kernel: Update to 3.17.4

Enable using THUMB2 for the ARMv7 default kernel

diff --git a/kernel/config-armv7hl-default b/kernel/config-armv7hl-default
index 91a94c7fc0b2ad060540a185fa76f72c03b2ddb3..f1c0b366feb745789ec8ea36272d8ae25efd3d94 100644 (file)
--- a/kernel/config-armv7hl-default
+++ b/kernel/config-armv7hl-default
@@ -337,7 +337,7 @@ CONFIG_ARM_PSCI=y
 CONFIG_ARCH_NR_GPIO=1024
 CONFIG_HZ_FIXED=200
 CONFIG_HZ=200
 CONFIG_ARCH_NR_GPIO=1024
 CONFIG_HZ_FIXED=200
 CONFIG_HZ=200

-# CONFIG_THUMB2_KERNEL is not set
+CONFIG_THUMB2_KERNEL=y

 CONFIG_ARCH_HAS_HOLES_MEMORYMODEL=y
 CONFIG_SPLIT_PTLOCK_CPUS=4
 CONFIG_MMU_NOTIFIER=y
 CONFIG_ARCH_HAS_HOLES_MEMORYMODEL=y
 CONFIG_SPLIT_PTLOCK_CPUS=4
 CONFIG_MMU_NOTIFIER=y

diff --git a/kernel/kernel.nm b/kernel/kernel.nm
index ced42fd75c549abe7f81db64c68de79f46d755af..9ad75787839ce9f4ae1679fdfdcafc95beb8e4e4 100644 (file)
--- a/kernel/kernel.nm
+++ b/kernel/kernel.nm
@@ -4,7 +4,7 @@
 ###############################################################################
 
 name       = kernel
 ###############################################################################
 
 name       = kernel

-version    = 3.17.1
+version    = 3.17.4

 release    = 1
 thisapp    = linux-%{version}
 
 release    = 1
 thisapp    = linux-%{version}
 

diff --git a/kernel/patches/grsecurity-3.0-3.17.1-201410281754.patch b/kernel/patches/grsecurity-3.0-3.17.4-201411220955.patch
similarity index 98%
rename from kernel/patches/grsecurity-3.0-3.17.1-201410281754.patch
rename to kernel/patches/grsecurity-3.0-3.17.4-201411220955.patch
index ee9b62b5a5483e07af57361a543e5dfe98c6a5c1..8d9a2849b75343b77d5febce5f94019bc5a7d2b7 100644 (file)
--- a/kernel/patches/grsecurity-3.0-3.17.1-201410281754.patch
+++ b/kernel/patches/grsecurity-3.0-3.17.4-201411220955.patch
@@ -313,7 +313,7 @@ index 764f599..c600e2f 100644
        A typical pattern in a Kbuild file looks like this:
  
 diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
        A typical pattern in a Kbuild file looks like this:
  
 diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt

-index 1edd5fd..84fd32e 100644
+index 1edd5fd..107ff46 100644

 --- a/Documentation/kernel-parameters.txt
 +++ b/Documentation/kernel-parameters.txt
 @@ -1155,6 +1155,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
 --- a/Documentation/kernel-parameters.txt
 +++ b/Documentation/kernel-parameters.txt
 @@ -1155,6 +1155,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.


@@ -338,7 +338,7 @@ index 1edd5fd..84fd32e 100644
        nosmap          [X86]
                        Disable SMAP (Supervisor Mode Access Prevention)
                        even if it is supported by processor.
        nosmap          [X86]
                        Disable SMAP (Supervisor Mode Access Prevention)
                        even if it is supported by processor.

-@@ -2467,6 +2475,25 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -2467,6 +2475,30 @@ bytes respectively. Such letter suffixes can also be entirely omitted.

                        the specified number of seconds.  This is to be used if
                        your oopses keep scrolling off the screen.
  
                        the specified number of seconds.  This is to be used if
                        your oopses keep scrolling off the screen.
  


@@ -348,8 +348,13 @@ index 1edd5fd..84fd32e 100644
 +                      page table updates on X86-64.
 +
 +      pax_sanitize_slab=
 +                      page table updates on X86-64.
 +
 +      pax_sanitize_slab=

-+                      0/1 to disable/enable slab object sanitization (enabled by
-+                      default).
++                      Format: { 0 | 1 | off | fast | full }
++                      Options '0' and '1' are only provided for backward
++                      compatibility, 'off' or 'fast' should be used instead.
++                      0|off : disable slab object sanitization
++                      1|fast: enable slab object sanitization excluding
++                              whitelisted slabs (default)
++                      full  : sanitize all slabs, even the whitelisted ones

 +
 +      pax_softmode=   0/1 to disable/enable PaX softmode on boot already.
 +
 +
 +      pax_softmode=   0/1 to disable/enable PaX softmode on boot already.
 +


@@ -365,7 +370,7 @@ index 1edd5fd..84fd32e 100644
  
        pcd.            [PARIDE]
 diff --git a/Makefile b/Makefile
  
        pcd.            [PARIDE]
 diff --git a/Makefile b/Makefile

-index 4669409..95d8745 100644
+index b60b64d..33b7ec8 100644

 --- a/Makefile
 +++ b/Makefile
 @@ -303,8 +303,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
 --- a/Makefile
 +++ b/Makefile
 @@ -303,8 +303,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \


@@ -974,10 +979,10 @@ index 32cbbd5..c102df9 100644
          kexec is a system call that implements the ability to shutdown your
          current kernel, and to start another kernel.  It is like a reboot
 diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
          kexec is a system call that implements the ability to shutdown your
          current kernel, and to start another kernel.  It is like a reboot
 diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h

-index 3040359..cf3bab0 100644
+index 3040359..a494fa3 100644

 --- a/arch/arm/include/asm/atomic.h
 +++ b/arch/arm/include/asm/atomic.h
 --- a/arch/arm/include/asm/atomic.h
 +++ b/arch/arm/include/asm/atomic.h

-@@ -18,17 +18,35 @@
+@@ -18,17 +18,41 @@

  #include <asm/barrier.h>
  #include <asm/cmpxchg.h>
  
  #include <asm/barrier.h>
  #include <asm/cmpxchg.h>
  


@@ -989,6 +994,12 @@ index 3040359..cf3bab0 100644
  
  #ifdef __KERNEL__
  
  
  #ifdef __KERNEL__
  

++#ifdef CONFIG_THUMB2_KERNEL
++#define REFCOUNT_TRAP_INSN "bkpt      0xf1"
++#else
++#define REFCOUNT_TRAP_INSN "bkpt      0xf103"
++#endif
++

 +#define _ASM_EXTABLE(from, to)                \
 +"     .pushsection __ex_table,\"a\"\n"\
 +"     .align  3\n"                    \
 +#define _ASM_EXTABLE(from, to)                \
 +"     .pushsection __ex_table,\"a\"\n"\
 +"     .align  3\n"                    \


@@ -1013,7 +1024,7 @@ index 3040359..cf3bab0 100644
  
  #if __LINUX_ARM_ARCH__ >= 6
  
  
  #if __LINUX_ARM_ARCH__ >= 6
  

-@@ -44,6 +62,36 @@ static inline void atomic_add(int i, atomic_t *v)
+@@ -44,6 +68,36 @@ static inline void atomic_add(int i, atomic_t *v)

  
        prefetchw(&v->counter);
        __asm__ __volatile__("@ atomic_add\n"
  
        prefetchw(&v->counter);
        __asm__ __volatile__("@ atomic_add\n"


@@ -1022,7 +1033,7 @@ index 3040359..cf3bab0 100644
 +
 +#ifdef CONFIG_PAX_REFCOUNT
 +"     bvc     3f\n"
 +
 +#ifdef CONFIG_PAX_REFCOUNT
 +"     bvc     3f\n"

-+"2:   bkpt    0xf103\n"
++"2:   " REFCOUNT_TRAP_INSN "\n"

 +"3:\n"
 +#endif
 +
 +"3:\n"
 +#endif
 +


@@ -1050,7 +1061,7 @@ index 3040359..cf3bab0 100644
  "1:   ldrex   %0, [%3]\n"
  "     add     %0, %0, %4\n"
  "     strex   %1, %0, [%3]\n"
  "1:   ldrex   %0, [%3]\n"
  "     add     %0, %0, %4\n"
  "     strex   %1, %0, [%3]\n"

-@@ -63,6 +111,43 @@ static inline int atomic_add_return(int i, atomic_t *v)
+@@ -63,6 +117,43 @@ static inline int atomic_add_return(int i, atomic_t *v)

        prefetchw(&v->counter);
  
        __asm__ __volatile__("@ atomic_add_return\n"
        prefetchw(&v->counter);
  
        __asm__ __volatile__("@ atomic_add_return\n"


@@ -1060,7 +1071,7 @@ index 3040359..cf3bab0 100644
 +#ifdef CONFIG_PAX_REFCOUNT
 +"     bvc     3f\n"
 +"     mov     %0, %1\n"
 +#ifdef CONFIG_PAX_REFCOUNT
 +"     bvc     3f\n"
 +"     mov     %0, %1\n"

-+"2:   bkpt    0xf103\n"
++"2:   " REFCOUNT_TRAP_INSN "\n"

 +"3:\n"
 +#endif
 +
 +"3:\n"
 +#endif
 +


@@ -1094,7 +1105,7 @@ index 3040359..cf3bab0 100644
  "1:   ldrex   %0, [%3]\n"
  "     add     %0, %0, %4\n"
  "     strex   %1, %0, [%3]\n"
  "1:   ldrex   %0, [%3]\n"
  "     add     %0, %0, %4\n"
  "     strex   %1, %0, [%3]\n"

-@@ -84,6 +169,36 @@ static inline void atomic_sub(int i, atomic_t *v)
+@@ -84,6 +175,36 @@ static inline void atomic_sub(int i, atomic_t *v)

  
        prefetchw(&v->counter);
        __asm__ __volatile__("@ atomic_sub\n"
  
        prefetchw(&v->counter);
        __asm__ __volatile__("@ atomic_sub\n"


@@ -1103,7 +1114,7 @@ index 3040359..cf3bab0 100644
 +
 +#ifdef CONFIG_PAX_REFCOUNT
 +"     bvc     3f\n"
 +
 +#ifdef CONFIG_PAX_REFCOUNT
 +"     bvc     3f\n"

-+"2:   bkpt    0xf103\n"
++"2:   " REFCOUNT_TRAP_INSN "\n"

 +"3:\n"
 +#endif
 +
 +"3:\n"
 +#endif
 +


@@ -1131,7 +1142,7 @@ index 3040359..cf3bab0 100644
  "1:   ldrex   %0, [%3]\n"
  "     sub     %0, %0, %4\n"
  "     strex   %1, %0, [%3]\n"
  "1:   ldrex   %0, [%3]\n"
  "     sub     %0, %0, %4\n"
  "     strex   %1, %0, [%3]\n"

-@@ -103,11 +218,25 @@ static inline int atomic_sub_return(int i, atomic_t *v)
+@@ -103,11 +224,25 @@ static inline int atomic_sub_return(int i, atomic_t *v)

        prefetchw(&v->counter);
  
        __asm__ __volatile__("@ atomic_sub_return\n"
        prefetchw(&v->counter);
  
        __asm__ __volatile__("@ atomic_sub_return\n"


@@ -1143,7 +1154,7 @@ index 3040359..cf3bab0 100644
 +#ifdef CONFIG_PAX_REFCOUNT
 +"     bvc     3f\n"
 +"     mov     %0, %1\n"
 +#ifdef CONFIG_PAX_REFCOUNT
 +"     bvc     3f\n"
 +"     mov     %0, %1\n"

-+"2:   bkpt    0xf103\n"
++"2:   " REFCOUNT_TRAP_INSN "\n"

 +"3:\n"
 +#endif
 +
 +"3:\n"
 +#endif
 +


@@ -1159,7 +1170,7 @@ index 3040359..cf3bab0 100644
        : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
        : "r" (&v->counter), "Ir" (i)
        : "cc");
        : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
        : "r" (&v->counter), "Ir" (i)
        : "cc");

-@@ -152,12 +281,24 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
+@@ -152,12 +287,24 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)

        __asm__ __volatile__ ("@ atomic_add_unless\n"
  "1:   ldrex   %0, [%4]\n"
  "     teq     %0, %5\n"
        __asm__ __volatile__ ("@ atomic_add_unless\n"
  "1:   ldrex   %0, [%4]\n"
  "     teq     %0, %5\n"


@@ -1170,7 +1181,7 @@ index 3040359..cf3bab0 100644
 +
 +#ifdef CONFIG_PAX_REFCOUNT
 +"     bvc     3f\n"
 +
 +#ifdef CONFIG_PAX_REFCOUNT
 +"     bvc     3f\n"

-+"2:   bkpt    0xf103\n"
++"2:   " REFCOUNT_TRAP_INSN "\n"

 +"3:\n"
 +#endif
 +
 +"3:\n"
 +#endif
 +


@@ -1187,7 +1198,7 @@ index 3040359..cf3bab0 100644
        : "=&r" (oldval), "=&r" (newval), "=&r" (tmp), "+Qo" (v->counter)
        : "r" (&v->counter), "r" (u), "r" (a)
        : "cc");
        : "=&r" (oldval), "=&r" (newval), "=&r" (tmp), "+Qo" (v->counter)
        : "r" (&v->counter), "r" (u), "r" (a)
        : "cc");

-@@ -168,6 +309,28 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
+@@ -168,6 +315,28 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)

        return oldval;
  }
  
        return oldval;
  }
  


@@ -1216,7 +1227,7 @@ index 3040359..cf3bab0 100644
  #else /* ARM_ARCH_6 */
  
  #ifdef CONFIG_SMP
  #else /* ARM_ARCH_6 */
  
  #ifdef CONFIG_SMP

-@@ -186,7 +349,17 @@ static inline int atomic_add_return(int i, atomic_t *v)
+@@ -186,7 +355,17 @@ static inline int atomic_add_return(int i, atomic_t *v)

  
        return val;
  }
  
        return val;
  }


@@ -1234,7 +1245,7 @@ index 3040359..cf3bab0 100644
  
  static inline int atomic_sub_return(int i, atomic_t *v)
  {
  
  static inline int atomic_sub_return(int i, atomic_t *v)
  {

-@@ -201,6 +374,10 @@ static inline int atomic_sub_return(int i, atomic_t *v)
+@@ -201,6 +380,10 @@ static inline int atomic_sub_return(int i, atomic_t *v)

        return val;
  }
  #define atomic_sub(i, v)      (void) atomic_sub_return(i, v)
        return val;
  }
  #define atomic_sub(i, v)      (void) atomic_sub_return(i, v)


@@ -1245,7 +1256,7 @@ index 3040359..cf3bab0 100644
  
  static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
  {
  
  static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
  {

-@@ -216,6 +393,11 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
+@@ -216,6 +399,11 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new)

        return ret;
  }
  
        return ret;
  }
  


@@ -1257,7 +1268,7 @@ index 3040359..cf3bab0 100644
  static inline int __atomic_add_unless(atomic_t *v, int a, int u)
  {
        int c, old;
  static inline int __atomic_add_unless(atomic_t *v, int a, int u)
  {
        int c, old;

-@@ -229,13 +411,33 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
+@@ -229,13 +417,33 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)

  #endif /* __LINUX_ARM_ARCH__ */
  
  #define atomic_xchg(v, new) (xchg(&((v)->counter), new))
  #endif /* __LINUX_ARM_ARCH__ */
  
  #define atomic_xchg(v, new) (xchg(&((v)->counter), new))


@@ -1291,7 +1302,7 @@ index 3040359..cf3bab0 100644
  #define atomic_dec_return(v)    (atomic_sub_return(1, v))
  #define atomic_sub_and_test(i, v) (atomic_sub_return(i, v) == 0)
  
  #define atomic_dec_return(v)    (atomic_sub_return(1, v))
  #define atomic_sub_and_test(i, v) (atomic_sub_return(i, v) == 0)
  

-@@ -246,6 +448,14 @@ typedef struct {
+@@ -246,6 +454,14 @@ typedef struct {

        long long counter;
  } atomic64_t;
  
        long long counter;
  } atomic64_t;
  


@@ -1306,7 +1317,7 @@ index 3040359..cf3bab0 100644
  #define ATOMIC64_INIT(i) { (i) }
  
  #ifdef CONFIG_ARM_LPAE
  #define ATOMIC64_INIT(i) { (i) }
  
  #ifdef CONFIG_ARM_LPAE

-@@ -262,6 +472,19 @@ static inline long long atomic64_read(const atomic64_t *v)
+@@ -262,6 +478,19 @@ static inline long long atomic64_read(const atomic64_t *v)

        return result;
  }
  
        return result;
  }
  


@@ -1326,7 +1337,7 @@ index 3040359..cf3bab0 100644
  static inline void atomic64_set(atomic64_t *v, long long i)
  {
        __asm__ __volatile__("@ atomic64_set\n"
  static inline void atomic64_set(atomic64_t *v, long long i)
  {
        __asm__ __volatile__("@ atomic64_set\n"

-@@ -270,6 +493,15 @@ static inline void atomic64_set(atomic64_t *v, long long i)
+@@ -270,6 +499,15 @@ static inline void atomic64_set(atomic64_t *v, long long i)

        : "r" (&v->counter), "r" (i)
        );
  }
        : "r" (&v->counter), "r" (i)
        );
  }


@@ -1342,7 +1353,7 @@ index 3040359..cf3bab0 100644
  #else
  static inline long long atomic64_read(const atomic64_t *v)
  {
  #else
  static inline long long atomic64_read(const atomic64_t *v)
  {

-@@ -284,6 +516,19 @@ static inline long long atomic64_read(const atomic64_t *v)
+@@ -284,6 +522,19 @@ static inline long long atomic64_read(const atomic64_t *v)

        return result;
  }
  
        return result;
  }
  


@@ -1362,7 +1373,7 @@ index 3040359..cf3bab0 100644
  static inline void atomic64_set(atomic64_t *v, long long i)
  {
        long long tmp;
  static inline void atomic64_set(atomic64_t *v, long long i)
  {
        long long tmp;

-@@ -298,6 +543,21 @@ static inline void atomic64_set(atomic64_t *v, long long i)
+@@ -298,6 +549,21 @@ static inline void atomic64_set(atomic64_t *v, long long i)

        : "r" (&v->counter), "r" (i)
        : "cc");
  }
        : "r" (&v->counter), "r" (i)
        : "cc");
  }


@@ -1384,7 +1395,7 @@ index 3040359..cf3bab0 100644
  #endif
  
  static inline void atomic64_add(long long i, atomic64_t *v)
  #endif
  
  static inline void atomic64_add(long long i, atomic64_t *v)

-@@ -309,6 +569,37 @@ static inline void atomic64_add(long long i, atomic64_t *v)
+@@ -309,6 +575,37 @@ static inline void atomic64_add(long long i, atomic64_t *v)

        __asm__ __volatile__("@ atomic64_add\n"
  "1:   ldrexd  %0, %H0, [%3]\n"
  "     adds    %Q0, %Q0, %Q4\n"
        __asm__ __volatile__("@ atomic64_add\n"
  "1:   ldrexd  %0, %H0, [%3]\n"
  "     adds    %Q0, %Q0, %Q4\n"


@@ -1392,7 +1403,7 @@ index 3040359..cf3bab0 100644
 +
 +#ifdef CONFIG_PAX_REFCOUNT
 +"     bvc     3f\n"
 +
 +#ifdef CONFIG_PAX_REFCOUNT
 +"     bvc     3f\n"

-+"2:   bkpt    0xf103\n"
++"2:   " REFCOUNT_TRAP_INSN "\n"

 +"3:\n"
 +#endif
 +
 +"3:\n"
 +#endif
 +


@@ -1422,7 +1433,7 @@ index 3040359..cf3bab0 100644
  "     adc     %R0, %R0, %R4\n"
  "     strexd  %1, %0, %H0, [%3]\n"
  "     teq     %1, #0\n"
  "     adc     %R0, %R0, %R4\n"
  "     strexd  %1, %0, %H0, [%3]\n"
  "     teq     %1, #0\n"

-@@ -329,6 +620,44 @@ static inline long long atomic64_add_return(long long i, atomic64_t *v)
+@@ -329,6 +626,44 @@ static inline long long atomic64_add_return(long long i, atomic64_t *v)

        __asm__ __volatile__("@ atomic64_add_return\n"
  "1:   ldrexd  %0, %H0, [%3]\n"
  "     adds    %Q0, %Q0, %Q4\n"
        __asm__ __volatile__("@ atomic64_add_return\n"
  "1:   ldrexd  %0, %H0, [%3]\n"
  "     adds    %Q0, %Q0, %Q4\n"


@@ -1432,7 +1443,7 @@ index 3040359..cf3bab0 100644
 +"     bvc     3f\n"
 +"     mov     %0, %1\n"
 +"     mov     %H0, %H1\n"
 +"     bvc     3f\n"
 +"     mov     %0, %1\n"
 +"     mov     %H0, %H1\n"

-+"2:   bkpt    0xf103\n"
++"2:   " REFCOUNT_TRAP_INSN "\n"

 +"3:\n"
 +#endif
 +
 +"3:\n"
 +#endif
 +


@@ -1467,7 +1478,7 @@ index 3040359..cf3bab0 100644
  "     adc     %R0, %R0, %R4\n"
  "     strexd  %1, %0, %H0, [%3]\n"
  "     teq     %1, #0\n"
  "     adc     %R0, %R0, %R4\n"
  "     strexd  %1, %0, %H0, [%3]\n"
  "     teq     %1, #0\n"

-@@ -351,6 +680,37 @@ static inline void atomic64_sub(long long i, atomic64_t *v)
+@@ -351,6 +686,37 @@ static inline void atomic64_sub(long long i, atomic64_t *v)

        __asm__ __volatile__("@ atomic64_sub\n"
  "1:   ldrexd  %0, %H0, [%3]\n"
  "     subs    %Q0, %Q0, %Q4\n"
        __asm__ __volatile__("@ atomic64_sub\n"
  "1:   ldrexd  %0, %H0, [%3]\n"
  "     subs    %Q0, %Q0, %Q4\n"


@@ -1475,7 +1486,7 @@ index 3040359..cf3bab0 100644
 +
 +#ifdef CONFIG_PAX_REFCOUNT
 +"     bvc     3f\n"
 +
 +#ifdef CONFIG_PAX_REFCOUNT
 +"     bvc     3f\n"

-+"2:   bkpt    0xf103\n"
++"2:   " REFCOUNT_TRAP_INSN "\n"

 +"3:\n"
 +#endif
 +
 +"3:\n"
 +#endif
 +


@@ -1505,7 +1516,7 @@ index 3040359..cf3bab0 100644
  "     sbc     %R0, %R0, %R4\n"
  "     strexd  %1, %0, %H0, [%3]\n"
  "     teq     %1, #0\n"
  "     sbc     %R0, %R0, %R4\n"
  "     strexd  %1, %0, %H0, [%3]\n"
  "     teq     %1, #0\n"

-@@ -371,10 +731,25 @@ static inline long long atomic64_sub_return(long long i, atomic64_t *v)
+@@ -371,10 +737,25 @@ static inline long long atomic64_sub_return(long long i, atomic64_t *v)

        __asm__ __volatile__("@ atomic64_sub_return\n"
  "1:   ldrexd  %0, %H0, [%3]\n"
  "     subs    %Q0, %Q0, %Q4\n"
        __asm__ __volatile__("@ atomic64_sub_return\n"
  "1:   ldrexd  %0, %H0, [%3]\n"
  "     subs    %Q0, %Q0, %Q4\n"


@@ -1516,7 +1527,7 @@ index 3040359..cf3bab0 100644
 +"     bvc     3f\n"
 +"     mov     %0, %1\n"
 +"     mov     %H0, %H1\n"
 +"     bvc     3f\n"
 +"     mov     %0, %1\n"
 +"     mov     %H0, %H1\n"

-+"2:   bkpt    0xf103\n"
++"2:   " REFCOUNT_TRAP_INSN "\n"

 +"3:\n"
 +#endif
 +
 +"3:\n"
 +#endif
 +


@@ -1532,7 +1543,7 @@ index 3040359..cf3bab0 100644
        : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
        : "r" (&v->counter), "r" (i)
        : "cc");
        : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
        : "r" (&v->counter), "r" (i)
        : "cc");

-@@ -410,6 +785,31 @@ static inline long long atomic64_cmpxchg(atomic64_t *ptr, long long old,
+@@ -410,6 +791,31 @@ static inline long long atomic64_cmpxchg(atomic64_t *ptr, long long old,

        return oldval;
  }
  
        return oldval;
  }
  


@@ -1564,7 +1575,7 @@ index 3040359..cf3bab0 100644
  static inline long long atomic64_xchg(atomic64_t *ptr, long long new)
  {
        long long result;
  static inline long long atomic64_xchg(atomic64_t *ptr, long long new)
  {
        long long result;

-@@ -435,21 +835,35 @@ static inline long long atomic64_xchg(atomic64_t *ptr, long long new)
+@@ -435,21 +841,35 @@ static inline long long atomic64_xchg(atomic64_t *ptr, long long new)

  static inline long long atomic64_dec_if_positive(atomic64_t *v)
  {
        long long result;
  static inline long long atomic64_dec_if_positive(atomic64_t *v)
  {
        long long result;


@@ -1586,7 +1597,7 @@ index 3040359..cf3bab0 100644
 +"     bvc     3f\n"
 +"     mov     %Q0, %Q1\n"
 +"     mov     %R0, %R1\n"
 +"     bvc     3f\n"
 +"     mov     %Q0, %Q1\n"
 +"     mov     %R0, %R1\n"

-+"2:   bkpt    0xf103\n"
++"2:   " REFCOUNT_TRAP_INSN "\n"

 +"3:\n"
 +#endif
 +
 +"3:\n"
 +#endif
 +


@@ -1606,7 +1617,7 @@ index 3040359..cf3bab0 100644
        : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
        : "r" (&v->counter)
        : "cc");
        : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
        : "r" (&v->counter)
        : "cc");

-@@ -473,13 +887,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
+@@ -473,13 +893,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)

  "     teq     %0, %5\n"
  "     teqeq   %H0, %H5\n"
  "     moveq   %1, #0\n"
  "     teq     %0, %5\n"
  "     teqeq   %H0, %H5\n"
  "     moveq   %1, #0\n"


@@ -1618,7 +1629,7 @@ index 3040359..cf3bab0 100644
 +
 +#ifdef CONFIG_PAX_REFCOUNT
 +"     bvc     3f\n"
 +
 +#ifdef CONFIG_PAX_REFCOUNT
 +"     bvc     3f\n"

-+"2:   bkpt    0xf103\n"
++"2:   " REFCOUNT_TRAP_INSN "\n"

 +"3:\n"
 +#endif
 +
 +"3:\n"
 +#endif
 +


@@ -1635,7 +1646,7 @@ index 3040359..cf3bab0 100644
        : "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter)
        : "r" (&v->counter), "r" (u), "r" (a)
        : "cc");
        : "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter)
        : "r" (&v->counter), "r" (u), "r" (a)
        : "cc");

-@@ -492,10 +918,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
+@@ -492,10 +924,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)

  
  #define atomic64_add_negative(a, v)   (atomic64_add_return((a), (v)) < 0)
  #define atomic64_inc(v)                       atomic64_add(1LL, (v))
  
  #define atomic64_add_negative(a, v)   (atomic64_add_return((a), (v)) < 0)
  #define atomic64_inc(v)                       atomic64_add(1LL, (v))


@@ -2112,7 +2123,7 @@ index 9fd61c7..f8f1cff 100644
  
  /*
 diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h
  
  /*
 diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h

-index 06e0bc0..e60c2d3 100644
+index 06e0bc0..c65bca8 100644

 --- a/arch/arm/include/asm/pgtable-3level.h
 +++ b/arch/arm/include/asm/pgtable-3level.h
 @@ -81,6 +81,7 @@
 --- a/arch/arm/include/asm/pgtable-3level.h
 +++ b/arch/arm/include/asm/pgtable-3level.h
 @@ -81,6 +81,7 @@


@@ -2123,7 +2134,12 @@ index 06e0bc0..e60c2d3 100644
  #define L_PTE_XN              (_AT(pteval_t, 1) << 54)        /* XN */
  #define L_PTE_DIRTY           (_AT(pteval_t, 1) << 55)
  #define L_PTE_SPECIAL         (_AT(pteval_t, 1) << 56)
  #define L_PTE_XN              (_AT(pteval_t, 1) << 54)        /* XN */
  #define L_PTE_DIRTY           (_AT(pteval_t, 1) << 55)
  #define L_PTE_SPECIAL         (_AT(pteval_t, 1) << 56)

-@@ -96,6 +97,7 @@
+@@ -92,10 +93,12 @@
+ #define L_PMD_SECT_SPLITTING  (_AT(pmdval_t, 1) << 56)
+ #define L_PMD_SECT_NONE               (_AT(pmdval_t, 1) << 57)
+ #define L_PMD_SECT_RDONLY     (_AT(pteval_t, 1) << 58)
++#define PMD_SECT_RDONLY               PMD_SECT_AP2
+ 

  /*
   * To be used in assembly code with the upper page attributes.
   */
  /*
   * To be used in assembly code with the upper page attributes.
   */


@@ -3590,6 +3606,19 @@ index f7a07a5..258e1f7 100644
  
        pr_info("AT91: sram at 0x%lx of 0x%x mapped at 0x%lx\n",
                base, length, desc->virtual);
  
        pr_info("AT91: sram at 0x%lx of 0x%x mapped at 0x%lx\n",
                base, length, desc->virtual);

+diff --git a/arch/arm/mach-keystone/keystone.c b/arch/arm/mach-keystone/keystone.c
+index 7f352de..6dc0929 100644
+--- a/arch/arm/mach-keystone/keystone.c
++++ b/arch/arm/mach-keystone/keystone.c
+@@ -27,7 +27,7 @@
+ 
+ #include "keystone.h"
+ 
+-static struct notifier_block platform_nb;
++static notifier_block_no_const platform_nb;
+ static unsigned long keystone_dma_pfn_offset __read_mostly;
+ 
+ static int keystone_platform_notifier(struct notifier_block *nb,

 diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c
 index 2bdc323..cf1c607 100644
 --- a/arch/arm/mach-mvebu/coherency.c
 diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c
 index 2bdc323..cf1c607 100644
 --- a/arch/arm/mach-mvebu/coherency.c


@@ -3844,7 +3873,7 @@ index 2dea8b5..6499da2 100644
  extern void ux500_cpu_die(unsigned int cpu);
  
 diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig
  extern void ux500_cpu_die(unsigned int cpu);
  
 diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig

-index ae69809..2665202 100644
+index 7eb94e6..799ad3e 100644

 --- a/arch/arm/mm/Kconfig
 +++ b/arch/arm/mm/Kconfig
 @@ -446,6 +446,7 @@ config CPU_32v5
 --- a/arch/arm/mm/Kconfig
 +++ b/arch/arm/mm/Kconfig
 @@ -446,6 +446,7 @@ config CPU_32v5


@@ -3863,15 +3892,16 @@ index ae69809..2665202 100644
        help
          This option enables or disables the use of domain switching
          via the set_fs() function.
        help
          This option enables or disables the use of domain switching
          via the set_fs() function.

-@@ -799,6 +801,7 @@ config NEED_KUSER_HELPERS
+@@ -798,7 +800,7 @@ config NEED_KUSER_HELPERS
+ 

  config KUSER_HELPERS
        bool "Enable kuser helpers in vector page" if !NEED_KUSER_HELPERS
  config KUSER_HELPERS
        bool "Enable kuser helpers in vector page" if !NEED_KUSER_HELPERS

+-      depends on MMU
++      depends on MMU && (!(CPU_V6 || CPU_V6K || CPU_V7) || GRKERNSEC_OLD_ARM_USERLAND)

        default y
        default y

-+      depends on !(CPU_V6 || CPU_V6K || CPU_V7) || GRKERNSEC_OLD_ARM_USERLAND

        help
          Warning: disabling this option may break user programs.
        help
          Warning: disabling this option may break user programs.

- 
-@@ -811,7 +814,7 @@ config KUSER_HELPERS
+@@ -812,7 +814,7 @@ config KUSER_HELPERS

          See Documentation/arm/kernel_user_helpers.txt for details.
  
          However, the fixed address nature of these helpers can be used
          See Documentation/arm/kernel_user_helpers.txt for details.
  
          However, the fixed address nature of these helpers can be used


@@ -4007,7 +4037,7 @@ index 6eb97b3..ac509f6 100644
                atomic64_set(&mm->context.id, asid);
        }
 diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
                atomic64_set(&mm->context.id, asid);
        }
 diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c

-index eb8830a..5360ce7 100644
+index eb8830a..e8ff52e 100644

 --- a/arch/arm/mm/fault.c
 +++ b/arch/arm/mm/fault.c
 @@ -25,6 +25,7 @@
 --- a/arch/arm/mm/fault.c
 +++ b/arch/arm/mm/fault.c
 @@ -25,6 +25,7 @@


@@ -4121,7 +4151,7 @@ index eb8830a..5360ce7 100644
        printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n",
                inf->name, fsr, addr);
  
        printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n",
                inf->name, fsr, addr);
  

-@@ -574,15 +647,98 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs *
+@@ -574,15 +647,104 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs *

        ifsr_info[nr].name = name;
  }
  
        ifsr_info[nr].name = name;
  }
  


@@ -4201,9 +4231,15 @@ index eb8830a..5360ce7 100644
 +
 +#ifdef CONFIG_PAX_REFCOUNT
 +      if (fsr_fs(ifsr) == FAULT_CODE_DEBUG) {
 +
 +#ifdef CONFIG_PAX_REFCOUNT
 +      if (fsr_fs(ifsr) == FAULT_CODE_DEBUG) {

++#ifdef CONFIG_THUMB2_KERNEL
++              unsigned short bkpt;
++
++              if (!probe_kernel_address(pc, bkpt) && cpu_to_le16(bkpt) == 0xbef1) {
++#else

 +              unsigned int bkpt;
 +
 +              if (!probe_kernel_address(pc, bkpt) && cpu_to_le32(bkpt) == 0xe12f1073) {
 +              unsigned int bkpt;
 +
 +              if (!probe_kernel_address(pc, bkpt) && cpu_to_le32(bkpt) == 0xe12f1073) {

++#endif

 +                      current->thread.error_code = ifsr;
 +                      current->thread.trap_no = 0;
 +                      pax_report_refcount_overflow(regs);
 +                      current->thread.error_code = ifsr;
 +                      current->thread.trap_no = 0;
 +                      pax_report_refcount_overflow(regs);


@@ -5082,7 +5118,7 @@ index f6c3a16..cd422a4 100644
  {
        int c, old;
 diff --git a/arch/frv/include/asm/cache.h b/arch/frv/include/asm/cache.h
  {
        int c, old;
 diff --git a/arch/frv/include/asm/cache.h b/arch/frv/include/asm/cache.h

-index 2797163..c2a401d 100644
+index 2797163..c2a401df9 100644

 --- a/arch/frv/include/asm/cache.h
 +++ b/arch/frv/include/asm/cache.h
 @@ -12,10 +12,11 @@
 --- a/arch/frv/include/asm/cache.h
 +++ b/arch/frv/include/asm/cache.h
 @@ -12,10 +12,11 @@


@@ -6941,7 +6977,7 @@ index 7de8658..c109224 100644
  /*
   * We stash processor id into a COP0 register to retrieve it fast
 diff --git a/arch/mips/include/asm/uaccess.h b/arch/mips/include/asm/uaccess.h
  /*
   * We stash processor id into a COP0 register to retrieve it fast
 diff --git a/arch/mips/include/asm/uaccess.h b/arch/mips/include/asm/uaccess.h

-index a109510..94ee3f6 100644
+index a109510..0a764f7 100644

 --- a/arch/mips/include/asm/uaccess.h
 +++ b/arch/mips/include/asm/uaccess.h
 @@ -130,6 +130,7 @@ extern u64 __ua_limit;
 --- a/arch/mips/include/asm/uaccess.h
 +++ b/arch/mips/include/asm/uaccess.h
 @@ -130,6 +130,7 @@ extern u64 __ua_limit;


@@ -6952,6 +6988,32 @@ index a109510..94ee3f6 100644
  #define access_ok(type, addr, size)                                   \
        likely(__access_ok((addr), (size), __access_mask))
  
  #define access_ok(type, addr, size)                                   \
        likely(__access_ok((addr), (size), __access_mask))
  

+@@ -301,7 +302,8 @@ do {                                                                       \
+                       __get_kernel_common((x), size, __gu_ptr);       \
+               else                                                    \
+                       __get_user_common((x), size, __gu_ptr);         \
+-      }                                                               \
++      } else                                                          \
++              (x) = 0;                                                \
+                                                                       \
+       __gu_err;                                                       \
+ })
+@@ -316,6 +318,7 @@ do {                                                                       \
+       "       .insn                                           \n"     \
+       "       .section .fixup,\"ax\"                          \n"     \
+       "3:     li      %0, %4                                  \n"     \
++      "       move    %1, $0                                  \n"     \
+       "       j       2b                                      \n"     \
+       "       .previous                                       \n"     \
+       "       .section __ex_table,\"a\"                       \n"     \
+@@ -630,6 +633,7 @@ do {                                                                       \
+       "       .insn                                           \n"     \
+       "       .section .fixup,\"ax\"                          \n"     \
+       "3:     li      %0, %4                                  \n"     \
++      "       move    %1, $0                                  \n"     \
+       "       j       2b                                      \n"     \
+       "       .previous                                       \n"     \
+       "       .section __ex_table,\"a\"                       \n"     \

 diff --git a/arch/mips/kernel/binfmt_elfn32.c b/arch/mips/kernel/binfmt_elfn32.c
 index 1188e00..41cf144 100644
 --- a/arch/mips/kernel/binfmt_elfn32.c
 diff --git a/arch/mips/kernel/binfmt_elfn32.c b/arch/mips/kernel/binfmt_elfn32.c
 index 1188e00..41cf144 100644
 --- a/arch/mips/kernel/binfmt_elfn32.c


@@ -8107,26 +8169,648 @@ index 4bc7b62..107e0b2 100644
          kexec is a system call that implements the ability to shutdown your
          current kernel, and to start another kernel.  It is like a reboot
 diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h
          kexec is a system call that implements the ability to shutdown your
          current kernel, and to start another kernel.  It is like a reboot
 diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h

-index 28992d0..c797b20 100644
+index 28992d0..434c881 100644

 --- a/arch/powerpc/include/asm/atomic.h
 +++ b/arch/powerpc/include/asm/atomic.h
 --- a/arch/powerpc/include/asm/atomic.h
 +++ b/arch/powerpc/include/asm/atomic.h

-@@ -519,6 +519,16 @@ static __inline__ long atomic64_inc_not_zero(atomic64_t *v)
-       return t1;
+@@ -12,6 +12,11 @@
+ 
+ #define ATOMIC_INIT(i)                { (i) }
+ 
++#define _ASM_EXTABLE(from, to)                        \
++"     .section        __ex_table,\"a\"\n"     \
++      PPC_LONG"       " #from ", " #to"\n"    \
++"     .previous\n"
++
+ static __inline__ int atomic_read(const atomic_t *v)
+ {
+       int t;
+@@ -21,16 +26,61 @@ static __inline__ int atomic_read(const atomic_t *v)
+       return t;

  }
  
  }
  

-+#define atomic64_read_unchecked(v)            atomic64_read(v)
-+#define atomic64_set_unchecked(v, i)          atomic64_set((v), (i))
-+#define atomic64_add_unchecked(a, v)          atomic64_add((a), (v))
-+#define atomic64_add_return_unchecked(a, v)   atomic64_add_return((a), (v))
-+#define atomic64_sub_unchecked(a, v)          atomic64_sub((a), (v))
-+#define atomic64_inc_unchecked(v)             atomic64_inc(v)
-+#define atomic64_inc_return_unchecked(v)      atomic64_inc_return(v)
-+#define atomic64_dec_unchecked(v)             atomic64_dec(v)
-+#define atomic64_cmpxchg_unchecked(v, o, n)   atomic64_cmpxchg((v), (o), (n))
++static __inline__ int atomic_read_unchecked(const atomic_unchecked_t *v)
++{
++      int t;
++
++      __asm__ __volatile__("lwz%U1%X1 %0,%1" : "=r"(t) : "m"(v->counter));

 +
 +

- #endif /* __powerpc64__ */
++      return t;
++}
++
+ static __inline__ void atomic_set(atomic_t *v, int i)
+ {
+       __asm__ __volatile__("stw%U0%X0 %1,%0" : "=m"(v->counter) : "r"(i));
+ }

  
  

- #endif /* __KERNEL__ */
++static __inline__ void atomic_set_unchecked(atomic_unchecked_t *v, int i)
++{
++      __asm__ __volatile__("stw%U0%X0 %1,%0" : "=m"(v->counter) : "r"(i));
++}
++
+ static __inline__ void atomic_add(int a, atomic_t *v)
+ {
+       int t;
+ 
+       __asm__ __volatile__(
++"1:   lwarx   %0,0,%3         # atomic_add\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++"     mcrxr   cr0\n"
++"     addo.   %0,%2,%0\n"
++"     bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++"     add     %0,%2,%0\n"
++#endif
++
++"3:\n"
++      PPC405_ERR77(0,%3)
++"     stwcx.  %0,0,%3 \n\
++      bne-    1b"
++
++#ifdef CONFIG_PAX_REFCOUNT
++"\n4:\n"
++      _ASM_EXTABLE(2b, 4b)
++#endif
++
++      : "=&r" (t), "+m" (v->counter)
++      : "r" (a), "r" (&v->counter)
++      : "cc");
++}
++
++static __inline__ void atomic_add_unchecked(int a, atomic_unchecked_t *v)
++{
++      int t;
++
++      __asm__ __volatile__(
+ "1:   lwarx   %0,0,%3         # atomic_add\n\
+       add     %0,%2,%0\n"
+       PPC405_ERR77(0,%3)
+@@ -41,12 +91,49 @@ static __inline__ void atomic_add(int a, atomic_t *v)
+       : "cc");
+ }
+ 
++/* Same as atomic_add but return the value */
+ static __inline__ int atomic_add_return(int a, atomic_t *v)
+ {
+       int t;
+ 
+       __asm__ __volatile__(
+       PPC_ATOMIC_ENTRY_BARRIER
++"1:   lwarx   %0,0,%2         # atomic_add_return\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++"     mcrxr   cr0\n"
++"     addo.   %0,%1,%0\n"
++"     bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++"     add     %0,%1,%0\n"
++#endif
++
++"3:\n"
++      PPC405_ERR77(0,%2)
++"     stwcx.  %0,0,%2 \n\
++      bne-    1b\n"
++"4:"
++
++#ifdef CONFIG_PAX_REFCOUNT
++      _ASM_EXTABLE(2b, 4b)
++#endif
++
++      PPC_ATOMIC_EXIT_BARRIER
++      : "=&r" (t)
++      : "r" (a), "r" (&v->counter)
++      : "cc", "memory");
++
++      return t;
++}
++
++/* Same as atomic_add_unchecked but return the value */
++static __inline__ int atomic_add_return_unchecked(int a, atomic_unchecked_t *v)
++{
++      int t;
++
++      __asm__ __volatile__(
++      PPC_ATOMIC_ENTRY_BARRIER
+ "1:   lwarx   %0,0,%2         # atomic_add_return\n\
+       add     %0,%1,%0\n"
+       PPC405_ERR77(0,%2)
+@@ -67,6 +154,37 @@ static __inline__ void atomic_sub(int a, atomic_t *v)
+       int t;
+ 
+       __asm__ __volatile__(
++"1:   lwarx   %0,0,%3         # atomic_sub\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++"     mcrxr   cr0\n"
++"     subfo.  %0,%2,%0\n"
++"     bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++"     subf    %0,%2,%0\n"
++#endif
++
++"3:\n"
++      PPC405_ERR77(0,%3)
++"     stwcx.  %0,0,%3 \n\
++      bne-    1b\n"
++"4:"
++
++#ifdef CONFIG_PAX_REFCOUNT
++      _ASM_EXTABLE(2b, 4b)
++#endif
++
++      : "=&r" (t), "+m" (v->counter)
++      : "r" (a), "r" (&v->counter)
++      : "cc");
++}
++
++static __inline__ void atomic_sub_unchecked(int a, atomic_unchecked_t *v)
++{
++      int t;
++
++      __asm__ __volatile__(
+ "1:   lwarx   %0,0,%3         # atomic_sub\n\
+       subf    %0,%2,%0\n"
+       PPC405_ERR77(0,%3)
+@@ -77,12 +195,49 @@ static __inline__ void atomic_sub(int a, atomic_t *v)
+       : "cc");
+ }
+ 
++/* Same as atomic_sub but return the value */
+ static __inline__ int atomic_sub_return(int a, atomic_t *v)
+ {
+       int t;
+ 
+       __asm__ __volatile__(
+       PPC_ATOMIC_ENTRY_BARRIER
++"1:   lwarx   %0,0,%2         # atomic_sub_return\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++"     mcrxr   cr0\n"
++"     subfo.  %0,%1,%0\n"
++"     bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++"     subf    %0,%1,%0\n"
++#endif
++
++"3:\n"
++      PPC405_ERR77(0,%2)
++"     stwcx.  %0,0,%2 \n\
++      bne-    1b\n"
++      PPC_ATOMIC_EXIT_BARRIER
++"4:"
++
++#ifdef CONFIG_PAX_REFCOUNT
++      _ASM_EXTABLE(2b, 4b)
++#endif
++
++      : "=&r" (t)
++      : "r" (a), "r" (&v->counter)
++      : "cc", "memory");
++
++      return t;
++}
++
++/* Same as atomic_sub_unchecked but return the value */
++static __inline__ int atomic_sub_return_unchecked(int a, atomic_unchecked_t *v)
++{
++      int t;
++
++      __asm__ __volatile__(
++      PPC_ATOMIC_ENTRY_BARRIER
+ "1:   lwarx   %0,0,%2         # atomic_sub_return\n\
+       subf    %0,%1,%0\n"
+       PPC405_ERR77(0,%2)
+@@ -96,38 +251,23 @@ static __inline__ int atomic_sub_return(int a, atomic_t *v)
+       return t;
+ }
+ 
+-static __inline__ void atomic_inc(atomic_t *v)
+-{
+-      int t;
++/* 
++ * atomic_inc - increment atomic variable
++ * @v: pointer of type atomic_t
++ * 
++ * Automatically increments @v by 1
++ */
++#define atomic_inc(v) atomic_add(1, (v))
++#define atomic_inc_return(v) atomic_add_return(1, (v))
+ 
+-      __asm__ __volatile__(
+-"1:   lwarx   %0,0,%2         # atomic_inc\n\
+-      addic   %0,%0,1\n"
+-      PPC405_ERR77(0,%2)
+-"     stwcx.  %0,0,%2 \n\
+-      bne-    1b"
+-      : "=&r" (t), "+m" (v->counter)
+-      : "r" (&v->counter)
+-      : "cc", "xer");
++static __inline__ void atomic_inc_unchecked(atomic_unchecked_t *v)
++{
++      atomic_add_unchecked(1, v);
+ }
+ 
+-static __inline__ int atomic_inc_return(atomic_t *v)
++static __inline__ int atomic_inc_return_unchecked(atomic_unchecked_t *v)
+ {
+-      int t;
+-
+-      __asm__ __volatile__(
+-      PPC_ATOMIC_ENTRY_BARRIER
+-"1:   lwarx   %0,0,%1         # atomic_inc_return\n\
+-      addic   %0,%0,1\n"
+-      PPC405_ERR77(0,%1)
+-"     stwcx.  %0,0,%1 \n\
+-      bne-    1b"
+-      PPC_ATOMIC_EXIT_BARRIER
+-      : "=&r" (t)
+-      : "r" (&v->counter)
+-      : "cc", "xer", "memory");
+-
+-      return t;
++      return atomic_add_return_unchecked(1, v);
+ }
+ 
+ /*
+@@ -140,43 +280,38 @@ static __inline__ int atomic_inc_return(atomic_t *v)
+  */
+ #define atomic_inc_and_test(v) (atomic_inc_return(v) == 0)
+ 
+-static __inline__ void atomic_dec(atomic_t *v)
++static __inline__ int atomic_inc_and_test_unchecked(atomic_unchecked_t *v)
+ {
+-      int t;
+-
+-      __asm__ __volatile__(
+-"1:   lwarx   %0,0,%2         # atomic_dec\n\
+-      addic   %0,%0,-1\n"
+-      PPC405_ERR77(0,%2)\
+-"     stwcx.  %0,0,%2\n\
+-      bne-    1b"
+-      : "=&r" (t), "+m" (v->counter)
+-      : "r" (&v->counter)
+-      : "cc", "xer");
++      return atomic_add_return_unchecked(1, v) == 0;
+ }
+ 
+-static __inline__ int atomic_dec_return(atomic_t *v)
++/* 
++ * atomic_dec - decrement atomic variable
++ * @v: pointer of type atomic_t
++ * 
++ * Atomically decrements @v by 1
++ */
++#define atomic_dec(v) atomic_sub(1, (v))
++#define atomic_dec_return(v) atomic_sub_return(1, (v))
++
++static __inline__ void atomic_dec_unchecked(atomic_unchecked_t *v)
+ {
+-      int t;
+-
+-      __asm__ __volatile__(
+-      PPC_ATOMIC_ENTRY_BARRIER
+-"1:   lwarx   %0,0,%1         # atomic_dec_return\n\
+-      addic   %0,%0,-1\n"
+-      PPC405_ERR77(0,%1)
+-"     stwcx.  %0,0,%1\n\
+-      bne-    1b"
+-      PPC_ATOMIC_EXIT_BARRIER
+-      : "=&r" (t)
+-      : "r" (&v->counter)
+-      : "cc", "xer", "memory");
+-
+-      return t;
++      atomic_sub_unchecked(1, v);
+ }
+ 
+ #define atomic_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n)))
+ #define atomic_xchg(v, new) (xchg(&((v)->counter), new))
+ 
++static inline int atomic_cmpxchg_unchecked(atomic_unchecked_t *v, int old, int new)
++{
++      return cmpxchg(&(v->counter), old, new);
++}
++
++static inline int atomic_xchg_unchecked(atomic_unchecked_t *v, int new) 
++{
++      return xchg(&(v->counter), new);
++}
++
+ /**
+  * __atomic_add_unless - add unless the number is a given value
+  * @v: pointer of type atomic_t
+@@ -271,6 +406,11 @@ static __inline__ int atomic_dec_if_positive(atomic_t *v)
+ }
+ #define atomic_dec_if_positive atomic_dec_if_positive
+ 
++#define smp_mb__before_atomic_dec()     smp_mb()
++#define smp_mb__after_atomic_dec()      smp_mb()
++#define smp_mb__before_atomic_inc()     smp_mb()
++#define smp_mb__after_atomic_inc()      smp_mb()
++
+ #ifdef __powerpc64__
+ 
+ #define ATOMIC64_INIT(i)      { (i) }
+@@ -284,11 +424,25 @@ static __inline__ long atomic64_read(const atomic64_t *v)
+       return t;
+ }
+ 
++static __inline__ long atomic64_read_unchecked(const atomic64_unchecked_t *v)
++{
++      long t;
++
++      __asm__ __volatile__("ld%U1%X1 %0,%1" : "=r"(t) : "m"(v->counter));
++
++      return t;
++}
++
+ static __inline__ void atomic64_set(atomic64_t *v, long i)
+ {
+       __asm__ __volatile__("std%U0%X0 %1,%0" : "=m"(v->counter) : "r"(i));
+ }
+ 
++static __inline__ void atomic64_set_unchecked(atomic64_unchecked_t *v, long i)
++{
++      __asm__ __volatile__("std%U0%X0 %1,%0" : "=m"(v->counter) : "r"(i));
++}
++
+ static __inline__ void atomic64_add(long a, atomic64_t *v)
+ {
+       long t;
+@@ -303,12 +457,76 @@ static __inline__ void atomic64_add(long a, atomic64_t *v)
+       : "cc");
+ }
+ 
++static __inline__ void atomic64_add_unchecked(long a, atomic64_unchecked_t *v)
++{
++      long t;
++
++      __asm__ __volatile__(
++"1:   ldarx   %0,0,%3         # atomic64_add\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++"     mcrxr   cr0\n"
++"     addo.   %0,%2,%0\n"
++"     bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++"     add     %0,%2,%0\n"
++#endif
++
++"3:\n"
++"     stdcx.  %0,0,%3 \n\
++      bne-    1b\n"
++"4:"
++
++#ifdef CONFIG_PAX_REFCOUNT
++      _ASM_EXTABLE(2b, 4b)
++#endif
++
++      : "=&r" (t), "+m" (v->counter)
++      : "r" (a), "r" (&v->counter)
++      : "cc");
++}
++
+ static __inline__ long atomic64_add_return(long a, atomic64_t *v)
+ {
+       long t;
+ 
+       __asm__ __volatile__(
+       PPC_ATOMIC_ENTRY_BARRIER
++"1:   ldarx   %0,0,%2         # atomic64_add_return\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++"     mcrxr   cr0\n"
++"     addo.   %0,%1,%0\n"
++"     bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++"     add     %0,%1,%0\n"
++#endif
++
++"3:\n"
++"     stdcx.  %0,0,%2 \n\
++      bne-    1b\n"
++      PPC_ATOMIC_EXIT_BARRIER
++"4:"
++
++#ifdef CONFIG_PAX_REFCOUNT
++      _ASM_EXTABLE(2b, 4b)
++#endif
++
++      : "=&r" (t)
++      : "r" (a), "r" (&v->counter)
++      : "cc", "memory");
++
++      return t;
++}
++
++static __inline__ long atomic64_add_return_unchecked(long a, atomic64_unchecked_t *v)
++{
++      long t;
++
++      __asm__ __volatile__(
++      PPC_ATOMIC_ENTRY_BARRIER
+ "1:   ldarx   %0,0,%2         # atomic64_add_return\n\
+       add     %0,%1,%0\n\
+       stdcx.  %0,0,%2 \n\
+@@ -328,6 +546,36 @@ static __inline__ void atomic64_sub(long a, atomic64_t *v)
+       long t;
+ 
+       __asm__ __volatile__(
++"1:   ldarx   %0,0,%3         # atomic64_sub\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++"     mcrxr   cr0\n"
++"     subfo.  %0,%2,%0\n"
++"     bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++"     subf    %0,%2,%0\n"
++#endif
++
++"3:\n"
++"     stdcx.  %0,0,%3 \n\
++      bne-    1b"
++"4:"
++
++#ifdef CONFIG_PAX_REFCOUNT
++      _ASM_EXTABLE(2b, 4b)
++#endif
++
++      : "=&r" (t), "+m" (v->counter)
++      : "r" (a), "r" (&v->counter)
++      : "cc");
++}
++
++static __inline__ void atomic64_sub_unchecked(long a, atomic64_unchecked_t *v)
++{
++      long t;
++
++      __asm__ __volatile__(
+ "1:   ldarx   %0,0,%3         # atomic64_sub\n\
+       subf    %0,%2,%0\n\
+       stdcx.  %0,0,%3 \n\
+@@ -343,6 +591,40 @@ static __inline__ long atomic64_sub_return(long a, atomic64_t *v)
+ 
+       __asm__ __volatile__(
+       PPC_ATOMIC_ENTRY_BARRIER
++"1:   ldarx   %0,0,%2         # atomic64_sub_return\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++"     mcrxr   cr0\n"
++"     subfo.  %0,%1,%0\n"
++"     bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++"     subf    %0,%1,%0\n"
++#endif
++
++"3:\n"
++"     stdcx.  %0,0,%2 \n\
++      bne-    1b\n"
++      PPC_ATOMIC_EXIT_BARRIER
++"4:"
++
++#ifdef CONFIG_PAX_REFCOUNT
++      _ASM_EXTABLE(2b, 4b)
++#endif
++
++      : "=&r" (t)
++      : "r" (a), "r" (&v->counter)
++      : "cc", "memory");
++
++      return t;
++}
++
++static __inline__ long atomic64_sub_return_unchecked(long a, atomic64_unchecked_t *v)
++{
++      long t;
++
++      __asm__ __volatile__(
++      PPC_ATOMIC_ENTRY_BARRIER
+ "1:   ldarx   %0,0,%2         # atomic64_sub_return\n\
+       subf    %0,%1,%0\n\
+       stdcx.  %0,0,%2 \n\
+@@ -355,36 +637,23 @@ static __inline__ long atomic64_sub_return(long a, atomic64_t *v)
+       return t;
+ }
+ 
+-static __inline__ void atomic64_inc(atomic64_t *v)
+-{
+-      long t;
++/* 
++ * atomic64_inc - increment atomic variable
++ * @v: pointer of type atomic64_t
++ * 
++ * Automatically increments @v by 1
++ */
++#define atomic64_inc(v) atomic64_add(1, (v))
++#define atomic64_inc_return(v) atomic64_add_return(1, (v))
+ 
+-      __asm__ __volatile__(
+-"1:   ldarx   %0,0,%2         # atomic64_inc\n\
+-      addic   %0,%0,1\n\
+-      stdcx.  %0,0,%2 \n\
+-      bne-    1b"
+-      : "=&r" (t), "+m" (v->counter)
+-      : "r" (&v->counter)
+-      : "cc", "xer");
++static __inline__ void atomic64_inc_unchecked(atomic64_unchecked_t *v)
++{
++      atomic64_add_unchecked(1, v);
+ }
+ 
+-static __inline__ long atomic64_inc_return(atomic64_t *v)
++static __inline__ int atomic64_inc_return_unchecked(atomic64_unchecked_t *v)
+ {
+-      long t;
+-
+-      __asm__ __volatile__(
+-      PPC_ATOMIC_ENTRY_BARRIER
+-"1:   ldarx   %0,0,%1         # atomic64_inc_return\n\
+-      addic   %0,%0,1\n\
+-      stdcx.  %0,0,%1 \n\
+-      bne-    1b"
+-      PPC_ATOMIC_EXIT_BARRIER
+-      : "=&r" (t)
+-      : "r" (&v->counter)
+-      : "cc", "xer", "memory");
+-
+-      return t;
++      return atomic64_add_return_unchecked(1, v);
+ }
+ 
+ /*
+@@ -397,36 +666,18 @@ static __inline__ long atomic64_inc_return(atomic64_t *v)
+  */
+ #define atomic64_inc_and_test(v) (atomic64_inc_return(v) == 0)
+ 
+-static __inline__ void atomic64_dec(atomic64_t *v)
++/* 
++ * atomic64_dec - decrement atomic variable
++ * @v: pointer of type atomic64_t
++ * 
++ * Atomically decrements @v by 1
++ */
++#define atomic64_dec(v) atomic64_sub(1, (v))
++#define atomic64_dec_return(v) atomic64_sub_return(1, (v))
++
++static __inline__ void atomic64_dec_unchecked(atomic64_unchecked_t *v)
+ {
+-      long t;
+-
+-      __asm__ __volatile__(
+-"1:   ldarx   %0,0,%2         # atomic64_dec\n\
+-      addic   %0,%0,-1\n\
+-      stdcx.  %0,0,%2\n\
+-      bne-    1b"
+-      : "=&r" (t), "+m" (v->counter)
+-      : "r" (&v->counter)
+-      : "cc", "xer");
+-}
+-
+-static __inline__ long atomic64_dec_return(atomic64_t *v)
+-{
+-      long t;
+-
+-      __asm__ __volatile__(
+-      PPC_ATOMIC_ENTRY_BARRIER
+-"1:   ldarx   %0,0,%1         # atomic64_dec_return\n\
+-      addic   %0,%0,-1\n\
+-      stdcx.  %0,0,%1\n\
+-      bne-    1b"
+-      PPC_ATOMIC_EXIT_BARRIER
+-      : "=&r" (t)
+-      : "r" (&v->counter)
+-      : "cc", "xer", "memory");
+-
+-      return t;
++      atomic64_sub_unchecked(1, v);
+ }
+ 
+ #define atomic64_sub_and_test(a, v)   (atomic64_sub_return((a), (v)) == 0)
+@@ -459,6 +710,16 @@ static __inline__ long atomic64_dec_if_positive(atomic64_t *v)
+ #define atomic64_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n)))
+ #define atomic64_xchg(v, new) (xchg(&((v)->counter), new))
+ 
++static inline long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, long old, long new)
++{
++      return cmpxchg(&(v->counter), old, new);
++}
++
++static inline long atomic64_xchg_unchecked(atomic64_unchecked_t *v, long new) 
++{
++      return xchg(&(v->counter), new);
++}
++
+ /**
+  * atomic64_add_unless - add unless the number is a given value
+  * @v: pointer of type atomic64_t

 diff --git a/arch/powerpc/include/asm/barrier.h b/arch/powerpc/include/asm/barrier.h
 index bab79a1..4a3eabc 100644
 --- a/arch/powerpc/include/asm/barrier.h
 diff --git a/arch/powerpc/include/asm/barrier.h b/arch/powerpc/include/asm/barrier.h
 index bab79a1..4a3eabc 100644
 --- a/arch/powerpc/include/asm/barrier.h


@@ -8224,10 +8908,10 @@ index 5acabbd..7ea14fa 100644
  #endif        /* __KERNEL__ */
  #endif        /* _ASM_POWERPC_KMAP_TYPES_H */
 diff --git a/arch/powerpc/include/asm/local.h b/arch/powerpc/include/asm/local.h
  #endif        /* __KERNEL__ */
  #endif        /* _ASM_POWERPC_KMAP_TYPES_H */
 diff --git a/arch/powerpc/include/asm/local.h b/arch/powerpc/include/asm/local.h

-index b8da913..60b608a 100644
+index b8da913..c02b593 100644

 --- a/arch/powerpc/include/asm/local.h
 +++ b/arch/powerpc/include/asm/local.h
 --- a/arch/powerpc/include/asm/local.h
 +++ b/arch/powerpc/include/asm/local.h

-@@ -9,15 +9,26 @@ typedef struct
+@@ -9,21 +9,65 @@ typedef struct

        atomic_long_t a;
  } local_t;
  
        atomic_long_t a;
  } local_t;
  


@@ -8254,23 +8938,46 @@ index b8da913..60b608a 100644
  
  static __inline__ long local_add_return(long a, local_t *l)
  {
  
  static __inline__ long local_add_return(long a, local_t *l)
  {

-@@ -35,6 +46,7 @@ static __inline__ long local_add_return(long a, local_t *l)
+       long t;

  
  

-       return t;
- }
-+#define local_add_return_unchecked(i, l) atomic_long_add_return_unchecked((i), (&(l)->a))
- 
- #define local_add_negative(a, l)      (local_add_return((a), (l)) < 0)
- 
-@@ -54,6 +66,7 @@ static __inline__ long local_sub_return(long a, local_t *l)
- 
-       return t;
- }
-+#define local_sub_return_unchecked(i, l) atomic_long_sub_return_unchecked((i), (&(l)->a))
- 
- static __inline__ long local_inc_return(local_t *l)
- {
-@@ -101,6 +114,8 @@ static __inline__ long local_dec_return(local_t *l)
+       __asm__ __volatile__(
++"1:"  PPC_LLARX(%0,0,%2,0) "                  # local_add_return\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++"     mcrxr   cr0\n"
++"     addo.   %0,%1,%0\n"
++"     bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++"     add     %0,%1,%0\n"
++#endif
++
++"3:\n"
++      PPC405_ERR77(0,%2)
++      PPC_STLCX       "%0,0,%2 \n\
++      bne-    1b"
++
++#ifdef CONFIG_PAX_REFCOUNT
++"\n4:\n"
++      _ASM_EXTABLE(2b, 4b)
++#endif
++
++      : "=&r" (t)
++      : "r" (a), "r" (&(l->a.counter))
++      : "cc", "memory");
++
++      return t;
++}
++
++static __inline__ long local_add_return_unchecked(long a, local_unchecked_t *l)
++{
++      long t;
++
++      __asm__ __volatile__(
+ "1:"  PPC_LLARX(%0,0,%2,0) "                  # local_add_return\n\
+       add     %0,%1,%0\n"
+       PPC405_ERR77(0,%2)
+@@ -101,6 +145,8 @@ static __inline__ long local_dec_return(local_t *l)

  
  #define local_cmpxchg(l, o, n) \
        (cmpxchg_local(&((l)->a.counter), (o), (n)))
  
  #define local_cmpxchg(l, o, n) \
        (cmpxchg_local(&((l)->a.counter), (o), (n)))


@@ -8424,6 +9131,73 @@ index 5a6614a..d89995d1 100644
  
  extern void smp_send_debugger_break(void);
  extern void start_secondary_resume(void);
  
  extern void smp_send_debugger_break(void);
  extern void start_secondary_resume(void);

+diff --git a/arch/powerpc/include/asm/spinlock.h b/arch/powerpc/include/asm/spinlock.h
+index 4dbe072..b803275 100644
+--- a/arch/powerpc/include/asm/spinlock.h
++++ b/arch/powerpc/include/asm/spinlock.h
+@@ -204,13 +204,29 @@ static inline long __arch_read_trylock(arch_rwlock_t *rw)
+       __asm__ __volatile__(
+ "1:   " PPC_LWARX(%0,0,%1,1) "\n"
+       __DO_SIGN_EXTEND
+-"     addic.          %0,%0,1\n\
+-      ble-            2f\n"
++
++#ifdef        CONFIG_PAX_REFCOUNT
++"     mcrxr   cr0\n"
++"     addico.         %0,%0,1\n"
++"     bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++"     addic.          %0,%0,1\n"
++#endif
++
++"3:\n"
++      "ble-           4f\n"
+       PPC405_ERR77(0,%1)
+ "     stwcx.          %0,0,%1\n\
+       bne-            1b\n"
+       PPC_ACQUIRE_BARRIER
+-"2:"  : "=&r" (tmp)
++"4:"  
++
++#ifdef CONFIG_PAX_REFCOUNT
++      _ASM_EXTABLE(2b,4b)
++#endif
++
++      : "=&r" (tmp)
+       : "r" (&rw->lock)
+       : "cr0", "xer", "memory");
+ 
+@@ -286,11 +302,27 @@ static inline void arch_read_unlock(arch_rwlock_t *rw)
+       __asm__ __volatile__(
+       "# read_unlock\n\t"
+       PPC_RELEASE_BARRIER
+-"1:   lwarx           %0,0,%1\n\
+-      addic           %0,%0,-1\n"
++"1:   lwarx           %0,0,%1\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++"     mcrxr   cr0\n"
++"     addico.         %0,%0,-1\n"
++"     bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++"     addic.          %0,%0,-1\n"
++#endif
++
++"3:\n"
+       PPC405_ERR77(0,%1)
+ "     stwcx.          %0,0,%1\n\
+       bne-            1b"
++
++#ifdef CONFIG_PAX_REFCOUNT
++"\n4:\n"
++      _ASM_EXTABLE(2b, 4b)
++#endif
++
+       : "=&r"(tmp)
+       : "r"(&rw->lock)
+       : "cr0", "xer", "memory");

 diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h
 index b034ecd..af7e31f 100644
 --- a/arch/powerpc/include/asm/thread_info.h
 diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h
 index b034ecd..af7e31f 100644
 --- a/arch/powerpc/include/asm/thread_info.h


@@ -8905,10 +9679,18 @@ index 2cb0c94..c0c0bc9 100644
        } else {
                err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]);
 diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
        } else {
                err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]);
 diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c

-index 0dc43f9..7893068 100644
+index 0dc43f9..a885d33 100644

 --- a/arch/powerpc/kernel/traps.c
 +++ b/arch/powerpc/kernel/traps.c
 --- a/arch/powerpc/kernel/traps.c
 +++ b/arch/powerpc/kernel/traps.c

-@@ -142,6 +142,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs)
+@@ -36,6 +36,7 @@
+ #include <linux/debugfs.h>
+ #include <linux/ratelimit.h>
+ #include <linux/context_tracking.h>
++#include <linux/uaccess.h>
+ 
+ #include <asm/emulated_ops.h>
+ #include <asm/pgtable.h>
+@@ -142,6 +143,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs)

        return flags;
  }
  
        return flags;
  }
  


@@ -8917,7 +9699,7 @@ index 0dc43f9..7893068 100644
  static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
                               int signr)
  {
  static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
                               int signr)
  {

-@@ -191,6 +193,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
+@@ -191,6 +194,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,

                panic("Fatal exception in interrupt");
        if (panic_on_oops)
                panic("Fatal exception");
                panic("Fatal exception in interrupt");
        if (panic_on_oops)
                panic("Fatal exception");


@@ -8927,6 +9709,33 @@ index 0dc43f9..7893068 100644
        do_exit(signr);
  }
  
        do_exit(signr);
  }
  

+@@ -1137,6 +1143,26 @@ void __kprobes program_check_exception(struct pt_regs *regs)
+       enum ctx_state prev_state = exception_enter();
+       unsigned int reason = get_reason(regs);
+ 
++#ifdef CONFIG_PAX_REFCOUNT
++      unsigned int bkpt;
++      const struct exception_table_entry *entry;
++
++      if (reason & REASON_ILLEGAL) {
++              /* Check if PaX bad instruction */
++              if (!probe_kernel_address(regs->nip, bkpt) && bkpt == 0xc00b00) {
++                      current->thread.trap_nr = 0;
++                      pax_report_refcount_overflow(regs);
++                      /* fixup_exception() for PowerPC does not exist, simulate its job */
++                      if ((entry = search_exception_tables(regs->nip)) != NULL) {
++                              regs->nip = entry->fixup;
++                              return;
++                      }
++                      /* fixup_exception() could not handle */
++                      goto bail;
++              }
++      }
++#endif
++
+       /* We can now get here via a FP Unavailable exception if the core
+        * has no FPU, in that case the reason flags will be 0 */
+ 

 diff --git a/arch/powerpc/kernel/vdso.c b/arch/powerpc/kernel/vdso.c
 index f174351..5722009 100644
 --- a/arch/powerpc/kernel/vdso.c
 diff --git a/arch/powerpc/kernel/vdso.c b/arch/powerpc/kernel/vdso.c
 index f174351..5722009 100644
 --- a/arch/powerpc/kernel/vdso.c


@@ -9950,20 +10759,6 @@ index 370ca1e..d4f4a98 100644
  extern unsigned long sparc64_elf_hwcap;
  #define ELF_HWCAP     sparc64_elf_hwcap
  
  extern unsigned long sparc64_elf_hwcap;
  #define ELF_HWCAP     sparc64_elf_hwcap
  

-diff --git a/arch/sparc/include/asm/oplib_64.h b/arch/sparc/include/asm/oplib_64.h
-index f346824..2e3a4ad 100644
---- a/arch/sparc/include/asm/oplib_64.h
-+++ b/arch/sparc/include/asm/oplib_64.h
-@@ -62,7 +62,8 @@ struct linux_mem_p1275 {
- /* You must call prom_init() before using any of the library services,
-  * preferably as early as possible.  Pass it the romvec pointer.
-  */
--void prom_init(void *cif_handler, void *cif_stack);
-+void prom_init(void *cif_handler);
-+void prom_init_report(void);
- 
- /* Boot argument acquisition, returns the boot command line string. */
- char *prom_getbootargs(void);

 diff --git a/arch/sparc/include/asm/pgalloc_32.h b/arch/sparc/include/asm/pgalloc_32.h
 index a3890da..f6a408e 100644
 --- a/arch/sparc/include/asm/pgalloc_32.h
 diff --git a/arch/sparc/include/asm/pgalloc_32.h b/arch/sparc/include/asm/pgalloc_32.h
 index a3890da..f6a408e 100644
 --- a/arch/sparc/include/asm/pgalloc_32.h


@@ -9977,16 +10772,16 @@ index a3890da..f6a408e 100644
  static inline pmd_t *pmd_alloc_one(struct mm_struct *mm,
                                   unsigned long address)
 diff --git a/arch/sparc/include/asm/pgalloc_64.h b/arch/sparc/include/asm/pgalloc_64.h
  static inline pmd_t *pmd_alloc_one(struct mm_struct *mm,
                                   unsigned long address)
 diff --git a/arch/sparc/include/asm/pgalloc_64.h b/arch/sparc/include/asm/pgalloc_64.h

-index 39a7ac4..2c9b586 100644
+index 5e31871..b71c9d7 100644

 --- a/arch/sparc/include/asm/pgalloc_64.h
 +++ b/arch/sparc/include/asm/pgalloc_64.h
 --- a/arch/sparc/include/asm/pgalloc_64.h
 +++ b/arch/sparc/include/asm/pgalloc_64.h

-@@ -26,6 +26,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd)
+@@ -38,6 +38,7 @@ static inline void __pud_populate(pud_t *pud, pmd_t *pmd)

  }
  
  }
  

- #define pud_populate(MM, PUD, PMD)    pud_set(PUD, PMD)
+ #define pud_populate(MM, PUD, PMD)    __pud_populate(PUD, PMD)

 +#define pud_populate_kernel(MM, PUD, PMD)     pud_populate((MM), (PUD), (PMD))
  
 +#define pud_populate_kernel(MM, PUD, PMD)     pud_populate((MM), (PUD), (PMD))
  

- static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr)
+ static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr)

  {
 diff --git a/arch/sparc/include/asm/pgtable.h b/arch/sparc/include/asm/pgtable.h
 index 59ba6f6..4518128 100644
  {
 diff --git a/arch/sparc/include/asm/pgtable.h b/arch/sparc/include/asm/pgtable.h
 index 59ba6f6..4518128 100644


@@ -10057,17 +10852,10 @@ index 79da178..c2eede8 100644
                                    SRMMU_DIRTY | SRMMU_REF)
  
 diff --git a/arch/sparc/include/asm/setup.h b/arch/sparc/include/asm/setup.h
                                    SRMMU_DIRTY | SRMMU_REF)
  
 diff --git a/arch/sparc/include/asm/setup.h b/arch/sparc/include/asm/setup.h

-index f5fffd8..4272fe8 100644
+index 29d64b1..4272fe8 100644

 --- a/arch/sparc/include/asm/setup.h
 +++ b/arch/sparc/include/asm/setup.h
 --- a/arch/sparc/include/asm/setup.h
 +++ b/arch/sparc/include/asm/setup.h

-@@ -48,13 +48,15 @@ unsigned long safe_compute_effective_address(struct pt_regs *, unsigned int);
- #endif
- 
- #ifdef CONFIG_SPARC64
-+void __init start_early_boot(void);
-+
- /* unaligned_64.c */
- int handle_ldf_stq(u32 insn, struct pt_regs *regs);
+@@ -55,8 +55,8 @@ int handle_ldf_stq(u32 insn, struct pt_regs *regs);

  void handle_ld_nf(u32 insn, struct pt_regs *regs);
  
  /* init_64.c */
  void handle_ld_nf(u32 insn, struct pt_regs *regs);
  
  /* init_64.c */


@@ -10193,22 +10981,19 @@ index 96efa7a..16858bf 100644
  
  /*
 diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h
  
  /*
 diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h

-index a5f01ac..a8811dd 100644
+index cc6275c..7eb8e21 100644

 --- a/arch/sparc/include/asm/thread_info_64.h
 +++ b/arch/sparc/include/asm/thread_info_64.h
 --- a/arch/sparc/include/asm/thread_info_64.h
 +++ b/arch/sparc/include/asm/thread_info_64.h

-@@ -63,7 +63,10 @@ struct thread_info {
+@@ -63,6 +63,8 @@ struct thread_info {

        struct pt_regs          *kern_una_regs;
        unsigned int            kern_una_insn;
  
        struct pt_regs          *kern_una_regs;
        unsigned int            kern_una_insn;
  

--      unsigned long           fpregs[0] __attribute__ ((aligned(64)));

 +      unsigned long           lowest_stack;
 +
 +      unsigned long           lowest_stack;
 +

-+      unsigned long           fpregs[(7 * 256) / sizeof(unsigned long)]
-+              __attribute__ ((aligned(64)));
+       unsigned long           fpregs[(7 * 256) / sizeof(unsigned long)]
+               __attribute__ ((aligned(64)));

  };
  };

- 
- #endif /* !(__ASSEMBLY__) */
-@@ -188,12 +191,13 @@ register struct thread_info *current_thread_info_reg asm("g6");
+@@ -190,12 +192,13 @@ register struct thread_info *current_thread_info_reg asm("g6");

  #define TIF_NEED_RESCHED      3       /* rescheduling necessary */
  /* flag bit 4 is available */
  #define TIF_UNALIGNED         5       /* allowed to do unaligned accesses */
  #define TIF_NEED_RESCHED      3       /* rescheduling necessary */
  /* flag bit 4 is available */
  #define TIF_UNALIGNED         5       /* allowed to do unaligned accesses */


@@ -10223,7 +11008,7 @@ index a5f01ac..a8811dd 100644
  /* NOTE: Thread flags >= 12 should be ones we have no interest
   *       in using in assembly, else we can't use the mask as
   *       an immediate value in instructions such as andcc.
  /* NOTE: Thread flags >= 12 should be ones we have no interest
   *       in using in assembly, else we can't use the mask as
   *       an immediate value in instructions such as andcc.

-@@ -213,12 +217,18 @@ register struct thread_info *current_thread_info_reg asm("g6");
+@@ -215,12 +218,18 @@ register struct thread_info *current_thread_info_reg asm("g6");

  #define _TIF_SYSCALL_AUDIT    (1<<TIF_SYSCALL_AUDIT)
  #define _TIF_SYSCALL_TRACEPOINT       (1<<TIF_SYSCALL_TRACEPOINT)
  #define _TIF_POLLING_NRFLAG   (1<<TIF_POLLING_NRFLAG)
  #define _TIF_SYSCALL_AUDIT    (1<<TIF_SYSCALL_AUDIT)
  #define _TIF_SYSCALL_TRACEPOINT       (1<<TIF_SYSCALL_TRACEPOINT)
  #define _TIF_POLLING_NRFLAG   (1<<TIF_POLLING_NRFLAG)


@@ -10367,104 +11152,6 @@ index 7cf9c6e..6206648 100644
  
  extra-y     := head_$(BITS).o
  
  
  extra-y     := head_$(BITS).o
  

-diff --git a/arch/sparc/kernel/entry.h b/arch/sparc/kernel/entry.h
-index ebaba61..88d322b 100644
---- a/arch/sparc/kernel/entry.h
-+++ b/arch/sparc/kernel/entry.h
-@@ -65,13 +65,10 @@ struct pause_patch_entry {
- extern struct pause_patch_entry __pause_3insn_patch,
-       __pause_3insn_patch_end;
- 
--void __init per_cpu_patch(void);
- void sun4v_patch_1insn_range(struct sun4v_1insn_patch_entry *,
-                            struct sun4v_1insn_patch_entry *);
- void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *,
-                            struct sun4v_2insn_patch_entry *);
--void __init sun4v_patch(void);
--void __init boot_cpu_id_too_large(int cpu);
- extern unsigned int dcache_parity_tl1_occurred;
- extern unsigned int icache_parity_tl1_occurred;
- 
-diff --git a/arch/sparc/kernel/head_64.S b/arch/sparc/kernel/head_64.S
-index 452f04fe..fbea0ac 100644
---- a/arch/sparc/kernel/head_64.S
-+++ b/arch/sparc/kernel/head_64.S
-@@ -660,14 +660,12 @@ tlb_fixup_done:
-       sethi   %hi(init_thread_union), %g6
-       or      %g6, %lo(init_thread_union), %g6
-       ldx     [%g6 + TI_TASK], %g4
--      mov     %sp, %l6
- 
-       wr      %g0, ASI_P, %asi
-       mov     1, %g1
-       sllx    %g1, THREAD_SHIFT, %g1
-       sub     %g1, (STACKFRAME_SZ + STACK_BIAS), %g1
-       add     %g6, %g1, %sp
--      mov     0, %fp
- 
-       /* Set per-cpu pointer initially to zero, this makes
-        * the boot-cpu use the in-kernel-image per-cpu areas
-@@ -694,44 +692,14 @@ tlb_fixup_done:
-        nop
- #endif
- 
--      mov     %l6, %o1                        ! OpenPROM stack
-       call    prom_init
-        mov    %l7, %o0                        ! OpenPROM cif handler
- 
--      /* Initialize current_thread_info()->cpu as early as possible.
--       * In order to do that accurately we have to patch up the get_cpuid()
--       * assembler sequences.  And that, in turn, requires that we know
--       * if we are on a Starfire box or not.  While we're here, patch up
--       * the sun4v sequences as well.
-+      /* To create a one-register-window buffer between the kernel's
-+       * initial stack and the last stack frame we use from the firmware,
-+       * do the rest of the boot from a C helper function.
-        */
--      call    check_if_starfire
--       nop
--      call    per_cpu_patch
--       nop
--      call    sun4v_patch
--       nop
--
--#ifdef CONFIG_SMP
--      call    hard_smp_processor_id
--       nop
--      cmp     %o0, NR_CPUS
--      blu,pt  %xcc, 1f
--       nop
--      call    boot_cpu_id_too_large
--       nop
--      /* Not reached... */
--
--1:
--#else
--      mov     0, %o0
--#endif
--      sth     %o0, [%g6 + TI_CPU]
--
--      call    prom_init_report
--       nop
--
--      /* Off we go.... */
--      call    start_kernel
-+      call    start_early_boot
-        nop
-       /* Not reached... */
- 
-diff --git a/arch/sparc/kernel/hvtramp.S b/arch/sparc/kernel/hvtramp.S
-index b7ddcdd..cdbfec2 100644
---- a/arch/sparc/kernel/hvtramp.S
-+++ b/arch/sparc/kernel/hvtramp.S
-@@ -109,7 +109,6 @@ hv_cpu_startup:
-       sllx            %g5, THREAD_SHIFT, %g5
-       sub             %g5, (STACKFRAME_SZ + STACK_BIAS), %g5
-       add             %g6, %g5, %sp
--      mov             0, %fp
- 
-       call            init_irqwork_curcpu
-        nop

 diff --git a/arch/sparc/kernel/process_32.c b/arch/sparc/kernel/process_32.c
 index 50e7b62..79fae35 100644
 --- a/arch/sparc/kernel/process_32.c
 diff --git a/arch/sparc/kernel/process_32.c b/arch/sparc/kernel/process_32.c
 index 50e7b62..79fae35 100644
 --- a/arch/sparc/kernel/process_32.c


@@ -10587,73 +11274,11 @@ index c13c9f2..d572c34 100644
        audit_syscall_exit(regs);
  
        if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
        audit_syscall_exit(regs);
  
        if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))

-diff --git a/arch/sparc/kernel/setup_64.c b/arch/sparc/kernel/setup_64.c
-index 3fdb455..949f773 100644
---- a/arch/sparc/kernel/setup_64.c
-+++ b/arch/sparc/kernel/setup_64.c
-@@ -30,6 +30,7 @@
- #include <linux/cpu.h>
- #include <linux/initrd.h>
- #include <linux/module.h>
-+#include <linux/start_kernel.h>
- 
- #include <asm/io.h>
- #include <asm/processor.h>
-@@ -174,7 +175,7 @@ char reboot_command[COMMAND_LINE_SIZE];
- 
- static struct pt_regs fake_swapper_regs = { { 0, }, 0, 0, 0, 0 };
- 
--void __init per_cpu_patch(void)
-+static void __init per_cpu_patch(void)
- {
-       struct cpuid_patch_entry *p;
-       unsigned long ver;
-@@ -266,7 +267,7 @@ void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *start,
-       }
- }
- 
--void __init sun4v_patch(void)
-+static void __init sun4v_patch(void)
- {
-       extern void sun4v_hvapi_init(void);
- 
-@@ -335,14 +336,25 @@ static void __init pause_patch(void)
-       }
- }
- 
--#ifdef CONFIG_SMP
--void __init boot_cpu_id_too_large(int cpu)
-+void __init start_early_boot(void)
- {
--      prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n",
--                  cpu, NR_CPUS);
--      prom_halt();
-+      int cpu;
-+
-+      check_if_starfire();
-+      per_cpu_patch();
-+      sun4v_patch();
-+
-+      cpu = hard_smp_processor_id();
-+      if (cpu >= NR_CPUS) {
-+              prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n",
-+                          cpu, NR_CPUS);
-+              prom_halt();
-+      }
-+      current_thread_info()->cpu = cpu;
-+
-+      prom_init_report();
-+      start_kernel();
- }
--#endif
- 
- /* On Ultra, we support all of the v8 capabilities. */
- unsigned long sparc64_elf_hwcap = (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR |

 diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c
 diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c

-index f7ba875..b65677e 100644
+index 81954ee..6cfaa98 100644

 --- a/arch/sparc/kernel/smp_64.c
 +++ b/arch/sparc/kernel/smp_64.c
 --- a/arch/sparc/kernel/smp_64.c
 +++ b/arch/sparc/kernel/smp_64.c

-@@ -883,7 +883,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu)
+@@ -887,7 +887,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu)

                return;
  
  #ifdef CONFIG_DEBUG_DCFLUSH
                return;
  
  #ifdef CONFIG_DEBUG_DCFLUSH


@@ -10662,7 +11287,7 @@ index f7ba875..b65677e 100644
  #endif
  
        this_cpu = get_cpu();
  #endif
  
        this_cpu = get_cpu();

-@@ -907,7 +907,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu)
+@@ -911,7 +911,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu)

                        xcall_deliver(data0, __pa(pg_addr),
                                      (u64) pg_addr, cpumask_of(cpu));
  #ifdef CONFIG_DEBUG_DCFLUSH
                        xcall_deliver(data0, __pa(pg_addr),
                                      (u64) pg_addr, cpumask_of(cpu));
  #ifdef CONFIG_DEBUG_DCFLUSH


@@ -10671,7 +11296,7 @@ index f7ba875..b65677e 100644
  #endif
                }
        }
  #endif
                }
        }

-@@ -926,7 +926,7 @@ void flush_dcache_page_all(struct mm_struct *mm, struct page *page)
+@@ -930,7 +930,7 @@ void flush_dcache_page_all(struct mm_struct *mm, struct page *page)

        preempt_disable();
  
  #ifdef CONFIG_DEBUG_DCFLUSH
        preempt_disable();
  
  #ifdef CONFIG_DEBUG_DCFLUSH


@@ -10680,7 +11305,7 @@ index f7ba875..b65677e 100644
  #endif
        data0 = 0;
        pg_addr = page_address(page);
  #endif
        data0 = 0;
        pg_addr = page_address(page);

-@@ -943,7 +943,7 @@ void flush_dcache_page_all(struct mm_struct *mm, struct page *page)
+@@ -947,7 +947,7 @@ void flush_dcache_page_all(struct mm_struct *mm, struct page *page)

                xcall_deliver(data0, __pa(pg_addr),
                              (u64) pg_addr, cpu_online_mask);
  #ifdef CONFIG_DEBUG_DCFLUSH
                xcall_deliver(data0, __pa(pg_addr),
                              (u64) pg_addr, cpu_online_mask);
  #ifdef CONFIG_DEBUG_DCFLUSH


@@ -10915,36 +11540,6 @@ index 33a17e7..d87fb1f 100644
        ldx     [%sp + PTREGS_OFF + PT_V9_TNPC], %l1 ! pc = npc
  
  2:
        ldx     [%sp + PTREGS_OFF + PT_V9_TNPC], %l1 ! pc = npc
  
  2:

-diff --git a/arch/sparc/kernel/trampoline_64.S b/arch/sparc/kernel/trampoline_64.S
-index 737f8cb..88ede1d 100644
---- a/arch/sparc/kernel/trampoline_64.S
-+++ b/arch/sparc/kernel/trampoline_64.S
-@@ -109,10 +109,13 @@ startup_continue:
-       brnz,pn         %g1, 1b
-        nop
- 
--      sethi           %hi(p1275buf), %g2
--      or              %g2, %lo(p1275buf), %g2
--      ldx             [%g2 + 0x10], %l2
--      add             %l2, -(192 + 128), %sp
-+      /* Get onto temporary stack which will be in the locked
-+       * kernel image.
-+       */
-+      sethi           %hi(tramp_stack), %g1
-+      or              %g1, %lo(tramp_stack), %g1
-+      add             %g1, TRAMP_STACK_SIZE, %g1
-+      sub             %g1, STACKFRAME_SZ + STACK_BIAS + 256, %sp
-       flushw
- 
-       /* Setup the loop variables:
-@@ -394,7 +397,6 @@ after_lock_tlb:
-       sllx            %g5, THREAD_SHIFT, %g5
-       sub             %g5, (STACKFRAME_SZ + STACK_BIAS), %g5
-       add             %g6, %g5, %sp
--      mov             0, %fp
- 
-       rdpr            %pstate, %o1
-       or              %o1, PSTATE_IE, %o1

 diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c
 index 6fd386c5..6907d81 100644
 --- a/arch/sparc/kernel/traps_32.c
 diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c
 index 6fd386c5..6907d81 100644
 --- a/arch/sparc/kernel/traps_32.c


@@ -10979,7 +11574,7 @@ index 6fd386c5..6907d81 100644
  }
  
 diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c
  }
  
 diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c

-index fb6640e..2daada8 100644
+index 981a769..d906eda 100644

 --- a/arch/sparc/kernel/traps_64.c
 +++ b/arch/sparc/kernel/traps_64.c
 @@ -79,7 +79,7 @@ static void dump_tl1_traplog(struct tl1_traplog *p)
 --- a/arch/sparc/kernel/traps_64.c
 +++ b/arch/sparc/kernel/traps_64.c
 @@ -79,7 +79,7 @@ static void dump_tl1_traplog(struct tl1_traplog *p)


@@ -11097,8 +11692,8 @@ index fb6640e..2daada8 100644
 +      atomic_inc_unchecked(&sun4v_nonresum_oflow_cnt);
  }
  
 +      atomic_inc_unchecked(&sun4v_nonresum_oflow_cnt);
  }
  

- unsigned long sun4v_err_itlb_vaddr;
-@@ -2116,9 +2127,9 @@ void sun4v_itlb_error_report(struct pt_regs *regs, int tl)
+ static void sun4v_tlb_error(struct pt_regs *regs)
+@@ -2120,9 +2131,9 @@ void sun4v_itlb_error_report(struct pt_regs *regs, int tl)

  
        printk(KERN_EMERG "SUN4V-ITLB: Error at TPC[%lx], tl %d\n",
               regs->tpc, tl);
  
        printk(KERN_EMERG "SUN4V-ITLB: Error at TPC[%lx], tl %d\n",
               regs->tpc, tl);


@@ -11110,7 +11705,7 @@ index fb6640e..2daada8 100644
               (void *) regs->u_regs[UREG_I7]);
        printk(KERN_EMERG "SUN4V-ITLB: vaddr[%lx] ctx[%lx] "
               "pte[%lx] error[%lx]\n",
               (void *) regs->u_regs[UREG_I7]);
        printk(KERN_EMERG "SUN4V-ITLB: vaddr[%lx] ctx[%lx] "
               "pte[%lx] error[%lx]\n",

-@@ -2140,9 +2151,9 @@ void sun4v_dtlb_error_report(struct pt_regs *regs, int tl)
+@@ -2143,9 +2154,9 @@ void sun4v_dtlb_error_report(struct pt_regs *regs, int tl)

  
        printk(KERN_EMERG "SUN4V-DTLB: Error at TPC[%lx], tl %d\n",
               regs->tpc, tl);
  
        printk(KERN_EMERG "SUN4V-DTLB: Error at TPC[%lx], tl %d\n",
               regs->tpc, tl);


@@ -11122,7 +11717,7 @@ index fb6640e..2daada8 100644
               (void *) regs->u_regs[UREG_I7]);
        printk(KERN_EMERG "SUN4V-DTLB: vaddr[%lx] ctx[%lx] "
               "pte[%lx] error[%lx]\n",
               (void *) regs->u_regs[UREG_I7]);
        printk(KERN_EMERG "SUN4V-DTLB: vaddr[%lx] ctx[%lx] "
               "pte[%lx] error[%lx]\n",

-@@ -2359,13 +2370,13 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp)
+@@ -2362,13 +2373,13 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp)

                        fp = (unsigned long)sf->fp + STACK_BIAS;
                }
  
                        fp = (unsigned long)sf->fp + STACK_BIAS;
                }
  


@@ -11138,7 +11733,7 @@ index fb6640e..2daada8 100644
                                graph++;
                        }
                }
                                graph++;
                        }
                }

-@@ -2383,6 +2394,8 @@ static inline struct reg_window *kernel_stack_up(struct reg_window *rw)
+@@ -2386,6 +2397,8 @@ static inline struct reg_window *kernel_stack_up(struct reg_window *rw)

        return (struct reg_window *) (fp + STACK_BIAS);
  }
  
        return (struct reg_window *) (fp + STACK_BIAS);
  }
  


@@ -11147,7 +11742,7 @@ index fb6640e..2daada8 100644
  void __noreturn die_if_kernel(char *str, struct pt_regs *regs)
  {
        static int die_counter;
  void __noreturn die_if_kernel(char *str, struct pt_regs *regs)
  {
        static int die_counter;

-@@ -2411,7 +2424,7 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs)
+@@ -2414,7 +2427,7 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs)

                while (rw &&
                       count++ < 30 &&
                       kstack_valid(tp, (unsigned long) rw)) {
                while (rw &&
                       count++ < 30 &&
                       kstack_valid(tp, (unsigned long) rw)) {


@@ -11156,7 +11751,7 @@ index fb6640e..2daada8 100644
                               (void *) rw->ins[7]);
  
                        rw = kernel_stack_up(rw);
                               (void *) rw->ins[7]);
  
                        rw = kernel_stack_up(rw);

-@@ -2424,8 +2437,10 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs)
+@@ -2427,8 +2440,10 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs)

                }
                user_instruction_dump ((unsigned int __user *) regs->tpc);
        }
                }
                user_instruction_dump ((unsigned int __user *) regs->tpc);
        }


@@ -11762,7 +12357,7 @@ index 908e8c1..1524793 100644
                if (!(vma->vm_flags & (VM_READ | VM_EXEC)))
                        goto bad_area;
 diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c
                if (!(vma->vm_flags & (VM_READ | VM_EXEC)))
                        goto bad_area;
 diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c

-index 587cd05..fbdf17a 100644
+index 18fcd71..e4fe821 100644

 --- a/arch/sparc/mm/fault_64.c
 +++ b/arch/sparc/mm/fault_64.c
 @@ -22,6 +22,9 @@
 --- a/arch/sparc/mm/fault_64.c
 +++ b/arch/sparc/mm/fault_64.c
 @@ -22,6 +22,9 @@


@@ -12251,7 +12846,7 @@ index 587cd05..fbdf17a 100644
  asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs)
  {
        enum ctx_state prev_state = exception_enter();
  asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs)
  {
        enum ctx_state prev_state = exception_enter();

-@@ -350,6 +813,29 @@ retry:
+@@ -353,6 +816,29 @@ retry:

        if (!vma)
                goto bad_area;
  
        if (!vma)
                goto bad_area;
  


@@ -12281,47 +12876,6 @@ index 587cd05..fbdf17a 100644
        /* Pure DTLB misses do not tell us whether the fault causing
         * load/store/atomic was a write or not, it only says that there
         * was no match.  So in such a case we (carefully) read the
        /* Pure DTLB misses do not tell us whether the fault causing
         * load/store/atomic was a write or not, it only says that there
         * was no match.  So in such a case we (carefully) read the

-diff --git a/arch/sparc/mm/gup.c b/arch/sparc/mm/gup.c
-index 1aed043..ae6ce38 100644
---- a/arch/sparc/mm/gup.c
-+++ b/arch/sparc/mm/gup.c
-@@ -160,6 +160,36 @@ static int gup_pud_range(pgd_t pgd, unsigned long addr, unsigned long end,
-       return 1;
- }
- 
-+int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
-+                        struct page **pages)
-+{
-+      struct mm_struct *mm = current->mm;
-+      unsigned long addr, len, end;
-+      unsigned long next, flags;
-+      pgd_t *pgdp;
-+      int nr = 0;
-+
-+      start &= PAGE_MASK;
-+      addr = start;
-+      len = (unsigned long) nr_pages << PAGE_SHIFT;
-+      end = start + len;
-+
-+      local_irq_save(flags);
-+      pgdp = pgd_offset(mm, addr);
-+      do {
-+              pgd_t pgd = *pgdp;
-+
-+              next = pgd_addr_end(addr, end);
-+              if (pgd_none(pgd))
-+                      break;
-+              if (!gup_pud_range(pgd, addr, next, write, pages, &nr))
-+                      break;
-+      } while (pgdp++, addr = next, addr != end);
-+      local_irq_restore(flags);
-+
-+      return nr;
-+}
-+
- int get_user_pages_fast(unsigned long start, int nr_pages, int write,
-                       struct page **pages)
- {

 diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c
 index d329537..2c3746a 100644
 --- a/arch/sparc/mm/hugetlbpage.c
 diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c
 index d329537..2c3746a 100644
 --- a/arch/sparc/mm/hugetlbpage.c


@@ -12429,10 +12983,10 @@ index d329537..2c3746a 100644
  
  pte_t *huge_pte_alloc(struct mm_struct *mm,
 diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c
  
  pte_t *huge_pte_alloc(struct mm_struct *mm,
 diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c

-index 98ac8e8..ba7dd39 100644
+index 04bc826..0fefab9 100644

 --- a/arch/sparc/mm/init_64.c
 +++ b/arch/sparc/mm/init_64.c
 --- a/arch/sparc/mm/init_64.c
 +++ b/arch/sparc/mm/init_64.c

-@@ -190,9 +190,9 @@ unsigned long sparc64_kern_sec_context __read_mostly;
+@@ -186,9 +186,9 @@ unsigned long sparc64_kern_sec_context __read_mostly;

  int num_kernel_image_mappings;
  
  #ifdef CONFIG_DEBUG_DCFLUSH
  int num_kernel_image_mappings;
  
  #ifdef CONFIG_DEBUG_DCFLUSH


@@ -12444,7 +12998,7 @@ index 98ac8e8..ba7dd39 100644
  #endif
  #endif
  
  #endif
  #endif
  

-@@ -200,7 +200,7 @@ inline void flush_dcache_page_impl(struct page *page)
+@@ -196,7 +196,7 @@ inline void flush_dcache_page_impl(struct page *page)

  {
        BUG_ON(tlb_type == hypervisor);
  #ifdef CONFIG_DEBUG_DCFLUSH
  {
        BUG_ON(tlb_type == hypervisor);
  #ifdef CONFIG_DEBUG_DCFLUSH


@@ -12453,7 +13007,7 @@ index 98ac8e8..ba7dd39 100644
  #endif
  
  #ifdef DCACHE_ALIASING_POSSIBLE
  #endif
  
  #ifdef DCACHE_ALIASING_POSSIBLE

-@@ -472,10 +472,10 @@ void mmu_info(struct seq_file *m)
+@@ -468,10 +468,10 @@ void mmu_info(struct seq_file *m)

  
  #ifdef CONFIG_DEBUG_DCFLUSH
        seq_printf(m, "DCPageFlushes\t: %d\n",
  
  #ifdef CONFIG_DEBUG_DCFLUSH
        seq_printf(m, "DCPageFlushes\t: %d\n",


@@ -12478,63 +13032,6 @@ index ece4af0..f04b862 100644
 +
 +      bpf_prog_unlock_free(fp);
  }
 +
 +      bpf_prog_unlock_free(fp);
  }

-diff --git a/arch/sparc/prom/cif.S b/arch/sparc/prom/cif.S
-index 9c86b4b..8050f38 100644
---- a/arch/sparc/prom/cif.S
-+++ b/arch/sparc/prom/cif.S
-@@ -11,11 +11,10 @@
-       .text
-       .globl  prom_cif_direct
- prom_cif_direct:
-+      save    %sp, -192, %sp
-       sethi   %hi(p1275buf), %o1
-       or      %o1, %lo(p1275buf), %o1
--      ldx     [%o1 + 0x0010], %o2     ! prom_cif_stack
--      save    %o2, -192, %sp
--      ldx     [%i1 + 0x0008], %l2     ! prom_cif_handler
-+      ldx     [%o1 + 0x0008], %l2     ! prom_cif_handler
-       mov     %g4, %l0
-       mov     %g5, %l1
-       mov     %g6, %l3
-diff --git a/arch/sparc/prom/init_64.c b/arch/sparc/prom/init_64.c
-index d95db75..110b0d7 100644
---- a/arch/sparc/prom/init_64.c
-+++ b/arch/sparc/prom/init_64.c
-@@ -26,13 +26,13 @@ phandle prom_chosen_node;
-  * It gets passed the pointer to the PROM vector.
-  */
- 
--extern void prom_cif_init(void *, void *);
-+extern void prom_cif_init(void *);
- 
--void __init prom_init(void *cif_handler, void *cif_stack)
-+void __init prom_init(void *cif_handler)
- {
-       phandle node;
- 
--      prom_cif_init(cif_handler, cif_stack);
-+      prom_cif_init(cif_handler);
- 
-       prom_chosen_node = prom_finddevice(prom_chosen_path);
-       if (!prom_chosen_node || (s32)prom_chosen_node == -1)
-diff --git a/arch/sparc/prom/p1275.c b/arch/sparc/prom/p1275.c
-index e58b817..c27c30e4 100644
---- a/arch/sparc/prom/p1275.c
-+++ b/arch/sparc/prom/p1275.c
-@@ -19,7 +19,6 @@
- struct {
-       long prom_callback;                     /* 0x00 */
-       void (*prom_cif_handler)(long *);       /* 0x08 */
--      unsigned long prom_cif_stack;           /* 0x10 */
- } p1275buf;
- 
- extern void prom_world(int);
-@@ -51,5 +50,4 @@ void p1275_cmd_direct(unsigned long *args)
- void prom_cif_init(void *cif_handler, void *cif_stack)
- {
-       p1275buf.prom_cif_handler = (void (*)(long *))cif_handler;
--      p1275buf.prom_cif_stack = (unsigned long)cif_stack;
- }

 diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig
 index 7fcd492..1311074 100644
 --- a/arch/tile/Kconfig
 diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig
 index 7fcd492..1311074 100644
 --- a/arch/tile/Kconfig


@@ -12966,7 +13463,7 @@ index bd49ec6..94c7f58 100644
  }
  
 diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
  }
  
 diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile

-index 0fcd913..3bb5c42 100644
+index 14fe7cb..829b962 100644

 --- a/arch/x86/boot/compressed/Makefile
 +++ b/arch/x86/boot/compressed/Makefile
 @@ -16,6 +16,9 @@ KBUILD_CFLAGS += $(cflags-y)
 --- a/arch/x86/boot/compressed/Makefile
 +++ b/arch/x86/boot/compressed/Makefile
 @@ -16,6 +16,9 @@ KBUILD_CFLAGS += $(cflags-y)


@@ -13022,7 +13519,7 @@ index a53440e..c3dbf1e 100644
  .previous
  
 diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S
  .previous
  
 diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S

-index cbed140..5f2ca57 100644
+index 1d7fbbc..36ecd58 100644

 --- a/arch/x86/boot/compressed/head_32.S
 +++ b/arch/x86/boot/compressed/head_32.S
 @@ -140,10 +140,10 @@ preferred_addr:
 --- a/arch/x86/boot/compressed/head_32.S
 +++ b/arch/x86/boot/compressed/head_32.S
 @@ -140,10 +140,10 @@ preferred_addr:


@@ -13039,7 +13536,7 @@ index cbed140..5f2ca57 100644
  
        /* Target address to relocate to for decompression */
 diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
  
        /* Target address to relocate to for decompression */
 diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S

-index 2884e0c..904a2f7 100644
+index 6b1766c..ad465c9 100644

 --- a/arch/x86/boot/compressed/head_64.S
 +++ b/arch/x86/boot/compressed/head_64.S
 @@ -94,10 +94,10 @@ ENTRY(startup_32)
 --- a/arch/x86/boot/compressed/head_64.S
 +++ b/arch/x86/boot/compressed/head_64.S
 @@ -94,10 +94,10 @@ ENTRY(startup_32)


@@ -13068,7 +13565,7 @@ index 2884e0c..904a2f7 100644
  1:
  
        /* Target address to relocate to for decompression */
  1:
  
        /* Target address to relocate to for decompression */

-@@ -431,8 +431,8 @@ gdt:
+@@ -434,8 +434,8 @@ gdt:

        .long   gdt
        .word   0
        .quad   0x0000000000000000      /* NULL descriptor */
        .long   gdt
        .word   0
        .quad   0x0000000000000000      /* NULL descriptor */


@@ -13080,7 +13577,7 @@ index 2884e0c..904a2f7 100644
        .quad   0x0000000000000000      /* TS continued */
  gdt_end:
 diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
        .quad   0x0000000000000000      /* TS continued */
  gdt_end:
 diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c

-index 57ab74d..7c52182 100644
+index 30dd59a..cd9edc3 100644

 --- a/arch/x86/boot/compressed/misc.c
 +++ b/arch/x86/boot/compressed/misc.c
 @@ -242,7 +242,7 @@ static void handle_relocations(void *output, unsigned long output_len)
 --- a/arch/x86/boot/compressed/misc.c
 +++ b/arch/x86/boot/compressed/misc.c
 @@ -242,7 +242,7 @@ static void handle_relocations(void *output, unsigned long output_len)


@@ -13119,7 +13616,7 @@ index 57ab74d..7c52182 100644
                        break;
                default: /* Ignore other PT_* */ break;
                }
                        break;
                default: /* Ignore other PT_* */ break;
                }

-@@ -395,7 +398,7 @@ asmlinkage __visible void *decompress_kernel(void *rmode, memptr heap,
+@@ -402,7 +405,7 @@ asmlinkage __visible void *decompress_kernel(void *rmode, memptr heap,

                error("Destination address too large");
  #endif
  #ifndef CONFIG_RELOCATABLE
                error("Destination address too large");
  #endif
  #ifndef CONFIG_RELOCATABLE


@@ -14877,7 +15374,7 @@ index f9e181a..db313b5 100644
  
        err |= copy_siginfo_to_user32(&frame->info, &ksig->info);
 diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
  
        err |= copy_siginfo_to_user32(&frame->info, &ksig->info);
 diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S

-index 4299eb0..fefe70e 100644
+index 92a2e93..cd4d95f 100644

 --- a/arch/x86/ia32/ia32entry.S
 +++ b/arch/x86/ia32/ia32entry.S
 @@ -15,8 +15,10 @@
 --- a/arch/x86/ia32/ia32entry.S
 +++ b/arch/x86/ia32/ia32entry.S
 @@ -15,8 +15,10 @@


@@ -14955,7 +15452,7 @@ index 4299eb0..fefe70e 100644
        movl    %ebp,%ebp               /* zero extension */
        pushq_cfi $__USER32_DS
        /*CFI_REL_OFFSET ss,0*/
        movl    %ebp,%ebp               /* zero extension */
        pushq_cfi $__USER32_DS
        /*CFI_REL_OFFSET ss,0*/

-@@ -135,24 +157,49 @@ ENTRY(ia32_sysenter_target)
+@@ -135,23 +157,46 @@ ENTRY(ia32_sysenter_target)

        CFI_REL_OFFSET rsp,0
        pushfq_cfi
        /*CFI_REL_OFFSET rflags,0*/
        CFI_REL_OFFSET rsp,0
        pushfq_cfi
        /*CFI_REL_OFFSET rflags,0*/


@@ -14997,20 +15494,27 @@ index 4299eb0..fefe70e 100644
  1:    movl    (%rbp),%ebp
        _ASM_EXTABLE(1b,ia32_badarg)
        ASM_CLAC
  1:    movl    (%rbp),%ebp
        _ASM_EXTABLE(1b,ia32_badarg)
        ASM_CLAC

--      orl     $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET)
--      testl   $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
-+
+ 

 +#ifdef CONFIG_PAX_MEMORY_UDEREF
 +      ASM_PAX_CLOSE_USERLAND
 +#endif
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
 +      ASM_PAX_CLOSE_USERLAND
 +#endif
 +

+       /*
+        * Sysenter doesn't filter flags, so we need to clear NT
+        * ourselves.  To save a few cycles, we can check whether
+@@ -161,8 +206,9 @@ ENTRY(ia32_sysenter_target)
+       jnz sysenter_fix_flags
+ sysenter_flags_fixed:
+ 
+-      orl     $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+-      testl   $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)

 +      GET_THREAD_INFO(%r11)
 +      orl    $TS_COMPAT,TI_status(%r11)
 +      testl  $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11)
        CFI_REMEMBER_STATE
        jnz  sysenter_tracesys
        cmpq    $(IA32_NR_syscalls-1),%rax
 +      GET_THREAD_INFO(%r11)
 +      orl    $TS_COMPAT,TI_status(%r11)
 +      testl  $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11)
        CFI_REMEMBER_STATE
        jnz  sysenter_tracesys
        cmpq    $(IA32_NR_syscalls-1),%rax

-@@ -162,15 +209,18 @@ sysenter_do_call:
+@@ -172,15 +218,18 @@ sysenter_do_call:

  sysenter_dispatch:
        call    *ia32_sys_call_table(,%rax,8)
        movq    %rax,RAX-ARGOFFSET(%rsp)
  sysenter_dispatch:
        call    *ia32_sys_call_table(,%rax,8)
        movq    %rax,RAX-ARGOFFSET(%rsp)


@@ -15033,7 +15537,7 @@ index 4299eb0..fefe70e 100644
        CFI_REGISTER rip,rdx
        RESTORE_ARGS 0,24,0,0,0,0
        xorq    %r8,%r8
        CFI_REGISTER rip,rdx
        RESTORE_ARGS 0,24,0,0,0,0
        xorq    %r8,%r8

-@@ -193,6 +243,9 @@ sysexit_from_sys_call:
+@@ -205,6 +254,9 @@ sysexit_from_sys_call:

        movl %eax,%esi                  /* 2nd arg: syscall number */
        movl $AUDIT_ARCH_I386,%edi      /* 1st arg: audit arch */
        call __audit_syscall_entry
        movl %eax,%esi                  /* 2nd arg: syscall number */
        movl $AUDIT_ARCH_I386,%edi      /* 1st arg: audit arch */
        call __audit_syscall_entry


@@ -15043,7 +15547,7 @@ index 4299eb0..fefe70e 100644
        movl RAX-ARGOFFSET(%rsp),%eax   /* reload syscall number */
        cmpq $(IA32_NR_syscalls-1),%rax
        ja ia32_badsys
        movl RAX-ARGOFFSET(%rsp),%eax   /* reload syscall number */
        cmpq $(IA32_NR_syscalls-1),%rax
        ja ia32_badsys

-@@ -204,7 +257,7 @@ sysexit_from_sys_call:
+@@ -216,7 +268,7 @@ sysexit_from_sys_call:

        .endm
  
        .macro auditsys_exit exit
        .endm
  
        .macro auditsys_exit exit


@@ -15052,7 +15556,7 @@ index 4299eb0..fefe70e 100644
        jnz ia32_ret_from_sys_call
        TRACE_IRQS_ON
        ENABLE_INTERRUPTS(CLBR_NONE)
        jnz ia32_ret_from_sys_call
        TRACE_IRQS_ON
        ENABLE_INTERRUPTS(CLBR_NONE)

-@@ -215,11 +268,12 @@ sysexit_from_sys_call:
+@@ -227,11 +279,12 @@ sysexit_from_sys_call:

  1:    setbe %al               /* 1 if error, 0 if not */
        movzbl %al,%edi         /* zero-extend that into %edi */
        call __audit_syscall_exit
  1:    setbe %al               /* 1 if error, 0 if not */
        movzbl %al,%edi         /* zero-extend that into %edi */
        call __audit_syscall_exit


@@ -15066,7 +15570,7 @@ index 4299eb0..fefe70e 100644
        jz \exit
        CLEAR_RREGS -ARGOFFSET
        jmp int_with_check
        jz \exit
        CLEAR_RREGS -ARGOFFSET
        jmp int_with_check

-@@ -237,7 +291,7 @@ sysexit_audit:
+@@ -253,7 +306,7 @@ sysenter_fix_flags:

  
  sysenter_tracesys:
  #ifdef CONFIG_AUDITSYSCALL
  
  sysenter_tracesys:
  #ifdef CONFIG_AUDITSYSCALL


@@ -15075,7 +15579,7 @@ index 4299eb0..fefe70e 100644
        jz      sysenter_auditsys
  #endif
        SAVE_REST
        jz      sysenter_auditsys
  #endif
        SAVE_REST

-@@ -249,6 +303,9 @@ sysenter_tracesys:
+@@ -265,6 +318,9 @@ sysenter_tracesys:

        RESTORE_REST
        cmpq    $(IA32_NR_syscalls-1),%rax
        ja      int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */
        RESTORE_REST
        cmpq    $(IA32_NR_syscalls-1),%rax
        ja      int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */


@@ -15085,7 +15589,7 @@ index 4299eb0..fefe70e 100644
        jmp     sysenter_do_call
        CFI_ENDPROC
  ENDPROC(ia32_sysenter_target)
        jmp     sysenter_do_call
        CFI_ENDPROC
  ENDPROC(ia32_sysenter_target)

-@@ -276,19 +333,25 @@ ENDPROC(ia32_sysenter_target)
+@@ -292,19 +348,25 @@ ENDPROC(ia32_sysenter_target)

  ENTRY(ia32_cstar_target)
        CFI_STARTPROC32 simple
        CFI_SIGNAL_FRAME
  ENTRY(ia32_cstar_target)
        CFI_STARTPROC32 simple
        CFI_SIGNAL_FRAME


@@ -15113,7 +15617,7 @@ index 4299eb0..fefe70e 100644
        movl    %eax,%eax       /* zero extension */
        movq    %rax,ORIG_RAX-ARGOFFSET(%rsp)
        movq    %rcx,RIP-ARGOFFSET(%rsp)
        movl    %eax,%eax       /* zero extension */
        movq    %rax,ORIG_RAX-ARGOFFSET(%rsp)
        movq    %rcx,RIP-ARGOFFSET(%rsp)

-@@ -304,12 +367,25 @@ ENTRY(ia32_cstar_target)
+@@ -320,12 +382,25 @@ ENTRY(ia32_cstar_target)

        /* no need to do an access_ok check here because r8 has been
           32bit zero extended */ 
        /* hardware stack frame is complete now */      
        /* no need to do an access_ok check here because r8 has been
           32bit zero extended */ 
        /* hardware stack frame is complete now */      


@@ -15141,7 +15645,7 @@ index 4299eb0..fefe70e 100644
        CFI_REMEMBER_STATE
        jnz   cstar_tracesys
        cmpq $IA32_NR_syscalls-1,%rax
        CFI_REMEMBER_STATE
        jnz   cstar_tracesys
        cmpq $IA32_NR_syscalls-1,%rax

-@@ -319,13 +395,16 @@ cstar_do_call:
+@@ -335,13 +410,16 @@ cstar_do_call:

  cstar_dispatch:
        call *ia32_sys_call_table(,%rax,8)
        movq %rax,RAX-ARGOFFSET(%rsp)
  cstar_dispatch:
        call *ia32_sys_call_table(,%rax,8)
        movq %rax,RAX-ARGOFFSET(%rsp)


@@ -15161,7 +15665,7 @@ index 4299eb0..fefe70e 100644
        movl RIP-ARGOFFSET(%rsp),%ecx
        CFI_REGISTER rip,rcx
        movl EFLAGS-ARGOFFSET(%rsp),%r11d       
        movl RIP-ARGOFFSET(%rsp),%ecx
        CFI_REGISTER rip,rcx
        movl EFLAGS-ARGOFFSET(%rsp),%r11d       

-@@ -352,7 +431,7 @@ sysretl_audit:
+@@ -368,7 +446,7 @@ sysretl_audit:

  
  cstar_tracesys:
  #ifdef CONFIG_AUDITSYSCALL
  
  cstar_tracesys:
  #ifdef CONFIG_AUDITSYSCALL


@@ -15170,7 +15674,7 @@ index 4299eb0..fefe70e 100644
        jz cstar_auditsys
  #endif
        xchgl %r9d,%ebp
        jz cstar_auditsys
  #endif
        xchgl %r9d,%ebp

-@@ -366,11 +445,19 @@ cstar_tracesys:
+@@ -382,11 +460,19 @@ cstar_tracesys:

        xchgl %ebp,%r9d
        cmpq $(IA32_NR_syscalls-1),%rax
        ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */
        xchgl %ebp,%r9d
        cmpq $(IA32_NR_syscalls-1),%rax
        ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */


@@ -15190,7 +15694,7 @@ index 4299eb0..fefe70e 100644
        movq $-EFAULT,%rax
        jmp ia32_sysret
        CFI_ENDPROC
        movq $-EFAULT,%rax
        jmp ia32_sysret
        CFI_ENDPROC

-@@ -407,19 +494,26 @@ ENTRY(ia32_syscall)
+@@ -423,19 +509,26 @@ ENTRY(ia32_syscall)

        CFI_REL_OFFSET  rip,RIP-RIP
        PARAVIRT_ADJUST_EXCEPTION_FRAME
        SWAPGS
        CFI_REL_OFFSET  rip,RIP-RIP
        PARAVIRT_ADJUST_EXCEPTION_FRAME
        SWAPGS


@@ -15224,7 +15728,7 @@ index 4299eb0..fefe70e 100644
        jnz ia32_tracesys
        cmpq $(IA32_NR_syscalls-1),%rax
        ja ia32_badsys
        jnz ia32_tracesys
        cmpq $(IA32_NR_syscalls-1),%rax
        ja ia32_badsys

-@@ -442,6 +536,9 @@ ia32_tracesys:
+@@ -458,6 +551,9 @@ ia32_tracesys:

        RESTORE_REST
        cmpq $(IA32_NR_syscalls-1),%rax
        ja  int_ret_from_sys_call       /* ia32_tracesys has set RAX(%rsp) */
        RESTORE_REST
        cmpq $(IA32_NR_syscalls-1),%rax
        ja  int_ret_from_sys_call       /* ia32_tracesys has set RAX(%rsp) */


@@ -16979,7 +17483,7 @@ index ced283a..ffe04cc 100644
        union {
                u64 v64;
 diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
        union {
                u64 v64;
 diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h

-index 1a055c8..1a5082a 100644
+index ca3347a..1a5082a 100644

 --- a/arch/x86/include/asm/elf.h
 +++ b/arch/x86/include/asm/elf.h
 @@ -75,9 +75,6 @@ typedef struct user_fxsr_struct elf_fpxregset_t;
 --- a/arch/x86/include/asm/elf.h
 +++ b/arch/x86/include/asm/elf.h
 @@ -75,9 +75,6 @@ typedef struct user_fxsr_struct elf_fpxregset_t;


@@ -16992,19 +17496,7 @@ index 1a055c8..1a5082a 100644
  #if defined(CONFIG_X86_32) || defined(CONFIG_COMPAT)
  extern unsigned int vdso32_enabled;
  #endif
  #if defined(CONFIG_X86_32) || defined(CONFIG_COMPAT)
  extern unsigned int vdso32_enabled;
  #endif

-@@ -160,8 +157,9 @@ do {                                               \
- #define elf_check_arch(x)                     \
-       ((x)->e_machine == EM_X86_64)
- 
--#define compat_elf_check_arch(x)              \
--      (elf_check_arch_ia32(x) || (x)->e_machine == EM_X86_64)
-+#define compat_elf_check_arch(x)                                      \
-+      (elf_check_arch_ia32(x) ||                                      \
-+       (IS_ENABLED(CONFIG_X86_X32_ABI) && (x)->e_machine == EM_X86_64))
- 
- #if __USER32_DS != __USER_DS
- # error "The following code assumes __USER32_DS == __USER_DS"
-@@ -248,7 +246,25 @@ extern int force_personality32;
+@@ -249,7 +246,25 @@ extern int force_personality32;

     the loader.  We need to make sure that it is out of the way of the program
     that it will "exec", and that there is sufficient room for the brk.  */
  
     the loader.  We need to make sure that it is out of the way of the program
     that it will "exec", and that there is sufficient room for the brk.  */
  


@@ -17030,7 +17522,7 @@ index 1a055c8..1a5082a 100644
  
  /* This yields a mask that user programs can use to figure out what
     instruction set this CPU supports.  This could be done in user space,
  
  /* This yields a mask that user programs can use to figure out what
     instruction set this CPU supports.  This could be done in user space,

-@@ -297,17 +313,13 @@ do {                                                                     \
+@@ -298,17 +313,13 @@ do {                                                                     \

  
  #define ARCH_DLINFO                                                   \
  do {                                                                  \
  
  #define ARCH_DLINFO                                                   \
  do {                                                                  \


@@ -17050,7 +17542,7 @@ index 1a055c8..1a5082a 100644
  } while (0)
  
  #define AT_SYSINFO            32
  } while (0)
  
  #define AT_SYSINFO            32

-@@ -322,10 +334,10 @@ else                                                                     \
+@@ -323,10 +334,10 @@ else                                                                     \

  
  #endif /* !CONFIG_X86_32 */
  
  
  #endif /* !CONFIG_X86_32 */
  


@@ -17063,7 +17555,7 @@ index 1a055c8..1a5082a 100644
         selected_vdso32->sym___kernel_vsyscall)
  
  struct linux_binprm;
         selected_vdso32->sym___kernel_vsyscall)
  
  struct linux_binprm;

-@@ -337,9 +349,6 @@ extern int compat_arch_setup_additional_pages(struct linux_binprm *bprm,
+@@ -338,9 +349,6 @@ extern int compat_arch_setup_additional_pages(struct linux_binprm *bprm,

                                              int uses_interp);
  #define compat_arch_setup_additional_pages compat_arch_setup_additional_pages
  
                                              int uses_interp);
  #define compat_arch_setup_additional_pages compat_arch_setup_additional_pages
  


@@ -17337,40 +17829,6 @@ index 53cdfb2..d1369e6 100644
  
  #define flush_insn_slot(p)    do { } while (0)
  
  
  #define flush_insn_slot(p)    do { } while (0)
  

-diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
-index 7c492ed..d16311f 100644
---- a/arch/x86/include/asm/kvm_host.h
-+++ b/arch/x86/include/asm/kvm_host.h
-@@ -990,6 +990,20 @@ static inline void kvm_inject_gp(struct kvm_vcpu *vcpu, u32 error_code)
-       kvm_queue_exception_e(vcpu, GP_VECTOR, error_code);
- }
- 
-+static inline u64 get_canonical(u64 la)
-+{
-+      return ((int64_t)la << 16) >> 16;
-+}
-+
-+static inline bool is_noncanonical_address(u64 la)
-+{
-+#ifdef CONFIG_X86_64
-+      return get_canonical(la) != la;
-+#else
-+      return false;
-+#endif
-+}
-+
- #define TSS_IOPB_BASE_OFFSET 0x66
- #define TSS_BASE_SIZE 0x68
- #define TSS_IOPB_SIZE (65536 / 8)
-@@ -1048,7 +1062,7 @@ int kvm_cpu_get_interrupt(struct kvm_vcpu *v);
- void kvm_vcpu_reset(struct kvm_vcpu *vcpu);
- 
- void kvm_define_shared_msr(unsigned index, u32 msr);
--void kvm_set_shared_msr(unsigned index, u64 val, u64 mask);
-+int kvm_set_shared_msr(unsigned index, u64 val, u64 mask);
- 
- bool kvm_is_linear_rip(struct kvm_vcpu *vcpu, unsigned long linear_rip);
- 

 diff --git a/arch/x86/include/asm/local.h b/arch/x86/include/asm/local.h
 index 4ad6560..75c7bdd 100644
 --- a/arch/x86/include/asm/local.h
 diff --git a/arch/x86/include/asm/local.h b/arch/x86/include/asm/local.h
 index 4ad6560..75c7bdd 100644
 --- a/arch/x86/include/asm/local.h


@@ -20854,26 +21312,6 @@ index 7b0a55a..ad115bf 100644
  #endif /* __ASSEMBLY__ */
  
  /* top of stack page */
  #endif /* __ASSEMBLY__ */
  
  /* top of stack page */

-diff --git a/arch/x86/include/uapi/asm/vmx.h b/arch/x86/include/uapi/asm/vmx.h
-index 0e79420..990a2fe 100644
---- a/arch/x86/include/uapi/asm/vmx.h
-+++ b/arch/x86/include/uapi/asm/vmx.h
-@@ -67,6 +67,7 @@
- #define EXIT_REASON_EPT_MISCONFIG       49
- #define EXIT_REASON_INVEPT              50
- #define EXIT_REASON_PREEMPTION_TIMER    52
-+#define EXIT_REASON_INVVPID             53
- #define EXIT_REASON_WBINVD              54
- #define EXIT_REASON_XSETBV              55
- #define EXIT_REASON_APIC_WRITE          56
-@@ -114,6 +115,7 @@
-       { EXIT_REASON_EOI_INDUCED,           "EOI_INDUCED" }, \
-       { EXIT_REASON_INVALID_STATE,         "INVALID_STATE" }, \
-       { EXIT_REASON_INVD,                  "INVD" }, \
-+      { EXIT_REASON_INVVPID,               "INVVPID" }, \
-       { EXIT_REASON_INVPCID,               "INVPCID" }
- 
- #endif /* _UAPIVMX_H */

 diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
 index ada2e2d..ca69e16 100644
 --- a/arch/x86/kernel/Makefile
 diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
 index ada2e2d..ca69e16 100644
 --- a/arch/x86/kernel/Makefile


@@ -20888,10 +21326,10 @@ index ada2e2d..ca69e16 100644
  obj-$(CONFIG_X86_64)  += mcount_64.o
  obj-y                 += syscall_$(BITS).o vsyscall_gtod.o
 diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
  obj-$(CONFIG_X86_64)  += mcount_64.o
  obj-y                 += syscall_$(BITS).o vsyscall_gtod.o
 diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c

-index b436fc7..1ba7044 100644
+index a142e77..6222cdd 100644

 --- a/arch/x86/kernel/acpi/boot.c
 +++ b/arch/x86/kernel/acpi/boot.c
 --- a/arch/x86/kernel/acpi/boot.c
 +++ b/arch/x86/kernel/acpi/boot.c

-@@ -1272,7 +1272,7 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d)
+@@ -1276,7 +1276,7 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d)

   * If your system is blacklisted here, but you find that acpi=force
   * works for you, please contact linux-acpi@vger.kernel.org
   */
   * If your system is blacklisted here, but you find that acpi=force
   * works for you, please contact linux-acpi@vger.kernel.org
   */


@@ -20900,7 +21338,7 @@ index b436fc7..1ba7044 100644
        /*
         * Boxes that need ACPI disabled
         */
        /*
         * Boxes that need ACPI disabled
         */

-@@ -1347,7 +1347,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = {
+@@ -1351,7 +1351,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = {

  };
  
  /* second table for DMI checks that should run after early-quirks */
  };
  
  /* second table for DMI checks that should run after early-quirks */


@@ -21114,7 +21552,7 @@ index 703130f..27a155d 100644
        bp_int3_handler = handler;
        bp_int3_addr = (u8 *)addr + sizeof(int3);
 diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
        bp_int3_handler = handler;
        bp_int3_addr = (u8 *)addr + sizeof(int3);
 diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c

-index 6776027..972266c 100644
+index 24b5894..6d9701b 100644

 --- a/arch/x86/kernel/apic/apic.c
 +++ b/arch/x86/kernel/apic/apic.c
 @@ -201,7 +201,7 @@ int first_system_vector = 0xfe;
 --- a/arch/x86/kernel/apic/apic.c
 +++ b/arch/x86/kernel/apic/apic.c
 @@ -201,7 +201,7 @@ int first_system_vector = 0xfe;


@@ -21440,7 +21878,7 @@ index 60e5497..8efbd2f 100644
                if (c->x86_model == 3 && c->x86_mask == 0)
                        size = 64;
 diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
                if (c->x86_model == 3 && c->x86_mask == 0)
                        size = 64;
 diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c

-index e4ab2b4..d487ba5 100644
+index 3126558..a1028f6 100644

 --- a/arch/x86/kernel/cpu/common.c
 +++ b/arch/x86/kernel/cpu/common.c
 @@ -90,60 +90,6 @@ static const struct cpu_dev default_cpu = {
 --- a/arch/x86/kernel/cpu/common.c
 +++ b/arch/x86/kernel/cpu/common.c
 @@ -90,60 +90,6 @@ static const struct cpu_dev default_cpu = {


@@ -27003,7 +27441,7 @@ index ca5b02d..c0b2f6a 100644
                ip = *(u64 *)(fp+8);
                if (!in_sched_functions(ip))
 diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
                ip = *(u64 *)(fp+8);
                if (!in_sched_functions(ip))
 diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c

-index 678c0ad..2fc2a7b 100644
+index b1a5dfa..ed94526 100644

 --- a/arch/x86/kernel/ptrace.c
 +++ b/arch/x86/kernel/ptrace.c
 @@ -186,10 +186,10 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs)
 --- a/arch/x86/kernel/ptrace.c
 +++ b/arch/x86/kernel/ptrace.c
 @@ -186,10 +186,10 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs)


@@ -27111,9 +27549,9 @@ index 678c0ad..2fc2a7b 100644
  }
  
  void user_single_step_siginfo(struct task_struct *tsk,
  }
  
  void user_single_step_siginfo(struct task_struct *tsk,

-@@ -1450,6 +1464,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs,
- # define IS_IA32      0
- #endif
+@@ -1441,6 +1455,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs,
+       force_sig_info(SIGTRAP, &info, tsk);
+ }

  
 +#ifdef CONFIG_GRKERNSEC_SETXID
 +extern void gr_delayed_cred_worker(void);
  
 +#ifdef CONFIG_GRKERNSEC_SETXID
 +extern void gr_delayed_cred_worker(void);


@@ -27122,7 +27560,7 @@ index 678c0ad..2fc2a7b 100644
  /*
   * We must return the syscall number to actually look up in the table.
   * This can be -1L to skip running any syscall at all.
  /*
   * We must return the syscall number to actually look up in the table.
   * This can be -1L to skip running any syscall at all.

-@@ -1460,6 +1478,11 @@ long syscall_trace_enter(struct pt_regs *regs)
+@@ -1451,6 +1469,11 @@ long syscall_trace_enter(struct pt_regs *regs)

  
        user_exit();
  
  
        user_exit();
  


@@ -27134,7 +27572,7 @@ index 678c0ad..2fc2a7b 100644
        /*
         * If we stepped into a sysenter/syscall insn, it trapped in
         * kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP.
        /*
         * If we stepped into a sysenter/syscall insn, it trapped in
         * kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP.

-@@ -1515,6 +1538,11 @@ void syscall_trace_leave(struct pt_regs *regs)
+@@ -1506,6 +1529,11 @@ void syscall_trace_leave(struct pt_regs *regs)

         */
        user_exit();
  
         */
        user_exit();
  


@@ -27501,7 +27939,7 @@ index 5cdff03..80fa283 100644
                 * Up to this point, the boot CPU has been using .init.data
                 * area.  Reload any changed state for the boot CPU.
 diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
                 * Up to this point, the boot CPU has been using .init.data
                 * area.  Reload any changed state for the boot CPU.
 diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c

-index 2851d63..83bf567 100644
+index ed37a76..39f936e 100644

 --- a/arch/x86/kernel/signal.c
 +++ b/arch/x86/kernel/signal.c
 @@ -190,7 +190,7 @@ static unsigned long align_sigframe(unsigned long sp)
 --- a/arch/x86/kernel/signal.c
 +++ b/arch/x86/kernel/signal.c
 @@ -190,7 +190,7 @@ static unsigned long align_sigframe(unsigned long sp)


@@ -28289,7 +28727,7 @@ index 0d0e922..0886373 100644
                if (!fixup_exception(regs)) {
                        task->thread.error_code = error_code;
 diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
                if (!fixup_exception(regs)) {
                        task->thread.error_code = error_code;
 diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c

-index b6025f9..0cc6a1d 100644
+index b7e50bb..f4a93ae 100644

 --- a/arch/x86/kernel/tsc.c
 +++ b/arch/x86/kernel/tsc.c
 @@ -150,7 +150,7 @@ static void cyc2ns_write_end(int cpu, struct cyc2ns_data *data)
 --- a/arch/x86/kernel/tsc.c
 +++ b/arch/x86/kernel/tsc.c
 @@ -150,7 +150,7 @@ static void cyc2ns_write_end(int cpu, struct cyc2ns_data *data)


@@ -28763,7 +29201,7 @@ index e48b674..a451dd9 100644
        .read                   = native_io_apic_read,
        .write                  = native_io_apic_write,
 diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c
        .read                   = native_io_apic_read,
        .write                  = native_io_apic_write,
 diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c

-index 940b142..0ad3a10 100644
+index 4c540c4..0b985b0 100644

 --- a/arch/x86/kernel/xsave.c
 +++ b/arch/x86/kernel/xsave.c
 @@ -167,18 +167,18 @@ static inline int save_xstate_epilog(void __user *buf, int ia32_frame)
 --- a/arch/x86/kernel/xsave.c
 +++ b/arch/x86/kernel/xsave.c
 @@ -167,18 +167,18 @@ static inline int save_xstate_epilog(void __user *buf, int ia32_frame)


@@ -28805,7 +29243,7 @@ index 940b142..0ad3a10 100644
        if (use_xsave())
                err = xsave_user(buf);
        else if (use_fxsr())
        if (use_xsave())
                err = xsave_user(buf);
        else if (use_fxsr())

-@@ -314,6 +315,7 @@ sanitize_restored_xstate(struct task_struct *tsk,
+@@ -312,6 +313,7 @@ sanitize_restored_xstate(struct task_struct *tsk,

   */
  static inline int restore_user_xstate(void __user *buf, u64 xbv, int fx_only)
  {
   */
  static inline int restore_user_xstate(void __user *buf, u64 xbv, int fx_only)
  {


@@ -28864,543 +29302,6 @@ index 38a0afe..94421a9 100644
        return 0;
  
  out:
        return 0;
  
  out:

-diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index 03954f7..48daa1a 100644
---- a/arch/x86/kvm/emulate.c
-+++ b/arch/x86/kvm/emulate.c
-@@ -504,11 +504,6 @@ static void rsp_increment(struct x86_emulate_ctxt *ctxt, int inc)
-       masked_increment(reg_rmw(ctxt, VCPU_REGS_RSP), stack_mask(ctxt), inc);
- }
- 
--static inline void jmp_rel(struct x86_emulate_ctxt *ctxt, int rel)
--{
--      register_address_increment(ctxt, &ctxt->_eip, rel);
--}
--
- static u32 desc_limit_scaled(struct desc_struct *desc)
- {
-       u32 limit = get_desc_limit(desc);
-@@ -568,6 +563,38 @@ static int emulate_nm(struct x86_emulate_ctxt *ctxt)
-       return emulate_exception(ctxt, NM_VECTOR, 0, false);
- }
- 
-+static inline int assign_eip_far(struct x86_emulate_ctxt *ctxt, ulong dst,
-+                             int cs_l)
-+{
-+      switch (ctxt->op_bytes) {
-+      case 2:
-+              ctxt->_eip = (u16)dst;
-+              break;
-+      case 4:
-+              ctxt->_eip = (u32)dst;
-+              break;
-+      case 8:
-+              if ((cs_l && is_noncanonical_address(dst)) ||
-+                  (!cs_l && (dst & ~(u32)-1)))
-+                      return emulate_gp(ctxt, 0);
-+              ctxt->_eip = dst;
-+              break;
-+      default:
-+              WARN(1, "unsupported eip assignment size\n");
-+      }
-+      return X86EMUL_CONTINUE;
-+}
-+
-+static inline int assign_eip_near(struct x86_emulate_ctxt *ctxt, ulong dst)
-+{
-+      return assign_eip_far(ctxt, dst, ctxt->mode == X86EMUL_MODE_PROT64);
-+}
-+
-+static inline int jmp_rel(struct x86_emulate_ctxt *ctxt, int rel)
-+{
-+      return assign_eip_near(ctxt, ctxt->_eip + rel);
-+}
-+
- static u16 get_segment_selector(struct x86_emulate_ctxt *ctxt, unsigned seg)
- {
-       u16 selector;
-@@ -750,8 +777,10 @@ static int __do_insn_fetch_bytes(struct x86_emulate_ctxt *ctxt, int op_size)
- static __always_inline int do_insn_fetch_bytes(struct x86_emulate_ctxt *ctxt,
-                                              unsigned size)
- {
--      if (unlikely(ctxt->fetch.end - ctxt->fetch.ptr < size))
--              return __do_insn_fetch_bytes(ctxt, size);
-+      unsigned done_size = ctxt->fetch.end - ctxt->fetch.ptr;
-+
-+      if (unlikely(done_size < size))
-+              return __do_insn_fetch_bytes(ctxt, size - done_size);
-       else
-               return X86EMUL_CONTINUE;
- }
-@@ -1415,7 +1444,9 @@ static int write_segment_descriptor(struct x86_emulate_ctxt *ctxt,
- 
- /* Does not support long mode */
- static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
--                                   u16 selector, int seg, u8 cpl, bool in_task_switch)
-+                                   u16 selector, int seg, u8 cpl,
-+                                   bool in_task_switch,
-+                                   struct desc_struct *desc)
- {
-       struct desc_struct seg_desc, old_desc;
-       u8 dpl, rpl;
-@@ -1547,6 +1578,8 @@ static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
-       }
- load:
-       ctxt->ops->set_segment(ctxt, selector, &seg_desc, base3, seg);
-+      if (desc)
-+              *desc = seg_desc;
-       return X86EMUL_CONTINUE;
- exception:
-       emulate_exception(ctxt, err_vec, err_code, true);
-@@ -1557,7 +1590,7 @@ static int load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
-                                  u16 selector, int seg)
- {
-       u8 cpl = ctxt->ops->cpl(ctxt);
--      return __load_segment_descriptor(ctxt, selector, seg, cpl, false);
-+      return __load_segment_descriptor(ctxt, selector, seg, cpl, false, NULL);
- }
- 
- static void write_register_operand(struct operand *op)
-@@ -1951,17 +1984,31 @@ static int em_iret(struct x86_emulate_ctxt *ctxt)
- static int em_jmp_far(struct x86_emulate_ctxt *ctxt)
- {
-       int rc;
--      unsigned short sel;
-+      unsigned short sel, old_sel;
-+      struct desc_struct old_desc, new_desc;
-+      const struct x86_emulate_ops *ops = ctxt->ops;
-+      u8 cpl = ctxt->ops->cpl(ctxt);
-+
-+      /* Assignment of RIP may only fail in 64-bit mode */
-+      if (ctxt->mode == X86EMUL_MODE_PROT64)
-+              ops->get_segment(ctxt, &old_sel, &old_desc, NULL,
-+                               VCPU_SREG_CS);
- 
-       memcpy(&sel, ctxt->src.valptr + ctxt->op_bytes, 2);
- 
--      rc = load_segment_descriptor(ctxt, sel, VCPU_SREG_CS);
-+      rc = __load_segment_descriptor(ctxt, sel, VCPU_SREG_CS, cpl, false,
-+                                     &new_desc);
-       if (rc != X86EMUL_CONTINUE)
-               return rc;
- 
--      ctxt->_eip = 0;
--      memcpy(&ctxt->_eip, ctxt->src.valptr, ctxt->op_bytes);
--      return X86EMUL_CONTINUE;
-+      rc = assign_eip_far(ctxt, ctxt->src.val, new_desc.l);
-+      if (rc != X86EMUL_CONTINUE) {
-+              WARN_ON(!ctxt->mode != X86EMUL_MODE_PROT64);
-+              /* assigning eip failed; restore the old cs */
-+              ops->set_segment(ctxt, old_sel, &old_desc, 0, VCPU_SREG_CS);
-+              return rc;
-+      }
-+      return rc;
- }
- 
- static int em_grp45(struct x86_emulate_ctxt *ctxt)
-@@ -1972,13 +2019,15 @@ static int em_grp45(struct x86_emulate_ctxt *ctxt)
-       case 2: /* call near abs */ {
-               long int old_eip;
-               old_eip = ctxt->_eip;
--              ctxt->_eip = ctxt->src.val;
-+              rc = assign_eip_near(ctxt, ctxt->src.val);
-+              if (rc != X86EMUL_CONTINUE)
-+                      break;
-               ctxt->src.val = old_eip;
-               rc = em_push(ctxt);
-               break;
-       }
-       case 4: /* jmp abs */
--              ctxt->_eip = ctxt->src.val;
-+              rc = assign_eip_near(ctxt, ctxt->src.val);
-               break;
-       case 5: /* jmp far */
-               rc = em_jmp_far(ctxt);
-@@ -2013,30 +2062,47 @@ static int em_cmpxchg8b(struct x86_emulate_ctxt *ctxt)
- 
- static int em_ret(struct x86_emulate_ctxt *ctxt)
- {
--      ctxt->dst.type = OP_REG;
--      ctxt->dst.addr.reg = &ctxt->_eip;
--      ctxt->dst.bytes = ctxt->op_bytes;
--      return em_pop(ctxt);
-+      int rc;
-+      unsigned long eip;
-+
-+      rc = emulate_pop(ctxt, &eip, ctxt->op_bytes);
-+      if (rc != X86EMUL_CONTINUE)
-+              return rc;
-+
-+      return assign_eip_near(ctxt, eip);
- }
- 
- static int em_ret_far(struct x86_emulate_ctxt *ctxt)
- {
-       int rc;
--      unsigned long cs;
-+      unsigned long eip, cs;
-+      u16 old_cs;
-       int cpl = ctxt->ops->cpl(ctxt);
-+      struct desc_struct old_desc, new_desc;
-+      const struct x86_emulate_ops *ops = ctxt->ops;
- 
--      rc = emulate_pop(ctxt, &ctxt->_eip, ctxt->op_bytes);
-+      if (ctxt->mode == X86EMUL_MODE_PROT64)
-+              ops->get_segment(ctxt, &old_cs, &old_desc, NULL,
-+                               VCPU_SREG_CS);
-+
-+      rc = emulate_pop(ctxt, &eip, ctxt->op_bytes);
-       if (rc != X86EMUL_CONTINUE)
-               return rc;
--      if (ctxt->op_bytes == 4)
--              ctxt->_eip = (u32)ctxt->_eip;
-       rc = emulate_pop(ctxt, &cs, ctxt->op_bytes);
-       if (rc != X86EMUL_CONTINUE)
-               return rc;
-       /* Outer-privilege level return is not implemented */
-       if (ctxt->mode >= X86EMUL_MODE_PROT16 && (cs & 3) > cpl)
-               return X86EMUL_UNHANDLEABLE;
--      rc = load_segment_descriptor(ctxt, (u16)cs, VCPU_SREG_CS);
-+      rc = __load_segment_descriptor(ctxt, (u16)cs, VCPU_SREG_CS, 0, false,
-+                                     &new_desc);
-+      if (rc != X86EMUL_CONTINUE)
-+              return rc;
-+      rc = assign_eip_far(ctxt, eip, new_desc.l);
-+      if (rc != X86EMUL_CONTINUE) {
-+              WARN_ON(!ctxt->mode != X86EMUL_MODE_PROT64);
-+              ops->set_segment(ctxt, old_cs, &old_desc, 0, VCPU_SREG_CS);
-+      }
-       return rc;
- }
- 
-@@ -2297,7 +2363,7 @@ static int em_sysexit(struct x86_emulate_ctxt *ctxt)
- {
-       const struct x86_emulate_ops *ops = ctxt->ops;
-       struct desc_struct cs, ss;
--      u64 msr_data;
-+      u64 msr_data, rcx, rdx;
-       int usermode;
-       u16 cs_sel = 0, ss_sel = 0;
- 
-@@ -2313,6 +2379,9 @@ static int em_sysexit(struct x86_emulate_ctxt *ctxt)
-       else
-               usermode = X86EMUL_MODE_PROT32;
- 
-+      rcx = reg_read(ctxt, VCPU_REGS_RCX);
-+      rdx = reg_read(ctxt, VCPU_REGS_RDX);
-+
-       cs.dpl = 3;
-       ss.dpl = 3;
-       ops->get_msr(ctxt, MSR_IA32_SYSENTER_CS, &msr_data);
-@@ -2330,6 +2399,9 @@ static int em_sysexit(struct x86_emulate_ctxt *ctxt)
-               ss_sel = cs_sel + 8;
-               cs.d = 0;
-               cs.l = 1;
-+              if (is_noncanonical_address(rcx) ||
-+                  is_noncanonical_address(rdx))
-+                      return emulate_gp(ctxt, 0);
-               break;
-       }
-       cs_sel |= SELECTOR_RPL_MASK;
-@@ -2338,8 +2410,8 @@ static int em_sysexit(struct x86_emulate_ctxt *ctxt)
-       ops->set_segment(ctxt, cs_sel, &cs, 0, VCPU_SREG_CS);
-       ops->set_segment(ctxt, ss_sel, &ss, 0, VCPU_SREG_SS);
- 
--      ctxt->_eip = reg_read(ctxt, VCPU_REGS_RDX);
--      *reg_write(ctxt, VCPU_REGS_RSP) = reg_read(ctxt, VCPU_REGS_RCX);
-+      ctxt->_eip = rdx;
-+      *reg_write(ctxt, VCPU_REGS_RSP) = rcx;
- 
-       return X86EMUL_CONTINUE;
- }
-@@ -2457,19 +2529,24 @@ static int load_state_from_tss16(struct x86_emulate_ctxt *ctxt,
-        * Now load segment descriptors. If fault happens at this stage
-        * it is handled in a context of new task
-        */
--      ret = __load_segment_descriptor(ctxt, tss->ldt, VCPU_SREG_LDTR, cpl, true);
-+      ret = __load_segment_descriptor(ctxt, tss->ldt, VCPU_SREG_LDTR, cpl,
-+                                      true, NULL);
-       if (ret != X86EMUL_CONTINUE)
-               return ret;
--      ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl, true);
-+      ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl,
-+                                      true, NULL);
-       if (ret != X86EMUL_CONTINUE)
-               return ret;
--      ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl, true);
-+      ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl,
-+                                      true, NULL);
-       if (ret != X86EMUL_CONTINUE)
-               return ret;
--      ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl, true);
-+      ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl,
-+                                      true, NULL);
-       if (ret != X86EMUL_CONTINUE)
-               return ret;
--      ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl, true);
-+      ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl,
-+                                      true, NULL);
-       if (ret != X86EMUL_CONTINUE)
-               return ret;
- 
-@@ -2594,25 +2671,32 @@ static int load_state_from_tss32(struct x86_emulate_ctxt *ctxt,
-        * Now load segment descriptors. If fault happenes at this stage
-        * it is handled in a context of new task
-        */
--      ret = __load_segment_descriptor(ctxt, tss->ldt_selector, VCPU_SREG_LDTR, cpl, true);
-+      ret = __load_segment_descriptor(ctxt, tss->ldt_selector, VCPU_SREG_LDTR,
-+                                      cpl, true, NULL);
-       if (ret != X86EMUL_CONTINUE)
-               return ret;
--      ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl, true);
-+      ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl,
-+                                      true, NULL);
-       if (ret != X86EMUL_CONTINUE)
-               return ret;
--      ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl, true);
-+      ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl,
-+                                      true, NULL);
-       if (ret != X86EMUL_CONTINUE)
-               return ret;
--      ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl, true);
-+      ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl,
-+                                      true, NULL);
-       if (ret != X86EMUL_CONTINUE)
-               return ret;
--      ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl, true);
-+      ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl,
-+                                      true, NULL);
-       if (ret != X86EMUL_CONTINUE)
-               return ret;
--      ret = __load_segment_descriptor(ctxt, tss->fs, VCPU_SREG_FS, cpl, true);
-+      ret = __load_segment_descriptor(ctxt, tss->fs, VCPU_SREG_FS, cpl,
-+                                      true, NULL);
-       if (ret != X86EMUL_CONTINUE)
-               return ret;
--      ret = __load_segment_descriptor(ctxt, tss->gs, VCPU_SREG_GS, cpl, true);
-+      ret = __load_segment_descriptor(ctxt, tss->gs, VCPU_SREG_GS, cpl,
-+                                      true, NULL);
-       if (ret != X86EMUL_CONTINUE)
-               return ret;
- 
-@@ -2880,10 +2964,13 @@ static int em_aad(struct x86_emulate_ctxt *ctxt)
- 
- static int em_call(struct x86_emulate_ctxt *ctxt)
- {
-+      int rc;
-       long rel = ctxt->src.val;
- 
-       ctxt->src.val = (unsigned long)ctxt->_eip;
--      jmp_rel(ctxt, rel);
-+      rc = jmp_rel(ctxt, rel);
-+      if (rc != X86EMUL_CONTINUE)
-+              return rc;
-       return em_push(ctxt);
- }
- 
-@@ -2892,34 +2979,50 @@ static int em_call_far(struct x86_emulate_ctxt *ctxt)
-       u16 sel, old_cs;
-       ulong old_eip;
-       int rc;
-+      struct desc_struct old_desc, new_desc;
-+      const struct x86_emulate_ops *ops = ctxt->ops;
-+      int cpl = ctxt->ops->cpl(ctxt);
- 
--      old_cs = get_segment_selector(ctxt, VCPU_SREG_CS);
-       old_eip = ctxt->_eip;
-+      ops->get_segment(ctxt, &old_cs, &old_desc, NULL, VCPU_SREG_CS);
- 
-       memcpy(&sel, ctxt->src.valptr + ctxt->op_bytes, 2);
--      if (load_segment_descriptor(ctxt, sel, VCPU_SREG_CS))
-+      rc = __load_segment_descriptor(ctxt, sel, VCPU_SREG_CS, cpl, false,
-+                                     &new_desc);
-+      if (rc != X86EMUL_CONTINUE)
-               return X86EMUL_CONTINUE;
- 
--      ctxt->_eip = 0;
--      memcpy(&ctxt->_eip, ctxt->src.valptr, ctxt->op_bytes);
-+      rc = assign_eip_far(ctxt, ctxt->src.val, new_desc.l);
-+      if (rc != X86EMUL_CONTINUE)
-+              goto fail;
- 
-       ctxt->src.val = old_cs;
-       rc = em_push(ctxt);
-       if (rc != X86EMUL_CONTINUE)
--              return rc;
-+              goto fail;
- 
-       ctxt->src.val = old_eip;
--      return em_push(ctxt);
-+      rc = em_push(ctxt);
-+      /* If we failed, we tainted the memory, but the very least we should
-+         restore cs */
-+      if (rc != X86EMUL_CONTINUE)
-+              goto fail;
-+      return rc;
-+fail:
-+      ops->set_segment(ctxt, old_cs, &old_desc, 0, VCPU_SREG_CS);
-+      return rc;
-+
- }
- 
- static int em_ret_near_imm(struct x86_emulate_ctxt *ctxt)
- {
-       int rc;
-+      unsigned long eip;
- 
--      ctxt->dst.type = OP_REG;
--      ctxt->dst.addr.reg = &ctxt->_eip;
--      ctxt->dst.bytes = ctxt->op_bytes;
--      rc = emulate_pop(ctxt, &ctxt->dst.val, ctxt->op_bytes);
-+      rc = emulate_pop(ctxt, &eip, ctxt->op_bytes);
-+      if (rc != X86EMUL_CONTINUE)
-+              return rc;
-+      rc = assign_eip_near(ctxt, eip);
-       if (rc != X86EMUL_CONTINUE)
-               return rc;
-       rsp_increment(ctxt, ctxt->src.val);
-@@ -3250,20 +3353,24 @@ static int em_lmsw(struct x86_emulate_ctxt *ctxt)
- 
- static int em_loop(struct x86_emulate_ctxt *ctxt)
- {
-+      int rc = X86EMUL_CONTINUE;
-+
-       register_address_increment(ctxt, reg_rmw(ctxt, VCPU_REGS_RCX), -1);
-       if ((address_mask(ctxt, reg_read(ctxt, VCPU_REGS_RCX)) != 0) &&
-           (ctxt->b == 0xe2 || test_cc(ctxt->b ^ 0x5, ctxt->eflags)))
--              jmp_rel(ctxt, ctxt->src.val);
-+              rc = jmp_rel(ctxt, ctxt->src.val);
- 
--      return X86EMUL_CONTINUE;
-+      return rc;
- }
- 
- static int em_jcxz(struct x86_emulate_ctxt *ctxt)
- {
-+      int rc = X86EMUL_CONTINUE;
-+
-       if (address_mask(ctxt, reg_read(ctxt, VCPU_REGS_RCX)) == 0)
--              jmp_rel(ctxt, ctxt->src.val);
-+              rc = jmp_rel(ctxt, ctxt->src.val);
- 
--      return X86EMUL_CONTINUE;
-+      return rc;
- }
- 
- static int em_in(struct x86_emulate_ctxt *ctxt)
-@@ -3351,6 +3458,12 @@ static int em_bswap(struct x86_emulate_ctxt *ctxt)
-       return X86EMUL_CONTINUE;
- }
- 
-+static int em_clflush(struct x86_emulate_ctxt *ctxt)
-+{
-+      /* emulating clflush regardless of cpuid */
-+      return X86EMUL_CONTINUE;
-+}
-+
- static bool valid_cr(int nr)
- {
-       switch (nr) {
-@@ -3683,6 +3796,16 @@ static const struct opcode group11[] = {
-       X7(D(Undefined)),
- };
- 
-+static const struct gprefix pfx_0f_ae_7 = {
-+      I(SrcMem | ByteOp, em_clflush), N, N, N,
-+};
-+
-+static const struct group_dual group15 = { {
-+      N, N, N, N, N, N, N, GP(0, &pfx_0f_ae_7),
-+}, {
-+      N, N, N, N, N, N, N, N,
-+} };
-+
- static const struct gprefix pfx_0f_6f_0f_7f = {
-       I(Mmx, em_mov), I(Sse | Aligned, em_mov), N, I(Sse | Unaligned, em_mov),
- };
-@@ -3887,10 +4010,11 @@ static const struct opcode twobyte_table[256] = {
-       N, I(ImplicitOps | EmulateOnUD, em_syscall),
-       II(ImplicitOps | Priv, em_clts, clts), N,
-       DI(ImplicitOps | Priv, invd), DI(ImplicitOps | Priv, wbinvd), N, N,
--      N, D(ImplicitOps | ModRM), N, N,
-+      N, D(ImplicitOps | ModRM | SrcMem | NoAccess), N, N,
-       /* 0x10 - 0x1F */
-       N, N, N, N, N, N, N, N,
--      D(ImplicitOps | ModRM), N, N, N, N, N, N, D(ImplicitOps | ModRM),
-+      D(ImplicitOps | ModRM | SrcMem | NoAccess),
-+      N, N, N, N, N, N, D(ImplicitOps | ModRM | SrcMem | NoAccess),
-       /* 0x20 - 0x2F */
-       DIP(ModRM | DstMem | Priv | Op3264 | NoMod, cr_read, check_cr_read),
-       DIP(ModRM | DstMem | Priv | Op3264 | NoMod, dr_read, check_dr_read),
-@@ -3942,7 +4066,7 @@ static const struct opcode twobyte_table[256] = {
-       F(DstMem | SrcReg | ModRM | BitOp | Lock | PageTable, em_bts),
-       F(DstMem | SrcReg | Src2ImmByte | ModRM, em_shrd),
-       F(DstMem | SrcReg | Src2CL | ModRM, em_shrd),
--      D(ModRM), F(DstReg | SrcMem | ModRM, em_imul),
-+      GD(0, &group15), F(DstReg | SrcMem | ModRM, em_imul),
-       /* 0xB0 - 0xB7 */
-       I2bv(DstMem | SrcReg | ModRM | Lock | PageTable, em_cmpxchg),
-       I(DstReg | SrcMemFAddr | ModRM | Src2SS, em_lseg),
-@@ -4458,10 +4582,10 @@ done_prefixes:
-       /* Decode and fetch the destination operand: register or memory. */
-       rc = decode_operand(ctxt, &ctxt->dst, (ctxt->d >> DstShift) & OpMask);
- 
--done:
-       if (ctxt->rip_relative)
-               ctxt->memopp->addr.mem.ea += ctxt->_eip;
- 
-+done:
-       return (rc != X86EMUL_CONTINUE) ? EMULATION_FAILED : EMULATION_OK;
- }
- 
-@@ -4711,7 +4835,7 @@ special_insn:
-               break;
-       case 0x70 ... 0x7f: /* jcc (short) */
-               if (test_cc(ctxt->b, ctxt->eflags))
--                      jmp_rel(ctxt, ctxt->src.val);
-+                      rc = jmp_rel(ctxt, ctxt->src.val);
-               break;
-       case 0x8d: /* lea r16/r32, m */
-               ctxt->dst.val = ctxt->src.addr.mem.ea;
-@@ -4741,7 +4865,7 @@ special_insn:
-               break;
-       case 0xe9: /* jmp rel */
-       case 0xeb: /* jmp rel short */
--              jmp_rel(ctxt, ctxt->src.val);
-+              rc = jmp_rel(ctxt, ctxt->src.val);
-               ctxt->dst.type = OP_NONE; /* Disable writeback. */
-               break;
-       case 0xf4:              /* hlt */
-@@ -4864,13 +4988,11 @@ twobyte_insn:
-               break;
-       case 0x80 ... 0x8f: /* jnz rel, etc*/
-               if (test_cc(ctxt->b, ctxt->eflags))
--                      jmp_rel(ctxt, ctxt->src.val);
-+                      rc = jmp_rel(ctxt, ctxt->src.val);
-               break;
-       case 0x90 ... 0x9f:     /* setcc r/m8 */
-               ctxt->dst.val = test_cc(ctxt->b, ctxt->eflags);
-               break;
--      case 0xae:              /* clflush */
--              break;
-       case 0xb6 ... 0xb7:     /* movzx */
-               ctxt->dst.bytes = ctxt->op_bytes;
-               ctxt->dst.val = (ctxt->src.bytes == 1) ? (u8) ctxt->src.val
-diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
-index 518d864..298781d 100644
---- a/arch/x86/kvm/i8254.c
-+++ b/arch/x86/kvm/i8254.c
-@@ -262,8 +262,10 @@ void __kvm_migrate_pit_timer(struct kvm_vcpu *vcpu)
-               return;
- 
-       timer = &pit->pit_state.timer;
-+      mutex_lock(&pit->pit_state.lock);
-       if (hrtimer_cancel(timer))
-               hrtimer_start_expires(timer, HRTIMER_MODE_ABS);
-+      mutex_unlock(&pit->pit_state.lock);
- }
- 
- static void destroy_pit_timer(struct kvm_pit *pit)

 diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
 index 08e8a89..0e9183e 100644
 --- a/arch/x86/kvm/lapic.c
 diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
 index 08e8a89..0e9183e 100644
 --- a/arch/x86/kvm/lapic.c


@@ -29428,31 +29329,9 @@ index 4107765..d9eb358 100644
                        goto error;
                walker->ptep_user[walker->level - 1] = ptep_user;
 diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
                        goto error;
                walker->ptep_user[walker->level - 1] = ptep_user;
 diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c

-index ddf7427..fd84599 100644
+index 78dadc3..fd84599 100644

 --- a/arch/x86/kvm/svm.c
 +++ b/arch/x86/kvm/svm.c
 --- a/arch/x86/kvm/svm.c
 +++ b/arch/x86/kvm/svm.c

-@@ -3234,7 +3234,7 @@ static int wrmsr_interception(struct vcpu_svm *svm)
-       msr.host_initiated = false;
- 
-       svm->next_rip = kvm_rip_read(&svm->vcpu) + 2;
--      if (svm_set_msr(&svm->vcpu, &msr)) {
-+      if (kvm_set_msr(&svm->vcpu, &msr)) {
-               trace_kvm_msr_write_ex(ecx, data);
-               kvm_inject_gp(&svm->vcpu, 0);
-       } else {
-@@ -3534,9 +3534,9 @@ static int handle_exit(struct kvm_vcpu *vcpu)
- 
-       if (exit_code >= ARRAY_SIZE(svm_exit_handlers)
-           || !svm_exit_handlers[exit_code]) {
--              kvm_run->exit_reason = KVM_EXIT_UNKNOWN;
--              kvm_run->hw.hardware_exit_reason = exit_code;
--              return 0;
-+              WARN_ONCE(1, "vmx: unexpected exit reason 0x%x\n", exit_code);
-+              kvm_queue_exception(vcpu, UD_VECTOR);
-+              return 1;
-       }
- 
-       return svm_exit_handlers[exit_code](svm);

 @@ -3547,7 +3547,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
        int cpu = raw_smp_processor_id();
  
 @@ -3547,7 +3547,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
        int cpu = raw_smp_processor_id();
  


@@ -29477,18 +29356,10 @@ index ddf7427..fd84599 100644
  
        local_irq_disable();
 diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
  
        local_irq_disable();
 diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c

-index bfe11cf..deb3959 100644
+index 41a5426..c0b3c00 100644

 --- a/arch/x86/kvm/vmx.c
 +++ b/arch/x86/kvm/vmx.c
 --- a/arch/x86/kvm/vmx.c
 +++ b/arch/x86/kvm/vmx.c

-@@ -453,6 +453,7 @@ struct vcpu_vmx {
-               int           gs_ldt_reload_needed;
-               int           fs_reload_needed;
-               u64           msr_host_bndcfgs;
-+              unsigned long vmcs_host_cr4;    /* May not match real cr4 */
-       } host_state;
-       struct {
-               int vm86_active;
-@@ -1340,12 +1341,12 @@ static void vmcs_write64(unsigned long field, u64 value)
+@@ -1341,12 +1341,12 @@ static void vmcs_write64(unsigned long field, u64 value)

  #endif
  }
  
  #endif
  }
  


@@ -29503,7 +29374,7 @@ index bfe11cf..deb3959 100644
  {
        vmcs_writel(field, vmcs_readl(field) | mask);
  }
  {
        vmcs_writel(field, vmcs_readl(field) | mask);
  }

-@@ -1605,7 +1606,11 @@ static void reload_tss(void)
+@@ -1606,7 +1606,11 @@ static void reload_tss(void)

        struct desc_struct *descs;
  
        descs = (void *)gdt->address;
        struct desc_struct *descs;
  
        descs = (void *)gdt->address;


@@ -29515,7 +29386,7 @@ index bfe11cf..deb3959 100644
        load_TR_desc();
  }
  
        load_TR_desc();
  }
  

-@@ -1833,6 +1838,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
+@@ -1834,6 +1838,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)

                vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */
                vmcs_writel(HOST_GDTR_BASE, gdt->address);   /* 22.2.4 */
  
                vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */
                vmcs_writel(HOST_GDTR_BASE, gdt->address);   /* 22.2.4 */
  


@@ -29526,7 +29397,7 @@ index bfe11cf..deb3959 100644
                rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp);
                vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */
                vmx->loaded_vmcs->cpu = cpu;
                rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp);
                vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */
                vmx->loaded_vmcs->cpu = cpu;

-@@ -2122,7 +2131,7 @@ static void setup_msrs(struct vcpu_vmx *vmx)
+@@ -2123,7 +2131,7 @@ static void setup_msrs(struct vcpu_vmx *vmx)

   * reads and returns guest's timestamp counter "register"
   * guest_tsc = host_tsc + tsc_offset    -- 21.3
   */
   * reads and returns guest's timestamp counter "register"
   * guest_tsc = host_tsc + tsc_offset    -- 21.3
   */


@@ -29535,25 +29406,7 @@ index bfe11cf..deb3959 100644
  {
        u64 host_tsc, tsc_offset;
  
  {
        u64 host_tsc, tsc_offset;
  

-@@ -2631,12 +2640,15 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
-       default:
-               msr = find_msr_entry(vmx, msr_index);
-               if (msr) {
-+                      u64 old_msr_data = msr->data;
-                       msr->data = data;
-                       if (msr - vmx->guest_msrs < vmx->save_nmsrs) {
-                               preempt_disable();
--                              kvm_set_shared_msr(msr->index, msr->data,
--                                                 msr->mask);
-+                              ret = kvm_set_shared_msr(msr->index, msr->data,
-+                                                       msr->mask);
-                               preempt_enable();
-+                              if (ret)
-+                                      msr->data = old_msr_data;
-                       }
-                       break;
-               }
-@@ -3110,8 +3122,11 @@ static __init int hardware_setup(void)
+@@ -3114,8 +3122,11 @@ static __init int hardware_setup(void)

        if (!cpu_has_vmx_flexpriority())
                flexpriority_enabled = 0;
  
        if (!cpu_has_vmx_flexpriority())
                flexpriority_enabled = 0;
  


@@ -29567,7 +29420,7 @@ index bfe11cf..deb3959 100644
  
        if (enable_ept && !cpu_has_vmx_ept_2m_page())
                kvm_disable_largepages();
  
        if (enable_ept && !cpu_has_vmx_ept_2m_page())
                kvm_disable_largepages();

-@@ -3122,13 +3137,15 @@ static __init int hardware_setup(void)
+@@ -3126,13 +3137,15 @@ static __init int hardware_setup(void)

        if (!cpu_has_vmx_apicv())
                enable_apicv = 0;
  
        if (!cpu_has_vmx_apicv())
                enable_apicv = 0;
  


@@ -29587,26 +29440,18 @@ index bfe11cf..deb3959 100644
  
        if (nested)
                nested_vmx_setup_ctls_msrs();
  
        if (nested)
                nested_vmx_setup_ctls_msrs();

-@@ -4235,10 +4252,17 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
-       u32 low32, high32;
-       unsigned long tmpl;
-       struct desc_ptr dt;
-+      unsigned long cr4;
+@@ -4242,7 +4255,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
+       unsigned long cr4;

  
        vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS);  /* 22.2.3 */
  
        vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS);  /* 22.2.3 */

--      vmcs_writel(HOST_CR4, read_cr4());  /* 22.2.3, 22.2.5 */
++

 +#ifndef CONFIG_PAX_PER_CPU_PGD
        vmcs_writel(HOST_CR3, read_cr3());  /* 22.2.3  FIXME: shadow tables */
 +#endif
 +#ifndef CONFIG_PAX_PER_CPU_PGD
        vmcs_writel(HOST_CR3, read_cr3());  /* 22.2.3  FIXME: shadow tables */
 +#endif

-+
-+      /* Save the most likely value for this task's CR4 in the VMCS. */
-+      cr4 = read_cr4();
-+      vmcs_writel(HOST_CR4, cr4);                     /* 22.2.3, 22.2.5 */
-+      vmx->host_state.vmcs_host_cr4 = cr4;

  
  

-       vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS);  /* 22.2.4 */
- #ifdef CONFIG_X86_64
-@@ -4260,7 +4284,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
+       /* Save the most likely value for this task's CR4 in the VMCS. */
+       cr4 = read_cr4();
+@@ -4269,7 +4285,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)

        vmcs_writel(HOST_IDTR_BASE, dt.address);   /* 22.2.4 */
        vmx->host_idt_base = dt.address;
  
        vmcs_writel(HOST_IDTR_BASE, dt.address);   /* 22.2.4 */
        vmx->host_idt_base = dt.address;
  


@@ -29615,82 +29460,7 @@ index bfe11cf..deb3959 100644
  
        rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
        vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
  
        rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
        vmcs_write32(HOST_IA32_SYSENTER_CS, low32);

-@@ -5257,7 +5281,7 @@ static int handle_wrmsr(struct kvm_vcpu *vcpu)
-       msr.data = data;
-       msr.index = ecx;
-       msr.host_initiated = false;
--      if (vmx_set_msr(vcpu, &msr) != 0) {
-+      if (kvm_set_msr(vcpu, &msr) != 0) {
-               trace_kvm_msr_write_ex(ecx, data);
-               kvm_inject_gp(vcpu, 0);
-               return 1;
-@@ -6630,6 +6654,12 @@ static int handle_invept(struct kvm_vcpu *vcpu)
-       return 1;
- }
- 
-+static int handle_invvpid(struct kvm_vcpu *vcpu)
-+{
-+      kvm_queue_exception(vcpu, UD_VECTOR);
-+      return 1;
-+}
-+
- /*
-  * The exit handlers return 1 if the exit was handled fully and guest execution
-  * may resume.  Otherwise they set the kvm_run parameter to indicate what needs
-@@ -6675,6 +6705,7 @@ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = {
-       [EXIT_REASON_MWAIT_INSTRUCTION]       = handle_mwait,
-       [EXIT_REASON_MONITOR_INSTRUCTION]     = handle_monitor,
-       [EXIT_REASON_INVEPT]                  = handle_invept,
-+      [EXIT_REASON_INVVPID]                 = handle_invvpid,
- };
- 
- static const int kvm_vmx_max_exit_handlers =
-@@ -6908,7 +6939,7 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu)
-       case EXIT_REASON_VMPTRST: case EXIT_REASON_VMREAD:
-       case EXIT_REASON_VMRESUME: case EXIT_REASON_VMWRITE:
-       case EXIT_REASON_VMOFF: case EXIT_REASON_VMON:
--      case EXIT_REASON_INVEPT:
-+      case EXIT_REASON_INVEPT: case EXIT_REASON_INVVPID:
-               /*
-                * VMX instructions trap unconditionally. This allows L1 to
-                * emulate them for its L2 guest, i.e., allows 3-level nesting!
-@@ -7049,10 +7080,10 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu)
-           && kvm_vmx_exit_handlers[exit_reason])
-               return kvm_vmx_exit_handlers[exit_reason](vcpu);
-       else {
--              vcpu->run->exit_reason = KVM_EXIT_UNKNOWN;
--              vcpu->run->hw.hardware_exit_reason = exit_reason;
-+              WARN_ONCE(1, "vmx: unexpected exit reason 0x%x\n", exit_reason);
-+              kvm_queue_exception(vcpu, UD_VECTOR);
-+              return 1;
-       }
--      return 0;
- }
- 
- static void update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr)
-@@ -7376,7 +7407,7 @@ static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx)
- static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
- {
-       struct vcpu_vmx *vmx = to_vmx(vcpu);
--      unsigned long debugctlmsr;
-+      unsigned long debugctlmsr, cr4;
- 
-       /* Record the guest's net vcpu time for enforced NMI injections. */
-       if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked))
-@@ -7397,6 +7428,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
-       if (test_bit(VCPU_REGS_RIP, (unsigned long *)&vcpu->arch.regs_dirty))
-               vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]);
- 
-+      cr4 = read_cr4();
-+      if (unlikely(cr4 != vmx->host_state.vmcs_host_cr4)) {
-+              vmcs_writel(HOST_CR4, cr4);
-+              vmx->host_state.vmcs_host_cr4 = cr4;
-+      }
-+
-       /* When single-stepping over STI and MOV SS, we must clear the
-        * corresponding interruptibility bits in the guest state. Otherwise
-        * vmentry fails as it then expects bit 14 (BS) in pending debug
-@@ -7453,6 +7490,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -7475,6 +7491,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)

                "jmp 2f \n\t"
                "1: " __ex(ASM_VMX_VMRESUME) "\n\t"
                "2: "
                "jmp 2f \n\t"
                "1: " __ex(ASM_VMX_VMRESUME) "\n\t"
                "2: "


@@ -29703,7 +29473,7 @@ index bfe11cf..deb3959 100644
                /* Save guest registers, load host registers, keep flags */
                "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t"
                "pop %0 \n\t"
                /* Save guest registers, load host registers, keep flags */
                "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t"
                "pop %0 \n\t"

-@@ -7505,6 +7548,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -7527,6 +7549,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)

  #endif
                [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
                [wordsize]"i"(sizeof(ulong))
  #endif
                [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
                [wordsize]"i"(sizeof(ulong))


@@ -29715,7 +29485,7 @@ index bfe11cf..deb3959 100644
              : "cc", "memory"
  #ifdef CONFIG_X86_64
                , "rax", "rbx", "rdi", "rsi"
              : "cc", "memory"
  #ifdef CONFIG_X86_64
                , "rax", "rbx", "rdi", "rsi"

-@@ -7518,7 +7566,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -7540,7 +7567,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)

        if (debugctlmsr)
                update_debugctlmsr(debugctlmsr);
  
        if (debugctlmsr)
                update_debugctlmsr(debugctlmsr);
  


@@ -29724,7 +29494,7 @@ index bfe11cf..deb3959 100644
        /*
         * The sysexit path does not restore ds/es, so we must set them to
         * a reasonable value ourselves.
        /*
         * The sysexit path does not restore ds/es, so we must set them to
         * a reasonable value ourselves.

-@@ -7527,8 +7575,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -7549,8 +7576,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)

         * may be executed in interrupt context, which saves and restore segments
         * around it, nullifying its effect.
         */
         * may be executed in interrupt context, which saves and restore segments
         * around it, nullifying its effect.
         */


@@ -29746,82 +29516,10 @@ index bfe11cf..deb3959 100644
  
        vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
  
        vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c

-index 8f1e22d..c23d3c5 100644
+index d6aeccf..cea125a 100644

 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c

-@@ -229,20 +229,25 @@ static void kvm_shared_msr_cpu_online(void)
-               shared_msr_update(i, shared_msrs_global.msrs[i]);
- }
- 
--void kvm_set_shared_msr(unsigned slot, u64 value, u64 mask)
-+int kvm_set_shared_msr(unsigned slot, u64 value, u64 mask)
- {
-       unsigned int cpu = smp_processor_id();
-       struct kvm_shared_msrs *smsr = per_cpu_ptr(shared_msrs, cpu);
-+      int err;
- 
-       if (((value ^ smsr->values[slot].curr) & mask) == 0)
--              return;
-+              return 0;
-       smsr->values[slot].curr = value;
--      wrmsrl(shared_msrs_global.msrs[slot], value);
-+      err = wrmsrl_safe(shared_msrs_global.msrs[slot], value);
-+      if (err)
-+              return 1;
-+
-       if (!smsr->registered) {
-               smsr->urn.on_user_return = kvm_on_user_return;
-               user_return_notifier_register(&smsr->urn);
-               smsr->registered = true;
-       }
-+      return 0;
- }
- EXPORT_SYMBOL_GPL(kvm_set_shared_msr);
- 
-@@ -984,7 +989,6 @@ void kvm_enable_efer_bits(u64 mask)
- }
- EXPORT_SYMBOL_GPL(kvm_enable_efer_bits);
- 
--
- /*
-  * Writes msr value into into the appropriate "register".
-  * Returns 0 on success, non-0 otherwise.
-@@ -992,8 +996,34 @@ EXPORT_SYMBOL_GPL(kvm_enable_efer_bits);
-  */
- int kvm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
- {
-+      switch (msr->index) {
-+      case MSR_FS_BASE:
-+      case MSR_GS_BASE:
-+      case MSR_KERNEL_GS_BASE:
-+      case MSR_CSTAR:
-+      case MSR_LSTAR:
-+              if (is_noncanonical_address(msr->data))
-+                      return 1;
-+              break;
-+      case MSR_IA32_SYSENTER_EIP:
-+      case MSR_IA32_SYSENTER_ESP:
-+              /*
-+               * IA32_SYSENTER_ESP and IA32_SYSENTER_EIP cause #GP if
-+               * non-canonical address is written on Intel but not on
-+               * AMD (which ignores the top 32-bits, because it does
-+               * not implement 64-bit SYSENTER).
-+               *
-+               * 64-bit code should hence be able to write a non-canonical
-+               * value on AMD.  Making the address canonical ensures that
-+               * vmentry does not fail on Intel after writing a non-canonical
-+               * value, and that something deterministic happens if the guest
-+               * invokes 64-bit SYSENTER.
-+               */
-+              msr->data = get_canonical(msr->data);
-+      }
-       return kvm_x86_ops->set_msr(vcpu, msr);
- }
-+EXPORT_SYMBOL_GPL(kvm_set_msr);
- 
- /*
-  * Adapt set_msr() to msr_io()'s calling convention
-@@ -1827,8 +1857,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
+@@ -1857,8 +1857,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)

  {
        struct kvm *kvm = vcpu->kvm;
        int lm = is_long_mode(vcpu);
  {
        struct kvm *kvm = vcpu->kvm;
        int lm = is_long_mode(vcpu);


@@ -29832,7 +29530,7 @@ index 8f1e22d..c23d3c5 100644
        u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
                : kvm->arch.xen_hvm_config.blob_size_32;
        u32 page_num = data & ~PAGE_MASK;
        u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
                : kvm->arch.xen_hvm_config.blob_size_32;
        u32 page_num = data & ~PAGE_MASK;

-@@ -2749,6 +2779,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
+@@ -2779,6 +2779,8 @@ long kvm_arch_dev_ioctl(struct file *filp,

                if (n < msr_list.nmsrs)
                        goto out;
                r = -EFAULT;
                if (n < msr_list.nmsrs)
                        goto out;
                r = -EFAULT;


@@ -29841,7 +29539,7 @@ index 8f1e22d..c23d3c5 100644
                if (copy_to_user(user_msr_list->indices, &msrs_to_save,
                                 num_msrs_to_save * sizeof(u32)))
                        goto out;
                if (copy_to_user(user_msr_list->indices, &msrs_to_save,
                                 num_msrs_to_save * sizeof(u32)))
                        goto out;

-@@ -5609,7 +5641,7 @@ static struct notifier_block pvclock_gtod_notifier = {
+@@ -5639,7 +5641,7 @@ static struct notifier_block pvclock_gtod_notifier = {

  };
  #endif
  
  };
  #endif
  


@@ -34435,7 +34133,7 @@ index a32b706..efb308b 100644
        unsigned long uninitialized_var(pfn_align);
        int i, nid;
 diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
        unsigned long uninitialized_var(pfn_align);
        int i, nid;
 diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c

-index ae242a7..1c7998f 100644
+index 36de293..b820ddc 100644

 --- a/arch/x86/mm/pageattr.c
 +++ b/arch/x86/mm/pageattr.c
 @@ -262,7 +262,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
 --- a/arch/x86/mm/pageattr.c
 +++ b/arch/x86/mm/pageattr.c
 @@ -262,7 +262,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,


@@ -35133,7 +34831,7 @@ index 6440221..f84b5c7 100644
 +      pax_force_retaddr
        ret
 diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
 +      pax_force_retaddr
        ret
 diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c

-index 5c8cb80..728d0cd 100644
+index c881ba8..71aca2e 100644

 --- a/arch/x86/net/bpf_jit_comp.c
 +++ b/arch/x86/net/bpf_jit_comp.c
 @@ -15,7 +15,11 @@
 --- a/arch/x86/net/bpf_jit_comp.c
 +++ b/arch/x86/net/bpf_jit_comp.c
 @@ -15,7 +15,11 @@


@@ -35196,7 +34894,7 @@ index 5c8cb80..728d0cd 100644
        return header;
  }
  
        return header;
  }
  

-@@ -853,7 +853,9 @@ common_load:               ctx->seen_ld_abs = true;
+@@ -864,7 +864,9 @@ common_load:

                                pr_err("bpf_jit_compile fatal error\n");
                                return -EFAULT;
                        }
                                pr_err("bpf_jit_compile fatal error\n");
                                return -EFAULT;
                        }


@@ -35206,7 +34904,7 @@ index 5c8cb80..728d0cd 100644
                }
                proglen += ilen;
                addrs[i] = proglen;
                }
                proglen += ilen;
                addrs[i] = proglen;

-@@ -868,7 +870,7 @@ void bpf_jit_compile(struct bpf_prog *prog)
+@@ -879,7 +881,7 @@ void bpf_jit_compile(struct bpf_prog *prog)

  
  void bpf_int_jit_compile(struct bpf_prog *prog)
  {
  
  void bpf_int_jit_compile(struct bpf_prog *prog)
  {


@@ -35215,7 +34913,7 @@ index 5c8cb80..728d0cd 100644
        int proglen, oldproglen = 0;
        struct jit_context ctx = {};
        u8 *image = NULL;
        int proglen, oldproglen = 0;
        struct jit_context ctx = {};
        u8 *image = NULL;

-@@ -900,7 +902,7 @@ void bpf_int_jit_compile(struct bpf_prog *prog)
+@@ -911,7 +913,7 @@ void bpf_int_jit_compile(struct bpf_prog *prog)

                if (proglen <= 0) {
                        image = NULL;
                        if (header)
                if (proglen <= 0) {
                        image = NULL;
                        if (header)


@@ -35224,7 +34922,7 @@ index 5c8cb80..728d0cd 100644
                        goto out;
                }
                if (image) {
                        goto out;
                }
                if (image) {

-@@ -922,7 +924,6 @@ void bpf_int_jit_compile(struct bpf_prog *prog)
+@@ -935,7 +937,6 @@ void bpf_int_jit_compile(struct bpf_prog *prog)

  
        if (image) {
                bpf_flush_icache(header, image + proglen);
  
        if (image) {
                bpf_flush_icache(header, image + proglen);


@@ -35232,7 +34930,7 @@ index 5c8cb80..728d0cd 100644
                prog->bpf_func = (void *)image;
                prog->jited = 1;
        }
                prog->bpf_func = (void *)image;
                prog->jited = 1;
        }

-@@ -930,23 +931,16 @@ out:
+@@ -943,23 +944,15 @@ out:

        kfree(addrs);
  }
  
        kfree(addrs);
  }
  


@@ -35260,7 +34958,6 @@ index 5c8cb80..728d0cd 100644
 +      if (!fp->jited)
 +              goto free_filter;
 +
 +      if (!fp->jited)
 +              goto free_filter;
 +

-+      set_memory_rw(addr, 1);

 +      module_free_exec(NULL, (void *)addr);
 +
 +free_filter:
 +      module_free_exec(NULL, (void *)addr);
 +
 +free_filter:


@@ -37215,7 +36912,7 @@ index 56d08fd..2e07090 100644
                        (u8 *) pte, count) < count) {
                kfree(pte);
 diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
                        (u8 *) pte, count) < count) {
                kfree(pte);
 diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c

-index 9b8eaec..c20279a 100644
+index a6d6270..c4bb72f 100644

 --- a/block/scsi_ioctl.c
 +++ b/block/scsi_ioctl.c
 @@ -67,7 +67,7 @@ static int scsi_get_bus(struct request_queue *q, int __user *p)
 --- a/block/scsi_ioctl.c
 +++ b/block/scsi_ioctl.c
 @@ -67,7 +67,7 @@ static int scsi_get_bus(struct request_queue *q, int __user *p)


@@ -39224,7 +38921,7 @@ index 1a00001..c0d4253 100644
        set_fs(KERNEL_DS);
        if (level == SOL_SOCKET)
 diff --git a/drivers/block/drbd/drbd_interval.c b/drivers/block/drbd/drbd_interval.c
        set_fs(KERNEL_DS);
        if (level == SOL_SOCKET)
 diff --git a/drivers/block/drbd/drbd_interval.c b/drivers/block/drbd/drbd_interval.c

-index 89c497c..9c736ae 100644
+index 04a14e0..5b8f0aa 100644

 --- a/drivers/block/drbd/drbd_interval.c
 +++ b/drivers/block/drbd/drbd_interval.c
 @@ -67,9 +67,9 @@ static void augment_rotate(struct rb_node *rb_old, struct rb_node *rb_new)
 --- a/drivers/block/drbd/drbd_interval.c
 +++ b/drivers/block/drbd/drbd_interval.c
 @@ -67,9 +67,9 @@ static void augment_rotate(struct rb_node *rb_old, struct rb_node *rb_new)


@@ -40097,7 +39794,7 @@ index 0ea9986..e7b07e4 100644
  
        if (cmd != SIOCWANDEV)
 diff --git a/drivers/char/random.c b/drivers/char/random.c
  
        if (cmd != SIOCWANDEV)
 diff --git a/drivers/char/random.c b/drivers/char/random.c

-index c18d41d..7c499f3 100644
+index 8c86a95..7c499f3 100644

 --- a/drivers/char/random.c
 +++ b/drivers/char/random.c
 @@ -289,9 +289,6 @@
 --- a/drivers/char/random.c
 +++ b/drivers/char/random.c
 @@ -289,9 +289,6 @@


@@ -40132,33 +39829,6 @@ index c18d41d..7c499f3 100644
                        unsigned int add =
                                ((pool_size - entropy_count)*anfrac*3) >> s;
  
                        unsigned int add =
                                ((pool_size - entropy_count)*anfrac*3) >> s;
  

-@@ -1106,7 +1103,7 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
-       __mix_pool_bytes(r, hash.w, sizeof(hash.w));
-       spin_unlock_irqrestore(&r->lock, flags);
- 
--      memset(workspace, 0, sizeof(workspace));
-+      memzero_explicit(workspace, sizeof(workspace));
- 
-       /*
-        * In case the hash function has some recognizable output
-@@ -1118,7 +1115,7 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
-       hash.w[2] ^= rol32(hash.w[2], 16);
- 
-       memcpy(out, &hash, EXTRACT_SIZE);
--      memset(&hash, 0, sizeof(hash));
-+      memzero_explicit(&hash, sizeof(hash));
- }
- 
- /*
-@@ -1175,7 +1172,7 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
-       }
- 
-       /* Wipe data just returned from memory */
--      memset(tmp, 0, sizeof(tmp));
-+      memzero_explicit(tmp, sizeof(tmp));
- 
-       return ret;
- }

 @@ -1207,7 +1204,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
  
                extract_buf(r, tmp);
 @@ -1207,7 +1204,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
  
                extract_buf(r, tmp);


@@ -40168,15 +39838,6 @@ index c18d41d..7c499f3 100644
                        ret = -EFAULT;
                        break;
                }
                        ret = -EFAULT;
                        break;
                }

-@@ -1218,7 +1215,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
-       }
- 
-       /* Wipe data just returned from memory */
--      memset(tmp, 0, sizeof(tmp));
-+      memzero_explicit(tmp, sizeof(tmp));
- 
-       return ret;
- }

 @@ -1590,7 +1587,7 @@ static char sysctl_bootid[16];
  static int proc_do_uuid(struct ctl_table *table, int write,
                        void __user *buffer, size_t *lenp, loff_t *ppos)
 @@ -1590,7 +1587,7 @@ static char sysctl_bootid[16];
  static int proc_do_uuid(struct ctl_table *table, int write,
                        void __user *buffer, size_t *lenp, loff_t *ppos)


@@ -40433,10 +40094,10 @@ index b0c18ed..1713a80 100644
                cpu_notifier_register_begin();
  
 diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
                cpu_notifier_register_begin();
  
 diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c

-index 61190f6..fcd899a 100644
+index 07c8276..38bd07c 100644

 --- a/drivers/cpufreq/cpufreq.c
 +++ b/drivers/cpufreq/cpufreq.c
 --- a/drivers/cpufreq/cpufreq.c
 +++ b/drivers/cpufreq/cpufreq.c

-@@ -2095,7 +2095,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)
+@@ -2107,7 +2107,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)

        }
  
        mutex_lock(&cpufreq_governor_mutex);
        }
  
        mutex_lock(&cpufreq_governor_mutex);


@@ -40445,7 +40106,7 @@ index 61190f6..fcd899a 100644
        mutex_unlock(&cpufreq_governor_mutex);
        return;
  }
        mutex_unlock(&cpufreq_governor_mutex);
        return;
  }

-@@ -2311,7 +2311,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,
+@@ -2323,7 +2323,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,

        return NOTIFY_OK;
  }
  
        return NOTIFY_OK;
  }
  


@@ -40454,7 +40115,7 @@ index 61190f6..fcd899a 100644
        .notifier_call = cpufreq_cpu_callback,
  };
  
        .notifier_call = cpufreq_cpu_callback,
  };
  

-@@ -2351,13 +2351,17 @@ int cpufreq_boost_trigger_state(int state)
+@@ -2363,13 +2363,17 @@ int cpufreq_boost_trigger_state(int state)

                return 0;
  
        write_lock_irqsave(&cpufreq_driver_lock, flags);
                return 0;
  
        write_lock_irqsave(&cpufreq_driver_lock, flags);


@@ -40474,7 +40135,7 @@ index 61190f6..fcd899a 100644
                write_unlock_irqrestore(&cpufreq_driver_lock, flags);
  
                pr_err("%s: Cannot %s BOOST\n",
                write_unlock_irqrestore(&cpufreq_driver_lock, flags);
  
                pr_err("%s: Cannot %s BOOST\n",

-@@ -2414,8 +2418,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
+@@ -2426,8 +2430,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)

  
        pr_debug("trying to register driver %s\n", driver_data->name);
  
  
        pr_debug("trying to register driver %s\n", driver_data->name);
  


@@ -40488,7 +40149,7 @@ index 61190f6..fcd899a 100644
  
        write_lock_irqsave(&cpufreq_driver_lock, flags);
        if (cpufreq_driver) {
  
        write_lock_irqsave(&cpufreq_driver_lock, flags);
        if (cpufreq_driver) {

-@@ -2430,8 +2437,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
+@@ -2442,8 +2449,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)

                 * Check if driver provides function to enable boost -
                 * if not, use cpufreq_boost_set_sw as default
                 */
                 * Check if driver provides function to enable boost -
                 * if not, use cpufreq_boost_set_sw as default
                 */


@@ -40590,10 +40251,10 @@ index ad3f38f..8f086cd 100644
  }
  EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler);
 diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
  }
  EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler);
 diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c

-index 0668b38..2f3ea18 100644
+index 27bb6d3..4cf595c 100644

 --- a/drivers/cpufreq/intel_pstate.c
 +++ b/drivers/cpufreq/intel_pstate.c
 --- a/drivers/cpufreq/intel_pstate.c
 +++ b/drivers/cpufreq/intel_pstate.c

-@@ -120,10 +120,10 @@ struct pstate_funcs {
+@@ -133,10 +133,10 @@ struct pstate_funcs {

  struct cpu_defaults {
        struct pstate_adjust_policy pid_policy;
        struct pstate_funcs funcs;
  struct cpu_defaults {
        struct pstate_adjust_policy pid_policy;
        struct pstate_funcs funcs;


@@ -40606,7 +40267,7 @@ index 0668b38..2f3ea18 100644
  
  struct perf_limits {
        int no_turbo;
  
  struct perf_limits {
        int no_turbo;

-@@ -527,17 +527,17 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate)
+@@ -594,18 +594,18 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate)

  
        cpu->pstate.current_pstate = pstate;
  
  
        cpu->pstate.current_pstate = pstate;
  


@@ -40619,9 +40280,11 @@ index 0668b38..2f3ea18 100644
 -      cpu->pstate.min_pstate = pstate_funcs.get_min();
 -      cpu->pstate.max_pstate = pstate_funcs.get_max();
 -      cpu->pstate.turbo_pstate = pstate_funcs.get_turbo();
 -      cpu->pstate.min_pstate = pstate_funcs.get_min();
 -      cpu->pstate.max_pstate = pstate_funcs.get_max();
 -      cpu->pstate.turbo_pstate = pstate_funcs.get_turbo();

+-      cpu->pstate.scaling = pstate_funcs.get_scaling();

 +      cpu->pstate.min_pstate = pstate_funcs->get_min();
 +      cpu->pstate.max_pstate = pstate_funcs->get_max();
 +      cpu->pstate.turbo_pstate = pstate_funcs->get_turbo();
 +      cpu->pstate.min_pstate = pstate_funcs->get_min();
 +      cpu->pstate.max_pstate = pstate_funcs->get_max();
 +      cpu->pstate.turbo_pstate = pstate_funcs->get_turbo();

++      cpu->pstate.scaling = pstate_funcs->get_scaling();

  
 -      if (pstate_funcs.get_vid)
 -              pstate_funcs.get_vid(cpu);
  
 -      if (pstate_funcs.get_vid)
 -              pstate_funcs.get_vid(cpu);


@@ -40630,7 +40293,7 @@ index 0668b38..2f3ea18 100644
        intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate);
  }
  
        intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate);
  }
  

-@@ -810,9 +810,9 @@ static int intel_pstate_msrs_not_valid(void)
+@@ -875,9 +875,9 @@ static int intel_pstate_msrs_not_valid(void)

        rdmsrl(MSR_IA32_APERF, aperf);
        rdmsrl(MSR_IA32_MPERF, mperf);
  
        rdmsrl(MSR_IA32_APERF, aperf);
        rdmsrl(MSR_IA32_MPERF, mperf);
  


@@ -40643,7 +40306,7 @@ index 0668b38..2f3ea18 100644
                return -ENODEV;
  
        rdmsrl(MSR_IA32_APERF, tmp);
                return -ENODEV;
  
        rdmsrl(MSR_IA32_APERF, tmp);

-@@ -826,7 +826,7 @@ static int intel_pstate_msrs_not_valid(void)
+@@ -891,7 +891,7 @@ static int intel_pstate_msrs_not_valid(void)

        return 0;
  }
  
        return 0;
  }
  


@@ -40652,13 +40315,14 @@ index 0668b38..2f3ea18 100644
  {
        pid_params.sample_rate_ms = policy->sample_rate_ms;
        pid_params.p_gain_pct = policy->p_gain_pct;
  {
        pid_params.sample_rate_ms = policy->sample_rate_ms;
        pid_params.p_gain_pct = policy->p_gain_pct;

-@@ -838,11 +838,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy)
+@@ -903,12 +903,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy)

  
  static void copy_cpu_funcs(struct pstate_funcs *funcs)
  {
 -      pstate_funcs.get_max   = funcs->get_max;
 -      pstate_funcs.get_min   = funcs->get_min;
 -      pstate_funcs.get_turbo = funcs->get_turbo;
  
  static void copy_cpu_funcs(struct pstate_funcs *funcs)
  {
 -      pstate_funcs.get_max   = funcs->get_max;
 -      pstate_funcs.get_min   = funcs->get_min;
 -      pstate_funcs.get_turbo = funcs->get_turbo;

+-      pstate_funcs.get_scaling = funcs->get_scaling;

 -      pstate_funcs.set       = funcs->set;
 -      pstate_funcs.get_vid   = funcs->get_vid;
 +      pstate_funcs = funcs;
 -      pstate_funcs.set       = funcs->set;
 -      pstate_funcs.get_vid   = funcs->get_vid;
 +      pstate_funcs = funcs;


@@ -41720,7 +41384,7 @@ index 2e0613e..a8b94d9 100644
  
        return ret;
 diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
  
        return ret;
 diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c

-index d8324c6..fc9b704 100644
+index b71a026..8b6cc10 100644

 --- a/drivers/gpu/drm/i915/intel_display.c
 +++ b/drivers/gpu/drm/i915/intel_display.c
 @@ -12437,13 +12437,13 @@ struct intel_quirk {
 --- a/drivers/gpu/drm/i915/intel_display.c
 +++ b/drivers/gpu/drm/i915/intel_display.c
 @@ -12437,13 +12437,13 @@ struct intel_quirk {


@@ -42317,10 +41981,10 @@ index 4a85bb6..aaea819 100644
        if (regcomp
            (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
 diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
        if (regcomp
            (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
 diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c

-index 12c8329..a69e2e8 100644
+index 5d4416f..80b7fc4 100644

 --- a/drivers/gpu/drm/radeon/radeon_device.c
 +++ b/drivers/gpu/drm/radeon/radeon_device.c
 --- a/drivers/gpu/drm/radeon/radeon_device.c
 +++ b/drivers/gpu/drm/radeon/radeon_device.c

-@@ -1213,7 +1213,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
+@@ -1214,7 +1214,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)

         * locking inversion with the driver load path. And the access here is
         * completely racy anyway. So don't bother with locking for now.
         */
         * locking inversion with the driver load path. And the access here is
         * completely racy anyway. So don't bother with locking for now.
         */


@@ -42880,12 +42544,12 @@ index 0cb92e3..c7d453d 100644
        if (atomic_read(&uhid->report_done))
                goto unlock;
 diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
        if (atomic_read(&uhid->report_done))
                goto unlock;
 diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c

-index 531a593..0b43a69 100644
+index 19bad59..ca24eaf 100644

 --- a/drivers/hv/channel.c
 +++ b/drivers/hv/channel.c
 --- a/drivers/hv/channel.c
 +++ b/drivers/hv/channel.c

-@@ -365,8 +365,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer,
+@@ -366,8 +366,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer,
+       unsigned long flags;

        int ret = 0;
        int ret = 0;

-       int t;

  
 -      next_gpadl_handle = atomic_read(&vmbus_connection.next_gpadl_handle);
 -      atomic_inc(&vmbus_connection.next_gpadl_handle);
  
 -      next_gpadl_handle = atomic_read(&vmbus_connection.next_gpadl_handle);
 -      atomic_inc(&vmbus_connection.next_gpadl_handle);


@@ -42895,7 +42559,7 @@ index 531a593..0b43a69 100644
        ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount);
        if (ret)
 diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
        ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount);
        if (ret)
 diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c

-index edfc848..d83e195 100644
+index 3e4235c..877d0e5 100644

 --- a/drivers/hv/hv.c
 +++ b/drivers/hv/hv.c
 @@ -112,7 +112,7 @@ static u64 do_hypercall(u64 control, void *input, void *output)
 --- a/drivers/hv/hv.c
 +++ b/drivers/hv/hv.c
 @@ -112,7 +112,7 @@ static u64 do_hypercall(u64 control, void *input, void *output)


@@ -42907,7 +42571,7 @@ index edfc848..d83e195 100644
  
        __asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi),
                              "=a"(hv_status_lo) : "d" (control_hi),
  
        __asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi),
                              "=a"(hv_status_lo) : "d" (control_hi),

-@@ -154,7 +154,7 @@ int hv_init(void)
+@@ -156,7 +156,7 @@ int hv_init(void)

        /* See if the hypercall page is already set */
        rdmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
  
        /* See if the hypercall page is already set */
        rdmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
  


@@ -43002,10 +42666,10 @@ index 5e90c5d..d8fcefb 100644
        cap_msg.caps.cap_bits.balloon = 1;
        cap_msg.caps.cap_bits.hot_add = 1;
 diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h
        cap_msg.caps.cap_bits.balloon = 1;
        cap_msg.caps.cap_bits.hot_add = 1;
 diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h

-index 22b7507..fc2fc47 100644
+index c386d8d..d6004c4 100644

 --- a/drivers/hv/hyperv_vmbus.h
 +++ b/drivers/hv/hyperv_vmbus.h
 --- a/drivers/hv/hyperv_vmbus.h
 +++ b/drivers/hv/hyperv_vmbus.h

-@@ -607,7 +607,7 @@ enum vmbus_connect_state {
+@@ -611,7 +611,7 @@ enum vmbus_connect_state {

  struct vmbus_connection {
        enum vmbus_connect_state conn_state;
  
  struct vmbus_connection {
        enum vmbus_connect_state conn_state;
  


@@ -45324,7 +44988,7 @@ index 32b958d..34011e8 100644
  
  void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
 diff --git a/drivers/md/md.c b/drivers/md/md.c
  
  void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
 diff --git a/drivers/md/md.c b/drivers/md/md.c

-index 1294238..a442227 100644
+index b7f603c..723d2bd 100644

 --- a/drivers/md/md.c
 +++ b/drivers/md/md.c
 @@ -194,10 +194,10 @@ EXPORT_SYMBOL_GPL(bio_clone_mddev);
 --- a/drivers/md/md.c
 +++ b/drivers/md/md.c
 @@ -194,10 +194,10 @@ EXPORT_SYMBOL_GPL(bio_clone_mddev);


@@ -45396,7 +45060,7 @@ index 1294238..a442227 100644
  
        INIT_LIST_HEAD(&rdev->same_set);
        init_waitqueue_head(&rdev->blocked_wait);
  
        INIT_LIST_HEAD(&rdev->same_set);
        init_waitqueue_head(&rdev->blocked_wait);

-@@ -7068,7 +7068,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
+@@ -7072,7 +7072,7 @@ static int md_seq_show(struct seq_file *seq, void *v)

  
                spin_unlock(&pers_lock);
                seq_printf(seq, "\n");
  
                spin_unlock(&pers_lock);
                seq_printf(seq, "\n");


@@ -45405,7 +45069,7 @@ index 1294238..a442227 100644
                return 0;
        }
        if (v == (void*)2) {
                return 0;
        }
        if (v == (void*)2) {

-@@ -7171,7 +7171,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
+@@ -7175,7 +7175,7 @@ static int md_seq_open(struct inode *inode, struct file *file)

                return error;
  
        seq = file->private_data;
                return error;
  
        seq = file->private_data;


@@ -45414,7 +45078,7 @@ index 1294238..a442227 100644
        return error;
  }
  
        return error;
  }
  

-@@ -7188,7 +7188,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
+@@ -7192,7 +7192,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)

        /* always allow read */
        mask = POLLIN | POLLRDNORM;
  
        /* always allow read */
        mask = POLLIN | POLLRDNORM;
  


@@ -45423,7 +45087,7 @@ index 1294238..a442227 100644
                mask |= POLLERR | POLLPRI;
        return mask;
  }
                mask |= POLLERR | POLLPRI;
        return mask;
  }

-@@ -7232,7 +7232,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
+@@ -7236,7 +7236,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)

                struct gendisk *disk = rdev->bdev->bd_contains->bd_disk;
                curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
                              (int)part_stat_read(&disk->part0, sectors[1]) -
                struct gendisk *disk = rdev->bdev->bd_contains->bd_disk;
                curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
                              (int)part_stat_read(&disk->part0, sectors[1]) -


@@ -47759,7 +47423,7 @@ index ccec0e3..199f9ce 100644
        if (imx_data->socdata->flags & ESDHC_FLAG_STD_TUNING)
                writel(readl(host->ioaddr + ESDHC_TUNING_CTRL) |
 diff --git a/drivers/mmc/host/sdhci-s3c.c b/drivers/mmc/host/sdhci-s3c.c
        if (imx_data->socdata->flags & ESDHC_FLAG_STD_TUNING)
                writel(readl(host->ioaddr + ESDHC_TUNING_CTRL) |
 diff --git a/drivers/mmc/host/sdhci-s3c.c b/drivers/mmc/host/sdhci-s3c.c

-index fa5954a..56840e5 100644
+index 1e47903..7683916 100644

 --- a/drivers/mmc/host/sdhci-s3c.c
 +++ b/drivers/mmc/host/sdhci-s3c.c
 @@ -584,9 +584,11 @@ static int sdhci_s3c_probe(struct platform_device *pdev)
 --- a/drivers/mmc/host/sdhci-s3c.c
 +++ b/drivers/mmc/host/sdhci-s3c.c
 @@ -584,9 +584,11 @@ static int sdhci_s3c_probe(struct platform_device *pdev)


@@ -48012,7 +47676,7 @@ index 1c5d62e..8e14d54 100644
 +      .wrapper_rx_desc_init = xgbe_wrapper_rx_descriptor_init,
 +};
 diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
 +      .wrapper_rx_desc_init = xgbe_wrapper_rx_descriptor_init,
 +};
 diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c

-index ea27383..d695e45 100644
+index ea27383..faa8936 100644

 --- a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
 +++ b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
 @@ -2463,7 +2463,7 @@ static void xgbe_powerdown_rx(struct xgbe_prv_data *pdata)
 --- a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
 +++ b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
 @@ -2463,7 +2463,7 @@ static void xgbe_powerdown_rx(struct xgbe_prv_data *pdata)


@@ -48197,7 +47861,7 @@ index ea27383..d695e45 100644
 -      DBGPR("<--xgbe_init_function_ptrs\n");
 -}
 +      .config_dcb_tc = xgbe_config_dcb_tc,
 -      DBGPR("<--xgbe_init_function_ptrs\n");
 -}
 +      .config_dcb_tc = xgbe_config_dcb_tc,

-+      .config_dcb_pfc = xgbe_config_dcb_pfc
++      .config_dcb_pfc = xgbe_config_dcb_pfc,

 +};
 diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
 index b26d758..b0d1c3b 100644
 +};
 diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
 index b26d758..b0d1c3b 100644


@@ -48691,10 +48355,10 @@ index 8cffcdf..aadf043 100644
  #define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb)
  
 diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
  #define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb)
  
 diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c

-index e5be511..16cb55c 100644
+index 9f5f3c3..86d21a6 100644

 --- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
 +++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
 --- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
 +++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c

-@@ -2355,7 +2355,7 @@ static void get_regs(struct net_device *dev, struct ethtool_regs *regs,
+@@ -2359,7 +2359,7 @@ static void get_regs(struct net_device *dev, struct ethtool_regs *regs,

  
        int i;
        struct adapter *ap = netdev2adap(dev);
  
        int i;
        struct adapter *ap = netdev2adap(dev);


@@ -48960,18 +48624,6 @@ index d5e07de..e3bf20a 100644
  
        spinlock_t request_lock;
        struct list_head req_list;
  
        spinlock_t request_lock;
        struct list_head req_list;

-diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c
-index 0fcb5e7..148fda3 100644
---- a/drivers/net/hyperv/netvsc_drv.c
-+++ b/drivers/net/hyperv/netvsc_drv.c
-@@ -556,6 +556,7 @@ do_lso:
- do_send:
-       /* Start filling in the page buffers with the rndis hdr */
-       rndis_msg->msg_len += rndis_msg_size;
-+      packet->total_data_buflen = rndis_msg->msg_len;
-       packet->page_buf_cnt = init_page_array(rndis_msg, rndis_msg_size,
-                                       skb, &packet->page_buf[0]);
- 

 diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c
 index 2b86f0b..ecc996f 100644
 --- a/drivers/net/hyperv/rndis_filter.c
 diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c
 index 2b86f0b..ecc996f 100644
 --- a/drivers/net/hyperv/rndis_filter.c


@@ -49008,7 +48660,7 @@ index 9ce854f..e43fa17 100644
        priv = netdev_priv(dev);
        priv->phy = phy;
 diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
        priv = netdev_priv(dev);
        priv->phy = phy;
 diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c

-index 726edab..8939092 100644
+index 5f17ad0..e0463c8 100644

 --- a/drivers/net/macvlan.c
 +++ b/drivers/net/macvlan.c
 @@ -264,7 +264,7 @@ static void macvlan_broadcast_enqueue(struct macvlan_port *port,
 --- a/drivers/net/macvlan.c
 +++ b/drivers/net/macvlan.c
 @@ -264,7 +264,7 @@ static void macvlan_broadcast_enqueue(struct macvlan_port *port,


@@ -49020,7 +48672,7 @@ index 726edab..8939092 100644
  }
  
  /* called under rcu_read_lock() from netif_receive_skb */
  }
  
  /* called under rcu_read_lock() from netif_receive_skb */

-@@ -1144,13 +1144,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = {
+@@ -1150,13 +1150,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = {

  int macvlan_link_register(struct rtnl_link_ops *ops)
  {
        /* common fields */
  int macvlan_link_register(struct rtnl_link_ops *ops)
  {
        /* common fields */


@@ -49043,7 +48695,7 @@ index 726edab..8939092 100644
  
        return rtnl_link_register(ops);
  };
  
        return rtnl_link_register(ops);
  };

-@@ -1230,7 +1232,7 @@ static int macvlan_device_event(struct notifier_block *unused,
+@@ -1236,7 +1238,7 @@ static int macvlan_device_event(struct notifier_block *unused,

        return NOTIFY_DONE;
  }
  
        return NOTIFY_DONE;
  }
  


@@ -49053,10 +48705,10 @@ index 726edab..8939092 100644
  };
  
 diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
  };
  
 diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c

-index 0c6adaa..0784e3f 100644
+index 07c942b..2d8b073 100644

 --- a/drivers/net/macvtap.c
 +++ b/drivers/net/macvtap.c
 --- a/drivers/net/macvtap.c
 +++ b/drivers/net/macvtap.c

-@@ -1018,7 +1018,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,
+@@ -1023,7 +1023,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,

                }
  
                ret = 0;
                }
  
                ret = 0;


@@ -49065,7 +48717,7 @@ index 0c6adaa..0784e3f 100644
                    put_user(q->flags, &ifr->ifr_flags))
                        ret = -EFAULT;
                macvtap_put_vlan(vlan);
                    put_user(q->flags, &ifr->ifr_flags))
                        ret = -EFAULT;
                macvtap_put_vlan(vlan);

-@@ -1188,7 +1188,7 @@ static int macvtap_device_event(struct notifier_block *unused,
+@@ -1193,7 +1193,7 @@ static int macvtap_device_event(struct notifier_block *unused,

        return NOTIFY_DONE;
  }
  
        return NOTIFY_DONE;
  }
  


@@ -49075,18 +48727,9 @@ index 0c6adaa..0784e3f 100644
  };
  
 diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
  };
  
 diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c

-index fa0d717..bab8c01 100644
+index 17ecdd6..79ad848 100644

 --- a/drivers/net/ppp/ppp_generic.c
 +++ b/drivers/net/ppp/ppp_generic.c
 --- a/drivers/net/ppp/ppp_generic.c
 +++ b/drivers/net/ppp/ppp_generic.c

-@@ -594,7 +594,7 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
-                       if (file == ppp->owner)
-                               ppp_shutdown_interface(ppp);
-               }
--              if (atomic_long_read(&file->f_count) <= 2) {
-+              if (atomic_long_read(&file->f_count) < 2) {
-                       ppp_release(NULL, file);
-                       err = 0;
-               } else

 @@ -1020,7 +1020,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
        void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data;
        struct ppp_stats stats;
 @@ -1020,7 +1020,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
        void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data;
        struct ppp_stats stats;


@@ -49105,6 +48748,21 @@ index fa0d717..bab8c01 100644
                        break;
                err = 0;
                break;
                        break;
                err = 0;
                break;

+diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c
+index 1aff970..cc2ee29 100644
+--- a/drivers/net/ppp/pptp.c
++++ b/drivers/net/ppp/pptp.c
+@@ -506,7 +506,9 @@ static int pptp_getname(struct socket *sock, struct sockaddr *uaddr,
+       int len = sizeof(struct sockaddr_pppox);
+       struct sockaddr_pppox sp;
+ 
+-      sp.sa_family      = AF_PPPOX;
++      memset(&sp.sa_addr, 0, sizeof(sp.sa_addr));
++
++      sp.sa_family    = AF_PPPOX;
+       sp.sa_protocol  = PX_PROTO_PPTP;
+       sp.sa_addr.pptp = pppox_sk(sock->sk)->proto.pptp.src_addr;
+ 

 diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c
 index 079f7ad..b2a2bfa7 100644
 --- a/drivers/net/slip/slhc.c
 diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c
 index 079f7ad..b2a2bfa7 100644
 --- a/drivers/net/slip/slhc.c


@@ -49132,10 +48790,10 @@ index 1f76c2ea..9681171 100644
  };
  
 diff --git a/drivers/net/tun.c b/drivers/net/tun.c
  };
  
 diff --git a/drivers/net/tun.c b/drivers/net/tun.c

-index acaaf67..a33483d 100644
+index d965e8a..f119e64 100644

 --- a/drivers/net/tun.c
 +++ b/drivers/net/tun.c
 --- a/drivers/net/tun.c
 +++ b/drivers/net/tun.c

-@@ -1855,7 +1855,7 @@ unlock:
+@@ -1861,7 +1861,7 @@ unlock:

  }
  
  static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
  }
  
  static long __tun_chr_ioctl(struct file *file, unsigned int cmd,


@@ -49144,7 +48802,7 @@ index acaaf67..a33483d 100644
  {
        struct tun_file *tfile = file->private_data;
        struct tun_struct *tun;
  {
        struct tun_file *tfile = file->private_data;
        struct tun_struct *tun;

-@@ -1868,6 +1868,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
+@@ -1874,6 +1874,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,

        unsigned int ifindex;
        int ret;
  
        unsigned int ifindex;
        int ret;
  


@@ -49294,59 +48952,10 @@ index 59caa06..de191b3 100644
  #define VIRTNET_DRIVER_VERSION "1.0.0"
  
 diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
  #define VIRTNET_DRIVER_VERSION "1.0.0"
  
 diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c

-index beb377b..b5bbf08 100644
+index 81a8a29..ae60a58 100644

 --- a/drivers/net/vxlan.c
 +++ b/drivers/net/vxlan.c
 --- a/drivers/net/vxlan.c
 +++ b/drivers/net/vxlan.c

-@@ -1440,9 +1440,6 @@ static int neigh_reduce(struct net_device *dev, struct sk_buff *skb)
-       if (!in6_dev)
-               goto out;
- 
--      if (!pskb_may_pull(skb, skb->len))
--              goto out;
--
-       iphdr = ipv6_hdr(skb);
-       saddr = &iphdr->saddr;
-       daddr = &iphdr->daddr;
-@@ -1717,6 +1714,8 @@ static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan,
-       struct pcpu_sw_netstats *tx_stats, *rx_stats;
-       union vxlan_addr loopback;
-       union vxlan_addr *remote_ip = &dst_vxlan->default_dst.remote_ip;
-+      struct net_device *dev = skb->dev;
-+      int len = skb->len;
- 
-       tx_stats = this_cpu_ptr(src_vxlan->dev->tstats);
-       rx_stats = this_cpu_ptr(dst_vxlan->dev->tstats);
-@@ -1740,16 +1739,16 @@ static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan,
- 
-       u64_stats_update_begin(&tx_stats->syncp);
-       tx_stats->tx_packets++;
--      tx_stats->tx_bytes += skb->len;
-+      tx_stats->tx_bytes += len;
-       u64_stats_update_end(&tx_stats->syncp);
- 
-       if (netif_rx(skb) == NET_RX_SUCCESS) {
-               u64_stats_update_begin(&rx_stats->syncp);
-               rx_stats->rx_packets++;
--              rx_stats->rx_bytes += skb->len;
-+              rx_stats->rx_bytes += len;
-               u64_stats_update_end(&rx_stats->syncp);
-       } else {
--              skb->dev->stats.rx_dropped++;
-+              dev->stats.rx_dropped++;
-       }
- }
- 
-@@ -1927,7 +1926,8 @@ static netdev_tx_t vxlan_xmit(struct sk_buff *skb, struct net_device *dev)
-                       return arp_reduce(dev, skb);
- #if IS_ENABLED(CONFIG_IPV6)
-               else if (ntohs(eth->h_proto) == ETH_P_IPV6 &&
--                       skb->len >= sizeof(struct ipv6hdr) + sizeof(struct nd_msg) &&
-+                       pskb_may_pull(skb, sizeof(struct ipv6hdr)
-+                                     + sizeof(struct nd_msg)) &&
-                        ipv6_hdr(skb)->nexthdr == IPPROTO_ICMPV6) {
-                               struct nd_msg *msg;
- 
-@@ -2750,7 +2750,7 @@ nla_put_failure:
+@@ -2762,7 +2762,7 @@ nla_put_failure:

        return -EMSGSIZE;
  }
  
        return -EMSGSIZE;
  }
  


@@ -49355,7 +48964,7 @@ index beb377b..b5bbf08 100644
        .kind           = "vxlan",
        .maxtype        = IFLA_VXLAN_MAX,
        .policy         = vxlan_policy,
        .kind           = "vxlan",
        .maxtype        = IFLA_VXLAN_MAX,
        .policy         = vxlan_policy,

-@@ -2797,7 +2797,7 @@ static int vxlan_lowerdev_event(struct notifier_block *unused,
+@@ -2809,7 +2809,7 @@ static int vxlan_lowerdev_event(struct notifier_block *unused,

        return NOTIFY_DONE;
  }
  
        return NOTIFY_DONE;
  }
  


@@ -50059,10 +49668,10 @@ index 0ffb6ff..c0b7f0e 100644
        memset(buf, 0, sizeof(buf));
        buf_size = min(count, sizeof(buf) - 1);
 diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c
        memset(buf, 0, sizeof(buf));
        buf_size = min(count, sizeof(buf) - 1);
 diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c

-index 06e04aa..d5e1f0d 100644
+index 6c02467..771bb8a 100644

 --- a/drivers/net/wireless/iwlwifi/pcie/trans.c
 +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c
 --- a/drivers/net/wireless/iwlwifi/pcie/trans.c
 +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c

-@@ -1684,7 +1684,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
+@@ -1686,7 +1686,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,

        struct isr_statistics *isr_stats = &trans_pcie->isr_stats;
  
        char buf[8];
        struct isr_statistics *isr_stats = &trans_pcie->isr_stats;
  
        char buf[8];


@@ -50071,7 +49680,7 @@ index 06e04aa..d5e1f0d 100644
        u32 reset_flag;
  
        memset(buf, 0, sizeof(buf));
        u32 reset_flag;
  
        memset(buf, 0, sizeof(buf));

-@@ -1705,7 +1705,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
+@@ -1707,7 +1707,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,

  {
        struct iwl_trans *trans = file->private_data;
        char buf[8];
  {
        struct iwl_trans *trans = file->private_data;
        char buf[8];


@@ -50081,10 +49690,10 @@ index 06e04aa..d5e1f0d 100644
  
        memset(buf, 0, sizeof(buf));
 diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
  
        memset(buf, 0, sizeof(buf));
 diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c

-index 1326f61..9e56010f 100644
+index 6b48c865..19646a7 100644

 --- a/drivers/net/wireless/mac80211_hwsim.c
 +++ b/drivers/net/wireless/mac80211_hwsim.c
 --- a/drivers/net/wireless/mac80211_hwsim.c
 +++ b/drivers/net/wireless/mac80211_hwsim.c

-@@ -2575,20 +2575,20 @@ static int __init init_mac80211_hwsim(void)
+@@ -2577,20 +2577,20 @@ static int __init init_mac80211_hwsim(void)

        if (channels < 1)
                return -EINVAL;
  
        if (channels < 1)
                return -EINVAL;
  


@@ -50599,7 +50208,7 @@ index 5a40516..136d5a7 100644
                kfree(msi_dev_attr);
                ++count;
 diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
                kfree(msi_dev_attr);
                ++count;
 diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c

-index 9ff0a90..e819dda 100644
+index 6d04771..4126004 100644

 --- a/drivers/pci/pci-sysfs.c
 +++ b/drivers/pci/pci-sysfs.c
 @@ -1134,7 +1134,7 @@ static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine)
 --- a/drivers/pci/pci-sysfs.c
 +++ b/drivers/pci/pci-sysfs.c
 @@ -1134,7 +1134,7 @@ static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine)


@@ -51332,7 +50941,7 @@ index f374fa5..26f0683 100644
        mc13xxx_data = mc13xxx_parse_regulators_dt(pdev, mc13892_regulators,
                                        ARRAY_SIZE(mc13892_regulators));
 diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
        mc13xxx_data = mc13xxx_parse_regulators_dt(pdev, mc13892_regulators,
                                        ARRAY_SIZE(mc13892_regulators));
 diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c

-index b0e4a3e..e5dc11e 100644
+index 5b2e761..c8c8a4a 100644

 --- a/drivers/rtc/rtc-cmos.c
 +++ b/drivers/rtc/rtc-cmos.c
 @@ -789,7 +789,9 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq)
 --- a/drivers/rtc/rtc-cmos.c
 +++ b/drivers/rtc/rtc-cmos.c
 @@ -789,7 +789,9 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq)


@@ -52337,7 +51946,7 @@ index d646540..5b13554 100644
  extern void qla2x00_free_sysfs_attr(scsi_qla_host_t *, bool);
  extern void qla2x00_init_host_attr(scsi_qla_host_t *);
 diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
  extern void qla2x00_free_sysfs_attr(scsi_qla_host_t *, bool);
  extern void qla2x00_init_host_attr(scsi_qla_host_t *);
 diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c

-index be9698d..a328a41 100644
+index 8252c0e..613adad 100644

 --- a/drivers/scsi/qla2xxx/qla_os.c
 +++ b/drivers/scsi/qla2xxx/qla_os.c
 @@ -1493,8 +1493,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha)
 --- a/drivers/scsi/qla2xxx/qla_os.c
 +++ b/drivers/scsi/qla2xxx/qla_os.c
 @@ -1493,8 +1493,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha)


@@ -52408,7 +52017,7 @@ index d81f3cc..0093e5b 100644
        /* check if the device is still usable */
        if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
 diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
        /* check if the device is still usable */
        if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
 diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c

-index aaea4b9..c64408d 100644
+index 7cb8c73..14561b5 100644

 --- a/drivers/scsi/scsi_lib.c
 +++ b/drivers/scsi/scsi_lib.c
 @@ -1581,7 +1581,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
 --- a/drivers/scsi/scsi_lib.c
 +++ b/drivers/scsi/scsi_lib.c
 @@ -1581,7 +1581,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)


@@ -52573,6 +52182,19 @@ index 01cf888..59e0475 100644
        case BLKTRACESTART:
                return blk_trace_startstop(sdp->device->request_queue, 1);
        case BLKTRACESTOP:
        case BLKTRACESTART:
                return blk_trace_startstop(sdp->device->request_queue, 1);
        case BLKTRACESTOP:

+diff --git a/drivers/soc/tegra/fuse/fuse-tegra.c b/drivers/soc/tegra/fuse/fuse-tegra.c
+index 11a5043..e36f04c 100644
+--- a/drivers/soc/tegra/fuse/fuse-tegra.c
++++ b/drivers/soc/tegra/fuse/fuse-tegra.c
+@@ -70,7 +70,7 @@ static ssize_t fuse_read(struct file *fd, struct kobject *kobj,
+       return i;
+ }
+ 
+-static struct bin_attribute fuse_bin_attr = {
++static bin_attribute_no_const fuse_bin_attr = {
+       .attr = { .name = "fuse", .mode = S_IRUGO, },
+       .read = fuse_read,
+ };

 diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
 index ca935df..ae8a3dc 100644
 --- a/drivers/spi/spi.c
 diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
 index ca935df..ae8a3dc 100644
 --- a/drivers/spi/spi.c


@@ -52643,6 +52265,58 @@ index 6b22106..6c6e641 100644
                return -EBUSY;
  
        imx_drm_crtc = kzalloc(sizeof(*imx_drm_crtc), GFP_KERNEL);
                return -EBUSY;
  
        imx_drm_crtc = kzalloc(sizeof(*imx_drm_crtc), GFP_KERNEL);

+diff --git a/drivers/staging/line6/driver.c b/drivers/staging/line6/driver.c
+index 503b2d7..c918745 100644
+--- a/drivers/staging/line6/driver.c
++++ b/drivers/staging/line6/driver.c
+@@ -463,7 +463,7 @@ int line6_read_data(struct usb_line6 *line6, int address, void *data,
+ {
+       struct usb_device *usbdev = line6->usbdev;
+       int ret;
+-      unsigned char len;
++      unsigned char *plen;
+ 
+       /* query the serial number: */
+       ret = usb_control_msg(usbdev, usb_sndctrlpipe(usbdev, 0), 0x67,
+@@ -476,27 +476,34 @@ int line6_read_data(struct usb_line6 *line6, int address, void *data,
+               return ret;
+       }
+ 
++      plen = kmalloc(1, GFP_KERNEL);
++      if (plen == NULL)
++              return -ENOMEM;
++
+       /* Wait for data length. We'll get 0xff until length arrives. */
+       do {
+               ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67,
+                                     USB_TYPE_VENDOR | USB_RECIP_DEVICE |
+                                     USB_DIR_IN,
+-                                    0x0012, 0x0000, &len, 1,
++                                    0x0012, 0x0000, plen, 1,
+                                     LINE6_TIMEOUT * HZ);
+               if (ret < 0) {
+                       dev_err(line6->ifcdev,
+                               "receive length failed (error %d)\n", ret);
++                      kfree(plen);
+                       return ret;
+               }
+-      } while (len == 0xff);
++      } while (*plen == 0xff);
+ 
+-      if (len != datalen) {
++      if (*plen != datalen) {
+               /* should be equal or something went wrong */
+               dev_err(line6->ifcdev,
+                       "length mismatch (expected %d, got %d)\n",
+-                      (int)datalen, (int)len);
++                      (int)datalen, (int)*plen);
++              kfree(plen);
+               return -EINVAL;
+       }
++      kfree(plen);
+ 
+       /* receive the result: */
+       ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67,

 diff --git a/drivers/staging/lustre/lnet/selftest/brw_test.c b/drivers/staging/lustre/lnet/selftest/brw_test.c
 index bcce919..f30fcf9 100644
 --- a/drivers/staging/lustre/lnet/selftest/brw_test.c
 diff --git a/drivers/staging/lustre/lnet/selftest/brw_test.c b/drivers/staging/lustre/lnet/selftest/brw_test.c
 index bcce919..f30fcf9 100644
 --- a/drivers/staging/lustre/lnet/selftest/brw_test.c


@@ -52903,6 +52577,28 @@ index dc23395..cf7e9b1 100644
  
  struct io_req {
        struct list_head list;
  
  struct io_req {
        struct list_head list;

+diff --git a/drivers/staging/unisys/visorchipset/visorchipset.h b/drivers/staging/unisys/visorchipset/visorchipset.h
+index 2bf2e2f..84421c9 100644
+--- a/drivers/staging/unisys/visorchipset/visorchipset.h
++++ b/drivers/staging/unisys/visorchipset/visorchipset.h
+@@ -228,7 +228,7 @@ typedef struct {
+       void (*device_resume)(ulong busNo, ulong devNo);
+       int (*get_channel_info)(uuid_le typeGuid, ulong *minSize,
+                                ulong *maxSize);
+-} VISORCHIPSET_BUSDEV_NOTIFIERS;
++} __no_const VISORCHIPSET_BUSDEV_NOTIFIERS;
+ 
+ /*  These functions live inside visorchipset, and will be called to indicate
+  *  responses to specific events (by code outside of visorchipset).
+@@ -243,7 +243,7 @@ typedef struct {
+       void (*device_destroy)(ulong busNo, ulong devNo, int response);
+       void (*device_pause)(ulong busNo, ulong devNo, int response);
+       void (*device_resume)(ulong busNo, ulong devNo, int response);
+-} VISORCHIPSET_BUSDEV_RESPONDERS;
++} __no_const VISORCHIPSET_BUSDEV_RESPONDERS;
+ 
+ /** Register functions (in the bus driver) to get called by visorchipset
+  *  whenever a bus or device appears for which this service partition is

 diff --git a/drivers/staging/vt6655/hostap.c b/drivers/staging/vt6655/hostap.c
 index 164136b..7244df5 100644
 --- a/drivers/staging/vt6655/hostap.c
 diff --git a/drivers/staging/vt6655/hostap.c b/drivers/staging/vt6655/hostap.c
 index 164136b..7244df5 100644
 --- a/drivers/staging/vt6655/hostap.c


@@ -52956,10 +52652,10 @@ index e7e9372..161f530 100644
        login->tgt_agt = sbp_target_agent_register(login);
        if (IS_ERR(login->tgt_agt)) {
 diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
        login->tgt_agt = sbp_target_agent_register(login);
        if (IS_ERR(login->tgt_agt)) {
 diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c

-index 98da901..bb443e8 100644
+index 15a1c13..6c9b96b 100644

 --- a/drivers/target/target_core_device.c
 +++ b/drivers/target/target_core_device.c
 --- a/drivers/target/target_core_device.c
 +++ b/drivers/target/target_core_device.c

-@@ -1525,7 +1525,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
+@@ -1526,7 +1526,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)

        spin_lock_init(&dev->se_tmr_lock);
        spin_lock_init(&dev->qf_cmd_lock);
        sema_init(&dev->caw_sem, 1);
        spin_lock_init(&dev->se_tmr_lock);
        spin_lock_init(&dev->qf_cmd_lock);
        sema_init(&dev->caw_sem, 1);


@@ -52969,7 +52665,7 @@ index 98da901..bb443e8 100644
        spin_lock_init(&dev->t10_wwn.t10_vpd_lock);
        INIT_LIST_HEAD(&dev->t10_pr.registration_list);
 diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
        spin_lock_init(&dev->t10_wwn.t10_vpd_lock);
        INIT_LIST_HEAD(&dev->t10_pr.registration_list);
 diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c

-index 7fa62fc..abdd041 100644
+index ab61014..8f1116e 100644

 --- a/drivers/target/target_core_transport.c
 +++ b/drivers/target/target_core_transport.c
 @@ -1165,7 +1165,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd)
 --- a/drivers/target/target_core_transport.c
 +++ b/drivers/target/target_core_transport.c
 @@ -1165,7 +1165,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd)


@@ -53693,10 +53389,10 @@ index a260cde..6b2b5ce 100644
  /* This is only available if kgdboc is a built in for early debugging */
  static int __init kgdboc_early_init(char *opt)
 diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c
  /* This is only available if kgdboc is a built in for early debugging */
  static int __init kgdboc_early_init(char *opt)
 diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c

-index 0da0b54..80ae306 100644
+index 077570a..12550a9 100644

 --- a/drivers/tty/serial/msm_serial.c
 +++ b/drivers/tty/serial/msm_serial.c
 --- a/drivers/tty/serial/msm_serial.c
 +++ b/drivers/tty/serial/msm_serial.c

-@@ -989,7 +989,7 @@ static struct uart_driver msm_uart_driver = {
+@@ -981,7 +981,7 @@ static struct uart_driver msm_uart_driver = {

        .cons = MSM_CONSOLE,
  };
  
        .cons = MSM_CONSOLE,
  };
  


@@ -53705,7 +53401,7 @@ index 0da0b54..80ae306 100644
  
  static const struct of_device_id msm_uartdm_table[] = {
        { .compatible = "qcom,msm-uartdm-v1.1", .data = (void *)UARTDM_1P1 },
  
  static const struct of_device_id msm_uartdm_table[] = {
        { .compatible = "qcom,msm-uartdm-v1.1", .data = (void *)UARTDM_1P1 },

-@@ -1008,7 +1008,7 @@ static int msm_serial_probe(struct platform_device *pdev)
+@@ -1000,7 +1000,7 @@ static int msm_serial_probe(struct platform_device *pdev)

        int irq;
  
        if (pdev->id == -1)
        int irq;
  
        if (pdev->id == -1)


@@ -53747,7 +53443,7 @@ index c78f43a..22b1dab 100644
  
        if (cfg->uart_flags & UPF_CONS_FLOW) {
 diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
  
        if (cfg->uart_flags & UPF_CONS_FLOW) {
 diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c

-index 29a7be4..0144e62 100644
+index 0f03988..8a8038d 100644

 --- a/drivers/tty/serial/serial_core.c
 +++ b/drivers/tty/serial/serial_core.c
 @@ -1343,7 +1343,7 @@ static void uart_close(struct tty_struct *tty, struct file *filp)
 --- a/drivers/tty/serial/serial_core.c
 +++ b/drivers/tty/serial/serial_core.c
 @@ -1343,7 +1343,7 @@ static void uart_close(struct tty_struct *tty, struct file *filp)


@@ -54185,10 +53881,10 @@ index 42bad18..447d7a2 100644
  
                if (get_user(c, buf))
 diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
  
                if (get_user(c, buf))
 diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c

-index 8fbad34..0db0a39 100644
+index 848c17a..e930437 100644

 --- a/drivers/tty/tty_io.c
 +++ b/drivers/tty/tty_io.c
 --- a/drivers/tty/tty_io.c
 +++ b/drivers/tty/tty_io.c

-@@ -3464,7 +3464,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
+@@ -3469,7 +3469,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);

  
  void tty_default_fops(struct file_operations *fops)
  {
  
  void tty_default_fops(struct file_operations *fops)
  {


@@ -54623,7 +54319,7 @@ index 0b59731..46ee7d1 100644
                                    dev->rawdescriptors[i] + (*ppos - pos),
                                    min(len, alloclen))) {
 diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
                                    dev->rawdescriptors[i] + (*ppos - pos),
                                    min(len, alloclen))) {
 diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c

-index 487abcf..06226dc 100644
+index 258e6fe..9ea48d7 100644

 --- a/drivers/usb/core/hcd.c
 +++ b/drivers/usb/core/hcd.c
 @@ -1550,7 +1550,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
 --- a/drivers/usb/core/hcd.c
 +++ b/drivers/usb/core/hcd.c
 @@ -1550,7 +1550,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)


@@ -54645,7 +54341,7 @@ index 487abcf..06226dc 100644
                        wake_up(&usb_kill_urb_queue);
                usb_put_urb(urb);
 diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
                        wake_up(&usb_kill_urb_queue);
                usb_put_urb(urb);
 diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c

-index dc84915..cdb6624 100644
+index 674c262..71fdd90 100644

 --- a/drivers/usb/core/hub.c
 +++ b/drivers/usb/core/hub.c
 @@ -27,6 +27,7 @@
 --- a/drivers/usb/core/hub.c
 +++ b/drivers/usb/core/hub.c
 @@ -27,6 +27,7 @@


@@ -54656,7 +54352,7 @@ index dc84915..cdb6624 100644
  
  #include <asm/uaccess.h>
  #include <asm/byteorder.h>
  
  #include <asm/uaccess.h>
  #include <asm/byteorder.h>

-@@ -4662,6 +4663,10 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
+@@ -4665,6 +4666,10 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,

                        goto done;
                return;
        }
                        goto done;
                return;
        }


@@ -54724,19 +54420,6 @@ index 2dd2362..1135437 100644
  
        INIT_LIST_HEAD(&dev->ep0.urb_list);
        dev->ep0.desc.bLength = USB_DT_ENDPOINT_SIZE;
  
        INIT_LIST_HEAD(&dev->ep0.urb_list);
        dev->ep0.desc.bLength = USB_DT_ENDPOINT_SIZE;

-diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
-index 490a6ca..1f8364d 100644
---- a/drivers/usb/dwc3/gadget.c
-+++ b/drivers/usb/dwc3/gadget.c
-@@ -615,8 +615,6 @@ static int __dwc3_gadget_ep_enable(struct dwc3_ep *dep,
-               if (!usb_endpoint_xfer_isoc(desc))
-                       return 0;
- 
--              memset(&trb_link, 0, sizeof(trb_link));
--
-               /* Link TRB for ISOC. The HWO bit is never reset */
-               trb_st_hw = &dep->trb_pool[0];
- 

 diff --git a/drivers/usb/early/ehci-dbgp.c b/drivers/usb/early/ehci-dbgp.c
 index 8cfc319..4868255 100644
 --- a/drivers/usb/early/ehci-dbgp.c
 diff --git a/drivers/usb/early/ehci-dbgp.c b/drivers/usb/early/ehci-dbgp.c
 index 8cfc319..4868255 100644
 --- a/drivers/usb/early/ehci-dbgp.c


@@ -59907,10 +59590,10 @@ index f70119f..ab5894d 100644
        spin_lock_init(&delayed_root->lock);
        init_waitqueue_head(&delayed_root->wait);
 diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
        spin_lock_init(&delayed_root->lock);
        init_waitqueue_head(&delayed_root->wait);
 diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c

-index 8a8e298..9f904ad 100644
+index b765d41..5a8b0c3 100644

 --- a/fs/btrfs/ioctl.c
 +++ b/fs/btrfs/ioctl.c
 --- a/fs/btrfs/ioctl.c
 +++ b/fs/btrfs/ioctl.c

-@@ -3939,9 +3939,12 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -3975,9 +3975,12 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)

        for (i = 0; i < num_types; i++) {
                struct btrfs_space_info *tmp;
  
        for (i = 0; i < num_types; i++) {
                struct btrfs_space_info *tmp;
  


@@ -59923,7 +59606,7 @@ index 8a8e298..9f904ad 100644
                info = NULL;
                rcu_read_lock();
                list_for_each_entry_rcu(tmp, &root->fs_info->space_info,
                info = NULL;
                rcu_read_lock();
                list_for_each_entry_rcu(tmp, &root->fs_info->space_info,

-@@ -3963,10 +3966,7 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -3999,10 +4002,7 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)

                                memcpy(dest, &space, sizeof(space));
                                dest++;
                                space_args.total_spaces++;
                                memcpy(dest, &space, sizeof(space));
                                dest++;
                                space_args.total_spaces++;


@@ -59974,22 +59657,10 @@ index e2e798a..f454c18 100644
  
  static inline int btrfs_need_log_full_commit(struct btrfs_fs_info *fs_info,
 diff --git a/fs/buffer.c b/fs/buffer.c
  
  static inline int btrfs_need_log_full_commit(struct btrfs_fs_info *fs_info,
 diff --git a/fs/buffer.c b/fs/buffer.c

-index 3588a80..3d038a9 100644
+index 72daaa5..60ffeb9 100644

 --- a/fs/buffer.c
 +++ b/fs/buffer.c
 --- a/fs/buffer.c
 +++ b/fs/buffer.c

-@@ -2318,6 +2318,11 @@ static int cont_expand_zero(struct file *file, struct address_space *mapping,
-               err = 0;
- 
-               balance_dirty_pages_ratelimited(mapping);
-+
-+              if (unlikely(fatal_signal_pending(current))) {
-+                      err = -EINTR;
-+                      goto out;
-+              }
-       }
- 
-       /* page covers the boundary, find the boundary offset */
-@@ -3424,7 +3429,7 @@ void __init buffer_init(void)
+@@ -3432,7 +3432,7 @@ void __init buffer_init(void)

        bh_cachep = kmem_cache_create("buffer_head",
                        sizeof(struct buffer_head), 0,
                                (SLAB_RECLAIM_ACCOUNT|SLAB_PANIC|
        bh_cachep = kmem_cache_create("buffer_head",
                        sizeof(struct buffer_head), 0,
                                (SLAB_RECLAIM_ACCOUNT|SLAB_PANIC|


@@ -61029,7 +60700,7 @@ index a93f7e6..d58bcbe 100644
                return 0;
        while (nr) {
 diff --git a/fs/dcache.c b/fs/dcache.c
                return 0;
        while (nr) {
 diff --git a/fs/dcache.c b/fs/dcache.c

-index cb25a1a..8060de0 100644
+index 34b40be8..2003532 100644

 --- a/fs/dcache.c
 +++ b/fs/dcache.c
 @@ -478,7 +478,7 @@ static void __dentry_kill(struct dentry *dentry)
 --- a/fs/dcache.c
 +++ b/fs/dcache.c
 @@ -478,7 +478,7 @@ static void __dentry_kill(struct dentry *dentry)


@@ -61126,7 +60797,15 @@ index cb25a1a..8060de0 100644
                d_lru_isolate(dentry);
                spin_unlock(&dentry->d_lock);
                return LRU_REMOVED;
                d_lru_isolate(dentry);
                spin_unlock(&dentry->d_lock);
                return LRU_REMOVED;

-@@ -1255,7 +1255,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry)
+@@ -1149,6 +1149,7 @@ out_unlock:
+       return;
+ 
+ rename_retry:
++      done_seqretry(&rename_lock, seq);
+       if (!retry)
+               return;
+       seq = 1;
+@@ -1255,7 +1256,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry)

        } else {
                if (dentry->d_flags & DCACHE_LRU_LIST)
                        d_lru_del(dentry);
        } else {
                if (dentry->d_flags & DCACHE_LRU_LIST)
                        d_lru_del(dentry);


@@ -61135,7 +60814,7 @@ index cb25a1a..8060de0 100644
                        d_shrink_add(dentry, &data->dispose);
                        data->found++;
                }
                        d_shrink_add(dentry, &data->dispose);
                        data->found++;
                }

-@@ -1303,7 +1303,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry)
+@@ -1303,7 +1304,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry)

                return D_WALK_CONTINUE;
  
        /* root with refcount 1 is fine */
                return D_WALK_CONTINUE;
  
        /* root with refcount 1 is fine */


@@ -61144,7 +60823,7 @@ index cb25a1a..8060de0 100644
                return D_WALK_CONTINUE;
  
        printk(KERN_ERR "BUG: Dentry %p{i=%lx,n=%pd} "
                return D_WALK_CONTINUE;
  
        printk(KERN_ERR "BUG: Dentry %p{i=%lx,n=%pd} "

-@@ -1312,7 +1312,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry)
+@@ -1312,7 +1313,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry)

                       dentry->d_inode ?
                       dentry->d_inode->i_ino : 0UL,
                       dentry,
                       dentry->d_inode ?
                       dentry->d_inode->i_ino : 0UL,
                       dentry,


@@ -61153,7 +60832,7 @@ index cb25a1a..8060de0 100644
                       dentry->d_sb->s_type->name,
                       dentry->d_sb->s_id);
        WARN_ON(1);
                       dentry->d_sb->s_type->name,
                       dentry->d_sb->s_id);
        WARN_ON(1);

-@@ -1438,7 +1438,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
+@@ -1438,7 +1439,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)

         */
        dentry->d_iname[DNAME_INLINE_LEN-1] = 0;
        if (name->len > DNAME_INLINE_LEN-1) {
         */
        dentry->d_iname[DNAME_INLINE_LEN-1] = 0;
        if (name->len > DNAME_INLINE_LEN-1) {


@@ -61162,7 +60841,7 @@ index cb25a1a..8060de0 100644
                if (!dname) {
                        kmem_cache_free(dentry_cache, dentry); 
                        return NULL;
                if (!dname) {
                        kmem_cache_free(dentry_cache, dentry); 
                        return NULL;

-@@ -1456,7 +1456,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
+@@ -1456,7 +1457,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)

        smp_wmb();
        dentry->d_name.name = dname;
  
        smp_wmb();
        dentry->d_name.name = dname;
  


@@ -61171,7 +60850,7 @@ index cb25a1a..8060de0 100644
        dentry->d_flags = 0;
        spin_lock_init(&dentry->d_lock);
        seqcount_init(&dentry->d_seq);
        dentry->d_flags = 0;
        spin_lock_init(&dentry->d_lock);
        seqcount_init(&dentry->d_seq);

-@@ -2196,7 +2196,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name)
+@@ -2196,7 +2197,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name)

                                goto next;
                }
  
                                goto next;
                }
  


@@ -61180,7 +60859,7 @@ index cb25a1a..8060de0 100644
                found = dentry;
                spin_unlock(&dentry->d_lock);
                break;
                found = dentry;
                spin_unlock(&dentry->d_lock);
                break;

-@@ -2295,7 +2295,7 @@ again:
+@@ -2295,7 +2296,7 @@ again:

        spin_lock(&dentry->d_lock);
        inode = dentry->d_inode;
        isdir = S_ISDIR(inode->i_mode);
        spin_lock(&dentry->d_lock);
        inode = dentry->d_inode;
        isdir = S_ISDIR(inode->i_mode);


@@ -61189,21 +60868,7 @@ index cb25a1a..8060de0 100644
                if (!spin_trylock(&inode->i_lock)) {
                        spin_unlock(&dentry->d_lock);
                        cpu_relax();
                if (!spin_trylock(&inode->i_lock)) {
                        spin_unlock(&dentry->d_lock);
                        cpu_relax();

-@@ -2675,11 +2675,13 @@ struct dentry *d_splice_alias(struct inode *inode, struct dentry *dentry)
-                       if (!IS_ROOT(new)) {
-                               spin_unlock(&inode->i_lock);
-                               dput(new);
-+                              iput(inode);
-                               return ERR_PTR(-EIO);
-                       }
-                       if (d_ancestor(new, dentry)) {
-                               spin_unlock(&inode->i_lock);
-                               dput(new);
-+                              iput(inode);
-                               return ERR_PTR(-EIO);
-                       }
-                       write_seqlock(&rename_lock);
-@@ -3300,7 +3302,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry)
+@@ -3307,7 +3308,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry)

  
                if (!(dentry->d_flags & DCACHE_GENOCIDE)) {
                        dentry->d_flags |= DCACHE_GENOCIDE;
  
                if (!(dentry->d_flags & DCACHE_GENOCIDE)) {
                        dentry->d_flags |= DCACHE_GENOCIDE;


@@ -61212,7 +60877,7 @@ index cb25a1a..8060de0 100644
                }
        }
        return D_WALK_CONTINUE;
                }
        }
        return D_WALK_CONTINUE;

-@@ -3416,7 +3418,8 @@ void __init vfs_caches_init(unsigned long mempages)
+@@ -3423,7 +3424,8 @@ void __init vfs_caches_init(unsigned long mempages)

        mempages -= reserve;
  
        names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
        mempages -= reserve;
  
        names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,


@@ -61239,7 +60904,7 @@ index 1e3b99d..6512101 100644
  }
  EXPORT_SYMBOL_GPL(debugfs_create_dir);
 diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
  }
  EXPORT_SYMBOL_GPL(debugfs_create_dir);
 diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c

-index d4a9431..77f9b2e 100644
+index 57ee4c5..ecb13b0 100644

 --- a/fs/ecryptfs/inode.c
 +++ b/fs/ecryptfs/inode.c
 @@ -673,7 +673,7 @@ static char *ecryptfs_readlink_lower(struct dentry *dentry, size_t *bufsiz)
 --- a/fs/ecryptfs/inode.c
 +++ b/fs/ecryptfs/inode.c
 @@ -673,7 +673,7 @@ static char *ecryptfs_readlink_lower(struct dentry *dentry, size_t *bufsiz)


@@ -62154,10 +61819,10 @@ index c6874be..f8a6ae8 100644
  
  static int
 diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
  
  static int
 diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c

-index 581ef40..cec52d7 100644
+index e069155..b825b08 100644

 --- a/fs/ext4/balloc.c
 +++ b/fs/ext4/balloc.c
 --- a/fs/ext4/balloc.c
 +++ b/fs/ext4/balloc.c

-@@ -553,8 +553,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
+@@ -557,8 +557,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,

        /* Hm, nope.  Are (enough) root reserved clusters available? */
        if (uid_eq(sbi->s_resuid, current_fsuid()) ||
            (!gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) && in_group_p(sbi->s_resgid)) ||
        /* Hm, nope.  Are (enough) root reserved clusters available? */
        if (uid_eq(sbi->s_resuid, current_fsuid()) ||
            (!gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) && in_group_p(sbi->s_resgid)) ||


@@ -62169,7 +61834,7 @@ index 581ef40..cec52d7 100644
                if (free_clusters >= (nclusters + dirty_clusters +
                                      resv_clusters))
 diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
                if (free_clusters >= (nclusters + dirty_clusters +
                                      resv_clusters))
 diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h

-index b0c225c..0e69bd7 100644
+index 96ac9d3..1c30e7e6 100644

 --- a/fs/ext4/ext4.h
 +++ b/fs/ext4/ext4.h
 @@ -1275,19 +1275,19 @@ struct ext4_sb_info {
 --- a/fs/ext4/ext4.h
 +++ b/fs/ext4/ext4.h
 @@ -1275,19 +1275,19 @@ struct ext4_sb_info {


@@ -62320,10 +61985,10 @@ index 8b0f9ef..cb9f620 100644
  
        return 0;
 diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c
  
        return 0;
 diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c

-index 32bce84..112d969 100644
+index 8313ca3..8a37d08 100644

 --- a/fs/ext4/mmp.c
 +++ b/fs/ext4/mmp.c
 --- a/fs/ext4/mmp.c
 +++ b/fs/ext4/mmp.c

-@@ -113,7 +113,7 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh,
+@@ -111,7 +111,7 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh,

  void __dump_mmp_msg(struct super_block *sb, struct mmp_struct *mmp,
                    const char *function, unsigned int line, const char *msg)
  {
  void __dump_mmp_msg(struct super_block *sb, struct mmp_struct *mmp,
                    const char *function, unsigned int line, const char *msg)
  {


@@ -62333,10 +61998,10 @@ index 32bce84..112d969 100644
                       "MMP failure info: last update time: %llu, last update "
                       "node: %s, last update device: %s\n",
 diff --git a/fs/ext4/super.c b/fs/ext4/super.c
                       "MMP failure info: last update time: %llu, last update "
                       "node: %s, last update device: %s\n",
 diff --git a/fs/ext4/super.c b/fs/ext4/super.c

-index 0b28b36..b85d0f53 100644
+index b1f0ac7..77e9a05 100644

 --- a/fs/ext4/super.c
 +++ b/fs/ext4/super.c
 --- a/fs/ext4/super.c
 +++ b/fs/ext4/super.c

-@@ -1276,7 +1276,7 @@ static ext4_fsblk_t get_sb_block(void **data)
+@@ -1274,7 +1274,7 @@ static ext4_fsblk_t get_sb_block(void **data)

  }
  
  #define DEFAULT_JOURNAL_IOPRIO (IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 3))
  }
  
  #define DEFAULT_JOURNAL_IOPRIO (IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 3))


@@ -62345,7 +62010,7 @@ index 0b28b36..b85d0f53 100644
        "Contact linux-ext4@vger.kernel.org if you think we should keep it.\n";
  
  #ifdef CONFIG_QUOTA
        "Contact linux-ext4@vger.kernel.org if you think we should keep it.\n";
  
  #ifdef CONFIG_QUOTA

-@@ -2460,7 +2460,7 @@ struct ext4_attr {
+@@ -2454,7 +2454,7 @@ struct ext4_attr {

                int offset;
                int deprecated_val;
        } u;
                int offset;
                int deprecated_val;
        } u;


@@ -62355,10 +62020,10 @@ index 0b28b36..b85d0f53 100644
  static int parse_strtoull(const char *buf,
                unsigned long long max, unsigned long long *value)
 diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
  static int parse_strtoull(const char *buf,
                unsigned long long max, unsigned long long *value)
 diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c

-index e738733..9843a6c 100644
+index 2d1e5803..1b082d415 100644

 --- a/fs/ext4/xattr.c
 +++ b/fs/ext4/xattr.c
 --- a/fs/ext4/xattr.c
 +++ b/fs/ext4/xattr.c

-@@ -386,7 +386,7 @@ static int
+@@ -399,7 +399,7 @@ static int

  ext4_xattr_list_entries(struct dentry *dentry, struct ext4_xattr_entry *entry,
                        char *buffer, size_t buffer_size)
  {
  ext4_xattr_list_entries(struct dentry *dentry, struct ext4_xattr_entry *entry,
                        char *buffer, size_t buffer_size)
  {


@@ -62367,7 +62032,7 @@ index e738733..9843a6c 100644
  
        for (; !IS_LAST_ENTRY(entry); entry = EXT4_XATTR_NEXT(entry)) {
                const struct xattr_handler *handler =
  
        for (; !IS_LAST_ENTRY(entry); entry = EXT4_XATTR_NEXT(entry)) {
                const struct xattr_handler *handler =

-@@ -403,9 +403,10 @@ ext4_xattr_list_entries(struct dentry *dentry, struct ext4_xattr_entry *entry,
+@@ -416,9 +416,10 @@ ext4_xattr_list_entries(struct dentry *dentry, struct ext4_xattr_entry *entry,

                                buffer += size;
                        }
                        rest -= size;
                                buffer += size;
                        }
                        rest -= size;


@@ -64131,7 +63796,7 @@ index 4a6cf28..d3a29d3 100644
  
                jffs2_prealloc_raw_node_refs(c, jeb, 1);
 diff --git a/fs/jffs2/wbuf.c b/fs/jffs2/wbuf.c
  
                jffs2_prealloc_raw_node_refs(c, jeb, 1);
 diff --git a/fs/jffs2/wbuf.c b/fs/jffs2/wbuf.c

-index a6597d6..41b30ec 100644
+index 09ed551..45684f8 100644

 --- a/fs/jffs2/wbuf.c
 +++ b/fs/jffs2/wbuf.c
 @@ -1023,7 +1023,8 @@ static const struct jffs2_unknown_node oob_cleanmarker =
 --- a/fs/jffs2/wbuf.c
 +++ b/fs/jffs2/wbuf.c
 @@ -1023,7 +1023,8 @@ static const struct jffs2_unknown_node oob_cleanmarker =


@@ -64352,7 +64017,7 @@ index 6740a62..ccb472f 100644
  #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
  
 diff --git a/fs/namei.c b/fs/namei.c
  #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
  
 diff --git a/fs/namei.c b/fs/namei.c

-index a7b05bf..9b251d4 100644
+index bb02687..79cba2c 100644

 --- a/fs/namei.c
 +++ b/fs/namei.c
 @@ -331,17 +331,32 @@ int generic_permission(struct inode *inode, int mask)
 --- a/fs/namei.c
 +++ b/fs/namei.c
 @@ -331,17 +331,32 @@ int generic_permission(struct inode *inode, int mask)


@@ -64640,7 +64305,7 @@ index a7b05bf..9b251d4 100644
        error = -EISDIR;
        if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry))
                goto out;
        error = -EISDIR;
        if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry))
                goto out;

-@@ -3206,7 +3298,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
+@@ -3207,7 +3299,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,

        if (unlikely(error))
                goto out;
  
        if (unlikely(error))
                goto out;
  


@@ -64649,7 +64314,7 @@ index a7b05bf..9b251d4 100644
        while (unlikely(error > 0)) { /* trailing symlink */
                struct path link = path;
                void *cookie;
        while (unlikely(error > 0)) { /* trailing symlink */
                struct path link = path;
                void *cookie;

-@@ -3224,7 +3316,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
+@@ -3225,7 +3317,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,

                error = follow_link(&link, nd, &cookie);
                if (unlikely(error))
                        break;
                error = follow_link(&link, nd, &cookie);
                if (unlikely(error))
                        break;


@@ -64658,7 +64323,7 @@ index a7b05bf..9b251d4 100644
                put_link(nd, &link, cookie);
        }
  out:
                put_link(nd, &link, cookie);
        }
  out:

-@@ -3324,9 +3416,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
+@@ -3325,9 +3417,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname,

                goto unlock;
  
        error = -EEXIST;
                goto unlock;
  
        error = -EEXIST;


@@ -64672,7 +64337,7 @@ index a7b05bf..9b251d4 100644
        /*
         * Special case - lookup gave negative, but... we had foo/bar/
         * From the vfs_mknod() POV we just have a negative dentry -
        /*
         * Special case - lookup gave negative, but... we had foo/bar/
         * From the vfs_mknod() POV we just have a negative dentry -

-@@ -3378,6 +3472,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
+@@ -3379,6 +3473,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,

  }
  EXPORT_SYMBOL(user_path_create);
  
  }
  EXPORT_SYMBOL(user_path_create);
  


@@ -64693,7 +64358,7 @@ index a7b05bf..9b251d4 100644
  int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
  {
        int error = may_create(dir, dentry);
  int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
  {
        int error = may_create(dir, dentry);

-@@ -3441,6 +3549,17 @@ retry:
+@@ -3442,6 +3550,17 @@ retry:

  
        if (!IS_POSIXACL(path.dentry->d_inode))
                mode &= ~current_umask();
  
        if (!IS_POSIXACL(path.dentry->d_inode))
                mode &= ~current_umask();


@@ -64711,7 +64376,7 @@ index a7b05bf..9b251d4 100644
        error = security_path_mknod(&path, dentry, mode, dev);
        if (error)
                goto out;
        error = security_path_mknod(&path, dentry, mode, dev);
        if (error)
                goto out;

-@@ -3456,6 +3575,8 @@ retry:
+@@ -3457,6 +3576,8 @@ retry:

                        error = vfs_mknod(path.dentry->d_inode,dentry,mode,0);
                        break;
        }
                        error = vfs_mknod(path.dentry->d_inode,dentry,mode,0);
                        break;
        }


@@ -64720,7 +64385,7 @@ index a7b05bf..9b251d4 100644
  out:
        done_path_create(&path, dentry);
        if (retry_estale(error, lookup_flags)) {
  out:
        done_path_create(&path, dentry);
        if (retry_estale(error, lookup_flags)) {

-@@ -3510,9 +3631,16 @@ retry:
+@@ -3511,9 +3632,16 @@ retry:

  
        if (!IS_POSIXACL(path.dentry->d_inode))
                mode &= ~current_umask();
  
        if (!IS_POSIXACL(path.dentry->d_inode))
                mode &= ~current_umask();


@@ -64737,7 +64402,7 @@ index a7b05bf..9b251d4 100644
        done_path_create(&path, dentry);
        if (retry_estale(error, lookup_flags)) {
                lookup_flags |= LOOKUP_REVAL;
        done_path_create(&path, dentry);
        if (retry_estale(error, lookup_flags)) {
                lookup_flags |= LOOKUP_REVAL;

-@@ -3595,6 +3723,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -3596,6 +3724,8 @@ static long do_rmdir(int dfd, const char __user *pathname)

        struct filename *name;
        struct dentry *dentry;
        struct nameidata nd;
        struct filename *name;
        struct dentry *dentry;
        struct nameidata nd;


@@ -64746,7 +64411,7 @@ index a7b05bf..9b251d4 100644
        unsigned int lookup_flags = 0;
  retry:
        name = user_path_parent(dfd, pathname, &nd, lookup_flags);
        unsigned int lookup_flags = 0;
  retry:
        name = user_path_parent(dfd, pathname, &nd, lookup_flags);

-@@ -3627,10 +3757,21 @@ retry:
+@@ -3628,10 +3758,21 @@ retry:

                error = -ENOENT;
                goto exit3;
        }
                error = -ENOENT;
                goto exit3;
        }


@@ -64768,7 +64433,7 @@ index a7b05bf..9b251d4 100644
  exit3:
        dput(dentry);
  exit2:
  exit3:
        dput(dentry);
  exit2:

-@@ -3721,6 +3862,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -3722,6 +3863,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)

        struct nameidata nd;
        struct inode *inode = NULL;
        struct inode *delegated_inode = NULL;
        struct nameidata nd;
        struct inode *inode = NULL;
        struct inode *delegated_inode = NULL;


@@ -64777,7 +64442,7 @@ index a7b05bf..9b251d4 100644
        unsigned int lookup_flags = 0;
  retry:
        name = user_path_parent(dfd, pathname, &nd, lookup_flags);
        unsigned int lookup_flags = 0;
  retry:
        name = user_path_parent(dfd, pathname, &nd, lookup_flags);

-@@ -3747,10 +3890,22 @@ retry_deleg:
+@@ -3748,10 +3891,22 @@ retry_deleg:

                if (d_is_negative(dentry))
                        goto slashes;
                ihold(inode);
                if (d_is_negative(dentry))
                        goto slashes;
                ihold(inode);


@@ -64800,7 +64465,7 @@ index a7b05bf..9b251d4 100644
  exit2:
                dput(dentry);
        }
  exit2:
                dput(dentry);
        }

-@@ -3839,9 +3994,17 @@ retry:
+@@ -3840,9 +3995,17 @@ retry:

        if (IS_ERR(dentry))
                goto out_putname;
  
        if (IS_ERR(dentry))
                goto out_putname;
  


@@ -64818,7 +64483,7 @@ index a7b05bf..9b251d4 100644
        done_path_create(&path, dentry);
        if (retry_estale(error, lookup_flags)) {
                lookup_flags |= LOOKUP_REVAL;
        done_path_create(&path, dentry);
        if (retry_estale(error, lookup_flags)) {
                lookup_flags |= LOOKUP_REVAL;

-@@ -3945,6 +4108,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -3946,6 +4109,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,

        struct dentry *new_dentry;
        struct path old_path, new_path;
        struct inode *delegated_inode = NULL;
        struct dentry *new_dentry;
        struct path old_path, new_path;
        struct inode *delegated_inode = NULL;


@@ -64826,7 +64491,7 @@ index a7b05bf..9b251d4 100644
        int how = 0;
        int error;
  
        int how = 0;
        int error;
  

-@@ -3968,7 +4132,7 @@ retry:
+@@ -3969,7 +4133,7 @@ retry:

        if (error)
                return error;
  
        if (error)
                return error;
  


@@ -64835,7 +64500,7 @@ index a7b05bf..9b251d4 100644
                                        (how & LOOKUP_REVAL));
        error = PTR_ERR(new_dentry);
        if (IS_ERR(new_dentry))
                                        (how & LOOKUP_REVAL));
        error = PTR_ERR(new_dentry);
        if (IS_ERR(new_dentry))

-@@ -3980,11 +4144,28 @@ retry:
+@@ -3981,11 +4145,28 @@ retry:

        error = may_linkat(&old_path);
        if (unlikely(error))
                goto out_dput;
        error = may_linkat(&old_path);
        if (unlikely(error))
                goto out_dput;


@@ -64864,7 +64529,7 @@ index a7b05bf..9b251d4 100644
        done_path_create(&new_path, new_dentry);
        if (delegated_inode) {
                error = break_deleg_wait(&delegated_inode);
        done_path_create(&new_path, new_dentry);
        if (delegated_inode) {
                error = break_deleg_wait(&delegated_inode);

-@@ -4295,6 +4476,12 @@ retry_deleg:
+@@ -4296,6 +4477,12 @@ retry_deleg:

        if (new_dentry == trap)
                goto exit5;
  
        if (new_dentry == trap)
                goto exit5;
  


@@ -64877,7 +64542,7 @@ index a7b05bf..9b251d4 100644
        error = security_path_rename(&oldnd.path, old_dentry,
                                     &newnd.path, new_dentry, flags);
        if (error)
        error = security_path_rename(&oldnd.path, old_dentry,
                                     &newnd.path, new_dentry, flags);
        if (error)

-@@ -4302,6 +4489,9 @@ retry_deleg:
+@@ -4303,6 +4490,9 @@ retry_deleg:

        error = vfs_rename(old_dir->d_inode, old_dentry,
                           new_dir->d_inode, new_dentry,
                           &delegated_inode, flags);
        error = vfs_rename(old_dir->d_inode, old_dentry,
                           new_dir->d_inode, new_dentry,
                           &delegated_inode, flags);


@@ -64887,7 +64552,7 @@ index a7b05bf..9b251d4 100644
  exit5:
        dput(new_dentry);
  exit4:
  exit5:
        dput(new_dentry);
  exit4:

-@@ -4344,14 +4534,24 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
+@@ -4345,14 +4535,24 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna

  
  int readlink_copy(char __user *buffer, int buflen, const char *link)
  {
  
  int readlink_copy(char __user *buffer, int buflen, const char *link)
  {


@@ -64914,10 +64579,10 @@ index a7b05bf..9b251d4 100644
  out:
        return len;
 diff --git a/fs/namespace.c b/fs/namespace.c
  out:
        return len;
 diff --git a/fs/namespace.c b/fs/namespace.c

-index ef42d9b..b8dfe4f 100644
+index 550dbff..c4ad324 100644

 --- a/fs/namespace.c
 +++ b/fs/namespace.c
 --- a/fs/namespace.c
 +++ b/fs/namespace.c

-@@ -1360,6 +1360,9 @@ static int do_umount(struct mount *mnt, int flags)
+@@ -1362,6 +1362,9 @@ static int do_umount(struct mount *mnt, int flags)

                if (!(sb->s_flags & MS_RDONLY))
                        retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
                up_write(&sb->s_umount);
                if (!(sb->s_flags & MS_RDONLY))
                        retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
                up_write(&sb->s_umount);


@@ -64927,7 +64592,7 @@ index ef42d9b..b8dfe4f 100644
                return retval;
        }
  
                return retval;
        }
  

-@@ -1382,6 +1385,9 @@ static int do_umount(struct mount *mnt, int flags)
+@@ -1384,6 +1387,9 @@ static int do_umount(struct mount *mnt, int flags)

        }
        unlock_mount_hash();
        namespace_unlock();
        }
        unlock_mount_hash();
        namespace_unlock();


@@ -64937,7 +64602,7 @@ index ef42d9b..b8dfe4f 100644
        return retval;
  }
  
        return retval;
  }
  

-@@ -1401,7 +1407,7 @@ static inline bool may_mount(void)
+@@ -1403,7 +1409,7 @@ static inline bool may_mount(void)

   * unixes. Our API is identical to OSF/1 to avoid making a mess of AMD
   */
  
   * unixes. Our API is identical to OSF/1 to avoid making a mess of AMD
   */
  


@@ -64946,7 +64611,7 @@ index ef42d9b..b8dfe4f 100644
  {
        struct path path;
        struct mount *mnt;
  {
        struct path path;
        struct mount *mnt;

-@@ -1443,7 +1449,7 @@ out:
+@@ -1445,7 +1451,7 @@ out:

  /*
   *    The 2.0 compatible umount. No flags.
   */
  /*
   *    The 2.0 compatible umount. No flags.
   */


@@ -64955,7 +64620,7 @@ index ef42d9b..b8dfe4f 100644
  {
        return sys_umount(name, 0);
  }
  {
        return sys_umount(name, 0);
  }

-@@ -2492,6 +2498,16 @@ long do_mount(const char *dev_name, const char *dir_name,
+@@ -2494,6 +2500,16 @@ long do_mount(const char *dev_name, const char *dir_name,

                   MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
                   MS_STRICTATIME);
  
                   MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
                   MS_STRICTATIME);
  


@@ -64972,7 +64637,7 @@ index ef42d9b..b8dfe4f 100644
        if (flags & MS_REMOUNT)
                retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags,
                                    data_page);
        if (flags & MS_REMOUNT)
                retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags,
                                    data_page);

-@@ -2506,6 +2522,9 @@ long do_mount(const char *dev_name, const char *dir_name,
+@@ -2508,6 +2524,9 @@ long do_mount(const char *dev_name, const char *dir_name,

                                      dev_name, data_page);
  dput_out:
        path_put(&path);
                                      dev_name, data_page);
  dput_out:
        path_put(&path);


@@ -64982,7 +64647,7 @@ index ef42d9b..b8dfe4f 100644
        return retval;
  }
  
        return retval;
  }
  

-@@ -2523,7 +2542,7 @@ static void free_mnt_ns(struct mnt_namespace *ns)
+@@ -2525,7 +2544,7 @@ static void free_mnt_ns(struct mnt_namespace *ns)

   * number incrementing at 10Ghz will take 12,427 years to wrap which
   * is effectively never, so we can ignore the possibility.
   */
   * number incrementing at 10Ghz will take 12,427 years to wrap which
   * is effectively never, so we can ignore the possibility.
   */


@@ -64991,7 +64656,7 @@ index ef42d9b..b8dfe4f 100644
  
  static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
  {
  
  static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
  {

-@@ -2538,7 +2557,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
+@@ -2540,7 +2559,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)

                kfree(new_ns);
                return ERR_PTR(ret);
        }
                kfree(new_ns);
                return ERR_PTR(ret);
        }


@@ -65000,7 +64665,7 @@ index ef42d9b..b8dfe4f 100644
        atomic_set(&new_ns->count, 1);
        new_ns->root = NULL;
        INIT_LIST_HEAD(&new_ns->list);
        atomic_set(&new_ns->count, 1);
        new_ns->root = NULL;
        INIT_LIST_HEAD(&new_ns->list);

-@@ -2548,7 +2567,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
+@@ -2550,7 +2569,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)

        return new_ns;
  }
  
        return new_ns;
  }
  


@@ -65009,7 +64674,7 @@ index ef42d9b..b8dfe4f 100644
                struct user_namespace *user_ns, struct fs_struct *new_fs)
  {
        struct mnt_namespace *new_ns;
                struct user_namespace *user_ns, struct fs_struct *new_fs)
  {
        struct mnt_namespace *new_ns;

-@@ -2669,8 +2688,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name)
+@@ -2671,8 +2690,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name)

  }
  EXPORT_SYMBOL(mount_subtree);
  
  }
  EXPORT_SYMBOL(mount_subtree);
  


@@ -65020,7 +64685,7 @@ index ef42d9b..b8dfe4f 100644
  {
        int ret;
        char *kernel_type;
  {
        int ret;
        char *kernel_type;

-@@ -2783,6 +2802,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
+@@ -2785,6 +2804,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,

        if (error)
                goto out2;
  
        if (error)
                goto out2;
  


@@ -65032,17 +64697,7 @@ index ef42d9b..b8dfe4f 100644
        get_fs_root(current->fs, &root);
        old_mp = lock_mount(&old);
        error = PTR_ERR(old_mp);
        get_fs_root(current->fs, &root);
        old_mp = lock_mount(&old);
        error = PTR_ERR(old_mp);

-@@ -2820,6 +2844,9 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
-       /* make sure we can reach put_old from new_root */
-       if (!is_path_reachable(old_mnt, old.dentry, &new))
-               goto out4;
-+      /* make certain new is below the root */
-+      if (!is_path_reachable(new_mnt, new.dentry, &root))
-+              goto out4;
-       root_mp->m_count++; /* pin it so it won't go away */
-       lock_mount_hash();
-       detach_mnt(new_mnt, &parent_path);
-@@ -3051,7 +3078,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns)
+@@ -3056,7 +3080,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns)

            !ns_capable(current_user_ns(), CAP_SYS_ADMIN))
                return -EPERM;
  
            !ns_capable(current_user_ns(), CAP_SYS_ADMIN))
                return -EPERM;
  


@@ -65065,7 +64720,7 @@ index f4ccfe6..a5cf064 100644
  static struct callback_op callback_ops[];
  
 diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
  static struct callback_op callback_ops[];
  
 diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c

-index 577a36f..1cde799 100644
+index 0689aa5..299386e 100644

 --- a/fs/nfs/inode.c
 +++ b/fs/nfs/inode.c
 @@ -1228,16 +1228,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt
 --- a/fs/nfs/inode.c
 +++ b/fs/nfs/inode.c
 @@ -1228,16 +1228,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt


@@ -65089,7 +64744,7 @@ index 577a36f..1cde799 100644
  
  void nfs_fattr_init(struct nfs_fattr *fattr)
 diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
  
  void nfs_fattr_init(struct nfs_fattr *fattr)
 diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c

-index 5e0dc52..64681bc 100644
+index 1d3cb47..2b8ed89 100644

 --- a/fs/nfsd/nfs4proc.c
 +++ b/fs/nfsd/nfs4proc.c
 @@ -1155,7 +1155,7 @@ struct nfsd4_operation {
 --- a/fs/nfsd/nfs4proc.c
 +++ b/fs/nfsd/nfs4proc.c
 @@ -1155,7 +1155,7 @@ struct nfsd4_operation {


@@ -65102,7 +64757,7 @@ index 5e0dc52..64681bc 100644
  static struct nfsd4_operation nfsd4_ops[];
  
 diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
  static struct nfsd4_operation nfsd4_ops[];
  
 diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c

-index b01f6e1..4aab09a 100644
+index 353aac8..32035ee 100644

 --- a/fs/nfsd/nfs4xdr.c
 +++ b/fs/nfsd/nfs4xdr.c
 @@ -1534,7 +1534,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
 --- a/fs/nfsd/nfs4xdr.c
 +++ b/fs/nfsd/nfs4xdr.c
 @@ -1534,7 +1534,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)


@@ -65153,7 +64808,7 @@ index ff95676..96cf3f62 100644
                break;
        case RC_REPLBUFF:
 diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
                break;
        case RC_REPLBUFF:
 diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c

-index f501a9b..8155556 100644
+index 6ab077b..5ac7f0b 100644

 --- a/fs/nfsd/vfs.c
 +++ b/fs/nfsd/vfs.c
 @@ -855,7 +855,7 @@ __be32 nfsd_readv(struct file *file, loff_t offset, struct kvec *vec, int vlen,
 --- a/fs/nfsd/vfs.c
 +++ b/fs/nfsd/vfs.c
 @@ -855,7 +855,7 @@ __be32 nfsd_readv(struct file *file, loff_t offset, struct kvec *vec, int vlen,


@@ -65289,7 +64944,7 @@ index a80a741..7b96e1b 100644
        }
  
 diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
        }
  
 diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c

-index b13992a..536c8d8 100644
+index c991616..5ae51af 100644

 --- a/fs/notify/fanotify/fanotify_user.c
 +++ b/fs/notify/fanotify/fanotify_user.c
 @@ -216,8 +216,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group,
 --- a/fs/notify/fanotify/fanotify_user.c
 +++ b/fs/notify/fanotify/fanotify_user.c
 @@ -216,8 +216,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group,


@@ -65412,6 +65067,19 @@ index 0440134..d52c93a 100644
  
  bail:
        if (handle)
  
  bail:
        if (handle)

+diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c
+index 8add6f1..b931e04 100644
+--- a/fs/ocfs2/namei.c
++++ b/fs/ocfs2/namei.c
+@@ -158,7 +158,7 @@ bail_add:
+                * NOTE: This dentry already has ->d_op set from
+                * ocfs2_get_parent() and ocfs2_get_dentry()
+                */
+-              if (ret)
++              if (!IS_ERR_OR_NULL(ret))
+                       dentry = ret;
+ 
+               status = ocfs2_dentry_attach_lock(dentry, inode,

 diff --git a/fs/ocfs2/ocfs2.h b/fs/ocfs2/ocfs2.h
 index bbec539..7b266d5 100644
 --- a/fs/ocfs2/ocfs2.h
 diff --git a/fs/ocfs2/ocfs2.h b/fs/ocfs2/ocfs2.h
 index bbec539..7b266d5 100644
 --- a/fs/ocfs2/ocfs2.h


@@ -68156,19 +67824,6 @@ index ae0c3ce..9ee641c 100644
  
        generic_fillattr(inode, stat);
        return 0;
  
        generic_fillattr(inode, stat);
        return 0;

-diff --git a/fs/super.c b/fs/super.c
-index b9a214d..6f8c954 100644
---- a/fs/super.c
-+++ b/fs/super.c
-@@ -80,6 +80,8 @@ static unsigned long super_cache_scan(struct shrinker *shrink,
-       inodes = list_lru_count_node(&sb->s_inode_lru, sc->nid);
-       dentries = list_lru_count_node(&sb->s_dentry_lru, sc->nid);
-       total_objects = dentries + inodes + fs_objects + 1;
-+      if (!total_objects)
-+              total_objects = 1;
- 
-       /* proportion the scan between the caches */
-       dentries = mult_frac(sc->nr_to_scan, dentries, total_objects);

 diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
 index 0b45ff4..847de5b 100644
 --- a/fs/sysfs/dir.c
 diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
 index 0b45ff4..847de5b 100644
 --- a/fs/sysfs/dir.c


@@ -68498,6 +68153,28 @@ index 3799695..0ddc953 100644
            copy_to_user(hreq->ohandlen, &hsize, sizeof(__s32)))
                goto out_put;
  
            copy_to_user(hreq->ohandlen, &hsize, sizeof(__s32)))
                goto out_put;
  

+diff --git a/fs/xfs/xfs_linux.h b/fs/xfs/xfs_linux.h
+index d10dc8f..56b3430 100644
+--- a/fs/xfs/xfs_linux.h
++++ b/fs/xfs/xfs_linux.h
+@@ -230,7 +230,7 @@ static inline kgid_t xfs_gid_to_kgid(__uint32_t gid)
+  * of the compiler which do not like us using do_div in the middle
+  * of large functions.
+  */
+-static inline __u32 xfs_do_div(void *a, __u32 b, int n)
++static inline __u32 __intentional_overflow(-1) xfs_do_div(void *a, __u32 b, int n)
+ {
+       __u32   mod;
+ 
+@@ -286,7 +286,7 @@ static inline __u32 xfs_do_mod(void *a, __u32 b, int n)
+       return 0;
+ }
+ #else
+-static inline __u32 xfs_do_div(void *a, __u32 b, int n)
++static inline __u32 __intentional_overflow(-1) xfs_do_div(void *a, __u32 b, int n)
+ {
+       __u32   mod;
+ 

 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
 new file mode 100644
 index 0000000..f27264e
 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
 new file mode 100644
 index 0000000..f27264e


@@ -80500,10 +80177,10 @@ index cbc5833..8123ebc 100644
        if (sizeof(l) == 4)
                return fls(l);
 diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
        if (sizeof(l) == 4)
                return fls(l);
 diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h

-index 518b465..11953e6 100644
+index f2057ff8..59dfa2d 100644

 --- a/include/linux/blkdev.h
 +++ b/include/linux/blkdev.h
 --- a/include/linux/blkdev.h
 +++ b/include/linux/blkdev.h

-@@ -1627,7 +1627,7 @@ struct block_device_operations {
+@@ -1625,7 +1625,7 @@ struct block_device_operations {

        /* this callback is with swap_lock and sometimes page table lock held */
        void (*swap_slot_free_notify) (struct block_device *, unsigned long);
        struct module *owner;
        /* this callback is with swap_lock and sometimes page table lock held */
        void (*swap_slot_free_notify) (struct block_device *, unsigned long);
        struct module *owner;


@@ -80600,19 +80277,6 @@ index 411dd7e..ee38878 100644
  
  /**
   * struct clk_init_data - holds init data that's common to all clocks and is
  
  /**
   * struct clk_init_data - holds init data that's common to all clocks and is

-diff --git a/include/linux/clocksource.h b/include/linux/clocksource.h
-index 653f0e2..abcafaa 100644
---- a/include/linux/clocksource.h
-+++ b/include/linux/clocksource.h
-@@ -287,7 +287,7 @@ extern struct clocksource* clocksource_get_next(void);
- extern void clocksource_change_rating(struct clocksource *cs, int rating);
- extern void clocksource_suspend(void);
- extern void clocksource_resume(void);
--extern struct clocksource * __init __weak clocksource_default_clock(void);
-+extern struct clocksource * __init clocksource_default_clock(void);
- extern void clocksource_mark_unstable(struct clocksource *cs);
- 
- extern u64

 diff --git a/include/linux/compat.h b/include/linux/compat.h
 index e649426..a74047b 100644
 --- a/include/linux/compat.h
 diff --git a/include/linux/compat.h b/include/linux/compat.h
 index e649426..a74047b 100644
 --- a/include/linux/compat.h


@@ -80947,32 +80611,6 @@ index 2997af6..424ddc1 100644
  int cpumask_any_but(const struct cpumask *mask, unsigned int cpu);
  int cpumask_set_cpu_local_first(int i, int numa_node, cpumask_t *dstp);
  
  int cpumask_any_but(const struct cpumask *mask, unsigned int cpu);
  int cpumask_set_cpu_local_first(int i, int numa_node, cpumask_t *dstp);
  

-diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h
-index 72ab536..3849fce 100644
---- a/include/linux/crash_dump.h
-+++ b/include/linux/crash_dump.h
-@@ -14,14 +14,13 @@
- extern unsigned long long elfcorehdr_addr;
- extern unsigned long long elfcorehdr_size;
- 
--extern int __weak elfcorehdr_alloc(unsigned long long *addr,
--                                 unsigned long long *size);
--extern void __weak elfcorehdr_free(unsigned long long addr);
--extern ssize_t __weak elfcorehdr_read(char *buf, size_t count, u64 *ppos);
--extern ssize_t __weak elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos);
--extern int __weak remap_oldmem_pfn_range(struct vm_area_struct *vma,
--                                       unsigned long from, unsigned long pfn,
--                                       unsigned long size, pgprot_t prot);
-+extern int elfcorehdr_alloc(unsigned long long *addr, unsigned long long *size);
-+extern void elfcorehdr_free(unsigned long long addr);
-+extern ssize_t elfcorehdr_read(char *buf, size_t count, u64 *ppos);
-+extern ssize_t elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos);
-+extern int remap_oldmem_pfn_range(struct vm_area_struct *vma,
-+                                unsigned long from, unsigned long pfn,
-+                                unsigned long size, pgprot_t prot);
- 
- extern ssize_t copy_oldmem_page(unsigned long, char *, size_t,
-                                               unsigned long, int);

 diff --git a/include/linux/cred.h b/include/linux/cred.h
 index b2d0820..2ecafd3 100644
 --- a/include/linux/cred.h
 diff --git a/include/linux/cred.h b/include/linux/cred.h
 index b2d0820..2ecafd3 100644
 --- a/include/linux/cred.h


@@ -83253,7 +82891,7 @@ index 44792ee..6172f2a 100644
  extern struct key_type key_type_keyring;
  
 diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h
  extern struct key_type key_type_keyring;
  
 diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h

-index 6b06d37..19f605f 100644
+index e465bb1..19f605f 100644

 --- a/include/linux/kgdb.h
 +++ b/include/linux/kgdb.h
 @@ -52,7 +52,7 @@ extern int kgdb_connected;
 --- a/include/linux/kgdb.h
 +++ b/include/linux/kgdb.h
 @@ -52,7 +52,7 @@ extern int kgdb_connected;


@@ -83274,7 +82912,7 @@ index 6b06d37..19f605f 100644
  
  /**
   * struct kgdb_io - Describe the interface for an I/O driver to talk with KGDB.
  
  /**
   * struct kgdb_io - Describe the interface for an I/O driver to talk with KGDB.

-@@ -279,11 +279,11 @@ struct kgdb_io {
+@@ -279,7 +279,7 @@ struct kgdb_io {

        void                    (*pre_exception) (void);
        void                    (*post_exception) (void);
        int                     is_console;
        void                    (*pre_exception) (void);
        void                    (*post_exception) (void);
        int                     is_console;


@@ -83283,11 +82921,6 @@ index 6b06d37..19f605f 100644
  
  extern struct kgdb_arch               arch_kgdb_ops;
  
  
  extern struct kgdb_arch               arch_kgdb_ops;
  

--extern unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs);
-+extern unsigned long kgdb_arch_pc(int exception, struct pt_regs *regs);
- 
- #ifdef CONFIG_SERIAL_KGDB_NMI
- extern int kgdb_register_nmi_console(void);

 diff --git a/include/linux/kmod.h b/include/linux/kmod.h
 index 0555cc6..40116ce 100644
 --- a/include/linux/kmod.h
 diff --git a/include/linux/kmod.h b/include/linux/kmod.h
 index 0555cc6..40116ce 100644
 --- a/include/linux/kmod.h


@@ -83537,19 +83170,6 @@ index c45c089..298841c 100644
  {
        u32 remainder;
        return div_u64_rem(dividend, divisor, &remainder);
  {
        u32 remainder;
        return div_u64_rem(dividend, divisor, &remainder);

-diff --git a/include/linux/memory.h b/include/linux/memory.h
-index bb7384e..8b8d8d1 100644
---- a/include/linux/memory.h
-+++ b/include/linux/memory.h
-@@ -35,7 +35,7 @@ struct memory_block {
- };
- 
- int arch_get_memory_phys_device(unsigned long start_pfn);
--unsigned long __weak memory_block_size_bytes(void);
-+unsigned long memory_block_size_bytes(void);
- 
- /* These states are exposed to userspace as text strings in sysfs */
- #define       MEM_ONLINE              (1<<0) /* exposed to userspace */

 diff --git a/include/linux/mempolicy.h b/include/linux/mempolicy.h
 index f230a97..714c006 100644
 --- a/include/linux/mempolicy.h
 diff --git a/include/linux/mempolicy.h b/include/linux/mempolicy.h
 index f230a97..714c006 100644
 --- a/include/linux/mempolicy.h


@@ -83576,7 +83196,7 @@ index f230a97..714c006 100644
  static inline int
  vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst)
 diff --git a/include/linux/mm.h b/include/linux/mm.h
  static inline int
  vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst)
 diff --git a/include/linux/mm.h b/include/linux/mm.h

-index 8981cc8..76fd8c2 100644
+index f952cc8..b9f6135 100644

 --- a/include/linux/mm.h
 +++ b/include/linux/mm.h
 @@ -127,6 +127,11 @@ extern unsigned int kobjsize(const void *objp);
 --- a/include/linux/mm.h
 +++ b/include/linux/mm.h
 @@ -127,6 +127,11 @@ extern unsigned int kobjsize(const void *objp);


@@ -83610,7 +83230,7 @@ index 8981cc8..76fd8c2 100644
  
  struct mmu_gather;
  struct inode;
  
  struct mmu_gather;
  struct inode;

-@@ -1144,8 +1150,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address,
+@@ -1163,8 +1169,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address,

        unsigned long *pfn);
  int follow_phys(struct vm_area_struct *vma, unsigned long address,
                unsigned int flags, unsigned long *prot, resource_size_t *phys);
        unsigned long *pfn);
  int follow_phys(struct vm_area_struct *vma, unsigned long address,
                unsigned int flags, unsigned long *prot, resource_size_t *phys);


@@ -83621,7 +83241,7 @@ index 8981cc8..76fd8c2 100644
  
  static inline void unmap_shared_mapping_range(struct address_space *mapping,
                loff_t const holebegin, loff_t const holelen)
  
  static inline void unmap_shared_mapping_range(struct address_space *mapping,
                loff_t const holebegin, loff_t const holelen)

-@@ -1184,9 +1190,9 @@ static inline int fixup_user_fault(struct task_struct *tsk,
+@@ -1204,9 +1210,9 @@ static inline int fixup_user_fault(struct task_struct *tsk,

  }
  #endif
  
  }
  #endif
  


@@ -83634,7 +83254,7 @@ index 8981cc8..76fd8c2 100644
  
  long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
                      unsigned long start, unsigned long nr_pages,
  
  long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
                      unsigned long start, unsigned long nr_pages,

-@@ -1219,34 +1225,6 @@ int set_page_dirty_lock(struct page *page);
+@@ -1238,34 +1244,6 @@ int set_page_dirty_lock(struct page *page);

  int clear_page_dirty_for_io(struct page *page);
  int get_cmdline(struct task_struct *task, char *buffer, int buflen);
  
  int clear_page_dirty_for_io(struct page *page);
  int get_cmdline(struct task_struct *task, char *buffer, int buflen);
  


@@ -83669,7 +83289,7 @@ index 8981cc8..76fd8c2 100644
  extern pid_t
  vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group);
  
  extern pid_t
  vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group);
  

-@@ -1346,6 +1324,15 @@ static inline void sync_mm_rss(struct mm_struct *mm)
+@@ -1365,6 +1343,15 @@ static inline void sync_mm_rss(struct mm_struct *mm)

  }
  #endif
  
  }
  #endif
  


@@ -83685,7 +83305,7 @@ index 8981cc8..76fd8c2 100644
  int vma_wants_writenotify(struct vm_area_struct *vma);
  
  extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr,
  int vma_wants_writenotify(struct vm_area_struct *vma);
  
  extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr,

-@@ -1364,8 +1351,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd,
+@@ -1383,8 +1370,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd,

  {
        return 0;
  }
  {
        return 0;
  }


@@ -83701,7 +83321,7 @@ index 8981cc8..76fd8c2 100644
  #endif
  
  #ifdef __PAGETABLE_PMD_FOLDED
  #endif
  
  #ifdef __PAGETABLE_PMD_FOLDED

-@@ -1374,8 +1368,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud,
+@@ -1393,8 +1387,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud,

  {
        return 0;
  }
  {
        return 0;
  }


@@ -83717,7 +83337,7 @@ index 8981cc8..76fd8c2 100644
  #endif
  
  int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma,
  #endif
  
  int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma,

-@@ -1393,11 +1394,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a
+@@ -1412,11 +1413,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a

                NULL: pud_offset(pgd, address);
  }
  
                NULL: pud_offset(pgd, address);
  }
  


@@ -83741,7 +83361,7 @@ index 8981cc8..76fd8c2 100644
  #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */
  
  #if USE_SPLIT_PTE_PTLOCKS
  #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */
  
  #if USE_SPLIT_PTE_PTLOCKS

-@@ -1796,7 +1809,7 @@ extern int install_special_mapping(struct mm_struct *mm,
+@@ -1815,7 +1828,7 @@ extern int install_special_mapping(struct mm_struct *mm,

                                   unsigned long addr, unsigned long len,
                                   unsigned long flags, struct page **pages);
  
                                   unsigned long addr, unsigned long len,
                                   unsigned long flags, struct page **pages);
  


@@ -83750,7 +83370,7 @@ index 8981cc8..76fd8c2 100644
  
  extern unsigned long mmap_region(struct file *file, unsigned long addr,
        unsigned long len, vm_flags_t vm_flags, unsigned long pgoff);
  
  extern unsigned long mmap_region(struct file *file, unsigned long addr,
        unsigned long len, vm_flags_t vm_flags, unsigned long pgoff);

-@@ -1804,6 +1817,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+@@ -1823,6 +1836,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,

        unsigned long len, unsigned long prot, unsigned long flags,
        unsigned long pgoff, unsigned long *populate);
  extern int do_munmap(struct mm_struct *, unsigned long, size_t);
        unsigned long len, unsigned long prot, unsigned long flags,
        unsigned long pgoff, unsigned long *populate);
  extern int do_munmap(struct mm_struct *, unsigned long, size_t);


@@ -83758,7 +83378,7 @@ index 8981cc8..76fd8c2 100644
  
  #ifdef CONFIG_MMU
  extern int __mm_populate(unsigned long addr, unsigned long len,
  
  #ifdef CONFIG_MMU
  extern int __mm_populate(unsigned long addr, unsigned long len,

-@@ -1832,10 +1846,11 @@ struct vm_unmapped_area_info {
+@@ -1851,10 +1865,11 @@ struct vm_unmapped_area_info {

        unsigned long high_limit;
        unsigned long align_mask;
        unsigned long align_offset;
        unsigned long high_limit;
        unsigned long align_mask;
        unsigned long align_offset;


@@ -83772,7 +83392,7 @@ index 8981cc8..76fd8c2 100644
  
  /*
   * Search for an unmapped address range.
  
  /*
   * Search for an unmapped address range.

-@@ -1847,7 +1862,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info);
+@@ -1866,7 +1881,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info);

   * - satisfies (begin_addr & align_mask) == (align_offset & align_mask)
   */
  static inline unsigned long
   * - satisfies (begin_addr & align_mask) == (align_offset & align_mask)
   */
  static inline unsigned long


@@ -83781,7 +83401,7 @@ index 8981cc8..76fd8c2 100644
  {
        if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN))
                return unmapped_area(info);
  {
        if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN))
                return unmapped_area(info);

-@@ -1909,6 +1924,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
+@@ -1928,6 +1943,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add

  extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
                                             struct vm_area_struct **pprev);
  
  extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
                                             struct vm_area_struct **pprev);
  


@@ -83792,7 +83412,7 @@ index 8981cc8..76fd8c2 100644
  /* Look up the first VMA which intersects the interval start_addr..end_addr-1,
     NULL if none.  Assume start_addr < end_addr. */
  static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
  /* Look up the first VMA which intersects the interval start_addr..end_addr-1,
     NULL if none.  Assume start_addr < end_addr. */
  static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)

-@@ -1937,15 +1956,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
+@@ -1956,15 +1975,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,

        return vma;
  }
  
        return vma;
  }
  


@@ -83808,7 +83428,7 @@ index 8981cc8..76fd8c2 100644
  #ifdef CONFIG_NUMA_BALANCING
  unsigned long change_prot_numa(struct vm_area_struct *vma,
                        unsigned long start, unsigned long end);
  #ifdef CONFIG_NUMA_BALANCING
  unsigned long change_prot_numa(struct vm_area_struct *vma,
                        unsigned long start, unsigned long end);

-@@ -1997,6 +2007,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
+@@ -2016,6 +2026,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);

  static inline void vm_stat_account(struct mm_struct *mm,
                        unsigned long flags, struct file *file, long pages)
  {
  static inline void vm_stat_account(struct mm_struct *mm,
                        unsigned long flags, struct file *file, long pages)
  {


@@ -83820,7 +83440,7 @@ index 8981cc8..76fd8c2 100644
        mm->total_vm += pages;
  }
  #endif /* CONFIG_PROC_FS */
        mm->total_vm += pages;
  }
  #endif /* CONFIG_PROC_FS */

-@@ -2085,7 +2100,7 @@ extern int unpoison_memory(unsigned long pfn);
+@@ -2104,7 +2119,7 @@ extern int unpoison_memory(unsigned long pfn);

  extern int sysctl_memory_failure_early_kill;
  extern int sysctl_memory_failure_recovery;
  extern void shake_page(struct page *p, int access);
  extern int sysctl_memory_failure_early_kill;
  extern int sysctl_memory_failure_recovery;
  extern void shake_page(struct page *p, int access);


@@ -83829,7 +83449,7 @@ index 8981cc8..76fd8c2 100644
  extern int soft_offline_page(struct page *page, int flags);
  
  #if defined(CONFIG_TRANSPARENT_HUGEPAGE) || defined(CONFIG_HUGETLBFS)
  extern int soft_offline_page(struct page *page, int flags);
  
  #if defined(CONFIG_TRANSPARENT_HUGEPAGE) || defined(CONFIG_HUGETLBFS)

-@@ -2120,5 +2135,11 @@ void __init setup_nr_node_ids(void);
+@@ -2139,5 +2154,11 @@ void __init setup_nr_node_ids(void);

  static inline void setup_nr_node_ids(void) {}
  #endif
  
  static inline void setup_nr_node_ids(void) {}
  #endif
  


@@ -83906,10 +83526,10 @@ index c5d5278..f0b68c8 100644
  }
  
 diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
  }
  
 diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h

-index 318df70..b74ec01 100644
+index b21bac4..94142ca 100644

 --- a/include/linux/mmzone.h
 +++ b/include/linux/mmzone.h
 --- a/include/linux/mmzone.h
 +++ b/include/linux/mmzone.h

-@@ -518,7 +518,7 @@ struct zone {
+@@ -527,7 +527,7 @@ struct zone {

  
        ZONE_PADDING(_pad3_)
        /* Zone statistics */
  
        ZONE_PADDING(_pad3_)
        /* Zone statistics */


@@ -85009,7 +84629,7 @@ index ed8f9e7..999bc96 100644
  }
  
 diff --git a/include/linux/sched.h b/include/linux/sched.h
  }
  
 diff --git a/include/linux/sched.h b/include/linux/sched.h

-index b867a4d..84f03ad 100644
+index 2b1d9e9..10ba706 100644

 --- a/include/linux/sched.h
 +++ b/include/linux/sched.h
 @@ -132,6 +132,7 @@ struct fs_struct;
 --- a/include/linux/sched.h
 +++ b/include/linux/sched.h
 @@ -132,6 +132,7 @@ struct fs_struct;


@@ -85255,7 +84875,7 @@ index b867a4d..84f03ad 100644
  {
        return tsk->pid;
  }
  {
        return tsk->pid;
  }

-@@ -2095,6 +2209,25 @@ extern u64 sched_clock_cpu(int cpu);
+@@ -2097,6 +2211,25 @@ extern u64 sched_clock_cpu(int cpu);

  
  extern void sched_clock_init(void);
  
  
  extern void sched_clock_init(void);
  


@@ -85281,7 +84901,7 @@ index b867a4d..84f03ad 100644
  #ifndef CONFIG_HAVE_UNSTABLE_SCHED_CLOCK
  static inline void sched_clock_tick(void)
  {
  #ifndef CONFIG_HAVE_UNSTABLE_SCHED_CLOCK
  static inline void sched_clock_tick(void)
  {

-@@ -2228,7 +2361,9 @@ void yield(void);
+@@ -2230,7 +2363,9 @@ void yield(void);

  extern struct exec_domain     default_exec_domain;
  
  union thread_union {
  extern struct exec_domain     default_exec_domain;
  
  union thread_union {


@@ -85291,7 +84911,7 @@ index b867a4d..84f03ad 100644
        unsigned long stack[THREAD_SIZE/sizeof(long)];
  };
  
        unsigned long stack[THREAD_SIZE/sizeof(long)];
  };
  

-@@ -2261,6 +2396,7 @@ extern struct pid_namespace init_pid_ns;
+@@ -2263,6 +2398,7 @@ extern struct pid_namespace init_pid_ns;

   */
  
  extern struct task_struct *find_task_by_vpid(pid_t nr);
   */
  
  extern struct task_struct *find_task_by_vpid(pid_t nr);


@@ -85299,7 +84919,7 @@ index b867a4d..84f03ad 100644
  extern struct task_struct *find_task_by_pid_ns(pid_t nr,
                struct pid_namespace *ns);
  
  extern struct task_struct *find_task_by_pid_ns(pid_t nr,
                struct pid_namespace *ns);
  

-@@ -2425,7 +2561,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
+@@ -2427,7 +2563,7 @@ extern void __cleanup_sighand(struct sighand_struct *);

  extern void exit_itimers(struct signal_struct *);
  extern void flush_itimer_signals(void);
  
  extern void exit_itimers(struct signal_struct *);
  extern void flush_itimer_signals(void);
  


@@ -85308,7 +84928,7 @@ index b867a4d..84f03ad 100644
  
  extern int do_execve(struct filename *,
                     const char __user * const __user *,
  
  extern int do_execve(struct filename *,
                     const char __user * const __user *,

-@@ -2640,9 +2776,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
+@@ -2642,9 +2778,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)

  
  #endif
  
  
  #endif
  


@@ -85680,29 +85300,6 @@ index 680f9a3..f13aeb0 100644
        __SONET_ITEMS
  #undef __HANDLE_ITEM
  };
        __SONET_ITEMS
  #undef __HANDLE_ITEM
  };

-diff --git a/include/linux/string.h b/include/linux/string.h
-index d36977e..3b42b37 100644
---- a/include/linux/string.h
-+++ b/include/linux/string.h
-@@ -132,7 +132,7 @@ int bprintf(u32 *bin_buf, size_t size, const char *fmt, ...) __printf(3, 4);
- #endif
- 
- extern ssize_t memory_read_from_buffer(void *to, size_t count, loff_t *ppos,
--                      const void *from, size_t available);
-+                                     const void *from, size_t available);
- 
- /**
-  * strstarts - does @str start with @prefix?
-@@ -144,7 +144,8 @@ static inline bool strstarts(const char *str, const char *prefix)
-       return strncmp(str, prefix, strlen(prefix)) == 0;
- }
- 
--extern size_t memweight(const void *ptr, size_t bytes);
-+size_t memweight(const void *ptr, size_t bytes);
-+void memzero_explicit(void *s, size_t count);
- 
- /**
-  * kbasename - return the last part of a pathname.

 diff --git a/include/linux/sunrpc/addr.h b/include/linux/sunrpc/addr.h
 index 07d8e53..dc934c9 100644
 --- a/include/linux/sunrpc/addr.h
 diff --git a/include/linux/sunrpc/addr.h b/include/linux/sunrpc/addr.h
 index 07d8e53..dc934c9 100644
 --- a/include/linux/sunrpc/addr.h


@@ -87047,7 +86644,7 @@ index 4a5b9a3..ca27d73 100644
                .combine = sctp_csum_combine,
        };
 diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h
                .combine = sctp_csum_combine,
        };
 diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h

-index 7f4eeb3..37e8fe1 100644
+index 72a31db..aaa63d9 100644

 --- a/include/net/sctp/sm.h
 +++ b/include/net/sctp/sm.h
 @@ -80,7 +80,7 @@ typedef void (sctp_timer_event_t) (unsigned long);
 --- a/include/net/sctp/sm.h
 +++ b/include/net/sctp/sm.h
 @@ -80,7 +80,7 @@ typedef void (sctp_timer_event_t) (unsigned long);


@@ -88102,7 +87699,7 @@ index bece48c..e911bd8 100644
        next_state = Reset;
        return 0;
 diff --git a/init/main.c b/init/main.c
        next_state = Reset;
        return 0;
 diff --git a/init/main.c b/init/main.c

-index bb1aed9..64f9745 100644
+index d0f4b59..0c4b184 100644

 --- a/init/main.c
 +++ b/init/main.c
 @@ -98,6 +98,8 @@ extern void radix_tree_init(void);
 --- a/init/main.c
 +++ b/init/main.c
 @@ -98,6 +98,8 @@ extern void radix_tree_init(void);


@@ -88303,7 +87900,7 @@ index b5ef4f7..ff31d87 100644
        case SHMDT:
                return sys_shmdt(compat_ptr(ptr));
 diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c
        case SHMDT:
                return sys_shmdt(compat_ptr(ptr));
 diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c

-index c3f0326..d4e0579 100644
+index e8075b2..76f2c6a 100644

 --- a/ipc/ipc_sysctl.c
 +++ b/ipc/ipc_sysctl.c
 @@ -30,7 +30,7 @@ static void *get_ipc(struct ctl_table *table)
 --- a/ipc/ipc_sysctl.c
 +++ b/ipc/ipc_sysctl.c
 @@ -30,7 +30,7 @@ static void *get_ipc(struct ctl_table *table)


@@ -88348,9 +87945,9 @@ index c3f0326..d4e0579 100644
  {
 -      struct ctl_table ipc_table;
 +      ctl_table_no_const ipc_table;
  {
 -      struct ctl_table ipc_table;
 +      ctl_table_no_const ipc_table;

-       size_t lenp_bef = *lenp;

        int oldval;
        int rc;
        int oldval;
        int rc;

+ 

 diff --git a/ipc/mq_sysctl.c b/ipc/mq_sysctl.c
 index 68d4e95..1477ded 100644
 --- a/ipc/mq_sysctl.c
 diff --git a/ipc/mq_sysctl.c b/ipc/mq_sysctl.c
 index 68d4e95..1477ded 100644
 --- a/ipc/mq_sysctl.c


@@ -88478,7 +88075,7 @@ index 27d74e6..8be0be2 100644
        if ((requested_mode & ~granted_mode & 0007) &&
            !ns_capable(ns->user_ns, CAP_IPC_OWNER))
 diff --git a/kernel/audit.c b/kernel/audit.c
        if ((requested_mode & ~granted_mode & 0007) &&
            !ns_capable(ns->user_ns, CAP_IPC_OWNER))
 diff --git a/kernel/audit.c b/kernel/audit.c

-index ba2ff5a..c6c0deb 100644
+index 6726aa6..bb864a9 100644

 --- a/kernel/audit.c
 +++ b/kernel/audit.c
 @@ -122,7 +122,7 @@ u32                audit_sig_sid = 0;
 --- a/kernel/audit.c
 +++ b/kernel/audit.c
 @@ -122,7 +122,7 @@ u32                audit_sig_sid = 0;


@@ -89185,7 +88782,7 @@ index 379650b..30c5180 100644
  #ifdef CONFIG_MODULE_UNLOAD
                {
 diff --git a/kernel/events/core.c b/kernel/events/core.c
  #ifdef CONFIG_MODULE_UNLOAD
                {
 diff --git a/kernel/events/core.c b/kernel/events/core.c

-index 963bf13..a78dd3e 100644
+index 658f232..32e9595 100644

 --- a/kernel/events/core.c
 +++ b/kernel/events/core.c
 @@ -161,8 +161,15 @@ static struct srcu_struct pmus_srcu;
 --- a/kernel/events/core.c
 +++ b/kernel/events/core.c
 @@ -161,8 +161,15 @@ static struct srcu_struct pmus_srcu;


@@ -89223,7 +88820,7 @@ index 963bf13..a78dd3e 100644
  
  static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
                              enum event_type_t event_type);
  
  static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
                              enum event_type_t event_type);

-@@ -3034,7 +3041,7 @@ static void __perf_event_read(void *info)
+@@ -3051,7 +3058,7 @@ static void __perf_event_read(void *info)

  
  static inline u64 perf_event_count(struct perf_event *event)
  {
  
  static inline u64 perf_event_count(struct perf_event *event)
  {


@@ -89232,7 +88829,7 @@ index 963bf13..a78dd3e 100644
  }
  
  static u64 perf_event_read(struct perf_event *event)
  }
  
  static u64 perf_event_read(struct perf_event *event)

-@@ -3410,9 +3417,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
+@@ -3430,9 +3437,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)

        mutex_lock(&event->child_mutex);
        total += perf_event_read(event);
        *enabled += event->total_time_enabled +
        mutex_lock(&event->child_mutex);
        total += perf_event_read(event);
        *enabled += event->total_time_enabled +


@@ -89244,7 +88841,7 @@ index 963bf13..a78dd3e 100644
  
        list_for_each_entry(child, &event->child_list, child_list) {
                total += perf_event_read(child);
  
        list_for_each_entry(child, &event->child_list, child_list) {
                total += perf_event_read(child);

-@@ -3861,10 +3868,10 @@ void perf_event_update_userpage(struct perf_event *event)
+@@ -3881,10 +3888,10 @@ void perf_event_update_userpage(struct perf_event *event)

                userpg->offset -= local64_read(&event->hw.prev_count);
  
        userpg->time_enabled = enabled +
                userpg->offset -= local64_read(&event->hw.prev_count);
  
        userpg->time_enabled = enabled +


@@ -89257,7 +88854,7 @@ index 963bf13..a78dd3e 100644
  
        arch_perf_update_userpage(userpg, now);
  
  
        arch_perf_update_userpage(userpg, now);
  

-@@ -4428,7 +4435,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
+@@ -4448,7 +4455,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,

  
                /* Data. */
                sp = perf_user_stack_pointer(regs);
  
                /* Data. */
                sp = perf_user_stack_pointer(regs);


@@ -89266,7 +88863,7 @@ index 963bf13..a78dd3e 100644
                dyn_size = dump_size - rem;
  
                perf_output_skip(handle, rem);
                dyn_size = dump_size - rem;
  
                perf_output_skip(handle, rem);

-@@ -4519,11 +4526,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
+@@ -4539,11 +4546,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,

        values[n++] = perf_event_count(event);
        if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
                values[n++] = enabled +
        values[n++] = perf_event_count(event);
        if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
                values[n++] = enabled +


@@ -89280,7 +88877,7 @@ index 963bf13..a78dd3e 100644
        }
        if (read_format & PERF_FORMAT_ID)
                values[n++] = primary_event_id(event);
        }
        if (read_format & PERF_FORMAT_ID)
                values[n++] = primary_event_id(event);

-@@ -6838,7 +6845,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
+@@ -6858,7 +6865,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,

        event->parent           = parent_event;
  
        event->ns               = get_pid_ns(task_active_pid_ns(current));
        event->parent           = parent_event;
  
        event->ns               = get_pid_ns(task_active_pid_ns(current));


@@ -89289,7 +88886,7 @@ index 963bf13..a78dd3e 100644
  
        event->state            = PERF_EVENT_STATE_INACTIVE;
  
  
        event->state            = PERF_EVENT_STATE_INACTIVE;
  

-@@ -7117,6 +7124,11 @@ SYSCALL_DEFINE5(perf_event_open,
+@@ -7137,6 +7144,11 @@ SYSCALL_DEFINE5(perf_event_open,

        if (flags & ~PERF_FLAG_ALL)
                return -EINVAL;
  
        if (flags & ~PERF_FLAG_ALL)
                return -EINVAL;
  


@@ -89301,7 +88898,7 @@ index 963bf13..a78dd3e 100644
        err = perf_copy_attr(attr_uptr, &attr);
        if (err)
                return err;
        err = perf_copy_attr(attr_uptr, &attr);
        if (err)
                return err;

-@@ -7469,10 +7481,10 @@ static void sync_child_event(struct perf_event *child_event,
+@@ -7489,10 +7501,10 @@ static void sync_child_event(struct perf_event *child_event,

        /*
         * Add back the child's count to the parent's count:
         */
        /*
         * Add back the child's count to the parent's count:
         */


@@ -89861,7 +89458,7 @@ index a91e47d..71c9064 100644
                        else
                                new_fs = fs;
 diff --git a/kernel/futex.c b/kernel/futex.c
                        else
                                new_fs = fs;
 diff --git a/kernel/futex.c b/kernel/futex.c

-index 815d7af..3d0743b 100644
+index 22b3f1b..6820bc0 100644

 --- a/kernel/futex.c
 +++ b/kernel/futex.c
 @@ -202,7 +202,7 @@ struct futex_pi_state {
 --- a/kernel/futex.c
 +++ b/kernel/futex.c
 @@ -202,7 +202,7 @@ struct futex_pi_state {


@@ -89882,16 +89479,7 @@ index 815d7af..3d0743b 100644
  
  static const struct futex_q futex_q_init = {
        /* list gets initialized in queue_me()*/
  
  static const struct futex_q futex_q_init = {
        /* list gets initialized in queue_me()*/

-@@ -343,6 +343,8 @@ static void get_futex_key_refs(union futex_key *key)
-       case FUT_OFF_MMSHARED:
-               futex_get_mm(key); /* implies MB (B) */
-               break;
-+      default:
-+              smp_mb(); /* explicit MB (B) */
-       }
- }
- 
-@@ -394,6 +396,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw)
+@@ -396,6 +396,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw)

        struct page *page, *page_head;
        int err, ro = 0;
  
        struct page *page, *page_head;
        int err, ro = 0;
  


@@ -89903,7 +89491,7 @@ index 815d7af..3d0743b 100644
        /*
         * The futex address must be "naturally" aligned.
         */
        /*
         * The futex address must be "naturally" aligned.
         */

-@@ -593,7 +600,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr,
+@@ -595,7 +600,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr,

  
  static int get_futex_value_locked(u32 *dest, u32 __user *from)
  {
  
  static int get_futex_value_locked(u32 *dest, u32 __user *from)
  {


@@ -89912,7 +89500,7 @@ index 815d7af..3d0743b 100644
  
        pagefault_disable();
        ret = __copy_from_user_inatomic(dest, from, sizeof(u32));
  
        pagefault_disable();
        ret = __copy_from_user_inatomic(dest, from, sizeof(u32));

-@@ -2998,6 +3005,7 @@ static void __init futex_detect_cmpxchg(void)
+@@ -3000,6 +3005,7 @@ static void __init futex_detect_cmpxchg(void)

  {
  #ifndef CONFIG_HAVE_FUTEX_CMPXCHG
        u32 curval;
  {
  #ifndef CONFIG_HAVE_FUTEX_CMPXCHG
        u32 curval;


@@ -89920,7 +89508,7 @@ index 815d7af..3d0743b 100644
  
        /*
         * This will fail and we want it. Some arch implementations do
  
        /*
         * This will fail and we want it. Some arch implementations do

-@@ -3009,8 +3017,11 @@ static void __init futex_detect_cmpxchg(void)
+@@ -3011,8 +3017,11 @@ static void __init futex_detect_cmpxchg(void)

         * implementation, the non-functional ones will return
         * -ENOSYS.
         */
         * implementation, the non-functional ones will return
         * -ENOSYS.
         */


@@ -90724,7 +90312,7 @@ index 1d96dd0..994ff19 100644
  
        default:
 diff --git a/kernel/module.c b/kernel/module.c
  
        default:
 diff --git a/kernel/module.c b/kernel/module.c

-index 03214bd2..6242887 100644
+index 1c47139..6242887 100644

 --- a/kernel/module.c
 +++ b/kernel/module.c
 @@ -60,6 +60,7 @@
 --- a/kernel/module.c
 +++ b/kernel/module.c
 @@ -60,6 +60,7 @@


@@ -90919,17 +90507,7 @@ index 03214bd2..6242887 100644
                                                set_memory_ro);
                }
        }
                                                set_memory_ro);
                }
        }

-@@ -1842,7 +1861,9 @@ static void free_module(struct module *mod)
- 
-       /* We leave it in list to prevent duplicate loads, but make sure
-        * that noone uses it while it's being deconstructed. */
-+      mutex_lock(&module_mutex);
-       mod->state = MODULE_STATE_UNFORMED;
-+      mutex_unlock(&module_mutex);
- 
-       /* Remove dynamic debug info */
-       ddebug_remove_module(mod->name);
-@@ -1863,16 +1884,19 @@ static void free_module(struct module *mod)
+@@ -1865,16 +1884,19 @@ static void free_module(struct module *mod)

  
        /* This may be NULL, but that's OK */
        unset_module_init_ro_nx(mod);
  
        /* This may be NULL, but that's OK */
        unset_module_init_ro_nx(mod);


@@ -90952,7 +90530,7 @@ index 03214bd2..6242887 100644
  
  #ifdef CONFIG_MPU
        update_protections(current->mm);
  
  #ifdef CONFIG_MPU
        update_protections(current->mm);

-@@ -1941,9 +1965,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1943,9 +1965,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)

        int ret = 0;
        const struct kernel_symbol *ksym;
  
        int ret = 0;
        const struct kernel_symbol *ksym;
  


@@ -90984,7 +90562,7 @@ index 03214bd2..6242887 100644
                switch (sym[i].st_shndx) {
                case SHN_COMMON:
                        /* Ignore common symbols */
                switch (sym[i].st_shndx) {
                case SHN_COMMON:
                        /* Ignore common symbols */

-@@ -1968,7 +2014,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1970,7 +2014,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)

                        ksym = resolve_symbol_wait(mod, info, name);
                        /* Ok if resolved.  */
                        if (ksym && !IS_ERR(ksym)) {
                        ksym = resolve_symbol_wait(mod, info, name);
                        /* Ok if resolved.  */
                        if (ksym && !IS_ERR(ksym)) {


@@ -90994,7 +90572,7 @@ index 03214bd2..6242887 100644
                                break;
                        }
  
                                break;
                        }
  

-@@ -1987,11 +2035,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1989,11 +2035,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)

                                secbase = (unsigned long)mod_percpu(mod);
                        else
                                secbase = info->sechdrs[sym[i].st_shndx].sh_addr;
                                secbase = (unsigned long)mod_percpu(mod);
                        else
                                secbase = info->sechdrs[sym[i].st_shndx].sh_addr;


@@ -91015,7 +90593,7 @@ index 03214bd2..6242887 100644
        return ret;
  }
  
        return ret;
  }
  

-@@ -2075,22 +2132,12 @@ static void layout_sections(struct module *mod, struct load_info *info)
+@@ -2077,22 +2132,12 @@ static void layout_sections(struct module *mod, struct load_info *info)

                            || s->sh_entsize != ~0UL
                            || strstarts(sname, ".init"))
                                continue;
                            || s->sh_entsize != ~0UL
                            || strstarts(sname, ".init"))
                                continue;


@@ -91042,7 +90620,7 @@ index 03214bd2..6242887 100644
        }
  
        pr_debug("Init section allocation order:\n");
        }
  
        pr_debug("Init section allocation order:\n");

-@@ -2104,23 +2151,13 @@ static void layout_sections(struct module *mod, struct load_info *info)
+@@ -2106,23 +2151,13 @@ static void layout_sections(struct module *mod, struct load_info *info)

                            || s->sh_entsize != ~0UL
                            || !strstarts(sname, ".init"))
                                continue;
                            || s->sh_entsize != ~0UL
                            || !strstarts(sname, ".init"))
                                continue;


@@ -91071,7 +90649,7 @@ index 03214bd2..6242887 100644
        }
  }
  
        }
  }
  

-@@ -2293,7 +2330,7 @@ static void layout_symtab(struct module *mod, struct load_info *info)
+@@ -2295,7 +2330,7 @@ static void layout_symtab(struct module *mod, struct load_info *info)

  
        /* Put symbol section at end of init part of module. */
        symsect->sh_flags |= SHF_ALLOC;
  
        /* Put symbol section at end of init part of module. */
        symsect->sh_flags |= SHF_ALLOC;


@@ -91080,7 +90658,7 @@ index 03214bd2..6242887 100644
                                         info->index.sym) | INIT_OFFSET_MASK;
        pr_debug("\t%s\n", info->secstrings + symsect->sh_name);
  
                                         info->index.sym) | INIT_OFFSET_MASK;
        pr_debug("\t%s\n", info->secstrings + symsect->sh_name);
  

-@@ -2310,13 +2347,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)
+@@ -2312,13 +2347,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)

        }
  
        /* Append room for core symbols at end of core part. */
        }
  
        /* Append room for core symbols at end of core part. */


@@ -91098,7 +90676,7 @@ index 03214bd2..6242887 100644
                                         info->index.str) | INIT_OFFSET_MASK;
        pr_debug("\t%s\n", info->secstrings + strsect->sh_name);
  }
                                         info->index.str) | INIT_OFFSET_MASK;
        pr_debug("\t%s\n", info->secstrings + strsect->sh_name);
  }

-@@ -2334,12 +2371,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+@@ -2336,12 +2371,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)

        /* Make sure we get permanent strtab: don't use info->strtab. */
        mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr;
  
        /* Make sure we get permanent strtab: don't use info->strtab. */
        mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr;
  


@@ -91115,7 +90693,7 @@ index 03214bd2..6242887 100644
        src = mod->symtab;
        for (ndst = i = 0; i < mod->num_symtab; i++) {
                if (i == 0 ||
        src = mod->symtab;
        for (ndst = i = 0; i < mod->num_symtab; i++) {
                if (i == 0 ||

-@@ -2351,6 +2390,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+@@ -2353,6 +2390,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)

                }
        }
        mod->core_num_syms = ndst;
                }
        }
        mod->core_num_syms = ndst;


@@ -91124,7 +90702,7 @@ index 03214bd2..6242887 100644
  }
  #else
  static inline void layout_symtab(struct module *mod, struct load_info *info)
  }
  #else
  static inline void layout_symtab(struct module *mod, struct load_info *info)

-@@ -2384,17 +2425,33 @@ void * __weak module_alloc(unsigned long size)
+@@ -2386,17 +2425,33 @@ void * __weak module_alloc(unsigned long size)

        return vmalloc_exec(size);
  }
  
        return vmalloc_exec(size);
  }
  


@@ -91163,7 +90741,7 @@ index 03214bd2..6242887 100644
                mutex_unlock(&module_mutex);
        }
        return ret;
                mutex_unlock(&module_mutex);
        }
        return ret;

-@@ -2648,7 +2705,15 @@ static struct module *setup_load_info(struct load_info *info, int flags)
+@@ -2650,7 +2705,15 @@ static struct module *setup_load_info(struct load_info *info, int flags)

        mod = (void *)info->sechdrs[info->index.mod].sh_addr;
  
        if (info->index.sym == 0) {
        mod = (void *)info->sechdrs[info->index.mod].sh_addr;
  
        if (info->index.sym == 0) {


@@ -91179,7 +90757,7 @@ index 03214bd2..6242887 100644
                return ERR_PTR(-ENOEXEC);
        }
  
                return ERR_PTR(-ENOEXEC);
        }
  

-@@ -2664,8 +2729,14 @@ static struct module *setup_load_info(struct load_info *info, int flags)
+@@ -2666,8 +2729,14 @@ static struct module *setup_load_info(struct load_info *info, int flags)

  static int check_modinfo(struct module *mod, struct load_info *info, int flags)
  {
        const char *modmagic = get_modinfo(info, "vermagic");
  static int check_modinfo(struct module *mod, struct load_info *info, int flags)
  {
        const char *modmagic = get_modinfo(info, "vermagic");


@@ -91194,7 +90772,7 @@ index 03214bd2..6242887 100644
        if (flags & MODULE_INIT_IGNORE_VERMAGIC)
                modmagic = NULL;
  
        if (flags & MODULE_INIT_IGNORE_VERMAGIC)
                modmagic = NULL;
  

-@@ -2690,7 +2761,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
+@@ -2692,7 +2761,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)

        }
  
        /* Set up license info based on the info section */
        }
  
        /* Set up license info based on the info section */


@@ -91203,7 +90781,7 @@ index 03214bd2..6242887 100644
  
        return 0;
  }
  
        return 0;
  }

-@@ -2784,7 +2855,7 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2786,7 +2855,7 @@ static int move_module(struct module *mod, struct load_info *info)

        void *ptr;
  
        /* Do the allocs. */
        void *ptr;
  
        /* Do the allocs. */


@@ -91212,7 +90790,7 @@ index 03214bd2..6242887 100644
        /*
         * The pointer to this block is stored in the module structure
         * which is inside the block. Just mark it as not being a
        /*
         * The pointer to this block is stored in the module structure
         * which is inside the block. Just mark it as not being a

-@@ -2794,11 +2865,11 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2796,11 +2865,11 @@ static int move_module(struct module *mod, struct load_info *info)

        if (!ptr)
                return -ENOMEM;
  
        if (!ptr)
                return -ENOMEM;
  


@@ -91228,7 +90806,7 @@ index 03214bd2..6242887 100644
                /*
                 * The pointer to this block is stored in the module structure
                 * which is inside the block. This block doesn't need to be
                /*
                 * The pointer to this block is stored in the module structure
                 * which is inside the block. This block doesn't need to be

-@@ -2807,13 +2878,45 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2809,13 +2878,45 @@ static int move_module(struct module *mod, struct load_info *info)

                 */
                kmemleak_ignore(ptr);
                if (!ptr) {
                 */
                kmemleak_ignore(ptr);
                if (!ptr) {


@@ -91278,7 +90856,7 @@ index 03214bd2..6242887 100644
  
        /* Transfer each section which specifies SHF_ALLOC */
        pr_debug("final section addresses:\n");
  
        /* Transfer each section which specifies SHF_ALLOC */
        pr_debug("final section addresses:\n");

-@@ -2824,16 +2927,45 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2826,16 +2927,45 @@ static int move_module(struct module *mod, struct load_info *info)

                if (!(shdr->sh_flags & SHF_ALLOC))
                        continue;
  
                if (!(shdr->sh_flags & SHF_ALLOC))
                        continue;
  


@@ -91331,7 +90909,7 @@ index 03214bd2..6242887 100644
                pr_debug("\t0x%lx %s\n",
                         (long)shdr->sh_addr, info->secstrings + shdr->sh_name);
        }
                pr_debug("\t0x%lx %s\n",
                         (long)shdr->sh_addr, info->secstrings + shdr->sh_name);
        }

-@@ -2890,12 +3022,12 @@ static void flush_module_icache(const struct module *mod)
+@@ -2892,12 +3022,12 @@ static void flush_module_icache(const struct module *mod)

         * Do it before processing of module parameters, so the module
         * can provide parameter accessor functions of its own.
         */
         * Do it before processing of module parameters, so the module
         * can provide parameter accessor functions of its own.
         */


@@ -91350,7 +90928,7 @@ index 03214bd2..6242887 100644
  
        set_fs(old_fs);
  }
  
        set_fs(old_fs);
  }

-@@ -2952,8 +3084,10 @@ static struct module *layout_and_allocate(struct load_info *info, int flags)
+@@ -2954,8 +3084,10 @@ static struct module *layout_and_allocate(struct load_info *info, int flags)

  static void module_deallocate(struct module *mod, struct load_info *info)
  {
        percpu_modfree(mod);
  static void module_deallocate(struct module *mod, struct load_info *info)
  {
        percpu_modfree(mod);


@@ -91363,7 +90941,7 @@ index 03214bd2..6242887 100644
  }
  
  int __weak module_finalize(const Elf_Ehdr *hdr,
  }
  
  int __weak module_finalize(const Elf_Ehdr *hdr,

-@@ -2966,7 +3100,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
+@@ -2968,7 +3100,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,

  static int post_relocation(struct module *mod, const struct load_info *info)
  {
        /* Sort exception table now relocations are done. */
  static int post_relocation(struct module *mod, const struct load_info *info)
  {
        /* Sort exception table now relocations are done. */


@@ -91373,7 +90951,7 @@ index 03214bd2..6242887 100644
  
        /* Copy relocated percpu area over. */
        percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr,
  
        /* Copy relocated percpu area over. */
        percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr,

-@@ -3075,11 +3211,12 @@ static int do_init_module(struct module *mod)
+@@ -3077,11 +3211,12 @@ static int do_init_module(struct module *mod)

        mod->strtab = mod->core_strtab;
  #endif
        unset_module_init_ro_nx(mod);
        mod->strtab = mod->core_strtab;
  #endif
        unset_module_init_ro_nx(mod);


@@ -91391,7 +90969,7 @@ index 03214bd2..6242887 100644
        mutex_unlock(&module_mutex);
        wake_up_all(&module_wq);
  
        mutex_unlock(&module_mutex);
        wake_up_all(&module_wq);
  

-@@ -3147,16 +3284,16 @@ static int complete_formation(struct module *mod, struct load_info *info)
+@@ -3149,16 +3284,16 @@ static int complete_formation(struct module *mod, struct load_info *info)

        module_bug_finalize(info->hdr, info->sechdrs, mod);
  
        /* Set RO and NX regions for core */
        module_bug_finalize(info->hdr, info->sechdrs, mod);
  
        /* Set RO and NX regions for core */


@@ -91416,7 +90994,7 @@ index 03214bd2..6242887 100644
  
        /* Mark state as coming so strong_try_module_get() ignores us,
         * but kallsyms etc. can see us. */
  
        /* Mark state as coming so strong_try_module_get() ignores us,
         * but kallsyms etc. can see us. */

-@@ -3240,9 +3377,38 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3242,9 +3377,38 @@ static int load_module(struct load_info *info, const char __user *uargs,

        if (err)
                goto free_unload;
  
        if (err)
                goto free_unload;
  


@@ -91455,7 +91033,7 @@ index 03214bd2..6242887 100644
        /* Fix up syms, so that st_value is a pointer to location. */
        err = simplify_symbols(mod, info);
        if (err < 0)
        /* Fix up syms, so that st_value is a pointer to location. */
        err = simplify_symbols(mod, info);
        if (err < 0)

-@@ -3258,13 +3424,6 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3260,13 +3424,6 @@ static int load_module(struct load_info *info, const char __user *uargs,

  
        flush_module_icache(mod);
  
  
        flush_module_icache(mod);
  


@@ -91469,7 +91047,7 @@ index 03214bd2..6242887 100644
        dynamic_debug_setup(info->debug, info->num_debug);
  
        /* Ftrace init must be called in the MODULE_STATE_UNFORMED state */
        dynamic_debug_setup(info->debug, info->num_debug);
  
        /* Ftrace init must be called in the MODULE_STATE_UNFORMED state */

-@@ -3312,11 +3471,10 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3314,11 +3471,10 @@ static int load_module(struct load_info *info, const char __user *uargs,

   ddebug_cleanup:
        dynamic_debug_remove(info->debug);
        synchronize_sched();
   ddebug_cleanup:
        dynamic_debug_remove(info->debug);
        synchronize_sched();


@@ -91482,7 +91060,7 @@ index 03214bd2..6242887 100644
   free_unload:
        module_unload_free(mod);
   unlink_mod:
   free_unload:
        module_unload_free(mod);
   unlink_mod:

-@@ -3401,10 +3559,16 @@ static const char *get_ksymbol(struct module *mod,
+@@ -3403,10 +3559,16 @@ static const char *get_ksymbol(struct module *mod,

        unsigned long nextval;
  
        /* At worse, next value is at end of module */
        unsigned long nextval;
  
        /* At worse, next value is at end of module */


@@ -91502,7 +91080,7 @@ index 03214bd2..6242887 100644
  
        /* Scan for closest preceding symbol, and next symbol. (ELF
           starts real symbols at 1). */
  
        /* Scan for closest preceding symbol, and next symbol. (ELF
           starts real symbols at 1). */

-@@ -3652,7 +3816,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3654,7 +3816,7 @@ static int m_show(struct seq_file *m, void *p)

                return 0;
  
        seq_printf(m, "%s %u",
                return 0;
  
        seq_printf(m, "%s %u",


@@ -91511,7 +91089,7 @@ index 03214bd2..6242887 100644
        print_unload_info(m, mod);
  
        /* Informative for users. */
        print_unload_info(m, mod);
  
        /* Informative for users. */

-@@ -3661,7 +3825,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3663,7 +3825,7 @@ static int m_show(struct seq_file *m, void *p)

                   mod->state == MODULE_STATE_COMING ? "Loading":
                   "Live");
        /* Used by oprofile and other similar tools. */
                   mod->state == MODULE_STATE_COMING ? "Loading":
                   "Live");
        /* Used by oprofile and other similar tools. */


@@ -91520,7 +91098,7 @@ index 03214bd2..6242887 100644
  
        /* Taints info */
        if (mod->taints)
  
        /* Taints info */
        if (mod->taints)

-@@ -3697,7 +3861,17 @@ static const struct file_operations proc_modules_operations = {
+@@ -3699,7 +3861,17 @@ static const struct file_operations proc_modules_operations = {

  
  static int __init proc_modules_init(void)
  {
  
  static int __init proc_modules_init(void)
  {


@@ -91538,7 +91116,7 @@ index 03214bd2..6242887 100644
        return 0;
  }
  module_init(proc_modules_init);
        return 0;
  }
  module_init(proc_modules_init);

-@@ -3758,7 +3932,8 @@ struct module *__module_address(unsigned long addr)
+@@ -3760,7 +3932,8 @@ struct module *__module_address(unsigned long addr)

  {
        struct module *mod;
  
  {
        struct module *mod;
  


@@ -91548,7 +91126,7 @@ index 03214bd2..6242887 100644
                return NULL;
  
        list_for_each_entry_rcu(mod, &modules, list) {
                return NULL;
  
        list_for_each_entry_rcu(mod, &modules, list) {

-@@ -3799,11 +3974,20 @@ bool is_module_text_address(unsigned long addr)
+@@ -3801,11 +3974,20 @@ bool is_module_text_address(unsigned long addr)

   */
  struct module *__module_text_address(unsigned long addr)
  {
   */
  struct module *__module_text_address(unsigned long addr)
  {


@@ -91765,7 +91343,7 @@ index e4e4121..71faf14 100644
        select LZO_COMPRESS
        select LZO_DECOMPRESS
 diff --git a/kernel/power/process.c b/kernel/power/process.c
        select LZO_COMPRESS
        select LZO_DECOMPRESS
 diff --git a/kernel/power/process.c b/kernel/power/process.c

-index 4ee194e..925778f 100644
+index 7a37cf3..3e4c1c8 100644

 --- a/kernel/power/process.c
 +++ b/kernel/power/process.c
 @@ -35,6 +35,7 @@ static int try_to_freeze_tasks(bool user_only)
 --- a/kernel/power/process.c
 +++ b/kernel/power/process.c
 @@ -35,6 +35,7 @@ static int try_to_freeze_tasks(bool user_only)


@@ -92190,7 +91768,7 @@ index 858c565..7efd915 100644
  
  static void check_cpu_stalls(void)
 diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
  
  static void check_cpu_stalls(void)
 diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c

-index 1b70cb6..ea62b0a 100644
+index 89a404a..f42a019 100644

 --- a/kernel/rcu/tree.c
 +++ b/kernel/rcu/tree.c
 @@ -263,7 +263,7 @@ static void rcu_momentary_dyntick_idle(void)
 --- a/kernel/rcu/tree.c
 +++ b/kernel/rcu/tree.c
 @@ -263,7 +263,7 @@ static void rcu_momentary_dyntick_idle(void)


@@ -92423,7 +92001,7 @@ index 1b70cb6..ea62b0a 100644
 -      ACCESS_ONCE(rsp->gp_flags) |= RCU_GP_FLAG_FQS;
 +      ACCESS_ONCE_RW(rsp->gp_flags) |= RCU_GP_FLAG_FQS;
        raw_spin_unlock_irqrestore(&rnp_old->lock, flags);
 -      ACCESS_ONCE(rsp->gp_flags) |= RCU_GP_FLAG_FQS;
 +      ACCESS_ONCE_RW(rsp->gp_flags) |= RCU_GP_FLAG_FQS;
        raw_spin_unlock_irqrestore(&rnp_old->lock, flags);

-       wake_up(&rsp->gp_wq);  /* Memory barrier implied by wake_up() path. */
+       rcu_gp_kthread_wake(rsp);

  }
 @@ -2550,7 +2550,7 @@ __rcu_process_callbacks(struct rcu_state *rsp)
  /*
  }
 @@ -2550,7 +2550,7 @@ __rcu_process_callbacks(struct rcu_state *rsp)
  /*


@@ -92935,7 +92513,7 @@ index a63f4dc..349bbb0 100644
                                     unsigned long timeout)
  {
 diff --git a/kernel/sched/core.c b/kernel/sched/core.c
                                     unsigned long timeout)
  {
 diff --git a/kernel/sched/core.c b/kernel/sched/core.c

-index ec1a286..6b516b8 100644
+index 6d7cb91..420f2d2 100644

 --- a/kernel/sched/core.c
 +++ b/kernel/sched/core.c
 @@ -1857,7 +1857,7 @@ void set_numabalancing_state(bool enabled)
 --- a/kernel/sched/core.c
 +++ b/kernel/sched/core.c
 @@ -1857,7 +1857,7 @@ void set_numabalancing_state(bool enabled)


@@ -92947,7 +92525,7 @@ index ec1a286..6b516b8 100644
        int err;
        int state = numabalancing_enabled;
  
        int err;
        int state = numabalancing_enabled;
  

-@@ -2320,8 +2320,10 @@ context_switch(struct rq *rq, struct task_struct *prev,
+@@ -2324,8 +2324,10 @@ context_switch(struct rq *rq, struct task_struct *prev,

                next->active_mm = oldmm;
                atomic_inc(&oldmm->mm_count);
                enter_lazy_tlb(oldmm, next);
                next->active_mm = oldmm;
                atomic_inc(&oldmm->mm_count);
                enter_lazy_tlb(oldmm, next);


@@ -92959,7 +92537,7 @@ index ec1a286..6b516b8 100644
  
        if (!prev->mm) {
                prev->active_mm = NULL;
  
        if (!prev->mm) {
                prev->active_mm = NULL;

-@@ -3103,6 +3105,8 @@ int can_nice(const struct task_struct *p, const int nice)
+@@ -3107,6 +3109,8 @@ int can_nice(const struct task_struct *p, const int nice)

        /* convert nice value [19,-20] to rlimit style value [1,40] */
        int nice_rlim = nice_to_rlimit(nice);
  
        /* convert nice value [19,-20] to rlimit style value [1,40] */
        int nice_rlim = nice_to_rlimit(nice);
  


@@ -92968,7 +92546,7 @@ index ec1a286..6b516b8 100644
        return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
                capable(CAP_SYS_NICE));
  }
        return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
                capable(CAP_SYS_NICE));
  }

-@@ -3129,7 +3133,8 @@ SYSCALL_DEFINE1(nice, int, increment)
+@@ -3133,7 +3137,8 @@ SYSCALL_DEFINE1(nice, int, increment)

        nice = task_nice(current) + increment;
  
        nice = clamp_val(nice, MIN_NICE, MAX_NICE);
        nice = task_nice(current) + increment;
  
        nice = clamp_val(nice, MIN_NICE, MAX_NICE);


@@ -92978,7 +92556,7 @@ index ec1a286..6b516b8 100644
                return -EPERM;
  
        retval = security_task_setnice(current, nice);
                return -EPERM;
  
        retval = security_task_setnice(current, nice);

-@@ -3408,6 +3413,7 @@ recheck:
+@@ -3412,6 +3417,7 @@ recheck:

                        if (policy != p->policy && !rlim_rtprio)
                                return -EPERM;
  
                        if (policy != p->policy && !rlim_rtprio)
                                return -EPERM;
  


@@ -92986,7 +92564,7 @@ index ec1a286..6b516b8 100644
                        /* can't increase priority */
                        if (attr->sched_priority > p->rt_priority &&
                            attr->sched_priority > rlim_rtprio)
                        /* can't increase priority */
                        if (attr->sched_priority > p->rt_priority &&
                            attr->sched_priority > rlim_rtprio)

-@@ -4797,6 +4803,7 @@ void idle_task_exit(void)
+@@ -4802,6 +4808,7 @@ void idle_task_exit(void)

  
        if (mm != &init_mm) {
                switch_mm(mm, &init_mm, current);
  
        if (mm != &init_mm) {
                switch_mm(mm, &init_mm, current);


@@ -92994,7 +92572,7 @@ index ec1a286..6b516b8 100644
                finish_arch_post_lock_switch();
        }
        mmdrop(mm);
                finish_arch_post_lock_switch();
        }
        mmdrop(mm);

-@@ -4892,7 +4899,7 @@ static void migrate_tasks(unsigned int dead_cpu)
+@@ -4897,7 +4904,7 @@ static void migrate_tasks(unsigned int dead_cpu)

  
  #if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL)
  
  
  #if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL)
  


@@ -93003,7 +92581,7 @@ index ec1a286..6b516b8 100644
        {
                .procname       = "sched_domain",
                .mode           = 0555,
        {
                .procname       = "sched_domain",
                .mode           = 0555,

-@@ -4909,17 +4916,17 @@ static struct ctl_table sd_ctl_root[] = {
+@@ -4914,17 +4921,17 @@ static struct ctl_table sd_ctl_root[] = {

        {}
  };
  
        {}
  };
  


@@ -93025,7 +92603,7 @@ index ec1a286..6b516b8 100644
  
        /*
         * In the intermediate directories, both the child directory and
  
        /*
         * In the intermediate directories, both the child directory and

-@@ -4927,22 +4934,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
+@@ -4932,22 +4939,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)

         * will always be set. In the lowest directory the names are
         * static strings and all have proc handlers.
         */
         * will always be set. In the lowest directory the names are
         * static strings and all have proc handlers.
         */


@@ -93057,7 +92635,7 @@ index ec1a286..6b516b8 100644
                const char *procname, void *data, int maxlen,
                umode_t mode, proc_handler *proc_handler,
                bool load_idx)
                const char *procname, void *data, int maxlen,
                umode_t mode, proc_handler *proc_handler,
                bool load_idx)

-@@ -4962,7 +4972,7 @@ set_table_entry(struct ctl_table *entry,
+@@ -4967,7 +4977,7 @@ set_table_entry(struct ctl_table *entry,

  static struct ctl_table *
  sd_alloc_ctl_domain_table(struct sched_domain *sd)
  {
  static struct ctl_table *
  sd_alloc_ctl_domain_table(struct sched_domain *sd)
  {


@@ -93066,7 +92644,7 @@ index ec1a286..6b516b8 100644
  
        if (table == NULL)
                return NULL;
  
        if (table == NULL)
                return NULL;

-@@ -5000,9 +5010,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
+@@ -5005,9 +5015,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)

        return table;
  }
  
        return table;
  }
  


@@ -93078,7 +92656,7 @@ index ec1a286..6b516b8 100644
        struct sched_domain *sd;
        int domain_num = 0, i;
        char buf[32];
        struct sched_domain *sd;
        int domain_num = 0, i;
        char buf[32];

-@@ -5029,11 +5039,13 @@ static struct ctl_table_header *sd_sysctl_header;
+@@ -5034,11 +5044,13 @@ static struct ctl_table_header *sd_sysctl_header;

  static void register_sched_domain_sysctl(void)
  {
        int i, cpu_num = num_possible_cpus();
  static void register_sched_domain_sysctl(void)
  {
        int i, cpu_num = num_possible_cpus();


@@ -93093,7 +92671,7 @@ index ec1a286..6b516b8 100644
  
        if (entry == NULL)
                return;
  
        if (entry == NULL)
                return;

-@@ -5056,8 +5068,12 @@ static void unregister_sched_domain_sysctl(void)
+@@ -5061,8 +5073,12 @@ static void unregister_sched_domain_sysctl(void)

        if (sd_sysctl_header)
                unregister_sysctl_table(sd_sysctl_header);
        sd_sysctl_header = NULL;
        if (sd_sysctl_header)
                unregister_sysctl_table(sd_sysctl_header);
        sd_sysctl_header = NULL;


@@ -93894,7 +93472,7 @@ index 3b89464..5e38379 100644
                .clock_get      = thread_cpu_clock_get,
                .timer_create   = thread_cpu_timer_create,
 diff --git a/kernel/time/posix-timers.c b/kernel/time/posix-timers.c
                .clock_get      = thread_cpu_clock_get,
                .timer_create   = thread_cpu_timer_create,
 diff --git a/kernel/time/posix-timers.c b/kernel/time/posix-timers.c

-index 42b463a..a6b008f 100644
+index 31ea01f..7fc61ef 100644

 --- a/kernel/time/posix-timers.c
 +++ b/kernel/time/posix-timers.c
 @@ -43,6 +43,7 @@
 --- a/kernel/time/posix-timers.c
 +++ b/kernel/time/posix-timers.c
 @@ -43,6 +43,7 @@


@@ -93995,7 +93573,7 @@ index 42b463a..a6b008f 100644
        int it_id_set = IT_ID_NOT_SET;
  
        if (!kc)
        int it_id_set = IT_ID_NOT_SET;
  
        if (!kc)

-@@ -1013,6 +1014,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock,
+@@ -1014,6 +1015,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock,

        if (copy_from_user(&new_tp, tp, sizeof (*tp)))
                return -EFAULT;
  
        if (copy_from_user(&new_tp, tp, sizeof (*tp)))
                return -EFAULT;
  


@@ -94292,7 +93870,7 @@ index 5916a8e..5cd3b1f 100644
        start_pg = ftrace_allocate_pages(count);
        if (!start_pg)
 diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
        start_pg = ftrace_allocate_pages(count);
        if (!start_pg)
 diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c

-index 2d75c94..5ef6d32 100644
+index a56e07c..d46f0ba 100644

 --- a/kernel/trace/ring_buffer.c
 +++ b/kernel/trace/ring_buffer.c
 @@ -352,9 +352,9 @@ struct buffer_data_page {
 --- a/kernel/trace/ring_buffer.c
 +++ b/kernel/trace/ring_buffer.c
 @@ -352,9 +352,9 @@ struct buffer_data_page {


@@ -94318,7 +93896,7 @@ index 2d75c94..5ef6d32 100644
        local_t                         dropped_events;
        local_t                         committing;
        local_t                         commits;
        local_t                         dropped_events;
        local_t                         committing;
        local_t                         commits;

-@@ -1005,8 +1005,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -1032,8 +1032,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,

         *
         * We add a counter to the write field to denote this.
         */
         *
         * We add a counter to the write field to denote this.
         */


@@ -94329,7 +93907,7 @@ index 2d75c94..5ef6d32 100644
  
        /*
         * Just make sure we have seen our old_write and synchronize
  
        /*
         * Just make sure we have seen our old_write and synchronize

-@@ -1034,8 +1034,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -1061,8 +1061,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,

                 * cmpxchg to only update if an interrupt did not already
                 * do it for us. If the cmpxchg fails, we don't care.
                 */
                 * cmpxchg to only update if an interrupt did not already
                 * do it for us. If the cmpxchg fails, we don't care.
                 */


@@ -94340,7 +93918,7 @@ index 2d75c94..5ef6d32 100644
  
                /*
                 * No need to worry about races with clearing out the commit.
  
                /*
                 * No need to worry about races with clearing out the commit.

-@@ -1402,12 +1402,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
+@@ -1429,12 +1429,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);

  
  static inline unsigned long rb_page_entries(struct buffer_page *bpage)
  {
  
  static inline unsigned long rb_page_entries(struct buffer_page *bpage)
  {


@@ -94355,7 +93933,7 @@ index 2d75c94..5ef6d32 100644
  }
  
  static int
  }
  
  static int

-@@ -1502,7 +1502,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
+@@ -1529,7 +1529,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)

                         * bytes consumed in ring buffer from here.
                         * Increment overrun to account for the lost events.
                         */
                         * bytes consumed in ring buffer from here.
                         * Increment overrun to account for the lost events.
                         */


@@ -94364,7 +93942,7 @@ index 2d75c94..5ef6d32 100644
                        local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
                }
  
                        local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
                }
  

-@@ -2064,7 +2064,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2091,7 +2091,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,

                 * it is our responsibility to update
                 * the counters.
                 */
                 * it is our responsibility to update
                 * the counters.
                 */


@@ -94373,7 +93951,7 @@ index 2d75c94..5ef6d32 100644
                local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
  
                /*
                local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
  
                /*

-@@ -2214,7 +2214,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2241,7 +2241,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,

                if (tail == BUF_PAGE_SIZE)
                        tail_page->real_end = 0;
  
                if (tail == BUF_PAGE_SIZE)
                        tail_page->real_end = 0;
  


@@ -94382,7 +93960,7 @@ index 2d75c94..5ef6d32 100644
                return;
        }
  
                return;
        }
  

-@@ -2249,7 +2249,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2276,7 +2276,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,

                rb_event_set_padding(event);
  
                /* Set the write back to the previous setting */
                rb_event_set_padding(event);
  
                /* Set the write back to the previous setting */


@@ -94391,7 +93969,7 @@ index 2d75c94..5ef6d32 100644
                return;
        }
  
                return;
        }
  

-@@ -2261,7 +2261,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2288,7 +2288,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,

  
        /* Set write to end of buffer */
        length = (tail + length) - BUF_PAGE_SIZE;
  
        /* Set write to end of buffer */
        length = (tail + length) - BUF_PAGE_SIZE;


@@ -94400,7 +93978,7 @@ index 2d75c94..5ef6d32 100644
  }
  
  /*
  }
  
  /*

-@@ -2287,7 +2287,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2314,7 +2314,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,

         * about it.
         */
        if (unlikely(next_page == commit_page)) {
         * about it.
         */
        if (unlikely(next_page == commit_page)) {


@@ -94409,7 +93987,7 @@ index 2d75c94..5ef6d32 100644
                goto out_reset;
        }
  
                goto out_reset;
        }
  

-@@ -2343,7 +2343,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2370,7 +2370,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,

                                      cpu_buffer->tail_page) &&
                                     (cpu_buffer->commit_page ==
                                      cpu_buffer->reader_page))) {
                                      cpu_buffer->tail_page) &&
                                     (cpu_buffer->commit_page ==
                                      cpu_buffer->reader_page))) {


@@ -94418,7 +93996,7 @@ index 2d75c94..5ef6d32 100644
                                goto out_reset;
                        }
                }
                                goto out_reset;
                        }
                }

-@@ -2391,7 +2391,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2418,7 +2418,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,

                length += RB_LEN_TIME_EXTEND;
  
        tail_page = cpu_buffer->tail_page;
                length += RB_LEN_TIME_EXTEND;
  
        tail_page = cpu_buffer->tail_page;


@@ -94427,7 +94005,7 @@ index 2d75c94..5ef6d32 100644
  
        /* set write to only the index of the write */
        write &= RB_WRITE_MASK;
  
        /* set write to only the index of the write */
        write &= RB_WRITE_MASK;

-@@ -2415,7 +2415,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2442,7 +2442,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,

        kmemcheck_annotate_bitfield(event, bitfield);
        rb_update_event(cpu_buffer, event, length, add_timestamp, delta);
  
        kmemcheck_annotate_bitfield(event, bitfield);
        rb_update_event(cpu_buffer, event, length, add_timestamp, delta);
  


@@ -94436,7 +94014,7 @@ index 2d75c94..5ef6d32 100644
  
        /*
         * If this is the first commit on the page, then update
  
        /*
         * If this is the first commit on the page, then update

-@@ -2448,7 +2448,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2475,7 +2475,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,

  
        if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) {
                unsigned long write_mask =
  
        if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) {
                unsigned long write_mask =


@@ -94445,7 +94023,7 @@ index 2d75c94..5ef6d32 100644
                unsigned long event_length = rb_event_length(event);
                /*
                 * This is on the tail page. It is possible that
                unsigned long event_length = rb_event_length(event);
                /*
                 * This is on the tail page. It is possible that

-@@ -2458,7 +2458,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2485,7 +2485,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,

                 */
                old_index += write_mask;
                new_index += write_mask;
                 */
                old_index += write_mask;
                new_index += write_mask;


@@ -94454,7 +94032,7 @@ index 2d75c94..5ef6d32 100644
                if (index == old_index) {
                        /* update counters */
                        local_sub(event_length, &cpu_buffer->entries_bytes);
                if (index == old_index) {
                        /* update counters */
                        local_sub(event_length, &cpu_buffer->entries_bytes);

-@@ -2850,7 +2850,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2877,7 +2877,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,

  
        /* Do the likely case first */
        if (likely(bpage->page == (void *)addr)) {
  
        /* Do the likely case first */
        if (likely(bpage->page == (void *)addr)) {


@@ -94463,7 +94041,7 @@ index 2d75c94..5ef6d32 100644
                return;
        }
  
                return;
        }
  

-@@ -2862,7 +2862,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2889,7 +2889,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,

        start = bpage;
        do {
                if (bpage->page == (void *)addr) {
        start = bpage;
        do {
                if (bpage->page == (void *)addr) {


@@ -94472,7 +94050,7 @@ index 2d75c94..5ef6d32 100644
                        return;
                }
                rb_inc_page(cpu_buffer, &bpage);
                        return;
                }
                rb_inc_page(cpu_buffer, &bpage);

-@@ -3146,7 +3146,7 @@ static inline unsigned long
+@@ -3173,7 +3173,7 @@ static inline unsigned long

  rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer)
  {
        return local_read(&cpu_buffer->entries) -
  rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer)
  {
        return local_read(&cpu_buffer->entries) -


@@ -94481,7 +94059,7 @@ index 2d75c94..5ef6d32 100644
  }
  
  /**
  }
  
  /**

-@@ -3235,7 +3235,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
+@@ -3262,7 +3262,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)

                return 0;
  
        cpu_buffer = buffer->buffers[cpu];
                return 0;
  
        cpu_buffer = buffer->buffers[cpu];


@@ -94490,7 +94068,7 @@ index 2d75c94..5ef6d32 100644
  
        return ret;
  }
  
        return ret;
  }

-@@ -3258,7 +3258,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
+@@ -3285,7 +3285,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)

                return 0;
  
        cpu_buffer = buffer->buffers[cpu];
                return 0;
  
        cpu_buffer = buffer->buffers[cpu];


@@ -94499,7 +94077,7 @@ index 2d75c94..5ef6d32 100644
  
        return ret;
  }
  
        return ret;
  }

-@@ -3343,7 +3343,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
+@@ -3370,7 +3370,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)

        /* if you care about this being correct, lock the buffer */
        for_each_buffer_cpu(buffer, cpu) {
                cpu_buffer = buffer->buffers[cpu];
        /* if you care about this being correct, lock the buffer */
        for_each_buffer_cpu(buffer, cpu) {
                cpu_buffer = buffer->buffers[cpu];


@@ -94508,7 +94086,7 @@ index 2d75c94..5ef6d32 100644
        }
  
        return overruns;
        }
  
        return overruns;

-@@ -3514,8 +3514,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3541,8 +3541,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)

        /*
         * Reset the reader page to size zero.
         */
        /*
         * Reset the reader page to size zero.
         */


@@ -94519,7 +94097,7 @@ index 2d75c94..5ef6d32 100644
        local_set(&cpu_buffer->reader_page->page->commit, 0);
        cpu_buffer->reader_page->real_end = 0;
  
        local_set(&cpu_buffer->reader_page->page->commit, 0);
        cpu_buffer->reader_page->real_end = 0;
  

-@@ -3549,7 +3549,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3576,7 +3576,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)

         * want to compare with the last_overrun.
         */
        smp_mb();
         * want to compare with the last_overrun.
         */
        smp_mb();


@@ -94528,7 +94106,7 @@ index 2d75c94..5ef6d32 100644
  
        /*
         * Here's the tricky part.
  
        /*
         * Here's the tricky part.

-@@ -4121,8 +4121,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -4148,8 +4148,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)

  
        cpu_buffer->head_page
                = list_entry(cpu_buffer->pages, struct buffer_page, list);
  
        cpu_buffer->head_page
                = list_entry(cpu_buffer->pages, struct buffer_page, list);


@@ -94539,7 +94117,7 @@ index 2d75c94..5ef6d32 100644
        local_set(&cpu_buffer->head_page->page->commit, 0);
  
        cpu_buffer->head_page->read = 0;
        local_set(&cpu_buffer->head_page->page->commit, 0);
  
        cpu_buffer->head_page->read = 0;

-@@ -4132,14 +4132,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -4159,14 +4159,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)

  
        INIT_LIST_HEAD(&cpu_buffer->reader_page->list);
        INIT_LIST_HEAD(&cpu_buffer->new_pages);
  
        INIT_LIST_HEAD(&cpu_buffer->reader_page->list);
        INIT_LIST_HEAD(&cpu_buffer->new_pages);


@@ -94558,7 +94136,7 @@ index 2d75c94..5ef6d32 100644
        local_set(&cpu_buffer->dropped_events, 0);
        local_set(&cpu_buffer->entries, 0);
        local_set(&cpu_buffer->committing, 0);
        local_set(&cpu_buffer->dropped_events, 0);
        local_set(&cpu_buffer->entries, 0);
        local_set(&cpu_buffer->committing, 0);

-@@ -4544,8 +4544,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
+@@ -4571,8 +4571,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,

                rb_init_page(bpage);
                bpage = reader->page;
                reader->page = *data_page;
                rb_init_page(bpage);
                bpage = reader->page;
                reader->page = *data_page;


@@ -94570,10 +94148,10 @@ index 2d75c94..5ef6d32 100644
                *data_page = bpage;
  
 diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
                *data_page = bpage;
  
 diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c

-index 8a52839..dd6d7c8 100644
+index 1520933..c651ebc 100644

 --- a/kernel/trace/trace.c
 +++ b/kernel/trace/trace.c
 --- a/kernel/trace/trace.c
 +++ b/kernel/trace/trace.c

-@@ -3487,7 +3487,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
+@@ -3488,7 +3488,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)

        return 0;
  }
  
        return 0;
  }
  


@@ -94718,6 +94296,46 @@ index 8a4e5cb..64f270d 100644
                return;
  
        local_irq_save(flags);
                return;
  
        local_irq_save(flags);

+diff --git a/kernel/trace/trace_syscalls.c b/kernel/trace/trace_syscalls.c
+index 7e3cd7a..5156a5fe 100644
+--- a/kernel/trace/trace_syscalls.c
++++ b/kernel/trace/trace_syscalls.c
+@@ -602,6 +602,8 @@ static int perf_sysenter_enable(struct ftrace_event_call *call)
+       int num;
+ 
+       num = ((struct syscall_metadata *)call->data)->syscall_nr;
++      if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
++              return -EINVAL;
+ 
+       mutex_lock(&syscall_trace_lock);
+       if (!sys_perf_refcount_enter)
+@@ -622,6 +624,8 @@ static void perf_sysenter_disable(struct ftrace_event_call *call)
+       int num;
+ 
+       num = ((struct syscall_metadata *)call->data)->syscall_nr;
++      if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
++              return;
+ 
+       mutex_lock(&syscall_trace_lock);
+       sys_perf_refcount_enter--;
+@@ -674,6 +678,8 @@ static int perf_sysexit_enable(struct ftrace_event_call *call)
+       int num;
+ 
+       num = ((struct syscall_metadata *)call->data)->syscall_nr;
++      if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
++              return -EINVAL;
+ 
+       mutex_lock(&syscall_trace_lock);
+       if (!sys_perf_refcount_exit)
+@@ -694,6 +700,8 @@ static void perf_sysexit_disable(struct ftrace_event_call *call)
+       int num;
+ 
+       num = ((struct syscall_metadata *)call->data)->syscall_nr;
++      if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
++              return;
+ 
+       mutex_lock(&syscall_trace_lock);
+       sys_perf_refcount_exit--;

 diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
 index aa312b0..395f343 100644
 --- a/kernel/user_namespace.c
 diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
 index aa312b0..395f343 100644
 --- a/kernel/user_namespace.c


@@ -94885,10 +94503,10 @@ index 114d1be..ab0350c 100644
                        (val << avg->factor)) >> avg->weight :
                (val << avg->factor);
 diff --git a/lib/bitmap.c b/lib/bitmap.c
                        (val << avg->factor)) >> avg->weight :
                (val << avg->factor);
 diff --git a/lib/bitmap.c b/lib/bitmap.c

-index 1e031f2..a53eb90 100644
+index 33ce011..89e3d6f 100644

 --- a/lib/bitmap.c
 +++ b/lib/bitmap.c
 --- a/lib/bitmap.c
 +++ b/lib/bitmap.c

-@@ -429,7 +429,7 @@ int __bitmap_parse(const char *buf, unsigned int buflen,
+@@ -433,7 +433,7 @@ int __bitmap_parse(const char *buf, unsigned int buflen,

  {
        int c, old_c, totaldigits, ndigits, nchunks, nbits;
        u32 chunk;
  {
        int c, old_c, totaldigits, ndigits, nchunks, nbits;
        u32 chunk;


@@ -94897,7 +94515,7 @@ index 1e031f2..a53eb90 100644
  
        bitmap_zero(maskp, nmaskbits);
  
  
        bitmap_zero(maskp, nmaskbits);
  

-@@ -514,7 +514,7 @@ int bitmap_parse_user(const char __user *ubuf,
+@@ -518,7 +518,7 @@ int bitmap_parse_user(const char __user *ubuf,

  {
        if (!access_ok(VERIFY_READ, ubuf, ulen))
                return -EFAULT;
  {
        if (!access_ok(VERIFY_READ, ubuf, ulen))
                return -EFAULT;


@@ -94906,7 +94524,7 @@ index 1e031f2..a53eb90 100644
                                ulen, 1, maskp, nmaskbits);
  
  }
                                ulen, 1, maskp, nmaskbits);
  
  }

-@@ -605,7 +605,7 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen,
+@@ -609,7 +609,7 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen,

  {
        unsigned a, b;
        int c, old_c, totaldigits;
  {
        unsigned a, b;
        int c, old_c, totaldigits;


@@ -94915,7 +94533,7 @@ index 1e031f2..a53eb90 100644
        int exp_digit, in_range;
  
        totaldigits = c = 0;
        int exp_digit, in_range;
  
        totaldigits = c = 0;

-@@ -700,7 +700,7 @@ int bitmap_parselist_user(const char __user *ubuf,
+@@ -704,7 +704,7 @@ int bitmap_parselist_user(const char __user *ubuf,

  {
        if (!access_ok(VERIFY_READ, ubuf, ulen))
                return -EFAULT;
  {
        if (!access_ok(VERIFY_READ, ubuf, ulen))
                return -EFAULT;


@@ -95451,33 +95069,6 @@ index 0922579..9d7adb9 100644
 +      printk("%lu pages hwpoisoned\n", atomic_long_read_unchecked(&num_poisoned_pages));
  #endif
  }
 +      printk("%lu pages hwpoisoned\n", atomic_long_read_unchecked(&num_poisoned_pages));
  #endif
  }

-diff --git a/lib/string.c b/lib/string.c
-index f3c6ff5..70db57a 100644
---- a/lib/string.c
-+++ b/lib/string.c
-@@ -604,6 +604,22 @@ void *memset(void *s, int c, size_t count)
- EXPORT_SYMBOL(memset);
- #endif
- 
-+/**
-+ * memzero_explicit - Fill a region of memory (e.g. sensitive
-+ *                  keying data) with 0s.
-+ * @s: Pointer to the start of the area.
-+ * @count: The size of the area.
-+ *
-+ * memzero_explicit() doesn't need an arch-specific version as
-+ * it just invokes the one of memset() implicitly.
-+ */
-+void memzero_explicit(void *s, size_t count)
-+{
-+      memset(s, 0, count);
-+      OPTIMIZER_HIDE_VAR(s);
-+}
-+EXPORT_SYMBOL(memzero_explicit);
-+
- #ifndef __HAVE_ARCH_MEMCPY
- /**
-  * memcpy - Copy one area of memory to another

 diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c
 index bb2b201..46abaf9 100644
 --- a/lib/strncpy_from_user.c
 diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c
 index bb2b201..46abaf9 100644
 --- a/lib/strncpy_from_user.c


@@ -95987,18 +95578,18 @@ index eeceeeb..a209d58 100644
        if (!ptep)
                return VM_FAULT_OOM;
 diff --git a/mm/internal.h b/mm/internal.h
        if (!ptep)
                return VM_FAULT_OOM;
 diff --git a/mm/internal.h b/mm/internal.h

-index a1b651b..f688570 100644
+index 5f2772f..4c3882c 100644

 --- a/mm/internal.h
 +++ b/mm/internal.h
 --- a/mm/internal.h
 +++ b/mm/internal.h

-@@ -109,6 +109,7 @@ extern pmd_t *mm_find_pmd(struct mm_struct *mm, unsigned long address);
-  * in mm/page_alloc.c
-  */
+@@ -134,6 +134,7 @@ __find_buddy_index(unsigned long page_idx, unsigned int order)
+ 
+ extern int __isolate_free_page(struct page *page, unsigned int order);

  extern void __free_pages_bootmem(struct page *page, unsigned int order);
 +extern void free_compound_page(struct page *page);
  extern void prep_compound_page(struct page *page, unsigned long order);
  #ifdef CONFIG_MEMORY_FAILURE
  extern bool is_free_buddy_page(struct page *page);
  extern void __free_pages_bootmem(struct page *page, unsigned int order);
 +extern void free_compound_page(struct page *page);
  extern void prep_compound_page(struct page *page, unsigned long order);
  #ifdef CONFIG_MEMORY_FAILURE
  extern bool is_free_buddy_page(struct page *page);

-@@ -351,7 +352,7 @@ extern u32 hwpoison_filter_enable;
+@@ -376,7 +377,7 @@ extern u32 hwpoison_filter_enable;

  
  extern unsigned long vm_mmap_pgoff(struct file *, unsigned long,
          unsigned long, unsigned long,
  
  extern unsigned long vm_mmap_pgoff(struct file *, unsigned long,
          unsigned long, unsigned long,


@@ -96008,7 +95599,7 @@ index a1b651b..f688570 100644
  extern void set_pageblock_order(void);
  unsigned long reclaim_clean_pages_from_list(struct zone *zone,
 diff --git a/mm/iov_iter.c b/mm/iov_iter.c
  extern void set_pageblock_order(void);
  unsigned long reclaim_clean_pages_from_list(struct zone *zone,
 diff --git a/mm/iov_iter.c b/mm/iov_iter.c

-index 9a09f20..6ef0515 100644
+index 141dcf7..7327fd3 100644

 --- a/mm/iov_iter.c
 +++ b/mm/iov_iter.c
 @@ -173,7 +173,7 @@ static size_t __iovec_copy_from_user_inatomic(char *vaddr,
 --- a/mm/iov_iter.c
 +++ b/mm/iov_iter.c
 @@ -173,7 +173,7 @@ static size_t __iovec_copy_from_user_inatomic(char *vaddr,


@@ -96293,7 +95884,7 @@ index 44c6bd2..60369dc3 100644
        }
        unset_migratetype_isolate(page, MIGRATE_MOVABLE);
 diff --git a/mm/memory.c b/mm/memory.c
        }
        unset_migratetype_isolate(page, MIGRATE_MOVABLE);
 diff --git a/mm/memory.c b/mm/memory.c

-index e229970..68218aa 100644
+index 37b80fc..68218aa 100644

 --- a/mm/memory.c
 +++ b/mm/memory.c
 @@ -415,6 +415,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
 --- a/mm/memory.c
 +++ b/mm/memory.c
 @@ -415,6 +415,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,


@@ -96343,15 +95934,7 @@ index e229970..68218aa 100644
                       vma->vm_file->f_op->mmap);
        dump_stack();
        add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
                       vma->vm_file->f_op->mmap);
        dump_stack();
        add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);

-@@ -1147,6 +1153,7 @@ again:
-                               print_bad_pte(vma, addr, ptent, page);
-                       if (unlikely(!__tlb_remove_page(tlb, page))) {
-                               force_flush = 1;
-+                              addr += PAGE_SIZE;
-                               break;
-                       }
-                       continue;
-@@ -1500,6 +1507,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -1501,6 +1507,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,

        page_add_file_rmap(page);
        set_pte_at(mm, addr, pte, mk_pte(page, prot));
  
        page_add_file_rmap(page);
        set_pte_at(mm, addr, pte, mk_pte(page, prot));
  


@@ -96362,7 +95945,7 @@ index e229970..68218aa 100644
        retval = 0;
        pte_unmap_unlock(pte, ptl);
        return retval;
        retval = 0;
        pte_unmap_unlock(pte, ptl);
        return retval;

-@@ -1544,9 +1555,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -1545,9 +1555,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,

        if (!page_count(page))
                return -EINVAL;
        if (!(vma->vm_flags & VM_MIXEDMAP)) {
        if (!page_count(page))
                return -EINVAL;
        if (!(vma->vm_flags & VM_MIXEDMAP)) {


@@ -96384,7 +95967,7 @@ index e229970..68218aa 100644
        }
        return insert_page(vma, addr, page, vma->vm_page_prot);
  }
        }
        return insert_page(vma, addr, page, vma->vm_page_prot);
  }

-@@ -1629,6 +1652,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
+@@ -1630,6 +1652,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,

                        unsigned long pfn)
  {
        BUG_ON(!(vma->vm_flags & VM_MIXEDMAP));
                        unsigned long pfn)
  {
        BUG_ON(!(vma->vm_flags & VM_MIXEDMAP));


@@ -96392,7 +95975,7 @@ index e229970..68218aa 100644
  
        if (addr < vma->vm_start || addr >= vma->vm_end)
                return -EFAULT;
  
        if (addr < vma->vm_start || addr >= vma->vm_end)
                return -EFAULT;

-@@ -1876,7 +1900,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
+@@ -1877,7 +1900,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,

  
        BUG_ON(pud_huge(*pud));
  
  
        BUG_ON(pud_huge(*pud));
  


@@ -96403,7 +95986,7 @@ index e229970..68218aa 100644
        if (!pmd)
                return -ENOMEM;
        do {
        if (!pmd)
                return -ENOMEM;
        do {

-@@ -1896,7 +1922,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
+@@ -1897,7 +1922,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,

        unsigned long next;
        int err;
  
        unsigned long next;
        int err;
  


@@ -96414,7 +95997,7 @@ index e229970..68218aa 100644
        if (!pud)
                return -ENOMEM;
        do {
        if (!pud)
                return -ENOMEM;
        do {

-@@ -2018,6 +2046,186 @@ static int do_page_mkwrite(struct vm_area_struct *vma, struct page *page,
+@@ -2019,6 +2046,186 @@ static int do_page_mkwrite(struct vm_area_struct *vma, struct page *page,

        return ret;
  }
  
        return ret;
  }
  


@@ -96601,7 +96184,7 @@ index e229970..68218aa 100644
  /*
   * This routine handles present pages, when users try to write
   * to a shared page. It is done by copying the page to a new address
  /*
   * This routine handles present pages, when users try to write
   * to a shared page. It is done by copying the page to a new address

-@@ -2216,6 +2424,12 @@ gotten:
+@@ -2217,6 +2424,12 @@ gotten:

         */
        page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
        if (likely(pte_same(*page_table, orig_pte))) {
         */
        page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
        if (likely(pte_same(*page_table, orig_pte))) {


@@ -96614,7 +96197,7 @@ index e229970..68218aa 100644
                if (old_page) {
                        if (!PageAnon(old_page)) {
                                dec_mm_counter_fast(mm, MM_FILEPAGES);
                if (old_page) {
                        if (!PageAnon(old_page)) {
                                dec_mm_counter_fast(mm, MM_FILEPAGES);

-@@ -2269,6 +2483,10 @@ gotten:
+@@ -2270,6 +2483,10 @@ gotten:

                        page_remove_rmap(old_page);
                }
  
                        page_remove_rmap(old_page);
                }
  


@@ -96625,7 +96208,7 @@ index e229970..68218aa 100644
                /* Free the old page.. */
                new_page = old_page;
                ret |= VM_FAULT_WRITE;
                /* Free the old page.. */
                new_page = old_page;
                ret |= VM_FAULT_WRITE;

-@@ -2543,6 +2761,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2544,6 +2761,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,

        swap_free(entry);
        if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
                try_to_free_swap(page);
        swap_free(entry);
        if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
                try_to_free_swap(page);


@@ -96637,7 +96220,7 @@ index e229970..68218aa 100644
        unlock_page(page);
        if (page != swapcache) {
                /*
        unlock_page(page);
        if (page != swapcache) {
                /*

-@@ -2566,6 +2789,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2567,6 +2789,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,

  
        /* No need to invalidate - it was non-present before */
        update_mmu_cache(vma, address, page_table);
  
        /* No need to invalidate - it was non-present before */
        update_mmu_cache(vma, address, page_table);


@@ -96649,7 +96232,7 @@ index e229970..68218aa 100644
  unlock:
        pte_unmap_unlock(page_table, ptl);
  out:
  unlock:
        pte_unmap_unlock(page_table, ptl);
  out:

-@@ -2585,40 +2813,6 @@ out_release:
+@@ -2586,40 +2813,6 @@ out_release:

  }
  
  /*
  }
  
  /*


@@ -96690,7 +96273,7 @@ index e229970..68218aa 100644
   * We enter with non-exclusive mmap_sem (to exclude vma changes,
   * but allow concurrent faults), and pte mapped but not yet locked.
   * We return with mmap_sem still held, but pte unmapped and unlocked.
   * We enter with non-exclusive mmap_sem (to exclude vma changes,
   * but allow concurrent faults), and pte mapped but not yet locked.
   * We return with mmap_sem still held, but pte unmapped and unlocked.

-@@ -2628,27 +2822,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2629,27 +2822,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,

                unsigned int flags)
  {
        struct mem_cgroup *memcg;
                unsigned int flags)
  {
        struct mem_cgroup *memcg;


@@ -96723,7 +96306,7 @@ index e229970..68218aa 100644
        if (unlikely(anon_vma_prepare(vma)))
                goto oom;
        page = alloc_zeroed_user_highpage_movable(vma, address);
        if (unlikely(anon_vma_prepare(vma)))
                goto oom;
        page = alloc_zeroed_user_highpage_movable(vma, address);

-@@ -2672,6 +2862,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2673,6 +2862,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,

        if (!pte_none(*page_table))
                goto release;
  
        if (!pte_none(*page_table))
                goto release;
  


@@ -96735,7 +96318,7 @@ index e229970..68218aa 100644
        inc_mm_counter_fast(mm, MM_ANONPAGES);
        page_add_new_anon_rmap(page, vma, address);
        mem_cgroup_commit_charge(page, memcg, false);
        inc_mm_counter_fast(mm, MM_ANONPAGES);
        page_add_new_anon_rmap(page, vma, address);
        mem_cgroup_commit_charge(page, memcg, false);

-@@ -2681,6 +2876,12 @@ setpte:
+@@ -2682,6 +2876,12 @@ setpte:

  
        /* No need to invalidate - it was non-present before */
        update_mmu_cache(vma, address, page_table);
  
        /* No need to invalidate - it was non-present before */
        update_mmu_cache(vma, address, page_table);


@@ -96748,7 +96331,7 @@ index e229970..68218aa 100644
  unlock:
        pte_unmap_unlock(page_table, ptl);
        return 0;
  unlock:
        pte_unmap_unlock(page_table, ptl);
        return 0;

-@@ -2911,6 +3112,11 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2912,6 +3112,11 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma,

                return ret;
        }
        do_set_pte(vma, address, fault_page, pte, false, false);
                return ret;
        }
        do_set_pte(vma, address, fault_page, pte, false, false);


@@ -96760,7 +96343,7 @@ index e229970..68218aa 100644
        unlock_page(fault_page);
  unlock_out:
        pte_unmap_unlock(pte, ptl);
        unlock_page(fault_page);
  unlock_out:
        pte_unmap_unlock(pte, ptl);

-@@ -2953,7 +3159,18 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2954,7 +3159,18 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma,

                page_cache_release(fault_page);
                goto uncharge_out;
        }
                page_cache_release(fault_page);
                goto uncharge_out;
        }


@@ -96779,7 +96362,7 @@ index e229970..68218aa 100644
        mem_cgroup_commit_charge(new_page, memcg, false);
        lru_cache_add_active_or_unevictable(new_page, vma);
        pte_unmap_unlock(pte, ptl);
        mem_cgroup_commit_charge(new_page, memcg, false);
        lru_cache_add_active_or_unevictable(new_page, vma);
        pte_unmap_unlock(pte, ptl);

-@@ -3003,6 +3220,11 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3004,6 +3220,11 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma,

                return ret;
        }
        do_set_pte(vma, address, fault_page, pte, true, false);
                return ret;
        }
        do_set_pte(vma, address, fault_page, pte, true, false);


@@ -96791,7 +96374,7 @@ index e229970..68218aa 100644
        pte_unmap_unlock(pte, ptl);
  
        if (set_page_dirty(fault_page))
        pte_unmap_unlock(pte, ptl);
  
        if (set_page_dirty(fault_page))

-@@ -3244,6 +3466,12 @@ static int handle_pte_fault(struct mm_struct *mm,
+@@ -3245,6 +3466,12 @@ static int handle_pte_fault(struct mm_struct *mm,

                if (flags & FAULT_FLAG_WRITE)
                        flush_tlb_fix_spurious_fault(vma, address);
        }
                if (flags & FAULT_FLAG_WRITE)
                        flush_tlb_fix_spurious_fault(vma, address);
        }


@@ -96804,7 +96387,7 @@ index e229970..68218aa 100644
  unlock:
        pte_unmap_unlock(pte, ptl);
        return 0;
  unlock:
        pte_unmap_unlock(pte, ptl);
        return 0;

-@@ -3263,9 +3491,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3264,9 +3491,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,

        pmd_t *pmd;
        pte_t *pte;
  
        pmd_t *pmd;
        pte_t *pte;
  


@@ -96846,7 +96429,7 @@ index e229970..68218aa 100644
        pgd = pgd_offset(mm, address);
        pud = pud_alloc(mm, pgd, address);
        if (!pud)
        pgd = pgd_offset(mm, address);
        pud = pud_alloc(mm, pgd, address);
        if (!pud)

-@@ -3399,6 +3659,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
+@@ -3400,6 +3659,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)

        spin_unlock(&mm->page_table_lock);
        return 0;
  }
        spin_unlock(&mm->page_table_lock);
        return 0;
  }


@@ -96870,7 +96453,7 @@ index e229970..68218aa 100644
  #endif /* __PAGETABLE_PUD_FOLDED */
  
  #ifndef __PAGETABLE_PMD_FOLDED
  #endif /* __PAGETABLE_PUD_FOLDED */
  
  #ifndef __PAGETABLE_PMD_FOLDED

-@@ -3429,6 +3706,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
+@@ -3430,6 +3706,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)

        spin_unlock(&mm->page_table_lock);
        return 0;
  }
        spin_unlock(&mm->page_table_lock);
        return 0;
  }


@@ -96901,7 +96484,7 @@ index e229970..68218aa 100644
  #endif /* __PAGETABLE_PMD_FOLDED */
  
  static int __follow_pte(struct mm_struct *mm, unsigned long address,
  #endif /* __PAGETABLE_PMD_FOLDED */
  
  static int __follow_pte(struct mm_struct *mm, unsigned long address,

-@@ -3538,8 +3839,8 @@ out:
+@@ -3539,8 +3839,8 @@ out:

        return ret;
  }
  
        return ret;
  }
  


@@ -96912,7 +96495,7 @@ index e229970..68218aa 100644
  {
        resource_size_t phys_addr;
        unsigned long prot = 0;
  {
        resource_size_t phys_addr;
        unsigned long prot = 0;

-@@ -3565,8 +3866,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);
+@@ -3566,8 +3866,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);

   * Access another process' address space as given in mm.  If non-NULL, use the
   * given task for page fault accounting.
   */
   * Access another process' address space as given in mm.  If non-NULL, use the
   * given task for page fault accounting.
   */


@@ -96923,7 +96506,7 @@ index e229970..68218aa 100644
  {
        struct vm_area_struct *vma;
        void *old_buf = buf;
  {
        struct vm_area_struct *vma;
        void *old_buf = buf;

-@@ -3574,7 +3875,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -3575,7 +3875,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,

        down_read(&mm->mmap_sem);
        /* ignore errors, just check how much was successfully transferred */
        while (len) {
        down_read(&mm->mmap_sem);
        /* ignore errors, just check how much was successfully transferred */
        while (len) {


@@ -96932,7 +96515,7 @@ index e229970..68218aa 100644
                void *maddr;
                struct page *page = NULL;
  
                void *maddr;
                struct page *page = NULL;
  

-@@ -3635,8 +3936,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -3636,8 +3936,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,

   *
   * The caller must hold a reference on @mm.
   */
   *
   * The caller must hold a reference on @mm.
   */


@@ -96943,7 +96526,7 @@ index e229970..68218aa 100644
  {
        return __access_remote_vm(NULL, mm, addr, buf, len, write);
  }
  {
        return __access_remote_vm(NULL, mm, addr, buf, len, write);
  }

-@@ -3646,11 +3947,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
+@@ -3647,11 +3947,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,

   * Source/target buffer must be kernel space,
   * Do not walk the page table directly, use get_user_pages
   */
   * Source/target buffer must be kernel space,
   * Do not walk the page table directly, use get_user_pages
   */


@@ -97035,10 +96618,10 @@ index 8f5330d..b41914b 100644
                capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
  
 diff --git a/mm/migrate.c b/mm/migrate.c
                capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
  
 diff --git a/mm/migrate.c b/mm/migrate.c

-index 2740360..d20a37d 100644
+index 0143995..b294728 100644

 --- a/mm/migrate.c
 +++ b/mm/migrate.c
 --- a/mm/migrate.c
 +++ b/mm/migrate.c

-@@ -1503,8 +1503,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
+@@ -1495,8 +1495,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,

         */
        tcred = __task_cred(task);
        if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
         */
        tcred = __task_cred(task);
        if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&


@@ -97124,7 +96707,7 @@ index ce84cb0..6d5a9aa 100644
            capable(CAP_IPC_LOCK))
                ret = do_mlockall(flags);
 diff --git a/mm/mmap.c b/mm/mmap.c
            capable(CAP_IPC_LOCK))
                ret = do_mlockall(flags);
 diff --git a/mm/mmap.c b/mm/mmap.c

-index c0a3637..c760814 100644
+index ebc25fa..0ef0db0 100644

 --- a/mm/mmap.c
 +++ b/mm/mmap.c
 @@ -41,6 +41,7 @@
 --- a/mm/mmap.c
 +++ b/mm/mmap.c
 @@ -41,6 +41,7 @@


@@ -97299,7 +96882,7 @@ index c0a3637..c760814 100644
 +              }
                if (err)
                        return NULL;
 +              }
                if (err)
                        return NULL;

-               khugepaged_enter_vma_merge(prev);
+               khugepaged_enter_vma_merge(prev, vm_flags);

 @@ -1067,12 +1138,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
                        mpol_equal(policy, vma_policy(next)) &&
                        can_vma_merge_before(next, vm_flags,
 @@ -1067,12 +1138,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
                        mpol_equal(policy, vma_policy(next)) &&
                        can_vma_merge_before(next, vm_flags,


@@ -97329,7 +96912,7 @@ index c0a3637..c760814 100644
 +              }
                if (err)
                        return NULL;
 +              }
                if (err)
                        return NULL;

-               khugepaged_enter_vma_merge(area);
+               khugepaged_enter_vma_merge(area, vm_flags);

 @@ -1181,8 +1267,10 @@ none:
  void vm_stat_account(struct mm_struct *mm, unsigned long flags,
                                                struct file *file, long pages)
 @@ -1181,8 +1267,10 @@ none:
  void vm_stat_account(struct mm_struct *mm, unsigned long flags,
                                                struct file *file, long pages)


@@ -97862,7 +97445,7 @@ index c0a3637..c760814 100644
 +      if (locknext)
 +              vma_unlock_anon_vma(vma->vm_next);
        vma_unlock_anon_vma(vma);
 +      if (locknext)
 +              vma_unlock_anon_vma(vma->vm_next);
        vma_unlock_anon_vma(vma);

-       khugepaged_enter_vma_merge(vma);
+       khugepaged_enter_vma_merge(vma, vma->vm_flags);

        validate_mm(vma->vm_mm);
 @@ -2205,6 +2525,8 @@ int expand_downwards(struct vm_area_struct *vma,
                                   unsigned long address)
        validate_mm(vma->vm_mm);
 @@ -2205,6 +2525,8 @@ int expand_downwards(struct vm_area_struct *vma,
                                   unsigned long address)


@@ -97933,7 +97516,7 @@ index c0a3637..c760814 100644
        vma_unlock_anon_vma(vma);
 +      if (lockprev)
 +              vma_unlock_anon_vma(prev);
        vma_unlock_anon_vma(vma);
 +      if (lockprev)
 +              vma_unlock_anon_vma(prev);

-       khugepaged_enter_vma_merge(vma);
+       khugepaged_enter_vma_merge(vma, vma->vm_flags);

        validate_mm(vma->vm_mm);
        return error;
 @@ -2358,6 +2711,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
        validate_mm(vma->vm_mm);
        return error;
 @@ -2358,6 +2711,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)


@@ -98782,7 +98365,7 @@ index a881d96..e5932cd 100644
        struct mm_struct *mm;
  
 diff --git a/mm/page-writeback.c b/mm/page-writeback.c
        struct mm_struct *mm;
  
 diff --git a/mm/page-writeback.c b/mm/page-writeback.c

-index 91d73ef..0e564d2 100644
+index ba5fd97..5a95869 100644

 --- a/mm/page-writeback.c
 +++ b/mm/page-writeback.c
 @@ -664,7 +664,7 @@ static long long pos_ratio_polynom(unsigned long setpoint,
 --- a/mm/page-writeback.c
 +++ b/mm/page-writeback.c
 @@ -664,7 +664,7 @@ static long long pos_ratio_polynom(unsigned long setpoint,


@@ -98795,7 +98378,7 @@ index 91d73ef..0e564d2 100644
                                        unsigned long bg_thresh,
                                        unsigned long dirty,
 diff --git a/mm/page_alloc.c b/mm/page_alloc.c
                                        unsigned long bg_thresh,
                                        unsigned long dirty,
 diff --git a/mm/page_alloc.c b/mm/page_alloc.c

-index eee9619..155d328 100644
+index c5fe124..2cf7f17 100644

 --- a/mm/page_alloc.c
 +++ b/mm/page_alloc.c
 @@ -61,6 +61,7 @@
 --- a/mm/page_alloc.c
 +++ b/mm/page_alloc.c
 @@ -61,6 +61,7 @@


@@ -98815,7 +98398,7 @@ index eee9619..155d328 100644
  {
        __free_pages_ok(page, compound_order(page));
  }
  {
        __free_pages_ok(page, compound_order(page));
  }

-@@ -751,6 +752,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
+@@ -740,6 +741,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order)

        int i;
        int bad = 0;
  
        int i;
        int bad = 0;
  


@@ -98826,7 +98409,7 @@ index eee9619..155d328 100644
        trace_mm_page_free(page, order);
        kmemcheck_free_shadow(page, order);
  
        trace_mm_page_free(page, order);
        kmemcheck_free_shadow(page, order);
  

-@@ -767,6 +772,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
+@@ -756,6 +761,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)

                debug_check_no_obj_freed(page_address(page),
                                           PAGE_SIZE << order);
        }
                debug_check_no_obj_freed(page_address(page),
                                           PAGE_SIZE << order);
        }


@@ -98839,7 +98422,7 @@ index eee9619..155d328 100644
        arch_free_page(page, order);
        kernel_map_pages(page, 1 << order, 0);
  
        arch_free_page(page, order);
        kernel_map_pages(page, 1 << order, 0);
  

-@@ -790,6 +801,20 @@ static void __free_pages_ok(struct page *page, unsigned int order)
+@@ -779,6 +790,20 @@ static void __free_pages_ok(struct page *page, unsigned int order)

        local_irq_restore(flags);
  }
  
        local_irq_restore(flags);
  }
  


@@ -98860,7 +98443,7 @@ index eee9619..155d328 100644
  void __init __free_pages_bootmem(struct page *page, unsigned int order)
  {
        unsigned int nr_pages = 1 << order;
  void __init __free_pages_bootmem(struct page *page, unsigned int order)
  {
        unsigned int nr_pages = 1 << order;

-@@ -805,6 +830,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order)
+@@ -794,6 +819,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order)

        __ClearPageReserved(p);
        set_page_count(p, 0);
  
        __ClearPageReserved(p);
        set_page_count(p, 0);
  


@@ -98880,7 +98463,7 @@ index eee9619..155d328 100644
        page_zone(page)->managed_pages += nr_pages;
        set_page_refcounted(page);
        __free_pages(page, order);
        page_zone(page)->managed_pages += nr_pages;
        set_page_refcounted(page);
        __free_pages(page, order);

-@@ -933,8 +971,10 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags)
+@@ -922,8 +960,10 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags)

        arch_alloc_page(page, order);
        kernel_map_pages(page, 1 << order, 1);
  
        arch_alloc_page(page, order);
        kernel_map_pages(page, 1 << order, 1);
  


@@ -98891,7 +98474,7 @@ index eee9619..155d328 100644
  
        if (order && (gfp_flags & __GFP_COMP))
                prep_compound_page(page, order);
  
        if (order && (gfp_flags & __GFP_COMP))
                prep_compound_page(page, order);

-@@ -1612,7 +1652,7 @@ again:
+@@ -1601,7 +1641,7 @@ again:

        }
  
        __mod_zone_page_state(zone, NR_ALLOC_BATCH, -(1 << order));
        }
  
        __mod_zone_page_state(zone, NR_ALLOC_BATCH, -(1 << order));


@@ -98900,7 +98483,7 @@ index eee9619..155d328 100644
            !zone_is_fair_depleted(zone))
                zone_set_flag(zone, ZONE_FAIR_DEPLETED);
  
            !zone_is_fair_depleted(zone))
                zone_set_flag(zone, ZONE_FAIR_DEPLETED);
  

-@@ -1933,7 +1973,7 @@ static void reset_alloc_batches(struct zone *preferred_zone)
+@@ -1922,7 +1962,7 @@ static void reset_alloc_batches(struct zone *preferred_zone)

        do {
                mod_zone_page_state(zone, NR_ALLOC_BATCH,
                        high_wmark_pages(zone) - low_wmark_pages(zone) -
        do {
                mod_zone_page_state(zone, NR_ALLOC_BATCH,
                        high_wmark_pages(zone) - low_wmark_pages(zone) -


@@ -98909,7 +98492,7 @@ index eee9619..155d328 100644
                zone_clear_flag(zone, ZONE_FAIR_DEPLETED);
        } while (zone++ != preferred_zone);
  }
                zone_clear_flag(zone, ZONE_FAIR_DEPLETED);
        } while (zone++ != preferred_zone);
  }

-@@ -5702,7 +5742,7 @@ static void __setup_per_zone_wmarks(void)
+@@ -5699,7 +5739,7 @@ static void __setup_per_zone_wmarks(void)

  
                __mod_zone_page_state(zone, NR_ALLOC_BATCH,
                        high_wmark_pages(zone) - low_wmark_pages(zone) -
  
                __mod_zone_page_state(zone, NR_ALLOC_BATCH,
                        high_wmark_pages(zone) - low_wmark_pages(zone) -


@@ -98919,7 +98502,7 @@ index eee9619..155d328 100644
                setup_zone_migrate_reserve(zone);
                spin_unlock_irqrestore(&zone->lock, flags);
 diff --git a/mm/percpu.c b/mm/percpu.c
                setup_zone_migrate_reserve(zone);
                spin_unlock_irqrestore(&zone->lock, flags);
 diff --git a/mm/percpu.c b/mm/percpu.c

-index da997f9..19040e9 100644
+index 2139e30..1d45bce 100644

 --- a/mm/percpu.c
 +++ b/mm/percpu.c
 @@ -123,7 +123,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly;
 --- a/mm/percpu.c
 +++ b/mm/percpu.c
 @@ -123,7 +123,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly;


@@ -98983,7 +98566,7 @@ index 5077afc..846c9ef 100644
        if (!mm || IS_ERR(mm)) {
                rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
 diff --git a/mm/rmap.c b/mm/rmap.c
        if (!mm || IS_ERR(mm)) {
                rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
 diff --git a/mm/rmap.c b/mm/rmap.c

-index 3e8491c..02abccc 100644
+index e01318d..25117ca 100644

 --- a/mm/rmap.c
 +++ b/mm/rmap.c
 @@ -164,6 +164,10 @@ int anon_vma_prepare(struct vm_area_struct *vma)
 --- a/mm/rmap.c
 +++ b/mm/rmap.c
 @@ -164,6 +164,10 @@ int anon_vma_prepare(struct vm_area_struct *vma)


@@ -99146,7 +98729,7 @@ index 469f90d..34a09ee 100644
                return -ENOMEM;
  
 diff --git a/mm/slab.c b/mm/slab.c
                return -ENOMEM;
  
 diff --git a/mm/slab.c b/mm/slab.c

-index 7c52b38..dc55dcb 100644
+index 7c52b38..3ccc17e 100644

 --- a/mm/slab.c
 +++ b/mm/slab.c
 @@ -316,10 +316,12 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent)
 --- a/mm/slab.c
 +++ b/mm/slab.c
 @@ -316,10 +316,12 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent)


@@ -99199,29 +98782,28 @@ index 7c52b38..dc55dcb 100644
  
        slab_early_init = 0;
  
  
        slab_early_init = 0;
  

-@@ -3384,6 +3388,21 @@ static inline void __cache_free(struct kmem_cache *cachep, void *objp,
+@@ -3384,6 +3388,20 @@ static inline void __cache_free(struct kmem_cache *cachep, void *objp,

        struct array_cache *ac = cpu_cache_get(cachep);
  
        check_irq_off();
 +
 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
        struct array_cache *ac = cpu_cache_get(cachep);
  
        check_irq_off();
 +
 +#ifdef CONFIG_PAX_MEMORY_SANITIZE

-+      if (pax_sanitize_slab) {
-+              if (!(cachep->flags & (SLAB_POISON | SLAB_NO_SANITIZE))) {
-+                      memset(objp, PAX_MEMORY_SANITIZE_VALUE, cachep->object_size);
++      if (cachep->flags & (SLAB_POISON | SLAB_NO_SANITIZE))
++              STATS_INC_NOT_SANITIZED(cachep);
++      else {
++              memset(objp, PAX_MEMORY_SANITIZE_VALUE, cachep->object_size);

 +
 +

-+                      if (cachep->ctor)
-+                              cachep->ctor(objp);
++              if (cachep->ctor)
++                      cachep->ctor(objp);

 +
 +

-+                      STATS_INC_SANITIZED(cachep);
-+              } else
-+                      STATS_INC_NOT_SANITIZED(cachep);
++              STATS_INC_SANITIZED(cachep);

 +      }
 +#endif
 +
        kmemleak_free_recursive(objp, cachep->flags);
        objp = cache_free_debugcheck(cachep, objp, caller);
  
 +      }
 +#endif
 +
        kmemleak_free_recursive(objp, cachep->flags);
        objp = cache_free_debugcheck(cachep, objp, caller);
  

-@@ -3607,6 +3626,7 @@ void kfree(const void *objp)
+@@ -3607,6 +3625,7 @@ void kfree(const void *objp)

  
        if (unlikely(ZERO_OR_NULL_PTR(objp)))
                return;
  
        if (unlikely(ZERO_OR_NULL_PTR(objp)))
                return;


@@ -99229,7 +98811,7 @@ index 7c52b38..dc55dcb 100644
        local_irq_save(flags);
        kfree_debugcheck(objp);
        c = virt_to_cache(objp);
        local_irq_save(flags);
        kfree_debugcheck(objp);
        c = virt_to_cache(objp);

-@@ -4056,14 +4076,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep)
+@@ -4056,14 +4075,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep)

        }
        /* cpu stats */
        {
        }
        /* cpu stats */
        {


@@ -99256,7 +98838,7 @@ index 7c52b38..dc55dcb 100644
  #endif
  }
  
  #endif
  }
  

-@@ -4281,13 +4309,69 @@ static const struct file_operations proc_slabstats_operations = {
+@@ -4281,13 +4308,69 @@ static const struct file_operations proc_slabstats_operations = {

  static int __init slab_proc_init(void)
  {
  #ifdef CONFIG_DEBUG_SLAB_LEAK
  static int __init slab_proc_init(void)
  {
  #ifdef CONFIG_DEBUG_SLAB_LEAK


@@ -99328,10 +98910,10 @@ index 7c52b38..dc55dcb 100644
   * ksize - get the actual amount of memory allocated for a given object
   * @objp: Pointer to the object
 diff --git a/mm/slab.h b/mm/slab.h
   * ksize - get the actual amount of memory allocated for a given object
   * @objp: Pointer to the object
 diff --git a/mm/slab.h b/mm/slab.h

-index 0e0fdd3..c61c735 100644
+index 0e0fdd3..d0fd761 100644

 --- a/mm/slab.h
 +++ b/mm/slab.h
 --- a/mm/slab.h
 +++ b/mm/slab.h

-@@ -32,6 +32,15 @@ extern struct list_head slab_caches;
+@@ -32,6 +32,20 @@ extern struct list_head slab_caches;

  /* The slab cache that manages slab cache information */
  extern struct kmem_cache *kmem_cache;
  
  /* The slab cache that manages slab cache information */
  extern struct kmem_cache *kmem_cache;
  


@@ -99341,13 +98923,18 @@ index 0e0fdd3..c61c735 100644
 +#else
 +#define PAX_MEMORY_SANITIZE_VALUE     '\xff'
 +#endif
 +#else
 +#define PAX_MEMORY_SANITIZE_VALUE     '\xff'
 +#endif

-+extern bool pax_sanitize_slab;
++enum pax_sanitize_mode {
++      PAX_SANITIZE_SLAB_OFF = 0,
++      PAX_SANITIZE_SLAB_FAST,
++      PAX_SANITIZE_SLAB_FULL,
++};
++extern enum pax_sanitize_mode pax_sanitize_slab;

 +#endif
 +
  unsigned long calculate_alignment(unsigned long flags,
                unsigned long align, unsigned long size);
  
 +#endif
 +
  unsigned long calculate_alignment(unsigned long flags,
                unsigned long align, unsigned long size);
  

-@@ -67,7 +76,8 @@ __kmem_cache_alias(const char *name, size_t size, size_t align,
+@@ -67,7 +81,8 @@ __kmem_cache_alias(const char *name, size_t size, size_t align,

  
  /* Legal flag mask for kmem_cache_create(), for various configurations */
  #define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | SLAB_PANIC | \
  
  /* Legal flag mask for kmem_cache_create(), for various configurations */
  #define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | SLAB_PANIC | \


@@ -99357,7 +98944,7 @@ index 0e0fdd3..c61c735 100644
  
  #if defined(CONFIG_DEBUG_SLAB)
  #define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER)
  
  #if defined(CONFIG_DEBUG_SLAB)
  #define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER)

-@@ -251,6 +261,9 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x)
+@@ -251,6 +266,9 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x)

                return s;
  
        page = virt_to_head_page(x);
                return s;
  
        page = virt_to_head_page(x);


@@ -99368,10 +98955,10 @@ index 0e0fdd3..c61c735 100644
        if (slab_equal_or_root(cachep, s))
                return cachep;
 diff --git a/mm/slab_common.c b/mm/slab_common.c
        if (slab_equal_or_root(cachep, s))
                return cachep;
 diff --git a/mm/slab_common.c b/mm/slab_common.c

-index d319502..9eb3eb5 100644
+index d319502..da7714e 100644

 --- a/mm/slab_common.c
 +++ b/mm/slab_common.c
 --- a/mm/slab_common.c
 +++ b/mm/slab_common.c

-@@ -25,11 +25,22 @@
+@@ -25,11 +25,35 @@

  
  #include "slab.h"
  
  
  #include "slab.h"
  


@@ -99382,20 +98969,33 @@ index d319502..9eb3eb5 100644
  struct kmem_cache *kmem_cache;
  
 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
  struct kmem_cache *kmem_cache;
  
 +#ifdef CONFIG_PAX_MEMORY_SANITIZE

-+bool pax_sanitize_slab __read_only = true;
++enum pax_sanitize_mode pax_sanitize_slab __read_only = PAX_SANITIZE_SLAB_FAST;

 +static int __init pax_sanitize_slab_setup(char *str)
 +{
 +static int __init pax_sanitize_slab_setup(char *str)
 +{

-+      pax_sanitize_slab = !!simple_strtol(str, NULL, 0);
-+      printk("%sabled PaX slab sanitization\n", pax_sanitize_slab ? "En" : "Dis");
-+      return 1;
++      if (!str)
++              return 0;
++
++      if (!strcmp(str, "0") || !strcmp(str, "off")) {
++              pr_info("PaX slab sanitization: %s\n", "disabled");
++              pax_sanitize_slab = PAX_SANITIZE_SLAB_OFF;
++      } else if (!strcmp(str, "1") || !strcmp(str, "fast")) {
++              pr_info("PaX slab sanitization: %s\n", "fast");
++              pax_sanitize_slab = PAX_SANITIZE_SLAB_FAST;
++      } else if (!strcmp(str, "full")) {
++              pr_info("PaX slab sanitization: %s\n", "full");
++              pax_sanitize_slab = PAX_SANITIZE_SLAB_FULL;
++      } else
++              pr_err("PaX slab sanitization: unsupported option '%s'\n", str);
++
++      return 0;

 +}
 +}

-+__setup("pax_sanitize_slab=", pax_sanitize_slab_setup);
++early_param("pax_sanitize_slab", pax_sanitize_slab_setup);

 +#endif
 +
  #ifdef CONFIG_DEBUG_VM
  static int kmem_cache_sanity_check(const char *name, size_t size)
  {
 +#endif
 +
  #ifdef CONFIG_DEBUG_VM
  static int kmem_cache_sanity_check(const char *name, size_t size)
  {

-@@ -160,7 +171,7 @@ do_kmem_cache_create(char *name, size_t object_size, size_t size, size_t align,
+@@ -160,7 +184,7 @@ do_kmem_cache_create(char *name, size_t object_size, size_t size, size_t align,

        if (err)
                goto out_free_cache;
  
        if (err)
                goto out_free_cache;
  


@@ -99404,7 +99004,21 @@ index d319502..9eb3eb5 100644
        list_add(&s->list, &slab_caches);
  out:
        if (err)
        list_add(&s->list, &slab_caches);
  out:
        if (err)

-@@ -341,8 +352,7 @@ void kmem_cache_destroy(struct kmem_cache *s)
+@@ -222,6 +246,13 @@ kmem_cache_create(const char *name, size_t size, size_t align,
+        */
+       flags &= CACHE_CREATE_MASK;
+ 
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++      if (pax_sanitize_slab == PAX_SANITIZE_SLAB_OFF || (flags & SLAB_DESTROY_BY_RCU))
++              flags |= SLAB_NO_SANITIZE;
++      else if (pax_sanitize_slab == PAX_SANITIZE_SLAB_FULL)
++              flags &= ~SLAB_NO_SANITIZE;
++#endif
++
+       s = __kmem_cache_alias(name, size, align, flags, ctor);
+       if (s)
+               goto out_unlock;
+@@ -341,8 +372,7 @@ void kmem_cache_destroy(struct kmem_cache *s)

  
        mutex_lock(&slab_mutex);
  
  
        mutex_lock(&slab_mutex);
  


@@ -99414,7 +99028,7 @@ index d319502..9eb3eb5 100644
                goto out_unlock;
  
        if (memcg_cleanup_cache_params(s) != 0)
                goto out_unlock;
  
        if (memcg_cleanup_cache_params(s) != 0)

-@@ -362,7 +372,7 @@ void kmem_cache_destroy(struct kmem_cache *s)
+@@ -362,7 +392,7 @@ void kmem_cache_destroy(struct kmem_cache *s)

                rcu_barrier();
  
        memcg_free_cache_params(s);
                rcu_barrier();
  
        memcg_free_cache_params(s);


@@ -99423,7 +99037,7 @@ index d319502..9eb3eb5 100644
        sysfs_slab_remove(s);
  #else
        slab_kmem_cache_release(s);
        sysfs_slab_remove(s);
  #else
        slab_kmem_cache_release(s);

-@@ -418,7 +428,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz
+@@ -418,7 +448,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz

                panic("Creation of kmalloc slab %s size=%zu failed. Reason %d\n",
                                        name, size, err);
  
                panic("Creation of kmalloc slab %s size=%zu failed. Reason %d\n",
                                        name, size, err);
  


@@ -99432,7 +99046,7 @@ index d319502..9eb3eb5 100644
  }
  
  struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
  }
  
  struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,

-@@ -431,7 +441,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
+@@ -431,7 +461,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,

  
        create_boot_cache(s, name, size, flags);
        list_add(&s->list, &slab_caches);
  
        create_boot_cache(s, name, size, flags);
        list_add(&s->list, &slab_caches);


@@ -99441,7 +99055,7 @@ index d319502..9eb3eb5 100644
        return s;
  }
  
        return s;
  }
  

-@@ -443,6 +453,11 @@ struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1];
+@@ -443,6 +473,11 @@ struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1];

  EXPORT_SYMBOL(kmalloc_dma_caches);
  #endif
  
  EXPORT_SYMBOL(kmalloc_dma_caches);
  #endif
  


@@ -99453,7 +99067,7 @@ index d319502..9eb3eb5 100644
  /*
   * Conversion table for small slabs sizes / 8 to the index in the
   * kmalloc array. This is necessary for slabs < 192 since we have non power
  /*
   * Conversion table for small slabs sizes / 8 to the index in the
   * kmalloc array. This is necessary for slabs < 192 since we have non power

-@@ -507,6 +522,13 @@ struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags)
+@@ -507,6 +542,13 @@ struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags)

                return kmalloc_dma_caches[index];
  
  #endif
                return kmalloc_dma_caches[index];
  
  #endif


@@ -99467,7 +99081,7 @@ index d319502..9eb3eb5 100644
        return kmalloc_caches[index];
  }
  
        return kmalloc_caches[index];
  }
  

-@@ -563,7 +585,7 @@ void __init create_kmalloc_caches(unsigned long flags)
+@@ -563,7 +605,7 @@ void __init create_kmalloc_caches(unsigned long flags)

        for (i = KMALLOC_SHIFT_LOW; i <= KMALLOC_SHIFT_HIGH; i++) {
                if (!kmalloc_caches[i]) {
                        kmalloc_caches[i] = create_kmalloc_cache(NULL,
        for (i = KMALLOC_SHIFT_LOW; i <= KMALLOC_SHIFT_HIGH; i++) {
                if (!kmalloc_caches[i]) {
                        kmalloc_caches[i] = create_kmalloc_cache(NULL,


@@ -99476,7 +99090,7 @@ index d319502..9eb3eb5 100644
                }
  
                /*
                }
  
                /*

-@@ -572,10 +594,10 @@ void __init create_kmalloc_caches(unsigned long flags)
+@@ -572,10 +614,10 @@ void __init create_kmalloc_caches(unsigned long flags)

                 * earlier power of two caches
                 */
                if (KMALLOC_MIN_SIZE <= 32 && !kmalloc_caches[1] && i == 6)
                 * earlier power of two caches
                 */
                if (KMALLOC_MIN_SIZE <= 32 && !kmalloc_caches[1] && i == 6)


@@ -99489,7 +99103,7 @@ index d319502..9eb3eb5 100644
        }
  
        /* Kmalloc array is now usable */
        }
  
        /* Kmalloc array is now usable */

-@@ -608,6 +630,23 @@ void __init create_kmalloc_caches(unsigned long flags)
+@@ -608,6 +650,23 @@ void __init create_kmalloc_caches(unsigned long flags)

                }
        }
  #endif
                }
        }
  #endif


@@ -99513,7 +99127,7 @@ index d319502..9eb3eb5 100644
  }
  #endif /* !CONFIG_SLOB */
  
  }
  #endif /* !CONFIG_SLOB */
  

-@@ -666,6 +705,9 @@ void print_slabinfo_header(struct seq_file *m)
+@@ -666,6 +725,9 @@ void print_slabinfo_header(struct seq_file *m)

        seq_puts(m, " : globalstat <listallocs> <maxobjs> <grown> <reaped> "
                 "<error> <maxfreeable> <nodeallocs> <remotefrees> <alienoverflow>");
        seq_puts(m, " : cpustat <allochit> <allocmiss> <freehit> <freemiss>");
        seq_puts(m, " : globalstat <listallocs> <maxobjs> <grown> <reaped> "
                 "<error> <maxfreeable> <nodeallocs> <remotefrees> <alienoverflow>");
        seq_puts(m, " : cpustat <allochit> <allocmiss> <freehit> <freemiss>");


@@ -99524,7 +99138,7 @@ index d319502..9eb3eb5 100644
        seq_putc(m, '\n');
  }
 diff --git a/mm/slob.c b/mm/slob.c
        seq_putc(m, '\n');
  }
 diff --git a/mm/slob.c b/mm/slob.c

-index 21980e0..ed9a648 100644
+index 21980e0..975f1bf 100644

 --- a/mm/slob.c
 +++ b/mm/slob.c
 @@ -157,7 +157,7 @@ static void set_slob(slob_t *s, slobidx_t size, slob_t *next)
 --- a/mm/slob.c
 +++ b/mm/slob.c
 @@ -157,7 +157,7 @@ static void set_slob(slob_t *s, slobidx_t size, slob_t *next)


@@ -99605,6 +99219,15 @@ index 21980e0..ed9a648 100644
                INIT_LIST_HEAD(&sp->lru);
                set_slob(b, SLOB_UNITS(PAGE_SIZE), b + SLOB_UNITS(PAGE_SIZE));
                set_slob_page_free(sp, slob_list);
                INIT_LIST_HEAD(&sp->lru);
                set_slob(b, SLOB_UNITS(PAGE_SIZE), b + SLOB_UNITS(PAGE_SIZE));
                set_slob_page_free(sp, slob_list);

+@@ -337,7 +341,7 @@ static void *slob_alloc(size_t size, gfp_t gfp, int align, int node)
+ /*
+  * slob_free: entry point into the slob allocator.
+  */
+-static void slob_free(void *block, int size)
++static void slob_free(struct kmem_cache *c, void *block, int size)
+ {
+       struct page *sp;
+       slob_t *prev, *next, *b = (slob_t *)block;

 @@ -359,12 +363,15 @@ static void slob_free(void *block, int size)
                if (slob_page_free(sp))
                        clear_slob_page_free(sp);
 @@ -359,12 +363,15 @@ static void slob_free(void *block, int size)
                if (slob_page_free(sp))
                        clear_slob_page_free(sp);


@@ -99617,7 +99240,7 @@ index 21980e0..ed9a648 100644
        }
  
 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
        }
  
 +#ifdef CONFIG_PAX_MEMORY_SANITIZE

-+      if (pax_sanitize_slab)
++      if (pax_sanitize_slab && !(c && (c->flags & SLAB_NO_SANITIZE)))

 +              memset(block, PAX_MEMORY_SANITIZE_VALUE, size);
 +#endif
 +
 +              memset(block, PAX_MEMORY_SANITIZE_VALUE, size);
 +#endif
 +


@@ -99698,7 +99321,7 @@ index 21980e0..ed9a648 100644
 -              slob_free(m, *m + align);
 -      } else
 +              slob_t *m = (slob_t *)(block - align);
 -              slob_free(m, *m + align);
 -      } else
 +              slob_t *m = (slob_t *)(block - align);

-+              slob_free(m, m[0].units + align);
++              slob_free(NULL, m, m[0].units + align);

 +      } else {
 +              __ClearPageSlab(sp);
 +              page_mapcount_reset(sp);
 +      } else {
 +              __ClearPageSlab(sp);
 +              page_mapcount_reset(sp);


@@ -99842,24 +99465,34 @@ index 21980e0..ed9a648 100644
  
        if (b && c->ctor)
                c->ctor(b);
  
        if (b && c->ctor)
                c->ctor(b);

-@@ -584,10 +696,14 @@ EXPORT_SYMBOL(kmem_cache_alloc_node);
+@@ -582,12 +694,16 @@ void *kmem_cache_alloc_node(struct kmem_cache *cachep, gfp_t gfp, int node)
+ EXPORT_SYMBOL(kmem_cache_alloc_node);
+ #endif

  
  

- static void __kmem_cache_free(void *b, int size)
+-static void __kmem_cache_free(void *b, int size)
++static void __kmem_cache_free(struct kmem_cache *c, void *b, int size)

  {
 -      if (size < PAGE_SIZE)
  {
 -      if (size < PAGE_SIZE)

+-              slob_free(b, size);

 +      struct page *sp;
 +
 +      sp = virt_to_page(b);
 +      BUG_ON(!PageSlab(sp));
 +      if (!sp->private)
 +      struct page *sp;
 +
 +      sp = virt_to_page(b);
 +      BUG_ON(!PageSlab(sp));
 +      if (!sp->private)

-               slob_free(b, size);
++              slob_free(c, b, size);

        else
 -              slob_free_pages(b, get_order(size));
 +              slob_free_pages(sp, get_order(size));
  }
  
  static void kmem_rcu_free(struct rcu_head *head)
        else
 -              slob_free_pages(b, get_order(size));
 +              slob_free_pages(sp, get_order(size));
  }
  
  static void kmem_rcu_free(struct rcu_head *head)

-@@ -600,17 +716,31 @@ static void kmem_rcu_free(struct rcu_head *head)
+@@ -595,22 +711,36 @@ static void kmem_rcu_free(struct rcu_head *head)
+       struct slob_rcu *slob_rcu = (struct slob_rcu *)head;
+       void *b = (void *)slob_rcu - (slob_rcu->size - sizeof(struct slob_rcu));
+ 
+-      __kmem_cache_free(b, slob_rcu->size);
++      __kmem_cache_free(NULL, b, slob_rcu->size);
+ }

  
  void kmem_cache_free(struct kmem_cache *c, void *b)
  {
  
  void kmem_cache_free(struct kmem_cache *c, void *b)
  {


@@ -99882,7 +99515,7 @@ index 21980e0..ed9a648 100644
                call_rcu(&slob_rcu->head, kmem_rcu_free);
        } else {
 -              __kmem_cache_free(b, c->size);
                call_rcu(&slob_rcu->head, kmem_rcu_free);
        } else {
 -              __kmem_cache_free(b, c->size);

-+              __kmem_cache_free(b, size);
++              __kmem_cache_free(c, b, size);

        }
  
 +#ifdef CONFIG_PAX_USERCOPY_SLABS
        }
  
 +#ifdef CONFIG_PAX_USERCOPY_SLABS


@@ -99895,7 +99528,7 @@ index 21980e0..ed9a648 100644
  EXPORT_SYMBOL(kmem_cache_free);
  
 diff --git a/mm/slub.c b/mm/slub.c
  EXPORT_SYMBOL(kmem_cache_free);
  
 diff --git a/mm/slub.c b/mm/slub.c

-index 3e8afcc..68c99031 100644
+index 3e8afcc..d6e2c89 100644

 --- a/mm/slub.c
 +++ b/mm/slub.c
 @@ -207,7 +207,7 @@ struct track {
 --- a/mm/slub.c
 +++ b/mm/slub.c
 @@ -207,7 +207,7 @@ struct track {


@@ -99921,7 +99554,7 @@ index 3e8afcc..68c99031 100644
        slab_free_hook(s, x);
  
 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
        slab_free_hook(s, x);
  
 +#ifdef CONFIG_PAX_MEMORY_SANITIZE

-+      if (pax_sanitize_slab && !(s->flags & SLAB_NO_SANITIZE)) {
++      if (!(s->flags & SLAB_NO_SANITIZE)) {

 +              memset(x, PAX_MEMORY_SANITIZE_VALUE, s->object_size);
 +              if (s->ctor)
 +                      s->ctor(x);
 +              memset(x, PAX_MEMORY_SANITIZE_VALUE, s->object_size);
 +              if (s->ctor)
 +                      s->ctor(x);


@@ -99945,7 +99578,7 @@ index 3e8afcc..68c99031 100644
  
        if (((flags & (SLAB_DESTROY_BY_RCU | SLAB_POISON)) ||
 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
  
        if (((flags & (SLAB_DESTROY_BY_RCU | SLAB_POISON)) ||
 +#ifdef CONFIG_PAX_MEMORY_SANITIZE

-+              (pax_sanitize_slab && !(flags & SLAB_NO_SANITIZE)) ||
++              (!(flags & SLAB_NO_SANITIZE)) ||

 +#endif
                s->ctor)) {
                /*
 +#endif
                s->ctor)) {
                /*


@@ -100100,7 +99733,7 @@ index 3e8afcc..68c99031 100644
  }
  SLAB_ATTR_RO(aliases);
  
  }
  SLAB_ATTR_RO(aliases);
  

-@@ -4554,6 +4627,14 @@ static ssize_t cache_dma_show(struct kmem_cache *s, char *buf)
+@@ -4554,6 +4627,22 @@ static ssize_t cache_dma_show(struct kmem_cache *s, char *buf)

  SLAB_ATTR_RO(cache_dma);
  #endif
  
  SLAB_ATTR_RO(cache_dma);
  #endif
  


@@ -100111,21 +99744,32 @@ index 3e8afcc..68c99031 100644
 +}
 +SLAB_ATTR_RO(usercopy);
 +#endif
 +}
 +SLAB_ATTR_RO(usercopy);
 +#endif

++
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++static ssize_t sanitize_show(struct kmem_cache *s, char *buf)
++{
++      return sprintf(buf, "%d\n", !(s->flags & SLAB_NO_SANITIZE));
++}
++SLAB_ATTR_RO(sanitize);
++#endif

 +
  static ssize_t destroy_by_rcu_show(struct kmem_cache *s, char *buf)
  {
        return sprintf(buf, "%d\n", !!(s->flags & SLAB_DESTROY_BY_RCU));
 +
  static ssize_t destroy_by_rcu_show(struct kmem_cache *s, char *buf)
  {
        return sprintf(buf, "%d\n", !!(s->flags & SLAB_DESTROY_BY_RCU));

-@@ -4888,6 +4969,9 @@ static struct attribute *slab_attrs[] = {
+@@ -4888,6 +4977,12 @@ static struct attribute *slab_attrs[] = {

  #ifdef CONFIG_ZONE_DMA
        &cache_dma_attr.attr,
  #endif
 +#ifdef CONFIG_PAX_USERCOPY_SLABS
 +      &usercopy_attr.attr,
  #ifdef CONFIG_ZONE_DMA
        &cache_dma_attr.attr,
  #endif
 +#ifdef CONFIG_PAX_USERCOPY_SLABS
 +      &usercopy_attr.attr,

++#endif
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++      &sanitize_attr.attr,

 +#endif
  #ifdef CONFIG_NUMA
        &remote_node_defrag_ratio_attr.attr,
  #endif
 +#endif
  #ifdef CONFIG_NUMA
        &remote_node_defrag_ratio_attr.attr,
  #endif

-@@ -5132,6 +5216,7 @@ static char *create_unique_id(struct kmem_cache *s)
+@@ -5132,6 +5227,7 @@ static char *create_unique_id(struct kmem_cache *s)

        return name;
  }
  
        return name;
  }
  


@@ -100133,7 +99777,7 @@ index 3e8afcc..68c99031 100644
  static int sysfs_slab_add(struct kmem_cache *s)
  {
        int err;
  static int sysfs_slab_add(struct kmem_cache *s)
  {
        int err;

-@@ -5205,6 +5290,7 @@ void sysfs_slab_remove(struct kmem_cache *s)
+@@ -5205,6 +5301,7 @@ void sysfs_slab_remove(struct kmem_cache *s)

        kobject_del(&s->kobj);
        kobject_put(&s->kobj);
  }
        kobject_del(&s->kobj);
        kobject_put(&s->kobj);
  }


@@ -100141,7 +99785,7 @@ index 3e8afcc..68c99031 100644
  
  /*
   * Need to buffer aliases during bootup until sysfs becomes
  
  /*
   * Need to buffer aliases during bootup until sysfs becomes

-@@ -5218,6 +5304,7 @@ struct saved_alias {
+@@ -5218,6 +5315,7 @@ struct saved_alias {

  
  static struct saved_alias *alias_list;
  
  
  static struct saved_alias *alias_list;
  


@@ -100149,7 +99793,7 @@ index 3e8afcc..68c99031 100644
  static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
  {
        struct saved_alias *al;
  static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
  {
        struct saved_alias *al;

-@@ -5240,6 +5327,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
+@@ -5240,6 +5338,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)

        alias_list = al;
        return 0;
  }
        alias_list = al;
        return 0;
  }


@@ -101081,10 +100725,10 @@ index 115f149..f0ba286 100644
                        err = -EFAULT;
                        break;
 diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
                        err = -EFAULT;
                        break;
 diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c

-index 46547b9..f5defc1 100644
+index 14ca8ae..262d49a 100644

 --- a/net/bluetooth/l2cap_core.c
 +++ b/net/bluetooth/l2cap_core.c
 --- a/net/bluetooth/l2cap_core.c
 +++ b/net/bluetooth/l2cap_core.c

-@@ -3569,8 +3569,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
+@@ -3565,8 +3565,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,

                        break;
  
                case L2CAP_CONF_RFC:
                        break;
  
                case L2CAP_CONF_RFC:


@@ -101337,7 +100981,7 @@ index 1a19b98..df2b4ec 100644
        if (!can_dir) {
                printk(KERN_INFO "can: failed to create /proc/net/can . "
 diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
        if (!can_dir) {
                printk(KERN_INFO "can: failed to create /proc/net/can . "
 diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c

-index b2f571d..b584643 100644
+index 9f02369..e6160e9 100644

 --- a/net/ceph/messenger.c
 +++ b/net/ceph/messenger.c
 @@ -188,7 +188,7 @@ static void con_fault(struct ceph_connection *con);
 --- a/net/ceph/messenger.c
 +++ b/net/ceph/messenger.c
 @@ -188,7 +188,7 @@ static void con_fault(struct ceph_connection *con);


@@ -101598,7 +101242,7 @@ index cf8a95f..2837211 100644
  }
  EXPORT_SYMBOL(dev_get_stats);
 diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
  }
  EXPORT_SYMBOL(dev_get_stats);
 diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c

-index cf999e0..c59a975 100644
+index cf999e0..c59a9754 100644

 --- a/net/core/dev_ioctl.c
 +++ b/net/core/dev_ioctl.c
 @@ -366,9 +366,13 @@ void dev_load(struct net *net, const char *name)
 --- a/net/core/dev_ioctl.c
 +++ b/net/core/dev_ioctl.c
 @@ -366,9 +366,13 @@ void dev_load(struct net *net, const char *name)


@@ -102513,7 +102157,7 @@ index 255aa99..45c78f8 100644
                break;
        case NETDEV_DOWN:
 diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
                break;
        case NETDEV_DOWN:
 diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c

-index b10cd43a..22327f9 100644
+index 4a74ea8..32335a7 100644

 --- a/net/ipv4/fib_semantics.c
 +++ b/net/ipv4/fib_semantics.c
 @@ -768,7 +768,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh)
 --- a/net/ipv4/fib_semantics.c
 +++ b/net/ipv4/fib_semantics.c
 @@ -768,7 +768,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh)


@@ -102526,7 +102170,7 @@ index b10cd43a..22327f9 100644
        return nh->nh_saddr;
  }
 diff --git a/net/ipv4/gre_offload.c b/net/ipv4/gre_offload.c
        return nh->nh_saddr;
  }
 diff --git a/net/ipv4/gre_offload.c b/net/ipv4/gre_offload.c

-index 6556263..db77807 100644
+index dd73bea..a2eec02 100644

 --- a/net/ipv4/gre_offload.c
 +++ b/net/ipv4/gre_offload.c
 @@ -59,13 +59,13 @@ static struct sk_buff *gre_gso_segment(struct sk_buff *skb,
 --- a/net/ipv4/gre_offload.c
 +++ b/net/ipv4/gre_offload.c
 @@ -59,13 +59,13 @@ static struct sk_buff *gre_gso_segment(struct sk_buff *skb,


@@ -102697,7 +102341,7 @@ index 3d4da2c..40f9c29 100644
                                                  ICMP_PROT_UNREACH, 0);
                                }
 diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
                                                  ICMP_PROT_UNREACH, 0);
                                }
 diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c

-index 215af2b..73cbbe1 100644
+index c43a1e2..73cbbe1 100644

 --- a/net/ipv4/ip_output.c
 +++ b/net/ipv4/ip_output.c
 @@ -231,7 +231,7 @@ static int ip_finish_output_gso(struct sk_buff *skb)
 --- a/net/ipv4/ip_output.c
 +++ b/net/ipv4/ip_output.c
 @@ -231,7 +231,7 @@ static int ip_finish_output_gso(struct sk_buff *skb)


@@ -102709,41 +102353,8 @@ index 215af2b..73cbbe1 100644
                kfree_skb(skb);
                return -ENOMEM;
        }
                kfree_skb(skb);
                return -ENOMEM;
        }

-@@ -1533,6 +1533,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
-       struct sk_buff *nskb;
-       struct sock *sk;
-       struct inet_sock *inet;
-+      int err;
- 
-       if (ip_options_echo(&replyopts.opt.opt, skb))
-               return;
-@@ -1572,8 +1573,13 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
-       sock_net_set(sk, net);
-       __skb_queue_head_init(&sk->sk_write_queue);
-       sk->sk_sndbuf = sysctl_wmem_default;
--      ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base, len, 0,
--                     &ipc, &rt, MSG_DONTWAIT);
-+      err = ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base,
-+                           len, 0, &ipc, &rt, MSG_DONTWAIT);
-+      if (unlikely(err)) {
-+              ip_flush_pending_frames(sk);
-+              goto out;
-+      }
-+
-       nskb = skb_peek(&sk->sk_write_queue);
-       if (nskb) {
-               if (arg->csumoffset >= 0)
-@@ -1585,7 +1591,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
-               skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb));
-               ip_push_pending_frames(sk, &fl4);
-       }
--
-+out:
-       put_cpu_var(unicast_sock);
- 
-       ip_rt_put(rt);

 diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
 diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c

-index 5cb830c..81a7a56 100644
+index 2407e5d..edc2f1a 100644

 --- a/net/ipv4/ip_sockglue.c
 +++ b/net/ipv4/ip_sockglue.c
 @@ -1188,7 +1188,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
 --- a/net/ipv4/ip_sockglue.c
 +++ b/net/ipv4/ip_sockglue.c
 @@ -1188,7 +1188,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,


@@ -102765,24 +102376,6 @@ index 5cb830c..81a7a56 100644
                msg.msg_controllen = len;
                msg.msg_flags = flags;
  
                msg.msg_controllen = len;
                msg.msg_flags = flags;
  

-diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c
-index f4c987b..88c386c 100644
---- a/net/ipv4/ip_tunnel_core.c
-+++ b/net/ipv4/ip_tunnel_core.c
-@@ -91,11 +91,12 @@ int iptunnel_pull_header(struct sk_buff *skb, int hdr_len, __be16 inner_proto)
-       skb_pull_rcsum(skb, hdr_len);
- 
-       if (inner_proto == htons(ETH_P_TEB)) {
--              struct ethhdr *eh = (struct ethhdr *)skb->data;
-+              struct ethhdr *eh;
- 
-               if (unlikely(!pskb_may_pull(skb, ETH_HLEN)))
-                       return -ENOMEM;
- 
-+              eh = (struct ethhdr *)skb->data;
-               if (likely(ntohs(eh->h_proto) >= ETH_P_802_3_MIN))
-                       skb->protocol = eh->h_proto;
-               else

 diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
 index e453cb7..3c8d952 100644
 --- a/net/ipv4/ip_vti.c
 diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
 index e453cb7..3c8d952 100644
 --- a/net/ipv4/ip_vti.c


@@ -103096,7 +102689,7 @@ index 739db31..74f0210 100644
  
  static int raw_seq_show(struct seq_file *seq, void *v)
 diff --git a/net/ipv4/route.c b/net/ipv4/route.c
  
  static int raw_seq_show(struct seq_file *seq, void *v)
 diff --git a/net/ipv4/route.c b/net/ipv4/route.c

-index cbadb94..691f99e 100644
+index 29836f8..bd1e2ba 100644

 --- a/net/ipv4/route.c
 +++ b/net/ipv4/route.c
 @@ -228,7 +228,7 @@ static const struct seq_operations rt_cache_seq_ops = {
 --- a/net/ipv4/route.c
 +++ b/net/ipv4/route.c
 @@ -228,7 +228,7 @@ static const struct seq_operations rt_cache_seq_ops = {


@@ -103149,7 +102742,7 @@ index cbadb94..691f99e 100644
  }
  EXPORT_SYMBOL(ip_idents_reserve);
  
  }
  EXPORT_SYMBOL(ip_idents_reserve);
  

-@@ -2623,34 +2623,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
+@@ -2624,34 +2624,34 @@ static struct ctl_table ipv4_route_flush_table[] = {

                .maxlen         = sizeof(int),
                .mode           = 0200,
                .proc_handler   = ipv4_sysctl_rtcache_flush,
                .maxlen         = sizeof(int),
                .mode           = 0200,
                .proc_handler   = ipv4_sysctl_rtcache_flush,


@@ -103192,7 +102785,7 @@ index cbadb94..691f99e 100644
  err_dup:
        return -ENOMEM;
  }
  err_dup:
        return -ENOMEM;
  }

-@@ -2673,8 +2673,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
+@@ -2674,8 +2674,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {

  
  static __net_init int rt_genid_init(struct net *net)
  {
  
  static __net_init int rt_genid_init(struct net *net)
  {


@@ -103203,7 +102796,7 @@ index cbadb94..691f99e 100644
        get_random_bytes(&net->ipv4.dev_addr_genid,
                         sizeof(net->ipv4.dev_addr_genid));
        return 0;
        get_random_bytes(&net->ipv4.dev_addr_genid,
                         sizeof(net->ipv4.dev_addr_genid));
        return 0;

-@@ -2717,11 +2717,7 @@ int __init ip_rt_init(void)
+@@ -2718,11 +2718,7 @@ int __init ip_rt_init(void)

  {
        int rc = 0;
  
  {
        int rc = 0;
  


@@ -103350,7 +102943,7 @@ index a906e02..f3b6a0f 100644
                        if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)
                                return 1;
 diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
                        if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)
                                return 1;
 diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c

-index cd17f00..1e1f252 100644
+index 3f49eae..bde687a 100644

 --- a/net/ipv4/tcp_ipv4.c
 +++ b/net/ipv4/tcp_ipv4.c
 @@ -91,6 +91,10 @@ int sysctl_tcp_low_latency __read_mostly;
 --- a/net/ipv4/tcp_ipv4.c
 +++ b/net/ipv4/tcp_ipv4.c
 @@ -91,6 +91,10 @@ int sysctl_tcp_low_latency __read_mostly;


@@ -103769,7 +103362,7 @@ index 06ba3e5..5c08d38 100644
        table = kmemdup(ipv6_icmp_table_template,
                        sizeof(ipv6_icmp_table_template),
 diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
        table = kmemdup(ipv6_icmp_table_template,
                        sizeof(ipv6_icmp_table_template),
 diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c

-index 97299d7..c8e6894 100644
+index cacb493..3cae894 100644

 --- a/net/ipv6/ip6_gre.c
 +++ b/net/ipv6/ip6_gre.c
 @@ -71,8 +71,8 @@ struct ip6gre_net {
 --- a/net/ipv6/ip6_gre.c
 +++ b/net/ipv6/ip6_gre.c
 @@ -71,8 +71,8 @@ struct ip6gre_net {


@@ -103783,7 +103376,7 @@ index 97299d7..c8e6894 100644
  static int ip6gre_tunnel_init(struct net_device *dev);
  static void ip6gre_tunnel_setup(struct net_device *dev);
  static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t);
  static int ip6gre_tunnel_init(struct net_device *dev);
  static void ip6gre_tunnel_setup(struct net_device *dev);
  static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t);

-@@ -1286,7 +1286,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev)
+@@ -1285,7 +1285,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev)

  }
  
  
  }
  
  


@@ -103792,7 +103385,7 @@ index 97299d7..c8e6894 100644
        .handler     = ip6gre_rcv,
        .err_handler = ip6gre_err,
        .flags       = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
        .handler     = ip6gre_rcv,
        .err_handler = ip6gre_err,
        .flags       = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,

-@@ -1645,7 +1645,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = {
+@@ -1646,7 +1646,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = {

        [IFLA_GRE_FLAGS]       = { .type = NLA_U32 },
  };
  
        [IFLA_GRE_FLAGS]       = { .type = NLA_U32 },
  };
  


@@ -103801,7 +103394,7 @@ index 97299d7..c8e6894 100644
        .kind           = "ip6gre",
        .maxtype        = IFLA_GRE_MAX,
        .policy         = ip6gre_policy,
        .kind           = "ip6gre",
        .maxtype        = IFLA_GRE_MAX,
        .policy         = ip6gre_policy,

-@@ -1659,7 +1659,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = {
+@@ -1660,7 +1660,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = {

        .fill_info      = ip6gre_fill_info,
  };
  
        .fill_info      = ip6gre_fill_info,
  };
  


@@ -103823,7 +103416,7 @@ index 65eda2a..620a102 100644
                __skb_pull(skb, len);
        }
 diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
                __skb_pull(skb, len);
        }
 diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c

-index 69a84b4..881c319 100644
+index d2eeb3b..c186e9a 100644

 --- a/net/ipv6/ip6_tunnel.c
 +++ b/net/ipv6/ip6_tunnel.c
 @@ -86,7 +86,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
 --- a/net/ipv6/ip6_tunnel.c
 +++ b/net/ipv6/ip6_tunnel.c
 @@ -86,7 +86,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)


@@ -103835,7 +103428,7 @@ index 69a84b4..881c319 100644
  
  static int ip6_tnl_net_id __read_mostly;
  struct ip6_tnl_net {
  
  static int ip6_tnl_net_id __read_mostly;
  struct ip6_tnl_net {

-@@ -1714,7 +1714,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = {
+@@ -1706,7 +1706,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = {

        [IFLA_IPTUN_PROTO]              = { .type = NLA_U8 },
  };
  
        [IFLA_IPTUN_PROTO]              = { .type = NLA_U8 },
  };
  


@@ -103845,7 +103438,7 @@ index 69a84b4..881c319 100644
        .maxtype        = IFLA_IPTUN_MAX,
        .policy         = ip6_tnl_policy,
 diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
        .maxtype        = IFLA_IPTUN_MAX,
        .policy         = ip6_tnl_policy,
 diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c

-index 5833a22..6631377 100644
+index 99c9487..63f4d92 100644

 --- a/net/ipv6/ip6_vti.c
 +++ b/net/ipv6/ip6_vti.c
 @@ -62,7 +62,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
 --- a/net/ipv6/ip6_vti.c
 +++ b/net/ipv6/ip6_vti.c
 @@ -62,7 +62,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)


@@ -103857,7 +103450,7 @@ index 5833a22..6631377 100644
  
  static int vti6_net_id __read_mostly;
  struct vti6_net {
  
  static int vti6_net_id __read_mostly;
  struct vti6_net {

-@@ -981,7 +981,7 @@ static const struct nla_policy vti6_policy[IFLA_VTI_MAX + 1] = {
+@@ -972,7 +972,7 @@ static const struct nla_policy vti6_policy[IFLA_VTI_MAX + 1] = {

        [IFLA_VTI_OKEY]         = { .type = NLA_U32 },
  };
  
        [IFLA_VTI_OKEY]         = { .type = NLA_U32 },
  };
  


@@ -104174,7 +103767,7 @@ index bafde82..af2c91f 100644
        table = kmemdup(ipv6_route_table_template,
                        sizeof(ipv6_route_table_template),
 diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
        table = kmemdup(ipv6_route_table_template,
                        sizeof(ipv6_route_table_template),
 diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c

-index 6163f85..0070823 100644
+index ca1c7c4..37fba59 100644

 --- a/net/ipv6/sit.c
 +++ b/net/ipv6/sit.c
 @@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev);
 --- a/net/ipv6/sit.c
 +++ b/net/ipv6/sit.c
 @@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev);


@@ -104186,7 +103779,7 @@ index 6163f85..0070823 100644
  
  static int sit_net_id __read_mostly;
  struct sit_net {
  
  static int sit_net_id __read_mostly;
  struct sit_net {

-@@ -485,11 +485,11 @@ static void ipip6_tunnel_uninit(struct net_device *dev)
+@@ -484,11 +484,11 @@ static void ipip6_tunnel_uninit(struct net_device *dev)

   */
  static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb)
  {
   */
  static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb)
  {


@@ -104200,7 +103793,7 @@ index 6163f85..0070823 100644
                return 1;
  
        skb2 = skb_clone(skb, GFP_ATOMIC);
                return 1;
  
        skb2 = skb_clone(skb, GFP_ATOMIC);

-@@ -498,7 +498,7 @@ static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb)
+@@ -497,7 +497,7 @@ static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb)

                return 1;
  
        skb_dst_drop(skb2);
                return 1;
  
        skb_dst_drop(skb2);


@@ -104209,7 +103802,7 @@ index 6163f85..0070823 100644
        skb_reset_network_header(skb2);
  
        rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0, 0);
        skb_reset_network_header(skb2);
  
        rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0, 0);

-@@ -1662,7 +1662,7 @@ static void ipip6_dellink(struct net_device *dev, struct list_head *head)
+@@ -1659,7 +1659,7 @@ static void ipip6_dellink(struct net_device *dev, struct list_head *head)

                unregister_netdevice_queue(dev, head);
  }
  
                unregister_netdevice_queue(dev, head);
  }
  


@@ -104232,7 +103825,7 @@ index 0c56c93..ece50df 100644
        struct ctl_table *ipv6_icmp_table;
        int err;
 diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
        struct ctl_table *ipv6_icmp_table;
        int err;
 diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c

-index 29964c3..b8caecf 100644
+index 264c0f2..b6512c6 100644

 --- a/net/ipv6/tcp_ipv6.c
 +++ b/net/ipv6/tcp_ipv6.c
 @@ -102,6 +102,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
 --- a/net/ipv6/tcp_ipv6.c
 +++ b/net/ipv6/tcp_ipv6.c
 @@ -102,6 +102,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)


@@ -104700,7 +104293,7 @@ index 927b4ea..88a30e2 100644
                if (local->use_chanctx)
                        *chandef = local->monitor_chandef;
 diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
                if (local->use_chanctx)
                        *chandef = local->monitor_chandef;
 diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h

-index ef7a089..fe1caf7 100644
+index 5d102b5..6199fca 100644

 --- a/net/mac80211/ieee80211_i.h
 +++ b/net/mac80211/ieee80211_i.h
 @@ -28,6 +28,7 @@
 --- a/net/mac80211/ieee80211_i.h
 +++ b/net/mac80211/ieee80211_i.h
 @@ -28,6 +28,7 @@


@@ -104721,7 +104314,7 @@ index ef7a089..fe1caf7 100644
        /* number of interfaces with corresponding FIF_ flags */
        int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
 diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
        /* number of interfaces with corresponding FIF_ flags */
        int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
 diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c

-index f75e5f1..3d9ad4f 100644
+index 3538e5e..0aa7879 100644

 --- a/net/mac80211/iface.c
 +++ b/net/mac80211/iface.c
 @@ -531,7 +531,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
 --- a/net/mac80211/iface.c
 +++ b/net/mac80211/iface.c
 @@ -531,7 +531,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)


@@ -104760,7 +104353,7 @@ index f75e5f1..3d9ad4f 100644
                drv_stop(local);
   err_del_bss:
        sdata->bss = NULL;
                drv_stop(local);
   err_del_bss:
        sdata->bss = NULL;

-@@ -889,7 +889,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+@@ -891,7 +891,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,

        }
  
        if (going_down)
        }
  
        if (going_down)


@@ -104769,7 +104362,7 @@ index f75e5f1..3d9ad4f 100644
  
        switch (sdata->vif.type) {
        case NL80211_IFTYPE_AP_VLAN:
  
        switch (sdata->vif.type) {
        case NL80211_IFTYPE_AP_VLAN:

-@@ -950,7 +950,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+@@ -952,7 +952,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,

        }
        spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
  
        }
        spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
  


@@ -104778,16 +104371,16 @@ index f75e5f1..3d9ad4f 100644
                ieee80211_clear_tx_pending(local);
  
        /*
                ieee80211_clear_tx_pending(local);
  
        /*

-@@ -990,7 +990,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
- 
-       ieee80211_recalc_ps(local, -1);
+@@ -995,7 +995,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+       if (cancel_scan)
+               flush_delayed_work(&local->scan_work);

  
 -      if (local->open_count == 0) {
 +      if (local_read(&local->open_count) == 0) {
                ieee80211_stop_device(local);
  
                /* no reconfiguring after stop! */
  
 -      if (local->open_count == 0) {
 +      if (local_read(&local->open_count) == 0) {
                ieee80211_stop_device(local);
  
                /* no reconfiguring after stop! */

-@@ -1001,7 +1001,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+@@ -1006,7 +1006,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,

        ieee80211_configure_filter(local);
        ieee80211_hw_config(local, hw_reconf_flags);
  
        ieee80211_configure_filter(local);
        ieee80211_hw_config(local, hw_reconf_flags);
  


@@ -104841,7 +104434,7 @@ index 4c5192e..04cc0d8 100644
  
   suspend:
 diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
  
   suspend:
 diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c

-index 8fdadfd..a4f72b8 100644
+index 6081329..ab23834 100644

 --- a/net/mac80211/rate.c
 +++ b/net/mac80211/rate.c
 @@ -720,7 +720,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
 --- a/net/mac80211/rate.c
 +++ b/net/mac80211/rate.c
 @@ -720,7 +720,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,


@@ -104909,7 +104502,7 @@ index fad5fdb..ba3672a 100644
  obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o
  obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o
 diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
  obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o
  obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o
 diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c

-index ec8114f..6b2bfba 100644
+index 6582dce..a911da7 100644

 --- a/net/netfilter/ipset/ip_set_core.c
 +++ b/net/netfilter/ipset/ip_set_core.c
 @@ -1921,7 +1921,7 @@ done:
 --- a/net/netfilter/ipset/ip_set_core.c
 +++ b/net/netfilter/ipset/ip_set_core.c
 @@ -1921,7 +1921,7 @@ done:


@@ -105281,10 +104874,10 @@ index c68c1e5..8b5d670 100644
  }
  EXPORT_SYMBOL(nf_unregister_sockopt);
 diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
  }
  EXPORT_SYMBOL(nf_unregister_sockopt);
 diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c

-index a11c5ff..aa413a7 100644
+index 3250735..1fac969 100644

 --- a/net/netfilter/nfnetlink_log.c
 +++ b/net/netfilter/nfnetlink_log.c
 --- a/net/netfilter/nfnetlink_log.c
 +++ b/net/netfilter/nfnetlink_log.c

-@@ -79,7 +79,7 @@ static int nfnl_log_net_id __read_mostly;
+@@ -80,7 +80,7 @@ static int nfnl_log_net_id __read_mostly;

  struct nfnl_log_net {
        spinlock_t instances_lock;
        struct hlist_head instance_table[INSTANCE_BUCKETS];
  struct nfnl_log_net {
        spinlock_t instances_lock;
        struct hlist_head instance_table[INSTANCE_BUCKETS];


@@ -105293,7 +104886,7 @@ index a11c5ff..aa413a7 100644
  };
  
  static struct nfnl_log_net *nfnl_log_pernet(struct net *net)
  };
  
  static struct nfnl_log_net *nfnl_log_pernet(struct net *net)

-@@ -561,7 +561,7 @@ __build_packet_message(struct nfnl_log_net *log,
+@@ -563,7 +563,7 @@ __build_packet_message(struct nfnl_log_net *log,

        /* global sequence number */
        if ((inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) &&
            nla_put_be32(inst->skb, NFULA_SEQ_GLOBAL,
        /* global sequence number */
        if ((inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) &&
            nla_put_be32(inst->skb, NFULA_SEQ_GLOBAL,


@@ -105316,7 +104909,7 @@ index 108120f..5b169db 100644
        queued = 0;
        err = 0;
 diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
        queued = 0;
        err = 0;
 diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c

-index 1840989..6895744 100644
+index 5b5ab9e..fc1015c 100644

 --- a/net/netfilter/nft_compat.c
 +++ b/net/netfilter/nft_compat.c
 @@ -225,7 +225,7 @@ target_dump_info(struct sk_buff *skb, const struct xt_target *t, const void *in)
 --- a/net/netfilter/nft_compat.c
 +++ b/net/netfilter/nft_compat.c
 @@ -225,7 +225,7 @@ target_dump_info(struct sk_buff *skb, const struct xt_target *t, const void *in)


@@ -105460,10 +105053,10 @@ index 11de55e..f25e448 100644
        return 0;
  }
 diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
        return 0;
  }
 diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c

-index c416725..bd22eea 100644
+index 0007b81..cb08369 100644

 --- a/net/netlink/af_netlink.c
 +++ b/net/netlink/af_netlink.c
 --- a/net/netlink/af_netlink.c
 +++ b/net/netlink/af_netlink.c

-@@ -265,7 +265,7 @@ static void netlink_overrun(struct sock *sk)
+@@ -273,7 +273,7 @@ static void netlink_overrun(struct sock *sk)

                        sk->sk_error_report(sk);
                }
        }
                        sk->sk_error_report(sk);
                }
        }


@@ -105472,16 +105065,7 @@ index c416725..bd22eea 100644
  }
  
  static void netlink_rcv_wake(struct sock *sk)
  }
  
  static void netlink_rcv_wake(struct sock *sk)

-@@ -715,7 +715,7 @@ static int netlink_mmap_sendmsg(struct sock *sk, struct msghdr *msg,
-        * after validation, the socket and the ring may only be used by a
-        * single process, otherwise we fall back to copying.
-        */
--      if (atomic_long_read(&sk->sk_socket->file->f_count) > 2 ||
-+      if (atomic_long_read(&sk->sk_socket->file->f_count) > 1 ||
-           atomic_read(&nlk->mapped) > 1)
-               excl = false;
- 
-@@ -2996,7 +2996,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
+@@ -3010,7 +3010,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)

                           sk_wmem_alloc_get(s),
                           nlk->cb_running,
                           atomic_read(&s->sk_refcnt),
                           sk_wmem_alloc_get(s),
                           nlk->cb_running,
                           atomic_read(&s->sk_refcnt),


@@ -106657,10 +106241,10 @@ index 0663621..c4928d4 100644
                goto out_nomem;
        cd->u.procfs.channel_ent = NULL;
 diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
                goto out_nomem;
        cd->u.procfs.channel_ent = NULL;
 diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c

-index 488ddee..1b31487 100644
+index e0b94ce..6135813 100644

 --- a/net/sunrpc/clnt.c
 +++ b/net/sunrpc/clnt.c
 --- a/net/sunrpc/clnt.c
 +++ b/net/sunrpc/clnt.c

-@@ -1425,7 +1425,9 @@ call_start(struct rpc_task *task)
+@@ -1428,7 +1428,9 @@ call_start(struct rpc_task *task)

                        (RPC_IS_ASYNC(task) ? "async" : "sync"));
  
        /* Increment call count */
                        (RPC_IS_ASYNC(task) ? "async" : "sync"));
  
        /* Increment call count */


@@ -107888,10 +107472,10 @@ index 0865b3e..7235dd4 100644
        __ksymtab_gpl           : { *(SORT(___ksymtab_gpl+*)) }
        __ksymtab_unused        : { *(SORT(___ksymtab_unused+*)) }
 diff --git a/scripts/package/builddeb b/scripts/package/builddeb
        __ksymtab_gpl           : { *(SORT(___ksymtab_gpl+*)) }
        __ksymtab_unused        : { *(SORT(___ksymtab_unused+*)) }
 diff --git a/scripts/package/builddeb b/scripts/package/builddeb

-index 35d5a58..9e04789 100644
+index 7c0e6e4..bf2c90e 100644

 --- a/scripts/package/builddeb
 +++ b/scripts/package/builddeb
 --- a/scripts/package/builddeb
 +++ b/scripts/package/builddeb

-@@ -295,6 +295,7 @@ fi
+@@ -293,6 +293,7 @@ fi

  (cd $srctree; find arch/$SRCARCH -name module.lds -o -name Kbuild.platforms -o -name Platform) >> "$objtree/debian/hdrsrcfiles"
  (cd $srctree; find $(find arch/$SRCARCH -name include -o -name scripts -type d) -type f) >> "$objtree/debian/hdrsrcfiles"
  (cd $objtree; find arch/$SRCARCH/include Module.symvers include scripts -type f) >> "$objtree/debian/hdrobjfiles"
  (cd $srctree; find arch/$SRCARCH -name module.lds -o -name Kbuild.platforms -o -name Platform) >> "$objtree/debian/hdrsrcfiles"
  (cd $srctree; find $(find arch/$SRCARCH -name include -o -name scripts -type d) -type f) >> "$objtree/debian/hdrsrcfiles"
  (cd $objtree; find arch/$SRCARCH/include Module.symvers include scripts -type f) >> "$objtree/debian/hdrobjfiles"


@@ -107899,6 +107483,45 @@ index 35d5a58..9e04789 100644
  destdir=$kernel_headers_dir/usr/src/linux-headers-$version
  mkdir -p "$destdir"
  (cd $srctree; tar -c -f - -T -) < "$objtree/debian/hdrsrcfiles" | (cd $destdir; tar -xf -)
  destdir=$kernel_headers_dir/usr/src/linux-headers-$version
  mkdir -p "$destdir"
  (cd $srctree; tar -c -f - -T -) < "$objtree/debian/hdrsrcfiles" | (cd $destdir; tar -xf -)

+diff --git a/scripts/package/mkspec b/scripts/package/mkspec
+index 1395760..e4f4ac4 100755
+--- a/scripts/package/mkspec
++++ b/scripts/package/mkspec
+@@ -82,6 +82,16 @@ echo ""
+ fi
+ 
+ echo "%install"
++echo 'chmod -f 0500 /boot'
++echo 'if [ -d /lib/modules ]; then'
++echo 'chmod -f 0500 /lib/modules'
++echo 'fi'
++echo 'if [ -d /lib32/modules ]; then'
++echo 'chmod -f 0500 /lib32/modules'
++echo 'fi'
++echo 'if [ -d /lib64/modules ]; then'
++echo 'chmod -f 0500 /lib64/modules'
++echo 'fi'
+ echo 'KBUILD_IMAGE=$(make image_name)'
+ echo "%ifarch ia64"
+ echo 'mkdir -p $RPM_BUILD_ROOT/boot/efi $RPM_BUILD_ROOT/lib/modules'
+@@ -139,7 +149,7 @@ echo "rm -f /boot/vmlinuz-$KERNELRELEASE-rpm /boot/System.map-$KERNELRELEASE-rpm
+ echo "fi"
+ echo ""
+ echo "%files"
+-echo '%defattr (-, root, root)'
++echo '%defattr (400, root, root, 500)'
+ echo "%dir /lib/modules"
+ echo "/lib/modules/$KERNELRELEASE"
+ echo "%exclude /lib/modules/$KERNELRELEASE/build"
+@@ -152,7 +162,7 @@ echo '%defattr (-, root, root)'
+ echo "/usr/include"
+ echo ""
+ echo "%files devel"
+-echo '%defattr (-, root, root)'
++echo '%defattr (400, root, root, 500)'
+ echo "/usr/src/kernels/$KERNELRELEASE"
+ echo "/lib/modules/$KERNELRELEASE/build"
+ echo "/lib/modules/$KERNELRELEASE/source"

 diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c
 index 4718d78..9220d58 100644
 --- a/scripts/pnmtologo.c
 diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c
 index 4718d78..9220d58 100644
 --- a/scripts/pnmtologo.c


@@ -107960,10 +107583,10 @@ index 293828b..9fbe696 100755
  # Find all available archs
  find_all_archs()
 diff --git a/security/Kconfig b/security/Kconfig
  # Find all available archs
  find_all_archs()
 diff --git a/security/Kconfig b/security/Kconfig

-index beb86b5..9becb4a 100644
+index beb86b5..00daaca 100644

 --- a/security/Kconfig
 +++ b/security/Kconfig
 --- a/security/Kconfig
 +++ b/security/Kconfig

-@@ -4,6 +4,965 @@
+@@ -4,6 +4,969 @@

  
  menu "Security options"
  
  
  menu "Security options"
  


@@ -108594,7 +108217,7 @@ index beb86b5..9becb4a 100644
 +
 +config PAX_KERNEXEC_MODULE_TEXT
 +      int "Minimum amount of memory reserved for module code"
 +
 +config PAX_KERNEXEC_MODULE_TEXT
 +      int "Minimum amount of memory reserved for module code"

-+      default "4" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER)
++      default "8" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER)

 +      default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP)
 +      depends on PAX_KERNEXEC && X86_32
 +      help
 +      default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP)
 +      depends on PAX_KERNEXEC && X86_32
 +      help


@@ -108726,10 +108349,14 @@ index beb86b5..9becb4a 100644
 +        and you are advised to test this feature on your expected workload
 +        before deploying it.
 +
 +        and you are advised to test this feature on your expected workload
 +        before deploying it.
 +

++        The slab sanitization feature excludes a few slab caches per default
++        for performance reasons.  To extend the feature to cover those as
++        well, pass "pax_sanitize_slab=full" as kernel command line parameter.
++

 +        To reduce the performance penalty by sanitizing pages only, albeit
 +        limiting the effectiveness of this feature at the same time, slab
 +        To reduce the performance penalty by sanitizing pages only, albeit
 +        limiting the effectiveness of this feature at the same time, slab

-+        sanitization can be disabled with the kernel commandline parameter
-+        "pax_sanitize_slab=0".
++        sanitization can be disabled with the kernel command line parameter
++        "pax_sanitize_slab=off".

 +
 +        Note that this feature does not protect data stored in live pages,
 +        e.g., process memory swapped to disk may stay there for a long time.
 +
 +        Note that this feature does not protect data stored in live pages,
 +        e.g., process memory swapped to disk may stay there for a long time.


@@ -108805,7 +108432,7 @@ index beb86b5..9becb4a 100644
 +config PAX_REFCOUNT
 +      bool "Prevent various kernel object reference counter overflows"
 +      default y if GRKERNSEC_CONFIG_AUTO
 +config PAX_REFCOUNT
 +      bool "Prevent various kernel object reference counter overflows"
 +      default y if GRKERNSEC_CONFIG_AUTO

-+      depends on GRKERNSEC && ((ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || MIPS || SPARC64 || X86)
++      depends on GRKERNSEC && ((ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || MIPS || PPC || SPARC64 || X86)

 +      help
 +        By saying Y here the kernel will detect and prevent overflowing
 +        various (but not all) kinds of object reference counters.  Such
 +      help
 +        By saying Y here the kernel will detect and prevent overflowing
 +        various (but not all) kinds of object reference counters.  Such


@@ -108929,7 +108556,7 @@ index beb86b5..9becb4a 100644
  source security/keys/Kconfig
  
  config SECURITY_DMESG_RESTRICT
  source security/keys/Kconfig
  
  config SECURITY_DMESG_RESTRICT

-@@ -103,7 +1062,7 @@ config INTEL_TXT
+@@ -103,7 +1066,7 @@ config INTEL_TXT

  config LSM_MMAP_MIN_ADDR
        int "Low address space for LSM to protect from user allocation"
        depends on SECURITY && SECURITY_SELINUX
  config LSM_MMAP_MIN_ADDR
        int "Low address space for LSM to protect from user allocation"
        depends on SECURITY && SECURITY_SELINUX


@@ -109043,7 +108670,7 @@ index bab0611..f9a0ff5 100644
                if (bprm->cap_effective)
                        return 1;
 diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
                if (bprm->cap_effective)
                        return 1;
 diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h

-index 57da4bd..db453a2 100644
+index 0fb456c..83711f9 100644

 --- a/security/integrity/ima/ima.h
 +++ b/security/integrity/ima/ima.h
 @@ -118,8 +118,8 @@ int ima_init_template(void);
 --- a/security/integrity/ima/ima.h
 +++ b/security/integrity/ima/ima.h
 @@ -118,8 +118,8 @@ int ima_init_template(void);


@@ -109186,10 +108813,10 @@ index 6d0cad1..8f957df 100644
        /* record the root user tracking */
        rb_link_node(&root_key_user.node,
 diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
        /* record the root user tracking */
        rb_link_node(&root_key_user.node,
 diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c

-index e26f860..dcbe7ea 100644
+index eff88a5..51d35ef 100644

 --- a/security/keys/keyctl.c
 +++ b/security/keys/keyctl.c
 --- a/security/keys/keyctl.c
 +++ b/security/keys/keyctl.c

-@@ -1002,7 +1002,7 @@ static int keyctl_change_reqkey_auth(struct key *key)
+@@ -1004,7 +1004,7 @@ static int keyctl_change_reqkey_auth(struct key *key)

  /*
   * Copy the iovec data from userspace
   */
  /*
   * Copy the iovec data from userspace
   */


@@ -109198,7 +108825,7 @@ index e26f860..dcbe7ea 100644
                                 unsigned ioc)
  {
        for (; ioc > 0; ioc--) {
                                 unsigned ioc)
  {
        for (; ioc > 0; ioc--) {

-@@ -1024,7 +1024,7 @@ static long copy_from_user_iovec(void *buffer, const struct iovec *iov,
+@@ -1026,7 +1026,7 @@ static long copy_from_user_iovec(void *buffer, const struct iovec *iov,

   * If successful, 0 will be returned.
   */
  long keyctl_instantiate_key_common(key_serial_t id,
   * If successful, 0 will be returned.
   */
  long keyctl_instantiate_key_common(key_serial_t id,


@@ -109207,7 +108834,7 @@ index e26f860..dcbe7ea 100644
                                   unsigned ioc,
                                   size_t plen,
                                   key_serial_t ringid)
                                   unsigned ioc,
                                   size_t plen,
                                   key_serial_t ringid)

-@@ -1119,7 +1119,7 @@ long keyctl_instantiate_key(key_serial_t id,
+@@ -1121,7 +1121,7 @@ long keyctl_instantiate_key(key_serial_t id,

                        [0].iov_len  = plen
                };
  
                        [0].iov_len  = plen
                };
  


@@ -109216,7 +108843,7 @@ index e26f860..dcbe7ea 100644
        }
  
        return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid);
        }
  
        return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid);

-@@ -1152,7 +1152,7 @@ long keyctl_instantiate_key_iov(key_serial_t id,
+@@ -1154,7 +1154,7 @@ long keyctl_instantiate_key_iov(key_serial_t id,

        if (ret == 0)
                goto no_payload_free;
  
        if (ret == 0)
                goto no_payload_free;
  


@@ -109304,7 +108931,7 @@ index a18f1fa..c9b9fc4 100644
                lock = &avc_cache.slots_lock[hvalue];
  
 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
                lock = &avc_cache.slots_lock[hvalue];
  
 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c

-index b0e9404..b15da09 100644
+index e03bad5..b15da09 100644

 --- a/security/selinux/hooks.c
 +++ b/security/selinux/hooks.c
 @@ -95,8 +95,6 @@
 --- a/security/selinux/hooks.c
 +++ b/security/selinux/hooks.c
 @@ -95,8 +95,6 @@


@@ -109316,22 +108943,6 @@ index b0e9404..b15da09 100644
  /* SECMARK reference count */
  static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
  
  /* SECMARK reference count */
  static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
  

-@@ -481,6 +479,7 @@ next_inode:
-                               list_entry(sbsec->isec_head.next,
-                                          struct inode_security_struct, list);
-               struct inode *inode = isec->inode;
-+              list_del_init(&isec->list);
-               spin_unlock(&sbsec->isec_lock);
-               inode = igrab(inode);
-               if (inode) {
-@@ -489,7 +488,6 @@ next_inode:
-                       iput(inode);
-               }
-               spin_lock(&sbsec->isec_lock);
--              list_del_init(&isec->list);
-               goto next_inode;
-       }
-       spin_unlock(&sbsec->isec_lock);

 @@ -5772,7 +5770,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
  
  #endif
 @@ -5772,7 +5770,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
  
  #endif


@@ -109734,7 +109345,7 @@ index ada69d7..5f65386 100644
                                }
                        } else if (runtime->access == SNDRV_PCM_ACCESS_RW_NONINTERLEAVED) {
 diff --git a/sound/core/pcm_compat.c b/sound/core/pcm_compat.c
                                }
                        } else if (runtime->access == SNDRV_PCM_ACCESS_RW_NONINTERLEAVED) {
 diff --git a/sound/core/pcm_compat.c b/sound/core/pcm_compat.c

-index 102e8fd..7263bb8 100644
+index 2d957ba..fda022c 100644

 --- a/sound/core/pcm_compat.c
 +++ b/sound/core/pcm_compat.c
 @@ -31,7 +31,7 @@ static int snd_pcm_ioctl_delay_compat(struct snd_pcm_substream *substream,
 --- a/sound/core/pcm_compat.c
 +++ b/sound/core/pcm_compat.c
 @@ -31,7 +31,7 @@ static int snd_pcm_ioctl_delay_compat(struct snd_pcm_substream *substream,


@@ -109747,7 +109358,7 @@ index 102e8fd..7263bb8 100644
        if (err < 0)
                return err;
 diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
        if (err < 0)
                return err;
 diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c

-index 8cd2f93..8412c57 100644
+index a95356f..0f5eabf 100644

 --- a/sound/core/pcm_native.c
 +++ b/sound/core/pcm_native.c
 @@ -2815,11 +2815,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
 --- a/sound/core/pcm_native.c
 +++ b/sound/core/pcm_native.c
 @@ -2815,11 +2815,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,


@@ -110261,7 +109872,7 @@ index 81c916a..516f0bf 100644
        chip->pci = pci;
        chip->irq = -1;
 diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c
        chip->pci = pci;
        chip->irq = -1;
 diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c

-index d074aa9..ce3cc44 100644
+index a3e0a0d..ab98399 100644

 --- a/sound/soc/soc-core.c
 +++ b/sound/soc/soc-core.c
 @@ -2286,8 +2286,10 @@ int snd_soc_set_ac97_ops_of_reset(struct snd_ac97_bus_ops *ops,
 --- a/sound/soc/soc-core.c
 +++ b/sound/soc/soc-core.c
 @@ -2286,8 +2286,10 @@ int snd_soc_set_ac97_ops_of_reset(struct snd_ac97_bus_ops *ops,


@@ -118072,10 +117683,10 @@ index 0000000..4378111
 +}
 diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
 new file mode 100644
 +}
 diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
 new file mode 100644

-index 0000000..4dc6368
+index 0000000..f527934

 --- /dev/null
 +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
 --- /dev/null
 +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data

-@@ -0,0 +1,5850 @@
+@@ -0,0 +1,5911 @@

 +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
 +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
 +compat_sock_setsockopt_23 compat_sock_setsockopt 5 23 NULL
 +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
 +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
 +compat_sock_setsockopt_23 compat_sock_setsockopt 5 23 NULL


@@ -118426,6 +118037,7 @@ index 0000000..4dc6368
 +SyS_move_pages_3920 SyS_move_pages 2 3920 NULL
 +hdlc_irq_one_3944 hdlc_irq_one 2 3944 NULL
 +brcmf_debugfs_fws_stats_read_3947 brcmf_debugfs_fws_stats_read 3 3947 NULL
 +SyS_move_pages_3920 SyS_move_pages 2 3920 NULL
 +hdlc_irq_one_3944 hdlc_irq_one 2 3944 NULL
 +brcmf_debugfs_fws_stats_read_3947 brcmf_debugfs_fws_stats_read 3 3947 NULL

++mite_bytes_written_to_memory_lb_3987 mite_bytes_written_to_memory_lb 0 3987 NULL

 +copy_from_user_atomic_iovec_3990 copy_from_user_atomic_iovec 0-4 3990 NULL
 +do_add_counters_3992 do_add_counters 3 3992 NULL
 +userspace_status_4004 userspace_status 4 4004 NULL
 +copy_from_user_atomic_iovec_3990 copy_from_user_atomic_iovec 0-4 3990 NULL
 +do_add_counters_3992 do_add_counters 3 3992 NULL
 +userspace_status_4004 userspace_status 4 4004 NULL


@@ -118496,6 +118108,7 @@ index 0000000..4dc6368
 +C_SYSC_setsockopt_4806 C_SYSC_setsockopt 5 4806 NULL
 +repair_io_failure_4815 repair_io_failure 4-3 4815 NULL
 +scsi_end_request_4839 scsi_end_request 3-4 4839 NULL
 +C_SYSC_setsockopt_4806 C_SYSC_setsockopt 5 4806 NULL
 +repair_io_failure_4815 repair_io_failure 4-3 4815 NULL
 +scsi_end_request_4839 scsi_end_request 3-4 4839 NULL

++comedi_buf_write_free_4847 comedi_buf_write_free 2 4847 NULL

 +gigaset_if_receive_4861 gigaset_if_receive 3 4861 NULL
 +key_tx_spec_read_4862 key_tx_spec_read 3 4862 NULL
 +ocfs2_defrag_extent_4873 ocfs2_defrag_extent 2 4873 NULL
 +gigaset_if_receive_4861 gigaset_if_receive 3 4861 NULL
 +key_tx_spec_read_4862 key_tx_spec_read 3 4862 NULL
 +ocfs2_defrag_extent_4873 ocfs2_defrag_extent 2 4873 NULL


@@ -118632,6 +118245,7 @@ index 0000000..4dc6368
 +fb_alloc_cmap_6554 fb_alloc_cmap 2 6554 NULL
 +SyS_semtimedop_6563 SyS_semtimedop 3 6563 NULL
 +ecryptfs_filldir_6622 ecryptfs_filldir 3 6622 NULL
 +fb_alloc_cmap_6554 fb_alloc_cmap 2 6554 NULL
 +SyS_semtimedop_6563 SyS_semtimedop 3 6563 NULL
 +ecryptfs_filldir_6622 ecryptfs_filldir 3 6622 NULL

++xfs_do_div_6649 xfs_do_div 0-2 6649 NULL

 +process_rcvd_data_6679 process_rcvd_data 3 6679 NULL
 +btrfs_lookup_csums_range_6696 btrfs_lookup_csums_range 2-3 6696 NULL
 +ps_pspoll_max_apturn_read_6699 ps_pspoll_max_apturn_read 3 6699 NULL
 +process_rcvd_data_6679 process_rcvd_data 3 6679 NULL
 +btrfs_lookup_csums_range_6696 btrfs_lookup_csums_range 2-3 6696 NULL
 +ps_pspoll_max_apturn_read_6699 ps_pspoll_max_apturn_read 3 6699 NULL


@@ -118661,6 +118275,7 @@ index 0000000..4dc6368
 +spi_show_regs_6911 spi_show_regs 3 6911 &proc_sessionid_read_6911 nohasharray
 +acm_alloc_minor_6911 acm_alloc_minor 0 6911 &spi_show_regs_6911
 +__kfifo_dma_in_finish_r_6913 __kfifo_dma_in_finish_r 2-3 6913 NULL
 +spi_show_regs_6911 spi_show_regs 3 6911 &proc_sessionid_read_6911 nohasharray
 +acm_alloc_minor_6911 acm_alloc_minor 0 6911 &spi_show_regs_6911
 +__kfifo_dma_in_finish_r_6913 __kfifo_dma_in_finish_r 2-3 6913 NULL

++do_msgrcv_6921 do_msgrcv 3 6921 NULL

 +cache_do_downcall_6926 cache_do_downcall 3 6926 NULL
 +ipath_verbs_send_dma_6929 ipath_verbs_send_dma 6 6929 NULL
 +qsfp_cks_6945 qsfp_cks 2-0 6945 NULL
 +cache_do_downcall_6926 cache_do_downcall 3 6926 NULL
 +ipath_verbs_send_dma_6929 ipath_verbs_send_dma 6 6929 NULL
 +qsfp_cks_6945 qsfp_cks 2-0 6945 NULL


@@ -118689,7 +118304,8 @@ index 0000000..4dc6368
 +kvm_mmu_notifier_test_young_7139 kvm_mmu_notifier_test_young 3 7139 NULL
 +__alloc_objio_seg_7203 __alloc_objio_seg 1 7203 NULL
 +hdlc_loop_7255 hdlc_loop 0 7255 NULL
 +kvm_mmu_notifier_test_young_7139 kvm_mmu_notifier_test_young 3 7139 NULL
 +__alloc_objio_seg_7203 __alloc_objio_seg 1 7203 NULL
 +hdlc_loop_7255 hdlc_loop 0 7255 NULL

-+rx_rate_rx_frames_per_rates_read_7282 rx_rate_rx_frames_per_rates_read 3 7282 NULL
++rx_rate_rx_frames_per_rates_read_7282 rx_rate_rx_frames_per_rates_read 3 7282 NULL nohasharray
++kimage_alloc_init_7282 kimage_alloc_init 3 7282 &rx_rate_rx_frames_per_rates_read_7282

 +get_string_7302 get_string 0 7302 NULL
 +pci_vpd_info_field_size_7324 pci_vpd_info_field_size 0 7324 NULL
 +mgmt_control_7349 mgmt_control 3 7349 NULL
 +get_string_7302 get_string 0 7302 NULL
 +pci_vpd_info_field_size_7324 pci_vpd_info_field_size 0 7324 NULL
 +mgmt_control_7349 mgmt_control 3 7349 NULL


@@ -118752,6 +118368,7 @@ index 0000000..4dc6368
 +qla4xxx_post_ping_evt_work_8074 qla4xxx_post_ping_evt_work 4 8074 NULL
 +venus_lookup_8121 venus_lookup 4 8121 NULL
 +ieee80211_if_fmt_num_buffered_multicast_8127 ieee80211_if_fmt_num_buffered_multicast 3 8127 NULL
 +qla4xxx_post_ping_evt_work_8074 qla4xxx_post_ping_evt_work 4 8074 NULL
 +venus_lookup_8121 venus_lookup 4 8121 NULL
 +ieee80211_if_fmt_num_buffered_multicast_8127 ieee80211_if_fmt_num_buffered_multicast 3 8127 NULL

++xfs_file_fallocate_8150 xfs_file_fallocate 3-4 8150 NULL

 +ufshcd_wait_for_dev_cmd_8168 ufshcd_wait_for_dev_cmd 0 8168 NULL
 +__sk_mem_schedule_8185 __sk_mem_schedule 2 8185 NULL
 +ieee80211_if_fmt_dot11MeshHoldingTimeout_8187 ieee80211_if_fmt_dot11MeshHoldingTimeout 3 8187 NULL
 +ufshcd_wait_for_dev_cmd_8168 ufshcd_wait_for_dev_cmd 0 8168 NULL
 +__sk_mem_schedule_8185 __sk_mem_schedule 2 8185 NULL
 +ieee80211_if_fmt_dot11MeshHoldingTimeout_8187 ieee80211_if_fmt_dot11MeshHoldingTimeout 3 8187 NULL


@@ -118798,6 +118415,7 @@ index 0000000..4dc6368
 +mlx5_vzalloc_8663 mlx5_vzalloc 1 8663 NULL
 +dio_bio_alloc_8677 dio_bio_alloc 5 8677 NULL
 +lbs_bcnmiss_read_8678 lbs_bcnmiss_read 3 8678 NULL
 +mlx5_vzalloc_8663 mlx5_vzalloc 1 8663 NULL
 +dio_bio_alloc_8677 dio_bio_alloc 5 8677 NULL
 +lbs_bcnmiss_read_8678 lbs_bcnmiss_read 3 8678 NULL

++bpf_prog_size_8685 bpf_prog_size 0 8685 NULL

 +rproc_trace_read_8686 rproc_trace_read 3 8686 NULL
 +skb_frag_size_8695 skb_frag_size 0 8695 NULL
 +arcfb_write_8702 arcfb_write 3 8702 NULL
 +rproc_trace_read_8686 rproc_trace_read 3 8686 NULL
 +skb_frag_size_8695 skb_frag_size 0 8695 NULL
 +arcfb_write_8702 arcfb_write 3 8702 NULL


@@ -119044,12 +118662,14 @@ index 0000000..4dc6368
 +nouveau_gpio_create__11048 nouveau_gpio_create_ 4 11048 NULL
 +tda10048_writeregbulk_11050 tda10048_writeregbulk 4 11050 NULL
 +insert_inline_extent_backref_11063 insert_inline_extent_backref 8 11063 NULL
 +nouveau_gpio_create__11048 nouveau_gpio_create_ 4 11048 NULL
 +tda10048_writeregbulk_11050 tda10048_writeregbulk 4 11050 NULL
 +insert_inline_extent_backref_11063 insert_inline_extent_backref 8 11063 NULL

++xfs_collapse_file_space_11075 xfs_collapse_file_space 2-3 11075 NULL

 +tcp_send_mss_11079 tcp_send_mss 0 11079 NULL
 +count_argc_11083 count_argc 0 11083 NULL
 +kvm_write_guest_cached_11106 kvm_write_guest_cached 4 11106 NULL
 +tw_change_queue_depth_11116 tw_change_queue_depth 2 11116 NULL
 +page_offset_11120 page_offset 0 11120 NULL
 +tracing_buffers_read_11124 tracing_buffers_read 3 11124 NULL
 +tcp_send_mss_11079 tcp_send_mss 0 11079 NULL
 +count_argc_11083 count_argc 0 11083 NULL
 +kvm_write_guest_cached_11106 kvm_write_guest_cached 4 11106 NULL
 +tw_change_queue_depth_11116 tw_change_queue_depth 2 11116 NULL
 +page_offset_11120 page_offset 0 11120 NULL
 +tracing_buffers_read_11124 tracing_buffers_read 3 11124 NULL

++alloc_alien_cache_11127 alloc_alien_cache 2 11127 NULL

 +snd_gf1_pcm_playback_silence_11172 snd_gf1_pcm_playback_silence 3-4 11172 NULL
 +il_dbgfs_rx_queue_read_11221 il_dbgfs_rx_queue_read 3 11221 NULL
 +comedi_alloc_spriv_11234 comedi_alloc_spriv 2 11234 NULL
 +snd_gf1_pcm_playback_silence_11172 snd_gf1_pcm_playback_silence 3-4 11172 NULL
 +il_dbgfs_rx_queue_read_11221 il_dbgfs_rx_queue_read 3 11221 NULL
 +comedi_alloc_spriv_11234 comedi_alloc_spriv 2 11234 NULL


@@ -119234,6 +118854,7 @@ index 0000000..4dc6368
 +ufshcd_compose_upiu_13076 ufshcd_compose_upiu 0 13076 NULL
 +xattr_getsecurity_13090 xattr_getsecurity 0 13090 NULL
 +ttm_dma_pool_alloc_new_pages_13105 ttm_dma_pool_alloc_new_pages 3 13105 NULL
 +ufshcd_compose_upiu_13076 ufshcd_compose_upiu 0 13076 NULL
 +xattr_getsecurity_13090 xattr_getsecurity 0 13090 NULL
 +ttm_dma_pool_alloc_new_pages_13105 ttm_dma_pool_alloc_new_pages 3 13105 NULL

++SyS_msgrcv_13109 SyS_msgrcv 3 13109 NULL

 +snd_rme96_playback_copy_13111 snd_rme96_playback_copy 5 13111 NULL
 +bfad_debugfs_read_13119 bfad_debugfs_read 3 13119 NULL
 +blk_update_request_13146 blk_update_request 3 13146 NULL
 +snd_rme96_playback_copy_13111 snd_rme96_playback_copy 5 13111 NULL
 +bfad_debugfs_read_13119 bfad_debugfs_read 3 13119 NULL
 +blk_update_request_13146 blk_update_request 3 13146 NULL


@@ -119273,6 +118894,7 @@ index 0000000..4dc6368
 +sb_init_dio_done_wq_13482 sb_init_dio_done_wq 0 13482 NULL
 +data_read_13494 data_read 3 13494 NULL nohasharray
 +ext_prop_data_store_13494 ext_prop_data_store 3 13494 &data_read_13494
 +sb_init_dio_done_wq_13482 sb_init_dio_done_wq 0 13482 NULL
 +data_read_13494 data_read 3 13494 NULL nohasharray
 +ext_prop_data_store_13494 ext_prop_data_store 3 13494 &data_read_13494

++ocfs2_align_bytes_to_blocks_13512 ocfs2_align_bytes_to_blocks 0-2 13512 NULL

 +core_status_13515 core_status 4 13515 NULL
 +smk_write_mapped_13519 smk_write_mapped 3 13519 NULL
 +bm_init_13529 bm_init 2 13529 NULL
 +core_status_13515 core_status 4 13515 NULL
 +smk_write_mapped_13519 smk_write_mapped 3 13519 NULL
 +bm_init_13529 bm_init 2 13529 NULL


@@ -119361,6 +118983,7 @@ index 0000000..4dc6368
 +snd_emu10k1_proc_spdif_status_14457 snd_emu10k1_proc_spdif_status 4-5 14457 NULL
 +ath10k_write_htt_stats_mask_14458 ath10k_write_htt_stats_mask 3 14458 NULL
 +lustre_msg_size_v2_14470 lustre_msg_size_v2 0-1 14470 NULL
 +snd_emu10k1_proc_spdif_status_14457 snd_emu10k1_proc_spdif_status 4-5 14457 NULL
 +ath10k_write_htt_stats_mask_14458 ath10k_write_htt_stats_mask 3 14458 NULL
 +lustre_msg_size_v2_14470 lustre_msg_size_v2 0-1 14470 NULL

++dma_transfer_size_14473 dma_transfer_size 0 14473 NULL

 +udplite_getfrag_14479 udplite_getfrag 3-4 14479 NULL
 +ieee80211_if_read_dot11MeshGateAnnouncementProtocol_14486 ieee80211_if_read_dot11MeshGateAnnouncementProtocol 3 14486 NULL
 +ocfs2_debug_read_14507 ocfs2_debug_read 3 14507 NULL
 +udplite_getfrag_14479 udplite_getfrag 3-4 14479 NULL
 +ieee80211_if_read_dot11MeshGateAnnouncementProtocol_14486 ieee80211_if_read_dot11MeshGateAnnouncementProtocol 3 14486 NULL
 +ocfs2_debug_read_14507 ocfs2_debug_read 3 14507 NULL


@@ -119397,6 +119020,7 @@ index 0000000..4dc6368
 +ttm_page_pool_free_14797 ttm_page_pool_free 2-0 14797 &__kfifo_in_14797
 +hpet_readl_14801 hpet_readl 0 14801 NULL nohasharray
 +snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 &hpet_readl_14801
 +ttm_page_pool_free_14797 ttm_page_pool_free 2-0 14797 &__kfifo_in_14797
 +hpet_readl_14801 hpet_readl 0 14801 NULL nohasharray
 +snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 &hpet_readl_14801

++do_tune_cpucache_14828 do_tune_cpucache 2 14828 NULL

 +mrp_attr_create_14853 mrp_attr_create 3 14853 NULL
 +lcd_write_14857 lcd_write 3 14857 NULL
 +get_user_cpu_mask_14861 get_user_cpu_mask 2 14861 NULL
 +mrp_attr_create_14853 mrp_attr_create 3 14853 NULL
 +lcd_write_14857 lcd_write 3 14857 NULL
 +get_user_cpu_mask_14861 get_user_cpu_mask 2 14861 NULL


@@ -119488,6 +119112,7 @@ index 0000000..4dc6368
 +viafb_vt1636_proc_write_16018 viafb_vt1636_proc_write 3 16018 NULL
 +dccp_recvmsg_16056 dccp_recvmsg 4 16056 NULL
 +read_file_spectral_period_16057 read_file_spectral_period 3 16057 NULL
 +viafb_vt1636_proc_write_16018 viafb_vt1636_proc_write 3 16018 NULL
 +dccp_recvmsg_16056 dccp_recvmsg 4 16056 NULL
 +read_file_spectral_period_16057 read_file_spectral_period 3 16057 NULL

++SYSC_kexec_file_load_16058 SYSC_kexec_file_load 3 16058 NULL

 +si5351_msynth_params_address_16062 si5351_msynth_params_address 0-1 16062 NULL
 +isr_tx_exch_complete_read_16103 isr_tx_exch_complete_read 3 16103 NULL
 +isr_hw_pm_mode_changes_read_16110 isr_hw_pm_mode_changes_read 3 16110 NULL nohasharray
 +si5351_msynth_params_address_16062 si5351_msynth_params_address 0-1 16062 NULL
 +isr_tx_exch_complete_read_16103 isr_tx_exch_complete_read 3 16103 NULL
 +isr_hw_pm_mode_changes_read_16110 isr_hw_pm_mode_changes_read 3 16110 NULL nohasharray


@@ -119714,7 +119339,8 @@ index 0000000..4dc6368
 +snd_hda_get_connections_18437 snd_hda_get_connections 0 18437 NULL
 +fuse_perform_write_18457 fuse_perform_write 4 18457 NULL
 +regset_tls_set_18459 regset_tls_set 4 18459 NULL
 +snd_hda_get_connections_18437 snd_hda_get_connections 0 18437 NULL
 +fuse_perform_write_18457 fuse_perform_write 4 18457 NULL
 +regset_tls_set_18459 regset_tls_set 4 18459 NULL

-+pci_vpd_lrdt_size_18479 pci_vpd_lrdt_size 0 18479 NULL
++pci_vpd_lrdt_size_18479 pci_vpd_lrdt_size 0 18479 NULL nohasharray
++mite_bytes_in_transit_18479 mite_bytes_in_transit 0 18479 &pci_vpd_lrdt_size_18479

 +udpv6_setsockopt_18487 udpv6_setsockopt 5 18487 NULL
 +btrfs_fiemap_18501 btrfs_fiemap 3 18501 NULL
 +__copy_user_zeroing_intel_18510 __copy_user_zeroing_intel 0-3 18510 NULL
 +udpv6_setsockopt_18487 udpv6_setsockopt 5 18487 NULL
 +btrfs_fiemap_18501 btrfs_fiemap 3 18501 NULL
 +__copy_user_zeroing_intel_18510 __copy_user_zeroing_intel 0-3 18510 NULL


@@ -119726,7 +119352,8 @@ index 0000000..4dc6368
 +sas_change_queue_depth_18555 sas_change_queue_depth 2 18555 NULL
 +smk_write_rules_list_18565 smk_write_rules_list 3 18565 NULL
 +debug_output_18575 debug_output 3 18575 NULL
 +sas_change_queue_depth_18555 sas_change_queue_depth 2 18555 NULL
 +smk_write_rules_list_18565 smk_write_rules_list 3 18565 NULL
 +debug_output_18575 debug_output 3 18575 NULL

-+filemap_fdatawait_range_18600 filemap_fdatawait_range 0 18600 NULL
++filemap_fdatawait_range_18600 filemap_fdatawait_range 0 18600 NULL nohasharray
++slabinfo_write_18600 slabinfo_write 3 18600 &filemap_fdatawait_range_18600

 +iowarrior_write_18604 iowarrior_write 3 18604 NULL
 +from_buffer_18625 from_buffer 3 18625 NULL
 +kmalloc_kernel_18641 kmalloc_kernel 1 18641 NULL
 +iowarrior_write_18604 iowarrior_write 3 18604 NULL
 +from_buffer_18625 from_buffer 3 18625 NULL
 +kmalloc_kernel_18641 kmalloc_kernel 1 18641 NULL


@@ -119811,6 +119438,7 @@ index 0000000..4dc6368
 +ext4_add_new_descs_19509 ext4_add_new_descs 3 19509 NULL
 +batadv_tvlv_container_register_19520 batadv_tvlv_container_register 5 19520 NULL
 +ttm_dma_page_pool_free_19527 ttm_dma_page_pool_free 2-0 19527 NULL
 +ext4_add_new_descs_19509 ext4_add_new_descs 3 19509 NULL
 +batadv_tvlv_container_register_19520 batadv_tvlv_container_register 5 19520 NULL
 +ttm_dma_page_pool_free_19527 ttm_dma_page_pool_free 2-0 19527 NULL

++cfc_write_array_to_buffer_19529 cfc_write_array_to_buffer 3 19529 NULL

 +nfc_llcp_build_tlv_19536 nfc_llcp_build_tlv 3 19536 NULL
 +gfn_to_index_19558 gfn_to_index 0-1-3-2 19558 NULL
 +ocfs2_control_message_19564 ocfs2_control_message 3 19564 NULL
 +nfc_llcp_build_tlv_19536 nfc_llcp_build_tlv 3 19536 NULL
 +gfn_to_index_19558 gfn_to_index 0-1-3-2 19558 NULL
 +ocfs2_control_message_19564 ocfs2_control_message 3 19564 NULL


@@ -119980,6 +119608,7 @@ index 0000000..4dc6368
 +cfg80211_notify_new_peer_candidate_21242 cfg80211_notify_new_peer_candidate 4 21242 NULL
 +fru_length_21257 fru_length 0 21257 NULL
 +rtw_set_wps_beacon_21262 rtw_set_wps_beacon 3 21262 NULL
 +cfg80211_notify_new_peer_candidate_21242 cfg80211_notify_new_peer_candidate 4 21242 NULL
 +fru_length_21257 fru_length 0 21257 NULL
 +rtw_set_wps_beacon_21262 rtw_set_wps_beacon 3 21262 NULL

++ocfs2_blocks_for_bytes_21268 ocfs2_blocks_for_bytes 0-2 21268 NULL

 +drm_universal_plane_init_21296 drm_universal_plane_init 6 21296 NULL
 +do_msg_fill_21307 do_msg_fill 3 21307 NULL
 +add_res_range_21310 add_res_range 4 21310 NULL
 +drm_universal_plane_init_21296 drm_universal_plane_init 6 21296 NULL
 +do_msg_fill_21307 do_msg_fill 3 21307 NULL
 +add_res_range_21310 add_res_range 4 21310 NULL


@@ -120012,6 +119641,7 @@ index 0000000..4dc6368
 +snd_es18xx_mixer_read_21586 snd_es18xx_mixer_read 0 21586 NULL
 +ocfs2_acl_from_xattr_21604 ocfs2_acl_from_xattr 2 21604 NULL
 +filemap_get_page_21606 filemap_get_page 2 21606 NULL
 +snd_es18xx_mixer_read_21586 snd_es18xx_mixer_read 0 21586 NULL
 +ocfs2_acl_from_xattr_21604 ocfs2_acl_from_xattr 2 21604 NULL
 +filemap_get_page_21606 filemap_get_page 2 21606 NULL

++ocfs2_refcount_cow_hunk_21630 ocfs2_refcount_cow_hunk 3-4 21630 NULL

 +__jfs_getxattr_21631 __jfs_getxattr 0 21631 NULL
 +atalk_sendmsg_21677 atalk_sendmsg 4 21677 NULL
 +ocfs2_xattr_get_nolock_21678 ocfs2_xattr_get_nolock 0 21678 NULL
 +__jfs_getxattr_21631 __jfs_getxattr 0 21631 NULL
 +atalk_sendmsg_21677 atalk_sendmsg 4 21677 NULL
 +ocfs2_xattr_get_nolock_21678 ocfs2_xattr_get_nolock 0 21678 NULL


@@ -120066,6 +119696,7 @@ index 0000000..4dc6368
 +mesh_table_alloc_22305 mesh_table_alloc 1 22305 NULL
 +lov_setstripe_22307 lov_setstripe 2 22307 NULL
 +udpv6_sendmsg_22316 udpv6_sendmsg 4 22316 NULL
 +mesh_table_alloc_22305 mesh_table_alloc 1 22305 NULL
 +lov_setstripe_22307 lov_setstripe 2 22307 NULL
 +udpv6_sendmsg_22316 udpv6_sendmsg 4 22316 NULL

++C_SYSC_msgrcv_22320 C_SYSC_msgrcv 3 22320 NULL

 +atomic_read_22342 atomic_read 0 22342 NULL
 +ll_lazystatfs_seq_write_22353 ll_lazystatfs_seq_write 3 22353 NULL
 +snd_pcm_alsa_frames_22363 snd_pcm_alsa_frames 2 22363 NULL
 +atomic_read_22342 atomic_read 0 22342 NULL
 +ll_lazystatfs_seq_write_22353 ll_lazystatfs_seq_write 3 22353 NULL
 +snd_pcm_alsa_frames_22363 snd_pcm_alsa_frames 2 22363 NULL


@@ -120091,6 +119722,7 @@ index 0000000..4dc6368
 +wl1271_rx_filter_get_fields_size_22638 wl1271_rx_filter_get_fields_size 0 22638 NULL
 +pwr_wake_on_timer_exp_read_22640 pwr_wake_on_timer_exp_read 3 22640 NULL
 +iwl_dbgfs_calib_disabled_read_22649 iwl_dbgfs_calib_disabled_read 3 22649 NULL
 +wl1271_rx_filter_get_fields_size_22638 wl1271_rx_filter_get_fields_size 0 22638 NULL
 +pwr_wake_on_timer_exp_read_22640 pwr_wake_on_timer_exp_read 3 22640 NULL
 +iwl_dbgfs_calib_disabled_read_22649 iwl_dbgfs_calib_disabled_read 3 22649 NULL

++compat_SyS_msgrcv_22661 compat_SyS_msgrcv 3 22661 NULL

 +l2tp_ip_recvmsg_22681 l2tp_ip_recvmsg 4 22681 NULL
 +bch_dump_read_22685 bch_dump_read 3 22685 NULL
 +reg_umr_22686 reg_umr 5 22686 NULL
 +l2tp_ip_recvmsg_22681 l2tp_ip_recvmsg 4 22681 NULL
 +bch_dump_read_22685 bch_dump_read 3 22685 NULL
 +reg_umr_22686 reg_umr 5 22686 NULL


@@ -120126,8 +119758,10 @@ index 0000000..4dc6368
 +remote_settings_file_write_22987 remote_settings_file_write 3 22987 NULL
 +viafb_dvp0_proc_write_23023 viafb_dvp0_proc_write 3 23023 NULL
 +cifs_local_to_utf16_bytes_23025 cifs_local_to_utf16_bytes 0 23025 NULL
 +remote_settings_file_write_22987 remote_settings_file_write 3 22987 NULL
 +viafb_dvp0_proc_write_23023 viafb_dvp0_proc_write 3 23023 NULL
 +cifs_local_to_utf16_bytes_23025 cifs_local_to_utf16_bytes 0 23025 NULL

++ocfs2_refcount_cow_xattr_23029 ocfs2_refcount_cow_xattr 6-7 23029 NULL

 +st_status_23032 st_status 5 23032 NULL
 +nv50_disp_chan_create__23056 nv50_disp_chan_create_ 5 23056 NULL
 +st_status_23032 st_status 5 23032 NULL
 +nv50_disp_chan_create__23056 nv50_disp_chan_create_ 5 23056 NULL

++comedi_buf_write_n_available_23057 comedi_buf_write_n_available 0 23057 NULL

 +reiserfs_add_entry_23062 reiserfs_add_entry 4 23062 NULL nohasharray
 +unix_seqpacket_recvmsg_23062 unix_seqpacket_recvmsg 4 23062 &reiserfs_add_entry_23062
 +mei_cl_send_23068 mei_cl_send 3 23068 NULL
 +reiserfs_add_entry_23062 reiserfs_add_entry 4 23062 NULL nohasharray
 +unix_seqpacket_recvmsg_23062 unix_seqpacket_recvmsg 4 23062 &reiserfs_add_entry_23062
 +mei_cl_send_23068 mei_cl_send 3 23068 NULL


@@ -120238,6 +119872,7 @@ index 0000000..4dc6368
 +trim_bitmaps_24158 trim_bitmaps 3 24158 NULL
 +adu_read_24177 adu_read 3 24177 NULL
 +safe_prepare_write_buffer_24187 safe_prepare_write_buffer 3 24187 NULL
 +trim_bitmaps_24158 trim_bitmaps 3 24158 NULL
 +adu_read_24177 adu_read 3 24177 NULL
 +safe_prepare_write_buffer_24187 safe_prepare_write_buffer 3 24187 NULL

++nv94_aux_24197 nv94_aux 3-6 24197 NULL

 +ieee80211_if_read_dot11MeshHWMPpreqMinInterval_24208 ieee80211_if_read_dot11MeshHWMPpreqMinInterval 3 24208 NULL
 +tcpprobe_sprint_24222 tcpprobe_sprint 0-2 24222 NULL
 +pcpu_embed_first_chunk_24224 pcpu_embed_first_chunk 3-2-1 24224 NULL nohasharray
 +ieee80211_if_read_dot11MeshHWMPpreqMinInterval_24208 ieee80211_if_read_dot11MeshHWMPpreqMinInterval 3 24208 NULL
 +tcpprobe_sprint_24222 tcpprobe_sprint 0-2 24222 NULL
 +pcpu_embed_first_chunk_24224 pcpu_embed_first_chunk 3-2-1 24224 NULL nohasharray


@@ -120292,6 +119927,7 @@ index 0000000..4dc6368
 +simple_attr_read_24738 simple_attr_read 3 24738 NULL
 +qla2x00_change_queue_depth_24742 qla2x00_change_queue_depth 2 24742 NULL
 +get_dma_residue_24749 get_dma_residue 0 24749 NULL
 +simple_attr_read_24738 simple_attr_read 3 24738 NULL
 +qla2x00_change_queue_depth_24742 qla2x00_change_queue_depth 2 24742 NULL
 +get_dma_residue_24749 get_dma_residue 0 24749 NULL

++ocfs2_cow_file_pos_24751 ocfs2_cow_file_pos 3 24751 NULL

 +kgdb_hex2mem_24755 kgdb_hex2mem 3 24755 NULL
 +ocfs2_read_blocks_24777 ocfs2_read_blocks 0 24777 NULL
 +datablob_hmac_verify_24786 datablob_hmac_verify 4 24786 NULL
 +kgdb_hex2mem_24755 kgdb_hex2mem 3 24755 NULL
 +ocfs2_read_blocks_24777 ocfs2_read_blocks 0 24777 NULL
 +datablob_hmac_verify_24786 datablob_hmac_verify 4 24786 NULL


@@ -120504,6 +120140,7 @@ index 0000000..4dc6368
 +seq_read_27411 seq_read 3 27411 NULL
 +ib_dma_map_sg_27413 ib_dma_map_sg 0 27413 NULL
 +ieee80211_if_read_smps_27416 ieee80211_if_read_smps 3 27416 NULL
 +seq_read_27411 seq_read 3 27411 NULL
 +ib_dma_map_sg_27413 ib_dma_map_sg 0 27413 NULL
 +ieee80211_if_read_smps_27416 ieee80211_if_read_smps 3 27416 NULL

++ocfs2_refcount_cal_cow_clusters_27422 ocfs2_refcount_cal_cow_clusters 3-4 27422 NULL

 +cypress_write_27423 cypress_write 4 27423 NULL
 +sddr09_read_data_27447 sddr09_read_data 3 27447 NULL
 +v4l2_ctrl_new_std_menu_items_27487 v4l2_ctrl_new_std_menu_items 4 27487 NULL
 +cypress_write_27423 cypress_write 4 27423 NULL
 +sddr09_read_data_27447 sddr09_read_data 3 27447 NULL
 +v4l2_ctrl_new_std_menu_items_27487 v4l2_ctrl_new_std_menu_items 4 27487 NULL


@@ -120598,6 +120235,7 @@ index 0000000..4dc6368
 +subdev_ioctl_28417 subdev_ioctl 2 28417 NULL
 +__videobuf_mmap_setup_28421 __videobuf_mmap_setup 0 28421 NULL
 +ksocknal_alloc_tx_28426 ksocknal_alloc_tx 2 28426 NULL
 +subdev_ioctl_28417 subdev_ioctl 2 28417 NULL
 +__videobuf_mmap_setup_28421 __videobuf_mmap_setup 0 28421 NULL
 +ksocknal_alloc_tx_28426 ksocknal_alloc_tx 2 28426 NULL

++hid_hw_output_report_28429 hid_hw_output_report 0 28429 NULL

 +mpage_readpages_28436 mpage_readpages 3 28436 NULL
 +snd_emu10k1_efx_read_28452 snd_emu10k1_efx_read 2 28452 NULL
 +key_mic_failures_read_28457 key_mic_failures_read 3 28457 NULL
 +mpage_readpages_28436 mpage_readpages 3 28436 NULL
 +snd_emu10k1_efx_read_28452 snd_emu10k1_efx_read 2 28452 NULL
 +key_mic_failures_read_28457 key_mic_failures_read 3 28457 NULL


@@ -120729,6 +120367,7 @@ index 0000000..4dc6368
 +ipv6_setsockopt_29871 ipv6_setsockopt 5 29871 NULL
 +crypto_aead_alignmask_29885 crypto_aead_alignmask 0 29885 NULL
 +rtw_cfg80211_indicate_sta_assoc_29897 rtw_cfg80211_indicate_sta_assoc 3 29897 NULL
 +ipv6_setsockopt_29871 ipv6_setsockopt 5 29871 NULL
 +crypto_aead_alignmask_29885 crypto_aead_alignmask 0 29885 NULL
 +rtw_cfg80211_indicate_sta_assoc_29897 rtw_cfg80211_indicate_sta_assoc 3 29897 NULL

++nv94_gpio_intr_mask_29907 nv94_gpio_intr_mask 4-3 29907 NULL

 +lov_ost_pool_extend_29914 lov_ost_pool_extend 2 29914 NULL
 +write_file_queue_29922 write_file_queue 3 29922 NULL
 +__btrfs_getxattr_29947 __btrfs_getxattr 0 29947 NULL nohasharray
 +lov_ost_pool_extend_29914 lov_ost_pool_extend 2 29914 NULL
 +write_file_queue_29922 write_file_queue 3 29922 NULL
 +__btrfs_getxattr_29947 __btrfs_getxattr 0 29947 NULL nohasharray


@@ -120741,6 +120380,7 @@ index 0000000..4dc6368
 +cxgbi_ddp_reserve_30091 cxgbi_ddp_reserve 4 30091 NULL
 +snd_midi_channel_init_set_30092 snd_midi_channel_init_set 1 30092 NULL
 +rx_filter_data_filter_read_30098 rx_filter_data_filter_read 3 30098 NULL
 +cxgbi_ddp_reserve_30091 cxgbi_ddp_reserve 4 30091 NULL
 +snd_midi_channel_init_set_30092 snd_midi_channel_init_set 1 30092 NULL
 +rx_filter_data_filter_read_30098 rx_filter_data_filter_read 3 30098 NULL

++defragment_dma_buffer_30113 defragment_dma_buffer 0 30113 NULL

 +spi_async_locked_30117 spi_async_locked 0 30117 NULL
 +u_memcpya_30139 u_memcpya 3-2 30139 NULL
 +dbg_port_buf_30145 dbg_port_buf 2 30145 NULL
 +spi_async_locked_30117 spi_async_locked 0 30117 NULL
 +u_memcpya_30139 u_memcpya 3-2 30139 NULL
 +dbg_port_buf_30145 dbg_port_buf 2 30145 NULL


@@ -120761,6 +120401,7 @@ index 0000000..4dc6368
 +tcp_sendmsg_30296 tcp_sendmsg 4 30296 NULL
 +osc_contention_seconds_seq_write_30305 osc_contention_seconds_seq_write 3 30305 NULL
 +ext4_acl_from_disk_30320 ext4_acl_from_disk 2 30320 NULL
 +tcp_sendmsg_30296 tcp_sendmsg 4 30296 NULL
 +osc_contention_seconds_seq_write_30305 osc_contention_seconds_seq_write 3 30305 NULL
 +ext4_acl_from_disk_30320 ext4_acl_from_disk 2 30320 NULL

++i8254_read_30330 i8254_read 0 30330 NULL

 +resource_from_user_30341 resource_from_user 3 30341 NULL
 +o2nm_this_node_30342 o2nm_this_node 0 30342 NULL
 +kstrtou32_from_user_30361 kstrtou32_from_user 2 30361 NULL
 +resource_from_user_30341 resource_from_user 3 30341 NULL
 +o2nm_this_node_30342 o2nm_this_node 0 30342 NULL
 +kstrtou32_from_user_30361 kstrtou32_from_user 2 30361 NULL


@@ -120787,12 +120428,14 @@ index 0000000..4dc6368
 +set_le_30581 set_le 4 30581 NULL
 +blk_init_tags_30592 blk_init_tags 1 30592 NULL
 +sgl_map_user_pages_30610 sgl_map_user_pages 2 30610 NULL
 +set_le_30581 set_le 4 30581 NULL
 +blk_init_tags_30592 blk_init_tags 1 30592 NULL
 +sgl_map_user_pages_30610 sgl_map_user_pages 2 30610 NULL

++SyS_msgrcv_30611 SyS_msgrcv 3 30611 NULL

 +macvtap_sendmsg_30629 macvtap_sendmsg 4 30629 NULL
 +ieee80211_if_read_dot11MeshAwakeWindowDuration_30631 ieee80211_if_read_dot11MeshAwakeWindowDuration 3 30631 NULL
 +compat_raw_setsockopt_30634 compat_raw_setsockopt 5 30634 NULL
 +mlx5_ib_alloc_fast_reg_page_list_30638 mlx5_ib_alloc_fast_reg_page_list 2 30638 NULL
 +SyS_listxattr_30647 SyS_listxattr 3 30647 NULL
 +jffs2_flash_read_30667 jffs2_flash_read 0 30667 NULL
 +macvtap_sendmsg_30629 macvtap_sendmsg 4 30629 NULL
 +ieee80211_if_read_dot11MeshAwakeWindowDuration_30631 ieee80211_if_read_dot11MeshAwakeWindowDuration 3 30631 NULL
 +compat_raw_setsockopt_30634 compat_raw_setsockopt 5 30634 NULL
 +mlx5_ib_alloc_fast_reg_page_list_30638 mlx5_ib_alloc_fast_reg_page_list 2 30638 NULL
 +SyS_listxattr_30647 SyS_listxattr 3 30647 NULL
 +jffs2_flash_read_30667 jffs2_flash_read 0 30667 NULL

++ni_ai_fifo_read_30681 ni_ai_fifo_read 3 30681 NULL

 +sst_hsw_get_dsp_position_30691 sst_hsw_get_dsp_position 0 30691 NULL
 +get_pages_alloc_iovec_30699 get_pages_alloc_iovec 3-0 30699 NULL
 +dccp_setsockopt_ccid_30701 dccp_setsockopt_ccid 4 30701 NULL
 +sst_hsw_get_dsp_position_30691 sst_hsw_get_dsp_position 0 30691 NULL
 +get_pages_alloc_iovec_30699 get_pages_alloc_iovec 3-0 30699 NULL
 +dccp_setsockopt_ccid_30701 dccp_setsockopt_ccid 4 30701 NULL


@@ -121180,6 +120823,7 @@ index 0000000..4dc6368
 +__inode_permission_34925 __inode_permission 0 34925 &btrfs_super_chunk_root_34925
 +sec_flags2str_34933 sec_flags2str 3 34933 NULL
 +snd_info_entry_read_34938 snd_info_entry_read 3 34938 NULL
 +__inode_permission_34925 __inode_permission 0 34925 &btrfs_super_chunk_root_34925
 +sec_flags2str_34933 sec_flags2str 3 34933 NULL
 +snd_info_entry_read_34938 snd_info_entry_read 3 34938 NULL

++compat_SyS_kexec_load_34947 compat_SyS_kexec_load 2 34947 NULL

 +do_add_page_to_bio_34974 do_add_page_to_bio 2-10 34974 NULL
 +sdebug_change_qdepth_34994 sdebug_change_qdepth 2 34994 NULL
 +rx_rx_hdr_overflow_read_35002 rx_rx_hdr_overflow_read 3 35002 NULL
 +do_add_page_to_bio_34974 do_add_page_to_bio 2-10 34974 NULL
 +sdebug_change_qdepth_34994 sdebug_change_qdepth 2 34994 NULL
 +rx_rx_hdr_overflow_read_35002 rx_rx_hdr_overflow_read 3 35002 NULL


@@ -121202,6 +120846,7 @@ index 0000000..4dc6368
 +striped_read_35218 striped_read 0-2 35218 NULL nohasharray
 +security_key_getsecurity_35218 security_key_getsecurity 0 35218 &striped_read_35218
 +rx_rx_cmplt_task_read_35226 rx_rx_cmplt_task_read 3 35226 NULL
 +striped_read_35218 striped_read 0-2 35218 NULL nohasharray
 +security_key_getsecurity_35218 security_key_getsecurity 0 35218 &striped_read_35218
 +rx_rx_cmplt_task_read_35226 rx_rx_cmplt_task_read 3 35226 NULL

++kimage_file_prepare_segments_35232 kimage_file_prepare_segments 5 35232 NULL

 +set_fd_set_35249 set_fd_set 1 35249 NULL
 +ioapic_setup_resources_35255 ioapic_setup_resources 1 35255 NULL
 +dis_disc_write_35265 dis_disc_write 3 35265 NULL
 +set_fd_set_35249 set_fd_set 1 35249 NULL
 +ioapic_setup_resources_35255 ioapic_setup_resources 1 35255 NULL
 +dis_disc_write_35265 dis_disc_write 3 35265 NULL


@@ -121234,6 +120879,7 @@ index 0000000..4dc6368
 +ocfs2_write_zero_page_35539 ocfs2_write_zero_page 3 35539 NULL
 +ibnl_put_attr_35541 ibnl_put_attr 3 35541 NULL
 +ieee80211_if_write_smps_35550 ieee80211_if_write_smps 3 35550 NULL
 +ocfs2_write_zero_page_35539 ocfs2_write_zero_page 3 35539 NULL
 +ibnl_put_attr_35541 ibnl_put_attr 3 35541 NULL
 +ieee80211_if_write_smps_35550 ieee80211_if_write_smps 3 35550 NULL

++C_SYSC_kexec_load_35565 C_SYSC_kexec_load 2 35565 NULL

 +ext4_blocks_for_truncate_35579 ext4_blocks_for_truncate 0 35579 NULL
 +ext2_acl_from_disk_35580 ext2_acl_from_disk 2 35580 NULL
 +spk_msg_set_35586 spk_msg_set 3 35586 NULL
 +ext4_blocks_for_truncate_35579 ext4_blocks_for_truncate 0 35579 NULL
 +ext2_acl_from_disk_35580 ext2_acl_from_disk 2 35580 NULL
 +spk_msg_set_35586 spk_msg_set 3 35586 NULL


@@ -121484,7 +121130,8 @@ index 0000000..4dc6368
 +_ipw_read_reg32_38245 _ipw_read_reg32 0 38245 NULL
 +nvkm_dmaobj_create__38250 nvkm_dmaobj_create_ 6 38250 NULL
 +mthca_alloc_icm_table_38268 mthca_alloc_icm_table 4-3 38268 NULL nohasharray
 +_ipw_read_reg32_38245 _ipw_read_reg32 0 38245 NULL
 +nvkm_dmaobj_create__38250 nvkm_dmaobj_create_ 6 38250 NULL
 +mthca_alloc_icm_table_38268 mthca_alloc_icm_table 4-3 38268 NULL nohasharray

-+ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 &mthca_alloc_icm_table_38268
++ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 &mthca_alloc_icm_table_38268 nohasharray
++SYSC_msgrcv_38268 SYSC_msgrcv 3 38268 &ieee80211_if_read_auto_open_plinks_38268

 +xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 NULL nohasharray
 +xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 &xfs_bmbt_to_bmdr_38275
 +ftdi_process_packet_38281 ftdi_process_packet 4 38281 NULL
 +xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 NULL nohasharray
 +xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 &xfs_bmbt_to_bmdr_38275
 +ftdi_process_packet_38281 ftdi_process_packet 4 38281 NULL


@@ -121495,6 +121142,7 @@ index 0000000..4dc6368
 +__snd_gf1_look8_38333 __snd_gf1_look8 0 38333 NULL
 +usb_ext_prop_put_name_38352 usb_ext_prop_put_name 0-3 38352 NULL
 +btrfs_file_extent_disk_num_bytes_38363 btrfs_file_extent_disk_num_bytes 0 38363 NULL
 +__snd_gf1_look8_38333 __snd_gf1_look8 0 38333 NULL
 +usb_ext_prop_put_name_38352 usb_ext_prop_put_name 0-3 38352 NULL
 +btrfs_file_extent_disk_num_bytes_38363 btrfs_file_extent_disk_num_bytes 0 38363 NULL

++xfs_free_file_space_38383 xfs_free_file_space 2-3 38383 NULL

 +dn_sendmsg_38390 dn_sendmsg 4 38390 NULL
 +ieee80211_if_read_dtim_count_38419 ieee80211_if_read_dtim_count 3 38419 NULL
 +pmcraid_copy_sglist_38431 pmcraid_copy_sglist 3 38431 NULL
 +dn_sendmsg_38390 dn_sendmsg 4 38390 NULL
 +ieee80211_if_read_dtim_count_38419 ieee80211_if_read_dtim_count 3 38419 NULL
 +pmcraid_copy_sglist_38431 pmcraid_copy_sglist 3 38431 NULL


@@ -121651,7 +121299,7 @@ index 0000000..4dc6368
 +ocrdma_dbgfs_ops_read_40232 ocrdma_dbgfs_ops_read 3 40232 NULL
 +osst_read_40237 osst_read 3 40237 NULL
 +lpage_info_slot_40243 lpage_info_slot 1-3 40243 NULL
 +ocrdma_dbgfs_ops_read_40232 ocrdma_dbgfs_ops_read 3 40232 NULL
 +osst_read_40237 osst_read 3 40237 NULL
 +lpage_info_slot_40243 lpage_info_slot 1-3 40243 NULL

-+ocfs2_zero_extend_get_range_40248 ocfs2_zero_extend_get_range 4 40248 NULL
++ocfs2_zero_extend_get_range_40248 ocfs2_zero_extend_get_range 4-3 40248 NULL

 +of_get_child_count_40254 of_get_child_count 0 40254 NULL nohasharray
 +fsl_edma_prep_dma_cyclic_40254 fsl_edma_prep_dma_cyclic 3-4 40254 &of_get_child_count_40254
 +rs_sta_dbgfs_scale_table_read_40262 rs_sta_dbgfs_scale_table_read 3 40262 NULL
 +of_get_child_count_40254 of_get_child_count 0 40254 NULL nohasharray
 +fsl_edma_prep_dma_cyclic_40254 fsl_edma_prep_dma_cyclic 3-4 40254 &of_get_child_count_40254
 +rs_sta_dbgfs_scale_table_read_40262 rs_sta_dbgfs_scale_table_read 3 40262 NULL


@@ -121717,6 +121365,7 @@ index 0000000..4dc6368
 +vol_cdev_write_40915 vol_cdev_write 3 40915 NULL
 +snd_vx_create_40948 snd_vx_create 4 40948 NULL
 +rds_sendmsg_40976 rds_sendmsg 4 40976 NULL
 +vol_cdev_write_40915 vol_cdev_write 3 40915 NULL
 +snd_vx_create_40948 snd_vx_create 4 40948 NULL
 +rds_sendmsg_40976 rds_sendmsg 4 40976 NULL

++ima_appraise_measurement_40978 ima_appraise_measurement 6 40978 NULL

 +il_dbgfs_fh_reg_read_40993 il_dbgfs_fh_reg_read 3 40993 NULL
 +iwl_dbgfs_scan_ant_rxchain_read_40999 iwl_dbgfs_scan_ant_rxchain_read 3 40999 NULL
 +mac80211_format_buffer_41010 mac80211_format_buffer 2 41010 NULL
 +il_dbgfs_fh_reg_read_40993 il_dbgfs_fh_reg_read 3 40993 NULL
 +iwl_dbgfs_scan_ant_rxchain_read_40999 iwl_dbgfs_scan_ant_rxchain_read 3 40999 NULL
 +mac80211_format_buffer_41010 mac80211_format_buffer 2 41010 NULL


@@ -121796,12 +121445,14 @@ index 0000000..4dc6368
 +ptlrpc_new_bulk_41804 ptlrpc_new_bulk 1 41804 NULL
 +rtw_android_get_macaddr_41812 rtw_android_get_macaddr 0 41812 NULL
 +sco_send_frame_41815 sco_send_frame 3 41815 NULL
 +ptlrpc_new_bulk_41804 ptlrpc_new_bulk 1 41804 NULL
 +rtw_android_get_macaddr_41812 rtw_android_get_macaddr 0 41812 NULL
 +sco_send_frame_41815 sco_send_frame 3 41815 NULL

++kimage_file_alloc_init_41827 kimage_file_alloc_init 5 41827 NULL

 +copy_page_to_iter_bvec_41830 copy_page_to_iter_bvec 0-3 41830 NULL
 +ixgbe_dbg_netdev_ops_read_41839 ixgbe_dbg_netdev_ops_read 3 41839 NULL
 +do_ip_setsockopt_41852 do_ip_setsockopt 5 41852 NULL
 +keyctl_instantiate_key_41855 keyctl_instantiate_key 3 41855 NULL
 +pci_map_single_41869 pci_map_single 0 41869 NULL
 +usb_gadget_get_string_41871 usb_gadget_get_string 0 41871 NULL
 +copy_page_to_iter_bvec_41830 copy_page_to_iter_bvec 0-3 41830 NULL
 +ixgbe_dbg_netdev_ops_read_41839 ixgbe_dbg_netdev_ops_read 3 41839 NULL
 +do_ip_setsockopt_41852 do_ip_setsockopt 5 41852 NULL
 +keyctl_instantiate_key_41855 keyctl_instantiate_key 3 41855 NULL
 +pci_map_single_41869 pci_map_single 0 41869 NULL
 +usb_gadget_get_string_41871 usb_gadget_get_string 0 41871 NULL

++v_APCI3120_InterruptDmaMoveBlock16bit_41914 v_APCI3120_InterruptDmaMoveBlock16bit 4 41914 NULL

 +get_fdb_entries_41916 get_fdb_entries 3 41916 NULL
 +ext4_da_write_inline_data_begin_41935 ext4_da_write_inline_data_begin 4-3 41935 NULL
 +sci_rxfill_41945 sci_rxfill 0 41945 NULL
 +get_fdb_entries_41916 get_fdb_entries 3 41916 NULL
 +ext4_da_write_inline_data_begin_41935 ext4_da_write_inline_data_begin 4-3 41935 NULL
 +sci_rxfill_41945 sci_rxfill 0 41945 NULL


@@ -121856,6 +121507,7 @@ index 0000000..4dc6368
 +snd_pcm_action_group_42452 snd_pcm_action_group 0 42452 NULL
 +tcm_loop_change_queue_depth_42454 tcm_loop_change_queue_depth 2 42454 NULL
 +kuc_free_42455 kuc_free 2 42455 NULL
 +snd_pcm_action_group_42452 snd_pcm_action_group 0 42452 NULL
 +tcm_loop_change_queue_depth_42454 tcm_loop_change_queue_depth 2 42454 NULL
 +kuc_free_42455 kuc_free 2 42455 NULL

++cp2112_gpio_get_42467 cp2112_gpio_get 2 42467 NULL

 +__simple_xattr_set_42474 __simple_xattr_set 4 42474 NULL
 +omfs_readpages_42490 omfs_readpages 4 42490 NULL
 +bypass_write_42498 bypass_write 3 42498 NULL
 +__simple_xattr_set_42474 __simple_xattr_set 4 42474 NULL
 +omfs_readpages_42490 omfs_readpages 4 42490 NULL
 +bypass_write_42498 bypass_write 3 42498 NULL


@@ -121934,6 +121586,7 @@ index 0000000..4dc6368
 +mmu_set_spte_43327 mmu_set_spte 7-6 43327 NULL
 +__ext4_get_inode_loc_43332 __ext4_get_inode_loc 0 43332 NULL
 +xenfb_write_43412 xenfb_write 3 43412 NULL
 +mmu_set_spte_43327 mmu_set_spte 7-6 43327 NULL
 +__ext4_get_inode_loc_43332 __ext4_get_inode_loc 0 43332 NULL
 +xenfb_write_43412 xenfb_write 3 43412 NULL

++ext4_xattr_check_names_43422 ext4_xattr_check_names 0 43422 NULL

 +__alloc_bootmem_low_43423 __alloc_bootmem_low 1 43423 NULL
 +usb_alloc_urb_43436 usb_alloc_urb 1 43436 NULL
 +ath6kl_wmi_roam_tbl_event_rx_43440 ath6kl_wmi_roam_tbl_event_rx 3 43440 NULL
 +__alloc_bootmem_low_43423 __alloc_bootmem_low 1 43423 NULL
 +usb_alloc_urb_43436 usb_alloc_urb 1 43436 NULL
 +ath6kl_wmi_roam_tbl_event_rx_43440 ath6kl_wmi_roam_tbl_event_rx 3 43440 NULL


@@ -121954,6 +121607,7 @@ index 0000000..4dc6368
 +handle_frequent_errors_43599 handle_frequent_errors 4 43599 NULL
 +lpfc_idiag_drbacc_read_reg_43606 lpfc_idiag_drbacc_read_reg 0-3 43606 NULL
 +proc_read_43614 proc_read 3 43614 NULL
 +handle_frequent_errors_43599 handle_frequent_errors 4 43599 NULL
 +lpfc_idiag_drbacc_read_reg_43606 lpfc_idiag_drbacc_read_reg 0-3 43606 NULL
 +proc_read_43614 proc_read 3 43614 NULL

++disable_dma_on_even_43618 disable_dma_on_even 0 43618 NULL

 +alloc_thread_groups_43625 alloc_thread_groups 2 43625 NULL
 +random_write_43656 random_write 3 43656 NULL
 +bio_integrity_tag_43658 bio_integrity_tag 3 43658 NULL
 +alloc_thread_groups_43625 alloc_thread_groups 2 43625 NULL
 +random_write_43656 random_write 3 43656 NULL
 +bio_integrity_tag_43658 bio_integrity_tag 3 43658 NULL


@@ -121965,6 +121619,7 @@ index 0000000..4dc6368
 +fuse_send_read_43725 fuse_send_read 4-0 43725 NULL
 +drbd_md_first_sector_43729 drbd_md_first_sector 0 43729 NULL
 +snd_rme32_playback_copy_43732 snd_rme32_playback_copy 5 43732 NULL
 +fuse_send_read_43725 fuse_send_read 4-0 43725 NULL
 +drbd_md_first_sector_43729 drbd_md_first_sector 0 43729 NULL
 +snd_rme32_playback_copy_43732 snd_rme32_playback_copy 5 43732 NULL

++__alloc_alien_cache_43734 __alloc_alien_cache 2 43734 NULL

 +fuse_conn_congestion_threshold_write_43736 fuse_conn_congestion_threshold_write 3 43736 NULL
 +gigaset_initcs_43753 gigaset_initcs 2 43753 NULL
 +sctp_setsockopt_active_key_43755 sctp_setsockopt_active_key 3 43755 NULL
 +fuse_conn_congestion_threshold_write_43736 fuse_conn_congestion_threshold_write 3 43736 NULL
 +gigaset_initcs_43753 gigaset_initcs 2 43753 NULL
 +sctp_setsockopt_active_key_43755 sctp_setsockopt_active_key 3 43755 NULL


@@ -122088,7 +121743,7 @@ index 0000000..4dc6368
 +cfs_trace_daemon_command_usrstr_45147 cfs_trace_daemon_command_usrstr 2 45147 NULL
 +gen_bitmask_string_45149 gen_bitmask_string 6 45149 NULL
 +device_write_45156 device_write 3 45156 NULL nohasharray
 +cfs_trace_daemon_command_usrstr_45147 cfs_trace_daemon_command_usrstr 2 45147 NULL
 +gen_bitmask_string_45149 gen_bitmask_string 6 45149 NULL
 +device_write_45156 device_write 3 45156 NULL nohasharray

-+ocfs2_remove_inode_range_45156 ocfs2_remove_inode_range 3 45156 &device_write_45156
++ocfs2_remove_inode_range_45156 ocfs2_remove_inode_range 3-4 45156 &device_write_45156

 +tomoyo_write_self_45161 tomoyo_write_self 3 45161 NULL
 +sta_agg_status_write_45164 sta_agg_status_write 3 45164 NULL
 +snd_sb_csp_load_user_45190 snd_sb_csp_load_user 3 45190 NULL nohasharray
 +tomoyo_write_self_45161 tomoyo_write_self 3 45161 NULL
 +sta_agg_status_write_45164 sta_agg_status_write 3 45164 NULL
 +snd_sb_csp_load_user_45190 snd_sb_csp_load_user 3 45190 NULL nohasharray


@@ -122290,6 +121945,7 @@ index 0000000..4dc6368
 +mcp23s17_read_regs_47491 mcp23s17_read_regs 4 47491 NULL
 +core_sys_select_47494 core_sys_select 1 47494 NULL
 +as3722_block_write_47503 as3722_block_write 2-3 47503 NULL
 +mcp23s17_read_regs_47491 mcp23s17_read_regs 4 47491 NULL
 +core_sys_select_47494 core_sys_select 1 47494 NULL
 +as3722_block_write_47503 as3722_block_write 2-3 47503 NULL

++alloc_arraycache_47505 alloc_arraycache 2 47505 NULL

 +unlink_simple_47506 unlink_simple 3 47506 NULL
 +pstore_decompress_47510 pstore_decompress 0 47510 NULL
 +ec_i2c_count_response_47518 ec_i2c_count_response 0 47518 NULL
 +unlink_simple_47506 unlink_simple 3 47506 NULL
 +pstore_decompress_47510 pstore_decompress 0 47510 NULL
 +ec_i2c_count_response_47518 ec_i2c_count_response 0 47518 NULL


@@ -122390,6 +122046,7 @@ index 0000000..4dc6368
 +_iwl_dbgfs_bt_tx_prio_write_48473 _iwl_dbgfs_bt_tx_prio_write 3 48473 NULL
 +ipath_format_hwerrors_48487 ipath_format_hwerrors 5 48487 NULL
 +r8712_usbctrl_vendorreq_48489 r8712_usbctrl_vendorreq 6 48489 NULL
 +_iwl_dbgfs_bt_tx_prio_write_48473 _iwl_dbgfs_bt_tx_prio_write 3 48473 NULL
 +ipath_format_hwerrors_48487 ipath_format_hwerrors 5 48487 NULL
 +r8712_usbctrl_vendorreq_48489 r8712_usbctrl_vendorreq 6 48489 NULL

++ocfs2_refcount_cow_48495 ocfs2_refcount_cow 3 48495 NULL

 +send_control_msg_48498 send_control_msg 6 48498 NULL
 +count_masked_bytes_48507 count_masked_bytes 0-1 48507 NULL
 +diva_os_copy_to_user_48508 diva_os_copy_to_user 4 48508 NULL
 +send_control_msg_48498 send_control_msg 6 48498 NULL
 +count_masked_bytes_48507 count_masked_bytes 0-1 48507 NULL
 +diva_os_copy_to_user_48508 diva_os_copy_to_user 4 48508 NULL


@@ -122418,6 +122075,7 @@ index 0000000..4dc6368
 +atomic_counters_read_48827 atomic_counters_read 3 48827 NULL
 +azx_get_position_48841 azx_get_position 0 48841 NULL
 +vc_do_resize_48842 vc_do_resize 3-4 48842 NULL
 +atomic_counters_read_48827 atomic_counters_read 3 48827 NULL
 +azx_get_position_48841 azx_get_position 0 48841 NULL
 +vc_do_resize_48842 vc_do_resize 3-4 48842 NULL

++comedi_buf_write_alloc_48846 comedi_buf_write_alloc 0-2 48846 NULL

 +suspend_dtim_interval_write_48854 suspend_dtim_interval_write 3 48854 NULL
 +viafb_dvp1_proc_write_48864 viafb_dvp1_proc_write 3 48864 NULL nohasharray
 +C_SYSC_pwritev64_48864 C_SYSC_pwritev64 3 48864 &viafb_dvp1_proc_write_48864
 +suspend_dtim_interval_write_48854 suspend_dtim_interval_write 3 48854 NULL
 +viafb_dvp1_proc_write_48864 viafb_dvp1_proc_write 3 48864 NULL nohasharray
 +C_SYSC_pwritev64_48864 C_SYSC_pwritev64 3 48864 &viafb_dvp1_proc_write_48864


@@ -122825,6 +122483,7 @@ index 0000000..4dc6368
 +verity_status_53120 verity_status 5 53120 NULL
 +brcmf_usb_dl_cmd_53130 brcmf_usb_dl_cmd 4 53130 NULL
 +ps_poll_ps_poll_max_ap_turn_read_53140 ps_poll_ps_poll_max_ap_turn_read 3 53140 NULL
 +verity_status_53120 verity_status 5 53120 NULL
 +brcmf_usb_dl_cmd_53130 brcmf_usb_dl_cmd 4 53130 NULL
 +ps_poll_ps_poll_max_ap_turn_read_53140 ps_poll_ps_poll_max_ap_turn_read 3 53140 NULL

++copy_user_segment_list_53150 copy_user_segment_list 2 53150 NULL

 +ieee80211_bss_info_update_53170 ieee80211_bss_info_update 4 53170 NULL
 +btrfs_io_bio_alloc_53179 btrfs_io_bio_alloc 2 53179 NULL
 +clear_capture_buf_53192 clear_capture_buf 2 53192 NULL
 +ieee80211_bss_info_update_53170 ieee80211_bss_info_update 4 53170 NULL
 +btrfs_io_bio_alloc_53179 btrfs_io_bio_alloc 2 53179 NULL
 +clear_capture_buf_53192 clear_capture_buf 2 53192 NULL


@@ -122900,6 +122559,7 @@ index 0000000..4dc6368
 +bitmap_bitremap_54096 bitmap_bitremap 4 54096 NULL
 +altera_set_ir_pre_54103 altera_set_ir_pre 2 54103 NULL nohasharray
 +lustre_posix_acl_xattr_filter_54103 lustre_posix_acl_xattr_filter 2 54103 &altera_set_ir_pre_54103
 +bitmap_bitremap_54096 bitmap_bitremap 4 54096 NULL
 +altera_set_ir_pre_54103 altera_set_ir_pre 2 54103 NULL nohasharray
 +lustre_posix_acl_xattr_filter_54103 lustre_posix_acl_xattr_filter 2 54103 &altera_set_ir_pre_54103

++__comedi_buf_write_alloc_54112 __comedi_buf_write_alloc 0-2 54112 NULL

 +strn_len_54122 strn_len 0 54122 NULL
 +isku_receive_54130 isku_receive 4 54130 NULL
 +isr_host_acknowledges_read_54136 isr_host_acknowledges_read 3 54136 NULL
 +strn_len_54122 strn_len 0 54122 NULL
 +isku_receive_54130 isku_receive 4 54130 NULL
 +isr_host_acknowledges_read_54136 isr_host_acknowledges_read 3 54136 NULL


@@ -123117,6 +122777,7 @@ index 0000000..4dc6368
 +journal_init_revoke_table_56331 journal_init_revoke_table 1 56331 NULL
 +snd_rawmidi_read_56337 snd_rawmidi_read 3 56337 NULL
 +vxge_os_dma_malloc_async_56348 vxge_os_dma_malloc_async 3 56348 NULL
 +journal_init_revoke_table_56331 journal_init_revoke_table 1 56331 NULL
 +snd_rawmidi_read_56337 snd_rawmidi_read 3 56337 NULL
 +vxge_os_dma_malloc_async_56348 vxge_os_dma_malloc_async 3 56348 NULL

++mite_device_bytes_transferred_56355 mite_device_bytes_transferred 0 56355 NULL

 +iov_iter_copy_from_user_atomic_56368 iov_iter_copy_from_user_atomic 0-4 56368 NULL
 +dev_read_56369 dev_read 3 56369 NULL
 +ath10k_read_simulate_fw_crash_56371 ath10k_read_simulate_fw_crash 3 56371 NULL
 +iov_iter_copy_from_user_atomic_56368 iov_iter_copy_from_user_atomic 0-4 56368 NULL
 +dev_read_56369 dev_read 3 56369 NULL
 +ath10k_read_simulate_fw_crash_56371 ath10k_read_simulate_fw_crash 3 56371 NULL


@@ -123227,6 +122888,7 @@ index 0000000..4dc6368
 +dio_send_cur_page_57348 dio_send_cur_page 0 57348 NULL
 +tipc_bclink_stats_57372 tipc_bclink_stats 2 57372 NULL
 +tty_register_device_attr_57381 tty_register_device_attr 2 57381 NULL
 +dio_send_cur_page_57348 dio_send_cur_page 0 57348 NULL
 +tipc_bclink_stats_57372 tipc_bclink_stats 2 57372 NULL
 +tty_register_device_attr_57381 tty_register_device_attr 2 57381 NULL

++bzImage64_load_57388 bzImage64_load 7 57388 NULL

 +read_file_blob_57406 read_file_blob 3 57406 NULL
 +enclosure_register_57412 enclosure_register 3 57412 NULL
 +compat_keyctl_instantiate_key_iov_57431 compat_keyctl_instantiate_key_iov 3 57431 NULL
 +read_file_blob_57406 read_file_blob 3 57406 NULL
 +enclosure_register_57412 enclosure_register 3 57412 NULL
 +compat_keyctl_instantiate_key_iov_57431 compat_keyctl_instantiate_key_iov 3 57431 NULL


@@ -123287,6 +122949,7 @@ index 0000000..4dc6368
 +ip_set_alloc_57953 ip_set_alloc 1 57953 NULL nohasharray
 +ioat3_dca_count_dca_slots_57953 ioat3_dca_count_dca_slots 0 57953 &ip_set_alloc_57953
 +iov_iter_npages_57979 iov_iter_npages 0-2 57979 NULL
 +ip_set_alloc_57953 ip_set_alloc 1 57953 NULL nohasharray
 +ioat3_dca_count_dca_slots_57953 ioat3_dca_count_dca_slots 0 57953 &ip_set_alloc_57953
 +iov_iter_npages_57979 iov_iter_npages 0-2 57979 NULL

++do_rx_dma_57996 do_rx_dma 5 57996 NULL

 +rx_reset_counter_read_58001 rx_reset_counter_read 3 58001 NULL
 +iwl_dbgfs_ucode_rx_stats_read_58023 iwl_dbgfs_ucode_rx_stats_read 3 58023 NULL
 +io_playback_transfer_58030 io_playback_transfer 4 58030 NULL
 +rx_reset_counter_read_58001 rx_reset_counter_read 3 58001 NULL
 +iwl_dbgfs_ucode_rx_stats_read_58023 iwl_dbgfs_ucode_rx_stats_read 3 58023 NULL
 +io_playback_transfer_58030 io_playback_transfer 4 58030 NULL


@@ -123315,6 +122978,7 @@ index 0000000..4dc6368
 +lstcon_rpc_prep_58325 lstcon_rpc_prep 4 58325 NULL
 +ext4_ext_truncate_extend_restart_58331 ext4_ext_truncate_extend_restart 3 58331 NULL
 +__copy_from_user_swizzled_58337 __copy_from_user_swizzled 2-4 58337 NULL
 +lstcon_rpc_prep_58325 lstcon_rpc_prep 4 58325 NULL
 +ext4_ext_truncate_extend_restart_58331 ext4_ext_truncate_extend_restart 3 58331 NULL
 +__copy_from_user_swizzled_58337 __copy_from_user_swizzled 2-4 58337 NULL

++ec_i2c_parse_response_58347 ec_i2c_parse_response 0 58347 NULL

 +brcmf_debugfs_sdio_counter_read_58369 brcmf_debugfs_sdio_counter_read 3 58369 NULL
 +il_dbgfs_status_read_58388 il_dbgfs_status_read 3 58388 NULL
 +_drbd_md_sync_page_io_58403 _drbd_md_sync_page_io 6 58403 NULL
 +brcmf_debugfs_sdio_counter_read_58369 brcmf_debugfs_sdio_counter_read 3 58369 NULL
 +il_dbgfs_status_read_58388 il_dbgfs_status_read 3 58388 NULL
 +_drbd_md_sync_page_io_58403 _drbd_md_sync_page_io 6 58403 NULL


@@ -123432,7 +123096,8 @@ index 0000000..4dc6368
 +mic_calc_failure_read_59700 mic_calc_failure_read 3 59700 NULL
 +ioperm_get_59701 ioperm_get 4-3 59701 NULL
 +prism2_info_scanresults_59729 prism2_info_scanresults 3 59729 NULL
 +mic_calc_failure_read_59700 mic_calc_failure_read 3 59700 NULL
 +ioperm_get_59701 ioperm_get 4-3 59701 NULL
 +prism2_info_scanresults_59729 prism2_info_scanresults 3 59729 NULL

-+ieee80211_if_read_fwded_unicast_59740 ieee80211_if_read_fwded_unicast 3 59740 NULL
++ieee80211_if_read_fwded_unicast_59740 ieee80211_if_read_fwded_unicast 3 59740 NULL nohasharray
++nv94_aux_mask_59740 nv94_aux_mask 2 59740 &ieee80211_if_read_fwded_unicast_59740

 +qib_decode_7220_sdma_errs_59745 qib_decode_7220_sdma_errs 4 59745 NULL
 +strnlen_59746 strnlen 0 59746 NULL
 +ext3_acl_count_59754 ext3_acl_count 0-1 59754 NULL
 +qib_decode_7220_sdma_errs_59745 qib_decode_7220_sdma_errs 4 59745 NULL
 +strnlen_59746 strnlen 0 59746 NULL
 +ext3_acl_count_59754 ext3_acl_count 0-1 59754 NULL


@@ -123576,6 +123241,7 @@ index 0000000..4dc6368
 +f1x_map_sysaddr_to_csrow_61344 f1x_map_sysaddr_to_csrow 2 61344 NULL
 +debug_debug4_read_61367 debug_debug4_read 3 61367 NULL
 +system_enable_write_61396 system_enable_write 3 61396 NULL
 +f1x_map_sysaddr_to_csrow_61344 f1x_map_sysaddr_to_csrow 2 61344 NULL
 +debug_debug4_read_61367 debug_debug4_read 3 61367 NULL
 +system_enable_write_61396 system_enable_write 3 61396 NULL

++xfs_zero_remaining_bytes_61423 xfs_zero_remaining_bytes 3 61423 NULL

 +unix_stream_sendmsg_61455 unix_stream_sendmsg 4 61455 NULL
 +snd_pcm_lib_writev_transfer_61483 snd_pcm_lib_writev_transfer 5-4-2 61483 NULL
 +btrfs_item_size_61485 btrfs_item_size 0 61485 NULL
 +unix_stream_sendmsg_61455 unix_stream_sendmsg 4 61455 NULL
 +snd_pcm_lib_writev_transfer_61483 snd_pcm_lib_writev_transfer 5-4-2 61483 NULL
 +btrfs_item_size_61485 btrfs_item_size 0 61485 NULL


@@ -123602,7 +123268,9 @@ index 0000000..4dc6368
 +insert_one_name_61668 insert_one_name 7 61668 NULL
 +qib_format_hwmsg_61679 qib_format_hwmsg 2 61679 NULL
 +lock_loop_61681 lock_loop 1 61681 NULL
 +insert_one_name_61668 insert_one_name 7 61668 NULL
 +qib_format_hwmsg_61679 qib_format_hwmsg 2 61679 NULL
 +lock_loop_61681 lock_loop 1 61681 NULL

++__do_tune_cpucache_61684 __do_tune_cpucache 2 61684 NULL

 +filter_read_61692 filter_read 3 61692 NULL
 +filter_read_61692 filter_read 3 61692 NULL

++SyS_kexec_file_load_61715 SyS_kexec_file_load 3 61715 NULL

 +iov_length_61716 iov_length 0 61716 NULL
 +fragmentation_threshold_read_61718 fragmentation_threshold_read 3 61718 NULL
 +null_alloc_reqbuf_61719 null_alloc_reqbuf 3 61719 NULL
 +iov_length_61716 iov_length 0 61716 NULL
 +fragmentation_threshold_read_61718 fragmentation_threshold_read 3 61718 NULL
 +null_alloc_reqbuf_61719 null_alloc_reqbuf 3 61719 NULL


@@ -123623,10 +123291,12 @@ index 0000000..4dc6368
 +rx_filter_arp_filter_read_61914 rx_filter_arp_filter_read 3 61914 NULL
 +au0828_init_isoc_61917 au0828_init_isoc 3-2-4 61917 NULL
 +sctp_sendmsg_61919 sctp_sendmsg 4 61919 NULL
 +rx_filter_arp_filter_read_61914 rx_filter_arp_filter_read 3 61914 NULL
 +au0828_init_isoc_61917 au0828_init_isoc 3-2-4 61917 NULL
 +sctp_sendmsg_61919 sctp_sendmsg 4 61919 NULL

++efi_get_runtime_map_size_61927 efi_get_runtime_map_size 0 61927 NULL

 +SyS_kexec_load_61946 SyS_kexec_load 2 61946 NULL
 +il4965_ucode_rx_stats_read_61948 il4965_ucode_rx_stats_read 3 61948 NULL
 +squashfs_read_id_index_table_61961 squashfs_read_id_index_table 4 61961 NULL
 +fix_read_error_61965 fix_read_error 4 61965 NULL
 +SyS_kexec_load_61946 SyS_kexec_load 2 61946 NULL
 +il4965_ucode_rx_stats_read_61948 il4965_ucode_rx_stats_read 3 61948 NULL
 +squashfs_read_id_index_table_61961 squashfs_read_id_index_table 4 61961 NULL
 +fix_read_error_61965 fix_read_error 4 61965 NULL

++ocfs2_quota_write_61972 ocfs2_quota_write 4-5 61972 NULL

 +fd_locked_ioctl_61978 fd_locked_ioctl 3 61978 NULL
 +cow_file_range_61979 cow_file_range 3 61979 NULL
 +dequeue_event_62000 dequeue_event 3 62000 NULL
 +fd_locked_ioctl_61978 fd_locked_ioctl 3 61978 NULL
 +cow_file_range_61979 cow_file_range 3 61979 NULL
 +dequeue_event_62000 dequeue_event 3 62000 NULL


@@ -123773,7 +123443,8 @@ index 0000000..4dc6368
 +mwifiex_11n_create_rx_reorder_tbl_63806 mwifiex_11n_create_rx_reorder_tbl 4 63806 NULL
 +copy_nodes_to_user_63807 copy_nodes_to_user 2 63807 NULL
 +C_SYSC_process_vm_readv_63811 C_SYSC_process_vm_readv 3-5 63811 NULL
 +mwifiex_11n_create_rx_reorder_tbl_63806 mwifiex_11n_create_rx_reorder_tbl 4 63806 NULL
 +copy_nodes_to_user_63807 copy_nodes_to_user 2 63807 NULL
 +C_SYSC_process_vm_readv_63811 C_SYSC_process_vm_readv 3-5 63811 NULL

-+regmap_multi_reg_write_63826 regmap_multi_reg_write 3 63826 NULL
++regmap_multi_reg_write_63826 regmap_multi_reg_write 3 63826 NULL nohasharray
++prepare_copy_63826 prepare_copy 2 63826 &regmap_multi_reg_write_63826

 +sel_write_load_63830 sel_write_load 3 63830 NULL
 +proc_pid_attr_write_63845 proc_pid_attr_write 3 63845 NULL
 +nv10_gpio_intr_mask_63862 nv10_gpio_intr_mask 4-3 63862 NULL
 +sel_write_load_63830 sel_write_load 3 63830 NULL
 +proc_pid_attr_write_63845 proc_pid_attr_write 3 63845 NULL
 +nv10_gpio_intr_mask_63862 nv10_gpio_intr_mask 4-3 63862 NULL


@@ -123875,7 +123546,8 @@ index 0000000..4dc6368
 +isr_low_rssi_read_64789 isr_low_rssi_read 3 64789 NULL
 +regmap_reg_ranges_read_file_64798 regmap_reg_ranges_read_file 3 64798 NULL
 +nfsctl_transaction_write_64800 nfsctl_transaction_write 3 64800 NULL
 +isr_low_rssi_read_64789 isr_low_rssi_read 3 64789 NULL
 +regmap_reg_ranges_read_file_64798 regmap_reg_ranges_read_file 3 64798 NULL
 +nfsctl_transaction_write_64800 nfsctl_transaction_write 3 64800 NULL

-+rfkill_fop_write_64808 rfkill_fop_write 3 64808 NULL
++rfkill_fop_write_64808 rfkill_fop_write 3 64808 NULL nohasharray
++nv_mask_64808 nv_mask 0 64808 &rfkill_fop_write_64808

 +proc_projid_map_write_64810 proc_projid_map_write 3 64810 NULL
 +megaraid_change_queue_depth_64815 megaraid_change_queue_depth 2 64815 NULL
 +ecryptfs_send_miscdev_64816 ecryptfs_send_miscdev 2 64816 NULL
 +proc_projid_map_write_64810 proc_projid_map_write 3 64810 NULL
 +megaraid_change_queue_depth_64815 megaraid_change_queue_depth 2 64815 NULL
 +ecryptfs_send_miscdev_64816 ecryptfs_send_miscdev 2 64816 NULL


@@ -125397,49 +125069,11 @@ index 0a578fe..b81f62d 100644
        0;                                                      \
  })
  
        0;                                                      \
  })
  

-diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
-index 714b949..1f0dc1e 100644
---- a/virt/kvm/iommu.c
-+++ b/virt/kvm/iommu.c
-@@ -43,13 +43,13 @@ static void kvm_iommu_put_pages(struct kvm *kvm,
-                               gfn_t base_gfn, unsigned long npages);
- 
- static pfn_t kvm_pin_pages(struct kvm_memory_slot *slot, gfn_t gfn,
--                         unsigned long size)
-+                         unsigned long npages)
- {
-       gfn_t end_gfn;
-       pfn_t pfn;
- 
-       pfn     = gfn_to_pfn_memslot(slot, gfn);
--      end_gfn = gfn + (size >> PAGE_SHIFT);
-+      end_gfn = gfn + npages;
-       gfn    += 1;
- 
-       if (is_error_noslot_pfn(pfn))
-@@ -119,7 +119,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
-                * Pin all pages we are about to map in memory. This is
-                * important because we unmap and unpin in 4kb steps later.
-                */
--              pfn = kvm_pin_pages(slot, gfn, page_size);
-+              pfn = kvm_pin_pages(slot, gfn, page_size >> PAGE_SHIFT);
-               if (is_error_noslot_pfn(pfn)) {
-                       gfn += 1;
-                       continue;
-@@ -131,7 +131,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
-               if (r) {
-                       printk(KERN_ERR "kvm_iommu_map_address:"
-                              "iommu failed to map pfn=%llx\n", pfn);
--                      kvm_unpin_pages(kvm, pfn, page_size);
-+                      kvm_unpin_pages(kvm, pfn, page_size >> PAGE_SHIFT);
-                       goto unmap_pages;
-               }
- 

 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c

-index 95519bc..43f5d42 100644
+index 6a3f29b..a1d2e93 100644

 --- a/virt/kvm/kvm_main.c
 +++ b/virt/kvm/kvm_main.c
 --- a/virt/kvm/kvm_main.c
 +++ b/virt/kvm/kvm_main.c

-@@ -76,12 +76,17 @@ LIST_HEAD(vm_list);
+@@ -77,12 +77,17 @@ LIST_HEAD(vm_list);

  
  static cpumask_var_t cpus_hardware_enabled;
  static int kvm_usage_count = 0;
  
  static cpumask_var_t cpus_hardware_enabled;
  static int kvm_usage_count = 0;


@@ -125459,7 +125093,7 @@ index 95519bc..43f5d42 100644
  
  struct dentry *kvm_debugfs_dir;
  
  
  struct dentry *kvm_debugfs_dir;
  

-@@ -763,7 +768,7 @@ int __kvm_set_memory_region(struct kvm *kvm,
+@@ -780,7 +785,7 @@ int __kvm_set_memory_region(struct kvm *kvm,

        /* We can read the guest memory with __xxx_user() later on. */
        if ((mem->slot < KVM_USER_MEM_SLOTS) &&
            ((mem->userspace_addr & (PAGE_SIZE - 1)) ||
        /* We can read the guest memory with __xxx_user() later on. */
        if ((mem->slot < KVM_USER_MEM_SLOTS) &&
            ((mem->userspace_addr & (PAGE_SIZE - 1)) ||


@@ -125468,7 +125102,7 @@ index 95519bc..43f5d42 100644
                        (void __user *)(unsigned long)mem->userspace_addr,
                        mem->memory_size)))
                goto out;
                        (void __user *)(unsigned long)mem->userspace_addr,
                        mem->memory_size)))
                goto out;

-@@ -1620,9 +1625,17 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_cached);
+@@ -1637,9 +1642,17 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_cached);

  
  int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len)
  {
  
  int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len)
  {


@@ -125488,7 +125122,7 @@ index 95519bc..43f5d42 100644
  }
  EXPORT_SYMBOL_GPL(kvm_clear_guest_page);
  
  }
  EXPORT_SYMBOL_GPL(kvm_clear_guest_page);
  

-@@ -1872,7 +1885,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
+@@ -1889,7 +1902,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)

        return 0;
  }
  
        return 0;
  }
  


@@ -125497,7 +125131,7 @@ index 95519bc..43f5d42 100644
        .release        = kvm_vcpu_release,
        .unlocked_ioctl = kvm_vcpu_ioctl,
  #ifdef CONFIG_COMPAT
        .release        = kvm_vcpu_release,
        .unlocked_ioctl = kvm_vcpu_ioctl,
  #ifdef CONFIG_COMPAT

-@@ -2573,7 +2586,7 @@ out:
+@@ -2593,7 +2606,7 @@ out:

  }
  #endif
  
  }
  #endif
  


@@ -125506,7 +125140,7 @@ index 95519bc..43f5d42 100644
        .release        = kvm_vm_release,
        .unlocked_ioctl = kvm_vm_ioctl,
  #ifdef CONFIG_COMPAT
        .release        = kvm_vm_release,
        .unlocked_ioctl = kvm_vm_ioctl,
  #ifdef CONFIG_COMPAT

-@@ -2646,7 +2659,7 @@ out:
+@@ -2666,7 +2679,7 @@ out:

        return r;
  }
  
        return r;
  }
  


@@ -125515,7 +125149,7 @@ index 95519bc..43f5d42 100644
        .unlocked_ioctl = kvm_dev_ioctl,
        .compat_ioctl   = kvm_dev_ioctl,
        .llseek         = noop_llseek,
        .unlocked_ioctl = kvm_dev_ioctl,
        .compat_ioctl   = kvm_dev_ioctl,
        .llseek         = noop_llseek,

-@@ -2672,7 +2685,7 @@ static void hardware_enable_nolock(void *junk)
+@@ -2692,7 +2705,7 @@ static void hardware_enable_nolock(void *junk)

  
        if (r) {
                cpumask_clear_cpu(cpu, cpus_hardware_enabled);
  
        if (r) {
                cpumask_clear_cpu(cpu, cpus_hardware_enabled);


@@ -125524,7 +125158,7 @@ index 95519bc..43f5d42 100644
                printk(KERN_INFO "kvm: enabling virtualization on "
                                 "CPU%d failed\n", cpu);
        }
                printk(KERN_INFO "kvm: enabling virtualization on "
                                 "CPU%d failed\n", cpu);
        }

-@@ -2728,10 +2741,10 @@ static int hardware_enable_all(void)
+@@ -2748,10 +2761,10 @@ static int hardware_enable_all(void)

  
        kvm_usage_count++;
        if (kvm_usage_count == 1) {
  
        kvm_usage_count++;
        if (kvm_usage_count == 1) {


@@ -125537,7 +125171,7 @@ index 95519bc..43f5d42 100644
                        hardware_disable_all_nolock();
                        r = -EBUSY;
                }
                        hardware_disable_all_nolock();
                        r = -EBUSY;
                }

-@@ -3136,7 +3149,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
+@@ -3156,7 +3169,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,

        kvm_arch_vcpu_put(vcpu);
  }
  
        kvm_arch_vcpu_put(vcpu);
  }
  


@@ -125546,7 +125180,7 @@ index 95519bc..43f5d42 100644
                  struct module *module)
  {
        int r;
                  struct module *module)
  {
        int r;

-@@ -3183,7 +3196,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3203,7 +3216,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,

        if (!vcpu_align)
                vcpu_align = __alignof__(struct kvm_vcpu);
        kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align,
        if (!vcpu_align)
                vcpu_align = __alignof__(struct kvm_vcpu);
        kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align,


@@ -125555,7 +125189,7 @@ index 95519bc..43f5d42 100644
        if (!kvm_vcpu_cache) {
                r = -ENOMEM;
                goto out_free_3;
        if (!kvm_vcpu_cache) {
                r = -ENOMEM;
                goto out_free_3;

-@@ -3193,9 +3206,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3213,9 +3226,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,

        if (r)
                goto out_free;
  
        if (r)
                goto out_free;
  


@@ -125567,7 +125201,7 @@ index 95519bc..43f5d42 100644
  
        r = misc_register(&kvm_dev);
        if (r) {
  
        r = misc_register(&kvm_dev);
        if (r) {

-@@ -3205,9 +3220,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3225,9 +3240,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,

  
        register_syscore_ops(&kvm_syscore_ops);
  
  
        register_syscore_ops(&kvm_syscore_ops);
  

diff --git a/kernel/patches/grsecurity-fix.patch b/kernel/patches/grsecurity-fix.patch
deleted file mode 100644 (file)
index 61d4313..0000000
--- a/kernel/patches/grsecurity-fix.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h
-index a31ecdad4b59..71bea3118348 100644
---- a/arch/arm/include/asm/pgtable-3level.h
-+++ b/arch/arm/include/asm/pgtable-3level.h
-@@ -92,6 +92,7 @@
- #define L_PMD_SECT_SPLITTING  (_AT(pmdval_t, 1) << 56)
- #define L_PMD_SECT_NONE               (_AT(pmdval_t, 1) << 57)
- #define L_PMD_SECT_RDONLY     (_AT(pteval_t, 1) << 58)
-+#define PMD_SECT_RDONLY                L_PMD_SECT_RDONLY
- 
- /*
-  * To be used in assembly code with the upper page attributes.