From 703bc627fd4aff985118f23986c4550c45f344fc Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 27 Aug 2013 13:00:54 +0200 Subject: [PATCH] kernel: Update to 3.10.9. --- kernel/config-arm-generic | 67 +- kernel/config-armv5tel-kirkwood | 77 +- kernel/config-armv7hl-default | 503 +- kernel/config-armv7hl-exynos | 234 +- kernel/config-generic | 268 +- kernel/config-i686-default | 28 + kernel/config-i686-legacy | 37 +- kernel/config-x86-generic | 95 +- kernel/config-x86_64-default | 25 +- kernel/kernel.nm | 6 +- ...rsecurity-2.9.1-3.10.9-201308202015.patch} | 15549 +++++++++++----- 11 files changed, 11330 insertions(+), 5559 deletions(-) rename kernel/patches/{grsecurity-2.9.1-3.9.5-201306111850.patch => grsecurity-2.9.1-3.10.9-201308202015.patch} (89%) diff --git a/kernel/config-arm-generic b/kernel/config-arm-generic index 6baebb4be..610bbfe7b 100644 --- a/kernel/config-arm-generic +++ b/kernel/config-arm-generic @@ -16,10 +16,16 @@ CONFIG_BROKEN_ON_SMP=y CONFIG_HARDIRQS_SW_RESEND=y CONFIG_KTIME_SCALAR=y +# +# Timers subsystem +# +CONFIG_NO_HZ_IDLE=y + # # CPU/Task time and stats accounting # CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_IRQ_TIME_ACCOUNTING is not set # # RCU Subsystem @@ -31,6 +37,7 @@ CONFIG_PERF_USE_VMALLOC=y # # Kernel Performance Events And Counters # +CONFIG_GENERIC_IDLE_POLL_SETUP=y CONFIG_ARCH_WANT_IPC_PARSE_VERSION=y CONFIG_MODULES_USE_ELF_REL=y CONFIG_CLONE_BACKWARDS=y @@ -49,17 +56,12 @@ CONFIG_LBDAF=y # CONFIG_ARCH_REALVIEW is not set CONFIG_ARCH_VERSATILE=y # CONFIG_ARCH_AT91 is not set -# CONFIG_ARCH_BCM2835 is not set -# CONFIG_ARCH_CNS3XXX is not set # CONFIG_ARCH_CLPS711X is not set # CONFIG_ARCH_GEMINI is not set -# CONFIG_ARCH_SIRF is not set # CONFIG_ARCH_EBSA110 is not set # CONFIG_ARCH_EP93XX is not set # CONFIG_ARCH_FOOTBRIDGE is not set -# CONFIG_ARCH_MXS is not set # CONFIG_ARCH_NETX is not set -# CONFIG_ARCH_H720X is not set # CONFIG_ARCH_IOP13XX is not set # CONFIG_ARCH_IOP32X is not set # CONFIG_ARCH_IOP33X is not set @@ -72,7 +74,6 @@ CONFIG_ARCH_VERSATILE=y # CONFIG_ARCH_KS8695 is not set # CONFIG_ARCH_W90X900 is not set # CONFIG_ARCH_LPC32XX is not set -# CONFIG_ARCH_TEGRA is not set # CONFIG_ARCH_PXA is not set # CONFIG_ARCH_MSM is not set # CONFIG_ARCH_SHMOBILE is not set @@ -86,11 +87,9 @@ CONFIG_ARCH_VERSATILE=y # CONFIG_ARCH_EXYNOS is not set # CONFIG_ARCH_SHARK is not set # CONFIG_ARCH_U300 is not set -# CONFIG_ARCH_U8500 is not set -# CONFIG_ARCH_NOMADIK is not set -# CONFIG_PLAT_SPEAR is not set # CONFIG_ARCH_DAVINCI is not set # CONFIG_ARCH_OMAP1 is not set +# CONFIG_PLAT_SPEAR is not set # # Versatile platform type @@ -128,6 +127,8 @@ CONFIG_ARM_THUMB=y # CONFIG_CPU_DCACHE_DISABLE is not set # CONFIG_CPU_DCACHE_WRITETHROUGH is not set # CONFIG_CPU_CACHE_ROUND_ROBIN is not set +CONFIG_NEED_KUSER_HELPERS=y +CONFIG_KUSER_HELPERS=y # CONFIG_CACHE_L2X0 is not set CONFIG_ARM_L1_CACHE_SHIFT=5 CONFIG_ARM_NR_BANKS=8 @@ -295,6 +296,11 @@ CONFIG_MDIO_BUS_MUX_MMIOREG=m # # CONFIG_ISDN_DRV_LOOP is not set +# +# Userland interfaces +# +# CONFIG_INPUT_APMPOWER is not set + # # Input Device Drivers # @@ -304,6 +310,7 @@ CONFIG_INPUT_PWM_BEEPER=m # Hardware I/O ports # CONFIG_SERIO_AMBAKMI=m +CONFIG_SERIO_APBPS2=m # # Serial drivers @@ -347,6 +354,8 @@ CONFIG_OF_GPIO=y # # CONFIG_GPIO_EM is not set # CONFIG_GPIO_PL061 is not set +# CONFIG_GPIO_RCAR is not set +# CONFIG_GPIO_GRGPIO is not set # # I2C GPIO expanders: @@ -375,7 +384,6 @@ CONFIG_POWER_RESET_RESTART=y # CONFIG_MFD_T7L66XB is not set # CONFIG_MFD_TC6387XB is not set # CONFIG_MFD_TC6393XB is not set -# CONFIG_MFD_SYSCON is not set # # Media digital TV PCI Adapters @@ -384,6 +392,11 @@ CONFIG_VIDEO_CAFE_CCIC=m # CONFIG_VIDEO_SH_MOBILE_CSI2 is not set # CONFIG_VIDEO_SH_MOBILE_CEU is not set +# +# Camera sensor devices +# +CONFIG_VIDEO_OV7670=m + # # I2C encoder or helper chips # @@ -392,31 +405,18 @@ CONFIG_DRM_I2C_SIL164=m # CONFIG_DRM_RADEON is not set # CONFIG_DRM_NOUVEAU is not set # CONFIG_DRM_TILCDC is not set -CONFIG_DISPLAY_TIMING=y -CONFIG_VIDEOMODE=y -CONFIG_OF_DISPLAY_TIMING=y -CONFIG_OF_VIDEOMODE=y -# CONFIG_FB_BOOT_VESA_SUPPORT is not set -CONFIG_FB_CFB_FILLRECT=m -CONFIG_FB_CFB_COPYAREA=m -CONFIG_FB_CFB_IMAGEBLIT=m -CONFIG_FB_SYS_FILLRECT=m -CONFIG_FB_SYS_COPYAREA=m -CONFIG_FB_SYS_IMAGEBLIT=m -CONFIG_FB_SYS_FOPS=m +# CONFIG_FB_BACKLIGHT is not set # # Frame buffer hardware drivers # -CONFIG_FB_ARMCLCD=m -# CONFIG_FB_RADEON is not set -# CONFIG_FB_SAVAGE is not set +# CONFIG_FB_ARMCLCD is not set CONFIG_BACKLIGHT_PWM=m # # Console display driver support # -CONFIG_FB_SSD1307=m +# CONFIG_FB_SSD1307 is not set CONFIG_SND_COMPRESS_OFFLOAD=m # CONFIG_SND_ALI5451 is not set CONFIG_SND_ARM=y @@ -428,11 +428,6 @@ CONFIG_SND_SOC_I2C_AND_SPI=m # CONFIG_SND_SOC_ALL_CODECS is not set CONFIG_SND_SIMPLE_CARD=m -# -# OTG and related infrastructure -# -# CONFIG_USB_ULPI is not set - # # MMC/SD/SDIO Host Controller Drivers # @@ -440,7 +435,7 @@ CONFIG_MMC_ARMMMCI=m CONFIG_MMC_DW=m # CONFIG_MMC_DW_IDMAC is not set CONFIG_MMC_DW_PLTFM=m -# CONFIG_MMC_DW_EXYNOS is not set +CONFIG_MMC_DW_EXYNOS=m CONFIG_MMC_DW_PCI=m # @@ -471,10 +466,16 @@ CONFIG_DMA_OF=y # # Hardware Spinlock drivers # +CONFIG_CLKSRC_OF=y CONFIG_CLKSRC_MMIO=y CONFIG_PL320_MBOX=y CONFIG_OF_IOMMU=y +# +# Analog to digital converters +# +# CONFIG_EXYNOS_ADC is not set + # # Magnetometer sensors # @@ -502,6 +503,7 @@ CONFIG_DEBUG_LL_UART_NONE=y # CONFIG_DEBUG_ICEDCC is not set # CONFIG_DEBUG_SEMIHOSTING is not set CONFIG_DEBUG_LL_INCLUDE="mach/debug-macro.S" +CONFIG_UNCOMPRESS_INCLUDE="mach/uncompress.h" # CONFIG_OC_ETM is not set # @@ -556,3 +558,4 @@ CONFIG_CRYPTO_DEV_HIFN_795X_RNG=y # CONFIG_AUDIT_GENERIC=y CONFIG_GENERIC_ATOMIC64=y +CONFIG_KVM_ARM_MAX_VCPUS=0 diff --git a/kernel/config-armv5tel-kirkwood b/kernel/config-armv5tel-kirkwood index 9f6492fce..bb96a25ae 100644 --- a/kernel/config-armv5tel-kirkwood +++ b/kernel/config-armv5tel-kirkwood @@ -13,48 +13,54 @@ CONFIG_ARCH_KIRKWOOD=y # # Marvell Kirkwood Implementations # +CONFIG_MACH_D2NET_V2=y CONFIG_MACH_DB88F6281_BP=y +CONFIG_MACH_DOCKSTAR=y +CONFIG_MACH_ESATA_SHEEVAPLUG=y +CONFIG_MACH_GURUPLUG=y +CONFIG_MACH_INETSPACE_V2=y +CONFIG_MACH_MV88F6281GTW_GE=y +CONFIG_MACH_NET2BIG_V2=y +CONFIG_MACH_NET5BIG_V2=y +CONFIG_MACH_NETSPACE_MAX_V2=y +CONFIG_MACH_NETSPACE_V2=y +CONFIG_MACH_OPENRD=y +CONFIG_MACH_OPENRD_BASE=y +CONFIG_MACH_OPENRD_CLIENT=y +CONFIG_MACH_OPENRD_ULTIMATE=y CONFIG_MACH_RD88F6192_NAS=y CONFIG_MACH_RD88F6281=y -CONFIG_MACH_MV88F6281GTW_GE=y CONFIG_MACH_SHEEVAPLUG=y -CONFIG_MACH_ESATA_SHEEVAPLUG=y -CONFIG_MACH_GURUPLUG=y +CONFIG_MACH_T5325=y +CONFIG_MACH_TS219=y +CONFIG_MACH_TS41X=y + +# +# Device tree entries +# CONFIG_ARCH_KIRKWOOD_DT=y -CONFIG_MACH_GURUPLUG_DT=y -CONFIG_MACH_DREAMPLUG_DT=y -CONFIG_MACH_ICONNECT_DT=y +CONFIG_MACH_CLOUDBOX_DT=y CONFIG_MACH_DLINK_KIRKWOOD_DT=y -CONFIG_MACH_IB62X0_DT=y -CONFIG_MACH_TS219_DT=y CONFIG_MACH_DOCKSTAR_DT=y +CONFIG_MACH_DREAMPLUG_DT=y CONFIG_MACH_GOFLEXNET_DT=y -CONFIG_MACH_LSXL_DT=y +CONFIG_MACH_GURUPLUG_DT=y +CONFIG_MACH_IB62X0_DT=y +CONFIG_MACH_ICONNECT_DT=y +CONFIG_MACH_INETSPACE_V2_DT=y CONFIG_MACH_IOMEGA_IX2_200_DT=y CONFIG_MACH_KM_KIRKWOOD_DT=y -CONFIG_MACH_INETSPACE_V2_DT=y +CONFIG_MACH_LSXL_DT=y CONFIG_MACH_MPLCEC4_DT=y -CONFIG_MACH_NETSPACE_V2_DT=y -CONFIG_MACH_NETSPACE_MAX_V2_DT=y CONFIG_MACH_NETSPACE_LITE_V2_DT=y +CONFIG_MACH_NETSPACE_MAX_V2_DT=y CONFIG_MACH_NETSPACE_MINI_V2_DT=y +CONFIG_MACH_NETSPACE_V2_DT=y +CONFIG_MACH_NSA310_DT=y CONFIG_MACH_OPENBLOCKS_A6_DT=y +CONFIG_MACH_READYNAS_DT=y CONFIG_MACH_TOPKICK_DT=y -CONFIG_MACH_TS219=y -CONFIG_MACH_TS41X=y -CONFIG_MACH_DOCKSTAR=y -CONFIG_MACH_OPENRD=y -CONFIG_MACH_OPENRD_BASE=y -CONFIG_MACH_OPENRD_CLIENT=y -CONFIG_MACH_OPENRD_ULTIMATE=y -CONFIG_MACH_NETSPACE_V2=y -CONFIG_MACH_INETSPACE_V2=y -CONFIG_MACH_NETSPACE_MAX_V2=y -CONFIG_MACH_D2NET_V2=y -CONFIG_MACH_NET2BIG_V2=y -CONFIG_MACH_NET5BIG_V2=y -CONFIG_MACH_T5325=y -CONFIG_MACH_NSA310_DT=y +CONFIG_MACH_TS219_DT=y CONFIG_PLAT_ORION=y CONFIG_PLAT_ORION_LEGACY=y @@ -91,6 +97,11 @@ CONFIG_ARM_ATAG_DTB_COMPAT_CMDLINE_FROM_BOOTLOADER=y # CONFIG_RFKILL_REGULATOR=m +# +# Bus devices +# +CONFIG_MVEBU_MBUS=y + # # Distributed Switch Architecture drivers # @@ -111,6 +122,7 @@ CONFIG_PINCTRL=y # CONFIG_PINMUX=y CONFIG_PINCONF=y +CONFIG_GENERIC_PINCONF=y # CONFIG_DEBUG_PINCTRL is not set CONFIG_PINCTRL_SINGLE=m # CONFIG_PINCTRL_EXYNOS is not set @@ -188,6 +200,11 @@ CONFIG_SND_KIRKWOOD_SOC_T5325=m CONFIG_SND_SOC_ALC5623=m CONFIG_SND_SOC_CS42L51=m +# +# USB Host Controller Drivers +# +CONFIG_USB_EHCI_HCD_ORION=y + # # MMC/SD/SDIO Host Controller Drivers # @@ -220,6 +237,7 @@ CONFIG_COMMON_CLK=y # Common Clock Framework # # CONFIG_COMMON_CLK_DEBUG is not set +CONFIG_COMMON_CLK_SI5351=m CONFIG_MVEBU_CLK_CORE=y CONFIG_MVEBU_CLK_GATING=y @@ -227,3 +245,8 @@ CONFIG_MVEBU_CLK_GATING=y # Random Number Generation # CONFIG_CRYPTO_DEV_MV_CESA=m + +# +# Library routines +# +CONFIG_RATIONAL=y diff --git a/kernel/config-armv7hl-default b/kernel/config-armv7hl-default index 1e08cc1b5..e4c1ab29c 100644 --- a/kernel/config-armv7hl-default +++ b/kernel/config-armv7hl-default @@ -1,5 +1,6 @@ CONFIG_NO_IOPORT=y CONFIG_ARCH_HAS_CPUFREQ=y +CONFIG_ZONE_DMA=y CONFIG_FIQ=y # @@ -15,11 +16,17 @@ CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y # CONFIG_TREE_RCU=y CONFIG_RCU_STALL_COMMON=y +CONFIG_CONTEXT_TRACKING=y +CONFIG_RCU_USER_QS=y +CONFIG_CONTEXT_TRACKING_FORCE=y CONFIG_RCU_FANOUT=32 CONFIG_RCU_FANOUT_LEAF=16 # CONFIG_RCU_FANOUT_EXACT is not set CONFIG_RCU_FAST_NO_HZ=y CONFIG_RCU_NOCB_CPU=y +# CONFIG_RCU_NOCB_CPU_NONE is not set +# CONFIG_RCU_NOCB_CPU_ZERO is not set +CONFIG_RCU_NOCB_CPU_ALL=y # # Kernel Performance Events And Counters @@ -54,6 +61,13 @@ CONFIG_MACH_ARMADA_370_XP=y CONFIG_MACH_ARMADA_370=y CONFIG_MACH_ARMADA_XP=y CONFIG_ARCH_BCM=y +CONFIG_ARCH_BCM2835=y +CONFIG_ARCH_CNS3XXX=y + +# +# CNS3XXX platform type +# +CONFIG_MACH_CNS3420VB=y CONFIG_ARCH_HIGHBANK=y CONFIG_ARCH_MXC=y @@ -65,12 +79,9 @@ CONFIG_MXC_TZIC=y CONFIG_MXC_AVIC=y CONFIG_MXC_DEBUG_BOARD=y CONFIG_MXC_USE_EPIT=y +CONFIG_MXC_ULPI=y CONFIG_ARCH_HAS_RNGA=y -CONFIG_IRAM_ALLOC=y CONFIG_ARCH_MXC_IOMUX_V3=y -CONFIG_ARCH_MX5=y -CONFIG_ARCH_MX51=y -CONFIG_ARCH_MX53=y CONFIG_SOC_IMX31=y CONFIG_SOC_IMX35=y CONFIG_SOC_IMX5=y @@ -134,7 +145,6 @@ CONFIG_IMX_HAVE_PLATFORM_MXC_RTC=y CONFIG_IMX_HAVE_PLATFORM_MXC_W1=y CONFIG_IMX_HAVE_PLATFORM_SDHCI_ESDHC_IMX=y CONFIG_IMX_HAVE_PLATFORM_SPI_IMX=y -CONFIG_IMX_HAVE_PLATFORM_AHCI=y # # OMAP Feature Selections @@ -207,6 +217,39 @@ CONFIG_OMAP3_EMU=y CONFIG_ARCH_PICOXCELL=y CONFIG_ARCH_SOCFPGA=y CONFIG_ARCH_SUNXI=y +CONFIG_ARCH_SIRF=y + +# +# CSR SiRF atlas6/primaII/Marco/Polo Specific Features +# +CONFIG_ARCH_ATLAS6=y +CONFIG_ARCH_PRIMA2=y +CONFIG_ARCH_MARCO=y +CONFIG_SIRF_IRQ=y +CONFIG_ARCH_TEGRA=y + +# +# NVIDIA Tegra options +# +CONFIG_ARCH_TEGRA_2x_SOC=y +CONFIG_ARCH_TEGRA_3x_SOC=y +CONFIG_ARCH_TEGRA_114_SOC=y +CONFIG_TEGRA_PCI=y +CONFIG_TEGRA_AHB=y +# CONFIG_TEGRA_EMC_SCALING_ENABLE is not set +CONFIG_ARCH_U8500=y +CONFIG_UX500_SOC_COMMON=y +CONFIG_UX500_SOC_DB8500=y + +# +# Ux500 target platform (boards) +# +CONFIG_MACH_MOP500=y +CONFIG_MACH_HREFV60=y +CONFIG_MACH_SNOWBALL=y +CONFIG_UX500_AUTO_PLATFORM=y +CONFIG_MACH_UX500_DT=y +CONFIG_UX500_DEBUG_UART=2 CONFIG_ARCH_VEXPRESS=y # @@ -258,10 +301,12 @@ CONFIG_CACHE_L2X0=y CONFIG_ARM_L1_CACHE_SHIFT_6=y CONFIG_ARM_L1_CACHE_SHIFT=6 CONFIG_ARM_DMA_MEM_BUFFERABLE=y -CONFIG_ARM_ERRATA_326103=y +CONFIG_PJ4B_ERRATA_4742=y +# CONFIG_ARM_ERRATA_326103 is not set CONFIG_ARM_ERRATA_411920=y CONFIG_ARM_ERRATA_430973=y CONFIG_PL310_ERRATA_588369=y +CONFIG_ARM_ERRATA_643719=y CONFIG_ARM_ERRATA_720789=y CONFIG_PL310_ERRATA_727915=y CONFIG_ARM_ERRATA_754322=y @@ -269,12 +314,12 @@ CONFIG_ARM_ERRATA_754327=y CONFIG_ARM_ERRATA_764369=y CONFIG_PL310_ERRATA_769419=y CONFIG_ARM_ERRATA_775420=y -CONFIG_ARM_ERRATA_798181=y +# CONFIG_ARM_ERRATA_798181 is not set # # Bus support # -# CONFIG_PCI_SYSCALL is not set +CONFIG_PCI_DOMAINS=y # CONFIG_PCCARD is not set # @@ -285,13 +330,15 @@ CONFIG_SMP_ON_UP=y CONFIG_ARM_CPU_TOPOLOGY=y CONFIG_SCHED_MC=y CONFIG_SCHED_SMT=y +# CONFIG_MCPM is not set CONFIG_NR_CPUS=8 CONFIG_HOTPLUG_CPU=y CONFIG_ARM_PSCI=y CONFIG_LOCAL_TIMERS=y -CONFIG_ARCH_NR_GPIO=512 +CONFIG_ARCH_NR_GPIO=1024 CONFIG_ARCH_HAS_HOLES_MEMORYMODEL=y CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ZONE_DMA_FLAG=1 CONFIG_FORCE_MAX_ZONEORDER=12 # @@ -328,12 +375,14 @@ CONFIG_XPS=y # # Generic Driver Options # +CONFIG_SOC_BUS=y CONFIG_REGMAP_I2C=y CONFIG_REGMAP_MMIO=y # # Bus devices # +CONFIG_MVEBU_MBUS=y CONFIG_OMAP_OCP2SCP=m CONFIG_OMAP_INTERCONNECT=y CONFIG_MTD=y @@ -347,7 +396,6 @@ CONFIG_MTD_OF_PARTS=y # # User Modules And Translation Layers # -CONFIG_MTD_CHAR=y CONFIG_MTD_BLKDEVS=y CONFIG_MTD_BLOCK=y # CONFIG_FTL is not set @@ -382,11 +430,13 @@ CONFIG_MTD_RAM=m # Mapping drivers for chip access # # CONFIG_MTD_COMPLEX_MAPPINGS is not set +# CONFIG_MTD_INTEL_VR_NOR is not set CONFIG_MTD_PLATRAM=m # # Self-contained MTD device drivers # +# CONFIG_MTD_PMC551 is not set CONFIG_MTD_SLRAM=m CONFIG_MTD_PHRAM=m # CONFIG_MTD_MTDRAM is not set @@ -395,35 +445,33 @@ CONFIG_MTD_PHRAM=m # # Disk-On-Chip Device Drivers # -# CONFIG_MTD_DOC2000 is not set -# CONFIG_MTD_DOC2001 is not set -# CONFIG_MTD_DOC2001PLUS is not set # CONFIG_MTD_DOCG3 is not set CONFIG_MTD_NAND_ECC=y # CONFIG_MTD_NAND_ECC_SMC is not set CONFIG_MTD_NAND=y # CONFIG_MTD_NAND_ECC_BCH is not set # CONFIG_MTD_SM_COMMON is not set -# CONFIG_MTD_NAND_MUSEUM_IDS is not set # CONFIG_MTD_NAND_DENALI is not set # CONFIG_MTD_NAND_GPIO is not set CONFIG_MTD_NAND_OMAP2=y # CONFIG_MTD_NAND_OMAP_BCH is not set CONFIG_MTD_NAND_IDS=y +# CONFIG_MTD_NAND_RICOH is not set # CONFIG_MTD_NAND_DISKONCHIP is not set # CONFIG_MTD_NAND_DOCG4 is not set +# CONFIG_MTD_NAND_CAFE is not set # CONFIG_MTD_NAND_NANDSIM is not set CONFIG_MTD_NAND_PLATFORM=y # CONFIG_MTD_ALAUDA is not set CONFIG_MTD_NAND_ORION=m CONFIG_MTD_NAND_MXC=m +# CONFIG_MTD_NAND_FSMC is not set CONFIG_MTD_ONENAND=y # CONFIG_MTD_ONENAND_VERIFY_WRITE is not set # CONFIG_MTD_ONENAND_GENERIC is not set CONFIG_MTD_ONENAND_OMAP2=y # CONFIG_MTD_ONENAND_OTP is not set CONFIG_MTD_ONENAND_2X_PROGRAM=y -CONFIG_MTD_ONENAND_SIM=m # # LPDDR flash memory drivers @@ -441,11 +489,6 @@ CONFIG_BLK_DEV_RAM_SIZE=65536 CONFIG_MG_DISK=m CONFIG_MG_DISK_RES=0 -# -# Altera FPGA firmware download module -# -# CONFIG_ALTERA_STAPL is not set - # # PATA SFF controllers with BMDMA # @@ -464,6 +507,7 @@ CONFIG_NET_VENDOR_FREESCALE=y CONFIG_FEC=m CONFIG_MV643XX_ETH=m CONFIG_MVNETA=m +CONFIG_SFC_MTD=y # CONFIG_TI_DAVINCI_EMAC is not set CONFIG_TI_DAVINCI_MDIO=m CONFIG_TI_DAVINCI_CPDMA=m @@ -477,13 +521,25 @@ CONFIG_INPUT_FF_MEMLESS=y # # Input Device Drivers # +# CONFIG_KEYBOARD_ADP5520 is not set CONFIG_KEYBOARD_IMX=m -# CONFIG_KEYBOARD_OMAP4 is not set +# CONFIG_KEYBOARD_NOMADIK is not set +CONFIG_KEYBOARD_TEGRA=m +# CONFIG_KEYBOARD_STMPE is not set +CONFIG_KEYBOARD_OMAP4=m +# CONFIG_KEYBOARD_TC3589X is not set CONFIG_KEYBOARD_TWL4030=m CONFIG_MOUSE_GPIO=m +# CONFIG_INPUT_88PM860X_ONKEY is not set +# CONFIG_INPUT_88PM80X_ONKEY is not set +# CONFIG_INPUT_AB8500_PONKEY is not set +# CONFIG_INPUT_MAX8925_ONKEY is not set CONFIG_INPUT_TWL4030_PWRBUTTON=y CONFIG_INPUT_TWL4030_VIBRA=y CONFIG_INPUT_TWL6040_VIBRA=y +# CONFIG_INPUT_DA9052_ONKEY is not set +# CONFIG_INPUT_DA9055_ONKEY is not set +# CONFIG_INPUT_WM831X_ON is not set # # Serial drivers @@ -494,22 +550,28 @@ CONFIG_SERIAL_8250_DETECT_IRQ=y # Non-8250 serial port support # # CONFIG_SERIAL_AMBA_PL010 is not set +# CONFIG_SERIAL_SIRFSOC is not set +# CONFIG_SERIAL_TEGRA is not set CONFIG_SERIAL_IMX=y CONFIG_SERIAL_IMX_CONSOLE=y CONFIG_SERIAL_VT8500=y CONFIG_SERIAL_VT8500_CONSOLE=y CONFIG_SERIAL_OMAP=y CONFIG_SERIAL_OMAP_CONSOLE=y +CONFIG_HW_RANDOM_BCM2835=y CONFIG_HW_RANDOM_MXC_RNGA=m CONFIG_I2C=y # # I2C system bus drivers (mostly embedded / system-on-chip) # +CONFIG_I2C_BCM2835=y CONFIG_I2C_IMX=m CONFIG_I2C_MV64XXX=m -# CONFIG_I2C_NOMADIK is not set +CONFIG_I2C_NOMADIK=y CONFIG_I2C_OMAP=y +CONFIG_I2C_SIRF=y +CONFIG_I2C_TEGRA=y # # Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. @@ -523,21 +585,40 @@ CONFIG_PINMUX=y CONFIG_PINCONF=y CONFIG_GENERIC_PINCONF=y # CONFIG_DEBUG_PINCTRL is not set +CONFIG_PINCTRL_ABX500=y +CONFIG_PINCTRL_AB8500=y +CONFIG_PINCTRL_AB8540=y +CONFIG_PINCTRL_AB9540=y +CONFIG_PINCTRL_AB8505=y +CONFIG_PINCTRL_BCM2835=y CONFIG_PINCTRL_IMX=y CONFIG_PINCTRL_IMX35=y CONFIG_PINCTRL_IMX51=y CONFIG_PINCTRL_IMX53=y CONFIG_PINCTRL_IMX6Q=y +CONFIG_PINCTRL_NOMADIK=y +CONFIG_PINCTRL_DB8500=y +CONFIG_PINCTRL_DB8540=y # CONFIG_PINCTRL_SINGLE is not set +CONFIG_PINCTRL_SIRF=y CONFIG_PINCTRL_SUNXI=y +CONFIG_PINCTRL_TEGRA=y +CONFIG_PINCTRL_TEGRA20=y +CONFIG_PINCTRL_TEGRA30=y +CONFIG_PINCTRL_TEGRA114=y CONFIG_PINCTRL_SAMSUNG=y CONFIG_PINCTRL_EXYNOS=y CONFIG_PINCTRL_EXYNOS5440=y CONFIG_PINCTRL_MVEBU=y CONFIG_PINCTRL_ARMADA_370=y CONFIG_PINCTRL_ARMADA_XP=y +CONFIG_PINCTRL_WMT=y +CONFIG_PINCTRL_WM8750=y +CONFIG_PINCTRL_WM8850=y CONFIG_ARCH_REQUIRE_GPIOLIB=y CONFIG_GPIO_GENERIC=y +# CONFIG_GPIO_DA9052 is not set +# CONFIG_GPIO_DA9055 is not set # # Memory mapped GPIO drivers: @@ -545,15 +626,29 @@ CONFIG_GPIO_GENERIC=y CONFIG_GPIO_MVEBU=y CONFIG_GPIO_MXC=y CONFIG_GPIO_PL061=y -CONFIG_GPIO_VT8500=y # # I2C GPIO expanders: # CONFIG_GPIO_MC9S08DZ60=y +# CONFIG_GPIO_RC5T583 is not set # CONFIG_GPIO_SX150X is not set -CONFIG_GPIO_TWL4030=y +# CONFIG_GPIO_STMPE is not set +# CONFIG_GPIO_TC3589X is not set +# CONFIG_GPIO_TPS65912 is not set +CONFIG_GPIO_TWL4030=m CONFIG_GPIO_TWL6040=m +# CONFIG_GPIO_WM831X is not set +# CONFIG_GPIO_WM8350 is not set +# CONFIG_GPIO_WM8994 is not set +# CONFIG_GPIO_ADP5520 is not set + +# +# MODULbus GPIO expanders: +# +# CONFIG_GPIO_PALMAS is not set +# CONFIG_GPIO_TPS6586X is not set +# CONFIG_GPIO_TPS65910 is not set # # 1-wire Bus Masters @@ -564,66 +659,108 @@ CONFIG_W1_MASTER_MXC=m # # 1-wire Slaves # +# CONFIG_MAX8925_POWER is not set +# CONFIG_WM831X_BACKUP is not set +# CONFIG_WM831X_POWER is not set +# CONFIG_WM8350_POWER is not set +# CONFIG_BATTERY_88PM860X is not set +# CONFIG_BATTERY_DA9030 is not set +# CONFIG_BATTERY_DA9052 is not set +# CONFIG_BATTERY_RX51 is not set +# CONFIG_CHARGER_ISP1704 is not set # CONFIG_CHARGER_TWL4030 is not set # CONFIG_CHARGER_MANAGER is not set +# CONFIG_CHARGER_MAX8997 is not set +# CONFIG_CHARGER_MAX8998 is not set +# CONFIG_CHARGER_TPS65090 is not set +# CONFIG_AB8500_BM is not set CONFIG_POWER_RESET_QNAP=y +CONFIG_POWER_RESET_VEXPRESS=y # # Native drivers # +# CONFIG_SENSORS_DA9052_ADC is not set +# CONFIG_SENSORS_DA9055 is not set +# CONFIG_SENSORS_TWL4030_MADC is not set CONFIG_SENSORS_VEXPRESS=m +# CONFIG_SENSORS_WM831X is not set +# CONFIG_SENSORS_WM8350 is not set +CONFIG_DB8500_THERMAL=y +CONFIG_ARMADA_THERMAL=m # # Watchdog Device Drivers # +# CONFIG_DA9052_WATCHDOG is not set +# CONFIG_DA9055_WATCHDOG is not set +# CONFIG_WM831X_WATCHDOG is not set +# CONFIG_WM8350_WATCHDOG is not set # CONFIG_MPCORE_WATCHDOG is not set CONFIG_OMAP_WATCHDOG=y # CONFIG_TWL4030_WATCHDOG is not set CONFIG_IMX2_WDT=m +CONFIG_UX500_WATCHDOG=y # # Multifunction device drivers # CONFIG_MFD_CORE=y -# CONFIG_MFD_88PM860X is not set -# CONFIG_MFD_88PM800 is not set -# CONFIG_MFD_88PM805 is not set -# CONFIG_HTC_I2CPLD is not set -# CONFIG_MFD_TPS6586X is not set -# CONFIG_MFD_TPS65910 is not set -# CONFIG_MFD_TPS65912_I2C is not set -# CONFIG_MFD_TPS80031 is not set +CONFIG_MFD_AS3711=y +CONFIG_PMIC_ADP5520=y +CONFIG_MFD_AAT2870_CORE=y +CONFIG_PMIC_DA903X=y +CONFIG_PMIC_DA9052=y +CONFIG_MFD_DA9052_I2C=y +CONFIG_MFD_DA9055=y +CONFIG_HTC_I2CPLD=y +CONFIG_MFD_88PM800=m +CONFIG_MFD_88PM805=m +CONFIG_MFD_88PM860X=y +CONFIG_MFD_MAX77686=y +CONFIG_MFD_MAX77693=y +CONFIG_MFD_MAX8907=m +CONFIG_MFD_MAX8925=y +CONFIG_MFD_MAX8997=y +CONFIG_MFD_MAX8998=y +CONFIG_MFD_RC5T583=y +CONFIG_MFD_SEC_CORE=y +CONFIG_MFD_SMSC=y +CONFIG_ABX500_CORE=y +CONFIG_AB3100_CORE=y +CONFIG_AB3100_OTP=y +CONFIG_AB8500_CORE=y +# CONFIG_AB8500_DEBUG is not set +CONFIG_AB8500_GPADC=y +CONFIG_MFD_DB8500_PRCMU=y +CONFIG_MFD_STMPE=y + +# +# STMicroelectronics STMPE Interface Drivers +# +CONFIG_STMPE_I2C=y +CONFIG_MFD_SYSCON=y +CONFIG_MFD_LP8788=y +CONFIG_MFD_OMAP_USB_HOST=y +CONFIG_MFD_PALMAS=y +CONFIG_MFD_TPS65090=y +CONFIG_MFD_TPS6586X=y +CONFIG_MFD_TPS65910=y +CONFIG_MFD_TPS65912=y +CONFIG_MFD_TPS65912_I2C=y +CONFIG_MFD_TPS80031=y CONFIG_TWL4030_CORE=y -# CONFIG_TWL4030_MADC is not set +CONFIG_TWL4030_MADC=m CONFIG_TWL4030_POWER=y CONFIG_MFD_TWL4030_AUDIO=y CONFIG_TWL6040_CORE=y -# CONFIG_MFD_STMPE is not set -# CONFIG_MFD_TC3589X is not set -CONFIG_MFD_SMSC=y -# CONFIG_PMIC_DA903X is not set -# CONFIG_MFD_DA9052_I2C is not set -# CONFIG_MFD_DA9055 is not set -# CONFIG_PMIC_ADP5520 is not set -# CONFIG_MFD_LP8788 is not set -# CONFIG_MFD_MAX77686 is not set -# CONFIG_MFD_MAX77693 is not set -# CONFIG_MFD_MAX8907 is not set -# CONFIG_MFD_MAX8925 is not set -# CONFIG_MFD_MAX8997 is not set -# CONFIG_MFD_MAX8998 is not set -# CONFIG_MFD_SEC_CORE is not set -# CONFIG_MFD_WM8400 is not set -# CONFIG_MFD_WM831X_I2C is not set -# CONFIG_MFD_WM8350_I2C is not set -# CONFIG_MFD_WM8994 is not set -CONFIG_MFD_OMAP_USB_HOST=y -CONFIG_MFD_TPS65090=y -# CONFIG_MFD_AAT2870_CORE is not set -# CONFIG_MFD_RC5T583 is not set -CONFIG_MFD_SYSCON=y -# CONFIG_MFD_PALMAS is not set -# CONFIG_MFD_AS3711 is not set +CONFIG_MFD_TC3589X=y +CONFIG_MFD_WM8400=y +CONFIG_MFD_WM831X=y +CONFIG_MFD_WM831X_I2C=y +CONFIG_MFD_WM8350=y +CONFIG_MFD_WM8350_I2C=y +CONFIG_MFD_WM8994=y CONFIG_VEXPRESS_CONFIG=y CONFIG_REGULATOR=y # CONFIG_REGULATOR_DEBUG is not set @@ -632,37 +769,64 @@ CONFIG_REGULATOR_FIXED_VOLTAGE=y # CONFIG_REGULATOR_VIRTUAL_CONSUMER is not set # CONFIG_REGULATOR_USERSPACE_CONSUMER is not set CONFIG_REGULATOR_GPIO=y -# CONFIG_REGULATOR_AD5398 is not set -# CONFIG_REGULATOR_FAN53555 is not set +CONFIG_REGULATOR_AD5398=m +CONFIG_REGULATOR_AAT2870=m +CONFIG_REGULATOR_DA903X=m +CONFIG_REGULATOR_DA9052=m +CONFIG_REGULATOR_DA9055=m +CONFIG_REGULATOR_FAN53555=m CONFIG_REGULATOR_ANATOP=m -# CONFIG_REGULATOR_ISL6271A is not set -# CONFIG_REGULATOR_MAX1586 is not set -# CONFIG_REGULATOR_MAX8649 is not set -# CONFIG_REGULATOR_MAX8660 is not set -# CONFIG_REGULATOR_MAX8952 is not set -# CONFIG_REGULATOR_MAX8973 is not set -# CONFIG_REGULATOR_LP3971 is not set -# CONFIG_REGULATOR_LP3972 is not set +CONFIG_REGULATOR_ISL6271A=m +CONFIG_REGULATOR_88PM8607=y +CONFIG_REGULATOR_MAX1586=m +CONFIG_REGULATOR_MAX8649=m +CONFIG_REGULATOR_MAX8660=m +CONFIG_REGULATOR_MAX8907=m +CONFIG_REGULATOR_MAX8925=m +CONFIG_REGULATOR_MAX8952=m +CONFIG_REGULATOR_MAX8973=m +CONFIG_REGULATOR_MAX8997=m +CONFIG_REGULATOR_MAX8998=m +CONFIG_REGULATOR_MAX77686=m +CONFIG_REGULATOR_LP3971=m +CONFIG_REGULATOR_LP3972=m CONFIG_REGULATOR_LP872X=y CONFIG_REGULATOR_LP8755=m -# CONFIG_REGULATOR_TPS51632 is not set +CONFIG_REGULATOR_LP8788=y +CONFIG_REGULATOR_RC5T583=m +CONFIG_REGULATOR_S2MPS11=m +CONFIG_REGULATOR_S5M8767=m +CONFIG_REGULATOR_AB3100=y +CONFIG_REGULATOR_AB8500=y +CONFIG_REGULATOR_DBX500_PRCMU=y +CONFIG_REGULATOR_DB8500_PRCMU=y +CONFIG_REGULATOR_PALMAS=m +CONFIG_REGULATOR_TPS51632=m CONFIG_REGULATOR_TPS62360=m -# CONFIG_REGULATOR_TPS65023 is not set -# CONFIG_REGULATOR_TPS6507X is not set +CONFIG_REGULATOR_TPS65023=m +CONFIG_REGULATOR_TPS6507X=m CONFIG_REGULATOR_TPS65090=m +CONFIG_REGULATOR_TPS6586X=m +CONFIG_REGULATOR_TPS65910=m +CONFIG_REGULATOR_TPS65912=m +CONFIG_REGULATOR_TPS80031=m CONFIG_REGULATOR_TWL4030=y CONFIG_REGULATOR_VEXPRESS=m +CONFIG_REGULATOR_WM831X=m +CONFIG_REGULATOR_WM8350=m +CONFIG_REGULATOR_WM8400=m +CONFIG_REGULATOR_WM8994=m +CONFIG_REGULATOR_AS3711=m # # Multimedia core support # CONFIG_VIDEO_V4L2=y -# CONFIG_TTPCI_EEPROM is not set # -# Webcam, TV (analog/digital) USB devices +# Media digital TV PCI Adapters # -# CONFIG_VIDEO_VPFE_CAPTURE is not set +# CONFIG_VIDEO_DM6446_CCDC is not set CONFIG_VIDEO_OMAP2_VOUT_VRFB=y CONFIG_VIDEO_OMAP2_VOUT=m CONFIG_MX3_VIDEO=y @@ -692,24 +856,20 @@ CONFIG_MEDIA_TUNER_MC44S803=y # # I2C encoder or helper chips # -# CONFIG_DRM_EXYNOS is not set +CONFIG_DRM_EXYNOS=m +CONFIG_DRM_EXYNOS_DMABUF=y +CONFIG_DRM_EXYNOS_HDMI=y +CONFIG_DRM_EXYNOS_VIDI=y +CONFIG_DRM_EXYNOS_G2D=y CONFIG_DRM_OMAP=m CONFIG_DRM_OMAP_NUM_CRTCS=1 -# CONFIG_VGASTATE is not set -# CONFIG_FB_DDC is not set -CONFIG_FB_CFB_FILLRECT=y -CONFIG_FB_CFB_COPYAREA=y -CONFIG_FB_CFB_IMAGEBLIT=y -# CONFIG_FB_SVGALIB is not set -# CONFIG_FB_BACKLIGHT is not set +# CONFIG_TEGRA_HOST1X is not set # # Frame buffer hardware drivers # -CONFIG_FB_IMX=m -# CONFIG_FB_VT8500 is not set -# CONFIG_FB_WM8505 is not set -CONFIG_FB_MX3=y +# CONFIG_FB_IMX is not set +# CONFIG_FB_MX3 is not set CONFIG_OMAP2_VRFB=y CONFIG_OMAP2_DSS=y # CONFIG_OMAP2_DSS_DEBUG is not set @@ -718,13 +878,12 @@ CONFIG_OMAP2_DSS_DPI=y # CONFIG_OMAP2_DSS_RFBI is not set CONFIG_OMAP2_DSS_VENC=y CONFIG_OMAP4_DSS_HDMI=y +CONFIG_OMAP4_DSS_HDMI_AUDIO=y # CONFIG_OMAP2_DSS_SDI is not set # CONFIG_OMAP2_DSS_DSI is not set CONFIG_OMAP2_DSS_MIN_FCK_PER_PCK=1 CONFIG_OMAP2_DSS_SLEEP_AFTER_VENC_RESET=y -CONFIG_FB_OMAP2=m -CONFIG_FB_OMAP2_DEBUG_SUPPORT=y -CONFIG_FB_OMAP2_NUM_FBS=3 +# CONFIG_FB_OMAP2 is not set # # OMAP2/3 Display Device Drivers @@ -734,16 +893,23 @@ CONFIG_PANEL_TFP410=m CONFIG_PANEL_SHARP_LS037V7DW01=y # CONFIG_PANEL_PICODLP is not set # CONFIG_LCD_PLATFORM is not set +# CONFIG_BACKLIGHT_DA903X is not set +# CONFIG_BACKLIGHT_DA9052 is not set +# CONFIG_BACKLIGHT_MAX8925 is not set +# CONFIG_BACKLIGHT_WM831X is not set +# CONFIG_BACKLIGHT_ADP5520 is not set +# CONFIG_BACKLIGHT_88PM860X is not set +# CONFIG_BACKLIGHT_AAT2870 is not set +# CONFIG_BACKLIGHT_LP8788 is not set # CONFIG_BACKLIGHT_PANDORA is not set +# CONFIG_BACKLIGHT_AS3711 is not set # # Console display driver support # -# CONFIG_FB_SSD1307 is not set -# CONFIG_SND_OPL3_LIB_SEQ is not set -# CONFIG_SND_EMU10K1_SEQ is not set CONFIG_SND_SOC_AC97_BUS=y CONFIG_SND_SOC_DMAENGINE_PCM=y +CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y CONFIG_SND_SOC_FSL_SSI=m CONFIG_SND_SOC_FSL_UTILS=m CONFIG_SND_IMX_SOC=m @@ -755,36 +921,77 @@ CONFIG_SND_SOC_IMX_AUDMUX=m CONFIG_SND_SOC_PHYCORE_AC97=m CONFIG_SND_SOC_EUKREA_TLV320=m CONFIG_SND_SOC_IMX_SGTL5000=m -# CONFIG_SND_OMAP_SOC is not set +CONFIG_SND_OMAP_SOC=m +CONFIG_SND_OMAP_SOC_DMIC=m +CONFIG_SND_OMAP_SOC_MCBSP=m +CONFIG_SND_OMAP_SOC_MCPDM=m +CONFIG_SND_OMAP_SOC_HDMI=m +CONFIG_SND_OMAP_SOC_RX51=m +CONFIG_SND_OMAP_SOC_AM3517EVM=m +CONFIG_SND_OMAP_SOC_OMAP_TWL4030=m +CONFIG_SND_OMAP_SOC_OMAP_ABE_TWL6040=m +CONFIG_SND_OMAP_SOC_OMAP_HDMI=m +CONFIG_SND_OMAP_SOC_OMAP3_PANDORA=m +CONFIG_SND_SOC_TEGRA=m +CONFIG_SND_SOC_TEGRA20_AC97=m +CONFIG_SND_SOC_TEGRA20_DAS=m +CONFIG_SND_SOC_TEGRA20_I2S=m +CONFIG_SND_SOC_TEGRA20_SPDIF=m +CONFIG_SND_SOC_TEGRA30_AHUB=m +CONFIG_SND_SOC_TEGRA30_I2S=m +CONFIG_SND_SOC_TEGRA_WM8753=m +CONFIG_SND_SOC_TEGRA_WM8903=m +CONFIG_SND_SOC_TEGRA_WM9712=m +CONFIG_SND_SOC_TEGRA_TRIMSLICE=m +CONFIG_SND_SOC_TEGRA_ALC5632=m +CONFIG_SND_SOC_UX500=m +# CONFIG_SND_SOC_UX500_PLAT_DMA is not set +# CONFIG_SND_SOC_UX500_MACH_MOP500 is not set +CONFIG_SND_SOC_ALC5632=m +CONFIG_SND_SOC_DMIC=m +CONFIG_SND_SOC_OMAP_HDMI_CODEC=m CONFIG_SND_SOC_SGTL5000=m CONFIG_SND_SOC_TLV320AIC23=m +CONFIG_SND_SOC_TLV320AIC3X=m +CONFIG_SND_SOC_TWL4030=m +CONFIG_SND_SOC_TWL6040=m +CONFIG_SND_SOC_WM8753=m +CONFIG_SND_SOC_WM8903=m CONFIG_SND_SOC_WM9712=m - -# -# I2C HID support -# -# CONFIG_USB_ARCH_HAS_XHCI is not set +CONFIG_SND_SOC_TPA6130A2=m # # USB Host Controller Drivers # CONFIG_USB_EHCI_MXC=m CONFIG_USB_EHCI_HCD_OMAP=y +CONFIG_USB_EHCI_HCD_ORION=m +CONFIG_USB_EHCI_TEGRA=y +# CONFIG_USB_CNS3XXX_EHCI is not set CONFIG_USB_OHCI_HCD_OMAP3=y +# CONFIG_USB_CNS3XXX_OHCI is not set CONFIG_USB_UHCI_SUPPORT_NON_PCI_HC=y CONFIG_USB_UHCI_PLATFORM=y CONFIG_USB_IMX21_HCD=m # -# USB Physical Layer drivers +# USB Miscellaneous drivers # +CONFIG_USB_PHY=y +CONFIG_AB8500_USB=m +CONFIG_NOP_USB_XCEIV=m +CONFIG_OMAP_CONTROL_USB=m CONFIG_OMAP_USB2=m - -# -# OTG and related infrastructure -# -CONFIG_USB_GPIO_VBUS=y +CONFIG_OMAP_USB3=m +CONFIG_SAMSUNG_USBPHY=y +CONFIG_SAMSUNG_USB2PHY=y +CONFIG_SAMSUNG_USB3PHY=y +CONFIG_USB_GPIO_VBUS=m +CONFIG_USB_ISP1301=m CONFIG_USB_MXS_PHY=m +CONFIG_USB_RCAR_PHY=m +CONFIG_USB_ULPI=y +CONFIG_USB_ULPI_VIEWPORT=y CONFIG_MMC=y # @@ -797,7 +1004,11 @@ CONFIG_MMC_BLOCK=y # CONFIG_MMC_SDHCI=y CONFIG_MMC_SDHCI_IO_ACCESSORS=y +CONFIG_MMC_SDHCI_CNS3XXX=m CONFIG_MMC_SDHCI_ESDHC_IMX=m +CONFIG_MMC_SDHCI_TEGRA=m +CONFIG_MMC_SDHCI_SIRF=m +CONFIG_MMC_SDHCI_BCM2835=m CONFIG_MMC_OMAP=y CONFIG_MMC_OMAP_HS=y CONFIG_MMC_MXC=m @@ -812,8 +1023,16 @@ CONFIG_LEDS_GPIO_REGISTER=y # # LED drivers # +# CONFIG_LEDS_88PM860X is not set CONFIG_LEDS_GPIO=y -# CONFIG_LEDS_REGULATOR is not set +# CONFIG_LEDS_LP8788 is not set +# CONFIG_LEDS_WM831X_STATUS is not set +# CONFIG_LEDS_WM8350 is not set +# CONFIG_LEDS_DA903X is not set +# CONFIG_LEDS_DA9052 is not set +CONFIG_LEDS_REGULATOR=m +# CONFIG_LEDS_ADP5520 is not set +# CONFIG_LEDS_MAX8997 is not set # # LED Triggers @@ -823,15 +1042,39 @@ CONFIG_LEDS_TRIGGER_HEARTBEAT=y # # I2C RTC drivers # +# CONFIG_RTC_DRV_88PM860X is not set +# CONFIG_RTC_DRV_88PM80X is not set +# CONFIG_RTC_DRV_LP8788 is not set +# CONFIG_RTC_DRV_MAX8907 is not set +# CONFIG_RTC_DRV_MAX8925 is not set +# CONFIG_RTC_DRV_MAX8998 is not set +# CONFIG_RTC_DRV_MAX8997 is not set +# CONFIG_RTC_DRV_MAX77686 is not set +# CONFIG_RTC_DRV_PALMAS is not set # CONFIG_RTC_DRV_TWL4030 is not set +# CONFIG_RTC_DRV_TPS6586X is not set +# CONFIG_RTC_DRV_TPS65910 is not set +# CONFIG_RTC_DRV_TPS80031 is not set +# CONFIG_RTC_DRV_RC5T583 is not set + +# +# Platform RTC drivers +# +# CONFIG_RTC_DRV_DA9052 is not set +# CONFIG_RTC_DRV_DA9055 is not set +# CONFIG_RTC_DRV_WM831X is not set +# CONFIG_RTC_DRV_WM8350 is not set +CONFIG_RTC_DRV_AB3100=y +# CONFIG_RTC_DRV_AB8500 is not set # # on-CPU RTC drivers # CONFIG_RTC_DRV_IMXDI=m -# CONFIG_RTC_DRV_OMAP is not set +CONFIG_RTC_DRV_OMAP=m CONFIG_RTC_DRV_VT8500=m CONFIG_RTC_DRV_MV=m +CONFIG_RTC_DRV_TEGRA=m CONFIG_RTC_DRV_MXC=m # @@ -841,16 +1084,23 @@ CONFIG_ASYNC_TX_ENABLE_CHANNEL_SWITCH=y CONFIG_MV_XOR=y CONFIG_MX3_IPU=y CONFIG_MX3_IPU_IRQS=4 +CONFIG_TEGRA20_APB_DMA=y +# CONFIG_STE_DMA40 is not set +# CONFIG_SIRF_DMA is not set CONFIG_IMX_SDMA=m CONFIG_IMX_DMA=m # CONFIG_MXS_DMA is not set CONFIG_DMA_OMAP=y CONFIG_DMA_VIRTUAL_CHANNELS=y +# +# Speakup console speech +# +# CONFIG_MFD_NVEC is not set + # # Android # -# CONFIG_OMAP_BANDGAP is not set # CONFIG_DRM_IMX is not set CONFIG_COMMON_CLK=y @@ -858,8 +1108,12 @@ CONFIG_COMMON_CLK=y # Common Clock Framework # # CONFIG_COMMON_CLK_DEBUG is not set +# CONFIG_COMMON_CLK_WM831X is not set CONFIG_COMMON_CLK_VERSATILE=y -# CONFIG_CLK_TWL6040 is not set +# CONFIG_COMMON_CLK_MAX77686 is not set +CONFIG_COMMON_CLK_SI5351=m +CONFIG_CLK_TWL6040=m +CONFIG_COMMON_CLK_AXI_CLKGEN=m CONFIG_MVEBU_CLK_CORE=y CONFIG_MVEBU_CLK_CPU=y CONFIG_MVEBU_CLK_GATING=y @@ -869,25 +1123,39 @@ CONFIG_HWSPINLOCK=m # Hardware Spinlock drivers # CONFIG_HWSPINLOCK_OMAP=m -CONFIG_CLKSRC_OF=y +# CONFIG_HSEM_U8500 is not set CONFIG_DW_APB_TIMER=y CONFIG_DW_APB_TIMER_OF=y CONFIG_ARMADA_370_XP_TIMER=y -CONFIG_SUNXI_TIMER=y +CONFIG_SUN4I_TIMER=y CONFIG_VT8500_TIMER=y +CONFIG_CADENCE_TTC_TIMER=y +CONFIG_CLKSRC_NOMADIK_MTU=y +CONFIG_CLKSRC_DBX500_PRCMU=y +CONFIG_CLKSRC_DBX500_PRCMU_SCHED_CLOCK=y CONFIG_ARM_ARCH_TIMER=y # CONFIG_OMAP_IOMMU is not set +# CONFIG_TEGRA_IOMMU_GART is not set +# CONFIG_TEGRA_IOMMU_SMMU is not set # # Rpmsg drivers # CONFIG_TI_EMIF=m +CONFIG_TEGRA20_MC=y +CONFIG_TEGRA30_MC=y + +# +# Analog to digital converters +# +# CONFIG_LP8788_ADC is not set # # Magnetometer sensors # # CONFIG_PWM is not set CONFIG_ARM_GIC=y +CONFIG_ARCH_HAS_RESET_CONTROLLER=y # # File systems @@ -905,6 +1173,8 @@ CONFIG_DCACHE_WORD_ACCESS=y CONFIG_RCU_CPU_STALL_TIMEOUT=60 # CONFIG_RCU_CPU_STALL_INFO is not set # CONFIG_DEBUG_PER_CPU_MAPS is not set +# CONFIG_DEBUG_BCM2835 is not set +# CONFIG_DEBUG_CNS3XXX is not set CONFIG_DEBUG_ZYNQ_UART0=y # CONFIG_DEBUG_ZYNQ_UART1 is not set # CONFIG_DEBUG_HIGHBANK_UART is not set @@ -919,12 +1189,18 @@ CONFIG_DEBUG_ZYNQ_UART0=y # CONFIG_DEBUG_SOCFPGA_UART is not set # CONFIG_DEBUG_SUNXI_UART0 is not set # CONFIG_DEBUG_SUNXI_UART1 is not set +# CONFIG_DEBUG_TEGRA_UART is not set +# CONFIG_DEBUG_SIRFPRIMA2_UART1 is not set +# CONFIG_DEBUG_SIRFMARCO_UART1 is not set +# CONFIG_DEBUG_UX500_UART is not set # CONFIG_DEBUG_VEXPRESS_UART0_DETECT is not set # CONFIG_DEBUG_VEXPRESS_UART0_CA9 is not set # CONFIG_DEBUG_VEXPRESS_UART0_RS1 is not set # CONFIG_DEBUG_VT8500_UART0 is not set CONFIG_DEBUG_IMX_UART_PORT=1 CONFIG_DEBUG_LL_INCLUDE="debug/zynq.S" +CONFIG_DEBUG_UNCOMPRESS=y +CONFIG_UNCOMPRESS_INCLUDE="debug/uncompress.h" CONFIG_OC_ETM=y # CONFIG_PID_IN_CONTEXTIDR is not set @@ -949,7 +1225,6 @@ CONFIG_PAX_CONSTIFY_PLUGIN=y # Kernel Auditing # CONFIG_GRKERNSEC_RWXMAP_LOG=y -CONFIG_GRKERNSEC_AUDIT_TEXTREL=y # # Crypto core or helper @@ -963,6 +1238,10 @@ CONFIG_CRYPTO_DEV_MV_CESA=m CONFIG_CRYPTO_DEV_OMAP_SHAM=m CONFIG_CRYPTO_DEV_OMAP_AES=m CONFIG_CRYPTO_DEV_PICOXCELL=m +CONFIG_CRYPTO_DEV_TEGRA_AES=m +CONFIG_CRYPTO_DEV_UX500=m +# CONFIG_CRYPTO_DEV_UX500_CRYP is not set +# CONFIG_CRYPTO_DEV_UX500_HASH is not set # # Library routines diff --git a/kernel/config-armv7hl-exynos b/kernel/config-armv7hl-exynos index ea5de5962..1e988cf13 100644 --- a/kernel/config-armv7hl-exynos +++ b/kernel/config-armv7hl-exynos @@ -1,6 +1,12 @@ CONFIG_NEED_MACH_GPIO_H=y CONFIG_NEED_MACH_MEMORY_H=y +# +# Kernel Performance Events And Counters +# +CONFIG_SLAB=y +# CONFIG_SLUB is not set + # # System Type # @@ -15,11 +21,9 @@ CONFIG_PLAT_S5P=y # CONFIG_S3C_BOOT_ERROR_RESET is not set CONFIG_S3C_BOOT_UART_FORCE_FIFO=y CONFIG_S3C_LOWLEVEL_UART_PORT=1 -CONFIG_SAMSUNG_CLOCK=y -CONFIG_SAMSUNG_CLKSRC=y -CONFIG_S5P_CLOCK=y +# CONFIG_S5P_CLOCK is not set CONFIG_SAMSUNG_IRQ_VIC_TIMER=y -CONFIG_S5P_IRQ=y +# CONFIG_S5P_IRQ is not set CONFIG_SAMSUNG_GPIOLIB_4BIT=y CONFIG_S5P_GPIO_DRVSTR=y CONFIG_SAMSUNG_GPIO_EXTRA=0 @@ -64,12 +68,11 @@ CONFIG_ARCH_EXYNOS4=y # # EXYNOS SoCs # -# CONFIG_CPU_EXYNOS4210 is not set +CONFIG_CPU_EXYNOS4210=y CONFIG_SOC_EXYNOS4212=y CONFIG_SOC_EXYNOS4412=y -CONFIG_EXYNOS4_MCT=y +CONFIG_EXYNOS_ATAGS=y CONFIG_EXYNOS_DEV_DMA=y -CONFIG_EXYNOS_DEV_DRM=y CONFIG_EXYNOS4_SETUP_FIMD0=y CONFIG_EXYNOS4_SETUP_I2C1=y CONFIG_EXYNOS4_SETUP_I2C3=y @@ -102,7 +105,7 @@ CONFIG_MACH_SMDK4412=y # # Flattened Device Tree based board for EXYNOS SoCs # -# CONFIG_MACH_EXYNOS4_DT is not set +CONFIG_MACH_EXYNOS4_DT=y # # Configuration for HSMMC 8-bit bus width @@ -115,13 +118,20 @@ CONFIG_MACH_SMDK4412=y # # CONFIG_ARM_LPAE is not set CONFIG_CACHE_PL310=y -CONFIG_ARM_ERRATA_458693=y -CONFIG_ARM_ERRATA_460075=y -CONFIG_ARM_ERRATA_742230=y -CONFIG_ARM_ERRATA_742231=y -CONFIG_ARM_ERRATA_743622=y -CONFIG_ARM_ERRATA_751472=y -CONFIG_PL310_ERRATA_753970=y +# CONFIG_ARM_ERRATA_458693 is not set +# CONFIG_ARM_ERRATA_460075 is not set +# CONFIG_ARM_ERRATA_742230 is not set +# CONFIG_ARM_ERRATA_742231 is not set +# CONFIG_PL310_ERRATA_588369 is not set +# CONFIG_PL310_ERRATA_727915 is not set +# CONFIG_ARM_ERRATA_743622 is not set +# CONFIG_ARM_ERRATA_751472 is not set +# CONFIG_PL310_ERRATA_753970 is not set + +# +# Bus support +# +# CONFIG_PCI_SYSCALL is not set # # Kernel Features @@ -137,119 +147,181 @@ CONFIG_SELECT_MEMORY_MODEL=y CONFIG_SPARSEMEM_MANUAL=y CONFIG_SPARSEMEM=y CONFIG_SPARSEMEM_EXTREME=y +CONFIG_MEMORY_ISOLATION=y +CONFIG_ZONE_DMA_FLAG=0 +CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 CONFIG_FORCE_MAX_ZONEORDER=11 -# CONFIG_UACCESS_WITH_MEMCPY is not set +# CONFIG_XEN is not set # # Boot options # -# CONFIG_USE_OF is not set -CONFIG_CMDLINE="console=ttySAC1,115200 root=/dev/mmcblk0p2 rootwait" +CONFIG_CMDLINE="root=/dev/ram0 rw ramdisk=8192 initrd=0x41000000,8M console=ttySAC1,115200 init=/linuxrc mem=256M" # CONFIG_XIP_KERNEL is not set # # CPU Frequency scaling # +CONFIG_CPU_FREQ=y +CONFIG_CPU_FREQ_TABLE=y +CONFIG_CPU_FREQ_GOV_COMMON=y +CONFIG_CPU_FREQ_STAT=y +CONFIG_CPU_FREQ_STAT_DETAILS=y +CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y +# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE is not set +CONFIG_CPU_FREQ_GOV_PERFORMANCE=y +CONFIG_CPU_FREQ_GOV_POWERSAVE=m +CONFIG_CPU_FREQ_GOV_USERSPACE=m +CONFIG_CPU_FREQ_GOV_ONDEMAND=m +CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m + +# +# ARM CPU frequency scaling drivers +# +CONFIG_ARM_EXYNOS_CPUFREQ=y +CONFIG_ARM_EXYNOS4210_CPUFREQ=y +CONFIG_ARM_EXYNOS4X12_CPUFREQ=y +# CONFIG_ARM_EXYNOS5250_CPUFREQ is not set +# CONFIG_ARM_KIRKWOOD_CPUFREQ is not set # CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set +# +# Power management options +# +CONFIG_PM_GENERIC_DOMAINS=y +CONFIG_PM_GENERIC_DOMAINS_SLEEP=y +CONFIG_PM_GENERIC_DOMAINS_RUNTIME=y + +# +# Generic Driver Options +# +CONFIG_FIRMWARE_IN_KERNEL=y +CONFIG_CMA=y +# CONFIG_CMA_DEBUG is not set + +# +# Default contiguous memory area size: +# +CONFIG_CMA_SIZE_MBYTES=16 +CONFIG_CMA_SIZE_SEL_MBYTES=y +# CONFIG_CMA_SIZE_SEL_PERCENTAGE is not set +# CONFIG_CMA_SIZE_SEL_MIN is not set +# CONFIG_CMA_SIZE_SEL_MAX is not set +CONFIG_CMA_ALIGNMENT=8 +CONFIG_CMA_AREAS=7 + # # Disk-On-Chip Device Drivers # # CONFIG_MTD_ONENAND_SAMSUNG is not set +# +# Input device support +# +CONFIG_INPUT_MATRIXKMAP=y + # # Input Device Drivers # +CONFIG_KEYBOARD_SAMSUNG=y CONFIG_INPUT_PWM_BEEPER=m -CONFIG_INPUT_DA9055_ONKEY=m + +# +# Serial drivers +# +# CONFIG_SERIAL_8250_CONSOLE is not set +# CONFIG_SERIAL_8250_EXTENDED is not set # # Non-8250 serial port support # +# CONFIG_SERIAL_AMBA_PL011 is not set CONFIG_SERIAL_SAMSUNG=y CONFIG_SERIAL_SAMSUNG_UARTS_4=y CONFIG_SERIAL_SAMSUNG_UARTS=4 -CONFIG_SERIAL_SAMSUNG_DEBUG=y +# CONFIG_SERIAL_SAMSUNG_DEBUG is not set CONFIG_SERIAL_SAMSUNG_CONSOLE=y +# CONFIG_SERIAL_OF_PLATFORM is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_ARC is not set +CONFIG_I2C_ALGOBIT=y # # I2C system bus drivers (mostly embedded / system-on-chip) # -# CONFIG_I2C_S3C2410 is not set - -# -# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. -# -CONFIG_GPIO_DA9055=m +CONFIG_I2C_S3C2410=y # -# 1-wire Slaves +# Pin controllers # -# CONFIG_POWER_RESET_RESTART is not set +# CONFIG_PINCTRL_EXYNOS5440 is not set # # Native drivers # -CONFIG_SENSORS_DA9055=m +# CONFIG_CPU_THERMAL is not set # # Watchdog Device Drivers # -CONFIG_DA9055_WATCHDOG=m -# CONFIG_S3C2410_WATCHDOG is not set +CONFIG_S3C2410_WATCHDOG=y # -# Multifunction device drivers +# Multimedia core support # -CONFIG_MFD_DA9055=y -CONFIG_MFD_LP8788=y -CONFIG_MFD_MAX8907=m -# CONFIG_REGULATOR_DA9055 is not set -CONFIG_REGULATOR_FAN53555=m -CONFIG_REGULATOR_MAX8907=m -# CONFIG_REGULATOR_LP8755 is not set -CONFIG_REGULATOR_LP8788=y +# CONFIG_TTPCI_EEPROM is not set # # Webcam, TV (analog/digital) USB devices # -# CONFIG_VIDEO_SAMSUNG_S5P_FIMC is not set -CONFIG_VIDEO_SAMSUNG_S5P_TV=y -CONFIG_VIDEO_SAMSUNG_S5P_HDMI=y -# CONFIG_VIDEO_SAMSUNG_S5P_HDMI_DEBUG is not set -CONFIG_VIDEO_SAMSUNG_S5P_HDMIPHY=y -CONFIG_VIDEO_SAMSUNG_S5P_SII9234=m -CONFIG_VIDEO_SAMSUNG_S5P_SDO=m -CONFIG_VIDEO_SAMSUNG_S5P_MIXER=m -# CONFIG_VIDEO_SAMSUNG_S5P_MIXER_DEBUG is not set +# CONFIG_VIDEO_SAMSUNG_EXYNOS4_IS is not set +# CONFIG_VIDEO_SAMSUNG_S5P_TV is not set # CONFIG_VIDEO_SAMSUNG_S5P_G2D is not set # CONFIG_VIDEO_SAMSUNG_S5P_JPEG is not set # CONFIG_VIDEO_SAMSUNG_S5P_MFC is not set +# +# Graphics support +# +CONFIG_DRM=y +# CONFIG_DRM_EXYNOS is not set +# CONFIG_DRM_UDL is not set +# CONFIG_VIDEO_OUTPUT_CONTROL is not set +# CONFIG_FB_CFB_FILLRECT is not set +# CONFIG_FB_CFB_COPYAREA is not set +# CONFIG_FB_CFB_IMAGEBLIT is not set +CONFIG_FB_MODE_HELPERS=y + # # Frame buffer hardware drivers # -CONFIG_FB_S3C=y -# CONFIG_FB_S3C_DEBUG_REGWRITE is not set -# CONFIG_BACKLIGHT_PWM is not set -# CONFIG_BACKLIGHT_LP8788 is not set +# CONFIG_FB_S3C is not set +CONFIG_BACKLIGHT_PWM=m # # Console display driver support # -# CONFIG_SND_ATMEL_SOC is not set -# CONFIG_SND_SOC_SAMSUNG is not set +# CONFIG_SND_OPL3_LIB_SEQ is not set +# CONFIG_SND_EMU10K1_SEQ is not set +CONFIG_SND_SOC_SAMSUNG=m +# CONFIG_SND_SOC_SAMSUNG_SMDK_WM8994 is not set +# CONFIG_SND_SOC_SAMSUNG_SMDK_SPDIF is not set +# CONFIG_SND_SOC_SMDK_WM8994_PCM is not set # -# USB Host Controller Drivers +# I2C HID support # -CONFIG_USB_EHCI_S5P=y -CONFIG_USB_OHCI_EXYNOS=y +# CONFIG_USB_ARCH_HAS_XHCI is not set # -# USB Physical Layer drivers +# USB Host Controller Drivers # -# CONFIG_SAMSUNG_USBPHY is not set +# CONFIG_USB_EHCI_ROOT_HUB_TT is not set +CONFIG_USB_EHCI_S5P=y +CONFIG_USB_OHCI_EXYNOS=y # # MMC/SD/SDIO Host Controller Drivers @@ -260,45 +332,37 @@ CONFIG_MMC_SDHCI_S3C_DMA=y # # LED drivers # -CONFIG_LEDS_LP8788=m CONFIG_LEDS_PWM=m # -# I2C RTC drivers -# -CONFIG_RTC_DRV_LP8788=m -CONFIG_RTC_DRV_MAX8907=m - -# -# Platform RTC drivers +# on-CPU RTC drivers # -CONFIG_RTC_DRV_DA9055=m +CONFIG_RTC_DRV_S3C=y # -# on-CPU RTC drivers +# Common Clock Framework # -# CONFIG_RTC_DRV_S3C is not set +# CONFIG_COMMON_CLK_SI5351 is not set # -# Analog to digital converters +# Hardware Spinlock drivers # -# CONFIG_LP8788_ADC is not set +CONFIG_CLKSRC_EXYNOS_MCT=y +CONFIG_CLKSRC_SAMSUNG_PWM=y # # Magnetometer sensors # CONFIG_PWM=y CONFIG_PWM_SAMSUNG=y -CONFIG_PWM_TWL=m -CONFIG_PWM_TWL_LED=m +# CONFIG_PWM_TWL is not set +# CONFIG_PWM_TWL_LED is not set CONFIG_GIC_NON_BANKED=y # # Kernel hacking # -# CONFIG_DEBUG_LOCK_ALLOC is not set -# CONFIG_PROVE_LOCKING is not set -# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_SLAB is not set # # RCU Debugging @@ -309,14 +373,6 @@ CONFIG_DEBUG_S3C_UART0=y # CONFIG_DEBUG_S3C_UART2 is not set # CONFIG_DEBUG_S3C_UART3 is not set # CONFIG_DEBUG_LL_UART_NONE is not set -CONFIG_DEBUG_LL_INCLUDE="mach/debug-macro.S" - -# -# Non-executable pages -# -# CONFIG_PAX_KERNEXEC is not set - -# -# Miscellaneous hardening features -# -# CONFIG_PAX_MEMORY_UDEREF is not set +CONFIG_DEBUG_EXYNOS_UART=y +CONFIG_DEBUG_LL_INCLUDE="debug/exynos.S" +CONFIG_UNCOMPRESS_INCLUDE="mach/uncompress.h" diff --git a/kernel/config-generic b/kernel/config-generic index 9ffe2bff0..8f9f1187f 100644 --- a/kernel/config-generic +++ b/kernel/config-generic @@ -7,7 +7,6 @@ CONFIG_MMU=y CONFIG_NEED_DMA_MAP_STATE=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_HWEIGHT=y -CONFIG_GENERIC_GPIO=y CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_ARCH_SUSPEND_POSSIBLE=y CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" @@ -58,6 +57,8 @@ CONFIG_GENERIC_CLOCKEVENTS_BUILD=y # Timers subsystem # CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y @@ -112,13 +113,13 @@ CONFIG_RD_LZO=y # CONFIG_CC_OPTIMIZE_FOR_SIZE is not set CONFIG_SYSCTL=y CONFIG_ANON_INODES=y -# CONFIG_EXPERT is not set CONFIG_HAVE_UID16=y +CONFIG_HOTPLUG=y +CONFIG_EXPERT=y CONFIG_UID16=y # CONFIG_SYSCTL_SYSCALL is not set CONFIG_KALLSYMS=y CONFIG_KALLSYMS_ALL=y -CONFIG_HOTPLUG=y CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_ELF_CORE=y @@ -130,7 +131,8 @@ CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_AIO=y -# CONFIG_EMBEDDED is not set +CONFIG_PCI_QUIRKS=y +CONFIG_EMBEDDED=y CONFIG_HAVE_PERF_EVENTS=y # @@ -139,11 +141,11 @@ CONFIG_HAVE_PERF_EVENTS=y CONFIG_PERF_EVENTS=y # CONFIG_DEBUG_PERF_USE_VMALLOC is not set CONFIG_VM_EVENT_COUNTERS=y -CONFIG_PCI_QUIRKS=y CONFIG_SLUB_DEBUG=y # CONFIG_COMPAT_BRK is not set # CONFIG_SLAB is not set CONFIG_SLUB=y +# CONFIG_SLOB is not set # CONFIG_PROFILING is not set CONFIG_TRACEPOINTS=y CONFIG_HAVE_OPROFILE=y @@ -161,6 +163,7 @@ CONFIG_HAVE_DMA_API_DEBUG=y CONFIG_HAVE_ARCH_JUMP_LABEL=y CONFIG_HAVE_ARCH_SECCOMP_FILTER=y CONFIG_SECCOMP_FILTER=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y CONFIG_OLD_SIGSUSPEND3=y # @@ -308,6 +311,7 @@ CONFIG_YENTA_TOSHIBA=y CONFIG_BINFMT_ELF=y CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE=y CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y +CONFIG_BINFMT_SCRIPT=y CONFIG_BINFMT_MISC=y CONFIG_COREDUMP=y CONFIG_NET=y @@ -339,6 +343,7 @@ CONFIG_IP_ROUTE_CLASSID=y # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=m CONFIG_NET_IPGRE_DEMUX=m +CONFIG_NET_IP_TUNNEL=m CONFIG_NET_IPGRE=m CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y @@ -690,7 +695,7 @@ CONFIG_ATM_CLIP=m CONFIG_ATM_BR2684=m # CONFIG_ATM_BR2684_IPFILTER is not set CONFIG_L2TP=m -CONFIG_L2TP_DEBUGFS=m +# CONFIG_L2TP_DEBUGFS is not set CONFIG_L2TP_V3=y CONFIG_L2TP_IP=m CONFIG_L2TP_ETH=m @@ -785,9 +790,12 @@ CONFIG_DNS_RESOLVER=y CONFIG_BATMAN_ADV=m CONFIG_BATMAN_ADV_BLA=y CONFIG_BATMAN_ADV_DAT=y +CONFIG_BATMAN_ADV_NC=y # CONFIG_BATMAN_ADV_DEBUG is not set CONFIG_OPENVSWITCH=m CONFIG_VSOCKETS=m +CONFIG_NETLINK_MMAP=y +CONFIG_NETLINK_DIAG=m CONFIG_NETPRIO_CGROUP=m CONFIG_BQL=y @@ -836,11 +844,12 @@ CONFIG_WEXT_PROC=y CONFIG_WEXT_SPY=y CONFIG_WEXT_PRIV=y CONFIG_CFG80211=m -CONFIG_NL80211_TESTMODE=y +# CONFIG_NL80211_TESTMODE is not set # CONFIG_CFG80211_DEVELOPER_WARNINGS is not set # CONFIG_CFG80211_REG_DEBUG is not set +# CONFIG_CFG80211_CERTIFICATION_ONUS is not set CONFIG_CFG80211_DEFAULT_PS=y -CONFIG_CFG80211_DEBUGFS=y +# CONFIG_CFG80211_DEBUGFS is not set # CONFIG_CFG80211_INTERNAL_REGDB is not set CONFIG_CFG80211_WEXT=y CONFIG_LIB80211=m @@ -850,13 +859,14 @@ CONFIG_LIB80211_CRYPT_TKIP=m # CONFIG_LIB80211_DEBUG is not set CONFIG_MAC80211=m CONFIG_MAC80211_HAS_RC=y +# CONFIG_MAC80211_RC_PID is not set CONFIG_MAC80211_RC_MINSTREL=y CONFIG_MAC80211_RC_MINSTREL_HT=y CONFIG_MAC80211_RC_DEFAULT_MINSTREL=y CONFIG_MAC80211_RC_DEFAULT="minstrel_ht" CONFIG_MAC80211_MESH=y CONFIG_MAC80211_LEDS=y -CONFIG_MAC80211_DEBUGFS=y +# CONFIG_MAC80211_DEBUGFS is not set # CONFIG_MAC80211_MESSAGE_TRACING is not set # CONFIG_MAC80211_DEBUG_MENU is not set # CONFIG_WIMAX is not set @@ -941,6 +951,7 @@ CONFIG_BLK_DEV_RSXX=m # # CONFIG_AD525X_DPOT is not set # CONFIG_ATMEL_PWM is not set +CONFIG_DUMMY_IRQ=m # CONFIG_PHANTOM is not set # CONFIG_INTEL_MID_PTI is not set CONFIG_TIFM_CORE=m @@ -962,6 +973,7 @@ CONFIG_BMP085=y CONFIG_BMP085_I2C=m CONFIG_PCH_PHUB=m CONFIG_USB_SWITCH_FSA9480=m +# CONFIG_SRAM is not set # CONFIG_C2PORT is not set # @@ -1074,6 +1086,7 @@ CONFIG_SCSI_MPT3SAS_MAX_SGE=128 # CONFIG_SCSI_MPT3SAS_LOGGING is not set CONFIG_SCSI_UFSHCD=m CONFIG_SCSI_UFSHCD_PCI=m +CONFIG_SCSI_UFSHCD_PLATFORM=m CONFIG_SCSI_HPTIOP=m CONFIG_LIBFC=m CONFIG_LIBFCOE=m @@ -1207,6 +1220,7 @@ CONFIG_PATA_CMD640_PCI=m CONFIG_PATA_MPIIX=m CONFIG_PATA_NS87410=m CONFIG_PATA_OPTI=m +# CONFIG_PATA_PLATFORM is not set CONFIG_PATA_RZ1000=m # @@ -1224,6 +1238,10 @@ CONFIG_MD_RAID10=m CONFIG_MD_RAID456=m CONFIG_MD_MULTIPATH=m CONFIG_MD_FAULTY=m +CONFIG_BCACHE=m +# CONFIG_BCACHE_DEBUG is not set +# CONFIG_BCACHE_EDEBUG is not set +# CONFIG_BCACHE_CLOSURES_DEBUG is not set CONFIG_BLK_DEV_DM=y # CONFIG_DM_DEBUG is not set CONFIG_DM_BUFIO=m @@ -1339,6 +1357,7 @@ CONFIG_ATL2=m CONFIG_ATL1=m CONFIG_ATL1E=m CONFIG_ATL1C=m +CONFIG_ALX=m CONFIG_NET_CADENCE=y CONFIG_ARM_AT91_ETHER=m CONFIG_MACB=m @@ -1431,6 +1450,7 @@ CONFIG_ETHOC=m CONFIG_NET_VENDOR_QLOGIC=y CONFIG_QLA3XXX=m CONFIG_QLCNIC=m +CONFIG_QLCNIC_SRIOV=y CONFIG_QLGE=m CONFIG_NETXEN_NIC=m CONFIG_NET_VENDOR_REALTEK=y @@ -1461,8 +1481,6 @@ CONFIG_STMMAC_PLATFORM=y CONFIG_STMMAC_PCI=y # CONFIG_STMMAC_DEBUG_FS is not set # CONFIG_STMMAC_DA is not set -CONFIG_STMMAC_RING=y -# CONFIG_STMMAC_CHAINED is not set CONFIG_NET_VENDOR_SUN=y CONFIG_HAPPYMEAL=m CONFIG_CASSINI=m @@ -1531,6 +1549,7 @@ CONFIG_USB_CATC=m CONFIG_USB_KAWETH=m CONFIG_USB_PEGASUS=m CONFIG_USB_RTL8150=m +CONFIG_USB_RTL8152=m CONFIG_USB_USBNET=m CONFIG_USB_NET_AX8817X=m CONFIG_USB_NET_AX88179_178A=m @@ -1591,14 +1610,12 @@ CONFIG_ATH9K_BTCOEX_SUPPORT=y CONFIG_ATH9K=m CONFIG_ATH9K_PCI=y CONFIG_ATH9K_AHB=y -CONFIG_ATH9K_DEBUGFS=y -CONFIG_ATH9K_MAC_DEBUG=y -CONFIG_ATH9K_RATE_CONTROL=y +# CONFIG_ATH9K_DEBUGFS is not set +# CONFIG_ATH9K_LEGACY_RATE_CONTROL is not set CONFIG_ATH9K_HTC=m # CONFIG_ATH9K_HTC_DEBUGFS is not set CONFIG_CARL9170=m CONFIG_CARL9170_LEDS=y -# CONFIG_CARL9170_DEBUGFS is not set CONFIG_CARL9170_WPC=y # CONFIG_CARL9170_HWRNG is not set # CONFIG_ATH6KL is not set @@ -1613,7 +1630,6 @@ CONFIG_B43_SDIO=y CONFIG_B43_PIO=y CONFIG_B43_PHY_N=y CONFIG_B43_PHY_LP=y -# CONFIG_B43_PHY_HT is not set CONFIG_B43_LEDS=y CONFIG_B43_HWRNG=y # CONFIG_B43_DEBUG is not set @@ -1654,7 +1670,6 @@ CONFIG_IWL3945=m # iwl3945 / iwl4965 Debugging Options # # CONFIG_IWLEGACY_DEBUG is not set -# CONFIG_IWLEGACY_DEBUGFS is not set CONFIG_LIBERTAS=m CONFIG_LIBERTAS_USB=m CONFIG_LIBERTAS_SDIO=m @@ -1686,6 +1701,7 @@ CONFIG_RT2800USB=m CONFIG_RT2800USB_RT33XX=y CONFIG_RT2800USB_RT35XX=y CONFIG_RT2800USB_RT53XX=y +CONFIG_RT2800USB_RT55XX=y CONFIG_RT2800USB_UNKNOWN=y CONFIG_RT2800_LIB=m CONFIG_RT2X00_LIB_MMIO=m @@ -1695,7 +1711,6 @@ CONFIG_RT2X00_LIB=m CONFIG_RT2X00_LIB_FIRMWARE=y CONFIG_RT2X00_LIB_CRYPTO=y CONFIG_RT2X00_LIB_LEDS=y -CONFIG_RT2X00_LIB_DEBUGFS=y # CONFIG_RT2X00_DEBUG is not set CONFIG_RTLWIFI=m # CONFIG_RTLWIFI_DEBUG is not set @@ -1703,6 +1718,7 @@ CONFIG_RTL8192CE=m CONFIG_RTL8192SE=m CONFIG_RTL8192DE=m CONFIG_RTL8723AE=m +CONFIG_RTL8188EE=m CONFIG_RTL8192CU=m CONFIG_RTL8192C_COMMON=m CONFIG_WL_TI=y @@ -1909,6 +1925,7 @@ CONFIG_INPUT_UINPUT=m # CONFIG_INPUT_PCF8574 is not set CONFIG_INPUT_GPIO_ROTARY_ENCODER=m # CONFIG_INPUT_ADXL34X is not set +# CONFIG_INPUT_IMS_PCU is not set # CONFIG_INPUT_CMA3000 is not set # @@ -1985,6 +2002,7 @@ CONFIG_SERIAL_ARC=m CONFIG_SERIAL_ARC_NR_PORTS=1 CONFIG_SERIAL_RP2=m CONFIG_SERIAL_RP2_NR_UARTS=32 +# CONFIG_TTY_PRINTK is not set CONFIG_PRINTER=m CONFIG_LP_CONSOLE=y CONFIG_PPDEV=m @@ -2070,6 +2088,11 @@ CONFIG_I2C_STUB=m # CONFIG_I2C_DEBUG_ALGO is not set # CONFIG_I2C_DEBUG_BUS is not set # CONFIG_SPI is not set + +# +# Qualcomm MSM SSBI bus support +# +# CONFIG_SSBI is not set CONFIG_HSI=m CONFIG_HSI_BOARDINFO=y @@ -2169,6 +2192,7 @@ CONFIG_W1_MASTER_DS1WM=m CONFIG_W1_SLAVE_THERM=m CONFIG_W1_SLAVE_SMEM=m CONFIG_W1_SLAVE_DS2408=m +CONFIG_W1_SLAVE_DS2408_READBACK=y CONFIG_W1_SLAVE_DS2413=m CONFIG_W1_SLAVE_DS2423=m CONFIG_W1_SLAVE_DS2431=m @@ -2192,7 +2216,6 @@ CONFIG_GENERIC_ADC_BATTERY=m # CONFIG_BATTERY_BQ27x00 is not set # CONFIG_BATTERY_MAX17040 is not set # CONFIG_BATTERY_MAX17042 is not set -# CONFIG_CHARGER_ISP1704 is not set # CONFIG_CHARGER_MAX8903 is not set # CONFIG_CHARGER_LP8727 is not set # CONFIG_CHARGER_GPIO is not set @@ -2216,6 +2239,7 @@ CONFIG_SENSORS_ADM1026=m CONFIG_SENSORS_ADM1029=m CONFIG_SENSORS_ADM1031=m CONFIG_SENSORS_ADM9240=m +CONFIG_SENSORS_ADT7X10=m CONFIG_SENSORS_ADT7410=m CONFIG_SENSORS_ADT7411=m CONFIG_SENSORS_ADT7462=m @@ -2236,6 +2260,7 @@ CONFIG_SENSORS_GL520SM=m CONFIG_SENSORS_HIH6130=m CONFIG_SENSORS_IBMAEM=m CONFIG_SENSORS_IBMPEX=m +# CONFIG_SENSORS_IIO_HWMON is not set CONFIG_SENSORS_IT87=m # CONFIG_SENSORS_JC42 is not set CONFIG_SENSORS_LINEAGE=m @@ -2255,6 +2280,7 @@ CONFIG_SENSORS_LTC4151=m CONFIG_SENSORS_LTC4215=m CONFIG_SENSORS_LTC4245=m CONFIG_SENSORS_LTC4261=m +CONFIG_SENSORS_LM95234=m CONFIG_SENSORS_LM95241=m CONFIG_SENSORS_LM95245=m CONFIG_SENSORS_MAX16065=m @@ -2266,6 +2292,7 @@ CONFIG_SENSORS_MAX6642=m CONFIG_SENSORS_MAX6650=m CONFIG_SENSORS_MAX6697=m CONFIG_SENSORS_MCP3021=m +CONFIG_SENSORS_NCT6775=m CONFIG_SENSORS_NTC_THERMISTOR=m CONFIG_SENSORS_PC87360=m CONFIG_SENSORS_PC87427=m @@ -2365,6 +2392,7 @@ CONFIG_SSB_PCIHOST=y CONFIG_SSB_B43_PCI_BRIDGE=y CONFIG_SSB_SDIOHOST_POSSIBLE=y CONFIG_SSB_SDIOHOST=y +# CONFIG_SSB_SILENT is not set # CONFIG_SSB_DEBUG is not set CONFIG_SSB_DRIVER_PCICORE_POSSIBLE=y CONFIG_SSB_DRIVER_PCICORE=y @@ -2380,31 +2408,35 @@ CONFIG_BCMA_POSSIBLE=y # Multifunction device drivers # CONFIG_MFD_CORE=m +# CONFIG_MFD_CROS_EC is not set +# CONFIG_MFD_MC13XXX_I2C is not set +# CONFIG_HTC_PASIC3 is not set +CONFIG_LPC_ICH=m +CONFIG_LPC_SCH=m +# CONFIG_MFD_JANZ_CMODIO is not set +CONFIG_MFD_VIPERBOARD=m +CONFIG_MFD_RETU=m +# CONFIG_MFD_PCF50633 is not set +# CONFIG_UCB1400_CORE is not set +# CONFIG_MFD_RDC321X is not set +CONFIG_MFD_RTSX_PCI=m +# CONFIG_MFD_SI476X_CORE is not set CONFIG_MFD_SM501=m CONFIG_MFD_SM501_GPIO=y -CONFIG_MFD_RTSX_PCI=m +# CONFIG_ABX500_CORE is not set +# CONFIG_MFD_SYSCON is not set # CONFIG_MFD_TI_AM335X_TSCADC is not set -# CONFIG_HTC_PASIC3 is not set -# CONFIG_UCB1400_CORE is not set -CONFIG_MFD_LM3533=m # CONFIG_TPS6105X is not set # CONFIG_TPS65010 is not set # CONFIG_TPS6507X is not set # CONFIG_MFD_TPS65217 is not set -# CONFIG_MFD_TMIO is not set -# CONFIG_MFD_ARIZONA_I2C is not set -# CONFIG_MFD_PCF50633 is not set -# CONFIG_MFD_MC13XXX_I2C is not set -# CONFIG_ABX500_CORE is not set +# CONFIG_MFD_TPS65912 is not set +CONFIG_MFD_WL1273_CORE=m +CONFIG_MFD_LM3533=m # CONFIG_MFD_TIMBERDALE is not set -CONFIG_LPC_SCH=m -CONFIG_LPC_ICH=m -# CONFIG_MFD_RDC321X is not set -# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_TMIO is not set CONFIG_MFD_VX855=m -CONFIG_MFD_WL1273_CORE=m -CONFIG_MFD_VIPERBOARD=m -CONFIG_MFD_RETU=m +# CONFIG_MFD_ARIZONA_I2C is not set # CONFIG_REGULATOR is not set CONFIG_MEDIA_SUPPORT=y @@ -2582,7 +2614,6 @@ CONFIG_DVB_USB_FRIIO=m CONFIG_DVB_USB_AZ6027=m CONFIG_DVB_USB_TECHNISAT_USB2=m CONFIG_DVB_USB_V2=m -CONFIG_DVB_USB_CYPRESS_FIRMWARE=m CONFIG_DVB_USB_AF9015=m CONFIG_DVB_USB_AF9035=m CONFIG_DVB_USB_ANYSEE=m @@ -2693,16 +2724,19 @@ CONFIG_MEDIA_COMMON_OPTIONS=y CONFIG_VIDEO_CX2341X=m CONFIG_VIDEO_BTCX=m CONFIG_VIDEO_TVEEPROM=m +CONFIG_CYPRESS_FIRMWARE=m CONFIG_DVB_B2C2_FLEXCOP=m CONFIG_VIDEO_SAA7146=m CONFIG_VIDEO_SAA7146_VV=m CONFIG_SMS_SIANO_MDTV=m CONFIG_SMS_SIANO_RC=y +# CONFIG_SMS_SIANO_DEBUGFS is not set # # Media ancillary drivers (tuners, sensors, i2c, frontends) # CONFIG_MEDIA_SUBDRV_AUTOSELECT=y +CONFIG_MEDIA_ATTACH=y CONFIG_VIDEO_IR_I2C=m # @@ -2738,7 +2772,6 @@ CONFIG_VIDEO_CX25840=m # # Camera sensor devices # -CONFIG_VIDEO_OV7670=m CONFIG_VIDEO_MT9V011=m # @@ -2774,7 +2807,6 @@ CONFIG_SOC_CAMERA_OV9640=m CONFIG_SOC_CAMERA_OV9740=m CONFIG_SOC_CAMERA_RJ54N1=m CONFIG_SOC_CAMERA_TW9910=m -CONFIG_MEDIA_ATTACH=y CONFIG_MEDIA_TUNER=m CONFIG_MEDIA_TUNER_SIMPLE=m CONFIG_MEDIA_TUNER_TDA8290=m @@ -2802,6 +2834,8 @@ CONFIG_MEDIA_TUNER_TDA18212=m CONFIG_MEDIA_TUNER_E4000=m CONFIG_MEDIA_TUNER_FC2580=m CONFIG_MEDIA_TUNER_TUA9001=m +CONFIG_MEDIA_TUNER_IT913X=m +CONFIG_MEDIA_TUNER_R820T=m # # Multistandard (satellite) frontends @@ -2954,78 +2988,64 @@ CONFIG_DRM_UDL=m CONFIG_DRM_AST=m CONFIG_DRM_MGAG200=m CONFIG_DRM_CIRRUS_QEMU=m -CONFIG_VGASTATE=m +CONFIG_DRM_QXL=m +# CONFIG_VGASTATE is not set CONFIG_VIDEO_OUTPUT_CONTROL=m CONFIG_HDMI=y -CONFIG_FB=y +CONFIG_FB=m # CONFIG_FIRMWARE_EDID is not set -CONFIG_FB_DDC=m +# CONFIG_FB_DDC is not set +# CONFIG_FB_BOOT_VESA_SUPPORT is not set +CONFIG_FB_CFB_FILLRECT=m +CONFIG_FB_CFB_COPYAREA=m +CONFIG_FB_CFB_IMAGEBLIT=m # CONFIG_FB_CFB_REV_PIXELS_IN_BYTE is not set +CONFIG_FB_SYS_FILLRECT=m +CONFIG_FB_SYS_COPYAREA=m +CONFIG_FB_SYS_IMAGEBLIT=m # CONFIG_FB_FOREIGN_ENDIAN is not set -# CONFIG_FB_WMT_GE_ROPS is not set +CONFIG_FB_SYS_FOPS=m CONFIG_FB_DEFERRED_IO=y -CONFIG_FB_SVGALIB=m +# CONFIG_FB_SVGALIB is not set # CONFIG_FB_MACMODES is not set -CONFIG_FB_BACKLIGHT=y -CONFIG_FB_MODE_HELPERS=y -CONFIG_FB_TILEBLITTING=y +# CONFIG_FB_MODE_HELPERS is not set +# CONFIG_FB_TILEBLITTING is not set # # Frame buffer hardware drivers # -CONFIG_FB_CIRRUS=m +# CONFIG_FB_CIRRUS is not set # CONFIG_FB_PM2 is not set # CONFIG_FB_CYBER2000 is not set -# CONFIG_FB_ASILIANT is not set -# CONFIG_FB_IMSTT is not set # CONFIG_FB_UVESA is not set # CONFIG_FB_S1D13XXX is not set -CONFIG_FB_NVIDIA=m -CONFIG_FB_NVIDIA_I2C=y -# CONFIG_FB_NVIDIA_DEBUG is not set -CONFIG_FB_NVIDIA_BACKLIGHT=y -CONFIG_FB_RIVA=m -# CONFIG_FB_RIVA_I2C is not set -# CONFIG_FB_RIVA_DEBUG is not set -CONFIG_FB_RIVA_BACKLIGHT=y -CONFIG_FB_I740=m -CONFIG_FB_MATROX=m -CONFIG_FB_MATROX_MILLENIUM=y -CONFIG_FB_MATROX_MYSTIQUE=y -CONFIG_FB_MATROX_G=y -CONFIG_FB_MATROX_I2C=m -CONFIG_FB_MATROX_MAVEN=m -CONFIG_FB_ATY128=m -CONFIG_FB_ATY128_BACKLIGHT=y -CONFIG_FB_ATY=m -CONFIG_FB_ATY_CT=y -CONFIG_FB_ATY_GENERIC_LCD=y -CONFIG_FB_ATY_GX=y -CONFIG_FB_ATY_BACKLIGHT=y -CONFIG_FB_S3=m -CONFIG_FB_S3_DDC=y +# CONFIG_FB_NVIDIA is not set +# CONFIG_FB_RIVA is not set +# CONFIG_FB_I740 is not set +# CONFIG_FB_MATROX is not set +# CONFIG_FB_RADEON is not set +# CONFIG_FB_ATY128 is not set +# CONFIG_FB_ATY is not set +# CONFIG_FB_S3 is not set +# CONFIG_FB_SAVAGE is not set # CONFIG_FB_SIS is not set -CONFIG_FB_NEOMAGIC=m -CONFIG_FB_KYRO=m -CONFIG_FB_3DFX=m -CONFIG_FB_3DFX_ACCEL=y -CONFIG_FB_3DFX_I2C=y -CONFIG_FB_VOODOO1=m +# CONFIG_FB_NEOMAGIC is not set +# CONFIG_FB_KYRO is not set +# CONFIG_FB_3DFX is not set +# CONFIG_FB_VOODOO1 is not set # CONFIG_FB_VT8623 is not set -CONFIG_FB_TRIDENT=m +# CONFIG_FB_TRIDENT is not set # CONFIG_FB_ARK is not set # CONFIG_FB_PM3 is not set # CONFIG_FB_CARMINE is not set # CONFIG_FB_TMIO is not set -CONFIG_FB_SM501=m +# CONFIG_FB_SM501 is not set # CONFIG_FB_SMSCUFX is not set -CONFIG_FB_UDL=m +# CONFIG_FB_UDL is not set # CONFIG_FB_GOLDFISH is not set -CONFIG_FB_VIRTUAL=m -CONFIG_FB_METRONOME=m -CONFIG_FB_MB862XX=m -CONFIG_FB_MB862XX_PCI_GDC=y -CONFIG_FB_MB862XX_I2C=y +# CONFIG_FB_VIRTUAL is not set +# CONFIG_FB_METRONOME is not set +# CONFIG_FB_MB862XX is not set # CONFIG_FB_BROADSHEET is not set # CONFIG_FB_AUO_K190X is not set # CONFIG_EXYNOS_VIDEO is not set @@ -3045,12 +3065,9 @@ CONFIG_BACKLIGHT_CLASS_DEVICE=y # Console display driver support # CONFIG_DUMMY_CONSOLE=y -CONFIG_FRAMEBUFFER_CONSOLE=y -CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y -CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y -# CONFIG_FONTS is not set -CONFIG_FONT_8x8=y +# CONFIG_FRAMEBUFFER_CONSOLE is not set CONFIG_FONT_8x16=y +CONFIG_FONT_AUTOSELECT=y CONFIG_LOGO=y # CONFIG_LOGO_LINUX_MONO is not set # CONFIG_LOGO_LINUX_VGA16 is not set @@ -3224,6 +3241,7 @@ CONFIG_HID_GENERIC=y CONFIG_HID_A4TECH=y # CONFIG_HID_ACRUX is not set CONFIG_HID_APPLE=y +# CONFIG_HID_APPLEIR is not set CONFIG_HID_AUREAL=m CONFIG_HID_BELKIN=y CONFIG_HID_CHERRY=y @@ -3310,12 +3328,11 @@ CONFIG_USB_ANNOUNCE_NEW_DEVICES=y # # Miscellaneous USB options # +CONFIG_USB_DEFAULT_PERSIST=y # CONFIG_USB_DYNAMIC_MINORS is not set -CONFIG_USB_SUSPEND=y # CONFIG_USB_OTG is not set -CONFIG_USB_DWC3=m -CONFIG_USB_DWC3_HOST=y -# CONFIG_USB_DWC3_DEBUG is not set +# CONFIG_USB_OTG_WHITELIST is not set +# CONFIG_USB_OTG_BLACKLIST_HUB is not set CONFIG_USB_MON=m CONFIG_USB_WUSB=m CONFIG_USB_WUSB_CBAF=m @@ -3332,13 +3349,13 @@ CONFIG_USB_EHCI_HCD=y CONFIG_USB_EHCI_ROOT_HUB_TT=y CONFIG_USB_EHCI_TT_NEWSCHED=y CONFIG_USB_EHCI_PCI=y +CONFIG_USB_EHCI_HCD_PLATFORM=y # CONFIG_USB_OXU210HP_HCD is not set # CONFIG_USB_ISP116X_HCD is not set # CONFIG_USB_ISP1760_HCD is not set CONFIG_USB_ISP1362_HCD=m CONFIG_USB_OHCI_HCD=y CONFIG_USB_OHCI_HCD_PLATFORM=y -CONFIG_USB_EHCI_HCD_PLATFORM=y # CONFIG_USB_OHCI_BIG_ENDIAN_DESC is not set # CONFIG_USB_OHCI_BIG_ENDIAN_MMIO is not set CONFIG_USB_OHCI_LITTLE_ENDIAN=y @@ -3350,9 +3367,6 @@ CONFIG_USB_SL811_HCD_ISO=y CONFIG_USB_WHCI_HCD=m CONFIG_USB_HWA_HCD=m CONFIG_USB_HCD_SSB=m -CONFIG_USB_CHIPIDEA=m -# CONFIG_USB_CHIPIDEA_HOST is not set -# CONFIG_USB_CHIPIDEA_DEBUG is not set # # USB Device Class drivers @@ -3391,6 +3405,12 @@ CONFIG_USB_STORAGE_ENE_UB6250=m # CONFIG_USB_MDC800=m CONFIG_USB_MICROTEK=m +CONFIG_USB_DWC3=m +CONFIG_USB_DWC3_HOST=y +# CONFIG_USB_DWC3_DEBUG is not set +CONFIG_USB_CHIPIDEA=m +# CONFIG_USB_CHIPIDEA_HOST is not set +# CONFIG_USB_CHIPIDEA_DEBUG is not set # # USB port drivers @@ -3449,6 +3469,7 @@ CONFIG_USB_SERIAL_OPTION=m # CONFIG_USB_SERIAL_VIVOPAY_SERIAL is not set # CONFIG_USB_SERIAL_XSENS_MT is not set # CONFIG_USB_SERIAL_ZIO is not set +# CONFIG_USB_SERIAL_WISHBONE is not set CONFIG_USB_SERIAL_ZTE=m CONFIG_USB_SERIAL_SSU100=m CONFIG_USB_SERIAL_QT2=m @@ -3480,27 +3501,13 @@ CONFIG_USB_IOWARRIOR=m CONFIG_USB_YUREX=m CONFIG_USB_EZUSB_FX2=m CONFIG_USB_HSIC_USB3503=m - -# -# USB Physical Layer drivers -# -CONFIG_OMAP_USB3=m -CONFIG_OMAP_CONTROL_USB=m -CONFIG_USB_ISP1301=m -CONFIG_USB_RCAR_PHY=m CONFIG_USB_ATM=m CONFIG_USB_SPEEDTOUCH=m CONFIG_USB_CXACRU=m CONFIG_USB_UEAGLEATM=m CONFIG_USB_XUSBATM=m +# CONFIG_USB_PHY is not set # CONFIG_USB_GADGET is not set - -# -# OTG and related infrastructure -# -CONFIG_USB_OTG_UTILS=y -# CONFIG_USB_GPIO_VBUS is not set -CONFIG_NOP_USB_XCEIV=m CONFIG_UWB=m CONFIG_UWB_HWA=m CONFIG_UWB_WHCI=m @@ -3565,6 +3572,7 @@ CONFIG_LEDS_LP3944=m CONFIG_LEDS_LP55XX_COMMON=m CONFIG_LEDS_LP5521=m CONFIG_LEDS_LP5523=m +CONFIG_LEDS_LP5562=m # CONFIG_LEDS_PCA955X is not set CONFIG_LEDS_PCA9633=m # CONFIG_LEDS_BD2802 is not set @@ -3574,11 +3582,11 @@ CONFIG_LEDS_TCA6507=m CONFIG_LEDS_LM355x=m CONFIG_LEDS_OT200=m CONFIG_LEDS_BLINKM=m -CONFIG_LEDS_TRIGGERS=y # # LED Triggers # +CONFIG_LEDS_TRIGGERS=y CONFIG_LEDS_TRIGGER_TIMER=m CONFIG_LEDS_TRIGGER_ONESHOT=m CONFIG_LEDS_TRIGGER_HEARTBEAT=m @@ -3591,6 +3599,7 @@ CONFIG_LEDS_TRIGGER_DEFAULT_ON=m # iptables trigger is under Netfilter config (LED target) # CONFIG_LEDS_TRIGGER_TRANSIENT=m +CONFIG_LEDS_TRIGGER_CAMERA=m # CONFIG_ACCESSIBILITY is not set # CONFIG_INFINIBAND is not set CONFIG_RTC_LIB=y @@ -3689,6 +3698,7 @@ CONFIG_UIO_AEC=m CONFIG_UIO_SERCOS3=m CONFIG_UIO_PCI_GENERIC=m # CONFIG_UIO_NETX is not set +CONFIG_VIRT_DRIVERS=y CONFIG_VIRTIO=y # @@ -3734,7 +3744,6 @@ CONFIG_RTLLIB_CRYPTO_WEP=m # # IIO staging drivers # -# CONFIG_IIO_ST_HWMON is not set # # Accelerometers @@ -3746,7 +3755,6 @@ CONFIG_RTLLIB_CRYPTO_WEP=m # CONFIG_AD7291 is not set # CONFIG_AD7606 is not set # CONFIG_AD799X is not set -# CONFIG_ADT7410 is not set # # Analog digital bi-direction converters @@ -3784,7 +3792,6 @@ CONFIG_RTLLIB_CRYPTO_WEP=m # # Magnetometer sensors # -# CONFIG_SENSORS_AK8975 is not set # CONFIG_SENSORS_HMC5843 is not set # @@ -3852,7 +3859,6 @@ CONFIG_IOMMU_SUPPORT=y # # Rpmsg drivers # -CONFIG_VIRT_DRIVERS=y # CONFIG_PM_DEVFREQ is not set # CONFIG_EXTCON is not set CONFIG_MEMORY=y @@ -3932,15 +3938,21 @@ CONFIG_HID_SENSOR_IIO_TRIGGER=m # # Magnetometer sensors # +# CONFIG_AK8975 is not set # CONFIG_HID_SENSOR_MAGNETOMETER_3D is not set # CONFIG_IIO_ST_MAGN_3AXIS is not set # CONFIG_VME_BUS is not set # CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set # # Firmware Drivers # +# +# EFI (Extensible Firmware Interface) Support +# + # # File systems # @@ -3965,12 +3977,15 @@ CONFIG_XFS_FS=m CONFIG_XFS_QUOTA=y CONFIG_XFS_POSIX_ACL=y CONFIG_XFS_RT=y +# CONFIG_XFS_WARN is not set # CONFIG_XFS_DEBUG is not set # CONFIG_GFS2_FS is not set # CONFIG_OCFS2_FS is not set CONFIG_BTRFS_FS=m CONFIG_BTRFS_FS_POSIX_ACL=y # CONFIG_BTRFS_FS_CHECK_INTEGRITY is not set +# CONFIG_BTRFS_FS_RUN_SANITY_TESTS is not set +# CONFIG_BTRFS_DEBUG is not set # CONFIG_NILFS2_FS is not set CONFIG_FS_POSIX_ACL=y CONFIG_EXPORTFS=y @@ -4218,7 +4233,7 @@ CONFIG_DEBUG_LIST=y # CONFIG_DEBUG_NOTIFIERS is not set # CONFIG_DEBUG_CREDENTIALS is not set CONFIG_FRAME_POINTER=y -CONFIG_BOOT_PRINTK_DELAY=y +# CONFIG_BOOT_PRINTK_DELAY is not set # # RCU Debugging @@ -4253,7 +4268,8 @@ CONFIG_FUNCTION_TRACER=y CONFIG_FUNCTION_GRAPH_TRACER=y # CONFIG_IRQSOFF_TRACER is not set CONFIG_SCHED_TRACER=y -# CONFIG_TRACER_SNAPSHOT is not set +CONFIG_TRACER_SNAPSHOT=y +# CONFIG_TRACER_SNAPSHOT_PER_CPU_SWAP is not set CONFIG_BRANCH_PROFILE_NONE=y # CONFIG_PROFILE_ANNOTATED_BRANCHES is not set # CONFIG_PROFILE_ALL_BRANCHES is not set @@ -4265,6 +4281,7 @@ CONFIG_FUNCTION_PROFILER=y CONFIG_FTRACE_MCOUNT_RECORD=y # CONFIG_FTRACE_STARTUP_TEST is not set CONFIG_RING_BUFFER_BENCHMARK=m +# CONFIG_RING_BUFFER_STARTUP_TEST is not set CONFIG_RBTREE_TEST=m # CONFIG_INTERVAL_TREE_TEST is not set # CONFIG_BUILD_DOCSRC is not set @@ -4275,6 +4292,7 @@ CONFIG_ASYNC_RAID6_TEST=m # CONFIG_SAMPLES is not set CONFIG_HAVE_ARCH_KGDB=y # CONFIG_KGDB is not set +# CONFIG_TEST_STRING_HELPERS is not set # CONFIG_TEST_KSTRTOX is not set CONFIG_STRICT_DEVMEM=y CONFIG_EARLY_PRINTK=y @@ -4336,6 +4354,7 @@ CONFIG_PAX_USERCOPY=y # CONFIG_GRKERNSEC_KMEM=y # CONFIG_GRKERNSEC_PERF_HARDEN is not set +CONFIG_GRKERNSEC_RAND_THREADSTACK=y CONFIG_GRKERNSEC_PROC_MEMMAP=y CONFIG_GRKERNSEC_BRUTE=y CONFIG_GRKERNSEC_MODHARDEN=y @@ -4473,7 +4492,7 @@ CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y # CONFIG_CRYPTO_USER is not set # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set -# CONFIG_CRYPTO_NULL is not set +CONFIG_CRYPTO_NULL=m CONFIG_CRYPTO_WORKQUEUE=y CONFIG_CRYPTO_CRYPTD=y CONFIG_CRYPTO_AUTHENC=m @@ -4498,6 +4517,7 @@ CONFIG_CRYPTO_PCBC=m # # Hash modes # +CONFIG_CRYPTO_CMAC=m CONFIG_CRYPTO_HMAC=y CONFIG_CRYPTO_XCBC=m CONFIG_CRYPTO_VMAC=m @@ -4574,7 +4594,7 @@ CONFIG_GENERIC_STRNCPY_FROM_USER=y CONFIG_GENERIC_STRNLEN_USER=y CONFIG_GENERIC_PCI_IOMAP=y CONFIG_GENERIC_IO=y -CONFIG_CRC_CCITT=m +CONFIG_CRC_CCITT=y CONFIG_CRC16=y CONFIG_CRC_T10DIF=y CONFIG_CRC_ITU_T=m diff --git a/kernel/config-i686-default b/kernel/config-i686-default index 414eb3520..f6d82d531 100644 --- a/kernel/config-i686-default +++ b/kernel/config-i686-default @@ -12,10 +12,23 @@ CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-ecx -fcall-saved-edx" # CONFIG_KTIME_SCALAR=y +# +# Timers subsystem +# +CONFIG_NO_HZ_IDLE=y + +# +# CPU/Task time and stats accounting +# +# CONFIG_TICK_CPU_ACCOUNTING is not set +CONFIG_IRQ_TIME_ACCOUNTING=y + # # RCU Subsystem # CONFIG_RCU_FANOUT=32 +# CONFIG_RCU_NOCB_CPU_NONE is not set +# CONFIG_RCU_NOCB_CPU_ZERO is not set # # Kernel Performance Events And Counters @@ -72,7 +85,9 @@ CONFIG_X86_ALIGNMENT_16=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_USE_PPRO_CHECKSUM=y CONFIG_X86_MINIMUM_CPU_FAMILY=5 +CONFIG_CPU_SUP_CYRIX_32=y CONFIG_CPU_SUP_TRANSMETA_32=y +CONFIG_CPU_SUP_UMC_32=y CONFIG_NR_CPUS=32 # CONFIG_X86_ANCIENT_MCE is not set CONFIG_VM86=y @@ -81,6 +96,9 @@ CONFIG_TOSHIBA=m # CONFIG_NOHIGHMEM is not set # CONFIG_HIGHMEM4G is not set CONFIG_HIGHMEM64G=y +CONFIG_VMSPLIT_3G=y +# CONFIG_VMSPLIT_2G is not set +# CONFIG_VMSPLIT_1G is not set CONFIG_PAGE_OFFSET=0xC0000000 CONFIG_HIGHMEM=y CONFIG_X86_PAE=y @@ -216,6 +234,11 @@ CONFIG_GEODE_WDT=m # CONFIG_VIDEO_CAFE_CCIC=m +# +# Camera sensor devices +# +CONFIG_VIDEO_OV7670=m + # # Graphics support # @@ -285,6 +308,11 @@ CONFIG_GRKERNSEC_VM86=y # # CONFIG_INTEL_TXT is not set +# +# Crypto core or helper +# +CONFIG_CRYPTO_GLUE_HELPER_X86=m + # # Ciphers # diff --git a/kernel/config-i686-legacy b/kernel/config-i686-legacy index 53a4ded71..4ef8e4a8b 100644 --- a/kernel/config-i686-legacy +++ b/kernel/config-i686-legacy @@ -5,6 +5,8 @@ # CONFIG_XEN_PRIVILEGED_GUEST is not set CONFIG_HIGHMEM4G=y # CONFIG_HIGHMEM64G is not set +# CONFIG_VMSPLIT_3G_OPT is not set +# CONFIG_VMSPLIT_2G_OPT is not set # CONFIG_PHYS_ADDR_T_64BIT is not set # @@ -57,6 +59,11 @@ CONFIG_MDIO_BUS_MUX_MMIOREG=m CONFIG_MOUSE_PS2_OLPC=y CONFIG_INPUT_PWM_BEEPER=m +# +# Hardware I/O ports +# +CONFIG_SERIO_APBPS2=m + # # Serial drivers # @@ -79,6 +86,11 @@ CONFIG_I2C_PXA_PCI=y # CONFIG_OF_GPIO=y +# +# Memory mapped GPIO drivers: +# +# CONFIG_GPIO_GRGPIO is not set + # # I2C GPIO expanders: # @@ -100,19 +112,6 @@ CONFIG_POWER_RESET_GPIO=y # Multifunction device drivers # CONFIG_MFD_CORE=y -# CONFIG_MFD_SYSCON is not set - -# -# I2C encoder or helper chips -# -CONFIG_DISPLAY_TIMING=y -CONFIG_VIDEOMODE=y -CONFIG_OF_DISPLAY_TIMING=y -CONFIG_OF_VIDEOMODE=y -CONFIG_FB_SYS_FILLRECT=m -CONFIG_FB_SYS_COPYAREA=m -CONFIG_FB_SYS_IMAGEBLIT=m -CONFIG_FB_SYS_FOPS=m # # Frame buffer hardware drivers @@ -123,7 +122,7 @@ CONFIG_BACKLIGHT_PWM=m # # Console display driver support # -CONFIG_FB_SSD1307=m +# CONFIG_FB_SSD1307 is not set # # LED drivers @@ -150,11 +149,21 @@ CONFIG_DMA_OF=y # CONFIG_XO1_RFKILL=m +# +# Common Clock Framework +# +# CONFIG_COMMON_CLK_SI5351 is not set + # # Hardware Spinlock drivers # CONFIG_OF_IOMMU=y +# +# Analog to digital converters +# +# CONFIG_EXYNOS_ADC is not set + # # Magnetometer sensors # diff --git a/kernel/config-x86-generic b/kernel/config-x86-generic index cad967316..958ca93f5 100644 --- a/kernel/config-x86-generic +++ b/kernel/config-x86-generic @@ -5,7 +5,6 @@ CONFIG_GENERIC_ISA_DMA=y CONFIG_ARCH_MAY_HAVE_PC_FDC=y CONFIG_RWSEM_XCHGADD_ALGORITHM=y CONFIG_ARCH_HAS_CPU_RELAX=y -CONFIG_ARCH_HAS_DEFAULT_IDLE=y CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y CONFIG_ARCH_HAS_CPU_AUTOPROBE=y CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y @@ -33,12 +32,6 @@ CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y CONFIG_GENERIC_CMOS_UPDATE=y -# -# CPU/Task time and stats accounting -# -# CONFIG_TICK_CPU_ACCOUNTING is not set -CONFIG_IRQ_TIME_ACCOUNTING=y - # # RCU Subsystem # @@ -48,6 +41,7 @@ CONFIG_RCU_FANOUT_LEAF=16 # CONFIG_RCU_FANOUT_EXACT is not set CONFIG_RCU_FAST_NO_HZ=y CONFIG_RCU_NOCB_CPU=y +CONFIG_RCU_NOCB_CPU_ALL=y CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y CONFIG_ARCH_WANTS_PROT_NUMA_PROT_NONE=y CONFIG_SYSCTL_EXCEPTION_TRACE=y @@ -79,8 +73,10 @@ CONFIG_X86_EXTENDED_PLATFORM=y CONFIG_X86_INTEL_LPSS=y CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y CONFIG_SCHED_OMIT_FRAME_POINTER=y -CONFIG_PARAVIRT_GUEST=y -CONFIG_PARAVIRT_TIME_ACCOUNTING=y +CONFIG_HYPERVISOR_GUEST=y +CONFIG_PARAVIRT=y +# CONFIG_PARAVIRT_DEBUG is not set +# CONFIG_PARAVIRT_SPINLOCKS is not set CONFIG_XEN=y CONFIG_XEN_DOM0=y CONFIG_XEN_PRIVILEGED_GUEST=y @@ -88,10 +84,8 @@ CONFIG_XEN_PVHVM=y CONFIG_XEN_SAVE_RESTORE=y CONFIG_XEN_DEBUG_FS=y CONFIG_KVM_GUEST=y -CONFIG_PARAVIRT=y -# CONFIG_PARAVIRT_SPINLOCKS is not set +CONFIG_PARAVIRT_TIME_ACCOUNTING=y CONFIG_PARAVIRT_CLOCK=y -# CONFIG_PARAVIRT_DEBUG is not set CONFIG_NO_BOOTMEM=y # CONFIG_MEMTEST is not set # CONFIG_MK8 is not set @@ -103,6 +97,7 @@ CONFIG_X86_TSC=y CONFIG_X86_CMPXCHG64=y CONFIG_X86_CMOV=y CONFIG_X86_DEBUGCTLMSR=y +# CONFIG_PROCESSOR_SELECT is not set CONFIG_CPU_SUP_INTEL=y CONFIG_CPU_SUP_AMD=y CONFIG_CPU_SUP_CENTAUR=y @@ -226,6 +221,7 @@ CONFIG_CPU_FREQ_GOV_COMMON=y CONFIG_CPU_FREQ_STAT=m CONFIG_CPU_FREQ_STAT_DETAILS=y # CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE=y # CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND is not set # CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE is not set @@ -243,6 +239,7 @@ CONFIG_X86_PCC_CPUFREQ=y CONFIG_X86_ACPI_CPUFREQ=y # CONFIG_X86_ACPI_CPUFREQ_CPB is not set CONFIG_X86_POWERNOW_K8=y +# CONFIG_X86_AMD_FREQ_SENSITIVITY is not set # CONFIG_X86_SPEEDSTEP_CENTRINO is not set CONFIG_X86_P4_CLOCKMOD=y @@ -263,6 +260,7 @@ CONFIG_PCI_DIRECT=y CONFIG_PCI_MMCONFIG=y CONFIG_PCI_XEN=y CONFIG_PCI_DOMAINS=y +# CONFIG_PCI_CNB20LE_QUIRK is not set CONFIG_PCIEPORTBUS=y CONFIG_HOTPLUG_PCI_PCIE=y CONFIG_PCIEAER=y @@ -336,7 +334,8 @@ CONFIG_VMWARE_BALLOON=m # # Altera FPGA firmware download module # -# CONFIG_INTEL_MEI is not set +CONFIG_INTEL_MEI=m +CONFIG_INTEL_MEI_ME=m CONFIG_VMWARE_VMCI=m # @@ -378,6 +377,12 @@ CONFIG_ATM_FIRESTREAM=m CONFIG_ATM_HE=m # CONFIG_ATM_HE_USE_SUNI is not set +# +# CAIF transport drivers +# +CONFIG_VHOST_NET=m +CONFIG_VHOST_RING=m + # # Distributed Switch Architecture drivers # @@ -578,7 +583,6 @@ CONFIG_VIDEO_MEYE=m # # Media digital TV PCI Adapters # -CONFIG_VIDEO_VIA_CAMERA=m CONFIG_VIDEO_SH_MOBILE_CSI2=m CONFIG_VIDEO_SH_MOBILE_CEU=m @@ -610,40 +614,20 @@ CONFIG_DRM_SIS=m CONFIG_DRM_GMA500=m CONFIG_DRM_GMA600=y CONFIG_DRM_GMA3600=y -CONFIG_FB_BOOT_VESA_SUPPORT=y -CONFIG_FB_CFB_FILLRECT=y -CONFIG_FB_CFB_COPYAREA=y -CONFIG_FB_CFB_IMAGEBLIT=y -CONFIG_FB_SYS_FILLRECT=y -CONFIG_FB_SYS_COPYAREA=y -CONFIG_FB_SYS_IMAGEBLIT=y -CONFIG_FB_SYS_FOPS=y +CONFIG_FB_BACKLIGHT=y # # Frame buffer hardware drivers # # CONFIG_FB_ARC is not set -CONFIG_FB_VGA16=m -CONFIG_FB_VESA=y -CONFIG_FB_EFI=y +# CONFIG_FB_VGA16 is not set # CONFIG_FB_N411 is not set # CONFIG_FB_HGA is not set # CONFIG_FB_LE80578 is not set -CONFIG_FB_RADEON=m -CONFIG_FB_RADEON_I2C=y -CONFIG_FB_RADEON_BACKLIGHT=y -# CONFIG_FB_RADEON_DEBUG is not set -CONFIG_FB_SAVAGE=m -CONFIG_FB_SAVAGE_I2C=y -CONFIG_FB_SAVAGE_ACCEL=y -CONFIG_FB_VIA=m -# CONFIG_FB_VIA_DIRECT_PROCFS is not set -CONFIG_FB_VIA_X_COMPATIBILITY=y -CONFIG_FB_GEODE=y -CONFIG_FB_GEODE_LX=y -CONFIG_FB_GEODE_GX=y -# CONFIG_FB_GEODE_GX1 is not set -CONFIG_XEN_FBDEV_FRONTEND=y +# CONFIG_FB_INTEL is not set +# CONFIG_FB_VIA is not set +# CONFIG_FB_GEODE is not set +CONFIG_XEN_FBDEV_FRONTEND=m CONFIG_BACKLIGHT_APPLE=m # CONFIG_BACKLIGHT_SAHARA is not set @@ -651,8 +635,7 @@ CONFIG_BACKLIGHT_APPLE=m # Console display driver support # CONFIG_VGA_CONSOLE=y -CONFIG_VGACON_SOFT_SCROLLBACK=y -CONFIG_VGACON_SOFT_SCROLLBACK_SIZE=128 +# CONFIG_VGACON_SOFT_SCROLLBACK is not set CONFIG_SND_DMA_SGBUF=y CONFIG_SND_PCSP=m CONFIG_SND_SB_COMMON=m @@ -706,6 +689,7 @@ CONFIG_INTEL_IOATDMA=m CONFIG_DW_DMAC=m # CONFIG_DW_DMAC_BIG_ENDIAN_IO is not set CONFIG_PCH_DMA=m +CONFIG_DMA_ACPI=y # # DMA Clients @@ -733,7 +717,7 @@ CONFIG_XEN_XENBUS_FRONTEND=y CONFIG_XEN_GNTDEV=m CONFIG_XEN_GRANT_DEV_ALLOC=m CONFIG_SWIOTLB_XEN=y -CONFIG_XEN_TMEM=y +CONFIG_XEN_TMEM=m CONFIG_XEN_PCIDEV_BACKEND=m CONFIG_XEN_PRIVCMD=m CONFIG_XEN_ACPI_PROCESSOR=m @@ -748,6 +732,9 @@ CONFIG_XEN_HAVE_PVMMU=y # # Android # +CONFIG_USB_DWC2=m +# CONFIG_USB_DWC2_DEBUG is not set +# CONFIG_USB_DWC2_TRACK_MISSED_SOFS is not set CONFIG_X86_PLATFORM_DEVICES=y CONFIG_ACER_WMI=m CONFIG_ACERHDF=m @@ -795,6 +782,7 @@ CONFIG_MXM_WMI=m CONFIG_INTEL_OAKTRAIL=m CONFIG_SAMSUNG_Q10=m # CONFIG_APPLE_GMUX is not set +CONFIG_PVPANIC=m CONFIG_COMMON_CLK=y # @@ -825,9 +813,6 @@ CONFIG_INTEL_IOMMU_FLOPPY_WA=y CONFIG_EDD=m # CONFIG_EDD_OFF is not set CONFIG_FIRMWARE_MEMMAP=y -CONFIG_EFI_VARS=y -CONFIG_EFI_VARS_PSTORE=y -# CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE is not set CONFIG_DELL_RBU=m CONFIG_DCDBAS=m CONFIG_DMIID=y @@ -836,6 +821,13 @@ CONFIG_ISCSI_IBFT_FIND=y CONFIG_ISCSI_IBFT=m # CONFIG_GOOGLE_FIRMWARE is not set +# +# EFI (Extensible Firmware Interface) Support +# +CONFIG_EFI_VARS=y +CONFIG_EFI_VARS_PSTORE=y +# CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE is not set + # # File systems # @@ -845,6 +837,7 @@ CONFIG_DCACHE_WORD_ACCESS=y # Pseudo filesystems # # CONFIG_HUGETLBFS is not set +CONFIG_EFIVAR_FS=m # # Kernel hacking @@ -861,6 +854,8 @@ CONFIG_ARCH_WANT_FRAME_POINTERS=y CONFIG_RCU_CPU_STALL_TIMEOUT=60 # CONFIG_RCU_CPU_STALL_INFO is not set # CONFIG_DEBUG_PER_CPU_MAPS is not set +CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y +# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set CONFIG_USER_STACKTRACE_SUPPORT=y CONFIG_FTRACE_SYSCALLS=y # CONFIG_UPROBE_EVENT is not set @@ -871,6 +866,7 @@ CONFIG_DYNAMIC_FTRACE_WITH_REGS=y CONFIG_DEBUG_STACKOVERFLOW=y # CONFIG_X86_PTDUMP is not set CONFIG_DEBUG_NX_TEST=m +# CONFIG_DEBUG_TLBFLUSH is not set # CONFIG_IOMMU_STRESS is not set CONFIG_IO_DELAY_TYPE_0X80=0 CONFIG_IO_DELAY_TYPE_0XED=1 @@ -884,7 +880,6 @@ CONFIG_DEFAULT_IO_DELAY_TYPE=0 CONFIG_DEBUG_BOOT_PARAMS=y # CONFIG_CPA_DEBUG is not set CONFIG_OPTIMIZE_INLINING=y -# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set # CONFIG_DEBUG_NMI_SELFTEST is not set # @@ -919,7 +914,6 @@ CONFIG_PAX_REFCOUNT=y # Kernel Auditing # CONFIG_GRKERNSEC_RWXMAP_LOG=y -CONFIG_GRKERNSEC_AUDIT_TEXTREL=y # # Executable Protections @@ -930,8 +924,6 @@ CONFIG_GRKERNSEC_SETXID=y # Logging Options # CONFIG_LSM_MMAP_MIN_ADDR=65536 -CONFIG_ASYNC_TX_DISABLE_PQ_VAL_DMA=y -CONFIG_ASYNC_TX_DISABLE_XOR_VAL_DMA=y # # Crypto core or helper @@ -939,7 +931,6 @@ CONFIG_ASYNC_TX_DISABLE_XOR_VAL_DMA=y CONFIG_CRYPTO_GF128MUL=y CONFIG_CRYPTO_PCRYPT=m CONFIG_CRYPTO_ABLK_HELPER_X86=y -CONFIG_CRYPTO_GLUE_HELPER_X86=m # # Block modes @@ -971,7 +962,7 @@ CONFIG_KVM=m CONFIG_KVM_INTEL=m CONFIG_KVM_AMD=m CONFIG_KVM_MMU_AUDIT=y -CONFIG_VHOST_NET=m +CONFIG_KVM_DEVICE_ASSIGNMENT=y # # Library routines diff --git a/kernel/config-x86_64-default b/kernel/config-x86_64-default index c2f69c2df..6f7126dba 100644 --- a/kernel/config-x86_64-default +++ b/kernel/config-x86_64-default @@ -14,15 +14,25 @@ CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx - CONFIG_ARCH_CLOCKSOURCE_DATA=y CONFIG_GENERIC_TIME_VSYSCALL=y +# +# Timers subsystem +# +# CONFIG_NO_HZ_IDLE is not set +CONFIG_NO_HZ_FULL=y +# CONFIG_NO_HZ_FULL_ALL is not set + # # CPU/Task time and stats accounting # -# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +CONFIG_VIRT_CPU_ACCOUNTING=y +CONFIG_VIRT_CPU_ACCOUNTING_GEN=y # # RCU Subsystem # -# CONFIG_RCU_USER_QS is not set +CONFIG_CONTEXT_TRACKING=y +CONFIG_RCU_USER_QS=y +CONFIG_CONTEXT_TRACKING_FORCE=y CONFIG_RCU_FANOUT=64 # CONFIG_NUMA_BALANCING is not set @@ -178,7 +188,6 @@ CONFIG_QUOTACTL_COMPAT=y # # RCU Debugging # -# CONFIG_DEBUG_TLBFLUSH is not set # CONFIG_IOMMU_DEBUG is not set # @@ -196,11 +205,17 @@ CONFIG_GRKERNSEC_JIT_HARDEN=y # CONFIG_INTEL_TXT=y +# +# Crypto core or helper +# +CONFIG_CRYPTO_GLUE_HELPER_X86=y + # # Digest # -CONFIG_CRYPTO_CRC32C_X86_64=y CONFIG_CRYPTO_SHA1_SSSE3=m +CONFIG_CRYPTO_SHA256_SSSE3=m +CONFIG_CRYPTO_SHA512_SSSE3=m CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m # @@ -210,11 +225,13 @@ CONFIG_CRYPTO_AES_X86_64=y CONFIG_CRYPTO_BLOWFISH_X86_64=m CONFIG_CRYPTO_CAMELLIA_X86_64=m CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m CONFIG_CRYPTO_CAST5_AVX_X86_64=m CONFIG_CRYPTO_CAST6_AVX_X86_64=m CONFIG_CRYPTO_SALSA20_X86_64=m CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m CONFIG_CRYPTO_SERPENT_AVX_X86_64=m +CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m CONFIG_CRYPTO_TWOFISH_X86_64=m CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=m CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m diff --git a/kernel/kernel.nm b/kernel/kernel.nm index 5f27c08b9..ad2019c27 100644 --- a/kernel/kernel.nm +++ b/kernel/kernel.nm @@ -4,8 +4,8 @@ ############################################################################### name = kernel -version = 3.9.5 -release = 0.3 +version = 3.10.9 +release = 1 thisapp = linux-%{version} maintainer = Arne Fitzenreiter @@ -144,7 +144,7 @@ build rm -f %{DIR_APP}/localversion-grsec # Remove -Werror flag to fix ARMv5 build. - sed -e "s/-Werror//g" -i grsecurity/Makefile + sed -e "s/-Werror//g" -i grsecurity/Makefile || : # Disable the colorize plugin. # It's generally very nice but it clutters our diff --git a/kernel/patches/grsecurity-2.9.1-3.9.5-201306111850.patch b/kernel/patches/grsecurity-2.9.1-3.10.9-201308202015.patch similarity index 89% rename from kernel/patches/grsecurity-2.9.1-3.9.5-201306111850.patch rename to kernel/patches/grsecurity-2.9.1-3.10.9-201308202015.patch index 183d9f7a5..24d81a08c 100644 --- a/kernel/patches/grsecurity-2.9.1-3.9.5-201306111850.patch +++ b/kernel/patches/grsecurity-2.9.1-3.10.9-201308202015.patch @@ -1,5 +1,5 @@ diff --git a/Documentation/dontdiff b/Documentation/dontdiff -index b89a739..b47493f 100644 +index b89a739..79768fb 100644 --- a/Documentation/dontdiff +++ b/Documentation/dontdiff @@ -2,9 +2,11 @@ @@ -41,7 +41,7 @@ index b89a739..b47493f 100644 .*.d .mm 53c700_d.h -@@ -69,6 +75,7 @@ Image +@@ -69,9 +75,11 @@ Image Module.markers Module.symvers PENDING @@ -49,7 +49,11 @@ index b89a739..b47493f 100644 SCCS System.map* TAGS -@@ -80,6 +87,7 @@ aic7*seq.h* ++TRACEEVENT-CFLAGS + aconf + af_names.h + aic7*reg.h* +@@ -80,6 +88,7 @@ aic7*seq.h* aicasm aicdb.h* altivec*.c @@ -57,7 +61,7 @@ index b89a739..b47493f 100644 asm-offsets.h asm_offsets.h autoconf.h* -@@ -92,19 +100,24 @@ bounds.h +@@ -92,19 +101,24 @@ bounds.h bsetup btfixupprep build @@ -82,7 +86,7 @@ index b89a739..b47493f 100644 conmakehash consolemap_deftbl.c* cpustr.h -@@ -115,9 +128,11 @@ devlist.h* +@@ -115,9 +129,11 @@ devlist.h* dnotify_test docproc dslm @@ -94,7 +98,7 @@ index b89a739..b47493f 100644 fixdep flask.h fore200e_mkfirm -@@ -125,12 +140,15 @@ fore200e_pca_fw.c* +@@ -125,12 +141,15 @@ fore200e_pca_fw.c* gconf gconf.glade.h gen-devlist @@ -110,7 +114,7 @@ index b89a739..b47493f 100644 hpet_example hugepage-mmap hugepage-shm -@@ -145,14 +163,14 @@ int32.c +@@ -145,14 +164,14 @@ int32.c int4.c int8.c kallsyms @@ -127,7 +131,7 @@ index b89a739..b47493f 100644 logo_*.c logo_*_clut224.c logo_*_mono.c -@@ -162,14 +180,15 @@ mach-types.h +@@ -162,14 +181,15 @@ mach-types.h machtypes.h map map_hugetlb @@ -144,7 +148,7 @@ index b89a739..b47493f 100644 mkprep mkregtable mktables -@@ -185,6 +204,8 @@ oui.c* +@@ -185,6 +205,8 @@ oui.c* page-types parse.c parse.h @@ -153,7 +157,7 @@ index b89a739..b47493f 100644 patches* pca200e.bin pca200e_ecd.bin2 -@@ -194,6 +215,7 @@ perf-archive +@@ -194,6 +216,7 @@ perf-archive piggyback piggy.gzip piggy.S @@ -161,7 +165,7 @@ index b89a739..b47493f 100644 pnmtologo ppc_defs.h* pss_boot.h -@@ -203,7 +225,10 @@ r200_reg_safe.h +@@ -203,7 +226,10 @@ r200_reg_safe.h r300_reg_safe.h r420_reg_safe.h r600_reg_safe.h @@ -172,7 +176,7 @@ index b89a739..b47493f 100644 relocs rlim_names.h rn50_reg_safe.h -@@ -213,8 +238,12 @@ series +@@ -213,8 +239,12 @@ series setup setup.bin setup.elf @@ -185,7 +189,7 @@ index b89a739..b47493f 100644 split-include syscalltab.h tables.c -@@ -224,6 +253,7 @@ tftpboot.img +@@ -224,6 +254,7 @@ tftpboot.img timeconst.h times.h* trix_boot.h @@ -193,7 +197,7 @@ index b89a739..b47493f 100644 utsrelease.h* vdso-syms.lds vdso.lds -@@ -235,13 +265,17 @@ vdso32.lds +@@ -235,13 +266,17 @@ vdso32.lds vdso32.so.dbg vdso64.lds vdso64.so.dbg @@ -211,7 +215,7 @@ index b89a739..b47493f 100644 vmlinuz voffset.h vsyscall.lds -@@ -249,9 +283,12 @@ vsyscall_32.lds +@@ -249,9 +284,12 @@ vsyscall_32.lds wanxlfw.inc uImage unifdef @@ -225,10 +229,10 @@ index b89a739..b47493f 100644 +zconf.lex.c zoffset.h diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index 8ccbf27..afffeb4 100644 +index 2fe6e76..889ee23 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -948,6 +948,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -976,6 +976,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. Format: such that (rxsize & ~0x1fffc0) == 0. Default: 1024 @@ -239,7 +243,18 @@ index 8ccbf27..afffeb4 100644 hashdist= [KNL,NUMA] Large hashes allocated during boot are distributed across NUMA nodes. Defaults on for 64-bit NUMA, off otherwise. -@@ -2147,6 +2151,18 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -1928,6 +1932,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. + noexec=on: enable non-executable mappings (default) + noexec=off: disable non-executable mappings + ++ nopcid [X86-64] ++ Disable PCID (Process-Context IDentifier) even if it ++ is supported by the processor. ++ + nosmap [X86] + Disable SMAP (Supervisor Mode Access Prevention) + even if it is supported by processor. +@@ -2195,6 +2203,25 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the specified number of seconds. This is to be used if your oopses keep scrolling off the screen. @@ -248,18 +263,25 @@ index 8ccbf27..afffeb4 100644 + expand down segment used by UDEREF on X86-32 or the frequent + page table updates on X86-64. + ++ pax_sanitize_slab= ++ 0/1 to disable/enable slab object sanitization (enabled by ++ default). ++ + pax_softmode= 0/1 to disable/enable PaX softmode on boot already. + + pax_extra_latent_entropy + Enable a very simple form of latent entropy extraction + from the first 4GB of memory as the bootmem allocator + passes the memory pages to the buddy allocator. ++ ++ pax_weakuderef [X86-64] enables the weaker but faster form of UDEREF ++ when the processor supports PCID. + pcbit= [HW,ISDN] pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 8818c95..ced0bb1 100644 +index 4b31d62..ac99d49 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -360,7 +382,7 @@ index 8818c95..ced0bb1 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -780,6 +840,8 @@ endif +@@ -782,6 +842,8 @@ endif # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -369,7 +391,7 @@ index 8818c95..ced0bb1 100644 $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -789,7 +851,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; +@@ -791,7 +853,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -378,7 +400,7 @@ index 8818c95..ced0bb1 100644 $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -833,6 +895,7 @@ prepare0: archprepare FORCE +@@ -835,6 +897,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. @@ -386,7 +408,7 @@ index 8818c95..ced0bb1 100644 prepare: prepare0 # Generate some files -@@ -940,6 +1003,8 @@ all: modules +@@ -942,6 +1005,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -395,7 +417,7 @@ index 8818c95..ced0bb1 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -955,7 +1020,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -957,7 +1022,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -404,7 +426,7 @@ index 8818c95..ced0bb1 100644 # Target to install modules PHONY += modules_install -@@ -1021,7 +1086,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ +@@ -1023,7 +1088,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ signing_key.priv signing_key.x509 x509.genkey \ extra_certificates signing_key.x509.keyid \ @@ -413,7 +435,7 @@ index 8818c95..ced0bb1 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1061,6 +1126,7 @@ distclean: mrproper +@@ -1063,6 +1128,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -421,7 +443,7 @@ index 8818c95..ced0bb1 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1221,6 +1287,8 @@ PHONY += $(module-dirs) modules +@@ -1223,6 +1289,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -430,7 +452,7 @@ index 8818c95..ced0bb1 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1357,17 +1425,21 @@ else +@@ -1359,17 +1427,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -456,7 +478,7 @@ index 8818c95..ced0bb1 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1377,11 +1449,15 @@ endif +@@ -1379,11 +1451,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -807,10 +829,10 @@ index 0c4132d..88f0d53 100644 /* Allow reads even for write-only mappings */ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig -index 1cacda4..2cef624 100644 +index 18a9f5e..ca910b7 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig -@@ -1850,7 +1850,7 @@ config ALIGNMENT_TRAP +@@ -1766,7 +1766,7 @@ config ALIGNMENT_TRAP config UACCESS_WITH_MEMCPY bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()" @@ -820,7 +842,7 @@ index 1cacda4..2cef624 100644 help Implement faster copy_to_user and clear_user methods for CPU diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h -index c79f61f..9ac0642 100644 +index da1c77d..2ee6056 100644 --- a/arch/arm/include/asm/atomic.h +++ b/arch/arm/include/asm/atomic.h @@ -17,17 +17,35 @@ @@ -1125,8 +1147,44 @@ index c79f61f..9ac0642 100644 + #define ATOMIC64_INIT(i) { (i) } + #ifdef CONFIG_ARM_LPAE +@@ -257,6 +452,19 @@ static inline u64 atomic64_read(const atomic64_t *v) + return result; + } + ++static inline u64 atomic64_read_unchecked(const atomic64_unchecked_t *v) ++{ ++ u64 result; ++ ++ __asm__ __volatile__("@ atomic64_read_unchecked\n" ++" ldrd %0, %H0, [%1]" ++ : "=&r" (result) ++ : "r" (&v->counter), "Qo" (v->counter) ++ ); ++ ++ return result; ++} ++ + static inline void atomic64_set(atomic64_t *v, u64 i) + { + __asm__ __volatile__("@ atomic64_set\n" +@@ -265,6 +473,15 @@ static inline void atomic64_set(atomic64_t *v, u64 i) + : "r" (&v->counter), "r" (i) + ); + } ++ ++static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, u64 i) ++{ ++ __asm__ __volatile__("@ atomic64_set_unchecked\n" ++" strd %2, %H2, [%1]" ++ : "=Qo" (v->counter) ++ : "r" (&v->counter), "r" (i) ++ ); ++} + #else static inline u64 atomic64_read(const atomic64_t *v) -@@ -256,6 +451,19 @@ static inline u64 atomic64_read(const atomic64_t *v) + { +@@ -279,6 +496,19 @@ static inline u64 atomic64_read(const atomic64_t *v) return result; } @@ -1146,10 +1204,11 @@ index c79f61f..9ac0642 100644 static inline void atomic64_set(atomic64_t *v, u64 i) { u64 tmp; -@@ -270,6 +478,20 @@ static inline void atomic64_set(atomic64_t *v, u64 i) +@@ -292,6 +522,21 @@ static inline void atomic64_set(atomic64_t *v, u64 i) + : "r" (&v->counter), "r" (i) : "cc"); } - ++ +static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, u64 i) +{ + u64 tmp; @@ -1164,10 +1223,10 @@ index c79f61f..9ac0642 100644 + : "cc"); +} + + #endif + static inline void atomic64_add(u64 i, atomic64_t *v) - { - u64 result; -@@ -278,6 +500,36 @@ static inline void atomic64_add(u64 i, atomic64_t *v) +@@ -302,6 +547,36 @@ static inline void atomic64_add(u64 i, atomic64_t *v) __asm__ __volatile__("@ atomic64_add\n" "1: ldrexd %0, %H0, [%3]\n" " adds %0, %0, %4\n" @@ -1204,7 +1263,7 @@ index c79f61f..9ac0642 100644 " adc %H0, %H0, %H4\n" " strexd %1, %0, %H0, [%3]\n" " teq %1, #0\n" -@@ -289,12 +541,49 @@ static inline void atomic64_add(u64 i, atomic64_t *v) +@@ -313,12 +588,49 @@ static inline void atomic64_add(u64 i, atomic64_t *v) static inline u64 atomic64_add_return(u64 i, atomic64_t *v) { @@ -1256,7 +1315,7 @@ index c79f61f..9ac0642 100644 "1: ldrexd %0, %H0, [%3]\n" " adds %0, %0, %4\n" " adc %H0, %H0, %H4\n" -@@ -318,6 +607,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) +@@ -342,6 +654,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) __asm__ __volatile__("@ atomic64_sub\n" "1: ldrexd %0, %H0, [%3]\n" " subs %0, %0, %4\n" @@ -1293,7 +1352,7 @@ index c79f61f..9ac0642 100644 " sbc %H0, %H0, %H4\n" " strexd %1, %0, %H0, [%3]\n" " teq %1, #0\n" -@@ -329,18 +648,32 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) +@@ -353,18 +695,32 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) static inline u64 atomic64_sub_return(u64 i, atomic64_t *v) { @@ -1331,7 +1390,7 @@ index c79f61f..9ac0642 100644 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "r" (i) : "cc"); -@@ -374,6 +707,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new) +@@ -398,6 +754,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new) return oldval; } @@ -1362,7 +1421,7 @@ index c79f61f..9ac0642 100644 static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new) { u64 result; -@@ -397,21 +754,34 @@ static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new) +@@ -421,21 +801,34 @@ static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new) static inline u64 atomic64_dec_if_positive(atomic64_t *v) { @@ -1404,7 +1463,7 @@ index c79f61f..9ac0642 100644 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter) : "cc"); -@@ -434,13 +804,25 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u) +@@ -458,13 +851,25 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u) " teq %0, %5\n" " teqeq %H0, %H5\n" " moveq %1, #0\n" @@ -1433,7 +1492,7 @@ index c79f61f..9ac0642 100644 : "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "r" (u), "r" (a) : "cc"); -@@ -453,10 +835,13 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u) +@@ -477,10 +882,13 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u) #define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0) #define atomic64_inc(v) atomic64_add(1LL, (v)) @@ -1471,7 +1530,7 @@ index 75fe66b..ba3dee4 100644 #endif diff --git a/arch/arm/include/asm/cacheflush.h b/arch/arm/include/asm/cacheflush.h -index e1489c5..d418304 100644 +index 17d0ae8..014e350 100644 --- a/arch/arm/include/asm/cacheflush.h +++ b/arch/arm/include/asm/cacheflush.h @@ -116,7 +116,7 @@ struct cpu_cache_fns { @@ -1583,7 +1642,7 @@ index 6ddbe44..b5e38b1 100644 static inline void set_domain(unsigned val) { } static inline void modify_domain(unsigned dom, unsigned type) { } diff --git a/arch/arm/include/asm/elf.h b/arch/arm/include/asm/elf.h -index 38050b1..9d90e8b 100644 +index 56211f2..17e8a25 100644 --- a/arch/arm/include/asm/elf.h +++ b/arch/arm/include/asm/elf.h @@ -116,7 +116,14 @@ int dump_task_regs(struct task_struct *t, elf_gregset_t *elfregs); @@ -1602,7 +1661,7 @@ index 38050b1..9d90e8b 100644 /* When the program starts, a1 contains a pointer to a function to be registered with atexit, as per the SVR4 ABI. A value of 0 means we -@@ -126,8 +133,4 @@ int dump_task_regs(struct task_struct *t, elf_gregset_t *elfregs); +@@ -126,10 +133,6 @@ int dump_task_regs(struct task_struct *t, elf_gregset_t *elfregs); extern void elf_set_personality(const struct elf32_hdr *); #define SET_PERSONALITY(ex) elf_set_personality(&(ex)) @@ -1610,7 +1669,9 @@ index 38050b1..9d90e8b 100644 -extern unsigned long arch_randomize_brk(struct mm_struct *mm); -#define arch_randomize_brk arch_randomize_brk - - #endif + #ifdef CONFIG_MMU + #define ARCH_HAS_SETUP_ADDITIONAL_PAGES 1 + struct linux_binprm; diff --git a/arch/arm/include/asm/fncpy.h b/arch/arm/include/asm/fncpy.h index de53547..52b9a28 100644 --- a/arch/arm/include/asm/fncpy.h @@ -1743,7 +1804,7 @@ index 12f71a1..04e063c 100644 #ifdef CONFIG_OUTER_CACHE diff --git a/arch/arm/include/asm/page.h b/arch/arm/include/asm/page.h -index 812a494..71fc0b6 100644 +index cbdc7a2..32f44fe 100644 --- a/arch/arm/include/asm/page.h +++ b/arch/arm/include/asm/page.h @@ -114,7 +114,7 @@ struct cpu_user_fns { @@ -1853,17 +1914,19 @@ index 5cfba15..f415e1a 100644 #define PTE_EXT_AP0 (_AT(pteval_t, 1) << 4) #define PTE_EXT_AP1 (_AT(pteval_t, 2) << 4) diff --git a/arch/arm/include/asm/pgtable-2level.h b/arch/arm/include/asm/pgtable-2level.h -index f97ee02..07f1be5 100644 +index f97ee02..cc9fe9e 100644 --- a/arch/arm/include/asm/pgtable-2level.h +++ b/arch/arm/include/asm/pgtable-2level.h -@@ -125,6 +125,7 @@ - #define L_PTE_XN (_AT(pteval_t, 1) << 9) +@@ -126,6 +126,9 @@ #define L_PTE_SHARED (_AT(pteval_t, 1) << 10) /* shared(v6), coherent(xsc3) */ #define L_PTE_NONE (_AT(pteval_t, 1) << 11) -+#define L_PTE_PXN (_AT(pteval_t, 1) << 12) /* v7*/ ++/* Two-level page tables only have PXN in the PGD, not in the PTE. */ ++#define L_PTE_PXN (_AT(pteval_t, 0)) ++ /* * These are the memory types, defined to be compatible with + * pre-ARMv6 CPUs cacheable and bufferable bits: XXCB diff --git a/arch/arm/include/asm/pgtable-3level-hwdef.h b/arch/arm/include/asm/pgtable-3level-hwdef.h index 18f5cef..25b8f43 100644 --- a/arch/arm/include/asm/pgtable-3level-hwdef.h @@ -2012,22 +2075,6 @@ index f3628fb..a0672dd 100644 #ifndef MULTI_CPU extern void cpu_proc_init(void); -diff --git a/arch/arm/include/asm/processor.h b/arch/arm/include/asm/processor.h -index 06e7d50..8a8e251 100644 ---- a/arch/arm/include/asm/processor.h -+++ b/arch/arm/include/asm/processor.h -@@ -65,9 +65,8 @@ struct thread_struct { - regs->ARM_cpsr |= PSR_ENDSTATE; \ - regs->ARM_pc = pc & ~1; /* pc */ \ - regs->ARM_sp = sp; /* sp */ \ -- regs->ARM_r2 = stack[2]; /* r2 (envp) */ \ -- regs->ARM_r1 = stack[1]; /* r1 (argv) */ \ -- regs->ARM_r0 = stack[0]; /* r0 (argc) */ \ -+ /* r2 (envp), r1 (argv), r0 (argc) */ \ -+ (void)copy_from_user(®s->ARM_r0, (const char __user *)stack, 3 * sizeof(unsigned long)); \ - nommu_start_thread(regs); \ - }) - diff --git a/arch/arm/include/asm/psci.h b/arch/arm/include/asm/psci.h index ce0dbe7..c085b6f 100644 --- a/arch/arm/include/asm/psci.h @@ -2055,7 +2102,7 @@ index d3a22be..3a69ad5 100644 /* * set platform specific SMP operations diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h -index cddda1f..ff357f7 100644 +index f00b569..aa5bb41 100644 --- a/arch/arm/include/asm/thread_info.h +++ b/arch/arm/include/asm/thread_info.h @@ -77,9 +77,9 @@ struct thread_info { @@ -2071,20 +2118,20 @@ index cddda1f..ff357f7 100644 .restart_block = { \ .fn = do_no_restart_syscall, \ }, \ -@@ -152,6 +152,12 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, +@@ -152,7 +152,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, #define TIF_SYSCALL_AUDIT 9 #define TIF_SYSCALL_TRACEPOINT 10 #define TIF_SECCOMP 11 /* seccomp syscall filtering active */ -+ +-#define TIF_NOHZ 12 /* in adaptive nohz mode */ +/* within 8 bits of TIF_SYSCALL_TRACE + * to meet flexible second operand requirements + */ +#define TIF_GRSEC_SETXID 12 -+ ++#define TIF_NOHZ 13 /* in adaptive nohz mode */ #define TIF_USING_IWMMXT 17 #define TIF_MEMDIE 18 /* is terminating due to OOM killer */ #define TIF_RESTORE_SIGMASK 20 -@@ -165,10 +171,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, +@@ -165,10 +169,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) #define _TIF_SECCOMP (1 << TIF_SECCOMP) #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT) @@ -2098,7 +2145,7 @@ index cddda1f..ff357f7 100644 /* * Change these and you break ASM code in entry-common.S diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h -index 7e1f760..752fcb7 100644 +index 7e1f760..de33b13 100644 --- a/arch/arm/include/asm/uaccess.h +++ b/arch/arm/include/asm/uaccess.h @@ -18,6 +18,7 @@ @@ -2109,15 +2156,24 @@ index 7e1f760..752fcb7 100644 #define VERIFY_READ 0 #define VERIFY_WRITE 1 -@@ -60,10 +61,34 @@ extern int __put_user_bad(void); - #define USER_DS TASK_SIZE - #define get_fs() (current_thread_info()->addr_limit) +@@ -63,11 +64,38 @@ extern int __put_user_bad(void); + static inline void set_fs(mm_segment_t fs) + { + current_thread_info()->addr_limit = fs; +- modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_CLIENT : DOMAIN_MANAGER); ++ modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_KERNELCLIENT : DOMAIN_MANAGER); + } + + #define segment_eq(a,b) ((a) == (b)) ++#define __HAVE_ARCH_PAX_OPEN_USERLAND ++#define __HAVE_ARCH_PAX_CLOSE_USERLAND ++ +static inline void pax_open_userland(void) +{ + +#ifdef CONFIG_PAX_MEMORY_UDEREF -+ if (get_fs() == USER_DS) { ++ if (segment_eq(get_fs(), USER_DS)) { + BUG_ON(test_domain(DOMAIN_USER, DOMAIN_UDEREF)); + modify_domain(DOMAIN_USER, DOMAIN_UDEREF); + } @@ -2129,7 +2185,7 @@ index 7e1f760..752fcb7 100644 +{ + +#ifdef CONFIG_PAX_MEMORY_UDEREF -+ if (get_fs() == USER_DS) { ++ if (segment_eq(get_fs(), USER_DS)) { + BUG_ON(test_domain(DOMAIN_USER, DOMAIN_NOACCESS)); + modify_domain(DOMAIN_USER, DOMAIN_NOACCESS); + } @@ -2137,15 +2193,10 @@ index 7e1f760..752fcb7 100644 + +} + - static inline void set_fs(mm_segment_t fs) - { - current_thread_info()->addr_limit = fs; -- modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_CLIENT : DOMAIN_MANAGER); -+ modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_KERNELCLIENT : DOMAIN_MANAGER); - } - - #define segment_eq(a,b) ((a) == (b)) -@@ -143,8 +168,12 @@ extern int __get_user_4(void *); + #define __addr_ok(addr) ({ \ + unsigned long flag; \ + __asm__("cmp %2, %0; movlo %0, #0" \ +@@ -143,8 +171,12 @@ extern int __get_user_4(void *); #define get_user(x,p) \ ({ \ @@ -2159,7 +2210,7 @@ index 7e1f760..752fcb7 100644 }) extern int __put_user_1(void *, unsigned int); -@@ -188,8 +217,12 @@ extern int __put_user_8(void *, unsigned long long); +@@ -188,8 +220,12 @@ extern int __put_user_8(void *, unsigned long long); #define put_user(x,p) \ ({ \ @@ -2173,7 +2224,7 @@ index 7e1f760..752fcb7 100644 }) #else /* CONFIG_MMU */ -@@ -230,13 +263,17 @@ static inline void set_fs(mm_segment_t fs) +@@ -230,13 +266,17 @@ static inline void set_fs(mm_segment_t fs) #define __get_user(x,ptr) \ ({ \ long __gu_err = 0; \ @@ -2191,7 +2242,7 @@ index 7e1f760..752fcb7 100644 (void) 0; \ }) -@@ -312,13 +349,17 @@ do { \ +@@ -312,13 +352,17 @@ do { \ #define __put_user(x,ptr) \ ({ \ long __pu_err = 0; \ @@ -2209,7 +2260,7 @@ index 7e1f760..752fcb7 100644 (void) 0; \ }) -@@ -418,11 +459,44 @@ do { \ +@@ -418,11 +462,44 @@ do { \ #ifdef CONFIG_MMU @@ -2257,7 +2308,7 @@ index 7e1f760..752fcb7 100644 #else #define __copy_from_user(to,from,n) (memcpy(to, (void __force *)from, n), 0) #define __copy_to_user(to,from,n) (memcpy((void __force *)to, from, n), 0) -@@ -431,6 +505,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l +@@ -431,6 +508,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { @@ -2267,7 +2318,7 @@ index 7e1f760..752fcb7 100644 if (access_ok(VERIFY_READ, from, n)) n = __copy_from_user(to, from, n); else /* security hole - plug it */ -@@ -440,6 +517,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u +@@ -440,6 +520,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) { @@ -2291,9 +2342,18 @@ index 96ee092..37f1844 100644 #define PSR_ENDIAN_MASK 0x00000200 /* Endianness state mask */ diff --git a/arch/arm/kernel/armksyms.c b/arch/arm/kernel/armksyms.c -index 60d3b73..d27ee09 100644 +index 60d3b73..e5a0f22 100644 --- a/arch/arm/kernel/armksyms.c +++ b/arch/arm/kernel/armksyms.c +@@ -53,7 +53,7 @@ EXPORT_SYMBOL(arm_delay_ops); + + /* networking */ + EXPORT_SYMBOL(csum_partial); +-EXPORT_SYMBOL(csum_partial_copy_from_user); ++EXPORT_SYMBOL(__csum_partial_copy_from_user); + EXPORT_SYMBOL(csum_partial_copy_nocheck); + EXPORT_SYMBOL(__csum_ipv6_magic); + @@ -89,9 +89,9 @@ EXPORT_SYMBOL(__memzero); #ifdef CONFIG_MMU EXPORT_SYMBOL(copy_page); @@ -2308,7 +2368,7 @@ index 60d3b73..d27ee09 100644 EXPORT_SYMBOL(__get_user_1); EXPORT_SYMBOL(__get_user_2); diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S -index 0f82098..3dbd3ee 100644 +index d43c7e5..257c050 100644 --- a/arch/arm/kernel/entry-armv.S +++ b/arch/arm/kernel/entry-armv.S @@ -47,6 +47,87 @@ @@ -2440,7 +2500,7 @@ index 0f82098..3dbd3ee 100644 SPFIX( addeq r2, r2, #4 ) str r3, [sp, #-4]! @ save the "real" r0 copied @ from the exception stack -@@ -359,6 +453,9 @@ ENDPROC(__pabt_svc) +@@ -316,6 +410,9 @@ ENDPROC(__pabt_svc) .macro usr_entry UNWIND(.fnstart ) UNWIND(.cantunwind ) @ don't unwind the user space @@ -2450,7 +2510,17 @@ index 0f82098..3dbd3ee 100644 sub sp, sp, #S_FRAME_SIZE ARM( stmib sp, {r1 - r12} ) THUMB( stmia sp, {r0 - r12} ) -@@ -456,7 +553,9 @@ __und_usr: +@@ -357,7 +454,8 @@ ENDPROC(__pabt_svc) + .endm + + .macro kuser_cmpxchg_check +-#if !defined(CONFIG_CPU_32v6K) && !defined(CONFIG_NEEDS_SYSCALL_FOR_CMPXCHG) ++#if !defined(CONFIG_CPU_32v6K) && defined(CONFIG_KUSER_HELPERS) && \ ++ !defined(CONFIG_NEEDS_SYSCALL_FOR_CMPXCHG) + #ifndef CONFIG_MMU + #warning "NPTL on non MMU needs fixing" + #else +@@ -414,7 +512,9 @@ __und_usr: tst r3, #PSR_T_BIT @ Thumb mode? bne __und_usr_thumb sub r4, r2, #4 @ ARM instr at LR - 4 @@ -2460,7 +2530,7 @@ index 0f82098..3dbd3ee 100644 #ifdef CONFIG_CPU_ENDIAN_BE8 rev r0, r0 @ little endian instruction #endif -@@ -491,10 +590,14 @@ __und_usr_thumb: +@@ -449,10 +549,14 @@ __und_usr_thumb: */ .arch armv6t2 #endif @@ -2475,26 +2545,36 @@ index 0f82098..3dbd3ee 100644 add r2, r2, #2 @ r2 is PC + 2, make it PC + 4 str r2, [sp, #S_PC] @ it's a 2x16bit instr, update orr r0, r0, r5, lsl #16 -@@ -733,7 +836,7 @@ ENTRY(__switch_to) +@@ -481,7 +585,8 @@ ENDPROC(__und_usr) + */ + .pushsection .fixup, "ax" + .align 2 +-4: mov pc, r9 ++4: pax_close_userland ++ mov pc, r9 + .popsection + .pushsection __ex_table,"a" + .long 1b, 4b +@@ -690,7 +795,7 @@ ENTRY(__switch_to) THUMB( stmia ip!, {r4 - sl, fp} ) @ Store most regs on stack THUMB( str sp, [ip], #4 ) THUMB( str lr, [ip], #4 ) -#ifdef CONFIG_CPU_USE_DOMAINS -+#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ldr r6, [r2, #TI_CPU_DOMAIN] #endif set_tls r3, r4, r5 -@@ -742,7 +845,7 @@ ENTRY(__switch_to) +@@ -699,7 +804,7 @@ ENTRY(__switch_to) ldr r8, =__stack_chk_guard ldr r7, [r7, #TSK_STACK_CANARY] #endif -#ifdef CONFIG_CPU_USE_DOMAINS -+#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) mcr p15, 0, r6, c3, c0, 0 @ Set domain register #endif mov r5, r0 diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S -index fefd7f9..e6f250e 100644 +index bc5bc0a..d0998ca 100644 --- a/arch/arm/kernel/entry-common.S +++ b/arch/arm/kernel/entry-common.S @@ -10,18 +10,46 @@ @@ -2547,7 +2627,7 @@ index fefd7f9..e6f250e 100644 .align 5 /* * This is the fast syscall return path. We do as little as -@@ -351,6 +379,7 @@ ENDPROC(ftrace_stub) +@@ -350,6 +378,7 @@ ENDPROC(ftrace_stub) .align 5 ENTRY(vector_swi) @@ -2555,7 +2635,7 @@ index fefd7f9..e6f250e 100644 sub sp, sp, #S_FRAME_SIZE stmia sp, {r0 - r12} @ Calling r0 - r12 ARM( add r8, sp, #S_PC ) -@@ -400,6 +429,12 @@ ENTRY(vector_swi) +@@ -399,6 +428,12 @@ ENTRY(vector_swi) ldr scno, [lr, #-4] @ get SWI instruction #endif @@ -2569,10 +2649,10 @@ index fefd7f9..e6f250e 100644 ldr ip, __cr_alignment ldr ip, [ip] diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S -index 9a8531e..812e287 100644 +index 160f337..db67ee4 100644 --- a/arch/arm/kernel/entry-header.S +++ b/arch/arm/kernel/entry-header.S -@@ -73,9 +73,66 @@ +@@ -73,6 +73,60 @@ msr cpsr_c, \rtemp @ switch back to the SVC mode .endm @@ -2631,18 +2711,22 @@ index 9a8531e..812e287 100644 + .endm + #ifndef CONFIG_THUMB2_KERNEL - .macro svc_exit, rpsr - msr spsr_cxsf, \rpsr + .macro svc_exit, rpsr, irq = 0 + .if \irq != 0 +@@ -92,6 +146,9 @@ + blne trace_hardirqs_off + #endif + .endif + + pax_exit_kernel + + msr spsr_cxsf, \rpsr #if defined(CONFIG_CPU_V6) ldr r0, [sp] - strex r1, r2, [sp] @ clear the exclusive monitor -@@ -121,6 +178,9 @@ - .endm - #else /* CONFIG_THUMB2_KERNEL */ - .macro svc_exit, rpsr +@@ -155,6 +212,9 @@ + blne trace_hardirqs_off + #endif + .endif + + pax_exit_kernel + @@ -2650,19 +2734,32 @@ index 9a8531e..812e287 100644 ldrd r0, r1, [sp, #S_LR] @ calling lr and pc clrex @ clear the exclusive monitor diff --git a/arch/arm/kernel/fiq.c b/arch/arm/kernel/fiq.c -index 2adda11..7fbe958 100644 +index 25442f4..d4948fc 100644 --- a/arch/arm/kernel/fiq.c +++ b/arch/arm/kernel/fiq.c -@@ -82,7 +82,9 @@ void set_fiq_handler(void *start, unsigned int length) - #if defined(CONFIG_CPU_USE_DOMAINS) - memcpy((void *)0xffff001c, start, length); - #else +@@ -84,17 +84,16 @@ int show_fiq_list(struct seq_file *p, int prec) + + void set_fiq_handler(void *start, unsigned int length) + { +-#if defined(CONFIG_CPU_USE_DOMAINS) +- void *base = (void *)0xffff0000; +-#else + void *base = vectors_page; +-#endif + unsigned offset = FIQ_OFFSET; + + pax_open_kernel(); - memcpy(vectors_page + 0x1c, start, length); + memcpy(base + offset, start, length); + pax_close_kernel(); - #endif - flush_icache_range(0xffff001c, 0xffff001c + length); - if (!vectors_high()) ++ ++ if (!cache_is_vipt_nonaliasing()) ++ flush_icache_range(base + offset, offset + length); + flush_icache_range(0xffff0000 + offset, 0xffff0000 + offset + length); +- if (!vectors_high()) +- flush_icache_range(offset, offset + length); + } + + int claim_fiq(struct fiq_handler *f) diff --git a/arch/arm/kernel/head.S b/arch/arm/kernel/head.S index 8bac553..caee108 100644 --- a/arch/arm/kernel/head.S @@ -2764,6 +2861,19 @@ index 07314af..c46655c 100644 flush_icache_range((uintptr_t)(addr), (uintptr_t)(addr) + size); +diff --git a/arch/arm/kernel/perf_event.c b/arch/arm/kernel/perf_event.c +index e19edc6..e186ee1 100644 +--- a/arch/arm/kernel/perf_event.c ++++ b/arch/arm/kernel/perf_event.c +@@ -56,7 +56,7 @@ armpmu_map_hw_event(const unsigned (*event_map)[PERF_COUNT_HW_MAX], u64 config) + int mapping; + + if (config >= PERF_COUNT_HW_MAX) +- return -ENOENT; ++ return -EINVAL; + + mapping = (*event_map)[config]; + return mapping == HW_OP_UNSUPPORTED ? -ENOENT : mapping; diff --git a/arch/arm/kernel/perf_event_cpu.c b/arch/arm/kernel/perf_event_cpu.c index 1f2740e..b36e225 100644 --- a/arch/arm/kernel/perf_event_cpu.c @@ -2778,41 +2888,38 @@ index 1f2740e..b36e225 100644 }; diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c -index 047d3e4..7e96107 100644 +index 5bc2615..dcd439f 100644 --- a/arch/arm/kernel/process.c +++ b/arch/arm/kernel/process.c -@@ -28,7 +28,6 @@ - #include - #include - #include --#include - #include - #include - #include -@@ -251,9 +250,10 @@ void machine_power_off(void) - machine_shutdown(); +@@ -223,6 +223,7 @@ void machine_power_off(void) + if (pm_power_off) pm_power_off(); + BUG(); } + /* +@@ -236,7 +237,7 @@ void machine_power_off(void) + * executing pre-reset code, and using RAM that the primary CPU's code wishes + * to use. Implementing such co-ordination would be essentially impossible. + */ -void machine_restart(char *cmd) +__noreturn void machine_restart(char *cmd) { - machine_shutdown(); + smp_send_stop(); + +@@ -258,8 +259,8 @@ void __show_regs(struct pt_regs *regs) + + show_regs_print_info(KERN_DEFAULT); -@@ -278,8 +278,8 @@ void __show_regs(struct pt_regs *regs) - init_utsname()->release, - (int)strcspn(init_utsname()->version, " "), - init_utsname()->version); - print_symbol("PC is at %s\n", instruction_pointer(regs)); - print_symbol("LR is at %s\n", regs->ARM_lr); -+ printk("PC is at %pA\n", instruction_pointer(regs)); -+ printk("LR is at %pA\n", regs->ARM_lr); ++ printk("PC is at %pA\n", (void *)instruction_pointer(regs)); ++ printk("LR is at %pA\n", (void *)regs->ARM_lr); printk("pc : [<%08lx>] lr : [<%08lx>] psr: %08lx\n" "sp : %08lx ip : %08lx fp : %08lx\n", regs->ARM_pc, regs->ARM_lr, regs->ARM_cpsr, -@@ -447,12 +447,6 @@ unsigned long get_wchan(struct task_struct *p) +@@ -426,12 +427,6 @@ unsigned long get_wchan(struct task_struct *p) return 0; } @@ -2823,20 +2930,70 @@ index 047d3e4..7e96107 100644 -} - #ifdef CONFIG_MMU + #ifdef CONFIG_KUSER_HELPERS /* - * The vectors page is always readable from user space for the -@@ -465,9 +459,8 @@ static int __init gate_vma_init(void) - { - gate_vma.vm_start = 0xffff0000; - gate_vma.vm_end = 0xffff0000 + PAGE_SIZE; -- gate_vma.vm_page_prot = PAGE_READONLY_EXEC; -- gate_vma.vm_flags = VM_READ | VM_EXEC | -- VM_MAYREAD | VM_MAYEXEC; -+ gate_vma.vm_flags = VM_NONE; -+ gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags); +@@ -447,7 +442,7 @@ static struct vm_area_struct gate_vma = { + + static int __init gate_vma_init(void) + { +- gate_vma.vm_page_prot = PAGE_READONLY_EXEC; ++ gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags); return 0; } arch_initcall(gate_vma_init); +@@ -466,48 +461,23 @@ int in_gate_area_no_mm(unsigned long addr) + { + return in_gate_area(NULL, addr); + } +-#define is_gate_vma(vma) ((vma) = &gate_vma) ++#define is_gate_vma(vma) ((vma) == &gate_vma) + #else + #define is_gate_vma(vma) 0 + #endif + + const char *arch_vma_name(struct vm_area_struct *vma) + { +- return is_gate_vma(vma) ? "[vectors]" : +- (vma->vm_mm && vma->vm_start == vma->vm_mm->context.sigpage) ? +- "[sigpage]" : NULL; ++ return is_gate_vma(vma) ? "[vectors]" : NULL; + } + +-static struct page *signal_page; +-extern struct page *get_signal_page(void); +- + int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) + { + struct mm_struct *mm = current->mm; +- unsigned long addr; +- int ret; +- +- if (!signal_page) +- signal_page = get_signal_page(); +- if (!signal_page) +- return -ENOMEM; + + down_write(&mm->mmap_sem); +- addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, 0); +- if (IS_ERR_VALUE(addr)) { +- ret = addr; +- goto up_fail; +- } +- +- ret = install_special_mapping(mm, addr, PAGE_SIZE, +- VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC, +- &signal_page); +- +- if (ret == 0) +- mm->context.sigpage = addr; +- +- up_fail: ++ mm->context.sigpage = (PAGE_OFFSET + (get_random_int() % 0x3FFEFFE0)) & 0xFFFFFFFC; + up_write(&mm->mmap_sem); +- return ret; ++ return 0; + } + #endif diff --git a/arch/arm/kernel/psci.c b/arch/arm/kernel/psci.c index 3653164..d83e55d 100644 --- a/arch/arm/kernel/psci.c @@ -2875,10 +3032,10 @@ index 03deeff..741ce88 100644 if (secure_computing(scno) == -1) return -1; diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c -index 234e339..81264a1 100644 +index b4b1d39..efdc9be 100644 --- a/arch/arm/kernel/setup.c +++ b/arch/arm/kernel/setup.c -@@ -96,21 +96,23 @@ EXPORT_SYMBOL(system_serial_high); +@@ -97,21 +97,23 @@ EXPORT_SYMBOL(system_serial_high); unsigned int elf_hwcap __read_mostly; EXPORT_SYMBOL(elf_hwcap); @@ -2907,7 +3064,7 @@ index 234e339..81264a1 100644 EXPORT_SYMBOL(outer_cache); #endif -@@ -235,9 +237,13 @@ static int __get_cpu_architecture(void) +@@ -236,9 +238,13 @@ static int __get_cpu_architecture(void) asm("mrc p15, 0, %0, c0, c1, 4" : "=r" (mmfr0)); if ((mmfr0 & 0x0000000f) >= 0x00000003 || @@ -2923,7 +3080,7 @@ index 234e339..81264a1 100644 (mmfr0 & 0x000000f0) == 0x00000020) cpu_arch = CPU_ARCH_ARMv6; else -@@ -478,7 +484,7 @@ static void __init setup_processor(void) +@@ -479,7 +485,7 @@ static void __init setup_processor(void) __cpu_architecture = __get_cpu_architecture(); #ifdef MULTI_CPU @@ -2933,41 +3090,64 @@ index 234e339..81264a1 100644 #ifdef MULTI_TLB cpu_tlb = *list->tlb; diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c -index 296786b..a8d4dd5 100644 +index 5a42c12..a2bb7c6 100644 --- a/arch/arm/kernel/signal.c +++ b/arch/arm/kernel/signal.c -@@ -396,22 +396,14 @@ setup_return(struct pt_regs *regs, struct ksignal *ksig, - __put_user(sigreturn_codes[idx+1], rc+1)) - return 1; - -- if (cpsr & MODE32_BIT) { -- /* -- * 32-bit code can use the new high-page -- * signal return code support. -- */ -- retcode = KERN_SIGRETURN_CODE + (idx << 2) + thumb; -- } else { -- /* -- * Ensure that the instruction cache sees -- * the return code written onto the stack. -- */ -- flush_icache_range((unsigned long)rc, -- (unsigned long)(rc + 2)); -+ /* -+ * Ensure that the instruction cache sees -+ * the return code written onto the stack. -+ */ -+ flush_icache_range((unsigned long)rc, -+ (unsigned long)(rc + 2)); - -- retcode = ((unsigned long)rc) + thumb; -- } -+ retcode = ((unsigned long)rc) + thumb; - } +@@ -45,8 +45,6 @@ static const unsigned long sigreturn_codes[7] = { + MOV_R7_NR_RT_SIGRETURN, SWI_SYS_RT_SIGRETURN, SWI_THUMB_RT_SIGRETURN, + }; - regs->ARM_r0 = map_sig(ksig->sig); +-static unsigned long signal_return_offset; +- + #ifdef CONFIG_CRUNCH + static int preserve_crunch_context(struct crunch_sigframe __user *frame) + { +@@ -406,8 +404,7 @@ setup_return(struct pt_regs *regs, struct ksignal *ksig, + * except when the MPU has protected the vectors + * page from PL0 + */ +- retcode = mm->context.sigpage + signal_return_offset + +- (idx << 2) + thumb; ++ retcode = mm->context.sigpage + (idx << 2) + thumb; + } else + #endif + { +@@ -611,33 +608,3 @@ do_work_pending(struct pt_regs *regs, unsigned int thread_flags, int syscall) + } while (thread_flags & _TIF_WORK_MASK); + return 0; + } +- +-struct page *get_signal_page(void) +-{ +- unsigned long ptr; +- unsigned offset; +- struct page *page; +- void *addr; +- +- page = alloc_pages(GFP_KERNEL, 0); +- +- if (!page) +- return NULL; +- +- addr = page_address(page); +- +- /* Give the signal return code some randomness */ +- offset = 0x200 + (get_random_int() & 0x7fc); +- signal_return_offset = offset; +- +- /* +- * Copy signal return handlers into the vector page, and +- * set sigreturn to be a pointer to these. +- */ +- memcpy(addr + offset, sigreturn_codes, sizeof(sigreturn_codes)); +- +- ptr = (unsigned long)addr + offset; +- flush_icache_range(ptr, ptr + sizeof(sigreturn_codes)); +- +- return page; +-} diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c -index 1f2cccc..f40c02e 100644 +index 5919eb4..b5d6dfe 100644 --- a/arch/arm/kernel/smp.c +++ b/arch/arm/kernel/smp.c @@ -70,7 +70,7 @@ enum ipi_msg_type { @@ -2980,10 +3160,10 @@ index 1f2cccc..f40c02e 100644 void __init smp_set_ops(struct smp_operations *ops) { diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c -index 1c08911..264f009 100644 +index 6b9567e..b8af2d6 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c -@@ -57,7 +57,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long); +@@ -55,7 +55,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long); void dump_backtrace_entry(unsigned long where, unsigned long from, unsigned long frame) { #ifdef CONFIG_KALLSYMS @@ -2992,7 +3172,7 @@ index 1c08911..264f009 100644 #else printk("Function entered at [<%08lx>] from [<%08lx>]\n", where, from); #endif -@@ -266,6 +266,8 @@ static arch_spinlock_t die_lock = __ARCH_SPIN_LOCK_UNLOCKED; +@@ -257,6 +257,8 @@ static arch_spinlock_t die_lock = __ARCH_SPIN_LOCK_UNLOCKED; static int die_owner = -1; static unsigned int die_nest_count; @@ -3001,7 +3181,7 @@ index 1c08911..264f009 100644 static unsigned long oops_begin(void) { int cpu; -@@ -308,6 +310,9 @@ static void oops_end(unsigned long flags, struct pt_regs *regs, int signr) +@@ -299,6 +301,9 @@ static void oops_end(unsigned long flags, struct pt_regs *regs, int signr) panic("Fatal exception in interrupt"); if (panic_on_oops) panic("Fatal exception"); @@ -3011,7 +3191,7 @@ index 1c08911..264f009 100644 if (signr) do_exit(signr); } -@@ -601,7 +606,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs) +@@ -592,7 +597,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs) * The user helper at 0xffff0fe0 must be used instead. * (see entry-armv.S for details) */ @@ -3021,18 +3201,10 @@ index 1c08911..264f009 100644 } return 0; -@@ -841,13 +848,10 @@ void __init early_trap_init(void *vectors_base) - */ - kuser_get_tls_init(vectors); +@@ -848,5 +855,9 @@ void __init early_trap_init(void *vectors_base) + kuser_init(vectors_base); -- /* -- * Copy signal return handlers into the vector page, and -- * set sigreturn to be a pointer to these. -- */ -- memcpy((void *)(vectors + KERN_SIGRETURN_CODE - CONFIG_VECTORS_BASE), -- sigreturn_codes, sizeof(sigreturn_codes)); -- - flush_icache_range(vectors, vectors + PAGE_SIZE); + flush_icache_range(vectors, vectors + PAGE_SIZE * 2); - modify_domain(DOMAIN_USER, DOMAIN_CLIENT); + +#ifndef CONFIG_PAX_MEMORY_UDEREF @@ -3041,7 +3213,7 @@ index 1c08911..264f009 100644 + } diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S -index b571484..4b2fc9b 100644 +index 33f2ea3..0b91824 100644 --- a/arch/arm/kernel/vmlinux.lds.S +++ b/arch/arm/kernel/vmlinux.lds.S @@ -8,7 +8,11 @@ @@ -3089,7 +3261,7 @@ index b571484..4b2fc9b 100644 #ifndef CONFIG_XIP_KERNEL . = ALIGN(PAGE_SIZE); -@@ -207,6 +220,11 @@ SECTIONS +@@ -224,6 +237,11 @@ SECTIONS . = PAGE_OFFSET + TEXT_OFFSET; #else __init_end = .; @@ -3239,10 +3411,10 @@ index 025f742..8432b08 100644 /* * This test is stubbed out of the main function above to keep diff --git a/arch/arm/mach-kirkwood/common.c b/arch/arm/mach-kirkwood/common.c -index 49792a0..f192052 100644 +index f389228..592ef66 100644 --- a/arch/arm/mach-kirkwood/common.c +++ b/arch/arm/mach-kirkwood/common.c -@@ -150,7 +150,16 @@ static void clk_gate_fn_disable(struct clk_hw *hw) +@@ -149,7 +149,16 @@ static void clk_gate_fn_disable(struct clk_hw *hw) clk_gate_ops.disable(hw); } @@ -3260,7 +3432,7 @@ index 49792a0..f192052 100644 static struct clk __init *clk_register_gate_fn(struct device *dev, const char *name, -@@ -184,14 +193,6 @@ static struct clk __init *clk_register_gate_fn(struct device *dev, +@@ -183,14 +192,6 @@ static struct clk __init *clk_register_gate_fn(struct device *dev, gate_fn->fn_en = fn_en; gate_fn->fn_dis = fn_dis; @@ -3289,10 +3461,10 @@ index f6eeb87..cc90868 100644 }; diff --git a/arch/arm/mach-omap2/gpmc.c b/arch/arm/mach-omap2/gpmc.c -index 410e1ba..1d2dd59 100644 +index 6c4da12..d9ca72d 100644 --- a/arch/arm/mach-omap2/gpmc.c +++ b/arch/arm/mach-omap2/gpmc.c -@@ -145,7 +145,6 @@ struct omap3_gpmc_regs { +@@ -147,7 +147,6 @@ struct omap3_gpmc_regs { }; static struct gpmc_client_irq gpmc_client_irq[GPMC_NR_IRQ]; @@ -3300,7 +3472,7 @@ index 410e1ba..1d2dd59 100644 static unsigned gpmc_irq_start; static struct resource gpmc_mem_root; -@@ -707,6 +706,18 @@ static void gpmc_irq_noop(struct irq_data *data) { } +@@ -711,6 +710,18 @@ static void gpmc_irq_noop(struct irq_data *data) { } static unsigned int gpmc_irq_noop_ret(struct irq_data *data) { return 0; } @@ -3319,7 +3491,7 @@ index 410e1ba..1d2dd59 100644 static int gpmc_setup_irq(void) { int i; -@@ -721,15 +732,6 @@ static int gpmc_setup_irq(void) +@@ -725,15 +736,6 @@ static int gpmc_setup_irq(void) return gpmc_irq_start; } @@ -3349,7 +3521,7 @@ index f8bb3b9..831e7b8 100644 }; diff --git a/arch/arm/mach-omap2/omap_device.c b/arch/arm/mach-omap2/omap_device.c -index 381be7a..89b9c7e 100644 +index e6d2307..d057195 100644 --- a/arch/arm/mach-omap2/omap_device.c +++ b/arch/arm/mach-omap2/omap_device.c @@ -499,7 +499,7 @@ void omap_device_delete(struct omap_device *od) @@ -3390,10 +3562,10 @@ index 044c31d..2ee0861 100644 struct omap_device *omap_device_alloc(struct platform_device *pdev, struct omap_hwmod **ohs, int oh_cnt); diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c -index 3a750de..4c9b88f 100644 +index 7341eff..fd75e34 100644 --- a/arch/arm/mach-omap2/omap_hwmod.c +++ b/arch/arm/mach-omap2/omap_hwmod.c -@@ -191,10 +191,10 @@ struct omap_hwmod_soc_ops { +@@ -194,10 +194,10 @@ struct omap_hwmod_soc_ops { int (*init_clkdm)(struct omap_hwmod *oh); void (*update_context_lost)(struct omap_hwmod *oh); int (*get_context_lost)(struct omap_hwmod *oh); @@ -3430,10 +3602,23 @@ index d15c7bb..b2d1f0c 100644 pdev = omap_device_build(dev_name, id, oh, &pdata, sizeof(struct omap_wd_timer_platform_data)); WARN(IS_ERR(pdev), "Can't build omap_device for %s:%s.\n", -diff --git a/arch/arm/mach-ux500/include/mach/setup.h b/arch/arm/mach-ux500/include/mach/setup.h -index bddce2b..3eb04e2 100644 ---- a/arch/arm/mach-ux500/include/mach/setup.h -+++ b/arch/arm/mach-ux500/include/mach/setup.h +diff --git a/arch/arm/mach-tegra/cpuidle-tegra20.c b/arch/arm/mach-tegra/cpuidle-tegra20.c +index 0cdba8d..297993e 100644 +--- a/arch/arm/mach-tegra/cpuidle-tegra20.c ++++ b/arch/arm/mach-tegra/cpuidle-tegra20.c +@@ -181,7 +181,7 @@ static int tegra20_idle_lp2_coupled(struct cpuidle_device *dev, + bool entered_lp2 = false; + + if (tegra_pending_sgi()) +- ACCESS_ONCE(abort_flag) = true; ++ ACCESS_ONCE_RW(abort_flag) = true; + + cpuidle_coupled_parallel_barrier(dev, &abort_barrier); + +diff --git a/arch/arm/mach-ux500/setup.h b/arch/arm/mach-ux500/setup.h +index cad3ca86..1d79e0f 100644 +--- a/arch/arm/mach-ux500/setup.h ++++ b/arch/arm/mach-ux500/setup.h @@ -37,13 +37,6 @@ extern void ux500_timer_init(void); .type = MT_DEVICE, \ } @@ -3449,19 +3634,19 @@ index bddce2b..3eb04e2 100644 extern void ux500_cpu_die(unsigned int cpu); diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig -index 4045c49..4e26c79 100644 +index 2950082..d0f0782 100644 --- a/arch/arm/mm/Kconfig +++ b/arch/arm/mm/Kconfig -@@ -425,7 +425,7 @@ config CPU_32v5 +@@ -436,7 +436,7 @@ config CPU_32v5 config CPU_32v6 bool - select CPU_USE_DOMAINS if CPU_V6 && MMU -+ select CPU_USE_DOMAINS if CPU_V6 && MMU && !PAX_KERNEXEC ++ select CPU_USE_DOMAINS if CPU_V6 && MMU && !PAX_KERNEXEC && !PAX_MEMORY_UDEREF select TLS_REG_EMUL if !CPU_32v6K && !MMU config CPU_32v6K -@@ -574,6 +574,7 @@ config CPU_CP15_MPU +@@ -585,6 +585,7 @@ config CPU_CP15_MPU config CPU_USE_DOMAINS bool @@ -3469,8 +3654,25 @@ index 4045c49..4e26c79 100644 help This option enables or disables the use of domain switching via the set_fs() function. +@@ -780,6 +781,7 @@ config NEED_KUSER_HELPERS + config KUSER_HELPERS + bool "Enable kuser helpers in vector page" if !NEED_KUSER_HELPERS + default y ++ depends on !(CPU_V6 || CPU_V6K || CPU_V7) + help + Warning: disabling this option may break user programs. + +@@ -790,7 +792,7 @@ config KUSER_HELPERS + run on ARMv4 through to ARMv7 without modification. + + However, the fixed address nature of these helpers can be used +- by ROP (return orientated programming) authors when creating ++ by ROP (Return Oriented Programming) authors when creating + exploits. + + If all of the binaries and libraries which run on your platform diff --git a/arch/arm/mm/alignment.c b/arch/arm/mm/alignment.c -index db26e2e..ee44569 100644 +index 6f4585b..7b6f52b 100644 --- a/arch/arm/mm/alignment.c +++ b/arch/arm/mm/alignment.c @@ -211,10 +211,12 @@ union offset_union { @@ -3535,7 +3737,7 @@ index db26e2e..ee44569 100644 goto fault; \ } while (0) diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c -index 5dbf13f..1a60561 100644 +index 5dbf13f..ee1ec24 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c @@ -25,6 +25,7 @@ @@ -3638,11 +3840,29 @@ index 5dbf13f..1a60561 100644 printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n", inf->name, fsr, addr); -@@ -575,9 +637,49 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs) +@@ -569,15 +631,67 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs * + ifsr_info[nr].name = name; + } + ++asmlinkage int sys_sigreturn(struct pt_regs *regs); ++asmlinkage int sys_rt_sigreturn(struct pt_regs *regs); ++ + asmlinkage void __exception + do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs) + { const struct fsr_info *inf = ifsr_info + fsr_fs(ifsr); struct siginfo info; + if (user_mode(regs)) { ++ unsigned long sigpage = current->mm->context.sigpage; ++ ++ if (sigpage <= addr && addr < sigpage + 7*4) { ++ if (addr < sigpage + 3*4) ++ sys_sigreturn(regs); ++ else ++ sys_rt_sigreturn(regs); ++ return; ++ } + if (addr == 0xffff0fe0UL) { + /* + * PaX: __kuser_get_tls emulation @@ -3719,7 +3939,7 @@ index cf08bdf..772656c 100644 unsigned long search_exception_table(unsigned long addr); diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c -index ad722f1..763fdd3 100644 +index 0ecc43f..190b956 100644 --- a/arch/arm/mm/init.c +++ b/arch/arm/mm/init.c @@ -30,6 +30,8 @@ @@ -3731,7 +3951,7 @@ index ad722f1..763fdd3 100644 #include #include -@@ -736,7 +738,46 @@ void free_initmem(void) +@@ -726,7 +728,46 @@ void free_initmem(void) { #ifdef CONFIG_HAVE_TCM extern char __tcm_start, __tcm_end; @@ -3776,8 +3996,8 @@ index ad722f1..763fdd3 100644 + +#ifdef CONFIG_HAVE_TCM poison_init_mem(&__tcm_start, &__tcm_end - &__tcm_start); - totalram_pages += free_area(__phys_to_pfn(__pa(&__tcm_start)), - __phys_to_pfn(__pa(&__tcm_end)), + free_reserved_area(&__tcm_start, &__tcm_end, 0, "TCM link"); + #endif diff --git a/arch/arm/mm/ioremap.c b/arch/arm/mm/ioremap.c index 04d9006..c547d85 100644 --- a/arch/arm/mm/ioremap.c @@ -3795,7 +4015,7 @@ index 04d9006..c547d85 100644 return __arm_ioremap_caller(phys_addr, size, mtype, __builtin_return_address(0)); diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c -index 10062ce..cd34fb9 100644 +index 10062ce..8695745 100644 --- a/arch/arm/mm/mmap.c +++ b/arch/arm/mm/mmap.c @@ -59,6 +59,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, @@ -3872,20 +4092,7 @@ index 10062ce..cd34fb9 100644 addr = vm_unmapped_area(&info); /* -@@ -162,6 +172,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - VM_BUG_ON(addr != -ENOMEM); - info.flags = 0; - info.low_limit = mm->mmap_base; -+ -+#ifdef CONFIG_PAX_RANDMMAP -+ if (mm->pax_flags & MF_PAX_RANDMMAP) -+ info.low_limit += mm->delta_mmap; -+#endif -+ - info.high_limit = TASK_SIZE; - addr = vm_unmapped_area(&info); - } -@@ -173,6 +189,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -173,6 +183,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm) { unsigned long random_factor = 0UL; @@ -3896,7 +4103,7 @@ index 10062ce..cd34fb9 100644 /* 8 bits of randomness in 20 address space bits */ if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) -@@ -180,10 +200,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -180,10 +194,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; @@ -3920,7 +4127,7 @@ index 10062ce..cd34fb9 100644 mm->unmap_area = arch_unmap_area_topdown; } diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c -index a84ff76..f221c1d 100644 +index daf336f..4e6392c 100644 --- a/arch/arm/mm/mmu.c +++ b/arch/arm/mm/mmu.c @@ -36,6 +36,22 @@ @@ -3946,9 +4153,9 @@ index a84ff76..f221c1d 100644 /* * empty_zero_page is a special page that is used for * zero-initialized data and COW. -@@ -211,10 +227,18 @@ void adjust_cr(unsigned long mask, unsigned long set) - } - #endif +@@ -228,10 +244,18 @@ __setup("noalign", noalign_setup); + + #endif /* ifdef CONFIG_CPU_CP15 / else */ -#define PROT_PTE_DEVICE L_PTE_PRESENT|L_PTE_YOUNG|L_PTE_DIRTY|L_PTE_XN +#define PROT_PTE_DEVICE L_PTE_PRESENT|L_PTE_YOUNG|L_PTE_DIRTY @@ -3967,7 +4174,7 @@ index a84ff76..f221c1d 100644 [MT_DEVICE] = { /* Strongly ordered / ARMv6 shared device */ .prot_pte = PROT_PTE_DEVICE | L_PTE_MT_DEV_SHARED | L_PTE_SHARED, -@@ -243,16 +267,16 @@ static struct mem_type mem_types[] = { +@@ -260,16 +284,16 @@ static struct mem_type mem_types[] = { [MT_UNCACHED] = { .prot_pte = PROT_PTE_DEVICE, .prot_l1 = PMD_TYPE_TABLE, @@ -3987,7 +4194,7 @@ index a84ff76..f221c1d 100644 .domain = DOMAIN_KERNEL, }, #endif -@@ -260,36 +284,54 @@ static struct mem_type mem_types[] = { +@@ -277,36 +301,54 @@ static struct mem_type mem_types[] = { .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | L_PTE_RDONLY, .prot_l1 = PMD_TYPE_TABLE, @@ -3996,8 +4203,7 @@ index a84ff76..f221c1d 100644 }, [MT_HIGH_VECTORS] = { .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | -- L_PTE_USER | L_PTE_RDONLY, -+ L_PTE_RDONLY, + L_PTE_USER | L_PTE_RDONLY, .prot_l1 = PMD_TYPE_TABLE, - .domain = DOMAIN_USER, + .domain = DOMAIN_VECTORS, @@ -4051,7 +4257,7 @@ index a84ff76..f221c1d 100644 .domain = DOMAIN_KERNEL, }, [MT_MEMORY_ITCM] = { -@@ -299,10 +341,10 @@ static struct mem_type mem_types[] = { +@@ -316,10 +358,10 @@ static struct mem_type mem_types[] = { }, [MT_MEMORY_SO] = { .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | @@ -4064,7 +4270,7 @@ index a84ff76..f221c1d 100644 .domain = DOMAIN_KERNEL, }, [MT_MEMORY_DMA_READY] = { -@@ -388,9 +430,35 @@ static void __init build_mem_type_table(void) +@@ -405,9 +447,35 @@ static void __init build_mem_type_table(void) * to prevent speculative instruction fetches. */ mem_types[MT_DEVICE].prot_sect |= PMD_SECT_XN; @@ -4100,7 +4306,7 @@ index a84ff76..f221c1d 100644 } if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) { /* -@@ -451,6 +519,9 @@ static void __init build_mem_type_table(void) +@@ -468,6 +536,9 @@ static void __init build_mem_type_table(void) * from SVC mode and no access from userspace. */ mem_types[MT_ROM].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; @@ -4110,7 +4316,7 @@ index a84ff76..f221c1d 100644 mem_types[MT_MINICLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; mem_types[MT_CACHECLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; #endif -@@ -468,11 +539,17 @@ static void __init build_mem_type_table(void) +@@ -485,11 +556,17 @@ static void __init build_mem_type_table(void) mem_types[MT_DEVICE_WC].prot_pte |= L_PTE_SHARED; mem_types[MT_DEVICE_CACHED].prot_sect |= PMD_SECT_S; mem_types[MT_DEVICE_CACHED].prot_pte |= L_PTE_SHARED; @@ -4132,7 +4338,7 @@ index a84ff76..f221c1d 100644 } } -@@ -483,15 +560,20 @@ static void __init build_mem_type_table(void) +@@ -500,15 +577,20 @@ static void __init build_mem_type_table(void) if (cpu_arch >= CPU_ARCH_ARMv6) { if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) { /* Non-cacheable Normal is XCB = 001 */ @@ -4156,7 +4362,7 @@ index a84ff76..f221c1d 100644 } #ifdef CONFIG_ARM_LPAE -@@ -507,6 +589,8 @@ static void __init build_mem_type_table(void) +@@ -524,6 +606,8 @@ static void __init build_mem_type_table(void) vecs_pgprot |= PTE_EXT_AF; #endif @@ -4165,7 +4371,7 @@ index a84ff76..f221c1d 100644 for (i = 0; i < 16; i++) { pteval_t v = pgprot_val(protection_map[i]); protection_map[i] = __pgprot(v | user_pgprot); -@@ -524,10 +608,15 @@ static void __init build_mem_type_table(void) +@@ -541,10 +625,15 @@ static void __init build_mem_type_table(void) mem_types[MT_LOW_VECTORS].prot_l1 |= ecc_mask; mem_types[MT_HIGH_VECTORS].prot_l1 |= ecc_mask; @@ -4184,12 +4390,12 @@ index a84ff76..f221c1d 100644 mem_types[MT_ROM].prot_sect |= cp->pmd; switch (cp->pmd) { -@@ -1147,18 +1236,15 @@ void __init arm_mm_memblock_reserve(void) +@@ -1166,18 +1255,15 @@ void __init arm_mm_memblock_reserve(void) * called function. This means you can't use any function or debugging * method which may touch any device, otherwise the kernel _will_ crash. */ + -+static char vectors[PAGE_SIZE] __read_only __aligned(PAGE_SIZE); ++static char vectors[PAGE_SIZE * 2] __read_only __aligned(PAGE_SIZE); + static void __init devicemaps_init(struct machine_desc *mdesc) { @@ -4200,14 +4406,14 @@ index a84ff76..f221c1d 100644 - /* - * Allocate the vector page early. - */ -- vectors = early_alloc(PAGE_SIZE); +- vectors = early_alloc(PAGE_SIZE * 2); - - early_trap_init(vectors); + early_trap_init(&vectors); for (addr = VMALLOC_START; addr; addr += PMD_SIZE) pmd_clear(pmd_off_k(addr)); -@@ -1198,7 +1284,7 @@ static void __init devicemaps_init(struct machine_desc *mdesc) +@@ -1217,7 +1303,7 @@ static void __init devicemaps_init(struct machine_desc *mdesc) * location (0xffff0000). If we aren't using high-vectors, also * create a mapping at the low-vectors virtual address. */ @@ -4215,8 +4421,8 @@ index a84ff76..f221c1d 100644 + map.pfn = __phys_to_pfn(virt_to_phys(&vectors)); map.virtual = 0xffff0000; map.length = PAGE_SIZE; - map.type = MT_HIGH_VECTORS; -@@ -1256,8 +1342,39 @@ static void __init map_lowmem(void) + #ifdef CONFIG_KUSER_HELPERS +@@ -1287,8 +1373,39 @@ static void __init map_lowmem(void) map.pfn = __phys_to_pfn(start); map.virtual = __phys_to_virt(start); map.length = end - start; @@ -4257,20 +4463,6 @@ index a84ff76..f221c1d 100644 create_mapping(&map); } } -diff --git a/arch/arm/mm/proc-v7-2level.S b/arch/arm/mm/proc-v7-2level.S -index 78f520b..31f0cb6 100644 ---- a/arch/arm/mm/proc-v7-2level.S -+++ b/arch/arm/mm/proc-v7-2level.S -@@ -99,6 +99,9 @@ ENTRY(cpu_v7_set_pte_ext) - tst r1, #L_PTE_XN - orrne r3, r3, #PTE_EXT_XN - -+ tst r1, #L_PTE_PXN -+ orrne r3, r3, #PTE_EXT_PXN -+ - tst r1, #L_PTE_YOUNG - tstne r1, #L_PTE_VALID - #ifndef CONFIG_CPU_USE_DOMAINS diff --git a/arch/arm/plat-omap/sram.c b/arch/arm/plat-omap/sram.c index a5bc92d..0bb4730 100644 --- a/arch/arm/plat-omap/sram.c @@ -4285,10 +4477,10 @@ index a5bc92d..0bb4730 100644 + pax_close_kernel(); } diff --git a/arch/arm/plat-samsung/include/plat/dma-ops.h b/arch/arm/plat-samsung/include/plat/dma-ops.h -index 1141782..0959d64 100644 +index ce6d763..cfea917 100644 --- a/arch/arm/plat-samsung/include/plat/dma-ops.h +++ b/arch/arm/plat-samsung/include/plat/dma-ops.h -@@ -48,7 +48,7 @@ struct samsung_dma_ops { +@@ -47,7 +47,7 @@ struct samsung_dma_ops { int (*started)(unsigned ch); int (*flush)(unsigned ch); int (*stop)(unsigned ch); @@ -4887,10 +5079,10 @@ index 24603be..948052d 100644 DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp); } diff --git a/arch/ia64/kernel/palinfo.c b/arch/ia64/kernel/palinfo.c -index 79521d5..43dddff 100644 +index 2b3c2d7..a318d84 100644 --- a/arch/ia64/kernel/palinfo.c +++ b/arch/ia64/kernel/palinfo.c -@@ -1006,7 +1006,7 @@ static int __cpuinit palinfo_cpu_callback(struct notifier_block *nfb, +@@ -980,7 +980,7 @@ static int __cpuinit palinfo_cpu_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -4900,10 +5092,10 @@ index 79521d5..43dddff 100644 .notifier_call = palinfo_cpu_callback, .priority = 0, diff --git a/arch/ia64/kernel/salinfo.c b/arch/ia64/kernel/salinfo.c -index aa527d7..f237752 100644 +index 4bc580a..7767f24 100644 --- a/arch/ia64/kernel/salinfo.c +++ b/arch/ia64/kernel/salinfo.c -@@ -616,7 +616,7 @@ salinfo_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu +@@ -609,7 +609,7 @@ salinfo_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu return NOTIFY_OK; } @@ -5044,7 +5236,7 @@ index 76069c1..c2aa816 100644 } diff --git a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c -index 20bc967..a26993e 100644 +index d1fe4b4..2628f37 100644 --- a/arch/ia64/mm/init.c +++ b/arch/ia64/mm/init.c @@ -120,6 +120,19 @@ ia64_init_addr_space (void) @@ -5240,11 +5432,102 @@ index c1f6afa..38cc6e9 100644 +#define arch_align_stack(x) ((x) & ~0xfUL) #endif /* _ASM_EXEC_H */ +diff --git a/arch/mips/include/asm/local.h b/arch/mips/include/asm/local.h +index d44622c..64990d2 100644 +--- a/arch/mips/include/asm/local.h ++++ b/arch/mips/include/asm/local.h +@@ -12,15 +12,25 @@ typedef struct + atomic_long_t a; + } local_t; + ++typedef struct { ++ atomic_long_unchecked_t a; ++} local_unchecked_t; ++ + #define LOCAL_INIT(i) { ATOMIC_LONG_INIT(i) } + + #define local_read(l) atomic_long_read(&(l)->a) ++#define local_read_unchecked(l) atomic_long_read_unchecked(&(l)->a) + #define local_set(l, i) atomic_long_set(&(l)->a, (i)) ++#define local_set_unchecked(l, i) atomic_long_set_unchecked(&(l)->a, (i)) + + #define local_add(i, l) atomic_long_add((i), (&(l)->a)) ++#define local_add_unchecked(i, l) atomic_long_add_unchecked((i), (&(l)->a)) + #define local_sub(i, l) atomic_long_sub((i), (&(l)->a)) ++#define local_sub_unchecked(i, l) atomic_long_sub_unchecked((i), (&(l)->a)) + #define local_inc(l) atomic_long_inc(&(l)->a) ++#define local_inc_unchecked(l) atomic_long_inc_unchecked(&(l)->a) + #define local_dec(l) atomic_long_dec(&(l)->a) ++#define local_dec_unchecked(l) atomic_long_dec_unchecked(&(l)->a) + + /* + * Same as above, but return the result value +@@ -70,6 +80,51 @@ static __inline__ long local_add_return(long i, local_t * l) + return result; + } + ++static __inline__ long local_add_return_unchecked(long i, local_unchecked_t * l) ++{ ++ unsigned long result; ++ ++ if (kernel_uses_llsc && R10000_LLSC_WAR) { ++ unsigned long temp; ++ ++ __asm__ __volatile__( ++ " .set mips3 \n" ++ "1:" __LL "%1, %2 # local_add_return \n" ++ " addu %0, %1, %3 \n" ++ __SC "%0, %2 \n" ++ " beqzl %0, 1b \n" ++ " addu %0, %1, %3 \n" ++ " .set mips0 \n" ++ : "=&r" (result), "=&r" (temp), "=m" (l->a.counter) ++ : "Ir" (i), "m" (l->a.counter) ++ : "memory"); ++ } else if (kernel_uses_llsc) { ++ unsigned long temp; ++ ++ __asm__ __volatile__( ++ " .set mips3 \n" ++ "1:" __LL "%1, %2 # local_add_return \n" ++ " addu %0, %1, %3 \n" ++ __SC "%0, %2 \n" ++ " beqz %0, 1b \n" ++ " addu %0, %1, %3 \n" ++ " .set mips0 \n" ++ : "=&r" (result), "=&r" (temp), "=m" (l->a.counter) ++ : "Ir" (i), "m" (l->a.counter) ++ : "memory"); ++ } else { ++ unsigned long flags; ++ ++ local_irq_save(flags); ++ result = l->a.counter; ++ result += i; ++ l->a.counter = result; ++ local_irq_restore(flags); ++ } ++ ++ return result; ++} ++ + static __inline__ long local_sub_return(long i, local_t * l) + { + unsigned long result; +@@ -117,6 +172,8 @@ static __inline__ long local_sub_return(long i, local_t * l) + + #define local_cmpxchg(l, o, n) \ + ((long)cmpxchg_local(&((l)->a.counter), (o), (n))) ++#define local_cmpxchg_unchecked(l, o, n) \ ++ ((long)cmpxchg_local(&((l)->a.counter), (o), (n))) + #define local_xchg(l, n) (atomic_long_xchg((&(l)->a), (n))) + + /** diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h -index eab99e5..607c98e 100644 +index f59552f..3abe9b9 100644 --- a/arch/mips/include/asm/page.h +++ b/arch/mips/include/asm/page.h -@@ -96,7 +96,7 @@ extern void copy_user_highpage(struct page *to, struct page *from, +@@ -95,7 +95,7 @@ extern void copy_user_highpage(struct page *to, struct page *from, #ifdef CONFIG_CPU_MIPS32 typedef struct { unsigned long pte_low, pte_high; } pte_t; #define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32)) @@ -5270,10 +5553,10 @@ index 881d18b..cea38bc 100644 /* diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h -index 178f792..8ebc510 100644 +index 895320e..bf63e10 100644 --- a/arch/mips/include/asm/thread_info.h +++ b/arch/mips/include/asm/thread_info.h -@@ -111,6 +111,8 @@ register struct thread_info *__current_thread_info __asm__("$28"); +@@ -115,6 +115,8 @@ static inline struct thread_info *current_thread_info(void) #define TIF_32BIT_ADDR 23 /* 32-bit address space (o32/n32) */ #define TIF_FPUBOUND 24 /* thread bound to FPU-full CPU set */ #define TIF_LOAD_WATCH 25 /* If set, load watch registers */ @@ -5282,7 +5565,7 @@ index 178f792..8ebc510 100644 #define TIF_SYSCALL_TRACE 31 /* syscall trace active */ #define _TIF_SYSCALL_TRACE (1< #include diff --git a/arch/mips/kernel/binfmt_elfo32.c b/arch/mips/kernel/binfmt_elfo32.c -index 556a435..b4fd2e3 100644 +index 202e581..689ca79 100644 --- a/arch/mips/kernel/binfmt_elfo32.c +++ b/arch/mips/kernel/binfmt_elfo32.c -@@ -52,6 +52,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG]; +@@ -56,6 +56,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG]; #undef ELF_ET_DYN_BASE #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2) @@ -5340,10 +5623,10 @@ index 556a435..b4fd2e3 100644 /* diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c -index 3be4405..a799827 100644 +index c6a041d..b3e7318 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c -@@ -461,15 +461,3 @@ unsigned long get_wchan(struct task_struct *task) +@@ -563,15 +563,3 @@ unsigned long get_wchan(struct task_struct *task) out: return pc; } @@ -5387,7 +5670,7 @@ index 9c6299c..2fb4c22 100644 goto out; diff --git a/arch/mips/kernel/scall32-o32.S b/arch/mips/kernel/scall32-o32.S -index 9ea2964..c4329c3 100644 +index 9b36424..e7f4154 100644 --- a/arch/mips/kernel/scall32-o32.S +++ b/arch/mips/kernel/scall32-o32.S @@ -52,7 +52,7 @@ NESTED(handle_sys, PT_SIZE, sp) @@ -5400,7 +5683,7 @@ index 9ea2964..c4329c3 100644 bnez t0, syscall_trace_entry # -> yes diff --git a/arch/mips/kernel/scall64-64.S b/arch/mips/kernel/scall64-64.S -index 36cfd40..b1436e0 100644 +index 97a5909..59622f8 100644 --- a/arch/mips/kernel/scall64-64.S +++ b/arch/mips/kernel/scall64-64.S @@ -54,7 +54,7 @@ NESTED(handle_sys64, PT_SIZE, sp) @@ -5413,7 +5696,7 @@ index 36cfd40..b1436e0 100644 and t0, t1, t0 bnez t0, syscall_trace_entry diff --git a/arch/mips/kernel/scall64-n32.S b/arch/mips/kernel/scall64-n32.S -index 693d60b..ae0ba75 100644 +index edcb659..fb2ab09 100644 --- a/arch/mips/kernel/scall64-n32.S +++ b/arch/mips/kernel/scall64-n32.S @@ -47,7 +47,7 @@ NESTED(handle_sysn32, PT_SIZE, sp) @@ -5426,7 +5709,7 @@ index 693d60b..ae0ba75 100644 and t0, t1, t0 bnez t0, n32_syscall_trace_entry diff --git a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S -index af8887f..611ccb6 100644 +index 74f485d..47d2c38 100644 --- a/arch/mips/kernel/scall64-o32.S +++ b/arch/mips/kernel/scall64-o32.S @@ -81,7 +81,7 @@ NESTED(handle_sys, PT_SIZE, sp) @@ -5439,7 +5722,7 @@ index af8887f..611ccb6 100644 and t0, t1, t0 bnez t0, trace_a_syscall diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c -index 0fead53..a2c0fb5 100644 +index 0fead53..eeb00a6 100644 --- a/arch/mips/mm/fault.c +++ b/arch/mips/mm/fault.c @@ -27,6 +27,23 @@ @@ -5466,6 +5749,21 @@ index 0fead53..a2c0fb5 100644 /* * This routine handles page faults. It determines the address, * and the problem, and then passes it off to one of the appropriate +@@ -196,6 +213,14 @@ bad_area: + bad_area_nosemaphore: + /* User mode accesses just cause a SIGSEGV */ + if (user_mode(regs)) { ++ ++#ifdef CONFIG_PAX_PAGEEXEC ++ if (cpu_has_rixi && (mm->pax_flags & MF_PAX_PAGEEXEC) && !write && address == instruction_pointer(regs)) { ++ pax_report_fault(regs, (void *)address, (void *)user_stack_pointer(regs)); ++ do_group_exit(SIGKILL); ++ } ++#endif ++ + tsk->thread.cp0_badvaddr = address; + tsk->thread.error_code = write; + #if 0 diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c index 7e5fe27..9656513 100644 --- a/arch/mips/mm/mmap.c @@ -5634,12 +5932,12 @@ index 4ce7a01..449202a 100644 #endif /* __ASM_OPENRISC_CACHE_H */ diff --git a/arch/parisc/include/asm/atomic.h b/arch/parisc/include/asm/atomic.h -index f38e198..4179e38 100644 +index 472886c..00e7df9 100644 --- a/arch/parisc/include/asm/atomic.h +++ b/arch/parisc/include/asm/atomic.h -@@ -229,6 +229,16 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) - - #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0) +@@ -252,6 +252,16 @@ static inline long atomic64_dec_if_positive(atomic64_t *v) + return dec; + } +#define atomic64_read_unchecked(v) atomic64_read(v) +#define atomic64_set_unchecked(v, i) atomic64_set((v), (i)) @@ -5763,19 +6061,6 @@ index e0a8235..ce2f1e1 100644 ret = __copy_from_user(to, from, n); else copy_from_user_overflow(); -diff --git a/arch/parisc/kernel/drivers.c b/arch/parisc/kernel/drivers.c -index 5709c5e..14285ca 100644 ---- a/arch/parisc/kernel/drivers.c -+++ b/arch/parisc/kernel/drivers.c -@@ -394,7 +394,7 @@ EXPORT_SYMBOL(print_pci_hwpath); - static void setup_bus_id(struct parisc_device *padev) - { - struct hardware_path path; -- char name[20]; -+ char name[28]; - char *output = name; - int i; - diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c index 2a625fb..9908930 100644 --- a/arch/parisc/kernel/module.c @@ -5879,20 +6164,6 @@ index 2a625fb..9908930 100644 DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n", me->arch.unwind_section, table, end, gp); -diff --git a/arch/parisc/kernel/setup.c b/arch/parisc/kernel/setup.c -index a3328c2..3b812eb 100644 ---- a/arch/parisc/kernel/setup.c -+++ b/arch/parisc/kernel/setup.c -@@ -69,7 +69,8 @@ void __init setup_cmdline(char **cmdline_p) - /* called from hpux boot loader */ - boot_command_line[0] = '\0'; - } else { -- strcpy(boot_command_line, (char *)__va(boot_args[1])); -+ strlcpy(boot_command_line, (char *)__va(boot_args[1]), -+ COMMAND_LINE_SIZE); - - #ifdef CONFIG_BLK_DEV_INITRD - if (boot_args[2] != 0) /* did palo pass us a ramdisk? */ diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c index 5dfd248..64914ac 100644 --- a/arch/parisc/kernel/sys_parisc.c @@ -5968,10 +6239,10 @@ index 5dfd248..64914ac 100644 return addr; } diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c -index aeb8f8f..27a6c2f 100644 +index 04e47c6..7a8faf6 100644 --- a/arch/parisc/kernel/traps.c +++ b/arch/parisc/kernel/traps.c -@@ -732,9 +732,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs) +@@ -727,9 +727,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs) down_read(¤t->mm->mmap_sem); vma = find_vma(current->mm,regs->iaoq[0]); @@ -6198,7 +6469,7 @@ index 9e495c9..b6878e5 100644 #define SMP_CACHE_BYTES L1_CACHE_BYTES diff --git a/arch/powerpc/include/asm/elf.h b/arch/powerpc/include/asm/elf.h -index ac9790f..6d30741 100644 +index cc0655a..13eac2e 100644 --- a/arch/powerpc/include/asm/elf.h +++ b/arch/powerpc/include/asm/elf.h @@ -28,8 +28,19 @@ @@ -6223,7 +6494,7 @@ index ac9790f..6d30741 100644 /* * Our registers are always unsigned longs, whether we're a 32 bit -@@ -122,10 +133,6 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm, +@@ -123,10 +134,6 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm, (0x7ff >> (PAGE_SHIFT - 12)) : \ (0x3ffff >> (PAGE_SHIFT - 12))) @@ -6273,7 +6544,7 @@ index 8565c25..2865190 100644 return (vm_flags & VM_SAO) ? __pgprot(_PAGE_SAO) : __pgprot(0); } diff --git a/arch/powerpc/include/asm/page.h b/arch/powerpc/include/asm/page.h -index f072e97..b436dee 100644 +index 988c812..63c7d70 100644 --- a/arch/powerpc/include/asm/page.h +++ b/arch/powerpc/include/asm/page.h @@ -220,8 +220,9 @@ extern long long virt_phys_offset; @@ -6295,14 +6566,14 @@ index f072e97..b436dee 100644 +#define ktla_ktva(addr) (addr) +#define ktva_ktla(addr) (addr) + + #ifndef CONFIG_PPC_BOOK3S_64 /* * Use the top bit of the higher-level page table entries to indicate whether - * the entries we point to contain hugepages. This works because we know that diff --git a/arch/powerpc/include/asm/page_64.h b/arch/powerpc/include/asm/page_64.h -index cd915d6..c10cee8 100644 +index 88693ce..ac6f9ab 100644 --- a/arch/powerpc/include/asm/page_64.h +++ b/arch/powerpc/include/asm/page_64.h -@@ -154,15 +154,18 @@ do { \ +@@ -153,15 +153,18 @@ do { \ * stack by default, so in the absence of a PT_GNU_STACK program header * we turn execute permission off. */ @@ -6324,10 +6595,10 @@ index cd915d6..c10cee8 100644 #include diff --git a/arch/powerpc/include/asm/pgalloc-64.h b/arch/powerpc/include/asm/pgalloc-64.h -index 292725c..f87ae14 100644 +index b66ae72..4a378cd 100644 --- a/arch/powerpc/include/asm/pgalloc-64.h +++ b/arch/powerpc/include/asm/pgalloc-64.h -@@ -50,6 +50,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd) +@@ -53,6 +53,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd) #ifndef CONFIG_PPC_64K_PAGES #define pgd_populate(MM, PGD, PUD) pgd_set(PGD, PUD) @@ -6335,7 +6606,7 @@ index 292725c..f87ae14 100644 static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr) { -@@ -67,6 +68,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) +@@ -70,6 +71,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) pud_set(pud, (unsigned long)pmd); } @@ -6347,8 +6618,8 @@ index 292725c..f87ae14 100644 #define pmd_populate(mm, pmd, pte_page) \ pmd_populate_kernel(mm, pmd, page_address(pte_page)) #define pmd_populate_kernel(mm, pmd, pte) pmd_set(pmd, (unsigned long)(pte)) -@@ -76,6 +82,7 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) - #else /* CONFIG_PPC_64K_PAGES */ +@@ -171,6 +177,7 @@ extern void __tlb_remove_table(void *_table); + #endif #define pud_populate(mm, pud, pmd) pud_set(pud, (unsigned long)pmd) +#define pud_populate_kernel(mm, pud, pmd) pud_populate((mm), (pud), (pmd)) @@ -6356,7 +6627,7 @@ index 292725c..f87ae14 100644 static inline void pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmd, pte_t *pte) diff --git a/arch/powerpc/include/asm/pgtable.h b/arch/powerpc/include/asm/pgtable.h -index a9cbd3b..3b67efa 100644 +index 7aeb955..19f748e 100644 --- a/arch/powerpc/include/asm/pgtable.h +++ b/arch/powerpc/include/asm/pgtable.h @@ -2,6 +2,7 @@ @@ -6380,7 +6651,7 @@ index 4aad413..85d86bf 100644 #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */ #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */ diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h -index 3b097a8..8f8c774 100644 +index e1fb161..2290d1d 100644 --- a/arch/powerpc/include/asm/reg.h +++ b/arch/powerpc/include/asm/reg.h @@ -234,6 +234,7 @@ @@ -6392,7 +6663,7 @@ index 3b097a8..8f8c774 100644 #define DSISR_ISSTORE 0x02000000 /* access was a store */ #define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */ diff --git a/arch/powerpc/include/asm/smp.h b/arch/powerpc/include/asm/smp.h -index 195ce2a..ab5c614 100644 +index 48cfc85..891382f 100644 --- a/arch/powerpc/include/asm/smp.h +++ b/arch/powerpc/include/asm/smp.h @@ -50,7 +50,7 @@ struct smp_ops_t { @@ -6405,36 +6676,36 @@ index 195ce2a..ab5c614 100644 extern void smp_send_debugger_break(void); extern void start_secondary_resume(void); diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h -index 406b7b9..af63426 100644 +index ba7b197..d292e26 100644 --- a/arch/powerpc/include/asm/thread_info.h +++ b/arch/powerpc/include/asm/thread_info.h -@@ -97,7 +97,6 @@ static inline struct thread_info *current_thread_info(void) +@@ -93,7 +93,6 @@ static inline struct thread_info *current_thread_info(void) + #define TIF_POLLING_NRFLAG 3 /* true if poll_idle() is polling + TIF_NEED_RESCHED */ + #define TIF_32BIT 4 /* 32 bit binary */ +-#define TIF_PERFMON_WORK 5 /* work for pfm_handle_work() */ #define TIF_PERFMON_CTXSW 6 /* perfmon needs ctxsw calls */ #define TIF_SYSCALL_AUDIT 7 /* syscall auditing active */ #define TIF_SINGLESTEP 8 /* singlestepping active */ --#define TIF_MEMDIE 9 /* is terminating due to OOM killer */ - #define TIF_SECCOMP 10 /* secure computing */ - #define TIF_RESTOREALL 11 /* Restore all regs (implies NOERROR) */ - #define TIF_NOERROR 12 /* Force successful syscall return */ -@@ -106,6 +105,9 @@ static inline struct thread_info *current_thread_info(void) - #define TIF_SYSCALL_TRACEPOINT 15 /* syscall tracepoint instrumentation */ +@@ -107,6 +106,9 @@ static inline struct thread_info *current_thread_info(void) #define TIF_EMULATE_STACK_STORE 16 /* Is an instruction emulation for stack store? */ -+#define TIF_MEMDIE 17 /* is terminating due to OOM killer */ + #define TIF_MEMDIE 17 /* is terminating due to OOM killer */ ++#define TIF_PERFMON_WORK 18 /* work for pfm_handle_work() */ +/* mask must be expressable within 16 bits to satisfy 'andi' instruction reqs */ -+#define TIF_GRSEC_SETXID 9 /* update credentials on syscall entry/exit */ ++#define TIF_GRSEC_SETXID 5 /* update credentials on syscall entry/exit */ /* as above, but as bit values */ #define _TIF_SYSCALL_TRACE (1<jump[0]) { diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c -index 16e77a8..4501b41 100644 +index 7baa27b..f6b394a 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c -@@ -870,8 +870,8 @@ void show_regs(struct pt_regs * regs) +@@ -884,8 +884,8 @@ void show_regs(struct pt_regs * regs) * Lookup NIP late so we have the best change of getting the * above info out without failing */ @@ -6696,7 +6967,7 @@ index 16e77a8..4501b41 100644 #endif #ifdef CONFIG_PPC_TRANSACTIONAL_MEM printk("PACATMSCRATCH [%llx]\n", get_paca()->tm_scratch); -@@ -1330,10 +1330,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1345,10 +1345,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) newsp = stack[0]; ip = stack[STACK_FRAME_LR_SAVE]; if (!firstframe || ip != lr) { @@ -6709,7 +6980,7 @@ index 16e77a8..4501b41 100644 (void *)current->ret_stack[curr_frame].ret); curr_frame--; } -@@ -1353,7 +1353,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1368,7 +1368,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) struct pt_regs *regs = (struct pt_regs *) (sp + STACK_FRAME_OVERHEAD); lr = regs->link; @@ -6718,7 +6989,7 @@ index 16e77a8..4501b41 100644 regs->trap, (void *)regs->nip, (void *)lr); firstframe = 1; } -@@ -1395,58 +1395,3 @@ void __ppc64_runlatch_off(void) +@@ -1404,58 +1404,3 @@ void notrace __ppc64_runlatch_off(void) mtspr(SPRN_CTRLT, ctrl); } #endif /* CONFIG_PPC64 */ @@ -6778,10 +7049,10 @@ index 16e77a8..4501b41 100644 - return ret; -} diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c -index f9b30c6..d72e7a3 100644 +index 64f7bd5..8dd550f 100644 --- a/arch/powerpc/kernel/ptrace.c +++ b/arch/powerpc/kernel/ptrace.c -@@ -1771,6 +1771,10 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -1783,6 +1783,10 @@ long arch_ptrace(struct task_struct *child, long request, return ret; } @@ -6792,7 +7063,7 @@ index f9b30c6..d72e7a3 100644 /* * We must return the syscall number to actually look up in the table. * This can be -1L to skip running any syscall at all. -@@ -1781,6 +1785,11 @@ long do_syscall_trace_enter(struct pt_regs *regs) +@@ -1795,6 +1799,11 @@ long do_syscall_trace_enter(struct pt_regs *regs) secure_computing_strict(regs->gpr[0]); @@ -6804,7 +7075,7 @@ index f9b30c6..d72e7a3 100644 if (test_thread_flag(TIF_SYSCALL_TRACE) && tracehook_report_syscall_entry(regs)) /* -@@ -1815,6 +1824,11 @@ void do_syscall_trace_leave(struct pt_regs *regs) +@@ -1829,6 +1838,11 @@ void do_syscall_trace_leave(struct pt_regs *regs) { int step; @@ -6817,10 +7088,10 @@ index f9b30c6..d72e7a3 100644 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c -index 201385c..0f01828 100644 +index 0f83122..c0aca6a 100644 --- a/arch/powerpc/kernel/signal_32.c +++ b/arch/powerpc/kernel/signal_32.c -@@ -976,7 +976,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka, +@@ -987,7 +987,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka, /* Save user registers on the stack */ frame = &rt_sf->uc.uc_mcontext; addr = frame; @@ -6830,10 +7101,10 @@ index 201385c..0f01828 100644 tramp = current->mm->context.vdso_base + vdso32_rt_sigtramp; } else { diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c -index 3459473..2d40783 100644 +index 887e99d..310bc11 100644 --- a/arch/powerpc/kernel/signal_64.c +++ b/arch/powerpc/kernel/signal_64.c -@@ -749,7 +749,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info, +@@ -751,7 +751,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info, #endif /* Set up to return from userspace. */ @@ -6843,7 +7114,7 @@ index 3459473..2d40783 100644 } else { err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]); diff --git a/arch/powerpc/kernel/sysfs.c b/arch/powerpc/kernel/sysfs.c -index 3ce1f86..c30e629 100644 +index e68a845..8b140e6 100644 --- a/arch/powerpc/kernel/sysfs.c +++ b/arch/powerpc/kernel/sysfs.c @@ -522,7 +522,7 @@ static int __cpuinit sysfs_cpu_notify(struct notifier_block *self, @@ -6856,10 +7127,10 @@ index 3ce1f86..c30e629 100644 }; diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c -index 1c22b2d..3b56e67 100644 +index 88929b1..bece8f8 100644 --- a/arch/powerpc/kernel/traps.c +++ b/arch/powerpc/kernel/traps.c -@@ -142,6 +142,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs) +@@ -141,6 +141,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs) return flags; } @@ -6868,7 +7139,7 @@ index 1c22b2d..3b56e67 100644 static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr) { -@@ -191,6 +193,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, +@@ -190,6 +192,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, panic("Fatal exception in interrupt"); if (panic_on_oops) panic("Fatal exception"); @@ -6879,7 +7150,7 @@ index 1c22b2d..3b56e67 100644 } diff --git a/arch/powerpc/kernel/vdso.c b/arch/powerpc/kernel/vdso.c -index 1b2076f..835e4be 100644 +index d4f463a..8fb7431 100644 --- a/arch/powerpc/kernel/vdso.c +++ b/arch/powerpc/kernel/vdso.c @@ -34,6 +34,7 @@ @@ -6890,7 +7161,7 @@ index 1b2076f..835e4be 100644 #include "setup.h" -@@ -218,7 +219,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -222,7 +223,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) vdso_base = VDSO32_MBASE; #endif @@ -6899,7 +7170,7 @@ index 1b2076f..835e4be 100644 /* vDSO has a problem and was disabled, just don't "enable" it for the * process -@@ -238,7 +239,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -242,7 +243,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) vdso_base = get_unmapped_area(NULL, vdso_base, (vdso_pages << PAGE_SHIFT) + ((VDSO_ALIGNMENT - 1) & PAGE_MASK), @@ -6944,13 +7215,13 @@ index 5eea6f3..5d10396 100644 EXPORT_SYMBOL(copy_in_user); diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c -index 229951f..cdeca42 100644 +index 8726779..a33c512 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c -@@ -32,6 +32,10 @@ - #include +@@ -33,6 +33,10 @@ #include #include + #include +#include +#include +#include @@ -6958,7 +7229,7 @@ index 229951f..cdeca42 100644 #include #include -@@ -68,6 +72,33 @@ static inline int notify_page_fault(struct pt_regs *regs) +@@ -69,6 +73,33 @@ static inline int notify_page_fault(struct pt_regs *regs) } #endif @@ -6992,7 +7263,7 @@ index 229951f..cdeca42 100644 /* * Check whether the instruction at regs->nip is a store using * an update addressing form which will update r1. -@@ -213,7 +244,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address, +@@ -216,7 +247,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address, * indicate errors in DSISR but can validly be set in SRR1. */ if (trap == 0x400) @@ -7001,7 +7272,7 @@ index 229951f..cdeca42 100644 else is_write = error_code & DSISR_ISSTORE; #else -@@ -364,7 +395,7 @@ good_area: +@@ -371,7 +402,7 @@ good_area: * "undefined". Of those that can be set, this is the only * one which seems bad. */ @@ -7010,7 +7281,7 @@ index 229951f..cdeca42 100644 /* Guarded storage error. */ goto bad_area; #endif /* CONFIG_8xx */ -@@ -379,7 +410,7 @@ good_area: +@@ -386,7 +417,7 @@ good_area: * processors use the same I/D cache coherency mechanism * as embedded. */ @@ -7019,7 +7290,7 @@ index 229951f..cdeca42 100644 goto bad_area; #endif /* CONFIG_PPC_STD_MMU */ -@@ -462,6 +493,23 @@ bad_area: +@@ -471,6 +502,23 @@ bad_area: bad_area_nosemaphore: /* User mode accesses cause a SIGSEGV */ if (user_mode(regs)) { @@ -7041,7 +7312,7 @@ index 229951f..cdeca42 100644 +#endif + _exception(SIGSEGV, regs, code, address); - return 0; + goto bail; } diff --git a/arch/powerpc/mm/mmap_64.c b/arch/powerpc/mm/mmap_64.c index 67a42ed..cd463e0 100644 @@ -7095,10 +7366,10 @@ index e779642..e5bb889 100644 }; diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c -index 6a252c4..3024d81 100644 +index cafad40..9cbc0fc 100644 --- a/arch/powerpc/mm/numa.c +++ b/arch/powerpc/mm/numa.c -@@ -932,7 +932,7 @@ static void __init *careful_zallocation(int nid, unsigned long size, +@@ -920,7 +920,7 @@ static void __init *careful_zallocation(int nid, unsigned long size, return ret; } @@ -7108,7 +7379,7 @@ index 6a252c4..3024d81 100644 .priority = 1 /* Must run before sched domains notifier. */ }; diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c -index cf9dada..241529f 100644 +index 3e99c14..f00953c 100644 --- a/arch/powerpc/mm/slice.c +++ b/arch/powerpc/mm/slice.c @@ -103,7 +103,7 @@ static int slice_area_is_free(struct mm_struct *mm, unsigned long addr, @@ -7120,52 +7391,20 @@ index cf9dada..241529f 100644 } static int slice_low_has_vma(struct mm_struct *mm, unsigned long slice) -@@ -272,7 +272,7 @@ full_search: - addr = _ALIGN_UP(addr + 1, 1ul << SLICE_HIGH_SHIFT); - continue; - } -- if (!vma || addr + len <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr, len, 0)) { - /* - * Remember the place where we stopped the search: - */ -@@ -329,10 +329,14 @@ static unsigned long slice_find_area_topdown(struct mm_struct *mm, - } - } +@@ -277,6 +277,12 @@ static unsigned long slice_find_area_bottomup(struct mm_struct *mm, + info.align_offset = 0; -- addr = mm->mmap_base; -- while (addr > len) { -+ if (mm->mmap_base < len) -+ addr = -ENOMEM; -+ else -+ addr = mm->mmap_base - len; + addr = TASK_UNMAPPED_BASE; + -+ while (!IS_ERR_VALUE(addr)) { - /* Go down by chunk size */ -- addr = _ALIGN_DOWN(addr - len, 1ul << pshift); -+ addr = _ALIGN_DOWN(addr, 1ul << pshift); - - /* Check for hit with different page size */ - mask = slice_range_to_mask(addr, len); -@@ -352,7 +356,7 @@ static unsigned long slice_find_area_topdown(struct mm_struct *mm, - * return with success: - */ - vma = find_vma(mm, addr); -- if (!vma || (addr + len) <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr, len, 0)) { - /* remember the address as a hint for next time */ - if (use_cache) - mm->free_area_cache = addr; -@@ -364,7 +368,7 @@ static unsigned long slice_find_area_topdown(struct mm_struct *mm, - mm->cached_hole_size = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = vma->vm_start; -+ addr = skip_heap_stack_gap(vma, len, 0); - } - - /* -@@ -442,6 +446,11 @@ unsigned long slice_get_unmapped_area(unsigned long addr, unsigned long len, ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ addr += mm->delta_mmap; ++#endif ++ + while (addr < TASK_SIZE) { + info.low_limit = addr; + if (!slice_scan_available(addr, available, 1, &addr)) +@@ -410,6 +416,11 @@ unsigned long slice_get_unmapped_area(unsigned long addr, unsigned long len, if (fixed && addr > (mm->task_size - len)) return -EINVAL; @@ -7178,10 +7417,10 @@ index cf9dada..241529f 100644 if (!fixed && addr) { addr = _ALIGN_UP(addr, 1ul << pshift); diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c -index 68c57d3..1fdcfb2 100644 +index 9098692..3d54cd1 100644 --- a/arch/powerpc/platforms/cell/spufs/file.c +++ b/arch/powerpc/platforms/cell/spufs/file.c -@@ -281,9 +281,9 @@ spufs_mem_mmap_fault(struct vm_area_struct *vma, struct vm_fault *vmf) +@@ -280,9 +280,9 @@ spufs_mem_mmap_fault(struct vm_area_struct *vma, struct vm_fault *vmf) return VM_FAULT_NOPAGE; } @@ -7244,10 +7483,10 @@ index 4d7ccac..d03d0ad 100644 #define __read_mostly __attribute__((__section__(".data..read_mostly"))) diff --git a/arch/s390/include/asm/elf.h b/arch/s390/include/asm/elf.h -index 1bfdf24..9c9ab2e 100644 +index 78f4f87..598ce39 100644 --- a/arch/s390/include/asm/elf.h +++ b/arch/s390/include/asm/elf.h -@@ -160,8 +160,14 @@ extern unsigned int vdso_enabled; +@@ -162,8 +162,14 @@ extern unsigned int vdso_enabled; the loader. We need to make sure that it is out of the way of the program that it will "exec", and that there is sufficient room for the brk. */ @@ -7264,7 +7503,7 @@ index 1bfdf24..9c9ab2e 100644 /* This yields a mask that user programs can use to figure out what instruction set this CPU supports. */ -@@ -207,9 +213,6 @@ struct linux_binprm; +@@ -222,9 +228,6 @@ struct linux_binprm; #define ARCH_HAS_SETUP_ADDITIONAL_PAGES 1 int arch_setup_additional_pages(struct linux_binprm *, int); @@ -7404,10 +7643,10 @@ index 7845e15..59c4353 100644 if (r_type == R_390_GOTPC) rc = apply_rela_bits(loc, val, 1, 32, 0); diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c -index 536d645..4a5bd9e 100644 +index 2bc3edd..ab9d598 100644 --- a/arch/s390/kernel/process.c +++ b/arch/s390/kernel/process.c -@@ -250,39 +250,3 @@ unsigned long get_wchan(struct task_struct *p) +@@ -236,39 +236,3 @@ unsigned long get_wchan(struct task_struct *p) } return 0; } @@ -7525,10 +7764,10 @@ index f9f3cd5..58ff438 100644 #endif /* _ASM_SCORE_EXEC_H */ diff --git a/arch/score/kernel/process.c b/arch/score/kernel/process.c -index 7956846..5f37677 100644 +index f4c6d02..e9355c3 100644 --- a/arch/score/kernel/process.c +++ b/arch/score/kernel/process.c -@@ -134,8 +134,3 @@ unsigned long get_wchan(struct task_struct *task) +@@ -116,8 +116,3 @@ unsigned long get_wchan(struct task_struct *task) return task_pt_regs(task)->cp0_epc; } @@ -8074,7 +8313,7 @@ index 9689176..63c18ea 100644 unsigned long mask, tmp1, tmp2, result; diff --git a/arch/sparc/include/asm/thread_info_32.h b/arch/sparc/include/asm/thread_info_32.h -index 25849ae..924c54b 100644 +index dd38075..e7cac83 100644 --- a/arch/sparc/include/asm/thread_info_32.h +++ b/arch/sparc/include/asm/thread_info_32.h @@ -49,6 +49,8 @@ struct thread_info { @@ -8087,7 +8326,7 @@ index 25849ae..924c54b 100644 /* diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h -index 269bd92..e46a9b8 100644 +index d5e5042..9bfee76 100644 --- a/arch/sparc/include/asm/thread_info_64.h +++ b/arch/sparc/include/asm/thread_info_64.h @@ -63,6 +63,8 @@ struct thread_info { @@ -8244,7 +8483,7 @@ index e562d3c..191f176 100644 ret = copy_to_user_fixup(to, from, size); return ret; diff --git a/arch/sparc/kernel/Makefile b/arch/sparc/kernel/Makefile -index 6cf591b..b49e65a 100644 +index d432fb2..6056af1 100644 --- a/arch/sparc/kernel/Makefile +++ b/arch/sparc/kernel/Makefile @@ -3,7 +3,7 @@ @@ -8256,11 +8495,32 @@ index 6cf591b..b49e65a 100644 extra-y := head_$(BITS).o +diff --git a/arch/sparc/kernel/ds.c b/arch/sparc/kernel/ds.c +index 5ef48da..11d460f 100644 +--- a/arch/sparc/kernel/ds.c ++++ b/arch/sparc/kernel/ds.c +@@ -783,6 +783,16 @@ void ldom_set_var(const char *var, const char *value) + char *base, *p; + int msg_len, loops; + ++ if (strlen(var) + strlen(value) + 2 > ++ sizeof(pkt) - sizeof(pkt.header)) { ++ printk(KERN_ERR PFX ++ "contents length: %zu, which more than max: %lu," ++ "so could not set (%s) variable to (%s).\n", ++ strlen(var) + strlen(value) + 2, ++ sizeof(pkt) - sizeof(pkt.header), var, value); ++ return; ++ } ++ + memset(&pkt, 0, sizeof(pkt)); + pkt.header.data.tag.type = DS_DATA; + pkt.header.data.handle = cp->handle; diff --git a/arch/sparc/kernel/process_32.c b/arch/sparc/kernel/process_32.c -index 62eede1..9c5b904 100644 +index fdd819d..5af08c8 100644 --- a/arch/sparc/kernel/process_32.c +++ b/arch/sparc/kernel/process_32.c -@@ -125,14 +125,14 @@ void show_regs(struct pt_regs *r) +@@ -116,14 +116,14 @@ void show_regs(struct pt_regs *r) printk("PSR: %08lx PC: %08lx NPC: %08lx Y: %08lx %s\n", r->psr, r->pc, r->npc, r->y, print_tainted()); @@ -8277,7 +8537,7 @@ index 62eede1..9c5b904 100644 printk("%%L: %08lx %08lx %08lx %08lx %08lx %08lx %08lx %08lx\n", rw->locals[0], rw->locals[1], rw->locals[2], rw->locals[3], -@@ -167,7 +167,7 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp) +@@ -160,7 +160,7 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp) rw = (struct reg_window32 *) fp; pc = rw->ins[7]; printk("[%08lx : ", pc); @@ -8287,10 +8547,10 @@ index 62eede1..9c5b904 100644 } while (++count < 16); printk("\n"); diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c -index cdb80b2..5ca141d 100644 +index baebab2..9cd13b1 100644 --- a/arch/sparc/kernel/process_64.c +++ b/arch/sparc/kernel/process_64.c -@@ -181,14 +181,14 @@ static void show_regwindow(struct pt_regs *regs) +@@ -158,7 +158,7 @@ static void show_regwindow(struct pt_regs *regs) printk("i4: %016lx i5: %016lx i6: %016lx i7: %016lx\n", rwk->ins[4], rwk->ins[5], rwk->ins[6], rwk->ins[7]); if (regs->tstate & TSTATE_PRIV) @@ -8299,7 +8559,8 @@ index cdb80b2..5ca141d 100644 } void show_regs(struct pt_regs *regs) - { +@@ -167,7 +167,7 @@ void show_regs(struct pt_regs *regs) + printk("TSTATE: %016lx TPC: %016lx TNPC: %016lx Y: %08x %s\n", regs->tstate, regs->tpc, regs->tnpc, regs->y, print_tainted()); - printk("TPC: <%pS>\n", (void *) regs->tpc); @@ -8307,7 +8568,7 @@ index cdb80b2..5ca141d 100644 printk("g0: %016lx g1: %016lx g2: %016lx g3: %016lx\n", regs->u_regs[0], regs->u_regs[1], regs->u_regs[2], regs->u_regs[3]); -@@ -201,7 +201,7 @@ void show_regs(struct pt_regs *regs) +@@ -180,7 +180,7 @@ void show_regs(struct pt_regs *regs) printk("o4: %016lx o5: %016lx sp: %016lx ret_pc: %016lx\n", regs->u_regs[12], regs->u_regs[13], regs->u_regs[14], regs->u_regs[15]); @@ -8316,7 +8577,7 @@ index cdb80b2..5ca141d 100644 show_regwindow(regs); show_stack(current, (unsigned long *) regs->u_regs[UREG_FP]); } -@@ -290,7 +290,7 @@ void arch_trigger_all_cpu_backtrace(void) +@@ -269,7 +269,7 @@ void arch_trigger_all_cpu_backtrace(void) ((tp && tp->task) ? tp->task->pid : -1)); if (gp->tstate & TSTATE_PRIV) { @@ -8326,10 +8587,10 @@ index cdb80b2..5ca141d 100644 (void *) gp->o7, (void *) gp->i7, diff --git a/arch/sparc/kernel/prom_common.c b/arch/sparc/kernel/prom_common.c -index 9f20566..67eb41b 100644 +index 79cc0d1..ec62734 100644 --- a/arch/sparc/kernel/prom_common.c +++ b/arch/sparc/kernel/prom_common.c -@@ -143,7 +143,7 @@ static int __init prom_common_nextprop(phandle node, char *prev, char *buf) +@@ -144,7 +144,7 @@ static int __init prom_common_nextprop(phandle node, char *prev, char *buf) unsigned int prom_early_allocated __initdata; @@ -8391,7 +8652,7 @@ index 3a8d184..49498a8 100644 info.flags = 0; info.length = len; diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c -index 708bc29..6bfdfad 100644 +index 2daaaa6..4fb84dc 100644 --- a/arch/sparc/kernel/sys_sparc_64.c +++ b/arch/sparc/kernel/sys_sparc_64.c @@ -90,13 +90,14 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi @@ -8512,7 +8773,12 @@ index 708bc29..6bfdfad 100644 info.high_limit = STACK_TOP32; addr = vm_unmapped_area(&info); } -@@ -264,6 +286,10 @@ static unsigned long mmap_rnd(void) +@@ -260,10 +282,14 @@ unsigned long get_fb_unmapped_area(struct file *filp, unsigned long orig_addr, u + EXPORT_SYMBOL(get_fb_unmapped_area); + + /* Essentially the same as PowerPC. */ +-static unsigned long mmap_rnd(void) ++static unsigned long mmap_rnd(struct mm_struct *mm) { unsigned long rnd = 0UL; @@ -8523,6 +8789,15 @@ index 708bc29..6bfdfad 100644 if (current->flags & PF_RANDOMIZE) { unsigned long val = get_random_int(); if (test_thread_flag(TIF_32BIT)) +@@ -276,7 +302,7 @@ static unsigned long mmap_rnd(void) + + void arch_pick_mmap_layout(struct mm_struct *mm) + { +- unsigned long random_factor = mmap_rnd(); ++ unsigned long random_factor = mmap_rnd(mm); + unsigned long gap; + + /* @@ -289,6 +315,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) gap == RLIM_INFINITY || sysctl_legacy_va_layout) { @@ -8636,7 +8911,7 @@ index 6629829..036032d 100644 } diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c -index 8d38ca9..845b1d6 100644 +index b3f833a..ac74b2d 100644 --- a/arch/sparc/kernel/traps_64.c +++ b/arch/sparc/kernel/traps_64.c @@ -76,7 +76,7 @@ static void dump_tl1_traplog(struct tl1_traplog *p) @@ -8746,7 +9021,7 @@ index 8d38ca9..845b1d6 100644 graph++; } } -@@ -2367,6 +2378,8 @@ static inline struct reg_window *kernel_stack_up(struct reg_window *rw) +@@ -2360,6 +2371,8 @@ static inline struct reg_window *kernel_stack_up(struct reg_window *rw) return (struct reg_window *) (fp + STACK_BIAS); } @@ -8755,7 +9030,7 @@ index 8d38ca9..845b1d6 100644 void die_if_kernel(char *str, struct pt_regs *regs) { static int die_counter; -@@ -2395,7 +2408,7 @@ void die_if_kernel(char *str, struct pt_regs *regs) +@@ -2388,7 +2401,7 @@ void die_if_kernel(char *str, struct pt_regs *regs) while (rw && count++ < 30 && kstack_valid(tp, (unsigned long) rw)) { @@ -8764,7 +9039,7 @@ index 8d38ca9..845b1d6 100644 (void *) rw->ins[7]); rw = kernel_stack_up(rw); -@@ -2408,8 +2421,10 @@ void die_if_kernel(char *str, struct pt_regs *regs) +@@ -2401,8 +2414,10 @@ void die_if_kernel(char *str, struct pt_regs *regs) } user_instruction_dump ((unsigned int __user *) regs->tpc); } @@ -8789,117 +9064,8 @@ index 8201c25e..072a2a7 100644 regs->tpc, (void *) regs->tpc); } } -diff --git a/arch/sparc/kernel/us3_cpufreq.c b/arch/sparc/kernel/us3_cpufreq.c -index eb1624b..55100de 100644 ---- a/arch/sparc/kernel/us3_cpufreq.c -+++ b/arch/sparc/kernel/us3_cpufreq.c -@@ -18,14 +18,12 @@ - #include - #include - --static struct cpufreq_driver *cpufreq_us3_driver; -- - struct us3_freq_percpu_info { - struct cpufreq_frequency_table table[4]; - }; - - /* Indexed by cpu number. */ --static struct us3_freq_percpu_info *us3_freq_table; -+static struct us3_freq_percpu_info us3_freq_table[NR_CPUS]; - - /* UltraSPARC-III has three dividers: 1, 2, and 32. These are controlled - * in the Safari config register. -@@ -191,12 +189,25 @@ static int __init us3_freq_cpu_init(struct cpufreq_policy *policy) - - static int us3_freq_cpu_exit(struct cpufreq_policy *policy) - { -- if (cpufreq_us3_driver) -- us3_set_cpu_divider_index(policy->cpu, 0); -+ us3_set_cpu_divider_index(policy->cpu, 0); - - return 0; - } - -+static int __init us3_freq_init(void); -+static void __exit us3_freq_exit(void); -+ -+static struct cpufreq_driver cpufreq_us3_driver = { -+ .init = us3_freq_cpu_init, -+ .verify = us3_freq_verify, -+ .target = us3_freq_target, -+ .get = us3_freq_get, -+ .exit = us3_freq_cpu_exit, -+ .owner = THIS_MODULE, -+ .name = "UltraSPARC-III", -+ -+}; -+ - static int __init us3_freq_init(void) - { - unsigned long manuf, impl, ver; -@@ -213,57 +224,15 @@ static int __init us3_freq_init(void) - (impl == CHEETAH_IMPL || - impl == CHEETAH_PLUS_IMPL || - impl == JAGUAR_IMPL || -- impl == PANTHER_IMPL)) { -- struct cpufreq_driver *driver; -- -- ret = -ENOMEM; -- driver = kzalloc(sizeof(struct cpufreq_driver), GFP_KERNEL); -- if (!driver) -- goto err_out; -- -- us3_freq_table = kzalloc( -- (NR_CPUS * sizeof(struct us3_freq_percpu_info)), -- GFP_KERNEL); -- if (!us3_freq_table) -- goto err_out; -- -- driver->init = us3_freq_cpu_init; -- driver->verify = us3_freq_verify; -- driver->target = us3_freq_target; -- driver->get = us3_freq_get; -- driver->exit = us3_freq_cpu_exit; -- driver->owner = THIS_MODULE, -- strcpy(driver->name, "UltraSPARC-III"); -- -- cpufreq_us3_driver = driver; -- ret = cpufreq_register_driver(driver); -- if (ret) -- goto err_out; -- -- return 0; -- --err_out: -- if (driver) { -- kfree(driver); -- cpufreq_us3_driver = NULL; -- } -- kfree(us3_freq_table); -- us3_freq_table = NULL; -- return ret; -- } -+ impl == PANTHER_IMPL)) -+ return cpufreq_register_driver(&cpufreq_us3_driver); - - return -ENODEV; - } - - static void __exit us3_freq_exit(void) - { -- if (cpufreq_us3_driver) { -- cpufreq_unregister_driver(cpufreq_us3_driver); -- kfree(cpufreq_us3_driver); -- cpufreq_us3_driver = NULL; -- kfree(us3_freq_table); -- us3_freq_table = NULL; -- } -+ cpufreq_unregister_driver(&cpufreq_us3_driver); - } - - MODULE_AUTHOR("David S. Miller "); diff --git a/arch/sparc/lib/Makefile b/arch/sparc/lib/Makefile -index 8410065f2..4fd4ca22 100644 +index dbe119b..089c7c1 100644 --- a/arch/sparc/lib/Makefile +++ b/arch/sparc/lib/Makefile @@ -2,7 +2,7 @@ @@ -9999,10 +10165,20 @@ index 5062ff3..e0b75f3 100644 * load/store/atomic was a write or not, it only says that there * was no match. So in such a case we (carefully) read the diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c -index d2b5944..bd813f2 100644 +index d2b5944..d878f3c 100644 --- a/arch/sparc/mm/hugetlbpage.c +++ b/arch/sparc/mm/hugetlbpage.c -@@ -38,7 +38,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp, +@@ -28,7 +28,8 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp, + unsigned long addr, + unsigned long len, + unsigned long pgoff, +- unsigned long flags) ++ unsigned long flags, ++ unsigned long offset) + { + unsigned long task_size = TASK_SIZE; + struct vm_unmapped_area_info info; +@@ -38,15 +39,22 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp, info.flags = 0; info.length = len; @@ -10011,7 +10187,9 @@ index d2b5944..bd813f2 100644 info.high_limit = min(task_size, VA_EXCLUDE_START); info.align_mask = PAGE_MASK & ~HPAGE_MASK; info.align_offset = 0; -@@ -47,6 +47,12 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp, ++ info.threadstack_offset = offset; + addr = vm_unmapped_area(&info); + if ((addr & ~PAGE_MASK) && task_size > VA_EXCLUDE_END) { VM_BUG_ON(addr != -ENOMEM); info.low_limit = VA_EXCLUDE_END; @@ -10024,7 +10202,25 @@ index d2b5944..bd813f2 100644 info.high_limit = task_size; addr = vm_unmapped_area(&info); } -@@ -85,6 +91,12 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -58,7 +66,8 @@ static unsigned long + hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + const unsigned long len, + const unsigned long pgoff, +- const unsigned long flags) ++ const unsigned long flags, ++ const unsigned long offset) + { + struct mm_struct *mm = current->mm; + unsigned long addr = addr0; +@@ -73,6 +82,7 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + info.high_limit = mm->mmap_base; + info.align_mask = PAGE_MASK & ~HPAGE_MASK; + info.align_offset = 0; ++ info.threadstack_offset = offset; + addr = vm_unmapped_area(&info); + + /* +@@ -85,6 +95,12 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, VM_BUG_ON(addr != -ENOMEM); info.flags = 0; info.low_limit = TASK_UNMAPPED_BASE; @@ -10037,7 +10233,7 @@ index d2b5944..bd813f2 100644 info.high_limit = STACK_TOP32; addr = vm_unmapped_area(&info); } -@@ -99,6 +111,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -99,6 +115,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, struct mm_struct *mm = current->mm; struct vm_area_struct *vma; unsigned long task_size = TASK_SIZE; @@ -10045,7 +10241,7 @@ index d2b5944..bd813f2 100644 if (test_thread_flag(TIF_32BIT)) task_size = STACK_TOP32; -@@ -114,11 +127,14 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -114,19 +131,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, return addr; } @@ -10062,6 +10258,16 @@ index d2b5944..bd813f2 100644 return addr; } if (mm->get_unmapped_area == arch_get_unmapped_area) + return hugetlb_get_unmapped_area_bottomup(file, addr, len, +- pgoff, flags); ++ pgoff, flags, offset); + else + return hugetlb_get_unmapped_area_topdown(file, addr, len, +- pgoff, flags); ++ pgoff, flags, offset); + } + + pte_t *huge_pte_alloc(struct mm_struct *mm, diff --git a/arch/tile/include/asm/atomic_64.h b/arch/tile/include/asm/atomic_64.h index f4500c6..889656c 100644 --- a/arch/tile/include/asm/atomic_64.h @@ -10102,10 +10308,10 @@ index a9a5299..0fce79e 100644 /* bytes per L2 cache line */ #define L2_CACHE_SHIFT CHIP_L2_LOG_LINE_SIZE() diff --git a/arch/tile/include/asm/uaccess.h b/arch/tile/include/asm/uaccess.h -index 9ab078a..d6635c2 100644 +index 8a082bc..7a6bf87 100644 --- a/arch/tile/include/asm/uaccess.h +++ b/arch/tile/include/asm/uaccess.h -@@ -403,9 +403,9 @@ static inline unsigned long __must_check copy_from_user(void *to, +@@ -408,9 +408,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { @@ -10223,10 +10429,10 @@ index 0032f92..cd151e0 100644 #ifdef CONFIG_64BIT #define set_pud(pudptr, pudval) set_64bit((u64 *) (pudptr), pud_val(pudval)) diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c -index b462b13..e7a19aa 100644 +index bbcef52..6a2a483 100644 --- a/arch/um/kernel/process.c +++ b/arch/um/kernel/process.c -@@ -386,22 +386,6 @@ int singlestepping(void * t) +@@ -367,22 +367,6 @@ int singlestepping(void * t) return 2; } @@ -10267,10 +10473,10 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 6ef2a37..74ad6ad 100644 +index fe120da..24177f7 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -243,7 +243,7 @@ config X86_HT +@@ -239,7 +239,7 @@ config X86_HT config X86_32_LAZY_GS def_bool y @@ -10279,7 +10485,7 @@ index 6ef2a37..74ad6ad 100644 config ARCH_HWEIGHT_CFLAGS string -@@ -1076,6 +1076,7 @@ config MICROCODE_EARLY +@@ -1073,6 +1073,7 @@ config MICROCODE_EARLY config X86_MSR tristate "/dev/cpu/*/msr - Model-specific register support" @@ -10287,7 +10493,7 @@ index 6ef2a37..74ad6ad 100644 ---help--- This device gives privileged processes access to the x86 Model-Specific Registers (MSRs). It is a character device with -@@ -1099,7 +1100,7 @@ choice +@@ -1096,7 +1097,7 @@ choice config NOHIGHMEM bool "off" @@ -10296,7 +10502,7 @@ index 6ef2a37..74ad6ad 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1136,7 +1137,7 @@ config NOHIGHMEM +@@ -1133,7 +1134,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -10305,7 +10511,7 @@ index 6ef2a37..74ad6ad 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1189,7 +1190,7 @@ config PAGE_OFFSET +@@ -1186,7 +1187,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -10314,7 +10520,7 @@ index 6ef2a37..74ad6ad 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1587,6 +1588,7 @@ config SECCOMP +@@ -1584,6 +1585,7 @@ config SECCOMP config CC_STACKPROTECTOR bool "Enable -fstack-protector buffer overflow detection" @@ -10322,7 +10528,7 @@ index 6ef2a37..74ad6ad 100644 ---help--- This option turns on the -fstack-protector GCC feature. This feature puts, at the beginning of functions, a canary value on -@@ -1706,6 +1708,8 @@ config X86_NEED_RELOCS +@@ -1703,6 +1705,8 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" if X86_32 default "0x1000000" @@ -10331,7 +10537,7 @@ index 6ef2a37..74ad6ad 100644 range 0x2000 0x1000000 ---help--- This value puts the alignment restrictions on physical address -@@ -1781,9 +1785,10 @@ config DEBUG_HOTPLUG_CPU0 +@@ -1778,9 +1782,10 @@ config DEBUG_HOTPLUG_CPU0 If unsure, say N. config COMPAT_VDSO @@ -10375,7 +10581,7 @@ index c026cca..14657ae 100644 config X86_MINIMUM_CPU_FAMILY int diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug -index b322f12..652d0d9 100644 +index c198b7e..63eea60 100644 --- a/arch/x86/Kconfig.debug +++ b/arch/x86/Kconfig.debug @@ -84,7 +84,7 @@ config X86_PTDUMP @@ -10396,15 +10602,6 @@ index b322f12..652d0d9 100644 ---help--- This option helps catch unintended modifications to loadable kernel module's text and read-only data. It also prevents execution -@@ -294,7 +294,7 @@ config OPTIMIZE_INLINING - - config DEBUG_STRICT_USER_COPY_CHECKS - bool "Strict copy size checks" -- depends on DEBUG_KERNEL && !TRACE_BRANCH_PROFILING -+ depends on DEBUG_KERNEL && !TRACE_BRANCH_PROFILING && !PAX_SIZE_OVERFLOW - ---help--- - Enabling this option turns a certain set of sanity checks for user - copy operations into compile time failures. diff --git a/arch/x86/Makefile b/arch/x86/Makefile index 5c47726..8c4fa67 100644 --- a/arch/x86/Makefile @@ -10503,7 +10700,7 @@ index 5ef205c..342191d 100644 KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ GCOV_PROFILE := n diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index 35ee62f..b6609b6 100644 +index d606463..b887794 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c @@ -150,7 +150,6 @@ again: @@ -10522,6 +10719,48 @@ index 35ee62f..b6609b6 100644 efi_call_phys1(sys_table->boottime->free_pool, map); fail: return status; +diff --git a/arch/x86/boot/compressed/efi_stub_32.S b/arch/x86/boot/compressed/efi_stub_32.S +index a53440e..c3dbf1e 100644 +--- a/arch/x86/boot/compressed/efi_stub_32.S ++++ b/arch/x86/boot/compressed/efi_stub_32.S +@@ -46,16 +46,13 @@ ENTRY(efi_call_phys) + * parameter 2, ..., param n. To make things easy, we save the return + * address of efi_call_phys in a global variable. + */ +- popl %ecx +- movl %ecx, saved_return_addr(%edx) +- /* get the function pointer into ECX*/ +- popl %ecx +- movl %ecx, efi_rt_function_ptr(%edx) ++ popl saved_return_addr(%edx) ++ popl efi_rt_function_ptr(%edx) + + /* + * 3. Call the physical function. + */ +- call *%ecx ++ call *efi_rt_function_ptr(%edx) + + /* + * 4. Balance the stack. And because EAX contain the return value, +@@ -67,15 +64,12 @@ ENTRY(efi_call_phys) + 1: popl %edx + subl $1b, %edx + +- movl efi_rt_function_ptr(%edx), %ecx +- pushl %ecx ++ pushl efi_rt_function_ptr(%edx) + + /* + * 10. Push the saved return address onto the stack and return. + */ +- movl saved_return_addr(%edx), %ecx +- pushl %ecx +- ret ++ jmpl *saved_return_addr(%edx) + ENDPROC(efi_call_phys) + .previous + diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S index 1e3184f..0d11e2e 100644 --- a/arch/x86/boot/compressed/head_32.S @@ -10555,7 +10794,7 @@ index 1e3184f..0d11e2e 100644 jmp 1b 2: diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S -index c1d383d..57ab51c 100644 +index 16f24e6..47491a3 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -97,7 +97,7 @@ ENTRY(startup_32) @@ -10789,7 +11028,7 @@ index 9105655..5e37f27 100644 movq r1,r2; \ movq r3,r4; \ diff --git a/arch/x86/crypto/aesni-intel_asm.S b/arch/x86/crypto/aesni-intel_asm.S -index 04b7977..402f223 100644 +index 477e9d7..3ab339f 100644 --- a/arch/x86/crypto/aesni-intel_asm.S +++ b/arch/x86/crypto/aesni-intel_asm.S @@ -31,6 +31,7 @@ @@ -10800,7 +11039,7 @@ index 04b7977..402f223 100644 #ifdef __x86_64__ .data -@@ -1435,6 +1436,7 @@ _return_T_done_decrypt: +@@ -1441,6 +1442,7 @@ _return_T_done_decrypt: pop %r14 pop %r13 pop %r12 @@ -10808,7 +11047,7 @@ index 04b7977..402f223 100644 ret ENDPROC(aesni_gcm_dec) -@@ -1699,6 +1701,7 @@ _return_T_done_encrypt: +@@ -1705,6 +1707,7 @@ _return_T_done_encrypt: pop %r14 pop %r13 pop %r12 @@ -10816,7 +11055,7 @@ index 04b7977..402f223 100644 ret ENDPROC(aesni_gcm_enc) -@@ -1716,6 +1719,7 @@ _key_expansion_256a: +@@ -1722,6 +1725,7 @@ _key_expansion_256a: pxor %xmm1, %xmm0 movaps %xmm0, (TKEYP) add $0x10, TKEYP @@ -10824,7 +11063,7 @@ index 04b7977..402f223 100644 ret ENDPROC(_key_expansion_128) ENDPROC(_key_expansion_256a) -@@ -1742,6 +1746,7 @@ _key_expansion_192a: +@@ -1748,6 +1752,7 @@ _key_expansion_192a: shufps $0b01001110, %xmm2, %xmm1 movaps %xmm1, 0x10(TKEYP) add $0x20, TKEYP @@ -10832,7 +11071,7 @@ index 04b7977..402f223 100644 ret ENDPROC(_key_expansion_192a) -@@ -1762,6 +1767,7 @@ _key_expansion_192b: +@@ -1768,6 +1773,7 @@ _key_expansion_192b: movaps %xmm0, (TKEYP) add $0x10, TKEYP @@ -10840,7 +11079,7 @@ index 04b7977..402f223 100644 ret ENDPROC(_key_expansion_192b) -@@ -1775,6 +1781,7 @@ _key_expansion_256b: +@@ -1781,6 +1787,7 @@ _key_expansion_256b: pxor %xmm1, %xmm2 movaps %xmm2, (TKEYP) add $0x10, TKEYP @@ -10848,7 +11087,7 @@ index 04b7977..402f223 100644 ret ENDPROC(_key_expansion_256b) -@@ -1888,6 +1895,7 @@ ENTRY(aesni_set_key) +@@ -1894,6 +1901,7 @@ ENTRY(aesni_set_key) #ifndef __x86_64__ popl KEYP #endif @@ -10856,7 +11095,7 @@ index 04b7977..402f223 100644 ret ENDPROC(aesni_set_key) -@@ -1910,6 +1918,7 @@ ENTRY(aesni_enc) +@@ -1916,6 +1924,7 @@ ENTRY(aesni_enc) popl KLEN popl KEYP #endif @@ -10864,7 +11103,7 @@ index 04b7977..402f223 100644 ret ENDPROC(aesni_enc) -@@ -1968,6 +1977,7 @@ _aesni_enc1: +@@ -1974,6 +1983,7 @@ _aesni_enc1: AESENC KEY STATE movaps 0x70(TKEYP), KEY AESENCLAST KEY STATE @@ -10872,7 +11111,7 @@ index 04b7977..402f223 100644 ret ENDPROC(_aesni_enc1) -@@ -2077,6 +2087,7 @@ _aesni_enc4: +@@ -2083,6 +2093,7 @@ _aesni_enc4: AESENCLAST KEY STATE2 AESENCLAST KEY STATE3 AESENCLAST KEY STATE4 @@ -10880,7 +11119,7 @@ index 04b7977..402f223 100644 ret ENDPROC(_aesni_enc4) -@@ -2100,6 +2111,7 @@ ENTRY(aesni_dec) +@@ -2106,6 +2117,7 @@ ENTRY(aesni_dec) popl KLEN popl KEYP #endif @@ -10888,7 +11127,7 @@ index 04b7977..402f223 100644 ret ENDPROC(aesni_dec) -@@ -2158,6 +2170,7 @@ _aesni_dec1: +@@ -2164,6 +2176,7 @@ _aesni_dec1: AESDEC KEY STATE movaps 0x70(TKEYP), KEY AESDECLAST KEY STATE @@ -10896,7 +11135,7 @@ index 04b7977..402f223 100644 ret ENDPROC(_aesni_dec1) -@@ -2267,6 +2280,7 @@ _aesni_dec4: +@@ -2273,6 +2286,7 @@ _aesni_dec4: AESDECLAST KEY STATE2 AESDECLAST KEY STATE3 AESDECLAST KEY STATE4 @@ -10904,7 +11143,7 @@ index 04b7977..402f223 100644 ret ENDPROC(_aesni_dec4) -@@ -2325,6 +2339,7 @@ ENTRY(aesni_ecb_enc) +@@ -2331,6 +2345,7 @@ ENTRY(aesni_ecb_enc) popl KEYP popl LEN #endif @@ -10912,7 +11151,7 @@ index 04b7977..402f223 100644 ret ENDPROC(aesni_ecb_enc) -@@ -2384,6 +2399,7 @@ ENTRY(aesni_ecb_dec) +@@ -2390,6 +2405,7 @@ ENTRY(aesni_ecb_dec) popl KEYP popl LEN #endif @@ -10920,7 +11159,7 @@ index 04b7977..402f223 100644 ret ENDPROC(aesni_ecb_dec) -@@ -2426,6 +2442,7 @@ ENTRY(aesni_cbc_enc) +@@ -2432,6 +2448,7 @@ ENTRY(aesni_cbc_enc) popl LEN popl IVP #endif @@ -10928,7 +11167,7 @@ index 04b7977..402f223 100644 ret ENDPROC(aesni_cbc_enc) -@@ -2517,6 +2534,7 @@ ENTRY(aesni_cbc_dec) +@@ -2523,6 +2540,7 @@ ENTRY(aesni_cbc_dec) popl LEN popl IVP #endif @@ -10936,7 +11175,7 @@ index 04b7977..402f223 100644 ret ENDPROC(aesni_cbc_dec) -@@ -2544,6 +2562,7 @@ _aesni_inc_init: +@@ -2550,6 +2568,7 @@ _aesni_inc_init: mov $1, TCTR_LOW MOVQ_R64_XMM TCTR_LOW INC MOVQ_R64_XMM CTR TCTR_LOW @@ -10944,7 +11183,7 @@ index 04b7977..402f223 100644 ret ENDPROC(_aesni_inc_init) -@@ -2573,6 +2592,7 @@ _aesni_inc: +@@ -2579,6 +2598,7 @@ _aesni_inc: .Linc_low: movaps CTR, IV PSHUFB_XMM BSWAP_MASK IV @@ -10952,14 +11191,73 @@ index 04b7977..402f223 100644 ret ENDPROC(_aesni_inc) -@@ -2634,6 +2654,7 @@ ENTRY(aesni_ctr_enc) +@@ -2640,6 +2660,7 @@ ENTRY(aesni_ctr_enc) .Lctr_enc_ret: movups IV, (IVP) .Lctr_enc_just_ret: + pax_force_retaddr 0, 1 ret ENDPROC(aesni_ctr_enc) - #endif + +@@ -2766,6 +2787,7 @@ ENTRY(aesni_xts_crypt8) + pxor INC, STATE4 + movdqu STATE4, 0x70(OUTP) + ++ pax_force_retaddr 0, 1 + ret + ENDPROC(aesni_xts_crypt8) + +diff --git a/arch/x86/crypto/blowfish-avx2-asm_64.S b/arch/x86/crypto/blowfish-avx2-asm_64.S +index 784452e..46982c7 100644 +--- a/arch/x86/crypto/blowfish-avx2-asm_64.S ++++ b/arch/x86/crypto/blowfish-avx2-asm_64.S +@@ -221,6 +221,7 @@ __blowfish_enc_blk32: + + write_block(RXl, RXr); + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(__blowfish_enc_blk32) + +@@ -250,6 +251,7 @@ __blowfish_dec_blk32: + + write_block(RXl, RXr); + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(__blowfish_dec_blk32) + +@@ -284,6 +286,7 @@ ENTRY(blowfish_ecb_enc_32way) + + vzeroupper; + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(blowfish_ecb_enc_32way) + +@@ -318,6 +321,7 @@ ENTRY(blowfish_ecb_dec_32way) + + vzeroupper; + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(blowfish_ecb_dec_32way) + +@@ -365,6 +369,7 @@ ENTRY(blowfish_cbc_dec_32way) + + vzeroupper; + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(blowfish_cbc_dec_32way) + +@@ -445,5 +450,6 @@ ENTRY(blowfish_ctr_32way) + + vzeroupper; + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(blowfish_ctr_32way) diff --git a/arch/x86/crypto/blowfish-x86_64-asm_64.S b/arch/x86/crypto/blowfish-x86_64-asm_64.S index 246c670..4d1ed00 100644 --- a/arch/x86/crypto/blowfish-x86_64-asm_64.S @@ -11015,6 +11313,174 @@ index 246c670..4d1ed00 100644 + pax_force_retaddr 0, 1 ret; ENDPROC(blowfish_dec_blk_4way) +diff --git a/arch/x86/crypto/camellia-aesni-avx-asm_64.S b/arch/x86/crypto/camellia-aesni-avx-asm_64.S +index ce71f92..2dd5b1e 100644 +--- a/arch/x86/crypto/camellia-aesni-avx-asm_64.S ++++ b/arch/x86/crypto/camellia-aesni-avx-asm_64.S +@@ -16,6 +16,7 @@ + */ + + #include ++#include + + #define CAMELLIA_TABLE_BYTE_LEN 272 + +@@ -191,6 +192,7 @@ roundsm16_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd: + roundsm16(%xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, + %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, %xmm15, + %rcx, (%r9)); ++ pax_force_retaddr_bts + ret; + ENDPROC(roundsm16_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd) + +@@ -199,6 +201,7 @@ roundsm16_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab: + roundsm16(%xmm4, %xmm5, %xmm6, %xmm7, %xmm0, %xmm1, %xmm2, %xmm3, + %xmm12, %xmm13, %xmm14, %xmm15, %xmm8, %xmm9, %xmm10, %xmm11, + %rax, (%r9)); ++ pax_force_retaddr_bts + ret; + ENDPROC(roundsm16_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab) + +@@ -780,6 +783,7 @@ __camellia_enc_blk16: + %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, (key_table)(CTX, %r8, 8), (%rax), 1 * 16(%rax)); + ++ pax_force_retaddr_bts + ret; + + .align 8 +@@ -865,6 +869,7 @@ __camellia_dec_blk16: + %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, + %xmm15, (key_table)(CTX), (%rax), 1 * 16(%rax)); + ++ pax_force_retaddr_bts + ret; + + .align 8 +@@ -904,6 +909,7 @@ ENTRY(camellia_ecb_enc_16way) + %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9, + %xmm8, %rsi); + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(camellia_ecb_enc_16way) + +@@ -932,6 +938,7 @@ ENTRY(camellia_ecb_dec_16way) + %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9, + %xmm8, %rsi); + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(camellia_ecb_dec_16way) + +@@ -981,6 +988,7 @@ ENTRY(camellia_cbc_dec_16way) + %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9, + %xmm8, %rsi); + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(camellia_cbc_dec_16way) + +@@ -1092,6 +1100,7 @@ ENTRY(camellia_ctr_16way) + %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9, + %xmm8, %rsi); + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(camellia_ctr_16way) + +@@ -1234,6 +1243,7 @@ camellia_xts_crypt_16way: + %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9, + %xmm8, %rsi); + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(camellia_xts_crypt_16way) + +diff --git a/arch/x86/crypto/camellia-aesni-avx2-asm_64.S b/arch/x86/crypto/camellia-aesni-avx2-asm_64.S +index 91a1878..bcf340a 100644 +--- a/arch/x86/crypto/camellia-aesni-avx2-asm_64.S ++++ b/arch/x86/crypto/camellia-aesni-avx2-asm_64.S +@@ -11,6 +11,7 @@ + */ + + #include ++#include + + #define CAMELLIA_TABLE_BYTE_LEN 272 + +@@ -212,6 +213,7 @@ roundsm32_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd: + roundsm32(%ymm0, %ymm1, %ymm2, %ymm3, %ymm4, %ymm5, %ymm6, %ymm7, + %ymm8, %ymm9, %ymm10, %ymm11, %ymm12, %ymm13, %ymm14, %ymm15, + %rcx, (%r9)); ++ pax_force_retaddr_bts + ret; + ENDPROC(roundsm32_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd) + +@@ -220,6 +222,7 @@ roundsm32_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab: + roundsm32(%ymm4, %ymm5, %ymm6, %ymm7, %ymm0, %ymm1, %ymm2, %ymm3, + %ymm12, %ymm13, %ymm14, %ymm15, %ymm8, %ymm9, %ymm10, %ymm11, + %rax, (%r9)); ++ pax_force_retaddr_bts + ret; + ENDPROC(roundsm32_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab) + +@@ -802,6 +805,7 @@ __camellia_enc_blk32: + %ymm8, %ymm9, %ymm10, %ymm11, %ymm12, %ymm13, %ymm14, + %ymm15, (key_table)(CTX, %r8, 8), (%rax), 1 * 32(%rax)); + ++ pax_force_retaddr_bts + ret; + + .align 8 +@@ -887,6 +891,7 @@ __camellia_dec_blk32: + %ymm8, %ymm9, %ymm10, %ymm11, %ymm12, %ymm13, %ymm14, + %ymm15, (key_table)(CTX), (%rax), 1 * 32(%rax)); + ++ pax_force_retaddr_bts + ret; + + .align 8 +@@ -930,6 +935,7 @@ ENTRY(camellia_ecb_enc_32way) + + vzeroupper; + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(camellia_ecb_enc_32way) + +@@ -962,6 +968,7 @@ ENTRY(camellia_ecb_dec_32way) + + vzeroupper; + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(camellia_ecb_dec_32way) + +@@ -1028,6 +1035,7 @@ ENTRY(camellia_cbc_dec_32way) + + vzeroupper; + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(camellia_cbc_dec_32way) + +@@ -1166,6 +1174,7 @@ ENTRY(camellia_ctr_32way) + + vzeroupper; + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(camellia_ctr_32way) + +@@ -1331,6 +1340,7 @@ camellia_xts_crypt_32way: + + vzeroupper; + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(camellia_xts_crypt_32way) + diff --git a/arch/x86/crypto/camellia-x86_64-asm_64.S b/arch/x86/crypto/camellia-x86_64-asm_64.S index 310319c..ce174a4 100644 --- a/arch/x86/crypto/camellia-x86_64-asm_64.S @@ -11133,7 +11599,7 @@ index c35fd5d..c1ee236 100644 ret; ENDPROC(cast5_ctr_16way) diff --git a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S -index f93b610..c09bf40 100644 +index e3531f8..18ded3a 100644 --- a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S @@ -24,6 +24,7 @@ @@ -11144,7 +11610,7 @@ index f93b610..c09bf40 100644 #include "glue_helper-asm-avx.S" .file "cast6-avx-x86_64-asm_64.S" -@@ -293,6 +294,7 @@ __cast6_enc_blk8: +@@ -295,6 +296,7 @@ __cast6_enc_blk8: outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM); outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM); @@ -11152,7 +11618,7 @@ index f93b610..c09bf40 100644 ret; ENDPROC(__cast6_enc_blk8) -@@ -338,6 +340,7 @@ __cast6_dec_blk8: +@@ -340,6 +342,7 @@ __cast6_dec_blk8: outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM); outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM); @@ -11160,7 +11626,7 @@ index f93b610..c09bf40 100644 ret; ENDPROC(__cast6_dec_blk8) -@@ -356,6 +359,7 @@ ENTRY(cast6_ecb_enc_8way) +@@ -358,6 +361,7 @@ ENTRY(cast6_ecb_enc_8way) store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); @@ -11168,7 +11634,7 @@ index f93b610..c09bf40 100644 ret; ENDPROC(cast6_ecb_enc_8way) -@@ -374,6 +378,7 @@ ENTRY(cast6_ecb_dec_8way) +@@ -376,6 +380,7 @@ ENTRY(cast6_ecb_dec_8way) store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); @@ -11176,7 +11642,7 @@ index f93b610..c09bf40 100644 ret; ENDPROC(cast6_ecb_dec_8way) -@@ -397,6 +402,7 @@ ENTRY(cast6_cbc_dec_8way) +@@ -399,6 +404,7 @@ ENTRY(cast6_cbc_dec_8way) popq %r12; @@ -11184,13 +11650,92 @@ index f93b610..c09bf40 100644 ret; ENDPROC(cast6_cbc_dec_8way) -@@ -422,5 +428,6 @@ ENTRY(cast6_ctr_8way) +@@ -424,6 +430,7 @@ ENTRY(cast6_ctr_8way) popq %r12; + pax_force_retaddr ret; ENDPROC(cast6_ctr_8way) + +@@ -446,6 +453,7 @@ ENTRY(cast6_xts_enc_8way) + /* dst <= regs xor IVs(in dst) */ + store_xts_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + ++ pax_force_retaddr + ret; + ENDPROC(cast6_xts_enc_8way) + +@@ -468,5 +476,6 @@ ENTRY(cast6_xts_dec_8way) + /* dst <= regs xor IVs(in dst) */ + store_xts_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + ++ pax_force_retaddr + ret; + ENDPROC(cast6_xts_dec_8way) +diff --git a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S +index dbc4339..3d868c5 100644 +--- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S ++++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S +@@ -45,6 +45,7 @@ + + #include + #include ++#include + + ## ISCSI CRC 32 Implementation with crc32 and pclmulqdq Instruction + +@@ -312,6 +313,7 @@ do_return: + popq %rsi + popq %rdi + popq %rbx ++ pax_force_retaddr 0, 1 + ret + + ################################################################ +diff --git a/arch/x86/crypto/ghash-clmulni-intel_asm.S b/arch/x86/crypto/ghash-clmulni-intel_asm.S +index 586f41a..d02851e 100644 +--- a/arch/x86/crypto/ghash-clmulni-intel_asm.S ++++ b/arch/x86/crypto/ghash-clmulni-intel_asm.S +@@ -18,6 +18,7 @@ + + #include + #include ++#include + + .data + +@@ -93,6 +94,7 @@ __clmul_gf128mul_ble: + psrlq $1, T2 + pxor T2, T1 + pxor T1, DATA ++ pax_force_retaddr + ret + ENDPROC(__clmul_gf128mul_ble) + +@@ -105,6 +107,7 @@ ENTRY(clmul_ghash_mul) + call __clmul_gf128mul_ble + PSHUFB_XMM BSWAP DATA + movups DATA, (%rdi) ++ pax_force_retaddr + ret + ENDPROC(clmul_ghash_mul) + +@@ -132,6 +135,7 @@ ENTRY(clmul_ghash_update) + PSHUFB_XMM BSWAP DATA + movups DATA, (%rdi) + .Lupdate_just_ret: ++ pax_force_retaddr + ret + ENDPROC(clmul_ghash_update) + +@@ -157,5 +161,6 @@ ENTRY(clmul_ghash_setkey) + pand .Lpoly, %xmm1 + pxor %xmm1, %xmm0 + movups %xmm0, (%rdi) ++ pax_force_retaddr + ret + ENDPROC(clmul_ghash_setkey) diff --git a/arch/x86/crypto/salsa20-x86_64-asm_64.S b/arch/x86/crypto/salsa20-x86_64-asm_64.S index 9279e0b..9270820 100644 --- a/arch/x86/crypto/salsa20-x86_64-asm_64.S @@ -11225,10 +11770,10 @@ index 9279e0b..9270820 100644 ret ENDPROC(salsa20_ivsetup) diff --git a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S -index 43c9386..a0e2d60 100644 +index 2f202f4..d9164d6 100644 --- a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S -@@ -25,6 +25,7 @@ +@@ -24,6 +24,7 @@ */ #include @@ -11236,7 +11781,7 @@ index 43c9386..a0e2d60 100644 #include "glue_helper-asm-avx.S" .file "serpent-avx-x86_64-asm_64.S" -@@ -617,6 +618,7 @@ __serpent_enc_blk8_avx: +@@ -618,6 +619,7 @@ __serpent_enc_blk8_avx: write_blocks(RA1, RB1, RC1, RD1, RK0, RK1, RK2); write_blocks(RA2, RB2, RC2, RD2, RK0, RK1, RK2); @@ -11244,7 +11789,7 @@ index 43c9386..a0e2d60 100644 ret; ENDPROC(__serpent_enc_blk8_avx) -@@ -671,6 +673,7 @@ __serpent_dec_blk8_avx: +@@ -672,6 +674,7 @@ __serpent_dec_blk8_avx: write_blocks(RC1, RD1, RB1, RE1, RK0, RK1, RK2); write_blocks(RC2, RD2, RB2, RE2, RK0, RK1, RK2); @@ -11252,7 +11797,7 @@ index 43c9386..a0e2d60 100644 ret; ENDPROC(__serpent_dec_blk8_avx) -@@ -687,6 +690,7 @@ ENTRY(serpent_ecb_enc_8way_avx) +@@ -688,6 +691,7 @@ ENTRY(serpent_ecb_enc_8way_avx) store_8way(%rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); @@ -11260,7 +11805,7 @@ index 43c9386..a0e2d60 100644 ret; ENDPROC(serpent_ecb_enc_8way_avx) -@@ -703,6 +707,7 @@ ENTRY(serpent_ecb_dec_8way_avx) +@@ -704,6 +708,7 @@ ENTRY(serpent_ecb_dec_8way_avx) store_8way(%rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2); @@ -11268,7 +11813,7 @@ index 43c9386..a0e2d60 100644 ret; ENDPROC(serpent_ecb_dec_8way_avx) -@@ -719,6 +724,7 @@ ENTRY(serpent_cbc_dec_8way_avx) +@@ -720,6 +725,7 @@ ENTRY(serpent_cbc_dec_8way_avx) store_cbc_8way(%rdx, %rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2); @@ -11276,13 +11821,104 @@ index 43c9386..a0e2d60 100644 ret; ENDPROC(serpent_cbc_dec_8way_avx) -@@ -737,5 +743,6 @@ ENTRY(serpent_ctr_8way_avx) +@@ -738,6 +744,7 @@ ENTRY(serpent_ctr_8way_avx) store_ctr_8way(%rdx, %rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + pax_force_retaddr ret; ENDPROC(serpent_ctr_8way_avx) + +@@ -758,6 +765,7 @@ ENTRY(serpent_xts_enc_8way_avx) + /* dst <= regs xor IVs(in dst) */ + store_xts_8way(%rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + ++ pax_force_retaddr + ret; + ENDPROC(serpent_xts_enc_8way_avx) + +@@ -778,5 +786,6 @@ ENTRY(serpent_xts_dec_8way_avx) + /* dst <= regs xor IVs(in dst) */ + store_xts_8way(%rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2); + ++ pax_force_retaddr + ret; + ENDPROC(serpent_xts_dec_8way_avx) +diff --git a/arch/x86/crypto/serpent-avx2-asm_64.S b/arch/x86/crypto/serpent-avx2-asm_64.S +index b222085..abd483c 100644 +--- a/arch/x86/crypto/serpent-avx2-asm_64.S ++++ b/arch/x86/crypto/serpent-avx2-asm_64.S +@@ -15,6 +15,7 @@ + */ + + #include ++#include + #include "glue_helper-asm-avx2.S" + + .file "serpent-avx2-asm_64.S" +@@ -610,6 +611,7 @@ __serpent_enc_blk16: + write_blocks(RA1, RB1, RC1, RD1, RK0, RK1, RK2); + write_blocks(RA2, RB2, RC2, RD2, RK0, RK1, RK2); + ++ pax_force_retaddr + ret; + ENDPROC(__serpent_enc_blk16) + +@@ -664,6 +666,7 @@ __serpent_dec_blk16: + write_blocks(RC1, RD1, RB1, RE1, RK0, RK1, RK2); + write_blocks(RC2, RD2, RB2, RE2, RK0, RK1, RK2); + ++ pax_force_retaddr + ret; + ENDPROC(__serpent_dec_blk16) + +@@ -684,6 +687,7 @@ ENTRY(serpent_ecb_enc_16way) + + vzeroupper; + ++ pax_force_retaddr + ret; + ENDPROC(serpent_ecb_enc_16way) + +@@ -704,6 +708,7 @@ ENTRY(serpent_ecb_dec_16way) + + vzeroupper; + ++ pax_force_retaddr + ret; + ENDPROC(serpent_ecb_dec_16way) + +@@ -725,6 +730,7 @@ ENTRY(serpent_cbc_dec_16way) + + vzeroupper; + ++ pax_force_retaddr + ret; + ENDPROC(serpent_cbc_dec_16way) + +@@ -748,6 +754,7 @@ ENTRY(serpent_ctr_16way) + + vzeroupper; + ++ pax_force_retaddr + ret; + ENDPROC(serpent_ctr_16way) + +@@ -772,6 +779,7 @@ ENTRY(serpent_xts_enc_16way) + + vzeroupper; + ++ pax_force_retaddr + ret; + ENDPROC(serpent_xts_enc_16way) + +@@ -796,5 +804,6 @@ ENTRY(serpent_xts_dec_16way) + + vzeroupper; + ++ pax_force_retaddr + ret; + ENDPROC(serpent_xts_dec_16way) diff --git a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S index acc066c..1559cc4 100644 --- a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S @@ -11337,8 +11973,128 @@ index a410950..3356d42 100644 ret ENDPROC(\name) +diff --git a/arch/x86/crypto/sha256-avx-asm.S b/arch/x86/crypto/sha256-avx-asm.S +index 642f156..4ab07b9 100644 +--- a/arch/x86/crypto/sha256-avx-asm.S ++++ b/arch/x86/crypto/sha256-avx-asm.S +@@ -49,6 +49,7 @@ + + #ifdef CONFIG_AS_AVX + #include ++#include + + ## assume buffers not aligned + #define VMOVDQ vmovdqu +@@ -460,6 +461,7 @@ done_hash: + popq %r13 + popq %rbp + popq %rbx ++ pax_force_retaddr 0, 1 + ret + ENDPROC(sha256_transform_avx) + +diff --git a/arch/x86/crypto/sha256-avx2-asm.S b/arch/x86/crypto/sha256-avx2-asm.S +index 9e86944..2e7f95a 100644 +--- a/arch/x86/crypto/sha256-avx2-asm.S ++++ b/arch/x86/crypto/sha256-avx2-asm.S +@@ -50,6 +50,7 @@ + + #ifdef CONFIG_AS_AVX2 + #include ++#include + + ## assume buffers not aligned + #define VMOVDQ vmovdqu +@@ -720,6 +721,7 @@ done_hash: + popq %r12 + popq %rbp + popq %rbx ++ pax_force_retaddr 0, 1 + ret + ENDPROC(sha256_transform_rorx) + +diff --git a/arch/x86/crypto/sha256-ssse3-asm.S b/arch/x86/crypto/sha256-ssse3-asm.S +index f833b74..c36ed14 100644 +--- a/arch/x86/crypto/sha256-ssse3-asm.S ++++ b/arch/x86/crypto/sha256-ssse3-asm.S +@@ -47,6 +47,7 @@ + ######################################################################## + + #include ++#include + + ## assume buffers not aligned + #define MOVDQ movdqu +@@ -471,6 +472,7 @@ done_hash: + popq %rbp + popq %rbx + ++ pax_force_retaddr 0, 1 + ret + ENDPROC(sha256_transform_ssse3) + +diff --git a/arch/x86/crypto/sha512-avx-asm.S b/arch/x86/crypto/sha512-avx-asm.S +index 974dde9..4533d34 100644 +--- a/arch/x86/crypto/sha512-avx-asm.S ++++ b/arch/x86/crypto/sha512-avx-asm.S +@@ -49,6 +49,7 @@ + + #ifdef CONFIG_AS_AVX + #include ++#include + + .text + +@@ -364,6 +365,7 @@ updateblock: + mov frame_RSPSAVE(%rsp), %rsp + + nowork: ++ pax_force_retaddr 0, 1 + ret + ENDPROC(sha512_transform_avx) + +diff --git a/arch/x86/crypto/sha512-avx2-asm.S b/arch/x86/crypto/sha512-avx2-asm.S +index 568b961..061ef1d 100644 +--- a/arch/x86/crypto/sha512-avx2-asm.S ++++ b/arch/x86/crypto/sha512-avx2-asm.S +@@ -51,6 +51,7 @@ + + #ifdef CONFIG_AS_AVX2 + #include ++#include + + .text + +@@ -678,6 +679,7 @@ done_hash: + + # Restore Stack Pointer + mov frame_RSPSAVE(%rsp), %rsp ++ pax_force_retaddr 0, 1 + ret + ENDPROC(sha512_transform_rorx) + +diff --git a/arch/x86/crypto/sha512-ssse3-asm.S b/arch/x86/crypto/sha512-ssse3-asm.S +index fb56855..e23914f 100644 +--- a/arch/x86/crypto/sha512-ssse3-asm.S ++++ b/arch/x86/crypto/sha512-ssse3-asm.S +@@ -48,6 +48,7 @@ + ######################################################################## + + #include ++#include + + .text + +@@ -363,6 +364,7 @@ updateblock: + mov frame_RSPSAVE(%rsp), %rsp + + nowork: ++ pax_force_retaddr 0, 1 + ret + ENDPROC(sha512_transform_ssse3) + diff --git a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S -index 8d3e113..898b161 100644 +index 0505813..63b1d00 100644 --- a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S @@ -24,6 +24,7 @@ @@ -11349,7 +12105,7 @@ index 8d3e113..898b161 100644 #include "glue_helper-asm-avx.S" .file "twofish-avx-x86_64-asm_64.S" -@@ -282,6 +283,7 @@ __twofish_enc_blk8: +@@ -284,6 +285,7 @@ __twofish_enc_blk8: outunpack_blocks(RC1, RD1, RA1, RB1, RK1, RX0, RY0, RK2); outunpack_blocks(RC2, RD2, RA2, RB2, RK1, RX0, RY0, RK2); @@ -11357,7 +12113,7 @@ index 8d3e113..898b161 100644 ret; ENDPROC(__twofish_enc_blk8) -@@ -322,6 +324,7 @@ __twofish_dec_blk8: +@@ -324,6 +326,7 @@ __twofish_dec_blk8: outunpack_blocks(RA1, RB1, RC1, RD1, RK1, RX0, RY0, RK2); outunpack_blocks(RA2, RB2, RC2, RD2, RK1, RX0, RY0, RK2); @@ -11365,7 +12121,7 @@ index 8d3e113..898b161 100644 ret; ENDPROC(__twofish_dec_blk8) -@@ -340,6 +343,7 @@ ENTRY(twofish_ecb_enc_8way) +@@ -342,6 +345,7 @@ ENTRY(twofish_ecb_enc_8way) store_8way(%r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2); @@ -11373,7 +12129,7 @@ index 8d3e113..898b161 100644 ret; ENDPROC(twofish_ecb_enc_8way) -@@ -358,6 +362,7 @@ ENTRY(twofish_ecb_dec_8way) +@@ -360,6 +364,7 @@ ENTRY(twofish_ecb_dec_8way) store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); @@ -11381,7 +12137,7 @@ index 8d3e113..898b161 100644 ret; ENDPROC(twofish_ecb_dec_8way) -@@ -381,6 +386,7 @@ ENTRY(twofish_cbc_dec_8way) +@@ -383,6 +388,7 @@ ENTRY(twofish_cbc_dec_8way) popq %r12; @@ -11389,13 +12145,97 @@ index 8d3e113..898b161 100644 ret; ENDPROC(twofish_cbc_dec_8way) -@@ -406,5 +412,6 @@ ENTRY(twofish_ctr_8way) +@@ -408,6 +414,7 @@ ENTRY(twofish_ctr_8way) popq %r12; + pax_force_retaddr 0, 1 ret; ENDPROC(twofish_ctr_8way) + +@@ -430,6 +437,7 @@ ENTRY(twofish_xts_enc_8way) + /* dst <= regs xor IVs(in dst) */ + store_xts_8way(%r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2); + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(twofish_xts_enc_8way) + +@@ -452,5 +460,6 @@ ENTRY(twofish_xts_dec_8way) + /* dst <= regs xor IVs(in dst) */ + store_xts_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(twofish_xts_dec_8way) +diff --git a/arch/x86/crypto/twofish-avx2-asm_64.S b/arch/x86/crypto/twofish-avx2-asm_64.S +index e1a83b9..33006b9 100644 +--- a/arch/x86/crypto/twofish-avx2-asm_64.S ++++ b/arch/x86/crypto/twofish-avx2-asm_64.S +@@ -11,6 +11,7 @@ + */ + + #include ++#include + #include "glue_helper-asm-avx2.S" + + .file "twofish-avx2-asm_64.S" +@@ -422,6 +423,7 @@ __twofish_enc_blk16: + outunpack_enc16(RA, RB, RC, RD); + write_blocks16(RA, RB, RC, RD); + ++ pax_force_retaddr_bts + ret; + ENDPROC(__twofish_enc_blk16) + +@@ -454,6 +456,7 @@ __twofish_dec_blk16: + outunpack_dec16(RA, RB, RC, RD); + write_blocks16(RA, RB, RC, RD); + ++ pax_force_retaddr_bts + ret; + ENDPROC(__twofish_dec_blk16) + +@@ -476,6 +479,7 @@ ENTRY(twofish_ecb_enc_16way) + popq %r12; + vzeroupper; + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(twofish_ecb_enc_16way) + +@@ -498,6 +502,7 @@ ENTRY(twofish_ecb_dec_16way) + popq %r12; + vzeroupper; + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(twofish_ecb_dec_16way) + +@@ -521,6 +526,7 @@ ENTRY(twofish_cbc_dec_16way) + popq %r12; + vzeroupper; + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(twofish_cbc_dec_16way) + +@@ -546,6 +552,7 @@ ENTRY(twofish_ctr_16way) + popq %r12; + vzeroupper; + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(twofish_ctr_16way) + +@@ -574,6 +581,7 @@ twofish_xts_crypt_16way: + popq %r12; + vzeroupper; + ++ pax_force_retaddr 0, 1 + ret; + ENDPROC(twofish_xts_crypt_16way) + diff --git a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S index 1c3b7ce..b365c5e 100644 --- a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S @@ -11459,7 +12299,7 @@ index a039d21..29e7615 100644 ret ENDPROC(twofish_dec_blk) diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c -index 03abf9b..a42ba29 100644 +index 52ff81c..98af645 100644 --- a/arch/x86/ia32/ia32_aout.c +++ b/arch/x86/ia32/ia32_aout.c @@ -159,6 +159,8 @@ static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file, @@ -11472,7 +12312,7 @@ index 03abf9b..a42ba29 100644 set_fs(KERNEL_DS); has_dumped = 1; diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c -index cf1a471..3bc4cf8 100644 +index cf1a471..5ba2673 100644 --- a/arch/x86/ia32/ia32_signal.c +++ b/arch/x86/ia32/ia32_signal.c @@ -340,7 +340,7 @@ static void __user *get_sigframe(struct ksignal *ksig, struct pt_regs *regs, @@ -11502,7 +12342,12 @@ index cf1a471..3bc4cf8 100644 }; frame = get_sigframe(ksig, regs, sizeof(*frame), &fpstate); -@@ -463,16 +463,18 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig, +@@ -459,20 +459,22 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig, + else + put_user_ex(0, &frame->uc.uc_flags); + put_user_ex(0, &frame->uc.uc_link); +- err |= __compat_save_altstack(&frame->uc.uc_stack, regs->sp); ++ __compat_save_altstack_ex(&frame->uc.uc_stack, regs->sp); if (ksig->ka.sa.sa_flags & SA_RESTORER) restorer = ksig->ka.sa.sa_restorer; @@ -11525,7 +12370,7 @@ index cf1a471..3bc4cf8 100644 err |= copy_siginfo_to_user32(&frame->info, &ksig->info); diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S -index 474dc1b..be7bff5 100644 +index 474dc1b..9297c58 100644 --- a/arch/x86/ia32/ia32entry.S +++ b/arch/x86/ia32/ia32entry.S @@ -15,8 +15,10 @@ @@ -11563,11 +12408,11 @@ index 474dc1b..be7bff5 100644 +#endif + .endm + -+.macro pax_erase_kstack ++ .macro pax_erase_kstack +#ifdef CONFIG_PAX_MEMORY_STACKLEAK + call pax_erase_kstack +#endif -+.endm ++ .endm + /* * 32bit SYSENTER instruction entry. @@ -11585,7 +12430,7 @@ index 474dc1b..be7bff5 100644 movl %ebp,%ebp /* zero extension */ pushq_cfi $__USER32_DS /*CFI_REL_OFFSET ss,0*/ -@@ -135,24 +157,44 @@ ENTRY(ia32_sysenter_target) +@@ -135,24 +157,49 @@ ENTRY(ia32_sysenter_target) CFI_REL_OFFSET rsp,0 pushfq_cfi /*CFI_REL_OFFSET rflags,0*/ @@ -11619,8 +12464,8 @@ index 474dc1b..be7bff5 100644 32bit zero extended */ + +#ifdef CONFIG_PAX_MEMORY_UDEREF -+ mov pax_user_shadow_base,%r11 -+ add %r11,%rbp ++ addq pax_user_shadow_base,%rbp ++ ASM_PAX_OPEN_USERLAND +#endif + ASM_STAC @@ -11629,13 +12474,18 @@ index 474dc1b..be7bff5 100644 ASM_CLAC - orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) - testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ ASM_PAX_CLOSE_USERLAND ++#endif ++ + GET_THREAD_INFO(%r11) + orl $TS_COMPAT,TI_status(%r11) + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11) CFI_REMEMBER_STATE jnz sysenter_tracesys cmpq $(IA32_NR_syscalls-1),%rax -@@ -162,12 +204,15 @@ sysenter_do_call: +@@ -162,12 +209,15 @@ sysenter_do_call: sysenter_dispatch: call *ia32_sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) @@ -11653,7 +12503,7 @@ index 474dc1b..be7bff5 100644 /* clear IF, that popfq doesn't enable interrupts early */ andl $~0x200,EFLAGS-R11(%rsp) movl RIP-R11(%rsp),%edx /* User %eip */ -@@ -193,6 +238,9 @@ sysexit_from_sys_call: +@@ -193,6 +243,9 @@ sysexit_from_sys_call: movl %eax,%esi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */ call __audit_syscall_entry @@ -11663,7 +12513,7 @@ index 474dc1b..be7bff5 100644 movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */ cmpq $(IA32_NR_syscalls-1),%rax ja ia32_badsys -@@ -204,7 +252,7 @@ sysexit_from_sys_call: +@@ -204,7 +257,7 @@ sysexit_from_sys_call: .endm .macro auditsys_exit exit @@ -11672,7 +12522,7 @@ index 474dc1b..be7bff5 100644 jnz ia32_ret_from_sys_call TRACE_IRQS_ON ENABLE_INTERRUPTS(CLBR_NONE) -@@ -215,11 +263,12 @@ sysexit_from_sys_call: +@@ -215,11 +268,12 @@ sysexit_from_sys_call: 1: setbe %al /* 1 if error, 0 if not */ movzbl %al,%edi /* zero-extend that into %edi */ call __audit_syscall_exit @@ -11686,7 +12536,7 @@ index 474dc1b..be7bff5 100644 jz \exit CLEAR_RREGS -ARGOFFSET jmp int_with_check -@@ -237,7 +286,7 @@ sysexit_audit: +@@ -237,7 +291,7 @@ sysexit_audit: sysenter_tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -11695,7 +12545,7 @@ index 474dc1b..be7bff5 100644 jz sysenter_auditsys #endif SAVE_REST -@@ -249,6 +298,9 @@ sysenter_tracesys: +@@ -249,6 +303,9 @@ sysenter_tracesys: RESTORE_REST cmpq $(IA32_NR_syscalls-1),%rax ja int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */ @@ -11705,7 +12555,7 @@ index 474dc1b..be7bff5 100644 jmp sysenter_do_call CFI_ENDPROC ENDPROC(ia32_sysenter_target) -@@ -276,19 +328,25 @@ ENDPROC(ia32_sysenter_target) +@@ -276,19 +333,25 @@ ENDPROC(ia32_sysenter_target) ENTRY(ia32_cstar_target) CFI_STARTPROC32 simple CFI_SIGNAL_FRAME @@ -11733,14 +12583,15 @@ index 474dc1b..be7bff5 100644 movl %eax,%eax /* zero extension */ movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) -@@ -304,12 +362,19 @@ ENTRY(ia32_cstar_target) +@@ -304,12 +367,25 @@ ENTRY(ia32_cstar_target) /* no need to do an access_ok check here because r8 has been 32bit zero extended */ /* hardware stack frame is complete now */ + +#ifdef CONFIG_PAX_MEMORY_UDEREF -+ mov pax_user_shadow_base,%r11 -+ add %r11,%r8 ++ ASM_PAX_OPEN_USERLAND ++ movq pax_user_shadow_base,%r8 ++ addq RSP-ARGOFFSET(%rsp),%r8 +#endif + ASM_STAC @@ -11749,13 +12600,18 @@ index 474dc1b..be7bff5 100644 ASM_CLAC - orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) - testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ ASM_PAX_CLOSE_USERLAND ++#endif ++ + GET_THREAD_INFO(%r11) + orl $TS_COMPAT,TI_status(%r11) + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11) CFI_REMEMBER_STATE jnz cstar_tracesys cmpq $IA32_NR_syscalls-1,%rax -@@ -319,12 +384,15 @@ cstar_do_call: +@@ -319,12 +395,15 @@ cstar_do_call: cstar_dispatch: call *ia32_sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) @@ -11773,7 +12629,7 @@ index 474dc1b..be7bff5 100644 RESTORE_ARGS 0,-ARG_SKIP,0,0,0 movl RIP-ARGOFFSET(%rsp),%ecx CFI_REGISTER rip,rcx -@@ -352,7 +420,7 @@ sysretl_audit: +@@ -352,7 +431,7 @@ sysretl_audit: cstar_tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -11782,7 +12638,7 @@ index 474dc1b..be7bff5 100644 jz cstar_auditsys #endif xchgl %r9d,%ebp -@@ -366,6 +434,9 @@ cstar_tracesys: +@@ -366,11 +445,19 @@ cstar_tracesys: xchgl %ebp,%r9d cmpq $(IA32_NR_syscalls-1),%rax ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */ @@ -11792,7 +12648,17 @@ index 474dc1b..be7bff5 100644 jmp cstar_do_call END(ia32_cstar_target) -@@ -407,19 +478,26 @@ ENTRY(ia32_syscall) + ia32_badarg: + ASM_CLAC ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ ASM_PAX_CLOSE_USERLAND ++#endif ++ + movq $-EFAULT,%rax + jmp ia32_sysret + CFI_ENDPROC +@@ -407,19 +494,26 @@ ENTRY(ia32_syscall) CFI_REL_OFFSET rip,RIP-RIP PARAVIRT_ADJUST_EXCEPTION_FRAME SWAPGS @@ -11826,7 +12692,7 @@ index 474dc1b..be7bff5 100644 jnz ia32_tracesys cmpq $(IA32_NR_syscalls-1),%rax ja ia32_badsys -@@ -442,6 +520,9 @@ ia32_tracesys: +@@ -442,6 +536,9 @@ ia32_tracesys: RESTORE_REST cmpq $(IA32_NR_syscalls-1),%rax ja int_ret_from_sys_call /* ia32_tracesys has set RAX(%rsp) */ @@ -11837,7 +12703,7 @@ index 474dc1b..be7bff5 100644 END(ia32_syscall) diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c -index ad7a20c..1ffa3c1 100644 +index 8e0ceec..af13504 100644 --- a/arch/x86/ia32/sys_ia32.c +++ b/arch/x86/ia32/sys_ia32.c @@ -69,8 +69,8 @@ asmlinkage long sys32_ftruncate64(unsigned int fd, unsigned long offset_low, @@ -11851,15 +12717,6 @@ index ad7a20c..1ffa3c1 100644 SET_UID(uid, from_kuid_munged(current_user_ns(), stat->uid)); SET_GID(gid, from_kgid_munged(current_user_ns(), stat->gid)); if (!access_ok(VERIFY_WRITE, ubuf, sizeof(struct stat64)) || -@@ -205,7 +205,7 @@ asmlinkage long sys32_sendfile(int out_fd, int in_fd, - return -EFAULT; - - set_fs(KERNEL_DS); -- ret = sys_sendfile(out_fd, in_fd, offset ? (off_t __user *)&of : NULL, -+ ret = sys_sendfile(out_fd, in_fd, offset ? (off_t __force_user *)&of : NULL, - count); - set_fs(old_fs); - diff --git a/arch/x86/include/asm/alternative-asm.h b/arch/x86/include/asm/alternative-asm.h index 372231c..a5aa1a1 100644 --- a/arch/x86/include/asm/alternative-asm.h @@ -12997,7 +13854,7 @@ index 46fc474..b02b0f9 100644 if (len) diff --git a/arch/x86/include/asm/cmpxchg.h b/arch/x86/include/asm/cmpxchg.h -index 8d871ea..c1a0dc9 100644 +index d47786a..ce1b05d 100644 --- a/arch/x86/include/asm/cmpxchg.h +++ b/arch/x86/include/asm/cmpxchg.h @@ -14,8 +14,12 @@ extern void __cmpxchg_wrong_size(void) @@ -13072,10 +13929,19 @@ index 59c6c40..5e0b22c 100644 struct compat_timespec { compat_time_t tv_sec; diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h -index 93fe929..90858b7 100644 +index e99ac27..10d834e 100644 --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h -@@ -207,7 +207,7 @@ +@@ -203,7 +203,7 @@ + #define X86_FEATURE_DECODEASSISTS (8*32+12) /* AMD Decode Assists support */ + #define X86_FEATURE_PAUSEFILTER (8*32+13) /* AMD filtered pause intercept */ + #define X86_FEATURE_PFTHRESHOLD (8*32+14) /* AMD pause filter threshold */ +- ++#define X86_FEATURE_STRONGUDEREF (8*32+31) /* PaX PCID based strong UDEREF */ + + /* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 9 */ + #define X86_FEATURE_FSGSBASE (9*32+ 0) /* {RD/WR}{FS/GS}BASE instructions*/ +@@ -211,7 +211,7 @@ #define X86_FEATURE_BMI1 (9*32+ 3) /* 1st group bit manipulation extensions */ #define X86_FEATURE_HLE (9*32+ 4) /* Hardware Lock Elision */ #define X86_FEATURE_AVX2 (9*32+ 5) /* AVX2 instructions */ @@ -13084,7 +13950,15 @@ index 93fe929..90858b7 100644 #define X86_FEATURE_BMI2 (9*32+ 8) /* 2nd group bit manipulation extensions */ #define X86_FEATURE_ERMS (9*32+ 9) /* Enhanced REP MOVSB/STOSB */ #define X86_FEATURE_INVPCID (9*32+10) /* Invalidate Processor Context ID */ -@@ -377,7 +377,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) +@@ -353,6 +353,7 @@ extern const char * const x86_power_flags[32]; + #undef cpu_has_centaur_mcr + #define cpu_has_centaur_mcr 0 + ++#define cpu_has_pcid boot_cpu_has(X86_FEATURE_PCID) + #endif /* CONFIG_X86_64 */ + + #if __GNUC__ >= 4 +@@ -394,7 +395,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) ".section .discard,\"aw\",@progbits\n" " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */ ".previous\n" @@ -13407,12 +14281,14 @@ index 75ce3f4..882e801 100644 #endif /* _ASM_X86_EMERGENCY_RESTART_H */ diff --git a/arch/x86/include/asm/fpu-internal.h b/arch/x86/include/asm/fpu-internal.h -index e25cc33..425d099 100644 +index e25cc33..7d3ec01 100644 --- a/arch/x86/include/asm/fpu-internal.h +++ b/arch/x86/include/asm/fpu-internal.h -@@ -127,7 +127,9 @@ static inline void sanitize_i387_state(struct task_struct *tsk) +@@ -126,8 +126,11 @@ static inline void sanitize_i387_state(struct task_struct *tsk) + #define user_insn(insn, output, input...) \ ({ \ int err; \ ++ pax_open_userland(); \ asm volatile(ASM_STAC "\n" \ - "1:" #insn "\n\t" \ + "1:" \ @@ -13421,7 +14297,15 @@ index e25cc33..425d099 100644 "2: " ASM_CLAC "\n" \ ".section .fixup,\"ax\"\n" \ "3: movl $-1,%[err]\n" \ -@@ -300,7 +302,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk) +@@ -136,6 +139,7 @@ static inline void sanitize_i387_state(struct task_struct *tsk) + _ASM_EXTABLE(1b, 3b) \ + : [err] "=r" (err), output \ + : "0"(0), input); \ ++ pax_close_userland(); \ + err; \ + }) + +@@ -300,7 +304,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk) "emms\n\t" /* clear stack tags */ "fildl %P[addr]", /* set F?P to defined value */ X86_FEATURE_FXSAVE_LEAK, @@ -13431,7 +14315,7 @@ index e25cc33..425d099 100644 return fpu_restore_checking(&tsk->thread.fpu); } diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h -index be27ba1..8f13ff9 100644 +index be27ba1..04a8801 100644 --- a/arch/x86/include/asm/futex.h +++ b/arch/x86/include/asm/futex.h @@ -12,6 +12,7 @@ @@ -13470,8 +14354,11 @@ index be27ba1..8f13ff9 100644 : "r" (oparg), "i" (-EFAULT), "1" (0)) static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) -@@ -59,10 +61,10 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) +@@ -57,12 +59,13 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) + + pagefault_disable(); ++ pax_open_userland(); switch (op) { case FUTEX_OP_SET: - __futex_atomic_op1("xchgl %0, %2", ret, oldval, uaddr, oparg); @@ -13483,9 +14370,19 @@ index be27ba1..8f13ff9 100644 uaddr, oparg); break; case FUTEX_OP_OR: -@@ -116,14 +118,14 @@ static inline int futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, +@@ -77,6 +80,7 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) + default: + ret = -ENOSYS; + } ++ pax_close_userland(); + + pagefault_enable(); + +@@ -115,18 +119,20 @@ static inline int futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, + if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) return -EFAULT; ++ pax_open_userland(); asm volatile("\t" ASM_STAC "\n" - "1:\t" LOCK_PREFIX "cmpxchgl %4, %2\n" + "1:\t" LOCK_PREFIX __copyuser_seg"cmpxchgl %4, %2\n" @@ -13500,11 +14397,15 @@ index be27ba1..8f13ff9 100644 : "i" (-EFAULT), "r" (newval), "1" (oldval) : "memory" ); ++ pax_close_userland(); + + *uval = oldval; + return ret; diff --git a/arch/x86/include/asm/hw_irq.h b/arch/x86/include/asm/hw_irq.h -index 10a78c3..cc77143 100644 +index 1da97ef..9c2ebff 100644 --- a/arch/x86/include/asm/hw_irq.h +++ b/arch/x86/include/asm/hw_irq.h -@@ -147,8 +147,8 @@ extern void setup_ioapic_dest(void); +@@ -148,8 +148,8 @@ extern void setup_ioapic_dest(void); extern void enable_IO_APIC(void); /* Statistics */ @@ -13886,29 +14787,31 @@ index 5f55e69..e20bfb1 100644 #ifdef CONFIG_SMP diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h -index cdbf367..adb37ac 100644 +index cdbf367..4c73c9e 100644 --- a/arch/x86/include/asm/mmu_context.h +++ b/arch/x86/include/asm/mmu_context.h -@@ -24,6 +24,18 @@ void destroy_context(struct mm_struct *mm); +@@ -24,6 +24,20 @@ void destroy_context(struct mm_struct *mm); static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk) { + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ unsigned int i; -+ pgd_t *pgd; ++ if (!(static_cpu_has(X86_FEATURE_PCID))) { ++ unsigned int i; ++ pgd_t *pgd; + -+ pax_open_kernel(); -+ pgd = get_cpu_pgd(smp_processor_id()); -+ for (i = USER_PGD_PTRS; i < 2 * USER_PGD_PTRS; ++i) -+ set_pgd_batched(pgd+i, native_make_pgd(0)); -+ pax_close_kernel(); ++ pax_open_kernel(); ++ pgd = get_cpu_pgd(smp_processor_id(), kernel); ++ for (i = USER_PGD_PTRS; i < 2 * USER_PGD_PTRS; ++i) ++ set_pgd_batched(pgd+i, native_make_pgd(0)); ++ pax_close_kernel(); ++ } +#endif + #ifdef CONFIG_SMP if (this_cpu_read(cpu_tlbstate.state) == TLBSTATE_OK) this_cpu_write(cpu_tlbstate.state, TLBSTATE_LAZY); -@@ -34,16 +46,30 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, +@@ -34,16 +48,55 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, struct task_struct *tsk) { unsigned cpu = smp_processor_id(); @@ -13929,17 +14832,42 @@ index cdbf367..adb37ac 100644 /* Re-load page tables */ +#ifdef CONFIG_PAX_PER_CPU_PGD + pax_open_kernel(); -+ __clone_user_pgds(get_cpu_pgd(cpu), next->pgd); -+ __shadow_user_pgds(get_cpu_pgd(cpu) + USER_PGD_PTRS, next->pgd); ++ ++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) ++ if (static_cpu_has(X86_FEATURE_PCID)) ++ __clone_user_pgds(get_cpu_pgd(cpu, user), next->pgd); ++ else ++#endif ++ ++ __clone_user_pgds(get_cpu_pgd(cpu, kernel), next->pgd); ++ __shadow_user_pgds(get_cpu_pgd(cpu, kernel) + USER_PGD_PTRS, next->pgd); + pax_close_kernel(); -+ load_cr3(get_cpu_pgd(cpu)); ++ BUG_ON((__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL) != (read_cr3() & __PHYSICAL_MASK) && (__pa(get_cpu_pgd(cpu, user)) | PCID_USER) != (read_cr3() & __PHYSICAL_MASK)); ++ ++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) ++ if (static_cpu_has(X86_FEATURE_PCID)) { ++ if (static_cpu_has(X86_FEATURE_INVPCID)) { ++ unsigned long descriptor[2]; ++ descriptor[0] = PCID_USER; ++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_CONTEXT) : "memory"); ++ } else { ++ write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER); ++ if (static_cpu_has(X86_FEATURE_STRONGUDEREF)) ++ write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH); ++ else ++ write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL); ++ } ++ } else ++#endif ++ ++ load_cr3(get_cpu_pgd(cpu, kernel)); +#else load_cr3(next->pgd); +#endif /* stop flush ipis for the previous mm */ cpumask_clear_cpu(cpu, mm_cpumask(prev)); -@@ -53,9 +79,38 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, +@@ -53,9 +106,63 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, */ if (unlikely(prev->context.ldt != next->context.ldt)) load_LDT_nolock(&next->context); @@ -13969,17 +14897,42 @@ index cdbf367..adb37ac 100644 + +#ifdef CONFIG_PAX_PER_CPU_PGD + pax_open_kernel(); -+ __clone_user_pgds(get_cpu_pgd(cpu), next->pgd); -+ __shadow_user_pgds(get_cpu_pgd(cpu) + USER_PGD_PTRS, next->pgd); ++ ++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) ++ if (static_cpu_has(X86_FEATURE_PCID)) ++ __clone_user_pgds(get_cpu_pgd(cpu, user), next->pgd); ++ else ++#endif ++ ++ __clone_user_pgds(get_cpu_pgd(cpu, kernel), next->pgd); ++ __shadow_user_pgds(get_cpu_pgd(cpu, kernel) + USER_PGD_PTRS, next->pgd); + pax_close_kernel(); -+ load_cr3(get_cpu_pgd(cpu)); ++ BUG_ON((__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL) != (read_cr3() & __PHYSICAL_MASK) && (__pa(get_cpu_pgd(cpu, user)) | PCID_USER) != (read_cr3() & __PHYSICAL_MASK)); ++ ++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) ++ if (static_cpu_has(X86_FEATURE_PCID)) { ++ if (static_cpu_has(X86_FEATURE_INVPCID)) { ++ unsigned long descriptor[2]; ++ descriptor[0] = PCID_USER; ++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_CONTEXT) : "memory"); ++ } else { ++ write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER); ++ if (static_cpu_has(X86_FEATURE_STRONGUDEREF)) ++ write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH); ++ else ++ write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL); ++ } ++ } else ++#endif ++ ++ load_cr3(get_cpu_pgd(cpu, kernel)); +#endif + +#ifdef CONFIG_SMP this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK); BUG_ON(this_cpu_read(cpu_tlbstate.active_mm) != next); -@@ -64,11 +119,28 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, +@@ -64,11 +171,28 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, * tlb flush IPI delivery. We must reload CR3 * to make sure to use no freed page tables. */ @@ -14045,10 +14998,10 @@ index e3b7819..b257c64 100644 + #endif /* _ASM_X86_MODULE_H */ diff --git a/arch/x86/include/asm/nmi.h b/arch/x86/include/asm/nmi.h -index c0fa356..07a498a 100644 +index 86f9301..b365cda 100644 --- a/arch/x86/include/asm/nmi.h +++ b/arch/x86/include/asm/nmi.h -@@ -42,11 +42,11 @@ struct nmiaction { +@@ -40,11 +40,11 @@ struct nmiaction { nmi_handler_t handler; unsigned long flags; const char *name; @@ -14062,7 +15015,7 @@ index c0fa356..07a498a 100644 .handler = (fn), \ .name = (n), \ .flags = (fg), \ -@@ -54,7 +54,7 @@ struct nmiaction { +@@ -52,7 +52,7 @@ struct nmiaction { __register_nmi_handler((t), &fn##_na); \ }) @@ -14071,6 +15024,18 @@ index c0fa356..07a498a 100644 void unregister_nmi_handler(unsigned int, const char *); +diff --git a/arch/x86/include/asm/page.h b/arch/x86/include/asm/page.h +index c878924..21f4889 100644 +--- a/arch/x86/include/asm/page.h ++++ b/arch/x86/include/asm/page.h +@@ -52,6 +52,7 @@ static inline void copy_user_page(void *to, void *from, unsigned long vaddr, + __phys_addr_symbol(__phys_reloc_hide((unsigned long)(x))) + + #define __va(x) ((void *)((unsigned long)(x)+PAGE_OFFSET)) ++#define __early_va(x) ((void *)((unsigned long)(x)+__START_KERNEL_map - phys_base)) + + #define __boot_va(x) __va(x) + #define __boot_pa(x) __pa(x) diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h index 0f1ddee..e2fc3d1 100644 --- a/arch/x86/include/asm/page_64.h @@ -14088,10 +15053,10 @@ index 0f1ddee..e2fc3d1 100644 unsigned long y = x - __START_KERNEL_map; diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h -index 7361e47..16dc226 100644 +index cfdc9ee..3f7b5d6 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h -@@ -564,7 +564,7 @@ static inline pmd_t __pmd(pmdval_t val) +@@ -560,7 +560,7 @@ static inline pmd_t __pmd(pmdval_t val) return (pmd_t) { ret }; } @@ -14100,7 +15065,7 @@ index 7361e47..16dc226 100644 { pmdval_t ret; -@@ -630,6 +630,18 @@ static inline void set_pgd(pgd_t *pgdp, pgd_t pgd) +@@ -626,6 +626,18 @@ static inline void set_pgd(pgd_t *pgdp, pgd_t pgd) val); } @@ -14119,7 +15084,7 @@ index 7361e47..16dc226 100644 static inline void pgd_clear(pgd_t *pgdp) { set_pgd(pgdp, __pgd(0)); -@@ -714,6 +726,21 @@ static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx, +@@ -710,6 +722,21 @@ static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx, pv_mmu_ops.set_fixmap(idx, phys, flags); } @@ -14141,7 +15106,7 @@ index 7361e47..16dc226 100644 #if defined(CONFIG_SMP) && defined(CONFIG_PARAVIRT_SPINLOCKS) static inline int arch_spin_is_locked(struct arch_spinlock *lock) -@@ -930,7 +957,7 @@ extern void default_banner(void); +@@ -926,7 +953,7 @@ extern void default_banner(void); #define PARA_PATCH(struct, off) ((PARAVIRT_PATCH_##struct + (off)) / 4) #define PARA_SITE(ptype, clobbers, ops) _PVSITE(ptype, clobbers, ops, .long, 4) @@ -14150,7 +15115,7 @@ index 7361e47..16dc226 100644 #endif #define INTERRUPT_RETURN \ -@@ -1005,6 +1032,21 @@ extern void default_banner(void); +@@ -1001,6 +1028,21 @@ extern void default_banner(void); PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_irq_enable_sysexit), \ CLBR_NONE, \ jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_irq_enable_sysexit)) @@ -14173,7 +15138,7 @@ index 7361e47..16dc226 100644 #endif /* __ASSEMBLY__ */ diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h -index b3b0ec1..b1cd3eb 100644 +index 0db1fca..52310cc 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -84,7 +84,7 @@ struct pv_init_ops { @@ -14332,7 +15297,7 @@ index 4cc9f2b..5fd9226 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index 1e67223..dd6e7ea 100644 +index 1e67223..92a9585 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); @@ -14438,23 +15403,24 @@ index 1e67223..dd6e7ea 100644 } static inline pte_t pte_mkdirty(pte_t pte) -@@ -394,6 +459,15 @@ pte_t *populate_extra_pte(unsigned long vaddr); +@@ -394,6 +459,16 @@ pte_t *populate_extra_pte(unsigned long vaddr); #endif #ifndef __ASSEMBLY__ + +#ifdef CONFIG_PAX_PER_CPU_PGD -+extern pgd_t cpu_pgd[NR_CPUS][PTRS_PER_PGD]; -+static inline pgd_t *get_cpu_pgd(unsigned int cpu) ++extern pgd_t cpu_pgd[NR_CPUS][2][PTRS_PER_PGD]; ++enum cpu_pgd_type {kernel = 0, user = 1}; ++static inline pgd_t *get_cpu_pgd(unsigned int cpu, enum cpu_pgd_type type) +{ -+ return cpu_pgd[cpu]; ++ return cpu_pgd[cpu][type]; +} +#endif + #include #include -@@ -529,7 +603,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) +@@ -529,7 +604,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ @@ -14463,7 +15429,7 @@ index 1e67223..dd6e7ea 100644 /* Find an entry in the second-level page table.. */ static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address) -@@ -569,7 +643,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) +@@ -569,7 +644,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ @@ -14472,7 +15438,7 @@ index 1e67223..dd6e7ea 100644 /* to find an entry in a page-table-directory. */ static inline unsigned long pud_index(unsigned long address) -@@ -584,7 +658,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) +@@ -584,7 +659,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) static inline int pgd_bad(pgd_t pgd) { @@ -14481,7 +15447,7 @@ index 1e67223..dd6e7ea 100644 } static inline int pgd_none(pgd_t pgd) -@@ -607,7 +681,12 @@ static inline int pgd_none(pgd_t pgd) +@@ -607,7 +682,12 @@ static inline int pgd_none(pgd_t pgd) * pgd_offset() returns a (pgd_t *) * pgd_index() is used get the offset into the pgd page's array of pgd_t's; */ @@ -14489,13 +15455,13 @@ index 1e67223..dd6e7ea 100644 +#define pgd_offset(mm, address) ((mm)->pgd + pgd_index(address)) + +#ifdef CONFIG_PAX_PER_CPU_PGD -+#define pgd_offset_cpu(cpu, address) (get_cpu_pgd(cpu) + pgd_index(address)) ++#define pgd_offset_cpu(cpu, type, address) (get_cpu_pgd(cpu, type) + pgd_index(address)) +#endif + /* * a shortcut which implies the use of the kernel's pgd, instead * of a process's -@@ -618,6 +697,22 @@ static inline int pgd_none(pgd_t pgd) +@@ -618,6 +698,23 @@ static inline int pgd_none(pgd_t pgd) #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) @@ -14510,6 +15476,7 @@ index 1e67223..dd6e7ea 100644 +#define pax_user_shadow_base pax_user_shadow_base(%rip) +#else +extern unsigned long pax_user_shadow_base; ++extern pgdval_t clone_pgd_mask; +#endif +#endif + @@ -14518,7 +15485,7 @@ index 1e67223..dd6e7ea 100644 #ifndef __ASSEMBLY__ extern int direct_gbpages; -@@ -784,11 +879,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, +@@ -784,11 +881,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, * dst and src can be on the same page, but the range must not overlap, * and must not cross a page boundary. */ @@ -14695,7 +15662,7 @@ index 2d88344..4679fc3 100644 #define EARLY_DYNAMIC_PAGE_TABLES 64 diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h -index 567b5d0..bd91d64 100644 +index e642300..0ef8f31 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -16,13 +16,12 @@ @@ -14810,10 +15777,33 @@ index 567b5d0..bd91d64 100644 #define pgprot_writecombine pgprot_writecombine extern pgprot_t pgprot_writecombine(pgprot_t prot); diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h -index 3270116..8d99d82 100644 +index 22224b3..b3a2f90 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h -@@ -285,7 +285,7 @@ struct tss_struct { +@@ -198,9 +198,21 @@ static inline void native_cpuid(unsigned int *eax, unsigned int *ebx, + : "memory"); + } + ++/* invpcid (%rdx),%rax */ ++#define __ASM_INVPCID ".byte 0x66,0x0f,0x38,0x82,0x02" ++ ++#define INVPCID_SINGLE_ADDRESS 0UL ++#define INVPCID_SINGLE_CONTEXT 1UL ++#define INVPCID_ALL_GLOBAL 2UL ++#define INVPCID_ALL_MONGLOBAL 3UL ++ ++#define PCID_KERNEL 0UL ++#define PCID_USER 1UL ++#define PCID_NOFLUSH (1UL << 63) ++ + static inline void load_cr3(pgd_t *pgdir) + { +- write_cr3(__pa(pgdir)); ++ write_cr3(__pa(pgdir) | PCID_KERNEL); + } + + #ifdef CONFIG_X86_32 +@@ -282,7 +294,7 @@ struct tss_struct { } ____cacheline_aligned; @@ -14822,7 +15812,47 @@ index 3270116..8d99d82 100644 /* * Save the original ist values for checking stack pointers during debugging -@@ -826,11 +826,18 @@ static inline void spin_lock_prefetch(const void *x) +@@ -452,6 +464,7 @@ struct thread_struct { + unsigned short ds; + unsigned short fsindex; + unsigned short gsindex; ++ unsigned short ss; + #endif + #ifdef CONFIG_X86_32 + unsigned long ip; +@@ -552,29 +565,8 @@ static inline void load_sp0(struct tss_struct *tss, + extern unsigned long mmu_cr4_features; + extern u32 *trampoline_cr4_features; + +-static inline void set_in_cr4(unsigned long mask) +-{ +- unsigned long cr4; +- +- mmu_cr4_features |= mask; +- if (trampoline_cr4_features) +- *trampoline_cr4_features = mmu_cr4_features; +- cr4 = read_cr4(); +- cr4 |= mask; +- write_cr4(cr4); +-} +- +-static inline void clear_in_cr4(unsigned long mask) +-{ +- unsigned long cr4; +- +- mmu_cr4_features &= ~mask; +- if (trampoline_cr4_features) +- *trampoline_cr4_features = mmu_cr4_features; +- cr4 = read_cr4(); +- cr4 &= ~mask; +- write_cr4(cr4); +-} ++extern void set_in_cr4(unsigned long mask); ++extern void clear_in_cr4(unsigned long mask); + + typedef struct { + unsigned long seg; +@@ -823,11 +815,18 @@ static inline void spin_lock_prefetch(const void *x) */ #define TASK_SIZE PAGE_OFFSET #define TASK_SIZE_MAX TASK_SIZE @@ -14843,7 +15873,7 @@ index 3270116..8d99d82 100644 .vm86_info = NULL, \ .sysenter_cs = __KERNEL_CS, \ .io_bitmap_ptr = NULL, \ -@@ -844,7 +851,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -841,7 +840,7 @@ static inline void spin_lock_prefetch(const void *x) */ #define INIT_TSS { \ .x86_tss = { \ @@ -14852,7 +15882,7 @@ index 3270116..8d99d82 100644 .ss0 = __KERNEL_DS, \ .ss1 = __KERNEL_CS, \ .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \ -@@ -855,11 +862,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -852,11 +851,7 @@ static inline void spin_lock_prefetch(const void *x) extern unsigned long thread_saved_pc(struct task_struct *tsk); #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long)) @@ -14865,7 +15895,7 @@ index 3270116..8d99d82 100644 /* * The below -8 is to reserve 8 bytes on top of the ring0 stack. -@@ -874,7 +877,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -871,7 +866,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define task_pt_regs(task) \ ({ \ struct pt_regs *__regs__; \ @@ -14874,7 +15904,7 @@ index 3270116..8d99d82 100644 __regs__ - 1; \ }) -@@ -884,13 +887,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -881,13 +876,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); /* * User space process size. 47bits minus one guard page. */ @@ -14890,7 +15920,7 @@ index 3270116..8d99d82 100644 #define TASK_SIZE (test_thread_flag(TIF_ADDR32) ? \ IA32_PAGE_OFFSET : TASK_SIZE_MAX) -@@ -901,11 +904,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -898,11 +893,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define STACK_TOP_MAX TASK_SIZE_MAX #define INIT_THREAD { \ @@ -14904,7 +15934,7 @@ index 3270116..8d99d82 100644 } /* -@@ -933,6 +936,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, +@@ -930,6 +925,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, */ #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3)) @@ -14915,16 +15945,26 @@ index 3270116..8d99d82 100644 #define KSTK_EIP(task) (task_pt_regs(task)->ip) /* Get/set a process' ability to use the timestamp counter instruction */ -@@ -993,7 +1000,7 @@ extern bool cpu_has_amd_erratum(const int *); - #define cpu_has_amd_erratum(x) (false) - #endif /* CONFIG_CPU_SUP_AMD */ +@@ -942,7 +941,8 @@ extern int set_tsc_mode(unsigned int val); + extern u16 amd_get_nb_id(int cpu); + + struct aperfmperf { +- u64 aperf, mperf; ++ u64 aperf __intentional_overflow(0); ++ u64 mperf __intentional_overflow(0); + }; + + static inline void get_aperfmperf(struct aperfmperf *am) +@@ -970,7 +970,7 @@ unsigned long calc_aperfmperf_ratio(struct aperfmperf *old, + return ratio; + } -extern unsigned long arch_align_stack(unsigned long sp); +#define arch_align_stack(x) ((x) & ~0xfUL) extern void free_init_pages(char *what, unsigned long begin, unsigned long end); void default_idle(void); -@@ -1003,6 +1010,6 @@ bool xen_set_default_idle(void); +@@ -980,6 +980,6 @@ bool xen_set_default_idle(void); #define xen_set_default_idle 0 #endif @@ -15052,7 +16092,7 @@ index a82c4f1..ac45053 100644 extern struct machine_ops machine_ops; diff --git a/arch/x86/include/asm/rwsem.h b/arch/x86/include/asm/rwsem.h -index 2dbe4a7..ce1db00 100644 +index cad82c9..2e5c5c1 100644 --- a/arch/x86/include/asm/rwsem.h +++ b/arch/x86/include/asm/rwsem.h @@ -64,6 +64,14 @@ static inline void __down_read(struct rw_semaphore *sem) @@ -15098,9 +16138,9 @@ index 2dbe4a7..ce1db00 100644 +#endif + /* adds 0xffff0001, returns the old value */ - " test %1,%1\n\t" - /* was the count 0 before? */ -@@ -141,6 +165,14 @@ static inline void __up_read(struct rw_semaphore *sem) + " test " __ASM_SEL(%w1,%k1) "," __ASM_SEL(%w1,%k1) "\n\t" + /* was the active mask 0 before? */ +@@ -155,6 +179,14 @@ static inline void __up_read(struct rw_semaphore *sem) long tmp; asm volatile("# beginning __up_read\n\t" LOCK_PREFIX " xadd %1,(%2)\n\t" @@ -15115,7 +16155,7 @@ index 2dbe4a7..ce1db00 100644 /* subtracts 1, returns the old value */ " jns 1f\n\t" " call call_rwsem_wake\n" /* expects old value in %edx */ -@@ -159,6 +191,14 @@ static inline void __up_write(struct rw_semaphore *sem) +@@ -173,6 +205,14 @@ static inline void __up_write(struct rw_semaphore *sem) long tmp; asm volatile("# beginning __up_write\n\t" LOCK_PREFIX " xadd %1,(%2)\n\t" @@ -15130,7 +16170,7 @@ index 2dbe4a7..ce1db00 100644 /* subtracts 0xffff0001, returns the old value */ " jns 1f\n\t" " call call_rwsem_wake\n" /* expects old value in %edx */ -@@ -176,6 +216,14 @@ static inline void __downgrade_write(struct rw_semaphore *sem) +@@ -190,6 +230,14 @@ static inline void __downgrade_write(struct rw_semaphore *sem) { asm volatile("# beginning __downgrade_write\n\t" LOCK_PREFIX _ASM_ADD "%2,(%1)\n\t" @@ -15145,7 +16185,7 @@ index 2dbe4a7..ce1db00 100644 /* * transitions 0xZZZZ0001 -> 0xYYYY0001 (i386) * 0xZZZZZZZZ00000001 -> 0xYYYYYYYY00000001 (x86_64) -@@ -194,7 +242,15 @@ static inline void __downgrade_write(struct rw_semaphore *sem) +@@ -208,7 +256,15 @@ static inline void __downgrade_write(struct rw_semaphore *sem) */ static inline void rwsem_atomic_add(long delta, struct rw_semaphore *sem) { @@ -15162,7 +16202,7 @@ index 2dbe4a7..ce1db00 100644 : "+m" (sem->count) : "er" (delta)); } -@@ -204,7 +260,7 @@ static inline void rwsem_atomic_add(long delta, struct rw_semaphore *sem) +@@ -218,7 +274,7 @@ static inline void rwsem_atomic_add(long delta, struct rw_semaphore *sem) */ static inline long rwsem_atomic_update(long delta, struct rw_semaphore *sem) { @@ -15172,7 +16212,7 @@ index 2dbe4a7..ce1db00 100644 #endif /* __KERNEL__ */ diff --git a/arch/x86/include/asm/segment.h b/arch/x86/include/asm/segment.h -index c48a950..c6d7468 100644 +index c48a950..bc40804 100644 --- a/arch/x86/include/asm/segment.h +++ b/arch/x86/include/asm/segment.h @@ -64,10 +64,15 @@ @@ -15233,15 +16273,32 @@ index c48a950..c6d7468 100644 #define GDT_ENTRY_TSS 8 /* needs two entries */ #define GDT_ENTRY_LDT 10 /* needs two entries */ #define GDT_ENTRY_TLS_MIN 12 -@@ -185,6 +200,7 @@ +@@ -173,6 +188,8 @@ + #define GDT_ENTRY_PER_CPU 15 /* Abused to load per CPU data from limit */ + #define __PER_CPU_SEG (GDT_ENTRY_PER_CPU * 8 + 3) + ++#define GDT_ENTRY_UDEREF_KERNEL_DS 16 ++ + /* TLS indexes for 64bit - hardcoded in arch_prctl */ + #define FS_TLS 0 + #define GS_TLS 1 +@@ -180,12 +197,14 @@ + #define GS_TLS_SEL ((GDT_ENTRY_TLS_MIN+GS_TLS)*8 + 3) + #define FS_TLS_SEL ((GDT_ENTRY_TLS_MIN+FS_TLS)*8 + 3) + +-#define GDT_ENTRIES 16 ++#define GDT_ENTRIES 17 + #endif #define __KERNEL_CS (GDT_ENTRY_KERNEL_CS*8) +#define __KERNEXEC_KERNEL_CS (GDT_ENTRY_KERNEXEC_KERNEL_CS*8) #define __KERNEL_DS (GDT_ENTRY_KERNEL_DS*8) ++#define __UDEREF_KERNEL_DS (GDT_ENTRY_UDEREF_KERNEL_DS*8) #define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS*8+3) #define __USER_CS (GDT_ENTRY_DEFAULT_USER_CS*8+3) -@@ -265,7 +281,7 @@ static inline unsigned long get_limit(unsigned long segment) + #ifndef CONFIG_PARAVIRT +@@ -265,7 +284,7 @@ static inline unsigned long get_limit(unsigned long segment) { unsigned long __limit; asm("lsll %1,%0" : "=r" (__limit) : "r" (segment)); @@ -15250,6 +16307,99 @@ index c48a950..c6d7468 100644 } #endif /* !__ASSEMBLY__ */ +diff --git a/arch/x86/include/asm/smap.h b/arch/x86/include/asm/smap.h +index 8d3120f..352b440 100644 +--- a/arch/x86/include/asm/smap.h ++++ b/arch/x86/include/asm/smap.h +@@ -25,11 +25,40 @@ + + #include + ++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) ++#define ASM_PAX_OPEN_USERLAND \ ++ 661: jmp 663f; \ ++ .pushsection .altinstr_replacement, "a" ; \ ++ 662: pushq %rax; nop; \ ++ .popsection ; \ ++ .pushsection .altinstructions, "a" ; \ ++ altinstruction_entry 661b, 662b, X86_FEATURE_STRONGUDEREF, 2, 2;\ ++ .popsection ; \ ++ call __pax_open_userland; \ ++ popq %rax; \ ++ 663: ++ ++#define ASM_PAX_CLOSE_USERLAND \ ++ 661: jmp 663f; \ ++ .pushsection .altinstr_replacement, "a" ; \ ++ 662: pushq %rax; nop; \ ++ .popsection; \ ++ .pushsection .altinstructions, "a" ; \ ++ altinstruction_entry 661b, 662b, X86_FEATURE_STRONGUDEREF, 2, 2;\ ++ .popsection; \ ++ call __pax_close_userland; \ ++ popq %rax; \ ++ 663: ++#else ++#define ASM_PAX_OPEN_USERLAND ++#define ASM_PAX_CLOSE_USERLAND ++#endif ++ + #ifdef CONFIG_X86_SMAP + + #define ASM_CLAC \ + 661: ASM_NOP3 ; \ +- .pushsection .altinstr_replacement, "ax" ; \ ++ .pushsection .altinstr_replacement, "a" ; \ + 662: __ASM_CLAC ; \ + .popsection ; \ + .pushsection .altinstructions, "a" ; \ +@@ -38,7 +67,7 @@ + + #define ASM_STAC \ + 661: ASM_NOP3 ; \ +- .pushsection .altinstr_replacement, "ax" ; \ ++ .pushsection .altinstr_replacement, "a" ; \ + 662: __ASM_STAC ; \ + .popsection ; \ + .pushsection .altinstructions, "a" ; \ +@@ -56,6 +85,37 @@ + + #include + ++#define __HAVE_ARCH_PAX_OPEN_USERLAND ++#define __HAVE_ARCH_PAX_CLOSE_USERLAND ++ ++extern void __pax_open_userland(void); ++static __always_inline unsigned long pax_open_userland(void) ++{ ++ ++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) ++ asm volatile(ALTERNATIVE(ASM_NOP5, "call %P[open]", X86_FEATURE_STRONGUDEREF) ++ : ++ : [open] "i" (__pax_open_userland) ++ : "memory", "rax"); ++#endif ++ ++ return 0; ++} ++ ++extern void __pax_close_userland(void); ++static __always_inline unsigned long pax_close_userland(void) ++{ ++ ++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) ++ asm volatile(ALTERNATIVE(ASM_NOP5, "call %P[close]", X86_FEATURE_STRONGUDEREF) ++ : ++ : [close] "i" (__pax_close_userland) ++ : "memory", "rax"); ++#endif ++ ++ return 0; ++} ++ + #ifdef CONFIG_X86_SMAP + + static __always_inline void clac(void) diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h index b073aae..39f9bdd 100644 --- a/arch/x86/include/asm/smp.h @@ -15453,7 +16603,7 @@ index 4ec45b3..a4f0a8a 100644 __switch_canary_iparam \ : "memory", "cc" __EXTRA_CLOBBER) diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h -index 2cd056e..0224df8 100644 +index a1df6e8..e002940 100644 --- a/arch/x86/include/asm/thread_info.h +++ b/arch/x86/include/asm/thread_info.h @@ -10,6 +10,7 @@ @@ -15642,7 +16792,7 @@ index 2cd056e..0224df8 100644 #endif #endif /* !X86_32 */ -@@ -285,5 +257,12 @@ static inline bool is_ia32_task(void) +@@ -283,5 +255,12 @@ static inline bool is_ia32_task(void) extern void arch_task_cache_init(void); extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src); extern void arch_release_task_struct(struct task_struct *tsk); @@ -15655,8 +16805,102 @@ index 2cd056e..0224df8 100644 + #endif #endif /* _ASM_X86_THREAD_INFO_H */ +diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h +index 50a7fc0..7c437a7 100644 +--- a/arch/x86/include/asm/tlbflush.h ++++ b/arch/x86/include/asm/tlbflush.h +@@ -17,18 +17,40 @@ + + static inline void __native_flush_tlb(void) + { ++ if (static_cpu_has(X86_FEATURE_INVPCID)) { ++ unsigned long descriptor[2]; ++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_MONGLOBAL) : "memory"); ++ return; ++ } ++ ++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) ++ if (static_cpu_has(X86_FEATURE_PCID)) { ++ unsigned int cpu = raw_get_cpu(); ++ ++ native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER); ++ native_write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL); ++ raw_put_cpu_no_resched(); ++ return; ++ } ++#endif ++ + native_write_cr3(native_read_cr3()); + } + + static inline void __native_flush_tlb_global_irq_disabled(void) + { +- unsigned long cr4; ++ if (static_cpu_has(X86_FEATURE_INVPCID)) { ++ unsigned long descriptor[2]; ++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_GLOBAL) : "memory"); ++ } else { ++ unsigned long cr4; + +- cr4 = native_read_cr4(); +- /* clear PGE */ +- native_write_cr4(cr4 & ~X86_CR4_PGE); +- /* write old PGE again and flush TLBs */ +- native_write_cr4(cr4); ++ cr4 = native_read_cr4(); ++ /* clear PGE */ ++ native_write_cr4(cr4 & ~X86_CR4_PGE); ++ /* write old PGE again and flush TLBs */ ++ native_write_cr4(cr4); ++ } + } + + static inline void __native_flush_tlb_global(void) +@@ -49,6 +71,42 @@ static inline void __native_flush_tlb_global(void) + + static inline void __native_flush_tlb_single(unsigned long addr) + { ++ ++ if (static_cpu_has(X86_FEATURE_INVPCID)) { ++ unsigned long descriptor[2]; ++ ++ descriptor[0] = PCID_KERNEL; ++ descriptor[1] = addr; ++ ++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) ++ if (!static_cpu_has(X86_FEATURE_STRONGUDEREF) || addr >= TASK_SIZE_MAX) { ++ if (addr < TASK_SIZE_MAX) ++ descriptor[1] += pax_user_shadow_base; ++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory"); ++ } ++ ++ descriptor[0] = PCID_USER; ++ descriptor[1] = addr; ++#endif ++ ++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory"); ++ return; ++ } ++ ++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) ++ if (static_cpu_has(X86_FEATURE_PCID)) { ++ unsigned int cpu = raw_get_cpu(); ++ ++ native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER | PCID_NOFLUSH); ++ asm volatile("invlpg (%0)" ::"r" (addr) : "memory"); ++ native_write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH); ++ raw_put_cpu_no_resched(); ++ ++ if (!static_cpu_has(X86_FEATURE_STRONGUDEREF) && addr < TASK_SIZE_MAX) ++ addr += pax_user_shadow_base; ++ } ++#endif ++ + asm volatile("invlpg (%0)" ::"r" (addr) : "memory"); + } + diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h -index 5ee2687..70d5895 100644 +index 5ee2687..74590b9 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -7,6 +7,7 @@ @@ -15716,7 +16960,20 @@ index 5ee2687..70d5895 100644 /* * The exception table consists of pairs of addresses relative to the -@@ -176,13 +207,21 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) +@@ -165,10 +196,12 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) + register __inttype(*(ptr)) __val_gu asm("%edx"); \ + __chk_user_ptr(ptr); \ + might_fault(); \ ++ pax_open_userland(); \ + asm volatile("call __get_user_%P3" \ + : "=a" (__ret_gu), "=r" (__val_gu) \ + : "0" (ptr), "i" (sizeof(*(ptr)))); \ + (x) = (__typeof__(*(ptr))) __val_gu; \ ++ pax_close_userland(); \ + __ret_gu; \ + }) + +@@ -176,13 +209,21 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) asm volatile("call __put_user_" #size : "=a" (__ret_pu) \ : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx") @@ -15741,7 +16998,7 @@ index 5ee2687..70d5895 100644 "3: " ASM_CLAC "\n" \ ".section .fixup,\"ax\"\n" \ "4: movl %3,%0\n" \ -@@ -195,8 +234,8 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) +@@ -195,8 +236,8 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) #define __put_user_asm_ex_u64(x, addr) \ asm volatile(ASM_STAC "\n" \ @@ -15752,34 +17009,50 @@ index 5ee2687..70d5895 100644 "3: " ASM_CLAC "\n" \ _ASM_EXTABLE_EX(1b, 2b) \ _ASM_EXTABLE_EX(2b, 3b) \ -@@ -246,7 +285,7 @@ extern void __put_user_8(void); +@@ -246,7 +287,8 @@ extern void __put_user_8(void); __typeof__(*(ptr)) __pu_val; \ __chk_user_ptr(ptr); \ might_fault(); \ - __pu_val = x; \ + __pu_val = (x); \ ++ pax_open_userland(); \ switch (sizeof(*(ptr))) { \ case 1: \ __put_user_x(1, __pu_val, ptr, __ret_pu); \ -@@ -345,7 +384,7 @@ do { \ +@@ -264,6 +306,7 @@ extern void __put_user_8(void); + __put_user_x(X, __pu_val, ptr, __ret_pu); \ + break; \ + } \ ++ pax_close_userland(); \ + __ret_pu; \ + }) + +@@ -344,8 +387,10 @@ do { \ + } while (0) #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \ ++do { \ ++ pax_open_userland(); \ asm volatile(ASM_STAC "\n" \ - "1: mov"itype" %2,%"rtype"1\n" \ + "1: "__copyuser_seg"mov"itype" %2,%"rtype"1\n"\ "2: " ASM_CLAC "\n" \ ".section .fixup,\"ax\"\n" \ "3: mov %3,%0\n" \ -@@ -353,7 +392,7 @@ do { \ +@@ -353,8 +398,10 @@ do { \ " jmp 2b\n" \ ".previous\n" \ _ASM_EXTABLE(1b, 3b) \ - : "=r" (err), ltype(x) \ +- : "m" (__m(addr)), "i" (errret), "0" (err)) + : "=r" (err), ltype (x) \ - : "m" (__m(addr)), "i" (errret), "0" (err)) ++ : "m" (__m(addr)), "i" (errret), "0" (err)); \ ++ pax_close_userland(); \ ++} while (0) #define __get_user_size_ex(x, ptr, size) \ -@@ -378,7 +417,7 @@ do { \ + do { \ +@@ -378,7 +425,7 @@ do { \ } while (0) #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \ @@ -15788,7 +17061,7 @@ index 5ee2687..70d5895 100644 "2:\n" \ _ASM_EXTABLE_EX(1b, 2b) \ : ltype(x) : "m" (__m(addr))) -@@ -395,13 +434,24 @@ do { \ +@@ -395,13 +442,24 @@ do { \ int __gu_err; \ unsigned long __gu_val; \ __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \ @@ -15815,21 +17088,26 @@ index 5ee2687..70d5895 100644 /* * Tell gcc we read from memory instead of writing: this is because -@@ -410,7 +460,7 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -409,8 +467,10 @@ struct __large_struct { unsigned long buf[100]; }; + * aliasing issues. */ #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \ ++do { \ ++ pax_open_userland(); \ asm volatile(ASM_STAC "\n" \ - "1: mov"itype" %"rtype"1,%2\n" \ + "1: "__copyuser_seg"mov"itype" %"rtype"1,%2\n"\ "2: " ASM_CLAC "\n" \ ".section .fixup,\"ax\"\n" \ "3: mov %3,%0\n" \ -@@ -418,10 +468,10 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -418,10 +478,12 @@ struct __large_struct { unsigned long buf[100]; }; ".previous\n" \ _ASM_EXTABLE(1b, 3b) \ : "=r"(err) \ - : ltype(x), "m" (__m(addr)), "i" (errret), "0" (err)) -+ : ltype (x), "m" (__m(addr)), "i" (errret), "0" (err)) ++ : ltype (x), "m" (__m(addr)), "i" (errret), "0" (err));\ ++ pax_close_userland(); \ ++} while (0) #define __put_user_asm_ex(x, addr, itype, rtype, ltype) \ - asm volatile("1: mov"itype" %"rtype"0,%1\n" \ @@ -15837,7 +17115,21 @@ index 5ee2687..70d5895 100644 "2:\n" \ _ASM_EXTABLE_EX(1b, 2b) \ : : ltype(x), "m" (__m(addr))) -@@ -460,8 +510,12 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -431,11 +493,13 @@ struct __large_struct { unsigned long buf[100]; }; + */ + #define uaccess_try do { \ + current_thread_info()->uaccess_err = 0; \ ++ pax_open_userland(); \ + stac(); \ + barrier(); + + #define uaccess_catch(err) \ + clac(); \ ++ pax_close_userland(); \ + (err) |= (current_thread_info()->uaccess_err ? -EFAULT : 0); \ + } while (0) + +@@ -460,8 +524,12 @@ struct __large_struct { unsigned long buf[100]; }; * On error, the variable @x is set to zero. */ @@ -15850,7 +17142,7 @@ index 5ee2687..70d5895 100644 /** * __put_user: - Write a simple value into user space, with less checking. -@@ -483,8 +537,12 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -483,8 +551,12 @@ struct __large_struct { unsigned long buf[100]; }; * Returns zero on success, or -EFAULT on error. */ @@ -15863,7 +17155,7 @@ index 5ee2687..70d5895 100644 #define __get_user_unaligned __get_user #define __put_user_unaligned __put_user -@@ -502,7 +560,7 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -502,7 +574,7 @@ struct __large_struct { unsigned long buf[100]; }; #define get_user_ex(x, ptr) do { \ unsigned long __gue_val; \ __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \ @@ -15872,7 +17164,7 @@ index 5ee2687..70d5895 100644 } while (0) #define put_user_try uaccess_try -@@ -519,8 +577,8 @@ strncpy_from_user(char *dst, const char __user *src, long count); +@@ -519,8 +591,8 @@ strncpy_from_user(char *dst, const char __user *src, long count); extern __must_check long strlen_user(const char __user *str); extern __must_check long strnlen_user(const char __user *str, long n); @@ -16518,12 +17810,14 @@ index d8d9922..bf6cecb 100644 extern struct x86_init_ops x86_init; extern struct x86_cpuinit_ops x86_cpuinit; diff --git a/arch/x86/include/asm/xsave.h b/arch/x86/include/asm/xsave.h -index 0415cda..b43d877 100644 +index 0415cda..3b22adc 100644 --- a/arch/x86/include/asm/xsave.h +++ b/arch/x86/include/asm/xsave.h -@@ -71,7 +71,9 @@ static inline int xsave_user(struct xsave_struct __user *buf) +@@ -70,8 +70,11 @@ static inline int xsave_user(struct xsave_struct __user *buf) + if (unlikely(err)) return -EFAULT; ++ pax_open_userland(); __asm__ __volatile__(ASM_STAC "\n" - "1: .byte " REX_PREFIX "0x0f,0xae,0x27\n" + "1:" @@ -16532,7 +17826,14 @@ index 0415cda..b43d877 100644 "2: " ASM_CLAC "\n" ".section .fixup,\"ax\"\n" "3: movl $-1,%[err]\n" -@@ -87,12 +89,14 @@ static inline int xsave_user(struct xsave_struct __user *buf) +@@ -81,18 +84,22 @@ static inline int xsave_user(struct xsave_struct __user *buf) + : [err] "=r" (err) + : "D" (buf), "a" (-1), "d" (-1), "0" (0) + : "memory"); ++ pax_close_userland(); + return err; + } + static inline int xrestore_user(struct xsave_struct __user *buf, u64 mask) { int err; @@ -16541,6 +17842,7 @@ index 0415cda..b43d877 100644 u32 lmask = mask; u32 hmask = mask >> 32; ++ pax_open_userland(); __asm__ __volatile__(ASM_STAC "\n" - "1: .byte " REX_PREFIX "0x0f,0xae,0x2f\n" + "1:" @@ -16549,6 +17851,14 @@ index 0415cda..b43d877 100644 "2: " ASM_CLAC "\n" ".section .fixup,\"ax\"\n" "3: movl $-1,%[err]\n" +@@ -102,6 +109,7 @@ static inline int xrestore_user(struct xsave_struct __user *buf, u64 mask) + : [err] "=r" (err) + : "D" (xstate), "a" (lmask), "d" (hmask), "0" (0) + : "memory"); /* memory required? */ ++ pax_close_userland(); + return err; + } + diff --git a/arch/x86/include/uapi/asm/e820.h b/arch/x86/include/uapi/asm/e820.h index bbae024..e1528f9 100644 --- a/arch/x86/include/uapi/asm/e820.h @@ -16598,10 +17908,10 @@ index 230c8ea..f915130 100644 * HP laptops which use a DSDT reporting as HP/SB400/10000, * which includes some code which overrides all temperature diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c -index 0532f5d..36afc0a 100644 +index ec94e11..7fbbec0 100644 --- a/arch/x86/kernel/acpi/sleep.c +++ b/arch/x86/kernel/acpi/sleep.c -@@ -74,8 +74,12 @@ int acpi_suspend_lowlevel(void) +@@ -88,8 +88,12 @@ int acpi_suspend_lowlevel(void) #else /* CONFIG_64BIT */ #ifdef CONFIG_SMP stack_start = (unsigned long)temp_stack + sizeof(temp_stack); @@ -16615,10 +17925,10 @@ index 0532f5d..36afc0a 100644 #endif initial_code = (unsigned long)wakeup_long64; diff --git a/arch/x86/kernel/acpi/wakeup_32.S b/arch/x86/kernel/acpi/wakeup_32.S -index 13ab720..95d5442 100644 +index d1daa66..59fecba 100644 --- a/arch/x86/kernel/acpi/wakeup_32.S +++ b/arch/x86/kernel/acpi/wakeup_32.S -@@ -30,13 +30,11 @@ wakeup_pmode_return: +@@ -29,13 +29,11 @@ wakeup_pmode_return: # and restore the stack ... but you need gdt for this to work movl saved_context_esp, %esp @@ -16635,7 +17945,7 @@ index 13ab720..95d5442 100644 bogus_magic: jmp bogus_magic diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c -index ef5ccca..bd83949 100644 +index c15cf9a..0e63558 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -268,6 +268,13 @@ void __init_or_module apply_alternatives(struct alt_instr *start, @@ -16993,10 +18303,10 @@ index 794f6eb..67e1db2 100644 .name = "UV large system", .probe = uv_probe, diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c -index 66b5faf..3442423 100644 +index 53a4e27..038760a 100644 --- a/arch/x86/kernel/apm_32.c +++ b/arch/x86/kernel/apm_32.c -@@ -434,7 +434,7 @@ static DEFINE_MUTEX(apm_mutex); +@@ -433,7 +433,7 @@ static DEFINE_MUTEX(apm_mutex); * This is for buggy BIOS's that refer to (real mode) segment 0x40 * even though they are called in protected mode. */ @@ -17005,7 +18315,7 @@ index 66b5faf..3442423 100644 (unsigned long)__va(0x400UL), PAGE_SIZE - 0x400 - 1); static const char driver_version[] = "1.16ac"; /* no spaces */ -@@ -612,7 +612,10 @@ static long __apm_bios_call(void *_call) +@@ -611,7 +611,10 @@ static long __apm_bios_call(void *_call) BUG_ON(cpu != 0); gdt = get_cpu_gdt_table(cpu); save_desc_40 = gdt[0x40 / 8]; @@ -17016,7 +18326,7 @@ index 66b5faf..3442423 100644 apm_irq_save(flags); APM_DO_SAVE_SEGS; -@@ -621,7 +624,11 @@ static long __apm_bios_call(void *_call) +@@ -620,7 +623,11 @@ static long __apm_bios_call(void *_call) &call->esi); APM_DO_RESTORE_SEGS; apm_irq_restore(flags); @@ -17028,7 +18338,7 @@ index 66b5faf..3442423 100644 put_cpu(); return call->eax & 0xff; -@@ -688,7 +695,10 @@ static long __apm_bios_call_simple(void *_call) +@@ -687,7 +694,10 @@ static long __apm_bios_call_simple(void *_call) BUG_ON(cpu != 0); gdt = get_cpu_gdt_table(cpu); save_desc_40 = gdt[0x40 / 8]; @@ -17039,7 +18349,7 @@ index 66b5faf..3442423 100644 apm_irq_save(flags); APM_DO_SAVE_SEGS; -@@ -696,7 +706,11 @@ static long __apm_bios_call_simple(void *_call) +@@ -695,7 +705,11 @@ static long __apm_bios_call_simple(void *_call) &call->eax); APM_DO_RESTORE_SEGS; apm_irq_restore(flags); @@ -17051,7 +18361,7 @@ index 66b5faf..3442423 100644 put_cpu(); return error; } -@@ -2363,12 +2377,15 @@ static int __init apm_init(void) +@@ -2362,12 +2376,15 @@ static int __init apm_init(void) * code to that CPU. */ gdt = get_cpu_gdt_table(0); @@ -17108,10 +18418,10 @@ index 2861082..6d4718e 100644 BLANK(); OFFSET(XEN_vcpu_info_mask, vcpu_info, evtchn_upcall_mask); diff --git a/arch/x86/kernel/asm-offsets_64.c b/arch/x86/kernel/asm-offsets_64.c -index 1b4754f..fbb4227 100644 +index e7c798b..2b2019b 100644 --- a/arch/x86/kernel/asm-offsets_64.c +++ b/arch/x86/kernel/asm-offsets_64.c -@@ -76,6 +76,7 @@ int main(void) +@@ -77,6 +77,7 @@ int main(void) BLANK(); #undef ENTRY @@ -17120,7 +18430,7 @@ index 1b4754f..fbb4227 100644 BLANK(); diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile -index a0e067d..9c7db16 100644 +index b0684e4..22ccfd7 100644 --- a/arch/x86/kernel/cpu/Makefile +++ b/arch/x86/kernel/cpu/Makefile @@ -8,10 +8,6 @@ CFLAGS_REMOVE_common.o = -pg @@ -17133,12 +18443,12 @@ index a0e067d..9c7db16 100644 - obj-y := intel_cacheinfo.o scattered.o topology.o obj-y += proc.o capflags.o powerflags.o common.o - obj-y += vmware.o hypervisor.o mshyperv.o + obj-y += rdrand.o diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c -index fa96eb0..03efe73 100644 +index 5013a48..0782c53 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c -@@ -737,7 +737,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, +@@ -744,7 +744,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, unsigned int size) { /* AMD errata T13 (order #21922) */ @@ -17148,7 +18458,7 @@ index fa96eb0..03efe73 100644 if (c->x86_model == 3 && c->x86_mask == 0) size = 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index d814772..c615653 100644 +index 22018f7..df77e23 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -88,60 +88,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = { @@ -17212,7 +18522,65 @@ index d814772..c615653 100644 static int __init x86_xsave_setup(char *s) { setup_clear_cpu_cap(X86_FEATURE_XSAVE); -@@ -386,7 +332,7 @@ void switch_to_new_gdt(int cpu) +@@ -288,6 +234,57 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c) + set_in_cr4(X86_CR4_SMAP); + } + ++#ifdef CONFIG_X86_64 ++static __init int setup_disable_pcid(char *arg) ++{ ++ setup_clear_cpu_cap(X86_FEATURE_PCID); ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ if (clone_pgd_mask != ~(pgdval_t)0UL) ++ pax_user_shadow_base = 1UL << TASK_SIZE_MAX_SHIFT; ++#endif ++ ++ return 1; ++} ++__setup("nopcid", setup_disable_pcid); ++ ++static void setup_pcid(struct cpuinfo_x86 *c) ++{ ++ if (!cpu_has(c, X86_FEATURE_PCID)) { ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ if (clone_pgd_mask != ~(pgdval_t)0UL) { ++ pax_open_kernel(); ++ pax_user_shadow_base = 1UL << TASK_SIZE_MAX_SHIFT; ++ pax_close_kernel(); ++ printk("PAX: slow and weak UDEREF enabled\n"); ++ } else ++ printk("PAX: UDEREF disabled\n"); ++#endif ++ ++ return; ++ } ++ ++ printk("PAX: PCID detected\n"); ++ set_in_cr4(X86_CR4_PCIDE); ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ pax_open_kernel(); ++ clone_pgd_mask = ~(pgdval_t)0UL; ++ pax_close_kernel(); ++ if (pax_user_shadow_base) ++ printk("PAX: weak UDEREF enabled\n"); ++ else { ++ set_cpu_cap(c, X86_FEATURE_STRONGUDEREF); ++ printk("PAX: strong UDEREF enabled\n"); ++ } ++#endif ++ ++ if (cpu_has(c, X86_FEATURE_INVPCID)) ++ printk("PAX: INVPCID detected\n"); ++} ++#endif ++ + /* + * Some CPU features depend on higher CPUID levels, which may not always + * be available due to CPUID level capping or broken virtualization +@@ -386,7 +383,7 @@ void switch_to_new_gdt(int cpu) { struct desc_ptr gdt_descr; @@ -17221,7 +18589,18 @@ index d814772..c615653 100644 gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); /* Reload the per-cpu base */ -@@ -882,6 +828,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) +@@ -874,6 +871,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) + setup_smep(c); + setup_smap(c); + ++#ifdef CONFIG_X86_64 ++ setup_pcid(c); ++#endif ++ + /* + * The vendor-specific functions might have changed features. + * Now we do "generic changes." +@@ -882,6 +883,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) /* Filter out anything that depends on CPUID levels we don't have */ filter_cpuid_features(c, true); @@ -17232,7 +18611,7 @@ index d814772..c615653 100644 /* If the model name is still unset, do table lookup. */ if (!c->x86_model_id[0]) { const char *p; -@@ -1065,10 +1015,12 @@ static __init int setup_disablecpuid(char *arg) +@@ -1069,10 +1074,12 @@ static __init int setup_disablecpuid(char *arg) } __setup("clearcpuid=", setup_disablecpuid); @@ -17247,7 +18626,7 @@ index d814772..c615653 100644 DEFINE_PER_CPU_FIRST(union irq_stack_union, irq_stack_union) __aligned(PAGE_SIZE); -@@ -1082,7 +1034,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = +@@ -1086,7 +1093,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = EXPORT_PER_CPU_SYMBOL(current_task); DEFINE_PER_CPU(unsigned long, kernel_stack) = @@ -17256,7 +18635,7 @@ index d814772..c615653 100644 EXPORT_PER_CPU_SYMBOL(kernel_stack); DEFINE_PER_CPU(char *, irq_stack_ptr) = -@@ -1227,7 +1179,7 @@ void __cpuinit cpu_init(void) +@@ -1231,7 +1238,7 @@ void __cpuinit cpu_init(void) load_ucode_ap(); cpu = stack_smp_processor_id(); @@ -17265,7 +18644,7 @@ index d814772..c615653 100644 oist = &per_cpu(orig_ist, cpu); #ifdef CONFIG_NUMA -@@ -1253,7 +1205,7 @@ void __cpuinit cpu_init(void) +@@ -1257,7 +1264,7 @@ void __cpuinit cpu_init(void) switch_to_new_gdt(cpu); loadsegment(fs, 0); @@ -17274,7 +18653,7 @@ index d814772..c615653 100644 memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8); syscall_init(); -@@ -1262,7 +1214,6 @@ void __cpuinit cpu_init(void) +@@ -1266,7 +1273,6 @@ void __cpuinit cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); @@ -17282,7 +18661,7 @@ index d814772..c615653 100644 enable_x2apic(); /* -@@ -1314,7 +1265,7 @@ void __cpuinit cpu_init(void) +@@ -1318,7 +1324,7 @@ void __cpuinit cpu_init(void) { int cpu = smp_processor_id(); struct task_struct *curr = current; @@ -17291,19 +18670,6 @@ index d814772..c615653 100644 struct thread_struct *thread = &curr->thread; show_ucode_info_early(); -diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c -index 1905ce9..a7ac587 100644 ---- a/arch/x86/kernel/cpu/intel.c -+++ b/arch/x86/kernel/cpu/intel.c -@@ -173,7 +173,7 @@ static void __cpuinit trap_init_f00f_bug(void) - * Update the IDT descriptor and reload the IDT so that - * it uses the read-only mapped virtual address. - */ -- idt_descr.address = fix_to_virt(FIX_F00F_IDT); -+ idt_descr.address = (struct desc_struct *)fix_to_virt(FIX_F00F_IDT); - load_idt(&idt_descr); - } - #endif diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c index 7c6f7d5..8cac382 100644 --- a/arch/x86/kernel/cpu/intel_cacheinfo.c @@ -17405,7 +18771,7 @@ index 7c6f7d5..8cac382 100644 }; diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c -index 7bc1263..ce2cbfb 100644 +index 9239504..b2471ce 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -45,6 +45,7 @@ @@ -17456,6 +18822,15 @@ index 7bc1263..ce2cbfb 100644 return; } /* First print corrected ones that are still unlogged */ +@@ -353,7 +354,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) + if (!fake_panic) { + if (panic_timeout == 0) + panic_timeout = mca_cfg.panic_timeout; +- panic(msg); ++ panic("%s", msg); + } else + pr_emerg(HW_ERR "Fake kernel panic: %s\n", msg); + } @@ -683,7 +684,7 @@ static int mce_timed_out(u64 *t) * might have been modified by someone else. */ @@ -17605,7 +18980,7 @@ index e9a701a..35317d6 100644 wmb(); diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c -index 726bf96..81f0526 100644 +index ca22b73..9987afe 100644 --- a/arch/x86/kernel/cpu/mtrr/main.c +++ b/arch/x86/kernel/cpu/mtrr/main.c @@ -62,7 +62,7 @@ static DEFINE_MUTEX(mtrr_mutex); @@ -17631,10 +19006,10 @@ index df5e41f..816c719 100644 extern int generic_get_free_region(unsigned long base, unsigned long size, int replace_reg); diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c -index bf0f01a..9adfee1 100644 +index 1025f3c..824f677 100644 --- a/arch/x86/kernel/cpu/perf_event.c +++ b/arch/x86/kernel/cpu/perf_event.c -@@ -1305,7 +1305,7 @@ static void __init pmu_check_apic(void) +@@ -1311,7 +1311,7 @@ static void __init pmu_check_apic(void) pr_info("no hardware sampling interrupt available.\n"); } @@ -17643,7 +19018,7 @@ index bf0f01a..9adfee1 100644 .name = "format", .attrs = NULL, }; -@@ -1374,7 +1374,7 @@ static struct attribute *events_attr[] = { +@@ -1410,7 +1410,7 @@ static struct attribute *events_attr[] = { NULL, }; @@ -17652,7 +19027,7 @@ index bf0f01a..9adfee1 100644 .name = "events", .attrs = events_attr, }; -@@ -1873,7 +1873,7 @@ static unsigned long get_segment_base(unsigned int segment) +@@ -1920,7 +1920,7 @@ static unsigned long get_segment_base(unsigned int segment) if (idx > GDT_ENTRIES) return 0; @@ -17661,7 +19036,7 @@ index bf0f01a..9adfee1 100644 } return get_desc_base(desc + idx); -@@ -1963,7 +1963,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) +@@ -2010,7 +2010,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) break; perf_callchain_store(entry, frame.return_address); @@ -17671,10 +19046,10 @@ index bf0f01a..9adfee1 100644 } diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c -index 4a0a462..be3b204 100644 +index a9e2207..d70c83a 100644 --- a/arch/x86/kernel/cpu/perf_event_intel.c +++ b/arch/x86/kernel/cpu/perf_event_intel.c -@@ -1994,10 +1994,10 @@ __init int intel_pmu_init(void) +@@ -2022,10 +2022,10 @@ __init int intel_pmu_init(void) * v2 and above have a perf capabilities MSR */ if (version > 1) { @@ -17689,10 +19064,10 @@ index 4a0a462..be3b204 100644 intel_ds_init(); diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.c b/arch/x86/kernel/cpu/perf_event_intel_uncore.c -index 3e091f0..d2dc8d6 100644 +index 8aac56b..588fb13 100644 --- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c +++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c -@@ -2428,7 +2428,7 @@ static void __init uncore_types_exit(struct intel_uncore_type **types) +@@ -3093,7 +3093,7 @@ static void __init uncore_types_exit(struct intel_uncore_type **types) static int __init uncore_type_init(struct intel_uncore_type *type) { struct intel_uncore_pmu *pmus; @@ -17701,7 +19076,7 @@ index 3e091f0..d2dc8d6 100644 struct attribute **attrs; int i, j; -@@ -2826,7 +2826,7 @@ static int +@@ -3518,7 +3518,7 @@ static int return NOTIFY_OK; } @@ -17711,10 +19086,10 @@ index 3e091f0..d2dc8d6 100644 /* * to migrate uncore events, our notifier should be executed diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.h b/arch/x86/kernel/cpu/perf_event_intel_uncore.h -index e68a455..975a932 100644 +index f952891..4722ad4 100644 --- a/arch/x86/kernel/cpu/perf_event_intel_uncore.h +++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.h -@@ -428,7 +428,7 @@ struct intel_uncore_box { +@@ -488,7 +488,7 @@ struct intel_uncore_box { struct uncore_event_desc { struct kobj_attribute attr; const char *config; @@ -17766,7 +19141,7 @@ index afa64ad..dce67dd 100644 return -EFAULT; } diff --git a/arch/x86/kernel/doublefault_32.c b/arch/x86/kernel/doublefault_32.c -index 37250fe..bf2ec74 100644 +index 155a13f..1672b9b 100644 --- a/arch/x86/kernel/doublefault_32.c +++ b/arch/x86/kernel/doublefault_32.c @@ -11,7 +11,7 @@ @@ -17781,7 +19156,7 @@ index 37250fe..bf2ec74 100644 @@ -21,7 +21,7 @@ static void doublefault_fn(void) unsigned long gdt, tss; - store_gdt(&gdt_desc); + native_store_gdt(&gdt_desc); - gdt = gdt_desc.address; + gdt = (unsigned long)gdt_desc.address; @@ -17801,7 +19176,7 @@ index 37250fe..bf2ec74 100644 .__cr3 = __pa_nodebug(swapper_pg_dir), diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c -index c8797d5..c605e53 100644 +index deb6421..76bbc12 100644 --- a/arch/x86/kernel/dumpstack.c +++ b/arch/x86/kernel/dumpstack.c @@ -2,6 +2,9 @@ @@ -17906,16 +19281,16 @@ index c8797d5..c605e53 100644 } return (unsigned long)frame; -@@ -189,7 +188,7 @@ void dump_stack(void) +@@ -150,7 +149,7 @@ static int print_trace_stack(void *data, char *name) + static void print_trace_address(void *data, unsigned long addr, int reliable) + { + touch_nmi_watchdog(); +- printk(data); ++ printk("%s", (char *)data); + printk_address(addr, reliable); + } - bp = stack_frame(current, NULL); - printk("Pid: %d, comm: %.20s %s %s %.*s\n", -- current->pid, current->comm, print_tainted(), -+ task_pid_nr(current), current->comm, print_tainted(), - init_utsname()->release, - (int)strcspn(init_utsname()->version, " "), - init_utsname()->version); -@@ -225,6 +224,8 @@ unsigned __kprobes long oops_begin(void) +@@ -219,6 +218,8 @@ unsigned __kprobes long oops_begin(void) } EXPORT_SYMBOL_GPL(oops_begin); @@ -17924,7 +19299,7 @@ index c8797d5..c605e53 100644 void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr) { if (regs && kexec_should_crash(current)) -@@ -246,7 +247,10 @@ void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr) +@@ -240,7 +241,10 @@ void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr) panic("Fatal exception in interrupt"); if (panic_on_oops) panic("Fatal exception"); @@ -17936,7 +19311,7 @@ index c8797d5..c605e53 100644 } int __kprobes __die(const char *str, struct pt_regs *regs, long err) -@@ -274,7 +278,7 @@ int __kprobes __die(const char *str, struct pt_regs *regs, long err) +@@ -268,7 +272,7 @@ int __kprobes __die(const char *str, struct pt_regs *regs, long err) print_modules(); show_regs(regs); #ifdef CONFIG_X86_32 @@ -17945,7 +19320,7 @@ index c8797d5..c605e53 100644 sp = regs->sp; ss = regs->ss & 0xffff; } else { -@@ -302,7 +306,7 @@ void die(const char *str, struct pt_regs *regs, long err) +@@ -296,7 +300,7 @@ void die(const char *str, struct pt_regs *regs, long err) unsigned long flags = oops_begin(); int sig = SIGSEGV; @@ -17955,7 +19330,7 @@ index c8797d5..c605e53 100644 if (__die(str, regs, err)) diff --git a/arch/x86/kernel/dumpstack_32.c b/arch/x86/kernel/dumpstack_32.c -index 1038a41..db2c12b 100644 +index f2a1770..540657f 100644 --- a/arch/x86/kernel/dumpstack_32.c +++ b/arch/x86/kernel/dumpstack_32.c @@ -38,15 +38,13 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, @@ -17978,16 +19353,14 @@ index 1038a41..db2c12b 100644 if (ops->stack(data, "IRQ") < 0) break; touch_nmi_watchdog(); -@@ -86,7 +84,7 @@ void show_regs(struct pt_regs *regs) - { +@@ -87,27 +85,28 @@ void show_regs(struct pt_regs *regs) int i; + show_regs_print_info(KERN_EMERG); - __show_regs(regs, !user_mode_vm(regs)); + __show_regs(regs, !user_mode(regs)); - pr_emerg("Process %.*s (pid: %d, ti=%p task=%p task.ti=%p)\n", - TASK_COMM_LEN, current->comm, task_pid_nr(current), -@@ -95,21 +93,22 @@ void show_regs(struct pt_regs *regs) + /* * When in-kernel, we also print out the stack and code at the * time of the fault.. */ @@ -18013,7 +19386,7 @@ index 1038a41..db2c12b 100644 code_len = code_len - code_prologue + 1; } for (i = 0; i < code_len; i++, ip++) { -@@ -118,7 +117,7 @@ void show_regs(struct pt_regs *regs) +@@ -116,7 +115,7 @@ void show_regs(struct pt_regs *regs) pr_cont(" Bad EIP value."); break; } @@ -18022,7 +19395,7 @@ index 1038a41..db2c12b 100644 pr_cont(" <%02x>", c); else pr_cont(" %02x", c); -@@ -131,6 +130,7 @@ int is_valid_bugaddr(unsigned long ip) +@@ -129,6 +128,7 @@ int is_valid_bugaddr(unsigned long ip) { unsigned short ud2; @@ -18030,7 +19403,7 @@ index 1038a41..db2c12b 100644 if (ip < PAGE_OFFSET) return 0; if (probe_kernel_address((unsigned short *)ip, ud2)) -@@ -138,3 +138,15 @@ int is_valid_bugaddr(unsigned long ip) +@@ -136,3 +136,15 @@ int is_valid_bugaddr(unsigned long ip) return ud2 == 0x0b0f; } @@ -18047,7 +19420,7 @@ index 1038a41..db2c12b 100644 +EXPORT_SYMBOL(pax_check_alloca); +#endif diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c -index b653675..51cc8c0 100644 +index addb207..99635fa 100644 --- a/arch/x86/kernel/dumpstack_64.c +++ b/arch/x86/kernel/dumpstack_64.c @@ -119,9 +119,9 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, @@ -18111,16 +19484,7 @@ index b653675..51cc8c0 100644 put_cpu(); } EXPORT_SYMBOL(dump_trace); -@@ -249,7 +253,7 @@ void show_regs(struct pt_regs *regs) - { - int i; - unsigned long sp; -- const int cpu = smp_processor_id(); -+ const int cpu = raw_smp_processor_id(); - struct task_struct *cur = current; - - sp = regs->sp; -@@ -304,3 +308,50 @@ int is_valid_bugaddr(unsigned long ip) +@@ -300,3 +304,50 @@ int is_valid_bugaddr(unsigned long ip) return ud2 == 0x0b0f; } @@ -18171,8 +19535,23 @@ index b653675..51cc8c0 100644 +} +EXPORT_SYMBOL(pax_check_alloca); +#endif +diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c +index d32abea..74daf4f 100644 +--- a/arch/x86/kernel/e820.c ++++ b/arch/x86/kernel/e820.c +@@ -800,8 +800,8 @@ unsigned long __init e820_end_of_low_ram_pfn(void) + + static void early_panic(char *msg) + { +- early_printk(msg); +- panic(msg); ++ early_printk("%s", msg); ++ panic("%s", msg); + } + + static int userdef __initdata; diff --git a/arch/x86/kernel/early_printk.c b/arch/x86/kernel/early_printk.c -index 9b9f18b..9fcaa04 100644 +index d15f575..d692043 100644 --- a/arch/x86/kernel/early_printk.c +++ b/arch/x86/kernel/early_printk.c @@ -7,6 +7,7 @@ @@ -18184,7 +19563,7 @@ index 9b9f18b..9fcaa04 100644 #include #include diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index 8f3e2de..934870f 100644 +index 8f3e2de..6b71e39 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S @@ -177,13 +177,153 @@ @@ -18282,11 +19661,11 @@ index 8f3e2de..934870f 100644 +ENDPROC(pax_exit_kernel) +#endif + -+.macro pax_erase_kstack ++ .macro pax_erase_kstack +#ifdef CONFIG_PAX_MEMORY_STACKLEAK + call pax_erase_kstack +#endif -+.endm ++ .endm + +#ifdef CONFIG_PAX_MEMORY_STACKLEAK +/* @@ -18694,6 +20073,15 @@ index 8f3e2de..934870f 100644 ENTRY(simd_coprocessor_error) RING0_INT_FRAME +@@ -826,7 +1065,7 @@ ENTRY(simd_coprocessor_error) + .section .altinstructions,"a" + altinstruction_entry 661b, 663f, X86_FEATURE_XMM, 662b-661b, 664f-663f + .previous +-.section .altinstr_replacement,"ax" ++.section .altinstr_replacement,"a" + 663: pushl $do_simd_coprocessor_error + 664: + .previous @@ -835,7 +1074,7 @@ ENTRY(simd_coprocessor_error) #endif jmp error_code @@ -18944,7 +20332,7 @@ index 8f3e2de..934870f 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index c1d01e6..5625dce 100644 +index 7272089..0b74104 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -59,6 +59,8 @@ @@ -19031,7 +20419,7 @@ index c1d01e6..5625dce 100644 #endif -@@ -284,6 +293,282 @@ ENTRY(native_usergs_sysret64) +@@ -284,6 +293,430 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ @@ -19051,18 +20439,19 @@ index c1d01e6..5625dce 100644 + + .macro pax_enter_kernel + pax_set_fptr_mask -+#ifdef CONFIG_PAX_KERNEXEC ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) + call pax_enter_kernel +#endif + .endm + + .macro pax_exit_kernel -+#ifdef CONFIG_PAX_KERNEXEC ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) + call pax_exit_kernel +#endif ++ + .endm + -+#ifdef CONFIG_PAX_KERNEXEC ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) +ENTRY(pax_enter_kernel) + pushq %rdi + @@ -19070,6 +20459,7 @@ index c1d01e6..5625dce 100644 + PV_SAVE_REGS(CLBR_RDI) +#endif + ++#ifdef CONFIG_PAX_KERNEXEC + GET_CR0_INTO_RDI + bts $16,%rdi + jnc 3f @@ -19077,6 +20467,32 @@ index c1d01e6..5625dce 100644 + cmp $__KERNEL_CS,%edi + jnz 2f +1: ++#endif ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ 661: jmp 111f ++ .pushsection .altinstr_replacement, "a" ++ 662: ASM_NOP2 ++ .popsection ++ .pushsection .altinstructions, "a" ++ altinstruction_entry 661b, 662b, X86_FEATURE_PCID, 2, 2 ++ .popsection ++ GET_CR3_INTO_RDI ++ cmp $0,%dil ++ jnz 112f ++ mov $__KERNEL_DS,%edi ++ mov %edi,%ss ++ jmp 111f ++112: cmp $1,%dil ++ jz 113f ++ ud2 ++113: sub $4097,%rdi ++ bts $63,%rdi ++ SET_RDI_INTO_CR3 ++ mov $__UDEREF_KERNEL_DS,%edi ++ mov %edi,%ss ++111: ++#endif + +#ifdef CONFIG_PARAVIRT + PV_RESTORE_REGS(CLBR_RDI) @@ -19086,10 +20502,12 @@ index c1d01e6..5625dce 100644 + pax_force_retaddr + retq + ++#ifdef CONFIG_PAX_KERNEXEC +2: ljmpq __KERNEL_CS,1b +3: ljmpq __KERNEXEC_KERNEL_CS,4f +4: SET_RDI_INTO_CR0 + jmp 1b ++#endif +ENDPROC(pax_enter_kernel) + +ENTRY(pax_exit_kernel) @@ -19099,6 +20517,7 @@ index c1d01e6..5625dce 100644 + PV_SAVE_REGS(CLBR_RDI) +#endif + ++#ifdef CONFIG_PAX_KERNEXEC + mov %cs,%rdi + cmp $__KERNEXEC_KERNEL_CS,%edi + jz 2f @@ -19106,6 +20525,30 @@ index c1d01e6..5625dce 100644 + bts $16,%rdi + jnc 4f +1: ++#endif ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ 661: jmp 111f ++ .pushsection .altinstr_replacement, "a" ++ 662: ASM_NOP2 ++ .popsection ++ .pushsection .altinstructions, "a" ++ altinstruction_entry 661b, 662b, X86_FEATURE_PCID, 2, 2 ++ .popsection ++ mov %ss,%edi ++ cmp $__UDEREF_KERNEL_DS,%edi ++ jnz 111f ++ GET_CR3_INTO_RDI ++ cmp $0,%dil ++ jz 112f ++ ud2 ++112: add $4097,%rdi ++ bts $63,%rdi ++ SET_RDI_INTO_CR3 ++ mov $__KERNEL_DS,%edi ++ mov %edi,%ss ++111: ++#endif + +#ifdef CONFIG_PARAVIRT + PV_RESTORE_REGS(CLBR_RDI); @@ -19115,6 +20558,7 @@ index c1d01e6..5625dce 100644 + pax_force_retaddr + retq + ++#ifdef CONFIG_PAX_KERNEXEC +2: GET_CR0_INTO_RDI + btr $16,%rdi + jnc 4f @@ -19123,6 +20567,7 @@ index c1d01e6..5625dce 100644 + jmp 1b +4: ud2 + jmp 4b ++#endif +ENDPROC(pax_exit_kernel) +#endif + @@ -19139,7 +20584,9 @@ index c1d01e6..5625dce 100644 +#endif +#ifdef CONFIG_PAX_RANDKSTACK + pushq %rax ++ pushq %r11 + call pax_randomize_kstack ++ popq %r11 + popq %rax +#endif + .endm @@ -19153,15 +20600,31 @@ index c1d01e6..5625dce 100644 + PV_SAVE_REGS(CLBR_RDI) +#endif + ++ 661: jmp 111f ++ .pushsection .altinstr_replacement, "a" ++ 662: ASM_NOP2 ++ .popsection ++ .pushsection .altinstructions, "a" ++ altinstruction_entry 661b, 662b, X86_FEATURE_PCID, 2, 2 ++ .popsection ++ GET_CR3_INTO_RDI ++ cmp $1,%dil ++ jnz 4f ++ sub $4097,%rdi ++ bts $63,%rdi ++ SET_RDI_INTO_CR3 ++ jmp 3f ++111: ++ + GET_CR3_INTO_RDI + mov %rdi,%rbx + add $__START_KERNEL_map,%rbx + sub phys_base(%rip),%rbx + +#ifdef CONFIG_PARAVIRT -+ pushq %rdi + cmpl $0, pv_info+PARAVIRT_enabled + jz 1f ++ pushq %rdi + i = 0 + .rept USER_PGD_PTRS + mov i*8(%rbx),%rsi @@ -19170,6 +20633,7 @@ index c1d01e6..5625dce 100644 + call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd_batched) + i = i + 1 + .endr ++ popq %rdi + jmp 2f +1: +#endif @@ -19180,10 +20644,7 @@ index c1d01e6..5625dce 100644 + i = i + 1 + .endr + -+#ifdef CONFIG_PARAVIRT -+2: popq %rdi -+#endif -+ SET_RDI_INTO_CR3 ++2: SET_RDI_INTO_CR3 + +#ifdef CONFIG_PAX_KERNEXEC + GET_CR0_INTO_RDI @@ -19191,6 +20652,8 @@ index c1d01e6..5625dce 100644 + SET_RDI_INTO_CR0 +#endif + ++3: ++ +#ifdef CONFIG_PARAVIRT + PV_RESTORE_REGS(CLBR_RDI) +#endif @@ -19199,16 +20662,35 @@ index c1d01e6..5625dce 100644 + popq %rdi + pax_force_retaddr + retq ++4: ud2 +ENDPROC(pax_enter_kernel_user) + +ENTRY(pax_exit_kernel_user) -+ push %rdi ++ pushq %rdi ++ pushq %rbx + +#ifdef CONFIG_PARAVIRT -+ pushq %rbx + PV_SAVE_REGS(CLBR_RDI) +#endif + ++ GET_CR3_INTO_RDI ++ 661: jmp 1f ++ .pushsection .altinstr_replacement, "a" ++ 662: ASM_NOP2 ++ .popsection ++ .pushsection .altinstructions, "a" ++ altinstruction_entry 661b, 662b, X86_FEATURE_PCID, 2, 2 ++ .popsection ++ cmp $0,%dil ++ jnz 3f ++ add $4097,%rdi ++ bts $63,%rdi ++ SET_RDI_INTO_CR3 ++ jmp 2f ++1: ++ ++ mov %rdi,%rbx ++ +#ifdef CONFIG_PAX_KERNEXEC + GET_CR0_INTO_RDI + btr $16,%rdi @@ -19216,14 +20698,12 @@ index c1d01e6..5625dce 100644 + SET_RDI_INTO_CR0 +#endif + -+ GET_CR3_INTO_RDI -+ add $__START_KERNEL_map,%rdi -+ sub phys_base(%rip),%rdi ++ add $__START_KERNEL_map,%rbx ++ sub phys_base(%rip),%rbx + +#ifdef CONFIG_PARAVIRT + cmpl $0, pv_info+PARAVIRT_enabled + jz 1f -+ mov %rdi,%rbx + i = 0 + .rept USER_PGD_PTRS + mov i*8(%rbx),%rsi @@ -19238,28 +20718,84 @@ index c1d01e6..5625dce 100644 + + i = 0 + .rept USER_PGD_PTRS -+ movb $0x67,i*8(%rdi) ++ movb $0x67,i*8(%rbx) + i = i + 1 + .endr ++2: + +#ifdef CONFIG_PARAVIRT -+2: PV_RESTORE_REGS(CLBR_RDI) -+ popq %rbx ++ PV_RESTORE_REGS(CLBR_RDI) +#endif + ++ popq %rbx + popq %rdi + pax_force_retaddr + retq +3: ud2 -+ jmp 3b +ENDPROC(pax_exit_kernel_user) +#endif + -+.macro pax_erase_kstack ++ .macro pax_enter_kernel_nmi ++ pax_set_fptr_mask ++ ++#ifdef CONFIG_PAX_KERNEXEC ++ GET_CR0_INTO_RDI ++ bts $16,%rdi ++ jc 110f ++ SET_RDI_INTO_CR0 ++ or $2,%ebx ++110: ++#endif ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ 661: jmp 111f ++ .pushsection .altinstr_replacement, "a" ++ 662: ASM_NOP2 ++ .popsection ++ .pushsection .altinstructions, "a" ++ altinstruction_entry 661b, 662b, X86_FEATURE_PCID, 2, 2 ++ .popsection ++ GET_CR3_INTO_RDI ++ cmp $0,%dil ++ jz 111f ++ sub $4097,%rdi ++ or $4,%ebx ++ bts $63,%rdi ++ SET_RDI_INTO_CR3 ++ mov $__UDEREF_KERNEL_DS,%edi ++ mov %edi,%ss ++111: ++#endif ++ .endm ++ ++ .macro pax_exit_kernel_nmi ++#ifdef CONFIG_PAX_KERNEXEC ++ btr $1,%ebx ++ jnc 110f ++ GET_CR0_INTO_RDI ++ btr $16,%rdi ++ SET_RDI_INTO_CR0 ++110: ++#endif ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ btr $2,%ebx ++ jnc 111f ++ GET_CR3_INTO_RDI ++ add $4097,%rdi ++ bts $63,%rdi ++ SET_RDI_INTO_CR3 ++ mov $__KERNEL_DS,%edi ++ mov %edi,%ss ++111: ++#endif ++ .endm ++ ++ .macro pax_erase_kstack +#ifdef CONFIG_PAX_MEMORY_STACKLEAK + call pax_erase_kstack +#endif -+.endm ++ .endm + +#ifdef CONFIG_PAX_MEMORY_STACKLEAK +ENTRY(pax_erase_kstack) @@ -19314,7 +20850,7 @@ index c1d01e6..5625dce 100644 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -375,8 +660,8 @@ ENDPROC(native_usergs_sysret64) +@@ -375,8 +808,8 @@ ENDPROC(native_usergs_sysret64) .endm .macro UNFAKE_STACK_FRAME @@ -19325,7 +20861,7 @@ index c1d01e6..5625dce 100644 .endm /* -@@ -463,7 +748,7 @@ ENDPROC(native_usergs_sysret64) +@@ -463,7 +896,7 @@ ENDPROC(native_usergs_sysret64) movq %rsp, %rsi leaq -RBP(%rsp),%rdi /* arg1 for handler */ @@ -19334,7 +20870,7 @@ index c1d01e6..5625dce 100644 je 1f SWAPGS /* -@@ -498,9 +783,10 @@ ENTRY(save_rest) +@@ -498,9 +931,10 @@ ENTRY(save_rest) movq_cfi r15, R15+16 movq %r11, 8(%rsp) /* return address */ FIXUP_TOP_OF_STACK %r11, 16 @@ -19346,7 +20882,7 @@ index c1d01e6..5625dce 100644 /* save complete stack frame */ .pushsection .kprobes.text, "ax" -@@ -529,9 +815,10 @@ ENTRY(save_paranoid) +@@ -529,9 +963,10 @@ ENTRY(save_paranoid) js 1f /* negative -> in kernel */ SWAPGS xorl %ebx,%ebx @@ -19359,7 +20895,7 @@ index c1d01e6..5625dce 100644 .popsection /* -@@ -553,7 +840,7 @@ ENTRY(ret_from_fork) +@@ -553,7 +988,7 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -19368,7 +20904,7 @@ index c1d01e6..5625dce 100644 jz 1f testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -571,7 +858,7 @@ ENTRY(ret_from_fork) +@@ -571,7 +1006,7 @@ ENTRY(ret_from_fork) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -19377,7 +20913,7 @@ index c1d01e6..5625dce 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -608,7 +895,7 @@ END(ret_from_fork) +@@ -608,7 +1043,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -19386,7 +20922,7 @@ index c1d01e6..5625dce 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -621,16 +908,23 @@ GLOBAL(system_call_after_swapgs) +@@ -621,16 +1056,23 @@ GLOBAL(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -19412,7 +20948,7 @@ index c1d01e6..5625dce 100644 jnz tracesys system_call_fastpath: #if __SYSCALL_MASK == ~0 -@@ -640,7 +934,7 @@ system_call_fastpath: +@@ -640,7 +1082,7 @@ system_call_fastpath: cmpl $__NR_syscall_max,%eax #endif ja badsys @@ -19421,7 +20957,7 @@ index c1d01e6..5625dce 100644 call *sys_call_table(,%rax,8) # XXX: rip relative movq %rax,RAX-ARGOFFSET(%rsp) /* -@@ -654,10 +948,13 @@ sysret_check: +@@ -654,10 +1096,13 @@ sysret_check: LOCKDEP_SYS_EXIT DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -19436,7 +20972,7 @@ index c1d01e6..5625dce 100644 /* * sysretq will re-enable interrupts: */ -@@ -709,14 +1006,18 @@ badsys: +@@ -709,14 +1154,18 @@ badsys: * jump back to the normal fast path. */ auditsys: @@ -19456,7 +20992,7 @@ index c1d01e6..5625dce 100644 jmp system_call_fastpath /* -@@ -737,7 +1038,7 @@ sysret_audit: +@@ -737,7 +1186,7 @@ sysret_audit: /* Do syscall tracing */ tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -19465,7 +21001,7 @@ index c1d01e6..5625dce 100644 jz auditsys #endif SAVE_REST -@@ -745,12 +1046,16 @@ tracesys: +@@ -745,12 +1194,16 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -19482,7 +21018,7 @@ index c1d01e6..5625dce 100644 RESTORE_REST #if __SYSCALL_MASK == ~0 cmpq $__NR_syscall_max,%rax -@@ -759,7 +1064,7 @@ tracesys: +@@ -759,7 +1212,7 @@ tracesys: cmpl $__NR_syscall_max,%eax #endif ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */ @@ -19491,7 +21027,7 @@ index c1d01e6..5625dce 100644 call *sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) /* Use IRET because user could have changed frame */ -@@ -780,7 +1085,9 @@ GLOBAL(int_with_check) +@@ -780,7 +1233,9 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -19502,7 +21038,7 @@ index c1d01e6..5625dce 100644 /* Either reschedule or signal or syscall exit tracking needed. */ /* First do a reschedule test. */ -@@ -826,7 +1133,7 @@ int_restore_rest: +@@ -826,7 +1281,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -19511,7 +21047,7 @@ index c1d01e6..5625dce 100644 .macro FORK_LIKE func ENTRY(stub_\func) -@@ -839,9 +1146,10 @@ ENTRY(stub_\func) +@@ -839,9 +1294,10 @@ ENTRY(stub_\func) DEFAULT_FRAME 0 8 /* offset 8: return address */ call sys_\func RESTORE_TOP_OF_STACK %r11, 8 @@ -19523,7 +21059,7 @@ index c1d01e6..5625dce 100644 .endm .macro FIXED_FRAME label,func -@@ -851,9 +1159,10 @@ ENTRY(\label) +@@ -851,9 +1307,10 @@ ENTRY(\label) FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET call \func RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET @@ -19535,7 +21071,7 @@ index c1d01e6..5625dce 100644 .endm FORK_LIKE clone -@@ -870,9 +1179,10 @@ ENTRY(ptregscall_common) +@@ -870,9 +1327,10 @@ ENTRY(ptregscall_common) movq_cfi_restore R12+8, r12 movq_cfi_restore RBP+8, rbp movq_cfi_restore RBX+8, rbx @@ -19547,7 +21083,7 @@ index c1d01e6..5625dce 100644 ENTRY(stub_execve) CFI_STARTPROC -@@ -885,7 +1195,7 @@ ENTRY(stub_execve) +@@ -885,7 +1343,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -19556,7 +21092,7 @@ index c1d01e6..5625dce 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -902,7 +1212,7 @@ ENTRY(stub_rt_sigreturn) +@@ -902,7 +1360,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -19565,7 +21101,7 @@ index c1d01e6..5625dce 100644 #ifdef CONFIG_X86_X32_ABI ENTRY(stub_x32_rt_sigreturn) -@@ -916,7 +1226,7 @@ ENTRY(stub_x32_rt_sigreturn) +@@ -916,7 +1374,7 @@ ENTRY(stub_x32_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -19574,7 +21110,7 @@ index c1d01e6..5625dce 100644 ENTRY(stub_x32_execve) CFI_STARTPROC -@@ -930,7 +1240,7 @@ ENTRY(stub_x32_execve) +@@ -930,7 +1388,7 @@ ENTRY(stub_x32_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -19583,7 +21119,7 @@ index c1d01e6..5625dce 100644 #endif -@@ -967,7 +1277,7 @@ vector=vector+1 +@@ -967,7 +1425,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -19592,7 +21128,7 @@ index c1d01e6..5625dce 100644 .previous END(interrupt) -@@ -987,6 +1297,16 @@ END(interrupt) +@@ -987,6 +1445,16 @@ END(interrupt) subq $ORIG_RAX-RBP, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP SAVE_ARGS_IRQ @@ -19609,7 +21145,7 @@ index c1d01e6..5625dce 100644 call \func .endm -@@ -1019,7 +1339,7 @@ ret_from_intr: +@@ -1019,7 +1487,7 @@ ret_from_intr: exit_intr: GET_THREAD_INFO(%rcx) @@ -19618,7 +21154,7 @@ index c1d01e6..5625dce 100644 je retint_kernel /* Interrupt came from user space */ -@@ -1041,12 +1361,16 @@ retint_swapgs: /* return to user-space */ +@@ -1041,12 +1509,16 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -19635,7 +21171,7 @@ index c1d01e6..5625dce 100644 /* * The iretq could re-enable interrupts: */ -@@ -1129,7 +1453,7 @@ ENTRY(retint_kernel) +@@ -1129,7 +1601,7 @@ ENTRY(retint_kernel) #endif CFI_ENDPROC @@ -19644,7 +21180,7 @@ index c1d01e6..5625dce 100644 /* * End of kprobes section */ -@@ -1147,7 +1471,7 @@ ENTRY(\sym) +@@ -1147,7 +1619,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -19653,7 +21189,7 @@ index c1d01e6..5625dce 100644 .endm #ifdef CONFIG_SMP -@@ -1203,12 +1527,22 @@ ENTRY(\sym) +@@ -1208,12 +1680,22 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -19677,7 +21213,7 @@ index c1d01e6..5625dce 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1221,15 +1555,25 @@ ENTRY(\sym) +@@ -1226,15 +1708,25 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -19705,7 +21241,7 @@ index c1d01e6..5625dce 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1240,14 +1584,30 @@ ENTRY(\sym) +@@ -1245,14 +1737,30 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF_DEBUG @@ -19737,7 +21273,7 @@ index c1d01e6..5625dce 100644 .endm .macro errorentry sym do_sym -@@ -1259,13 +1619,23 @@ ENTRY(\sym) +@@ -1264,13 +1772,23 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -19762,7 +21298,7 @@ index c1d01e6..5625dce 100644 .endm /* error code is on the stack already */ -@@ -1279,13 +1649,23 @@ ENTRY(\sym) +@@ -1284,13 +1802,23 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -19787,7 +21323,7 @@ index c1d01e6..5625dce 100644 .endm zeroentry divide_error do_divide_error -@@ -1315,9 +1695,10 @@ gs_change: +@@ -1320,9 +1848,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -19799,7 +21335,7 @@ index c1d01e6..5625dce 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1345,9 +1726,10 @@ ENTRY(call_softirq) +@@ -1350,9 +1879,10 @@ ENTRY(call_softirq) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -19811,7 +21347,7 @@ index c1d01e6..5625dce 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1385,7 +1767,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1390,7 +1920,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -19820,7 +21356,7 @@ index c1d01e6..5625dce 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1444,7 +1826,7 @@ ENTRY(xen_failsafe_callback) +@@ -1449,7 +1979,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -19829,9 +21365,12 @@ index c1d01e6..5625dce 100644 apicinterrupt HYPERVISOR_CALLBACK_VECTOR \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1498,16 +1880,31 @@ ENTRY(paranoid_exit) +@@ -1501,18 +2031,33 @@ ENTRY(paranoid_exit) + DEFAULT_FRAME + DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF_DEBUG - testl %ebx,%ebx /* swapgs needed? */ +- testl %ebx,%ebx /* swapgs needed? */ ++ testl $1,%ebx /* swapgs needed? */ jnz paranoid_restore - testl $3,CS(%rsp) + testb $3,CS(%rsp) @@ -19862,7 +21401,7 @@ index c1d01e6..5625dce 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1536,7 +1933,7 @@ paranoid_schedule: +@@ -1541,7 +2086,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -19871,7 +21410,7 @@ index c1d01e6..5625dce 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1563,12 +1960,13 @@ ENTRY(error_entry) +@@ -1568,12 +2113,13 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -19886,7 +21425,7 @@ index c1d01e6..5625dce 100644 ret /* -@@ -1595,7 +1993,7 @@ bstep_iret: +@@ -1600,7 +2146,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -19895,7 +21434,16 @@ index c1d01e6..5625dce 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1615,7 +2013,7 @@ ENTRY(error_exit) +@@ -1611,7 +2157,7 @@ ENTRY(error_exit) + DISABLE_INTERRUPTS(CLBR_NONE) + TRACE_IRQS_OFF + GET_THREAD_INFO(%rcx) +- testl %eax,%eax ++ testl $1,%eax + jne retint_kernel + LOCKDEP_SYS_EXIT_IRQ + movl TI_flags(%rcx),%edx +@@ -1620,7 +2166,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -19904,7 +21452,7 @@ index c1d01e6..5625dce 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1673,9 +2071,11 @@ ENTRY(nmi) +@@ -1678,9 +2224,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -19917,7 +21465,7 @@ index c1d01e6..5625dce 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1709,8 +2109,7 @@ nested_nmi: +@@ -1714,8 +2262,7 @@ nested_nmi: 1: /* Set up the interrupted NMIs stack to jump to repeat_nmi */ @@ -19927,51 +21475,40 @@ index c1d01e6..5625dce 100644 CFI_ADJUST_CFA_OFFSET 1*8 leaq -10*8(%rsp), %rdx pushq_cfi $__KERNEL_DS -@@ -1728,6 +2127,7 @@ nested_nmi_out: +@@ -1733,6 +2280,7 @@ nested_nmi_out: CFI_RESTORE rdx /* No need to check faults here */ -+ pax_force_retaddr_bts ++# pax_force_retaddr_bts INTERRUPT_RETURN CFI_RESTORE_STATE -@@ -1844,6 +2244,17 @@ end_repeat_nmi: +@@ -1849,6 +2397,8 @@ end_repeat_nmi: */ movq %cr2, %r12 -+#ifdef CONFIG_PAX_MEMORY_UDEREF -+ testb $3, CS(%rsp) -+ jnz 1f -+ pax_enter_kernel -+ jmp 2f -+1: pax_enter_kernel_user -+2: -+#else -+ pax_enter_kernel -+#endif ++ pax_enter_kernel_nmi + /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1859,23 +2270,34 @@ end_repeat_nmi: - testl %ebx,%ebx /* swapgs needed? */ +@@ -1861,26 +2411,31 @@ end_repeat_nmi: + movq %r12, %cr2 + 1: + +- testl %ebx,%ebx /* swapgs needed? */ ++ testl $1,%ebx /* swapgs needed? */ jnz nmi_restore nmi_swapgs: -+#ifdef CONFIG_PAX_MEMORY_UDEREF -+ pax_exit_kernel_user -+#else -+ pax_exit_kernel -+#endif SWAPGS_UNSAFE_STACK -+ RESTORE_ALL 6*8 -+ /* Clear the NMI executing stack variable */ -+ movq $0, 5*8(%rsp) -+ jmp irq_return nmi_restore: -+ pax_exit_kernel ++ pax_exit_kernel_nmi /* Pop the extra iret frame at once */ RESTORE_ALL 6*8 ++ testb $3, 8(%rsp) ++ jnz 1f + pax_force_retaddr_bts ++1: /* Clear the NMI executing stack variable */ movq $0, 5*8(%rsp) @@ -20058,9 +21595,50 @@ index 42a392a..fbbd930 100644 return -EFAULT; diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c -index 8f3201d..aa860bf 100644 +index 55b6761..a6456fc 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c +@@ -67,12 +67,12 @@ again: + pgd = *pgd_p; + + /* +- * The use of __START_KERNEL_map rather than __PAGE_OFFSET here is +- * critical -- __PAGE_OFFSET would point us back into the dynamic ++ * The use of __early_va rather than __va here is critical: ++ * __va would point us back into the dynamic + * range and we might end up looping forever... + */ + if (pgd) +- pud_p = (pudval_t *)((pgd & PTE_PFN_MASK) + __START_KERNEL_map - phys_base); ++ pud_p = (pudval_t *)(__early_va(pgd & PTE_PFN_MASK)); + else { + if (next_early_pgt >= EARLY_DYNAMIC_PAGE_TABLES) { + reset_early_page_tables(); +@@ -82,13 +82,13 @@ again: + pud_p = (pudval_t *)early_dynamic_pgts[next_early_pgt++]; + for (i = 0; i < PTRS_PER_PUD; i++) + pud_p[i] = 0; +- *pgd_p = (pgdval_t)pud_p - __START_KERNEL_map + phys_base + _KERNPG_TABLE; ++ *pgd_p = (pgdval_t)__pa(pud_p) + _KERNPG_TABLE; + } + pud_p += pud_index(address); + pud = *pud_p; + + if (pud) +- pmd_p = (pmdval_t *)((pud & PTE_PFN_MASK) + __START_KERNEL_map - phys_base); ++ pmd_p = (pmdval_t *)(__early_va(pud & PTE_PFN_MASK)); + else { + if (next_early_pgt >= EARLY_DYNAMIC_PAGE_TABLES) { + reset_early_page_tables(); +@@ -98,7 +98,7 @@ again: + pmd_p = (pmdval_t *)early_dynamic_pgts[next_early_pgt++]; + for (i = 0; i < PTRS_PER_PMD; i++) + pmd_p[i] = 0; +- *pud_p = (pudval_t)pmd_p - __START_KERNEL_map + phys_base + _KERNPG_TABLE; ++ *pud_p = (pudval_t)__pa(pmd_p) + _KERNPG_TABLE; + } + pmd = (physaddr & PMD_MASK) + early_pmd_flags; + pmd_p[pmd_index(address)] = pmd; @@ -175,7 +175,6 @@ void __init x86_64_start_kernel(char * real_mode_data) if (console_loglevel == 10) early_printk("Kernel alive\n"); @@ -20070,7 +21648,7 @@ index 8f3201d..aa860bf 100644 init_level4_pgt[511] = early_level4_pgt[511]; diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S -index 73afd11..d1670f5 100644 +index 73afd11..0ef46f2 100644 --- a/arch/x86/kernel/head_32.S +++ b/arch/x86/kernel/head_32.S @@ -26,6 +26,12 @@ @@ -20391,7 +21969,7 @@ index 73afd11..d1670f5 100644 + +#ifdef CONFIG_PAX_PER_CPU_PGD +ENTRY(cpu_pgd) -+ .rept NR_CPUS ++ .rept 2*NR_CPUS + .fill 4,8,0 + .endr +#endif @@ -20502,7 +22080,7 @@ index 73afd11..d1670f5 100644 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 + .endr diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S -index 321d65e..e9437f7 100644 +index a836860..1b5c665 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -20,6 +20,8 @@ @@ -20527,23 +22105,34 @@ index 321d65e..e9437f7 100644 .text __HEAD -@@ -89,11 +97,15 @@ startup_64: +@@ -89,11 +97,23 @@ startup_64: * Fixup the physical addresses in the page table */ addq %rbp, early_level4_pgt + (L4_START_KERNEL*8)(%rip) ++ addq %rbp, init_level4_pgt + (L4_PAGE_OFFSET*8)(%rip) + addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8)(%rip) + addq %rbp, init_level4_pgt + (L4_VMALLOC_END*8)(%rip) + addq %rbp, init_level4_pgt + (L4_VMEMMAP_START*8)(%rip) ++ addq %rbp, init_level4_pgt + (L4_START_KERNEL*8)(%rip) - addq %rbp, level3_kernel_pgt + (510*8)(%rip) - addq %rbp, level3_kernel_pgt + (511*8)(%rip) +- addq %rbp, level3_kernel_pgt + (510*8)(%rip) +- addq %rbp, level3_kernel_pgt + (511*8)(%rip) ++ addq %rbp, level3_ident_pgt + (0*8)(%rip) ++#ifndef CONFIG_XEN ++ addq %rbp, level3_ident_pgt + (1*8)(%rip) ++#endif - addq %rbp, level2_fixmap_pgt + (506*8)(%rip) +- addq %rbp, level2_fixmap_pgt + (506*8)(%rip) ++ addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip) ++ ++ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip) ++ addq %rbp, level3_kernel_pgt + ((L3_START_KERNEL+1)*8)(%rip) ++ + addq %rbp, level2_fixmap_pgt + (507*8)(%rip) /* * Set up the identity mapping for the switchover. These -@@ -177,8 +189,8 @@ ENTRY(secondary_startup_64) +@@ -177,8 +197,8 @@ ENTRY(secondary_startup_64) movq $(init_level4_pgt - __START_KERNEL_map), %rax 1: @@ -20554,7 +22143,7 @@ index 321d65e..e9437f7 100644 movq %rcx, %cr4 /* Setup early boot stage 4 level pagetables. */ -@@ -199,10 +211,18 @@ ENTRY(secondary_startup_64) +@@ -199,10 +219,18 @@ ENTRY(secondary_startup_64) movl $MSR_EFER, %ecx rdmsr btsl $_EFER_SCE, %eax /* Enable System Call */ @@ -20574,7 +22163,7 @@ index 321d65e..e9437f7 100644 1: wrmsr /* Make changes effective */ /* Setup cr0 */ -@@ -282,6 +302,7 @@ ENTRY(secondary_startup_64) +@@ -282,6 +310,7 @@ ENTRY(secondary_startup_64) * REX.W + FF /5 JMP m16:64 Jump far, absolute indirect, * address given in m16:64. */ @@ -20582,7 +22171,7 @@ index 321d65e..e9437f7 100644 movq initial_code(%rip),%rax pushq $0 # fake return address to stop unwinder pushq $__KERNEL_CS # set correct cs -@@ -388,7 +409,7 @@ ENTRY(early_idt_handler) +@@ -388,7 +417,7 @@ ENTRY(early_idt_handler) call dump_stack #ifdef CONFIG_KALLSYMS leaq early_idt_ripmsg(%rip),%rdi @@ -20591,7 +22180,7 @@ index 321d65e..e9437f7 100644 call __print_symbol #endif #endif /* EARLY_PRINTK */ -@@ -416,6 +437,7 @@ ENDPROC(early_idt_handler) +@@ -416,6 +445,7 @@ ENDPROC(early_idt_handler) early_recursion_flag: .long 0 @@ -20599,9 +22188,12 @@ index 321d65e..e9437f7 100644 #ifdef CONFIG_EARLY_PRINTK early_idt_msg: .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n" -@@ -445,27 +467,50 @@ NEXT_PAGE(early_dynamic_pgts) +@@ -443,29 +473,52 @@ NEXT_PAGE(early_level4_pgt) + NEXT_PAGE(early_dynamic_pgts) + .fill 512*EARLY_DYNAMIC_PAGE_TABLES,8,0 - .data +- .data ++ .section .rodata,"a",@progbits -#ifndef CONFIG_XEN NEXT_PAGE(init_level4_pgt) @@ -20623,7 +22215,7 @@ index 321d65e..e9437f7 100644 +#ifdef CONFIG_PAX_PER_CPU_PGD +NEXT_PAGE(cpu_pgd) -+ .rept NR_CPUS ++ .rept 2*NR_CPUS + .fill 512,8,0 + .endr +#endif @@ -20658,7 +22250,7 @@ index 321d65e..e9437f7 100644 NEXT_PAGE(level3_kernel_pgt) .fill L3_START_KERNEL,8,0 -@@ -473,6 +518,9 @@ NEXT_PAGE(level3_kernel_pgt) +@@ -473,6 +526,9 @@ NEXT_PAGE(level3_kernel_pgt) .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE @@ -20668,7 +22260,7 @@ index 321d65e..e9437f7 100644 NEXT_PAGE(level2_kernel_pgt) /* * 512 MB kernel mapping. We spend a full page on this pagetable -@@ -488,38 +536,64 @@ NEXT_PAGE(level2_kernel_pgt) +@@ -488,39 +544,70 @@ NEXT_PAGE(level2_kernel_pgt) KERNEL_IMAGE_SIZE/PMD_SIZE) NEXT_PAGE(level2_fixmap_pgt) @@ -20711,6 +22303,12 @@ index 321d65e..e9437f7 100644 + .quad 0x0000f40000000000 /* node/CPU stored in limit */ + /* asm/segment.h:GDT_ENTRIES must match this */ + ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ .quad 0x00cf93000000ffff /* __UDEREF_KERNEL_DS */ ++#else ++ .quad 0x0 /* unused */ ++#endif ++ + /* zero the remaining page */ + .fill PAGE_SIZE / 8 - GDT_ENTRIES,8,0 + .endr @@ -20732,7 +22330,10 @@ index 321d65e..e9437f7 100644 - .section .bss, "aw", @nobits + + .section .rodata,"a",@progbits - .align L1_CACHE_BYTES ++NEXT_PAGE(empty_zero_page) ++ .skip PAGE_SIZE ++ + .align PAGE_SIZE ENTRY(idt_table) - .skip IDT_ENTRIES * 16 + .fill 512,8,0 @@ -20740,12 +22341,13 @@ index 321d65e..e9437f7 100644 .align L1_CACHE_BYTES ENTRY(nmi_idt_table) - .skip IDT_ENTRIES * 16 +- +- __PAGE_ALIGNED_BSS +-NEXT_PAGE(empty_zero_page) +- .skip PAGE_SIZE + .fill 512,8,0 - - __PAGE_ALIGNED_BSS - NEXT_PAGE(empty_zero_page) diff --git a/arch/x86/kernel/i386_ksyms_32.c b/arch/x86/kernel/i386_ksyms_32.c -index 0fa6912..37fce70 100644 +index 0fa6912..b37438b 100644 --- a/arch/x86/kernel/i386_ksyms_32.c +++ b/arch/x86/kernel/i386_ksyms_32.c @@ -20,8 +20,12 @@ extern void cmpxchg8b_emu(void); @@ -20761,7 +22363,7 @@ index 0fa6912..37fce70 100644 EXPORT_SYMBOL(__get_user_1); EXPORT_SYMBOL(__get_user_2); -@@ -37,3 +41,7 @@ EXPORT_SYMBOL(strstr); +@@ -37,3 +41,11 @@ EXPORT_SYMBOL(strstr); EXPORT_SYMBOL(csum_partial); EXPORT_SYMBOL(empty_zero_page); @@ -20769,8 +22371,12 @@ index 0fa6912..37fce70 100644 +#ifdef CONFIG_PAX_KERNEXEC +EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR); +#endif ++ ++#ifdef CONFIG_PAX_PER_CPU_PGD ++EXPORT_SYMBOL(cpu_pgd); ++#endif diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c -index cb33909..1163b40 100644 +index f7ea30d..6318acc 100644 --- a/arch/x86/kernel/i387.c +++ b/arch/x86/kernel/i387.c @@ -51,7 +51,7 @@ static inline bool interrupted_kernel_fpu_idle(void) @@ -20884,7 +22490,7 @@ index 4ddaf66..6292f4e 100644 return -EPERM; } diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c -index 84b7789..e65e8be 100644 +index ac0631d..ff7cb62 100644 --- a/arch/x86/kernel/irq.c +++ b/arch/x86/kernel/irq.c @@ -18,7 +18,7 @@ @@ -21187,7 +22793,7 @@ index 836f832..a8bda67 100644 } diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c -index 7bfe318..383d238 100644 +index 211bce4..6e2580a 100644 --- a/arch/x86/kernel/kprobes/core.c +++ b/arch/x86/kernel/kprobes/core.c @@ -119,9 +119,12 @@ static void __kprobes __synthesize_relative_insn(void *from, void *to, u8 op) @@ -21235,9 +22841,9 @@ index 7bfe318..383d238 100644 #ifdef CONFIG_X86_64 if (insn_rip_relative(&insn)) { -@@ -355,7 +360,9 @@ int __kprobes __copy_instruction(u8 *dest, u8 *src) - newdisp = (u8 *) src + (s64) insn.displacement.value - (u8 *) dest; - BUG_ON((s64) (s32) newdisp != newdisp); /* Sanity check. */ +@@ -359,7 +364,9 @@ int __kprobes __copy_instruction(u8 *dest, u8 *src) + return 0; + } disp = (u8 *) dest + insn_offset_displacement(&insn); + pax_open_kernel(); *(s32 *) disp = (s32) newdisp; @@ -21245,7 +22851,7 @@ index 7bfe318..383d238 100644 } #endif return insn.length; -@@ -488,7 +495,7 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k +@@ -498,7 +505,7 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k * nor set current_kprobe, because it doesn't use single * stepping. */ @@ -21254,7 +22860,7 @@ index 7bfe318..383d238 100644 preempt_enable_no_resched(); return; } -@@ -505,9 +512,9 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k +@@ -515,9 +522,9 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k regs->flags &= ~X86_EFLAGS_IF; /* single step inline if the instruction is an int3 */ if (p->opcode == BREAKPOINT_INSTRUCTION) @@ -21266,7 +22872,7 @@ index 7bfe318..383d238 100644 } /* -@@ -586,7 +593,7 @@ static int __kprobes kprobe_handler(struct pt_regs *regs) +@@ -596,7 +603,7 @@ static int __kprobes kprobe_handler(struct pt_regs *regs) setup_singlestep(p, regs, kcb, 0); return 1; } @@ -21275,7 +22881,7 @@ index 7bfe318..383d238 100644 /* * The breakpoint instruction was removed right * after we hit it. Another cpu has removed -@@ -632,6 +639,9 @@ static void __used __kprobes kretprobe_trampoline_holder(void) +@@ -642,6 +649,9 @@ static void __used __kprobes kretprobe_trampoline_holder(void) " movq %rax, 152(%rsp)\n" RESTORE_REGS_STRING " popfq\n" @@ -21285,7 +22891,7 @@ index 7bfe318..383d238 100644 #else " pushf\n" SAVE_REGS_STRING -@@ -769,7 +779,7 @@ static void __kprobes +@@ -779,7 +789,7 @@ static void __kprobes resume_execution(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *kcb) { unsigned long *tos = stack_addr(regs); @@ -21294,7 +22900,7 @@ index 7bfe318..383d238 100644 unsigned long orig_ip = (unsigned long)p->addr; kprobe_opcode_t *insn = p->ainsn.insn; -@@ -951,7 +961,7 @@ kprobe_exceptions_notify(struct notifier_block *self, unsigned long val, void *d +@@ -961,7 +971,7 @@ kprobe_exceptions_notify(struct notifier_block *self, unsigned long val, void *d struct die_args *args = data; int ret = NOTIFY_DONE; @@ -21373,10 +22979,10 @@ index 76dc6f0..66bdfc3 100644 reset_current_kprobe(); preempt_enable_no_resched(); diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c -index b686a90..60d36fb 100644 +index cd6d9a5..16245a4 100644 --- a/arch/x86/kernel/kvm.c +++ b/arch/x86/kernel/kvm.c -@@ -453,7 +453,7 @@ static int __cpuinit kvm_cpu_notify(struct notifier_block *self, +@@ -455,7 +455,7 @@ static int __cpuinit kvm_cpu_notify(struct notifier_block *self, return NOTIFY_OK; } @@ -21755,7 +23361,7 @@ index 676b8c7..870ba04 100644 .spin_is_locked = __ticket_spin_is_locked, .spin_is_contended = __ticket_spin_is_contended, diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c -index 8bfb335..c1463c6 100644 +index cd6de64..27c6af0 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -55,6 +55,9 @@ u64 _paravirt_ident_64(u64 x) @@ -21838,7 +23444,7 @@ index 8bfb335..c1463c6 100644 .cpuid = native_cpuid, .get_debugreg = native_get_debugreg, .set_debugreg = native_set_debugreg, -@@ -395,21 +402,26 @@ struct pv_cpu_ops pv_cpu_ops = { +@@ -394,21 +401,26 @@ struct pv_cpu_ops pv_cpu_ops = { .end_context_switch = paravirt_nop, }; @@ -21868,7 +23474,7 @@ index 8bfb335..c1463c6 100644 .read_cr2 = native_read_cr2, .write_cr2 = native_write_cr2, -@@ -459,6 +471,7 @@ struct pv_mmu_ops pv_mmu_ops = { +@@ -458,6 +470,7 @@ struct pv_mmu_ops pv_mmu_ops = { .make_pud = PTE_IDENT, .set_pgd = native_set_pgd, @@ -21876,7 +23482,7 @@ index 8bfb335..c1463c6 100644 #endif #endif /* PAGETABLE_LEVELS >= 3 */ -@@ -479,6 +492,12 @@ struct pv_mmu_ops pv_mmu_ops = { +@@ -478,6 +491,12 @@ struct pv_mmu_ops pv_mmu_ops = { }, .set_fixmap = native_set_fixmap, @@ -21929,7 +23535,7 @@ index 6c483ba..d10ce2f 100644 static struct dma_map_ops swiotlb_dma_ops = { diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c -index 14ae100..752a4f6 100644 +index 81a5f5e..20f8b58 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -36,7 +36,8 @@ @@ -21960,16 +23566,7 @@ index 14ae100..752a4f6 100644 t->io_bitmap_ptr = NULL; clear_thread_flag(TIF_IO_BITMAP); -@@ -136,7 +137,7 @@ void show_regs_common(void) - board = dmi_get_system_info(DMI_BOARD_NAME); - - printk(KERN_DEFAULT "Pid: %d, comm: %.20s %s %s %.*s %s %s%s%s\n", -- current->pid, current->comm, print_tainted(), -+ task_pid_nr(current), current->comm, print_tainted(), - init_utsname()->release, - (int)strcspn(init_utsname()->version, " "), - init_utsname()->version, -@@ -149,6 +150,9 @@ void flush_thread(void) +@@ -125,6 +126,9 @@ void flush_thread(void) { struct task_struct *tsk = current; @@ -21979,7 +23576,7 @@ index 14ae100..752a4f6 100644 flush_ptrace_hw_breakpoint(tsk); memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array)); drop_init_fpu(tsk); -@@ -295,7 +299,7 @@ static void __exit_idle(void) +@@ -271,7 +275,7 @@ static void __exit_idle(void) void exit_idle(void) { /* idle loop has pid 0 */ @@ -21988,7 +23585,7 @@ index 14ae100..752a4f6 100644 return; __exit_idle(); } -@@ -398,7 +402,7 @@ bool xen_set_default_idle(void) +@@ -327,7 +331,7 @@ bool xen_set_default_idle(void) return ret; } #endif @@ -21997,7 +23594,7 @@ index 14ae100..752a4f6 100644 { local_irq_disable(); /* -@@ -544,16 +548,37 @@ static int __init idle_setup(char *str) +@@ -456,16 +460,37 @@ static int __init idle_setup(char *str) } early_param("idle", idle_setup); @@ -22046,7 +23643,7 @@ index 14ae100..752a4f6 100644 +} +#endif diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c -index b5a8905..d9cacac 100644 +index 7305f7d..22f73d6 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c @@ -65,6 +65,7 @@ asmlinkage void ret_from_kernel_thread(void) __asm__("ret_from_kernel_thread"); @@ -22057,7 +23654,7 @@ index b5a8905..d9cacac 100644 } void __show_regs(struct pt_regs *regs, int all) -@@ -74,21 +75,20 @@ void __show_regs(struct pt_regs *regs, int all) +@@ -74,19 +75,18 @@ void __show_regs(struct pt_regs *regs, int all) unsigned long sp; unsigned short ss, gs; @@ -22073,8 +23670,6 @@ index b5a8905..d9cacac 100644 } + gs = get_user_gs(regs); - show_regs_common(); - printk(KERN_DEFAULT "EIP: %04x:[<%08lx>] EFLAGS: %08lx CPU: %d\n", (u16)regs->cs, regs->ip, regs->flags, - smp_processor_id()); @@ -22082,7 +23677,7 @@ index b5a8905..d9cacac 100644 print_symbol("EIP is at %s\n", regs->ip); printk(KERN_DEFAULT "EAX: %08lx EBX: %08lx ECX: %08lx EDX: %08lx\n", -@@ -130,20 +130,21 @@ void release_thread(struct task_struct *dead_task) +@@ -128,20 +128,21 @@ void release_thread(struct task_struct *dead_task) int copy_thread(unsigned long clone_flags, unsigned long sp, unsigned long arg, struct task_struct *p) { @@ -22108,7 +23703,7 @@ index b5a8905..d9cacac 100644 childregs->fs = __KERNEL_PERCPU; childregs->bx = sp; /* function */ childregs->bp = arg; -@@ -250,7 +251,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -248,7 +249,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) struct thread_struct *prev = &prev_p->thread, *next = &next_p->thread; int cpu = smp_processor_id(); @@ -22117,7 +23712,7 @@ index b5a8905..d9cacac 100644 fpu_switch_t fpu; /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */ -@@ -274,6 +275,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -272,6 +273,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) */ lazy_save_gs(prev->gs); @@ -22128,7 +23723,7 @@ index b5a8905..d9cacac 100644 /* * Load the per-thread Thread-Local Storage descriptor. */ -@@ -304,6 +309,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -302,6 +307,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) */ arch_end_context_switch(next_p); @@ -22138,7 +23733,7 @@ index b5a8905..d9cacac 100644 /* * Restore %gs if needed (which is common) */ -@@ -312,8 +320,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -310,8 +318,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) switch_fpu_finish(next_p, fpu); @@ -22147,16 +23742,16 @@ index b5a8905..d9cacac 100644 return prev_p; } -@@ -343,4 +349,3 @@ unsigned long get_wchan(struct task_struct *p) +@@ -341,4 +347,3 @@ unsigned long get_wchan(struct task_struct *p) } while (count++ < 16); return 0; } - diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c -index 0f49677..fcbf88c 100644 +index 355ae06..560fbbe 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c -@@ -152,10 +152,11 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +@@ -151,10 +151,11 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, struct pt_regs *childregs; struct task_struct *me = current; @@ -22169,7 +23764,16 @@ index 0f49677..fcbf88c 100644 set_tsk_thread_flag(p, TIF_FORK); p->fpu_counter = 0; p->thread.io_bitmap_ptr = NULL; -@@ -274,7 +275,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -165,6 +166,8 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, + p->thread.fs = p->thread.fsindex ? 0 : me->thread.fs; + savesegment(es, p->thread.es); + savesegment(ds, p->thread.ds); ++ savesegment(ss, p->thread.ss); ++ BUG_ON(p->thread.ss == __UDEREF_KERNEL_DS); + memset(p->thread.ptrace_bps, 0, sizeof(p->thread.ptrace_bps)); + + if (unlikely(p->flags & PF_KTHREAD)) { +@@ -273,7 +276,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) struct thread_struct *prev = &prev_p->thread; struct thread_struct *next = &next_p->thread; int cpu = smp_processor_id(); @@ -22178,7 +23782,17 @@ index 0f49677..fcbf88c 100644 unsigned fsindex, gsindex; fpu_switch_t fpu; -@@ -356,10 +357,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -296,6 +299,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) + if (unlikely(next->ds | prev->ds)) + loadsegment(ds, next->ds); + ++ savesegment(ss, prev->ss); ++ if (unlikely(next->ss != prev->ss)) ++ loadsegment(ss, next->ss); + + /* We must save %fs and %gs before load_TLS() because + * %fs and %gs may be cleared by load_TLS(). +@@ -355,10 +361,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) prev->usersp = this_cpu_read(old_rsp); this_cpu_write(old_rsp, next->usersp); this_cpu_write(current_task, next_p); @@ -22191,7 +23805,7 @@ index 0f49677..fcbf88c 100644 /* * Now maybe reload the debug registers and handle I/O bitmaps -@@ -428,12 +428,11 @@ unsigned long get_wchan(struct task_struct *p) +@@ -427,12 +432,11 @@ unsigned long get_wchan(struct task_struct *p) if (!p || p == current || p->state == TASK_RUNNING) return 0; stack = (unsigned long)task_stack_page(p); @@ -22478,8 +24092,21 @@ index 76fa1e9..abf09ea 100644 .power_off = native_machine_power_off, .shutdown = native_machine_shutdown, .emergency_restart = native_machine_emergency_restart, +diff --git a/arch/x86/kernel/reboot_fixups_32.c b/arch/x86/kernel/reboot_fixups_32.c +index c8e41e9..64049ef 100644 +--- a/arch/x86/kernel/reboot_fixups_32.c ++++ b/arch/x86/kernel/reboot_fixups_32.c +@@ -57,7 +57,7 @@ struct device_fixup { + unsigned int vendor; + unsigned int device; + void (*reboot_fixup)(struct pci_dev *); +-}; ++} __do_const; + + /* + * PCI ids solely used for fixups_table go here diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S -index 7a6f3b3..bed145d7 100644 +index f2bb9c9..bed145d7 100644 --- a/arch/x86/kernel/relocate_kernel_64.S +++ b/arch/x86/kernel/relocate_kernel_64.S @@ -11,6 +11,7 @@ @@ -22490,15 +24117,7 @@ index 7a6f3b3..bed145d7 100644 /* * Must be relocatable PIC code callable as a C function -@@ -160,13 +161,14 @@ identity_mapped: - xorq %rbp, %rbp - xorq %r8, %r8 - xorq %r9, %r9 -- xorq %r10, %r9 -+ xorq %r10, %r10 - xorq %r11, %r11 - xorq %r12, %r12 - xorq %r13, %r13 +@@ -167,6 +168,7 @@ identity_mapped: xorq %r14, %r14 xorq %r15, %r15 @@ -22507,10 +24126,10 @@ index 7a6f3b3..bed145d7 100644 1: diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index fae9134..f8e4a47 100644 +index 56f7fcf..2cfe4f1 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -111,6 +111,7 @@ +@@ -110,6 +110,7 @@ #include #include #include @@ -22518,7 +24137,61 @@ index fae9134..f8e4a47 100644 /* * max_low_pfn_mapped: highest direct mapped pfn under 4GB -@@ -447,7 +448,7 @@ static void __init parse_setup_data(void) +@@ -205,12 +206,50 @@ EXPORT_SYMBOL(boot_cpu_data); + #endif + + +-#if !defined(CONFIG_X86_PAE) || defined(CONFIG_X86_64) +-unsigned long mmu_cr4_features; ++#ifdef CONFIG_X86_64 ++unsigned long mmu_cr4_features __read_only = X86_CR4_PSE | X86_CR4_PAE | X86_CR4_PGE; ++#elif defined(CONFIG_X86_PAE) ++unsigned long mmu_cr4_features __read_only = X86_CR4_PAE; + #else +-unsigned long mmu_cr4_features = X86_CR4_PAE; ++unsigned long mmu_cr4_features __read_only; + #endif + ++void set_in_cr4(unsigned long mask) ++{ ++ unsigned long cr4 = read_cr4(); ++ ++ if ((cr4 & mask) == mask && cr4 == mmu_cr4_features) ++ return; ++ ++ pax_open_kernel(); ++ mmu_cr4_features |= mask; ++ pax_close_kernel(); ++ ++ if (trampoline_cr4_features) ++ *trampoline_cr4_features = mmu_cr4_features; ++ cr4 |= mask; ++ write_cr4(cr4); ++} ++EXPORT_SYMBOL(set_in_cr4); ++ ++void clear_in_cr4(unsigned long mask) ++{ ++ unsigned long cr4 = read_cr4(); ++ ++ if (!(cr4 & mask) && cr4 == mmu_cr4_features) ++ return; ++ ++ pax_open_kernel(); ++ mmu_cr4_features &= ~mask; ++ pax_close_kernel(); ++ ++ if (trampoline_cr4_features) ++ *trampoline_cr4_features = mmu_cr4_features; ++ cr4 &= ~mask; ++ write_cr4(cr4); ++} ++EXPORT_SYMBOL(clear_in_cr4); ++ + /* Boot loader ID and version as integers, for the benefit of proc_dointvec */ + int bootloader_type, bootloader_version; + +@@ -444,7 +483,7 @@ static void __init parse_setup_data(void) switch (data->type) { case SETUP_E820_EXT: @@ -22527,7 +24200,7 @@ index fae9134..f8e4a47 100644 break; case SETUP_DTB: add_dtb(pa_data); -@@ -774,7 +775,7 @@ static void __init trim_bios_range(void) +@@ -771,7 +810,7 @@ static void __init trim_bios_range(void) * area (640->1Mb) as ram even though it is not. * take them out. */ @@ -22536,7 +24209,7 @@ index fae9134..f8e4a47 100644 sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map); } -@@ -782,7 +783,7 @@ static void __init trim_bios_range(void) +@@ -779,7 +818,7 @@ static void __init trim_bios_range(void) /* called before trim_bios_range() to spare extra sanitize */ static void __init e820_add_kernel_range(void) { @@ -22545,12 +24218,12 @@ index fae9134..f8e4a47 100644 u64 size = __pa_symbol(_end) - start; /* -@@ -844,8 +845,12 @@ static void __init trim_low_memory_range(void) +@@ -841,8 +880,12 @@ static void __init trim_low_memory_range(void) void __init setup_arch(char **cmdline_p) { +#ifdef CONFIG_X86_32 -+ memblock_reserve(LOAD_PHYSICAL_ADDR, __pa_symbol(__bss_stop) - ____LOAD_PHYSICAL_ADDR); ++ memblock_reserve(LOAD_PHYSICAL_ADDR, __pa_symbol(__bss_stop) - LOAD_PHYSICAL_ADDR); +#else memblock_reserve(__pa_symbol(_text), (unsigned long)__bss_stop - (unsigned long)_text); @@ -22558,7 +24231,7 @@ index fae9134..f8e4a47 100644 early_reserve_initrd(); -@@ -937,14 +942,14 @@ void __init setup_arch(char **cmdline_p) +@@ -934,14 +977,14 @@ void __init setup_arch(char **cmdline_p) if (!boot_params.hdr.root_flags) root_mountflags &= ~MS_RDONLY; @@ -22655,7 +24328,7 @@ index 5cdff03..80fa283 100644 * Up to this point, the boot CPU has been using .init.data * area. Reload any changed state for the boot CPU. diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c -index 6956299..f20beae 100644 +index 6956299..18126ec4 100644 --- a/arch/x86/kernel/signal.c +++ b/arch/x86/kernel/signal.c @@ -196,7 +196,7 @@ static unsigned long align_sigframe(unsigned long sp) @@ -22688,8 +24361,12 @@ index 6956299..f20beae 100644 if (err) return -EFAULT; -@@ -367,7 +367,10 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig, - err |= __save_altstack(&frame->uc.uc_stack, regs->sp); +@@ -364,10 +364,13 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig, + else + put_user_ex(0, &frame->uc.uc_flags); + put_user_ex(0, &frame->uc.uc_link); +- err |= __save_altstack(&frame->uc.uc_stack, regs->sp); ++ __save_altstack_ex(&frame->uc.uc_stack, regs->sp); /* Set up to return from userspace. */ - restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn); @@ -22709,6 +24386,15 @@ index 6956299..f20beae 100644 } put_user_catch(err); err |= copy_siginfo_to_user(&frame->info, &ksig->info); +@@ -429,7 +432,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig, + else + put_user_ex(0, &frame->uc.uc_flags); + put_user_ex(0, &frame->uc.uc_link); +- err |= __save_altstack(&frame->uc.uc_stack, regs->sp); ++ __save_altstack_ex(&frame->uc.uc_stack, regs->sp); + + /* Set up to return from userspace. If provided, use a stub + already in userspace. */ @@ -615,7 +618,12 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs) { int usig = signr_convert(ksig->sig); @@ -22746,10 +24432,35 @@ index 48d2b7d..90d328a 100644 .smp_prepare_cpus = native_smp_prepare_cpus, .smp_cpus_done = native_smp_cpus_done, diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index 9f190a2..90a0688 100644 +index bfd348e..914f323 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c -@@ -748,6 +748,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -251,14 +251,18 @@ notrace static void __cpuinit start_secondary(void *unused) + + enable_start_cpu0 = 0; + +-#ifdef CONFIG_X86_32 +- /* switch away from the initial page table */ +- load_cr3(swapper_pg_dir); +- __flush_tlb_all(); +-#endif +- + /* otherwise gcc will move up smp_processor_id before the cpu_init */ + barrier(); ++ ++ /* switch away from the initial page table */ ++#ifdef CONFIG_PAX_PER_CPU_PGD ++ load_cr3(get_cpu_pgd(smp_processor_id(), kernel)); ++ __flush_tlb_all(); ++#elif defined(CONFIG_X86_32) ++ load_cr3(swapper_pg_dir); ++ __flush_tlb_all(); ++#endif ++ + /* + * Check TSC synchronization with the BP: + */ +@@ -748,6 +752,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) idle->thread.sp = (unsigned long) (((struct pt_regs *) (THREAD_SIZE + task_stack_page(idle))) - 1); per_cpu(current_task, cpu) = idle; @@ -22757,7 +24468,7 @@ index 9f190a2..90a0688 100644 #ifdef CONFIG_X86_32 /* Stack for startup_32 can be just as for start_secondary onwards */ -@@ -755,11 +756,13 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -755,11 +760,13 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) #else clear_tsk_thread_flag(idle, TIF_FORK); initial_gs = per_cpu_offset(cpu); @@ -22774,18 +24485,18 @@ index 9f190a2..90a0688 100644 initial_code = (unsigned long)start_secondary; stack_start = idle->thread.sp; -@@ -908,6 +911,15 @@ int __cpuinit native_cpu_up(unsigned int cpu, struct task_struct *tidle) +@@ -908,6 +915,15 @@ int __cpuinit native_cpu_up(unsigned int cpu, struct task_struct *tidle) /* the FPU context is blank, nobody can own it */ __cpu_disable_lazy_restore(cpu); +#ifdef CONFIG_PAX_PER_CPU_PGD -+ clone_pgd_range(get_cpu_pgd(cpu) + KERNEL_PGD_BOUNDARY, ++ clone_pgd_range(get_cpu_pgd(cpu, kernel) + KERNEL_PGD_BOUNDARY, ++ swapper_pg_dir + KERNEL_PGD_BOUNDARY, ++ KERNEL_PGD_PTRS); ++ clone_pgd_range(get_cpu_pgd(cpu, user) + KERNEL_PGD_BOUNDARY, + swapper_pg_dir + KERNEL_PGD_BOUNDARY, + KERNEL_PGD_PTRS); +#endif -+ -+ /* the FPU context is blank, nobody can own it */ -+ __cpu_disable_lazy_restore(cpu); + err = do_boot_cpu(apicid, cpu, tidle); if (err) { @@ -22829,10 +24540,10 @@ index 9b4d51d..5d28b58 100644 switch (opcode[i]) { diff --git a/arch/x86/kernel/sys_i386_32.c b/arch/x86/kernel/sys_i386_32.c new file mode 100644 -index 0000000..207bec6 +index 0000000..5877189 --- /dev/null +++ b/arch/x86/kernel/sys_i386_32.c -@@ -0,0 +1,250 @@ +@@ -0,0 +1,189 @@ +/* + * This file contains various random system calls that + * have a non-standard calling sequence on the Linux/i386 @@ -22853,6 +24564,7 @@ index 0000000..207bec6 +#include +#include +#include ++#include + +#include +#include @@ -22875,13 +24587,28 @@ index 0000000..207bec6 + return 0; +} + ++/* ++ * Align a virtual address to avoid aliasing in the I$ on AMD F15h. ++ */ ++static unsigned long get_align_mask(void) ++{ ++ if (va_align.flags < 0 || !(va_align.flags & ALIGN_VA_32)) ++ return 0; ++ ++ if (!(current->flags & PF_RANDOMIZE)) ++ return 0; ++ ++ return va_align.mask; ++} ++ +unsigned long +arch_get_unmapped_area(struct file *filp, unsigned long addr, + unsigned long len, unsigned long pgoff, unsigned long flags) +{ + struct mm_struct *mm = current->mm; + struct vm_area_struct *vma; -+ unsigned long start_addr, pax_task_size = TASK_SIZE; ++ unsigned long pax_task_size = TASK_SIZE; ++ struct vm_unmapped_area_info info; + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + +#ifdef CONFIG_PAX_SEGMEXEC @@ -22909,61 +24636,35 @@ index 0000000..207bec6 + return addr; + } + } -+ if (len > mm->cached_hole_size) { -+ start_addr = addr = mm->free_area_cache; -+ } else { -+ start_addr = addr = mm->mmap_base; -+ mm->cached_hole_size = 0; -+ } ++ ++ info.flags = 0; ++ info.length = len; ++ info.align_mask = filp ? get_align_mask() : 0; ++ info.align_offset = pgoff << PAGE_SHIFT; ++ info.threadstack_offset = offset; + +#ifdef CONFIG_PAX_PAGEEXEC -+ if (!(__supported_pte_mask & _PAGE_NX) && (mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE) && start_addr >= mm->mmap_base) { -+ start_addr = 0x00110000UL; ++ if (!(__supported_pte_mask & _PAGE_NX) && (mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE)) { ++ info.low_limit = 0x00110000UL; ++ info.high_limit = mm->start_code; + +#ifdef CONFIG_PAX_RANDMMAP + if (mm->pax_flags & MF_PAX_RANDMMAP) -+ start_addr += mm->delta_mmap & 0x03FFF000UL; ++ info.low_limit += mm->delta_mmap & 0x03FFF000UL; +#endif + -+ if (mm->start_brk <= start_addr && start_addr < mm->mmap_base) -+ start_addr = addr = mm->mmap_base; -+ else -+ addr = start_addr; -+ } ++ if (info.low_limit < info.high_limit) { ++ addr = vm_unmapped_area(&info); ++ if (!IS_ERR_VALUE(addr)) ++ return addr; ++ } ++ } else +#endif + -+full_search: -+ for (vma = find_vma(mm, addr); ; vma = vma->vm_next) { -+ /* At this point: (!vma || addr < vma->vm_end). */ -+ if (pax_task_size - len < addr) { -+ /* -+ * Start a new search - just in case we missed -+ * some holes. -+ */ -+ if (start_addr != mm->mmap_base) { -+ start_addr = addr = mm->mmap_base; -+ mm->cached_hole_size = 0; -+ goto full_search; -+ } -+ return -ENOMEM; -+ } -+ if (check_heap_stack_gap(vma, addr, len, offset)) -+ break; -+ if (addr + mm->cached_hole_size < vma->vm_start) -+ mm->cached_hole_size = vma->vm_start - addr; -+ addr = vma->vm_end; -+ if (mm->start_brk <= addr && addr < mm->mmap_base) { -+ start_addr = addr = mm->mmap_base; -+ mm->cached_hole_size = 0; -+ goto full_search; -+ } -+ } ++ info.low_limit = mm->mmap_base; ++ info.high_limit = pax_task_size; + -+ /* -+ * Remember the place where we stopped the search: -+ */ -+ mm->free_area_cache = addr + len; -+ return addr; ++ return vm_unmapped_area(&info); +} + +unsigned long @@ -22973,7 +24674,8 @@ index 0000000..207bec6 +{ + struct vm_area_struct *vma; + struct mm_struct *mm = current->mm; -+ unsigned long base = mm->mmap_base, addr = addr0, pax_task_size = TASK_SIZE; ++ unsigned long addr = addr0, pax_task_size = TASK_SIZE; ++ struct vm_unmapped_area_info info; + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + +#ifdef CONFIG_PAX_SEGMEXEC @@ -23009,46 +24711,18 @@ index 0000000..207bec6 + } + } + -+ /* check if free_area_cache is useful for us */ -+ if (len <= mm->cached_hole_size) { -+ mm->cached_hole_size = 0; -+ mm->free_area_cache = mm->mmap_base; -+ } -+ -+ /* either no address requested or can't fit in requested address hole */ -+ addr = mm->free_area_cache; -+ -+ /* make sure it can fit in the remaining address space */ -+ if (addr > len) { -+ vma = find_vma(mm, addr-len); -+ if (check_heap_stack_gap(vma, addr - len, len, offset)) -+ /* remember the address as a hint for next time */ -+ return (mm->free_area_cache = addr-len); -+ } -+ -+ if (mm->mmap_base < len) -+ goto bottomup; -+ -+ addr = mm->mmap_base-len; -+ -+ do { -+ /* -+ * Lookup failure means no vma is above this address, -+ * else if new region fits below vma->vm_start, -+ * return with success: -+ */ -+ vma = find_vma(mm, addr); -+ if (check_heap_stack_gap(vma, addr, len, offset)) -+ /* remember the address as a hint for next time */ -+ return (mm->free_area_cache = addr); -+ -+ /* remember the largest hole we saw so far */ -+ if (addr + mm->cached_hole_size < vma->vm_start) -+ mm->cached_hole_size = vma->vm_start - addr; ++ info.flags = VM_UNMAPPED_AREA_TOPDOWN; ++ info.length = len; ++ info.low_limit = PAGE_SIZE; ++ info.high_limit = mm->mmap_base; ++ info.align_mask = filp ? get_align_mask() : 0; ++ info.align_offset = pgoff << PAGE_SHIFT; ++ info.threadstack_offset = offset; + -+ /* try just below the current vma->vm_start */ -+ addr = skip_heap_stack_gap(vma, len, offset); -+ } while (!IS_ERR_VALUE(addr)); ++ addr = vm_unmapped_area(&info); ++ if (!(addr & ~PAGE_MASK)) ++ return addr; ++ VM_BUG_ON(addr != -ENOMEM); + +bottomup: + /* @@ -23057,34 +24731,10 @@ index 0000000..207bec6 + * can happen with large stack limits and large mmap() + * allocations. + */ -+ -+#ifdef CONFIG_PAX_SEGMEXEC -+ if (mm->pax_flags & MF_PAX_SEGMEXEC) -+ mm->mmap_base = SEGMEXEC_TASK_UNMAPPED_BASE; -+ else -+#endif -+ -+ mm->mmap_base = TASK_UNMAPPED_BASE; -+ -+#ifdef CONFIG_PAX_RANDMMAP -+ if (mm->pax_flags & MF_PAX_RANDMMAP) -+ mm->mmap_base += mm->delta_mmap; -+#endif -+ -+ mm->free_area_cache = mm->mmap_base; -+ mm->cached_hole_size = ~0UL; -+ addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags); -+ /* -+ * Restore the topdown base: -+ */ -+ mm->mmap_base = base; -+ mm->free_area_cache = base; -+ mm->cached_hole_size = ~0UL; -+ -+ return addr; ++ return arch_get_unmapped_area(filp, addr0, len, pgoff, flags); +} diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c -index dbded5a..ace2781 100644 +index 48f8375..ace2781 100644 --- a/arch/x86/kernel/sys_x86_64.c +++ b/arch/x86/kernel/sys_x86_64.c @@ -81,8 +81,8 @@ out: @@ -23102,7 +24752,7 @@ index dbded5a..ace2781 100644 *begin = new_begin; } } else { -- *begin = TASK_UNMAPPED_BASE; +- *begin = mmap_legacy_base(); + *begin = mm->mmap_base; *end = TASK_SIZE; } @@ -23272,7 +24922,7 @@ index 24d3c91..d06b473 100644 return pc; } diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c -index 9d9d2f9..cad418a 100644 +index f7fec09..9991981 100644 --- a/arch/x86/kernel/tls.c +++ b/arch/x86/kernel/tls.c @@ -84,6 +84,11 @@ int do_set_thread_area(struct task_struct *p, int idx, @@ -23287,7 +24937,7 @@ index 9d9d2f9..cad418a 100644 set_tls_desc(p, idx, &info, 1); return 0; -@@ -204,7 +209,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset, +@@ -200,7 +205,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset, if (kbuf) info = kbuf; @@ -23297,7 +24947,7 @@ index 9d9d2f9..cad418a 100644 else info = infobuf; diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index 68bda7a..3ec7bb7 100644 +index 772e2a8..bad5bf6 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -68,12 +68,6 @@ @@ -23371,7 +25021,7 @@ index 68bda7a..3ec7bb7 100644 regs->ip, regs->sp, error_code); print_vma_addr(" in ", regs->ip); pr_cont("\n"); -@@ -266,7 +272,7 @@ do_general_protection(struct pt_regs *regs, long error_code) +@@ -273,7 +279,7 @@ do_general_protection(struct pt_regs *regs, long error_code) conditional_sti(regs); #ifdef CONFIG_X86_32 @@ -23380,7 +25030,7 @@ index 68bda7a..3ec7bb7 100644 local_irq_enable(); handle_vm86_fault((struct kernel_vm86_regs *) regs, error_code); goto exit; -@@ -274,18 +280,42 @@ do_general_protection(struct pt_regs *regs, long error_code) +@@ -281,18 +287,42 @@ do_general_protection(struct pt_regs *regs, long error_code) #endif tsk = current; @@ -23425,7 +25075,7 @@ index 68bda7a..3ec7bb7 100644 tsk->thread.error_code = error_code; tsk->thread.trap_nr = X86_TRAP_GP; -@@ -440,7 +470,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -450,7 +480,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) /* It's safe to allow irq's after DR6 has been saved */ preempt_conditional_sti(regs); @@ -23434,7 +25084,7 @@ index 68bda7a..3ec7bb7 100644 handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code, X86_TRAP_DB); preempt_conditional_cli(regs); -@@ -455,7 +485,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -465,7 +495,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) * We already checked v86 mode above, so we can check for kernel mode * by just checking the CPL of CS. */ @@ -23443,7 +25093,7 @@ index 68bda7a..3ec7bb7 100644 tsk->thread.debugreg6 &= ~DR_STEP; set_tsk_thread_flag(tsk, TIF_SINGLESTEP); regs->flags &= ~X86_EFLAGS_TF; -@@ -487,7 +517,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) +@@ -497,7 +527,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) return; conditional_sti(regs); @@ -23453,7 +25103,7 @@ index 68bda7a..3ec7bb7 100644 if (!fixup_exception(regs)) { task->thread.error_code = error_code; diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c -index 0ba4cfb..4596bec 100644 +index 2ed8459..7cf329f 100644 --- a/arch/x86/kernel/uprobes.c +++ b/arch/x86/kernel/uprobes.c @@ -629,7 +629,7 @@ int arch_uprobe_exception_notify(struct notifier_block *self, unsigned long val, @@ -23465,6 +25115,15 @@ index 0ba4cfb..4596bec 100644 return NOTIFY_DONE; switch (val) { +@@ -719,7 +719,7 @@ arch_uretprobe_hijack_return_addr(unsigned long trampoline_vaddr, struct pt_regs + + if (ncopied != rasize) { + pr_err("uprobe: return address clobbered: pid=%d, %%sp=%#lx, " +- "%%ip=%#lx\n", current->pid, regs->sp, regs->ip); ++ "%%ip=%#lx\n", task_pid_nr(current), regs->sp, regs->ip); + + force_sig_info(SIGSEGV, SEND_SIG_FORCED, current); + } diff --git a/arch/x86/kernel/verify_cpu.S b/arch/x86/kernel/verify_cpu.S index b9242ba..50c5edd 100644 --- a/arch/x86/kernel/verify_cpu.S @@ -23478,7 +25137,7 @@ index b9242ba..50c5edd 100644 * verify_cpu, returns the status of longmode and SSE in register %eax. * 0: Success 1: Failure diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c -index 3dbdd9c..888b14e 100644 +index e8edcf5..27f9344 100644 --- a/arch/x86/kernel/vm86_32.c +++ b/arch/x86/kernel/vm86_32.c @@ -44,6 +44,7 @@ @@ -23501,34 +25160,33 @@ index 3dbdd9c..888b14e 100644 @@ -214,6 +215,14 @@ SYSCALL_DEFINE1(vm86old, struct vm86_struct __user *, v86) if (tsk->thread.saved_sp0) - goto out; + return -EPERM; + +#ifdef CONFIG_GRKERNSEC_VM86 + if (!capable(CAP_SYS_RAWIO)) { + gr_handle_vm86(); -+ goto out; ++ return -EPERM; + } +#endif + tmp = copy_vm86_regs_from_user(&info.regs, &v86->regs, offsetof(struct kernel_vm86_struct, vm86plus) - sizeof(info.regs)); -@@ -242,6 +251,14 @@ SYSCALL_DEFINE2(vm86, unsigned long, cmd, unsigned long, arg) - int tmp, ret; +@@ -238,6 +247,13 @@ SYSCALL_DEFINE2(vm86, unsigned long, cmd, unsigned long, arg) + int tmp; struct vm86plus_struct __user *v86; +#ifdef CONFIG_GRKERNSEC_VM86 + if (!capable(CAP_SYS_RAWIO)) { + gr_handle_vm86(); -+ ret = -EPERM; -+ goto out; ++ return -EPERM; + } +#endif + tsk = current; switch (cmd) { case VM86_REQUEST_IRQ: -@@ -329,7 +346,7 @@ static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk +@@ -318,7 +334,7 @@ static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk tsk->thread.saved_fs = info->regs32->fs; tsk->thread.saved_gs = get_user_gs(info->regs32); @@ -23537,7 +25195,7 @@ index 3dbdd9c..888b14e 100644 tsk->thread.sp0 = (unsigned long) &info->VM86_TSS_ESP0; if (cpu_has_sep) tsk->thread.sysenter_cs = 0; -@@ -536,7 +553,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i, +@@ -525,7 +541,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i, goto cannot_handle; if (i == 0x21 && is_revectored(AH(regs), &KVM86->int21_revectored)) goto cannot_handle; @@ -23547,7 +25205,7 @@ index 3dbdd9c..888b14e 100644 goto cannot_handle; if ((segoffs >> 16) == BIOSSEG) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S -index 22a1530..8fbaaad 100644 +index 10c4f30..57377c2 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -26,6 +26,13 @@ @@ -23614,9 +25272,9 @@ index 22a1530..8fbaaad 100644 + __LOAD_PHYSICAL_ADDR = . - LOAD_OFFSET + __KERNEL_TEXT_OFFSET; + _text = .; HEAD_TEXT - #ifdef CONFIG_X86_32 - . = ALIGN(PAGE_SIZE); -@@ -108,13 +128,48 @@ SECTIONS + . = ALIGN(8); + _stext = .; +@@ -104,13 +124,48 @@ SECTIONS IRQENTRY_TEXT *(.fixup) *(.gnu.warning) @@ -23632,7 +25290,7 @@ index 22a1530..8fbaaad 100644 + . = ALIGN(PAGE_SIZE); + .module.text : AT(ADDR(.module.text) - LOAD_OFFSET) { + -+#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_MODULES) ++#ifdef CONFIG_PAX_KERNEXEC + MODULES_EXEC_VADDR = .; + BYTE(0) + . += (CONFIG_PAX_KERNEXEC_MODULE_TEXT * 1024 * 1024); @@ -23669,7 +25327,7 @@ index 22a1530..8fbaaad 100644 #if defined(CONFIG_DEBUG_RODATA) /* .text should occupy whole number of pages */ -@@ -126,16 +181,20 @@ SECTIONS +@@ -122,16 +177,20 @@ SECTIONS /* Data */ .data : AT(ADDR(.data) - LOAD_OFFSET) { @@ -23693,7 +25351,7 @@ index 22a1530..8fbaaad 100644 PAGE_ALIGNED_DATA(PAGE_SIZE) -@@ -176,12 +235,19 @@ SECTIONS +@@ -172,12 +231,19 @@ SECTIONS #endif /* CONFIG_X86_64 */ /* Init code and data - will be freed after init */ @@ -23716,7 +25374,7 @@ index 22a1530..8fbaaad 100644 /* * percpu offsets are zero-based on SMP. PERCPU_VADDR() changes the * output PHDR, so the next output section - .init.text - should -@@ -190,12 +256,27 @@ SECTIONS +@@ -186,12 +252,27 @@ SECTIONS PERCPU_VADDR(INTERNODE_CACHE_BYTES, 0, :percpu) #endif @@ -23749,7 +25407,7 @@ index 22a1530..8fbaaad 100644 .x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) { __x86_cpu_dev_start = .; -@@ -257,19 +338,12 @@ SECTIONS +@@ -253,19 +334,12 @@ SECTIONS } . = ALIGN(8); @@ -23770,7 +25428,7 @@ index 22a1530..8fbaaad 100644 PERCPU_SECTION(INTERNODE_CACHE_BYTES) #endif -@@ -288,16 +362,10 @@ SECTIONS +@@ -284,16 +358,10 @@ SECTIONS .smp_locks : AT(ADDR(.smp_locks) - LOAD_OFFSET) { __smp_locks = .; *(.smp_locks) @@ -23788,7 +25446,7 @@ index 22a1530..8fbaaad 100644 /* BSS */ . = ALIGN(PAGE_SIZE); .bss : AT(ADDR(.bss) - LOAD_OFFSET) { -@@ -313,6 +381,7 @@ SECTIONS +@@ -309,6 +377,7 @@ SECTIONS __brk_base = .; . += 64 * 1024; /* 64k alignment slop space */ *(.brk_reservation) /* areas brk users have reserved */ @@ -23796,7 +25454,7 @@ index 22a1530..8fbaaad 100644 __brk_limit = .; } -@@ -339,13 +408,12 @@ SECTIONS +@@ -335,13 +404,12 @@ SECTIONS * for the boot processor. */ #define INIT_PER_CPU(x) init_per_cpu__##x = x + __per_cpu_load @@ -23855,7 +25513,7 @@ index 9a907a6..f83f921 100644 (unsigned long)VSYSCALL_START); diff --git a/arch/x86/kernel/x8664_ksyms_64.c b/arch/x86/kernel/x8664_ksyms_64.c -index b014d94..6d6ca7b 100644 +index b014d94..e775258 100644 --- a/arch/x86/kernel/x8664_ksyms_64.c +++ b/arch/x86/kernel/x8664_ksyms_64.c @@ -34,8 +34,6 @@ EXPORT_SYMBOL(copy_user_generic_string); @@ -23867,6 +25525,14 @@ index b014d94..6d6ca7b 100644 EXPORT_SYMBOL(copy_page); EXPORT_SYMBOL(clear_page); +@@ -66,3 +64,7 @@ EXPORT_SYMBOL(empty_zero_page); + #ifndef CONFIG_PARAVIRT + EXPORT_SYMBOL(native_load_gs_index); + #endif ++ ++#ifdef CONFIG_PAX_PER_CPU_PGD ++EXPORT_SYMBOL(cpu_pgd); ++#endif diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c index 45a14db..075bb9b 100644 --- a/arch/x86/kernel/x86_init.c @@ -23979,10 +25645,10 @@ index a20ecb5..d0e2194 100644 out: diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index 698eece..776b682 100644 +index 5953dce..f11a7d2 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c -@@ -328,6 +328,7 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) +@@ -329,6 +329,7 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) #define ____emulate_2op(ctxt, _op, _x, _y, _suffix, _dsttype) \ do { \ @@ -23990,7 +25656,7 @@ index 698eece..776b682 100644 __asm__ __volatile__ ( \ _PRE_EFLAGS("0", "4", "2") \ _op _suffix " %"_x"3,%1; " \ -@@ -342,8 +343,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) +@@ -343,8 +344,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) /* Raw emulation: instruction has two explicit operands. */ #define __emulate_2op_nobyte(ctxt,_op,_wx,_wy,_lx,_ly,_qx,_qy) \ do { \ @@ -23999,7 +25665,7 @@ index 698eece..776b682 100644 switch ((ctxt)->dst.bytes) { \ case 2: \ ____emulate_2op(ctxt,_op,_wx,_wy,"w",u16); \ -@@ -359,7 +358,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) +@@ -360,7 +359,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) #define __emulate_2op(ctxt,_op,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \ do { \ @@ -24008,7 +25674,7 @@ index 698eece..776b682 100644 case 1: \ ____emulate_2op(ctxt,_op,_bx,_by,"b",u8); \ diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index f77df1c..6f20690 100644 +index 0eee2c8..94a32c3 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -55,7 +55,7 @@ @@ -24021,7 +25687,7 @@ index f77df1c..6f20690 100644 #define APIC_LVT_NUM 6 /* 14 is the version for Xeon and Pentium 8.4.8*/ diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h -index 105dd5b..1b0ccc2 100644 +index da20860..d19fdf5 100644 --- a/arch/x86/kvm/paging_tmpl.h +++ b/arch/x86/kvm/paging_tmpl.h @@ -208,7 +208,7 @@ retry_walk: @@ -24034,10 +25700,10 @@ index 105dd5b..1b0ccc2 100644 goto error; walker->ptep_user[walker->level - 1] = ptep_user; diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index e1b1ce2..f7b4b43 100644 +index a14a6ea..dc86cf0 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c -@@ -3507,7 +3507,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) +@@ -3493,7 +3493,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) int cpu = raw_smp_processor_id(); struct svm_cpu_data *sd = per_cpu(svm_data, cpu); @@ -24049,7 +25715,7 @@ index e1b1ce2..f7b4b43 100644 load_TR_desc(); } -@@ -3901,6 +3905,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) +@@ -3894,6 +3898,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) #endif #endif @@ -24061,10 +25727,10 @@ index e1b1ce2..f7b4b43 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 0af1807..06912bb 100644 +index 5402c94..c3bdeee 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c -@@ -1184,12 +1184,12 @@ static void vmcs_write64(unsigned long field, u64 value) +@@ -1311,12 +1311,12 @@ static void vmcs_write64(unsigned long field, u64 value) #endif } @@ -24079,7 +25745,7 @@ index 0af1807..06912bb 100644 { vmcs_writel(field, vmcs_readl(field) | mask); } -@@ -1390,7 +1390,11 @@ static void reload_tss(void) +@@ -1517,7 +1517,11 @@ static void reload_tss(void) struct desc_struct *descs; descs = (void *)gdt->address; @@ -24091,7 +25757,7 @@ index 0af1807..06912bb 100644 load_TR_desc(); } -@@ -1614,6 +1618,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) +@@ -1741,6 +1745,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */ vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */ @@ -24102,7 +25768,7 @@ index 0af1807..06912bb 100644 rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp); vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */ vmx->loaded_vmcs->cpu = cpu; -@@ -2779,8 +2787,11 @@ static __init int hardware_setup(void) +@@ -2935,8 +2943,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -24116,22 +25782,27 @@ index 0af1807..06912bb 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -2792,10 +2803,12 @@ static __init int hardware_setup(void) - !cpu_has_vmx_virtual_intr_delivery()) - enable_apicv_reg_vid = 0; +@@ -2947,13 +2958,15 @@ static __init int hardware_setup(void) + if (!cpu_has_vmx_apicv()) + enable_apicv = 0; + pax_open_kernel(); - if (enable_apicv_reg_vid) + if (enable_apicv) - kvm_x86_ops->update_cr8_intercept = NULL; + *(void **)&kvm_x86_ops->update_cr8_intercept = NULL; - else + else { - kvm_x86_ops->hwapic_irr_update = NULL; +- kvm_x86_ops->deliver_posted_interrupt = NULL; +- kvm_x86_ops->sync_pir_to_irr = vmx_sync_pir_to_irr_dummy; + *(void **)&kvm_x86_ops->hwapic_irr_update = NULL; ++ *(void **)&kvm_x86_ops->deliver_posted_interrupt = NULL; ++ *(void **)&kvm_x86_ops->sync_pir_to_irr = vmx_sync_pir_to_irr_dummy; + } + pax_close_kernel(); if (nested) nested_vmx_setup_ctls_msrs(); -@@ -3883,7 +3896,10 @@ static void vmx_set_constant_host_state(void) +@@ -4076,7 +4089,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */ vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */ @@ -24142,16 +25813,16 @@ index 0af1807..06912bb 100644 vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */ #ifdef CONFIG_X86_64 -@@ -3904,7 +3920,7 @@ static void vmx_set_constant_host_state(void) - native_store_idt(&dt); +@@ -4098,7 +4114,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ + vmx->host_idt_base = dt.address; - vmcs_writel(HOST_RIP, vmx_return); /* 22.2.5 */ + vmcs_writel(HOST_RIP, ktla_ktva(vmx_return)); /* 22.2.5 */ rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -6580,6 +6596,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7030,6 +7046,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp 2f \n\t" "1: " __ex(ASM_VMX_VMRESUME) "\n\t" "2: " @@ -24164,7 +25835,7 @@ index 0af1807..06912bb 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t" "pop %0 \n\t" -@@ -6632,6 +6654,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7082,6 +7104,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -24176,7 +25847,7 @@ index 0af1807..06912bb 100644 : "cc", "memory" #ifdef CONFIG_X86_64 , "rax", "rbx", "rdi", "rsi" -@@ -6645,7 +6672,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7095,7 +7122,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) if (debugctlmsr) update_debugctlmsr(debugctlmsr); @@ -24185,7 +25856,7 @@ index 0af1807..06912bb 100644 /* * The sysexit path does not restore ds/es, so we must set them to * a reasonable value ourselves. -@@ -6654,8 +6681,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7104,8 +7131,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) * may be executed in interrupt context, which saves and restore segments * around it, nullifying its effect. */ @@ -24207,10 +25878,10 @@ index 0af1807..06912bb 100644 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index e172132..c3d3e27 100644 +index e8ba99c..ee9d7d9 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -1686,8 +1686,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) +@@ -1725,8 +1725,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) { struct kvm *kvm = vcpu->kvm; int lm = is_long_mode(vcpu); @@ -24221,7 +25892,7 @@ index e172132..c3d3e27 100644 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 : kvm->arch.xen_hvm_config.blob_size_32; u32 page_num = data & ~PAGE_MASK; -@@ -2567,6 +2567,8 @@ long kvm_arch_dev_ioctl(struct file *filp, +@@ -2609,6 +2609,8 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r = -EFAULT; @@ -24230,16 +25901,7 @@ index e172132..c3d3e27 100644 if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; -@@ -2696,7 +2698,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, - static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu, - struct kvm_interrupt *irq) - { -- if (irq->irq < 0 || irq->irq >= KVM_NR_INTERRUPTS) -+ if (irq->irq >= KVM_NR_INTERRUPTS) - return -EINVAL; - if (irqchip_in_kernel(vcpu->kvm)) - return -ENXIO; -@@ -5247,7 +5249,7 @@ static struct notifier_block pvclock_gtod_notifier = { +@@ -5297,7 +5299,7 @@ static struct notifier_block pvclock_gtod_notifier = { }; #endif @@ -24749,7 +26411,7 @@ index f5cc9eb..51fa319 100644 CFI_ENDPROC ENDPROC(atomic64_inc_not_zero_cx8) diff --git a/arch/x86/lib/checksum_32.S b/arch/x86/lib/checksum_32.S -index 2af5df3..62b1a5a 100644 +index e78b8ee..7e173a8 100644 --- a/arch/x86/lib/checksum_32.S +++ b/arch/x86/lib/checksum_32.S @@ -29,7 +29,8 @@ @@ -25140,27 +26802,43 @@ index 176cca6..1166c50 100644 .byte (copy_page_rep - copy_page) - (2f - 1b) /* offset */ 2: diff --git a/arch/x86/lib/copy_user_64.S b/arch/x86/lib/copy_user_64.S -index a30ca15..d25fab6 100644 +index a30ca15..6b3f4e1 100644 --- a/arch/x86/lib/copy_user_64.S +++ b/arch/x86/lib/copy_user_64.S -@@ -18,6 +18,7 @@ +@@ -18,31 +18,7 @@ #include #include #include +- +-/* +- * By placing feature2 after feature1 in altinstructions section, we logically +- * implement: +- * If CPU has feature2, jmp to alt2 is used +- * else if CPU has feature1, jmp to alt1 is used +- * else jmp to orig is used. +- */ +- .macro ALTERNATIVE_JUMP feature1,feature2,orig,alt1,alt2 +-0: +- .byte 0xe9 /* 32bit jump */ +- .long \orig-1f /* by default jump to orig */ +-1: +- .section .altinstr_replacement,"ax" +-2: .byte 0xe9 /* near jump with 32bit immediate */ +- .long \alt1-1b /* offset */ /* or alternatively to alt1 */ +-3: .byte 0xe9 /* near jump with 32bit immediate */ +- .long \alt2-1b /* offset */ /* or alternatively to alt2 */ +- .previous +- +- .section .altinstructions,"a" +- altinstruction_entry 0b,2b,\feature1,5,5 +- altinstruction_entry 0b,3b,\feature2,5,5 +- .previous +- .endm +#include - /* - * By placing feature2 after feature1 in altinstructions section, we logically -@@ -31,7 +32,7 @@ - .byte 0xe9 /* 32bit jump */ - .long \orig-1f /* by default jump to orig */ - 1: -- .section .altinstr_replacement,"ax" -+ .section .altinstr_replacement,"a" - 2: .byte 0xe9 /* near jump with 32bit immediate */ - .long \alt1-1b /* offset */ /* or alternatively to alt1 */ - 3: .byte 0xe9 /* near jump with 32bit immediate */ -@@ -70,47 +71,20 @@ + .macro ALIGN_DESTINATION + #ifdef FIX_ALIGNMENT +@@ -70,52 +46,6 @@ #endif .endm @@ -25194,24 +26872,34 @@ index a30ca15..d25fab6 100644 - CFI_ENDPROC -ENDPROC(_copy_from_user) - - .section .fixup,"ax" - /* must zero dest */ - ENTRY(bad_from_user) - bad_from_user: +- .section .fixup,"ax" +- /* must zero dest */ +-ENTRY(bad_from_user) +-bad_from_user: +- CFI_STARTPROC +- movl %edx,%ecx +- xorl %eax,%eax +- rep +- stosb +-bad_to_user: +- movl %edx,%eax +- ret +- CFI_ENDPROC +-ENDPROC(bad_from_user) +- .previous +- + /* + * copy_user_generic_unrolled - memory copy with exception handling. + * This version is for CPUs like P4 that don't have efficient micro +@@ -131,6 +61,7 @@ ENDPROC(bad_from_user) + */ + ENTRY(copy_user_generic_unrolled) CFI_STARTPROC -+ testl %edx,%edx -+ js bad_to_user - movl %edx,%ecx - xorl %eax,%eax - rep - stosb - bad_to_user: - movl %edx,%eax -+ pax_force_retaddr - ret - CFI_ENDPROC - ENDPROC(bad_from_user) -@@ -141,19 +115,19 @@ ENTRY(copy_user_generic_unrolled) ++ ASM_PAX_OPEN_USERLAND + ASM_STAC + cmpl $8,%edx + jb 20f /* less then 8 bytes, go to byte copy loop */ +@@ -141,19 +72,19 @@ ENTRY(copy_user_generic_unrolled) jz 17f 1: movq (%rsi),%r8 2: movq 1*8(%rsi),%r9 @@ -25235,32 +26923,51 @@ index a30ca15..d25fab6 100644 16: movq %r11,7*8(%rdi) leaq 64(%rsi),%rsi leaq 64(%rdi),%rdi -@@ -180,6 +154,7 @@ ENTRY(copy_user_generic_unrolled) +@@ -180,6 +111,8 @@ ENTRY(copy_user_generic_unrolled) jnz 21b 23: xor %eax,%eax ASM_CLAC ++ ASM_PAX_CLOSE_USERLAND + pax_force_retaddr ret .section .fixup,"ax" -@@ -251,6 +226,7 @@ ENTRY(copy_user_generic_string) +@@ -235,6 +168,7 @@ ENDPROC(copy_user_generic_unrolled) + */ + ENTRY(copy_user_generic_string) + CFI_STARTPROC ++ ASM_PAX_OPEN_USERLAND + ASM_STAC + andl %edx,%edx + jz 4f +@@ -251,6 +185,8 @@ ENTRY(copy_user_generic_string) movsb 4: xorl %eax,%eax ASM_CLAC ++ ASM_PAX_CLOSE_USERLAND + pax_force_retaddr ret .section .fixup,"ax" -@@ -286,6 +262,7 @@ ENTRY(copy_user_enhanced_fast_string) +@@ -278,6 +214,7 @@ ENDPROC(copy_user_generic_string) + */ + ENTRY(copy_user_enhanced_fast_string) + CFI_STARTPROC ++ ASM_PAX_OPEN_USERLAND + ASM_STAC + andl %edx,%edx + jz 2f +@@ -286,6 +223,8 @@ ENTRY(copy_user_enhanced_fast_string) movsb 2: xorl %eax,%eax ASM_CLAC ++ ASM_PAX_CLOSE_USERLAND + pax_force_retaddr ret .section .fixup,"ax" diff --git a/arch/x86/lib/copy_user_nocache_64.S b/arch/x86/lib/copy_user_nocache_64.S -index 6a4f43c..f08b4a2 100644 +index 6a4f43c..55d26f2 100644 --- a/arch/x86/lib/copy_user_nocache_64.S +++ b/arch/x86/lib/copy_user_nocache_64.S @@ -8,6 +8,7 @@ @@ -25279,7 +26986,7 @@ index 6a4f43c..f08b4a2 100644 .macro ALIGN_DESTINATION #ifdef FIX_ALIGNMENT -@@ -49,6 +51,15 @@ +@@ -49,6 +51,16 @@ */ ENTRY(__copy_user_nocache) CFI_STARTPROC @@ -25292,10 +26999,11 @@ index 6a4f43c..f08b4a2 100644 +1: +#endif + ++ ASM_PAX_OPEN_USERLAND ASM_STAC cmpl $8,%edx jb 20f /* less then 8 bytes, go to byte copy loop */ -@@ -59,19 +70,19 @@ ENTRY(__copy_user_nocache) +@@ -59,19 +71,19 @@ ENTRY(__copy_user_nocache) jz 17f 1: movq (%rsi),%r8 2: movq 1*8(%rsi),%r9 @@ -25319,9 +27027,11 @@ index 6a4f43c..f08b4a2 100644 16: movnti %r11,7*8(%rdi) leaq 64(%rsi),%rsi leaq 64(%rdi),%rdi -@@ -99,6 +110,7 @@ ENTRY(__copy_user_nocache) +@@ -98,7 +110,9 @@ ENTRY(__copy_user_nocache) + jnz 21b 23: xorl %eax,%eax ASM_CLAC ++ ASM_PAX_CLOSE_USERLAND sfence + pax_force_retaddr ret @@ -25348,29 +27058,40 @@ index 2419d5f..953ee51 100644 CFI_RESTORE_STATE diff --git a/arch/x86/lib/csum-wrappers_64.c b/arch/x86/lib/csum-wrappers_64.c -index 25b7ae8..169fafc 100644 +index 25b7ae8..c40113e 100644 --- a/arch/x86/lib/csum-wrappers_64.c +++ b/arch/x86/lib/csum-wrappers_64.c -@@ -52,7 +52,7 @@ csum_partial_copy_from_user(const void __user *src, void *dst, +@@ -52,8 +52,12 @@ csum_partial_copy_from_user(const void __user *src, void *dst, len -= 2; } } - isum = csum_partial_copy_generic((__force const void *)src, ++ pax_open_userland(); ++ stac(); + isum = csum_partial_copy_generic((const void __force_kernel *)____m(src), dst, len, isum, errp, NULL); ++ clac(); ++ pax_close_userland(); if (unlikely(*errp)) goto out_err; -@@ -105,7 +105,7 @@ csum_partial_copy_to_user(const void *src, void __user *dst, + +@@ -105,8 +109,13 @@ csum_partial_copy_to_user(const void *src, void __user *dst, } *errp = 0; - return csum_partial_copy_generic(src, (void __force *)dst, -+ return csum_partial_copy_generic(src, (void __force_kernel *)____m(dst), ++ pax_open_userland(); ++ stac(); ++ isum = csum_partial_copy_generic(src, (void __force_kernel *)____m(dst), len, isum, NULL, errp); ++ clac(); ++ pax_close_userland(); ++ return isum; } EXPORT_SYMBOL(csum_partial_copy_to_user); + diff --git a/arch/x86/lib/getuser.S b/arch/x86/lib/getuser.S -index a451235..79fb5cf 100644 +index a451235..1daa956 100644 --- a/arch/x86/lib/getuser.S +++ b/arch/x86/lib/getuser.S @@ -33,17 +33,40 @@ @@ -25496,8 +27217,14 @@ index a451235..79fb5cf 100644 ret #else add $7,%_ASM_AX -@@ -102,6 +163,7 @@ ENTRY(__get_user_8) - 5: movl -3(%_ASM_AX),%ecx +@@ -98,10 +159,11 @@ ENTRY(__get_user_8) + cmp TI_addr_limit(%_ASM_DX),%_ASM_AX + jae bad_get_user_8 + ASM_STAC +-4: movl -7(%_ASM_AX),%edx +-5: movl -3(%_ASM_AX),%ecx ++4: __copyuser_seg movl -7(%_ASM_AX),%edx ++5: __copyuser_seg movl -3(%_ASM_AX),%ecx xor %eax,%eax ASM_CLAC + pax_force_retaddr @@ -25567,9 +27294,18 @@ index 05a95e7..326f2fa 100644 CFI_ENDPROC ENDPROC(__iowrite32_copy) diff --git a/arch/x86/lib/memcpy_64.S b/arch/x86/lib/memcpy_64.S -index 1c273be..da9cc0e 100644 +index 56313a3..9b59269 100644 --- a/arch/x86/lib/memcpy_64.S +++ b/arch/x86/lib/memcpy_64.S +@@ -24,7 +24,7 @@ + * This gets patched over the unrolled variant (below) via the + * alternative instructions framework: + */ +- .section .altinstr_replacement, "ax", @progbits ++ .section .altinstr_replacement, "a", @progbits + .Lmemcpy_c: + movq %rdi, %rax + movq %rdx, %rcx @@ -33,6 +33,7 @@ rep movsq movl %edx, %ecx @@ -25578,7 +27314,13 @@ index 1c273be..da9cc0e 100644 ret .Lmemcpy_e: .previous -@@ -49,6 +50,7 @@ +@@ -44,11 +45,12 @@ + * This gets patched over the unrolled variant (below) via the + * alternative instructions framework: + */ +- .section .altinstr_replacement, "ax", @progbits ++ .section .altinstr_replacement, "a", @progbits + .Lmemcpy_c_e: movq %rdi, %rax movq %rdx, %rcx rep movsb @@ -25658,7 +27400,7 @@ index 1c273be..da9cc0e 100644 CFI_ENDPROC ENDPROC(memcpy) diff --git a/arch/x86/lib/memmove_64.S b/arch/x86/lib/memmove_64.S -index ee16461..c39c199 100644 +index 65268a6..5aa7815 100644 --- a/arch/x86/lib/memmove_64.S +++ b/arch/x86/lib/memmove_64.S @@ -61,13 +61,13 @@ ENTRY(memmove) @@ -25773,7 +27515,7 @@ index ee16461..c39c199 100644 jmp 13f 12: cmp $1, %rdx -@@ -202,6 +202,7 @@ ENTRY(memmove) +@@ -202,14 +202,16 @@ ENTRY(memmove) movb (%rsi), %r11b movb %r11b, (%rdi) 13: @@ -25781,7 +27523,9 @@ index ee16461..c39c199 100644 retq CFI_ENDPROC -@@ -210,6 +211,7 @@ ENTRY(memmove) +- .section .altinstr_replacement,"ax" ++ .section .altinstr_replacement,"a" + .Lmemmove_begin_forward_efs: /* Forward moving data. */ movq %rdx, %rcx rep movsb @@ -25790,9 +27534,18 @@ index ee16461..c39c199 100644 .Lmemmove_end_forward_efs: .previous diff --git a/arch/x86/lib/memset_64.S b/arch/x86/lib/memset_64.S -index 2dcb380..963660a 100644 +index 2dcb380..50a78bc 100644 --- a/arch/x86/lib/memset_64.S +++ b/arch/x86/lib/memset_64.S +@@ -16,7 +16,7 @@ + * + * rax original destination + */ +- .section .altinstr_replacement, "ax", @progbits ++ .section .altinstr_replacement, "a", @progbits + .Lmemset_c: + movq %rdi,%r9 + movq %rdx,%rcx @@ -30,6 +30,7 @@ movl %edx,%ecx rep stosb @@ -25801,7 +27554,15 @@ index 2dcb380..963660a 100644 ret .Lmemset_e: .previous -@@ -52,6 +53,7 @@ +@@ -45,13 +46,14 @@ + * + * rax original destination + */ +- .section .altinstr_replacement, "ax", @progbits ++ .section .altinstr_replacement, "a", @progbits + .Lmemset_c_e: + movq %rdi,%r9 + movb %sil,%al movq %rdx,%rcx rep stosb movq %r9,%rax @@ -26475,7 +28236,7 @@ index a63efd6..ccecad8 100644 ret CFI_ENDPROC diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c -index f0312d7..9c39d63 100644 +index 3eb18ac..6890bc3 100644 --- a/arch/x86/lib/usercopy_32.c +++ b/arch/x86/lib/usercopy_32.c @@ -42,11 +42,13 @@ do { \ @@ -26993,7 +28754,7 @@ index f0312d7..9c39d63 100644 clac(); return n; } -@@ -632,66 +743,51 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr +@@ -632,60 +743,38 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr if (n > 64 && cpu_has_xmm2) n = __copy_user_intel_nocache(to, from, n); else @@ -27023,13 +28784,29 @@ index f0312d7..9c39d63 100644 - */ -unsigned long -copy_to_user(void __user *to, const void *from, unsigned long n) --{ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++void __set_fs(mm_segment_t x) + { - if (access_ok(VERIFY_WRITE, to, n)) - n = __copy_to_user(to, from, n); - return n; --} ++ switch (x.seg) { ++ case 0: ++ loadsegment(gs, 0); ++ break; ++ case TASK_SIZE_MAX: ++ loadsegment(gs, __USER_DS); ++ break; ++ case -1UL: ++ loadsegment(gs, __KERNEL_DS); ++ break; ++ default: ++ BUG(); ++ } + } -EXPORT_SYMBOL(copy_to_user); -- ++EXPORT_SYMBOL(__set_fs); + -/** - * copy_from_user: - Copy a block of data from user space. - * @to: Destination address, in kernel space. @@ -27048,59 +28825,32 @@ index f0312d7..9c39d63 100644 - */ -unsigned long -_copy_from_user(void *to, const void __user *from, unsigned long n) --{ ++void set_fs(mm_segment_t x) + { - if (access_ok(VERIFY_READ, from, n)) - n = __copy_from_user(to, from, n); - else - memset(to, 0, n); - return n; --} --EXPORT_SYMBOL(_copy_from_user); -- - void copy_from_user_overflow(void) - { - WARN(1, "Buffer overflow detected!\n"); - } - EXPORT_SYMBOL(copy_from_user_overflow); -+ -+void copy_to_user_overflow(void) -+{ -+ WARN(1, "Buffer overflow detected!\n"); -+} -+EXPORT_SYMBOL(copy_to_user_overflow); -+ -+#ifdef CONFIG_PAX_MEMORY_UDEREF -+void __set_fs(mm_segment_t x) -+{ -+ switch (x.seg) { -+ case 0: -+ loadsegment(gs, 0); -+ break; -+ case TASK_SIZE_MAX: -+ loadsegment(gs, __USER_DS); -+ break; -+ case -1UL: -+ loadsegment(gs, __KERNEL_DS); -+ break; -+ default: -+ BUG(); -+ } -+ return; -+} -+EXPORT_SYMBOL(__set_fs); -+ -+void set_fs(mm_segment_t x) -+{ + current_thread_info()->addr_limit = x; + __set_fs(x); -+} + } +-EXPORT_SYMBOL(_copy_from_user); +EXPORT_SYMBOL(set_fs); +#endif diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c -index 906fea3..ee8a097 100644 +index 906fea3..0194a18 100644 --- a/arch/x86/lib/usercopy_64.c +++ b/arch/x86/lib/usercopy_64.c -@@ -39,7 +39,7 @@ unsigned long __clear_user(void __user *addr, unsigned long size) +@@ -18,6 +18,7 @@ unsigned long __clear_user(void __user *addr, unsigned long size) + might_fault(); + /* no memory constraint because it doesn't change any memory gcc knows + about */ ++ pax_open_userland(); + stac(); + asm volatile( + " testq %[size8],%[size8]\n" +@@ -39,9 +40,10 @@ unsigned long __clear_user(void __user *addr, unsigned long size) _ASM_EXTABLE(0b,3b) _ASM_EXTABLE(1b,2b) : [size8] "=&c"(size), [dst] "=&D" (__d0) @@ -27108,8 +28858,11 @@ index 906fea3..ee8a097 100644 + : [size1] "r"(size & 7), "[size8]" (size / 8), "[dst]"(____m(addr)), [zero] "r" (0UL), [eight] "r" (8UL)); clac(); ++ pax_close_userland(); return size; -@@ -54,12 +54,11 @@ unsigned long clear_user(void __user *to, unsigned long n) + } + EXPORT_SYMBOL(__clear_user); +@@ -54,12 +56,11 @@ unsigned long clear_user(void __user *to, unsigned long n) } EXPORT_SYMBOL(clear_user); @@ -27126,7 +28879,7 @@ index 906fea3..ee8a097 100644 } EXPORT_SYMBOL(copy_in_user); -@@ -69,7 +68,7 @@ EXPORT_SYMBOL(copy_in_user); +@@ -69,11 +70,13 @@ EXPORT_SYMBOL(copy_in_user); * it is not necessary to optimize tail handling. */ unsigned long @@ -27135,22 +28888,31 @@ index 906fea3..ee8a097 100644 { char c; unsigned zero_len; -@@ -87,3 +86,15 @@ copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest) - clac(); + ++ clac(); ++ pax_close_userland(); + for (; len; --len, to++) { + if (__get_user_nocheck(c, from++, sizeof(char))) + break; +@@ -84,6 +87,5 @@ copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest) + for (c = 0, zero_len = len; zerorest && zero_len; --zero_len) + if (__put_user_nocheck(c, to++, sizeof(char))) + break; +- clac(); return len; } +diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile +index 23d8e5f..9ccc13a 100644 +--- a/arch/x86/mm/Makefile ++++ b/arch/x86/mm/Makefile +@@ -28,3 +28,7 @@ obj-$(CONFIG_ACPI_NUMA) += srat.o + obj-$(CONFIG_NUMA_EMU) += numa_emulation.o + + obj-$(CONFIG_MEMTEST) += memtest.o + -+void copy_from_user_overflow(void) -+{ -+ WARN(1, "Buffer overflow detected!\n"); -+} -+EXPORT_SYMBOL(copy_from_user_overflow); -+ -+void copy_to_user_overflow(void) -+{ -+ WARN(1, "Buffer overflow detected!\n"); -+} -+EXPORT_SYMBOL(copy_to_user_overflow); ++quote:=" ++obj-$(CONFIG_X86_64) += uderef_64.o ++CFLAGS_uderef_64.o := $(subst $(quote),,$(CONFIG_ARCH_HWEIGHT_CFLAGS)) diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c index 903ec1e..c4166b2 100644 --- a/arch/x86/mm/extable.c @@ -27206,13 +28968,13 @@ index 903ec1e..c4166b2 100644 } diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index 0e88336..2bb9777 100644 +index 654be4a..a4a3da1 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c -@@ -13,12 +13,19 @@ - #include /* perf_sw_event */ +@@ -14,11 +14,18 @@ #include /* hstate_index_to_shift */ #include /* prefetchw */ + #include /* exception_enter(), ... */ +#include +#include @@ -27220,7 +28982,6 @@ index 0e88336..2bb9777 100644 #include /* pgd_*(), ... */ #include /* kmemcheck_*(), ... */ #include /* VSYSCALL_START */ - #include /* exception_enter(), ... */ +#include + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) @@ -27297,7 +29058,7 @@ index 0e88336..2bb9777 100644 DEFINE_SPINLOCK(pgd_lock); LIST_HEAD(pgd_list); -@@ -232,10 +273,22 @@ void vmalloc_sync_all(void) +@@ -232,10 +273,27 @@ void vmalloc_sync_all(void) for (address = VMALLOC_START & PMD_MASK; address >= TASK_SIZE && address < FIXADDR_TOP; address += PMD_SIZE) { @@ -27312,15 +29073,20 @@ index 0e88336..2bb9777 100644 + +#ifdef CONFIG_PAX_PER_CPU_PGD + for (cpu = 0; cpu < nr_cpu_ids; ++cpu) { -+ pgd_t *pgd = get_cpu_pgd(cpu); ++ pgd_t *pgd = get_cpu_pgd(cpu, user); + pmd_t *ret; ++ ++ ret = vmalloc_sync_one(pgd, address); ++ if (!ret) ++ break; ++ pgd = get_cpu_pgd(cpu, kernel); +#else list_for_each_entry(page, &pgd_list, lru) { + pgd_t *pgd; spinlock_t *pgt_lock; pmd_t *ret; -@@ -243,8 +296,14 @@ void vmalloc_sync_all(void) +@@ -243,8 +301,14 @@ void vmalloc_sync_all(void) pgt_lock = &pgd_page_get_mm(page)->page_table_lock; spin_lock(pgt_lock); @@ -27336,34 +29102,47 @@ index 0e88336..2bb9777 100644 if (!ret) break; -@@ -278,6 +337,11 @@ static noinline __kprobes int vmalloc_fault(unsigned long address) +@@ -278,6 +342,12 @@ static noinline __kprobes int vmalloc_fault(unsigned long address) * an interrupt in the middle of a task switch.. */ pgd_paddr = read_cr3(); + +#ifdef CONFIG_PAX_PER_CPU_PGD -+ BUG_ON(__pa(get_cpu_pgd(smp_processor_id())) != (pgd_paddr & PHYSICAL_PAGE_MASK)); ++ BUG_ON(__pa(get_cpu_pgd(smp_processor_id(), kernel)) != (pgd_paddr & __PHYSICAL_MASK)); ++ vmalloc_sync_one(__va(pgd_paddr + PAGE_SIZE), address); +#endif + pmd_k = vmalloc_sync_one(__va(pgd_paddr), address); if (!pmd_k) return -1; -@@ -373,7 +437,14 @@ static noinline __kprobes int vmalloc_fault(unsigned long address) +@@ -373,11 +443,25 @@ static noinline __kprobes int vmalloc_fault(unsigned long address) * happen within a race in page table update. In the later * case just flush: */ +- pgd = pgd_offset(current->active_mm, address); + + pgd_ref = pgd_offset_k(address); + if (pgd_none(*pgd_ref)) + return -1; + +#ifdef CONFIG_PAX_PER_CPU_PGD -+ BUG_ON(__pa(get_cpu_pgd(smp_processor_id())) != (read_cr3() & PHYSICAL_PAGE_MASK)); -+ pgd = pgd_offset_cpu(smp_processor_id(), address); ++ BUG_ON(__pa(get_cpu_pgd(smp_processor_id(), kernel)) != (read_cr3() & __PHYSICAL_MASK)); ++ pgd = pgd_offset_cpu(smp_processor_id(), user, address); ++ if (pgd_none(*pgd)) { ++ set_pgd(pgd, *pgd_ref); ++ arch_flush_lazy_mmu_mode(); ++ } else { ++ BUG_ON(pgd_page_vaddr(*pgd) != pgd_page_vaddr(*pgd_ref)); ++ } ++ pgd = pgd_offset_cpu(smp_processor_id(), kernel, address); +#else - pgd = pgd_offset(current->active_mm, address); ++ pgd = pgd_offset(current->active_mm, address); +#endif + - pgd_ref = pgd_offset_k(address); - if (pgd_none(*pgd_ref)) - return -1; -@@ -543,7 +614,7 @@ static int is_errata93(struct pt_regs *regs, unsigned long address) + if (pgd_none(*pgd)) { + set_pgd(pgd, *pgd_ref); + arch_flush_lazy_mmu_mode(); +@@ -543,7 +627,7 @@ static int is_errata93(struct pt_regs *regs, unsigned long address) static int is_errata100(struct pt_regs *regs, unsigned long address) { #ifdef CONFIG_X86_64 @@ -27372,7 +29151,7 @@ index 0e88336..2bb9777 100644 return 1; #endif return 0; -@@ -570,7 +641,7 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address) +@@ -570,7 +654,7 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address) } static const char nx_warning[] = KERN_CRIT @@ -27381,7 +29160,7 @@ index 0e88336..2bb9777 100644 static void show_fault_oops(struct pt_regs *regs, unsigned long error_code, -@@ -579,15 +650,27 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code, +@@ -579,15 +663,27 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code, if (!oops_may_print()) return; @@ -27411,7 +29190,7 @@ index 0e88336..2bb9777 100644 printk(KERN_ALERT "BUG: unable to handle kernel "); if (address < PAGE_SIZE) printk(KERN_CONT "NULL pointer dereference"); -@@ -750,6 +833,22 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, +@@ -750,6 +846,22 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, return; } #endif @@ -27434,7 +29213,7 @@ index 0e88336..2bb9777 100644 /* Kernel addresses are always protection faults: */ if (address >= TASK_SIZE) error_code |= PF_PROT; -@@ -835,7 +934,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, +@@ -835,7 +947,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) { printk(KERN_ERR "MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n", @@ -27443,7 +29222,7 @@ index 0e88336..2bb9777 100644 code = BUS_MCEERR_AR; } #endif -@@ -898,6 +997,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) +@@ -898,6 +1010,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) return 1; } @@ -27543,7 +29322,7 @@ index 0e88336..2bb9777 100644 /* * Handle a spurious fault caused by a stale TLB entry. * -@@ -964,6 +1156,9 @@ int show_unhandled_signals = 1; +@@ -964,6 +1169,9 @@ int show_unhandled_signals = 1; static inline int access_error(unsigned long error_code, struct vm_area_struct *vma) { @@ -27553,7 +29332,7 @@ index 0e88336..2bb9777 100644 if (error_code & PF_WRITE) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -992,7 +1187,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) +@@ -992,7 +1200,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) if (error_code & PF_USER) return false; @@ -27562,7 +29341,7 @@ index 0e88336..2bb9777 100644 return false; return true; -@@ -1008,18 +1203,33 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1008,18 +1216,33 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) { struct vm_area_struct *vma; struct task_struct *tsk; @@ -27601,7 +29380,7 @@ index 0e88336..2bb9777 100644 /* * Detect and handle instructions that would cause a page fault for -@@ -1080,7 +1290,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1080,7 +1303,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) * User-mode registers count as a user access even for any * potential system fault or CPU buglet: */ @@ -27610,7 +29389,7 @@ index 0e88336..2bb9777 100644 local_irq_enable(); error_code |= PF_USER; } else { -@@ -1142,6 +1352,11 @@ retry: +@@ -1142,6 +1365,11 @@ retry: might_sleep(); } @@ -27622,7 +29401,7 @@ index 0e88336..2bb9777 100644 vma = find_vma(mm, address); if (unlikely(!vma)) { bad_area(regs, error_code, address); -@@ -1153,18 +1368,24 @@ retry: +@@ -1153,18 +1381,24 @@ retry: bad_area(regs, error_code, address); return; } @@ -27658,9 +29437,9 @@ index 0e88336..2bb9777 100644 if (unlikely(expand_stack(vma, address))) { bad_area(regs, error_code, address); return; -@@ -1228,3 +1449,292 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1230,3 +1464,292 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) __do_page_fault(regs, error_code); - exception_exit(regs); + exception_exit(prev_state); } + +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) @@ -27965,7 +29744,7 @@ index dd74e46..7d26398 100644 return 0; diff --git a/arch/x86/mm/highmem_32.c b/arch/x86/mm/highmem_32.c -index 6f31ee5..8ee4164 100644 +index 252b8f5..4dcfdc1 100644 --- a/arch/x86/mm/highmem_32.c +++ b/arch/x86/mm/highmem_32.c @@ -44,7 +44,11 @@ void *kmap_atomic_prot(struct page *page, pgprot_t prot) @@ -28089,7 +29868,7 @@ index ae1aa71..d9bea75 100644 #endif /*HAVE_ARCH_HUGETLB_UNMAPPED_AREA*/ diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c -index 59b7fc4..b1dd75f 100644 +index 1f34e92..c97b98f 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -4,6 +4,7 @@ @@ -28109,7 +29888,26 @@ index 59b7fc4..b1dd75f 100644 #include "mm_internal.h" -@@ -464,10 +467,40 @@ void __init init_mem_mapping(void) +@@ -465,7 +468,18 @@ void __init init_mem_mapping(void) + early_ioremap_page_table_range_init(); + #endif + ++#ifdef CONFIG_PAX_PER_CPU_PGD ++ clone_pgd_range(get_cpu_pgd(0, kernel) + KERNEL_PGD_BOUNDARY, ++ swapper_pg_dir + KERNEL_PGD_BOUNDARY, ++ KERNEL_PGD_PTRS); ++ clone_pgd_range(get_cpu_pgd(0, user) + KERNEL_PGD_BOUNDARY, ++ swapper_pg_dir + KERNEL_PGD_BOUNDARY, ++ KERNEL_PGD_PTRS); ++ load_cr3(get_cpu_pgd(0, kernel)); ++#else + load_cr3(swapper_pg_dir); ++#endif ++ + __flush_tlb_all(); + + early_memtest(0, max_pfn_mapped << PAGE_SHIFT); +@@ -481,10 +495,40 @@ void __init init_mem_mapping(void) * Access has to be given to non-kernel-ram areas as well, these contain the PCI * mmio resources as well as potential bios/acpi data regions. */ @@ -28151,7 +29949,7 @@ index 59b7fc4..b1dd75f 100644 if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) return 0; if (!page_is_ram(pagenr)) -@@ -524,8 +557,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) +@@ -538,8 +582,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) #endif } @@ -28270,7 +30068,7 @@ index 59b7fc4..b1dd75f 100644 (unsigned long)(&__init_begin), (unsigned long)(&__init_end)); diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c -index 2d19001..6a1046c 100644 +index 3ac7e31..89611b7 100644 --- a/arch/x86/mm/init_32.c +++ b/arch/x86/mm/init_32.c @@ -62,33 +62,6 @@ static noinline int do_test_wp_bit(void); @@ -28460,7 +30258,7 @@ index 2d19001..6a1046c 100644 prot = PAGE_KERNEL_EXEC; pages_4k++; -@@ -482,7 +486,7 @@ void __init native_pagetable_init(void) +@@ -474,7 +478,7 @@ void __init native_pagetable_init(void) pud = pud_offset(pgd, va); pmd = pmd_offset(pud, va); @@ -28469,7 +30267,7 @@ index 2d19001..6a1046c 100644 break; /* should not be large page here */ -@@ -540,12 +544,10 @@ void __init early_ioremap_page_table_range_init(void) +@@ -532,12 +536,10 @@ void __init early_ioremap_page_table_range_init(void) static void __init pagetable_init(void) { @@ -28484,20 +30282,7 @@ index 2d19001..6a1046c 100644 EXPORT_SYMBOL_GPL(__supported_pte_mask); /* user-defined highmem size */ -@@ -752,6 +754,12 @@ void __init mem_init(void) - - pci_iommu_alloc(); - -+#ifdef CONFIG_PAX_PER_CPU_PGD -+ clone_pgd_range(get_cpu_pgd(0) + KERNEL_PGD_BOUNDARY, -+ swapper_pg_dir + KERNEL_PGD_BOUNDARY, -+ KERNEL_PGD_PTRS); -+#endif -+ - #ifdef CONFIG_FLATMEM - BUG_ON(!mem_map); - #endif -@@ -780,7 +788,7 @@ void __init mem_init(void) +@@ -772,7 +774,7 @@ void __init mem_init(void) after_bootmem = 1; codesize = (unsigned long) &_etext - (unsigned long) &_text; @@ -28506,7 +30291,7 @@ index 2d19001..6a1046c 100644 initsize = (unsigned long) &__init_end - (unsigned long) &__init_begin; printk(KERN_INFO "Memory: %luk/%luk available (%dk kernel code, " -@@ -821,10 +829,10 @@ void __init mem_init(void) +@@ -813,10 +815,10 @@ void __init mem_init(void) ((unsigned long)&__init_end - (unsigned long)&__init_begin) >> 10, @@ -28520,7 +30305,7 @@ index 2d19001..6a1046c 100644 ((unsigned long)&_etext - (unsigned long)&_text) >> 10); /* -@@ -914,6 +922,7 @@ void set_kernel_text_rw(void) +@@ -906,6 +908,7 @@ void set_kernel_text_rw(void) if (!kernel_set_to_readonly) return; @@ -28528,7 +30313,7 @@ index 2d19001..6a1046c 100644 pr_debug("Set kernel text: %lx - %lx for read write\n", start, start+size); -@@ -928,6 +937,7 @@ void set_kernel_text_ro(void) +@@ -920,6 +923,7 @@ void set_kernel_text_ro(void) if (!kernel_set_to_readonly) return; @@ -28536,7 +30321,7 @@ index 2d19001..6a1046c 100644 pr_debug("Set kernel text: %lx - %lx for read only\n", start, start+size); -@@ -956,6 +966,7 @@ void mark_rodata_ro(void) +@@ -948,6 +952,7 @@ void mark_rodata_ro(void) unsigned long start = PFN_ALIGN(_text); unsigned long size = PFN_ALIGN(_etext) - start; @@ -28545,10 +30330,10 @@ index 2d19001..6a1046c 100644 printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10); diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index 474e28f..647dd12 100644 +index bb00c46..bf91a67 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c -@@ -150,7 +150,7 @@ early_param("gbpages", parse_direct_gbpages_on); +@@ -151,7 +151,7 @@ early_param("gbpages", parse_direct_gbpages_on); * around without checking the pgd every time. */ @@ -28557,7 +30342,7 @@ index 474e28f..647dd12 100644 EXPORT_SYMBOL_GPL(__supported_pte_mask); int force_personality32; -@@ -183,12 +183,22 @@ void sync_global_pgds(unsigned long start, unsigned long end) +@@ -184,12 +184,29 @@ void sync_global_pgds(unsigned long start, unsigned long end) for (address = start; address <= end; address += PGDIR_SIZE) { const pgd_t *pgd_ref = pgd_offset_k(address); @@ -28575,12 +30360,19 @@ index 474e28f..647dd12 100644 + +#ifdef CONFIG_PAX_PER_CPU_PGD + for (cpu = 0; cpu < nr_cpu_ids; ++cpu) { -+ pgd_t *pgd = pgd_offset_cpu(cpu, address); ++ pgd_t *pgd = pgd_offset_cpu(cpu, user, address); ++ ++ if (pgd_none(*pgd)) ++ set_pgd(pgd, *pgd_ref); ++ else ++ BUG_ON(pgd_page_vaddr(*pgd) ++ != pgd_page_vaddr(*pgd_ref)); ++ pgd = pgd_offset_cpu(cpu, kernel, address); +#else list_for_each_entry(page, &pgd_list, lru) { pgd_t *pgd; spinlock_t *pgt_lock; -@@ -197,6 +207,7 @@ void sync_global_pgds(unsigned long start, unsigned long end) +@@ -198,6 +215,7 @@ void sync_global_pgds(unsigned long start, unsigned long end) /* the pgt_lock only for Xen */ pgt_lock = &pgd_page_get_mm(page)->page_table_lock; spin_lock(pgt_lock); @@ -28588,7 +30380,7 @@ index 474e28f..647dd12 100644 if (pgd_none(*pgd)) set_pgd(pgd, *pgd_ref); -@@ -204,7 +215,10 @@ void sync_global_pgds(unsigned long start, unsigned long end) +@@ -205,7 +223,10 @@ void sync_global_pgds(unsigned long start, unsigned long end) BUG_ON(pgd_page_vaddr(*pgd) != pgd_page_vaddr(*pgd_ref)); @@ -28599,7 +30391,7 @@ index 474e28f..647dd12 100644 } spin_unlock(&pgd_lock); } -@@ -237,7 +251,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr) +@@ -238,7 +259,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr) { if (pgd_none(*pgd)) { pud_t *pud = (pud_t *)spp_getpage(); @@ -28608,7 +30400,7 @@ index 474e28f..647dd12 100644 if (pud != pud_offset(pgd, 0)) printk(KERN_ERR "PAGETABLE BUG #00! %p <-> %p\n", pud, pud_offset(pgd, 0)); -@@ -249,7 +263,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr) +@@ -250,7 +271,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr) { if (pud_none(*pud)) { pmd_t *pmd = (pmd_t *) spp_getpage(); @@ -28617,7 +30409,7 @@ index 474e28f..647dd12 100644 if (pmd != pmd_offset(pud, 0)) printk(KERN_ERR "PAGETABLE BUG #01! %p <-> %p\n", pmd, pmd_offset(pud, 0)); -@@ -278,7 +292,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte) +@@ -279,7 +300,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte) pmd = fill_pmd(pud, vaddr); pte = fill_pte(pmd, vaddr); @@ -28627,7 +30419,7 @@ index 474e28f..647dd12 100644 /* * It's enough to flush this one mapping. -@@ -337,14 +353,12 @@ static void __init __init_extra_mapping(unsigned long phys, unsigned long size, +@@ -338,14 +361,12 @@ static void __init __init_extra_mapping(unsigned long phys, unsigned long size, pgd = pgd_offset_k((unsigned long)__va(phys)); if (pgd_none(*pgd)) { pud = (pud_t *) spp_getpage(); @@ -28644,7 +30436,7 @@ index 474e28f..647dd12 100644 } pmd = pmd_offset(pud, phys); BUG_ON(!pmd_none(*pmd)); -@@ -585,7 +599,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end, +@@ -586,7 +607,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end, prot); spin_lock(&init_mm.page_table_lock); @@ -28653,7 +30445,7 @@ index 474e28f..647dd12 100644 spin_unlock(&init_mm.page_table_lock); } __flush_tlb_all(); -@@ -626,7 +640,7 @@ kernel_physical_mapping_init(unsigned long start, +@@ -627,7 +648,7 @@ kernel_physical_mapping_init(unsigned long start, page_size_mask); spin_lock(&init_mm.page_table_lock); @@ -28662,20 +30454,7 @@ index 474e28f..647dd12 100644 spin_unlock(&init_mm.page_table_lock); pgd_changed = true; } -@@ -1065,6 +1079,12 @@ void __init mem_init(void) - - pci_iommu_alloc(); - -+#ifdef CONFIG_PAX_PER_CPU_PGD -+ clone_pgd_range(get_cpu_pgd(0) + KERNEL_PGD_BOUNDARY, -+ swapper_pg_dir + KERNEL_PGD_BOUNDARY, -+ KERNEL_PGD_PTRS); -+#endif -+ - /* clear_bss() already clear the empty_zero_page */ - - reservedpages = 0; -@@ -1224,8 +1244,8 @@ int kern_addr_valid(unsigned long addr) +@@ -1221,8 +1242,8 @@ int kern_addr_valid(unsigned long addr) static struct vm_area_struct gate_vma = { .vm_start = VSYSCALL_START, .vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE), @@ -28686,7 +30465,7 @@ index 474e28f..647dd12 100644 }; struct vm_area_struct *get_gate_vma(struct mm_struct *mm) -@@ -1259,7 +1279,7 @@ int in_gate_area_no_mm(unsigned long addr) +@@ -1256,7 +1277,7 @@ int in_gate_area_no_mm(unsigned long addr) const char *arch_vma_name(struct vm_area_struct *vma) { @@ -28712,7 +30491,7 @@ index 7b179b4..6bd17777 100644 return (void *)vaddr; diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c -index 78fe3f1..73b95e2 100644 +index 9a1e658..da003f3 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -97,7 +97,7 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr, @@ -28733,7 +30512,7 @@ index 78fe3f1..73b95e2 100644 { struct vm_struct *p, *o; -@@ -315,6 +315,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) +@@ -310,6 +310,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) /* If page is RAM, we can use __va. Otherwise ioremap and unmap. */ if (page_is_ram(start >> PAGE_SHIFT)) @@ -28743,7 +30522,7 @@ index 78fe3f1..73b95e2 100644 return __va(phys); addr = (void __force *)ioremap_cache(start, PAGE_SIZE); -@@ -327,6 +330,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) +@@ -322,6 +325,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) void unxlate_dev_mem_ptr(unsigned long phys, void *addr) { if (page_is_ram(phys >> PAGE_SHIFT)) @@ -28753,7 +30532,7 @@ index 78fe3f1..73b95e2 100644 return; iounmap((void __iomem *)((unsigned long)addr & PAGE_MASK)); -@@ -344,7 +350,7 @@ static int __init early_ioremap_debug_setup(char *str) +@@ -339,7 +345,7 @@ static int __init early_ioremap_debug_setup(char *str) early_param("early_ioremap_debug", early_ioremap_debug_setup); static __initdata int after_paging_init; @@ -28762,7 +30541,7 @@ index 78fe3f1..73b95e2 100644 static inline pmd_t * __init early_ioremap_pmd(unsigned long addr) { -@@ -381,8 +387,7 @@ void __init early_ioremap_init(void) +@@ -376,8 +382,7 @@ void __init early_ioremap_init(void) slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i); pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN)); @@ -28789,7 +30568,7 @@ index d87dd6d..bf3fa66 100644 pte = kmemcheck_pte_lookup(address); diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c -index 845df68..1d8d29f 100644 +index c1af323..4758dad 100644 --- a/arch/x86/mm/mmap.c +++ b/arch/x86/mm/mmap.c @@ -52,7 +52,7 @@ static unsigned int stack_maxrandom_size(void) @@ -28829,8 +30608,8 @@ index 845df68..1d8d29f 100644 * Bottom-up (legacy) layout on X86_32 did not support randomization, X86_64 * does, but not when emulating X86_32 */ --static unsigned long mmap_legacy_base(void) -+static unsigned long mmap_legacy_base(struct mm_struct *mm) +-unsigned long mmap_legacy_base(void) ++unsigned long mmap_legacy_base(struct mm_struct *mm) { - if (mmap_is_ia32()) + if (mmap_is_ia32()) { @@ -28847,7 +30626,7 @@ index 845df68..1d8d29f 100644 return TASK_UNMAPPED_BASE + mmap_rnd(); } -@@ -113,11 +126,23 @@ static unsigned long mmap_legacy_base(void) +@@ -113,11 +126,23 @@ unsigned long mmap_legacy_base(void) void arch_pick_mmap_layout(struct mm_struct *mm) { if (mmap_is_legacy()) { @@ -28923,10 +30702,10 @@ index dc0b727..f612039 100644 might_sleep(); if (is_enabled()) /* recheck and proper locking in *_core() */ diff --git a/arch/x86/mm/numa.c b/arch/x86/mm/numa.c -index 72fe01e..f1a8daa 100644 +index a71c4e2..301ae44 100644 --- a/arch/x86/mm/numa.c +++ b/arch/x86/mm/numa.c -@@ -477,7 +477,7 @@ static bool __init numa_meminfo_cover_memory(const struct numa_meminfo *mi) +@@ -474,7 +474,7 @@ static bool __init numa_meminfo_cover_memory(const struct numa_meminfo *mi) return true; } @@ -28936,7 +30715,7 @@ index 72fe01e..f1a8daa 100644 unsigned long uninitialized_var(pfn_align); int i, nid; diff --git a/arch/x86/mm/pageattr-test.c b/arch/x86/mm/pageattr-test.c -index 0e38951..4ca8458 100644 +index d0b1773..4c3327c 100644 --- a/arch/x86/mm/pageattr-test.c +++ b/arch/x86/mm/pageattr-test.c @@ -36,7 +36,7 @@ enum { @@ -28949,7 +30728,7 @@ index 0e38951..4ca8458 100644 struct split_state { diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c -index fb4e73e..43f7238 100644 +index bb32480..75f2f5e 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -261,7 +261,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address, @@ -29014,7 +30793,7 @@ index fb4e73e..43f7238 100644 +#ifdef CONFIG_PAX_PER_CPU_PGD + for (cpu = 0; cpu < nr_cpu_ids; ++cpu) { -+ pgd_t *pgd = get_cpu_pgd(cpu); ++ pgd_t *pgd = get_cpu_pgd(cpu, kernel); +#else list_for_each_entry(page, &pgd_list, lru) { - pgd_t *pgd; @@ -29087,6 +30866,19 @@ index 6574388..87e9bef 100644 cattr_name(want_flags), (unsigned long long)paddr, (unsigned long long)(paddr + size - 1), +diff --git a/arch/x86/mm/pat_rbtree.c b/arch/x86/mm/pat_rbtree.c +index 415f6c4..d319983 100644 +--- a/arch/x86/mm/pat_rbtree.c ++++ b/arch/x86/mm/pat_rbtree.c +@@ -160,7 +160,7 @@ success: + + failure: + printk(KERN_INFO "%s:%d conflicting memory types " +- "%Lx-%Lx %s<->%s\n", current->comm, current->pid, start, ++ "%Lx-%Lx %s<->%s\n", current->comm, task_pid_nr(current), start, + end, cattr_name(found_type), cattr_name(match->type)); + return -EBUSY; + } diff --git a/arch/x86/mm/pf_in.c b/arch/x86/mm/pf_in.c index 9f0614d..92ae64a 100644 --- a/arch/x86/mm/pf_in.c @@ -29137,10 +30929,10 @@ index 9f0614d..92ae64a 100644 p += get_opcode(p, &opcode); for (i = 0; i < ARRAY_SIZE(imm_wop); i++) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c -index 17fda6a..489c74a 100644 +index 17fda6a..f7d54a0 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c -@@ -91,10 +91,64 @@ static inline void pgd_list_del(pgd_t *pgd) +@@ -91,10 +91,67 @@ static inline void pgd_list_del(pgd_t *pgd) list_del(&page->lru); } @@ -29153,6 +30945,9 @@ index 17fda6a..489c74a 100644 +{ + unsigned int count = USER_PGD_PTRS; ++ if (!pax_user_shadow_base) ++ return; ++ + while (count--) + *dst++ = __pgd((pgd_val(*src++) | (_PAGE_NX & __supported_pte_mask)) & ~_PAGE_USER); +} @@ -29207,7 +31002,7 @@ index 17fda6a..489c74a 100644 static void pgd_set_mm(pgd_t *pgd, struct mm_struct *mm) { BUILD_BUG_ON(sizeof(virt_to_page(pgd)->index) < sizeof(mm)); -@@ -135,6 +189,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -135,6 +192,7 @@ static void pgd_dtor(pgd_t *pgd) pgd_list_del(pgd); spin_unlock(&pgd_lock); } @@ -29215,7 +31010,7 @@ index 17fda6a..489c74a 100644 /* * List of all pgd's needed for non-PAE so it can invalidate entries -@@ -147,7 +202,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -147,7 +205,7 @@ static void pgd_dtor(pgd_t *pgd) * -- nyc */ @@ -29224,7 +31019,7 @@ index 17fda6a..489c74a 100644 /* * In PAE mode, we need to do a cr3 reload (=tlb flush) when * updating the top-level pagetable entries to guarantee the -@@ -159,7 +214,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -159,7 +217,7 @@ static void pgd_dtor(pgd_t *pgd) * not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate * and initialize the kernel pmds here. */ @@ -29233,7 +31028,7 @@ index 17fda6a..489c74a 100644 void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) { -@@ -177,36 +232,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) +@@ -177,36 +235,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) */ flush_tlb_mm(mm); } @@ -29283,7 +31078,7 @@ index 17fda6a..489c74a 100644 return -ENOMEM; } -@@ -219,51 +276,55 @@ static int preallocate_pmds(pmd_t *pmds[]) +@@ -219,51 +279,55 @@ static int preallocate_pmds(pmd_t *pmds[]) * preallocate which never got a corresponding vma will need to be * freed manually. */ @@ -29356,7 +31151,7 @@ index 17fda6a..489c74a 100644 pgd = (pgd_t *)__get_free_page(PGALLOC_GFP); -@@ -272,11 +333,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) +@@ -272,11 +336,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) mm->pgd = pgd; @@ -29370,7 +31165,7 @@ index 17fda6a..489c74a 100644 /* * Make sure that pre-populating the pmds is atomic with -@@ -286,14 +347,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) +@@ -286,14 +350,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) spin_lock(&pgd_lock); pgd_ctor(mm, pgd); @@ -29388,7 +31183,7 @@ index 17fda6a..489c74a 100644 out_free_pgd: free_page((unsigned long)pgd); out: -@@ -302,7 +363,7 @@ out: +@@ -302,7 +366,7 @@ out: void pgd_free(struct mm_struct *mm, pgd_t *pgd) { @@ -29486,6 +31281,49 @@ index 282375f..e03a98f 100644 } } EXPORT_SYMBOL_GPL(leave_mm); +diff --git a/arch/x86/mm/uderef_64.c b/arch/x86/mm/uderef_64.c +new file mode 100644 +index 0000000..dace51c +--- /dev/null ++++ b/arch/x86/mm/uderef_64.c +@@ -0,0 +1,37 @@ ++#include ++#include ++#include ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++/* PaX: due to the special call convention these functions must ++ * - remain leaf functions under all configurations, ++ * - never be called directly, only dereferenced from the wrappers. ++ */ ++void __pax_open_userland(void) ++{ ++ unsigned int cpu; ++ ++ if (unlikely(!segment_eq(get_fs(), USER_DS))) ++ return; ++ ++ cpu = raw_get_cpu(); ++ BUG_ON((read_cr3() & ~PAGE_MASK) != PCID_KERNEL); ++ write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER | PCID_NOFLUSH); ++ raw_put_cpu_no_resched(); ++} ++EXPORT_SYMBOL(__pax_open_userland); ++ ++void __pax_close_userland(void) ++{ ++ unsigned int cpu; ++ ++ if (unlikely(!segment_eq(get_fs(), USER_DS))) ++ return; ++ ++ cpu = raw_get_cpu(); ++ BUG_ON((read_cr3() & ~PAGE_MASK) != PCID_USER); ++ write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH); ++ raw_put_cpu_no_resched(); ++} ++EXPORT_SYMBOL(__pax_close_userland); ++#endif diff --git a/arch/x86/net/bpf_jit.S b/arch/x86/net/bpf_jit.S index 877b9a1..a8ecf42 100644 --- a/arch/x86/net/bpf_jit.S @@ -29600,7 +31438,7 @@ index 877b9a1..a8ecf42 100644 + pax_force_retaddr ret diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c -index 3cbe4538..003d011 100644 +index f66b540..3e88dfb 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c @@ -12,6 +12,7 @@ @@ -29872,9 +31710,9 @@ index 3cbe4538..003d011 100644 } oldproglen = proglen; } -@@ -737,7 +856,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -732,7 +851,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; + if (image) { bpf_flush_icache(image, image + proglen); - fp->bpf_func = (void *)image; - } + } else @@ -29884,7 +31722,7 @@ index 3cbe4538..003d011 100644 out: kfree(addrs); return; -@@ -745,18 +867,20 @@ out: +@@ -740,18 +862,20 @@ out: static void jit_free_defer(struct work_struct *arg) { @@ -30398,7 +32236,7 @@ index c77b24a..c979855 100644 } EXPORT_SYMBOL(pcibios_set_irq_routing); diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c -index 40e4469..1ab536e 100644 +index 40e4469..d915bf9 100644 --- a/arch/x86/platform/efi/efi_32.c +++ b/arch/x86/platform/efi/efi_32.c @@ -44,11 +44,22 @@ void efi_call_phys_prelog(void) @@ -30424,7 +32262,7 @@ index 40e4469..1ab536e 100644 gdt_descr.address = __pa(get_cpu_gdt_table(0)); gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); -@@ -58,6 +69,14 @@ void efi_call_phys_epilog(void) +@@ -58,11 +69,24 @@ void efi_call_phys_epilog(void) { struct desc_ptr gdt_descr; @@ -30439,6 +32277,44 @@ index 40e4469..1ab536e 100644 gdt_descr.address = (unsigned long)get_cpu_gdt_table(0); gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); + ++#ifdef CONFIG_PAX_PER_CPU_PGD ++ load_cr3(get_cpu_pgd(smp_processor_id(), kernel)); ++#else + load_cr3(swapper_pg_dir); ++#endif ++ + __flush_tlb_all(); + + local_irq_restore(efi_rt_eflags); +diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c +index 39a0e7f1..872396e 100644 +--- a/arch/x86/platform/efi/efi_64.c ++++ b/arch/x86/platform/efi/efi_64.c +@@ -76,6 +76,11 @@ void __init efi_call_phys_prelog(void) + vaddress = (unsigned long)__va(pgd * PGDIR_SIZE); + set_pgd(pgd_offset_k(pgd * PGDIR_SIZE), *pgd_offset_k(vaddress)); + } ++ ++#ifdef CONFIG_PAX_PER_CPU_PGD ++ load_cr3(swapper_pg_dir); ++#endif ++ + __flush_tlb_all(); + } + +@@ -89,6 +94,11 @@ void __init efi_call_phys_epilog(void) + for (pgd = 0; pgd < n_pgds; pgd++) + set_pgd(pgd_offset_k(pgd * PGDIR_SIZE), save_pgd[pgd]); + kfree(save_pgd); ++ ++#ifdef CONFIG_PAX_PER_CPU_PGD ++ load_cr3(get_cpu_pgd(smp_processor_id(), kernel)); ++#endif ++ + __flush_tlb_all(); + local_irq_restore(efi_flags); + early_code_mapping_set_exec(0); diff --git a/arch/x86/platform/efi/efi_stub_32.S b/arch/x86/platform/efi/efi_stub_32.S index fbe66e6..eae5e38 100644 --- a/arch/x86/platform/efi/efi_stub_32.S @@ -30636,7 +32512,7 @@ index 4c07cca..2c8427d 100644 ret ENDPROC(efi_call6) diff --git a/arch/x86/platform/mrst/mrst.c b/arch/x86/platform/mrst/mrst.c -index e31bcd8..f12dc46 100644 +index a0a0a43..a48e233 100644 --- a/arch/x86/platform/mrst/mrst.c +++ b/arch/x86/platform/mrst/mrst.c @@ -78,13 +78,15 @@ struct sfi_rtc_table_entry sfi_mrtc_array[SFI_MRTC_MAX]; @@ -30671,23 +32547,30 @@ index d6ee929..3637cb5 100644 .getproplen = olpc_dt_getproplen, .getproperty = olpc_dt_getproperty, diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c -index 3c68768..07e82b8 100644 +index 1cf5b30..fd45732 100644 --- a/arch/x86/power/cpu.c +++ b/arch/x86/power/cpu.c -@@ -134,7 +134,7 @@ static void do_fpu_end(void) +@@ -137,11 +137,8 @@ static void do_fpu_end(void) static void fix_processor_context(void) { int cpu = smp_processor_id(); - struct tss_struct *t = &per_cpu(init_tss, cpu); +-#ifdef CONFIG_X86_64 +- struct desc_struct *desc = get_cpu_gdt_table(cpu); +- tss_desc tss; +-#endif + struct tss_struct *t = init_tss + cpu; - ++ set_tss_desc(cpu, t); /* * This just modifies memory; should not be -@@ -144,8 +144,6 @@ static void fix_processor_context(void) + * necessary. But... This is necessary, because +@@ -150,10 +147,6 @@ static void fix_processor_context(void) */ #ifdef CONFIG_X86_64 -- get_cpu_gdt_table(cpu)[GDT_ENTRY_TSS].type = 9; +- memcpy(&tss, &desc[GDT_ENTRY_TSS], sizeof(tss_desc)); +- tss.type = 0x9; /* The available 64-bit TSS (see AMD vol 2, pg 91 */ +- write_gdt_entry(desc, GDT_ENTRY_TSS, &tss, DESC_TSS); - syscall_init(); /* This sets MSR_*STAR and related */ #endif @@ -30793,10 +32676,18 @@ index c1b2791..f9e31c7 100644 END(trampoline_header) diff --git a/arch/x86/realmode/rm/trampoline_64.S b/arch/x86/realmode/rm/trampoline_64.S -index bb360dc..3e5945f 100644 +index bb360dc..d0fd8f8 100644 --- a/arch/x86/realmode/rm/trampoline_64.S +++ b/arch/x86/realmode/rm/trampoline_64.S -@@ -107,7 +107,7 @@ ENTRY(startup_32) +@@ -94,6 +94,7 @@ ENTRY(startup_32) + movl %edx, %gs + + movl pa_tr_cr4, %eax ++ andl $~X86_CR4_PCIDE, %eax + movl %eax, %cr4 # Enable PAE mode + + # Setup trampoline 4 level pagetables +@@ -107,7 +108,7 @@ ENTRY(startup_32) wrmsr # Enable paging and in turn activate Long Mode @@ -30805,25 +32696,40 @@ index bb360dc..3e5945f 100644 movl %eax, %cr0 /* +diff --git a/arch/x86/tools/Makefile b/arch/x86/tools/Makefile +index e812034..c747134 100644 +--- a/arch/x86/tools/Makefile ++++ b/arch/x86/tools/Makefile +@@ -37,7 +37,7 @@ $(obj)/test_get_len.o: $(srctree)/arch/x86/lib/insn.c $(srctree)/arch/x86/lib/in + + $(obj)/insn_sanity.o: $(srctree)/arch/x86/lib/insn.c $(srctree)/arch/x86/lib/inat.c $(srctree)/arch/x86/include/asm/inat_types.h $(srctree)/arch/x86/include/asm/inat.h $(srctree)/arch/x86/include/asm/insn.h $(objtree)/arch/x86/lib/inat-tables.c + +-HOST_EXTRACFLAGS += -I$(srctree)/tools/include ++HOST_EXTRACFLAGS += -I$(srctree)/tools/include -ggdb + hostprogs-y += relocs + relocs-objs := relocs_32.o relocs_64.o relocs_common.o + relocs: $(obj)/relocs diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c -index 79d67bd..c7e1b90 100644 +index f7bab68..b6d9886 100644 --- a/arch/x86/tools/relocs.c +++ b/arch/x86/tools/relocs.c -@@ -12,10 +12,13 @@ - #include - #include +@@ -1,5 +1,7 @@ + /* This is included from relocs_32/64.c */ +#include "../../../include/generated/autoconf.h" + - static void die(char *fmt, ...); + #define ElfW(type) _ElfW(ELF_BITS, type) + #define _ElfW(bits, type) __ElfW(bits, type) + #define __ElfW(bits, type) Elf##bits##_##type +@@ -11,6 +13,7 @@ + #define Elf_Sym ElfW(Sym) + + static Elf_Ehdr ehdr; ++static Elf_Phdr *phdr; - #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) - static Elf32_Ehdr ehdr; -+static Elf32_Phdr *phdr; - static unsigned long reloc_count, reloc_idx; - static unsigned long *relocs; - static unsigned long reloc16_count, reloc16_idx; -@@ -330,9 +333,39 @@ static void read_ehdr(FILE *fp) + struct relocs { + uint32_t *offset; +@@ -383,9 +386,39 @@ static void read_ehdr(FILE *fp) } } @@ -30831,7 +32737,7 @@ index 79d67bd..c7e1b90 100644 +{ + unsigned int i; + -+ phdr = calloc(ehdr.e_phnum, sizeof(Elf32_Phdr)); ++ phdr = calloc(ehdr.e_phnum, sizeof(Elf_Phdr)); + if (!phdr) { + die("Unable to allocate %d program headers\n", + ehdr.e_phnum); @@ -30845,14 +32751,14 @@ index 79d67bd..c7e1b90 100644 + strerror(errno)); + } + for(i = 0; i < ehdr.e_phnum; i++) { -+ phdr[i].p_type = elf32_to_cpu(phdr[i].p_type); -+ phdr[i].p_offset = elf32_to_cpu(phdr[i].p_offset); -+ phdr[i].p_vaddr = elf32_to_cpu(phdr[i].p_vaddr); -+ phdr[i].p_paddr = elf32_to_cpu(phdr[i].p_paddr); -+ phdr[i].p_filesz = elf32_to_cpu(phdr[i].p_filesz); -+ phdr[i].p_memsz = elf32_to_cpu(phdr[i].p_memsz); -+ phdr[i].p_flags = elf32_to_cpu(phdr[i].p_flags); -+ phdr[i].p_align = elf32_to_cpu(phdr[i].p_align); ++ phdr[i].p_type = elf_word_to_cpu(phdr[i].p_type); ++ phdr[i].p_offset = elf_off_to_cpu(phdr[i].p_offset); ++ phdr[i].p_vaddr = elf_addr_to_cpu(phdr[i].p_vaddr); ++ phdr[i].p_paddr = elf_addr_to_cpu(phdr[i].p_paddr); ++ phdr[i].p_filesz = elf_word_to_cpu(phdr[i].p_filesz); ++ phdr[i].p_memsz = elf_word_to_cpu(phdr[i].p_memsz); ++ phdr[i].p_flags = elf_word_to_cpu(phdr[i].p_flags); ++ phdr[i].p_align = elf_word_to_cpu(phdr[i].p_align); + } + +} @@ -30861,10 +32767,10 @@ index 79d67bd..c7e1b90 100644 { - int i; + unsigned int i; - Elf32_Shdr shdr; + Elf_Shdr shdr; secs = calloc(ehdr.e_shnum, sizeof(struct section)); -@@ -367,7 +400,7 @@ static void read_shdrs(FILE *fp) +@@ -420,7 +453,7 @@ static void read_shdrs(FILE *fp) static void read_strtabs(FILE *fp) { @@ -30873,7 +32779,7 @@ index 79d67bd..c7e1b90 100644 for (i = 0; i < ehdr.e_shnum; i++) { struct section *sec = &secs[i]; if (sec->shdr.sh_type != SHT_STRTAB) { -@@ -392,7 +425,7 @@ static void read_strtabs(FILE *fp) +@@ -445,7 +478,7 @@ static void read_strtabs(FILE *fp) static void read_symtabs(FILE *fp) { @@ -30882,7 +32788,7 @@ index 79d67bd..c7e1b90 100644 for (i = 0; i < ehdr.e_shnum; i++) { struct section *sec = &secs[i]; if (sec->shdr.sh_type != SHT_SYMTAB) { -@@ -423,9 +456,11 @@ static void read_symtabs(FILE *fp) +@@ -476,9 +509,11 @@ static void read_symtabs(FILE *fp) } @@ -30895,8 +32801,8 @@ index 79d67bd..c7e1b90 100644 + for (i = 0; i < ehdr.e_shnum; i++) { struct section *sec = &secs[i]; - if (sec->shdr.sh_type != SHT_REL) { -@@ -445,9 +480,22 @@ static void read_relocs(FILE *fp) + if (sec->shdr.sh_type != SHT_REL_TYPE) { +@@ -498,9 +533,22 @@ static void read_relocs(FILE *fp) die("Cannot read symbol table: %s\n", strerror(errno)); } @@ -30913,21 +32819,23 @@ index 79d67bd..c7e1b90 100644 + } +#endif + - for (j = 0; j < sec->shdr.sh_size/sizeof(Elf32_Rel); j++) { - Elf32_Rel *rel = &sec->reltab[j]; -- rel->r_offset = elf32_to_cpu(rel->r_offset); -+ rel->r_offset = elf32_to_cpu(rel->r_offset) + base; - rel->r_info = elf32_to_cpu(rel->r_info); - } - } -@@ -456,13 +504,13 @@ static void read_relocs(FILE *fp) + for (j = 0; j < sec->shdr.sh_size/sizeof(Elf_Rel); j++) { + Elf_Rel *rel = &sec->reltab[j]; +- rel->r_offset = elf_addr_to_cpu(rel->r_offset); ++ rel->r_offset = elf_addr_to_cpu(rel->r_offset) + base; + rel->r_info = elf_xword_to_cpu(rel->r_info); + #if (SHT_REL_TYPE == SHT_RELA) + rel->r_addend = elf_xword_to_cpu(rel->r_addend); +@@ -512,7 +560,7 @@ static void read_relocs(FILE *fp) static void print_absolute_symbols(void) { - int i; + unsigned int i; - printf("Absolute symbols\n"); - printf(" Num: Value Size Type Bind Visibility Name\n"); + const char *format; + + if (ELF_BITS == 64) +@@ -525,7 +573,7 @@ static void print_absolute_symbols(void) for (i = 0; i < ehdr.e_shnum; i++) { struct section *sec = &secs[i]; char *sym_strtab; @@ -30936,76 +32844,76 @@ index 79d67bd..c7e1b90 100644 if (sec->shdr.sh_type != SHT_SYMTAB) { continue; -@@ -489,14 +537,14 @@ static void print_absolute_symbols(void) +@@ -552,7 +600,7 @@ static void print_absolute_symbols(void) static void print_absolute_relocs(void) { - int i, printed = 0; + unsigned int i, printed = 0; + const char *format; - for (i = 0; i < ehdr.e_shnum; i++) { - struct section *sec = &secs[i]; + if (ELF_BITS == 64) +@@ -565,7 +613,7 @@ static void print_absolute_relocs(void) struct section *sec_applies, *sec_symtab; char *sym_strtab; - Elf32_Sym *sh_symtab; + Elf_Sym *sh_symtab; - int j; + unsigned int j; - if (sec->shdr.sh_type != SHT_REL) { + if (sec->shdr.sh_type != SHT_REL_TYPE) { continue; } -@@ -558,13 +606,13 @@ static void print_absolute_relocs(void) - static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym), - int use_real_mode) +@@ -642,13 +690,13 @@ static void add_reloc(struct relocs *r, uint32_t offset) + static void walk_relocs(int (*process)(struct section *sec, Elf_Rel *rel, + Elf_Sym *sym, const char *symname)) { - int i; + unsigned int i; /* Walk through the relocations */ for (i = 0; i < ehdr.e_shnum; i++) { char *sym_strtab; - Elf32_Sym *sh_symtab; + Elf_Sym *sh_symtab; struct section *sec_applies, *sec_symtab; - int j; + unsigned int j; struct section *sec = &secs[i]; - if (sec->shdr.sh_type != SHT_REL) { -@@ -588,6 +636,24 @@ static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym), - sym = &sh_symtab[ELF32_R_SYM(rel->r_info)]; - r_type = ELF32_R_TYPE(rel->r_info); - -+ if (!use_real_mode) { -+ /* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */ -+ if (!strcmp(sec_name(sym->st_shndx), ".data..percpu") && strcmp(sym_name(sym_strtab, sym), "__per_cpu_load")) -+ continue; + if (sec->shdr.sh_type != SHT_REL_TYPE) { +@@ -812,6 +860,23 @@ static int do_reloc32(struct section *sec, Elf_Rel *rel, Elf_Sym *sym, + { + unsigned r_type = ELF32_R_TYPE(rel->r_info); + int shn_abs = (sym->st_shndx == SHN_ABS) && !is_reloc(S_REL, symname); ++ char *sym_strtab = sec->link->link->strtab; + -+#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32) -+ /* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */ -+ if (!strcmp(sec_name(sym->st_shndx), ".text.end") && !strcmp(sym_name(sym_strtab, sym), "_etext")) -+ continue; -+ if (!strcmp(sec_name(sym->st_shndx), ".init.text")) -+ continue; -+ if (!strcmp(sec_name(sym->st_shndx), ".exit.text")) -+ continue; -+ if (!strcmp(sec_name(sym->st_shndx), ".text") && strcmp(sym_name(sym_strtab, sym), "__LOAD_PHYSICAL_ADDR")) -+ continue; -+#endif -+ } ++ /* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */ ++ if (!strcmp(sec_name(sym->st_shndx), ".data..percpu") && strcmp(sym_name(sym_strtab, sym), "__per_cpu_load")) ++ return 0; + - shn_abs = sym->st_shndx == SHN_ABS; ++#ifdef CONFIG_PAX_KERNEXEC ++ /* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */ ++ if (!strcmp(sec_name(sym->st_shndx), ".text.end") && !strcmp(sym_name(sym_strtab, sym), "_etext")) ++ return 0; ++ if (!strcmp(sec_name(sym->st_shndx), ".init.text")) ++ return 0; ++ if (!strcmp(sec_name(sym->st_shndx), ".exit.text")) ++ return 0; ++ if (!strcmp(sec_name(sym->st_shndx), ".text") && strcmp(sym_name(sym_strtab, sym), "__LOAD_PHYSICAL_ADDR")) ++ return 0; ++#endif - switch (r_type) { -@@ -681,7 +747,7 @@ static int write32(unsigned int v, FILE *f) + switch (r_type) { + case R_386_NONE: +@@ -950,7 +1015,7 @@ static int write32_as_text(uint32_t v, FILE *f) static void emit_relocs(int as_text, int use_real_mode) { - int i; + unsigned int i; - /* Count how many relocations I have and allocate space for them. */ - reloc_count = 0; - walk_relocs(count_reloc, use_real_mode); -@@ -808,10 +874,11 @@ int main(int argc, char **argv) - fname, strerror(errno)); - } + int (*write_reloc)(uint32_t, FILE *) = write32; + int (*do_reloc)(struct section *sec, Elf_Rel *rel, Elf_Sym *sym, + const char *symname); +@@ -1026,10 +1091,11 @@ void process(FILE *fp, int use_real_mode, int as_text, + { + regex_init(use_real_mode); read_ehdr(fp); + read_phdrs(fp); read_shdrs(fp); @@ -31013,9 +32921,22 @@ index 79d67bd..c7e1b90 100644 read_symtabs(fp); - read_relocs(fp); + read_relocs(fp, use_real_mode); + if (ELF_BITS == 64) + percpu_init(); if (show_absolute_syms) { - print_absolute_symbols(); - goto out; +diff --git a/arch/x86/um/tls_32.c b/arch/x86/um/tls_32.c +index 80ffa5b..a33bd15 100644 +--- a/arch/x86/um/tls_32.c ++++ b/arch/x86/um/tls_32.c +@@ -260,7 +260,7 @@ out: + if (unlikely(task == current && + !t->arch.tls_array[idx - GDT_ENTRY_TLS_MIN].flushed)) { + printk(KERN_ERR "get_tls_entry: task with pid %d got here " +- "without flushed TLS.", current->pid); ++ "without flushed TLS.", task_pid_nr(current)); + } + + return 0; diff --git a/arch/x86/vdso/Makefile b/arch/x86/vdso/Makefile index fd14be1..e3c79c0 100644 --- a/arch/x86/vdso/Makefile @@ -31189,10 +33110,10 @@ index 431e875..cbb23f3 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index cf95e19..17e9f50 100644 +index a492be2..08678da 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c -@@ -100,8 +100,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); +@@ -123,8 +123,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); struct shared_info xen_dummy_shared_info; @@ -31201,7 +33122,7 @@ index cf95e19..17e9f50 100644 RESERVE_BRK(shared_info_page_brk, PAGE_SIZE); __read_mostly int xen_have_vector_callback; EXPORT_SYMBOL_GPL(xen_have_vector_callback); -@@ -511,8 +509,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr) +@@ -542,8 +540,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr) { unsigned long va = dtr->address; unsigned int size = dtr->size + 1; @@ -31211,7 +33132,7 @@ index cf95e19..17e9f50 100644 int f; /* -@@ -560,8 +557,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr) +@@ -591,8 +588,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr) { unsigned long va = dtr->address; unsigned int size = dtr->size + 1; @@ -31221,7 +33142,7 @@ index cf95e19..17e9f50 100644 int f; /* -@@ -569,7 +565,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr) +@@ -600,7 +596,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr) * 8-byte entries, or 16 4k pages.. */ @@ -31230,7 +33151,7 @@ index cf95e19..17e9f50 100644 BUG_ON(va & ~PAGE_MASK); for (f = 0; va < dtr->address + size; va += PAGE_SIZE, f++) { -@@ -954,7 +950,7 @@ static u32 xen_safe_apic_wait_icr_idle(void) +@@ -985,7 +981,7 @@ static u32 xen_safe_apic_wait_icr_idle(void) return 0; } @@ -31239,7 +33160,7 @@ index cf95e19..17e9f50 100644 { apic->read = xen_apic_read; apic->write = xen_apic_write; -@@ -1260,30 +1256,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { +@@ -1290,30 +1286,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { #endif }; @@ -31277,7 +33198,7 @@ index cf95e19..17e9f50 100644 { if (pm_power_off) pm_power_off(); -@@ -1385,7 +1381,17 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1464,7 +1460,17 @@ asmlinkage void __init xen_start_kernel(void) __userpte_alloc_gfp &= ~__GFP_HIGHMEM; /* Work out if we support NX */ @@ -31296,7 +33217,7 @@ index cf95e19..17e9f50 100644 xen_setup_features(); -@@ -1416,13 +1422,6 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1495,13 +1501,6 @@ asmlinkage void __init xen_start_kernel(void) machine_ops = xen_machine_ops; @@ -31310,7 +33231,7 @@ index cf95e19..17e9f50 100644 xen_smp_init(); #ifdef CONFIG_ACPI_NUMA -@@ -1616,7 +1615,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self, +@@ -1700,7 +1699,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self, return NOTIFY_OK; } @@ -31320,7 +33241,7 @@ index cf95e19..17e9f50 100644 }; diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index e006c18..b9a7d6c 100644 +index fdc3ba2..3daee39 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c @@ -1894,6 +1894,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) @@ -31346,7 +33267,7 @@ index e006c18..b9a7d6c 100644 set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); -@@ -2110,6 +2117,7 @@ static void __init xen_post_allocator_init(void) +@@ -2108,6 +2115,7 @@ static void __init xen_post_allocator_init(void) pv_mmu_ops.set_pud = xen_set_pud; #if PAGETABLE_LEVELS == 4 pv_mmu_ops.set_pgd = xen_set_pgd; @@ -31354,7 +33275,7 @@ index e006c18..b9a7d6c 100644 #endif /* This will work as long as patching hasn't happened yet -@@ -2188,6 +2196,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { +@@ -2186,6 +2194,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { .pud_val = PV_CALLEE_SAVE(xen_pud_val), .make_pud = PV_CALLEE_SAVE(xen_make_pud), .set_pgd = xen_set_pgd_hyper, @@ -31363,10 +33284,10 @@ index e006c18..b9a7d6c 100644 .alloc_pud = xen_alloc_pmd_init, .release_pud = xen_release_pmd_init, diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c -index 22c800a..8915f1e 100644 +index d99cae8..18401e1 100644 --- a/arch/x86/xen/smp.c +++ b/arch/x86/xen/smp.c -@@ -229,11 +229,6 @@ static void __init xen_smp_prepare_boot_cpu(void) +@@ -240,11 +240,6 @@ static void __init xen_smp_prepare_boot_cpu(void) { BUG_ON(smp_processor_id() != 0); native_smp_prepare_boot_cpu(); @@ -31378,7 +33299,7 @@ index 22c800a..8915f1e 100644 xen_filter_cpu_maps(); xen_setup_vcpu_info_placement(); } -@@ -303,7 +298,7 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle) +@@ -314,7 +309,7 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle) ctxt->user_regs.ss = __KERNEL_DS; #ifdef CONFIG_X86_32 ctxt->user_regs.fs = __KERNEL_PERCPU; @@ -31387,7 +33308,7 @@ index 22c800a..8915f1e 100644 #else ctxt->gs_base_kernel = per_cpu_offset(cpu); #endif -@@ -313,8 +308,8 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle) +@@ -324,8 +319,8 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle) { ctxt->user_regs.eflags = 0x1000; /* IOPL_RING1 */ @@ -31398,7 +33319,7 @@ index 22c800a..8915f1e 100644 xen_copy_trap_info(ctxt->trap_ctxt); -@@ -359,13 +354,12 @@ static int __cpuinit xen_cpu_up(unsigned int cpu, struct task_struct *idle) +@@ -370,13 +365,12 @@ static int __cpuinit xen_cpu_up(unsigned int cpu, struct task_struct *idle) int rc; per_cpu(current_task, cpu) = idle; @@ -31414,7 +33335,7 @@ index 22c800a..8915f1e 100644 #endif xen_setup_runstate_info(cpu); xen_setup_timer(cpu); -@@ -634,7 +628,7 @@ static const struct smp_ops xen_smp_ops __initconst = { +@@ -651,7 +645,7 @@ static const struct smp_ops xen_smp_ops __initconst = { void __init xen_smp_init(void) { @@ -31645,8 +33566,40 @@ index 7c668c8..db3521c 100644 if (err) { err = -EFAULT; goto out; +diff --git a/block/genhd.c b/block/genhd.c +index cdeb527..10aa34db 100644 +--- a/block/genhd.c ++++ b/block/genhd.c +@@ -467,21 +467,24 @@ static char *bdevt_str(dev_t devt, char *buf) + + /* + * Register device numbers dev..(dev+range-1) +- * range must be nonzero ++ * Noop if @range is zero. + * The hash chain is sorted on range, so that subranges can override. + */ + void blk_register_region(dev_t devt, unsigned long range, struct module *module, + struct kobject *(*probe)(dev_t, int *, void *), + int (*lock)(dev_t, void *), void *data) + { +- kobj_map(bdev_map, devt, range, module, probe, lock, data); ++ if (range) ++ kobj_map(bdev_map, devt, range, module, probe, lock, data); + } + + EXPORT_SYMBOL(blk_register_region); + ++/* undo blk_register_region(), noop if @range is zero */ + void blk_unregister_region(dev_t devt, unsigned long range) + { +- kobj_unmap(bdev_map, devt, range); ++ if (range) ++ kobj_unmap(bdev_map, devt, range); + } + + EXPORT_SYMBOL(blk_unregister_region); diff --git a/block/partitions/efi.c b/block/partitions/efi.c -index ff5804e..a88acad 100644 +index c85fc89..51e690b 100644 --- a/block/partitions/efi.c +++ b/block/partitions/efi.c @@ -234,14 +234,14 @@ static gpt_entry *alloc_read_gpt_entries(struct parsed_partitions *state, @@ -31663,7 +33616,7 @@ index ff5804e..a88acad 100644 le32_to_cpu(gpt->sizeof_partition_entry); - if (!count) - return NULL; -- pte = kzalloc(count, GFP_KERNEL); +- pte = kmalloc(count, GFP_KERNEL); - if (!pte) - return NULL; - @@ -31671,10 +33624,10 @@ index ff5804e..a88acad 100644 (u8 *) pte, count) < count) { diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c -index 9a87daa..fb17486 100644 +index a5ffcc9..3cedc9c 100644 --- a/block/scsi_ioctl.c +++ b/block/scsi_ioctl.c -@@ -223,8 +223,20 @@ EXPORT_SYMBOL(blk_verify_command); +@@ -224,8 +224,20 @@ EXPORT_SYMBOL(blk_verify_command); static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq, struct sg_io_hdr *hdr, fmode_t mode) { @@ -31696,7 +33649,7 @@ index 9a87daa..fb17486 100644 if (blk_verify_command(rq->cmd, mode & FMODE_WRITE)) return -EPERM; -@@ -433,6 +445,8 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, +@@ -434,6 +446,8 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, int err; unsigned int in_len, out_len, bytes, opcode, cmdlen; char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE]; @@ -31705,7 +33658,7 @@ index 9a87daa..fb17486 100644 if (!sic) return -EINVAL; -@@ -466,9 +480,18 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, +@@ -467,9 +481,18 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, */ err = -EFAULT; rq->cmd_len = cmdlen; @@ -31747,6 +33700,30 @@ index 7bdd61b..afec999 100644 static void cryptd_queue_worker(struct work_struct *work); +diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c +index b2c99dc..476c9fb 100644 +--- a/crypto/pcrypt.c ++++ b/crypto/pcrypt.c +@@ -440,7 +440,7 @@ static int pcrypt_sysfs_add(struct padata_instance *pinst, const char *name) + int ret; + + pinst->kobj.kset = pcrypt_kset; +- ret = kobject_add(&pinst->kobj, NULL, name); ++ ret = kobject_add(&pinst->kobj, NULL, "%s", name); + if (!ret) + kobject_uevent(&pinst->kobj, KOBJ_ADD); + +@@ -455,8 +455,8 @@ static int pcrypt_init_padata(struct padata_pcrypt *pcrypt, + + get_online_cpus(); + +- pcrypt->wq = alloc_workqueue(name, +- WQ_MEM_RECLAIM | WQ_CPU_INTENSIVE, 1); ++ pcrypt->wq = alloc_workqueue("%s", ++ WQ_MEM_RECLAIM | WQ_CPU_INTENSIVE, 1, name); + if (!pcrypt->wq) + goto err; + diff --git a/drivers/acpi/apei/apei-internal.h b/drivers/acpi/apei/apei-internal.h index f220d64..d359ad6 100644 --- a/drivers/acpi/apei/apei-internal.h @@ -31761,7 +33738,7 @@ index f220d64..d359ad6 100644 struct apei_exec_context { u32 ip; diff --git a/drivers/acpi/apei/cper.c b/drivers/acpi/apei/cper.c -index fefc2ca..12a535d 100644 +index 33dc6a0..4b24b47 100644 --- a/drivers/acpi/apei/cper.c +++ b/drivers/acpi/apei/cper.c @@ -39,12 +39,12 @@ @@ -31874,10 +33851,10 @@ index 7586544..636a2f0 100644 if (err) return err; diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c -index ee255c6..747c68b 100644 +index eb133c7..f571552 100644 --- a/drivers/acpi/processor_idle.c +++ b/drivers/acpi/processor_idle.c -@@ -986,7 +986,7 @@ static int acpi_processor_setup_cpuidle_states(struct acpi_processor *pr) +@@ -994,7 +994,7 @@ static int acpi_processor_setup_cpuidle_states(struct acpi_processor *pr) { int i, count = CPUIDLE_DRIVER_STATE_START; struct acpi_processor_cx *cx; @@ -31887,10 +33864,10 @@ index ee255c6..747c68b 100644 if (!pr->flags.power_setup_done) diff --git a/drivers/acpi/sysfs.c b/drivers/acpi/sysfs.c -index 41c0504..f8c0836 100644 +index fcae5fa..e9f71ea 100644 --- a/drivers/acpi/sysfs.c +++ b/drivers/acpi/sysfs.c -@@ -420,11 +420,11 @@ static u32 num_counters; +@@ -423,11 +423,11 @@ static u32 num_counters; static struct attribute **all_attrs; static u32 acpi_gpe_count; @@ -31905,7 +33882,7 @@ index 41c0504..f8c0836 100644 static void delete_gpe_attr_array(void) { diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c -index 34c8216..f56c828 100644 +index 7b9bdd8..37638ca 100644 --- a/drivers/ata/libahci.c +++ b/drivers/ata/libahci.c @@ -1230,7 +1230,7 @@ int ahci_kick_engine(struct ata_port *ap) @@ -31918,7 +33895,7 @@ index 34c8216..f56c828 100644 unsigned long timeout_msec) { diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index cf15aee..e0b7078 100644 +index adf002a..39bb8f9 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -4792,7 +4792,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) @@ -31959,20 +33936,20 @@ index cf15aee..e0b7078 100644 } diff --git a/drivers/ata/pata_arasan_cf.c b/drivers/ata/pata_arasan_cf.c -index 405022d..fb70e53 100644 +index 7638121..357a965 100644 --- a/drivers/ata/pata_arasan_cf.c +++ b/drivers/ata/pata_arasan_cf.c -@@ -864,7 +864,9 @@ static int arasan_cf_probe(struct platform_device *pdev) +@@ -865,7 +865,9 @@ static int arasan_cf_probe(struct platform_device *pdev) /* Handle platform specific quirks */ - if (pdata->quirk) { - if (pdata->quirk & CF_BROKEN_PIO) { + if (quirk) { + if (quirk & CF_BROKEN_PIO) { - ap->ops->set_piomode = NULL; + pax_open_kernel(); + *(void **)&ap->ops->set_piomode = NULL; + pax_close_kernel(); ap->pio_mask = 0; } - if (pdata->quirk & CF_BROKEN_MWDMA) + if (quirk & CF_BROKEN_MWDMA) diff --git a/drivers/atm/adummy.c b/drivers/atm/adummy.c index f9b983a..887b9d8 100644 --- a/drivers/atm/adummy.c @@ -32226,7 +34203,7 @@ index 204814e..cede831 100644 fore200e->tx_sat++; DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - heartbeat is %08x\n", diff --git a/drivers/atm/he.c b/drivers/atm/he.c -index d689126..e78e412 100644 +index 507362a..a845e57 100644 --- a/drivers/atm/he.c +++ b/drivers/atm/he.c @@ -1698,7 +1698,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) @@ -32969,8 +34946,21 @@ index 969c3c2..9b72956 100644 wake_up(&zatm_vcc->tx_wait); } +diff --git a/drivers/base/attribute_container.c b/drivers/base/attribute_container.c +index d78b204..ecc1929 100644 +--- a/drivers/base/attribute_container.c ++++ b/drivers/base/attribute_container.c +@@ -167,7 +167,7 @@ attribute_container_add_device(struct device *dev, + ic->classdev.parent = get_device(dev); + ic->classdev.class = cont->class; + cont->class->dev_release = attribute_container_release; +- dev_set_name(&ic->classdev, dev_name(dev)); ++ dev_set_name(&ic->classdev, "%s", dev_name(dev)); + if (fn) + fn(cont, dev, &ic->classdev); + else diff --git a/drivers/base/bus.c b/drivers/base/bus.c -index 519865b..e540db3 100644 +index d414331..b4dd4ba 100644 --- a/drivers/base/bus.c +++ b/drivers/base/bus.c @@ -1163,7 +1163,7 @@ int subsys_interface_register(struct subsys_interface *sif) @@ -32992,10 +34982,10 @@ index 519865b..e540db3 100644 subsys_dev_iter_init(&iter, subsys, NULL, NULL); while ((dev = subsys_dev_iter_next(&iter))) diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c -index 01fc5b0..917801f 100644 +index 7413d06..79155fa 100644 --- a/drivers/base/devtmpfs.c +++ b/drivers/base/devtmpfs.c -@@ -348,7 +348,7 @@ int devtmpfs_mount(const char *mntdir) +@@ -354,7 +354,7 @@ int devtmpfs_mount(const char *mntdir) if (!thread) return 0; @@ -33004,7 +34994,7 @@ index 01fc5b0..917801f 100644 if (err) printk(KERN_INFO "devtmpfs: error mounting %i\n", err); else -@@ -373,11 +373,11 @@ static int devtmpfsd(void *p) +@@ -380,11 +380,11 @@ static int devtmpfsd(void *p) *err = sys_unshare(CLONE_NEWNS); if (*err) goto out; @@ -33020,10 +35010,10 @@ index 01fc5b0..917801f 100644 while (1) { spin_lock(&req_lock); diff --git a/drivers/base/node.c b/drivers/base/node.c -index fac124a..66bd4ab 100644 +index 7616a77c..8f57f51 100644 --- a/drivers/base/node.c +++ b/drivers/base/node.c -@@ -625,7 +625,7 @@ static ssize_t print_nodes_state(enum node_states state, char *buf) +@@ -626,7 +626,7 @@ static ssize_t print_nodes_state(enum node_states state, char *buf) struct node_attr { struct device_attribute attr; enum node_states state; @@ -33033,7 +35023,7 @@ index fac124a..66bd4ab 100644 static ssize_t show_node_state(struct device *dev, struct device_attribute *attr, char *buf) diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c -index 9a6b05a..2fc8fb9 100644 +index 7072404..76dcebd 100644 --- a/drivers/base/power/domain.c +++ b/drivers/base/power/domain.c @@ -1850,7 +1850,7 @@ int pm_genpd_attach_cpuidle(struct generic_pm_domain *genpd, int state) @@ -33054,6 +35044,19 @@ index 9a6b05a..2fc8fb9 100644 int ret = 0; if (IS_ERR_OR_NULL(genpd)) +diff --git a/drivers/base/power/sysfs.c b/drivers/base/power/sysfs.c +index a53ebd2..8f73eeb 100644 +--- a/drivers/base/power/sysfs.c ++++ b/drivers/base/power/sysfs.c +@@ -185,7 +185,7 @@ static ssize_t rtpm_status_show(struct device *dev, + return -EIO; + } + } +- return sprintf(buf, p); ++ return sprintf(buf, "%s", p); + } + + static DEVICE_ATTR(runtime_status, 0444, rtpm_status_show, NULL); diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c index 79715e7..df06b3b 100644 --- a/drivers/base/power/wakeup.c @@ -33116,10 +35119,10 @@ index e8d11b6..7b1b36f 100644 } EXPORT_SYMBOL_GPL(unregister_syscore_ops); diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c -index 1c1b8e5..b7fc681 100644 +index 62b6c2c..4a11354 100644 --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c -@@ -1196,6 +1196,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, +@@ -1189,6 +1189,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, int err; u32 cp; @@ -33128,7 +35131,7 @@ index 1c1b8e5..b7fc681 100644 err = 0; err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info, -@@ -3005,7 +3007,7 @@ static void start_io(ctlr_info_t *h) +@@ -3010,7 +3012,7 @@ static void start_io(ctlr_info_t *h) while (!list_empty(&h->reqQ)) { c = list_entry(h->reqQ.next, CommandList_struct, list); /* can't do anything if fifo is full */ @@ -33137,7 +35140,7 @@ index 1c1b8e5..b7fc681 100644 dev_warn(&h->pdev->dev, "fifo full\n"); break; } -@@ -3015,7 +3017,7 @@ static void start_io(ctlr_info_t *h) +@@ -3020,7 +3022,7 @@ static void start_io(ctlr_info_t *h) h->Qdepth--; /* Tell the controller execute command */ @@ -33146,7 +35149,7 @@ index 1c1b8e5..b7fc681 100644 /* Put job onto the completed Q */ addQ(&h->cmpQ, c); -@@ -3441,17 +3443,17 @@ startio: +@@ -3446,17 +3448,17 @@ startio: static inline unsigned long get_next_completion(ctlr_info_t *h) { @@ -33167,7 +35170,7 @@ index 1c1b8e5..b7fc681 100644 (h->interrupts_enabled == 0)); } -@@ -3484,7 +3486,7 @@ static inline u32 next_command(ctlr_info_t *h) +@@ -3489,7 +3491,7 @@ static inline u32 next_command(ctlr_info_t *h) u32 a; if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant))) @@ -33176,7 +35179,7 @@ index 1c1b8e5..b7fc681 100644 if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) { a = *(h->reply_pool_head); /* Next cmd in ring buffer */ -@@ -4041,7 +4043,7 @@ static void cciss_put_controller_into_performant_mode(ctlr_info_t *h) +@@ -4046,7 +4048,7 @@ static void cciss_put_controller_into_performant_mode(ctlr_info_t *h) trans_support & CFGTBL_Trans_use_short_tags); /* Change the access methods to the performant access methods */ @@ -33185,7 +35188,7 @@ index 1c1b8e5..b7fc681 100644 h->transMethod = CFGTBL_Trans_Performant; return; -@@ -4310,7 +4312,7 @@ static int cciss_pci_init(ctlr_info_t *h) +@@ -4319,7 +4321,7 @@ static int cciss_pci_init(ctlr_info_t *h) if (prod_index < 0) return -ENODEV; h->product_name = products[prod_index].product_name; @@ -33194,7 +35197,7 @@ index 1c1b8e5..b7fc681 100644 if (cciss_board_disabled(h)) { dev_warn(&h->pdev->dev, "controller appears to be disabled\n"); -@@ -5032,7 +5034,7 @@ reinit_after_soft_reset: +@@ -5051,7 +5053,7 @@ reinit_after_soft_reset: } /* make sure the board interrupts are off */ @@ -33203,7 +35206,7 @@ index 1c1b8e5..b7fc681 100644 rc = cciss_request_irq(h, do_cciss_msix_intr, do_cciss_intx); if (rc) goto clean2; -@@ -5082,7 +5084,7 @@ reinit_after_soft_reset: +@@ -5101,7 +5103,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); @@ -33212,7 +35215,7 @@ index 1c1b8e5..b7fc681 100644 spin_unlock_irqrestore(&h->lock, flags); free_irq(h->intr[h->intr_mode], h); rc = cciss_request_irq(h, cciss_msix_discard_completions, -@@ -5102,9 +5104,9 @@ reinit_after_soft_reset: +@@ -5121,9 +5123,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -33224,7 +35227,7 @@ index 1c1b8e5..b7fc681 100644 rc = controller_reset_failed(h->cfgtable); if (rc) -@@ -5127,7 +5129,7 @@ reinit_after_soft_reset: +@@ -5146,7 +5148,7 @@ reinit_after_soft_reset: cciss_scsi_setup(h); /* Turn the interrupts on so we can service requests */ @@ -33233,7 +35236,7 @@ index 1c1b8e5..b7fc681 100644 /* Get the firmware version */ inq_buff = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL); -@@ -5199,7 +5201,7 @@ static void cciss_shutdown(struct pci_dev *pdev) +@@ -5218,7 +5220,7 @@ static void cciss_shutdown(struct pci_dev *pdev) kfree(flush_buf); if (return_code != IO_OK) dev_warn(&h->pdev->dev, "Error flushing cache\n"); @@ -33256,7 +35259,7 @@ index 7fda30e..eb5dfe0 100644 /* queue and queue Info */ struct list_head reqQ; diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c -index 3f08713..87d4b4a 100644 +index 639d26b..fd6ad1f 100644 --- a/drivers/block/cpqarray.c +++ b/drivers/block/cpqarray.c @@ -404,7 +404,7 @@ static int cpqarray_register_ctlr(int i, struct pci_dev *pdev) @@ -33295,7 +35298,7 @@ index 3f08713..87d4b4a 100644 hba[ctlr]->ctlr = ctlr; hba[ctlr]->board_id = board_id; hba[ctlr]->pci_dev = NULL; /* not PCI */ -@@ -980,7 +980,7 @@ static void start_io(ctlr_info_t *h) +@@ -978,7 +978,7 @@ static void start_io(ctlr_info_t *h) while((c = h->reqQ) != NULL) { /* Can't do anything if we're busy */ @@ -33304,7 +35307,7 @@ index 3f08713..87d4b4a 100644 return; /* Get the first entry from the request Q */ -@@ -988,7 +988,7 @@ static void start_io(ctlr_info_t *h) +@@ -986,7 +986,7 @@ static void start_io(ctlr_info_t *h) h->Qdepth--; /* Tell the controller to do our bidding */ @@ -33313,7 +35316,7 @@ index 3f08713..87d4b4a 100644 /* Get onto the completion Q */ addQ(&h->cmpQ, c); -@@ -1050,7 +1050,7 @@ static irqreturn_t do_ida_intr(int irq, void *dev_id) +@@ -1048,7 +1048,7 @@ static irqreturn_t do_ida_intr(int irq, void *dev_id) unsigned long flags; __u32 a,a1; @@ -33322,7 +35325,7 @@ index 3f08713..87d4b4a 100644 /* Is this interrupt for us? */ if (istat == 0) return IRQ_NONE; -@@ -1061,7 +1061,7 @@ static irqreturn_t do_ida_intr(int irq, void *dev_id) +@@ -1059,7 +1059,7 @@ static irqreturn_t do_ida_intr(int irq, void *dev_id) */ spin_lock_irqsave(IDA_LOCK(h->ctlr), flags); if (istat & FIFO_NOT_EMPTY) { @@ -33331,7 +35334,7 @@ index 3f08713..87d4b4a 100644 a1 = a; a &= ~3; if ((c = h->cmpQ) == NULL) { -@@ -1195,6 +1195,7 @@ out_passthru: +@@ -1193,6 +1193,7 @@ out_passthru: ida_pci_info_struct pciinfo; if (!arg) return -EINVAL; @@ -33339,7 +35342,7 @@ index 3f08713..87d4b4a 100644 pciinfo.bus = host->pci_dev->bus->number; pciinfo.dev_fn = host->pci_dev->devfn; pciinfo.board_id = host->board_id; -@@ -1449,11 +1450,11 @@ static int sendcmd( +@@ -1447,11 +1448,11 @@ static int sendcmd( /* * Disable interrupt */ @@ -33353,7 +35356,7 @@ index 3f08713..87d4b4a 100644 if (temp != 0) { break; } -@@ -1466,7 +1467,7 @@ DBG( +@@ -1464,7 +1465,7 @@ DBG( /* * Send the cmd */ @@ -33362,7 +35365,7 @@ index 3f08713..87d4b4a 100644 complete = pollcomplete(ctlr); pci_unmap_single(info_p->pci_dev, (dma_addr_t) c->req.sg[0].addr, -@@ -1549,9 +1550,9 @@ static int revalidate_allvol(ctlr_info_t *host) +@@ -1547,9 +1548,9 @@ static int revalidate_allvol(ctlr_info_t *host) * we check the new geometry. Then turn interrupts back on when * we're done. */ @@ -33374,7 +35377,7 @@ index 3f08713..87d4b4a 100644 for(i=0; i 0; i--) { @@ -33397,7 +35400,7 @@ index be73e9d..7fbf140 100644 cmdlist_t *reqQ; cmdlist_t *cmpQ; diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h -index 6b51afa..17e1191 100644 +index f943aac..99bfd19 100644 --- a/drivers/block/drbd/drbd_int.h +++ b/drivers/block/drbd/drbd_int.h @@ -582,7 +582,7 @@ struct drbd_epoch { @@ -33409,16 +35412,16 @@ index 6b51afa..17e1191 100644 atomic_t active; /* increased on every req. added, and dec on every finished. */ unsigned long flags; }; -@@ -1011,7 +1011,7 @@ struct drbd_conf { +@@ -1021,7 +1021,7 @@ struct drbd_conf { + unsigned int al_tr_number; int al_tr_cycle; - int al_tr_pos; /* position of the next transaction in the journal */ wait_queue_head_t seq_wait; - atomic_t packet_seq; + atomic_unchecked_t packet_seq; unsigned int peer_seq; spinlock_t peer_seq_lock; unsigned int minor; -@@ -1527,7 +1527,7 @@ static inline int drbd_setsockopt(struct socket *sock, int level, int optname, +@@ -1562,7 +1562,7 @@ static inline int drbd_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; @@ -33428,7 +35431,7 @@ index 6b51afa..17e1191 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c -index 54d03d4..332f311 100644 +index a5dca6a..bb27967 100644 --- a/drivers/block/drbd/drbd_main.c +++ b/drivers/block/drbd/drbd_main.c @@ -1317,7 +1317,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packet cmd, @@ -33461,10 +35464,10 @@ index 54d03d4..332f311 100644 idr_destroy(&tconn->volumes); diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c -index 2f5fffd..b22a1ae 100644 +index 4222aff..1f79506 100644 --- a/drivers/block/drbd/drbd_receiver.c +++ b/drivers/block/drbd/drbd_receiver.c -@@ -833,7 +833,7 @@ int drbd_connected(struct drbd_conf *mdev) +@@ -834,7 +834,7 @@ int drbd_connected(struct drbd_conf *mdev) { int err; @@ -33473,7 +35476,7 @@ index 2f5fffd..b22a1ae 100644 mdev->peer_seq = 0; mdev->state_mutex = mdev->tconn->agreed_pro_version < 100 ? -@@ -1191,7 +1191,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_tconn *tconn, +@@ -1193,7 +1193,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_tconn *tconn, do { next_epoch = NULL; @@ -33482,7 +35485,7 @@ index 2f5fffd..b22a1ae 100644 switch (ev & ~EV_CLEANUP) { case EV_PUT: -@@ -1231,7 +1231,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_tconn *tconn, +@@ -1233,7 +1233,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_tconn *tconn, rv = FE_DESTROYED; } else { epoch->flags = 0; @@ -33491,7 +35494,7 @@ index 2f5fffd..b22a1ae 100644 /* atomic_set(&epoch->active, 0); is already zero */ if (rv == FE_STILL_LIVE) rv = FE_RECYCLED; -@@ -1449,7 +1449,7 @@ static int receive_Barrier(struct drbd_tconn *tconn, struct packet_info *pi) +@@ -1451,7 +1451,7 @@ static int receive_Barrier(struct drbd_tconn *tconn, struct packet_info *pi) conn_wait_active_ee_empty(tconn); drbd_flush(tconn); @@ -33500,7 +35503,7 @@ index 2f5fffd..b22a1ae 100644 epoch = kmalloc(sizeof(struct drbd_epoch), GFP_NOIO); if (epoch) break; -@@ -1462,11 +1462,11 @@ static int receive_Barrier(struct drbd_tconn *tconn, struct packet_info *pi) +@@ -1464,11 +1464,11 @@ static int receive_Barrier(struct drbd_tconn *tconn, struct packet_info *pi) } epoch->flags = 0; @@ -33514,7 +35517,7 @@ index 2f5fffd..b22a1ae 100644 list_add(&epoch->list, &tconn->current_epoch->list); tconn->current_epoch = epoch; tconn->epochs++; -@@ -2170,7 +2170,7 @@ static int receive_Data(struct drbd_tconn *tconn, struct packet_info *pi) +@@ -2172,7 +2172,7 @@ static int receive_Data(struct drbd_tconn *tconn, struct packet_info *pi) err = wait_for_and_update_peer_seq(mdev, peer_seq); drbd_send_ack_dp(mdev, P_NEG_ACK, p, pi->size); @@ -33523,7 +35526,7 @@ index 2f5fffd..b22a1ae 100644 err2 = drbd_drain_block(mdev, pi->size); if (!err) err = err2; -@@ -2204,7 +2204,7 @@ static int receive_Data(struct drbd_tconn *tconn, struct packet_info *pi) +@@ -2206,7 +2206,7 @@ static int receive_Data(struct drbd_tconn *tconn, struct packet_info *pi) spin_lock(&tconn->epoch_lock); peer_req->epoch = tconn->current_epoch; @@ -33532,7 +35535,7 @@ index 2f5fffd..b22a1ae 100644 atomic_inc(&peer_req->epoch->active); spin_unlock(&tconn->epoch_lock); -@@ -4345,7 +4345,7 @@ struct data_cmd { +@@ -4347,7 +4347,7 @@ struct data_cmd { int expect_payload; size_t pkt_size; int (*fn)(struct drbd_tconn *, struct packet_info *); @@ -33541,7 +35544,7 @@ index 2f5fffd..b22a1ae 100644 static struct data_cmd drbd_cmd_handler[] = { [P_DATA] = { 1, sizeof(struct p_data), receive_Data }, -@@ -4465,7 +4465,7 @@ static void conn_disconnect(struct drbd_tconn *tconn) +@@ -4467,7 +4467,7 @@ static void conn_disconnect(struct drbd_tconn *tconn) if (!list_empty(&tconn->current_epoch->list)) conn_err(tconn, "ASSERTION FAILED: tconn->current_epoch->list not empty\n"); /* ok, no more ee's on the fly, it is safe to reset the epoch_size */ @@ -33550,7 +35553,7 @@ index 2f5fffd..b22a1ae 100644 tconn->send.seen_any_write_yet = false; conn_info(tconn, "Connection closed\n"); -@@ -5221,7 +5221,7 @@ static int tconn_finish_peer_reqs(struct drbd_tconn *tconn) +@@ -5223,7 +5223,7 @@ static int tconn_finish_peer_reqs(struct drbd_tconn *tconn) struct asender_cmd { size_t pkt_size; int (*fn)(struct drbd_tconn *tconn, struct packet_info *); @@ -33560,33 +35563,33 @@ index 2f5fffd..b22a1ae 100644 static struct asender_cmd asender_tbl[] = { [P_PING] = { 0, got_Ping }, diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index dfe7583..83768bb 100644 +index d92d50f..a7e9d97 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c -@@ -231,7 +231,7 @@ static int __do_lo_send_write(struct file *file, - mm_segment_t old_fs = get_fs(); +@@ -232,7 +232,7 @@ static int __do_lo_send_write(struct file *file, + file_start_write(file); set_fs(get_ds()); - bw = file->f_op->write(file, buf, len, &pos); + bw = file->f_op->write(file, (const char __force_user *)buf, len, &pos); set_fs(old_fs); + file_end_write(file); if (likely(bw == len)) - return 0; diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c -index 2e7de7a..ed86dc0 100644 +index f5d0ea1..c62380a 100644 --- a/drivers/block/pktcdvd.c +++ b/drivers/block/pktcdvd.c -@@ -83,7 +83,7 @@ - +@@ -84,7 +84,7 @@ #define MAX_SPEED 0xffff --#define ZONE(sector, pd) (((sector) + (pd)->offset) & ~((pd)->settings.size - 1)) -+#define ZONE(sector, pd) (((sector) + (pd)->offset) & ~((pd)->settings.size - 1UL)) + #define ZONE(sector, pd) (((sector) + (pd)->offset) & \ +- ~(sector_t)((pd)->settings.size - 1)) ++ ~(sector_t)((pd)->settings.size - 1UL)) static DEFINE_MUTEX(pktcdvd_mutex); static struct pktcdvd_device *pkt_devs[MAX_WRITERS]; diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c -index d620b44..e9abc80 100644 +index 8a3aff7..d7538c2 100644 --- a/drivers/cdrom/cdrom.c +++ b/drivers/cdrom/cdrom.c @@ -416,7 +416,6 @@ int register_cdrom(struct cdrom_device_info *cdi) @@ -33628,17 +35631,17 @@ index d620b44..e9abc80 100644 if (cgc.buffer) break; -@@ -2882,7 +2883,7 @@ static noinline int mmc_ioctl_cdrom_read_data(struct cdrom_device_info *cdi, - if (lba < 0) - return -EINVAL; +@@ -3429,7 +3430,7 @@ static int cdrom_print_info(const char *header, int val, char *info, + struct cdrom_device_info *cdi; + int ret; -- cgc->buffer = kmalloc(blocksize, GFP_KERNEL); -+ cgc->buffer = kzalloc(blocksize, GFP_KERNEL); - if (cgc->buffer == NULL) - return -ENOMEM; +- ret = scnprintf(info + *pos, max_size - *pos, header); ++ ret = scnprintf(info + *pos, max_size - *pos, "%s", header); + if (!ret) + return 1; diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c -index d59cdcb..11afddf 100644 +index 4afcb65..a68a32d 100644 --- a/drivers/cdrom/gdrom.c +++ b/drivers/cdrom/gdrom.c @@ -491,7 +491,6 @@ static struct cdrom_device_ops gdrom_ops = { @@ -33707,10 +35710,10 @@ index 2e04433..771f2cc 100644 kfree(segment); return -EFAULT; diff --git a/drivers/char/genrtc.c b/drivers/char/genrtc.c -index 21cb980..f15107c 100644 +index 4f94375..413694e 100644 --- a/drivers/char/genrtc.c +++ b/drivers/char/genrtc.c -@@ -272,6 +272,7 @@ static int gen_rtc_ioctl(struct file *file, +@@ -273,6 +273,7 @@ static int gen_rtc_ioctl(struct file *file, switch (cmd) { case RTC_PLL_GET: @@ -33731,8 +35734,21 @@ index d784650..e8bfd69 100644 struct hpet_info *info) { struct hpet_timer __iomem *timer; +diff --git a/drivers/char/hw_random/intel-rng.c b/drivers/char/hw_random/intel-rng.c +index 86fe45c..c0ea948 100644 +--- a/drivers/char/hw_random/intel-rng.c ++++ b/drivers/char/hw_random/intel-rng.c +@@ -314,7 +314,7 @@ PFX "RNG, try using the 'no_fwh_detect' option.\n"; + + if (no_fwh_detect) + return -ENODEV; +- printk(warning); ++ printk("%s", warning); + return -EBUSY; + } + diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c -index 053201b0..8335cce 100644 +index 4445fa1..7c6de37 100644 --- a/drivers/char/ipmi/ipmi_msghandler.c +++ b/drivers/char/ipmi/ipmi_msghandler.c @@ -420,7 +420,7 @@ struct ipmi_smi { @@ -33756,7 +35772,7 @@ index 053201b0..8335cce 100644 static int is_lan_addr(struct ipmi_addr *addr) { -@@ -2884,7 +2884,7 @@ int ipmi_register_smi(struct ipmi_smi_handlers *handlers, +@@ -2883,7 +2883,7 @@ int ipmi_register_smi(struct ipmi_smi_handlers *handlers, INIT_LIST_HEAD(&intf->cmd_rcvrs); init_waitqueue_head(&intf->waitq); for (i = 0; i < IPMI_NUM_STATS; i++) @@ -33766,7 +35782,7 @@ index 053201b0..8335cce 100644 intf->proc_dir = NULL; diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c -index 0ac9b45..6179fb5 100644 +index af4b23f..79806fc 100644 --- a/drivers/char/ipmi/ipmi_si_intf.c +++ b/drivers/char/ipmi/ipmi_si_intf.c @@ -275,7 +275,7 @@ struct smi_info { @@ -33790,7 +35806,7 @@ index 0ac9b45..6179fb5 100644 #define SI_MAX_PARMS 4 -@@ -3254,7 +3254,7 @@ static int try_smi_init(struct smi_info *new_smi) +@@ -3258,7 +3258,7 @@ static int try_smi_init(struct smi_info *new_smi) atomic_set(&new_smi->req_events, 0); new_smi->run_to_completion = 0; for (i = 0; i < SI_NUM_STATS; i++) @@ -33800,7 +35816,7 @@ index 0ac9b45..6179fb5 100644 new_smi->interrupt_disabled = 1; atomic_set(&new_smi->stop_operation, 0); diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 2c644af..d4d7f17 100644 +index 1ccbe94..6ad651a 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -18,6 +18,7 @@ @@ -33811,7 +35827,7 @@ index 2c644af..d4d7f17 100644 #include #include #include -@@ -37,6 +38,10 @@ +@@ -38,6 +39,10 @@ #define DEVPORT_MINOR 4 @@ -33822,7 +35838,7 @@ index 2c644af..d4d7f17 100644 static inline unsigned long size_inside_page(unsigned long start, unsigned long size) { -@@ -68,9 +73,13 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size) +@@ -69,9 +74,13 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size) while (cursor < to) { if (!devmem_is_allowed(pfn)) { @@ -33836,7 +35852,7 @@ index 2c644af..d4d7f17 100644 return 0; } cursor += PAGE_SIZE; -@@ -78,6 +87,11 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size) +@@ -79,6 +88,11 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size) } return 1; } @@ -33848,7 +35864,7 @@ index 2c644af..d4d7f17 100644 #else static inline int range_is_allowed(unsigned long pfn, unsigned long size) { -@@ -120,6 +134,7 @@ static ssize_t read_mem(struct file *file, char __user *buf, +@@ -121,6 +135,7 @@ static ssize_t read_mem(struct file *file, char __user *buf, while (count > 0) { unsigned long remaining; @@ -33856,7 +35872,7 @@ index 2c644af..d4d7f17 100644 sz = size_inside_page(p, count); -@@ -135,7 +150,23 @@ static ssize_t read_mem(struct file *file, char __user *buf, +@@ -136,7 +151,23 @@ static ssize_t read_mem(struct file *file, char __user *buf, if (!ptr) return -EFAULT; @@ -33881,7 +35897,7 @@ index 2c644af..d4d7f17 100644 unxlate_dev_mem_ptr(p, ptr); if (remaining) return -EFAULT; -@@ -378,7 +409,7 @@ static ssize_t read_oldmem(struct file *file, char __user *buf, +@@ -379,7 +410,7 @@ static ssize_t read_oldmem(struct file *file, char __user *buf, else csize = count; @@ -33890,7 +35906,7 @@ index 2c644af..d4d7f17 100644 if (rc < 0) return rc; buf += csize; -@@ -398,9 +429,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -399,9 +430,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, size_t count, loff_t *ppos) { unsigned long p = *ppos; @@ -33901,7 +35917,7 @@ index 2c644af..d4d7f17 100644 read = 0; if (p < (unsigned long) high_memory) { -@@ -422,6 +452,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -423,6 +453,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, } #endif while (low_count > 0) { @@ -33910,7 +35926,7 @@ index 2c644af..d4d7f17 100644 sz = size_inside_page(p, low_count); /* -@@ -431,7 +463,22 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -432,7 +464,22 @@ static ssize_t read_kmem(struct file *file, char __user *buf, */ kbuf = xlate_dev_kmem_ptr((char *)p); @@ -33934,7 +35950,7 @@ index 2c644af..d4d7f17 100644 return -EFAULT; buf += sz; p += sz; -@@ -833,6 +880,9 @@ static const struct memdev { +@@ -869,6 +916,9 @@ static const struct memdev { #ifdef CONFIG_CRASH_DUMP [12] = { "oldmem", 0, &oldmem_fops, NULL }, #endif @@ -33944,8 +35960,17 @@ index 2c644af..d4d7f17 100644 }; static int memory_open(struct inode *inode, struct file *filp) +@@ -940,7 +990,7 @@ static int __init chr_dev_init(void) + continue; + + device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor), +- NULL, devlist[minor].name); ++ NULL, "%s", devlist[minor].name); + } + + return tty_init(); diff --git a/drivers/char/mwave/tp3780i.c b/drivers/char/mwave/tp3780i.c -index c689697..04e6d6a 100644 +index c689697..04e6d6a2 100644 --- a/drivers/char/mwave/tp3780i.c +++ b/drivers/char/mwave/tp3780i.c @@ -479,6 +479,7 @@ int tp3780I_QueryAbilities(THINKPAD_BD_DATA * pBDData, MW_ABILITIES * pAbilities @@ -34045,7 +36070,7 @@ index 5c5cc00..ac9edb7 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/char/random.c b/drivers/char/random.c -index eccd7cc..98038d5 100644 +index 35487e8..dac8bd1 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -272,8 +272,13 @@ @@ -34211,10 +36236,10 @@ index 84ddc55..1d32f1e 100644 return 0; } diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c -index ce5f3fc..e2d3e55 100644 +index fc45567..fa2a590 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c -@@ -679,7 +679,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, +@@ -682,7 +682,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, if (to_user) { ssize_t ret; @@ -34223,7 +36248,7 @@ index ce5f3fc..e2d3e55 100644 if (ret) return -EFAULT; } else { -@@ -778,7 +778,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf, +@@ -785,7 +785,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf, if (!port_has_data(port) && !port->host_connected) return 0; @@ -34232,11 +36257,49 @@ index ce5f3fc..e2d3e55 100644 } static int wait_port_writable(struct port *port, bool nonblock) +diff --git a/drivers/clk/clk-composite.c b/drivers/clk/clk-composite.c +index a33f46f..a720eed 100644 +--- a/drivers/clk/clk-composite.c ++++ b/drivers/clk/clk-composite.c +@@ -122,7 +122,7 @@ struct clk *clk_register_composite(struct device *dev, const char *name, + struct clk *clk; + struct clk_init_data init; + struct clk_composite *composite; +- struct clk_ops *clk_composite_ops; ++ clk_ops_no_const *clk_composite_ops; + + composite = kzalloc(sizeof(*composite), GFP_KERNEL); + if (!composite) { +diff --git a/drivers/clk/socfpga/clk.c b/drivers/clk/socfpga/clk.c +index bd11315..7f87098 100644 +--- a/drivers/clk/socfpga/clk.c ++++ b/drivers/clk/socfpga/clk.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + + /* Clock Manager offsets */ + #define CLKMGR_CTRL 0x0 +@@ -135,8 +136,10 @@ static __init struct clk *socfpga_clk_init(struct device_node *node, + if (strcmp(clk_name, "main_pll") || strcmp(clk_name, "periph_pll") || + strcmp(clk_name, "sdram_pll")) { + socfpga_clk->hw.bit_idx = SOCFPGA_PLL_EXT_ENA; +- clk_pll_ops.enable = clk_gate_ops.enable; +- clk_pll_ops.disable = clk_gate_ops.disable; ++ pax_open_kernel(); ++ *(void **)&clk_pll_ops.enable = clk_gate_ops.enable; ++ *(void **)&clk_pll_ops.disable = clk_gate_ops.disable; ++ pax_close_kernel(); + } + + clk = clk_register(NULL, &socfpga_clk->hw.hw); diff --git a/drivers/clocksource/arm_arch_timer.c b/drivers/clocksource/arm_arch_timer.c -index d7ad425..3e3f81f 100644 +index a2b2541..bc1e7ff 100644 --- a/drivers/clocksource/arm_arch_timer.c +++ b/drivers/clocksource/arm_arch_timer.c -@@ -262,7 +262,7 @@ static int __cpuinit arch_timer_cpu_notify(struct notifier_block *self, +@@ -264,7 +264,7 @@ static int __cpuinit arch_timer_cpu_notify(struct notifier_block *self, return NOTIFY_OK; } @@ -34245,6 +36308,19 @@ index d7ad425..3e3f81f 100644 .notifier_call = arch_timer_cpu_notify, }; +diff --git a/drivers/clocksource/bcm_kona_timer.c b/drivers/clocksource/bcm_kona_timer.c +index 350f493..489479e 100644 +--- a/drivers/clocksource/bcm_kona_timer.c ++++ b/drivers/clocksource/bcm_kona_timer.c +@@ -199,7 +199,7 @@ static struct irqaction kona_timer_irq = { + .handler = kona_timer_interrupt, + }; + +-static void __init kona_timer_init(void) ++static void __init kona_timer_init(struct device_node *np) + { + kona_timers_init(); + kona_timer_clockevents_init(); diff --git a/drivers/clocksource/metag_generic.c b/drivers/clocksource/metag_generic.c index ade7513..069445f 100644 --- a/drivers/clocksource/metag_generic.c @@ -34259,7 +36335,7 @@ index ade7513..069445f 100644 }; diff --git a/drivers/cpufreq/acpi-cpufreq.c b/drivers/cpufreq/acpi-cpufreq.c -index 57a8774..545e993 100644 +index edc089e..bc7c0bc 100644 --- a/drivers/cpufreq/acpi-cpufreq.c +++ b/drivers/cpufreq/acpi-cpufreq.c @@ -172,7 +172,7 @@ static ssize_t show_global_boost(struct kobject *kobj, @@ -34271,7 +36347,7 @@ index 57a8774..545e993 100644 show_global_boost, store_global_boost); -@@ -712,8 +712,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy) +@@ -705,8 +705,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy) data->acpi_data = per_cpu_ptr(acpi_perf_data, cpu); per_cpu(acfreq_data, cpu) = data; @@ -34285,7 +36361,7 @@ index 57a8774..545e993 100644 result = acpi_processor_register_performance(data->acpi_data, cpu); if (result) -@@ -839,7 +842,9 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy) +@@ -832,7 +835,9 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy) policy->cur = acpi_cpufreq_guess_freq(data, policy->cpu); break; case ACPI_ADR_SPACE_FIXED_HARDWARE: @@ -34296,7 +36372,7 @@ index 57a8774..545e993 100644 policy->cur = get_cur_freq_on_cpu(cpu); break; default: -@@ -850,8 +855,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy) +@@ -843,8 +848,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy) acpi_processor_notify_smm(THIS_MODULE); /* Check for APERF/MPERF support in hardware */ @@ -34311,10 +36387,10 @@ index 57a8774..545e993 100644 pr_debug("CPU%u - ACPI performance management activated.\n", cpu); for (i = 0; i < perf->state_count; i++) diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c -index b02824d..51e44aa 100644 +index 6485547..477033e 100644 --- a/drivers/cpufreq/cpufreq.c +++ b/drivers/cpufreq/cpufreq.c -@@ -1813,7 +1813,7 @@ static int __cpuinit cpufreq_cpu_callback(struct notifier_block *nfb, +@@ -1854,7 +1854,7 @@ static int __cpuinit cpufreq_cpu_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -34323,7 +36399,7 @@ index b02824d..51e44aa 100644 .notifier_call = cpufreq_cpu_callback, }; -@@ -1845,8 +1845,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) +@@ -1886,8 +1886,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) pr_debug("trying to register driver %s\n", driver_data->name); @@ -34335,36 +36411,77 @@ index b02824d..51e44aa 100644 + pax_close_kernel(); + } - spin_lock_irqsave(&cpufreq_driver_lock, flags); + write_lock_irqsave(&cpufreq_driver_lock, flags); if (cpufreq_driver) { diff --git a/drivers/cpufreq/cpufreq_governor.c b/drivers/cpufreq/cpufreq_governor.c -index 5a76086..0f4d394 100644 +index a86ff72..aad2b03 100644 --- a/drivers/cpufreq/cpufreq_governor.c +++ b/drivers/cpufreq/cpufreq_governor.c -@@ -201,8 +201,8 @@ int cpufreq_governor_dbs(struct dbs_data *dbs_data, - { +@@ -235,7 +235,7 @@ int cpufreq_governor_dbs(struct cpufreq_policy *policy, + struct dbs_data *dbs_data; struct od_cpu_dbs_info_s *od_dbs_info = NULL; struct cs_cpu_dbs_info_s *cs_dbs_info = NULL; -- struct cs_ops *cs_ops = NULL; - struct od_ops *od_ops = NULL; -+ const struct cs_ops *cs_ops = NULL; + const struct od_ops *od_ops = NULL; - struct od_dbs_tuners *od_tuners = dbs_data->tuners; - struct cs_dbs_tuners *cs_tuners = dbs_data->tuners; + struct od_dbs_tuners *od_tuners = NULL; + struct cs_dbs_tuners *cs_tuners = NULL; struct cpu_dbs_common_info *cpu_cdbs; +@@ -298,7 +298,7 @@ int cpufreq_governor_dbs(struct cpufreq_policy *policy, + + if ((cdata->governor == GOV_CONSERVATIVE) && + (!policy->governor->initialized)) { +- struct cs_ops *cs_ops = dbs_data->cdata->gov_ops; ++ const struct cs_ops *cs_ops = dbs_data->cdata->gov_ops; + + cpufreq_register_notifier(cs_ops->notifier_block, + CPUFREQ_TRANSITION_NOTIFIER); +@@ -315,7 +315,7 @@ int cpufreq_governor_dbs(struct cpufreq_policy *policy, + + if ((dbs_data->cdata->governor == GOV_CONSERVATIVE) && + (policy->governor->initialized == 1)) { +- struct cs_ops *cs_ops = dbs_data->cdata->gov_ops; ++ const struct cs_ops *cs_ops = dbs_data->cdata->gov_ops; + + cpufreq_unregister_notifier(cs_ops->notifier_block, + CPUFREQ_TRANSITION_NOTIFIER); diff --git a/drivers/cpufreq/cpufreq_governor.h b/drivers/cpufreq/cpufreq_governor.h -index cc4bd2f..ad142bc 100644 +index 0d9e6be..461fd3b 100644 --- a/drivers/cpufreq/cpufreq_governor.h +++ b/drivers/cpufreq/cpufreq_governor.h -@@ -142,7 +142,7 @@ struct dbs_data { - void (*gov_check_cpu)(int cpu, unsigned int load); +@@ -204,7 +204,7 @@ struct common_dbs_data { + void (*exit)(struct dbs_data *dbs_data); /* Governor specific ops, see below */ - void *gov_ops; + const void *gov_ops; }; - /* Governor specific ops, will be passed to dbs_data->gov_ops */ + /* Governer Per policy data */ +diff --git a/drivers/cpufreq/cpufreq_ondemand.c b/drivers/cpufreq/cpufreq_ondemand.c +index c087347..dad6268 100644 +--- a/drivers/cpufreq/cpufreq_ondemand.c ++++ b/drivers/cpufreq/cpufreq_ondemand.c +@@ -615,14 +615,18 @@ void od_register_powersave_bias_handler(unsigned int (*f) + (struct cpufreq_policy *, unsigned int, unsigned int), + unsigned int powersave_bias) + { +- od_ops.powersave_bias_target = f; ++ pax_open_kernel(); ++ *(void **)&od_ops.powersave_bias_target = f; ++ pax_close_kernel(); + od_set_powersave_bias(powersave_bias); + } + EXPORT_SYMBOL_GPL(od_register_powersave_bias_handler); + + void od_unregister_powersave_bias_handler(void) + { +- od_ops.powersave_bias_target = generic_powersave_bias_target; ++ pax_open_kernel(); ++ *(void **)&od_ops.powersave_bias_target = generic_powersave_bias_target; ++ pax_close_kernel(); + od_set_powersave_bias(0); + } + EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler); diff --git a/drivers/cpufreq/cpufreq_stats.c b/drivers/cpufreq/cpufreq_stats.c index bfd6273..e39dd63 100644 --- a/drivers/cpufreq/cpufreq_stats.c @@ -34379,10 +36496,10 @@ index bfd6273..e39dd63 100644 .priority = 1, }; diff --git a/drivers/cpufreq/p4-clockmod.c b/drivers/cpufreq/p4-clockmod.c -index 827629c9..0bc6a03 100644 +index 421ef37..e708530c 100644 --- a/drivers/cpufreq/p4-clockmod.c +++ b/drivers/cpufreq/p4-clockmod.c -@@ -167,10 +167,14 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c) +@@ -160,10 +160,14 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c) case 0x0F: /* Core Duo */ case 0x16: /* Celeron Core */ case 0x1C: /* Atom */ @@ -34399,7 +36516,7 @@ index 827629c9..0bc6a03 100644 /* fall through */ case 0x09: /* Pentium M (Banias) */ return speedstep_get_frequency(SPEEDSTEP_CPU_PM); -@@ -182,7 +186,9 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c) +@@ -175,7 +179,9 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c) /* on P-4s, the TSC runs with constant frequency independent whether * throttling is active or not. */ @@ -34410,8 +36527,117 @@ index 827629c9..0bc6a03 100644 if (speedstep_detect_processor() == SPEEDSTEP_CPU_P4M) { printk(KERN_WARNING PFX "Warning: Pentium 4-M detected. " +diff --git a/drivers/cpufreq/sparc-us3-cpufreq.c b/drivers/cpufreq/sparc-us3-cpufreq.c +index c71ee14..7c2e183 100644 +--- a/drivers/cpufreq/sparc-us3-cpufreq.c ++++ b/drivers/cpufreq/sparc-us3-cpufreq.c +@@ -18,14 +18,12 @@ + #include + #include + +-static struct cpufreq_driver *cpufreq_us3_driver; +- + struct us3_freq_percpu_info { + struct cpufreq_frequency_table table[4]; + }; + + /* Indexed by cpu number. */ +-static struct us3_freq_percpu_info *us3_freq_table; ++static struct us3_freq_percpu_info us3_freq_table[NR_CPUS]; + + /* UltraSPARC-III has three dividers: 1, 2, and 32. These are controlled + * in the Safari config register. +@@ -186,12 +184,25 @@ static int __init us3_freq_cpu_init(struct cpufreq_policy *policy) + + static int us3_freq_cpu_exit(struct cpufreq_policy *policy) + { +- if (cpufreq_us3_driver) +- us3_set_cpu_divider_index(policy, 0); ++ us3_set_cpu_divider_index(policy->cpu, 0); + + return 0; + } + ++static int __init us3_freq_init(void); ++static void __exit us3_freq_exit(void); ++ ++static struct cpufreq_driver cpufreq_us3_driver = { ++ .init = us3_freq_cpu_init, ++ .verify = us3_freq_verify, ++ .target = us3_freq_target, ++ .get = us3_freq_get, ++ .exit = us3_freq_cpu_exit, ++ .owner = THIS_MODULE, ++ .name = "UltraSPARC-III", ++ ++}; ++ + static int __init us3_freq_init(void) + { + unsigned long manuf, impl, ver; +@@ -208,57 +219,15 @@ static int __init us3_freq_init(void) + (impl == CHEETAH_IMPL || + impl == CHEETAH_PLUS_IMPL || + impl == JAGUAR_IMPL || +- impl == PANTHER_IMPL)) { +- struct cpufreq_driver *driver; +- +- ret = -ENOMEM; +- driver = kzalloc(sizeof(struct cpufreq_driver), GFP_KERNEL); +- if (!driver) +- goto err_out; +- +- us3_freq_table = kzalloc( +- (NR_CPUS * sizeof(struct us3_freq_percpu_info)), +- GFP_KERNEL); +- if (!us3_freq_table) +- goto err_out; +- +- driver->init = us3_freq_cpu_init; +- driver->verify = us3_freq_verify; +- driver->target = us3_freq_target; +- driver->get = us3_freq_get; +- driver->exit = us3_freq_cpu_exit; +- driver->owner = THIS_MODULE, +- strcpy(driver->name, "UltraSPARC-III"); +- +- cpufreq_us3_driver = driver; +- ret = cpufreq_register_driver(driver); +- if (ret) +- goto err_out; +- +- return 0; +- +-err_out: +- if (driver) { +- kfree(driver); +- cpufreq_us3_driver = NULL; +- } +- kfree(us3_freq_table); +- us3_freq_table = NULL; +- return ret; +- } ++ impl == PANTHER_IMPL)) ++ return cpufreq_register_driver(&cpufreq_us3_driver); + + return -ENODEV; + } + + static void __exit us3_freq_exit(void) + { +- if (cpufreq_us3_driver) { +- cpufreq_unregister_driver(cpufreq_us3_driver); +- kfree(cpufreq_us3_driver); +- cpufreq_us3_driver = NULL; +- kfree(us3_freq_table); +- us3_freq_table = NULL; +- } ++ cpufreq_unregister_driver(&cpufreq_us3_driver); + } + + MODULE_AUTHOR("David S. Miller "); diff --git a/drivers/cpufreq/speedstep-centrino.c b/drivers/cpufreq/speedstep-centrino.c -index 3a953d5..f5993f6 100644 +index 618e6f4..e89d915 100644 --- a/drivers/cpufreq/speedstep-centrino.c +++ b/drivers/cpufreq/speedstep-centrino.c @@ -353,8 +353,11 @@ static int centrino_cpu_init(struct cpufreq_policy *policy) @@ -34429,10 +36655,10 @@ index 3a953d5..f5993f6 100644 if (policy->cpu != 0) return -ENODEV; diff --git a/drivers/cpuidle/cpuidle.c b/drivers/cpuidle/cpuidle.c -index eba6929..0f53baf 100644 +index c3a93fe..e808f24 100644 --- a/drivers/cpuidle/cpuidle.c +++ b/drivers/cpuidle/cpuidle.c -@@ -277,7 +277,7 @@ static int poll_idle(struct cpuidle_device *dev, +@@ -254,7 +254,7 @@ static int poll_idle(struct cpuidle_device *dev, static void poll_idle_init(struct cpuidle_driver *drv) { @@ -34477,9 +36703,18 @@ index 428754a..8bdf9cc 100644 .name = "cpuidle", }; diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c -index 3b36797..289c16a 100644 +index 3b36797..db0b0c0 100644 --- a/drivers/devfreq/devfreq.c +++ b/drivers/devfreq/devfreq.c +@@ -477,7 +477,7 @@ struct devfreq *devfreq_add_device(struct device *dev, + GFP_KERNEL); + devfreq->last_stat_updated = jiffies; + +- dev_set_name(&devfreq->dev, dev_name(dev)); ++ dev_set_name(&devfreq->dev, "%s", dev_name(dev)); + err = device_register(&devfreq->dev); + if (err) { + put_device(&devfreq->dev); @@ -588,7 +588,7 @@ int devfreq_add_governor(struct devfreq_governor *governor) goto err_out; } @@ -34512,10 +36747,10 @@ index b70709b..1d8d02a 100644 /* Run before NMI debug handler and KGDB */ diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c -index 769d92e..a3dcc1e 100644 +index c4d700a..0b57abd 100644 --- a/drivers/edac/edac_mc_sysfs.c +++ b/drivers/edac/edac_mc_sysfs.c -@@ -148,7 +148,7 @@ static const char *edac_caps[] = { +@@ -148,7 +148,7 @@ static const char * const edac_caps[] = { struct dev_ch_attribute { struct device_attribute attr; int channel; @@ -34524,7 +36759,7 @@ index 769d92e..a3dcc1e 100644 #define DEVICE_CHANNEL(_name, _mode, _show, _store, _var) \ struct dev_ch_attribute dev_attr_legacy_##_name = \ -@@ -1003,14 +1003,16 @@ int edac_create_sysfs_mci_device(struct mem_ctl_info *mci) +@@ -1005,14 +1005,16 @@ int edac_create_sysfs_mci_device(struct mem_ctl_info *mci) } if (mci->set_sdram_scrub_rate || mci->get_sdram_scrub_rate) { @@ -34667,22 +36902,8 @@ index 57ea7f4..789e3c3 100644 card->driver->update_phy_reg(card, 4, PHY_LINK_ACTIVE | PHY_CONTENDER, 0); -diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c -index 27ac423..13573e8 100644 ---- a/drivers/firewire/core-cdev.c -+++ b/drivers/firewire/core-cdev.c -@@ -1366,8 +1366,7 @@ static int init_iso_resource(struct client *client, - int ret; - - if ((request->channels == 0 && request->bandwidth == 0) || -- request->bandwidth > BANDWIDTH_AVAILABLE_INITIAL || -- request->bandwidth < 0) -+ request->bandwidth > BANDWIDTH_AVAILABLE_INITIAL) - return -EINVAL; - - r = kmalloc(sizeof(*r), GFP_KERNEL); diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c -index 03ce7d9..b70f5da 100644 +index 664a6ff..af13580 100644 --- a/drivers/firewire/core-device.c +++ b/drivers/firewire/core-device.c @@ -232,7 +232,7 @@ EXPORT_SYMBOL(fw_device_enable_phys_dma); @@ -34732,10 +36953,10 @@ index 94a58a0..f5eba42 100644 container_of(_dev_attr, struct dmi_device_attribute, dev_attr) diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c -index 4cd392d..4b629e1 100644 +index b95159b..841ae55 100644 --- a/drivers/firmware/dmi_scan.c +++ b/drivers/firmware/dmi_scan.c -@@ -490,11 +490,6 @@ void __init dmi_scan_machine(void) +@@ -497,11 +497,6 @@ void __init dmi_scan_machine(void) } } else { @@ -34747,7 +36968,7 @@ index 4cd392d..4b629e1 100644 p = dmi_ioremap(0xF0000, 0x10000); if (p == NULL) goto error; -@@ -769,7 +764,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *), +@@ -786,7 +781,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *), if (buf == NULL) return -1; @@ -34756,22 +36977,39 @@ index 4cd392d..4b629e1 100644 iounmap(buf); return 0; -diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c -index f4baa11..7970c3a 100644 ---- a/drivers/firmware/efivars.c -+++ b/drivers/firmware/efivars.c -@@ -139,7 +139,7 @@ struct efivar_attribute { +diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c +index 5145fa3..0d3babd 100644 +--- a/drivers/firmware/efi/efi.c ++++ b/drivers/firmware/efi/efi.c +@@ -65,14 +65,16 @@ static struct attribute_group efi_subsys_attr_group = { }; - static struct efivars __efivars; --static struct efivar_operations ops; -+static efivar_operations_no_const ops __read_only; + static struct efivars generic_efivars; +-static struct efivar_operations generic_ops; ++static efivar_operations_no_const generic_ops __read_only; - #define PSTORE_EFI_ATTRIBUTES \ - (EFI_VARIABLE_NON_VOLATILE | \ -@@ -1844,7 +1844,7 @@ efivar_create_sysfs_entry(struct efivars *efivars, + static int generic_ops_register(void) + { +- generic_ops.get_variable = efi.get_variable; +- generic_ops.set_variable = efi.set_variable; +- generic_ops.get_next_variable = efi.get_next_variable; +- generic_ops.query_variable_store = efi_query_variable_store; ++ pax_open_kernel(); ++ *(void **)&generic_ops.get_variable = efi.get_variable; ++ *(void **)&generic_ops.set_variable = efi.set_variable; ++ *(void **)&generic_ops.get_next_variable = efi.get_next_variable; ++ *(void **)&generic_ops.query_variable_store = efi_query_variable_store; ++ pax_close_kernel(); + + return efivars_register(&generic_efivars, &generic_ops, efi_kobj); + } +diff --git a/drivers/firmware/efi/efivars.c b/drivers/firmware/efi/efivars.c +index 8bd1bb6..c48b0c6 100644 +--- a/drivers/firmware/efi/efivars.c ++++ b/drivers/firmware/efi/efivars.c +@@ -452,7 +452,7 @@ efivar_create_sysfs_entry(struct efivar_entry *new_var) static int - create_efivars_bin_attributes(struct efivars *efivars) + create_efivars_bin_attributes(void) { - struct bin_attribute *attr; + bin_attribute_no_const *attr; @@ -34794,7 +37032,7 @@ index 2a90ba6..07f3733 100644 ret = sysfs_create_bin_file(firmware_kobj, &memconsole_bin_attr); diff --git a/drivers/gpio/gpio-ich.c b/drivers/gpio/gpio-ich.c -index de3c317..b7cd029 100644 +index e16d932..f0206ef 100644 --- a/drivers/gpio/gpio-ich.c +++ b/drivers/gpio/gpio-ich.c @@ -69,7 +69,7 @@ struct ichx_desc { @@ -34820,10 +37058,10 @@ index 9902732..64b62dd 100644 return -EINVAL; } diff --git a/drivers/gpu/drm/drm_crtc_helper.c b/drivers/gpu/drm/drm_crtc_helper.c -index 7b2d378..cc947ea 100644 +index ed1334e..ee0dd42 100644 --- a/drivers/gpu/drm/drm_crtc_helper.c +++ b/drivers/gpu/drm/drm_crtc_helper.c -@@ -319,7 +319,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder, +@@ -321,7 +321,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder, struct drm_crtc *tmp; int crtc_mask = 1; @@ -34833,7 +37071,7 @@ index 7b2d378..cc947ea 100644 dev = crtc->dev; diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c -index 25f91cd..a376f55 100644 +index 9cc247f..36aa285 100644 --- a/drivers/gpu/drm/drm_drv.c +++ b/drivers/gpu/drm/drm_drv.c @@ -306,7 +306,7 @@ module_exit(drm_core_exit); @@ -34848,7 +37086,7 @@ index 25f91cd..a376f55 100644 @@ -376,7 +376,7 @@ long drm_ioctl(struct file *filp, struct drm_file *file_priv = filp->private_data; struct drm_device *dev; - struct drm_ioctl_desc *ioctl; + const struct drm_ioctl_desc *ioctl = NULL; - drm_ioctl_t *func; + drm_ioctl_no_const_t func; unsigned int nr = DRM_IOCTL_NR(cmd); @@ -34862,7 +37100,7 @@ index 25f91cd..a376f55 100644 + atomic_inc_unchecked(&dev->counts[_DRM_STAT_IOCTLS]); ++file_priv->ioctl_count; - DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n", + if ((nr >= DRM_CORE_IOCTL_COUNT) && diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c index 429e07d..e681a2c 100644 --- a/drivers/gpu/drm/drm_fops.c @@ -35129,7 +37367,7 @@ index d752c96..fe08455 100644 if (drm_lock_free(&master->lock, lock->context)) { /* FIXME: Should really bail out here. */ diff --git a/drivers/gpu/drm/drm_stub.c b/drivers/gpu/drm/drm_stub.c -index 7d30802..42c6cbb 100644 +index 16f3ec5..b28f9ca 100644 --- a/drivers/gpu/drm/drm_stub.c +++ b/drivers/gpu/drm/drm_stub.c @@ -501,7 +501,7 @@ void drm_unplug_dev(struct drm_device *dev) @@ -35141,6 +37379,19 @@ index 7d30802..42c6cbb 100644 drm_put_dev(dev); } mutex_unlock(&drm_global_mutex); +diff --git a/drivers/gpu/drm/drm_sysfs.c b/drivers/gpu/drm/drm_sysfs.c +index 0229665..f61329c 100644 +--- a/drivers/gpu/drm/drm_sysfs.c ++++ b/drivers/gpu/drm/drm_sysfs.c +@@ -499,7 +499,7 @@ EXPORT_SYMBOL(drm_sysfs_hotplug_event); + int drm_sysfs_device_add(struct drm_minor *minor) + { + int err; +- char *minor_str; ++ const char *minor_str; + + minor->kdev.parent = minor->dev->dev; + diff --git a/drivers/gpu/drm/i810/i810_dma.c b/drivers/gpu/drm/i810/i810_dma.c index 004ecdf..db1f6e0 100644 --- a/drivers/gpu/drm/i810/i810_dma.c @@ -35183,7 +37434,7 @@ index 6e0acad..93c8289 100644 int front_offset; } drm_i810_private_t; diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c -index 7299ea4..5314487 100644 +index e913d32..4d9b351 100644 --- a/drivers/gpu/drm/i915/i915_debugfs.c +++ b/drivers/gpu/drm/i915/i915_debugfs.c @@ -499,7 +499,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data) @@ -35196,7 +37447,7 @@ index 7299ea4..5314487 100644 if (IS_GEN6(dev) || IS_GEN7(dev)) { seq_printf(m, diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c -index 4fa6beb..f930fec 100644 +index 17d9b0b..860e6d9 100644 --- a/drivers/gpu/drm/i915/i915_dma.c +++ b/drivers/gpu/drm/i915/i915_dma.c @@ -1259,7 +1259,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) @@ -35209,10 +37460,10 @@ index 4fa6beb..f930fec 100644 return can_switch; } diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h -index ef99b1c..09ce7fb 100644 +index 47d8b68..52f5d8d 100644 --- a/drivers/gpu/drm/i915/i915_drv.h +++ b/drivers/gpu/drm/i915/i915_drv.h -@@ -893,7 +893,7 @@ typedef struct drm_i915_private { +@@ -916,7 +916,7 @@ typedef struct drm_i915_private { drm_dma_handle_t *status_page_dmah; struct resource mch_res; @@ -35221,7 +37472,7 @@ index ef99b1c..09ce7fb 100644 /* protects the irq masks */ spinlock_t irq_lock; -@@ -1775,7 +1775,7 @@ extern struct i2c_adapter *intel_gmbus_get_adapter( +@@ -1813,7 +1813,7 @@ extern struct i2c_adapter *intel_gmbus_get_adapter( struct drm_i915_private *dev_priv, unsigned port); extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed); extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit); @@ -35231,10 +37482,10 @@ index ef99b1c..09ce7fb 100644 return container_of(adapter, struct intel_gmbus, adapter)->force_bit; } diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -index 9a48e1a..f0cbc3e 100644 +index 117ce38..eefd237 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -@@ -729,9 +729,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec) +@@ -727,9 +727,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec) static int validate_exec_list(struct drm_i915_gem_exec_object2 *exec, @@ -35246,15 +37497,6 @@ index 9a48e1a..f0cbc3e 100644 int relocs_total = 0; int relocs_max = INT_MAX / sizeof(struct drm_i915_gem_relocation_entry); -@@ -1195,7 +1195,7 @@ i915_gem_execbuffer2(struct drm_device *dev, void *data, - return -ENOMEM; - } - ret = copy_from_user(exec2_list, -- (struct drm_i915_relocation_entry __user *) -+ (struct drm_i915_gem_exec_object2 __user *) - (uintptr_t) args->buffers_ptr, - sizeof(*exec2_list) * args->buffer_count); - if (ret != 0) { diff --git a/drivers/gpu/drm/i915/i915_ioc32.c b/drivers/gpu/drm/i915/i915_ioc32.c index 3c59584..500f2e9 100644 --- a/drivers/gpu/drm/i915/i915_ioc32.c @@ -35291,10 +37533,10 @@ index 3c59584..500f2e9 100644 return ret; diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c -index 3c7bb04..182e049 100644 +index e5e32869..1678f36 100644 --- a/drivers/gpu/drm/i915/i915_irq.c +++ b/drivers/gpu/drm/i915/i915_irq.c -@@ -549,7 +549,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg) +@@ -670,7 +670,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg) int pipe; u32 pipe_stats[I915_MAX_PIPES]; @@ -35303,7 +37545,7 @@ index 3c7bb04..182e049 100644 while (true) { iir = I915_READ(VLV_IIR); -@@ -705,7 +705,7 @@ static irqreturn_t ivybridge_irq_handler(int irq, void *arg) +@@ -835,7 +835,7 @@ static irqreturn_t ivybridge_irq_handler(int irq, void *arg) irqreturn_t ret = IRQ_NONE; int i; @@ -35312,7 +37554,7 @@ index 3c7bb04..182e049 100644 /* disable master interrupt before clearing iir */ de_ier = I915_READ(DEIER); -@@ -791,7 +791,7 @@ static irqreturn_t ironlake_irq_handler(int irq, void *arg) +@@ -925,7 +925,7 @@ static irqreturn_t ironlake_irq_handler(int irq, void *arg) int ret = IRQ_NONE; u32 de_iir, gt_iir, de_ier, pm_iir, sde_ier; @@ -35321,7 +37563,7 @@ index 3c7bb04..182e049 100644 /* disable master interrupt before clearing iir */ de_ier = I915_READ(DEIER); -@@ -1886,7 +1886,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) +@@ -2089,7 +2089,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) { drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; @@ -35330,7 +37572,7 @@ index 3c7bb04..182e049 100644 I915_WRITE(HWSTAM, 0xeffe); -@@ -1912,7 +1912,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev) +@@ -2124,7 +2124,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -35339,7 +37581,7 @@ index 3c7bb04..182e049 100644 /* VLV magic */ I915_WRITE(VLV_IMR, 0); -@@ -2208,7 +2208,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev) +@@ -2411,7 +2411,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -35348,7 +37590,7 @@ index 3c7bb04..182e049 100644 for_each_pipe(pipe) I915_WRITE(PIPESTAT(pipe), 0); -@@ -2259,7 +2259,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg) +@@ -2490,7 +2490,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg) I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT | I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT; @@ -35357,7 +37599,7 @@ index 3c7bb04..182e049 100644 iir = I915_READ16(IIR); if (iir == 0) -@@ -2344,7 +2344,7 @@ static void i915_irq_preinstall(struct drm_device * dev) +@@ -2565,7 +2565,7 @@ static void i915_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -35366,8 +37608,8 @@ index 3c7bb04..182e049 100644 if (I915_HAS_HOTPLUG(dev)) { I915_WRITE(PORT_HOTPLUG_EN, 0); -@@ -2448,7 +2448,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg) - }; +@@ -2664,7 +2664,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg) + I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT; int pipe, ret = IRQ_NONE; - atomic_inc(&dev_priv->irq_received); @@ -35375,7 +37617,7 @@ index 3c7bb04..182e049 100644 iir = I915_READ(IIR); do { -@@ -2574,7 +2574,7 @@ static void i965_irq_preinstall(struct drm_device * dev) +@@ -2791,7 +2791,7 @@ static void i965_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -35384,9 +37626,9 @@ index 3c7bb04..182e049 100644 I915_WRITE(PORT_HOTPLUG_EN, 0); I915_WRITE(PORT_HOTPLUG_STAT, I915_READ(PORT_HOTPLUG_STAT)); -@@ -2690,7 +2690,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg) - int irq_received; - int ret = IRQ_NONE, pipe; +@@ -2898,7 +2898,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg) + I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT | + I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT; - atomic_inc(&dev_priv->irq_received); + atomic_inc_unchecked(&dev_priv->irq_received); @@ -35394,10 +37636,10 @@ index 3c7bb04..182e049 100644 iir = I915_READ(IIR); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index c2d173a..f4357cc 100644 +index eea5982..eeef407 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -8722,13 +8722,13 @@ struct intel_quirk { +@@ -8935,13 +8935,13 @@ struct intel_quirk { int subsystem_vendor; int subsystem_device; void (*hook)(struct drm_device *dev); @@ -35413,7 +37655,7 @@ index c2d173a..f4357cc 100644 static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) { -@@ -8736,18 +8736,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) +@@ -8949,18 +8949,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) return 1; } @@ -35536,7 +37778,7 @@ index 598c281..60d590e 100644 *sequence = cur_fence; diff --git a/drivers/gpu/drm/nouveau/nouveau_bios.c b/drivers/gpu/drm/nouveau/nouveau_bios.c -index 50a6dd0..ea66ed8 100644 +index 6aa2137..fe8dc55 100644 --- a/drivers/gpu/drm/nouveau/nouveau_bios.c +++ b/drivers/gpu/drm/nouveau/nouveau_bios.c @@ -965,7 +965,7 @@ static int parse_bit_tmds_tbl_entry(struct drm_device *dev, struct nvbios *bios, @@ -35549,10 +37791,10 @@ index 50a6dd0..ea66ed8 100644 #define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry }) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.h b/drivers/gpu/drm/nouveau/nouveau_drm.h -index 9c39baf..30a22be 100644 +index f2b30f8..d0f9a95 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.h +++ b/drivers/gpu/drm/nouveau/nouveau_drm.h -@@ -81,7 +81,7 @@ struct nouveau_drm { +@@ -92,7 +92,7 @@ struct nouveau_drm { struct drm_global_reference mem_global_ref; struct ttm_bo_global_ref bo_global_ref; struct ttm_bo_device bdev; @@ -35609,6 +37851,71 @@ index 25d3495..d81aaf6 100644 spin_unlock(&dev->count_lock); return can_switch; } +diff --git a/drivers/gpu/drm/qxl/qxl_ttm.c b/drivers/gpu/drm/qxl/qxl_ttm.c +index 489cb8c..0b8d0d3 100644 +--- a/drivers/gpu/drm/qxl/qxl_ttm.c ++++ b/drivers/gpu/drm/qxl/qxl_ttm.c +@@ -103,7 +103,7 @@ static void qxl_ttm_global_fini(struct qxl_device *qdev) + } + } + +-static struct vm_operations_struct qxl_ttm_vm_ops; ++static vm_operations_struct_no_const qxl_ttm_vm_ops __read_only; + static const struct vm_operations_struct *ttm_vm_ops; + + static int qxl_ttm_fault(struct vm_area_struct *vma, struct vm_fault *vmf) +@@ -147,8 +147,10 @@ int qxl_mmap(struct file *filp, struct vm_area_struct *vma) + return r; + if (unlikely(ttm_vm_ops == NULL)) { + ttm_vm_ops = vma->vm_ops; ++ pax_open_kernel(); + qxl_ttm_vm_ops = *ttm_vm_ops; + qxl_ttm_vm_ops.fault = &qxl_ttm_fault; ++ pax_close_kernel(); + } + vma->vm_ops = &qxl_ttm_vm_ops; + return 0; +@@ -556,25 +558,23 @@ static int qxl_mm_dump_table(struct seq_file *m, void *data) + static int qxl_ttm_debugfs_init(struct qxl_device *qdev) + { + #if defined(CONFIG_DEBUG_FS) +- static struct drm_info_list qxl_mem_types_list[QXL_DEBUGFS_MEM_TYPES]; +- static char qxl_mem_types_names[QXL_DEBUGFS_MEM_TYPES][32]; +- unsigned i; ++ static struct drm_info_list qxl_mem_types_list[QXL_DEBUGFS_MEM_TYPES] = { ++ { ++ .name = "qxl_mem_mm", ++ .show = &qxl_mm_dump_table, ++ }, ++ { ++ .name = "qxl_surf_mm", ++ .show = &qxl_mm_dump_table, ++ } ++ }; + +- for (i = 0; i < QXL_DEBUGFS_MEM_TYPES; i++) { +- if (i == 0) +- sprintf(qxl_mem_types_names[i], "qxl_mem_mm"); +- else +- sprintf(qxl_mem_types_names[i], "qxl_surf_mm"); +- qxl_mem_types_list[i].name = qxl_mem_types_names[i]; +- qxl_mem_types_list[i].show = &qxl_mm_dump_table; +- qxl_mem_types_list[i].driver_features = 0; +- if (i == 0) +- qxl_mem_types_list[i].data = qdev->mman.bdev.man[TTM_PL_VRAM].priv; +- else +- qxl_mem_types_list[i].data = qdev->mman.bdev.man[TTM_PL_PRIV0].priv; ++ pax_open_kernel(); ++ *(void **)&qxl_mem_types_list[0].data = qdev->mman.bdev.man[TTM_PL_VRAM].priv; ++ *(void **)&qxl_mem_types_list[1].data = qdev->mman.bdev.man[TTM_PL_PRIV0].priv; ++ pax_close_kernel(); + +- } +- return qxl_debugfs_add_files(qdev, qxl_mem_types_list, i); ++ return qxl_debugfs_add_files(qdev, qxl_mem_types_list, QXL_DEBUGFS_MEM_TYPES); + #else + return 0; + #endif diff --git a/drivers/gpu/drm/r128/r128_cce.c b/drivers/gpu/drm/r128/r128_cce.c index d4660cf..70dbe65 100644 --- a/drivers/gpu/drm/r128/r128_cce.c @@ -35739,10 +38046,10 @@ index 5a82b6b..9e69c73 100644 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index 5073665..31d15a6 100644 +index b0dc0b6..a9bfe9c 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c -@@ -976,7 +976,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) +@@ -1014,7 +1014,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -35855,7 +38162,7 @@ index 4d20910..6726b6d 100644 DRM_DEBUG("pid=%d\n", DRM_CURRENTPID); diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c -index 6c0ce89..66f6d65 100644 +index 6c0ce89..57a2529 100644 --- a/drivers/gpu/drm/radeon/radeon_ttm.c +++ b/drivers/gpu/drm/radeon/radeon_ttm.c @@ -782,7 +782,7 @@ void radeon_ttm_set_active_vram_size(struct radeon_device *rdev, u64 size) @@ -35878,59 +38185,74 @@ index 6c0ce89..66f6d65 100644 } vma->vm_ops = &radeon_ttm_vm_ops; return 0; -@@ -862,28 +864,33 @@ static int radeon_ttm_debugfs_init(struct radeon_device *rdev) - sprintf(radeon_mem_types_names[i], "radeon_vram_mm"); - else - sprintf(radeon_mem_types_names[i], "radeon_gtt_mm"); +@@ -853,38 +855,33 @@ static int radeon_mm_dump_table(struct seq_file *m, void *data) + static int radeon_ttm_debugfs_init(struct radeon_device *rdev) + { + #if defined(CONFIG_DEBUG_FS) +- static struct drm_info_list radeon_mem_types_list[RADEON_DEBUGFS_MEM_TYPES+2]; +- static char radeon_mem_types_names[RADEON_DEBUGFS_MEM_TYPES+2][32]; ++ static struct drm_info_list radeon_mem_types_list[RADEON_DEBUGFS_MEM_TYPES+2] = { ++ { ++ .name = "radeon_vram_mm", ++ .show = &radeon_mm_dump_table, ++ }, ++ { ++ .name = "radeon_gtt_mm", ++ .show = &radeon_mm_dump_table, ++ }, ++ { ++ .name = "ttm_page_pool", ++ .show = &ttm_page_alloc_debugfs, ++ }, ++ { ++ .name = "ttm_dma_page_pool", ++ .show = &ttm_dma_page_alloc_debugfs, ++ }, ++ }; + unsigned i; + +- for (i = 0; i < RADEON_DEBUGFS_MEM_TYPES; i++) { +- if (i == 0) +- sprintf(radeon_mem_types_names[i], "radeon_vram_mm"); +- else +- sprintf(radeon_mem_types_names[i], "radeon_gtt_mm"); - radeon_mem_types_list[i].name = radeon_mem_types_names[i]; - radeon_mem_types_list[i].show = &radeon_mm_dump_table; - radeon_mem_types_list[i].driver_features = 0; -+ pax_open_kernel(); -+ *(const char **)&radeon_mem_types_list[i].name = radeon_mem_types_names[i]; -+ *(void **)&radeon_mem_types_list[i].show = &radeon_mm_dump_table; -+ *(u32 *)&radeon_mem_types_list[i].driver_features = 0; - if (i == 0) +- if (i == 0) - radeon_mem_types_list[i].data = rdev->mman.bdev.man[TTM_PL_VRAM].priv; -+ *(void **)&radeon_mem_types_list[i].data = rdev->mman.bdev.man[TTM_PL_VRAM].priv; - else +- else - radeon_mem_types_list[i].data = rdev->mman.bdev.man[TTM_PL_TT].priv; - -+ *(void **)&radeon_mem_types_list[i].data = rdev->mman.bdev.man[TTM_PL_TT].priv; -+ pax_close_kernel(); - } - /* Add ttm page pool to debugfs */ - sprintf(radeon_mem_types_names[i], "ttm_page_pool"); +- } +- /* Add ttm page pool to debugfs */ +- sprintf(radeon_mem_types_names[i], "ttm_page_pool"); - radeon_mem_types_list[i].name = radeon_mem_types_names[i]; - radeon_mem_types_list[i].show = &ttm_page_alloc_debugfs; - radeon_mem_types_list[i].driver_features = 0; - radeon_mem_types_list[i++].data = NULL; + pax_open_kernel(); -+ *(const char **)&radeon_mem_types_list[i].name = radeon_mem_types_names[i]; -+ *(void **)&radeon_mem_types_list[i].show = &ttm_page_alloc_debugfs; -+ *(u32 *)&radeon_mem_types_list[i].driver_features = 0; -+ *(void **)&radeon_mem_types_list[i++].data = NULL; ++ *(void **)&radeon_mem_types_list[0].data = rdev->mman.bdev.man[TTM_PL_VRAM].priv; ++ *(void **)&radeon_mem_types_list[1].data = rdev->mman.bdev.man[TTM_PL_TT].priv; + pax_close_kernel(); #ifdef CONFIG_SWIOTLB - if (swiotlb_nr_tbl()) { - sprintf(radeon_mem_types_names[i], "ttm_dma_page_pool"); +- if (swiotlb_nr_tbl()) { +- sprintf(radeon_mem_types_names[i], "ttm_dma_page_pool"); - radeon_mem_types_list[i].name = radeon_mem_types_names[i]; - radeon_mem_types_list[i].show = &ttm_dma_page_alloc_debugfs; - radeon_mem_types_list[i].driver_features = 0; - radeon_mem_types_list[i++].data = NULL; -+ pax_open_kernel(); -+ *(const char **)&radeon_mem_types_list[i].name = radeon_mem_types_names[i]; -+ *(void **)&radeon_mem_types_list[i].show = &ttm_dma_page_alloc_debugfs; -+ *(u32 *)&radeon_mem_types_list[i].driver_features = 0; -+ *(void **)&radeon_mem_types_list[i++].data = NULL; -+ pax_close_kernel(); - } +- } ++ if (swiotlb_nr_tbl()) ++ i++; #endif return radeon_debugfs_add_files(rdev, radeon_mem_types_list, i); + diff --git a/drivers/gpu/drm/radeon/rs690.c b/drivers/gpu/drm/radeon/rs690.c -index 5706d2a..17aedaa 100644 +index 55880d5..9e95342 100644 --- a/drivers/gpu/drm/radeon/rs690.c +++ b/drivers/gpu/drm/radeon/rs690.c -@@ -304,9 +304,11 @@ static void rs690_crtc_bandwidth_compute(struct radeon_device *rdev, +@@ -327,9 +327,11 @@ static void rs690_crtc_bandwidth_compute(struct radeon_device *rdev, if (rdev->pm.max_bandwidth.full > rdev->pm.sideport_bandwidth.full && rdev->pm.sideport_bandwidth.full) rdev->pm.max_bandwidth = rdev->pm.sideport_bandwidth; @@ -35943,6 +38265,28 @@ index 5706d2a..17aedaa 100644 } else { if (rdev->pm.max_bandwidth.full > rdev->pm.k8_bandwidth.full && rdev->pm.k8_bandwidth.full) +diff --git a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c +index dbc2def..0a9f710 100644 +--- a/drivers/gpu/drm/ttm/ttm_memory.c ++++ b/drivers/gpu/drm/ttm/ttm_memory.c +@@ -264,7 +264,7 @@ static int ttm_mem_init_kernel_zone(struct ttm_mem_global *glob, + zone->glob = glob; + glob->zone_kernel = zone; + ret = kobject_init_and_add( +- &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, zone->name); ++ &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, "%s", zone->name); + if (unlikely(ret != 0)) { + kobject_put(&zone->kobj); + return ret; +@@ -347,7 +347,7 @@ static int ttm_mem_init_dma32_zone(struct ttm_mem_global *glob, + zone->glob = glob; + glob->zone_dma32 = zone; + ret = kobject_init_and_add( +- &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, zone->name); ++ &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, "%s", zone->name); + if (unlikely(ret != 0)) { + kobject_put(&zone->kobj); + return ret; diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c index bd2a3b4..122d9ad 100644 --- a/drivers/gpu/drm/ttm/ttm_page_alloc.c @@ -35960,7 +38304,7 @@ index bd2a3b4..122d9ad 100644 int shrink_pages = sc->nr_to_scan; diff --git a/drivers/gpu/drm/udl/udl_fb.c b/drivers/gpu/drm/udl/udl_fb.c -index 9f4be3d..cbc9fcc 100644 +index dc0c065..58a0782 100644 --- a/drivers/gpu/drm/udl/udl_fb.c +++ b/drivers/gpu/drm/udl/udl_fb.c @@ -367,7 +367,6 @@ static int udl_fb_release(struct fb_info *info, int user) @@ -36177,11 +38521,24 @@ index 8a8725c2..afed796 100644 else { marker = list_first_entry(&queue->head, struct vmw_marker, head); +diff --git a/drivers/gpu/host1x/drm/dc.c b/drivers/gpu/host1x/drm/dc.c +index 8c04943..4370ed9 100644 +--- a/drivers/gpu/host1x/drm/dc.c ++++ b/drivers/gpu/host1x/drm/dc.c +@@ -999,7 +999,7 @@ static int tegra_dc_debugfs_init(struct tegra_dc *dc, struct drm_minor *minor) + } + + for (i = 0; i < ARRAY_SIZE(debugfs_files); i++) +- dc->debugfs_files[i].data = dc; ++ *(void **)&dc->debugfs_files[i].data = dc; + + err = drm_debugfs_create_files(dc->debugfs_files, + ARRAY_SIZE(debugfs_files), diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index e6dbf09..3dd2540 100644 +index 402f486..f862d7e 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c -@@ -2268,7 +2268,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); +@@ -2275,7 +2275,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); int hid_add_device(struct hid_device *hdev) { @@ -36190,7 +38547,7 @@ index e6dbf09..3dd2540 100644 int ret; if (WARN_ON(hdev->status & HID_STAT_ADDED)) -@@ -2302,7 +2302,7 @@ int hid_add_device(struct hid_device *hdev) +@@ -2309,7 +2309,7 @@ int hid_add_device(struct hid_device *hdev) /* XXX hack, any other cleaner solution after the driver core * is converted to allow more than 20 bytes as the device name? */ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, @@ -36228,7 +38585,7 @@ index 0b122f8..b1d8160 100644 ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount); if (ret) diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c -index 7311589..861e9ef 100644 +index ae49237..380d4c9 100644 --- a/drivers/hv/hv.c +++ b/drivers/hv/hv.c @@ -112,7 +112,7 @@ static u64 do_hypercall(u64 control, void *input, void *output) @@ -36254,7 +38611,7 @@ index 12f2f9e..679603c 100644 /* * Represents channel interrupts. Each bit position represents a diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c -index bf421e0..ce2c897 100644 +index 4004e54..c2de226 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -668,10 +668,10 @@ int vmbus_device_register(struct hv_device *child_device_obj) @@ -36293,7 +38650,7 @@ index 6351aba..dc4aaf4 100644 int res = 0; diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c -index b41baff..4953e4d 100644 +index 62c2e32..8f2859a 100644 --- a/drivers/hwmon/applesmc.c +++ b/drivers/hwmon/applesmc.c @@ -1084,7 +1084,7 @@ static int applesmc_create_nodes(struct applesmc_node_group *groups, int num) @@ -36334,10 +38691,10 @@ index b25c643..a13460d 100644 { sysfs_attr_init(&attr->attr); diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c -index 3f1e297..a6cafb5 100644 +index 658ce3a..0d0c2f3 100644 --- a/drivers/hwmon/coretemp.c +++ b/drivers/hwmon/coretemp.c -@@ -791,7 +791,7 @@ static int __cpuinit coretemp_cpu_callback(struct notifier_block *nfb, +@@ -790,7 +790,7 @@ static int __cpuinit coretemp_cpu_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -36347,10 +38704,10 @@ index 3f1e297..a6cafb5 100644 }; diff --git a/drivers/hwmon/ibmaem.c b/drivers/hwmon/ibmaem.c -index a14f634..2916ee2 100644 +index 1429f6e..ee03d59 100644 --- a/drivers/hwmon/ibmaem.c +++ b/drivers/hwmon/ibmaem.c -@@ -925,7 +925,7 @@ static int aem_register_sensors(struct aem_data *data, +@@ -926,7 +926,7 @@ static int aem_register_sensors(struct aem_data *data, struct aem_rw_sensor_template *rw) { struct device *dev = &data->pdev->dev; @@ -36359,6 +38716,19 @@ index a14f634..2916ee2 100644 int err; /* Set up read-only sensors */ +diff --git a/drivers/hwmon/iio_hwmon.c b/drivers/hwmon/iio_hwmon.c +index 52b77af..aed1ddf 100644 +--- a/drivers/hwmon/iio_hwmon.c ++++ b/drivers/hwmon/iio_hwmon.c +@@ -73,7 +73,7 @@ static int iio_hwmon_probe(struct platform_device *pdev) + { + struct device *dev = &pdev->dev; + struct iio_hwmon_state *st; +- struct sensor_device_attribute *a; ++ sensor_device_attribute_no_const *a; + int ret, i; + int in_i = 1, temp_i = 1, curr_i = 1; + enum iio_chan_type type; diff --git a/drivers/hwmon/pmbus/pmbus_core.c b/drivers/hwmon/pmbus/pmbus_core.c index 9add6092..ee7ba3f 100644 --- a/drivers/hwmon/pmbus/pmbus_core.c @@ -36474,7 +38844,7 @@ index 76f157b..9c0db1b 100644 }; diff --git a/drivers/i2c/busses/i2c-amd756-s4882.c b/drivers/i2c/busses/i2c-amd756-s4882.c -index 378fcb5..5e91fa8 100644 +index 07f01ac..d79ad3d 100644 --- a/drivers/i2c/busses/i2c-amd756-s4882.c +++ b/drivers/i2c/busses/i2c-amd756-s4882.c @@ -43,7 +43,7 @@ @@ -36487,7 +38857,7 @@ index 378fcb5..5e91fa8 100644 /* Wrapper access functions for multiplexed SMBus */ static DEFINE_MUTEX(amd756_lock); diff --git a/drivers/i2c/busses/i2c-nforce2-s4985.c b/drivers/i2c/busses/i2c-nforce2-s4985.c -index 29015eb..af2d8e9 100644 +index 2ca268d..c6acbdf 100644 --- a/drivers/i2c/busses/i2c-nforce2-s4985.c +++ b/drivers/i2c/busses/i2c-nforce2-s4985.c @@ -41,7 +41,7 @@ @@ -36513,7 +38883,7 @@ index c3ccdea..5b3dc1a 100644 if (IS_ERR(rdwr_pa[i].buf)) { res = PTR_ERR(rdwr_pa[i].buf); diff --git a/drivers/ide/ide-cd.c b/drivers/ide/ide-cd.c -index 8126824..55a2798 100644 +index 2ff6204..218c16e 100644 --- a/drivers/ide/ide-cd.c +++ b/drivers/ide/ide-cd.c @@ -768,7 +768,7 @@ static void cdrom_do_block_pc(ide_drive_t *drive, struct request *rq) @@ -36526,7 +38896,7 @@ index 8126824..55a2798 100644 } } diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c -index 8848f16..f8e6dd8 100644 +index e145931..08bfc59 100644 --- a/drivers/iio/industrialio-core.c +++ b/drivers/iio/industrialio-core.c @@ -506,7 +506,7 @@ static ssize_t iio_write_channel_info(struct device *dev, @@ -36753,10 +39123,10 @@ index 9f5ad7c..588cd84 100644 } } diff --git a/drivers/infiniband/hw/cxgb4/mem.c b/drivers/infiniband/hw/cxgb4/mem.c -index 903a92d..9262548 100644 +index 4cb8eb2..146bf60 100644 --- a/drivers/infiniband/hw/cxgb4/mem.c +++ b/drivers/infiniband/hw/cxgb4/mem.c -@@ -122,7 +122,7 @@ static int write_tpt_entry(struct c4iw_rdev *rdev, u32 reset_tpt_entry, +@@ -249,7 +249,7 @@ static int write_tpt_entry(struct c4iw_rdev *rdev, u32 reset_tpt_entry, int err; struct fw_ri_tpte tpt; u32 stag_idx; @@ -36765,7 +39135,7 @@ index 903a92d..9262548 100644 if (c4iw_fatal_error(rdev)) return -EIO; -@@ -139,7 +139,7 @@ static int write_tpt_entry(struct c4iw_rdev *rdev, u32 reset_tpt_entry, +@@ -266,7 +266,7 @@ static int write_tpt_entry(struct c4iw_rdev *rdev, u32 reset_tpt_entry, if (rdev->stats.stag.cur > rdev->stats.stag.max) rdev->stats.stag.max = rdev->stats.stag.cur; mutex_unlock(&rdev->stats.lock); @@ -37169,7 +39539,7 @@ index 4166452..fc952c3 100644 } diff --git a/drivers/infiniband/hw/nes/nes_nic.c b/drivers/infiniband/hw/nes/nes_nic.c -index 85cf4d1..05d8e71 100644 +index 49eb511..a774366 100644 --- a/drivers/infiniband/hw/nes/nes_nic.c +++ b/drivers/infiniband/hw/nes/nes_nic.c @@ -1273,39 +1273,39 @@ static void nes_netdev_get_ethtool_stats(struct net_device *netdev, @@ -37335,7 +39705,7 @@ index 04c69af..5f92d00 100644 #include #include diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c -index d6cbfe9..6225402 100644 +index fa061d4..4a6957c 100644 --- a/drivers/input/joystick/xpad.c +++ b/drivers/input/joystick/xpad.c @@ -735,7 +735,7 @@ static void xpad_led_set(struct led_classdev *led_cdev, @@ -37405,10 +39775,10 @@ index 25fc597..558bf3b3 100644 serio->dev.release = serio_release_port; serio->dev.groups = serio_device_attr_groups; diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c -index b972d43..8943713 100644 +index d8f98b1..f62a640 100644 --- a/drivers/iommu/iommu.c +++ b/drivers/iommu/iommu.c -@@ -554,7 +554,7 @@ static struct notifier_block iommu_bus_nb = { +@@ -583,7 +583,7 @@ static struct notifier_block iommu_bus_nb = { static void iommu_bus_init(struct bus_type *bus, struct iommu_ops *ops) { bus_register_notifier(bus, &iommu_bus_nb); @@ -37418,10 +39788,19 @@ index b972d43..8943713 100644 /** diff --git a/drivers/iommu/irq_remapping.c b/drivers/iommu/irq_remapping.c -index 7c11ff3..5b2d7a7 100644 +index dcfea4e..f4226b2 100644 --- a/drivers/iommu/irq_remapping.c +++ b/drivers/iommu/irq_remapping.c -@@ -369,10 +369,12 @@ static void ir_print_prefix(struct irq_data *data, struct seq_file *p) +@@ -354,7 +354,7 @@ int setup_hpet_msi_remapped(unsigned int irq, unsigned int id) + void panic_if_irq_remap(const char *msg) + { + if (irq_remapping_enabled) +- panic(msg); ++ panic("%s", msg); + } + + static void ir_ack_apic_edge(struct irq_data *data) +@@ -375,10 +375,12 @@ static void ir_print_prefix(struct irq_data *data, struct seq_file *p) void irq_remap_modify_chip_defaults(struct irq_chip *chip) { @@ -37439,10 +39818,10 @@ index 7c11ff3..5b2d7a7 100644 bool setup_remapped_irq(int irq, struct irq_cfg *cfg, struct irq_chip *chip) diff --git a/drivers/irqchip/irq-gic.c b/drivers/irqchip/irq-gic.c -index fc6aebf..762c5f5 100644 +index 19ceaa6..3625818 100644 --- a/drivers/irqchip/irq-gic.c +++ b/drivers/irqchip/irq-gic.c -@@ -83,7 +83,7 @@ static u8 gic_cpu_map[NR_GIC_CPU_IF] __read_mostly; +@@ -84,7 +84,7 @@ static u8 gic_cpu_map[NR_GIC_CPU_IF] __read_mostly; * Supported arch specific GIC irq extension. * Default make them NULL. */ @@ -37451,7 +39830,7 @@ index fc6aebf..762c5f5 100644 .irq_eoi = NULL, .irq_mask = NULL, .irq_unmask = NULL, -@@ -332,7 +332,7 @@ static void gic_handle_cascade_irq(unsigned int irq, struct irq_desc *desc) +@@ -333,7 +333,7 @@ static void gic_handle_cascade_irq(unsigned int irq, struct irq_desc *desc) chained_irq_exit(chip, desc); } @@ -37461,7 +39840,7 @@ index fc6aebf..762c5f5 100644 .irq_mask = gic_mask_irq, .irq_unmask = gic_unmask_irq, diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c -index 89562a8..218999b 100644 +index ac6f72b..81150f2 100644 --- a/drivers/isdn/capi/capi.c +++ b/drivers/isdn/capi/capi.c @@ -81,8 +81,8 @@ struct capiminor { @@ -37501,39 +39880,8 @@ index 89562a8..218999b 100644 capimsg_setu32(skb->data, 8, mp->ncci); /* NCCI */ capimsg_setu32(skb->data, 12, (u32)(long)skb->data);/* Data32 */ capimsg_setu16(skb->data, 16, len); /* Data length */ -diff --git a/drivers/isdn/capi/kcapi.c b/drivers/isdn/capi/kcapi.c -index 9b1b274..c123709 100644 ---- a/drivers/isdn/capi/kcapi.c -+++ b/drivers/isdn/capi/kcapi.c -@@ -93,7 +93,7 @@ capi_ctr_put(struct capi_ctr *ctr) - - static inline struct capi_ctr *get_capi_ctr_by_nr(u16 contr) - { -- if (contr - 1 >= CAPI_MAXCONTR) -+ if (contr < 1 || contr - 1 >= CAPI_MAXCONTR) - return NULL; - - return capi_controller[contr - 1]; -@@ -103,7 +103,7 @@ static inline struct capi20_appl *__get_capi_appl_by_nr(u16 applid) - { - lockdep_assert_held(&capi_controller_lock); - -- if (applid - 1 >= CAPI_MAXAPPL) -+ if (applid < 1 || applid - 1 >= CAPI_MAXAPPL) - return NULL; - - return capi_applications[applid - 1]; -@@ -111,7 +111,7 @@ static inline struct capi20_appl *__get_capi_appl_by_nr(u16 applid) - - static inline struct capi20_appl *get_capi_appl_by_nr(u16 applid) - { -- if (applid - 1 >= CAPI_MAXAPPL) -+ if (applid < 1 || applid - 1 >= CAPI_MAXAPPL) - return NULL; - - return rcu_dereference(capi_applications[applid - 1]); diff --git a/drivers/isdn/gigaset/interface.c b/drivers/isdn/gigaset/interface.c -index e2b5396..c5486dc 100644 +index 600c79b..3752bab 100644 --- a/drivers/isdn/gigaset/interface.c +++ b/drivers/isdn/gigaset/interface.c @@ -130,9 +130,9 @@ static int if_open(struct tty_struct *tty, struct file *filp) @@ -37561,7 +39909,7 @@ index e2b5396..c5486dc 100644 mutex_unlock(&cs->mutex); diff --git a/drivers/isdn/hardware/avm/b1.c b/drivers/isdn/hardware/avm/b1.c -index 821f7ac..28d4030 100644 +index 4d9b195..455075c 100644 --- a/drivers/isdn/hardware/avm/b1.c +++ b/drivers/isdn/hardware/avm/b1.c @@ -176,7 +176,7 @@ int b1_load_t4file(avmcard *card, capiloaddatapart *t4file) @@ -37583,10 +39931,10 @@ index 821f7ac..28d4030 100644 } else { memcpy(buf, dp, left); diff --git a/drivers/isdn/i4l/isdn_tty.c b/drivers/isdn/i4l/isdn_tty.c -index ebaebdf..acd4405 100644 +index 3c5f249..5fac4d0 100644 --- a/drivers/isdn/i4l/isdn_tty.c +++ b/drivers/isdn/i4l/isdn_tty.c -@@ -1511,9 +1511,9 @@ isdn_tty_open(struct tty_struct *tty, struct file *filp) +@@ -1508,9 +1508,9 @@ isdn_tty_open(struct tty_struct *tty, struct file *filp) #ifdef ISDN_DEBUG_MODEM_OPEN printk(KERN_DEBUG "isdn_tty_open %s, count = %d\n", tty->name, @@ -37598,7 +39946,7 @@ index ebaebdf..acd4405 100644 port->tty = tty; /* * Start up serial port -@@ -1557,7 +1557,7 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp) +@@ -1554,7 +1554,7 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp) #endif return; } @@ -37607,7 +39955,7 @@ index ebaebdf..acd4405 100644 /* * Uh, oh. tty->count is 1, which means that the tty * structure will be freed. Info->count should always -@@ -1566,15 +1566,15 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp) +@@ -1563,15 +1563,15 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp) * serial port won't be shutdown. */ printk(KERN_ERR "isdn_tty_close: bad port count; tty->count is 1, " @@ -37629,7 +39977,7 @@ index ebaebdf..acd4405 100644 #ifdef ISDN_DEBUG_MODEM_OPEN printk(KERN_DEBUG "isdn_tty_close after info->count != 0\n"); #endif -@@ -1628,7 +1628,7 @@ isdn_tty_hangup(struct tty_struct *tty) +@@ -1625,7 +1625,7 @@ isdn_tty_hangup(struct tty_struct *tty) if (isdn_tty_paranoia_check(info, tty->name, "isdn_tty_hangup")) return; isdn_tty_shutdown(info); @@ -37638,7 +39986,7 @@ index ebaebdf..acd4405 100644 port->flags &= ~ASYNC_NORMAL_ACTIVE; port->tty = NULL; wake_up_interruptible(&port->open_wait); -@@ -1973,7 +1973,7 @@ isdn_tty_find_icall(int di, int ch, setup_parm *setup) +@@ -1970,7 +1970,7 @@ isdn_tty_find_icall(int di, int ch, setup_parm *setup) for (i = 0; i < ISDN_MAX_CHANNELS; i++) { modem_info *info = &dev->mdm.info[i]; @@ -37687,28 +40035,28 @@ index 64e204e..c6bf189 100644 .callback = ss4200_led_dmi_callback, .ident = "Intel SS4200-E", diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c -index a5ebc00..982886f 100644 +index 0bf1e4e..b4bf44e 100644 --- a/drivers/lguest/core.c +++ b/drivers/lguest/core.c -@@ -92,9 +92,17 @@ static __init int map_switcher(void) - * it's worked so far. The end address needs +1 because __get_vm_area - * allocates an extra guard page, so we need space for that. +@@ -97,9 +97,17 @@ static __init int map_switcher(void) + * The end address needs +1 because __get_vm_area allocates an + * extra guard page, so we need space for that. */ + -+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) + switcher_vma = __get_vm_area(TOTAL_SWITCHER_PAGES * PAGE_SIZE, -+ VM_ALLOC | VM_KERNEXEC, SWITCHER_ADDR, SWITCHER_ADDR ++ VM_ALLOC | VM_KERNEXEC, switcher_addr, switcher_addr + + (TOTAL_SWITCHER_PAGES+1) * PAGE_SIZE); +#else switcher_vma = __get_vm_area(TOTAL_SWITCHER_PAGES * PAGE_SIZE, - VM_ALLOC, SWITCHER_ADDR, SWITCHER_ADDR + VM_ALLOC, switcher_addr, switcher_addr + (TOTAL_SWITCHER_PAGES+1) * PAGE_SIZE); +#endif + if (!switcher_vma) { err = -ENOMEM; printk("lguest: could not map switcher pages high\n"); -@@ -119,7 +127,7 @@ static __init int map_switcher(void) +@@ -124,7 +132,7 @@ static __init int map_switcher(void) * Now the Switcher is mapped at the right address, we can't fail! * Copy in the compiled-in Switcher code (from x86/switcher_32.S). */ @@ -37718,10 +40066,10 @@ index a5ebc00..982886f 100644 printk(KERN_INFO "lguest: mapped switcher at %p\n", diff --git a/drivers/lguest/page_tables.c b/drivers/lguest/page_tables.c -index 3b62be16..e33134a 100644 +index 5b9ac32..2ef4f26 100644 --- a/drivers/lguest/page_tables.c +++ b/drivers/lguest/page_tables.c -@@ -532,7 +532,7 @@ void pin_page(struct lg_cpu *cpu, unsigned long vaddr) +@@ -559,7 +559,7 @@ void pin_page(struct lg_cpu *cpu, unsigned long vaddr) /*:*/ #ifdef CONFIG_X86_PAE @@ -37731,19 +40079,19 @@ index 3b62be16..e33134a 100644 /* If the entry's not present, there's nothing to release. */ if (pmd_flags(*spmd) & _PAGE_PRESENT) { diff --git a/drivers/lguest/x86/core.c b/drivers/lguest/x86/core.c -index 4af12e1..0e89afe 100644 +index f0a3347..f6608b2 100644 --- a/drivers/lguest/x86/core.c +++ b/drivers/lguest/x86/core.c @@ -59,7 +59,7 @@ static struct { /* Offset from where switcher.S was compiled to where we've copied it */ static unsigned long switcher_offset(void) { -- return SWITCHER_ADDR - (unsigned long)start_switcher_text; -+ return SWITCHER_ADDR - (unsigned long)ktla_ktva(start_switcher_text); +- return switcher_addr - (unsigned long)start_switcher_text; ++ return switcher_addr - (unsigned long)ktla_ktva(start_switcher_text); } - /* This cpu's struct lguest_pages. */ -@@ -100,7 +100,13 @@ static void copy_in_guest_info(struct lg_cpu *cpu, struct lguest_pages *pages) + /* This cpu's struct lguest_pages (after the Switcher text page) */ +@@ -99,7 +99,13 @@ static void copy_in_guest_info(struct lg_cpu *cpu, struct lguest_pages *pages) * These copies are pretty cheap, so we do them unconditionally: */ /* Save the current Host top-level page directory. */ @@ -37757,7 +40105,7 @@ index 4af12e1..0e89afe 100644 /* * Set up the Guest's page tables to see this CPU's pages (and no * other CPU's pages). -@@ -476,7 +482,7 @@ void __init lguest_arch_host_init(void) +@@ -475,7 +481,7 @@ void __init lguest_arch_host_init(void) * compiled-in switcher code and the high-mapped copy we just made. */ for (i = 0; i < IDT_ENTRIES; i++) @@ -37766,7 +40114,7 @@ index 4af12e1..0e89afe 100644 /* * Set up the Switcher's per-cpu areas. -@@ -559,7 +565,7 @@ void __init lguest_arch_host_init(void) +@@ -558,7 +564,7 @@ void __init lguest_arch_host_init(void) * it will be undisturbed when we switch. To change %cs and jump we * need this structure to feed to Intel's "lcall" instruction. */ @@ -37837,8 +40185,21 @@ index 40634b0..4f5855e 100644 // Every interrupt can come to us here // But we must truly tell each apart. +diff --git a/drivers/md/bcache/closure.h b/drivers/md/bcache/closure.h +index 0003992..854bbce 100644 +--- a/drivers/md/bcache/closure.h ++++ b/drivers/md/bcache/closure.h +@@ -622,7 +622,7 @@ static inline void closure_wake_up(struct closure_waitlist *list) + static inline void set_closure_fn(struct closure *cl, closure_fn *fn, + struct workqueue_struct *wq) + { +- BUG_ON(object_is_on_stack(cl)); ++ BUG_ON(object_starts_on_stack(cl)); + closure_set_ip(cl); + cl->fn = fn; + cl->wq = wq; diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c -index 4fd9d6a..834fa03 100644 +index 5a2c754..0fa55db 100644 --- a/drivers/md/bitmap.c +++ b/drivers/md/bitmap.c @@ -1779,7 +1779,7 @@ void bitmap_status(struct seq_file *seq, struct bitmap *bitmap) @@ -37851,10 +40212,10 @@ index 4fd9d6a..834fa03 100644 seq_printf(seq, "\n"); diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c -index aa04f02..2a1309e 100644 +index 81a79b7..87a0f73 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c -@@ -1694,7 +1694,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param) +@@ -1697,7 +1697,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param) cmd == DM_LIST_VERSIONS_CMD) return 0; @@ -37864,7 +40225,7 @@ index aa04f02..2a1309e 100644 DMWARN("name not supplied when creating device"); return -EINVAL; diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c -index d053098..05cc375 100644 +index 699b5be..eac0a15 100644 --- a/drivers/md/dm-raid1.c +++ b/drivers/md/dm-raid1.c @@ -40,7 +40,7 @@ enum dm_raid1_error { @@ -37940,7 +40301,7 @@ index d053098..05cc375 100644 return (test_bit(DM_RAID1_FLUSH_ERROR, &(m->error_type))) ? 'F' : diff --git a/drivers/md/dm-stripe.c b/drivers/md/dm-stripe.c -index 7b8b2b9..9c7d145 100644 +index d907ca6..cfb8384 100644 --- a/drivers/md/dm-stripe.c +++ b/drivers/md/dm-stripe.c @@ -20,7 +20,7 @@ struct stripe { @@ -37995,7 +40356,7 @@ index 1ff252a..ee384c1 100644 "start=%llu, len=%llu, dev_size=%llu", dm_device_name(ti->table->md), bdevname(bdev, b), diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c -index 00cee02..b89a29d 100644 +index 60bce43..9b997d0 100644 --- a/drivers/md/dm-thin-metadata.c +++ b/drivers/md/dm-thin-metadata.c @@ -397,7 +397,7 @@ static void __setup_btree_details(struct dm_pool_metadata *pmd) @@ -38017,7 +40378,7 @@ index 00cee02..b89a29d 100644 pmd->bl_info.value_type.inc = data_block_inc; pmd->bl_info.value_type.dec = data_block_dec; diff --git a/drivers/md/dm.c b/drivers/md/dm.c -index 9a0bdad..4df9543 100644 +index 33f2010..23fb84c 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -169,9 +169,9 @@ struct mapped_device { @@ -38032,7 +40393,7 @@ index 9a0bdad..4df9543 100644 struct list_head uevent_list; spinlock_t uevent_lock; /* Protect access to uevent_list */ -@@ -1879,8 +1879,8 @@ static struct mapped_device *alloc_dev(int minor) +@@ -1884,8 +1884,8 @@ static struct mapped_device *alloc_dev(int minor) rwlock_init(&md->map_lock); atomic_set(&md->holders, 1); atomic_set(&md->open_count, 0); @@ -38043,7 +40404,7 @@ index 9a0bdad..4df9543 100644 INIT_LIST_HEAD(&md->uevent_list); spin_lock_init(&md->uevent_lock); -@@ -2028,7 +2028,7 @@ static void event_callback(void *context) +@@ -2033,7 +2033,7 @@ static void event_callback(void *context) dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj); @@ -38052,7 +40413,7 @@ index 9a0bdad..4df9543 100644 wake_up(&md->eventq); } -@@ -2685,18 +2685,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, +@@ -2690,18 +2690,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, uint32_t dm_next_uevent_seq(struct mapped_device *md) { @@ -38075,10 +40436,10 @@ index 9a0bdad..4df9543 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index a4a93b9..4747b63 100644 +index 51f0345..c77810e 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c -@@ -240,10 +240,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); +@@ -234,10 +234,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); * start build, activate spare */ static DECLARE_WAIT_QUEUE_HEAD(md_event_waiters); @@ -38091,7 +40452,7 @@ index a4a93b9..4747b63 100644 wake_up(&md_event_waiters); } EXPORT_SYMBOL_GPL(md_new_event); -@@ -253,7 +253,7 @@ EXPORT_SYMBOL_GPL(md_new_event); +@@ -247,7 +247,7 @@ EXPORT_SYMBOL_GPL(md_new_event); */ static void md_new_event_inintr(struct mddev *mddev) { @@ -38100,7 +40461,7 @@ index a4a93b9..4747b63 100644 wake_up(&md_event_waiters); } -@@ -1507,7 +1507,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ +@@ -1501,7 +1501,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ if ((le32_to_cpu(sb->feature_map) & MD_FEATURE_RESHAPE_ACTIVE) && (le32_to_cpu(sb->feature_map) & MD_FEATURE_NEW_OFFSET)) rdev->new_data_offset += (s32)le32_to_cpu(sb->new_offset); @@ -38109,7 +40470,7 @@ index a4a93b9..4747b63 100644 rdev->sb_size = le32_to_cpu(sb->max_dev) * 2 + 256; bmask = queue_logical_block_size(rdev->bdev->bd_disk->queue)-1; -@@ -1751,7 +1751,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev) +@@ -1745,7 +1745,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev) else sb->resync_offset = cpu_to_le64(0); @@ -38118,7 +40479,7 @@ index a4a93b9..4747b63 100644 sb->raid_disks = cpu_to_le32(mddev->raid_disks); sb->size = cpu_to_le64(mddev->dev_sectors); -@@ -2751,7 +2751,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store); +@@ -2750,7 +2750,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store); static ssize_t errors_show(struct md_rdev *rdev, char *page) { @@ -38127,7 +40488,7 @@ index a4a93b9..4747b63 100644 } static ssize_t -@@ -2760,7 +2760,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len) +@@ -2759,7 +2759,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len) char *e; unsigned long n = simple_strtoul(buf, &e, 10); if (*buf && (*e == 0 || *e == '\n')) { @@ -38136,7 +40497,7 @@ index a4a93b9..4747b63 100644 return len; } return -EINVAL; -@@ -3210,8 +3210,8 @@ int md_rdev_init(struct md_rdev *rdev) +@@ -3207,8 +3207,8 @@ int md_rdev_init(struct md_rdev *rdev) rdev->sb_loaded = 0; rdev->bb_page = NULL; atomic_set(&rdev->nr_pending, 0); @@ -38147,7 +40508,7 @@ index a4a93b9..4747b63 100644 INIT_LIST_HEAD(&rdev->same_set); init_waitqueue_head(&rdev->blocked_wait); -@@ -6994,7 +6994,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -7009,7 +7009,7 @@ static int md_seq_show(struct seq_file *seq, void *v) spin_unlock(&pers_lock); seq_printf(seq, "\n"); @@ -38156,7 +40517,7 @@ index a4a93b9..4747b63 100644 return 0; } if (v == (void*)2) { -@@ -7097,7 +7097,7 @@ static int md_seq_open(struct inode *inode, struct file *file) +@@ -7112,7 +7112,7 @@ static int md_seq_open(struct inode *inode, struct file *file) return error; seq = file->private_data; @@ -38165,7 +40526,7 @@ index a4a93b9..4747b63 100644 return error; } -@@ -7111,7 +7111,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) +@@ -7126,7 +7126,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) /* always allow read */ mask = POLLIN | POLLRDNORM; @@ -38174,7 +40535,7 @@ index a4a93b9..4747b63 100644 mask |= POLLERR | POLLPRI; return mask; } -@@ -7155,7 +7155,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) +@@ -7170,7 +7170,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) struct gendisk *disk = rdev->bdev->bd_contains->bd_disk; curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + (int)part_stat_read(&disk->part0, sectors[1]) - @@ -38184,7 +40545,7 @@ index a4a93b9..4747b63 100644 * as sync_io is counted when a request starts, and * disk_stats is counted when it completes. diff --git a/drivers/md/md.h b/drivers/md/md.h -index d90fb1a..4174a2b 100644 +index 653f992b6..6af6c40 100644 --- a/drivers/md/md.h +++ b/drivers/md/md.h @@ -94,13 +94,13 @@ struct md_rdev { @@ -38213,22 +40574,22 @@ index d90fb1a..4174a2b 100644 struct md_personality diff --git a/drivers/md/persistent-data/dm-space-map.h b/drivers/md/persistent-data/dm-space-map.h -index 1cbfc6b..56e1dbb 100644 +index 3e6d115..ffecdeb 100644 --- a/drivers/md/persistent-data/dm-space-map.h +++ b/drivers/md/persistent-data/dm-space-map.h -@@ -60,6 +60,7 @@ struct dm_space_map { - int (*root_size)(struct dm_space_map *sm, size_t *result); - int (*copy_root)(struct dm_space_map *sm, void *copy_to_here_le, size_t len); +@@ -71,6 +71,7 @@ struct dm_space_map { + dm_sm_threshold_fn fn, + void *context); }; +typedef struct dm_space_map __no_const dm_space_map_no_const; /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index 6af167f..40c25a1 100644 +index 6f48244..7d29145 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c -@@ -1826,7 +1826,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) +@@ -1822,7 +1822,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) if (r1_sync_page_io(rdev, sect, s, bio->bi_io_vec[idx].bv_page, READ) != 0) @@ -38237,7 +40598,7 @@ index 6af167f..40c25a1 100644 } sectors -= s; sect += s; -@@ -2048,7 +2048,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, +@@ -2049,7 +2049,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, test_bit(In_sync, &rdev->flags)) { if (r1_sync_page_io(rdev, sect, s, conf->tmppage, READ)) { @@ -38247,10 +40608,10 @@ index 6af167f..40c25a1 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index 46c14e5..4db5966 100644 +index 081bb33..3c4b287 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c -@@ -1932,7 +1932,7 @@ static void end_sync_read(struct bio *bio, int error) +@@ -1940,7 +1940,7 @@ static void end_sync_read(struct bio *bio, int error) /* The write handler will notice the lack of * R10BIO_Uptodate and record any errors etc */ @@ -38259,7 +40620,7 @@ index 46c14e5..4db5966 100644 &conf->mirrors[d].rdev->corrected_errors); /* for reconstruct, we always reschedule after a read. -@@ -2281,7 +2281,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2298,7 +2298,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) { struct timespec cur_time_mon; unsigned long hours_since_last; @@ -38268,7 +40629,7 @@ index 46c14e5..4db5966 100644 ktime_get_ts(&cur_time_mon); -@@ -2303,9 +2303,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2320,9 +2320,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) * overflowing the shift of read_errors by hours_since_last. */ if (hours_since_last >= 8 * sizeof(read_errors)) @@ -38280,7 +40641,7 @@ index 46c14e5..4db5966 100644 } static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector, -@@ -2359,8 +2359,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2376,8 +2376,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 return; check_decay_read_errors(mddev, rdev); @@ -38291,7 +40652,7 @@ index 46c14e5..4db5966 100644 char b[BDEVNAME_SIZE]; bdevname(rdev->bdev, b); -@@ -2368,7 +2368,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2385,7 +2385,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 "md/raid10:%s: %s: Raid device exceeded " "read_error threshold [cur %d:max %d]\n", mdname(mddev), b, @@ -38300,7 +40661,7 @@ index 46c14e5..4db5966 100644 printk(KERN_NOTICE "md/raid10:%s: %s: Failing raid device\n", mdname(mddev), b); -@@ -2523,7 +2523,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2540,7 +2540,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 sect + choose_data_offset(r10_bio, rdev)), bdevname(rdev->bdev, b)); @@ -38310,10 +40671,10 @@ index 46c14e5..4db5966 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index f4e87bf..0d4ad3f 100644 +index a35b846..e295c6d 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c -@@ -1763,21 +1763,21 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1764,21 +1764,21 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), STRIPE_SECTORS, (unsigned long long)s, bdevname(rdev->bdev, b)); @@ -38339,7 +40700,7 @@ index f4e87bf..0d4ad3f 100644 if (test_bit(R5_ReadRepl, &sh->dev[i].flags)) printk_ratelimited( KERN_WARNING -@@ -1805,7 +1805,7 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1806,7 +1806,7 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), (unsigned long long)s, bdn); @@ -38375,7 +40736,7 @@ index 9b6c3bb..baeb5c7 100644 #if IS_ENABLED(CONFIG_DVB_DIB3000MB) extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config, diff --git a/drivers/media/pci/cx88/cx88-video.c b/drivers/media/pci/cx88/cx88-video.c -index bc78354..42c9459 100644 +index c7a9be1..683f6f8 100644 --- a/drivers/media/pci/cx88/cx88-video.c +++ b/drivers/media/pci/cx88/cx88-video.c @@ -50,9 +50,9 @@ MODULE_VERSION(CX88_VERSION); @@ -38392,7 +40753,7 @@ index bc78354..42c9459 100644 module_param_array(video_nr, int, NULL, 0444); module_param_array(vbi_nr, int, NULL, 0444); diff --git a/drivers/media/platform/omap/omap_vout.c b/drivers/media/platform/omap/omap_vout.c -index 96c4a17..1305a79 100644 +index d338b19..aae4f9e 100644 --- a/drivers/media/platform/omap/omap_vout.c +++ b/drivers/media/platform/omap/omap_vout.c @@ -63,7 +63,6 @@ enum omap_vout_channels { @@ -38403,7 +40764,7 @@ index 96c4a17..1305a79 100644 /* Variables configurable through module params*/ static u32 video1_numbuffers = 3; static u32 video2_numbuffers = 3; -@@ -1012,6 +1011,12 @@ static int omap_vout_open(struct file *file) +@@ -1015,6 +1014,12 @@ static int omap_vout_open(struct file *file) { struct videobuf_queue *q; struct omap_vout_device *vout = NULL; @@ -38416,7 +40777,7 @@ index 96c4a17..1305a79 100644 vout = video_drvdata(file); v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, "Entering %s\n", __func__); -@@ -1029,10 +1034,6 @@ static int omap_vout_open(struct file *file) +@@ -1032,10 +1037,6 @@ static int omap_vout_open(struct file *file) vout->type = V4L2_BUF_TYPE_VIDEO_OUTPUT; q = &vout->vbq; @@ -38467,7 +40828,7 @@ index b713403..53cb5ad 100644 if (done && done != layer->shadow_buf) vb2_buffer_done(&done->vb, VB2_BUF_STATE_DONE); diff --git a/drivers/media/platform/s5p-tv/mixer_video.c b/drivers/media/platform/s5p-tv/mixer_video.c -index 82142a2..6de47e8 100644 +index ef0efdf..8c78eb6 100644 --- a/drivers/media/platform/s5p-tv/mixer_video.c +++ b/drivers/media/platform/s5p-tv/mixer_video.c @@ -209,7 +209,7 @@ static void mxr_layer_default_geo(struct mxr_layer *layer) @@ -38521,7 +40882,7 @@ index 82142a2..6de47e8 100644 /* retrieve update selection rectangle */ res.left = target->x_offset; -@@ -938,13 +938,13 @@ static int start_streaming(struct vb2_queue *vq, unsigned int count) +@@ -954,13 +954,13 @@ static int start_streaming(struct vb2_queue *vq, unsigned int count) mxr_output_get(mdev); mxr_layer_update_output(layer); @@ -38537,7 +40898,7 @@ index 82142a2..6de47e8 100644 mxr_streamer_get(mdev); return 0; -@@ -1014,7 +1014,7 @@ static int stop_streaming(struct vb2_queue *vq) +@@ -1030,7 +1030,7 @@ static int stop_streaming(struct vb2_queue *vq) spin_unlock_irqrestore(&layer->enq_slock, flags); /* disabling layer in hardware */ @@ -38546,7 +40907,7 @@ index 82142a2..6de47e8 100644 /* remove one streamer */ mxr_streamer_put(mdev); /* allow changes in output configuration */ -@@ -1053,8 +1053,8 @@ void mxr_base_layer_unregister(struct mxr_layer *layer) +@@ -1069,8 +1069,8 @@ void mxr_base_layer_unregister(struct mxr_layer *layer) void mxr_layer_release(struct mxr_layer *layer) { @@ -38557,7 +40918,7 @@ index 82142a2..6de47e8 100644 } void mxr_base_layer_release(struct mxr_layer *layer) -@@ -1080,7 +1080,7 @@ struct mxr_layer *mxr_base_layer_create(struct mxr_device *mdev, +@@ -1096,7 +1096,7 @@ struct mxr_layer *mxr_base_layer_create(struct mxr_device *mdev, layer->mdev = mdev; layer->idx = idx; @@ -38580,10 +40941,10 @@ index 3d13a63..da31bf1 100644 .buffer_set = mxr_vp_buffer_set, .stream_set = mxr_vp_stream_set, diff --git a/drivers/media/radio/radio-cadet.c b/drivers/media/radio/radio-cadet.c -index 643d80a..56bb96b 100644 +index 545c04c..a14bded 100644 --- a/drivers/media/radio/radio-cadet.c +++ b/drivers/media/radio/radio-cadet.c -@@ -302,6 +302,8 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo +@@ -324,6 +324,8 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo unsigned char readbuf[RDS_BUFFER]; int i = 0; @@ -38592,7 +40953,7 @@ index 643d80a..56bb96b 100644 mutex_lock(&dev->lock); if (dev->rdsstat == 0) cadet_start_rds(dev); -@@ -317,7 +319,7 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo +@@ -339,7 +341,7 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo while (i < count && dev->rdsin != dev->rdsout) readbuf[i++] = dev->rdsbuf[dev->rdsout++]; @@ -38615,10 +40976,10 @@ index 3940bb0..fb3952a 100644 static int dib7070_set_param_override(struct dvb_frontend *fe) { diff --git a/drivers/media/usb/dvb-usb/dw2102.c b/drivers/media/usb/dvb-usb/dw2102.c -index 9578a67..31aa652 100644 +index 6e237b6..dc25556 100644 --- a/drivers/media/usb/dvb-usb/dw2102.c +++ b/drivers/media/usb/dvb-usb/dw2102.c -@@ -115,7 +115,7 @@ struct su3000_state { +@@ -118,7 +118,7 @@ struct su3000_state { struct s6x0_state { int (*old_set_voltage)(struct dvb_frontend *f, fe_sec_voltage_t v); @@ -38628,7 +40989,7 @@ index 9578a67..31aa652 100644 /* debug */ static int dvb_usb_dw2102_debug; diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c -index 7157af3..139e91a 100644 +index f129551..ecf6514 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -326,7 +326,7 @@ struct v4l2_buffer32 { @@ -38659,40 +41020,10 @@ index 7157af3..139e91a 100644 return 0; } diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c -index aa6e7c7..cb5de87 100644 +index 7658586..1079260 100644 --- a/drivers/media/v4l2-core/v4l2-ioctl.c +++ b/drivers/media/v4l2-core/v4l2-ioctl.c -@@ -236,7 +236,7 @@ static void v4l_print_format(const void *arg, bool write_only) - const struct v4l2_vbi_format *vbi; - const struct v4l2_sliced_vbi_format *sliced; - const struct v4l2_window *win; -- const struct v4l2_clip *clip; -+ const struct v4l2_clip __user *pclip; - unsigned i; - - pr_cont("type=%s", prt_names(p->type, v4l2_type_names)); -@@ -284,12 +284,16 @@ static void v4l_print_format(const void *arg, bool write_only) - win->w.left, win->w.top, - prt_names(win->field, v4l2_field_names), - win->chromakey, win->bitmap, win->global_alpha); -- clip = win->clips; -+ pclip = win->clips; - for (i = 0; i < win->clipcount; i++) { -+ struct v4l2_clip clip; -+ -+ if (copy_from_user(&clip, pclip, sizeof clip)) -+ break; - printk(KERN_DEBUG "clip %u: wxh=%dx%d, x,y=%d,%d\n", -- i, clip->c.width, clip->c.height, -- clip->c.left, clip->c.top); -- clip = clip->next; -+ i, clip.c.width, clip.c.height, -+ clip.c.left, clip.c.top); -+ pclip = clip.next; - } - break; - case V4L2_BUF_TYPE_VBI_CAPTURE: -@@ -1923,7 +1927,8 @@ struct v4l2_ioctl_info { +@@ -1995,7 +1995,8 @@ struct v4l2_ioctl_info { struct file *file, void *fh, void *p); } u; void (*debug)(const void *arg, bool write_only); @@ -38702,7 +41033,7 @@ index aa6e7c7..cb5de87 100644 /* This control needs a priority check */ #define INFO_FL_PRIO (1 << 0) -@@ -2108,7 +2113,7 @@ static long __video_do_ioctl(struct file *file, +@@ -2177,7 +2178,7 @@ static long __video_do_ioctl(struct file *file, struct video_device *vfd = video_devdata(file); const struct v4l2_ioctl_ops *ops = vfd->ioctl_ops; bool write_only = false; @@ -38711,7 +41042,7 @@ index aa6e7c7..cb5de87 100644 const struct v4l2_ioctl_info *info; void *fh = file->private_data; struct v4l2_fh *vfh = NULL; -@@ -2193,7 +2198,7 @@ done: +@@ -2251,7 +2252,7 @@ done: } static int check_array_args(unsigned int cmd, void *parg, size_t *array_size, @@ -38720,7 +41051,7 @@ index aa6e7c7..cb5de87 100644 { int ret = 0; -@@ -2209,7 +2214,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size, +@@ -2267,7 +2268,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size, ret = -EINVAL; break; } @@ -38729,7 +41060,7 @@ index aa6e7c7..cb5de87 100644 *kernel_ptr = (void *)&buf->m.planes; *array_size = sizeof(struct v4l2_plane) * buf->length; ret = 1; -@@ -2244,7 +2249,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size, +@@ -2302,7 +2303,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size, ret = -EINVAL; break; } @@ -38739,7 +41070,7 @@ index aa6e7c7..cb5de87 100644 *array_size = sizeof(struct v4l2_ext_control) * ctrls->count; diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c -index fb69baa..3aeea2e 100644 +index 767ff4d..c69d259 100644 --- a/drivers/message/fusion/mptbase.c +++ b/drivers/message/fusion/mptbase.c @@ -6755,8 +6755,13 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v) @@ -38769,7 +41100,7 @@ index fb69baa..3aeea2e 100644 seq_printf(m, " {CurRepSz=%d} x {CurRepDepth=%d} = %d bytes ^= 0x%x\n", ioc->reply_sz, ioc->reply_depth, ioc->reply_sz*ioc->reply_depth, sz); diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c -index fa43c39..daeb158 100644 +index dd239bd..689c4f7 100644 --- a/drivers/message/fusion/mptsas.c +++ b/drivers/message/fusion/mptsas.c @@ -446,6 +446,23 @@ mptsas_is_end_device(struct mptsas_devinfo * attached) @@ -38821,7 +41152,7 @@ index fa43c39..daeb158 100644 mptsas_get_port(struct mptsas_phyinfo *phy_info) { diff --git a/drivers/message/fusion/mptscsih.c b/drivers/message/fusion/mptscsih.c -index 164afa7..b6b2e74 100644 +index 727819c..ad74694 100644 --- a/drivers/message/fusion/mptscsih.c +++ b/drivers/message/fusion/mptscsih.c @@ -1271,15 +1271,16 @@ mptscsih_info(struct Scsi_Host *SChost) @@ -38850,7 +41181,7 @@ index 164afa7..b6b2e74 100644 return h->info_kbuf; } diff --git a/drivers/message/i2o/i2o_proc.c b/drivers/message/i2o/i2o_proc.c -index 8001aa6..b137580 100644 +index b7d87cd..9890039 100644 --- a/drivers/message/i2o/i2o_proc.c +++ b/drivers/message/i2o/i2o_proc.c @@ -255,12 +255,6 @@ static char *scsi_devices[] = { @@ -39107,7 +41438,7 @@ index 36f5d52..32311c3 100644 if (memcmp(before, after, BREAK_INSTR_SIZE)) { printk(KERN_CRIT "kgdbts: ERROR kgdb corrupted memory\n"); diff --git a/drivers/misc/lis3lv02d/lis3lv02d.c b/drivers/misc/lis3lv02d/lis3lv02d.c -index 4a87e5c..76bdf5c 100644 +index 4cd4a3d..b48cbc7 100644 --- a/drivers/misc/lis3lv02d/lis3lv02d.c +++ b/drivers/misc/lis3lv02d/lis3lv02d.c @@ -498,7 +498,7 @@ static irqreturn_t lis302dl_interrupt(int irq, void *data) @@ -39128,7 +41459,7 @@ index 4a87e5c..76bdf5c 100644 return 0; } -@@ -617,7 +617,7 @@ static ssize_t lis3lv02d_misc_read(struct file *file, char __user *buf, +@@ -616,7 +616,7 @@ static ssize_t lis3lv02d_misc_read(struct file *file, char __user *buf, add_wait_queue(&lis3->misc_wait, &wait); while (true) { set_current_state(TASK_INTERRUPTIBLE); @@ -39137,7 +41468,7 @@ index 4a87e5c..76bdf5c 100644 if (data) break; -@@ -658,7 +658,7 @@ static unsigned int lis3lv02d_misc_poll(struct file *file, poll_table *wait) +@@ -657,7 +657,7 @@ static unsigned int lis3lv02d_misc_poll(struct file *file, poll_table *wait) struct lis3lv02d, miscdev); poll_wait(file, &lis3->misc_wait, wait); @@ -39175,7 +41506,7 @@ index 2f30bad..c4c13d0 100644 mcs_op_statistics[op].max = nsec; } diff --git a/drivers/misc/sgi-gru/gruprocfs.c b/drivers/misc/sgi-gru/gruprocfs.c -index 950dbe9..eeef0f8 100644 +index 797d796..ae8f01e 100644 --- a/drivers/misc/sgi-gru/gruprocfs.c +++ b/drivers/misc/sgi-gru/gruprocfs.c @@ -32,9 +32,9 @@ @@ -39452,21 +41783,21 @@ index 49f04bc..65660c2 100644 /* * dma onto stack is unsafe/nonportable, but callers to this diff --git a/drivers/mmc/host/dw_mmc.h b/drivers/mmc/host/dw_mmc.h -index 53b8fd9..615b462 100644 +index 0b74189..818358f 100644 --- a/drivers/mmc/host/dw_mmc.h +++ b/drivers/mmc/host/dw_mmc.h -@@ -205,5 +205,5 @@ struct dw_mci_drv_data { +@@ -202,5 +202,5 @@ struct dw_mci_drv_data { + void (*prepare_command)(struct dw_mci *host, u32 *cmdr); + void (*set_ios)(struct dw_mci *host, struct mmc_ios *ios); int (*parse_dt)(struct dw_mci *host); - int (*setup_bus)(struct dw_mci *host, - struct device_node *slot_np, u8 bus_width); -}; +} __do_const; #endif /* _DW_MMC_H_ */ diff --git a/drivers/mmc/host/sdhci-s3c.c b/drivers/mmc/host/sdhci-s3c.c -index 7363efe..681558e 100644 +index c6f6246..60760a8 100644 --- a/drivers/mmc/host/sdhci-s3c.c +++ b/drivers/mmc/host/sdhci-s3c.c -@@ -720,9 +720,11 @@ static int sdhci_s3c_probe(struct platform_device *pdev) +@@ -664,9 +664,11 @@ static int sdhci_s3c_probe(struct platform_device *pdev) * we can use overriding functions instead of default. */ if (host->quirks & SDHCI_QUIRK_NONSTANDARD_CLOCK) { @@ -39481,19 +41812,6 @@ index 7363efe..681558e 100644 } /* It supports additional host capabilities if needed */ -diff --git a/drivers/mtd/devices/doc2000.c b/drivers/mtd/devices/doc2000.c -index a4eb8b5..8c0628f 100644 ---- a/drivers/mtd/devices/doc2000.c -+++ b/drivers/mtd/devices/doc2000.c -@@ -753,7 +753,7 @@ static int doc_write(struct mtd_info *mtd, loff_t to, size_t len, - - /* The ECC will not be calculated correctly if less than 512 is written */ - /* DBB- -- if (len != 0x200 && eccbuf) -+ if (len != 0x200) - printk(KERN_WARNING - "ECC needs a full sector write (adr: %lx size %lx)\n", - (long) to, (long) len); diff --git a/drivers/mtd/nand/denali.c b/drivers/mtd/nand/denali.c index 0c8bb6b..6f35deb 100644 --- a/drivers/mtd/nand/denali.c @@ -39519,7 +41837,7 @@ index 51b9d6a..52af9a7 100644 #include #include diff --git a/drivers/mtd/sm_ftl.c b/drivers/mtd/sm_ftl.c -index 8dd6ba5..419cc1d 100644 +index f9d5615..99dd95f 100644 --- a/drivers/mtd/sm_ftl.c +++ b/drivers/mtd/sm_ftl.c @@ -56,7 +56,7 @@ ssize_t sm_attr_show(struct device *dev, struct device_attribute *attr, @@ -39532,10 +41850,10 @@ index 8dd6ba5..419cc1d 100644 struct sm_sysfs_attribute *vendor_attribute; diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c -index dbbea0e..3f4a0b1 100644 +index f975696..4597e21 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c -@@ -4822,7 +4822,7 @@ static unsigned int bond_get_num_tx_queues(void) +@@ -4870,7 +4870,7 @@ static unsigned int bond_get_num_tx_queues(void) return tx_queues; } @@ -39544,7 +41862,7 @@ index dbbea0e..3f4a0b1 100644 .kind = "bond", .priv_size = sizeof(struct bonding), .setup = bond_setup, -@@ -4947,8 +4947,8 @@ static void __exit bonding_exit(void) +@@ -4995,8 +4995,8 @@ static void __exit bonding_exit(void) bond_destroy_debugfs(); @@ -39572,10 +41890,10 @@ index e1d2643..7f4133b 100644 if (!request_mem_region(mem->start, mem_size, pdev->name)) { diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h -index aee7671..3ca2651 100644 +index 151675d..0139a9d 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h -@@ -1093,7 +1093,7 @@ static inline u8 bnx2x_get_path_func_num(struct bnx2x *bp) +@@ -1112,7 +1112,7 @@ static inline u8 bnx2x_get_path_func_num(struct bnx2x *bp) static inline void bnx2x_init_bp_objs(struct bnx2x *bp) { /* RX_MODE controlling object */ @@ -39584,11 +41902,47 @@ index aee7671..3ca2651 100644 /* multicast configuration controlling object */ bnx2x_init_mcast_obj(bp, &bp->mcast_obj, bp->fp->cl_id, bp->fp->cid, +diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c +index ce1a916..10b52b0 100644 +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c +@@ -960,6 +960,9 @@ static int bnx2x_set_dump(struct net_device *dev, struct ethtool_dump *val) + struct bnx2x *bp = netdev_priv(dev); + + /* Use the ethtool_dump "flag" field as the dump preset index */ ++ if (val->flag < 1 || val->flag > DUMP_MAX_PRESETS) ++ return -EINVAL; ++ + bp->dump_preset_idx = val->flag; + return 0; + } +@@ -986,8 +989,6 @@ static int bnx2x_get_dump_data(struct net_device *dev, + struct bnx2x *bp = netdev_priv(dev); + struct dump_header dump_hdr = {0}; + +- memset(p, 0, dump->len); +- + /* Disable parity attentions as long as following dump may + * cause false alarms by reading never written registers. We + * will re-enable parity attentions right after the dump. +diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c +index b4c9dea..2a9927f 100644 +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c +@@ -11497,6 +11497,8 @@ static int bnx2x_init_bp(struct bnx2x *bp) + bp->min_msix_vec_cnt = 2; + BNX2X_DEV_INFO("bp->min_msix_vec_cnt %d", bp->min_msix_vec_cnt); + ++ bp->dump_preset_idx = 1; ++ + return rc; + } + diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c -index 7306416..5fb7fb5 100644 +index 32a9609..0b1c53a 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c -@@ -2381,15 +2381,14 @@ int bnx2x_config_rx_mode(struct bnx2x *bp, +@@ -2387,15 +2387,14 @@ int bnx2x_config_rx_mode(struct bnx2x *bp, return rc; } @@ -39610,10 +41964,10 @@ index 7306416..5fb7fb5 100644 } diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h -index ff90760..08d8aed 100644 +index 43c00bc..dd1d03d 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h -@@ -1306,8 +1306,7 @@ int bnx2x_vlan_mac_move(struct bnx2x *bp, +@@ -1321,8 +1321,7 @@ int bnx2x_vlan_mac_move(struct bnx2x *bp, /********************* RX MODE ****************/ @@ -39624,7 +41978,7 @@ index ff90760..08d8aed 100644 /** * bnx2x_config_rx_mode - Send and RX_MODE ramrod according to the provided parameters. diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h -index 25309bf..fcfd54c 100644 +index ff6e30e..87e8452 100644 --- a/drivers/net/ethernet/broadcom/tg3.h +++ b/drivers/net/ethernet/broadcom/tg3.h @@ -147,6 +147,7 @@ @@ -39635,6 +41989,20 @@ index 25309bf..fcfd54c 100644 #define CHIPREV_ID_5750_C2 0x4202 #define CHIPREV_ID_5752_A0_HW 0x5000 #define CHIPREV_ID_5752_A0 0x6000 +diff --git a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c +index 71497e8..b650951 100644 +--- a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c ++++ b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c +@@ -3037,7 +3037,9 @@ static void t3_io_resume(struct pci_dev *pdev) + CH_ALERT(adapter, "adapter recovering, PEX ERR 0x%x\n", + t3_read_reg(adapter, A_PCIE_PEX_ERR)); + ++ rtnl_lock(); + t3_resume_ports(adapter); ++ rtnl_unlock(); + } + + static const struct pci_error_handlers t3_err_handler = { diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h index 8cffcdf..aadf043 100644 --- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h @@ -39671,10 +42039,10 @@ index 4c83003..2a2a5b9 100644 break; } diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c -index 2886c9b..db71673 100644 +index 6e43426..1bd8365 100644 --- a/drivers/net/ethernet/emulex/benet/be_main.c +++ b/drivers/net/ethernet/emulex/benet/be_main.c -@@ -455,7 +455,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) +@@ -469,7 +469,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) if (wrapped) newacc += 65536; @@ -39682,9 +42050,9 @@ index 2886c9b..db71673 100644 + ACCESS_ONCE_RW(*acc) = newacc; } - void be_parse_stats(struct be_adapter *adapter) + void populate_erx_stats(struct be_adapter *adapter, diff --git a/drivers/net/ethernet/faraday/ftgmac100.c b/drivers/net/ethernet/faraday/ftgmac100.c -index 7c361d1..57e3ff1 100644 +index 21b85fb..b49e5fc 100644 --- a/drivers/net/ethernet/faraday/ftgmac100.c +++ b/drivers/net/ethernet/faraday/ftgmac100.c @@ -31,6 +31,8 @@ @@ -39697,7 +42065,7 @@ index 7c361d1..57e3ff1 100644 #include "ftgmac100.h" diff --git a/drivers/net/ethernet/faraday/ftmac100.c b/drivers/net/ethernet/faraday/ftmac100.c -index b5ea8fb..bd25e9a 100644 +index a6eda8d..935d273 100644 --- a/drivers/net/ethernet/faraday/ftmac100.c +++ b/drivers/net/ethernet/faraday/ftmac100.c @@ -31,6 +31,8 @@ @@ -39748,11 +42116,11 @@ index fbe5363..266b4e3 100644 __vxge_hw_mempool_create(vpath->hldev, fifo->config->memblock_size, diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c -index 5c033f2..7bbb0d8 100644 +index 5e7fb1d..f8d1810 100644 --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c +++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c -@@ -1894,7 +1894,9 @@ int qlcnic_83xx_config_default_opmode(struct qlcnic_adapter *adapter) - op_mode = QLCRDX(ahw, QLC_83XX_DRV_OP_MODE); +@@ -1948,7 +1948,9 @@ int qlcnic_83xx_config_default_opmode(struct qlcnic_adapter *adapter) + op_mode = QLC_83XX_DEFAULT_OPMODE; if (op_mode == QLC_83XX_DEFAULT_OPMODE) { - adapter->nic_ops->init_driver = qlcnic_83xx_init_default_driver; @@ -39791,11 +42159,54 @@ index b0c3de9..fc5857e 100644 } else { return -EIO; } +diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ctx.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ctx.c +index 6acf82b..14b097e 100644 +--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ctx.c ++++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ctx.c +@@ -206,10 +206,10 @@ int qlcnic_fw_cmd_set_drv_version(struct qlcnic_adapter *adapter) + if (err) { + dev_info(&adapter->pdev->dev, + "Failed to set driver version in firmware\n"); +- return -EIO; ++ err = -EIO; + } +- +- return 0; ++ qlcnic_free_mbx_args(&cmd); ++ return err; + } + + int +diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c +index d3f8797..82a03d3 100644 +--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c ++++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c +@@ -262,7 +262,7 @@ void qlcnic_82xx_change_filter(struct qlcnic_adapter *adapter, u64 *uaddr, + + mac_req = (struct qlcnic_mac_req *)&(req->words[0]); + mac_req->op = vlan_id ? QLCNIC_MAC_VLAN_ADD : QLCNIC_MAC_ADD; +- memcpy(mac_req->mac_addr, &uaddr, ETH_ALEN); ++ memcpy(mac_req->mac_addr, uaddr, ETH_ALEN); + + vlan_req = (struct qlcnic_vlan_req *)&req->words[1]; + vlan_req->vlan_id = cpu_to_le16(vlan_id); +diff --git a/drivers/net/ethernet/realtek/8139cp.c b/drivers/net/ethernet/realtek/8139cp.c +index 887aebe..9095ff9 100644 +--- a/drivers/net/ethernet/realtek/8139cp.c ++++ b/drivers/net/ethernet/realtek/8139cp.c +@@ -524,6 +524,7 @@ rx_status_loop: + PCI_DMA_FROMDEVICE); + if (dma_mapping_error(&cp->pdev->dev, new_mapping)) { + dev->stats.rx_dropped++; ++ kfree_skb(new_skb); + goto rx_next; + } + diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index 15ba8c4..3f56838 100644 +index 393f961..d343034 100644 --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c -@@ -740,22 +740,22 @@ struct rtl8169_private { +@@ -753,22 +753,22 @@ struct rtl8169_private { struct mdio_ops { void (*write)(struct rtl8169_private *, int, int); int (*read)(struct rtl8169_private *, int); @@ -39823,10 +42234,10 @@ index 15ba8c4..3f56838 100644 int (*set_speed)(struct net_device *, u8 aneg, u16 sp, u8 dpx, u32 adv); int (*get_settings)(struct net_device *, struct ethtool_cmd *); diff --git a/drivers/net/ethernet/sfc/ptp.c b/drivers/net/ethernet/sfc/ptp.c -index 3f93624..cf01144 100644 +index 9a95abf..36df7f9 100644 --- a/drivers/net/ethernet/sfc/ptp.c +++ b/drivers/net/ethernet/sfc/ptp.c -@@ -553,7 +553,7 @@ static int efx_ptp_synchronize(struct efx_nic *efx, unsigned int num_readings) +@@ -535,7 +535,7 @@ static int efx_ptp_synchronize(struct efx_nic *efx, unsigned int num_readings) (u32)((u64)ptp->start.dma_addr >> 32)); /* Clear flag that signals MC ready */ @@ -39886,10 +42297,10 @@ index 0775f0a..d4fb316 100644 /* Ignore return since this msg is optional. */ rndis_filter_send_request(dev, request); diff --git a/drivers/net/ieee802154/fakehard.c b/drivers/net/ieee802154/fakehard.c -index 8f1c256..a2991d1 100644 +index bf0d55e..82bcfbd1 100644 --- a/drivers/net/ieee802154/fakehard.c +++ b/drivers/net/ieee802154/fakehard.c -@@ -385,7 +385,7 @@ static int ieee802154fake_probe(struct platform_device *pdev) +@@ -364,7 +364,7 @@ static int ieee802154fake_probe(struct platform_device *pdev) phy->transmit_power = 0xbf; dev->netdev_ops = &fake_ops; @@ -39899,10 +42310,10 @@ index 8f1c256..a2991d1 100644 priv = netdev_priv(dev); priv->phy = phy; diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c -index 011062e..ada88e9 100644 +index 6e91931..2b0ebe7 100644 --- a/drivers/net/macvlan.c +++ b/drivers/net/macvlan.c -@@ -892,13 +892,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { +@@ -905,13 +905,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { int macvlan_link_register(struct rtnl_link_ops *ops) { /* common fields */ @@ -39925,7 +42336,7 @@ index 011062e..ada88e9 100644 return rtnl_link_register(ops); }; -@@ -954,7 +956,7 @@ static int macvlan_device_event(struct notifier_block *unused, +@@ -967,7 +969,7 @@ static int macvlan_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -39935,10 +42346,10 @@ index 011062e..ada88e9 100644 }; diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c -index a449439..1e468fe 100644 +index 523d6b2..5e16aa1 100644 --- a/drivers/net/macvtap.c +++ b/drivers/net/macvtap.c -@@ -1090,7 +1090,7 @@ static int macvtap_device_event(struct notifier_block *unused, +@@ -1110,7 +1110,7 @@ static int macvtap_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -39995,10 +42406,10 @@ index 1252d9c..80e660b 100644 /* We've got a compressed packet; read the change byte */ diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c -index bf34192..fba3500 100644 +index b305105..8ead6df 100644 --- a/drivers/net/team/team.c +++ b/drivers/net/team/team.c -@@ -2668,7 +2668,7 @@ static int team_device_event(struct notifier_block *unused, +@@ -2682,7 +2682,7 @@ static int team_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -40008,10 +42419,32 @@ index bf34192..fba3500 100644 }; diff --git a/drivers/net/tun.c b/drivers/net/tun.c -index 755fa9e..631fdce 100644 +index 2491eb2..1a453eb 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c -@@ -1841,7 +1841,7 @@ unlock: +@@ -1076,8 +1076,9 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile, + u32 rxhash; + + if (!(tun->flags & TUN_NO_PI)) { +- if ((len -= sizeof(pi)) > total_len) ++ if (len < sizeof(pi)) + return -EINVAL; ++ len -= sizeof(pi); + + if (memcpy_fromiovecend((void *)&pi, iv, 0, sizeof(pi))) + return -EFAULT; +@@ -1085,8 +1086,9 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile, + } + + if (tun->flags & TUN_VNET_HDR) { +- if ((len -= tun->vnet_hdr_sz) > total_len) ++ if (len < tun->vnet_hdr_sz) + return -EINVAL; ++ len -= tun->vnet_hdr_sz; + + if (memcpy_fromiovecend((void *)&gso, iv, offset, sizeof(gso))) + return -EFAULT; +@@ -1869,7 +1871,7 @@ unlock: } static long __tun_chr_ioctl(struct file *file, unsigned int cmd, @@ -40020,7 +42453,7 @@ index 755fa9e..631fdce 100644 { struct tun_file *tfile = file->private_data; struct tun_struct *tun; -@@ -1853,6 +1853,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, +@@ -1881,6 +1883,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, int vnet_hdr_sz; int ret; @@ -40031,7 +42464,7 @@ index 755fa9e..631fdce 100644 if (copy_from_user(&ifr, argp, ifreq_len)) return -EFAULT; diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c -index e2dd324..be92fcf 100644 +index cba1d46..f703766 100644 --- a/drivers/net/usb/hso.c +++ b/drivers/net/usb/hso.c @@ -71,7 +71,7 @@ @@ -40112,7 +42545,7 @@ index e2dd324..be92fcf 100644 /* Setup and send a ctrl req read on * port i */ if (!serial->rx_urb_filled[0]) { -@@ -3066,7 +3065,7 @@ static int hso_resume(struct usb_interface *iface) +@@ -3057,7 +3056,7 @@ static int hso_resume(struct usb_interface *iface) /* Start all serial ports */ for (i = 0; i < HSO_SERIAL_TTY_MINORS; i++) { if (serial_table[i] && (serial_table[i]->interface == iface)) { @@ -40122,10 +42555,10 @@ index e2dd324..be92fcf 100644 hso_start_serial_device(serial_table[i], GFP_NOIO); hso_kick_transmit(dev2ser(serial_table[i])); diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c -index 7cee7a3..1eb9f3b 100644 +index 57325f3..36b181f 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c -@@ -1443,7 +1443,7 @@ nla_put_failure: +@@ -1579,7 +1579,7 @@ nla_put_failure: return -EMSGSIZE; } @@ -40135,7 +42568,7 @@ index 7cee7a3..1eb9f3b 100644 .maxtype = IFLA_VXLAN_MAX, .policy = vxlan_policy, diff --git a/drivers/net/wireless/at76c50x-usb.c b/drivers/net/wireless/at76c50x-usb.c -index 5ac5f7a..5f82012 100644 +index 34c8a33..3261fdc 100644 --- a/drivers/net/wireless/at76c50x-usb.c +++ b/drivers/net/wireless/at76c50x-usb.c @@ -353,7 +353,7 @@ static int at76_dfu_get_state(struct usb_device *udev, u8 *state) @@ -40353,10 +42786,10 @@ index 301bf72..3f5654f 100644 static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads) diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h -index 784e81c..349e01e 100644 +index ae30343..a117806 100644 --- a/drivers/net/wireless/ath/ath9k/hw.h +++ b/drivers/net/wireless/ath/ath9k/hw.h -@@ -653,7 +653,7 @@ struct ath_hw_private_ops { +@@ -652,7 +652,7 @@ struct ath_hw_private_ops { /* ANI */ void (*ani_cache_ini_regs)(struct ath_hw *ah); @@ -40365,7 +42798,7 @@ index 784e81c..349e01e 100644 /** * struct ath_spec_scan - parameters for Atheros spectral scan -@@ -722,7 +722,7 @@ struct ath_hw_ops { +@@ -721,7 +721,7 @@ struct ath_hw_ops { struct ath_spec_scan *param); void (*spectral_scan_trigger)(struct ath_hw *ah); void (*spectral_scan_wait)(struct ath_hw *ah); @@ -40375,7 +42808,7 @@ index 784e81c..349e01e 100644 struct ath_nf_limits { s16 max; diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c b/drivers/net/wireless/iwlegacy/3945-mac.c -index c353b5f..62aaca2 100644 +index b37a582..680835d 100644 --- a/drivers/net/wireless/iwlegacy/3945-mac.c +++ b/drivers/net/wireless/iwlegacy/3945-mac.c @@ -3639,7 +3639,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent) @@ -40390,7 +42823,7 @@ index c353b5f..62aaca2 100644 D_INFO("*** LOAD DRIVER ***\n"); diff --git a/drivers/net/wireless/iwlwifi/dvm/debugfs.c b/drivers/net/wireless/iwlwifi/dvm/debugfs.c -index 81d4071..f2071ea 100644 +index d532948..e0d8bb1 100644 --- a/drivers/net/wireless/iwlwifi/dvm/debugfs.c +++ b/drivers/net/wireless/iwlwifi/dvm/debugfs.c @@ -203,7 +203,7 @@ static ssize_t iwl_dbgfs_sram_write(struct file *file, @@ -40429,6 +42862,21 @@ index 81d4071..f2071ea 100644 int value; memset(buf, 0, sizeof(buf)); +@@ -698,10 +698,10 @@ DEBUGFS_READ_FILE_OPS(temperature); + DEBUGFS_READ_WRITE_FILE_OPS(sleep_level_override); + DEBUGFS_READ_FILE_OPS(current_sleep_command); + +-static const char *fmt_value = " %-30s %10u\n"; +-static const char *fmt_hex = " %-30s 0x%02X\n"; +-static const char *fmt_table = " %-30s %10u %10u %10u %10u\n"; +-static const char *fmt_header = ++static const char fmt_value[] = " %-30s %10u\n"; ++static const char fmt_hex[] = " %-30s 0x%02X\n"; ++static const char fmt_table[] = " %-30s %10u %10u %10u %10u\n"; ++static const char fmt_header[] = + "%-32s current cumulative delta max\n"; + + static int iwl_statistics_flag(struct iwl_priv *priv, char *buf, int bufsz) @@ -1871,7 +1871,7 @@ static ssize_t iwl_dbgfs_clear_ucode_statistics_write(struct file *file, { struct iwl_priv *priv = file->private_data; @@ -40492,7 +42940,7 @@ index 81d4071..f2071ea 100644 memset(buf, 0, sizeof(buf)); buf_size = min(count, sizeof(buf) - 1); -@@ -2256,7 +2256,7 @@ static ssize_t iwl_dbgfs_log_event_write(struct file *file, +@@ -2254,7 +2254,7 @@ static ssize_t iwl_dbgfs_log_event_write(struct file *file, struct iwl_priv *priv = file->private_data; u32 event_log_flag; char buf[8]; @@ -40501,7 +42949,7 @@ index 81d4071..f2071ea 100644 /* check that the interface is up */ if (!iwl_is_ready(priv)) -@@ -2310,7 +2310,7 @@ static ssize_t iwl_dbgfs_calib_disabled_write(struct file *file, +@@ -2308,7 +2308,7 @@ static ssize_t iwl_dbgfs_calib_disabled_write(struct file *file, struct iwl_priv *priv = file->private_data; char buf[8]; u32 calib_disabled; @@ -40511,10 +42959,10 @@ index 81d4071..f2071ea 100644 memset(buf, 0, sizeof(buf)); buf_size = min(count, sizeof(buf) - 1); diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c -index 12c4f31..484d948 100644 +index 50ba0a4..29424e7 100644 --- a/drivers/net/wireless/iwlwifi/pcie/trans.c +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c -@@ -1328,7 +1328,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, +@@ -1329,7 +1329,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, struct isr_statistics *isr_stats = &trans_pcie->isr_stats; char buf[8]; @@ -40523,7 +42971,7 @@ index 12c4f31..484d948 100644 u32 reset_flag; memset(buf, 0, sizeof(buf)); -@@ -1349,7 +1349,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, +@@ -1350,7 +1350,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, { struct iwl_trans *trans = file->private_data; char buf[8]; @@ -40533,10 +42981,10 @@ index 12c4f31..484d948 100644 memset(buf, 0, sizeof(buf)); diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c -index 2b49f48..14fc244 100644 +index cb34c78..9fec0dc 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c -@@ -2143,25 +2143,19 @@ static int __init init_mac80211_hwsim(void) +@@ -2195,25 +2195,19 @@ static int __init init_mac80211_hwsim(void) if (channels > 1) { hwsim_if_comb.num_different_channels = channels; @@ -40576,7 +43024,7 @@ index 2b49f48..14fc244 100644 spin_lock_init(&hwsim_radio_lock); diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c -index 525fd75..6c9f791 100644 +index 8169a85..7fa3b47 100644 --- a/drivers/net/wireless/rndis_wlan.c +++ b/drivers/net/wireless/rndis_wlan.c @@ -1238,7 +1238,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold) @@ -40589,10 +43037,10 @@ index 525fd75..6c9f791 100644 tmp = cpu_to_le32(rts_threshold); diff --git a/drivers/net/wireless/rt2x00/rt2x00.h b/drivers/net/wireless/rt2x00/rt2x00.h -index 086abb4..8279c30 100644 +index 7510723..5ba37f5 100644 --- a/drivers/net/wireless/rt2x00/rt2x00.h +++ b/drivers/net/wireless/rt2x00/rt2x00.h -@@ -396,7 +396,7 @@ struct rt2x00_intf { +@@ -386,7 +386,7 @@ struct rt2x00_intf { * for hardware which doesn't support hardware * sequence counting. */ @@ -40602,10 +43050,10 @@ index 086abb4..8279c30 100644 static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif) diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c -index 4d91795..62fccff 100644 +index d955741..8730748 100644 --- a/drivers/net/wireless/rt2x00/rt2x00queue.c +++ b/drivers/net/wireless/rt2x00/rt2x00queue.c -@@ -251,9 +251,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev, +@@ -252,9 +252,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev, * sequence counter given by mac80211. */ if (test_bit(ENTRY_TXD_FIRST_FRAGMENT, &txdesc->flags)) @@ -40618,10 +43066,10 @@ index 4d91795..62fccff 100644 hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG); hdr->seq_ctrl |= cpu_to_le16(seqno); diff --git a/drivers/net/wireless/ti/wl1251/sdio.c b/drivers/net/wireless/ti/wl1251/sdio.c -index e57ee48..541cf6c 100644 +index e2b3d9c..67a5184 100644 --- a/drivers/net/wireless/ti/wl1251/sdio.c +++ b/drivers/net/wireless/ti/wl1251/sdio.c -@@ -269,13 +269,17 @@ static int wl1251_sdio_probe(struct sdio_func *func, +@@ -271,13 +271,17 @@ static int wl1251_sdio_probe(struct sdio_func *func, irq_set_irq_type(wl->irq, IRQ_TYPE_EDGE_RISING); @@ -40644,7 +43092,7 @@ index e57ee48..541cf6c 100644 wl1251_info("using SDIO interrupt"); } diff --git a/drivers/net/wireless/ti/wl12xx/main.c b/drivers/net/wireless/ti/wl12xx/main.c -index 09694e3..24ccec7 100644 +index 1c627da..69f7d17 100644 --- a/drivers/net/wireless/ti/wl12xx/main.c +++ b/drivers/net/wireless/ti/wl12xx/main.c @@ -656,7 +656,9 @@ static int wl12xx_identify_chip(struct wl1271 *wl) @@ -40670,10 +43118,10 @@ index 09694e3..24ccec7 100644 wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER, WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER, diff --git a/drivers/net/wireless/ti/wl18xx/main.c b/drivers/net/wireless/ti/wl18xx/main.c -index da3ef1b..4790b95 100644 +index 9fa692d..b31fee0 100644 --- a/drivers/net/wireless/ti/wl18xx/main.c +++ b/drivers/net/wireless/ti/wl18xx/main.c -@@ -1664,8 +1664,10 @@ static int wl18xx_setup(struct wl1271 *wl) +@@ -1687,8 +1687,10 @@ static int wl18xx_setup(struct wl1271 *wl) } if (!checksum_param) { @@ -40846,7 +43294,7 @@ index 93404f7..4a313d8 100644 }; diff --git a/drivers/parport/procfs.c b/drivers/parport/procfs.c -index 3f56bc0..707d642 100644 +index 92ed045..62d39bd7 100644 --- a/drivers/parport/procfs.c +++ b/drivers/parport/procfs.c @@ -64,7 +64,7 @@ static int do_active_device(ctl_table *table, int write, @@ -40977,10 +43425,10 @@ index 76ba8a1..20ca857 100644 /* initialize our int15 lock */ diff --git a/drivers/pci/hotplug/pci_hotplug_core.c b/drivers/pci/hotplug/pci_hotplug_core.c -index 202f4a9..8ee47d0 100644 +index ec20f74..c1d961e 100644 --- a/drivers/pci/hotplug/pci_hotplug_core.c +++ b/drivers/pci/hotplug/pci_hotplug_core.c -@@ -448,8 +448,10 @@ int __pci_hp_register(struct hotplug_slot *slot, struct pci_bus *bus, +@@ -441,8 +441,10 @@ int __pci_hp_register(struct hotplug_slot *slot, struct pci_bus *bus, return -EINVAL; } @@ -41007,7 +43455,7 @@ index 7d72c5e..edce02c 100644 int retval = -ENOMEM; diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c -index 9c6e9bb..2916736 100644 +index 5b4a9d9..cd5ac1f 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -1071,7 +1071,7 @@ static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine) @@ -41038,10 +43486,10 @@ index 9c6e9bb..2916736 100644 if (!sysfs_initialized) return -EACCES; diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h -index 7346ee6..41520eb 100644 +index d1182c4..2a138ec 100644 --- a/drivers/pci/pci.h +++ b/drivers/pci/pci.h -@@ -93,7 +93,7 @@ struct pci_vpd_ops { +@@ -92,7 +92,7 @@ struct pci_vpd_ops { struct pci_vpd { unsigned int len; const struct pci_vpd_ops *ops; @@ -41049,7 +43497,7 @@ index 7346ee6..41520eb 100644 + bin_attribute_no_const *attr; /* descriptor for sysfs VPD entry */ }; - extern int pci_vpd_pci22_init(struct pci_dev *dev); + int pci_vpd_pci22_init(struct pci_dev *dev); diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c index d320df6..ca9a8f6 100644 --- a/drivers/pci/pcie/aspm.c @@ -41068,7 +43516,7 @@ index d320df6..ca9a8f6 100644 #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c -index 5427787..8df273b 100644 +index ea37072..10e58e56 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -173,7 +173,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, @@ -41081,10 +43529,10 @@ index 5427787..8df273b 100644 /* No printks while decoding is disabled! */ if (!dev->mmio_always_on) { diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c -index 0b00947..64f7c0a 100644 +index 0812608..b04018c4 100644 --- a/drivers/pci/proc.c +++ b/drivers/pci/proc.c -@@ -465,7 +465,16 @@ static const struct file_operations proc_bus_pci_dev_operations = { +@@ -453,7 +453,16 @@ static const struct file_operations proc_bus_pci_dev_operations = { static int __init pci_proc_init(void) { struct pci_dev *dev = NULL; @@ -41140,10 +43588,10 @@ index 6b22938..bc9700e 100644 /* disable hardware control by fn key */ diff --git a/drivers/platform/x86/sony-laptop.c b/drivers/platform/x86/sony-laptop.c -index 14d4dce..b129917 100644 +index 2ac045f..39c443d 100644 --- a/drivers/platform/x86/sony-laptop.c +++ b/drivers/platform/x86/sony-laptop.c -@@ -2465,7 +2465,7 @@ static void sony_nc_gfx_switch_cleanup(struct platform_device *pd) +@@ -2483,7 +2483,7 @@ static void sony_nc_gfx_switch_cleanup(struct platform_device *pd) } /* High speed charging function */ @@ -41153,7 +43601,7 @@ index 14d4dce..b129917 100644 static ssize_t sony_nc_highspeed_charging_store(struct device *dev, struct device_attribute *attr, diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c -index edec135..59a24a3 100644 +index 54d31c0..3f896d3 100644 --- a/drivers/platform/x86/thinkpad_acpi.c +++ b/drivers/platform/x86/thinkpad_acpi.c @@ -2093,7 +2093,7 @@ static int hotkey_mask_get(void) @@ -41367,12 +43815,12 @@ index 3e6db1c..1fbbdae 100644 /* check if the resource is reserved */ diff --git a/drivers/power/pda_power.c b/drivers/power/pda_power.c -index 7df7c5f..bd48c47 100644 +index 0c52e2a..3421ab7 100644 --- a/drivers/power/pda_power.c +++ b/drivers/power/pda_power.c @@ -37,7 +37,11 @@ static int polling; - #ifdef CONFIG_USB_OTG_UTILS + #if IS_ENABLED(CONFIG_USB_PHY) static struct usb_phy *transceiver; -static struct notifier_block otg_nb; +static int otg_handle_notification(struct notifier_block *nb, @@ -41385,7 +43833,7 @@ index 7df7c5f..bd48c47 100644 static struct regulator *ac_draw; @@ -369,7 +373,6 @@ static int pda_power_probe(struct platform_device *pdev) - #ifdef CONFIG_USB_OTG_UTILS + #if IS_ENABLED(CONFIG_USB_PHY) if (!IS_ERR_OR_NULL(transceiver) && pdata->use_otg_notifier) { - otg_nb.notifier_call = otg_handle_notification; ret = usb_register_notifier(transceiver, &otg_nb); @@ -41411,7 +43859,7 @@ index cc439fd..8fa30df 100644 #endif /* CONFIG_SYSFS */ diff --git a/drivers/power/power_supply_core.c b/drivers/power/power_supply_core.c -index 5deac43..608c5ff 100644 +index 1c517c3..ffa2f17 100644 --- a/drivers/power/power_supply_core.c +++ b/drivers/power/power_supply_core.c @@ -24,7 +24,10 @@ @@ -41424,9 +43872,9 @@ index 5deac43..608c5ff 100644 + .groups = power_supply_attr_groups, +}; - static int __power_supply_changed_work(struct device *dev, void *data) - { -@@ -393,7 +396,7 @@ static int __init power_supply_class_init(void) + static bool __power_supply_is_supplied_by(struct power_supply *supplier, + struct power_supply *supply) +@@ -554,7 +557,7 @@ static int __init power_supply_class_init(void) return PTR_ERR(power_supply_class); power_supply_class->dev_uevent = power_supply_uevent; @@ -41460,7 +43908,7 @@ index 29178f7..c65f324 100644 __power_supply_attrs[i] = &power_supply_attrs[i].attr; } diff --git a/drivers/regulator/max8660.c b/drivers/regulator/max8660.c -index 4d7c635..9860196 100644 +index d428ef9..fdc0357 100644 --- a/drivers/regulator/max8660.c +++ b/drivers/regulator/max8660.c @@ -333,8 +333,10 @@ static int max8660_probe(struct i2c_client *client, @@ -41477,7 +43925,7 @@ index 4d7c635..9860196 100644 /* diff --git a/drivers/regulator/max8973-regulator.c b/drivers/regulator/max8973-regulator.c -index 9a8ea91..c483dd9 100644 +index adb1414..c13e0ce 100644 --- a/drivers/regulator/max8973-regulator.c +++ b/drivers/regulator/max8973-regulator.c @@ -401,9 +401,11 @@ static int max8973_probe(struct i2c_client *client, @@ -41496,10 +43944,10 @@ index 9a8ea91..c483dd9 100644 max->enable_external_control = pdata->enable_ext_control; diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c -index 9891aec..beb3083 100644 +index b716283..3cc4349 100644 --- a/drivers/regulator/mc13892-regulator.c +++ b/drivers/regulator/mc13892-regulator.c -@@ -583,10 +583,12 @@ static int mc13892_regulator_probe(struct platform_device *pdev) +@@ -582,10 +582,12 @@ static int mc13892_regulator_probe(struct platform_device *pdev) } mc13xxx_unlock(mc13892); @@ -41513,9 +43961,9 @@ index 9891aec..beb3083 100644 + pax_close_kernel(); mc13xxx_data = mc13xxx_parse_regulators_dt(pdev, mc13892_regulators, - ARRAY_SIZE(mc13892_regulators), + ARRAY_SIZE(mc13892_regulators)); diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c -index cc5bea9..689f7d9 100644 +index f1cb706..4c7832a 100644 --- a/drivers/rtc/rtc-cmos.c +++ b/drivers/rtc/rtc-cmos.c @@ -724,7 +724,9 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq) @@ -41551,10 +43999,10 @@ index d049393..bb20be0 100644 case RTC_PIE_ON: diff --git a/drivers/rtc/rtc-ds1307.c b/drivers/rtc/rtc-ds1307.c -index 970a236..3613169 100644 +index b53992a..776df84 100644 --- a/drivers/rtc/rtc-ds1307.c +++ b/drivers/rtc/rtc-ds1307.c -@@ -106,7 +106,7 @@ struct ds1307 { +@@ -107,7 +107,7 @@ struct ds1307 { u8 offset; /* register's offset */ u8 regs[11]; u16 nvram_offset; @@ -41776,7 +44224,7 @@ index 9816479..c5d4e97 100644 /* queue and queue Info */ struct list_head reqQ; diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c -index c772d8d..35c362c 100644 +index 8b928c6..9c76300 100644 --- a/drivers/scsi/libfc/fc_exch.c +++ b/drivers/scsi/libfc/fc_exch.c @@ -100,12 +100,12 @@ struct fc_exch_mgr { @@ -41798,7 +44246,7 @@ index c772d8d..35c362c 100644 } stats; }; -@@ -725,7 +725,7 @@ static struct fc_exch *fc_exch_em_alloc(struct fc_lport *lport, +@@ -736,7 +736,7 @@ static struct fc_exch *fc_exch_em_alloc(struct fc_lport *lport, /* allocate memory for exchange */ ep = mempool_alloc(mp->ep_pool, GFP_ATOMIC); if (!ep) { @@ -41807,7 +44255,7 @@ index c772d8d..35c362c 100644 goto out; } memset(ep, 0, sizeof(*ep)); -@@ -786,7 +786,7 @@ out: +@@ -797,7 +797,7 @@ out: return ep; err: spin_unlock_bh(&pool->lock); @@ -41816,7 +44264,7 @@ index c772d8d..35c362c 100644 mempool_free(ep, mp->ep_pool); return NULL; } -@@ -929,7 +929,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport, +@@ -940,7 +940,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport, xid = ntohs(fh->fh_ox_id); /* we originated exch */ ep = fc_exch_find(mp, xid); if (!ep) { @@ -41825,7 +44273,7 @@ index c772d8d..35c362c 100644 reject = FC_RJT_OX_ID; goto out; } -@@ -959,7 +959,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport, +@@ -970,7 +970,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport, ep = fc_exch_find(mp, xid); if ((f_ctl & FC_FC_FIRST_SEQ) && fc_sof_is_init(fr_sof(fp))) { if (ep) { @@ -41834,7 +44282,7 @@ index c772d8d..35c362c 100644 reject = FC_RJT_RX_ID; goto rel; } -@@ -970,7 +970,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport, +@@ -981,7 +981,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport, } xid = ep->xid; /* get our XID */ } else if (!ep) { @@ -41843,7 +44291,7 @@ index c772d8d..35c362c 100644 reject = FC_RJT_RX_ID; /* XID not found */ goto out; } -@@ -987,7 +987,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport, +@@ -998,7 +998,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport, } else { sp = &ep->seq; if (sp->id != fh->fh_seq_id) { @@ -41852,7 +44300,7 @@ index c772d8d..35c362c 100644 if (f_ctl & FC_FC_END_SEQ) { /* * Update sequence_id based on incoming last -@@ -1437,22 +1437,22 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp) +@@ -1448,22 +1448,22 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp) ep = fc_exch_find(mp, ntohs(fh->fh_ox_id)); if (!ep) { @@ -41879,7 +44327,7 @@ index c772d8d..35c362c 100644 goto rel; } sof = fr_sof(fp); -@@ -1461,7 +1461,7 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp) +@@ -1472,7 +1472,7 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp) sp->ssb_stat |= SSB_ST_RESP; sp->id = fh->fh_seq_id; } else if (sp->id != fh->fh_seq_id) { @@ -41888,7 +44336,7 @@ index c772d8d..35c362c 100644 goto rel; } -@@ -1525,9 +1525,9 @@ static void fc_exch_recv_resp(struct fc_exch_mgr *mp, struct fc_frame *fp) +@@ -1536,9 +1536,9 @@ static void fc_exch_recv_resp(struct fc_exch_mgr *mp, struct fc_frame *fp) sp = fc_seq_lookup_orig(mp, fp); /* doesn't hold sequence */ if (!sp) @@ -41900,7 +44348,7 @@ index c772d8d..35c362c 100644 fc_frame_free(fp); } -@@ -2174,13 +2174,13 @@ void fc_exch_update_stats(struct fc_lport *lport) +@@ -2185,13 +2185,13 @@ void fc_exch_update_stats(struct fc_lport *lport) list_for_each_entry(ema, &lport->ema_list, ema_list) { mp = ema->mp; @@ -41921,7 +44369,7 @@ index c772d8d..35c362c 100644 } EXPORT_SYMBOL(fc_exch_update_stats); diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c -index bdb81cd..d3c7c2c 100644 +index 161c98e..6d563b3 100644 --- a/drivers/scsi/libsas/sas_ata.c +++ b/drivers/scsi/libsas/sas_ata.c @@ -554,7 +554,7 @@ static struct ata_port_operations sas_sata_ops = { @@ -41934,10 +44382,10 @@ index bdb81cd..d3c7c2c 100644 .qc_issue = sas_ata_qc_issue, .qc_fill_rtf = sas_ata_qc_fill_rtf, diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h -index 7706c99..3b4fc0c 100644 +index bcc56ca..6f4174a 100644 --- a/drivers/scsi/lpfc/lpfc.h +++ b/drivers/scsi/lpfc/lpfc.h -@@ -424,7 +424,7 @@ struct lpfc_vport { +@@ -431,7 +431,7 @@ struct lpfc_vport { struct dentry *debug_nodelist; struct dentry *vport_debugfs_root; struct lpfc_debugfs_trc *disc_trc; @@ -41946,7 +44394,7 @@ index 7706c99..3b4fc0c 100644 #endif uint8_t stat_data_enabled; uint8_t stat_data_blocked; -@@ -853,8 +853,8 @@ struct lpfc_hba { +@@ -865,8 +865,8 @@ struct lpfc_hba { struct timer_list fabric_block_timer; unsigned long bit_flags; #define FABRIC_COMANDS_BLOCKED 0 @@ -41957,7 +44405,7 @@ index 7706c99..3b4fc0c 100644 unsigned long last_rsrc_error_time; unsigned long last_ramp_down_time; unsigned long last_ramp_up_time; -@@ -890,7 +890,7 @@ struct lpfc_hba { +@@ -902,7 +902,7 @@ struct lpfc_hba { struct dentry *debug_slow_ring_trc; struct lpfc_debugfs_trc *slow_ring_trc; @@ -41967,7 +44415,7 @@ index 7706c99..3b4fc0c 100644 struct dentry *idiag_root; struct dentry *idiag_pci_cfg; diff --git a/drivers/scsi/lpfc/lpfc_debugfs.c b/drivers/scsi/lpfc/lpfc_debugfs.c -index f63f5ff..de29189 100644 +index f525ecb..32549a4 100644 --- a/drivers/scsi/lpfc/lpfc_debugfs.c +++ b/drivers/scsi/lpfc/lpfc_debugfs.c @@ -106,7 +106,7 @@ MODULE_PARM_DESC(lpfc_debugfs_mask_disc_trc, @@ -42050,10 +44498,10 @@ index f63f5ff..de29189 100644 snprintf(name, sizeof(name), "discovery_trace"); vport->debug_disc_trc = diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c -index 314b4f6..7005d10 100644 +index cb465b2..2e7b25f 100644 --- a/drivers/scsi/lpfc/lpfc_init.c +++ b/drivers/scsi/lpfc/lpfc_init.c -@@ -10551,8 +10551,10 @@ lpfc_init(void) +@@ -10950,8 +10950,10 @@ lpfc_init(void) "misc_register returned with status %d", error); if (lpfc_enable_npiv) { @@ -42067,10 +44515,10 @@ index 314b4f6..7005d10 100644 lpfc_transport_template = fc_attach_transport(&lpfc_transport_functions); diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c -index 98af07c..7625fb5 100644 +index 8523b278e..ce1d812 100644 --- a/drivers/scsi/lpfc/lpfc_scsi.c +++ b/drivers/scsi/lpfc/lpfc_scsi.c -@@ -325,7 +325,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba) +@@ -331,7 +331,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba) uint32_t evt_posted; spin_lock_irqsave(&phba->hbalock, flags); @@ -42079,7 +44527,7 @@ index 98af07c..7625fb5 100644 phba->last_rsrc_error_time = jiffies; if ((phba->last_ramp_down_time + QUEUE_RAMP_DOWN_INTERVAL) > jiffies) { -@@ -366,7 +366,7 @@ lpfc_rampup_queue_depth(struct lpfc_vport *vport, +@@ -372,7 +372,7 @@ lpfc_rampup_queue_depth(struct lpfc_vport *vport, unsigned long flags; struct lpfc_hba *phba = vport->phba; uint32_t evt_posted; @@ -42088,7 +44536,7 @@ index 98af07c..7625fb5 100644 if (vport->cfg_lun_queue_depth <= queue_depth) return; -@@ -410,8 +410,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) +@@ -416,8 +416,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) unsigned long num_rsrc_err, num_cmd_success; int i; @@ -42099,7 +44547,7 @@ index 98af07c..7625fb5 100644 /* * The error and success command counters are global per -@@ -439,8 +439,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) +@@ -445,8 +445,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) } } lpfc_destroy_vport_work_array(phba, vports); @@ -42110,7 +44558,7 @@ index 98af07c..7625fb5 100644 } /** -@@ -474,8 +474,8 @@ lpfc_ramp_up_queue_handler(struct lpfc_hba *phba) +@@ -480,8 +480,8 @@ lpfc_ramp_up_queue_handler(struct lpfc_hba *phba) } } lpfc_destroy_vport_work_array(phba, vports); @@ -42122,7 +44570,7 @@ index 98af07c..7625fb5 100644 /** diff --git a/drivers/scsi/pmcraid.c b/drivers/scsi/pmcraid.c -index b46f5e9..c4c4ccb 100644 +index 8e1b737..50ff510 100644 --- a/drivers/scsi/pmcraid.c +++ b/drivers/scsi/pmcraid.c @@ -200,8 +200,8 @@ static int pmcraid_slave_alloc(struct scsi_device *scsi_dev) @@ -42157,7 +44605,7 @@ index b46f5e9..c4c4ccb 100644 pinstance->num_hrrq; cmd->cmd_done = pmcraid_io_done; -@@ -3859,7 +3859,7 @@ static long pmcraid_ioctl_passthrough( +@@ -3846,7 +3846,7 @@ static long pmcraid_ioctl_passthrough( * block of scsi_cmd which is re-used (e.g. cancel/abort), which uses * hrrq_id assigned here in queuecommand */ @@ -42166,7 +44614,7 @@ index b46f5e9..c4c4ccb 100644 pinstance->num_hrrq; if (request_size) { -@@ -4497,7 +4497,7 @@ static void pmcraid_worker_function(struct work_struct *workp) +@@ -4483,7 +4483,7 @@ static void pmcraid_worker_function(struct work_struct *workp) pinstance = container_of(workp, struct pmcraid_instance, worker_q); /* add resources only after host is added into system */ @@ -42175,7 +44623,7 @@ index b46f5e9..c4c4ccb 100644 return; fw_version = be16_to_cpu(pinstance->inq_data->fw_version); -@@ -5324,8 +5324,8 @@ static int pmcraid_init_instance(struct pci_dev *pdev, struct Scsi_Host *host, +@@ -5310,8 +5310,8 @@ static int pmcraid_init_instance(struct pci_dev *pdev, struct Scsi_Host *host, init_waitqueue_head(&pinstance->reset_wait_q); atomic_set(&pinstance->outstanding_cmds, 0); @@ -42186,7 +44634,7 @@ index b46f5e9..c4c4ccb 100644 INIT_LIST_HEAD(&pinstance->free_res_q); INIT_LIST_HEAD(&pinstance->used_res_q); -@@ -6038,7 +6038,7 @@ static int pmcraid_probe(struct pci_dev *pdev, +@@ -6024,7 +6024,7 @@ static int pmcraid_probe(struct pci_dev *pdev, /* Schedule worker thread to handle CCN and take care of adding and * removing devices to OS */ @@ -42229,10 +44677,10 @@ index e1d150f..6c6df44 100644 /* To indicate add/delete/modify during CCN */ u8 change_detected; diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c -index b3db9dc..c3b1756 100644 +index bf60c63..74d4dce 100644 --- a/drivers/scsi/qla2xxx/qla_attr.c +++ b/drivers/scsi/qla2xxx/qla_attr.c -@@ -1971,7 +1971,7 @@ qla24xx_vport_disable(struct fc_vport *fc_vport, bool disable) +@@ -2001,7 +2001,7 @@ qla24xx_vport_disable(struct fc_vport *fc_vport, bool disable) return 0; } @@ -42241,7 +44689,7 @@ index b3db9dc..c3b1756 100644 .show_host_node_name = 1, .show_host_port_name = 1, -@@ -2018,7 +2018,7 @@ struct fc_function_template qla2xxx_transport_functions = { +@@ -2048,7 +2048,7 @@ struct fc_function_template qla2xxx_transport_functions = { .bsg_timeout = qla24xx_bsg_timeout, }; @@ -42251,10 +44699,10 @@ index b3db9dc..c3b1756 100644 .show_host_node_name = 1, .show_host_port_name = 1, diff --git a/drivers/scsi/qla2xxx/qla_gbl.h b/drivers/scsi/qla2xxx/qla_gbl.h -index b310fa9..b9b3944 100644 +index 026bfde..90c4018 100644 --- a/drivers/scsi/qla2xxx/qla_gbl.h +++ b/drivers/scsi/qla2xxx/qla_gbl.h -@@ -523,8 +523,8 @@ extern void qla2x00_get_sym_node_name(scsi_qla_host_t *, uint8_t *); +@@ -528,8 +528,8 @@ extern void qla2x00_get_sym_node_name(scsi_qla_host_t *, uint8_t *); struct device_attribute; extern struct device_attribute *qla2x00_host_attrs[]; struct fc_function_template; @@ -42266,10 +44714,10 @@ index b310fa9..b9b3944 100644 extern void qla2x00_free_sysfs_attr(scsi_qla_host_t *); extern void qla2x00_init_host_attr(scsi_qla_host_t *); diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c -index 2c6dd3d..e5ecd82 100644 +index ad72c1d..afc9a98 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c -@@ -1554,8 +1554,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha) +@@ -1571,8 +1571,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha) !pci_set_consistent_dma_mask(ha->pdev, DMA_BIT_MASK(64))) { /* Ok, a 64bit DMA mask is applicable. */ ha->flags.enable_64bit_addressing = 1; @@ -42283,10 +44731,10 @@ index 2c6dd3d..e5ecd82 100644 } } diff --git a/drivers/scsi/qla4xxx/ql4_def.h b/drivers/scsi/qla4xxx/ql4_def.h -index 129f5dd..ade53e8 100644 +index ddf16a8..80f4dd0 100644 --- a/drivers/scsi/qla4xxx/ql4_def.h +++ b/drivers/scsi/qla4xxx/ql4_def.h -@@ -275,7 +275,7 @@ struct ddb_entry { +@@ -291,7 +291,7 @@ struct ddb_entry { * (4000 only) */ atomic_t relogin_timer; /* Max Time to wait for * relogin to complete */ @@ -42296,10 +44744,10 @@ index 129f5dd..ade53e8 100644 uint32_t default_time2wait; /* Default Min time between * relogins (+aens) */ diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c -index 6142729..b6a85c9 100644 +index 4d231c1..2892c37 100644 --- a/drivers/scsi/qla4xxx/ql4_os.c +++ b/drivers/scsi/qla4xxx/ql4_os.c -@@ -2622,12 +2622,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess) +@@ -2971,12 +2971,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess) */ if (!iscsi_is_session_online(cls_sess)) { /* Reset retry relogin timer */ @@ -42314,7 +44762,7 @@ index 6142729..b6a85c9 100644 ddb_entry->default_time2wait + 4)); set_bit(DPC_RELOGIN_DEVICE, &ha->dpc_flags); atomic_set(&ddb_entry->retry_relogin_timer, -@@ -4742,7 +4742,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha, +@@ -5081,7 +5081,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha, atomic_set(&ddb_entry->retry_relogin_timer, INVALID_ENTRY); atomic_set(&ddb_entry->relogin_timer, 0); @@ -42324,7 +44772,7 @@ index 6142729..b6a85c9 100644 ddb_entry->default_relogin_timeout = (def_timeout > LOGIN_TOV) && (def_timeout < LOGIN_TOV * 10) ? diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c -index 2c0d0ec..4e8681a 100644 +index eaa808e..95f8841 100644 --- a/drivers/scsi/scsi.c +++ b/drivers/scsi/scsi.c @@ -661,7 +661,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd) @@ -42337,10 +44785,10 @@ index 2c0d0ec..4e8681a 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index c31187d..0ead8c3 100644 +index 86d5220..f22c51a 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c -@@ -1459,7 +1459,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) +@@ -1458,7 +1458,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) shost = sdev->host; scsi_init_cmd_errh(cmd); cmd->result = DID_NO_CONNECT << 16; @@ -42349,7 +44797,7 @@ index c31187d..0ead8c3 100644 /* * SCSI request completion path will do scsi_device_unbusy(), -@@ -1485,9 +1485,9 @@ static void scsi_softirq_done(struct request *rq) +@@ -1484,9 +1484,9 @@ static void scsi_softirq_done(struct request *rq) INIT_LIST_HEAD(&cmd->eh_entry); @@ -42388,10 +44836,10 @@ index 84a1fdf..693b0d6 100644 /* * TODO: need to fixup sg_tablesize, max_segment_size, diff --git a/drivers/scsi/scsi_transport_fc.c b/drivers/scsi/scsi_transport_fc.c -index e894ca7..de9d7660 100644 +index e106c27..11a380e 100644 --- a/drivers/scsi/scsi_transport_fc.c +++ b/drivers/scsi/scsi_transport_fc.c -@@ -498,7 +498,7 @@ static DECLARE_TRANSPORT_CLASS(fc_vport_class, +@@ -497,7 +497,7 @@ static DECLARE_TRANSPORT_CLASS(fc_vport_class, * Netlink Infrastructure */ @@ -42400,7 +44848,7 @@ index e894ca7..de9d7660 100644 /** * fc_get_event_number - Obtain the next sequential FC event number -@@ -511,7 +511,7 @@ static atomic_t fc_event_seq; +@@ -510,7 +510,7 @@ static atomic_t fc_event_seq; u32 fc_get_event_number(void) { @@ -42409,7 +44857,7 @@ index e894ca7..de9d7660 100644 } EXPORT_SYMBOL(fc_get_event_number); -@@ -659,7 +659,7 @@ static __init int fc_transport_init(void) +@@ -654,7 +654,7 @@ static __init int fc_transport_init(void) { int error; @@ -42418,7 +44866,7 @@ index e894ca7..de9d7660 100644 error = transport_class_register(&fc_host_class); if (error) -@@ -849,7 +849,7 @@ static int fc_str_to_dev_loss(const char *buf, unsigned long *val) +@@ -844,7 +844,7 @@ static int fc_str_to_dev_loss(const char *buf, unsigned long *val) char *cp; *val = simple_strtoul(buf, &cp, 0); @@ -42428,10 +44876,10 @@ index e894ca7..de9d7660 100644 /* * Check for overflow; dev_loss_tmo is u32 diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c -index 0a74b97..fa8d648 100644 +index 133926b..903000d 100644 --- a/drivers/scsi/scsi_transport_iscsi.c +++ b/drivers/scsi/scsi_transport_iscsi.c -@@ -79,7 +79,7 @@ struct iscsi_internal { +@@ -80,7 +80,7 @@ struct iscsi_internal { struct transport_container session_cont; }; @@ -42440,7 +44888,7 @@ index 0a74b97..fa8d648 100644 static struct workqueue_struct *iscsi_eh_timer_workq; static DEFINE_IDA(iscsi_sess_ida); -@@ -1064,7 +1064,7 @@ int iscsi_add_session(struct iscsi_cls_session *session, unsigned int target_id) +@@ -1738,7 +1738,7 @@ int iscsi_add_session(struct iscsi_cls_session *session, unsigned int target_id) int err; ihost = shost->shost_data; @@ -42449,7 +44897,7 @@ index 0a74b97..fa8d648 100644 if (target_id == ISCSI_MAX_TARGET) { id = ida_simple_get(&iscsi_sess_ida, 0, 0, GFP_KERNEL); -@@ -2955,7 +2955,7 @@ static __init int iscsi_transport_init(void) +@@ -3944,7 +3944,7 @@ static __init int iscsi_transport_init(void) printk(KERN_INFO "Loading iSCSI transport class v%s.\n", ISCSI_TRANSPORT_VERSION); @@ -42490,10 +44938,10 @@ index f379c7f..e8fc69c 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 82910cc..7c350ad 100644 +index 610417e..1544fa9 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -2929,7 +2929,7 @@ static int sd_probe(struct device *dev) +@@ -2928,7 +2928,7 @@ static int sd_probe(struct device *dev) sdkp->disk = gd; sdkp->index = index; atomic_set(&sdkp->openers, 0); @@ -42503,10 +44951,10 @@ index 82910cc..7c350ad 100644 if (!sdp->request_queue->rq_timeout) { if (sdp->type != TYPE_MOD) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c -index 9f0c465..47194ee 100644 +index df5e961..df6b97f 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c -@@ -1101,7 +1101,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) +@@ -1102,7 +1102,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) sdp->disk->disk_name, MKDEV(SCSI_GENERIC_MAJOR, sdp->index), NULL, @@ -42516,10 +44964,10 @@ index 9f0c465..47194ee 100644 return blk_trace_startstop(sdp->device->request_queue, 1); case BLKTRACESTOP: diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c -index 004b10f..7c98d51 100644 +index 32b7bb1..2f1c4bd 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c -@@ -1620,7 +1620,7 @@ int spi_bus_unlock(struct spi_master *master) +@@ -1631,7 +1631,7 @@ int spi_bus_unlock(struct spi_master *master) EXPORT_SYMBOL_GPL(spi_bus_unlock); /* portable code must never pass more than 32 bytes */ @@ -42528,19 +44976,19 @@ index 004b10f..7c98d51 100644 static u8 *buf; -diff --git a/drivers/staging/iio/iio_hwmon.c b/drivers/staging/iio/iio_hwmon.c -index 93af756..a4bc5bf 100644 ---- a/drivers/staging/iio/iio_hwmon.c -+++ b/drivers/staging/iio/iio_hwmon.c -@@ -67,7 +67,7 @@ static int iio_hwmon_probe(struct platform_device *pdev) +diff --git a/drivers/staging/media/solo6x10/solo6x10-core.c b/drivers/staging/media/solo6x10/solo6x10-core.c +index 3675020..e80d92c 100644 +--- a/drivers/staging/media/solo6x10/solo6x10-core.c ++++ b/drivers/staging/media/solo6x10/solo6x10-core.c +@@ -434,7 +434,7 @@ static void solo_device_release(struct device *dev) + + static int solo_sysfs_init(struct solo_dev *solo_dev) { - struct device *dev = &pdev->dev; - struct iio_hwmon_state *st; -- struct sensor_device_attribute *a; -+ sensor_device_attribute_no_const *a; - int ret, i; - int in_i = 1, temp_i = 1, curr_i = 1; - enum iio_chan_type type; +- struct bin_attribute *sdram_attr = &solo_dev->sdram_attr; ++ bin_attribute_no_const *sdram_attr = &solo_dev->sdram_attr; + struct device *dev = &solo_dev->dev; + const char *driver; + int i; diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c index 34afc16..ffe44dd 100644 --- a/drivers/staging/octeon/ethernet-rx.c @@ -42620,7 +45068,7 @@ index 1f5088b..0e59820 100644 return 0; diff --git a/drivers/staging/usbip/vhci.h b/drivers/staging/usbip/vhci.h -index 5dddc4d..34fcb2f 100644 +index a863a98..d272795 100644 --- a/drivers/staging/usbip/vhci.h +++ b/drivers/staging/usbip/vhci.h @@ -83,7 +83,7 @@ struct vhci_hcd { @@ -42633,7 +45081,7 @@ index 5dddc4d..34fcb2f 100644 /* * NOTE: diff --git a/drivers/staging/usbip/vhci_hcd.c b/drivers/staging/usbip/vhci_hcd.c -index f1ca084..7b5c0c3 100644 +index d7974cb..d78076b 100644 --- a/drivers/staging/usbip/vhci_hcd.c +++ b/drivers/staging/usbip/vhci_hcd.c @@ -441,7 +441,7 @@ static void vhci_tx_urb(struct urb *urb) @@ -42664,10 +45112,10 @@ index f1ca084..7b5c0c3 100644 hcd->power_budget = 0; /* no limit */ diff --git a/drivers/staging/usbip/vhci_rx.c b/drivers/staging/usbip/vhci_rx.c -index faf8e60..c46f8ab 100644 +index d07fcb5..358e1e1 100644 --- a/drivers/staging/usbip/vhci_rx.c +++ b/drivers/staging/usbip/vhci_rx.c -@@ -76,7 +76,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, +@@ -80,7 +80,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, if (!urb) { pr_err("cannot find a urb of seqnum %u\n", pdu->base.seqnum); pr_info("max seqnum %d\n", @@ -42677,10 +45125,10 @@ index faf8e60..c46f8ab 100644 return; } diff --git a/drivers/staging/vt6655/hostap.c b/drivers/staging/vt6655/hostap.c -index 5f13890..36a044b 100644 +index 8417c2f..ef5ebd6 100644 --- a/drivers/staging/vt6655/hostap.c +++ b/drivers/staging/vt6655/hostap.c -@@ -73,14 +73,13 @@ static int msglevel =MSG_LEVEL_INFO; +@@ -69,14 +69,13 @@ static int msglevel = MSG_LEVEL_INFO; * */ @@ -42688,17 +45136,17 @@ index 5f13890..36a044b 100644 + static int hostap_enable_hostapd(PSDevice pDevice, int rtnl_locked) { - PSDevice apdev_priv; + PSDevice apdev_priv; struct net_device *dev = pDevice->dev; int ret; - const struct net_device_ops apdev_netdev_ops = { - .ndo_start_xmit = pDevice->tx_80211, - }; - DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "%s: Enabling hostapd mode\n", dev->name); + DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "%s: Enabling hostapd mode\n", dev->name); -@@ -92,6 +91,8 @@ static int hostap_enable_hostapd(PSDevice pDevice, int rtnl_locked) - *apdev_priv = *pDevice; +@@ -88,6 +87,8 @@ static int hostap_enable_hostapd(PSDevice pDevice, int rtnl_locked) + *apdev_priv = *pDevice; memcpy(pDevice->apdev->dev_addr, dev->dev_addr, ETH_ALEN); + /* only half broken now */ @@ -42707,7 +45155,7 @@ index 5f13890..36a044b 100644 pDevice->apdev->type = ARPHRD_IEEE80211; diff --git a/drivers/staging/vt6656/hostap.c b/drivers/staging/vt6656/hostap.c -index a94e66f..31984d0 100644 +index c699a30..b90a5fd 100644 --- a/drivers/staging/vt6656/hostap.c +++ b/drivers/staging/vt6656/hostap.c @@ -60,14 +60,13 @@ static int msglevel =MSG_LEVEL_INFO; @@ -42736,53 +45184,33 @@ index a94e66f..31984d0 100644 pDevice->apdev->netdev_ops = &apdev_netdev_ops; pDevice->apdev->type = ARPHRD_IEEE80211; -diff --git a/drivers/staging/zcache/tmem.c b/drivers/staging/zcache/tmem.c -index a2b7e03..9ff4bbd 100644 ---- a/drivers/staging/zcache/tmem.c -+++ b/drivers/staging/zcache/tmem.c -@@ -50,7 +50,7 @@ - * A tmem host implementation must use this function to register callbacks - * for memory allocation. - */ --static struct tmem_hostops tmem_hostops; -+static tmem_hostops_no_const tmem_hostops; - - static void tmem_objnode_tree_init(void); - -@@ -64,7 +64,7 @@ void tmem_register_hostops(struct tmem_hostops *m) - * A tmem host implementation must use this function to register - * callbacks for a page-accessible memory (PAM) implementation. - */ --static struct tmem_pamops tmem_pamops; -+static tmem_pamops_no_const tmem_pamops; - - void tmem_register_pamops(struct tmem_pamops *m) - { diff --git a/drivers/staging/zcache/tmem.h b/drivers/staging/zcache/tmem.h -index adbe5a8..d387359 100644 +index d128ce2..fc1f9a1 100644 --- a/drivers/staging/zcache/tmem.h +++ b/drivers/staging/zcache/tmem.h -@@ -226,6 +226,7 @@ struct tmem_pamops { +@@ -225,7 +225,7 @@ struct tmem_pamops { + bool (*is_remote)(void *); int (*replace_in_obj)(void *, struct tmem_obj *); #endif - }; -+typedef struct tmem_pamops __no_const tmem_pamops_no_const; +-}; ++} __no_const; extern void tmem_register_pamops(struct tmem_pamops *m); /* memory allocation methods provided by the host implementation */ -@@ -235,6 +236,7 @@ struct tmem_hostops { +@@ -234,7 +234,7 @@ struct tmem_hostops { + void (*obj_free)(struct tmem_obj *, struct tmem_pool *); struct tmem_objnode *(*objnode_alloc)(struct tmem_pool *); void (*objnode_free)(struct tmem_objnode *, struct tmem_pool *); - }; -+typedef struct tmem_hostops __no_const tmem_hostops_no_const; +-}; ++} __no_const; extern void tmem_register_hostops(struct tmem_hostops *m); /* core tmem accessor functions */ diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c -index 2e4d655..fd72e68 100644 +index 4630481..c26782a 100644 --- a/drivers/target/target_core_device.c +++ b/drivers/target/target_core_device.c -@@ -1414,7 +1414,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name) +@@ -1400,7 +1400,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name) spin_lock_init(&dev->se_port_lock); spin_lock_init(&dev->se_tmr_lock); spin_lock_init(&dev->qf_cmd_lock); @@ -42792,10 +45220,10 @@ index 2e4d655..fd72e68 100644 spin_lock_init(&dev->t10_wwn.t10_vpd_lock); INIT_LIST_HEAD(&dev->t10_pr.registration_list); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index fc9a5a0..1d5975e 100644 +index 21e3158..43c6004 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c -@@ -1081,7 +1081,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd) +@@ -1080,7 +1080,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd) * Used to determine when ORDERED commands should go from * Dormant to Active status. */ @@ -42805,10 +45233,10 @@ index fc9a5a0..1d5975e 100644 pr_debug("Allocated se_ordered_id: %u for Task Attr: 0x%02x on %s\n", cmd->se_ordered_id, cmd->sam_task_attr, diff --git a/drivers/tty/cyclades.c b/drivers/tty/cyclades.c -index 345bd0e..61d5375 100644 +index 33f83fe..d80f8e1 100644 --- a/drivers/tty/cyclades.c +++ b/drivers/tty/cyclades.c -@@ -1576,10 +1576,10 @@ static int cy_open(struct tty_struct *tty, struct file *filp) +@@ -1570,10 +1570,10 @@ static int cy_open(struct tty_struct *tty, struct file *filp) printk(KERN_DEBUG "cyc:cy_open ttyC%d, count = %d\n", info->line, info->port.count); #endif @@ -42821,7 +45249,7 @@ index 345bd0e..61d5375 100644 #endif /* -@@ -3978,7 +3978,7 @@ static int cyclades_proc_show(struct seq_file *m, void *v) +@@ -3972,7 +3972,7 @@ static int cyclades_proc_show(struct seq_file *m, void *v) for (j = 0; j < cy_card[i].nports; j++) { info = &cy_card[i].ports[j]; @@ -43103,10 +45531,10 @@ index 8fd72ff..34a0bed 100644 ipwireless_disassociate_network_ttys(network, ttyj->channel_idx); diff --git a/drivers/tty/moxa.c b/drivers/tty/moxa.c -index adeac25..787a0a1 100644 +index 1deaca4..c8582d4 100644 --- a/drivers/tty/moxa.c +++ b/drivers/tty/moxa.c -@@ -1193,7 +1193,7 @@ static int moxa_open(struct tty_struct *tty, struct file *filp) +@@ -1189,7 +1189,7 @@ static int moxa_open(struct tty_struct *tty, struct file *filp) } ch = &brd->ports[port % MAX_PORTS_PER_BOARD]; @@ -43116,10 +45544,10 @@ index adeac25..787a0a1 100644 tty_port_tty_set(&ch->port, tty); mutex_lock(&ch->port.mutex); diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c -index 4a43ef5d7..aa71f27 100644 +index 6422390..49003ac8 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c -@@ -1636,7 +1636,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) +@@ -1632,7 +1632,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) spin_lock_init(&dlci->lock); mutex_init(&dlci->mutex); dlci->fifo = &dlci->_fifo; @@ -43128,7 +45556,7 @@ index 4a43ef5d7..aa71f27 100644 kfree(dlci); return NULL; } -@@ -2936,7 +2936,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp) +@@ -2932,7 +2932,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp) struct gsm_dlci *dlci = tty->driver_data; struct tty_port *port = &dlci->port; @@ -43138,10 +45566,10 @@ index 4a43ef5d7..aa71f27 100644 dlci_get(dlci->gsm->dlci[0]); mux_get(dlci->gsm); diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c -index 1f8cba6..47b06c2 100644 +index 6c7fe90..9241dab 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c -@@ -2205,6 +2205,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) +@@ -2203,6 +2203,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) { *ops = tty_ldisc_N_TTY; ops->owner = NULL; @@ -43151,10 +45579,10 @@ index 1f8cba6..47b06c2 100644 } EXPORT_SYMBOL_GPL(n_tty_inherit_ops); diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c -index 125e0fd..8c50690 100644 +index abfd990..5ab5da9 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c -@@ -800,8 +800,10 @@ static void __init unix98_pty_init(void) +@@ -796,8 +796,10 @@ static void __init unix98_pty_init(void) panic("Couldn't register Unix98 pts driver"); /* Now create the /dev/ptmx special device */ @@ -43167,10 +45595,10 @@ index 125e0fd..8c50690 100644 cdev_init(&ptmx_cdev, &ptmx_fops); if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) || diff --git a/drivers/tty/rocket.c b/drivers/tty/rocket.c -index 1d27003..959f452 100644 +index 354564e..fe50d9a 100644 --- a/drivers/tty/rocket.c +++ b/drivers/tty/rocket.c -@@ -923,7 +923,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp) +@@ -914,7 +914,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp) tty->driver_data = info; tty_port_tty_set(port, tty); @@ -43179,7 +45607,7 @@ index 1d27003..959f452 100644 atomic_inc(&rp_num_ports_open); #ifdef ROCKET_DEBUG_OPEN -@@ -932,7 +932,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp) +@@ -923,7 +923,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp) #endif } #ifdef ROCKET_DEBUG_OPEN @@ -43188,7 +45616,7 @@ index 1d27003..959f452 100644 #endif /* -@@ -1527,7 +1527,7 @@ static void rp_hangup(struct tty_struct *tty) +@@ -1515,7 +1515,7 @@ static void rp_hangup(struct tty_struct *tty) spin_unlock_irqrestore(&info->port.lock, flags); return; } @@ -43304,10 +45732,10 @@ index 1002054..dd644a8 100644 /* This is only available if kgdboc is a built in for early debugging */ static int __init kgdboc_early_init(char *opt) diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c -index 2769a38..f3dbe48 100644 +index 0c8a9fa..234a95f 100644 --- a/drivers/tty/serial/samsung.c +++ b/drivers/tty/serial/samsung.c -@@ -451,11 +451,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port) +@@ -453,11 +453,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port) } } @@ -43324,7 +45752,7 @@ index 2769a38..f3dbe48 100644 dbg("s3c24xx_serial_startup: port=%p (%08lx,%p)\n", port->mapbase, port->membase); -@@ -1120,10 +1125,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport, +@@ -1124,10 +1129,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport, /* setup info for port */ port->dev = &platdev->dev; @@ -43336,7 +45764,7 @@ index 2769a38..f3dbe48 100644 if (cfg->uart_flags & UPF_CONS_FLOW) { diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c -index 8fbb6d2..822a9e6 100644 +index f87dbfd..42ad4b1 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -1454,7 +1454,7 @@ static void uart_hangup(struct tty_struct *tty) @@ -43376,10 +45804,10 @@ index 8fbb6d2..822a9e6 100644 goto end; } diff --git a/drivers/tty/synclink.c b/drivers/tty/synclink.c -index 8983276..72a4090 100644 +index 8eaf1ab..85c030d 100644 --- a/drivers/tty/synclink.c +++ b/drivers/tty/synclink.c -@@ -3093,7 +3093,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp) +@@ -3090,7 +3090,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp) if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgsl_close(%s) entry, count=%d\n", @@ -43388,7 +45816,7 @@ index 8983276..72a4090 100644 if (tty_port_close_start(&info->port, tty, filp) == 0) goto cleanup; -@@ -3111,7 +3111,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp) +@@ -3108,7 +3108,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp) cleanup: if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgsl_close(%s) exit, count=%d\n", __FILE__,__LINE__, @@ -43397,7 +45825,7 @@ index 8983276..72a4090 100644 } /* end of mgsl_close() */ -@@ -3210,8 +3210,8 @@ static void mgsl_hangup(struct tty_struct *tty) +@@ -3207,8 +3207,8 @@ static void mgsl_hangup(struct tty_struct *tty) mgsl_flush_buffer(tty); shutdown(info); @@ -43408,7 +45836,7 @@ index 8983276..72a4090 100644 info->port.flags &= ~ASYNC_NORMAL_ACTIVE; info->port.tty = NULL; -@@ -3300,12 +3300,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, +@@ -3297,12 +3297,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):block_til_ready before block on %s count=%d\n", @@ -43423,7 +45851,7 @@ index 8983276..72a4090 100644 } spin_unlock_irqrestore(&info->irq_spinlock, flags); port->blocked_open++; -@@ -3334,7 +3334,7 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, +@@ -3331,7 +3331,7 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):block_til_ready blocking on %s count=%d\n", @@ -43432,7 +45860,7 @@ index 8983276..72a4090 100644 tty_unlock(tty); schedule(); -@@ -3346,12 +3346,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, +@@ -3343,12 +3343,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, /* FIXME: Racy on hangup during close wait */ if (extra_count) @@ -43447,7 +45875,7 @@ index 8983276..72a4090 100644 if (!retval) port->flags |= ASYNC_NORMAL_ACTIVE; -@@ -3403,7 +3403,7 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp) +@@ -3400,7 +3400,7 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp) if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgsl_open(%s), old ref count = %d\n", @@ -43456,7 +45884,7 @@ index 8983276..72a4090 100644 /* If port is closing, signal caller to try again */ if (tty_hung_up_p(filp) || info->port.flags & ASYNC_CLOSING){ -@@ -3422,10 +3422,10 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp) +@@ -3419,10 +3419,10 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp) spin_unlock_irqrestore(&info->netlock, flags); goto cleanup; } @@ -43469,7 +45897,7 @@ index 8983276..72a4090 100644 /* 1st open on this device, init hardware */ retval = startup(info); if (retval < 0) -@@ -3449,8 +3449,8 @@ cleanup: +@@ -3446,8 +3446,8 @@ cleanup: if (retval) { if (tty->count == 1) info->port.tty = NULL; /* tty layer will release tty struct */ @@ -43480,7 +45908,7 @@ index 8983276..72a4090 100644 } return retval; -@@ -7668,7 +7668,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, +@@ -7665,7 +7665,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, unsigned short new_crctype; /* return error if TTY interface open */ @@ -43489,7 +45917,7 @@ index 8983276..72a4090 100644 return -EBUSY; switch (encoding) -@@ -7763,7 +7763,7 @@ static int hdlcdev_open(struct net_device *dev) +@@ -7760,7 +7760,7 @@ static int hdlcdev_open(struct net_device *dev) /* arbitrate between network and tty opens */ spin_lock_irqsave(&info->netlock, flags); @@ -43498,7 +45926,7 @@ index 8983276..72a4090 100644 printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name); spin_unlock_irqrestore(&info->netlock, flags); return -EBUSY; -@@ -7849,7 +7849,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) +@@ -7846,7 +7846,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name); /* return error if TTY interface open */ @@ -43508,7 +45936,7 @@ index 8983276..72a4090 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/tty/synclink_gt.c b/drivers/tty/synclink_gt.c -index aa9eece..d8baaec 100644 +index 1abf946..1ee34fc 100644 --- a/drivers/tty/synclink_gt.c +++ b/drivers/tty/synclink_gt.c @@ -670,7 +670,7 @@ static int open(struct tty_struct *tty, struct file *filp) @@ -43626,7 +46054,7 @@ index aa9eece..d8baaec 100644 if (!retval) diff --git a/drivers/tty/synclinkmp.c b/drivers/tty/synclinkmp.c -index 6d5780c..aa4d8cd 100644 +index ff17138..e38b41e 100644 --- a/drivers/tty/synclinkmp.c +++ b/drivers/tty/synclinkmp.c @@ -750,7 +750,7 @@ static int open(struct tty_struct *tty, struct file *filp) @@ -43765,10 +46193,10 @@ index 6d5780c..aa4d8cd 100644 if (!retval) port->flags |= ASYNC_NORMAL_ACTIVE; diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c -index 3687f0c..6b9b808 100644 +index b51c154..17d55d1 100644 --- a/drivers/tty/sysrq.c +++ b/drivers/tty/sysrq.c -@@ -995,7 +995,7 @@ EXPORT_SYMBOL(unregister_sysrq_key); +@@ -1022,7 +1022,7 @@ EXPORT_SYMBOL(unregister_sysrq_key); static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { @@ -43778,10 +46206,10 @@ index 3687f0c..6b9b808 100644 if (get_user(c, buf)) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index a9cd0b9..47b9336 100644 +index 4476682..d77e748 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c -@@ -3398,7 +3398,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); +@@ -3466,7 +3466,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); void tty_default_fops(struct file_operations *fops) { @@ -43791,19 +46219,10 @@ index a9cd0b9..47b9336 100644 /* diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c -index d794087..e4f49e5 100644 +index 1afe192..73d2c20 100644 --- a/drivers/tty/tty_ldisc.c +++ b/drivers/tty/tty_ldisc.c -@@ -56,7 +56,7 @@ static void put_ldisc(struct tty_ldisc *ld) - if (atomic_dec_and_test(&ld->users)) { - struct tty_ldisc_ops *ldo = ld->ops; - -- ldo->refcount--; -+ atomic_dec(&ldo->refcount); - module_put(ldo->owner); - raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags); - -@@ -93,7 +93,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc) +@@ -66,7 +66,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc) raw_spin_lock_irqsave(&tty_ldisc_lock, flags); tty_ldiscs[disc] = new_ldisc; new_ldisc->num = disc; @@ -43812,7 +46231,7 @@ index d794087..e4f49e5 100644 raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags); return ret; -@@ -121,7 +121,7 @@ int tty_unregister_ldisc(int disc) +@@ -94,7 +94,7 @@ int tty_unregister_ldisc(int disc) return -EINVAL; raw_spin_lock_irqsave(&tty_ldisc_lock, flags); @@ -43821,7 +46240,7 @@ index d794087..e4f49e5 100644 ret = -EBUSY; else tty_ldiscs[disc] = NULL; -@@ -142,7 +142,7 @@ static struct tty_ldisc_ops *get_ldops(int disc) +@@ -115,7 +115,7 @@ static struct tty_ldisc_ops *get_ldops(int disc) if (ldops) { ret = ERR_PTR(-EAGAIN); if (try_module_get(ldops->owner)) { @@ -43830,7 +46249,7 @@ index d794087..e4f49e5 100644 ret = ldops; } } -@@ -155,7 +155,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops) +@@ -128,7 +128,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops) unsigned long flags; raw_spin_lock_irqsave(&tty_ldisc_lock, flags); @@ -43839,20 +46258,29 @@ index d794087..e4f49e5 100644 module_put(ldops->owner); raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags); } +@@ -196,7 +196,7 @@ static inline void tty_ldisc_put(struct tty_ldisc *ld) + /* unreleased reader reference(s) will cause this WARN */ + WARN_ON(!atomic_dec_and_test(&ld->users)); + +- ld->ops->refcount--; ++ atomic_dec(&ld->ops->refcount); + module_put(ld->ops->owner); + kfree(ld); + raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags); diff --git a/drivers/tty/tty_port.c b/drivers/tty/tty_port.c -index b7ff59d..7c6105e 100644 +index f597e88..b7f68ed 100644 --- a/drivers/tty/tty_port.c +++ b/drivers/tty/tty_port.c -@@ -218,7 +218,7 @@ void tty_port_hangup(struct tty_port *port) +@@ -232,7 +232,7 @@ void tty_port_hangup(struct tty_port *port) unsigned long flags; spin_lock_irqsave(&port->lock, flags); - port->count = 0; + atomic_set(&port->count, 0); port->flags &= ~ASYNC_NORMAL_ACTIVE; - if (port->tty) { - set_bit(TTY_IO_ERROR, &port->tty->flags); -@@ -344,7 +344,7 @@ int tty_port_block_til_ready(struct tty_port *port, + tty = port->tty; + if (tty) +@@ -390,7 +390,7 @@ int tty_port_block_til_ready(struct tty_port *port, /* The port lock protects the port counts */ spin_lock_irqsave(&port->lock, flags); if (!tty_hung_up_p(filp)) @@ -43861,7 +46289,7 @@ index b7ff59d..7c6105e 100644 port->blocked_open++; spin_unlock_irqrestore(&port->lock, flags); -@@ -386,7 +386,7 @@ int tty_port_block_til_ready(struct tty_port *port, +@@ -432,7 +432,7 @@ int tty_port_block_til_ready(struct tty_port *port, we must not mess that up further */ spin_lock_irqsave(&port->lock, flags); if (!tty_hung_up_p(filp)) @@ -43870,7 +46298,7 @@ index b7ff59d..7c6105e 100644 port->blocked_open--; if (retval == 0) port->flags |= ASYNC_NORMAL_ACTIVE; -@@ -406,19 +406,19 @@ int tty_port_close_start(struct tty_port *port, +@@ -466,19 +466,19 @@ int tty_port_close_start(struct tty_port *port, return 0; } @@ -43897,7 +46325,7 @@ index b7ff59d..7c6105e 100644 spin_unlock_irqrestore(&port->lock, flags); if (port->ops->drop) port->ops->drop(port); -@@ -516,7 +516,7 @@ int tty_port_open(struct tty_port *port, struct tty_struct *tty, +@@ -564,7 +564,7 @@ int tty_port_open(struct tty_port *port, struct tty_struct *tty, { spin_lock_irq(&port->lock); if (!tty_hung_up_p(filp)) @@ -43968,7 +46396,7 @@ index a9af1b9a..1e08e7f 100644 ret = -EPERM; goto reterr; diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c -index c8b9262..7e824e6 100644 +index b645c47..a55c182 100644 --- a/drivers/uio/uio.c +++ b/drivers/uio/uio.c @@ -25,6 +25,7 @@ @@ -44001,7 +46429,7 @@ index c8b9262..7e824e6 100644 } static struct device_attribute uio_class_attributes[] = { -@@ -397,7 +398,7 @@ void uio_event_notify(struct uio_info *info) +@@ -398,7 +399,7 @@ void uio_event_notify(struct uio_info *info) { struct uio_device *idev = info->uio_dev; @@ -44010,7 +46438,7 @@ index c8b9262..7e824e6 100644 wake_up_interruptible(&idev->wait); kill_fasync(&idev->async_queue, SIGIO, POLL_IN); } -@@ -450,7 +451,7 @@ static int uio_open(struct inode *inode, struct file *filep) +@@ -451,7 +452,7 @@ static int uio_open(struct inode *inode, struct file *filep) } listener->dev = idev; @@ -44019,7 +46447,7 @@ index c8b9262..7e824e6 100644 filep->private_data = listener; if (idev->info->open) { -@@ -501,7 +502,7 @@ static unsigned int uio_poll(struct file *filep, poll_table *wait) +@@ -502,7 +503,7 @@ static unsigned int uio_poll(struct file *filep, poll_table *wait) return -EIO; poll_wait(filep, &idev->wait, wait); @@ -44028,7 +46456,7 @@ index c8b9262..7e824e6 100644 return POLLIN | POLLRDNORM; return 0; } -@@ -526,7 +527,7 @@ static ssize_t uio_read(struct file *filep, char __user *buf, +@@ -527,7 +528,7 @@ static ssize_t uio_read(struct file *filep, char __user *buf, do { set_current_state(TASK_INTERRUPTIBLE); @@ -44037,7 +46465,7 @@ index c8b9262..7e824e6 100644 if (event_count != listener->event_count) { if (copy_to_user(buf, &event_count, count)) retval = -EFAULT; -@@ -595,13 +596,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma) +@@ -596,13 +597,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma) static void uio_vma_open(struct vm_area_struct *vma) { struct uio_device *idev = vma->vm_private_data; @@ -44053,7 +46481,7 @@ index c8b9262..7e824e6 100644 } static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf) -@@ -808,7 +809,7 @@ int __uio_register_device(struct module *owner, +@@ -809,7 +810,7 @@ int __uio_register_device(struct module *owner, idev->owner = owner; idev->info = info; init_waitqueue_head(&idev->wait); @@ -44076,7 +46504,7 @@ index 8a7eb77..c00402f 100644 pos += tmp; diff --git a/drivers/usb/atm/usbatm.c b/drivers/usb/atm/usbatm.c -index 35f10bf..6a38a0b 100644 +index d3527dd..26effa2 100644 --- a/drivers/usb/atm/usbatm.c +++ b/drivers/usb/atm/usbatm.c @@ -333,7 +333,7 @@ static void usbatm_extract_one_cell(struct usbatm_data *instance, unsigned char @@ -44190,7 +46618,7 @@ index 2a3bbdf..91d72cf 100644 file->f_version = event_count; return POLLIN | POLLRDNORM; diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c -index f9ec44c..eb5779f 100644 +index d53547d..6a22d02 100644 --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c @@ -1526,7 +1526,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) @@ -44225,7 +46653,7 @@ index 444d30e..f15c850 100644 __u16 size, int timeout) { diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c -index 3f81a3d..a3aa993 100644 +index aa38db4..0a08682 100644 --- a/drivers/usb/core/sysfs.c +++ b/drivers/usb/core/sysfs.c @@ -239,7 +239,7 @@ show_urbnum(struct device *dev, struct device_attribute *attr, char *buf) @@ -44238,10 +46666,10 @@ index 3f81a3d..a3aa993 100644 static DEVICE_ATTR(urbnum, S_IRUGO, show_urbnum, NULL); diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c -index f81b925..78d22ec 100644 +index b10da72..43aa0b2 100644 --- a/drivers/usb/core/usb.c +++ b/drivers/usb/core/usb.c -@@ -388,7 +388,7 @@ struct usb_device *usb_alloc_dev(struct usb_device *parent, +@@ -389,7 +389,7 @@ struct usb_device *usb_alloc_dev(struct usb_device *parent, set_dev_node(&dev->dev, dev_to_node(bus->controller)); dev->state = USB_STATE_ATTACHED; dev->lpm_disable_count = 1; @@ -44407,19 +46835,6 @@ index 5f3bcd3..bfca43f 100644 usb_autopm_put_interface(serial->interface); error_get_interface: usb_serial_put(serial); -diff --git a/drivers/usb/storage/realtek_cr.c b/drivers/usb/storage/realtek_cr.c -index 6c3586a..a94e621 100644 ---- a/drivers/usb/storage/realtek_cr.c -+++ b/drivers/usb/storage/realtek_cr.c -@@ -429,7 +429,7 @@ static int rts51x_read_status(struct us_data *us, - - buf = kmalloc(len, GFP_NOIO); - if (buf == NULL) -- return USB_STOR_TRANSPORT_ERROR; -+ return -ENOMEM; - - US_DEBUGP("%s, lun = %d\n", __func__, lun); - diff --git a/drivers/usb/storage/usb.h b/drivers/usb/storage/usb.h index 75f70f0..d467e1a 100644 --- a/drivers/usb/storage/usb.h @@ -44456,7 +46871,7 @@ index d6bea3e..60b250e 100644 /** diff --git a/drivers/usb/wusbcore/wa-xfer.c b/drivers/usb/wusbcore/wa-xfer.c -index 6ef94bc..1b41265 100644 +index 028fc83..65bb105 100644 --- a/drivers/usb/wusbcore/wa-xfer.c +++ b/drivers/usb/wusbcore/wa-xfer.c @@ -296,7 +296,7 @@ out: @@ -44468,6 +46883,19 @@ index 6ef94bc..1b41265 100644 } /* +diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c +index 5174eba..86e764a 100644 +--- a/drivers/vhost/vringh.c ++++ b/drivers/vhost/vringh.c +@@ -800,7 +800,7 @@ static inline int getu16_kern(u16 *val, const u16 *p) + + static inline int putu16_kern(u16 *p, u16 val) + { +- ACCESS_ONCE(*p) = val; ++ ACCESS_ONCE_RW(*p) = val; + return 0; + } + diff --git a/drivers/video/aty/aty128fb.c b/drivers/video/aty/aty128fb.c index 8c55011..eed4ae1a 100644 --- a/drivers/video/aty/aty128fb.c @@ -44525,8 +46953,21 @@ index 95ec042..e6affdd 100644 return 0; } +diff --git a/drivers/video/backlight/backlight.c b/drivers/video/backlight/backlight.c +index c74e7aa..e3c2790 100644 +--- a/drivers/video/backlight/backlight.c ++++ b/drivers/video/backlight/backlight.c +@@ -304,7 +304,7 @@ struct backlight_device *backlight_device_register(const char *name, + new_bd->dev.class = backlight_class; + new_bd->dev.parent = parent; + new_bd->dev.release = bl_device_release; +- dev_set_name(&new_bd->dev, name); ++ dev_set_name(&new_bd->dev, "%s", name); + dev_set_drvdata(&new_bd->dev, devdata); + + /* Set default properties */ diff --git a/drivers/video/backlight/kb3886_bl.c b/drivers/video/backlight/kb3886_bl.c -index 6c5ed6b..b727c88 100644 +index bca6ccc..252107e 100644 --- a/drivers/video/backlight/kb3886_bl.c +++ b/drivers/video/backlight/kb3886_bl.c @@ -78,7 +78,7 @@ static struct kb3886bl_machinfo *bl_machinfo; @@ -44538,6 +46979,19 @@ index 6c5ed6b..b727c88 100644 { .ident = "Sahara Touch-iT", .matches = { +diff --git a/drivers/video/backlight/lcd.c b/drivers/video/backlight/lcd.c +index 34fb6bd..3649fd9 100644 +--- a/drivers/video/backlight/lcd.c ++++ b/drivers/video/backlight/lcd.c +@@ -219,7 +219,7 @@ struct lcd_device *lcd_device_register(const char *name, struct device *parent, + new_ld->dev.class = lcd_class; + new_ld->dev.parent = parent; + new_ld->dev.release = lcd_device_release; +- dev_set_name(&new_ld->dev, name); ++ dev_set_name(&new_ld->dev, "%s", name); + dev_set_drvdata(&new_ld->dev, devdata); + + rc = device_register(&new_ld->dev); diff --git a/drivers/video/fb_defio.c b/drivers/video/fb_defio.c index 900aa4e..6d49418 100644 --- a/drivers/video/fb_defio.c @@ -44577,7 +47031,7 @@ index 5c3960d..15cf8fc 100644 goto out1; } diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c -index 86291dc..7cc5962 100644 +index 098bfc6..796841d 100644 --- a/drivers/video/fbmem.c +++ b/drivers/video/fbmem.c @@ -428,7 +428,7 @@ static void fb_do_show_logo(struct fb_info *info, struct fb_image *image, @@ -47427,8 +49881,21 @@ index ff22871..b129bed 100644 info->var.accel_flags = (!noaccel); +diff --git a/drivers/video/output.c b/drivers/video/output.c +index 0d6f2cd..6285b97 100644 +--- a/drivers/video/output.c ++++ b/drivers/video/output.c +@@ -97,7 +97,7 @@ struct output_device *video_output_register(const char *name, + new_dev->props = op; + new_dev->dev.class = &video_output_class; + new_dev->dev.parent = dev; +- dev_set_name(&new_dev->dev, name); ++ dev_set_name(&new_dev->dev, "%s", name); + dev_set_drvdata(&new_dev->dev, devdata); + ret_code = device_register(&new_dev->dev); + if (ret_code) { diff --git a/drivers/video/s1d13xxxfb.c b/drivers/video/s1d13xxxfb.c -index 76d9053..dec2bfd 100644 +index 05c2dc3..ea1f391 100644 --- a/drivers/video/s1d13xxxfb.c +++ b/drivers/video/s1d13xxxfb.c @@ -881,8 +881,10 @@ static int s1d13xxxfb_probe(struct platform_device *pdev) @@ -47445,10 +49912,10 @@ index 76d9053..dec2bfd 100644 FBINFO_HWACCEL_FILLRECT | FBINFO_HWACCEL_COPYAREA; break; diff --git a/drivers/video/smscufx.c b/drivers/video/smscufx.c -index 97bd662..39fab85 100644 +index b2b33fc..f9f4658 100644 --- a/drivers/video/smscufx.c +++ b/drivers/video/smscufx.c -@@ -1171,7 +1171,9 @@ static int ufx_ops_release(struct fb_info *info, int user) +@@ -1175,7 +1175,9 @@ static int ufx_ops_release(struct fb_info *info, int user) fb_deferred_io_cleanup(info); kfree(info->fbdefio); info->fbdefio = NULL; @@ -47460,10 +49927,10 @@ index 97bd662..39fab85 100644 pr_debug("released /dev/fb%d user=%d count=%d", diff --git a/drivers/video/udlfb.c b/drivers/video/udlfb.c -index 86d449e..8e04dc5 100644 +index ec03e72..f578436 100644 --- a/drivers/video/udlfb.c +++ b/drivers/video/udlfb.c -@@ -619,11 +619,11 @@ int dlfb_handle_damage(struct dlfb_data *dev, int x, int y, +@@ -623,11 +623,11 @@ int dlfb_handle_damage(struct dlfb_data *dev, int x, int y, dlfb_urb_completion(urb); error: @@ -47479,7 +49946,7 @@ index 86d449e..8e04dc5 100644 >> 10)), /* Kcycles */ &dev->cpu_kcycles_used); -@@ -744,11 +744,11 @@ static void dlfb_dpy_deferred_io(struct fb_info *info, +@@ -748,11 +748,11 @@ static void dlfb_dpy_deferred_io(struct fb_info *info, dlfb_urb_completion(urb); error: @@ -47495,7 +49962,7 @@ index 86d449e..8e04dc5 100644 >> 10)), /* Kcycles */ &dev->cpu_kcycles_used); } -@@ -989,7 +989,9 @@ static int dlfb_ops_release(struct fb_info *info, int user) +@@ -993,7 +993,9 @@ static int dlfb_ops_release(struct fb_info *info, int user) fb_deferred_io_cleanup(info); kfree(info->fbdefio); info->fbdefio = NULL; @@ -47506,7 +49973,7 @@ index 86d449e..8e04dc5 100644 } pr_warn("released /dev/fb%d user=%d count=%d\n", -@@ -1372,7 +1374,7 @@ static ssize_t metrics_bytes_rendered_show(struct device *fbdev, +@@ -1376,7 +1378,7 @@ static ssize_t metrics_bytes_rendered_show(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; return snprintf(buf, PAGE_SIZE, "%u\n", @@ -47515,7 +49982,7 @@ index 86d449e..8e04dc5 100644 } static ssize_t metrics_bytes_identical_show(struct device *fbdev, -@@ -1380,7 +1382,7 @@ static ssize_t metrics_bytes_identical_show(struct device *fbdev, +@@ -1384,7 +1386,7 @@ static ssize_t metrics_bytes_identical_show(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; return snprintf(buf, PAGE_SIZE, "%u\n", @@ -47524,7 +49991,7 @@ index 86d449e..8e04dc5 100644 } static ssize_t metrics_bytes_sent_show(struct device *fbdev, -@@ -1388,7 +1390,7 @@ static ssize_t metrics_bytes_sent_show(struct device *fbdev, +@@ -1392,7 +1394,7 @@ static ssize_t metrics_bytes_sent_show(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; return snprintf(buf, PAGE_SIZE, "%u\n", @@ -47533,7 +50000,7 @@ index 86d449e..8e04dc5 100644 } static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev, -@@ -1396,7 +1398,7 @@ static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev, +@@ -1400,7 +1402,7 @@ static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; return snprintf(buf, PAGE_SIZE, "%u\n", @@ -47542,7 +50009,7 @@ index 86d449e..8e04dc5 100644 } static ssize_t edid_show( -@@ -1456,10 +1458,10 @@ static ssize_t metrics_reset_store(struct device *fbdev, +@@ -1460,10 +1462,10 @@ static ssize_t metrics_reset_store(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; @@ -47558,7 +50025,7 @@ index 86d449e..8e04dc5 100644 return count; } diff --git a/drivers/video/uvesafb.c b/drivers/video/uvesafb.c -index d428445..79a78df 100644 +index e328a61..1b08ecb 100644 --- a/drivers/video/uvesafb.c +++ b/drivers/video/uvesafb.c @@ -19,6 +19,7 @@ @@ -47823,10 +50290,10 @@ index fef20db..d28b1ab 100644 return -ENOMEM; return 0; diff --git a/fs/9p/vfs_addr.c b/fs/9p/vfs_addr.c -index 0ad61c6..f198bd7 100644 +index 055562c..fdfb10d 100644 --- a/fs/9p/vfs_addr.c +++ b/fs/9p/vfs_addr.c -@@ -185,7 +185,7 @@ static int v9fs_vfs_writepage_locked(struct page *page) +@@ -186,7 +186,7 @@ static int v9fs_vfs_writepage_locked(struct page *page) retval = v9fs_file_write_internal(inode, v9inode->writeback_fid, @@ -47849,10 +50316,10 @@ index d86edc8..40ff2fb 100644 p9_debug(P9_DEBUG_VFS, " %s %s\n", dentry->d_name.name, IS_ERR(s) ? "" : s); diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt -index 0efd152..b5802ad 100644 +index 370b24c..ff0be7b 100644 --- a/fs/Kconfig.binfmt +++ b/fs/Kconfig.binfmt -@@ -89,7 +89,7 @@ config HAVE_AOUT +@@ -103,7 +103,7 @@ config HAVE_AOUT config BINFMT_AOUT tristate "Kernel support for a.out and ECOFF binaries" @@ -47862,10 +50329,10 @@ index 0efd152..b5802ad 100644 A.out (Assembler.OUTput) is a set of formats for libraries and executables used in the earliest versions of UNIX. Linux used diff --git a/fs/aio.c b/fs/aio.c -index 1dc8786..d3b29e8 100644 +index 2bbcacf..8614116 100644 --- a/fs/aio.c +++ b/fs/aio.c -@@ -111,7 +111,7 @@ static int aio_setup_ring(struct kioctx *ctx) +@@ -160,7 +160,7 @@ static int aio_setup_ring(struct kioctx *ctx) size += sizeof(struct io_event) * nr_events; nr_pages = (size + PAGE_SIZE-1) >> PAGE_SHIFT; @@ -47874,39 +50341,39 @@ index 1dc8786..d3b29e8 100644 return -EINVAL; nr_events = (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeof(struct io_event); -@@ -1375,18 +1375,19 @@ static ssize_t aio_fsync(struct kiocb *iocb) - static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat) +@@ -950,6 +950,7 @@ static ssize_t aio_rw_vect_retry(struct kiocb *iocb, int rw, aio_rw_op *rw_op) + static ssize_t aio_setup_vectored_rw(int rw, struct kiocb *kiocb, bool compat) { ssize_t ret; + struct iovec iovstack; - #ifdef CONFIG_COMPAT + kiocb->ki_nr_segs = kiocb->ki_nbytes; + +@@ -957,17 +958,22 @@ static ssize_t aio_setup_vectored_rw(int rw, struct kiocb *kiocb, bool compat) if (compat) - ret = compat_rw_copy_check_uvector(type, + ret = compat_rw_copy_check_uvector(rw, (struct compat_iovec __user *)kiocb->ki_buf, -- kiocb->ki_nbytes, 1, &kiocb->ki_inline_vec, -+ kiocb->ki_nbytes, 1, &iovstack, +- kiocb->ki_nr_segs, 1, &kiocb->ki_inline_vec, ++ kiocb->ki_nr_segs, 1, &iovstack, &kiocb->ki_iovec); else #endif - ret = rw_copy_check_uvector(type, + ret = rw_copy_check_uvector(rw, (struct iovec __user *)kiocb->ki_buf, -- kiocb->ki_nbytes, 1, &kiocb->ki_inline_vec, -+ kiocb->ki_nbytes, 1, &iovstack, +- kiocb->ki_nr_segs, 1, &kiocb->ki_inline_vec, ++ kiocb->ki_nr_segs, 1, &iovstack, &kiocb->ki_iovec); if (ret < 0) - goto out; -@@ -1395,6 +1396,10 @@ static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat) - if (ret < 0) - goto out; + return ret; + if (kiocb->ki_iovec == &iovstack) { + kiocb->ki_inline_vec = iovstack; + kiocb->ki_iovec = &kiocb->ki_inline_vec; + } - kiocb->ki_nr_segs = kiocb->ki_nbytes; - kiocb->ki_cur_seg = 0; - /* ki_nbytes/left now reflect bytes instead of segs */ ++ + /* ki_nbytes now reflect bytes instead of segs */ + kiocb->ki_nbytes = ret; + return 0; diff --git a/fs/attr.c b/fs/attr.c index 1449adb..a2038c2 100644 --- a/fs/attr.c @@ -47979,7 +50446,7 @@ index 2722387..c8dd2a7 100644 { if (BEFS_SB(sb)->byte_order == BEFS_BYTESEX_LE) diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c -index 8615ee8..388ed68 100644 +index f95dddc..b1e2c1c 100644 --- a/fs/befs/linuxvfs.c +++ b/fs/befs/linuxvfs.c @@ -510,7 +510,7 @@ static void befs_put_link(struct dentry *dentry, struct nameidata *nd, void *p) @@ -47992,7 +50459,7 @@ index 8615ee8..388ed68 100644 kfree(link); } diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c -index bbc8f88..7c7ac97 100644 +index bce8769..7fc7544 100644 --- a/fs/binfmt_aout.c +++ b/fs/binfmt_aout.c @@ -16,6 +16,7 @@ @@ -48012,7 +50479,7 @@ index bbc8f88..7c7ac97 100644 fs = get_fs(); set_fs(KERNEL_DS); has_dumped = 1; -@@ -70,10 +73,12 @@ static int aout_core_dump(struct coredump_params *cprm) +@@ -69,10 +72,12 @@ static int aout_core_dump(struct coredump_params *cprm) /* If the size of the dump file exceeds the rlimit, then see what would happen if we wrote the stack, but not the data area. */ @@ -48025,7 +50492,7 @@ index bbc8f88..7c7ac97 100644 if ((dump.u_ssize + 1) * PAGE_SIZE > cprm->limit) dump.u_ssize = 0; -@@ -234,6 +239,8 @@ static int load_aout_binary(struct linux_binprm * bprm) +@@ -233,6 +238,8 @@ static int load_aout_binary(struct linux_binprm * bprm) rlim = rlimit(RLIMIT_DATA); if (rlim >= RLIM_INFINITY) rlim = ~0; @@ -48034,7 +50501,7 @@ index bbc8f88..7c7ac97 100644 if (ex.a_data + ex.a_bss > rlim) return -ENOMEM; -@@ -268,6 +275,27 @@ static int load_aout_binary(struct linux_binprm * bprm) +@@ -267,6 +274,27 @@ static int load_aout_binary(struct linux_binprm * bprm) install_exec_creds(bprm); @@ -48062,7 +50529,7 @@ index bbc8f88..7c7ac97 100644 if (N_MAGIC(ex) == OMAGIC) { unsigned long text_addr, map_size; loff_t pos; -@@ -333,7 +361,7 @@ static int load_aout_binary(struct linux_binprm * bprm) +@@ -324,7 +352,7 @@ static int load_aout_binary(struct linux_binprm * bprm) } error = vm_mmap(bprm->file, N_DATADDR(ex), ex.a_data, @@ -48072,7 +50539,7 @@ index bbc8f88..7c7ac97 100644 fd_offset + ex.a_text); if (error != N_DATADDR(ex)) { diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 86af964..5d53bf6 100644 +index f8a0b0e..6f036ed 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -34,6 +34,7 @@ @@ -48083,18 +50550,22 @@ index 86af964..5d53bf6 100644 #include #include #include -@@ -60,6 +61,10 @@ static int elf_core_dump(struct coredump_params *cprm); +@@ -60,6 +61,14 @@ static int elf_core_dump(struct coredump_params *cprm); #define elf_core_dump NULL #endif +#ifdef CONFIG_PAX_MPROTECT +static void elf_handle_mprotect(struct vm_area_struct *vma, unsigned long newflags); +#endif ++ ++#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG ++static void elf_handle_mmap(struct file *file); ++#endif + #if ELF_EXEC_PAGESIZE > PAGE_SIZE #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE #else -@@ -79,6 +84,11 @@ static struct linux_binfmt elf_format = { +@@ -79,6 +88,15 @@ static struct linux_binfmt elf_format = { .load_binary = load_elf_binary, .load_shlib = load_elf_library, .core_dump = elf_core_dump, @@ -48102,11 +50573,15 @@ index 86af964..5d53bf6 100644 +#ifdef CONFIG_PAX_MPROTECT + .handle_mprotect= elf_handle_mprotect, +#endif ++ ++#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG ++ .handle_mmap = elf_handle_mmap, ++#endif + .min_coredump = ELF_EXEC_PAGESIZE, }; -@@ -86,6 +96,8 @@ static struct linux_binfmt elf_format = { +@@ -86,6 +104,8 @@ static struct linux_binfmt elf_format = { static int set_brk(unsigned long start, unsigned long end) { @@ -48115,7 +50590,7 @@ index 86af964..5d53bf6 100644 start = ELF_PAGEALIGN(start); end = ELF_PAGEALIGN(end); if (end > start) { -@@ -94,7 +106,7 @@ static int set_brk(unsigned long start, unsigned long end) +@@ -94,7 +114,7 @@ static int set_brk(unsigned long start, unsigned long end) if (BAD_ADDR(addr)) return addr; } @@ -48124,7 +50599,7 @@ index 86af964..5d53bf6 100644 return 0; } -@@ -155,12 +167,13 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, +@@ -155,12 +175,13 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, elf_addr_t __user *u_rand_bytes; const char *k_platform = ELF_PLATFORM; const char *k_base_platform = ELF_BASE_PLATFORM; @@ -48139,22 +50614,22 @@ index 86af964..5d53bf6 100644 /* * In some cases (e.g. Hyper-Threading), we want to avoid L1 -@@ -202,8 +215,12 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, +@@ -202,8 +223,12 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, * Generate 16 random bytes for userspace PRNG seeding. */ get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes)); - u_rand_bytes = (elf_addr_t __user *) - STACK_ALLOC(p, sizeof(k_rand_bytes)); -+ srandom32(k_rand_bytes[0] ^ random32()); -+ srandom32(k_rand_bytes[1] ^ random32()); -+ srandom32(k_rand_bytes[2] ^ random32()); -+ srandom32(k_rand_bytes[3] ^ random32()); ++ prandom_seed(k_rand_bytes[0] ^ prandom_u32()); ++ prandom_seed(k_rand_bytes[1] ^ prandom_u32()); ++ prandom_seed(k_rand_bytes[2] ^ prandom_u32()); ++ prandom_seed(k_rand_bytes[3] ^ prandom_u32()); + p = STACK_ROUND(p, sizeof(k_rand_bytes)); + u_rand_bytes = (elf_addr_t __user *) p; if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes))) return -EFAULT; -@@ -315,9 +332,11 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, +@@ -318,9 +343,11 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, return -EFAULT; current->mm->env_end = p; @@ -48167,7 +50642,7 @@ index 86af964..5d53bf6 100644 return -EFAULT; return 0; } -@@ -385,15 +404,14 @@ static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr) +@@ -388,15 +415,14 @@ static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr) an ELF header */ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, @@ -48186,7 +50661,7 @@ index 86af964..5d53bf6 100644 unsigned long total_size; int retval, i, size; -@@ -439,6 +457,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, +@@ -442,6 +468,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, goto out_close; } @@ -48198,7 +50673,7 @@ index 86af964..5d53bf6 100644 eppnt = elf_phdata; for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) { if (eppnt->p_type == PT_LOAD) { -@@ -462,8 +485,6 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, +@@ -465,8 +496,6 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, map_addr = elf_map(interpreter, load_addr + vaddr, eppnt, elf_prot, elf_type, total_size); total_size = 0; @@ -48207,7 +50682,7 @@ index 86af964..5d53bf6 100644 error = map_addr; if (BAD_ADDR(map_addr)) goto out_close; -@@ -482,8 +503,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, +@@ -485,8 +514,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, k = load_addr + eppnt->p_vaddr; if (BAD_ADDR(k) || eppnt->p_filesz > eppnt->p_memsz || @@ -48218,7 +50693,7 @@ index 86af964..5d53bf6 100644 error = -ENOMEM; goto out_close; } -@@ -535,6 +556,315 @@ out: +@@ -538,6 +567,315 @@ out: return error; } @@ -48534,7 +51009,7 @@ index 86af964..5d53bf6 100644 /* * These are the functions used to load ELF style executables and shared * libraries. There is no binary dependent code anywhere else. -@@ -551,6 +881,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) +@@ -554,6 +892,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) { unsigned int random_variable = 0; @@ -48546,7 +51021,7 @@ index 86af964..5d53bf6 100644 if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) { random_variable = get_random_int() & STACK_RND_MASK; -@@ -569,7 +904,7 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -572,7 +915,7 @@ static int load_elf_binary(struct linux_binprm *bprm) unsigned long load_addr = 0, load_bias = 0; int load_addr_set = 0; char * elf_interpreter = NULL; @@ -48555,7 +51030,7 @@ index 86af964..5d53bf6 100644 struct elf_phdr *elf_ppnt, *elf_phdata; unsigned long elf_bss, elf_brk; int retval, i; -@@ -579,12 +914,12 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -582,12 +925,12 @@ static int load_elf_binary(struct linux_binprm *bprm) unsigned long start_code, end_code, start_data, end_data; unsigned long reloc_func_desc __maybe_unused = 0; int executable_stack = EXSTACK_DEFAULT; @@ -48569,7 +51044,7 @@ index 86af964..5d53bf6 100644 loc = kmalloc(sizeof(*loc), GFP_KERNEL); if (!loc) { -@@ -720,11 +1055,81 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -723,11 +1066,81 @@ static int load_elf_binary(struct linux_binprm *bprm) goto out_free_dentry; /* OK, This is the point of no return */ @@ -48652,7 +51127,7 @@ index 86af964..5d53bf6 100644 if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; -@@ -815,6 +1220,20 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -819,6 +1232,20 @@ static int load_elf_binary(struct linux_binprm *bprm) #else load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); #endif @@ -48673,7 +51148,7 @@ index 86af964..5d53bf6 100644 } error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, -@@ -847,9 +1266,9 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -851,9 +1278,9 @@ static int load_elf_binary(struct linux_binprm *bprm) * allowed task size. Note that p_filesz must always be * <= p_memsz so it is only necessary to check p_memsz. */ @@ -48686,7 +51161,7 @@ index 86af964..5d53bf6 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -888,17 +1307,45 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -892,17 +1319,45 @@ static int load_elf_binary(struct linux_binprm *bprm) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -48738,7 +51213,7 @@ index 86af964..5d53bf6 100644 load_bias); if (!IS_ERR((void *)elf_entry)) { /* -@@ -1120,7 +1567,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) +@@ -1124,7 +1579,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -48747,7 +51222,7 @@ index 86af964..5d53bf6 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1158,7 +1605,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1162,7 +1617,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -48756,7 +51231,7 @@ index 86af964..5d53bf6 100644 goto whole; /* -@@ -1383,9 +1830,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1387,9 +1842,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -48768,7 +51243,7 @@ index 86af964..5d53bf6 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1394,7 +1841,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, +@@ -1398,7 +1853,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, { mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -48777,7 +51252,7 @@ index 86af964..5d53bf6 100644 set_fs(old_fs); fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata); } -@@ -2015,14 +2462,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -2019,14 +2474,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -48794,7 +51269,7 @@ index 86af964..5d53bf6 100644 return size; } -@@ -2116,7 +2563,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2119,7 +2574,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -48803,7 +51278,7 @@ index 86af964..5d53bf6 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -2130,10 +2577,12 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2133,10 +2588,12 @@ static int elf_core_dump(struct coredump_params *cprm) offset = dataoff; size += sizeof(*elf); @@ -48816,7 +51291,7 @@ index 86af964..5d53bf6 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -2147,7 +2596,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2150,7 +2607,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -48825,7 +51300,7 @@ index 86af964..5d53bf6 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2158,6 +2607,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2161,6 +2618,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_align = ELF_EXEC_PAGESIZE; size += sizeof(phdr); @@ -48833,7 +51308,7 @@ index 86af964..5d53bf6 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2182,7 +2632,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2185,7 +2643,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -48842,7 +51317,7 @@ index 86af964..5d53bf6 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2191,6 +2641,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2194,6 +2652,7 @@ static int elf_core_dump(struct coredump_params *cprm) page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -48850,7 +51325,7 @@ index 86af964..5d53bf6 100644 stop = ((size += PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2208,6 +2659,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2211,6 +2670,7 @@ static int elf_core_dump(struct coredump_params *cprm) if (e_phnum == PN_XNUM) { size += sizeof(*shdr4extnum); @@ -48858,7 +51333,7 @@ index 86af964..5d53bf6 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2228,6 +2680,97 @@ out: +@@ -2231,6 +2691,167 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -48878,7 +51353,7 @@ index 86af964..5d53bf6 100644 + unsigned long oldflags; + bool is_textrel_rw, is_textrel_rx, is_relro; + -+ if (!(vma->vm_mm->pax_flags & MF_PAX_MPROTECT)) ++ if (!(vma->vm_mm->pax_flags & MF_PAX_MPROTECT) || !vma->vm_file) + return; + + oldflags = vma->vm_flags & (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_EXEC | VM_WRITE | VM_READ); @@ -48886,15 +51361,15 @@ index 86af964..5d53bf6 100644 + +#ifdef CONFIG_PAX_ELFRELOCS + /* possible TEXTREL */ -+ is_textrel_rw = vma->vm_file && !vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYREAD | VM_EXEC | VM_READ) && newflags == (VM_WRITE | VM_READ); -+ is_textrel_rx = vma->vm_file && vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_WRITE | VM_READ) && newflags == (VM_EXEC | VM_READ); ++ is_textrel_rw = !vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYREAD | VM_EXEC | VM_READ) && newflags == (VM_WRITE | VM_READ); ++ is_textrel_rx = vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_WRITE | VM_READ) && newflags == (VM_EXEC | VM_READ); +#else + is_textrel_rw = false; + is_textrel_rx = false; +#endif + + /* possible RELRO */ -+ is_relro = vma->vm_file && vma->anon_vma && oldflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ) && newflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ); ++ is_relro = vma->anon_vma && oldflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ) && newflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ); + + if (!is_textrel_rw && !is_textrel_rx && !is_relro) + return; @@ -48926,9 +51401,9 @@ index 86af964..5d53bf6 100644 + elf_dyn dyn; + + if (sizeof(dyn) != kernel_read(vma->vm_file, elf_p.p_offset + i*sizeof(dyn), (char *)&dyn, sizeof(dyn))) -+ return; ++ break; + if (dyn.d_tag == DT_NULL) -+ return; ++ break; + if (dyn.d_tag == DT_TEXTREL || (dyn.d_tag == DT_FLAGS && (dyn.d_un.d_val & DF_TEXTREL))) { + gr_log_textrel(vma); + if (is_textrel_rw) @@ -48936,31 +51411,101 @@ index 86af964..5d53bf6 100644 + else + /* PaX: disallow write access after relocs are done, hopefully noone else needs it... */ + vma->vm_flags &= ~VM_MAYWRITE; -+ return; ++ break; + } + i++; + } -+ return; ++ is_textrel_rw = false; ++ is_textrel_rx = false; ++ continue; + + case PT_GNU_RELRO: + if (!is_relro) + continue; + if ((elf_p.p_offset >> PAGE_SHIFT) == vma->vm_pgoff && ELF_PAGEALIGN(elf_p.p_memsz) == vma->vm_end - vma->vm_start) + vma->vm_flags &= ~VM_MAYWRITE; -+ return; ++ is_relro = false; ++ continue; ++ ++#ifdef CONFIG_PAX_PT_PAX_FLAGS ++ case PT_PAX_FLAGS: { ++ const char *msg_mprotect = "", *msg_emutramp = ""; ++ char *buffer_lib, *buffer_exe; ++ ++ if (elf_p.p_flags & PF_NOMPROTECT) ++ msg_mprotect = "MPROTECT disabled"; ++ ++#ifdef CONFIG_PAX_EMUTRAMP ++ if (!(vma->vm_mm->pax_flags & MF_PAX_EMUTRAMP) && !(elf_p.p_flags & PF_NOEMUTRAMP)) ++ msg_emutramp = "EMUTRAMP enabled"; ++#endif ++ ++ if (!msg_mprotect[0] && !msg_emutramp[0]) ++ continue; ++ ++ if (!printk_ratelimit()) ++ continue; ++ ++ buffer_lib = (char *)__get_free_page(GFP_KERNEL); ++ buffer_exe = (char *)__get_free_page(GFP_KERNEL); ++ if (buffer_lib && buffer_exe) { ++ char *path_lib, *path_exe; ++ ++ path_lib = pax_get_path(&vma->vm_file->f_path, buffer_lib, PAGE_SIZE); ++ path_exe = pax_get_path(&vma->vm_mm->exe_file->f_path, buffer_exe, PAGE_SIZE); ++ ++ pr_info("PAX: %s wants %s%s%s on %s\n", path_lib, msg_mprotect, ++ (msg_mprotect[0] && msg_emutramp[0] ? " and " : ""), msg_emutramp, path_exe); ++ ++ } ++ free_page((unsigned long)buffer_exe); ++ free_page((unsigned long)buffer_lib); ++ continue; ++ } ++#endif ++ + } + } +} +#endif ++ ++#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG ++ ++extern int grsec_enable_log_rwxmaps; ++ ++static void elf_handle_mmap(struct file *file) ++{ ++ struct elfhdr elf_h; ++ struct elf_phdr elf_p; ++ unsigned long i; ++ ++ if (!grsec_enable_log_rwxmaps) ++ return; ++ ++ if (sizeof(elf_h) != kernel_read(file, 0UL, (char *)&elf_h, sizeof(elf_h)) || ++ memcmp(elf_h.e_ident, ELFMAG, SELFMAG) || ++ (elf_h.e_type != ET_DYN && elf_h.e_type != ET_EXEC) || !elf_check_arch(&elf_h) || ++ elf_h.e_phentsize != sizeof(struct elf_phdr) || ++ elf_h.e_phnum > 65536UL / sizeof(struct elf_phdr)) ++ return; ++ ++ for (i = 0UL; i < elf_h.e_phnum; i++) { ++ if (sizeof(elf_p) != kernel_read(file, elf_h.e_phoff + i*sizeof(elf_p), (char *)&elf_p, sizeof(elf_p))) ++ return; ++ if (elf_p.p_type == PT_GNU_STACK && (elf_p.p_flags & PF_X)) ++ gr_log_ptgnustack(file); ++ } ++} ++#endif + static int __init init_elf_binfmt(void) { register_binfmt(&elf_format); diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c -index 2036d21..b0430d0 100644 +index d50bbe5..af3b649 100644 --- a/fs/binfmt_flat.c +++ b/fs/binfmt_flat.c -@@ -562,7 +562,9 @@ static int load_flat_file(struct linux_binprm * bprm, +@@ -566,7 +566,9 @@ static int load_flat_file(struct linux_binprm * bprm, realdatastart = (unsigned long) -ENOMEM; printk("Unable to allocate RAM for process data, errno %d\n", (int)-realdatastart); @@ -48970,7 +51515,7 @@ index 2036d21..b0430d0 100644 ret = realdatastart; goto err; } -@@ -586,8 +588,10 @@ static int load_flat_file(struct linux_binprm * bprm, +@@ -590,8 +592,10 @@ static int load_flat_file(struct linux_binprm * bprm, } if (IS_ERR_VALUE(result)) { printk("Unable to read data+bss, errno %d\n", (int)-result); @@ -48981,7 +51526,7 @@ index 2036d21..b0430d0 100644 ret = result; goto err; } -@@ -654,8 +658,10 @@ static int load_flat_file(struct linux_binprm * bprm, +@@ -653,8 +657,10 @@ static int load_flat_file(struct linux_binprm * bprm, } if (IS_ERR_VALUE(result)) { printk("Unable to read code+data+bss, errno %d\n",(int)-result); @@ -48993,10 +51538,10 @@ index 2036d21..b0430d0 100644 goto err; } diff --git a/fs/bio.c b/fs/bio.c -index b96fc6c..431d628 100644 +index 94bbc04..6fe78a4 100644 --- a/fs/bio.c +++ b/fs/bio.c -@@ -818,7 +818,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, +@@ -1096,7 +1096,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, /* * Overflow, abort */ @@ -49005,7 +51550,7 @@ index b96fc6c..431d628 100644 return ERR_PTR(-EINVAL); nr_pages += end - start; -@@ -952,7 +952,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, +@@ -1230,7 +1230,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, /* * Overflow, abort */ @@ -49014,20 +51559,20 @@ index b96fc6c..431d628 100644 return ERR_PTR(-EINVAL); nr_pages += end - start; -@@ -1214,7 +1214,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) +@@ -1492,7 +1492,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) const int read = bio_data_dir(bio) == READ; struct bio_map_data *bmd = bio->bi_private; int i; - char *p = bmd->sgvecs[0].iov_base; + char *p = (char __force_kernel *)bmd->sgvecs[0].iov_base; - __bio_for_each_segment(bvec, bio, i, 0) { + bio_for_each_segment_all(bvec, bio, i) { char *addr = page_address(bvec->bv_page); diff --git a/fs/block_dev.c b/fs/block_dev.c -index aae187a..fd790ba 100644 +index 85f5c85..d6f0b1a 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c -@@ -652,7 +652,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole, +@@ -658,7 +658,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole, else if (bdev->bd_contains == bdev) return true; /* is a whole device which isn't held */ @@ -49037,10 +51582,10 @@ index aae187a..fd790ba 100644 else if (whole->bd_holder != NULL) return false; /* is a partition of a held device */ diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c -index ca9d8f1..8c0142d 100644 +index 7fb054b..ad36c67 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c -@@ -1036,9 +1036,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, +@@ -1076,9 +1076,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, free_extent_buffer(buf); add_root_to_dirty_list(root); } else { @@ -49057,10 +51602,10 @@ index ca9d8f1..8c0142d 100644 WARN_ON(trans->transid != btrfs_header_generation(parent)); diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c -index f49b62f..07834ab 100644 +index 0f81d67..0ad55fe 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c -@@ -3077,9 +3077,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) +@@ -3084,9 +3084,12 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) for (i = 0; i < num_types; i++) { struct btrfs_space_info *tmp; @@ -49073,7 +51618,7 @@ index f49b62f..07834ab 100644 info = NULL; rcu_read_lock(); list_for_each_entry_rcu(tmp, &root->fs_info->space_info, -@@ -3101,10 +3104,7 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) +@@ -3108,10 +3111,7 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) memcpy(dest, &space, sizeof(space)); dest++; space_args.total_spaces++; @@ -49085,11 +51630,11 @@ index f49b62f..07834ab 100644 up_read(&info->groups_sem); } diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c -index f6b8859..54fe8c5 100644 +index f0857e0..e7023c5 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c -@@ -266,7 +266,7 @@ void __btrfs_abort_transaction(struct btrfs_trans_handle *trans, - function, line, errstr); +@@ -265,7 +265,7 @@ void __btrfs_abort_transaction(struct btrfs_trans_handle *trans, + function, line, errstr); return; } - ACCESS_ONCE(trans->transaction->aborted) = errno; @@ -49097,6 +51642,19 @@ index f6b8859..54fe8c5 100644 __btrfs_std_error(root->fs_info, function, line, errno, NULL); } /* +diff --git a/fs/buffer.c b/fs/buffer.c +index d2a4d1b..df798ca 100644 +--- a/fs/buffer.c ++++ b/fs/buffer.c +@@ -3367,7 +3367,7 @@ void __init buffer_init(void) + bh_cachep = kmem_cache_create("buffer_head", + sizeof(struct buffer_head), 0, + (SLAB_RECLAIM_ACCOUNT|SLAB_PANIC| +- SLAB_MEM_SPREAD), ++ SLAB_MEM_SPREAD|SLAB_NO_SANITIZE), + NULL); + + /* diff --git a/fs/cachefiles/bind.c b/fs/cachefiles/bind.c index 622f469..e8d2d55 100644 --- a/fs/cachefiles/bind.c @@ -49239,10 +51797,10 @@ index eccd339..4c1d995 100644 return 0; diff --git a/fs/cachefiles/rdwr.c b/fs/cachefiles/rdwr.c -index 4809922..aab2c39 100644 +index 317f9ee..3d24511 100644 --- a/fs/cachefiles/rdwr.c +++ b/fs/cachefiles/rdwr.c -@@ -965,7 +965,7 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page) +@@ -966,7 +966,7 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page) old_fs = get_fs(); set_fs(KERNEL_DS); ret = file->f_op->write( @@ -49250,9 +51808,9 @@ index 4809922..aab2c39 100644 + file, (const void __force_user *) data, len, &pos); set_fs(old_fs); kunmap(page); - if (ret != len) + file_end_write(file); diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c -index 6d797f4..0ace2e5 100644 +index f02d82b..2632cf86 100644 --- a/fs/ceph/dir.c +++ b/fs/ceph/dir.c @@ -243,7 +243,7 @@ static int ceph_readdir(struct file *filp, void *dirent, filldir_t filldir) @@ -49264,11 +51822,33 @@ index 6d797f4..0ace2e5 100644 int err; u32 ftype; struct ceph_mds_reply_info_parsed *rinfo; +diff --git a/fs/ceph/super.c b/fs/ceph/super.c +index 7d377c9..3fb6559 100644 +--- a/fs/ceph/super.c ++++ b/fs/ceph/super.c +@@ -839,7 +839,7 @@ static int ceph_compare_super(struct super_block *sb, void *data) + /* + * construct our own bdi so we can control readahead, etc. + */ +-static atomic_long_t bdi_seq = ATOMIC_LONG_INIT(0); ++static atomic_long_unchecked_t bdi_seq = ATOMIC_LONG_INIT(0); + + static int ceph_register_bdi(struct super_block *sb, + struct ceph_fs_client *fsc) +@@ -856,7 +856,7 @@ static int ceph_register_bdi(struct super_block *sb, + default_backing_dev_info.ra_pages; + + err = bdi_register(&fsc->backing_dev_info, NULL, "ceph-%ld", +- atomic_long_inc_return(&bdi_seq)); ++ atomic_long_inc_return_unchecked(&bdi_seq)); + if (!err) + sb->s_bdi = &fsc->backing_dev_info; + return err; diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c -index d9ea6ed..1e6c8ac 100644 +index d597483..747901b 100644 --- a/fs/cifs/cifs_debug.c +++ b/fs/cifs/cifs_debug.c -@@ -267,8 +267,8 @@ static ssize_t cifs_stats_proc_write(struct file *file, +@@ -284,8 +284,8 @@ static ssize_t cifs_stats_proc_write(struct file *file, if (c == '1' || c == 'y' || c == 'Y' || c == '0') { #ifdef CONFIG_CIFS_STATS2 @@ -49279,7 +51859,7 @@ index d9ea6ed..1e6c8ac 100644 #endif /* CONFIG_CIFS_STATS2 */ spin_lock(&cifs_tcp_ses_lock); list_for_each(tmp1, &cifs_tcp_ses_list) { -@@ -281,7 +281,7 @@ static ssize_t cifs_stats_proc_write(struct file *file, +@@ -298,7 +298,7 @@ static ssize_t cifs_stats_proc_write(struct file *file, tcon = list_entry(tmp3, struct cifs_tcon, tcon_list); @@ -49288,7 +51868,7 @@ index d9ea6ed..1e6c8ac 100644 if (server->ops->clear_stats) server->ops->clear_stats(tcon); } -@@ -313,8 +313,8 @@ static int cifs_stats_proc_show(struct seq_file *m, void *v) +@@ -330,8 +330,8 @@ static int cifs_stats_proc_show(struct seq_file *m, void *v) smBufAllocCount.counter, cifs_min_small); #ifdef CONFIG_CIFS_STATS2 seq_printf(m, "Total Large %d Small %d Allocations\n", @@ -49299,7 +51879,7 @@ index d9ea6ed..1e6c8ac 100644 #endif /* CONFIG_CIFS_STATS2 */ seq_printf(m, "Operations (MIDs): %d\n", atomic_read(&midCount)); -@@ -343,7 +343,7 @@ static int cifs_stats_proc_show(struct seq_file *m, void *v) +@@ -360,7 +360,7 @@ static int cifs_stats_proc_show(struct seq_file *m, void *v) if (tcon->need_reconnect) seq_puts(m, "\tDISCONNECTED "); seq_printf(m, "\nSMBs: %d", @@ -49309,11 +51889,11 @@ index d9ea6ed..1e6c8ac 100644 server->ops->print_stats(m, tcon); } diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c -index 345fc89..b2acae5 100644 +index 3752b9f..8db5569 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c -@@ -1033,7 +1033,7 @@ cifs_init_request_bufs(void) - /* cERROR(1, "CIFSMaxBufSize %d 0x%x",CIFSMaxBufSize,CIFSMaxBufSize); */ +@@ -1035,7 +1035,7 @@ cifs_init_request_bufs(void) + */ cifs_req_cachep = kmem_cache_create("cifs_request", CIFSMaxBufSize + max_hdr_size, 0, - SLAB_HWCACHE_ALIGN, NULL); @@ -49321,7 +51901,7 @@ index 345fc89..b2acae5 100644 if (cifs_req_cachep == NULL) return -ENOMEM; -@@ -1060,7 +1060,7 @@ cifs_init_request_bufs(void) +@@ -1062,7 +1062,7 @@ cifs_init_request_bufs(void) efficient to alloc 1 per page off the slab compared to 17K (5page) alloc of large cifs buffers even when page debugging is on */ cifs_sm_req_cachep = kmem_cache_create("cifs_small_rq", @@ -49330,7 +51910,7 @@ index 345fc89..b2acae5 100644 NULL); if (cifs_sm_req_cachep == NULL) { mempool_destroy(cifs_req_poolp); -@@ -1145,8 +1145,8 @@ init_cifs(void) +@@ -1147,8 +1147,8 @@ init_cifs(void) atomic_set(&bufAllocCount, 0); atomic_set(&smBufAllocCount, 0); #ifdef CONFIG_CIFS_STATS2 @@ -49342,10 +51922,10 @@ index 345fc89..b2acae5 100644 atomic_set(&midCount, 0); diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h -index 4f07f6f..55de8ce 100644 +index ea3a0b3..0194e39 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h -@@ -751,35 +751,35 @@ struct cifs_tcon { +@@ -752,35 +752,35 @@ struct cifs_tcon { __u16 Flags; /* optional support bits */ enum statusEnum tidStatus; #ifdef CONFIG_CIFS_STATS @@ -49405,7 +51985,7 @@ index 4f07f6f..55de8ce 100644 } smb2_stats; #endif /* CONFIG_CIFS_SMB2 */ } stats; -@@ -1080,7 +1080,7 @@ convert_delimiter(char *path, char delim) +@@ -1081,7 +1081,7 @@ convert_delimiter(char *path, char delim) } #ifdef CONFIG_CIFS_STATS @@ -49414,7 +51994,7 @@ index 4f07f6f..55de8ce 100644 static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon, unsigned int bytes) -@@ -1445,8 +1445,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; +@@ -1446,8 +1446,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; /* Various Debug counters */ GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */ #ifdef CONFIG_CIFS_STATS2 @@ -49426,7 +52006,7 @@ index 4f07f6f..55de8ce 100644 GLOBAL_EXTERN atomic_t smBufAllocCount; GLOBAL_EXTERN atomic_t midCount; diff --git a/fs/cifs/link.c b/fs/cifs/link.c -index 9f6c4c4..8de307a 100644 +index b83c3f5..6437caa 100644 --- a/fs/cifs/link.c +++ b/fs/cifs/link.c @@ -616,7 +616,7 @@ symlink_exit: @@ -49439,7 +52019,7 @@ index 9f6c4c4..8de307a 100644 kfree(p); } diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c -index 1b15bf8..1ce489e 100644 +index 1bec014..f329411 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -169,7 +169,7 @@ cifs_buf_get(void) @@ -49461,10 +52041,10 @@ index 1b15bf8..1ce489e 100644 } diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c -index 47bc5a8..10decbe 100644 +index 3efdb9d..e845a5e 100644 --- a/fs/cifs/smb1ops.c +++ b/fs/cifs/smb1ops.c -@@ -586,27 +586,27 @@ static void +@@ -591,27 +591,27 @@ static void cifs_clear_stats(struct cifs_tcon *tcon) { #ifdef CONFIG_CIFS_STATS @@ -49513,7 +52093,7 @@ index 47bc5a8..10decbe 100644 #endif } -@@ -615,36 +615,36 @@ cifs_print_stats(struct seq_file *m, struct cifs_tcon *tcon) +@@ -620,36 +620,36 @@ cifs_print_stats(struct seq_file *m, struct cifs_tcon *tcon) { #ifdef CONFIG_CIFS_STATS seq_printf(m, " Oplocks breaks: %d", @@ -49570,7 +52150,7 @@ index 47bc5a8..10decbe 100644 } diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c -index bceffe7..cd1ae59 100644 +index f2e76f3..c44fac7 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -274,8 +274,8 @@ smb2_clear_stats(struct cifs_tcon *tcon) @@ -49692,13 +52272,13 @@ index bceffe7..cd1ae59 100644 } diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c -index 41d9d07..dbb4772 100644 +index 2b95ce2..d079d75 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c -@@ -1761,8 +1761,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, +@@ -1760,8 +1760,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, default: - cERROR(1, "info level %u isn't supported", - srch_inf->info_level); + cifs_dbg(VFS, "info level %u isn't supported\n", + srch_inf->info_level); - rc = -EINVAL; - goto qdir_exit; + return -EINVAL; @@ -49754,7 +52334,7 @@ index 1da168c..8bc7ff6 100644 return hit; diff --git a/fs/compat.c b/fs/compat.c -index d487985..c9e04b1 100644 +index fc3b55d..7b568ae 100644 --- a/fs/compat.c +++ b/fs/compat.c @@ -54,7 +54,7 @@ @@ -49766,7 +52346,7 @@ index d487985..c9e04b1 100644 int compat_printk(const char *fmt, ...) { -@@ -490,7 +490,7 @@ compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p) +@@ -488,7 +488,7 @@ compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p) set_fs(KERNEL_DS); /* The __user pointer cast is valid because of the set_fs() */ @@ -49775,7 +52355,7 @@ index d487985..c9e04b1 100644 set_fs(oldfs); /* truncating is ok because it's a user address */ if (!ret) -@@ -548,7 +548,7 @@ ssize_t compat_rw_copy_check_uvector(int type, +@@ -546,7 +546,7 @@ ssize_t compat_rw_copy_check_uvector(int type, goto out; ret = -EINVAL; @@ -49784,7 +52364,7 @@ index d487985..c9e04b1 100644 goto out; if (nr_segs > fast_segs) { ret = -ENOMEM; -@@ -835,6 +835,7 @@ struct compat_old_linux_dirent { +@@ -833,6 +833,7 @@ struct compat_old_linux_dirent { struct compat_readdir_callback { struct compat_old_linux_dirent __user *dirent; @@ -49792,7 +52372,7 @@ index d487985..c9e04b1 100644 int result; }; -@@ -852,6 +853,10 @@ static int compat_fillonedir(void *__buf, const char *name, int namlen, +@@ -850,6 +851,10 @@ static int compat_fillonedir(void *__buf, const char *name, int namlen, buf->result = -EOVERFLOW; return -EOVERFLOW; } @@ -49803,7 +52383,7 @@ index d487985..c9e04b1 100644 buf->result++; dirent = buf->dirent; if (!access_ok(VERIFY_WRITE, dirent, -@@ -882,6 +887,7 @@ asmlinkage long compat_sys_old_readdir(unsigned int fd, +@@ -880,6 +885,7 @@ asmlinkage long compat_sys_old_readdir(unsigned int fd, buf.result = 0; buf.dirent = dirent; @@ -49811,7 +52391,7 @@ index d487985..c9e04b1 100644 error = vfs_readdir(f.file, compat_fillonedir, &buf); if (buf.result) -@@ -901,6 +907,7 @@ struct compat_linux_dirent { +@@ -899,6 +905,7 @@ struct compat_linux_dirent { struct compat_getdents_callback { struct compat_linux_dirent __user *current_dir; struct compat_linux_dirent __user *previous; @@ -49819,7 +52399,7 @@ index d487985..c9e04b1 100644 int count; int error; }; -@@ -922,6 +929,10 @@ static int compat_filldir(void *__buf, const char *name, int namlen, +@@ -920,6 +927,10 @@ static int compat_filldir(void *__buf, const char *name, int namlen, buf->error = -EOVERFLOW; return -EOVERFLOW; } @@ -49830,7 +52410,7 @@ index d487985..c9e04b1 100644 dirent = buf->previous; if (dirent) { if (__put_user(offset, &dirent->d_off)) -@@ -967,6 +978,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd, +@@ -965,6 +976,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd, buf.previous = NULL; buf.count = count; buf.error = 0; @@ -49838,7 +52418,7 @@ index d487985..c9e04b1 100644 error = vfs_readdir(f.file, compat_filldir, &buf); if (error >= 0) -@@ -987,6 +999,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd, +@@ -985,6 +997,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd, struct compat_getdents_callback64 { struct linux_dirent64 __user *current_dir; struct linux_dirent64 __user *previous; @@ -49846,7 +52426,7 @@ index d487985..c9e04b1 100644 int count; int error; }; -@@ -1003,6 +1016,10 @@ static int compat_filldir64(void * __buf, const char * name, int namlen, loff_t +@@ -1001,6 +1014,10 @@ static int compat_filldir64(void * __buf, const char * name, int namlen, loff_t buf->error = -EINVAL; /* only used if we fail.. */ if (reclen > buf->count) return -EINVAL; @@ -49857,7 +52437,7 @@ index d487985..c9e04b1 100644 dirent = buf->previous; if (dirent) { -@@ -1052,13 +1069,14 @@ asmlinkage long compat_sys_getdents64(unsigned int fd, +@@ -1050,13 +1067,14 @@ asmlinkage long compat_sys_getdents64(unsigned int fd, buf.previous = NULL; buf.count = count; buf.error = 0; @@ -49892,10 +52472,10 @@ index a81147e..20bf2b5 100644 /* diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c -index 3ced75f..b28d192 100644 +index 996cdc5..15e2f33 100644 --- a/fs/compat_ioctl.c +++ b/fs/compat_ioctl.c -@@ -623,7 +623,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd, +@@ -622,7 +622,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd, return -EFAULT; if (__get_user(udata, &ss32->iomem_base)) return -EFAULT; @@ -49904,7 +52484,7 @@ index 3ced75f..b28d192 100644 if (__get_user(ss.iomem_reg_shift, &ss32->iomem_reg_shift) || __get_user(ss.port_high, &ss32->port_high)) return -EFAULT; -@@ -704,8 +704,8 @@ static int do_i2c_rdwr_ioctl(unsigned int fd, unsigned int cmd, +@@ -703,8 +703,8 @@ static int do_i2c_rdwr_ioctl(unsigned int fd, unsigned int cmd, for (i = 0; i < nmsgs; i++) { if (copy_in_user(&tmsgs[i].addr, &umsgs[i].addr, 3*sizeof(u16))) return -EFAULT; @@ -49915,7 +52495,7 @@ index 3ced75f..b28d192 100644 return -EFAULT; } return sys_ioctl(fd, cmd, (unsigned long)tdata); -@@ -798,7 +798,7 @@ static int compat_ioctl_preallocate(struct file *file, +@@ -797,7 +797,7 @@ static int compat_ioctl_preallocate(struct file *file, copy_in_user(&p->l_len, &p32->l_len, sizeof(s64)) || copy_in_user(&p->l_sysid, &p32->l_sysid, sizeof(s32)) || copy_in_user(&p->l_pid, &p32->l_pid, sizeof(u32)) || @@ -49924,7 +52504,7 @@ index 3ced75f..b28d192 100644 return -EFAULT; return ioctl_preallocate(file, p); -@@ -1620,8 +1620,8 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, unsigned int cmd, +@@ -1619,8 +1619,8 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, unsigned int cmd, static int __init init_sys32_ioctl_cmp(const void *p, const void *q) { unsigned int a, b; @@ -49964,7 +52544,7 @@ index 7aabc6a..34c1197 100644 /* * We'll have a dentry and an inode for diff --git a/fs/coredump.c b/fs/coredump.c -index c647965..a77bff3 100644 +index dafafba..10b3b27 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -52,7 +52,7 @@ struct core_name { @@ -49994,40 +52574,43 @@ index c647965..a77bff3 100644 cn->corename = kmalloc(cn->size, GFP_KERNEL); cn->used = 0; -@@ -414,17 +414,17 @@ static void wait_for_dump_helpers(struct file *file) - pipe = file_inode(file)->i_pipe; +@@ -435,8 +435,8 @@ static void wait_for_dump_helpers(struct file *file) + struct pipe_inode_info *pipe = file->private_data; pipe_lock(pipe); - pipe->readers++; - pipe->writers--; + atomic_inc(&pipe->readers); + atomic_dec(&pipe->writers); + wake_up_interruptible_sync(&pipe->wait); + kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); + pipe_unlock(pipe); +@@ -445,11 +445,11 @@ static void wait_for_dump_helpers(struct file *file) + * We actually want wait_event_freezable() but then we need + * to clear TIF_SIGPENDING and improve dump_interrupted(). + */ +- wait_event_interruptible(pipe->wait, pipe->readers == 1); ++ wait_event_interruptible(pipe->wait, atomic_read(&pipe->readers) == 1); -- while ((pipe->readers > 1) && (!signal_pending(current))) { -+ while ((atomic_read(&pipe->readers) > 1) && (!signal_pending(current))) { - wake_up_interruptible_sync(&pipe->wait); - kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); - pipe_wait(pipe); - } - + pipe_lock(pipe); - pipe->readers--; - pipe->writers++; + atomic_dec(&pipe->readers); + atomic_inc(&pipe->writers); pipe_unlock(pipe); - } -@@ -471,7 +471,8 @@ void do_coredump(siginfo_t *siginfo) - int ispipe; + +@@ -496,7 +496,8 @@ void do_coredump(siginfo_t *siginfo) struct files_struct *displaced; bool need_nonrelative = false; + bool core_dumped = false; - static atomic_t core_dump_count = ATOMIC_INIT(0); + static atomic_unchecked_t core_dump_count = ATOMIC_INIT(0); + long signr = siginfo->si_signo; struct coredump_params cprm = { .siginfo = siginfo, .regs = signal_pt_regs(), -@@ -484,7 +485,10 @@ void do_coredump(siginfo_t *siginfo) +@@ -509,7 +510,10 @@ void do_coredump(siginfo_t *siginfo) .mm_flags = mm->flags, }; @@ -50039,7 +52622,7 @@ index c647965..a77bff3 100644 binfmt = mm->binfmt; if (!binfmt || !binfmt->core_dump) -@@ -508,7 +512,7 @@ void do_coredump(siginfo_t *siginfo) +@@ -533,7 +537,7 @@ void do_coredump(siginfo_t *siginfo) need_nonrelative = true; } @@ -50048,7 +52631,7 @@ index c647965..a77bff3 100644 if (retval < 0) goto fail_creds; -@@ -556,7 +560,7 @@ void do_coredump(siginfo_t *siginfo) +@@ -576,7 +580,7 @@ void do_coredump(siginfo_t *siginfo) } cprm.limit = RLIM_INFINITY; @@ -50057,7 +52640,7 @@ index c647965..a77bff3 100644 if (core_pipe_limit && (core_pipe_limit < dump_count)) { printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", task_tgid_vnr(current), current->comm); -@@ -583,6 +587,8 @@ void do_coredump(siginfo_t *siginfo) +@@ -608,6 +612,8 @@ void do_coredump(siginfo_t *siginfo) } else { struct inode *inode; @@ -50066,7 +52649,7 @@ index c647965..a77bff3 100644 if (cprm.limit < binfmt->min_coredump) goto fail_unlock; -@@ -640,7 +646,7 @@ close_fail: +@@ -666,7 +672,7 @@ close_fail: filp_close(cprm.file, NULL); fail_dropcount: if (ispipe) @@ -50075,30 +52658,31 @@ index c647965..a77bff3 100644 fail_unlock: kfree(cn.corename); fail_corename: -@@ -659,7 +665,7 @@ fail: - */ - int dump_write(struct file *file, const void *addr, int nr) +@@ -687,7 +693,7 @@ int dump_write(struct file *file, const void *addr, int nr) { -- return access_ok(VERIFY_READ, addr, nr) && file->f_op->write(file, addr, nr, &file->f_pos) == nr; -+ return access_ok(VERIFY_READ, addr, nr) && file->f_op->write(file, (const char __force_user *)addr, nr, &file->f_pos) == nr; + return !dump_interrupted() && + access_ok(VERIFY_READ, addr, nr) && +- file->f_op->write(file, addr, nr, &file->f_pos) == nr; ++ file->f_op->write(file, (const char __force_user *)addr, nr, &file->f_pos) == nr; } EXPORT_SYMBOL(dump_write); diff --git a/fs/dcache.c b/fs/dcache.c -index e689268..f36956e 100644 +index f09b908..04b9690 100644 --- a/fs/dcache.c +++ b/fs/dcache.c -@@ -3100,7 +3100,7 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -3086,7 +3086,8 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, - SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); -+ SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_USERCOPY, NULL); ++ SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_USERCOPY| ++ SLAB_NO_SANITIZE, NULL); dcache_init(); inode_init(); diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c -index 4888cb3..e0f7cf8 100644 +index c7c83ff..bda9461 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c @@ -415,7 +415,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); @@ -50148,21 +52732,8 @@ index e4141f2..d8263e8 100644 goto out_unlock_msg_ctx; i += packet_length_size; if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) -diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c -index 6a16053..2155147 100644 ---- a/fs/ecryptfs/read_write.c -+++ b/fs/ecryptfs/read_write.c -@@ -240,7 +240,7 @@ int ecryptfs_read_lower(char *data, loff_t offset, size_t size, - return -EIO; - fs_save = get_fs(); - set_fs(get_ds()); -- rc = vfs_read(lower_file, data, size, &offset); -+ rc = vfs_read(lower_file, (char __force_user *)data, size, &offset); - set_fs(fs_save); - return rc; - } diff --git a/fs/exec.c b/fs/exec.c -index 6d56ff2..3bc6638 100644 +index 1f44670..3c84660 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -55,8 +55,20 @@ @@ -50186,7 +52757,7 @@ index 6d56ff2..3bc6638 100644 #include #include -@@ -66,6 +78,18 @@ +@@ -66,17 +78,32 @@ #include @@ -50205,7 +52776,12 @@ index 6d56ff2..3bc6638 100644 int suid_dumpable = 0; static LIST_HEAD(formats); -@@ -75,8 +99,8 @@ void __register_binfmt(struct linux_binfmt * fmt, int insert) + static DEFINE_RWLOCK(binfmt_lock); + ++extern int gr_process_kernel_exec_ban(void); ++extern int gr_process_suid_exec_ban(const struct linux_binprm *bprm); ++ + void __register_binfmt(struct linux_binfmt * fmt, int insert) { BUG_ON(!fmt); write_lock(&binfmt_lock); @@ -50216,7 +52792,7 @@ index 6d56ff2..3bc6638 100644 write_unlock(&binfmt_lock); } -@@ -85,7 +109,7 @@ EXPORT_SYMBOL(__register_binfmt); +@@ -85,7 +112,7 @@ EXPORT_SYMBOL(__register_binfmt); void unregister_binfmt(struct linux_binfmt * fmt) { write_lock(&binfmt_lock); @@ -50225,7 +52801,7 @@ index 6d56ff2..3bc6638 100644 write_unlock(&binfmt_lock); } -@@ -180,18 +204,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -180,18 +207,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, int write) { struct page *page; @@ -50247,7 +52823,7 @@ index 6d56ff2..3bc6638 100644 return NULL; if (write) { -@@ -207,6 +223,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -207,6 +226,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, if (size <= ARG_MAX) return page; @@ -50265,7 +52841,7 @@ index 6d56ff2..3bc6638 100644 /* * Limit to 1/4-th the stack size for the argv+env strings. * This ensures that: -@@ -266,6 +293,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -266,6 +296,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) vma->vm_end = STACK_TOP_MAX; vma->vm_start = vma->vm_end - PAGE_SIZE; vma->vm_flags = VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP; @@ -50277,20 +52853,20 @@ index 6d56ff2..3bc6638 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); INIT_LIST_HEAD(&vma->anon_vma_chain); -@@ -276,6 +308,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -276,6 +311,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) mm->stack_vm = mm->total_vm = 1; up_write(&mm->mmap_sem); bprm->p = vma->vm_end - sizeof(void *); + +#ifdef CONFIG_PAX_RANDUSTACK + if (randomize_va_space) -+ bprm->p ^= random32() & ~PAGE_MASK; ++ bprm->p ^= prandom_u32() & ~PAGE_MASK; +#endif + return 0; err: up_write(&mm->mmap_sem); -@@ -396,7 +434,7 @@ struct user_arg_ptr { +@@ -396,7 +437,7 @@ struct user_arg_ptr { } ptr; }; @@ -50299,7 +52875,7 @@ index 6d56ff2..3bc6638 100644 { const char __user *native; -@@ -405,14 +443,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) +@@ -405,14 +446,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) compat_uptr_t compat; if (get_user(compat, argv.ptr.compat + nr)) @@ -50316,7 +52892,7 @@ index 6d56ff2..3bc6638 100644 return native; } -@@ -431,7 +469,7 @@ static int count(struct user_arg_ptr argv, int max) +@@ -431,7 +472,7 @@ static int count(struct user_arg_ptr argv, int max) if (!p) break; @@ -50325,7 +52901,7 @@ index 6d56ff2..3bc6638 100644 return -EFAULT; if (i >= max) -@@ -466,7 +504,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, +@@ -466,7 +507,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, ret = -EFAULT; str = get_user_arg_ptr(argv, argc); @@ -50334,7 +52910,7 @@ index 6d56ff2..3bc6638 100644 goto out; len = strnlen_user(str, MAX_ARG_STRLEN); -@@ -548,7 +586,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, +@@ -548,7 +589,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, int r; mm_segment_t oldfs = get_fs(); struct user_arg_ptr argv = { @@ -50343,7 +52919,7 @@ index 6d56ff2..3bc6638 100644 }; set_fs(KERNEL_DS); -@@ -583,7 +621,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -583,7 +624,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) unsigned long new_end = old_end - shift; struct mmu_gather tlb; @@ -50353,7 +52929,7 @@ index 6d56ff2..3bc6638 100644 /* * ensure there are no vmas between where we want to go -@@ -592,6 +631,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -592,6 +634,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) if (vma != find_vma(mm, new_start)) return -EFAULT; @@ -50364,7 +52940,7 @@ index 6d56ff2..3bc6638 100644 /* * cover the whole range: [new_start, old_end) */ -@@ -672,10 +715,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -672,10 +718,6 @@ int setup_arg_pages(struct linux_binprm *bprm, stack_top = arch_align_stack(stack_top); stack_top = PAGE_ALIGN(stack_top); @@ -50375,7 +52951,7 @@ index 6d56ff2..3bc6638 100644 stack_shift = vma->vm_end - stack_top; bprm->p -= stack_shift; -@@ -687,8 +726,28 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -687,8 +729,28 @@ int setup_arg_pages(struct linux_binprm *bprm, bprm->exec -= stack_shift; down_write(&mm->mmap_sem); @@ -50404,7 +52980,7 @@ index 6d56ff2..3bc6638 100644 /* * Adjust stack execute permissions; explicitly enable for * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone -@@ -707,13 +766,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -707,13 +769,6 @@ int setup_arg_pages(struct linux_binprm *bprm, goto out_unlock; BUG_ON(prev != vma); @@ -50418,7 +52994,7 @@ index 6d56ff2..3bc6638 100644 /* mprotect_fixup is overkill to remove the temporary stack flags */ vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP; -@@ -737,6 +789,27 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -737,6 +792,27 @@ int setup_arg_pages(struct linux_binprm *bprm, #endif current->mm->start_stack = bprm->p; ret = expand_stack(vma, stack_base); @@ -50435,7 +53011,7 @@ index 6d56ff2..3bc6638 100644 + +#ifdef CONFIG_X86 + if (!ret) { -+ size = mmap_min_addr + ((mm->delta_mmap ^ mm->delta_stack) & (0xFFUL << PAGE_SHIFT)); ++ size = PAGE_SIZE + mmap_min_addr + ((mm->delta_mmap ^ mm->delta_stack) & (0xFFUL << PAGE_SHIFT)); + ret = 0 != mmap_region(NULL, 0, PAGE_ALIGN(size), vm_flags, 0); + } +#endif @@ -50446,7 +53022,7 @@ index 6d56ff2..3bc6638 100644 if (ret) ret = -EFAULT; -@@ -772,6 +845,8 @@ struct file *open_exec(const char *name) +@@ -772,6 +848,8 @@ struct file *open_exec(const char *name) fsnotify_open(file); @@ -50455,7 +53031,7 @@ index 6d56ff2..3bc6638 100644 err = deny_write_access(file); if (err) goto exit; -@@ -795,7 +870,7 @@ int kernel_read(struct file *file, loff_t offset, +@@ -795,7 +873,7 @@ int kernel_read(struct file *file, loff_t offset, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -50464,7 +53040,7 @@ index 6d56ff2..3bc6638 100644 set_fs(old_fs); return result; } -@@ -1250,7 +1325,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm) +@@ -1251,7 +1329,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm) } rcu_read_unlock(); @@ -50473,7 +53049,7 @@ index 6d56ff2..3bc6638 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; } else { res = -EAGAIN; -@@ -1450,6 +1525,31 @@ int search_binary_handler(struct linux_binprm *bprm) +@@ -1451,6 +1529,31 @@ int search_binary_handler(struct linux_binprm *bprm) EXPORT_SYMBOL(search_binary_handler); @@ -50505,7 +53081,7 @@ index 6d56ff2..3bc6638 100644 /* * sys_execve() executes a new program. */ -@@ -1457,6 +1557,11 @@ static int do_execve_common(const char *filename, +@@ -1458,6 +1561,11 @@ static int do_execve_common(const char *filename, struct user_arg_ptr argv, struct user_arg_ptr envp) { @@ -50517,7 +53093,7 @@ index 6d56ff2..3bc6638 100644 struct linux_binprm *bprm; struct file *file; struct files_struct *displaced; -@@ -1464,6 +1569,8 @@ static int do_execve_common(const char *filename, +@@ -1465,6 +1573,8 @@ static int do_execve_common(const char *filename, int retval; const struct cred *cred = current_cred(); @@ -50526,7 +53102,7 @@ index 6d56ff2..3bc6638 100644 /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -@@ -1504,12 +1611,27 @@ static int do_execve_common(const char *filename, +@@ -1505,12 +1615,22 @@ static int do_execve_common(const char *filename, if (IS_ERR(file)) goto out_unmark; @@ -50541,11 +53117,6 @@ index 6d56ff2..3bc6638 100644 bprm->filename = filename; bprm->interp = filename; -+ if (gr_process_user_ban()) { -+ retval = -EPERM; -+ goto out_file; -+ } -+ + if (!gr_acl_handle_execve(file->f_path.dentry, file->f_path.mnt)) { + retval = -EACCES; + goto out_file; @@ -50554,7 +53125,7 @@ index 6d56ff2..3bc6638 100644 retval = bprm_mm_init(bprm); if (retval) goto out_file; -@@ -1526,24 +1648,65 @@ static int do_execve_common(const char *filename, +@@ -1527,24 +1647,70 @@ static int do_execve_common(const char *filename, if (retval < 0) goto out; @@ -50574,6 +53145,11 @@ index 6d56ff2..3bc6638 100644 + current->signal->rlim[RLIMIT_STACK].rlim_cur = 8 * 1024 * 1024; +#endif + ++ if (gr_process_kernel_exec_ban() || gr_process_suid_exec_ban(bprm)) { ++ retval = -EPERM; ++ goto out_fail; ++ } ++ + if (!gr_tpe_allow(file)) { + retval = -EACCES; + goto out_fail; @@ -50624,7 +53200,7 @@ index 6d56ff2..3bc6638 100644 current->fs->in_exec = 0; current->in_execve = 0; acct_update_integrals(current); -@@ -1552,6 +1715,14 @@ static int do_execve_common(const char *filename, +@@ -1553,6 +1719,14 @@ static int do_execve_common(const char *filename, put_files_struct(displaced); return retval; @@ -50639,7 +53215,7 @@ index 6d56ff2..3bc6638 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1700,3 +1871,283 @@ asmlinkage long compat_sys_execve(const char __user * filename, +@@ -1701,3 +1875,287 @@ asmlinkage long compat_sys_execve(const char __user * filename, return error; } #endif @@ -50698,6 +53274,25 @@ index 6d56ff2..3bc6638 100644 +EXPORT_SYMBOL(pax_check_flags); + +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) ++char *pax_get_path(const struct path *path, char *buf, int buflen) ++{ ++ char *pathname = d_path(path, buf, buflen); ++ ++ if (IS_ERR(pathname)) ++ goto toolong; ++ ++ pathname = mangle_path(buf, pathname, "\t\n\\"); ++ if (!pathname) ++ goto toolong; ++ ++ *pathname = 0; ++ return buf; ++ ++toolong: ++ return ""; ++} ++EXPORT_SYMBOL(pax_get_path); ++ +void pax_report_fault(struct pt_regs *regs, void *pc, void *sp) +{ + struct task_struct *tsk = current; @@ -50721,36 +53316,19 @@ index 6d56ff2..3bc6638 100644 + vma_fault = vma; + vma = vma->vm_next; + } -+ if (vma_exec) { -+ path_exec = d_path(&vma_exec->vm_file->f_path, buffer_exec, PAGE_SIZE); -+ if (IS_ERR(path_exec)) -+ path_exec = ""; -+ else { -+ path_exec = mangle_path(buffer_exec, path_exec, "\t\n\\"); -+ if (path_exec) { -+ *path_exec = 0; -+ path_exec = buffer_exec; -+ } else -+ path_exec = ""; -+ } -+ } ++ if (vma_exec) ++ path_exec = pax_get_path(&vma_exec->vm_file->f_path, buffer_exec, PAGE_SIZE); + if (vma_fault) { + start = vma_fault->vm_start; + end = vma_fault->vm_end; + offset = vma_fault->vm_pgoff << PAGE_SHIFT; -+ if (vma_fault->vm_file) { -+ path_fault = d_path(&vma_fault->vm_file->f_path, buffer_fault, PAGE_SIZE); -+ if (IS_ERR(path_fault)) -+ path_fault = ""; -+ else { -+ path_fault = mangle_path(buffer_fault, path_fault, "\t\n\\"); -+ if (path_fault) { -+ *path_fault = 0; -+ path_fault = buffer_fault; -+ } else -+ path_fault = ""; -+ } -+ } else ++ if (vma_fault->vm_file) ++ path_fault = pax_get_path(&vma_fault->vm_file->f_path, buffer_fault, PAGE_SIZE); ++ else if ((unsigned long)pc >= mm->start_brk && (unsigned long)pc < mm->brk) ++ path_fault = ""; ++ else if (vma_fault->vm_flags & (VM_GROWSDOWN | VM_GROWSUP)) ++ path_fault = ""; ++ else + path_fault = ""; + } + up_read(&mm->mmap_sem); @@ -50784,7 +53362,9 @@ index 6d56ff2..3bc6638 100644 + printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current), + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid())); + print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); ++ preempt_disable(); + show_regs(regs); ++ preempt_enable(); + force_sig_info(SIGKILL, SEND_SIG_FORCED, current); +} +#endif @@ -50958,25 +53538,25 @@ index 22548f5..41521d8 100644 } return 1; diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c -index 92e68b3..115d987 100644 +index 3742e4c..69a797f 100644 --- a/fs/ext4/balloc.c +++ b/fs/ext4/balloc.c -@@ -505,8 +505,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, +@@ -528,8 +528,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, /* Hm, nope. Are (enough) root reserved clusters available? */ if (uid_eq(sbi->s_resuid, current_fsuid()) || (!gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) && in_group_p(sbi->s_resgid)) || - capable(CAP_SYS_RESOURCE) || -- (flags & EXT4_MB_USE_ROOT_BLOCKS)) { -+ (flags & EXT4_MB_USE_ROOT_BLOCKS) || +- (flags & EXT4_MB_USE_ROOT_BLOCKS)) { ++ (flags & EXT4_MB_USE_ROOT_BLOCKS) || + capable_nolog(CAP_SYS_RESOURCE)) { - if (free_clusters >= (nclusters + dirty_clusters)) - return 1; + if (free_clusters >= (nclusters + dirty_clusters + + resv_clusters)) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h -index 3b83cd6..0f34dcd 100644 +index 5aae3d1..b5da7f8 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h -@@ -1254,19 +1254,19 @@ struct ext4_sb_info { +@@ -1252,19 +1252,19 @@ struct ext4_sb_info { unsigned long s_mb_last_start; /* stats for buddy allocator */ @@ -51007,10 +53587,10 @@ index 3b83cd6..0f34dcd 100644 /* locality groups */ diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index f3190ab..84ffb21 100644 +index 59c6750..a549154 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c -@@ -1754,7 +1754,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, +@@ -1865,7 +1865,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len); if (EXT4_SB(sb)->s_mb_stats) @@ -51019,7 +53599,7 @@ index f3190ab..84ffb21 100644 break; } -@@ -2059,7 +2059,7 @@ repeat: +@@ -2170,7 +2170,7 @@ repeat: ac->ac_status = AC_STATUS_CONTINUE; ac->ac_flags |= EXT4_MB_HINT_FIRST; cr = 3; @@ -51028,7 +53608,7 @@ index f3190ab..84ffb21 100644 goto repeat; } } -@@ -2567,25 +2567,25 @@ int ext4_mb_release(struct super_block *sb) +@@ -2678,25 +2678,25 @@ int ext4_mb_release(struct super_block *sb) if (sbi->s_mb_stats) { ext4_msg(sb, KERN_INFO, "mballoc: %u blocks %u reqs (%u success)", @@ -51064,7 +53644,7 @@ index f3190ab..84ffb21 100644 } free_percpu(sbi->s_locality_groups); -@@ -3039,16 +3039,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) +@@ -3150,16 +3150,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb); if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) { @@ -51087,7 +53667,7 @@ index f3190ab..84ffb21 100644 } if (ac->ac_op == EXT4_MB_HISTORY_ALLOC) -@@ -3448,7 +3448,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) +@@ -3559,7 +3559,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_inode_pa(ac, pa); ext4_mb_use_inode_pa(ac, pa); @@ -51096,7 +53676,7 @@ index f3190ab..84ffb21 100644 ei = EXT4_I(ac->ac_inode); grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); -@@ -3508,7 +3508,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) +@@ -3619,7 +3619,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_group_pa(ac, pa); ext4_mb_use_group_pa(ac, pa); @@ -51105,7 +53685,7 @@ index f3190ab..84ffb21 100644 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); lg = ac->ac_lg; -@@ -3597,7 +3597,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, +@@ -3708,7 +3708,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, * from the bitmap and continue. */ } @@ -51114,7 +53694,7 @@ index f3190ab..84ffb21 100644 return err; } -@@ -3615,7 +3615,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, +@@ -3726,7 +3726,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit); BUG_ON(group != e4b->bd_group && pa->pa_len != 0); mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len); @@ -51123,19 +53703,80 @@ index f3190ab..84ffb21 100644 trace_ext4_mballoc_discard(sb, NULL, group, bit, pa->pa_len); return 0; +diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c +index 214461e..3614c89 100644 +--- a/fs/ext4/mmp.c ++++ b/fs/ext4/mmp.c +@@ -113,7 +113,7 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh, + void __dump_mmp_msg(struct super_block *sb, struct mmp_struct *mmp, + const char *function, unsigned int line, const char *msg) + { +- __ext4_warning(sb, function, line, msg); ++ __ext4_warning(sb, function, line, "%s", msg); + __ext4_warning(sb, function, line, + "MMP failure info: last update time: %llu, last update " + "node: %s, last update device: %s\n", +diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c +index 49d3c01..9579efd 100644 +--- a/fs/ext4/resize.c ++++ b/fs/ext4/resize.c +@@ -79,12 +79,20 @@ static int verify_group_input(struct super_block *sb, + ext4_fsblk_t end = start + input->blocks_count; + ext4_group_t group = input->group; + ext4_fsblk_t itend = input->inode_table + sbi->s_itb_per_group; +- unsigned overhead = ext4_group_overhead_blocks(sb, group); +- ext4_fsblk_t metaend = start + overhead; ++ unsigned overhead; ++ ext4_fsblk_t metaend; + struct buffer_head *bh = NULL; + ext4_grpblk_t free_blocks_count, offset; + int err = -EINVAL; + ++ if (group != sbi->s_groups_count) { ++ ext4_warning(sb, "Cannot add at group %u (only %u groups)", ++ input->group, sbi->s_groups_count); ++ return -EINVAL; ++ } ++ ++ overhead = ext4_group_overhead_blocks(sb, group); ++ metaend = start + overhead; + input->free_blocks_count = free_blocks_count = + input->blocks_count - 2 - overhead - sbi->s_itb_per_group; + +@@ -96,10 +104,7 @@ static int verify_group_input(struct super_block *sb, + free_blocks_count, input->reserved_blocks); + + ext4_get_group_no_and_offset(sb, start, NULL, &offset); +- if (group != sbi->s_groups_count) +- ext4_warning(sb, "Cannot add at group %u (only %u groups)", +- input->group, sbi->s_groups_count); +- else if (offset != 0) ++ if (offset != 0) + ext4_warning(sb, "Last group not full"); + else if (input->reserved_blocks > input->blocks_count / 5) + ext4_warning(sb, "Reserved blocks too high (%u)", diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index febbe0e..782c4fd 100644 +index 3f7c39e..227f24f 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c -@@ -2380,7 +2380,7 @@ struct ext4_attr { +@@ -1236,7 +1236,7 @@ static ext4_fsblk_t get_sb_block(void **data) + } + + #define DEFAULT_JOURNAL_IOPRIO (IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 3)) +-static char deprecated_msg[] = "Mount option \"%s\" will be removed by %s\n" ++static const char deprecated_msg[] = "Mount option \"%s\" will be removed by %s\n" + "Contact linux-ext4@vger.kernel.org if you think we should keep it.\n"; + + #ifdef CONFIG_QUOTA +@@ -2372,7 +2372,7 @@ struct ext4_attr { ssize_t (*store)(struct ext4_attr *, struct ext4_sb_info *, const char *, size_t); int offset; -}; +} __do_const; - static int parse_strtoul(const char *buf, - unsigned long max, unsigned long *value) + static int parse_strtoull(const char *buf, + unsigned long long max, unsigned long long *value) diff --git a/fs/fcntl.c b/fs/fcntl.c index 6599222..e7bf0de 100644 --- a/fs/fcntl.c @@ -51166,82 +53807,8 @@ index 999ff5c..41f4109 100644 copy_to_user(ufh, handle, sizeof(struct file_handle) + handle_bytes)) retval = -EFAULT; -diff --git a/fs/fifo.c b/fs/fifo.c -index cf6f434..3d7942c 100644 ---- a/fs/fifo.c -+++ b/fs/fifo.c -@@ -59,10 +59,10 @@ static int fifo_open(struct inode *inode, struct file *filp) - */ - filp->f_op = &read_pipefifo_fops; - pipe->r_counter++; -- if (pipe->readers++ == 0) -+ if (atomic_inc_return(&pipe->readers) == 1) - wake_up_partner(inode); - -- if (!pipe->writers) { -+ if (!atomic_read(&pipe->writers)) { - if ((filp->f_flags & O_NONBLOCK)) { - /* suppress POLLHUP until we have - * seen a writer */ -@@ -81,15 +81,15 @@ static int fifo_open(struct inode *inode, struct file *filp) - * errno=ENXIO when there is no process reading the FIFO. - */ - ret = -ENXIO; -- if ((filp->f_flags & O_NONBLOCK) && !pipe->readers) -+ if ((filp->f_flags & O_NONBLOCK) && !atomic_read(&pipe->readers)) - goto err; - - filp->f_op = &write_pipefifo_fops; - pipe->w_counter++; -- if (!pipe->writers++) -+ if (atomic_inc_return(&pipe->writers) == 1) - wake_up_partner(inode); - -- if (!pipe->readers) { -+ if (!atomic_read(&pipe->readers)) { - if (wait_for_partner(inode, &pipe->r_counter)) - goto err_wr; - } -@@ -104,11 +104,11 @@ static int fifo_open(struct inode *inode, struct file *filp) - */ - filp->f_op = &rdwr_pipefifo_fops; - -- pipe->readers++; -- pipe->writers++; -+ atomic_inc(&pipe->readers); -+ atomic_inc(&pipe->writers); - pipe->r_counter++; - pipe->w_counter++; -- if (pipe->readers == 1 || pipe->writers == 1) -+ if (atomic_read(&pipe->readers) == 1 || atomic_read(&pipe->writers) == 1) - wake_up_partner(inode); - break; - -@@ -122,19 +122,19 @@ static int fifo_open(struct inode *inode, struct file *filp) - return 0; - - err_rd: -- if (!--pipe->readers) -+ if (atomic_dec_and_test(&pipe->readers)) - wake_up_interruptible(&pipe->wait); - ret = -ERESTARTSYS; - goto err; - - err_wr: -- if (!--pipe->writers) -+ if (atomic_dec_and_test(&pipe->writers)) - wake_up_interruptible(&pipe->wait); - ret = -ERESTARTSYS; - goto err; - - err: -- if (!pipe->readers && !pipe->writers) -+ if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers)) - free_pipe_info(inode); - - err_nocleanup: diff --git a/fs/file.c b/fs/file.c -index 3906d95..5fe379b 100644 +index 4a78f98..9447397 100644 --- a/fs/file.c +++ b/fs/file.c @@ -16,6 +16,7 @@ @@ -51252,7 +53819,7 @@ index 3906d95..5fe379b 100644 #include #include #include -@@ -892,6 +893,7 @@ int replace_fd(unsigned fd, struct file *file, unsigned flags) +@@ -828,6 +829,7 @@ int replace_fd(unsigned fd, struct file *file, unsigned flags) if (!file) return __close_fd(files, fd); @@ -51260,7 +53827,7 @@ index 3906d95..5fe379b 100644 if (fd >= rlimit(RLIMIT_NOFILE)) return -EBADF; -@@ -918,6 +920,7 @@ SYSCALL_DEFINE3(dup3, unsigned int, oldfd, unsigned int, newfd, int, flags) +@@ -854,6 +856,7 @@ SYSCALL_DEFINE3(dup3, unsigned int, oldfd, unsigned int, newfd, int, flags) if (unlikely(oldfd == newfd)) return -EINVAL; @@ -51268,7 +53835,7 @@ index 3906d95..5fe379b 100644 if (newfd >= rlimit(RLIMIT_NOFILE)) return -EBADF; -@@ -973,6 +976,7 @@ SYSCALL_DEFINE1(dup, unsigned int, fildes) +@@ -909,6 +912,7 @@ SYSCALL_DEFINE1(dup, unsigned int, fildes) int f_dupfd(unsigned int from, struct file *file, unsigned flags) { int err; @@ -52752,10 +55319,10 @@ index 40d13c7..ddf52b9 100644 seq_printf(m, "CacheOp: alo=%d luo=%d luc=%d gro=%d\n", atomic_read(&fscache_n_cop_alloc_object), diff --git a/fs/fuse/cuse.c b/fs/fuse/cuse.c -index 6f96a8d..6019bb9 100644 +index aef34b1..59bfd7b 100644 --- a/fs/fuse/cuse.c +++ b/fs/fuse/cuse.c -@@ -597,10 +597,12 @@ static int __init cuse_init(void) +@@ -600,10 +600,12 @@ static int __init cuse_init(void) INIT_LIST_HEAD(&cuse_conntbl[i]); /* inherit and extend fuse_dev_operations */ @@ -52773,10 +55340,10 @@ index 6f96a8d..6019bb9 100644 cuse_class = class_create(THIS_MODULE, "cuse"); if (IS_ERR(cuse_class)) diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c -index 11dfa0c..6f64416 100644 +index 1d55f94..088da65 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c -@@ -1294,7 +1294,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos, +@@ -1339,7 +1339,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos, ret = 0; pipe_lock(pipe); @@ -52785,11 +55352,20 @@ index 11dfa0c..6f64416 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; +@@ -1364,7 +1364,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos, + page_nr++; + ret += buf->len; + +- if (pipe->files) ++ if (atomic_read(&pipe->files)) + do_wakeup = 1; + } + diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c -index 185c479..51b9986 100644 +index 5b12746..b481b03 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c -@@ -1415,7 +1415,7 @@ static char *read_link(struct dentry *dentry) +@@ -1437,7 +1437,7 @@ static char *read_link(struct dentry *dentry) return link; } @@ -52799,10 +55375,10 @@ index 185c479..51b9986 100644 if (!IS_ERR(link)) free_page((unsigned long) link); diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c -index cc00bd1..3edb692 100644 +index 62b484e..0f9a140 100644 --- a/fs/gfs2/inode.c +++ b/fs/gfs2/inode.c -@@ -1500,7 +1500,7 @@ out: +@@ -1441,7 +1441,7 @@ out: static void gfs2_put_link(struct dentry *dentry, struct nameidata *nd, void *p) { @@ -52862,7 +55438,7 @@ index a3f868a..bb308ae 100644 static int can_do_hugetlb_shm(void) { diff --git a/fs/inode.c b/fs/inode.c -index a898b3d..9b5a214 100644 +index 00d5fc3..98ce7d7 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -878,8 +878,8 @@ unsigned int get_next_ino(void) @@ -52905,10 +55481,10 @@ index a6597d6..41b30ec 100644 /* diff --git a/fs/jfs/super.c b/fs/jfs/super.c -index 2003e83..40db287 100644 +index 788e0a9..8433098 100644 --- a/fs/jfs/super.c +++ b/fs/jfs/super.c -@@ -856,7 +856,7 @@ static int __init init_jfs_fs(void) +@@ -878,7 +878,7 @@ static int __init init_jfs_fs(void) jfs_inode_cachep = kmem_cache_create("jfs_ip", sizeof(struct jfs_inode_info), 0, @@ -52946,7 +55522,7 @@ index 916da8c..1588998 100644 next->d_inode->i_ino, dt_type(next->d_inode)) < 0) diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c -index 9760ecb..9b838ef 100644 +index acd3947..1f896e2 100644 --- a/fs/lockd/clntproc.c +++ b/fs/lockd/clntproc.c @@ -36,11 +36,11 @@ static const struct rpc_call_ops nlmclnt_cancel_ops; @@ -52963,6 +55539,19 @@ index 9760ecb..9b838ef 100644 memcpy(c->data, &cookie, 4); c->len=4; +diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c +index a2aa97d..10d6c41 100644 +--- a/fs/lockd/svc.c ++++ b/fs/lockd/svc.c +@@ -305,7 +305,7 @@ static int lockd_start_svc(struct svc_serv *serv) + svc_sock_update_bufs(serv); + serv->sv_maxconn = nlm_max_connections; + +- nlmsvc_task = kthread_run(lockd, nlmsvc_rqst, serv->sv_name); ++ nlmsvc_task = kthread_run(lockd, nlmsvc_rqst, "%s", serv->sv_name); + if (IS_ERR(nlmsvc_task)) { + error = PTR_ERR(nlmsvc_task); + printk(KERN_WARNING diff --git a/fs/locks.c b/fs/locks.c index cb424a4..850e4dd 100644 --- a/fs/locks.c @@ -52989,7 +55578,7 @@ index cb424a4..850e4dd 100644 lock_flocks(); diff --git a/fs/namei.c b/fs/namei.c -index 85e40d1..b66744e 100644 +index 9ed9361..2b72db1 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -319,16 +319,32 @@ int generic_permission(struct inode *inode, int mask) @@ -53104,7 +55693,7 @@ index 85e40d1..b66744e 100644 + } + if (!err && nd->flags & LOOKUP_DIRECTORY) { - if (!nd->inode->i_op->lookup) { + if (!can_lookup(nd->inode)) { path_put(&nd->path); @@ -2002,8 +2027,15 @@ static int filename_lookup(int dfd, struct filename *name, retval = path_lookupat(dfd, name->name, @@ -53563,10 +56152,10 @@ index 85e40d1..b66744e 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index e945b81..fc018e2 100644 +index 7b1ca9b..6faeccf 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -1219,6 +1219,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1265,6 +1265,9 @@ static int do_umount(struct mount *mnt, int flags) if (!(sb->s_flags & MS_RDONLY)) retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); up_write(&sb->s_umount); @@ -53576,17 +56165,17 @@ index e945b81..fc018e2 100644 return retval; } -@@ -1238,6 +1241,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1283,6 +1286,9 @@ static int do_umount(struct mount *mnt, int flags) + } br_write_unlock(&vfsmount_lock); - up_write(&namespace_sem); - release_mounts(&umount_list); + namespace_unlock(); + + gr_log_unmount(mnt->mnt_devname, retval); + return retval; } -@@ -1257,7 +1263,7 @@ static inline bool may_mount(void) +@@ -1302,7 +1308,7 @@ static inline bool may_mount(void) * unixes. Our API is identical to OSF/1 to avoid making a mess of AMD */ @@ -53595,7 +56184,7 @@ index e945b81..fc018e2 100644 { struct path path; struct mount *mnt; -@@ -1297,7 +1303,7 @@ out: +@@ -1342,7 +1348,7 @@ out: /* * The 2.0 compatible umount. No flags. */ @@ -53604,7 +56193,7 @@ index e945b81..fc018e2 100644 { return sys_umount(name, 0); } -@@ -2267,6 +2273,16 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2313,6 +2319,16 @@ long do_mount(const char *dev_name, const char *dir_name, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -53621,7 +56210,7 @@ index e945b81..fc018e2 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2281,6 +2297,9 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2327,6 +2343,9 @@ long do_mount(const char *dev_name, const char *dir_name, dev_name, data_page); dput_out: path_put(&path); @@ -53631,7 +56220,7 @@ index e945b81..fc018e2 100644 return retval; } -@@ -2454,8 +2473,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) +@@ -2500,8 +2519,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) } EXPORT_SYMBOL(mount_subtree); @@ -53642,7 +56231,7 @@ index e945b81..fc018e2 100644 { int ret; char *kernel_type; -@@ -2567,6 +2586,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2614,6 +2633,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -53652,9 +56241,9 @@ index e945b81..fc018e2 100644 + } + get_fs_root(current->fs, &root); - error = lock_mount(&old); - if (error) -@@ -2815,7 +2839,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) + old_mp = lock_mount(&old); + error = PTR_ERR(old_mp); +@@ -2864,7 +2888,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) !nsown_capable(CAP_SYS_ADMIN)) return -EPERM; @@ -53663,8 +56252,32 @@ index e945b81..fc018e2 100644 return -EINVAL; get_mnt_ns(mnt_ns); +diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c +index cff089a..4c3d57a 100644 +--- a/fs/nfs/callback.c ++++ b/fs/nfs/callback.c +@@ -211,7 +211,6 @@ static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt, + struct svc_rqst *rqstp; + int (*callback_svc)(void *vrqstp); + struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion]; +- char svc_name[12]; + int ret; + + nfs_callback_bc_serv(minorversion, xprt, serv); +@@ -235,10 +234,9 @@ static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt, + + svc_sock_update_bufs(serv); + +- sprintf(svc_name, "nfsv4.%u-svc", minorversion); + cb_info->serv = serv; + cb_info->rqst = rqstp; +- cb_info->task = kthread_run(callback_svc, cb_info->rqst, svc_name); ++ cb_info->task = kthread_run(callback_svc, cb_info->rqst, "nfsv4.%u-svc", minorversion); + if (IS_ERR(cb_info->task)) { + ret = PTR_ERR(cb_info->task); + svc_exit_thread(cb_info->rqst); diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c -index 59461c9..b17c57e 100644 +index a35582c..ebbdcd5 100644 --- a/fs/nfs/callback_xdr.c +++ b/fs/nfs/callback_xdr.c @@ -51,7 +51,7 @@ struct callback_op { @@ -53677,10 +56290,10 @@ index 59461c9..b17c57e 100644 static struct callback_op callback_ops[]; diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c -index 1f94167..79c4ce4 100644 +index c1c7a9d..7afa0b8 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c -@@ -1041,16 +1041,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt +@@ -1043,16 +1043,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt return nfs_size_to_loff_t(fattr->size) > i_size_read(inode); } @@ -53700,11 +56313,24 @@ index 1f94167..79c4ce4 100644 } void nfs_fattr_init(struct nfs_fattr *fattr) +diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c +index 2c37442..9b9538b 100644 +--- a/fs/nfs/nfs4state.c ++++ b/fs/nfs/nfs4state.c +@@ -1193,7 +1193,7 @@ void nfs4_schedule_state_manager(struct nfs_client *clp) + snprintf(buf, sizeof(buf), "%s-manager", + rpc_peeraddr2str(clp->cl_rpcclient, RPC_DISPLAY_ADDR)); + rcu_read_unlock(); +- task = kthread_run(nfs4_run_state_manager, clp, buf); ++ task = kthread_run(nfs4_run_state_manager, clp, "%s", buf); + if (IS_ERR(task)) { + printk(KERN_ERR "%s: kthread_run: %ld\n", + __func__, PTR_ERR(task)); diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c -index d401d01..10b3e62 100644 +index 27d74a2..c4c2a73 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c -@@ -1109,7 +1109,7 @@ struct nfsd4_operation { +@@ -1126,7 +1126,7 @@ struct nfsd4_operation { nfsd4op_rsize op_rsize_bop; stateid_getter op_get_currentstateid; stateid_setter op_set_currentstateid; @@ -53714,10 +56340,10 @@ index d401d01..10b3e62 100644 static struct nfsd4_operation nfsd4_ops[]; diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c -index 6eb0dc5..29067a9 100644 +index 582321a..0224663 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c -@@ -1457,7 +1457,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) +@@ -1458,7 +1458,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *); @@ -53726,7 +56352,7 @@ index 6eb0dc5..29067a9 100644 [OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access, [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close, [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit, -@@ -1497,7 +1497,7 @@ static nfsd4_dec nfsd4_dec_ops[] = { +@@ -1498,7 +1498,7 @@ static nfsd4_dec nfsd4_dec_ops[] = { [OP_RELEASE_LOCKOWNER] = (nfsd4_dec)nfsd4_decode_release_lockowner, }; @@ -53735,7 +56361,7 @@ index 6eb0dc5..29067a9 100644 [OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access, [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close, [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit, -@@ -1559,7 +1559,7 @@ static nfsd4_dec nfsd41_dec_ops[] = { +@@ -1560,7 +1560,7 @@ static nfsd4_dec nfsd41_dec_ops[] = { }; struct nfsd4_minorversion_ops { @@ -53745,15 +56371,16 @@ index 6eb0dc5..29067a9 100644 }; diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c -index ca05f6d..411a576 100644 +index e76244e..9fe8f2f1 100644 --- a/fs/nfsd/nfscache.c +++ b/fs/nfsd/nfscache.c -@@ -461,13 +461,15 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) +@@ -526,14 +526,17 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) { struct svc_cacherep *rp = rqstp->rq_cacherep; struct kvec *resv = &rqstp->rq_res.head[0], *cachv; - int len; + long len; + size_t bufsize = 0; if (!rp) return; @@ -53761,17 +56388,18 @@ index ca05f6d..411a576 100644 - len = resv->iov_len - ((char*)statp - (char*)resv->iov_base); - len >>= 2; + if (statp) { -+ len = resv->iov_len - ((char*)statp - (char*)resv->iov_base); ++ len = (char*)statp - (char*)resv->iov_base; ++ len = resv->iov_len - len; + len >>= 2; + } /* Don't cache excessive amounts of data and XDR failures */ if (!statp || len > (256 >> 2)) { diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c -index 2b2e239..c915b48 100644 +index baf149a..76b86ad 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c -@@ -939,7 +939,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, +@@ -940,7 +940,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, } else { oldfs = get_fs(); set_fs(KERNEL_DS); @@ -53780,7 +56408,7 @@ index 2b2e239..c915b48 100644 set_fs(oldfs); } -@@ -1026,7 +1026,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, +@@ -1027,7 +1027,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, /* Write the data. */ oldfs = get_fs(); set_fs(KERNEL_DS); @@ -53789,7 +56417,7 @@ index 2b2e239..c915b48 100644 set_fs(oldfs); if (host_err < 0) goto out_nfserr; -@@ -1572,7 +1572,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) +@@ -1573,7 +1573,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) */ oldfs = get_fs(); set_fs(KERNEL_DS); @@ -53882,18 +56510,10 @@ index e7bc1d7..06bd4bb 100644 } diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c -index 5d84442..2c034ba 100644 +index 77cc85d..a1e6299 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c -@@ -121,6 +121,7 @@ static int fill_event_metadata(struct fsnotify_group *group, - metadata->event_len = FAN_EVENT_METADATA_LEN; - metadata->metadata_len = FAN_EVENT_METADATA_LEN; - metadata->vers = FANOTIFY_METADATA_VERSION; -+ metadata->reserved = 0; - metadata->mask = event->mask & FAN_ALL_OUTGOING_EVENTS; - metadata->pid = pid_vnr(event->tgid); - if (unlikely(event->mask & FAN_Q_OVERFLOW)) -@@ -251,8 +252,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, +@@ -253,8 +253,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, fd = fanotify_event_metadata.fd; ret = -EFAULT; @@ -53940,10 +56560,10 @@ index aa411c3..c260a84 100644 "inode 0x%lx or driver bug.", vdir->i_ino); goto err_out; diff --git a/fs/ntfs/file.c b/fs/ntfs/file.c -index 5b2d4f0..c6de396 100644 +index c5670b8..01a3656 100644 --- a/fs/ntfs/file.c +++ b/fs/ntfs/file.c -@@ -2242,6 +2242,6 @@ const struct inode_operations ntfs_file_inode_ops = { +@@ -2241,6 +2241,6 @@ const struct inode_operations ntfs_file_inode_ops = { #endif /* NTFS_RW */ }; @@ -53952,6 +56572,50 @@ index 5b2d4f0..c6de396 100644 -const struct inode_operations ntfs_empty_inode_ops = {}; +const struct inode_operations ntfs_empty_inode_ops __read_only; +diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c +index 20dfec7..e238cb7 100644 +--- a/fs/ocfs2/aops.c ++++ b/fs/ocfs2/aops.c +@@ -1756,7 +1756,7 @@ try_again: + goto out; + } else if (ret == 1) { + clusters_need = wc->w_clen; +- ret = ocfs2_refcount_cow(inode, filp, di_bh, ++ ret = ocfs2_refcount_cow(inode, di_bh, + wc->w_cpos, wc->w_clen, UINT_MAX); + if (ret) { + mlog_errno(ret); +diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c +index ff54014..ff125fd 100644 +--- a/fs/ocfs2/file.c ++++ b/fs/ocfs2/file.c +@@ -370,7 +370,7 @@ static int ocfs2_cow_file_pos(struct inode *inode, + if (!(ext_flags & OCFS2_EXT_REFCOUNTED)) + goto out; + +- return ocfs2_refcount_cow(inode, NULL, fe_bh, cpos, 1, cpos+1); ++ return ocfs2_refcount_cow(inode, fe_bh, cpos, 1, cpos+1); + + out: + return status; +@@ -899,7 +899,7 @@ static int ocfs2_zero_extend_get_range(struct inode *inode, + zero_clusters = last_cpos - zero_cpos; + + if (needs_cow) { +- rc = ocfs2_refcount_cow(inode, NULL, di_bh, zero_cpos, ++ rc = ocfs2_refcount_cow(inode, di_bh, zero_cpos, + zero_clusters, UINT_MAX); + if (rc) { + mlog_errno(rc); +@@ -2078,7 +2078,7 @@ static int ocfs2_prepare_inode_for_refcount(struct inode *inode, + + *meta_level = 1; + +- ret = ocfs2_refcount_cow(inode, file, di_bh, cpos, clusters, UINT_MAX); ++ ret = ocfs2_refcount_cow(inode, di_bh, cpos, clusters, UINT_MAX); + if (ret) + mlog_errno(ret); + out: diff --git a/fs/ocfs2/localalloc.c b/fs/ocfs2/localalloc.c index aebeacd..0dcdd26 100644 --- a/fs/ocfs2/localalloc.c @@ -53965,6 +56629,19 @@ index aebeacd..0dcdd26 100644 bail: if (handle) +diff --git a/fs/ocfs2/move_extents.c b/fs/ocfs2/move_extents.c +index f1fc172..452068b 100644 +--- a/fs/ocfs2/move_extents.c ++++ b/fs/ocfs2/move_extents.c +@@ -69,7 +69,7 @@ static int __ocfs2_move_extent(handle_t *handle, + u64 ino = ocfs2_metadata_cache_owner(context->et.et_ci); + u64 old_blkno = ocfs2_clusters_to_blocks(inode->i_sb, p_cpos); + +- ret = ocfs2_duplicate_clusters_by_page(handle, context->file, cpos, ++ ret = ocfs2_duplicate_clusters_by_page(handle, inode, cpos, + p_cpos, new_p_cpos, len); + if (ret) { + mlog_errno(ret); diff --git a/fs/ocfs2/ocfs2.h b/fs/ocfs2/ocfs2.h index d355e6e..578d905 100644 --- a/fs/ocfs2/ocfs2.h @@ -53986,6 +56663,188 @@ index d355e6e..578d905 100644 }; enum ocfs2_local_alloc_state +diff --git a/fs/ocfs2/refcounttree.c b/fs/ocfs2/refcounttree.c +index 998b17e..aefe414 100644 +--- a/fs/ocfs2/refcounttree.c ++++ b/fs/ocfs2/refcounttree.c +@@ -49,7 +49,6 @@ + + struct ocfs2_cow_context { + struct inode *inode; +- struct file *file; + u32 cow_start; + u32 cow_len; + struct ocfs2_extent_tree data_et; +@@ -66,7 +65,7 @@ struct ocfs2_cow_context { + u32 *num_clusters, + unsigned int *extent_flags); + int (*cow_duplicate_clusters)(handle_t *handle, +- struct file *file, ++ struct inode *inode, + u32 cpos, u32 old_cluster, + u32 new_cluster, u32 new_len); + }; +@@ -2922,14 +2921,12 @@ static int ocfs2_clear_cow_buffer(handle_t *handle, struct buffer_head *bh) + } + + int ocfs2_duplicate_clusters_by_page(handle_t *handle, +- struct file *file, ++ struct inode *inode, + u32 cpos, u32 old_cluster, + u32 new_cluster, u32 new_len) + { + int ret = 0, partial; +- struct inode *inode = file_inode(file); +- struct ocfs2_caching_info *ci = INODE_CACHE(inode); +- struct super_block *sb = ocfs2_metadata_cache_get_super(ci); ++ struct super_block *sb = inode->i_sb; + u64 new_block = ocfs2_clusters_to_blocks(sb, new_cluster); + struct page *page; + pgoff_t page_index; +@@ -2973,13 +2970,6 @@ int ocfs2_duplicate_clusters_by_page(handle_t *handle, + if (PAGE_CACHE_SIZE <= OCFS2_SB(sb)->s_clustersize) + BUG_ON(PageDirty(page)); + +- if (PageReadahead(page)) { +- page_cache_async_readahead(mapping, +- &file->f_ra, file, +- page, page_index, +- readahead_pages); +- } +- + if (!PageUptodate(page)) { + ret = block_read_full_page(page, ocfs2_get_block); + if (ret) { +@@ -2999,7 +2989,8 @@ int ocfs2_duplicate_clusters_by_page(handle_t *handle, + } + } + +- ocfs2_map_and_dirty_page(inode, handle, from, to, ++ ocfs2_map_and_dirty_page(inode, ++ handle, from, to, + page, 0, &new_block); + mark_page_accessed(page); + unlock: +@@ -3015,12 +3006,11 @@ unlock: + } + + int ocfs2_duplicate_clusters_by_jbd(handle_t *handle, +- struct file *file, ++ struct inode *inode, + u32 cpos, u32 old_cluster, + u32 new_cluster, u32 new_len) + { + int ret = 0; +- struct inode *inode = file_inode(file); + struct super_block *sb = inode->i_sb; + struct ocfs2_caching_info *ci = INODE_CACHE(inode); + int i, blocks = ocfs2_clusters_to_blocks(sb, new_len); +@@ -3145,7 +3135,7 @@ static int ocfs2_replace_clusters(handle_t *handle, + + /*If the old clusters is unwritten, no need to duplicate. */ + if (!(ext_flags & OCFS2_EXT_UNWRITTEN)) { +- ret = context->cow_duplicate_clusters(handle, context->file, ++ ret = context->cow_duplicate_clusters(handle, context->inode, + cpos, old, new, len); + if (ret) { + mlog_errno(ret); +@@ -3423,35 +3413,12 @@ static int ocfs2_replace_cow(struct ocfs2_cow_context *context) + return ret; + } + +-static void ocfs2_readahead_for_cow(struct inode *inode, +- struct file *file, +- u32 start, u32 len) +-{ +- struct address_space *mapping; +- pgoff_t index; +- unsigned long num_pages; +- int cs_bits = OCFS2_SB(inode->i_sb)->s_clustersize_bits; +- +- if (!file) +- return; +- +- mapping = file->f_mapping; +- num_pages = (len << cs_bits) >> PAGE_CACHE_SHIFT; +- if (!num_pages) +- num_pages = 1; +- +- index = ((loff_t)start << cs_bits) >> PAGE_CACHE_SHIFT; +- page_cache_sync_readahead(mapping, &file->f_ra, file, +- index, num_pages); +-} +- + /* + * Starting at cpos, try to CoW write_len clusters. Don't CoW + * past max_cpos. This will stop when it runs into a hole or an + * unrefcounted extent. + */ + static int ocfs2_refcount_cow_hunk(struct inode *inode, +- struct file *file, + struct buffer_head *di_bh, + u32 cpos, u32 write_len, u32 max_cpos) + { +@@ -3480,8 +3447,6 @@ static int ocfs2_refcount_cow_hunk(struct inode *inode, + + BUG_ON(cow_len == 0); + +- ocfs2_readahead_for_cow(inode, file, cow_start, cow_len); +- + context = kzalloc(sizeof(struct ocfs2_cow_context), GFP_NOFS); + if (!context) { + ret = -ENOMEM; +@@ -3503,7 +3468,6 @@ static int ocfs2_refcount_cow_hunk(struct inode *inode, + context->ref_root_bh = ref_root_bh; + context->cow_duplicate_clusters = ocfs2_duplicate_clusters_by_page; + context->get_clusters = ocfs2_di_get_clusters; +- context->file = file; + + ocfs2_init_dinode_extent_tree(&context->data_et, + INODE_CACHE(inode), di_bh); +@@ -3532,7 +3496,6 @@ out: + * clusters between cpos and cpos+write_len are safe to modify. + */ + int ocfs2_refcount_cow(struct inode *inode, +- struct file *file, + struct buffer_head *di_bh, + u32 cpos, u32 write_len, u32 max_cpos) + { +@@ -3552,7 +3515,7 @@ int ocfs2_refcount_cow(struct inode *inode, + num_clusters = write_len; + + if (ext_flags & OCFS2_EXT_REFCOUNTED) { +- ret = ocfs2_refcount_cow_hunk(inode, file, di_bh, cpos, ++ ret = ocfs2_refcount_cow_hunk(inode, di_bh, cpos, + num_clusters, max_cpos); + if (ret) { + mlog_errno(ret); +diff --git a/fs/ocfs2/refcounttree.h b/fs/ocfs2/refcounttree.h +index 7754608..6422bbcdb 100644 +--- a/fs/ocfs2/refcounttree.h ++++ b/fs/ocfs2/refcounttree.h +@@ -53,7 +53,7 @@ int ocfs2_prepare_refcount_change_for_del(struct inode *inode, + int *credits, + int *ref_blocks); + int ocfs2_refcount_cow(struct inode *inode, +- struct file *filep, struct buffer_head *di_bh, ++ struct buffer_head *di_bh, + u32 cpos, u32 write_len, u32 max_cpos); + + typedef int (ocfs2_post_refcount_func)(struct inode *inode, +@@ -85,11 +85,11 @@ int ocfs2_refcount_cow_xattr(struct inode *inode, + u32 cpos, u32 write_len, + struct ocfs2_post_refcount *post); + int ocfs2_duplicate_clusters_by_page(handle_t *handle, +- struct file *file, ++ struct inode *inode, + u32 cpos, u32 old_cluster, + u32 new_cluster, u32 new_len); + int ocfs2_duplicate_clusters_by_jbd(handle_t *handle, +- struct file *file, ++ struct inode *inode, + u32 cpos, u32 old_cluster, + u32 new_cluster, u32 new_len); + int ocfs2_cow_sync_writeback(struct super_block *sb, diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c index b7e74b5..19c6536 100644 --- a/fs/ocfs2/suballoc.c @@ -54083,7 +56942,7 @@ index 01b8516..579c4df 100644 /* Copy the blockcheck stats from the superblock probe */ osb->osb_ecc_stats = *stats; diff --git a/fs/open.c b/fs/open.c -index 6835446..eadf09f 100644 +index 8c74100..4239c48 100644 --- a/fs/open.c +++ b/fs/open.c @@ -32,6 +32,8 @@ @@ -54113,7 +56972,7 @@ index 6835446..eadf09f 100644 if (!error) error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, f.file); sb_end_write(inode->i_sb); -@@ -388,6 +394,9 @@ retry: +@@ -360,6 +366,9 @@ retry: if (__mnt_is_readonly(path.mnt)) res = -EROFS; @@ -54123,7 +56982,7 @@ index 6835446..eadf09f 100644 out_path_release: path_put(&path); if (retry_estale(res, lookup_flags)) { -@@ -419,6 +428,8 @@ retry: +@@ -391,6 +400,8 @@ retry: if (error) goto dput_and_out; @@ -54132,7 +56991,7 @@ index 6835446..eadf09f 100644 set_fs_pwd(current->fs, &path); dput_and_out: -@@ -448,6 +459,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd) +@@ -420,6 +431,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd) goto out_putf; error = inode_permission(inode, MAY_EXEC | MAY_CHDIR); @@ -54146,7 +57005,7 @@ index 6835446..eadf09f 100644 if (!error) set_fs_pwd(current->fs, &f.file->f_path); out_putf: -@@ -477,7 +495,13 @@ retry: +@@ -449,7 +467,13 @@ retry: if (error) goto dput_and_out; @@ -54160,7 +57019,7 @@ index 6835446..eadf09f 100644 error = 0; dput_and_out: path_put(&path); -@@ -499,6 +523,16 @@ static int chmod_common(struct path *path, umode_t mode) +@@ -471,6 +495,16 @@ static int chmod_common(struct path *path, umode_t mode) if (error) return error; mutex_lock(&inode->i_mutex); @@ -54177,7 +57036,7 @@ index 6835446..eadf09f 100644 error = security_path_chmod(path, mode); if (error) goto out_unlock; -@@ -559,6 +593,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group) +@@ -531,6 +565,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group) uid = make_kuid(current_user_ns(), user); gid = make_kgid(current_user_ns(), group); @@ -54187,7 +57046,7 @@ index 6835446..eadf09f 100644 newattrs.ia_valid = ATTR_CTIME; if (user != (uid_t) -1) { if (!uid_valid(uid)) -@@ -974,6 +1011,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) +@@ -946,6 +983,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) } else { fsnotify_open(f); fd_install(fd, f); @@ -54196,10 +57055,28 @@ index 6835446..eadf09f 100644 } putname(tmp); diff --git a/fs/pipe.c b/fs/pipe.c -index 2234f3f..f9083a1 100644 +index d2c45e1..009fe1c 100644 --- a/fs/pipe.c +++ b/fs/pipe.c -@@ -438,9 +438,9 @@ redo: +@@ -56,7 +56,7 @@ unsigned int pipe_min_size = PAGE_SIZE; + + static void pipe_lock_nested(struct pipe_inode_info *pipe, int subclass) + { +- if (pipe->files) ++ if (atomic_read(&pipe->files)) + mutex_lock_nested(&pipe->mutex, subclass); + } + +@@ -71,7 +71,7 @@ EXPORT_SYMBOL(pipe_lock); + + void pipe_unlock(struct pipe_inode_info *pipe) + { +- if (pipe->files) ++ if (atomic_read(&pipe->files)) + mutex_unlock(&pipe->mutex); + } + EXPORT_SYMBOL(pipe_unlock); +@@ -449,9 +449,9 @@ redo: } if (bufs) /* More to do? */ continue; @@ -54211,16 +57088,16 @@ index 2234f3f..f9083a1 100644 /* syscall merging: Usually we must not sleep * if O_NONBLOCK is set, or if we got some data. * But if a writer sleeps in kernel space, then -@@ -504,7 +504,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov, - mutex_lock(&inode->i_mutex); - pipe = inode->i_pipe; +@@ -513,7 +513,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov, + ret = 0; + __pipe_lock(pipe); - if (!pipe->readers) { + if (!atomic_read(&pipe->readers)) { send_sig(SIGPIPE, current, 0); ret = -EPIPE; goto out; -@@ -553,7 +553,7 @@ redo1: +@@ -562,7 +562,7 @@ redo1: for (;;) { int bufs; @@ -54229,7 +57106,7 @@ index 2234f3f..f9083a1 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; -@@ -644,9 +644,9 @@ redo2: +@@ -653,9 +653,9 @@ redo2: kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); do_wakeup = 0; } @@ -54240,8 +57117,8 @@ index 2234f3f..f9083a1 100644 + atomic_dec(&pipe->waiting_writers); } out: - mutex_unlock(&inode->i_mutex); -@@ -716,7 +716,7 @@ pipe_poll(struct file *filp, poll_table *wait) + __pipe_unlock(pipe); +@@ -709,7 +709,7 @@ pipe_poll(struct file *filp, poll_table *wait) mask = 0; if (filp->f_mode & FMODE_READ) { mask = (nrbufs > 0) ? POLLIN | POLLRDNORM : 0; @@ -54250,7 +57127,7 @@ index 2234f3f..f9083a1 100644 mask |= POLLHUP; } -@@ -726,7 +726,7 @@ pipe_poll(struct file *filp, poll_table *wait) +@@ -719,7 +719,7 @@ pipe_poll(struct file *filp, poll_table *wait) * Most Unices do not set POLLERR for FIFOs but on Linux they * behave exactly like pipes for poll(). */ @@ -54259,52 +57136,30 @@ index 2234f3f..f9083a1 100644 mask |= POLLERR; } -@@ -740,10 +740,10 @@ pipe_release(struct inode *inode, int decr, int decw) - - mutex_lock(&inode->i_mutex); - pipe = inode->i_pipe; -- pipe->readers -= decr; -- pipe->writers -= decw; -+ atomic_sub(decr, &pipe->readers); -+ atomic_sub(decw, &pipe->writers); - -- if (!pipe->readers && !pipe->writers) { -+ if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers)) { - free_pipe_info(inode); - } else { - wake_up_interruptible_sync_poll(&pipe->wait, POLLIN | POLLOUT | POLLRDNORM | POLLWRNORM | POLLERR | POLLHUP); -@@ -833,7 +833,7 @@ pipe_read_open(struct inode *inode, struct file *filp) - - if (inode->i_pipe) { - ret = 0; -- inode->i_pipe->readers++; -+ atomic_inc(&inode->i_pipe->readers); - } +@@ -734,17 +734,17 @@ pipe_release(struct inode *inode, struct file *file) - mutex_unlock(&inode->i_mutex); -@@ -850,7 +850,7 @@ pipe_write_open(struct inode *inode, struct file *filp) + __pipe_lock(pipe); + if (file->f_mode & FMODE_READ) +- pipe->readers--; ++ atomic_dec(&pipe->readers); + if (file->f_mode & FMODE_WRITE) +- pipe->writers--; ++ atomic_dec(&pipe->writers); - if (inode->i_pipe) { - ret = 0; -- inode->i_pipe->writers++; -+ atomic_inc(&inode->i_pipe->writers); +- if (pipe->readers || pipe->writers) { ++ if (atomic_read(&pipe->readers) || atomic_read(&pipe->writers)) { + wake_up_interruptible_sync_poll(&pipe->wait, POLLIN | POLLOUT | POLLRDNORM | POLLWRNORM | POLLERR | POLLHUP); + kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); + kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT); } - - mutex_unlock(&inode->i_mutex); -@@ -871,9 +871,9 @@ pipe_rdwr_open(struct inode *inode, struct file *filp) - if (inode->i_pipe) { - ret = 0; - if (filp->f_mode & FMODE_READ) -- inode->i_pipe->readers++; -+ atomic_inc(&inode->i_pipe->readers); - if (filp->f_mode & FMODE_WRITE) -- inode->i_pipe->writers++; -+ atomic_inc(&inode->i_pipe->writers); + spin_lock(&inode->i_lock); +- if (!--pipe->files) { ++ if (atomic_dec_and_test(&pipe->files)) { + inode->i_pipe = NULL; + kill = 1; } - - mutex_unlock(&inode->i_mutex); -@@ -965,7 +965,7 @@ void free_pipe_info(struct inode *inode) - inode->i_pipe = NULL; +@@ -811,7 +811,7 @@ void free_pipe_info(struct pipe_inode_info *pipe) + kfree(pipe); } -static struct vfsmount *pipe_mnt __read_mostly; @@ -54312,16 +57167,109 @@ index 2234f3f..f9083a1 100644 /* * pipefs_dname() is called from d_path(). -@@ -995,7 +995,8 @@ static struct inode * get_pipe_inode(void) +@@ -841,8 +841,9 @@ static struct inode * get_pipe_inode(void) goto fail_iput; - inode->i_pipe = pipe; + inode->i_pipe = pipe; +- pipe->files = 2; - pipe->readers = pipe->writers = 1; ++ atomic_set(&pipe->files, 2); + atomic_set(&pipe->readers, 1); + atomic_set(&pipe->writers, 1); - inode->i_fop = &rdwr_pipefifo_fops; + inode->i_fop = &pipefifo_fops; /* +@@ -1022,17 +1023,17 @@ static int fifo_open(struct inode *inode, struct file *filp) + spin_lock(&inode->i_lock); + if (inode->i_pipe) { + pipe = inode->i_pipe; +- pipe->files++; ++ atomic_inc(&pipe->files); + spin_unlock(&inode->i_lock); + } else { + spin_unlock(&inode->i_lock); + pipe = alloc_pipe_info(); + if (!pipe) + return -ENOMEM; +- pipe->files = 1; ++ atomic_set(&pipe->files, 1); + spin_lock(&inode->i_lock); + if (unlikely(inode->i_pipe)) { +- inode->i_pipe->files++; ++ atomic_inc(&inode->i_pipe->files); + spin_unlock(&inode->i_lock); + free_pipe_info(pipe); + pipe = inode->i_pipe; +@@ -1057,10 +1058,10 @@ static int fifo_open(struct inode *inode, struct file *filp) + * opened, even when there is no process writing the FIFO. + */ + pipe->r_counter++; +- if (pipe->readers++ == 0) ++ if (atomic_inc_return(&pipe->readers) == 1) + wake_up_partner(pipe); + +- if (!is_pipe && !pipe->writers) { ++ if (!is_pipe && !atomic_read(&pipe->writers)) { + if ((filp->f_flags & O_NONBLOCK)) { + /* suppress POLLHUP until we have + * seen a writer */ +@@ -1079,14 +1080,14 @@ static int fifo_open(struct inode *inode, struct file *filp) + * errno=ENXIO when there is no process reading the FIFO. + */ + ret = -ENXIO; +- if (!is_pipe && (filp->f_flags & O_NONBLOCK) && !pipe->readers) ++ if (!is_pipe && (filp->f_flags & O_NONBLOCK) && !atomic_read(&pipe->readers)) + goto err; + + pipe->w_counter++; +- if (!pipe->writers++) ++ if (atomic_inc_return(&pipe->writers) == 1) + wake_up_partner(pipe); + +- if (!is_pipe && !pipe->readers) { ++ if (!is_pipe && !atomic_read(&pipe->readers)) { + if (wait_for_partner(pipe, &pipe->r_counter)) + goto err_wr; + } +@@ -1100,11 +1101,11 @@ static int fifo_open(struct inode *inode, struct file *filp) + * the process can at least talk to itself. + */ + +- pipe->readers++; +- pipe->writers++; ++ atomic_inc(&pipe->readers); ++ atomic_inc(&pipe->writers); + pipe->r_counter++; + pipe->w_counter++; +- if (pipe->readers == 1 || pipe->writers == 1) ++ if (atomic_read(&pipe->readers) == 1 || atomic_read(&pipe->writers) == 1) + wake_up_partner(pipe); + break; + +@@ -1118,20 +1119,20 @@ static int fifo_open(struct inode *inode, struct file *filp) + return 0; + + err_rd: +- if (!--pipe->readers) ++ if (atomic_dec_and_test(&pipe->readers)) + wake_up_interruptible(&pipe->wait); + ret = -ERESTARTSYS; + goto err; + + err_wr: +- if (!--pipe->writers) ++ if (atomic_dec_and_test(&pipe->writers)) + wake_up_interruptible(&pipe->wait); + ret = -ERESTARTSYS; + goto err; + + err: + spin_lock(&inode->i_lock); +- if (!--pipe->files) { ++ if (atomic_dec_and_test(&pipe->files)) { + inode->i_pipe = NULL; + kill = 1; + } diff --git a/fs/proc/Kconfig b/fs/proc/Kconfig index 15af622..0e9f4467 100644 --- a/fs/proc/Kconfig @@ -54507,10 +57455,10 @@ index cbd0f1b..adec3f0 100644 static struct pid * get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos) diff --git a/fs/proc/base.c b/fs/proc/base.c -index 69078c7..3e12a75 100644 +index c3834da..b402b2b 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c -@@ -112,6 +112,14 @@ struct pid_entry { +@@ -113,6 +113,14 @@ struct pid_entry { union proc_op op; }; @@ -54525,7 +57473,7 @@ index 69078c7..3e12a75 100644 #define NOD(NAME, MODE, IOP, FOP, OP) { \ .name = (NAME), \ .len = sizeof(NAME) - 1, \ -@@ -209,6 +217,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer) +@@ -210,6 +218,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer) if (!mm->arg_end) goto out_mm; /* Shh! No looking before we're done */ @@ -54535,7 +57483,7 @@ index 69078c7..3e12a75 100644 len = mm->arg_end - mm->arg_start; if (len > PAGE_SIZE) -@@ -236,12 +247,28 @@ out: +@@ -237,12 +248,28 @@ out: return res; } @@ -54564,7 +57512,7 @@ index 69078c7..3e12a75 100644 do { nwords += 2; } while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */ -@@ -255,7 +282,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer) +@@ -256,7 +283,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer) } @@ -54573,7 +57521,7 @@ index 69078c7..3e12a75 100644 /* * Provides a wchan file via kallsyms in a proper one-value-per-file format. * Returns the resolved symbol. If that fails, simply return the address. -@@ -294,7 +321,7 @@ static void unlock_trace(struct task_struct *task) +@@ -295,7 +322,7 @@ static void unlock_trace(struct task_struct *task) mutex_unlock(&task->signal->cred_guard_mutex); } @@ -54582,7 +57530,7 @@ index 69078c7..3e12a75 100644 #define MAX_STACK_TRACE_DEPTH 64 -@@ -486,7 +513,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer) +@@ -518,7 +545,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer) return count; } @@ -54591,7 +57539,7 @@ index 69078c7..3e12a75 100644 static int proc_pid_syscall(struct task_struct *task, char *buffer) { long nr; -@@ -515,7 +542,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer) +@@ -547,7 +574,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer) /************************************************************************/ /* permission checks */ @@ -54600,7 +57548,7 @@ index 69078c7..3e12a75 100644 { struct task_struct *task; int allowed = 0; -@@ -525,7 +552,10 @@ static int proc_fd_access_allowed(struct inode *inode) +@@ -557,7 +584,10 @@ static int proc_fd_access_allowed(struct inode *inode) */ task = get_proc_task(inode); if (task) { @@ -54612,7 +57560,7 @@ index 69078c7..3e12a75 100644 put_task_struct(task); } return allowed; -@@ -556,10 +586,35 @@ static bool has_pid_permissions(struct pid_namespace *pid, +@@ -588,10 +618,35 @@ static bool has_pid_permissions(struct pid_namespace *pid, struct task_struct *task, int hide_pid_min) { @@ -54648,7 +57596,7 @@ index 69078c7..3e12a75 100644 return ptrace_may_access(task, PTRACE_MODE_READ); } -@@ -577,7 +632,11 @@ static int proc_pid_permission(struct inode *inode, int mask) +@@ -609,7 +664,11 @@ static int proc_pid_permission(struct inode *inode, int mask) put_task_struct(task); if (!has_perms) { @@ -54660,7 +57608,7 @@ index 69078c7..3e12a75 100644 /* * Let's make getdents(), stat(), and open() * consistent with each other. If a process -@@ -675,6 +734,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) +@@ -707,6 +766,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) if (!task) return -ESRCH; @@ -54672,7 +57620,7 @@ index 69078c7..3e12a75 100644 mm = mm_access(task, mode); put_task_struct(task); -@@ -690,6 +754,10 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) +@@ -722,6 +786,10 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) file->private_data = mm; @@ -54683,7 +57631,7 @@ index 69078c7..3e12a75 100644 return 0; } -@@ -711,6 +779,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, +@@ -743,6 +811,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, ssize_t copied; char *page; @@ -54701,7 +57649,7 @@ index 69078c7..3e12a75 100644 if (!mm) return 0; -@@ -723,7 +802,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf, +@@ -755,7 +834,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf, goto free; while (count > 0) { @@ -54710,7 +57658,7 @@ index 69078c7..3e12a75 100644 if (write && copy_from_user(page, buf, this_len)) { copied = -EFAULT; -@@ -815,6 +894,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, +@@ -847,6 +926,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, if (!mm) return 0; @@ -54724,7 +57672,7 @@ index 69078c7..3e12a75 100644 page = (char *)__get_free_page(GFP_TEMPORARY); if (!page) return -ENOMEM; -@@ -824,7 +910,7 @@ static ssize_t environ_read(struct file *file, char __user *buf, +@@ -856,7 +942,7 @@ static ssize_t environ_read(struct file *file, char __user *buf, goto free; while (count > 0) { size_t this_len, max_len; @@ -54733,7 +57681,7 @@ index 69078c7..3e12a75 100644 if (src >= (mm->env_end - mm->env_start)) break; -@@ -1430,7 +1516,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -1461,7 +1547,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) int error = -EACCES; /* Are we allowed to snoop on the tasks file descriptors? */ @@ -54742,7 +57690,7 @@ index 69078c7..3e12a75 100644 goto out; error = PROC_I(inode)->op.proc_get_link(dentry, &path); -@@ -1474,8 +1560,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b +@@ -1505,8 +1591,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b struct path path; /* Are we allowed to snoop on the tasks file descriptors? */ @@ -54763,7 +57711,7 @@ index 69078c7..3e12a75 100644 error = PROC_I(inode)->op.proc_get_link(dentry, &path); if (error) -@@ -1525,7 +1621,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t +@@ -1556,7 +1652,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t rcu_read_lock(); cred = __task_cred(task); inode->i_uid = cred->euid; @@ -54775,7 +57723,7 @@ index 69078c7..3e12a75 100644 rcu_read_unlock(); } security_task_to_inode(task, inode); -@@ -1561,10 +1661,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) +@@ -1592,10 +1692,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) return -ENOENT; } if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -54795,7 +57743,7 @@ index 69078c7..3e12a75 100644 } } rcu_read_unlock(); -@@ -1602,11 +1711,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags) +@@ -1633,11 +1742,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags) if (task) { if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -54816,7 +57764,7 @@ index 69078c7..3e12a75 100644 rcu_read_unlock(); } else { inode->i_uid = GLOBAL_ROOT_UID; -@@ -2059,6 +2177,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, +@@ -2196,6 +2314,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, if (!task) goto out_no_task; @@ -54826,7 +57774,7 @@ index 69078c7..3e12a75 100644 /* * Yes, it does not scale. And it should not. Don't add * new entries into /proc// without very good reasons. -@@ -2103,6 +2224,9 @@ static int proc_pident_readdir(struct file *filp, +@@ -2240,6 +2361,9 @@ static int proc_pident_readdir(struct file *filp, if (!task) goto out_no_task; @@ -54836,7 +57784,7 @@ index 69078c7..3e12a75 100644 ret = 0; i = filp->f_pos; switch (i) { -@@ -2516,7 +2640,7 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2653,7 +2777,7 @@ static const struct pid_entry tgid_base_stuff[] = { REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -54845,7 +57793,7 @@ index 69078c7..3e12a75 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2541,10 +2665,10 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2678,10 +2802,10 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -54858,7 +57806,7 @@ index 69078c7..3e12a75 100644 ONE("stack", S_IRUGO, proc_pid_stack), #endif #ifdef CONFIG_SCHEDSTATS -@@ -2578,6 +2702,9 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2715,6 +2839,9 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_HARDWALL INF("hardwall", S_IRUGO, proc_pid_hardwall), #endif @@ -54868,7 +57816,7 @@ index 69078c7..3e12a75 100644 #ifdef CONFIG_USER_NS REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), -@@ -2707,7 +2834,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir, +@@ -2847,7 +2974,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir, if (!inode) goto out; @@ -54883,7 +57831,7 @@ index 69078c7..3e12a75 100644 inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_flags|=S_IMMUTABLE; -@@ -2745,7 +2879,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign +@@ -2885,7 +3019,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign if (!task) goto out; @@ -54895,7 +57843,7 @@ index 69078c7..3e12a75 100644 put_task_struct(task); out: return result; -@@ -2808,6 +2946,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi +@@ -2948,6 +3086,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi static int fake_filldir(void *buf, const char *name, int namelen, loff_t offset, u64 ino, unsigned d_type) { @@ -54904,7 +57852,7 @@ index 69078c7..3e12a75 100644 return 0; } -@@ -2859,7 +2999,7 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -3007,7 +3147,7 @@ static const struct pid_entry tid_base_stuff[] = { REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -54913,7 +57861,7 @@ index 69078c7..3e12a75 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2886,10 +3026,10 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -3034,10 +3174,10 @@ static const struct pid_entry tid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -54997,13 +57945,13 @@ index d7a4a28..0201742 100644 } diff --git a/fs/proc/inode.c b/fs/proc/inode.c -index 869116c..820cb27 100644 +index 073aea6..0630370 100644 --- a/fs/proc/inode.c +++ b/fs/proc/inode.c -@@ -22,11 +22,17 @@ - #include +@@ -23,11 +23,17 @@ #include #include + #include +#include #include @@ -55018,8 +57966,8 @@ index 869116c..820cb27 100644 static void proc_evict_inode(struct inode *inode) { struct proc_dir_entry *de; -@@ -54,6 +60,13 @@ static void proc_evict_inode(struct inode *inode) - ns = PROC_I(inode)->ns; +@@ -55,6 +61,13 @@ static void proc_evict_inode(struct inode *inode) + ns = PROC_I(inode)->ns.ns; if (ns_ops && ns) ns_ops->put(ns); + @@ -55032,7 +57980,7 @@ index 869116c..820cb27 100644 } static struct kmem_cache * proc_inode_cachep; -@@ -456,7 +469,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de) +@@ -385,7 +398,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de) if (de->mode) { inode->i_mode = de->mode; inode->i_uid = de->uid; @@ -55045,24 +57993,24 @@ index 869116c..820cb27 100644 if (de->size) inode->i_size = de->size; diff --git a/fs/proc/internal.h b/fs/proc/internal.h -index 85ff3a4..a512bd8 100644 +index d600fb0..3b495fe 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h -@@ -56,6 +56,9 @@ extern int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, - struct pid *pid, struct task_struct *task); - extern int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, - struct pid *pid, struct task_struct *task); +@@ -155,6 +155,9 @@ extern int proc_pid_status(struct seq_file *, struct pid_namespace *, + struct pid *, struct task_struct *); + extern int proc_pid_statm(struct seq_file *, struct pid_namespace *, + struct pid *, struct task_struct *); +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR +extern int proc_pid_ipaddr(struct task_struct *task, char *buffer); +#endif - extern loff_t mem_lseek(struct file *file, loff_t offset, int orig); - extern const struct file_operations proc_tid_children_operations; + /* + * base.c diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c -index eda6f01..006ae24 100644 +index 0a22194..a9fc8c1 100644 --- a/fs/proc/kcore.c +++ b/fs/proc/kcore.c -@@ -481,9 +481,10 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) +@@ -484,9 +484,10 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) * the addresses in the elf_phdr on our list. */ start = kc_offset_to_vaddr(*fpos - elf_buflen); @@ -55075,7 +58023,7 @@ index eda6f01..006ae24 100644 while (buflen) { struct kcore_list *m; -@@ -512,20 +513,23 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) +@@ -515,20 +516,23 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) kfree(elf_buf); } else { if (kern_addr_valid(start)) { @@ -55110,7 +58058,7 @@ index eda6f01..006ae24 100644 } else { if (clear_user(buffer, tsz)) return -EFAULT; -@@ -545,6 +549,9 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) +@@ -548,6 +552,9 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) static int open_kcore(struct inode *inode, struct file *filp) { @@ -55121,10 +58069,10 @@ index eda6f01..006ae24 100644 return -EPERM; if (kcore_need_update) diff --git a/fs/proc/meminfo.c b/fs/proc/meminfo.c -index 1efaaa1..834e49a 100644 +index 5aa847a..f77c8d4 100644 --- a/fs/proc/meminfo.c +++ b/fs/proc/meminfo.c -@@ -158,7 +158,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v) +@@ -159,7 +159,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v) vmi.used >> 10, vmi.largest_chunk >> 10 #ifdef CONFIG_MEMORY_FAILURE @@ -55147,7 +58095,7 @@ index ccfd99b..1b7e255 100644 seq_putc(m, '\n'); diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c -index b4ac657..0842bd2 100644 +index 986e832..6e8e859 100644 --- a/fs/proc/proc_net.c +++ b/fs/proc/proc_net.c @@ -23,6 +23,7 @@ @@ -55158,7 +58106,7 @@ index b4ac657..0842bd2 100644 #include "internal.h" -@@ -105,6 +106,17 @@ static struct net *get_proc_task_net(struct inode *dir) +@@ -109,6 +110,17 @@ static struct net *get_proc_task_net(struct inode *dir) struct task_struct *task; struct nsproxy *ns; struct net *net = NULL; @@ -55364,10 +58312,10 @@ index ac05f33..1e6dc7e 100644 kfree(ctl_table_arg); goto out; diff --git a/fs/proc/root.c b/fs/proc/root.c -index 9c7fab1..ed1c8e0 100644 +index 41a6ea9..23eaa92 100644 --- a/fs/proc/root.c +++ b/fs/proc/root.c -@@ -180,7 +180,15 @@ void __init proc_root_init(void) +@@ -182,7 +182,15 @@ void __init proc_root_init(void) #ifdef CONFIG_PROC_DEVICETREE proc_device_tree_init(); #endif @@ -55384,10 +58332,10 @@ index 9c7fab1..ed1c8e0 100644 } diff --git a/fs/proc/self.c b/fs/proc/self.c -index aa5cc3b..c91a5d0 100644 +index 6b6a993..807cccc 100644 --- a/fs/proc/self.c +++ b/fs/proc/self.c -@@ -37,7 +37,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -39,7 +39,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd) static void proc_self_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie) { @@ -55397,7 +58345,7 @@ index aa5cc3b..c91a5d0 100644 kfree(s); } diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index 3e636d8..83e3b71 100644 +index 65fc60a..350cc48 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -11,12 +11,19 @@ @@ -55618,10 +58566,10 @@ index 56123a6..5a2f6ec 100644 pid_t tid = vm_is_stack(priv->task, vma, is_pid); diff --git a/fs/proc/vmcore.c b/fs/proc/vmcore.c -index b870f74..e9048df 100644 +index 17f7e08..e4b1529 100644 --- a/fs/proc/vmcore.c +++ b/fs/proc/vmcore.c -@@ -98,9 +98,13 @@ static ssize_t read_from_oldmem(char *buf, size_t count, +@@ -99,9 +99,13 @@ static ssize_t read_from_oldmem(char *buf, size_t count, nr_bytes = count; /* If pfn is not ram, return zeros for sparse dump files */ @@ -55638,7 +58586,7 @@ index b870f74..e9048df 100644 tmp = copy_oldmem_page(pfn, buf, nr_bytes, offset, userbuf); if (tmp < 0) -@@ -185,7 +189,7 @@ static ssize_t read_vmcore(struct file *file, char __user *buffer, +@@ -186,7 +190,7 @@ static ssize_t read_vmcore(struct file *file, char __user *buffer, if (tsz > nr_bytes) tsz = nr_bytes; @@ -55692,10 +58640,10 @@ index 16e8abb..2dcf914 100644 if (!msg_head) { printk(KERN_ERR diff --git a/fs/read_write.c b/fs/read_write.c -index e6ddc8d..9155227 100644 +index 2cefa41..c7e2fe0 100644 --- a/fs/read_write.c +++ b/fs/read_write.c -@@ -429,7 +429,7 @@ ssize_t __kernel_write(struct file *file, const char *buf, size_t count, loff_t +@@ -411,7 +411,7 @@ ssize_t __kernel_write(struct file *file, const char *buf, size_t count, loff_t old_fs = get_fs(); set_fs(get_ds()); @@ -55820,10 +58768,10 @@ index 2b7882b..1c5ef48 100644 /* balance leaf returns 0 except if combining L R and S into diff --git a/fs/reiserfs/procfs.c b/fs/reiserfs/procfs.c -index 9cc0740a..46bf953 100644 +index 1d48974..2f8f4e0 100644 --- a/fs/reiserfs/procfs.c +++ b/fs/reiserfs/procfs.c -@@ -112,7 +112,7 @@ static int show_super(struct seq_file *m, struct super_block *sb) +@@ -114,7 +114,7 @@ static int show_super(struct seq_file *m, void *unused) "SMALL_TAILS " : "NO_TAILS ", replay_only(sb) ? "REPLAY_ONLY " : "", convert_reiserfs(sb) ? "CONV " : "", @@ -55875,7 +58823,7 @@ index 8c1c96c..a0f9b6d 100644 return -EINVAL; diff --git a/fs/seq_file.c b/fs/seq_file.c -index 38bb59f..a304f9d 100644 +index 774c1eb..b67582a 100644 --- a/fs/seq_file.c +++ b/fs/seq_file.c @@ -10,6 +10,7 @@ @@ -55942,10 +58890,10 @@ index 38bb59f..a304f9d 100644 if (op) { diff --git a/fs/splice.c b/fs/splice.c -index 29e394e..b13c247 100644 +index d37431d..81c3044 100644 --- a/fs/splice.c +++ b/fs/splice.c -@@ -195,7 +195,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, +@@ -196,7 +196,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, pipe_lock(pipe); for (;;) { @@ -55954,7 +58902,16 @@ index 29e394e..b13c247 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; -@@ -249,9 +249,9 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, +@@ -219,7 +219,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, + page_nr++; + ret += buf->len; + +- if (pipe->files) ++ if (atomic_read(&pipe->files)) + do_wakeup = 1; + + if (!--spd->nr_pages) +@@ -250,9 +250,9 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, do_wakeup = 0; } @@ -55966,7 +58923,7 @@ index 29e394e..b13c247 100644 } pipe_unlock(pipe); -@@ -564,7 +564,7 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec, +@@ -565,7 +565,7 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -55975,7 +58932,7 @@ index 29e394e..b13c247 100644 set_fs(old_fs); return res; -@@ -579,7 +579,7 @@ ssize_t kernel_write(struct file *file, const char *buf, size_t count, +@@ -580,7 +580,7 @@ ssize_t kernel_write(struct file *file, const char *buf, size_t count, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -55984,7 +58941,7 @@ index 29e394e..b13c247 100644 set_fs(old_fs); return res; -@@ -632,7 +632,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos, +@@ -633,7 +633,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos, goto err; this_len = min_t(size_t, len, PAGE_CACHE_SIZE - offset); @@ -55993,7 +58950,16 @@ index 29e394e..b13c247 100644 vec[i].iov_len = this_len; spd.pages[i] = page; spd.nr_pages++; -@@ -853,10 +853,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed); +@@ -829,7 +829,7 @@ int splice_from_pipe_feed(struct pipe_inode_info *pipe, struct splice_desc *sd, + ops->release(pipe, buf); + pipe->curbuf = (pipe->curbuf + 1) & (pipe->buffers - 1); + pipe->nrbufs--; +- if (pipe->files) ++ if (atomic_read(&pipe->files)) + sd->need_wakeup = true; + } + +@@ -854,10 +854,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed); int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd) { while (!pipe->nrbufs) { @@ -56006,7 +58972,7 @@ index 29e394e..b13c247 100644 return 0; if (sd->flags & SPLICE_F_NONBLOCK) -@@ -1192,7 +1192,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, +@@ -1193,7 +1193,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, * out of the pipe right after the splice_to_pipe(). So set * PIPE_READERS appropriately. */ @@ -56015,7 +58981,7 @@ index 29e394e..b13c247 100644 current->splice_pipe = pipe; } -@@ -1741,9 +1741,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1769,9 +1769,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -56027,7 +58993,7 @@ index 29e394e..b13c247 100644 if (flags & SPLICE_F_NONBLOCK) { ret = -EAGAIN; break; -@@ -1775,7 +1775,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1803,7 +1803,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) pipe_lock(pipe); while (pipe->nrbufs >= pipe->buffers) { @@ -56036,7 +59002,7 @@ index 29e394e..b13c247 100644 send_sig(SIGPIPE, current, 0); ret = -EPIPE; break; -@@ -1788,9 +1788,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1816,9 +1816,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -56048,7 +59014,7 @@ index 29e394e..b13c247 100644 } pipe_unlock(pipe); -@@ -1826,14 +1826,14 @@ retry: +@@ -1854,14 +1854,14 @@ retry: pipe_double_lock(ipipe, opipe); do { @@ -56065,7 +59031,7 @@ index 29e394e..b13c247 100644 break; /* -@@ -1930,7 +1930,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1958,7 +1958,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, pipe_double_lock(ipipe, opipe); do { @@ -56074,7 +59040,7 @@ index 29e394e..b13c247 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; -@@ -1975,7 +1975,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -2003,7 +2003,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, * return EAGAIN if we have the potential of some data in the * future, otherwise just return 0 */ @@ -56142,7 +59108,7 @@ index 15c68f9..36a8b3e 100644 if (!bb->vm_ops) return -EINVAL; diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c -index 6f31590..3c87c8a 100644 +index e8e0e71..79c28ac5 100644 --- a/fs/sysfs/dir.c +++ b/fs/sysfs/dir.c @@ -40,7 +40,7 @@ static DEFINE_IDA(sysfs_ino_ida); @@ -56154,7 +59120,7 @@ index 6f31590..3c87c8a 100644 { unsigned long hash = init_name_hash(); unsigned int len = strlen(name); -@@ -685,6 +685,18 @@ static int create_dir(struct kobject *kobj, struct sysfs_dirent *parent_sd, +@@ -679,6 +679,18 @@ static int create_dir(struct kobject *kobj, struct sysfs_dirent *parent_sd, struct sysfs_dirent *sd; int rc; @@ -56165,7 +59131,7 @@ index 6f31590..3c87c8a 100644 + + if ((!strcmp(parent_name, "") && (!strcmp(name, "devices") || !strcmp(name, "fs"))) || + (!strcmp(parent_name, "devices") && !strcmp(name, "system")) || -+ (!strcmp(parent_name, "fs") && (!strcmp(name, "selinux") || !strcmp(name, "fuse"))) || ++ (!strcmp(parent_name, "fs") && (!strcmp(name, "selinux") || !strcmp(name, "fuse") || !strcmp(name, "ecryptfs"))) || + (!strcmp(parent_name, "system") && !strcmp(name, "cpu"))) + mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO; +#endif @@ -56429,20 +59395,20 @@ index 9fbea87..6b19972 100644 struct posix_acl *acl; struct posix_acl_entry *acl_e; diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c -index b44af92..06073da 100644 +index 8904284..ee0e14b 100644 --- a/fs/xfs/xfs_bmap.c +++ b/fs/xfs/xfs_bmap.c -@@ -192,7 +192,7 @@ xfs_bmap_validate_ret( - int nmap, - int ret_nmap); +@@ -765,7 +765,7 @@ xfs_bmap_validate_ret( + #else + #define xfs_bmap_check_leaf_extents(cur, ip, whichfork) do { } while (0) -#define xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap) -+#define xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap) do {} while (0) ++#define xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap) do { } while (0) #endif /* DEBUG */ - STATIC int + /* diff --git a/fs/xfs/xfs_dir2_sf.c b/fs/xfs/xfs_dir2_sf.c -index 1b9fc3e..e1bdde0 100644 +index 6157424..ac98f6d 100644 --- a/fs/xfs/xfs_dir2_sf.c +++ b/fs/xfs/xfs_dir2_sf.c @@ -851,7 +851,15 @@ xfs_dir2_sf_getdents( @@ -56463,7 +59429,7 @@ index 1b9fc3e..e1bdde0 100644 *offset = off & 0x7fffffff; return 0; diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c -index d681e34..2a3f5ab 100644 +index 5e99968..45bd327 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -127,7 +127,7 @@ xfs_find_handle( @@ -56490,10 +59456,10 @@ index ca9ecaa..60100c7 100644 kfree(s); diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..ba9c5e3 +index 0000000..712a85d --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1053 @@ +@@ -0,0 +1,1043 @@ +# +# grecurity configuration +# @@ -56601,7 +59567,7 @@ index 0000000..ba9c5e3 +config GRKERNSEC_RAND_THREADSTACK + bool "Insert random gaps between thread stacks" + default y if GRKERNSEC_CONFIG_AUTO -+ depends on PAX_RANDMMAP && !PPC && BROKEN ++ depends on PAX_RANDMMAP && !PPC + help + If you say Y here, a random-sized gap will be enforced between allocated + thread stacks. Glibc's NPTL and other threading libraries that @@ -56650,8 +59616,9 @@ index 0000000..ba9c5e3 + fork until the administrator is able to assess the situation and + restart the daemon. + In the suid/sgid case, the attempt is logged, the user has all their -+ processes terminated, and they are prevented from executing any further -+ processes for 15 minutes. ++ existing instances of the suid/sgid binary terminated and will ++ be unable to execute any suid/sgid binaries for 15 minutes. ++ + It is recommended that you also enable signal logging in the auditing + section so that logs are generated when a process triggers a suspicious + signal. @@ -57203,22 +60170,11 @@ index 0000000..ba9c5e3 + help + If you say Y here, calls to mmap() and mprotect() with explicit + usage of PROT_WRITE and PROT_EXEC together will be logged when -+ denied by the PAX_MPROTECT feature. If the sysctl option is -+ enabled, a sysctl option with name "rwxmap_logging" is created. -+ -+config GRKERNSEC_AUDIT_TEXTREL -+ bool 'ELF text relocations logging (READ HELP)' -+ depends on PAX_MPROTECT -+ help -+ If you say Y here, text relocations will be logged with the filename -+ of the offending library or binary. The purpose of the feature is -+ to help Linux distribution developers get rid of libraries and -+ binaries that need text relocations which hinder the future progress -+ of PaX. Only Linux distribution developers should say Y here, and -+ never on a production machine, as this option creates an information -+ leak that could aid an attacker in defeating the randomization of -+ a single memory region. If the sysctl option is enabled, a sysctl -+ option with name "audit_textrel" is created. ++ denied by the PAX_MPROTECT feature. This feature will also ++ log other problematic scenarios that can occur when PAX_MPROTECT ++ is enabled on a binary, like textrels and PT_GNU_STACK. If the ++ sysctl option is enabled, a sysctl option with name "rwxmap_logging" ++ is created. + +endmenu + @@ -57549,10 +60505,10 @@ index 0000000..ba9c5e3 +endmenu diff --git a/grsecurity/Makefile b/grsecurity/Makefile new file mode 100644 -index 0000000..1b9afa9 +index 0000000..36845aa --- /dev/null +++ b/grsecurity/Makefile -@@ -0,0 +1,38 @@ +@@ -0,0 +1,42 @@ +# grsecurity's ACL system was originally written in 2001 by Michael Dalton +# during 2001-2009 it has been completely redesigned by Brad Spengler +# into an RBAC system @@ -57570,6 +60526,10 @@ index 0000000..1b9afa9 +obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_segv.o \ + gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \ + gracl_learn.o grsec_log.o ++ifdef CONFIG_COMPAT ++obj-$(CONFIG_GRKERNSEC) += gracl_compat.o ++endif ++ +obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o + +ifdef CONFIG_NET @@ -57593,10 +60553,10 @@ index 0000000..1b9afa9 +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..1248ee0 +index 0000000..c0793fd --- /dev/null +++ b/grsecurity/gracl.c -@@ -0,0 +1,4073 @@ +@@ -0,0 +1,4178 @@ +#include +#include +#include @@ -57699,6 +60659,144 @@ index 0000000..1248ee0 +extern void gr_remove_uid(uid_t uid); +extern int gr_find_uid(uid_t uid); + ++static int copy_acl_object_label_normal(struct acl_object_label *obj, const struct acl_object_label *userp) ++{ ++ if (copy_from_user(obj, userp, sizeof(struct acl_object_label))) ++ return -EFAULT; ++ ++ return 0; ++} ++ ++static int copy_acl_ip_label_normal(struct acl_ip_label *ip, const struct acl_ip_label *userp) ++{ ++ if (copy_from_user(ip, userp, sizeof(struct acl_ip_label))) ++ return -EFAULT; ++ ++ return 0; ++} ++ ++static int copy_acl_subject_label_normal(struct acl_subject_label *subj, const struct acl_subject_label *userp) ++{ ++ if (copy_from_user(subj, userp, sizeof(struct acl_subject_label))) ++ return -EFAULT; ++ ++ return 0; ++} ++ ++static int copy_acl_role_label_normal(struct acl_role_label *role, const struct acl_role_label *userp) ++{ ++ if (copy_from_user(role, userp, sizeof(struct acl_role_label))) ++ return -EFAULT; ++ ++ return 0; ++} ++ ++static int copy_role_allowed_ip_normal(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp) ++{ ++ if (copy_from_user(roleip, userp, sizeof(struct role_allowed_ip))) ++ return -EFAULT; ++ ++ return 0; ++} ++ ++static int copy_sprole_pw_normal(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp) ++{ ++ if (copy_from_user(pw, userp + idx, sizeof(struct sprole_pw))) ++ return -EFAULT; ++ ++ return 0; ++} ++ ++static int copy_gr_hash_struct_normal(struct gr_hash_struct *hash, const struct gr_hash_struct *userp) ++{ ++ if (copy_from_user(hash, userp, sizeof(struct gr_hash_struct))) ++ return -EFAULT; ++ ++ return 0; ++} ++ ++static int copy_role_transition_normal(struct role_transition *trans, const struct role_transition *userp) ++{ ++ if (copy_from_user(trans, userp, sizeof(struct role_transition))) ++ return -EFAULT; ++ ++ return 0; ++} ++ ++int copy_pointer_from_array_normal(void *ptr, unsigned long idx, const void *userp) ++{ ++ if (copy_from_user(ptr, userp + (idx * sizeof(void *)), sizeof(void *))) ++ return -EFAULT; ++ ++ return 0; ++} ++ ++static int copy_gr_arg_wrapper_normal(const char __user *buf, struct gr_arg_wrapper *uwrap) ++{ ++ if (copy_from_user(uwrap, buf, sizeof (struct gr_arg_wrapper))) ++ return -EFAULT; ++ ++ if ((uwrap->version != GRSECURITY_VERSION) || (uwrap->size != sizeof(struct gr_arg))) ++ return -EINVAL; ++ ++ return 0; ++} ++ ++static int copy_gr_arg_normal(const struct gr_arg __user *buf, struct gr_arg *arg) ++{ ++ if (copy_from_user(arg, buf, sizeof (struct gr_arg))) ++ return -EFAULT; ++ ++ return 0; ++} ++ ++static size_t get_gr_arg_wrapper_size_normal(void) ++{ ++ return sizeof(struct gr_arg_wrapper); ++} ++ ++#ifdef CONFIG_COMPAT ++extern int copy_gr_arg_wrapper_compat(const char *buf, struct gr_arg_wrapper *uwrap); ++extern int copy_gr_arg_compat(const struct gr_arg __user *buf, struct gr_arg *arg); ++extern int copy_acl_object_label_compat(struct acl_object_label *obj, const struct acl_object_label *userp); ++extern int copy_acl_subject_label_compat(struct acl_subject_label *subj, const struct acl_subject_label *userp); ++extern int copy_acl_role_label_compat(struct acl_role_label *role, const struct acl_role_label *userp); ++extern int copy_role_allowed_ip_compat(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp); ++extern int copy_role_transition_compat(struct role_transition *trans, const struct role_transition *userp); ++extern int copy_gr_hash_struct_compat(struct gr_hash_struct *hash, const struct gr_hash_struct *userp); ++extern int copy_pointer_from_array_compat(void *ptr, unsigned long idx, const void *userp); ++extern int copy_acl_ip_label_compat(struct acl_ip_label *ip, const struct acl_ip_label *userp); ++extern int copy_sprole_pw_compat(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp); ++extern size_t get_gr_arg_wrapper_size_compat(void); ++ ++int (* copy_gr_arg_wrapper)(const char *buf, struct gr_arg_wrapper *uwrap) __read_only; ++int (* copy_gr_arg)(const struct gr_arg *buf, struct gr_arg *arg) __read_only; ++int (* copy_acl_object_label)(struct acl_object_label *obj, const struct acl_object_label *userp) __read_only; ++int (* copy_acl_subject_label)(struct acl_subject_label *subj, const struct acl_subject_label *userp) __read_only; ++int (* copy_acl_role_label)(struct acl_role_label *role, const struct acl_role_label *userp) __read_only; ++int (* copy_acl_ip_label)(struct acl_ip_label *ip, const struct acl_ip_label *userp) __read_only; ++int (* copy_pointer_from_array)(void *ptr, unsigned long idx, const void *userp) __read_only; ++int (* copy_sprole_pw)(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp) __read_only; ++int (* copy_gr_hash_struct)(struct gr_hash_struct *hash, const struct gr_hash_struct *userp) __read_only; ++int (* copy_role_transition)(struct role_transition *trans, const struct role_transition *userp) __read_only; ++int (* copy_role_allowed_ip)(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp) __read_only; ++size_t (* get_gr_arg_wrapper_size)(void) __read_only; ++ ++#else ++#define copy_gr_arg_wrapper copy_gr_arg_wrapper_normal ++#define copy_gr_arg copy_gr_arg_normal ++#define copy_gr_hash_struct copy_gr_hash_struct_normal ++#define copy_acl_object_label copy_acl_object_label_normal ++#define copy_acl_subject_label copy_acl_subject_label_normal ++#define copy_acl_role_label copy_acl_role_label_normal ++#define copy_acl_ip_label copy_acl_ip_label_normal ++#define copy_pointer_from_array copy_pointer_from_array_normal ++#define copy_sprole_pw copy_sprole_pw_normal ++#define copy_role_transition copy_role_transition_normal ++#define copy_role_allowed_ip copy_role_allowed_ip_normal ++#define get_gr_arg_wrapper_size get_gr_arg_wrapper_size_normal ++#endif ++ +__inline__ int +gr_acl_is_enabled(void) +{ @@ -58642,33 +61740,34 @@ index 0000000..1248ee0 + return; +} + -+static __u32 -+count_user_objs(struct acl_object_label *userp) ++static struct acl_subject_label * ++do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role, int *already_copied); ++ ++static int alloc_and_copy_string(char **name, unsigned int maxlen) +{ -+ struct acl_object_label o_tmp; -+ __u32 num = 0; ++ unsigned int len = strnlen_user(*name, maxlen); ++ char *tmp; + -+ while (userp) { -+ if (copy_from_user(&o_tmp, userp, -+ sizeof (struct acl_object_label))) -+ break; ++ if (!len || len >= maxlen) ++ return -EINVAL; + -+ userp = o_tmp.prev; -+ num++; -+ } ++ if ((tmp = (char *) acl_alloc(len)) == NULL) ++ return -ENOMEM; + -+ return num; -+} ++ if (copy_from_user(tmp, *name, len)) ++ return -EFAULT; + -+static struct acl_subject_label * -+do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role, int *already_copied); ++ tmp[len-1] = '\0'; ++ *name = tmp; ++ ++ return 0; ++} + +static int +copy_user_glob(struct acl_object_label *obj) +{ + struct acl_object_label *g_tmp, **guser; -+ unsigned int len; -+ char *tmp; ++ int error; + + if (obj->globbed == NULL) + return 0; @@ -58680,22 +61779,12 @@ index 0000000..1248ee0 + if (g_tmp == NULL) + return -ENOMEM; + -+ if (copy_from_user(g_tmp, *guser, -+ sizeof (struct acl_object_label))) ++ if (copy_acl_object_label(g_tmp, *guser)) + return -EFAULT; + -+ len = strnlen_user(g_tmp->filename, PATH_MAX); -+ -+ if (!len || len >= PATH_MAX) -+ return -EINVAL; -+ -+ if ((tmp = (char *) acl_alloc(len)) == NULL) -+ return -ENOMEM; -+ -+ if (copy_from_user(tmp, g_tmp->filename, len)) -+ return -EFAULT; -+ tmp[len-1] = '\0'; -+ g_tmp->filename = tmp; ++ error = alloc_and_copy_string(&g_tmp->filename, PATH_MAX); ++ if (error) ++ return error; + + *guser = g_tmp; + guser = &(g_tmp->next); @@ -58709,33 +61798,21 @@ index 0000000..1248ee0 + struct acl_role_label *role) +{ + struct acl_object_label *o_tmp; -+ unsigned int len; + int ret; -+ char *tmp; + + while (userp) { + if ((o_tmp = (struct acl_object_label *) + acl_alloc(sizeof (struct acl_object_label))) == NULL) + return -ENOMEM; + -+ if (copy_from_user(o_tmp, userp, -+ sizeof (struct acl_object_label))) ++ if (copy_acl_object_label(o_tmp, userp)) + return -EFAULT; + + userp = o_tmp->prev; + -+ len = strnlen_user(o_tmp->filename, PATH_MAX); -+ -+ if (!len || len >= PATH_MAX) -+ return -EINVAL; -+ -+ if ((tmp = (char *) acl_alloc(len)) == NULL) -+ return -ENOMEM; -+ -+ if (copy_from_user(tmp, o_tmp->filename, len)) -+ return -EFAULT; -+ tmp[len-1] = '\0'; -+ o_tmp->filename = tmp; ++ ret = alloc_and_copy_string(&o_tmp->filename, PATH_MAX); ++ if (ret) ++ return ret; + + insert_acl_obj_label(o_tmp, subj); + if (!insert_name_entry(o_tmp->filename, o_tmp->inode, @@ -58772,8 +61849,7 @@ index 0000000..1248ee0 + __u32 num = 0; + + while (userp) { -+ if (copy_from_user(&s_tmp, userp, -+ sizeof (struct acl_subject_label))) ++ if (copy_acl_subject_label(&s_tmp, userp)) + break; + + userp = s_tmp.prev; @@ -58796,8 +61872,7 @@ index 0000000..1248ee0 + acl_alloc(sizeof (struct role_allowed_ip))) == NULL) + return -ENOMEM; + -+ if (copy_from_user(rtmp, ruserip, -+ sizeof (struct role_allowed_ip))) ++ if (copy_role_allowed_ip(rtmp, ruserip)) + return -EFAULT; + + ruserip = rtmp->prev; @@ -58821,9 +61896,7 @@ index 0000000..1248ee0 +copy_user_transitions(struct acl_role_label *rolep) +{ + struct role_transition *rusertp, *rtmp = NULL, *rlast; -+ -+ unsigned int len; -+ char *tmp; ++ int error; + + rusertp = rolep->transitions; + @@ -58834,24 +61907,14 @@ index 0000000..1248ee0 + acl_alloc(sizeof (struct role_transition))) == NULL) + return -ENOMEM; + -+ if (copy_from_user(rtmp, rusertp, -+ sizeof (struct role_transition))) ++ if (copy_role_transition(rtmp, rusertp)) + return -EFAULT; + + rusertp = rtmp->prev; + -+ len = strnlen_user(rtmp->rolename, GR_SPROLE_LEN); -+ -+ if (!len || len >= GR_SPROLE_LEN) -+ return -EINVAL; -+ -+ if ((tmp = (char *) acl_alloc(len)) == NULL) -+ return -ENOMEM; -+ -+ if (copy_from_user(tmp, rtmp->rolename, len)) -+ return -EFAULT; -+ tmp[len-1] = '\0'; -+ rtmp->rolename = tmp; ++ error = alloc_and_copy_string(&rtmp->rolename, GR_SPROLE_LEN); ++ if (error) ++ return error; + + if (!rlast) { + rtmp->prev = NULL; @@ -58868,12 +61931,26 @@ index 0000000..1248ee0 + return 0; +} + ++static __u32 count_user_objs(const struct acl_object_label __user *userp) ++{ ++ struct acl_object_label o_tmp; ++ __u32 num = 0; ++ ++ while (userp) { ++ if (copy_acl_object_label(&o_tmp, userp)) ++ break; ++ ++ userp = o_tmp.prev; ++ num++; ++ } ++ ++ return num; ++} ++ +static struct acl_subject_label * +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role, int *already_copied) +{ + struct acl_subject_label *s_tmp = NULL, *s_tmp2; -+ unsigned int len; -+ char *tmp; + __u32 num_objs; + struct acl_ip_label **i_tmp, *i_utmp2; + struct gr_hash_struct ghash; @@ -58907,27 +61984,17 @@ index 0000000..1248ee0 + subjmap->kernel = s_tmp; + insert_subj_map_entry(subjmap); + -+ if (copy_from_user(s_tmp, userp, -+ sizeof (struct acl_subject_label))) ++ if (copy_acl_subject_label(s_tmp, userp)) + return ERR_PTR(-EFAULT); + -+ len = strnlen_user(s_tmp->filename, PATH_MAX); -+ -+ if (!len || len >= PATH_MAX) -+ return ERR_PTR(-EINVAL); -+ -+ if ((tmp = (char *) acl_alloc(len)) == NULL) -+ return ERR_PTR(-ENOMEM); -+ -+ if (copy_from_user(tmp, s_tmp->filename, len)) -+ return ERR_PTR(-EFAULT); -+ tmp[len-1] = '\0'; -+ s_tmp->filename = tmp; ++ err = alloc_and_copy_string(&s_tmp->filename, PATH_MAX); ++ if (err) ++ return ERR_PTR(err); + + if (!strcmp(s_tmp->filename, "/")) + role->root_label = s_tmp; + -+ if (copy_from_user(&ghash, s_tmp->hash, sizeof(struct gr_hash_struct))) ++ if (copy_gr_hash_struct(&ghash, s_tmp->hash)) + return ERR_PTR(-EFAULT); + + /* copy user and group transition tables */ @@ -59008,28 +62075,18 @@ index 0000000..1248ee0 + if (!*(i_tmp + i_num)) + return ERR_PTR(-ENOMEM); + -+ if (copy_from_user -+ (&i_utmp2, s_tmp->ips + i_num, -+ sizeof (struct acl_ip_label *))) ++ if (copy_pointer_from_array(&i_utmp2, i_num, s_tmp->ips)) + return ERR_PTR(-EFAULT); + -+ if (copy_from_user -+ (*(i_tmp + i_num), i_utmp2, -+ sizeof (struct acl_ip_label))) ++ if (copy_acl_ip_label(*(i_tmp + i_num), i_utmp2)) + return ERR_PTR(-EFAULT); + + if ((*(i_tmp + i_num))->iface == NULL) + continue; + -+ len = strnlen_user((*(i_tmp + i_num))->iface, IFNAMSIZ); -+ if (!len || len >= IFNAMSIZ) -+ return ERR_PTR(-EINVAL); -+ tmp = acl_alloc(len); -+ if (tmp == NULL) -+ return ERR_PTR(-ENOMEM); -+ if (copy_from_user(tmp, (*(i_tmp + i_num))->iface, len)) -+ return ERR_PTR(-EFAULT); -+ (*(i_tmp + i_num))->iface = tmp; ++ err = alloc_and_copy_string(&(*(i_tmp + i_num))->iface, IFNAMSIZ); ++ if (err) ++ return ERR_PTR(err); + } + + s_tmp->ips = i_tmp; @@ -59050,8 +62107,7 @@ index 0000000..1248ee0 + int err; + + while (userp) { -+ if (copy_from_user(&s_pre, userp, -+ sizeof (struct acl_subject_label))) ++ if (copy_acl_subject_label(&s_pre, userp)) + return -EFAULT; + + ret = do_copy_user_subj(userp, role, NULL); @@ -59077,8 +62133,6 @@ index 0000000..1248ee0 + struct gr_hash_struct *ghash; + uid_t *domainlist; + unsigned int r_num; -+ unsigned int len; -+ char *tmp; + int err = 0; + __u16 i; + __u32 num_subjs; @@ -59099,26 +62153,17 @@ index 0000000..1248ee0 + sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw)); + if (!sptmp) + return -ENOMEM; -+ if (copy_from_user(sptmp, arg->sprole_pws + i, -+ sizeof (struct sprole_pw))) ++ if (copy_sprole_pw(sptmp, i, arg->sprole_pws)) + return -EFAULT; + -+ len = strnlen_user(sptmp->rolename, GR_SPROLE_LEN); -+ -+ if (!len || len >= GR_SPROLE_LEN) -+ return -EINVAL; -+ -+ if ((tmp = (char *) acl_alloc(len)) == NULL) -+ return -ENOMEM; -+ -+ if (copy_from_user(tmp, sptmp->rolename, len)) -+ return -EFAULT; ++ err = alloc_and_copy_string((char **)&sptmp->rolename, GR_SPROLE_LEN); ++ if (err) ++ return err; + -+ tmp[len-1] = '\0'; +#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG -+ printk(KERN_ALERT "Copying special role %s\n", tmp); ++ printk(KERN_ALERT "Copying special role %s\n", sptmp->rolename); +#endif -+ sptmp->rolename = tmp; ++ + acl_special_roles[i] = sptmp; + } + @@ -59130,27 +62175,15 @@ index 0000000..1248ee0 + if (!r_tmp) + return -ENOMEM; + -+ if (copy_from_user(&r_utmp2, r_utmp + r_num, -+ sizeof (struct acl_role_label *))) ++ if (copy_pointer_from_array(&r_utmp2, r_num, r_utmp)) + return -EFAULT; + -+ if (copy_from_user(r_tmp, r_utmp2, -+ sizeof (struct acl_role_label))) ++ if (copy_acl_role_label(r_tmp, r_utmp2)) + return -EFAULT; + -+ len = strnlen_user(r_tmp->rolename, GR_SPROLE_LEN); -+ -+ if (!len || len >= PATH_MAX) -+ return -EINVAL; -+ -+ if ((tmp = (char *) acl_alloc(len)) == NULL) -+ return -ENOMEM; -+ -+ if (copy_from_user(tmp, r_tmp->rolename, len)) -+ return -EFAULT; -+ -+ tmp[len-1] = '\0'; -+ r_tmp->rolename = tmp; ++ err = alloc_and_copy_string(&r_tmp->rolename, GR_SPROLE_LEN); ++ if (err) ++ return err; + + if (!strcmp(r_tmp->rolename, "default") + && (r_tmp->roletype & GR_ROLE_DEFAULT)) { @@ -59162,7 +62195,7 @@ index 0000000..1248ee0 + if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL) + return -ENOMEM; + -+ if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct))) ++ if (copy_gr_hash_struct(ghash, r_tmp->hash)) + return -EFAULT; + + r_tmp->hash = ghash; @@ -59944,7 +62977,7 @@ index 0000000..1248ee0 + return; +} + -+extern int __gr_process_user_ban(struct user_struct *user); ++extern int gr_process_kernel_setuid_ban(struct user_struct *user); + +int +gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs) @@ -59958,7 +62991,7 @@ index 0000000..1248ee0 + int fsok = 0; + uid_t globalreal, globaleffective, globalfs; + -+#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT) || defined(CONFIG_GRKERNSEC_BRUTE) ++#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT) + struct user_struct *user; + + if (!uid_valid(real)) @@ -59972,7 +63005,7 @@ index 0000000..1248ee0 + if (user == NULL) + goto skipit; + -+ if (__gr_process_user_ban(user)) { ++ if (gr_process_kernel_setuid_ban(user)) { + /* for find_user */ + free_uid(user); + return 1; @@ -60771,13 +63804,14 @@ index 0000000..1248ee0 +} + +ssize_t -+write_grsec_handler(struct file *file, const char * buf, size_t count, loff_t *ppos) ++write_grsec_handler(struct file *file, const char __user * buf, size_t count, loff_t *ppos) +{ + struct gr_arg_wrapper uwrap; + unsigned char *sprole_salt = NULL; + unsigned char *sprole_sum = NULL; -+ int error = sizeof (struct gr_arg_wrapper); ++ int error = 0; + int error2 = 0; ++ size_t req_count = 0; + + mutex_lock(&gr_dev_mutex); + @@ -60786,8 +63820,42 @@ index 0000000..1248ee0 + goto out; + } + -+ if (count != sizeof (struct gr_arg_wrapper)) { -+ gr_log_int_int(GR_DONT_AUDIT_GOOD, GR_DEV_ACL_MSG, (int)count, (int)sizeof(struct gr_arg_wrapper)); ++#ifdef CONFIG_COMPAT ++ pax_open_kernel(); ++ if (is_compat_task()) { ++ copy_gr_arg_wrapper = ©_gr_arg_wrapper_compat; ++ copy_gr_arg = ©_gr_arg_compat; ++ copy_acl_object_label = ©_acl_object_label_compat; ++ copy_acl_subject_label = ©_acl_subject_label_compat; ++ copy_acl_role_label = ©_acl_role_label_compat; ++ copy_acl_ip_label = ©_acl_ip_label_compat; ++ copy_role_allowed_ip = ©_role_allowed_ip_compat; ++ copy_role_transition = ©_role_transition_compat; ++ copy_sprole_pw = ©_sprole_pw_compat; ++ copy_gr_hash_struct = ©_gr_hash_struct_compat; ++ copy_pointer_from_array = ©_pointer_from_array_compat; ++ get_gr_arg_wrapper_size = &get_gr_arg_wrapper_size_compat; ++ } else { ++ copy_gr_arg_wrapper = ©_gr_arg_wrapper_normal; ++ copy_gr_arg = ©_gr_arg_normal; ++ copy_acl_object_label = ©_acl_object_label_normal; ++ copy_acl_subject_label = ©_acl_subject_label_normal; ++ copy_acl_role_label = ©_acl_role_label_normal; ++ copy_acl_ip_label = ©_acl_ip_label_normal; ++ copy_role_allowed_ip = ©_role_allowed_ip_normal; ++ copy_role_transition = ©_role_transition_normal; ++ copy_sprole_pw = ©_sprole_pw_normal; ++ copy_gr_hash_struct = ©_gr_hash_struct_normal; ++ copy_pointer_from_array = ©_pointer_from_array_normal; ++ get_gr_arg_wrapper_size = &get_gr_arg_wrapper_size_normal; ++ } ++ pax_close_kernel(); ++#endif ++ ++ req_count = get_gr_arg_wrapper_size(); ++ ++ if (count != req_count) { ++ gr_log_int_int(GR_DONT_AUDIT_GOOD, GR_DEV_ACL_MSG, (int)count, (int)req_count); + error = -EINVAL; + goto out; + } @@ -60798,20 +63866,13 @@ index 0000000..1248ee0 + gr_auth_attempts = 0; + } + -+ if (copy_from_user(&uwrap, buf, sizeof (struct gr_arg_wrapper))) { -+ error = -EFAULT; ++ error = copy_gr_arg_wrapper(buf, &uwrap); ++ if (error) + goto out; -+ } + -+ if ((uwrap.version != GRSECURITY_VERSION) || (uwrap.size != sizeof(struct gr_arg))) { -+ error = -EINVAL; -+ goto out; -+ } -+ -+ if (copy_from_user(gr_usermode, uwrap.arg, sizeof (struct gr_arg))) { -+ error = -EFAULT; ++ error = copy_gr_arg(uwrap.arg, gr_usermode); ++ if (error) + goto out; -+ } + + if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_SPROLEPAM && + gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES && @@ -61004,6 +64065,10 @@ index 0000000..1248ee0 + + out: + mutex_unlock(&gr_dev_mutex); ++ ++ if (!error) ++ error = req_count; ++ + return error; +} + @@ -61897,6 +64962,281 @@ index 0000000..bdd51ea + return gr_task_acl_is_capable_nolog(current, cap); +} + +diff --git a/grsecurity/gracl_compat.c b/grsecurity/gracl_compat.c +new file mode 100644 +index 0000000..a43dd06 +--- /dev/null ++++ b/grsecurity/gracl_compat.c +@@ -0,0 +1,269 @@ ++#include ++#include ++#include ++#include ++ ++#include ++ ++int copy_gr_arg_wrapper_compat(const char *buf, struct gr_arg_wrapper *uwrap) ++{ ++ struct gr_arg_wrapper_compat uwrapcompat; ++ ++ if (copy_from_user(&uwrapcompat, buf, sizeof(uwrapcompat))) ++ return -EFAULT; ++ ++ if ((uwrapcompat.version != GRSECURITY_VERSION) || ++ (uwrapcompat.size != sizeof(struct gr_arg_compat))) ++ return -EINVAL; ++ ++ uwrap->arg = compat_ptr(uwrapcompat.arg); ++ uwrap->version = uwrapcompat.version; ++ uwrap->size = sizeof(struct gr_arg); ++ ++ return 0; ++} ++ ++int copy_gr_arg_compat(const struct gr_arg __user *buf, struct gr_arg *arg) ++{ ++ struct gr_arg_compat argcompat; ++ ++ if (copy_from_user(&argcompat, buf, sizeof(argcompat))) ++ return -EFAULT; ++ ++ arg->role_db.r_table = compat_ptr(argcompat.role_db.r_table); ++ arg->role_db.num_pointers = argcompat.role_db.num_pointers; ++ arg->role_db.num_roles = argcompat.role_db.num_roles; ++ arg->role_db.num_domain_children = argcompat.role_db.num_domain_children; ++ arg->role_db.num_subjects = argcompat.role_db.num_subjects; ++ arg->role_db.num_objects = argcompat.role_db.num_objects; ++ ++ memcpy(&arg->pw, &argcompat.pw, sizeof(arg->pw)); ++ memcpy(&arg->salt, &argcompat.salt, sizeof(arg->salt)); ++ memcpy(&arg->sum, &argcompat.sum, sizeof(arg->sum)); ++ memcpy(&arg->sp_role, &argcompat.sp_role, sizeof(arg->sp_role)); ++ arg->sprole_pws = compat_ptr(argcompat.sprole_pws); ++ arg->segv_device = argcompat.segv_device; ++ arg->segv_inode = argcompat.segv_inode; ++ arg->segv_uid = argcompat.segv_uid; ++ arg->num_sprole_pws = argcompat.num_sprole_pws; ++ arg->mode = argcompat.mode; ++ ++ return 0; ++} ++ ++int copy_acl_object_label_compat(struct acl_object_label *obj, const struct acl_object_label *userp) ++{ ++ struct acl_object_label_compat objcompat; ++ ++ if (copy_from_user(&objcompat, userp, sizeof(objcompat))) ++ return -EFAULT; ++ ++ obj->filename = compat_ptr(objcompat.filename); ++ obj->inode = objcompat.inode; ++ obj->device = objcompat.device; ++ obj->mode = objcompat.mode; ++ ++ obj->nested = compat_ptr(objcompat.nested); ++ obj->globbed = compat_ptr(objcompat.globbed); ++ ++ obj->prev = compat_ptr(objcompat.prev); ++ obj->next = compat_ptr(objcompat.next); ++ ++ return 0; ++} ++ ++int copy_acl_subject_label_compat(struct acl_subject_label *subj, const struct acl_subject_label *userp) ++{ ++ unsigned int i; ++ struct acl_subject_label_compat subjcompat; ++ ++ if (copy_from_user(&subjcompat, userp, sizeof(subjcompat))) ++ return -EFAULT; ++ ++ subj->filename = compat_ptr(subjcompat.filename); ++ subj->inode = subjcompat.inode; ++ subj->device = subjcompat.device; ++ subj->mode = subjcompat.mode; ++ subj->cap_mask = subjcompat.cap_mask; ++ subj->cap_lower = subjcompat.cap_lower; ++ subj->cap_invert_audit = subjcompat.cap_invert_audit; ++ ++ for (i = 0; i < GR_NLIMITS; i++) { ++ if (subjcompat.res[i].rlim_cur == COMPAT_RLIM_INFINITY) ++ subj->res[i].rlim_cur = RLIM_INFINITY; ++ else ++ subj->res[i].rlim_cur = subjcompat.res[i].rlim_cur; ++ if (subjcompat.res[i].rlim_max == COMPAT_RLIM_INFINITY) ++ subj->res[i].rlim_max = RLIM_INFINITY; ++ else ++ subj->res[i].rlim_max = subjcompat.res[i].rlim_max; ++ } ++ subj->resmask = subjcompat.resmask; ++ ++ subj->user_trans_type = subjcompat.user_trans_type; ++ subj->group_trans_type = subjcompat.group_trans_type; ++ subj->user_transitions = compat_ptr(subjcompat.user_transitions); ++ subj->group_transitions = compat_ptr(subjcompat.group_transitions); ++ subj->user_trans_num = subjcompat.user_trans_num; ++ subj->group_trans_num = subjcompat.group_trans_num; ++ ++ memcpy(&subj->sock_families, &subjcompat.sock_families, sizeof(subj->sock_families)); ++ memcpy(&subj->ip_proto, &subjcompat.ip_proto, sizeof(subj->ip_proto)); ++ subj->ip_type = subjcompat.ip_type; ++ subj->ips = compat_ptr(subjcompat.ips); ++ subj->ip_num = subjcompat.ip_num; ++ subj->inaddr_any_override = subjcompat.inaddr_any_override; ++ ++ subj->crashes = subjcompat.crashes; ++ subj->expires = subjcompat.expires; ++ ++ subj->parent_subject = compat_ptr(subjcompat.parent_subject); ++ subj->hash = compat_ptr(subjcompat.hash); ++ subj->prev = compat_ptr(subjcompat.prev); ++ subj->next = compat_ptr(subjcompat.next); ++ ++ subj->obj_hash = compat_ptr(subjcompat.obj_hash); ++ subj->obj_hash_size = subjcompat.obj_hash_size; ++ subj->pax_flags = subjcompat.pax_flags; ++ ++ return 0; ++} ++ ++int copy_acl_role_label_compat(struct acl_role_label *role, const struct acl_role_label *userp) ++{ ++ struct acl_role_label_compat rolecompat; ++ ++ if (copy_from_user(&rolecompat, userp, sizeof(rolecompat))) ++ return -EFAULT; ++ ++ role->rolename = compat_ptr(rolecompat.rolename); ++ role->uidgid = rolecompat.uidgid; ++ role->roletype = rolecompat.roletype; ++ ++ role->auth_attempts = rolecompat.auth_attempts; ++ role->expires = rolecompat.expires; ++ ++ role->root_label = compat_ptr(rolecompat.root_label); ++ role->hash = compat_ptr(rolecompat.hash); ++ ++ role->prev = compat_ptr(rolecompat.prev); ++ role->next = compat_ptr(rolecompat.next); ++ ++ role->transitions = compat_ptr(rolecompat.transitions); ++ role->allowed_ips = compat_ptr(rolecompat.allowed_ips); ++ role->domain_children = compat_ptr(rolecompat.domain_children); ++ role->domain_child_num = rolecompat.domain_child_num; ++ ++ role->umask = rolecompat.umask; ++ ++ role->subj_hash = compat_ptr(rolecompat.subj_hash); ++ role->subj_hash_size = rolecompat.subj_hash_size; ++ ++ return 0; ++} ++ ++int copy_role_allowed_ip_compat(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp) ++{ ++ struct role_allowed_ip_compat roleip_compat; ++ ++ if (copy_from_user(&roleip_compat, userp, sizeof(roleip_compat))) ++ return -EFAULT; ++ ++ roleip->addr = roleip_compat.addr; ++ roleip->netmask = roleip_compat.netmask; ++ ++ roleip->prev = compat_ptr(roleip_compat.prev); ++ roleip->next = compat_ptr(roleip_compat.next); ++ ++ return 0; ++} ++ ++int copy_role_transition_compat(struct role_transition *trans, const struct role_transition *userp) ++{ ++ struct role_transition_compat trans_compat; ++ ++ if (copy_from_user(&trans_compat, userp, sizeof(trans_compat))) ++ return -EFAULT; ++ ++ trans->rolename = compat_ptr(trans_compat.rolename); ++ ++ trans->prev = compat_ptr(trans_compat.prev); ++ trans->next = compat_ptr(trans_compat.next); ++ ++ return 0; ++ ++} ++ ++int copy_gr_hash_struct_compat(struct gr_hash_struct *hash, const struct gr_hash_struct *userp) ++{ ++ struct gr_hash_struct_compat hash_compat; ++ ++ if (copy_from_user(&hash_compat, userp, sizeof(hash_compat))) ++ return -EFAULT; ++ ++ hash->table = compat_ptr(hash_compat.table); ++ hash->nametable = compat_ptr(hash_compat.nametable); ++ hash->first = compat_ptr(hash_compat.first); ++ ++ hash->table_size = hash_compat.table_size; ++ hash->used_size = hash_compat.used_size; ++ ++ hash->type = hash_compat.type; ++ ++ return 0; ++} ++ ++int copy_pointer_from_array_compat(void *ptr, unsigned long idx, const void *userp) ++{ ++ compat_uptr_t ptrcompat; ++ ++ if (copy_from_user(&ptrcompat, userp + (idx * sizeof(ptrcompat)), sizeof(ptrcompat))) ++ return -EFAULT; ++ ++ *(void **)ptr = compat_ptr(ptrcompat); ++ ++ return 0; ++} ++ ++int copy_acl_ip_label_compat(struct acl_ip_label *ip, const struct acl_ip_label *userp) ++{ ++ struct acl_ip_label_compat ip_compat; ++ ++ if (copy_from_user(&ip_compat, userp, sizeof(ip_compat))) ++ return -EFAULT; ++ ++ ip->iface = compat_ptr(ip_compat.iface); ++ ip->addr = ip_compat.addr; ++ ip->netmask = ip_compat.netmask; ++ ip->low = ip_compat.low; ++ ip->high = ip_compat.high; ++ ip->mode = ip_compat.mode; ++ ip->type = ip_compat.type; ++ ++ memcpy(&ip->proto, &ip_compat.proto, sizeof(ip->proto)); ++ ++ ip->prev = compat_ptr(ip_compat.prev); ++ ip->next = compat_ptr(ip_compat.next); ++ ++ return 0; ++} ++ ++int copy_sprole_pw_compat(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp) ++{ ++ struct sprole_pw_compat pw_compat; ++ ++ if (copy_from_user(&pw_compat, (const void *)userp + (sizeof(pw_compat) * idx), sizeof(pw_compat))) ++ return -EFAULT; ++ ++ pw->rolename = compat_ptr(pw_compat.rolename); ++ memcpy(&pw->salt, pw_compat.salt, sizeof(pw->salt)); ++ memcpy(&pw->sum, pw_compat.sum, sizeof(pw->sum)); ++ ++ return 0; ++} ++ ++size_t get_gr_arg_wrapper_size_compat(void) ++{ ++ return sizeof(struct gr_arg_wrapper_compat); ++} ++ diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c new file mode 100644 index 0000000..a340c17 @@ -63016,7 +66356,7 @@ index 0000000..39645c9 +} diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c new file mode 100644 -index 0000000..4dcc92a +index 0000000..3c38bfe --- /dev/null +++ b/grsecurity/gracl_segv.c @@ -0,0 +1,305 @@ @@ -63258,7 +66598,7 @@ index 0000000..4dcc92a + if (likely(tsk != task)) { + // if this thread has the same subject as the one that triggered + // RES_CRASH and it's the same binary, kill it -+ if (tsk->acl == task->acl && tsk->exec_file == task->exec_file) ++ if (tsk->acl == task->acl && gr_is_same_file(tsk->exec_file, task->exec_file)) + gr_fake_force_sig(SIGKILL, tsk); + } + } while_each_thread(tsk2, tsk); @@ -64466,10 +67806,10 @@ index 0000000..8ca18bf +} diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c new file mode 100644 -index 0000000..a862e9f +index 0000000..ab2d875 --- /dev/null +++ b/grsecurity/grsec_init.c -@@ -0,0 +1,283 @@ +@@ -0,0 +1,279 @@ +#include +#include +#include @@ -64493,7 +67833,6 @@ index 0000000..a862e9f +int grsec_enable_forkfail; +int grsec_enable_audit_ptrace; +int grsec_enable_time; -+int grsec_enable_audit_textrel; +int grsec_enable_group; +kgid_t grsec_audit_gid; +int grsec_enable_chdir; @@ -64625,9 +67964,6 @@ index 0000000..a862e9f + grsec_lock = 1; +#endif + -+#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL -+ grsec_enable_audit_textrel = 1; -+#endif +#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG + grsec_enable_log_rwxmaps = 1; +#endif @@ -64819,15 +68155,16 @@ index 0000000..5e05e20 +} diff --git a/grsecurity/grsec_log.c b/grsecurity/grsec_log.c new file mode 100644 -index 0000000..7c06085 +index 0000000..dbe0a6b --- /dev/null +++ b/grsecurity/grsec_log.c -@@ -0,0 +1,326 @@ +@@ -0,0 +1,341 @@ +#include +#include +#include +#include +#include ++#include +#include + +#ifdef CONFIG_TREE_PREEMPT_RCU @@ -64974,6 +68311,7 @@ index 0000000..7c06085 + struct vfsmount *mnt = NULL; + struct file *file = NULL; + struct task_struct *task = NULL; ++ struct vm_area_struct *vma = NULL; + const struct cred *cred, *pcred; + va_list ap; + @@ -65113,6 +68451,19 @@ index 0000000..7c06085 + file = va_arg(ap, struct file *); + gr_log_middle_varargs(audit, msg, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : ""); + break; ++ case GR_RWXMAPVMA: ++ vma = va_arg(ap, struct vm_area_struct *); ++ if (vma->vm_file) ++ str1 = gr_to_filename(vma->vm_file->f_path.dentry, vma->vm_file->f_path.mnt); ++ else if (vma->vm_flags & (VM_GROWSDOWN | VM_GROWSUP)) ++ str1 = ""; ++ else if (vma->vm_start <= current->mm->brk && ++ vma->vm_end >= current->mm->start_brk) ++ str1 = ""; ++ else ++ str1 = ""; ++ gr_log_middle_varargs(audit, msg, str1); ++ break; + case GR_PSACCT: + { + unsigned int wday, cday; @@ -65265,10 +68616,10 @@ index 0000000..2131422 +} diff --git a/grsecurity/grsec_pax.c b/grsecurity/grsec_pax.c new file mode 100644 -index 0000000..a3b12a0 +index 0000000..6ee9d50 --- /dev/null +++ b/grsecurity/grsec_pax.c -@@ -0,0 +1,36 @@ +@@ -0,0 +1,45 @@ +#include +#include +#include @@ -65279,9 +68630,18 @@ index 0000000..a3b12a0 +void +gr_log_textrel(struct vm_area_struct * vma) +{ -+#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL -+ if (grsec_enable_audit_textrel) -+ gr_log_textrel_ulong_ulong(GR_DO_AUDIT, GR_TEXTREL_AUDIT_MSG, vma->vm_file, vma->vm_start, vma->vm_pgoff); ++#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG ++ if (grsec_enable_log_rwxmaps) ++ gr_log_textrel_ulong_ulong(GR_DONT_AUDIT, GR_TEXTREL_AUDIT_MSG, vma->vm_file, vma->vm_start, vma->vm_pgoff); ++#endif ++ return; ++} ++ ++void gr_log_ptgnustack(struct file *file) ++{ ++#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG ++ if (grsec_enable_log_rwxmaps) ++ gr_log_rwxmap(GR_DONT_AUDIT, GR_PTGNUSTACK_MSG, file); +#endif + return; +} @@ -65297,11 +68657,11 @@ index 0000000..a3b12a0 +} + +void -+gr_log_rwxmprotect(struct file *file) ++gr_log_rwxmprotect(struct vm_area_struct *vma) +{ +#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG + if (grsec_enable_log_rwxmaps) -+ gr_log_rwxmap(GR_DONT_AUDIT, GR_RWXMPROTECT_MSG, file); ++ gr_log_rwxmap_vma(GR_DONT_AUDIT, GR_RWXMPROTECT_MSG, vma); +#endif + return; +} @@ -65343,12 +68703,13 @@ index 0000000..f7f29aa +} diff --git a/grsecurity/grsec_sig.c b/grsecurity/grsec_sig.c new file mode 100644 -index 0000000..e09715a +index 0000000..4e29cc7 --- /dev/null +++ b/grsecurity/grsec_sig.c -@@ -0,0 +1,222 @@ +@@ -0,0 +1,246 @@ +#include +#include ++#include +#include +#include +#include @@ -65448,7 +68809,7 @@ index 0000000..e09715a + rcu_read_lock(); + read_lock(&tasklist_lock); + read_lock(&grsec_exec_file_lock); -+ if (p->real_parent && p->real_parent->exec_file == p->exec_file) { ++ if (p->real_parent && gr_is_same_file(p->real_parent->exec_file, p->exec_file)) { + p->real_parent->brute_expires = get_seconds() + GR_DAEMON_BRUTE_TIME; + p->real_parent->brute = 1; + daemon = 1; @@ -65465,14 +68826,15 @@ index 0000000..e09715a + user = find_user(uid); + if (user == NULL) + goto unlock; -+ user->banned = 1; -+ user->ban_expires = get_seconds() + GR_USER_BAN_TIME; -+ if (user->ban_expires == ~0UL) -+ user->ban_expires--; ++ user->suid_banned = 1; ++ user->suid_ban_expires = get_seconds() + GR_USER_BAN_TIME; ++ if (user->suid_ban_expires == ~0UL) ++ user->suid_ban_expires--; + ++ /* only kill other threads of the same binary, from the same user */ + do_each_thread(tsk2, tsk) { + cred2 = __task_cred(tsk); -+ if (tsk != p && uid_eq(cred2->uid, uid)) ++ if (tsk != p && uid_eq(cred2->uid, uid) && gr_is_same_file(tsk->exec_file, p->exec_file)) + gr_fake_force_sig(SIGKILL, tsk); + } while_each_thread(tsk2, tsk); + } @@ -65483,8 +68845,7 @@ index 0000000..e09715a + rcu_read_unlock(); + + if (gr_is_global_nonroot(uid)) -+ printk(KERN_ALERT "grsec: bruteforce prevention initiated against uid %u, banning for %d minutes\n", -+ GR_GLOBAL_UID(uid), GR_USER_BAN_TIME / 60); ++ gr_log_fs_int2(GR_DONT_AUDIT, GR_BRUTE_SUID_MSG, p->exec_file->f_path.dentry, p->exec_file->f_path.mnt, GR_GLOBAL_UID(uid), GR_USER_BAN_TIME / 60); + else if (daemon) + gr_log_noargs(GR_DONT_AUDIT, GR_BRUTE_DAEMON_MSG); + @@ -65531,11 +68892,10 @@ index 0000000..e09715a + GR_GLOBAL_UID(uid)); + /* we intentionally leak this ref */ + user = get_uid(current->cred->user); -+ if (user) { -+ user->banned = 1; -+ user->ban_expires = ~0UL; -+ } ++ if (user) ++ user->kernel_banned = 1; + ++ /* kill all processes of this user */ + read_lock(&tasklist_lock); + do_each_thread(tsk2, tsk) { + cred = __task_cred(tsk); @@ -65547,25 +68907,49 @@ index 0000000..e09715a +#endif +} + -+int __gr_process_user_ban(struct user_struct *user) ++#ifdef CONFIG_GRKERNSEC_BRUTE ++static bool suid_ban_expired(struct user_struct *user) +{ -+#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT) || defined(CONFIG_GRKERNSEC_BRUTE) -+ if (unlikely(user->banned)) { -+ if (user->ban_expires != ~0UL && time_after_eq(get_seconds(), user->ban_expires)) { -+ user->banned = 0; -+ user->ban_expires = 0; -+ free_uid(user); -+ } else -+ return -EPERM; ++ if (user->suid_ban_expires != ~0UL && time_after_eq(get_seconds(), user->suid_ban_expires)) { ++ user->suid_banned = 0; ++ user->suid_ban_expires = 0; ++ free_uid(user); ++ return true; + } ++ ++ return false; ++} ++#endif ++ ++int gr_process_kernel_exec_ban(void) ++{ ++#ifdef CONFIG_GRKERNSEC_KERN_LOCKOUT ++ if (unlikely(current->cred->user->kernel_banned)) ++ return -EPERM; +#endif + return 0; +} + -+int gr_process_user_ban(void) ++int gr_process_kernel_setuid_ban(struct user_struct *user) +{ -+#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT) || defined(CONFIG_GRKERNSEC_BRUTE) -+ return __gr_process_user_ban(current->cred->user); ++#ifdef CONFIG_GRKERNSEC_KERN_LOCKOUT ++ if (unlikely(user->kernel_banned)) ++ gr_fake_force_sig(SIGKILL, current); ++#endif ++ return 0; ++} ++ ++int gr_process_suid_exec_ban(const struct linux_binprm *bprm) ++{ ++#ifdef CONFIG_GRKERNSEC_BRUTE ++ struct user_struct *user = current->cred->user; ++ if (unlikely(user->suid_banned)) { ++ if (suid_ban_expired(user)) ++ return 0; ++ /* disallow execution of suid binaries only */ ++ else if (!uid_eq(bprm->cred->euid, current->cred->uid)) ++ return -EPERM; ++ } +#endif + return 0; +} @@ -65821,10 +69205,10 @@ index 0000000..4030d57 +} diff --git a/grsecurity/grsec_sysctl.c b/grsecurity/grsec_sysctl.c new file mode 100644 -index 0000000..f55ef0f +index 0000000..7624d1c --- /dev/null +++ b/grsecurity/grsec_sysctl.c -@@ -0,0 +1,469 @@ +@@ -0,0 +1,460 @@ +#include +#include +#include @@ -66218,15 +69602,6 @@ index 0000000..f55ef0f + .proc_handler = &proc_dointvec, + }, +#endif -+#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL -+ { -+ .procname = "audit_textrel", -+ .data = &grsec_enable_audit_textrel, -+ .maxlen = sizeof(int), -+ .mode = 0600, -+ .proc_handler = &proc_dointvec, -+ }, -+#endif +#ifdef CONFIG_GRKERNSEC_DMESG + { + .procname = "dmesg", @@ -67049,11 +70424,28 @@ index a59ff51..2594a70 100644 #endif /* CONFIG_MMU */ #endif /* !__ASSEMBLY__ */ +diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h +index c184aa8..d049942 100644 +--- a/include/asm-generic/uaccess.h ++++ b/include/asm-generic/uaccess.h +@@ -343,4 +343,12 @@ clear_user(void __user *to, unsigned long n) + return __clear_user(to, n); + } + ++#ifndef __HAVE_ARCH_PAX_OPEN_USERLAND ++//static inline unsigned long pax_open_userland(void) { return 0; } ++#endif ++ ++#ifndef __HAVE_ARCH_PAX_CLOSE_USERLAND ++//static inline unsigned long pax_close_userland(void) { return 0; } ++#endif ++ + #endif /* __ASM_GENERIC_UACCESS_H */ diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h -index afa12c7..99d4da0 100644 +index eb58d2d..df131bf 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h -@@ -245,6 +245,7 @@ +@@ -239,6 +239,7 @@ .rodata : AT(ADDR(.rodata) - LOAD_OFFSET) { \ VMLINUX_SYMBOL(__start_rodata) = .; \ *(.rodata) *(.rodata.*) \ @@ -67061,7 +70453,7 @@ index afa12c7..99d4da0 100644 *(__vermagic) /* Kernel version magic */ \ . = ALIGN(8); \ VMLINUX_SYMBOL(__start___tracepoints_ptrs) = .; \ -@@ -755,17 +756,18 @@ +@@ -749,17 +750,18 @@ * section in the linker script will go there too. @phdr should have * a leading colon. * @@ -67098,7 +70490,7 @@ index 418d270..bfd2794 100644 struct crypto_instance { struct crypto_alg alg; diff --git a/include/drm/drmP.h b/include/drm/drmP.h -index f1ce786..086a7a5 100644 +index 63d17ee..716de2b 100644 --- a/include/drm/drmP.h +++ b/include/drm/drmP.h @@ -72,6 +72,7 @@ @@ -67124,19 +70516,20 @@ index f1ce786..086a7a5 100644 unsigned long arg); #define DRM_IOCTL_NR(n) _IOC_NR(n) -@@ -314,9 +317,9 @@ typedef int drm_ioctl_compat_t(struct file *filp, unsigned int cmd, +@@ -314,10 +317,10 @@ typedef int drm_ioctl_compat_t(struct file *filp, unsigned int cmd, struct drm_ioctl_desc { unsigned int cmd; int flags; - drm_ioctl_t *func; + drm_ioctl_t func; unsigned int cmd_drv; + const char *name; -}; +} __do_const; /** * Creates a driver or general drm_ioctl_desc array entry for the given -@@ -1014,7 +1017,7 @@ struct drm_info_list { +@@ -1015,7 +1018,7 @@ struct drm_info_list { int (*show)(struct seq_file*, void*); /** show callback */ u32 driver_features; /**< Required driver features for this entry */ void *data; @@ -67145,7 +70538,7 @@ index f1ce786..086a7a5 100644 /** * debugfs node structure. This structure represents a debugfs file. -@@ -1087,7 +1090,7 @@ struct drm_device { +@@ -1088,7 +1091,7 @@ struct drm_device { /** \name Usage Counters */ /*@{ */ @@ -67154,7 +70547,7 @@ index f1ce786..086a7a5 100644 atomic_t ioctl_count; /**< Outstanding IOCTLs pending */ atomic_t vma_count; /**< Outstanding vma areas open */ int buf_use; /**< Buffers in use -- cannot alloc */ -@@ -1098,7 +1101,7 @@ struct drm_device { +@@ -1099,7 +1102,7 @@ struct drm_device { /*@{ */ unsigned long counters; enum drm_stat_type types[15]; @@ -67225,14 +70618,15 @@ index c1da539..1dcec55 100644 struct atmphy_ops { int (*start)(struct atm_dev *dev); diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h -index c3a0914..ec5d48a 100644 +index 70cf138..0418ee2 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h -@@ -73,8 +73,9 @@ struct linux_binfmt { +@@ -73,8 +73,10 @@ struct linux_binfmt { int (*load_binary)(struct linux_binprm *); int (*load_shlib)(struct file *); int (*core_dump)(struct coredump_params *cprm); + void (*handle_mprotect)(struct vm_area_struct *vma, unsigned long newflags); ++ void (*handle_mmap)(struct file *); unsigned long min_coredump; /* minimal dump size */ -}; +} __do_const; @@ -67240,10 +70634,10 @@ index c3a0914..ec5d48a 100644 extern void __register_binfmt(struct linux_binfmt *fmt, int insert); diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h -index 33f358f..7f2c27f 100644 +index 2fdb4a4..54aad7e 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h -@@ -1499,7 +1499,7 @@ struct block_device_operations { +@@ -1526,7 +1526,7 @@ struct block_device_operations { /* this callback is with swap_lock and sometimes page table lock held */ void (*swap_slot_free_notify) (struct block_device *, unsigned long); struct module *owner; @@ -67311,7 +70705,7 @@ index 8609d57..86e4d79 100644 int (*generic_packet) (struct cdrom_device_info *, struct packet_command *); diff --git a/include/linux/cleancache.h b/include/linux/cleancache.h -index 42e55de..1cd0e66 100644 +index 4ce9056..86caac6 100644 --- a/include/linux/cleancache.h +++ b/include/linux/cleancache.h @@ -31,7 +31,7 @@ struct cleancache_ops { @@ -67321,40 +70715,52 @@ index 42e55de..1cd0e66 100644 -}; +} __no_const; - extern struct cleancache_ops + extern struct cleancache_ops * cleancache_register_ops(struct cleancache_ops *ops); +diff --git a/include/linux/clk-provider.h b/include/linux/clk-provider.h +index 1186098..f87e53d 100644 +--- a/include/linux/clk-provider.h ++++ b/include/linux/clk-provider.h +@@ -132,6 +132,7 @@ struct clk_ops { + unsigned long); + void (*init)(struct clk_hw *hw); + }; ++typedef struct clk_ops __no_const clk_ops_no_const; + + /** + * struct clk_init_data - holds init data that's common to all clocks and is diff --git a/include/linux/compat.h b/include/linux/compat.h -index 377cd8c..2479845 100644 +index 7f0c1dd..206ac34 100644 --- a/include/linux/compat.h +++ b/include/linux/compat.h -@@ -332,14 +332,14 @@ long compat_sys_msgsnd(int first, int second, int third, void __user *uptr); - long compat_sys_msgrcv(int first, int second, int msgtyp, int third, - int version, void __user *uptr); - long compat_sys_shmat(int first, int second, compat_uptr_t third, int version, -- void __user *uptr); -+ void __user *uptr) __intentional_overflow(0); - #else - long compat_sys_semctl(int semid, int semnum, int cmd, int arg); - long compat_sys_msgsnd(int msqid, struct compat_msgbuf __user *msgp, +@@ -312,7 +312,7 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, + compat_size_t __user *len_ptr); + + asmlinkage long compat_sys_ipc(u32, int, int, u32, compat_uptr_t, u32); +-asmlinkage long compat_sys_shmat(int shmid, compat_uptr_t shmaddr, int shmflg); ++asmlinkage long compat_sys_shmat(int shmid, compat_uptr_t shmaddr, int shmflg) __intentional_overflow(0); + asmlinkage long compat_sys_semctl(int semid, int semnum, int cmd, int arg); + asmlinkage long compat_sys_msgsnd(int msqid, compat_uptr_t msgp, compat_ssize_t msgsz, int msgflg); - long compat_sys_msgrcv(int msqid, struct compat_msgbuf __user *msgp, - compat_ssize_t msgsz, long msgtyp, int msgflg); --long compat_sys_shmat(int shmid, compat_uptr_t shmaddr, int shmflg); -+long compat_sys_shmat(int shmid, compat_uptr_t shmaddr, int shmflg) __intentional_overflow(0); - #endif - long compat_sys_msgctl(int first, int second, void __user *uptr); - long compat_sys_shmctl(int first, int second, void __user *uptr); -@@ -442,7 +442,7 @@ extern int compat_ptrace_request(struct task_struct *child, +@@ -419,7 +419,7 @@ extern int compat_ptrace_request(struct task_struct *child, extern long compat_arch_ptrace(struct task_struct *child, compat_long_t request, compat_ulong_t addr, compat_ulong_t data); asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, - compat_long_t addr, compat_long_t data); + compat_ulong_t addr, compat_ulong_t data); + asmlinkage long compat_sys_lookup_dcookie(u32, u32, char __user *, size_t); /* - * epoll (fs/eventpoll.c) compat bits follow ... +@@ -669,6 +669,7 @@ asmlinkage long compat_sys_sigaltstack(const compat_stack_t __user *uss_ptr, + + int compat_restore_altstack(const compat_stack_t __user *uss); + int __compat_save_altstack(compat_stack_t __user *, unsigned long); ++void __compat_save_altstack_ex(compat_stack_t __user *, unsigned long); + + asmlinkage long compat_sys_sched_rr_get_interval(compat_pid_t pid, + struct compat_timespec __user *interval); diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h -index 68b162d..660f5f0 100644 +index 842de22..7f3a41f 100644 --- a/include/linux/compiler-gcc4.h +++ b/include/linux/compiler-gcc4.h @@ -39,9 +39,29 @@ @@ -67388,7 +70794,7 @@ index 68b162d..660f5f0 100644 * Mark a position in code as unreachable. This can be used to * suppress control flow warnings after asm blocks that transfer diff --git a/include/linux/compiler.h b/include/linux/compiler.h -index 10b8f23..5e0b083 100644 +index 92669cd..1771a15 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -5,11 +5,14 @@ @@ -67506,7 +70912,7 @@ index 10b8f23..5e0b083 100644 /* Simple shorthand for a section definition */ #ifndef __section # define __section(S) __attribute__ ((__section__(#S))) -@@ -349,6 +407,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); +@@ -349,7 +407,8 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); * use is to mediate communication between process-level code and irq/NMI * handlers, all running on the same CPU. */ @@ -67514,7 +70920,8 @@ index 10b8f23..5e0b083 100644 +#define ACCESS_ONCE(x) (*(volatile const typeof(x) *)&(x)) +#define ACCESS_ONCE_RW(x) (*(volatile typeof(x) *)&(x)) - #endif /* __LINUX_COMPILER_H */ + /* Ignore/forbid kprobes attach on very low level functions marked by this attribute: */ + #ifdef CONFIG_KPROBES diff --git a/include/linux/completion.h b/include/linux/completion.h index 33f0280..35c6568 100644 --- a/include/linux/completion.h @@ -67552,7 +70959,7 @@ index 34025df..d94bbbc 100644 /* * Users often need to create attribute structures for their configurable diff --git a/include/linux/cpu.h b/include/linux/cpu.h -index ce7a074..01ab8ac 100644 +index 9f3c7e8..a18c7b6 100644 --- a/include/linux/cpu.h +++ b/include/linux/cpu.h @@ -115,7 +115,7 @@ enum { @@ -67565,10 +70972,10 @@ index ce7a074..01ab8ac 100644 register_cpu_notifier(&fn##_nb); \ } diff --git a/include/linux/cpufreq.h b/include/linux/cpufreq.h -index a22944c..4e695fe 100644 +index 037d36a..ca5fe6e 100644 --- a/include/linux/cpufreq.h +++ b/include/linux/cpufreq.h -@@ -252,7 +252,7 @@ struct cpufreq_driver { +@@ -262,7 +262,7 @@ struct cpufreq_driver { int (*suspend) (struct cpufreq_policy *policy); int (*resume) (struct cpufreq_policy *policy); struct freq_attr **attr; @@ -67577,7 +70984,7 @@ index a22944c..4e695fe 100644 /* flags */ -@@ -311,6 +311,7 @@ struct global_attr { +@@ -321,6 +321,7 @@ struct global_attr { ssize_t (*store)(struct kobject *a, struct attribute *b, const char *c, size_t count); }; @@ -67586,7 +70993,7 @@ index a22944c..4e695fe 100644 #define define_one_global_ro(_name) \ static struct global_attr _name = \ diff --git a/include/linux/cpuidle.h b/include/linux/cpuidle.h -index 480c14d..552896f 100644 +index 8f04062..900239a 100644 --- a/include/linux/cpuidle.h +++ b/include/linux/cpuidle.h @@ -52,7 +52,8 @@ struct cpuidle_state { @@ -67599,7 +71006,7 @@ index 480c14d..552896f 100644 /* Idle State Flags */ #define CPUIDLE_FLAG_TIME_VALID (0x01) /* is residency time measurable? */ -@@ -194,7 +195,7 @@ struct cpuidle_governor { +@@ -191,7 +192,7 @@ struct cpuidle_governor { void (*reflect) (struct cpuidle_device *dev, int index); struct module *owner; @@ -67609,7 +71016,7 @@ index 480c14d..552896f 100644 #ifdef CONFIG_CPU_IDLE diff --git a/include/linux/cpumask.h b/include/linux/cpumask.h -index 0325602..5e9feff 100644 +index d08e4d2..95fad61 100644 --- a/include/linux/cpumask.h +++ b/include/linux/cpumask.h @@ -118,17 +118,17 @@ static inline unsigned int cpumask_first(const struct cpumask *srcp) @@ -67704,7 +71111,7 @@ index b92eadf..b4ecdc1 100644 #define crt_ablkcipher crt_u.ablkcipher #define crt_aead crt_u.aead diff --git a/include/linux/ctype.h b/include/linux/ctype.h -index 8acfe31..6ffccd63 100644 +index 653589e..4ef254a 100644 --- a/include/linux/ctype.h +++ b/include/linux/ctype.h @@ -56,7 +56,7 @@ static inline unsigned char __toupper(unsigned char c) @@ -67743,10 +71150,10 @@ index fe8c447..bdc1f33 100644 /** * struct devfreq - Device devfreq structure diff --git a/include/linux/device.h b/include/linux/device.h -index 9d6464e..8a5cc92 100644 +index c0a1261..dba7569 100644 --- a/include/linux/device.h +++ b/include/linux/device.h -@@ -295,7 +295,7 @@ struct subsys_interface { +@@ -290,7 +290,7 @@ struct subsys_interface { struct list_head node; int (*add_dev)(struct device *dev, struct subsys_interface *sif); int (*remove_dev)(struct device *dev, struct subsys_interface *sif); @@ -67755,7 +71162,7 @@ index 9d6464e..8a5cc92 100644 int subsys_interface_register(struct subsys_interface *sif); void subsys_interface_unregister(struct subsys_interface *sif); -@@ -475,7 +475,7 @@ struct device_type { +@@ -473,7 +473,7 @@ struct device_type { void (*release)(struct device *dev); const struct dev_pm_ops *pm; @@ -67764,7 +71171,7 @@ index 9d6464e..8a5cc92 100644 /* interface for exporting device attributes */ struct device_attribute { -@@ -485,11 +485,12 @@ struct device_attribute { +@@ -483,11 +483,12 @@ struct device_attribute { ssize_t (*store)(struct device *dev, struct device_attribute *attr, const char *buf, size_t count); }; @@ -67792,10 +71199,10 @@ index 94af418..b1ca7a2 100644 #define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1)) diff --git a/include/linux/dmaengine.h b/include/linux/dmaengine.h -index 91ac8da..a841318 100644 +index 96d3e4a..dc36433 100644 --- a/include/linux/dmaengine.h +++ b/include/linux/dmaengine.h -@@ -1034,9 +1034,9 @@ struct dma_pinned_list { +@@ -1035,9 +1035,9 @@ struct dma_pinned_list { struct dma_pinned_list *dma_pin_iovec_pages(struct iovec *iov, size_t len); void dma_unpin_iovec_pages(struct dma_pinned_list* pinned_list); @@ -67808,10 +71215,10 @@ index 91ac8da..a841318 100644 unsigned int offset, size_t len); diff --git a/include/linux/efi.h b/include/linux/efi.h -index 3d7df3d..301f024 100644 +index 2bc0ad7..3f7b006 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -740,6 +740,7 @@ struct efivar_operations { +@@ -745,6 +745,7 @@ struct efivar_operations { efi_set_variable_t *set_variable; efi_query_variable_store_t *query_variable_store; }; @@ -67872,7 +71279,7 @@ index fcb51c8..bdafcf6 100644 /** diff --git a/include/linux/fb.h b/include/linux/fb.h -index 58b9860..58e5516 100644 +index d49c60f..2834fbe 100644 --- a/include/linux/fb.h +++ b/include/linux/fb.h @@ -304,7 +304,7 @@ struct fb_ops { @@ -67885,7 +71292,7 @@ index 58b9860..58e5516 100644 #ifdef CONFIG_FB_TILEBLITTING #define FB_TILE_CURSOR_NONE 0 diff --git a/include/linux/filter.h b/include/linux/filter.h -index c45eabc..baa0be5 100644 +index f65f5a6..2f4f93a 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -20,6 +20,7 @@ struct compat_sock_fprog { @@ -67907,7 +71314,7 @@ index c45eabc..baa0be5 100644 struct sock_filter insns[0]; }; diff --git a/include/linux/frontswap.h b/include/linux/frontswap.h -index 3044254..9767f41 100644 +index 8293262..2b3b8bd 100644 --- a/include/linux/frontswap.h +++ b/include/linux/frontswap.h @@ -11,7 +11,7 @@ struct frontswap_ops { @@ -67918,12 +71325,12 @@ index 3044254..9767f41 100644 +} __no_const; extern bool frontswap_enabled; - extern struct frontswap_ops + extern struct frontswap_ops * diff --git a/include/linux/fs.h b/include/linux/fs.h -index 2c28271..8d3d74c 100644 +index 65c2be2..4c53f6e 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h -@@ -1541,7 +1541,8 @@ struct file_operations { +@@ -1543,7 +1543,8 @@ struct file_operations { long (*fallocate)(struct file *file, int mode, loff_t offset, loff_t len); int (*show_fdinfo)(struct seq_file *m, struct file *f); @@ -67933,7 +71340,7 @@ index 2c28271..8d3d74c 100644 struct inode_operations { struct dentry * (*lookup) (struct inode *,struct dentry *, unsigned int); -@@ -2672,4 +2673,14 @@ static inline void inode_has_no_xattr(struct inode *inode) +@@ -2688,4 +2689,14 @@ static inline void inode_has_no_xattr(struct inode *inode) inode->i_flags |= S_NOSEC; } @@ -68029,19 +71436,6 @@ index a78680a..87bd73e 100644 } /* -diff --git a/include/linux/ftrace_event.h b/include/linux/ftrace_event.h -index 13a54d0..c6ce2a7 100644 ---- a/include/linux/ftrace_event.h -+++ b/include/linux/ftrace_event.h -@@ -274,7 +274,7 @@ extern int trace_define_field(struct ftrace_event_call *call, const char *type, - extern int trace_add_event_call(struct ftrace_event_call *call); - extern void trace_remove_event_call(struct ftrace_event_call *call); - --#define is_signed_type(type) (((type)(-1)) < (type)0) -+#define is_signed_type(type) (((type)(-1)) < (type)1) - - int trace_set_clr_event(const char *system, const char *event, int set); - diff --git a/include/linux/genhd.h b/include/linux/genhd.h index 9f3c275..911b591 100644 --- a/include/linux/genhd.h @@ -68437,6 +71831,168 @@ index 0000000..ebe6d72 + +#endif + +diff --git a/include/linux/gracl_compat.h b/include/linux/gracl_compat.h +new file mode 100644 +index 0000000..33ebd1f +--- /dev/null ++++ b/include/linux/gracl_compat.h +@@ -0,0 +1,156 @@ ++#ifndef GR_ACL_COMPAT_H ++#define GR_ACL_COMPAT_H ++ ++#include ++#include ++ ++struct sprole_pw_compat { ++ compat_uptr_t rolename; ++ unsigned char salt[GR_SALT_LEN]; ++ unsigned char sum[GR_SHA_LEN]; ++}; ++ ++struct gr_hash_struct_compat { ++ compat_uptr_t table; ++ compat_uptr_t nametable; ++ compat_uptr_t first; ++ __u32 table_size; ++ __u32 used_size; ++ int type; ++}; ++ ++struct acl_subject_label_compat { ++ compat_uptr_t filename; ++ compat_ino_t inode; ++ __u32 device; ++ __u32 mode; ++ kernel_cap_t cap_mask; ++ kernel_cap_t cap_lower; ++ kernel_cap_t cap_invert_audit; ++ ++ struct compat_rlimit res[GR_NLIMITS]; ++ __u32 resmask; ++ ++ __u8 user_trans_type; ++ __u8 group_trans_type; ++ compat_uptr_t user_transitions; ++ compat_uptr_t group_transitions; ++ __u16 user_trans_num; ++ __u16 group_trans_num; ++ ++ __u32 sock_families[2]; ++ __u32 ip_proto[8]; ++ __u32 ip_type; ++ compat_uptr_t ips; ++ __u32 ip_num; ++ __u32 inaddr_any_override; ++ ++ __u32 crashes; ++ compat_ulong_t expires; ++ ++ compat_uptr_t parent_subject; ++ compat_uptr_t hash; ++ compat_uptr_t prev; ++ compat_uptr_t next; ++ ++ compat_uptr_t obj_hash; ++ __u32 obj_hash_size; ++ __u16 pax_flags; ++}; ++ ++struct role_allowed_ip_compat { ++ __u32 addr; ++ __u32 netmask; ++ ++ compat_uptr_t prev; ++ compat_uptr_t next; ++}; ++ ++struct role_transition_compat { ++ compat_uptr_t rolename; ++ ++ compat_uptr_t prev; ++ compat_uptr_t next; ++}; ++ ++struct acl_role_label_compat { ++ compat_uptr_t rolename; ++ uid_t uidgid; ++ __u16 roletype; ++ ++ __u16 auth_attempts; ++ compat_ulong_t expires; ++ ++ compat_uptr_t root_label; ++ compat_uptr_t hash; ++ ++ compat_uptr_t prev; ++ compat_uptr_t next; ++ ++ compat_uptr_t transitions; ++ compat_uptr_t allowed_ips; ++ compat_uptr_t domain_children; ++ __u16 domain_child_num; ++ ++ umode_t umask; ++ ++ compat_uptr_t subj_hash; ++ __u32 subj_hash_size; ++}; ++ ++struct user_acl_role_db_compat { ++ compat_uptr_t r_table; ++ __u32 num_pointers; ++ __u32 num_roles; ++ __u32 num_domain_children; ++ __u32 num_subjects; ++ __u32 num_objects; ++}; ++ ++struct acl_object_label_compat { ++ compat_uptr_t filename; ++ compat_ino_t inode; ++ __u32 device; ++ __u32 mode; ++ ++ compat_uptr_t nested; ++ compat_uptr_t globbed; ++ ++ compat_uptr_t prev; ++ compat_uptr_t next; ++}; ++ ++struct acl_ip_label_compat { ++ compat_uptr_t iface; ++ __u32 addr; ++ __u32 netmask; ++ __u16 low, high; ++ __u8 mode; ++ __u32 type; ++ __u32 proto[8]; ++ ++ compat_uptr_t prev; ++ compat_uptr_t next; ++}; ++ ++struct gr_arg_compat { ++ struct user_acl_role_db_compat role_db; ++ unsigned char pw[GR_PW_LEN]; ++ unsigned char salt[GR_SALT_LEN]; ++ unsigned char sum[GR_SHA_LEN]; ++ unsigned char sp_role[GR_SPROLE_LEN]; ++ compat_uptr_t sprole_pws; ++ __u32 segv_device; ++ compat_ino_t segv_inode; ++ uid_t segv_uid; ++ __u16 num_sprole_pws; ++ __u16 mode; ++}; ++ ++struct gr_arg_wrapper_compat { ++ compat_uptr_t arg; ++ __u32 version; ++ __u32 size; ++}; ++ ++#endif diff --git a/include/linux/gralloc.h b/include/linux/gralloc.h new file mode 100644 index 0000000..323ecf2 @@ -68600,10 +72156,10 @@ index 0000000..be66033 +#endif diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h new file mode 100644 -index 0000000..5402bce +index 0000000..fd8598b --- /dev/null +++ b/include/linux/grinternal.h -@@ -0,0 +1,215 @@ +@@ -0,0 +1,228 @@ +#ifndef __GRINTERNAL_H +#define __GRINTERNAL_H + @@ -68679,7 +72235,6 @@ index 0000000..5402bce +extern kgid_t grsec_socket_server_gid; +extern kgid_t grsec_audit_gid; +extern int grsec_enable_group; -+extern int grsec_enable_audit_textrel; +extern int grsec_enable_log_rwxmaps; +extern int grsec_enable_mount; +extern int grsec_enable_chdir; @@ -68717,6 +72272,18 @@ index 0000000..5402bce + +#define have_same_root(tsk_a,tsk_b) ((tsk_a)->gr_chroot_dentry == (tsk_b)->gr_chroot_dentry) + ++static inline bool gr_is_same_file(const struct file *file1, const struct file *file2) ++{ ++ if (file1 && file2) { ++ const struct inode *inode1 = file1->f_path.dentry->d_inode; ++ const struct inode *inode2 = file2->f_path.dentry->d_inode; ++ if (inode1->i_ino == inode2->i_ino && inode1->i_sb->s_dev == inode2->i_sb->s_dev) ++ return true; ++ } ++ ++ return false; ++} ++ +#define GR_CHROOT_CAPS {{ \ + CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \ + CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \ @@ -68775,7 +72342,8 @@ index 0000000..5402bce + GR_CRASH1, + GR_CRASH2, + GR_PSACCT, -+ GR_RWXMAP ++ GR_RWXMAP, ++ GR_RWXMAPVMA +}; + +#define gr_log_hidden_sysctl(audit, msg, str) gr_log_varargs(audit, msg, GR_SYSCTL_HIDDEN, str) @@ -68813,6 +72381,7 @@ index 0000000..5402bce +#define gr_log_crash2(audit, msg, task, ulong1) gr_log_varargs(audit, msg, GR_CRASH2, task, ulong1) +#define gr_log_procacct(audit, msg, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) gr_log_varargs(audit, msg, GR_PSACCT, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) +#define gr_log_rwxmap(audit, msg, str) gr_log_varargs(audit, msg, GR_RWXMAP, str) ++#define gr_log_rwxmap_vma(audit, msg, str) gr_log_varargs(audit, msg, GR_RWXMAPVMA, str) + +void gr_log_varargs(int audit, const char *msg, int argtypes, ...); + @@ -68821,10 +72390,10 @@ index 0000000..5402bce +#endif diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h new file mode 100644 -index 0000000..2bd4c8d +index 0000000..a4396b5 --- /dev/null +++ b/include/linux/grmsg.h -@@ -0,0 +1,111 @@ +@@ -0,0 +1,113 @@ +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u" +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u" +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " @@ -68928,7 +72497,8 @@ index 0000000..2bd4c8d +#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for " +#define GR_RWXMMAP_MSG "denied RWX mmap of %.950s by " +#define GR_RWXMPROTECT_MSG "denied RWX mprotect of %.950s by " -+#define GR_TEXTREL_AUDIT_MSG "text relocation in %s, VMA:0x%08lx 0x%08lx by " ++#define GR_TEXTREL_AUDIT_MSG "denied text relocation in %.950s, VMA:0x%08lx 0x%08lx by " ++#define GR_PTGNUSTACK_MSG "denied marking stack executable as requested by PT_GNU_STACK marking in %.950s by " +#define GR_VM86_MSG "denied use of vm86 by " +#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by " +#define GR_PTRACE_READEXEC_MSG "denied ptrace of unreadable binary %.950s by " @@ -68936,9 +72506,10 @@ index 0000000..2bd4c8d +#define GR_BADPROCPID_MSG "denied read of sensitive /proc/pid/%s entry via fd passed across exec by " +#define GR_SYMLINKOWNER_MSG "denied following symlink %.950s since symlink owner %u does not match target owner %u, by " +#define GR_BRUTE_DAEMON_MSG "bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds. Please investigate the crash report for " ++#define GR_BRUTE_SUID_MSG "bruteforce prevention initiated due to crash of %.950s against uid %u, banning suid/sgid execs for %u minutes. Please investigate the crash report for " diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h new file mode 100644 -index 0000000..d7ef0ac +index 0000000..3676b0b --- /dev/null +++ b/include/linux/grsecurity.h @@ -0,0 +1,242 @@ @@ -68966,7 +72537,6 @@ index 0000000..d7ef0ac +void gr_handle_brute_attach(unsigned long mm_flags); +void gr_handle_brute_check(void); +void gr_handle_kernel_exploit(void); -+int gr_process_user_ban(void); + +char gr_roletype_to_char(void); + @@ -69020,8 +72590,9 @@ index 0000000..d7ef0ac +void gr_log_unmount(const char *devname, const int retval); +void gr_log_mount(const char *from, const char *to, const int retval); +void gr_log_textrel(struct vm_area_struct *vma); ++void gr_log_ptgnustack(struct file *file); +void gr_log_rwxmmap(struct file *file); -+void gr_log_rwxmprotect(struct file *file); ++void gr_log_rwxmprotect(struct vm_area_struct *vma); + +int gr_handle_follow_link(const struct inode *parent, + const struct inode *inode, @@ -69256,17 +72827,17 @@ index 1c7b89a..7f52502 100644 container_of(_dev_attr, struct sensor_device_attribute_2, dev_attr) diff --git a/include/linux/i2c.h b/include/linux/i2c.h -index d0c4db7..61b3577 100644 +index e988fa9..ff9f17e 100644 --- a/include/linux/i2c.h +++ b/include/linux/i2c.h -@@ -369,6 +369,7 @@ struct i2c_algorithm { +@@ -366,6 +366,7 @@ struct i2c_algorithm { /* To determine what the adapter supports */ u32 (*functionality) (struct i2c_adapter *); }; +typedef struct i2c_algorithm __no_const i2c_algorithm_no_const; - /* - * i2c_adapter is the structure used to identify a physical i2c bus along + /** + * struct i2c_bus_recovery_info - I2C bus recovery information diff --git a/include/linux/i2o.h b/include/linux/i2o.h index d23c3c2..eb63c81 100644 --- a/include/linux/i2o.h @@ -69408,7 +72979,7 @@ index 5fa5afe..ac55b25 100644 extern void __raise_softirq_irqoff(unsigned int nr); diff --git a/include/linux/iommu.h b/include/linux/iommu.h -index ba3b8a9..7e14ed8 100644 +index 3aeb730..2177f39 100644 --- a/include/linux/iommu.h +++ b/include/linux/iommu.h @@ -113,7 +113,7 @@ struct iommu_ops { @@ -69421,7 +72992,7 @@ index ba3b8a9..7e14ed8 100644 #define IOMMU_GROUP_NOTIFY_ADD_DEVICE 1 /* Device added */ #define IOMMU_GROUP_NOTIFY_DEL_DEVICE 2 /* Pre Device removed */ diff --git a/include/linux/ioport.h b/include/linux/ioport.h -index 85ac9b9b..e5759ab 100644 +index 89b7c24..382af74 100644 --- a/include/linux/ioport.h +++ b/include/linux/ioport.h @@ -161,7 +161,7 @@ struct resource *lookup_resource(struct resource *root, resource_size_t start); @@ -69448,7 +73019,7 @@ index bc4e066..50468a9 100644 /* * irq_chip specific flags diff --git a/include/linux/irqchip/arm-gic.h b/include/linux/irqchip/arm-gic.h -index 3fd8e42..a73e966 100644 +index 3e203eb..3fe68d0 100644 --- a/include/linux/irqchip/arm-gic.h +++ b/include/linux/irqchip/arm-gic.h @@ -59,9 +59,11 @@ @@ -69465,7 +73036,7 @@ index 3fd8e42..a73e966 100644 void gic_init_bases(unsigned int, int, void __iomem *, void __iomem *, u32 offset, struct device_node *); diff --git a/include/linux/kallsyms.h b/include/linux/kallsyms.h -index 6883e19..06992b1 100644 +index 6883e19..e854fcb 100644 --- a/include/linux/kallsyms.h +++ b/include/linux/kallsyms.h @@ -15,7 +15,8 @@ @@ -69478,12 +73049,13 @@ index 6883e19..06992b1 100644 /* Lookup the address for a symbol. Returns 0 if not found. */ unsigned long kallsyms_lookup_name(const char *name); -@@ -106,6 +107,17 @@ static inline int lookup_symbol_attrs(unsigned long addr, unsigned long *size, u +@@ -106,6 +107,21 @@ static inline int lookup_symbol_attrs(unsigned long addr, unsigned long *size, u /* Stupid that this does nothing, but I didn't create this mess. */ #define __print_symbol(fmt, addr) #endif /*CONFIG_KALLSYMS*/ -+#else /* when included by kallsyms.c, vsnprintf.c, or ++#else /* when included by kallsyms.c, vsnprintf.c, kprobes.c, or + arch/x86/kernel/dumpstack.c, with HIDESYM enabled */ ++extern unsigned long kallsyms_lookup_name(const char *name); +extern void __print_symbol(const char *fmt, unsigned long address); +extern int sprint_backtrace(char *buffer, unsigned long address); +extern int sprint_symbol(char *buffer, unsigned long address); @@ -69492,6 +73064,9 @@ index 6883e19..06992b1 100644 + unsigned long *symbolsize, + unsigned long *offset, + char **modname, char *namebuf); ++extern int kallsyms_lookup_size_offset(unsigned long addr, ++ unsigned long *symbolsize, ++ unsigned long *offset); +#endif /* This macro allows us to keep printk typechecking */ @@ -69541,7 +73116,7 @@ index c6e091b..a940adf 100644 extern struct kgdb_arch arch_kgdb_ops; diff --git a/include/linux/kmod.h b/include/linux/kmod.h -index 5398d58..5883a34 100644 +index 0555cc6..b16a7a4 100644 --- a/include/linux/kmod.h +++ b/include/linux/kmod.h @@ -34,6 +34,8 @@ extern char modprobe_path[]; /* for sysctl */ @@ -69588,10 +73163,10 @@ index f66b065..c2c29b4 100644 int kobj_ns_type_register(const struct kobj_ns_type_operations *ops); int kobj_ns_type_registered(enum kobj_ns_type type); diff --git a/include/linux/kref.h b/include/linux/kref.h -index 7419c02..aa2f02d 100644 +index 484604d..0f6c5b6 100644 --- a/include/linux/kref.h +++ b/include/linux/kref.h -@@ -65,7 +65,7 @@ static inline void kref_get(struct kref *kref) +@@ -68,7 +68,7 @@ static inline void kref_get(struct kref *kref) static inline int kref_sub(struct kref *kref, unsigned int count, void (*release)(struct kref *kref)) { @@ -69601,19 +73176,19 @@ index 7419c02..aa2f02d 100644 if (atomic_sub_and_test((int) count, &kref->refcount)) { release(kref); diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index c139582..0b5b102 100644 +index 8db53cf..c21121d 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h -@@ -424,7 +424,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); - int __must_check vcpu_load(struct kvm_vcpu *vcpu); - void vcpu_put(struct kvm_vcpu *vcpu); - +@@ -444,7 +444,7 @@ static inline void kvm_irqfd_exit(void) + { + } + #endif -int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +int kvm_init(const void *opaque, unsigned vcpu_size, unsigned vcpu_align, struct module *module); void kvm_exit(void); -@@ -582,7 +582,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, +@@ -616,7 +616,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg); int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run); @@ -69636,7 +73211,7 @@ index eae7a05..2cdd875 100644 struct ata_port_info { unsigned long flags; diff --git a/include/linux/list.h b/include/linux/list.h -index 6a1f8df..eaec1ff 100644 +index b83e565..baa6c1d 100644 --- a/include/linux/list.h +++ b/include/linux/list.h @@ -112,6 +112,19 @@ extern void __list_del_entry(struct list_head *entry); @@ -69669,10 +73244,10 @@ index 6a1f8df..eaec1ff 100644 * list_move - delete from one list and add as another's head * @list: the entry to move diff --git a/include/linux/math64.h b/include/linux/math64.h -index b8ba855..0148090 100644 +index 2913b86..8dcbb1e 100644 --- a/include/linux/math64.h +++ b/include/linux/math64.h -@@ -14,7 +14,7 @@ +@@ -15,7 +15,7 @@ * This is commonly provided by 32bit archs to provide an optimized 64bit * divide. */ @@ -69681,8 +73256,17 @@ index b8ba855..0148090 100644 { *remainder = dividend % divisor; return dividend / divisor; -@@ -50,7 +50,7 @@ static inline s64 div64_s64(s64 dividend, s64 divisor) - #define div64_long(x,y) div_s64((x),(y)) +@@ -33,7 +33,7 @@ static inline s64 div_s64_rem(s64 dividend, s32 divisor, s32 *remainder) + /** + * div64_u64 - unsigned 64bit divide with 64bit divisor + */ +-static inline u64 div64_u64(u64 dividend, u64 divisor) ++static inline u64 __intentional_overflow(0) div64_u64(u64 dividend, u64 divisor) + { + return dividend / divisor; + } +@@ -52,7 +52,7 @@ static inline s64 div64_s64(s64 dividend, s64 divisor) + #define div64_ul(x, y) div_u64((x), (y)) #ifndef div_u64_rem -static inline u64 div_u64_rem(u64 dividend, u32 divisor, u32 *remainder) @@ -69690,7 +73274,7 @@ index b8ba855..0148090 100644 { *remainder = do_div(dividend, divisor); return dividend; -@@ -79,7 +79,7 @@ extern s64 div64_s64(s64 dividend, s64 divisor); +@@ -81,7 +81,7 @@ extern s64 div64_s64(s64 dividend, s64 divisor); * divide. */ #ifndef div_u64 @@ -69700,10 +73284,10 @@ index b8ba855..0148090 100644 u32 remainder; return div_u64_rem(dividend, divisor, &remainder); diff --git a/include/linux/mm.h b/include/linux/mm.h -index e2091b8..821db54 100644 +index e0c8528..bcf0c29 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h -@@ -101,6 +101,11 @@ extern unsigned int kobjsize(const void *objp); +@@ -104,6 +104,11 @@ extern unsigned int kobjsize(const void *objp); #define VM_HUGETLB 0x00400000 /* Huge TLB Page VM */ #define VM_NONLINEAR 0x00800000 /* Is non-linear (remap_file_pages) */ #define VM_ARCH_1 0x01000000 /* Architecture-specific flag */ @@ -69715,7 +73299,7 @@ index e2091b8..821db54 100644 #define VM_DONTDUMP 0x04000000 /* Do not include in the core dump */ #define VM_MIXEDMAP 0x10000000 /* Can contain "struct page" and pure PFN pages */ -@@ -202,8 +207,8 @@ struct vm_operations_struct { +@@ -205,8 +210,8 @@ struct vm_operations_struct { /* called by access_process_vm when get_user_pages() fails, typically * for use by special VMAs that can switch between memory and hardware */ @@ -69726,7 +73310,7 @@ index e2091b8..821db54 100644 #ifdef CONFIG_NUMA /* * set_policy() op must add a reference to any non-NULL @new mempolicy -@@ -233,6 +238,7 @@ struct vm_operations_struct { +@@ -236,6 +241,7 @@ struct vm_operations_struct { int (*remap_pages)(struct vm_area_struct *vma, unsigned long addr, unsigned long size, pgoff_t pgoff); }; @@ -69734,7 +73318,7 @@ index e2091b8..821db54 100644 struct mmu_gather; struct inode; -@@ -970,8 +976,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, +@@ -980,8 +986,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, unsigned long *pfn); int follow_phys(struct vm_area_struct *vma, unsigned long address, unsigned int flags, unsigned long *prot, resource_size_t *phys); @@ -69745,7 +73329,7 @@ index e2091b8..821db54 100644 static inline void unmap_shared_mapping_range(struct address_space *mapping, loff_t const holebegin, loff_t const holelen) -@@ -1010,9 +1016,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, +@@ -1020,9 +1026,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, } #endif @@ -69758,7 +73342,7 @@ index e2091b8..821db54 100644 long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, unsigned long start, unsigned long nr_pages, -@@ -1043,34 +1049,6 @@ int set_page_dirty(struct page *page); +@@ -1053,34 +1059,6 @@ int set_page_dirty(struct page *page); int set_page_dirty_lock(struct page *page); int clear_page_dirty_for_io(struct page *page); @@ -69793,7 +73377,7 @@ index e2091b8..821db54 100644 extern pid_t vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group); -@@ -1173,6 +1151,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) +@@ -1180,6 +1158,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) } #endif @@ -69809,7 +73393,7 @@ index e2091b8..821db54 100644 int vma_wants_writenotify(struct vm_area_struct *vma); extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, -@@ -1191,8 +1178,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, +@@ -1198,8 +1185,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, { return 0; } @@ -69825,7 +73409,7 @@ index e2091b8..821db54 100644 #endif #ifdef __PAGETABLE_PMD_FOLDED -@@ -1201,8 +1195,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, +@@ -1208,8 +1202,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, { return 0; } @@ -69841,7 +73425,7 @@ index e2091b8..821db54 100644 #endif int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, -@@ -1220,11 +1221,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a +@@ -1227,11 +1228,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a NULL: pud_offset(pgd, address); } @@ -69865,7 +73449,7 @@ index e2091b8..821db54 100644 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ #if USE_SPLIT_PTLOCKS -@@ -1455,6 +1468,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1517,6 +1530,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, unsigned long len, unsigned long prot, unsigned long flags, unsigned long pgoff, unsigned long *populate); extern int do_munmap(struct mm_struct *, unsigned long, size_t); @@ -69873,15 +73457,30 @@ index e2091b8..821db54 100644 #ifdef CONFIG_MMU extern int __mm_populate(unsigned long addr, unsigned long len, -@@ -1483,6 +1497,7 @@ struct vm_unmapped_area_info { +@@ -1545,10 +1559,11 @@ struct vm_unmapped_area_info { unsigned long high_limit; unsigned long align_mask; unsigned long align_offset; + unsigned long threadstack_offset; }; - extern unsigned long unmapped_area(struct vm_unmapped_area_info *info); -@@ -1561,6 +1576,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add +-extern unsigned long unmapped_area(struct vm_unmapped_area_info *info); +-extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); ++extern unsigned long unmapped_area(const struct vm_unmapped_area_info *info); ++extern unsigned long unmapped_area_topdown(const struct vm_unmapped_area_info *info); + + /* + * Search for an unmapped address range. +@@ -1560,7 +1575,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); + * - satisfies (begin_addr & align_mask) == (align_offset & align_mask) + */ + static inline unsigned long +-vm_unmapped_area(struct vm_unmapped_area_info *info) ++vm_unmapped_area(const struct vm_unmapped_area_info *info) + { + if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN)) + return unmapped_area(info); +@@ -1623,6 +1638,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, struct vm_area_struct **pprev); @@ -69892,7 +73491,7 @@ index e2091b8..821db54 100644 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1589,15 +1608,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, +@@ -1651,15 +1670,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, return vma; } @@ -69908,7 +73507,7 @@ index e2091b8..821db54 100644 #ifdef CONFIG_ARCH_USES_NUMA_PROT_NONE unsigned long change_prot_numa(struct vm_area_struct *vma, unsigned long start, unsigned long end); -@@ -1649,6 +1659,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); +@@ -1711,6 +1721,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); static inline void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -69920,7 +73519,7 @@ index e2091b8..821db54 100644 mm->total_vm += pages; } #endif /* CONFIG_PROC_FS */ -@@ -1725,7 +1740,7 @@ extern int unpoison_memory(unsigned long pfn); +@@ -1791,7 +1806,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -69929,9 +73528,9 @@ index e2091b8..821db54 100644 extern int soft_offline_page(struct page *page, int flags); extern void dump_page(struct page *page); -@@ -1756,5 +1771,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; } - static inline bool page_is_guard(struct page *page) { return false; } - #endif /* CONFIG_DEBUG_PAGEALLOC */ +@@ -1828,5 +1843,11 @@ void __init setup_nr_node_ids(void); + static inline void setup_nr_node_ids(void) {} + #endif +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT +extern void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot); @@ -70002,7 +73601,7 @@ index c5d5278..f0b68c8 100644 } diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h -index c74092e..b663967 100644 +index 5c76737..61f518e 100644 --- a/include/linux/mmzone.h +++ b/include/linux/mmzone.h @@ -396,7 +396,7 @@ struct zone { @@ -70015,10 +73614,10 @@ index c74092e..b663967 100644 /* * The target ratio of ACTIVE_ANON to INACTIVE_ANON pages on diff --git a/include/linux/mod_devicetable.h b/include/linux/mod_devicetable.h -index 779cf7c..e6768240 100644 +index b508016..237cfe5 100644 --- a/include/linux/mod_devicetable.h +++ b/include/linux/mod_devicetable.h -@@ -12,7 +12,7 @@ +@@ -13,7 +13,7 @@ typedef unsigned long kernel_ulong_t; #endif @@ -70027,7 +73626,7 @@ index 779cf7c..e6768240 100644 struct pci_device_id { __u32 vendor, device; /* Vendor and device ID or PCI_ANY_ID*/ -@@ -138,7 +138,7 @@ struct usb_device_id { +@@ -139,7 +139,7 @@ struct usb_device_id { #define USB_DEVICE_ID_MATCH_INT_PROTOCOL 0x0200 #define USB_DEVICE_ID_MATCH_INT_NUMBER 0x0400 @@ -70036,7 +73635,7 @@ index 779cf7c..e6768240 100644 #define HID_BUS_ANY 0xffff #define HID_GROUP_ANY 0x0000 -@@ -464,7 +464,7 @@ struct dmi_system_id { +@@ -465,7 +465,7 @@ struct dmi_system_id { const char *ident; struct dmi_strmatch matches[4]; void *driver_data; @@ -70046,7 +73645,7 @@ index 779cf7c..e6768240 100644 * struct dmi_device_id appears during expansion of * "MODULE_DEVICE_TABLE(dmi, x)". Compiler doesn't look inside it diff --git a/include/linux/module.h b/include/linux/module.h -index ead1b57..81a3b6c 100644 +index 46f1ea0..a34ca37 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -17,9 +17,11 @@ @@ -70268,7 +73867,7 @@ index 5a5ff57..5ae5070 100644 return nd->saved_names[nd->depth]; } diff --git a/include/linux/net.h b/include/linux/net.h -index aa16731..514b875 100644 +index 99c9f0c..e1cf296 100644 --- a/include/linux/net.h +++ b/include/linux/net.h @@ -183,7 +183,7 @@ struct net_proto_family { @@ -70281,10 +73880,10 @@ index aa16731..514b875 100644 struct iovec; struct kvec; diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index 6151e90..2e0afb0 100644 +index 96e4c21..9cc8278 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -1028,6 +1028,7 @@ struct net_device_ops { +@@ -1026,6 +1026,7 @@ struct net_device_ops { int (*ndo_change_carrier)(struct net_device *dev, bool new_carrier); }; @@ -70302,7 +73901,7 @@ index 6151e90..2e0afb0 100644 */ diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h -index ee14284..bc65d63 100644 +index 0060fde..481c6ae 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h @@ -82,7 +82,7 @@ struct nf_sockopt_ops { @@ -70315,10 +73914,10 @@ index ee14284..bc65d63 100644 /* Function to register/unregister hook points. */ int nf_register_hook(struct nf_hook_ops *reg); diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h -index 7958e84..ed74d7a 100644 +index d80e275..c3510b8 100644 --- a/include/linux/netfilter/ipset/ip_set.h +++ b/include/linux/netfilter/ipset/ip_set.h -@@ -98,7 +98,7 @@ struct ip_set_type_variant { +@@ -124,7 +124,7 @@ struct ip_set_type_variant { /* Return true if "b" set is the same as "a" * according to the create set parameters */ bool (*same_set)(const struct ip_set *a, const struct ip_set *b); @@ -70328,7 +73927,7 @@ index 7958e84..ed74d7a 100644 /* The core set type structure */ struct ip_set_type { diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h -index ecbb8e4..8a1c4e1 100644 +index cadb740..d7c37c0 100644 --- a/include/linux/netfilter/nfnetlink.h +++ b/include/linux/netfilter/nfnetlink.h @@ -16,7 +16,7 @@ struct nfnl_callback { @@ -70369,11 +73968,11 @@ index 5dc635f..35f5e11 100644 /* this value hold the maximum octet of charset */ #define NLS_MAX_CHARSET_SIZE 6 /* for UTF-8 */ diff --git a/include/linux/notifier.h b/include/linux/notifier.h -index d65746e..62e72c2 100644 +index d14a4c3..a078786 100644 --- a/include/linux/notifier.h +++ b/include/linux/notifier.h -@@ -51,7 +51,8 @@ struct notifier_block { - int (*notifier_call)(struct notifier_block *, unsigned long, void *); +@@ -54,7 +54,8 @@ struct notifier_block { + notifier_fn_t notifier_call; struct notifier_block __rcu *next; int priority; -}; @@ -70399,7 +73998,7 @@ index a4c5624..79d6d88 100644 /** create a directory */ struct dentry * oprofilefs_mkdir(struct super_block * sb, struct dentry * root, diff --git a/include/linux/pci_hotplug.h b/include/linux/pci_hotplug.h -index 45fc162..01a4068 100644 +index 8db71dc..a76bf2c 100644 --- a/include/linux/pci_hotplug.h +++ b/include/linux/pci_hotplug.h @@ -80,7 +80,8 @@ struct hotplug_slot_ops { @@ -70413,10 +74012,10 @@ index 45fc162..01a4068 100644 /** * struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h -index 1d795df..b0a6449 100644 +index c5b6dbf..b124155 100644 --- a/include/linux/perf_event.h +++ b/include/linux/perf_event.h -@@ -333,8 +333,8 @@ struct perf_event { +@@ -318,8 +318,8 @@ struct perf_event { enum perf_event_active_state state; unsigned int attach_state; @@ -70427,7 +74026,7 @@ index 1d795df..b0a6449 100644 /* * These are the total time in nanoseconds that the event -@@ -385,8 +385,8 @@ struct perf_event { +@@ -370,8 +370,8 @@ struct perf_event { * These accumulate total time (in nanoseconds) that children * events have been enabled and running, respectively. */ @@ -70438,7 +74037,7 @@ index 1d795df..b0a6449 100644 /* * Protect attach/detach and child_list: -@@ -704,7 +704,7 @@ static inline void perf_callchain_store(struct perf_callchain_entry *entry, u64 +@@ -692,7 +692,7 @@ static inline void perf_callchain_store(struct perf_callchain_entry *entry, u64 entry->ip[entry->nr++] = ip; } @@ -70447,7 +74046,7 @@ index 1d795df..b0a6449 100644 extern int sysctl_perf_event_mlock; extern int sysctl_perf_event_sample_rate; -@@ -712,19 +712,24 @@ extern int perf_proc_update_handler(struct ctl_table *table, int write, +@@ -700,19 +700,24 @@ extern int perf_proc_update_handler(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); @@ -70475,7 +74074,7 @@ index 1d795df..b0a6449 100644 } extern void perf_event_init(void); -@@ -812,7 +817,7 @@ static inline void perf_restore_debug_store(void) { } +@@ -806,7 +811,7 @@ static inline void perf_restore_debug_store(void) { } */ #define perf_cpu_notifier(fn) \ do { \ @@ -70484,28 +74083,30 @@ index 1d795df..b0a6449 100644 { .notifier_call = fn, .priority = CPU_PRI_PERF }; \ unsigned long cpu = smp_processor_id(); \ unsigned long flags; \ -@@ -831,7 +836,7 @@ do { \ - struct perf_pmu_events_attr { +@@ -826,7 +831,7 @@ struct perf_pmu_events_attr { struct device_attribute attr; u64 id; + const char *event_str; -}; +} __do_const; #define PMU_EVENT_ATTR(_name, _var, _id, _show) \ static struct perf_pmu_events_attr _var = { \ diff --git a/include/linux/pipe_fs_i.h b/include/linux/pipe_fs_i.h -index ad1a427..6419649 100644 +index b8809fe..ae4ccd0 100644 --- a/include/linux/pipe_fs_i.h +++ b/include/linux/pipe_fs_i.h -@@ -45,9 +45,9 @@ struct pipe_buffer { - struct pipe_inode_info { +@@ -47,10 +47,10 @@ struct pipe_inode_info { + struct mutex mutex; wait_queue_head_t wait; unsigned int nrbufs, curbuf, buffers; - unsigned int readers; - unsigned int writers; +- unsigned int files; - unsigned int waiting_writers; + atomic_t readers; + atomic_t writers; ++ atomic_t files; + atomic_t waiting_writers; unsigned int r_counter; unsigned int w_counter; @@ -70523,10 +74124,10 @@ index 5f28cae..3d23723 100644 extern void s5p_ehci_set_platdata(struct s5p_ehci_platdata *pd); -diff --git a/include/linux/platform_data/usb-exynos.h b/include/linux/platform_data/usb-exynos.h +diff --git a/include/linux/platform_data/usb-ohci-exynos.h b/include/linux/platform_data/usb-ohci-exynos.h index c256c59..8ea94c7 100644 ---- a/include/linux/platform_data/usb-exynos.h -+++ b/include/linux/platform_data/usb-exynos.h +--- a/include/linux/platform_data/usb-ohci-exynos.h ++++ b/include/linux/platform_data/usb-ohci-exynos.h @@ -14,7 +14,7 @@ struct exynos4_ohci_platdata { int (*phy_init)(struct platform_device *pdev, int type); @@ -70616,20 +74217,75 @@ index 4ea1d37..80f4b33 100644 /* * The return value from decompress routine is the length of the +diff --git a/include/linux/preempt.h b/include/linux/preempt.h +index f5d4723..a6ea2fa 100644 +--- a/include/linux/preempt.h ++++ b/include/linux/preempt.h +@@ -18,8 +18,13 @@ + # define sub_preempt_count(val) do { preempt_count() -= (val); } while (0) + #endif + ++#define raw_add_preempt_count(val) do { preempt_count() += (val); } while (0) ++#define raw_sub_preempt_count(val) do { preempt_count() -= (val); } while (0) ++ + #define inc_preempt_count() add_preempt_count(1) ++#define raw_inc_preempt_count() raw_add_preempt_count(1) + #define dec_preempt_count() sub_preempt_count(1) ++#define raw_dec_preempt_count() raw_sub_preempt_count(1) + + #define preempt_count() (current_thread_info()->preempt_count) + +@@ -64,6 +69,12 @@ do { \ + barrier(); \ + } while (0) + ++#define raw_preempt_disable() \ ++do { \ ++ raw_inc_preempt_count(); \ ++ barrier(); \ ++} while (0) ++ + #define sched_preempt_enable_no_resched() \ + do { \ + barrier(); \ +@@ -72,6 +83,12 @@ do { \ + + #define preempt_enable_no_resched() sched_preempt_enable_no_resched() + ++#define raw_preempt_enable_no_resched() \ ++do { \ ++ barrier(); \ ++ raw_dec_preempt_count(); \ ++} while (0) ++ + #define preempt_enable() \ + do { \ + preempt_enable_no_resched(); \ +@@ -116,8 +133,10 @@ do { \ + * region. + */ + #define preempt_disable() barrier() ++#define raw_preempt_disable() barrier() + #define sched_preempt_enable_no_resched() barrier() + #define preempt_enable_no_resched() barrier() ++#define raw_preempt_enable_no_resched() barrier() + #define preempt_enable() barrier() + + #define preempt_disable_notrace() barrier() diff --git a/include/linux/printk.h b/include/linux/printk.h -index 822171f..12b30e8 100644 +index 22c7052..ad3fa0a 100644 --- a/include/linux/printk.h +++ b/include/linux/printk.h -@@ -98,6 +98,8 @@ int no_printk(const char *fmt, ...) - extern asmlinkage __printf(1, 2) - void early_printk(const char *fmt, ...); +@@ -106,6 +106,8 @@ static inline __printf(1, 2) __cold + void early_printk(const char *s, ...) { } + #endif +extern int kptr_restrict; + #ifdef CONFIG_PRINTK asmlinkage __printf(5, 0) int vprintk_emit(int facility, int level, -@@ -132,7 +134,6 @@ extern bool printk_timed_ratelimit(unsigned long *caller_jiffies, +@@ -140,7 +142,6 @@ extern bool printk_timed_ratelimit(unsigned long *caller_jiffies, extern int printk_delay_msec; extern int dmesg_restrict; @@ -70638,10 +74294,10 @@ index 822171f..12b30e8 100644 extern void wake_up_klogd(void); diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h -index 94dfb2a..88b9d3b 100644 +index 608e60a..c26f864 100644 --- a/include/linux/proc_fs.h +++ b/include/linux/proc_fs.h -@@ -165,6 +165,18 @@ static inline struct proc_dir_entry *proc_create(const char *name, umode_t mode, +@@ -34,6 +34,19 @@ static inline struct proc_dir_entry *proc_create( return proc_create_data(name, mode, parent, proc_fops, NULL); } @@ -70657,23 +74313,28 @@ index 94dfb2a..88b9d3b 100644 +#endif +} + - static inline struct proc_dir_entry *create_proc_read_entry(const char *name, - umode_t mode, struct proc_dir_entry *base, - read_proc_t *read_proc, void * data) -@@ -266,7 +278,7 @@ struct proc_ns_operations { ++ + extern void proc_set_size(struct proc_dir_entry *, loff_t); + extern void proc_set_user(struct proc_dir_entry *, kuid_t, kgid_t); + extern void *PDE_DATA(const struct inode *); +diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h +index 34a1e10..03a6d03 100644 +--- a/include/linux/proc_ns.h ++++ b/include/linux/proc_ns.h +@@ -14,7 +14,7 @@ struct proc_ns_operations { void (*put)(void *ns); int (*install)(struct nsproxy *nsproxy, void *ns); unsigned int (*inum)(void *ns); -}; +} __do_const; - extern const struct proc_ns_operations netns_operations; - extern const struct proc_ns_operations utsns_operations; - extern const struct proc_ns_operations ipcns_operations; + + struct proc_ns { + void *ns; diff --git a/include/linux/random.h b/include/linux/random.h -index 347ce55..880f97c 100644 +index 3b9377d..61b506a 100644 --- a/include/linux/random.h +++ b/include/linux/random.h -@@ -39,6 +39,11 @@ void prandom_seed(u32 seed); +@@ -32,6 +32,11 @@ void prandom_seed(u32 seed); u32 prandom_u32_state(struct rnd_state *); void prandom_bytes_state(struct rnd_state *state, void *buf, int nbytes); @@ -70686,7 +74347,7 @@ index 347ce55..880f97c 100644 * Handle minimum values for seeds */ diff --git a/include/linux/rculist.h b/include/linux/rculist.h -index 8089e35..3a0d59a 100644 +index f4b1001..8ddb2b6 100644 --- a/include/linux/rculist.h +++ b/include/linux/rculist.h @@ -44,6 +44,9 @@ extern void __list_add_rcu(struct list_head *new, @@ -70787,10 +74448,10 @@ index 8e0c9fe..ac4d221 100644 /** * struct user_regset_view - available regsets diff --git a/include/linux/relay.h b/include/linux/relay.h -index 91cacc3..b55ff74 100644 +index d7c8359..818daf5 100644 --- a/include/linux/relay.h +++ b/include/linux/relay.h -@@ -160,7 +160,7 @@ struct rchan_callbacks +@@ -157,7 +157,7 @@ struct rchan_callbacks * The callback should return 0 if successful, negative if not. */ int (*remove_buf_file)(struct dentry *dentry); @@ -70800,10 +74461,10 @@ index 91cacc3..b55ff74 100644 /* * CONFIG_RELAY kernel API, kernel/relay.c diff --git a/include/linux/rio.h b/include/linux/rio.h -index a3e7842..d973ca6 100644 +index 18e0993..8ab5b21 100644 --- a/include/linux/rio.h +++ b/include/linux/rio.h -@@ -339,7 +339,7 @@ struct rio_ops { +@@ -345,7 +345,7 @@ struct rio_ops { int (*map_inb)(struct rio_mport *mport, dma_addr_t lstart, u64 rstart, u32 size, u32 flags); void (*unmap_inb)(struct rio_mport *mport, dma_addr_t lstart); @@ -70828,7 +74489,7 @@ index 6dacb93..6174423 100644 static inline void anon_vma_merge(struct vm_area_struct *vma, struct vm_area_struct *next) diff --git a/include/linux/sched.h b/include/linux/sched.h -index be4e742..7f9d593 100644 +index 3aeb14b..73816a6 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -62,6 +62,7 @@ struct bio_list; @@ -70839,7 +74500,7 @@ index be4e742..7f9d593 100644 /* * List of flags we want to share for kernel threads, -@@ -315,7 +316,7 @@ extern char __sched_text_start[], __sched_text_end[]; +@@ -303,7 +304,7 @@ extern char __sched_text_start[], __sched_text_end[]; extern int in_sched_functions(unsigned long addr); #define MAX_SCHEDULE_TIMEOUT LONG_MAX @@ -70848,10 +74509,11 @@ index be4e742..7f9d593 100644 extern signed long schedule_timeout_interruptible(signed long timeout); extern signed long schedule_timeout_killable(signed long timeout); extern signed long schedule_timeout_uninterruptible(signed long timeout); -@@ -329,6 +330,18 @@ struct user_namespace; - #include +@@ -314,7 +315,19 @@ struct nsproxy; + struct user_namespace; #ifdef CONFIG_MMU +-extern unsigned long mmap_legacy_base(void); + +#ifdef CONFIG_GRKERNSEC_RAND_THREADSTACK +extern unsigned long gr_rand_threadstack_offset(const struct mm_struct *mm, const struct file *filp, unsigned long flags); @@ -70864,10 +74526,11 @@ index be4e742..7f9d593 100644 + +extern bool check_heap_stack_gap(const struct vm_area_struct *vma, unsigned long addr, unsigned long len, unsigned long offset); +extern unsigned long skip_heap_stack_gap(const struct vm_area_struct *vma, unsigned long len, unsigned long offset); ++extern unsigned long mmap_legacy_base(struct mm_struct *mm); extern void arch_pick_mmap_layout(struct mm_struct *mm); extern unsigned long arch_get_unmapped_area(struct file *, unsigned long, unsigned long, -@@ -605,6 +618,17 @@ struct signal_struct { +@@ -592,6 +605,17 @@ struct signal_struct { #ifdef CONFIG_TASKSTATS struct taskstats *stats; #endif @@ -70884,29 +74547,23 @@ index be4e742..7f9d593 100644 + #ifdef CONFIG_AUDIT unsigned audit_tty; - struct tty_audit_buf *tty_audit_buf; -@@ -683,6 +707,11 @@ struct user_struct { + unsigned audit_tty_log_passwd; +@@ -672,6 +696,14 @@ struct user_struct { struct key *session_keyring; /* UID's default session keyring */ #endif -+#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT) || defined(CONFIG_GRKERNSEC_BRUTE) -+ unsigned int banned; -+ unsigned long ban_expires; ++#ifdef CONFIG_GRKERNSEC_KERN_LOCKOUT ++ unsigned char kernel_banned; ++#endif ++#ifdef CONFIG_GRKERNSEC_BRUTE ++ unsigned char suid_banned; ++ unsigned long suid_ban_expires; +#endif + /* Hash table maintenance information */ struct hlist_node uidhash_node; kuid_t uid; -@@ -1082,7 +1111,7 @@ struct sched_class { - #ifdef CONFIG_FAIR_GROUP_SCHED - void (*task_move_group) (struct task_struct *p, int on_rq); - #endif --}; -+} __do_const; - - struct load_weight { - unsigned long weight, inv_weight; -@@ -1323,8 +1352,8 @@ struct task_struct { +@@ -1159,8 +1191,8 @@ struct task_struct { struct list_head thread_group; struct completion *vfork_done; /* for vfork() */ @@ -70917,7 +74574,7 @@ index be4e742..7f9d593 100644 cputime_t utime, stime, utimescaled, stimescaled; cputime_t gtime; -@@ -1349,11 +1378,6 @@ struct task_struct { +@@ -1185,11 +1217,6 @@ struct task_struct { struct task_cputime cputime_expires; struct list_head cpu_timers[3]; @@ -70929,7 +74586,7 @@ index be4e742..7f9d593 100644 char comm[TASK_COMM_LEN]; /* executable name excluding path - access with [gs]et_task_comm (which lock it with task_lock()) -@@ -1370,6 +1394,10 @@ struct task_struct { +@@ -1206,6 +1233,10 @@ struct task_struct { #endif /* CPU-specific state of this task */ struct thread_struct thread; @@ -70940,7 +74597,7 @@ index be4e742..7f9d593 100644 /* filesystem information */ struct fs_struct *fs; /* open file information */ -@@ -1443,6 +1471,10 @@ struct task_struct { +@@ -1279,6 +1310,10 @@ struct task_struct { gfp_t lockdep_reclaim_gfp; #endif @@ -70951,7 +74608,7 @@ index be4e742..7f9d593 100644 /* journalling filesystem info */ void *journal_info; -@@ -1481,6 +1513,10 @@ struct task_struct { +@@ -1317,6 +1352,10 @@ struct task_struct { /* cg_list protected by css_set_lock and tsk->alloc_lock */ struct list_head cg_list; #endif @@ -70962,9 +74619,9 @@ index be4e742..7f9d593 100644 #ifdef CONFIG_FUTEX struct robust_list_head __user *robust_list; #ifdef CONFIG_COMPAT -@@ -1577,8 +1613,74 @@ struct task_struct { - #ifdef CONFIG_UPROBES - struct uprobe_task *utask; +@@ -1417,8 +1456,76 @@ struct task_struct { + unsigned int sequential_io; + unsigned int sequential_io_avg; #endif + +#ifdef CONFIG_GRKERNSEC @@ -71030,6 +74687,8 @@ index be4e742..7f9d593 100644 +extern void (*pax_set_initial_flags_func)(struct linux_binprm *bprm); +#endif + ++struct path; ++extern char *pax_get_path(const struct path *path, char *buf, int buflen); +extern void pax_report_fault(struct pt_regs *regs, void *pc, void *sp); +extern void pax_report_insns(struct pt_regs *regs, void *pc, void *sp); +extern void pax_report_refcount_overflow(struct pt_regs *regs); @@ -71037,7 +74696,7 @@ index be4e742..7f9d593 100644 /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) -@@ -1637,7 +1739,7 @@ struct pid_namespace; +@@ -1477,7 +1584,7 @@ struct pid_namespace; pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type, struct pid_namespace *ns); @@ -71046,7 +74705,7 @@ index be4e742..7f9d593 100644 { return tsk->pid; } -@@ -2073,7 +2175,9 @@ void yield(void); +@@ -1920,7 +2027,9 @@ void yield(void); extern struct exec_domain default_exec_domain; union thread_union { @@ -71056,7 +74715,7 @@ index be4e742..7f9d593 100644 unsigned long stack[THREAD_SIZE/sizeof(long)]; }; -@@ -2106,6 +2210,7 @@ extern struct pid_namespace init_pid_ns; +@@ -1953,6 +2062,7 @@ extern struct pid_namespace init_pid_ns; */ extern struct task_struct *find_task_by_vpid(pid_t nr); @@ -71064,7 +74723,7 @@ index be4e742..7f9d593 100644 extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); -@@ -2272,7 +2377,7 @@ extern void __cleanup_sighand(struct sighand_struct *); +@@ -2119,7 +2229,7 @@ extern void __cleanup_sighand(struct sighand_struct *); extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); @@ -71073,7 +74732,7 @@ index be4e742..7f9d593 100644 extern int allow_signal(int); extern int disallow_signal(int); -@@ -2463,9 +2568,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) +@@ -2310,9 +2420,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) #endif @@ -71098,7 +74757,7 @@ index bf8086b..962b035 100644 extern unsigned int sysctl_sched_latency; extern unsigned int sysctl_sched_min_granularity; diff --git a/include/linux/security.h b/include/linux/security.h -index 032c366..2c1c2dc2 100644 +index 4686491..2bd210e 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -26,6 +26,7 @@ @@ -71110,7 +74769,7 @@ index 032c366..2c1c2dc2 100644 struct linux_binprm; struct cred; diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h -index 68a04a3..866e6a1 100644 +index 2da29ac..aac448ec 100644 --- a/include/linux/seq_file.h +++ b/include/linux/seq_file.h @@ -26,6 +26,9 @@ struct seq_file { @@ -71146,11 +74805,23 @@ index 429c199..4d42e38 100644 }; /* shm_mode upper byte flags */ +diff --git a/include/linux/signal.h b/include/linux/signal.h +index d897484..323ba98 100644 +--- a/include/linux/signal.h ++++ b/include/linux/signal.h +@@ -433,6 +433,7 @@ void signals_init(void); + + int restore_altstack(const stack_t __user *); + int __save_altstack(stack_t __user *, unsigned long); ++void __save_altstack_ex(stack_t __user *, unsigned long); + + #ifdef CONFIG_PROC_FS + struct seq_file; diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index b8292d8..96db310 100644 +index dec1748..112c1f9 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -599,7 +599,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, +@@ -640,7 +640,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, extern struct sk_buff *__alloc_skb(unsigned int size, gfp_t priority, int flags, int node); extern struct sk_buff *build_skb(void *data, unsigned int frag_size); @@ -71159,7 +74830,7 @@ index b8292d8..96db310 100644 gfp_t priority) { return __alloc_skb(size, priority, 0, NUMA_NO_NODE); -@@ -709,7 +709,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb) +@@ -756,7 +756,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb) */ static inline int skb_queue_empty(const struct sk_buff_head *list) { @@ -71168,7 +74839,7 @@ index b8292d8..96db310 100644 } /** -@@ -722,7 +722,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list) +@@ -769,7 +769,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list) static inline bool skb_queue_is_last(const struct sk_buff_head *list, const struct sk_buff *skb) { @@ -71177,7 +74848,7 @@ index b8292d8..96db310 100644 } /** -@@ -735,7 +735,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list, +@@ -782,7 +782,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list, static inline bool skb_queue_is_first(const struct sk_buff_head *list, const struct sk_buff *skb) { @@ -71186,7 +74857,7 @@ index b8292d8..96db310 100644 } /** -@@ -1756,7 +1756,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) +@@ -1848,7 +1848,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) */ #ifndef NET_SKB_PAD @@ -71195,7 +74866,7 @@ index b8292d8..96db310 100644 #endif extern int ___pskb_trim(struct sk_buff *skb, unsigned int len); -@@ -2351,7 +2351,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, +@@ -2443,7 +2443,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, int noblock, int *err); extern unsigned int datagram_poll(struct file *file, struct socket *sock, struct poll_table_struct *wait); @@ -71204,7 +74875,7 @@ index b8292d8..96db310 100644 int offset, struct iovec *to, int size); extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, -@@ -2641,6 +2641,9 @@ static inline void nf_reset(struct sk_buff *skb) +@@ -2733,6 +2733,9 @@ static inline void nf_reset(struct sk_buff *skb) nf_bridge_put(skb->nf_bridge); skb->nf_bridge = NULL; #endif @@ -71215,10 +74886,10 @@ index b8292d8..96db310 100644 static inline void nf_reset_trace(struct sk_buff *skb) diff --git a/include/linux/slab.h b/include/linux/slab.h -index 5d168d7..720bff3 100644 +index 0c62175..f016ac1 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h -@@ -12,13 +12,20 @@ +@@ -12,15 +12,29 @@ #include #include #include @@ -71239,8 +74910,17 @@ index 5d168d7..720bff3 100644 + #define SLAB_RED_ZONE 0x00000400UL /* DEBUG: Red zone objs in a cache */ #define SLAB_POISON 0x00000800UL /* DEBUG: Poison objects */ ++ ++#ifdef CONFIG_PAX_MEMORY_SANITIZE ++#define SLAB_NO_SANITIZE 0x00001000UL /* PaX: Do not sanitize objs on free */ ++#else ++#define SLAB_NO_SANITIZE 0x00000000UL ++#endif ++ #define SLAB_HWCACHE_ALIGN 0x00002000UL /* Align objs on cache lines */ -@@ -89,10 +96,13 @@ + #define SLAB_CACHE_DMA 0x00004000UL /* Use GFP_DMA memory */ + #define SLAB_STORE_USER 0x00010000UL /* DEBUG: Store the last owner for bug hunting */ +@@ -89,10 +103,13 @@ * ZERO_SIZE_PTR can be passed to kfree though in the same way that NULL can. * Both make kfree a no-op. */ @@ -71255,9 +74935,18 @@ index 5d168d7..720bff3 100644 - (unsigned long)ZERO_SIZE_PTR) +#define ZERO_OR_NULL_PTR(x) ((unsigned long)(x) - 1 >= (unsigned long)ZERO_SIZE_PTR - 1) + + struct mem_cgroup; +@@ -132,6 +149,8 @@ void * __must_check krealloc(const void *, size_t, gfp_t); + void kfree(const void *); + void kzfree(const void *); + size_t ksize(const void *); ++const char *check_heap_object(const void *ptr, unsigned long n); ++bool is_usercopy_object(const void *ptr); + /* - * Common fields provided in kmem_cache by all slab allocators -@@ -112,7 +122,7 @@ struct kmem_cache { + * Some archs want to perform DMA into kmalloc caches and need a guaranteed +@@ -164,7 +183,7 @@ struct kmem_cache { unsigned int align; /* Alignment as calculated */ unsigned long flags; /* Active flags on the slab */ const char *name; /* Slab name for sysfs */ @@ -71266,16 +74955,27 @@ index 5d168d7..720bff3 100644 void (*ctor)(void *); /* Called on object slot creation */ struct list_head list; /* List of all slab caches on the system */ }; -@@ -232,6 +242,8 @@ void * __must_check krealloc(const void *, size_t, gfp_t); - void kfree(const void *); - void kzfree(const void *); - size_t ksize(const void *); -+const char *check_heap_object(const void *ptr, unsigned long n); -+bool is_usercopy_object(const void *ptr); +@@ -226,6 +245,10 @@ extern struct kmem_cache *kmalloc_caches[KMALLOC_SHIFT_HIGH + 1]; + extern struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1]; + #endif ++#ifdef CONFIG_PAX_USERCOPY_SLABS ++extern struct kmem_cache *kmalloc_usercopy_caches[KMALLOC_SHIFT_HIGH + 1]; ++#endif ++ /* - * Allocator specific definitions. These are mainly used to establish optimized -@@ -311,6 +323,7 @@ size_t ksize(const void *); + * Figure out which kmalloc slab an allocation of a certain size + * belongs to. +@@ -234,7 +257,7 @@ extern struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1]; + * 2 = 120 .. 192 bytes + * n = 2^(n-1) .. 2^n -1 + */ +-static __always_inline int kmalloc_index(size_t size) ++static __always_inline __size_overflow(1) int kmalloc_index(size_t size) + { + if (!size) + return 0; +@@ -406,6 +429,7 @@ void print_slabinfo_header(struct seq_file *m); * for general use, and so are not documented here. For a full list of * potential flags, always refer to linux/gfp.h. */ @@ -71283,7 +74983,7 @@ index 5d168d7..720bff3 100644 static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags) { if (size != 0 && n > SIZE_MAX / size) -@@ -370,7 +383,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, +@@ -465,7 +489,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) || \ (defined(CONFIG_SLOB) && defined(CONFIG_TRACING)) @@ -71292,7 +74992,7 @@ index 5d168d7..720bff3 100644 #define kmalloc_track_caller(size, flags) \ __kmalloc_track_caller(size, flags, _RET_IP_) #else -@@ -390,7 +403,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); +@@ -485,7 +509,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) || \ (defined(CONFIG_SLOB) && defined(CONFIG_TRACING)) @@ -71302,10 +75002,10 @@ index 5d168d7..720bff3 100644 __kmalloc_node_track_caller(size, flags, node, \ _RET_IP_) diff --git a/include/linux/slab_def.h b/include/linux/slab_def.h -index 8bb6e0e..8eb0dbe 100644 +index cd40158..4e2f7af 100644 --- a/include/linux/slab_def.h +++ b/include/linux/slab_def.h -@@ -52,7 +52,7 @@ struct kmem_cache { +@@ -50,7 +50,7 @@ struct kmem_cache { /* 4) cache creation/removal */ const char *name; struct list_head list; @@ -71314,7 +75014,7 @@ index 8bb6e0e..8eb0dbe 100644 int object_size; int align; -@@ -68,10 +68,10 @@ struct kmem_cache { +@@ -66,10 +66,14 @@ struct kmem_cache { unsigned long node_allocs; unsigned long node_frees; unsigned long node_overflow; @@ -71326,20 +75026,15 @@ index 8bb6e0e..8eb0dbe 100644 + atomic_unchecked_t allocmiss; + atomic_unchecked_t freehit; + atomic_unchecked_t freemiss; ++#ifdef CONFIG_PAX_MEMORY_SANITIZE ++ atomic_unchecked_t sanitized; ++ atomic_unchecked_t not_sanitized; ++#endif /* * If debugging is enabled, then the allocator can add additional -@@ -111,11 +111,16 @@ struct cache_sizes { - #ifdef CONFIG_ZONE_DMA - struct kmem_cache *cs_dmacachep; - #endif -+ -+#ifdef CONFIG_PAX_USERCOPY_SLABS -+ struct kmem_cache *cs_usercopycachep; -+#endif -+ +@@ -103,7 +107,7 @@ struct kmem_cache { }; - extern struct cache_sizes malloc_sizes[]; void *kmem_cache_alloc(struct kmem_cache *, gfp_t); -void *__kmalloc(size_t size, gfp_t flags); @@ -71347,21 +75042,21 @@ index 8bb6e0e..8eb0dbe 100644 #ifdef CONFIG_TRACING extern void *kmem_cache_alloc_trace(struct kmem_cache *, gfp_t, size_t); -@@ -152,6 +157,13 @@ found: - cachep = malloc_sizes[i].cs_dmacachep; +@@ -136,6 +140,13 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) + cachep = kmalloc_dma_caches[i]; else #endif + +#ifdef CONFIG_PAX_USERCOPY_SLABS + if (flags & GFP_USERCOPY) -+ cachep = malloc_sizes[i].cs_usercopycachep; ++ cachep = kmalloc_usercopy_caches[i]; + else +#endif + - cachep = malloc_sizes[i].cs_cachep; + cachep = kmalloc_caches[i]; ret = kmem_cache_alloc_trace(cachep, flags, size); -@@ -162,7 +174,7 @@ found: +@@ -146,7 +157,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) } #ifdef CONFIG_NUMA @@ -71370,18 +75065,18 @@ index 8bb6e0e..8eb0dbe 100644 extern void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node); #ifdef CONFIG_TRACING -@@ -205,6 +217,13 @@ found: - cachep = malloc_sizes[i].cs_dmacachep; +@@ -185,6 +196,13 @@ static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) + cachep = kmalloc_dma_caches[i]; else #endif + +#ifdef CONFIG_PAX_USERCOPY_SLABS + if (flags & GFP_USERCOPY) -+ cachep = malloc_sizes[i].cs_usercopycachep; ++ cachep = kmalloc_usercopy_caches[i]; + else +#endif + - cachep = malloc_sizes[i].cs_cachep; + cachep = kmalloc_caches[i]; return kmem_cache_alloc_node_trace(cachep, flags, node, size); diff --git a/include/linux/slob_def.h b/include/linux/slob_def.h @@ -71407,10 +75102,10 @@ index f28e14a..7831211 100644 return kmalloc(size, flags); } diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h -index 9db4825..ed42fb5 100644 +index 027276f..092bfe8 100644 --- a/include/linux/slub_def.h +++ b/include/linux/slub_def.h -@@ -91,7 +91,7 @@ struct kmem_cache { +@@ -80,7 +80,7 @@ struct kmem_cache { struct kmem_cache_order_objects max; struct kmem_cache_order_objects min; gfp_t allocflags; /* gfp flags to use on each alloc */ @@ -71419,17 +75114,8 @@ index 9db4825..ed42fb5 100644 void (*ctor)(void *); int inuse; /* Offset to metadata */ int align; /* Alignment */ -@@ -156,7 +156,7 @@ extern struct kmem_cache *kmalloc_caches[SLUB_PAGE_SHIFT]; - * Sorry that the following has to be that ugly but some versions of GCC - * have trouble with constant propagation and loops. - */ --static __always_inline int kmalloc_index(size_t size) -+static __always_inline __size_overflow(1) int kmalloc_index(size_t size) - { - if (!size) - return 0; -@@ -221,7 +221,7 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size) - } +@@ -105,7 +105,7 @@ struct kmem_cache { + }; void *kmem_cache_alloc(struct kmem_cache *, gfp_t); -void *__kmalloc(size_t size, gfp_t flags); @@ -71437,7 +75123,7 @@ index 9db4825..ed42fb5 100644 static __always_inline void * kmalloc_order(size_t size, gfp_t flags, unsigned int order) -@@ -265,7 +265,7 @@ kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order) +@@ -149,7 +149,7 @@ kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order) } #endif @@ -71446,7 +75132,7 @@ index 9db4825..ed42fb5 100644 { unsigned int order = get_order(size); return kmalloc_order_trace(size, flags, order); -@@ -290,7 +290,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) +@@ -175,7 +175,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) } #ifdef CONFIG_NUMA @@ -71455,11 +75141,25 @@ index 9db4825..ed42fb5 100644 void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node); #ifdef CONFIG_TRACING +diff --git a/include/linux/smp.h b/include/linux/smp.h +index c848876..11e8a84 100644 +--- a/include/linux/smp.h ++++ b/include/linux/smp.h +@@ -221,7 +221,9 @@ static inline void kick_all_cpus_sync(void) { } + #endif + + #define get_cpu() ({ preempt_disable(); smp_processor_id(); }) ++#define raw_get_cpu() ({ raw_preempt_disable(); raw_smp_processor_id(); }) + #define put_cpu() preempt_enable() ++#define raw_put_cpu_no_resched() raw_preempt_enable_no_resched() + + /* + * Callback to arch code if there's nosmp or maxcpus=0 on the diff --git a/include/linux/sock_diag.h b/include/linux/sock_diag.h -index e8d702e..0a56eb4 100644 +index 54f91d3..be2c379 100644 --- a/include/linux/sock_diag.h +++ b/include/linux/sock_diag.h -@@ -10,7 +10,7 @@ struct sock; +@@ -11,7 +11,7 @@ struct sock; struct sock_diag_handler { __u8 family; int (*dump)(struct sk_buff *skb, struct nlmsghdr *nlh); @@ -71516,7 +75216,7 @@ index 07d8e53..dc934c9 100644 #endif /* _LINUX_SUNRPC_ADDR_H */ diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h -index 2cf4ffa..470d140 100644 +index bfe11be..12bc8c4 100644 --- a/include/linux/sunrpc/clnt.h +++ b/include/linux/sunrpc/clnt.h @@ -96,7 +96,7 @@ struct rpc_procinfo { @@ -71598,10 +75298,25 @@ index a5ffd32..0935dea 100644 extern dma_addr_t swiotlb_map_page(struct device *dev, struct page *page, unsigned long offset, size_t size, diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h -index 313a8e0..6b273a9 100644 +index 84662ec..d8f8adb 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h -@@ -418,11 +418,11 @@ asmlinkage long sys_sync(void); +@@ -97,8 +97,12 @@ struct sigaltstack; + #define __MAP(n,...) __MAP##n(__VA_ARGS__) + + #define __SC_DECL(t, a) t a +-#define __TYPE_IS_LL(t) (__same_type((t)0, 0LL) || __same_type((t)0, 0ULL)) +-#define __SC_LONG(t, a) __typeof(__builtin_choose_expr(__TYPE_IS_LL(t), 0LL, 0L)) a ++#define __TYPE_IS_SL(t) (__same_type((t)0, 0L)) ++#define __TYPE_IS_UL(t) (__same_type((t)0, 0UL)) ++#define __TYPE_IS_SLL(t) (__same_type((t)0, 0LL)) ++#define __TYPE_IS_ULL(t) (__same_type((t)0, 0ULL)) ++#define __TYPE_IS_LL(t) (__TYPE_IS_SLL(t) || __TYPE_IS_ULL(t)) ++#define __SC_LONG(t, a) __typeof(__builtin_choose_expr(__TYPE_IS_LL(t), __builtin_choose_expr(__TYPE_IS_ULL(t), 0ULL, 0LL), __builtin_choose_expr(__TYPE_IS_UL(t), 0UL, 0L))) a + #define __SC_CAST(t, a) (t) a + #define __SC_ARGS(t, a) a + #define __SC_TEST(t, a) (void)BUILD_BUG_ON_ZERO(!__TYPE_IS_LL(t) && sizeof(t) > sizeof(long)) +@@ -362,11 +366,11 @@ asmlinkage long sys_sync(void); asmlinkage long sys_fsync(unsigned int fd); asmlinkage long sys_fdatasync(unsigned int fd); asmlinkage long sys_bdflush(int func, long data); @@ -71617,7 +75332,7 @@ index 313a8e0..6b273a9 100644 asmlinkage long sys_truncate(const char __user *path, long length); asmlinkage long sys_ftruncate(unsigned int fd, unsigned long length); asmlinkage long sys_stat(const char __user *filename, -@@ -634,7 +634,7 @@ asmlinkage long sys_getsockname(int, struct sockaddr __user *, int __user *); +@@ -578,7 +582,7 @@ asmlinkage long sys_getsockname(int, struct sockaddr __user *, int __user *); asmlinkage long sys_getpeername(int, struct sockaddr __user *, int __user *); asmlinkage long sys_send(int, void __user *, size_t, unsigned); asmlinkage long sys_sendto(int, void __user *, size_t, unsigned, @@ -71747,7 +75462,7 @@ index e7e0473..7989295 100644 #endif /* _LINUX_THREAD_INFO_H */ diff --git a/include/linux/tty.h b/include/linux/tty.h -index c75d886..04cb148 100644 +index 8780bd2..d1ae08b 100644 --- a/include/linux/tty.h +++ b/include/linux/tty.h @@ -194,7 +194,7 @@ struct tty_port { @@ -71759,7 +75474,7 @@ index c75d886..04cb148 100644 wait_queue_head_t open_wait; /* Open waiters */ wait_queue_head_t close_wait; /* Close waiters */ wait_queue_head_t delta_msr_wait; /* Modem status change */ -@@ -515,7 +515,7 @@ extern int tty_port_open(struct tty_port *port, +@@ -550,7 +550,7 @@ extern int tty_port_open(struct tty_port *port, struct tty_struct *tty, struct file *filp); static inline int tty_port_users(struct tty_port *port) { @@ -71782,13 +75497,13 @@ index 756a609..b302dd6 100644 struct tty_driver { int magic; /* magic number for this structure */ diff --git a/include/linux/tty_ldisc.h b/include/linux/tty_ldisc.h -index 455a0d7..bf97ff5 100644 +index 58390c7..95e214c 100644 --- a/include/linux/tty_ldisc.h +++ b/include/linux/tty_ldisc.h @@ -146,7 +146,7 @@ struct tty_ldisc_ops { struct module *owner; - + - int refcount; + atomic_t refcount; }; @@ -71910,10 +75625,10 @@ index 99c1b4d..562e6f3 100644 static inline void put_unaligned_le16(u16 val, void *p) diff --git a/include/linux/usb.h b/include/linux/usb.h -index 4d22d0f..8d0e8f8 100644 +index a0bee5a..5533a52 100644 --- a/include/linux/usb.h +++ b/include/linux/usb.h -@@ -554,7 +554,7 @@ struct usb_device { +@@ -552,7 +552,7 @@ struct usb_device { int maxchild; u32 quirks; @@ -71922,7 +75637,7 @@ index 4d22d0f..8d0e8f8 100644 unsigned long active_duration; -@@ -1604,7 +1604,7 @@ void usb_buffer_unmap_sg(const struct usb_device *dev, int is_in, +@@ -1607,7 +1607,7 @@ void usb_buffer_unmap_sg(const struct usb_device *dev, int is_in, extern int usb_control_msg(struct usb_device *dev, unsigned int pipe, __u8 request, __u8 requesttype, __u16 value, __u16 index, @@ -71932,7 +75647,7 @@ index 4d22d0f..8d0e8f8 100644 void *data, int len, int *actual_length, int timeout); extern int usb_bulk_msg(struct usb_device *usb_dev, unsigned int pipe, diff --git a/include/linux/usb/renesas_usbhs.h b/include/linux/usb/renesas_usbhs.h -index c5d36c6..108f4f9 100644 +index e452ba6..78f8e80 100644 --- a/include/linux/usb/renesas_usbhs.h +++ b/include/linux/usb/renesas_usbhs.h @@ -39,7 +39,7 @@ enum { @@ -71986,22 +75701,22 @@ index 6f8fbcf..8259001 100644 + MODULE_GRSEC diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h -index 6071e91..ca6a489 100644 +index 7d5773a..541c01c 100644 --- a/include/linux/vmalloc.h +++ b/include/linux/vmalloc.h -@@ -14,6 +14,11 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */ +@@ -16,6 +16,11 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */ #define VM_USERMAP 0x00000008 /* suitable for remap_vmalloc_range */ #define VM_VPAGES 0x00000010 /* buffer for pages was vmalloc'ed */ #define VM_UNLIST 0x00000020 /* vm_struct is not listed in vmlist */ + -+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) +#define VM_KERNEXEC 0x00000040 /* allocate from executable kernel memory range */ +#endif + /* bits [20..32] reserved for arch specific ioremap internals */ /* -@@ -62,7 +67,7 @@ extern void *vmalloc_32_user(unsigned long size); +@@ -75,7 +80,7 @@ extern void *vmalloc_32_user(unsigned long size); extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot); extern void *__vmalloc_node_range(unsigned long size, unsigned long align, unsigned long start, unsigned long end, gfp_t gfp_mask, @@ -72010,7 +75725,7 @@ index 6071e91..ca6a489 100644 extern void vfree(const void *addr); extern void *vmap(struct page **pages, unsigned int count, -@@ -124,8 +129,8 @@ extern struct vm_struct *alloc_vm_area(size_t size, pte_t **ptes); +@@ -137,8 +142,8 @@ extern struct vm_struct *alloc_vm_area(size_t size, pte_t **ptes); extern void free_vm_area(struct vm_struct *area); /* for /dev/kmem */ @@ -72022,10 +75737,10 @@ index 6071e91..ca6a489 100644 /* * Internals. Dont't use.. diff --git a/include/linux/vmstat.h b/include/linux/vmstat.h -index 5fd71a7..e5ef9a9 100644 +index c586679..f06b389 100644 --- a/include/linux/vmstat.h +++ b/include/linux/vmstat.h -@@ -95,18 +95,18 @@ static inline void vm_events_fold_cpu(int cpu) +@@ -90,18 +90,18 @@ static inline void vm_events_fold_cpu(int cpu) /* * Zone based page accounting with per cpu differentials. */ @@ -72048,7 +75763,7 @@ index 5fd71a7..e5ef9a9 100644 #ifdef CONFIG_SMP if (x < 0) x = 0; -@@ -117,7 +117,7 @@ static inline unsigned long global_page_state(enum zone_stat_item item) +@@ -112,7 +112,7 @@ static inline unsigned long global_page_state(enum zone_stat_item item) static inline unsigned long zone_page_state(struct zone *zone, enum zone_stat_item item) { @@ -72057,7 +75772,7 @@ index 5fd71a7..e5ef9a9 100644 #ifdef CONFIG_SMP if (x < 0) x = 0; -@@ -134,7 +134,7 @@ static inline unsigned long zone_page_state(struct zone *zone, +@@ -129,7 +129,7 @@ static inline unsigned long zone_page_state(struct zone *zone, static inline unsigned long zone_page_state_snapshot(struct zone *zone, enum zone_stat_item item) { @@ -72066,7 +75781,7 @@ index 5fd71a7..e5ef9a9 100644 #ifdef CONFIG_SMP int cpu; -@@ -226,8 +226,8 @@ static inline void __mod_zone_page_state(struct zone *zone, +@@ -221,8 +221,8 @@ static inline void __mod_zone_page_state(struct zone *zone, static inline void __inc_zone_state(struct zone *zone, enum zone_stat_item item) { @@ -72077,7 +75792,7 @@ index 5fd71a7..e5ef9a9 100644 } static inline void __inc_zone_page_state(struct page *page, -@@ -238,8 +238,8 @@ static inline void __inc_zone_page_state(struct page *page, +@@ -233,8 +233,8 @@ static inline void __inc_zone_page_state(struct page *page, static inline void __dec_zone_state(struct zone *zone, enum zone_stat_item item) { @@ -72145,18 +75860,6 @@ index 95d1c91..6798cca 100644 /* * Newer version of video_device, handled by videodev2.c -diff --git a/include/media/v4l2-ioctl.h b/include/media/v4l2-ioctl.h -index 4118ad1..cb7e25f 100644 ---- a/include/media/v4l2-ioctl.h -+++ b/include/media/v4l2-ioctl.h -@@ -284,7 +284,6 @@ struct v4l2_ioctl_ops { - bool valid_prio, int cmd, void *arg); - }; - -- - /* v4l debugging and diagnostics */ - - /* Debug bitmask flags to be used on V4L2 */ diff --git a/include/net/9p/transport.h b/include/net/9p/transport.h index adcbb20..62c2559 100644 --- a/include/net/9p/transport.h @@ -72171,7 +75874,7 @@ index adcbb20..62c2559 100644 void v9fs_register_trans(struct p9_trans_module *m); void v9fs_unregister_trans(struct p9_trans_module *m); diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h -index cdd3302..76f8ede 100644 +index fb94cf1..7c0c987 100644 --- a/include/net/bluetooth/l2cap.h +++ b/include/net/bluetooth/l2cap.h @@ -551,7 +551,7 @@ struct l2cap_ops { @@ -72184,7 +75887,7 @@ index cdd3302..76f8ede 100644 struct l2cap_conn { struct hci_conn *hcon; diff --git a/include/net/caif/cfctrl.h b/include/net/caif/cfctrl.h -index 9e5425b..8136ffc 100644 +index f2ae33d..c457cf0 100644 --- a/include/net/caif/cfctrl.h +++ b/include/net/caif/cfctrl.h @@ -52,7 +52,7 @@ struct cfctrl_rsp { @@ -72220,10 +75923,10 @@ index 628e11b..4c475df 100644 #endif diff --git a/include/net/genetlink.h b/include/net/genetlink.h -index bdfbe68..4402ebe 100644 +index 93024a4..eeb6b6e 100644 --- a/include/net/genetlink.h +++ b/include/net/genetlink.h -@@ -118,7 +118,7 @@ struct genl_ops { +@@ -119,7 +119,7 @@ struct genl_ops { struct netlink_callback *cb); int (*done)(struct netlink_callback *cb); struct list_head ops_list; @@ -72246,7 +75949,7 @@ index 734d9b5..48a9a4b 100644 return; } diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h -index 1832927..ce39aea 100644 +index de2c785..0588a6b 100644 --- a/include/net/inet_connection_sock.h +++ b/include/net/inet_connection_sock.h @@ -62,7 +62,7 @@ struct inet_connection_sock_af_ops { @@ -72314,10 +76017,10 @@ index e49db91..76a81de 100644 fib_info_update_nh_saddr((net), &FIB_RES_NH(res))) #define FIB_RES_GW(res) (FIB_RES_NH(res).nh_gw) diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h -index fce8e6b..3ca4916 100644 +index 4c062cc..3562c31 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h -@@ -599,7 +599,7 @@ struct ip_vs_conn { +@@ -612,7 +612,7 @@ struct ip_vs_conn { struct ip_vs_conn *control; /* Master control connection */ atomic_t n_control; /* Number of controlled ones */ struct ip_vs_dest *dest; /* real server */ @@ -72326,7 +76029,7 @@ index fce8e6b..3ca4916 100644 /* packet transmitter for different forwarding methods. If it mangles the packet, it must return NF_DROP or better NF_STOLEN, -@@ -737,7 +737,7 @@ struct ip_vs_dest { +@@ -761,7 +761,7 @@ struct ip_vs_dest { __be16 port; /* port number of the server */ union nf_inet_addr addr; /* IP address of the server */ volatile unsigned int flags; /* dest status flags */ @@ -72335,7 +76038,7 @@ index fce8e6b..3ca4916 100644 atomic_t weight; /* server weight */ atomic_t refcnt; /* reference counter */ -@@ -981,11 +981,11 @@ struct netns_ipvs { +@@ -1013,11 +1013,11 @@ struct netns_ipvs { /* ip_vs_lblc */ int sysctl_lblc_expiration; struct ctl_table_header *lblc_ctl_header; @@ -72442,10 +76145,10 @@ index 567c681..cd73ac0 100644 struct llc_sap_state { u8 curr_state; diff --git a/include/net/mac80211.h b/include/net/mac80211.h -index f7eba13..91ed983 100644 +index 885898a..cdace34 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h -@@ -4119,7 +4119,7 @@ struct rate_control_ops { +@@ -4205,7 +4205,7 @@ struct rate_control_ops { void (*add_sta_debugfs)(void *priv, void *priv_sta, struct dentry *dir); void (*remove_sta_debugfs)(void *priv, void *priv_sta); @@ -72468,10 +76171,10 @@ index 7e748ad..5c6229b 100644 struct pneigh_entry { struct pneigh_entry *next; diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h -index de644bc..dfbcc4c 100644 +index b176978..ea169f4 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h -@@ -115,7 +115,7 @@ struct net { +@@ -117,7 +117,7 @@ struct net { #endif struct netns_ipvs *ipvs; struct sock *diag_nlsk; @@ -72480,7 +76183,7 @@ index de644bc..dfbcc4c 100644 }; /* -@@ -272,7 +272,11 @@ static inline struct net *read_pnet(struct net * const *pnet) +@@ -274,7 +274,11 @@ static inline struct net *read_pnet(struct net * const *pnet) #define __net_init __init #define __net_exit __exit_refok #define __net_initdata __initdata @@ -72492,7 +76195,7 @@ index de644bc..dfbcc4c 100644 #endif struct pernet_operations { -@@ -282,7 +286,7 @@ struct pernet_operations { +@@ -284,7 +288,7 @@ struct pernet_operations { void (*exit_batch)(struct list_head *net_exit_list); int *id; size_t size; @@ -72501,7 +76204,7 @@ index de644bc..dfbcc4c 100644 /* * Use these carefully. If you implement a network device and it -@@ -330,12 +334,12 @@ static inline void unregister_net_sysctl_table(struct ctl_table_header *header) +@@ -332,12 +336,12 @@ static inline void unregister_net_sysctl_table(struct ctl_table_header *header) static inline int rt_genid(struct net *net) { @@ -72581,6 +76284,19 @@ index 2ba9de8..47bd6c7 100644 #ifdef CONFIG_IP_MROUTE #ifndef CONFIG_IP_MROUTE_MULTIPLE_TABLES +diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h +index 005e2c2..023d340 100644 +--- a/include/net/netns/ipv6.h ++++ b/include/net/netns/ipv6.h +@@ -71,7 +71,7 @@ struct netns_ipv6 { + struct fib_rules_ops *mr6_rules_ops; + #endif + #endif +- atomic_t dev_addr_genid; ++ atomic_unchecked_t dev_addr_genid; + }; + + #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6) diff --git a/include/net/protocol.h b/include/net/protocol.h index 047c047..b9dad15 100644 --- a/include/net/protocol.h @@ -72604,7 +76320,7 @@ index 047c047..b9dad15 100644 #define INET6_PROTO_NOPOLICY 0x1 #define INET6_PROTO_FINAL 0x2 diff --git a/include/net/rtnetlink.h b/include/net/rtnetlink.h -index 5a15fab..d799ea7 100644 +index 7026648..584cc8c 100644 --- a/include/net/rtnetlink.h +++ b/include/net/rtnetlink.h @@ -81,7 +81,7 @@ struct rtnl_link_ops { @@ -72617,7 +76333,7 @@ index 5a15fab..d799ea7 100644 extern int __rtnl_link_register(struct rtnl_link_ops *ops); extern void __rtnl_link_unregister(struct rtnl_link_ops *ops); diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h -index df85a0c..19ac300 100644 +index cd89510..d67810f 100644 --- a/include/net/sctp/sctp.h +++ b/include/net/sctp/sctp.h @@ -330,9 +330,9 @@ do { \ @@ -72656,10 +76372,10 @@ index 2a82d13..62a31c2 100644 /* Get the size of a DATA chunk payload. */ diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h -index 0e0f9d2..cd05ebb 100644 +index 1bd4c41..9250b5b 100644 --- a/include/net/sctp/structs.h +++ b/include/net/sctp/structs.h -@@ -517,7 +517,7 @@ struct sctp_pf { +@@ -516,7 +516,7 @@ struct sctp_pf { struct sctp_association *asoc); void (*addr_v4map) (struct sctp_sock *, union sctp_addr *); struct sctp_af *af; @@ -72668,20 +76384,8 @@ index 0e0f9d2..cd05ebb 100644 /* Structure to track chunk fragments that have been acked, but peer -diff --git a/include/net/secure_seq.h b/include/net/secure_seq.h -index c2e542b..6ca975b 100644 ---- a/include/net/secure_seq.h -+++ b/include/net/secure_seq.h -@@ -3,6 +3,7 @@ - - #include - -+extern void net_secret_init(void); - extern __u32 secure_ip_id(__be32 daddr); - extern __u32 secure_ipv6_id(const __be32 daddr[4]); - extern u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport); diff --git a/include/net/sock.h b/include/net/sock.h -index 0be480a..586232f 100644 +index 66772cf..25bc45b 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -325,7 +325,7 @@ struct sock { @@ -72693,7 +76397,7 @@ index 0be480a..586232f 100644 int sk_rcvbuf; struct sk_filter __rcu *sk_filter; -@@ -1796,7 +1796,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) +@@ -1797,7 +1797,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) } static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb, @@ -72702,7 +76406,7 @@ index 0be480a..586232f 100644 int copy, int offset) { if (skb->ip_summed == CHECKSUM_NONE) { -@@ -2055,7 +2055,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) +@@ -2056,7 +2056,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) } } @@ -72712,10 +76416,10 @@ index 0be480a..586232f 100644 /** * sk_page_frag - return an appropriate page_frag diff --git a/include/net/tcp.h b/include/net/tcp.h -index a345480..3c65cf4 100644 +index 5bba80f..8520a82 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h -@@ -529,7 +529,7 @@ extern void tcp_retransmit_timer(struct sock *sk); +@@ -524,7 +524,7 @@ extern void tcp_retransmit_timer(struct sock *sk); extern void tcp_xmit_retransmit_queue(struct sock *); extern void tcp_simple_retransmit(struct sock *); extern int tcp_trim_head(struct sock *, struct sk_buff *, u32); @@ -72724,7 +76428,7 @@ index a345480..3c65cf4 100644 extern void tcp_send_probe0(struct sock *); extern void tcp_send_partial(struct sock *); -@@ -700,8 +700,8 @@ struct tcp_skb_cb { +@@ -697,8 +697,8 @@ struct tcp_skb_cb { struct inet6_skb_parm h6; #endif } header; /* For incoming frames */ @@ -72735,7 +76439,7 @@ index a345480..3c65cf4 100644 __u32 when; /* used to compute rtt's */ __u8 tcp_flags; /* TCP header flags. (tcp[13]) */ -@@ -715,7 +715,7 @@ struct tcp_skb_cb { +@@ -712,7 +712,7 @@ struct tcp_skb_cb { __u8 ip_dsfield; /* IPv4 tos or IPv6 dsfield */ /* 1 byte hole */ @@ -72745,10 +76449,10 @@ index a345480..3c65cf4 100644 #define TCP_SKB_CB(__skb) ((struct tcp_skb_cb *)&((__skb)->cb[0])) diff --git a/include/net/xfrm.h b/include/net/xfrm.h -index 24c8886..e6fb816 100644 +index 94ce082..62b278d 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h -@@ -304,7 +304,7 @@ struct xfrm_policy_afinfo { +@@ -305,7 +305,7 @@ struct xfrm_policy_afinfo { struct net_device *dev, const struct flowi *fl); struct dst_entry *(*blackhole_route)(struct net *net, struct dst_entry *orig); @@ -72757,7 +76461,7 @@ index 24c8886..e6fb816 100644 extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo); extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo); -@@ -340,7 +340,7 @@ struct xfrm_state_afinfo { +@@ -341,7 +341,7 @@ struct xfrm_state_afinfo { struct sk_buff *skb); int (*transport_finish)(struct sk_buff *skb, int async); @@ -72766,7 +76470,7 @@ index 24c8886..e6fb816 100644 extern int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo); extern int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo); -@@ -423,7 +423,7 @@ struct xfrm_mode { +@@ -424,7 +424,7 @@ struct xfrm_mode { struct module *owner; unsigned int encap; int flags; @@ -72775,7 +76479,7 @@ index 24c8886..e6fb816 100644 /* Flags for xfrm_mode. */ enum { -@@ -520,7 +520,7 @@ struct xfrm_policy { +@@ -521,7 +521,7 @@ struct xfrm_policy { struct timer_list timer; struct flow_cache_object flo; @@ -72819,7 +76523,7 @@ index e1379b4..67eafbe 100644 u8 qfull; enum fc_lport_state state; diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h -index a7f9cba..b1f44d0 100644 +index cc64587..608f523 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h @@ -171,9 +171,9 @@ struct scsi_device { @@ -72850,10 +76554,10 @@ index b797e8f..8e2c3aa 100644 /** diff --git a/include/sound/compress_driver.h b/include/sound/compress_driver.h -index ff6c741..393815f 100644 +index 9031a26..750d592 100644 --- a/include/sound/compress_driver.h +++ b/include/sound/compress_driver.h -@@ -130,7 +130,7 @@ struct snd_compr_ops { +@@ -128,7 +128,7 @@ struct snd_compr_ops { struct snd_compr_caps *caps); int (*get_codec_caps) (struct snd_compr_stream *stream, struct snd_compr_codec_caps *codec); @@ -72863,10 +76567,10 @@ index ff6c741..393815f 100644 /** * struct snd_compr: Compressed device diff --git a/include/sound/soc.h b/include/sound/soc.h -index a6a059c..2243336 100644 +index 85c1522..f44bad1 100644 --- a/include/sound/soc.h +++ b/include/sound/soc.h -@@ -771,7 +771,7 @@ struct snd_soc_codec_driver { +@@ -781,7 +781,7 @@ struct snd_soc_codec_driver { /* probe ordering - for components with runtime dependencies */ int probe_order; int remove_order; @@ -72875,7 +76579,7 @@ index a6a059c..2243336 100644 /* SoC platform interface */ struct snd_soc_platform_driver { -@@ -817,7 +817,7 @@ struct snd_soc_platform_driver { +@@ -827,7 +827,7 @@ struct snd_soc_platform_driver { unsigned int (*read)(struct snd_soc_platform *, unsigned int); int (*write)(struct snd_soc_platform *, unsigned int, unsigned int); int (*bespoke_trigger)(struct snd_pcm_substream *, int); @@ -72885,10 +76589,10 @@ index a6a059c..2243336 100644 struct snd_soc_platform { const char *name; diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h -index f8640f3..b72d113 100644 +index 4ea4f98..a63629b 100644 --- a/include/target/target_core_base.h +++ b/include/target/target_core_base.h -@@ -658,7 +658,7 @@ struct se_device { +@@ -653,7 +653,7 @@ struct se_device { spinlock_t stats_lock; /* Active commands on this virtual SE device */ atomic_t simple_cmds; @@ -73068,7 +76772,7 @@ index d876736..ccce5c0 100644 #define __cpu_to_le64s(x) do { (void)(x); } while (0) #define __le64_to_cpus(x) do { (void)(x); } while (0) diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h -index 8072d35..e77aeb8 100644 +index ef6103b..d4e65dd 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -37,6 +37,17 @@ typedef __s64 Elf64_Sxword; @@ -73247,10 +76951,10 @@ index 1a91850..28573f8 100644 void *pmi_pal; u8 *vbe_state_orig; /* diff --git a/init/Kconfig b/init/Kconfig -index 5341d72..153f24f 100644 +index 2d9b831..ae4c8ac 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -984,6 +984,7 @@ endif # CGROUPS +@@ -1029,6 +1029,7 @@ endif # CGROUPS config CHECKPOINT_RESTORE bool "Checkpoint/restore support" if EXPERT @@ -73258,7 +76962,7 @@ index 5341d72..153f24f 100644 default n help Enables additional kernel features in a sake of checkpoint/restore. -@@ -1471,7 +1472,7 @@ config SLUB_DEBUG +@@ -1516,7 +1517,7 @@ config SLUB_DEBUG config COMPAT_BRK bool "Disable heap randomization" @@ -73267,7 +76971,7 @@ index 5341d72..153f24f 100644 help Randomizing heap placement makes heap exploits harder, but it also breaks ancient binaries (including anything libc5 based). -@@ -1734,7 +1735,7 @@ config INIT_ALL_POSSIBLE +@@ -1779,7 +1780,7 @@ config INIT_ALL_POSSIBLE config STOP_MACHINE bool default y @@ -73372,7 +77076,7 @@ index f5b978a..69dbfe8 100644 if (!S_ISBLK(stat.st_mode)) return 0; diff --git a/init/do_mounts_initrd.c b/init/do_mounts_initrd.c -index a32ec1c..60a6659 100644 +index 3e0878e..8a9d7a0 100644 --- a/init/do_mounts_initrd.c +++ b/init/do_mounts_initrd.c @@ -37,13 +37,13 @@ static int init_linuxrc(struct subprocess_info *info, struct cred *new) @@ -73393,7 +77097,7 @@ index a32ec1c..60a6659 100644 sys_setsid(); return 0; } -@@ -58,8 +58,8 @@ static void __init handle_initrd(void) +@@ -59,8 +59,8 @@ static void __init handle_initrd(void) create_dev("/dev/root.old", Root_RAM0); /* mount initrd on rootfs' /root */ mount_block_root("/dev/root.old", root_mountflags & ~MS_RDONLY); @@ -73404,7 +77108,7 @@ index a32ec1c..60a6659 100644 /* try loading default modules from initrd */ load_default_modules(); -@@ -76,31 +76,31 @@ static void __init handle_initrd(void) +@@ -80,31 +80,31 @@ static void __init handle_initrd(void) current->flags &= ~PF_FREEZER_SKIP; /* move initrd to rootfs' /old */ @@ -73443,7 +77147,7 @@ index a32ec1c..60a6659 100644 printk(KERN_NOTICE "Trying to free ramdisk memory ... "); if (fd < 0) { error = fd; -@@ -123,11 +123,11 @@ int __init initrd_load(void) +@@ -127,11 +127,11 @@ int __init initrd_load(void) * mounted in the normal path. */ if (rd_load_image("/initrd.image") && ROOT_DEV != Root_RAM0) { @@ -73503,7 +77207,7 @@ index ba0a7f36..2bcf1d5 100644 { INIT_THREAD_INFO(init_task) }; +#endif diff --git a/init/initramfs.c b/init/initramfs.c -index a67ef9d..3d88592 100644 +index a67ef9d..2d17ed9 100644 --- a/init/initramfs.c +++ b/init/initramfs.c @@ -84,7 +84,7 @@ static void __init free_hash(void) @@ -73614,11 +77318,20 @@ index a67ef9d..3d88592 100644 state = SkipIt; next_state = Reset; return 0; +@@ -583,7 +583,7 @@ static int __init populate_rootfs(void) + { + char *err = unpack_to_rootfs(__initramfs_start, __initramfs_size); + if (err) +- panic(err); /* Failed to decompress INTERNAL initramfs */ ++ panic("%s", err); /* Failed to decompress INTERNAL initramfs */ + if (initrd_start) { + #ifdef CONFIG_BLK_DEV_RAM + int fd; diff --git a/init/main.c b/init/main.c -index 63534a1..85feae2 100644 +index 9484f4b..0eac7c3 100644 --- a/init/main.c +++ b/init/main.c -@@ -98,6 +98,8 @@ static inline void mark_rodata_ro(void) { } +@@ -100,6 +100,8 @@ static inline void mark_rodata_ro(void) { } extern void tc_init(void); #endif @@ -73627,7 +77340,7 @@ index 63534a1..85feae2 100644 /* * Debug helper: via this flag we know that we are in 'early bootup code' * where only the boot processor is running with IRQ disabled. This means -@@ -151,6 +153,64 @@ static int __init set_reset_devices(char *str) +@@ -153,6 +155,74 @@ static int __init set_reset_devices(char *str) __setup("reset_devices", set_reset_devices); @@ -73642,11 +77355,10 @@ index 63534a1..85feae2 100644 +#endif + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+unsigned long pax_user_shadow_base __read_only = 1UL << TASK_SIZE_MAX_SHIFT; ++unsigned long pax_user_shadow_base __read_only; +EXPORT_SYMBOL(pax_user_shadow_base); +extern char pax_enter_kernel_user[]; +extern char pax_exit_kernel_user[]; -+extern pgdval_t clone_pgd_mask; +#endif + +#if defined(CONFIG_X86) && defined(CONFIG_PAX_MEMORY_UDEREF) @@ -73671,11 +77383,22 @@ index 63534a1..85feae2 100644 + memcpy(pax_exit_kernel_user, (unsigned char []){0xc3}, 1); + clone_pgd_mask = ~(pgdval_t)0UL; + pax_user_shadow_base = 0UL; ++ setup_clear_cpu_cap(X86_FEATURE_PCID); +#endif + + return 0; +} +early_param("pax_nouderef", setup_pax_nouderef); ++ ++#ifdef CONFIG_X86_64 ++static int __init setup_pax_weakuderef(char *str) ++{ ++ if (clone_pgd_mask != ~(pgdval_t)0UL) ++ pax_user_shadow_base = 1UL << TASK_SIZE_MAX_SHIFT; ++ return 1; ++} ++__setup("pax_weakuderef", setup_pax_weakuderef); ++#endif +#endif + +#ifdef CONFIG_PAX_SOFTMODE @@ -73692,7 +77415,16 @@ index 63534a1..85feae2 100644 static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; static const char *panic_later, *panic_param; -@@ -683,6 +743,7 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -655,8 +725,6 @@ static void __init do_ctors(void) + bool initcall_debug; + core_param(initcall_debug, initcall_debug, bool, 0644); + +-static char msgbuf[64]; +- + static int __init_or_module do_one_initcall_debug(initcall_t fn) + { + ktime_t calltime, delta, rettime; +@@ -679,23 +747,22 @@ int __init_or_module do_one_initcall(initcall_t fn) { int count = preempt_count(); int ret; @@ -73700,11 +77432,13 @@ index 63534a1..85feae2 100644 if (initcall_debug) ret = do_one_initcall_debug(fn); -@@ -695,15 +756,15 @@ int __init_or_module do_one_initcall(initcall_t fn) - sprintf(msgbuf, "error code %d ", ret); + else + ret = fn(); +- msgbuf[0] = 0; +- if (preempt_count() != count) { -- strlcat(msgbuf, "preemption imbalance ", sizeof(msgbuf)); +- sprintf(msgbuf, "preemption imbalance "); + msg1 = " preemption imbalance"; preempt_count() = count; } @@ -73713,14 +77447,12 @@ index 63534a1..85feae2 100644 + msg2 = " disabled interrupts"; local_irq_enable(); } -- if (msgbuf[0]) { -- printk("initcall %pF returned with %s\n", fn, msgbuf); -+ if (msgbuf[0] || *msg1 || *msg2) { -+ printk("initcall %pF returned with %s%s%s\n", fn, msgbuf, msg1, msg2); - } +- WARN(msgbuf[0], "initcall %pF returned with %s\n", fn, msgbuf); ++ WARN(*msg1 || *msg2, "initcall %pF returned with%s%s\n", fn, msg1, msg2); return ret; -@@ -757,8 +818,14 @@ static void __init do_initcall_level(int level) + } +@@ -748,8 +815,14 @@ static void __init do_initcall_level(int level) level, level, &repair_env_string); @@ -73736,7 +77468,7 @@ index 63534a1..85feae2 100644 } static void __init do_initcalls(void) -@@ -792,8 +859,14 @@ static void __init do_pre_smp_initcalls(void) +@@ -783,8 +856,14 @@ static void __init do_pre_smp_initcalls(void) { initcall_t *fn; @@ -73752,7 +77484,7 @@ index 63534a1..85feae2 100644 } /* -@@ -811,8 +884,8 @@ static int run_init_process(const char *init_filename) +@@ -802,8 +881,8 @@ static int run_init_process(const char *init_filename) { argv_init[0] = init_filename; return do_execve(init_filename, @@ -73763,16 +77495,16 @@ index 63534a1..85feae2 100644 } static noinline void __init kernel_init_freeable(void); -@@ -890,7 +963,7 @@ static noinline void __init kernel_init_freeable(void) +@@ -880,7 +959,7 @@ static noinline void __init kernel_init_freeable(void) do_basic_setup(); /* Open the /dev/console on the rootfs, this should never fail */ - if (sys_open((const char __user *) "/dev/console", O_RDWR, 0) < 0) + if (sys_open((const char __force_user *) "/dev/console", O_RDWR, 0) < 0) - printk(KERN_WARNING "Warning: unable to open an initial console.\n"); + pr_err("Warning: unable to open an initial console.\n"); (void) sys_dup(0); -@@ -903,11 +976,13 @@ static noinline void __init kernel_init_freeable(void) +@@ -893,11 +972,13 @@ static noinline void __init kernel_init_freeable(void) if (!ramdisk_execute_command) ramdisk_execute_command = "/init"; @@ -73862,10 +77594,10 @@ index e4e47f6..a85e0ad 100644 if (u->mq_bytes + mq_bytes < u->mq_bytes || u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) { diff --git a/ipc/msg.c b/ipc/msg.c -index fede1d0..9778e0f8 100644 +index d0c6d96..69a893c 100644 --- a/ipc/msg.c +++ b/ipc/msg.c -@@ -309,18 +309,19 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg) +@@ -296,18 +296,19 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg) return security_msg_queue_associate(msq, msgflg); } @@ -73891,10 +77623,10 @@ index fede1d0..9778e0f8 100644 msg_params.flg = msgflg; diff --git a/ipc/sem.c b/ipc/sem.c -index 58d31f1..cce7a55 100644 +index 70480a3..f4e8262 100644 --- a/ipc/sem.c +++ b/ipc/sem.c -@@ -364,10 +364,15 @@ static inline int sem_more_checks(struct kern_ipc_perm *ipcp, +@@ -460,10 +460,15 @@ static inline int sem_more_checks(struct kern_ipc_perm *ipcp, return 0; } @@ -73911,7 +77643,7 @@ index 58d31f1..cce7a55 100644 struct ipc_params sem_params; ns = current->nsproxy->ipc_ns; -@@ -375,10 +380,6 @@ SYSCALL_DEFINE3(semget, key_t, key, int, nsems, int, semflg) +@@ -471,10 +476,6 @@ SYSCALL_DEFINE3(semget, key_t, key, int, nsems, int, semflg) if (nsems < 0 || nsems > ns->sc_semmsl) return -EINVAL; @@ -74017,10 +77749,10 @@ index 7e199fa..180a1ca 100644 shm_unlock(shp); diff --git a/kernel/acct.c b/kernel/acct.c -index b9bd7f0..1762b4a 100644 +index 8d6e145..33e0b1e 100644 --- a/kernel/acct.c +++ b/kernel/acct.c -@@ -550,7 +550,7 @@ static void do_acct_process(struct bsd_acct_struct *acct, +@@ -556,7 +556,7 @@ static void do_acct_process(struct bsd_acct_struct *acct, */ flim = current->signal->rlim[RLIMIT_FSIZE].rlim_cur; current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY; @@ -74030,10 +77762,10 @@ index b9bd7f0..1762b4a 100644 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; set_fs(fs); diff --git a/kernel/audit.c b/kernel/audit.c -index d596e53..dbef3c3 100644 +index 91e53d0..d9e3ec4 100644 --- a/kernel/audit.c +++ b/kernel/audit.c -@@ -116,7 +116,7 @@ u32 audit_sig_sid = 0; +@@ -118,7 +118,7 @@ u32 audit_sig_sid = 0; 3) suppressed due to audit_rate_limit 4) suppressed due to audit_backlog_limit */ @@ -74042,7 +77774,7 @@ index d596e53..dbef3c3 100644 /* The netlink socket. */ static struct sock *audit_sock; -@@ -238,7 +238,7 @@ void audit_log_lost(const char *message) +@@ -240,7 +240,7 @@ void audit_log_lost(const char *message) unsigned long now; int print; @@ -74051,7 +77783,7 @@ index d596e53..dbef3c3 100644 print = (audit_failure == AUDIT_FAIL_PANIC || !audit_rate_limit); -@@ -257,7 +257,7 @@ void audit_log_lost(const char *message) +@@ -259,7 +259,7 @@ void audit_log_lost(const char *message) printk(KERN_WARNING "audit: audit_lost=%d audit_rate_limit=%d " "audit_backlog_limit=%d\n", @@ -74060,7 +77792,7 @@ index d596e53..dbef3c3 100644 audit_rate_limit, audit_backlog_limit); audit_panic(message); -@@ -681,7 +681,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) +@@ -664,7 +664,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) status_set.pid = audit_pid; status_set.rate_limit = audit_rate_limit; status_set.backlog_limit = audit_backlog_limit; @@ -74069,11 +77801,24 @@ index d596e53..dbef3c3 100644 status_set.backlog = skb_queue_len(&audit_skb_queue); audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0, &status_set, sizeof(status_set)); +diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c +index 6bd4a90..0ee9eff 100644 +--- a/kernel/auditfilter.c ++++ b/kernel/auditfilter.c +@@ -423,7 +423,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, + f->lsm_rule = NULL; + + /* Support legacy tests for a valid loginuid */ +- if ((f->type == AUDIT_LOGINUID) && (f->val == 4294967295)) { ++ if ((f->type == AUDIT_LOGINUID) && (f->val == 4294967295U)) { + f->type = AUDIT_LOGINUID_SET; + f->val = 0; + } diff --git a/kernel/auditsc.c b/kernel/auditsc.c -index c4b72b0..8654c4e 100644 +index 3c8a601..3a416f6 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c -@@ -2295,7 +2295,7 @@ int auditsc_get_stamp(struct audit_context *ctx, +@@ -1956,7 +1956,7 @@ int auditsc_get_stamp(struct audit_context *ctx, } /* global counter which is incremented every time something logs in */ @@ -74082,7 +77827,7 @@ index c4b72b0..8654c4e 100644 /** * audit_set_loginuid - set current task's audit_context loginuid -@@ -2319,7 +2319,7 @@ int audit_set_loginuid(kuid_t loginuid) +@@ -1980,7 +1980,7 @@ int audit_set_loginuid(kuid_t loginuid) return -EPERM; #endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */ @@ -74188,10 +77933,10 @@ index f6c2ce5..982c0f9 100644 + return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid); +} diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index a48de6a..df24bfe 100644 +index 2e9b387..61817b1 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c -@@ -5567,7 +5567,7 @@ static int cgroup_css_links_read(struct cgroup *cont, +@@ -5398,7 +5398,7 @@ static int cgroup_css_links_read(struct cgroup *cont, struct css_set *cg = link->cg; struct task_struct *task; int count = 0; @@ -74201,7 +77946,7 @@ index a48de6a..df24bfe 100644 if (count++ > MAX_TASKS_SHOWN_PER_CSS) { seq_puts(seq, " ...\n"); diff --git a/kernel/compat.c b/kernel/compat.c -index 19971d8..02fe2df 100644 +index 0a09e48..f44f3f0 100644 --- a/kernel/compat.c +++ b/kernel/compat.c @@ -13,6 +13,7 @@ @@ -74248,16 +77993,7 @@ index 19971d8..02fe2df 100644 set_fs(old_fs); if (!ret) { -@@ -523,7 +524,7 @@ asmlinkage long compat_sys_getrusage(int who, struct compat_rusage __user *ru) - mm_segment_t old_fs = get_fs(); - - set_fs(KERNEL_DS); -- ret = sys_getrusage(who, (struct rusage __user *) &r); -+ ret = sys_getrusage(who, (struct rusage __force_user *) &r); - set_fs(old_fs); - - if (ret) -@@ -552,8 +553,8 @@ COMPAT_SYSCALL_DEFINE4(wait4, +@@ -533,8 +534,8 @@ COMPAT_SYSCALL_DEFINE4(wait4, set_fs (KERNEL_DS); ret = sys_wait4(pid, (stat_addr ? @@ -74268,7 +78004,7 @@ index 19971d8..02fe2df 100644 set_fs (old_fs); if (ret > 0) { -@@ -579,8 +580,8 @@ COMPAT_SYSCALL_DEFINE5(waitid, +@@ -560,8 +561,8 @@ COMPAT_SYSCALL_DEFINE5(waitid, memset(&info, 0, sizeof(info)); set_fs(KERNEL_DS); @@ -74279,7 +78015,7 @@ index 19971d8..02fe2df 100644 set_fs(old_fs); if ((ret < 0) || (info.si_signo == 0)) -@@ -714,8 +715,8 @@ long compat_sys_timer_settime(timer_t timer_id, int flags, +@@ -695,8 +696,8 @@ long compat_sys_timer_settime(timer_t timer_id, int flags, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_timer_settime(timer_id, flags, @@ -74290,7 +78026,7 @@ index 19971d8..02fe2df 100644 set_fs(oldfs); if (!err && old && put_compat_itimerspec(old, &oldts)) return -EFAULT; -@@ -732,7 +733,7 @@ long compat_sys_timer_gettime(timer_t timer_id, +@@ -713,7 +714,7 @@ long compat_sys_timer_gettime(timer_t timer_id, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_timer_gettime(timer_id, @@ -74299,7 +78035,7 @@ index 19971d8..02fe2df 100644 set_fs(oldfs); if (!err && put_compat_itimerspec(setting, &ts)) return -EFAULT; -@@ -751,7 +752,7 @@ long compat_sys_clock_settime(clockid_t which_clock, +@@ -732,7 +733,7 @@ long compat_sys_clock_settime(clockid_t which_clock, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_clock_settime(which_clock, @@ -74308,7 +78044,7 @@ index 19971d8..02fe2df 100644 set_fs(oldfs); return err; } -@@ -766,7 +767,7 @@ long compat_sys_clock_gettime(clockid_t which_clock, +@@ -747,7 +748,7 @@ long compat_sys_clock_gettime(clockid_t which_clock, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_clock_gettime(which_clock, @@ -74317,7 +78053,7 @@ index 19971d8..02fe2df 100644 set_fs(oldfs); if (!err && put_compat_timespec(&ts, tp)) return -EFAULT; -@@ -786,7 +787,7 @@ long compat_sys_clock_adjtime(clockid_t which_clock, +@@ -767,7 +768,7 @@ long compat_sys_clock_adjtime(clockid_t which_clock, oldfs = get_fs(); set_fs(KERNEL_DS); @@ -74326,7 +78062,7 @@ index 19971d8..02fe2df 100644 set_fs(oldfs); err = compat_put_timex(utp, &txc); -@@ -806,7 +807,7 @@ long compat_sys_clock_getres(clockid_t which_clock, +@@ -787,7 +788,7 @@ long compat_sys_clock_getres(clockid_t which_clock, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_clock_getres(which_clock, @@ -74335,7 +78071,7 @@ index 19971d8..02fe2df 100644 set_fs(oldfs); if (!err && tp && put_compat_timespec(&ts, tp)) return -EFAULT; -@@ -818,9 +819,9 @@ static long compat_clock_nanosleep_restart(struct restart_block *restart) +@@ -799,9 +800,9 @@ static long compat_clock_nanosleep_restart(struct restart_block *restart) long err; mm_segment_t oldfs; struct timespec tu; @@ -74347,7 +78083,7 @@ index 19971d8..02fe2df 100644 oldfs = get_fs(); set_fs(KERNEL_DS); err = clock_nanosleep_restart(restart); -@@ -852,8 +853,8 @@ long compat_sys_clock_nanosleep(clockid_t which_clock, int flags, +@@ -833,8 +834,8 @@ long compat_sys_clock_nanosleep(clockid_t which_clock, int flags, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_clock_nanosleep(which_clock, flags, @@ -74359,7 +78095,7 @@ index 19971d8..02fe2df 100644 if ((err == -ERESTART_RESTARTBLOCK) && rmtp && diff --git a/kernel/configs.c b/kernel/configs.c -index 42e8fa0..9e7406b 100644 +index c18b1f1..b9a0132 100644 --- a/kernel/configs.c +++ b/kernel/configs.c @@ -74,8 +74,19 @@ static int __init ikconfig_init(void) @@ -74525,7 +78261,7 @@ index e0573a4..3874e41 100644 /** diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c -index c26278f..e323fb8 100644 +index 0506d44..2c20034 100644 --- a/kernel/debug/debug_core.c +++ b/kernel/debug/debug_core.c @@ -123,7 +123,7 @@ static DEFINE_RAW_SPINLOCK(dbg_slave_lock); @@ -74611,10 +78347,10 @@ index 00eb8f7..d7e3244 100644 #ifdef CONFIG_MODULE_UNLOAD { diff --git a/kernel/events/core.c b/kernel/events/core.c -index 9fcb094..8370228 100644 +index e76e495..cbfe63a 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c -@@ -154,8 +154,15 @@ static struct srcu_struct pmus_srcu; +@@ -156,8 +156,15 @@ static struct srcu_struct pmus_srcu; * 0 - disallow raw tracepoint access for unpriv * 1 - disallow cpu events for unpriv * 2 - disallow kernel profiling for unpriv @@ -74623,7 +78359,7 @@ index 9fcb094..8370228 100644 -int sysctl_perf_event_paranoid __read_mostly = 1; +#ifdef CONFIG_GRKERNSEC_PERF_HARDEN +int sysctl_perf_event_legitimately_concerned __read_mostly = 3; -+#elif CONFIG_GRKERNSEC_HIDESYM ++#elif defined(CONFIG_GRKERNSEC_HIDESYM) +int sysctl_perf_event_legitimately_concerned __read_mostly = 2; +#else +int sysctl_perf_event_legitimately_concerned __read_mostly = 1; @@ -74631,7 +78367,7 @@ index 9fcb094..8370228 100644 /* Minimum for 512 kiB + 1 user control page */ int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */ -@@ -182,7 +189,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write, +@@ -184,7 +191,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write, return 0; } @@ -74640,7 +78376,7 @@ index 9fcb094..8370228 100644 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, enum event_type_t event_type); -@@ -2677,7 +2684,7 @@ static void __perf_event_read(void *info) +@@ -2747,7 +2754,7 @@ static void __perf_event_read(void *info) static inline u64 perf_event_count(struct perf_event *event) { @@ -74649,7 +78385,7 @@ index 9fcb094..8370228 100644 } static u64 perf_event_read(struct perf_event *event) -@@ -3007,9 +3014,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) +@@ -3093,9 +3100,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) mutex_lock(&event->child_mutex); total += perf_event_read(event); *enabled += event->total_time_enabled + @@ -74661,7 +78397,7 @@ index 9fcb094..8370228 100644 list_for_each_entry(child, &event->child_list, child_list) { total += perf_event_read(child); -@@ -3412,10 +3419,10 @@ void perf_event_update_userpage(struct perf_event *event) +@@ -3481,10 +3488,10 @@ void perf_event_update_userpage(struct perf_event *event) userpg->offset -= local64_read(&event->hw.prev_count); userpg->time_enabled = enabled + @@ -74674,7 +78410,7 @@ index 9fcb094..8370228 100644 arch_perf_update_userpage(userpg, now); -@@ -3886,7 +3893,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size, +@@ -4034,7 +4041,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size, /* Data. */ sp = perf_user_stack_pointer(regs); @@ -74683,7 +78419,7 @@ index 9fcb094..8370228 100644 dyn_size = dump_size - rem; perf_output_skip(handle, rem); -@@ -3974,11 +3981,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, +@@ -4122,11 +4129,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, values[n++] = perf_event_count(event); if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { values[n++] = enabled + @@ -74697,7 +78433,7 @@ index 9fcb094..8370228 100644 } if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(event); -@@ -4726,12 +4733,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) +@@ -4835,12 +4842,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) * need to add enough zero bytes after the string to handle * the 64bit alignment we do later. */ @@ -74712,7 +78448,7 @@ index 9fcb094..8370228 100644 if (IS_ERR(name)) { name = strncpy(tmp, "//toolong", sizeof(tmp)); goto got_name; -@@ -6167,7 +6174,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, +@@ -6262,7 +6269,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, event->parent = parent_event; event->ns = get_pid_ns(task_active_pid_ns(current)); @@ -74721,7 +78457,7 @@ index 9fcb094..8370228 100644 event->state = PERF_EVENT_STATE_INACTIVE; -@@ -6463,6 +6470,11 @@ SYSCALL_DEFINE5(perf_event_open, +@@ -6572,6 +6579,11 @@ SYSCALL_DEFINE5(perf_event_open, if (flags & ~PERF_FLAG_ALL) return -EINVAL; @@ -74733,7 +78469,7 @@ index 9fcb094..8370228 100644 err = perf_copy_attr(attr_uptr, &attr); if (err) return err; -@@ -6795,10 +6807,10 @@ static void sync_child_event(struct perf_event *child_event, +@@ -6904,10 +6916,10 @@ static void sync_child_event(struct perf_event *child_event, /* * Add back the child's count to the parent's count: */ @@ -74748,10 +78484,10 @@ index 9fcb094..8370228 100644 /* diff --git a/kernel/events/internal.h b/kernel/events/internal.h -index eb675c4..54912ff 100644 +index ca65997..cc8cee4 100644 --- a/kernel/events/internal.h +++ b/kernel/events/internal.h -@@ -77,10 +77,10 @@ static inline unsigned long perf_data_size(struct ring_buffer *rb) +@@ -81,10 +81,10 @@ static inline unsigned long perf_data_size(struct ring_buffer *rb) return rb->nr_pages << (PAGE_SHIFT + page_order(rb)); } @@ -74764,7 +78500,7 @@ index eb675c4..54912ff 100644 { \ unsigned long size, written; \ \ -@@ -112,17 +112,17 @@ static inline int memcpy_common(void *dst, const void *src, size_t n) +@@ -116,17 +116,17 @@ static inline int memcpy_common(void *dst, const void *src, size_t n) return n; } @@ -74786,7 +78522,7 @@ index eb675c4..54912ff 100644 /* Callchain handling */ extern struct perf_callchain_entry * diff --git a/kernel/exit.c b/kernel/exit.c -index 60bc027..ca6d727 100644 +index 7bb73f9..d7978ed 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -172,6 +172,10 @@ void release_task(struct task_struct * p) @@ -74809,7 +78545,7 @@ index 60bc027..ca6d727 100644 recalc_sigpending(); spin_unlock_irq(¤t->sighand->siglock); return 0; -@@ -710,6 +714,8 @@ void do_exit(long code) +@@ -709,6 +713,8 @@ void do_exit(long code) struct task_struct *tsk = current; int group_dead; @@ -74818,7 +78554,7 @@ index 60bc027..ca6d727 100644 profile_task_exit(tsk); WARN_ON(blk_needs_flush_plug(tsk)); -@@ -726,7 +732,6 @@ void do_exit(long code) +@@ -725,7 +731,6 @@ void do_exit(long code) * mm_release()->clear_child_tid() from writing to a user-controlled * kernel address. */ @@ -74826,7 +78562,7 @@ index 60bc027..ca6d727 100644 ptrace_event(PTRACE_EVENT_EXIT, code); -@@ -785,6 +790,9 @@ void do_exit(long code) +@@ -784,6 +789,9 @@ void do_exit(long code) tsk->exit_code = code; taskstats_exit(tsk, group_dead); @@ -74846,10 +78582,10 @@ index 60bc027..ca6d727 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index 1766d32..c0e44e2 100644 +index ffbc090..08ceeee 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -318,7 +318,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) +@@ -319,7 +319,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) *stackend = STACK_END_MAGIC; /* for overflow detection */ #ifdef CONFIG_CC_STACKPROTECTOR @@ -74858,7 +78594,7 @@ index 1766d32..c0e44e2 100644 #endif /* -@@ -344,13 +344,81 @@ free_tsk: +@@ -345,13 +345,81 @@ free_tsk: } #ifdef CONFIG_MMU @@ -74942,7 +78678,7 @@ index 1766d32..c0e44e2 100644 uprobe_start_dup_mmap(); down_write(&oldmm->mmap_sem); -@@ -364,8 +432,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -365,8 +433,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) mm->locked_vm = 0; mm->mmap = NULL; mm->mmap_cache = NULL; @@ -74953,7 +78689,7 @@ index 1766d32..c0e44e2 100644 mm->map_count = 0; cpumask_clear(mm_cpumask(mm)); mm->mm_rb = RB_ROOT; -@@ -381,57 +449,15 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -382,57 +450,15 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) prev = NULL; for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) { @@ -75015,7 +78751,7 @@ index 1766d32..c0e44e2 100644 } /* -@@ -463,6 +489,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -464,6 +490,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) if (retval) goto out; } @@ -75047,7 +78783,7 @@ index 1766d32..c0e44e2 100644 /* a new mm has just been created */ arch_dup_mmap(oldmm, mm); retval = 0; -@@ -472,14 +523,6 @@ out: +@@ -473,14 +524,6 @@ out: up_write(&oldmm->mmap_sem); uprobe_end_dup_mmap(); return retval; @@ -75062,7 +78798,7 @@ index 1766d32..c0e44e2 100644 } static inline int mm_alloc_pgd(struct mm_struct *mm) -@@ -694,8 +737,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) +@@ -695,8 +738,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) return ERR_PTR(err); mm = get_task_mm(task); @@ -75073,7 +78809,7 @@ index 1766d32..c0e44e2 100644 mmput(mm); mm = ERR_PTR(-EACCES); } -@@ -917,13 +960,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) +@@ -918,13 +961,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) spin_unlock(&fs->lock); return -EAGAIN; } @@ -75095,7 +78831,7 @@ index 1766d32..c0e44e2 100644 return 0; } -@@ -1196,6 +1246,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1197,10 +1247,13 @@ static struct task_struct *copy_process(unsigned long clone_flags, DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; @@ -75104,8 +78840,14 @@ index 1766d32..c0e44e2 100644 + if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && -@@ -1441,6 +1494,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, +- if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && +- p->real_cred->user != INIT_USER) ++ if (p->real_cred->user != INIT_USER && ++ !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) + goto bad_fork_free; + } + current->flags &= ~PF_NPROC_EXCEEDED; +@@ -1446,6 +1499,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, goto bad_fork_free_pid; } @@ -75117,7 +78859,7 @@ index 1766d32..c0e44e2 100644 if (clone_flags & CLONE_THREAD) { current->signal->nr_threads++; atomic_inc(¤t->signal->live); -@@ -1524,6 +1582,8 @@ bad_fork_cleanup_count: +@@ -1529,6 +1587,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -75126,31 +78868,7 @@ index 1766d32..c0e44e2 100644 return ERR_PTR(retval); } -@@ -1574,6 +1634,23 @@ long do_fork(unsigned long clone_flags, - return -EINVAL; - } - -+#ifdef CONFIG_GRKERNSEC -+ if (clone_flags & CLONE_NEWUSER) { -+ /* -+ * This doesn't really inspire confidence: -+ * http://marc.info/?l=linux-kernel&m=135543612731939&w=2 -+ * http://marc.info/?l=linux-kernel&m=135545831607095&w=2 -+ * Increases kernel attack surface in areas developers -+ * previously cared little about ("low importance due -+ * to requiring "root" capability") -+ * To be removed when this code receives *proper* review -+ */ -+ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) || -+ !capable(CAP_SETGID)) -+ return -EPERM; -+ } -+#endif -+ - /* - * Determine whether and which event to report to ptracer. When - * called from kernel_thread or CLONE_UNTRACED is explicitly -@@ -1608,6 +1685,8 @@ long do_fork(unsigned long clone_flags, +@@ -1613,6 +1673,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -75159,7 +78877,16 @@ index 1766d32..c0e44e2 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1761,7 +1840,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1729,7 +1791,7 @@ void __init proc_caches_init(void) + mm_cachep = kmem_cache_create("mm_struct", + sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN, + SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL); +- vm_area_cachep = KMEM_CACHE(vm_area_struct, SLAB_PANIC); ++ vm_area_cachep = KMEM_CACHE(vm_area_struct, SLAB_PANIC | SLAB_NO_SANITIZE); + mmap_init(); + nsproxy_cache_init(); + } +@@ -1769,7 +1831,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -75168,7 +78895,7 @@ index 1766d32..c0e44e2 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1873,7 +1952,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1881,7 +1943,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -75179,7 +78906,7 @@ index 1766d32..c0e44e2 100644 else new_fs = fs; diff --git a/kernel/futex.c b/kernel/futex.c -index b26dcfc..39e266a 100644 +index 49dacfb..5c6b450 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -54,6 +54,7 @@ @@ -75190,7 +78917,7 @@ index b26dcfc..39e266a 100644 #include #include #include -@@ -241,6 +242,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) +@@ -242,6 +243,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) struct page *page, *page_head; int err, ro = 0; @@ -75202,7 +78929,7 @@ index b26dcfc..39e266a 100644 /* * The futex address must be "naturally" aligned. */ -@@ -2732,6 +2738,7 @@ static int __init futex_init(void) +@@ -2733,6 +2739,7 @@ static int __init futex_init(void) { u32 curval; int i; @@ -75210,7 +78937,7 @@ index b26dcfc..39e266a 100644 /* * This will fail and we want it. Some arch implementations do -@@ -2743,8 +2750,11 @@ static int __init futex_init(void) +@@ -2744,8 +2751,11 @@ static int __init futex_init(void) * implementation, the non-functional ones will return * -ENOSYS. */ @@ -75261,19 +78988,19 @@ index 9b22d03..6295b62 100644 prev->next = info->next; else diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c -index 7ef5556..8247f11 100644 +index 2288fbd..0f3941f 100644 --- a/kernel/hrtimer.c +++ b/kernel/hrtimer.c -@@ -1416,7 +1416,7 @@ void hrtimer_peek_ahead_timers(void) +@@ -1435,7 +1435,7 @@ void hrtimer_peek_ahead_timers(void) local_irq_restore(flags); } -static void run_hrtimer_softirq(struct softirq_action *h) +static void run_hrtimer_softirq(void) { - struct hrtimer_cpu_base *cpu_base = &__get_cpu_var(hrtimer_bases); - -@@ -1758,7 +1758,7 @@ static int __cpuinit hrtimer_cpu_notify(struct notifier_block *self, + hrtimer_peek_ahead_timers(); + } +@@ -1770,7 +1770,7 @@ static int __cpuinit hrtimer_cpu_notify(struct notifier_block *self, return NOTIFY_OK; } @@ -75339,7 +79066,7 @@ index 60f48fa..7f3a770 100644 static int diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c -index 2169fee..706ccca 100644 +index 3127ad5..159d880 100644 --- a/kernel/kallsyms.c +++ b/kernel/kallsyms.c @@ -11,6 +11,9 @@ @@ -75415,7 +79142,7 @@ index 2169fee..706ccca 100644 if (all_var) return is_kernel(addr); -@@ -470,7 +509,6 @@ static unsigned long get_ksymbol_core(struct kallsym_iter *iter) +@@ -480,7 +519,6 @@ static unsigned long get_ksymbol_core(struct kallsym_iter *iter) static void reset_iter(struct kallsym_iter *iter, loff_t new_pos) { @@ -75423,7 +79150,7 @@ index 2169fee..706ccca 100644 iter->nameoff = get_symbol_offset(new_pos); iter->pos = new_pos; } -@@ -518,6 +556,11 @@ static int s_show(struct seq_file *m, void *p) +@@ -528,6 +566,11 @@ static int s_show(struct seq_file *m, void *p) { struct kallsym_iter *iter = m->private; @@ -75435,7 +79162,7 @@ index 2169fee..706ccca 100644 /* Some debugging symbols have no name. Ignore them. */ if (!iter->name[0]) return 0; -@@ -531,6 +574,7 @@ static int s_show(struct seq_file *m, void *p) +@@ -541,6 +584,7 @@ static int s_show(struct seq_file *m, void *p) */ type = iter->exported ? toupper(iter->type) : tolower(iter->type); @@ -75443,7 +79170,7 @@ index 2169fee..706ccca 100644 seq_printf(m, "%pK %c %s\t[%s]\n", (void *)iter->value, type, iter->name, iter->module_name); } else -@@ -556,7 +600,7 @@ static int kallsyms_open(struct inode *inode, struct file *file) +@@ -566,7 +610,7 @@ static int kallsyms_open(struct inode *inode, struct file *file) struct kallsym_iter *iter; int ret; @@ -75468,10 +79195,10 @@ index e30ac0f..3528cac 100644 /* diff --git a/kernel/kexec.c b/kernel/kexec.c -index ffd4e11..c3ff6bf 100644 +index 59f7b55..4022f65 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c -@@ -1048,7 +1048,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry, +@@ -1041,7 +1041,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry, unsigned long flags) { struct compat_kexec_segment in; @@ -75482,7 +79209,7 @@ index ffd4e11..c3ff6bf 100644 /* Don't allow clients that don't understand the native diff --git a/kernel/kmod.c b/kernel/kmod.c -index 8985c87..f539dbe 100644 +index 8241906..d625f2c 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c @@ -75,7 +75,7 @@ static void free_modprobe_argv(struct subprocess_info *info) @@ -75492,9 +79219,9 @@ index 8985c87..f539dbe 100644 -static int call_modprobe(char *module_name, int wait) +static int call_modprobe(char *module_name, char *module_param, int wait) { + struct subprocess_info *info; static char *envp[] = { - "HOME=/", -@@ -84,7 +84,7 @@ static int call_modprobe(char *module_name, int wait) +@@ -85,7 +85,7 @@ static int call_modprobe(char *module_name, int wait) NULL }; @@ -75503,7 +79230,7 @@ index 8985c87..f539dbe 100644 if (!argv) goto out; -@@ -96,7 +96,8 @@ static int call_modprobe(char *module_name, int wait) +@@ -97,7 +97,8 @@ static int call_modprobe(char *module_name, int wait) argv[1] = "-q"; argv[2] = "--"; argv[3] = module_name; /* check free_modprobe_argv() */ @@ -75511,9 +79238,9 @@ index 8985c87..f539dbe 100644 + argv[4] = module_param; + argv[5] = NULL; - return call_usermodehelper_fns(modprobe_path, argv, envp, - wait | UMH_KILLABLE, NULL, free_modprobe_argv, NULL); -@@ -121,9 +122,8 @@ out: + info = call_usermodehelper_setup(modprobe_path, argv, envp, GFP_KERNEL, + NULL, free_modprobe_argv, NULL); +@@ -129,9 +130,8 @@ out: * If module auto-loading support is disabled then this function * becomes a no-operation. */ @@ -75524,7 +79251,7 @@ index 8985c87..f539dbe 100644 char module_name[MODULE_NAME_LEN]; unsigned int max_modprobes; int ret; -@@ -139,9 +139,7 @@ int __request_module(bool wait, const char *fmt, ...) +@@ -147,9 +147,7 @@ int __request_module(bool wait, const char *fmt, ...) */ WARN_ON_ONCE(wait && current_is_async()); @@ -75535,7 +79262,7 @@ index 8985c87..f539dbe 100644 if (ret >= MODULE_NAME_LEN) return -ENAMETOOLONG; -@@ -149,6 +147,20 @@ int __request_module(bool wait, const char *fmt, ...) +@@ -157,6 +155,20 @@ int __request_module(bool wait, const char *fmt, ...) if (ret) return ret; @@ -75556,7 +79283,7 @@ index 8985c87..f539dbe 100644 /* If modprobe needs a service that is in a module, we get a recursive * loop. Limit the number of running kmod threads to max_threads/2 or * MAX_KMOD_CONCURRENT, whichever is the smaller. A cleaner method -@@ -177,11 +189,52 @@ int __request_module(bool wait, const char *fmt, ...) +@@ -185,11 +197,52 @@ int __request_module(bool wait, const char *fmt, ...) trace_module_request(module_name, wait, _RET_IP_); @@ -75610,7 +79337,7 @@ index 8985c87..f539dbe 100644 EXPORT_SYMBOL(__request_module); #endif /* CONFIG_MODULES */ -@@ -292,7 +345,7 @@ static int wait_for_helper(void *data) +@@ -300,7 +353,7 @@ static int wait_for_helper(void *data) * * Thus the __user pointer cast is valid here. */ @@ -75619,7 +79346,7 @@ index 8985c87..f539dbe 100644 /* * If ret is 0, either ____call_usermodehelper failed and the -@@ -649,7 +702,7 @@ EXPORT_SYMBOL(call_usermodehelper_fns); +@@ -651,7 +704,7 @@ EXPORT_SYMBOL(call_usermodehelper); static int proc_cap_handler(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -75629,10 +79356,20 @@ index 8985c87..f539dbe 100644 kernel_cap_t new_cap; int err, i; diff --git a/kernel/kprobes.c b/kernel/kprobes.c -index 3fed7f0..a3f95ed 100644 +index bddf3b2..233bf40 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c -@@ -185,7 +185,7 @@ static kprobe_opcode_t __kprobes *__get_insn_slot(struct kprobe_insn_cache *c) +@@ -31,6 +31,9 @@ + * and Prasanna S Panchamukhi + * added function-return probes. + */ ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++#define __INCLUDED_BY_HIDESYM 1 ++#endif + #include + #include + #include +@@ -185,7 +188,7 @@ static kprobe_opcode_t __kprobes *__get_insn_slot(struct kprobe_insn_cache *c) * kernel image and loaded module images reside. This is required * so x86_64 can correctly handle the %rip-relative fixups. */ @@ -75641,7 +79378,7 @@ index 3fed7f0..a3f95ed 100644 if (!kip->insns) { kfree(kip); return NULL; -@@ -225,7 +225,7 @@ static int __kprobes collect_one_slot(struct kprobe_insn_page *kip, int idx) +@@ -225,7 +228,7 @@ static int __kprobes collect_one_slot(struct kprobe_insn_page *kip, int idx) */ if (!list_is_singular(&kip->list)) { list_del(&kip->list); @@ -75650,7 +79387,7 @@ index 3fed7f0..a3f95ed 100644 kfree(kip); } return 1; -@@ -2073,7 +2073,7 @@ static int __init init_kprobes(void) +@@ -2083,7 +2086,7 @@ static int __init init_kprobes(void) { int i, err = 0; unsigned long offset = 0, size = 0; @@ -75659,7 +79396,7 @@ index 3fed7f0..a3f95ed 100644 const char *symbol_name; void *addr; struct kprobe_blackpoint *kb; -@@ -2158,11 +2158,11 @@ static void __kprobes report_probe(struct seq_file *pi, struct kprobe *p, +@@ -2168,11 +2171,11 @@ static void __kprobes report_probe(struct seq_file *pi, struct kprobe *p, kprobe_type = "k"; if (sym) @@ -75673,7 +79410,7 @@ index 3fed7f0..a3f95ed 100644 p->addr, kprobe_type, p->addr); if (!pp) -@@ -2199,7 +2199,7 @@ static int __kprobes show_kprobe_addr(struct seq_file *pi, void *v) +@@ -2209,7 +2212,7 @@ static int __kprobes show_kprobe_addr(struct seq_file *pi, void *v) const char *sym = NULL; unsigned int i = *(loff_t *) v; unsigned long offset = 0; @@ -75705,10 +79442,10 @@ index 6ada93c..dce7d5d 100644 .name = "notes", .mode = S_IRUGO, diff --git a/kernel/lockdep.c b/kernel/lockdep.c -index 8a0efac..56f1e2d 100644 +index 1f3186b..bb7dbc6 100644 --- a/kernel/lockdep.c +++ b/kernel/lockdep.c -@@ -590,6 +590,10 @@ static int static_obj(void *obj) +@@ -596,6 +596,10 @@ static int static_obj(void *obj) end = (unsigned long) &_end, addr = (unsigned long) obj; @@ -75719,7 +79456,7 @@ index 8a0efac..56f1e2d 100644 /* * static variable? */ -@@ -730,6 +734,7 @@ register_lock_class(struct lockdep_map *lock, unsigned int subclass, int force) +@@ -736,6 +740,7 @@ register_lock_class(struct lockdep_map *lock, unsigned int subclass, int force) if (!static_obj(lock->key)) { debug_locks_off(); printk("INFO: trying to register non-static key.\n"); @@ -75727,7 +79464,7 @@ index 8a0efac..56f1e2d 100644 printk("the code is fine but needs lockdep annotation.\n"); printk("turning off the locking correctness validator.\n"); dump_stack(); -@@ -3078,7 +3083,7 @@ static int __lock_acquire(struct lockdep_map *lock, unsigned int subclass, +@@ -3080,7 +3085,7 @@ static int __lock_acquire(struct lockdep_map *lock, unsigned int subclass, if (!class) return 0; } @@ -75786,7 +79523,7 @@ index b2c71c5..7b88d63 100644 seq_printf(m, "%40s %14lu %29s %pS\n", name, stats->contending_point[i], diff --git a/kernel/module.c b/kernel/module.c -index 97f202c..109575f 100644 +index fa53db8..6f17200 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -61,6 +61,7 @@ @@ -75852,7 +79589,7 @@ index 97f202c..109575f 100644 } static struct module_attribute modinfo_initsize = -@@ -1312,7 +1314,7 @@ resolve_symbol_wait(struct module *mod, +@@ -1313,7 +1315,7 @@ resolve_symbol_wait(struct module *mod, */ #ifdef CONFIG_SYSFS @@ -75861,7 +79598,7 @@ index 97f202c..109575f 100644 static inline bool sect_empty(const Elf_Shdr *sect) { return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0; -@@ -1452,7 +1454,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info) +@@ -1453,7 +1455,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info) { unsigned int notes, loaded, i; struct module_notes_attrs *notes_attrs; @@ -75870,7 +79607,7 @@ index 97f202c..109575f 100644 /* failed to create section attributes, so can't create notes */ if (!mod->sect_attrs) -@@ -1564,7 +1566,7 @@ static void del_usage_links(struct module *mod) +@@ -1565,7 +1567,7 @@ static void del_usage_links(struct module *mod) static int module_add_modinfo_attrs(struct module *mod) { struct module_attribute *attr; @@ -75879,7 +79616,7 @@ index 97f202c..109575f 100644 int error = 0; int i; -@@ -1778,21 +1780,21 @@ static void set_section_ro_nx(void *base, +@@ -1779,21 +1781,21 @@ static void set_section_ro_nx(void *base, static void unset_module_core_ro_nx(struct module *mod) { @@ -75909,7 +79646,7 @@ index 97f202c..109575f 100644 set_memory_rw); } -@@ -1805,14 +1807,14 @@ void set_all_modules_text_rw(void) +@@ -1806,14 +1808,14 @@ void set_all_modules_text_rw(void) list_for_each_entry_rcu(mod, &modules, list) { if (mod->state == MODULE_STATE_UNFORMED) continue; @@ -75930,7 +79667,7 @@ index 97f202c..109575f 100644 set_memory_rw); } } -@@ -1828,14 +1830,14 @@ void set_all_modules_text_ro(void) +@@ -1829,14 +1831,14 @@ void set_all_modules_text_ro(void) list_for_each_entry_rcu(mod, &modules, list) { if (mod->state == MODULE_STATE_UNFORMED) continue; @@ -75951,7 +79688,7 @@ index 97f202c..109575f 100644 set_memory_ro); } } -@@ -1886,16 +1888,19 @@ static void free_module(struct module *mod) +@@ -1887,16 +1889,19 @@ static void free_module(struct module *mod) /* This may be NULL, but that's OK */ unset_module_init_ro_nx(mod); @@ -75974,7 +79711,7 @@ index 97f202c..109575f 100644 #ifdef CONFIG_MPU update_protections(current->mm); -@@ -1965,9 +1970,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1966,9 +1971,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) int ret = 0; const struct kernel_symbol *ksym; @@ -76006,7 +79743,7 @@ index 97f202c..109575f 100644 switch (sym[i].st_shndx) { case SHN_COMMON: /* We compiled with -fno-common. These are not -@@ -1988,7 +2015,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1989,7 +2016,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) ksym = resolve_symbol_wait(mod, info, name); /* Ok if resolved. */ if (ksym && !IS_ERR(ksym)) { @@ -76016,7 +79753,7 @@ index 97f202c..109575f 100644 break; } -@@ -2007,11 +2036,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -2008,11 +2037,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) secbase = (unsigned long)mod_percpu(mod); else secbase = info->sechdrs[sym[i].st_shndx].sh_addr; @@ -76037,7 +79774,7 @@ index 97f202c..109575f 100644 return ret; } -@@ -2095,22 +2133,12 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2096,22 +2134,12 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || strstarts(sname, ".init")) continue; @@ -76064,7 +79801,7 @@ index 97f202c..109575f 100644 } pr_debug("Init section allocation order:\n"); -@@ -2124,23 +2152,13 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2125,23 +2153,13 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || !strstarts(sname, ".init")) continue; @@ -76093,7 +79830,7 @@ index 97f202c..109575f 100644 } } -@@ -2313,7 +2331,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2314,7 +2332,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) /* Put symbol section at end of init part of module. */ symsect->sh_flags |= SHF_ALLOC; @@ -76102,7 +79839,7 @@ index 97f202c..109575f 100644 info->index.sym) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + symsect->sh_name); -@@ -2330,13 +2348,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2331,13 +2349,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) } /* Append room for core symbols at end of core part. */ @@ -76120,7 +79857,7 @@ index 97f202c..109575f 100644 info->index.str) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + strsect->sh_name); } -@@ -2354,12 +2372,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2355,12 +2373,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) /* Make sure we get permanent strtab: don't use info->strtab. */ mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr; @@ -76137,7 +79874,7 @@ index 97f202c..109575f 100644 src = mod->symtab; for (ndst = i = 0; i < mod->num_symtab; i++) { if (i == 0 || -@@ -2371,6 +2391,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2372,6 +2392,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) } } mod->core_num_syms = ndst; @@ -76146,7 +79883,7 @@ index 97f202c..109575f 100644 } #else static inline void layout_symtab(struct module *mod, struct load_info *info) -@@ -2404,17 +2426,33 @@ void * __weak module_alloc(unsigned long size) +@@ -2405,17 +2427,33 @@ void * __weak module_alloc(unsigned long size) return vmalloc_exec(size); } @@ -76185,7 +79922,7 @@ index 97f202c..109575f 100644 mutex_unlock(&module_mutex); } return ret; -@@ -2690,8 +2728,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) +@@ -2691,8 +2729,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) static int check_modinfo(struct module *mod, struct load_info *info, int flags) { const char *modmagic = get_modinfo(info, "vermagic"); @@ -76200,7 +79937,7 @@ index 97f202c..109575f 100644 if (flags & MODULE_INIT_IGNORE_VERMAGIC) modmagic = NULL; -@@ -2717,7 +2761,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) +@@ -2718,7 +2762,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) } /* Set up license info based on the info section */ @@ -76209,7 +79946,7 @@ index 97f202c..109575f 100644 return 0; } -@@ -2811,7 +2855,7 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2799,7 +2843,7 @@ static int move_module(struct module *mod, struct load_info *info) void *ptr; /* Do the allocs. */ @@ -76218,7 +79955,7 @@ index 97f202c..109575f 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. Just mark it as not being a -@@ -2821,11 +2865,11 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2809,11 +2853,11 @@ static int move_module(struct module *mod, struct load_info *info) if (!ptr) return -ENOMEM; @@ -76234,7 +79971,7 @@ index 97f202c..109575f 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. This block doesn't need to be -@@ -2834,13 +2878,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2822,13 +2866,45 @@ static int move_module(struct module *mod, struct load_info *info) */ kmemleak_ignore(ptr); if (!ptr) { @@ -76284,7 +80021,7 @@ index 97f202c..109575f 100644 /* Transfer each section which specifies SHF_ALLOC */ pr_debug("final section addresses:\n"); -@@ -2851,16 +2927,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2839,16 +2915,45 @@ static int move_module(struct module *mod, struct load_info *info) if (!(shdr->sh_flags & SHF_ALLOC)) continue; @@ -76337,7 +80074,7 @@ index 97f202c..109575f 100644 pr_debug("\t0x%lx %s\n", (long)shdr->sh_addr, info->secstrings + shdr->sh_name); } -@@ -2917,12 +3022,12 @@ static void flush_module_icache(const struct module *mod) +@@ -2905,12 +3010,12 @@ static void flush_module_icache(const struct module *mod) * Do it before processing of module parameters, so the module * can provide parameter accessor functions of its own. */ @@ -76356,7 +80093,7 @@ index 97f202c..109575f 100644 set_fs(old_fs); } -@@ -2992,8 +3097,10 @@ out: +@@ -2977,8 +3082,10 @@ static int alloc_module_percpu(struct module *mod, struct load_info *info) static void module_deallocate(struct module *mod, struct load_info *info) { percpu_modfree(mod); @@ -76369,7 +80106,7 @@ index 97f202c..109575f 100644 } int __weak module_finalize(const Elf_Ehdr *hdr, -@@ -3006,7 +3113,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, +@@ -2991,7 +3098,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, static int post_relocation(struct module *mod, const struct load_info *info) { /* Sort exception table now relocations are done. */ @@ -76379,7 +80116,7 @@ index 97f202c..109575f 100644 /* Copy relocated percpu area over. */ percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr, -@@ -3060,16 +3169,16 @@ static int do_init_module(struct module *mod) +@@ -3045,16 +3154,16 @@ static int do_init_module(struct module *mod) MODULE_STATE_COMING, mod); /* Set RO and NX regions for core */ @@ -76404,7 +80141,7 @@ index 97f202c..109575f 100644 do_mod_ctors(mod); /* Start the module */ -@@ -3131,11 +3240,12 @@ static int do_init_module(struct module *mod) +@@ -3116,11 +3225,12 @@ static int do_init_module(struct module *mod) mod->strtab = mod->core_strtab; #endif unset_module_init_ro_nx(mod); @@ -76422,7 +80159,7 @@ index 97f202c..109575f 100644 mutex_unlock(&module_mutex); wake_up_all(&module_wq); -@@ -3262,9 +3372,38 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3252,9 +3362,38 @@ static int load_module(struct load_info *info, const char __user *uargs, if (err) goto free_unload; @@ -76461,7 +80198,7 @@ index 97f202c..109575f 100644 /* Fix up syms, so that st_value is a pointer to location. */ err = simplify_symbols(mod, info); if (err < 0) -@@ -3280,13 +3419,6 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3270,13 +3409,6 @@ static int load_module(struct load_info *info, const char __user *uargs, flush_module_icache(mod); @@ -76475,7 +80212,7 @@ index 97f202c..109575f 100644 dynamic_debug_setup(info->debug, info->num_debug); /* Finally it's fully formed, ready to start executing. */ -@@ -3321,11 +3453,10 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3311,11 +3443,10 @@ static int load_module(struct load_info *info, const char __user *uargs, ddebug_cleanup: dynamic_debug_remove(info->debug); synchronize_sched(); @@ -76488,7 +80225,7 @@ index 97f202c..109575f 100644 free_unload: module_unload_free(mod); unlink_mod: -@@ -3408,10 +3539,16 @@ static const char *get_ksymbol(struct module *mod, +@@ -3398,10 +3529,16 @@ static const char *get_ksymbol(struct module *mod, unsigned long nextval; /* At worse, next value is at end of module */ @@ -76508,7 +80245,7 @@ index 97f202c..109575f 100644 /* Scan for closest preceding symbol, and next symbol. (ELF starts real symbols at 1). */ -@@ -3664,7 +3801,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3654,7 +3791,7 @@ static int m_show(struct seq_file *m, void *p) return 0; seq_printf(m, "%s %u", @@ -76517,7 +80254,7 @@ index 97f202c..109575f 100644 print_unload_info(m, mod); /* Informative for users. */ -@@ -3673,7 +3810,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3663,7 +3800,7 @@ static int m_show(struct seq_file *m, void *p) mod->state == MODULE_STATE_COMING ? "Loading": "Live"); /* Used by oprofile and other similar tools. */ @@ -76526,7 +80263,7 @@ index 97f202c..109575f 100644 /* Taints info */ if (mod->taints) -@@ -3709,7 +3846,17 @@ static const struct file_operations proc_modules_operations = { +@@ -3699,7 +3836,17 @@ static const struct file_operations proc_modules_operations = { static int __init proc_modules_init(void) { @@ -76544,7 +80281,7 @@ index 97f202c..109575f 100644 return 0; } module_init(proc_modules_init); -@@ -3770,14 +3917,14 @@ struct module *__module_address(unsigned long addr) +@@ -3760,14 +3907,14 @@ struct module *__module_address(unsigned long addr) { struct module *mod; @@ -76562,7 +80299,7 @@ index 97f202c..109575f 100644 return mod; } return NULL; -@@ -3812,11 +3959,20 @@ bool is_module_text_address(unsigned long addr) +@@ -3802,11 +3949,20 @@ bool is_module_text_address(unsigned long addr) */ struct module *__module_text_address(unsigned long addr) { @@ -76635,10 +80372,28 @@ index 0799fd3..d06ae3b 100644 extern void debug_mutex_init(struct mutex *lock, const char *name, struct lock_class_key *key); diff --git a/kernel/mutex.c b/kernel/mutex.c -index 52f2301..73f7528 100644 +index ad53a66..f1bf8bc 100644 --- a/kernel/mutex.c +++ b/kernel/mutex.c -@@ -199,7 +199,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass, +@@ -134,7 +134,7 @@ void mspin_lock(struct mspin_node **lock, struct mspin_node *node) + node->locked = 1; + return; + } +- ACCESS_ONCE(prev->next) = node; ++ ACCESS_ONCE_RW(prev->next) = node; + smp_wmb(); + /* Wait until the lock holder passes the lock down */ + while (!ACCESS_ONCE(node->locked)) +@@ -155,7 +155,7 @@ static void mspin_unlock(struct mspin_node **lock, struct mspin_node *node) + while (!(next = ACCESS_ONCE(node->next))) + arch_mutex_cpu_relax(); + } +- ACCESS_ONCE(next->locked) = 1; ++ ACCESS_ONCE_RW(next->locked) = 1; + smp_wmb(); + } + +@@ -341,7 +341,7 @@ slowpath: spin_lock_mutex(&lock->wait_lock, flags); debug_mutex_lock_common(lock, &waiter); @@ -76647,7 +80402,7 @@ index 52f2301..73f7528 100644 /* add waiting tasks to the end of the waitqueue (FIFO): */ list_add_tail(&waiter.list, &lock->wait_list); -@@ -228,8 +228,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass, +@@ -371,8 +371,7 @@ slowpath: * TASK_UNINTERRUPTIBLE case.) */ if (unlikely(signal_pending_state(state, task))) { @@ -76657,7 +80412,7 @@ index 52f2301..73f7528 100644 mutex_release(&lock->dep_map, 1, ip); spin_unlock_mutex(&lock->wait_lock, flags); -@@ -248,7 +247,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass, +@@ -391,7 +390,7 @@ slowpath: done: lock_acquired(&lock->dep_map, ip); /* got the lock - rejoice! */ @@ -76723,19 +80478,19 @@ index 2d5cc4c..d9ea600 100644 return -ENOENT; } diff --git a/kernel/panic.c b/kernel/panic.c -index 7c57cc9..28f1b3f 100644 +index 167ec09..0dda5f9 100644 --- a/kernel/panic.c +++ b/kernel/panic.c -@@ -403,7 +403,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller, - const char *board; - +@@ -400,7 +400,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller, + unsigned taint, struct slowpath_args *args) + { printk(KERN_WARNING "------------[ cut here ]------------\n"); - printk(KERN_WARNING "WARNING: at %s:%d %pS()\n", file, line, caller); + printk(KERN_WARNING "WARNING: at %s:%d %pA()\n", file, line, caller); - board = dmi_get_system_info(DMI_PRODUCT_NAME); - if (board) - printk(KERN_WARNING "Hardware name: %s\n", board); -@@ -459,7 +459,8 @@ EXPORT_SYMBOL(warn_slowpath_null); + + if (args) + vprintk(args->fmt, args->args); +@@ -453,7 +453,8 @@ EXPORT_SYMBOL(warn_slowpath_null); */ void __stack_chk_fail(void) { @@ -76746,7 +80501,7 @@ index 7c57cc9..28f1b3f 100644 } EXPORT_SYMBOL(__stack_chk_fail); diff --git a/kernel/pid.c b/kernel/pid.c -index 047dc62..418d74b 100644 +index 0db3e79..95b9dc2 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -33,6 +33,7 @@ @@ -76757,7 +80512,7 @@ index 047dc62..418d74b 100644 #include #include #include -@@ -46,7 +47,7 @@ struct pid init_struct_pid = INIT_STRUCT_PID; +@@ -47,7 +48,7 @@ struct pid init_struct_pid = INIT_STRUCT_PID; int pid_max = PID_MAX_DEFAULT; @@ -76766,7 +80521,7 @@ index 047dc62..418d74b 100644 int pid_max_min = RESERVED_PIDS + 1; int pid_max_max = PID_MAX_LIMIT; -@@ -440,10 +441,18 @@ EXPORT_SYMBOL(pid_task); +@@ -442,10 +443,18 @@ EXPORT_SYMBOL(pid_task); */ struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns) { @@ -76786,7 +80541,7 @@ index 047dc62..418d74b 100644 } struct task_struct *find_task_by_vpid(pid_t vnr) -@@ -451,6 +460,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr) +@@ -453,6 +462,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr) return find_task_by_pid_ns(vnr, task_active_pid_ns(current)); } @@ -76802,10 +80557,10 @@ index 047dc62..418d74b 100644 { struct pid *pid; diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c -index bea15bd..789f3d0 100644 +index 6917e8e..9909aeb 100644 --- a/kernel/pid_namespace.c +++ b/kernel/pid_namespace.c -@@ -249,7 +249,7 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int write, +@@ -247,7 +247,7 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { struct pid_namespace *pid_ns = task_active_pid_ns(current); @@ -76815,10 +80570,10 @@ index bea15bd..789f3d0 100644 if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN)) return -EPERM; diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c -index 8fd709c..542bf4b 100644 +index 42670e9..8719c2f 100644 --- a/kernel/posix-cpu-timers.c +++ b/kernel/posix-cpu-timers.c -@@ -1592,14 +1592,14 @@ struct k_clock clock_posix_cpu = { +@@ -1636,14 +1636,14 @@ struct k_clock clock_posix_cpu = { static __init int init_posix_cpu_timers(void) { @@ -76836,18 +80591,18 @@ index 8fd709c..542bf4b 100644 .clock_get = thread_cpu_clock_get, .timer_create = thread_cpu_timer_create, diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c -index 6edbb2c..334f085 100644 +index 424c2d4..679242f 100644 --- a/kernel/posix-timers.c +++ b/kernel/posix-timers.c @@ -43,6 +43,7 @@ - #include + #include #include #include +#include #include #include #include -@@ -129,7 +130,7 @@ static DEFINE_SPINLOCK(idr_lock); +@@ -122,7 +123,7 @@ static DEFINE_SPINLOCK(hash_lock); * which we beg off on and pass to do_sys_settimeofday(). */ @@ -76856,7 +80611,7 @@ index 6edbb2c..334f085 100644 /* * These ones are defined below. -@@ -227,7 +228,7 @@ static int posix_get_boottime(const clockid_t which_clock, struct timespec *tp) +@@ -275,7 +276,7 @@ static int posix_get_tai(clockid_t which_clock, struct timespec *tp) */ static __init int init_posix_timers(void) { @@ -76865,7 +80620,7 @@ index 6edbb2c..334f085 100644 .clock_getres = hrtimer_get_res, .clock_get = posix_clock_realtime_get, .clock_set = posix_clock_realtime_set, -@@ -239,7 +240,7 @@ static __init int init_posix_timers(void) +@@ -287,7 +288,7 @@ static __init int init_posix_timers(void) .timer_get = common_timer_get, .timer_del = common_timer_del, }; @@ -76874,7 +80629,7 @@ index 6edbb2c..334f085 100644 .clock_getres = hrtimer_get_res, .clock_get = posix_ktime_get_ts, .nsleep = common_nsleep, -@@ -249,19 +250,19 @@ static __init int init_posix_timers(void) +@@ -297,19 +298,19 @@ static __init int init_posix_timers(void) .timer_get = common_timer_get, .timer_del = common_timer_del, }; @@ -76893,12 +80648,21 @@ index 6edbb2c..334f085 100644 .clock_getres = posix_get_coarse_res, .clock_get = posix_get_monotonic_coarse, }; +- struct k_clock clock_tai = { ++ static struct k_clock clock_tai = { + .clock_getres = hrtimer_get_res, + .clock_get = posix_get_tai, + .nsleep = common_nsleep, +@@ -319,7 +320,7 @@ static __init int init_posix_timers(void) + .timer_get = common_timer_get, + .timer_del = common_timer_del, + }; - struct k_clock clock_boottime = { + static struct k_clock clock_boottime = { .clock_getres = hrtimer_get_res, .clock_get = posix_get_boottime, .nsleep = common_nsleep, -@@ -473,7 +474,7 @@ void posix_timers_register_clock(const clockid_t clock_id, +@@ -531,7 +532,7 @@ void posix_timers_register_clock(const clockid_t clock_id, return; } @@ -76907,7 +80671,7 @@ index 6edbb2c..334f085 100644 } EXPORT_SYMBOL_GPL(posix_timers_register_clock); -@@ -519,9 +520,9 @@ static struct k_clock *clockid_to_kclock(const clockid_t id) +@@ -577,9 +578,9 @@ static struct k_clock *clockid_to_kclock(const clockid_t id) return (id & CLOCKFD_MASK) == CLOCKFD ? &clock_posix_dynamic : &clock_posix_cpu; @@ -76919,7 +80683,16 @@ index 6edbb2c..334f085 100644 } static int common_timer_create(struct k_itimer *new_timer) -@@ -964,6 +965,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock, +@@ -597,7 +598,7 @@ SYSCALL_DEFINE3(timer_create, const clockid_t, which_clock, + struct k_clock *kc = clockid_to_kclock(which_clock); + struct k_itimer *new_timer; + int error, new_timer_id; +- sigevent_t event; ++ sigevent_t event = { }; + int it_id_set = IT_ID_NOT_SET; + + if (!kc) +@@ -1011,6 +1012,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock, if (copy_from_user(&new_tp, tp, sizeof (*tp))) return -EFAULT; @@ -76977,37 +80750,10 @@ index 98088e0..aaf95c0 100644 if (pm_wakeup_pending()) { diff --git a/kernel/printk.c b/kernel/printk.c -index abbdd9e..f294251 100644 +index d37d45c..ab918b3 100644 --- a/kernel/printk.c +++ b/kernel/printk.c -@@ -615,11 +615,17 @@ static unsigned int devkmsg_poll(struct file *file, poll_table *wait) - return ret; - } - -+static int check_syslog_permissions(int type, bool from_file); -+ - static int devkmsg_open(struct inode *inode, struct file *file) - { - struct devkmsg_user *user; - int err; - -+ err = check_syslog_permissions(SYSLOG_ACTION_OPEN, SYSLOG_FROM_FILE); -+ if (err) -+ return err; -+ - /* write-only does not need any file context */ - if ((file->f_flags & O_ACCMODE) == O_WRONLY) - return 0; -@@ -828,7 +834,7 @@ static int syslog_action_restricted(int type) - if (dmesg_restrict) - return 1; - /* Unless restricted, we allow "read all" and "get buffer size" for everybody */ -- return type != SYSLOG_ACTION_READ_ALL && type != SYSLOG_ACTION_SIZE_BUFFER; -+ return type != SYSLOG_ACTION_OPEN && type != SYSLOG_ACTION_READ_ALL && type != SYSLOG_ACTION_SIZE_BUFFER; - } - - static int check_syslog_permissions(int type, bool from_file) -@@ -840,6 +846,11 @@ static int check_syslog_permissions(int type, bool from_file) +@@ -390,6 +390,11 @@ static int check_syslog_permissions(int type, bool from_file) if (from_file && type != SYSLOG_ACTION_OPEN) return 0; @@ -77020,7 +80766,7 @@ index abbdd9e..f294251 100644 if (capable(CAP_SYSLOG)) return 0; diff --git a/kernel/profile.c b/kernel/profile.c -index dc3384e..0de5b49 100644 +index 0bf4007..6234708 100644 --- a/kernel/profile.c +++ b/kernel/profile.c @@ -37,7 +37,7 @@ struct profile_hit { @@ -77081,10 +80827,10 @@ index dc3384e..0de5b49 100644 } diff --git a/kernel/ptrace.c b/kernel/ptrace.c -index acbd284..00bb0c9 100644 +index 335a7ae..3bbbceb 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c -@@ -324,7 +324,7 @@ static int ptrace_attach(struct task_struct *task, long request, +@@ -326,7 +326,7 @@ static int ptrace_attach(struct task_struct *task, long request, if (seize) flags |= PT_SEIZED; rcu_read_lock(); @@ -77093,7 +80839,7 @@ index acbd284..00bb0c9 100644 flags |= PT_PTRACE_CAP; rcu_read_unlock(); task->ptrace = flags; -@@ -535,7 +535,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst +@@ -537,7 +537,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst break; return -EIO; } @@ -77102,7 +80848,7 @@ index acbd284..00bb0c9 100644 return -EFAULT; copied += retval; src += retval; -@@ -726,7 +726,7 @@ int ptrace_request(struct task_struct *child, long request, +@@ -805,7 +805,7 @@ int ptrace_request(struct task_struct *child, long request, bool seized = child->ptrace & PT_SEIZED; int ret = -EIO; siginfo_t siginfo, *si; @@ -77111,7 +80857,7 @@ index acbd284..00bb0c9 100644 unsigned long __user *datalp = datavp; unsigned long flags; -@@ -928,14 +928,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, +@@ -1011,14 +1011,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, goto out; } @@ -77134,7 +80880,7 @@ index acbd284..00bb0c9 100644 goto out_put_task_struct; } -@@ -963,7 +970,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, +@@ -1046,7 +1053,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0); if (copied != sizeof(tmp)) return -EIO; @@ -77143,7 +80889,7 @@ index acbd284..00bb0c9 100644 } int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr, -@@ -1057,7 +1064,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request, +@@ -1140,7 +1147,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request, } asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, @@ -77152,7 +80898,7 @@ index acbd284..00bb0c9 100644 { struct task_struct *child; long ret; -@@ -1073,14 +1080,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, +@@ -1156,14 +1163,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, goto out; } @@ -77395,10 +81141,10 @@ index e1f3a8c..42c94a2 100644 for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) { per_cpu(rcu_torture_count, cpu)[i] = 0; diff --git a/kernel/rcutree.c b/kernel/rcutree.c -index 5b8ad82..17274d1 100644 +index 3538001..e379e0b 100644 --- a/kernel/rcutree.c +++ b/kernel/rcutree.c -@@ -353,9 +353,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval, +@@ -358,9 +358,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval, rcu_prepare_for_idle(smp_processor_id()); /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */ smp_mb__before_atomic_inc(); /* See above. */ @@ -77410,7 +81156,7 @@ index 5b8ad82..17274d1 100644 /* * It is illegal to enter an extended quiescent state while -@@ -491,10 +491,10 @@ static void rcu_eqs_exit_common(struct rcu_dynticks *rdtp, long long oldval, +@@ -496,10 +496,10 @@ static void rcu_eqs_exit_common(struct rcu_dynticks *rdtp, long long oldval, int user) { smp_mb__before_atomic_inc(); /* Force ordering w/previous sojourn. */ @@ -77423,7 +81169,7 @@ index 5b8ad82..17274d1 100644 rcu_cleanup_after_idle(smp_processor_id()); trace_rcu_dyntick("End", oldval, rdtp->dynticks_nesting); if (!user && !is_idle_task(current)) { -@@ -633,14 +633,14 @@ void rcu_nmi_enter(void) +@@ -638,14 +638,14 @@ void rcu_nmi_enter(void) struct rcu_dynticks *rdtp = &__get_cpu_var(rcu_dynticks); if (rdtp->dynticks_nmi_nesting == 0 && @@ -77441,7 +81187,7 @@ index 5b8ad82..17274d1 100644 } /** -@@ -659,9 +659,9 @@ void rcu_nmi_exit(void) +@@ -664,9 +664,9 @@ void rcu_nmi_exit(void) return; /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */ smp_mb__before_atomic_inc(); /* See above. */ @@ -77453,7 +81199,7 @@ index 5b8ad82..17274d1 100644 } /** -@@ -675,7 +675,7 @@ int rcu_is_cpu_idle(void) +@@ -680,7 +680,7 @@ int rcu_is_cpu_idle(void) int ret; preempt_disable(); @@ -77462,7 +81208,7 @@ index 5b8ad82..17274d1 100644 preempt_enable(); return ret; } -@@ -743,7 +743,7 @@ static int rcu_is_cpu_rrupt_from_idle(void) +@@ -748,7 +748,7 @@ static int rcu_is_cpu_rrupt_from_idle(void) */ static int dyntick_save_progress_counter(struct rcu_data *rdp) { @@ -77471,7 +81217,7 @@ index 5b8ad82..17274d1 100644 return (rdp->dynticks_snap & 0x1) == 0; } -@@ -758,7 +758,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp) +@@ -763,7 +763,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp) unsigned int curr; unsigned int snap; @@ -77480,7 +81226,28 @@ index 5b8ad82..17274d1 100644 snap = (unsigned int)rdp->dynticks_snap; /* -@@ -1698,7 +1698,7 @@ rcu_send_cbs_to_orphanage(int cpu, struct rcu_state *rsp, +@@ -1440,9 +1440,9 @@ static int rcu_gp_init(struct rcu_state *rsp) + rdp = this_cpu_ptr(rsp->rda); + rcu_preempt_check_blocked_tasks(rnp); + rnp->qsmask = rnp->qsmaskinit; +- ACCESS_ONCE(rnp->gpnum) = rsp->gpnum; ++ ACCESS_ONCE_RW(rnp->gpnum) = rsp->gpnum; + WARN_ON_ONCE(rnp->completed != rsp->completed); +- ACCESS_ONCE(rnp->completed) = rsp->completed; ++ ACCESS_ONCE_RW(rnp->completed) = rsp->completed; + if (rnp == rdp->mynode) + rcu_start_gp_per_cpu(rsp, rnp, rdp); + rcu_preempt_boost_start_gp(rnp); +@@ -1524,7 +1524,7 @@ static void rcu_gp_cleanup(struct rcu_state *rsp) + */ + rcu_for_each_node_breadth_first(rsp, rnp) { + raw_spin_lock_irq(&rnp->lock); +- ACCESS_ONCE(rnp->completed) = rsp->gpnum; ++ ACCESS_ONCE_RW(rnp->completed) = rsp->gpnum; + rdp = this_cpu_ptr(rsp->rda); + if (rnp == rdp->mynode) + __rcu_process_gp_end(rsp, rnp, rdp); +@@ -1855,7 +1855,7 @@ rcu_send_cbs_to_orphanage(int cpu, struct rcu_state *rsp, rsp->qlen += rdp->qlen; rdp->n_cbs_orphaned += rdp->qlen; rdp->qlen_lazy = 0; @@ -77489,7 +81256,7 @@ index 5b8ad82..17274d1 100644 } /* -@@ -1944,7 +1944,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp) +@@ -2101,7 +2101,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp) } smp_mb(); /* List handling before counting for rcu_barrier(). */ rdp->qlen_lazy -= count_lazy; @@ -77498,7 +81265,7 @@ index 5b8ad82..17274d1 100644 rdp->n_cbs_invoked += count; /* Reinstate batch limit if we have worked down the excess. */ -@@ -2137,7 +2137,7 @@ __rcu_process_callbacks(struct rcu_state *rsp) +@@ -2295,7 +2295,7 @@ __rcu_process_callbacks(struct rcu_state *rsp) /* * Do RCU core processing for the current CPU. */ @@ -77507,7 +81274,7 @@ index 5b8ad82..17274d1 100644 { struct rcu_state *rsp; -@@ -2260,7 +2260,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu), +@@ -2419,7 +2419,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu), local_irq_restore(flags); return; } @@ -77516,7 +81283,7 @@ index 5b8ad82..17274d1 100644 if (lazy) rdp->qlen_lazy++; else -@@ -2469,11 +2469,11 @@ void synchronize_sched_expedited(void) +@@ -2628,11 +2628,11 @@ void synchronize_sched_expedited(void) * counter wrap on a 32-bit system. Quite a few more CPUs would of * course be required on a 64-bit system. */ @@ -77530,7 +81297,7 @@ index 5b8ad82..17274d1 100644 return; } -@@ -2481,7 +2481,7 @@ void synchronize_sched_expedited(void) +@@ -2640,7 +2640,7 @@ void synchronize_sched_expedited(void) * Take a ticket. Note that atomic_inc_return() implies a * full memory barrier. */ @@ -77539,7 +81306,7 @@ index 5b8ad82..17274d1 100644 firstsnap = snap; get_online_cpus(); WARN_ON_ONCE(cpu_is_offline(raw_smp_processor_id())); -@@ -2494,14 +2494,14 @@ void synchronize_sched_expedited(void) +@@ -2653,14 +2653,14 @@ void synchronize_sched_expedited(void) synchronize_sched_expedited_cpu_stop, NULL) == -EAGAIN) { put_online_cpus(); @@ -77556,7 +81323,7 @@ index 5b8ad82..17274d1 100644 return; } -@@ -2510,7 +2510,7 @@ void synchronize_sched_expedited(void) +@@ -2669,7 +2669,7 @@ void synchronize_sched_expedited(void) udelay(trycount * num_online_cpus()); } else { wait_rcu_gp(call_rcu_sched); @@ -77565,7 +81332,7 @@ index 5b8ad82..17274d1 100644 return; } -@@ -2519,7 +2519,7 @@ void synchronize_sched_expedited(void) +@@ -2678,7 +2678,7 @@ void synchronize_sched_expedited(void) if (ULONG_CMP_GE((ulong)s, (ulong)firstsnap)) { /* ensure test happens before caller kfree */ smp_mb__before_atomic_inc(); /* ^^^ */ @@ -77574,7 +81341,7 @@ index 5b8ad82..17274d1 100644 return; } -@@ -2531,10 +2531,10 @@ void synchronize_sched_expedited(void) +@@ -2690,10 +2690,10 @@ void synchronize_sched_expedited(void) * period works for us. */ get_online_cpus(); @@ -77587,7 +81354,7 @@ index 5b8ad82..17274d1 100644 /* * Everyone up to our most recent fetch is covered by our grace -@@ -2543,16 +2543,16 @@ void synchronize_sched_expedited(void) +@@ -2702,16 +2702,16 @@ void synchronize_sched_expedited(void) * than we did already did their update. */ do { @@ -77607,7 +81374,7 @@ index 5b8ad82..17274d1 100644 put_online_cpus(); } -@@ -2726,7 +2726,7 @@ static void _rcu_barrier(struct rcu_state *rsp) +@@ -2893,7 +2893,7 @@ static void _rcu_barrier(struct rcu_state *rsp) * ACCESS_ONCE() to prevent the compiler from speculating * the increment to precede the early-exit check. */ @@ -77616,7 +81383,7 @@ index 5b8ad82..17274d1 100644 WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 1); _rcu_barrier_trace(rsp, "Inc1", -1, rsp->n_barrier_done); smp_mb(); /* Order ->n_barrier_done increment with below mechanism. */ -@@ -2776,7 +2776,7 @@ static void _rcu_barrier(struct rcu_state *rsp) +@@ -2943,7 +2943,7 @@ static void _rcu_barrier(struct rcu_state *rsp) /* Increment ->n_barrier_done to prevent duplicate work. */ smp_mb(); /* Keep increment after above mechanism. */ @@ -77625,7 +81392,7 @@ index 5b8ad82..17274d1 100644 WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 0); _rcu_barrier_trace(rsp, "Inc2", -1, rsp->n_barrier_done); smp_mb(); /* Keep increment before caller's subsequent code. */ -@@ -2821,10 +2821,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp) +@@ -2988,10 +2988,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp) rdp->grpmask = 1UL << (cpu - rdp->mynode->grplo); init_callback_list(rdp); rdp->qlen_lazy = 0; @@ -77638,7 +81405,7 @@ index 5b8ad82..17274d1 100644 rdp->cpu = cpu; rdp->rsp = rsp; rcu_boot_init_nocb_percpu_data(rdp); -@@ -2857,8 +2857,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible) +@@ -3024,8 +3024,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible) rdp->blimit = blimit; init_callback_list(rdp); /* Re-enable callbacks on this CPU. */ rdp->dynticks->dynticks_nesting = DYNTICK_TASK_EXIT_IDLE; @@ -77646,23 +81413,32 @@ index 5b8ad82..17274d1 100644 - (atomic_read(&rdp->dynticks->dynticks) & ~0x1) + 1); + atomic_set_unchecked(&rdp->dynticks->dynticks, + (atomic_read_unchecked(&rdp->dynticks->dynticks) & ~0x1) + 1); - rcu_prepare_for_idle_init(cpu); raw_spin_unlock(&rnp->lock); /* irqs remain disabled. */ + /* Add CPU to rcu_node bitmasks. */ +@@ -3120,7 +3120,7 @@ static int __init rcu_spawn_gp_kthread(void) + struct task_struct *t; + + for_each_rcu_flavor(rsp) { +- t = kthread_run(rcu_gp_kthread, rsp, rsp->name); ++ t = kthread_run(rcu_gp_kthread, rsp, "%s", rsp->name); + BUG_ON(IS_ERR(t)); + rnp = rcu_get_root(rsp); + raw_spin_lock_irqsave(&rnp->lock, flags); diff --git a/kernel/rcutree.h b/kernel/rcutree.h -index c896b50..c357252 100644 +index 4df5034..5ee93f2 100644 --- a/kernel/rcutree.h +++ b/kernel/rcutree.h -@@ -86,7 +86,7 @@ struct rcu_dynticks { +@@ -87,7 +87,7 @@ struct rcu_dynticks { long long dynticks_nesting; /* Track irq/process nesting level. */ /* Process level is worth LLONG_MAX/2. */ int dynticks_nmi_nesting; /* Track NMI nesting level. */ - atomic_t dynticks; /* Even value for idle, else odd. */ + atomic_unchecked_t dynticks;/* Even value for idle, else odd. */ #ifdef CONFIG_RCU_FAST_NO_HZ - int dyntick_drain; /* Prepare-for-idle state variable. */ - unsigned long dyntick_holdoff; -@@ -416,17 +416,17 @@ struct rcu_state { + bool all_lazy; /* Are all CPU's CBs lazy? */ + unsigned long nonlazy_posted; +@@ -414,17 +414,17 @@ struct rcu_state { /* _rcu_barrier(). */ /* End of fields guarded by barrier_mutex. */ @@ -77692,10 +81468,10 @@ index c896b50..c357252 100644 unsigned long jiffies_force_qs; /* Time at which to invoke */ /* force_quiescent_state(). */ diff --git a/kernel/rcutree_plugin.h b/kernel/rcutree_plugin.h -index c1cc7e1..f62e436 100644 +index 3db5a37..b395fb35 100644 --- a/kernel/rcutree_plugin.h +++ b/kernel/rcutree_plugin.h -@@ -892,7 +892,7 @@ void synchronize_rcu_expedited(void) +@@ -903,7 +903,7 @@ void synchronize_rcu_expedited(void) /* Clean up and exit. */ smp_mb(); /* ensure expedited GP seen before counter increment. */ @@ -77704,7 +81480,7 @@ index c1cc7e1..f62e436 100644 unlock_mb_ret: mutex_unlock(&sync_rcu_preempt_exp_mutex); mb_ret: -@@ -1440,7 +1440,7 @@ static void rcu_boost_kthread_setaffinity(struct rcu_node *rnp, int outgoingcpu) +@@ -1451,7 +1451,7 @@ static void rcu_boost_kthread_setaffinity(struct rcu_node *rnp, int outgoingcpu) free_cpumask_var(cm); } @@ -77713,16 +81489,16 @@ index c1cc7e1..f62e436 100644 .store = &rcu_cpu_kthread_task, .thread_should_run = rcu_cpu_kthread_should_run, .thread_fn = rcu_cpu_kthread, -@@ -2072,7 +2072,7 @@ static void print_cpu_stall_info(struct rcu_state *rsp, int cpu) +@@ -1916,7 +1916,7 @@ static void print_cpu_stall_info(struct rcu_state *rsp, int cpu) print_cpu_stall_fast_no_hz(fast_no_hz, cpu); - printk(KERN_ERR "\t%d: (%lu %s) idle=%03x/%llx/%d %s\n", + printk(KERN_ERR "\t%d: (%lu %s) idle=%03x/%llx/%d softirq=%u/%u %s\n", cpu, ticks_value, ticks_title, - atomic_read(&rdtp->dynticks) & 0xfff, + atomic_read_unchecked(&rdtp->dynticks) & 0xfff, rdtp->dynticks_nesting, rdtp->dynticks_nmi_nesting, + rdp->softirq_snap, kstat_softirqs_cpu(RCU_SOFTIRQ, cpu), fast_no_hz); - } -@@ -2192,7 +2192,7 @@ static void __call_rcu_nocb_enqueue(struct rcu_data *rdp, +@@ -2079,7 +2079,7 @@ static void __call_rcu_nocb_enqueue(struct rcu_data *rdp, /* Enqueue the callback on the nocb list and update counts. */ old_rhpp = xchg(&rdp->nocb_tail, rhtp); @@ -77731,7 +81507,7 @@ index c1cc7e1..f62e436 100644 atomic_long_add(rhcount, &rdp->nocb_q_count); atomic_long_add(rhcount_lazy, &rdp->nocb_q_count_lazy); -@@ -2384,12 +2384,12 @@ static int rcu_nocb_kthread(void *arg) +@@ -2219,12 +2219,12 @@ static int rcu_nocb_kthread(void *arg) * Extract queued callbacks, update counts, and wait * for a grace period to elapse. */ @@ -77744,10 +81520,10 @@ index c1cc7e1..f62e436 100644 - ACCESS_ONCE(rdp->nocb_p_count_lazy) += cl; + ACCESS_ONCE_RW(rdp->nocb_p_count) += c; + ACCESS_ONCE_RW(rdp->nocb_p_count_lazy) += cl; - wait_rcu_gp(rdp->rsp->call_remote); + rcu_nocb_wait_gp(rdp); /* Each pass through the following loop invokes a callback. */ -@@ -2411,8 +2411,8 @@ static int rcu_nocb_kthread(void *arg) +@@ -2246,8 +2246,8 @@ static int rcu_nocb_kthread(void *arg) list = next; } trace_rcu_batch_end(rdp->rsp->name, c, !!list, 0, 0, 1); @@ -77758,9 +81534,9 @@ index c1cc7e1..f62e436 100644 rdp->n_nocbs_invoked += c; } return 0; -@@ -2438,7 +2438,7 @@ static void __init rcu_spawn_nocb_kthreads(struct rcu_state *rsp) - rdp = per_cpu_ptr(rsp->rda, cpu); - t = kthread_run(rcu_nocb_kthread, rdp, "rcuo%d", cpu); +@@ -2274,7 +2274,7 @@ static void __init rcu_spawn_nocb_kthreads(struct rcu_state *rsp) + t = kthread_run(rcu_nocb_kthread, rdp, + "rcuo%c/%d", rsp->abbr, cpu); BUG_ON(IS_ERR(t)); - ACCESS_ONCE(rdp->nocb_kthread) = t; + ACCESS_ONCE_RW(rdp->nocb_kthread) = t; @@ -77768,10 +81544,10 @@ index c1cc7e1..f62e436 100644 } diff --git a/kernel/rcutree_trace.c b/kernel/rcutree_trace.c -index 93f8e8f..cf812ae 100644 +index cf6c174..a8f4b50 100644 --- a/kernel/rcutree_trace.c +++ b/kernel/rcutree_trace.c -@@ -123,7 +123,7 @@ static void print_one_rcu_data(struct seq_file *m, struct rcu_data *rdp) +@@ -121,7 +121,7 @@ static void print_one_rcu_data(struct seq_file *m, struct rcu_data *rdp) ulong2long(rdp->completed), ulong2long(rdp->gpnum), rdp->passed_quiesce, rdp->qs_pending); seq_printf(m, " dt=%d/%llx/%d df=%lu", @@ -77780,7 +81556,7 @@ index 93f8e8f..cf812ae 100644 rdp->dynticks->dynticks_nesting, rdp->dynticks->dynticks_nmi_nesting, rdp->dynticks_fqs); -@@ -184,17 +184,17 @@ static int show_rcuexp(struct seq_file *m, void *v) +@@ -182,17 +182,17 @@ static int show_rcuexp(struct seq_file *m, void *v) struct rcu_state *rsp = (struct rcu_state *)m->private; seq_printf(m, "s=%lu d=%lu w=%lu tf=%lu wd1=%lu wd2=%lu n=%lu sc=%lu dt=%lu dl=%lu dx=%lu\n", @@ -77809,10 +81585,10 @@ index 93f8e8f..cf812ae 100644 } diff --git a/kernel/resource.c b/kernel/resource.c -index 73f35d4..4684fc4 100644 +index d738698..5f8e60a 100644 --- a/kernel/resource.c +++ b/kernel/resource.c -@@ -143,8 +143,18 @@ static const struct file_operations proc_iomem_operations = { +@@ -152,8 +152,18 @@ static const struct file_operations proc_iomem_operations = { static int __init ioresources_init(void) { @@ -77832,10 +81608,10 @@ index 73f35d4..4684fc4 100644 } __initcall(ioresources_init); diff --git a/kernel/rtmutex-tester.c b/kernel/rtmutex-tester.c -index 7890b10..8b68605f 100644 +index 1d96dd0..994ff19 100644 --- a/kernel/rtmutex-tester.c +++ b/kernel/rtmutex-tester.c -@@ -21,7 +21,7 @@ +@@ -22,7 +22,7 @@ #define MAX_RT_TEST_MUTEXES 8 static spinlock_t rttest_lock; @@ -77844,7 +81620,7 @@ index 7890b10..8b68605f 100644 struct test_thread_data { int opcode; -@@ -62,7 +62,7 @@ static int handle_op(struct test_thread_data *td, int lockwakeup) +@@ -63,7 +63,7 @@ static int handle_op(struct test_thread_data *td, int lockwakeup) case RTTEST_LOCKCONT: td->mutexes[td->opdata] = 1; @@ -77853,7 +81629,7 @@ index 7890b10..8b68605f 100644 return 0; case RTTEST_RESET: -@@ -75,7 +75,7 @@ static int handle_op(struct test_thread_data *td, int lockwakeup) +@@ -76,7 +76,7 @@ static int handle_op(struct test_thread_data *td, int lockwakeup) return 0; case RTTEST_RESETEVENT: @@ -77862,7 +81638,7 @@ index 7890b10..8b68605f 100644 return 0; default: -@@ -92,9 +92,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup) +@@ -93,9 +93,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup) return ret; td->mutexes[id] = 1; @@ -77874,7 +81650,7 @@ index 7890b10..8b68605f 100644 td->mutexes[id] = 4; return 0; -@@ -105,9 +105,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup) +@@ -106,9 +106,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup) return ret; td->mutexes[id] = 1; @@ -77886,7 +81662,7 @@ index 7890b10..8b68605f 100644 td->mutexes[id] = ret ? 0 : 4; return ret ? -EINTR : 0; -@@ -116,9 +116,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup) +@@ -117,9 +117,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup) if (id < 0 || id >= MAX_RT_TEST_MUTEXES || td->mutexes[id] != 4) return ret; @@ -77898,7 +81674,7 @@ index 7890b10..8b68605f 100644 td->mutexes[id] = 0; return 0; -@@ -165,7 +165,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex) +@@ -166,7 +166,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex) break; td->mutexes[dat] = 2; @@ -77907,7 +81683,7 @@ index 7890b10..8b68605f 100644 break; default: -@@ -185,7 +185,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex) +@@ -186,7 +186,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex) return; td->mutexes[dat] = 3; @@ -77916,7 +81692,7 @@ index 7890b10..8b68605f 100644 break; case RTTEST_LOCKNOWAIT: -@@ -197,7 +197,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex) +@@ -198,7 +198,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex) return; td->mutexes[dat] = 1; @@ -77948,10 +81724,10 @@ index 64de5f8..7735e12 100644 #ifdef CONFIG_RT_GROUP_SCHED /* diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 67d0465..4cf9361 100644 +index e8b3350..d83d44e 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c -@@ -3406,7 +3406,7 @@ EXPORT_SYMBOL(wait_for_completion_interruptible); +@@ -3440,7 +3440,7 @@ EXPORT_SYMBOL(wait_for_completion_interruptible); * The return value is -ERESTARTSYS if interrupted, 0 if timed out, * positive (at least 1, or number of jiffies left till timeout) if completed. */ @@ -77960,7 +81736,7 @@ index 67d0465..4cf9361 100644 wait_for_completion_interruptible_timeout(struct completion *x, unsigned long timeout) { -@@ -3423,7 +3423,7 @@ EXPORT_SYMBOL(wait_for_completion_interruptible_timeout); +@@ -3457,7 +3457,7 @@ EXPORT_SYMBOL(wait_for_completion_interruptible_timeout); * * The return value is -ERESTARTSYS if interrupted, 0 if completed. */ @@ -77969,7 +81745,7 @@ index 67d0465..4cf9361 100644 { long t = wait_for_common(x, MAX_SCHEDULE_TIMEOUT, TASK_KILLABLE); if (t == -ERESTARTSYS) -@@ -3444,7 +3444,7 @@ EXPORT_SYMBOL(wait_for_completion_killable); +@@ -3478,7 +3478,7 @@ EXPORT_SYMBOL(wait_for_completion_killable); * The return value is -ERESTARTSYS if interrupted, 0 if timed out, * positive (at least 1, or number of jiffies left till timeout) if completed. */ @@ -77978,7 +81754,7 @@ index 67d0465..4cf9361 100644 wait_for_completion_killable_timeout(struct completion *x, unsigned long timeout) { -@@ -3670,6 +3670,8 @@ int can_nice(const struct task_struct *p, const int nice) +@@ -3704,6 +3704,8 @@ int can_nice(const struct task_struct *p, const int nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim = 20 - nice; @@ -77987,7 +81763,7 @@ index 67d0465..4cf9361 100644 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || capable(CAP_SYS_NICE)); } -@@ -3703,7 +3705,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -3737,7 +3739,8 @@ SYSCALL_DEFINE1(nice, int, increment) if (nice > 19) nice = 19; @@ -77997,7 +81773,7 @@ index 67d0465..4cf9361 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -3857,6 +3860,7 @@ recheck: +@@ -3891,6 +3894,7 @@ recheck: unsigned long rlim_rtprio = task_rlimit(p, RLIMIT_RTPRIO); @@ -78005,7 +81781,7 @@ index 67d0465..4cf9361 100644 /* can't set/change the rt policy */ if (policy != p->policy && !rlim_rtprio) return -EPERM; -@@ -4954,7 +4958,7 @@ static void migrate_tasks(unsigned int dead_cpu) +@@ -4988,7 +4992,7 @@ static void migrate_tasks(unsigned int dead_cpu) #if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL) @@ -78014,7 +81790,7 @@ index 67d0465..4cf9361 100644 { .procname = "sched_domain", .mode = 0555, -@@ -4971,17 +4975,17 @@ static struct ctl_table sd_ctl_root[] = { +@@ -5005,17 +5009,17 @@ static struct ctl_table sd_ctl_root[] = { {} }; @@ -78036,7 +81812,7 @@ index 67d0465..4cf9361 100644 /* * In the intermediate directories, both the child directory and -@@ -4989,22 +4993,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) +@@ -5023,22 +5027,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) * will always be set. In the lowest directory the names are * static strings and all have proc handlers. */ @@ -78068,7 +81844,7 @@ index 67d0465..4cf9361 100644 const char *procname, void *data, int maxlen, umode_t mode, proc_handler *proc_handler, bool load_idx) -@@ -5024,7 +5031,7 @@ set_table_entry(struct ctl_table *entry, +@@ -5058,7 +5065,7 @@ set_table_entry(struct ctl_table *entry, static struct ctl_table * sd_alloc_ctl_domain_table(struct sched_domain *sd) { @@ -78077,7 +81853,7 @@ index 67d0465..4cf9361 100644 if (table == NULL) return NULL; -@@ -5059,9 +5066,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) +@@ -5093,9 +5100,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) return table; } @@ -78089,7 +81865,7 @@ index 67d0465..4cf9361 100644 struct sched_domain *sd; int domain_num = 0, i; char buf[32]; -@@ -5088,11 +5095,13 @@ static struct ctl_table_header *sd_sysctl_header; +@@ -5122,11 +5129,13 @@ static struct ctl_table_header *sd_sysctl_header; static void register_sched_domain_sysctl(void) { int i, cpu_num = num_possible_cpus(); @@ -78104,7 +81880,7 @@ index 67d0465..4cf9361 100644 if (entry == NULL) return; -@@ -5115,8 +5124,12 @@ static void unregister_sched_domain_sysctl(void) +@@ -5149,8 +5158,12 @@ static void unregister_sched_domain_sysctl(void) if (sd_sysctl_header) unregister_sysctl_table(sd_sysctl_header); sd_sysctl_header = NULL; @@ -78119,7 +81895,7 @@ index 67d0465..4cf9361 100644 } #else static void register_sched_domain_sysctl(void) -@@ -5215,7 +5228,7 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu) +@@ -5249,7 +5262,7 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu) * happens before everything else. This has to be lower priority than * the notifier in the perf_event subsystem, though. */ @@ -78129,10 +81905,10 @@ index 67d0465..4cf9361 100644 .priority = CPU_PRI_MIGRATION, }; diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c -index 7a33e59..2f7730c 100644 +index 03b73be..9422b9f 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c -@@ -830,7 +830,7 @@ void task_numa_fault(int node, int pages, bool migrated) +@@ -831,7 +831,7 @@ void task_numa_fault(int node, int pages, bool migrated) static void reset_ptenuma_scan(struct task_struct *p) { @@ -78141,7 +81917,7 @@ index 7a33e59..2f7730c 100644 p->mm->numa_scan_offset = 0; } -@@ -5654,7 +5654,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } +@@ -5687,7 +5687,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } * run_rebalance_domains is triggered when needed from the scheduler tick. * Also triggered for nohz idle balancing (with nohz_balancing_kick set). */ @@ -78150,11 +81926,24 @@ index 7a33e59..2f7730c 100644 { int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); +diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h +index ce39224d..0e09343 100644 +--- a/kernel/sched/sched.h ++++ b/kernel/sched/sched.h +@@ -1009,7 +1009,7 @@ struct sched_class { + #ifdef CONFIG_FAIR_GROUP_SCHED + void (*task_move_group) (struct task_struct *p, int on_rq); + #endif +-}; ++} __do_const; + + #define sched_class_highest (&stop_sched_class) + #define for_each_class(class) \ diff --git a/kernel/signal.c b/kernel/signal.c -index 598dc06..471310a 100644 +index 113411b..20d0a99 100644 --- a/kernel/signal.c +++ b/kernel/signal.c -@@ -50,12 +50,12 @@ static struct kmem_cache *sigqueue_cachep; +@@ -51,12 +51,12 @@ static struct kmem_cache *sigqueue_cachep; int print_fatal_signals __read_mostly; @@ -78169,7 +81958,7 @@ index 598dc06..471310a 100644 { /* Is it explicitly or implicitly ignored? */ return handler == SIG_IGN || -@@ -64,7 +64,7 @@ static int sig_handler_ignored(void __user *handler, int sig) +@@ -65,7 +65,7 @@ static int sig_handler_ignored(void __user *handler, int sig) static int sig_task_ignored(struct task_struct *t, int sig, bool force) { @@ -78178,7 +81967,7 @@ index 598dc06..471310a 100644 handler = sig_handler(t, sig); -@@ -368,6 +368,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimi +@@ -369,6 +369,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimi atomic_inc(&user->sigpending); rcu_read_unlock(); @@ -78188,7 +81977,7 @@ index 598dc06..471310a 100644 if (override_rlimit || atomic_read(&user->sigpending) <= task_rlimit(t, RLIMIT_SIGPENDING)) { -@@ -495,7 +498,7 @@ flush_signal_handlers(struct task_struct *t, int force_default) +@@ -496,7 +499,7 @@ flush_signal_handlers(struct task_struct *t, int force_default) int unhandled_signal(struct task_struct *tsk, int sig) { @@ -78197,7 +81986,7 @@ index 598dc06..471310a 100644 if (is_global_init(tsk)) return 1; if (handler != SIG_IGN && handler != SIG_DFL) -@@ -815,6 +818,13 @@ static int check_kill_permission(int sig, struct siginfo *info, +@@ -816,6 +819,13 @@ static int check_kill_permission(int sig, struct siginfo *info, } } @@ -78211,7 +82000,7 @@ index 598dc06..471310a 100644 return security_task_kill(t, info, sig, 0); } -@@ -1197,7 +1207,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) +@@ -1199,7 +1209,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) return send_signal(sig, info, p, 1); } @@ -78220,7 +82009,7 @@ index 598dc06..471310a 100644 specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t) { return send_signal(sig, info, t, 0); -@@ -1234,6 +1244,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) +@@ -1236,6 +1246,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) unsigned long int flags; int ret, blocked, ignored; struct k_sigaction *action; @@ -78228,7 +82017,7 @@ index 598dc06..471310a 100644 spin_lock_irqsave(&t->sighand->siglock, flags); action = &t->sighand->action[sig-1]; -@@ -1248,9 +1259,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) +@@ -1250,9 +1261,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) } if (action->sa.sa_handler == SIG_DFL) t->signal->flags &= ~SIGNAL_UNKILLABLE; @@ -78247,7 +82036,7 @@ index 598dc06..471310a 100644 return ret; } -@@ -1317,8 +1337,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) +@@ -1319,8 +1339,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) ret = check_kill_permission(sig, info, p); rcu_read_unlock(); @@ -78260,7 +82049,7 @@ index 598dc06..471310a 100644 return ret; } -@@ -2923,7 +2946,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) +@@ -2926,7 +2949,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) int error = -ESRCH; rcu_read_lock(); @@ -78277,7 +82066,24 @@ index 598dc06..471310a 100644 if (p && (tgid <= 0 || task_tgid_vnr(p) == tgid)) { error = check_kill_permission(sig, info, p); /* -@@ -3237,8 +3268,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack, +@@ -3219,6 +3250,16 @@ int __save_altstack(stack_t __user *uss, unsigned long sp) + __put_user(t->sas_ss_size, &uss->ss_size); + } + ++#ifdef CONFIG_X86 ++void __save_altstack_ex(stack_t __user *uss, unsigned long sp) ++{ ++ struct task_struct *t = current; ++ put_user_ex((void __user *)t->sas_ss_sp, &uss->ss_sp); ++ put_user_ex(sas_ss_flags(sp), &uss->ss_flags); ++ put_user_ex(t->sas_ss_size, &uss->ss_size); ++} ++#endif ++ + #ifdef CONFIG_COMPAT + COMPAT_SYSCALL_DEFINE2(sigaltstack, + const compat_stack_t __user *, uss_ptr, +@@ -3240,8 +3281,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack, } seg = get_fs(); set_fs(KERNEL_DS); @@ -78288,8 +82094,25 @@ index 598dc06..471310a 100644 compat_user_stack_pointer()); set_fs(seg); if (ret >= 0 && uoss_ptr) { +@@ -3268,6 +3309,16 @@ int __compat_save_altstack(compat_stack_t __user *uss, unsigned long sp) + __put_user(sas_ss_flags(sp), &uss->ss_flags) | + __put_user(t->sas_ss_size, &uss->ss_size); + } ++ ++#ifdef CONFIG_X86 ++void __compat_save_altstack_ex(compat_stack_t __user *uss, unsigned long sp) ++{ ++ struct task_struct *t = current; ++ put_user_ex(ptr_to_compat((void __user *)t->sas_ss_sp), &uss->ss_sp); ++ put_user_ex(sas_ss_flags(sp), &uss->ss_flags); ++ put_user_ex(t->sas_ss_size, &uss->ss_size); ++} ++#endif + #endif + + #ifdef __ARCH_WANT_SYS_SIGPENDING diff --git a/kernel/smp.c b/kernel/smp.c -index 8e451f3..8322029 100644 +index 4dba0f7..fe9f773 100644 --- a/kernel/smp.c +++ b/kernel/smp.c @@ -73,7 +73,7 @@ hotplug_cfd(struct notifier_block *nfb, unsigned long action, void *hcpu) @@ -78324,7 +82147,7 @@ index 02fc5c9..e54c335 100644 mutex_unlock(&smpboot_threads_lock); put_online_cpus(); diff --git a/kernel/softirq.c b/kernel/softirq.c -index 14d7758..012121f 100644 +index 3d6833f..da6d93d 100644 --- a/kernel/softirq.c +++ b/kernel/softirq.c @@ -53,11 +53,11 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned; @@ -78341,7 +82164,7 @@ index 14d7758..012121f 100644 "HI", "TIMER", "NET_TX", "NET_RX", "BLOCK", "BLOCK_IOPOLL", "TASKLET", "SCHED", "HRTIMER", "RCU" }; -@@ -244,7 +244,7 @@ restart: +@@ -250,7 +250,7 @@ restart: kstat_incr_softirqs_this_cpu(vec_nr); trace_softirq_entry(vec_nr); @@ -78350,7 +82173,7 @@ index 14d7758..012121f 100644 trace_softirq_exit(vec_nr); if (unlikely(prev_count != preempt_count())) { printk(KERN_ERR "huh, entered softirq %u %s %p" -@@ -389,7 +389,7 @@ void __raise_softirq_irqoff(unsigned int nr) +@@ -405,7 +405,7 @@ void __raise_softirq_irqoff(unsigned int nr) or_softirq_pending(1UL << nr); } @@ -78359,7 +82182,7 @@ index 14d7758..012121f 100644 { softirq_vec[nr].action = action; } -@@ -445,7 +445,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t) +@@ -461,7 +461,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t) EXPORT_SYMBOL(__tasklet_hi_schedule_first); @@ -78368,7 +82191,7 @@ index 14d7758..012121f 100644 { struct tasklet_struct *list; -@@ -480,7 +480,7 @@ static void tasklet_action(struct softirq_action *a) +@@ -496,7 +496,7 @@ static void tasklet_action(struct softirq_action *a) } } @@ -78377,7 +82200,7 @@ index 14d7758..012121f 100644 { struct tasklet_struct *list; -@@ -716,7 +716,7 @@ static int __cpuinit remote_softirq_cpu_notify(struct notifier_block *self, +@@ -730,7 +730,7 @@ static int __cpuinit remote_softirq_cpu_notify(struct notifier_block *self, return NOTIFY_OK; } @@ -78386,7 +82209,7 @@ index 14d7758..012121f 100644 .notifier_call = remote_softirq_cpu_notify, }; -@@ -833,11 +833,11 @@ static int __cpuinit cpu_callback(struct notifier_block *nfb, +@@ -847,11 +847,11 @@ static int __cpuinit cpu_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -78417,10 +82240,10 @@ index 01d5ccb..cdcbee6 100644 return idx; } diff --git a/kernel/sys.c b/kernel/sys.c -index 0da73cf..5c2af3c 100644 +index 2bbd9a7..0875671 100644 --- a/kernel/sys.c +++ b/kernel/sys.c -@@ -158,6 +158,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error) +@@ -163,6 +163,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error) error = -EACCES; goto out; } @@ -78433,7 +82256,7 @@ index 0da73cf..5c2af3c 100644 no_nice = security_task_setnice(p, niceval); if (no_nice) { error = no_nice; -@@ -598,6 +604,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid) +@@ -626,6 +632,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid) goto error; } @@ -78443,7 +82266,7 @@ index 0da73cf..5c2af3c 100644 if (rgid != (gid_t) -1 || (egid != (gid_t) -1 && !gid_eq(kegid, old->gid))) new->sgid = new->egid; -@@ -633,6 +642,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid) +@@ -661,6 +670,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid) old = current_cred(); retval = -EPERM; @@ -78454,7 +82277,7 @@ index 0da73cf..5c2af3c 100644 if (nsown_capable(CAP_SETGID)) new->gid = new->egid = new->sgid = new->fsgid = kgid; else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid)) -@@ -650,7 +663,7 @@ error: +@@ -678,7 +691,7 @@ error: /* * change the user struct in a credentials set to match the new UID */ @@ -78463,7 +82286,7 @@ index 0da73cf..5c2af3c 100644 { struct user_struct *new_user; -@@ -730,6 +743,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid) +@@ -758,6 +771,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid) goto error; } @@ -78473,7 +82296,7 @@ index 0da73cf..5c2af3c 100644 if (!uid_eq(new->uid, old->uid)) { retval = set_user(new); if (retval < 0) -@@ -780,6 +796,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid) +@@ -808,6 +824,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid) old = current_cred(); retval = -EPERM; @@ -78486,7 +82309,7 @@ index 0da73cf..5c2af3c 100644 if (nsown_capable(CAP_SETUID)) { new->suid = new->uid = kuid; if (!uid_eq(kuid, old->uid)) { -@@ -849,6 +871,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid) +@@ -877,6 +899,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid) goto error; } @@ -78496,7 +82319,7 @@ index 0da73cf..5c2af3c 100644 if (ruid != (uid_t) -1) { new->uid = kruid; if (!uid_eq(kruid, old->uid)) { -@@ -931,6 +956,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid) +@@ -959,6 +984,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid) goto error; } @@ -78506,7 +82329,7 @@ index 0da73cf..5c2af3c 100644 if (rgid != (gid_t) -1) new->gid = krgid; if (egid != (gid_t) -1) -@@ -992,12 +1020,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) +@@ -1020,12 +1048,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) uid_eq(kuid, old->suid) || uid_eq(kuid, old->fsuid) || nsown_capable(CAP_SETUID)) { if (!uid_eq(kuid, old->fsuid)) { @@ -78523,7 +82346,7 @@ index 0da73cf..5c2af3c 100644 abort_creds(new); return old_fsuid; -@@ -1030,12 +1062,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid) +@@ -1058,12 +1090,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid) if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->egid) || gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) || nsown_capable(CAP_SETGID)) { @@ -78540,7 +82363,7 @@ index 0da73cf..5c2af3c 100644 abort_creds(new); return old_fsgid; -@@ -1343,19 +1379,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) +@@ -1432,19 +1468,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) return -EFAULT; down_read(&uts_sem); @@ -78565,7 +82388,7 @@ index 0da73cf..5c2af3c 100644 __OLD_UTS_LEN); error |= __put_user(0, name->machine + __OLD_UTS_LEN); up_read(&uts_sem); -@@ -1557,6 +1593,13 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource, +@@ -1646,6 +1682,13 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource, */ new_rlim->rlim_cur = 1; } @@ -78580,7 +82403,7 @@ index 0da73cf..5c2af3c 100644 if (!retval) { if (old_rlim) diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index afc1dc6..f6cf355 100644 +index 9edcf45..713c960 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -93,7 +93,6 @@ @@ -78591,7 +82414,7 @@ index afc1dc6..f6cf355 100644 /* External variables not in a header file. */ extern int sysctl_overcommit_memory; extern int sysctl_overcommit_ratio; -@@ -120,18 +119,18 @@ extern int blk_iopoll_enabled; +@@ -119,18 +118,18 @@ extern int blk_iopoll_enabled; /* Constants used for minimum and maximum */ #ifdef CONFIG_LOCKUP_DETECTOR @@ -78619,7 +82442,7 @@ index afc1dc6..f6cf355 100644 #endif /* this is needed for the proc_doulongvec_minmax of vm_dirty_bytes */ -@@ -178,10 +177,8 @@ static int proc_taint(struct ctl_table *table, int write, +@@ -177,10 +176,8 @@ static int proc_taint(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); #endif @@ -78630,7 +82453,7 @@ index afc1dc6..f6cf355 100644 static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); -@@ -212,6 +209,8 @@ static int sysrq_sysctl_handler(ctl_table *table, int write, +@@ -211,6 +208,8 @@ static int sysrq_sysctl_handler(ctl_table *table, int write, #endif @@ -78639,7 +82462,7 @@ index afc1dc6..f6cf355 100644 static struct ctl_table kern_table[]; static struct ctl_table vm_table[]; static struct ctl_table fs_table[]; -@@ -226,6 +225,20 @@ extern struct ctl_table epoll_table[]; +@@ -225,6 +224,20 @@ extern struct ctl_table epoll_table[]; int sysctl_legacy_va_layout; #endif @@ -78660,7 +82483,7 @@ index afc1dc6..f6cf355 100644 /* The default sysctl tables: */ static struct ctl_table sysctl_base_table[] = { -@@ -274,6 +287,22 @@ static int max_extfrag_threshold = 1000; +@@ -273,6 +286,22 @@ static int max_extfrag_threshold = 1000; #endif static struct ctl_table kern_table[] = { @@ -78683,7 +82506,7 @@ index afc1dc6..f6cf355 100644 { .procname = "sched_child_runs_first", .data = &sysctl_sched_child_runs_first, -@@ -608,7 +637,7 @@ static struct ctl_table kern_table[] = { +@@ -607,7 +636,7 @@ static struct ctl_table kern_table[] = { .data = &modprobe_path, .maxlen = KMOD_PATH_LEN, .mode = 0644, @@ -78692,7 +82515,7 @@ index afc1dc6..f6cf355 100644 }, { .procname = "modules_disabled", -@@ -775,16 +804,20 @@ static struct ctl_table kern_table[] = { +@@ -774,16 +803,20 @@ static struct ctl_table kern_table[] = { .extra1 = &zero, .extra2 = &one, }, @@ -78714,7 +82537,7 @@ index afc1dc6..f6cf355 100644 { .procname = "ngroups_max", .data = &ngroups_max, -@@ -1026,10 +1059,17 @@ static struct ctl_table kern_table[] = { +@@ -1025,10 +1058,17 @@ static struct ctl_table kern_table[] = { */ { .procname = "perf_event_paranoid", @@ -78735,7 +82558,7 @@ index afc1dc6..f6cf355 100644 }, { .procname = "perf_event_mlock_kb", -@@ -1283,6 +1323,13 @@ static struct ctl_table vm_table[] = { +@@ -1282,6 +1322,13 @@ static struct ctl_table vm_table[] = { .proc_handler = proc_dointvec_minmax, .extra1 = &zero, }, @@ -78749,7 +82572,7 @@ index afc1dc6..f6cf355 100644 #else { .procname = "nr_trim_pages", -@@ -1733,6 +1780,16 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -1746,6 +1793,16 @@ int proc_dostring(struct ctl_table *table, int write, buffer, lenp, ppos); } @@ -78766,7 +82589,7 @@ index afc1dc6..f6cf355 100644 static size_t proc_skip_spaces(char **buf) { size_t ret; -@@ -1838,6 +1895,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, +@@ -1851,6 +1908,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, len = strlen(tmp); if (len > *size) len = *size; @@ -78775,7 +82598,7 @@ index afc1dc6..f6cf355 100644 if (copy_to_user(*buf, tmp, len)) return -EFAULT; *size -= len; -@@ -2002,7 +2061,7 @@ int proc_dointvec(struct ctl_table *table, int write, +@@ -2015,7 +2074,7 @@ int proc_dointvec(struct ctl_table *table, int write, static int proc_taint(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -78784,7 +82607,7 @@ index afc1dc6..f6cf355 100644 unsigned long tmptaint = get_taint(); int err; -@@ -2030,7 +2089,6 @@ static int proc_taint(struct ctl_table *table, int write, +@@ -2043,7 +2102,6 @@ static int proc_taint(struct ctl_table *table, int write, return err; } @@ -78792,7 +82615,7 @@ index afc1dc6..f6cf355 100644 static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -2039,7 +2097,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, +@@ -2052,7 +2110,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, return proc_dointvec_minmax(table, write, buffer, lenp, ppos); } @@ -78800,7 +82623,7 @@ index afc1dc6..f6cf355 100644 struct do_proc_dointvec_minmax_conv_param { int *min; -@@ -2186,8 +2243,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int +@@ -2199,8 +2256,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int *i = val; } else { val = convdiv * (*i) / convmul; @@ -78813,7 +82636,7 @@ index afc1dc6..f6cf355 100644 err = proc_put_long(&buffer, &left, val, false); if (err) break; -@@ -2579,6 +2639,12 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -2592,6 +2652,12 @@ int proc_dostring(struct ctl_table *table, int write, return -ENOSYS; } @@ -78826,7 +82649,7 @@ index afc1dc6..f6cf355 100644 int proc_dointvec(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -2635,5 +2701,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax); +@@ -2648,5 +2714,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax); EXPORT_SYMBOL(proc_dointvec_userhz_jiffies); EXPORT_SYMBOL(proc_dointvec_ms_jiffies); EXPORT_SYMBOL(proc_dostring); @@ -78861,10 +82684,10 @@ index 145bb4d..b2aa969 100644 return cmd_attr_register_cpumask(info); else if (info->attrs[TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK]) diff --git a/kernel/time.c b/kernel/time.c -index f8342a4..288f13b 100644 +index d3617db..c98bbe9 100644 --- a/kernel/time.c +++ b/kernel/time.c -@@ -171,6 +171,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz) +@@ -172,6 +172,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz) return error; if (tz) { @@ -78876,7 +82699,7 @@ index f8342a4..288f13b 100644 sys_tz = *tz; update_vsyscall_tz(); if (firsttime) { -@@ -501,7 +506,7 @@ EXPORT_SYMBOL(usecs_to_jiffies); +@@ -502,7 +507,7 @@ EXPORT_SYMBOL(usecs_to_jiffies); * The >> (NSEC_JIFFIE_SC - SEC_JIFFIE_SC) converts the scaled nsec * value to a scaled second value. */ @@ -78898,21 +82721,8 @@ index f11d83b..d016d91 100644 .clock_getres = alarm_clock_getres, .clock_get = alarm_clock_get, .timer_create = alarm_timer_create, -diff --git a/kernel/time/tick-broadcast.c b/kernel/time/tick-broadcast.c -index 90ad470..1814e9a 100644 ---- a/kernel/time/tick-broadcast.c -+++ b/kernel/time/tick-broadcast.c -@@ -138,7 +138,7 @@ int tick_device_uses_broadcast(struct clock_event_device *dev, int cpu) - * then clear the broadcast bit. - */ - if (!(dev->features & CLOCK_EVT_FEAT_C3STOP)) { -- int cpu = smp_processor_id(); -+ cpu = smp_processor_id(); - cpumask_clear_cpu(cpu, tick_get_broadcast_mask()); - tick_broadcast_clear_oneshot(cpu); - } else { diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c -index 9a0bc98..fceb7d0 100644 +index baeeb5c..c22704a 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -15,6 +15,7 @@ @@ -78923,20 +82733,20 @@ index 9a0bc98..fceb7d0 100644 #include #include #include -@@ -448,6 +449,8 @@ int do_settimeofday(const struct timespec *tv) +@@ -495,6 +496,8 @@ int do_settimeofday(const struct timespec *tv) if (!timespec_valid_strict(tv)) return -EINVAL; + gr_log_timechange(); + - write_seqlock_irqsave(&tk->lock, flags); + raw_spin_lock_irqsave(&timekeeper_lock, flags); + write_seqcount_begin(&timekeeper_seq); - timekeeping_forward_now(tk); diff --git a/kernel/time/timer_list.c b/kernel/time/timer_list.c -index af5a7e9..715611a 100644 +index 3bdf283..cc68d83 100644 --- a/kernel/time/timer_list.c +++ b/kernel/time/timer_list.c -@@ -38,12 +38,16 @@ DECLARE_PER_CPU(struct hrtimer_cpu_base, hrtimer_bases); +@@ -45,12 +45,16 @@ DECLARE_PER_CPU(struct hrtimer_cpu_base, hrtimer_bases); static void print_name_offset(struct seq_file *m, void *sym) { @@ -78953,7 +82763,7 @@ index af5a7e9..715611a 100644 } static void -@@ -112,7 +116,11 @@ next_one: +@@ -119,7 +123,11 @@ next_one: static void print_base(struct seq_file *m, struct hrtimer_clock_base *base, u64 now) { @@ -78965,7 +82775,7 @@ index af5a7e9..715611a 100644 SEQ_printf(m, " .index: %d\n", base->index); SEQ_printf(m, " .resolution: %Lu nsecs\n", -@@ -293,7 +301,11 @@ static int __init init_timer_list_procfs(void) +@@ -355,7 +363,11 @@ static int __init init_timer_list_procfs(void) { struct proc_dir_entry *pe; @@ -79051,10 +82861,10 @@ index 0b537f2..40d6c20 100644 return -ENOMEM; return 0; diff --git a/kernel/timer.c b/kernel/timer.c -index 1b399c8..90e1849 100644 +index 15bc1b4..32da49c 100644 --- a/kernel/timer.c +++ b/kernel/timer.c -@@ -1363,7 +1363,7 @@ void update_process_times(int user_tick) +@@ -1366,7 +1366,7 @@ void update_process_times(int user_tick) /* * This function runs timers and the timer-tq in bottom half context. */ @@ -79063,7 +82873,7 @@ index 1b399c8..90e1849 100644 { struct tvec_base *base = __this_cpu_read(tvec_bases); -@@ -1481,7 +1481,7 @@ static void process_timeout(unsigned long __data) +@@ -1429,7 +1429,7 @@ static void process_timeout(unsigned long __data) * * In all cases the return value is guaranteed to be non-negative. */ @@ -79072,7 +82882,7 @@ index 1b399c8..90e1849 100644 { struct timer_list timer; unsigned long expire; -@@ -1772,7 +1772,7 @@ static int __cpuinit timer_cpu_notify(struct notifier_block *self, +@@ -1635,7 +1635,7 @@ static int __cpuinit timer_cpu_notify(struct notifier_block *self, return NOTIFY_OK; } @@ -79082,7 +82892,7 @@ index 1b399c8..90e1849 100644 }; diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c -index 5a0f781..1497f95 100644 +index b8b8560..75b1a09 100644 --- a/kernel/trace/blktrace.c +++ b/kernel/trace/blktrace.c @@ -317,7 +317,7 @@ static ssize_t blk_dropped_read(struct file *filp, char __user *buffer, @@ -79113,10 +82923,10 @@ index 5a0f781..1497f95 100644 ret = -EIO; bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt, diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index 0a0e2a6..943495e 100644 +index 6c508ff..ee55a13 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c -@@ -1909,12 +1909,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) +@@ -1915,12 +1915,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) if (unlikely(ftrace_disabled)) return 0; @@ -79136,16 +82946,7 @@ index 0a0e2a6..943495e 100644 } /* -@@ -2986,7 +2991,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp) - - int - register_ftrace_function_probe(char *glob, struct ftrace_probe_ops *ops, -- void *data) -+ void *data) - { - struct ftrace_func_probe *entry; - struct ftrace_page *pg; -@@ -3854,8 +3859,10 @@ static int ftrace_process_locs(struct module *mod, +@@ -3931,8 +3936,10 @@ static int ftrace_process_locs(struct module *mod, if (!count) return 0; @@ -79156,7 +82957,7 @@ index 0a0e2a6..943495e 100644 start_pg = ftrace_allocate_pages(count); if (!start_pg) -@@ -4574,8 +4581,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write, +@@ -4655,8 +4662,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write, #ifdef CONFIG_FUNCTION_GRAPH_TRACER static int ftrace_graph_active; @@ -79165,7 +82966,7 @@ index 0a0e2a6..943495e 100644 int ftrace_graph_entry_stub(struct ftrace_graph_ent *trace) { return 0; -@@ -4719,6 +4724,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state, +@@ -4800,6 +4805,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state, return NOTIFY_DONE; } @@ -79176,7 +82977,7 @@ index 0a0e2a6..943495e 100644 int register_ftrace_graph(trace_func_graph_ret_t retfunc, trace_func_graph_ent_t entryfunc) { -@@ -4732,7 +4741,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc, +@@ -4813,7 +4822,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc, goto out; } @@ -79185,10 +82986,10 @@ index 0a0e2a6..943495e 100644 ftrace_graph_active++; diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index 6989df2..c2265cf 100644 +index e444ff8..438b8f4 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c -@@ -349,9 +349,9 @@ struct buffer_data_page { +@@ -352,9 +352,9 @@ struct buffer_data_page { */ struct buffer_page { struct list_head list; /* list of buffer pages */ @@ -79200,7 +83001,7 @@ index 6989df2..c2265cf 100644 unsigned long real_end; /* real end of data */ struct buffer_data_page *page; /* Actual data page */ }; -@@ -464,8 +464,8 @@ struct ring_buffer_per_cpu { +@@ -473,8 +473,8 @@ struct ring_buffer_per_cpu { unsigned long last_overrun; local_t entries_bytes; local_t entries; @@ -79211,7 +83012,7 @@ index 6989df2..c2265cf 100644 local_t dropped_events; local_t committing; local_t commits; -@@ -864,8 +864,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, +@@ -992,8 +992,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * * We add a counter to the write field to denote this. */ @@ -79222,7 +83023,7 @@ index 6989df2..c2265cf 100644 /* * Just make sure we have seen our old_write and synchronize -@@ -893,8 +893,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, +@@ -1021,8 +1021,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * cmpxchg to only update if an interrupt did not already * do it for us. If the cmpxchg fails, we don't care. */ @@ -79233,7 +83034,7 @@ index 6989df2..c2265cf 100644 /* * No need to worry about races with clearing out the commit. -@@ -1253,12 +1253,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); +@@ -1386,12 +1386,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); static inline unsigned long rb_page_entries(struct buffer_page *bpage) { @@ -79248,7 +83049,7 @@ index 6989df2..c2265cf 100644 } static int -@@ -1353,7 +1353,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) +@@ -1486,7 +1486,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) * bytes consumed in ring buffer from here. * Increment overrun to account for the lost events. */ @@ -79257,7 +83058,7 @@ index 6989df2..c2265cf 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); } -@@ -1909,7 +1909,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2063,7 +2063,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, * it is our responsibility to update * the counters. */ @@ -79266,7 +83067,7 @@ index 6989df2..c2265cf 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); /* -@@ -2059,7 +2059,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2213,7 +2213,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, if (tail == BUF_PAGE_SIZE) tail_page->real_end = 0; @@ -79275,7 +83076,7 @@ index 6989df2..c2265cf 100644 return; } -@@ -2094,7 +2094,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2248,7 +2248,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, rb_event_set_padding(event); /* Set the write back to the previous setting */ @@ -79284,7 +83085,7 @@ index 6989df2..c2265cf 100644 return; } -@@ -2106,7 +2106,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2260,7 +2260,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, /* Set write to end of buffer */ length = (tail + length) - BUF_PAGE_SIZE; @@ -79293,7 +83094,7 @@ index 6989df2..c2265cf 100644 } /* -@@ -2132,7 +2132,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2286,7 +2286,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, * about it. */ if (unlikely(next_page == commit_page)) { @@ -79302,7 +83103,7 @@ index 6989df2..c2265cf 100644 goto out_reset; } -@@ -2188,7 +2188,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2342,7 +2342,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, cpu_buffer->tail_page) && (cpu_buffer->commit_page == cpu_buffer->reader_page))) { @@ -79311,7 +83112,7 @@ index 6989df2..c2265cf 100644 goto out_reset; } } -@@ -2236,7 +2236,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2390,7 +2390,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, length += RB_LEN_TIME_EXTEND; tail_page = cpu_buffer->tail_page; @@ -79320,7 +83121,7 @@ index 6989df2..c2265cf 100644 /* set write to only the index of the write */ write &= RB_WRITE_MASK; -@@ -2253,7 +2253,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2407,7 +2407,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, kmemcheck_annotate_bitfield(event, bitfield); rb_update_event(cpu_buffer, event, length, add_timestamp, delta); @@ -79329,7 +83130,7 @@ index 6989df2..c2265cf 100644 /* * If this is the first commit on the page, then update -@@ -2286,7 +2286,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2440,7 +2440,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) { unsigned long write_mask = @@ -79338,7 +83139,7 @@ index 6989df2..c2265cf 100644 unsigned long event_length = rb_event_length(event); /* * This is on the tail page. It is possible that -@@ -2296,7 +2296,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2450,7 +2450,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, */ old_index += write_mask; new_index += write_mask; @@ -79347,7 +83148,7 @@ index 6989df2..c2265cf 100644 if (index == old_index) { /* update counters */ local_sub(event_length, &cpu_buffer->entries_bytes); -@@ -2670,7 +2670,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2842,7 +2842,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, /* Do the likely case first */ if (likely(bpage->page == (void *)addr)) { @@ -79356,7 +83157,7 @@ index 6989df2..c2265cf 100644 return; } -@@ -2682,7 +2682,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2854,7 +2854,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, start = bpage; do { if (bpage->page == (void *)addr) { @@ -79365,7 +83166,7 @@ index 6989df2..c2265cf 100644 return; } rb_inc_page(cpu_buffer, &bpage); -@@ -2964,7 +2964,7 @@ static inline unsigned long +@@ -3138,7 +3138,7 @@ static inline unsigned long rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer) { return local_read(&cpu_buffer->entries) - @@ -79374,7 +83175,7 @@ index 6989df2..c2265cf 100644 } /** -@@ -3053,7 +3053,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3227,7 +3227,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -79383,7 +83184,7 @@ index 6989df2..c2265cf 100644 return ret; } -@@ -3076,7 +3076,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3250,7 +3250,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -79392,7 +83193,7 @@ index 6989df2..c2265cf 100644 return ret; } -@@ -3161,7 +3161,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) +@@ -3335,7 +3335,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) /* if you care about this being correct, lock the buffer */ for_each_buffer_cpu(buffer, cpu) { cpu_buffer = buffer->buffers[cpu]; @@ -79401,7 +83202,7 @@ index 6989df2..c2265cf 100644 } return overruns; -@@ -3337,8 +3337,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3511,8 +3511,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) /* * Reset the reader page to size zero. */ @@ -79412,7 +83213,7 @@ index 6989df2..c2265cf 100644 local_set(&cpu_buffer->reader_page->page->commit, 0); cpu_buffer->reader_page->real_end = 0; -@@ -3372,7 +3372,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3546,7 +3546,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) * want to compare with the last_overrun. */ smp_mb(); @@ -79421,7 +83222,7 @@ index 6989df2..c2265cf 100644 /* * Here's the tricky part. -@@ -3942,8 +3942,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4116,8 +4116,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) cpu_buffer->head_page = list_entry(cpu_buffer->pages, struct buffer_page, list); @@ -79432,7 +83233,7 @@ index 6989df2..c2265cf 100644 local_set(&cpu_buffer->head_page->page->commit, 0); cpu_buffer->head_page->read = 0; -@@ -3953,14 +3953,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4127,14 +4127,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) INIT_LIST_HEAD(&cpu_buffer->reader_page->list); INIT_LIST_HEAD(&cpu_buffer->new_pages); @@ -79451,7 +83252,7 @@ index 6989df2..c2265cf 100644 local_set(&cpu_buffer->dropped_events, 0); local_set(&cpu_buffer->entries, 0); local_set(&cpu_buffer->committing, 0); -@@ -4364,8 +4364,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, +@@ -4538,8 +4538,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, rb_init_page(bpage); bpage = reader->page; reader->page = *data_page; @@ -79463,60 +83264,36 @@ index 6989df2..c2265cf 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index 3f28192..a29e8b0 100644 +index 06a5bce..53ad6e7 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c -@@ -2893,7 +2893,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) +@@ -3347,7 +3347,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) return 0; } --int set_tracer_flag(unsigned int mask, int enabled) -+int set_tracer_flag(unsigned long mask, int enabled) +-int set_tracer_flag(struct trace_array *tr, unsigned int mask, int enabled) ++int set_tracer_flag(struct trace_array *tr, unsigned long mask, int enabled) { /* do nothing if flag is already set */ if (!!(trace_flags & mask) == !!enabled) -@@ -4637,10 +4637,9 @@ static const struct file_operations tracing_dyn_info_fops = { - }; - #endif - --static struct dentry *d_tracer; -- - struct dentry *tracing_init_dentry(void) - { -+ static struct dentry *d_tracer; - static int once; - - if (d_tracer) -@@ -4660,10 +4659,9 @@ struct dentry *tracing_init_dentry(void) - return d_tracer; - } - --static struct dentry *d_percpu; -- - static struct dentry *tracing_dentry_percpu(void) - { -+ static struct dentry *d_percpu; - static int once; - struct dentry *d_tracer; - diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h -index 2081971..09f861e 100644 +index 51b4448..7be601f 100644 --- a/kernel/trace/trace.h +++ b/kernel/trace/trace.h -@@ -948,7 +948,7 @@ extern const char *__stop___trace_bprintk_fmt[]; +@@ -1035,7 +1035,7 @@ extern const char *__stop___trace_bprintk_fmt[]; void trace_printk_init_buffers(void); void trace_printk_start_comm(void); int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set); --int set_tracer_flag(unsigned int mask, int enabled); -+int set_tracer_flag(unsigned long mask, int enabled); +-int set_tracer_flag(struct trace_array *tr, unsigned int mask, int enabled); ++int set_tracer_flag(struct trace_array *tr, unsigned long mask, int enabled); - #undef FTRACE_ENTRY - #define FTRACE_ENTRY(call, struct_name, id, tstruct, print, filter) \ + /* + * Normal trace_printk() and friends allocates special buffers diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c -index 57e9b28..eebe41c 100644 +index 6953263..2004e16 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c -@@ -1329,10 +1329,6 @@ static LIST_HEAD(ftrace_module_file_list); +@@ -1748,10 +1748,6 @@ static LIST_HEAD(ftrace_module_file_list); struct ftrace_module_file_ops { struct list_head list; struct module *mod; @@ -79527,7 +83304,7 @@ index 57e9b28..eebe41c 100644 }; static struct ftrace_module_file_ops * -@@ -1353,17 +1349,12 @@ trace_create_file_ops(struct module *mod) +@@ -1792,17 +1788,12 @@ trace_create_file_ops(struct module *mod) file_ops->mod = mod; @@ -79551,19 +83328,19 @@ index 57e9b28..eebe41c 100644 list_add(&file_ops->list, &ftrace_module_file_list); -@@ -1387,8 +1378,8 @@ static void trace_module_add_events(struct module *mod) - - for_each_event(call, start, end) { - __trace_add_event_call(*call, mod, -- &file_ops->id, &file_ops->enable, -- &file_ops->filter, &file_ops->format); -+ &mod->trace_id, &mod->trace_enable, -+ &mod->trace_filter, &mod->trace_format); - } +@@ -1895,8 +1886,8 @@ __trace_add_new_mod_event(struct ftrace_event_call *call, + struct ftrace_module_file_ops *file_ops) + { + return __trace_add_new_event(call, tr, +- &file_ops->id, &file_ops->enable, +- &file_ops->filter, &file_ops->format); ++ &file_ops->mod->trace_id, &file_ops->mod->trace_enable, ++ &file_ops->mod->trace_filter, &file_ops->mod->trace_format); } + #else diff --git a/kernel/trace/trace_mmiotrace.c b/kernel/trace/trace_mmiotrace.c -index fd3c8aa..5f324a6 100644 +index a5e8f48..a9690d2 100644 --- a/kernel/trace/trace_mmiotrace.c +++ b/kernel/trace/trace_mmiotrace.c @@ -24,7 +24,7 @@ struct header_iter { @@ -79581,7 +83358,7 @@ index fd3c8aa..5f324a6 100644 { - unsigned long cnt = atomic_xchg(&dropped_count, 0); + unsigned long cnt = atomic_xchg_unchecked(&dropped_count, 0); - unsigned long over = ring_buffer_overruns(iter->tr->buffer); + unsigned long over = ring_buffer_overruns(iter->trace_buffer->buffer); if (over > prev_overruns) @@ -317,7 +317,7 @@ static void __trace_mmiotrace_rw(struct trace_array *tr, @@ -79603,10 +83380,10 @@ index fd3c8aa..5f324a6 100644 } entry = ring_buffer_event_data(event); diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c -index 697e88d..1a79993 100644 +index bb922d9..2a54a257 100644 --- a/kernel/trace/trace_output.c +++ b/kernel/trace/trace_output.c -@@ -278,7 +278,7 @@ int trace_seq_path(struct trace_seq *s, const struct path *path) +@@ -294,7 +294,7 @@ int trace_seq_path(struct trace_seq *s, const struct path *path) p = d_path(path, s->buffer + s->len, PAGE_SIZE - s->len); if (!IS_ERR(p)) { @@ -79615,7 +83392,7 @@ index 697e88d..1a79993 100644 if (p) { s->len = p - s->buffer; return 1; -@@ -851,14 +851,16 @@ int register_ftrace_event(struct trace_event *event) +@@ -893,14 +893,16 @@ int register_ftrace_event(struct trace_event *event) goto out; } @@ -79650,10 +83427,32 @@ index b20428c..4845a10 100644 local_irq_save(flags); diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index e134d8f..a018cdd 100644 +index 9064b91..1f5d2f8 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c -@@ -853,7 +853,7 @@ static int userns_install(struct nsproxy *nsproxy, void *ns) +@@ -82,6 +82,21 @@ int create_user_ns(struct cred *new) + !kgid_has_mapping(parent_ns, group)) + return -EPERM; + ++#ifdef CONFIG_GRKERNSEC ++ /* ++ * This doesn't really inspire confidence: ++ * http://marc.info/?l=linux-kernel&m=135543612731939&w=2 ++ * http://marc.info/?l=linux-kernel&m=135545831607095&w=2 ++ * Increases kernel attack surface in areas developers ++ * previously cared little about ("low importance due ++ * to requiring "root" capability") ++ * To be removed when this code receives *proper* review ++ */ ++ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) || ++ !capable(CAP_SETGID)) ++ return -EPERM; ++#endif ++ + ns = kmem_cache_zalloc(user_ns_cachep, GFP_KERNEL); + if (!ns) + return -ENOMEM; +@@ -862,7 +877,7 @@ static int userns_install(struct nsproxy *nsproxy, void *ns) if (atomic_read(¤t->mm->mm_users) > 1) return -EINVAL; @@ -79676,10 +83475,10 @@ index 4f69f9a..7c6f8f8 100644 memcpy(&uts_table, table, sizeof(uts_table)); uts_table.data = get_uts(table, write); diff --git a/kernel/watchdog.c b/kernel/watchdog.c -index 4a94467..80a6f9c 100644 +index 05039e3..17490c7 100644 --- a/kernel/watchdog.c +++ b/kernel/watchdog.c -@@ -526,7 +526,7 @@ int proc_dowatchdog(struct ctl_table *table, int write, +@@ -531,7 +531,7 @@ int proc_dowatchdog(struct ctl_table *table, int write, } #endif /* CONFIG_SYSCTL */ @@ -79688,8 +83487,21 @@ index 4a94467..80a6f9c 100644 .store = &softlockup_watchdog, .thread_should_run = watchdog_should_run, .thread_fn = watchdog, +diff --git a/kernel/workqueue.c b/kernel/workqueue.c +index 6f01921..139869b 100644 +--- a/kernel/workqueue.c ++++ b/kernel/workqueue.c +@@ -4596,7 +4596,7 @@ static void rebind_workers(struct worker_pool *pool) + WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND)); + worker_flags |= WORKER_REBOUND; + worker_flags &= ~WORKER_UNBOUND; +- ACCESS_ONCE(worker->flags) = worker_flags; ++ ACCESS_ONCE_RW(worker->flags) = worker_flags; + } + + spin_unlock_irq(&pool->lock); diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug -index 28be08c..47bab92 100644 +index 74fdc5c..3310593 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -549,7 +549,7 @@ config DEBUG_MUTEXES @@ -79727,7 +83539,16 @@ index 28be08c..47bab92 100644 select FRAME_POINTER if !MIPS && !PPC && !S390 && !MICROBLAZE && !ARM_UNWIND select KALLSYMS select KALLSYMS_ALL -@@ -1310,7 +1311,7 @@ config INTERVAL_TREE_TEST +@@ -1298,7 +1299,7 @@ config ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS + config DEBUG_STRICT_USER_COPY_CHECKS + bool "Strict user copy size checks" + depends on ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS +- depends on DEBUG_KERNEL && !TRACE_BRANCH_PROFILING ++ depends on DEBUG_KERNEL && !TRACE_BRANCH_PROFILING && !PAX_SIZE_OVERFLOW + help + Enabling this option turns a certain set of sanity checks for user + copy operations into compile time failures. +@@ -1328,7 +1329,7 @@ config INTERVAL_TREE_TEST config PROVIDE_OHCI1394_DMA_INIT bool "Remote debugging over FireWire early on boot" @@ -79736,7 +83557,7 @@ index 28be08c..47bab92 100644 help If you want to debug problems which hang or crash the kernel early on boot and the crashing machine has a FireWire port, you can use -@@ -1339,7 +1340,7 @@ config PROVIDE_OHCI1394_DMA_INIT +@@ -1357,7 +1358,7 @@ config PROVIDE_OHCI1394_DMA_INIT config FIREWIRE_OHCI_REMOTE_DMA bool "Remote debugging over FireWire with firewire-ohci" @@ -79746,10 +83567,10 @@ index 28be08c..47bab92 100644 This option lets you use the FireWire bus for remote debugging with help of the firewire-ohci driver. It enables unfiltered diff --git a/lib/Makefile b/lib/Makefile -index 6e2cc56..9b13738 100644 +index c55a037..fb46e3b 100644 --- a/lib/Makefile +++ b/lib/Makefile -@@ -47,7 +47,7 @@ obj-$(CONFIG_GENERIC_HWEIGHT) += hweight.o +@@ -50,7 +50,7 @@ obj-$(CONFIG_GENERIC_HWEIGHT) += hweight.o obj-$(CONFIG_BTREE) += btree.o obj-$(CONFIG_DEBUG_PREEMPT) += smp_processor_id.o @@ -79940,9 +83761,18 @@ index bd2bea9..6b3c95e 100644 return false; diff --git a/lib/kobject.c b/lib/kobject.c -index a654866..a4fd13d 100644 +index b7e29a6..2f3ca75 100644 --- a/lib/kobject.c +++ b/lib/kobject.c +@@ -805,7 +805,7 @@ static struct kset *kset_create(const char *name, + kset = kzalloc(sizeof(*kset), GFP_KERNEL); + if (!kset) + return NULL; +- retval = kobject_set_name(&kset->kobj, name); ++ retval = kobject_set_name(&kset->kobj, "%s", name); + if (retval) { + kfree(kset); + return NULL; @@ -859,9 +859,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add); @@ -80183,8 +84013,22 @@ index d23762e..e21eab2 100644 { phys_addr_t paddr = dma_to_phys(hwdev, dev_addr); +diff --git a/lib/usercopy.c b/lib/usercopy.c +index 4f5b1dd..7cab418 100644 +--- a/lib/usercopy.c ++++ b/lib/usercopy.c +@@ -7,3 +7,9 @@ void copy_from_user_overflow(void) + WARN(1, "Buffer overflow detected!\n"); + } + EXPORT_SYMBOL(copy_from_user_overflow); ++ ++void copy_to_user_overflow(void) ++{ ++ WARN(1, "Buffer overflow detected!\n"); ++} ++EXPORT_SYMBOL(copy_to_user_overflow); diff --git a/lib/vsprintf.c b/lib/vsprintf.c -index 0d62fd7..b7bc911 100644 +index e149c64..24aa71a 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -16,6 +16,9 @@ @@ -80197,7 +84041,7 @@ index 0d62fd7..b7bc911 100644 #include #include /* for KSYM_SYMBOL_LEN */ #include -@@ -974,7 +977,11 @@ char *netdev_feature_string(char *buf, char *end, const u8 *addr, +@@ -981,7 +984,11 @@ char *netdev_feature_string(char *buf, char *end, const u8 *addr, return number(buf, end, *(const netdev_features_t *)addr, spec); } @@ -80209,16 +84053,15 @@ index 0d62fd7..b7bc911 100644 /* * Show a '%p' thing. A kernel extension is that the '%p' is followed -@@ -988,6 +995,8 @@ int kptr_restrict __read_mostly; +@@ -994,6 +1001,7 @@ int kptr_restrict __read_mostly; + * - 'f' For simple symbolic function names without offset * - 'S' For symbolic direct pointers with offset * - 's' For symbolic direct pointers without offset - * - 'B' For backtraced symbolic direct pointers with offset + * - 'A' For symbolic direct pointers with offset approved for use with GRKERNSEC_HIDESYM -+ * - 'a' For symbolic direct pointers without offset approved for use with GRKERNSEC_HIDESYM + * - '[FfSs]R' as above with __builtin_extract_return_addr() translation + * - 'B' For backtraced symbolic direct pointers with offset * - 'R' For decoded struct resource, e.g., [mem 0x0-0x1f 64bit pref] - * - 'r' For raw struct resource, e.g., [mem 0x0-0x1f flags 0x201] - * - 'M' For a 6-byte MAC address, it prints the address in the -@@ -1044,12 +1053,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -1052,12 +1060,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, if (!ptr && *fmt != 'K') { /* @@ -80233,20 +84076,20 @@ index 0d62fd7..b7bc911 100644 } switch (*fmt) { -@@ -1059,6 +1068,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -1067,6 +1075,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, /* Fallthrough */ case 'S': case 's': +#ifdef CONFIG_GRKERNSEC_HIDESYM + break; +#else -+ return symbol_string(buf, end, ptr, spec, *fmt); ++ return symbol_string(buf, end, ptr, spec, fmt); +#endif + case 'A': case 'B': - return symbol_string(buf, end, ptr, spec, *fmt); + return symbol_string(buf, end, ptr, spec, fmt); case 'R': -@@ -1099,6 +1114,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -1107,6 +1121,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, va_end(va); return buf; } @@ -80255,7 +84098,7 @@ index 0d62fd7..b7bc911 100644 case 'K': /* * %pK cannot be used in IRQ context because its test -@@ -1128,6 +1145,21 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -1136,6 +1152,21 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, return number(buf, end, (unsigned long long) *((phys_addr_t *)ptr), spec); } @@ -80277,7 +84120,7 @@ index 0d62fd7..b7bc911 100644 spec.flags |= SMALL; if (spec.field_width == -1) { spec.field_width = default_width; -@@ -1849,11 +1881,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) +@@ -1857,11 +1888,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) typeof(type) value; \ if (sizeof(type) == 8) { \ args = PTR_ALIGN(args, sizeof(u32)); \ @@ -80292,7 +84135,7 @@ index 0d62fd7..b7bc911 100644 } \ args += sizeof(type); \ value; \ -@@ -1916,7 +1948,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) +@@ -1924,7 +1955,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) case FORMAT_TYPE_STR: { const char *str_arg = args; args += strlen(str_arg) + 1; @@ -80309,10 +84152,10 @@ index 0000000..7cd6065 @@ -0,0 +1 @@ +-grsec diff --git a/mm/Kconfig b/mm/Kconfig -index 3bea74f..e821c99 100644 +index e742d06..c56fdd8 100644 --- a/mm/Kconfig +++ b/mm/Kconfig -@@ -311,10 +311,10 @@ config KSM +@@ -317,10 +317,10 @@ config KSM root has set /sys/kernel/mm/ksm/run to 1 (if CONFIG_SYSFS is set). config DEFAULT_MMAP_MIN_ADDR @@ -80326,7 +84169,7 @@ index 3bea74f..e821c99 100644 This is the portion of low virtual memory which should be protected from userspace allocation. Keeping a user from writing to low pages can help reduce the impact of kernel NULL pointer bugs. -@@ -345,7 +345,7 @@ config MEMORY_FAILURE +@@ -351,7 +351,7 @@ config MEMORY_FAILURE config HWPOISON_INJECT tristate "HWPoison pages injector" @@ -80335,11 +84178,42 @@ index 3bea74f..e821c99 100644 select PROC_PAGE_MONITOR config NOMMU_INITIAL_TRIM_EXCESS +diff --git a/mm/backing-dev.c b/mm/backing-dev.c +index 5025174..9d67dcd 100644 +--- a/mm/backing-dev.c ++++ b/mm/backing-dev.c +@@ -12,7 +12,7 @@ + #include + #include + +-static atomic_long_t bdi_seq = ATOMIC_LONG_INIT(0); ++static atomic_long_unchecked_t bdi_seq = ATOMIC_LONG_INIT(0); + + struct backing_dev_info default_backing_dev_info = { + .name = "default", +@@ -515,7 +515,6 @@ EXPORT_SYMBOL(bdi_destroy); + int bdi_setup_and_register(struct backing_dev_info *bdi, char *name, + unsigned int cap) + { +- char tmp[32]; + int err; + + bdi->name = name; +@@ -524,8 +523,7 @@ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name, + if (err) + return err; + +- sprintf(tmp, "%.28s%s", name, "-%d"); +- err = bdi_register(bdi, NULL, tmp, atomic_long_inc_return(&bdi_seq)); ++ err = bdi_register(bdi, NULL, "%.28s-%ld", name, atomic_long_inc_return_unchecked(&bdi_seq)); + if (err) { + bdi_destroy(bdi); + return err; diff --git a/mm/filemap.c b/mm/filemap.c -index e1979fd..dda5120 100644 +index 7905fe7..e60faa8 100644 --- a/mm/filemap.c +++ b/mm/filemap.c -@@ -1748,7 +1748,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) +@@ -1766,7 +1766,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) struct address_space *mapping = file->f_mapping; if (!mapping->a_ops->readpage) @@ -80348,7 +84222,7 @@ index e1979fd..dda5120 100644 file_accessed(file); vma->vm_ops = &generic_file_vm_ops; return 0; -@@ -2088,6 +2088,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i +@@ -2106,6 +2106,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i *pos = i_size_read(inode); if (limit != RLIM_INFINITY) { @@ -80401,10 +84275,10 @@ index b32b70c..e512eb0 100644 set_page_address(page, (void *)vaddr); diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 1a12f5b..a85b8fc 100644 +index 7c5eb85..5c01c2f 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c -@@ -2005,15 +2005,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, +@@ -2022,15 +2022,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, struct hstate *h = &default_hstate; unsigned long tmp; int ret; @@ -80425,7 +84299,7 @@ index 1a12f5b..a85b8fc 100644 if (ret) goto out; -@@ -2070,15 +2072,17 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, +@@ -2087,15 +2089,17 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, struct hstate *h = &default_hstate; unsigned long tmp; int ret; @@ -80446,7 +84320,7 @@ index 1a12f5b..a85b8fc 100644 if (ret) goto out; -@@ -2512,6 +2516,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2545,6 +2549,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -80474,7 +84348,7 @@ index 1a12f5b..a85b8fc 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. * Called with hugetlb_instantiation_mutex held and pte_page locked so we -@@ -2630,6 +2655,11 @@ retry_avoidcopy: +@@ -2663,6 +2688,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -80486,7 +84360,7 @@ index 1a12f5b..a85b8fc 100644 /* Make the old page be freed below */ new_page = old_page; } -@@ -2788,6 +2818,10 @@ retry: +@@ -2821,6 +2851,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -80497,7 +84371,7 @@ index 1a12f5b..a85b8fc 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page); -@@ -2817,6 +2851,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2850,6 +2884,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h = hstate_vma(vma); @@ -80508,7 +84382,7 @@ index 1a12f5b..a85b8fc 100644 address &= huge_page_mask(h); ptep = huge_pte_offset(mm, address); -@@ -2830,6 +2868,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2863,6 +2901,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(hstate_index(h)); } @@ -80536,7 +84410,7 @@ index 1a12f5b..a85b8fc 100644 if (!ptep) return VM_FAULT_OOM; diff --git a/mm/internal.h b/mm/internal.h -index 8562de0..7fdfe92 100644 +index 8562de0..92b2073 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -100,6 +100,7 @@ extern pmd_t *mm_find_pmd(struct mm_struct *mm, unsigned long address); @@ -80547,6 +84421,15 @@ index 8562de0..7fdfe92 100644 extern void prep_compound_page(struct page *page, unsigned long order); #ifdef CONFIG_MEMORY_FAILURE extern bool is_free_buddy_page(struct page *page); +@@ -355,7 +356,7 @@ extern u32 hwpoison_filter_enable; + + extern unsigned long vm_mmap_pgoff(struct file *, unsigned long, + unsigned long, unsigned long, +- unsigned long, unsigned long); ++ unsigned long, unsigned long) __intentional_overflow(-1); + + extern void set_pageblock_order(void); + unsigned long reclaim_clean_pages_from_list(struct zone *zone, diff --git a/mm/kmemleak.c b/mm/kmemleak.c index c8d7f31..2dbeffd 100644 --- a/mm/kmemleak.c @@ -80592,7 +84475,7 @@ index d53adf9..03a24bf 100644 set_fs(old_fs); diff --git a/mm/madvise.c b/mm/madvise.c -index c58c94b..86ec14e 100644 +index 7055883..aafb1ed 100644 --- a/mm/madvise.c +++ b/mm/madvise.c @@ -51,6 +51,10 @@ static long madvise_behavior(struct vm_area_struct * vma, @@ -80654,25 +84537,25 @@ index c58c94b..86ec14e 100644 return 0; } -@@ -491,6 +522,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior) +@@ -485,6 +516,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior) if (end < start) - goto out; + return error; +#ifdef CONFIG_PAX_SEGMEXEC + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) { + if (end > SEGMEXEC_TASK_SIZE) -+ goto out; ++ return error; + } else +#endif + + if (end > TASK_SIZE) -+ goto out; ++ return error; + error = 0; if (end == start) - goto out; + return error; diff --git a/mm/memory-failure.c b/mm/memory-failure.c -index df0694c..bc95539 100644 +index ceb0c7f..b2b8e94 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0; @@ -80789,10 +84672,10 @@ index df0694c..bc95539 100644 } else { pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n", diff --git a/mm/memory.c b/mm/memory.c -index ba94dec..08ffe0d 100644 +index 5a35443..7c0340f 100644 --- a/mm/memory.c +++ b/mm/memory.c -@@ -438,6 +438,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, +@@ -428,6 +428,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, free_pte_range(tlb, pmd, addr); } while (pmd++, addr = next, addr != end); @@ -80800,7 +84683,7 @@ index ba94dec..08ffe0d 100644 start &= PUD_MASK; if (start < floor) return; -@@ -452,6 +453,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, +@@ -442,6 +443,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, pmd = pmd_offset(pud, start); pud_clear(pud); pmd_free_tlb(tlb, pmd, start); @@ -80809,7 +84692,7 @@ index ba94dec..08ffe0d 100644 } static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, -@@ -471,6 +474,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, +@@ -461,6 +464,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, free_pmd_range(tlb, pud, addr, next, floor, ceiling); } while (pud++, addr = next, addr != end); @@ -80817,7 +84700,7 @@ index ba94dec..08ffe0d 100644 start &= PGDIR_MASK; if (start < floor) return; -@@ -485,6 +489,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, +@@ -475,6 +479,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, pud = pud_offset(pgd, start); pgd_clear(pgd); pud_free_tlb(tlb, pud, start); @@ -81254,7 +85137,7 @@ index ba94dec..08ffe0d 100644 if (unlikely(anon_vma_prepare(vma))) goto oom; page = alloc_zeroed_user_highpage_movable(vma, address); -@@ -3257,6 +3435,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3262,6 +3440,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, if (!pte_none(*page_table)) goto release; @@ -81266,7 +85149,7 @@ index ba94dec..08ffe0d 100644 inc_mm_counter_fast(mm, MM_ANONPAGES); page_add_new_anon_rmap(page, vma, address); setpte: -@@ -3264,6 +3447,12 @@ setpte: +@@ -3269,6 +3452,12 @@ setpte: /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -81279,7 +85162,7 @@ index ba94dec..08ffe0d 100644 unlock: pte_unmap_unlock(page_table, ptl); return 0; -@@ -3407,6 +3596,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3412,6 +3601,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, */ /* Only go through if we didn't race with anybody else... */ if (likely(pte_same(*page_table, orig_pte))) { @@ -81292,7 +85175,7 @@ index ba94dec..08ffe0d 100644 flush_icache_page(vma, page); entry = mk_pte(page, vma->vm_page_prot); if (flags & FAULT_FLAG_WRITE) -@@ -3426,6 +3621,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3431,6 +3626,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, /* no need to invalidate: a not-present page won't be cached */ update_mmu_cache(vma, address, page_table); @@ -81307,7 +85190,7 @@ index ba94dec..08ffe0d 100644 } else { if (cow_page) mem_cgroup_uncharge_page(cow_page); -@@ -3747,6 +3950,12 @@ int handle_pte_fault(struct mm_struct *mm, +@@ -3752,6 +3955,12 @@ int handle_pte_fault(struct mm_struct *mm, if (flags & FAULT_FLAG_WRITE) flush_tlb_fix_spurious_fault(vma, address); } @@ -81320,7 +85203,7 @@ index ba94dec..08ffe0d 100644 unlock: pte_unmap_unlock(pte, ptl); return 0; -@@ -3763,6 +3972,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3768,6 +3977,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, pmd_t *pmd; pte_t *pte; @@ -81331,7 +85214,7 @@ index ba94dec..08ffe0d 100644 __set_current_state(TASK_RUNNING); count_vm_event(PGFAULT); -@@ -3774,6 +3987,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3779,6 +3992,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, if (unlikely(is_vm_hugetlb_page(vma))) return hugetlb_fault(mm, vma, address, flags); @@ -81366,7 +85249,7 @@ index ba94dec..08ffe0d 100644 retry: pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); -@@ -3872,6 +4113,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) +@@ -3877,6 +4118,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -81390,7 +85273,7 @@ index ba94dec..08ffe0d 100644 #endif /* __PAGETABLE_PUD_FOLDED */ #ifndef __PAGETABLE_PMD_FOLDED -@@ -3902,6 +4160,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) +@@ -3907,6 +4165,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -81421,7 +85304,7 @@ index ba94dec..08ffe0d 100644 #endif /* __PAGETABLE_PMD_FOLDED */ #if !defined(__HAVE_ARCH_GATE_AREA) -@@ -3915,7 +4197,7 @@ static int __init gate_vma_init(void) +@@ -3920,7 +4202,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -81430,7 +85313,7 @@ index ba94dec..08ffe0d 100644 return 0; } -@@ -4049,8 +4331,8 @@ out: +@@ -4054,8 +4336,8 @@ out: return ret; } @@ -81441,7 +85324,7 @@ index ba94dec..08ffe0d 100644 { resource_size_t phys_addr; unsigned long prot = 0; -@@ -4075,8 +4357,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr, +@@ -4080,8 +4362,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr, * Access another process' address space as given in mm. If non-NULL, use the * given task for page fault accounting. */ @@ -81452,7 +85335,7 @@ index ba94dec..08ffe0d 100644 { struct vm_area_struct *vma; void *old_buf = buf; -@@ -4084,7 +4366,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -4089,7 +4371,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, down_read(&mm->mmap_sem); /* ignore errors, just check how much was successfully transferred */ while (len) { @@ -81461,7 +85344,7 @@ index ba94dec..08ffe0d 100644 void *maddr; struct page *page = NULL; -@@ -4143,8 +4425,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -4148,8 +4430,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, * * The caller must hold a reference on @mm. */ @@ -81472,7 +85355,7 @@ index ba94dec..08ffe0d 100644 { return __access_remote_vm(NULL, mm, addr, buf, len, write); } -@@ -4154,11 +4436,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, +@@ -4159,11 +4441,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, * Source/target buffer must be kernel space, * Do not walk the page table directly, use get_user_pages */ @@ -81488,7 +85371,7 @@ index ba94dec..08ffe0d 100644 mm = get_task_mm(tsk); if (!mm) diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index 7431001..0f8344e 100644 +index 4baf12e..5497066 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -708,6 +708,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, @@ -81502,11 +85385,7 @@ index 7431001..0f8344e 100644 vma = find_vma(mm, start); if (!vma || vma->vm_start > start) return -EFAULT; -@@ -744,9 +748,20 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, - if (err) - goto out; - } -+ +@@ -751,6 +755,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, err = vma_replace_policy(vma, new_pol); if (err) goto out; @@ -81523,7 +85402,7 @@ index 7431001..0f8344e 100644 } out: -@@ -1202,6 +1217,17 @@ static long do_mbind(unsigned long start, unsigned long len, +@@ -1206,6 +1220,17 @@ static long do_mbind(unsigned long start, unsigned long len, if (end < start) return -EINVAL; @@ -81541,7 +85420,7 @@ index 7431001..0f8344e 100644 if (end == start) return 0; -@@ -1430,8 +1456,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1434,8 +1459,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, */ tcred = __task_cred(task); if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && @@ -81551,7 +85430,7 @@ index 7431001..0f8344e 100644 rcu_read_unlock(); err = -EPERM; goto out_put; -@@ -1462,6 +1487,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1466,6 +1490,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, goto out; } @@ -81568,10 +85447,10 @@ index 7431001..0f8344e 100644 capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); diff --git a/mm/migrate.c b/mm/migrate.c -index 22ed5c1..87c424c 100644 +index 6f0c244..6d1ae32 100644 --- a/mm/migrate.c +++ b/mm/migrate.c -@@ -1382,8 +1382,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, +@@ -1399,8 +1399,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, */ tcred = __task_cred(task); if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && @@ -81653,18 +85532,18 @@ index 79b7cf7..9944291 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index 0dceed8..671951c 100644 +index 8d25fdc..bfb7626 100644 --- a/mm/mmap.c +++ b/mm/mmap.c -@@ -33,6 +33,7 @@ - #include - #include +@@ -36,6 +36,7 @@ #include + #include + #include +#include #include #include -@@ -49,6 +50,16 @@ +@@ -52,6 +53,16 @@ #define arch_rebalance_pgtables(addr, len) (addr) #endif @@ -81681,7 +85560,7 @@ index 0dceed8..671951c 100644 static void unmap_region(struct mm_struct *mm, struct vm_area_struct *vma, struct vm_area_struct *prev, unsigned long start, unsigned long end); -@@ -68,22 +79,32 @@ static void unmap_region(struct mm_struct *mm, +@@ -71,16 +82,25 @@ static void unmap_region(struct mm_struct *mm, * x: (no) no x: (no) yes x: (no) yes x: (yes) yes * */ @@ -81710,14 +85589,15 @@ index 0dceed8..671951c 100644 } EXPORT_SYMBOL(vm_get_page_prot); - int sysctl_overcommit_memory __read_mostly = OVERCOMMIT_GUESS; /* heuristic overcommit */ - int sysctl_overcommit_ratio __read_mostly = 50; /* default is 50% */ +@@ -89,6 +109,7 @@ int sysctl_overcommit_ratio __read_mostly = 50; /* default is 50% */ int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT; + unsigned long sysctl_user_reserve_kbytes __read_mostly = 1UL << 17; /* 128MB */ + unsigned long sysctl_admin_reserve_kbytes __read_mostly = 1UL << 13; /* 8MB */ +unsigned long sysctl_heap_stack_gap __read_mostly = 64*1024; /* * Make sure vm_committed_as in one cacheline and not cacheline shared with * other variables. It can be updated by several CPUs frequently. -@@ -239,6 +260,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) +@@ -247,6 +268,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) struct vm_area_struct *next = vma->vm_next; might_sleep(); @@ -81725,7 +85605,7 @@ index 0dceed8..671951c 100644 if (vma->vm_ops && vma->vm_ops->close) vma->vm_ops->close(vma); if (vma->vm_file) -@@ -283,6 +305,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) +@@ -291,6 +313,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) * not page aligned -Ram Gupta */ rlim = rlimit(RLIMIT_DATA); @@ -81733,7 +85613,7 @@ index 0dceed8..671951c 100644 if (rlim < RLIM_INFINITY && (brk - mm->start_brk) + (mm->end_data - mm->start_data) > rlim) goto out; -@@ -897,6 +920,12 @@ static int +@@ -933,6 +956,12 @@ static int can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -81746,7 +85626,7 @@ index 0dceed8..671951c 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { if (vma->vm_pgoff == vm_pgoff) -@@ -916,6 +945,12 @@ static int +@@ -952,6 +981,12 @@ static int can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -81759,7 +85639,7 @@ index 0dceed8..671951c 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { pgoff_t vm_pglen; -@@ -958,13 +993,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, +@@ -994,13 +1029,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct vm_area_struct *vma_merge(struct mm_struct *mm, struct vm_area_struct *prev, unsigned long addr, unsigned long end, unsigned long vm_flags, @@ -81781,7 +85661,7 @@ index 0dceed8..671951c 100644 /* * We later require that vma->vm_flags == vm_flags, * so this tests vma->vm_flags & VM_SPECIAL, too. -@@ -980,6 +1022,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1016,6 +1058,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, if (next && next->vm_end == end) /* cases 6, 7, 8 */ next = next->vm_next; @@ -81797,7 +85677,7 @@ index 0dceed8..671951c 100644 /* * Can it merge with the predecessor? */ -@@ -999,9 +1050,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1035,9 +1086,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, /* cases 1, 6 */ err = vma_adjust(prev, prev->vm_start, next->vm_end, prev->vm_pgoff, NULL); @@ -81823,7 +85703,7 @@ index 0dceed8..671951c 100644 if (err) return NULL; khugepaged_enter_vma_merge(prev); -@@ -1015,12 +1081,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1051,12 +1117,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, mpol_equal(policy, vma_policy(next)) && can_vma_merge_before(next, vm_flags, anon_vma, file, pgoff+pglen)) { @@ -81853,7 +85733,7 @@ index 0dceed8..671951c 100644 if (err) return NULL; khugepaged_enter_vma_merge(area); -@@ -1129,8 +1210,10 @@ none: +@@ -1165,8 +1246,10 @@ none: void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -81866,7 +85746,7 @@ index 0dceed8..671951c 100644 mm->total_vm += pages; -@@ -1138,7 +1221,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags, +@@ -1174,7 +1257,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags, mm->shared_vm += pages; if ((flags & (VM_EXEC|VM_WRITE)) == VM_EXEC) mm->exec_vm += pages; @@ -81875,7 +85755,7 @@ index 0dceed8..671951c 100644 mm->stack_vm += pages; } #endif /* CONFIG_PROC_FS */ -@@ -1177,7 +1260,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1213,7 +1296,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, * (the exception is when the underlying filesystem is noexec * mounted, in which case we dont add PROT_EXEC.) */ @@ -81884,7 +85764,7 @@ index 0dceed8..671951c 100644 if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC))) prot |= PROT_EXEC; -@@ -1203,7 +1286,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1239,7 +1322,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, /* Obtain the address to map to. we verify (or select) it and ensure * that it represents a valid section of the address space. */ @@ -81893,12 +85773,19 @@ index 0dceed8..671951c 100644 if (addr & ~PAGE_MASK) return addr; -@@ -1214,6 +1297,36 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1250,6 +1333,43 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; +#ifdef CONFIG_PAX_MPROTECT + if (mm->pax_flags & MF_PAX_MPROTECT) { ++ ++#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG ++ if (file && !pgoff && (vm_flags & VM_EXEC) && mm->binfmt && ++ mm->binfmt->handle_mmap) ++ mm->binfmt->handle_mmap(file); ++#endif ++ +#ifndef CONFIG_PAX_MPROTECT_COMPAT + if ((vm_flags & (VM_WRITE | VM_EXEC)) == (VM_WRITE | VM_EXEC)) { + gr_log_rwxmmap(file); @@ -81930,7 +85817,7 @@ index 0dceed8..671951c 100644 if (flags & MAP_LOCKED) if (!can_do_mlock()) return -EPERM; -@@ -1225,6 +1338,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1261,6 +1381,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; @@ -81938,7 +85825,7 @@ index 0dceed8..671951c 100644 if (locked > lock_limit && !capable(CAP_IPC_LOCK)) return -EAGAIN; } -@@ -1305,6 +1419,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1341,6 +1462,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, vm_flags |= VM_NORESERVE; } @@ -81948,7 +85835,7 @@ index 0dceed8..671951c 100644 addr = mmap_region(file, addr, len, vm_flags, pgoff); if (!IS_ERR_VALUE(addr) && ((vm_flags & VM_LOCKED) || -@@ -1396,7 +1513,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) +@@ -1432,7 +1556,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) vm_flags_t vm_flags = vma->vm_flags; /* If it was private or non-writable, the write bit is already clear */ @@ -81957,7 +85844,7 @@ index 0dceed8..671951c 100644 return 0; /* The backer wishes to know when pages are first written to? */ -@@ -1444,16 +1561,30 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1480,7 +1604,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr, unsigned long charged = 0; struct inode *inode = file ? file_inode(file) : NULL; @@ -81971,6 +85858,17 @@ index 0dceed8..671951c 100644 + */ + verify_mm_writelocked(mm); + + /* Check against address space limit. */ ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP) || (vm_flags & (VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC))) ++#endif ++ + if (!may_expand_vm(mm, len >> PAGE_SHIFT)) { + unsigned long nr_pages; + +@@ -1499,11 +1638,10 @@ unsigned long mmap_region(struct file *file, unsigned long addr, + /* Clear old maps */ error = -ENOMEM; -munmap_back: @@ -81981,16 +85879,8 @@ index 0dceed8..671951c 100644 + BUG_ON(find_vma_links(mm, addr, addr + len, &prev, &rb_link, &rb_parent)); } - /* Check against address space limit. */ -+ -+#ifdef CONFIG_PAX_RANDMMAP -+ if (!(mm->pax_flags & MF_PAX_RANDMMAP) || (vm_flags & (VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC))) -+#endif -+ - if (!may_expand_vm(mm, len >> PAGE_SHIFT)) - return -ENOMEM; - -@@ -1485,6 +1616,16 @@ munmap_back: + /* +@@ -1534,6 +1672,16 @@ munmap_back: goto unacct_error; } @@ -82007,7 +85897,7 @@ index 0dceed8..671951c 100644 vma->vm_mm = mm; vma->vm_start = addr; vma->vm_end = addr + len; -@@ -1509,6 +1650,13 @@ munmap_back: +@@ -1558,6 +1706,13 @@ munmap_back: if (error) goto unmap_and_free_vma; @@ -82021,7 +85911,7 @@ index 0dceed8..671951c 100644 /* Can addr have changed?? * * Answer: Yes, several device drivers can do it in their -@@ -1547,6 +1695,11 @@ munmap_back: +@@ -1596,6 +1751,11 @@ munmap_back: vma_link(mm, vma, prev, rb_link, rb_parent); file = vma->vm_file; @@ -82033,7 +85923,7 @@ index 0dceed8..671951c 100644 /* Once vma denies write, undo our temporary denial count */ if (correct_wcount) atomic_inc(&inode->i_writecount); -@@ -1554,6 +1707,7 @@ out: +@@ -1603,6 +1763,7 @@ out: perf_event_mmap(vma); vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); @@ -82041,7 +85931,7 @@ index 0dceed8..671951c 100644 if (vm_flags & VM_LOCKED) { if (!((vm_flags & VM_SPECIAL) || is_vm_hugetlb_page(vma) || vma == get_gate_vma(current->mm))) -@@ -1577,6 +1731,12 @@ unmap_and_free_vma: +@@ -1626,6 +1787,12 @@ unmap_and_free_vma: unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); charged = 0; free_vma: @@ -82054,15 +85944,16 @@ index 0dceed8..671951c 100644 kmem_cache_free(vm_area_cachep, vma); unacct_error: if (charged) -@@ -1584,6 +1744,62 @@ unacct_error: +@@ -1633,7 +1800,63 @@ unacct_error: return error; } +-unsigned long unmapped_area(struct vm_unmapped_area_info *info) +#ifdef CONFIG_GRKERNSEC_RAND_THREADSTACK +unsigned long gr_rand_threadstack_offset(const struct mm_struct *mm, const struct file *filp, unsigned long flags) +{ + if ((mm->pax_flags & MF_PAX_RANDMMAP) && !filp && (flags & MAP_STACK)) -+ return (random32() & 0xFF) << PAGE_SHIFT; ++ return ((prandom_u32() & 0xFF) + 1) << PAGE_SHIFT; + + return 0; +} @@ -82089,7 +85980,7 @@ index 0dceed8..671951c 100644 + return sysctl_heap_stack_gap <= vma->vm_start - addr - len; +#ifdef CONFIG_STACK_GROWSUP + else if (vma->vm_prev && (vma->vm_prev->vm_flags & VM_GROWSUP)) -+ return addr - vma->vm_prev->vm_end <= sysctl_heap_stack_gap; ++ return addr - vma->vm_prev->vm_end >= sysctl_heap_stack_gap; +#endif + else if (offset) + return offset <= vma->vm_start - addr - len; @@ -82114,10 +86005,76 @@ index 0dceed8..671951c 100644 + return -ENOMEM; +} + - unsigned long unmapped_area(struct vm_unmapped_area_info *info) ++unsigned long unmapped_area(const struct vm_unmapped_area_info *info) { /* -@@ -1803,6 +2019,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, + * We implement the search by looking for an rbtree node that +@@ -1681,11 +1904,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) + } + } + +- gap_start = vma->vm_prev ? vma->vm_prev->vm_end : 0; ++ gap_start = vma->vm_prev ? vma->vm_prev->vm_end: 0; + check_current: + /* Check if current node has a suitable gap */ + if (gap_start > high_limit) + return -ENOMEM; ++ ++ if (gap_end - gap_start > info->threadstack_offset) ++ gap_start += info->threadstack_offset; ++ else ++ gap_start = gap_end; ++ ++ if (vma->vm_prev && (vma->vm_prev->vm_flags & VM_GROWSUP)) { ++ if (gap_end - gap_start > sysctl_heap_stack_gap) ++ gap_start += sysctl_heap_stack_gap; ++ else ++ gap_start = gap_end; ++ } ++ if (vma->vm_flags & VM_GROWSDOWN) { ++ if (gap_end - gap_start > sysctl_heap_stack_gap) ++ gap_end -= sysctl_heap_stack_gap; ++ else ++ gap_end = gap_start; ++ } + if (gap_end >= low_limit && gap_end - gap_start >= length) + goto found; + +@@ -1735,7 +1976,7 @@ found: + return gap_start; + } + +-unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info) ++unsigned long unmapped_area_topdown(const struct vm_unmapped_area_info *info) + { + struct mm_struct *mm = current->mm; + struct vm_area_struct *vma; +@@ -1789,6 +2030,24 @@ check_current: + gap_end = vma->vm_start; + if (gap_end < low_limit) + return -ENOMEM; ++ ++ if (gap_end - gap_start > info->threadstack_offset) ++ gap_end -= info->threadstack_offset; ++ else ++ gap_end = gap_start; ++ ++ if (vma->vm_prev && (vma->vm_prev->vm_flags & VM_GROWSUP)) { ++ if (gap_end - gap_start > sysctl_heap_stack_gap) ++ gap_start += sysctl_heap_stack_gap; ++ else ++ gap_start = gap_end; ++ } ++ if (vma->vm_flags & VM_GROWSDOWN) { ++ if (gap_end - gap_start > sysctl_heap_stack_gap) ++ gap_end -= sysctl_heap_stack_gap; ++ else ++ gap_end = gap_start; ++ } + if (gap_start <= high_limit && gap_end - gap_start >= length) + goto found; + +@@ -1852,6 +2111,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, struct mm_struct *mm = current->mm; struct vm_area_struct *vma; struct vm_unmapped_area_info info; @@ -82125,7 +86082,7 @@ index 0dceed8..671951c 100644 if (len > TASK_SIZE) return -ENOMEM; -@@ -1810,29 +2027,45 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1859,29 +2119,45 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (flags & MAP_FIXED) return addr; @@ -82174,7 +86131,7 @@ index 0dceed8..671951c 100644 mm->free_area_cache = addr; } -@@ -1850,6 +2083,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1899,6 +2175,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, struct mm_struct *mm = current->mm; unsigned long addr = addr0; struct vm_unmapped_area_info info; @@ -82182,7 +86139,7 @@ index 0dceed8..671951c 100644 /* requested length too big for entire address space */ if (len > TASK_SIZE) -@@ -1858,12 +2092,15 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1907,12 +2184,15 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (flags & MAP_FIXED) return addr; @@ -82200,7 +86157,7 @@ index 0dceed8..671951c 100644 return addr; } -@@ -1872,6 +2109,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1921,6 +2201,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, info.low_limit = PAGE_SIZE; info.high_limit = mm->mmap_base; info.align_mask = 0; @@ -82208,7 +86165,7 @@ index 0dceed8..671951c 100644 addr = vm_unmapped_area(&info); /* -@@ -1884,6 +2122,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1933,6 +2214,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, VM_BUG_ON(addr != -ENOMEM); info.flags = 0; info.low_limit = TASK_UNMAPPED_BASE; @@ -82221,7 +86178,7 @@ index 0dceed8..671951c 100644 info.high_limit = TASK_SIZE; addr = vm_unmapped_area(&info); } -@@ -1894,6 +2138,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1943,6 +2230,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) { @@ -82234,7 +86191,7 @@ index 0dceed8..671951c 100644 /* * Is this a new hole at the highest possible address? */ -@@ -1901,8 +2151,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) +@@ -1950,8 +2243,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) mm->free_area_cache = addr; /* dont allow allocations above current base */ @@ -82246,7 +86203,7 @@ index 0dceed8..671951c 100644 } unsigned long -@@ -2001,6 +2253,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, +@@ -2047,6 +2342,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, return vma; } @@ -82275,7 +86232,7 @@ index 0dceed8..671951c 100644 /* * Verify that the stack growth is acceptable and * update accounting. This is shared with both the -@@ -2017,6 +2291,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2063,6 +2380,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns return -ENOMEM; /* Stack limit test */ @@ -82283,7 +86240,7 @@ index 0dceed8..671951c 100644 if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) return -ENOMEM; -@@ -2027,6 +2302,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2073,6 +2391,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns locked = mm->locked_vm + grow; limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); limit >>= PAGE_SHIFT; @@ -82291,7 +86248,7 @@ index 0dceed8..671951c 100644 if (locked > limit && !capable(CAP_IPC_LOCK)) return -ENOMEM; } -@@ -2056,37 +2332,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2102,37 +2421,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns * PA-RISC uses this for its stack; IA64 for its Register Backing Store. * vma is the last one with address > vma->vm_end. Have to extend vma. */ @@ -82349,7 +86306,7 @@ index 0dceed8..671951c 100644 unsigned long size, grow; size = address - vma->vm_start; -@@ -2121,6 +2408,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) +@@ -2167,6 +2497,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) } } } @@ -82358,7 +86315,7 @@ index 0dceed8..671951c 100644 vma_unlock_anon_vma(vma); khugepaged_enter_vma_merge(vma); validate_mm(vma->vm_mm); -@@ -2135,6 +2424,8 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2181,6 +2513,8 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address) { int error; @@ -82367,7 +86324,7 @@ index 0dceed8..671951c 100644 /* * We must make sure the anon_vma is allocated -@@ -2148,6 +2439,15 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2194,6 +2528,15 @@ int expand_downwards(struct vm_area_struct *vma, if (error) return error; @@ -82383,7 +86340,7 @@ index 0dceed8..671951c 100644 vma_lock_anon_vma(vma); /* -@@ -2157,9 +2457,17 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2203,9 +2546,17 @@ int expand_downwards(struct vm_area_struct *vma, */ /* Somebody else might have raced and expanded it already */ @@ -82402,11 +86359,10 @@ index 0dceed8..671951c 100644 size = vma->vm_end - address; grow = (vma->vm_start - address) >> PAGE_SHIFT; -@@ -2184,6 +2492,18 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2230,13 +2581,27 @@ int expand_downwards(struct vm_area_struct *vma, vma->vm_pgoff -= grow; anon_vma_interval_tree_post_update_vma(vma); vma_gap_update(vma); -+ track_exec_limit(vma->vm_mm, vma->vm_start, vma->vm_end, vma->vm_flags); + +#ifdef CONFIG_PAX_SEGMEXEC + if (vma_m) { @@ -82420,8 +86376,18 @@ index 0dceed8..671951c 100644 + spin_unlock(&vma->vm_mm->page_table_lock); ++ track_exec_limit(vma->vm_mm, vma->vm_start, vma->vm_end, vma->vm_flags); perf_event_mmap(vma); -@@ -2288,6 +2608,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) + } + } + } + vma_unlock_anon_vma(vma); ++ if (lockprev) ++ vma_unlock_anon_vma(prev); + khugepaged_enter_vma_merge(vma); + validate_mm(vma->vm_mm); + return error; +@@ -2334,6 +2699,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) do { long nrpages = vma_pages(vma); @@ -82435,7 +86401,7 @@ index 0dceed8..671951c 100644 if (vma->vm_flags & VM_ACCOUNT) nr_accounted += nrpages; vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); -@@ -2333,6 +2660,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2379,6 +2751,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, insertion_point = (prev ? &prev->vm_next : &mm->mmap); vma->vm_prev = NULL; do { @@ -82452,7 +86418,7 @@ index 0dceed8..671951c 100644 vma_rb_erase(vma, &mm->mm_rb); mm->map_count--; tail_vma = vma; -@@ -2364,14 +2701,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2410,14 +2792,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct *new; int err = -ENOMEM; @@ -82486,7 +86452,7 @@ index 0dceed8..671951c 100644 /* most fields are the same, copy all, and then fixup */ *new = *vma; -@@ -2384,6 +2740,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2430,6 +2831,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); } @@ -82509,7 +86475,7 @@ index 0dceed8..671951c 100644 pol = mpol_dup(vma_policy(vma)); if (IS_ERR(pol)) { err = PTR_ERR(pol); -@@ -2406,6 +2778,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2452,6 +2869,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, else err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); @@ -82546,7 +86512,7 @@ index 0dceed8..671951c 100644 /* Success. */ if (!err) return 0; -@@ -2415,10 +2817,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2461,10 +2908,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_ops->close(new); if (new->vm_file) fput(new->vm_file); @@ -82566,7 +86532,7 @@ index 0dceed8..671951c 100644 kmem_cache_free(vm_area_cachep, new); out_err: return err; -@@ -2431,6 +2841,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2477,6 +2932,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, int new_below) { @@ -82582,7 +86548,7 @@ index 0dceed8..671951c 100644 if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; -@@ -2442,11 +2861,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2488,11 +2952,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, * work. This now handles partial unmappings. * Jeremy Fitzhardinge */ @@ -82613,7 +86579,7 @@ index 0dceed8..671951c 100644 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) return -EINVAL; -@@ -2521,6 +2959,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +@@ -2567,6 +3050,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) /* Fix up all other VM information */ remove_vma_list(mm, vma); @@ -82622,7 +86588,7 @@ index 0dceed8..671951c 100644 return 0; } -@@ -2529,6 +2969,13 @@ int vm_munmap(unsigned long start, size_t len) +@@ -2575,6 +3060,13 @@ int vm_munmap(unsigned long start, size_t len) int ret; struct mm_struct *mm = current->mm; @@ -82636,7 +86602,7 @@ index 0dceed8..671951c 100644 down_write(&mm->mmap_sem); ret = do_munmap(mm, start, len); up_write(&mm->mmap_sem); -@@ -2542,16 +2989,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) +@@ -2588,16 +3080,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) return vm_munmap(addr, len); } @@ -82653,7 +86619,7 @@ index 0dceed8..671951c 100644 /* * this is really a simplified "do_mmap". it only handles * anonymous maps. eventually we may be able to do some -@@ -2565,6 +3002,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2611,6 +3093,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) struct rb_node ** rb_link, * rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; @@ -82661,7 +86627,7 @@ index 0dceed8..671951c 100644 len = PAGE_ALIGN(len); if (!len) -@@ -2572,16 +3010,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2618,16 +3101,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; @@ -82693,7 +86659,7 @@ index 0dceed8..671951c 100644 locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; -@@ -2598,21 +3050,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2644,21 +3141,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) /* * Clear old maps. this also does some error checking for us */ @@ -82718,7 +86684,7 @@ index 0dceed8..671951c 100644 return -ENOMEM; /* Can we just expand an old private anonymous mapping? */ -@@ -2626,7 +3077,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2672,7 +3168,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) */ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); if (!vma) { @@ -82727,7 +86693,7 @@ index 0dceed8..671951c 100644 return -ENOMEM; } -@@ -2640,9 +3091,10 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2686,9 +3182,10 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) vma_link(mm, vma, prev, rb_link, rb_parent); out: perf_event_mmap(vma); @@ -82740,7 +86706,7 @@ index 0dceed8..671951c 100644 return addr; } -@@ -2704,6 +3156,7 @@ void exit_mmap(struct mm_struct *mm) +@@ -2750,6 +3247,7 @@ void exit_mmap(struct mm_struct *mm) while (vma) { if (vma->vm_flags & VM_ACCOUNT) nr_accounted += vma_pages(vma); @@ -82748,7 +86714,7 @@ index 0dceed8..671951c 100644 vma = remove_vma(vma); } vm_unacct_memory(nr_accounted); -@@ -2720,6 +3173,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2766,6 +3264,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) struct vm_area_struct *prev; struct rb_node **rb_link, *rb_parent; @@ -82762,7 +86728,7 @@ index 0dceed8..671951c 100644 /* * The vm_pgoff of a purely anonymous vma should be irrelevant * until its first write fault, when page's anon_vma and index -@@ -2743,7 +3203,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2789,7 +3294,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) security_vm_enough_memory_mm(mm, vma_pages(vma))) return -ENOMEM; @@ -82784,7 +86750,7 @@ index 0dceed8..671951c 100644 return 0; } -@@ -2763,6 +3237,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2809,6 +3328,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, struct mempolicy *pol; bool faulted_in_anon_vma = true; @@ -82793,7 +86759,7 @@ index 0dceed8..671951c 100644 /* * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. -@@ -2829,6 +3305,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2875,6 +3396,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, return NULL; } @@ -82833,7 +86799,7 @@ index 0dceed8..671951c 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2840,6 +3349,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) +@@ -2886,6 +3440,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; @@ -82841,7 +86807,7 @@ index 0dceed8..671951c 100644 if (cur + npages > lim) return 0; return 1; -@@ -2910,6 +3420,22 @@ int install_special_mapping(struct mm_struct *mm, +@@ -2956,6 +3511,22 @@ int install_special_mapping(struct mm_struct *mm, vma->vm_start = addr; vma->vm_end = addr + len; @@ -82865,7 +86831,7 @@ index 0dceed8..671951c 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); diff --git a/mm/mprotect.c b/mm/mprotect.c -index 94722a4..07d9926 100644 +index 94722a4..e661e29 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -23,10 +23,18 @@ @@ -83076,7 +87042,7 @@ index 94722a4..07d9926 100644 /* newflags >> 4 shift VM_MAY% in place of VM_% */ if ((newflags & ~(newflags >> 4)) & (VM_READ | VM_WRITE | VM_EXEC)) { + if (prot & (PROT_WRITE | PROT_EXEC)) -+ gr_log_rwxmprotect(vma->vm_file); ++ gr_log_rwxmprotect(vma); + + error = -EACCES; + goto out; @@ -83204,18 +87170,18 @@ index 463a257..c0c7a92 100644 out: if (ret & ~PAGE_MASK) diff --git a/mm/nommu.c b/mm/nommu.c -index e001768..9b52b30 100644 +index 298884d..5f74980 100644 --- a/mm/nommu.c +++ b/mm/nommu.c -@@ -63,7 +63,6 @@ int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */ - int sysctl_overcommit_ratio = 50; /* default is 50% */ - int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT; +@@ -65,7 +65,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT; int sysctl_nr_trim_pages = CONFIG_NOMMU_INITIAL_TRIM_EXCESS; + unsigned long sysctl_user_reserve_kbytes __read_mostly = 1UL << 17; /* 128MB */ + unsigned long sysctl_admin_reserve_kbytes __read_mostly = 1UL << 13; /* 8MB */ -int heap_stack_gap = 0; atomic_long_t mmap_pages_allocated; -@@ -841,15 +840,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) +@@ -842,15 +841,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) EXPORT_SYMBOL(find_vma); /* @@ -83231,7 +87197,7 @@ index e001768..9b52b30 100644 * expand a stack to a given address * - not supported under NOMMU conditions */ -@@ -1560,6 +1550,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -1561,6 +1551,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, /* most fields are the same, copy all, and then fixup */ *new = *vma; @@ -83239,7 +87205,7 @@ index e001768..9b52b30 100644 *region = *vma->vm_region; new->vm_region = region; -@@ -1992,8 +1983,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr, +@@ -1995,8 +1986,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr, } EXPORT_SYMBOL(generic_file_remap_pages); @@ -83250,7 +87216,7 @@ index e001768..9b52b30 100644 { struct vm_area_struct *vma; -@@ -2034,8 +2025,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -2037,8 +2028,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, * * The caller must hold a reference on @mm. */ @@ -83261,7 +87227,7 @@ index e001768..9b52b30 100644 { return __access_remote_vm(NULL, mm, addr, buf, len, write); } -@@ -2044,7 +2035,7 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, +@@ -2047,7 +2038,7 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, * Access another process' address space. * - source/target buffer must be kernel space */ @@ -83271,7 +87237,7 @@ index e001768..9b52b30 100644 struct mm_struct *mm; diff --git a/mm/page-writeback.c b/mm/page-writeback.c -index efe6814..64b4701 100644 +index 4514ad7..92eaa1c 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -659,7 +659,7 @@ unsigned long bdi_dirty_limit(struct backing_dev_info *bdi, unsigned long dirty) @@ -83293,18 +87259,18 @@ index efe6814..64b4701 100644 .next = NULL, }; diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 8fcced7..ebcd481 100644 +index 2ee0fd3..6e2edfb 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c -@@ -59,6 +59,7 @@ - #include +@@ -60,6 +60,7 @@ #include + #include #include +#include #include #include -@@ -344,7 +345,7 @@ out: +@@ -345,7 +346,7 @@ out: * This usage means that zero-order pages may not be compound. */ @@ -83313,7 +87279,7 @@ index 8fcced7..ebcd481 100644 { __free_pages_ok(page, compound_order(page)); } -@@ -701,6 +702,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -702,6 +703,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) int i; int bad = 0; @@ -83324,7 +87290,7 @@ index 8fcced7..ebcd481 100644 trace_mm_page_free(page, order); kmemcheck_free_shadow(page, order); -@@ -716,6 +721,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -717,6 +722,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) debug_check_no_obj_freed(page_address(page), PAGE_SIZE << order); } @@ -83337,7 +87303,7 @@ index 8fcced7..ebcd481 100644 arch_free_page(page, order); kernel_map_pages(page, 1 << order, 0); -@@ -738,6 +749,19 @@ static void __free_pages_ok(struct page *page, unsigned int order) +@@ -739,6 +750,19 @@ static void __free_pages_ok(struct page *page, unsigned int order) local_irq_restore(flags); } @@ -83357,7 +87323,7 @@ index 8fcced7..ebcd481 100644 /* * Read access to zone->managed_pages is safe because it's unsigned long, * but we still need to serialize writers. Currently all callers of -@@ -760,6 +784,19 @@ void __meminit __free_pages_bootmem(struct page *page, unsigned int order) +@@ -761,6 +785,19 @@ void __meminit __free_pages_bootmem(struct page *page, unsigned int order) set_page_count(p, 0); } @@ -83377,7 +87343,7 @@ index 8fcced7..ebcd481 100644 page_zone(page)->managed_pages += 1 << order; set_page_refcounted(page); __free_pages(page, order); -@@ -869,8 +906,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) +@@ -870,8 +907,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) arch_alloc_page(page, order); kernel_map_pages(page, 1 << order, 1); @@ -83389,10 +87355,10 @@ index 8fcced7..ebcd481 100644 if (order && (gfp_flags & __GFP_COMP)) prep_compound_page(page, order); diff --git a/mm/page_io.c b/mm/page_io.c -index 6182870..4bba6a2 100644 +index a8a3ef4..7260a60 100644 --- a/mm/page_io.c +++ b/mm/page_io.c -@@ -205,7 +205,7 @@ int swap_writepage(struct page *page, struct writeback_control *wbc) +@@ -214,7 +214,7 @@ int __swap_writepage(struct page *page, struct writeback_control *wbc, struct file *swap_file = sis->swap_file; struct address_space *mapping = swap_file->f_mapping; struct iovec iov = { @@ -83466,7 +87432,7 @@ index fd26d04..0cea1b0 100644 if (!mm || IS_ERR(mm)) { rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; diff --git a/mm/rmap.c b/mm/rmap.c -index 807c96b..0e05279 100644 +index 6280da8..b5c090e 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -163,6 +163,10 @@ int anon_vma_prepare(struct vm_area_struct *vma) @@ -83555,20 +87521,33 @@ index 807c96b..0e05279 100644 { struct anon_vma_chain *avc; struct anon_vma *anon_vma; +@@ -373,8 +407,10 @@ static void anon_vma_ctor(void *data) + void __init anon_vma_init(void) + { + anon_vma_cachep = kmem_cache_create("anon_vma", sizeof(struct anon_vma), +- 0, SLAB_DESTROY_BY_RCU|SLAB_PANIC, anon_vma_ctor); +- anon_vma_chain_cachep = KMEM_CACHE(anon_vma_chain, SLAB_PANIC); ++ 0, SLAB_DESTROY_BY_RCU|SLAB_PANIC|SLAB_NO_SANITIZE, ++ anon_vma_ctor); ++ anon_vma_chain_cachep = KMEM_CACHE(anon_vma_chain, ++ SLAB_PANIC|SLAB_NO_SANITIZE); + } + + /* diff --git a/mm/shmem.c b/mm/shmem.c -index 1c44af7..cefe9a6 100644 +index 5e6a842..b41916e 100644 --- a/mm/shmem.c +++ b/mm/shmem.c -@@ -31,7 +31,7 @@ - #include +@@ -33,7 +33,7 @@ #include + #include -static struct vfsmount *shm_mnt; +struct vfsmount *shm_mnt; #ifdef CONFIG_SHMEM /* -@@ -75,7 +75,7 @@ static struct vfsmount *shm_mnt; +@@ -77,7 +77,7 @@ static struct vfsmount *shm_mnt; #define BOGO_DIRENT_SIZE 20 /* Symlink up to this size is kmalloc'ed instead of using a swappable page */ @@ -83577,7 +87556,7 @@ index 1c44af7..cefe9a6 100644 /* * shmem_fallocate and shmem_writepage communicate via inode->i_private -@@ -2201,6 +2201,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { +@@ -2203,6 +2203,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { static int shmem_xattr_validate(const char *name) { struct { const char *prefix; size_t len; } arr[] = { @@ -83589,7 +87568,7 @@ index 1c44af7..cefe9a6 100644 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN }, { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN } }; -@@ -2256,6 +2261,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, +@@ -2258,6 +2263,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, if (err) return err; @@ -83605,7 +87584,7 @@ index 1c44af7..cefe9a6 100644 return simple_xattr_set(&info->xattrs, name, value, size, flags); } -@@ -2568,8 +2582,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) +@@ -2570,8 +2584,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) int err = -ENOMEM; /* Round up to L1_CACHE_BYTES to resist false sharing */ @@ -83616,19 +87595,10 @@ index 1c44af7..cefe9a6 100644 return -ENOMEM; diff --git a/mm/slab.c b/mm/slab.c -index 856e4a1..fafb820 100644 +index bd88411..2d46fd6 100644 --- a/mm/slab.c +++ b/mm/slab.c -@@ -306,7 +306,7 @@ struct kmem_list3 { - * Need this for bootstrapping a per node allocator. - */ - #define NUM_INIT_LISTS (3 * MAX_NUMNODES) --static struct kmem_list3 __initdata initkmem_list3[NUM_INIT_LISTS]; -+static struct kmem_list3 initkmem_list3[NUM_INIT_LISTS]; - #define CACHE_CACHE 0 - #define SIZE_AC MAX_NUMNODES - #define SIZE_L3 (2 * MAX_NUMNODES) -@@ -407,10 +407,10 @@ static void kmem_list3_init(struct kmem_list3 *parent) +@@ -366,10 +366,12 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent) if ((x)->max_freeable < i) \ (x)->max_freeable = i; \ } while (0) @@ -83640,10 +87610,21 @@ index 856e4a1..fafb820 100644 +#define STATS_INC_ALLOCMISS(x) atomic_inc_unchecked(&(x)->allocmiss) +#define STATS_INC_FREEHIT(x) atomic_inc_unchecked(&(x)->freehit) +#define STATS_INC_FREEMISS(x) atomic_inc_unchecked(&(x)->freemiss) ++#define STATS_INC_SANITIZED(x) atomic_inc_unchecked(&(x)->sanitized) ++#define STATS_INC_NOT_SANITIZED(x) atomic_inc_unchecked(&(x)->not_sanitized) #else #define STATS_INC_ACTIVE(x) do { } while (0) #define STATS_DEC_ACTIVE(x) do { } while (0) -@@ -518,7 +518,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct slab *slab, +@@ -386,6 +388,8 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent) + #define STATS_INC_ALLOCMISS(x) do { } while (0) + #define STATS_INC_FREEHIT(x) do { } while (0) + #define STATS_INC_FREEMISS(x) do { } while (0) ++#define STATS_INC_SANITIZED(x) do { } while (0) ++#define STATS_INC_NOT_SANITIZED(x) do { } while (0) + #endif + + #if DEBUG +@@ -477,7 +481,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct slab *slab, * reciprocal_divide(offset, cache->reciprocal_buffer_size) */ static inline unsigned int obj_to_index(const struct kmem_cache *cache, @@ -83652,36 +87633,7 @@ index 856e4a1..fafb820 100644 { u32 offset = (obj - slab->s_mem); return reciprocal_divide(offset, cache->reciprocal_buffer_size); -@@ -539,12 +539,13 @@ EXPORT_SYMBOL(malloc_sizes); - struct cache_names { - char *name; - char *name_dma; -+ char *name_usercopy; - }; - - static struct cache_names __initdata cache_names[] = { --#define CACHE(x) { .name = "size-" #x, .name_dma = "size-" #x "(DMA)" }, -+#define CACHE(x) { .name = "size-" #x, .name_dma = "size-" #x "(DMA)", .name_usercopy = "size-" #x "(USERCOPY)" }, - #include -- {NULL,} -+ {NULL} - #undef CACHE - }; - -@@ -729,6 +730,12 @@ static inline struct kmem_cache *__find_general_cachep(size_t size, - if (unlikely(gfpflags & GFP_DMA)) - return csizep->cs_dmacachep; - #endif -+ -+#ifdef CONFIG_PAX_USERCOPY_SLABS -+ if (unlikely(gfpflags & GFP_USERCOPY)) -+ return csizep->cs_usercopycachep; -+#endif -+ - return csizep->cs_cachep; - } - -@@ -1482,7 +1489,7 @@ static int __cpuinit cpuup_callback(struct notifier_block *nfb, +@@ -1384,7 +1388,7 @@ static int __cpuinit cpuup_callback(struct notifier_block *nfb, return notifier_from_errno(err); } @@ -83690,44 +87642,44 @@ index 856e4a1..fafb820 100644 &cpuup_callback, NULL, 0 }; -@@ -1667,12 +1674,12 @@ void __init kmem_cache_init(void) +@@ -1565,12 +1569,12 @@ void __init kmem_cache_init(void) */ - sizes[INDEX_AC].cs_cachep = create_kmalloc_cache(names[INDEX_AC].name, -- sizes[INDEX_AC].cs_size, ARCH_KMALLOC_FLAGS); -+ sizes[INDEX_AC].cs_size, ARCH_KMALLOC_FLAGS|SLAB_USERCOPY); + kmalloc_caches[INDEX_AC] = create_kmalloc_cache("kmalloc-ac", +- kmalloc_size(INDEX_AC), ARCH_KMALLOC_FLAGS); ++ kmalloc_size(INDEX_AC), SLAB_USERCOPY | ARCH_KMALLOC_FLAGS); - if (INDEX_AC != INDEX_L3) - sizes[INDEX_L3].cs_cachep = - create_kmalloc_cache(names[INDEX_L3].name, -- sizes[INDEX_L3].cs_size, ARCH_KMALLOC_FLAGS); -+ sizes[INDEX_L3].cs_size, ARCH_KMALLOC_FLAGS|SLAB_USERCOPY); + if (INDEX_AC != INDEX_NODE) + kmalloc_caches[INDEX_NODE] = + create_kmalloc_cache("kmalloc-node", +- kmalloc_size(INDEX_NODE), ARCH_KMALLOC_FLAGS); ++ kmalloc_size(INDEX_NODE), SLAB_USERCOPY | ARCH_KMALLOC_FLAGS); slab_early_init = 0; -@@ -1686,13 +1693,20 @@ void __init kmem_cache_init(void) - */ - if (!sizes->cs_cachep) - sizes->cs_cachep = create_kmalloc_cache(names->name, -- sizes->cs_size, ARCH_KMALLOC_FLAGS); -+ sizes->cs_size, ARCH_KMALLOC_FLAGS|SLAB_USERCOPY); +@@ -3583,6 +3587,21 @@ static inline void __cache_free(struct kmem_cache *cachep, void *objp, + struct array_cache *ac = cpu_cache_get(cachep); - #ifdef CONFIG_ZONE_DMA - sizes->cs_dmacachep = create_kmalloc_cache( - names->name_dma, sizes->cs_size, - SLAB_CACHE_DMA|ARCH_KMALLOC_FLAGS); - #endif + check_irq_off(); + -+#ifdef CONFIG_PAX_USERCOPY_SLABS -+ sizes->cs_usercopycachep = create_kmalloc_cache( -+ names->name_usercopy, sizes->cs_size, -+ ARCH_KMALLOC_FLAGS|SLAB_USERCOPY); ++#ifdef CONFIG_PAX_MEMORY_SANITIZE ++ if (pax_sanitize_slab) { ++ if (!(cachep->flags & (SLAB_POISON | SLAB_NO_SANITIZE))) { ++ memset(objp, PAX_MEMORY_SANITIZE_VALUE, cachep->object_size); ++ ++ if (cachep->ctor) ++ cachep->ctor(objp); ++ ++ STATS_INC_SANITIZED(cachep); ++ } else ++ STATS_INC_NOT_SANITIZED(cachep); ++ } +#endif + - sizes++; - names++; - } -@@ -3924,6 +3938,7 @@ void kfree(const void *objp) + kmemleak_free_recursive(objp, cachep->flags); + objp = cache_free_debugcheck(cachep, objp, caller); + +@@ -3800,6 +3819,7 @@ void kfree(const void *objp) if (unlikely(ZERO_OR_NULL_PTR(objp))) return; @@ -83735,7 +87687,7 @@ index 856e4a1..fafb820 100644 local_irq_save(flags); kfree_debugcheck(objp); c = virt_to_cache(objp); -@@ -4365,10 +4380,10 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep) +@@ -4241,14 +4261,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep) } /* cpu stats */ { @@ -83750,7 +87702,19 @@ index 856e4a1..fafb820 100644 seq_printf(m, " : cpustat %6lu %6lu %6lu %6lu", allochit, allocmiss, freehit, freemiss); -@@ -4600,13 +4615,71 @@ static const struct file_operations proc_slabstats_operations = { + } ++#ifdef CONFIG_PAX_MEMORY_SANITIZE ++ { ++ unsigned long sanitized = atomic_read_unchecked(&cachep->sanitized); ++ unsigned long not_sanitized = atomic_read_unchecked(&cachep->not_sanitized); ++ ++ seq_printf(m, " : pax %6lu %6lu", sanitized, not_sanitized); ++ } ++#endif + #endif + } + +@@ -4476,13 +4504,71 @@ static const struct file_operations proc_slabstats_operations = { static int __init slab_proc_init(void) { #ifdef CONFIG_DEBUG_SLAB_LEAK @@ -83824,19 +87788,36 @@ index 856e4a1..fafb820 100644 * ksize - get the actual amount of memory allocated for a given object * @objp: Pointer to the object diff --git a/mm/slab.h b/mm/slab.h -index 34a98d6..73633d1 100644 +index f96b49e..db1d204 100644 --- a/mm/slab.h +++ b/mm/slab.h -@@ -58,7 +58,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size, +@@ -32,6 +32,15 @@ extern struct list_head slab_caches; + /* The slab cache that manages slab cache information */ + extern struct kmem_cache *kmem_cache; + ++#ifdef CONFIG_PAX_MEMORY_SANITIZE ++#ifdef CONFIG_X86_64 ++#define PAX_MEMORY_SANITIZE_VALUE '\xfe' ++#else ++#define PAX_MEMORY_SANITIZE_VALUE '\xff' ++#endif ++extern bool pax_sanitize_slab; ++#endif ++ + unsigned long calculate_alignment(unsigned long flags, + unsigned long align, unsigned long size); + +@@ -67,7 +76,8 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size, /* Legal flag mask for kmem_cache_create(), for various configurations */ #define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | SLAB_PANIC | \ - SLAB_DESTROY_BY_RCU | SLAB_DEBUG_OBJECTS ) -+ SLAB_DESTROY_BY_RCU | SLAB_DEBUG_OBJECTS | SLAB_USERCOPY) ++ SLAB_DESTROY_BY_RCU | SLAB_DEBUG_OBJECTS | \ ++ SLAB_USERCOPY | SLAB_NO_SANITIZE) #if defined(CONFIG_DEBUG_SLAB) #define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER) -@@ -220,6 +220,9 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x) +@@ -229,6 +239,9 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x) return s; page = virt_to_head_page(x); @@ -83847,10 +87828,10 @@ index 34a98d6..73633d1 100644 if (slab_equal_or_root(cachep, s)) return cachep; diff --git a/mm/slab_common.c b/mm/slab_common.c -index 3f3cd97..93b0236 100644 +index 2d41450..4efe6ee 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c -@@ -22,7 +22,7 @@ +@@ -22,11 +22,22 @@ #include "slab.h" @@ -83859,7 +87840,22 @@ index 3f3cd97..93b0236 100644 LIST_HEAD(slab_caches); DEFINE_MUTEX(slab_mutex); struct kmem_cache *kmem_cache; -@@ -209,7 +209,7 @@ kmem_cache_create_memcg(struct mem_cgroup *memcg, const char *name, size_t size, + ++#ifdef CONFIG_PAX_MEMORY_SANITIZE ++bool pax_sanitize_slab __read_only = true; ++static int __init pax_sanitize_slab_setup(char *str) ++{ ++ pax_sanitize_slab = !!simple_strtol(str, NULL, 0); ++ printk("%sabled PaX slab sanitization\n", pax_sanitize_slab ? "En" : "Dis"); ++ return 1; ++} ++__setup("pax_sanitize_slab=", pax_sanitize_slab_setup); ++#endif ++ + #ifdef CONFIG_DEBUG_VM + static int kmem_cache_sanity_check(struct mem_cgroup *memcg, const char *name, + size_t size) +@@ -209,7 +220,7 @@ kmem_cache_create_memcg(struct mem_cgroup *memcg, const char *name, size_t size, err = __kmem_cache_create(s, flags); if (!err) { @@ -83868,7 +87864,7 @@ index 3f3cd97..93b0236 100644 list_add(&s->list, &slab_caches); memcg_cache_list_add(memcg, s); } else { -@@ -255,8 +255,7 @@ void kmem_cache_destroy(struct kmem_cache *s) +@@ -255,8 +266,7 @@ void kmem_cache_destroy(struct kmem_cache *s) get_online_cpus(); mutex_lock(&slab_mutex); @@ -83878,8 +87874,8 @@ index 3f3cd97..93b0236 100644 list_del(&s->list); if (!__kmem_cache_shutdown(s)) { -@@ -302,7 +301,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz - panic("Creation of kmalloc slab %s size=%zd failed. Reason %d\n", +@@ -302,7 +312,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz + panic("Creation of kmalloc slab %s size=%zu failed. Reason %d\n", name, size, err); - s->refcount = -1; /* Exempt from merging for now */ @@ -83887,7 +87883,7 @@ index 3f3cd97..93b0236 100644 } struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size, -@@ -315,7 +314,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size, +@@ -315,7 +325,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size, create_boot_cache(s, name, size, flags); list_add(&s->list, &slab_caches); @@ -83896,8 +87892,90 @@ index 3f3cd97..93b0236 100644 return s; } +@@ -327,6 +337,11 @@ struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1]; + EXPORT_SYMBOL(kmalloc_dma_caches); + #endif + ++#ifdef CONFIG_PAX_USERCOPY_SLABS ++struct kmem_cache *kmalloc_usercopy_caches[KMALLOC_SHIFT_HIGH + 1]; ++EXPORT_SYMBOL(kmalloc_usercopy_caches); ++#endif ++ + /* + * Conversion table for small slabs sizes / 8 to the index in the + * kmalloc array. This is necessary for slabs < 192 since we have non power +@@ -391,6 +406,13 @@ struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags) + return kmalloc_dma_caches[index]; + + #endif ++ ++#ifdef CONFIG_PAX_USERCOPY_SLABS ++ if (unlikely((flags & GFP_USERCOPY))) ++ return kmalloc_usercopy_caches[index]; ++ ++#endif ++ + return kmalloc_caches[index]; + } + +@@ -447,7 +469,7 @@ void __init create_kmalloc_caches(unsigned long flags) + for (i = KMALLOC_SHIFT_LOW; i <= KMALLOC_SHIFT_HIGH; i++) { + if (!kmalloc_caches[i]) { + kmalloc_caches[i] = create_kmalloc_cache(NULL, +- 1 << i, flags); ++ 1 << i, SLAB_USERCOPY | flags); + } + + /* +@@ -456,10 +478,10 @@ void __init create_kmalloc_caches(unsigned long flags) + * earlier power of two caches + */ + if (KMALLOC_MIN_SIZE <= 32 && !kmalloc_caches[1] && i == 6) +- kmalloc_caches[1] = create_kmalloc_cache(NULL, 96, flags); ++ kmalloc_caches[1] = create_kmalloc_cache(NULL, 96, SLAB_USERCOPY | flags); + + if (KMALLOC_MIN_SIZE <= 64 && !kmalloc_caches[2] && i == 7) +- kmalloc_caches[2] = create_kmalloc_cache(NULL, 192, flags); ++ kmalloc_caches[2] = create_kmalloc_cache(NULL, 192, SLAB_USERCOPY | flags); + } + + /* Kmalloc array is now usable */ +@@ -492,6 +514,23 @@ void __init create_kmalloc_caches(unsigned long flags) + } + } + #endif ++ ++#ifdef CONFIG_PAX_USERCOPY_SLABS ++ for (i = 0; i <= KMALLOC_SHIFT_HIGH; i++) { ++ struct kmem_cache *s = kmalloc_caches[i]; ++ ++ if (s) { ++ int size = kmalloc_size(i); ++ char *n = kasprintf(GFP_NOWAIT, ++ "usercopy-kmalloc-%d", size); ++ ++ BUG_ON(!n); ++ kmalloc_usercopy_caches[i] = create_kmalloc_cache(n, ++ size, SLAB_USERCOPY | flags); ++ } ++ } ++#endif ++ + } + #endif /* !CONFIG_SLOB */ + +@@ -516,6 +555,9 @@ void print_slabinfo_header(struct seq_file *m) + seq_puts(m, " : globalstat " + " "); + seq_puts(m, " : cpustat "); ++#ifdef CONFIG_PAX_MEMORY_SANITIZE ++ seq_puts(m, " : pax "); ++#endif + #endif + seq_putc(m, '\n'); + } diff --git a/mm/slob.c b/mm/slob.c -index eeed4a0..6ee34ec 100644 +index eeed4a0..bb0e9ab 100644 --- a/mm/slob.c +++ b/mm/slob.c @@ -157,7 +157,7 @@ static void set_slob(slob_t *s, slobidx_t size, slob_t *next) @@ -83952,7 +88030,7 @@ index eeed4a0..6ee34ec 100644 current->reclaim_state->reclaimed_slab += 1 << order; - free_pages((unsigned long)b, order); + __ClearPageSlab(sp); -+ reset_page_mapcount(sp); ++ page_mapcount_reset(sp); + sp->private = 0; + __free_pages(sp, order); } @@ -83978,7 +88056,7 @@ index eeed4a0..6ee34ec 100644 INIT_LIST_HEAD(&sp->list); set_slob(b, SLOB_UNITS(PAGE_SIZE), b + SLOB_UNITS(PAGE_SIZE)); set_slob_page_free(sp, slob_list); -@@ -359,9 +363,7 @@ static void slob_free(void *block, int size) +@@ -359,12 +363,15 @@ static void slob_free(void *block, int size) if (slob_page_free(sp)) clear_slob_page_free(sp); spin_unlock_irqrestore(&slob_lock, flags); @@ -83989,7 +88067,15 @@ index eeed4a0..6ee34ec 100644 return; } -@@ -424,11 +426,10 @@ out: ++#ifdef CONFIG_PAX_MEMORY_SANITIZE ++ if (pax_sanitize_slab) ++ memset(block, PAX_MEMORY_SANITIZE_VALUE, size); ++#endif ++ + if (!slob_page_free(sp)) { + /* This slob page is about to become partially free. Easy! */ + sp->units = units; +@@ -424,11 +431,10 @@ out: */ static __always_inline void * @@ -84004,7 +88090,7 @@ index eeed4a0..6ee34ec 100644 gfp &= gfp_allowed_mask; -@@ -442,23 +443,41 @@ __do_kmalloc_node(size_t size, gfp_t gfp, int node, unsigned long caller) +@@ -442,23 +448,41 @@ __do_kmalloc_node(size_t size, gfp_t gfp, int node, unsigned long caller) if (!m) return NULL; @@ -84049,7 +88135,7 @@ index eeed4a0..6ee34ec 100644 return ret; } -@@ -493,34 +512,112 @@ void kfree(const void *block) +@@ -493,34 +517,112 @@ void kfree(const void *block) return; kmemleak_free(block); @@ -84066,7 +88152,7 @@ index eeed4a0..6ee34ec 100644 + slob_free(m, m[0].units + align); + } else { + __ClearPageSlab(sp); -+ reset_page_mapcount(sp); ++ page_mapcount_reset(sp); + sp->private = 0; __free_pages(sp, compound_order(sp)); + } @@ -84171,7 +88257,7 @@ index eeed4a0..6ee34ec 100644 } EXPORT_SYMBOL(ksize); -@@ -536,23 +633,33 @@ int __kmem_cache_create(struct kmem_cache *c, unsigned long flags) +@@ -536,23 +638,33 @@ int __kmem_cache_create(struct kmem_cache *c, unsigned long flags) void *kmem_cache_alloc_node(struct kmem_cache *c, gfp_t flags, int node) { @@ -84207,7 +88293,7 @@ index eeed4a0..6ee34ec 100644 if (c->ctor) c->ctor(b); -@@ -564,10 +671,14 @@ EXPORT_SYMBOL(kmem_cache_alloc_node); +@@ -564,10 +676,14 @@ EXPORT_SYMBOL(kmem_cache_alloc_node); static void __kmem_cache_free(void *b, int size) { @@ -84224,7 +88310,7 @@ index eeed4a0..6ee34ec 100644 } static void kmem_rcu_free(struct rcu_head *head) -@@ -580,17 +691,31 @@ static void kmem_rcu_free(struct rcu_head *head) +@@ -580,17 +696,31 @@ static void kmem_rcu_free(struct rcu_head *head) void kmem_cache_free(struct kmem_cache *c, void *b) { @@ -84260,10 +88346,10 @@ index eeed4a0..6ee34ec 100644 EXPORT_SYMBOL(kmem_cache_free); diff --git a/mm/slub.c b/mm/slub.c -index 4aec537..a64753d 100644 +index 57707f0..7857bd3 100644 --- a/mm/slub.c +++ b/mm/slub.c -@@ -197,7 +197,7 @@ struct track { +@@ -198,7 +198,7 @@ struct track { enum track_item { TRACK_ALLOC, TRACK_FREE }; @@ -84272,7 +88358,7 @@ index 4aec537..a64753d 100644 static int sysfs_slab_add(struct kmem_cache *); static int sysfs_slab_alias(struct kmem_cache *, const char *); static void sysfs_slab_remove(struct kmem_cache *); -@@ -518,7 +518,7 @@ static void print_track(const char *s, struct track *t) +@@ -519,7 +519,7 @@ static void print_track(const char *s, struct track *t) if (!t->addr) return; @@ -84281,7 +88367,22 @@ index 4aec537..a64753d 100644 s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid); #ifdef CONFIG_STACKTRACE { -@@ -2653,7 +2653,7 @@ static int slub_min_objects; +@@ -2594,6 +2594,14 @@ static __always_inline void slab_free(struct kmem_cache *s, + + slab_free_hook(s, x); + ++#ifdef CONFIG_PAX_MEMORY_SANITIZE ++ if (pax_sanitize_slab && !(s->flags & SLAB_NO_SANITIZE)) { ++ memset(x, PAX_MEMORY_SANITIZE_VALUE, s->object_size); ++ if (s->ctor) ++ s->ctor(x); ++ } ++#endif ++ + redo: + /* + * Determine the currently cpus per cpu slab. +@@ -2661,7 +2669,7 @@ static int slub_min_objects; * Merge control. If this is set then no merging of slab caches will occur. * (Could be removed. This was introduced to pacify the merge skeptics.) */ @@ -84290,32 +88391,17 @@ index 4aec537..a64753d 100644 /* * Calculate the order of allocation given an slab object size. -@@ -3181,6 +3181,10 @@ EXPORT_SYMBOL(kmalloc_caches); - static struct kmem_cache *kmalloc_dma_caches[SLUB_PAGE_SHIFT]; - #endif - -+#ifdef CONFIG_PAX_USERCOPY_SLABS -+static struct kmem_cache *kmalloc_usercopy_caches[SLUB_PAGE_SHIFT]; -+#endif -+ - static int __init setup_slub_min_order(char *str) - { - get_option(&str, &slub_min_order); -@@ -3272,6 +3276,13 @@ static struct kmem_cache *get_slab(size_t size, gfp_t flags) - return kmalloc_dma_caches[index]; +@@ -2938,6 +2946,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) + s->inuse = size; - #endif -+ -+#ifdef CONFIG_PAX_USERCOPY_SLABS -+ if (flags & SLAB_USERCOPY) -+ return kmalloc_usercopy_caches[index]; -+ + if (((flags & (SLAB_DESTROY_BY_RCU | SLAB_POISON)) || ++#ifdef CONFIG_PAX_MEMORY_SANITIZE ++ (pax_sanitize_slab && !(flags & SLAB_NO_SANITIZE)) || +#endif -+ - return kmalloc_caches[index]; - } - -@@ -3340,6 +3351,59 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) + s->ctor)) { + /* + * Relocate free pointer after the object if it is not +@@ -3283,6 +3294,59 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) EXPORT_SYMBOL(__kmalloc_node); #endif @@ -84375,7 +88461,7 @@ index 4aec537..a64753d 100644 size_t ksize(const void *object) { struct page *page; -@@ -3404,6 +3468,7 @@ void kfree(const void *x) +@@ -3347,6 +3411,7 @@ void kfree(const void *x) if (unlikely(ZERO_OR_NULL_PTR(x))) return; @@ -84383,51 +88469,7 @@ index 4aec537..a64753d 100644 page = virt_to_head_page(x); if (unlikely(!PageSlab(page))) { BUG_ON(!PageCompound(page)); -@@ -3712,17 +3777,17 @@ void __init kmem_cache_init(void) - - /* Caches that are not of the two-to-the-power-of size */ - if (KMALLOC_MIN_SIZE <= 32) { -- kmalloc_caches[1] = create_kmalloc_cache("kmalloc-96", 96, 0); -+ kmalloc_caches[1] = create_kmalloc_cache("kmalloc-96", 96, SLAB_USERCOPY); - caches++; - } - - if (KMALLOC_MIN_SIZE <= 64) { -- kmalloc_caches[2] = create_kmalloc_cache("kmalloc-192", 192, 0); -+ kmalloc_caches[2] = create_kmalloc_cache("kmalloc-192", 192, SLAB_USERCOPY); - caches++; - } - - for (i = KMALLOC_SHIFT_LOW; i < SLUB_PAGE_SHIFT; i++) { -- kmalloc_caches[i] = create_kmalloc_cache("kmalloc", 1 << i, 0); -+ kmalloc_caches[i] = create_kmalloc_cache("kmalloc", 1 << i, SLAB_USERCOPY); - caches++; - } - -@@ -3764,6 +3829,22 @@ void __init kmem_cache_init(void) - } - } - #endif -+ -+#ifdef CONFIG_PAX_USERCOPY_SLABS -+ for (i = 0; i < SLUB_PAGE_SHIFT; i++) { -+ struct kmem_cache *s = kmalloc_caches[i]; -+ -+ if (s && s->size) { -+ char *name = kasprintf(GFP_NOWAIT, -+ "usercopy-kmalloc-%d", s->object_size); -+ -+ BUG_ON(!name); -+ kmalloc_usercopy_caches[i] = create_kmalloc_cache(name, -+ s->object_size, SLAB_USERCOPY); -+ } -+ } -+#endif -+ - printk(KERN_INFO - "SLUB: Genslabs=%d, HWalign=%d, Order=%d-%d, MinObjects=%d," - " CPUs=%d, Nodes=%d\n", -@@ -3790,7 +3871,7 @@ static int slab_unmergeable(struct kmem_cache *s) +@@ -3652,7 +3717,7 @@ static int slab_unmergeable(struct kmem_cache *s) /* * We may have set a slab to be unmergeable during bootstrap. */ @@ -84436,7 +88478,7 @@ index 4aec537..a64753d 100644 return 1; return 0; -@@ -3848,7 +3929,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size, +@@ -3710,7 +3775,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size, s = find_mergeable(memcg, size, align, flags, name, ctor); if (s) { @@ -84445,7 +88487,7 @@ index 4aec537..a64753d 100644 /* * Adjust the object sizes so that we clear * the complete object on kzalloc. -@@ -3857,7 +3938,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size, +@@ -3719,7 +3784,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size, s->inuse = max_t(int, s->inuse, ALIGN(size, sizeof(void *))); if (sysfs_slab_alias(s, name)) { @@ -84454,7 +88496,7 @@ index 4aec537..a64753d 100644 s = NULL; } } -@@ -3919,7 +4000,7 @@ static int __cpuinit slab_cpuup_callback(struct notifier_block *nfb, +@@ -3781,7 +3846,7 @@ static int __cpuinit slab_cpuup_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -84463,7 +88505,7 @@ index 4aec537..a64753d 100644 .notifier_call = slab_cpuup_callback }; -@@ -3977,7 +4058,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, +@@ -3839,7 +3904,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, } #endif @@ -84472,7 +88514,7 @@ index 4aec537..a64753d 100644 static int count_inuse(struct page *page) { return page->inuse; -@@ -4364,12 +4445,12 @@ static void resiliency_test(void) +@@ -4226,12 +4291,12 @@ static void resiliency_test(void) validate_slab_cache(kmalloc_caches[9]); } #else @@ -84487,7 +88529,7 @@ index 4aec537..a64753d 100644 enum slab_stat_type { SL_ALL, /* All slabs */ SL_PARTIAL, /* Only partially allocated slabs */ -@@ -4613,7 +4694,7 @@ SLAB_ATTR_RO(ctor); +@@ -4475,7 +4540,7 @@ SLAB_ATTR_RO(ctor); static ssize_t aliases_show(struct kmem_cache *s, char *buf) { @@ -84496,7 +88538,32 @@ index 4aec537..a64753d 100644 } SLAB_ATTR_RO(aliases); -@@ -5266,6 +5347,7 @@ static char *create_unique_id(struct kmem_cache *s) +@@ -4563,6 +4628,14 @@ static ssize_t cache_dma_show(struct kmem_cache *s, char *buf) + SLAB_ATTR_RO(cache_dma); + #endif + ++#ifdef CONFIG_PAX_USERCOPY_SLABS ++static ssize_t usercopy_show(struct kmem_cache *s, char *buf) ++{ ++ return sprintf(buf, "%d\n", !!(s->flags & SLAB_USERCOPY)); ++} ++SLAB_ATTR_RO(usercopy); ++#endif ++ + static ssize_t destroy_by_rcu_show(struct kmem_cache *s, char *buf) + { + return sprintf(buf, "%d\n", !!(s->flags & SLAB_DESTROY_BY_RCU)); +@@ -4897,6 +4970,9 @@ static struct attribute *slab_attrs[] = { + #ifdef CONFIG_ZONE_DMA + &cache_dma_attr.attr, + #endif ++#ifdef CONFIG_PAX_USERCOPY_SLABS ++ &usercopy_attr.attr, ++#endif + #ifdef CONFIG_NUMA + &remote_node_defrag_ratio_attr.attr, + #endif +@@ -5128,6 +5204,7 @@ static char *create_unique_id(struct kmem_cache *s) return name; } @@ -84504,7 +88571,16 @@ index 4aec537..a64753d 100644 static int sysfs_slab_add(struct kmem_cache *s) { int err; -@@ -5323,6 +5405,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) +@@ -5151,7 +5228,7 @@ static int sysfs_slab_add(struct kmem_cache *s) + } + + s->kobj.kset = slab_kset; +- err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, name); ++ err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, "%s", name); + if (err) { + kobject_put(&s->kobj); + return err; +@@ -5185,6 +5262,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) kobject_del(&s->kobj); kobject_put(&s->kobj); } @@ -84512,7 +88588,7 @@ index 4aec537..a64753d 100644 /* * Need to buffer aliases during bootup until sysfs becomes -@@ -5336,6 +5419,7 @@ struct saved_alias { +@@ -5198,6 +5276,7 @@ struct saved_alias { static struct saved_alias *alias_list; @@ -84520,7 +88596,7 @@ index 4aec537..a64753d 100644 static int sysfs_slab_alias(struct kmem_cache *s, const char *name) { struct saved_alias *al; -@@ -5358,6 +5442,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) +@@ -5220,6 +5299,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) alias_list = al; return 0; } @@ -84529,10 +88605,10 @@ index 4aec537..a64753d 100644 static int __init slab_sysfs_init(void) { diff --git a/mm/sparse-vmemmap.c b/mm/sparse-vmemmap.c -index 1b7e22a..3fcd4f3 100644 +index 27eeab3..7c3f7f2 100644 --- a/mm/sparse-vmemmap.c +++ b/mm/sparse-vmemmap.c -@@ -128,7 +128,7 @@ pud_t * __meminit vmemmap_pud_populate(pgd_t *pgd, unsigned long addr, int node) +@@ -130,7 +130,7 @@ pud_t * __meminit vmemmap_pud_populate(pgd_t *pgd, unsigned long addr, int node) void *p = vmemmap_alloc_block(PAGE_SIZE, node); if (!p) return NULL; @@ -84541,7 +88617,7 @@ index 1b7e22a..3fcd4f3 100644 } return pud; } -@@ -140,7 +140,7 @@ pgd_t * __meminit vmemmap_pgd_populate(unsigned long addr, int node) +@@ -142,7 +142,7 @@ pgd_t * __meminit vmemmap_pgd_populate(unsigned long addr, int node) void *p = vmemmap_alloc_block(PAGE_SIZE, node); if (!p) return NULL; @@ -84551,10 +88627,10 @@ index 1b7e22a..3fcd4f3 100644 return pgd; } diff --git a/mm/sparse.c b/mm/sparse.c -index 7ca6dc8..6472aa1 100644 +index 1c91f0d3..485470a 100644 --- a/mm/sparse.c +++ b/mm/sparse.c -@@ -783,7 +783,7 @@ static void clear_hwpoisoned_pages(struct page *memmap, int nr_pages) +@@ -761,7 +761,7 @@ static void clear_hwpoisoned_pages(struct page *memmap, int nr_pages) for (i = 0; i < PAGES_PER_SECTION; i++) { if (PageHWPoison(&memmap[i])) { @@ -84564,18 +88640,18 @@ index 7ca6dc8..6472aa1 100644 } } diff --git a/mm/swap.c b/mm/swap.c -index 8a529a0..154ef26 100644 +index dfd7d71..ccdf688 100644 --- a/mm/swap.c +++ b/mm/swap.c -@@ -30,6 +30,7 @@ - #include +@@ -31,6 +31,7 @@ #include #include + #include +#include #include "internal.h" -@@ -72,6 +73,8 @@ static void __put_compound_page(struct page *page) +@@ -73,6 +74,8 @@ static void __put_compound_page(struct page *page) __page_cache_release(page); dtor = get_compound_page_dtor(page); @@ -84585,7 +88661,7 @@ index 8a529a0..154ef26 100644 } diff --git a/mm/swapfile.c b/mm/swapfile.c -index a1f7772..9e982ac 100644 +index 746af55b..7ac94ae 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -66,7 +66,7 @@ static DEFINE_MUTEX(swapon_mutex); @@ -84597,7 +88673,7 @@ index a1f7772..9e982ac 100644 static inline unsigned char swap_count(unsigned char ent) { -@@ -1683,7 +1683,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) +@@ -1684,7 +1684,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) } filp_close(swap_file, NULL); err = 0; @@ -84606,7 +88682,7 @@ index a1f7772..9e982ac 100644 wake_up_interruptible(&proc_poll_wait); out_dput: -@@ -1700,8 +1700,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait) +@@ -1701,8 +1701,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait) poll_wait(file, &proc_poll_wait, wait); @@ -84617,7 +88693,7 @@ index a1f7772..9e982ac 100644 return POLLIN | POLLRDNORM | POLLERR | POLLPRI; } -@@ -1799,7 +1799,7 @@ static int swaps_open(struct inode *inode, struct file *file) +@@ -1800,7 +1800,7 @@ static int swaps_open(struct inode *inode, struct file *file) return ret; seq = file->private_data; @@ -84626,7 +88702,7 @@ index a1f7772..9e982ac 100644 return 0; } -@@ -2142,7 +2142,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) +@@ -2143,7 +2143,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) (frontswap_map) ? "FS" : ""); mutex_unlock(&swapon_mutex); @@ -84653,17 +88729,17 @@ index ab1424d..7c5bd5a 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 0f751f2..ef398a0 100644 +index d365724..6cae7c2 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c -@@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) +@@ -59,8 +59,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) pte = pte_offset_kernel(pmd, addr); do { - pte_t ptent = ptep_get_and_clear(&init_mm, addr, pte); - WARN_ON(!pte_none(ptent) && !pte_present(ptent)); + -+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) + if ((unsigned long)MODULES_EXEC_VADDR <= addr && addr < (unsigned long)MODULES_EXEC_END) { + BUG_ON(!pte_exec(*pte)); + set_pte_at(&init_mm, addr, pte, pfn_pte(__pa(addr) >> PAGE_SHIFT, PAGE_KERNEL_EXEC)); @@ -84678,7 +88754,7 @@ index 0f751f2..ef398a0 100644 } while (pte++, addr += PAGE_SIZE, addr != end); } -@@ -100,16 +111,29 @@ static int vmap_pte_range(pmd_t *pmd, unsigned long addr, +@@ -120,16 +131,29 @@ static int vmap_pte_range(pmd_t *pmd, unsigned long addr, pte = pte_alloc_kernel(pmd, addr); if (!pte) return -ENOMEM; @@ -84688,7 +88764,7 @@ index 0f751f2..ef398a0 100644 struct page *page = pages[*nr]; - if (WARN_ON(!pte_none(*pte))) -+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) + if (pgprot_val(prot) & _PAGE_NX) +#endif + @@ -84710,7 +88786,7 @@ index 0f751f2..ef398a0 100644 return 0; } -@@ -119,7 +143,7 @@ static int vmap_pmd_range(pud_t *pud, unsigned long addr, +@@ -139,7 +163,7 @@ static int vmap_pmd_range(pud_t *pud, unsigned long addr, pmd_t *pmd; unsigned long next; @@ -84719,7 +88795,7 @@ index 0f751f2..ef398a0 100644 if (!pmd) return -ENOMEM; do { -@@ -136,7 +160,7 @@ static int vmap_pud_range(pgd_t *pgd, unsigned long addr, +@@ -156,7 +180,7 @@ static int vmap_pud_range(pgd_t *pgd, unsigned long addr, pud_t *pud; unsigned long next; @@ -84728,14 +88804,7 @@ index 0f751f2..ef398a0 100644 if (!pud) return -ENOMEM; do { -@@ -191,11 +215,20 @@ int is_vmalloc_or_module_addr(const void *x) - * and fall back on vmalloc() if that fails. Others - * just put it in the vmalloc space. - */ --#if defined(CONFIG_MODULES) && defined(MODULES_VADDR) -+#ifdef CONFIG_MODULES -+#ifdef MODULES_VADDR - unsigned long addr = (unsigned long)x; +@@ -216,6 +240,12 @@ int is_vmalloc_or_module_addr(const void *x) if (addr >= MODULES_VADDR && addr < MODULES_END) return 1; #endif @@ -84744,13 +88813,11 @@ index 0f751f2..ef398a0 100644 + if (x >= (const void *)MODULES_EXEC_VADDR && x < (const void *)MODULES_EXEC_END) + return 1; +#endif -+ -+#endif + return is_vmalloc_addr(x); } -@@ -216,8 +249,14 @@ struct page *vmalloc_to_page(const void *vmalloc_addr) +@@ -236,8 +266,14 @@ struct page *vmalloc_to_page(const void *vmalloc_addr) if (!pgd_none(*pgd)) { pud_t *pud = pud_offset(pgd, addr); @@ -84765,7 +88832,7 @@ index 0f751f2..ef398a0 100644 if (!pmd_none(*pmd)) { pte_t *ptep, pte; -@@ -329,7 +368,7 @@ static void purge_vmap_area_lazy(void); +@@ -339,7 +375,7 @@ static void purge_vmap_area_lazy(void); * Allocate a region of KVA of the specified size and alignment, within the * vstart and vend. */ @@ -84774,12 +88841,12 @@ index 0f751f2..ef398a0 100644 unsigned long align, unsigned long vstart, unsigned long vend, int node, gfp_t gfp_mask) -@@ -1328,6 +1367,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, +@@ -1337,6 +1373,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, struct vm_struct *area; BUG_ON(in_interrupt()); + -+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) + if (flags & VM_KERNEXEC) { + if (start != VMALLOC_START || end != VMALLOC_END) + return NULL; @@ -84791,11 +88858,11 @@ index 0f751f2..ef398a0 100644 if (flags & VM_IOREMAP) { int bit = fls(size); -@@ -1569,6 +1618,11 @@ void *vmap(struct page **pages, unsigned int count, +@@ -1581,6 +1627,11 @@ void *vmap(struct page **pages, unsigned int count, if (count > totalram_pages) return NULL; -+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) + if (!(pgprot_val(prot) & _PAGE_NX)) + flags |= VM_KERNEXEC; +#endif @@ -84803,11 +88870,11 @@ index 0f751f2..ef398a0 100644 area = get_vm_area_caller((count << PAGE_SHIFT), flags, __builtin_return_address(0)); if (!area) -@@ -1670,6 +1724,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, +@@ -1682,6 +1733,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, if (!size || (size >> PAGE_SHIFT) > totalram_pages) goto fail; -+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) + if (!(pgprot_val(prot) & _PAGE_NX)) + area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST | VM_KERNEXEC, + VMALLOC_START, VMALLOC_END, node, gfp_mask, caller); @@ -84817,7 +88884,7 @@ index 0f751f2..ef398a0 100644 area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST, start, end, node, gfp_mask, caller); if (!area) -@@ -1845,10 +1906,9 @@ EXPORT_SYMBOL(vzalloc_node); +@@ -1858,10 +1916,9 @@ EXPORT_SYMBOL(vzalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -84829,7 +88896,7 @@ index 0f751f2..ef398a0 100644 NUMA_NO_NODE, __builtin_return_address(0)); } -@@ -2139,6 +2199,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, +@@ -2168,6 +2225,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, unsigned long uaddr = vma->vm_start; unsigned long usize = vma->vm_end - vma->vm_start; @@ -84838,7 +88905,7 @@ index 0f751f2..ef398a0 100644 if ((PAGE_SIZE-1) & (unsigned long)addr) return -EINVAL; -@@ -2578,7 +2640,11 @@ static int s_show(struct seq_file *m, void *p) +@@ -2629,7 +2688,11 @@ static int s_show(struct seq_file *m, void *p) v->addr, v->addr + v->size, v->size); if (v->caller) @@ -84851,10 +88918,10 @@ index 0f751f2..ef398a0 100644 if (v->nr_pages) seq_printf(m, " pages=%d", v->nr_pages); diff --git a/mm/vmstat.c b/mm/vmstat.c -index e1d8ed1..253fa3c 100644 +index f42745e..62f8346 100644 --- a/mm/vmstat.c +++ b/mm/vmstat.c -@@ -78,7 +78,7 @@ void vm_events_fold_cpu(int cpu) +@@ -76,7 +76,7 @@ void vm_events_fold_cpu(int cpu) * * vm_stat contains the global counters */ @@ -84863,7 +88930,7 @@ index e1d8ed1..253fa3c 100644 EXPORT_SYMBOL(vm_stat); #ifdef CONFIG_SMP -@@ -454,7 +454,7 @@ void refresh_cpu_vm_stats(int cpu) +@@ -452,7 +452,7 @@ void refresh_cpu_vm_stats(int cpu) v = p->vm_stat_diff[i]; p->vm_stat_diff[i] = 0; local_irq_restore(flags); @@ -84872,7 +88939,7 @@ index e1d8ed1..253fa3c 100644 global_diff[i] += v; #ifdef CONFIG_NUMA /* 3 seconds idle till flush */ -@@ -492,7 +492,7 @@ void refresh_cpu_vm_stats(int cpu) +@@ -490,7 +490,7 @@ void refresh_cpu_vm_stats(int cpu) for (i = 0; i < NR_VM_ZONE_STAT_ITEMS; i++) if (global_diff[i]) @@ -84880,8 +88947,8 @@ index e1d8ed1..253fa3c 100644 + atomic_long_add_unchecked(global_diff[i], &vm_stat[i]); } - void drain_zonestat(struct zone *zone, struct per_cpu_pageset *pset) -@@ -503,8 +503,8 @@ void drain_zonestat(struct zone *zone, struct per_cpu_pageset *pset) + /* +@@ -505,8 +505,8 @@ void drain_zonestat(struct zone *zone, struct per_cpu_pageset *pset) if (pset->vm_stat_diff[i]) { int v = pset->vm_stat_diff[i]; pset->vm_stat_diff[i] = 0; @@ -84892,7 +88959,7 @@ index e1d8ed1..253fa3c 100644 } } #endif -@@ -1224,7 +1224,7 @@ static int __cpuinit vmstat_cpuup_callback(struct notifier_block *nfb, +@@ -1226,7 +1226,7 @@ static int __cpuinit vmstat_cpuup_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -84901,7 +88968,7 @@ index e1d8ed1..253fa3c 100644 { &vmstat_cpuup_callback, NULL, 0 }; #endif -@@ -1239,10 +1239,20 @@ static int __init setup_vmstat(void) +@@ -1241,10 +1241,20 @@ static int __init setup_vmstat(void) start_cpu_timer(cpu); #endif #ifdef CONFIG_PROC_FS @@ -84927,24 +88994,10 @@ index e1d8ed1..253fa3c 100644 return 0; } diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c -index 85addcd..c429a13 100644 +index 9424f37..6aabf19 100644 --- a/net/8021q/vlan.c +++ b/net/8021q/vlan.c -@@ -114,6 +114,13 @@ void unregister_vlan_dev(struct net_device *dev, struct list_head *head) - if (vlan_id) - vlan_vid_del(real_dev, vlan_id); - -+ /* Take it out of our own structures, but be sure to interlock with -+ * HW accelerating devices or SW vlan input packet processing if -+ * VLAN is not 0 (leave it there for 802.1p). -+ */ -+ if (vlan_id) -+ vlan_vid_del(real_dev, vlan_id); -+ - /* Get rid of the vlan's reference to real_dev */ - dev_put(real_dev); - } -@@ -496,7 +503,7 @@ out: +@@ -469,7 +469,7 @@ out: return NOTIFY_DONE; } @@ -84953,7 +89006,7 @@ index 85addcd..c429a13 100644 .notifier_call = vlan_device_event, }; -@@ -571,8 +578,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) +@@ -544,8 +544,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) err = -EPERM; if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) break; @@ -85039,7 +89092,7 @@ index 876fbe8..8bbea9f 100644 #undef __HANDLE_ITEM } diff --git a/net/atm/lec.h b/net/atm/lec.h -index a86aff9..3a0d6f6 100644 +index 4149db1..f2ab682 100644 --- a/net/atm/lec.h +++ b/net/atm/lec.h @@ -48,7 +48,7 @@ struct lane2_ops { @@ -85052,7 +89105,7 @@ index a86aff9..3a0d6f6 100644 /* * ATM LAN Emulation supports both LLC & Dix Ethernet EtherType diff --git a/net/atm/proc.c b/net/atm/proc.c -index 6ac35ff..ac0e136 100644 +index bbb6461..cf04016 100644 --- a/net/atm/proc.c +++ b/net/atm/proc.c @@ -45,9 +45,9 @@ static void add_stats(struct seq_file *seq, const char *aal, @@ -85104,10 +89157,10 @@ index d5744b7..506bae3 100644 table = kmemdup(ax25_param_table, sizeof(ax25_param_table), GFP_KERNEL); if (!table) diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c -index a5bb0a7..e1d8b97 100644 +index f680ee1..97e3542 100644 --- a/net/batman-adv/bat_iv_ogm.c +++ b/net/batman-adv/bat_iv_ogm.c -@@ -63,7 +63,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface) +@@ -79,7 +79,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface) /* randomize initial seqno to avoid collision */ get_random_bytes(&random_seqno, sizeof(random_seqno)); @@ -85116,7 +89169,7 @@ index a5bb0a7..e1d8b97 100644 hard_iface->bat_iv.ogm_buff_len = BATADV_OGM_HLEN; ogm_buff = kmalloc(hard_iface->bat_iv.ogm_buff_len, GFP_ATOMIC); -@@ -611,9 +611,9 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface) +@@ -627,9 +627,9 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface) batadv_ogm_packet = (struct batadv_ogm_packet *)(*ogm_buff); /* change sequence number to network order */ @@ -85128,7 +89181,7 @@ index a5bb0a7..e1d8b97 100644 batadv_ogm_packet->ttvn = atomic_read(&bat_priv->tt.vn); batadv_ogm_packet->tt_crc = htons(bat_priv->tt.local_crc); -@@ -1013,7 +1013,7 @@ static void batadv_iv_ogm_process(const struct ethhdr *ethhdr, +@@ -1037,7 +1037,7 @@ static void batadv_iv_ogm_process(const struct ethhdr *ethhdr, return; /* could be changed by schedule_own_packet() */ @@ -85137,11 +89190,94 @@ index a5bb0a7..e1d8b97 100644 if (batadv_ogm_packet->flags & BATADV_DIRECTLINK) has_directlink_flag = 1; +diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c +index de27b31..7058bfe 100644 +--- a/net/batman-adv/bridge_loop_avoidance.c ++++ b/net/batman-adv/bridge_loop_avoidance.c +@@ -1522,6 +1522,8 @@ out: + * in these cases, the skb is further handled by this function and + * returns 1, otherwise it returns 0 and the caller shall further + * process the skb. ++ * ++ * This call might reallocate skb data. + */ + int batadv_bla_tx(struct batadv_priv *bat_priv, struct sk_buff *skb, short vid) + { +diff --git a/net/batman-adv/gateway_client.c b/net/batman-adv/gateway_client.c +index f105219..7614af3 100644 +--- a/net/batman-adv/gateway_client.c ++++ b/net/batman-adv/gateway_client.c +@@ -508,6 +508,7 @@ out: + return 0; + } + ++/* this call might reallocate skb data */ + static bool batadv_is_type_dhcprequest(struct sk_buff *skb, int header_len) + { + int ret = false; +@@ -568,6 +569,7 @@ out: + return ret; + } + ++/* this call might reallocate skb data */ + bool batadv_gw_is_dhcp_target(struct sk_buff *skb, unsigned int *header_len) + { + struct ethhdr *ethhdr; +@@ -619,6 +621,12 @@ bool batadv_gw_is_dhcp_target(struct sk_buff *skb, unsigned int *header_len) + + if (!pskb_may_pull(skb, *header_len + sizeof(*udphdr))) + return false; ++ ++ /* skb->data might have been reallocated by pskb_may_pull() */ ++ ethhdr = (struct ethhdr *)skb->data; ++ if (ntohs(ethhdr->h_proto) == ETH_P_8021Q) ++ ethhdr = (struct ethhdr *)(skb->data + VLAN_HLEN); ++ + udphdr = (struct udphdr *)(skb->data + *header_len); + *header_len += sizeof(*udphdr); + +@@ -634,12 +642,14 @@ bool batadv_gw_is_dhcp_target(struct sk_buff *skb, unsigned int *header_len) + return true; + } + ++/* this call might reallocate skb data */ + bool batadv_gw_out_of_range(struct batadv_priv *bat_priv, +- struct sk_buff *skb, struct ethhdr *ethhdr) ++ struct sk_buff *skb) + { + struct batadv_neigh_node *neigh_curr = NULL, *neigh_old = NULL; + struct batadv_orig_node *orig_dst_node = NULL; + struct batadv_gw_node *curr_gw = NULL; ++ struct ethhdr *ethhdr; + bool ret, out_of_range = false; + unsigned int header_len = 0; + uint8_t curr_tq_avg; +@@ -648,6 +658,7 @@ bool batadv_gw_out_of_range(struct batadv_priv *bat_priv, + if (!ret) + goto out; + ++ ethhdr = (struct ethhdr *)skb->data; + orig_dst_node = batadv_transtable_search(bat_priv, ethhdr->h_source, + ethhdr->h_dest); + if (!orig_dst_node) +diff --git a/net/batman-adv/gateway_client.h b/net/batman-adv/gateway_client.h +index 039902d..1037d75 100644 +--- a/net/batman-adv/gateway_client.h ++++ b/net/batman-adv/gateway_client.h +@@ -34,7 +34,6 @@ void batadv_gw_node_delete(struct batadv_priv *bat_priv, + void batadv_gw_node_purge(struct batadv_priv *bat_priv); + int batadv_gw_client_seq_print_text(struct seq_file *seq, void *offset); + bool batadv_gw_is_dhcp_target(struct sk_buff *skb, unsigned int *header_len); +-bool batadv_gw_out_of_range(struct batadv_priv *bat_priv, +- struct sk_buff *skb, struct ethhdr *ethhdr); ++bool batadv_gw_out_of_range(struct batadv_priv *bat_priv, struct sk_buff *skb); + + #endif /* _NET_BATMAN_ADV_GATEWAY_CLIENT_H_ */ diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c -index 368219e..53f56f9 100644 +index 522243a..b48c0ef 100644 --- a/net/batman-adv/hard-interface.c +++ b/net/batman-adv/hard-interface.c -@@ -370,7 +370,7 @@ int batadv_hardif_enable_interface(struct batadv_hard_iface *hard_iface, +@@ -401,7 +401,7 @@ int batadv_hardif_enable_interface(struct batadv_hard_iface *hard_iface, hard_iface->batman_adv_ptype.dev = hard_iface->net_dev; dev_add_pack(&hard_iface->batman_adv_ptype); @@ -85150,7 +89286,7 @@ index 368219e..53f56f9 100644 batadv_info(hard_iface->soft_iface, "Adding interface: %s\n", hard_iface->net_dev->name); -@@ -514,7 +514,7 @@ batadv_hardif_add_interface(struct net_device *net_dev) +@@ -550,7 +550,7 @@ batadv_hardif_add_interface(struct net_device *net_dev) /* This can't be called via a bat_priv callback because * we have no bat_priv yet. */ @@ -85160,10 +89296,31 @@ index 368219e..53f56f9 100644 return hard_iface; diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c -index 2711e87..4ca48fa 100644 +index 819dfb0..226bacd 100644 --- a/net/batman-adv/soft-interface.c +++ b/net/batman-adv/soft-interface.c -@@ -252,7 +252,7 @@ static int batadv_interface_tx(struct sk_buff *skb, +@@ -180,6 +180,9 @@ static int batadv_interface_tx(struct sk_buff *skb, + if (batadv_bla_tx(bat_priv, skb, vid)) + goto dropped; + ++ /* skb->data might have been reallocated by batadv_bla_tx() */ ++ ethhdr = (struct ethhdr *)skb->data; ++ + /* Register the client MAC in the transtable */ + if (!is_multicast_ether_addr(ethhdr->h_source)) + batadv_tt_local_add(soft_iface, ethhdr->h_source, skb->skb_iif); +@@ -220,6 +223,10 @@ static int batadv_interface_tx(struct sk_buff *skb, + default: + break; + } ++ ++ /* reminder: ethhdr might have become unusable from here on ++ * (batadv_gw_is_dhcp_target() might have reallocated skb data) ++ */ + } + + /* ethernet packet should be broadcasted */ +@@ -253,7 +260,7 @@ static int batadv_interface_tx(struct sk_buff *skb, primary_if->net_dev->dev_addr, ETH_ALEN); /* set broadcast sequence number */ @@ -85172,7 +89329,16 @@ index 2711e87..4ca48fa 100644 bcast_packet->seqno = htonl(seqno); batadv_add_bcast_packet_to_list(bat_priv, skb, brd_delay); -@@ -527,7 +527,7 @@ struct net_device *batadv_softif_create(const char *name) +@@ -266,7 +273,7 @@ static int batadv_interface_tx(struct sk_buff *skb, + /* unicast packet */ + } else { + if (atomic_read(&bat_priv->gw_mode) != BATADV_GW_MODE_OFF) { +- ret = batadv_gw_out_of_range(bat_priv, skb, ethhdr); ++ ret = batadv_gw_out_of_range(bat_priv, skb); + if (ret) + goto dropped; + } +@@ -472,7 +479,7 @@ static int batadv_softif_init_late(struct net_device *dev) atomic_set(&bat_priv->batman_queue_left, BATADV_BATMAN_QUEUE_LEN); atomic_set(&bat_priv->mesh_state, BATADV_MESH_INACTIVE); @@ -85182,7 +89348,7 @@ index 2711e87..4ca48fa 100644 atomic_set(&bat_priv->tt.local_changes, 0); atomic_set(&bat_priv->tt.ogm_append_cnt, 0); diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h -index 4cd87a0..348e705 100644 +index aba8364..50fcbb8 100644 --- a/net/batman-adv/types.h +++ b/net/batman-adv/types.h @@ -51,7 +51,7 @@ @@ -85203,7 +89369,7 @@ index 4cd87a0..348e705 100644 struct kobject *hardif_obj; atomic_t refcount; struct packet_type batman_adv_ptype; -@@ -495,7 +495,7 @@ struct batadv_priv { +@@ -558,7 +558,7 @@ struct batadv_priv { #ifdef CONFIG_BATMAN_ADV_DEBUG atomic_t log_level; #endif @@ -85213,7 +89379,7 @@ index 4cd87a0..348e705 100644 atomic_t batman_queue_left; char num_ifaces; diff --git a/net/batman-adv/unicast.c b/net/batman-adv/unicast.c -index 50e079f..49ce2d2 100644 +index 0bb3b59..0e3052e 100644 --- a/net/batman-adv/unicast.c +++ b/net/batman-adv/unicast.c @@ -270,7 +270,7 @@ int batadv_frag_send_skb(struct sk_buff *skb, struct batadv_priv *bat_priv, @@ -85225,11 +89391,88 @@ index 50e079f..49ce2d2 100644 frag1->seqno = htons(seqno - 1); frag2->seqno = htons(seqno); +@@ -326,7 +326,9 @@ static bool batadv_unicast_push_and_fill_skb(struct sk_buff *skb, int hdr_size, + * @skb: the skb containing the payload to encapsulate + * @orig_node: the destination node + * +- * Returns false if the payload could not be encapsulated or true otherwise ++ * Returns false if the payload could not be encapsulated or true otherwise. ++ * ++ * This call might reallocate skb data. + */ + static bool batadv_unicast_prepare_skb(struct sk_buff *skb, + struct batadv_orig_node *orig_node) +@@ -343,7 +345,9 @@ static bool batadv_unicast_prepare_skb(struct sk_buff *skb, + * @orig_node: the destination node + * @packet_subtype: the batman 4addr packet subtype to use + * +- * Returns false if the payload could not be encapsulated or true otherwise ++ * Returns false if the payload could not be encapsulated or true otherwise. ++ * ++ * This call might reallocate skb data. + */ + bool batadv_unicast_4addr_prepare_skb(struct batadv_priv *bat_priv, + struct sk_buff *skb, +@@ -401,7 +405,7 @@ int batadv_unicast_generic_send_skb(struct batadv_priv *bat_priv, + struct batadv_neigh_node *neigh_node; + int data_len = skb->len; + int ret = NET_RX_DROP; +- unsigned int dev_mtu; ++ unsigned int dev_mtu, header_len; + + /* get routing information */ + if (is_multicast_ether_addr(ethhdr->h_dest)) { +@@ -429,10 +433,12 @@ find_router: + switch (packet_type) { + case BATADV_UNICAST: + batadv_unicast_prepare_skb(skb, orig_node); ++ header_len = sizeof(struct batadv_unicast_packet); + break; + case BATADV_UNICAST_4ADDR: + batadv_unicast_4addr_prepare_skb(bat_priv, skb, orig_node, + packet_subtype); ++ header_len = sizeof(struct batadv_unicast_4addr_packet); + break; + default: + /* this function supports UNICAST and UNICAST_4ADDR only. It +@@ -441,6 +447,7 @@ find_router: + goto out; + } + ++ ethhdr = (struct ethhdr *)(skb->data + header_len); + unicast_packet = (struct batadv_unicast_packet *)skb->data; + + /* inform the destination node that we are still missing a correct route +diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c +index ace5e55..a65a1c0 100644 +--- a/net/bluetooth/hci_core.c ++++ b/net/bluetooth/hci_core.c +@@ -2211,16 +2211,16 @@ int hci_register_dev(struct hci_dev *hdev) + list_add(&hdev->list, &hci_dev_list); + write_unlock(&hci_dev_list_lock); + +- hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND | +- WQ_MEM_RECLAIM, 1); ++ hdev->workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND | ++ WQ_MEM_RECLAIM, 1, hdev->name); + if (!hdev->workqueue) { + error = -ENOMEM; + goto err; + } + +- hdev->req_workqueue = alloc_workqueue(hdev->name, ++ hdev->req_workqueue = alloc_workqueue("%s", + WQ_HIGHPRI | WQ_UNBOUND | +- WQ_MEM_RECLAIM, 1); ++ WQ_MEM_RECLAIM, 1, hdev->name); + if (!hdev->req_workqueue) { + destroy_workqueue(hdev->workqueue); + error = -ENOMEM; diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c -index 6a93614..1415549 100644 +index 9bd7d95..6c4884f 100644 --- a/net/bluetooth/hci_sock.c +++ b/net/bluetooth/hci_sock.c -@@ -929,7 +929,7 @@ static int hci_sock_setsockopt(struct socket *sock, int level, int optname, +@@ -934,7 +934,7 @@ static int hci_sock_setsockopt(struct socket *sock, int level, int optname, uf.event_mask[1] = *((u32 *) f->event_mask + 1); } @@ -85239,10 +89482,10 @@ index 6a93614..1415549 100644 err = -EFAULT; break; diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c -index 7c7e932..7a7815d 100644 +index 68843a2..30e9342 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c -@@ -3395,8 +3395,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, +@@ -3507,8 +3507,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, break; case L2CAP_CONF_RFC: @@ -85256,10 +89499,10 @@ index 7c7e932..7a7815d 100644 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && rfc.mode != chan->mode) diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c -index 1bcfb84..dad9f98 100644 +index 36fed40..be2eeb2 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c -@@ -479,7 +479,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, +@@ -485,7 +485,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, struct sock *sk = sock->sk; struct l2cap_chan *chan = l2cap_pi(sk)->chan; struct l2cap_options opts; @@ -85269,7 +89512,7 @@ index 1bcfb84..dad9f98 100644 u32 opt; BT_DBG("sk %p", sk); -@@ -501,7 +502,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, +@@ -507,7 +508,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, opts.max_tx = chan->max_tx; opts.txwin_size = chan->tx_win; @@ -85278,7 +89521,7 @@ index 1bcfb84..dad9f98 100644 if (copy_from_user((char *) &opts, optval, len)) { err = -EFAULT; break; -@@ -581,7 +582,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, +@@ -587,7 +588,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, struct bt_security sec; struct bt_power pwr; struct l2cap_conn *conn; @@ -85288,7 +89531,7 @@ index 1bcfb84..dad9f98 100644 u32 opt; BT_DBG("sk %p", sk); -@@ -604,7 +606,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, +@@ -610,7 +612,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, sec.level = BT_SECURITY_LOW; @@ -85297,7 +89540,7 @@ index 1bcfb84..dad9f98 100644 if (copy_from_user((char *) &sec, optval, len)) { err = -EFAULT; break; -@@ -701,7 +703,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, +@@ -707,7 +709,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; @@ -85307,7 +89550,7 @@ index 1bcfb84..dad9f98 100644 err = -EFAULT; break; diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c -index 7c9224b..381009e 100644 +index 30b3721..c1bd0a0 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c @@ -666,7 +666,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c @@ -85368,7 +89611,7 @@ index b6e44ad..5b0d514 100644 if (dev->tty_dev->parent) device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST); diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c -index 8d493c9..3849e49 100644 +index 3d110c4..4e1b2eb 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -1525,7 +1525,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) @@ -85399,7 +89642,7 @@ index 8d493c9..3849e49 100644 break; } diff --git a/net/caif/cfctrl.c b/net/caif/cfctrl.c -index a376ec1..1fbd6be 100644 +index 2bd4b58..0dc30a1 100644 --- a/net/caif/cfctrl.c +++ b/net/caif/cfctrl.c @@ -10,6 +10,7 @@ @@ -85442,10 +89685,10 @@ index a376ec1..1fbd6be 100644 list_del(&p->list); goto out; diff --git a/net/can/af_can.c b/net/can/af_can.c -index c48e522..1223690 100644 +index c4e5085..aa9efdf 100644 --- a/net/can/af_can.c +++ b/net/can/af_can.c -@@ -870,7 +870,7 @@ static const struct net_proto_family can_family_ops = { +@@ -862,7 +862,7 @@ static const struct net_proto_family can_family_ops = { }; /* notifier block for netdevice event */ @@ -85455,7 +89698,7 @@ index c48e522..1223690 100644 }; diff --git a/net/can/gw.c b/net/can/gw.c -index 117814a..ad4fb73 100644 +index 3ee690e..00d581b 100644 --- a/net/can/gw.c +++ b/net/can/gw.c @@ -80,7 +80,6 @@ MODULE_PARM_DESC(max_hops, @@ -85466,7 +89709,7 @@ index 117814a..ad4fb73 100644 static struct kmem_cache *cgw_cache __read_mostly; -@@ -928,6 +927,10 @@ static int cgw_remove_job(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) +@@ -927,6 +926,10 @@ static int cgw_remove_job(struct sk_buff *skb, struct nlmsghdr *nlh) return err; } @@ -85477,7 +89720,7 @@ index 117814a..ad4fb73 100644 static __init int cgw_module_init(void) { /* sanitize given module parameter */ -@@ -943,7 +946,6 @@ static __init int cgw_module_init(void) +@@ -942,7 +945,6 @@ static __init int cgw_module_init(void) return -ENOMEM; /* set notifier */ @@ -85486,7 +89729,7 @@ index 117814a..ad4fb73 100644 if (__rtnl_register(PF_CAN, RTM_GETROUTE, NULL, cgw_dump_jobs, NULL)) { diff --git a/net/compat.c b/net/compat.c -index 79ae884..17c5c09 100644 +index f0a1ba6..0541331 100644 --- a/net/compat.c +++ b/net/compat.c @@ -71,9 +71,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) @@ -85616,7 +89859,7 @@ index 79ae884..17c5c09 100644 struct group_filter __user *kgf; int __user *koptlen; u32 interface, fmode, numsrc; -@@ -796,7 +796,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args) +@@ -805,7 +805,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args) if (call < SYS_SOCKET || call > SYS_SENDMMSG) return -EINVAL; @@ -85626,10 +89869,10 @@ index 79ae884..17c5c09 100644 a0 = a[0]; a1 = a[1]; diff --git a/net/core/datagram.c b/net/core/datagram.c -index 368f9c3..f82d4a3 100644 +index b71423d..0360434 100644 --- a/net/core/datagram.c +++ b/net/core/datagram.c -@@ -289,7 +289,7 @@ int skb_kill_datagram(struct sock *sk, struct sk_buff *skb, unsigned int flags) +@@ -295,7 +295,7 @@ int skb_kill_datagram(struct sock *sk, struct sk_buff *skb, unsigned int flags) } kfree_skb(skb); @@ -85639,10 +89882,10 @@ index 368f9c3..f82d4a3 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 9a278e9..15f2b9e 100644 +index 7ddbb31..3902452 100644 --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -1617,7 +1617,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) +@@ -1649,7 +1649,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) { if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) { if (skb_copy_ubufs(skb, GFP_ATOMIC)) { @@ -85651,7 +89894,7 @@ index 9a278e9..15f2b9e 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -1626,7 +1626,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) +@@ -1658,7 +1658,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) skb_orphan(skb); if (unlikely(!is_skb_forwardable(dev, skb))) { @@ -85660,7 +89903,7 @@ index 9a278e9..15f2b9e 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -2351,7 +2351,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) +@@ -2404,7 +2404,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) struct dev_gso_cb { void (*destructor)(struct sk_buff *skb); @@ -85669,7 +89912,7 @@ index 9a278e9..15f2b9e 100644 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) -@@ -3093,7 +3093,7 @@ enqueue: +@@ -3139,7 +3139,7 @@ enqueue: local_irq_restore(flags); @@ -85678,7 +89921,7 @@ index 9a278e9..15f2b9e 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -3165,7 +3165,7 @@ int netif_rx_ni(struct sk_buff *skb) +@@ -3211,7 +3211,7 @@ int netif_rx_ni(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_ni); @@ -85687,7 +89930,7 @@ index 9a278e9..15f2b9e 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); -@@ -3490,7 +3490,7 @@ ncls: +@@ -3545,7 +3545,7 @@ ncls: ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); } else { drop: @@ -85696,7 +89939,7 @@ index 9a278e9..15f2b9e 100644 kfree_skb(skb); /* Jamal, now you will not able to escape explaining * me how you were going to use this. :-) -@@ -4095,7 +4095,7 @@ void netif_napi_del(struct napi_struct *napi) +@@ -4153,7 +4153,7 @@ void netif_napi_del(struct napi_struct *napi) } EXPORT_SYMBOL(netif_napi_del); @@ -85705,7 +89948,7 @@ index 9a278e9..15f2b9e 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); unsigned long time_limit = jiffies + 2; -@@ -5522,7 +5522,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, +@@ -5590,7 +5590,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, } else { netdev_stats_to_stats64(storage, &dev->stats); } @@ -85715,10 +89958,10 @@ index 9a278e9..15f2b9e 100644 } EXPORT_SYMBOL(dev_get_stats); diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c -index 6cc0481..59cfb00 100644 +index 5b7d0e1..cb960fc 100644 --- a/net/core/dev_ioctl.c +++ b/net/core/dev_ioctl.c -@@ -376,9 +376,13 @@ void dev_load(struct net *net, const char *name) +@@ -365,9 +365,13 @@ void dev_load(struct net *net, const char *name) if (no_module && capable(CAP_NET_ADMIN)) no_module = request_module("netdev-%s", name); if (no_module && capable(CAP_SYS_MODULE)) { @@ -85732,8 +89975,50 @@ index 6cc0481..59cfb00 100644 } } EXPORT_SYMBOL(dev_load); +diff --git a/net/core/ethtool.c b/net/core/ethtool.c +index ce91766..3b71cdb 100644 +--- a/net/core/ethtool.c ++++ b/net/core/ethtool.c +@@ -1319,10 +1319,19 @@ static int ethtool_get_dump_data(struct net_device *dev, + if (ret) + return ret; + +- len = (tmp.len > dump.len) ? dump.len : tmp.len; ++ len = min(tmp.len, dump.len); + if (!len) + return -EFAULT; + ++ /* Don't ever let the driver think there's more space available ++ * than it requested with .get_dump_flag(). ++ */ ++ dump.len = len; ++ ++ /* Always allocate enough space to hold the whole thing so that the ++ * driver does not need to check the length and bother with partial ++ * dumping. ++ */ + data = vzalloc(tmp.len); + if (!data) + return -ENOMEM; +@@ -1330,6 +1339,16 @@ static int ethtool_get_dump_data(struct net_device *dev, + if (ret) + goto out; + ++ /* There are two sane possibilities: ++ * 1. The driver's .get_dump_data() does not touch dump.len. ++ * 2. Or it may set dump.len to how much it really writes, which ++ * should be tmp.len (or len if it can do a partial dump). ++ * In any case respond to userspace with the actual length of data ++ * it's receiving. ++ */ ++ WARN_ON(dump.len != len && dump.len != tmp.len); ++ dump.len = len; ++ + if (copy_to_user(useraddr, &dump, sizeof(dump))) { + ret = -EFAULT; + goto out; diff --git a/net/core/flow.c b/net/core/flow.c -index 2bfd081..53c6058 100644 +index 7102f16..146b4bd 100644 --- a/net/core/flow.c +++ b/net/core/flow.c @@ -61,7 +61,7 @@ struct flow_cache { @@ -85773,7 +90058,7 @@ index 2bfd081..53c6058 100644 fle->object = flo; else diff --git a/net/core/iovec.c b/net/core/iovec.c -index 7e7aeb0..2a998cb 100644 +index de178e4..1dabd8b 100644 --- a/net/core/iovec.c +++ b/net/core/iovec.c @@ -42,7 +42,7 @@ int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr_storage *a @@ -85795,10 +90080,10 @@ index 7e7aeb0..2a998cb 100644 m->msg_iov = iov; diff --git a/net/core/neighbour.c b/net/core/neighbour.c -index 3863b8f..85c99a6 100644 +index ce90b02..8752627 100644 --- a/net/core/neighbour.c +++ b/net/core/neighbour.c -@@ -2778,7 +2778,7 @@ static int proc_unres_qlen(ctl_table *ctl, int write, void __user *buffer, +@@ -2771,7 +2771,7 @@ static int proc_unres_qlen(ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { int size, ret; @@ -85808,7 +90093,7 @@ index 3863b8f..85c99a6 100644 tmp.extra1 = &zero; tmp.extra2 = &unres_qlen_max; diff --git a/net/core/net-procfs.c b/net/core/net-procfs.c -index 3174f19..5810985 100644 +index 569d355..79cf2d0 100644 --- a/net/core/net-procfs.c +++ b/net/core/net-procfs.c @@ -271,8 +271,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v) @@ -85816,20 +90101,20 @@ index 3174f19..5810985 100644 seq_printf(seq, "%04x", ntohs(pt->type)); +#ifdef CONFIG_GRKERNSEC_HIDESYM -+ seq_printf(seq, " %-8s %pF\n", ++ seq_printf(seq, " %-8s %pf\n", + pt->dev ? pt->dev->name : "", NULL); +#else - seq_printf(seq, " %-8s %pF\n", + seq_printf(seq, " %-8s %pf\n", pt->dev ? pt->dev->name : "", pt->func); +#endif } return 0; diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c -index 7427ab5..389f411 100644 +index 981fed3..536af34 100644 --- a/net/core/net-sysfs.c +++ b/net/core/net-sysfs.c -@@ -1321,7 +1321,7 @@ void netdev_class_remove_file(struct class_attribute *class_attr) +@@ -1311,7 +1311,7 @@ void netdev_class_remove_file(struct class_attribute *class_attr) } EXPORT_SYMBOL(netdev_class_remove_file); @@ -85839,10 +90124,10 @@ index 7427ab5..389f411 100644 kobj_ns_type_register(&net_ns_type_operations); return class_register(&net_class); diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c -index 80e271d..2980cc2 100644 +index f9765203..9feaef8 100644 --- a/net/core/net_namespace.c +++ b/net/core/net_namespace.c -@@ -442,7 +442,7 @@ static int __register_pernet_operations(struct list_head *list, +@@ -443,7 +443,7 @@ static int __register_pernet_operations(struct list_head *list, int error; LIST_HEAD(net_exit_list); @@ -85851,7 +90136,7 @@ index 80e271d..2980cc2 100644 if (ops->init || (ops->id && ops->size)) { for_each_net(net) { error = ops_init(ops, net); -@@ -455,7 +455,7 @@ static int __register_pernet_operations(struct list_head *list, +@@ -456,7 +456,7 @@ static int __register_pernet_operations(struct list_head *list, out_undo: /* If I have an error cleanup all namespaces I initialized */ @@ -85860,7 +90145,7 @@ index 80e271d..2980cc2 100644 ops_exit_list(ops, &net_exit_list); ops_free_list(ops, &net_exit_list); return error; -@@ -466,7 +466,7 @@ static void __unregister_pernet_operations(struct pernet_operations *ops) +@@ -467,7 +467,7 @@ static void __unregister_pernet_operations(struct pernet_operations *ops) struct net *net; LIST_HEAD(net_exit_list); @@ -85869,7 +90154,7 @@ index 80e271d..2980cc2 100644 for_each_net(net) list_add_tail(&net->exit_list, &net_exit_list); ops_exit_list(ops, &net_exit_list); -@@ -600,7 +600,7 @@ int register_pernet_device(struct pernet_operations *ops) +@@ -601,7 +601,7 @@ int register_pernet_device(struct pernet_operations *ops) mutex_lock(&net_mutex); error = register_pernet_operations(&pernet_list, ops); if (!error && (first_device == &pernet_list)) @@ -85879,7 +90164,7 @@ index 80e271d..2980cc2 100644 return error; } diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index 23854b5..ff4fda4 100644 +index a08bd2b..c59bd7c 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -58,7 +58,7 @@ struct rtnl_link { @@ -85917,11 +90202,20 @@ index 23854b5..ff4fda4 100644 } EXPORT_SYMBOL_GPL(__rtnl_link_unregister); +@@ -2374,7 +2377,7 @@ static int rtnl_bridge_getlink(struct sk_buff *skb, struct netlink_callback *cb) + struct nlattr *extfilt; + u32 filter_mask = 0; + +- extfilt = nlmsg_find_attr(cb->nlh, sizeof(struct rtgenmsg), ++ extfilt = nlmsg_find_attr(cb->nlh, sizeof(struct ifinfomsg), + IFLA_EXT_MASK); + if (extfilt) + filter_mask = nla_get_u32(extfilt); diff --git a/net/core/scm.c b/net/core/scm.c -index 2dc6cda..2159524 100644 +index 03795d0..eaf7368 100644 --- a/net/core/scm.c +++ b/net/core/scm.c -@@ -226,7 +226,7 @@ EXPORT_SYMBOL(__scm_send); +@@ -210,7 +210,7 @@ EXPORT_SYMBOL(__scm_send); int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) { struct cmsghdr __user *cm @@ -85930,7 +90224,7 @@ index 2dc6cda..2159524 100644 struct cmsghdr cmhdr; int cmlen = CMSG_LEN(len); int err; -@@ -249,7 +249,7 @@ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) +@@ -233,7 +233,7 @@ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) err = -EFAULT; if (copy_to_user(cm, &cmhdr, sizeof cmhdr)) goto out; @@ -85939,7 +90233,7 @@ index 2dc6cda..2159524 100644 goto out; cmlen = CMSG_SPACE(len); if (msg->msg_controllen < cmlen) -@@ -265,7 +265,7 @@ EXPORT_SYMBOL(put_cmsg); +@@ -249,7 +249,7 @@ EXPORT_SYMBOL(put_cmsg); void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) { struct cmsghdr __user *cm @@ -85948,7 +90242,7 @@ index 2dc6cda..2159524 100644 int fdmax = 0; int fdnum = scm->fp->count; -@@ -285,7 +285,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) +@@ -269,7 +269,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) if (fdnum < fdmax) fdmax = fdnum; @@ -85957,26 +90251,30 @@ index 2dc6cda..2159524 100644 i++, cmfptr++) { struct socket *sock; -diff --git a/net/core/secure_seq.c b/net/core/secure_seq.c -index e61a8bb..6a2f13c 100644 ---- a/net/core/secure_seq.c -+++ b/net/core/secure_seq.c -@@ -12,12 +12,10 @@ - - static u32 net_secret[MD5_MESSAGE_BYTES / 4] ____cacheline_aligned; - --static int __init net_secret_init(void) -+void net_secret_init(void) - { - get_random_bytes(net_secret, sizeof(net_secret)); -- return 0; +diff --git a/net/core/skbuff.c b/net/core/skbuff.c +index 1c1738c..4cab7f0 100644 +--- a/net/core/skbuff.c ++++ b/net/core/skbuff.c +@@ -3087,13 +3087,15 @@ void __init skb_init(void) + skbuff_head_cache = kmem_cache_create("skbuff_head_cache", + sizeof(struct sk_buff), + 0, +- SLAB_HWCACHE_ALIGN|SLAB_PANIC, ++ SLAB_HWCACHE_ALIGN|SLAB_PANIC| ++ SLAB_NO_SANITIZE, + NULL); + skbuff_fclone_cache = kmem_cache_create("skbuff_fclone_cache", + (2*sizeof(struct sk_buff)) + + sizeof(atomic_t), + 0, +- SLAB_HWCACHE_ALIGN|SLAB_PANIC, ++ SLAB_HWCACHE_ALIGN|SLAB_PANIC| ++ SLAB_NO_SANITIZE, + NULL); } --late_initcall(net_secret_init); - #ifdef CONFIG_INET - static u32 seq_scale(u32 seq) diff --git a/net/core/sock.c b/net/core/sock.c -index 1432266..1a0d4a1 100644 +index d6d024c..6ea7ab4 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -390,7 +390,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -86024,7 +90322,7 @@ index 1432266..1a0d4a1 100644 goto discard_and_relse; } -@@ -942,12 +942,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -933,12 +933,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname, struct timeval tm; } v; @@ -86040,7 +90338,7 @@ index 1432266..1a0d4a1 100644 return -EINVAL; memset(&v, 0, sizeof(v)); -@@ -1099,11 +1099,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -1090,11 +1090,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname, case SO_PEERNAME: { @@ -86054,7 +90352,7 @@ index 1432266..1a0d4a1 100644 return -EINVAL; if (copy_to_user(optval, address, len)) return -EFAULT; -@@ -1166,7 +1166,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -1161,7 +1161,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, if (len > lv) len = lv; @@ -86063,7 +90361,7 @@ index 1432266..1a0d4a1 100644 return -EFAULT; lenout: if (put_user(len, optlen)) -@@ -2284,7 +2284,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) +@@ -2277,7 +2277,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) */ smp_wmb(); atomic_set(&sk->sk_refcnt, 1); @@ -86073,7 +90371,7 @@ index 1432266..1a0d4a1 100644 EXPORT_SYMBOL(sock_init_data); diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c -index a29e90c..922399c 100644 +index a0e9cf6..ef7f9ed 100644 --- a/net/core/sock_diag.c +++ b/net/core/sock_diag.c @@ -9,26 +9,33 @@ @@ -86111,7 +90409,7 @@ index a29e90c..922399c 100644 } EXPORT_SYMBOL_GPL(sock_diag_save_cookie); -@@ -75,8 +82,11 @@ int sock_diag_register(const struct sock_diag_handler *hndl) +@@ -113,8 +120,11 @@ int sock_diag_register(const struct sock_diag_handler *hndl) mutex_lock(&sock_diag_table_mutex); if (sock_diag_handlers[hndl->family]) err = -EBUSY; @@ -86124,7 +90422,7 @@ index a29e90c..922399c 100644 mutex_unlock(&sock_diag_table_mutex); return err; -@@ -92,7 +102,9 @@ void sock_diag_unregister(const struct sock_diag_handler *hnld) +@@ -130,7 +140,9 @@ void sock_diag_unregister(const struct sock_diag_handler *hnld) mutex_lock(&sock_diag_table_mutex); BUG_ON(sock_diag_handlers[family] != hnld); @@ -86229,30 +90527,10 @@ index a55eecc..dd8428c 100644 *lenp = len; diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c -index c929d9c..df10cde 100644 +index d01be2a..8976537 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c -@@ -115,6 +115,7 @@ - #include - #include - #include -+#include - #ifdef CONFIG_IP_MROUTE - #include - #endif -@@ -263,8 +264,10 @@ void build_ehash_secret(void) - get_random_bytes(&rnd, sizeof(rnd)); - } while (rnd == 0); - -- if (cmpxchg(&inet_ehash_secret, 0, rnd) == 0) -+ if (cmpxchg(&inet_ehash_secret, 0, rnd) == 0) { - get_random_bytes(&ipv6_hash_secret, sizeof(ipv6_hash_secret)); -+ net_secret_init(); -+ } - } - EXPORT_SYMBOL(build_ehash_secret); - -@@ -1699,13 +1702,9 @@ static int __init inet_init(void) +@@ -1703,13 +1703,9 @@ static int __init inet_init(void) BUILD_BUG_ON(sizeof(struct inet_skb_parm) > FIELD_SIZEOF(struct sk_buff, cb)); @@ -86267,7 +90545,7 @@ index c929d9c..df10cde 100644 rc = proto_register(&udp_prot, 1); if (rc) -@@ -1814,8 +1813,6 @@ out_unregister_udp_proto: +@@ -1818,8 +1814,6 @@ out_unregister_udp_proto: proto_unregister(&udp_prot); out_unregister_tcp_proto: proto_unregister(&tcp_prot); @@ -86290,10 +90568,46 @@ index 2e7f194..0fa4d6d 100644 ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_AH, 0); diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c -index c6287cd..e9bc96a 100644 +index dfc39d4..0d4fa52 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c -@@ -1992,7 +1992,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write, +@@ -771,7 +771,7 @@ static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh, + ci = nla_data(tb[IFA_CACHEINFO]); + if (!ci->ifa_valid || ci->ifa_prefered > ci->ifa_valid) { + err = -EINVAL; +- goto errout; ++ goto errout_free; + } + *pvalid_lft = ci->ifa_valid; + *pprefered_lft = ci->ifa_prefered; +@@ -779,6 +779,8 @@ static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh, + + return ifa; + ++errout_free: ++ inet_free_ifa(ifa); + errout: + return ERR_PTR(err); + } +@@ -1529,7 +1531,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) + idx = 0; + head = &net->dev_index_head[h]; + rcu_read_lock(); +- cb->seq = atomic_read(&net->ipv4.dev_addr_genid) ^ ++ cb->seq = atomic_read_unchecked(&net->ipv4.dev_addr_genid) ^ + net->dev_base_seq; + hlist_for_each_entry_rcu(dev, head, index_hlist) { + if (idx < s_idx) +@@ -1840,7 +1842,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb, + idx = 0; + head = &net->dev_index_head[h]; + rcu_read_lock(); +- cb->seq = atomic_read(&net->ipv4.dev_addr_genid) ^ ++ cb->seq = atomic_read_unchecked(&net->ipv4.dev_addr_genid) ^ + net->dev_base_seq; + hlist_for_each_entry_rcu(dev, head, index_hlist) { + if (idx < s_idx) +@@ -2065,7 +2067,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write, #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \ DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush) @@ -86302,7 +90616,7 @@ index c6287cd..e9bc96a 100644 struct ctl_table_header *sysctl_header; struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX]; } devinet_sysctl = { -@@ -2110,7 +2110,7 @@ static __net_init int devinet_init_net(struct net *net) +@@ -2183,7 +2185,7 @@ static __net_init int devinet_init_net(struct net *net) int err; struct ipv4_devconf *all, *dflt; #ifdef CONFIG_SYSCTL @@ -86311,7 +90625,7 @@ index c6287cd..e9bc96a 100644 struct ctl_table_header *forw_hdr; #endif -@@ -2128,7 +2128,7 @@ static __net_init int devinet_init_net(struct net *net) +@@ -2201,7 +2203,7 @@ static __net_init int devinet_init_net(struct net *net) goto err_alloc_dflt; #ifdef CONFIG_SYSCTL @@ -86320,7 +90634,7 @@ index c6287cd..e9bc96a 100644 if (tbl == NULL) goto err_alloc_ctl; -@@ -2148,7 +2148,10 @@ static __net_init int devinet_init_net(struct net *net) +@@ -2221,7 +2223,10 @@ static __net_init int devinet_init_net(struct net *net) goto err_reg_dflt; err = -ENOMEM; @@ -86332,7 +90646,7 @@ index c6287cd..e9bc96a 100644 if (forw_hdr == NULL) goto err_reg_ctl; net->ipv4.forw_hdr = forw_hdr; -@@ -2164,8 +2167,7 @@ err_reg_ctl: +@@ -2237,8 +2242,7 @@ err_reg_ctl: err_reg_dflt: __devinet_sysctl_unregister(all); err_reg_all: @@ -86343,9 +90657,18 @@ index c6287cd..e9bc96a 100644 #endif if (dflt != &ipv4_devconf_dflt) diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c -index 4cfe34d..a6ba66e 100644 +index 4cfe34d..d2fac8a 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c +@@ -477,7 +477,7 @@ static u32 esp4_get_mtu(struct xfrm_state *x, int mtu) + } + + return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) - +- net_adj) & ~(align - 1)) + (net_adj - 2); ++ net_adj) & ~(align - 1)) + net_adj - 2; + } + + static void esp4_err(struct sk_buff *skb, u32 info) @@ -503,7 +503,7 @@ static void esp4_err(struct sk_buff *skb, u32 info) return; @@ -86356,7 +90679,7 @@ index 4cfe34d..a6ba66e 100644 ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_ESP, 0); diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c -index eb4bb12..ee4ec7d 100644 +index c7629a2..b62d139 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -1017,12 +1017,12 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event, @@ -86396,8 +90719,32 @@ index 8f6cb7a..34507f9 100644 return nh->nh_saddr; } +diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c +index 49616fe..6e8a13d 100644 +--- a/net/ipv4/fib_trie.c ++++ b/net/ipv4/fib_trie.c +@@ -71,7 +71,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -1761,10 +1760,8 @@ static struct leaf *leaf_walk_rcu(struct tnode *p, struct rt_trie_node *c) + if (!c) + continue; + +- if (IS_LEAF(c)) { +- prefetch(rcu_dereference_rtnl(p->child[idx])); ++ if (IS_LEAF(c)) + return (struct leaf *) c; +- } + + /* Rescan start scanning in new node */ + p = (struct tnode *) c; diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c -index 786d97a..1889c0d 100644 +index 6acb541..9ea617d 100644 --- a/net/ipv4/inet_connection_sock.c +++ b/net/ipv4/inet_connection_sock.c @@ -37,7 +37,7 @@ struct local_ports sysctl_local_ports __read_mostly = { @@ -86454,10 +90801,10 @@ index 000e3d2..5472da3 100644 secure_ip_id(daddr->addr.a4) : secure_ipv6_id(daddr->addr.a6)); diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c -index 52c273e..579060b 100644 +index b66910a..cfe416e 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c -@@ -311,7 +311,7 @@ static inline int ip_frag_too_far(struct ipq *qp) +@@ -282,7 +282,7 @@ static inline int ip_frag_too_far(struct ipq *qp) return 0; start = qp->rid; @@ -86466,7 +90813,7 @@ index 52c273e..579060b 100644 qp->rid = end; rc = qp->q.fragments && (end - start) > max; -@@ -788,12 +788,11 @@ static struct ctl_table ip4_frags_ctl_table[] = { +@@ -759,12 +759,11 @@ static struct ctl_table ip4_frags_ctl_table[] = { static int __net_init ip4_frags_ns_ctl_register(struct net *net) { @@ -86481,7 +90828,7 @@ index 52c273e..579060b 100644 if (table == NULL) goto err_alloc; -@@ -804,9 +803,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) +@@ -775,9 +774,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) /* Don't export sysctls to unprivileged users */ if (net->user_ns != &init_user_ns) table[0].procname = NULL; @@ -86494,7 +90841,7 @@ index 52c273e..579060b 100644 if (hdr == NULL) goto err_reg; -@@ -814,8 +814,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) +@@ -785,8 +785,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) return 0; err_reg: @@ -86505,19 +90852,28 @@ index 52c273e..579060b 100644 return -ENOMEM; } diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c -index 91d66db..4af7d99 100644 +index 855004f..9644112 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c -@@ -124,7 +124,7 @@ static bool log_ecn_error = true; +@@ -115,7 +115,7 @@ static bool log_ecn_error = true; module_param(log_ecn_error, bool, 0644); MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN"); -static struct rtnl_link_ops ipgre_link_ops __read_mostly; +static struct rtnl_link_ops ipgre_link_ops; static int ipgre_tunnel_init(struct net_device *dev); - static void ipgre_tunnel_setup(struct net_device *dev); - static int ipgre_tunnel_bind_dev(struct net_device *dev); -@@ -1823,7 +1823,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = { + + static int ipgre_net_id __read_mostly; +@@ -572,7 +572,7 @@ static int ipgre_header(struct sk_buff *skb, struct net_device *dev, + if (daddr) + memcpy(&iph->daddr, daddr, 4); + if (iph->daddr) +- return t->hlen; ++ return t->hlen + sizeof(*iph); + + return -(t->hlen + sizeof(*iph)); + } +@@ -919,7 +919,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = { [IFLA_GRE_PMTUDISC] = { .type = NLA_U8 }, }; @@ -86526,7 +90882,7 @@ index 91d66db..4af7d99 100644 .kind = "gre", .maxtype = IFLA_GRE_MAX, .policy = ipgre_policy, -@@ -1836,7 +1836,7 @@ static struct rtnl_link_ops ipgre_link_ops __read_mostly = { +@@ -933,7 +933,7 @@ static struct rtnl_link_ops ipgre_link_ops __read_mostly = { .fill_info = ipgre_fill_info, }; @@ -86559,7 +90915,7 @@ index d9c4f11..02b82dbc 100644 msg.msg_flags = flags; diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c -index c3a4233..1412161 100644 +index 17cc0ff..63856c4 100644 --- a/net/ipv4/ip_vti.c +++ b/net/ipv4/ip_vti.c @@ -47,7 +47,7 @@ @@ -86571,7 +90927,7 @@ index c3a4233..1412161 100644 static int vti_net_id __read_mostly; struct vti_net { -@@ -886,7 +886,7 @@ static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = { +@@ -840,7 +840,7 @@ static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = { [IFLA_VTI_REMOTE] = { .len = FIELD_SIZEOF(struct iphdr, daddr) }, }; @@ -86581,7 +90937,7 @@ index c3a4233..1412161 100644 .maxtype = IFLA_VTI_MAX, .policy = vti_policy, diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c -index f01d1b1..8fe03ad 100644 +index 59cb8c7..a72160c 100644 --- a/net/ipv4/ipcomp.c +++ b/net/ipv4/ipcomp.c @@ -48,7 +48,7 @@ static void ipcomp4_err(struct sk_buff *skb, u32 info) @@ -86594,10 +90950,10 @@ index f01d1b1..8fe03ad 100644 ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_COMP, 0); diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c -index bf6c5cf..ab2e9c6 100644 +index efa1138..20dbba0 100644 --- a/net/ipv4/ipconfig.c +++ b/net/ipv4/ipconfig.c -@@ -323,7 +323,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg) +@@ -334,7 +334,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg) mm_segment_t oldfs = get_fs(); set_fs(get_ds()); @@ -86606,7 +90962,7 @@ index bf6c5cf..ab2e9c6 100644 set_fs(oldfs); return res; } -@@ -334,7 +334,7 @@ static int __init ic_dev_ioctl(unsigned int cmd, struct ifreq *arg) +@@ -345,7 +345,7 @@ static int __init ic_dev_ioctl(unsigned int cmd, struct ifreq *arg) mm_segment_t oldfs = get_fs(); set_fs(get_ds()); @@ -86615,7 +90971,7 @@ index bf6c5cf..ab2e9c6 100644 set_fs(oldfs); return res; } -@@ -345,7 +345,7 @@ static int __init ic_route_ioctl(unsigned int cmd, struct rtentry *arg) +@@ -356,7 +356,7 @@ static int __init ic_route_ioctl(unsigned int cmd, struct rtentry *arg) mm_segment_t oldfs = get_fs(); set_fs(get_ds()); @@ -86625,19 +90981,19 @@ index bf6c5cf..ab2e9c6 100644 return res; } diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c -index 8f024d4..8b3500c 100644 +index 7cfc456..e726868 100644 --- a/net/ipv4/ipip.c +++ b/net/ipv4/ipip.c -@@ -138,7 +138,7 @@ struct ipip_net { +@@ -124,7 +124,7 @@ MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN"); + static int ipip_net_id __read_mostly; + static int ipip_tunnel_init(struct net_device *dev); - static void ipip_tunnel_setup(struct net_device *dev); - static void ipip_dev_free(struct net_device *dev); -static struct rtnl_link_ops ipip_link_ops __read_mostly; +static struct rtnl_link_ops ipip_link_ops; - static struct rtnl_link_stats64 *ipip_get_stats64(struct net_device *dev, - struct rtnl_link_stats64 *tot) -@@ -974,7 +974,7 @@ static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = { + static int ipip_err(struct sk_buff *skb, u32 info) + { +@@ -406,7 +406,7 @@ static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = { [IFLA_IPTUN_PMTUDISC] = { .type = NLA_U8 }, }; @@ -86647,10 +91003,10 @@ index 8f024d4..8b3500c 100644 .maxtype = IFLA_IPTUN_MAX, .policy = ipip_policy, diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c -index 7dc6a97..229c61b 100644 +index 85a4f21..1beb1f5 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c -@@ -879,14 +879,14 @@ static int compat_table_info(const struct xt_table_info *info, +@@ -880,14 +880,14 @@ static int compat_table_info(const struct xt_table_info *info, #endif static int get_info(struct net *net, void __user *user, @@ -86668,7 +91024,7 @@ index 7dc6a97..229c61b 100644 sizeof(struct arpt_getinfo)); return -EINVAL; } -@@ -923,7 +923,7 @@ static int get_info(struct net *net, void __user *user, +@@ -924,7 +924,7 @@ static int get_info(struct net *net, void __user *user, info.size = private->size; strcpy(info.name, name); @@ -86677,7 +91033,7 @@ index 7dc6a97..229c61b 100644 ret = -EFAULT; else ret = 0; -@@ -1682,7 +1682,7 @@ static int compat_do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, +@@ -1683,7 +1683,7 @@ static int compat_do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, switch (cmd) { case ARPT_SO_GET_INFO: @@ -86686,7 +91042,7 @@ index 7dc6a97..229c61b 100644 break; case ARPT_SO_GET_ENTRIES: ret = compat_get_entries(sock_net(sk), user, len); -@@ -1727,7 +1727,7 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len +@@ -1728,7 +1728,7 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len switch (cmd) { case ARPT_SO_GET_INFO: @@ -86696,7 +91052,7 @@ index 7dc6a97..229c61b 100644 case ARPT_SO_GET_ENTRIES: diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c -index 3efcf87..5247916 100644 +index d23118d..6ad7277 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -1068,14 +1068,14 @@ static int compat_table_info(const struct xt_table_info *info, @@ -86745,10 +91101,10 @@ index 3efcf87..5247916 100644 case IPT_SO_GET_ENTRIES: diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index 2e91006..f084394 100644 +index 7d93d62..cbbf2a3 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c -@@ -844,7 +844,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f, +@@ -843,7 +843,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f, from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -86813,10 +91169,10 @@ index dd44e0a..06dcca4 100644 static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index 6e28514..5e1b055 100644 +index d35bbf0..faa3ab8 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c -@@ -2553,34 +2553,34 @@ static struct ctl_table ipv4_route_flush_table[] = { +@@ -2558,34 +2558,34 @@ static struct ctl_table ipv4_route_flush_table[] = { .maxlen = sizeof(int), .mode = 0200, .proc_handler = ipv4_sysctl_rtcache_flush, @@ -86859,7 +91215,7 @@ index 6e28514..5e1b055 100644 err_dup: return -ENOMEM; } -@@ -2603,7 +2603,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { +@@ -2608,7 +2608,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { static __net_init int rt_genid_init(struct net *net) { @@ -86869,10 +91225,10 @@ index 6e28514..5e1b055 100644 sizeof(net->ipv4.dev_addr_genid)); return 0; diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c -index 960fd29..d55bf64 100644 +index 3f25e75..3ae0f4d 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c -@@ -55,7 +55,7 @@ static int ipv4_local_port_range(ctl_table *table, int write, +@@ -57,7 +57,7 @@ static int ipv4_local_port_range(ctl_table *table, int write, { int ret; int range[2]; @@ -86881,7 +91237,7 @@ index 960fd29..d55bf64 100644 .data = &range, .maxlen = sizeof(range), .mode = table->mode, -@@ -108,7 +108,7 @@ static int ipv4_ping_group_range(ctl_table *table, int write, +@@ -110,7 +110,7 @@ static int ipv4_ping_group_range(ctl_table *table, int write, int ret; gid_t urange[2]; kgid_t low, high; @@ -86890,7 +91246,7 @@ index 960fd29..d55bf64 100644 .data = &urange, .maxlen = sizeof(urange), .mode = table->mode, -@@ -139,7 +139,7 @@ static int proc_tcp_congestion_control(ctl_table *ctl, int write, +@@ -141,7 +141,7 @@ static int proc_tcp_congestion_control(ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { char val[TCP_CA_NAME_MAX]; @@ -86899,7 +91255,7 @@ index 960fd29..d55bf64 100644 .data = val, .maxlen = TCP_CA_NAME_MAX, }; -@@ -158,7 +158,7 @@ static int proc_tcp_available_congestion_control(ctl_table *ctl, +@@ -160,7 +160,7 @@ static int proc_tcp_available_congestion_control(ctl_table *ctl, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -86908,7 +91264,7 @@ index 960fd29..d55bf64 100644 int ret; tbl.data = kmalloc(tbl.maxlen, GFP_USER); -@@ -175,7 +175,7 @@ static int proc_allowed_congestion_control(ctl_table *ctl, +@@ -177,7 +177,7 @@ static int proc_allowed_congestion_control(ctl_table *ctl, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -86917,7 +91273,7 @@ index 960fd29..d55bf64 100644 int ret; tbl.data = kmalloc(tbl.maxlen, GFP_USER); -@@ -201,15 +201,17 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write, +@@ -203,15 +203,17 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write, struct mem_cgroup *memcg; #endif @@ -86938,7 +91294,7 @@ index 960fd29..d55bf64 100644 } ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos); -@@ -236,7 +238,7 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write, +@@ -238,7 +240,7 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write, static int proc_tcp_fastopen_key(ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -86947,7 +91303,7 @@ index 960fd29..d55bf64 100644 struct tcp_fastopen_context *ctxt; int ret; u32 user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */ -@@ -477,7 +479,7 @@ static struct ctl_table ipv4_table[] = { +@@ -481,7 +483,7 @@ static struct ctl_table ipv4_table[] = { }, { .procname = "ip_local_reserved_ports", @@ -86956,7 +91312,7 @@ index 960fd29..d55bf64 100644 .maxlen = 65536, .mode = 0644, .proc_handler = proc_do_large_bitmap, -@@ -856,11 +858,10 @@ static struct ctl_table ipv4_net_table[] = { +@@ -846,11 +848,10 @@ static struct ctl_table ipv4_net_table[] = { static __net_init int ipv4_sysctl_init_net(struct net *net) { @@ -86970,7 +91326,7 @@ index 960fd29..d55bf64 100644 if (table == NULL) goto err_alloc; -@@ -895,15 +896,17 @@ static __net_init int ipv4_sysctl_init_net(struct net *net) +@@ -885,15 +886,17 @@ static __net_init int ipv4_sysctl_init_net(struct net *net) tcp_init_mem(net); @@ -86991,7 +91347,7 @@ index 960fd29..d55bf64 100644 err_alloc: return -ENOMEM; } -@@ -925,16 +928,6 @@ static __net_initdata struct pernet_operations ipv4_sysctl_ops = { +@@ -915,16 +918,6 @@ static __net_initdata struct pernet_operations ipv4_sysctl_ops = { static __init int sysctl_ipv4_init(void) { struct ctl_table_header *hdr; @@ -87008,29 +91364,11 @@ index 960fd29..d55bf64 100644 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); if (hdr == NULL) -diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c -index e220207..cdeb839 100644 ---- a/net/ipv4/tcp.c -+++ b/net/ipv4/tcp.c -@@ -3383,8 +3383,11 @@ int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp, - - for (i = 0; i < shi->nr_frags; ++i) { - const struct skb_frag_struct *f = &shi->frags[i]; -- struct page *page = skb_frag_page(f); -- sg_set_page(&sg, page, skb_frag_size(f), f->page_offset); -+ unsigned int offset = f->page_offset; -+ struct page *page = skb_frag_page(f) + (offset >> PAGE_SHIFT); -+ -+ sg_set_page(&sg, page, skb_frag_size(f), -+ offset_in_page(offset)); - if (crypto_hash_update(desc, &sg, skb_frag_size(f))) - return 1; - } diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index 13b9c08..d33a8d0 100644 +index 9c62257..651cc27 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c -@@ -4724,7 +4724,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, +@@ -4436,7 +4436,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, * simplifies code) */ static void @@ -87039,7 +91377,7 @@ index 13b9c08..d33a8d0 100644 struct sk_buff *head, struct sk_buff *tail, u32 start, u32 end) { -@@ -5838,6 +5838,7 @@ discard: +@@ -5522,6 +5522,7 @@ discard: tcp_paws_reject(&tp->rx_opt, 0)) goto discard_and_undo; @@ -87047,7 +91385,7 @@ index 13b9c08..d33a8d0 100644 if (th->syn) { /* We see SYN without ACK. It is attempt of * simultaneous connect with crossed SYNs. -@@ -5888,6 +5889,7 @@ discard: +@@ -5572,6 +5573,7 @@ discard: goto discard; #endif } @@ -87055,7 +91393,7 @@ index 13b9c08..d33a8d0 100644 /* "fifth, if neither of the SYN or RST bits is set then * drop the segment and return." */ -@@ -5932,7 +5934,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -5616,7 +5618,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, goto discard; if (th->syn) { @@ -87065,7 +91403,7 @@ index 13b9c08..d33a8d0 100644 if (icsk->icsk_af_ops->conn_request(sk, skb) < 0) return 1; diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index d09203c..fd5cc91 100644 +index 7999fc5..c812f42 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -90,6 +90,10 @@ int sysctl_tcp_low_latency __read_mostly; @@ -87079,7 +91417,7 @@ index d09203c..fd5cc91 100644 #ifdef CONFIG_TCP_MD5SIG static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key, __be32 daddr, __be32 saddr, const struct tcphdr *th); -@@ -1897,6 +1901,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1855,6 +1859,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -87089,7 +91427,7 @@ index d09203c..fd5cc91 100644 tcp_v4_send_reset(rsk, skb); discard: kfree_skb(skb); -@@ -1996,12 +2003,19 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -2000,12 +2007,19 @@ int tcp_v4_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -87112,7 +91450,7 @@ index d09203c..fd5cc91 100644 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -2052,6 +2066,10 @@ no_tcp_socket: +@@ -2058,6 +2072,10 @@ csum_error: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -87124,7 +91462,7 @@ index d09203c..fd5cc91 100644 } diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c -index 2f672e7..b8895e9 100644 +index 0f01788..d52a859 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -27,6 +27,10 @@ @@ -87138,7 +91476,7 @@ index 2f672e7..b8895e9 100644 int sysctl_tcp_syncookies __read_mostly = 1; EXPORT_SYMBOL(sysctl_tcp_syncookies); -@@ -749,7 +753,10 @@ embryonic_reset: +@@ -717,7 +721,10 @@ embryonic_reset: * avoid becoming vulnerable to outside attack aiming at * resetting legit local connections. */ @@ -87164,7 +91502,7 @@ index d4943f6..e7a74a5 100644 cnt += width; } diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c -index b78aac3..e18230b 100644 +index 4b85e6f..22f9ac9 100644 --- a/net/ipv4/tcp_timer.c +++ b/net/ipv4/tcp_timer.c @@ -22,6 +22,10 @@ @@ -87193,7 +91531,7 @@ index b78aac3..e18230b 100644 syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) { /* Has it gone just too far? */ diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c -index 0a073a2..ddf6279 100644 +index 93b731d..5a2dd92 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -87,6 +87,7 @@ @@ -87225,7 +91563,7 @@ index 0a073a2..ddf6279 100644 /* * This routine is called by the ICMP module when it gets some * sort of error condition. If err < 0 then the socket should -@@ -889,9 +897,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -890,9 +898,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, dport = usin->sin_port; if (dport == 0) return -EINVAL; @@ -87244,8 +91582,8 @@ index 0a073a2..ddf6279 100644 daddr = inet->inet_daddr; dport = inet->inet_dport; /* Open fast path for connected socket. -@@ -1133,7 +1150,7 @@ static unsigned int first_packet_length(struct sock *sk) - udp_lib_checksum_complete(skb)) { +@@ -1136,7 +1153,7 @@ static unsigned int first_packet_length(struct sock *sk) + IS_UDPLITE(sk)); UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, IS_UDPLITE(sk)); - atomic_inc(&sk->sk_drops); @@ -87253,7 +91591,7 @@ index 0a073a2..ddf6279 100644 __skb_unlink(skb, rcvq); __skb_queue_tail(&list_kill, skb); } -@@ -1219,6 +1236,10 @@ try_again: +@@ -1222,6 +1239,10 @@ try_again: if (!skb) goto out; @@ -87264,7 +91602,7 @@ index 0a073a2..ddf6279 100644 ulen = skb->len - sizeof(struct udphdr); copied = len; if (copied > ulen) -@@ -1252,7 +1273,7 @@ try_again: +@@ -1255,7 +1276,7 @@ try_again: if (unlikely(err)) { trace_kfree_skb(skb, udp_recvmsg); if (!peeked) { @@ -87273,8 +91611,8 @@ index 0a073a2..ddf6279 100644 UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } -@@ -1535,7 +1556,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) - +@@ -1542,7 +1563,7 @@ csum_error: + UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); drop: UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); - atomic_inc(&sk->sk_drops); @@ -87282,7 +91620,7 @@ index 0a073a2..ddf6279 100644 kfree_skb(skb); return -1; } -@@ -1554,7 +1575,7 @@ static void flush_stack(struct sock **stack, unsigned int count, +@@ -1561,7 +1582,7 @@ static void flush_stack(struct sock **stack, unsigned int count, skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC); if (!skb1) { @@ -87291,7 +91629,7 @@ index 0a073a2..ddf6279 100644 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, IS_UDPLITE(sk)); UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, -@@ -1723,6 +1744,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, +@@ -1730,6 +1751,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, goto csum_error; UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); @@ -87301,7 +91639,7 @@ index 0a073a2..ddf6279 100644 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); /* -@@ -2152,7 +2176,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f, +@@ -2160,7 +2184,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f, from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -87350,10 +91688,19 @@ index 9a459be..086b866 100644 return -ENOMEM; } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index dae802c..bfa4baa 100644 +index fb8c94c..fb18024 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c -@@ -2274,7 +2274,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) +@@ -621,7 +621,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, + idx = 0; + head = &net->dev_index_head[h]; + rcu_read_lock(); +- cb->seq = atomic_read(&net->ipv6.dev_addr_genid) ^ ++ cb->seq = atomic_read_unchecked(&net->ipv6.dev_addr_genid) ^ + net->dev_base_seq; + hlist_for_each_entry_rcu(dev, head, index_hlist) { + if (idx < s_idx) +@@ -2380,7 +2380,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) p.iph.ihl = 5; p.iph.protocol = IPPROTO_IPV6; p.iph.ttl = 64; @@ -87362,7 +91709,25 @@ index dae802c..bfa4baa 100644 if (ops->ndo_do_ioctl) { mm_segment_t oldfs = get_fs(); -@@ -4410,7 +4410,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write, +@@ -4002,7 +4002,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, + s_ip_idx = ip_idx = cb->args[2]; + + rcu_read_lock(); +- cb->seq = atomic_read(&net->ipv6.dev_addr_genid) ^ net->dev_base_seq; ++ cb->seq = atomic_read_unchecked(&net->ipv6.dev_addr_genid) ^ net->dev_base_seq; + for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { + idx = 0; + head = &net->dev_index_head[h]; +@@ -4587,7 +4587,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) + dst_free(&ifp->rt->dst); + break; + } +- atomic_inc(&net->ipv6.dev_addr_genid); ++ atomic_inc_unchecked(&net->ipv6.dev_addr_genid); + } + + static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4607,7 +4607,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -87371,7 +91736,7 @@ index dae802c..bfa4baa 100644 int ret; /* -@@ -4492,7 +4492,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write, +@@ -4689,7 +4689,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -87380,11 +91745,24 @@ index dae802c..bfa4baa 100644 int ret; /* +diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c +index 40ffd72..aeac0dc 100644 +--- a/net/ipv6/esp6.c ++++ b/net/ipv6/esp6.c +@@ -425,7 +425,7 @@ static u32 esp6_get_mtu(struct xfrm_state *x, int mtu) + net_adj = 0; + + return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) - +- net_adj) & ~(align - 1)) + (net_adj - 2); ++ net_adj) & ~(align - 1)) + net_adj - 2; + } + + static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c -index fff5bdd..15194fb 100644 +index b4ff0a4..db9b764 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c -@@ -973,7 +973,7 @@ ctl_table ipv6_icmp_table_template[] = { +@@ -980,7 +980,7 @@ ctl_table ipv6_icmp_table_template[] = { struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net) { @@ -87394,10 +91772,10 @@ index fff5bdd..15194fb 100644 table = kmemdup(ipv6_icmp_table_template, sizeof(ipv6_icmp_table_template), diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c -index 95d13c7..791fe2f 100644 +index ecd6073..58162ae 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c -@@ -73,7 +73,7 @@ struct ip6gre_net { +@@ -74,7 +74,7 @@ struct ip6gre_net { struct net_device *fb_tunnel_dev; }; @@ -87406,7 +91784,7 @@ index 95d13c7..791fe2f 100644 static int ip6gre_tunnel_init(struct net_device *dev); static void ip6gre_tunnel_setup(struct net_device *dev); static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t); -@@ -1337,7 +1337,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev) +@@ -1283,7 +1283,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev) } @@ -87415,7 +91793,7 @@ index 95d13c7..791fe2f 100644 .handler = ip6gre_rcv, .err_handler = ip6gre_err, .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, -@@ -1671,7 +1671,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = { +@@ -1617,7 +1617,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = { [IFLA_GRE_FLAGS] = { .type = NLA_U32 }, }; @@ -87424,7 +91802,7 @@ index 95d13c7..791fe2f 100644 .kind = "ip6gre", .maxtype = IFLA_GRE_MAX, .policy = ip6gre_policy, -@@ -1684,7 +1684,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = { +@@ -1630,7 +1630,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = { .fill_info = ip6gre_fill_info, }; @@ -87433,24 +91811,11 @@ index 95d13c7..791fe2f 100644 .kind = "ip6gretap", .maxtype = IFLA_GRE_MAX, .policy = ip6gre_policy, -diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c -index 155eccf..851fdae 100644 ---- a/net/ipv6/ip6_output.c -+++ b/net/ipv6/ip6_output.c -@@ -1147,7 +1147,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, - if (WARN_ON(np->cork.opt)) - return -EINVAL; - -- np->cork.opt = kmalloc(opt->tot_len, sk->sk_allocation); -+ np->cork.opt = kzalloc(opt->tot_len, sk->sk_allocation); - if (unlikely(np->cork.opt == NULL)) - return -ENOBUFS; - diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c -index fff83cb..82d49dd 100644 +index 1e55866..b398dab 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c -@@ -87,7 +87,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) +@@ -88,7 +88,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) static int ip6_tnl_dev_init(struct net_device *dev); static void ip6_tnl_dev_setup(struct net_device *dev); @@ -87459,7 +91824,7 @@ index fff83cb..82d49dd 100644 static int ip6_tnl_net_id __read_mostly; struct ip6_tnl_net { -@@ -1684,7 +1684,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = { +@@ -1672,7 +1672,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = { [IFLA_IPTUN_PROTO] = { .type = NLA_U8 }, }; @@ -87482,10 +91847,10 @@ index d1e2e8e..51c19ae 100644 msg.msg_flags = flags; diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c -index 341b54a..591e8ed 100644 +index 44400c2..8e11f52 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c -@@ -1076,14 +1076,14 @@ static int compat_table_info(const struct xt_table_info *info, +@@ -1078,14 +1078,14 @@ static int compat_table_info(const struct xt_table_info *info, #endif static int get_info(struct net *net, void __user *user, @@ -87503,7 +91868,7 @@ index 341b54a..591e8ed 100644 sizeof(struct ip6t_getinfo)); return -EINVAL; } -@@ -1120,7 +1120,7 @@ static int get_info(struct net *net, void __user *user, +@@ -1122,7 +1122,7 @@ static int get_info(struct net *net, void __user *user, info.size = private->size; strcpy(info.name, name); @@ -87512,7 +91877,7 @@ index 341b54a..591e8ed 100644 ret = -EFAULT; else ret = 0; -@@ -1974,7 +1974,7 @@ compat_do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) +@@ -1976,7 +1976,7 @@ compat_do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) switch (cmd) { case IP6T_SO_GET_INFO: @@ -87521,7 +91886,7 @@ index 341b54a..591e8ed 100644 break; case IP6T_SO_GET_ENTRIES: ret = compat_get_entries(sock_net(sk), user, len); -@@ -2021,7 +2021,7 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) +@@ -2023,7 +2023,7 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) switch (cmd) { case IP6T_SO_GET_INFO: @@ -87531,10 +91896,10 @@ index 341b54a..591e8ed 100644 case IP6T_SO_GET_ENTRIES: diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c -index 6700069..1e50f42 100644 +index dffdc1a..ccc6678 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c -@@ -89,12 +89,11 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = { +@@ -90,12 +90,11 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = { static int nf_ct_frag6_sysctl_register(struct net *net) { @@ -87549,7 +91914,7 @@ index 6700069..1e50f42 100644 GFP_KERNEL); if (table == NULL) goto err_alloc; -@@ -102,9 +101,9 @@ static int nf_ct_frag6_sysctl_register(struct net *net) +@@ -103,9 +102,9 @@ static int nf_ct_frag6_sysctl_register(struct net *net) table[0].data = &net->nf_frag.frags.timeout; table[1].data = &net->nf_frag.frags.low_thresh; table[2].data = &net->nf_frag.frags.high_thresh; @@ -87562,7 +91927,7 @@ index 6700069..1e50f42 100644 if (hdr == NULL) goto err_reg; -@@ -112,8 +111,7 @@ static int nf_ct_frag6_sysctl_register(struct net *net) +@@ -113,8 +112,7 @@ static int nf_ct_frag6_sysctl_register(struct net *net) return 0; err_reg: @@ -87573,7 +91938,7 @@ index 6700069..1e50f42 100644 return -ENOMEM; } diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c -index 330b5e7..796fbf1 100644 +index eedff8c..6e13a47 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c @@ -378,7 +378,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -87603,7 +91968,7 @@ index 330b5e7..796fbf1 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -603,7 +603,7 @@ out: +@@ -602,7 +602,7 @@ out: return err; } @@ -87612,7 +91977,7 @@ index 330b5e7..796fbf1 100644 struct flowi6 *fl6, struct dst_entry **dstp, unsigned int flags) { -@@ -915,12 +915,15 @@ do_confirm: +@@ -914,12 +914,15 @@ do_confirm: static int rawv6_seticmpfilter(struct sock *sk, int level, int optname, char __user *optval, int optlen) { @@ -87629,7 +91994,7 @@ index 330b5e7..796fbf1 100644 return 0; default: return -ENOPROTOOPT; -@@ -933,6 +936,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, +@@ -932,6 +935,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { int len; @@ -87637,7 +92002,7 @@ index 330b5e7..796fbf1 100644 switch (optname) { case ICMPV6_FILTER: -@@ -944,7 +948,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, +@@ -943,7 +947,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, len = sizeof(struct icmp6_filter); if (put_user(len, optlen)) return -EFAULT; @@ -87647,7 +92012,7 @@ index 330b5e7..796fbf1 100644 return -EFAULT; return 0; default: -@@ -1252,7 +1257,7 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) +@@ -1251,7 +1256,7 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)), 0, sock_i_ino(sp), @@ -87657,10 +92022,10 @@ index 330b5e7..796fbf1 100644 static int raw6_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c -index 0ba10e5..c14a4f6 100644 +index 790d9f4..68ae078 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c -@@ -602,12 +602,11 @@ static struct ctl_table ip6_frags_ctl_table[] = { +@@ -621,12 +621,11 @@ static struct ctl_table ip6_frags_ctl_table[] = { static int __net_init ip6_frags_ns_sysctl_register(struct net *net) { @@ -87675,7 +92040,7 @@ index 0ba10e5..c14a4f6 100644 if (table == NULL) goto err_alloc; -@@ -618,9 +617,10 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) +@@ -637,9 +636,10 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) /* Don't export sysctls to unprivileged users */ if (net->user_ns != &init_user_ns) table[0].procname = NULL; @@ -87688,7 +92053,7 @@ index 0ba10e5..c14a4f6 100644 if (hdr == NULL) goto err_reg; -@@ -628,8 +628,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) +@@ -647,8 +647,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) return 0; err_reg: @@ -87699,10 +92064,10 @@ index 0ba10e5..c14a4f6 100644 return -ENOMEM; } diff --git a/net/ipv6/route.c b/net/ipv6/route.c -index e5fe004..9fe3e8e 100644 +index bacce6c..9d1741a 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c -@@ -2881,7 +2881,7 @@ ctl_table ipv6_route_table_template[] = { +@@ -2903,7 +2903,7 @@ ctl_table ipv6_route_table_template[] = { struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net) { @@ -87712,7 +92077,7 @@ index e5fe004..9fe3e8e 100644 table = kmemdup(ipv6_route_table_template, sizeof(ipv6_route_table_template), diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c -index 02f96dc..4a5a6e5 100644 +index 60df36d..f3ab7c8 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c @@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev); @@ -87724,7 +92089,7 @@ index 02f96dc..4a5a6e5 100644 static int sit_net_id __read_mostly; struct sit_net { -@@ -1486,7 +1486,7 @@ static const struct nla_policy ipip6_policy[IFLA_IPTUN_MAX + 1] = { +@@ -1453,7 +1453,7 @@ static const struct nla_policy ipip6_policy[IFLA_IPTUN_MAX + 1] = { #endif }; @@ -87747,7 +92112,7 @@ index e85c48b..b8268d3 100644 struct ctl_table *ipv6_icmp_table; int err; diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index 0fce928..c52a518 100644 +index 0a17ed9..2526cc3 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -103,6 +103,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) @@ -87761,7 +92126,7 @@ index 0fce928..c52a518 100644 static void tcp_v6_hash(struct sock *sk) { if (sk->sk_state != TCP_CLOSE) { -@@ -1446,6 +1450,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1398,6 +1402,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -87771,7 +92136,7 @@ index 0fce928..c52a518 100644 tcp_v6_send_reset(sk, skb); discard: if (opt_skb) -@@ -1527,12 +1534,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) +@@ -1480,12 +1487,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -87794,7 +92159,7 @@ index 0fce928..c52a518 100644 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1581,6 +1596,10 @@ no_tcp_socket: +@@ -1536,6 +1551,10 @@ csum_error: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -87806,7 +92171,7 @@ index 0fce928..c52a518 100644 } diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c -index 27f0f8e..949e7ee 100644 +index e7b28f9..d09c290 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -52,6 +52,10 @@ @@ -87829,8 +92194,8 @@ index 27f0f8e..949e7ee 100644 if (is_udp4) UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, -@@ -657,7 +661,7 @@ int udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) - return rc; +@@ -665,7 +669,7 @@ csum_error: + UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); drop: UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); - atomic_inc(&sk->sk_drops); @@ -87838,7 +92203,7 @@ index 27f0f8e..949e7ee 100644 kfree_skb(skb); return -1; } -@@ -715,7 +719,7 @@ static void flush_stack(struct sock **stack, unsigned int count, +@@ -723,7 +727,7 @@ static void flush_stack(struct sock **stack, unsigned int count, if (likely(skb1 == NULL)) skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC); if (!skb1) { @@ -87847,8 +92212,8 @@ index 27f0f8e..949e7ee 100644 UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, IS_UDPLITE(sk)); UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, -@@ -852,6 +856,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, - goto discard; +@@ -860,6 +864,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, + goto csum_error; UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); +#ifdef CONFIG_GRKERNSEC_BLACKHOLE @@ -87857,7 +92222,7 @@ index 27f0f8e..949e7ee 100644 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0); kfree_skb(skb); -@@ -1377,7 +1384,7 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket +@@ -1392,7 +1399,7 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -87906,7 +92271,7 @@ index 23ed03d..465a71d 100644 return -ENOMEM; } diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c -index 362ba47..66196f4 100644 +index 41ac7938..75e3bb1 100644 --- a/net/irda/ircomm/ircomm_tty.c +++ b/net/irda/ircomm/ircomm_tty.c @@ -319,11 +319,11 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, @@ -87980,21 +92345,8 @@ index 362ba47..66196f4 100644 seq_printf(m, "Max data size: %d\n", self->max_data_size); seq_printf(m, "Max header size: %d\n", self->max_header_size); -diff --git a/net/irda/irlap_frame.c b/net/irda/irlap_frame.c -index 8c00416..9ea0c93 100644 ---- a/net/irda/irlap_frame.c -+++ b/net/irda/irlap_frame.c -@@ -544,7 +544,7 @@ static void irlap_recv_discovery_xid_cmd(struct irlap_cb *self, - /* - * We now have some discovery info to deliver! - */ -- discovery = kmalloc(sizeof(discovery_t), GFP_ATOMIC); -+ discovery = kzalloc(sizeof(discovery_t), GFP_ATOMIC); - if (!discovery) { - IRDA_WARNING("%s: unable to malloc!\n", __func__); - return; diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c -index 206ce6d..cfb27cd 100644 +index ae69165..c8b82d8 100644 --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c @@ -773,10 +773,10 @@ static int iucv_sock_autobind(struct sock *sk) @@ -88024,10 +92376,10 @@ index 4fe76ff..426a904 100644 }; diff --git a/net/key/af_key.c b/net/key/af_key.c -index 5b1e5af..2358147 100644 +index ab8bd2c..cd2d641 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c -@@ -3041,10 +3041,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc +@@ -3048,10 +3048,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc static u32 get_acqseq(void) { u32 res; @@ -88041,19 +92393,19 @@ index 5b1e5af..2358147 100644 return res; } diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c -index 843d8c4..cb04fa1 100644 +index ae36f8e..09d42ac 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c -@@ -799,7 +799,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy, +@@ -806,7 +806,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy, ret = ieee80211_vif_use_channel(sdata, chandef, IEEE80211_CHANCTX_EXCLUSIVE); } - } else if (local->open_count == local->monitors) { + } else if (local_read(&local->open_count) == local->monitors) { - local->_oper_channel = chandef->chan; - local->_oper_channel_type = cfg80211_get_chandef_type(chandef); + local->_oper_chandef = *chandef; ieee80211_hw_config(local, 0); -@@ -2834,7 +2834,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy, + } +@@ -2922,7 +2922,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy, else local->probe_req_reg--; @@ -88062,7 +92414,7 @@ index 843d8c4..cb04fa1 100644 break; ieee80211_queue_work(&local->hw, &local->reconfig_filter); -@@ -3297,8 +3297,8 @@ static int ieee80211_cfg_get_channel(struct wiphy *wiphy, +@@ -3385,8 +3385,8 @@ static int ieee80211_cfg_get_channel(struct wiphy *wiphy, if (chanctx_conf) { *chandef = chanctx_conf->def; ret = 0; @@ -88074,7 +92426,7 @@ index 843d8c4..cb04fa1 100644 if (local->use_chanctx) *chandef = local->monitor_chandef; diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h -index 5672533..6738c93 100644 +index 9ca8e32..48e4a9b 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -28,6 +28,7 @@ @@ -88085,7 +92437,7 @@ index 5672533..6738c93 100644 #include "key.h" #include "sta_info.h" #include "debug.h" -@@ -897,7 +898,7 @@ struct ieee80211_local { +@@ -891,7 +892,7 @@ struct ieee80211_local { /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */ spinlock_t queue_stop_reason_lock; @@ -88095,10 +92447,10 @@ index 5672533..6738c93 100644 /* number of interfaces with corresponding FIF_ flags */ int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll, diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c -index 9cbebc2..14879bb 100644 +index 514e90f..56f22bf 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c -@@ -495,7 +495,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) +@@ -502,7 +502,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) break; } @@ -88107,7 +92459,7 @@ index 9cbebc2..14879bb 100644 res = drv_start(local); if (res) goto err_del_bss; -@@ -540,7 +540,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) +@@ -545,7 +545,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) break; } @@ -88116,7 +92468,7 @@ index 9cbebc2..14879bb 100644 res = ieee80211_add_virtual_monitor(local); if (res) goto err_stop; -@@ -649,7 +649,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) +@@ -653,7 +653,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) atomic_inc(&local->iff_promiscs); if (coming_up) @@ -88125,7 +92477,7 @@ index 9cbebc2..14879bb 100644 if (hw_reconf_flags) ieee80211_hw_config(local, hw_reconf_flags); -@@ -663,7 +663,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) +@@ -691,7 +691,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) err_del_interface: drv_remove_interface(local, sdata); err_stop: @@ -88134,7 +92486,7 @@ index 9cbebc2..14879bb 100644 drv_stop(local); err_del_bss: sdata->bss = NULL; -@@ -806,7 +806,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -828,7 +828,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, } if (going_down) @@ -88143,29 +92495,38 @@ index 9cbebc2..14879bb 100644 switch (sdata->vif.type) { case NL80211_IFTYPE_AP_VLAN: -@@ -871,7 +871,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -895,7 +895,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, + } + spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); + +- if (local->open_count == 0) ++ if (local_read(&local->open_count) == 0) + ieee80211_clear_tx_pending(local); + + /* +@@ -931,7 +931,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, ieee80211_recalc_ps(local, -1); - if (local->open_count == 0) { + if (local_read(&local->open_count) == 0) { - if (local->ops->napi_poll) - napi_disable(&local->napi); - ieee80211_clear_tx_pending(local); -@@ -897,7 +897,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, - } - spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); + ieee80211_stop_device(local); -- if (local->monitors == local->open_count && local->monitors > 0) -+ if (local->monitors == local_read(&local->open_count) && local->monitors > 0) + /* no reconfiguring after stop! */ +@@ -942,7 +942,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, + ieee80211_configure_filter(local); + ieee80211_hw_config(local, hw_reconf_flags); + +- if (local->monitors == local->open_count) ++ if (local->monitors == local_read(&local->open_count)) ieee80211_add_virtual_monitor(local); } diff --git a/net/mac80211/main.c b/net/mac80211/main.c -index 1a8591b..ef5db54 100644 +index 8a7bfc4..4407cd0 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c -@@ -180,7 +180,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) +@@ -181,7 +181,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) changed &= ~(IEEE80211_CONF_CHANGE_CHANNEL | IEEE80211_CONF_CHANGE_POWER); @@ -88175,19 +92536,19 @@ index 1a8591b..ef5db54 100644 /* * Goal: diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c -index 835584c..be46e67 100644 +index 3401262..d5cd68d 100644 --- a/net/mac80211/pm.c +++ b/net/mac80211/pm.c -@@ -33,7 +33,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) +@@ -12,7 +12,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) + struct ieee80211_sub_if_data *sdata; struct sta_info *sta; - struct ieee80211_chanctx *ctx; - if (!local->open_count) + if (!local_read(&local->open_count)) goto suspend; ieee80211_scan_cancel(local); -@@ -75,7 +75,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) +@@ -59,7 +59,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) cancel_work_sync(&local->dynamic_ps_enable_work); del_timer_sync(&local->dynamic_ps_timer); @@ -88196,8 +92557,8 @@ index 835584c..be46e67 100644 if (local->wowlan) { int err = drv_suspend(local, wowlan); if (err < 0) { -@@ -214,7 +214,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) - mutex_unlock(&local->chanctx_mtx); +@@ -116,7 +116,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) + WARN_ON(!list_empty(&local->chanctx_list)); /* stop hardware - this must stop RX */ - if (local->open_count) @@ -88206,10 +92567,10 @@ index 835584c..be46e67 100644 suspend: diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c -index dd88381..eef4dd6 100644 +index a02bef3..f2f38dd 100644 --- a/net/mac80211/rate.c +++ b/net/mac80211/rate.c -@@ -493,7 +493,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, +@@ -712,7 +712,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, ASSERT_RTNL(); @@ -88232,10 +92593,10 @@ index c97a065..ff61928 100644 return p; diff --git a/net/mac80211/util.c b/net/mac80211/util.c -index 0f38f43..e53d4a8 100644 +index 72e6292..e6319eb 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c -@@ -1388,7 +1388,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) +@@ -1472,7 +1472,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) } #endif /* everything else happens only if HW was up & running */ @@ -88243,6 +92604,15 @@ index 0f38f43..e53d4a8 100644 + if (!local_read(&local->open_count)) goto wake_up; + /* +@@ -1696,7 +1696,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) + local->in_reconfig = false; + barrier(); + +- if (local->monitors == local->open_count && local->monitors > 0) ++ if (local->monitors == local_read(&local->open_count) && local->monitors > 0) + ieee80211_add_virtual_monitor(local); + /* diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index 56d22ca..87c778f 100644 @@ -88278,10 +92648,10 @@ index a1abf87..dbcb7ee 100644 obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c -index 1ba9dbc..e39f4ca 100644 +index f771390..145b765 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c -@@ -1801,7 +1801,7 @@ done: +@@ -1820,7 +1820,7 @@ done: return ret; } @@ -88291,28 +92661,28 @@ index 1ba9dbc..e39f4ca 100644 .get_optmin = SO_IP_SET, .get_optmax = SO_IP_SET + 1, diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c -index 704e514..d644cc2 100644 +index a083bda..da661c3 100644 --- a/net/netfilter/ipvs/ip_vs_conn.c +++ b/net/netfilter/ipvs/ip_vs_conn.c -@@ -551,7 +551,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, struct ip_vs_dest *dest) +@@ -556,7 +556,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, struct ip_vs_dest *dest) /* Increase the refcnt counter of the dest */ - atomic_inc(&dest->refcnt); + ip_vs_dest_hold(dest); - conn_flags = atomic_read(&dest->conn_flags); + conn_flags = atomic_read_unchecked(&dest->conn_flags); if (cp->protocol != IPPROTO_UDP) conn_flags &= ~IP_VS_CONN_F_ONE_PACKET; flags = cp->flags; -@@ -895,7 +895,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p, - atomic_set(&cp->refcnt, 1); +@@ -900,7 +900,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p, + cp->control = NULL; atomic_set(&cp->n_control, 0); - atomic_set(&cp->in_pkts, 0); + atomic_set_unchecked(&cp->in_pkts, 0); - atomic_inc(&ipvs->conn_count); - if (flags & IP_VS_CONN_F_NO_CPORT) -@@ -1174,7 +1174,7 @@ static inline int todrop_entry(struct ip_vs_conn *cp) + cp->packet_xmit = NULL; + cp->app = NULL; +@@ -1190,7 +1190,7 @@ static inline int todrop_entry(struct ip_vs_conn *cp) /* Don't drop the entry if its number of incoming packets is not located in [0, 8] */ @@ -88322,7 +92692,7 @@ index 704e514..d644cc2 100644 if (!todrop_rate[i]) return 0; diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c -index 61f49d2..6c8c5bc 100644 +index 23b8eb5..48a8959 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c @@ -559,7 +559,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, @@ -88334,7 +92704,7 @@ index 61f49d2..6c8c5bc 100644 ip_vs_conn_put(cp); return ret; } -@@ -1689,7 +1689,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af) +@@ -1711,7 +1711,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af) if (cp->flags & IP_VS_CONN_F_ONE_PACKET) pkts = sysctl_sync_threshold(ipvs); else @@ -88344,19 +92714,19 @@ index 61f49d2..6c8c5bc 100644 if (ipvs->sync_state & IP_VS_STATE_MASTER) ip_vs_sync_conn(net, cp, pkts); diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c -index 9e2d1cc..7f8f569 100644 +index 9e6c2a0..28552e2 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c -@@ -787,7 +787,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest, +@@ -789,7 +789,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest, + */ ip_vs_rs_hash(ipvs, dest); - write_unlock_bh(&ipvs->rs_lock); } - atomic_set(&dest->conn_flags, conn_flags); + atomic_set_unchecked(&dest->conn_flags, conn_flags); /* bind the service */ if (!dest->svc) { -@@ -1688,7 +1688,7 @@ proc_do_sync_ports(ctl_table *table, int write, +@@ -1657,7 +1657,7 @@ proc_do_sync_ports(ctl_table *table, int write, * align with netns init in ip_vs_control_net_init() */ @@ -88365,7 +92735,7 @@ index 9e2d1cc..7f8f569 100644 { .procname = "amemthresh", .maxlen = sizeof(int), -@@ -2087,7 +2087,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) +@@ -2060,7 +2060,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) " %-7s %-6d %-10d %-10d\n", &dest->addr.in6, ntohs(dest->port), @@ -88374,7 +92744,7 @@ index 9e2d1cc..7f8f569 100644 atomic_read(&dest->weight), atomic_read(&dest->activeconns), atomic_read(&dest->inactconns)); -@@ -2098,7 +2098,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) +@@ -2071,7 +2071,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) "%-7s %-6d %-10d %-10d\n", ntohl(dest->addr.ip), ntohs(dest->port), @@ -88383,7 +92753,7 @@ index 9e2d1cc..7f8f569 100644 atomic_read(&dest->weight), atomic_read(&dest->activeconns), atomic_read(&dest->inactconns)); -@@ -2568,7 +2568,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get, +@@ -2549,7 +2549,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get, entry.addr = dest->addr.ip; entry.port = dest->port; @@ -88392,16 +92762,16 @@ index 9e2d1cc..7f8f569 100644 entry.weight = atomic_read(&dest->weight); entry.u_threshold = dest->u_threshold; entry.l_threshold = dest->l_threshold; -@@ -3104,7 +3104,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest) +@@ -3092,7 +3092,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest) if (nla_put(skb, IPVS_DEST_ATTR_ADDR, sizeof(dest->addr), &dest->addr) || - nla_put_u16(skb, IPVS_DEST_ATTR_PORT, dest->port) || + nla_put_be16(skb, IPVS_DEST_ATTR_PORT, dest->port) || nla_put_u32(skb, IPVS_DEST_ATTR_FWD_METHOD, - (atomic_read(&dest->conn_flags) & + (atomic_read_unchecked(&dest->conn_flags) & IP_VS_CONN_F_FWD_MASK)) || nla_put_u32(skb, IPVS_DEST_ATTR_WEIGHT, atomic_read(&dest->weight)) || -@@ -3694,7 +3694,7 @@ static int __net_init ip_vs_control_net_init_sysctl(struct net *net) +@@ -3682,7 +3682,7 @@ static int __net_init ip_vs_control_net_init_sysctl(struct net *net) { int idx; struct netns_ipvs *ipvs = net_ipvs(net); @@ -88411,10 +92781,10 @@ index 9e2d1cc..7f8f569 100644 atomic_set(&ipvs->dropentry, 0); spin_lock_init(&ipvs->dropentry_lock); diff --git a/net/netfilter/ipvs/ip_vs_lblc.c b/net/netfilter/ipvs/ip_vs_lblc.c -index fdd89b9..bd96aa9 100644 +index 5ea26bd..c9bc65f 100644 --- a/net/netfilter/ipvs/ip_vs_lblc.c +++ b/net/netfilter/ipvs/ip_vs_lblc.c -@@ -115,7 +115,7 @@ struct ip_vs_lblc_table { +@@ -118,7 +118,7 @@ struct ip_vs_lblc_table { * IPVS LBLC sysctl table */ #ifdef CONFIG_SYSCTL @@ -88424,10 +92794,10 @@ index fdd89b9..bd96aa9 100644 .procname = "lblc_expiration", .data = NULL, diff --git a/net/netfilter/ipvs/ip_vs_lblcr.c b/net/netfilter/ipvs/ip_vs_lblcr.c -index c03b6a3..8ce3681 100644 +index 50123c2..067c773 100644 --- a/net/netfilter/ipvs/ip_vs_lblcr.c +++ b/net/netfilter/ipvs/ip_vs_lblcr.c -@@ -288,7 +288,7 @@ struct ip_vs_lblcr_table { +@@ -299,7 +299,7 @@ struct ip_vs_lblcr_table { * IPVS LBLCR sysctl table */ @@ -88437,7 +92807,7 @@ index c03b6a3..8ce3681 100644 .procname = "lblcr_expiration", .data = NULL, diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c -index 44fd10c..2a163b3 100644 +index f6046d9..4f10cfd 100644 --- a/net/netfilter/ipvs/ip_vs_sync.c +++ b/net/netfilter/ipvs/ip_vs_sync.c @@ -596,7 +596,7 @@ static void ip_vs_sync_conn_v0(struct net *net, struct ip_vs_conn *cp, @@ -88458,7 +92828,7 @@ index 44fd10c..2a163b3 100644 else pkts = sysctl_sync_threshold(ipvs); goto sloop; -@@ -885,7 +885,7 @@ static void ip_vs_proc_conn(struct net *net, struct ip_vs_conn_param *param, +@@ -882,7 +882,7 @@ static void ip_vs_proc_conn(struct net *net, struct ip_vs_conn_param *param, if (opt) memcpy(&cp->in_seq, opt, sizeof(*opt)); @@ -88468,10 +92838,10 @@ index 44fd10c..2a163b3 100644 cp->old_state = cp->state; /* diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c -index ee6b7a9..f9a89f6 100644 +index b75ff64..0c51bbe 100644 --- a/net/netfilter/ipvs/ip_vs_xmit.c +++ b/net/netfilter/ipvs/ip_vs_xmit.c -@@ -1210,7 +1210,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, +@@ -1102,7 +1102,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, else rc = NF_ACCEPT; /* do not touch skb anymore */ @@ -88480,7 +92850,7 @@ index ee6b7a9..f9a89f6 100644 goto out; } -@@ -1332,7 +1332,7 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, +@@ -1194,7 +1194,7 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, else rc = NF_ACCEPT; /* do not touch skb anymore */ @@ -88503,10 +92873,10 @@ index 2d3030a..7ba1c0a 100644 table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table), GFP_KERNEL); diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c -index c8e001a..f842a8b 100644 +index 0283bae..5febcb0 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c -@@ -1594,6 +1594,10 @@ void nf_conntrack_init_end(void) +@@ -1614,6 +1614,10 @@ void nf_conntrack_init_end(void) #define DYING_NULLS_VAL ((1<<30)+1) #define TEMPLATE_NULLS_VAL ((1<<30)+2) @@ -88517,7 +92887,7 @@ index c8e001a..f842a8b 100644 int nf_conntrack_init_net(struct net *net) { int ret; -@@ -1608,7 +1612,11 @@ int nf_conntrack_init_net(struct net *net) +@@ -1628,7 +1632,11 @@ int nf_conntrack_init_net(struct net *net) goto err_stat; } @@ -88530,10 +92900,10 @@ index c8e001a..f842a8b 100644 ret = -ENOMEM; goto err_slabname; diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c -index b5d2eb8..61ef19a 100644 +index 1df1761..ce8b88a 100644 --- a/net/netfilter/nf_conntrack_ecache.c +++ b/net/netfilter/nf_conntrack_ecache.c -@@ -186,7 +186,7 @@ static struct nf_ct_ext_type event_extend __read_mostly = { +@@ -188,7 +188,7 @@ static struct nf_ct_ext_type event_extend __read_mostly = { #ifdef CONFIG_SYSCTL static int nf_conntrack_event_init_sysctl(struct net *net) { @@ -88543,10 +92913,10 @@ index b5d2eb8..61ef19a 100644 table = kmemdup(event_sysctl_table, sizeof(event_sysctl_table), GFP_KERNEL); diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c -index 94b4b98..97cf0ad 100644 +index 974a2a4..52cc6ff 100644 --- a/net/netfilter/nf_conntrack_helper.c +++ b/net/netfilter/nf_conntrack_helper.c -@@ -56,7 +56,7 @@ static struct ctl_table helper_sysctl_table[] = { +@@ -57,7 +57,7 @@ static struct ctl_table helper_sysctl_table[] = { static int nf_conntrack_helper_init_sysctl(struct net *net) { @@ -88556,10 +92926,10 @@ index 94b4b98..97cf0ad 100644 table = kmemdup(helper_sysctl_table, sizeof(helper_sysctl_table), GFP_KERNEL); diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c -index 58ab405..50eb8d3 100644 +index 0ab9636..cea3c6a 100644 --- a/net/netfilter/nf_conntrack_proto.c +++ b/net/netfilter/nf_conntrack_proto.c -@@ -51,7 +51,7 @@ nf_ct_register_sysctl(struct net *net, +@@ -52,7 +52,7 @@ nf_ct_register_sysctl(struct net *net, static void nf_ct_unregister_sysctl(struct ctl_table_header **header, @@ -88568,11 +92938,76 @@ index 58ab405..50eb8d3 100644 unsigned int users) { if (users > 0) +diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c +index a99b6c3..3841268 100644 +--- a/net/netfilter/nf_conntrack_proto_dccp.c ++++ b/net/netfilter/nf_conntrack_proto_dccp.c +@@ -457,7 +457,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb, + out_invalid: + if (LOG_INVALID(net, IPPROTO_DCCP)) + nf_log_packet(net, nf_ct_l3num(ct), 0, skb, NULL, NULL, +- NULL, msg); ++ NULL, "%s", msg); + return false; + } + +@@ -614,7 +614,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl, + + out_invalid: + if (LOG_INVALID(net, IPPROTO_DCCP)) +- nf_log_packet(net, pf, 0, skb, NULL, NULL, NULL, msg); ++ nf_log_packet(net, pf, 0, skb, NULL, NULL, NULL, "%s", msg); + return -NF_ACCEPT; + } + +diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c +index 4d4d8f1..e0f9a32 100644 +--- a/net/netfilter/nf_conntrack_proto_tcp.c ++++ b/net/netfilter/nf_conntrack_proto_tcp.c +@@ -526,7 +526,7 @@ static bool tcp_in_window(const struct nf_conn *ct, + const struct nf_conntrack_tuple *tuple = &ct->tuplehash[dir].tuple; + __u32 seq, ack, sack, end, win, swin; + s16 receiver_offset; +- bool res; ++ bool res, in_recv_win; + + /* + * Get the required data from the packet. +@@ -649,14 +649,18 @@ static bool tcp_in_window(const struct nf_conn *ct, + receiver->td_end, receiver->td_maxend, receiver->td_maxwin, + receiver->td_scale); + ++ /* Is the ending sequence in the receive window (if available)? */ ++ in_recv_win = !receiver->td_maxwin || ++ after(end, sender->td_end - receiver->td_maxwin - 1); ++ + pr_debug("tcp_in_window: I=%i II=%i III=%i IV=%i\n", + before(seq, sender->td_maxend + 1), +- after(end, sender->td_end - receiver->td_maxwin - 1), ++ (in_recv_win ? 1 : 0), + before(sack, receiver->td_end + 1), + after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1)); + + if (before(seq, sender->td_maxend + 1) && +- after(end, sender->td_end - receiver->td_maxwin - 1) && ++ in_recv_win && + before(sack, receiver->td_end + 1) && + after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1)) { + /* +@@ -725,7 +729,7 @@ static bool tcp_in_window(const struct nf_conn *ct, + nf_log_packet(net, pf, 0, skb, NULL, NULL, NULL, + "nf_ct_tcp: %s ", + before(seq, sender->td_maxend + 1) ? +- after(end, sender->td_end - receiver->td_maxwin - 1) ? ++ in_recv_win ? + before(sack, receiver->td_end + 1) ? + after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1) ? "BUG" + : "ACK is under the lower bound (possible overly delayed ACK)" diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c -index fedee39..d62a93d 100644 +index bd700b4..4a3dc61 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c -@@ -470,7 +470,7 @@ static ctl_table nf_ct_netfilter_table[] = { +@@ -471,7 +471,7 @@ static ctl_table nf_ct_netfilter_table[] = { static int nf_conntrack_standalone_init_sysctl(struct net *net) { @@ -88595,26 +93030,26 @@ index 902fb0a..87f7fdb 100644 table = kmemdup(tstamp_sysctl_table, sizeof(tstamp_sysctl_table), GFP_KERNEL); diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c -index 9e31269..bc4c1b7 100644 +index 3b18dd1..f79e0ca 100644 --- a/net/netfilter/nf_log.c +++ b/net/netfilter/nf_log.c -@@ -215,7 +215,7 @@ static const struct file_operations nflog_file_ops = { +@@ -243,7 +243,7 @@ static const struct file_operations nflog_file_ops = { #ifdef CONFIG_SYSCTL static char nf_log_sysctl_fnames[NFPROTO_NUMPROTO-NFPROTO_UNSPEC][3]; -static struct ctl_table nf_log_sysctl_table[NFPROTO_NUMPROTO+1]; +static ctl_table_no_const nf_log_sysctl_table[NFPROTO_NUMPROTO+1] __read_only; - static struct ctl_table_header *nf_log_dir_header; static int nf_log_proc_dostring(ctl_table *table, int write, -@@ -246,14 +246,16 @@ static int nf_log_proc_dostring(ctl_table *table, int write, - rcu_assign_pointer(nf_loggers[tindex], logger); + void __user *buffer, size_t *lenp, loff_t *ppos) +@@ -274,14 +274,16 @@ static int nf_log_proc_dostring(ctl_table *table, int write, + rcu_assign_pointer(net->nf.nf_loggers[tindex], logger); mutex_unlock(&nf_log_mutex); } else { + ctl_table_no_const nf_log_table = *table; + mutex_lock(&nf_log_mutex); - logger = rcu_dereference_protected(nf_loggers[tindex], + logger = rcu_dereference_protected(net->nf.nf_loggers[tindex], lockdep_is_held(&nf_log_mutex)); if (!logger) - table->data = "NONE"; @@ -88650,27 +93085,171 @@ index f042ae5..30ea486 100644 } EXPORT_SYMBOL(nf_unregister_sockopt); diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c -index f248db5..3778ad9 100644 +index 962e979..e46f350 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c -@@ -72,7 +72,7 @@ struct nfulnl_instance { +@@ -82,7 +82,7 @@ static int nfnl_log_net_id __read_mostly; + struct nfnl_log_net { + spinlock_t instances_lock; + struct hlist_head instance_table[INSTANCE_BUCKETS]; +- atomic_t global_seq; ++ atomic_unchecked_t global_seq; }; - static DEFINE_SPINLOCK(instances_lock); --static atomic_t global_seq; -+static atomic_unchecked_t global_seq; - - #define INSTANCE_BUCKETS 16 - static struct hlist_head instance_table[INSTANCE_BUCKETS]; -@@ -536,7 +536,7 @@ __build_packet_message(struct nfulnl_instance *inst, + static struct nfnl_log_net *nfnl_log_pernet(struct net *net) +@@ -419,6 +419,7 @@ __build_packet_message(struct nfnl_log_net *log, + nfmsg->version = NFNETLINK_V0; + nfmsg->res_id = htons(inst->group_num); + ++ memset(&pmsg, 0, sizeof(pmsg)); + pmsg.hw_protocol = skb->protocol; + pmsg.hook = hooknum; + +@@ -498,7 +499,10 @@ __build_packet_message(struct nfnl_log_net *log, + if (indev && skb->dev && + skb->mac_header != skb->network_header) { + struct nfulnl_msg_packet_hw phw; +- int len = dev_parse_header(skb, phw.hw_addr); ++ int len; ++ ++ memset(&phw, 0, sizeof(phw)); ++ len = dev_parse_header(skb, phw.hw_addr); + if (len > 0) { + phw.hw_addrlen = htons(len); + if (nla_put(inst->skb, NFULA_HWADDR, sizeof(phw), &phw)) +@@ -559,7 +563,7 @@ __build_packet_message(struct nfnl_log_net *log, /* global sequence number */ if ((inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) && nla_put_be32(inst->skb, NFULA_SEQ_GLOBAL, -- htonl(atomic_inc_return(&global_seq)))) -+ htonl(atomic_inc_return_unchecked(&global_seq)))) +- htonl(atomic_inc_return(&log->global_seq)))) ++ htonl(atomic_inc_return_unchecked(&log->global_seq)))) goto nla_put_failure; if (data_len) { +diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c +index 5352b2d..e0083ce 100644 +--- a/net/netfilter/nfnetlink_queue_core.c ++++ b/net/netfilter/nfnetlink_queue_core.c +@@ -444,7 +444,10 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, + if (indev && entskb->dev && + entskb->mac_header != entskb->network_header) { + struct nfqnl_msg_packet_hw phw; +- int len = dev_parse_header(entskb, phw.hw_addr); ++ int len; ++ ++ memset(&phw, 0, sizeof(phw)); ++ len = dev_parse_header(entskb, phw.hw_addr); + if (len) { + phw.hw_addrlen = htons(len); + if (nla_put(skb, NFQA_HWADDR, sizeof(phw), &phw)) +diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c +index 7011c71..6113cc7 100644 +--- a/net/netfilter/xt_TCPMSS.c ++++ b/net/netfilter/xt_TCPMSS.c +@@ -52,7 +52,8 @@ tcpmss_mangle_packet(struct sk_buff *skb, + { + const struct xt_tcpmss_info *info = par->targinfo; + struct tcphdr *tcph; +- unsigned int tcplen, i; ++ int len, tcp_hdrlen; ++ unsigned int i; + __be16 oldval; + u16 newmss; + u8 *opt; +@@ -64,11 +65,14 @@ tcpmss_mangle_packet(struct sk_buff *skb, + if (!skb_make_writable(skb, skb->len)) + return -1; + +- tcplen = skb->len - tcphoff; ++ len = skb->len - tcphoff; ++ if (len < (int)sizeof(struct tcphdr)) ++ return -1; ++ + tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff); ++ tcp_hdrlen = tcph->doff * 4; + +- /* Header cannot be larger than the packet */ +- if (tcplen < tcph->doff*4) ++ if (len < tcp_hdrlen) + return -1; + + if (info->mss == XT_TCPMSS_CLAMP_PMTU) { +@@ -87,9 +91,8 @@ tcpmss_mangle_packet(struct sk_buff *skb, + newmss = info->mss; + + opt = (u_int8_t *)tcph; +- for (i = sizeof(struct tcphdr); i < tcph->doff*4; i += optlen(opt, i)) { +- if (opt[i] == TCPOPT_MSS && tcph->doff*4 - i >= TCPOLEN_MSS && +- opt[i+1] == TCPOLEN_MSS) { ++ for (i = sizeof(struct tcphdr); i <= tcp_hdrlen - TCPOLEN_MSS; i += optlen(opt, i)) { ++ if (opt[i] == TCPOPT_MSS && opt[i+1] == TCPOLEN_MSS) { + u_int16_t oldmss; + + oldmss = (opt[i+2] << 8) | opt[i+3]; +@@ -112,9 +115,10 @@ tcpmss_mangle_packet(struct sk_buff *skb, + } + + /* There is data after the header so the option can't be added +- without moving it, and doing so may make the SYN packet +- itself too large. Accept the packet unmodified instead. */ +- if (tcplen > tcph->doff*4) ++ * without moving it, and doing so may make the SYN packet ++ * itself too large. Accept the packet unmodified instead. ++ */ ++ if (len > tcp_hdrlen) + return 0; + + /* +@@ -143,10 +147,10 @@ tcpmss_mangle_packet(struct sk_buff *skb, + newmss = min(newmss, (u16)1220); + + opt = (u_int8_t *)tcph + sizeof(struct tcphdr); +- memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr)); ++ memmove(opt + TCPOLEN_MSS, opt, len - sizeof(struct tcphdr)); + + inet_proto_csum_replace2(&tcph->check, skb, +- htons(tcplen), htons(tcplen + TCPOLEN_MSS), 1); ++ htons(len), htons(len + TCPOLEN_MSS), 1); + opt[0] = TCPOPT_MSS; + opt[1] = TCPOLEN_MSS; + opt[2] = (newmss & 0xff00) >> 8; +diff --git a/net/netfilter/xt_TCPOPTSTRIP.c b/net/netfilter/xt_TCPOPTSTRIP.c +index b68fa19..625fa1d 100644 +--- a/net/netfilter/xt_TCPOPTSTRIP.c ++++ b/net/netfilter/xt_TCPOPTSTRIP.c +@@ -38,7 +38,7 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb, + struct tcphdr *tcph; + u_int16_t n, o; + u_int8_t *opt; +- int len; ++ int len, tcp_hdrlen; + + /* This is a fragment, no TCP header is available */ + if (par->fragoff != 0) +@@ -52,7 +52,9 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb, + return NF_DROP; + + tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff); +- if (tcph->doff * 4 > len) ++ tcp_hdrlen = tcph->doff * 4; ++ ++ if (len < tcp_hdrlen) + return NF_DROP; + + opt = (u_int8_t *)tcph; +@@ -61,10 +63,10 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb, + * Walk through all TCP options - if we find some option to remove, + * set all octets to %TCPOPT_NOP and adjust checksum. + */ +- for (i = sizeof(struct tcphdr); i < tcp_hdrlen(skb); i += optl) { ++ for (i = sizeof(struct tcphdr); i < tcp_hdrlen - 1; i += optl) { + optl = optlen(opt, i); + +- if (i + optl > tcp_hdrlen(skb)) ++ if (i + optl > tcp_hdrlen) + break; + + if (!tcpoptstrip_test_bit(info->strip_bmap, opt[i])) diff --git a/net/netfilter/xt_gradm.c b/net/netfilter/xt_gradm.c new file mode 100644 index 0000000..c566332 @@ -88763,10 +93342,10 @@ index 4fe4fb4..87a89e5 100644 return 0; } diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c -index 1e3fd5b..ad397ea 100644 +index 57ee84d..8b99cf5 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c -@@ -781,7 +781,7 @@ static void netlink_overrun(struct sock *sk) +@@ -121,7 +121,7 @@ static void netlink_overrun(struct sock *sk) sk->sk_error_report(sk); } } @@ -88774,8 +93353,8 @@ index 1e3fd5b..ad397ea 100644 + atomic_inc_unchecked(&sk->sk_drops); } - static struct sock *netlink_getsockbyportid(struct sock *ssk, u32 portid) -@@ -2063,7 +2063,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) + static void netlink_rcv_wake(struct sock *sk) +@@ -2771,7 +2771,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) sk_wmem_alloc_get(s), nlk->cb, atomic_read(&s->sk_refcnt), @@ -88785,10 +93364,10 @@ index 1e3fd5b..ad397ea 100644 ); diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c -index 5a55be3..7630745 100644 +index 1076fe1..f190285 100644 --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c -@@ -296,18 +296,20 @@ int genl_register_ops(struct genl_family *family, struct genl_ops *ops) +@@ -310,18 +310,20 @@ int genl_register_ops(struct genl_family *family, struct genl_ops *ops) goto errout; } @@ -88804,41 +93383,33 @@ index 5a55be3..7630745 100644 + *(unsigned int *)&ops->flags |= GENL_CMD_CAP_HASPOL; + pax_close_kernel(); - genl_lock(); + genl_lock_all(); - list_add_tail(&ops->ops_list, &family->ops_list); + pax_list_add_tail((struct list_head *)&ops->ops_list, &family->ops_list); - genl_unlock(); + genl_unlock_all(); - genl_ctrl_event(CTRL_CMD_NEWOPS, ops); + genl_ctrl_event(CTRL_CMD_NEWOPS, (void *)ops); err = 0; errout: return err; -@@ -337,9 +339,9 @@ int genl_unregister_ops(struct genl_family *family, struct genl_ops *ops) - genl_lock(); +@@ -351,9 +353,9 @@ int genl_unregister_ops(struct genl_family *family, struct genl_ops *ops) + genl_lock_all(); list_for_each_entry(rc, &family->ops_list, ops_list) { if (rc == ops) { - list_del(&ops->ops_list); + pax_list_del((struct list_head *)&ops->ops_list); - genl_unlock(); + genl_unlock_all(); - genl_ctrl_event(CTRL_CMD_DELOPS, ops); + genl_ctrl_event(CTRL_CMD_DELOPS, (void *)ops); return 0; } } diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c -index 103bd70..f21aad3 100644 +index ec0c80f..41e1830 100644 --- a/net/netrom/af_netrom.c +++ b/net/netrom/af_netrom.c -@@ -834,6 +834,7 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr, - struct sock *sk = sock->sk; - struct nr_sock *nr = nr_sk(sk); - -+ memset(sax, 0, sizeof(*sax)); - lock_sock(sk); - if (peer != 0) { - if (sk->sk_state != TCP_ESTABLISHED) { -@@ -848,7 +849,6 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr, +@@ -850,7 +850,6 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr, *uaddr_len = sizeof(struct full_sockaddr_ax25); } else { sax->fsa_ax25.sax25_family = AF_NETROM; @@ -88847,28 +93418,28 @@ index 103bd70..f21aad3 100644 *uaddr_len = sizeof(struct sockaddr_ax25); } diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index f83e172..b57140d 100644 +index 20a1bd0..bb8f1c1 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c -@@ -1571,7 +1571,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1681,7 +1681,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, spin_lock(&sk->sk_receive_queue.lock); - po->stats.tp_packets++; + po->stats.stats1.tp_packets++; - skb->dropcount = atomic_read(&sk->sk_drops); + skb->dropcount = atomic_read_unchecked(&sk->sk_drops); __skb_queue_tail(&sk->sk_receive_queue, skb); spin_unlock(&sk->sk_receive_queue.lock); sk->sk_data_ready(sk, skb->len); -@@ -1580,7 +1580,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1690,7 +1690,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, drop_n_acct: spin_lock(&sk->sk_receive_queue.lock); - po->stats.tp_drops++; + po->stats.stats1.tp_drops++; - atomic_inc(&sk->sk_drops); + atomic_inc_unchecked(&sk->sk_drops); spin_unlock(&sk->sk_receive_queue.lock); drop_n_restore: -@@ -2558,6 +2558,7 @@ out: +@@ -2640,6 +2640,7 @@ out: static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) { @@ -88876,7 +93447,7 @@ index f83e172..b57140d 100644 struct sock_exterr_skb *serr; struct sk_buff *skb, *skb2; int copied, err; -@@ -2579,8 +2580,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) +@@ -2661,8 +2662,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) sock_recv_timestamp(msg, sk, skb); serr = SKB_EXT_ERR(skb); @@ -88887,7 +93458,7 @@ index f83e172..b57140d 100644 msg->msg_flags |= MSG_ERRQUEUE; err = copied; -@@ -3205,7 +3207,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3281,7 +3283,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, case PACKET_HDRLEN: if (len > sizeof(int)) len = sizeof(int); @@ -88896,7 +93467,7 @@ index f83e172..b57140d 100644 return -EFAULT; switch (val) { case TPACKET_V1: -@@ -3247,7 +3249,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3324,7 +3326,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, len = lv; if (put_user(len, optlen)) return -EFAULT; @@ -89432,24 +94003,11 @@ index 391a245..296b3d7 100644 } /* Initialize IPv6 support and register with socket layer. */ -diff --git a/net/sctp/probe.c b/net/sctp/probe.c -index ad0dba8..e62c225 100644 ---- a/net/sctp/probe.c -+++ b/net/sctp/probe.c -@@ -63,7 +63,7 @@ static struct { - struct timespec tstart; - } sctpw; - --static void printl(const char *fmt, ...) -+static __printf(1, 2) void printl(const char *fmt, ...) - { - va_list args; - int len; diff --git a/net/sctp/proc.c b/net/sctp/proc.c -index ab3bba8..2fbab4e 100644 +index 4e45ee3..e66a031 100644 --- a/net/sctp/proc.c +++ b/net/sctp/proc.c -@@ -336,7 +336,8 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v) +@@ -337,7 +337,8 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v) seq_printf(seq, "%8pK %8pK %-3d %-3d %-2d %-4d " "%4d %8d %8d %7d %5lu %-5d %5d ", @@ -89460,7 +94018,7 @@ index ab3bba8..2fbab4e 100644 assoc->assoc_id, assoc->sndbuf_used, diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c -index 1c2e46c..f91cf5e 100644 +index eaee00c..97c0afd 100644 --- a/net/sctp/protocol.c +++ b/net/sctp/protocol.c @@ -834,8 +834,10 @@ int sctp_register_af(struct sctp_af *af) @@ -89516,10 +94074,10 @@ index 8aab894..f6b7e7d 100644 sctp_generate_t1_cookie_event, sctp_generate_t1_init_event, diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index b907073..57fef6c 100644 +index 6abb1ca..1678f8b 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c -@@ -2166,11 +2166,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, +@@ -2167,11 +2167,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, { struct sctp_association *asoc; struct sctp_ulpevent *event; @@ -89534,7 +94092,7 @@ index b907073..57fef6c 100644 /* * At the time when a user app subscribes to SCTP_SENDER_DRY_EVENT, -@@ -4215,13 +4217,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, +@@ -4222,13 +4224,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, int __user *optlen) { @@ -89552,7 +94110,7 @@ index b907073..57fef6c 100644 return -EFAULT; return 0; } -@@ -4239,6 +4244,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, +@@ -4246,6 +4251,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, */ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen) { @@ -89561,7 +94119,7 @@ index b907073..57fef6c 100644 /* Applicable to UDP-style socket only */ if (sctp_style(sk, TCP)) return -EOPNOTSUPP; -@@ -4247,7 +4254,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv +@@ -4254,7 +4261,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv len = sizeof(int); if (put_user(len, optlen)) return -EFAULT; @@ -89571,7 +94129,7 @@ index b907073..57fef6c 100644 return -EFAULT; return 0; } -@@ -4619,12 +4627,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len, +@@ -4626,12 +4634,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len, */ static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen) { @@ -89588,7 +94146,7 @@ index b907073..57fef6c 100644 return -EFAULT; return 0; } -@@ -4665,6 +4676,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, +@@ -4672,6 +4683,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; if (space_left < addrlen) return -ENOMEM; @@ -89619,8 +94177,27 @@ index bf3c6e8..376d8d0 100644 int i; table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL); +diff --git a/net/sctp/transport.c b/net/sctp/transport.c +index 098f1d5f..60da2f7 100644 +--- a/net/sctp/transport.c ++++ b/net/sctp/transport.c +@@ -178,12 +178,12 @@ static void sctp_transport_destroy(struct sctp_transport *transport) + { + SCTP_ASSERT(transport->dead, "Transport is not dead", return); + +- call_rcu(&transport->rcu, sctp_transport_destroy_rcu); +- + sctp_packet_free(&transport->packet); + + if (transport->asoc) + sctp_association_put(transport->asoc); ++ ++ call_rcu(&transport->rcu, sctp_transport_destroy_rcu); + } + + /* Start T3_rtx timer if it is not already running and update the heartbeat diff --git a/net/socket.c b/net/socket.c -index 88f759a..c6933de 100644 +index 4ca1526..df83e47 100644 --- a/net/socket.c +++ b/net/socket.c @@ -88,6 +88,7 @@ @@ -89649,7 +94226,7 @@ index 88f759a..c6933de 100644 static struct file_system_type sock_fs_type = { .name = "sockfs", -@@ -1268,6 +1271,8 @@ int __sock_create(struct net *net, int family, int type, int protocol, +@@ -1246,6 +1249,8 @@ int __sock_create(struct net *net, int family, int type, int protocol, return -EAFNOSUPPORT; if (type < 0 || type >= SOCK_MAX) return -EINVAL; @@ -89658,7 +94235,7 @@ index 88f759a..c6933de 100644 /* Compatibility. -@@ -1399,6 +1404,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol) +@@ -1377,6 +1382,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol) if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK)) flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK; @@ -89675,7 +94252,7 @@ index 88f759a..c6933de 100644 retval = sock_create(family, type, protocol, &sock); if (retval < 0) goto out; -@@ -1526,6 +1541,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1504,6 +1519,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) if (sock) { err = move_addr_to_kernel(umyaddr, addrlen, &address); if (err >= 0) { @@ -89690,7 +94267,7 @@ index 88f759a..c6933de 100644 err = security_socket_bind(sock, (struct sockaddr *)&address, addrlen); -@@ -1534,6 +1557,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1512,6 +1535,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) (struct sockaddr *) &address, addrlen); } @@ -89698,7 +94275,7 @@ index 88f759a..c6933de 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1557,10 +1581,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) +@@ -1535,10 +1559,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) if ((unsigned int)backlog > somaxconn) backlog = somaxconn; @@ -89719,7 +94296,7 @@ index 88f759a..c6933de 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1604,6 +1638,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1582,6 +1616,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, newsock->type = sock->type; newsock->ops = sock->ops; @@ -89738,7 +94315,7 @@ index 88f759a..c6933de 100644 /* * We don't need try_module_get here, as the listening socket (sock) * has the protocol module (sock->ops->owner) held. -@@ -1649,6 +1695,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1627,6 +1673,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, fd_install(newfd, newfile); err = newfd; @@ -89747,7 +94324,7 @@ index 88f759a..c6933de 100644 out_put: fput_light(sock->file, fput_needed); out: -@@ -1681,6 +1729,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1659,6 +1707,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, int, addrlen) { struct socket *sock; @@ -89755,7 +94332,7 @@ index 88f759a..c6933de 100644 struct sockaddr_storage address; int err, fput_needed; -@@ -1691,6 +1740,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1669,6 +1718,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, if (err < 0) goto out_put; @@ -89773,7 +94350,7 @@ index 88f759a..c6933de 100644 err = security_socket_connect(sock, (struct sockaddr *)&address, addrlen); if (err) -@@ -1772,6 +1832,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr, +@@ -1750,6 +1810,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr, * the protocol. */ @@ -89782,7 +94359,7 @@ index 88f759a..c6933de 100644 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len, unsigned int, flags, struct sockaddr __user *, addr, int, addr_len) -@@ -1838,7 +1900,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, +@@ -1816,7 +1878,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, struct socket *sock; struct iovec iov; struct msghdr msg; @@ -89791,7 +94368,7 @@ index 88f759a..c6933de 100644 int err, err2; int fput_needed; -@@ -2045,7 +2107,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2023,7 +2085,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, * checking falls down on this. */ if (copy_from_user(ctl_buf, @@ -89800,7 +94377,7 @@ index 88f759a..c6933de 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2185,7 +2247,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2174,7 +2236,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, int err, total_len, len; /* kernel mode address */ @@ -89809,7 +94386,7 @@ index 88f759a..c6933de 100644 /* user mode address pointers */ struct sockaddr __user *uaddr; -@@ -2213,7 +2275,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2202,7 +2264,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, * kernel msghdr to use the kernel address space) */ @@ -89818,7 +94395,7 @@ index 88f759a..c6933de 100644 uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) { err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); -@@ -2952,7 +3014,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, +@@ -2955,7 +3017,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); err = dev_ioctl(net, cmd, @@ -89827,7 +94404,7 @@ index 88f759a..c6933de 100644 set_fs(old_fs); return err; -@@ -3061,7 +3123,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, +@@ -3064,7 +3126,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); @@ -89836,7 +94413,7 @@ index 88f759a..c6933de 100644 set_fs(old_fs); if (cmd == SIOCGIFMAP && !err) { -@@ -3166,7 +3228,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, +@@ -3169,7 +3231,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, ret |= __get_user(rtdev, &(ur4->rt_dev)); if (rtdev) { ret |= copy_from_user(devname, compat_ptr(rtdev), 15); @@ -89845,7 +94422,7 @@ index 88f759a..c6933de 100644 devname[15] = 0; } else r4.rt_dev = NULL; -@@ -3392,8 +3454,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, +@@ -3395,8 +3457,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, int __user *uoptlen; int err; @@ -89856,7 +94433,7 @@ index 88f759a..c6933de 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) -@@ -3413,7 +3475,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, +@@ -3416,7 +3478,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; @@ -89866,10 +94443,10 @@ index 88f759a..c6933de 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c -index d5f35f1..da2680b5 100644 +index 426f8fc..1ef9c32 100644 --- a/net/sunrpc/clnt.c +++ b/net/sunrpc/clnt.c -@@ -1283,7 +1283,9 @@ call_start(struct rpc_task *task) +@@ -1288,7 +1288,9 @@ call_start(struct rpc_task *task) (RPC_IS_ASYNC(task) ? "async" : "sync")); /* Increment call count */ @@ -89897,9 +94474,18 @@ index 5356b12..c0f4c29 100644 #else static inline void rpc_task_set_debuginfo(struct rpc_task *task) diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c -index 89a588b..ba2cef8 100644 +index 89a588b..678ed90 100644 --- a/net/sunrpc/svc.c +++ b/net/sunrpc/svc.c +@@ -740,7 +740,7 @@ svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs) + + __module_get(serv->sv_module); + task = kthread_create_on_node(serv->sv_function, rqstp, +- node, serv->sv_name); ++ node, "%s", serv->sv_name); + if (IS_ERR(task)) { + error = PTR_ERR(task); + module_put(serv->sv_module); @@ -1160,7 +1160,9 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv) svc_putnl(resv, RPC_SUCCESS); @@ -90129,7 +94715,7 @@ index 9bc6db0..47ac8c0 100644 int mode = (table->mode >> 6) & 7; return (mode << 6) | (mode << 3) | mode; diff --git a/net/tipc/link.c b/net/tipc/link.c -index daa6080..2bbbe70 100644 +index a80feee..2bbbe70 100644 --- a/net/tipc/link.c +++ b/net/tipc/link.c @@ -1201,7 +1201,7 @@ static int link_send_sections_long(struct tipc_port *sender, @@ -90159,38 +94745,6 @@ index daa6080..2bbbe70 100644 sect_crs += sz; sect_rest -= sz; fragm_crs += sz; -@@ -2306,8 +2306,11 @@ static int link_recv_changeover_msg(struct tipc_link **l_ptr, - struct tipc_msg *tunnel_msg = buf_msg(tunnel_buf); - u32 msg_typ = msg_type(tunnel_msg); - u32 msg_count = msg_msgcnt(tunnel_msg); -+ u32 bearer_id = msg_bearer_id(tunnel_msg); - -- dest_link = (*l_ptr)->owner->links[msg_bearer_id(tunnel_msg)]; -+ if (bearer_id >= MAX_BEARERS) -+ goto exit; -+ dest_link = (*l_ptr)->owner->links[bearer_id]; - if (!dest_link) - goto exit; - if (dest_link == *l_ptr) { -@@ -2521,14 +2524,16 @@ int tipc_link_recv_fragment(struct sk_buff **pending, struct sk_buff **fb, - struct tipc_msg *imsg = (struct tipc_msg *)msg_data(fragm); - u32 msg_sz = msg_size(imsg); - u32 fragm_sz = msg_data_sz(fragm); -- u32 exp_fragm_cnt = msg_sz/fragm_sz + !!(msg_sz % fragm_sz); -+ u32 exp_fragm_cnt; - u32 max = TIPC_MAX_USER_MSG_SIZE + NAMED_H_SIZE; -+ - if (msg_type(imsg) == TIPC_MCAST_MSG) - max = TIPC_MAX_USER_MSG_SIZE + MCAST_H_SIZE; -- if (msg_size(imsg) > max) { -+ if (fragm_sz == 0 || msg_size(imsg) > max) { - kfree_skb(fbuf); - return 0; - } -+ exp_fragm_cnt = msg_sz / fragm_sz + !!(msg_sz % fragm_sz); - pbuf = tipc_buf_acquire(msg_size(imsg)); - if (pbuf != NULL) { - pbuf->next = *pending; diff --git a/net/tipc/msg.c b/net/tipc/msg.c index f2db8a8..9245aa4 100644 --- a/net/tipc/msg.c @@ -90218,7 +94772,7 @@ index 6b42d47..2ac24d5 100644 sub->evt.event = htohl(event, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index 2db702d..09a77488 100644 +index 826e099..4fa8c93 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -783,6 +783,12 @@ static struct sock *unix_find_other(struct net *net, @@ -90267,7 +94821,7 @@ index 2db702d..09a77488 100644 done_path_create(&path, dentry); return err; } -@@ -2323,9 +2342,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2324,9 +2343,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) seq_puts(seq, "Num RefCount Protocol Flags Type St " "Inode Path\n"); else { @@ -90282,7 +94836,7 @@ index 2db702d..09a77488 100644 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu", s, -@@ -2352,8 +2375,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2353,8 +2376,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) } for ( ; i < len; i++) seq_putc(seq, u->addr->name->sun_path[i]); @@ -90308,6 +94862,19 @@ index 8800604..0526440 100644 table = kmemdup(unix_table, sizeof(unix_table), GFP_KERNEL); if (table == NULL) +diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c +index 3f77f42..662d89b 100644 +--- a/net/vmw_vsock/af_vsock.c ++++ b/net/vmw_vsock/af_vsock.c +@@ -335,7 +335,7 @@ void vsock_for_each_connected_socket(void (*fn)(struct sock *sk)) + for (i = 0; i < ARRAY_SIZE(vsock_connected_table); i++) { + struct vsock_sock *vsk; + list_for_each_entry(vsk, &vsock_connected_table[i], +- connected_table); ++ connected_table) + fn(sk_vsock(vsk)); + } + diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c index c8717c1..08539f5 100644 --- a/net/wireless/wext-core.c @@ -90345,20 +94912,8 @@ index c8717c1..08539f5 100644 err = handler(dev, info, (union iwreq_data *) iwp, extra); iwp->length += essid_compat; -diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c -index bcfda89..0cf003d 100644 ---- a/net/xfrm/xfrm_output.c -+++ b/net/xfrm/xfrm_output.c -@@ -64,6 +64,7 @@ static int xfrm_output_one(struct sk_buff *skb, int err) - - if (unlikely(x->km.state != XFRM_STATE_VALID)) { - XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATEINVALID); -+ err = -EINVAL; - goto error; - } - diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 167c67d..3f2ae427 100644 +index ea970b8..c68edb9f 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -334,7 +334,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy) @@ -90379,7 +94934,7 @@ index 167c67d..3f2ae427 100644 rt_genid_bump(net); if (delpol) { xfrm_policy_requeue(delpol, policy); -@@ -1611,7 +1611,7 @@ free_dst: +@@ -1629,7 +1629,7 @@ free_dst: goto out; } @@ -90388,7 +94943,7 @@ index 167c67d..3f2ae427 100644 xfrm_dst_alloc_copy(void **target, const void *src, int size) { if (!*target) { -@@ -1623,7 +1623,7 @@ xfrm_dst_alloc_copy(void **target, const void *src, int size) +@@ -1641,7 +1641,7 @@ xfrm_dst_alloc_copy(void **target, const void *src, int size) return 0; } @@ -90397,7 +94952,7 @@ index 167c67d..3f2ae427 100644 xfrm_dst_update_parent(struct dst_entry *dst, const struct xfrm_selector *sel) { #ifdef CONFIG_XFRM_SUB_POLICY -@@ -1635,7 +1635,7 @@ xfrm_dst_update_parent(struct dst_entry *dst, const struct xfrm_selector *sel) +@@ -1653,7 +1653,7 @@ xfrm_dst_update_parent(struct dst_entry *dst, const struct xfrm_selector *sel) #endif } @@ -90406,7 +94961,7 @@ index 167c67d..3f2ae427 100644 xfrm_dst_update_origin(struct dst_entry *dst, const struct flowi *fl) { #ifdef CONFIG_XFRM_SUB_POLICY -@@ -1729,7 +1729,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols, +@@ -1747,7 +1747,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols, xdst->num_pols = num_pols; memcpy(xdst->pols, pols, sizeof(struct xfrm_policy*) * num_pols); @@ -90415,7 +94970,7 @@ index 167c67d..3f2ae427 100644 return xdst; } -@@ -2598,7 +2598,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first) +@@ -2618,7 +2618,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first) if (xdst->xfrm_genid != dst->xfrm->genid) return 0; if (xdst->num_pols > 0 && @@ -90424,7 +94979,7 @@ index 167c67d..3f2ae427 100644 return 0; mtu = dst_mtu(dst->child); -@@ -2686,8 +2686,11 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) +@@ -2706,8 +2706,11 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) dst_ops->link_failure = xfrm_link_failure; if (likely(dst_ops->neigh_lookup == NULL)) dst_ops->neigh_lookup = xfrm_neigh_lookup; @@ -90438,7 +94993,7 @@ index 167c67d..3f2ae427 100644 rcu_assign_pointer(xfrm_policy_afinfo[afinfo->family], afinfo); } spin_unlock(&xfrm_policy_afinfo_lock); -@@ -2741,7 +2744,9 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo) +@@ -2761,7 +2764,9 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo) dst_ops->check = NULL; dst_ops->negative_advice = NULL; dst_ops->link_failure = NULL; @@ -90449,7 +95004,7 @@ index 167c67d..3f2ae427 100644 } return err; } -@@ -3124,7 +3129,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, +@@ -3144,7 +3149,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, sizeof(pol->xfrm_vec[i].saddr)); pol->xfrm_vec[i].encap_family = mp->new_family; /* flush bundles */ @@ -90459,7 +95014,7 @@ index 167c67d..3f2ae427 100644 } diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c -index 2c341bd..4404211 100644 +index 78f66fa..9286768 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -177,12 +177,14 @@ int xfrm_register_type(const struct xfrm_type *type, unsigned short family) @@ -90567,7 +95122,7 @@ index 05a6e3d..6716ec9 100644 __xfrm_sysctl_init(net); diff --git a/scripts/Makefile.build b/scripts/Makefile.build -index 0e801c3..5c8ad3b 100644 +index d5d859c..781cbcb 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -111,7 +111,7 @@ endif @@ -90665,7 +95220,7 @@ index 1ac414f..38575f7 100644 + $(host-cxxmulti) $(host-cxxobjs) $(host-cshlib) $(host-cshobjs) $(host-cxxshlib) $(host-cxxshobjs) diff --git a/scripts/basic/fixdep.c b/scripts/basic/fixdep.c -index 7f6425e..9864506 100644 +index 078fe1d..fbdb363 100644 --- a/scripts/basic/fixdep.c +++ b/scripts/basic/fixdep.c @@ -161,7 +161,7 @@ static unsigned int strhash(const char *str, unsigned int sz) @@ -90702,7 +95257,7 @@ index 7f6425e..9864506 100644 const char *p, *q; for (; m < end; m++) { -@@ -406,7 +406,7 @@ static void print_deps(void) +@@ -435,7 +435,7 @@ static void print_deps(void) static void traps(void) { static char test[] __attribute__((aligned(sizeof(int)))) = "CONF"; @@ -90734,23 +95289,23 @@ index 0000000..5e0222d + [[ "$plugincc" =~ "$1" ]] && echo "$1" + [[ "$plugincc" =~ "$2" ]] && echo "$2" +fi -diff --git a/scripts/headers_install.pl b/scripts/headers_install.pl -index 581ca99..a6ff02e 100644 ---- a/scripts/headers_install.pl -+++ b/scripts/headers_install.pl -@@ -35,6 +35,7 @@ foreach my $filename (@files) { - $line =~ s/([\s(])__user\s/$1/g; - $line =~ s/([\s(])__force\s/$1/g; - $line =~ s/([\s(])__iomem\s/$1/g; -+ $line =~ s/(\s?)__intentional_overflow\([-\d\s,]*\)\s?/$1/g; - $line =~ s/\s__attribute_const__\s/ /g; - $line =~ s/\s__attribute_const__$//g; - $line =~ s/\b__packed\b/__attribute__((packed))/g; +diff --git a/scripts/headers_install.sh b/scripts/headers_install.sh +index 643764f..6cc0137 100644 +--- a/scripts/headers_install.sh ++++ b/scripts/headers_install.sh +@@ -29,6 +29,7 @@ do + FILE="$(basename "$i")" + sed -r \ + -e 's/([ \t(])(__user|__force|__iomem)[ \t]/\1/g' \ ++ -e 's/__intentional_overflow\([- \t,0-9]*\)//g' \ + -e 's/__attribute_const__([ \t]|$)/\1/g' \ + -e 's@^#include @@' \ + -e 's/(^|[^a-zA-Z0-9])__packed([^a-zA-Z0-9_]|$)/\1__attribute__((packed))\2/g' \ diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh -index 3d569d6..0c09522 100644 +index 0149949..d482a0d 100644 --- a/scripts/link-vmlinux.sh +++ b/scripts/link-vmlinux.sh -@@ -159,7 +159,7 @@ else +@@ -158,7 +158,7 @@ else fi; # final build of init/ @@ -90760,7 +95315,7 @@ index 3d569d6..0c09522 100644 kallsymso="" kallsyms_vmlinux="" diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c -index 771ac17..9f0d3ee 100644 +index 45f9a33..e4194b3 100644 --- a/scripts/mod/file2alias.c +++ b/scripts/mod/file2alias.c @@ -140,7 +140,7 @@ static void device_id_check(const char *modname, const char *device_id, @@ -90827,10 +95382,10 @@ index 771ac17..9f0d3ee 100644 sprintf(alias, "dmi*"); diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c -index 78b30c1..536850d 100644 +index a4be8e1..6e8a5fb 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c -@@ -931,6 +931,7 @@ enum mismatch { +@@ -933,6 +933,7 @@ enum mismatch { ANY_INIT_TO_ANY_EXIT, ANY_EXIT_TO_ANY_INIT, EXPORT_TO_INIT_EXIT, @@ -90838,7 +95393,7 @@ index 78b30c1..536850d 100644 }; struct sectioncheck { -@@ -1045,6 +1046,12 @@ const struct sectioncheck sectioncheck[] = { +@@ -1047,6 +1048,12 @@ const struct sectioncheck sectioncheck[] = { .tosec = { INIT_SECTIONS, EXIT_SECTIONS, NULL }, .mismatch = EXPORT_TO_INIT_EXIT, .symbol_white_list = { DEFAULT_SYMBOL_WHITE_LIST, NULL }, @@ -90851,7 +95406,7 @@ index 78b30c1..536850d 100644 } }; -@@ -1167,10 +1174,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr, +@@ -1169,10 +1176,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr, continue; if (ELF_ST_TYPE(sym->st_info) == STT_SECTION) continue; @@ -90864,7 +95419,7 @@ index 78b30c1..536850d 100644 if (d < 0) d = addr - sym->st_value; if (d < distance) { -@@ -1449,6 +1456,14 @@ static void report_sec_mismatch(const char *modname, +@@ -1451,6 +1458,14 @@ static void report_sec_mismatch(const char *modname, tosym, prl_to, prl_to, tosym); free(prl_to); break; @@ -90879,7 +95434,7 @@ index 78b30c1..536850d 100644 } fprintf(stderr, "\n"); } -@@ -1683,7 +1698,7 @@ static void section_rel(const char *modname, struct elf_info *elf, +@@ -1685,7 +1700,7 @@ static void section_rel(const char *modname, struct elf_info *elf, static void check_sec_ref(struct module *mod, const char *modname, struct elf_info *elf) { @@ -90888,7 +95443,7 @@ index 78b30c1..536850d 100644 Elf_Shdr *sechdrs = elf->sechdrs; /* Walk through all sections */ -@@ -1781,7 +1796,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf, +@@ -1804,7 +1819,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf, va_end(ap); } @@ -90897,7 +95452,7 @@ index 78b30c1..536850d 100644 { if (buf->size - buf->pos < len) { buf->size += len + SZ; -@@ -1999,7 +2014,7 @@ static void write_if_changed(struct buffer *b, const char *fname) +@@ -2023,7 +2038,7 @@ static void write_if_changed(struct buffer *b, const char *fname) if (fstat(fileno(file), &st) < 0) goto close_write; @@ -91002,10 +95557,10 @@ index f5eb43d..1814de8 100644 shdr = (Elf_Shdr *)((char *)ehdr + _r(&ehdr->e_shoff)); shstrtab_sec = shdr + r2(&ehdr->e_shstrndx); diff --git a/security/Kconfig b/security/Kconfig -index e9c6ac7..e6254cf 100644 +index e9c6ac7..3e3f362 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,944 @@ +@@ -4,6 +4,959 @@ menu "Security options" @@ -91373,7 +95928,7 @@ index e9c6ac7..e6254cf 100644 +config PAX_NOEXEC + bool "Enforce non-executable pages" + default y if GRKERNSEC_CONFIG_AUTO -+ depends on ALPHA || (ARM && (CPU_V6 || CPU_V7)) || IA64 || MIPS || PARISC || PPC || S390 || SPARC || X86 ++ depends on ALPHA || (ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || IA64 || MIPS || PARISC || PPC || S390 || SPARC || X86 + help + By design some architectures do not allow for protecting memory + pages against execution or even if they do, Linux does not make @@ -91403,8 +95958,6 @@ index e9c6ac7..e6254cf 100644 + bool "Paging based non-executable pages" + default y if GRKERNSEC_CONFIG_AUTO + depends on PAX_NOEXEC && (!X86_32 || M586 || M586TSC || M586MMX || M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MCORE2 || MATOM || MPENTIUM4 || MPSC || MK7 || MK8 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MVIAC3_2 || MVIAC7) -+ select S390_SWITCH_AMODE if S390 -+ select S390_EXEC_PROTECT if S390 + select ARCH_TRACK_EXEC_LIMIT if X86_32 + help + This implementation is based on the paging feature of the CPU. @@ -91586,7 +96139,7 @@ index e9c6ac7..e6254cf 100644 +config PAX_KERNEXEC + bool "Enforce non-executable kernel pages" + default y if GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_NONE || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_GUEST) || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_KVM)) -+ depends on (X86 || (ARM && (CPU_V6 || CPU_V7) && !(ARM_LPAE && MODULES))) && !XEN ++ depends on (X86 || (ARM && (CPU_V6 || CPU_V6K || CPU_V7) && !(ARM_LPAE && MODULES))) && !XEN + select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE) + select PAX_KERNEXEC_PLUGIN if X86_64 + help @@ -91630,15 +96183,16 @@ index e9c6ac7..e6254cf 100644 + int "Minimum amount of memory reserved for module code" + default "4" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER) + default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP) -+ depends on PAX_KERNEXEC && X86_32 && MODULES ++ depends on PAX_KERNEXEC && X86_32 + help + Due to implementation details the kernel must reserve a fixed -+ amount of memory for module code at compile time that cannot be -+ changed at runtime. Here you can specify the minimum amount -+ in MB that will be reserved. Due to the same implementation -+ details this size will always be rounded up to the next 2/4 MB -+ boundary (depends on PAE) so the actually available memory for -+ module code will usually be more than this minimum. ++ amount of memory for runtime allocated code (such as modules) ++ at compile time that cannot be changed at runtime. Here you ++ can specify the minimum amount in MB that will be reserved. ++ Due to the same implementation details this size will always ++ be rounded up to the next 2/4 MB boundary (depends on PAE) so ++ the actually available memory for runtime allocated code will ++ usually be more than this minimum. + + The default 4 MB should be enough for most users but if you have + an excessive number of modules (e.g., most distribution configs @@ -91684,7 +96238,7 @@ index e9c6ac7..e6254cf 100644 + +config PAX_RANDKSTACK + bool "Randomize kernel stack base" -+ default y if GRKERNSEC_CONFIG_AUTO ++ default y if GRKERNSEC_CONFIG_AUTO && !(GRKERNSEC_CONFIG_VIRT_HOST && GRKERNSEC_CONFIG_VIRT_VIRTUALBOX) + depends on X86_TSC && X86 + help + By saying Y here the kernel will randomize every task's kernel @@ -91742,21 +96296,32 @@ index e9c6ac7..e6254cf 100644 + default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY) + depends on !HIBERNATION + help -+ By saying Y here the kernel will erase memory pages as soon as they -+ are freed. This in turn reduces the lifetime of data stored in the -+ pages, making it less likely that sensitive information such as -+ passwords, cryptographic secrets, etc stay in memory for too long. ++ By saying Y here the kernel will erase memory pages and slab objects ++ as soon as they are freed. This in turn reduces the lifetime of data ++ stored in them, making it less likely that sensitive information such ++ as passwords, cryptographic secrets, etc stay in memory for too long. + + This is especially useful for programs whose runtime is short, long + lived processes and the kernel itself benefit from this as long as -+ they operate on whole memory pages and ensure timely freeing of pages -+ that may hold sensitive information. ++ they ensure timely freeing of memory that may hold sensitive ++ information. ++ ++ A nice side effect of the sanitization of slab objects is the ++ reduction of possible info leaks caused by padding bytes within the ++ leaky structures. Use-after-free bugs for structures containing ++ pointers can also be detected as dereferencing the sanitized pointer ++ will generate an access violation. + + The tradeoff is performance impact, on a single CPU system kernel + compilation sees a 3% slowdown, other systems and workloads may vary + and you are advised to test this feature on your expected workload + before deploying it. + ++ To reduce the performance penalty by sanitizing pages only, albeit ++ limiting the effectiveness of this feature at the same time, slab ++ sanitization can be disabled with the kernel commandline parameter ++ "pax_sanitize_slab=0". ++ + Note that this feature does not protect data stored in live pages, + e.g., process memory swapped to disk may stay there for a long time. + @@ -91806,7 +96371,7 @@ index e9c6ac7..e6254cf 100644 +config PAX_MEMORY_UDEREF + bool "Prevent invalid userland pointer dereference" + default y if GRKERNSEC_CONFIG_AUTO && !(X86_64 && GRKERNSEC_CONFIG_PRIORITY_PERF) && (GRKERNSEC_CONFIG_VIRT_NONE || GRKERNSEC_CONFIG_VIRT_EPT) -+ depends on (X86 || (ARM && (CPU_V6 || CPU_V7) && !ARM_LPAE)) && !UML_X86 && !XEN ++ depends on (X86 || (ARM && (CPU_V6 || CPU_V6K || CPU_V7) && !ARM_LPAE)) && !UML_X86 && !XEN + select PAX_PER_CPU_PGD if X86_64 + help + By saying Y here the kernel will be prevented from dereferencing @@ -91823,10 +96388,15 @@ index e9c6ac7..e6254cf 100644 + VMs running on CPUs without hardware virtualization support (i.e., + the majority of IA-32 CPUs) will likely experience the slowdown. + ++ On X86_64 the kernel will make use of PCID support when available ++ (Intel's Westmere, Sandy Bridge, etc) for better security (default) ++ or performance impact. Pass pax_weakuderef on the kernel command ++ line to choose the latter. ++ +config PAX_REFCOUNT + bool "Prevent various kernel object reference counter overflows" + default y if GRKERNSEC_CONFIG_AUTO -+ depends on GRKERNSEC && ((ARM && (CPU_32v6 || CPU_32v6K || CPU_32v7)) || SPARC64 || X86) ++ depends on GRKERNSEC && ((ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || SPARC64 || X86) + help + By saying Y here the kernel will detect and prevent overflowing + various (but not all) kinds of object reference counters. Such @@ -91950,7 +96520,7 @@ index e9c6ac7..e6254cf 100644 source security/keys/Kconfig config SECURITY_DMESG_RESTRICT -@@ -103,7 +1041,7 @@ config INTEL_TXT +@@ -103,7 +1056,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -91959,6 +96529,272 @@ index e9c6ac7..e6254cf 100644 default 65536 help This is the portion of low virtual memory which should be protected +diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig +index 9b9013b..51ebf96 100644 +--- a/security/apparmor/Kconfig ++++ b/security/apparmor/Kconfig +@@ -29,3 +29,12 @@ config SECURITY_APPARMOR_BOOTPARAM_VALUE + boot. + + If you are unsure how to answer this question, answer 1. ++ ++config SECURITY_APPARMOR_COMPAT_24 ++ bool "Enable AppArmor 2.4 compatability" ++ depends on SECURITY_APPARMOR ++ default y ++ help ++ This option enables compatability with AppArmor 2.4. It is ++ recommended if compatability with older versions of AppArmor ++ is desired. +diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c +index 16c15ec..42b7c9f 100644 +--- a/security/apparmor/apparmorfs.c ++++ b/security/apparmor/apparmorfs.c +@@ -182,6 +182,234 @@ const struct file_operations aa_fs_seq_file_ops = { + .release = single_release, + }; + ++#ifdef CONFIG_SECURITY_APPARMOR_COMPAT_24 ++/** ++ * __next_namespace - find the next namespace to list ++ * @root: root namespace to stop search at (NOT NULL) ++ * @ns: current ns position (NOT NULL) ++ * ++ * Find the next namespace from @ns under @root and handle all locking needed ++ * while switching current namespace. ++ * ++ * Returns: next namespace or NULL if at last namespace under @root ++ * NOTE: will not unlock root->lock ++ */ ++static struct aa_namespace *__next_namespace(struct aa_namespace *root, ++ struct aa_namespace *ns) ++{ ++ struct aa_namespace *parent; ++ ++ /* is next namespace a child */ ++ if (!list_empty(&ns->sub_ns)) { ++ struct aa_namespace *next; ++ next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list); ++ read_lock(&next->lock); ++ return next; ++ } ++ ++ /* check if the next ns is a sibling, parent, gp, .. */ ++ parent = ns->parent; ++ while (parent) { ++ read_unlock(&ns->lock); ++ list_for_each_entry_continue(ns, &parent->sub_ns, base.list) { ++ read_lock(&ns->lock); ++ return ns; ++ } ++ if (parent == root) ++ return NULL; ++ ns = parent; ++ parent = parent->parent; ++ } ++ ++ return NULL; ++} ++ ++/** ++ * __first_profile - find the first profile in a namespace ++ * @root: namespace that is root of profiles being displayed (NOT NULL) ++ * @ns: namespace to start in (NOT NULL) ++ * ++ * Returns: unrefcounted profile or NULL if no profile ++ */ ++static struct aa_profile *__first_profile(struct aa_namespace *root, ++ struct aa_namespace *ns) ++{ ++ for ( ; ns; ns = __next_namespace(root, ns)) { ++ if (!list_empty(&ns->base.profiles)) ++ return list_first_entry(&ns->base.profiles, ++ struct aa_profile, base.list); ++ } ++ return NULL; ++} ++ ++/** ++ * __next_profile - step to the next profile in a profile tree ++ * @profile: current profile in tree (NOT NULL) ++ * ++ * Perform a depth first taversal on the profile tree in a namespace ++ * ++ * Returns: next profile or NULL if done ++ * Requires: profile->ns.lock to be held ++ */ ++static struct aa_profile *__next_profile(struct aa_profile *p) ++{ ++ struct aa_profile *parent; ++ struct aa_namespace *ns = p->ns; ++ ++ /* is next profile a child */ ++ if (!list_empty(&p->base.profiles)) ++ return list_first_entry(&p->base.profiles, typeof(*p), ++ base.list); ++ ++ /* is next profile a sibling, parent sibling, gp, subling, .. */ ++ parent = p->parent; ++ while (parent) { ++ list_for_each_entry_continue(p, &parent->base.profiles, ++ base.list) ++ return p; ++ p = parent; ++ parent = parent->parent; ++ } ++ ++ /* is next another profile in the namespace */ ++ list_for_each_entry_continue(p, &ns->base.profiles, base.list) ++ return p; ++ ++ return NULL; ++} ++ ++/** ++ * next_profile - step to the next profile in where ever it may be ++ * @root: root namespace (NOT NULL) ++ * @profile: current profile (NOT NULL) ++ * ++ * Returns: next profile or NULL if there isn't one ++ */ ++static struct aa_profile *next_profile(struct aa_namespace *root, ++ struct aa_profile *profile) ++{ ++ struct aa_profile *next = __next_profile(profile); ++ if (next) ++ return next; ++ ++ /* finished all profiles in namespace move to next namespace */ ++ return __first_profile(root, __next_namespace(root, profile->ns)); ++} ++ ++/** ++ * p_start - start a depth first traversal of profile tree ++ * @f: seq_file to fill ++ * @pos: current position ++ * ++ * Returns: first profile under current namespace or NULL if none found ++ * ++ * acquires first ns->lock ++ */ ++static void *p_start(struct seq_file *f, loff_t *pos) ++ __acquires(root->lock) ++{ ++ struct aa_profile *profile = NULL; ++ struct aa_namespace *root = aa_current_profile()->ns; ++ loff_t l = *pos; ++ f->private = aa_get_namespace(root); ++ ++ ++ /* find the first profile */ ++ read_lock(&root->lock); ++ profile = __first_profile(root, root); ++ ++ /* skip to position */ ++ for (; profile && l > 0; l--) ++ profile = next_profile(root, profile); ++ ++ return profile; ++} ++ ++/** ++ * p_next - read the next profile entry ++ * @f: seq_file to fill ++ * @p: profile previously returned ++ * @pos: current position ++ * ++ * Returns: next profile after @p or NULL if none ++ * ++ * may acquire/release locks in namespace tree as necessary ++ */ ++static void *p_next(struct seq_file *f, void *p, loff_t *pos) ++{ ++ struct aa_profile *profile = p; ++ struct aa_namespace *root = f->private; ++ (*pos)++; ++ ++ return next_profile(root, profile); ++} ++ ++/** ++ * p_stop - stop depth first traversal ++ * @f: seq_file we are filling ++ * @p: the last profile writen ++ * ++ * Release all locking done by p_start/p_next on namespace tree ++ */ ++static void p_stop(struct seq_file *f, void *p) ++ __releases(root->lock) ++{ ++ struct aa_profile *profile = p; ++ struct aa_namespace *root = f->private, *ns; ++ ++ if (profile) { ++ for (ns = profile->ns; ns && ns != root; ns = ns->parent) ++ read_unlock(&ns->lock); ++ } ++ read_unlock(&root->lock); ++ aa_put_namespace(root); ++} ++ ++/** ++ * seq_show_profile - show a profile entry ++ * @f: seq_file to file ++ * @p: current position (profile) (NOT NULL) ++ * ++ * Returns: error on failure ++ */ ++static int seq_show_profile(struct seq_file *f, void *p) ++{ ++ struct aa_profile *profile = (struct aa_profile *)p; ++ struct aa_namespace *root = f->private; ++ ++ if (profile->ns != root) ++ seq_printf(f, ":%s://", aa_ns_name(root, profile->ns)); ++ seq_printf(f, "%s (%s)\n", profile->base.hname, ++ COMPLAIN_MODE(profile) ? "complain" : "enforce"); ++ ++ return 0; ++} ++ ++static const struct seq_operations aa_fs_profiles_op = { ++ .start = p_start, ++ .next = p_next, ++ .stop = p_stop, ++ .show = seq_show_profile, ++}; ++ ++static int profiles_open(struct inode *inode, struct file *file) ++{ ++ return seq_open(file, &aa_fs_profiles_op); ++} ++ ++static int profiles_release(struct inode *inode, struct file *file) ++{ ++ return seq_release(inode, file); ++} ++ ++const struct file_operations aa_fs_profiles_fops = { ++ .open = profiles_open, ++ .read = seq_read, ++ .llseek = seq_lseek, ++ .release = profiles_release, ++}; ++#endif /* CONFIG_SECURITY_APPARMOR_COMPAT_24 */ ++ + /** Base file system setup **/ + + static struct aa_fs_entry aa_fs_entry_file[] = { +@@ -210,6 +438,9 @@ static struct aa_fs_entry aa_fs_entry_apparmor[] = { + AA_FS_FILE_FOPS(".load", 0640, &aa_fs_profile_load), + AA_FS_FILE_FOPS(".replace", 0640, &aa_fs_profile_replace), + AA_FS_FILE_FOPS(".remove", 0640, &aa_fs_profile_remove), ++#ifdef CONFIG_SECURITY_APPARMOR_COMPAT_24 ++ AA_FS_FILE_FOPS("profiles", 0640, &aa_fs_profiles_fops), ++#endif + AA_FS_DIR("features", aa_fs_entry_features), + { } + }; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index b21830e..a7d1a17 100644 --- a/security/apparmor/lsm.c @@ -92093,10 +96929,10 @@ index d65fa7f..cbfe366 100644 if (iov != iovstack) kfree(iov); diff --git a/security/keys/internal.h b/security/keys/internal.h -index 8bbefc3..299d03f 100644 +index d4f1468..cc52f92 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h -@@ -240,7 +240,7 @@ extern long keyctl_instantiate_key_iov(key_serial_t, +@@ -242,7 +242,7 @@ extern long keyctl_instantiate_key_iov(key_serial_t, extern long keyctl_invalidate_key(key_serial_t); extern long keyctl_instantiate_key_common(key_serial_t, @@ -92163,10 +96999,10 @@ index 8fb7c7b..ba3610d 100644 /* record the root user tracking */ rb_link_node(&root_key_user.node, diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c -index 4b5c948..2054dc1 100644 +index 33cfd27..842fc5a 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c -@@ -986,7 +986,7 @@ static int keyctl_change_reqkey_auth(struct key *key) +@@ -987,7 +987,7 @@ static int keyctl_change_reqkey_auth(struct key *key) /* * Copy the iovec data from userspace */ @@ -92175,7 +97011,7 @@ index 4b5c948..2054dc1 100644 unsigned ioc) { for (; ioc > 0; ioc--) { -@@ -1008,7 +1008,7 @@ static long copy_from_user_iovec(void *buffer, const struct iovec *iov, +@@ -1009,7 +1009,7 @@ static long copy_from_user_iovec(void *buffer, const struct iovec *iov, * If successful, 0 will be returned. */ long keyctl_instantiate_key_common(key_serial_t id, @@ -92184,7 +97020,7 @@ index 4b5c948..2054dc1 100644 unsigned ioc, size_t plen, key_serial_t ringid) -@@ -1103,7 +1103,7 @@ long keyctl_instantiate_key(key_serial_t id, +@@ -1104,7 +1104,7 @@ long keyctl_instantiate_key(key_serial_t id, [0].iov_len = plen }; @@ -92193,7 +97029,7 @@ index 4b5c948..2054dc1 100644 } return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); -@@ -1136,7 +1136,7 @@ long keyctl_instantiate_key_iov(key_serial_t id, +@@ -1137,7 +1137,7 @@ long keyctl_instantiate_key_iov(key_serial_t id, if (ret == 0) goto no_payload_free; @@ -92247,7 +97083,7 @@ index f728728..6457a0c 100644 /* diff --git a/security/security.c b/security/security.c -index 03f248b..5710c33 100644 +index a3dce87..9ca1435 100644 --- a/security/security.c +++ b/security/security.c @@ -20,6 +20,7 @@ @@ -92280,7 +97116,7 @@ index 03f248b..5710c33 100644 /* Save user chosen LSM */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index 7171a95..c35e879 100644 +index 5c6f2cd..b4f945c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -96,8 +96,6 @@ @@ -92292,7 +97128,7 @@ index 7171a95..c35e879 100644 /* SECMARK reference count */ static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); -@@ -5498,7 +5496,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) +@@ -5529,7 +5527,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) #endif @@ -92315,7 +97151,7 @@ index 65f67cb..3f141ef 100644 } #else diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c -index fa64740..bc95b74 100644 +index d52c780..6431349 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3392,7 +3392,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) @@ -92343,7 +97179,7 @@ index 390c646..f2f8db3 100644 if (!fstype) { error = -ENODEV; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c -index a2ee362..5754f34 100644 +index f0b756e..b129202 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -503,7 +503,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg, @@ -92550,10 +97386,10 @@ index af49721..e85058e 100644 if (err < 0) return err; diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c -index eb560fa..69a4995 100644 +index f928181..33fb83d 100644 --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c -@@ -2806,11 +2806,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, +@@ -2819,11 +2819,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, switch (substream->stream) { case SNDRV_PCM_STREAM_PLAYBACK: result = snd_pcm_playback_ioctl1(NULL, substream, cmd, @@ -92607,6 +97443,19 @@ index 040c60e..989a19a 100644 dev->status = SNDRV_SEQ_DEVICE_FREE; dev->driver_data = NULL; ops->num_init_devices--; +diff --git a/sound/core/sound.c b/sound/core/sound.c +index f002bd9..c462985 100644 +--- a/sound/core/sound.c ++++ b/sound/core/sound.c +@@ -86,7 +86,7 @@ static void snd_request_other(int minor) + case SNDRV_MINOR_TIMER: str = "snd-timer"; break; + default: return; + } +- request_module(str); ++ request_module("%s", str); + } + + #endif /* modular kernel */ diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c index 4e0dd22..7a1f32c 100644 --- a/sound/drivers/mts64.c @@ -92922,10 +97771,10 @@ index 22056c5..25d3244 100644 chip->pci = pci; chip->irq = -1; diff --git a/sound/soc/fsl/fsl_ssi.c b/sound/soc/fsl/fsl_ssi.c -index 7decbd9..d17d9d0 100644 +index 0f0bed6..c161e28 100644 --- a/sound/soc/fsl/fsl_ssi.c +++ b/sound/soc/fsl/fsl_ssi.c -@@ -643,7 +643,7 @@ static int fsl_ssi_probe(struct platform_device *pdev) +@@ -657,7 +657,7 @@ static int fsl_ssi_probe(struct platform_device *pdev) { struct fsl_ssi_private *ssi_private; int ret = 0; @@ -92934,6 +97783,19 @@ index 7decbd9..d17d9d0 100644 struct device_node *np = pdev->dev.of_node; const char *p, *sprop; const uint32_t *iprop; +diff --git a/sound/sound_core.c b/sound/sound_core.c +index 359753f..45759f4 100644 +--- a/sound/sound_core.c ++++ b/sound/sound_core.c +@@ -292,7 +292,7 @@ retry: + } + + device_create(sound_class, dev, MKDEV(SOUND_MAJOR, s->unit_minor), +- NULL, s->name+6); ++ NULL, "%s", s->name+6); + return s->unit_minor; + + fail: diff --git a/tools/gcc/.gitignore b/tools/gcc/.gitignore new file mode 100644 index 0000000..50f2f2f @@ -94975,10 +99837,10 @@ index 0000000..b5395ba +} diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data new file mode 100644 -index 0000000..7982a0c +index 0000000..b04803b --- /dev/null +++ b/tools/gcc/size_overflow_hash.data -@@ -0,0 +1,5893 @@ +@@ -0,0 +1,6350 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +batadv_orig_node_del_if_4 batadv_orig_node_del_if 2 4 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL @@ -95004,6 +99866,7 @@ index 0000000..7982a0c +br_port_info_size_268 br_port_info_size 0 268 NULL +generic_file_direct_write_291 generic_file_direct_write 0 291 NULL +read_file_war_stats_292 read_file_war_stats 3 292 NULL ++SYSC_connect_304 SYSC_connect 3 304 NULL +syslog_print_307 syslog_print 2 307 NULL +platform_device_add_data_310 platform_device_add_data 3 310 NULL +dn_setsockopt_314 dn_setsockopt 5 314 NULL @@ -95014,6 +99877,7 @@ index 0000000..7982a0c +snd_ca0106_ptr_read_467 snd_ca0106_ptr_read 0 467 NULL +_alloc_get_attr_desc_470 _alloc_get_attr_desc 2 470 NULL +dccp_manip_pkt_476 dccp_manip_pkt 4 476 NULL ++nvme_trans_modesel_data_488 nvme_trans_modesel_data 4 488 NULL +pidlist_resize_496 pidlist_resize 2 496 NULL +read_vbt_r0_503 read_vbt_r0 1 503 NULL +rx_rx_defrag_end_read_505 rx_rx_defrag_end_read 3 505 NULL @@ -95032,6 +99896,7 @@ index 0000000..7982a0c +compat_sys_shmat_620 compat_sys_shmat 3 620 NULL +isp1760_register_628 isp1760_register 1-2 628 NULL +clone_split_bio_633 clone_split_bio 6 633 NULL ++ceph_osdc_new_request_635 ceph_osdc_new_request 6 635 NULL +remap_to_cache_640 remap_to_cache 3 640 NULL +drbd_bm_find_next_643 drbd_bm_find_next 2 643 NULL +unlink_queued_645 unlink_queued 3-4 645 NULL @@ -95059,6 +99924,7 @@ index 0000000..7982a0c +pte_prefetch_gfn_to_pfn_997 pte_prefetch_gfn_to_pfn 2 997 NULL nohasharray +hdlcdev_rx_997 hdlcdev_rx 3 997 &pte_prefetch_gfn_to_pfn_997 +dm_cache_set_dirty_1016 dm_cache_set_dirty 2 1016 NULL ++_do_truncate_1019 _do_truncate 2 1019 NULL +smk_write_cipso2_1021 smk_write_cipso2 3 1021 NULL +gigaset_initdriver_1060 gigaset_initdriver 2 1060 NULL +Read_hfc16_1070 Read_hfc16 0 1070 NULL @@ -95071,6 +99937,7 @@ index 0000000..7982a0c +sys_mremap_1107 sys_mremap 5-1-2 1107 NULL +cfg80211_report_obss_beacon_1133 cfg80211_report_obss_beacon 3 1133 NULL +vmalloc_32_1135 vmalloc_32 1 1135 NULL ++dec_zcache_eph_zpages_1138 dec_zcache_eph_zpages 1 1138 NULL +i2400m_rx_ctl_1157 i2400m_rx_ctl 4 1157 NULL +ipc_alloc_1192 ipc_alloc 1 1192 NULL +ib_create_send_mad_1196 ib_create_send_mad 5 1196 NULL @@ -95088,6 +99955,7 @@ index 0000000..7982a0c +wm_adsp_buf_alloc_1317 wm_adsp_buf_alloc 2 1317 NULL +compat_put_u64_1319 compat_put_u64 1 1319 NULL +ffs_1322 ffs 0 1322 NULL ++qlcnic_pci_sriov_configure_1327 qlcnic_pci_sriov_configure 2 1327 NULL +carl9170_rx_stream_1334 carl9170_rx_stream 3 1334 NULL +btrfs_submit_compressed_write_1347 btrfs_submit_compressed_write 5 1347 NULL +gen_pool_best_fit_1348 gen_pool_best_fit 2-3-4 1348 NULL @@ -95105,11 +99973,13 @@ index 0000000..7982a0c +stack_max_size_read_1445 stack_max_size_read 3 1445 NULL +tx_queue_len_read_1463 tx_queue_len_read 3 1463 NULL +xprt_alloc_1475 xprt_alloc 2 1475 NULL ++SYSC_syslog_1477 SYSC_syslog 3 1477 NULL +sta_num_ps_buf_frames_read_1488 sta_num_ps_buf_frames_read 3 1488 NULL +posix_acl_permission_1495 posix_acl_permission 0 1495 NULL +tomoyo_round2_1518 tomoyo_round2 0 1518 NULL +__vfio_dma_map_1523 __vfio_dma_map 3 1523 NULL +alloc_perm_bits_1532 alloc_perm_bits 2 1532 NULL ++ath6kl_init_get_fwcaps_1557 ath6kl_init_get_fwcaps 3 1557 NULL +ieee80211_if_read_dot11MeshHWMPnetDiameterTraversalTime_1589 ieee80211_if_read_dot11MeshHWMPnetDiameterTraversalTime 3 1589 NULL +fc_frame_alloc_1596 fc_frame_alloc 2 1596 NULL +packet_buffer_init_1607 packet_buffer_init 2 1607 NULL @@ -95117,6 +99987,7 @@ index 0000000..7982a0c +v9fs_fid_xattr_get_1618 v9fs_fid_xattr_get 0 1618 NULL +btmrvl_hsmode_read_1647 btmrvl_hsmode_read 3 1647 NULL +ikconfig_read_current_1658 ikconfig_read_current 3 1658 NULL ++mei_cl_recv_1665 mei_cl_recv 3 1665 NULL +netdev_feature_string_1667 netdev_feature_string 0 1667 NULL +compat_x25_ioctl_1674 compat_x25_ioctl 3 1674 NULL +rmap_add_1677 rmap_add 3 1677 NULL @@ -95130,11 +100001,14 @@ index 0000000..7982a0c +ebt_size_mwt_1768 ebt_size_mwt 0 1768 NULL +cosa_write_1774 cosa_write 3 1774 NULL +update_macheader_1775 update_macheader 7 1775 NULL ++dec_zcache_pers_zbytes_1779 dec_zcache_pers_zbytes 1 1779 NULL +fcoe_ctlr_device_add_1793 fcoe_ctlr_device_add 3 1793 NULL +__nodelist_scnprintf_1815 __nodelist_scnprintf 0-2-4 1815 NULL +alloc_pages_exact_1892 alloc_pages_exact 1 1892 NULL +rx_defrag_called_read_1897 rx_defrag_called_read 3 1897 NULL +nfs_parse_server_name_1899 nfs_parse_server_name 2 1899 NULL ++SyS_add_key_1900 SyS_add_key 4 1900 NULL ++isku_sysfs_write_keys_media_1910 isku_sysfs_write_keys_media 6 1910 NULL +tx_tx_retry_data_read_1926 tx_tx_retry_data_read 3 1926 NULL +memblock_alloc_base_1938 memblock_alloc_base 1-2 1938 NULL +cyttsp_probe_1940 cyttsp_probe 4 1940 NULL @@ -95168,8 +100042,10 @@ index 0000000..7982a0c +mlx4_init_icm_table_2151 mlx4_init_icm_table 5-4 2151 NULL +iov_iter_count_2152 iov_iter_count 0 2152 NULL +_ore_get_io_state_2166 _ore_get_io_state 3-4-5 2166 NULL ++bio_integrity_alloc_2194 bio_integrity_alloc 3 2194 NULL +ssb_bus_ssbbus_register_2217 ssb_bus_ssbbus_register 2 2217 NULL -+u32_array_read_2219 u32_array_read 3 2219 NULL ++mei_dbgfs_read_meclients_2219 mei_dbgfs_read_meclients 3 2219 NULL nohasharray ++u32_array_read_2219 u32_array_read 3 2219 &mei_dbgfs_read_meclients_2219 +vhci_write_2224 vhci_write 3 2224 NULL +efx_tsoh_page_count_2225 efx_tsoh_page_count 0 2225 NULL +lowpan_get_mac_header_length_2231 lowpan_get_mac_header_length 0 2231 NULL @@ -95186,10 +100062,12 @@ index 0000000..7982a0c +__erst_read_to_erange_2341 __erst_read_to_erange 0 2341 NULL +zr364xx_read_2354 zr364xx_read 3 2354 NULL +viafb_iga2_odev_proc_write_2363 viafb_iga2_odev_proc_write 3 2363 NULL ++SyS_mremap_2367 SyS_mremap 1-2-5 2367 NULL +xfs_buf_map_from_irec_2368 xfs_buf_map_from_irec 5 2368 NULL +il_dbgfs_sensitivity_read_2370 il_dbgfs_sensitivity_read 3 2370 NULL +rtl_port_map_2385 rtl_port_map 1-2 2385 NULL +rxpipe_rx_prep_beacon_drop_read_2403 rxpipe_rx_prep_beacon_drop_read 3 2403 NULL ++SYSC_mlock_2415 SYSC_mlock 1 2415 NULL +isdn_v110_open_2418 isdn_v110_open 3 2418 NULL +raid1_size_2419 raid1_size 0-2 2419 NULL +roccat_common2_send_2422 roccat_common2_send 4 2422 NULL @@ -95209,6 +100087,7 @@ index 0000000..7982a0c +gspca_dev_probe_2570 gspca_dev_probe 4 2570 NULL +i915_next_seqno_write_2572 i915_next_seqno_write 3 2572 NULL +pcm_sanity_check_2574 pcm_sanity_check 0 2574 NULL ++slot_bytes_2609 slot_bytes 0 2609 NULL +smk_write_logging_2618 smk_write_logging 3 2618 NULL +kvm_gfn_to_hva_cache_init_2636 kvm_gfn_to_hva_cache_init 3 2636 NULL +lro_gen_skb_2644 lro_gen_skb 6 2644 NULL @@ -95216,7 +100095,8 @@ index 0000000..7982a0c +memcpy_fromiovecend_2707 memcpy_fromiovecend 3-4 2707 NULL +__xip_file_write_2733 __xip_file_write 4-3 2733 NULL +hid_report_raw_event_2762 hid_report_raw_event 4 2762 NULL -+mon_bin_ioctl_2771 mon_bin_ioctl 3 2771 NULL ++mon_bin_ioctl_2771 mon_bin_ioctl 3 2771 NULL nohasharray ++bictcp_update_2771 bictcp_update 2 2771 &mon_bin_ioctl_2771 +__next_cpu_2782 __next_cpu 1 2782 NULL +set_msr_hyperv_pw_2785 set_msr_hyperv_pw 3 2785 NULL +sel_read_enforce_2828 sel_read_enforce 3 2828 NULL @@ -95232,6 +100112,7 @@ index 0000000..7982a0c +xfs_trans_get_buf_map_2927 xfs_trans_get_buf_map 4 2927 NULL +nes_read_indexed_2946 nes_read_indexed 0 2946 NULL +tm6000_i2c_recv_regs16_2949 tm6000_i2c_recv_regs16 5 2949 NULL ++set_fast_connectable_2952 set_fast_connectable 4 2952 NULL +ppp_cp_event_2965 ppp_cp_event 6 2965 NULL +do_strnlen_user_2976 do_strnlen_user 0-2 2976 NULL +p9_nr_pages_2992 p9_nr_pages 0-2 2992 NULL @@ -95260,6 +100141,7 @@ index 0000000..7982a0c +mempool_create_node_3191 mempool_create_node 1 3191 NULL +alloc_context_3194 alloc_context 1 3194 NULL +shmem_pread_slow_3198 shmem_pread_slow 3 3198 NULL ++SyS_sendto_3219 SyS_sendto 6 3219 NULL +kimage_crash_alloc_3233 kimage_crash_alloc 3 3233 NULL +do_read_log_to_user_3236 do_read_log_to_user 4 3236 NULL +ext3_xattr_find_entry_3237 ext3_xattr_find_entry 0 3237 NULL @@ -95284,6 +100166,7 @@ index 0000000..7982a0c +mei_io_cb_alloc_resp_buf_3414 mei_io_cb_alloc_resp_buf 2 3414 NULL +pci_add_cap_save_buffer_3426 pci_add_cap_save_buffer 3 3426 NULL +crystalhd_create_dio_pool_3427 crystalhd_create_dio_pool 2 3427 NULL ++SyS_msgsnd_3436 SyS_msgsnd 3 3436 NULL +pipe_iov_copy_to_user_3447 pipe_iov_copy_to_user 3 3447 NULL +percpu_modalloc_3448 percpu_modalloc 2-3 3448 NULL +map_single_3449 map_single 0-2 3449 NULL @@ -95295,6 +100178,7 @@ index 0000000..7982a0c +kvm_handle_bad_page_3503 kvm_handle_bad_page 2 3503 NULL +mem_tx_free_mem_blks_read_3521 mem_tx_free_mem_blks_read 3 3521 NULL nohasharray +ieee80211_wx_set_gen_ie_rsl_3521 ieee80211_wx_set_gen_ie_rsl 3 3521 &mem_tx_free_mem_blks_read_3521 ++SyS_readv_3539 SyS_readv 3 3539 NULL +btrfs_dir_name_len_3549 btrfs_dir_name_len 0 3549 NULL +b43legacy_read16_3561 b43legacy_read16 0 3561 NULL +alloc_smp_resp_3566 alloc_smp_resp 1 3566 NULL @@ -95305,12 +100189,13 @@ index 0000000..7982a0c +edac_mc_alloc_3611 edac_mc_alloc 4 3611 NULL +tx_tx_starts_read_3617 tx_tx_starts_read 3 3617 NULL +aligned_kmalloc_3628 aligned_kmalloc 1 3628 NULL -+cm_copy_private_data_3649 cm_copy_private_data 2 3649 NULL ++x86_swiotlb_alloc_coherent_3649 x86_swiotlb_alloc_coherent 2 3649 NULL nohasharray ++cm_copy_private_data_3649 cm_copy_private_data 2 3649 &x86_swiotlb_alloc_coherent_3649 +ath6kl_disconnect_timeout_read_3650 ath6kl_disconnect_timeout_read 3 3650 NULL +i915_compat_ioctl_3656 i915_compat_ioctl 2 3656 NULL -+create_irq_3703 create_irq 0 3703 NULL nohasharray -+btmrvl_psmode_write_3703 btmrvl_psmode_write 3 3703 &create_irq_3703 nohasharray -+snd_m3_assp_read_3703 snd_m3_assp_read 0 3703 &btmrvl_psmode_write_3703 ++snd_m3_assp_read_3703 snd_m3_assp_read 0 3703 NULL nohasharray ++create_irq_3703 create_irq 0 3703 &snd_m3_assp_read_3703 nohasharray ++btmrvl_psmode_write_3703 btmrvl_psmode_write 3 3703 &create_irq_3703 +videobuf_pages_to_sg_3708 videobuf_pages_to_sg 2 3708 NULL +ci_ll_write_3740 ci_ll_write 4 3740 NULL nohasharray +ath6kl_mgmt_tx_3740 ath6kl_mgmt_tx 7 3740 &ci_ll_write_3740 @@ -95329,6 +100214,7 @@ index 0000000..7982a0c +pipeline_pre_proc_swi_read_3898 pipeline_pre_proc_swi_read 3 3898 NULL +comedi_buf_read_n_available_3899 comedi_buf_read_n_available 0 3899 NULL +vcs_write_3910 vcs_write 3 3910 NULL ++brcmf_debugfs_fws_stats_read_3947 brcmf_debugfs_fws_stats_read 3 3947 NULL +atalk_compat_ioctl_3991 atalk_compat_ioctl 3 3991 NULL +do_add_counters_3992 do_add_counters 3 3992 NULL +userspace_status_4004 userspace_status 4 4004 NULL @@ -95342,6 +100228,7 @@ index 0000000..7982a0c +read_file_queues_4078 read_file_queues 3 4078 NULL +fbcon_do_set_font_4079 fbcon_do_set_font 2-3 4079 NULL +da9052_free_irq_4090 da9052_free_irq 2 4090 NULL ++C_SYSC_rt_sigpending_4114 C_SYSC_rt_sigpending 2 4114 NULL +ntb_netdev_change_mtu_4147 ntb_netdev_change_mtu 2 4147 NULL +tm6000_read_4151 tm6000_read 3 4151 NULL +mpt_raid_phys_disk_get_num_paths_4155 mpt_raid_phys_disk_get_num_paths 0 4155 NULL @@ -95389,6 +100276,7 @@ index 0000000..7982a0c +kone_receive_4690 kone_receive 4 4690 NULL +round_pipe_size_4701 round_pipe_size 0 4701 NULL +cxgbi_alloc_big_mem_4707 cxgbi_alloc_big_mem 1 4707 NULL ++konepure_sysfs_read_4709 konepure_sysfs_read 6 4709 NULL +btmrvl_gpiogap_read_4718 btmrvl_gpiogap_read 3 4718 NULL +ati_create_gatt_pages_4722 ati_create_gatt_pages 1 4722 NULL nohasharray +show_header_4722 show_header 3 4722 &ati_create_gatt_pages_4722 @@ -95412,6 +100300,7 @@ index 0000000..7982a0c +skb_network_header_len_4971 skb_network_header_len 0 4971 NULL +ieee80211_if_fmt_dot11MeshHWMPconfirmationInterval_4976 ieee80211_if_fmt_dot11MeshHWMPconfirmationInterval 3 4976 NULL +vmw_surface_define_size_4993 vmw_surface_define_size 0 4993 NULL ++compat_SyS_ipc_5000 compat_SyS_ipc 3-4-5-6 5000 NULL +qla82xx_pci_mem_write_direct_5008 qla82xx_pci_mem_write_direct 2 5008 NULL +do_mincore_5018 do_mincore 0-1 5018 NULL +mtd_device_parse_register_5024 mtd_device_parse_register 5 5024 NULL @@ -95433,8 +100322,10 @@ index 0000000..7982a0c +skb_network_header_5203 skb_network_header 0 5203 NULL +pipe_set_size_5204 pipe_set_size 2 5204 NULL +ppp_cp_parse_cr_5214 ppp_cp_parse_cr 4 5214 NULL ++dwc2_hcd_urb_alloc_5217 dwc2_hcd_urb_alloc 2 5217 NULL +ath6kl_debug_roam_tbl_event_5224 ath6kl_debug_roam_tbl_event 3 5224 NULL -+ssb_ioremap_5228 ssb_ioremap 2 5228 NULL ++ssb_ioremap_5228 ssb_ioremap 2 5228 NULL nohasharray ++konepure_sysfs_write_5228 konepure_sysfs_write 6 5228 &ssb_ioremap_5228 +isdn_ppp_skb_push_5236 isdn_ppp_skb_push 2 5236 NULL +do_atmif_sioc_5247 do_atmif_sioc 3 5247 NULL +gfn_to_hva_memslot_5265 gfn_to_hva_memslot 2 5265 NULL @@ -95459,6 +100350,7 @@ index 0000000..7982a0c +__max_nr_grant_frames_5505 __max_nr_grant_frames 0 5505 NULL +spidev_message_5518 spidev_message 3 5518 NULL +ieee80211_if_fmt_auto_open_plinks_5534 ieee80211_if_fmt_auto_open_plinks 3 5534 NULL ++get_entry_msg_len_5552 get_entry_msg_len 0 5552 NULL +brcmu_pkt_buf_get_skb_5556 brcmu_pkt_buf_get_skb 1 5556 NULL +le_readq_5557 le_readq 0 5557 NULL +inw_5558 inw 0 5558 NULL @@ -95468,17 +100360,20 @@ index 0000000..7982a0c +usb_dump_device_descriptor_5599 usb_dump_device_descriptor 0 5599 NULL +ldm_frag_add_5611 ldm_frag_add 2 5611 NULL +compat_copy_entries_5617 compat_copy_entries 0 5617 NULL ++SYSC_fsetxattr_5639 SYSC_fsetxattr 4 5639 NULL +ext4_xattr_get_5661 ext4_xattr_get 0 5661 NULL +posix_clock_register_5662 posix_clock_register 2 5662 NULL +mthca_map_reg_5664 mthca_map_reg 2-3 5664 NULL +__videobuf_alloc_vb_5665 __videobuf_alloc_vb 1 5665 NULL +wb_clear_dirty_5684 wb_clear_dirty 2 5684 NULL +get_arg_5694 get_arg 3 5694 NULL ++subbuf_read_actor_5708 subbuf_read_actor 3 5708 NULL +vmw_kms_readback_5727 vmw_kms_readback 6 5727 NULL +reexecute_instruction_5733 reexecute_instruction 2 5733 NULL +rts51x_transfer_data_partial_5735 rts51x_transfer_data_partial 6 5735 NULL +ubi_cdev_compat_ioctl_5746 ubi_cdev_compat_ioctl 3 5746 NULL -+sctp_setsockopt_autoclose_5775 sctp_setsockopt_autoclose 3 5775 NULL ++sctp_setsockopt_autoclose_5775 sctp_setsockopt_autoclose 3 5775 NULL nohasharray ++qlcnic_83xx_sysfs_flash_read_handler_5775 qlcnic_83xx_sysfs_flash_read_handler 6 5775 &sctp_setsockopt_autoclose_5775 +compat_sys_writev_5784 compat_sys_writev 3 5784 NULL +__vxge_hw_blockpool_malloc_5786 __vxge_hw_blockpool_malloc 2 5786 NULL +skb_copy_datagram_iovec_5806 skb_copy_datagram_iovec 2-4 5806 NULL @@ -95493,6 +100388,7 @@ index 0000000..7982a0c +uinput_compat_ioctl_5861 uinput_compat_ioctl 3 5861 &compat_sys_move_pages_5861 +paging64_walk_addr_5887 paging64_walk_addr 3 5887 NULL +port_show_regs_5904 port_show_regs 3 5904 NULL ++rbd_segment_length_5907 rbd_segment_length 0-3-2 5907 NULL +uhci_debug_read_5911 uhci_debug_read 3 5911 NULL +qla82xx_pci_mem_read_2M_5912 qla82xx_pci_mem_read_2M 2 5912 NULL +ttm_bo_kmap_ttm_5922 ttm_bo_kmap_ttm 3 5922 NULL @@ -95503,14 +100399,17 @@ index 0000000..7982a0c +__apu_get_register_5967 __apu_get_register 0 5967 NULL +ieee80211_if_fmt_rc_rateidx_mask_5ghz_5971 ieee80211_if_fmt_rc_rateidx_mask_5ghz 3 5971 NULL +native_pte_val_5978 native_pte_val 0 5978 NULL ++SyS_semop_5980 SyS_semop 3 5980 NULL +ntfs_rl_append_6037 ntfs_rl_append 2-4 6037 NULL +da9052_request_irq_6058 da9052_request_irq 2 6058 NULL +sctp_setsockopt_connectx_6073 sctp_setsockopt_connectx 3 6073 NULL +rts51x_ms_rw_multi_sector_6076 rts51x_ms_rw_multi_sector 3-4 6076 NULL ++md_trim_bio_6078 md_trim_bio 2 6078 NULL +ipmi_addr_length_6110 ipmi_addr_length 0 6110 NULL +dfs_global_file_write_6112 dfs_global_file_write 3 6112 NULL +matrix_keypad_build_keymap_6129 matrix_keypad_build_keymap 3 6129 NULL +nouveau_parent_create__6131 nouveau_parent_create_ 7 6131 NULL ++ieee80211_if_fmt_beacon_timeout_6153 ieee80211_if_fmt_beacon_timeout 3 6153 NULL +ivtv_copy_buf_to_user_6159 ivtv_copy_buf_to_user 4 6159 NULL +vdma_mem_alloc_6171 vdma_mem_alloc 1 6171 NULL +wl1251_cmd_template_set_6172 wl1251_cmd_template_set 4 6172 NULL @@ -95530,9 +100429,14 @@ index 0000000..7982a0c +nf_nat_ipv6_manip_pkt_6289 nf_nat_ipv6_manip_pkt 2 6289 NULL +nf_nat_sack_adjust_6297 nf_nat_sack_adjust 2 6297 NULL +mid_get_vbt_data_r10_6308 mid_get_vbt_data_r10 2 6308 NULL ++qlcnic_sriov_alloc_bc_msg_6309 qlcnic_sriov_alloc_bc_msg 2 6309 NULL ++SyS_mincore_6329 SyS_mincore 1 6329 NULL ++fuse_get_req_for_background_6337 fuse_get_req_for_background 2 6337 NULL +ucs2_strnlen_6342 ucs2_strnlen 0 6342 NULL ++mei_dbgfs_read_devstate_6352 mei_dbgfs_read_devstate 3 6352 NULL +_proc_do_string_6376 _proc_do_string 2 6376 NULL +osd_req_read_sg_kern_6378 osd_req_read_sg_kern 5 6378 NULL ++isku_sysfs_write_light_6406 isku_sysfs_write_light 6 6406 NULL +posix_acl_fix_xattr_userns_6420 posix_acl_fix_xattr_userns 4 6420 NULL +ipr_change_queue_depth_6431 ipr_change_queue_depth 2 6431 NULL +__alloc_bootmem_node_nopanic_6432 __alloc_bootmem_node_nopanic 2-3 6432 NULL @@ -95547,9 +100451,13 @@ index 0000000..7982a0c +read_file_disable_ani_6536 read_file_disable_ani 3 6536 NULL +rndis_set_oid_6547 rndis_set_oid 4 6547 NULL +wdm_read_6549 wdm_read 3 6549 NULL ++isku_sysfs_write_keys_easyzone_6553 isku_sysfs_write_keys_easyzone 6 6553 NULL +fb_alloc_cmap_6554 fb_alloc_cmap 2 6554 NULL ++SyS_semtimedop_6563 SyS_semtimedop 3 6563 NULL ++SyS_fcntl64_6582 SyS_fcntl64 3 6582 NULL +snmp_mib_init_6604 snmp_mib_init 2-3 6604 NULL +ecryptfs_filldir_6622 ecryptfs_filldir 3 6622 NULL ++compat_SyS_shmat_6642 compat_SyS_shmat 2 6642 NULL +virtscsi_alloc_tgt_6643 virtscsi_alloc_tgt 2 6643 NULL +aac_srcv_ioremap_6659 aac_srcv_ioremap 2 6659 NULL +process_rcvd_data_6679 process_rcvd_data 3 6679 NULL @@ -95586,6 +100494,7 @@ index 0000000..7982a0c +rsa_extract_mpi_6973 rsa_extract_mpi 5 6973 NULL +crypto_authenc_esn_setkey_6985 crypto_authenc_esn_setkey 3 6985 NULL +request_key_async_6990 request_key_async 4 6990 NULL ++tpl_write_6998 tpl_write 3 6998 NULL +r871x_set_wpa_ie_7000 r871x_set_wpa_ie 3 7000 NULL +cipso_v4_gentag_enum_7006 cipso_v4_gentag_enum 0 7006 NULL +tracing_cpumask_read_7010 tracing_cpumask_read 3 7010 NULL @@ -95599,12 +100508,14 @@ index 0000000..7982a0c +check_header_7108 check_header 0 7108 NULL +qlcnic_enable_msix_7144 qlcnic_enable_msix 2 7144 NULL +__alloc_objio_seg_7203 __alloc_objio_seg 1 7203 NULL ++batadv_check_unicast_ttvn_7206 batadv_check_unicast_ttvn 3 7206 NULL +sys32_ipc_7238 sys32_ipc 3-5-6 7238 NULL +get_param_h_7247 get_param_h 0 7247 NULL +af_alg_make_sg_7254 af_alg_make_sg 3 7254 NULL +vm_mmap_pgoff_7259 vm_mmap_pgoff 0 7259 NULL +dma_ops_alloc_addresses_7272 dma_ops_alloc_addresses 3-4-5 7272 NULL +rx_rate_rx_frames_per_rates_read_7282 rx_rate_rx_frames_per_rates_read 3 7282 NULL ++isku_sysfs_write_macro_7293 isku_sysfs_write_macro 6 7293 NULL +wb_remove_mapping_7307 wb_remove_mapping 2 7307 NULL +mgmt_control_7349 mgmt_control 3 7349 NULL +ext3_free_blocks_7362 ext3_free_blocks 3-4 7362 NULL @@ -95615,6 +100526,7 @@ index 0000000..7982a0c +readb_7401 readb 0 7401 NULL +drm_property_create_blob_7414 drm_property_create_blob 2 7414 NULL +ip_options_get_alloc_7448 ip_options_get_alloc 1 7448 NULL ++SYSC_setgroups_7454 SYSC_setgroups 1 7454 NULL +numa_emulation_7466 numa_emulation 2 7466 NULL +__mutex_lock_common_7469 __mutex_lock_common 0 7469 NULL +garp_request_join_7471 garp_request_join 4 7471 NULL @@ -95625,6 +100537,7 @@ index 0000000..7982a0c +array_zalloc_7519 array_zalloc 1-2 7519 NULL +goal_in_my_reservation_7553 goal_in_my_reservation 3 7553 NULL +smk_read_mapped_7562 smk_read_mapped 3 7562 NULL ++btrfs_block_rsv_add_7579 btrfs_block_rsv_add 3 7579 NULL +ext3_try_to_allocate_7590 ext3_try_to_allocate 5-3 7590 NULL +groups_alloc_7614 groups_alloc 1 7614 NULL +sg_virt_7616 sg_virt 0 7616 NULL @@ -95632,6 +100545,7 @@ index 0000000..7982a0c +acpi_ex_allocate_name_string_7685 acpi_ex_allocate_name_string 2-1 7685 &skb_copy_expand_7685 +acpi_ns_get_pathname_length_7699 acpi_ns_get_pathname_length 0 7699 NULL +dev_write_7708 dev_write 3 7708 NULL ++unmap_region_7709 unmap_region 1 7709 NULL +brcmf_sdcard_send_buf_7713 brcmf_sdcard_send_buf 6 7713 NULL +set_bypass_pwup_pfs_7742 set_bypass_pwup_pfs 3 7742 NULL +vxge_device_register_7752 vxge_device_register 4 7752 NULL @@ -95650,6 +100564,7 @@ index 0000000..7982a0c +libfc_host_alloc_7917 libfc_host_alloc 2 7917 NULL +f_hidg_write_7932 f_hidg_write 3 7932 NULL +io_apic_setup_irq_pin_once_7934 io_apic_setup_irq_pin_once 1 7934 NULL ++hash_netiface6_expire_7944 hash_netiface6_expire 3 7944 NULL +integrity_digsig_verify_7956 integrity_digsig_verify 3 7956 NULL +smk_write_load_self_7958 smk_write_load_self 3 7958 NULL +sys_mbind_7990 sys_mbind 5 7990 NULL @@ -95665,6 +100580,7 @@ index 0000000..7982a0c +venus_lookup_8121 venus_lookup 4 8121 NULL +ieee80211_if_fmt_num_buffered_multicast_8127 ieee80211_if_fmt_num_buffered_multicast 3 8127 NULL +dma_map_area_8178 dma_map_area 5-2-3 8178 NULL ++ore_truncate_8181 ore_truncate 3 8181 NULL +__sk_mem_schedule_8185 __sk_mem_schedule 2 8185 NULL +ieee80211_if_fmt_dot11MeshHoldingTimeout_8187 ieee80211_if_fmt_dot11MeshHoldingTimeout 3 8187 NULL +recent_mt_proc_write_8206 recent_mt_proc_write 3 8206 NULL @@ -95674,6 +100590,7 @@ index 0000000..7982a0c +create_log_8225 create_log 2 8225 NULL nohasharray +kvm_mmu_page_set_gfn_8225 kvm_mmu_page_set_gfn 2 8225 &create_log_8225 +sctp_ssnmap_size_8228 sctp_ssnmap_size 0-1-2 8228 NULL ++ceph_sync_write_8233 ceph_sync_write 4 8233 NULL +bnx2x_iov_get_max_queue_count_8235 bnx2x_iov_get_max_queue_count 0 8235 NULL +check_xattr_ref_inode_8244 check_xattr_ref_inode 0 8244 NULL +add_rx_skb_8257 add_rx_skb 3 8257 NULL @@ -95685,11 +100602,13 @@ index 0000000..7982a0c +ipwireless_send_packet_8328 ipwireless_send_packet 4 8328 NULL +tracing_entries_read_8345 tracing_entries_read 3 8345 NULL +ieee80211_if_fmt_ht_opmode_8347 ieee80211_if_fmt_ht_opmode 3 8347 NULL -+ping_getfrag_8360 ping_getfrag 4-3 8360 NULL ++isku_sysfs_write_talk_8360 isku_sysfs_write_talk 6 8360 NULL nohasharray ++ping_getfrag_8360 ping_getfrag 4-3 8360 &isku_sysfs_write_talk_8360 +uvc_v4l2_compat_ioctl32_8375 uvc_v4l2_compat_ioctl32 3 8375 NULL +xdi_copy_from_user_8395 xdi_copy_from_user 4 8395 NULL +zd_rf_scnprint_id_8406 zd_rf_scnprint_id 0-3 8406 NULL -+uvc_v4l2_ioctl_8411 uvc_v4l2_ioctl 2 8411 NULL ++smk_write_change_rule_8411 smk_write_change_rule 3 8411 NULL nohasharray ++uvc_v4l2_ioctl_8411 uvc_v4l2_ioctl 2 8411 &smk_write_change_rule_8411 +pca953x_gpio_to_irq_8424 pca953x_gpio_to_irq 2 8424 NULL +snd_usb_ctl_msg_8436 snd_usb_ctl_msg 8 8436 NULL +irq_create_mapping_8437 irq_create_mapping 2 8437 NULL @@ -95701,6 +100620,7 @@ index 0000000..7982a0c +pnp_resource_len_8532 pnp_resource_len 0 8532 NULL +alloc_pg_vec_8533 alloc_pg_vec 2 8533 NULL +ocfs2_read_virt_blocks_8538 ocfs2_read_virt_blocks 2-3 8538 NULL ++user_on_off_8552 user_on_off 2 8552 NULL +profile_remove_8556 profile_remove 3 8556 NULL +cache_slow_downcall_8570 cache_slow_downcall 2 8570 NULL +mga_ioremap_8571 mga_ioremap 1-2 8571 NULL @@ -95710,7 +100630,7 @@ index 0000000..7982a0c +shash_setkey_unaligned_8620 shash_setkey_unaligned 3 8620 NULL +it821x_firmware_command_8628 it821x_firmware_command 3 8628 NULL +scsi_dma_map_8632 scsi_dma_map 0 8632 NULL -+fuse_send_write_pages_8636 fuse_send_write_pages 0 8636 NULL ++fuse_send_write_pages_8636 fuse_send_write_pages 0-5 8636 NULL +generic_acl_set_8658 generic_acl_set 4 8658 NULL +dio_bio_alloc_8677 dio_bio_alloc 5 8677 NULL +lbs_bcnmiss_read_8678 lbs_bcnmiss_read 3 8678 NULL @@ -95755,6 +100675,7 @@ index 0000000..7982a0c +vol_cdev_read_8968 vol_cdev_read 3 8968 NULL nohasharray +seq_open_net_8968 seq_open_net 4 8968 &vol_cdev_read_8968 +bio_integrity_get_tag_8974 bio_integrity_get_tag 3 8974 NULL ++btrfs_alloc_free_block_8986 btrfs_alloc_free_block 3 8986 NULL +snd_emu10k1_ptr_read_9026 snd_emu10k1_ptr_read 0-2 9026 NULL +__pskb_copy_9038 __pskb_copy 2 9038 NULL +nla_put_9042 nla_put 3 9042 NULL @@ -95767,6 +100688,7 @@ index 0000000..7982a0c +caif_stream_sendmsg_9110 caif_stream_sendmsg 4 9110 NULL nohasharray +gfn_to_rmap_9110 gfn_to_rmap 2-3 9110 &caif_stream_sendmsg_9110 +pmcraid_change_queue_depth_9116 pmcraid_change_queue_depth 2 9116 NULL ++isku_sysfs_write_keys_macro_9120 isku_sysfs_write_keys_macro 6 9120 NULL +mq_remove_mapping_9124 mq_remove_mapping 2 9124 NULL +mlx4_alloc_resize_umem_9132 mlx4_alloc_resize_umem 3 9132 NULL +ext4_list_backups_9138 ext4_list_backups 0 9138 NULL @@ -95778,6 +100700,7 @@ index 0000000..7982a0c +gx1_gx_base_9198 gx1_gx_base 0 9198 NULL +snd_m3_get_pointer_9206 snd_m3_get_pointer 0 9206 NULL +get_pfn_9207 get_pfn 1 9207 NULL ++virtqueue_add_9217 virtqueue_add 5-4 9217 NULL +tx_tx_prepared_descs_read_9221 tx_tx_prepared_descs_read 3 9221 NULL +sctp_getsockopt_delayed_ack_9232 sctp_getsockopt_delayed_ack 2 9232 NULL +ocfs2_clear_ext_refcount_9256 ocfs2_clear_ext_refcount 4 9256 NULL @@ -95790,7 +100713,10 @@ index 0000000..7982a0c +ceph_sync_setxattr_9310 ceph_sync_setxattr 4 9310 NULL +memblock_find_in_range_node_9328 memblock_find_in_range_node 0-3-4 9328 NULL +ieee80211_if_fmt_txpower_9334 ieee80211_if_fmt_txpower 3 9334 NULL ++nvme_trans_fmt_get_parm_header_9340 nvme_trans_fmt_get_parm_header 2 9340 NULL +ocfs2_orphan_for_truncate_9342 ocfs2_orphan_for_truncate 4 9342 NULL ++sta_beacon_loss_count_read_9370 sta_beacon_loss_count_read 3 9370 NULL ++virtqueue_add_outbuf_9395 virtqueue_add_outbuf 3 9395 NULL +read_9397 read 3 9397 NULL +nf_nat_sip_expect_9418 nf_nat_sip_expect 8 9418 NULL +bm_realloc_pages_9431 bm_realloc_pages 2 9431 NULL @@ -95814,6 +100740,7 @@ index 0000000..7982a0c +f2fs_read_data_pages_9574 f2fs_read_data_pages 4 9574 NULL +biovec_create_pools_9575 biovec_create_pools 2 9575 NULL +ieee80211_tdls_mgmt_9581 ieee80211_tdls_mgmt 8 9581 NULL ++use_block_rsv_9597 use_block_rsv 3 9597 NULL +do_sync_9604 do_sync 1 9604 NULL +snd_emu10k1_fx8010_read_9605 snd_emu10k1_fx8010_read 5-6 9605 NULL +saa7164_buffer_alloc_user_9627 saa7164_buffer_alloc_user 2 9627 NULL @@ -95832,6 +100759,7 @@ index 0000000..7982a0c +fnb_9703 fnb 2-3 9703 NULL +fuse_iter_npages_9705 fuse_iter_npages 0 9705 NULL nohasharray +ieee80211_if_read_aid_9705 ieee80211_if_read_aid 3 9705 &fuse_iter_npages_9705 ++nla_get_u8_9736 nla_get_u8 0 9736 NULL +ieee80211_if_fmt_num_mcast_sta_9738 ieee80211_if_fmt_num_mcast_sta 3 9738 NULL +ddb_input_read_9743 ddb_input_read 3 9743 NULL +sta_last_ack_signal_read_9751 sta_last_ack_signal_read 3 9751 NULL @@ -95863,11 +100791,13 @@ index 0000000..7982a0c +get_free_serial_index_9969 get_free_serial_index 0 9969 NULL +btrfs_add_link_9973 btrfs_add_link 5 9973 NULL +ath6kl_usb_submit_ctrl_out_9978 ath6kl_usb_submit_ctrl_out 6 9978 NULL ++SYSC_move_pages_9986 SYSC_move_pages 2 9986 NULL +aat2870_dump_reg_10019 aat2870_dump_reg 0 10019 NULL +handle_request_10024 handle_request 9 10024 NULL +batadv_orig_hash_add_if_10033 batadv_orig_hash_add_if 2 10033 NULL +ieee80211_probereq_get_10040 ieee80211_probereq_get 4-5 10040 NULL +xen_destroy_contiguous_region_10054 xen_destroy_contiguous_region 1 10054 NULL ++vfio_pci_write_10063 vfio_pci_write 3 10063 NULL +ieee80211_set_probe_resp_10077 ieee80211_set_probe_resp 3 10077 NULL +ufs_bitmap_search_10105 ufs_bitmap_search 0-3 10105 NULL +get_elem_size_10110 get_elem_size 0-2 10110 NULL nohasharray @@ -95885,6 +100815,7 @@ index 0000000..7982a0c +jffs2_user_setxattr_10182 jffs2_user_setxattr 4 10182 NULL +do_ioctl_trans_10194 do_ioctl_trans 3 10194 NULL +cciss_proc_write_10259 cciss_proc_write 3 10259 NULL ++__qlcnic_pci_sriov_enable_10281 __qlcnic_pci_sriov_enable 2 10281 NULL +snd_rme9652_capture_copy_10287 snd_rme9652_capture_copy 5 10287 NULL +ubi_leb_change_10289 ubi_leb_change 4 10289 NULL +read_emulate_10310 read_emulate 2-4 10310 NULL @@ -95907,6 +100838,8 @@ index 0000000..7982a0c +sel_write_disable_10511 sel_write_disable 3 10511 NULL +osd_req_write_sg_kern_10514 osd_req_write_sg_kern 5 10514 NULL +rds_message_alloc_10517 rds_message_alloc 1 10517 NULL ++qlcnic_pci_sriov_enable_10519 qlcnic_pci_sriov_enable 2 10519 NULL nohasharray ++hash_netiface4_expire_10519 hash_netiface4_expire 3 10519 &qlcnic_pci_sriov_enable_10519 +ocfs2_add_refcounted_extent_10526 ocfs2_add_refcounted_extent 6 10526 NULL +get_vm_area_caller_10527 get_vm_area_caller 1 10527 NULL +snd_pcm_lib_read_10536 snd_pcm_lib_read 0-3 10536 NULL @@ -95918,6 +100851,7 @@ index 0000000..7982a0c +ima_show_htable_violations_10619 ima_show_htable_violations 3 10619 NULL +alloc_coherent_10632 alloc_coherent 2 10632 NULL +nfs_idmap_lookup_id_10660 nfs_idmap_lookup_id 2 10660 NULL ++dtf_read_device_10663 dtf_read_device 3 10663 NULL +parport_write_10669 parport_write 0 10669 NULL +inl_10708 inl 0 10708 NULL nohasharray +selinux_inode_setxattr_10708 selinux_inode_setxattr 4 10708 &inl_10708 @@ -95947,6 +100881,7 @@ index 0000000..7982a0c +tifm_alloc_adapter_10903 tifm_alloc_adapter 1 10903 NULL +__copy_from_user_10918 __copy_from_user 3 10918 NULL +da9052_map_irq_10952 da9052_map_irq 2 10952 NULL ++ci_port_test_write_10962 ci_port_test_write 3 10962 NULL +bm_entry_read_10976 bm_entry_read 3 10976 NULL +i915_min_freq_write_10981 i915_min_freq_write 3 10981 NULL +sched_autogroup_write_10984 sched_autogroup_write 3 10984 NULL @@ -95962,7 +100897,9 @@ index 0000000..7982a0c +stmpe_gpio_to_irq_11110 stmpe_gpio_to_irq 2 11110 NULL +tw_change_queue_depth_11116 tw_change_queue_depth 2 11116 NULL +page_offset_11120 page_offset 0 11120 NULL -+tracing_buffers_read_11124 tracing_buffers_read 3 11124 NULL ++tracing_buffers_read_11124 tracing_buffers_read 3 11124 NULL nohasharray ++cea_db_payload_len_11124 cea_db_payload_len 0 11124 &tracing_buffers_read_11124 ++alloc_alien_cache_11127 alloc_alien_cache 2 11127 NULL +acpi_os_map_memory_11161 acpi_os_map_memory 1-2 11161 NULL +ioat2_alloc_ring_11172 ioat2_alloc_ring 2 11172 NULL nohasharray +snd_gf1_pcm_playback_silence_11172 snd_gf1_pcm_playback_silence 3-4 11172 &ioat2_alloc_ring_11172 @@ -95986,6 +100923,7 @@ index 0000000..7982a0c +batadv_skb_head_push_11360 batadv_skb_head_push 2 11360 NULL +drm_vblank_init_11362 drm_vblank_init 2 11362 NULL +qib_get_base_info_11369 qib_get_base_info 3 11369 NULL ++isku_sysfs_read_keys_capslock_11392 isku_sysfs_read_keys_capslock 6 11392 NULL +dev_irnet_write_11398 dev_irnet_write 3 11398 NULL +___alloc_bootmem_11410 ___alloc_bootmem 1-2 11410 NULL +str_to_user_11411 str_to_user 2 11411 NULL @@ -96010,9 +100948,12 @@ index 0000000..7982a0c +oprofilefs_ulong_to_user_11582 oprofilefs_ulong_to_user 3 11582 NULL +snd_pcm_action_11589 snd_pcm_action 0 11589 NULL +fw_device_op_ioctl_11595 fw_device_op_ioctl 2 11595 NULL ++SYSC_mq_timedsend_11607 SYSC_mq_timedsend 3 11607 NULL ++add_new_bitmap_11644 add_new_bitmap 3 11644 NULL +sisusb_send_bridge_packet_11649 sisusb_send_bridge_packet 2 11649 NULL +nla_total_size_11658 nla_total_size 0-1 11658 NULL +ide_queue_pc_tail_11673 ide_queue_pc_tail 5 11673 NULL ++compat_SyS_msgsnd_11675 compat_SyS_msgsnd 2-3 11675 NULL +btrfs_alloc_delayed_item_11678 btrfs_alloc_delayed_item 1 11678 NULL +dsp_buffer_alloc_11684 dsp_buffer_alloc 2 11684 NULL +sctp_setsockopt_hmac_ident_11687 sctp_setsockopt_hmac_ident 3 11687 NULL @@ -96065,6 +101006,7 @@ index 0000000..7982a0c +compat_do_arpt_set_ctl_12184 compat_do_arpt_set_ctl 4 12184 NULL +ip_generic_getfrag_12187 ip_generic_getfrag 3-4 12187 NULL +bl_is_sector_init_12199 bl_is_sector_init 2 12199 NULL ++scaled_div_12201 scaled_div 1-2 12201 NULL +free_initrd_mem_12203 free_initrd_mem 1 12203 NULL +receive_copy_12216 receive_copy 3 12216 NULL +snd_pcm_kernel_ioctl_12219 snd_pcm_kernel_ioctl 0 12219 NULL @@ -96079,6 +101021,7 @@ index 0000000..7982a0c +roundup_to_multiple_of_64_12288 roundup_to_multiple_of_64 0-1 12288 NULL nohasharray +il_dbgfs_nvm_read_12288 il_dbgfs_nvm_read 3 12288 &roundup_to_multiple_of_64_12288 +vxge_get_num_vfs_12302 vxge_get_num_vfs 0 12302 NULL ++wrap_min_12303 wrap_min 0-1-2 12303 NULL +tipc_msg_build_12326 tipc_msg_build 4 12326 NULL +pcbit_writecmd_12332 pcbit_writecmd 2 12332 NULL +mptctl_ioctl_12355 mptctl_ioctl 2 12355 NULL @@ -96086,6 +101029,7 @@ index 0000000..7982a0c +__nf_ct_ext_add_length_12364 __nf_ct_ext_add_length 3 12364 NULL +xfs_iext_inline_to_direct_12384 xfs_iext_inline_to_direct 2 12384 NULL +btrfs_file_extent_ram_bytes_12391 btrfs_file_extent_ram_bytes 0 12391 NULL ++hbucket_elem_add_12416 hbucket_elem_add 3 12416 NULL +ieee80211_if_read_num_mcast_sta_12419 ieee80211_if_read_num_mcast_sta 3 12419 NULL +skb_do_copy_data_nocache_12465 skb_do_copy_data_nocache 5 12465 NULL +qla4_82xx_pci_mem_write_direct_12479 qla4_82xx_pci_mem_write_direct 2 12479 NULL @@ -96106,6 +101050,7 @@ index 0000000..7982a0c +pwr_rcvd_awake_bcns_cnt_read_12632 pwr_rcvd_awake_bcns_cnt_read 3 12632 NULL +ctrl_cdev_compat_ioctl_12634 ctrl_cdev_compat_ioctl 3 12634 NULL +pn_sendmsg_12640 pn_sendmsg 4 12640 NULL ++dwc3_link_state_write_12641 dwc3_link_state_write 3 12641 NULL +wb_create_12651 wb_create 1 12651 NULL +ocfs2_read_block_12659 ocfs2_read_block 0 12659 NULL +sel_read_class_12669 sel_read_class 3 12669 NULL nohasharray @@ -96113,12 +101058,14 @@ index 0000000..7982a0c +ieee80211_if_read_num_buffered_multicast_12716 ieee80211_if_read_num_buffered_multicast 3 12716 NULL +ivtv_write_12721 ivtv_write 3 12721 NULL +key_rx_spec_read_12736 key_rx_spec_read 3 12736 NULL ++__mei_cl_async_send_12737 __mei_cl_async_send 3 12737 NULL +__videobuf_alloc_cached_12740 __videobuf_alloc_cached 1 12740 NULL +ieee80211_if_read_dot11MeshMaxRetries_12756 ieee80211_if_read_dot11MeshMaxRetries 3 12756 NULL +listxattr_12769 listxattr 3 12769 NULL +sctp_ssnmap_init_12772 sctp_ssnmap_init 2-3 12772 NULL +ieee80211_rx_mgmt_beacon_12780 ieee80211_rx_mgmt_beacon 3 12780 NULL +platform_create_bundle_12785 platform_create_bundle 4-6 12785 NULL ++btrfs_remove_free_space_12793 btrfs_remove_free_space 2 12793 NULL +scsi_adjust_queue_depth_12802 scsi_adjust_queue_depth 3 12802 NULL +xfs_inumbers_fmt_12817 xfs_inumbers_fmt 3 12817 NULL +readq_12825 readq 0 12825 NULL @@ -96142,6 +101089,7 @@ index 0000000..7982a0c +generic_segment_checks_13041 generic_segment_checks 0 13041 NULL +ocfs2_write_begin_13045 ocfs2_write_begin 3-4 13045 NULL +__dn_setsockopt_13060 __dn_setsockopt 5 13060 NULL ++biovec_create_pool_13079 biovec_create_pool 2 13079 NULL +irq_set_chip_and_handler_13088 irq_set_chip_and_handler 1 13088 NULL +xattr_getsecurity_13090 xattr_getsecurity 0 13090 NULL +blk_rq_map_sg_13092 blk_rq_map_sg 0 13092 NULL @@ -96176,6 +101124,7 @@ index 0000000..7982a0c +lpfc_idiag_mbxacc_get_setup_13282 lpfc_idiag_mbxacc_get_setup 0 13282 NULL +platform_device_add_resources_13289 platform_device_add_resources 3 13289 NULL +i915_drop_caches_write_13308 i915_drop_caches_write 3 13308 NULL ++reexecute_instruction_13321 reexecute_instruction 2 13321 NULL +us122l_ctl_msg_13330 us122l_ctl_msg 8 13330 NULL +__clone_and_map_data_bio_13334 __clone_and_map_data_bio 4-8 13334 NULL +kvm_read_nested_guest_page_13337 kvm_read_nested_guest_page 5-2 13337 NULL @@ -96183,6 +101132,7 @@ index 0000000..7982a0c +mthca_alloc_mtt_range_13371 mthca_alloc_mtt_range 2 13371 NULL +iso_sched_alloc_13377 iso_sched_alloc 1 13377 NULL nohasharray +wep_key_not_found_read_13377 wep_key_not_found_read 3 13377 &iso_sched_alloc_13377 ++dis_bypass_write_13388 dis_bypass_write 3 13388 NULL +carl9170_rx_untie_data_13405 carl9170_rx_untie_data 3 13405 NULL +sky2_receive_13407 sky2_receive 2 13407 NULL +netxen_alloc_sds_rings_13417 netxen_alloc_sds_rings 2 13417 NULL @@ -96195,7 +101145,8 @@ index 0000000..7982a0c +core_status_13515 core_status 4 13515 NULL +smk_write_mapped_13519 smk_write_mapped 3 13519 NULL +bm_init_13529 bm_init 2 13529 NULL -+non_atomic_pte_lookup_13540 non_atomic_pte_lookup 2 13540 NULL ++non_atomic_pte_lookup_13540 non_atomic_pte_lookup 2 13540 NULL nohasharray ++SYSC_remap_file_pages_13540 SYSC_remap_file_pages 1 13540 &non_atomic_pte_lookup_13540 +ieee80211_if_read_ap_power_level_13558 ieee80211_if_read_ap_power_level 3 13558 NULL +ubifs_get_idx_gc_leb_13566 ubifs_get_idx_gc_leb 0 13566 NULL +sys_madvise_13569 sys_madvise 1 13569 NULL @@ -96220,6 +101171,7 @@ index 0000000..7982a0c +ath6kl_mgmt_powersave_ap_13791 ath6kl_mgmt_powersave_ap 6 13791 NULL +random_read_13815 random_read 3 13815 NULL +hsi_register_board_info_13820 hsi_register_board_info 2 13820 NULL ++___mei_cl_send_13821 ___mei_cl_send 3 13821 NULL +evdev_ioctl_compat_13851 evdev_ioctl_compat 2-3 13851 NULL +compat_ip_setsockopt_13870 compat_ip_setsockopt 5 13870 NULL nohasharray +alloc_trace_uprobe_13870 alloc_trace_uprobe 3 13870 &compat_ip_setsockopt_13870 @@ -96239,7 +101191,9 @@ index 0000000..7982a0c +bm_block_bits_13981 bm_block_bits 0 13981 NULL nohasharray +dvb_demux_read_13981 dvb_demux_read 3 13981 &bm_block_bits_13981 +btrfs_get_blocks_direct_14016 btrfs_get_blocks_direct 2 14016 NULL ++dmi_format_ids_14018 dmi_format_ids 2 14018 NULL +_rtl92s_firmware_downloadcode_14021 _rtl92s_firmware_downloadcode 3 14021 NULL ++iscsi_create_flashnode_conn_14022 iscsi_create_flashnode_conn 4 14022 NULL +dvb_usercopy_14036 dvb_usercopy 2 14036 NULL +read_def_modal_eeprom_14041 read_def_modal_eeprom 3 14041 NULL +ieee80211_if_fmt_aid_14055 ieee80211_if_fmt_aid 3 14055 NULL @@ -96250,6 +101204,7 @@ index 0000000..7982a0c +nlmsg_len_14115 nlmsg_len 0 14115 NULL +vfio_fops_compat_ioctl_14130 vfio_fops_compat_ioctl 3 14130 NULL +ntfs_rl_replace_14136 ntfs_rl_replace 2-4 14136 NULL ++isku_sysfs_read_light_14140 isku_sysfs_read_light 6 14140 NULL +em_canid_change_14150 em_canid_change 3 14150 NULL +gsm_dlci_data_14155 gsm_dlci_data 3 14155 NULL +print_input_mask_14168 print_input_mask 3-0 14168 NULL @@ -96288,6 +101243,7 @@ index 0000000..7982a0c +drm_vmalloc_dma_14550 drm_vmalloc_dma 1 14550 NULL +usb_dump_desc_14553 usb_dump_desc 0 14553 NULL +qp_host_alloc_queue_14566 qp_host_alloc_queue 1 14566 NULL ++SyS_setdomainname_14569 SyS_setdomainname 2 14569 NULL +remap_to_origin_then_cache_14583 remap_to_origin_then_cache 3 14583 NULL +idmap_pipe_downcall_14591 idmap_pipe_downcall 3 14591 NULL +ceph_osdc_alloc_request_14597 ceph_osdc_alloc_request 3 14597 NULL @@ -96297,6 +101253,8 @@ index 0000000..7982a0c +pipeline_enc_tx_stat_fifo_int_read_14680 pipeline_enc_tx_stat_fifo_int_read 3 14680 NULL +ieee80211_if_fmt_rc_rateidx_mask_2ghz_14683 ieee80211_if_fmt_rc_rateidx_mask_2ghz 3 14683 NULL +tsi148_master_set_14685 tsi148_master_set 4 14685 NULL ++SyS_fsetxattr_14702 SyS_fsetxattr 4 14702 NULL ++persistent_ram_ecc_string_14704 persistent_ram_ecc_string 0 14704 NULL +u_audio_playback_14709 u_audio_playback 3 14709 NULL +get_bio_block_14714 get_bio_block 0 14714 NULL +vfd_write_14717 vfd_write 3 14717 NULL @@ -96311,6 +101269,7 @@ index 0000000..7982a0c +hpet_readl_14801 hpet_readl 0 14801 NULL nohasharray +snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 &hpet_readl_14801 +bcma_scan_read32_14802 bcma_scan_read32 0 14802 NULL ++do_tune_cpucache_14828 do_tune_cpucache 2 14828 NULL +__mutex_fastpath_lock_retval_14844 __mutex_fastpath_lock_retval 0 14844 NULL +mrp_attr_create_14853 mrp_attr_create 3 14853 NULL +lcd_write_14857 lcd_write 3 14857 NULL nohasharray @@ -96319,6 +101278,7 @@ index 0000000..7982a0c +sriov_enable_migration_14889 sriov_enable_migration 2 14889 NULL +acpi_os_allocate_14892 acpi_os_allocate 1 14892 NULL +unifi_read_14899 unifi_read 3 14899 NULL ++SYSC_readv_14901 SYSC_readv 3 14901 NULL +krealloc_14908 krealloc 2 14908 NULL +regmap_irq_get_virq_14910 regmap_irq_get_virq 2 14910 NULL +__arch_hweight64_14923 __arch_hweight64 0 14923 NULL nohasharray @@ -96329,6 +101289,7 @@ index 0000000..7982a0c +mce_flush_rx_buffer_14976 mce_flush_rx_buffer 2 14976 NULL +setkey_14987 setkey 3 14987 NULL nohasharray +gpio_twl4030_write_14987 gpio_twl4030_write 1 14987 &setkey_14987 ++xfs_dinode_size_14996 xfs_dinode_size 0 14996 NULL +vmap_15025 vmap 2 15025 NULL +blk_integrity_tuple_size_15027 blk_integrity_tuple_size 0 15027 NULL +irq_get_next_irq_15053 irq_get_next_irq 1 15053 NULL @@ -96336,15 +101297,18 @@ index 0000000..7982a0c +ieee80211_if_read_uapsd_max_sp_len_15067 ieee80211_if_read_uapsd_max_sp_len 3 15067 NULL +nfs4_write_cached_acl_15070 nfs4_write_cached_acl 4 15070 NULL +ntfs_copy_from_user_15072 ntfs_copy_from_user 3-5 15072 NULL ++compat_SyS_preadv_15105 compat_SyS_preadv 3 15105 NULL +hex_dump_to_buffer_15121 hex_dump_to_buffer 6 15121 NULL +start_port_15124 start_port 0 15124 NULL +memchr_15126 memchr 0 15126 NULL +ipwireless_ppp_mru_15153 ipwireless_ppp_mru 0 15153 NULL +self_check_not_bad_15175 self_check_not_bad 0 15175 NULL ++SYSC_setdomainname_15180 SYSC_setdomainname 2 15180 NULL +iscsi_create_endpoint_15193 iscsi_create_endpoint 1 15193 NULL +reserve_resources_15194 reserve_resources 3 15194 NULL +bfad_debugfs_write_regrd_15218 bfad_debugfs_write_regrd 3 15218 NULL +il_dbgfs_rx_stats_read_15243 il_dbgfs_rx_stats_read 3 15243 NULL ++div64_u64_15263 div64_u64 0-1-2 15263 NULL +compat_raw_ioctl_15290 compat_raw_ioctl 3 15290 NULL +sys_connect_15291 sys_connect 3 15291 NULL nohasharray +xlate_dev_mem_ptr_15291 xlate_dev_mem_ptr 1 15291 &sys_connect_15291 @@ -96405,7 +101369,8 @@ index 0000000..7982a0c +gx1_read_conf_reg_15817 gx1_read_conf_reg 0 15817 NULL nohasharray +nameseq_list_15817 nameseq_list 3 15817 &gx1_read_conf_reg_15817 nohasharray +gnttab_expand_15817 gnttab_expand 1 15817 &nameseq_list_15817 -+afs_proc_rootcell_write_15822 afs_proc_rootcell_write 3 15822 NULL ++afs_proc_rootcell_write_15822 afs_proc_rootcell_write 3 15822 NULL nohasharray ++firmware_upload_15822 firmware_upload 3 15822 &afs_proc_rootcell_write_15822 +brcmf_sdbrcm_died_dump_15841 brcmf_sdbrcm_died_dump 3 15841 NULL +table_size_15851 table_size 0-1-2 15851 NULL +ubi_io_write_15870 ubi_io_write 5-4 15870 NULL nohasharray @@ -96418,6 +101383,7 @@ index 0000000..7982a0c +lpfc_idiag_drbacc_read_15948 lpfc_idiag_drbacc_read 3 15948 NULL +snd_pcm_lib_read_transfer_15952 snd_pcm_lib_read_transfer 4-2-5 15952 NULL +remap_pci_mem_15966 remap_pci_mem 1-2 15966 NULL ++tfrc_calc_x_15975 tfrc_calc_x 1-2 15975 NULL +frame_alloc_15981 frame_alloc 4 15981 NULL +alloc_vm_area_15989 alloc_vm_area 1 15989 NULL +hdpvr_register_videodev_16010 hdpvr_register_videodev 3 16010 NULL @@ -96436,6 +101402,7 @@ index 0000000..7982a0c +bnx2i_get_cid_num_16166 bnx2i_get_cid_num 0 16166 NULL +mapping_level_16188 mapping_level 2 16188 NULL +cipso_v4_map_cat_rng_hton_16203 cipso_v4_map_cat_rng_hton 0 16203 NULL ++SyS_pselect6_16210 SyS_pselect6 1 16210 NULL +create_table_16213 create_table 2 16213 NULL +atomic_read_file_16227 atomic_read_file 3 16227 NULL +BcmGetSectionValStartOffset_16235 BcmGetSectionValStartOffset 0 16235 NULL @@ -96452,8 +101419,11 @@ index 0000000..7982a0c +mirror_status_16283 mirror_status 5 16283 &account_16283 +retry_instruction_16285 retry_instruction 2 16285 NULL +stk_allocate_buffers_16291 stk_allocate_buffers 2 16291 NULL ++rbd_segment_offset_16293 rbd_segment_offset 0-2 16293 NULL ++tfrc_invert_loss_event_rate_16295 tfrc_invert_loss_event_rate 1 16295 NULL +rsc_mgr_init_16299 rsc_mgr_init 3 16299 NULL +wb_map_16301 wb_map 2 16301 NULL ++ext4_blocks_count_16320 ext4_blocks_count 0 16320 NULL +vmw_cursor_update_image_16332 vmw_cursor_update_image 3-4 16332 NULL +total_ps_buffered_read_16365 total_ps_buffered_read 3 16365 NULL +iscsi_tcp_conn_setup_16376 iscsi_tcp_conn_setup 2 16376 NULL @@ -96483,6 +101453,7 @@ index 0000000..7982a0c +drm_malloc_ab_16831 drm_malloc_ab 1-2 16831 NULL +scsi_mode_sense_16835 scsi_mode_sense 5 16835 NULL +hfsplus_min_io_size_16859 hfsplus_min_io_size 0 16859 NULL ++vfio_pci_rw_16861 vfio_pci_rw 3 16861 NULL +alloc_idx_lebs_16872 alloc_idx_lebs 2 16872 NULL +carl9170_debugfs_ampdu_state_read_16873 carl9170_debugfs_ampdu_state_read 3 16873 NULL +st_write_16874 st_write 3 16874 NULL @@ -96537,6 +101508,7 @@ index 0000000..7982a0c +_fd_dma_mem_free_17406 _fd_dma_mem_free 1 17406 NULL +lpfc_debugfs_dif_err_write_17424 lpfc_debugfs_dif_err_write 3 17424 NULL +sta_connected_time_read_17435 sta_connected_time_read 3 17435 NULL ++SYSC_fcntl_17441 SYSC_fcntl 3 17441 NULL +nla_get_u32_17455 nla_get_u32 0 17455 NULL +__ref_totlen_17461 __ref_totlen 0 17461 NULL +compat_cmd_17465 compat_cmd 2 17465 NULL @@ -96556,16 +101528,22 @@ index 0000000..7982a0c +ocfs2_mark_extent_written_17615 ocfs2_mark_extent_written 6 17615 NULL +ieee80211_if_read_dot11MeshHWMPactivePathToRootTimeout_17618 ieee80211_if_read_dot11MeshHWMPactivePathToRootTimeout 3 17618 NULL +twl4030_set_gpio_direction_17645 twl4030_set_gpio_direction 1 17645 NULL ++SYSC_migrate_pages_17657 SYSC_migrate_pages 2 17657 NULL +packet_setsockopt_17662 packet_setsockopt 5 17662 NULL nohasharray +ubi_io_read_data_17662 ubi_io_read_data 0 17662 &packet_setsockopt_17662 +pwr_enable_ps_read_17686 pwr_enable_ps_read 3 17686 NULL +gfn_to_pfn_memslot_17693 gfn_to_pfn_memslot 2 17693 NULL +__einj_error_trigger_17707 __einj_error_trigger 1 17707 NULL nohasharray +venus_rename_17707 venus_rename 5-4 17707 &__einj_error_trigger_17707 ++isku_sysfs_write_keys_function_17726 isku_sysfs_write_keys_function 6 17726 NULL +exofs_read_lookup_dev_table_17733 exofs_read_lookup_dev_table 3 17733 NULL +sctpprobe_read_17741 sctpprobe_read 3 17741 NULL +mark_unsafe_pages_17759 mark_unsafe_pages 0 17759 NULL +brcmf_usb_attach_17766 brcmf_usb_attach 2-3 17766 NULL ++dtf_read_run_17768 dtf_read_run 3 17768 NULL ++brcmf_sdio_chip_verifynvram_17776 brcmf_sdio_chip_verifynvram 4 17776 NULL ++hash_ipport6_expire_17784 hash_ipport6_expire 3 17784 NULL ++perf_clock_17787 perf_clock 0 17787 NULL +ubifs_leb_change_17789 ubifs_leb_change 4 17789 NULL +_snd_pcm_lib_alloc_vmalloc_buffer_17820 _snd_pcm_lib_alloc_vmalloc_buffer 2 17820 NULL +gnet_stats_copy_app_17821 gnet_stats_copy_app 3 17821 NULL @@ -96601,7 +101579,9 @@ index 0000000..7982a0c +hex_byte_pack_18064 hex_byte_pack 0 18064 NULL +packet_came_18072 packet_came 3 18072 NULL +kvm_read_guest_page_18074 kvm_read_guest_page 5-2 18074 NULL ++SYSC_pselect6_18076 SYSC_pselect6 1 18076 NULL +get_vm_area_18080 get_vm_area 1 18080 NULL ++SYSC_semtimedop_18091 SYSC_semtimedop 3 18091 NULL +mpi_alloc_18094 mpi_alloc 1 18094 NULL +dfs_file_read_18116 dfs_file_read 3 18116 NULL +svc_getnl_18120 svc_getnl 0 18120 NULL @@ -96614,6 +101594,7 @@ index 0000000..7982a0c +gsm_control_message_18209 gsm_control_message 4 18209 NULL +do_ipv6_setsockopt_18215 do_ipv6_setsockopt 5 18215 NULL +gnttab_alloc_grant_references_18240 gnttab_alloc_grant_references 1 18240 NULL ++alloc_trace_uprobe_18247 alloc_trace_uprobe 3 18247 NULL +snd_ctl_ioctl_compat_18250 snd_ctl_ioctl_compat 3 18250 NULL +qdisc_class_hash_alloc_18262 qdisc_class_hash_alloc 1 18262 NULL +gfs2_alloc_sort_buffer_18275 gfs2_alloc_sort_buffer 1 18275 NULL @@ -96631,13 +101612,17 @@ index 0000000..7982a0c +bio_integrity_advance_18324 bio_integrity_advance 2 18324 NULL +pwr_power_save_off_read_18355 pwr_power_save_off_read 3 18355 NULL +xlbd_reserve_minors_18365 xlbd_reserve_minors 1-2 18365 NULL ++SyS_process_vm_readv_18366 SyS_process_vm_readv 3-5 18366 NULL +ep_io_18367 ep_io 0 18367 NULL +qib_user_sdma_num_pages_18371 qib_user_sdma_num_pages 0 18371 NULL ++ci_role_write_18388 ci_role_write 3 18388 NULL +__video_register_device_18399 __video_register_device 3 18399 NULL -+adis16136_show_serial_18402 adis16136_show_serial 3 18402 NULL ++hash_ip4_expire_18402 hash_ip4_expire 3 18402 NULL nohasharray ++adis16136_show_serial_18402 adis16136_show_serial 3 18402 &hash_ip4_expire_18402 +crystalhd_user_data_18407 crystalhd_user_data 3 18407 NULL +usbnet_write_cmd_nopm_18426 usbnet_write_cmd_nopm 7 18426 NULL -+batadv_orig_node_add_if_18433 batadv_orig_node_add_if 2 18433 NULL ++batadv_orig_node_add_if_18433 batadv_orig_node_add_if 2 18433 NULL nohasharray ++iscsi_create_flashnode_sess_18433 iscsi_create_flashnode_sess 4 18433 &batadv_orig_node_add_if_18433 +snd_hda_get_connections_18437 snd_hda_get_connections 0 18437 NULL +fuse_perform_write_18457 fuse_perform_write 4 18457 NULL +regset_tls_set_18459 regset_tls_set 4 18459 NULL @@ -96653,7 +101638,8 @@ index 0000000..7982a0c +debug_output_18575 debug_output 3 18575 NULL +check_lpt_type_18577 check_lpt_type 0 18577 NULL +__netdev_alloc_skb_18595 __netdev_alloc_skb 2 18595 NULL -+filemap_fdatawait_range_18600 filemap_fdatawait_range 0 18600 NULL ++filemap_fdatawait_range_18600 filemap_fdatawait_range 0 18600 NULL nohasharray ++slabinfo_write_18600 slabinfo_write 3 18600 &filemap_fdatawait_range_18600 +iowarrior_write_18604 iowarrior_write 3 18604 NULL +batadv_arp_get_type_18609 batadv_arp_get_type 3 18609 NULL +from_buffer_18625 from_buffer 3 18625 NULL @@ -96662,9 +101648,11 @@ index 0000000..7982a0c +unmap_page_18665 unmap_page 2-3 18665 NULL +xfs_iext_insert_18667 xfs_iext_insert 3 18667 NULL +replay_log_leb_18704 replay_log_leb 3 18704 NULL -+iwl_dbgfs_rx_handlers_read_18708 iwl_dbgfs_rx_handlers_read 3 18708 NULL ++unlocked_compat_ipmi_ioctl_18708 unlocked_compat_ipmi_ioctl 3 18708 NULL nohasharray ++iwl_dbgfs_rx_handlers_read_18708 iwl_dbgfs_rx_handlers_read 3 18708 &unlocked_compat_ipmi_ioctl_18708 +ceph_alloc_page_vector_18710 ceph_alloc_page_vector 1 18710 NULL +ocfs2_trim_extent_18711 ocfs2_trim_extent 4-3 18711 NULL ++compat_SyS_writev_18712 compat_SyS_writev 3 18712 NULL +blk_rq_bytes_18715 blk_rq_bytes 0 18715 NULL +snd_als4k_gcr_read_addr_18741 snd_als4k_gcr_read_addr 0 18741 NULL +o2hb_debug_create_18744 o2hb_debug_create 4 18744 NULL @@ -96673,6 +101661,7 @@ index 0000000..7982a0c +md_compat_ioctl_18764 md_compat_ioctl 4 18764 NULL +read_file_dump_nfcal_18766 read_file_dump_nfcal 3 18766 NULL +ffs_epfile_read_18775 ffs_epfile_read 3 18775 NULL ++SyS_lsetxattr_18776 SyS_lsetxattr 4 18776 NULL +alloc_fcdev_18780 alloc_fcdev 1 18780 NULL +fat_compat_dir_ioctl_18800 fat_compat_dir_ioctl 3 18800 NULL +ieee80211_auth_challenge_18810 ieee80211_auth_challenge 3 18810 NULL @@ -96689,6 +101678,7 @@ index 0000000..7982a0c +ceph_setxattr_18913 ceph_setxattr 4 18913 NULL +mangle_packet_18920 mangle_packet 7-9 18920 NULL +snapshot_write_next_18937 snapshot_write_next 0 18937 NULL ++regcache_sync_block_18963 regcache_sync_block 3-4 18963 NULL +__nla_reserve_18974 __nla_reserve 3 18974 NULL +gfn_to_pfn_atomic_18981 gfn_to_pfn_atomic 2 18981 NULL +find_dirtiest_idx_leb_19001 find_dirtiest_idx_leb 0 19001 NULL @@ -96700,6 +101690,8 @@ index 0000000..7982a0c +drm_fb_helper_init_19044 drm_fb_helper_init 3-4 19044 NULL +create_gpadl_header_19064 create_gpadl_header 2 19064 NULL +ieee80211_key_alloc_19065 ieee80211_key_alloc 3 19065 NULL ++msix_map_region_19072 msix_map_region 2 19072 NULL ++ceph_create_snap_context_19082 ceph_create_snap_context 1 19082 NULL +sys_process_vm_readv_19090 sys_process_vm_readv 3-5 19090 NULL nohasharray +brcmf_usbdev_qinit_19090 brcmf_usbdev_qinit 2 19090 &sys_process_vm_readv_19090 +sta_last_seq_ctrl_read_19106 sta_last_seq_ctrl_read 3 19106 NULL @@ -96727,11 +101719,14 @@ index 0000000..7982a0c +gfn_to_gpa_19320 gfn_to_gpa 0-1 19320 NULL +debug_read_19322 debug_read 3 19322 NULL +cfg80211_inform_bss_19332 cfg80211_inform_bss 8 19332 NULL ++closure_sub_19359 closure_sub 2 19359 NULL +read_zero_19366 read_zero 3 19366 NULL +interpret_user_input_19393 interpret_user_input 2 19393 NULL ++sync_fill_pt_info_19397 sync_fill_pt_info 0 19397 NULL +get_n_events_by_type_19401 get_n_events_by_type 0 19401 NULL +dvbdmx_write_19423 dvbdmx_write 3 19423 NULL +__phys_addr_19434 __phys_addr 0 19434 NULL ++SyS_sched_getaffinity_19444 SyS_sched_getaffinity 2 19444 NULL +xfrm_alg_auth_len_19454 xfrm_alg_auth_len 0 19454 NULL +hpet_compat_ioctl_19455 hpet_compat_ioctl 3 19455 NULL +gnet_stats_copy_19458 gnet_stats_copy 4 19458 NULL @@ -96750,10 +101745,12 @@ index 0000000..7982a0c +bm_status_read_19583 bm_status_read 3 19583 NULL +batadv_tt_update_orig_19586 batadv_tt_update_orig 4 19586 NULL +load_xattr_datum_19594 load_xattr_datum 0 19594 NULL ++__mei_cl_recv_19636 __mei_cl_recv 3 19636 NULL +usbvision_rvmalloc_19655 usbvision_rvmalloc 1 19655 NULL +LoadBitmap_19658 LoadBitmap 2 19658 NULL +usbnet_write_cmd_19679 usbnet_write_cmd 7 19679 NULL +bio_detain_19690 bio_detain 2 19690 NULL ++mem_cgroup_swappiness_19718 mem_cgroup_swappiness 0 19718 NULL +read_reg_19723 read_reg 0 19723 NULL +wm8350_block_write_19727 wm8350_block_write 3-2 19727 NULL +memcpy_toiovecend_19736 memcpy_toiovecend 4-3 19736 NULL @@ -96779,8 +101776,10 @@ index 0000000..7982a0c +iwl_dbgfs_rx_queue_read_19943 iwl_dbgfs_rx_queue_read 3 19943 NULL +attach_hdlc_protocol_19986 attach_hdlc_protocol 3 19986 NULL +diva_um_idi_read_20003 diva_um_idi_read 0 20003 NULL ++SYSC_fgetxattr_20027 SYSC_fgetxattr 4 20027 NULL +split_scan_timeout_read_20029 split_scan_timeout_read 3 20029 NULL +alloc_ieee80211_20063 alloc_ieee80211 1 20063 NULL ++btrfs_pin_extent_for_log_replay_20069 btrfs_pin_extent_for_log_replay 2 20069 NULL +rawv6_sendmsg_20080 rawv6_sendmsg 4 20080 NULL +fuse_conn_limit_read_20084 fuse_conn_limit_read 3 20084 NULL +team_options_register_20091 team_options_register 3 20091 NULL @@ -96808,6 +101807,7 @@ index 0000000..7982a0c +__kfifo_from_user_20399 __kfifo_from_user 3 20399 NULL +xen_create_contiguous_region_20457 xen_create_contiguous_region 1 20457 NULL +nfs3_setxattr_20458 nfs3_setxattr 4 20458 NULL ++dec_zcache_pers_zpages_20465 dec_zcache_pers_zpages 1 20465 NULL +compat_ipv6_setsockopt_20468 compat_ipv6_setsockopt 5 20468 NULL +read_buf_20469 read_buf 2 20469 NULL +btrfs_get_32_20476 btrfs_get_32 0 20476 NULL @@ -96825,6 +101825,7 @@ index 0000000..7982a0c +crypto_ahash_reqsize_20569 crypto_ahash_reqsize 0 20569 NULL +i915_max_freq_read_20581 i915_max_freq_read 3 20581 NULL +batadv_tt_append_diff_20588 batadv_tt_append_diff 4 20588 NULL ++sync_timeline_create_20601 sync_timeline_create 2 20601 NULL +lirc_write_20604 lirc_write 3 20604 NULL +qib_qsfp_write_20614 qib_qsfp_write 0-4-2 20614 NULL +snd_pcm_oss_prepare_20641 snd_pcm_oss_prepare 0 20641 NULL @@ -96850,12 +101851,15 @@ index 0000000..7982a0c +ocfs2_align_bytes_to_clusters_20754 ocfs2_align_bytes_to_clusters 2 20754 NULL +brcmf_p2p_escan_20763 brcmf_p2p_escan 2 20763 NULL +ubi_io_read_20767 ubi_io_read 0 20767 NULL ++ext4_r_blocks_count_20768 ext4_r_blocks_count 0 20768 NULL +fb_alloc_cmap_gfp_20792 fb_alloc_cmap_gfp 2 20792 NULL +iommu_range_alloc_20794 iommu_range_alloc 3 20794 NULL +iwl_dbgfs_rxon_flags_read_20795 iwl_dbgfs_rxon_flags_read 3 20795 NULL +sys_sendto_20809 sys_sendto 6 20809 NULL ++cfv_alloc_and_copy_skb_20812 cfv_alloc_and_copy_skb 4 20812 NULL +strndup_user_20819 strndup_user 2 20819 NULL +calc_layout_20829 calc_layout 3 20829 NULL ++dtf_read_channel_20831 dtf_read_channel 3 20831 NULL +wl1271_format_buffer_20834 wl1271_format_buffer 2 20834 NULL +uvc_alloc_entity_20836 uvc_alloc_entity 3-4 20836 NULL +snd_pcm_capture_avail_20867 snd_pcm_capture_avail 0 20867 NULL @@ -96888,10 +101892,13 @@ index 0000000..7982a0c +i2400m_rx_trace_21127 i2400m_rx_trace 3 21127 NULL +tps6586x_irq_init_21144 tps6586x_irq_init 3 21144 NULL +ocfs2_block_check_validate_21149 ocfs2_block_check_validate 2 21149 NULL ++alloc_pg_vec_21159 alloc_pg_vec 3 21159 NULL +cx18_v4l2_read_21196 cx18_v4l2_read 3 21196 NULL +ipc_rcu_alloc_21208 ipc_rcu_alloc 1 21208 NULL ++scsi_execute_req_flags_21215 scsi_execute_req_flags 5 21215 NULL +_ocfs2_free_clusters_21220 _ocfs2_free_clusters 4 21220 NULL +get_numpages_21227 get_numpages 0-1-2 21227 NULL ++SyS_mlock_21238 SyS_mlock 1 21238 NULL +input_ff_create_21240 input_ff_create 2 21240 NULL +cfg80211_notify_new_peer_candidate_21242 cfg80211_notify_new_peer_candidate 4 21242 NULL +ocfs2_blocks_for_bytes_21268 ocfs2_blocks_for_bytes 0-2 21268 NULL @@ -96905,6 +101912,7 @@ index 0000000..7982a0c +gfs2_ea_get_copy_21353 gfs2_ea_get_copy 0 21353 NULL +max77693_irq_domain_map_21357 max77693_irq_domain_map 2 21357 NULL +alloc_orinocodev_21371 alloc_orinocodev 1 21371 NULL ++SYSC_rt_sigpending_21379 SYSC_rt_sigpending 2 21379 NULL +video_ioctl2_21380 video_ioctl2 2 21380 NULL +diva_get_driver_dbg_mask_21399 diva_get_driver_dbg_mask 0 21399 NULL +snd_m3_inw_21406 snd_m3_inw 0 21406 NULL @@ -96914,6 +101922,7 @@ index 0000000..7982a0c +aggr_size_tx_agg_vs_rate_read_21438 aggr_size_tx_agg_vs_rate_read 3 21438 NULL +__ertm_hdr_size_21450 __ertm_hdr_size 0 21450 NULL +concat_writev_21451 concat_writev 3 21451 NULL ++mei_nfc_send_21477 mei_nfc_send 3 21477 NULL +read_file_xmit_21487 read_file_xmit 3 21487 NULL +mmc_alloc_sg_21504 mmc_alloc_sg 1 21504 NULL +btrfs_file_aio_write_21520 btrfs_file_aio_write 4 21520 NULL @@ -96923,6 +101932,7 @@ index 0000000..7982a0c +rx_rx_beacon_early_term_read_21559 rx_rx_beacon_early_term_read 3 21559 NULL +xfs_buf_read_uncached_21585 xfs_buf_read_uncached 3 21585 NULL +ocfs2_acl_from_xattr_21604 ocfs2_acl_from_xattr 2 21604 NULL ++compat_SyS_pwritev64_21606 compat_SyS_pwritev64 3 21606 NULL +__jfs_getxattr_21631 __jfs_getxattr 0 21631 NULL +validate_nnode_21638 validate_nnode 0 21638 NULL +__irq_alloc_descs_21639 __irq_alloc_descs 2-1-3 21639 NULL @@ -96955,9 +101965,12 @@ index 0000000..7982a0c +qsfp_1_read_21915 qsfp_1_read 3 21915 NULL +security_mmap_addr_21970 security_mmap_addr 0 21970 NULL +alloc_ldt_21972 alloc_ldt 2 21972 NULL ++SYSC_prctl_21980 SYSC_prctl 4 21980 NULL +rxpipe_descr_host_int_trig_rx_data_read_22001 rxpipe_descr_host_int_trig_rx_data_read 3 22001 NULL nohasharray +compat_rw_copy_check_uvector_22001 compat_rw_copy_check_uvector 0-3 22001 &rxpipe_descr_host_int_trig_rx_data_read_22001 ++regcache_sync_block_raw_flush_22021 regcache_sync_block_raw_flush 3-4 22021 NULL +btrfs_get_16_22023 btrfs_get_16 0 22023 NULL ++_sp2d_min_pg_22032 _sp2d_min_pg 0 22032 NULL +zd_usb_read_fw_22049 zd_usb_read_fw 4 22049 NULL +ieee80211_if_fmt_dropped_frames_ttl_22054 ieee80211_if_fmt_dropped_frames_ttl 3 22054 NULL +btrfs_reloc_clone_csums_22077 btrfs_reloc_clone_csums 2 22077 NULL @@ -96965,6 +101978,8 @@ index 0000000..7982a0c +mem_rw_22085 mem_rw 3 22085 NULL +is_swbp_at_addr_22089 is_swbp_at_addr 2 22089 NULL +lowpan_fragment_xmit_22095 lowpan_fragment_xmit 3-4 22095 NULL ++sched_clock_cpu_22098 sched_clock_cpu 0 22098 NULL ++qlcnic_sriov_pf_enable_22103 qlcnic_sriov_pf_enable 2 22103 NULL +sys_remap_file_pages_22124 sys_remap_file_pages 1 22124 NULL +__bitmap_size_22138 __bitmap_size 0 22138 NULL +compat_insn_22142 compat_insn 2 22142 NULL @@ -96981,6 +101996,7 @@ index 0000000..7982a0c +__tun_chr_ioctl_22300 __tun_chr_ioctl 4 22300 &pci_vpd_srdt_size_22300 +extend_brk_22301 extend_brk 0 22301 NULL +mesh_table_alloc_22305 mesh_table_alloc 1 22305 NULL ++C_SYSC_msgrcv_22320 C_SYSC_msgrcv 2-3 22320 NULL +get_segment_base_22324 get_segment_base 0 22324 NULL +radix_tree_find_next_bit_22334 radix_tree_find_next_bit 2-3 22334 NULL +atomic_read_22342 atomic_read 0 22342 NULL @@ -97000,6 +102016,7 @@ index 0000000..7982a0c +handle_received_packet_22457 handle_received_packet 3 22457 NULL +mem_cgroup_read_22461 mem_cgroup_read 5 22461 NULL +batadv_check_unicast_packet_22468 batadv_check_unicast_packet 3 22468 NULL ++dtf_write_device_22471 dtf_write_device 3 22471 NULL +cache_write_procfs_22491 cache_write_procfs 3 22491 NULL +mp_find_ioapic_pin_22499 mp_find_ioapic_pin 0-2 22499 NULL +mutex_lock_interruptible_22505 mutex_lock_interruptible 0 22505 NULL @@ -97018,15 +102035,19 @@ index 0000000..7982a0c +wl1271_rx_filter_get_fields_size_22638 wl1271_rx_filter_get_fields_size 0 22638 NULL +pwr_wake_on_timer_exp_read_22640 pwr_wake_on_timer_exp_read 3 22640 NULL +iwl_dbgfs_calib_disabled_read_22649 iwl_dbgfs_calib_disabled_read 3 22649 NULL ++compat_SyS_msgrcv_22661 compat_SyS_msgrcv 2-3 22661 NULL +ubifs_leb_write_22679 ubifs_leb_write 4-5 22679 NULL ++qlcnic_83xx_sysfs_flash_write_handler_22680 qlcnic_83xx_sysfs_flash_write_handler 6 22680 NULL +ocfs2_get_block_22687 ocfs2_get_block 2 22687 NULL +compat_fd_ioctl_22694 compat_fd_ioctl 4 22694 NULL +map_22700 map 2 22700 NULL +alloc_libipw_22708 alloc_libipw 1 22708 NULL +brcmf_sdbrcm_read_control_22721 brcmf_sdbrcm_read_control 3 22721 NULL +cx18_copy_buf_to_user_22735 cx18_copy_buf_to_user 4 22735 NULL -+ceph_decode_32_22738 ceph_decode_32 0 22738 NULL ++ceph_decode_32_22738 ceph_decode_32 0 22738 NULL nohasharray ++__mei_cl_send_22738 __mei_cl_send 3 22738 &ceph_decode_32_22738 +iio_debugfs_write_reg_22742 iio_debugfs_write_reg 3 22742 NULL ++qlcnic_sriov_init_22762 qlcnic_sriov_init 2 22762 NULL +print_frame_22769 print_frame 0 22769 NULL +ftrace_arch_read_dyn_info_22773 ftrace_arch_read_dyn_info 0 22773 NULL +compat_blkdev_ioctl_22841 compat_blkdev_ioctl 3 22841 NULL @@ -97047,14 +102068,17 @@ index 0000000..7982a0c +usb_get_langid_22983 usb_get_langid 0 22983 NULL +set_msr_hyperv_22985 set_msr_hyperv 3 22985 NULL +remote_settings_file_write_22987 remote_settings_file_write 3 22987 NULL ++brcmf_sdio_chip_exit_download_23001 brcmf_sdio_chip_exit_download 4 23001 NULL +viafb_dvp0_proc_write_23023 viafb_dvp0_proc_write 3 23023 NULL +cifs_local_to_utf16_bytes_23025 cifs_local_to_utf16_bytes 0 23025 NULL +st_status_23032 st_status 5 23032 NULL +nv50_disp_chan_create__23056 nv50_disp_chan_create_ 5 23056 NULL +reiserfs_add_entry_23062 reiserfs_add_entry 4 23062 NULL ++mei_cl_send_23068 mei_cl_send 3 23068 NULL +kvm_mmu_gva_to_gpa_write_23075 kvm_mmu_gva_to_gpa_write 0 23075 NULL +vm_map_ram_23078 vm_map_ram 2 23078 NULL nohasharray +raw_sendmsg_23078 raw_sendmsg 4 23078 &vm_map_ram_23078 ++get_user_hdr_len_23079 get_user_hdr_len 0 23079 NULL +qla4_82xx_pci_mem_read_2M_23081 qla4_82xx_pci_mem_read_2M 2 23081 NULL +isr_tx_procs_read_23084 isr_tx_procs_read 3 23084 NULL +lnw_gpio_irq_map_23087 lnw_gpio_irq_map 2 23087 NULL @@ -97070,6 +102094,7 @@ index 0000000..7982a0c +ca91cx42_master_set_23146 ca91cx42_master_set 4 23146 NULL +read_file_ani_23161 read_file_ani 3 23161 NULL +ioremap_23172 ioremap 1-2 23172 NULL ++tg_get_cfs_quota_23176 tg_get_cfs_quota 0 23176 NULL +usblp_write_23178 usblp_write 3 23178 NULL +msnd_fifo_alloc_23179 msnd_fifo_alloc 2 23179 NULL +gss_pipe_downcall_23182 gss_pipe_downcall 3 23182 NULL @@ -97115,18 +102140,22 @@ index 0000000..7982a0c +__i2400mu_send_barker_23652 __i2400mu_send_barker 3 23652 NULL +ext3_compat_ioctl_23659 ext3_compat_ioctl 3 23659 NULL +sInW_23663 sInW 0 23663 NULL ++SyS_connect_23669 SyS_connect 3 23669 NULL +proc_ioctl_compat_23682 proc_ioctl_compat 2 23682 NULL +nftl_partscan_23688 nftl_partscan 0 23688 NULL +cx18_read_23699 cx18_read 3 23699 NULL ++isku_sysfs_write_control_23718 isku_sysfs_write_control 6 23718 NULL +mp_config_acpi_gsi_23728 mp_config_acpi_gsi 2 23728 NULL +pack_sg_list_p_23739 pack_sg_list_p 0-2 23739 NULL +rx_rx_dropped_frame_read_23748 rx_rx_dropped_frame_read 3 23748 NULL +__kfifo_max_r_23768 __kfifo_max_r 0-2-1 23768 NULL ++__build_packet_message_23778 __build_packet_message 10-4 23778 NULL +security_inode_getxattr_23781 security_inode_getxattr 0 23781 NULL +diva_alloc_dma_map_23798 diva_alloc_dma_map 2 23798 NULL +rx_path_reset_read_23801 rx_path_reset_read 3 23801 NULL +__earlyonly_bootmem_alloc_23824 __earlyonly_bootmem_alloc 2-3 23824 NULL +ceph_copy_page_vector_to_user_23829 ceph_copy_page_vector_to_user 3-4 23829 NULL ++tfrc_binsearch_23833 tfrc_binsearch 0 23833 NULL +xfs_dir2_leaf_getdents_23841 xfs_dir2_leaf_getdents 3 23841 NULL +pgdat_end_pfn_23842 pgdat_end_pfn 0 23842 NULL +iwl_dbgfs_nvm_read_23845 iwl_dbgfs_nvm_read 3 23845 NULL @@ -97152,6 +102181,7 @@ index 0000000..7982a0c +ocfs2_mark_extent_refcounted_24035 ocfs2_mark_extent_refcounted 6 24035 NULL +adis16400_show_serial_number_24037 adis16400_show_serial_number 3 24037 NULL +afs_cell_alloc_24052 afs_cell_alloc 2 24052 NULL ++brcmf_sdio_ramrw_24074 brcmf_sdio_ramrw 5 24074 NULL +blkcipher_copy_iv_24075 blkcipher_copy_iv 3 24075 NULL +vb2_fop_read_24080 vb2_fop_read 3 24080 NULL +pipeline_post_proc_swi_read_24108 pipeline_post_proc_swi_read 3 24108 NULL @@ -97177,8 +102207,11 @@ index 0000000..7982a0c +ext2_free_blocks_24292 ext2_free_blocks 2-3 24292 NULL +map_page_24298 map_page 3-4 24298 NULL +btmrvl_pscmd_read_24308 btmrvl_pscmd_read 3 24308 NULL ++reserve_metadata_bytes_24313 reserve_metadata_bytes 3 24313 NULL +ath6kl_add_bss_if_needed_24317 ath6kl_add_bss_if_needed 6 24317 NULL +ocfs2_direct_IO_get_blocks_24333 ocfs2_direct_IO_get_blocks 2 24333 NULL ++si476x_radio_read_acf_blob_24336 si476x_radio_read_acf_blob 3 24336 NULL ++C_SYSC_pwritev_24345 C_SYSC_pwritev 3 24345 NULL +kzalloc_node_24352 kzalloc_node 1 24352 NULL +qla2x00_handle_queue_full_24365 qla2x00_handle_queue_full 2 24365 NULL +cfi_read_pri_24366 cfi_read_pri 3 24366 NULL @@ -97230,7 +102263,8 @@ index 0000000..7982a0c +l2cap_create_basic_pdu_24869 l2cap_create_basic_pdu 3 24869 &pnp_alloc_24869 +setup_buffering_24872 setup_buffering 3 24872 NULL +bnx2fc_cmd_mgr_alloc_24873 bnx2fc_cmd_mgr_alloc 3-2 24873 NULL -+queues_read_24877 queues_read 3 24877 NULL ++queues_read_24877 queues_read 3 24877 NULL nohasharray ++symbol_string_24877 symbol_string 0 24877 &queues_read_24877 +codec_list_read_file_24910 codec_list_read_file 3 24910 NULL +v4l2_ctrl_new_24927 v4l2_ctrl_new 7 24927 NULL +next_token_24929 next_token 0 24929 NULL @@ -97247,6 +102281,7 @@ index 0000000..7982a0c +ni_660x_num_counters_25031 ni_660x_num_counters 0 25031 NULL +nfs_dns_resolve_name_25036 nfs_dns_resolve_name 3 25036 NULL +gs_buf_alloc_25067 gs_buf_alloc 2 25067 NULL ++SYSC_listxattr_25072 SYSC_listxattr 3 25072 NULL +ceph_osdc_writepages_25085 ceph_osdc_writepages 5 25085 NULL +snd_rawmidi_kernel_write_25106 snd_rawmidi_kernel_write 3 25106 NULL +sys_fgetxattr_25166 sys_fgetxattr 4 25166 NULL @@ -97255,6 +102290,7 @@ index 0000000..7982a0c +ks8851_rdreg32_25187 ks8851_rdreg32 0 25187 NULL +ocfs2_block_check_compute_25223 ocfs2_block_check_compute 2 25223 NULL +free_memcg_kmem_pages_25228 free_memcg_kmem_pages 1 25228 NULL ++dtf_write_string_25232 dtf_write_string 5 25232 NULL +mon_stat_read_25238 mon_stat_read 3 25238 NULL +tcf_csum_ipv6_udp_25241 tcf_csum_ipv6_udp 4 25241 NULL +nilfs_palloc_find_available_slot_25245 nilfs_palloc_find_available_slot 3-5 25245 NULL @@ -97267,6 +102303,7 @@ index 0000000..7982a0c +help_25316 help 5 25316 NULL nohasharray +ath9k_debugfs_read_buf_25316 ath9k_debugfs_read_buf 3 25316 &help_25316 +rng_buffer_size_25348 rng_buffer_size 0 25348 NULL ++SYSC_kexec_load_25361 SYSC_kexec_load 2 25361 NULL +rio_destid_next_25368 rio_destid_next 2 25368 NULL nohasharray +unix_mkname_25368 unix_mkname 0-2 25368 &rio_destid_next_25368 +sel_read_mls_25369 sel_read_mls 3 25369 NULL @@ -97304,6 +102341,7 @@ index 0000000..7982a0c +ext2_find_near_25734 ext2_find_near 0 25734 NULL +__set_clear_dirty_25744 __set_clear_dirty 2 25744 NULL +cxgbi_device_portmap_create_25747 cxgbi_device_portmap_create 3 25747 NULL ++dtf_write_channel_25748 dtf_write_channel 3 25748 NULL +event_rx_pool_read_25792 event_rx_pool_read 3 25792 NULL +sg_read_25799 sg_read 3 25799 NULL +system_enable_read_25815 system_enable_read 3 25815 NULL @@ -97313,10 +102351,12 @@ index 0000000..7982a0c +parport_read_25855 parport_read 0 25855 NULL +xfs_dir2_sf_hdr_size_25858 xfs_dir2_sf_hdr_size 0 25858 NULL +uf_ap_process_data_pdu_25860 uf_ap_process_data_pdu 7 25860 NULL ++key_attr_size_25865 key_attr_size 0 25865 NULL +ath6kl_regread_read_25884 ath6kl_regread_read 3 25884 NULL +run_delalloc_nocow_25896 run_delalloc_nocow 3 25896 NULL +sisusbcon_scroll_area_25899 sisusbcon_scroll_area 4-3 25899 NULL +lpfc_change_queue_depth_25905 lpfc_change_queue_depth 2 25905 NULL ++nvme_trans_mode_page_create_25908 nvme_trans_mode_page_create 7 25908 NULL +do_jffs2_setxattr_25910 do_jffs2_setxattr 5 25910 NULL +rcname_read_25919 rcname_read 3 25919 NULL +snd_es1938_capture_copy_25930 snd_es1938_capture_copy 5 25930 NULL @@ -97341,6 +102381,7 @@ index 0000000..7982a0c +copy_oldmem_page_26164 copy_oldmem_page 3-1 26164 NULL +gfs2_xattr_acl_get_26166 gfs2_xattr_acl_get 0 26166 NULL nohasharray +ath6kl_roam_table_read_26166 ath6kl_roam_table_read 3 26166 &gfs2_xattr_acl_get_26166 ++perf_adjust_period_26168 perf_adjust_period 2-3 26168 NULL +mid_get_vbt_data_r1_26170 mid_get_vbt_data_r1 2 26170 NULL +disk_devt_26180 disk_devt 0 26180 NULL +get_registers_26187 get_registers 3 26187 NULL @@ -97356,6 +102397,7 @@ index 0000000..7982a0c +snd_pcm_plug_client_channels_buf_26309 snd_pcm_plug_client_channels_buf 0-3 26309 NULL nohasharray +pax_get_random_long_26309 pax_get_random_long 0 26309 &snd_pcm_plug_client_channels_buf_26309 +pwr_wake_on_host_read_26321 pwr_wake_on_host_read 3 26321 NULL ++efx_rx_mk_skb_26342 efx_rx_mk_skb 5 26342 NULL +ocfs2_duplicate_clusters_by_page_26357 ocfs2_duplicate_clusters_by_page 5 26357 NULL +cifs_readdata_alloc_26360 cifs_readdata_alloc 1 26360 NULL +dup_to_netobj_26363 dup_to_netobj 3 26363 NULL @@ -97373,6 +102415,7 @@ index 0000000..7982a0c +rts51x_read_mem_26577 rts51x_read_mem 4 26577 NULL nohasharray +batadv_receive_server_sync_packet_26577 batadv_receive_server_sync_packet 3 26577 &rts51x_read_mem_26577 +cirrusfb_get_memsize_26597 cirrusfb_get_memsize 0 26597 NULL ++regcache_set_reg_present_26598 regcache_set_reg_present 2 26598 NULL +__unmap_single_26604 __unmap_single 2-3 26604 NULL +iommu_alloc_26621 iommu_alloc 4 26621 NULL +pack_value_26625 pack_value 1 26625 NULL @@ -97384,6 +102427,7 @@ index 0000000..7982a0c +rtllib_authentication_req_26713 rtllib_authentication_req 3 26713 NULL +aty_ld_le32_26720 aty_ld_le32 0 26720 NULL +nouveau_namedb_create__26732 nouveau_namedb_create_ 7 26732 NULL ++SyS_fcntl_26737 SyS_fcntl 3 26737 NULL +pipeline_tcp_rx_stat_fifo_int_read_26745 pipeline_tcp_rx_stat_fifo_int_read 3 26745 NULL +srp_ring_alloc_26760 srp_ring_alloc 2 26760 NULL +snd_hda_get_raw_connections_26762 snd_hda_get_raw_connections 0 26762 NULL @@ -97417,10 +102461,12 @@ index 0000000..7982a0c +snd_pcm_lib_period_bytes_27071 snd_pcm_lib_period_bytes 0 27071 NULL +paravirt_read_msr_27077 paravirt_read_msr 0 27077 NULL +alloc_fdmem_27083 alloc_fdmem 1 27083 NULL ++compat_SyS_rt_sigpending_27084 compat_SyS_rt_sigpending 2 27084 NULL +find_first_bit_27088 find_first_bit 0-2 27088 NULL +btmrvl_hscmd_write_27089 btmrvl_hscmd_write 3 27089 NULL +nes_reg_user_mr_27106 nes_reg_user_mr 2-3 27106 NULL +__devcgroup_inode_permission_27108 __devcgroup_inode_permission 0 27108 NULL ++SYSC_ipc_27123 SYSC_ipc 3 27123 NULL +get_kernel_page_27133 get_kernel_page 0 27133 NULL +drbd_get_capacity_27141 drbd_get_capacity 0 27141 NULL +pms_capture_27142 pms_capture 4 27142 NULL @@ -97435,10 +102481,12 @@ index 0000000..7982a0c +__dma_map_cont_27289 __dma_map_cont 5 27289 NULL +hpi_read_reg_27302 hpi_read_reg 0 27302 NULL +copy_from_buf_27308 copy_from_buf 4-2 27308 NULL -+ath6kl_wmi_test_cmd_27312 ath6kl_wmi_test_cmd 3 27312 NULL ++virtqueue_add_inbuf_27312 virtqueue_add_inbuf 3 27312 NULL nohasharray ++ath6kl_wmi_test_cmd_27312 ath6kl_wmi_test_cmd 3 27312 &virtqueue_add_inbuf_27312 +ocfs2_blocks_to_clusters_27327 ocfs2_blocks_to_clusters 0-2 27327 NULL +snd_pcm_oss_write2_27332 snd_pcm_oss_write2 3-0 27332 NULL +afs_cell_create_27346 afs_cell_create 2 27346 NULL ++compat_SyS_semctl_27349 compat_SyS_semctl 4 27349 NULL +pcbit_stat_27364 pcbit_stat 2 27364 NULL +init_memory_mapping_27395 init_memory_mapping 0 27395 NULL +phys_pte_init_27411 phys_pte_init 0-3-2 27411 NULL @@ -97446,6 +102494,7 @@ index 0000000..7982a0c +acpi_os_get_root_pointer_27416 acpi_os_get_root_pointer 0 27416 NULL nohasharray +ieee80211_if_read_smps_27416 ieee80211_if_read_smps 3 27416 &acpi_os_get_root_pointer_27416 +pack_sg_list_27425 pack_sg_list 0-2 27425 NULL ++ktime_to_us_27455 ktime_to_us 0 27455 NULL +v4l2_ctrl_new_std_menu_items_27487 v4l2_ctrl_new_std_menu_items 4 27487 NULL +set_tpl_pfs_27490 set_tpl_pfs 3 27490 NULL +hcd_buffer_alloc_27495 hcd_buffer_alloc 2 27495 NULL @@ -97456,6 +102505,7 @@ index 0000000..7982a0c +garmin_read_process_27509 garmin_read_process 3 27509 NULL +ib_copy_to_udata_27525 ib_copy_to_udata 3 27525 NULL +snd_sonicvibes_getdmaa_27552 snd_sonicvibes_getdmaa 0 27552 NULL ++SyS_fgetxattr_27571 SyS_fgetxattr 4 27571 NULL +libipw_alloc_txb_27579 libipw_alloc_txb 1-2-3 27579 NULL +read_flush_procfs_27642 read_flush_procfs 3 27642 NULL nohasharray +nl80211_send_connect_result_27642 nl80211_send_connect_result 5-7 27642 &read_flush_procfs_27642 nohasharray @@ -97467,11 +102517,13 @@ index 0000000..7982a0c +qword_get_27670 qword_get 0 27670 NULL +ocfs2_extend_dir_27695 ocfs2_extend_dir 4 27695 NULL +fs_path_add_from_extent_buffer_27702 fs_path_add_from_extent_buffer 4 27702 NULL ++inc_zcache_eph_zbytes_27704 inc_zcache_eph_zbytes 1 27704 NULL +evm_write_key_27715 evm_write_key 3 27715 NULL +ieee80211_if_fmt_dot11MeshGateAnnouncementProtocol_27722 ieee80211_if_fmt_dot11MeshGateAnnouncementProtocol 3 27722 NULL +reg_w_buf_27724 reg_w_buf 3 27724 NULL +xfs_dir2_block_sfsize_27727 xfs_dir2_block_sfsize 0 27727 NULL +a4t_cs_init_27734 a4t_cs_init 3 27734 NULL ++SyS_setsockopt_27759 SyS_setsockopt 5 27759 NULL +kcalloc_27770 kcalloc 1-2 27770 NULL +twl4030_set_gpio_dataout_27792 twl4030_set_gpio_dataout 1 27792 NULL +DivaSTraceGetMemotyRequirement_27797 DivaSTraceGetMemotyRequirement 0-1 27797 NULL @@ -97485,6 +102537,7 @@ index 0000000..7982a0c +ieee80211_if_read_dot11MeshHWMProotInterval_27873 ieee80211_if_read_dot11MeshHWMProotInterval 3 27873 NULL +unix_seqpacket_sendmsg_27893 unix_seqpacket_sendmsg 4 27893 NULL +gluebi_write_27905 gluebi_write 3 27905 NULL ++SyS_ptrace_27924 SyS_ptrace 3-4 27924 NULL +bm_find_next_27929 bm_find_next 2 27929 NULL +tracing_clock_write_27961 tracing_clock_write 3 27961 NULL +tipc_media_addr_printf_27971 tipc_media_addr_printf 2 27971 NULL @@ -97493,6 +102546,7 @@ index 0000000..7982a0c +edt_ft5x06_debugfs_raw_data_read_28002 edt_ft5x06_debugfs_raw_data_read 3 28002 NULL +snd_rawmidi_write_28008 snd_rawmidi_write 3 28008 NULL +serial8250_port_size_28019 serial8250_port_size 0 28019 NULL ++alloc_one_pg_vec_page_28031 alloc_one_pg_vec_page 1 28031 NULL +sctp_setsockopt_maxburst_28041 sctp_setsockopt_maxburst 3 28041 NULL +rts51x_xd_rw_28046 rts51x_xd_rw 3-4 28046 NULL +cx231xx_init_vbi_isoc_28053 cx231xx_init_vbi_isoc 3-2 28053 NULL @@ -97530,6 +102584,7 @@ index 0000000..7982a0c +dlmfs_file_read_28385 dlmfs_file_read 3 28385 NULL +tx_frag_cache_miss_read_28394 tx_frag_cache_miss_read 3 28394 NULL +set_bypass_pfs_28395 set_bypass_pfs 3 28395 NULL ++bypass_pwup_write_28416 bypass_pwup_write 3 28416 NULL +subdev_ioctl_28417 subdev_ioctl 2 28417 NULL +__split_large_page_28429 __split_large_page 2 28429 NULL +mpage_readpages_28436 mpage_readpages 3 28436 NULL @@ -97569,13 +102624,16 @@ index 0000000..7982a0c +snd_pcm_aio_write_28738 snd_pcm_aio_write 3 28738 NULL nohasharray +phantom_compat_ioctl_28738 phantom_compat_ioctl 3 28738 &snd_pcm_aio_write_28738 +read_file_btcoex_28743 read_file_btcoex 3 28743 NULL ++max_hw_blocks_28748 max_hw_blocks 0 28748 NULL +ath6kl_get_num_reg_28780 ath6kl_get_num_reg 0 28780 NULL +dvb_net_sec_callback_28786 dvb_net_sec_callback 2 28786 NULL -+sel_write_member_28800 sel_write_member 3 28800 NULL ++btrfs_block_rsv_refill_28800 btrfs_block_rsv_refill 3 28800 NULL nohasharray ++sel_write_member_28800 sel_write_member 3 28800 &btrfs_block_rsv_refill_28800 +cgroup_file_read_28804 cgroup_file_read 3 28804 NULL +btrfs_ref_to_path_28809 btrfs_ref_to_path 0 28809 NULL +memory_bm_create_28814 memory_bm_create 0 28814 NULL +iwl_dbgfs_rxon_filter_flags_read_28832 iwl_dbgfs_rxon_filter_flags_read 3 28832 NULL ++C_SYSC_shmat_28843 C_SYSC_shmat 2 28843 NULL +vp_request_msix_vectors_28849 vp_request_msix_vectors 2 28849 NULL +ipv6_renew_options_28867 ipv6_renew_options 5 28867 NULL +packet_sendmsg_spkt_28885 packet_sendmsg_spkt 4 28885 NULL @@ -97588,6 +102646,7 @@ index 0000000..7982a0c +alloc_sched_domains_28972 alloc_sched_domains 1 28972 NULL +ext4_mb_add_groupinfo_28988 ext4_mb_add_groupinfo 2 28988 NULL +bin_uuid_28999 bin_uuid 3 28999 NULL ++offset_to_bitmap_29004 offset_to_bitmap 2 29004 NULL +xz_dec_init_29029 xz_dec_init 2 29029 NULL +sys_fcntl64_29031 sys_fcntl64 3 29031 NULL +ieee80211_if_read_ht_opmode_29044 ieee80211_if_read_ht_opmode 3 29044 NULL @@ -97597,6 +102656,7 @@ index 0000000..7982a0c +memblock_alloc_base_nid_29072 memblock_alloc_base_nid 1-2 29072 NULL +sctp_getsockopt_assoc_stats_29074 sctp_getsockopt_assoc_stats 2 29074 NULL +mark_extents_written_29082 mark_extents_written 2 29082 NULL ++i915_error_object_create_sized_29091 i915_error_object_create_sized 3 29091 NULL +isdn_ppp_write_29109 isdn_ppp_write 4 29109 NULL +snprintf_29125 snprintf 0 29125 NULL +iov_shorten_29130 iov_shorten 0 29130 NULL @@ -97610,6 +102670,7 @@ index 0000000..7982a0c +comedi_alloc_subdevices_29207 comedi_alloc_subdevices 2 29207 NULL +do_shrinker_shrink_29208 do_shrinker_shrink 0 29208 NULL +iwl_dbgfs_temperature_read_29224 iwl_dbgfs_temperature_read 3 29224 NULL ++nvme_trans_copy_from_user_29227 nvme_trans_copy_from_user 3 29227 NULL +devm_ioremap_29235 devm_ioremap 2-3 29235 NULL +irq_domain_add_linear_29236 irq_domain_add_linear 2 29236 NULL +recover_peb_29238 recover_peb 6-7 29238 NULL @@ -97618,18 +102679,22 @@ index 0000000..7982a0c +prism2_set_genericelement_29277 prism2_set_genericelement 3 29277 NULL +bitmap_ord_to_pos_29279 bitmap_ord_to_pos 3 29279 NULL +sn9c102_read_29305 sn9c102_read 3 29305 NULL ++__fuse_get_req_29315 __fuse_get_req 2 29315 NULL +lo_compat_ioctl_29336 lo_compat_ioctl 4 29336 NULL +tun_put_user_29337 tun_put_user 5 29337 NULL +__alloc_ei_netdev_29338 __alloc_ei_netdev 1 29338 NULL +alloc_and_copy_ftrace_hash_29368 alloc_and_copy_ftrace_hash 1 29368 NULL ++ktime_us_delta_29375 ktime_us_delta 0 29375 NULL +mwifiex_cfg80211_mgmt_tx_29387 mwifiex_cfg80211_mgmt_tx 7 29387 NULL +pca953x_irq_setup_29407 pca953x_irq_setup 3 29407 NULL +mempool_create_29437 mempool_create 1 29437 NULL +crypto_ahash_alignmask_29445 crypto_ahash_alignmask 0 29445 NULL +apei_exec_ctx_get_output_29457 apei_exec_ctx_get_output 0 29457 NULL +validate_scan_freqs_29462 validate_scan_freqs 0 29462 NULL ++SyS_flistxattr_29474 SyS_flistxattr 3 29474 NULL +do_register_entry_29478 do_register_entry 4 29478 NULL +simple_strtoul_29480 simple_strtoul 0 29480 NULL ++sched_clock_local_29498 sched_clock_local 0 29498 NULL +btmrvl_pscmd_write_29504 btmrvl_pscmd_write 3 29504 NULL +btrfs_file_extent_disk_bytenr_29505 btrfs_file_extent_disk_bytenr 0 29505 NULL +atk_debugfs_ggrp_read_29522 atk_debugfs_ggrp_read 3 29522 NULL @@ -97655,13 +102720,16 @@ index 0000000..7982a0c +probes_write_29711 probes_write 3 29711 NULL +emi62_writememory_29731 emi62_writememory 4 29731 NULL +read_cis_cache_29735 read_cis_cache 4 29735 NULL ++std_nic_write_29752 std_nic_write 3 29752 NULL +ip_vs_conn_fill_param_sync_29771 ip_vs_conn_fill_param_sync 6 29771 NULL ++tcf_csum_ipv6_icmp_29777 tcf_csum_ipv6_icmp 3 29777 NULL +dbAlloc_29794 dbAlloc 0 29794 NULL +ext4_trim_all_free_29806 ext4_trim_all_free 4-3-2 29806 NULL +tcp_sendpage_29829 tcp_sendpage 4 29829 NULL +scan_bitmap_block_29840 scan_bitmap_block 4 29840 NULL +__probe_kernel_write_29842 __probe_kernel_write 3 29842 NULL +kvm_read_hva_atomic_29848 kvm_read_hva_atomic 3 29848 NULL ++solo_enc_alloc_29860 solo_enc_alloc 3 29860 NULL +ipv6_setsockopt_29871 ipv6_setsockopt 5 29871 NULL +scsi_end_request_29876 scsi_end_request 3 29876 NULL +crypto_aead_alignmask_29885 crypto_aead_alignmask 0 29885 NULL @@ -97686,6 +102754,7 @@ index 0000000..7982a0c +calgary_unmap_page_30130 calgary_unmap_page 2-3 30130 NULL +_osd_req_sizeof_alist_header_30134 _osd_req_sizeof_alist_header 0 30134 NULL +u_memcpya_30139 u_memcpya 2-3 30139 NULL ++btrfs_start_transaction_lflush_30178 btrfs_start_transaction_lflush 2 30178 NULL +cx25821_video_ioctl_30188 cx25821_video_ioctl 2 30188 NULL +mempool_create_page_pool_30189 mempool_create_page_pool 1 30189 NULL +drm_property_create_bitmask_30195 drm_property_create_bitmask 5 30195 NULL @@ -97704,6 +102773,7 @@ index 0000000..7982a0c +generic_ptrace_pokedata_30338 generic_ptrace_pokedata 2 30338 NULL +resource_from_user_30341 resource_from_user 3 30341 NULL +__vmalloc_node_flags_30352 __vmalloc_node_flags 1 30352 NULL ++C_SYSC_readv_30369 C_SYSC_readv 3 30369 NULL +sys_get_mempolicy_30379 sys_get_mempolicy 3-4 30379 NULL +mangle_sdp_packet_30381 mangle_sdp_packet 10 30381 NULL +c4iw_init_resource_30393 c4iw_init_resource 2-3 30393 NULL @@ -97719,6 +102789,7 @@ index 0000000..7982a0c +ocrdma_reg_user_mr_30474 ocrdma_reg_user_mr 2-3 30474 NULL +write_head_30481 write_head 4 30481 NULL +adu_write_30487 adu_write 3 30487 NULL ++dwc3_testmode_write_30516 dwc3_testmode_write 3 30516 NULL +debug_debug2_read_30526 debug_debug2_read 3 30526 NULL +batadv_dat_snoop_incoming_arp_request_30548 batadv_dat_snoop_incoming_arp_request 3 30548 NULL +disk_expand_part_tbl_30561 disk_expand_part_tbl 2 30561 NULL @@ -97727,6 +102798,7 @@ index 0000000..7982a0c +blk_init_tags_30592 blk_init_tags 1 30592 NULL +i2c_hid_get_report_length_30598 i2c_hid_get_report_length 0 30598 NULL +sgl_map_user_pages_30610 sgl_map_user_pages 2-3-4 30610 NULL ++SyS_msgrcv_30611 SyS_msgrcv 3 30611 NULL +macvtap_sendmsg_30629 macvtap_sendmsg 4 30629 NULL +ieee80211_if_read_dot11MeshAwakeWindowDuration_30631 ieee80211_if_read_dot11MeshAwakeWindowDuration 3 30631 NULL +compat_raw_setsockopt_30634 compat_raw_setsockopt 5 30634 NULL @@ -97743,6 +102815,7 @@ index 0000000..7982a0c +sctp_setsockopt_auth_chunk_30843 sctp_setsockopt_auth_chunk 3 30843 NULL +cfg80211_rx_mgmt_30844 cfg80211_rx_mgmt 5 30844 NULL +hda_hwdep_ioctl_compat_30847 hda_hwdep_ioctl_compat 4 30847 NULL ++trace_probe_nr_files_30882 trace_probe_nr_files 0 30882 NULL +ieee80211_if_fmt_dropped_frames_no_route_30884 ieee80211_if_fmt_dropped_frames_no_route 3 30884 NULL +iommu_map_mmio_space_30919 iommu_map_mmio_space 1 30919 NULL +sctp_setsockopt_rtoinfo_30941 sctp_setsockopt_rtoinfo 3 30941 NULL @@ -97780,6 +102853,7 @@ index 0000000..7982a0c +sisusbcon_scroll_31315 sisusbcon_scroll 5-2-3 31315 NULL +command_file_write_31318 command_file_write 3 31318 NULL +em28xx_init_usb_xfer_31337 em28xx_init_usb_xfer 4-6 31337 NULL ++__cpu_to_node_31345 __cpu_to_node 0 31345 NULL +xprt_rdma_allocate_31372 xprt_rdma_allocate 2 31372 NULL +vb2_vmalloc_get_userptr_31374 vb2_vmalloc_get_userptr 3-2 31374 NULL +trace_parser_get_init_31379 trace_parser_get_init 2 31379 NULL @@ -97825,6 +102899,7 @@ index 0000000..7982a0c +shmem_pwrite_slow_31741 shmem_pwrite_slow 3 31741 NULL +NCR_700_change_queue_depth_31742 NCR_700_change_queue_depth 2 31742 NULL nohasharray +input_abs_get_max_31742 input_abs_get_max 0 31742 &NCR_700_change_queue_depth_31742 ++muldiv64_31743 muldiv64 2-3 31743 NULL +bcm_char_read_31750 bcm_char_read 3 31750 NULL +snd_seq_device_new_31753 snd_seq_device_new 4 31753 NULL +set_memory_wb_31761 set_memory_wb 1 31761 NULL @@ -97840,9 +102915,11 @@ index 0000000..7982a0c +new_dir_31919 new_dir 3 31919 NULL +kmem_alloc_31920 kmem_alloc 1 31920 NULL +guestwidth_to_adjustwidth_31937 guestwidth_to_adjustwidth 0-1 31937 NULL ++SYSC_sethostname_31940 SYSC_sethostname 2 31940 NULL +iov_iter_copy_from_user_31942 iov_iter_copy_from_user 4 31942 NULL +vb2_write_31948 vb2_write 3 31948 NULL +pvr2_ctrl_get_valname_31951 pvr2_ctrl_get_valname 4 31951 NULL ++regcache_rbtree_sync_31964 regcache_rbtree_sync 2 31964 NULL +copy_from_user_toio_31966 copy_from_user_toio 3 31966 NULL +mtd_add_partition_31971 mtd_add_partition 3 31971 NULL +find_next_zero_bit_31990 find_next_zero_bit 0-2-3 31990 NULL @@ -97853,8 +102930,10 @@ index 0000000..7982a0c +aead_len_32021 aead_len 0 32021 NULL +ocfs2_remove_extent_32032 ocfs2_remove_extent 4-3 32032 NULL +posix_acl_set_32037 posix_acl_set 4 32037 NULL ++stk_read_32038 stk_read 3 32038 NULL +vmw_cursor_update_dmabuf_32045 vmw_cursor_update_dmabuf 3-4 32045 NULL +sys_sched_setaffinity_32046 sys_sched_setaffinity 2 32046 NULL ++SYSC_llistxattr_32061 SYSC_llistxattr 3 32061 NULL +proc_scsi_devinfo_write_32064 proc_scsi_devinfo_write 3 32064 NULL +cfg80211_send_unprot_deauth_32080 cfg80211_send_unprot_deauth 3 32080 NULL +bio_alloc_32095 bio_alloc 2 32095 NULL @@ -97873,6 +102952,7 @@ index 0000000..7982a0c +fb_compat_ioctl_32265 fb_compat_ioctl 3 32265 NULL +vmalloc_user_32308 vmalloc_user 1 32308 NULL +hex_string_32310 hex_string 0 32310 NULL ++SyS_select_32319 SyS_select 1 32319 NULL +nouveau_bar_create__32332 nouveau_bar_create_ 4 32332 NULL +nl80211_send_mlme_event_32337 nl80211_send_mlme_event 4 32337 NULL +t4_alloc_mem_32342 t4_alloc_mem 1 32342 NULL @@ -97880,6 +102960,7 @@ index 0000000..7982a0c +sel_read_initcon_32362 sel_read_initcon 3 32362 NULL +_drbd_bm_find_next_32372 _drbd_bm_find_next 2 32372 NULL +usbtmc_read_32377 usbtmc_read 3 32377 NULL ++local_clock_32385 local_clock 0 32385 NULL +qla4_82xx_pci_mem_write_2M_32398 qla4_82xx_pci_mem_write_2M 2 32398 NULL +xfs_iext_add_indirect_multi_32400 xfs_iext_add_indirect_multi 3 32400 NULL +vmci_qp_alloc_32405 vmci_qp_alloc 3-5 32405 NULL @@ -97889,6 +102970,7 @@ index 0000000..7982a0c +cache_status_32462 cache_status 5 32462 NULL +ieee80211_fill_mesh_addresses_32465 ieee80211_fill_mesh_addresses 0 32465 NULL +ide_driver_proc_write_32493 ide_driver_proc_write 3 32493 NULL ++bypass_pwoff_write_32499 bypass_pwoff_write 3 32499 NULL +ctrl_std_val_to_sym_32516 ctrl_std_val_to_sym 5 32516 NULL +disconnect_32521 disconnect 4 32521 NULL +qsfp_read_32522 qsfp_read 0-4-2 32522 NULL @@ -97912,6 +102994,7 @@ index 0000000..7982a0c +ib_sg_dma_len_32649 ib_sg_dma_len 0 32649 NULL +generic_readlink_32654 generic_readlink 3 32654 NULL +move_addr_to_kernel_32673 move_addr_to_kernel 2 32673 NULL ++compat_SyS_pwritev_32680 compat_SyS_pwritev 3 32680 NULL +jfs_readpages_32702 jfs_readpages 4 32702 NULL +snd_hwdep_ioctl_compat_32736 snd_hwdep_ioctl_compat 3 32736 NULL +get_arg_page_32746 get_arg_page 2 32746 NULL @@ -97927,14 +103010,17 @@ index 0000000..7982a0c +ath6kl_usb_submit_ctrl_in_32880 ath6kl_usb_submit_ctrl_in 6 32880 NULL nohasharray +cifs_writedata_alloc_32880 cifs_writedata_alloc 1 32880 &ath6kl_usb_submit_ctrl_in_32880 +ath6kl_usb_post_recv_transfers_32892 ath6kl_usb_post_recv_transfers 2 32892 NULL ++ext4_get_group_number_32899 ext4_get_group_number 0 32899 NULL +il_dbgfs_tx_stats_read_32913 il_dbgfs_tx_stats_read 3 32913 NULL +zlib_inflate_workspacesize_32927 zlib_inflate_workspacesize 0 32927 NULL +rmap_recycle_32938 rmap_recycle 3 32938 NULL +irq_reserve_irqs_32946 irq_reserve_irqs 1-2 32946 NULL +ext4_valid_block_bitmap_32958 ext4_valid_block_bitmap 3 32958 NULL -+arch_ptrace_32981 arch_ptrace 3 32981 NULL ++arch_ptrace_32981 arch_ptrace 3-4 32981 NULL +compat_filldir_32999 compat_filldir 3 32999 NULL -+ext3_alloc_blocks_33007 ext3_alloc_blocks 3 33007 NULL ++ext3_alloc_blocks_33007 ext3_alloc_blocks 3 33007 NULL nohasharray ++SyS_syslog_33007 SyS_syslog 3 33007 &ext3_alloc_blocks_33007 ++SYSC_lgetxattr_33049 SYSC_lgetxattr 4 33049 NULL +pipeline_dec_packet_in_fifo_full_read_33052 pipeline_dec_packet_in_fifo_full_read 3 33052 NULL +ebt_compat_match_offset_33053 ebt_compat_match_offset 0-2 33053 NULL +bitmap_resize_33054 bitmap_resize 2 33054 NULL @@ -97956,7 +103042,9 @@ index 0000000..7982a0c +sched_find_first_bit_33270 sched_find_first_bit 0 33270 NULL +cachefiles_cook_key_33274 cachefiles_cook_key 2 33274 NULL +mei_compat_ioctl_33275 mei_compat_ioctl 3 33275 NULL ++sync_pt_create_33282 sync_pt_create 2 33282 NULL +mcs7830_get_reg_33308 mcs7830_get_reg 3 33308 NULL ++isku_sysfs_read_keys_easyzone_33318 isku_sysfs_read_keys_easyzone 6 33318 NULL +ath6kl_usb_ctrl_msg_exchange_33327 ath6kl_usb_ctrl_msg_exchange 4 33327 NULL +gsm_mux_rx_netchar_33336 gsm_mux_rx_netchar 3 33336 NULL +joydev_ioctl_33343 joydev_ioctl 2 33343 NULL @@ -97966,10 +103054,12 @@ index 0000000..7982a0c +ocfs2_quota_read_33382 ocfs2_quota_read 5 33382 NULL +ieee80211_if_read_dropped_frames_no_route_33383 ieee80211_if_read_dropped_frames_no_route 3 33383 NULL +scsi_varlen_cdb_length_33385 scsi_varlen_cdb_length 0 33385 NULL ++tg_get_cfs_period_33390 tg_get_cfs_period 0 33390 NULL +ocfs2_allocate_unwritten_extents_33394 ocfs2_allocate_unwritten_extents 2-3 33394 NULL +ext4_meta_bg_first_block_no_33408 ext4_meta_bg_first_block_no 2 33408 NULL nohasharray +snd_pcm_capture_ioctl1_33408 snd_pcm_capture_ioctl1 0 33408 &ext4_meta_bg_first_block_no_33408 +ufs_getfrag_block_33409 ufs_getfrag_block 2 33409 NULL ++dis_tap_write_33426 dis_tap_write 3 33426 NULL +ubh_scanc_33436 ubh_scanc 0-4-3 33436 NULL +ovs_vport_alloc_33475 ovs_vport_alloc 1 33475 NULL +create_entry_33479 create_entry 2 33479 NULL @@ -98031,11 +103121,13 @@ index 0000000..7982a0c +ppp_write_34034 ppp_write 3 34034 NULL +tty_insert_flip_string_34042 tty_insert_flip_string 3 34042 NULL +__domain_flush_pages_34045 __domain_flush_pages 2-3 34045 NULL ++is_trap_at_addr_34047 is_trap_at_addr 2 34047 NULL +acpi_dev_get_irqresource_34064 acpi_dev_get_irqresource 2 34064 NULL +memcg_update_all_caches_34068 memcg_update_all_caches 1 34068 NULL +read_file_ant_diversity_34071 read_file_ant_diversity 3 34071 NULL +compat_hdio_ioctl_34088 compat_hdio_ioctl 4 34088 NULL +pipeline_pipeline_fifo_full_read_34095 pipeline_pipeline_fifo_full_read 3 34095 NULL ++proc_scsi_host_write_34107 proc_scsi_host_write 3 34107 NULL +is_discarded_oblock_34120 is_discarded_oblock 2 34120 NULL +islpci_mgt_transmit_34133 islpci_mgt_transmit 5 34133 NULL +ttm_dma_page_pool_free_34135 ttm_dma_page_pool_free 2 34135 NULL @@ -98053,13 +103145,16 @@ index 0000000..7982a0c +crypto_ablkcipher_ivsize_34363 crypto_ablkcipher_ivsize 0 34363 NULL +rngapi_reset_34366 rngapi_reset 3 34366 NULL nohasharray +p54_alloc_skb_34366 p54_alloc_skb 3 34366 &rngapi_reset_34366 ++i2c_hid_get_raw_report_34376 i2c_hid_get_raw_report 0 34376 NULL +reiserfs_resize_34377 reiserfs_resize 2 34377 NULL +ea_read_34378 ea_read 0 34378 NULL ++fuse_send_read_34379 fuse_send_read 4 34379 NULL +av7110_vbi_write_34384 av7110_vbi_write 3 34384 NULL +usbvision_v4l2_read_34386 usbvision_v4l2_read 3 34386 NULL +read_rbu_image_type_34387 read_rbu_image_type 6 34387 NULL +iwl_calib_set_34400 iwl_calib_set 3 34400 NULL nohasharray +ivtv_read_pos_34400 ivtv_read_pos 3 34400 &iwl_calib_set_34400 ++wd_exp_mode_write_34407 wd_exp_mode_write 3 34407 NULL +nl80211_send_disassoc_34424 nl80211_send_disassoc 4 34424 NULL +usbtest_alloc_urb_34446 usbtest_alloc_urb 3-5 34446 NULL +mwifiex_regrdwr_read_34472 mwifiex_regrdwr_read 3 34472 NULL @@ -98088,6 +103183,7 @@ index 0000000..7982a0c +reg_w_ixbuf_34736 reg_w_ixbuf 4 34736 NULL +qib_cdev_init_34778 qib_cdev_init 1 34778 NULL +__copy_in_user_34790 __copy_in_user 3 34790 NULL ++SYSC_keyctl_34800 SYSC_keyctl 4 34800 NULL +drbd_get_max_capacity_34804 drbd_get_max_capacity 0 34804 NULL +b43_debugfs_write_34838 b43_debugfs_write 3 34838 NULL +nl_portid_hash_zalloc_34843 nl_portid_hash_zalloc 1 34843 NULL @@ -98097,9 +103193,12 @@ index 0000000..7982a0c +msg_print_text_34889 msg_print_text 0 34889 NULL +ieee80211_if_write_34894 ieee80211_if_write 3 34894 NULL +compat_put_uint_34905 compat_put_uint 1 34905 NULL ++si476x_radio_read_rsq_primary_blob_34916 si476x_radio_read_rsq_primary_blob 3 34916 NULL +__inode_permission_34925 __inode_permission 0 34925 NULL nohasharray +btrfs_super_chunk_root_34925 btrfs_super_chunk_root 0 34925 &__inode_permission_34925 -+skb_gro_header_slow_34958 skb_gro_header_slow 2 34958 NULL ++ceph_aio_write_34930 ceph_aio_write 4 34930 NULL ++skb_gro_header_slow_34958 skb_gro_header_slow 2 34958 NULL nohasharray ++i2c_transfer_34958 i2c_transfer 0 34958 &skb_gro_header_slow_34958 +Realloc_34961 Realloc 2 34961 NULL +mq_lookup_34990 mq_lookup 2 34990 NULL +rx_rx_hdr_overflow_read_35002 rx_rx_hdr_overflow_read 3 35002 NULL @@ -98108,6 +103207,7 @@ index 0000000..7982a0c +sisusb_copy_memory_35016 sisusb_copy_memory 4 35016 NULL +alloc_p2m_page_35025 alloc_p2m_page 0 35025 NULL +coda_psdev_read_35029 coda_psdev_read 3 35029 NULL ++brcmf_sdio_chip_writenvram_35042 brcmf_sdio_chip_writenvram 4 35042 NULL +btmrvl_gpiogap_write_35053 btmrvl_gpiogap_write 3 35053 NULL +pwr_connection_out_of_sync_read_35061 pwr_connection_out_of_sync_read 3 35061 NULL +store_ifalias_35088 store_ifalias 4 35088 NULL @@ -98119,6 +103219,7 @@ index 0000000..7982a0c +gntdev_alloc_map_35145 gntdev_alloc_map 2 35145 NULL +iscsi_conn_setup_35159 iscsi_conn_setup 2 35159 NULL +ieee80211_if_read_bssid_35161 ieee80211_if_read_bssid 3 35161 NULL ++solo_v4l2_init_35179 solo_v4l2_init 2 35179 NULL +mlx4_ib_get_cq_umem_35184 mlx4_ib_get_cq_umem 5-6 35184 NULL +iwl_nvm_read_chunk_35198 iwl_nvm_read_chunk 0 35198 NULL +uprobe_get_swbp_addr_35201 uprobe_get_swbp_addr 0 35201 NULL @@ -98129,8 +103230,10 @@ index 0000000..7982a0c +rx_rx_cmplt_task_read_35226 rx_rx_cmplt_task_read 3 35226 NULL nohasharray +video_register_device_no_warn_35226 video_register_device_no_warn 3 35226 &rx_rx_cmplt_task_read_35226 +gfn_to_page_many_atomic_35234 gfn_to_page_many_atomic 2 35234 NULL ++SYSC_madvise_35241 SYSC_madvise 1 35241 NULL +set_fd_set_35249 set_fd_set 1 35249 NULL +ioapic_setup_resources_35255 ioapic_setup_resources 1 35255 NULL ++dis_disc_write_35265 dis_disc_write 3 35265 NULL +dma_show_regs_35266 dma_show_regs 3 35266 NULL +irda_recvmsg_stream_35280 irda_recvmsg_stream 4 35280 NULL +i2o_block_end_request_35282 i2o_block_end_request 3 35282 NULL @@ -98146,6 +103249,7 @@ index 0000000..7982a0c +nouveau_devinit_create__35348 nouveau_devinit_create_ 4 35348 NULL +hpi_alloc_control_cache_35351 hpi_alloc_control_cache 1 35351 NULL +compat_filldir64_35354 compat_filldir64 3 35354 NULL ++SyS_getxattr_35408 SyS_getxattr 4 35408 NULL +rawv6_send_hdrinc_35425 rawv6_send_hdrinc 3 35425 NULL +__set_test_and_free_35436 __set_test_and_free 2 35436 NULL +buffer_to_user_35439 buffer_to_user 3 35439 NULL @@ -98169,6 +103273,7 @@ index 0000000..7982a0c +rdmaltWithLock_35669 rdmaltWithLock 0 35669 NULL +compat_sys_kexec_load_35674 compat_sys_kexec_load 2 35674 NULL +dm_table_create_35687 dm_table_create 3 35687 NULL ++SYSC_pwritev_35690 SYSC_pwritev 3 35690 NULL +rds_page_copy_user_35691 rds_page_copy_user 4 35691 NULL +pci_enable_sriov_35745 pci_enable_sriov 2 35745 NULL +iwl_dbgfs_disable_ht40_read_35761 iwl_dbgfs_disable_ht40_read 3 35761 NULL @@ -98180,6 +103285,7 @@ index 0000000..7982a0c +kvm_dirty_bitmap_bytes_35886 kvm_dirty_bitmap_bytes 0 35886 NULL +ieee80211_if_fmt_dot11MeshRetryTimeout_35890 ieee80211_if_fmt_dot11MeshRetryTimeout 3 35890 NULL +uwb_rc_cmd_done_35892 uwb_rc_cmd_done 4 35892 NULL ++SyS_set_mempolicy_35909 SyS_set_mempolicy 3 35909 NULL +kernel_setsockopt_35913 kernel_setsockopt 5 35913 NULL +rbio_nr_pages_35916 rbio_nr_pages 0-1-2 35916 NULL +vol_cdev_compat_ioctl_35923 vol_cdev_compat_ioctl 3 35923 NULL @@ -98193,6 +103299,7 @@ index 0000000..7982a0c +koneplus_sysfs_write_35993 koneplus_sysfs_write 6 35993 NULL +il3945_ucode_tx_stats_read_36016 il3945_ucode_tx_stats_read 3 36016 NULL +ubi_eba_write_leb_36029 ubi_eba_write_leb 5-6 36029 NULL ++__videobuf_alloc_36031 __videobuf_alloc 1 36031 NULL +account_shadowed_36048 account_shadowed 2 36048 NULL +gpio_power_read_36059 gpio_power_read 3 36059 NULL +write_emulate_36065 write_emulate 2-4 36065 NULL @@ -98212,12 +103319,16 @@ index 0000000..7982a0c +b1_alloc_card_36155 b1_alloc_card 1 36155 NULL +btrfs_file_extent_inline_len_36158 btrfs_file_extent_inline_len 0 36158 NULL +snd_korg1212_copy_from_36169 snd_korg1212_copy_from 6 36169 NULL ++SyS_kexec_load_36176 SyS_kexec_load 2 36176 NULL ++SYSC_sched_getaffinity_36208 SYSC_sched_getaffinity 2 36208 NULL ++SYSC_process_vm_readv_36216 SYSC_process_vm_readv 3-5 36216 NULL +ubifs_read_nnode_36221 ubifs_read_nnode 0 36221 NULL +is_dirty_36223 is_dirty 2 36223 NULL +dma_alloc_attrs_36225 dma_alloc_attrs 0 36225 NULL +nfqnl_mangle_36226 nfqnl_mangle 4-2 36226 NULL +atomic_stats_read_36228 atomic_stats_read 3 36228 NULL +viafb_iga1_odev_proc_write_36241 viafb_iga1_odev_proc_write 3 36241 NULL ++SYSC_getxattr_36242 SYSC_getxattr 4 36242 NULL +rproc_recovery_read_36245 rproc_recovery_read 3 36245 NULL +scrub_stripe_36248 scrub_stripe 5-4 36248 NULL +compat_sys_mbind_36256 compat_sys_mbind 5 36256 NULL @@ -98231,13 +103342,17 @@ index 0000000..7982a0c +fat_compat_ioctl_filldir_36328 fat_compat_ioctl_filldir 3 36328 NULL +lc_create_36332 lc_create 4 36332 NULL +jbd2_journal_init_revoke_table_36336 jbd2_journal_init_revoke_table 1 36336 NULL ++isku_sysfs_read_key_mask_36343 isku_sysfs_read_key_mask 6 36343 NULL +v9fs_file_readn_36353 v9fs_file_readn 4 36353 NULL nohasharray +xz_dec_lzma2_create_36353 xz_dec_lzma2_create 2 36353 &v9fs_file_readn_36353 +to_sector_36361 to_sector 0-1 36361 NULL +tunables_read_36385 tunables_read 3 36385 NULL +afs_alloc_flat_call_36399 afs_alloc_flat_call 2-3 36399 NULL ++SyS_sethostname_36417 SyS_sethostname 2 36417 NULL +sctp_tsnmap_init_36446 sctp_tsnmap_init 2 36446 NULL +alloc_etherdev_mqs_36450 alloc_etherdev_mqs 1 36450 NULL ++tcf_csum_ipv6_udp_36457 tcf_csum_ipv6_udp 3 36457 NULL ++SyS_process_vm_writev_36476 SyS_process_vm_writev 3-5 36476 NULL +b43_nphy_load_samples_36481 b43_nphy_load_samples 3 36481 NULL +tx_tx_checksum_result_read_36490 tx_tx_checksum_result_read 3 36490 NULL +__hwahc_op_set_ptk_36510 __hwahc_op_set_ptk 5 36510 NULL @@ -98260,10 +103375,12 @@ index 0000000..7982a0c +format_decode_36638 format_decode 0 36638 NULL +ced_ioctl_36647 ced_ioctl 2 36647 NULL +lpfc_idiag_extacc_alloc_get_36648 lpfc_idiag_extacc_alloc_get 0-3 36648 NULL ++perf_calculate_period_36662 perf_calculate_period 3-2 36662 NULL +osd_req_list_collection_objects_36664 osd_req_list_collection_objects 5 36664 NULL +iscsi_host_alloc_36671 iscsi_host_alloc 2 36671 NULL +ptr_to_compat_36680 ptr_to_compat 0 36680 NULL +ext4_mb_discard_group_preallocations_36685 ext4_mb_discard_group_preallocations 2 36685 NULL ++sched_clock_36717 sched_clock 0 36717 NULL +extract_icmp6_fields_36732 extract_icmp6_fields 2 36732 NULL +snd_rawmidi_kernel_read1_36740 snd_rawmidi_kernel_read1 4 36740 NULL +cxgbi_device_register_36746 cxgbi_device_register 1-2 36746 NULL @@ -98272,6 +103389,7 @@ index 0000000..7982a0c +ptp_filter_init_36780 ptp_filter_init 2 36780 NULL +proc_fault_inject_read_36802 proc_fault_inject_read 3 36802 NULL +hiddev_ioctl_36816 hiddev_ioctl 2 36816 NULL ++tcf_csum_ipv6_tcp_36822 tcf_csum_ipv6_tcp 3 36822 NULL +int_hardware_entry_36833 int_hardware_entry 3 36833 NULL +fc_change_queue_depth_36841 fc_change_queue_depth 2 36841 NULL +keyctl_describe_key_36853 keyctl_describe_key 3 36853 NULL @@ -98293,6 +103411,7 @@ index 0000000..7982a0c +setxattr_37006 setxattr 4 37006 NULL +qp_broker_create_37053 qp_broker_create 6-5 37053 NULL nohasharray +ieee80211_if_read_drop_unencrypted_37053 ieee80211_if_read_drop_unencrypted 3 37053 &qp_broker_create_37053 ++SYSC_setxattr_37078 SYSC_setxattr 4 37078 NULL +parse_command_37079 parse_command 2 37079 NULL +pipeline_cs_rx_packet_in_read_37089 pipeline_cs_rx_packet_in_read 3 37089 NULL +tun_get_user_37094 tun_get_user 5 37094 NULL @@ -98310,6 +103429,7 @@ index 0000000..7982a0c +nested_svm_map_37268 nested_svm_map 2 37268 NULL +c101_run_37279 c101_run 2 37279 NULL +srp_target_alloc_37288 srp_target_alloc 3 37288 NULL ++isku_sysfs_write_talkfx_37298 isku_sysfs_write_talkfx 6 37298 NULL +ieee80211_if_read_power_mode_37305 ieee80211_if_read_power_mode 3 37305 NULL +jffs2_write_dirent_37311 jffs2_write_dirent 5 37311 NULL +send_msg_37323 send_msg 4 37323 NULL @@ -98325,6 +103445,7 @@ index 0000000..7982a0c +find_next_bit_37422 find_next_bit 0-2-3 37422 &acpi_os_allocate_zeroed_37422 +tty_insert_flip_string_fixed_flag_37428 tty_insert_flip_string_fixed_flag 4 37428 NULL +iwl_print_last_event_logs_37433 iwl_print_last_event_logs 0-7-9 37433 NULL ++tty_audit_log_37440 tty_audit_log 5 37440 NULL +tcp_established_options_37450 tcp_established_options 0 37450 NULL +brcmf_sdio_dump_console_37455 brcmf_sdio_dump_console 4 37455 NULL +__remove_37457 __remove 2 37457 NULL @@ -98341,12 +103462,15 @@ index 0000000..7982a0c +xhci_alloc_streams_37586 xhci_alloc_streams 5 37586 NULL +mlx4_get_mgm_entry_size_37607 mlx4_get_mgm_entry_size 0 37607 NULL +kvm_read_guest_page_mmu_37611 kvm_read_guest_page_mmu 6-3 37611 NULL -+policy_residency_37629 policy_residency 0 37629 NULL ++SYSC_mbind_37622 SYSC_mbind 5 37622 NULL ++btrfs_calc_trans_metadata_size_37629 btrfs_calc_trans_metadata_size 0-2 37629 NULL nohasharray ++policy_residency_37629 policy_residency 0 37629 &btrfs_calc_trans_metadata_size_37629 +check_pt_base_37635 check_pt_base 3 37635 NULL +alloc_fd_37637 alloc_fd 1 37637 NULL +bio_copy_user_iov_37660 bio_copy_user_iov 4 37660 NULL +rfcomm_sock_sendmsg_37661 rfcomm_sock_sendmsg 4 37661 NULL nohasharray +vmw_framebuffer_dmabuf_dirty_37661 vmw_framebuffer_dmabuf_dirty 6 37661 &rfcomm_sock_sendmsg_37661 ++SYSC_get_mempolicy_37664 SYSC_get_mempolicy 4-3 37664 NULL +lnw_gpio_to_irq_37665 lnw_gpio_to_irq 2 37665 NULL +ieee80211_if_read_rc_rateidx_mcs_mask_2ghz_37675 ieee80211_if_read_rc_rateidx_mcs_mask_2ghz 3 37675 NULL +regmap_map_read_file_37685 regmap_map_read_file 3 37685 NULL @@ -98366,7 +103490,8 @@ index 0000000..7982a0c +rx_decrypt_key_not_found_read_37820 rx_decrypt_key_not_found_read 3 37820 NULL +bitmap_find_next_zero_area_37827 bitmap_find_next_zero_area 2-3-5-4 37827 NULL +o2hb_debug_read_37851 o2hb_debug_read 3 37851 NULL -+xfs_dir2_block_to_sf_37868 xfs_dir2_block_to_sf 3 37868 NULL ++isku_sysfs_write_last_set_37868 isku_sysfs_write_last_set 6 37868 NULL nohasharray ++xfs_dir2_block_to_sf_37868 xfs_dir2_block_to_sf 3 37868 &isku_sysfs_write_last_set_37868 +sys_setxattr_37880 sys_setxattr 4 37880 NULL +dvb_net_sec_37884 dvb_net_sec 3 37884 NULL +max77686_irq_domain_map_37897 max77686_irq_domain_map 2 37897 NULL @@ -98382,12 +103507,14 @@ index 0000000..7982a0c +aggr_recv_addba_req_evt_38037 aggr_recv_addba_req_evt 4 38037 NULL +klsi_105_prepare_write_buffer_38044 klsi_105_prepare_write_buffer 3 38044 NULL nohasharray +il_dbgfs_chain_noise_read_38044 il_dbgfs_chain_noise_read 3 38044 &klsi_105_prepare_write_buffer_38044 ++SyS_llistxattr_38048 SyS_llistxattr 3 38048 NULL +_xfs_buf_alloc_38058 _xfs_buf_alloc 3 38058 NULL nohasharray +is_discarded_38058 is_discarded 2 38058 &_xfs_buf_alloc_38058 +nsm_create_handle_38060 nsm_create_handle 4 38060 NULL +alloc_ltalkdev_38071 alloc_ltalkdev 1 38071 NULL +xfs_buf_readahead_map_38081 xfs_buf_readahead_map 3 38081 NULL +uwb_mac_addr_print_38085 uwb_mac_addr_print 2 38085 NULL ++tcf_csum_ipv4_udp_38089 tcf_csum_ipv4_udp 3 38089 NULL +request_key_auth_new_38092 request_key_auth_new 3 38092 NULL +proc_self_readlink_38094 proc_self_readlink 3 38094 NULL +ep0_read_38095 ep0_read 3 38095 NULL @@ -98410,7 +103537,8 @@ index 0000000..7982a0c +from_dblock_38256 from_dblock 0-1 38256 NULL +vmci_qp_broker_set_page_store_38260 vmci_qp_broker_set_page_store 2-3 38260 NULL +ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 NULL nohasharray -+mthca_alloc_icm_table_38268 mthca_alloc_icm_table 4-3 38268 &ieee80211_if_read_auto_open_plinks_38268 ++SYSC_msgrcv_38268 SYSC_msgrcv 3 38268 &ieee80211_if_read_auto_open_plinks_38268 nohasharray ++mthca_alloc_icm_table_38268 mthca_alloc_icm_table 4-3 38268 &SYSC_msgrcv_38268 +xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 NULL nohasharray +xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 &xfs_bmbt_to_bmdr_38275 +ftdi_process_packet_38281 ftdi_process_packet 4 38281 NULL nohasharray @@ -98433,6 +103561,7 @@ index 0000000..7982a0c +i915_min_freq_read_38470 i915_min_freq_read 3 38470 NULL +kvm_arch_setup_async_pf_38481 kvm_arch_setup_async_pf 3 38481 NULL +blk_end_bidi_request_38482 blk_end_bidi_request 3-4 38482 NULL ++cpu_to_mem_38501 cpu_to_mem 0 38501 NULL +dev_names_read_38509 dev_names_read 3 38509 NULL +iscsi_create_iface_38510 iscsi_create_iface 5 38510 NULL +event_rx_mismatch_read_38518 event_rx_mismatch_read 3 38518 NULL @@ -98440,6 +103569,7 @@ index 0000000..7982a0c +mlx4_ib_db_map_user_38529 mlx4_ib_db_map_user 2 38529 NULL +ubifs_idx_node_sz_38546 ubifs_idx_node_sz 0-2 38546 NULL +btrfs_discard_extent_38547 btrfs_discard_extent 2 38547 NULL ++cpu_to_node_38561 cpu_to_node 0 38561 NULL +irda_sendmsg_dgram_38563 irda_sendmsg_dgram 4 38563 NULL +il4965_rs_sta_dbgfs_scale_table_read_38564 il4965_rs_sta_dbgfs_scale_table_read 3 38564 NULL +_ipw_read32_38565 _ipw_read32 0 38565 NULL @@ -98454,6 +103584,7 @@ index 0000000..7982a0c +qp_broker_alloc_38646 qp_broker_alloc 5-6 38646 NULL +mmc_send_cxd_data_38655 mmc_send_cxd_data 5 38655 NULL +nouveau_instmem_create__38664 nouveau_instmem_create_ 4 38664 NULL ++skb_tnl_header_len_38669 skb_tnl_header_len 0 38669 NULL +cfg80211_send_disassoc_38678 cfg80211_send_disassoc 3 38678 NULL +iscsit_dump_data_payload_38683 iscsit_dump_data_payload 2 38683 NULL +ext4_wait_block_bitmap_38695 ext4_wait_block_bitmap 2 38695 NULL @@ -98479,7 +103610,8 @@ index 0000000..7982a0c +ext3_trim_all_free_38929 ext3_trim_all_free 3-4-2 38929 NULL +sbp_count_se_tpg_luns_38943 sbp_count_se_tpg_luns 0 38943 NULL +__ath6kl_wmi_send_mgmt_cmd_38971 __ath6kl_wmi_send_mgmt_cmd 7 38971 NULL -+usb_maxpacket_38977 usb_maxpacket 0 38977 NULL ++C_SYSC_preadv64_38977 C_SYSC_preadv64 3 38977 NULL nohasharray ++usb_maxpacket_38977 usb_maxpacket 0 38977 &C_SYSC_preadv64_38977 +OSDSetBlock_38986 OSDSetBlock 4-2 38986 NULL +udf_new_block_38999 udf_new_block 4 38999 NULL +get_nodes_39012 get_nodes 3 39012 NULL @@ -98525,6 +103657,7 @@ index 0000000..7982a0c +user_power_read_39414 user_power_read 3 39414 NULL +alloc_agpphysmem_i8xx_39427 alloc_agpphysmem_i8xx 1 39427 NULL +sys_semop_39457 sys_semop 3 39457 NULL ++ptrace_peek_siginfo_39458 ptrace_peek_siginfo 3 39458 NULL +setkey_unaligned_39474 setkey_unaligned 3 39474 NULL +do_get_mempolicy_39485 do_get_mempolicy 3 39485 NULL +ieee80211_if_fmt_dot11MeshHWMPmaxPREQretries_39499 ieee80211_if_fmt_dot11MeshHWMPmaxPREQretries 3 39499 NULL @@ -98571,11 +103704,13 @@ index 0000000..7982a0c +fwnet_pd_new_39947 fwnet_pd_new 4 39947 &error_error_frame_read_39947 +tty_prepare_flip_string_39955 tty_prepare_flip_string 3 39955 NULL +dma_push_rx_39973 dma_push_rx 2 39973 NULL ++vfio_pci_read_39975 vfio_pci_read 3 39975 NULL +broadsheetfb_write_39976 broadsheetfb_write 3 39976 NULL +mthca_array_init_39987 mthca_array_init 2 39987 NULL +xen_hvm_config_40018 xen_hvm_config 2 40018 NULL +nf_nat_icmpv6_reply_translation_40023 nf_nat_icmpv6_reply_translation 5 40023 NULL nohasharray +ivtvfb_write_40023 ivtvfb_write 3 40023 &nf_nat_icmpv6_reply_translation_40023 ++disc_pwup_write_40027 disc_pwup_write 3 40027 NULL +ea_foreach_i_40028 ea_foreach_i 0 40028 NULL +datablob_hmac_append_40038 datablob_hmac_append 3 40038 NULL +regmap_add_irq_chip_40042 regmap_add_irq_chip 4 40042 NULL @@ -98584,6 +103719,7 @@ index 0000000..7982a0c +atomic_xchg_40070 atomic_xchg 0 40070 NULL +gen_pool_first_fit_40110 gen_pool_first_fit 2-3-4 40110 NULL +sctp_setsockopt_delayed_ack_40129 sctp_setsockopt_delayed_ack 3 40129 NULL ++dwc2_max_desc_num_40132 dwc2_max_desc_num 0 40132 NULL +rx_rx_frame_checksum_read_40140 rx_rx_frame_checksum_read 3 40140 NULL +iwch_alloc_fastreg_pbl_40153 iwch_alloc_fastreg_pbl 2 40153 NULL +pt_write_40159 pt_write 3 40159 NULL @@ -98600,6 +103736,7 @@ index 0000000..7982a0c +rs_sta_dbgfs_scale_table_read_40262 rs_sta_dbgfs_scale_table_read 3 40262 NULL +usbnet_read_cmd_40275 usbnet_read_cmd 7 40275 NULL +rx_xfr_hint_trig_read_40283 rx_xfr_hint_trig_read 3 40283 NULL ++_calc_trunk_info_40291 _calc_trunk_info 2 40291 NULL +crash_free_reserved_phys_range_40292 crash_free_reserved_phys_range 1 40292 NULL +ubi_io_write_data_40305 ubi_io_write_data 4-5 40305 NULL +batadv_tt_changes_fill_buff_40323 batadv_tt_changes_fill_buff 4 40323 NULL @@ -98624,6 +103761,8 @@ index 0000000..7982a0c +ima_write_policy_40548 ima_write_policy 3 40548 NULL +esp_alloc_tmp_40558 esp_alloc_tmp 3-2 40558 NULL +ufs_inode_getfrag_40560 ufs_inode_getfrag 2-4 40560 NULL ++bdev_sectors_40564 bdev_sectors 0 40564 NULL ++lba_to_map_index_40580 lba_to_map_index 0-1 40580 NULL +skge_rx_get_40598 skge_rx_get 3 40598 NULL +get_priv_descr_and_size_40612 get_priv_descr_and_size 0 40612 NULL +bl_mark_sectors_init_40613 bl_mark_sectors_init 2-3 40613 NULL @@ -98635,6 +103774,7 @@ index 0000000..7982a0c +alloc_rbio_40676 alloc_rbio 4 40676 NULL +videobuf_dma_init_user_locked_40678 videobuf_dma_init_user_locked 3 40678 NULL +nfc_hci_set_param_40697 nfc_hci_set_param 5 40697 NULL ++vfio_pci_config_rw_40698 vfio_pci_config_rw 3 40698 NULL +__seq_open_private_40715 __seq_open_private 3 40715 NULL +fuse_readpages_40737 fuse_readpages 4 40737 NULL +xfs_iext_remove_direct_40744 xfs_iext_remove_direct 3 40744 NULL nohasharray @@ -98645,12 +103785,15 @@ index 0000000..7982a0c +ad1889_readl_40765 ad1889_readl 0 40765 NULL +pg_write_40766 pg_write 3 40766 NULL +show_list_40775 show_list 3 40775 NULL ++calcu_metadata_size_40782 calcu_metadata_size 0 40782 NULL +kfifo_out_copy_r_40784 kfifo_out_copy_r 0-3 40784 NULL +bitmap_weight_40791 bitmap_weight 0-2 40791 NULL +pyra_sysfs_read_40795 pyra_sysfs_read 6 40795 NULL +netdev_alloc_skb_ip_align_40811 netdev_alloc_skb_ip_align 2 40811 NULL +nl80211_send_roamed_40825 nl80211_send_roamed 5-7 40825 NULL ++SyS_mbind_40828 SyS_mbind 5 40828 NULL +__mlx4_qp_reserve_range_40847 __mlx4_qp_reserve_range 2-3 40847 NULL ++isku_sysfs_write_keys_thumbster_40851 isku_sysfs_write_keys_thumbster 6 40851 NULL +ocfs2_zero_partial_clusters_40856 ocfs2_zero_partial_clusters 2-3 40856 NULL +v9fs_file_read_40858 v9fs_file_read 3 40858 NULL +read_file_queue_40895 read_file_queue 3 40895 NULL @@ -98688,8 +103831,10 @@ index 0000000..7982a0c +hiddev_compat_ioctl_41255 hiddev_compat_ioctl 2-3 41255 NULL +erst_read_41260 erst_read 0 41260 NULL +__fprog_create_41263 __fprog_create 2 41263 NULL ++setup_cluster_bitmap_41270 setup_cluster_bitmap 4 41270 NULL +alloc_context_41283 alloc_context 1 41283 NULL +arch_gnttab_map_shared_41306 arch_gnttab_map_shared 3 41306 NULL ++objio_alloc_io_state_41316 objio_alloc_io_state 6 41316 NULL +twl_change_queue_depth_41342 twl_change_queue_depth 2 41342 NULL +cnic_init_id_tbl_41354 cnic_init_id_tbl 2 41354 NULL +jbd2_alloc_41359 jbd2_alloc 1 41359 NULL @@ -98708,6 +103853,7 @@ index 0000000..7982a0c +layout_leb_in_gaps_41470 layout_leb_in_gaps 0 41470 NULL +rt2x00debug_write_rfcsr_41473 rt2x00debug_write_rfcsr 3 41473 NULL +wep_interrupt_read_41492 wep_interrupt_read 3 41492 NULL ++SyS_get_mempolicy_41495 SyS_get_mempolicy 3-4 41495 NULL +hpfs_translate_name_41497 hpfs_translate_name 3 41497 NULL +xfrm_hash_new_size_41505 xfrm_hash_new_size 0-1 41505 NULL +ldisc_receive_41516 ldisc_receive 4 41516 NULL @@ -98721,6 +103867,7 @@ index 0000000..7982a0c +tcp_hdrlen_41610 tcp_hdrlen 0 41610 NULL +usb_endpoint_maxp_41613 usb_endpoint_maxp 0 41613 NULL +a2mp_send_41615 a2mp_send 4 41615 NULL ++btrfs_calc_trunc_metadata_size_41626 btrfs_calc_trunc_metadata_size 0-2 41626 NULL +mempool_create_kmalloc_pool_41650 mempool_create_kmalloc_pool 1 41650 NULL +rx_rx_pre_complt_read_41653 rx_rx_pre_complt_read 3 41653 NULL +get_std_timing_41654 get_std_timing 0 41654 NULL @@ -98733,7 +103880,9 @@ index 0000000..7982a0c +get_bios_ebda_41730 get_bios_ebda 0 41730 NULL +fillonedir_41746 fillonedir 3 41746 NULL +ocfs2_dx_dir_rebalance_41793 ocfs2_dx_dir_rebalance 7 41793 NULL ++iwl_dbgfs_bt_notif_read_41794 iwl_dbgfs_bt_notif_read 3 41794 NULL +hsi_alloc_controller_41802 hsi_alloc_controller 1 41802 NULL ++regcache_sync_block_raw_41803 regcache_sync_block_raw 3-4 41803 NULL +da9052_enable_irq_41814 da9052_enable_irq 2 41814 NULL +sco_send_frame_41815 sco_send_frame 3 41815 NULL +lp_gpio_to_irq_41822 lp_gpio_to_irq 2 41822 NULL @@ -98741,11 +103890,13 @@ index 0000000..7982a0c +do_ip_setsockopt_41852 do_ip_setsockopt 5 41852 NULL +keyctl_instantiate_key_41855 keyctl_instantiate_key 3 41855 NULL +ieee80211_rx_radiotap_space_41870 ieee80211_rx_radiotap_space 0 41870 NULL ++get_packet_41914 get_packet 3 41914 NULL +get_fdb_entries_41916 get_fdb_entries 3 41916 NULL +find_ge_pid_41918 find_ge_pid 1 41918 NULL +build_inv_iotlb_pages_41922 build_inv_iotlb_pages 4-5 41922 NULL +nfsd_getxattr_41934 nfsd_getxattr 0 41934 NULL +ext4_da_write_inline_data_begin_41935 ext4_da_write_inline_data_begin 3-4 41935 NULL ++read_gssp_41947 read_gssp 3 41947 NULL +ocfs2_xattr_bucket_get_name_value_41949 ocfs2_xattr_bucket_get_name_value 0 41949 NULL +portnames_read_41958 portnames_read 3 41958 NULL +ubi_self_check_all_ff_41959 ubi_self_check_all_ff 4 41959 NULL @@ -98790,6 +103941,7 @@ index 0000000..7982a0c +snd_pcm_plug_alloc_42339 snd_pcm_plug_alloc 2 42339 NULL +ide_raw_taskfile_42355 ide_raw_taskfile 4 42355 NULL +il_dbgfs_disable_ht40_read_42386 il_dbgfs_disable_ht40_read 3 42386 NULL ++hash_ipportnet4_expire_42391 hash_ipportnet4_expire 3 42391 NULL +msnd_fifo_read_42406 msnd_fifo_read 0-3 42406 NULL +krng_get_random_42420 krng_get_random 3 42420 NULL +gsm_data_alloc_42437 gsm_data_alloc 3 42437 NULL @@ -98802,6 +103954,7 @@ index 0000000..7982a0c +follow_hugetlb_page_42486 follow_hugetlb_page 0-7 42486 NULL +omfs_readpages_42490 omfs_readpages 4 42490 NULL +brcmf_sdbrcm_bus_txctl_42492 brcmf_sdbrcm_bus_txctl 3 42492 NULL ++bypass_write_42498 bypass_write 3 42498 NULL +kvm_write_wall_clock_42520 kvm_write_wall_clock 2 42520 NULL +smk_write_netlbladdr_42525 smk_write_netlbladdr 3 42525 NULL +snd_emux_create_port_42533 snd_emux_create_port 3 42533 NULL @@ -98815,11 +103968,13 @@ index 0000000..7982a0c +__pskb_pull_42602 __pskb_pull 2 42602 &map_state_42602 +nd_get_link_42603 nd_get_link 0 42603 NULL +sys_move_pages_42626 sys_move_pages 2 42626 NULL ++resp_write_42628 resp_write 2 42628 NULL +ieee80211_if_fmt_dot11MeshHWMPactivePathTimeout_42635 ieee80211_if_fmt_dot11MeshHWMPactivePathTimeout 3 42635 NULL +scsi_activate_tcq_42640 scsi_activate_tcq 2 42640 NULL +br_mdb_rehash_42643 br_mdb_rehash 2 42643 NULL +l2tp_xmit_skb_42672 l2tp_xmit_skb 3 42672 NULL +request_key_and_link_42693 request_key_and_link 4 42693 NULL ++acpi_dev_get_irqresource_42694 acpi_dev_get_irqresource 2 42694 NULL +vb2_read_42703 vb2_read 3 42703 NULL +sierra_net_send_cmd_42708 sierra_net_send_cmd 3 42708 NULL +__ocfs2_decrease_refcount_42717 __ocfs2_decrease_refcount 4 42717 NULL @@ -98828,13 +103983,15 @@ index 0000000..7982a0c +ax25_setsockopt_42740 ax25_setsockopt 5 42740 NULL +xen_bind_pirq_gsi_to_irq_42750 xen_bind_pirq_gsi_to_irq 1 42750 NULL +snd_midi_event_decode_42780 snd_midi_event_decode 0 42780 NULL -+cryptd_hash_setkey_42781 cryptd_hash_setkey 3 42781 NULL ++cryptd_hash_setkey_42781 cryptd_hash_setkey 3 42781 NULL nohasharray ++isku_sysfs_read_info_42781 isku_sysfs_read_info 6 42781 &cryptd_hash_setkey_42781 +koneplus_sysfs_read_42792 koneplus_sysfs_read 6 42792 NULL +ntfs_attr_extend_allocation_42796 ntfs_attr_extend_allocation 0-2 42796 NULL +fw_device_op_compat_ioctl_42804 fw_device_op_compat_ioctl 2-3 42804 NULL +drm_ioctl_42813 drm_ioctl 2 42813 NULL +iwl_dbgfs_ucode_bt_stats_read_42820 iwl_dbgfs_ucode_bt_stats_read 3 42820 NULL +set_arg_42824 set_arg 3 42824 NULL ++si476x_radio_read_rsq_blob_42827 si476x_radio_read_rsq_blob 3 42827 NULL +ocfs2_desc_bitmap_to_cluster_off_42831 ocfs2_desc_bitmap_to_cluster_off 2 42831 NULL +prandom_u32_42853 prandom_u32 0 42853 NULL +of_property_count_strings_42863 of_property_count_strings 0 42863 NULL @@ -98855,12 +104012,14 @@ index 0000000..7982a0c +nfs_idmap_get_desc_42990 nfs_idmap_get_desc 4-2 42990 NULL +mlx4_qp_reserve_range_43000 mlx4_qp_reserve_range 2-3 43000 NULL +isr_rx_mem_overflow_read_43025 isr_rx_mem_overflow_read 3 43025 NULL ++add_bytes_to_bitmap_43026 add_bytes_to_bitmap 0 43026 NULL +wep_default_key_count_read_43035 wep_default_key_count_read 3 43035 NULL +nouveau_gpuobj_create__43072 nouveau_gpuobj_create_ 9 43072 NULL +nfs_map_group_to_gid_43082 nfs_map_group_to_gid 3 43082 NULL +cpuset_sprintf_memlist_43088 cpuset_sprintf_memlist 0 43088 NULL +ieee80211_if_fmt_drop_unencrypted_43107 ieee80211_if_fmt_drop_unencrypted 3 43107 NULL -+read_file_dfs_43145 read_file_dfs 3 43145 NULL ++read_file_dfs_43145 read_file_dfs 3 43145 NULL nohasharray ++i2c_hid_get_report_43145 i2c_hid_get_report 0 43145 &read_file_dfs_43145 +uuid_string_43154 uuid_string 0 43154 NULL +usb_string_sub_43164 usb_string_sub 0 43164 NULL +il_dbgfs_power_save_status_read_43165 il_dbgfs_power_save_status_read 3 43165 NULL @@ -98883,8 +104042,10 @@ index 0000000..7982a0c +__ext4_get_inode_loc_43332 __ext4_get_inode_loc 0 43332 NULL +kvm_host_page_size_43348 kvm_host_page_size 2 43348 NULL +gart_free_coherent_43362 gart_free_coherent 4-2 43362 NULL ++hash_net4_expire_43378 hash_net4_expire 3 43378 NULL +__alloc_bootmem_low_43423 __alloc_bootmem_low 1-2 43423 NULL nohasharray +gdm_wimax_netif_rx_43423 gdm_wimax_netif_rx 3 43423 &__alloc_bootmem_low_43423 ++isku_sysfs_write_keys_capslock_43432 isku_sysfs_write_keys_capslock 6 43432 NULL +usb_alloc_urb_43436 usb_alloc_urb 1 43436 NULL +ucs2_strsize_43438 ucs2_strsize 0 43438 NULL +ath6kl_wmi_roam_tbl_event_rx_43440 ath6kl_wmi_roam_tbl_event_rx 3 43440 NULL @@ -98908,6 +104069,7 @@ index 0000000..7982a0c +dmam_declare_coherent_memory_43679 dmam_declare_coherent_memory 4-2 43679 NULL +calgary_map_page_43686 calgary_map_page 3-4 43686 NULL +max77693_bulk_write_43698 max77693_bulk_write 2-3 43698 NULL ++drbd_md_first_sector_43729 drbd_md_first_sector 0 43729 NULL +snd_rme32_playback_copy_43732 snd_rme32_playback_copy 5 43732 NULL +ocfs2_replace_clusters_43733 ocfs2_replace_clusters 5 43733 NULL +osdv1_attr_list_elem_size_43747 osdv1_attr_list_elem_size 0-1 43747 NULL @@ -98918,6 +104080,7 @@ index 0000000..7982a0c +byte_pos_43787 byte_pos 0-2 43787 &ocfs2_xattr_get_value_outside_43787 +btrfs_copy_from_user_43806 btrfs_copy_from_user 3-1 43806 NULL +ext4_read_block_bitmap_43814 ext4_read_block_bitmap 2 43814 NULL ++div64_u64_safe_43815 div64_u64_safe 1-2 43815 NULL +ieee80211_if_fmt_element_ttl_43825 ieee80211_if_fmt_element_ttl 3 43825 NULL +ieee80211_alloc_hw_43829 ieee80211_alloc_hw 1 43829 NULL +p54_download_eeprom_43842 p54_download_eeprom 4 43842 NULL @@ -98936,6 +104099,7 @@ index 0000000..7982a0c +emit_flags_44006 emit_flags 4-3 44006 NULL +write_flush_procfs_44011 write_flush_procfs 3 44011 NULL +swiotlb_unmap_page_44063 swiotlb_unmap_page 2 44063 NULL ++SYSC_add_key_44079 SYSC_add_key 4 44079 NULL +load_discard_44083 load_discard 3 44083 NULL +xlog_recover_add_to_cont_trans_44102 xlog_recover_add_to_cont_trans 4 44102 NULL +tracing_set_trace_read_44122 tracing_set_trace_read 3 44122 NULL @@ -98943,6 +104107,7 @@ index 0000000..7982a0c +scsi_get_resid_44147 scsi_get_resid 0 44147 NULL +ubifs_find_dirty_idx_leb_44169 ubifs_find_dirty_idx_leb 0 44169 NULL +ocfs2_xattr_bucket_find_44174 ocfs2_xattr_bucket_find 0 44174 NULL ++SYSC_set_mempolicy_44176 SYSC_set_mempolicy 3 44176 NULL +handle_eviocgbit_44193 handle_eviocgbit 3 44193 NULL +IO_APIC_get_PCI_irq_vector_44198 IO_APIC_get_PCI_irq_vector 0 44198 NULL +__set_free_44211 __set_free 2 44211 NULL @@ -98971,12 +104136,14 @@ index 0000000..7982a0c +___alloc_bootmem_node_nopanic_44461 ___alloc_bootmem_node_nopanic 2-3 44461 NULL +btrfs_chunk_item_size_44478 btrfs_chunk_item_size 0-1 44478 NULL +sdio_align_size_44489 sdio_align_size 0-2 44489 NULL ++bio_advance_44496 bio_advance 2 44496 NULL +ieee80211_if_read_dropped_frames_ttl_44500 ieee80211_if_read_dropped_frames_ttl 3 44500 NULL +security_getprocattr_44505 security_getprocattr 0 44505 NULL nohasharray +iwl_dbgfs_sram_read_44505 iwl_dbgfs_sram_read 3 44505 &security_getprocattr_44505 +spidev_write_44510 spidev_write 3 44510 NULL +sys_msgsnd_44537 sys_msgsnd 3 44537 NULL nohasharray +comm_write_44537 comm_write 3 44537 &sys_msgsnd_44537 ++hash_ipport4_expire_44564 hash_ipport4_expire 3 44564 NULL +dgrp_config_proc_write_44571 dgrp_config_proc_write 3 44571 NULL +snd_pcm_alloc_vmalloc_buffer_44595 snd_pcm_alloc_vmalloc_buffer 2 44595 NULL +slip_compat_ioctl_44599 slip_compat_ioctl 4 44599 NULL @@ -98987,6 +104154,7 @@ index 0000000..7982a0c +mpi_resize_44674 mpi_resize 2 44674 NULL +ts_read_44687 ts_read 3 44687 NULL +qib_get_user_pages_44689 qib_get_user_pages 1-2 44689 NULL ++xfer_to_user_44713 xfer_to_user 3 44713 NULL +_zd_iowrite32v_locked_44725 _zd_iowrite32v_locked 3 44725 NULL +clusterip_proc_write_44729 clusterip_proc_write 3 44729 NULL +fib_count_nexthops_44730 fib_count_nexthops 0 44730 NULL @@ -99000,25 +104168,31 @@ index 0000000..7982a0c +sctp_setsockopt_44788 sctp_setsockopt 5 44788 NULL +rx_dropped_read_44799 rx_dropped_read 3 44799 NULL +qla4xxx_alloc_work_44813 qla4xxx_alloc_work 2 44813 NULL ++mei_cl_read_start_44824 mei_cl_read_start 2 44824 NULL +rmap_write_protect_44833 rmap_write_protect 2 44833 NULL +sisusb_write_44834 sisusb_write 3 44834 NULL +nl80211_send_unprot_disassoc_44846 nl80211_send_unprot_disassoc 4 44846 NULL +kvm_read_hva_44847 kvm_read_hva 3 44847 NULL ++cubic_root_44848 cubic_root 1 44848 NULL ++copydesc_user_44855 copydesc_user 3 44855 NULL +skb_availroom_44883 skb_availroom 0 44883 NULL +nf_bridge_encap_header_len_44890 nf_bridge_encap_header_len 0 44890 NULL +do_tty_write_44896 do_tty_write 5 44896 NULL +tx_queue_status_read_44978 tx_queue_status_read 3 44978 NULL +nf_nat_seq_adjust_44989 nf_nat_seq_adjust 4 44989 NULL ++map_index_to_lba_44993 map_index_to_lba 0-1 44993 NULL +bytepos_delta_45017 bytepos_delta 0 45017 NULL +read_block_bitmap_45021 read_block_bitmap 2 45021 NULL nohasharray +ptrace_writedata_45021 ptrace_writedata 4-3 45021 &read_block_bitmap_45021 +vhci_get_user_45039 vhci_get_user 3 45039 NULL +sel_write_user_45060 sel_write_user 3 45060 NULL ++vmscan_swappiness_45062 vmscan_swappiness 0 45062 NULL +snd_mixart_BA0_read_45069 snd_mixart_BA0_read 5 45069 NULL nohasharray +do_video_ioctl_45069 do_video_ioctl 3 45069 &snd_mixart_BA0_read_45069 +kvm_mmu_page_get_gfn_45110 kvm_mmu_page_get_gfn 0-2 45110 NULL +pwr_missing_bcns_cnt_read_45113 pwr_missing_bcns_cnt_read 3 45113 NULL +usbdev_read_45114 usbdev_read 3 45114 NULL ++isku_sysfs_write_reset_45133 isku_sysfs_write_reset 6 45133 NULL +send_to_tty_45141 send_to_tty 3 45141 NULL +stmpe_irq_map_45146 stmpe_irq_map 2 45146 NULL +crypto_aead_blocksize_45148 crypto_aead_blocksize 0 45148 NULL @@ -99035,17 +104209,20 @@ index 0000000..7982a0c +spi_alloc_master_45223 spi_alloc_master 2 45223 NULL +__dirty_45228 __dirty 2 45228 NULL +ieee80211_if_read_peer_45233 ieee80211_if_read_peer 3 45233 NULL ++prism2_pda_proc_read_45246 prism2_pda_proc_read 3 45246 NULL +input_mt_init_slots_45279 input_mt_init_slots 2 45279 NULL +vcc_compat_ioctl_45291 vcc_compat_ioctl 3 45291 NULL +snd_pcm_oss_sync1_45298 snd_pcm_oss_sync1 2 45298 NULL +pte_val_45313 pte_val 0 45313 NULL ++__i2c_hid_command_45321 __i2c_hid_command 0 45321 NULL +copy_vm86_regs_from_user_45340 copy_vm86_regs_from_user 3 45340 NULL +lane2_associate_req_45398 lane2_associate_req 4 45398 NULL +keymap_store_45406 keymap_store 4 45406 NULL +paging64_gva_to_gpa_45421 paging64_gva_to_gpa 2 45421 NULL nohasharray +ieee80211_if_fmt_dot11MeshHWMProotInterval_45421 ieee80211_if_fmt_dot11MeshHWMProotInterval 3 45421 &paging64_gva_to_gpa_45421 +tty_buffer_alloc_45437 tty_buffer_alloc 2 45437 NULL -+intel_render_ring_init_dri_45446 intel_render_ring_init_dri 2-3 45446 NULL ++intel_render_ring_init_dri_45446 intel_render_ring_init_dri 2-3 45446 NULL nohasharray ++SYSC_mremap_45446 SYSC_mremap 5-1-2 45446 &intel_render_ring_init_dri_45446 +__node_remap_45458 __node_remap 4 45458 NULL +rds_ib_set_wr_signal_state_45463 rds_ib_set_wr_signal_state 0 45463 NULL +udp_manip_pkt_45467 udp_manip_pkt 4 45467 NULL @@ -99102,6 +104279,7 @@ index 0000000..7982a0c +rb_simple_read_45972 rb_simple_read 3 45972 NULL +ezusb_writememory_45976 ezusb_writememory 4 45976 NULL +ioat2_dca_count_dca_slots_45984 ioat2_dca_count_dca_slots 0 45984 NULL ++ore_calc_stripe_info_46023 ore_calc_stripe_info 2 46023 NULL +sierra_setup_urb_46029 sierra_setup_urb 5 46029 NULL +get_free_entries_46030 get_free_entries 1 46030 NULL +__access_remote_vm_46031 __access_remote_vm 0-5-3 46031 NULL @@ -99118,8 +104296,10 @@ index 0000000..7982a0c +pkt_ctl_compat_ioctl_46110 pkt_ctl_compat_ioctl 3 46110 NULL +memcg_update_array_size_46111 memcg_update_array_size 1 46111 NULL nohasharray +il3945_ucode_general_stats_read_46111 il3945_ucode_general_stats_read 3 46111 &memcg_update_array_size_46111 ++C_SYSC_writev_46113 C_SYSC_writev 3 46113 NULL +mlx4_ib_alloc_fast_reg_page_list_46119 mlx4_ib_alloc_fast_reg_page_list 2 46119 NULL +paging32_walk_addr_nested_46121 paging32_walk_addr_nested 3 46121 NULL ++vb2_dma_sg_get_userptr_46146 vb2_dma_sg_get_userptr 2 46146 NULL +__netlink_change_ngroups_46156 __netlink_change_ngroups 2 46156 NULL +twl_direction_out_46182 twl_direction_out 2 46182 NULL +vxge_os_dma_malloc_46184 vxge_os_dma_malloc 2 46184 NULL @@ -99131,6 +104311,7 @@ index 0000000..7982a0c +nf_nat_ftp_46265 nf_nat_ftp 6 46265 NULL +ReadReg_46277 ReadReg 0 46277 NULL +batadv_iv_ogm_queue_add_46319 batadv_iv_ogm_queue_add 3 46319 NULL ++qlcnic_83xx_sysfs_flash_bulk_write_46320 qlcnic_83xx_sysfs_flash_bulk_write 4 46320 NULL +__hwahc_dev_set_key_46328 __hwahc_dev_set_key 5 46328 NULL +iwl_dbgfs_chain_noise_read_46355 iwl_dbgfs_chain_noise_read 3 46355 NULL +smk_write_direct_46363 smk_write_direct 3 46363 NULL @@ -99138,6 +104319,7 @@ index 0000000..7982a0c +ubi_dump_flash_46381 ubi_dump_flash 4 46381 NULL +fuse_file_aio_write_46399 fuse_file_aio_write 4 46399 NULL +crypto_ablkcipher_reqsize_46411 crypto_ablkcipher_reqsize 0 46411 NULL ++hash_ipportip6_expire_46443 hash_ipportip6_expire 3 46443 NULL +cp210x_set_config_46447 cp210x_set_config 4 46447 NULL +filldir64_46469 filldir64 3 46469 NULL +fill_in_write_vector_46498 fill_in_write_vector 0 46498 NULL @@ -99176,7 +104358,8 @@ index 0000000..7982a0c +xfs_iroot_realloc_46826 xfs_iroot_realloc 2 46826 NULL +shmem_pwrite_fast_46842 shmem_pwrite_fast 3 46842 NULL +spi_async_46857 spi_async 0 46857 NULL -+vsnprintf_46863 vsnprintf 0 46863 NULL ++vsnprintf_46863 vsnprintf 0 46863 NULL nohasharray ++SyS_move_pages_46863 SyS_move_pages 2 46863 &vsnprintf_46863 +nvme_alloc_queue_46865 nvme_alloc_queue 3 46865 NULL +sip_sprintf_addr_46872 sip_sprintf_addr 0 46872 NULL +rvmalloc_46873 rvmalloc 1 46873 NULL @@ -99199,6 +104382,7 @@ index 0000000..7982a0c +sel_write_bool_46996 sel_write_bool 3 46996 &gfs2_xattr_system_set_46996 +ttm_bo_io_47000 ttm_bo_io 5 47000 NULL +blk_rq_map_kern_47004 blk_rq_map_kern 4 47004 NULL ++add_free_space_entry_47005 add_free_space_entry 2 47005 NULL +__map_single_47020 __map_single 3-4-7 47020 NULL +cx231xx_init_bulk_47024 cx231xx_init_bulk 3-2 47024 NULL +swiotlb_sync_single_47031 swiotlb_sync_single 2 47031 NULL @@ -99207,6 +104391,7 @@ index 0000000..7982a0c +ufs_new_fragments_47070 ufs_new_fragments 3-5-4 47070 NULL +pipeline_dec_packet_in_read_47076 pipeline_dec_packet_in_read 3 47076 NULL +scsi_deactivate_tcq_47086 scsi_deactivate_tcq 2 47086 NULL ++iwl_dump_nic_event_log_47089 iwl_dump_nic_event_log 0 47089 NULL +mousedev_read_47123 mousedev_read 3 47123 NULL +ses_recv_diag_47143 ses_recv_diag 4 47143 NULL nohasharray +acpi_ut_initialize_buffer_47143 acpi_ut_initialize_buffer 2 47143 &ses_recv_diag_47143 @@ -99226,7 +104411,9 @@ index 0000000..7982a0c +tty_audit_log_47280 tty_audit_log 8 47280 NULL +gfs2_readpages_47285 gfs2_readpages 4 47285 NULL +vsnprintf_47291 vsnprintf 0 47291 NULL ++SYSC_semop_47292 SYSC_semop 3 47292 NULL +tx_internal_desc_overflow_read_47300 tx_internal_desc_overflow_read 3 47300 NULL ++SyS_madvise_47354 SyS_madvise 1 47354 NULL +ieee80211_if_read_dot11MeshHoldingTimeout_47356 ieee80211_if_read_dot11MeshHoldingTimeout 3 47356 NULL +avc_get_hash_stats_47359 avc_get_hash_stats 0 47359 NULL +find_first_zero_bit_le_47369 find_first_zero_bit_le 2 47369 NULL @@ -99238,13 +104425,17 @@ index 0000000..7982a0c +pfkey_sendmsg_47394 pfkey_sendmsg 4 47394 NULL +gfn_to_pfn_prot_47398 gfn_to_pfn_prot 2 47398 NULL +ocfs2_resv_end_47408 ocfs2_resv_end 0 47408 NULL ++sta_vht_capa_read_47409 sta_vht_capa_read 3 47409 NULL +crypto_ablkcipher_alignmask_47410 crypto_ablkcipher_alignmask 0 47410 NULL +vzalloc_47421 vzalloc 1 47421 NULL ++hash_ipportip4_expire_47426 hash_ipportip4_expire 3 47426 NULL +posix_acl_from_disk_47445 posix_acl_from_disk 2 47445 NULL +__load_mapping_47460 __load_mapping 2 47460 NULL ++nvme_trans_send_fw_cmd_47479 nvme_trans_send_fw_cmd 4 47479 NULL +wb_force_mapping_47485 wb_force_mapping 2 47485 NULL nohasharray +newpart_47485 newpart 6 47485 &wb_force_mapping_47485 +core_sys_select_47494 core_sys_select 1 47494 NULL ++alloc_arraycache_47505 alloc_arraycache 2 47505 NULL +unlink_simple_47506 unlink_simple 3 47506 NULL +ufs_inode_getblock_47512 ufs_inode_getblock 4 47512 NULL +vscnprintf_47533 vscnprintf 0-2 47533 NULL nohasharray @@ -99252,8 +104443,11 @@ index 0000000..7982a0c +oz_events_read_47535 oz_events_read 3 47535 NULL +ieee80211_if_fmt_min_discovery_timeout_47539 ieee80211_if_fmt_min_discovery_timeout 3 47539 NULL +read_ldt_47570 read_ldt 2 47570 NULL ++_rtl_rx_get_padding_47572 _rtl_rx_get_padding 0 47572 NULL nohasharray ++isku_sysfs_read_last_set_47572 isku_sysfs_read_last_set 6 47572 &_rtl_rx_get_padding_47572 +pci_iomap_47575 pci_iomap 3 47575 NULL +rpipe_get_idx_47579 rpipe_get_idx 2 47579 NULL ++SYSC_fcntl64_47581 SYSC_fcntl64 3 47581 NULL +ext4_kvzalloc_47605 ext4_kvzalloc 1 47605 NULL +sctp_ssnmap_new_47608 sctp_ssnmap_new 1-2 47608 NULL +uea_request_47613 uea_request 4 47613 NULL @@ -99261,6 +104455,7 @@ index 0000000..7982a0c +twl4030_clear_set_47624 twl4030_clear_set 4 47624 NULL +irq_set_chip_47638 irq_set_chip 1 47638 NULL +__build_packet_message_47643 __build_packet_message 3-9 47643 NULL ++global_rt_runtime_47712 global_rt_runtime 0 47712 NULL +save_microcode_47717 save_microcode 3 47717 NULL +bits_to_user_47733 bits_to_user 2-3 47733 NULL +carl9170_debugfs_read_47738 carl9170_debugfs_read 3 47738 NULL @@ -99270,15 +104465,18 @@ index 0000000..7982a0c +alloc_sched_domains_47756 alloc_sched_domains 1 47756 NULL +i915_wedged_write_47771 i915_wedged_write 3 47771 NULL +uwb_ie_dump_hex_47774 uwb_ie_dump_hex 4 47774 NULL ++SyS_setgroups16_47780 SyS_setgroups16 1 47780 NULL +error_error_numll_frame_cts_start_read_47781 error_error_numll_frame_cts_start_read 3 47781 NULL +posix_acl_fix_xattr_from_user_47793 posix_acl_fix_xattr_from_user 2 47793 NULL +stmmac_set_bfsize_47834 stmmac_set_bfsize 0 47834 NULL ++KEY_SIZE_47855 KEY_SIZE 0 47855 NULL +ubifs_unpack_nnode_47866 ubifs_unpack_nnode 0 47866 NULL +vhci_read_47878 vhci_read 3 47878 NULL +keyctl_instantiate_key_common_47889 keyctl_instantiate_key_common 4 47889 NULL +load_mapping_47904 load_mapping 3 47904 NULL +osd_req_read_sg_47905 osd_req_read_sg 5 47905 NULL +comedi_write_47926 comedi_write 3 47926 NULL ++nvme_trans_get_blk_desc_len_47946 nvme_trans_get_blk_desc_len 0-2 47946 NULL +lp8788_irq_map_47964 lp8788_irq_map 2 47964 NULL +iwl_dbgfs_ucode_tracing_read_47983 iwl_dbgfs_ucode_tracing_read 3 47983 NULL nohasharray +mempool_resize_47983 mempool_resize 2 47983 &iwl_dbgfs_ucode_tracing_read_47983 @@ -99287,9 +104485,11 @@ index 0000000..7982a0c +ffs_epfile_write_48014 ffs_epfile_write 3 48014 NULL +bio_integrity_set_tag_48035 bio_integrity_set_tag 3 48035 NULL +pppoe_sendmsg_48039 pppoe_sendmsg 4 48039 NULL ++SYSC_writev_48040 SYSC_writev 3 48040 NULL +wpan_phy_alloc_48056 wpan_phy_alloc 1 48056 NULL +posix_acl_alloc_48063 posix_acl_alloc 1 48063 NULL +palmas_bulk_write_48068 palmas_bulk_write 2-3-5 48068 NULL ++disc_write_48070 disc_write 3 48070 NULL +mmc_alloc_host_48097 mmc_alloc_host 1 48097 NULL +skb_copy_datagram_const_iovec_48102 skb_copy_datagram_const_iovec 4-2-5 48102 NULL +radio_isa_common_probe_48107 radio_isa_common_probe 3 48107 NULL @@ -99299,9 +104499,11 @@ index 0000000..7982a0c +bitmap_onto_48152 bitmap_onto 4 48152 NULL +isr_dma1_done_read_48159 isr_dma1_done_read 3 48159 NULL +c4iw_id_table_alloc_48163 c4iw_id_table_alloc 3 48163 NULL -+ocfs2_find_next_zero_bit_unaligned_48170 ocfs2_find_next_zero_bit_unaligned 2-3 48170 NULL ++ocfs2_find_next_zero_bit_unaligned_48170 ocfs2_find_next_zero_bit_unaligned 2-3 48170 NULL nohasharray ++rbd_obj_method_sync_48170 rbd_obj_method_sync 8 48170 &ocfs2_find_next_zero_bit_unaligned_48170 +alloc_cc770dev_48186 alloc_cc770dev 1 48186 NULL +init_ipath_48187 init_ipath 1 48187 NULL ++brcmf_sdio_chip_cm3_exitdl_48192 brcmf_sdio_chip_cm3_exitdl 4 48192 NULL +snd_seq_dump_var_event_48209 snd_seq_dump_var_event 0 48209 NULL +is_block_in_journal_48223 is_block_in_journal 3 48223 NULL +uv_blade_nr_possible_cpus_48226 uv_blade_nr_possible_cpus 0 48226 NULL @@ -99322,6 +104524,7 @@ index 0000000..7982a0c +lbs_debugfs_write_48413 lbs_debugfs_write 3 48413 NULL +pwr_tx_without_ps_read_48423 pwr_tx_without_ps_read 3 48423 NULL +nfs4_alloc_pages_48426 nfs4_alloc_pages 1 48426 NULL ++print_filtered_48442 print_filtered 2-0 48442 NULL +tun_recvmsg_48463 tun_recvmsg 4 48463 NULL +r8712_usbctrl_vendorreq_48489 r8712_usbctrl_vendorreq 6 48489 NULL +send_control_msg_48498 send_control_msg 6 48498 NULL @@ -99338,6 +104541,7 @@ index 0000000..7982a0c +do_ip_vs_set_ctl_48641 do_ip_vs_set_ctl 4 48641 NULL +mtd_read_48655 mtd_read 0 48655 NULL +aes_encrypt_packets_read_48666 aes_encrypt_packets_read 3 48666 NULL ++ore_get_rw_state_48667 ore_get_rw_state 4 48667 NULL +sm501_create_subdev_48668 sm501_create_subdev 3-4 48668 NULL nohasharray +sys_setgroups_48668 sys_setgroups 1 48668 &sm501_create_subdev_48668 +altera_drscan_48698 altera_drscan 2 48698 NULL @@ -99352,7 +104556,8 @@ index 0000000..7982a0c +efi_memory_uc_48828 efi_memory_uc 1 48828 NULL +azx_get_position_48841 azx_get_position 0 48841 NULL +vc_do_resize_48842 vc_do_resize 3-4 48842 NULL -+viafb_dvp1_proc_write_48864 viafb_dvp1_proc_write 3 48864 NULL ++C_SYSC_pwritev64_48864 C_SYSC_pwritev64 3 48864 NULL nohasharray ++viafb_dvp1_proc_write_48864 viafb_dvp1_proc_write 3 48864 &C_SYSC_pwritev64_48864 +__ffs_ep0_read_events_48868 __ffs_ep0_read_events 3 48868 NULL +sys_setgroups16_48882 sys_setgroups16 1 48882 NULL +ext2_alloc_branch_48889 ext2_alloc_branch 4 48889 NULL @@ -99368,6 +104573,7 @@ index 0000000..7982a0c +_alloc_set_attr_list_48991 _alloc_set_attr_list 4 48991 NULL +rds_rm_size_48996 rds_rm_size 0-2 48996 NULL +sel_write_enforce_48998 sel_write_enforce 3 48998 NULL ++filemap_check_errors_49022 filemap_check_errors 0 49022 NULL +transient_status_49027 transient_status 4 49027 NULL +ipath_reg_user_mr_49038 ipath_reg_user_mr 2-3 49038 NULL +setup_msi_irq_49052 setup_msi_irq 3-4 49052 NULL @@ -99375,7 +104581,8 @@ index 0000000..7982a0c +scsi_register_49094 scsi_register 2 49094 NULL +paging64_walk_addr_nested_49100 paging64_walk_addr_nested 3 49100 NULL +compat_do_readv_writev_49102 compat_do_readv_writev 4 49102 NULL -+xfrm_replay_state_esn_len_49119 xfrm_replay_state_esn_len 0 49119 NULL ++check_exists_49119 check_exists 2 49119 NULL nohasharray ++xfrm_replay_state_esn_len_49119 xfrm_replay_state_esn_len 0 49119 &check_exists_49119 +pt_read_49136 pt_read 3 49136 NULL +tipc_multicast_49144 tipc_multicast 5 49144 NULL +atyfb_setup_generic_49151 atyfb_setup_generic 3 49151 NULL @@ -99387,14 +104594,18 @@ index 0000000..7982a0c +iwl_dbgfs_ucode_general_stats_read_49199 iwl_dbgfs_ucode_general_stats_read 3 49199 NULL +il4965_rs_sta_dbgfs_stats_table_read_49206 il4965_rs_sta_dbgfs_stats_table_read 3 49206 NULL +do_jffs2_getxattr_49210 do_jffs2_getxattr 0 49210 NULL ++resp_write_same_49217 resp_write_same 2 49217 NULL +nouveau_therm_create__49228 nouveau_therm_create_ 4 49228 NULL +nouveau_i2c_port_create__49237 nouveau_i2c_port_create_ 6 49237 NULL +hugetlb_cgroup_read_49259 hugetlb_cgroup_read 5 49259 NULL +ieee80211_if_read_rssi_threshold_49260 ieee80211_if_read_rssi_threshold 3 49260 NULL ++isku_sysfs_read_keys_media_49268 isku_sysfs_read_keys_media 6 49268 NULL +osd_req_add_get_attr_list_49278 osd_req_add_get_attr_list 3 49278 NULL +rx_filter_beacon_filter_read_49279 rx_filter_beacon_filter_read 3 49279 NULL +uio_read_49300 uio_read 3 49300 NULL +ocfs2_resmap_find_free_bits_49301 ocfs2_resmap_find_free_bits 3 49301 NULL ++isku_sysfs_read_keys_macro_49312 isku_sysfs_read_keys_macro 6 49312 NULL ++SYSC_mincore_49319 SYSC_mincore 1 49319 NULL +fwtty_port_handler_49327 fwtty_port_handler 9 49327 NULL +srpt_alloc_ioctx_ring_49330 srpt_alloc_ioctx_ring 2-3-4 49330 NULL +cfpkt_setlen_49343 cfpkt_setlen 2 49343 NULL @@ -99408,22 +104619,26 @@ index 0000000..7982a0c +samples_to_bytes_49426 samples_to_bytes 0-2 49426 NULL +md_domain_init_49432 md_domain_init 2 49432 NULL +compat_do_msg_fill_49440 compat_do_msg_fill 3 49440 NULL ++get_lru_size_49441 get_lru_size 0 49441 NULL +agp_3_5_isochronous_node_enable_49465 agp_3_5_isochronous_node_enable 3 49465 NULL +xfs_iformat_local_49472 xfs_iformat_local 4 49472 NULL +savu_sysfs_read_49473 savu_sysfs_read 6 49473 NULL +isr_decrypt_done_read_49490 isr_decrypt_done_read 3 49490 NULL ++SyS_listxattr_49519 SyS_listxattr 3 49519 NULL +emulator_write_phys_49520 emulator_write_phys 2-4 49520 NULL +acpi_os_ioremap_49523 acpi_os_ioremap 1-2 49523 NULL +smk_write_access_49561 smk_write_access 3 49561 NULL +ntfs_malloc_nofs_49572 ntfs_malloc_nofs 1 49572 NULL +alloc_chunk_49575 alloc_chunk 1 49575 NULL +sctp_setsockopt_default_send_param_49578 sctp_setsockopt_default_send_param 3 49578 NULL ++tap_write_49595 tap_write 3 49595 NULL +isr_wakeups_read_49607 isr_wakeups_read 3 49607 NULL +btrfs_mksubvol_49616 btrfs_mksubvol 3 49616 NULL +heap_init_49617 heap_init 2 49617 NULL +smk_write_doi_49621 smk_write_doi 3 49621 NULL +btrfsic_cmp_log_and_dev_bytenr_49628 btrfsic_cmp_log_and_dev_bytenr 2 49628 NULL +aa_simple_write_to_buffer_49683 aa_simple_write_to_buffer 3-4 49683 NULL ++SyS_pwritev_49688 SyS_pwritev 3 49688 NULL +sys_gethostname_49698 sys_gethostname 2 49698 NULL +cx2341x_ctrl_new_menu_49700 cx2341x_ctrl_new_menu 3 49700 NULL +dm_thin_insert_block_49720 dm_thin_insert_block 2-3 49720 NULL @@ -99435,16 +104650,18 @@ index 0000000..7982a0c +fuse_wr_pages_49753 fuse_wr_pages 0-1-2 49753 NULL +key_conf_keylen_read_49758 key_conf_keylen_read 3 49758 NULL +fuse_conn_waiting_read_49762 fuse_conn_waiting_read 3 49762 NULL -+isku_sysfs_write_49767 isku_sysfs_write 6 49767 NULL ++isku_sysfs_write_49767 isku_sysfs_write 6-5 49767 NULL +ceph_osdc_readpages_49789 ceph_osdc_readpages 10-4 49789 NULL +nfs4_acl_new_49806 nfs4_acl_new 1 49806 NULL +arch_gnttab_map_status_49812 arch_gnttab_map_status 3 49812 NULL +ntfs_copy_from_user_iovec_49829 ntfs_copy_from_user_iovec 3-6-0 49829 NULL +add_uuid_49831 add_uuid 4 49831 NULL ++tcf_csum_ipv4_tcp_49834 tcf_csum_ipv4_tcp 3 49834 NULL +ath6kl_fwlog_block_read_49836 ath6kl_fwlog_block_read 3 49836 NULL +twl4030_write_49846 twl4030_write 2 49846 NULL +scsi_dispatch_cmd_entry_49848 scsi_dispatch_cmd_entry 3 49848 NULL +timeradd_entry_49850 timeradd_entry 3 49850 NULL ++btrfs_subvolume_reserve_metadata_49859 btrfs_subvolume_reserve_metadata 3 49859 NULL +sctp_setsockopt_bindx_49870 sctp_setsockopt_bindx 3 49870 NULL +ceph_get_caps_49890 ceph_get_caps 0 49890 NULL +__cow_file_range_49901 __cow_file_range 5 49901 NULL @@ -99452,6 +104669,7 @@ index 0000000..7982a0c +batadv_tt_realloc_packet_buff_49960 batadv_tt_realloc_packet_buff 4 49960 NULL +b43legacy_pio_read_49978 b43legacy_pio_read 0 49978 NULL +ieee80211_if_fmt_dtim_count_49987 ieee80211_if_fmt_dtim_count 3 49987 NULL ++sta2x11_swiotlb_alloc_coherent_49994 sta2x11_swiotlb_alloc_coherent 2 49994 NULL +l2cap_chan_send_49995 l2cap_chan_send 3 49995 NULL +__module_alloc_50004 __module_alloc 1 50004 NULL +dn_mss_from_pmtu_50011 dn_mss_from_pmtu 0-2 50011 NULL @@ -99466,6 +104684,7 @@ index 0000000..7982a0c +sock_setsockopt_50088 sock_setsockopt 5 50088 NULL +altera_swap_dr_50090 altera_swap_dr 2 50090 NULL +read_file_slot_50111 read_file_slot 3 50111 NULL ++SYSC_preadv_50134 SYSC_preadv 3 50134 NULL +copy_items_50140 copy_items 6 50140 NULL +tx_frag_need_fragmentation_read_50153 tx_frag_need_fragmentation_read 3 50153 NULL +set_cmd_header_50155 set_cmd_header 0 50155 NULL @@ -99485,6 +104704,8 @@ index 0000000..7982a0c +afs_extract_data_50261 afs_extract_data 5 50261 NULL +rxrpc_setsockopt_50286 rxrpc_setsockopt 5 50286 NULL +soc_codec_reg_show_50302 soc_codec_reg_show 0 50302 NULL ++SYSC_flistxattr_50307 SYSC_flistxattr 3 50307 NULL ++SYSC_sched_setaffinity_50310 SYSC_sched_setaffinity 2 50310 NULL +soc_camera_read_50319 soc_camera_read 3 50319 NULL +do_launder_page_50329 do_launder_page 0 50329 NULL +nouveau_engine_create__50331 nouveau_engine_create_ 7 50331 NULL @@ -99493,16 +104714,20 @@ index 0000000..7982a0c +snd_pcm_lib_writev_50337 snd_pcm_lib_writev 0-3 50337 &ocfs2_block_to_cluster_group_50337 +roccat_common2_send_with_status_50343 roccat_common2_send_with_status 4 50343 NULL +tpm_read_50344 tpm_read 3 50344 NULL ++sched_clock_remote_50347 sched_clock_remote 0 50347 NULL +kvm_arch_create_memslot_50354 kvm_arch_create_memslot 2 50354 NULL +isdn_ppp_read_50356 isdn_ppp_read 4 50356 NULL +unpack_u16_chunk_50357 unpack_u16_chunk 0 50357 NULL +xfrm_send_migrate_50365 xfrm_send_migrate 5 50365 NULL +roccat_common2_receive_50369 roccat_common2_receive 4 50369 NULL +sl_alloc_bufs_50380 sl_alloc_bufs 2 50380 NULL ++hash_ip6_expire_50390 hash_ip6_expire 3 50390 NULL +l2tp_ip_sendmsg_50411 l2tp_ip_sendmsg 4 50411 NULL ++ceph_writepages_osd_request_50423 ceph_writepages_osd_request 5 50423 NULL +iscsi_create_conn_50425 iscsi_create_conn 2 50425 NULL +validate_acl_mac_addrs_50429 validate_acl_mac_addrs 0 50429 NULL +btrfs_error_discard_extent_50444 btrfs_error_discard_extent 2 50444 NULL ++calc_csum_metadata_size_50448 calc_csum_metadata_size 0 50448 NULL +pgctrl_write_50453 pgctrl_write 3 50453 NULL +force_mapping_50464 force_mapping 2 50464 NULL +cdrom_read_cdda_50478 cdrom_read_cdda 4 50478 NULL @@ -99514,8 +104739,10 @@ index 0000000..7982a0c +fat_readpages_50582 fat_readpages 4 50582 NULL +iwl_dbgfs_missed_beacon_read_50584 iwl_dbgfs_missed_beacon_read 3 50584 NULL +build_inv_iommu_pages_50589 build_inv_iommu_pages 2-3 50589 NULL ++sge_rx_50594 sge_rx 3 50594 NULL +rx_rx_checksum_result_read_50617 rx_rx_checksum_result_read 3 50617 NULL +__ffs_50625 __ffs 0 50625 NULL ++regcache_rbtree_write_50629 regcache_rbtree_write 2 50629 NULL +simple_transaction_get_50633 simple_transaction_get 3 50633 NULL +ath6kl_tm_rx_event_50664 ath6kl_tm_rx_event 3 50664 NULL nohasharray +sys_readv_50664 sys_readv 3 50664 &ath6kl_tm_rx_event_50664 @@ -99541,6 +104768,7 @@ index 0000000..7982a0c +videobuf_dma_init_user_50839 videobuf_dma_init_user 3 50839 NULL +self_check_write_50856 self_check_write 5 50856 NULL +carl9170_debugfs_write_50857 carl9170_debugfs_write 3 50857 NULL ++SyS_lgetxattr_50889 SyS_lgetxattr 4 50889 NULL +netlbl_secattr_catmap_walk_rng_50894 netlbl_secattr_catmap_walk_rng 0-2 50894 NULL +osd_req_write_sg_50908 osd_req_write_sg 5 50908 NULL +xfs_iext_remove_50909 xfs_iext_remove 3 50909 NULL @@ -99548,6 +104776,7 @@ index 0000000..7982a0c +hash_recvmsg_50924 hash_recvmsg 4 50924 NULL +chd_dec_fetch_cdata_50926 chd_dec_fetch_cdata 3 50926 NULL +ocfs2_add_refcount_flag_50952 ocfs2_add_refcount_flag 6 50952 NULL ++SyS_setxattr_50957 SyS_setxattr 4 50957 NULL +iwl_statistics_flag_50981 iwl_statistics_flag 0-3 50981 NULL +timeout_write_50991 timeout_write 3 50991 NULL +wm831x_irq_map_50995 wm831x_irq_map 2 50995 NULL @@ -99562,6 +104791,7 @@ index 0000000..7982a0c +do_arpt_set_ctl_51053 do_arpt_set_ctl 4 51053 NULL +wusb_prf_64_51065 wusb_prf_64 7 51065 NULL +jbd2_journal_init_revoke_51088 jbd2_journal_init_revoke 2 51088 NULL ++solo_enc_v4l2_init_51094 solo_enc_v4l2_init 2 51094 NULL +__ocfs2_find_path_51096 __ocfs2_find_path 0 51096 NULL +ti_recv_51110 ti_recv 3 51110 NULL +dgrp_net_read_51113 dgrp_net_read 3 51113 NULL @@ -99584,6 +104814,7 @@ index 0000000..7982a0c +pvr2_std_id_to_str_51288 pvr2_std_id_to_str 2 51288 NULL +bnad_debugfs_read_regrd_51308 bnad_debugfs_read_regrd 3 51308 NULL +get_cell_51316 get_cell 2 51316 NULL ++init_map_ipmac_51317 init_map_ipmac 4-3-5 51317 NULL +alloc_hippi_dev_51320 alloc_hippi_dev 1 51320 NULL +ext2_xattr_get_51327 ext2_xattr_get 0 51327 NULL +alloc_smp_req_51337 alloc_smp_req 1 51337 NULL nohasharray @@ -99601,6 +104832,8 @@ index 0000000..7982a0c +____alloc_ei_netdev_51475 ____alloc_ei_netdev 1 51475 NULL +xfs_buf_get_uncached_51477 xfs_buf_get_uncached 2 51477 NULL +vaddr_51480 vaddr 0 51480 NULL ++skb_inner_mac_header_51482 skb_inner_mac_header 0 51482 NULL nohasharray ++btrfs_find_space_cluster_51482 btrfs_find_space_cluster 5 51482 &skb_inner_mac_header_51482 +__cpa_process_fault_51502 __cpa_process_fault 2 51502 NULL +ieee80211_if_write_uapsd_queues_51526 ieee80211_if_write_uapsd_queues 3 51526 NULL +load_pdptrs_51541 load_pdptrs 3 51541 NULL @@ -99630,11 +104863,13 @@ index 0000000..7982a0c +if_write_51756 if_write 3 51756 NULL +ioremap_prot_51764 ioremap_prot 1-2 51764 NULL +iio_buffer_add_channel_sysfs_51766 iio_buffer_add_channel_sysfs 0 51766 NULL ++to_ratio_51809 to_ratio 2-1 51809 NULL +qib_alloc_devdata_51819 qib_alloc_devdata 2 51819 NULL +buffer_from_user_51826 buffer_from_user 3 51826 NULL +ioread32_51847 ioread32 0 51847 NULL nohasharray +read_file_tgt_tx_stats_51847 read_file_tgt_tx_stats 3 51847 &ioread32_51847 +do_readv_writev_51849 do_readv_writev 4 51849 NULL ++SYSC_sendto_51852 SYSC_sendto 6 51852 NULL +pointer_size_read_51863 pointer_size_read 3 51863 NULL +mlx4_alloc_db_from_pgdir_51865 mlx4_alloc_db_from_pgdir 3 51865 NULL +get_indirect_ea_51869 get_indirect_ea 4 51869 NULL @@ -99651,6 +104886,7 @@ index 0000000..7982a0c +arizona_free_irq_51969 arizona_free_irq 2 51969 NULL nohasharray +snd_mask_min_51969 snd_mask_min 0 51969 &arizona_free_irq_51969 +ath6kl_sdio_alloc_prep_scat_req_51986 ath6kl_sdio_alloc_prep_scat_req 2 51986 NULL ++dwc3_mode_write_51997 dwc3_mode_write 3 51997 NULL +skb_copy_datagram_from_iovec_52014 skb_copy_datagram_from_iovec 4-2-5 52014 NULL +rdmalt_52022 rdmalt 0 52022 NULL +vxge_rx_alloc_52024 vxge_rx_alloc 3 52024 NULL @@ -99663,6 +104899,7 @@ index 0000000..7982a0c +isofs_readpages_52067 isofs_readpages 4 52067 NULL +nsm_get_handle_52089 nsm_get_handle 4 52089 NULL +o2net_debug_read_52105 o2net_debug_read 3 52105 NULL ++smsdvb_stats_read_52114 smsdvb_stats_read 3 52114 NULL +retry_count_read_52129 retry_count_read 3 52129 NULL +zram_meta_alloc_52140 zram_meta_alloc 1 52140 NULL +hysdn_conf_write_52145 hysdn_conf_write 3 52145 NULL nohasharray @@ -99683,12 +104920,14 @@ index 0000000..7982a0c +shrink_slab_52261 shrink_slab 2-3 52261 NULL +hva_to_pfn_slow_52262 hva_to_pfn_slow 1 52262 NULL +sisusbcon_do_font_op_52271 sisusbcon_do_font_op 9 52271 NULL ++atomic64_read_52300 atomic64_read 0 52300 NULL +ath6kl_wmi_get_new_buf_52304 ath6kl_wmi_get_new_buf 1 52304 NULL +read_file_reset_52310 read_file_reset 3 52310 NULL +request_asymmetric_key_52317 request_asymmetric_key 2-4 52317 NULL +hwflags_read_52318 hwflags_read 3 52318 NULL +ntfs_rl_split_52328 ntfs_rl_split 2-4 52328 NULL +test_unaligned_bulk_52333 test_unaligned_bulk 3 52333 NULL ++compat_SyS_preadv64_52351 compat_SyS_preadv64 3 52351 NULL +bytes_to_frames_52362 bytes_to_frames 0-2 52362 NULL +copy_entries_to_user_52367 copy_entries_to_user 1 52367 NULL +mq_emit_config_values_52378 mq_emit_config_values 3 52378 NULL @@ -99707,20 +104946,24 @@ index 0000000..7982a0c +skb_cow_head_52495 skb_cow_head 2 52495 &fd_do_rw_52495 +qib_user_sdma_pin_pages_52498 qib_user_sdma_pin_pages 3-5 52498 NULL +int_tasklet_entry_52500 int_tasklet_entry 3 52500 NULL ++qlcnic_83xx_sysfs_flash_write_52507 qlcnic_83xx_sysfs_flash_write 4 52507 NULL +pm_qos_power_write_52513 pm_qos_power_write 3 52513 NULL +dup_variable_bug_52525 dup_variable_bug 3 52525 NULL +from_oblock_52546 from_oblock 0-1 52546 NULL +dccpprobe_read_52549 dccpprobe_read 3 52549 NULL +ocfs2_make_right_split_rec_52562 ocfs2_make_right_split_rec 3 52562 NULL +emit_code_52583 emit_code 0-3 52583 NULL ++isku_sysfs_read_macro_52587 isku_sysfs_read_macro 6 52587 NULL +tps80031_writes_52638 tps80031_writes 3-4 52638 NULL +brcmf_sdio_assert_info_52653 brcmf_sdio_assert_info 4 52653 NULL ++SYSC_gethostname_52677 SYSC_gethostname 2 52677 NULL +nvd0_disp_pioc_create__52693 nvd0_disp_pioc_create_ 5 52693 NULL +nouveau_client_create__52715 nouveau_client_create_ 5 52715 NULL +cx25840_ir_rx_read_52724 cx25840_ir_rx_read 3 52724 NULL +blkcipher_next_slow_52733 blkcipher_next_slow 3-4 52733 NULL +relay_alloc_page_array_52735 relay_alloc_page_array 1 52735 NULL +carl9170_debugfs_vif_dump_read_52755 carl9170_debugfs_vif_dump_read 3 52755 NULL ++ieee80211_if_read_beacon_timeout_52756 ieee80211_if_read_beacon_timeout 3 52756 NULL +copy_ctr_args_52761 copy_ctr_args 2 52761 NULL +pwr_rcvd_beacons_read_52836 pwr_rcvd_beacons_read 3 52836 NULL +ext2_xattr_set_acl_52857 ext2_xattr_set_acl 4 52857 NULL @@ -99754,6 +104997,7 @@ index 0000000..7982a0c +brcmf_usb_dl_cmd_53130 brcmf_usb_dl_cmd 4 53130 NULL +ps_poll_ps_poll_max_ap_turn_read_53140 ps_poll_ps_poll_max_ap_turn_read 3 53140 NULL +ieee80211_bss_info_update_53170 ieee80211_bss_info_update 4 53170 NULL ++btrfs_io_bio_alloc_53179 btrfs_io_bio_alloc 2 53179 NULL +clear_capture_buf_53192 clear_capture_buf 2 53192 NULL +mtdoops_erase_block_53206 mtdoops_erase_block 2 53206 NULL +fixup_user_fault_53210 fixup_user_fault 3 53210 NULL @@ -99762,6 +105006,7 @@ index 0000000..7982a0c +xfs_trans_read_buf_map_53258 xfs_trans_read_buf_map 5 53258 NULL +wil_write_file_ssid_53266 wil_write_file_ssid 3 53266 NULL +btrfs_file_extent_num_bytes_53269 btrfs_file_extent_num_bytes 0 53269 NULL ++isku_sysfs_write_key_mask_53305 isku_sysfs_write_key_mask 6 53305 NULL +batadv_interface_rx_53325 batadv_interface_rx 4 53325 NULL +gsm_control_reply_53333 gsm_control_reply 4 53333 NULL +vm_mmap_53339 vm_mmap 0 53339 NULL @@ -99783,7 +105028,8 @@ index 0000000..7982a0c +ocfs2_xattr_set_acl_53508 ocfs2_xattr_set_acl 4 53508 NULL +check_acl_53512 check_acl 0 53512 NULL +alloc_pages_exact_nid_53515 alloc_pages_exact_nid 2 53515 NULL -+set_registers_53582 set_registers 3 53582 NULL ++SYSC_bind_53582 SYSC_bind 3 53582 NULL nohasharray ++set_registers_53582 set_registers 3 53582 &SYSC_bind_53582 +cifs_utf16_bytes_53593 cifs_utf16_bytes 0 53593 NULL +gfn_to_pfn_async_53597 gfn_to_pfn_async 2 53597 NULL +___alloc_bootmem_nopanic_53626 ___alloc_bootmem_nopanic 1-2 53626 NULL @@ -99791,6 +105037,7 @@ index 0000000..7982a0c +ccid_getsockopt_builtin_ccids_53634 ccid_getsockopt_builtin_ccids 2 53634 NULL +nr_sendmsg_53656 nr_sendmsg 4 53656 NULL +_preload_range_53676 _preload_range 2-3 53676 NULL ++lowpan_fragment_xmit_53680 lowpan_fragment_xmit 3-4 53680 NULL +fuse_fill_write_pages_53682 fuse_fill_write_pages 4 53682 NULL +v4l2_event_subscribe_53687 v4l2_event_subscribe 3 53687 NULL +bdev_logical_block_size_53690 bdev_logical_block_size 0 53690 NULL nohasharray @@ -99812,7 +105059,8 @@ index 0000000..7982a0c +nls_nullsize_53815 nls_nullsize 0 53815 NULL +pms_read_53873 pms_read 3 53873 NULL +ieee80211_if_fmt_dropped_frames_congestion_53883 ieee80211_if_fmt_dropped_frames_congestion 3 53883 NULL -+ocfs2_rm_xattr_cluster_53900 ocfs2_rm_xattr_cluster 5-4-3 53900 NULL ++ocfs2_rm_xattr_cluster_53900 ocfs2_rm_xattr_cluster 5-4-3 53900 NULL nohasharray ++SyS_setgroups_53900 SyS_setgroups 1 53900 &ocfs2_rm_xattr_cluster_53900 +proc_file_read_53905 proc_file_read 3 53905 NULL +early_reserve_e820_53915 early_reserve_e820 1-2 53915 NULL +ocfs2_make_clusters_writable_53938 ocfs2_make_clusters_writable 4 53938 NULL @@ -99828,10 +105076,12 @@ index 0000000..7982a0c +pipeline_dec_packet_out_read_54052 pipeline_dec_packet_out_read 3 54052 NULL +nl80211_send_disconnected_54056 nl80211_send_disconnected 5 54056 NULL +rproc_state_read_54057 rproc_state_read 3 54057 NULL ++btrfs_start_transaction_54066 btrfs_start_transaction 2 54066 NULL +_malloc_54077 _malloc 1 54077 NULL +bitmap_bitremap_54096 bitmap_bitremap 4 54096 NULL +altera_set_ir_pre_54103 altera_set_ir_pre 2 54103 NULL +create_xattr_54106 create_xattr 5 54106 NULL ++inc_zcache_pers_zbytes_54107 inc_zcache_pers_zbytes 1 54107 NULL +strn_len_54122 strn_len 0 54122 NULL +isku_receive_54130 isku_receive 4 54130 NULL +isr_host_acknowledges_read_54136 isr_host_acknowledges_read 3 54136 NULL @@ -99839,6 +105089,7 @@ index 0000000..7982a0c +memcpy_toiovec_54166 memcpy_toiovec 3 54166 &i2400m_zrealloc_2x_54166 +nouveau_falcon_create__54169 nouveau_falcon_create_ 8 54169 NULL +acpi_os_read_memory_54186 acpi_os_read_memory 1-3 54186 NULL ++SyS_ipc_54206 SyS_ipc 3 54206 NULL +__register_chrdev_54223 __register_chrdev 2-3 54223 NULL +_format_mac_addr_54229 _format_mac_addr 2-0 54229 NULL +pi_read_regr_54231 pi_read_regr 0 54231 NULL @@ -99882,6 +105133,7 @@ index 0000000..7982a0c +unix_dgram_connect_54535 unix_dgram_connect 3 54535 NULL +setsockopt_54539 setsockopt 5 54539 NULL +mwifiex_usb_submit_rx_urb_54558 mwifiex_usb_submit_rx_urb 2 54558 NULL ++SYSC_setsockopt_54561 SYSC_setsockopt 5 54561 NULL +nfsd_vfs_write_54577 nfsd_vfs_write 6 54577 NULL +fw_iso_buffer_init_54582 fw_iso_buffer_init 3 54582 NULL +nvme_npages_54601 nvme_npages 0-1 54601 NULL @@ -99895,7 +105147,8 @@ index 0000000..7982a0c +evm_read_key_54674 evm_read_key 3 54674 NULL +resource_string_54699 resource_string 0 54699 NULL +platform_get_irq_byname_54700 platform_get_irq_byname 0 54700 NULL -+rfkill_fop_read_54711 rfkill_fop_read 3 54711 NULL ++rfkill_fop_read_54711 rfkill_fop_read 3 54711 NULL nohasharray ++compat_SyS_readv_54711 compat_SyS_readv 3 54711 &rfkill_fop_read_54711 +_add_sg_continuation_descriptor_54721 _add_sg_continuation_descriptor 3 54721 NULL +ocfs2_control_write_54737 ocfs2_control_write 3 54737 NULL +kzalloc_54740 kzalloc 1 54740 NULL @@ -99933,6 +105186,7 @@ index 0000000..7982a0c +__proc_file_read_54978 __proc_file_read 3 54978 NULL +ext3_xattr_get_54989 ext3_xattr_get 0 54989 NULL +Bus_to_Virtual_54991 Bus_to_Virtual 1 54991 NULL ++mem_cgroup_get_lru_size_55008 mem_cgroup_get_lru_size 0 55008 NULL +cx231xx_v4l2_read_55014 cx231xx_v4l2_read 3 55014 NULL +paging32_get_level1_sp_gpa_55022 paging32_get_level1_sp_gpa 0 55022 NULL +error_error_null_Frame_tx_start_read_55024 error_error_null_Frame_tx_start_read 3 55024 NULL @@ -99953,12 +105207,16 @@ index 0000000..7982a0c +ht40allow_map_read_55209 ht40allow_map_read 3 55209 NULL +__kfifo_dma_out_prepare_r_55211 __kfifo_dma_out_prepare_r 4-5 55211 NULL +do_raw_setsockopt_55215 do_raw_setsockopt 5 55215 NULL ++qxl_alloc_client_monitors_config_55216 qxl_alloc_client_monitors_config 2 55216 NULL ++nouveau_mc_create__55217 nouveau_mc_create_ 4 55217 NULL +dump_command_55220 dump_command 1 55220 NULL +dbAllocDmap_55227 dbAllocDmap 0 55227 NULL +tipc_port_reject_sections_55229 tipc_port_reject_sections 5 55229 NULL ++hash_netport6_expire_55232 hash_netport6_expire 3 55232 NULL +register_unifi_sdio_55239 register_unifi_sdio 2 55239 NULL +memcpy_fromiovec_55247 memcpy_fromiovec 3 55247 NULL -+ptrace_request_55288 ptrace_request 3 55288 NULL ++persistent_ram_new_55286 persistent_ram_new 1-2 55286 NULL ++ptrace_request_55288 ptrace_request 3-4 55288 NULL +rx_streaming_interval_read_55291 rx_streaming_interval_read 3 55291 NULL +gsm_control_modem_55303 gsm_control_modem 3 55303 NULL +qp_alloc_guest_work_55305 qp_alloc_guest_work 3-5 55305 NULL nohasharray @@ -99971,6 +105229,7 @@ index 0000000..7982a0c +acpi_system_read_event_55362 acpi_system_read_event 3 55362 NULL +nf_nat_ipv4_manip_pkt_55387 nf_nat_ipv4_manip_pkt 2 55387 NULL +iwl_dbgfs_plcp_delta_read_55407 iwl_dbgfs_plcp_delta_read 3 55407 NULL ++si476x_radio_read_rds_blckcnt_blob_55427 si476x_radio_read_rds_blckcnt_blob 3 55427 NULL +alloc_skb_55439 alloc_skb 1 55439 NULL +__vxge_hw_channel_allocate_55462 __vxge_hw_channel_allocate 3 55462 NULL +isdnhdlc_decode_55466 isdnhdlc_decode 0 55466 NULL @@ -99986,7 +105245,9 @@ index 0000000..7982a0c +buffer_size_55534 buffer_size 0 55534 NULL +set_msr_interception_55538 set_msr_interception 2 55538 NULL +tty_port_register_device_55543 tty_port_register_device 3 55543 NULL ++hash_netport4_expire_55584 hash_netport4_expire 3 55584 NULL +add_partition_55588 add_partition 2 55588 NULL ++SyS_keyctl_55602 SyS_keyctl 4 55602 NULL +free_pages_55603 free_pages 1 55603 NULL +macvtap_put_user_55609 macvtap_put_user 4 55609 NULL +selinux_setprocattr_55611 selinux_setprocattr 4 55611 NULL @@ -100006,6 +105267,7 @@ index 0000000..7982a0c +__videobuf_alloc_uncached_55711 __videobuf_alloc_uncached 1 55711 NULL +pm8001_store_update_fw_55716 pm8001_store_update_fw 4 55716 NULL +mtdswap_init_55719 mtdswap_init 2 55719 NULL ++tap_pwup_write_55723 tap_pwup_write 3 55723 NULL +__iio_allocate_kfifo_55738 __iio_allocate_kfifo 2 55738 NULL +set_local_name_55757 set_local_name 4 55757 NULL +strlen_55778 strlen 0 55778 NULL @@ -100034,12 +105296,14 @@ index 0000000..7982a0c +kmem_zalloc_large_56128 kmem_zalloc_large 1 56128 NULL +sel_read_handle_status_56139 sel_read_handle_status 3 56139 NULL +map_addr_56144 map_addr 7 56144 NULL ++__i2c_transfer_56162 __i2c_transfer 0 56162 NULL +rawv6_setsockopt_56165 rawv6_setsockopt 5 56165 NULL +create_irq_nr_56180 create_irq_nr 1 56180 NULL +ath9k_dump_legacy_btcoex_56194 ath9k_dump_legacy_btcoex 0 56194 NULL +skb_headroom_56200 skb_headroom 0 56200 NULL +usb_dump_iad_descriptor_56204 usb_dump_iad_descriptor 0 56204 NULL +ncp_read_bounce_size_56221 ncp_read_bounce_size 0-1 56221 NULL ++vring_add_indirect_56222 vring_add_indirect 4 56222 NULL +ocfs2_find_xe_in_bucket_56224 ocfs2_find_xe_in_bucket 0 56224 NULL +cp210x_get_config_56229 cp210x_get_config 4 56229 NULL +do_ipt_set_ctl_56238 do_ipt_set_ctl 4 56238 NULL @@ -100058,6 +105322,7 @@ index 0000000..7982a0c +vxge_os_dma_malloc_async_56348 vxge_os_dma_malloc_async 3 56348 NULL +iov_iter_copy_from_user_atomic_56368 iov_iter_copy_from_user_atomic 4 56368 NULL +dev_read_56369 dev_read 3 56369 NULL ++write_gssp_56404 write_gssp 3 56404 NULL +ocfs2_control_read_56405 ocfs2_control_read 3 56405 NULL +__get_vm_area_caller_56416 __get_vm_area_caller 1 56416 NULL nohasharray +acpi_os_write_memory_56416 acpi_os_write_memory 1-3 56416 &__get_vm_area_caller_56416 @@ -100068,9 +105333,12 @@ index 0000000..7982a0c +cx231xx_init_isoc_56453 cx231xx_init_isoc 3-2 56453 NULL +set_connectable_56458 set_connectable 4 56458 NULL +osd_req_list_partition_objects_56464 osd_req_list_partition_objects 5 56464 NULL ++putused_user_56467 putused_user 3 56467 NULL +calc_linear_pos_56472 calc_linear_pos 0-3 56472 NULL ++global_rt_period_56476 global_rt_period 0 56476 NULL +crypto_shash_alignmask_56486 crypto_shash_alignmask 0 56486 NULL +ieee80211_rx_mgmt_probe_beacon_56491 ieee80211_rx_mgmt_probe_beacon 3 56491 NULL ++init_map_ip_56508 init_map_ip 5 56508 NULL +cfg80211_connect_result_56515 cfg80211_connect_result 4-6 56515 NULL +ip_options_get_56538 ip_options_get 4 56538 NULL +ocfs2_change_extent_flag_56549 ocfs2_change_extent_flag 5 56549 NULL @@ -100097,6 +105365,7 @@ index 0000000..7982a0c +mtdchar_write_56831 mtdchar_write 3 56831 NULL nohasharray +ntfs_rl_realloc_56831 ntfs_rl_realloc 3 56831 &mtdchar_write_56831 +snd_rawmidi_kernel_write1_56847 snd_rawmidi_kernel_write1 4 56847 NULL ++si476x_radio_read_agc_blob_56849 si476x_radio_read_agc_blob 3 56849 NULL +wb_lookup_56858 wb_lookup 2 56858 NULL +ext3_xattr_ibody_get_56880 ext3_xattr_ibody_get 0 56880 NULL +pvr2_debugifc_print_status_56890 pvr2_debugifc_print_status 3 56890 NULL @@ -100134,6 +105403,7 @@ index 0000000..7982a0c +rx_hw_stuck_read_57179 rx_hw_stuck_read 3 57179 NULL +tt3650_ci_msg_57219 tt3650_ci_msg 4 57219 NULL +dma_fifo_alloc_57236 dma_fifo_alloc 5-3-2 57236 NULL ++flush_space_57241 flush_space 3 57241 NULL +ieee80211_if_fmt_tsf_57249 ieee80211_if_fmt_tsf 3 57249 NULL +oprofilefs_ulong_from_user_57251 oprofilefs_ulong_from_user 3 57251 NULL +alloc_flex_gd_57259 alloc_flex_gd 1 57259 NULL @@ -100200,6 +105470,7 @@ index 0000000..7982a0c +nouveau_gpio_create__57735 nouveau_gpio_create_ 4-5 57735 NULL +compat_sys_set_mempolicy_57742 compat_sys_set_mempolicy 3 57742 NULL +ieee80211_if_fmt_dot11MeshHWMPpreqMinInterval_57762 ieee80211_if_fmt_dot11MeshHWMPpreqMinInterval 3 57762 NULL ++SYSC_process_vm_writev_57776 SYSC_process_vm_writev 3-5 57776 NULL +ld2_57794 ld2 0 57794 NULL +ivtv_read_57796 ivtv_read 3 57796 NULL +generic_ptrace_peekdata_57806 generic_ptrace_peekdata 2 57806 NULL @@ -100249,9 +105520,11 @@ index 0000000..7982a0c +pcim_iomap_58334 pcim_iomap 3 58334 NULL +diva_init_dma_map_58336 diva_init_dma_map 3 58336 NULL +next_pidmap_58347 next_pidmap 2 58347 NULL ++SyS_migrate_pages_58348 SyS_migrate_pages 2 58348 NULL +vmalloc_to_sg_58354 vmalloc_to_sg 2 58354 NULL +save_hint_58359 save_hint 2 58359 NULL +brcmf_debugfs_sdio_counter_read_58369 brcmf_debugfs_sdio_counter_read 3 58369 NULL ++hash_ipportnet6_expire_58379 hash_ipportnet6_expire 3 58379 NULL +il_dbgfs_status_read_58388 il_dbgfs_status_read 3 58388 NULL +kvm_mmu_write_protect_pt_masked_58406 kvm_mmu_write_protect_pt_masked 3 58406 NULL +i2400m_pld_size_58415 i2400m_pld_size 0 58415 NULL @@ -100267,10 +105540,12 @@ index 0000000..7982a0c +memblock_alloc_try_nid_58493 memblock_alloc_try_nid 1-2 58493 NULL +rndis_add_response_58544 rndis_add_response 2 58544 NULL +__clear_discard_58546 __clear_discard 2 58546 NULL ++wrap_max_58548 wrap_max 0-1-2 58548 NULL +wep_decrypt_fail_read_58567 wep_decrypt_fail_read 3 58567 NULL +sip_sprintf_addr_port_58574 sip_sprintf_addr_port 0 58574 NULL +scnprint_mac_oui_58578 scnprint_mac_oui 3-0 58578 NULL +ea_read_inline_58589 ea_read_inline 0 58589 NULL ++isku_sysfs_read_keys_thumbster_58590 isku_sysfs_read_keys_thumbster 6 58590 NULL +xip_file_read_58592 xip_file_read 3 58592 NULL +gdth_search_isa_58595 gdth_search_isa 1 58595 NULL +ebt_buf_count_58607 ebt_buf_count 0 58607 NULL @@ -100297,7 +105572,7 @@ index 0000000..7982a0c +__do_config_autodelink_58763 __do_config_autodelink 3 58763 NULL +regmap_calc_reg_len_58795 regmap_calc_reg_len 0 58795 NULL +raw_send_hdrinc_58803 raw_send_hdrinc 4 58803 NULL -+isku_sysfs_read_58806 isku_sysfs_read 6 58806 NULL ++isku_sysfs_read_58806 isku_sysfs_read 6-5 58806 NULL +ep_read_58813 ep_read 3 58813 NULL +command_write_58841 command_write 3 58841 NULL +ocfs2_truncate_log_append_58850 ocfs2_truncate_log_append 3 58850 NULL @@ -100317,6 +105592,7 @@ index 0000000..7982a0c +edac_align_ptr_59003 edac_align_ptr 0 59003 NULL +ep_write_59008 ep_write 3 59008 NULL +i915_ring_stop_write_59010 i915_ring_stop_write 3 59010 NULL ++SyS_preadv_59029 SyS_preadv 3 59029 NULL +init_pci_cap_msi_perm_59033 init_pci_cap_msi_perm 2 59033 NULL +selinux_transaction_write_59038 selinux_transaction_write 3 59038 NULL +crypto_aead_reqsize_59039 crypto_aead_reqsize 0 59039 NULL @@ -100350,8 +105626,10 @@ index 0000000..7982a0c +xfs_dir2_sf_entsize_59366 xfs_dir2_sf_entsize 0-2 59366 NULL +pvr2_debugifc_print_info_59380 pvr2_debugifc_print_info 3 59380 NULL +fc_frame_alloc_fill_59394 fc_frame_alloc_fill 2 59394 NULL ++isku_sysfs_read_keys_function_59412 isku_sysfs_read_keys_function 6 59412 NULL +vxge_hw_ring_rxds_per_block_get_59425 vxge_hw_ring_rxds_per_block_get 0 59425 NULL +squashfs_read_data_59440 squashfs_read_data 6 59440 NULL ++SyS_sched_setaffinity_59442 SyS_sched_setaffinity 2 59442 NULL +fs_path_ensure_buf_59445 fs_path_ensure_buf 2 59445 NULL +descriptor_loc_59446 descriptor_loc 3 59446 NULL +do_compat_semctl_59449 do_compat_semctl 4 59449 NULL @@ -100369,7 +105647,9 @@ index 0000000..7982a0c +ubifs_setxattr_59650 ubifs_setxattr 4 59650 NULL nohasharray +hidraw_read_59650 hidraw_read 3 59650 &ubifs_setxattr_59650 +v9fs_xattr_set_acl_59651 v9fs_xattr_set_acl 4 59651 NULL ++paravirt_sched_clock_59660 paravirt_sched_clock 0 59660 NULL +__devcgroup_check_permission_59665 __devcgroup_check_permission 0 59665 NULL ++iwl_dbgfs_mac_params_read_59666 iwl_dbgfs_mac_params_read 3 59666 NULL +alloc_dca_provider_59670 alloc_dca_provider 2 59670 NULL +can_nocow_odirect_59681 can_nocow_odirect 3 59681 NULL +sriov_enable_59689 sriov_enable 2 59689 NULL @@ -100382,6 +105662,8 @@ index 0000000..7982a0c +ext3_acl_count_59754 ext3_acl_count 0-1 59754 NULL +long_retry_limit_read_59766 long_retry_limit_read 3 59766 NULL +venus_remove_59781 venus_remove 4 59781 NULL ++mei_nfc_recv_59784 mei_nfc_recv 3 59784 NULL ++C_SYSC_preadv_59801 C_SYSC_preadv 3 59801 NULL +ipw_write_59807 ipw_write 3 59807 NULL +rtllib_wx_set_gen_ie_59808 rtllib_wx_set_gen_ie 3 59808 NULL +scsi_init_shared_tag_map_59812 scsi_init_shared_tag_map 2 59812 NULL @@ -100389,7 +105671,8 @@ index 0000000..7982a0c +gspca_dev_probe2_59833 gspca_dev_probe2 4 59833 NULL +regmap_raw_write_async_59849 regmap_raw_write_async 2-4 59849 NULL +pvr2_ioread_set_sync_key_59882 pvr2_ioread_set_sync_key 3 59882 NULL -+shmem_zero_setup_59885 shmem_zero_setup 0 59885 NULL ++shmem_zero_setup_59885 shmem_zero_setup 0 59885 NULL nohasharray ++start_transaction_59885 start_transaction 2 59885 &shmem_zero_setup_59885 +ffs_prepare_buffer_59892 ffs_prepare_buffer 2 59892 NULL +swiotlb_map_page_59909 swiotlb_map_page 3 59909 NULL +il_dbgfs_rxon_flags_read_59950 il_dbgfs_rxon_flags_read 3 59950 NULL nohasharray @@ -100420,11 +105703,13 @@ index 0000000..7982a0c +mp_register_gsi_60079 mp_register_gsi 2 60079 NULL +rxrpc_kernel_send_data_60083 rxrpc_kernel_send_data 3 60083 NULL +ieee80211_if_fmt_fwded_frames_60103 ieee80211_if_fmt_fwded_frames 3 60103 NULL ++SYSC_msgsnd_60113 SYSC_msgsnd 3 60113 NULL +ttm_bo_kmap_60118 ttm_bo_kmap 3-2 60118 NULL +jmb38x_ms_count_slots_60164 jmb38x_ms_count_slots 0 60164 NULL +init_state_60165 init_state 2 60165 NULL +sg_build_sgat_60179 sg_build_sgat 3 60179 NULL nohasharray +jffs2_alloc_full_dirent_60179 jffs2_alloc_full_dirent 1 60179 &sg_build_sgat_60179 ++fuse_async_req_send_60183 fuse_async_req_send 0-3 60183 NULL +rx_rx_tkip_replays_read_60193 rx_rx_tkip_replays_read 3 60193 NULL +svc_compat_ioctl_60194 svc_compat_ioctl 3 60194 NULL +ib_send_cm_mra_60202 ib_send_cm_mra 4 60202 NULL nohasharray @@ -100445,6 +105730,7 @@ index 0000000..7982a0c +dccp_setsockopt_60367 dccp_setsockopt 5 60367 NULL +ubi_eba_atomic_leb_change_60379 ubi_eba_atomic_leb_change 5 60379 NULL +instruction_pointer_60384 instruction_pointer 0 60384 NULL ++drop_outstanding_extent_60390 drop_outstanding_extent 0 60390 NULL +mthca_alloc_resize_buf_60394 mthca_alloc_resize_buf 3 60394 NULL +ocfs2_zero_extend_60396 ocfs2_zero_extend 3 60396 NULL +driver_names_read_60399 driver_names_read 3 60399 NULL @@ -100454,7 +105740,8 @@ index 0000000..7982a0c +tstats_write_60432 tstats_write 3 60432 NULL nohasharray +kmalloc_60432 kmalloc 1 60432 &tstats_write_60432 +tipc_buf_acquire_60437 tipc_buf_acquire 1 60437 NULL -+rx_data_60442 rx_data 4 60442 NULL ++rx_data_60442 rx_data 4 60442 NULL nohasharray ++scaled_div32_60442 scaled_div32 1-2 60442 &rx_data_60442 +tcf_csum_ipv4_igmp_60446 tcf_csum_ipv4_igmp 3 60446 NULL +snd_hda_get_num_raw_conns_60462 snd_hda_get_num_raw_conns 0 60462 NULL +crypto_shash_setkey_60483 crypto_shash_setkey 3 60483 NULL @@ -100462,6 +105749,8 @@ index 0000000..7982a0c +hysdn_sched_rx_60533 hysdn_sched_rx 3 60533 NULL +v9fs_fid_readn_60544 v9fs_fid_readn 4 60544 NULL +nonpaging_map_60551 nonpaging_map 4 60551 NULL ++nfsd_hashsize_60562 nfsd_hashsize 0 60562 NULL ++hash_net6_expire_60598 hash_net6_expire 3 60598 NULL +skb_transport_offset_60619 skb_transport_offset 0 60619 NULL +wl1273_fm_fops_write_60621 wl1273_fm_fops_write 3 60621 NULL +acl_alloc_stack_init_60630 acl_alloc_stack_init 1 60630 NULL @@ -100491,7 +105780,7 @@ index 0000000..7982a0c +hsc_msg_alloc_60990 hsc_msg_alloc 1 60990 NULL +ath6kl_lrssi_roam_read_61022 ath6kl_lrssi_roam_read 3 61022 NULL +symtab_init_61050 symtab_init 2 61050 NULL -+fuse_send_write_61053 fuse_send_write 0 61053 NULL ++fuse_send_write_61053 fuse_send_write 0-4 61053 NULL +bitmap_scnlistprintf_61062 bitmap_scnlistprintf 0-4-2 61062 NULL +ahash_align_buffer_size_61070 ahash_align_buffer_size 0-1-2 61070 NULL +get_derived_key_61100 get_derived_key 4 61100 NULL @@ -100500,17 +105789,23 @@ index 0000000..7982a0c +__probe_kernel_read_61119 __probe_kernel_read 3 61119 &p80211_headerlen_61119 +vmemmap_alloc_block_buf_61126 vmemmap_alloc_block_buf 1 61126 NULL +afs_proc_cells_write_61139 afs_proc_cells_write 3 61139 NULL ++brcmf_sdio_chip_cr4_exitdl_61143 brcmf_sdio_chip_cr4_exitdl 4 61143 NULL +__vmalloc_61168 __vmalloc 1 61168 NULL +event_oom_late_read_61175 event_oom_late_read 3 61175 NULL nohasharray +pair_device_61175 pair_device 4 61175 &event_oom_late_read_61175 +sys_lsetxattr_61177 sys_lsetxattr 4 61177 NULL ++SyS_prctl_61202 SyS_prctl 4 61202 NULL +arch_hibernation_header_save_61212 arch_hibernation_header_save 0 61212 NULL +smk_read_ambient_61220 smk_read_ambient 3 61220 NULL +btrfs_bio_alloc_61270 btrfs_bio_alloc 3 61270 NULL +vortex_adbdma_getlinearpos_61283 vortex_adbdma_getlinearpos 0 61283 NULL -+sys_add_key_61288 sys_add_key 4 61288 NULL ++sys_add_key_61288 sys_add_key 4 61288 NULL nohasharray ++nvme_trans_copy_to_user_61288 nvme_trans_copy_to_user 3 61288 &sys_add_key_61288 +ext4_issue_discard_61305 ext4_issue_discard 2 61305 NULL ++xfer_from_user_61307 xfer_from_user 3 61307 NULL ++timespec_to_ns_61317 timespec_to_ns 0 61317 NULL +xfrm_user_sec_ctx_size_61320 xfrm_user_sec_ctx_size 0 61320 NULL ++C_SYSC_msgsnd_61330 C_SYSC_msgsnd 2-3 61330 NULL +st5481_setup_isocpipes_61340 st5481_setup_isocpipes 6-4 61340 NULL +rx_rx_wa_ba_not_expected_read_61341 rx_rx_wa_ba_not_expected_read 3 61341 NULL +f1x_map_sysaddr_to_csrow_61344 f1x_map_sysaddr_to_csrow 2 61344 NULL @@ -100525,6 +105820,7 @@ index 0000000..7982a0c +btrfs_item_size_61485 btrfs_item_size 0 61485 NULL +erst_errno_61526 erst_errno 0 61526 NULL +ntfs_attr_lookup_61539 ntfs_attr_lookup 0 61539 NULL ++get_ohm_of_thermistor_61545 get_ohm_of_thermistor 2 61545 NULL +o2hb_pop_count_61553 o2hb_pop_count 2 61553 NULL +dvb_net_ioctl_61559 dvb_net_ioctl 2 61559 NULL +ieee80211_if_read_rc_rateidx_mask_2ghz_61570 ieee80211_if_read_rc_rateidx_mask_2ghz 3 61570 NULL @@ -100540,6 +105836,7 @@ index 0000000..7982a0c +ttm_page_pool_free_61661 ttm_page_pool_free 2 61661 NULL +insert_one_name_61668 insert_one_name 7 61668 NULL +lock_loop_61681 lock_loop 1 61681 NULL ++__do_tune_cpucache_61684 __do_tune_cpucache 2 61684 NULL +filter_read_61692 filter_read 3 61692 NULL +iov_length_61716 iov_length 0 61716 NULL +fragmentation_threshold_read_61718 fragmentation_threshold_read 3 61718 NULL @@ -100550,6 +105847,7 @@ index 0000000..7982a0c +bfad_debugfs_write_regwr_61841 bfad_debugfs_write_regwr 3 61841 NULL +fs_path_prepare_for_add_61854 fs_path_prepare_for_add 2 61854 NULL +evdev_compute_buffer_size_61863 evdev_compute_buffer_size 0 61863 NULL ++SYSC_lsetxattr_61869 SYSC_lsetxattr 4 61869 NULL +get_fw_name_61874 get_fw_name 3 61874 NULL +free_init_pages_61875 free_init_pages 2 61875 NULL +twl4030_sih_setup_61878 twl4030_sih_setup 3 61878 NULL @@ -100571,6 +105869,7 @@ index 0000000..7982a0c +virtnet_send_command_61993 virtnet_send_command 5-6 61993 NULL +xt_compat_match_offset_62011 xt_compat_match_offset 0 62011 NULL +jffs2_do_unlink_62020 jffs2_do_unlink 4 62020 NULL ++SYSC_select_62024 SYSC_select 1 62024 NULL +pmcraid_build_passthrough_ioadls_62034 pmcraid_build_passthrough_ioadls 2 62034 NULL +ppp_tx_cp_62044 ppp_tx_cp 5 62044 NULL +sctp_user_addto_chunk_62047 sctp_user_addto_chunk 2-3 62047 NULL @@ -100587,6 +105886,7 @@ index 0000000..7982a0c +alloc_upcall_62186 alloc_upcall 2 62186 NULL +btrfs_xattr_acl_set_62203 btrfs_xattr_acl_set 4 62203 NULL +sock_kmalloc_62205 sock_kmalloc 2 62205 NULL ++SYSC_setgroups16_62232 SYSC_setgroups16 1 62232 NULL +nfsd_read_file_62241 nfsd_read_file 6 62241 NULL +allocate_partition_62245 allocate_partition 4 62245 NULL +__qib_get_user_pages_62287 __qib_get_user_pages 1-2 62287 NULL @@ -100636,6 +105936,7 @@ index 0000000..7982a0c +init_chip_wc_pat_62768 init_chip_wc_pat 2 62768 NULL +ax25_sendmsg_62770 ax25_sendmsg 4 62770 NULL +page_key_alloc_62771 page_key_alloc 0 62771 NULL ++C_SYSC_ipc_62776 C_SYSC_ipc 5-3-6-4 62776 NULL +tracing_total_entries_read_62817 tracing_total_entries_read 3 62817 NULL +__rounddown_pow_of_two_62836 __rounddown_pow_of_two 0 62836 NULL +bio_get_nr_vecs_62838 bio_get_nr_vecs 0 62838 NULL @@ -100648,11 +105949,13 @@ index 0000000..7982a0c +if_spi_host_to_card_62890 if_spi_host_to_card 4 62890 NULL +mempool_create_slab_pool_62907 mempool_create_slab_pool 1 62907 NULL +getdqbuf_62908 getdqbuf 1 62908 NULL -+try_async_pf_62914 try_async_pf 3 62914 NULL ++try_async_pf_62914 try_async_pf 3 62914 NULL nohasharray ++SyS_remap_file_pages_62914 SyS_remap_file_pages 1 62914 &try_async_pf_62914 +agp_create_user_memory_62955 agp_create_user_memory 1 62955 NULL +__vb2_perform_fileio_63033 __vb2_perform_fileio 3 63033 NULL +pipeline_defrag_to_csum_swi_read_63037 pipeline_defrag_to_csum_swi_read 3 63037 NULL +scsi_host_alloc_63041 scsi_host_alloc 2 63041 NULL ++gso_pskb_expand_head_63052 gso_pskb_expand_head 2 63052 NULL +unlink1_63059 unlink1 3 63059 NULL +xen_set_nslabs_63066 xen_set_nslabs 0 63066 NULL +ocfs2_decrease_refcount_63078 ocfs2_decrease_refcount 3 63078 NULL @@ -100663,6 +105966,7 @@ index 0000000..7982a0c +xen_zap_pfn_range_63149 xen_zap_pfn_range 1 63149 NULL +smk_write_revoke_subj_63173 smk_write_revoke_subj 3 63173 NULL +vme_master_read_63221 vme_master_read 0 63221 NULL ++SyS_gethostname_63227 SyS_gethostname 2 63227 NULL +module_alloc_update_bounds_rw_63233 module_alloc_update_bounds_rw 1 63233 NULL +ptp_read_63251 ptp_read 4 63251 NULL +raid5_resize_63306 raid5_resize 2 63306 NULL @@ -100716,6 +106020,8 @@ index 0000000..7982a0c +kovaplus_sysfs_write_63795 kovaplus_sysfs_write 6 63795 NULL +mwifiex_11n_create_rx_reorder_tbl_63806 mwifiex_11n_create_rx_reorder_tbl 4 63806 NULL +copy_nodes_to_user_63807 copy_nodes_to_user 2 63807 NULL ++dec_zcache_eph_zbytes_63817 dec_zcache_eph_zbytes 1 63817 NULL ++prepare_copy_63826 prepare_copy 2 63826 NULL +sel_write_load_63830 sel_write_load 3 63830 NULL +proc_pid_attr_write_63845 proc_pid_attr_write 3 63845 NULL +init_map_ipmac_63896 init_map_ipmac 4-3 63896 NULL @@ -100733,19 +106039,23 @@ index 0000000..7982a0c +diva_xdi_write_63975 diva_xdi_write 4 63975 NULL +read_file_frameerrors_64001 read_file_frameerrors 3 64001 NULL +kmemdup_64015 kmemdup 2 64015 NULL ++SyS_rt_sigpending_64018 SyS_rt_sigpending 2 64018 NULL +offset_to_vaddr_64025 offset_to_vaddr 0-2 64025 NULL nohasharray +tcf_csum_skb_nextlayer_64025 tcf_csum_skb_nextlayer 3 64025 &offset_to_vaddr_64025 +dbAllocDmapLev_64030 dbAllocDmapLev 0 64030 NULL +resize_async_buffer_64031 resize_async_buffer 4 64031 NULL +sep_lli_table_secure_dma_64042 sep_lli_table_secure_dma 2-3 64042 NULL ++tfrc_calc_x_reverse_lookup_64057 tfrc_calc_x_reverse_lookup 0 64057 NULL +get_u8_64076 get_u8 0 64076 NULL +sl_realloc_bufs_64086 sl_realloc_bufs 2 64086 NULL +vmci_handle_arr_get_size_64088 vmci_handle_arr_get_size 0 64088 NULL +lbs_highrssi_read_64089 lbs_highrssi_read 3 64089 NULL ++SyS_mq_timedsend_64107 SyS_mq_timedsend 3 64107 NULL +do_load_xattr_datum_64118 do_load_xattr_datum 0 64118 NULL +ol_quota_entries_per_block_64122 ol_quota_entries_per_block 0 64122 NULL +ext4_prepare_inline_data_64124 ext4_prepare_inline_data 3 64124 NULL +init_bch_64130 init_bch 1-2 64130 NULL ++SYSC_ptrace_64136 SYSC_ptrace 3-4 64136 NULL +uea_idma_write_64139 uea_idma_write 3 64139 NULL +ablkcipher_copy_iv_64140 ablkcipher_copy_iv 3 64140 NULL +dlfb_ops_write_64150 dlfb_ops_write 3 64150 NULL @@ -100762,6 +106072,7 @@ index 0000000..7982a0c +ocfs2_block_check_validate_bhs_64302 ocfs2_block_check_validate_bhs 0 64302 NULL +error_error_bar_retry_read_64305 error_error_bar_retry_read 3 64305 NULL +ffz_64324 ffz 0 64324 NULL ++map_region_64328 map_region 1 64328 NULL +sisusbcon_clear_64329 sisusbcon_clear 4-3-5 64329 NULL +ts_write_64336 ts_write 3 64336 NULL +usbtmc_write_64340 usbtmc_write 3 64340 NULL @@ -100784,6 +106095,7 @@ index 0000000..7982a0c +read_file_spectral_short_repeat_64431 read_file_spectral_short_repeat 3 64431 &ext4_trim_extent_64431 +cap_capable_64462 cap_capable 0 64462 NULL +ip_vs_create_timeout_table_64478 ip_vs_create_timeout_table 2 64478 NULL ++single_open_size_64483 single_open_size 4 64483 NULL +p54_parse_rssical_64493 p54_parse_rssical 3 64493 NULL +msg_data_sz_64503 msg_data_sz 0 64503 NULL +remove_uuid_64505 remove_uuid 4 64505 NULL nohasharray @@ -100792,6 +106104,8 @@ index 0000000..7982a0c +opera1_usb_i2c_msgxfer_64521 opera1_usb_i2c_msgxfer 4 64521 NULL +ses_send_diag_64527 ses_send_diag 4 64527 NULL +prctl_set_mm_64538 prctl_set_mm 3 64538 NULL ++SyS_bind_64544 SyS_bind 3 64544 NULL ++rbd_obj_read_sync_64554 rbd_obj_read_sync 3-4 64554 NULL +__spi_sync_64561 __spi_sync 0 64561 NULL +__apei_exec_run_64563 __apei_exec_run 0 64563 NULL +fanotify_write_64623 fanotify_write 3 64623 NULL @@ -100812,6 +106126,7 @@ index 0000000..7982a0c +bio_map_kern_64751 bio_map_kern 3 64751 NULL +rt2x00debug_write_csr_64753 rt2x00debug_write_csr 3 64753 NULL +isr_low_rssi_read_64789 isr_low_rssi_read 3 64789 NULL ++regmap_reg_ranges_read_file_64798 regmap_reg_ranges_read_file 3 64798 NULL +nfsctl_transaction_write_64800 nfsctl_transaction_write 3 64800 NULL +megaraid_change_queue_depth_64815 megaraid_change_queue_depth 2 64815 NULL +ecryptfs_send_miscdev_64816 ecryptfs_send_miscdev 2 64816 NULL @@ -100843,10 +106158,12 @@ index 0000000..7982a0c +__alloc_bootmem_node_high_65076 __alloc_bootmem_node_high 2-3 65076 NULL +ocfs2_truncate_cluster_pages_65086 ocfs2_truncate_cluster_pages 2 65086 NULL +ath9k_dump_mci_btcoex_65090 ath9k_dump_mci_btcoex 0 65090 NULL ++C_SYSC_semctl_65091 C_SYSC_semctl 4 65091 NULL +ssb_bus_register_65183 ssb_bus_register 3 65183 NULL +rx_rx_done_read_65217 rx_rx_done_read 3 65217 NULL +print_endpoint_stat_65232 print_endpoint_stat 3-4-0 65232 NULL +whci_n_caps_65247 whci_n_caps 0 65247 NULL ++atomic_long_read_65263 atomic_long_read 0 65263 NULL +kmem_zalloc_greedy_65268 kmem_zalloc_greedy 3-2 65268 NULL +kmalloc_parameter_65279 kmalloc_parameter 1 65279 NULL +compat_core_sys_select_65285 compat_core_sys_select 1 65285 NULL @@ -100856,11 +106173,13 @@ index 0000000..7982a0c +unpack_array_65318 unpack_array 0 65318 NULL +pci_vpd_find_tag_65325 pci_vpd_find_tag 0-2 65325 NULL +dccp_setsockopt_service_65336 dccp_setsockopt_service 4 65336 NULL ++init_list_set_65351 init_list_set 2-3 65351 NULL +dma_rx_requested_read_65354 dma_rx_requested_read 3 65354 NULL +batadv_tt_save_orig_buffer_65361 batadv_tt_save_orig_buffer 4 65361 NULL +alloc_cpu_rmap_65363 alloc_cpu_rmap 1 65363 NULL +__ext4_new_inode_65370 __ext4_new_inode 5 65370 NULL -+strchr_65372 strchr 0 65372 NULL ++strchr_65372 strchr 0 65372 NULL nohasharray ++SyS_writev_65372 SyS_writev 3 65372 &strchr_65372 +__alloc_bootmem_nopanic_65397 __alloc_bootmem_nopanic 1-2 65397 NULL +trace_seq_to_user_65398 trace_seq_to_user 3 65398 NULL +mtd_get_device_size_65400 mtd_get_device_size 0 65400 NULL @@ -103608,6 +108927,32 @@ index 0000000..4fae911 + + return 0; +} +diff --git a/tools/lib/lk/Makefile b/tools/lib/lk/Makefile +index 926cbf3..b8403e0 100644 +--- a/tools/lib/lk/Makefile ++++ b/tools/lib/lk/Makefile +@@ -10,7 +10,7 @@ LIB_OBJS += $(OUTPUT)debugfs.o + + LIBFILE = liblk.a + +-CFLAGS = -ggdb3 -Wall -Wextra -std=gnu99 -Werror -O6 -D_FORTIFY_SOURCE=2 $(EXTRA_WARNINGS) $(EXTRA_CFLAGS) -fPIC ++CFLAGS = -ggdb3 -Wall -Wextra -std=gnu99 -Werror -O6 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $(EXTRA_WARNINGS) $(EXTRA_CFLAGS) -fPIC + EXTLIBS = -lpthread -lrt -lelf -lm + ALL_CFLAGS = $(CFLAGS) $(BASIC_CFLAGS) -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 + ALL_LDFLAGS = $(LDFLAGS) +diff --git a/tools/perf/Makefile b/tools/perf/Makefile +index b0f164b..63c9f7d 100644 +--- a/tools/perf/Makefile ++++ b/tools/perf/Makefile +@@ -188,7 +188,7 @@ endif + + ifndef PERF_DEBUG + ifeq ($(call try-cc,$(SOURCE_HELLO),$(CFLAGS) -D_FORTIFY_SOURCE=2,-D_FORTIFY_SOURCE=2),y) +- CFLAGS := $(CFLAGS) -D_FORTIFY_SOURCE=2 ++ CFLAGS := $(CFLAGS) -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 + endif + endif + diff --git a/tools/perf/util/include/asm/alternative-asm.h b/tools/perf/util/include/asm/alternative-asm.h index 6789d78..4afd019e 100644 --- a/tools/perf/util/include/asm/alternative-asm.h @@ -103638,7 +108983,7 @@ index 96b919d..c49bb74 100644 + #endif diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index f18013f..90421df 100644 +index 302681c..3bde377 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -75,12 +75,17 @@ LIST_HEAD(vm_list); @@ -103661,16 +109006,16 @@ index f18013f..90421df 100644 struct dentry *kvm_debugfs_dir; -@@ -769,7 +774,7 @@ int __kvm_set_memory_region(struct kvm *kvm, +@@ -766,7 +771,7 @@ int __kvm_set_memory_region(struct kvm *kvm, /* We can read the guest memory with __xxx_user() later on. */ - if (user_alloc && + if ((mem->slot < KVM_USER_MEM_SLOTS) && ((mem->userspace_addr & (PAGE_SIZE - 1)) || - !access_ok(VERIFY_WRITE, + !__access_ok(VERIFY_WRITE, (void __user *)(unsigned long)mem->userspace_addr, mem->memory_size))) goto out; -@@ -1881,7 +1886,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp) +@@ -1878,7 +1883,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp) return 0; } @@ -103679,7 +109024,7 @@ index f18013f..90421df 100644 .release = kvm_vcpu_release, .unlocked_ioctl = kvm_vcpu_ioctl, #ifdef CONFIG_COMPAT -@@ -2402,7 +2407,7 @@ static int kvm_vm_mmap(struct file *file, struct vm_area_struct *vma) +@@ -2561,7 +2566,7 @@ static int kvm_vm_mmap(struct file *file, struct vm_area_struct *vma) return 0; } @@ -103688,7 +109033,7 @@ index f18013f..90421df 100644 .release = kvm_vm_release, .unlocked_ioctl = kvm_vm_ioctl, #ifdef CONFIG_COMPAT -@@ -2500,7 +2505,7 @@ out: +@@ -2662,7 +2667,7 @@ out: return r; } @@ -103697,7 +109042,7 @@ index f18013f..90421df 100644 .unlocked_ioctl = kvm_dev_ioctl, .compat_ioctl = kvm_dev_ioctl, .llseek = noop_llseek, -@@ -2526,7 +2531,7 @@ static void hardware_enable_nolock(void *junk) +@@ -2688,7 +2693,7 @@ static void hardware_enable_nolock(void *junk) if (r) { cpumask_clear_cpu(cpu, cpus_hardware_enabled); @@ -103706,7 +109051,7 @@ index f18013f..90421df 100644 printk(KERN_INFO "kvm: enabling virtualization on " "CPU%d failed\n", cpu); } -@@ -2580,10 +2585,10 @@ static int hardware_enable_all(void) +@@ -2742,10 +2747,10 @@ static int hardware_enable_all(void) kvm_usage_count++; if (kvm_usage_count == 1) { @@ -103719,7 +109064,7 @@ index f18013f..90421df 100644 hardware_disable_all_nolock(); r = -EBUSY; } -@@ -2941,7 +2946,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, +@@ -3099,7 +3104,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, kvm_arch_vcpu_put(vcpu); } @@ -103728,7 +109073,7 @@ index f18013f..90421df 100644 struct module *module) { int r; -@@ -2977,7 +2982,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -3146,7 +3151,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (!vcpu_align) vcpu_align = __alignof__(struct kvm_vcpu); kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align, @@ -103737,7 +109082,7 @@ index f18013f..90421df 100644 if (!kvm_vcpu_cache) { r = -ENOMEM; goto out_free_3; -@@ -2987,9 +2992,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -3156,9 +3161,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (r) goto out_free; @@ -103749,7 +109094,7 @@ index f18013f..90421df 100644 r = misc_register(&kvm_dev); if (r) { -@@ -2999,9 +3006,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -3168,9 +3175,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, register_syscore_ops(&kvm_syscore_ops); -- 2.39.2