-@@ -121,7 +121,7 @@ struct pohmelfs_mcache *pohmelfs_mcache_alloc(struct pohmelfs_sb *psb, u64 start
- m->data = data;
- m->start = start;
- m->size = size;
-- m->gen = atomic_long_inc_return(&psb->mcache_gen);
-+ m->gen = atomic_long_inc_return_unchecked(&psb->mcache_gen);
-
- mutex_lock(&psb->mcache_lock);
- err = pohmelfs_mcache_insert(psb, m);
-diff --git a/drivers/staging/pohmelfs/netfs.h b/drivers/staging/pohmelfs/netfs.h
-index 985b6b7..7699e05 100644
---- a/drivers/staging/pohmelfs/netfs.h
-+++ b/drivers/staging/pohmelfs/netfs.h
-@@ -571,14 +571,14 @@ struct pohmelfs_config;
- struct pohmelfs_sb {
- struct rb_root mcache_root;
- struct mutex mcache_lock;
-- atomic_long_t mcache_gen;
-+ atomic_long_unchecked_t mcache_gen;
- unsigned long mcache_timeout;
-
- unsigned int idx;
-
- unsigned int trans_retries;
-
-- atomic_t trans_gen;
-+ atomic_unchecked_t trans_gen;
-
- unsigned int crypto_attached_size;
- unsigned int crypto_align_size;
-diff --git a/drivers/staging/pohmelfs/trans.c b/drivers/staging/pohmelfs/trans.c
-index 06c1a74..866eebc 100644
---- a/drivers/staging/pohmelfs/trans.c
-+++ b/drivers/staging/pohmelfs/trans.c
-@@ -492,7 +492,7 @@ int netfs_trans_finish(struct netfs_trans *t, struct pohmelfs_sb *psb)
- int err;
- struct netfs_cmd *cmd = t->iovec.iov_base;
-
-- t->gen = atomic_inc_return(&psb->trans_gen);
-+ t->gen = atomic_inc_return_unchecked(&psb->trans_gen);
-
- cmd->size = t->iovec.iov_len - sizeof(struct netfs_cmd) +
- t->attached_size + t->attached_pages * sizeof(struct netfs_cmd);
diff --git a/drivers/staging/rtl8192e/rtllib_module.c b/drivers/staging/rtl8192e/rtllib_module.c
-index c36a140..dd27fda 100644
+index f9dae95..ff48901 100644
--- a/drivers/staging/rtl8192e/rtllib_module.c
+++ b/drivers/staging/rtl8192e/rtllib_module.c
-@@ -228,6 +228,8 @@ static int show_debug_level(char *page, char **start, off_t offset,
+@@ -215,6 +215,8 @@ static int show_debug_level(char *page, char **start, off_t offset,
}
static int store_debug_level(struct file *file, const char __user *buffer,
return -EFAULT;
return 0;
+diff --git a/drivers/staging/speakup/speakup_soft.c b/drivers/staging/speakup/speakup_soft.c
+index 42cdafe..2769103 100644
+--- a/drivers/staging/speakup/speakup_soft.c
++++ b/drivers/staging/speakup/speakup_soft.c
+@@ -241,11 +241,11 @@ static ssize_t softsynth_read(struct file *fp, char *buf, size_t count,
+ break;
+ } else if (!initialized) {
+ if (*init) {
+- ch = *init;
+ init++;
+ } else {
+ initialized = 1;
+ }
++ ch = *init;
+ } else {
+ ch = synth_buffer_getc();
+ }
diff --git a/drivers/staging/usbip/usbip_common.h b/drivers/staging/usbip/usbip_common.h
-index be21617..0954e45 100644
+index b8f8c48..1fc5025 100644
--- a/drivers/staging/usbip/usbip_common.h
+++ b/drivers/staging/usbip/usbip_common.h
@@ -289,7 +289,7 @@ struct usbip_device {
+ } __no_const eh_ops;
};
- #if 0
+ /* usbip_common.c */
diff --git a/drivers/staging/usbip/vhci.h b/drivers/staging/usbip/vhci.h
index 88b3298..3783eee 100644
--- a/drivers/staging/usbip/vhci.h
hcd->power_budget = 0; /* no limit */
diff --git a/drivers/staging/usbip/vhci_rx.c b/drivers/staging/usbip/vhci_rx.c
-index 3872b8c..fe6d2f4 100644
+index 3f511b4..d3dbc1e 100644
--- a/drivers/staging/usbip/vhci_rx.c
+++ b/drivers/staging/usbip/vhci_rx.c
@@ -77,7 +77,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev,
/* core tmem accessor functions */
diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
-index 03d3528..6bbe82f 100644
+index 97c74ee..7f6d77d 100644
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
-@@ -1364,7 +1364,7 @@ static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf)
+@@ -1361,7 +1361,7 @@ static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf)
* outstanding_r2ts reaches zero, go ahead and send the delayed
* TASK_ABORTED status.
*/
if (--cmd->outstanding_r2ts < 1) {
iscsit_stop_dataout_timer(cmd);
diff --git a/drivers/target/target_core_tmr.c b/drivers/target/target_core_tmr.c
-index 6845228..df77141 100644
+index dcb0618..97e3d85 100644
--- a/drivers/target/target_core_tmr.c
+++ b/drivers/target/target_core_tmr.c
-@@ -250,7 +250,7 @@ static void core_tmr_drain_task_list(
+@@ -260,7 +260,7 @@ static void core_tmr_drain_task_list(
cmd->se_tfo->get_task_tag(cmd), cmd->pr_res_key,
cmd->t_task_list_num,
atomic_read(&cmd->t_task_cdbs_left),
atomic_read(&cmd->t_transport_active),
atomic_read(&cmd->t_transport_stop),
atomic_read(&cmd->t_transport_sent));
-@@ -281,7 +281,7 @@ static void core_tmr_drain_task_list(
+@@ -291,7 +291,7 @@ static void core_tmr_drain_task_list(
pr_debug("LUN_RESET: got t_transport_active = 1 for"
" task: %p, t_fe_count: %d dev: %p\n", task,
fe_count, dev);
spin_unlock_irqrestore(&cmd->t_state_lock, flags);
core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count);
-@@ -289,7 +289,7 @@ static void core_tmr_drain_task_list(
+@@ -299,7 +299,7 @@ static void core_tmr_drain_task_list(
}
pr_debug("LUN_RESET: Got t_transport_active = 0 for task: %p,"
" t_fe_count: %d dev: %p\n", task, fe_count, dev);
core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count);
diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
-index cdb774b..8753593 100644
+index cd5cd95..5249d30 100644
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
-@@ -1343,7 +1343,7 @@ struct se_device *transport_add_device_to_core_hba(
-
- dev->queue_depth = dev_limits->queue_depth;
- atomic_set(&dev->depth_left, dev->queue_depth);
+@@ -1330,7 +1330,7 @@ struct se_device *transport_add_device_to_core_hba(
+ spin_lock_init(&dev->se_port_lock);
+ spin_lock_init(&dev->se_tmr_lock);
+ spin_lock_init(&dev->qf_cmd_lock);
- atomic_set(&dev->dev_ordered_id, 0);
+ atomic_set_unchecked(&dev->dev_ordered_id, 0);
se_dev_set_default_attribs(dev, dev_limits);
-@@ -1530,7 +1530,7 @@ static int transport_check_alloc_task_attr(struct se_cmd *cmd)
+@@ -1517,7 +1517,7 @@ static int transport_check_alloc_task_attr(struct se_cmd *cmd)
* Used to determine when ORDERED commands should go from
* Dormant to Active status.
*/
smp_mb__after_atomic_inc();
pr_debug("Allocated se_ordered_id: %u for Task Attr: 0x%02x on %s\n",
cmd->se_ordered_id, cmd->sam_task_attr,
-@@ -1800,7 +1800,7 @@ static void transport_generic_request_failure(struct se_cmd *cmd)
+@@ -1862,7 +1862,7 @@ static void transport_generic_request_failure(struct se_cmd *cmd)
" t_transport_active: %d t_transport_stop: %d"
" t_transport_sent: %d\n", cmd->t_task_list_num,
atomic_read(&cmd->t_task_cdbs_left),
atomic_read(&cmd->t_task_cdbs_ex_left),
atomic_read(&cmd->t_transport_active),
atomic_read(&cmd->t_transport_stop),
-@@ -2089,9 +2089,9 @@ check_depth:
-
+@@ -2121,9 +2121,9 @@ check_depth:
+ cmd = task->task_se_cmd;
spin_lock_irqsave(&cmd->t_state_lock, flags);
task->task_flags |= (TF_ACTIVE | TF_SENT);
- atomic_inc(&cmd->t_task_cdbs_sent);
cmd->t_task_list_num)
atomic_set(&cmd->t_transport_sent, 1);
-@@ -4297,7 +4297,7 @@ bool transport_wait_for_tasks(struct se_cmd *cmd)
+@@ -4348,7 +4348,7 @@ bool transport_wait_for_tasks(struct se_cmd *cmd)
atomic_set(&cmd->transport_lun_stop, 0);
}
if (!atomic_read(&cmd->t_transport_active) ||
spin_unlock_irqrestore(&cmd->t_state_lock, flags);
return false;
}
-@@ -4546,7 +4546,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status)
+@@ -4597,7 +4597,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status)
{
int ret = 0;
if (!send_status ||
(cmd->se_cmd_flags & SCF_SENT_DELAYED_TAS))
return 1;
-@@ -4583,7 +4583,7 @@ void transport_send_task_abort(struct se_cmd *cmd)
+@@ -4634,7 +4634,7 @@ void transport_send_task_abort(struct se_cmd *cmd)
*/
if (cmd->data_direction == DMA_TO_DEVICE) {
if (cmd->se_tfo->write_pending_status(cmd) != 0) {
return NULL;
}
diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index 39d6ab6..eb97f41 100644
+index d2256d0..97476fa 100644
--- a/drivers/tty/n_tty.c
+++ b/drivers/tty/n_tty.c
@@ -2123,6 +2123,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
}
EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
-index e18604b..a7d5a11 100644
+index d8653ab..f8afd9d 100644
--- a/drivers/tty/pty.c
+++ b/drivers/tty/pty.c
-@@ -773,8 +773,10 @@ static void __init unix98_pty_init(void)
+@@ -765,8 +765,10 @@ static void __init unix98_pty_init(void)
register_sysctl_table(pty_root_table);
/* Now create the /dev/ptmx special device */
#ifdef CONFIG_KGDB_SERIAL_CONSOLE
/* This is only available if kgdboc is a built in for early debugging */
static int __init kgdboc_early_init(char *opt)
+diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
+index 7867b7c..b3c119d 100644
+--- a/drivers/tty/sysrq.c
++++ b/drivers/tty/sysrq.c
+@@ -862,7 +862,7 @@ EXPORT_SYMBOL(unregister_sysrq_key);
+ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
+ size_t count, loff_t *ppos)
+ {
+- if (count) {
++ if (count && capable(CAP_SYS_ADMIN)) {
+ char c;
+
+ if (get_user(c, buf))
diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
-index 05085be..67eadb0 100644
+index e41b9bb..84002fb 100644
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
-@@ -3240,7 +3240,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
+@@ -3291,7 +3291,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
void tty_default_fops(struct file_operations *fops)
{
/*
diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c
-index 8e0924f..4204eb4 100644
+index 24b95db..9c078d0 100644
--- a/drivers/tty/tty_ldisc.c
+++ b/drivers/tty/tty_ldisc.c
-@@ -75,7 +75,7 @@ static void put_ldisc(struct tty_ldisc *ld)
+@@ -57,7 +57,7 @@ static void put_ldisc(struct tty_ldisc *ld)
if (atomic_dec_and_lock(&ld->users, &tty_ldisc_lock)) {
struct tty_ldisc_ops *ldo = ld->ops;
module_put(ldo->owner);
spin_unlock_irqrestore(&tty_ldisc_lock, flags);
-@@ -110,7 +110,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc)
+@@ -92,7 +92,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc)
spin_lock_irqsave(&tty_ldisc_lock, flags);
tty_ldiscs[disc] = new_ldisc;
new_ldisc->num = disc;
spin_unlock_irqrestore(&tty_ldisc_lock, flags);
return ret;
-@@ -138,7 +138,7 @@ int tty_unregister_ldisc(int disc)
+@@ -120,7 +120,7 @@ int tty_unregister_ldisc(int disc)
return -EINVAL;
spin_lock_irqsave(&tty_ldisc_lock, flags);
ret = -EBUSY;
else
tty_ldiscs[disc] = NULL;
-@@ -159,7 +159,7 @@ static struct tty_ldisc_ops *get_ldops(int disc)
+@@ -141,7 +141,7 @@ static struct tty_ldisc_ops *get_ldops(int disc)
if (ldops) {
ret = ERR_PTR(-EAGAIN);
if (try_module_get(ldops->owner)) {
ret = ldops;
}
}
-@@ -172,7 +172,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops)
+@@ -154,7 +154,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops)
unsigned long flags;
spin_lock_irqsave(&tty_ldisc_lock, flags);
ret = uio_get_minor(idev);
if (ret)
diff --git a/drivers/usb/atm/cxacru.c b/drivers/usb/atm/cxacru.c
-index a845f8b..4f54072 100644
+index 98b89fe..aff824e 100644
--- a/drivers/usb/atm/cxacru.c
+++ b/drivers/usb/atm/cxacru.c
@@ -473,7 +473,7 @@ static ssize_t cxacru_sysfs_store_adsl_config(struct device *dev,
"AGP",
"PCI",
"PRO AGP",
-diff --git a/drivers/video/backlight/s6e63m0.c b/drivers/video/backlight/s6e63m0.c
-index e132157..516db70 100644
---- a/drivers/video/backlight/s6e63m0.c
-+++ b/drivers/video/backlight/s6e63m0.c
-@@ -690,7 +690,7 @@ static ssize_t s6e63m0_sysfs_store_gamma_mode(struct device *dev,
- struct backlight_device *bd = NULL;
- int brightness, rc;
-
-- rc = strict_strtoul(buf, 0, (unsigned long *)&lcd->gamma_mode);
-+ rc = kstrtouint(buf, 0, &lcd->gamma_mode);
- if (rc < 0)
- return rc;
-
diff --git a/drivers/video/fbcmap.c b/drivers/video/fbcmap.c
index 5c3960d..15cf8fc 100644
--- a/drivers/video/fbcmap.c
goto out1;
}
diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c
-index ad93629..e020fc3 100644
+index c6ce416..3b9b642 100644
--- a/drivers/video/fbmem.c
+++ b/drivers/video/fbmem.c
@@ -428,7 +428,7 @@ static void fb_do_show_logo(struct fb_info *info, struct fb_image *image,
info->fbops->fb_imageblit(info, image);
image->dy -= image->height + 8;
}
-@@ -1143,7 +1143,7 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd,
+@@ -1157,7 +1157,7 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd,
return -EFAULT;
if (con2fb.console < 1 || con2fb.console > MAX_NR_CONSOLES)
return -EINVAL;
par->dev_flags |= LOCKUP;
info->pixmap.scan_align = 1;
diff --git a/drivers/video/i810/i810_main.c b/drivers/video/i810/i810_main.c
-index 318f6fb..9a389c1 100644
+index b83f361..2b05a91 100644
--- a/drivers/video/i810/i810_main.c
+++ b/drivers/video/i810/i810_main.c
@@ -97,7 +97,7 @@ static int i810fb_blank (int blank_mode, struct fb_info *info);
+4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
+4 4 4 4 4 4
diff --git a/drivers/video/udlfb.c b/drivers/video/udlfb.c
-index 3473e75..c930142 100644
+index a40c05e..785c583 100644
--- a/drivers/video/udlfb.c
+++ b/drivers/video/udlfb.c
@@ -619,11 +619,11 @@ int dlfb_handle_damage(struct dlfb_data *dev, int x, int y,
return count;
}
diff --git a/drivers/video/uvesafb.c b/drivers/video/uvesafb.c
-index 7f8472c..9842e87 100644
+index 8408543..d6f20f1 100644
--- a/drivers/video/uvesafb.c
+++ b/drivers/video/uvesafb.c
@@ -19,6 +19,7 @@
#include <video/edid.h>
#include <video/uvesafb.h>
#ifdef CONFIG_X86
+@@ -73,7 +74,7 @@ static void uvesafb_cn_callback(struct cn_msg *msg, struct netlink_skb_parms *ns
+ struct uvesafb_task *utask;
+ struct uvesafb_ktask *task;
+
+- if (!cap_raised(current_cap(), CAP_SYS_ADMIN))
++ if (!capable(CAP_SYS_ADMIN))
+ return;
+
+ if (msg->seq >= UVESAFB_TASKS_MAX)
@@ -121,7 +122,7 @@ static int uvesafb_helper_start(void)
NULL,
};
printk(KERN_INFO "uvesafb: protected mode interface info at "
"%04x:%04x\n",
(u16)task->t.regs.es, (u16)task->t.regs.edi);
-@@ -1821,6 +1844,11 @@ out:
+@@ -816,13 +839,14 @@ static int __devinit uvesafb_vbe_init(struct fb_info *info)
+ par->ypan = ypan;
+
+ if (par->pmi_setpal || par->ypan) {
++#if !defined(CONFIG_MODULES) || !defined(CONFIG_PAX_KERNEXEC)
+ if (__supported_pte_mask & _PAGE_NX) {
+ par->pmi_setpal = par->ypan = 0;
+ printk(KERN_WARNING "uvesafb: NX protection is actively."
+ "We have better not to use the PMI.\n");
+- } else {
++ } else
++#endif
+ uvesafb_vbe_getpmi(task, par);
+- }
+ }
+ #else
+ /* The protected mode interface is not available on non-x86. */
+@@ -1828,6 +1852,11 @@ out:
if (par->vbe_modes)
kfree(par->vbe_modes);
framebuffer_release(info);
return err;
}
-@@ -1847,6 +1875,12 @@ static int uvesafb_remove(struct platform_device *dev)
+@@ -1854,6 +1883,12 @@ static int uvesafb_remove(struct platform_device *dev)
kfree(par->vbe_state_orig);
if (par->vbe_state_saved)
kfree(par->vbe_state_saved);
struct list_head list;
};
diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c
-index 879ed88..bc03a01 100644
+index 014c8dd..6f3dfe6 100644
--- a/fs/9p/vfs_inode.c
+++ b/fs/9p/vfs_inode.c
-@@ -1286,7 +1286,7 @@ static void *v9fs_vfs_follow_link(struct dentry *dentry, struct nameidata *nd)
+@@ -1303,7 +1303,7 @@ static void *v9fs_vfs_follow_link(struct dentry *dentry, struct nameidata *nd)
void
v9fs_vfs_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
{
- char *s = nd_get_link(nd);
+ const char *s = nd_get_link(nd);
- P9_DPRINTK(P9_DEBUG_VFS, " %s %s\n", dentry->d_name.name,
- IS_ERR(s) ? "<error>" : s);
+ p9_debug(P9_DEBUG_VFS, " %s %s\n",
+ dentry->d_name.name, IS_ERR(s) ? "<error>" : s);
diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt
-index 79e2ca7..5828ad1 100644
+index e95d1b6..3454244 100644
--- a/fs/Kconfig.binfmt
+++ b/fs/Kconfig.binfmt
-@@ -86,7 +86,7 @@ config HAVE_AOUT
+@@ -89,7 +89,7 @@ config HAVE_AOUT
config BINFMT_AOUT
tristate "Kernel support for a.out and ECOFF binaries"
kiocb->ki_cur_seg = 0;
/* ki_nbytes/left now reflect bytes instead of segs */
diff --git a/fs/attr.c b/fs/attr.c
-index 7ee7ba4..0c61a60 100644
+index 95053ad..2cc93ca 100644
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -99,6 +99,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset)
goto out_sig;
if (offset > inode->i_sb->s_maxbytes)
diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
-index 6861f61..a25f010 100644
+index f624cd0..3d9a559 100644
--- a/fs/autofs4/waitq.c
+++ b/fs/autofs4/waitq.c
-@@ -60,7 +60,7 @@ static int autofs4_write(struct file *file, const void *addr, int bytes)
+@@ -61,7 +61,7 @@ static int autofs4_write(struct autofs_sb_info *sbi,
{
unsigned long sigpipe, flags;
mm_segment_t fs;
+ const char __user *data = (const char __force_user *)addr;
ssize_t wr = 0;
- /** WARNING: this is not safe for writing more than PIPE_BUF bytes! **/
+ sigpipe = sigismember(¤t->pending.signal, SIGPIPE);
diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c
-index 8342ca6..82fd192 100644
+index 6e6d536..457113a 100644
--- a/fs/befs/linuxvfs.c
+++ b/fs/befs/linuxvfs.c
-@@ -503,7 +503,7 @@ static void befs_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
+@@ -502,7 +502,7 @@ static void befs_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
{
befs_inode_info *befs_ino = BEFS_I(dentry->d_inode);
if (befs_ino->i_flags & BEFS_LONG_SYMLINK) {
kfree(link);
}
diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c
-index a6395bd..f1e376a 100644
+index 1ff9405..f1e376a 100644
--- a/fs/binfmt_aout.c
+++ b/fs/binfmt_aout.c
@@ -16,6 +16,7 @@
if (ex.a_data + ex.a_bss > rlim)
return -ENOMEM;
-@@ -259,9 +266,37 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
- current->mm->free_area_cache = current->mm->mmap_base;
- current->mm->cached_hole_size = 0;
-
-+ retval = setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT);
-+ if (retval < 0) {
-+ /* Someone check-me: is this error path enough? */
-+ send_sig(SIGKILL, current, 0);
-+ return retval;
-+ }
-+
+@@ -269,6 +276,27 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
install_exec_creds(bprm);
current->flags &= ~PF_FORKNOEXEC;
if (N_MAGIC(ex) == OMAGIC) {
unsigned long text_addr, map_size;
loff_t pos;
-@@ -334,7 +369,7 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
+@@ -341,7 +369,7 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
down_write(¤t->mm->mmap_sem);
error = do_mmap(bprm->file, N_DATADDR(ex), ex.a_data,
MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,
fd_offset + ex.a_text);
up_write(¤t->mm->mmap_sem);
-@@ -352,13 +387,6 @@ beyond_if:
- return retval;
- }
-
-- retval = setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT);
-- if (retval < 0) {
-- /* Someone check-me: is this error path enough? */
-- send_sig(SIGKILL, current, 0);
-- return retval;
-- }
--
- current->mm->start_stack =
- (unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
- #ifdef __alpha__
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 6ff96c6..b5fb43a 100644
+index 07d096c..25762af 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -32,6 +32,7 @@
/* set_brk can never work. Avoid overflows. */
send_sig(SIGKILL, current, 0);
retval = -EINVAL;
-@@ -870,6 +1328,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
- start_data += load_bias;
- end_data += load_bias;
-
-+#ifdef CONFIG_PAX_RANDMMAP
-+ if (current->mm->pax_flags & MF_PAX_RANDMMAP)
-+ elf_brk += PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4);
-+#endif
-+
- /* Calling set_brk effectively mmaps the pages that we need
- * for the bss and break sections. We must do this before
- * mapping in the interpreter, to make sure it doesn't wind
-@@ -881,9 +1344,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -881,11 +1339,40 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
goto out_free_dentry;
}
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
+ */
}
++#ifdef CONFIG_PAX_RANDMMAP
++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
++ unsigned long start, size;
++
++ start = ELF_PAGEALIGN(elf_brk);
++ size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4);
++ down_write(¤t->mm->mmap_sem);
++ retval = -ENOMEM;
++ if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) {
++ unsigned long prot = PROT_NONE;
++
++ current->mm->brk_gap = PAGE_ALIGN(size) >> PAGE_SHIFT;
++// if (current->personality & ADDR_NO_RANDOMIZE)
++// prot = PROT_READ;
++ start = do_mmap(NULL, start, size, prot, MAP_ANONYMOUS | MAP_FIXED | MAP_PRIVATE, 0);
++ retval = IS_ERR_VALUE(start) ? start : 0;
++ }
++ up_write(¤t->mm->mmap_sem);
++ if (retval == 0)
++ retval = set_brk(start + size, start + size + PAGE_SIZE);
++ if (retval < 0) {
++ send_sig(SIGKILL, current, 0);
++ goto out_free_dentry;
++ }
++ }
++#endif
++
if (elf_interpreter) {
-@@ -1098,7 +1563,7 @@ out:
+ unsigned long uninitialized_var(interp_map_addr);
+
+@@ -1098,7 +1585,7 @@ out:
* Decide what to dump of a segment, part, all or none.
*/
static unsigned long vma_dump_size(struct vm_area_struct *vma,
{
#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
-@@ -1132,7 +1597,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
+@@ -1132,7 +1619,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
if (vma->vm_file == NULL)
return 0;
goto whole;
/*
-@@ -1354,9 +1819,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
+@@ -1354,9 +1841,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
{
elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
int i = 0;
fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
}
-@@ -1862,14 +2327,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
+@@ -1862,14 +2349,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
}
static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
return size;
}
-@@ -1963,7 +2428,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -1963,7 +2450,7 @@ static int elf_core_dump(struct coredump_params *cprm)
dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
offset += elf_core_extra_data_size();
e_shoff = offset;
-@@ -1977,10 +2442,12 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -1977,10 +2464,12 @@ static int elf_core_dump(struct coredump_params *cprm)
offset = dataoff;
size += sizeof(*elf);
if (size > cprm->limit
|| !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
goto end_coredump;
-@@ -1994,7 +2461,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -1994,7 +2483,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_offset = offset;
phdr.p_vaddr = vma->vm_start;
phdr.p_paddr = 0;
phdr.p_memsz = vma->vm_end - vma->vm_start;
offset += phdr.p_filesz;
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
-@@ -2005,6 +2472,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2005,6 +2494,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_align = ELF_EXEC_PAGESIZE;
size += sizeof(phdr);
if (size > cprm->limit
|| !dump_write(cprm->file, &phdr, sizeof(phdr)))
goto end_coredump;
-@@ -2029,7 +2497,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2029,7 +2519,7 @@ static int elf_core_dump(struct coredump_params *cprm)
unsigned long addr;
unsigned long end;
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
struct page *page;
-@@ -2038,6 +2506,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2038,6 +2528,7 @@ static int elf_core_dump(struct coredump_params *cprm)
page = get_dump_page(addr);
if (page) {
void *kaddr = kmap(page);
stop = ((size += PAGE_SIZE) > cprm->limit) ||
!dump_write(cprm->file, kaddr,
PAGE_SIZE);
-@@ -2055,6 +2524,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2055,6 +2546,7 @@ static int elf_core_dump(struct coredump_params *cprm)
if (e_phnum == PN_XNUM) {
size += sizeof(*shdr4extnum);
if (size > cprm->limit
|| !dump_write(cprm->file, shdr4extnum,
sizeof(*shdr4extnum)))
-@@ -2075,6 +2545,97 @@ out:
+@@ -2075,6 +2567,97 @@ out:
#endif /* CONFIG_ELF_CORE */
goto err;
}
diff --git a/fs/bio.c b/fs/bio.c
-index b1fe82c..84da0a9 100644
+index b980ecd..74800bf 100644
--- a/fs/bio.c
+++ b/fs/bio.c
-@@ -1233,7 +1233,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err)
+@@ -833,7 +833,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q,
+ /*
+ * Overflow, abort
+ */
+- if (end < start)
++ if (end < start || end - start > INT_MAX - nr_pages)
+ return ERR_PTR(-EINVAL);
+
+ nr_pages += end - start;
+@@ -1229,7 +1229,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err)
const int read = bio_data_dir(bio) == READ;
struct bio_map_data *bmd = bio->bi_private;
int i;
__bio_for_each_segment(bvec, bio, i, 0) {
char *addr = page_address(bvec->bv_page);
diff --git a/fs/block_dev.c b/fs/block_dev.c
-index abe9b48..5df59e8 100644
+index 5e9f198..6bf9b1c 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
-@@ -681,7 +681,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole,
+@@ -703,7 +703,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole,
else if (bdev->bd_contains == bdev)
return true; /* is a whole device which isn't held */
return true; /* is a partition of a device that is being partitioned */
else if (whole->bd_holder != NULL)
return false; /* is a partition of a held device */
+diff --git a/fs/btrfs/check-integrity.c b/fs/btrfs/check-integrity.c
+index d986824..af1befd 100644
+--- a/fs/btrfs/check-integrity.c
++++ b/fs/btrfs/check-integrity.c
+@@ -157,7 +157,7 @@ struct btrfsic_block {
+ union {
+ bio_end_io_t *bio;
+ bh_end_io_t *bh;
+- } orig_bio_bh_end_io;
++ } __no_const orig_bio_bh_end_io;
+ int submit_bio_bh_rw;
+ u64 flush_gen; /* only valid if !never_written */
+ };
diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
-index dede441..f2a2507 100644
+index 0639a55..7d9e07f 100644
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -488,9 +488,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans,
WARN_ON(trans->transid != btrfs_header_generation(parent));
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
-index fd1a06d..6e9033d 100644
+index 892b347..b3db246 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
-@@ -6895,7 +6895,7 @@ fail:
+@@ -6930,7 +6930,7 @@ fail:
return -ENOMEM;
}
struct dentry *dentry, struct kstat *stat)
{
struct inode *inode = dentry->d_inode;
-@@ -6909,6 +6909,14 @@ static int btrfs_getattr(struct vfsmount *mnt,
+@@ -6944,6 +6944,14 @@ static int btrfs_getattr(struct vfsmount *mnt,
return 0;
}
* If a file is moved, it will inherit the cow and compression flags of the new
* directory.
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
-index c04f02c..f5c9e2e 100644
+index 1b36f19..5ac7360 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
-@@ -2733,9 +2733,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -2783,9 +2783,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
for (i = 0; i < num_types; i++) {
struct btrfs_space_info *tmp;
info = NULL;
rcu_read_lock();
list_for_each_entry_rcu(tmp, &root->fs_info->space_info,
-@@ -2757,15 +2760,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -2807,15 +2810,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
memcpy(dest, &space, sizeof(space));
dest++;
space_args.total_spaces++;
if (copy_to_user(user_dest, dest_orig, alloc_size))
diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
-index cfb5543..1ae7347 100644
+index 8c1aae2..1e46446 100644
--- a/fs/btrfs/relocation.c
+++ b/fs/btrfs/relocation.c
@@ -1244,7 +1244,7 @@ static int __update_reloc_root(struct btrfs_root *root, int del)
kunmap(page);
if (ret != len)
diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
-index 9895400..78a67e7 100644
+index 3e8094b..cb3ff3d 100644
--- a/fs/ceph/dir.c
+++ b/fs/ceph/dir.c
@@ -244,7 +244,7 @@ static int ceph_readdir(struct file *filp, void *dirent, filldir_t filldir)
{
unsigned long subid;
diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
-index 84e8c07..6170d31 100644
+index 24b3dfc..3cd5454 100644
--- a/fs/cifs/cifs_debug.c
+++ b/fs/cifs/cifs_debug.c
@@ -265,8 +265,8 @@ static ssize_t cifs_stats_proc_write(struct file *file,
}
}
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
-index 8f1fe32..38f9e27 100644
+index 6ee1cb4..8443157 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -989,7 +989,7 @@ cifs_init_request_bufs(void)
atomic_set(&midCount, 0);
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
-index 8238aa1..0347196 100644
+index d47d20a..77e8b33 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
-@@ -392,28 +392,28 @@ struct cifs_tcon {
+@@ -388,28 +388,28 @@ struct cifs_tcon {
__u16 Flags; /* optional support bits */
enum statusEnum tidStatus;
#ifdef CONFIG_CIFS_STATS
#ifdef CONFIG_CIFS_STATS2
unsigned long long time_writes;
unsigned long long time_reads;
-@@ -628,7 +628,7 @@ convert_delimiter(char *path, char delim)
+@@ -624,7 +624,7 @@ convert_delimiter(char *path, char delim)
}
#ifdef CONFIG_CIFS_STATS
static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon,
unsigned int bytes)
-@@ -985,8 +985,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount;
+@@ -983,8 +983,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount;
/* Various Debug counters */
GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */
#ifdef CONFIG_CIFS_STATS2
return hit;
diff --git a/fs/compat.c b/fs/compat.c
-index c987875..08771ca 100644
+index 07880ba..3fb2862 100644
--- a/fs/compat.c
+++ b/fs/compat.c
-@@ -132,8 +132,8 @@ asmlinkage long compat_sys_utimes(const char __user *filename, struct compat_tim
- static int cp_compat_stat(struct kstat *stat, struct compat_stat __user *ubuf)
- {
- compat_ino_t ino = stat->ino;
-- typeof(ubuf->st_uid) uid = 0;
-- typeof(ubuf->st_gid) gid = 0;
-+ typeof(((struct compat_stat *)0)->st_uid) uid = 0;
-+ typeof(((struct compat_stat *)0)->st_gid) gid = 0;
- int err;
-
- SET_UID(uid, stat->uid);
-@@ -504,7 +504,7 @@ compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p)
+@@ -491,7 +491,7 @@ compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p)
set_fs(KERNEL_DS);
/* The __user pointer cast is valid because of the set_fs() */
set_fs(oldfs);
/* truncating is ok because it's a user address */
if (!ret)
-@@ -562,7 +562,7 @@ ssize_t compat_rw_copy_check_uvector(int type,
+@@ -549,7 +549,7 @@ ssize_t compat_rw_copy_check_uvector(int type,
goto out;
ret = -EINVAL;
goto out;
if (nr_segs > fast_segs) {
ret = -ENOMEM;
-@@ -845,6 +845,7 @@ struct compat_old_linux_dirent {
+@@ -832,6 +832,7 @@ struct compat_old_linux_dirent {
struct compat_readdir_callback {
struct compat_old_linux_dirent __user *dirent;
int result;
};
-@@ -862,6 +863,10 @@ static int compat_fillonedir(void *__buf, const char *name, int namlen,
+@@ -849,6 +850,10 @@ static int compat_fillonedir(void *__buf, const char *name, int namlen,
buf->result = -EOVERFLOW;
return -EOVERFLOW;
}
buf->result++;
dirent = buf->dirent;
if (!access_ok(VERIFY_WRITE, dirent,
-@@ -894,6 +899,7 @@ asmlinkage long compat_sys_old_readdir(unsigned int fd,
+@@ -881,6 +886,7 @@ asmlinkage long compat_sys_old_readdir(unsigned int fd,
buf.result = 0;
buf.dirent = dirent;
error = vfs_readdir(file, compat_fillonedir, &buf);
if (buf.result)
-@@ -914,6 +920,7 @@ struct compat_linux_dirent {
+@@ -901,6 +907,7 @@ struct compat_linux_dirent {
struct compat_getdents_callback {
struct compat_linux_dirent __user *current_dir;
struct compat_linux_dirent __user *previous;
int count;
int error;
};
-@@ -935,6 +942,10 @@ static int compat_filldir(void *__buf, const char *name, int namlen,
+@@ -922,6 +929,10 @@ static int compat_filldir(void *__buf, const char *name, int namlen,
buf->error = -EOVERFLOW;
return -EOVERFLOW;
}
dirent = buf->previous;
if (dirent) {
if (__put_user(offset, &dirent->d_off))
-@@ -982,6 +993,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd,
+@@ -969,6 +980,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd,
buf.previous = NULL;
buf.count = count;
buf.error = 0;
error = vfs_readdir(file, compat_filldir, &buf);
if (error >= 0)
-@@ -1003,6 +1015,7 @@ out:
+@@ -990,6 +1002,7 @@ out:
struct compat_getdents_callback64 {
struct linux_dirent64 __user *current_dir;
struct linux_dirent64 __user *previous;
int count;
int error;
};
-@@ -1019,6 +1032,10 @@ static int compat_filldir64(void * __buf, const char * name, int namlen, loff_t
+@@ -1006,6 +1019,10 @@ static int compat_filldir64(void * __buf, const char * name, int namlen, loff_t
buf->error = -EINVAL; /* only used if we fail.. */
if (reclen > buf->count)
return -EINVAL;
dirent = buf->previous;
if (dirent) {
-@@ -1070,13 +1087,14 @@ asmlinkage long compat_sys_getdents64(unsigned int fd,
+@@ -1057,13 +1074,14 @@ asmlinkage long compat_sys_getdents64(unsigned int fd,
buf.previous = NULL;
buf.count = count;
buf.error = 0;
/*
diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
-index 51352de..93292ff 100644
+index a26bea1..ae23e72 100644
--- a/fs/compat_ioctl.c
+++ b/fs/compat_ioctl.c
-@@ -210,6 +210,8 @@ static int do_video_set_spu_palette(unsigned int fd, unsigned int cmd,
+@@ -211,6 +211,8 @@ static int do_video_set_spu_palette(unsigned int fd, unsigned int cmd,
err = get_user(palp, &up->palette);
err |= get_user(length, &up->length);
up_native = compat_alloc_user_space(sizeof(struct video_spu_palette));
err = put_user(compat_ptr(palp), &up_native->palette);
-@@ -621,7 +623,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd,
+@@ -622,7 +624,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd,
return -EFAULT;
if (__get_user(udata, &ss32->iomem_base))
return -EFAULT;
if (__get_user(ss.iomem_reg_shift, &ss32->iomem_reg_shift) ||
__get_user(ss.port_high, &ss32->port_high))
return -EFAULT;
-@@ -796,7 +798,7 @@ static int compat_ioctl_preallocate(struct file *file,
+@@ -797,7 +799,7 @@ static int compat_ioctl_preallocate(struct file *file,
copy_in_user(&p->l_len, &p32->l_len, sizeof(s64)) ||
copy_in_user(&p->l_sysid, &p32->l_sysid, sizeof(s32)) ||
copy_in_user(&p->l_pid, &p32->l_pid, sizeof(u32)) ||
return -EFAULT;
return ioctl_preallocate(file, p);
-@@ -1644,8 +1646,8 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, unsigned int cmd,
+@@ -1611,8 +1613,8 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, unsigned int cmd,
static int __init init_sys32_ioctl_cmp(const void *p, const void *q)
{
unsigned int a, b;
return 1;
if (a < b)
diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c
-index 9a37a9b..35792b6 100644
+index 5ddd7eb..c18bf04 100644
--- a/fs/configfs/dir.c
+++ b/fs/configfs/dir.c
@@ -1575,7 +1575,8 @@ static int configfs_readdir(struct file * filp, void * dirent, filldir_t filldir
/*
* We'll have a dentry and an inode for
+diff --git a/fs/configfs/file.c b/fs/configfs/file.c
+index 2b6cb23..d76e879 100644
+--- a/fs/configfs/file.c
++++ b/fs/configfs/file.c
+@@ -135,6 +135,8 @@ out:
+ */
+
+ static int
++fill_write_buffer(struct configfs_buffer * buffer, const char __user * buf, size_t count) __size_overflow(3);
++static int
+ fill_write_buffer(struct configfs_buffer * buffer, const char __user * buf, size_t count)
+ {
+ int error;
diff --git a/fs/dcache.c b/fs/dcache.c
-index f7908ae..920a680 100644
+index 2576d14..0cec38d 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
-@@ -3042,7 +3042,7 @@ void __init vfs_caches_init(unsigned long mempages)
+@@ -105,10 +105,10 @@ static unsigned int d_hash_shift __read_mostly;
+ static struct hlist_bl_head *dentry_hashtable __read_mostly;
+
+ static inline struct hlist_bl_head *d_hash(const struct dentry *parent,
+- unsigned long hash)
++ unsigned int hash)
+ {
+- hash += ((unsigned long) parent ^ GOLDEN_RATIO_PRIME) / L1_CACHE_BYTES;
+- hash = hash ^ ((hash ^ GOLDEN_RATIO_PRIME) >> D_HASHBITS);
++ hash += (unsigned long) parent / L1_CACHE_BYTES;
++ hash = hash + (hash >> D_HASHBITS);
+ return dentry_hashtable + (hash & D_HASHMASK);
+ }
+
+@@ -3067,7 +3067,7 @@ void __init vfs_caches_init(unsigned long mempages)
mempages -= reserve;
names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
dcache_init();
inode_init();
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
-index f3a257d..715ac0f 100644
+index 956d5dd..e755e04 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
@@ -261,7 +261,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file);
}
EXPORT_SYMBOL_GPL(debugfs_create_dir);
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
-index af11098..81e3bbe 100644
+index ab35b11..b30af66 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
-@@ -691,7 +691,7 @@ static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf,
+@@ -672,7 +672,7 @@ static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf,
old_fs = get_fs();
set_fs(get_ds());
rc = lower_dentry->d_inode->i_op->readlink(lower_dentry,
lower_bufsiz);
set_fs(old_fs);
if (rc < 0)
-@@ -737,7 +737,7 @@ static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd)
+@@ -718,7 +718,7 @@ static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd)
}
old_fs = get_fs();
set_fs(get_ds());
set_fs(old_fs);
if (rc < 0) {
kfree(buf);
-@@ -752,7 +752,7 @@ out:
+@@ -733,7 +733,7 @@ out:
static void
ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr)
{
/* Free the char* */
kfree(buf);
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
-index 0dc5a3d..d3cdeea 100644
+index 3a06f40..f7af544 100644
--- a/fs/ecryptfs/miscdev.c
+++ b/fs/ecryptfs/miscdev.c
-@@ -328,7 +328,7 @@ check_list:
+@@ -345,7 +345,7 @@ check_list:
goto out_unlock_msg_ctx;
- i = 5;
+ i = PKT_TYPE_SIZE + PKT_CTR_SIZE;
if (msg_ctx->msg) {
- if (copy_to_user(&buf[i], packet_length, packet_length_size))
+ if (packet_length_size > sizeof(packet_length) || copy_to_user(&buf[i], packet_length, packet_length_size))
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c
-index 608c1c3..7d040a8 100644
+index b2a34a1..162fa69 100644
--- a/fs/ecryptfs/read_write.c
+++ b/fs/ecryptfs/read_write.c
@@ -48,7 +48,7 @@ int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data,
return rc;
}
diff --git a/fs/exec.c b/fs/exec.c
-index 3625464..ff895b9 100644
+index ae42277..32c9035 100644
--- a/fs/exec.c
+++ b/fs/exec.c
-@@ -55,12 +55,28 @@
+@@ -55,6 +55,13 @@
#include <linux/pipe_fs_i.h>
#include <linux/oom.h>
#include <linux/compat.h>
#include <asm/uaccess.h>
#include <asm/mmu_context.h>
- #include <asm/tlb.h>
+@@ -63,6 +70,15 @@
+ #include <trace/events/task.h>
#include "internal.h"
+#ifndef CONFIG_PAX_HAVE_ACL_FLAGS
int core_uses_pid;
char core_pattern[CORENAME_MAX_SIZE] = "core";
unsigned int core_pipe_limit;
-@@ -70,7 +86,7 @@ struct core_name {
+@@ -72,7 +88,7 @@ struct core_name {
char *corename;
int used, size;
};
/* The maximal length of core_pattern is also specified in sysctl.c */
-@@ -188,18 +204,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
+@@ -190,18 +206,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
int write)
{
struct page *page;
return NULL;
if (write) {
-@@ -215,6 +223,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
+@@ -217,6 +225,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
if (size <= ARG_MAX)
return page;
/*
* Limit to 1/4-th the stack size for the argv+env strings.
* This ensures that:
-@@ -274,6 +293,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
+@@ -276,6 +295,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
vma->vm_end = STACK_TOP_MAX;
vma->vm_start = vma->vm_end - PAGE_SIZE;
vma->vm_flags = VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP;
vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
INIT_LIST_HEAD(&vma->anon_vma_chain);
-@@ -288,6 +312,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
+@@ -290,6 +314,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
mm->stack_vm = mm->total_vm = 1;
up_write(&mm->mmap_sem);
bprm->p = vma->vm_end - sizeof(void *);
return 0;
err:
up_write(&mm->mmap_sem);
-@@ -396,19 +426,7 @@ err:
+@@ -398,19 +428,7 @@ err:
return err;
}
{
const char __user *native;
-@@ -417,14 +435,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr)
+@@ -419,14 +437,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr)
compat_uptr_t compat;
if (get_user(compat, argv.ptr.compat + nr))
return native;
}
-@@ -443,7 +461,7 @@ static int count(struct user_arg_ptr argv, int max)
+@@ -445,7 +463,7 @@ static int count(struct user_arg_ptr argv, int max)
if (!p)
break;
return -EFAULT;
if (i++ >= max)
-@@ -477,7 +495,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv,
+@@ -479,7 +497,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv,
ret = -EFAULT;
str = get_user_arg_ptr(argv, argc);
goto out;
len = strnlen_user(str, MAX_ARG_STRLEN);
-@@ -559,7 +577,7 @@ int copy_strings_kernel(int argc, const char *const *__argv,
+@@ -561,7 +579,7 @@ int copy_strings_kernel(int argc, const char *const *__argv,
int r;
mm_segment_t oldfs = get_fs();
struct user_arg_ptr argv = {
};
set_fs(KERNEL_DS);
-@@ -594,7 +612,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
+@@ -596,7 +614,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
unsigned long new_end = old_end - shift;
struct mmu_gather tlb;
/*
* ensure there are no vmas between where we want to go
-@@ -603,6 +622,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
+@@ -605,6 +624,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
if (vma != find_vma(mm, new_start))
return -EFAULT;
/*
* cover the whole range: [new_start, old_end)
*/
-@@ -683,10 +706,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
+@@ -685,10 +708,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
stack_top = arch_align_stack(stack_top);
stack_top = PAGE_ALIGN(stack_top);
stack_shift = vma->vm_end - stack_top;
bprm->p -= stack_shift;
-@@ -698,8 +717,28 @@ int setup_arg_pages(struct linux_binprm *bprm,
+@@ -700,8 +719,28 @@ int setup_arg_pages(struct linux_binprm *bprm,
bprm->exec -= stack_shift;
down_write(&mm->mmap_sem);
/*
* Adjust stack execute permissions; explicitly enable for
* EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone
-@@ -718,13 +757,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
+@@ -720,13 +759,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
goto out_unlock;
BUG_ON(prev != vma);
/* mprotect_fixup is overkill to remove the temporary stack flags */
vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP;
-@@ -805,7 +837,7 @@ int kernel_read(struct file *file, loff_t offset,
+@@ -807,7 +839,7 @@ int kernel_read(struct file *file, loff_t offset,
old_fs = get_fs();
set_fs(get_ds());
/* The cast to a user pointer is valid due to the set_fs() */
set_fs(old_fs);
return result;
}
-@@ -1067,6 +1099,21 @@ void set_task_comm(struct task_struct *tsk, char *buf)
- perf_event_comm(tsk);
- }
-
-+static void filename_to_taskname(char *tcomm, const char *fn, unsigned int len)
-+{
-+ int i, ch;
-+
-+ /* Copies the binary name from after last slash */
-+ for (i = 0; (ch = *(fn++)) != '\0';) {
-+ if (ch == '/')
-+ i = 0; /* overwrite what we wrote */
-+ else
-+ if (i < len - 1)
-+ tcomm[i++] = ch;
-+ }
-+ tcomm[i] = '\0';
-+}
-+
- int flush_old_exec(struct linux_binprm * bprm)
- {
- int retval;
-@@ -1081,6 +1128,7 @@ int flush_old_exec(struct linux_binprm * bprm)
-
- set_mm_exe_file(bprm->mm, bprm->file);
-
-+ filename_to_taskname(bprm->tcomm, bprm->filename, sizeof(bprm->tcomm));
- /*
- * Release all of the old mmap stuff
- */
-@@ -1112,10 +1160,6 @@ EXPORT_SYMBOL(would_dump);
-
- void setup_new_exec(struct linux_binprm * bprm)
- {
-- int i, ch;
-- const char *name;
-- char tcomm[sizeof(current->comm)];
--
- arch_pick_mmap_layout(current->mm);
-
- /* This is the point of no return */
-@@ -1126,18 +1170,7 @@ void setup_new_exec(struct linux_binprm * bprm)
- else
- set_dumpable(current->mm, suid_dumpable);
-
-- name = bprm->filename;
--
-- /* Copies the binary name from after last slash */
-- for (i=0; (ch = *(name++)) != '\0';) {
-- if (ch == '/')
-- i = 0; /* overwrite what we wrote */
-- else
-- if (i < (sizeof(tcomm) - 1))
-- tcomm[i++] = ch;
-- }
-- tcomm[i] = '\0';
-- set_task_comm(current, tcomm);
-+ set_task_comm(current, bprm->tcomm);
-
- /* Set the new mm task size. We have to do that late because it may
- * depend on TIF_32BIT which is only updated in flush_thread() on
-@@ -1247,7 +1280,7 @@ int check_unsafe_exec(struct linux_binprm *bprm)
+@@ -1255,7 +1287,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm)
}
rcu_read_unlock();
bprm->unsafe |= LSM_UNSAFE_SHARE;
} else {
res = -EAGAIN;
-@@ -1442,6 +1475,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
+@@ -1450,6 +1482,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
EXPORT_SYMBOL(search_binary_handler);
/*
* sys_execve() executes a new program.
*/
-@@ -1450,6 +1505,11 @@ static int do_execve_common(const char *filename,
+@@ -1458,6 +1512,11 @@ static int do_execve_common(const char *filename,
struct user_arg_ptr envp,
struct pt_regs *regs)
{
struct linux_binprm *bprm;
struct file *file;
struct files_struct *displaced;
-@@ -1457,6 +1517,8 @@ static int do_execve_common(const char *filename,
+@@ -1465,6 +1524,8 @@ static int do_execve_common(const char *filename,
int retval;
const struct cred *cred = current_cred();
/*
* We move the actual failure in case of RLIMIT_NPROC excess from
* set*uid() to execve() because too many poorly written programs
-@@ -1497,12 +1559,27 @@ static int do_execve_common(const char *filename,
+@@ -1505,12 +1566,27 @@ static int do_execve_common(const char *filename,
if (IS_ERR(file))
goto out_unmark;
retval = bprm_mm_init(bprm);
if (retval)
goto out_file;
-@@ -1519,24 +1596,65 @@ static int do_execve_common(const char *filename,
+@@ -1527,24 +1603,65 @@ static int do_execve_common(const char *filename,
if (retval < 0)
goto out;
current->fs->in_exec = 0;
current->in_execve = 0;
acct_update_integrals(current);
-@@ -1545,6 +1663,14 @@ static int do_execve_common(const char *filename,
+@@ -1553,6 +1670,14 @@ static int do_execve_common(const char *filename,
put_files_struct(displaced);
return retval;
out:
if (bprm->mm) {
acct_arg_size(bprm, 0);
-@@ -1618,7 +1744,7 @@ static int expand_corename(struct core_name *cn)
+@@ -1626,7 +1751,7 @@ static int expand_corename(struct core_name *cn)
{
char *old_corename = cn->corename;
cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL);
if (!cn->corename) {
-@@ -1715,7 +1841,7 @@ static int format_corename(struct core_name *cn, long signr)
+@@ -1723,7 +1848,7 @@ static int format_corename(struct core_name *cn, long signr)
int pid_in_pattern = 0;
int err = 0;
cn->corename = kmalloc(cn->size, GFP_KERNEL);
cn->used = 0;
-@@ -1812,6 +1938,228 @@ out:
+@@ -1820,6 +1945,228 @@ out:
return ispipe;
}
static int zap_process(struct task_struct *start, int exit_code)
{
struct task_struct *t;
-@@ -2023,17 +2371,17 @@ static void wait_for_dump_helpers(struct file *file)
+@@ -2017,17 +2364,17 @@ static void wait_for_dump_helpers(struct file *file)
pipe = file->f_path.dentry->d_inode->i_pipe;
pipe_lock(pipe);
pipe_unlock(pipe);
}
-@@ -2094,7 +2442,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
+@@ -2088,7 +2435,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
int retval = 0;
int flag = 0;
int ispipe;
struct coredump_params cprm = {
.signr = signr,
.regs = regs,
-@@ -2109,6 +2457,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
+@@ -2103,6 +2450,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
audit_core_dumps(signr);
binfmt = mm->binfmt;
if (!binfmt || !binfmt->core_dump)
goto fail;
-@@ -2176,7 +2527,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
+@@ -2170,7 +2520,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
}
cprm.limit = RLIM_INFINITY;
if (core_pipe_limit && (core_pipe_limit < dump_count)) {
printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n",
task_tgid_vnr(current), current->comm);
-@@ -2203,6 +2554,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
+@@ -2197,6 +2547,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
} else {
struct inode *inode;
if (cprm.limit < binfmt->min_coredump)
goto fail_unlock;
-@@ -2246,7 +2599,7 @@ close_fail:
+@@ -2240,7 +2592,7 @@ close_fail:
filp_close(cprm.file, NULL);
fail_dropcount:
if (ispipe)
fail_unlock:
kfree(cn.corename);
fail_corename:
-@@ -2265,7 +2618,7 @@ fail:
+@@ -2259,7 +2611,7 @@ fail:
*/
int dump_write(struct file *file, const void *addr, int nr)
{
}
return 1;
diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
-index 12ccacd..a6035fce0 100644
+index f9e2cd8..bfdc476 100644
--- a/fs/ext4/balloc.c
+++ b/fs/ext4/balloc.c
-@@ -436,8 +436,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
+@@ -438,8 +438,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
/* Hm, nope. Are (enough) root reserved clusters available? */
if (sbi->s_resuid == current_fsuid() ||
((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) ||
if (free_clusters >= (nclusters + dirty_clusters))
return 1;
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
-index 5b0e26a..0aa002d 100644
+index 9983ba8..2a5272c 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
-@@ -1208,19 +1208,19 @@ struct ext4_sb_info {
+@@ -1217,19 +1217,19 @@ struct ext4_sb_info {
unsigned long s_mb_last_start;
/* stats for buddy allocator */
/* locality groups */
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
-index e2d8be8..c7f0ce9 100644
+index cb990b2..4820141 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -1794,7 +1794,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
return -EMFILE;
diff --git a/fs/filesystems.c b/fs/filesystems.c
-index 0845f84..7b4ebef 100644
+index 96f2428..f5eeb8e 100644
--- a/fs/filesystems.c
+++ b/fs/filesystems.c
-@@ -274,7 +274,12 @@ struct file_system_type *get_fs_type(const char *name)
+@@ -273,7 +273,12 @@ struct file_system_type *get_fs_type(const char *name)
int len = dot ? dot - name : strlen(name);
fs = __get_fs_type(name, len);
cuse_class = class_create(THIS_MODULE, "cuse");
if (IS_ERR(cuse_class))
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
-index 2aaf3ea..8e50863 100644
+index 5f3368a..8306426 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -1242,7 +1242,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
if (!ret)
ret = -EPIPE;
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
-index 9f63e49..d8a64c0 100644
+index 2066328..f5add3b 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
-@@ -1147,7 +1147,7 @@ static char *read_link(struct dentry *dentry)
+@@ -1175,7 +1175,7 @@ static char *read_link(struct dentry *dentry)
return link;
}
if (!IS_ERR(link))
free_page((unsigned long) link);
diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c
-index cfd4959..a780959 100644
+index 5698746..6086012 100644
--- a/fs/gfs2/inode.c
+++ b/fs/gfs2/inode.c
-@@ -1490,7 +1490,7 @@ out:
+@@ -1487,7 +1487,7 @@ out:
static void gfs2_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
{
kfree(s);
}
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
-index 0be5a78..9cfb853 100644
+index c60267e..193d9e4 100644
--- a/fs/hugetlbfs/inode.c
+++ b/fs/hugetlbfs/inode.c
-@@ -915,7 +915,7 @@ static struct file_system_type hugetlbfs_fs_type = {
+@@ -902,7 +902,7 @@ static struct file_system_type hugetlbfs_fs_type = {
.kill_sb = kill_litter_super,
};
static int can_do_hugetlb_shm(void)
{
diff --git a/fs/inode.c b/fs/inode.c
-index ee4e66b..9a39f9c 100644
+index 83ab215..8842101 100644
--- a/fs/inode.c
+++ b/fs/inode.c
-@@ -787,8 +787,8 @@ unsigned int get_next_ino(void)
+@@ -870,8 +870,8 @@ unsigned int get_next_ino(void)
#ifdef CONFIG_SMP
if (unlikely((res & (LAST_INO_BATCH-1)) == 0)) {
res = next - LAST_INO_BATCH;
}
-@@ -855,8 +855,7 @@ void lockdep_annotate_inode_mutex_key(struct inode *inode)
- struct file_system_type *type = inode->i_sb->s_type;
-
- /* Set new key only if filesystem hasn't already changed it */
-- if (!lockdep_match_class(&inode->i_mutex,
-- &type->i_mutex_key)) {
-+ if (lockdep_match_class(&inode->i_mutex, &type->i_mutex_key)) {
- /*
- * ensure nobody is actually holding i_mutex
- */
-@@ -883,6 +882,7 @@ void unlock_new_inode(struct inode *inode)
- spin_lock(&inode->i_lock);
- WARN_ON(!(inode->i_state & I_NEW));
- inode->i_state &= ~I_NEW;
-+ smp_mb();
- wake_up_bit(&inode->i_state, __I_NEW);
- spin_unlock(&inode->i_lock);
- }
diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c
-index e513f19..2ab1351 100644
+index eafb8d3..f423d37 100644
--- a/fs/jffs2/erase.c
+++ b/fs/jffs2/erase.c
-@@ -439,7 +439,8 @@ static void jffs2_mark_erased_block(struct jffs2_sb_info *c, struct jffs2_eraseb
+@@ -438,7 +438,8 @@ static void jffs2_mark_erased_block(struct jffs2_sb_info *c, struct jffs2_eraseb
struct jffs2_unknown_node marker = {
.magic = cpu_to_je16(JFFS2_MAGIC_BITMASK),
.nodetype = cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
jffs2_prealloc_raw_node_refs(c, jeb, 1);
diff --git a/fs/jffs2/wbuf.c b/fs/jffs2/wbuf.c
-index b09e51d..e482afa 100644
+index 30e8f47..21f600c 100644
--- a/fs/jffs2/wbuf.c
+++ b/fs/jffs2/wbuf.c
-@@ -1011,7 +1011,8 @@ static const struct jffs2_unknown_node oob_cleanmarker =
+@@ -1012,7 +1012,8 @@ static const struct jffs2_unknown_node oob_cleanmarker =
{
.magic = constant_cpu_to_je16(JFFS2_MAGIC_BITMASK),
.nodetype = constant_cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
/*
diff --git a/fs/jfs/super.c b/fs/jfs/super.c
-index a44eff0..462e07d 100644
+index 682bca6..86b8e6e 100644
--- a/fs/jfs/super.c
+++ b/fs/jfs/super.c
-@@ -802,7 +802,7 @@ static int __init init_jfs_fs(void)
+@@ -801,7 +801,7 @@ static int __init init_jfs_fs(void)
jfs_inode_cachep =
kmem_cache_create("jfs_ip", sizeof(struct jfs_inode_info), 0,
if (jfs_inode_cachep == NULL)
return -ENOMEM;
diff --git a/fs/libfs.c b/fs/libfs.c
-index f6d411e..e82a08d 100644
+index 5b2dbb3..7442d54 100644
--- a/fs/libfs.c
+++ b/fs/libfs.c
@@ -165,6 +165,9 @@ int dcache_readdir(struct file * filp, void * dirent, filldir_t filldir)
memcpy(c->data, &cookie, 4);
c->len=4;
diff --git a/fs/locks.c b/fs/locks.c
-index 637694b..f84a121 100644
+index 0d68f1f..f216b79 100644
--- a/fs/locks.c
+++ b/fs/locks.c
-@@ -2074,16 +2074,16 @@ void locks_remove_flock(struct file *filp)
+@@ -2075,16 +2075,16 @@ void locks_remove_flock(struct file *filp)
return;
if (filp->f_op && filp->f_op->flock) {
lock_flocks();
diff --git a/fs/namei.c b/fs/namei.c
-index 9680cef..a19f203 100644
+index 46ea9cc..c7cf3a3 100644
--- a/fs/namei.c
+++ b/fs/namei.c
-@@ -279,16 +279,32 @@ int generic_permission(struct inode *inode, int mask)
+@@ -278,16 +278,32 @@ int generic_permission(struct inode *inode, int mask)
if (ret != -EACCES)
return ret;
* Read/write DACs are always overridable.
* Executable DACs are overridable when there is
* at least one exec bit set.
-@@ -297,14 +313,6 @@ int generic_permission(struct inode *inode, int mask)
+@@ -296,14 +312,6 @@ int generic_permission(struct inode *inode, int mask)
if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
return 0;
return -EACCES;
}
-@@ -653,11 +661,19 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
+@@ -652,11 +660,19 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
return error;
}
error = 0;
if (s)
error = __vfs_follow_link(nd, s);
-@@ -1624,6 +1640,21 @@ static int path_lookupat(int dfd, const char *name,
+@@ -1650,6 +1666,21 @@ static int path_lookupat(int dfd, const char *name,
if (!err)
err = complete_walk(nd);
if (!err && nd->flags & LOOKUP_DIRECTORY) {
if (!nd->inode->i_op->lookup) {
path_put(&nd->path);
-@@ -1651,6 +1682,15 @@ static int do_path_lookup(int dfd, const char *name,
+@@ -1677,6 +1708,15 @@ static int do_path_lookup(int dfd, const char *name,
retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd);
if (likely(!retval)) {
if (unlikely(!audit_dummy_context())) {
if (nd->path.dentry && nd->inode)
audit_inode(name, nd->path.dentry);
-@@ -2048,6 +2088,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
+@@ -2071,6 +2111,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
if (flag & O_NOATIME && !inode_owner_or_capable(inode))
return -EPERM;
return 0;
}
-@@ -2109,6 +2156,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
+@@ -2132,6 +2179,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
error = complete_walk(nd);
if (error)
return ERR_PTR(error);
audit_inode(pathname, nd->path.dentry);
if (open_flag & O_CREAT) {
error = -EISDIR;
-@@ -2119,6 +2176,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
+@@ -2142,6 +2199,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
error = complete_walk(nd);
if (error)
return ERR_PTR(error);
audit_inode(pathname, dir);
goto ok;
}
-@@ -2140,6 +2207,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
+@@ -2163,6 +2230,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
error = complete_walk(nd);
if (error)
return ERR_PTR(error);
error = -ENOTDIR;
if (nd->flags & LOOKUP_DIRECTORY) {
-@@ -2180,6 +2257,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
+@@ -2203,6 +2280,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
/* Negative dentry, just create the file */
if (!dentry->d_inode) {
- int mode = op->mode;
+ umode_t mode = op->mode;
+
+ if (!gr_acl_handle_creat(path->dentry, nd->path.dentry, path->mnt, open_flag, acc_mode, mode)) {
+ error = -EACCES;
if (!IS_POSIXACL(dir->d_inode))
mode &= ~current_umask();
/*
-@@ -2203,6 +2286,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
+@@ -2226,6 +2309,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
error = vfs_create(dir->d_inode, dentry, mode, nd);
if (error)
goto exit_mutex_unlock;
mutex_unlock(&dir->d_inode->i_mutex);
dput(nd->path.dentry);
nd->path.dentry = dentry;
-@@ -2212,6 +2297,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
+@@ -2235,6 +2320,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
/*
* It already exists.
*/
mutex_unlock(&dir->d_inode->i_mutex);
audit_inode(pathname, path->dentry);
-@@ -2424,6 +2522,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path
+@@ -2447,6 +2545,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path
*path = nd.path;
return dentry;
eexist:
dput(dentry);
dentry = ERR_PTR(-EEXIST);
fail:
-@@ -2446,6 +2549,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat
+@@ -2469,6 +2572,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat
}
EXPORT_SYMBOL(user_path_create);
+ return res;
+}
+
- int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
+ int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
{
int error = may_create(dir, dentry);
-@@ -2513,6 +2630,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
+@@ -2536,6 +2653,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode,
error = mnt_want_write(path.mnt);
if (error)
goto out_dput;
error = security_path_mknod(&path, dentry, mode, dev);
if (error)
goto out_drop_write;
-@@ -2530,6 +2658,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
+@@ -2553,6 +2681,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode,
}
out_drop_write:
mnt_drop_write(path.mnt);
out_dput:
dput(dentry);
mutex_unlock(&path.dentry->d_inode->i_mutex);
-@@ -2579,12 +2710,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
+@@ -2602,12 +2733,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, umode_t, mode)
error = mnt_want_write(path.mnt);
if (error)
goto out_dput;
out_dput:
dput(dentry);
mutex_unlock(&path.dentry->d_inode->i_mutex);
-@@ -2664,6 +2804,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -2687,6 +2827,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
char * name;
struct dentry *dentry;
struct nameidata nd;
error = user_path_parent(dfd, pathname, &nd, &name);
if (error)
-@@ -2692,6 +2834,15 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -2715,6 +2857,15 @@ static long do_rmdir(int dfd, const char __user *pathname)
error = -ENOENT;
goto exit3;
}
error = mnt_want_write(nd.path.mnt);
if (error)
goto exit3;
-@@ -2699,6 +2850,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -2722,6 +2873,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
if (error)
goto exit4;
error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
exit4:
mnt_drop_write(nd.path.mnt);
exit3:
-@@ -2761,6 +2914,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -2784,6 +2937,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
struct dentry *dentry;
struct nameidata nd;
struct inode *inode = NULL;
error = user_path_parent(dfd, pathname, &nd, &name);
if (error)
-@@ -2783,6 +2938,16 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -2806,6 +2961,16 @@ static long do_unlinkat(int dfd, const char __user *pathname)
if (!inode)
goto slashes;
ihold(inode);
error = mnt_want_write(nd.path.mnt);
if (error)
goto exit2;
-@@ -2790,6 +2955,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -2813,6 +2978,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
if (error)
goto exit3;
error = vfs_unlink(nd.path.dentry->d_inode, dentry);
exit3:
mnt_drop_write(nd.path.mnt);
exit2:
-@@ -2865,10 +3032,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
+@@ -2888,10 +3055,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
error = mnt_want_write(path.mnt);
if (error)
goto out_dput;
out_drop_write:
mnt_drop_write(path.mnt);
out_dput:
-@@ -2940,6 +3115,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -2963,6 +3138,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
{
struct dentry *new_dentry;
struct path old_path, new_path;
int how = 0;
int error;
-@@ -2963,7 +3139,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -2986,7 +3162,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
if (error)
return error;
error = PTR_ERR(new_dentry);
if (IS_ERR(new_dentry))
goto out;
-@@ -2974,13 +3150,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -2997,13 +3173,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
error = mnt_want_write(new_path.mnt);
if (error)
goto out_dput;
dput(new_dentry);
mutex_unlock(&new_path.dentry->d_inode->i_mutex);
path_put(&new_path);
-@@ -3208,6 +3401,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
+@@ -3231,6 +3424,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
if (new_dentry == trap)
goto exit5;
error = mnt_want_write(oldnd.path.mnt);
if (error)
goto exit5;
-@@ -3217,6 +3416,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
+@@ -3240,6 +3439,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
goto exit6;
error = vfs_rename(old_dir->d_inode, old_dentry,
new_dir->d_inode, new_dentry);
exit6:
mnt_drop_write(oldnd.path.mnt);
exit5:
-@@ -3242,6 +3444,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
+@@ -3265,6 +3467,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
{
int len;
len = PTR_ERR(link);
-@@ -3251,7 +3455,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
+@@ -3274,7 +3478,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
len = strlen(link);
if (len > (unsigned) buflen)
len = buflen;
out:
return len;
diff --git a/fs/namespace.c b/fs/namespace.c
-index cfc6d44..b4632a5 100644
+index e608199..9609cb9 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
-@@ -1326,6 +1326,9 @@ static int do_umount(struct vfsmount *mnt, int flags)
+@@ -1155,6 +1155,9 @@ static int do_umount(struct mount *mnt, int flags)
if (!(sb->s_flags & MS_RDONLY))
retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
up_write(&sb->s_umount);
return retval;
}
-@@ -1345,6 +1348,9 @@ static int do_umount(struct vfsmount *mnt, int flags)
+@@ -1174,6 +1177,9 @@ static int do_umount(struct mount *mnt, int flags)
br_write_unlock(vfsmount_lock);
up_write(&namespace_sem);
release_mounts(&umount_list);
return retval;
}
-@@ -2336,6 +2342,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
+@@ -2175,6 +2181,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
MS_STRICTATIME);
if (flags & MS_REMOUNT)
retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags,
data_page);
-@@ -2350,6 +2366,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
+@@ -2189,6 +2205,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
dev_name, data_page);
dput_out:
path_put(&path);
return retval;
}
-@@ -2605,6 +2624,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
+@@ -2470,6 +2489,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
if (error)
goto out2;
error = lock_mount(&old);
if (error)
diff --git a/fs/ncpfs/ncplib_kernel.h b/fs/ncpfs/ncplib_kernel.h
-index 09881e6..308ff20 100644
+index 32c0658..b1c2045e 100644
--- a/fs/ncpfs/ncplib_kernel.h
+++ b/fs/ncpfs/ncplib_kernel.h
@@ -130,7 +130,7 @@ static inline int ncp_is_nfs_extras(struct ncp_server* server, unsigned int voln
#define NCP_IO_TABLE(sb) NULL
#define ncp_tolower(t, c) tolower(c)
-diff --git a/fs/nfs/blocklayout/blocklayout.c b/fs/nfs/blocklayout/blocklayout.c
-index 3db6b82..a57597e 100644
---- a/fs/nfs/blocklayout/blocklayout.c
-+++ b/fs/nfs/blocklayout/blocklayout.c
-@@ -90,7 +90,7 @@ static int is_writable(struct pnfs_block_extent *be, sector_t isect)
- */
- struct parallel_io {
- struct kref refcnt;
-- struct rpc_call_ops call_ops;
-+ rpc_call_ops_no_const call_ops;
- void (*pnfs_callback) (void *data);
- void *data;
- };
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
-index 50a15fa..ca113f9 100644
+index f649fba..236bf92 100644
--- a/fs/nfs/inode.c
+++ b/fs/nfs/inode.c
-@@ -150,7 +150,7 @@ static void nfs_zap_caches_locked(struct inode *inode)
+@@ -151,7 +151,7 @@ static void nfs_zap_caches_locked(struct inode *inode)
nfsi->attrtimeo = NFS_MINATTRTIMEO(inode);
nfsi->attrtimeo_timestamp = jiffies;
if (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))
nfsi->cache_validity |= NFS_INO_INVALID_ATTR|NFS_INO_INVALID_DATA|NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL|NFS_INO_REVAL_PAGECACHE;
else
-@@ -1002,16 +1002,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt
+@@ -1003,16 +1003,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt
return nfs_size_to_loff_t(fattr->size) > i_size_read(inode);
}
void nfs_fattr_init(struct nfs_fattr *fattr)
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
-index 7a2e442..8e544cc 100644
+index b96fe94..a4dbece 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
-@@ -914,7 +914,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
+@@ -925,7 +925,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
} else {
oldfs = get_fs();
set_fs(KERNEL_DS);
set_fs(oldfs);
}
-@@ -1018,7 +1018,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
+@@ -1029,7 +1029,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
/* Write the data. */
oldfs = get_fs(); set_fs(KERNEL_DS);
set_fs(oldfs);
if (host_err < 0)
goto out_nfserr;
-@@ -1553,7 +1553,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp)
+@@ -1564,7 +1564,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp)
*/
oldfs = get_fs(); set_fs(KERNEL_DS);
set_fs(oldfs);
if (host_err < 0)
-diff --git a/fs/nilfs2/the_nilfs.c b/fs/nilfs2/the_nilfs.c
-index d327140..501b7f8 100644
---- a/fs/nilfs2/the_nilfs.c
-+++ b/fs/nilfs2/the_nilfs.c
-@@ -409,6 +409,12 @@ static int nilfs_store_disk_layout(struct the_nilfs *nilfs,
- nilfs->ns_first_data_block = le64_to_cpu(sbp->s_first_data_block);
- nilfs->ns_r_segments_percentage =
- le32_to_cpu(sbp->s_r_segments_percentage);
-+ if (nilfs->ns_r_segments_percentage < 1 ||
-+ nilfs->ns_r_segments_percentage > 99) {
-+ printk(KERN_ERR "NILFS: invalid reserved segments percentage.\n");
-+ return -EINVAL;
-+ }
-+
- nilfs_set_nsegments(nilfs, le64_to_cpu(sbp->s_nsegments));
- nilfs->ns_crc_seed = le32_to_cpu(sbp->s_crc_seed);
- return 0;
-@@ -515,6 +521,7 @@ static int nilfs_load_super_block(struct the_nilfs *nilfs,
- brelse(sbh[1]);
- sbh[1] = NULL;
- sbp[1] = NULL;
-+ valid[1] = 0;
- swp = 0;
- }
- if (!valid[swp]) {
diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
-index 9fde1c0..14e8827 100644
+index 3568c8a..e0240d8 100644
--- a/fs/notify/fanotify/fanotify_user.c
+++ b/fs/notify/fanotify/fanotify_user.c
-@@ -276,7 +276,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group,
+@@ -278,7 +278,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group,
goto out_close_fd;
ret = -EFAULT;
enum ocfs2_local_alloc_state
diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c
-index ba5d97e..c77db25 100644
+index f169da4..9112253 100644
--- a/fs/ocfs2/suballoc.c
+++ b/fs/ocfs2/suballoc.c
@@ -872,7 +872,7 @@ static int ocfs2_reserve_suballoc_bits(struct ocfs2_super *osb,
}
}
diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c
-index 4994f8b..eaab8eb 100644
+index 604e12c..8426483 100644
--- a/fs/ocfs2/super.c
+++ b/fs/ocfs2/super.c
@@ -301,11 +301,11 @@ static int ocfs2_osb_dump(struct ocfs2_super *osb, char *buf, int len)
out += snprintf(buf + out, len - out,
"%10s => State: %u Descriptor: %llu Size: %u bits "
-@@ -2119,11 +2119,11 @@ static int ocfs2_initialize_super(struct super_block *sb,
+@@ -2117,11 +2117,11 @@ static int ocfs2_initialize_super(struct super_block *sb,
spin_lock_init(&osb->osb_xattr_lock);
ocfs2_init_steal_slots(osb);
kfree(link);
}
diff --git a/fs/open.c b/fs/open.c
-index 22c41b5..78894cf 100644
+index 77becc0..aad7bd9 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -112,6 +112,10 @@ static long do_sys_truncate(const char __user *pathname, loff_t length)
+ goto out_unlock;
+ }
+
- error = security_path_chmod(path->dentry, path->mnt, mode);
+ error = security_path_chmod(path, mode);
if (error)
goto out_unlock;
@@ -506,6 +538,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group)
newattrs.ia_valid = ATTR_CTIME;
if (user != (uid_t) -1) {
newattrs.ia_valid |= ATTR_UID;
-diff --git a/fs/partitions/efi.c b/fs/partitions/efi.c
-index 6296b40..417c00f 100644
---- a/fs/partitions/efi.c
-+++ b/fs/partitions/efi.c
-@@ -234,14 +234,14 @@ static gpt_entry *alloc_read_gpt_entries(struct parsed_partitions *state,
- if (!gpt)
- return NULL;
-
-+ if (!le32_to_cpu(gpt->num_partition_entries))
-+ return NULL;
-+ pte = kcalloc(le32_to_cpu(gpt->num_partition_entries), le32_to_cpu(gpt->sizeof_partition_entry), GFP_KERNEL);
-+ if (!pte)
-+ return NULL;
-+
- count = le32_to_cpu(gpt->num_partition_entries) *
- le32_to_cpu(gpt->sizeof_partition_entry);
-- if (!count)
-- return NULL;
-- pte = kzalloc(count, GFP_KERNEL);
-- if (!pte)
-- return NULL;
--
- if (read_lba(state, le64_to_cpu(gpt->partition_entry_lba),
- (u8 *) pte,
- count) < count) {
-diff --git a/fs/partitions/ldm.c b/fs/partitions/ldm.c
-index bd8ae78..539d250 100644
---- a/fs/partitions/ldm.c
-+++ b/fs/partitions/ldm.c
-@@ -1324,7 +1324,7 @@ static bool ldm_frag_add (const u8 *data, int size, struct list_head *frags)
- goto found;
- }
-
-- f = kmalloc (sizeof (*f) + size*num, GFP_KERNEL);
-+ f = kmalloc (size*num + sizeof (*f), GFP_KERNEL);
- if (!f) {
- ldm_crit ("Out of memory.");
- return false;
diff --git a/fs/pipe.c b/fs/pipe.c
-index 4065f07..68c0706 100644
+index 82e651b..8a68573 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
-@@ -420,9 +420,9 @@ redo:
+@@ -437,9 +437,9 @@ redo:
}
if (bufs) /* More to do? */
continue;
/* syscall merging: Usually we must not sleep
* if O_NONBLOCK is set, or if we got some data.
* But if a writer sleeps in kernel space, then
-@@ -481,7 +481,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov,
+@@ -503,7 +503,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov,
mutex_lock(&inode->i_mutex);
pipe = inode->i_pipe;
send_sig(SIGPIPE, current, 0);
ret = -EPIPE;
goto out;
-@@ -530,7 +530,7 @@ redo1:
+@@ -552,7 +552,7 @@ redo1:
for (;;) {
int bufs;
send_sig(SIGPIPE, current, 0);
if (!ret)
ret = -EPIPE;
-@@ -616,9 +616,9 @@ redo2:
+@@ -643,9 +643,9 @@ redo2:
kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
do_wakeup = 0;
}
}
out:
mutex_unlock(&inode->i_mutex);
-@@ -685,7 +685,7 @@ pipe_poll(struct file *filp, poll_table *wait)
+@@ -712,7 +712,7 @@ pipe_poll(struct file *filp, poll_table *wait)
mask = 0;
if (filp->f_mode & FMODE_READ) {
mask = (nrbufs > 0) ? POLLIN | POLLRDNORM : 0;
mask |= POLLHUP;
}
-@@ -695,7 +695,7 @@ pipe_poll(struct file *filp, poll_table *wait)
+@@ -722,7 +722,7 @@ pipe_poll(struct file *filp, poll_table *wait)
* Most Unices do not set POLLERR for FIFOs but on Linux they
* behave exactly like pipes for poll().
*/
mask |= POLLERR;
}
-@@ -709,10 +709,10 @@ pipe_release(struct inode *inode, int decr, int decw)
+@@ -736,10 +736,10 @@ pipe_release(struct inode *inode, int decr, int decw)
mutex_lock(&inode->i_mutex);
pipe = inode->i_pipe;
free_pipe_info(inode);
} else {
wake_up_interruptible_sync_poll(&pipe->wait, POLLIN | POLLOUT | POLLRDNORM | POLLWRNORM | POLLERR | POLLHUP);
-@@ -802,7 +802,7 @@ pipe_read_open(struct inode *inode, struct file *filp)
+@@ -829,7 +829,7 @@ pipe_read_open(struct inode *inode, struct file *filp)
if (inode->i_pipe) {
ret = 0;
}
mutex_unlock(&inode->i_mutex);
-@@ -819,7 +819,7 @@ pipe_write_open(struct inode *inode, struct file *filp)
+@@ -846,7 +846,7 @@ pipe_write_open(struct inode *inode, struct file *filp)
if (inode->i_pipe) {
ret = 0;
}
mutex_unlock(&inode->i_mutex);
-@@ -837,9 +837,9 @@ pipe_rdwr_open(struct inode *inode, struct file *filp)
+@@ -864,9 +864,9 @@ pipe_rdwr_open(struct inode *inode, struct file *filp)
if (inode->i_pipe) {
ret = 0;
if (filp->f_mode & FMODE_READ)
}
mutex_unlock(&inode->i_mutex);
-@@ -931,7 +931,7 @@ void free_pipe_info(struct inode *inode)
+@@ -958,7 +958,7 @@ void free_pipe_info(struct inode *inode)
inode->i_pipe = NULL;
}
/*
* pipefs_dname() is called from d_path().
-@@ -961,7 +961,8 @@ static struct inode * get_pipe_inode(void)
+@@ -988,7 +988,8 @@ static struct inode * get_pipe_inode(void)
goto fail_iput;
inode->i_pipe = pipe;
help
Various /proc files exist to monitor process memory utilization:
diff --git a/fs/proc/array.c b/fs/proc/array.c
-index 3a1dafd..bf1bd84 100644
+index c602b8d..a7de642 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -60,6 +60,7 @@
+
state = *get_task_state(task);
vsize = eip = esp = 0;
- permitted = ptrace_may_access(task, PTRACE_MODE_READ);
+ permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT);
@@ -449,6 +487,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
gtime = task->gtime;
}
esp,
eip,
/* The signal information here is obsolete.
-@@ -533,8 +590,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
+@@ -536,8 +593,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *task)
{
unsigned long size = 0, resident = 0, shared = 0, text = 0, data = 0;
if (mm) {
size = task_statm(mm, &shared, &text, &data, &resident);
mmput(mm);
-@@ -544,3 +608,18 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
+@@ -547,3 +611,18 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
return 0;
}
+}
+#endif
diff --git a/fs/proc/base.c b/fs/proc/base.c
-index 1ace83d..f5e575d 100644
+index d4548dd..d101f84 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
-@@ -107,6 +107,22 @@ struct pid_entry {
+@@ -109,6 +109,14 @@ struct pid_entry {
union proc_op op;
};
+ int count;
+ int error;
+};
-+
-+static int gr_fake_filldir(void * __buf, const char *name, int namlen,
-+ loff_t offset, u64 ino, unsigned int d_type)
-+{
-+ struct getdents_callback * buf = (struct getdents_callback *) __buf;
-+ buf->error = -EINVAL;
-+ return 0;
-+}
+
#define NOD(NAME, MODE, IOP, FOP, OP) { \
.name = (NAME), \
.len = sizeof(NAME) - 1, \
-@@ -194,26 +210,6 @@ static int proc_root_link(struct inode *inode, struct path *path)
- return result;
- }
-
--static struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
--{
-- struct mm_struct *mm;
-- int err;
--
-- err = mutex_lock_killable(&task->signal->cred_guard_mutex);
-- if (err)
-- return ERR_PTR(err);
--
-- mm = get_task_mm(task);
-- if (mm && mm != current->mm &&
-- !ptrace_may_access(task, mode)) {
-- mmput(mm);
-- mm = ERR_PTR(-EACCES);
-- }
-- mutex_unlock(&task->signal->cred_guard_mutex);
--
-- return mm;
--}
--
- struct mm_struct *mm_for_maps(struct task_struct *task)
- {
- return mm_access(task, PTRACE_MODE_READ);
-@@ -229,6 +225,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer)
+@@ -213,6 +221,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer)
if (!mm->arg_end)
goto out_mm; /* Shh! No looking before we're done */
len = mm->arg_end - mm->arg_start;
if (len > PAGE_SIZE)
-@@ -256,12 +255,28 @@ out:
+@@ -240,12 +251,28 @@ out:
return res;
}
do {
nwords += 2;
} while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */
-@@ -275,7 +290,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer)
+@@ -259,7 +286,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer)
}
/*
* Provides a wchan file via kallsyms in a proper one-value-per-file format.
* Returns the resolved symbol. If that fails, simply return the address.
-@@ -314,7 +329,7 @@ static void unlock_trace(struct task_struct *task)
+@@ -298,7 +325,7 @@ static void unlock_trace(struct task_struct *task)
mutex_unlock(&task->signal->cred_guard_mutex);
}
#define MAX_STACK_TRACE_DEPTH 64
-@@ -505,7 +520,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer)
+@@ -489,7 +516,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer)
return count;
}
static int proc_pid_syscall(struct task_struct *task, char *buffer)
{
long nr;
-@@ -534,7 +549,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer)
+@@ -518,7 +545,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer)
/************************************************************************/
/* permission checks */
{
struct task_struct *task;
int allowed = 0;
-@@ -544,7 +559,10 @@ static int proc_fd_access_allowed(struct inode *inode)
+@@ -528,7 +555,10 @@ static int proc_fd_access_allowed(struct inode *inode)
*/
task = get_proc_task(inode);
if (task) {
- allowed = ptrace_may_access(task, PTRACE_MODE_READ);
+ if (log)
-+ allowed = ptrace_may_access_log(task, PTRACE_MODE_READ);
-+ else
+ allowed = ptrace_may_access(task, PTRACE_MODE_READ);
++ else
++ allowed = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT);
put_task_struct(task);
}
return allowed;
-@@ -786,6 +804,10 @@ static int mem_open(struct inode* inode, struct file* file)
+@@ -566,10 +596,35 @@ static bool has_pid_permissions(struct pid_namespace *pid,
+ struct task_struct *task,
+ int hide_pid_min)
+ {
++ if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
++ return false;
++
++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ rcu_read_lock();
++ {
++ const struct cred *tmpcred = current_cred();
++ const struct cred *cred = __task_cred(task);
++
++ if (!tmpcred->uid || (tmpcred->uid == cred->uid)
++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++ || in_group_p(CONFIG_GRKERNSEC_PROC_GID)
++#endif
++ ) {
++ rcu_read_unlock();
++ return true;
++ }
++ }
++ rcu_read_unlock();
++
++ if (!pid->hide_pid)
++ return false;
++#endif
++
+ if (pid->hide_pid < hide_pid_min)
+ return true;
+ if (in_group_p(pid->pid_gid))
+ return true;
++
+ return ptrace_may_access(task, PTRACE_MODE_READ);
+ }
+
+@@ -587,7 +642,11 @@ static int proc_pid_permission(struct inode *inode, int mask)
+ put_task_struct(task);
+
+ if (!has_perms) {
++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ {
++#else
+ if (pid->hide_pid == 2) {
++#endif
+ /*
+ * Let's make getdents(), stat(), and open()
+ * consistent with each other. If a process
+@@ -702,6 +761,10 @@ static int mem_open(struct inode* inode, struct file* file)
file->f_mode |= FMODE_UNSIGNED_OFFSET;
file->private_data = mm;
return 0;
}
-@@ -797,6 +819,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
+@@ -713,6 +776,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
ssize_t copied;
char *page;
if (!mm)
return 0;
-@@ -897,6 +930,9 @@ static ssize_t environ_read(struct file *file, char __user *buf,
+@@ -813,6 +887,9 @@ static ssize_t environ_read(struct file *file, char __user *buf,
if (!task)
goto out_no_task;
ret = -ENOMEM;
page = (char *)__get_free_page(GFP_TEMPORARY);
if (!page)
-@@ -1519,7 +1555,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd)
+@@ -1434,7 +1511,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd)
path_put(&nd->path);
/* Are we allowed to snoop on the tasks file descriptors? */
- if (!proc_fd_access_allowed(inode))
-+ if (!proc_fd_access_allowed(inode,0))
++ if (!proc_fd_access_allowed(inode, 0))
goto out;
- error = PROC_I(inode)->op.proc_get_link(inode, &nd->path);
-@@ -1558,8 +1594,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
+ error = PROC_I(inode)->op.proc_get_link(dentry, &nd->path);
+@@ -1473,8 +1550,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
struct path path;
/* Are we allowed to snoop on the tasks file descriptors? */
+ goto out;
+ }
- error = PROC_I(inode)->op.proc_get_link(inode, &path);
+ error = PROC_I(inode)->op.proc_get_link(dentry, &path);
if (error)
-@@ -1624,7 +1670,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
+@@ -1539,7 +1626,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
rcu_read_lock();
cred = __task_cred(task);
inode->i_uid = cred->euid;
rcu_read_unlock();
}
security_task_to_inode(task, inode);
-@@ -1642,6 +1692,9 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
- struct inode *inode = dentry->d_inode;
- struct task_struct *task;
- const struct cred *cred;
-+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ const struct cred *tmpcred = current_cred();
-+#endif
-
- generic_fillattr(inode, stat);
-
-@@ -1649,13 +1702,41 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
- stat->uid = 0;
- stat->gid = 0;
- task = pid_task(proc_pid(inode), PIDTYPE_PID);
-+
-+ if (task && (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))) {
-+ rcu_read_unlock();
-+ return -ENOENT;
-+ }
-+
- if (task) {
-+ cred = __task_cred(task);
-+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ if (!tmpcred->uid || (tmpcred->uid == cred->uid)
-+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
-+ || in_group_p(CONFIG_GRKERNSEC_PROC_GID)
-+#endif
-+ ) {
-+#endif
+@@ -1575,10 +1666,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
+ return -ENOENT;
+ }
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
+#ifdef CONFIG_GRKERNSEC_PROC_USER
+ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
+ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) ||
+#endif
task_dumpable(task)) {
-- cred = __task_cred(task);
+ cred = __task_cred(task);
stat->uid = cred->euid;
+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
+ stat->gid = CONFIG_GRKERNSEC_PROC_GID;
stat->gid = cred->egid;
+#endif
}
-+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ } else {
-+ rcu_read_unlock();
-+ return -ENOENT;
-+ }
-+#endif
}
rcu_read_unlock();
- return 0;
-@@ -1692,11 +1773,20 @@ int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
+@@ -1616,11 +1716,20 @@ int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
if (task) {
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
rcu_read_unlock();
} else {
inode->i_uid = 0;
-@@ -1814,7 +1904,8 @@ static int proc_fd_info(struct inode *inode, struct path *path, char *info)
+@@ -1738,7 +1847,8 @@ static int proc_fd_info(struct inode *inode, struct path *path, char *info)
int fd = proc_fd(inode);
if (task) {
put_task_struct(task);
}
if (files) {
-@@ -2082,11 +2173,21 @@ static const struct file_operations proc_fd_operations = {
+@@ -2355,11 +2465,21 @@ static const struct file_operations proc_map_files_operations = {
*/
static int proc_fd_permission(struct inode *inode, int mask)
{
return rv;
}
-@@ -2196,6 +2297,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
+@@ -2469,6 +2589,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
if (!task)
goto out_no_task;
/*
* Yes, it does not scale. And it should not. Don't add
* new entries into /proc/<tgid>/ without very good reasons.
-@@ -2240,6 +2344,9 @@ static int proc_pident_readdir(struct file *filp,
+@@ -2513,6 +2636,9 @@ static int proc_pident_readdir(struct file *filp,
if (!task)
goto out_no_task;
ret = 0;
i = filp->f_pos;
switch (i) {
-@@ -2510,7 +2617,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd)
+@@ -2783,7 +2909,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd)
static void proc_self_put_link(struct dentry *dentry, struct nameidata *nd,
void *cookie)
{
if (!IS_ERR(s))
__putname(s);
}
-@@ -2708,7 +2815,7 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2984,7 +3110,7 @@ static const struct pid_entry tgid_base_stuff[] = {
REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
INF("syscall", S_IRUGO, proc_pid_syscall),
#endif
INF("cmdline", S_IRUGO, proc_pid_cmdline),
-@@ -2733,10 +2840,10 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -3009,10 +3135,10 @@ static const struct pid_entry tgid_base_stuff[] = {
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
ONE("stack", S_IRUGO, proc_pid_stack),
#endif
#ifdef CONFIG_SCHEDSTATS
-@@ -2770,6 +2877,9 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -3046,6 +3172,9 @@ static const struct pid_entry tgid_base_stuff[] = {
#ifdef CONFIG_HARDWALL
INF("hardwall", S_IRUGO, proc_pid_hardwall),
#endif
};
static int proc_tgid_base_readdir(struct file * filp,
-@@ -2895,7 +3005,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir,
+@@ -3172,7 +3301,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir,
if (!inode)
goto out;
inode->i_op = &proc_tgid_base_inode_operations;
inode->i_fop = &proc_tgid_base_operations;
inode->i_flags|=S_IMMUTABLE;
-@@ -2937,7 +3054,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, struct
+@@ -3214,7 +3350,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, struct
if (!task)
goto out;
put_task_struct(task);
out:
return result;
-@@ -3002,6 +3123,11 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir)
+@@ -3277,6 +3417,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi
+ static int fake_filldir(void *buf, const char *name, int namelen,
+ loff_t offset, u64 ino, unsigned d_type)
{
- unsigned int nr;
- struct task_struct *reaper;
-+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ const struct cred *tmpcred = current_cred();
-+ const struct cred *itercred;
-+#endif
-+ filldir_t __filldir = filldir;
- struct tgid_iter iter;
- struct pid_namespace *ns;
++ struct getdents_callback * __buf = (struct getdents_callback *) buf;
++ __buf->error = -EINVAL;
+ return 0;
+ }
-@@ -3025,8 +3151,27 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir)
- for (iter = next_tgid(ns, iter);
- iter.task;
- iter.tgid += 1, iter = next_tgid(ns, iter)) {
-+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ rcu_read_lock();
-+ itercred = __task_cred(iter.task);
-+#endif
-+ if (gr_pid_is_chrooted(iter.task) || gr_check_hidden_task(iter.task)
-+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ || (tmpcred->uid && (itercred->uid != tmpcred->uid)
-+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
-+ && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
-+#endif
-+ )
-+#endif
-+ )
-+ __filldir = &gr_fake_filldir;
-+ else
-+ __filldir = filldir;
-+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ rcu_read_unlock();
-+#endif
- filp->f_pos = iter.tgid + TGID_OFFSET;
-- if (proc_pid_fill_cache(filp, dirent, filldir, iter) < 0) {
-+ if (proc_pid_fill_cache(filp, dirent, __filldir, iter) < 0) {
- put_task_struct(iter.task);
- goto out;
- }
-@@ -3054,7 +3199,7 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -3343,7 +3485,7 @@ static const struct pid_entry tid_base_stuff[] = {
REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
INF("syscall", S_IRUGO, proc_pid_syscall),
#endif
INF("cmdline", S_IRUGO, proc_pid_cmdline),
-@@ -3078,10 +3223,10 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -3367,10 +3509,10 @@ static const struct pid_entry tid_base_stuff[] = {
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
}
module_init(proc_devices_init);
diff --git a/fs/proc/inode.c b/fs/proc/inode.c
-index 7737c54..7172574 100644
+index 84fd323..f698a32 100644
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
-@@ -18,12 +18,18 @@
- #include <linux/module.h>
- #include <linux/sysctl.h>
+@@ -21,12 +21,18 @@
+ #include <linux/seq_file.h>
#include <linux/slab.h>
+ #include <linux/mount.h>
+#include <linux/grsecurity.h>
#include <asm/system.h>
static void proc_evict_inode(struct inode *inode)
{
struct proc_dir_entry *de;
-@@ -49,6 +55,13 @@ static void proc_evict_inode(struct inode *inode)
+@@ -52,6 +58,13 @@ static void proc_evict_inode(struct inode *inode)
ns_ops = PROC_I(inode)->ns_ops;
if (ns_ops && ns_ops->put)
ns_ops->put(PROC_I(inode)->ns);
}
static struct kmem_cache * proc_inode_cachep;
-@@ -440,7 +453,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
+@@ -457,7 +470,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
if (de->mode) {
inode->i_mode = de->mode;
inode->i_uid = de->uid;
if (de->size)
inode->i_size = de->size;
diff --git a/fs/proc/internal.h b/fs/proc/internal.h
-index 7838e5c..ff92cbc 100644
+index 2925775..4f08fae 100644
--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
@@ -51,6 +51,9 @@ extern int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
seq_putc(m, '\n');
diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c
-index f738024..876984a 100644
+index 06e1cc1..177cd98 100644
--- a/fs/proc/proc_net.c
+++ b/fs/proc/proc_net.c
@@ -105,6 +105,17 @@ static struct net *get_proc_task_net(struct inode *dir)
rcu_read_lock();
task = pid_task(proc_pid(dir), PIDTYPE_PID);
diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
-index a6b6217..1e0579d 100644
+index 53c3bce..10ad159 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -9,11 +9,13 @@
/* careful: calling conventions are nasty here */
res = count;
error = table->proc_handler(table, write, buf, &res, ppos);
-@@ -245,6 +259,9 @@ static int proc_sys_fill_cache(struct file *filp, void *dirent,
+@@ -260,6 +274,9 @@ static int proc_sys_fill_cache(struct file *filp, void *dirent,
return -ENOMEM;
} else {
d_set_d_op(child, &proc_sys_dentry_operations);
d_add(child, inode);
}
} else {
-@@ -273,6 +290,9 @@ static int scan(struct ctl_table_header *head, ctl_table *table,
+@@ -288,6 +305,9 @@ static int scan(struct ctl_table_header *head, ctl_table *table,
if (*pos < file->f_pos)
continue;
res = proc_sys_fill_cache(file, dirent, filldir, head, table);
if (res)
return res;
-@@ -398,6 +418,9 @@ static int proc_sys_getattr(struct vfsmount *mnt, struct dentry *dentry, struct
+@@ -413,6 +433,9 @@ static int proc_sys_getattr(struct vfsmount *mnt, struct dentry *dentry, struct
if (IS_ERR(head))
return PTR_ERR(head);
generic_fillattr(inode, stat);
if (table)
stat->mode = (stat->mode & S_IFMT) | table->mode;
-@@ -420,13 +443,13 @@ static const struct file_operations proc_sys_dir_file_operations = {
+@@ -435,13 +458,13 @@ static const struct file_operations proc_sys_dir_file_operations = {
.llseek = generic_file_llseek,
};
.permission = proc_sys_permission,
.setattr = proc_sys_setattr,
diff --git a/fs/proc/root.c b/fs/proc/root.c
-index 03102d9..4ae347e 100644
+index 46a15d8..335631a 100644
--- a/fs/proc/root.c
+++ b/fs/proc/root.c
-@@ -121,7 +121,15 @@ void __init proc_root_init(void)
+@@ -187,7 +187,15 @@ void __init proc_root_init(void)
#ifdef CONFIG_PROC_DEVICETREE
proc_device_tree_init();
#endif
}
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
-index 7dcd2a2..b2f410e 100644
+index 3efa725..23c925b 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -11,6 +11,7 @@
show_map_vma(m, vma);
if (m->count < m->size) /* vma is copied successfully */
-@@ -434,12 +464,23 @@ static int show_smap(struct seq_file *m, void *v)
+@@ -437,12 +467,23 @@ static int show_smap(struct seq_file *m, void *v)
.private = &mss,
};
show_map_vma(m, vma);
seq_printf(m,
-@@ -457,7 +498,11 @@ static int show_smap(struct seq_file *m, void *v)
+@@ -460,7 +501,11 @@ static int show_smap(struct seq_file *m, void *v)
"KernelPageSize: %8lu kB\n"
"MMUPageSize: %8lu kB\n"
"Locked: %8lu kB\n",
mss.resident >> 10,
(unsigned long)(mss.pss >> (10 + PSS_SHIFT)),
mss.shared_clean >> 10,
-@@ -1015,6 +1060,13 @@ static int show_numa_map(struct seq_file *m, void *v)
+@@ -1024,6 +1069,13 @@ static int show_numa_map(struct seq_file *m, void *v)
int n;
char buffer[50];
if (!mm)
return 0;
-@@ -1032,11 +1084,15 @@ static int show_numa_map(struct seq_file *m, void *v)
+@@ -1041,11 +1093,15 @@ static int show_numa_map(struct seq_file *m, void *v)
mpol_to_str(buffer, sizeof(buffer), pol, 0);
mpol_cond_put(pol);
SF(s_do_balance), SF(s_unneeded_left_neighbor),
SF(s_good_search_by_key_reada), SF(s_bmaps),
diff --git a/fs/select.c b/fs/select.c
-index d33418f..2a5345e 100644
+index e782258..3b4b44c 100644
--- a/fs/select.c
+++ b/fs/select.c
@@ -20,6 +20,7 @@
return -EINVAL;
diff --git a/fs/seq_file.c b/fs/seq_file.c
-index dba43c3..4b3f701 100644
+index 4023d6b..ab46c6a 100644
--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -9,6 +9,7 @@
if (op) {
diff --git a/fs/splice.c b/fs/splice.c
-index fa2defa..8601650 100644
+index 96d7b28..fd465ac 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -194,7 +194,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
vec[i].iov_len = this_len;
spd.pages[i] = page;
spd.nr_pages++;
-@@ -846,10 +846,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed);
+@@ -848,10 +848,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed);
int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd)
{
while (!pipe->nrbufs) {
return 0;
if (sd->flags & SPLICE_F_NONBLOCK)
-@@ -1182,7 +1182,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
+@@ -1184,7 +1184,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
* out of the pipe right after the splice_to_pipe(). So set
* PIPE_READERS appropriately.
*/
current->splice_pipe = pipe;
}
-@@ -1734,9 +1734,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
+@@ -1736,9 +1736,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
ret = -ERESTARTSYS;
break;
}
if (flags & SPLICE_F_NONBLOCK) {
ret = -EAGAIN;
break;
-@@ -1768,7 +1768,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
+@@ -1770,7 +1770,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
pipe_lock(pipe);
while (pipe->nrbufs >= pipe->buffers) {
send_sig(SIGPIPE, current, 0);
ret = -EPIPE;
break;
-@@ -1781,9 +1781,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
+@@ -1783,9 +1783,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
ret = -ERESTARTSYS;
break;
}
}
pipe_unlock(pipe);
-@@ -1819,14 +1819,14 @@ retry:
+@@ -1821,14 +1821,14 @@ retry:
pipe_double_lock(ipipe, opipe);
do {
break;
/*
-@@ -1923,7 +1923,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
+@@ -1925,7 +1925,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
pipe_double_lock(ipipe, opipe);
do {
send_sig(SIGPIPE, current, 0);
if (!ret)
ret = -EPIPE;
-@@ -1968,7 +1968,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
+@@ -1970,7 +1970,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
* return EAGAIN if we have the potential of some data in the
* future, otherwise just return 0
*/
sd = sysfs_new_dirent(name, mode, SYSFS_DIR);
if (!sd)
diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c
-index 779789a..f58193c 100644
+index 00012e3..8392349 100644
--- a/fs/sysfs/file.c
+++ b/fs/sysfs/file.c
@@ -37,7 +37,7 @@ static DEFINE_SPINLOCK(sysfs_open_dirent_lock);
free_page((unsigned long)page);
}
diff --git a/fs/ubifs/debug.c b/fs/ubifs/debug.c
-index b09ba2d..1cad1a8 100644
+index f922cba..062fb02 100644
--- a/fs/ubifs/debug.c
+++ b/fs/ubifs/debug.c
-@@ -2817,6 +2817,7 @@ static ssize_t dfs_file_read(struct file *file, char __user *u, size_t count,
+@@ -2819,6 +2819,7 @@ static ssize_t dfs_file_read(struct file *file, char __user *u, size_t count,
* debugfs file. Returns %0 or %1 in case of success and a negative error code
* in case of failure.
*/
static int interpret_user_input(const char __user *u, size_t count)
{
size_t buf_size;
-@@ -2835,6 +2836,8 @@ static int interpret_user_input(const char __user *u, size_t count)
+@@ -2837,6 +2838,8 @@ static int interpret_user_input(const char __user *u, size_t count)
}
static ssize_t dfs_file_write(struct file *file, const char __user *u,
size_t count, loff_t *ppos)
{
struct ubifs_info *c = file->private_data;
-diff --git a/fs/udf/file.c b/fs/udf/file.c
-index dca0c38..d567b84 100644
---- a/fs/udf/file.c
-+++ b/fs/udf/file.c
-@@ -201,12 +201,10 @@ out:
- static int udf_release_file(struct inode *inode, struct file *filp)
- {
- if (filp->f_mode & FMODE_WRITE) {
-- mutex_lock(&inode->i_mutex);
- down_write(&UDF_I(inode)->i_data_sem);
- udf_discard_prealloc(inode);
- udf_truncate_tail_extent(inode);
- up_write(&UDF_I(inode)->i_data_sem);
-- mutex_unlock(&inode->i_mutex);
- }
- return 0;
- }
diff --git a/fs/udf/misc.c b/fs/udf/misc.c
index c175b4d..8f36a16 100644
--- a/fs/udf/misc.c
error = notify_change(path->dentry, &newattrs);
mutex_unlock(&inode->i_mutex);
diff --git a/fs/xattr.c b/fs/xattr.c
-index 67583de..c5aad14 100644
+index 82f4337..236473c 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -315,7 +315,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr);
if (!error) {
- error = setxattr(dentry, name, value, size, flags);
+ error = setxattr(&f->f_path, name, value, size, flags);
- mnt_drop_write(f->f_path.mnt);
+ mnt_drop_write_file(f);
}
fput(f);
diff --git a/fs/xattr_acl.c b/fs/xattr_acl.c
struct posix_acl *acl;
struct posix_acl_entry *acl_e;
diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c
-index d0ab788..827999b 100644
+index 188ef2f..adcf864 100644
--- a/fs/xfs/xfs_bmap.c
+++ b/fs/xfs/xfs_bmap.c
@@ -190,7 +190,7 @@ xfs_bmap_validate_ret(
*offset = off & 0x7fffffff;
return 0;
diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
-index d99a905..9f88202 100644
+index 76f3ca5..f57f712 100644
--- a/fs/xfs/xfs_ioctl.c
+++ b/fs/xfs/xfs_ioctl.c
@@ -128,7 +128,7 @@ xfs_find_handle(
goto out_put;
diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c
-index 23ce927..e274cc1 100644
+index ab30253..4d86958 100644
--- a/fs/xfs/xfs_iops.c
+++ b/fs/xfs/xfs_iops.c
@@ -447,7 +447,7 @@ xfs_vn_put_link(
kfree(s);
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
new file mode 100644
-index 0000000..4089e05
+index 0000000..2645296
--- /dev/null
+++ b/grsecurity/Kconfig
-@@ -0,0 +1,1078 @@
+@@ -0,0 +1,1079 @@
+#
+# grecurity configuration
+#
+ select GRKERNSEC_PROC_ADD
+ select GRKERNSEC_CHROOT_CHMOD
+ select GRKERNSEC_CHROOT_NICE
-+ select GRKERNSEC_SETXID
++ select GRKERNSEC_SETXID if (X86 || SPARC64 || PPC || ARM || MIPS)
+ select GRKERNSEC_AUDIT_MOUNT
+ select GRKERNSEC_MODHARDEN if (MODULES)
+ select GRKERNSEC_HARDEN_PTRACE
+
+config GRKERNSEC_SETXID
+ bool "Enforce consistent multithreaded privileges"
++ depends on (X86 || SPARC64 || PPC || ARM || MIPS)
+ help
+ If you say Y here, a change from a root uid to a non-root uid
+ in a multithreaded application will cause the resulting uids,
+endif
diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
new file mode 100644
-index 0000000..2d9c682
+index 0000000..a6d83f0
--- /dev/null
+++ b/grsecurity/gracl.c
-@@ -0,0 +1,4172 @@
+@@ -0,0 +1,4193 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
+#include <linux/pid_namespace.h>
+#include <linux/fdtable.h>
+#include <linux/percpu.h>
++#include "../fs/mount.h"
+
+#include <asm/uaccess.h>
+#include <asm/errno.h>
+{
+ struct dentry *dentry = path->dentry;
+ struct vfsmount *vfsmnt = path->mnt;
++ struct mount *mnt = real_mount(vfsmnt);
+ bool slash = false;
+ int error = 0;
+
+
+ if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
+ /* Global root? */
-+ if (vfsmnt->mnt_parent == vfsmnt) {
++ if (!mnt_has_parent(mnt)) {
+ goto out;
+ }
-+ dentry = vfsmnt->mnt_mountpoint;
-+ vfsmnt = vfsmnt->mnt_parent;
++ dentry = mnt->mnt_mountpoint;
++ mnt = mnt->mnt_parent;
++ vfsmnt = &mnt->mnt;
+ continue;
+ }
+ parent = dentry->d_parent;
+{
+ struct dentry *dentry = (struct dentry *) l_dentry;
+ struct vfsmount *mnt = (struct vfsmount *) l_mnt;
++ struct mount *real_mnt = real_mount(mnt);
+ struct acl_object_label *retval;
+ struct dentry *parent;
+
+ break;
+
+ if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
-+ if (mnt->mnt_parent == mnt)
++ if (!mnt_has_parent(real_mnt))
+ break;
+
+ retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
+ if (retval != NULL)
+ goto out;
+
-+ dentry = mnt->mnt_mountpoint;
-+ mnt = mnt->mnt_parent;
++ dentry = real_mnt->mnt_mountpoint;
++ real_mnt = real_mnt->mnt_parent;
++ mnt = &real_mnt->mnt;
+ continue;
+ }
+
+{
+ struct dentry *dentry = (struct dentry *) l_dentry;
+ struct vfsmount *mnt = (struct vfsmount *) l_mnt;
++ struct mount *real_mnt = real_mount(mnt);
+ struct acl_subject_label *retval;
+ struct dentry *parent;
+
+ if (dentry == real_root.dentry && mnt == real_root.mnt)
+ break;
+ if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
-+ if (mnt->mnt_parent == mnt)
++ if (!mnt_has_parent(real_mnt))
+ break;
+
+ spin_lock(&dentry->d_lock);
+ if (retval != NULL)
+ goto out;
+
-+ dentry = mnt->mnt_mountpoint;
-+ mnt = mnt->mnt_parent;
++ dentry = real_mnt->mnt_mountpoint;
++ real_mnt = real_mnt->mnt_parent;
++ mnt = &real_mnt->mnt;
+ continue;
+ }
+
+
+ newacl = chk_subj_label(dentry, mnt, task->role);
+
-+ task_lock(task);
++ /* special handling for if we did an strace -f -p <pid> from an admin role, where pid then
++ did an exec
++ */
++ rcu_read_lock();
++ read_lock(&tasklist_lock);
++ if (task->ptrace && task->parent && ((task->parent->role->roletype & GR_ROLE_GOD) ||
++ (task->parent->acl->mode & GR_POVERRIDE))) {
++ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
++ goto skip_check;
++ }
++ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
++
+ if (unsafe_flags && !(task->acl->mode & GR_POVERRIDE) && (task->acl != newacl) &&
+ !(task->role->roletype & GR_ROLE_GOD) &&
+ !gr_search_file(dentry, GR_PTRACERD, mnt) &&
+ !(task->acl->mode & (GR_LEARN | GR_INHERITLEARN))) {
-+ task_unlock(task);
+ if (unsafe_flags & LSM_UNSAFE_SHARE)
+ gr_log_fs_generic(GR_DONT_AUDIT, GR_UNSAFESHARE_EXEC_ACL_MSG, dentry, mnt);
+ else
+ gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_EXEC_ACL_MSG, dentry, mnt);
+ return -EACCES;
+ }
-+ task_unlock(task);
++
++skip_check:
+
+ obj = chk_obj_label(dentry, mnt, task->acl);
+ retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT);
+ if (unlikely(!(gr_status & GR_READY)))
+ return 0;
+#endif
++ if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) {
++ read_lock(&tasklist_lock);
++ while (tmp->pid > 0) {
++ if (tmp == curtemp)
++ break;
++ tmp = tmp->real_parent;
++ }
+
-+ read_lock(&tasklist_lock);
-+ while (tmp->pid > 0) {
-+ if (tmp == curtemp)
-+ break;
-+ tmp = tmp->real_parent;
-+ }
-+
-+ if (tmp->pid == 0 && ((grsec_enable_harden_ptrace && current_uid() && !(gr_status & GR_READY)) ||
-+ ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE)))) {
++ if (tmp->pid == 0 && ((grsec_enable_harden_ptrace && current_uid() && !(gr_status & GR_READY)) ||
++ ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE)))) {
++ read_unlock(&tasklist_lock);
++ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
++ return 1;
++ }
+ read_unlock(&tasklist_lock);
-+ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
-+ return 1;
+ }
-+ read_unlock(&tasklist_lock);
+
+#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
+ if (!(gr_status & GR_READY))
+}
diff --git a/grsecurity/gracl_cap.c b/grsecurity/gracl_cap.c
new file mode 100644
-index 0000000..955ddfb
+index 0000000..6d21049
--- /dev/null
+++ b/grsecurity/gracl_cap.c
-@@ -0,0 +1,101 @@
+@@ -0,0 +1,110 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
+extern const char *captab_log[];
+extern int captab_log_entries;
+
-+int
-+gr_acl_is_capable(const int cap)
++int gr_task_acl_is_capable(const struct task_struct *task, const struct cred *cred, const int cap)
+{
-+ struct task_struct *task = current;
-+ const struct cred *cred = current_cred();
+ struct acl_subject_label *curracl;
+ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
+ kernel_cap_t cap_audit = __cap_empty_set;
+
+ if ((cap >= 0) && (cap < captab_log_entries) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap))
+ gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]);
++
+ return 0;
+}
+
+int
-+gr_acl_is_capable_nolog(const int cap)
++gr_acl_is_capable(const int cap)
++{
++ return gr_task_acl_is_capable(current, current_cred(), cap);
++}
++
++int gr_task_acl_is_capable_nolog(const struct task_struct *task, const int cap)
+{
+ struct acl_subject_label *curracl;
+ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
+ if (!gr_acl_is_enabled())
+ return 1;
+
-+ curracl = current->acl;
++ curracl = task->acl;
+
+ cap_drop = curracl->cap_lower;
+ cap_mask = curracl->cap_mask;
+ return 0;
+}
+
++int
++gr_acl_is_capable_nolog(const int cap)
++{
++ return gr_task_acl_is_capable_nolog(current, cap);
++}
++
diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c
new file mode 100644
index 0000000..88d0e87
+}
diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c
new file mode 100644
-index 0000000..17050ca
+index 0000000..58800a7
--- /dev/null
+++ b/grsecurity/gracl_ip.c
-@@ -0,0 +1,381 @@
+@@ -0,0 +1,384 @@
+#include <linux/kernel.h>
+#include <asm/uaccess.h>
+#include <asm/errno.h>
+int
+gr_search_connect(struct socket *sock, struct sockaddr_in *addr)
+{
++ /* always allow disconnection of dgram sockets with connect */
++ if (addr->sin_family == AF_UNSPEC)
++ return 0;
+ return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sock->sk, addr, sock->type);
+}
+
+}
diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c
new file mode 100644
-index 0000000..a2dc675
+index 0000000..9807ee2
--- /dev/null
+++ b/grsecurity/grsec_chroot.c
-@@ -0,0 +1,351 @@
+@@ -0,0 +1,368 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
+#include <linux/fs.h>
+#include <linux/mount.h>
+#include <linux/types.h>
-+#include <linux/pid_namespace.h>
++#include "../fs/mount.h"
+#include <linux/grsecurity.h>
+#include <linux/grinternal.h>
+
+{
+#ifdef CONFIG_GRKERNSEC
+ if (task->pid > 1 && path->dentry != init_task.fs->root.dentry &&
-+ path->dentry != task->nsproxy->mnt_ns->root->mnt_root)
++ path->dentry != task->nsproxy->mnt_ns->root->mnt.mnt_root)
+ task->gr_is_chrooted = 1;
+ else
+ task->gr_is_chrooted = 0;
+extern int captab_log_entries;
+
+int
-+gr_chroot_is_capable(const int cap)
++gr_task_chroot_is_capable(const struct task_struct *task, const struct cred *cred, const int cap)
+{
+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
-+ if (grsec_enable_chroot_caps && proc_is_chrooted(current)) {
++ if (grsec_enable_chroot_caps && proc_is_chrooted(task)) {
+ kernel_cap_t chroot_caps = GR_CHROOT_CAPS;
+ if (cap_raised(chroot_caps, cap)) {
-+ const struct cred *creds = current_cred();
-+ if (cap_raised(creds->cap_effective, cap) && cap < captab_log_entries) {
-+ gr_log_cap(GR_DONT_AUDIT, GR_CAP_CHROOT_MSG, current, captab_log[cap]);
++ if (cap_raised(cred->cap_effective, cap) && cap < captab_log_entries) {
++ gr_log_cap(GR_DONT_AUDIT, GR_CAP_CHROOT_MSG, task, captab_log[cap]);
+ }
+ return 0;
+ }
+}
+
+int
-+gr_chroot_is_capable_nolog(const int cap)
++gr_chroot_is_capable(const int cap)
+{
+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
-+ if (grsec_enable_chroot_caps && proc_is_chrooted(current)) {
++ return gr_task_chroot_is_capable(current, current_cred(), cap);
++#endif
++ return 1;
++}
++
++int
++gr_task_chroot_is_capable_nolog(const struct task_struct *task, const int cap)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
++ if (grsec_enable_chroot_caps && proc_is_chrooted(task)) {
+ kernel_cap_t chroot_caps = GR_CHROOT_CAPS;
+ if (cap_raised(chroot_caps, cap)) {
+ return 0;
+}
+
+int
++gr_chroot_is_capable_nolog(const int cap)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
++ return gr_task_chroot_is_capable_nolog(current, cap);
++#endif
++ return 1;
++}
++
++int
+gr_handle_chroot_sysctl(const int op)
+{
+#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
+#endif
diff --git a/grsecurity/grsec_exec.c b/grsecurity/grsec_exec.c
new file mode 100644
-index 0000000..2b05ada
+index 0000000..abfa971
--- /dev/null
+++ b/grsecurity/grsec_exec.c
-@@ -0,0 +1,146 @@
+@@ -0,0 +1,174 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
+#ifdef CONFIG_GRKERNSEC
+extern int gr_acl_is_capable(const int cap);
+extern int gr_acl_is_capable_nolog(const int cap);
++extern int gr_task_acl_is_capable(const struct task_struct *task, const struct cred *cred, const int cap);
++extern int gr_task_acl_is_capable_nolog(const struct task_struct *task, const int cap);
+extern int gr_chroot_is_capable(const int cap);
+extern int gr_chroot_is_capable_nolog(const int cap);
++extern int gr_task_chroot_is_capable(const struct task_struct *task, const struct cred *cred, const int cap);
++extern int gr_task_chroot_is_capable_nolog(const struct task_struct *task, const int cap);
+#endif
+
+const char *captab_log[] = {
+#endif
+}
+
++int gr_task_is_capable(const struct task_struct *task, const struct cred *cred, const int cap)
++{
++#ifdef CONFIG_GRKERNSEC
++ if (gr_task_acl_is_capable(task, cred, cap) && gr_task_chroot_is_capable(task, cred, cap))
++ return 1;
++ return 0;
++#else
++ return 1;
++#endif
++}
++
+int gr_is_capable_nolog(const int cap)
+{
+#ifdef CONFIG_GRKERNSEC
+#endif
+}
+
++int gr_task_is_capable_nolog(const struct task_struct *task, const int cap)
++{
++#ifdef CONFIG_GRKERNSEC
++ if (gr_task_acl_is_capable_nolog(task, cap) && gr_task_chroot_is_capable_nolog(task, cap))
++ return 1;
++ return 0;
++#else
++ return 1;
++#endif
++}
++
+EXPORT_SYMBOL(gr_is_capable);
+EXPORT_SYMBOL(gr_is_capable_nolog);
++EXPORT_SYMBOL(gr_task_is_capable);
++EXPORT_SYMBOL(gr_task_is_capable_nolog);
diff --git a/grsecurity/grsec_fifo.c b/grsecurity/grsec_fifo.c
new file mode 100644
index 0000000..d3ee748
* The "pgd_xxx()" functions here are trivial for a folded two-level
* setup: the pud is never bad, and a pud always exists (as it's folded
diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h
-index 76bff2b..c7a14e2 100644
+index a03c098..7e5b223 100644
--- a/include/asm-generic/pgtable.h
+++ b/include/asm-generic/pgtable.h
-@@ -443,6 +443,14 @@ static inline int pmd_write(pmd_t pmd)
- #endif /* __HAVE_ARCH_PMD_WRITE */
+@@ -502,6 +502,14 @@ static inline int pmd_trans_unstable(pmd_t *pmd)
#endif
+ }
+#ifndef __HAVE_ARCH_PAX_OPEN_KERNEL
+static inline unsigned long pax_open_kernel(void) { return 0; }
+static inline unsigned long pax_close_kernel(void) { return 0; }
+#endif
+
- #endif /* !__ASSEMBLY__ */
+ #endif /* CONFIG_MMU */
- #endif /* _ASM_GENERIC_PGTABLE_H */
+ #endif /* !__ASSEMBLY__ */
diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h
-index ac68c99..90d3439 100644
+index 9788568..510dece 100644
--- a/include/asm-generic/uaccess.h
+++ b/include/asm-generic/uaccess.h
@@ -76,6 +76,8 @@ extern unsigned long search_exception_table(unsigned long);
static inline long copy_to_user(void __user *to,
const void *from, unsigned long n)
{
-@@ -309,6 +316,8 @@ static inline long strlen_user(const char __user *src)
+@@ -314,6 +321,8 @@ static inline long strlen_user(const char __user *src)
*/
#ifndef __clear_user
static inline __must_check unsigned long
__clear_user(void __user *to, unsigned long n)
{
memset((void __force *)to, 0, n);
-@@ -317,6 +326,8 @@ __clear_user(void __user *to, unsigned long n)
+@@ -322,6 +331,8 @@ __clear_user(void __user *to, unsigned long n)
#endif
static inline __must_check unsigned long
/**
* PERCPU_SECTION - define output section for percpu area, simple version
diff --git a/include/drm/drmP.h b/include/drm/drmP.h
-index bf4b2dc..2d0762f 100644
+index 92f0981..d44a37c 100644
--- a/include/drm/drmP.h
+++ b/include/drm/drmP.h
@@ -72,6 +72,7 @@
struct list_head filelist;
diff --git a/include/drm/drm_crtc_helper.h b/include/drm/drm_crtc_helper.h
-index 73b0712..0b7ef2f 100644
+index 37515d1..34fa8b0 100644
--- a/include/drm/drm_crtc_helper.h
+++ b/include/drm/drm_crtc_helper.h
@@ -74,7 +74,7 @@ struct drm_crtc_helper_funcs {
#define N_MAGIC(exec) ((exec).a_info & 0xffff)
#endif
diff --git a/include/linux/atmdev.h b/include/linux/atmdev.h
-index 49a83ca..df96b54 100644
+index f4ff882..84b53a6 100644
--- a/include/linux/atmdev.h
+++ b/include/linux/atmdev.h
@@ -237,7 +237,7 @@ struct compat_atm_iobuf {
#undef __HANDLE_ITEM
};
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
-index fd88a39..8a801b4 100644
+index 0092102..8a801b4 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
-@@ -18,7 +18,7 @@ struct pt_regs;
- #define BINPRM_BUF_SIZE 128
-
- #ifdef __KERNEL__
--#include <linux/list.h>
-+#include <linux/sched.h>
-
- #define CORENAME_MAX_SIZE 128
-
-@@ -58,6 +58,7 @@ struct linux_binprm {
- unsigned interp_flags;
- unsigned interp_data;
- unsigned long loader, exec;
-+ char tcomm[TASK_COMM_LEN];
- };
-
- #define BINPRM_FLAGS_ENFORCE_NONDUMP_BIT 0
-@@ -88,6 +89,7 @@ struct linux_binfmt {
+@@ -89,6 +89,7 @@ struct linux_binfmt {
int (*load_binary)(struct linux_binprm *, struct pt_regs * regs);
int (*load_shlib)(struct file *);
int (*core_dump)(struct coredump_params *cprm);
};
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
-index 0ed1eb0..3ab569b 100644
+index 606cf33..b72c577 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
-@@ -1315,7 +1315,7 @@ struct block_device_operations {
+@@ -1379,7 +1379,7 @@ struct block_device_operations {
/* this callback is with swap_lock and sometimes page table lock held */
void (*swap_slot_free_notify) (struct block_device *, unsigned long);
struct module *owner;
#define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES)))
#endif
diff --git a/include/linux/capability.h b/include/linux/capability.h
-index a63d13d..069bfd5 100644
+index 12d52de..b5f7fa7 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
-@@ -548,6 +548,9 @@ extern bool capable(int cap);
+@@ -548,6 +548,8 @@ extern bool has_ns_capability_noaudit(struct task_struct *t,
+ extern bool capable(int cap);
extern bool ns_capable(struct user_namespace *ns, int cap);
- extern bool task_ns_capable(struct task_struct *t, int cap);
extern bool nsown_capable(int cap);
-+extern bool task_ns_capable_nolog(struct task_struct *t, int cap);
-+extern bool ns_capable_nolog(struct user_namespace *ns, int cap);
+extern bool capable_nolog(int cap);
++extern bool ns_capable_nolog(struct user_namespace *ns, int cap);
/* audit system wants to get cap info from files as well */
extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
extern struct cleancache_ops
cleancache_register_ops(struct cleancache_ops *ops);
diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
-index dfadc96..d90deca 100644
+index 2f40791..567b215 100644
--- a/include/linux/compiler-gcc4.h
+++ b/include/linux/compiler-gcc4.h
-@@ -31,6 +31,15 @@
-
+@@ -32,6 +32,15 @@
+ #define __linktime_error(message) __attribute__((__error__(message)))
#if __GNUC_MINOR__ >= 5
+
/*
* Mark a position in code as unreachable. This can be used to
* suppress control flow warnings after asm blocks that transfer
-@@ -46,6 +55,11 @@
+@@ -47,6 +56,11 @@
#define __noclone __attribute__((__noclone__))
#endif
#if __GNUC_MINOR__ > 0
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
-index 320d6c9..1221a6b 100644
+index 4a24354..ecaff7a 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -5,31 +5,62 @@
/* Simple shorthand for a section definition */
#ifndef __section
# define __section(S) __attribute__ ((__section__(#S)))
-@@ -306,6 +366,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
+@@ -308,6 +368,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
* use is to mediate communication between process-level code and irq/NMI
* handlers, all running on the same CPU.
*/
/* Architecture code defines this if there are other possible ELF
* machine types, e.g. on bi-arch capable hardware. */
diff --git a/include/linux/cred.h b/include/linux/cred.h
-index 4030896..8d6f342 100644
+index adadf71..6af5560 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -207,6 +207,9 @@ static inline void validate_creds_for_do_exit(struct task_struct *tsk)
#define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1))
diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 2362a0b..cfaf8fcc 100644
+index 7cce0ea..c2085e4 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
-@@ -446,7 +446,7 @@ struct efivar_operations {
+@@ -591,7 +591,7 @@ struct efivar_operations {
efi_get_variable_t *get_variable;
efi_get_next_variable_t *get_next_variable;
efi_set_variable_t *set_variable;
struct efivars {
/*
diff --git a/include/linux/elf.h b/include/linux/elf.h
-index 31f0508..5421c01 100644
+index 999b4f5..57753b4 100644
--- a/include/linux/elf.h
+++ b/include/linux/elf.h
-@@ -49,6 +49,17 @@ typedef __s64 Elf64_Sxword;
+@@ -40,6 +40,17 @@ typedef __s64 Elf64_Sxword;
#define PT_GNU_EH_FRAME 0x6474e550
#define PT_GNU_STACK (PT_LOOS + 0x474e551)
/*
* Extended Numbering
-@@ -106,6 +117,8 @@ typedef __s64 Elf64_Sxword;
+@@ -97,6 +108,8 @@ typedef __s64 Elf64_Sxword;
#define DT_DEBUG 21
#define DT_TEXTREL 22
#define DT_JMPREL 23
#define DT_ENCODING 32
#define OLD_DT_LOOS 0x60000000
#define DT_LOOS 0x6000000d
-@@ -252,6 +265,19 @@ typedef struct elf64_hdr {
+@@ -243,6 +256,19 @@ typedef struct elf64_hdr {
#define PF_W 0x2
#define PF_X 0x1
typedef struct elf32_phdr{
Elf32_Word p_type;
Elf32_Off p_offset;
-@@ -344,6 +370,8 @@ typedef struct elf64_shdr {
+@@ -335,6 +361,8 @@ typedef struct elf64_shdr {
#define EI_OSABI 7
#define EI_PAD 8
#define ELFMAG0 0x7f /* EI_MAG */
#define ELFMAG1 'E'
#define ELFMAG2 'L'
-@@ -423,6 +451,7 @@ extern Elf32_Dyn _DYNAMIC [];
+@@ -421,6 +449,7 @@ extern Elf32_Dyn _DYNAMIC [];
#define elf_note elf32_note
#define elf_addr_t Elf32_Off
#define Elf_Half Elf32_Half
#else
-@@ -433,6 +462,7 @@ extern Elf64_Dyn _DYNAMIC [];
+@@ -431,6 +460,7 @@ extern Elf64_Dyn _DYNAMIC [];
#define elf_note elf64_note
#define elf_addr_t Elf64_Off
#define Elf_Half Elf64_Half
};
diff --git a/include/linux/fs.h b/include/linux/fs.h
-index 10b2288..09180e4 100644
+index f4b6e06..d6ba573 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
-@@ -1609,7 +1609,8 @@ struct file_operations {
+@@ -1628,7 +1628,8 @@ struct file_operations {
int (*setlease)(struct file *, long, struct file_lock **);
long (*fallocate)(struct file *file, int mode, loff_t offset,
loff_t len);
int trace_set_clr_event(const char *system, const char *event, int set);
diff --git a/include/linux/genhd.h b/include/linux/genhd.h
-index c6f7f6a..aa0f7d3 100644
+index e61d319..0da8505 100644
--- a/include/linux/genhd.h
+++ b/include/linux/genhd.h
@@ -185,7 +185,7 @@ struct gendisk {
+#define GR_BADPROCPID_MSG "denied read of sensitive /proc/pid/%s entry via fd passed across exec by "
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
new file mode 100644
-index 0000000..2ccf677
+index 0000000..acd05db
--- /dev/null
+++ b/include/linux/grsecurity.h
-@@ -0,0 +1,229 @@
+@@ -0,0 +1,232 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
+
+int gr_is_capable(const int cap);
+int gr_is_capable_nolog(const int cap);
++int gr_task_is_capable(const struct task_struct *task, const struct cred *cred, const int cap);
++int gr_task_is_capable_nolog(const struct task_struct *task, const int cap);
++
+void gr_learn_resource(const struct task_struct *task, const int limit,
+ const unsigned long wanted, const int gt);
+void gr_copy_label(struct task_struct *tsk);
+
+#endif
diff --git a/include/linux/hid.h b/include/linux/hid.h
-index c235e4e..f0cf7a0 100644
+index 3a95da6..51986f1 100644
--- a/include/linux/hid.h
+++ b/include/linux/hid.h
-@@ -679,7 +679,7 @@ struct hid_ll_driver {
+@@ -696,7 +696,7 @@ struct hid_ll_driver {
unsigned int code, int value);
int (*parse)(struct hid_device *hdev);
unsigned start1, unsigned end1,
unsigned start2, unsigned end2)
diff --git a/include/linux/i2c.h b/include/linux/i2c.h
-index 07d103a..04ec65b 100644
+index 8e25a91..551b161 100644
--- a/include/linux/i2c.h
+++ b/include/linux/i2c.h
@@ -364,6 +364,7 @@ struct i2c_algorithm {
struct list_head context_list; /* list of context id's
and pointers */
#endif
+diff --git a/include/linux/if_team.h b/include/linux/if_team.h
+index 58404b0..439ed95 100644
+--- a/include/linux/if_team.h
++++ b/include/linux/if_team.h
+@@ -64,6 +64,7 @@ struct team_mode_ops {
+ void (*port_leave)(struct team *team, struct team_port *port);
+ void (*port_change_mac)(struct team *team, struct team_port *port);
+ };
++typedef struct team_mode_ops __no_const team_mode_ops_no_const;
+
+ enum team_option_type {
+ TEAM_OPTION_TYPE_U32,
+@@ -112,7 +113,7 @@ struct team {
+ struct list_head option_list;
+
+ const struct team_mode *mode;
+- struct team_mode_ops ops;
++ team_mode_ops_no_const ops;
+ long mode_priv[TEAM_MODE_PRIV_LONGS];
+ };
+
diff --git a/include/linux/init.h b/include/linux/init.h
-index 9146f39..885354d 100644
+index 6b95109..4aca62c 100644
--- a/include/linux/init.h
+++ b/include/linux/init.h
-@@ -293,13 +293,13 @@ void __init parse_early_options(char *cmdline);
+@@ -294,13 +294,13 @@ void __init parse_early_options(char *cmdline);
/* Each module must use one module_init(). */
#define module_init(initfn) \
void cleanup_module(void) __attribute__((alias(#exitfn)));
diff --git a/include/linux/init_task.h b/include/linux/init_task.h
-index 32574ee..00d4ef1 100644
+index 9c66b1a..a3fdded 100644
--- a/include/linux/init_task.h
+++ b/include/linux/init_task.h
-@@ -128,6 +128,12 @@ extern struct cred init_cred;
+@@ -127,6 +127,12 @@ extern struct cred init_cred;
#define INIT_TASK_COMM "swapper"
/*
* INIT_TASK is used to set up the first task table, touch at
* your own risk!. Base=0, limit=0x1fffff (=2MB)
-@@ -166,6 +172,7 @@ extern struct cred init_cred;
+@@ -165,6 +171,7 @@ extern struct cred init_cred;
RCU_INIT_POINTER(.cred, &init_cred), \
.comm = INIT_TASK_COMM, \
.thread = INIT_THREAD, \
/* This macro allows us to keep printk typechecking */
static __printf(1, 2)
diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h
-index fa39183..40160be 100644
+index c4d2fc1..5df9c19 100644
--- a/include/linux/kgdb.h
+++ b/include/linux/kgdb.h
@@ -53,7 +53,7 @@ extern int kgdb_connected;
extern struct task_struct *kgdb_usethread;
extern struct task_struct *kgdb_contthread;
-@@ -251,7 +251,7 @@ struct kgdb_arch {
+@@ -252,7 +252,7 @@ struct kgdb_arch {
void (*disable_hw_break)(struct pt_regs *regs);
void (*remove_all_hw_break)(void);
void (*correct_hw_break)(void);
/**
* struct kgdb_io - Describe the interface for an I/O driver to talk with KGDB.
-@@ -276,7 +276,7 @@ struct kgdb_io {
+@@ -277,7 +277,7 @@ struct kgdb_io {
void (*pre_exception) (void);
void (*post_exception) (void);
int is_console;
extern struct kgdb_arch arch_kgdb_ops;
diff --git a/include/linux/kmod.h b/include/linux/kmod.h
-index b16f653..eb908f4 100644
+index 0fb48ef..1b680b2 100644
--- a/include/linux/kmod.h
+++ b/include/linux/kmod.h
@@ -34,6 +34,8 @@ extern char modprobe_path[]; /* for sysctl */
#define request_module(mod...) __request_module(true, mod)
#define request_module_nowait(mod...) __request_module(false, mod)
#define try_then_request_module(x, mod...) \
+diff --git a/include/linux/kref.h b/include/linux/kref.h
+index 9c07dce..a92fa71 100644
+--- a/include/linux/kref.h
++++ b/include/linux/kref.h
+@@ -63,7 +63,7 @@ static inline void kref_get(struct kref *kref)
+ static inline int kref_sub(struct kref *kref, unsigned int count,
+ void (*release)(struct kref *kref))
+ {
+- WARN_ON(release == NULL);
++ BUG_ON(release == NULL);
+
+ if (atomic_sub_and_test((int) count, &kref->refcount)) {
+ release(kref);
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
-index d526231..c9599fc 100644
+index 4c4e83d..5f16617 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
-@@ -308,7 +308,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu);
+@@ -326,7 +326,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu);
void vcpu_load(struct kvm_vcpu *vcpu);
void vcpu_put(struct kvm_vcpu *vcpu);
struct module *module);
void kvm_exit(void);
-@@ -385,20 +385,20 @@ void kvm_get_pfn(pfn_t pfn);
+@@ -416,20 +416,20 @@ void kvm_get_pfn(pfn_t pfn);
int kvm_read_guest_page(struct kvm *kvm, gfn_t gfn, void *data, int offset,
int len);
int kvm_read_guest_atomic(struct kvm *kvm, gpa_t gpa, void *data,
struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn);
int kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn);
unsigned long kvm_host_page_size(struct kvm *kvm, gfn_t gfn);
-@@ -454,7 +454,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
+@@ -485,7 +485,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
struct kvm_guest_debug *dbg);
int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run);
void kvm_arch_exit(void);
int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu);
-@@ -690,7 +690,7 @@ int kvm_setup_default_irq_routing(struct kvm *kvm);
+@@ -727,7 +727,7 @@ int kvm_setup_default_irq_routing(struct kvm *kvm);
int kvm_set_irq_routing(struct kvm *kvm,
const struct kvm_irq_routing_entry *entries,
unsigned nr,
struct mca_bus {
u64 default_dma_mask;
diff --git a/include/linux/memory.h b/include/linux/memory.h
-index 935699b..11042cc 100644
+index 1ac7f6e..a5794d0 100644
--- a/include/linux/memory.h
+++ b/include/linux/memory.h
-@@ -144,7 +144,7 @@ struct memory_accessor {
+@@ -143,7 +143,7 @@ struct memory_accessor {
size_t count);
ssize_t (*write)(struct memory_accessor *, const char *buf,
off_t offset, size_t count);
int abx500_register_ops(struct device *core_dev, struct abx500_ops *ops);
void abx500_remove_ops(struct device *dev);
diff --git a/include/linux/mm.h b/include/linux/mm.h
-index 4baadd1..2e0b45e 100644
+index 17b27cd..baea141 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -115,7 +115,14 @@ extern unsigned int kobjsize(const void *objp);
int vma_wants_writenotify(struct vm_area_struct *vma);
extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr,
-@@ -1419,6 +1407,7 @@ out:
+@@ -1152,8 +1140,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd,
+ {
+ return 0;
+ }
++
++static inline int __pud_alloc_kernel(struct mm_struct *mm, pgd_t *pgd,
++ unsigned long address)
++{
++ return 0;
++}
+ #else
+ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address);
++int __pud_alloc_kernel(struct mm_struct *mm, pgd_t *pgd, unsigned long address);
+ #endif
+
+ #ifdef __PAGETABLE_PMD_FOLDED
+@@ -1162,8 +1157,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud,
+ {
+ return 0;
+ }
++
++static inline int __pmd_alloc_kernel(struct mm_struct *mm, pud_t *pud,
++ unsigned long address)
++{
++ return 0;
++}
+ #else
+ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address);
++int __pmd_alloc_kernel(struct mm_struct *mm, pud_t *pud, unsigned long address);
+ #endif
+
+ int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -1181,11 +1183,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a
+ NULL: pud_offset(pgd, address);
+ }
+
++static inline pud_t *pud_alloc_kernel(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
++{
++ return (unlikely(pgd_none(*pgd)) && __pud_alloc_kernel(mm, pgd, address))?
++ NULL: pud_offset(pgd, address);
++}
++
+ static inline pmd_t *pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
+ {
+ return (unlikely(pud_none(*pud)) && __pmd_alloc(mm, pud, address))?
+ NULL: pmd_offset(pud, address);
+ }
++
++static inline pmd_t *pmd_alloc_kernel(struct mm_struct *mm, pud_t *pud, unsigned long address)
++{
++ return (unlikely(pud_none(*pud)) && __pmd_alloc_kernel(mm, pud, address))?
++ NULL: pmd_offset(pud, address);
++}
+ #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */
+
+ #if USE_SPLIT_PTLOCKS
+@@ -1409,6 +1423,7 @@ out:
}
extern int do_munmap(struct mm_struct *, unsigned long, size_t);
extern unsigned long do_brk(unsigned long, unsigned long);
-@@ -1476,6 +1465,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
+@@ -1466,6 +1481,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
struct vm_area_struct **pprev);
/* Look up the first VMA which intersects the interval start_addr..end_addr-1,
NULL if none. Assume start_addr < end_addr. */
static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
-@@ -1492,15 +1485,6 @@ static inline unsigned long vma_pages(struct vm_area_struct *vma)
- return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT;
+@@ -1494,15 +1513,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
+ return vma;
}
-#ifdef CONFIG_MMU
struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr);
int remap_pfn_range(struct vm_area_struct *, unsigned long addr,
unsigned long pfn, unsigned long size, pgprot_t);
-@@ -1614,7 +1598,7 @@ extern int unpoison_memory(unsigned long pfn);
+@@ -1606,7 +1616,7 @@ extern int unpoison_memory(unsigned long pfn);
extern int sysctl_memory_failure_early_kill;
extern int sysctl_memory_failure_recovery;
extern void shake_page(struct page *p, int access);
extern int soft_offline_page(struct page *page, int flags);
extern void dump_page(struct page *page);
-@@ -1628,5 +1612,11 @@ extern void copy_user_huge_page(struct page *dst, struct page *src,
- unsigned int pages_per_huge_page);
- #endif /* CONFIG_TRANSPARENT_HUGEPAGE || CONFIG_HUGETLBFS */
+@@ -1637,5 +1647,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; }
+ static inline bool page_is_guard(struct page *page) { return false; }
+ #endif /* CONFIG_DEBUG_PAGEALLOC */
+#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
+extern void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot);
#endif /* __KERNEL__ */
#endif /* _LINUX_MM_H */
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
-index 5b42f1b..759e4b4 100644
+index 3cc3062..efeaeb7 100644
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
-@@ -253,6 +253,8 @@ struct vm_area_struct {
+@@ -252,6 +252,8 @@ struct vm_area_struct {
#ifdef CONFIG_NUMA
struct mempolicy *vm_policy; /* NUMA policy for the VMA */
#endif
};
struct core_thread {
-@@ -389,6 +391,24 @@ struct mm_struct {
+@@ -326,7 +328,7 @@ struct mm_struct {
+ unsigned long def_flags;
+ unsigned long nr_ptes; /* Page table pages */
+ unsigned long start_code, end_code, start_data, end_data;
+- unsigned long start_brk, brk, start_stack;
++ unsigned long brk_gap, start_brk, brk, start_stack;
+ unsigned long arg_start, arg_end, env_start, env_end;
+
+ unsigned long saved_auxv[AT_VECTOR_SIZE]; /* for /proc/PID/auxv */
+@@ -388,6 +390,24 @@ struct mm_struct {
#ifdef CONFIG_CPUMASK_OFFSTACK
struct cpumask cpumask_allocation;
#endif
+
-+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
++#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_XATTR_PAX_FLAGS) || defined(CONFIG_PAX_HAVE_ACL_FLAGS) || defined(CONFIG_PAX_HOOK_ACL_FLAGS)
+ unsigned long pax_flags;
+#endif
+
#define pmdp_clear_flush_notify(__vma, __address, __pmdp) \
diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
-index 188cb2f..d78409b 100644
+index 650ba2f..af0a58c 100644
--- a/include/linux/mmzone.h
+++ b/include/linux/mmzone.h
-@@ -369,7 +369,7 @@ struct zone {
+@@ -379,7 +379,7 @@ struct zone {
unsigned long flags; /* zone flags, see below */
/* Zone statistics */
/*
* The target ratio of ACTIVE_ANON to INACTIVE_ANON pages on
diff --git a/include/linux/mod_devicetable.h b/include/linux/mod_devicetable.h
-index 468819c..17b9db3 100644
+index 83ac071..2656e0e 100644
--- a/include/linux/mod_devicetable.h
+++ b/include/linux/mod_devicetable.h
@@ -12,7 +12,7 @@
struct hid_device_id {
__u16 bus;
diff --git a/include/linux/module.h b/include/linux/module.h
-index 3cb7839..511cb87 100644
+index 4598bf0..e069d7f 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -17,6 +17,7 @@
#include <linux/percpu.h>
#include <asm/module.h>
-@@ -261,19 +262,16 @@ struct module
+@@ -275,19 +276,16 @@ struct module
int (*init)(void);
/* If this is non-NULL, vfree after init() returns */
/* Arch-specific module values */
struct mod_arch_specific arch;
-@@ -329,6 +327,10 @@ struct module
+@@ -343,6 +341,10 @@ struct module
#ifdef CONFIG_EVENT_TRACING
struct ftrace_event_call **trace_events;
unsigned int num_trace_events;
#endif
#ifdef CONFIG_FTRACE_MCOUNT_RECORD
unsigned int num_ftrace_callsites;
-@@ -379,16 +381,46 @@ bool is_module_address(unsigned long addr);
+@@ -390,16 +392,46 @@ bool is_module_address(unsigned long addr);
bool is_module_percpu_address(unsigned long addr);
bool is_module_text_address(unsigned long addr);
/* Search for module by name: must hold module_mutex. */
diff --git a/include/linux/moduleloader.h b/include/linux/moduleloader.h
-index b2be02e..edb10c9 100644
+index b2be02e..72d2f78 100644
--- a/include/linux/moduleloader.h
+++ b/include/linux/moduleloader.h
@@ -23,11 +23,23 @@ unsigned int arch_mod_section_prepend(struct module *mod, unsigned int section);
+void *module_alloc(unsigned long size) __size_overflow(1);
+
+#ifdef CONFIG_PAX_KERNEXEC
-+void *module_alloc_exec(unsigned long size);
++void *module_alloc_exec(unsigned long size) __size_overflow(1);
+#else
+#define module_alloc_exec(x) module_alloc(x)
+#endif
or 0. */
int apply_relocate(Elf_Shdr *sechdrs,
diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h
-index 7939f63..ec6df57 100644
+index c47f4d6..23f9bdb 100644
--- a/include/linux/moduleparam.h
+++ b/include/linux/moduleparam.h
@@ -260,7 +260,7 @@ static inline void __kernel_param_unlock(void)
= { len, string }; \
__module_param_call(MODULE_PARAM_PREFIX, name, \
¶m_ops_string, \
-@@ -395,7 +395,7 @@ extern int param_get_invbool(char *buffer, const struct kernel_param *kp);
- * module_param_named() for why this might be necessary.
+@@ -396,7 +396,7 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp);
*/
#define module_param_array_named(name, array, type, nump, perm) \
+ param_check_##type(name, &(array)[0]); \
- static const struct kparam_array __param_arr_##name \
+ static const struct kparam_array __param_arr_##name __used \
= { .max = ARRAY_SIZE(array), .num = nump, \
.ops = ¶m_ops_##type, \
.elemsize = sizeof(array[0]), .elem = array }; \
-diff --git a/include/linux/mtd/map.h b/include/linux/mtd/map.h
-index a9e6ba4..0f9e29b 100644
---- a/include/linux/mtd/map.h
-+++ b/include/linux/mtd/map.h
-@@ -25,6 +25,7 @@
- #include <linux/types.h>
- #include <linux/list.h>
- #include <linux/string.h>
-+#include <linux/kernel.h>
- #include <linux/bug.h>
-
-
diff --git a/include/linux/namei.h b/include/linux/namei.h
index ffc0213..2c1f2cb 100644
--- a/include/linux/namei.h
return nd->saved_names[nd->depth];
}
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
-index a82ad4d..90d15b7 100644
+index 7e472b7..212d381 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
-@@ -949,6 +949,7 @@ struct net_device_ops {
- int (*ndo_set_features)(struct net_device *dev,
- u32 features);
+@@ -1002,6 +1002,7 @@ struct net_device_ops {
+ int (*ndo_neigh_construct)(struct neighbour *n);
+ void (*ndo_neigh_destroy)(struct neighbour *n);
};
+typedef struct net_device_ops __no_const net_device_ops_no_const;
/*
* The DEVICE structure.
-@@ -1088,7 +1089,7 @@ struct net_device {
+@@ -1063,7 +1064,7 @@ struct net_device {
int iflink;
struct net_device_stats stats;
atomic_t refcnt;
unsigned int max_seq_nr;
diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
-index b1f8912..c955bff 100644
+index abb2776..d8b8e15 100644
--- a/include/linux/perf_event.h
+++ b/include/linux/perf_event.h
-@@ -748,8 +748,8 @@ struct perf_event {
+@@ -750,8 +750,8 @@ struct perf_event {
enum perf_event_active_state state;
unsigned int attach_state;
/*
* These are the total time in nanoseconds that the event
-@@ -800,8 +800,8 @@ struct perf_event {
+@@ -802,8 +802,8 @@ struct perf_event {
* These accumulate total time (in nanoseconds) that children
* events have been enabled and running, respectively.
*/
/*
diff --git a/include/linux/pipe_fs_i.h b/include/linux/pipe_fs_i.h
-index 77257c9..51d473a 100644
+index 0072a53..c5dcca5 100644
--- a/include/linux/pipe_fs_i.h
+++ b/include/linux/pipe_fs_i.h
-@@ -46,9 +46,9 @@ struct pipe_buffer {
+@@ -47,9 +47,9 @@ struct pipe_buffer {
struct pipe_inode_info {
wait_queue_head_t wait;
unsigned int nrbufs, curbuf, buffers;
unsigned int w_counter;
struct page *tmp_page;
diff --git a/include/linux/pm_runtime.h b/include/linux/pm_runtime.h
-index d3085e7..fd01052 100644
+index 609daae..5392427 100644
--- a/include/linux/pm_runtime.h
+++ b/include/linux/pm_runtime.h
-@@ -95,7 +95,7 @@ static inline bool pm_runtime_callbacks_present(struct device *dev)
+@@ -97,7 +97,7 @@ static inline bool pm_runtime_callbacks_present(struct device *dev)
static inline void pm_runtime_mark_last_busy(struct device *dev)
{
#else /* !CONFIG_PM_RUNTIME */
diff --git a/include/linux/poison.h b/include/linux/poison.h
-index 79159de..f1233a9 100644
+index 2110a81..13a11bb 100644
--- a/include/linux/poison.h
+++ b/include/linux/poison.h
@@ -19,8 +19,8 @@
/**
* preempt_notifier - key for installing preemption notifiers
diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
-index 643b96c..ef55a9c 100644
+index 85c5073..51fac8b 100644
--- a/include/linux/proc_fs.h
+++ b/include/linux/proc_fs.h
-@@ -155,6 +155,19 @@ static inline struct proc_dir_entry *proc_create(const char *name, mode_t mode,
+@@ -155,6 +155,18 @@ static inline struct proc_dir_entry *proc_create(const char *name, umode_t mode,
return proc_create_data(name, mode, parent, proc_fops, NULL);
}
-+static inline struct proc_dir_entry *proc_create_grsec(const char *name, mode_t mode,
++static inline struct proc_dir_entry *proc_create_grsec(const char *name, umode_t mode,
+ struct proc_dir_entry *parent, const struct file_operations *proc_fops)
+{
+#ifdef CONFIG_GRKERNSEC_PROC_USER
+ return proc_create_data(name, mode, parent, proc_fops, NULL);
+#endif
+}
-+
+
static inline struct proc_dir_entry *create_proc_read_entry(const char *name,
- mode_t mode, struct proc_dir_entry *base,
+ umode_t mode, struct proc_dir_entry *base,
read_proc_t *read_proc, void * data)
-@@ -258,7 +271,7 @@ union proc_op {
+@@ -258,7 +270,7 @@ union proc_op {
int (*proc_show)(struct seq_file *m,
struct pid_namespace *ns, struct pid *pid,
struct task_struct *task);
struct ctl_table_header;
struct ctl_table;
diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
-index 800f113..e9ee2e3 100644
+index c2f1f6a..6fdb196 100644
--- a/include/linux/ptrace.h
+++ b/include/linux/ptrace.h
-@@ -129,10 +129,12 @@ extern void __ptrace_unlink(struct task_struct *child);
- extern void exit_ptrace(struct task_struct *tracer);
- #define PTRACE_MODE_READ 1
- #define PTRACE_MODE_ATTACH 2
--/* Returns 0 on success, -errno on denial. */
--extern int __ptrace_may_access(struct task_struct *task, unsigned int mode);
- /* Returns true on success, false on denial. */
- extern bool ptrace_may_access(struct task_struct *task, unsigned int mode);
-+/* Returns true on success, false on denial. */
-+extern bool ptrace_may_access_log(struct task_struct *task, unsigned int mode);
-+/* Returns true on success, false on denial. */
-+extern bool ptrace_may_access_nolock(struct task_struct *task, unsigned int mode);
-
- static inline int ptrace_reparented(struct task_struct *child)
- {
+@@ -199,9 +199,10 @@ static inline void ptrace_event(int event, unsigned long message)
+ if (unlikely(ptrace_event_enabled(current, event))) {
+ current->ptrace_message = message;
+ ptrace_notify((event << 8) | SIGTRAP);
+- } else if (event == PTRACE_EVENT_EXEC && unlikely(current->ptrace)) {
++ } else if (event == PTRACE_EVENT_EXEC) {
+ /* legacy EXEC report via SIGTRAP */
+- send_sig(SIGTRAP, current, 0);
++ if ((current->ptrace & (PT_PTRACED|PT_SEIZED)) == PT_PTRACED)
++ send_sig(SIGTRAP, current, 0);
+ }
+ }
+
diff --git a/include/linux/random.h b/include/linux/random.h
index 8f74538..02a1012 100644
--- a/include/linux/random.h
#endif
diff --git a/include/linux/reiserfs_fs.h b/include/linux/reiserfs_fs.h
-index 96d465f..b084e05 100644
+index 2213ddc..650212a 100644
--- a/include/linux/reiserfs_fs.h
+++ b/include/linux/reiserfs_fs.h
@@ -1406,7 +1406,7 @@ static inline loff_t max_reiserfs_offset(struct inode *inode)
#define __fs_changed(gen,s) (gen != get_generation (s))
#define fs_changed(gen,s) \
diff --git a/include/linux/reiserfs_fs_sb.h b/include/linux/reiserfs_fs_sb.h
-index 52c83b6..18ed7eb 100644
+index 8c9e85c..1698e9a 100644
--- a/include/linux/reiserfs_fs_sb.h
+++ b/include/linux/reiserfs_fs_sb.h
@@ -386,7 +386,7 @@ struct reiserfs_sb_info {
unsigned long s_properties; /* File system properties. Currently holds
on-disk FS format */
diff --git a/include/linux/relay.h b/include/linux/relay.h
-index 14a86bc..17d0700 100644
+index a822fd7..62b70f6 100644
--- a/include/linux/relay.h
+++ b/include/linux/relay.h
@@ -159,7 +159,7 @@ struct rchan_callbacks
#define RIO_RESOURCE_MEM 0x00000100
#define RIO_RESOURCE_DOORBELL 0x00000200
diff --git a/include/linux/rmap.h b/include/linux/rmap.h
-index 2148b12..519b820 100644
+index 1cdd62a..e399f0d 100644
--- a/include/linux/rmap.h
+++ b/include/linux/rmap.h
-@@ -119,8 +119,8 @@ static inline void anon_vma_unlock(struct anon_vma *anon_vma)
+@@ -119,9 +119,9 @@ static inline void anon_vma_unlock(struct anon_vma *anon_vma)
void anon_vma_init(void); /* create anon_vma_cachep */
int anon_vma_prepare(struct vm_area_struct *);
void unlink_anon_vmas(struct vm_area_struct *);
-int anon_vma_clone(struct vm_area_struct *, struct vm_area_struct *);
--int anon_vma_fork(struct vm_area_struct *, struct vm_area_struct *);
+int anon_vma_clone(struct vm_area_struct *, const struct vm_area_struct *);
+ void anon_vma_moveto_tail(struct vm_area_struct *);
+-int anon_vma_fork(struct vm_area_struct *, struct vm_area_struct *);
+int anon_vma_fork(struct vm_area_struct *, const struct vm_area_struct *);
void __anon_vma_link(struct vm_area_struct *);
static inline void anon_vma_merge(struct vm_area_struct *vma,
diff --git a/include/linux/sched.h b/include/linux/sched.h
-index 1c4f3e9..342eb1f 100644
+index 0657368..765f70f 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -101,6 +101,7 @@ struct bio_list;
/*
* List of flags we want to share for kernel threads,
-@@ -380,10 +381,13 @@ struct user_namespace;
+@@ -382,10 +383,13 @@ struct user_namespace;
#define DEFAULT_MAX_MAP_COUNT (USHRT_MAX - MAPCOUNT_ELF_CORE_MARGIN)
extern int sysctl_max_map_count;
extern void arch_pick_mmap_layout(struct mm_struct *mm);
extern unsigned long
arch_get_unmapped_area(struct file *, unsigned long, unsigned long,
-@@ -629,6 +633,17 @@ struct signal_struct {
+@@ -631,6 +635,17 @@ struct signal_struct {
#ifdef CONFIG_TASKSTATS
struct taskstats *stats;
#endif
#ifdef CONFIG_AUDIT
unsigned audit_tty;
struct tty_audit_buf *tty_audit_buf;
-@@ -710,6 +725,11 @@ struct user_struct {
+@@ -714,6 +729,11 @@ struct user_struct {
struct key *session_keyring; /* UID's default session keyring */
#endif
/* Hash table maintenance information */
struct hlist_node uidhash_node;
uid_t uid;
-@@ -1337,8 +1357,8 @@ struct task_struct {
+@@ -1354,8 +1374,8 @@ struct task_struct {
struct list_head thread_group;
struct completion *vfork_done; /* for vfork() */
cputime_t utime, stime, utimescaled, stimescaled;
cputime_t gtime;
-@@ -1354,13 +1374,6 @@ struct task_struct {
+@@ -1371,13 +1391,6 @@ struct task_struct {
struct task_cputime cputime_expires;
struct list_head cpu_timers[3];
char comm[TASK_COMM_LEN]; /* executable name excluding path
- access with [gs]et_task_comm (which lock
it with task_lock())
-@@ -1377,8 +1390,16 @@ struct task_struct {
+@@ -1394,8 +1407,16 @@ struct task_struct {
#endif
/* CPU-specific state of this task */
struct thread_struct thread;
/* open file information */
struct files_struct *files;
/* namespaces */
-@@ -1425,6 +1446,11 @@ struct task_struct {
+@@ -1442,6 +1463,11 @@ struct task_struct {
struct rt_mutex_waiter *pi_blocked_on;
#endif
#ifdef CONFIG_DEBUG_MUTEXES
/* mutex deadlock detection */
struct mutex_waiter *blocked_on;
-@@ -1540,6 +1566,27 @@ struct task_struct {
+@@ -1558,6 +1584,27 @@ struct task_struct {
unsigned long default_timer_slack_ns;
struct list_head *scm_work_list;
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
/* Index of current stored address in ret_stack */
int curr_ret_stack;
-@@ -1574,6 +1621,51 @@ struct task_struct {
+@@ -1592,6 +1639,51 @@ struct task_struct {
#endif
};
/* Future-safe accessor for struct task_struct's cpus_allowed. */
#define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed)
-@@ -2081,7 +2173,9 @@ void yield(void);
+@@ -2104,7 +2196,9 @@ void yield(void);
extern struct exec_domain default_exec_domain;
union thread_union {
unsigned long stack[THREAD_SIZE/sizeof(long)];
};
-@@ -2114,6 +2208,7 @@ extern struct pid_namespace init_pid_ns;
+@@ -2137,6 +2231,7 @@ extern struct pid_namespace init_pid_ns;
*/
extern struct task_struct *find_task_by_vpid(pid_t nr);
extern struct task_struct *find_task_by_pid_ns(pid_t nr,
struct pid_namespace *ns);
-@@ -2235,6 +2330,12 @@ static inline void mmdrop(struct mm_struct * mm)
- extern void mmput(struct mm_struct *);
- /* Grab a reference to a task's mm, if it is not already going away */
- extern struct mm_struct *get_task_mm(struct task_struct *task);
-+/*
-+ * Grab a reference to a task's mm, if it is not already going away
-+ * and ptrace_may_access with the mode parameter passed to it
-+ * succeeds.
-+ */
-+extern struct mm_struct *mm_access(struct task_struct *task, unsigned int mode);
- /* Remove the current tasks stale references to the old mm_struct */
- extern void mm_release(struct task_struct *, struct mm_struct *);
- /* Allocate a new mm structure and copy contents from tsk->mm */
-@@ -2251,7 +2352,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
+@@ -2280,7 +2375,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
extern void exit_itimers(struct signal_struct *);
extern void flush_itimer_signals(void);
--extern NORET_TYPE void do_group_exit(int);
+-extern void do_group_exit(int);
+extern __noreturn void do_group_exit(int);
extern void daemonize(const char *, ...);
extern int allow_signal(int);
-@@ -2416,13 +2517,17 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
+@@ -2478,13 +2573,17 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
#endif
#define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */
diff --git a/include/linux/security.h b/include/linux/security.h
-index e8c619d..e0cbd1c 100644
+index 83c18e8..2d98860 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -37,6 +37,7 @@
/* Maximum number of letters for an LSM name string */
diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h
-index 0b69a46..b2ffa4c 100644
+index 44f1514..2bbf6c1 100644
--- a/include/linux/seq_file.h
+++ b/include/linux/seq_file.h
@@ -24,6 +24,9 @@ struct seq_file {
/* shm_mode upper byte flags */
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index 6cf8b53..bcce844 100644
+index 42854ce..3b7d3c8 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
-@@ -642,7 +642,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb)
+@@ -655,7 +655,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb)
*/
static inline int skb_queue_empty(const struct sk_buff_head *list)
{
}
/**
-@@ -655,7 +655,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list)
+@@ -668,7 +668,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list)
static inline bool skb_queue_is_last(const struct sk_buff_head *list,
const struct sk_buff *skb)
{
}
/**
-@@ -668,7 +668,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list,
+@@ -681,7 +681,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list,
static inline bool skb_queue_is_first(const struct sk_buff_head *list,
const struct sk_buff *skb)
{
}
/**
-@@ -1533,7 +1533,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
+@@ -1558,7 +1558,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
* NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8)
*/
#ifndef NET_SKB_PAD
__kmalloc_node_track_caller(size, flags, node, \
_RET_IP_)
diff --git a/include/linux/slab_def.h b/include/linux/slab_def.h
-index d00e0ba..d61fb1f 100644
+index fbd1117..c0bd874 100644
--- a/include/linux/slab_def.h
+++ b/include/linux/slab_def.h
-@@ -68,10 +68,10 @@ struct kmem_cache {
+@@ -66,10 +66,10 @@ struct kmem_cache {
unsigned long node_allocs;
unsigned long node_frees;
unsigned long node_overflow;
/*
* If debugging is enabled, then the allocator can add additional
-@@ -109,7 +109,7 @@ struct cache_sizes {
+@@ -107,7 +107,7 @@ struct cache_sizes {
extern struct cache_sizes malloc_sizes[];
void *kmem_cache_alloc(struct kmem_cache *, gfp_t);
#ifdef CONFIG_TRACING
extern void *kmem_cache_alloc_trace(size_t size,
-@@ -127,6 +127,7 @@ static inline size_t slab_buffer_size(struct kmem_cache *cachep)
+@@ -125,6 +125,7 @@ static inline size_t slab_buffer_size(struct kmem_cache *cachep)
}
#endif
static __always_inline void *kmalloc(size_t size, gfp_t flags)
{
struct kmem_cache *cachep;
-@@ -162,7 +163,7 @@ found:
+@@ -160,7 +161,7 @@ found:
}
#ifdef CONFIG_NUMA
extern void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node);
#ifdef CONFIG_TRACING
-@@ -181,6 +182,7 @@ kmem_cache_alloc_node_trace(size_t size,
+@@ -179,6 +180,7 @@ kmem_cache_alloc_node_trace(size_t size,
}
#endif
__SONET_ITEMS
#undef __HANDLE_ITEM
};
+diff --git a/include/linux/stddef.h b/include/linux/stddef.h
+index 6a40c76..1747b67 100644
+--- a/include/linux/stddef.h
++++ b/include/linux/stddef.h
+@@ -3,14 +3,10 @@
+
+ #include <linux/compiler.h>
+
++#ifdef __KERNEL__
++
+ #undef NULL
+-#if defined(__cplusplus)
+-#define NULL 0
+-#else
+ #define NULL ((void *)0)
+-#endif
+-
+-#ifdef __KERNEL__
+
+ enum {
+ false = 0,
diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h
-index 3d8f9c4..69f1c0a 100644
+index 2c5993a..b0e79f0 100644
--- a/include/linux/sunrpc/clnt.h
+++ b/include/linux/sunrpc/clnt.h
@@ -172,9 +172,9 @@ static inline unsigned short rpc_get_port(const struct sockaddr *sap)
#define RPCRDMA_VERSION 1
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
-index 703cfa33..0b8ca72ac 100644
+index bb9127d..34ab358 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -155,7 +155,11 @@ enum
struct tty_ldisc {
diff --git a/include/linux/types.h b/include/linux/types.h
-index 57a9723..dbe234a 100644
+index e5fa503..df6e8a4 100644
--- a/include/linux/types.h
+++ b/include/linux/types.h
-@@ -213,10 +213,26 @@ typedef struct {
+@@ -214,10 +214,26 @@ typedef struct {
int counter;
} atomic_t;
static inline void put_unaligned_le16(u16 val, void *p)
diff --git a/include/linux/usb/renesas_usbhs.h b/include/linux/usb/renesas_usbhs.h
-index e5a40c3..20ab0f6 100644
+index 0d3f988..000f101 100644
--- a/include/linux/usb/renesas_usbhs.h
+++ b/include/linux/usb/renesas_usbhs.h
@@ -39,7 +39,7 @@ enum {
/*
* callback functions for platform
-@@ -89,7 +89,7 @@ struct renesas_usbhs_platform_callback {
+@@ -97,7 +97,7 @@ struct renesas_usbhs_platform_callback {
* VBUS control is needed for Host
*/
int (*set_vbus)(struct platform_device *pdev, int enable);
+ MODULE_GRSEC
diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h
-index 4bde182..c42a656 100644
+index dcdfc2b..cce598d 100644
--- a/include/linux/vmalloc.h
+++ b/include/linux/vmalloc.h
@@ -14,6 +14,11 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */
/*
* Newer version of video_device, handled by videodev2.c
diff --git a/include/media/v4l2-ioctl.h b/include/media/v4l2-ioctl.h
-index 4d1c74a..65e1221 100644
+index 3f5d60f..44210ed 100644
--- a/include/media/v4l2-ioctl.h
+++ b/include/media/v4l2-ioctl.h
-@@ -274,7 +274,7 @@ struct v4l2_ioctl_ops {
+@@ -278,7 +278,7 @@ struct v4l2_ioctl_ops {
long (*vidioc_default) (struct file *file, void *fh,
bool valid_prio, int cmd, void *arg);
};
/* Protects from simultaneous access to first_req list */
spinlock_t info_list_lock;
diff --git a/include/net/flow.h b/include/net/flow.h
-index 2a7eefd..3250f3b 100644
+index 6c469db..7743b8e 100644
--- a/include/net/flow.h
+++ b/include/net/flow.h
-@@ -218,6 +218,6 @@ extern struct flow_cache_object *flow_cache_lookup(
+@@ -221,6 +221,6 @@ extern struct flow_cache_object *flow_cache_lookup(
extern void flow_cache_flush(void);
extern void flow_cache_flush_deferred(void);
#endif
diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h
-index e9ff3fc..9d3e5c7 100644
+index b94765e..053f68b 100644
--- a/include/net/inetpeer.h
+++ b/include/net/inetpeer.h
@@ -48,8 +48,8 @@ struct inet_peer {
__u32 tcp_ts;
__u32 tcp_ts_stamp;
};
-@@ -113,11 +113,11 @@ static inline int inet_getid(struct inet_peer *p, int more)
+@@ -115,11 +115,11 @@ static inline int inet_getid(struct inet_peer *p, int more)
more++;
inet_peer_refcheck(p);
do {
fib_info_update_nh_saddr((net), &FIB_RES_NH(res)))
#define FIB_RES_GW(res) (FIB_RES_NH(res).nh_gw)
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
-index e5a7b9a..f4fc44b 100644
+index ebe517f..1bd286b 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -509,7 +509,7 @@ struct ip_vs_conn {
/* Protect concurent access to :
* o self->open_count
diff --git a/include/net/iucv/af_iucv.h b/include/net/iucv/af_iucv.h
-index f2419cf..473679f 100644
+index 0954ec9..7413562 100644
--- a/include/net/iucv/af_iucv.h
+++ b/include/net/iucv/af_iucv.h
-@@ -139,7 +139,7 @@ struct iucv_sock {
+@@ -138,7 +138,7 @@ struct iucv_sock {
struct iucv_sock_list {
struct hlist_head head;
rwlock_t lock;
unsigned int iucv_sock_poll(struct file *file, struct socket *sock,
diff --git a/include/net/neighbour.h b/include/net/neighbour.h
-index 2720884..3aa5c25 100644
+index 34c996f..bb3b4d4 100644
--- a/include/net/neighbour.h
+++ b/include/net/neighbour.h
-@@ -122,7 +122,7 @@ struct neigh_ops {
+@@ -123,7 +123,7 @@ struct neigh_ops {
void (*error_report)(struct neighbour *, struct sk_buff *);
int (*output)(struct neighbour *, struct sk_buff *);
int (*connected_output)(struct neighbour *, struct sk_buff *);
/**
diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
-index d786b4f..4c3dd41 100644
+index bbd023a..97c6d0d 100644
--- a/include/net/netns/ipv4.h
+++ b/include/net/netns/ipv4.h
-@@ -56,8 +56,8 @@ struct netns_ipv4 {
-
+@@ -57,8 +57,8 @@ struct netns_ipv4 {
unsigned int sysctl_ping_group_range[2];
+ long sysctl_tcp_mem[3];
- atomic_t rt_genid;
- atomic_t dev_addr_genid;
#ifdef CONFIG_IP_MROUTE
#ifndef CONFIG_IP_MROUTE_MULTIPLE_TABLES
diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
-index 6a72a58..e6a127d 100644
+index d368561..96aaa17 100644
--- a/include/net/sctp/sctp.h
+++ b/include/net/sctp/sctp.h
@@ -318,9 +318,9 @@ do { \
#define SCTP_DISABLE_DEBUG
#define SCTP_ASSERT(expr, str, func)
diff --git a/include/net/sock.h b/include/net/sock.h
-index 32e3937..87a1dbc 100644
+index 91c1c8b..15ae923 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
-@@ -277,7 +277,7 @@ struct sock {
+@@ -299,7 +299,7 @@ struct sock {
#ifdef CONFIG_RPS
__u32 sk_rxhash;
#endif
int sk_rcvbuf;
struct sk_filter __rcu *sk_filter;
-@@ -1402,7 +1402,7 @@ static inline void sk_nocaps_add(struct sock *sk, int flags)
+@@ -1660,7 +1660,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
}
static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb,
{
if (skb->ip_summed == CHECKSUM_NONE) {
diff --git a/include/net/tcp.h b/include/net/tcp.h
-index bb18c4d..bb87972 100644
+index 2d80c29..aa07caf 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
-@@ -1409,7 +1409,7 @@ struct tcp_seq_afinfo {
+@@ -1426,7 +1426,7 @@ struct tcp_seq_afinfo {
char *name;
sa_family_t family;
const struct file_operations *seq_fops;
struct tcp_iter_state {
diff --git a/include/net/udp.h b/include/net/udp.h
-index 3b285f4..0219639 100644
+index e39592f..fef9680 100644
--- a/include/net/udp.h
+++ b/include/net/udp.h
-@@ -237,7 +237,7 @@ struct udp_seq_afinfo {
+@@ -243,7 +243,7 @@ struct udp_seq_afinfo {
sa_family_t family;
struct udp_table *udp_table;
const struct file_operations *seq_fops;
struct udp_iter_state {
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
-index b203e14..1df3991 100644
+index 89174e2..1f82598 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -505,7 +505,7 @@ struct xfrm_policy {
/**
* iw_create_cm_id - Create an IW CM identifier.
diff --git a/include/scsi/libfc.h b/include/scsi/libfc.h
-index 5d1a758..1dbf795 100644
+index 6a3922f..0b73022 100644
--- a/include/scsi/libfc.h
+++ b/include/scsi/libfc.h
@@ -748,6 +748,7 @@ struct libfc_function_template {
u8 qfull;
enum fc_lport_state state;
diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h
-index 5591ed5..13eb457 100644
+index 77273f2..dd4031f 100644
--- a/include/scsi/scsi_device.h
+++ b/include/scsi/scsi_device.h
@@ -161,9 +161,9 @@ struct scsi_device {
struct snd_hwdep {
struct snd_card *card;
diff --git a/include/sound/info.h b/include/sound/info.h
-index 5492cc4..1a65278 100644
+index 9ca1a49..aba1728 100644
--- a/include/sound/info.h
+++ b/include/sound/info.h
@@ -44,7 +44,7 @@ struct snd_info_entry_text {
/*
* CSP private data
diff --git a/include/sound/soc.h b/include/sound/soc.h
-index 11cfb59..e3f93f4 100644
+index 0992dff..bb366fe 100644
--- a/include/sound/soc.h
+++ b/include/sound/soc.h
-@@ -683,7 +683,7 @@ struct snd_soc_platform_driver {
+@@ -682,7 +682,7 @@ struct snd_soc_platform_driver {
/* platform IO - used for platform DAPM */
unsigned int (*read)(struct snd_soc_platform *, unsigned int);
int (*write)(struct snd_soc_platform *, unsigned int, unsigned int);
struct snd_soc_platform {
const char *name;
+@@ -852,7 +852,7 @@ struct snd_soc_pcm_runtime {
+ struct snd_soc_dai_link *dai_link;
+ struct mutex pcm_mutex;
+ enum snd_soc_pcm_subclass pcm_subclass;
+- struct snd_pcm_ops ops;
++ snd_pcm_ops_no_const ops;
+
+ unsigned int complete:1;
+ unsigned int dev_registered:1;
diff --git a/include/sound/ymfpci.h b/include/sound/ymfpci.h
index 444cd6b..3327cc5 100644
--- a/include/sound/ymfpci.h
const struct firmware *dsp_microcode;
const struct firmware *controller_microcode;
diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
-index 94bbec3..3a8c6b0 100644
+index fe73eb8..56388b1 100644
--- a/include/target/target_core_base.h
+++ b/include/target/target_core_base.h
-@@ -346,7 +346,7 @@ struct t10_reservation_ops {
+@@ -443,7 +443,7 @@ struct t10_reservation_ops {
int (*t10_seq_non_holder)(struct se_cmd *, unsigned char *, u32);
int (*t10_pr_register)(struct se_cmd *);
int (*t10_pr_clear)(struct se_cmd *);
struct t10_reservation {
/* Reservation effects all target ports */
-@@ -465,8 +465,8 @@ struct se_cmd {
+@@ -561,8 +561,8 @@ struct se_cmd {
atomic_t t_se_count;
atomic_t t_task_cdbs_left;
atomic_t t_task_cdbs_ex_left;
atomic_t t_transport_active;
atomic_t t_transport_complete;
atomic_t t_transport_queue_active;
-@@ -705,7 +705,7 @@ struct se_device {
+@@ -799,7 +799,7 @@ struct se_device {
+ spinlock_t stats_lock;
/* Active commands on this virtual SE device */
atomic_t simple_cmds;
- atomic_t depth_left;
- atomic_t dev_ordered_id;
+ atomic_unchecked_t dev_ordered_id;
atomic_t execute_tasks;
void *pmi_pal;
u8 *vbe_state_orig; /*
diff --git a/init/Kconfig b/init/Kconfig
-index 43298f9..2f56c12 100644
+index 3f42cd6..613f41d 100644
--- a/init/Kconfig
+++ b/init/Kconfig
-@@ -1214,7 +1214,7 @@ config SLUB_DEBUG
+@@ -799,6 +799,7 @@ endif # CGROUPS
+
+ config CHECKPOINT_RESTORE
+ bool "Checkpoint/restore support" if EXPERT
++ depends on !GRKERNSEC
+ default n
+ help
+ Enables additional kernel features in a sake of checkpoint/restore.
+@@ -1249,7 +1250,7 @@ config SLUB_DEBUG
config COMPAT_BRK
bool "Disable heap randomization"
Randomizing heap placement makes heap exploits harder, but it
also breaks ancient binaries (including anything libc5 based).
diff --git a/init/do_mounts.c b/init/do_mounts.c
-index db6e5ee..7677ff7 100644
+index 2974c8b..0b863ae 100644
--- a/init/do_mounts.c
+++ b/init/do_mounts.c
-@@ -325,11 +325,11 @@ static void __init get_fs_names(char *page)
-
+@@ -326,11 +326,11 @@ static void __init get_fs_names(char *page)
static int __init do_mount_root(char *name, char *fs, int flags, void *data)
{
+ struct super_block *s;
- int err = sys_mount(name, "/root", fs, flags, data);
+ int err = sys_mount((char __force_user *)name, (char __force_user *)"/root", (char __force_user *)fs, flags, (void __force_user *)data);
if (err)
return err;
- sys_chdir((const char __user __force *)"/root");
-+ sys_chdir((const char __force_user*)"/root");
- ROOT_DEV = current->fs->pwd.mnt->mnt_sb->s_dev;
++ sys_chdir((const char __force_user *)"/root");
+ s = current->fs->pwd.dentry->d_sb;
+ ROOT_DEV = s->s_dev;
printk(KERN_INFO
- "VFS: Mounted root (%s filesystem)%s on device %u:%u.\n",
-@@ -448,18 +448,18 @@ void __init change_floppy(char *fmt, ...)
+@@ -450,18 +450,18 @@ void __init change_floppy(char *fmt, ...)
va_start(args, fmt);
vsprintf(buf, fmt, args);
va_end(args);
termios.c_lflag |= ICANON;
sys_ioctl(fd, TCSETSF, (long)&termios);
sys_close(fd);
-@@ -553,6 +553,6 @@ void __init prepare_namespace(void)
+@@ -555,6 +555,6 @@ void __init prepare_namespace(void)
mount_root();
out:
devtmpfs_mount("dev");
sys_ioctl(fd, RAID_AUTORUN, raid_autopart);
sys_close(fd);
diff --git a/init/initramfs.c b/init/initramfs.c
-index 2531811..040d4d4 100644
+index 8216c30..25e8e32 100644
--- a/init/initramfs.c
+++ b/init/initramfs.c
@@ -74,7 +74,7 @@ static void __init free_hash(void)
}
return 0;
}
-@@ -280,11 +280,11 @@ static void __init clean_path(char *path, mode_t mode)
+@@ -280,11 +280,11 @@ static void __init clean_path(char *path, umode_t mode)
{
struct stat st;
next_state = Reset;
return 0;
diff --git a/init/main.c b/init/main.c
-index 217ed23..ec5406f 100644
+index ff49a6d..5fa0429 100644
--- a/init/main.c
+++ b/init/main.c
@@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void) { }
static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
static const char *panic_later, *panic_param;
-@@ -681,6 +726,7 @@ int __init_or_module do_one_initcall(initcall_t fn)
+@@ -675,6 +720,7 @@ int __init_or_module do_one_initcall(initcall_t fn)
{
int count = preempt_count();
int ret;
if (initcall_debug)
ret = do_one_initcall_debug(fn);
-@@ -693,15 +739,15 @@ int __init_or_module do_one_initcall(initcall_t fn)
+@@ -687,15 +733,15 @@ int __init_or_module do_one_initcall(initcall_t fn)
sprintf(msgbuf, "error code %d ", ret);
if (preempt_count() != count) {
}
return ret;
-@@ -820,7 +866,7 @@ static int __init kernel_init(void * unused)
+@@ -814,7 +860,7 @@ static int __init kernel_init(void * unused)
do_basic_setup();
/* Open the /dev/console on the rootfs, this should never fail */
printk(KERN_WARNING "Warning: unable to open an initial console.\n");
(void) sys_dup(0);
-@@ -833,11 +879,13 @@ static int __init kernel_init(void * unused)
+@@ -827,11 +873,13 @@ static int __init kernel_init(void * unused)
if (!ramdisk_execute_command)
ramdisk_execute_command = "/init";
* Ok, we have completed the initial bootup, and
* we're essentially up and running. Get rid of the
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
-index 5b4293d..f179875 100644
+index 86ee272..773d937 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -156,6 +156,7 @@ static struct inode *mqueue_get_inode(struct super_block *sb,
+ gr_learn_resource(current, RLIMIT_MSGQUEUE, u->mq_bytes + mq_bytes, 1);
spin_lock(&mq_lock);
if (u->mq_bytes + mq_bytes < u->mq_bytes ||
- u->mq_bytes + mq_bytes > task_rlimit(p, RLIMIT_MSGQUEUE)) {
+ u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) {
diff --git a/ipc/msg.c b/ipc/msg.c
index 7385de2..a8180e08 100644
--- a/ipc/msg.c
shm_unlock(shp);
diff --git a/kernel/acct.c b/kernel/acct.c
-index fa7eb3d..7faf116 100644
+index 02e6167..54824f7 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
-@@ -570,7 +570,7 @@ static void do_acct_process(struct bsd_acct_struct *acct,
+@@ -550,7 +550,7 @@ static void do_acct_process(struct bsd_acct_struct *acct,
*/
flim = current->signal->rlim[RLIMIT_FSIZE].rlim_cur;
current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY;
current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
set_fs(fs);
diff --git a/kernel/audit.c b/kernel/audit.c
-index 09fae26..ed71d5b 100644
+index bb0eb5b..cf2a03a 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -115,7 +115,7 @@ u32 audit_sig_sid = 0;
status_set.backlog = skb_queue_len(&audit_skb_queue);
audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0,
&status_set, sizeof(status_set));
-@@ -1260,12 +1260,13 @@ static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
- avail = audit_expand(ab,
- max_t(unsigned, AUDIT_BUFSIZ, 1+len-avail));
- if (!avail)
-- goto out;
-+ goto out_va_end;
- len = vsnprintf(skb_tail_pointer(skb), avail, fmt, args2);
- }
-- va_end(args2);
- if (len > 0)
- skb_put(skb, len);
-+out_va_end:
-+ va_end(args2);
- out:
- return;
- }
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
-index 47b7fc1..c003c33 100644
+index af1de0f..06dfe57 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
-@@ -1166,8 +1166,8 @@ static void audit_log_execve_info(struct audit_context *context,
- struct audit_buffer **ab,
- struct audit_aux_data_execve *axi)
- {
-- int i;
-- size_t len, len_sent = 0;
-+ int i, len;
-+ size_t len_sent = 0;
- const char __user *p;
- char *buf;
-
-@@ -2118,7 +2118,7 @@ int auditsc_get_stamp(struct audit_context *ctx,
+@@ -2288,7 +2288,7 @@ int auditsc_get_stamp(struct audit_context *ctx,
}
/* global counter which is incremented every time something logs in */
+static atomic_unchecked_t session_id = ATOMIC_INIT(0);
/**
- * audit_set_loginuid - set a task's audit_context loginuid
-@@ -2131,7 +2131,7 @@ static atomic_t session_id = ATOMIC_INIT(0);
- */
- int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
- {
-- unsigned int sessionid = atomic_inc_return(&session_id);
-+ unsigned int sessionid = atomic_inc_return_unchecked(&session_id);
- struct audit_context *context = task->audit_context;
+ * audit_set_loginuid - set current task's audit_context loginuid
+@@ -2312,7 +2312,7 @@ int audit_set_loginuid(uid_t loginuid)
+ return -EPERM;
+ #endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */
+- sessionid = atomic_inc_return(&session_id);
++ sessionid = atomic_inc_return_unchecked(&session_id);
if (context && context->in_syscall) {
+ struct audit_buffer *ab;
+
diff --git a/kernel/capability.c b/kernel/capability.c
-index b463871..fa3ea1f 100644
+index 3f1adb6..c564db0 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -202,6 +202,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr)
if (copy_to_user(dataptr, kdata, tocopy
* sizeof(struct __user_cap_data_struct))) {
return -EFAULT;
-@@ -374,7 +377,7 @@ bool ns_capable(struct user_namespace *ns, int cap)
+@@ -303,10 +306,11 @@ bool has_ns_capability(struct task_struct *t,
+ int ret;
+
+ rcu_read_lock();
+- ret = security_capable(__task_cred(t), ns, cap);
++ ret = security_capable(__task_cred(t), ns, cap) == 0 &&
++ gr_task_is_capable(t, __task_cred(t), cap);
+ rcu_read_unlock();
+
+- return (ret == 0);
++ return ret;
+ }
+
+ /**
+@@ -343,10 +347,10 @@ bool has_ns_capability_noaudit(struct task_struct *t,
+ int ret;
+
+ rcu_read_lock();
+- ret = security_capable_noaudit(__task_cred(t), ns, cap);
++ ret = security_capable_noaudit(__task_cred(t), ns, cap) == 0 && gr_task_is_capable_nolog(t, cap);
+ rcu_read_unlock();
+
+- return (ret == 0);
++ return ret;
+ }
+
+ /**
+@@ -384,7 +388,7 @@ bool ns_capable(struct user_namespace *ns, int cap)
BUG();
}
-- if (security_capable(ns, current_cred(), cap) == 0) {
-+ if (security_capable(ns, current_cred(), cap) == 0 && gr_is_capable(cap)) {
+- if (security_capable(current_cred(), ns, cap) == 0) {
++ if (security_capable(current_cred(), ns, cap) == 0 && gr_is_capable(cap)) {
current->flags |= PF_SUPERPRIV;
return true;
}
-@@ -382,6 +385,27 @@ bool ns_capable(struct user_namespace *ns, int cap)
+@@ -392,6 +396,21 @@ bool ns_capable(struct user_namespace *ns, int cap)
}
EXPORT_SYMBOL(ns_capable);
+ BUG();
+ }
+
-+ if (security_capable(ns, current_cred(), cap) == 0 && gr_is_capable_nolog(cap)) {
++ if (security_capable(current_cred(), ns, cap) == 0 && gr_is_capable_nolog(cap)) {
+ current->flags |= PF_SUPERPRIV;
+ return true;
+ }
+ return false;
+}
+EXPORT_SYMBOL(ns_capable_nolog);
-+
-+bool capable_nolog(int cap)
-+{
-+ return ns_capable_nolog(&init_user_ns, cap);
-+}
-+EXPORT_SYMBOL(capable_nolog);
+
/**
- * task_ns_capable - Determine whether current task has a superior
- * capability targeted at a specific task's user namespace.
-@@ -396,6 +420,12 @@ bool task_ns_capable(struct task_struct *t, int cap)
+ * capable - Determine if the current task has a superior capability in effect
+ * @cap: The capability to be tested for
+@@ -408,6 +427,12 @@ bool capable(int cap)
}
- EXPORT_SYMBOL(task_ns_capable);
+ EXPORT_SYMBOL(capable);
-+bool task_ns_capable_nolog(struct task_struct *t, int cap)
++bool capable_nolog(int cap)
+{
-+ return ns_capable_nolog(task_cred_xxx(t, user)->user_ns, cap);
++ return ns_capable_nolog(&init_user_ns, cap);
+}
-+EXPORT_SYMBOL(task_ns_capable_nolog);
++EXPORT_SYMBOL(capable_nolog);
+
/**
* nsown_capable - Check superior capability to one's own user_ns
return -ENOMEM;
diff --git a/kernel/cred.c b/kernel/cred.c
-index 5791612..a3c04dc 100644
+index 48c6fd3..8398912 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -204,6 +204,15 @@ void exit_creds(struct task_struct *tsk)
}
/**
-@@ -470,7 +479,7 @@ error_put:
+@@ -472,7 +481,7 @@ error_put:
* Always returns 0 thus allowing this function to be tail-called at the end
* of, say, sys_setgid().
*/
{
struct task_struct *task = current;
const struct cred *old = task->real_cred;
-@@ -489,6 +498,8 @@ int commit_creds(struct cred *new)
+@@ -491,6 +500,8 @@ int commit_creds(struct cred *new)
get_cred(new); /* we will require a ref for the subj creds too */
/* dumpability changes */
if (old->euid != new->euid ||
old->egid != new->egid ||
-@@ -538,6 +549,92 @@ int commit_creds(struct cred *new)
+@@ -540,6 +551,101 @@ int commit_creds(struct cred *new)
put_cred(old);
return 0;
}
+int commit_creds(struct cred *new)
+{
+#ifdef CONFIG_GRKERNSEC_SETXID
++ int ret;
++ int schedule_it = 0;
+ struct task_struct *t;
+
+ /* we won't get called with tasklist_lock held for writing
+ */
+ if (grsec_enable_setxid && !current_is_single_threaded() &&
+ !current_uid() && new->uid) {
++ schedule_it = 1;
++ }
++ ret = __commit_creds(new);
++ if (schedule_it) {
+ rcu_read_lock();
+ read_lock(&tasklist_lock);
+ for (t = next_thread(current); t != current;
+ t = next_thread(t)) {
+ if (t->delayed_cred == NULL) {
+ t->delayed_cred = get_cred(new);
++ set_tsk_thread_flag(t, TIF_GRSEC_SETXID);
+ set_tsk_need_resched(t);
+ }
+ }
+ read_unlock(&tasklist_lock);
+ rcu_read_unlock();
+ }
-+#endif
++ return ret;
++#else
+ return __commit_creds(new);
++#endif
+}
+
EXPORT_SYMBOL(commit_creds);
/**
diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c
-index 0d7c087..01b8cef 100644
+index 7fda904..59f620c 100644
--- a/kernel/debug/debug_core.c
+++ b/kernel/debug/debug_core.c
@@ -119,7 +119,7 @@ static DEFINE_RAW_SPINLOCK(dbg_slave_lock);
/*
* If you are debugging a problem where roundup (the collection of
-@@ -542,7 +542,7 @@ return_normal:
+@@ -537,7 +537,7 @@ return_normal:
* kernel will only try for the value of sstep_tries before
* giving up and continuing on.
*/
(kgdb_info[cpu].task &&
kgdb_info[cpu].task->pid != kgdb_sstep_pid) && --sstep_tries) {
atomic_set(&kgdb_active, -1);
-@@ -636,8 +636,8 @@ cpu_master_loop:
+@@ -631,8 +631,8 @@ cpu_master_loop:
}
kgdb_restore:
if (kgdb_info[sstep_cpu].task)
kgdb_sstep_pid = kgdb_info[sstep_cpu].task->pid;
else
-@@ -834,18 +834,18 @@ static void kgdb_unregister_callbacks(void)
+@@ -829,18 +829,18 @@ static void kgdb_unregister_callbacks(void)
static void kgdb_tasklet_bpt(unsigned long ing)
{
kgdb_breakpoint();
}
EXPORT_SYMBOL_GPL(kgdb_schedule_breakpoint);
diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
-index 63786e7..0780cac 100644
+index e2ae734..08a4c5c 100644
--- a/kernel/debug/kdb/kdb_main.c
+++ b/kernel/debug/kdb/kdb_main.c
@@ -1980,7 +1980,7 @@ static int kdb_lsmod(int argc, const char **argv)
- mod->core_size, (void *)mod);
+ mod->core_size_rx + mod->core_size_rw, (void *)mod);
#ifdef CONFIG_MODULE_UNLOAD
- kdb_printf("%4d ", module_refcount(mod));
+ kdb_printf("%4ld ", module_refcount(mod));
#endif
@@ -1990,7 +1990,7 @@ static int kdb_lsmod(int argc, const char **argv)
kdb_printf(" (Loading)");
#ifdef CONFIG_MODULE_UNLOAD
{
diff --git a/kernel/events/core.c b/kernel/events/core.c
-index 58690af..d903d75 100644
+index 1b5c081..c375f83 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -173,7 +173,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write,
static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
enum event_type_t event_type);
-@@ -2540,7 +2540,7 @@ static void __perf_event_read(void *info)
+@@ -2581,7 +2581,7 @@ static void __perf_event_read(void *info)
static inline u64 perf_event_count(struct perf_event *event)
{
}
static u64 perf_event_read(struct perf_event *event)
-@@ -3065,9 +3065,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
+@@ -2897,9 +2897,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
mutex_lock(&event->child_mutex);
total += perf_event_read(event);
*enabled += event->total_time_enabled +
list_for_each_entry(child, &event->child_list, child_list) {
total += perf_event_read(child);
-@@ -3474,10 +3474,10 @@ void perf_event_update_userpage(struct perf_event *event)
+@@ -3306,10 +3306,10 @@ void perf_event_update_userpage(struct perf_event *event)
userpg->offset -= local64_read(&event->hw.prev_count);
userpg->time_enabled = enabled +
barrier();
++userpg->lock;
-@@ -3906,11 +3906,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
+@@ -3738,11 +3738,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
values[n++] = perf_event_count(event);
if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
values[n++] = enabled +
}
if (read_format & PERF_FORMAT_ID)
values[n++] = primary_event_id(event);
-@@ -4561,12 +4561,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
+@@ -4393,12 +4393,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
* need to add enough zero bytes after the string to handle
* the 64bit alignment we do later.
*/
if (IS_ERR(name)) {
name = strncpy(tmp, "//toolong", sizeof(tmp));
goto got_name;
-@@ -5921,7 +5921,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
+@@ -5765,7 +5765,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
event->parent = parent_event;
event->ns = get_pid_ns(current->nsproxy->pid_ns);
event->state = PERF_EVENT_STATE_INACTIVE;
-@@ -6443,10 +6443,10 @@ static void sync_child_event(struct perf_event *child_event,
+@@ -6287,10 +6287,10 @@ static void sync_child_event(struct perf_event *child_event,
/*
* Add back the child's count to the parent's count:
*/
/*
diff --git a/kernel/exit.c b/kernel/exit.c
-index e6e01b9..0a21b0a 100644
+index 46c8b14..d868958 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
-@@ -57,6 +57,10 @@
+@@ -58,6 +58,10 @@
#include <asm/pgtable.h>
#include <asm/mmu_context.h>
static void exit_mm(struct task_struct * tsk);
static void __unhash_process(struct task_struct *p, bool group_dead)
-@@ -168,6 +172,10 @@ void release_task(struct task_struct * p)
+@@ -169,6 +173,10 @@ void release_task(struct task_struct * p)
struct task_struct *leader;
int zap_leader;
repeat:
/* don't need to get the RCU readlock here - the process is dead and
* can't be modifying its own credentials. But shut RCU-lockdep up */
rcu_read_lock();
-@@ -380,7 +388,7 @@ int allow_signal(int sig)
+@@ -381,7 +389,7 @@ int allow_signal(int sig)
* know it'll be handled, so that they don't get converted to
* SIGKILL or just silently dropped.
*/
recalc_sigpending();
spin_unlock_irq(¤t->sighand->siglock);
return 0;
-@@ -416,6 +424,17 @@ void daemonize(const char *name, ...)
+@@ -417,6 +425,17 @@ void daemonize(const char *name, ...)
vsnprintf(current->comm, sizeof(current->comm), name, args);
va_end(args);
/*
* If we were started as result of loading a module, close all of the
* user space pages. We don't need them, and if we didn't close them
-@@ -893,6 +912,8 @@ NORET_TYPE void do_exit(long code)
+@@ -873,6 +892,8 @@ void do_exit(long code)
struct task_struct *tsk = current;
int group_dead;
profile_task_exit(tsk);
WARN_ON(blk_needs_flush_plug(tsk));
-@@ -909,7 +930,6 @@ NORET_TYPE void do_exit(long code)
+@@ -889,7 +910,6 @@ void do_exit(long code)
* mm_release()->clear_child_tid() from writing to a user-controlled
* kernel address.
*/
ptrace_event(PTRACE_EVENT_EXIT, code);
-@@ -971,6 +991,9 @@ NORET_TYPE void do_exit(long code)
+@@ -950,6 +970,9 @@ void do_exit(long code)
tsk->exit_code = code;
taskstats_exit(tsk, group_dead);
exit_mm(tsk);
if (group_dead)
-@@ -1068,7 +1091,7 @@ SYSCALL_DEFINE1(exit, int, error_code)
+@@ -1066,7 +1089,7 @@ SYSCALL_DEFINE1(exit, int, error_code)
* Take down every thread in the group. This is called by fatal signals
* as well as by sys_exit_group (below).
*/
--NORET_TYPE void
+-void
+__noreturn void
do_group_exit(int exit_code)
{
struct signal_struct *sig = current->signal;
diff --git a/kernel/fork.c b/kernel/fork.c
-index 0acf42c0..9e40e2e 100644
+index 26a7a67..a1053f9 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
-@@ -281,7 +281,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
+@@ -284,7 +284,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
*stackend = STACK_END_MAGIC; /* for overflow detection */
#ifdef CONFIG_CC_STACKPROTECTOR
#endif
/*
-@@ -305,13 +305,77 @@ out:
+@@ -308,13 +308,77 @@ out:
}
#ifdef CONFIG_MMU
down_write(&oldmm->mmap_sem);
flush_cache_dup_mm(oldmm);
-@@ -323,8 +387,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
+@@ -326,8 +390,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
mm->locked_vm = 0;
mm->mmap = NULL;
mm->mmap_cache = NULL;
mm->map_count = 0;
cpumask_clear(mm_cpumask(mm));
mm->mm_rb = RB_ROOT;
-@@ -340,8 +404,6 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
+@@ -343,8 +407,6 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
prev = NULL;
for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) {
if (mpnt->vm_flags & VM_DONTCOPY) {
long pages = vma_pages(mpnt);
mm->total_vm -= pages;
-@@ -349,53 +411,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
+@@ -352,53 +414,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
-pages);
continue;
}
/*
* Link in the new vma and copy the page table entries.
-@@ -418,6 +438,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
+@@ -421,6 +441,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
if (retval)
goto out;
}
/* a new mm has just been created */
arch_dup_mmap(oldmm, mm);
retval = 0;
-@@ -426,14 +471,6 @@ out:
+@@ -429,14 +474,6 @@ out:
flush_tlb_mm(oldmm);
up_write(&oldmm->mmap_sem);
return retval;
}
static inline int mm_alloc_pgd(struct mm_struct *mm)
-@@ -645,6 +682,26 @@ struct mm_struct *get_task_mm(struct task_struct *task)
- }
- EXPORT_SYMBOL_GPL(get_task_mm);
+@@ -658,8 +695,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
+ return ERR_PTR(err);
-+struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
-+{
-+ struct mm_struct *mm;
-+ int err;
-+
-+ err = mutex_lock_killable(&task->signal->cred_guard_mutex);
-+ if (err)
-+ return ERR_PTR(err);
-+
-+ mm = get_task_mm(task);
+ mm = get_task_mm(task);
+- if (mm && mm != current->mm &&
+- !ptrace_may_access(task, mode)) {
+ if (mm && ((mm != current->mm && !ptrace_may_access(task, mode)) ||
-+ (mode == PTRACE_MODE_ATTACH && (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task))))) {
-+ mmput(mm);
-+ mm = ERR_PTR(-EACCES);
-+ }
-+ mutex_unlock(&task->signal->cred_guard_mutex);
-+
-+ return mm;
-+}
-+
- /* Please note the differences between mmput and mm_release.
- * mmput is called whenever we stop holding onto a mm_struct,
- * error success whatever.
-@@ -830,13 +887,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
++ (mode == PTRACE_MODE_ATTACH && (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task))))) {
+ mmput(mm);
+ mm = ERR_PTR(-EACCES);
+ }
+@@ -881,13 +918,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
spin_unlock(&fs->lock);
return -EAGAIN;
}
return 0;
}
-@@ -1100,6 +1158,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
+@@ -1151,6 +1189,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
#endif
retval = -EAGAIN;
if (atomic_read(&p->real_cred->user->processes) >=
task_rlimit(p, RLIMIT_NPROC)) {
if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
-@@ -1259,6 +1320,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
+@@ -1306,6 +1347,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
if (clone_flags & CLONE_THREAD)
p->tgid = current->tgid;
p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL;
/*
* Clear TID on mm_release()?
-@@ -1421,6 +1484,8 @@ bad_fork_cleanup_count:
+@@ -1472,6 +1515,8 @@ bad_fork_cleanup_count:
bad_fork_free:
free_task(p);
fork_out:
return ERR_PTR(retval);
}
-@@ -1521,6 +1586,8 @@ long do_fork(unsigned long clone_flags,
+@@ -1572,6 +1617,8 @@ long do_fork(unsigned long clone_flags,
if (clone_flags & CLONE_PARENT_SETTID)
put_user(nr, parent_tidptr);
if (clone_flags & CLONE_VFORK) {
p->vfork_done = &vfork;
init_completion(&vfork);
-@@ -1630,7 +1697,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
+@@ -1670,7 +1717,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
return 0;
/* don't need lock here; in the worst case we'll do useless copy */
return 0;
*new_fsp = copy_fs_struct(fs);
-@@ -1719,7 +1786,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
+@@ -1759,7 +1806,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
fs = current->fs;
spin_lock(&fs->lock);
current->fs = new_fs;
else
new_fs = fs;
diff --git a/kernel/futex.c b/kernel/futex.c
-index 1614be2..37abc7e 100644
+index 866c9d5..5c5f828 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -54,6 +54,7 @@
#include <linux/signal.h>
#include <linux/export.h>
#include <linux/magic.h>
-@@ -238,6 +239,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw)
+@@ -239,6 +240,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw)
struct page *page, *page_head;
int err, ro = 0;
/*
* The futex address must be "naturally" aligned.
*/
-@@ -2459,6 +2465,10 @@ SYSCALL_DEFINE3(get_robust_list, int, pid,
- if (!p)
- goto err_unlock;
- ret = -EPERM;
-+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
-+ if (!ptrace_may_access(p, PTRACE_MODE_READ))
-+ goto err_unlock;
-+#endif
- pcred = __task_cred(p);
- /* If victim is in different user_ns, then uids are not
- comparable, so we must have CAP_SYS_PTRACE */
-@@ -2724,6 +2734,7 @@ static int __init futex_init(void)
+@@ -2721,6 +2727,7 @@ static int __init futex_init(void)
{
u32 curval;
int i;
/*
* This will fail and we want it. Some arch implementations do
-@@ -2735,8 +2746,11 @@ static int __init futex_init(void)
+@@ -2732,8 +2739,11 @@ static int __init futex_init(void)
* implementation, the non-functional ones will return
* -ENOSYS.
*/
for (i = 0; i < ARRAY_SIZE(futex_queues); i++) {
plist_head_init(&futex_queues[i].chain);
-diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
-index 5f9e689..582d46d 100644
---- a/kernel/futex_compat.c
-+++ b/kernel/futex_compat.c
-@@ -10,6 +10,7 @@
- #include <linux/compat.h>
- #include <linux/nsproxy.h>
- #include <linux/futex.h>
-+#include <linux/ptrace.h>
-
- #include <asm/uaccess.h>
-
-@@ -136,7 +137,8 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
- {
- struct compat_robust_list_head __user *head;
- unsigned long ret;
-- const struct cred *cred = current_cred(), *pcred;
-+ const struct cred *cred = current_cred();
-+ const struct cred *pcred;
-
- if (!futex_cmpxchg_enabled)
- return -ENOSYS;
-@@ -152,6 +154,10 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
- if (!p)
- goto err_unlock;
- ret = -EPERM;
-+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
-+ if (!ptrace_may_access(p, PTRACE_MODE_READ))
-+ goto err_unlock;
-+#endif
- pcred = __task_cred(p);
- /* If victim is in different user_ns, then uids are not
- comparable, so we must have CAP_SYS_PTRACE */
diff --git a/kernel/gcov/base.c b/kernel/gcov/base.c
index 9b22d03..6295b62 100644
--- a/kernel/gcov/base.c
hrtimer_peek_ahead_timers();
}
diff --git a/kernel/jump_label.c b/kernel/jump_label.c
-index 66ff710..05a5128 100644
+index 01d3b70..9e4d098 100644
--- a/kernel/jump_label.c
+++ b/kernel/jump_label.c
@@ -55,7 +55,9 @@ jump_label_sort_entries(struct jump_entry *start, struct jump_entry *stop)
}
static void jump_label_update(struct jump_label_key *key, int enable);
-@@ -303,10 +305,12 @@ static void jump_label_invalidate_module_init(struct module *mod)
+@@ -340,10 +342,12 @@ static void jump_label_invalidate_module_init(struct module *mod)
struct jump_entry *iter_stop = iter_start + mod->num_jump_entries;
struct jump_entry *iter;
return -ENOMEM;
reset_iter(iter, 0);
diff --git a/kernel/kexec.c b/kernel/kexec.c
-index dc7bc08..4601964 100644
+index 7b08867..3bac516 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
-@@ -1048,7 +1048,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry,
+@@ -1047,7 +1047,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry,
unsigned long flags)
{
struct compat_kexec_segment in;
/* Don't allow clients that don't understand the native
diff --git a/kernel/kmod.c b/kernel/kmod.c
-index a4bea97..7a1ae9a 100644
+index a3a46cb..f2e42f8 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
-@@ -73,13 +73,12 @@ char modprobe_path[KMOD_PATH_LEN] = "/sbin/modprobe";
+@@ -75,13 +75,12 @@ char modprobe_path[KMOD_PATH_LEN] = "/sbin/modprobe";
* If module auto-loading support is disabled then this function
* becomes a no-operation.
*/
static char *envp[] = { "HOME=/",
"TERM=linux",
"PATH=/sbin:/usr/sbin:/bin:/usr/bin",
-@@ -88,9 +87,7 @@ int __request_module(bool wait, const char *fmt, ...)
+@@ -90,9 +89,7 @@ int __request_module(bool wait, const char *fmt, ...)
#define MAX_KMOD_CONCURRENT 50 /* Completely arbitrary value - KAO */
static int kmod_loop_msg;
if (ret >= MODULE_NAME_LEN)
return -ENAMETOOLONG;
-@@ -98,6 +95,20 @@ int __request_module(bool wait, const char *fmt, ...)
+@@ -100,6 +97,20 @@ int __request_module(bool wait, const char *fmt, ...)
if (ret)
return ret;
/* If modprobe needs a service that is in a module, we get a recursive
* loop. Limit the number of running kmod threads to max_threads/2 or
* MAX_KMOD_CONCURRENT, whichever is the smaller. A cleaner method
-@@ -133,6 +144,47 @@ int __request_module(bool wait, const char *fmt, ...)
+@@ -135,6 +146,47 @@ int __request_module(bool wait, const char *fmt, ...)
atomic_dec(&kmod_concurrent);
return ret;
}
EXPORT_SYMBOL(__request_module);
#endif /* CONFIG_MODULES */
-@@ -222,7 +274,7 @@ static int wait_for_helper(void *data)
+@@ -224,7 +276,7 @@ static int wait_for_helper(void *data)
*
* Thus the __user pointer cast is valid here.
*/
/*
* If ret is 0, either ____call_usermodehelper failed and the
diff --git a/kernel/kprobes.c b/kernel/kprobes.c
-index bc90b87..43c7d8c 100644
+index c62b854..cb67968 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -185,7 +185,7 @@ static kprobe_opcode_t __kprobes *__get_insn_slot(struct kprobe_insn_cache *c)
head = &kprobe_table[i];
preempt_disable();
+diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c
+index 4e316e1..5501eef 100644
+--- a/kernel/ksysfs.c
++++ b/kernel/ksysfs.c
+@@ -47,6 +47,8 @@ static ssize_t uevent_helper_store(struct kobject *kobj,
+ {
+ if (count+1 > UEVENT_HELPER_PATH_LEN)
+ return -ENOENT;
++ if (!capable(CAP_SYS_ADMIN))
++ return -EPERM;
+ memcpy(uevent_helper, buf, count);
+ uevent_helper[count] = '\0';
+ if (count && uevent_helper[count-1] == '\n')
diff --git a/kernel/lockdep.c b/kernel/lockdep.c
-index b2e08c9..01d8049 100644
+index 8889f7d..95319b7 100644
--- a/kernel/lockdep.c
+++ b/kernel/lockdep.c
-@@ -592,6 +592,10 @@ static int static_obj(void *obj)
+@@ -590,6 +590,10 @@ static int static_obj(void *obj)
end = (unsigned long) &_end,
addr = (unsigned long) obj;
/*
* static variable?
*/
-@@ -731,6 +735,7 @@ register_lock_class(struct lockdep_map *lock, unsigned int subclass, int force)
+@@ -730,6 +734,7 @@ register_lock_class(struct lockdep_map *lock, unsigned int subclass, int force)
if (!static_obj(lock->key)) {
debug_locks_off();
printk("INFO: trying to register non-static key.\n");
if (!name) {
diff --git a/kernel/module.c b/kernel/module.c
-index 178333c..04e3408 100644
+index 3d56b6f..2a22bd0 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -58,6 +58,7 @@
#define CREATE_TRACE_POINTS
#include <trace/events/module.h>
-@@ -119,7 +120,8 @@ static BLOCKING_NOTIFIER_HEAD(module_notify_list);
+@@ -113,7 +114,8 @@ static BLOCKING_NOTIFIER_HEAD(module_notify_list);
/* Bounds of module allocation, for speeding __module_address.
* Protected by module_mutex. */
int register_module_notifier(struct notifier_block * nb)
{
-@@ -284,7 +286,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
+@@ -277,7 +279,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
return true;
list_for_each_entry_rcu(mod, &modules, list) {
{ mod->syms, mod->syms + mod->num_syms, mod->crcs,
NOT_GPL_ONLY, false },
{ mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms,
-@@ -306,7 +308,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
+@@ -299,7 +301,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
#endif
};
return true;
}
return false;
-@@ -438,7 +440,7 @@ static inline void __percpu *mod_percpu(struct module *mod)
+@@ -431,7 +433,7 @@ static inline void __percpu *mod_percpu(struct module *mod)
static int percpu_modalloc(struct module *mod,
unsigned long size, unsigned long align)
{
printk(KERN_WARNING "%s: per-cpu alignment %li > %li\n",
mod->name, align, PAGE_SIZE);
align = PAGE_SIZE;
-@@ -1183,7 +1185,7 @@ resolve_symbol_wait(struct module *mod,
+@@ -1001,7 +1003,7 @@ struct module_attribute module_uevent =
+ static ssize_t show_coresize(struct module_attribute *mattr,
+ struct module_kobject *mk, char *buffer)
+ {
+- return sprintf(buffer, "%u\n", mk->mod->core_size);
++ return sprintf(buffer, "%u\n", mk->mod->core_size_rx + mk->mod->core_size_rw);
+ }
+
+ static struct module_attribute modinfo_coresize =
+@@ -1010,7 +1012,7 @@ static struct module_attribute modinfo_coresize =
+ static ssize_t show_initsize(struct module_attribute *mattr,
+ struct module_kobject *mk, char *buffer)
+ {
+- return sprintf(buffer, "%u\n", mk->mod->init_size);
++ return sprintf(buffer, "%u\n", mk->mod->init_size_rx + mk->mod->init_size_rw);
+ }
+
+ static struct module_attribute modinfo_initsize =
+@@ -1224,7 +1226,7 @@ resolve_symbol_wait(struct module *mod,
*/
#ifdef CONFIG_SYSFS
static inline bool sect_empty(const Elf_Shdr *sect)
{
return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0;
-@@ -1649,21 +1651,21 @@ static void set_section_ro_nx(void *base,
+@@ -1690,21 +1692,21 @@ static void set_section_ro_nx(void *base,
static void unset_module_core_ro_nx(struct module *mod)
{
set_memory_rw);
}
-@@ -1674,14 +1676,14 @@ void set_all_modules_text_rw(void)
+@@ -1715,14 +1717,14 @@ void set_all_modules_text_rw(void)
mutex_lock(&module_mutex);
list_for_each_entry_rcu(mod, &modules, list) {
set_memory_rw);
}
}
-@@ -1695,14 +1697,14 @@ void set_all_modules_text_ro(void)
+@@ -1736,14 +1738,14 @@ void set_all_modules_text_ro(void)
mutex_lock(&module_mutex);
list_for_each_entry_rcu(mod, &modules, list) {
set_memory_ro);
}
}
-@@ -1748,16 +1750,19 @@ static void free_module(struct module *mod)
+@@ -1789,16 +1791,19 @@ static void free_module(struct module *mod)
/* This may be NULL, but that's OK */
unset_module_init_ro_nx(mod);
#ifdef CONFIG_MPU
update_protections(current->mm);
-@@ -1826,10 +1831,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1867,10 +1872,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
unsigned int i;
int ret = 0;
const struct kernel_symbol *ksym;
switch (sym[i].st_shndx) {
case SHN_COMMON:
/* We compiled with -fno-common. These are not
-@@ -1850,7 +1876,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1891,7 +1917,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
ksym = resolve_symbol_wait(mod, info, name);
/* Ok if resolved. */
if (ksym && !IS_ERR(ksym)) {
break;
}
-@@ -1869,11 +1897,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1910,11 +1938,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
secbase = (unsigned long)mod_percpu(mod);
else
secbase = info->sechdrs[sym[i].st_shndx].sh_addr;
return ret;
}
-@@ -1977,22 +2014,12 @@ static void layout_sections(struct module *mod, struct load_info *info)
+@@ -2018,22 +2055,12 @@ static void layout_sections(struct module *mod, struct load_info *info)
|| s->sh_entsize != ~0UL
|| strstarts(sname, ".init"))
continue;
+ s->sh_entsize = get_offset(mod, &mod->core_size_rw, s, i);
+ else
+ s->sh_entsize = get_offset(mod, &mod->core_size_rx, s, i);
- DEBUGP("\t%s\n", name);
+ pr_debug("\t%s\n", sname);
}
- switch (m) {
- case 0: /* executable */
- }
}
- DEBUGP("Init section allocation order:\n");
-@@ -2006,23 +2033,13 @@ static void layout_sections(struct module *mod, struct load_info *info)
+ pr_debug("Init section allocation order:\n");
+@@ -2047,23 +2074,13 @@ static void layout_sections(struct module *mod, struct load_info *info)
|| s->sh_entsize != ~0UL
|| !strstarts(sname, ".init"))
continue;
+ else
+ s->sh_entsize = get_offset(mod, &mod->init_size_rx, s, i);
+ s->sh_entsize |= INIT_OFFSET_MASK;
- DEBUGP("\t%s\n", sname);
+ pr_debug("\t%s\n", sname);
}
- switch (m) {
- case 0: /* executable */
}
}
-@@ -2187,7 +2204,7 @@ static void layout_symtab(struct module *mod, struct load_info *info)
+@@ -2235,7 +2252,7 @@ static void layout_symtab(struct module *mod, struct load_info *info)
/* Put symbol section at end of init part of module. */
symsect->sh_flags |= SHF_ALLOC;
- symsect->sh_entsize = get_offset(mod, &mod->init_size, symsect,
+ symsect->sh_entsize = get_offset(mod, &mod->init_size_rx, symsect,
info->index.sym) | INIT_OFFSET_MASK;
- DEBUGP("\t%s\n", info->secstrings + symsect->sh_name);
+ pr_debug("\t%s\n", info->secstrings + symsect->sh_name);
-@@ -2204,19 +2221,19 @@ static void layout_symtab(struct module *mod, struct load_info *info)
+@@ -2250,13 +2267,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)
}
/* Append room for core symbols at end of core part. */
- info->symoffs = ALIGN(mod->core_size, symsect->sh_addralign ?: 1);
-- mod->core_size = info->symoffs + ndst * sizeof(Elf_Sym);
+- info->stroffs = mod->core_size = info->symoffs + ndst * sizeof(Elf_Sym);
+- mod->core_size += strtab_size;
+ info->symoffs = ALIGN(mod->core_size_rx, symsect->sh_addralign ?: 1);
-+ mod->core_size_rx = info->symoffs + ndst * sizeof(Elf_Sym);
++ info->stroffs = mod->core_size_rx = info->symoffs + ndst * sizeof(Elf_Sym);
++ mod->core_size_rx += strtab_size;
/* Put string table section at end of init part of module. */
strsect->sh_flags |= SHF_ALLOC;
- strsect->sh_entsize = get_offset(mod, &mod->init_size, strsect,
+ strsect->sh_entsize = get_offset(mod, &mod->init_size_rx, strsect,
info->index.str) | INIT_OFFSET_MASK;
- DEBUGP("\t%s\n", info->secstrings + strsect->sh_name);
-
- /* Append room for core symbols' strings at end of core part. */
-- info->stroffs = mod->core_size;
-+ info->stroffs = mod->core_size_rx;
- __set_bit(0, info->strmap);
-- mod->core_size += bitmap_weight(info->strmap, strsect->sh_size);
-+ mod->core_size_rx += bitmap_weight(info->strmap, strsect->sh_size);
+ pr_debug("\t%s\n", info->secstrings + strsect->sh_name);
}
-
- static void add_kallsyms(struct module *mod, const struct load_info *info)
-@@ -2232,11 +2249,13 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+@@ -2274,12 +2291,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
/* Make sure we get permanent strtab: don't use info->strtab. */
mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr;
mod->symtab[i].st_info = elf_type(&mod->symtab[i], info);
- mod->core_symtab = dst = mod->module_core + info->symoffs;
+- mod->core_strtab = s = mod->module_core + info->stroffs;
+ mod->core_symtab = dst = mod->module_core_rx + info->symoffs;
++ mod->core_strtab = s = mod->module_core_rx + info->stroffs;
src = mod->symtab;
*dst = *src;
- for (ndst = i = 1; i < mod->num_symtab; ++i, ++src) {
-@@ -2249,10 +2268,12 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+ *s++ = 0;
+@@ -2292,6 +2311,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+ s += strlcpy(s, &mod->strtab[src->st_name], KSYM_NAME_LEN) + 1;
}
mod->core_num_syms = ndst;
-
-- mod->core_strtab = s = mod->module_core + info->stroffs;
-+ mod->core_strtab = s = mod->module_core_rx + info->stroffs;
- for (*s = 0, i = 1; i < info->sechdrs[info->index.str].sh_size; ++i)
- if (test_bit(i, info->strmap))
- *++s = mod->strtab[i];
+
+ pax_close_kernel();
}
#else
static inline void layout_symtab(struct module *mod, struct load_info *info)
-@@ -2286,17 +2307,33 @@ void * __weak module_alloc(unsigned long size)
+@@ -2325,17 +2346,33 @@ void * __weak module_alloc(unsigned long size)
return size == 0 ? NULL : vmalloc_exec(size);
}
mutex_unlock(&module_mutex);
}
return ret;
-@@ -2474,8 +2511,14 @@ static struct module *setup_load_info(struct load_info *info)
+@@ -2512,8 +2549,14 @@ static struct module *setup_load_info(struct load_info *info)
static int check_modinfo(struct module *mod, struct load_info *info)
{
const char *modmagic = get_modinfo(info, "vermagic");
/* This is allowed: modprobe --force will invalidate it. */
if (!modmagic) {
err = try_to_force_load(mod, "bad vermagic");
-@@ -2498,7 +2541,7 @@ static int check_modinfo(struct module *mod, struct load_info *info)
+@@ -2536,7 +2579,7 @@ static int check_modinfo(struct module *mod, struct load_info *info)
}
/* Set up license info based on the info section */
return 0;
}
-@@ -2592,7 +2635,7 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2630,7 +2673,7 @@ static int move_module(struct module *mod, struct load_info *info)
void *ptr;
/* Do the allocs. */
/*
* The pointer to this block is stored in the module structure
* which is inside the block. Just mark it as not being a
-@@ -2602,23 +2645,50 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2640,23 +2683,50 @@ static int move_module(struct module *mod, struct load_info *info)
if (!ptr)
return -ENOMEM;
+ mod->module_init_rx = ptr;
/* Transfer each section which specifies SHF_ALLOC */
- DEBUGP("final section addresses:\n");
-@@ -2629,16 +2699,45 @@ static int move_module(struct module *mod, struct load_info *info)
+ pr_debug("final section addresses:\n");
+@@ -2667,16 +2737,45 @@ static int move_module(struct module *mod, struct load_info *info)
if (!(shdr->sh_flags & SHF_ALLOC))
continue;
+#endif
+
+ shdr->sh_addr = (unsigned long)dest;
- DEBUGP("\t0x%lx %s\n",
- shdr->sh_addr, info->secstrings + shdr->sh_name);
+ pr_debug("\t0x%lx %s\n",
+ (long)shdr->sh_addr, info->secstrings + shdr->sh_name);
}
-@@ -2689,12 +2788,12 @@ static void flush_module_icache(const struct module *mod)
+@@ -2727,12 +2826,12 @@ static void flush_module_icache(const struct module *mod)
* Do it before processing of module parameters, so the module
* can provide parameter accessor functions of its own.
*/
set_fs(old_fs);
}
-@@ -2774,8 +2873,10 @@ static void module_deallocate(struct module *mod, struct load_info *info)
+@@ -2802,8 +2901,10 @@ out:
+ static void module_deallocate(struct module *mod, struct load_info *info)
{
- kfree(info->strmap);
percpu_modfree(mod);
- module_free(mod, mod->module_init);
- module_free(mod, mod->module_core);
}
int __weak module_finalize(const Elf_Ehdr *hdr,
-@@ -2839,9 +2940,38 @@ static struct module *load_module(void __user *umod,
+@@ -2867,9 +2968,38 @@ static struct module *load_module(void __user *umod,
if (err)
goto free_unload;
/* Fix up syms, so that st_value is a pointer to location. */
err = simplify_symbols(mod, &info);
if (err < 0)
-@@ -2857,13 +2987,6 @@ static struct module *load_module(void __user *umod,
+@@ -2885,13 +3015,6 @@ static struct module *load_module(void __user *umod,
flush_module_icache(mod);
/* Mark state as coming so strong_try_module_get() ignores us. */
mod->state = MODULE_STATE_COMING;
-@@ -2921,11 +3044,10 @@ static struct module *load_module(void __user *umod,
+@@ -2948,11 +3071,10 @@ static struct module *load_module(void __user *umod,
unlock:
mutex_unlock(&module_mutex);
synchronize_sched();
free_unload:
module_unload_free(mod);
free_module:
-@@ -2966,16 +3088,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
+@@ -2993,16 +3115,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
MODULE_STATE_COMING, mod);
/* Set RO and NX regions for core */
do_mod_ctors(mod);
/* Start the module */
-@@ -3021,11 +3143,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
+@@ -3048,11 +3170,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
mod->strtab = mod->core_strtab;
#endif
unset_module_init_ro_nx(mod);
mutex_unlock(&module_mutex);
return 0;
-@@ -3056,10 +3179,16 @@ static const char *get_ksymbol(struct module *mod,
+@@ -3083,10 +3206,16 @@ static const char *get_ksymbol(struct module *mod,
unsigned long nextval;
/* At worse, next value is at end of module */
/* Scan for closest preceding symbol, and next symbol. (ELF
starts real symbols at 1). */
-@@ -3307,7 +3436,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3321,7 +3450,7 @@ static int m_show(struct seq_file *m, void *p)
char buf[8];
seq_printf(m, "%s %u",
print_unload_info(m, mod);
/* Informative for users. */
-@@ -3316,7 +3445,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3330,7 +3459,7 @@ static int m_show(struct seq_file *m, void *p)
mod->state == MODULE_STATE_COMING ? "Loading":
"Live");
/* Used by oprofile and other similar tools. */
/* Taints info */
if (mod->taints)
-@@ -3352,7 +3481,17 @@ static const struct file_operations proc_modules_operations = {
+@@ -3366,7 +3495,17 @@ static const struct file_operations proc_modules_operations = {
static int __init proc_modules_init(void)
{
return 0;
}
module_init(proc_modules_init);
-@@ -3411,12 +3550,12 @@ struct module *__module_address(unsigned long addr)
+@@ -3425,12 +3564,12 @@ struct module *__module_address(unsigned long addr)
{
struct module *mod;
return mod;
return NULL;
}
-@@ -3450,11 +3589,20 @@ bool is_module_text_address(unsigned long addr)
+@@ -3464,11 +3603,20 @@ bool is_module_text_address(unsigned long addr)
*/
struct module *__module_text_address(unsigned long addr)
{
atomic_set(&pd->refcnt, 0);
pd->pinst = pinst;
diff --git a/kernel/panic.c b/kernel/panic.c
-index 3458469..342c500 100644
+index 8ed89a1..e83856a 100644
--- a/kernel/panic.c
+++ b/kernel/panic.c
-@@ -78,7 +78,11 @@ NORET_TYPE void panic(const char * fmt, ...)
- va_end(args);
- printk(KERN_EMERG "Kernel panic - not syncing: %s\n",buf);
- #ifdef CONFIG_DEBUG_BUGVERBOSE
-- dump_stack();
-+ /*
-+ * Avoid nested stack-dumping if a panic occurs during oops processing
-+ */
-+ if (!oops_in_progress)
-+ dump_stack();
- #endif
-
- /*
-@@ -382,7 +386,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller,
+@@ -402,7 +402,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller,
const char *board;
printk(KERN_WARNING "------------[ cut here ]------------\n");
board = dmi_get_system_info(DMI_PRODUCT_NAME);
if (board)
printk(KERN_WARNING "Hardware name: %s\n", board);
-@@ -437,7 +441,8 @@ EXPORT_SYMBOL(warn_slowpath_null);
+@@ -457,7 +457,8 @@ EXPORT_SYMBOL(warn_slowpath_null);
*/
void __stack_chk_fail(void)
{
}
EXPORT_SYMBOL(__stack_chk_fail);
diff --git a/kernel/pid.c b/kernel/pid.c
-index fa5f722..0c93e57 100644
+index 9f08dfa..6765c40 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -33,6 +33,7 @@
int pid_max_min = RESERVED_PIDS + 1;
int pid_max_max = PID_MAX_LIMIT;
-@@ -418,10 +419,18 @@ EXPORT_SYMBOL(pid_task);
+@@ -420,10 +421,18 @@ EXPORT_SYMBOL(pid_task);
*/
struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns)
{
}
struct task_struct *find_task_by_vpid(pid_t vnr)
-@@ -429,6 +438,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr)
+@@ -431,6 +440,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr)
return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
}
{
struct pid *pid;
diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c
-index e7cb76d..75eceb3 100644
+index 125cb67..a4d1c30 100644
--- a/kernel/posix-cpu-timers.c
+++ b/kernel/posix-cpu-timers.c
@@ -6,6 +6,7 @@
#include <asm/uaccess.h>
#include <linux/kernel_stat.h>
#include <trace/events/timer.h>
-@@ -1606,14 +1607,14 @@ struct k_clock clock_posix_cpu = {
+@@ -1578,14 +1579,14 @@ struct k_clock clock_posix_cpu = {
static __init int init_posix_cpu_timers(void)
{
register_sysrq_key('o', &sysrq_poweroff_op);
return 0;
diff --git a/kernel/power/process.c b/kernel/power/process.c
-index 3d4b954..11af930 100644
+index 7aac07a..2d3c6dc 100644
--- a/kernel/power/process.c
+++ b/kernel/power/process.c
-@@ -41,6 +41,7 @@ static int try_to_freeze_tasks(bool sig_only)
+@@ -33,6 +33,7 @@ static int try_to_freeze_tasks(bool user_only)
u64 elapsed_csecs64;
unsigned int elapsed_csecs;
bool wakeup = false;
do_gettimeofday(&start);
-@@ -51,6 +52,8 @@ static int try_to_freeze_tasks(bool sig_only)
+@@ -43,6 +44,8 @@ static int try_to_freeze_tasks(bool user_only)
while (true) {
todo = 0;
+ timedout = true;
read_lock(&tasklist_lock);
do_each_thread(g, p) {
- if (frozen(p) || !freezable(p))
-@@ -71,9 +74,13 @@ static int try_to_freeze_tasks(bool sig_only)
+ if (p == current || !freeze_task(p))
+@@ -60,9 +63,13 @@ static int try_to_freeze_tasks(bool user_only)
* try_to_stop() after schedule() in ptrace/signal
* stop sees TIF_FREEZE.
*/
} while_each_thread(g, p);
read_unlock(&tasklist_lock);
-@@ -82,7 +89,7 @@ static int try_to_freeze_tasks(bool sig_only)
+@@ -71,7 +78,7 @@ static int try_to_freeze_tasks(bool user_only)
todo += wq_busy;
}
if (pm_wakeup_pending()) {
diff --git a/kernel/printk.c b/kernel/printk.c
-index 7982a0a..2095fdc 100644
+index 32690a0..cd7c798 100644
--- a/kernel/printk.c
+++ b/kernel/printk.c
@@ -313,6 +313,11 @@ static int check_syslog_permissions(int type, bool from_file)
}
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
-index 78ab24a..332c915 100644
+index 00ab2ca..d237f61 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
-@@ -172,7 +172,8 @@ int ptrace_check_attach(struct task_struct *child, bool ignore_state)
- return ret;
- }
-
--int __ptrace_may_access(struct task_struct *task, unsigned int mode)
-+static int __ptrace_may_access(struct task_struct *task, unsigned int mode,
-+ unsigned int log)
- {
- const struct cred *cred = current_cred(), *tcred;
-
-@@ -198,7 +199,8 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
- cred->gid == tcred->sgid &&
- cred->gid == tcred->gid))
- goto ok;
-- if (ns_capable(tcred->user->user_ns, CAP_SYS_PTRACE))
-+ if ((!log && ns_capable_nolog(tcred->user->user_ns, CAP_SYS_PTRACE)) ||
-+ (log && ns_capable(tcred->user->user_ns, CAP_SYS_PTRACE)))
- goto ok;
- rcu_read_unlock();
- return -EPERM;
-@@ -207,7 +209,9 @@ ok:
- smp_rmb();
- if (task->mm)
- dumpable = get_dumpable(task->mm);
-- if (!dumpable && !task_ns_capable(task, CAP_SYS_PTRACE))
-+ if (!dumpable &&
-+ ((!log && !task_ns_capable_nolog(task, CAP_SYS_PTRACE)) ||
-+ (log && !task_ns_capable(task, CAP_SYS_PTRACE))))
- return -EPERM;
-
- return security_ptrace_access_check(task, mode);
-@@ -217,7 +221,21 @@ bool ptrace_may_access(struct task_struct *task, unsigned int mode)
- {
- int err;
- task_lock(task);
-- err = __ptrace_may_access(task, mode);
-+ err = __ptrace_may_access(task, mode, 0);
-+ task_unlock(task);
-+ return !err;
-+}
-+
-+bool ptrace_may_access_nolock(struct task_struct *task, unsigned int mode)
-+{
-+ return __ptrace_may_access(task, mode, 0);
-+}
-+
-+bool ptrace_may_access_log(struct task_struct *task, unsigned int mode)
-+{
-+ int err;
-+ task_lock(task);
-+ err = __ptrace_may_access(task, mode, 1);
- task_unlock(task);
- return !err;
- }
-@@ -262,7 +280,7 @@ static int ptrace_attach(struct task_struct *task, long request,
- goto out;
-
- task_lock(task);
-- retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH);
-+ retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH, 1);
- task_unlock(task);
- if (retval)
- goto unlock_creds;
-@@ -277,7 +295,7 @@ static int ptrace_attach(struct task_struct *task, long request,
+@@ -285,7 +285,7 @@ static int ptrace_attach(struct task_struct *task, long request,
task->ptrace = PT_PTRACED;
if (seize)
task->ptrace |= PT_SEIZED;
-- if (task_ns_capable(task, CAP_SYS_PTRACE))
-+ if (task_ns_capable_nolog(task, CAP_SYS_PTRACE))
+- if (ns_capable(task_user_ns(task), CAP_SYS_PTRACE))
++ if (ns_capable_nolog(task_user_ns(task), CAP_SYS_PTRACE))
task->ptrace |= PT_PTRACE_CAP;
__ptrace_link(task, current);
-@@ -483,7 +501,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
+@@ -491,7 +491,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
break;
return -EIO;
}
return -EFAULT;
copied += retval;
src += retval;
-@@ -680,7 +698,7 @@ int ptrace_request(struct task_struct *child, long request,
+@@ -688,7 +688,7 @@ int ptrace_request(struct task_struct *child, long request,
bool seized = child->ptrace & PT_SEIZED;
int ret = -EIO;
siginfo_t siginfo, *si;
unsigned long __user *datalp = datavp;
unsigned long flags;
-@@ -882,14 +900,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
+@@ -890,14 +890,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
goto out;
}
goto out_put_task_struct;
}
-@@ -915,7 +940,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
+@@ -923,7 +930,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0);
if (copied != sizeof(tmp))
return -EIO;
}
int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr,
-@@ -1025,14 +1050,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
+@@ -1033,14 +1040,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
goto out;
}
}
diff --git a/kernel/rcutiny.c b/kernel/rcutiny.c
-index 636af6d..8af70ab 100644
+index 977296d..c4744dc 100644
--- a/kernel/rcutiny.c
+++ b/kernel/rcutiny.c
@@ -46,7 +46,7 @@
static void __call_rcu(struct rcu_head *head,
void (*func)(struct rcu_head *rcu),
struct rcu_ctrlblk *rcp);
-@@ -186,7 +186,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp)
- RCU_TRACE(trace_rcu_batch_end(rcp->name, cb_count));
+@@ -297,7 +297,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp)
+ rcu_is_callbacks_kthread()));
}
-static void rcu_process_callbacks(struct softirq_action *unused)
{
__rcu_process_callbacks(&rcu_sched_ctrlblk);
__rcu_process_callbacks(&rcu_bh_ctrlblk);
+diff --git a/kernel/rcutiny_plugin.h b/kernel/rcutiny_plugin.h
+index 9cb1ae4..aac7d3e 100644
+--- a/kernel/rcutiny_plugin.h
++++ b/kernel/rcutiny_plugin.h
+@@ -920,7 +920,7 @@ static int rcu_kthread(void *arg)
+ have_rcu_kthread_work = morework;
+ local_irq_restore(flags);
+ if (work)
+- rcu_process_callbacks(NULL);
++ rcu_process_callbacks();
+ schedule_timeout_interruptible(1); /* Leave CPU for others. */
+ }
+
diff --git a/kernel/rcutorture.c b/kernel/rcutorture.c
-index 764825c..3aa6ac4 100644
+index a58ac28..196a3d8 100644
--- a/kernel/rcutorture.c
+++ b/kernel/rcutorture.c
-@@ -138,12 +138,12 @@ static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_count) =
+@@ -148,12 +148,12 @@ static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_count) =
{ 0 };
static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_batch) =
{ 0 };
static long n_rcu_torture_boost_ktrerror;
static long n_rcu_torture_boost_rterror;
static long n_rcu_torture_boost_failure;
-@@ -223,11 +223,11 @@ rcu_torture_alloc(void)
+@@ -243,11 +243,11 @@ rcu_torture_alloc(void)
spin_lock_bh(&rcu_torture_lock);
if (list_empty(&rcu_torture_freelist)) {
p = rcu_torture_freelist.next;
list_del_init(p);
spin_unlock_bh(&rcu_torture_lock);
-@@ -240,7 +240,7 @@ rcu_torture_alloc(void)
+@@ -260,7 +260,7 @@ rcu_torture_alloc(void)
static void
rcu_torture_free(struct rcu_torture *p)
{
spin_lock_bh(&rcu_torture_lock);
list_add_tail(&p->rtort_free, &rcu_torture_freelist);
spin_unlock_bh(&rcu_torture_lock);
-@@ -360,7 +360,7 @@ rcu_torture_cb(struct rcu_head *p)
+@@ -380,7 +380,7 @@ rcu_torture_cb(struct rcu_head *p)
i = rp->rtort_pipe_count;
if (i > RCU_TORTURE_PIPE_LEN)
i = RCU_TORTURE_PIPE_LEN;
if (++rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) {
rp->rtort_mbtest = 0;
rcu_torture_free(rp);
-@@ -407,7 +407,7 @@ static void rcu_sync_torture_deferred_free(struct rcu_torture *p)
+@@ -427,7 +427,7 @@ static void rcu_sync_torture_deferred_free(struct rcu_torture *p)
i = rp->rtort_pipe_count;
if (i > RCU_TORTURE_PIPE_LEN)
i = RCU_TORTURE_PIPE_LEN;
if (++rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) {
rp->rtort_mbtest = 0;
list_del(&rp->rtort_free);
-@@ -872,7 +872,7 @@ rcu_torture_writer(void *arg)
+@@ -916,7 +916,7 @@ rcu_torture_writer(void *arg)
i = old_rp->rtort_pipe_count;
if (i > RCU_TORTURE_PIPE_LEN)
i = RCU_TORTURE_PIPE_LEN;
old_rp->rtort_pipe_count++;
cur_ops->deferred_free(old_rp);
}
-@@ -940,7 +940,7 @@ static void rcu_torture_timer(unsigned long unused)
+@@ -997,7 +997,7 @@ static void rcu_torture_timer(unsigned long unused)
return;
}
if (p->rtort_mbtest == 0)
spin_lock(&rand_lock);
cur_ops->read_delay(&rand);
n_rcu_torture_timers++;
-@@ -1001,7 +1001,7 @@ rcu_torture_reader(void *arg)
+@@ -1061,7 +1061,7 @@ rcu_torture_reader(void *arg)
continue;
}
if (p->rtort_mbtest == 0)
cur_ops->read_delay(&rand);
preempt_disable();
pipe_count = p->rtort_pipe_count;
-@@ -1060,16 +1060,16 @@ rcu_torture_printk(char *page)
+@@ -1123,10 +1123,10 @@ rcu_torture_printk(char *page)
rcu_torture_current,
rcu_torture_current_version,
list_empty(&rcu_torture_freelist),
n_rcu_torture_boost_ktrerror,
n_rcu_torture_boost_rterror,
n_rcu_torture_boost_failure,
- n_rcu_torture_boosts,
- n_rcu_torture_timers);
+@@ -1136,7 +1136,7 @@ rcu_torture_printk(char *page)
+ n_online_attempts,
+ n_offline_successes,
+ n_offline_attempts);
- if (atomic_read(&n_rcu_torture_mberror) != 0 ||
+ if (atomic_read_unchecked(&n_rcu_torture_mberror) != 0 ||
n_rcu_torture_boost_ktrerror != 0 ||
n_rcu_torture_boost_rterror != 0 ||
n_rcu_torture_boost_failure != 0)
-@@ -1077,7 +1077,7 @@ rcu_torture_printk(char *page)
+@@ -1144,7 +1144,7 @@ rcu_torture_printk(char *page)
cnt += sprintf(&page[cnt], "\n%s%s ", torture_type, TORTURE_FLAG);
if (i > 1) {
cnt += sprintf(&page[cnt], "!!! ");
WARN_ON_ONCE(1);
}
cnt += sprintf(&page[cnt], "Reader Pipe: ");
-@@ -1091,7 +1091,7 @@ rcu_torture_printk(char *page)
+@@ -1158,7 +1158,7 @@ rcu_torture_printk(char *page)
cnt += sprintf(&page[cnt], "Free-Block Circulation: ");
for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) {
cnt += sprintf(&page[cnt], " %d",
}
cnt += sprintf(&page[cnt], "\n");
if (cur_ops->stats)
-@@ -1401,7 +1401,7 @@ rcu_torture_cleanup(void)
+@@ -1600,7 +1600,7 @@ rcu_torture_cleanup(void)
if (cur_ops->cleanup)
cur_ops->cleanup();
rcu_torture_print_module_parms(cur_ops, "End of test: FAILURE");
else
rcu_torture_print_module_parms(cur_ops, "End of test: SUCCESS");
-@@ -1465,17 +1465,17 @@ rcu_torture_init(void)
+@@ -1664,17 +1664,17 @@ rcu_torture_init(void)
rcu_torture_current = NULL;
rcu_torture_current_version = 0;
for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) {
per_cpu(rcu_torture_count, cpu)[i] = 0;
diff --git a/kernel/rcutree.c b/kernel/rcutree.c
-index 6b76d81..7afc1b3 100644
+index 6c4a672..70f3202 100644
--- a/kernel/rcutree.c
+++ b/kernel/rcutree.c
-@@ -367,9 +367,9 @@ void rcu_enter_nohz(void)
- trace_rcu_dyntick("Start");
+@@ -363,9 +363,9 @@ static void rcu_idle_enter_common(struct rcu_dynticks *rdtp, long long oldval)
+ rcu_prepare_for_idle(smp_processor_id());
/* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */
smp_mb__before_atomic_inc(); /* See above. */
- atomic_inc(&rdtp->dynticks);
smp_mb__after_atomic_inc(); /* Force ordering with next sojourn. */
- WARN_ON_ONCE(atomic_read(&rdtp->dynticks) & 0x1);
+ WARN_ON_ONCE(atomic_read_unchecked(&rdtp->dynticks) & 0x1);
- local_irq_restore(flags);
}
-@@ -391,10 +391,10 @@ void rcu_exit_nohz(void)
- return;
- }
+ /**
+@@ -438,10 +438,10 @@ void rcu_irq_exit(void)
+ static void rcu_idle_exit_common(struct rcu_dynticks *rdtp, long long oldval)
+ {
smp_mb__before_atomic_inc(); /* Force ordering w/previous sojourn. */
- atomic_inc(&rdtp->dynticks);
+ atomic_inc_unchecked(&rdtp->dynticks);
smp_mb__after_atomic_inc(); /* See above. */
- WARN_ON_ONCE(!(atomic_read(&rdtp->dynticks) & 0x1));
+ WARN_ON_ONCE(!(atomic_read_unchecked(&rdtp->dynticks) & 0x1));
- trace_rcu_dyntick("End");
- local_irq_restore(flags);
- }
-@@ -411,14 +411,14 @@ void rcu_nmi_enter(void)
+ rcu_cleanup_after_idle(smp_processor_id());
+ trace_rcu_dyntick("End", oldval, rdtp->dynticks_nesting);
+ if (!is_idle_task(current)) {
+@@ -531,14 +531,14 @@ void rcu_nmi_enter(void)
struct rcu_dynticks *rdtp = &__get_cpu_var(rcu_dynticks);
if (rdtp->dynticks_nmi_nesting == 0 &&
}
/**
-@@ -437,9 +437,9 @@ void rcu_nmi_exit(void)
+@@ -557,9 +557,9 @@ void rcu_nmi_exit(void)
return;
/* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */
smp_mb__before_atomic_inc(); /* See above. */
+ WARN_ON_ONCE(atomic_read_unchecked(&rdtp->dynticks) & 0x1);
}
- /**
-@@ -474,7 +474,7 @@ void rcu_irq_exit(void)
+ #ifdef CONFIG_PROVE_RCU
+@@ -575,7 +575,7 @@ int rcu_is_cpu_idle(void)
+ int ret;
+
+ preempt_disable();
+- ret = (atomic_read(&__get_cpu_var(rcu_dynticks).dynticks) & 0x1) == 0;
++ ret = (atomic_read_unchecked(&__get_cpu_var(rcu_dynticks).dynticks) & 0x1) == 0;
+ preempt_enable();
+ return ret;
+ }
+@@ -604,7 +604,7 @@ int rcu_is_cpu_rrupt_from_idle(void)
*/
static int dyntick_save_progress_counter(struct rcu_data *rdp)
{
- rdp->dynticks_snap = atomic_add_return(0, &rdp->dynticks->dynticks);
+ rdp->dynticks_snap = atomic_add_return_unchecked(0, &rdp->dynticks->dynticks);
- return 0;
+ return (rdp->dynticks_snap & 0x1) == 0;
}
-@@ -489,7 +489,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp)
+@@ -619,7 +619,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp)
unsigned int curr;
unsigned int snap;
snap = (unsigned int)rdp->dynticks_snap;
/*
-@@ -1552,7 +1552,7 @@ __rcu_process_callbacks(struct rcu_state *rsp, struct rcu_data *rdp)
+@@ -1667,7 +1667,7 @@ __rcu_process_callbacks(struct rcu_state *rsp, struct rcu_data *rdp)
/*
* Do RCU core processing for the current CPU.
*/
{
trace_rcu_utilization("Start RCU core");
__rcu_process_callbacks(&rcu_sched_state,
+@@ -2030,7 +2030,7 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp)
+ rdp->qlen = 0;
+ rdp->dynticks = &per_cpu(rcu_dynticks, cpu);
+ WARN_ON_ONCE(rdp->dynticks->dynticks_nesting != DYNTICK_TASK_NESTING);
+- WARN_ON_ONCE(atomic_read(&rdp->dynticks->dynticks) != 1);
++ WARN_ON_ONCE(atomic_read_unchecked(&rdp->dynticks->dynticks) != 1);
+ rdp->cpu = cpu;
+ rdp->rsp = rsp;
+ raw_spin_unlock_irqrestore(&rnp->lock, flags);
+@@ -2058,8 +2058,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible)
+ rdp->n_force_qs_snap = rsp->n_force_qs;
+ rdp->blimit = blimit;
+ rdp->dynticks->dynticks_nesting = DYNTICK_TASK_NESTING;
+- atomic_set(&rdp->dynticks->dynticks,
+- (atomic_read(&rdp->dynticks->dynticks) & ~0x1) + 1);
++ atomic_set_unchecked(&rdp->dynticks->dynticks,
++ (atomic_read_unchecked(&rdp->dynticks->dynticks) & ~0x1) + 1);
+ rcu_prepare_for_idle_init(cpu);
+ raw_spin_unlock(&rnp->lock); /* irqs remain disabled. */
+
diff --git a/kernel/rcutree.h b/kernel/rcutree.h
-index 849ce9e..74bc9de 100644
+index fddff92..2c08359 100644
--- a/kernel/rcutree.h
+++ b/kernel/rcutree.h
-@@ -86,7 +86,7 @@
- struct rcu_dynticks {
- int dynticks_nesting; /* Track irq/process nesting level. */
- int dynticks_nmi_nesting; /* Track NMI nesting level. */
-- atomic_t dynticks; /* Even value for dynticks-idle, else odd. */
-+ atomic_unchecked_t dynticks; /* Even value for dynticks-idle, else odd. */
+@@ -87,7 +87,7 @@ struct rcu_dynticks {
+ long long dynticks_nesting; /* Track irq/process nesting level. */
+ /* Process level is worth LLONG_MAX/2. */
+ int dynticks_nmi_nesting; /* Track NMI nesting level. */
+- atomic_t dynticks; /* Even value for idle, else odd. */
++ atomic_unchecked_t dynticks;/* Even value for idle, else odd. */
};
/* RCU's kthread states for tracing. */
diff --git a/kernel/rcutree_plugin.h b/kernel/rcutree_plugin.h
-index 4b9b9f8..2326053 100644
+index 8bb35d7..6ea0a463 100644
--- a/kernel/rcutree_plugin.h
+++ b/kernel/rcutree_plugin.h
-@@ -842,7 +842,7 @@ void synchronize_rcu_expedited(void)
+@@ -850,7 +850,7 @@ void synchronize_rcu_expedited(void)
/* Clean up and exit. */
smp_mb(); /* ensure expedited GP seen before counter increment. */
unlock_mb_ret:
mutex_unlock(&sync_rcu_preempt_exp_mutex);
mb_ret:
-@@ -1815,8 +1815,8 @@ EXPORT_SYMBOL_GPL(synchronize_sched_expedited);
+@@ -1833,8 +1833,8 @@ EXPORT_SYMBOL_GPL(synchronize_sched_expedited);
#else /* #ifndef CONFIG_SMP */
static int synchronize_sched_expedited_cpu_stop(void *data)
{
-@@ -1871,7 +1871,7 @@ void synchronize_sched_expedited(void)
+@@ -1889,7 +1889,7 @@ void synchronize_sched_expedited(void)
int firstsnap, s, snap, trycount = 0;
/* Note that atomic_inc_return() implies full memory barrier. */
get_online_cpus();
/*
-@@ -1892,7 +1892,7 @@ void synchronize_sched_expedited(void)
+@@ -1910,7 +1910,7 @@ void synchronize_sched_expedited(void)
}
/* Check to see if someone else did our work for us. */
if (UINT_CMP_GE((unsigned)s, (unsigned)firstsnap)) {
smp_mb(); /* ensure test happens before caller kfree */
return;
-@@ -1907,7 +1907,7 @@ void synchronize_sched_expedited(void)
+@@ -1925,7 +1925,7 @@ void synchronize_sched_expedited(void)
* grace period works for us.
*/
get_online_cpus();
-- snap = atomic_read(&sync_sched_expedited_started) - 1;
-+ snap = atomic_read_unchecked(&sync_sched_expedited_started) - 1;
+- snap = atomic_read(&sync_sched_expedited_started);
++ snap = atomic_read_unchecked(&sync_sched_expedited_started);
smp_mb(); /* ensure read is before try_stop_cpus(). */
}
-@@ -1918,12 +1918,12 @@ void synchronize_sched_expedited(void)
+@@ -1936,12 +1936,12 @@ void synchronize_sched_expedited(void)
* than we did beat us to the punch.
*/
do {
put_online_cpus();
}
-@@ -1985,7 +1985,7 @@ int rcu_needs_cpu(int cpu)
- for_each_online_cpu(thatcpu) {
- if (thatcpu == cpu)
- continue;
-- snap = atomic_add_return(0, &per_cpu(rcu_dynticks,
-+ snap = atomic_add_return_unchecked(0, &per_cpu(rcu_dynticks,
- thatcpu).dynticks);
- smp_mb(); /* Order sampling of snap with end of grace period. */
- if ((snap & 0x1) != 0) {
diff --git a/kernel/rcutree_trace.c b/kernel/rcutree_trace.c
-index 9feffa4..54058df 100644
+index 654cfe6..c0b28e2 100644
--- a/kernel/rcutree_trace.c
+++ b/kernel/rcutree_trace.c
-@@ -69,7 +69,7 @@ static void print_one_rcu_data(struct seq_file *m, struct rcu_data *rdp)
+@@ -68,7 +68,7 @@ static void print_one_rcu_data(struct seq_file *m, struct rcu_data *rdp)
+ rdp->passed_quiesce, rdp->passed_quiesce_gpnum,
rdp->qs_pending);
- #ifdef CONFIG_NO_HZ
- seq_printf(m, " dt=%d/%d/%d df=%lu",
+ seq_printf(m, " dt=%d/%llx/%d df=%lu",
- atomic_read(&rdp->dynticks->dynticks),
+ atomic_read_unchecked(&rdp->dynticks->dynticks),
rdp->dynticks->dynticks_nesting,
rdp->dynticks->dynticks_nmi_nesting,
rdp->dynticks_fqs);
-@@ -143,7 +143,7 @@ static void print_one_rcu_data_csv(struct seq_file *m, struct rcu_data *rdp)
+@@ -140,7 +140,7 @@ static void print_one_rcu_data_csv(struct seq_file *m, struct rcu_data *rdp)
+ rdp->passed_quiesce, rdp->passed_quiesce_gpnum,
rdp->qs_pending);
- #ifdef CONFIG_NO_HZ
- seq_printf(m, ",%d,%d,%d,%lu",
+ seq_printf(m, ",%d,%llx,%d,%lu",
- atomic_read(&rdp->dynticks->dynticks),
+ atomic_read_unchecked(&rdp->dynticks->dynticks),
rdp->dynticks->dynticks_nesting,
}
__initcall(ioresources_init);
diff --git a/kernel/rtmutex-tester.c b/kernel/rtmutex-tester.c
-index 3d9f31c..7fefc9e 100644
+index 98ec494..4241d6d 100644
--- a/kernel/rtmutex-tester.c
+++ b/kernel/rtmutex-tester.c
@@ -20,7 +20,7 @@
return;
default:
-diff --git a/kernel/sched.c b/kernel/sched.c
-index d6b149c..896cbb8 100644
---- a/kernel/sched.c
-+++ b/kernel/sched.c
-@@ -4389,6 +4389,19 @@ pick_next_task(struct rq *rq)
- BUG(); /* the idle class will always have a runnable task */
- }
-
-+#ifdef CONFIG_GRKERNSEC_SETXID
-+extern void gr_delayed_cred_worker(void);
-+static inline void gr_cred_schedule(void)
-+{
-+ if (unlikely(current->delayed_cred))
-+ gr_delayed_cred_worker();
-+}
-+#else
-+static inline void gr_cred_schedule(void)
-+{
-+}
-+#endif
-+
- /*
- * __schedule() is the main scheduler function.
- */
-@@ -4408,6 +4421,8 @@ need_resched:
+diff --git a/kernel/sched/auto_group.c b/kernel/sched/auto_group.c
+index e8a1f83..363d17d 100644
+--- a/kernel/sched/auto_group.c
++++ b/kernel/sched/auto_group.c
+@@ -11,7 +11,7 @@
- schedule_debug(prev);
+ unsigned int __read_mostly sysctl_sched_autogroup_enabled = 1;
+ static struct autogroup autogroup_default;
+-static atomic_t autogroup_seq_nr;
++static atomic_unchecked_t autogroup_seq_nr;
-+ gr_cred_schedule();
-+
- if (sched_feat(HRTICK))
- hrtick_clear(rq);
+ void __init autogroup_init(struct task_struct *init_task)
+ {
+@@ -78,7 +78,7 @@ static inline struct autogroup *autogroup_create(void)
-@@ -5098,6 +5113,8 @@ int can_nice(const struct task_struct *p, const int nice)
+ kref_init(&ag->kref);
+ init_rwsem(&ag->lock);
+- ag->id = atomic_inc_return(&autogroup_seq_nr);
++ ag->id = atomic_inc_return_unchecked(&autogroup_seq_nr);
+ ag->tg = tg;
+ #ifdef CONFIG_RT_GROUP_SCHED
+ /*
+diff --git a/kernel/sched/core.c b/kernel/sched/core.c
+index 478a04c..e16339a 100644
+--- a/kernel/sched/core.c
++++ b/kernel/sched/core.c
+@@ -3851,6 +3851,8 @@ int can_nice(const struct task_struct *p, const int nice)
/* convert nice value [19,-20] to rlimit style value [1,40] */
int nice_rlim = 20 - nice;
return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
capable(CAP_SYS_NICE));
}
-@@ -5131,7 +5148,8 @@ SYSCALL_DEFINE1(nice, int, increment)
+@@ -3884,7 +3886,8 @@ SYSCALL_DEFINE1(nice, int, increment)
if (nice > 19)
nice = 19;
return -EPERM;
retval = security_task_setnice(current, nice);
-@@ -5288,6 +5306,7 @@ recheck:
+@@ -4041,6 +4044,7 @@ recheck:
unsigned long rlim_rtprio =
task_rlimit(p, RLIMIT_RTPRIO);
/* can't set/change the rt policy */
if (policy != p->policy && !rlim_rtprio)
return -EPERM;
-diff --git a/kernel/sched_autogroup.c b/kernel/sched_autogroup.c
-index 429242f..d7cca82 100644
---- a/kernel/sched_autogroup.c
-+++ b/kernel/sched_autogroup.c
-@@ -7,7 +7,7 @@
-
- unsigned int __read_mostly sysctl_sched_autogroup_enabled = 1;
- static struct autogroup autogroup_default;
--static atomic_t autogroup_seq_nr;
-+static atomic_unchecked_t autogroup_seq_nr;
-
- static void __init autogroup_init(struct task_struct *init_task)
- {
-@@ -78,7 +78,7 @@ static inline struct autogroup *autogroup_create(void)
-
- kref_init(&ag->kref);
- init_rwsem(&ag->lock);
-- ag->id = atomic_inc_return(&autogroup_seq_nr);
-+ ag->id = atomic_inc_return_unchecked(&autogroup_seq_nr);
- ag->tg = tg;
- #ifdef CONFIG_RT_GROUP_SCHED
- /*
-diff --git a/kernel/sched_fair.c b/kernel/sched_fair.c
-index 8a39fa3..34f3dbc 100644
---- a/kernel/sched_fair.c
-+++ b/kernel/sched_fair.c
-@@ -4801,7 +4801,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { }
+diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
+index aca16b8..8e3acc4 100644
+--- a/kernel/sched/fair.c
++++ b/kernel/sched/fair.c
+@@ -5147,7 +5147,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { }
* run_rebalance_domains is triggered when needed from the scheduler tick.
* Also triggered for nohz idle balancing (with nohz_balancing_kick set).
*/
int this_cpu = smp_processor_id();
struct rq *this_rq = cpu_rq(this_cpu);
diff --git a/kernel/signal.c b/kernel/signal.c
-index 2065515..aed2987 100644
+index b09cf3b..b291c66 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
-@@ -45,12 +45,12 @@ static struct kmem_cache *sigqueue_cachep;
+@@ -46,12 +46,12 @@ static struct kmem_cache *sigqueue_cachep;
int print_fatal_signals __read_mostly;
{
/* Is it explicitly or implicitly ignored? */
return handler == SIG_IGN ||
-@@ -60,7 +60,7 @@ static int sig_handler_ignored(void __user *handler, int sig)
+@@ -61,7 +61,7 @@ static int sig_handler_ignored(void __user *handler, int sig)
static int sig_task_ignored(struct task_struct *t, int sig,
int from_ancestor_ns)
{
handler = sig_handler(t, sig);
-@@ -364,6 +364,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimi
+@@ -365,6 +365,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimi
atomic_inc(&user->sigpending);
rcu_read_unlock();
if (override_rlimit ||
atomic_read(&user->sigpending) <=
task_rlimit(t, RLIMIT_SIGPENDING)) {
-@@ -488,7 +491,7 @@ flush_signal_handlers(struct task_struct *t, int force_default)
+@@ -489,7 +492,7 @@ flush_signal_handlers(struct task_struct *t, int force_default)
int unhandled_signal(struct task_struct *tsk, int sig)
{
if (is_global_init(tsk))
return 1;
if (handler != SIG_IGN && handler != SIG_DFL)
-@@ -815,6 +818,13 @@ static int check_kill_permission(int sig, struct siginfo *info,
+@@ -816,6 +819,13 @@ static int check_kill_permission(int sig, struct siginfo *info,
}
}
return security_task_kill(t, info, sig, 0);
}
-@@ -1165,7 +1175,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
+@@ -1197,7 +1207,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
return send_signal(sig, info, p, 1);
}
specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t)
{
return send_signal(sig, info, t, 0);
-@@ -1202,6 +1212,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
+@@ -1234,6 +1244,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
unsigned long int flags;
int ret, blocked, ignored;
struct k_sigaction *action;
spin_lock_irqsave(&t->sighand->siglock, flags);
action = &t->sighand->action[sig-1];
-@@ -1216,9 +1227,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
+@@ -1248,9 +1259,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
}
if (action->sa.sa_handler == SIG_DFL)
t->signal->flags &= ~SIGNAL_UNKILLABLE;
return ret;
}
-@@ -1285,8 +1305,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
+@@ -1317,8 +1337,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
ret = check_kill_permission(sig, info, p);
rcu_read_unlock();
return ret;
}
-@@ -2754,7 +2777,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
+@@ -2829,7 +2852,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
int error = -ESRCH;
rcu_read_lock();
raw_spin_unlock_irq(&call_function.lock);
}
diff --git a/kernel/softirq.c b/kernel/softirq.c
-index 2c71d91..1021f81 100644
+index 4eb3a0f..6f1fa81 100644
--- a/kernel/softirq.c
+++ b/kernel/softirq.c
@@ -56,7 +56,7 @@ static struct softirq_action softirq_vec[NR_SOFTIRQS] __cacheline_aligned_in_smp
struct tasklet_struct *list;
diff --git a/kernel/sys.c b/kernel/sys.c
-index 481611f..0754d86 100644
+index 888d227..f04b318 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -158,6 +158,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
__OLD_UTS_LEN);
error |= __put_user(0, name->machine + __OLD_UTS_LEN);
up_read(&uts_sem);
-@@ -1720,7 +1759,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
+@@ -1838,7 +1877,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
error = get_dumpable(me->mm);
break;
case PR_SET_DUMPABLE:
break;
}
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index ae27196..7506d69 100644
+index f03a6ef..5fcc8af 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -86,6 +86,13 @@
.data = &kptr_restrict,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = proc_dmesg_restrict,
+ .proc_handler = proc_dointvec_minmax_sysadmin,
+#ifdef CONFIG_GRKERNSEC_HIDESYM
+ .extra1 = &two,
+#else
{
.procname = "ngroups_max",
.data = &ngroups_max,
-@@ -1216,6 +1258,13 @@ static struct ctl_table vm_table[] = {
+@@ -1225,6 +1267,13 @@ static struct ctl_table vm_table[] = {
.proc_handler = proc_dointvec_minmax,
.extra1 = &zero,
},
#else
{
.procname = "nr_trim_pages",
-@@ -1720,6 +1769,17 @@ static int test_perm(int mode, int op)
+@@ -1729,6 +1778,17 @@ static int test_perm(int mode, int op)
int sysctl_perm(struct ctl_table_root *root, struct ctl_table *table, int op)
{
int mode;
if (root->permissions)
mode = root->permissions(root, current->nsproxy, table);
-@@ -2124,6 +2184,16 @@ int proc_dostring(struct ctl_table *table, int write,
+@@ -2133,6 +2193,16 @@ int proc_dostring(struct ctl_table *table, int write,
buffer, lenp, ppos);
}
static size_t proc_skip_spaces(char **buf)
{
size_t ret;
-@@ -2229,6 +2299,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
+@@ -2238,6 +2308,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
len = strlen(tmp);
if (len > *size)
len = *size;
if (copy_to_user(*buf, tmp, len))
return -EFAULT;
*size -= len;
-@@ -2545,8 +2617,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
+@@ -2554,8 +2626,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
*i = val;
} else {
val = convdiv * (*i) / convmul;
err = proc_put_long(&buffer, &left, val, false);
if (err)
break;
-@@ -2941,6 +3016,12 @@ int proc_dostring(struct ctl_table *table, int write,
+@@ -2950,6 +3025,12 @@ int proc_dostring(struct ctl_table *table, int write,
return -ENOSYS;
}
int proc_dointvec(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
-@@ -2997,6 +3078,7 @@ EXPORT_SYMBOL(proc_dointvec_minmax);
+@@ -3006,6 +3087,7 @@ EXPORT_SYMBOL(proc_dointvec_minmax);
EXPORT_SYMBOL(proc_dointvec_userhz_jiffies);
EXPORT_SYMBOL(proc_dointvec_ms_jiffies);
EXPORT_SYMBOL(proc_dostring);
cpumask_clear_cpu(cpu, tick_get_broadcast_mask());
tick_broadcast_clear_oneshot(cpu);
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
-index 2378413..be455fd 100644
+index 0c63581..e25dcb6 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -14,6 +14,7 @@
return -ENOMEM;
return 0;
diff --git a/kernel/timer.c b/kernel/timer.c
-index 9c3c62b..441690e 100644
+index a297ffc..5e16b0b 100644
--- a/kernel/timer.c
+++ b/kernel/timer.c
-@@ -1304,7 +1304,7 @@ void update_process_times(int user_tick)
+@@ -1354,7 +1354,7 @@ void update_process_times(int user_tick)
/*
* This function runs timers and the timer-tq in bottom half context.
*/
struct tvec_base *base = __this_cpu_read(tvec_bases);
diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c
-index 16fc34a..efd8bb8 100644
+index cdea7b5..9b820d4 100644
--- a/kernel/trace/blktrace.c
+++ b/kernel/trace/blktrace.c
@@ -324,7 +324,7 @@ static ssize_t blk_dropped_read(struct file *filp, char __user *buffer,
ret = -EIO;
bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt,
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
-index 25b4f4d..6f4772d 100644
+index 683d559..d70d914 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
-@@ -1587,12 +1587,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
+@@ -1726,12 +1726,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
if (unlikely(ftrace_disabled))
return 0;
}
/*
-@@ -2608,7 +2613,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp)
+@@ -2843,7 +2848,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp)
int
register_ftrace_function_probe(char *glob, struct ftrace_probe_ops *ops,
struct ftrace_func_probe *entry;
struct ftrace_page *pg;
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
-index f2bd275..adaf3a2 100644
+index c4579f1..6a439da 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
-@@ -4201,10 +4201,9 @@ static const struct file_operations tracing_dyn_info_fops = {
+@@ -4258,10 +4258,9 @@ static const struct file_operations tracing_dyn_info_fops = {
};
#endif
static int once;
if (d_tracer)
-@@ -4224,10 +4223,9 @@ struct dentry *tracing_init_dentry(void)
+@@ -4281,10 +4280,9 @@ struct dentry *tracing_init_dentry(void)
return d_tracer;
}
}
entry = ring_buffer_event_data(event);
diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c
-index 5199930..26c73a0 100644
+index d9c07f0..c1eeceb 100644
--- a/kernel/trace/trace_output.c
+++ b/kernel/trace/trace_output.c
@@ -278,7 +278,7 @@ int trace_seq_path(struct trace_seq *s, struct path *path)
s->len = p - s->buffer;
return 1;
diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c
-index 77575b3..6e623d1 100644
+index d4545f4..a9010a1 100644
--- a/kernel/trace/trace_stack.c
+++ b/kernel/trace/trace_stack.c
-@@ -50,7 +50,7 @@ static inline void check_stack(void)
+@@ -53,7 +53,7 @@ static inline void check_stack(void)
return;
/* we do not handle interrupt stacks yet */
put_task_struct(tsk);
}
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
-index 82928f5..92da771 100644
+index 8745ac7..d144e37 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -1103,6 +1103,7 @@ config LATENCYTOP
}
EXPORT_SYMBOL(bitmap_parselist_user);
diff --git a/lib/bug.c b/lib/bug.c
-index 1955209..cbbb2ad 100644
+index a28c141..2bd3d95 100644
--- a/lib/bug.c
+++ b/lib/bug.c
@@ -133,6 +133,8 @@ enum bug_trap_type report_bug(unsigned long bugaddr, struct pt_regs *regs)
file = NULL;
line = 0;
diff --git a/lib/debugobjects.c b/lib/debugobjects.c
-index a78b7c6..2c73084 100644
+index 0ab9ae8..f01ceca 100644
--- a/lib/debugobjects.c
+++ b/lib/debugobjects.c
-@@ -284,7 +284,7 @@ static void debug_object_is_on_stack(void *addr, int onstack)
+@@ -288,7 +288,7 @@ static void debug_object_is_on_stack(void *addr, int onstack)
if (limit > 4)
return;
return;
diff --git a/lib/devres.c b/lib/devres.c
-index 7c0e953..f642b5c 100644
+index 9676617..5149e15 100644
--- a/lib/devres.c
+++ b/lib/devres.c
@@ -80,7 +80,7 @@ EXPORT_SYMBOL(devm_ioremap_nocache);
iounmap(addr);
}
EXPORT_SYMBOL(devm_iounmap);
-@@ -141,7 +141,7 @@ void devm_ioport_unmap(struct device *dev, void __iomem *addr)
+@@ -192,7 +192,7 @@ void devm_ioport_unmap(struct device *dev, void __iomem *addr)
{
ioport_unmap(addr);
WARN_ON(devres_destroy(dev, devm_ioport_map_release,
#define free(a) kfree(a)
#endif
+diff --git a/lib/ioremap.c b/lib/ioremap.c
+index da4e2ad..6373b5f 100644
+--- a/lib/ioremap.c
++++ b/lib/ioremap.c
+@@ -38,7 +38,7 @@ static inline int ioremap_pmd_range(pud_t *pud, unsigned long addr,
+ unsigned long next;
+
+ phys_addr -= addr;
+- pmd = pmd_alloc(&init_mm, pud, addr);
++ pmd = pmd_alloc_kernel(&init_mm, pud, addr);
+ if (!pmd)
+ return -ENOMEM;
+ do {
+@@ -56,7 +56,7 @@ static inline int ioremap_pud_range(pgd_t *pgd, unsigned long addr,
+ unsigned long next;
+
+ phys_addr -= addr;
+- pud = pud_alloc(&init_mm, pgd, addr);
++ pud = pud_alloc_kernel(&init_mm, pgd, addr);
+ if (!pud)
+ return -ENOMEM;
+ do {
diff --git a/lib/is_single_threaded.c b/lib/is_single_threaded.c
index bd2bea9..6b3c95e 100644
--- a/lib/is_single_threaded.c
if (atomic_read(&task->signal->live) != 1)
return false;
-diff --git a/lib/kref.c b/lib/kref.c
-index 3efb882..8492f4c 100644
---- a/lib/kref.c
-+++ b/lib/kref.c
-@@ -52,7 +52,7 @@ void kref_get(struct kref *kref)
- */
- int kref_put(struct kref *kref, void (*release)(struct kref *kref))
- {
-- WARN_ON(release == NULL);
-+ BUG_ON(release == NULL);
- WARN_ON(release == (void (*)(struct kref *))kfree);
-
- if (atomic_dec_and_test(&kref->refcount)) {
diff --git a/lib/radix-tree.c b/lib/radix-tree.c
-index d9df745..e73c2fe 100644
+index dc63d08..95ae14a 100644
--- a/lib/radix-tree.c
+++ b/lib/radix-tree.c
-@@ -80,7 +80,7 @@ struct radix_tree_preload {
+@@ -78,7 +78,7 @@ struct radix_tree_preload {
int nr;
struct radix_tree_node *nodes[RADIX_TREE_MAX_PATH];
};
static inline void *ptr_to_indirect(void *ptr)
{
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
-index 993599e..f1dbc14 100644
+index 38e612e..4fb99a8 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -16,6 +16,9 @@
sprint_symbol(sym, value);
else
kallsyms_lookup(value, NULL, NULL, NULL, sym);
-@@ -777,7 +780,11 @@ char *uuid_string(char *buf, char *end, const u8 *addr,
- return string(buf, end, uuid, spec);
+@@ -789,7 +792,11 @@ char *netdev_feature_string(char *buf, char *end, const u8 *addr,
+ return number(buf, end, *(const netdev_features_t *)addr, spec);
}
+#ifdef CONFIG_GRKERNSEC_HIDESYM
/*
* Show a '%p' thing. A kernel extension is that the '%p' is followed
-@@ -791,6 +798,8 @@ int kptr_restrict __read_mostly;
+@@ -803,6 +810,8 @@ int kptr_restrict __read_mostly;
* - 'S' For symbolic direct pointers with offset
* - 's' For symbolic direct pointers without offset
* - 'B' For backtraced symbolic direct pointers with offset
* - 'R' For decoded struct resource, e.g., [mem 0x0-0x1f 64bit pref]
* - 'r' For raw struct resource, e.g., [mem 0x0-0x1f flags 0x201]
* - 'M' For a 6-byte MAC address, it prints the address in the
-@@ -835,12 +844,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
+@@ -848,12 +857,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
{
if (!ptr && *fmt != 'K') {
/*
}
switch (*fmt) {
-@@ -850,6 +859,13 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
+@@ -863,6 +872,13 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
/* Fallthrough */
case 'S':
case 's':
case 'B':
return symbol_string(buf, end, ptr, spec, *fmt);
case 'R':
-@@ -878,9 +894,15 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
- case 'U':
- return uuid_string(buf, end, ptr, spec, fmt);
- case 'V':
-- return buf + vsnprintf(buf, end > buf ? end - buf : 0,
-- ((struct va_format *)ptr)->fmt,
-- *(((struct va_format *)ptr)->va));
-+ {
-+ va_list va;
-+
-+ va_copy(va, *((struct va_format *)ptr)->va);
-+ buf += vsnprintf(buf, end > buf ? end - buf : 0,
-+ ((struct va_format *)ptr)->fmt, va);
-+ va_end(va);
-+ return buf;
-+ }
- case 'K':
- /*
- * %pK cannot be used in IRQ context because its test
-@@ -1608,11 +1630,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
+@@ -1633,11 +1649,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
typeof(type) value; \
if (sizeof(type) == 8) { \
args = PTR_ALIGN(args, sizeof(u32)); \
} \
args += sizeof(type); \
value; \
-@@ -1675,7 +1697,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
+@@ -1700,7 +1716,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
case FORMAT_TYPE_STR: {
const char *str_arg = args;
args += strlen(str_arg) + 1;
@@ -0,0 +1 @@
+-grsec
diff --git a/mm/Kconfig b/mm/Kconfig
-index 011b110..b492af2 100644
+index e338407..49b5b7a 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
-@@ -241,10 +241,10 @@ config KSM
+@@ -247,10 +247,10 @@ config KSM
root has set /sys/kernel/mm/ksm/run to 1 (if CONFIG_SYSFS is set).
config DEFAULT_MMAP_MIN_ADDR
from userspace allocation. Keeping a user from writing to low pages
can help reduce the impact of kernel NULL pointer bugs.
diff --git a/mm/filemap.c b/mm/filemap.c
-index 03c5b0e..a01e793 100644
+index b662757..3081ddd 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -1770,7 +1770,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
set_page_address(page, (void *)vaddr);
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
-index 8f005e9..1cb1036 100644
+index 8f7fc39..69bf1e9 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
-@@ -704,7 +704,7 @@ out:
+@@ -733,7 +733,7 @@ out:
* run pte_offset_map on the pmd, if an huge pmd could
* materialize from under us from a different thread.
*/
/* if an huge pmd materialized from under us just retry later */
if (unlikely(pmd_trans_huge(*pmd)))
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index 2316840..b418671 100644
+index 24b1787..e0fbc01 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
-@@ -2347,6 +2347,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2425,6 +2425,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
return 1;
}
+
/*
* Hugetlb_cow() should be called with page lock of the original hugepage held.
- */
-@@ -2450,6 +2471,11 @@ retry_avoidcopy:
+ * Called with hugetlb_instantiation_mutex held and pte_page locked so we
+@@ -2538,6 +2559,11 @@ retry_avoidcopy:
make_huge_pte(vma, new_page, 1));
page_remove_rmap(old_page);
hugepage_add_new_anon_rmap(new_page, vma, address);
/* Make the old page be freed below */
new_page = old_page;
mmu_notifier_invalidate_range_end(mm,
-@@ -2601,6 +2627,10 @@ retry:
+@@ -2692,6 +2718,10 @@ retry:
&& (vma->vm_flags & VM_SHARED)));
set_huge_pte_at(mm, address, ptep, new_pte);
if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
/* Optimization, do the COW without a second fault */
ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page);
-@@ -2630,6 +2660,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2721,6 +2751,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
static DEFINE_MUTEX(hugetlb_instantiation_mutex);
struct hstate *h = hstate_vma(vma);
+ struct vm_area_struct *vma_m;
+#endif
+
+ address &= huge_page_mask(h);
+
ptep = huge_pte_offset(mm, address);
- if (ptep) {
- entry = huge_ptep_get(ptep);
-@@ -2641,6 +2675,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2734,6 +2768,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
VM_FAULT_SET_HINDEX(h - hstates);
}
#ifdef CONFIG_MEMORY_FAILURE
extern bool is_free_buddy_page(struct page *page);
diff --git a/mm/kmemleak.c b/mm/kmemleak.c
-index f3b2a00..61da94d 100644
+index 45eb621..6ccd8ea 100644
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
-@@ -357,7 +357,7 @@ static void print_unreferenced(struct seq_file *seq,
+@@ -363,7 +363,7 @@ static void print_unreferenced(struct seq_file *seq,
for (i = 0; i < object->trace_len; i++) {
void *ptr = (void *)object->trace[i];
if (end == start)
goto out;
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
-index 06d3479..0778eef 100644
+index 56080ea..115071e 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
/* keep elevated page count for bad page */
return ret;
diff --git a/mm/memory.c b/mm/memory.c
-index 829d437..3d3926a 100644
+index 10b4dda..06857f3 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -457,8 +457,12 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
}
/*
-@@ -1566,12 +1573,6 @@ no_page_table:
+@@ -1593,12 +1600,6 @@ no_page_table:
return page;
}
/**
* __get_user_pages() - pin user pages in memory
* @tsk: task_struct of target task
-@@ -1644,10 +1645,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1671,10 +1672,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
(VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE);
i = 0;
if (!vma && in_gate_area(mm, start)) {
unsigned long pg = start & PAGE_MASK;
pgd_t *pgd;
-@@ -1695,7 +1696,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1722,7 +1723,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
goto next_page;
}
(vma->vm_flags & (VM_IO | VM_PFNMAP)) ||
!(vm_flags & vma->vm_flags))
return i ? : -EFAULT;
-@@ -1722,11 +1723,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1749,11 +1750,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
int ret;
unsigned int fault_flags = 0;
if (foll_flags & FOLL_WRITE)
fault_flags |= FAULT_FLAG_WRITE;
if (nonblocking)
-@@ -1800,7 +1796,7 @@ next_page:
+@@ -1827,7 +1823,7 @@ next_page:
start += PAGE_SIZE;
nr_pages--;
} while (nr_pages && start < vma->vm_end);
return i;
}
EXPORT_SYMBOL(__get_user_pages);
-@@ -2007,6 +2003,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -2034,6 +2030,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
page_add_file_rmap(page);
set_pte_at(mm, addr, pte, mk_pte(page, prot));
retval = 0;
pte_unmap_unlock(pte, ptl);
return retval;
-@@ -2041,10 +2041,22 @@ out:
+@@ -2068,10 +2068,22 @@ out:
int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
struct page *page)
{
vma->vm_flags |= VM_INSERTPAGE;
return insert_page(vma, addr, page, vma->vm_page_prot);
}
-@@ -2130,6 +2142,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
+@@ -2157,6 +2169,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
unsigned long pfn)
{
BUG_ON(!(vma->vm_flags & VM_MIXEDMAP));
if (addr < vma->vm_start || addr >= vma->vm_end)
return -EFAULT;
-@@ -2445,6 +2458,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
+@@ -2364,7 +2377,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
+
+ BUG_ON(pud_huge(*pud));
+
+- pmd = pmd_alloc(mm, pud, addr);
++ pmd = (mm == &init_mm) ?
++ pmd_alloc_kernel(mm, pud, addr) :
++ pmd_alloc(mm, pud, addr);
+ if (!pmd)
+ return -ENOMEM;
+ do {
+@@ -2384,7 +2399,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
+ unsigned long next;
+ int err;
+
+- pud = pud_alloc(mm, pgd, addr);
++ pud = (mm == &init_mm) ?
++ pud_alloc_kernel(mm, pgd, addr) :
++ pud_alloc(mm, pgd, addr);
+ if (!pud)
+ return -ENOMEM;
+ do {
+@@ -2472,6 +2489,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
copy_user_highpage(dst, src, va, vma);
}
/*
* This routine handles present pages, when users try to write
* to a shared page. It is done by copying the page to a new address
-@@ -2656,6 +2849,12 @@ gotten:
+@@ -2683,6 +2880,12 @@ gotten:
*/
page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
if (likely(pte_same(*page_table, orig_pte))) {
if (old_page) {
if (!PageAnon(old_page)) {
dec_mm_counter_fast(mm, MM_FILEPAGES);
-@@ -2707,6 +2906,10 @@ gotten:
+@@ -2734,6 +2937,10 @@ gotten:
page_remove_rmap(old_page);
}
/* Free the old page.. */
new_page = old_page;
ret |= VM_FAULT_WRITE;
-@@ -2986,6 +3189,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3013,6 +3220,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
swap_free(entry);
if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
try_to_free_swap(page);
unlock_page(page);
if (swapcache) {
/*
-@@ -3009,6 +3217,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3036,6 +3248,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
unlock:
pte_unmap_unlock(page_table, ptl);
out:
-@@ -3028,40 +3241,6 @@ out_release:
+@@ -3055,40 +3272,6 @@ out_release:
}
/*
* We enter with non-exclusive mmap_sem (to exclude vma changes,
* but allow concurrent faults), and pte mapped but not yet locked.
* We return with mmap_sem still held, but pte unmapped and unlocked.
-@@ -3070,27 +3249,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3097,27 +3280,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long address, pte_t *page_table, pmd_t *pmd,
unsigned int flags)
{
if (unlikely(anon_vma_prepare(vma)))
goto oom;
page = alloc_zeroed_user_highpage_movable(vma, address);
-@@ -3109,6 +3284,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3136,6 +3315,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
if (!pte_none(*page_table))
goto release;
inc_mm_counter_fast(mm, MM_ANONPAGES);
page_add_new_anon_rmap(page, vma, address);
setpte:
-@@ -3116,6 +3296,12 @@ setpte:
+@@ -3143,6 +3327,12 @@ setpte:
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
unlock:
pte_unmap_unlock(page_table, ptl);
return 0;
-@@ -3259,6 +3445,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3286,6 +3476,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
*/
/* Only go through if we didn't race with anybody else... */
if (likely(pte_same(*page_table, orig_pte))) {
flush_icache_page(vma, page);
entry = mk_pte(page, vma->vm_page_prot);
if (flags & FAULT_FLAG_WRITE)
-@@ -3278,6 +3470,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3305,6 +3501,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
/* no need to invalidate: a not-present page won't be cached */
update_mmu_cache(vma, address, page_table);
} else {
if (cow_page)
mem_cgroup_uncharge_page(cow_page);
-@@ -3431,6 +3631,12 @@ int handle_pte_fault(struct mm_struct *mm,
+@@ -3458,6 +3662,12 @@ int handle_pte_fault(struct mm_struct *mm,
if (flags & FAULT_FLAG_WRITE)
flush_tlb_fix_spurious_fault(vma, address);
}
unlock:
pte_unmap_unlock(pte, ptl);
return 0;
-@@ -3447,6 +3653,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3474,6 +3684,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
pmd_t *pmd;
pte_t *pte;
__set_current_state(TASK_RUNNING);
count_vm_event(PGFAULT);
-@@ -3458,6 +3668,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3485,6 +3699,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
if (unlikely(is_vm_hugetlb_page(vma)))
return hugetlb_fault(mm, vma, address, flags);
pgd = pgd_offset(mm, address);
pud = pud_alloc(mm, pgd, address);
if (!pud)
-@@ -3487,7 +3725,7 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3514,7 +3756,7 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
* run pte_offset_map on the pmd, if an huge pmd could
* materialize from under us from a different thread.
*/
return VM_FAULT_OOM;
/* if an huge pmd materialized from under us just retry later */
if (unlikely(pmd_trans_huge(*pmd)))
-@@ -3591,7 +3829,7 @@ static int __init gate_vma_init(void)
+@@ -3551,6 +3793,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
+ spin_unlock(&mm->page_table_lock);
+ return 0;
+ }
++
++int __pud_alloc_kernel(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
++{
++ pud_t *new = pud_alloc_one(mm, address);
++ if (!new)
++ return -ENOMEM;
++
++ smp_wmb(); /* See comment in __pte_alloc */
++
++ spin_lock(&mm->page_table_lock);
++ if (pgd_present(*pgd)) /* Another has populated it */
++ pud_free(mm, new);
++ else
++ pgd_populate_kernel(mm, pgd, new);
++ spin_unlock(&mm->page_table_lock);
++ return 0;
++}
+ #endif /* __PAGETABLE_PUD_FOLDED */
+
+ #ifndef __PAGETABLE_PMD_FOLDED
+@@ -3581,6 +3840,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
+ spin_unlock(&mm->page_table_lock);
+ return 0;
+ }
++
++int __pmd_alloc_kernel(struct mm_struct *mm, pud_t *pud, unsigned long address)
++{
++ pmd_t *new = pmd_alloc_one(mm, address);
++ if (!new)
++ return -ENOMEM;
++
++ smp_wmb(); /* See comment in __pte_alloc */
++
++ spin_lock(&mm->page_table_lock);
++#ifndef __ARCH_HAS_4LEVEL_HACK
++ if (pud_present(*pud)) /* Another has populated it */
++ pmd_free(mm, new);
++ else
++ pud_populate_kernel(mm, pud, new);
++#else
++ if (pgd_present(*pud)) /* Another has populated it */
++ pmd_free(mm, new);
++ else
++ pgd_populate_kernel(mm, pud, new);
++#endif /* __ARCH_HAS_4LEVEL_HACK */
++ spin_unlock(&mm->page_table_lock);
++ return 0;
++}
+ #endif /* __PAGETABLE_PMD_FOLDED */
+
+ int make_pages_present(unsigned long addr, unsigned long end)
+@@ -3618,7 +3901,7 @@ static int __init gate_vma_init(void)
gate_vma.vm_start = FIXADDR_USER_START;
gate_vma.vm_end = FIXADDR_USER_END;
gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
* Make sure the vDSO gets into every core dump.
* Dumping its contents makes post-mortem fully interpretable later
diff --git a/mm/mempolicy.c b/mm/mempolicy.c
-index c3fdbcb..2e8ef90 100644
+index 0a37570..2048346 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -640,6 +640,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
+ struct vm_area_struct *vma_m;
+#endif
+
- vma = find_vma_prev(mm, start, &prev);
+ vma = find_vma(mm, start);
if (!vma || vma->vm_start > start)
return -EFAULT;
-@@ -678,6 +682,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
+@@ -679,6 +683,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
err = policy_vma(vma, new_pol);
if (err)
goto out;
}
out:
-@@ -1111,6 +1125,17 @@ static long do_mbind(unsigned long start, unsigned long len,
+@@ -1112,6 +1126,17 @@ static long do_mbind(unsigned long start, unsigned long len,
if (end < start)
return -EINVAL;
if (end == start)
return 0;
-@@ -1329,6 +1354,14 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
+@@ -1330,6 +1355,14 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
if (!mm)
goto out;
/*
* Check if this process has the right to modify the specified
* process. The right exists if the process has administrative
-@@ -1338,8 +1371,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
+@@ -1339,8 +1372,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
rcu_read_lock();
tcred = __task_cred(task);
if (cred->euid != tcred->suid && cred->euid != tcred->uid &&
err = -EPERM;
goto out;
diff --git a/mm/migrate.c b/mm/migrate.c
-index 177aca4..ab3a744 100644
+index 1503b6b..156c672 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
-@@ -1313,6 +1313,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
+@@ -1370,6 +1370,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
if (!mm)
return -EINVAL;
/*
* Check if this process has the right to modify the specified
* process. The right exists if the process has administrative
-@@ -1322,8 +1330,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
+@@ -1379,8 +1387,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
rcu_read_lock();
tcred = __task_cred(task);
if (cred->euid != tcred->suid && cred->euid != tcred->uid &&
err = -EPERM;
goto out;
diff --git a/mm/mlock.c b/mm/mlock.c
-index 4f4f53b..9511904 100644
+index ef726e8..13e0901 100644
--- a/mm/mlock.c
+++ b/mm/mlock.c
@@ -13,6 +13,7 @@
+ if (end > TASK_SIZE)
+ return -EINVAL;
+
- vma = find_vma_prev(current->mm, start, &prev);
+ vma = find_vma(current->mm, start);
if (!vma || vma->vm_start > start)
return -ENOMEM;
-@@ -395,6 +399,11 @@ static int do_mlock(unsigned long start, size_t len, int on)
+@@ -396,6 +400,11 @@ static int do_mlock(unsigned long start, size_t len, int on)
for (nstart = start ; ; ) {
vm_flags_t newflags;
/* Here we know that vma->vm_start <= nstart < vma->vm_end. */
newflags = vma->vm_flags | VM_LOCKED;
-@@ -500,6 +509,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len)
+@@ -501,6 +510,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len)
lock_limit >>= PAGE_SHIFT;
/* check against resource limits */
if ((locked <= lock_limit) || capable(CAP_IPC_LOCK))
error = do_mlock(start, len, 1);
up_write(¤t->mm->mmap_sem);
-@@ -523,17 +533,23 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len)
+@@ -524,17 +534,23 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len)
static int do_mlockall(int flags)
{
struct vm_area_struct * vma, * prev = NULL;
newflags = vma->vm_flags | VM_LOCKED;
if (!(flags & MCL_CURRENT))
newflags &= ~VM_LOCKED;
-@@ -566,6 +582,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
+@@ -567,6 +583,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
lock_limit >>= PAGE_SHIFT;
ret = -ENOMEM;
capable(CAP_IPC_LOCK))
ret = do_mlockall(flags);
diff --git a/mm/mmap.c b/mm/mmap.c
-index eae90af..c930262 100644
+index da15a79..314aef3 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -46,6 +46,16 @@
vma->vm_mm = mm;
vma->vm_start = addr;
vma->vm_end = addr + len;
-@@ -1266,8 +1397,9 @@ munmap_back:
- vma->vm_pgoff = pgoff;
- INIT_LIST_HEAD(&vma->anon_vma_chain);
-
-+ error = -EINVAL; /* when rejecting VM_GROWSDOWN|VM_GROWSUP */
-+
- if (file) {
-- error = -EINVAL;
- if (vm_flags & (VM_GROWSDOWN|VM_GROWSUP))
- goto free_vma;
- if (vm_flags & VM_DENYWRITE) {
-@@ -1281,6 +1413,19 @@ munmap_back:
+@@ -1282,6 +1413,19 @@ munmap_back:
error = file->f_op->mmap(file, vma);
if (error)
goto unmap_and_free_vma;
if (vm_flags & VM_EXECUTABLE)
added_exe_file_vma(mm);
-@@ -1293,6 +1438,8 @@ munmap_back:
- pgoff = vma->vm_pgoff;
- vm_flags = vma->vm_flags;
- } else if (vm_flags & VM_SHARED) {
-+ if (unlikely(vm_flags & (VM_GROWSDOWN|VM_GROWSUP)))
-+ goto free_vma;
- error = shmem_zero_setup(vma);
- if (error)
- goto free_vma;
-@@ -1316,6 +1463,11 @@ munmap_back:
+@@ -1319,6 +1463,11 @@ munmap_back:
vma_link(mm, vma, prev, rb_link, rb_parent);
file = vma->vm_file;
/* Once vma denies write, undo our temporary denial count */
if (correct_wcount)
atomic_inc(&inode->i_writecount);
-@@ -1324,6 +1476,7 @@ out:
+@@ -1327,6 +1476,7 @@ out:
mm->total_vm += len >> PAGE_SHIFT;
vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
if (vm_flags & VM_LOCKED) {
if (!mlock_vma_pages_range(vma, addr, addr + len))
mm->locked_vm += (len >> PAGE_SHIFT);
-@@ -1341,6 +1494,12 @@ unmap_and_free_vma:
+@@ -1344,6 +1494,12 @@ unmap_and_free_vma:
unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
charged = 0;
free_vma:
kmem_cache_free(vm_area_cachep, vma);
unacct_error:
if (charged)
-@@ -1348,6 +1507,44 @@ unacct_error:
+@@ -1351,6 +1507,44 @@ unacct_error:
return error;
}
/* Get an address range which is currently unmapped.
* For shmat() with addr=0.
*
-@@ -1374,18 +1571,23 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -1377,18 +1571,23 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
if (flags & MAP_FIXED)
return addr;
}
full_search:
-@@ -1396,34 +1598,40 @@ full_search:
+@@ -1399,34 +1598,40 @@ full_search:
* Start a new search - just in case we missed
* some holes.
*/
mm->free_area_cache = addr;
mm->cached_hole_size = ~0UL;
}
-@@ -1441,7 +1649,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1444,7 +1649,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
{
struct vm_area_struct *vma;
struct mm_struct *mm = current->mm;
/* requested length too big for entire address space */
if (len > TASK_SIZE)
-@@ -1450,13 +1658,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1453,13 +1658,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
if (flags & MAP_FIXED)
return addr;
}
/* check if free_area_cache is useful for us */
-@@ -1471,7 +1684,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1474,7 +1684,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
/* make sure it can fit in the remaining address space */
if (addr > len) {
vma = find_vma(mm, addr-len);
/* remember the address as a hint for next time */
return (mm->free_area_cache = addr-len);
}
-@@ -1488,7 +1701,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1491,7 +1701,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
* return with success:
*/
vma = find_vma(mm, addr);
/* remember the address as a hint for next time */
return (mm->free_area_cache = addr);
-@@ -1497,8 +1710,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1500,8 +1710,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
mm->cached_hole_size = vma->vm_start - addr;
/* try just below the current vma->vm_start */
bottomup:
/*
-@@ -1507,13 +1720,21 @@ bottomup:
+@@ -1510,13 +1720,21 @@ bottomup:
* can happen with large stack limits and large mmap()
* allocations.
*/
mm->cached_hole_size = ~0UL;
return addr;
-@@ -1522,6 +1743,12 @@ bottomup:
+@@ -1525,6 +1743,12 @@ bottomup:
void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
{
/*
* Is this a new hole at the highest possible address?
*/
-@@ -1529,8 +1756,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
+@@ -1532,8 +1756,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
mm->free_area_cache = addr;
/* dont allow allocations above current base */
}
unsigned long
-@@ -1603,40 +1832,50 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr)
-
- EXPORT_SYMBOL(find_vma);
+@@ -1629,6 +1855,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr,
+ return vma;
+ }
--/* Same as find_vma, but also return a pointer to the previous VMA in *pprev. */
-+/*
-+ * Same as find_vma, but also return a pointer to the previous VMA in *pprev.
-+ */
- struct vm_area_struct *
- find_vma_prev(struct mm_struct *mm, unsigned long addr,
- struct vm_area_struct **pprev)
- {
-- struct vm_area_struct *vma = NULL, *prev = NULL;
-- struct rb_node *rb_node;
-- if (!mm)
-- goto out;
--
-- /* Guard against addr being lower than the first VMA */
-- vma = mm->mmap;
--
-- /* Go through the RB tree quickly. */
-- rb_node = mm->mm_rb.rb_node;
--
-- while (rb_node) {
-- struct vm_area_struct *vma_tmp;
-- vma_tmp = rb_entry(rb_node, struct vm_area_struct, vm_rb);
--
-- if (addr < vma_tmp->vm_end) {
-- rb_node = rb_node->rb_left;
-- } else {
-- prev = vma_tmp;
-- if (!prev->vm_next || (addr < prev->vm_next->vm_end))
-- break;
-+ struct vm_area_struct *vma;
-+
-+ vma = find_vma(mm, addr);
-+ if (vma) {
-+ *pprev = vma->vm_prev;
-+ } else {
-+ struct rb_node *rb_node = mm->mm_rb.rb_node;
-+ *pprev = NULL;
-+ while (rb_node) {
-+ *pprev = rb_entry(rb_node, struct vm_area_struct, vm_rb);
- rb_node = rb_node->rb_right;
- }
- }
-+ return vma;
-+}
-+
+#ifdef CONFIG_PAX_SEGMEXEC
+struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma)
+{
+ struct vm_area_struct *vma_m;
-
--out:
-- *pprev = prev;
-- return prev ? prev->vm_next : vma;
++
+ BUG_ON(!vma || vma->vm_start >= vma->vm_end);
+ if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC)) {
+ BUG_ON(vma->vm_mirror);
+ BUG_ON(vma->anon_vma != vma_m->anon_vma && vma->anon_vma->root != vma_m->anon_vma->root);
+ BUG_ON((vma->vm_flags ^ vma_m->vm_flags) & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED | VM_RESERVED));
+ return vma_m;
- }
++}
+#endif
-
++
/*
* Verify that the stack growth is acceptable and
-@@ -1654,6 +1893,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+ * update accounting. This is shared with both the
+@@ -1645,6 +1893,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
return -ENOMEM;
/* Stack limit test */
if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur))
return -ENOMEM;
-@@ -1664,6 +1904,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -1655,6 +1904,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
locked = mm->locked_vm + grow;
limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur);
limit >>= PAGE_SHIFT;
if (locked > limit && !capable(CAP_IPC_LOCK))
return -ENOMEM;
}
-@@ -1694,37 +1935,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -1685,37 +1935,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
* PA-RISC uses this for its stack; IA64 for its Register Backing Store.
* vma is the last one with address > vma->vm_end. Have to extend vma.
*/
unsigned long size, grow;
size = address - vma->vm_start;
-@@ -1739,6 +1991,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
+@@ -1730,6 +1991,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
}
}
}
vma_unlock_anon_vma(vma);
khugepaged_enter_vma_merge(vma);
return error;
-@@ -1752,6 +2006,8 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -1743,6 +2006,8 @@ int expand_downwards(struct vm_area_struct *vma,
unsigned long address)
{
int error;
/*
* We must make sure the anon_vma is allocated
-@@ -1765,6 +2021,15 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -1756,6 +2021,15 @@ int expand_downwards(struct vm_area_struct *vma,
if (error)
return error;
vma_lock_anon_vma(vma);
/*
-@@ -1774,9 +2039,17 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -1765,9 +2039,17 @@ int expand_downwards(struct vm_area_struct *vma,
*/
/* Somebody else might have raced and expanded it already */
size = vma->vm_end - address;
grow = (vma->vm_start - address) >> PAGE_SHIFT;
-@@ -1786,11 +2059,22 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -1777,11 +2059,22 @@ int expand_downwards(struct vm_area_struct *vma,
if (!error) {
vma->vm_start = address;
vma->vm_pgoff -= grow;
khugepaged_enter_vma_merge(vma);
return error;
}
-@@ -1860,6 +2144,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -1851,6 +2144,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
do {
long nrpages = vma_pages(vma);
mm->total_vm -= nrpages;
vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
vma = remove_vma(vma);
-@@ -1905,6 +2196,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -1896,6 +2196,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
insertion_point = (prev ? &prev->vm_next : &mm->mmap);
vma->vm_prev = NULL;
do {
rb_erase(&vma->vm_rb, &mm->mm_rb);
mm->map_count--;
tail_vma = vma;
-@@ -1933,14 +2234,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -1924,14 +2234,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
struct vm_area_struct *new;
int err = -ENOMEM;
/* most fields are the same, copy all, and then fixup */
*new = *vma;
-@@ -1953,6 +2273,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -1944,6 +2273,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
}
pol = mpol_dup(vma_policy(vma));
if (IS_ERR(pol)) {
err = PTR_ERR(pol);
-@@ -1978,6 +2314,42 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -1969,6 +2314,42 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
else
err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
/* Success. */
if (!err)
return 0;
-@@ -1990,10 +2362,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -1981,10 +2362,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
removed_exe_file_vma(mm);
fput(new->vm_file);
}
kmem_cache_free(vm_area_cachep, new);
out_err:
return err;
-@@ -2006,6 +2386,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -1997,6 +2386,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long addr, int new_below)
{
if (mm->map_count >= sysctl_max_map_count)
return -ENOMEM;
-@@ -2017,11 +2406,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2008,11 +2406,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
* work. This now handles partial unmappings.
* Jeremy Fitzhardinge <jeremy@goop.org>
*/
if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
return -EINVAL;
-@@ -2096,6 +2504,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
+@@ -2087,6 +2504,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
/* Fix up all other VM information */
remove_vma_list(mm, vma);
return 0;
}
-@@ -2108,22 +2518,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
+@@ -2099,22 +2518,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
profile_munmap(addr);
/*
* this is really a simplified "do_mmap". it only handles
* anonymous maps. eventually we may be able to do some
-@@ -2137,6 +2543,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2128,6 +2543,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
struct rb_node ** rb_link, * rb_parent;
pgoff_t pgoff = addr >> PAGE_SHIFT;
int error;
len = PAGE_ALIGN(len);
if (!len)
-@@ -2148,16 +2555,30 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2139,16 +2555,30 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
locked += mm->locked_vm;
lock_limit = rlimit(RLIMIT_MEMLOCK);
lock_limit >>= PAGE_SHIFT;
-@@ -2174,22 +2595,22 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2165,22 +2595,22 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
/*
* Clear old maps. this also does some error checking for us
*/
return -ENOMEM;
/* Can we just expand an old private anonymous mapping? */
-@@ -2203,7 +2624,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2194,7 +2624,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
*/
vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
if (!vma) {
return -ENOMEM;
}
-@@ -2217,11 +2638,12 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2208,11 +2638,12 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
vma_link(mm, vma, prev, rb_link, rb_parent);
out:
perf_event_mmap(vma);
return addr;
}
-@@ -2268,8 +2690,10 @@ void exit_mmap(struct mm_struct *mm)
+@@ -2259,8 +2690,10 @@ void exit_mmap(struct mm_struct *mm)
* Walk the list again, actually closing and freeing it,
* with preemption enabled, without holding any MM locks.
*/
BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT);
}
-@@ -2283,6 +2707,13 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
+@@ -2274,6 +2707,13 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
struct vm_area_struct * __vma, * prev;
struct rb_node ** rb_link, * rb_parent;
/*
* The vm_pgoff of a purely anonymous vma should be irrelevant
* until its first write fault, when page's anon_vma and index
-@@ -2305,7 +2736,22 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
+@@ -2296,7 +2736,22 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
if ((vma->vm_flags & VM_ACCOUNT) &&
security_vm_enough_memory_mm(mm, vma_pages(vma)))
return -ENOMEM;
return 0;
}
-@@ -2323,6 +2769,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
- struct rb_node **rb_link, *rb_parent;
+@@ -2315,6 +2770,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
struct mempolicy *pol;
+ bool faulted_in_anon_vma = true;
+ BUG_ON(vma->vm_mirror);
+
/*
* If anonymous vma has not yet been faulted, update new pgoff
* to match new location, to increase its chance of merging.
-@@ -2373,6 +2821,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
+@@ -2382,6 +2839,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
return NULL;
}
/*
* Return true if the calling process may expand its vm space by the passed
* number of pages
-@@ -2383,7 +2864,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
- unsigned long lim;
+@@ -2393,6 +2883,12 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT;
--
+
++#ifdef CONFIG_PAX_RANDMMAP
++ if (mm->pax_flags & MF_PAX_RANDMMAP)
++ cur -= mm->brk_gap;
++#endif
++
+ gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1);
if (cur + npages > lim)
return 0;
return 1;
-@@ -2454,6 +2935,22 @@ int install_special_mapping(struct mm_struct *mm,
+@@ -2463,6 +2959,22 @@ int install_special_mapping(struct mm_struct *mm,
vma->vm_start = addr;
vma->vm_end = addr + len;
vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
diff --git a/mm/mprotect.c b/mm/mprotect.c
-index 5a688a2..27e031c 100644
+index f437d05..e3763f6 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -23,10 +23,16 @@
prot |= PROT_EXEC;
vm_flags = calc_vm_prot_bits(prot);
-@@ -287,6 +412,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -288,6 +413,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
if (start > vma->vm_start)
prev = vma;
for (nstart = start ; ; ) {
unsigned long newflags;
-@@ -296,6 +426,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -297,6 +427,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
/* newflags >> 4 shift VM_MAY% in place of VM_% */
if ((newflags & ~(newflags >> 4)) & (VM_READ | VM_WRITE | VM_EXEC)) {
error = -EACCES;
goto out;
}
-@@ -310,6 +448,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -311,6 +449,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
error = mprotect_fixup(vma, &prev, nstart, tmp, newflags);
if (error)
goto out;
if (nstart < prev->vm_end)
diff --git a/mm/mremap.c b/mm/mremap.c
-index d6959cb..18a402a 100644
+index 87bb839..c3bfadb 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -106,6 +106,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd,
set_pte_at(mm, new_addr, new_pte, pte);
}
-@@ -290,6 +296,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr,
+@@ -299,6 +305,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr,
if (is_vm_hugetlb_page(vma))
goto Einval;
/* We can't remap across vm area boundaries */
if (old_len > vma->vm_end - addr)
goto Efault;
-@@ -346,20 +357,25 @@ static unsigned long mremap_to(unsigned long addr,
+@@ -355,20 +366,25 @@ static unsigned long mremap_to(unsigned long addr,
unsigned long ret = -EINVAL;
unsigned long charged = 0;
unsigned long map_flags;
goto out;
ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1);
-@@ -431,6 +447,7 @@ unsigned long do_mremap(unsigned long addr,
+@@ -440,6 +456,7 @@ unsigned long do_mremap(unsigned long addr,
struct vm_area_struct *vma;
unsigned long ret = -EINVAL;
unsigned long charged = 0;
if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE))
goto out;
-@@ -449,6 +466,17 @@ unsigned long do_mremap(unsigned long addr,
+@@ -458,6 +475,17 @@ unsigned long do_mremap(unsigned long addr,
if (!new_len)
goto out;
if (flags & MREMAP_FIXED) {
if (flags & MREMAP_MAYMOVE)
ret = mremap_to(addr, old_len, new_addr, new_len);
-@@ -498,6 +526,7 @@ unsigned long do_mremap(unsigned long addr,
+@@ -507,6 +535,7 @@ unsigned long do_mremap(unsigned long addr,
addr + new_len);
}
ret = addr;
goto out;
}
}
-@@ -524,7 +553,13 @@ unsigned long do_mremap(unsigned long addr,
+@@ -533,7 +562,13 @@ unsigned long do_mremap(unsigned long addr,
ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1);
if (ret)
goto out;
}
out:
if (ret & ~PAGE_MASK)
-diff --git a/mm/nobootmem.c b/mm/nobootmem.c
-index 7fa41b4..6087460 100644
---- a/mm/nobootmem.c
-+++ b/mm/nobootmem.c
-@@ -110,19 +110,30 @@ static void __init __free_pages_memory(unsigned long start, unsigned long end)
- unsigned long __init free_all_memory_core_early(int nodeid)
- {
- int i;
-- u64 start, end;
-+ u64 start, end, startrange, endrange;
- unsigned long count = 0;
-- struct range *range = NULL;
-+ struct range *range = NULL, rangerange = { 0, 0 };
- int nr_range;
-
- nr_range = get_free_all_memory_range(&range, nodeid);
-+ startrange = __pa(range) >> PAGE_SHIFT;
-+ endrange = (__pa(range + nr_range) - 1) >> PAGE_SHIFT;
-
- for (i = 0; i < nr_range; i++) {
- start = range[i].start;
- end = range[i].end;
-+ if (start <= endrange && startrange < end) {
-+ BUG_ON(rangerange.start | rangerange.end);
-+ rangerange = range[i];
-+ continue;
-+ }
- count += end - start;
- __free_pages_memory(start, end);
- }
-+ start = rangerange.start;
-+ end = rangerange.end;
-+ count += end - start;
-+ __free_pages_memory(start, end);
-
- return count;
- }
diff --git a/mm/nommu.c b/mm/nommu.c
index f59e170..34e2a2b 100644
--- a/mm/nommu.c
new->vm_region = region;
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index 485be89..c059ad3 100644
+index a13ded1..b949d15 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
-@@ -341,7 +341,7 @@ out:
+@@ -335,7 +335,7 @@ out:
* This usage means that zero-order pages may not be compound.
*/
{
__free_pages_ok(page, compound_order(page));
}
-@@ -654,6 +654,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
+@@ -692,6 +692,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
int i;
int bad = 0;
+ unsigned long index = 1UL << order;
+#endif
+
- trace_mm_page_free_direct(page, order);
+ trace_mm_page_free(page, order);
kmemcheck_free_shadow(page, order);
-@@ -669,6 +673,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
+@@ -707,6 +711,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
debug_check_no_obj_freed(page_address(page),
PAGE_SIZE << order);
}
arch_free_page(page, order);
kernel_map_pages(page, 1 << order, 0);
-@@ -784,8 +794,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags)
+@@ -830,8 +840,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags)
arch_alloc_page(page, order);
kernel_map_pages(page, 1 << order, 1);
if (order && (gfp_flags & __GFP_COMP))
prep_compound_page(page, order);
-@@ -3357,7 +3369,13 @@ static int pageblock_is_reserved(unsigned long start_pfn, unsigned long end_pfn)
+@@ -3468,7 +3480,13 @@ static int pageblock_is_reserved(unsigned long start_pfn, unsigned long end_pfn)
unsigned long pfn;
for (pfn = start_pfn; pfn < end_pfn; pfn++) {
}
return 0;
diff --git a/mm/percpu.c b/mm/percpu.c
-index 716eb4a..8d10419 100644
+index f47af91..7eeef99 100644
--- a/mm/percpu.c
+++ b/mm/percpu.c
-@@ -121,7 +121,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly;
+@@ -122,7 +122,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly;
static unsigned int pcpu_high_unit_cpu __read_mostly;
/* the address of the first chunk which starts with the kernel static area */
static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */
diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c
-index e920aa3..137702a 100644
+index c20ff48..137702a 100644
--- a/mm/process_vm_access.c
+++ b/mm/process_vm_access.c
@@ -13,6 +13,7 @@
}
if (nr_pages == 0)
-@@ -298,23 +299,23 @@ static ssize_t process_vm_rw_core(pid_t pid, const struct iovec *lvec,
+@@ -298,6 +299,11 @@ static ssize_t process_vm_rw_core(pid_t pid, const struct iovec *lvec,
goto free_proc_pages;
}
-- task_lock(task);
-- if (__ptrace_may_access(task, PTRACE_MODE_ATTACH)) {
-- task_unlock(task);
+ if (gr_handle_ptrace(task, vm_write ? PTRACE_POKETEXT : PTRACE_ATTACH)) {
- rc = -EPERM;
- goto put_task_struct;
- }
-- mm = task->mm;
-
-- if (!mm || (task->flags & PF_KTHREAD)) {
-- task_unlock(task);
-- rc = -EINVAL;
-+ mm = mm_access(task, PTRACE_MODE_ATTACH);
-+ if (!mm || IS_ERR(mm)) {
-+ rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
-+ /*
-+ * Explicitly map EACCES to EPERM as EPERM is a more a
-+ * appropriate error code for process_vw_readv/writev
-+ */
-+ if (rc == -EACCES)
-+ rc = -EPERM;
- goto put_task_struct;
- }
-
-- atomic_inc(&mm->mm_users);
-- task_unlock(task);
--
- for (i = 0; i < riovcnt && iov_l_curr_idx < liovcnt; i++) {
- rc = process_vm_rw_single_vec(
- (unsigned long)rvec[i].iov_base, rvec[i].iov_len,
++ rc = -EPERM;
++ goto put_task_struct;
++ }
++
+ mm = mm_access(task, PTRACE_MODE_ATTACH);
+ if (!mm || IS_ERR(mm)) {
+ rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
diff --git a/mm/rmap.c b/mm/rmap.c
-index a4fd368..e0ffec7 100644
+index c8454e0..b04f3a2 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -152,6 +152,10 @@ int anon_vma_prepare(struct vm_area_struct *vma)
{
struct anon_vma_chain *avc, *pavc;
struct anon_vma *root = NULL;
-@@ -276,7 +313,7 @@ int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src)
+@@ -321,7 +358,7 @@ void anon_vma_moveto_tail(struct vm_area_struct *dst)
* the corresponding VMA in the parent process is attached to.
* Returns 0 on success, non-zero on failure.
*/
struct anon_vma_chain *avc;
struct anon_vma *anon_vma;
diff --git a/mm/shmem.c b/mm/shmem.c
-index 6c253f7..367e20a 100644
+index 269d049..a9d2b50 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -31,7 +31,7 @@
return -ENOMEM;
diff --git a/mm/slab.c b/mm/slab.c
-index 83311c9a..fcf8f86 100644
+index f0bd785..348b96a 100644
--- a/mm/slab.c
+++ b/mm/slab.c
-@@ -151,7 +151,7 @@
+@@ -153,7 +153,7 @@
/* Legal flag mask for kmem_cache_create(). */
#if DEBUG
SLAB_POISON | SLAB_HWCACHE_ALIGN | \
SLAB_CACHE_DMA | \
SLAB_STORE_USER | \
-@@ -159,7 +159,7 @@
+@@ -161,7 +161,7 @@
SLAB_DESTROY_BY_RCU | SLAB_MEM_SPREAD | \
SLAB_DEBUG_OBJECTS | SLAB_NOLEAKTRACE | SLAB_NOTRACK)
#else
SLAB_CACHE_DMA | \
SLAB_RECLAIM_ACCOUNT | SLAB_PANIC | \
SLAB_DESTROY_BY_RCU | SLAB_MEM_SPREAD | \
-@@ -288,7 +288,7 @@ struct kmem_list3 {
+@@ -290,7 +290,7 @@ struct kmem_list3 {
* Need this for bootstrapping a per node allocator.
*/
#define NUM_INIT_LISTS (3 * MAX_NUMNODES)
#define CACHE_CACHE 0
#define SIZE_AC MAX_NUMNODES
#define SIZE_L3 (2 * MAX_NUMNODES)
-@@ -389,10 +389,10 @@ static void kmem_list3_init(struct kmem_list3 *parent)
+@@ -391,10 +391,10 @@ static void kmem_list3_init(struct kmem_list3 *parent)
if ((x)->max_freeable < i) \
(x)->max_freeable = i; \
} while (0)
#else
#define STATS_INC_ACTIVE(x) do { } while (0)
#define STATS_DEC_ACTIVE(x) do { } while (0)
-@@ -538,7 +538,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct slab *slab,
+@@ -542,7 +542,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct slab *slab,
* reciprocal_divide(offset, cache->reciprocal_buffer_size)
*/
static inline unsigned int obj_to_index(const struct kmem_cache *cache,
{
u32 offset = (obj - slab->s_mem);
return reciprocal_divide(offset, cache->reciprocal_buffer_size);
-@@ -564,7 +564,7 @@ struct cache_names {
+@@ -568,7 +568,7 @@ struct cache_names {
static struct cache_names __initdata cache_names[] = {
#define CACHE(x) { .name = "size-" #x, .name_dma = "size-" #x "(DMA)" },
#include <linux/kmalloc_sizes.h>
#undef CACHE
};
-@@ -1572,7 +1572,7 @@ void __init kmem_cache_init(void)
+@@ -1588,7 +1588,7 @@ void __init kmem_cache_init(void)
sizes[INDEX_AC].cs_cachep = kmem_cache_create(names[INDEX_AC].name,
sizes[INDEX_AC].cs_size,
ARCH_KMALLOC_MINALIGN,
NULL);
if (INDEX_AC != INDEX_L3) {
-@@ -1580,7 +1580,7 @@ void __init kmem_cache_init(void)
+@@ -1596,7 +1596,7 @@ void __init kmem_cache_init(void)
kmem_cache_create(names[INDEX_L3].name,
sizes[INDEX_L3].cs_size,
ARCH_KMALLOC_MINALIGN,
NULL);
}
-@@ -1598,7 +1598,7 @@ void __init kmem_cache_init(void)
+@@ -1614,7 +1614,7 @@ void __init kmem_cache_init(void)
sizes->cs_cachep = kmem_cache_create(names->name,
sizes->cs_size,
ARCH_KMALLOC_MINALIGN,
NULL);
}
#ifdef CONFIG_ZONE_DMA
-@@ -4322,10 +4322,10 @@ static int s_show(struct seq_file *m, void *p)
+@@ -4339,10 +4339,10 @@ static int s_show(struct seq_file *m, void *p)
}
/* cpu stats */
{
seq_printf(m, " : cpustat %6lu %6lu %6lu %6lu",
allochit, allocmiss, freehit, freemiss);
-@@ -4584,13 +4584,62 @@ static int __init slab_proc_init(void)
+@@ -4601,13 +4601,62 @@ static int __init slab_proc_init(void)
{
proc_create("slabinfo",S_IWUSR|S_IRUSR,NULL,&proc_slabinfo_operations);
#ifdef CONFIG_DEBUG_SLAB_LEAK
EXPORT_SYMBOL(kmem_cache_free);
diff --git a/mm/slub.c b/mm/slub.c
-index 1a919f0..1739c9b 100644
+index 0342a5d..8180ae9 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -208,7 +208,7 @@ struct track {
static int sysfs_slab_add(struct kmem_cache *);
static int sysfs_slab_alias(struct kmem_cache *, const char *);
static void sysfs_slab_remove(struct kmem_cache *);
-@@ -530,7 +530,7 @@ static void print_track(const char *s, struct track *t)
+@@ -532,7 +532,7 @@ static void print_track(const char *s, struct track *t)
if (!t->addr)
return;
s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid);
#ifdef CONFIG_STACKTRACE
{
-@@ -2559,6 +2559,8 @@ void kmem_cache_free(struct kmem_cache *s, void *x)
+@@ -2571,6 +2571,8 @@ void kmem_cache_free(struct kmem_cache *s, void *x)
page = virt_to_head_page(x);
slab_free(s, page, x, _RET_IP_);
trace_kmem_cache_free(_RET_IP_, x);
-@@ -2592,7 +2594,7 @@ static int slub_min_objects;
+@@ -2604,7 +2606,7 @@ static int slub_min_objects;
* Merge control. If this is set then no merging of slab caches will occur.
* (Could be removed. This was introduced to pacify the merge skeptics.)
*/
/*
* Calculate the order of allocation given an slab object size.
-@@ -3042,7 +3044,7 @@ static int kmem_cache_open(struct kmem_cache *s,
+@@ -3057,7 +3059,7 @@ static int kmem_cache_open(struct kmem_cache *s,
else
s->cpu_partial = 30;
#ifdef CONFIG_NUMA
s->remote_node_defrag_ratio = 1000;
#endif
-@@ -3146,8 +3148,7 @@ static inline int kmem_cache_close(struct kmem_cache *s)
+@@ -3161,8 +3163,7 @@ static inline int kmem_cache_close(struct kmem_cache *s)
void kmem_cache_destroy(struct kmem_cache *s)
{
down_write(&slub_lock);
list_del(&s->list);
up_write(&slub_lock);
if (kmem_cache_close(s)) {
-@@ -3358,6 +3359,50 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node)
+@@ -3373,6 +3374,50 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node)
EXPORT_SYMBOL(__kmalloc_node);
#endif
size_t ksize(const void *object)
{
struct page *page;
-@@ -3632,7 +3677,7 @@ static void __init kmem_cache_bootstrap_fixup(struct kmem_cache *s)
+@@ -3647,7 +3692,7 @@ static void __init kmem_cache_bootstrap_fixup(struct kmem_cache *s)
int node;
list_add(&s->list, &slab_caches);
for_each_node_state(node, N_NORMAL_MEMORY) {
struct kmem_cache_node *n = get_node(s, node);
-@@ -3749,17 +3794,17 @@ void __init kmem_cache_init(void)
+@@ -3767,17 +3812,17 @@ void __init kmem_cache_init(void)
/* Caches that are not of the two-to-the-power-of size */
if (KMALLOC_MIN_SIZE <= 32) {
caches++;
}
-@@ -3827,7 +3872,7 @@ static int slab_unmergeable(struct kmem_cache *s)
+@@ -3845,7 +3890,7 @@ static int slab_unmergeable(struct kmem_cache *s)
/*
* We may have set a slab to be unmergeable during bootstrap.
*/
return 1;
return 0;
-@@ -3886,7 +3931,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size,
+@@ -3904,7 +3949,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size,
down_write(&slub_lock);
s = find_mergeable(size, align, flags, name, ctor);
if (s) {
/*
* Adjust the object sizes so that we clear
* the complete object on kzalloc.
-@@ -3895,7 +3940,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size,
+@@ -3913,7 +3958,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size,
s->inuse = max_t(int, s->inuse, ALIGN(size, sizeof(void *)));
if (sysfs_slab_alias(s, name)) {
goto err;
}
up_write(&slub_lock);
-@@ -4023,7 +4068,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags,
+@@ -4042,7 +4087,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags,
}
#endif
static int count_inuse(struct page *page)
{
return page->inuse;
-@@ -4410,12 +4455,12 @@ static void resiliency_test(void)
+@@ -4429,12 +4474,12 @@ static void resiliency_test(void)
validate_slab_cache(kmalloc_caches[9]);
}
#else
enum slab_stat_type {
SL_ALL, /* All slabs */
SL_PARTIAL, /* Only partially allocated slabs */
-@@ -4656,7 +4701,7 @@ SLAB_ATTR_RO(ctor);
+@@ -4677,7 +4722,7 @@ SLAB_ATTR_RO(ctor);
static ssize_t aliases_show(struct kmem_cache *s, char *buf)
{
}
SLAB_ATTR_RO(aliases);
-@@ -5223,6 +5268,7 @@ static char *create_unique_id(struct kmem_cache *s)
+@@ -5244,6 +5289,7 @@ static char *create_unique_id(struct kmem_cache *s)
return name;
}
static int sysfs_slab_add(struct kmem_cache *s)
{
int err;
-@@ -5285,6 +5331,7 @@ static void sysfs_slab_remove(struct kmem_cache *s)
+@@ -5306,6 +5352,7 @@ static void sysfs_slab_remove(struct kmem_cache *s)
kobject_del(&s->kobj);
kobject_put(&s->kobj);
}
/*
* Need to buffer aliases during bootup until sysfs becomes
-@@ -5298,6 +5345,7 @@ struct saved_alias {
+@@ -5319,6 +5366,7 @@ struct saved_alias {
static struct saved_alias *alias_list;
static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
{
struct saved_alias *al;
-@@ -5320,6 +5368,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
+@@ -5341,6 +5389,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
alias_list = al;
return 0;
}
static int __init slab_sysfs_init(void)
{
+diff --git a/mm/sparse-vmemmap.c b/mm/sparse-vmemmap.c
+index 1b7e22a..3fcd4f3 100644
+--- a/mm/sparse-vmemmap.c
++++ b/mm/sparse-vmemmap.c
+@@ -128,7 +128,7 @@ pud_t * __meminit vmemmap_pud_populate(pgd_t *pgd, unsigned long addr, int node)
+ void *p = vmemmap_alloc_block(PAGE_SIZE, node);
+ if (!p)
+ return NULL;
+- pud_populate(&init_mm, pud, p);
++ pud_populate_kernel(&init_mm, pud, p);
+ }
+ return pud;
+ }
+@@ -140,7 +140,7 @@ pgd_t * __meminit vmemmap_pgd_populate(unsigned long addr, int node)
+ void *p = vmemmap_alloc_block(PAGE_SIZE, node);
+ if (!p)
+ return NULL;
+- pgd_populate(&init_mm, pgd, p);
++ pgd_populate_kernel(&init_mm, pgd, p);
+ }
+ return pgd;
+ }
diff --git a/mm/swap.c b/mm/swap.c
-index 55b266d..a532537 100644
+index 14380e9..e244704 100644
--- a/mm/swap.c
+++ b/mm/swap.c
-@@ -31,6 +31,7 @@
+@@ -30,6 +30,7 @@
#include <linux/backing-dev.h>
#include <linux/memcontrol.h>
#include <linux/gfp.h>
#include "internal.h"
-@@ -71,6 +72,8 @@ static void __put_compound_page(struct page *page)
+@@ -70,6 +71,8 @@ static void __put_compound_page(struct page *page)
__page_cache_release(page);
dtor = get_compound_page_dtor(page);
}
diff --git a/mm/swapfile.c b/mm/swapfile.c
-index b1cd120..aaae885 100644
+index f31b29d..8bdcae2 100644
--- a/mm/swapfile.c
+++ b/mm/swapfile.c
@@ -61,7 +61,7 @@ static DEFINE_MUTEX(swapon_mutex);
static inline unsigned char swap_count(unsigned char ent)
{
-@@ -1670,7 +1670,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile)
+@@ -1669,7 +1669,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile)
}
filp_close(swap_file, NULL);
err = 0;
wake_up_interruptible(&proc_poll_wait);
out_dput:
-@@ -1686,8 +1686,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait)
+@@ -1685,8 +1685,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait)
poll_wait(file, &proc_poll_wait, wait);
return POLLIN | POLLRDNORM | POLLERR | POLLPRI;
}
-@@ -1785,7 +1785,7 @@ static int swaps_open(struct inode *inode, struct file *file)
+@@ -1784,7 +1784,7 @@ static int swaps_open(struct inode *inode, struct file *file)
return ret;
seq = file->private_data;
return 0;
}
-@@ -2123,7 +2123,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags)
+@@ -2122,7 +2122,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags)
(p->flags & SWP_DISCARDABLE) ? "D" : "");
mutex_unlock(&swapon_mutex);
mm->unmap_area = arch_unmap_area;
}
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
-index 27be2f0..633e5cc 100644
+index 86ce9a5..e0bd080 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
}
static int vmap_pmd_range(pud_t *pud, unsigned long addr,
+@@ -119,7 +144,7 @@ static int vmap_pmd_range(pud_t *pud, unsigned long addr,
+ pmd_t *pmd;
+ unsigned long next;
+
+- pmd = pmd_alloc(&init_mm, pud, addr);
++ pmd = pmd_alloc_kernel(&init_mm, pud, addr);
+ if (!pmd)
+ return -ENOMEM;
+ do {
+@@ -136,7 +161,7 @@ static int vmap_pud_range(pgd_t *pgd, unsigned long addr,
+ pud_t *pud;
+ unsigned long next;
+
+- pud = pud_alloc(&init_mm, pgd, addr);
++ pud = pud_alloc_kernel(&init_mm, pgd, addr);
+ if (!pud)
+ return -ENOMEM;
+ do {
@@ -191,11 +216,20 @@ int is_vmalloc_or_module_addr(const void *x)
* and fall back on vmalloc() if that fails. Others
* just put it in the vmalloc space.
if (!pmd_none(*pmd)) {
pte_t *ptep, pte;
-@@ -1294,6 +1334,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
+@@ -1319,6 +1359,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
struct vm_struct *area;
BUG_ON(in_interrupt());
if (flags & VM_IOREMAP) {
int bit = fls(size);
-@@ -1526,6 +1576,11 @@ void *vmap(struct page **pages, unsigned int count,
+@@ -1551,6 +1601,11 @@ void *vmap(struct page **pages, unsigned int count,
if (count > totalram_pages)
return NULL;
area = get_vm_area_caller((count << PAGE_SHIFT), flags,
__builtin_return_address(0));
if (!area)
-@@ -1627,6 +1682,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
+@@ -1652,6 +1707,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
if (!size || (size >> PAGE_SHIFT) > totalram_pages)
goto fail;
area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST,
start, end, node, gfp_mask, caller);
if (!area)
-@@ -1800,10 +1862,9 @@ EXPORT_SYMBOL(vzalloc_node);
+@@ -1825,10 +1887,9 @@ EXPORT_SYMBOL(vzalloc_node);
* For tight control over page level allocator and protection flags
* use __vmalloc() instead.
*/
-1, __builtin_return_address(0));
}
-@@ -2098,6 +2159,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
+@@ -2123,6 +2184,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
unsigned long uaddr = vma->vm_start;
unsigned long usize = vma->vm_end - vma->vm_start;
return -EINVAL;
diff --git a/mm/vmstat.c b/mm/vmstat.c
-index 8fd603b..cf0d930 100644
+index f600557..1459fc8 100644
--- a/mm/vmstat.c
+++ b/mm/vmstat.c
@@ -78,7 +78,7 @@ void vm_events_fold_cpu(int cpu)
return 0;
}
diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
-index 5471628..cef8398 100644
+index efea35b..9c8dd0b 100644
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
-@@ -588,8 +588,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
+@@ -554,8 +554,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
err = -EPERM;
if (!capable(CAP_NET_ADMIN))
break;
vn = net_generic(net, vlan_net_id);
diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
-index fdfdb57..38d368c 100644
+index fccae26..e7ece2f 100644
--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
-@@ -423,7 +423,7 @@ static int p9_fd_write(struct p9_client *client, void *v, int len)
+@@ -425,7 +425,7 @@ static int p9_fd_write(struct p9_client *client, void *v, int len)
oldfs = get_fs();
set_fs(get_ds());
/* The cast to a user pointer is valid due to the set_fs() */
if (ret <= 0 && ret != -ERESTARTSYS && ret != -EAGAIN)
diff --git a/net/atm/atm_misc.c b/net/atm/atm_misc.c
-index f41f026..fe76ea8 100644
+index 876fbe8..8bbea9f 100644
--- a/net/atm/atm_misc.c
+++ b/net/atm/atm_misc.c
@@ -17,7 +17,7 @@ int atm_charge(struct atm_vcc *vcc, int truesize)
hard_iface->net_dev->name);
diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
-index f9cc957..efd9dae 100644
+index 987c75a..20d6f36 100644
--- a/net/batman-adv/soft-interface.c
+++ b/net/batman-adv/soft-interface.c
-@@ -634,7 +634,7 @@ static int interface_tx(struct sk_buff *skb, struct net_device *soft_iface)
+@@ -645,7 +645,7 @@ static int interface_tx(struct sk_buff *skb, struct net_device *soft_iface)
/* set broadcast sequence number */
bcast_packet->seqno =
add_bcast_packet_to_list(bat_priv, skb, 1);
-@@ -828,7 +828,7 @@ struct net_device *softif_create(const char *name)
+@@ -843,7 +843,7 @@ struct net_device *softif_create(const char *name)
atomic_set(&bat_priv->batman_queue_left, BATMAN_QUEUE_LEN);
atomic_set(&bat_priv->mesh_state, MESH_INACTIVE);
atomic_set(&bat_priv->tt_local_changes, 0);
atomic_set(&bat_priv->tt_ogm_append_cnt, 0);
diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
-index ab8d0fe..ceba3fd 100644
+index e9eb043..d174eeb 100644
--- a/net/batman-adv/types.h
+++ b/net/batman-adv/types.h
@@ -38,8 +38,8 @@ struct hard_iface {
frag2->seqno = htons(seqno);
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
-index c1c597e..05ebb40 100644
+index 280953b..cd219bb 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -234,7 +234,7 @@ void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[16])
hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
}
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
-index 17b5b1c..826d872 100644
+index 32d338c..d24bcdb 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
-@@ -2176,8 +2176,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
+@@ -2418,8 +2418,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
break;
case L2CAP_CONF_RFC:
if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
rfc.mode != chan->mode)
-@@ -2265,8 +2267,10 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
+@@ -2537,8 +2539,10 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
switch (type) {
case L2CAP_CONF_RFC:
goto done;
}
}
-diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
-index 8eb6b15..e3db7ab 100644
---- a/net/bridge/br_multicast.c
-+++ b/net/bridge/br_multicast.c
-@@ -1488,7 +1488,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br,
- nexthdr = ip6h->nexthdr;
- offset = ipv6_skip_exthdr(skb, sizeof(*ip6h), &nexthdr);
-
-- if (offset < 0 || nexthdr != IPPROTO_ICMPV6)
-+ if (nexthdr != IPPROTO_ICMPV6)
- return 0;
+diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
+index 5449294..7da9a5f 100644
+--- a/net/bridge/netfilter/ebt_ulog.c
++++ b/net/bridge/netfilter/ebt_ulog.c
+@@ -96,6 +96,7 @@ static void ulog_timer(unsigned long data)
+ spin_unlock_bh(&ulog_buffers[data].lock);
+ }
- /* Okay, we found ICMPv6 header */
++static struct sk_buff *ulog_alloc_skb(unsigned int size) __size_overflow(1);
+ static struct sk_buff *ulog_alloc_skb(unsigned int size)
+ {
+ struct sk_buff *skb;
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
-index 5864cc4..121f3a30 100644
+index 5fe2ff3..10968b5 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
-@@ -1513,7 +1513,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
+@@ -1523,7 +1523,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
tmp.valid_hooks = t->table->valid_hooks;
}
mutex_unlock(&ebt_mutex);
ret = -EFAULT;
break;
diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c
-index a986280..13444a1 100644
+index a97d97a..6f679ed 100644
--- a/net/caif/caif_socket.c
+++ b/net/caif/caif_socket.c
@@ -48,19 +48,20 @@ static struct dentry *debugfsdir;
set_rx_flow_on(cf_sk);
caif_flow_ctrl(sk, CAIF_MODEMCMD_FLOW_ON_REQ);
}
-@@ -854,7 +855,7 @@ static int caif_connect(struct socket *sock, struct sockaddr *uaddr,
+@@ -856,7 +857,7 @@ static int caif_connect(struct socket *sock, struct sockaddr *uaddr,
/*ifindex = id of the interface.*/
cf_sk->conn_req.ifindex = cf_sk->sk.sk_bound_dev_if;
cf_sk->layer.receive = caif_sktrecv_cb;
err = caif_connect_client(sock_net(sk), &cf_sk->conn_req,
-@@ -943,7 +944,7 @@ static int caif_release(struct socket *sock)
+@@ -945,7 +946,7 @@ static int caif_release(struct socket *sock)
spin_unlock_bh(&sk->sk_receive_queue.lock);
sock->sk = NULL;
WARN_ON(IS_ERR(cf_sk->debugfs_socket_dir));
if (cf_sk->debugfs_socket_dir != NULL)
-@@ -1122,7 +1123,7 @@ static int caif_create(struct net *net, struct socket *sock, int protocol,
+@@ -1124,7 +1125,7 @@ static int caif_create(struct net *net, struct socket *sock, int protocol,
cf_sk->conn_req.protocol = protocol;
/* Increase the number of sockets created. */
dbfs_atomic_inc(&cnt.caif_nr_socks);
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index c56cacf..b28e35f 100644
+index 0336374..659088a 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
-@@ -1139,10 +1139,14 @@ void dev_load(struct net *net, const char *name)
+@@ -1138,10 +1138,14 @@ void dev_load(struct net *net, const char *name)
if (no_module && capable(CAP_NET_ADMIN))
no_module = request_module("netdev-%s", name);
if (no_module && capable(CAP_SYS_MODULE)) {
}
}
EXPORT_SYMBOL(dev_load);
-@@ -1573,7 +1577,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
+@@ -1605,7 +1609,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
{
if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) {
if (skb_copy_ubufs(skb, GFP_ATOMIC)) {
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -1583,7 +1587,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
+@@ -1615,7 +1619,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
nf_reset(skb);
if (unlikely(!is_skb_forwardable(dev, skb))) {
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -2036,7 +2040,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
+@@ -2077,7 +2081,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
struct dev_gso_cb {
void (*destructor)(struct sk_buff *skb);
#define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb)
-@@ -2970,7 +2974,7 @@ enqueue:
+@@ -2933,7 +2937,7 @@ enqueue:
local_irq_restore(flags);
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -3044,7 +3048,7 @@ int netif_rx_ni(struct sk_buff *skb)
+@@ -3005,7 +3009,7 @@ int netif_rx_ni(struct sk_buff *skb)
}
EXPORT_SYMBOL(netif_rx_ni);
{
struct softnet_data *sd = &__get_cpu_var(softnet_data);
-@@ -3333,7 +3337,7 @@ ncls:
+@@ -3293,7 +3297,7 @@ ncls:
if (pt_prev) {
ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
} else {
kfree_skb(skb);
/* Jamal, now you will not able to escape explaining
* me how you were going to use this. :-)
-@@ -3897,7 +3901,7 @@ void netif_napi_del(struct napi_struct *napi)
+@@ -3853,7 +3857,7 @@ void netif_napi_del(struct napi_struct *napi)
}
EXPORT_SYMBOL(netif_napi_del);
{
struct softnet_data *sd = &__get_cpu_var(softnet_data);
unsigned long time_limit = jiffies + 2;
-@@ -5955,7 +5959,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
+@@ -5878,7 +5882,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
} else {
netdev_stats_to_stats64(storage, &dev->stats);
}
m->msg_iov = iov;
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index 9083e82..1673203 100644
+index 5c30296..ebe7b61 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -57,7 +57,7 @@ struct rtnl_link {
+} __no_const;
static DEFINE_MUTEX(rtnl_mutex);
- static u16 min_ifinfo_dump_size;
+
diff --git a/net/core/scm.c b/net/core/scm.c
index ff52ad0..aff1c0f 100644
--- a/net/core/scm.c
{
int new_fd;
diff --git a/net/core/sock.c b/net/core/sock.c
-index b23f174..b9a0d26 100644
+index 02f8dfe..86dfd4a 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
-@@ -289,7 +289,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+@@ -341,7 +341,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
struct sk_buff_head *list = &sk->sk_receive_queue;
if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) {
trace_sock_rcvqueue_full(sk, skb);
return -ENOMEM;
}
-@@ -299,7 +299,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+@@ -351,7 +351,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
return err;
if (!sk_rmem_schedule(sk, skb->truesize)) {
return -ENOBUFS;
}
-@@ -319,7 +319,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+@@ -371,7 +371,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
skb_dst_force(skb);
spin_lock_irqsave(&list->lock, flags);
__skb_queue_tail(list, skb);
spin_unlock_irqrestore(&list->lock, flags);
-@@ -339,7 +339,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested)
+@@ -391,7 +391,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested)
skb->dev = NULL;
if (sk_rcvqueues_full(sk, skb)) {
goto discard_and_relse;
}
if (nested)
-@@ -357,7 +357,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested)
+@@ -409,7 +409,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested)
mutex_release(&sk->sk_lock.dep_map, 1, _RET_IP_);
} else if (sk_add_backlog(sk, skb)) {
bh_unlock_sock(sk);
goto discard_and_relse;
}
-@@ -917,7 +917,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
+@@ -974,7 +974,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
if (len > sizeof(peercred))
len = sizeof(peercred);
cred_to_ucred(sk->sk_peer_pid, sk->sk_peer_cred, &peercred);
return -EFAULT;
goto lenout;
}
-@@ -930,7 +930,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
+@@ -987,7 +987,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
return -ENOTCONN;
if (lv < len)
return -EINVAL;
return -EFAULT;
goto lenout;
}
-@@ -963,7 +963,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
+@@ -1024,7 +1024,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
if (len > lv)
len = lv;
return -EFAULT;
lenout:
if (put_user(len, optlen))
-@@ -2020,7 +2020,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
+@@ -2108,7 +2108,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
*/
smp_wmb();
atomic_set(&sk->sk_refcnt, 1);
}
EXPORT_SYMBOL(sock_init_data);
+diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
+index b9868e1..849f809 100644
+--- a/net/core/sock_diag.c
++++ b/net/core/sock_diag.c
+@@ -16,20 +16,27 @@ static DEFINE_MUTEX(sock_diag_table_mutex);
+
+ int sock_diag_check_cookie(void *sk, __u32 *cookie)
+ {
++#ifndef CONFIG_GRKERNSEC_HIDESYM
+ if ((cookie[0] != INET_DIAG_NOCOOKIE ||
+ cookie[1] != INET_DIAG_NOCOOKIE) &&
+ ((u32)(unsigned long)sk != cookie[0] ||
+ (u32)((((unsigned long)sk) >> 31) >> 1) != cookie[1]))
+ return -ESTALE;
+ else
++#endif
+ return 0;
+ }
+ EXPORT_SYMBOL_GPL(sock_diag_check_cookie);
+
+ void sock_diag_save_cookie(void *sk, __u32 *cookie)
+ {
++#ifdef CONFIG_GRKERNSEC_HIDESYM
++ cookie[0] = 0;
++ cookie[1] = 0;
++#else
+ cookie[0] = (u32)(unsigned long)sk;
+ cookie[1] = (u32)(((unsigned long)sk >> 31) >> 1);
++#endif
+ }
+ EXPORT_SYMBOL_GPL(sock_diag_save_cookie);
+
diff --git a/net/decnet/sysctl_net_decnet.c b/net/decnet/sysctl_net_decnet.c
index 02e75d1..9a57a7c 100644
--- a/net/decnet/sysctl_net_decnet.c
return nh->nh_saddr;
}
-diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
-index ccee270..db23c3c 100644
---- a/net/ipv4/inet_diag.c
-+++ b/net/ipv4/inet_diag.c
-@@ -114,8 +114,14 @@ static int inet_csk_diag_fill(struct sock *sk,
- r->idiag_retrans = 0;
-
- r->id.idiag_if = sk->sk_bound_dev_if;
-+
-+#ifdef CONFIG_GRKERNSEC_HIDESYM
-+ r->id.idiag_cookie[0] = 0;
-+ r->id.idiag_cookie[1] = 0;
-+#else
- r->id.idiag_cookie[0] = (u32)(unsigned long)sk;
- r->id.idiag_cookie[1] = (u32)(((unsigned long)sk >> 31) >> 1);
-+#endif
-
- r->id.idiag_sport = inet->inet_sport;
- r->id.idiag_dport = inet->inet_dport;
-@@ -210,8 +216,15 @@ static int inet_twsk_diag_fill(struct inet_timewait_sock *tw,
- r->idiag_family = tw->tw_family;
- r->idiag_retrans = 0;
- r->id.idiag_if = tw->tw_bound_dev_if;
-+
-+#ifdef CONFIG_GRKERNSEC_HIDESYM
-+ r->id.idiag_cookie[0] = 0;
-+ r->id.idiag_cookie[1] = 0;
-+#else
- r->id.idiag_cookie[0] = (u32)(unsigned long)tw;
- r->id.idiag_cookie[1] = (u32)(((unsigned long)tw >> 31) >> 1);
-+#endif
-+
- r->id.idiag_sport = tw->tw_sport;
- r->id.idiag_dport = tw->tw_dport;
- r->id.idiag_src[0] = tw->tw_rcv_saddr;
-@@ -294,12 +307,14 @@ static int inet_diag_get_exact(struct sk_buff *in_skb,
- if (sk == NULL)
- goto unlock;
-
-+#ifndef CONFIG_GRKERNSEC_HIDESYM
- err = -ESTALE;
- if ((req->id.idiag_cookie[0] != INET_DIAG_NOCOOKIE ||
- req->id.idiag_cookie[1] != INET_DIAG_NOCOOKIE) &&
- ((u32)(unsigned long)sk != req->id.idiag_cookie[0] ||
- (u32)((((unsigned long)sk) >> 31) >> 1) != req->id.idiag_cookie[1]))
- goto out;
-+#endif
-
- err = -ENOMEM;
- rep = alloc_skb(NLMSG_SPACE((sizeof(struct inet_diag_msg) +
-@@ -589,8 +604,14 @@ static int inet_diag_fill_req(struct sk_buff *skb, struct sock *sk,
- r->idiag_retrans = req->retrans;
-
- r->id.idiag_if = sk->sk_bound_dev_if;
-+
-+#ifdef CONFIG_GRKERNSEC_HIDESYM
-+ r->id.idiag_cookie[0] = 0;
-+ r->id.idiag_cookie[1] = 0;
-+#else
- r->id.idiag_cookie[0] = (u32)(unsigned long)req;
- r->id.idiag_cookie[1] = (u32)(((unsigned long)req >> 31) >> 1);
-+#endif
-
- tmo = req->expires - jiffies;
- if (tmo < 0)
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index 984ec65..97ac518 100644
--- a/net/ipv4/inet_hashtables.c
inet_twsk_deschedule(tw, death_row);
while (twrefcnt) {
diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c
-index 86f13c67..59a35b5 100644
+index d4d61b6..b81aec8 100644
--- a/net/ipv4/inetpeer.c
+++ b/net/ipv4/inetpeer.c
-@@ -436,8 +436,8 @@ relookup:
+@@ -487,8 +487,8 @@ relookup:
if (p) {
p->daddr = *daddr;
atomic_set(&p->refcnt, 1);
secure_ip_id(daddr->addr.a4) :
secure_ipv6_id(daddr->addr.a6));
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
-index fdaabf2..0ec3205 100644
+index 1f23a57..7180dfe 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -316,7 +316,7 @@ static inline int ip_frag_too_far(struct ipq *qp)
rc = qp->q.fragments && (end - start) > max;
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
-index 09ff51b..d3968eb 100644
+index 8aa87c1..35c3248 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
-@@ -1111,7 +1111,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
+@@ -1112,7 +1112,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
len = min_t(unsigned int, len, opt->optlen);
if (put_user(len, optlen))
return -EFAULT;
return -EFAULT;
return 0;
}
-@@ -1239,7 +1240,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
+@@ -1240,7 +1241,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
if (sk->sk_type != SOCK_STREAM)
return -ENOPROTOOPT;
msg.msg_flags = flags;
diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
-index 99ec116..c5628fe 100644
+index 6e412a6..6640538 100644
--- a/net/ipv4/ipconfig.c
+++ b/net/ipv4/ipconfig.c
@@ -318,7 +318,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg)
return res;
}
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
-index fd7a3f6..e5be655 100644
+index fd7a3f6..a1b1013 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
-@@ -984,6 +984,11 @@ static int __do_replace(struct net *net, const char *name,
+@@ -757,6 +757,9 @@ static struct xt_counters *alloc_counters(const struct xt_table *table)
+
+ static int copy_entries_to_user(unsigned int total_size,
+ const struct xt_table *table,
++ void __user *userptr) __size_overflow(1);
++static int copy_entries_to_user(unsigned int total_size,
++ const struct xt_table *table,
+ void __user *userptr)
+ {
+ unsigned int off, num;
+@@ -984,6 +987,11 @@ static int __do_replace(struct net *net, const char *name,
unsigned int valid_hooks,
struct xt_table_info *newinfo,
unsigned int num_counters,
void __user *counters_ptr)
{
int ret;
-@@ -1104,6 +1109,8 @@ static int do_replace(struct net *net, const void __user *user,
+@@ -1104,6 +1112,8 @@ static int do_replace(struct net *net, const void __user *user,
}
static int do_add_counters(struct net *net, const void __user *user,
{
unsigned int i, curcpu;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
-index 24e556e..a8daf7a 100644
+index 24e556e..b073356 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
-@@ -1172,6 +1172,10 @@ get_entries(struct net *net, struct ipt_get_entries __user *uptr,
+@@ -923,6 +923,10 @@ static struct xt_counters *alloc_counters(const struct xt_table *table)
+ static int
+ copy_entries_to_user(unsigned int total_size,
+ const struct xt_table *table,
++ void __user *userptr) __size_overflow(1);
++static int
++copy_entries_to_user(unsigned int total_size,
++ const struct xt_table *table,
+ void __user *userptr)
+ {
+ unsigned int off, num;
+@@ -1172,6 +1176,10 @@ get_entries(struct net *net, struct ipt_get_entries __user *uptr,
static int
__do_replace(struct net *net, const char *name, unsigned int valid_hooks,
struct xt_table_info *newinfo, unsigned int num_counters,
void __user *counters_ptr)
{
int ret;
-@@ -1293,6 +1297,9 @@ do_replace(struct net *net, const void __user *user, unsigned int len)
+@@ -1293,6 +1301,9 @@ do_replace(struct net *net, const void __user *user, unsigned int len)
static int
do_add_counters(struct net *net, const void __user *user,
unsigned int len, int compat)
{
unsigned int i, curcpu;
+diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
+index ba5756d..8d34d74 100644
+--- a/net/ipv4/netfilter/ipt_ULOG.c
++++ b/net/ipv4/netfilter/ipt_ULOG.c
+@@ -125,6 +125,7 @@ static void ulog_timer(unsigned long data)
+ spin_unlock_bh(&ulog_lock);
+ }
+
++static struct sk_buff *ulog_alloc_skb(unsigned int size) __size_overflow(1);
+ static struct sk_buff *ulog_alloc_skb(unsigned int size)
+ {
+ struct sk_buff *skb;
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c
index 2133c30..0e8047e 100644
--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
{
unsigned long subid;
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index 43d4c3b..1914409 100644
+index b072386..abdebcf 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
-@@ -836,7 +836,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f,
+@@ -838,7 +838,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f,
sk_rmem_alloc_get(sp),
0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
static int ping_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
-index 007e2eb..85a18a0 100644
+index 3ccda5a..3c1e61d 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
-@@ -303,7 +303,7 @@ static int raw_rcv_skb(struct sock * sk, struct sk_buff * skb)
+@@ -304,7 +304,7 @@ static int raw_rcv_skb(struct sock * sk, struct sk_buff * skb)
int raw_rcv(struct sock *sk, struct sk_buff *skb)
{
if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) {
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -738,16 +738,20 @@ static int raw_init(struct sock *sk)
+@@ -742,16 +742,20 @@ static int raw_init(struct sock *sk)
static int raw_seticmpfilter(struct sock *sk, char __user *optval, int optlen)
{
if (get_user(len, optlen))
goto out;
-@@ -757,8 +761,8 @@ static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *o
+@@ -761,8 +765,8 @@ static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *o
if (len > sizeof(struct icmp_filter))
len = sizeof(struct icmp_filter);
ret = -EFAULT;
goto out;
ret = 0;
out: return ret;
-@@ -986,7 +990,13 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
+@@ -990,7 +994,13 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
sk_wmem_alloc_get(sp),
sk_rmem_alloc_get(sp),
0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp),
static int raw_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
-index 94cdbc5..0cb0063 100644
+index 0197747..7adb0dc 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
-@@ -313,7 +313,7 @@ static inline unsigned int rt_hash(__be32 daddr, __be32 saddr, int idx,
+@@ -311,7 +311,7 @@ static inline unsigned int rt_hash(__be32 daddr, __be32 saddr, int idx,
static inline int rt_genid(struct net *net)
{
}
#ifdef CONFIG_PROC_FS
-@@ -937,7 +937,7 @@ static void rt_cache_invalidate(struct net *net)
+@@ -935,7 +935,7 @@ static void rt_cache_invalidate(struct net *net)
unsigned char shuffle;
get_random_bytes(&shuffle, sizeof(shuffle));
- atomic_add(shuffle + 1U, &net->ipv4.rt_genid);
+ atomic_add_unchecked(shuffle + 1U, &net->ipv4.rt_genid);
- redirect_genid++;
+ inetpeer_invalidate_tree(AF_INET);
}
-@@ -3022,7 +3022,7 @@ static int rt_fill_info(struct net *net,
+@@ -3010,7 +3010,7 @@ static int rt_fill_info(struct net *net,
error = rt->dst.error;
if (peer) {
inet_peer_refcheck(rt->peer);
if (peer->tcp_ts_stamp) {
ts = peer->tcp_ts;
tsage = get_seconds() - peer->tcp_ts_stamp;
-diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
-index 90f6544..769c0e9 100644
---- a/net/ipv4/syncookies.c
-+++ b/net/ipv4/syncookies.c
-@@ -278,6 +278,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
- struct rtable *rt;
- __u8 rcv_wscale;
- bool ecn_ok = false;
-+ struct flowi4 fl4;
-
- if (!sysctl_tcp_syncookies || !th->ack || th->rst)
- goto out;
-@@ -346,20 +347,16 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
- * hasn't changed since we received the original syn, but I see
- * no easy way to do this.
- */
-- {
-- struct flowi4 fl4;
--
-- flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
-- RT_SCOPE_UNIVERSE, IPPROTO_TCP,
-- inet_sk_flowi_flags(sk),
-- (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
-- ireq->loc_addr, th->source, th->dest);
-- security_req_classify_flow(req, flowi4_to_flowi(&fl4));
-- rt = ip_route_output_key(sock_net(sk), &fl4);
-- if (IS_ERR(rt)) {
-- reqsk_free(req);
-- goto out;
-- }
-+ flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
-+ RT_SCOPE_UNIVERSE, IPPROTO_TCP,
-+ inet_sk_flowi_flags(sk),
-+ (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
-+ ireq->loc_addr, th->source, th->dest);
-+ security_req_classify_flow(req, flowi4_to_flowi(&fl4));
-+ rt = ip_route_output_key(sock_net(sk), &fl4);
-+ if (IS_ERR(rt)) {
-+ reqsk_free(req);
-+ goto out;
- }
-
- /* Try to redo what tcp_v4_send_synack did. */
-@@ -373,5 +370,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
- ireq->rcv_wscale = rcv_wscale;
-
- ret = get_cookie_sock(sk, skb, req, &rt->dst);
-+ /* ip_queue_xmit() depends on our flow being setup
-+ * Normal sockets get it right from inet_csk_route_child_sock()
-+ */
-+ if (ret)
-+ inet_sk(ret)->cork.fl.u.ip4 = fl4;
- out: return ret;
- }
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
-index eb90aa8..74908e1 100644
+index fd54c5f..96d6407 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
-@@ -87,6 +87,9 @@ int sysctl_tcp_tw_reuse __read_mostly;
+@@ -88,6 +88,9 @@ int sysctl_tcp_tw_reuse __read_mostly;
int sysctl_tcp_low_latency __read_mostly;
EXPORT_SYMBOL(sysctl_tcp_low_latency);
#ifdef CONFIG_TCP_MD5SIG
static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk,
-@@ -1465,9 +1468,13 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
- inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
- newinet->inet_id = newtp->write_seq ^ jiffies;
-
-- if (!dst && (dst = inet_csk_route_child_sock(sk, newsk, req)) == NULL)
-- goto put_and_exit;
--
-+ if (!dst) {
-+ dst = inet_csk_route_child_sock(sk, newsk, req);
-+ if (!dst)
-+ goto put_and_exit;
-+ } else {
-+ /* syncookie case : see end of cookie_v4_check() */
-+ }
- sk_setup_caps(newsk, dst);
-
- tcp_mtup_init(newsk);
-@@ -1632,6 +1639,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -1638,6 +1641,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
return 0;
reset:
tcp_v4_send_reset(rsk, skb);
discard:
kfree_skb(skb);
-@@ -1694,12 +1704,19 @@ int tcp_v4_rcv(struct sk_buff *skb)
+@@ -1700,12 +1706,19 @@ int tcp_v4_rcv(struct sk_buff *skb)
TCP_SKB_CB(skb)->sacked = 0;
sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
-@@ -1749,6 +1766,10 @@ no_tcp_socket:
+@@ -1755,6 +1768,10 @@ no_tcp_socket:
bad_packet:
TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
} else {
tcp_v4_send_reset(NULL, skb);
}
-@@ -2409,7 +2430,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req,
+@@ -2417,7 +2434,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req,
0, /* non standard timer */
0, /* open_requests have no inode */
atomic_read(&sk->sk_refcnt),
len);
}
-@@ -2459,7 +2484,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
+@@ -2467,7 +2488,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
sock_i_uid(sk),
icsk->icsk_probes_out,
sock_i_ino(sk),
jiffies_to_clock_t(icsk->icsk_rto),
jiffies_to_clock_t(icsk->icsk_ack.ato),
(icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
-@@ -2487,7 +2517,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw,
+@@ -2495,7 +2521,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw,
" %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK%n",
i, src, srcp, dest, destp, tw->tw_substate, 0, 0,
3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
#define TMPSZ 150
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
-index 66363b6..b0654a3 100644
+index 550e755..25721b3 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -27,6 +27,10 @@
int sysctl_tcp_syncookies __read_mostly = 1;
EXPORT_SYMBOL(sysctl_tcp_syncookies);
-@@ -751,6 +755,10 @@ listen_overflow:
+@@ -753,6 +757,10 @@ listen_overflow:
embryonic_reset:
NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_EMBRYONICRSTS);
cnt += width;
}
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
-index 2e0f0af..e2948bf 100644
+index cd2e072..1fffee2 100644
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -22,6 +22,10 @@
int sysctl_tcp_syn_retries __read_mostly = TCP_SYN_RETRIES;
int sysctl_tcp_synack_retries __read_mostly = TCP_SYNACK_RETRIES;
int sysctl_tcp_keepalive_time __read_mostly = TCP_KEEPALIVE_TIME;
-@@ -199,6 +203,13 @@ static int tcp_write_timeout(struct sock *sk)
+@@ -196,6 +200,13 @@ static int tcp_write_timeout(struct sock *sk)
}
}
syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) {
/* Has it gone just too far? */
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
-index 5a65eea..bd913a1 100644
+index 5d075b5..d907d5f 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -86,6 +86,7 @@
struct udp_table udp_table __read_mostly;
EXPORT_SYMBOL(udp_table);
-@@ -565,6 +570,9 @@ found:
+@@ -566,6 +571,9 @@ found:
return s;
}
/*
* This routine is called by the ICMP module when it gets some
* sort of error condition. If err < 0 then the socket should
-@@ -856,9 +864,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -857,9 +865,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
dport = usin->sin_port;
if (dport == 0)
return -EINVAL;
daddr = inet->inet_daddr;
dport = inet->inet_dport;
/* Open fast path for connected socket.
-@@ -1099,7 +1116,7 @@ static unsigned int first_packet_length(struct sock *sk)
+@@ -1100,7 +1117,7 @@ static unsigned int first_packet_length(struct sock *sk)
udp_lib_checksum_complete(skb)) {
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS,
IS_UDPLITE(sk));
__skb_unlink(skb, rcvq);
__skb_queue_tail(&list_kill, skb);
}
-@@ -1185,6 +1202,10 @@ try_again:
+@@ -1186,6 +1203,10 @@ try_again:
if (!skb)
goto out;
ulen = skb->len - sizeof(struct udphdr);
copied = len;
if (copied > ulen)
-@@ -1487,7 +1508,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+@@ -1489,7 +1510,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
drop:
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
kfree_skb(skb);
return -1;
}
-@@ -1506,7 +1527,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
+@@ -1508,7 +1529,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC);
if (!skb1) {
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS,
IS_UDPLITE(sk));
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS,
-@@ -1675,6 +1696,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
+@@ -1677,6 +1698,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
goto csum_error;
UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
/*
-@@ -2098,8 +2122,13 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f,
+@@ -2100,8 +2124,13 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f,
sk_wmem_alloc_get(sp),
sk_rmem_alloc_get(sp),
0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp),
int udp4_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index a5521c5..984a2f4 100644
+index 6b8ebc5..1d624f4 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
-@@ -2153,7 +2153,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
+@@ -2145,7 +2145,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
p.iph.ihl = 5;
p.iph.protocol = IPPROTO_IPV6;
p.iph.ttl = 64;
if (ops->ndo_do_ioctl) {
mm_segment_t oldfs = get_fs();
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
-index 4c0f894..fca5d15 100644
+index 2ae79db..8f101bf 100644
--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -56,6 +56,8 @@ struct ah_skb_cb {
{
unsigned int len;
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c
-index 1567fb1..29af910 100644
+index 02dd203..e03fcc9 100644
--- a/net/ipv6/inet6_connection_sock.c
+++ b/net/ipv6/inet6_connection_sock.c
@@ -178,7 +178,7 @@ void __inet6_csk_dst_store(struct sock *sk, struct dst_entry *dst,
dst = NULL;
}
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
-index 26cb08c..8af9877 100644
+index 18a2719..779f36a 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -960,7 +960,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
msg.msg_flags = flags;
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
-index 94874b0..dc413fa 100644
+index 94874b0..108a94d 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
-@@ -1194,6 +1194,10 @@ get_entries(struct net *net, struct ip6t_get_entries __user *uptr,
+@@ -945,6 +945,10 @@ static struct xt_counters *alloc_counters(const struct xt_table *table)
+ static int
+ copy_entries_to_user(unsigned int total_size,
+ const struct xt_table *table,
++ void __user *userptr) __size_overflow(1);
++static int
++copy_entries_to_user(unsigned int total_size,
++ const struct xt_table *table,
+ void __user *userptr)
+ {
+ unsigned int off, num;
+@@ -1194,6 +1198,10 @@ get_entries(struct net *net, struct ip6t_get_entries __user *uptr,
static int
__do_replace(struct net *net, const char *name, unsigned int valid_hooks,
struct xt_table_info *newinfo, unsigned int num_counters,
void __user *counters_ptr)
{
int ret;
-@@ -1315,6 +1319,9 @@ do_replace(struct net *net, const void __user *user, unsigned int len)
+@@ -1315,6 +1323,9 @@ do_replace(struct net *net, const void __user *user, unsigned int len)
static int
do_add_counters(struct net *net, const void __user *user, unsigned int len,
{
unsigned int i, curcpu;
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
-index 361ebf3..d5628fb 100644
+index d02f7e4..2d2a0f1 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -377,7 +377,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb)
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -404,7 +404,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -405,7 +405,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb)
struct raw6_sock *rp = raw6_sk(sk);
if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) {
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -428,7 +428,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -429,7 +429,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb)
if (inet->hdrincl) {
if (skb_checksum_complete(skb)) {
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -601,7 +601,7 @@ out:
+@@ -602,7 +602,7 @@ out:
return err;
}
struct flowi6 *fl6, struct dst_entry **dstp,
unsigned int flags)
{
-@@ -909,12 +909,15 @@ do_confirm:
+@@ -912,12 +912,15 @@ do_confirm:
static int rawv6_seticmpfilter(struct sock *sk, int level, int optname,
char __user *optval, int optlen)
{
return 0;
default:
return -ENOPROTOOPT;
-@@ -927,6 +930,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
+@@ -930,6 +933,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
char __user *optval, int __user *optlen)
{
int len;
switch (optname) {
case ICMPV6_FILTER:
-@@ -938,7 +942,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
+@@ -941,7 +945,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
len = sizeof(struct icmp6_filter);
if (put_user(len, optlen))
return -EFAULT;
return -EFAULT;
return 0;
default:
-@@ -1245,7 +1250,13 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
+@@ -1248,7 +1253,13 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
0, 0L, 0,
sock_i_uid(sp), 0,
sock_i_ino(sp),
static int raw6_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
-index b859e4a..f9d1589 100644
+index a89ca8d..12e66b0 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
-@@ -93,6 +93,10 @@ static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
+@@ -94,6 +94,10 @@ static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
}
#endif
static void tcp_v6_hash(struct sock *sk)
{
if (sk->sk_state != TCP_CLOSE) {
-@@ -1651,6 +1655,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -1654,6 +1658,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
return 0;
reset:
tcp_v6_send_reset(sk, skb);
discard:
if (opt_skb)
-@@ -1730,12 +1737,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
+@@ -1733,12 +1740,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
TCP_SKB_CB(skb)->sacked = 0;
sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
-@@ -1783,6 +1798,10 @@ no_tcp_socket:
+@@ -1786,6 +1801,10 @@ no_tcp_socket:
bad_packet:
TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
} else {
tcp_v6_send_reset(NULL, skb);
}
-@@ -2043,7 +2062,13 @@ static void get_openreq6(struct seq_file *seq,
+@@ -2047,7 +2066,13 @@ static void get_openreq6(struct seq_file *seq,
uid,
0, /* non standard timer */
0, /* open_requests have no inode */
}
static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
-@@ -2093,7 +2118,12 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
+@@ -2097,7 +2122,12 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
sock_i_uid(sp),
icsk->icsk_probes_out,
sock_i_ino(sp),
jiffies_to_clock_t(icsk->icsk_rto),
jiffies_to_clock_t(icsk->icsk_ack.ato),
(icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
-@@ -2128,7 +2158,13 @@ static void get_timewait6_sock(struct seq_file *seq,
+@@ -2132,7 +2162,13 @@ static void get_timewait6_sock(struct seq_file *seq,
dest->s6_addr32[2], dest->s6_addr32[3], destp,
tw->tw_substate, 0, 0,
3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
static int tcp6_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
-index 8c25419..47a51ae 100644
+index 4f96b5c..75543d7 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -50,6 +50,10 @@
int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2)
{
const struct in6_addr *sk_rcv_saddr6 = &inet6_sk(sk)->rcv_saddr;
-@@ -549,7 +553,7 @@ int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
+@@ -551,7 +555,7 @@ int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
return 0;
drop:
drop_no_sk_drops_inc:
UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
kfree_skb(skb);
-@@ -625,7 +629,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
+@@ -627,7 +631,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
continue;
}
drop:
UDP6_INC_STATS_BH(sock_net(sk),
UDP_MIB_RCVBUFERRORS, IS_UDPLITE(sk));
UDP6_INC_STATS_BH(sock_net(sk),
-@@ -780,6 +784,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
+@@ -782,6 +786,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS,
proto == IPPROTO_UDPLITE);
icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0);
kfree_skb(skb);
-@@ -796,7 +803,7 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
+@@ -798,7 +805,7 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
if (!sock_owned_by_user(sk))
udpv6_queue_rcv_skb(sk, skb);
else if (sk_add_backlog(sk, skb)) {
bh_unlock_sock(sk);
sock_put(sk);
goto discard;
-@@ -1407,8 +1414,13 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket
+@@ -1410,8 +1417,13 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket
0, 0L, 0,
sock_i_uid(sp), 0,
sock_i_ino(sp),
seq_printf(m, "Max header size: %d\n", self->max_header_size);
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
-index 274d150..656a144 100644
+index d5c5b8f..33beff0 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
-@@ -787,10 +787,10 @@ static int iucv_sock_autobind(struct sock *sk)
+@@ -764,10 +764,10 @@ static int iucv_sock_autobind(struct sock *sk)
write_lock_bh(&iucv_sk_list.lock);
write_unlock_bh(&iucv_sk_list.lock);
diff --git a/net/key/af_key.c b/net/key/af_key.c
-index 1e733e9..3d73c9f 100644
+index 11dbb22..c20f667 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3016,10 +3016,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc
return res;
}
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
-index 73495f1..ad51356 100644
+index 2f0642d..e5c6fba 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
-@@ -27,6 +27,7 @@
+@@ -28,6 +28,7 @@
#include <net/ieee80211_radiotap.h>
#include <net/cfg80211.h>
#include <net/mac80211.h>
#include "key.h"
#include "sta_info.h"
-@@ -764,7 +765,7 @@ struct ieee80211_local {
+@@ -781,7 +782,7 @@ struct ieee80211_local {
/* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
spinlock_t queue_stop_reason_lock;
/* number of interfaces with corresponding FIF_ flags */
int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
-index 30d7355..e260095 100644
+index 8e2137b..2974283 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
-@@ -211,7 +211,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
+@@ -222,7 +222,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
break;
}
res = drv_start(local);
if (res)
goto err_del_bss;
-@@ -235,7 +235,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
+@@ -246,7 +246,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
memcpy(dev->perm_addr, dev->dev_addr, ETH_ALEN);
if (!is_valid_ether_addr(dev->dev_addr)) {
drv_stop(local);
return -EADDRNOTAVAIL;
}
-@@ -327,7 +327,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
+@@ -347,7 +347,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
mutex_unlock(&local->mtx);
if (coming_up)
- local->open_count++;
+ local_inc(&local->open_count);
- if (hw_reconf_flags) {
+ if (hw_reconf_flags)
ieee80211_hw_config(local, hw_reconf_flags);
-@@ -347,7 +347,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
+@@ -360,7 +360,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
err_del_interface:
- drv_remove_interface(local, &sdata->vif);
+ drv_remove_interface(local, sdata);
err_stop:
- if (!local->open_count)
+ if (!local_read(&local->open_count))
drv_stop(local);
err_del_bss:
sdata->bss = NULL;
-@@ -472,7 +472,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+@@ -489,7 +489,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
}
if (going_down)
switch (sdata->vif.type) {
case NL80211_IFTYPE_AP_VLAN:
-@@ -531,7 +531,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+@@ -548,7 +548,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
ieee80211_recalc_ps(local, -1);
napi_disable(&local->napi);
ieee80211_clear_tx_pending(local);
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
-index 7d9b21d..0687004 100644
+index b142bd4..a651749 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
-@@ -163,7 +163,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
+@@ -166,7 +166,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
local->hw.conf.power_level = power;
}
/*
* Goal:
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
-index 9ee7164..56c5061 100644
+index 596efaf..8f1911f 100644
--- a/net/mac80211/pm.c
+++ b/net/mac80211/pm.c
@@ -34,7 +34,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
suspend:
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
-index 7d84b87..6a69cd9 100644
+index f9b8e81..bb89b46 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -401,7 +401,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
return p;
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
-index d5230ec..c604b21 100644
+index 9919892..8c49803 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
-@@ -1000,7 +1000,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
- drv_set_coverage_class(local, hw->wiphy->coverage_class);
-
+@@ -1143,7 +1143,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
+ }
+ #endif
/* everything else happens only if HW was up & running */
- if (!local->open_count)
+ if (!local_read(&local->open_count))
/*
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
-index d5597b7..ab6d39c 100644
+index f8ac4ef..b02560b 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
-@@ -779,6 +779,16 @@ config NETFILTER_XT_MATCH_ESP
+@@ -806,6 +806,16 @@ config NETFILTER_XT_MATCH_ESP
To compile it as a module, choose M here. If unsure, say N.
tristate '"hashlimit" match support'
depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n)
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
-index 1a02853..5d8c22e 100644
+index 40f4c3d..0d5dd6b 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
-@@ -81,6 +81,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DCCP) += xt_dccp.o
- obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o
+@@ -83,6 +83,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o
obj-$(CONFIG_NETFILTER_XT_MATCH_DSCP) += xt_dscp.o
+ obj-$(CONFIG_NETFILTER_XT_MATCH_ECN) += xt_ecn.o
obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += xt_esp.o
+obj-$(CONFIG_NETFILTER_XT_MATCH_GRADM) += xt_gradm.o
obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o
if (!todrop_rate[i]) return 0;
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
-index 6dc7d7d..e45913a 100644
+index 2555816..31492d9 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -562,7 +562,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
if ((ipvs->sync_state & IP_VS_STATE_MASTER) &&
cp->protocol == IPPROTO_SCTP) {
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
-index e1a66cf..0910076 100644
+index b3afe18..08ec940 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -788,7 +788,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest,
NLA_PUT_U32(skb, IPVS_DEST_ATTR_U_THRESH, dest->u_threshold);
NLA_PUT_U32(skb, IPVS_DEST_ATTR_L_THRESH, dest->l_threshold);
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
-index 2b6678c0..aaa41fc 100644
+index 8a0d6d6..90ec197 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -649,7 +649,7 @@ control:
cp->old_state = cp->state;
/*
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
-index aa2d720..d8aa111 100644
+index 7fd66de..e6fb361 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -1151,7 +1151,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
return 0;
}
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
-index 1201b6d..bcff8c6 100644
+index 467af9c..8f415cc 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
-@@ -742,7 +742,7 @@ static void netlink_overrun(struct sock *sk)
+@@ -741,7 +741,7 @@ static void netlink_overrun(struct sock *sk)
sk->sk_error_report(sk);
}
}
}
static struct sock *netlink_getsockbypid(struct sock *ssk, u32 pid)
-@@ -1999,7 +1999,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
+@@ -1997,7 +1997,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
sk_wmem_alloc_get(s),
nlk->cb,
atomic_read(&s->sk_refcnt),
);
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
-index 732152f..60bb09e 100644
+index 7dab229..212156f 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -839,6 +839,7 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr,
sax->fsa_ax25.sax25_call = nr->source_addr;
*uaddr_len = sizeof(struct sockaddr_ax25);
}
+diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
+index 2c03050..5cf68c1 100644
+--- a/net/openvswitch/datapath.c
++++ b/net/openvswitch/datapath.c
+@@ -322,7 +322,7 @@ static int queue_userspace_packet(int dp_ifindex, struct sk_buff *skb,
+ return -ENOMEM;
+
+ nskb = __vlan_put_tag(nskb, vlan_tx_tag_get(nskb));
+- if (!skb)
++ if (!nskb)
+ return -ENOMEM;
+
+ nskb->vlan_tci = 0;
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
-index d9d4970..d5a6a68 100644
+index 2dbb32b..a1b4722 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
-@@ -1675,7 +1675,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -1676,7 +1676,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
spin_lock(&sk->sk_receive_queue.lock);
po->stats.tp_packets++;
__skb_queue_tail(&sk->sk_receive_queue, skb);
spin_unlock(&sk->sk_receive_queue.lock);
sk->sk_data_ready(sk, skb->len);
-@@ -1684,7 +1684,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -1685,7 +1685,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
drop_n_acct:
spin_lock(&sk->sk_receive_queue.lock);
po->stats.tp_drops++;
spin_unlock(&sk->sk_receive_queue.lock);
drop_n_restore:
-@@ -3266,7 +3266,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3271,7 +3271,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
case PACKET_HDRLEN:
if (len > sizeof(int))
len = sizeof(int);
return -EFAULT;
switch (val) {
case TPACKET_V1:
-@@ -3316,7 +3316,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3321,7 +3321,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
if (put_user(len, optlen))
return -EFAULT;
err = proto_register(pp->prot, 1);
diff --git a/net/phonet/pep.c b/net/phonet/pep.c
-index 2ba6e9f..409573f 100644
+index 9726fe6..fc4e3a4 100644
--- a/net/phonet/pep.c
+++ b/net/phonet/pep.c
@@ -388,7 +388,7 @@ static int pipe_do_rcv(struct sock *sk, struct sk_buff *skb)
err = -ENOBUFS;
break;
}
-@@ -557,7 +557,7 @@ static int pipe_handler_do_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -580,7 +580,7 @@ static int pipe_handler_do_rcv(struct sock *sk, struct sk_buff *skb)
}
if (pn->rx_credits == 0) {
/* count of skbs currently in use */
atomic_t rxrpc_n_skbs;
diff --git a/net/rxrpc/ar-ack.c b/net/rxrpc/ar-ack.c
-index f99cfce..cc529dd 100644
+index c3126e8..21facc7 100644
--- a/net/rxrpc/ar-ack.c
+++ b/net/rxrpc/ar-ack.c
@@ -175,7 +175,7 @@ static void rxrpc_resend(struct rxrpc_call *call)
}
diff --git a/net/rxrpc/ar-output.c b/net/rxrpc/ar-output.c
-index 338d793..47391d0 100644
+index 16ae887..d24f12b 100644
--- a/net/rxrpc/ar-output.c
+++ b/net/rxrpc/ar-output.c
@@ -682,9 +682,9 @@ static int rxrpc_send_data(struct kiocb *iocb,
assoc->assoc_id,
assoc->sndbuf_used,
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
-index 54a7cd2..944edae 100644
+index d043722..6903416 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
-@@ -4574,7 +4574,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
+@@ -4575,7 +4575,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len;
if (space_left < addrlen)
return -ENOMEM;
to += addrlen;
cnt++;
diff --git a/net/socket.c b/net/socket.c
-index 2dce67a..1e91168 100644
+index 0de4131..7e7ddab 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -88,6 +88,7 @@
static struct file_system_type sock_fs_type = {
.name = "sockfs",
-@@ -1187,6 +1190,8 @@ int __sock_create(struct net *net, int family, int type, int protocol,
+@@ -1207,6 +1210,8 @@ int __sock_create(struct net *net, int family, int type, int protocol,
return -EAFNOSUPPORT;
if (type < 0 || type >= SOCK_MAX)
return -EINVAL;
/* Compatibility.
-@@ -1319,6 +1324,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
+@@ -1339,6 +1344,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
retval = sock_create(family, type, protocol, &sock);
if (retval < 0)
goto out;
-@@ -1431,6 +1446,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
+@@ -1451,6 +1466,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
if (sock) {
err = move_addr_to_kernel(umyaddr, addrlen, (struct sockaddr *)&address);
if (err >= 0) {
err = security_socket_bind(sock,
(struct sockaddr *)&address,
addrlen);
-@@ -1439,6 +1462,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
+@@ -1459,6 +1482,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
(struct sockaddr *)
&address, addrlen);
}
fput_light(sock->file, fput_needed);
}
return err;
-@@ -1462,10 +1486,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog)
+@@ -1482,10 +1506,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog)
if ((unsigned)backlog > somaxconn)
backlog = somaxconn;
fput_light(sock->file, fput_needed);
}
return err;
-@@ -1509,6 +1543,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
+@@ -1529,6 +1563,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
newsock->type = sock->type;
newsock->ops = sock->ops;
/*
* We don't need try_module_get here, as the listening socket (sock)
* has the protocol module (sock->ops->owner) held.
-@@ -1547,6 +1593,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
+@@ -1567,6 +1613,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
fd_install(newfd, newfile);
err = newfd;
out_put:
fput_light(sock->file, fput_needed);
out:
-@@ -1579,6 +1627,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
+@@ -1599,6 +1647,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
int, addrlen)
{
struct socket *sock;
struct sockaddr_storage address;
int err, fput_needed;
-@@ -1589,6 +1638,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
+@@ -1609,6 +1658,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
if (err < 0)
goto out_put;
err =
security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
if (err)
-@@ -1950,7 +2010,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -1970,7 +2030,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
* checking falls down on this.
*/
if (copy_from_user(ctl_buf,
ctl_len))
goto out_freectl;
msg_sys->msg_control = ctl_buf;
-@@ -2120,7 +2180,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -2140,7 +2200,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
* kernel msghdr to use the kernel address space)
*/
uaddr_len = COMPAT_NAMELEN(msg);
if (MSG_CMSG_COMPAT & flags) {
err = verify_compat_iovec(msg_sys, iov,
-@@ -2748,7 +2808,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
+@@ -2768,7 +2828,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
}
ifr = compat_alloc_user_space(buf_size);
if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ))
return -EFAULT;
-@@ -2772,12 +2832,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
+@@ -2792,12 +2852,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
offsetof(struct ethtool_rxnfc, fs.ring_cookie));
if (copy_in_user(rxnfc, compat_rxnfc,
copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt,
sizeof(rxnfc->rule_cnt)))
return -EFAULT;
-@@ -2789,12 +2849,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
+@@ -2809,12 +2869,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
if (convert_out) {
if (copy_in_user(compat_rxnfc, rxnfc,
copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
sizeof(rxnfc->rule_cnt)))
return -EFAULT;
-@@ -2864,7 +2924,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
+@@ -2884,7 +2944,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
err = dev_ioctl(net, cmd,
set_fs(old_fs);
return err;
-@@ -2973,7 +3033,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
+@@ -2993,7 +3053,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
set_fs(old_fs);
if (cmd == SIOCGIFMAP && !err) {
-@@ -3078,7 +3138,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
+@@ -3098,7 +3158,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
ret |= __get_user(rtdev, &(ur4->rt_dev));
if (rtdev) {
ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
devname[15] = 0;
} else
r4.rt_dev = NULL;
-@@ -3318,8 +3378,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
+@@ -3324,8 +3384,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
int __user *uoptlen;
int err;
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
-@@ -3339,7 +3399,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
+@@ -3345,7 +3405,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
char __user *uoptval;
int err;
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c
-index 00a1a2a..6a0138a 100644
+index 8efd96c..b492ab2 100644
--- a/net/sunrpc/sched.c
+++ b/net/sunrpc/sched.c
-@@ -238,9 +238,9 @@ static int rpc_wait_bit_killable(void *word)
+@@ -239,9 +239,9 @@ static int rpc_wait_bit_killable(void *word)
#ifdef RPC_DEBUG
static void rpc_task_set_debuginfo(struct rpc_task *task)
{
#else
static inline void rpc_task_set_debuginfo(struct rpc_task *task)
diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
-index 71bed1c..5dff36d 100644
+index 4645709..d41d668 100644
--- a/net/sunrpc/svcsock.c
+++ b/net/sunrpc/svcsock.c
@@ -396,7 +396,7 @@ static int svc_partial_recvfrom(struct svc_rqst *rqstp,
goto err;
return 0;
diff --git a/net/sunrpc/xprtrdma/svc_rdma_transport.c b/net/sunrpc/xprtrdma/svc_rdma_transport.c
-index ba1296d..0fec1a5 100644
+index 894cb42..cf5bafb 100644
--- a/net/sunrpc/xprtrdma/svc_rdma_transport.c
+++ b/net/sunrpc/xprtrdma/svc_rdma_transport.c
@@ -300,7 +300,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt)
return (mode << 6) | (mode << 3) | mode;
}
diff --git a/net/tipc/link.c b/net/tipc/link.c
-index ae98a72..7bb6056 100644
+index ac1832a..533ed97 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
-@@ -1203,7 +1203,7 @@ static int link_send_sections_long(struct tipc_port *sender,
+@@ -1205,7 +1205,7 @@ static int link_send_sections_long(struct tipc_port *sender,
struct tipc_msg fragm_hdr;
struct sk_buff *buf, *buf_chain, *prev;
u32 fragm_crs, fragm_rest, hsz, sect_rest;
int curr_sect;
u32 fragm_no;
-@@ -1247,7 +1247,7 @@ again:
+@@ -1249,7 +1249,7 @@ again:
if (!sect_rest) {
sect_rest = msg_sect[++curr_sect].iov_len;
}
if (sect_rest < fragm_rest)
-@@ -1266,7 +1266,7 @@ error:
+@@ -1268,7 +1268,7 @@ error:
}
} else
skb_copy_to_linear_data_offset(buf, fragm_crs,
sect_rest -= sz;
fragm_crs += sz;
diff --git a/net/tipc/msg.c b/net/tipc/msg.c
-index 83d5096..dcba497 100644
+index 3e4d3e2..27b55dc 100644
--- a/net/tipc/msg.c
+++ b/net/tipc/msg.c
@@ -99,7 +99,7 @@ int tipc_msg_build(struct tipc_msg *hdr, struct iovec const *msg_sect,
pos += msg_sect[cnt].iov_len;
}
diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c
-index 1983717..4d6102c 100644
+index 8c49566..14510cb 100644
--- a/net/tipc/subscr.c
+++ b/net/tipc/subscr.c
-@@ -101,7 +101,7 @@ static void subscr_send_event(struct subscription *sub,
+@@ -101,7 +101,7 @@ static void subscr_send_event(struct tipc_subscription *sub,
{
struct iovec msg_sect;
sub->evt.event = htohl(event, sub->swap);
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index d99678a..3514a21 100644
+index 85d3bb7..79f4487 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
-@@ -767,6 +767,12 @@ static struct sock *unix_find_other(struct net *net,
+@@ -770,6 +770,12 @@ static struct sock *unix_find_other(struct net *net,
err = -ECONNREFUSED;
if (!S_ISSOCK(inode->i_mode))
goto put_fail;
u = unix_find_socket_byinode(inode);
if (!u)
goto put_fail;
-@@ -787,6 +793,13 @@ static struct sock *unix_find_other(struct net *net,
+@@ -790,6 +796,13 @@ static struct sock *unix_find_other(struct net *net,
if (u) {
struct dentry *dentry;
dentry = unix_sk(u)->dentry;
if (dentry)
touch_atime(unix_sk(u)->mnt, dentry);
} else
-@@ -869,11 +882,18 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
+@@ -872,11 +885,18 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
err = security_path_mknod(&path, dentry, mode, 0);
if (err)
goto out_mknod_drop_write;
dput(path.dentry);
path.dentry = dentry;
diff --git a/net/wireless/core.h b/net/wireless/core.h
-index b9ec306..b4a563e 100644
+index 43ad9c8..ab5127c 100644
--- a/net/wireless/core.h
+++ b/net/wireless/core.h
@@ -27,7 +27,7 @@ struct cfg80211_registered_device {
iwp->length += essid_compat;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
-index 9049a5c..cfa6f5c 100644
+index 7661576..80f7627 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -299,7 +299,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy)
+#!/bin/sh
+echo -e "#include \"gcc-plugin.h\"\n#include \"tree.h\"\n#include \"tm.h\"\n#include \"rtl.h\"" | $1 -x c -shared - -o /dev/null -I`$2 -print-file-name=plugin`/include >/dev/null 2>&1 && echo "y"
diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c
-index f936d1f..a66d95f 100644
+index e047e17..ea646ec 100644
--- a/scripts/mod/file2alias.c
+++ b/scripts/mod/file2alias.c
-@@ -72,7 +72,7 @@ static void device_id_check(const char *modname, const char *device_id,
+@@ -128,7 +128,7 @@ static void device_id_check(const char *modname, const char *device_id,
unsigned long size, unsigned long id_size,
void *symval)
{
if (size % id_size || size < id_size) {
if (cross_build != 0)
-@@ -102,7 +102,7 @@ static void device_id_check(const char *modname, const char *device_id,
+@@ -158,7 +158,7 @@ static void device_id_check(const char *modname, const char *device_id,
/* USB is special because the bcdDevice can be matched against a numeric range */
/* Looks like "usb:vNpNdNdcNdscNdpNicNiscNipN" */
static void do_usb_entry(struct usb_device_id *id,
unsigned char range_lo, unsigned char range_hi,
unsigned char max, struct module *mod)
{
-@@ -203,7 +203,7 @@ static void do_usb_entry_multi(struct usb_device_id *id, struct module *mod)
+@@ -259,7 +259,7 @@ static void do_usb_entry_multi(struct usb_device_id *id, struct module *mod)
{
unsigned int devlo, devhi;
unsigned char chi, clo, max;
id->match_flags = TO_NATIVE(id->match_flags);
id->idVendor = TO_NATIVE(id->idVendor);
-@@ -437,7 +437,7 @@ static void do_pnp_device_entry(void *symval, unsigned long size,
+@@ -501,7 +501,7 @@ static void do_pnp_device_entry(void *symval, unsigned long size,
for (i = 0; i < count; i++) {
const char *id = (char *)devs[i].id;
char acpi_id[sizeof(devs[0].id)];
buf_printf(&mod->dev_table_buf,
"MODULE_ALIAS(\"pnp:d%s*\");\n", id);
-@@ -467,7 +467,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size,
+@@ -531,7 +531,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size,
for (j = 0; j < PNP_MAX_DEVICES; j++) {
const char *id = (char *)card->devs[j].id;
int dup = 0;
if (!id[0])
-@@ -493,7 +493,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size,
+@@ -557,7 +557,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size,
/* add an individual alias for every device entry */
if (!dup) {
char acpi_id[sizeof(card->devs[0].id)];
buf_printf(&mod->dev_table_buf,
"MODULE_ALIAS(\"pnp:d%s*\");\n", id);
-@@ -807,7 +807,7 @@ static void dmi_ascii_filter(char *d, const char *s)
+@@ -882,7 +882,7 @@ static void dmi_ascii_filter(char *d, const char *s)
static int do_dmi_entry(const char *filename, struct dmi_system_id *id,
char *alias)
{
sprintf(alias, "dmi*");
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
-index 2bd594e..d43245e 100644
+index c4e7d15..4241aef 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
-@@ -919,6 +919,7 @@ enum mismatch {
+@@ -922,6 +922,7 @@ enum mismatch {
ANY_INIT_TO_ANY_EXIT,
ANY_EXIT_TO_ANY_INIT,
EXPORT_TO_INIT_EXIT,
};
struct sectioncheck {
-@@ -1027,6 +1028,12 @@ const struct sectioncheck sectioncheck[] = {
+@@ -1030,6 +1031,12 @@ const struct sectioncheck sectioncheck[] = {
.tosec = { INIT_SECTIONS, EXIT_SECTIONS, NULL },
.mismatch = EXPORT_TO_INIT_EXIT,
.symbol_white_list = { DEFAULT_SYMBOL_WHITE_LIST, NULL },
}
};
-@@ -1149,10 +1156,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr,
+@@ -1152,10 +1159,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr,
continue;
if (ELF_ST_TYPE(sym->st_info) == STT_SECTION)
continue;
if (d < 0)
d = addr - sym->st_value;
if (d < distance) {
-@@ -1431,6 +1438,14 @@ static void report_sec_mismatch(const char *modname,
+@@ -1434,6 +1441,14 @@ static void report_sec_mismatch(const char *modname,
tosym, prl_to, prl_to, tosym);
free(prl_to);
break;
}
fprintf(stderr, "\n");
}
-@@ -1656,7 +1671,7 @@ static void section_rel(const char *modname, struct elf_info *elf,
+@@ -1668,7 +1683,7 @@ static void section_rel(const char *modname, struct elf_info *elf,
static void check_sec_ref(struct module *mod, const char *modname,
struct elf_info *elf)
{
Elf_Shdr *sechdrs = elf->sechdrs;
/* Walk through all sections */
-@@ -1754,7 +1769,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf,
+@@ -1766,7 +1781,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf,
va_end(ap);
}
{
if (buf->size - buf->pos < len) {
buf->size += len + SZ;
-@@ -1972,7 +1987,7 @@ static void write_if_changed(struct buffer *b, const char *fname)
+@@ -1984,7 +1999,7 @@ static void write_if_changed(struct buffer *b, const char *fname)
if (fstat(fileno(file), &st) < 0)
goto close_write;
tmp = NOFAIL(malloc(b->pos));
diff --git a/scripts/mod/modpost.h b/scripts/mod/modpost.h
-index 2031119..b5433af 100644
+index 51207e4..f7d603d 100644
--- a/scripts/mod/modpost.h
+++ b/scripts/mod/modpost.h
@@ -92,15 +92,15 @@ void *do_nofail(void *ptr, const char *expr);
logoname);
write_hex_cnt = 0;
for (i = 0; i < logo_clutsize; i++) {
+diff --git a/scripts/tags.sh b/scripts/tags.sh
+index 833813a..0bc8588 100755
+--- a/scripts/tags.sh
++++ b/scripts/tags.sh
+@@ -116,7 +116,7 @@ docscope()
+
+ dogtags()
+ {
+- all_sources | gtags -f -
++ all_sources | gtags -i -f -
+ }
+
+ exuberant()
diff --git a/security/Kconfig b/security/Kconfig
-index 51bd5a0..58c5b70 100644
+index 51bd5a0..c37f5e6 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,639 @@
+@@ -4,6 +4,640 @@
menu "Security options"
+
+config PAX_SIZE_OVERFLOW
+ bool "Prevent various integer overflows in function size parameters"
++ depends on X86
+ help
+ By saying Y here the kernel recomputes expressions of function
+ arguments marked by a size_overflow attribute with double integer
config KEYS
bool "Enable access key retention support"
help
-@@ -169,7 +802,7 @@ config INTEL_TXT
+@@ -169,7 +803,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
help
This is the portion of low virtual memory which should be protected
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index 3783202..1852837 100644
+index 97ce8fa..23dad96 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
-@@ -621,7 +621,7 @@ static int apparmor_task_setrlimit(struct task_struct *task,
+@@ -620,7 +620,7 @@ static int apparmor_task_setrlimit(struct task_struct *task,
return error;
}
.ptrace_access_check = apparmor_ptrace_access_check,
diff --git a/security/commoncap.c b/security/commoncap.c
-index ee4f848..a320c64 100644
+index b8d2bb9..980069e 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
-@@ -28,6 +28,7 @@
- #include <linux/prctl.h>
+@@ -29,6 +29,7 @@
#include <linux/securebits.h>
#include <linux/user_namespace.h>
+ #include <linux/personality.h>
+#include <net/sock.h>
/*
* If a non-root user executes a setuid-root binary in
-@@ -58,7 +59,7 @@ int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
-
- int cap_netlink_recv(struct sk_buff *skb, int cap)
- {
-- if (!cap_raised(current_cap(), cap))
-+ if (!cap_raised(current_cap(), cap) || !gr_is_capable(cap))
- return -EPERM;
- return 0;
- }
-@@ -579,6 +580,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm)
+@@ -575,6 +576,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm)
{
const struct cred *cred = current_cred();
entry = kmalloc(sizeof(*entry), GFP_KERNEL);
if (!entry) {
-diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c
-index c5c5a72..2ad942f 100644
---- a/security/integrity/ima/ima_audit.c
-+++ b/security/integrity/ima/ima_audit.c
-@@ -56,9 +56,11 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode,
- audit_log_format(ab, " name=");
- audit_log_untrustedstring(ab, fname);
- }
-- if (inode)
-- audit_log_format(ab, " dev=%s ino=%lu",
-- inode->i_sb->s_id, inode->i_ino);
-+ if (inode) {
-+ audit_log_format(ab, " dev=");
-+ audit_log_untrustedstring(ab, inode->i_sb->s_id);
-+ audit_log_format(ab, " ino=%lu", inode->i_ino);
-+ }
- audit_log_format(ab, " res=%d", !result ? 0 : 1);
- audit_log_end(ab);
- }
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index e1aa2b4..52027bf 100644
--- a/security/integrity/ima/ima_fs.c
if (iov != iovstack)
kfree(iov);
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
-index 37a7f3b..86dc19f 100644
+index d605f75..2bc6be9 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -214,15 +214,15 @@ static long keyring_read(const struct key *keyring,
goto error;
buflen -= tmp;
-diff --git a/security/lsm_audit.c b/security/lsm_audit.c
-index 893af8a..ba9237c 100644
---- a/security/lsm_audit.c
-+++ b/security/lsm_audit.c
-@@ -234,10 +234,11 @@ static void dump_common_audit_data(struct audit_buffer *ab,
- audit_log_d_path(ab, "path=", &a->u.path);
-
- inode = a->u.path.dentry->d_inode;
-- if (inode)
-- audit_log_format(ab, " dev=%s ino=%lu",
-- inode->i_sb->s_id,
-- inode->i_ino);
-+ if (inode) {
-+ audit_log_format(ab, " dev=");
-+ audit_log_untrustedstring(ab, inode->i_sb->s_id);
-+ audit_log_format(ab, " ino=%lu", inode->i_ino);
-+ }
- break;
- }
- case LSM_AUDIT_DATA_DENTRY: {
-@@ -247,10 +248,11 @@ static void dump_common_audit_data(struct audit_buffer *ab,
- audit_log_untrustedstring(ab, a->u.dentry->d_name.name);
-
- inode = a->u.dentry->d_inode;
-- if (inode)
-- audit_log_format(ab, " dev=%s ino=%lu",
-- inode->i_sb->s_id,
-- inode->i_ino);
-+ if (inode) {
-+ audit_log_format(ab, " dev=");
-+ audit_log_untrustedstring(ab, inode->i_sb->s_id);
-+ audit_log_format(ab, " ino=%lu", inode->i_ino);
-+ }
- break;
- }
- case LSM_AUDIT_DATA_INODE: {
-@@ -265,8 +267,9 @@ static void dump_common_audit_data(struct audit_buffer *ab,
- dentry->d_name.name);
- dput(dentry);
- }
-- audit_log_format(ab, " dev=%s ino=%lu", inode->i_sb->s_id,
-- inode->i_ino);
-+ audit_log_format(ab, " dev=");
-+ audit_log_untrustedstring(ab, inode->i_sb->s_id);
-+ audit_log_format(ab, " ino=%lu", inode->i_ino);
- break;
- }
- case LSM_AUDIT_DATA_TASK:
diff --git a/security/min_addr.c b/security/min_addr.c
index f728728..6457a0c 100644
--- a/security/min_addr.c
/*
diff --git a/security/security.c b/security/security.c
-index e2f684a..8d62ef5 100644
+index d754249..8bf426e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -26,8 +26,8 @@
/* Save user chosen LSM */
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index 1126c10..effb32b 100644
+index 6a3683e..f52f4c0 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -94,8 +94,6 @@
/* SECMARK reference count */
static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
-@@ -5449,7 +5447,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
+@@ -5429,7 +5427,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
#endif
#else
static inline int selinux_xfrm_enabled(void)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
-index 7db62b4..ee4d949 100644
+index e8af5b0b..78527ef 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3481,7 +3481,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
.ptrace_access_check = smack_ptrace_access_check,
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
-index 4b327b6..646c57a 100644
+index 620d37c..e2ad89b 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
-@@ -504,7 +504,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg,
+@@ -501,7 +501,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg,
* tomoyo_security_ops is a "struct security_operations" which is used for
* registering TOMOYO.
*/
/* PCM3052 register definitions */
diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c
-index 3cc4b86..af0a951 100644
+index 08fde00..0bf641a 100644
--- a/sound/core/oss/pcm_oss.c
+++ b/sound/core/oss/pcm_oss.c
@@ -1189,10 +1189,10 @@ snd_pcm_sframes_t snd_pcm_oss_write3(struct snd_pcm_substream *substream, const
dev->driver_data = NULL;
ops->num_init_devices--;
diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c
-index f24bf9a..1f7b67c 100644
+index 621e60e..f4543f5 100644
--- a/sound/drivers/mts64.c
+++ b/sound/drivers/mts64.c
@@ -29,6 +29,7 @@
int timeout = 10;
while ((inb(opl4->fm_port) & OPL4_STATUS_BUSY) && --timeout > 0)
diff --git a/sound/drivers/portman2x4.c b/sound/drivers/portman2x4.c
-index f664823..590c745 100644
+index 3e32bd3..46fc152 100644
--- a/sound/drivers/portman2x4.c
+++ b/sound/drivers/portman2x4.c
@@ -48,6 +48,7 @@
default:
return -EINVAL;
diff --git a/sound/isa/cmi8330.c b/sound/isa/cmi8330.c
-index c94578d..0794ac1 100644
+index 7bd5e33..1fcab12 100644
--- a/sound/isa/cmi8330.c
+++ b/sound/isa/cmi8330.c
@@ -172,7 +172,7 @@ struct snd_cmi8330 {
list_add(&s->list, &cs4297a_devs);
diff --git a/sound/pci/hda/hda_codec.h b/sound/pci/hda/hda_codec.h
-index 71f6744..d8aeae7 100644
+index f0f1943..8e1f96c 100644
--- a/sound/pci/hda/hda_codec.h
+++ b/sound/pci/hda/hda_codec.h
-@@ -614,7 +614,7 @@ struct hda_bus_ops {
+@@ -611,7 +611,7 @@ struct hda_bus_ops {
/* notify power-up/down from codec to controller */
void (*pm_notify)(struct hda_bus *bus);
#endif
/* template to pass to the bus constructor */
struct hda_bus_template {
-@@ -716,6 +716,7 @@ struct hda_codec_ops {
+@@ -713,6 +713,7 @@ struct hda_codec_ops {
#endif
void (*reboot_notify)(struct hda_codec *codec);
};
/* record for amp information cache */
struct hda_cache_head {
-@@ -746,7 +747,7 @@ struct hda_pcm_ops {
+@@ -743,7 +744,7 @@ struct hda_pcm_ops {
struct snd_pcm_substream *substream);
int (*cleanup)(struct hda_pcm_stream *info, struct hda_codec *codec,
struct snd_pcm_substream *substream);
/* PCM information for each substream */
struct hda_pcm_stream {
-@@ -804,7 +805,7 @@ struct hda_codec {
+@@ -801,7 +802,7 @@ struct hda_codec {
const char *modelname; /* model name for preset */
/* set by patch */
diff --git a/sound/pci/ymfpci/ymfpci_main.c b/sound/pci/ymfpci/ymfpci_main.c
-index 03ee4e3..be86b46 100644
+index 12a9a2b..2b6138f 100644
--- a/sound/pci/ymfpci/ymfpci_main.c
+++ b/sound/pci/ymfpci/ymfpci_main.c
@@ -203,8 +203,8 @@ static void snd_ymfpci_hw_stop(struct snd_ymfpci *chip)
wake_up(&chip->interrupt_sleep);
}
}
-@@ -2382,7 +2382,7 @@ int __devinit snd_ymfpci_create(struct snd_card *card,
+@@ -2389,7 +2389,7 @@ int __devinit snd_ymfpci_create(struct snd_card *card,
spin_lock_init(&chip->reg_lock);
spin_lock_init(&chip->voice_lock);
init_waitqueue_head(&chip->interrupt_sleep);
chip->pci = pci;
chip->irq = -1;
diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c
-index ee15337..e2187a6 100644
+index cdc860a..db34a93 100644
--- a/sound/soc/soc-pcm.c
+++ b/sound/soc/soc-pcm.c
-@@ -583,7 +583,7 @@ static snd_pcm_uframes_t soc_pcm_pointer(struct snd_pcm_substream *substream)
- }
-
- /* ASoC PCM operations */
--static struct snd_pcm_ops soc_pcm_ops = {
-+static snd_pcm_ops_no_const soc_pcm_ops = {
- .open = soc_pcm_open,
- .close = soc_pcm_close,
- .hw_params = soc_pcm_hw_params,
+@@ -605,7 +605,7 @@ int soc_new_pcm(struct snd_soc_pcm_runtime *rtd, int num)
+ struct snd_soc_platform *platform = rtd->platform;
+ struct snd_soc_dai *codec_dai = rtd->codec_dai;
+ struct snd_soc_dai *cpu_dai = rtd->cpu_dai;
+- struct snd_pcm_ops *soc_pcm_ops = &rtd->ops;
++ snd_pcm_ops_no_const *soc_pcm_ops = &rtd->ops;
+ struct snd_pcm *pcm;
+ char new_name[64];
+ int ret = 0, playback = 0, capture = 0;
diff --git a/sound/usb/card.h b/sound/usb/card.h
-index a39edcc..1014050 100644
+index da5fa1a..113cd02 100644
--- a/sound/usb/card.h
+++ b/sound/usb/card.h
-@@ -44,6 +44,7 @@ struct snd_urb_ops {
+@@ -45,6 +45,7 @@ struct snd_urb_ops {
int (*prepare_sync)(struct snd_usb_substream *subs, struct snd_pcm_runtime *runtime, struct urb *u);
int (*retire_sync)(struct snd_usb_substream *subs, struct snd_pcm_runtime *runtime, struct urb *u);
};
struct snd_usb_substream {
struct snd_usb_stream *stream;
-@@ -93,7 +94,7 @@ struct snd_usb_substream {
+@@ -94,7 +95,7 @@ struct snd_usb_substream {
struct snd_pcm_hw_constraint_list rate_list; /* limited rates */
spinlock_t lock;
+}
diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c
new file mode 100644
-index 0000000..704a564
+index 0000000..88a7438
--- /dev/null
+++ b/tools/gcc/constify_plugin.c
@@ -0,0 +1,303 @@
+// continue;
+
+ if (walk_struct(type)) {
-+ error("constified variable %qE cannot be local", var);
++ error_at(DECL_SOURCE_LOCATION(var), "constified variable %qE cannot be local", var);
+ return 1;
+ }
+ }
+}
diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c
new file mode 100644
-index 0000000..008f159
+index 0000000..d8a8da2
--- /dev/null
+++ b/tools/gcc/kernexec_plugin.c
@@ -0,0 +1,427 @@
+ update_stmt(assign_intptr);
+
+ // cast temporary unsigned long back to a temporary fptr variable
-+ new_fptr = create_tmp_var(TREE_TYPE(old_fptr), "kernexec");
++ new_fptr = create_tmp_var(TREE_TYPE(old_fptr), "kernexec_fptr");
+ add_referenced_var(new_fptr);
+ mark_sym_for_renaming(new_fptr);
+ assign_new_fptr = gimple_build_assign(new_fptr, fold_convert(TREE_TYPE(old_fptr), intptr));
+}
diff --git a/tools/gcc/size_overflow_hash1.h b/tools/gcc/size_overflow_hash1.h
new file mode 100644
-index 0000000..55a1292
+index 0000000..16ccac1
--- /dev/null
+++ b/tools/gcc/size_overflow_hash1.h
-@@ -0,0 +1,2760 @@
+@@ -0,0 +1,3047 @@
+struct size_overflow_hash size_overflow_hash1[65536] = {
+ [10013].file = "security/smack/smackfs.c",
+ [10013].name = "smk_write_direct",
+ [1022].file = "sound/pci/rme9652/rme9652.c",
+ [1022].name = "snd_rme9652_playback_copy",
+ [1022].param5 = 1,
++ [10321].file = "drivers/platform/x86/thinkpad_acpi.c",
++ [10321].name = "create_attr_set",
++ [10321].param1 = 1,
+ [10341].file = "fs/nfsd/nfs4xdr.c",
+ [10341].name = "read_buf",
+ [10341].param2 = 1,
+ [10397].file = "drivers/gpu/drm/i915/i915_debugfs.c",
+ [10397].name = "i915_wedged_write",
+ [10397].param3 = 1,
++ [10399].file = "kernel/trace/trace.c",
++ [10399].name = "trace_seq_to_user",
++ [10399].param3 = 1,
+ [10414].file = "drivers/tty/vt/vt.c",
+ [10414].name = "vc_do_resize",
+ [10414].param3 = 1,
+ [10414].param4 = 1,
-+ [10496].file = "drivers/bluetooth/hci_vhci.c",
-+ [10496].name = "vhci_read",
-+ [10496].param3 = 1,
+ [10565].file = "drivers/input/touchscreen/ad7879-spi.c",
+ [10565].name = "ad7879_spi_multi_read",
+ [10565].param3 = 1,
+ [10707].file = "fs/nfs/idmap.c",
+ [10707].name = "nfs_idmap_request_key",
+ [10707].param2 = 1,
++ [1073].file = "drivers/block/aoe/aoecmd.c",
++ [1073].name = "addtgt",
++ [1073].param3 = 1,
++ [10745].file = "fs/cifs/connect.c",
++ [10745].name = "get_server_iovec",
++ [10745].param2 = 1,
++ [10750].file = "drivers/net/wireless/iwmc3200wifi/rx.c",
++ [10750].name = "iwm_ntf_calib_res",
++ [10750].param3 = 1,
+ [10773].file = "drivers/input/mousedev.c",
+ [10773].name = "mousedev_read",
+ [10773].param3 = 1,
+ [10777].file = "fs/ntfs/file.c",
+ [10777].name = "ntfs_file_buffered_write",
+ [10777].param6 = 1,
++ [10893].file = "drivers/misc/sgi-gru/gruprocfs.c",
++ [10893].name = "options_write",
++ [10893].param3 = 1,
+ [10919].file = "net/ipv4/netfilter/arp_tables.c",
+ [10919].name = "do_arpt_set_ctl",
+ [10919].param4 = 1,
-+ [11054].file = "drivers/net/wireless/libertas/debugfs.c",
-+ [11054].name = "lbs_wrmac_write",
-+ [11054].param3 = 1,
-+ [11068].file = "drivers/net/wireless/libertas/debugfs.c",
-+ [11068].name = "lbs_wrrf_write",
-+ [11068].param3 = 1,
++ [1107].file = "mm/process_vm_access.c",
++ [1107].name = "process_vm_rw_single_vec",
++ [1107].param1 = 1,
++ [1107].param2 = 1,
++ [11230].file = "net/core/neighbour.c",
++ [11230].name = "neigh_hash_grow",
++ [11230].param2 = 1,
+ [11364].file = "fs/ext4/super.c",
+ [11364].name = "ext4_kvzalloc",
+ [11364].param1 = 1,
-+ [11402].file = "drivers/net/wireless/libertas/debugfs.c",
-+ [11402].name = "lbs_threshold_write",
-+ [11402].param5 = 1,
-+ [11494].file = "drivers/video/via/viafbdev.c",
-+ [11494].name = "viafb_dvp1_proc_write",
-+ [11494].param3 = 1,
++ [114].file = "security/selinux/selinuxfs.c",
++ [114].name = "sel_write_relabel",
++ [114].param3 = 1,
++ [11549].file = "drivers/media/rc/redrat3.c",
++ [11549].name = "redrat3_transmit_ir",
++ [11549].param3 = 1,
++ [11568].file = "drivers/gpu/drm/drm_scatter.c",
++ [11568].name = "drm_vmalloc_dma",
++ [11568].param1 = 1,
++ [11582].file = "drivers/scsi/lpfc/lpfc_sli.c",
++ [11582].name = "lpfc_sli4_queue_alloc",
++ [11582].param3 = 1,
+ [11616].file = "security/selinux/selinuxfs.c",
+ [11616].name = "sel_write_enforce",
+ [11616].param3 = 1,
+ [11784].file = "fs/bio.c",
+ [11784].name = "bio_kmalloc",
+ [11784].param2 = 1,
-+ [11814].file = "drivers/staging/speakup/kobjects.c",
-+ [11814].name = "keymap_store",
-+ [11814].param4 = 1,
-+ [11912].file = "net/sunrpc/cache.c",
-+ [11912].name = "cache_write_pipefs",
-+ [11912].param3 = 1,
+ [11919].file = "drivers/lguest/core.c",
+ [11919].name = "__lgread",
+ [11919].param4 = 1,
++ [11925].file = "drivers/media/video/cx18/cx18-fileops.c",
++ [11925].name = "cx18_copy_mdl_to_user",
++ [11925].param4 = 1,
++ [11985].file = "drivers/block/floppy.c",
++ [11985].name = "fd_copyin",
++ [11985].param3 = 1,
+ [11986].file = "drivers/net/usb/asix.c",
+ [11986].name = "asix_read_cmd",
+ [11986].param5 = 1,
++ [12018].file = "sound/core/oss/pcm_oss.c",
++ [12018].name = "snd_pcm_oss_read1",
++ [12018].param3 = 1,
+ [12059].file = "drivers/net/wireless/libertas/debugfs.c",
+ [12059].name = "lbs_debugfs_write",
+ [12059].param3 = 1,
-+ [12071].file = "lib/kstrtox.c",
-+ [12071].name = "kstrtou8_from_user",
-+ [12071].param2 = 1,
+ [12151].file = "fs/compat.c",
+ [12151].name = "compat_rw_copy_check_uvector",
+ [12151].param3 = 1,
+ [12395].file = "drivers/char/hw_random/core.c",
+ [12395].name = "rng_dev_read",
+ [12395].param3 = 1,
-+ [1248].file = "kernel/kprobes.c",
-+ [1248].name = "write_enabled_file_bool",
-+ [1248].param3 = 1,
-+ [12501].file = "net/mac80211/debugfs.c",
-+ [12501].name = "uapsd_max_sp_len_write",
-+ [12501].param3 = 1,
-+ [12591].file = "sound/core/pcm_lib.c",
-+ [12591].name = "snd_pcm_lib_writev_transfer",
-+ [12591].param5 = 1,
+ [12602].file = "net/sunrpc/cache.c",
+ [12602].name = "cache_downcall",
+ [12602].param3 = 1,
+ [12840].file = "net/sctp/tsnmap.c",
+ [12840].name = "sctp_tsnmap_mark",
+ [12840].param2 = 1,
-+ [12896].file = "drivers/net/wireless/wl12xx/debugfs.c",
-+ [12896].name = "beacon_filtering_write",
-+ [12896].param3 = 1,
+ [12931].file = "drivers/hid/hid-roccat.c",
+ [12931].name = "roccat_read",
+ [12931].param3 = 1,
+ [12954].file = "fs/proc/base.c",
+ [12954].name = "oom_adjust_write",
+ [12954].param3 = 1,
-+ [13013].file = "drivers/media/dvb/ttpci/av7110_ca.c",
-+ [13013].name = "dvb_ca_write",
-+ [13013].param3 = 1,
+ [13103].file = "drivers/acpi/acpica/utobject.c",
+ [13103].name = "acpi_ut_create_string_object",
+ [13103].param1 = 1,
+ [13121].file = "net/ipv4/ip_sockglue.c",
+ [13121].name = "do_ip_setsockopt",
+ [13121].param5 = 1,
++ [1327].file = "net/netfilter/nfnetlink_log.c",
++ [1327].name = "nfulnl_alloc_skb",
++ [1327].param2 = 1,
+ [13337].file = "net/core/iovec.c",
+ [13337].name = "csum_partial_copy_fromiovecend",
+ [13337].param4 = 1,
+ [13342].file = "fs/jbd2/journal.c",
+ [13342].name = "jbd2_alloc",
+ [13342].param1 = 1,
++ [13384].file = "drivers/char/virtio_console.c",
++ [13384].name = "alloc_buf",
++ [13384].param1 = 1,
+ [13412].file = "fs/proc/base.c",
+ [13412].name = "oom_score_adj_write",
+ [13412].param3 = 1,
++ [13559].file = "drivers/media/video/ivtv/ivtv-fileops.c",
++ [13559].name = "ivtv_read",
++ [13559].param3 = 1,
++ [13618].file = "drivers/net/team/team.c",
++ [13618].name = "team_options_register",
++ [13618].param3 = 1,
+ [13659].file = "drivers/net/wan/hdlc.c",
+ [13659].name = "attach_hdlc_protocol",
+ [13659].param3 = 1,
+ [13708].file = "drivers/usb/misc/usbtest.c",
+ [13708].name = "simple_alloc_urb",
+ [13708].param3 = 1,
-+ [13863].file = "drivers/net/wireless/iwlwifi/iwl-agn-rs.c",
-+ [13863].name = "rs_sta_dbgfs_scale_table_write",
-+ [13863].param3 = 1,
++ [13805].file = "drivers/misc/altera-stapl/altera-jtag.c",
++ [13805].name = "altera_swap_dr",
++ [13805].param2 = 1,
++ [13868].file = "fs/lockd/mon.c",
++ [13868].name = "nsm_create_handle",
++ [13868].param4 = 1,
+ [13924].file = "net/ipv4/netfilter/ip_tables.c",
+ [13924].name = "do_ipt_set_ctl",
+ [13924].param4 = 1,
+ [14029].file = "drivers/spi/spidev.c",
+ [14029].name = "spidev_compat_ioctl",
+ [14029].param2 = 1,
-+ [14031].file = "drivers/net/wireless/ath/ath5k/debug.c",
-+ [14031].name = "write_file_beacon",
-+ [14031].param3 = 1,
-+ [14086].file = "fs/nfs/nfs4proc.c",
-+ [14086].name = "nfs4_reset_slot_table",
-+ [14086].param2 = 1,
+ [14090].file = "drivers/bluetooth/btmrvl_debugfs.c",
+ [14090].name = "btmrvl_hsmode_write",
+ [14090].param3 = 1,
-+ [14125].file = "kernel/module.c",
-+ [14125].name = "load_module",
-+ [14125].param2 = 1,
+ [14149].file = "drivers/hid/hidraw.c",
+ [14149].name = "hidraw_ioctl",
+ [14149].param2 = 1,
+ [14241].file = "drivers/platform/x86/asus_acpi.c",
+ [14241].name = "brn_proc_write",
+ [14241].param3 = 1,
-+ [14299].file = "sound/core/oss/pcm_plugin.c",
-+ [14299].name = "snd_pcm_plugin_alloc",
-+ [14299].param2 = 1,
+ [14345].file = "fs/cachefiles/daemon.c",
+ [14345].name = "cachefiles_daemon_write",
+ [14345].param3 = 1,
+ [14347].file = "drivers/media/dvb/dvb-core/dvb_ca_en50221.c",
+ [14347].name = "dvb_ca_en50221_io_write",
+ [14347].param3 = 1,
-+ [14462].file = "fs/namei.c",
-+ [14462].name = "sys_rmdir",
-+ [14462].param1 = 1,
-+ [14478].file = "drivers/char/random.c",
-+ [14478].name = "random_write",
-+ [14478].param3 = 1,
++ [14566].file = "drivers/pci/hotplug/ibmphp_ebda.c",
++ [14566].name = "alloc_ebda_hpc",
++ [14566].param1 = 1,
++ [14566].param2 = 1,
+ [1458].file = "drivers/misc/lkdtm.c",
+ [1458].name = "direct_entry",
+ [1458].param3 = 1,
-+ [145].file = "lib/xz/xz_dec_test.c",
-+ [145].name = "xz_dec_test_write",
-+ [145].param3 = 1,
+ [14646].file = "fs/compat.c",
+ [14646].name = "compat_writev",
+ [14646].param3 = 1,
++ [14684].file = "drivers/media/video/stk-webcam.c",
++ [14684].name = "stk_allocate_buffers",
++ [14684].param2 = 1,
+ [14736].file = "drivers/usb/misc/usbtest.c",
+ [14736].name = "unlink_queued",
+ [14736].param3 = 1,
-+ [14842].file = "fs/namei.c",
-+ [14842].name = "sys_renameat",
-+ [14842].param2 = 1,
-+ [14842].param4 = 1,
++ [1482].file = "drivers/scsi/scsi_netlink.c",
++ [1482].name = "scsi_nl_send_vendor_msg",
++ [1482].param5 = 1,
+ [15017].file = "drivers/edac/edac_device.c",
+ [15017].name = "edac_device_alloc_ctl_info",
+ [15017].param1 = 1,
++ [15044].file = "drivers/uio/uio.c",
++ [15044].name = "uio_write",
++ [15044].param3 = 1,
+ [15087].file = "fs/bio.c",
+ [15087].name = "bio_map_kern",
+ [15087].param2 = 1,
+ [15112].file = "drivers/xen/evtchn.c",
+ [15112].name = "evtchn_write",
+ [15112].param3 = 1,
++ [15130].file = "net/bluetooth/hci_core.c",
++ [15130].name = "hci_send_cmd",
++ [15130].param3 = 1,
++ [15202].file = "net/bluetooth/rfcomm/tty.c",
++ [15202].name = "rfcomm_wmalloc",
++ [15202].param2 = 1,
+ [15274].file = "crypto/shash.c",
+ [15274].name = "crypto_shash_setkey",
+ [15274].param3 = 1,
++ [15354].file = "drivers/isdn/mISDN/socket.c",
++ [15354].name = "mISDN_sock_sendmsg",
++ [15354].param4 = 1,
+ [15361].file = "drivers/char/agp/generic.c",
+ [15361].name = "agp_allocate_memory",
+ [15361].param2 = 1,
+ [15884].file = "fs/exofs/super.c",
+ [15884].name = "exofs_read_lookup_dev_table",
+ [15884].param3 = 1,
-+ [1603].file = "fs/debugfs/file.c",
-+ [1603].name = "write_file_bool",
-+ [1603].param3 = 1,
++ [16037].file = "drivers/staging/media/easycap/easycap_sound.c",
++ [16037].name = "easycap_alsa_vmalloc",
++ [16037].param2 = 1,
+ [16073].file = "net/sctp/socket.c",
+ [16073].name = "sctp_setsockopt",
+ [16073].param5 = 1,
++ [16132].file = "drivers/staging/vme/devices/vme_user.c",
++ [16132].name = "buffer_from_user",
++ [16132].param3 = 1,
+ [16138].file = "security/selinux/ss/services.c",
+ [16138].name = "security_context_to_sid_force",
+ [16138].param2 = 1,
+ [16383].file = "fs/proc/base.c",
+ [16383].name = "comm_write",
+ [16383].param3 = 1,
++ [16396].file = "drivers/misc/altera-stapl/altera-jtag.c",
++ [16396].name = "altera_irscan",
++ [16396].param2 = 1,
+ [16447].file = "drivers/hid/usbhid/hiddev.c",
+ [16447].name = "hiddev_ioctl",
+ [16447].param2 = 1,
+ [16453].file = "include/linux/slab.h",
+ [16453].name = "kzalloc",
+ [16453].param1 = 1,
-+ [16535].file = "fs/proc/generic.c",
-+ [16535].name = "proc_file_read",
-+ [16535].param3 = 1,
+ [16605].file = "fs/ecryptfs/miscdev.c",
+ [16605].name = "ecryptfs_send_miscdev",
+ [16605].param2 = 1,
+ [16606].file = "drivers/ide/ide-tape.c",
+ [16606].name = "idetape_chrdev_write",
+ [16606].param3 = 1,
-+ [16741].file = "fs/namei.c",
-+ [16741].name = "sys_unlinkat",
-+ [16741].param2 = 1,
++ [16637].file = "security/keys/encrypted-keys/encrypted.c",
++ [16637].name = "datablob_hmac_verify",
++ [16637].param4 = 1,
++ [16828].file = "net/batman-adv/hash.c",
++ [16828].name = "hash_new",
++ [16828].param1 = 1,
++ [16853].file = "drivers/net/ethernet/chelsio/cxgb4vf/sge.c",
++ [16853].name = "t4vf_pktgl_to_skb",
++ [16853].param2 = 1,
+ [16911].file = "drivers/media/dvb/ttpci/av7110_hw.c",
+ [16911].name = "LoadBitmap",
+ [16911].param2 = 1,
++ [169].file = "drivers/net/ethernet/amd/pcnet32.c",
++ [169].name = "pcnet32_realloc_rx_ring",
++ [169].param3 = 1,
+ [17075].file = "sound/isa/gus/gus_dram.c",
+ [17075].name = "snd_gus_dram_write",
+ [17075].param4 = 1,
+ [17133].file = "drivers/usb/misc/iowarrior.c",
+ [17133].name = "iowarrior_read",
+ [17133].param3 = 1,
-+ [17139].file = "fs/ubifs/xattr.c",
-+ [17139].name = "ubifs_setxattr",
-+ [17139].param4 = 1,
+ [17185].file = "net/wireless/scan.c",
+ [17185].name = "cfg80211_inform_bss",
+ [17185].param8 = 1,
+ [1754].file = "sound/core/oss/pcm_oss.c",
+ [1754].name = "snd_pcm_oss_write",
+ [1754].param3 = 1,
-+ [17571].file = "drivers/ptp/ptp_chardev.c",
-+ [17571].name = "ptp_read",
-+ [17571].param4 = 1,
-+ [17684].file = "fs/namei.c",
-+ [17684].name = "sys_mknod",
-+ [17684].param1 = 1,
++ [17604].file = "fs/proc/generic.c",
++ [17604].name = "__proc_file_read",
++ [17604].param3 = 1,
+ [17718].file = "net/caif/caif_socket.c",
+ [17718].name = "setsockopt",
+ [17718].param5 = 1,
-+ [17875].file = "fs/namei.c",
-+ [17875].name = "sys_linkat",
-+ [17875].param2 = 1,
-+ [17875].param4 = 1,
++ [17828].file = "kernel/sched/core.c",
++ [17828].name = "sched_feat_write",
++ [17828].param3 = 1,
++ [17841].file = "drivers/misc/tifm_core.c",
++ [17841].name = "tifm_alloc_adapter",
++ [17841].param1 = 1,
+ [17946].file = "drivers/net/wireless/libertas/if_spi.c",
+ [17946].name = "if_spi_host_to_card",
+ [17946].param4 = 1,
+ [1800].file = "drivers/media/dvb/dvb-core/dmxdev.c",
+ [1800].name = "dvb_dvr_do_ioctl",
+ [1800].param3 = 1,
-+ [18102].file = "net/netlink/af_netlink.c",
-+ [18102].name = "netlink_change_ngroups",
-+ [18102].param2 = 1,
-+ [18183].file = "drivers/tty/tty_buffer.c",
-+ [18183].name = "tty_insert_flip_string_fixed_flag",
-+ [18183].param4 = 1,
++ [18119].file = "drivers/misc/iwmc3200top/fw-download.c",
++ [18119].name = "iwmct_fw_parser_init",
++ [18119].param4 = 1,
++ [18140].file = "drivers/scsi/pm8001/pm8001_ctl.c",
++ [18140].name = "pm8001_store_update_fw",
++ [18140].param4 = 1,
++ [18191].file = "sound/pci/hda/patch_realtek.c",
++ [18191].name = "new_bind_ctl",
++ [18191].param2 = 1,
+ [18224].file = "drivers/xen/grant-table.c",
+ [18224].name = "gnttab_map",
+ [18224].param2 = 1,
+ [18232].file = "fs/nfs/write.c",
+ [18232].name = "nfs_writedata_alloc",
+ [18232].param1 = 1,
-+ [18277].file = "drivers/char/virtio_console.c",
-+ [18277].name = "port_fops_write",
-+ [18277].param3 = 1,
++ [18247].file = "drivers/char/agp/generic.c",
++ [18247].name = "agp_create_user_memory",
++ [18247].param1 = 1,
+ [18303].file = "fs/xattr.c",
+ [18303].name = "getxattr",
+ [18303].param4 = 1,
+ [18465].file = "drivers/net/ethernet/chelsio/cxgb3/cxgb3_offload.c",
+ [18465].name = "cxgb_alloc_mem",
+ [18465].param1 = 1,
++ [184].file = "drivers/firewire/nosy.c",
++ [184].name = "packet_buffer_init",
++ [184].param2 = 1,
+ [1858].file = "net/ipv6/netfilter/ip6_tables.c",
+ [1858].name = "do_ip6t_set_ctl",
+ [1858].param4 = 1,
+ [18659].file = "drivers/media/dvb/dvb-core/dvbdev.c",
+ [18659].name = "dvb_usercopy",
+ [18659].param2 = 1,
-+ [18775].file = "drivers/net/wireless/ath/ath5k/debug.c",
-+ [18775].name = "write_file_frameerrors",
-+ [18775].param3 = 1,
-+ [18928].file = "drivers/staging/speakup/devsynth.c",
-+ [18928].name = "speakup_file_write",
-+ [18928].param3 = 1,
-+ [18988].file = "drivers/staging/vme/devices/vme_user.c",
-+ [18988].name = "vme_user_read",
-+ [18988].param3 = 1,
++ [18722].file = "security/tomoyo/condition.c",
++ [18722].name = "tomoyo_scan_bprm",
++ [18722].param2 = 1,
++ [18722].param4 = 1,
++ [18775].file = "include/linux/textsearch.h",
++ [18775].name = "alloc_ts_config",
++ [18775].param1 = 1,
++ [18940].file = "drivers/usb/host/hwa-hc.c",
++ [18940].name = "__hwahc_op_set_gtk",
++ [18940].param4 = 1,
+ [19012].file = "drivers/acpi/event.c",
+ [19012].name = "acpi_system_read_event",
+ [19012].param3 = 1,
+ [19107].file = "security/smack/smackfs.c",
+ [19107].name = "smk_write_load_list",
+ [19107].param3 = 1,
-+ [19261].file = "net/netlabel/netlabel_domainhash.c",
-+ [19261].name = "netlbl_domhsh_init",
-+ [19261].param1 = 1,
++ [19240].file = "net/sctp/socket.c",
++ [19240].name = "sctp_setsockopt_delayed_ack",
++ [19240].param3 = 1,
+ [19274].file = "net/core/pktgen.c",
+ [19274].name = "pktgen_if_write",
+ [19274].param3 = 1,
+ [19286].file = "drivers/base/regmap/regmap.c",
+ [19286].name = "_regmap_raw_write",
+ [19286].param4 = 1,
-+ [19288].file = "net/ipv6/raw.c",
-+ [19288].name = "rawv6_setsockopt",
-+ [19288].param5 = 1,
+ [19308].file = "drivers/char/mem.c",
+ [19308].name = "read_oldmem",
+ [19308].param3 = 1,
-+ [19332].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [19332].name = "iwl_dbgfs_plcp_delta_write",
-+ [19332].param3 = 1,
++ [19343].file = "security/keys/encrypted-keys/encrypted.c",
++ [19343].name = "datablob_hmac_append",
++ [19343].param3 = 1,
+ [19349].file = "drivers/acpi/acpica/utobject.c",
+ [19349].name = "acpi_ut_create_package_object",
+ [19349].param1 = 1,
++ [19453].file = "drivers/net/ethernet/chelsio/cxgb/sge.c",
++ [19453].name = "sge_rx",
++ [19453].param3 = 1,
+ [19504].file = "drivers/usb/serial/garmin_gps.c",
+ [19504].name = "pkt_add",
+ [19504].param3 = 1,
+ [19548].file = "drivers/scsi/qla2xxx/qla_init.c",
+ [19548].name = "qla2x00_get_ctx_sp",
+ [19548].param3 = 1,
++ [19592].file = "net/dccp/proto.c",
++ [19592].name = "dccp_setsockopt_service",
++ [19592].param4 = 1,
++ [19726].file = "kernel/trace/trace.c",
++ [19726].name = "tracing_set_trace_write",
++ [19726].param3 = 1,
+ [19738].file = "fs/sysfs/file.c",
+ [19738].name = "sysfs_write_file",
+ [19738].param3 = 1,
-+ [19833].file = "drivers/xen/xenfs/privcmd.c",
++ [19833].file = "drivers/xen/privcmd.c",
+ [19833].name = "gather_array",
+ [19833].param3 = 1,
-+ [19909].file = "drivers/net/wireless/libertas/debugfs.c",
-+ [19909].name = "lbs_sleepparams_write",
-+ [19909].param3 = 1,
++ [19910].file = "drivers/media/video/saa7164/saa7164-buffer.c",
++ [19910].name = "saa7164_buffer_alloc_user",
++ [19910].param2 = 1,
+ [19920].file = "drivers/input/joydev.c",
+ [19920].name = "joydev_ioctl",
+ [19920].param2 = 1,
+ [19931].file = "drivers/usb/misc/ftdi-elan.c",
+ [19931].name = "ftdi_elan_write",
+ [19931].param3 = 1,
-+ [19943].file = "drivers/net/wireless/ath/ath9k/debug.c",
-+ [19943].name = "write_file_regval",
-+ [19943].param3 = 1,
+ [19960].file = "drivers/usb/class/usblp.c",
+ [19960].name = "usblp_read",
+ [19960].param3 = 1,
++ [1996].file = "drivers/scsi/libsrp.c",
++ [1996].name = "srp_target_alloc",
++ [1996].param3 = 1,
+ [20023].file = "drivers/media/video/gspca/gspca.c",
+ [20023].name = "dev_read",
+ [20023].param3 = 1,
-+ [20113].file = "drivers/net/wireless/libertas/debugfs.c",
-+ [20113].name = "lbs_rdmac_write",
-+ [20113].param3 = 1,
++ [20207].file = "net/core/sock.c",
++ [20207].name = "sock_alloc_send_pskb",
++ [20207].param2 = 1,
++ [20263].file = "kernel/trace/trace_events.c",
++ [20263].name = "event_filter_write",
++ [20263].param3 = 1,
+ [20314].file = "drivers/gpu/drm/drm_hashtab.c",
+ [20314].name = "drm_ht_create",
+ [20314].param2 = 1,
++ [20320].file = "drivers/mfd/sm501.c",
++ [20320].name = "sm501_create_subdev",
++ [20320].param3 = 1,
++ [20320].param4 = 1,
+ [20376].file = "mm/nobootmem.c",
+ [20376].name = "__alloc_bootmem_nopanic",
+ [20376].param1 = 1,
-+ [20606].file = "fs/nilfs2/mdt.c",
-+ [20606].name = "nilfs_mdt_init",
-+ [20606].param3 = 1,
++ [20409].file = "drivers/media/dvb/dvb-usb/opera1.c",
++ [20409].name = "opera1_usb_i2c_msgxfer",
++ [20409].param4 = 1,
++ [20473].file = "drivers/mtd/mtdchar.c",
++ [20473].name = "mtdchar_write",
++ [20473].param3 = 1,
+ [20611].file = "net/netfilter/x_tables.c",
+ [20611].name = "xt_alloc_table_info",
+ [20611].param1 = 1,
++ [20618].file = "drivers/staging/crystalhd/crystalhd_lnx.c",
++ [20618].name = "chd_dec_fetch_cdata",
++ [20618].param3 = 1,
+ [20713].file = "drivers/gpu/drm/ttm/ttm_bo_vm.c",
+ [20713].name = "ttm_bo_io",
+ [20713].param5 = 1,
-+ [20730].file = "drivers/media/video/videobuf2-vmalloc.c",
-+ [20730].name = "vb2_vmalloc_alloc",
-+ [20730].param2 = 1,
+ [20801].file = "drivers/vhost/vhost.c",
+ [20801].name = "vhost_add_used_n",
+ [20801].param3 = 1,
+ [20951].file = "crypto/rng.c",
+ [20951].name = "rngapi_reset",
+ [20951].param3 = 1,
-+ [21134].file = "drivers/video/via/viafbdev.c",
-+ [21134].name = "viafb_dfph_proc_write",
-+ [21134].param3 = 1,
++ [21125].file = "fs/gfs2/dir.c",
++ [21125].name = "gfs2_alloc_sort_buffer",
++ [21125].param1 = 1,
++ [21132].file = "kernel/cgroup.c",
++ [21132].name = "cgroup_write_X64",
++ [21132].param5 = 1,
++ [21138].file = "drivers/uio/uio.c",
++ [21138].name = "uio_read",
++ [21138].param3 = 1,
+ [21193].file = "net/wireless/sme.c",
+ [21193].name = "cfg80211_disconnected",
+ [21193].param4 = 1,
-+ [21277].file = "drivers/usb/storage/shuttle_usbat.c",
-+ [21277].name = "usbat_flash_write_data",
-+ [21277].param4 = 1,
+ [21312].file = "lib/ts_kmp.c",
+ [21312].name = "kmp_init",
+ [21312].param2 = 1,
+ [21335].file = "net/econet/af_econet.c",
+ [21335].name = "econet_sendmsg",
+ [21335].param4 = 1,
-+ [21397].file = "net/core/sock.c",
-+ [21397].name = "sock_setsockopt",
-+ [21397].param5 = 1,
+ [21406].file = "fs/libfs.c",
+ [21406].name = "simple_write_to_buffer",
+ [21406].param2 = 1,
+ [21459].file = "security/smack/smackfs.c",
+ [21459].name = "smk_write_doi",
+ [21459].param3 = 1,
-+ [21468].file = "drivers/char/virtio_console.c",
-+ [21468].name = "port_fops_read",
-+ [21468].param3 = 1,
++ [21508].file = "include/linux/usb/wusb.h",
++ [21508].name = "wusb_prf_64",
++ [21508].param7 = 1,
+ [21511].file = "drivers/input/ff-core.c",
+ [21511].name = "input_ff_create",
+ [21511].param2 = 1,
+ [21538].file = "net/bluetooth/l2cap_sock.c",
+ [21538].name = "l2cap_sock_setsockopt",
+ [21538].param5 = 1,
++ [21543].file = "drivers/media/video/gspca/gspca.c",
++ [21543].name = "frame_alloc",
++ [21543].param4 = 1,
+ [21608].file = "drivers/char/tpm/tpm.c",
+ [21608].name = "tpm_write",
+ [21608].param3 = 1,
+ [21679].file = "drivers/net/wireless/ath/carl9170/debug.c",
+ [21679].name = "carl9170_debugfs_write",
+ [21679].param3 = 1,
-+ [21712].file = "net/rxrpc/ar-output.c",
-+ [21712].name = "rxrpc_send_data",
-+ [21712].param5 = 1,
++ [21784].file = "crypto/ahash.c",
++ [21784].name = "ahash_setkey_unaligned",
++ [21784].param3 = 1,
+ [2180].file = "drivers/char/ppdev.c",
+ [2180].name = "pp_write",
+ [2180].param3 = 1,
++ [21810].file = "net/core/netprio_cgroup.c",
++ [21810].name = "extend_netdev_table",
++ [21810].param2 = 1,
++ [21906].file = "net/atm/mpc.c",
++ [21906].name = "copy_macs",
++ [21906].param4 = 1,
+ [21946].file = "fs/nfs/idmap.c",
+ [21946].name = "nfs_map_name_to_uid",
+ [21946].param3 = 1,
++ [22052].file = "drivers/net/ethernet/chelsio/cxgb3/sge.c",
++ [22052].name = "get_packet_pg",
++ [22052].param4 = 1,
+ [22085].file = "drivers/staging/sep/sep_driver.c",
+ [22085].name = "sep_lock_user_pages",
+ [22085].param2 = 1,
+ [22085].param3 = 1,
-+ [22187].file = "fs/namei.c",
-+ [22187].name = "user_path_at_empty",
-+ [22187].param2 = 1,
+ [22190].file = "drivers/char/tpm/tpm.c",
+ [22190].name = "tpm_read",
+ [22190].param3 = 1,
-+ [22204].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [22204].name = "iwl_dbgfs_echo_test_write",
-+ [22204].param3 = 1,
+ [22291].file = "net/core/pktgen.c",
+ [22291].name = "pgctrl_write",
+ [22291].param3 = 1,
+ [2243].file = "drivers/scsi/scsi_tgt_lib.c",
+ [2243].name = "scsi_tgt_kspace_exec",
+ [2243].param8 = 1,
-+ [22546].file = "drivers/char/pcmcia/cm4040_cs.c",
-+ [22546].name = "cm4040_read",
-+ [22546].param3 = 1,
-+ [22742].file = "drivers/tty/tty_buffer.c",
-+ [22742].name = "tty_insert_flip_string_flags",
-+ [22742].param4 = 1,
++ [22440].file = "drivers/uwb/neh.c",
++ [22440].name = "uwb_rc_neh_grok_event",
++ [22440].param3 = 1,
++ [22611].file = "drivers/staging/android/logger.c",
++ [22611].name = "do_write_log_from_user",
++ [22611].param3 = 1,
++ [22614].file = "drivers/media/video/cx18/cx18-fileops.c",
++ [22614].name = "cx18_copy_buf_to_user",
++ [22614].param4 = 1,
++ [22667].file = "drivers/misc/altera-stapl/altera-jtag.c",
++ [22667].name = "altera_set_ir_post",
++ [22667].param2 = 1,
+ [22772].file = "drivers/target/iscsi/iscsi_target_erl1.c",
+ [22772].name = "iscsit_dump_data_payload",
+ [22772].param2 = 1,
++ [22777].file = "drivers/infiniband/ulp/srp/ib_srp.c",
++ [22777].name = "srp_alloc_iu",
++ [22777].param2 = 1,
++ [22811].file = "drivers/usb/dwc3/debugfs.c",
++ [22811].name = "dwc3_mode_write",
++ [22811].param3 = 1,
++ [22817].file = "drivers/media/video/usbvision/usbvision-core.c",
++ [22817].name = "usbvision_rvmalloc",
++ [22817].param1 = 1,
++ [22864].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c",
++ [22864].name = "ath6kl_add_bss_if_needed",
++ [22864].param6 = 1,
+ [2286].file = "drivers/scsi/mvumi.c",
+ [2286].name = "mvumi_alloc_mem_resource",
+ [2286].param3 = 1,
+ [2302].file = "drivers/media/video/stk-webcam.c",
+ [2302].name = "v4l_stk_read",
+ [2302].param3 = 1,
-+ [23037].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [23037].name = "iwl_dbgfs_wd_timeout_write",
-+ [23037].param3 = 1,
+ [2307].file = "drivers/pcmcia/cistpl.c",
+ [2307].name = "pcmcia_replace_cis",
+ [2307].param3 = 1,
-+ [23093].file = "drivers/scsi/st.c",
-+ [23093].name = "st_read",
-+ [23093].param3 = 1,
+ [23117].file = "drivers/media/dvb/ttpci/av7110_av.c",
+ [23117].name = "dvb_audio_write",
+ [23117].param3 = 1,
++ [23220].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c",
++ [23220].name = "do_dmabuf_dirty_sou",
++ [23220].param7 = 1,
++ [23232].file = "drivers/md/persistent-data/dm-space-map-checker.c",
++ [23232].name = "sm_checker_extend",
++ [23232].param2 = 1,
+ [2324].file = "net/ieee802154/wpan-class.c",
+ [2324].name = "wpan_phy_alloc",
+ [2324].param1 = 1,
++ [2328].file = "kernel/trace/ftrace.c",
++ [2328].name = "ftrace_pid_write",
++ [2328].param3 = 1,
++ [23290].file = "fs/proc/base.c",
++ [23290].name = "mem_rw",
++ [23290].param3 = 1,
++ [23449].file = "crypto/blkcipher.c",
++ [23449].name = "blkcipher_next_slow",
++ [23449].param3 = 1,
++ [23449].param4 = 1,
+ [23535].file = "ipc/sem.c",
+ [23535].name = "sys_semtimedop",
+ [23535].param3 = 1,
+ [23589].file = "kernel/relay.c",
+ [23589].name = "subbuf_read_actor",
+ [23589].param3 = 1,
-+ [23619].file = "drivers/tty/tty_buffer.c",
-+ [23619].name = "tty_buffer_request_room",
-+ [23619].param2 = 1,
-+ [23640].file = "drivers/usb/host/ehci-dbg.c",
-+ [23640].name = "debug_lpm_write",
-+ [23640].param3 = 1,
-+ [23684].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c",
-+ [23684].name = "iwl_legacy_dbgfs_clear_traffic_statistics_write",
-+ [23684].param3 = 1,
+ [23848].file = "crypto/blkcipher.c",
+ [23848].name = "async_setkey",
+ [23848].param3 = 1,
+ [2386].file = "drivers/acpi/acpica/exnames.c",
+ [2386].name = "acpi_ex_allocate_name_string",
+ [2386].param2 = 1,
-+ [23883].file = "drivers/net/wireless/iwlwifi/iwl-trans-pcie.c",
-+ [23883].name = "iwl_dbgfs_interrupt_write",
-+ [23883].param3 = 1,
++ [2389].file = "net/core/sock.c",
++ [2389].name = "sock_rmalloc",
++ [2389].param2 = 1,
++ [23994].file = "net/bluetooth/mgmt.c",
++ [23994].name = "set_powered",
++ [23994].param4 = 1,
+ [23999].file = "sound/pci/rme9652/hdsp.c",
+ [23999].name = "snd_hdsp_capture_copy",
+ [23999].param5 = 1,
-+ [24072].file = "drivers/staging/pohmelfs/inode.c",
-+ [24072].name = "pohmelfs_send_readpages",
-+ [24072].param3 = 1,
+ [24233].file = "drivers/pci/pcie/aer/aer_inject.c",
+ [24233].name = "aer_inject_write",
+ [24233].param3 = 1,
-+ [24263].file = "kernel/cgroup.c",
-+ [24263].name = "cgroup_file_write",
-+ [24263].param3 = 1,
-+ [24313].file = "drivers/staging/frontier/tranzport.c",
-+ [24313].name = "usb_tranzport_write",
-+ [24313].param3 = 1,
+ [24359].file = "kernel/power/qos.c",
+ [24359].name = "pm_qos_power_write",
+ [24359].param3 = 1,
-+ [24410].file = "drivers/net/wireless/ipw2x00/libipw_module.c",
-+ [24410].name = "debug_level_proc_write",
-+ [24410].param3 = 1,
+ [24457].file = "fs/btrfs/backref.c",
+ [24457].name = "init_data_container",
+ [24457].param1 = 1,
-+ [24539].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c",
-+ [24539].name = "vmw_framebuffer_dmabuf_dirty",
-+ [24539].param6 = 1,
+ [24719].file = "drivers/input/evdev.c",
+ [24719].name = "bits_to_user",
-+ [24719].param2 = 1,
+ [24719].param3 = 1,
+ [2472].file = "net/ipv4/netfilter/ip_tables.c",
+ [2472].name = "compat_do_ipt_set_ctl",
+ [25036].file = "fs/pipe.c",
+ [25036].name = "pipe_iov_copy_from_user",
+ [25036].param3 = 1,
++ [25078].file = "drivers/net/wireless/p54/fwio.c",
++ [25078].name = "p54_download_eeprom",
++ [25078].param4 = 1,
+ [25127].file = "drivers/scsi/device_handler/scsi_dh_alua.c",
+ [25127].name = "realloc_buffer",
+ [25127].param2 = 1,
++ [25145].file = "net/tipc/link.c",
++ [25145].name = "link_send_sections_long",
++ [25145].param4 = 1,
+ [25157].file = "security/keys/request_key_auth.c",
+ [25157].name = "request_key_auth_new",
+ [25157].param3 = 1,
+ [25158].file = "drivers/net/ethernet/mellanox/mlx4/en_rx.c",
+ [25158].name = "mlx4_en_create_rx_ring",
+ [25158].param3 = 1,
-+ [25223].file = "drivers/platform/x86/toshiba_acpi.c",
-+ [25223].name = "fan_proc_write",
-+ [25223].param3 = 1,
+ [25267].file = "fs/configfs/file.c",
+ [25267].name = "configfs_write_file",
+ [25267].param3 = 1,
-+ [25356].file = "net/core/dev.c",
-+ [25356].name = "alloc_netdev_mqs",
-+ [25356].param4 = 1,
-+ [25356].param5 = 1,
+ [25495].file = "drivers/scsi/bfa/bfad_debugfs.c",
+ [25495].name = "bfad_debugfs_write_regwr",
+ [25495].param3 = 1,
+ [25558].param3 = 1,
+ [25692].file = "drivers/net/wireless/ath/ath6kl/wmi.c",
+ [25692].name = "ath6kl_wmi_send_action_cmd",
-+ [25692].param6 = 1,
-+ [2609].file = "lib/kstrtox.c",
-+ [2609].name = "kstrtoul_from_user",
-+ [2609].param2 = 1,
++ [25692].param7 = 1,
++ [25765].file = "drivers/media/dvb/b2c2/flexcop.c",
++ [25765].name = "flexcop_device_kmalloc",
++ [25765].param1 = 1,
+ [26100].file = "sound/core/info.c",
+ [26100].name = "snd_info_entry_write",
+ [26100].param3 = 1,
-+ [26215].file = "drivers/md/dm-table.c",
-+ [26215].name = "dm_table_create",
-+ [26215].param3 = 1,
+ [26256].file = "fs/hpfs/name.c",
+ [26256].name = "hpfs_translate_name",
+ [26256].param3 = 1,
-+ [26404].file = "drivers/net/wireless/mwifiex/debugfs.c",
-+ [26404].name = "mwifiex_rdeeprom_write",
-+ [26404].param3 = 1,
++ [26394].file = "drivers/hid/hidraw.c",
++ [26394].name = "hidraw_get_report",
++ [26394].param3 = 1,
+ [26494].file = "kernel/signal.c",
+ [26494].name = "sys_rt_sigpending",
+ [26494].param2 = 1,
+ [26560].file = "crypto/algapi.c",
+ [26560].name = "crypto_alloc_instance2",
+ [26560].param3 = 1,
++ [26605].file = "security/selinux/selinuxfs.c",
++ [26605].name = "sel_write_user",
++ [26605].param3 = 1,
+ [26620].file = "net/bluetooth/mgmt.c",
+ [26620].name = "mgmt_control",
+ [26620].param3 = 1,
+ [26845].file = "drivers/scsi/qla2xxx/qla_bsg.c",
+ [26845].name = "qla2x00_get_ctx_bsg_sp",
+ [26845].param3 = 1,
++ [26888].file = "net/bridge/br_ioctl.c",
++ [26888].name = "get_fdb_entries",
++ [26888].param3 = 1,
+ [26962].file = "drivers/usb/class/usbtmc.c",
+ [26962].name = "usbtmc_write",
+ [26962].param3 = 1,
+ [27164].file = "include/drm/drm_mem_util.h",
+ [27164].name = "drm_calloc_large",
+ [27164].param1 = 1,
-+ [2722].file = "drivers/gpu/drm/ttm/ttm_page_alloc.c",
-+ [2722].name = "ttm_alloc_new_pages",
-+ [2722].param5 = 1,
++ [27164].param2 = 1,
++ [27176].file = "drivers/mtd/devices/mtd_dataflash.c",
++ [27176].name = "otp_read",
++ [27176].param2 = 1,
++ [27176].param5 = 1,
+ [27232].file = "security/apparmor/lib.c",
+ [27232].name = "kvmalloc",
+ [27232].param1 = 1,
+ [27302].file = "fs/proc/base.c",
+ [27302].name = "proc_loginuid_write",
+ [27302].param3 = 1,
++ [2730].file = "drivers/target/iscsi/iscsi_target_parameters.c",
++ [2730].name = "iscsi_decode_text_input",
++ [2730].param4 = 1,
++ [27314].file = "net/bluetooth/mgmt.c",
++ [27314].name = "cmd_complete",
++ [27314].param5 = 1,
+ [27472].file = "security/selinux/selinuxfs.c",
+ [27472].name = "sel_write_load",
+ [27472].param3 = 1,
+ [27582].file = "drivers/platform/x86/asus_acpi.c",
+ [27582].name = "ledd_proc_write",
+ [27582].param3 = 1,
-+ [27695].file = "fs/namei.c",
-+ [27695].name = "sys_link",
-+ [27695].param1 = 1,
-+ [27695].param2 = 1,
++ [27595].file = "net/core/sock.c",
++ [27595].name = "sock_alloc_send_skb",
++ [27595].param2 = 1,
++ [27648].file = "net/bluetooth/l2cap_core.c",
++ [27648].name = "l2cap_bredr_sig_cmd",
++ [27648].param3 = 1,
+ [27697].file = "drivers/staging/mei/iorw.c",
+ [27697].name = "amthi_read",
+ [27697].param4 = 1,
++ [27911].file = "fs/ext4/resize.c",
++ [27911].name = "alloc_flex_gd",
++ [27911].param1 = 1,
+ [27927].file = "drivers/tty/tty_io.c",
+ [27927].name = "redirected_tty_write",
+ [27927].param3 = 1,
+ [28040].name = "__kfifo_alloc",
+ [28040].param2 = 1,
+ [28040].param3 = 1,
-+ [28092].file = "fs/select.c",
-+ [28092].name = "do_sys_poll",
-+ [28092].param2 = 1,
-+ [28170].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [28170].name = "iwl_dbgfs_ucode_tracing_write",
-+ [28170].param3 = 1,
++ [28151].file = "mm/filemap_xip.c",
++ [28151].name = "do_xip_mapping_read",
++ [28151].param5 = 1,
+ [28247].file = "net/sctp/tsnmap.c",
+ [28247].name = "sctp_tsnmap_init",
+ [28247].param2 = 1,
++ [28253].file = "include/linux/fb.h",
++ [28253].name = "alloc_apertures",
++ [28253].param1 = 1,
+ [28265].file = "fs/notify/fanotify/fanotify_user.c",
+ [28265].name = "fanotify_write",
+ [28265].param3 = 1,
+ [28316].file = "drivers/input/joydev.c",
+ [28316].name = "joydev_ioctl_common",
+ [28316].param2 = 1,
++ [28359].file = "drivers/spi/spidev.c",
++ [28359].name = "spidev_message",
++ [28359].param3 = 1,
+ [28360].file = "drivers/hid/usbhid/hiddev.c",
+ [28360].name = "hiddev_compat_ioctl",
+ [28360].param2 = 1,
+ [28407].file = "drivers/net/wireless/rt2x00/rt2x00debug.c",
+ [28407].name = "rt2x00debug_write_csr",
+ [28407].param3 = 1,
-+ [28462].file = "net/rfkill/core.c",
-+ [28462].name = "rfkill_fop_write",
-+ [28462].param3 = 1,
-+ [28635].file = "drivers/gpu/drm/drm_sman.c",
-+ [28635].name = "drm_sman_init",
-+ [28635].param2 = 1,
-+ [28655].file = "drivers/infiniband/hw/mthca/mthca_allocator.c",
-+ [28655].name = "mthca_alloc_init",
-+ [28655].param2 = 1,
-+ [28688].file = "mm/mempolicy.c",
-+ [28688].name = "compat_sys_get_mempolicy",
-+ [28688].param3 = 1,
++ [2847].file = "fs/ntfs/file.c",
++ [2847].name = "ntfs_copy_from_user",
++ [2847].param3 = 1,
++ [2847].param5 = 1,
++ [28584].file = "drivers/memstick/core/memstick.c",
++ [28584].name = "memstick_alloc_host",
++ [28584].param1 = 1,
+ [28783].file = "drivers/gpu/drm/i915/i915_debugfs.c",
+ [28783].name = "i915_cache_sharing_write",
+ [28783].param3 = 1,
+ [29092].file = "lib/lru_cache.c",
+ [29092].name = "lc_create",
+ [29092].param3 = 1,
-+ [29189].file = "drivers/gpu/drm/ttm/ttm_page_alloc.c",
-+ [29189].name = "ttm_put_pages",
-+ [29189].param2 = 1,
+ [29257].file = "drivers/vhost/vhost.c",
+ [29257].name = "vhost_add_used_and_signal_n",
+ [29257].param4 = 1,
-+ [29366].file = "drivers/char/pcmcia/cm4000_cs.c",
-+ [29366].name = "cmm_read",
-+ [29366].param3 = 1,
++ [29267].file = "net/ipv4/fib_trie.c",
++ [29267].name = "tnode_alloc",
++ [29267].param1 = 1,
++ [29338].file = "drivers/net/ethernet/brocade/bna/bnad_debugfs.c",
++ [29338].name = "bnad_debugfs_write_regwr",
++ [29338].param3 = 1,
++ [29353].file = "net/sctp/socket.c",
++ [29353].name = "sctp_setsockopt_del_key",
++ [29353].param3 = 1,
+ [29405].file = "drivers/media/dvb/dvb-usb/dw2102.c",
+ [29405].name = "dw210x_op_rw",
+ [29405].param6 = 1,
-+ [29437].file = "drivers/net/wireless/iwlegacy/iwl-4965-rs.c",
-+ [29437].name = "iwl4965_rs_sta_dbgfs_scale_table_write",
-+ [29437].param3 = 1,
-+ [29465].file = "drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c",
-+ [29465].name = "mem_read",
-+ [29465].param3 = 1,
++ [29542].file = "net/nfc/nci/core.c",
++ [29542].name = "nci_send_cmd",
++ [29542].param3 = 1,
+ [29714].file = "drivers/scsi/cxgbi/libcxgbi.c",
+ [29714].name = "cxgbi_device_register",
+ [29714].param1 = 1,
+ [29714].param2 = 1,
++ [2972].file = "drivers/staging/crystalhd/crystalhd_misc.c",
++ [2972].name = "crystalhd_create_dio_pool",
++ [2972].param2 = 1,
++ [29769].file = "drivers/misc/iwmc3200top/log.c",
++ [29769].name = "store_iwmct_log_level",
++ [29769].param4 = 1,
++ [29792].file = "drivers/staging/bcm/nvm.c",
++ [29792].name = "BcmCopySection",
++ [29792].param5 = 1,
+ [29859].file = "net/rds/page.c",
+ [29859].name = "rds_page_copy_user",
+ [29859].param4 = 1,
-+ [29875].file = "sound/isa/gus/gus_pcm.c",
-+ [29875].name = "snd_gf1_pcm_playback_copy",
-+ [29875].param5 = 1,
+ [29905].file = "mm/nobootmem.c",
+ [29905].name = "___alloc_bootmem",
+ [29905].param1 = 1,
+ [2995].file = "mm/page_alloc.c",
+ [2995].name = "alloc_large_system_hash",
+ [2995].param2 = 1,
++ [30000].file = "drivers/net/wireless/brcm80211/brcmsmac/phy/phy_n.c",
++ [30000].name = "wlc_phy_loadsampletable_nphy",
++ [30000].param3 = 1,
+ [30242].file = "fs/cifs/cifssmb.c",
+ [30242].name = "cifs_readdata_alloc",
+ [30242].param1 = 1,
-+ [30341].file = "drivers/infiniband/hw/qib/qib_verbs.c",
-+ [30341].name = "qib_verbs_send",
-+ [30341].param3 = 1,
-+ [30341].param5 = 1,
-+ [30438].file = "mm/filemap_xip.c",
-+ [30438].name = "xip_file_read",
-+ [30438].param3 = 1,
-+ [30449].file = "drivers/telephony/ixj.c",
-+ [30449].name = "ixj_read",
-+ [30449].param3 = 1,
-+ [30489].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [30489].name = "iwl_dbgfs_rx_handlers_write",
-+ [30489].param3 = 1,
-+ [30693].file = "fs/namei.c",
-+ [30693].name = "sys_rename",
-+ [30693].param1 = 1,
-+ [30693].param2 = 1,
-+ [307].file = "drivers/base/regmap/regmap-debugfs.c",
-+ [307].name = "regmap_map_read_file",
-+ [307].param3 = 1,
-+ [30970].file = "drivers/usb/misc/ldusb.c",
-+ [30970].name = "ld_usb_read",
++ [30494].file = "net/ceph/buffer.c",
++ [30494].name = "ceph_buffer_new",
++ [30494].param1 = 1,
++ [30590].file = "security/tomoyo/memory.c",
++ [30590].name = "tomoyo_commit_ok",
++ [30590].param2 = 1,
++ [3060].file = "lib/mpi/mpiutil.c",
++ [3060].name = "mpi_alloc_limb_space",
++ [3060].param1 = 1,
++ [30687].file = "drivers/uwb/uwb-debug.c",
++ [30687].name = "command_write",
++ [30687].param3 = 1,
++ [30726].file = "drivers/bluetooth/hci_vhci.c",
++ [30726].name = "vhci_get_user",
++ [30726].param3 = 1,
++ [30873].file = "net/packet/af_packet.c",
++ [30873].name = "alloc_one_pg_vec_page",
++ [30873].param1 = 1,
++ [30970].file = "drivers/staging/hv/storvsc_drv.c",
++ [30970].name = "create_bounce_buffer",
+ [30970].param3 = 1,
-+ [31155].file = "drivers/staging/frontier/alphatrack.c",
-+ [31155].name = "usb_alphatrack_write",
-+ [31155].param3 = 1,
++ [310].file = "drivers/block/drbd/drbd_bitmap.c",
++ [310].name = "bm_realloc_pages",
++ [310].param2 = 1,
++ [3119].file = "drivers/misc/ibmasm/command.c",
++ [3119].name = "ibmasm_new_command",
++ [3119].param2 = 1,
+ [31207].file = "drivers/platform/x86/asus_acpi.c",
+ [31207].name = "parse_arg",
+ [31207].param2 = 1,
-+ [31348].file = "kernel/sched.c",
++ [31287].file = "drivers/scsi/libsrp.c",
++ [31287].name = "srp_iu_pool_alloc",
++ [31287].param2 = 1,
++ [31291].file = "sound/pci/rme9652/rme9652.c",
++ [31291].name = "snd_rme9652_capture_copy",
++ [31291].param5 = 1,
++ [31348].file = "kernel/sched/core.c",
+ [31348].name = "sys_sched_getaffinity",
+ [31348].param2 = 1,
-+ [31465].file = "net/rds/message.c",
-+ [31465].name = "rds_message_map_pages",
-+ [31465].param2 = 1,
+ [31492].file = "drivers/hid/hidraw.c",
+ [31492].name = "hidraw_read",
+ [31492].param3 = 1,
-+ [31649].file = "fs/ecryptfs/crypto.c",
-+ [31649].name = "ecryptfs_decode_and_decrypt_filename",
-+ [31649].param5 = 1,
+ [3170].file = "security/integrity/ima/ima_fs.c",
+ [3170].name = "ima_write_policy",
+ [3170].param3 = 1,
-+ [31730].file = "net/dccp/proto.c",
-+ [31730].name = "dccp_setsockopt",
-+ [31730].param5 = 1,
+ [31782].file = "drivers/misc/pti.c",
+ [31782].name = "pti_char_write",
+ [31782].param3 = 1,
+ [31957].file = "fs/afs/proc.c",
+ [31957].name = "afs_proc_cells_write",
+ [31957].param3 = 1,
-+ [32025].file = "drivers/nfc/pn544.c",
-+ [32025].name = "pn544_write",
-+ [32025].param3 = 1,
++ [32002].file = "net/sctp/socket.c",
++ [32002].name = "sctp_setsockopt_active_key",
++ [32002].param3 = 1,
+ [32182].file = "net/sunrpc/cache.c",
+ [32182].name = "cache_write",
+ [32182].param3 = 1,
++ [32278].file = "kernel/time/timer_stats.c",
++ [32278].name = "tstats_write",
++ [32278].param3 = 1,
+ [32326].file = "drivers/tty/n_r3964.c",
+ [32326].name = "r3964_write",
+ [32326].param4 = 1,
++ [32399].file = "drivers/net/phy/mdio_bus.c",
++ [32399].name = "mdiobus_alloc_size",
++ [32399].param1 = 1,
+ [32402].file = "net/ceph/pagevec.c",
+ [32402].name = "ceph_copy_user_to_page_vector",
+ [32402].param4 = 1,
+ [32459].file = "drivers/media/radio/radio-wl1273.c",
+ [32459].name = "wl1273_fm_fops_write",
+ [32459].param3 = 1,
++ [32531].file = "fs/bio.c",
++ [32531].name = "__bio_map_kern",
++ [32531].param2 = 1,
++ [32531].param3 = 1,
++ [32537].file = "drivers/staging/vme/devices/vme_user.c",
++ [32537].name = "buffer_to_user",
++ [32537].param3 = 1,
+ [32560].file = "drivers/input/input-mt.c",
+ [32560].name = "input_mt_init_slots",
+ [32560].param2 = 1,
-+ [32574].file = "mm/mempolicy.c",
-+ [32574].name = "sys_get_mempolicy",
-+ [32574].param3 = 1,
++ [32600].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c",
++ [32600].name = "ath6kl_set_assoc_req_ies",
++ [32600].param3 = 1,
+ [32608].file = "security/selinux/selinuxfs.c",
+ [32608].name = "sel_write_checkreqprot",
+ [32608].param3 = 1,
++ [32812].file = "drivers/net/ethernet/neterion/vxge/vxge-config.c",
++ [32812].name = "__vxge_hw_channel_allocate",
++ [32812].param3 = 1,
+ [32950].file = "fs/reiserfs/resize.c",
+ [32950].name = "reiserfs_resize",
+ [32950].param2 = 1,
+ [33010].file = "drivers/media/dvb/dvb-core/dvb_ringbuffer.c",
+ [33010].name = "dvb_ringbuffer_pkt_read_user",
+ [33010].param5 = 1,
++ [33130].file = "net/llc/llc_sap.c",
++ [33130].name = "llc_alloc_frame",
++ [33130].param4 = 1,
++ [33221].file = "crypto/ablkcipher.c",
++ [33221].name = "ablkcipher_copy_iv",
++ [33221].param3 = 1,
+ [33268].file = "mm/maccess.c",
+ [33268].name = "__probe_kernel_write",
+ [33268].param3 = 1,
+ [33375].file = "drivers/staging/rtl8712/osdep_service.h",
+ [33375].name = "_malloc",
+ [33375].param1 = 1,
++ [33420].file = "drivers/net/team/team.c",
++ [33420].name = "__team_options_register",
++ [33420].param3 = 1,
++ [33489].file = "fs/binfmt_misc.c",
++ [33489].name = "create_entry",
++ [33489].param2 = 1,
+ [33637].file = "net/9p/client.c",
+ [33637].name = "p9_client_read",
+ [33637].param5 = 1,
+ [33669].file = "fs/gfs2/glock.c",
+ [33669].name = "gfs2_glock_nq_m",
+ [33669].param1 = 1,
++ [33704].file = "drivers/gpu/drm/ttm/ttm_page_alloc_dma.c",
++ [33704].name = "ttm_dma_page_pool_free",
++ [33704].param2 = 1,
++ [33779].file = "drivers/staging/vme/devices/vme_user.c",
++ [33779].name = "resource_from_user",
++ [33779].param3 = 1,
+ [33810].file = "net/mac80211/util.c",
+ [33810].name = "ieee80211_send_probe_req",
+ [33810].param6 = 1,
+ [3384].file = "drivers/block/paride/pg.c",
+ [3384].name = "pg_write",
+ [3384].param3 = 1,
-+ [34016].file = "drivers/tty/tty_buffer.c",
-+ [34016].name = "tty_prepare_flip_string_flags",
-+ [34016].param4 = 1,
+ [34105].file = "fs/libfs.c",
+ [34105].name = "simple_read_from_buffer",
+ [34105].param2 = 1,
+ [34432].file = "drivers/edac/edac_pci.c",
+ [34432].name = "edac_pci_alloc_ctl_info",
+ [34432].param1 = 1,
++ [34532].file = "drivers/virtio/virtio_ring.c",
++ [34532].name = "vring_add_indirect",
++ [34532].param3 = 1,
++ [34532].param4 = 1,
++ [34543].file = "net/sctp/tsnmap.c",
++ [34543].name = "sctp_tsnmap_grow",
++ [34543].param2 = 1,
+ [34551].file = "fs/ocfs2/stack_user.c",
+ [34551].name = "ocfs2_control_cfu",
+ [34551].param2 = 1,
++ [34634].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c",
++ [34634].name = "ath6kl_send_go_probe_resp",
++ [34634].param3 = 1,
+ [34666].file = "fs/cifs/cifs_debug.c",
+ [34666].name = "cifs_security_flags_proc_write",
+ [34666].param3 = 1,
++ [3466].file = "drivers/misc/altera-stapl/altera-jtag.c",
++ [3466].name = "altera_drscan",
++ [3466].param2 = 1,
+ [34672].file = "drivers/tty/tty_io.c",
+ [34672].name = "tty_write",
+ [34672].param3 = 1,
++ [34679].file = "drivers/media/video/ivtv/ivtv-fileops.c",
++ [34679].name = "ivtv_copy_buf_to_user",
++ [34679].param4 = 1,
++ [34721].file = "drivers/usb/host/hwa-hc.c",
++ [34721].name = "__hwahc_dev_set_key",
++ [34721].param5 = 1,
++ [34749].file = "mm/nobootmem.c",
++ [34749].name = "__alloc_bootmem_low_node",
++ [34749].param2 = 1,
+ [34760].file = "include/acpi/platform/aclinux.h",
+ [34760].name = "acpi_os_allocate_zeroed",
+ [34760].param1 = 1,
+ [34802].file = "drivers/scsi/cxgbi/libcxgbi.h",
+ [34802].name = "cxgbi_alloc_big_mem",
+ [34802].param1 = 1,
-+ [34847].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [34847].name = "iwl_dbgfs_clear_traffic_statistics_write",
-+ [34847].param3 = 1,
+ [34863].file = "drivers/video/fbsysfs.c",
+ [34863].name = "framebuffer_alloc",
+ [34863].param1 = 1,
++ [34868].file = "drivers/net/ethernet/brocade/bna/bnad_debugfs.c",
++ [34868].name = "bnad_debugfs_write_regrd",
++ [34868].param3 = 1,
+ [34882].file = "drivers/platform/x86/toshiba_acpi.c",
+ [34882].name = "video_proc_write",
+ [34882].param3 = 1,
-+ [34988].file = "drivers/net/wireless/libertas/debugfs.c",
-+ [34988].name = "lbs_rdrf_write",
-+ [34988].param3 = 1,
-+ [35007].file = "drivers/usb/mon/mon_bin.c",
-+ [35007].name = "mon_bin_read",
-+ [35007].param3 = 1,
+ [35050].file = "fs/ocfs2/dlmfs/dlmfs.c",
+ [35050].name = "dlmfs_file_write",
+ [35050].param3 = 1,
+ [35129].file = "mm/nobootmem.c",
+ [35129].name = "___alloc_bootmem_nopanic",
+ [35129].param1 = 1,
-+ [35176].file = "drivers/usb/misc/ldusb.c",
-+ [35176].name = "ld_usb_write",
-+ [35176].param3 = 1,
++ [35159].file = "drivers/net/wimax/i2400m/usb.c",
++ [35159].name = "__i2400mu_send_barker",
++ [35159].param3 = 1,
++ [35232].file = "drivers/media/video/cx18/cx18-fileops.c",
++ [35232].name = "cx18_read",
++ [35232].param3 = 1,
+ [35234].file = "net/irda/irnet/irnet_ppp.c",
+ [35234].name = "irnet_ctrl_write",
+ [35234].param3 = 1,
+ [35268].file = "security/keys/request_key_auth.c",
+ [35268].name = "request_key_auth_read",
+ [35268].param3 = 1,
-+ [3541].file = "drivers/mtd/ubi/cdev.c",
-+ [3541].name = "vol_cdev_write",
-+ [3541].param3 = 1,
++ [3538].file = "net/bluetooth/mgmt.c",
++ [3538].name = "disconnect",
++ [3538].param4 = 1,
+ [35443].file = "sound/core/pcm_memory.c",
+ [35443].name = "_snd_pcm_lib_alloc_vmalloc_buffer",
+ [35443].param2 = 1,
-+ [35449].file = "fs/namei.c",
-+ [35449].name = "sys_mkdir",
-+ [35449].param1 = 1,
-+ [35542].file = "drivers/tty/ipwireless/hardware.c",
-+ [35542].name = "ipwireless_send_packet",
-+ [35542].param4 = 1,
++ [35468].file = "drivers/xen/xenbus/xenbus_dev_frontend.c",
++ [35468].name = "xenbus_file_write",
++ [35468].param3 = 1,
++ [35536].file = "kernel/sysctl_binary.c",
++ [35536].name = "bin_uuid",
++ [35536].param3 = 1,
++ [35551].file = "drivers/media/video/ivtv/ivtv-fileops.c",
++ [35551].name = "ivtv_read_pos",
++ [35551].param3 = 1,
+ [35556].file = "fs/read_write.c",
+ [35556].name = "sys_readv",
+ [35556].param3 = 1,
-+ [35610].file = "net/batman-adv/translation-table.c",
-+ [35610].name = "tt_save_orig_buffer",
-+ [35610].param4 = 1,
+ [35693].file = "drivers/staging/mei/main.c",
+ [35693].name = "mei_read",
+ [35693].param3 = 1,
++ [35703].file = "crypto/ablkcipher.c",
++ [35703].name = "ablkcipher_next_slow",
++ [35703].param3 = 1,
++ [35703].param4 = 1,
+ [35729].file = "include/linux/skbuff.h",
+ [35729].name = "__dev_alloc_skb",
+ [35729].param1 = 1,
+ [35880].file = "fs/ecryptfs/crypto.c",
+ [35880].name = "ecryptfs_encrypt_and_encode_filename",
+ [35880].param6 = 1,
-+ [3604].file = "net/batman-adv/translation-table.c",
-+ [3604].name = "tt_update_orig",
-+ [3604].param4 = 1,
++ [36076].file = "drivers/net/ethernet/sfc/tx.c",
++ [36076].name = "efx_tsoh_heap_alloc",
++ [36076].param2 = 1,
+ [36080].file = "drivers/media/video/v4l2-ioctl.c",
+ [36080].name = "video_usercopy",
+ [36080].param2 = 1,
+ [36199].file = "net/sunrpc/auth_gss/auth_gss.c",
+ [36199].name = "gss_pipe_downcall",
+ [36199].param3 = 1,
-+ [3630].file = "drivers/video/broadsheetfb.c",
-+ [3630].name = "broadsheetfb_write",
-+ [3630].param3 = 1,
-+ [3632].file = "drivers/firewire/core-cdev.c",
-+ [3632].name = "fw_device_op_read",
-+ [3632].param3 = 1,
++ [36206].file = "net/ipv4/tcp_input.c",
++ [36206].name = "tcp_collapse",
++ [36206].param5 = 1,
++ [36206].param6 = 1,
++ [36230].file = "drivers/net/wan/hdlc_ppp.c",
++ [36230].name = "ppp_cp_parse_cr",
++ [36230].param4 = 1,
++ [36284].file = "drivers/spi/spi.c",
++ [36284].name = "spi_register_board_info",
++ [36284].param2 = 1,
+ [36490].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c",
+ [36490].name = "ath6kl_cfg80211_connect_event",
+ [36490].param7 = 1,
+ [36560].file = "net/sunrpc/cache.c",
+ [36560].name = "write_flush",
+ [36560].param3 = 1,
-+ [36633].file = "drivers/net/wireless/rt2x00/rt2x00debug.c",
-+ [36633].name = "rt2x00debug_read_queue_stats",
-+ [36633].param3 = 1,
-+ [3665].file = "drivers/media/video/ivtv/ivtvfb.c",
-+ [3665].name = "ivtvfb_write",
-+ [3665].param3 = 1,
-+ [36981].file = "drivers/video/via/viafbdev.c",
-+ [36981].name = "viafb_dfpl_proc_write",
-+ [36981].param3 = 1,
++ [36807].file = "drivers/usb/mon/mon_bin.c",
++ [36807].name = "mon_bin_get_event",
++ [36807].param4 = 1,
+ [37034].file = "fs/cifs/cifssmb.c",
+ [37034].name = "cifs_writedata_alloc",
+ [37034].param1 = 1,
+ [37044].file = "sound/firewire/packets-buffer.c",
+ [37044].name = "iso_packets_buffer_init",
+ [37044].param3 = 1,
-+ [37115].file = "drivers/tty/tty_buffer.c",
-+ [37115].name = "tty_prepare_flip_string",
-+ [37115].param3 = 1,
++ [37108].file = "drivers/media/dvb/ttpci/av7110_av.c",
++ [37108].name = "dvb_video_write",
++ [37108].param3 = 1,
++ [37154].file = "net/nfc/llcp/commands.c",
++ [37154].name = "nfc_llcp_build_tlv",
++ [37154].param3 = 1,
+ [37163].file = "net/core/skbuff.c",
+ [37163].name = "__netdev_alloc_skb",
+ [37163].param2 = 1,
-+ [37204].file = "drivers/isdn/hardware/eicon/divasi.c",
-+ [37204].name = "um_idi_read",
-+ [37204].param3 = 1,
+ [37233].file = "fs/ocfs2/cluster/tcp.c",
+ [37233].name = "o2net_send_message_vec",
+ [37233].param4 = 1,
-+ [37309].file = "drivers/mtd/mtdchar.c",
-+ [37309].name = "mtd_do_readoob",
-+ [37309].param4 = 1,
-+ [37382].file = "drivers/staging/pohmelfs/inode.c",
-+ [37382].name = "pohmelfs_readpages_trans_complete",
-+ [37382].param2 = 1,
++ [37241].file = "net/atm/lec.c",
++ [37241].name = "lane2_associate_req",
++ [37241].param4 = 1,
+ [37384].file = "drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c",
+ [37384].name = "vmw_fifo_reserve",
+ [37384].param2 = 1,
+ [37497].file = "net/mac80211/util.c",
+ [37497].name = "ieee80211_build_probe_req",
+ [37497].param7 = 1,
-+ [37594].file = "include/linux/poll.h",
-+ [37594].name = "get_fd_set",
-+ [37594].param1 = 1,
++ [37535].file = "kernel/trace/trace.c",
++ [37535].name = "tracing_trace_options_write",
++ [37535].param3 = 1,
+ [37611].file = "drivers/xen/xenbus/xenbus_xs.c",
+ [37611].name = "split",
+ [37611].param2 = 1,
+ [37661].file = "mm/filemap.c",
+ [37661].name = "file_read_actor",
+ [37661].param4 = 1,
-+ [37872].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [37872].name = "iwl_dbgfs_protection_mode_write",
-+ [37872].param3 = 1,
++ [37852].file = "drivers/staging/android/logger.c",
++ [37852].name = "do_read_log_to_user",
++ [37852].param4 = 1,
++ [37921].file = "drivers/net/wireless/wl12xx/rx.c",
++ [37921].name = "wl1271_rx_handle_data",
++ [37921].param3 = 1,
+ [37976].file = "drivers/platform/x86/asus_acpi.c",
+ [37976].name = "bluetooth_proc_write",
+ [37976].param3 = 1,
+ [3801].file = "drivers/block/paride/pt.c",
+ [3801].name = "pt_write",
+ [3801].param3 = 1,
++ [38052].file = "kernel/kexec.c",
++ [38052].name = "kimage_normal_alloc",
++ [38052].param3 = 1,
+ [38057].file = "fs/coda/psdev.c",
+ [38057].name = "coda_psdev_write",
+ [38057].param3 = 1,
+ [38186].file = "kernel/signal.c",
+ [38186].name = "do_sigpending",
+ [38186].param2 = 1,
-+ [38401].file = "drivers/xen/xenfs/xenbus.c",
++ [38314].file = "fs/nfs/read.c",
++ [38314].name = "nfs_readdata_alloc",
++ [38314].param1 = 1,
++ [38401].file = "drivers/xen/xenbus/xenbus_dev_frontend.c",
+ [38401].name = "queue_reply",
+ [38401].param3 = 1,
+ [3841].file = "drivers/platform/x86/asus_acpi.c",
+ [38532].file = "fs/afs/cell.c",
+ [38532].name = "afs_cell_lookup",
+ [38532].param2 = 1,
++ [38564].file = "fs/nfs/nfs4proc.c",
++ [38564].name = "nfs4_realloc_slot_table",
++ [38564].param2 = 1,
+ [38576].file = "drivers/i2c/i2c-dev.c",
+ [38576].name = "i2cdev_read",
+ [38576].param3 = 1,
++ [38704].file = "drivers/media/video/uvc/uvc_driver.c",
++ [38704].name = "uvc_alloc_entity",
++ [38704].param3 = 1,
++ [38704].param4 = 1,
+ [38747].file = "fs/xattr.c",
+ [38747].name = "sys_lgetxattr",
+ [38747].param4 = 1,
++ [38867].file = "drivers/scsi/scsi_transport_fc.c",
++ [38867].name = "fc_host_post_vendor_event",
++ [38867].param3 = 1,
++ [38931].file = "drivers/isdn/hardware/eicon/capimain.c",
++ [38931].name = "diva_os_alloc_message_buffer",
++ [38931].param1 = 1,
+ [38972].file = "security/smack/smackfs.c",
+ [38972].name = "smk_write_logging",
+ [38972].param3 = 1,
+ [39001].file = "net/xfrm/xfrm_hash.c",
+ [39001].name = "xfrm_hash_alloc",
+ [39001].param1 = 1,
-+ [39044].file = "lib/kstrtox.c",
-+ [39044].name = "kstrtos16_from_user",
-+ [39044].param2 = 1,
+ [39052].file = "drivers/input/evdev.c",
+ [39052].name = "evdev_ioctl",
+ [39052].param2 = 1,
-+ [39154].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [39154].name = "iwl_dbgfs_clear_ucode_statistics_write",
-+ [39154].param3 = 1,
-+ [39155].file = "drivers/xen/grant-table.c",
-+ [39155].name = "get_free_entries",
-+ [39155].param1 = 1,
++ [39066].file = "drivers/media/dvb/frontends/tda10048.c",
++ [39066].name = "tda10048_writeregbulk",
++ [39066].param4 = 1,
++ [39118].file = "drivers/misc/iwmc3200top/log.c",
++ [39118].name = "store_iwmct_log_level_fw",
++ [39118].param4 = 1,
+ [39254].file = "drivers/char/pcmcia/cm4000_cs.c",
+ [39254].name = "cmm_write",
+ [39254].param3 = 1,
++ [39392].file = "drivers/atm/solos-pci.c",
++ [39392].name = "send_command",
++ [39392].param4 = 1,
+ [39415].file = "fs/pstore/inode.c",
+ [39415].name = "pstore_mkfile",
+ [39415].param5 = 1,
+ [39417].file = "drivers/block/DAC960.c",
+ [39417].name = "dac960_user_command_proc_write",
+ [39417].param3 = 1,
++ [39460].file = "fs/btrfs/volumes.c",
++ [39460].name = "btrfs_map_block",
++ [39460].param3 = 1,
+ [39479].file = "drivers/ide/ide-tape.c",
+ [39479].name = "idetape_chrdev_read",
+ [39479].param3 = 1,
-+ [39573].file = "drivers/hid/hid-picolcd.c",
-+ [39573].name = "picolcd_debug_reset_write",
-+ [39573].param3 = 1,
-+ [39583].file = "drivers/net/ethernet/broadcom/cnic.c",
-+ [39583].name = "cnic_init_id_tbl",
-+ [39583].param2 = 1,
-+ [39606].file = "drivers/bluetooth/hci_vhci.c",
-+ [39606].name = "vhci_write",
-+ [39606].param3 = 1,
++ [39586].file = "drivers/hv/channel.c",
++ [39586].name = "create_gpadl_header",
++ [39586].param2 = 1,
+ [39638].file = "security/selinux/selinuxfs.c",
+ [39638].name = "sel_write_avc_cache_threshold",
+ [39638].param3 = 1,
+ [39645].file = "drivers/media/dvb/dvb-core/dvbdev.c",
+ [39645].name = "dvb_generic_ioctl",
+ [39645].param2 = 1,
-+ [39741].file = "drivers/video/via/viafbdev.c",
-+ [39741].name = "viafb_iga2_odev_proc_write",
-+ [39741].param3 = 1,
++ [39770].file = "include/linux/mISDNif.h",
++ [39770].name = "mI_alloc_skb",
++ [39770].param1 = 1,
++ [39813].file = "fs/ocfs2/stack_user.c",
++ [39813].name = "ocfs2_control_message",
++ [39813].param3 = 1,
+ [39888].file = "net/core/skbuff.c",
+ [39888].name = "__alloc_skb",
+ [39888].param1 = 1,
++ [39980].file = "net/bluetooth/mgmt.c",
++ [39980].name = "pair_device",
++ [39980].param4 = 1,
+ [40043].file = "drivers/media/video/v4l2-ioctl.c",
+ [40043].name = "video_ioctl2",
+ [40043].param2 = 1,
+ [40302].file = "sound/isa/gus/gus_dram.c",
+ [40302].name = "snd_gus_dram_poke",
+ [40302].param4 = 1,
++ [40339].file = "drivers/acpi/apei/hest.c",
++ [40339].name = "hest_ghes_dev_register",
++ [40339].param1 = 1,
+ [40355].file = "drivers/staging/mei/main.c",
+ [40355].name = "mei_write",
+ [40355].param3 = 1,
+ [40373].file = "fs/cifs/cifs_spnego.c",
+ [40373].name = "cifs_spnego_key_instantiate",
+ [40373].param3 = 1,
-+ [40412].file = "fs/namei.c",
-+ [40412].name = "user_path_at",
-+ [40412].param2 = 1,
-+ [40578].file = "sound/soc/soc-core.c",
-+ [40578].name = "codec_reg_write_file",
-+ [40578].param3 = 1,
-+ [40678].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c",
-+ [40678].name = "iwl_legacy_dbgfs_traffic_log_write",
-+ [40678].param3 = 1,
-+ [40713].file = "net/mac80211/debugfs.c",
-+ [40713].name = "noack_write",
-+ [40713].param3 = 1,
++ [40519].file = "net/sctp/socket.c",
++ [40519].name = "sctp_setsockopt_events",
++ [40519].param3 = 1,
++ [40694].file = "mm/page_cgroup.c",
++ [40694].name = "alloc_page_cgroup",
++ [40694].param1 = 1,
++ [40731].file = "drivers/tty/tty_io.c",
++ [40731].name = "do_tty_write",
++ [40731].param5 = 1,
+ [40754].file = "fs/btrfs/delayed-inode.c",
+ [40754].name = "btrfs_alloc_delayed_item",
+ [40754].param1 = 1,
+ [40901].file = "drivers/block/drbd/drbd_bitmap.c",
+ [40901].name = "drbd_bm_resize",
+ [40901].param2 = 1,
++ [40951].file = "drivers/xen/evtchn.c",
++ [40951].name = "evtchn_read",
++ [40951].param3 = 1,
+ [40952].file = "drivers/misc/sgi-xp/xpc_partition.c",
+ [40952].name = "xpc_kmalloc_cacheline_aligned",
+ [40952].param1 = 1,
+ [41000].file = "sound/core/pcm_native.c",
+ [41000].name = "snd_pcm_aio_read",
+ [41000].param3 = 1,
-+ [41003].file = "fs/namei.c",
-+ [41003].name = "user_path_parent",
-+ [41003].param2 = 1,
+ [41005].file = "net/bridge/netfilter/ebtables.c",
+ [41005].name = "copy_counters_to_user",
+ [41005].param5 = 1,
-+ [41090].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c",
-+ [41090].name = "iwl_legacy_dbgfs_sram_write",
-+ [41090].param3 = 1,
++ [41041].file = "net/core/sock.c",
++ [41041].name = "sock_wmalloc",
++ [41041].param2 = 1,
+ [41122].file = "fs/binfmt_misc.c",
+ [41122].name = "bm_status_write",
+ [41122].param3 = 1,
-+ [41230].file = "drivers/usb/storage/datafab.c",
-+ [41230].name = "datafab_read_data",
-+ [41230].param4 = 1,
++ [41176].file = "kernel/trace/trace_events.c",
++ [41176].name = "subsystem_filter_write",
++ [41176].param3 = 1,
+ [41249].file = "drivers/media/video/zr364xx.c",
+ [41249].name = "send_control_msg",
+ [41249].param6 = 1,
++ [41287].file = "drivers/net/ethernet/neterion/vxge/vxge-config.c",
++ [41287].name = "vxge_os_dma_malloc_async",
++ [41287].param3 = 1,
+ [41302].file = "net/dns_resolver/dns_query.c",
+ [41302].name = "dns_query",
+ [41302].param3 = 1,
-+ [41418].file = "fs/libfs.c",
-+ [41418].name = "simple_attr_write",
-+ [41418].param3 = 1,
++ [41408].file = "mm/filemap_xip.c",
++ [41408].name = "__xip_file_write",
++ [41408].param3 = 1,
++ [41547].file = "net/bluetooth/smp.c",
++ [41547].name = "smp_build_cmd",
++ [41547].param3 = 1,
+ [4155].file = "kernel/kexec.c",
+ [4155].name = "do_kimage_alloc",
+ [4155].param3 = 1,
-+ [41592].file = "net/sctp/ssnmap.c",
-+ [41592].name = "sctp_ssnmap_new",
-+ [41592].param1 = 1,
-+ [41592].param2 = 1,
-+ [41616].file = "net/core/filter.c",
-+ [41616].name = "sk_chk_filter",
-+ [41616].param2 = 1,
+ [41676].file = "fs/compat.c",
+ [41676].name = "compat_sys_preadv",
+ [41676].param3 = 1,
-+ [41727].file = "drivers/media/video/meye.c",
-+ [41727].name = "rvmalloc",
-+ [41727].param1 = 1,
-+ [41884].file = "sound/core/oss/pcm_plugin.c",
-+ [41884].name = "snd_pcm_plug_alloc",
-+ [41884].param2 = 1,
++ [4167].file = "drivers/media/dvb/frontends/cx24116.c",
++ [4167].name = "cx24116_writeregN",
++ [4167].param4 = 1,
++ [41793].file = "drivers/net/wireless/ath/ath6kl/wmi.c",
++ [41793].name = "ath6kl_wmi_send_mgmt_cmd",
++ [41793].param7 = 1,
+ [41924].file = "security/keys/keyctl.c",
+ [41924].name = "keyctl_get_security",
+ [41924].param3 = 1,
++ [41968].file = "fs/btrfs/volumes.c",
++ [41968].name = "__btrfs_map_block",
++ [41968].param3 = 1,
+ [4202].file = "drivers/edac/edac_mc.c",
+ [4202].name = "edac_mc_alloc",
+ [4202].param1 = 1,
++ [42081].file = "net/econet/af_econet.c",
++ [42081].name = "aun_incoming",
++ [42081].param3 = 1,
+ [42143].file = "drivers/media/video/c-qcam.c",
+ [42143].name = "qcam_read",
+ [42143].param3 = 1,
+ [42270].file = "net/wireless/scan.c",
+ [42270].name = "cfg80211_inform_bss_frame",
+ [42270].param4 = 1,
-+ [4233].file = "fs/select.c",
-+ [4233].name = "sys_poll",
-+ [4233].param2 = 1,
-+ [42378].file = "drivers/net/wireless/ath/ath6kl/debug.c",
-+ [42378].name = "ath6kl_regread_write",
-+ [42378].param3 = 1,
++ [42281].file = "include/linux/mISDNif.h",
++ [42281].name = "_queue_data",
++ [42281].param4 = 1,
+ [42420].file = "drivers/net/wireless/hostap/hostap_ioctl.c",
+ [42420].name = "prism2_set_genericelement",
+ [42420].param3 = 1,
-+ [42466].file = "drivers/scsi/lpfc/lpfc_debugfs.c",
-+ [42466].name = "lpfc_idiag_cmd_get",
-+ [42466].param2 = 1,
+ [42472].file = "fs/compat.c",
+ [42472].name = "compat_readv",
+ [42472].param3 = 1,
-+ [42483].file = "drivers/media/video/videobuf-dma-sg.c",
-+ [42483].name = "videobuf_dma_init_user_locked",
-+ [42483].param3 = 1,
-+ [42483].param4 = 1,
++ [42473].file = "net/tipc/name_table.c",
++ [42473].name = "tipc_subseq_alloc",
++ [42473].param1 = 1,
+ [42562].file = "kernel/kfifo.c",
+ [42562].name = "__kfifo_to_user_r",
+ [42562].param3 = 1,
+ [42666].file = "drivers/pcmcia/cistpl.c",
+ [42666].name = "read_cis_cache",
+ [42666].param4 = 1,
++ [42714].file = "drivers/scsi/scsi_tgt_lib.c",
++ [42714].name = "scsi_tgt_copy_sense",
++ [42714].param3 = 1,
++ [42833].file = "kernel/trace/blktrace.c",
++ [42833].name = "blk_msg_write",
++ [42833].param3 = 1,
++ [42857].file = "security/selinux/selinuxfs.c",
++ [42857].name = "sel_write_member",
++ [42857].param3 = 1,
+ [42882].file = "security/keys/user_defined.c",
+ [42882].name = "user_instantiate",
+ [42882].param3 = 1,
-+ [42964].file = "drivers/video/fb_sys_fops.c",
-+ [42964].name = "fb_sys_read",
-+ [42964].param3 = 1,
++ [42930].file = "net/caif/cfpkt_skbuff.c",
++ [42930].name = "cfpkt_create_pfx",
++ [42930].param1 = 1,
++ [42930].param2 = 1,
+ [43023].file = "drivers/usb/misc/usblcd.c",
+ [43023].name = "lcd_write",
+ [43023].param3 = 1,
++ [43104].file = "drivers/mtd/devices/mtd_dataflash.c",
++ [43104].name = "dataflash_read_user_otp",
++ [43104].param3 = 1,
++ [43133].file = "lib/mpi/mpiutil.c",
++ [43133].name = "mpi_resize",
++ [43133].param2 = 1,
+ [4324].file = "drivers/video/fbmem.c",
+ [4324].name = "fb_read",
+ [4324].param3 = 1,
++ [43266].file = "fs/afs/cell.c",
++ [43266].name = "afs_cell_alloc",
++ [43266].param2 = 1,
++ [4328].file = "drivers/usb/musb/musb_debugfs.c",
++ [4328].name = "musb_test_mode_write",
++ [4328].param3 = 1,
+ [43380].file = "drivers/scsi/bfa/bfad_debugfs.c",
+ [43380].name = "bfad_debugfs_write_regrd",
+ [43380].param3 = 1,
-+ [43393].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [43393].name = "iwl_dbgfs_sram_write",
-+ [43393].param3 = 1,
-+ [4344].file = "fs/namei.c",
-+ [4344].name = "sys_mkdirat",
-+ [4344].param2 = 1,
+ [43510].file = "kernel/kexec.c",
+ [43510].name = "compat_sys_kexec_load",
+ [43510].param2 = 1,
-+ [43515].file = "drivers/usb/storage/jumpshot.c",
-+ [43515].name = "jumpshot_read_data",
-+ [43515].param4 = 1,
+ [43540].file = "include/rdma/ib_verbs.h",
+ [43540].name = "ib_copy_to_udata",
+ [43540].param3 = 1,
+ [43632].file = "drivers/media/video/videobuf2-core.c",
+ [43632].name = "vb2_read",
+ [43632].param3 = 1,
++ [43659].file = "drivers/firmware/efivars.c",
++ [43659].name = "efivar_create_sysfs_entry",
++ [43659].param2 = 1,
+ [43731].file = "drivers/hid/hid-picolcd.c",
+ [43731].name = "picolcd_debug_eeprom_read",
+ [43731].param3 = 1,
+ [43777].file = "drivers/acpi/acpica/utobject.c",
+ [43777].name = "acpi_ut_create_buffer_object",
+ [43777].param1 = 1,
++ [43798].file = "net/bluetooth/mgmt.c",
++ [43798].name = "set_local_name",
++ [43798].param4 = 1,
++ [4380].file = "drivers/mtd/devices/mtd_dataflash.c",
++ [4380].name = "dataflash_read_fact_otp",
++ [4380].param3 = 1,
+ [43834].file = "security/apparmor/apparmorfs.c",
+ [43834].name = "profile_replace",
+ [43834].param3 = 1,
++ [43895].file = "drivers/media/dvb/ddbridge/ddbridge-core.c",
++ [43895].name = "ddb_output_write",
++ [43895].param3 = 1,
+ [43899].file = "drivers/media/rc/imon.c",
+ [43899].name = "vfd_write",
+ [43899].param3 = 1,
-+ [43982].file = "drivers/platform/x86/toshiba_acpi.c",
-+ [43982].name = "keys_proc_write",
-+ [43982].param3 = 1,
-+ [44039].file = "drivers/video/via/viafbdev.c",
-+ [44039].name = "odev_update",
-+ [44039].param2 = 1,
++ [43900].file = "drivers/scsi/cxgbi/libcxgbi.c",
++ [43900].name = "cxgbi_device_portmap_create",
++ [43900].param3 = 1,
++ [43922].file = "drivers/mmc/card/mmc_test.c",
++ [43922].name = "mmc_test_alloc_mem",
++ [43922].param3 = 1,
++ [43946].file = "drivers/net/wireless/ath/ath6kl/txrx.c",
++ [43946].name = "aggr_recv_addba_req_evt",
++ [43946].param4 = 1,
++ [44006].file = "mm/process_vm_access.c",
++ [44006].name = "process_vm_rw_pages",
++ [44006].param5 = 1,
++ [44006].param6 = 1,
+ [44050].file = "fs/nfs/idmap.c",
+ [44050].name = "nfs_map_group_to_gid",
+ [44050].param3 = 1,
+ [44125].file = "fs/ext4/super.c",
+ [44125].name = "ext4_kvmalloc",
+ [44125].param1 = 1,
-+ [44180].file = "drivers/video/via/viafbdev.c",
-+ [44180].name = "viafb_vt1636_proc_write",
-+ [44180].param3 = 1,
++ [44266].file = "kernel/cgroup.c",
++ [44266].name = "cgroup_write_string",
++ [44266].param5 = 1,
+ [44290].file = "drivers/net/usb/dm9601.c",
+ [44290].name = "dm_read",
+ [44290].param3 = 1,
-+ [44298].file = "drivers/scsi/pmcraid.c",
-+ [44298].name = "pmcraid_copy_sglist",
-+ [44298].param3 = 1,
-+ [44365].file = "fs/namei.c",
-+ [44365].name = "do_rmdir",
-+ [44365].param2 = 1,
-+ [44640].file = "fs/select.c",
-+ [44640].name = "sys_ppoll",
-+ [44640].param2 = 1,
-+ [44649].file = "mm/page_cgroup.c",
-+ [44649].name = "swap_cgroup_swapon",
-+ [44649].param2 = 1,
-+ [44656].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c",
-+ [44656].name = "iwl_legacy_dbgfs_wd_timeout_write",
-+ [44656].param3 = 1,
++ [44308].file = "crypto/af_alg.c",
++ [44308].name = "alg_setkey",
++ [44308].param3 = 1,
++ [44510].file = "drivers/net/ethernet/broadcom/bnx2.c",
++ [44510].name = "bnx2_nvram_write",
++ [44510].param2 = 1,
++ [44625].file = "net/bluetooth/mgmt.c",
++ [44625].name = "set_connectable",
++ [44625].param4 = 1,
++ [44642].file = "drivers/net/wireless/iwmc3200wifi/commands.c",
++ [44642].name = "iwm_umac_set_config_var",
++ [44642].param4 = 1,
++ [44698].file = "net/sctp/socket.c",
++ [44698].name = "sctp_setsockopt_context",
++ [44698].param3 = 1,
+ [4471].file = "fs/ntfs/malloc.h",
+ [4471].name = "__ntfs_malloc",
+ [4471].param1 = 1,
+ [44825].file = "drivers/scsi/osd/osd_initiator.c",
+ [44825].name = "_osd_realloc_seg",
+ [44825].param3 = 1,
++ [44852].file = "net/sctp/socket.c",
++ [44852].name = "sctp_setsockopt_rtoinfo",
++ [44852].param3 = 1,
++ [44936].file = "drivers/md/dm-raid.c",
++ [44936].name = "context_alloc",
++ [44936].param3 = 1,
+ [44943].file = "mm/util.c",
+ [44943].name = "kmemdup",
+ [44943].param2 = 1,
++ [44946].file = "net/sctp/socket.c",
++ [44946].name = "sctp_setsockopt_auth_chunk",
++ [44946].param3 = 1,
+ [44990].file = "drivers/media/video/pvrusb2/pvrusb2-ioread.c",
+ [44990].name = "pvr2_ioread_set_sync_key",
+ [44990].param3 = 1,
+ [45000].file = "fs/afs/proc.c",
+ [45000].name = "afs_proc_rootcell_write",
+ [45000].param3 = 1,
-+ [45119].file = "drivers/usb/misc/yurex.c",
-+ [45119].name = "yurex_write",
-+ [45119].param3 = 1,
-+ [45169].file = "drivers/video/metronomefb.c",
-+ [45169].name = "metronomefb_write",
-+ [45169].param3 = 1,
++ [45117].file = "drivers/staging/winbond/wb35reg.c",
++ [45117].name = "Wb35Reg_BurstWrite",
++ [45117].param4 = 1,
+ [45200].file = "drivers/scsi/scsi_proc.c",
+ [45200].name = "proc_scsi_write_proc",
+ [45200].param3 = 1,
+ [45217].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
+ [45217].name = "iwl_dbgfs_debug_level_write",
+ [45217].param3 = 1,
-+ [45231].file = "fs/ecryptfs/crypto.c",
-+ [45231].name = "ecryptfs_copy_filename",
-+ [45231].param4 = 1,
+ [45233].file = "net/rds/info.c",
+ [45233].name = "rds_info_getsockopt",
+ [45233].param3 = 1,
-+ [45244].file = "drivers/mfd/ab3100-core.c",
-+ [45244].name = "ab3100_get_set_reg",
-+ [45244].param3 = 1,
-+ [45264].file = "drivers/net/wireless/ath/ath5k/debug.c",
-+ [45264].name = "write_file_ani",
-+ [45264].param3 = 1,
+ [45326].file = "drivers/mtd/ubi/cdev.c",
+ [45326].name = "vol_cdev_read",
+ [45326].param3 = 1,
+ [45335].file = "fs/read_write.c",
+ [45335].name = "vfs_writev",
+ [45335].param3 = 1,
-+ [45421].file = "drivers/message/fusion/mptctl.c",
-+ [45421].name = "mptctl_do_mpt_command",
-+ [45421].param3 = 1,
++ [45366].file = "drivers/net/ethernet/chelsio/cxgb3/cxgb3_offload.c",
++ [45366].name = "init_tid_tabs",
++ [45366].param2 = 1,
++ [45366].param3 = 1,
++ [45366].param4 = 1,
+ [45534].file = "drivers/net/wireless/ath/carl9170/cmd.c",
+ [45534].name = "carl9170_cmd_buf",
+ [45534].param3 = 1,
+ [45576].file = "net/netfilter/xt_recent.c",
+ [45576].name = "recent_mt_proc_write",
+ [45576].param3 = 1,
++ [45583].file = "fs/gfs2/dir.c",
++ [45583].name = "leaf_dealloc",
++ [45583].param3 = 1,
+ [45586].file = "drivers/net/wireless/rt2x00/rt2x00debug.c",
+ [45586].name = "rt2x00debug_write_bbp",
+ [45586].param3 = 1,
+ [45633].file = "drivers/input/evdev.c",
+ [45633].name = "evdev_do_ioctl",
+ [45633].param2 = 1,
-+ [45740].file = "drivers/net/wireless/ath/ath6kl/debug.c",
-+ [45740].name = "ath6kl_lrssi_roam_write",
-+ [45740].param3 = 1,
-+ [45747].file = "net/netlink/af_netlink.c",
-+ [45747].name = "__netlink_change_ngroups",
-+ [45747].param2 = 1,
++ [45743].file = "drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c",
++ [45743].name = "qlcnic_alloc_msix_entries",
++ [45743].param2 = 1,
++ [45864].file = "drivers/atm/ambassador.c",
++ [45864].name = "create_queues",
++ [45864].param2 = 1,
++ [45864].param3 = 1,
+ [45930].file = "security/apparmor/apparmorfs.c",
+ [45930].name = "profile_remove",
+ [45930].param3 = 1,
+ [45954].file = "drivers/usb/misc/legousbtower.c",
+ [45954].name = "tower_write",
+ [45954].param3 = 1,
-+ [45995].file = "fs/namei.c",
-+ [45995].name = "sys_mknodat",
-+ [45995].param2 = 1,
-+ [46072].file = "drivers/video/arcfb.c",
-+ [46072].name = "arcfb_write",
-+ [46072].param3 = 1,
+ [46140].file = "sound/core/memalloc.c",
+ [46140].name = "snd_mem_proc_write",
+ [46140].param3 = 1,
-+ [4614].file = "sound/core/pcm_lib.c",
-+ [4614].name = "snd_pcm_lib_write_transfer",
-+ [4614].param5 = 1,
+ [4616].file = "net/sunrpc/cache.c",
+ [4616].name = "cache_do_downcall",
+ [4616].param3 = 1,
+ [46343].file = "fs/compat.c",
+ [46343].name = "compat_do_readv_writev",
+ [46343].param4 = 1,
++ [46400].file = "drivers/staging/sep/sep_driver.c",
++ [46400].name = "sep_prepare_input_output_dma_table",
++ [46400].param2 = 1,
++ [46400].param3 = 1,
++ [46400].param4 = 1,
+ [4644].file = "drivers/net/usb/mcs7830.c",
+ [4644].name = "mcs7830_get_reg",
+ [4644].param3 = 1,
+ [46685].file = "drivers/gpu/drm/ttm/ttm_bo_vm.c",
+ [46685].name = "ttm_bo_fbdev_io",
+ [46685].param4 = 1,
-+ [46752].file = "drivers/staging/pohmelfs/dir.c",
-+ [46752].name = "pohmelfs_name_alloc",
-+ [46752].param1 = 1,
++ [46742].file = "drivers/scsi/st.c",
++ [46742].name = "sgl_map_user_pages",
++ [46742].param2 = 1,
+ [46881].file = "drivers/char/lp.c",
+ [46881].name = "lp_write",
+ [46881].param3 = 1,
+ [47265].name = "bnx2fc_cmd_mgr_alloc",
+ [47265].param2 = 1,
+ [47265].param3 = 1,
++ [47309].file = "drivers/scsi/aic94xx/aic94xx_init.c",
++ [47309].name = "asd_store_update_bios",
++ [47309].param4 = 1,
+ [47342].file = "fs/proc/base.c",
+ [47342].name = "sched_autogroup_write",
+ [47342].param3 = 1,
+ [47385].file = "drivers/net/wireless/zd1211rw/zd_usb.c",
+ [47385].name = "zd_usb_iowrite16v",
+ [47385].param3 = 1,
++ [4738].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c",
++ [4738].name = "ath6kl_set_ap_probe_resp_ies",
++ [4738].param3 = 1,
++ [47393].file = "drivers/net/wireless/ath/main.c",
++ [47393].name = "ath_rxbuf_alloc",
++ [47393].param2 = 1,
+ [47463].file = "fs/xfs/kmem.c",
+ [47463].name = "kmem_zalloc",
+ [47463].param1 = 1,
++ [47474].file = "kernel/trace/trace.c",
++ [47474].name = "tracing_buffers_read",
++ [47474].param3 = 1,
+ [47636].file = "drivers/usb/class/usblp.c",
+ [47636].name = "usblp_ioctl",
+ [47636].param2 = 1,
+ [47637].file = "drivers/block/cciss.c",
+ [47637].name = "cciss_proc_write",
+ [47637].param3 = 1,
-+ [47652].file = "lib/kstrtox.c",
-+ [47652].name = "kstrtoll_from_user",
-+ [47652].param2 = 1,
++ [47712].file = "net/sctp/socket.c",
++ [47712].name = "sctp_setsockopt_maxburst",
++ [47712].param3 = 1,
++ [47728].file = "drivers/char/agp/isoch.c",
++ [47728].name = "agp_3_5_isochronous_node_enable",
++ [47728].param3 = 1,
++ [4779].file = "fs/pipe.c",
++ [4779].name = "pipe_set_size",
++ [4779].param2 = 1,
+ [47881].file = "security/selinux/selinuxfs.c",
+ [47881].name = "sel_write_disable",
+ [47881].param3 = 1,
-+ [48010].file = "drivers/net/wireless/ath/ath9k/debug.c",
-+ [48010].name = "write_file_rx_chainmask",
-+ [48010].param3 = 1,
++ [48111].file = "net/wireless/sme.c",
++ [48111].name = "cfg80211_roamed_bss",
++ [48111].param4 = 1,
++ [48111].param6 = 1,
++ [48124].file = "drivers/net/wireless/iwmc3200wifi/main.c",
++ [48124].name = "iwm_notif_send",
++ [48124].param6 = 1,
+ [48155].file = "net/sctp/sm_make_chunk.c",
+ [48155].name = "sctp_make_abort_user",
+ [48155].param3 = 1,
+ [48182].file = "crypto/cryptd.c",
+ [48182].name = "cryptd_alloc_instance",
+ [48182].param2 = 1,
++ [48182].param3 = 1,
+ [48248].file = "security/keys/keyctl.c",
+ [48248].name = "keyctl_instantiate_key",
+ [48248].param3 = 1,
-+ [48461].file = "drivers/gpu/drm/drm_memory.c",
-+ [48461].name = "agp_remap",
-+ [48461].param2 = 1,
++ [4829].file = "drivers/block/floppy.c",
++ [4829].name = "fd_copyout",
++ [4829].param3 = 1,
++ [48632].file = "net/bluetooth/l2cap_core.c",
++ [48632].name = "l2cap_build_cmd",
++ [48632].param4 = 1,
+ [48642].file = "fs/hugetlbfs/inode.c",
+ [48642].name = "hugetlbfs_read",
+ [48642].param3 = 1,
+ [48768].file = "net/irda/irnet/irnet_ppp.c",
+ [48768].name = "dev_irnet_write",
+ [48768].param3 = 1,
++ [48818].file = "net/sunrpc/svc.c",
++ [48818].name = "svc_pool_map_alloc_arrays",
++ [48818].param2 = 1,
+ [48856].file = "drivers/acpi/acpica/utalloc.c",
+ [48856].name = "acpi_ut_initialize_buffer",
+ [48856].param2 = 1,
-+ [48941].file = "drivers/gpu/drm/nouveau/nouveau_vm.c",
-+ [48941].name = "nouveau_vm_new",
-+ [48941].param2 = 1,
-+ [48941].param3 = 1,
++ [48862].file = "net/sctp/socket.c",
++ [48862].name = "sctp_setsockopt_adaptation_layer",
++ [48862].param3 = 1,
+ [49126].file = "lib/prio_heap.c",
+ [49126].name = "heap_init",
+ [49126].param2 = 1,
+ [49216].file = "fs/read_write.c",
+ [49216].name = "do_readv_writev",
+ [49216].param4 = 1,
-+ [49354].file = "drivers/media/video/cx18/cx18-fileops.c",
-+ [49354].name = "cx18_v4l2_read",
-+ [49354].param3 = 1,
++ [49426].file = "net/bluetooth/l2cap_sock.c",
++ [49426].name = "l2cap_sock_setsockopt_old",
++ [49426].param4 = 1,
+ [49448].file = "drivers/isdn/gigaset/common.c",
+ [49448].name = "gigaset_initdriver",
+ [49448].param2 = 1,
+ [49494].file = "drivers/virtio/virtio_ring.c",
+ [49494].name = "vring_new_virtqueue",
+ [49494].param1 = 1,
-+ [49507].file = "fs/namei.c",
-+ [49507].name = "sys_symlink",
-+ [49507].param1 = 1,
++ [49499].file = "drivers/block/nvme.c",
++ [49499].name = "nvme_alloc_iod",
++ [49499].param1 = 1,
++ [49510].file = "net/sctp/socket.c",
++ [49510].name = "sctp_setsockopt_autoclose",
++ [49510].param3 = 1,
++ [4958].file = "drivers/net/wireless/p54/fwio.c",
++ [4958].name = "p54_alloc_skb",
++ [4958].param3 = 1,
+ [49604].file = "crypto/af_alg.c",
+ [49604].name = "alg_setsockopt",
+ [49604].param5 = 1,
+ [49646].name = "vc_resize",
+ [49646].param2 = 1,
+ [49646].param3 = 1,
++ [49658].file = "drivers/net/wireless/brcm80211/brcmsmac/dma.c",
++ [49658].name = "dma_attach",
++ [49658].param6 = 1,
++ [49658].param7 = 1,
+ [49663].file = "drivers/media/video/uvc/uvc_driver.c",
+ [49663].name = "uvc_simplify_fraction",
+ [49663].param3 = 1,
-+ [49718].file = "drivers/hid/hid-roccat-common.c",
-+ [49718].name = "roccat_common_send",
-+ [49718].param4 = 1,
-+ [4972].file = "drivers/video/fb_sys_fops.c",
-+ [4972].name = "fb_sys_write",
-+ [4972].param3 = 1,
+ [49746].file = "net/ipv4/netfilter/arp_tables.c",
+ [49746].name = "compat_do_arpt_set_ctl",
+ [49746].param4 = 1,
+ [49780].file = "net/mac80211/key.c",
+ [49780].name = "ieee80211_key_alloc",
+ [49780].param3 = 1,
++ [49805].file = "drivers/pci/pci.c",
++ [49805].name = "pci_add_cap_save_buffer",
++ [49805].param3 = 1,
+ [49845].file = "mm/vmalloc.c",
+ [49845].name = "__vmalloc_node",
+ [49845].param1 = 1,
++ [49929].file = "drivers/mtd/ubi/cdev.c",
++ [49929].name = "vol_cdev_direct_write",
++ [49929].param3 = 1,
+ [49935].file = "fs/xfs/kmem.c",
+ [49935].name = "kmem_zalloc_greedy",
+ [49935].param2 = 1,
+ [49935].param3 = 1,
-+ [50001].file = "sound/pci/ctxfi/ctresource.c",
-+ [50001].name = "rsc_mgr_init",
-+ [50001].param3 = 1,
-+ [50022].file = "drivers/usb/storage/shuttle_usbat.c",
-+ [50022].name = "usbat_flash_read_data",
-+ [50022].param4 = 1,
-+ [50096].file = "drivers/net/wireless/libertas/debugfs.c",
-+ [50096].name = "lbs_rdbbp_write",
-+ [50096].param3 = 1,
-+ [50102].file = "drivers/telephony/ixj.c",
-+ [50102].name = "ixj_write",
-+ [50102].param3 = 1,
-+ [50238].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c",
-+ [50238].name = "iwl_legacy_dbgfs_clear_ucode_statistics_write",
-+ [50238].param3 = 1,
-+ [50267].file = "drivers/net/wireless/rt2x00/rt2x00debug.c",
-+ [50267].name = "rt2x00debug_read_crypto_stats",
-+ [50267].param3 = 1,
-+ [50398].file = "fs/proc/base.c",
-+ [50398].name = "mem_write",
-+ [50398].param3 = 1,
++ [49].file = "net/atm/svc.c",
++ [49].name = "svc_setsockopt",
++ [49].param5 = 1,
+ [50518].file = "drivers/gpu/drm/nouveau/nouveau_gem.c",
+ [50518].name = "u_memcpya",
+ [50518].param2 = 1,
+ [50562].file = "drivers/media/video/zoran/zoran_procfs.c",
+ [50562].name = "zoran_write",
+ [50562].param3 = 1,
-+ [50653].file = "net/sunrpc/cache.c",
-+ [50653].name = "cache_write_procfs",
-+ [50653].param3 = 1,
++ [50617].file = "fs/hugetlbfs/inode.c",
++ [50617].name = "hugetlbfs_read_actor",
++ [50617].param2 = 1,
++ [50617].param4 = 1,
++ [50617].param5 = 1,
+ [50692].file = "lib/ts_bm.c",
+ [50692].name = "bm_init",
+ [50692].param2 = 1,
+ [5102].name = "usbtest_alloc_urb",
+ [5102].param3 = 1,
+ [5102].param5 = 1,
-+ [51052].file = "drivers/base/firmware_class.c",
-+ [51052].name = "firmware_data_write",
-+ [51052].param6 = 1,
++ [51061].file = "net/bluetooth/mgmt.c",
++ [51061].name = "pin_code_reply",
++ [51061].param4 = 1,
++ [51139].file = "fs/pipe.c",
++ [51139].name = "pipe_iov_copy_to_user",
++ [51139].param3 = 1,
+ [51177].file = "net/sunrpc/xprtrdma/transport.c",
+ [51177].name = "xprt_rdma_allocate",
+ [51177].param2 = 1,
+ [51253].file = "drivers/net/wireless/rt2x00/rt2x00debug.c",
+ [51253].name = "rt2x00debug_write_eeprom",
+ [51253].param3 = 1,
-+ [51284].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c",
-+ [51284].name = "iwl_legacy_dbgfs_interrupt_write",
-+ [51284].param3 = 1,
+ [51323].file = "sound/pci/ac97/ac97_pcm.c",
+ [51323].name = "snd_ac97_pcm_assign",
+ [51323].param2 = 1,
+ [51340].file = "drivers/usb/class/usblp.c",
+ [51340].name = "usblp_write",
+ [51340].param3 = 1,
-+ [51471].file = "drivers/block/floppy.c",
-+ [51471].name = "fd_locked_ioctl",
-+ [51471].param3 = 1,
++ [51499].file = "net/802/garp.c",
++ [51499].name = "garp_attr_create",
++ [51499].param3 = 1,
++ [51842].file = "drivers/hid/hid-core.c",
++ [51842].name = "hid_register_field",
++ [51842].param2 = 1,
++ [51842].param3 = 1,
+ [5197].file = "net/core/dev.c",
+ [5197].name = "dev_set_alias",
+ [5197].param3 = 1,
-+ [51998].file = "drivers/net/macvtap.c",
-+ [51998].name = "macvtap_get_user",
-+ [51998].param4 = 1,
+ [5204].file = "drivers/media/video/usbvision/usbvision-video.c",
+ [5204].name = "usbvision_v4l2_read",
+ [5204].param3 = 1,
++ [5206].file = "drivers/media/dvb/ttpci/av7110_v4l.c",
++ [5206].name = "av7110_vbi_write",
++ [5206].param3 = 1,
+ [52086].file = "drivers/usb/image/mdc800.c",
+ [52086].name = "mdc800_device_read",
+ [52086].param3 = 1,
++ [52099].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c",
++ [52099].name = "do_surface_dirty_sou",
++ [52099].param7 = 1,
+ [52172].file = "drivers/pcmcia/cistpl.c",
+ [52172].name = "pccard_store_cis",
+ [52172].param6 = 1,
+ [52199].file = "mm/nobootmem.c",
+ [52199].name = "__alloc_bootmem",
+ [52199].param1 = 1,
-+ [52201].file = "drivers/video/via/viafbdev.c",
-+ [52201].name = "viafb_dvp0_proc_write",
-+ [52201].param3 = 1,
-+ [5233].file = "include/linux/poll.h",
-+ [5233].name = "set_fd_set",
-+ [5233].param1 = 1,
+ [52343].file = "drivers/usb/misc/adutux.c",
+ [52343].name = "adu_read",
+ [52343].param3 = 1,
-+ [52364].file = "sound/core/pcm_lib.c",
-+ [52364].name = "snd_pcm_lib_readv_transfer",
-+ [52364].param5 = 1,
+ [52401].file = "drivers/staging/rtl8712/rtl871x_ioctl_linux.c",
+ [52401].name = "r871x_set_wpa_ie",
+ [52401].param3 = 1,
+ [52721].file = "security/keys/encrypted-keys/encrypted.c",
+ [52721].name = "encrypted_instantiate",
+ [52721].param3 = 1,
++ [52902].file = "fs/xfs/kmem.h",
++ [52902].name = "kmem_zalloc_large",
++ [52902].param1 = 1,
++ [52950].file = "net/bluetooth/mgmt.c",
++ [52950].name = "set_discoverable",
++ [52950].param4 = 1,
+ [53041].file = "fs/libfs.c",
+ [53041].name = "simple_transaction_get",
+ [53041].param3 = 1,
+ [5344].file = "security/selinux/ss/hashtab.c",
+ [5344].name = "hashtab_create",
+ [5344].param3 = 1,
-+ [53468].file = "drivers/char/mem.c",
-+ [53468].name = "write_mem",
-+ [53468].param3 = 1,
+ [53513].file = "drivers/mmc/core/mmc_ops.c",
+ [53513].name = "mmc_send_bus_test",
+ [53513].param4 = 1,
-+ [53539].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [53539].name = "iwl_dbgfs_txfifo_flush_write",
-+ [53539].param3 = 1,
+ [53626].file = "drivers/block/paride/pg.c",
+ [53626].name = "pg_read",
+ [53626].param3 = 1,
+ [53631].file = "mm/util.c",
+ [53631].name = "memdup_user",
+ [53631].param2 = 1,
-+ [53680].file = "lib/kstrtox.c",
-+ [53680].name = "kstrtol_from_user",
-+ [53680].param2 = 1,
++ [53674].file = "drivers/media/dvb/ttpci/av7110_ca.c",
++ [53674].name = "ci_ll_write",
++ [53674].param4 = 1,
+ [5389].file = "drivers/infiniband/core/uverbs_cmd.c",
+ [5389].name = "ib_uverbs_unmarshall_recv",
+ [5389].param5 = 1,
+ [53901].file = "net/rds/message.c",
+ [53901].name = "rds_message_alloc",
+ [53901].param1 = 1,
-+ [53904].file = "fs/namei.c",
-+ [53904].name = "sys_unlink",
-+ [53904].param1 = 1,
++ [53902].file = "net/sctp/socket.c",
++ [53902].name = "sctp_setsockopt_initmsg",
++ [53902].param3 = 1,
+ [5410].file = "kernel/kexec.c",
+ [5410].name = "sys_kexec_load",
+ [5410].param2 = 1,
++ [54172].file = "net/nfc/core.c",
++ [54172].name = "nfc_alloc_recv_skb",
++ [54172].param1 = 1,
+ [54182].file = "drivers/block/rbd.c",
+ [54182].name = "rbd_snap_add",
+ [54182].param4 = 1,
-+ [5419].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c",
-+ [5419].name = "iwl_legacy_dbgfs_disable_ht40_write",
-+ [5419].param3 = 1,
+ [54201].file = "drivers/platform/x86/asus_acpi.c",
+ [54201].name = "mled_proc_write",
+ [54201].param3 = 1,
-+ [5422].file = "fs/namei.c",
-+ [5422].name = "do_unlinkat",
-+ [5422].param2 = 1,
-+ [54252].file = "drivers/scsi/st.c",
-+ [54252].name = "st_write",
-+ [54252].param3 = 1,
+ [54263].file = "security/keys/trusted.c",
+ [54263].name = "trusted_instantiate",
+ [54263].param3 = 1,
++ [54296].file = "include/linux/mISDNif.h",
++ [54296].name = "_alloc_mISDN_skb",
++ [54296].param3 = 1,
+ [54298].file = "drivers/usb/wusbcore/crypto.c",
+ [54298].name = "wusb_ccm_mac",
+ [54298].param7 = 1,
+ [54335].name = "dm_vcalloc",
+ [54335].param1 = 1,
+ [54335].param2 = 1,
++ [54338].file = "fs/ntfs/malloc.h",
++ [54338].name = "ntfs_malloc_nofs",
++ [54338].param1 = 1,
+ [54339].file = "security/smack/smackfs.c",
+ [54339].name = "smk_write_cipso",
+ [54339].param3 = 1,
++ [54369].file = "drivers/usb/storage/realtek_cr.c",
++ [54369].name = "rts51x_read_mem",
++ [54369].param4 = 1,
+ [5438].file = "sound/core/memory.c",
+ [5438].name = "copy_to_user_fromio",
+ [5438].param3 = 1,
+ [54401].file = "lib/dynamic_debug.c",
+ [54401].name = "ddebug_proc_write",
+ [54401].param3 = 1,
-+ [54427].file = "drivers/usb/storage/jumpshot.c",
-+ [54427].name = "jumpshot_write_data",
-+ [54427].param4 = 1,
+ [54467].file = "net/packet/af_packet.c",
+ [54467].name = "packet_setsockopt",
+ [54467].param5 = 1,
+ [54573].file = "ipc/sem.c",
+ [54573].name = "sys_semop",
+ [54573].param3 = 1,
++ [54583].file = "net/sctp/socket.c",
++ [54583].name = "sctp_setsockopt_peer_addr_params",
++ [54583].param3 = 1,
+ [54643].file = "drivers/isdn/hardware/eicon/divasi.c",
+ [54643].name = "um_idi_write",
+ [54643].param3 = 1,
+ [54663].file = "drivers/isdn/hardware/eicon/platform.h",
+ [54663].name = "diva_os_malloc",
+ [54663].param2 = 1,
++ [54701].file = "drivers/misc/altera-stapl/altera-jtag.c",
++ [54701].name = "altera_swap_ir",
++ [54701].param2 = 1,
+ [54751].file = "drivers/infiniband/core/device.c",
+ [54751].name = "ib_alloc_device",
+ [54751].param1 = 1,
++ [54771].file = "drivers/isdn/mISDN/socket.c",
++ [54771].name = "_l2_alloc_skb",
++ [54771].param1 = 1,
++ [54777].file = "drivers/net/wireless/ath/ath6kl/debug.c",
++ [54777].name = "ath6kl_debug_roam_tbl_event",
++ [54777].param3 = 1,
+ [54806].file = "drivers/scsi/lpfc/lpfc_debugfs.c",
+ [54806].name = "lpfc_debugfs_dif_err_write",
+ [54806].param3 = 1,
+ [55187].file = "security/keys/keyctl.c",
+ [55187].name = "keyctl_describe_key",
+ [55187].param3 = 1,
-+ [5524].file = "lib/kstrtox.c",
-+ [5524].name = "kstrtos8_from_user",
-+ [5524].param2 = 1,
+ [55253].file = "drivers/net/wireless/ray_cs.c",
+ [55253].name = "ray_cs_essid_proc_write",
+ [55253].param3 = 1,
++ [55341].file = "drivers/staging/sep/sep_driver.c",
++ [55341].name = "sep_prepare_input_output_dma_table_in_dcb",
++ [55341].param4 = 1,
++ [55341].param5 = 1,
++ [55417].file = "drivers/hv/channel.c",
++ [55417].name = "vmbus_open",
++ [55417].param2 = 1,
++ [55417].param3 = 1,
+ [5548].file = "drivers/media/media-entity.c",
+ [5548].name = "media_entity_init",
+ [5548].param2 = 1,
+ [5548].param4 = 1,
++ [55546].file = "drivers/spi/spi.c",
++ [55546].name = "spi_alloc_master",
++ [55546].param2 = 1,
+ [55580].file = "drivers/usb/mon/mon_bin.c",
+ [55580].name = "copy_from_buf",
+ [55580].param2 = 1,
-+ [55682].file = "drivers/net/wireless/libertas/debugfs.c",
-+ [55682].name = "lbs_host_sleep_write",
-+ [55682].param3 = 1,
++ [55584].file = "drivers/tty/tty_buffer.c",
++ [55584].name = "tty_buffer_alloc",
++ [55584].param2 = 1,
+ [55712].file = "drivers/char/mem.c",
+ [55712].name = "read_zero",
+ [55712].param3 = 1,
-+ [55857].file = "drivers/net/wireless/ath/ath9k/debug.c",
-+ [55857].name = "write_file_tx_chainmask",
-+ [55857].param3 = 1,
++ [55727].file = "drivers/media/video/stk-webcam.c",
++ [55727].name = "stk_prepare_sio_buffers",
++ [55727].param2 = 1,
++ [55816].file = "drivers/misc/altera-stapl/altera-jtag.c",
++ [55816].name = "altera_set_ir_pre",
++ [55816].param2 = 1,
++ [55826].file = "drivers/infiniband/hw/ipath/ipath_file_ops.c",
++ [55826].name = "ipath_get_base_info",
++ [55826].param3 = 1,
++ [5586].file = "net/atm/common.c",
++ [5586].name = "alloc_tx",
++ [5586].param2 = 1,
+ [55978].file = "drivers/usb/misc/iowarrior.c",
+ [55978].name = "iowarrior_write",
+ [55978].param3 = 1,
-+ [5599].file = "drivers/char/random.c",
-+ [5599].name = "write_pool",
-+ [5599].param3 = 1,
-+ [56090].file = "drivers/media/video/videobuf-dma-sg.c",
-+ [56090].name = "__videobuf_alloc_vb",
-+ [56090].param1 = 1,
++ [56170].file = "drivers/usb/wusbcore/wa-xfer.c",
++ [56170].name = "__wa_xfer_setup_segs",
++ [56170].param2 = 1,
+ [56199].file = "fs/binfmt_misc.c",
+ [56199].name = "parse_command",
+ [56199].param2 = 1,
+ [56218].file = "drivers/mmc/card/mmc_test.c",
+ [56218].name = "mtf_test_write",
+ [56218].param3 = 1,
++ [56239].file = "fs/sysfs/file.c",
++ [56239].name = "fill_write_buffer",
++ [56239].param3 = 1,
++ [5624].file = "drivers/net/wireless/ath/ath9k/wmi.c",
++ [5624].name = "ath9k_wmi_cmd",
++ [5624].param4 = 1,
+ [56416].file = "drivers/misc/lkdtm.c",
+ [56416].name = "do_register_entry",
+ [56416].param4 = 1,
-+ [56432].file = "drivers/mfd/aat2870-core.c",
-+ [56432].name = "aat2870_reg_write_file",
-+ [56432].param3 = 1,
++ [56458].file = "drivers/usb/host/hwa-hc.c",
++ [56458].name = "__hwahc_op_set_ptk",
++ [56458].param5 = 1,
+ [56471].file = "include/linux/slab.h",
+ [56471].name = "kcalloc",
+ [56471].param1 = 1,
+ [56513].file = "fs/cifs/connect.c",
+ [56513].name = "cifs_readv_from_socket",
+ [56513].param3 = 1,
++ [56531].file = "net/bluetooth/l2cap_core.c",
++ [56531].name = "l2cap_send_cmd",
++ [56531].param4 = 1,
+ [56544].file = "drivers/block/drbd/drbd_receiver.c",
+ [56544].name = "receive_DataRequest",
+ [56544].param3 = 1,
-+ [5661].file = "lib/dma-debug.c",
-+ [5661].name = "filter_write",
-+ [5661].param3 = 1,
++ [56609].file = "lib/mpi/mpi-internal.h",
++ [56609].name = "RESIZE_IF_NEEDED",
++ [56609].param2 = 1,
++ [56652].file = "drivers/misc/altera-stapl/altera-jtag.c",
++ [56652].name = "altera_set_dr_post",
++ [56652].param2 = 1,
++ [56653].file = "net/irda/af_irda.c",
++ [56653].name = "irda_setsockopt",
++ [56653].param5 = 1,
+ [56672].file = "drivers/char/agp/generic.c",
+ [56672].name = "agp_alloc_page_array",
+ [56672].param1 = 1,
++ [56798].file = "fs/bio.c",
++ [56798].name = "bio_alloc_map_data",
++ [56798].param2 = 1,
+ [56843].file = "drivers/scsi/scsi_transport_iscsi.c",
+ [56843].name = "iscsi_recv_pdu",
+ [56843].param4 = 1,
-+ [57120].file = "lib/kstrtox.c",
-+ [57120].name = "kstrtouint_from_user",
-+ [57120].param2 = 1,
++ [56903].file = "drivers/mtd/mtdchar.c",
++ [56903].name = "mtdchar_readoob",
++ [56903].param4 = 1,
++ [5699].file = "net/sctp/socket.c",
++ [5699].name = "sctp_setsockopt_default_send_param",
++ [5699].param3 = 1,
++ [5704].file = "drivers/mtd/mtdswap.c",
++ [5704].name = "mtdswap_init",
++ [5704].param2 = 1,
+ [57128].file = "drivers/pnp/pnpbios/proc.c",
+ [57128].name = "pnpbios_proc_write",
+ [57128].param3 = 1,
+ [57190].file = "drivers/char/agp/generic.c",
+ [57190].name = "agp_generic_alloc_user",
+ [57190].param1 = 1,
++ [57252].file = "drivers/media/dvb/dvb-core/dmxdev.c",
++ [57252].name = "dvb_dmxdev_set_buffer_size",
++ [57252].param2 = 1,
++ [57392].file = "drivers/block/aoe/aoecmd.c",
++ [57392].name = "new_skb",
++ [57392].param1 = 1,
+ [57471].file = "drivers/media/video/sn9c102/sn9c102_core.c",
+ [57471].name = "sn9c102_read",
+ [57471].param3 = 1,
-+ [57605].file = "net/netlink/af_netlink.c",
-+ [57605].name = "netlink_kernel_create",
-+ [57605].param3 = 1,
++ [57547].file = "security/keys/encrypted-keys/encrypted.c",
++ [57547].name = "get_derived_key",
++ [57547].param4 = 1,
++ [57552].file = "net/sunrpc/cache.c",
++ [57552].name = "cache_slow_downcall",
++ [57552].param2 = 1,
+ [57670].file = "drivers/bluetooth/btmrvl_debugfs.c",
+ [57670].name = "btmrvl_pscmd_write",
+ [57670].param3 = 1,
-+ [57675].file = "drivers/net/wireless/ath/ath9k/debug.c",
-+ [57675].name = "write_file_regidx",
-+ [57675].param3 = 1,
++ [57710].file = "include/linux/usb/wusb.h",
++ [57710].name = "wusb_prf_256",
++ [57710].param7 = 1,
+ [57724].file = "net/bluetooth/hci_sock.c",
+ [57724].name = "hci_sock_setsockopt",
+ [57724].param5 = 1,
-+ [57748].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [57748].name = "iwl_dbgfs_missed_beacon_write",
-+ [57748].param3 = 1,
++ [57761].file = "kernel/kexec.c",
++ [57761].name = "kimage_crash_alloc",
++ [57761].param3 = 1,
+ [57786].file = "net/ipv6/netfilter/ip6_tables.c",
+ [57786].name = "compat_do_ip6t_set_ctl",
+ [57786].param4 = 1,
+ [57927].file = "fs/read_write.c",
+ [57927].name = "sys_preadv",
+ [57927].param3 = 1,
++ [58012].file = "include/net/bluetooth/bluetooth.h",
++ [58012].name = "bt_skb_alloc",
++ [58012].param1 = 1,
+ [58020].file = "drivers/firewire/core-cdev.c",
+ [58020].name = "fw_device_op_ioctl",
+ [58020].param2 = 1,
+ [58043].file = "kernel/auditfilter.c",
+ [58043].name = "audit_unpack_string",
+ [58043].param3 = 1,
-+ [5805].file = "drivers/xen/grant-table.c",
-+ [5805].name = "gnttab_alloc_grant_references",
-+ [5805].param1 = 1,
+ [58087].file = "kernel/module.c",
+ [58087].name = "module_alloc_update_bounds_rw",
+ [58087].param1 = 1,
-+ [58107].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [58107].name = "iwl_dbgfs_sleep_level_override_write",
-+ [58107].param3 = 1,
+ [58124].file = "drivers/usb/misc/usbtest.c",
+ [58124].name = "ctrl_out",
+ [58124].param3 = 1,
+ [58124].param5 = 1,
++ [58217].file = "net/sctp/socket.c",
++ [58217].name = "sctp_setsockopt_peer_primary_addr",
++ [58217].param3 = 1,
+ [58263].file = "security/keys/keyring.c",
+ [58263].name = "keyring_read",
+ [58263].param3 = 1,
-+ [58278].file = "drivers/net/wireless/iwlwifi/iwl-trans-pcie.c",
-+ [58278].name = "iwl_dbgfs_log_event_write",
-+ [58278].param3 = 1,
+ [5830].file = "drivers/gpu/vga/vga_switcheroo.c",
+ [5830].name = "vga_switcheroo_debugfs_write",
+ [5830].param3 = 1,
+ [58344].file = "net/sunrpc/cache.c",
+ [58344].name = "read_flush",
+ [58344].param3 = 1,
-+ [58392].file = "fs/namei.c",
-+ [58392].name = "getname_flags",
-+ [58392].param1 = 1,
-+ [58418].file = "kernel/module.c",
-+ [58418].name = "sys_init_module",
-+ [58418].param2 = 1,
-+ [58502].file = "sound/core/sgbuf.c",
-+ [58502].name = "snd_malloc_sgbuf_pages",
-+ [58502].param2 = 1,
++ [58379].file = "mm/nobootmem.c",
++ [58379].name = "__alloc_bootmem_node",
++ [58379].param2 = 1,
+ [58597].file = "kernel/kfifo.c",
+ [58597].name = "__kfifo_to_user",
+ [58597].param3 = 1,
+ [58826].file = "net/sunrpc/xprt.c",
+ [58826].name = "xprt_alloc",
+ [58826].param2 = 1,
++ [58865].file = "include/linux/slub_def.h",
++ [58865].name = "kmalloc_order_trace",
++ [58865].param1 = 1,
+ [58867].file = "drivers/platform/x86/asus_acpi.c",
+ [58867].name = "wled_proc_write",
+ [58867].param3 = 1,
-+ [58878].file = "drivers/net/wireless/libertas/debugfs.c",
-+ [58878].name = "lbs_wrbbp_write",
-+ [58878].param3 = 1,
+ [58888].file = "fs/xattr.c",
+ [58888].name = "listxattr",
+ [58888].param3 = 1,
++ [58889].file = "kernel/trace/trace_kprobe.c",
++ [58889].name = "probes_write",
++ [58889].param3 = 1,
+ [58912].file = "drivers/lguest/core.c",
+ [58912].name = "__lgwrite",
+ [58912].param4 = 1,
+ [58918].file = "sound/core/pcm_native.c",
+ [58918].name = "snd_pcm_aio_write",
+ [58918].param3 = 1,
-+ [58919].file = "net/netlabel/netlabel_unlabeled.c",
-+ [58919].name = "netlbl_unlabel_init",
-+ [58919].param1 = 1,
+ [58942].file = "drivers/block/aoe/aoedev.c",
+ [58942].name = "aoedev_flush",
+ [58942].param2 = 1,
+ [58958].file = "fs/fuse/control.c",
+ [58958].name = "fuse_conn_limit_write",
+ [58958].param3 = 1,
-+ [58].file = "lib/kstrtox.c",
-+ [58].name = "kstrtoull_from_user",
-+ [58].param2 = 1,
++ [59005].file = "drivers/staging/sep/sep_driver.c",
++ [59005].name = "sep_prepare_input_dma_table",
++ [59005].param2 = 1,
++ [59005].param3 = 1,
++ [59013].file = "fs/xfs/xfs_ioctl.c",
++ [59013].name = "xfs_handle_to_dentry",
++ [59013].param3 = 1,
+ [59034].file = "drivers/acpi/acpica/dsobject.c",
+ [59034].name = "acpi_ds_build_internal_package_obj",
+ [59034].param3 = 1,
+ [59073].file = "drivers/staging/speakup/i18n.c",
+ [59073].name = "msg_set",
+ [59073].param3 = 1,
-+ [59108].file = "drivers/net/wireless/ath/ath5k/debug.c",
-+ [59108].name = "write_file_queue",
-+ [59108].param3 = 1,
++ [59074].file = "drivers/scsi/cxgbi/libcxgbi.c",
++ [59074].name = "ddp_make_gl",
++ [59074].param1 = 1,
+ [59297].file = "drivers/media/dvb/ttpci/av7110_av.c",
+ [59297].name = "dvb_play",
+ [59297].param3 = 1,
+ [59472].file = "drivers/misc/ibmasm/ibmasmfs.c",
+ [59472].name = "command_file_write",
+ [59472].param3 = 1,
++ [59504].file = "fs/exofs/super.c",
++ [59504].name = "__alloc_dev_table",
++ [59504].param2 = 1,
+ [59505].file = "drivers/media/video/pvrusb2/pvrusb2-ioread.c",
+ [59505].name = "pvr2_ioread_read",
+ [59505].param3 = 1,
+ [5968].file = "net/sunrpc/sched.c",
+ [5968].name = "rpc_malloc",
+ [5968].param2 = 1,
-+ [59794].file = "mm/mincore.c",
-+ [59794].name = "sys_mincore",
-+ [59794].param1 = 1,
-+ [59794].param2 = 1,
++ [59695].file = "net/ipv4/netfilter/ipt_ULOG.c",
++ [59695].name = "ulog_alloc_skb",
++ [59695].param1 = 1,
+ [59838].file = "net/netlink/af_netlink.c",
+ [59838].name = "nl_pid_hash_zalloc",
+ [59838].param1 = 1,
+ [59856].file = "drivers/base/devres.c",
+ [59856].name = "devm_kzalloc",
+ [59856].param2 = 1,
-+ [59991].file = "drivers/media/video/uvc/uvc_queue.c",
-+ [59991].name = "uvc_alloc_buffers",
-+ [59991].param2 = 1,
-+ [59991].param3 = 1,
-+ [60005].file = "fs/namei.c",
-+ [60005].name = "getname",
-+ [60005].param1 = 1,
+ [60066].file = "mm/filemap.c",
+ [60066].name = "iov_iter_copy_from_user",
+ [60066].param4 = 1,
++ [60185].file = "kernel/params.c",
++ [60185].name = "kmalloc_parameter",
++ [60185].param1 = 1,
+ [60198].file = "fs/nfs/nfs4proc.c",
+ [60198].name = "nfs4_write_cached_acl",
+ [60198].param3 = 1,
+ [60330].file = "drivers/media/video/w9966.c",
+ [60330].name = "w9966_v4l_read",
+ [60330].param3 = 1,
-+ [6041].file = "drivers/mtd/mtdchar.c",
-+ [6041].name = "mtd_write",
-+ [6041].param3 = 1,
-+ [60436].file = "drivers/net/macvtap.c",
-+ [60436].name = "macvtap_sendmsg",
-+ [60436].param4 = 1,
-+ [60483].file = "drivers/char/virtio_console.c",
-+ [60483].name = "fill_readbuf",
-+ [60483].param3 = 1,
+ [604].file = "drivers/staging/rtl8712/usb_ops_linux.c",
+ [604].name = "r8712_usbctrl_vendorreq",
+ [604].param6 = 1,
+ [60744].file = "sound/pci/emu10k1/emuproc.c",
+ [60744].name = "snd_emu10k1_fx8010_read",
+ [60744].param5 = 1,
++ [60777].file = "fs/ntfs/malloc.h",
++ [60777].name = "ntfs_malloc_nofs_nofail",
++ [60777].param1 = 1,
+ [60833].file = "drivers/block/aoe/aoenet.c",
+ [60833].name = "set_aoe_iflist",
+ [60833].param2 = 1,
-+ [60878].file = "drivers/net/wireless/rt2x00/rt2x00debug.c",
-+ [60878].name = "rt2x00debug_read_queue_dump",
-+ [60878].param3 = 1,
+ [60882].file = "drivers/input/joydev.c",
+ [60882].name = "joydev_compat_ioctl",
+ [60882].param2 = 1,
-+ [60891].file = "kernel/sched.c",
++ [60891].file = "kernel/sched/core.c",
+ [60891].name = "sys_sched_setaffinity",
+ [60891].param2 = 1,
-+ [60927].file = "drivers/net/wireless/ath/ath9k/debug.c",
-+ [60927].name = "write_file_disable_ani",
-+ [60927].param3 = 1,
++ [60920].file = "drivers/infiniband/hw/qib/qib_file_ops.c",
++ [60920].name = "qib_get_base_info",
++ [60920].param3 = 1,
+ [60928].file = "drivers/staging/bcm/Bcmchar.c",
+ [60928].name = "bcm_char_read",
+ [60928].param3 = 1,
-+ [61058].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [61058].name = "iwl_dbgfs_disable_ht40_write",
-+ [61058].param3 = 1,
-+ [61120].file = "drivers/char/mem.c",
-+ [61120].name = "read_mem",
-+ [61120].param3 = 1,
-+ [61222].file = "net/sunrpc/rpc_pipe.c",
-+ [61222].name = "rpc_pipe_generic_upcall",
-+ [61222].param4 = 1,
++ [61122].file = "drivers/base/devres.c",
++ [61122].name = "alloc_dr",
++ [61122].param2 = 1,
+ [61254].file = "drivers/scsi/scsi_devinfo.c",
+ [61254].name = "proc_scsi_devinfo_write",
+ [61254].param3 = 1,
+ [61389].file = "include/linux/slab.h",
+ [61389].name = "kzalloc_node",
+ [61389].param1 = 1,
-+ [61546].file = "mm/filemap.c",
-+ [61546].name = "__iovec_copy_from_user_inatomic",
-+ [61546].param3 = 1,
-+ [61546].param4 = 1,
++ [61441].file = "fs/ntfs/file.c",
++ [61441].name = "ntfs_copy_from_user_iovec",
++ [61441].param3 = 1,
++ [61441].param6 = 1,
+ [61552].file = "drivers/input/evdev.c",
+ [61552].name = "str_to_user",
+ [61552].param2 = 1,
+ [61676].file = "kernel/module.c",
+ [61676].name = "module_alloc_update_bounds_rx",
+ [61676].param1 = 1,
++ [61684].file = "drivers/net/ethernet/chelsio/cxgb3/cxgb3_offload.c",
++ [61684].name = "cxgb3_get_cpl_reply_skb",
++ [61684].param2 = 1,
++ [6173].file = "net/netlink/af_netlink.c",
++ [6173].name = "netlink_sendmsg",
++ [6173].param4 = 1,
+ [61770].file = "drivers/media/video/et61x251/et61x251_core.c",
+ [61770].name = "et61x251_read",
+ [61770].param3 = 1,
-+ [6186].file = "drivers/char/mem.c",
-+ [6186].name = "read_kmem",
-+ [6186].param3 = 1,
++ [61772].file = "fs/exofs/ore_raid.c",
++ [61772].name = "_sp2d_alloc",
++ [61772].param1 = 1,
++ [61772].param2 = 1,
++ [61772].param3 = 1,
++ [61926].file = "drivers/media/dvb/ddbridge/ddbridge-core.c",
++ [61926].name = "ddb_input_read",
++ [61926].param3 = 1,
+ [61932].file = "drivers/message/fusion/mptctl.c",
+ [61932].name = "__mptctl_ioctl",
+ [61932].param2 = 1,
++ [61966].file = "fs/nfs/nfs4proc.c",
++ [61966].name = "nfs4_alloc_slots",
++ [61966].param1 = 1,
+ [62081].file = "drivers/net/irda/vlsi_ir.c",
+ [62081].name = "vlsi_alloc_ring",
+ [62081].param3 = 1,
++ [62081].param4 = 1,
+ [62116].file = "fs/libfs.c",
+ [62116].name = "simple_attr_read",
+ [62116].param3 = 1,
-+ [6225].file = "drivers/block/floppy.c",
-+ [6225].name = "fd_ioctl",
-+ [6225].param3 = 1,
++ [6211].file = "drivers/net/ethernet/amd/pcnet32.c",
++ [6211].name = "pcnet32_realloc_tx_ring",
++ [6211].param3 = 1,
+ [62294].file = "sound/core/info.c",
+ [62294].name = "resize_info_buffer",
+ [62294].param2 = 1,
-+ [62378].file = "net/ipv4/tcp.c",
-+ [62378].name = "do_tcp_setsockopt",
-+ [62378].param5 = 1,
+ [62387].file = "fs/nfs/idmap.c",
+ [62387].name = "nfs_idmap_lookup_id",
+ [62387].param2 = 1,
-+ [62453].file = "fs/namei.c",
-+ [62453].name = "user_path_create",
-+ [62453].param2 = 1,
++ [62465].file = "drivers/misc/altera-stapl/altera-jtag.c",
++ [62465].name = "altera_set_dr_pre",
++ [62465].param2 = 1,
++ [62466].file = "lib/mpi/mpiutil.c",
++ [62466].name = "mpi_alloc",
++ [62466].param1 = 1,
+ [62495].file = "drivers/block/floppy.c",
+ [62495].name = "fallback_on_nodma_alloc",
+ [62495].param2 = 1,
+ [62498].file = "fs/xattr.c",
+ [62498].name = "sys_listxattr",
+ [62498].param3 = 1,
-+ [62583].file = "drivers/net/wireless/mwifiex/debugfs.c",
-+ [62583].name = "mwifiex_regrdwr_write",
-+ [62583].param3 = 1,
+ [625].file = "fs/read_write.c",
+ [625].name = "sys_pwritev",
+ [625].param3 = 1,
++ [62662].file = "drivers/message/fusion/mptctl.c",
++ [62662].name = "mptctl_getiocinfo",
++ [62662].param2 = 1,
+ [62669].file = "drivers/platform/x86/asus_acpi.c",
+ [62669].name = "tled_proc_write",
+ [62669].param3 = 1,
+ [62714].file = "security/keys/keyctl.c",
+ [62714].name = "keyctl_update_key",
+ [62714].param3 = 1,
-+ [62799].file = "fs/proc/task_mmu.c",
-+ [62799].name = "pagemap_read",
-+ [62799].param3 = 1,
-+ [62811].file = "drivers/usb/misc/legousbtower.c",
-+ [62811].name = "tower_read",
-+ [62811].param3 = 1,
++ [62760].file = "drivers/media/dvb/ttpci/av7110_av.c",
++ [62760].name = "play_iframe",
++ [62760].param3 = 1,
+ [62851].file = "fs/proc/vmcore.c",
+ [62851].name = "read_vmcore",
+ [62851].param3 = 1,
++ [62870].file = "fs/nfs/idmap.c",
++ [62870].name = "nfs_idmap_get_desc",
++ [62870].param2 = 1,
++ [62870].param4 = 1,
++ [62905].file = "net/caif/cfpkt_skbuff.c",
++ [62905].name = "cfpkt_create",
++ [62905].param1 = 1,
++ [62920].file = "drivers/net/wireless/b43/phy_n.c",
++ [62920].name = "b43_nphy_load_samples",
++ [62920].param3 = 1,
+ [62925].file = "include/rdma/ib_verbs.h",
+ [62925].name = "ib_copy_from_udata",
+ [62925].param3 = 1,
++ [62934].file = "drivers/net/wireless/wl1251/cmd.c",
++ [62934].name = "wl1251_cmd_template_set",
++ [62934].param4 = 1,
++ [62940].file = "drivers/scsi/libsrp.c",
++ [62940].name = "srp_ring_alloc",
++ [62940].param2 = 1,
+ [62967].file = "security/keys/encrypted-keys/encrypted.c",
+ [62967].name = "encrypted_update",
+ [62967].param3 = 1,
+ [62999].file = "net/core/neighbour.c",
+ [62999].name = "neigh_hash_alloc",
+ [62999].param1 = 1,
-+ [63004].file = "drivers/usb/storage/datafab.c",
-+ [63004].name = "datafab_write_data",
-+ [63004].param4 = 1,
+ [63007].file = "fs/proc/base.c",
+ [63007].name = "proc_coredump_filter_write",
+ [63007].param3 = 1,
+ [63010].file = "drivers/gpu/drm/ttm/ttm_page_alloc.c",
+ [63010].name = "ttm_page_pool_free",
+ [63010].param2 = 1,
++ [63045].file = "crypto/shash.c",
++ [63045].name = "shash_setkey_unaligned",
++ [63045].param3 = 1,
++ [63075].file = "kernel/relay.c",
++ [63075].name = "relay_alloc_page_array",
++ [63075].param1 = 1,
+ [63076].file = "fs/cifs/xattr.c",
+ [63076].name = "cifs_setxattr",
+ [63076].param4 = 1,
+ [63091].file = "drivers/net/usb/pegasus.c",
+ [63091].name = "get_registers",
+ [63091].param3 = 1,
-+ [63169].file = "drivers/scsi/sg.c",
-+ [63169].name = "sg_read",
-+ [63169].param3 = 1,
+ [6331].file = "drivers/atm/solos-pci.c",
+ [6331].name = "solos_param_store",
+ [6331].param4 = 1,
+ [63367].file = "net/netfilter/ipset/ip_set_core.c",
+ [63367].name = "ip_set_alloc",
+ [63367].param1 = 1,
-+ [63473].file = "drivers/staging/pohmelfs/trans.c",
-+ [63473].name = "netfs_trans_alloc",
-+ [63473].param2 = 1,
-+ [63473].param4 = 1,
+ [63489].file = "drivers/bluetooth/btmrvl_debugfs.c",
+ [63489].name = "btmrvl_hscfgcmd_write",
+ [63489].param3 = 1,
+ [63490].file = "crypto/shash.c",
+ [63490].name = "shash_compat_setkey",
+ [63490].param3 = 1,
-+ [63583].file = "drivers/char/mem.c",
-+ [63583].name = "write_kmem",
-+ [63583].param3 = 1,
+ [63605].file = "mm/mempool.c",
+ [63605].name = "mempool_kmalloc",
+ [63605].param2 = 1,
-+ [63717].file = "drivers/net/wireless/iwlwifi/iwl-trans-pcie.c",
-+ [63717].name = "iwl_dbgfs_csr_write",
-+ [63717].param3 = 1,
-+ [63748].file = "drivers/staging/crystalhd/crystalhd_misc.c",
-+ [63748].name = "crystalhd_map_dio",
-+ [63748].param3 = 1,
-+ [63765].file = "fs/seq_file.c",
-+ [63765].name = "seq_read",
-+ [63765].param3 = 1,
-+ [63777].file = "drivers/virtio/virtio_ring.c",
-+ [63777].name = "virtqueue_add_buf_gfp",
-+ [63777].param3 = 1,
-+ [63777].param4 = 1,
++ [63633].file = "drivers/bluetooth/btmrvl_sdio.c",
++ [63633].name = "btmrvl_sdio_host_to_card",
++ [63633].param3 = 1,
+ [63961].file = "fs/xattr.c",
+ [63961].name = "sys_flistxattr",
+ [63961].param3 = 1,
++ [63964].file = "net/sctp/socket.c",
++ [63964].name = "sctp_setsockopt_maxseg",
++ [63964].param3 = 1,
+ [63988].file = "drivers/input/evdev.c",
+ [63988].name = "evdev_ioctl_compat",
+ [63988].param2 = 1,
-+ [64118].file = "fs/namei.c",
-+ [64118].name = "sys_symlinkat",
-+ [64118].param1 = 1,
++ [64055].file = "drivers/media/dvb/ttpci/av7110_av.c",
++ [64055].name = "dvb_aplay",
++ [64055].param3 = 1,
+ [64156].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c",
+ [64156].name = "ath6kl_mgmt_tx",
+ [64156].param9 = 1,
++ [64226].file = "drivers/md/persistent-data/dm-space-map-checker.c",
++ [64226].name = "ca_extend",
++ [64226].param2 = 1,
+ [64227].file = "mm/nobootmem.c",
+ [64227].name = "__alloc_bootmem_node_nopanic",
+ [64227].param2 = 1,
-+ [64312].file = "drivers/video/hecubafb.c",
-+ [64312].name = "hecubafb_write",
-+ [64312].param3 = 1,
+ [64351].file = "kernel/kfifo.c",
+ [64351].name = "kfifo_copy_from_user",
+ [64351].param3 = 1,
+ [64392].file = "drivers/mmc/core/mmc_ops.c",
+ [64392].name = "mmc_send_cxd_data",
+ [64392].param5 = 1,
++ [64423].file = "kernel/sched/core.c",
++ [64423].name = "get_user_cpu_mask",
++ [64423].param2 = 1,
++ [64432].file = "security/selinux/selinuxfs.c",
++ [64432].name = "sel_write_create",
++ [64432].param3 = 1,
+ [64471].file = "drivers/bluetooth/btmrvl_debugfs.c",
+ [64471].name = "btmrvl_hscmd_write",
+ [64471].param3 = 1,
+ [64705].file = "drivers/staging/iio/accel/sca3000_ring.c",
+ [64705].name = "sca3000_read_first_n_hw_rb",
+ [64705].param2 = 1,
++ [64713].file = "fs/cifs/connect.c",
++ [64713].name = "extract_hostname",
++ [64713].param1 = 1,
+ [64743].file = "fs/ocfs2/dlmfs/dlmfs.c",
+ [64743].name = "dlmfs_file_read",
+ [64743].param3 = 1,
++ [64771].file = "security/keys/encrypted-keys/encrypted.c",
++ [64771].name = "datablob_format",
++ [64771].param2 = 1,
+ [6477].file = "net/bluetooth/mgmt.c",
+ [6477].name = "mgmt_pending_add",
+ [6477].param5 = 1,
-+ [64898].file = "drivers/media/video/videobuf-dma-sg.c",
-+ [64898].name = "videobuf_dma_init_user",
-+ [64898].param3 = 1,
-+ [64898].param4 = 1,
+ [64906].file = "drivers/net/wireless/b43legacy/debugfs.c",
+ [64906].name = "b43legacy_debugfs_write",
+ [64906].param3 = 1,
++ [64913].file = "sound/core/oss/pcm_oss.c",
++ [64913].name = "snd_pcm_oss_write1",
++ [64913].param3 = 1,
+ [64961].file = "drivers/spi/spidev.c",
+ [64961].name = "spidev_ioctl",
+ [64961].param2 = 1,
+ [65093].file = "security/integrity/evm/evm_secfs.c",
+ [65093].name = "evm_write_key",
+ [65093].param3 = 1,
-+ [65098].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [65098].name = "iwl_dbgfs_traffic_log_write",
-+ [65098].param3 = 1,
+ [6514].file = "mm/nobootmem.c",
+ [6514].name = "__alloc_bootmem_low",
+ [6514].param1 = 1,
+ [6517].file = "drivers/md/dm-table.c",
+ [6517].name = "alloc_targets",
+ [6517].param2 = 1,
-+ [65195].file = "fs/jffs2/xattr.c",
-+ [65195].name = "do_jffs2_setxattr",
-+ [65195].param5 = 1,
++ [65205].file = "drivers/input/evdev.c",
++ [65205].name = "handle_eviocgbit",
++ [65205].param3 = 1,
+ [65237].file = "kernel/profile.c",
+ [65237].name = "read_profile",
+ [65237].param3 = 1,
++ [65343].file = "kernel/trace/trace.c",
++ [65343].name = "tracing_clock_write",
++ [65343].param3 = 1,
+ [65345].file = "lib/xz/xz_dec_lzma2.c",
+ [65345].name = "xz_dec_lzma2_create",
+ [65345].param2 = 1,
-+ [65364].file = "sound/core/pcm_lib.c",
-+ [65364].name = "snd_pcm_lib_read_transfer",
-+ [65364].param5 = 1,
+ [65409].file = "net/802/garp.c",
+ [65409].name = "garp_request_join",
+ [65409].param4 = 1,
+ [65432].file = "drivers/hid/hid-roccat-kone.c",
+ [65432].name = "kone_receive",
+ [65432].param4 = 1,
-+ [65452].file = "drivers/message/fusion/mptctl.c",
-+ [65452].name = "mptctl_ioctl",
-+ [65452].param2 = 1,
+ [65514].file = "drivers/media/video/gspca/t613.c",
+ [65514].name = "reg_w_ixbuf",
+ [65514].param4 = 1,
+ [65535].file = "drivers/media/dvb/dvb-usb/opera1.c",
+ [65535].name = "opera1_xilinx_rw",
+ [65535].param5 = 1,
-+ [6657].file = "drivers/hid/hid-roccat-kone.c",
-+ [6657].name = "kone_send",
-+ [6657].param4 = 1,
+ [6672].file = "drivers/net/wireless/b43/debugfs.c",
+ [6672].name = "b43_debugfs_write",
+ [6672].param3 = 1,
+ [6691].file = "drivers/acpi/proc.c",
+ [6691].name = "acpi_system_write_wakeup_device",
+ [6691].param3 = 1,
-+ [6772].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [6772].name = "iwl_dbgfs_force_reset_write",
-+ [6772].param3 = 1,
-+ [6780].file = "sound/core/info.c",
-+ [6780].name = "snd_info_entry_read",
-+ [6780].param3 = 1,
-+ [6800].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c",
-+ [6800].name = "iwl_legacy_dbgfs_missed_beacon_write",
-+ [6800].param3 = 1,
-+ [680].file = "drivers/misc/ibmasm/ibmasmfs.c",
-+ [680].name = "command_file_read",
-+ [680].param3 = 1,
+ [6865].file = "drivers/staging/iio/ring_sw.c",
+ [6865].name = "iio_read_first_n_sw_rb",
+ [6865].param2 = 1,
+ [7066].file = "security/keys/keyctl.c",
+ [7066].name = "keyctl_instantiate_key_common",
+ [7066].param4 = 1,
++ [7125].file = "include/net/nfc/nci_core.h",
++ [7125].name = "nci_skb_alloc",
++ [7125].param2 = 1,
+ [7129].file = "mm/maccess.c",
+ [7129].name = "__probe_kernel_read",
+ [7129].param3 = 1,
++ [7158].file = "kernel/trace/trace.c",
++ [7158].name = "tracing_read_pipe",
++ [7158].param3 = 1,
+ [720].file = "sound/pci/rme9652/hdsp.c",
+ [720].name = "snd_hdsp_playback_copy",
+ [720].param5 = 1,
++ [7236].file = "drivers/gpu/drm/drm_crtc.c",
++ [7236].name = "drm_plane_init",
++ [7236].param6 = 1,
+ [7411].file = "drivers/vhost/vhost.c",
+ [7411].name = "__vhost_add_used_n",
+ [7411].param3 = 1,
++ [7432].file = "net/bluetooth/mgmt.c",
++ [7432].name = "mgmt_event",
++ [7432].param4 = 1,
+ [7488].file = "security/keys/user_defined.c",
+ [7488].name = "user_read",
+ [7488].param3 = 1,
+ [7551].file = "drivers/input/touchscreen/ad7879-spi.c",
+ [7551].name = "ad7879_spi_xfer",
+ [7551].param3 = 1,
++ [7671].file = "mm/nobootmem.c",
++ [7671].name = "__alloc_bootmem_node_high",
++ [7671].param2 = 1,
+ [7676].file = "drivers/acpi/custom_method.c",
+ [7676].name = "cm_write",
+ [7676].param3 = 1,
-+ [7832].file = "drivers/net/wireless/ath/ath5k/debug.c",
-+ [7832].name = "write_file_antenna",
-+ [7832].param3 = 1,
++ [7693].file = "net/sctp/socket.c",
++ [7693].name = "sctp_setsockopt_associnfo",
++ [7693].param3 = 1,
++ [7697].file = "security/selinux/selinuxfs.c",
++ [7697].name = "sel_write_access",
++ [7697].param3 = 1,
+ [7843].file = "fs/compat.c",
+ [7843].name = "compat_sys_readv",
+ [7843].param3 = 1,
++ [7883].file = "net/sched/sch_sfq.c",
++ [7883].name = "sfq_alloc",
++ [7883].param1 = 1,
++ [7924].file = "drivers/media/video/cx18/cx18-fileops.c",
++ [7924].name = "cx18_read_pos",
++ [7924].param3 = 1,
+ [7958].file = "drivers/gpu/vga/vgaarb.c",
+ [7958].name = "vga_arb_write",
+ [7958].param3 = 1,
+ [7976].file = "drivers/usb/gadget/rndis.c",
+ [7976].name = "rndis_add_response",
+ [7976].param2 = 1,
++ [7985].file = "net/mac80211/cfg.c",
++ [7985].name = "ieee80211_mgmt_tx",
++ [7985].param9 = 1,
+ [8014].file = "net/netfilter/ipset/ip_set_list_set.c",
+ [8014].name = "init_list_set",
+ [8014].param2 = 1,
+ [8014].param3 = 1,
-+ [8087].file = "drivers/video/via/viafbdev.c",
-+ [8087].name = "viafb_iga1_odev_proc_write",
-+ [8087].param3 = 1,
+ [8126].file = "sound/soc/soc-core.c",
+ [8126].name = "codec_reg_read_file",
+ [8126].param3 = 1,
-+ [8185].file = "drivers/net/wireless/ath/ath6kl/debug.c",
-+ [8185].name = "ath6kl_regwrite_write",
-+ [8185].param3 = 1,
+ [8317].file = "security/smack/smackfs.c",
+ [8317].name = "smk_write_ambient",
+ [8317].param3 = 1,
-+ [8334].file = "drivers/scsi/sg.c",
-+ [8334].name = "sg_proc_write_adio",
-+ [8334].param3 = 1,
-+ [8481].file = "drivers/isdn/i4l/isdn_common.c",
-+ [8481].name = "isdn_write",
-+ [8481].param3 = 1,
++ [8335].file = "drivers/media/dvb/dvb-core/dmxdev.c",
++ [8335].name = "dvb_dvr_set_buffer_size",
++ [8335].param2 = 1,
++ [8383].file = "kernel/module.c",
++ [8383].name = "copy_and_check",
++ [8383].param3 = 1,
++ [8411].file = "net/caif/cfpkt_skbuff.c",
++ [8411].name = "cfpkt_append",
++ [8411].param3 = 1,
+ [8536].file = "fs/cifs/dns_resolve.c",
+ [8536].name = "dns_resolve_server_name_to_ip",
+ [8536].param1 = 1,
++ [857].file = "drivers/virtio/virtio_ring.c",
++ [857].name = "virtqueue_add_buf",
++ [857].param3 = 1,
++ [857].param4 = 1,
+ [8650].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c",
+ [8650].name = "vmw_kms_present",
+ [8650].param9 = 1,
++ [8654].file = "drivers/net/wireless/mwifiex/sdio.c",
++ [8654].name = "mwifiex_alloc_sdio_mpa_buffers",
++ [8654].param2 = 1,
++ [8654].param3 = 1,
+ [865].file = "drivers/base/regmap/regmap-debugfs.c",
+ [865].name = "regmap_access_read_file",
+ [865].param3 = 1,
+ [8699].file = "security/selinux/selinuxfs.c",
+ [8699].name = "sel_commit_bools_write",
+ [8699].param3 = 1,
-+ [8714].file = "lib/kstrtox.c",
-+ [8714].name = "kstrtou16_from_user",
-+ [8714].param2 = 1,
+ [8764].file = "drivers/usb/core/devio.c",
+ [8764].name = "usbdev_read",
+ [8764].param3 = 1,
+ [8833].file = "security/selinux/ss/services.c",
+ [8833].name = "security_context_to_sid",
+ [8833].param2 = 1,
++ [8838].file = "lib/mpi/mpi-bit.c",
++ [8838].name = "mpi_lshift_limbs",
++ [8838].param2 = 1,
+ [8851].file = "net/key/af_key.c",
+ [8851].name = "pfkey_sendmsg",
+ [8851].param4 = 1,
-+ [8917].file = "net/ipv4/raw.c",
++ [8917].file = "net/can/raw.c",
+ [8917].name = "raw_setsockopt",
+ [8917].param5 = 1,
+ [8983].file = "include/linux/skbuff.h",
+ [8983].name = "alloc_skb",
+ [8983].param1 = 1,
++ [9117].file = "drivers/base/regmap/regcache-rbtree.c",
++ [9117].name = "regcache_rbtree_insert_to_block",
++ [9117].param5 = 1,
+ [9226].file = "mm/migrate.c",
+ [9226].name = "sys_move_pages",
+ [9226].param2 = 1,
++ [9304].file = "kernel/auditfilter.c",
++ [9304].name = "audit_init_entry",
++ [9304].param1 = 1,
++ [9317].file = "drivers/usb/wusbcore/wa-nep.c",
++ [9317].name = "wa_nep_queue",
++ [9317].param2 = 1,
+ [9341].file = "drivers/acpi/apei/erst-dbg.c",
+ [9341].name = "erst_dbg_write",
+ [9341].param3 = 1,
-+ [9463].file = "drivers/infiniband/hw/ipath/ipath_verbs.c",
-+ [9463].name = "ipath_verbs_send",
-+ [9463].param3 = 1,
-+ [9463].param5 = 1,
++ [9386].file = "fs/exofs/ore.c",
++ [9386].name = "_ore_get_io_state",
++ [9386].param3 = 1,
++ [9386].param4 = 1,
++ [9386].param5 = 1,
++ [9538].file = "crypto/blkcipher.c",
++ [9538].name = "blkcipher_copy_iv",
++ [9538].param3 = 1,
+ [9546].file = "drivers/video/fbmem.c",
+ [9546].name = "fb_write",
+ [9546].param3 = 1,
+ [9870].file = "net/atm/addr.c",
+ [9870].name = "atm_get_addr",
+ [9870].param3 = 1,
-+ [9962].file = "drivers/scsi/sg.c",
-+ [9962].name = "sg_proc_write_dressz",
-+ [9962].param3 = 1,
+ [9977].file = "drivers/net/wireless/zd1211rw/zd_usb.c",
+ [9977].name = "zd_usb_iowrite16v_async",
+ [9977].param3 = 1,
+ [16344].collision = 1,
-+ [30494].collision = 1,
-+ [31291].collision = 1,
++ [307].collision = 1,
++ [31649].collision = 1,
+ [33040].collision = 1,
-+ [38314].collision = 1,
-+ [54338].collision = 1,
++ [45231].collision = 1,
+ [60651].collision = 1,
+};
diff --git a/tools/gcc/size_overflow_hash2.h b/tools/gcc/size_overflow_hash2.h
new file mode 100644
-index 0000000..8ed7d96
+index 0000000..9ec45ae
--- /dev/null
+++ b/tools/gcc/size_overflow_hash2.h
-@@ -0,0 +1,44 @@
+@@ -0,0 +1,35 @@
+struct size_overflow_hash size_overflow_hash2[65536] = {
-+ [2118].file = "fs/ntfs/malloc.h",
-+ [2118].name = "ntfs_malloc_nofs",
-+ [2118].param1 = 1,
+ [22224].file = "fs/proc/vmcore.c",
+ [22224].name = "read_from_oldmem",
+ [22224].param2 = 1,
++ [2344].file = "fs/ecryptfs/crypto.c",
++ [2344].name = "ecryptfs_decode_and_decrypt_filename",
++ [2344].param5 = 1,
++ [2515].file = "fs/ecryptfs/crypto.c",
++ [2515].name = "ecryptfs_copy_filename",
++ [2515].param4 = 1,
+ [26518].file = "drivers/gpu/vga/vgaarb.c",
+ [26518].name = "vga_arb_read",
+ [26518].param3 = 1,
-+ [26569].file = "lib/kstrtox.c",
-+ [26569].name = "kstrtoint_from_user",
-+ [26569].param2 = 1,
+ [30632].file = "drivers/ide/ide-proc.c",
+ [30632].name = "ide_driver_proc_write",
+ [30632].param3 = 1,
-+ [36150].file = "net/ceph/buffer.c",
-+ [36150].name = "ceph_buffer_new",
-+ [36150].param1 = 1,
+ [39024].file = "lib/scatterlist.c",
+ [39024].name = "sg_kmalloc",
+ [39024].param1 = 1,
-+ [39105].file = "drivers/gpu/drm/ttm/ttm_tt.c",
-+ [39105].name = "ttm_tt_create",
-+ [39105].param2 = 1,
-+ [43208].file = "fs/nfs/read.c",
-+ [43208].name = "nfs_readdata_alloc",
-+ [43208].param1 = 1,
-+ [46911].file = "drivers/media/video/ivtv/ivtv-fileops.c",
-+ [46911].name = "ivtv_v4l2_read",
-+ [46911].param3 = 1,
-+ [50359].file = "kernel/sched.c",
++ [50359].file = "kernel/sched/core.c",
+ [50359].name = "alloc_sched_domains",
+ [50359].param1 = 1,
-+ [52857].file = "sound/pci/rme9652/rme9652.c",
-+ [52857].name = "snd_rme9652_capture_copy",
-+ [52857].param5 = 1,
++ [53262].file = "drivers/block/aoe/aoechr.c",
++ [53262].name = "revalidate",
++ [53262].param2 = 1,
++ [56432].file = "drivers/base/regmap/regmap-debugfs.c",
++ [56432].name = "regmap_map_read_file",
++ [56432].param3 = 1,
+ [57500].file = "drivers/spi/spidev.c",
+ [57500].name = "spidev_write",
+ [57500].param3 = 1,
-+ [65149].file = "fs/nilfs2/ioctl.c",
-+ [65149].name = "nilfs_ioctl_wrap_copy",
-+ [65149].param4 = 1,
++ [8155].file = "drivers/hv/channel.c",
++ [8155].name = "vmbus_establish_gpadl",
++ [8155].param3 = 1,
+};
diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
new file mode 100644
-index 0000000..a9ae886
+index 0000000..4ec0934
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin.c
-@@ -0,0 +1,1042 @@
+@@ -0,0 +1,1150 @@
+/*
+ * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com>
+ * Licensed under the GPL v2, or (at your option) v3
+#include "gimple.h"
+#include "c-common.h"
+#include "diagnostic.h"
++#include "cfgloop.h"
+
+struct size_overflow_hash {
+ const char *name;
+
+#define __unused __attribute__((__unused__))
+#define NAME(node) IDENTIFIER_POINTER(DECL_NAME(node))
++#define NAME_LEN(node) IDENTIFIER_LENGTH(DECL_NAME(node))
+#define BEFORE_STMT true
+#define AFTER_STMT false
+#define CREATE_NEW_VAR NULL_TREE
+
+int plugin_is_GPL_compatible;
-+void debug_gimple_stmt (gimple gs);
++void debug_gimple_stmt(gimple gs);
+
-+static tree expand(struct pointer_set_t *visited, tree var);
++static tree expand(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var);
+static tree signed_size_overflow_type;
+static tree unsigned_size_overflow_type;
+static tree report_size_overflow_decl;
+static tree const_char_ptr_type_node;
+static unsigned int handle_function(void);
++static bool file_match = true;
+
+static struct plugin_info size_overflow_plugin_info = {
-+ .version = "20120311beta",
++ .version = "20120502beta",
+ .help = "no-size_overflow\tturn off size overflow checking\n",
+};
+
+ return &size_overflow_hash1[hash];
+}
+
++static void check_arg_type(tree var)
++{
++ tree type = TREE_TYPE(var);
++ enum tree_code code = TREE_CODE(type);
++
++ gcc_assert(code == INTEGER_TYPE ||
++ (code == POINTER_TYPE && TREE_CODE(TREE_TYPE(type)) == VOID_TYPE) ||
++ (code == POINTER_TYPE && TREE_CODE(TREE_TYPE(type)) == INTEGER_TYPE));
++}
++
+static void check_missing_attribute(tree arg)
+{
-+ tree var, func = get_original_function_decl(current_function_decl);
++ tree var, type, func = get_original_function_decl(current_function_decl);
+ const char *curfunc = NAME(func);
+ unsigned int new_hash, argnum = 1;
+ struct size_overflow_hash *hash;
+ expanded_location xloc;
+ bool match = false;
+
++ type = TREE_TYPE(arg);
++ // skip function pointers
++ if (TREE_CODE(type) == POINTER_TYPE && TREE_CODE(TREE_TYPE(type)) == FUNCTION_TYPE)
++ return;
++
+ loc = DECL_SOURCE_LOCATION(func);
+ xloc = expand_location(loc);
+
+ return;
+
+ hash = get_function_hash(func);
-+ if (hash->name && !strcmp(hash->name, NAME(func)) && !strcmp(hash->file, xloc.file))
++ if (hash->name && !strcmp(hash->name, NAME(func)))
++ return;
++ if (file_match && hash->file && !strcmp(hash->file, xloc.file))
+ return;
+
+ gcc_assert(TREE_CODE(arg) != COMPONENT_REF);
+ argnum++;
+ continue;
+ }
++ check_arg_type(var);
++
+ match = true;
+ if (!TYPE_UNSIGNED(TREE_TYPE(var)))
+ return;
+ return false;
+}
+
++static tree cast_a_tree(tree type, tree var)
++{
++ gcc_assert(fold_convertible_p(type, var));
++
++ return fold_convert(type, var);
++}
++
+static gimple build_cast_stmt(tree type, tree var, tree new_var, location_t loc)
+{
+ gimple assign;
+ if (new_var == CREATE_NEW_VAR)
+ new_var = create_new_var(type);
+
-+ assign = gimple_build_assign(new_var, fold_convert(type, var));
++ assign = gimple_build_assign(new_var, cast_a_tree(type, var));
+ gimple_set_location(assign, loc);
+ gimple_set_lhs(assign, make_ssa_name(new_var, assign));
+
+ return assign;
+}
+
-+static tree create_assign(struct pointer_set_t *visited, gimple oldstmt, tree rhs1, bool before)
++static tree create_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt, tree rhs1, bool before)
+{
+ tree oldstmt_rhs1;
+ enum tree_code code;
+ gimple stmt;
+ gimple_stmt_iterator gsi;
+
-+ if (is_bool(rhs1)) {
-+ pointer_set_insert(visited, oldstmt);
-+ return gimple_get_lhs(oldstmt);
-+ }
++ if (!*potentionally_overflowed)
++ return NULL_TREE;
+
+ if (rhs1 == NULL_TREE) {
+ debug_gimple_stmt(oldstmt);
+
+ stmt = build_cast_stmt(signed_size_overflow_type, rhs1, CREATE_NEW_VAR, gimple_location(oldstmt));
+ gsi = gsi_for_stmt(oldstmt);
++ if (lookup_stmt_eh_lp(oldstmt) != 0) {
++ basic_block next_bb, cur_bb;
++ edge e;
++
++ gcc_assert(before == false);
++ gcc_assert(stmt_can_throw_internal(oldstmt));
++ gcc_assert(gimple_code(oldstmt) == GIMPLE_CALL);
++ gcc_assert(!gsi_end_p(gsi));
++
++ cur_bb = gimple_bb(oldstmt);
++ next_bb = cur_bb->next_bb;
++ e = find_edge(cur_bb, next_bb);
++ gcc_assert(e != NULL);
++ gcc_assert(e->flags & EDGE_FALLTHRU);
++
++ gsi = gsi_after_labels(next_bb);
++ gcc_assert(!gsi_end_p(gsi));
++ before = true;
++ }
+ if (before)
+ gsi_insert_before(&gsi, stmt, GSI_NEW_STMT);
+ else
+ return gimple_get_lhs(stmt);
+}
+
-+static tree dup_assign(struct pointer_set_t *visited, gimple oldstmt, tree rhs1, tree rhs2, tree __unused rhs3)
++static tree dup_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt, tree rhs1, tree rhs2, tree __unused rhs3)
+{
+ tree new_var, lhs = gimple_get_lhs(oldstmt);
+ gimple stmt;
+ gimple_stmt_iterator gsi;
+
++ if (!*potentionally_overflowed)
++ return NULL_TREE;
++
+ if (gimple_num_ops(oldstmt) != 4 && rhs1 == NULL_TREE) {
+ rhs1 = gimple_assign_rhs1(oldstmt);
-+ rhs1 = create_assign(visited, oldstmt, rhs1, BEFORE_STMT);
++ rhs1 = create_assign(visited, potentionally_overflowed, oldstmt, rhs1, BEFORE_STMT);
+ }
+ if (gimple_num_ops(oldstmt) == 3 && rhs2 == NULL_TREE) {
+ rhs2 = gimple_assign_rhs2(oldstmt);
-+ rhs2 = create_assign(visited, oldstmt, rhs2, BEFORE_STMT);
++ rhs2 = create_assign(visited, potentionally_overflowed, oldstmt, rhs2, BEFORE_STMT);
+ }
+
+ stmt = gimple_copy(oldstmt);
+
+ if (rhs1 != NULL_TREE) {
+ if (!gimple_assign_cast_p(oldstmt))
-+ rhs1 = fold_convert(signed_size_overflow_type, rhs1);
++ rhs1 = cast_a_tree(signed_size_overflow_type, rhs1);
+ gimple_assign_set_rhs1(stmt, rhs1);
+ }
+
+ gimple_stmt_iterator gsi = gsi_for_stmt(oldstmt);
+
+ bb = gsi_bb(gsi);
-+ phi = make_phi_node(var, EDGE_COUNT(bb->preds));
+
++ phi = create_phi_node(var, bb);
++ gsi = gsi_last(phi_nodes(bb));
++ gsi_remove(&gsi, false);
++
++ gsi = gsi_for_stmt(oldstmt);
+ gsi_insert_after(&gsi, phi, GSI_NEW_STMT);
+ gimple_set_bb(phi, bb);
+ return phi;
+{
+ gcc_assert(is_gimple_constant(node));
+
-+ if (TYPE_PRECISION(signed_size_overflow_type) == TYPE_PRECISION(TREE_TYPE(node)))
-+ return build_int_cst_wide(signed_size_overflow_type, TREE_INT_CST_LOW(node), TREE_INT_CST_HIGH(node));
-+ else
-+ return build_int_cst(signed_size_overflow_type, int_cst_value(node));
++ return cast_a_tree(signed_size_overflow_type, node);
+}
+
-+static gimple cast_old_phi_arg(gimple oldstmt, tree arg, tree new_var)
++static gimple cast_old_phi_arg(gimple oldstmt, tree arg, tree new_var, unsigned int i)
+{
-+ basic_block first_bb;
-+ gimple newstmt;
++ basic_block bb;
++ gimple newstmt, def_stmt;
+ gimple_stmt_iterator gsi;
+
+ newstmt = build_cast_stmt(signed_size_overflow_type, arg, new_var, gimple_location(oldstmt));
++ if (TREE_CODE(arg) == SSA_NAME) {
++ def_stmt = get_def_stmt(arg);
++ if (gimple_code(def_stmt) != GIMPLE_NOP) {
++ gsi = gsi_for_stmt(def_stmt);
++ gsi_insert_after(&gsi, newstmt, GSI_NEW_STMT);
++ return newstmt;
++ }
++ }
+
-+ first_bb = split_block_after_labels(ENTRY_BLOCK_PTR)->dest;
-+ if (dom_info_available_p(CDI_DOMINATORS))
-+ set_immediate_dominator(CDI_DOMINATORS, first_bb, ENTRY_BLOCK_PTR);
-+ gsi = gsi_start_bb(first_bb);
-+
++ bb = gimple_phi_arg_edge(oldstmt, i)->src;
++ gsi = gsi_after_labels(bb);
+ gsi_insert_before(&gsi, newstmt, GSI_NEW_STMT);
+ return newstmt;
+}
+ newstmt = gimple_build_assign(new_var, new_rhs);
+ break;
+ case GIMPLE_ASSIGN:
-+ newstmt = gimple_copy(def_newstmt);
++ newstmt = gimple_build_assign(new_var, gimple_get_lhs(def_newstmt));
+ break;
+ default:
-+ /* unknown gimple_code (build_new_phi_arg) */
++ /* unknown gimple_code (handle_build_new_phi_arg) */
+ gcc_unreachable();
+ }
+
+ gimple_set_lhs(newstmt, make_ssa_name(new_var, newstmt));
+ gsi_insert(&gsi, newstmt, GSI_NEW_STMT);
++ update_stmt(newstmt);
+ return newstmt;
+}
+
-+static tree build_new_phi_arg(struct pointer_set_t *visited, gimple oldstmt, tree arg, tree new_var)
++static tree build_new_phi_arg(struct pointer_set_t *visited, bool *potentionally_overflowed, tree arg, tree new_var)
+{
+ gimple newstmt;
+ tree new_rhs;
+
-+ if (is_gimple_constant(arg))
-+ return signed_cast_constant(arg);
++ new_rhs = expand(visited, potentionally_overflowed, arg);
+
-+ pointer_set_insert(visited, oldstmt);
-+ new_rhs = expand(visited, arg);
-+ if (new_rhs == NULL_TREE) {
-+ gcc_assert(TREE_CODE(TREE_TYPE(arg)) != VOID_TYPE);
-+ newstmt = cast_old_phi_arg(oldstmt, arg, new_var);
-+ } else
-+ newstmt = handle_new_phi_arg(arg, new_var, new_rhs);
-+ update_stmt(newstmt);
++ if (new_rhs == NULL_TREE)
++ return NULL_TREE;
++
++ newstmt = handle_new_phi_arg(arg, new_var, new_rhs);
+ return gimple_get_lhs(newstmt);
+}
+
-+static tree build_new_phi(struct pointer_set_t *visited, gimple oldstmt)
++static tree build_new_phi(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt)
+{
+ gimple phi;
+ tree new_var = create_new_var(signed_size_overflow_type);
+ unsigned int i, n = gimple_phi_num_args(oldstmt);
+
++ pointer_set_insert(visited, oldstmt);
+ phi = overflow_create_phi_node(oldstmt, new_var);
-+
+ for (i = 0; i < n; i++) {
+ tree arg, lhs;
+
+ arg = gimple_phi_arg_def(oldstmt, i);
-+ lhs = build_new_phi_arg(visited, oldstmt, arg, new_var);
++ if (is_gimple_constant(arg))
++ arg = signed_cast_constant(arg);
++ lhs = build_new_phi_arg(visited, potentionally_overflowed, arg, new_var);
++ if (lhs == NULL_TREE)
++ lhs = gimple_get_lhs(cast_old_phi_arg(oldstmt, arg, new_var, i));
+ add_phi_arg(phi, lhs, gimple_phi_arg_edge(oldstmt, i), gimple_location(oldstmt));
+ }
++
+ update_stmt(phi);
+ return gimple_phi_result(phi);
+}
+
-+static tree handle_unary_ops(struct pointer_set_t *visited, tree var)
++static tree handle_unary_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var)
+{
+ gimple def_stmt = get_def_stmt(var);
+ tree new_rhs1, rhs1 = gimple_assign_rhs1(def_stmt);
+
++ *potentionally_overflowed = true;
++ new_rhs1 = expand(visited, potentionally_overflowed, rhs1);
++ if (new_rhs1 == NULL_TREE) {
++ if (TREE_CODE(TREE_TYPE(rhs1)) == POINTER_TYPE)
++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT);
++ else
++ return create_assign(visited, potentionally_overflowed, def_stmt, rhs1, AFTER_STMT);
++ }
++ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, NULL_TREE, NULL_TREE);
++}
++
++static tree handle_unary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var)
++{
++ gimple def_stmt = get_def_stmt(var);
++ tree rhs1 = gimple_assign_rhs1(def_stmt);
++
+ if (is_gimple_constant(rhs1))
-+ return dup_assign(visited, def_stmt, signed_cast_constant(rhs1), NULL_TREE, NULL_TREE);
++ return dup_assign(visited, potentionally_overflowed, def_stmt, signed_cast_constant(rhs1), NULL_TREE, NULL_TREE);
+
+ switch (TREE_CODE(rhs1)) {
+ case SSA_NAME:
-+ new_rhs1 = expand(visited, rhs1);
-+ break;
++ return handle_unary_rhs(visited, potentionally_overflowed, var);
++
+ case ARRAY_REF:
++ case BIT_FIELD_REF:
+ case ADDR_EXPR:
+ case COMPONENT_REF:
+ case COND_EXPR:
+ case PARM_DECL:
+ case TARGET_MEM_REF:
+ case VAR_DECL:
-+ return create_assign(visited, def_stmt, var, AFTER_STMT);
++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT);
++
+ default:
+ debug_gimple_stmt(def_stmt);
+ debug_tree(rhs1);
+ gcc_unreachable();
+ }
++}
+
-+ if (new_rhs1 == NULL_TREE)
-+ return create_assign(visited, def_stmt, rhs1, AFTER_STMT);
-+ return dup_assign(visited, def_stmt, new_rhs1, NULL_TREE, NULL_TREE);
++static void insert_cond(basic_block cond_bb, tree arg, enum tree_code cond_code, tree type_value)
++{
++ gimple cond_stmt;
++ gimple_stmt_iterator gsi = gsi_last_bb(cond_bb);
++
++ cond_stmt = gimple_build_cond(cond_code, arg, type_value, NULL_TREE, NULL_TREE);
++ gsi_insert_after(&gsi, cond_stmt, GSI_CONTINUE_LINKING);
++ update_stmt(cond_stmt);
+}
+
-+static tree transform_mult_overflow(tree rhs, tree const_rhs, tree log2const_rhs, location_t loc)
++static tree create_string_param(tree string)
+{
-+ tree new_def_rhs;
++ tree i_type, a_type;
++ int length = TREE_STRING_LENGTH(string);
+
-+ if (!is_gimple_constant(rhs))
-+ return NULL_TREE;
++ gcc_assert(length > 0);
+
-+ new_def_rhs = fold_build2_loc(loc, MULT_EXPR, TREE_TYPE(const_rhs), rhs, const_rhs);
-+ new_def_rhs = signed_cast_constant(new_def_rhs);
-+ if (int_cst_value(new_def_rhs) >= 0)
-+ return NULL_TREE;
-+ return fold_build2_loc(loc, RSHIFT_EXPR, TREE_TYPE(new_def_rhs), new_def_rhs, log2const_rhs);
++ i_type = build_index_type(build_int_cst(NULL_TREE, length - 1));
++ a_type = build_array_type(char_type_node, i_type);
++
++ TREE_TYPE(string) = a_type;
++ TREE_CONSTANT(string) = 1;
++ TREE_READONLY(string) = 1;
++
++ return build1(ADDR_EXPR, ptr_type_node, string);
+}
+
-+static tree handle_intentional_mult_overflow(struct pointer_set_t *visited, tree rhs, tree const_rhs)
++static void insert_cond_result(basic_block bb_true, gimple stmt, tree arg)
+{
-+ gimple new_def_stmt, def_stmt;
-+ tree def_rhs1, def_rhs2, new_def_rhs;
-+ location_t loc;
-+ tree log2const_rhs;
-+ int log2 = exact_log2(TREE_INT_CST_LOW(const_rhs));
++ gimple func_stmt, def_stmt;
++ tree current_func, loc_file, loc_line;
++ expanded_location xloc;
++ gimple_stmt_iterator gsi = gsi_start_bb(bb_true);
+
-+ if (log2 == -1) {
-+// warning(0, "Possibly unhandled intentional integer truncation");
-+ return NULL_TREE;
++ def_stmt = get_def_stmt(arg);
++ xloc = expand_location(gimple_location(def_stmt));
++
++ if (!gimple_has_location(def_stmt)) {
++ xloc = expand_location(gimple_location(stmt));
++ if (!gimple_has_location(stmt))
++ xloc = expand_location(DECL_SOURCE_LOCATION(current_function_decl));
+ }
+
-+ def_stmt = get_def_stmt(rhs);
-+ loc = gimple_location(def_stmt);
-+ def_rhs1 = gimple_assign_rhs1(def_stmt);
-+ def_rhs2 = gimple_assign_rhs2(def_stmt);
-+ new_def_stmt = get_def_stmt(expand(visited, rhs));
-+ log2const_rhs = build_int_cstu(TREE_TYPE(const_rhs), log2);
++ loc_line = build_int_cstu(unsigned_type_node, xloc.line);
+
-+ new_def_rhs = transform_mult_overflow(def_rhs1, const_rhs, log2const_rhs, loc);
-+ if (new_def_rhs != NULL_TREE) {
-+ gimple_assign_set_rhs1(new_def_stmt, new_def_rhs);
-+ } else {
-+ new_def_rhs = transform_mult_overflow(def_rhs2, const_rhs, log2const_rhs, loc);
-+ if (new_def_rhs != NULL_TREE)
-+ gimple_assign_set_rhs2(new_def_stmt, new_def_rhs);
++ loc_file = build_string(strlen(xloc.file) + 1, xloc.file);
++ loc_file = create_string_param(loc_file);
++
++ current_func = build_string(NAME_LEN(current_function_decl) + 1, NAME(current_function_decl));
++ current_func = create_string_param(current_func);
++
++ // void report_size_overflow(const char *file, unsigned int line, const char *func)
++ func_stmt = gimple_build_call(report_size_overflow_decl, 3, loc_file, loc_line, current_func);
++
++ gsi_insert_after(&gsi, func_stmt, GSI_CONTINUE_LINKING);
++}
++
++static void insert_check_size_overflow(gimple stmt, enum tree_code cond_code, tree arg, tree type_value)
++{
++ basic_block cond_bb, join_bb, bb_true;
++ edge e;
++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt);
++// location_t loc = gimple_location(stmt);
++
++ cond_bb = gimple_bb(stmt);
++ gsi_prev(&gsi);
++ if (gsi_end_p(gsi))
++ e = split_block_after_labels(cond_bb);
++ else
++ e = split_block(cond_bb, gsi_stmt(gsi));
++ cond_bb = e->src;
++ join_bb = e->dest;
++ e->flags = EDGE_FALSE_VALUE;
++ e->probability = REG_BR_PROB_BASE;
++
++ bb_true = create_empty_bb(cond_bb);
++ make_edge(cond_bb, bb_true, EDGE_TRUE_VALUE);
++ make_edge(cond_bb, join_bb, EDGE_FALSE_VALUE);
++ make_edge(bb_true, join_bb, EDGE_FALLTHRU);
++
++ if (dom_info_available_p(CDI_DOMINATORS)) {
++ set_immediate_dominator(CDI_DOMINATORS, bb_true, cond_bb);
++ set_immediate_dominator(CDI_DOMINATORS, join_bb, cond_bb);
+ }
-+ if (new_def_rhs == NULL_TREE)
-+ return NULL_TREE;
+
-+ update_stmt(new_def_stmt);
-+// warning(0, "Handle integer truncation (gcc optimization)");
-+ return gimple_get_lhs(new_def_stmt);
++ if (current_loops != NULL) {
++ gcc_assert(cond_bb->loop_father == join_bb->loop_father);
++ add_bb_to_loop(bb_true, cond_bb->loop_father);
++ }
++
++ insert_cond(cond_bb, arg, cond_code, type_value);
++ insert_cond_result(bb_true, stmt, arg);
++
++// inform(loc, "Integer size_overflow check applied here.");
+}
+
-+static bool is_mult_overflow(gimple def_stmt, tree rhs1)
++static tree get_type_for_check(tree rhs)
+{
-+ gimple rhs1_def_stmt = get_def_stmt(rhs1);
++ tree def_rhs;
++ gimple def_stmt = get_def_stmt(rhs);
+
-+ if (gimple_assign_rhs_code(def_stmt) != MULT_EXPR)
-+ return false;
-+ if (gimple_code(rhs1_def_stmt) != GIMPLE_ASSIGN)
-+ return false;
-+ if (gimple_assign_rhs_code(rhs1_def_stmt) != PLUS_EXPR)
-+ return false;
-+ return true;
++ if (!gimple_assign_cast_p(def_stmt))
++ return TREE_TYPE(rhs);
++ def_rhs = gimple_assign_rhs1(def_stmt);
++ if (TREE_CODE(TREE_TYPE(def_rhs)) == INTEGER_TYPE)
++ return TREE_TYPE(def_rhs);
++ return TREE_TYPE(rhs);
+}
+
-+static tree handle_intentional_overflow(struct pointer_set_t *visited, gimple def_stmt, tree rhs1, tree rhs2)
++static gimple cast_to_unsigned_size_overflow_type(gimple stmt, tree cast_rhs)
+{
-+ if (is_mult_overflow(def_stmt, rhs1))
-+ return handle_intentional_mult_overflow(visited, rhs1, rhs2);
-+ return NULL_TREE;
++ gimple ucast_stmt;
++ gimple_stmt_iterator gsi;
++ location_t loc = gimple_location(stmt);
++
++ ucast_stmt = build_cast_stmt(unsigned_size_overflow_type, cast_rhs, CREATE_NEW_VAR, loc);
++ gsi = gsi_for_stmt(stmt);
++ gsi_insert_before(&gsi, ucast_stmt, GSI_SAME_STMT);
++ return ucast_stmt;
+}
+
-+static tree handle_binary_ops(struct pointer_set_t *visited, tree var)
++static void check_size_overflow(gimple stmt, tree cast_rhs, tree rhs, bool *potentionally_overflowed)
++{
++ tree type_max, type_min, rhs_type;
++ gimple ucast_stmt;
++
++ if (!*potentionally_overflowed)
++ return;
++
++ rhs_type = get_type_for_check(rhs);
++
++ if (TYPE_UNSIGNED(rhs_type)) {
++ ucast_stmt = cast_to_unsigned_size_overflow_type(stmt, cast_rhs);
++ type_max = cast_a_tree(unsigned_size_overflow_type, TYPE_MAX_VALUE(rhs_type));
++ insert_check_size_overflow(stmt, GT_EXPR, gimple_get_lhs(ucast_stmt), type_max);
++ } else {
++ type_max = cast_a_tree(signed_size_overflow_type, TYPE_MAX_VALUE(rhs_type));
++ insert_check_size_overflow(stmt, GT_EXPR, cast_rhs, type_max);
++
++ type_min = cast_a_tree(signed_size_overflow_type, TYPE_MIN_VALUE(rhs_type));
++ insert_check_size_overflow(stmt, LT_EXPR, cast_rhs, type_min);
++ }
++}
++
++static tree change_assign_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple stmt, tree orig_rhs)
++{
++ gimple assign;
++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt);
++ tree new_rhs, origtype = TREE_TYPE(orig_rhs);
++
++ gcc_assert(gimple_code(stmt) == GIMPLE_ASSIGN);
++
++ new_rhs = expand(visited, potentionally_overflowed, orig_rhs);
++ if (new_rhs == NULL_TREE)
++ return NULL_TREE;
++
++ assign = build_cast_stmt(origtype, new_rhs, CREATE_NEW_VAR, gimple_location(stmt));
++ gsi_insert_before(&gsi, assign, GSI_SAME_STMT);
++ update_stmt(assign);
++ return gimple_get_lhs(assign);
++}
++
++static tree handle_const_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple def_stmt, tree var, tree rhs, tree new_rhs1, tree new_rhs2, void (*gimple_assign_set_rhs)(gimple, tree))
++{
++ tree new_rhs, cast_rhs;
++
++ if (gimple_assign_rhs_code(def_stmt) == MIN_EXPR)
++ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, NULL_TREE);
++
++ new_rhs = change_assign_rhs(visited, potentionally_overflowed, def_stmt, rhs);
++ if (new_rhs != NULL_TREE) {
++ gimple_assign_set_rhs(def_stmt, new_rhs);
++ update_stmt(def_stmt);
++
++ cast_rhs = gimple_assign_rhs1(get_def_stmt(new_rhs));
++
++ check_size_overflow(def_stmt, cast_rhs, rhs, potentionally_overflowed);
++ }
++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT);
++}
++
++static tree handle_binary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var)
+{
+ tree rhs1, rhs2;
+ gimple def_stmt = get_def_stmt(var);
+ case ROUND_MOD_EXPR:
+ case EXACT_DIV_EXPR:
+ case POINTER_PLUS_EXPR:
-+ /* logical AND cannot cause an overflow */
-+ case BIT_AND_EXPR:
-+ return create_assign(visited, def_stmt, var, AFTER_STMT);
++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT);
+ default:
+ break;
+ }
+
-+ if (is_gimple_constant(rhs2)) {
-+ new_rhs2 = signed_cast_constant(rhs2);
-+ new_rhs1 = handle_intentional_overflow(visited, def_stmt, rhs1, rhs2);
-+ }
++ *potentionally_overflowed = true;
+
-+ if (is_gimple_constant(rhs1)) {
-+ new_rhs1 = signed_cast_constant(rhs1);
-+ new_rhs2 = handle_intentional_overflow(visited, def_stmt, rhs2, rhs1);
-+ }
++ if (TREE_CODE(rhs1) == SSA_NAME)
++ new_rhs1 = expand(visited, potentionally_overflowed, rhs1);
++ if (TREE_CODE(rhs2) == SSA_NAME)
++ new_rhs2 = expand(visited, potentionally_overflowed, rhs2);
+
-+ if (new_rhs1 == NULL_TREE && TREE_CODE(rhs1) == SSA_NAME)
-+ new_rhs1 = expand(visited, rhs1);
-+ if (new_rhs2 == NULL_TREE && TREE_CODE(rhs2) == SSA_NAME)
-+ new_rhs2 = expand(visited, rhs2);
++ if (is_gimple_constant(rhs2))
++ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs1, new_rhs1, signed_cast_constant(rhs2), &gimple_assign_set_rhs1);
++
++ if (is_gimple_constant(rhs1))
++ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs2, signed_cast_constant(rhs1), new_rhs2, &gimple_assign_set_rhs2);
+
-+ return dup_assign(visited, def_stmt, new_rhs1, new_rhs2, NULL_TREE);
++ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, NULL_TREE);
+}
+
+#if BUILDING_GCC_VERSION >= 4007
-+static tree get_new_rhs(struct pointer_set_t *visited, tree rhs)
++static tree get_new_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, tree rhs)
+{
+ if (is_gimple_constant(rhs))
+ return signed_cast_constant(rhs);
+ if (TREE_CODE(rhs) != SSA_NAME)
+ return NULL_TREE;
-+ return expand(visited, rhs);
++ return expand(visited, potentionally_overflowed, rhs);
+}
+
-+static tree handle_ternary_ops(struct pointer_set_t *visited, tree var)
++static tree handle_ternary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var)
+{
+ tree rhs1, rhs2, rhs3, new_rhs1, new_rhs2, new_rhs3;
+ gimple def_stmt = get_def_stmt(var);
+
++ *potentionally_overflowed = true;
++
+ rhs1 = gimple_assign_rhs1(def_stmt);
+ rhs2 = gimple_assign_rhs2(def_stmt);
+ rhs3 = gimple_assign_rhs3(def_stmt);
-+ new_rhs1 = get_new_rhs(visited, rhs1);
-+ new_rhs2 = get_new_rhs(visited, rhs2);
-+ new_rhs3 = get_new_rhs(visited, rhs3);
++ new_rhs1 = get_new_rhs(visited, potentionally_overflowed, rhs1);
++ new_rhs2 = get_new_rhs(visited, potentionally_overflowed, rhs2);
++ new_rhs3 = get_new_rhs(visited, potentionally_overflowed, rhs3);
+
+ if (new_rhs1 == NULL_TREE && new_rhs2 != NULL_TREE && new_rhs3 != NULL_TREE)
-+ return dup_assign(visited, def_stmt, new_rhs1, new_rhs2, new_rhs3);
++ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, new_rhs3);
+ error("handle_ternary_ops: unknown rhs");
+ gcc_unreachable();
+}
+ }
+}
+
-+static tree expand(struct pointer_set_t *visited, tree var)
++static tree expand(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var)
+{
+ gimple def_stmt;
++ enum tree_code code = TREE_CODE(TREE_TYPE(var));
+
+ if (is_gimple_constant(var))
+ return NULL_TREE;
+ if (TREE_CODE(var) == ADDR_EXPR)
+ return NULL_TREE;
+
-+ if (SSA_NAME_IS_DEFAULT_DEF(var))
++ gcc_assert(code == INTEGER_TYPE || code == POINTER_TYPE || code == BOOLEAN_TYPE);
++ if (code != INTEGER_TYPE)
++ return NULL_TREE;
++
++ if (SSA_NAME_IS_DEFAULT_DEF(var)) {
++ check_missing_attribute(var);
+ return NULL_TREE;
++ }
+
+ def_stmt = get_def_stmt(var);
+
+ check_missing_attribute(var);
+ return NULL_TREE;
+ case GIMPLE_PHI:
-+ return build_new_phi(visited, def_stmt);
++ return build_new_phi(visited, potentionally_overflowed, def_stmt);
+ case GIMPLE_CALL:
+ case GIMPLE_ASM:
-+ gcc_assert(TREE_CODE(TREE_TYPE(var)) != VOID_TYPE);
-+ return create_assign(visited, def_stmt, var, AFTER_STMT);
++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT);
+ case GIMPLE_ASSIGN:
+ switch (gimple_num_ops(def_stmt)) {
+ case 2:
-+ return handle_unary_ops(visited, var);
++ return handle_unary_ops(visited, potentionally_overflowed, var);
+ case 3:
-+ return handle_binary_ops(visited, var);
++ return handle_binary_ops(visited, potentionally_overflowed, var);
+#if BUILDING_GCC_VERSION >= 4007
+ case 4:
-+ return handle_ternary_ops(visited, var);
++ return handle_ternary_ops(visited, potentionally_overflowed, var);
+#endif
+ }
+ default:
+ }
+}
+
-+static void change_function_arg(gimple func_stmt, tree origarg, unsigned int argnum, tree newarg)
++static void change_function_arg(gimple stmt, tree origarg, unsigned int argnum, tree newarg)
+{
-+ gimple assign, stmt;
-+ gimple_stmt_iterator gsi = gsi_for_stmt(func_stmt);
++ gimple assign;
++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt);
+ tree origtype = TREE_TYPE(origarg);
+
-+ stmt = gsi_stmt(gsi);
+ gcc_assert(gimple_code(stmt) == GIMPLE_CALL);
+
+ assign = build_cast_stmt(origtype, newarg, CREATE_NEW_VAR, gimple_location(stmt));
+ return NULL_TREE;
+}
+
-+static void insert_cond(tree arg, basic_block cond_bb)
-+{
-+ gimple cond_stmt;
-+ gimple_stmt_iterator gsi = gsi_last_bb(cond_bb);
-+
-+ cond_stmt = gimple_build_cond(GT_EXPR, arg, build_int_cstu(signed_size_overflow_type, 0x7fffffff), NULL_TREE, NULL_TREE);
-+ gsi_insert_after(&gsi, cond_stmt, GSI_CONTINUE_LINKING);
-+ update_stmt(cond_stmt);
-+}
-+
-+static tree create_string_param(tree string)
-+{
-+ tree array_ref = build4(ARRAY_REF, TREE_TYPE(string), string, integer_zero_node, NULL, NULL);
-+
-+ return build1(ADDR_EXPR, ptr_type_node, array_ref);
-+}
-+
-+static void insert_cond_result(basic_block bb_true, gimple stmt, tree arg)
-+{
-+ gimple func_stmt, def_stmt;
-+ tree current_func, loc_file, loc_line;
-+ expanded_location xloc;
-+ gimple_stmt_iterator gsi = gsi_start_bb(bb_true);
-+
-+ def_stmt = get_def_stmt(arg);
-+ xloc = expand_location(gimple_location(def_stmt));
-+
-+ if (!gimple_has_location(def_stmt)) {
-+ xloc = expand_location(gimple_location(stmt));
-+ gcc_assert(gimple_has_location(stmt));
-+ }
-+
-+ loc_line = build_int_cstu(unsigned_type_node, xloc.line);
-+
-+ loc_file = build_string(strlen(xloc.file), xloc.file);
-+ TREE_TYPE(loc_file) = char_array_type_node;
-+ loc_file = create_string_param(loc_file);
-+
-+ current_func = build_string(IDENTIFIER_LENGTH(DECL_NAME(current_function_decl)), NAME(current_function_decl));
-+ TREE_TYPE(current_func) = char_array_type_node;
-+ current_func = create_string_param(current_func);
-+
-+ // void report_size_overflow(const char *file, unsigned int line, const char *func)
-+ func_stmt = gimple_build_call(report_size_overflow_decl, 3, loc_file, loc_line, current_func);
-+
-+ gsi_insert_after(&gsi, func_stmt, GSI_CONTINUE_LINKING);
-+}
-+
-+static void insert_check_size_overflow(gimple stmt, tree arg)
-+{
-+ basic_block cond_bb, join_bb, bb_true;
-+ edge e;
-+ gimple_stmt_iterator gsi = gsi_for_stmt(stmt);
-+
-+ cond_bb = gimple_bb(stmt);
-+ gsi_prev(&gsi);
-+ if (gsi_end_p(gsi))
-+ e = split_block_after_labels(cond_bb);
-+ else
-+ e = split_block(cond_bb, gsi_stmt(gsi));
-+ cond_bb = e->src;
-+ join_bb = e->dest;
-+ e->flags = EDGE_FALSE_VALUE;
-+ e->probability = REG_BR_PROB_BASE;
-+
-+ bb_true = create_empty_bb(cond_bb);
-+ make_edge(cond_bb, bb_true, EDGE_TRUE_VALUE);
-+
-+ if (dom_info_available_p(CDI_DOMINATORS)) {
-+ set_immediate_dominator(CDI_DOMINATORS, bb_true, cond_bb);
-+ set_immediate_dominator(CDI_DOMINATORS, join_bb, cond_bb);
-+ }
-+
-+ insert_cond(arg, cond_bb);
-+ insert_cond_result(bb_true, stmt, arg);
-+}
-+
+static void handle_function_arg(gimple stmt, tree fndecl, unsigned int argnum)
+{
+ struct pointer_set_t *visited;
-+ tree arg, newarg;
++ tree arg, newarg, type_max;
+ gimple ucast_stmt;
-+ gimple_stmt_iterator gsi;
-+ location_t loc = gimple_location(stmt);
++ bool potentionally_overflowed;
+
+ arg = get_function_arg(argnum, stmt, fndecl);
+ if (arg == NULL_TREE)
+ if (TREE_CODE(arg) != SSA_NAME)
+ return;
+
++ check_arg_type(arg);
++
+ set_size_overflow_type(arg);
++
+ visited = pointer_set_create();
-+ newarg = expand(visited, arg);
++ potentionally_overflowed = false;
++ newarg = expand(visited, &potentionally_overflowed, arg);
+ pointer_set_destroy(visited);
+
-+ if (newarg == NULL_TREE)
++ if (newarg == NULL_TREE || !potentionally_overflowed)
+ return;
+
+ change_function_arg(stmt, arg, argnum, newarg);
+
-+ ucast_stmt = build_cast_stmt(unsigned_size_overflow_type, newarg, CREATE_NEW_VAR, loc);
-+ gsi = gsi_for_stmt(stmt);
-+ gsi_insert_before(&gsi, ucast_stmt, GSI_SAME_STMT);
++ ucast_stmt = cast_to_unsigned_size_overflow_type(stmt, newarg);
+
-+ insert_check_size_overflow(stmt, gimple_get_lhs(ucast_stmt));
-+// inform(loc, "Integer size_overflow check applied here.");
++ type_max = build_int_cstu(unsigned_size_overflow_type, 0x7fffffff);
++ insert_check_size_overflow(stmt, GT_EXPR, gimple_get_lhs(ucast_stmt), type_max);
+}
+
+static void handle_function_by_attribute(gimple stmt, tree attr, tree fndecl)
+ xloc = expand_location(DECL_SOURCE_LOCATION(fndecl));
+
+ fndecl = get_original_function_decl(fndecl);
-+ if (!hash->name || !hash->file)
++ if (!hash->name)
+ return;
-+ if (strcmp(hash->name, NAME(fndecl)) || strcmp(hash->file, xloc.file))
++ if (file_match && !hash->file)
++ return;
++ if (strcmp(hash->name, NAME(fndecl)))
++ return;
++ if (file_match && strcmp(hash->file, xloc.file))
+ return;
+
+#define search_param(argnum) \
+ NULL_TREE);
+ report_size_overflow_decl = build_fn_decl("report_size_overflow", fntype);
+
++ DECL_ASSEMBLER_NAME(report_size_overflow_decl);
+ TREE_PUBLIC(report_size_overflow_decl) = 1;
+ DECL_EXTERNAL(report_size_overflow_decl) = 1;
+ DECL_ARTIFICIAL(report_size_overflow_decl) = 1;
+
+ struct register_pass_info size_overflow_pass_info = {
+ .pass = &size_overflow_pass.pass,
-+ .reference_pass_name = "mudflap2",
-+ .ref_pass_instance_number = 1,
-+ .pos_op = PASS_POS_INSERT_BEFORE
-+ };
-+
-+ struct register_pass_info dce_pass_info = {
-+ .pass = &pass_dce.pass,
-+ .reference_pass_name = "mudflap2",
++ .reference_pass_name = "ssa",
+ .ref_pass_instance_number = 1,
-+ .pos_op = PASS_POS_INSERT_BEFORE
++ .pos_op = PASS_POS_INSERT_AFTER
+ };
+
+ if (!plugin_default_version_check(version, &gcc_version)) {
+ }
+
+ for (i = 0; i < argc; ++i) {
-+ if (!(strcmp(argv[i].key, "no-size_overflow"))) {
++ if (!strcmp(argv[i].key, "no-size-overflow")) {
+ enable = false;
+ continue;
++ } else if (!(strcmp(argv[i].key, "no-file-match"))) {
++ file_match = false;
++ continue;
+ }
+ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
+ }
+ if (enable) {
+ register_callback ("start_unit", PLUGIN_START_UNIT, &start_unit_callback, NULL);
+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &size_overflow_pass_info);
-+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &dce_pass_info);
+ }
+ register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL);
+
break;
}
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index d9cfb78..4f27c10 100644
+index 7858228..2919715 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -75,7 +75,7 @@ LIST_HEAD(vm_list);
struct kmem_cache *kvm_vcpu_cache;
EXPORT_SYMBOL_GPL(kvm_vcpu_cache);
-@@ -2268,7 +2268,7 @@ static void hardware_enable_nolock(void *junk)
+@@ -2318,7 +2318,7 @@ static void hardware_enable_nolock(void *junk)
if (r) {
cpumask_clear_cpu(cpu, cpus_hardware_enabled);
printk(KERN_INFO "kvm: enabling virtualization on "
"CPU%d failed\n", cpu);
}
-@@ -2322,10 +2322,10 @@ static int hardware_enable_all(void)
+@@ -2372,10 +2372,10 @@ static int hardware_enable_all(void)
kvm_usage_count++;
if (kvm_usage_count == 1) {
hardware_disable_all_nolock();
r = -EBUSY;
}
-@@ -2676,7 +2676,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
+@@ -2738,7 +2738,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
kvm_arch_vcpu_put(vcpu);
}
struct module *module)
{
int r;
-@@ -2739,7 +2739,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -2801,7 +2801,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
if (!vcpu_align)
vcpu_align = __alignof__(struct kvm_vcpu);
kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align,
if (!kvm_vcpu_cache) {
r = -ENOMEM;
goto out_free_3;
-@@ -2749,9 +2749,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -2811,9 +2811,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
if (r)
goto out_free;
projects / people / amarx / ipfire-3.x.git / commitdiff
