]> git.ipfire.org Git - thirdparty/grsecurity-scrape.git/blob - test/grsecurity-3.1-4.8.6-201611091800.patch
projects / thirdparty / grsecurity-scrape.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Auto commit, 1 new patch{es}.
[thirdparty/grsecurity-scrape.git] / test / grsecurity-3.1-4.8.6-201611091800.patch
1 diff --git a/Documentation/dontdiff b/Documentation/dontdiff
2 index 5385cba..607c6a0 100644
3 --- a/Documentation/dontdiff
4 +++ b/Documentation/dontdiff
5 @@ -7,6 +7,7 @@
6 *.cis
7 *.cpio
8 *.csp
9 +*.dbg
10 *.dsp
11 *.dvi
12 *.elf
13 @@ -16,6 +17,7 @@
14 *.gcov
15 *.gen.S
16 *.gif
17 +*.gmo
18 *.grep
19 *.grp
20 *.gz
21 @@ -52,14 +54,17 @@
22 *.tab.h
23 *.tex
24 *.ver
25 +*.vim
26 *.xml
27 *.xz
28 *_MODULES
29 +*_reg_safe.h
30 *_vga16.c
31 *~
32 \#*#
33 *.9
34 -.*
35 +.[^g]*
36 +.gen*
37 .*.d
38 .mm
39 53c700_d.h
40 @@ -73,9 +78,11 @@ Image
41 Module.markers
42 Module.symvers
43 PENDING
44 +PERF*
45 SCCS
46 System.map*
47 TAGS
48 +TRACEEVENT-CFLAGS
49 aconf
50 af_names.h
51 aic7*reg.h*
52 @@ -84,6 +91,7 @@ aic7*seq.h*
53 aicasm
54 aicdb.h*
55 altivec*.c
56 +ashldi3.S
57 asm-offsets.h
58 asm_offsets.h
59 autoconf.h*
60 @@ -96,11 +104,14 @@ bounds.h
61 bsetup
62 btfixupprep
63 build
64 +builtin-policy.h
65 bvmlinux
66 bzImage*
67 capability_names.h
68 capflags.c
69 classlist.h*
70 +clut_vga16.c
71 +common-cmds.h
72 comp*.log
73 compile.h*
74 conf
75 @@ -109,19 +120,23 @@ config-*
76 config_data.h*
77 config.mak
78 config.mak.autogen
79 +config.tmp
80 conmakehash
81 consolemap_deftbl.c*
82 cpustr.h
83 crc32table.h*
84 cscope.*
85 defkeymap.c
86 +devicetable-offsets.h
87 devlist.h*
88 dnotify_test
89 docproc
90 dslm
91 +dtc-lexer.lex.c
92 elf2ecoff
93 elfconfig.h*
94 evergreen_reg_safe.h
95 +exception_policy.conf
96 fixdep
97 flask.h
98 fore200e_mkfirm
99 @@ -129,12 +144,15 @@ fore200e_pca_fw.c*
100 gconf
101 gconf.glade.h
102 gen-devlist
103 +gen-kdb_cmds.c
104 gen_crc32table
105 gen_init_cpio
106 generated
107 genheaders
108 genksyms
109 *_gray256.c
110 +hash
111 +hid-example
112 hpet_example
113 hugepage-mmap
114 hugepage-shm
115 @@ -149,14 +167,14 @@ int32.c
116 int4.c
117 int8.c
118 kallsyms
119 -kconfig
120 +kern_constants.h
121 keywords.c
122 ksym.c*
123 ksym.h*
124 kxgettext
125 lex.c
126 lex.*.c
127 -linux
128 +lib1funcs.S
129 logo_*.c
130 logo_*_clut224.c
131 logo_*_mono.c
132 @@ -167,12 +185,14 @@ machtypes.h
133 map
134 map_hugetlb
135 mconf
136 +mdp
137 miboot*
138 mk_elfconfig
139 mkboot
140 mkbugboot
141 mkcpustr
142 mkdep
143 +mkpiggy
144 mkprep
145 mkregtable
146 mktables
147 @@ -188,6 +208,8 @@ oui.c*
148 page-types
149 parse.c
150 parse.h
151 +parse-events*
152 +pasyms.h
153 patches*
154 pca200e.bin
155 pca200e_ecd.bin2
156 @@ -197,6 +219,7 @@ perf-archive
157 piggyback
158 piggy.gzip
159 piggy.S
160 +pmu-*
161 pnmtologo
162 ppc_defs.h*
163 pss_boot.h
164 @@ -206,7 +229,12 @@ r200_reg_safe.h
165 r300_reg_safe.h
166 r420_reg_safe.h
167 r600_reg_safe.h
168 +randomize_layout_hash.h
169 +randomize_layout_seed.h
170 +realmode.lds
171 +realmode.relocs
172 recordmcount
173 +regdb.c
174 relocs
175 rlim_names.h
176 rn50_reg_safe.h
177 @@ -216,8 +244,17 @@ series
178 setup
179 setup.bin
180 setup.elf
181 +signing_key*
182 +aux.h
183 +disable.h
184 +e_fields.h
185 +e_fns.h
186 +e_fptrs.h
187 +e_vars.h
188 sImage
189 +slabinfo
190 sm_tbl*
191 +sortextable
192 split-include
193 syscalltab.h
194 tables.c
195 @@ -227,6 +264,7 @@ tftpboot.img
196 timeconst.h
197 times.h*
198 trix_boot.h
199 +user_constants.h
200 utsrelease.h*
201 vdso-syms.lds
202 vdso.lds
203 @@ -238,13 +276,17 @@ vdso32.lds
204 vdso32.so.dbg
205 vdso64.lds
206 vdso64.so.dbg
207 +vdsox32.lds
208 +vdsox32-syms.lds
209 version.h*
210 vmImage
211 vmlinux
212 vmlinux-*
213 vmlinux.aout
214 vmlinux.bin.all
215 +vmlinux.bin.bz2
216 vmlinux.lds
217 +vmlinux.relocs
218 vmlinuz
219 voffset.h
220 vsyscall.lds
221 @@ -252,9 +294,12 @@ vsyscall_32.lds
222 wanxlfw.inc
223 uImage
224 unifdef
225 +utsrelease.h
226 wakeup.bin
227 wakeup.elf
228 wakeup.lds
229 +x509*
230 zImage*
231 zconf.hash.c
232 +zconf.lex.c
233 zoffset.h
234 diff --git a/Documentation/kbuild/makefiles.txt b/Documentation/kbuild/makefiles.txt
235 index 385a5ef..51d7fba 100644
236 --- a/Documentation/kbuild/makefiles.txt
237 +++ b/Documentation/kbuild/makefiles.txt
238 @@ -23,10 +23,11 @@ This document describes the Linux kernel Makefiles.
239 === 4 Host Program support
240 --- 4.1 Simple Host Program
241 --- 4.2 Composite Host Programs
242 - --- 4.3 Using C++ for host programs
243 - --- 4.4 Controlling compiler options for host programs
244 - --- 4.5 When host programs are actually built
245 - --- 4.6 Using hostprogs-$(CONFIG_FOO)
246 + --- 4.3 Defining shared libraries
247 + --- 4.4 Using C++ for host programs
248 + --- 4.5 Controlling compiler options for host programs
249 + --- 4.6 When host programs are actually built
250 + --- 4.7 Using hostprogs-$(CONFIG_FOO)
251
252 === 5 Kbuild clean infrastructure
253
254 @@ -644,7 +645,29 @@ Both possibilities are described in the following.
255 Finally, the two .o files are linked to the executable, lxdialog.
256 Note: The syntax <executable>-y is not permitted for host-programs.
257
258 ---- 4.3 Using C++ for host programs
259 +--- 4.3 Defining shared libraries
260 +
261 + Objects with extension .so are considered shared libraries, and
262 + will be compiled as position independent objects.
263 + Kbuild provides support for shared libraries, but the usage
264 + shall be restricted.
265 + In the following example the libkconfig.so shared library is used
266 + to link the executable conf.
267 +
268 + Example:
269 + #scripts/kconfig/Makefile
270 + hostprogs-y := conf
271 + conf-objs := conf.o libkconfig.so
272 + libkconfig-objs := expr.o type.o
273 +
274 + Shared libraries always require a corresponding -objs line, and
275 + in the example above the shared library libkconfig is composed by
276 + the two objects expr.o and type.o.
277 + expr.o and type.o will be built as position independent code and
278 + linked as a shared library libkconfig.so. C++ is not supported for
279 + shared libraries.
280 +
281 +--- 4.4 Using C++ for host programs
282
283 kbuild offers support for host programs written in C++. This was
284 introduced solely to support kconfig, and is not recommended
285 @@ -667,7 +690,7 @@ Both possibilities are described in the following.
286 qconf-cxxobjs := qconf.o
287 qconf-objs := check.o
288
289 ---- 4.4 Controlling compiler options for host programs
290 +--- 4.5 Controlling compiler options for host programs
291
292 When compiling host programs, it is possible to set specific flags.
293 The programs will always be compiled utilising $(HOSTCC) passed
294 @@ -695,7 +718,7 @@ Both possibilities are described in the following.
295 When linking qconf, it will be passed the extra option
296 "-L$(QTDIR)/lib".
297
298 ---- 4.5 When host programs are actually built
299 +--- 4.6 When host programs are actually built
300
301 Kbuild will only build host-programs when they are referenced
302 as a prerequisite.
303 @@ -726,7 +749,7 @@ Both possibilities are described in the following.
304 This will tell kbuild to build lxdialog even if not referenced in
305 any rule.
306
307 ---- 4.6 Using hostprogs-$(CONFIG_FOO)
308 +--- 4.7 Using hostprogs-$(CONFIG_FOO)
309
310 A typical pattern in a Kbuild file looks like this:
311
312 diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
313 index 46726d4..36138ff 100644
314 --- a/Documentation/kernel-parameters.txt
315 +++ b/Documentation/kernel-parameters.txt
316 @@ -1368,6 +1368,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
317 [KNL] Should the hard-lockup detector generate
318 backtraces on all cpus.
319 Format: <integer>
320 + grsec_proc_gid= [GRKERNSEC_PROC_USERGROUP] Chooses GID to
321 + ignore grsecurity's /proc restrictions
322 +
323 + grsec_sysfs_restrict= Format: 0 | 1
324 + Default: 1
325 + Disables GRKERNSEC_SYSFS_RESTRICT if enabled in config
326
327 hashdist= [KNL,NUMA] Large hashes allocated during boot
328 are distributed across NUMA nodes. Defaults on
329 @@ -2591,6 +2597,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
330 noexec=on: enable non-executable mappings (default)
331 noexec=off: disable non-executable mappings
332
333 + nopcid [X86-64]
334 + Disable PCID (Process-Context IDentifier) even if it
335 + is supported by the processor.
336 +
337 nosmap [X86]
338 Disable SMAP (Supervisor Mode Access Prevention)
339 even if it is supported by processor.
340 @@ -2895,6 +2905,35 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
341 the specified number of seconds. This is to be used if
342 your oopses keep scrolling off the screen.
343
344 + pax_nouderef [X86] disables UDEREF. Most likely needed under certain
345 + virtualization environments that don't cope well with the
346 + expand down segment used by UDEREF on X86-32 or the frequent
347 + page table updates on X86-64.
348 +
349 + pax_sanitize_slab=
350 + Format: { 0 | 1 | off | fast | full }
351 + Options '0' and '1' are only provided for backward
352 + compatibility, 'off' or 'fast' should be used instead.
353 + 0|off : disable slab object sanitization
354 + 1|fast: enable slab object sanitization excluding
355 + whitelisted slabs (default)
356 + full : sanitize all slabs, even the whitelisted ones
357 +
358 + pax_softmode= 0/1 to disable/enable PaX softmode on boot already.
359 +
360 + pax_extra_latent_entropy
361 + Enable a very simple form of latent entropy extraction
362 + from the first 4GB of memory as the bootmem allocator
363 + passes the memory pages to the buddy allocator.
364 +
365 + pax_size_overflow_report_only
366 + Enables rate-limited logging of size_overflow plugin
367 + violations while disabling killing of the violating
368 + task.
369 +
370 + pax_weakuderef [X86-64] enables the weaker but faster form of UDEREF
371 + when the processor supports PCID.
372 +
373 pcbit= [HW,ISDN]
374
375 pcd. [PARIDE]
376 diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
377 index ffab8b5..b8fcd61 100644
378 --- a/Documentation/sysctl/kernel.txt
379 +++ b/Documentation/sysctl/kernel.txt
380 @@ -42,6 +42,7 @@ show up in /proc/sys/kernel:
381 - kptr_restrict
382 - kstack_depth_to_print [ X86 only ]
383 - l2cr [ PPC only ]
384 +- modify_ldt [ X86 only ]
385 - modprobe ==> Documentation/debugging-modules.txt
386 - modules_disabled
387 - msg_next_id [ sysv ipc ]
388 @@ -409,6 +410,20 @@ This flag controls the L2 cache of G3 processor boards. If
389
390 ==============================================================
391
392 +modify_ldt: (X86 only)
393 +
394 +Enables (1) or disables (0) the modify_ldt syscall. Modifying the LDT
395 +(Local Descriptor Table) may be needed to run a 16-bit or segmented code
396 +such as Dosemu or Wine. This is done via a system call which is not needed
397 +to run portable applications, and which can sometimes be abused to exploit
398 +some weaknesses of the architecture, opening new vulnerabilities.
399 +
400 +This sysctl allows one to increase the system's security by disabling the
401 +system call, or to restore compatibility with specific applications when it
402 +was already disabled.
403 +
404 +==============================================================
405 +
406 modules_disabled:
407
408 A toggle value indicating if modules are allowed to be loaded
409 diff --git a/Makefile b/Makefile
410 index b249529..d525945 100644
411 --- a/Makefile
412 +++ b/Makefile
413 @@ -302,7 +302,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
414 HOSTCC = gcc
415 HOSTCXX = g++
416 HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -std=gnu89
417 -HOSTCXXFLAGS = -O2
418 +HOSTCFLAGS = -W -Wno-unused-parameter -Wno-missing-field-initializers -fno-delete-null-pointer-checks
419 +HOSTCFLAGS += $(call cc-option, -Wno-empty-body)
420 +HOSTCXXFLAGS = -O2 -Wall -W -Wno-array-bounds
421
422 ifeq ($(shell $(HOSTCC) -v 2>&1 | grep -c "clang version"), 1)
423 HOSTCFLAGS += -Wno-unused-value -Wno-unused-parameter \
424 @@ -621,6 +623,8 @@ include arch/$(SRCARCH)/Makefile
425
426 KBUILD_CFLAGS += $(call cc-option,-fno-delete-null-pointer-checks,)
427 KBUILD_CFLAGS += $(call cc-disable-warning,maybe-uninitialized,)
428 +KBUILD_CFLAGS += $(call cc-option,-fno-PIE)
429 +KBUILD_AFLAGS += $(call cc-option,-fno-PIE)
430
431 ifdef CONFIG_CC_OPTIMIZE_FOR_SIZE
432 KBUILD_CFLAGS += -Os
433 @@ -715,7 +719,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g)
434 else
435 KBUILD_CFLAGS += -g
436 endif
437 -KBUILD_AFLAGS += -Wa,-gdwarf-2
438 +KBUILD_AFLAGS += -Wa,--gdwarf-2
439 endif
440 ifdef CONFIG_DEBUG_INFO_DWARF4
441 KBUILD_CFLAGS += $(call cc-option, -gdwarf-4,)
442 @@ -890,7 +894,7 @@ export mod_sign_cmd
443
444
445 ifeq ($(KBUILD_EXTMOD),)
446 -core-y += kernel/ certs/ mm/ fs/ ipc/ security/ crypto/ block/
447 +core-y += kernel/ certs/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
448
449 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
450 $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
451 @@ -1256,7 +1260,10 @@ MRPROPER_FILES += .config .config.old .version .old_version \
452 Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
453 signing_key.pem signing_key.priv signing_key.x509 \
454 x509.genkey extra_certificates signing_key.x509.keyid \
455 - signing_key.x509.signer vmlinux-gdb.py
456 + signing_key.x509.signer vmlinux-gdb.py \
457 + scripts/gcc-plugins/size_overflow_plugin/e_*.h \
458 + scripts/gcc-plugins/size_overflow_plugin/disable.h \
459 + scripts/gcc-plugins/randomize_layout_seed.h
460
461 # clean - Delete most, but leave enough to build external modules
462 #
463 @@ -1295,7 +1302,7 @@ distclean: mrproper
464 @find $(srctree) $(RCS_FIND_IGNORE) \
465 \( -name '*.orig' -o -name '*.rej' -o -name '*~' \
466 -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
467 - -o -name '.*.rej' -o -name '*%' -o -name 'core' \) \
468 + -o -name '.*.rej' -o -name '*.so' -o -name '*%' -o -name 'core' \) \
469 -type f -print | xargs rm -f
470
471
472 diff --git a/arch/Kconfig b/arch/Kconfig
473 index fd6e971..35d7bbf 100644
474 --- a/arch/Kconfig
475 +++ b/arch/Kconfig
476 @@ -355,7 +355,7 @@ config HAVE_GCC_PLUGINS
477 menuconfig GCC_PLUGINS
478 bool "GCC plugins"
479 depends on HAVE_GCC_PLUGINS
480 - depends on !COMPILE_TEST
481 + default y
482 help
483 GCC plugins are loadable modules that provide extra features to the
484 compiler. They are useful for runtime instrumentation and static analysis.
485 diff --git a/arch/alpha/include/asm/atomic.h b/arch/alpha/include/asm/atomic.h
486 index 498933a..78d2b22 100644
487 --- a/arch/alpha/include/asm/atomic.h
488 +++ b/arch/alpha/include/asm/atomic.h
489 @@ -308,4 +308,14 @@ static inline long atomic64_dec_if_positive(atomic64_t *v)
490 #define atomic_dec(v) atomic_sub(1,(v))
491 #define atomic64_dec(v) atomic64_sub(1,(v))
492
493 +#define atomic64_read_unchecked(v) atomic64_read(v)
494 +#define atomic64_set_unchecked(v, i) atomic64_set((v), (i))
495 +#define atomic64_add_unchecked(a, v) atomic64_add((a), (v))
496 +#define atomic64_add_return_unchecked(a, v) atomic64_add_return((a), (v))
497 +#define atomic64_sub_unchecked(a, v) atomic64_sub((a), (v))
498 +#define atomic64_inc_unchecked(v) atomic64_inc(v)
499 +#define atomic64_inc_return_unchecked(v) atomic64_inc_return(v)
500 +#define atomic64_dec_unchecked(v) atomic64_dec(v)
501 +#define atomic64_cmpxchg_unchecked(v, o, n) atomic64_cmpxchg((v), (o), (n))
502 +
503 #endif /* _ALPHA_ATOMIC_H */
504 diff --git a/arch/alpha/include/asm/cache.h b/arch/alpha/include/asm/cache.h
505 index ad368a9..fbe0f25 100644
506 --- a/arch/alpha/include/asm/cache.h
507 +++ b/arch/alpha/include/asm/cache.h
508 @@ -4,19 +4,19 @@
509 #ifndef __ARCH_ALPHA_CACHE_H
510 #define __ARCH_ALPHA_CACHE_H
511
512 +#include <linux/const.h>
513
514 /* Bytes per L1 (data) cache line. */
515 #if defined(CONFIG_ALPHA_GENERIC) || defined(CONFIG_ALPHA_EV6)
516 -# define L1_CACHE_BYTES 64
517 # define L1_CACHE_SHIFT 6
518 #else
519 /* Both EV4 and EV5 are write-through, read-allocate,
520 direct-mapped, physical.
521 */
522 -# define L1_CACHE_BYTES 32
523 # define L1_CACHE_SHIFT 5
524 #endif
525
526 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
527 #define SMP_CACHE_BYTES L1_CACHE_BYTES
528
529 #endif
530 diff --git a/arch/alpha/include/asm/elf.h b/arch/alpha/include/asm/elf.h
531 index 968d999..d36b2df 100644
532 --- a/arch/alpha/include/asm/elf.h
533 +++ b/arch/alpha/include/asm/elf.h
534 @@ -91,6 +91,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG];
535
536 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x1000000)
537
538 +#ifdef CONFIG_PAX_ASLR
539 +#define PAX_ELF_ET_DYN_BASE (current->personality & ADDR_LIMIT_32BIT ? 0x10000 : 0x120000000UL)
540 +
541 +#define PAX_DELTA_MMAP_LEN (current->personality & ADDR_LIMIT_32BIT ? 14 : 28)
542 +#define PAX_DELTA_STACK_LEN (current->personality & ADDR_LIMIT_32BIT ? 14 : 19)
543 +#endif
544 +
545 /* $0 is set by ld.so to a pointer to a function which might be
546 registered using atexit. This provides a mean for the dynamic
547 linker to call DT_FINI functions for shared libraries that have
548 diff --git a/arch/alpha/include/asm/pgalloc.h b/arch/alpha/include/asm/pgalloc.h
549 index c2ebb6f..93a0613 100644
550 --- a/arch/alpha/include/asm/pgalloc.h
551 +++ b/arch/alpha/include/asm/pgalloc.h
552 @@ -29,6 +29,12 @@ pgd_populate(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd)
553 pgd_set(pgd, pmd);
554 }
555
556 +static inline void
557 +pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd)
558 +{
559 + pgd_populate(mm, pgd, pmd);
560 +}
561 +
562 extern pgd_t *pgd_alloc(struct mm_struct *mm);
563
564 static inline void
565 diff --git a/arch/alpha/include/asm/pgtable.h b/arch/alpha/include/asm/pgtable.h
566 index a9a1195..e9b8417 100644
567 --- a/arch/alpha/include/asm/pgtable.h
568 +++ b/arch/alpha/include/asm/pgtable.h
569 @@ -101,6 +101,17 @@ struct vm_area_struct;
570 #define PAGE_SHARED __pgprot(_PAGE_VALID | __ACCESS_BITS)
571 #define PAGE_COPY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
572 #define PAGE_READONLY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
573 +
574 +#ifdef CONFIG_PAX_PAGEEXEC
575 +# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOE)
576 +# define PAGE_COPY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE)
577 +# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE)
578 +#else
579 +# define PAGE_SHARED_NOEXEC PAGE_SHARED
580 +# define PAGE_COPY_NOEXEC PAGE_COPY
581 +# define PAGE_READONLY_NOEXEC PAGE_READONLY
582 +#endif
583 +
584 #define PAGE_KERNEL __pgprot(_PAGE_VALID | _PAGE_ASM | _PAGE_KRE | _PAGE_KWE)
585
586 #define _PAGE_NORMAL(x) __pgprot(_PAGE_VALID | __ACCESS_BITS | (x))
587 diff --git a/arch/alpha/kernel/module.c b/arch/alpha/kernel/module.c
588 index 936bc8f..bb1859f 100644
589 --- a/arch/alpha/kernel/module.c
590 +++ b/arch/alpha/kernel/module.c
591 @@ -160,7 +160,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs, const char *strtab,
592
593 /* The small sections were sorted to the end of the segment.
594 The following should definitely cover them. */
595 - gp = (u64)me->core_layout.base + me->core_layout.size - 0x8000;
596 + gp = (u64)me->core_layout.base_rw + me->core_layout.size_rw - 0x8000;
597 got = sechdrs[me->arch.gotsecindex].sh_addr;
598
599 for (i = 0; i < n; i++) {
600 diff --git a/arch/alpha/kernel/osf_sys.c b/arch/alpha/kernel/osf_sys.c
601 index ffb93f49..ced8233 100644
602 --- a/arch/alpha/kernel/osf_sys.c
603 +++ b/arch/alpha/kernel/osf_sys.c
604 @@ -1300,10 +1300,11 @@ SYSCALL_DEFINE1(old_adjtimex, struct timex32 __user *, txc_p)
605 generic version except that we know how to honor ADDR_LIMIT_32BIT. */
606
607 static unsigned long
608 -arch_get_unmapped_area_1(unsigned long addr, unsigned long len,
609 - unsigned long limit)
610 +arch_get_unmapped_area_1(struct file *filp, unsigned long addr, unsigned long len,
611 + unsigned long limit, unsigned long flags)
612 {
613 struct vm_unmapped_area_info info;
614 + unsigned long offset = gr_rand_threadstack_offset(current->mm, filp, flags);
615
616 info.flags = 0;
617 info.length = len;
618 @@ -1311,6 +1312,7 @@ arch_get_unmapped_area_1(unsigned long addr, unsigned long len,
619 info.high_limit = limit;
620 info.align_mask = 0;
621 info.align_offset = 0;
622 + info.threadstack_offset = offset;
623 return vm_unmapped_area(&info);
624 }
625
626 @@ -1343,20 +1345,24 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
627 merely specific addresses, but regions of memory -- perhaps
628 this feature should be incorporated into all ports? */
629
630 +#ifdef CONFIG_PAX_RANDMMAP
631 + if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
632 +#endif
633 +
634 if (addr) {
635 - addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit);
636 + addr = arch_get_unmapped_area_1 (filp, PAGE_ALIGN(addr), len, limit, flags);
637 if (addr != (unsigned long) -ENOMEM)
638 return addr;
639 }
640
641 /* Next, try allocating at TASK_UNMAPPED_BASE. */
642 - addr = arch_get_unmapped_area_1 (PAGE_ALIGN(TASK_UNMAPPED_BASE),
643 - len, limit);
644 + addr = arch_get_unmapped_area_1 (filp, PAGE_ALIGN(current->mm->mmap_base), len, limit, flags);
645 +
646 if (addr != (unsigned long) -ENOMEM)
647 return addr;
648
649 /* Finally, try allocating in low memory. */
650 - addr = arch_get_unmapped_area_1 (PAGE_SIZE, len, limit);
651 + addr = arch_get_unmapped_area_1 (filp, PAGE_SIZE, len, limit, flags);
652
653 return addr;
654 }
655 diff --git a/arch/alpha/mm/fault.c b/arch/alpha/mm/fault.c
656 index 83e9eee..db02682 100644
657 --- a/arch/alpha/mm/fault.c
658 +++ b/arch/alpha/mm/fault.c
659 @@ -52,6 +52,124 @@ __load_new_mm_context(struct mm_struct *next_mm)
660 __reload_thread(pcb);
661 }
662
663 +#ifdef CONFIG_PAX_PAGEEXEC
664 +/*
665 + * PaX: decide what to do with offenders (regs->pc = fault address)
666 + *
667 + * returns 1 when task should be killed
668 + * 2 when patched PLT trampoline was detected
669 + * 3 when unpatched PLT trampoline was detected
670 + */
671 +static int pax_handle_fetch_fault(struct pt_regs *regs)
672 +{
673 +
674 +#ifdef CONFIG_PAX_EMUPLT
675 + int err;
676 +
677 + do { /* PaX: patched PLT emulation #1 */
678 + unsigned int ldah, ldq, jmp;
679 +
680 + err = get_user(ldah, (unsigned int *)regs->pc);
681 + err |= get_user(ldq, (unsigned int *)(regs->pc+4));
682 + err |= get_user(jmp, (unsigned int *)(regs->pc+8));
683 +
684 + if (err)
685 + break;
686 +
687 + if ((ldah & 0xFFFF0000U) == 0x277B0000U &&
688 + (ldq & 0xFFFF0000U) == 0xA77B0000U &&
689 + jmp == 0x6BFB0000U)
690 + {
691 + unsigned long r27, addr;
692 + unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16;
693 + unsigned long addrl = ldq | 0xFFFFFFFFFFFF0000UL;
694 +
695 + addr = regs->r27 + ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL);
696 + err = get_user(r27, (unsigned long *)addr);
697 + if (err)
698 + break;
699 +
700 + regs->r27 = r27;
701 + regs->pc = r27;
702 + return 2;
703 + }
704 + } while (0);
705 +
706 + do { /* PaX: patched PLT emulation #2 */
707 + unsigned int ldah, lda, br;
708 +
709 + err = get_user(ldah, (unsigned int *)regs->pc);
710 + err |= get_user(lda, (unsigned int *)(regs->pc+4));
711 + err |= get_user(br, (unsigned int *)(regs->pc+8));
712 +
713 + if (err)
714 + break;
715 +
716 + if ((ldah & 0xFFFF0000U) == 0x277B0000U &&
717 + (lda & 0xFFFF0000U) == 0xA77B0000U &&
718 + (br & 0xFFE00000U) == 0xC3E00000U)
719 + {
720 + unsigned long addr = br | 0xFFFFFFFFFFE00000UL;
721 + unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16;
722 + unsigned long addrl = lda | 0xFFFFFFFFFFFF0000UL;
723 +
724 + regs->r27 += ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL);
725 + regs->pc += 12 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2);
726 + return 2;
727 + }
728 + } while (0);
729 +
730 + do { /* PaX: unpatched PLT emulation */
731 + unsigned int br;
732 +
733 + err = get_user(br, (unsigned int *)regs->pc);
734 +
735 + if (!err && (br & 0xFFE00000U) == 0xC3800000U) {
736 + unsigned int br2, ldq, nop, jmp;
737 + unsigned long addr = br | 0xFFFFFFFFFFE00000UL, resolver;
738 +
739 + addr = regs->pc + 4 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2);
740 + err = get_user(br2, (unsigned int *)addr);
741 + err |= get_user(ldq, (unsigned int *)(addr+4));
742 + err |= get_user(nop, (unsigned int *)(addr+8));
743 + err |= get_user(jmp, (unsigned int *)(addr+12));
744 + err |= get_user(resolver, (unsigned long *)(addr+16));
745 +
746 + if (err)
747 + break;
748 +
749 + if (br2 == 0xC3600000U &&
750 + ldq == 0xA77B000CU &&
751 + nop == 0x47FF041FU &&
752 + jmp == 0x6B7B0000U)
753 + {
754 + regs->r28 = regs->pc+4;
755 + regs->r27 = addr+16;
756 + regs->pc = resolver;
757 + return 3;
758 + }
759 + }
760 + } while (0);
761 +#endif
762 +
763 + return 1;
764 +}
765 +
766 +void pax_report_insns(struct pt_regs *regs, void *pc, void *sp)
767 +{
768 + unsigned long i;
769 +
770 + printk(KERN_ERR "PAX: bytes at PC: ");
771 + for (i = 0; i < 5; i++) {
772 + unsigned int c;
773 + if (get_user(c, (unsigned int *)pc+i))
774 + printk(KERN_CONT "???????? ");
775 + else
776 + printk(KERN_CONT "%08x ", c);
777 + }
778 + printk("\n");
779 +}
780 +#endif
781
782 /*
783 * This routine handles page faults. It determines the address,
784 @@ -132,8 +250,29 @@ retry:
785 good_area:
786 si_code = SEGV_ACCERR;
787 if (cause < 0) {
788 - if (!(vma->vm_flags & VM_EXEC))
789 + if (!(vma->vm_flags & VM_EXEC)) {
790 +
791 +#ifdef CONFIG_PAX_PAGEEXEC
792 + if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->pc)
793 + goto bad_area;
794 +
795 + up_read(&mm->mmap_sem);
796 + switch (pax_handle_fetch_fault(regs)) {
797 +
798 +#ifdef CONFIG_PAX_EMUPLT
799 + case 2:
800 + case 3:
801 + return;
802 +#endif
803 +
804 + }
805 + pax_report_fault(regs, (void *)regs->pc, (void *)rdusp());
806 + do_group_exit(SIGKILL);
807 +#else
808 goto bad_area;
809 +#endif
810 +
811 + }
812 } else if (!cause) {
813 /* Allow reads even for write-only mappings */
814 if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
815 diff --git a/arch/arc/Kconfig b/arch/arc/Kconfig
816 index 0d3e59f..4418d65 100644
817 --- a/arch/arc/Kconfig
818 +++ b/arch/arc/Kconfig
819 @@ -541,6 +541,7 @@ config ARC_DBG_TLB_MISS_COUNT
820 bool "Profile TLB Misses"
821 default n
822 select DEBUG_FS
823 + depends on !GRKERNSEC_KMEM
824 help
825 Counts number of I and D TLB Misses and exports them via Debugfs
826 The counters can be cleared via Debugfs as well
827 diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
828 index a9c4e48..75bc9c9 100644
829 --- a/arch/arm/Kconfig
830 +++ b/arch/arm/Kconfig
831 @@ -1621,6 +1621,7 @@ config AEABI
832 config OABI_COMPAT
833 bool "Allow old ABI binaries to run with this kernel (EXPERIMENTAL)"
834 depends on AEABI && !THUMB2_KERNEL
835 + depends on !GRKERNSEC
836 help
837 This option preserves the old syscall interface along with the
838 new (ARM EABI) one. It also provides a compatibility layer to
839 @@ -1689,6 +1690,7 @@ config HIGHPTE
840 config CPU_SW_DOMAIN_PAN
841 bool "Enable use of CPU domains to implement privileged no-access"
842 depends on MMU && !ARM_LPAE
843 + depends on !PAX_KERNEXEC && !PAX_MEMORY_UDEREF
844 default y
845 help
846 Increase kernel security by ensuring that normal kernel accesses
847 @@ -1765,7 +1767,7 @@ config ALIGNMENT_TRAP
848
849 config UACCESS_WITH_MEMCPY
850 bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()"
851 - depends on MMU
852 + depends on MMU && !PAX_MEMORY_UDEREF
853 default y if CPU_FEROCEON
854 help
855 Implement faster copy_to_user and clear_user methods for CPU
856 @@ -2020,6 +2022,7 @@ config KEXEC
857 depends on (!SMP || PM_SLEEP_SMP)
858 depends on !CPU_V7M
859 select KEXEC_CORE
860 + depends on !GRKERNSEC_KMEM
861 help
862 kexec is a system call that implements the ability to shutdown your
863 current kernel, and to start another kernel. It is like a reboot
864 @@ -2064,7 +2067,7 @@ config EFI_STUB
865
866 config EFI
867 bool "UEFI runtime support"
868 - depends on OF && !CPU_BIG_ENDIAN && MMU && AUTO_ZRELADDR && !XIP_KERNEL
869 + depends on OF && !CPU_BIG_ENDIAN && MMU && AUTO_ZRELADDR && !XIP_KERNEL && !PAX_KERNEXEC
870 select UCS2_STRING
871 select EFI_PARAMS_FROM_FDT
872 select EFI_STUB
873 diff --git a/arch/arm/Kconfig.debug b/arch/arm/Kconfig.debug
874 index a9693b6..87d8936 100644
875 --- a/arch/arm/Kconfig.debug
876 +++ b/arch/arm/Kconfig.debug
877 @@ -7,6 +7,7 @@ config ARM_PTDUMP
878 depends on DEBUG_KERNEL
879 depends on MMU
880 select DEBUG_FS
881 + depends on !GRKERNSEC_KMEM
882 ---help---
883 Say Y here if you want to show the kernel pagetable layout in a
884 debugfs file. This information is only useful for kernel developers
885 diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile
886 index d50430c..01cc53b 100644
887 --- a/arch/arm/boot/compressed/Makefile
888 +++ b/arch/arm/boot/compressed/Makefile
889 @@ -103,6 +103,8 @@ ORIG_CFLAGS := $(KBUILD_CFLAGS)
890 KBUILD_CFLAGS = $(subst -pg, , $(ORIG_CFLAGS))
891 endif
892
893 +KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS))
894 +
895 # -fstack-protector-strong triggers protection checks in this code,
896 # but it is being used too early to link to meaningful stack_chk logic.
897 nossp_flags := $(call cc-option, -fno-stack-protector)
898 diff --git a/arch/arm/crypto/sha1_glue.c b/arch/arm/crypto/sha1_glue.c
899 index 6fc73bf..d0af3c7b 100644
900 --- a/arch/arm/crypto/sha1_glue.c
901 +++ b/arch/arm/crypto/sha1_glue.c
902 @@ -27,8 +27,8 @@
903
904 #include "sha1.h"
905
906 -asmlinkage void sha1_block_data_order(u32 *digest,
907 - const unsigned char *data, unsigned int rounds);
908 +asmlinkage void sha1_block_data_order(struct sha1_state *digest,
909 + const u8 *data, int rounds);
910
911 int sha1_update_arm(struct shash_desc *desc, const u8 *data,
912 unsigned int len)
913 @@ -36,22 +36,20 @@ int sha1_update_arm(struct shash_desc *desc, const u8 *data,
914 /* make sure casting to sha1_block_fn() is safe */
915 BUILD_BUG_ON(offsetof(struct sha1_state, state) != 0);
916
917 - return sha1_base_do_update(desc, data, len,
918 - (sha1_block_fn *)sha1_block_data_order);
919 + return sha1_base_do_update(desc, data, len, sha1_block_data_order);
920 }
921 EXPORT_SYMBOL_GPL(sha1_update_arm);
922
923 static int sha1_final(struct shash_desc *desc, u8 *out)
924 {
925 - sha1_base_do_finalize(desc, (sha1_block_fn *)sha1_block_data_order);
926 + sha1_base_do_finalize(desc, sha1_block_data_order);
927 return sha1_base_finish(desc, out);
928 }
929
930 int sha1_finup_arm(struct shash_desc *desc, const u8 *data,
931 unsigned int len, u8 *out)
932 {
933 - sha1_base_do_update(desc, data, len,
934 - (sha1_block_fn *)sha1_block_data_order);
935 + sha1_base_do_update(desc, data, len, sha1_block_data_order);
936 return sha1_final(desc, out);
937 }
938 EXPORT_SYMBOL_GPL(sha1_finup_arm);
939 diff --git a/arch/arm/crypto/sha1_neon_glue.c b/arch/arm/crypto/sha1_neon_glue.c
940 index 4e22f12..49902aa 100644
941 --- a/arch/arm/crypto/sha1_neon_glue.c
942 +++ b/arch/arm/crypto/sha1_neon_glue.c
943 @@ -31,8 +31,8 @@
944
945 #include "sha1.h"
946
947 -asmlinkage void sha1_transform_neon(void *state_h, const char *data,
948 - unsigned int rounds);
949 +asmlinkage void sha1_transform_neon(struct sha1_state *state_h, const u8 *data,
950 + int rounds);
951
952 static int sha1_neon_update(struct shash_desc *desc, const u8 *data,
953 unsigned int len)
954 @@ -45,7 +45,7 @@ static int sha1_neon_update(struct shash_desc *desc, const u8 *data,
955
956 kernel_neon_begin();
957 sha1_base_do_update(desc, data, len,
958 - (sha1_block_fn *)sha1_transform_neon);
959 + sha1_transform_neon);
960 kernel_neon_end();
961
962 return 0;
963 @@ -60,8 +60,8 @@ static int sha1_neon_finup(struct shash_desc *desc, const u8 *data,
964 kernel_neon_begin();
965 if (len)
966 sha1_base_do_update(desc, data, len,
967 - (sha1_block_fn *)sha1_transform_neon);
968 - sha1_base_do_finalize(desc, (sha1_block_fn *)sha1_transform_neon);
969 + sha1_transform_neon);
970 + sha1_base_do_finalize(desc, sha1_transform_neon);
971 kernel_neon_end();
972
973 return sha1_base_finish(desc, out);
974 diff --git a/arch/arm/crypto/sha256_glue.c b/arch/arm/crypto/sha256_glue.c
975 index a84e869..53a0c61 100644
976 --- a/arch/arm/crypto/sha256_glue.c
977 +++ b/arch/arm/crypto/sha256_glue.c
978 @@ -30,8 +30,8 @@
979
980 #include "sha256_glue.h"
981
982 -asmlinkage void sha256_block_data_order(u32 *digest, const void *data,
983 - unsigned int num_blks);
984 +asmlinkage void sha256_block_data_order(struct sha256_state *digest, const u8 *data,
985 + int num_blks);
986
987 int crypto_sha256_arm_update(struct shash_desc *desc, const u8 *data,
988 unsigned int len)
989 @@ -39,23 +39,20 @@ int crypto_sha256_arm_update(struct shash_desc *desc, const u8 *data,
990 /* make sure casting to sha256_block_fn() is safe */
991 BUILD_BUG_ON(offsetof(struct sha256_state, state) != 0);
992
993 - return sha256_base_do_update(desc, data, len,
994 - (sha256_block_fn *)sha256_block_data_order);
995 + return sha256_base_do_update(desc, data, len, sha256_block_data_order);
996 }
997 EXPORT_SYMBOL(crypto_sha256_arm_update);
998
999 static int sha256_final(struct shash_desc *desc, u8 *out)
1000 {
1001 - sha256_base_do_finalize(desc,
1002 - (sha256_block_fn *)sha256_block_data_order);
1003 + sha256_base_do_finalize(desc, sha256_block_data_order);
1004 return sha256_base_finish(desc, out);
1005 }
1006
1007 int crypto_sha256_arm_finup(struct shash_desc *desc, const u8 *data,
1008 unsigned int len, u8 *out)
1009 {
1010 - sha256_base_do_update(desc, data, len,
1011 - (sha256_block_fn *)sha256_block_data_order);
1012 + sha256_base_do_update(desc, data, len, sha256_block_data_order);
1013 return sha256_final(desc, out);
1014 }
1015 EXPORT_SYMBOL(crypto_sha256_arm_finup);
1016 diff --git a/arch/arm/crypto/sha256_neon_glue.c b/arch/arm/crypto/sha256_neon_glue.c
1017 index 39ccd65..f9511cb 100644
1018 --- a/arch/arm/crypto/sha256_neon_glue.c
1019 +++ b/arch/arm/crypto/sha256_neon_glue.c
1020 @@ -26,8 +26,8 @@
1021
1022 #include "sha256_glue.h"
1023
1024 -asmlinkage void sha256_block_data_order_neon(u32 *digest, const void *data,
1025 - unsigned int num_blks);
1026 +asmlinkage void sha256_block_data_order_neon(struct sha256_state *digest, const u8 *data,
1027 + int num_blks);
1028
1029 static int sha256_update(struct shash_desc *desc, const u8 *data,
1030 unsigned int len)
1031 @@ -39,8 +39,7 @@ static int sha256_update(struct shash_desc *desc, const u8 *data,
1032 return crypto_sha256_arm_update(desc, data, len);
1033
1034 kernel_neon_begin();
1035 - sha256_base_do_update(desc, data, len,
1036 - (sha256_block_fn *)sha256_block_data_order_neon);
1037 + sha256_base_do_update(desc, data, len, sha256_block_data_order_neon);
1038 kernel_neon_end();
1039
1040 return 0;
1041 @@ -54,10 +53,8 @@ static int sha256_finup(struct shash_desc *desc, const u8 *data,
1042
1043 kernel_neon_begin();
1044 if (len)
1045 - sha256_base_do_update(desc, data, len,
1046 - (sha256_block_fn *)sha256_block_data_order_neon);
1047 - sha256_base_do_finalize(desc,
1048 - (sha256_block_fn *)sha256_block_data_order_neon);
1049 + sha256_base_do_update(desc, data, len, sha256_block_data_order_neon);
1050 + sha256_base_do_finalize(desc, sha256_block_data_order_neon);
1051 kernel_neon_end();
1052
1053 return sha256_base_finish(desc, out);
1054 diff --git a/arch/arm/crypto/sha512-glue.c b/arch/arm/crypto/sha512-glue.c
1055 index 269a394..c7a91f1 100644
1056 --- a/arch/arm/crypto/sha512-glue.c
1057 +++ b/arch/arm/crypto/sha512-glue.c
1058 @@ -28,27 +28,24 @@ MODULE_ALIAS_CRYPTO("sha512");
1059 MODULE_ALIAS_CRYPTO("sha384-arm");
1060 MODULE_ALIAS_CRYPTO("sha512-arm");
1061
1062 -asmlinkage void sha512_block_data_order(u64 *state, u8 const *src, int blocks);
1063 +asmlinkage void sha512_block_data_order(struct sha512_state *state, u8 const *src, int blocks);
1064
1065 int sha512_arm_update(struct shash_desc *desc, const u8 *data,
1066 unsigned int len)
1067 {
1068 - return sha512_base_do_update(desc, data, len,
1069 - (sha512_block_fn *)sha512_block_data_order);
1070 + return sha512_base_do_update(desc, data, len, sha512_block_data_order);
1071 }
1072
1073 int sha512_arm_final(struct shash_desc *desc, u8 *out)
1074 {
1075 - sha512_base_do_finalize(desc,
1076 - (sha512_block_fn *)sha512_block_data_order);
1077 + sha512_base_do_finalize(desc, sha512_block_data_order);
1078 return sha512_base_finish(desc, out);
1079 }
1080
1081 int sha512_arm_finup(struct shash_desc *desc, const u8 *data,
1082 unsigned int len, u8 *out)
1083 {
1084 - sha512_base_do_update(desc, data, len,
1085 - (sha512_block_fn *)sha512_block_data_order);
1086 + sha512_base_do_update(desc, data, len, sha512_block_data_order);
1087 return sha512_arm_final(desc, out);
1088 }
1089
1090 diff --git a/arch/arm/crypto/sha512-neon-glue.c b/arch/arm/crypto/sha512-neon-glue.c
1091 index 3269368..9fcbc00 100644
1092 --- a/arch/arm/crypto/sha512-neon-glue.c
1093 +++ b/arch/arm/crypto/sha512-neon-glue.c
1094 @@ -22,7 +22,7 @@
1095 MODULE_ALIAS_CRYPTO("sha384-neon");
1096 MODULE_ALIAS_CRYPTO("sha512-neon");
1097
1098 -asmlinkage void sha512_block_data_order_neon(u64 *state, u8 const *src,
1099 +asmlinkage void sha512_block_data_order_neon(struct sha512_state *state, u8 const *src,
1100 int blocks);
1101
1102 static int sha512_neon_update(struct shash_desc *desc, const u8 *data,
1103 @@ -35,8 +35,7 @@ static int sha512_neon_update(struct shash_desc *desc, const u8 *data,
1104 return sha512_arm_update(desc, data, len);
1105
1106 kernel_neon_begin();
1107 - sha512_base_do_update(desc, data, len,
1108 - (sha512_block_fn *)sha512_block_data_order_neon);
1109 + sha512_base_do_update(desc, data, len, sha512_block_data_order_neon);
1110 kernel_neon_end();
1111
1112 return 0;
1113 @@ -50,10 +49,8 @@ static int sha512_neon_finup(struct shash_desc *desc, const u8 *data,
1114
1115 kernel_neon_begin();
1116 if (len)
1117 - sha512_base_do_update(desc, data, len,
1118 - (sha512_block_fn *)sha512_block_data_order_neon);
1119 - sha512_base_do_finalize(desc,
1120 - (sha512_block_fn *)sha512_block_data_order_neon);
1121 + sha512_base_do_update(desc, data, len, sha512_block_data_order_neon);
1122 + sha512_base_do_finalize(desc, sha512_block_data_order_neon);
1123 kernel_neon_end();
1124
1125 return sha512_base_finish(desc, out);
1126 diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
1127 index 66d0e21..8fa3237 100644
1128 --- a/arch/arm/include/asm/atomic.h
1129 +++ b/arch/arm/include/asm/atomic.h
1130 @@ -18,17 +18,41 @@
1131 #include <asm/barrier.h>
1132 #include <asm/cmpxchg.h>
1133
1134 +#ifdef CONFIG_GENERIC_ATOMIC64
1135 +#include <asm-generic/atomic64.h>
1136 +#endif
1137 +
1138 #define ATOMIC_INIT(i) { (i) }
1139
1140 #ifdef __KERNEL__
1141
1142 +#ifdef CONFIG_THUMB2_KERNEL
1143 +#define REFCOUNT_TRAP_INSN "bkpt 0xf1"
1144 +#else
1145 +#define REFCOUNT_TRAP_INSN "bkpt 0xf103"
1146 +#endif
1147 +
1148 +#define _ASM_EXTABLE(from, to) \
1149 +" .pushsection __ex_table,\"a\"\n"\
1150 +" .align 3\n" \
1151 +" .long " #from ", " #to"\n" \
1152 +" .popsection"
1153 +
1154 /*
1155 * On ARM, ordinary assignment (str instruction) doesn't clear the local
1156 * strex/ldrex monitor on some implementations. The reason we can use it for
1157 * atomic_set() is the clrex or dummy strex done on every exception return.
1158 */
1159 #define atomic_read(v) READ_ONCE((v)->counter)
1160 +static inline int atomic_read_unchecked(const atomic_unchecked_t *v)
1161 +{
1162 + return READ_ONCE(v->counter);
1163 +}
1164 #define atomic_set(v,i) WRITE_ONCE(((v)->counter), (i))
1165 +static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i)
1166 +{
1167 + WRITE_ONCE(v->counter, i);
1168 +}
1169
1170 #if __LINUX_ARM_ARCH__ >= 6
1171
1172 @@ -38,45 +62,74 @@
1173 * to ensure that the update happens.
1174 */
1175
1176 -#define ATOMIC_OP(op, c_op, asm_op) \
1177 -static inline void atomic_##op(int i, atomic_t *v) \
1178 +#ifdef CONFIG_PAX_REFCOUNT
1179 +#define __OVERFLOW_POST \
1180 + " bvc 3f\n" \
1181 + "2: " REFCOUNT_TRAP_INSN "\n"\
1182 + "3:\n"
1183 +#define __OVERFLOW_POST_RETURN \
1184 + " bvc 3f\n" \
1185 + " mov %1, %0\n" \
1186 + "2: " REFCOUNT_TRAP_INSN "\n"\
1187 + "3:\n"
1188 +#define __OVERFLOW_EXTABLE \
1189 + "4:\n" \
1190 + _ASM_EXTABLE(2b, 4b)
1191 +#else
1192 +#define __OVERFLOW_POST
1193 +#define __OVERFLOW_POST_RETURN
1194 +#define __OVERFLOW_EXTABLE
1195 +#endif
1196 +
1197 +#define __ATOMIC_OP(op, suffix, c_op, asm_op) \
1198 +static inline void atomic_##op##suffix(int i, atomic##suffix##_t *v) \
1199 { \
1200 unsigned long tmp; \
1201 int result; \
1202 \
1203 prefetchw(&v->counter); \
1204 - __asm__ __volatile__("@ atomic_" #op "\n" \
1205 + __asm__ __volatile__("@ atomic_" #op #suffix "\n" \
1206 "1: ldrex %0, [%3]\n" \
1207 " " #asm_op " %0, %0, %4\n" \
1208 + __OVERFLOW_POST \
1209 " strex %1, %0, [%3]\n" \
1210 " teq %1, #0\n" \
1211 -" bne 1b" \
1212 +" bne 1b\n" \
1213 + __OVERFLOW_EXTABLE \
1214 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) \
1215 : "r" (&v->counter), "Ir" (i) \
1216 : "cc"); \
1217 } \
1218
1219 -#define ATOMIC_OP_RETURN(op, c_op, asm_op) \
1220 -static inline int atomic_##op##_return_relaxed(int i, atomic_t *v) \
1221 +#define ATOMIC_OP(op, c_op, asm_op) __ATOMIC_OP(op, _unchecked, c_op, asm_op)\
1222 + __ATOMIC_OP(op, , c_op, asm_op##s)
1223 +
1224 +#define __ATOMIC_OP_RETURN(op, suffix, c_op, asm_op) \
1225 +static inline int atomic_##op##_return##suffix##_relaxed(int i, atomic##suffix##_t *v)\
1226 { \
1227 - unsigned long tmp; \
1228 + int tmp; \
1229 int result; \
1230 \
1231 prefetchw(&v->counter); \
1232 \
1233 - __asm__ __volatile__("@ atomic_" #op "_return\n" \
1234 + __asm__ __volatile__("@ atomic_" #op "_return" #suffix "\n" \
1235 "1: ldrex %0, [%3]\n" \
1236 -" " #asm_op " %0, %0, %4\n" \
1237 -" strex %1, %0, [%3]\n" \
1238 -" teq %1, #0\n" \
1239 -" bne 1b" \
1240 - : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) \
1241 +" " #asm_op " %1, %0, %4\n" \
1242 + __OVERFLOW_POST_RETURN \
1243 +" strex %0, %1, [%3]\n" \
1244 +" teq %0, #0\n" \
1245 +" bne 1b\n" \
1246 + __OVERFLOW_EXTABLE \
1247 + : "=&r" (tmp), "=&r" (result), "+Qo" (v->counter) \
1248 : "r" (&v->counter), "Ir" (i) \
1249 : "cc"); \
1250 \
1251 return result; \
1252 }
1253
1254 +#define ATOMIC_OP_RETURN(op, c_op, asm_op) __ATOMIC_OP_RETURN(op, _unchecked, c_op, asm_op)\
1255 + __ATOMIC_OP_RETURN(op, , c_op, asm_op##s)
1256 +
1257 #define ATOMIC_FETCH_OP(op, c_op, asm_op) \
1258 static inline int atomic_fetch_##op##_relaxed(int i, atomic_t *v) \
1259 { \
1260 @@ -99,6 +152,7 @@ static inline int atomic_fetch_##op##_relaxed(int i, atomic_t *v) \
1261 }
1262
1263 #define atomic_add_return_relaxed atomic_add_return_relaxed
1264 +#define atomic_add_return_unchecked_relaxed atomic_add_return_unchecked_relaxed
1265 #define atomic_sub_return_relaxed atomic_sub_return_relaxed
1266 #define atomic_fetch_add_relaxed atomic_fetch_add_relaxed
1267 #define atomic_fetch_sub_relaxed atomic_fetch_sub_relaxed
1268 @@ -141,12 +195,17 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
1269 __asm__ __volatile__ ("@ atomic_add_unless\n"
1270 "1: ldrex %0, [%4]\n"
1271 " teq %0, %5\n"
1272 -" beq 2f\n"
1273 -" add %1, %0, %6\n"
1274 +" beq 4f\n"
1275 +" adds %1, %0, %6\n"
1276 +
1277 + __OVERFLOW_POST
1278 +
1279 " strex %2, %1, [%4]\n"
1280 " teq %2, #0\n"
1281 " bne 1b\n"
1282 -"2:"
1283 +
1284 + __OVERFLOW_EXTABLE
1285 +
1286 : "=&r" (oldval), "=&r" (newval), "=&r" (tmp), "+Qo" (v->counter)
1287 : "r" (&v->counter), "r" (u), "r" (a)
1288 : "cc");
1289 @@ -157,14 +216,36 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
1290 return oldval;
1291 }
1292
1293 +static inline int atomic_cmpxchg_unchecked(atomic_unchecked_t *ptr, int old, int new)
1294 +{
1295 + unsigned long oldval, res;
1296 +
1297 + smp_mb();
1298 +
1299 + do {
1300 + __asm__ __volatile__("@ atomic_cmpxchg_unchecked\n"
1301 + "ldrex %1, [%3]\n"
1302 + "mov %0, #0\n"
1303 + "teq %1, %4\n"
1304 + "strexeq %0, %5, [%3]\n"
1305 + : "=&r" (res), "=&r" (oldval), "+Qo" (ptr->counter)
1306 + : "r" (&ptr->counter), "Ir" (old), "r" (new)
1307 + : "cc");
1308 + } while (res);
1309 +
1310 + smp_mb();
1311 +
1312 + return oldval;
1313 +}
1314 +
1315 #else /* ARM_ARCH_6 */
1316
1317 #ifdef CONFIG_SMP
1318 #error SMP not supported on pre-ARMv6 CPUs
1319 #endif
1320
1321 -#define ATOMIC_OP(op, c_op, asm_op) \
1322 -static inline void atomic_##op(int i, atomic_t *v) \
1323 +#define __ATOMIC_OP(op, suffix, c_op, asm_op) \
1324 +static inline void atomic_##op##suffix(int i, atomic##suffix##_t *v) \
1325 { \
1326 unsigned long flags; \
1327 \
1328 @@ -173,8 +254,11 @@ static inline void atomic_##op(int i, atomic_t *v) \
1329 raw_local_irq_restore(flags); \
1330 } \
1331
1332 -#define ATOMIC_OP_RETURN(op, c_op, asm_op) \
1333 -static inline int atomic_##op##_return(int i, atomic_t *v) \
1334 +#define ATOMIC_OP(op, c_op, asm_op) __ATOMIC_OP(op, , c_op, asm_op) \
1335 + __ATOMIC_OP(op, _unchecked, c_op, asm_op)
1336 +
1337 +#define __ATOMIC_OP_RETURN(op, suffix, c_op, asm_op) \
1338 +static inline int atomic_##op##_return##suffix(int i, atomic##suffix##_t *v)\
1339 { \
1340 unsigned long flags; \
1341 int val; \
1342 @@ -201,6 +285,9 @@ static inline int atomic_fetch_##op(int i, atomic_t *v) \
1343 return val; \
1344 }
1345
1346 +#define ATOMIC_OP_RETURN(op, c_op, asm_op) __ATOMIC_OP_RETURN(op, , c_op, asm_op)\
1347 + __ATOMIC_OP_RETURN(op, _unchecked, c_op, asm_op)
1348 +
1349 static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
1350 {
1351 int ret;
1352 @@ -215,6 +302,11 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
1353 return ret;
1354 }
1355
1356 +static inline int atomic_cmpxchg_unchecked(atomic_unchecked_t *v, int old, int new)
1357 +{
1358 + return atomic_cmpxchg((atomic_t *)v, old, new);
1359 +}
1360 +
1361 static inline int __atomic_add_unless(atomic_t *v, int a, int u)
1362 {
1363 int c, old;
1364 @@ -250,16 +342,29 @@ ATOMIC_OPS(xor, ^=, eor)
1365 #undef ATOMIC_OPS
1366 #undef ATOMIC_FETCH_OP
1367 #undef ATOMIC_OP_RETURN
1368 +#undef __ATOMIC_OP_RETURN
1369 #undef ATOMIC_OP
1370 +#undef __ATOMIC_OP
1371
1372 #define atomic_xchg(v, new) (xchg(&((v)->counter), new))
1373 +#define atomic_xchg_unchecked(v, new) (xchg_unchecked(&((v)->counter), new))
1374
1375 #define atomic_inc(v) atomic_add(1, v)
1376 +static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
1377 +{
1378 + atomic_add_unchecked(1, v);
1379 +}
1380 #define atomic_dec(v) atomic_sub(1, v)
1381 +static inline void atomic_dec_unchecked(atomic_unchecked_t *v)
1382 +{
1383 + atomic_sub_unchecked(1, v);
1384 +}
1385
1386 #define atomic_inc_and_test(v) (atomic_add_return(1, v) == 0)
1387 +#define atomic_inc_and_test_unchecked(v) (atomic_add_return_unchecked(1, v) == 0)
1388 #define atomic_dec_and_test(v) (atomic_sub_return(1, v) == 0)
1389 #define atomic_inc_return_relaxed(v) (atomic_add_return_relaxed(1, v))
1390 +#define atomic_inc_return_unchecked_relaxed(v) (atomic_add_return_unchecked_relaxed(1, v))
1391 #define atomic_dec_return_relaxed(v) (atomic_sub_return_relaxed(1, v))
1392 #define atomic_sub_and_test(i, v) (atomic_sub_return(i, v) == 0)
1393
1394 @@ -270,6 +375,14 @@ typedef struct {
1395 long long counter;
1396 } atomic64_t;
1397
1398 +#ifdef CONFIG_PAX_REFCOUNT
1399 +typedef struct {
1400 + long long counter;
1401 +} atomic64_unchecked_t;
1402 +#else
1403 +typedef atomic64_t atomic64_unchecked_t;
1404 +#endif
1405 +
1406 #define ATOMIC64_INIT(i) { (i) }
1407
1408 #ifdef CONFIG_ARM_LPAE
1409 @@ -286,6 +399,19 @@ static inline long long atomic64_read(const atomic64_t *v)
1410 return result;
1411 }
1412
1413 +static inline long long atomic64_read_unchecked(const atomic64_unchecked_t *v)
1414 +{
1415 + long long result;
1416 +
1417 + __asm__ __volatile__("@ atomic64_read_unchecked\n"
1418 +" ldrd %0, %H0, [%1]"
1419 + : "=&r" (result)
1420 + : "r" (&v->counter), "Qo" (v->counter)
1421 + );
1422 +
1423 + return result;
1424 +}
1425 +
1426 static inline void atomic64_set(atomic64_t *v, long long i)
1427 {
1428 __asm__ __volatile__("@ atomic64_set\n"
1429 @@ -294,6 +420,15 @@ static inline void atomic64_set(atomic64_t *v, long long i)
1430 : "r" (&v->counter), "r" (i)
1431 );
1432 }
1433 +
1434 +static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, long long i)
1435 +{
1436 + __asm__ __volatile__("@ atomic64_set_unchecked\n"
1437 +" strd %2, %H2, [%1]"
1438 + : "=Qo" (v->counter)
1439 + : "r" (&v->counter), "r" (i)
1440 + );
1441 +}
1442 #else
1443 static inline long long atomic64_read(const atomic64_t *v)
1444 {
1445 @@ -308,6 +443,19 @@ static inline long long atomic64_read(const atomic64_t *v)
1446 return result;
1447 }
1448
1449 +static inline long long atomic64_read_unchecked(const atomic64_unchecked_t *v)
1450 +{
1451 + long long result;
1452 +
1453 + __asm__ __volatile__("@ atomic64_read_unchecked\n"
1454 +" ldrexd %0, %H0, [%1]"
1455 + : "=&r" (result)
1456 + : "r" (&v->counter), "Qo" (v->counter)
1457 + );
1458 +
1459 + return result;
1460 +}
1461 +
1462 static inline void atomic64_set(atomic64_t *v, long long i)
1463 {
1464 long long tmp;
1465 @@ -322,50 +470,82 @@ static inline void atomic64_set(atomic64_t *v, long long i)
1466 : "r" (&v->counter), "r" (i)
1467 : "cc");
1468 }
1469 +
1470 +static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, long long i)
1471 +{
1472 + long long tmp;
1473 +
1474 + prefetchw(&v->counter);
1475 + __asm__ __volatile__("@ atomic64_set_unchecked\n"
1476 +"1: ldrexd %0, %H0, [%2]\n"
1477 +" strexd %0, %3, %H3, [%2]\n"
1478 +" teq %0, #0\n"
1479 +" bne 1b"
1480 + : "=&r" (tmp), "=Qo" (v->counter)
1481 + : "r" (&v->counter), "r" (i)
1482 + : "cc");
1483 +}
1484 #endif
1485
1486 -#define ATOMIC64_OP(op, op1, op2) \
1487 -static inline void atomic64_##op(long long i, atomic64_t *v) \
1488 +#define __OVERFLOW_POST_RETURN64 \
1489 + " bvc 3f\n" \
1490 +" mov %Q1, %Q0\n" \
1491 +" mov %R1, %R0\n" \
1492 + "2: " REFCOUNT_TRAP_INSN "\n"\
1493 + "3:\n"
1494 +
1495 +#define __ATOMIC64_OP(op, suffix, op1, op2) \
1496 +static inline void atomic64_##op##suffix(long long i, atomic64##suffix##_t *v)\
1497 { \
1498 long long result; \
1499 unsigned long tmp; \
1500 \
1501 prefetchw(&v->counter); \
1502 - __asm__ __volatile__("@ atomic64_" #op "\n" \
1503 + __asm__ __volatile__("@ atomic64_" #op #suffix "\n" \
1504 "1: ldrexd %0, %H0, [%3]\n" \
1505 " " #op1 " %Q0, %Q0, %Q4\n" \
1506 " " #op2 " %R0, %R0, %R4\n" \
1507 + __OVERFLOW_POST \
1508 " strexd %1, %0, %H0, [%3]\n" \
1509 " teq %1, #0\n" \
1510 -" bne 1b" \
1511 +" bne 1b\n" \
1512 + __OVERFLOW_EXTABLE \
1513 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) \
1514 : "r" (&v->counter), "r" (i) \
1515 : "cc"); \
1516 } \
1517
1518 -#define ATOMIC64_OP_RETURN(op, op1, op2) \
1519 +#define ATOMIC64_OP(op, op1, op2) __ATOMIC64_OP(op, _unchecked, op1, op2) \
1520 + __ATOMIC64_OP(op, , op1, op2##s)
1521 +
1522 +#define __ATOMIC64_OP_RETURN(op, suffix, op1, op2) \
1523 static inline long long \
1524 -atomic64_##op##_return_relaxed(long long i, atomic64_t *v) \
1525 +atomic64_##op##_return##suffix##_relaxed(long long i, atomic64##suffix##_t *v) \
1526 { \
1527 long long result; \
1528 - unsigned long tmp; \
1529 + long long tmp; \
1530 \
1531 prefetchw(&v->counter); \
1532 \
1533 - __asm__ __volatile__("@ atomic64_" #op "_return\n" \
1534 + __asm__ __volatile__("@ atomic64_" #op "_return" #suffix "\n" \
1535 "1: ldrexd %0, %H0, [%3]\n" \
1536 -" " #op1 " %Q0, %Q0, %Q4\n" \
1537 -" " #op2 " %R0, %R0, %R4\n" \
1538 -" strexd %1, %0, %H0, [%3]\n" \
1539 -" teq %1, #0\n" \
1540 -" bne 1b" \
1541 - : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) \
1542 +" " #op1 " %Q1, %Q0, %Q4\n" \
1543 +" " #op2 " %R1, %R0, %R4\n" \
1544 + __OVERFLOW_POST_RETURN64 \
1545 +" strexd %0, %1, %H1, [%3]\n" \
1546 +" teq %0, #0\n" \
1547 +" bne 1b\n" \
1548 + __OVERFLOW_EXTABLE \
1549 + : "=&r" (tmp), "=&r" (result), "+Qo" (v->counter) \
1550 : "r" (&v->counter), "r" (i) \
1551 : "cc"); \
1552 \
1553 return result; \
1554 }
1555
1556 +#define ATOMIC64_OP_RETURN(op, op1, op2) __ATOMIC64_OP_RETURN(op, _unchecked, op1, op2) \
1557 + __ATOMIC64_OP_RETURN(op, , op1, op2##s)
1558 +
1559 #define ATOMIC64_FETCH_OP(op, op1, op2) \
1560 static inline long long \
1561 atomic64_fetch_##op##_relaxed(long long i, atomic64_t *v) \
1562 @@ -398,6 +578,7 @@ ATOMIC64_OPS(add, adds, adc)
1563 ATOMIC64_OPS(sub, subs, sbc)
1564
1565 #define atomic64_add_return_relaxed atomic64_add_return_relaxed
1566 +#define atomic64_add_return_unchecked_relaxed atomic64_add_return_unchecked_relaxed
1567 #define atomic64_sub_return_relaxed atomic64_sub_return_relaxed
1568 #define atomic64_fetch_add_relaxed atomic64_fetch_add_relaxed
1569 #define atomic64_fetch_sub_relaxed atomic64_fetch_sub_relaxed
1570 @@ -422,7 +603,10 @@ ATOMIC64_OPS(xor, eor, eor)
1571 #undef ATOMIC64_OPS
1572 #undef ATOMIC64_FETCH_OP
1573 #undef ATOMIC64_OP_RETURN
1574 +#undef __ATOMIC64_OP_RETURN
1575 #undef ATOMIC64_OP
1576 +#undef __ATOMIC64_OP
1577 +#undef __OVERFLOW_POST_RETURN
1578
1579 static inline long long
1580 atomic64_cmpxchg_relaxed(atomic64_t *ptr, long long old, long long new)
1581 @@ -448,6 +632,13 @@ atomic64_cmpxchg_relaxed(atomic64_t *ptr, long long old, long long new)
1582 }
1583 #define atomic64_cmpxchg_relaxed atomic64_cmpxchg_relaxed
1584
1585 +static inline long long
1586 +atomic64_cmpxchg_unchecked_relaxed(atomic64_unchecked_t *ptr, long long old, long long new)
1587 +{
1588 + return atomic64_cmpxchg_relaxed((atomic64_t *)ptr, old, new);
1589 +}
1590 +#define atomic64_cmpxchg_unchecked_relaxed atomic64_cmpxchg_unchecked_relaxed
1591 +
1592 static inline long long atomic64_xchg_relaxed(atomic64_t *ptr, long long new)
1593 {
1594 long long result;
1595 @@ -468,25 +659,36 @@ static inline long long atomic64_xchg_relaxed(atomic64_t *ptr, long long new)
1596 }
1597 #define atomic64_xchg_relaxed atomic64_xchg_relaxed
1598
1599 +static inline long long atomic64_xchg_unchecked_relaxed(atomic64_unchecked_t *ptr, long long new)
1600 +{
1601 + return atomic64_xchg_relaxed((atomic64_t *)ptr, new);
1602 +}
1603 +#define atomic64_xchg_unchecked_relaxed atomic64_xchg_unchecked_relaxed
1604 +
1605 static inline long long atomic64_dec_if_positive(atomic64_t *v)
1606 {
1607 long long result;
1608 - unsigned long tmp;
1609 + u64 tmp;
1610
1611 smp_mb();
1612 prefetchw(&v->counter);
1613
1614 __asm__ __volatile__("@ atomic64_dec_if_positive\n"
1615 "1: ldrexd %0, %H0, [%3]\n"
1616 -" subs %Q0, %Q0, #1\n"
1617 -" sbc %R0, %R0, #0\n"
1618 -" teq %R0, #0\n"
1619 -" bmi 2f\n"
1620 -" strexd %1, %0, %H0, [%3]\n"
1621 -" teq %1, #0\n"
1622 +" subs %Q1, %Q0, #1\n"
1623 +" sbcs %R1, %R0, #0\n"
1624 +
1625 + __OVERFLOW_POST_RETURN64
1626 +
1627 +" teq %R1, #0\n"
1628 +" bmi 4f\n"
1629 +" strexd %0, %1, %H1, [%3]\n"
1630 +" teq %0, #0\n"
1631 " bne 1b\n"
1632 -"2:"
1633 - : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
1634 +
1635 + __OVERFLOW_EXTABLE
1636 +
1637 + : "=&r" (tmp), "=&r" (result), "+Qo" (v->counter)
1638 : "r" (&v->counter)
1639 : "cc");
1640
1641 @@ -509,13 +711,18 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
1642 " teq %0, %5\n"
1643 " teqeq %H0, %H5\n"
1644 " moveq %1, #0\n"
1645 -" beq 2f\n"
1646 +" beq 4f\n"
1647 " adds %Q0, %Q0, %Q6\n"
1648 -" adc %R0, %R0, %R6\n"
1649 +" adcs %R0, %R0, %R6\n"
1650 +
1651 + __OVERFLOW_POST
1652 +
1653 " strexd %2, %0, %H0, [%4]\n"
1654 " teq %2, #0\n"
1655 " bne 1b\n"
1656 -"2:"
1657 +
1658 + __OVERFLOW_EXTABLE
1659 +
1660 : "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter)
1661 : "r" (&v->counter), "r" (u), "r" (a)
1662 : "cc");
1663 @@ -526,12 +733,19 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
1664 return ret;
1665 }
1666
1667 +#undef __OVERFLOW_EXTABLE
1668 +#undef __OVERFLOW_POST_RETURN64
1669 +#undef __OVERFLOW_POST
1670 +
1671 #define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0)
1672 #define atomic64_inc(v) atomic64_add(1LL, (v))
1673 +#define atomic64_inc_unchecked(v) atomic64_add_unchecked(1LL, (v))
1674 #define atomic64_inc_return_relaxed(v) atomic64_add_return_relaxed(1LL, (v))
1675 +#define atomic64_inc_return_unchecked_relaxed(v) atomic64_add_return_unchecked_relaxed(1LL, (v))
1676 #define atomic64_inc_and_test(v) (atomic64_inc_return(v) == 0)
1677 #define atomic64_sub_and_test(a, v) (atomic64_sub_return((a), (v)) == 0)
1678 #define atomic64_dec(v) atomic64_sub(1LL, (v))
1679 +#define atomic64_dec_unchecked(v) atomic64_sub_unchecked(1LL, (v))
1680 #define atomic64_dec_return_relaxed(v) atomic64_sub_return_relaxed(1LL, (v))
1681 #define atomic64_dec_and_test(v) (atomic64_dec_return((v)) == 0)
1682 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1LL, 0LL)
1683 diff --git a/arch/arm/include/asm/cache.h b/arch/arm/include/asm/cache.h
1684 index 75fe66b..2255c86 100644
1685 --- a/arch/arm/include/asm/cache.h
1686 +++ b/arch/arm/include/asm/cache.h
1687 @@ -4,8 +4,10 @@
1688 #ifndef __ASMARM_CACHE_H
1689 #define __ASMARM_CACHE_H
1690
1691 +#include <linux/const.h>
1692 +
1693 #define L1_CACHE_SHIFT CONFIG_ARM_L1_CACHE_SHIFT
1694 -#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
1695 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
1696
1697 /*
1698 * Memory returned by kmalloc() may be used for DMA, so we must make
1699 diff --git a/arch/arm/include/asm/cacheflush.h b/arch/arm/include/asm/cacheflush.h
1700 index 9156fc3..0521e3e 100644
1701 --- a/arch/arm/include/asm/cacheflush.h
1702 +++ b/arch/arm/include/asm/cacheflush.h
1703 @@ -116,7 +116,7 @@ struct cpu_cache_fns {
1704 void (*dma_unmap_area)(const void *, size_t, int);
1705
1706 void (*dma_flush_range)(const void *, const void *);
1707 -};
1708 +} __no_const __no_randomize_layout;
1709
1710 /*
1711 * Select the calling method
1712 diff --git a/arch/arm/include/asm/checksum.h b/arch/arm/include/asm/checksum.h
1713 index 524692f..a8871ec 100644
1714 --- a/arch/arm/include/asm/checksum.h
1715 +++ b/arch/arm/include/asm/checksum.h
1716 @@ -37,7 +37,19 @@ __wsum
1717 csum_partial_copy_nocheck(const void *src, void *dst, int len, __wsum sum);
1718
1719 __wsum
1720 -csum_partial_copy_from_user(const void __user *src, void *dst, int len, __wsum sum, int *err_ptr);
1721 +__csum_partial_copy_from_user(const void __user *src, void *dst, int len, __wsum sum, int *err_ptr);
1722 +
1723 +static inline __wsum
1724 +csum_partial_copy_from_user(const void __user *src, void *dst, int len, __wsum sum, int *err_ptr)
1725 +{
1726 + __wsum ret;
1727 + pax_open_userland();
1728 + ret = __csum_partial_copy_from_user(src, dst, len, sum, err_ptr);
1729 + pax_close_userland();
1730 + return ret;
1731 +}
1732 +
1733 +
1734
1735 /*
1736 * Fold a partial checksum without adding pseudo headers
1737 diff --git a/arch/arm/include/asm/cmpxchg.h b/arch/arm/include/asm/cmpxchg.h
1738 index 97882f9..ff9d6ac 100644
1739 --- a/arch/arm/include/asm/cmpxchg.h
1740 +++ b/arch/arm/include/asm/cmpxchg.h
1741 @@ -117,6 +117,10 @@ static inline unsigned long __xchg(unsigned long x, volatile void *ptr, int size
1742 (__typeof__(*(ptr)))__xchg((unsigned long)(x), (ptr), \
1743 sizeof(*(ptr))); \
1744 })
1745 +#define xchg_unchecked_relaxed(ptr, x) ({ \
1746 + (__typeof__(*(ptr)))__xchg((unsigned long)(x), (ptr), \
1747 + sizeof(*(ptr))); \
1748 +})
1749
1750 #include <asm-generic/cmpxchg-local.h>
1751
1752 @@ -128,6 +132,7 @@ static inline unsigned long __xchg(unsigned long x, volatile void *ptr, int size
1753 #endif
1754
1755 #define xchg xchg_relaxed
1756 +#define xchg_unchecked xchg_unchecked_relaxed
1757
1758 /*
1759 * cmpxchg_local and cmpxchg64_local are atomic wrt current CPU. Always make
1760 diff --git a/arch/arm/include/asm/cpuidle.h b/arch/arm/include/asm/cpuidle.h
1761 index baefe1d..29cb35a 100644
1762 --- a/arch/arm/include/asm/cpuidle.h
1763 +++ b/arch/arm/include/asm/cpuidle.h
1764 @@ -32,7 +32,7 @@ struct device_node;
1765 struct cpuidle_ops {
1766 int (*suspend)(unsigned long arg);
1767 int (*init)(struct device_node *, int cpu);
1768 -};
1769 +} __no_const;
1770
1771 struct of_cpuidle_method {
1772 const char *method;
1773 diff --git a/arch/arm/include/asm/domain.h b/arch/arm/include/asm/domain.h
1774 index 99d9f63..ec44cb5 100644
1775 --- a/arch/arm/include/asm/domain.h
1776 +++ b/arch/arm/include/asm/domain.h
1777 @@ -42,7 +42,6 @@
1778 #define DOMAIN_USER 1
1779 #define DOMAIN_IO 0
1780 #endif
1781 -#define DOMAIN_VECTORS 3
1782
1783 /*
1784 * Domain types
1785 @@ -51,9 +50,28 @@
1786 #define DOMAIN_CLIENT 1
1787 #ifdef CONFIG_CPU_USE_DOMAINS
1788 #define DOMAIN_MANAGER 3
1789 +#define DOMAIN_VECTORS 3
1790 +#define DOMAIN_USERCLIENT DOMAIN_CLIENT
1791 #else
1792 +
1793 +#ifdef CONFIG_PAX_KERNEXEC
1794 #define DOMAIN_MANAGER 1
1795 +#define DOMAIN_KERNEXEC 3
1796 +#else
1797 +#define DOMAIN_MANAGER 1
1798 +#endif
1799 +
1800 +#ifdef CONFIG_PAX_MEMORY_UDEREF
1801 +#define DOMAIN_USERCLIENT 0
1802 +#define DOMAIN_UDEREF 1
1803 +#define DOMAIN_VECTORS DOMAIN_KERNEL
1804 +#else
1805 +#define DOMAIN_USERCLIENT 1
1806 +#define DOMAIN_VECTORS DOMAIN_USER
1807 +#endif
1808 +
1809 #endif
1810 +#define DOMAIN_KERNELCLIENT 1
1811
1812 #define domain_mask(dom) ((3) << (2 * (dom)))
1813 #define domain_val(dom,type) ((type) << (2 * (dom)))
1814 @@ -62,13 +80,19 @@
1815 #define DACR_INIT \
1816 (domain_val(DOMAIN_USER, DOMAIN_NOACCESS) | \
1817 domain_val(DOMAIN_KERNEL, DOMAIN_MANAGER) | \
1818 - domain_val(DOMAIN_IO, DOMAIN_CLIENT) | \
1819 + domain_val(DOMAIN_IO, DOMAIN_KERNELCLIENT) | \
1820 domain_val(DOMAIN_VECTORS, DOMAIN_CLIENT))
1821 +#elif defined(CONFIG_PAX_MEMORY_UDEREF)
1822 + /* DOMAIN_VECTORS is defined to DOMAIN_KERNEL */
1823 +#define DACR_INIT \
1824 + (domain_val(DOMAIN_USER, DOMAIN_USERCLIENT) | \
1825 + domain_val(DOMAIN_KERNEL, DOMAIN_MANAGER) | \
1826 + domain_val(DOMAIN_IO, DOMAIN_KERNELCLIENT))
1827 #else
1828 #define DACR_INIT \
1829 - (domain_val(DOMAIN_USER, DOMAIN_CLIENT) | \
1830 + (domain_val(DOMAIN_USER, DOMAIN_USERCLIENT) | \
1831 domain_val(DOMAIN_KERNEL, DOMAIN_MANAGER) | \
1832 - domain_val(DOMAIN_IO, DOMAIN_CLIENT) | \
1833 + domain_val(DOMAIN_IO, DOMAIN_KERNELCLIENT) | \
1834 domain_val(DOMAIN_VECTORS, DOMAIN_CLIENT))
1835 #endif
1836
1837 @@ -124,6 +148,17 @@ static inline void set_domain(unsigned val)
1838 set_domain(domain); \
1839 } while (0)
1840
1841 +#elif defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
1842 +#define modify_domain(dom,type) \
1843 + do { \
1844 + struct thread_info *thread = current_thread_info(); \
1845 + unsigned int domain = get_domain(); \
1846 + domain &= ~domain_mask(dom); \
1847 + domain = domain | domain_val(dom, type); \
1848 + thread->cpu_domain = domain; \
1849 + set_domain(domain); \
1850 + } while (0)
1851 +
1852 #else
1853 static inline void modify_domain(unsigned dom, unsigned type) { }
1854 #endif
1855 diff --git a/arch/arm/include/asm/elf.h b/arch/arm/include/asm/elf.h
1856 index d2315ff..f60b47b 100644
1857 --- a/arch/arm/include/asm/elf.h
1858 +++ b/arch/arm/include/asm/elf.h
1859 @@ -117,7 +117,14 @@ int dump_task_regs(struct task_struct *t, elf_gregset_t *elfregs);
1860 the loader. We need to make sure that it is out of the way of the program
1861 that it will "exec", and that there is sufficient room for the brk. */
1862
1863 -#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
1864 +#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
1865 +
1866 +#ifdef CONFIG_PAX_ASLR
1867 +#define PAX_ELF_ET_DYN_BASE 0x00008000UL
1868 +
1869 +#define PAX_DELTA_MMAP_LEN ((current->personality == PER_LINUX_32BIT) ? 16 : 10)
1870 +#define PAX_DELTA_STACK_LEN ((current->personality == PER_LINUX_32BIT) ? 16 : 10)
1871 +#endif
1872
1873 /* When the program starts, a1 contains a pointer to a function to be
1874 registered with atexit, as per the SVR4 ABI. A value of 0 means we
1875 diff --git a/arch/arm/include/asm/fncpy.h b/arch/arm/include/asm/fncpy.h
1876 index de53547..52b9a28 100644
1877 --- a/arch/arm/include/asm/fncpy.h
1878 +++ b/arch/arm/include/asm/fncpy.h
1879 @@ -81,7 +81,9 @@
1880 BUG_ON((uintptr_t)(dest_buf) & (FNCPY_ALIGN - 1) || \
1881 (__funcp_address & ~(uintptr_t)1 & (FNCPY_ALIGN - 1))); \
1882 \
1883 + pax_open_kernel(); \
1884 memcpy(dest_buf, (void const *)(__funcp_address & ~1), size); \
1885 + pax_close_kernel(); \
1886 flush_icache_range((unsigned long)(dest_buf), \
1887 (unsigned long)(dest_buf) + (size)); \
1888 \
1889 diff --git a/arch/arm/include/asm/futex.h b/arch/arm/include/asm/futex.h
1890 index 6795368..6c4d749 100644
1891 --- a/arch/arm/include/asm/futex.h
1892 +++ b/arch/arm/include/asm/futex.h
1893 @@ -107,6 +107,7 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
1894 return -EFAULT;
1895
1896 preempt_disable();
1897 +
1898 __ua_flags = uaccess_save_and_enable();
1899 __asm__ __volatile__("@futex_atomic_cmpxchg_inatomic\n"
1900 "1: " TUSER(ldr) " %1, [%4]\n"
1901 diff --git a/arch/arm/include/asm/kmap_types.h b/arch/arm/include/asm/kmap_types.h
1902 index 83eb2f7..ed77159 100644
1903 --- a/arch/arm/include/asm/kmap_types.h
1904 +++ b/arch/arm/include/asm/kmap_types.h
1905 @@ -4,6 +4,6 @@
1906 /*
1907 * This is the "bare minimum". AIO seems to require this.
1908 */
1909 -#define KM_TYPE_NR 16
1910 +#define KM_TYPE_NR 17
1911
1912 #endif
1913 diff --git a/arch/arm/include/asm/mach/dma.h b/arch/arm/include/asm/mach/dma.h
1914 index 9e614a1..3302cca 100644
1915 --- a/arch/arm/include/asm/mach/dma.h
1916 +++ b/arch/arm/include/asm/mach/dma.h
1917 @@ -22,7 +22,7 @@ struct dma_ops {
1918 int (*residue)(unsigned int, dma_t *); /* optional */
1919 int (*setspeed)(unsigned int, dma_t *, int); /* optional */
1920 const char *type;
1921 -};
1922 +} __do_const;
1923
1924 struct dma_struct {
1925 void *addr; /* single DMA address */
1926 diff --git a/arch/arm/include/asm/mach/map.h b/arch/arm/include/asm/mach/map.h
1927 index 9b7c328..2dfe68b 100644
1928 --- a/arch/arm/include/asm/mach/map.h
1929 +++ b/arch/arm/include/asm/mach/map.h
1930 @@ -23,17 +23,19 @@ struct map_desc {
1931
1932 /* types 0-3 are defined in asm/io.h */
1933 enum {
1934 - MT_UNCACHED = 4,
1935 - MT_CACHECLEAN,
1936 - MT_MINICLEAN,
1937 + MT_UNCACHED_RW = 4,
1938 + MT_CACHECLEAN_RO,
1939 + MT_MINICLEAN_RO,
1940 MT_LOW_VECTORS,
1941 MT_HIGH_VECTORS,
1942 - MT_MEMORY_RWX,
1943 + __MT_MEMORY_RWX,
1944 MT_MEMORY_RW,
1945 - MT_ROM,
1946 - MT_MEMORY_RWX_NONCACHED,
1947 + MT_MEMORY_RX,
1948 + MT_ROM_RX,
1949 + MT_MEMORY_RW_NONCACHED,
1950 + MT_MEMORY_RX_NONCACHED,
1951 MT_MEMORY_RW_DTCM,
1952 - MT_MEMORY_RWX_ITCM,
1953 + MT_MEMORY_RX_ITCM,
1954 MT_MEMORY_RW_SO,
1955 MT_MEMORY_DMA_READY,
1956 };
1957 diff --git a/arch/arm/include/asm/outercache.h b/arch/arm/include/asm/outercache.h
1958 index c2bf24f..69e437c 100644
1959 --- a/arch/arm/include/asm/outercache.h
1960 +++ b/arch/arm/include/asm/outercache.h
1961 @@ -39,7 +39,7 @@ struct outer_cache_fns {
1962 /* This is an ARM L2C thing */
1963 void (*write_sec)(unsigned long, unsigned);
1964 void (*configure)(const struct l2x0_regs *);
1965 -};
1966 +} __no_const;
1967
1968 extern struct outer_cache_fns outer_cache;
1969
1970 diff --git a/arch/arm/include/asm/page.h b/arch/arm/include/asm/page.h
1971 index 4355f0e..cd9168e 100644
1972 --- a/arch/arm/include/asm/page.h
1973 +++ b/arch/arm/include/asm/page.h
1974 @@ -23,6 +23,7 @@
1975
1976 #else
1977
1978 +#include <linux/compiler.h>
1979 #include <asm/glue.h>
1980
1981 /*
1982 @@ -114,7 +115,7 @@ struct cpu_user_fns {
1983 void (*cpu_clear_user_highpage)(struct page *page, unsigned long vaddr);
1984 void (*cpu_copy_user_highpage)(struct page *to, struct page *from,
1985 unsigned long vaddr, struct vm_area_struct *vma);
1986 -};
1987 +} __no_const;
1988
1989 #ifdef MULTI_USER
1990 extern struct cpu_user_fns cpu_user;
1991 diff --git a/arch/arm/include/asm/pgalloc.h b/arch/arm/include/asm/pgalloc.h
1992 index b2902a5..da11e4d 100644
1993 --- a/arch/arm/include/asm/pgalloc.h
1994 +++ b/arch/arm/include/asm/pgalloc.h
1995 @@ -17,6 +17,7 @@
1996 #include <asm/processor.h>
1997 #include <asm/cacheflush.h>
1998 #include <asm/tlbflush.h>
1999 +#include <asm/system_info.h>
2000
2001 #define check_pgt_cache() do { } while (0)
2002
2003 @@ -43,6 +44,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
2004 set_pud(pud, __pud(__pa(pmd) | PMD_TYPE_TABLE));
2005 }
2006
2007 +static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
2008 +{
2009 + pud_populate(mm, pud, pmd);
2010 +}
2011 +
2012 #else /* !CONFIG_ARM_LPAE */
2013
2014 /*
2015 @@ -51,6 +57,7 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
2016 #define pmd_alloc_one(mm,addr) ({ BUG(); ((pmd_t *)2); })
2017 #define pmd_free(mm, pmd) do { } while (0)
2018 #define pud_populate(mm,pmd,pte) BUG()
2019 +#define pud_populate_kernel(mm,pmd,pte) BUG()
2020
2021 #endif /* CONFIG_ARM_LPAE */
2022
2023 @@ -128,6 +135,19 @@ static inline void pte_free(struct mm_struct *mm, pgtable_t pte)
2024 __free_page(pte);
2025 }
2026
2027 +static inline void __section_update(pmd_t *pmdp, unsigned long addr, pmdval_t prot)
2028 +{
2029 +#ifdef CONFIG_ARM_LPAE
2030 + pmdp[0] = __pmd(pmd_val(pmdp[0]) | prot);
2031 +#else
2032 + if (addr & SECTION_SIZE)
2033 + pmdp[1] = __pmd(pmd_val(pmdp[1]) | prot);
2034 + else
2035 + pmdp[0] = __pmd(pmd_val(pmdp[0]) | prot);
2036 +#endif
2037 + flush_pmd_entry(pmdp);
2038 +}
2039 +
2040 static inline void __pmd_populate(pmd_t *pmdp, phys_addr_t pte,
2041 pmdval_t prot)
2042 {
2043 diff --git a/arch/arm/include/asm/pgtable-2level-hwdef.h b/arch/arm/include/asm/pgtable-2level-hwdef.h
2044 index 3f82e9d..2a85e8b 100644
2045 --- a/arch/arm/include/asm/pgtable-2level-hwdef.h
2046 +++ b/arch/arm/include/asm/pgtable-2level-hwdef.h
2047 @@ -28,7 +28,7 @@
2048 /*
2049 * - section
2050 */
2051 -#define PMD_SECT_PXN (_AT(pmdval_t, 1) << 0) /* v7 */
2052 +#define PMD_SECT_PXN (_AT(pmdval_t, 1) << 0) /* v7 */
2053 #define PMD_SECT_BUFFERABLE (_AT(pmdval_t, 1) << 2)
2054 #define PMD_SECT_CACHEABLE (_AT(pmdval_t, 1) << 3)
2055 #define PMD_SECT_XN (_AT(pmdval_t, 1) << 4) /* v6 */
2056 @@ -40,6 +40,7 @@
2057 #define PMD_SECT_nG (_AT(pmdval_t, 1) << 17) /* v6 */
2058 #define PMD_SECT_SUPER (_AT(pmdval_t, 1) << 18) /* v6 */
2059 #define PMD_SECT_AF (_AT(pmdval_t, 0))
2060 +#define PMD_SECT_RDONLY (_AT(pmdval_t, 0))
2061
2062 #define PMD_SECT_UNCACHED (_AT(pmdval_t, 0))
2063 #define PMD_SECT_BUFFERED (PMD_SECT_BUFFERABLE)
2064 @@ -70,6 +71,7 @@
2065 * - extended small page/tiny page
2066 */
2067 #define PTE_EXT_XN (_AT(pteval_t, 1) << 0) /* v6 */
2068 +#define PTE_EXT_PXN (_AT(pteval_t, 1) << 2) /* v7 */
2069 #define PTE_EXT_AP_MASK (_AT(pteval_t, 3) << 4)
2070 #define PTE_EXT_AP0 (_AT(pteval_t, 1) << 4)
2071 #define PTE_EXT_AP1 (_AT(pteval_t, 2) << 4)
2072 diff --git a/arch/arm/include/asm/pgtable-2level.h b/arch/arm/include/asm/pgtable-2level.h
2073 index 92fd2c8..061dae1 100644
2074 --- a/arch/arm/include/asm/pgtable-2level.h
2075 +++ b/arch/arm/include/asm/pgtable-2level.h
2076 @@ -127,6 +127,9 @@
2077 #define L_PTE_SHARED (_AT(pteval_t, 1) << 10) /* shared(v6), coherent(xsc3) */
2078 #define L_PTE_NONE (_AT(pteval_t, 1) << 11)
2079
2080 +/* Two-level page tables only have PXN in the PGD, not in the PTE. */
2081 +#define L_PTE_PXN (_AT(pteval_t, 0))
2082 +
2083 /*
2084 * These are the memory types, defined to be compatible with
2085 * pre-ARMv6 CPUs cacheable and bufferable bits: n/a,n/a,C,B
2086 diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h
2087 index 2a029bc..a0524c7 100644
2088 --- a/arch/arm/include/asm/pgtable-3level.h
2089 +++ b/arch/arm/include/asm/pgtable-3level.h
2090 @@ -80,6 +80,7 @@
2091 #define L_PTE_USER (_AT(pteval_t, 1) << 6) /* AP[1] */
2092 #define L_PTE_SHARED (_AT(pteval_t, 3) << 8) /* SH[1:0], inner shareable */
2093 #define L_PTE_YOUNG (_AT(pteval_t, 1) << 10) /* AF */
2094 +#define L_PTE_PXN (_AT(pteval_t, 1) << 53) /* PXN */
2095 #define L_PTE_XN (_AT(pteval_t, 1) << 54) /* XN */
2096 #define L_PTE_DIRTY (_AT(pteval_t, 1) << 55)
2097 #define L_PTE_SPECIAL (_AT(pteval_t, 1) << 56)
2098 @@ -90,10 +91,12 @@
2099 #define L_PMD_SECT_DIRTY (_AT(pmdval_t, 1) << 55)
2100 #define L_PMD_SECT_NONE (_AT(pmdval_t, 1) << 57)
2101 #define L_PMD_SECT_RDONLY (_AT(pteval_t, 1) << 58)
2102 +#define PMD_SECT_RDONLY PMD_SECT_AP2
2103
2104 /*
2105 * To be used in assembly code with the upper page attributes.
2106 */
2107 +#define L_PTE_PXN_HIGH (1 << (53 - 32))
2108 #define L_PTE_XN_HIGH (1 << (54 - 32))
2109 #define L_PTE_DIRTY_HIGH (1 << (55 - 32))
2110
2111 diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h
2112 index a8d656d..2febb8a 100644
2113 --- a/arch/arm/include/asm/pgtable.h
2114 +++ b/arch/arm/include/asm/pgtable.h
2115 @@ -33,6 +33,9 @@
2116 #include <asm/pgtable-2level.h>
2117 #endif
2118
2119 +#define ktla_ktva(addr) (addr)
2120 +#define ktva_ktla(addr) (addr)
2121 +
2122 /*
2123 * Just any arbitrary offset to the start of the vmalloc VM area: the
2124 * current 8MB value just means that there will be a 8MB "hole" after the
2125 @@ -48,6 +51,9 @@
2126 #define LIBRARY_TEXT_START 0x0c000000
2127
2128 #ifndef __ASSEMBLY__
2129 +extern pteval_t __supported_pte_mask;
2130 +extern pmdval_t __supported_pmd_mask;
2131 +
2132 extern void __pte_error(const char *file, int line, pte_t);
2133 extern void __pmd_error(const char *file, int line, pmd_t);
2134 extern void __pgd_error(const char *file, int line, pgd_t);
2135 @@ -56,6 +62,48 @@ extern void __pgd_error(const char *file, int line, pgd_t);
2136 #define pmd_ERROR(pmd) __pmd_error(__FILE__, __LINE__, pmd)
2137 #define pgd_ERROR(pgd) __pgd_error(__FILE__, __LINE__, pgd)
2138
2139 +#define __HAVE_ARCH_PAX_OPEN_KERNEL
2140 +#define __HAVE_ARCH_PAX_CLOSE_KERNEL
2141 +
2142 +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
2143 +#include <asm/domain.h>
2144 +#include <linux/thread_info.h>
2145 +#include <linux/preempt.h>
2146 +
2147 +static inline int test_domain(int domain, int domaintype)
2148 +{
2149 + return ((current_thread_info()->cpu_domain) & domain_val(domain, 3)) == domain_val(domain, domaintype);
2150 +}
2151 +#endif
2152 +
2153 +#ifdef CONFIG_PAX_KERNEXEC
2154 +static inline unsigned long pax_open_kernel(void) {
2155 +#ifdef CONFIG_ARM_LPAE
2156 + /* TODO */
2157 +#else
2158 + preempt_disable();
2159 + BUG_ON(test_domain(DOMAIN_KERNEL, DOMAIN_KERNEXEC));
2160 + modify_domain(DOMAIN_KERNEL, DOMAIN_KERNEXEC);
2161 +#endif
2162 + return 0;
2163 +}
2164 +
2165 +static inline unsigned long pax_close_kernel(void) {
2166 +#ifdef CONFIG_ARM_LPAE
2167 + /* TODO */
2168 +#else
2169 + BUG_ON(test_domain(DOMAIN_KERNEL, DOMAIN_MANAGER));
2170 + /* DOMAIN_MANAGER = "client" under KERNEXEC */
2171 + modify_domain(DOMAIN_KERNEL, DOMAIN_MANAGER);
2172 + preempt_enable_no_resched();
2173 +#endif
2174 + return 0;
2175 +}
2176 +#else
2177 +static inline unsigned long pax_open_kernel(void) { return 0; }
2178 +static inline unsigned long pax_close_kernel(void) { return 0; }
2179 +#endif
2180 +
2181 /*
2182 * This is the lowest virtual address we can permit any user space
2183 * mapping to be mapped at. This is particularly important for
2184 @@ -75,8 +123,8 @@ extern void __pgd_error(const char *file, int line, pgd_t);
2185 /*
2186 * The pgprot_* and protection_map entries will be fixed up in runtime
2187 * to include the cachable and bufferable bits based on memory policy,
2188 - * as well as any architecture dependent bits like global/ASID and SMP
2189 - * shared mapping bits.
2190 + * as well as any architecture dependent bits like global/ASID, PXN,
2191 + * and SMP shared mapping bits.
2192 */
2193 #define _L_PTE_DEFAULT L_PTE_PRESENT | L_PTE_YOUNG
2194
2195 @@ -308,7 +356,7 @@ static inline pte_t pte_mknexec(pte_t pte)
2196 static inline pte_t pte_modify(pte_t pte, pgprot_t newprot)
2197 {
2198 const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER |
2199 - L_PTE_NONE | L_PTE_VALID;
2200 + L_PTE_NONE | L_PTE_VALID | __supported_pte_mask;
2201 pte_val(pte) = (pte_val(pte) & ~mask) | (pgprot_val(newprot) & mask);
2202 return pte;
2203 }
2204 diff --git a/arch/arm/include/asm/smp.h b/arch/arm/include/asm/smp.h
2205 index 3d6dc8b..1262ad3 100644
2206 --- a/arch/arm/include/asm/smp.h
2207 +++ b/arch/arm/include/asm/smp.h
2208 @@ -108,7 +108,7 @@ struct smp_operations {
2209 int (*cpu_disable)(unsigned int cpu);
2210 #endif
2211 #endif
2212 -};
2213 +} __no_const;
2214
2215 struct of_cpu_method {
2216 const char *method;
2217 diff --git a/arch/arm/include/asm/string.h b/arch/arm/include/asm/string.h
2218 index cf4f3aa..8f2f2d9 100644
2219 --- a/arch/arm/include/asm/string.h
2220 +++ b/arch/arm/include/asm/string.h
2221 @@ -7,19 +7,19 @@
2222 */
2223
2224 #define __HAVE_ARCH_STRRCHR
2225 -extern char * strrchr(const char * s, int c);
2226 +extern char * strrchr(const char * s, int c) __nocapture(-1);
2227
2228 #define __HAVE_ARCH_STRCHR
2229 -extern char * strchr(const char * s, int c);
2230 +extern char * strchr(const char * s, int c) __nocapture(-1);
2231
2232 #define __HAVE_ARCH_MEMCPY
2233 -extern void * memcpy(void *, const void *, __kernel_size_t);
2234 +extern void * memcpy(void *, const void *, __kernel_size_t) __nocapture(2);
2235
2236 #define __HAVE_ARCH_MEMMOVE
2237 -extern void * memmove(void *, const void *, __kernel_size_t);
2238 +extern void * memmove(void *, const void *, __kernel_size_t) __nocapture(2);
2239
2240 #define __HAVE_ARCH_MEMCHR
2241 -extern void * memchr(const void *, int, __kernel_size_t);
2242 +extern void * memchr(const void *, int, __kernel_size_t) __nocapture(-1);
2243
2244 #define __HAVE_ARCH_MEMSET
2245 extern void * memset(void *, int, __kernel_size_t);
2246 diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h
2247 index 776757d..a552c1d 100644
2248 --- a/arch/arm/include/asm/thread_info.h
2249 +++ b/arch/arm/include/asm/thread_info.h
2250 @@ -73,6 +73,9 @@ struct thread_info {
2251 .flags = 0, \
2252 .preempt_count = INIT_PREEMPT_COUNT, \
2253 .addr_limit = KERNEL_DS, \
2254 + .cpu_domain = domain_val(DOMAIN_USER, DOMAIN_USERCLIENT) | \
2255 + domain_val(DOMAIN_KERNEL, DOMAIN_KERNELCLIENT) | \
2256 + domain_val(DOMAIN_IO, DOMAIN_KERNELCLIENT), \
2257 }
2258
2259 #define init_thread_info (init_thread_union.thread_info)
2260 @@ -143,6 +146,10 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *,
2261 #define TIF_SYSCALL_AUDIT 5 /* syscall auditing active */
2262 #define TIF_SYSCALL_TRACEPOINT 6 /* syscall tracepoint instrumentation */
2263 #define TIF_SECCOMP 7 /* seccomp syscall filtering active */
2264 +/* within 8 bits of TIF_SYSCALL_TRACE
2265 + * to meet flexible second operand requirements
2266 + */
2267 +#define TIF_GRSEC_SETXID 8
2268
2269 #define TIF_NOHZ 12 /* in adaptive nohz mode */
2270 #define TIF_USING_IWMMXT 17
2271 @@ -158,10 +165,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *,
2272 #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT)
2273 #define _TIF_SECCOMP (1 << TIF_SECCOMP)
2274 #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT)
2275 +#define _TIF_GRSEC_SETXID (1 << TIF_GRSEC_SETXID)
2276
2277 /* Checks for any syscall work in entry-common.S */
2278 #define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \
2279 - _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP)
2280 + _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP | _TIF_GRSEC_SETXID)
2281
2282 /*
2283 * Change these and you break ASM code in entry-common.S
2284 diff --git a/arch/arm/include/asm/timex.h b/arch/arm/include/asm/timex.h
2285 index f6fcc67..5895d62 100644
2286 --- a/arch/arm/include/asm/timex.h
2287 +++ b/arch/arm/include/asm/timex.h
2288 @@ -13,6 +13,7 @@
2289 #define _ASMARM_TIMEX_H
2290
2291 typedef unsigned long cycles_t;
2292 +extern int read_current_timer(unsigned long *timer_val);
2293 #define get_cycles() ({ cycles_t c; read_current_timer(&c) ? 0 : c; })
2294
2295 #endif
2296 diff --git a/arch/arm/include/asm/tls.h b/arch/arm/include/asm/tls.h
2297 index 5f833f7..76e6644 100644
2298 --- a/arch/arm/include/asm/tls.h
2299 +++ b/arch/arm/include/asm/tls.h
2300 @@ -3,6 +3,7 @@
2301
2302 #include <linux/compiler.h>
2303 #include <asm/thread_info.h>
2304 +#include <asm/pgtable.h>
2305
2306 #ifdef __ASSEMBLY__
2307 #include <asm/asm-offsets.h>
2308 @@ -89,7 +90,9 @@ static inline void set_tls(unsigned long val)
2309 * at 0xffff0fe0 must be used instead. (see
2310 * entry-armv.S for details)
2311 */
2312 + pax_open_kernel();
2313 *((unsigned int *)0xffff0ff0) = val;
2314 + pax_close_kernel();
2315 #endif
2316 }
2317
2318 diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h
2319 index a93c0f9..5c31bbb 100644
2320 --- a/arch/arm/include/asm/uaccess.h
2321 +++ b/arch/arm/include/asm/uaccess.h
2322 @@ -18,6 +18,7 @@
2323 #include <asm/domain.h>
2324 #include <asm/unified.h>
2325 #include <asm/compiler.h>
2326 +#include <asm/pgtable.h>
2327
2328 #ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
2329 #include <asm-generic/uaccess-unaligned.h>
2330 @@ -50,6 +51,59 @@ struct exception_table_entry
2331 extern int fixup_exception(struct pt_regs *regs);
2332
2333 /*
2334 + * These two are intentionally not defined anywhere - if the kernel
2335 + * code generates any references to them, that's a bug.
2336 + */
2337 +extern int __get_user_bad(void);
2338 +extern int __put_user_bad(void);
2339 +
2340 +/*
2341 + * Note that this is actually 0x1,0000,0000
2342 + */
2343 +#define KERNEL_DS 0x00000000
2344 +#define get_ds() (KERNEL_DS)
2345 +
2346 +#ifdef CONFIG_MMU
2347 +
2348 +#define USER_DS TASK_SIZE
2349 +#define get_fs() (current_thread_info()->addr_limit)
2350 +
2351 +static inline void set_fs(mm_segment_t fs)
2352 +{
2353 + current_thread_info()->addr_limit = fs;
2354 + modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_KERNELCLIENT : DOMAIN_MANAGER);
2355 +}
2356 +
2357 +#define segment_eq(a, b) ((a) == (b))
2358 +
2359 +#define __HAVE_ARCH_PAX_OPEN_USERLAND
2360 +#define __HAVE_ARCH_PAX_CLOSE_USERLAND
2361 +
2362 +static inline void pax_open_userland(void)
2363 +{
2364 +
2365 +#ifdef CONFIG_PAX_MEMORY_UDEREF
2366 + if (segment_eq(get_fs(), USER_DS)) {
2367 + BUG_ON(test_domain(DOMAIN_USER, DOMAIN_UDEREF));
2368 + modify_domain(DOMAIN_USER, DOMAIN_UDEREF);
2369 + }
2370 +#endif
2371 +
2372 +}
2373 +
2374 +static inline void pax_close_userland(void)
2375 +{
2376 +
2377 +#ifdef CONFIG_PAX_MEMORY_UDEREF
2378 + if (segment_eq(get_fs(), USER_DS)) {
2379 + BUG_ON(test_domain(DOMAIN_USER, DOMAIN_NOACCESS));
2380 + modify_domain(DOMAIN_USER, DOMAIN_NOACCESS);
2381 + }
2382 +#endif
2383 +
2384 +}
2385 +
2386 +/*
2387 * These two functions allow hooking accesses to userspace to increase
2388 * system integrity by ensuring that the kernel can not inadvertantly
2389 * perform such accesses (eg, via list poison values) which could then
2390 @@ -66,6 +120,7 @@ static inline unsigned int uaccess_save_and_enable(void)
2391
2392 return old_domain;
2393 #else
2394 + pax_open_userland();
2395 return 0;
2396 #endif
2397 }
2398 @@ -75,35 +130,11 @@ static inline void uaccess_restore(unsigned int flags)
2399 #ifdef CONFIG_CPU_SW_DOMAIN_PAN
2400 /* Restore the user access mask */
2401 set_domain(flags);
2402 +#else
2403 + pax_close_userland();
2404 #endif
2405 }
2406
2407 -/*
2408 - * These two are intentionally not defined anywhere - if the kernel
2409 - * code generates any references to them, that's a bug.
2410 - */
2411 -extern int __get_user_bad(void);
2412 -extern int __put_user_bad(void);
2413 -
2414 -/*
2415 - * Note that this is actually 0x1,0000,0000
2416 - */
2417 -#define KERNEL_DS 0x00000000
2418 -#define get_ds() (KERNEL_DS)
2419 -
2420 -#ifdef CONFIG_MMU
2421 -
2422 -#define USER_DS TASK_SIZE
2423 -#define get_fs() (current_thread_info()->addr_limit)
2424 -
2425 -static inline void set_fs(mm_segment_t fs)
2426 -{
2427 - current_thread_info()->addr_limit = fs;
2428 - modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_CLIENT : DOMAIN_MANAGER);
2429 -}
2430 -
2431 -#define segment_eq(a, b) ((a) == (b))
2432 -
2433 /* We use 33-bit arithmetic here... */
2434 #define __range_ok(addr, size) ({ \
2435 unsigned long flag, roksum; \
2436 @@ -268,6 +299,7 @@ static inline void set_fs(mm_segment_t fs)
2437
2438 #endif /* CONFIG_MMU */
2439
2440 +#define access_ok_noprefault(type, addr, size) access_ok((type), (addr), (size))
2441 #define access_ok(type, addr, size) (__range_ok(addr, size) == 0)
2442
2443 #define user_addr_max() \
2444 @@ -474,10 +506,10 @@ do { \
2445
2446
2447 #ifdef CONFIG_MMU
2448 -extern unsigned long __must_check
2449 +extern unsigned long __must_check __size_overflow(3)
2450 arm_copy_from_user(void *to, const void __user *from, unsigned long n);
2451
2452 -static inline unsigned long __must_check
2453 +static inline unsigned long __must_check __size_overflow(3)
2454 __copy_from_user(void *to, const void __user *from, unsigned long n)
2455 {
2456 unsigned int __ua_flags;
2457 @@ -489,9 +521,9 @@ __copy_from_user(void *to, const void __user *from, unsigned long n)
2458 return n;
2459 }
2460
2461 -extern unsigned long __must_check
2462 +extern unsigned long __must_check __size_overflow(3)
2463 arm_copy_to_user(void __user *to, const void *from, unsigned long n);
2464 -extern unsigned long __must_check
2465 +extern unsigned long __must_check __size_overflow(3)
2466 __copy_to_user_std(void __user *to, const void *from, unsigned long n);
2467
2468 static inline unsigned long __must_check
2469 @@ -511,9 +543,9 @@ __copy_to_user(void __user *to, const void *from, unsigned long n)
2470 #endif
2471 }
2472
2473 -extern unsigned long __must_check
2474 +extern unsigned long __must_check __size_overflow(2)
2475 arm_clear_user(void __user *addr, unsigned long n);
2476 -extern unsigned long __must_check
2477 +extern unsigned long __must_check __size_overflow(2)
2478 __clear_user_std(void __user *addr, unsigned long n);
2479
2480 static inline unsigned long __must_check
2481 @@ -533,6 +565,9 @@ __clear_user(void __user *addr, unsigned long n)
2482
2483 static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
2484 {
2485 + if ((long)n < 0)
2486 + return n;
2487 +
2488 if (access_ok(VERIFY_READ, from, n))
2489 n = __copy_from_user(to, from, n);
2490 else /* security hole - plug it */
2491 @@ -542,6 +577,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u
2492
2493 static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
2494 {
2495 + if ((long)n < 0)
2496 + return n;
2497 +
2498 if (access_ok(VERIFY_WRITE, to, n))
2499 n = __copy_to_user(to, from, n);
2500 return n;
2501 diff --git a/arch/arm/include/uapi/asm/ptrace.h b/arch/arm/include/uapi/asm/ptrace.h
2502 index 5af0ed1..cea83883 100644
2503 --- a/arch/arm/include/uapi/asm/ptrace.h
2504 +++ b/arch/arm/include/uapi/asm/ptrace.h
2505 @@ -92,7 +92,7 @@
2506 * ARMv7 groups of PSR bits
2507 */
2508 #define APSR_MASK 0xf80f0000 /* N, Z, C, V, Q and GE flags */
2509 -#define PSR_ISET_MASK 0x01000010 /* ISA state (J, T) mask */
2510 +#define PSR_ISET_MASK 0x01000020 /* ISA state (J, T) mask */
2511 #define PSR_IT_MASK 0x0600fc00 /* If-Then execution state mask */
2512 #define PSR_ENDIAN_MASK 0x00000200 /* Endianness state mask */
2513
2514 diff --git a/arch/arm/kernel/armksyms.c b/arch/arm/kernel/armksyms.c
2515 index 7e45f69..2c047db 100644
2516 --- a/arch/arm/kernel/armksyms.c
2517 +++ b/arch/arm/kernel/armksyms.c
2518 @@ -59,7 +59,7 @@ EXPORT_SYMBOL(arm_delay_ops);
2519
2520 /* networking */
2521 EXPORT_SYMBOL(csum_partial);
2522 -EXPORT_SYMBOL(csum_partial_copy_from_user);
2523 +EXPORT_SYMBOL(__csum_partial_copy_from_user);
2524 EXPORT_SYMBOL(csum_partial_copy_nocheck);
2525 EXPORT_SYMBOL(__csum_ipv6_magic);
2526
2527 diff --git a/arch/arm/kernel/cpuidle.c b/arch/arm/kernel/cpuidle.c
2528 index 7dccc96..84da243 100644
2529 --- a/arch/arm/kernel/cpuidle.c
2530 +++ b/arch/arm/kernel/cpuidle.c
2531 @@ -19,7 +19,7 @@ extern struct of_cpuidle_method __cpuidle_method_of_table[];
2532 static const struct of_cpuidle_method __cpuidle_method_of_table_sentinel
2533 __used __section(__cpuidle_method_of_table_end);
2534
2535 -static struct cpuidle_ops cpuidle_ops[NR_CPUS];
2536 +static struct cpuidle_ops cpuidle_ops[NR_CPUS] __read_only;
2537
2538 /**
2539 * arm_cpuidle_simple_enter() - a wrapper to cpu_do_idle()
2540 diff --git a/arch/arm/kernel/efi.c b/arch/arm/kernel/efi.c
2541 index 9f43ba0..1cee475 100644
2542 --- a/arch/arm/kernel/efi.c
2543 +++ b/arch/arm/kernel/efi.c
2544 @@ -60,9 +60,9 @@ int __init efi_create_mapping(struct mm_struct *mm, efi_memory_desc_t *md)
2545 * preference.
2546 */
2547 if (md->attribute & EFI_MEMORY_WB)
2548 - desc.type = MT_MEMORY_RWX;
2549 + desc.type = __MT_MEMORY_RWX;
2550 else if (md->attribute & EFI_MEMORY_WT)
2551 - desc.type = MT_MEMORY_RWX_NONCACHED;
2552 + desc.type = MT_MEMORY_RW_NONCACHED;
2553 else if (md->attribute & EFI_MEMORY_WC)
2554 desc.type = MT_DEVICE_WC;
2555 else
2556 diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S
2557 index 9f157e7..8e3f857 100644
2558 --- a/arch/arm/kernel/entry-armv.S
2559 +++ b/arch/arm/kernel/entry-armv.S
2560 @@ -50,6 +50,87 @@
2561 9997:
2562 .endm
2563
2564 + .macro pax_enter_kernel
2565 +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
2566 + @ make aligned space for saved DACR
2567 + sub sp, sp, #8
2568 + @ save regs
2569 + stmdb sp!, {r1, r2}
2570 + @ read DACR from cpu_domain into r1
2571 + mov r2, sp
2572 + @ assume 8K pages, since we have to split the immediate in two
2573 + bic r2, r2, #(0x1fc0)
2574 + bic r2, r2, #(0x3f)
2575 + ldr r1, [r2, #TI_CPU_DOMAIN]
2576 + @ store old DACR on stack
2577 + str r1, [sp, #8]
2578 +#ifdef CONFIG_PAX_KERNEXEC
2579 + @ set type of DOMAIN_KERNEL to DOMAIN_KERNELCLIENT
2580 + bic r1, r1, #(domain_val(DOMAIN_KERNEL, 3))
2581 + orr r1, r1, #(domain_val(DOMAIN_KERNEL, DOMAIN_KERNELCLIENT))
2582 +#endif
2583 +#ifdef CONFIG_PAX_MEMORY_UDEREF
2584 + @ set current DOMAIN_USER to DOMAIN_NOACCESS
2585 + bic r1, r1, #(domain_val(DOMAIN_USER, 3))
2586 +#endif
2587 + @ write r1 to current_thread_info()->cpu_domain
2588 + str r1, [r2, #TI_CPU_DOMAIN]
2589 + @ write r1 to DACR
2590 + mcr p15, 0, r1, c3, c0, 0
2591 + @ instruction sync
2592 + instr_sync
2593 + @ restore regs
2594 + ldmia sp!, {r1, r2}
2595 +#endif
2596 + .endm
2597 +
2598 + .macro pax_open_userland
2599 +#ifdef CONFIG_PAX_MEMORY_UDEREF
2600 + @ save regs
2601 + stmdb sp!, {r0, r1}
2602 + @ read DACR from cpu_domain into r1
2603 + mov r0, sp
2604 + @ assume 8K pages, since we have to split the immediate in two
2605 + bic r0, r0, #(0x1fc0)
2606 + bic r0, r0, #(0x3f)
2607 + ldr r1, [r0, #TI_CPU_DOMAIN]
2608 + @ set current DOMAIN_USER to DOMAIN_CLIENT
2609 + bic r1, r1, #(domain_val(DOMAIN_USER, 3))
2610 + orr r1, r1, #(domain_val(DOMAIN_USER, DOMAIN_UDEREF))
2611 + @ write r1 to current_thread_info()->cpu_domain
2612 + str r1, [r0, #TI_CPU_DOMAIN]
2613 + @ write r1 to DACR
2614 + mcr p15, 0, r1, c3, c0, 0
2615 + @ instruction sync
2616 + instr_sync
2617 + @ restore regs
2618 + ldmia sp!, {r0, r1}
2619 +#endif
2620 + .endm
2621 +
2622 + .macro pax_close_userland
2623 +#ifdef CONFIG_PAX_MEMORY_UDEREF
2624 + @ save regs
2625 + stmdb sp!, {r0, r1}
2626 + @ read DACR from cpu_domain into r1
2627 + mov r0, sp
2628 + @ assume 8K pages, since we have to split the immediate in two
2629 + bic r0, r0, #(0x1fc0)
2630 + bic r0, r0, #(0x3f)
2631 + ldr r1, [r0, #TI_CPU_DOMAIN]
2632 + @ set current DOMAIN_USER to DOMAIN_NOACCESS
2633 + bic r1, r1, #(domain_val(DOMAIN_USER, 3))
2634 + @ write r1 to current_thread_info()->cpu_domain
2635 + str r1, [r0, #TI_CPU_DOMAIN]
2636 + @ write r1 to DACR
2637 + mcr p15, 0, r1, c3, c0, 0
2638 + @ instruction sync
2639 + instr_sync
2640 + @ restore regs
2641 + ldmia sp!, {r0, r1}
2642 +#endif
2643 + .endm
2644 +
2645 .macro pabt_helper
2646 @ PABORT handler takes pt_regs in r2, fault address in r4 and psr in r5
2647 #ifdef MULTI_PABORT
2648 @@ -92,11 +173,15 @@
2649 * Invalid mode handlers
2650 */
2651 .macro inv_entry, reason
2652 +
2653 + pax_enter_kernel
2654 +
2655 sub sp, sp, #PT_REGS_SIZE
2656 ARM( stmib sp, {r1 - lr} )
2657 THUMB( stmia sp, {r0 - r12} )
2658 THUMB( str sp, [sp, #S_SP] )
2659 THUMB( str lr, [sp, #S_LR] )
2660 +
2661 mov r1, #\reason
2662 .endm
2663
2664 @@ -152,6 +237,9 @@ ENDPROC(__und_invalid)
2665 .macro svc_entry, stack_hole=0, trace=1, uaccess=1
2666 UNWIND(.fnstart )
2667 UNWIND(.save {r0 - pc} )
2668 +
2669 + pax_enter_kernel
2670 +
2671 sub sp, sp, #(SVC_REGS_SIZE + \stack_hole - 4)
2672 #ifdef CONFIG_THUMB2_KERNEL
2673 SPFIX( str r0, [sp] ) @ temporarily saved
2674 @@ -167,7 +255,12 @@ ENDPROC(__und_invalid)
2675 ldmia r0, {r3 - r5}
2676 add r7, sp, #S_SP - 4 @ here for interlock avoidance
2677 mov r6, #-1 @ "" "" "" ""
2678 +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
2679 + @ offset sp by 8 as done in pax_enter_kernel
2680 + add r2, sp, #(SVC_REGS_SIZE + \stack_hole + 4)
2681 +#else
2682 add r2, sp, #(SVC_REGS_SIZE + \stack_hole - 4)
2683 +#endif
2684 SPFIX( addeq r2, r2, #4 )
2685 str r3, [sp, #-4]! @ save the "real" r0 copied
2686 @ from the exception stack
2687 @@ -382,6 +475,9 @@ ENDPROC(__fiq_abt)
2688 .macro usr_entry, trace=1, uaccess=1
2689 UNWIND(.fnstart )
2690 UNWIND(.cantunwind ) @ don't unwind the user space
2691 +
2692 + pax_enter_kernel_user
2693 +
2694 sub sp, sp, #PT_REGS_SIZE
2695 ARM( stmib sp, {r1 - r12} )
2696 THUMB( stmia sp, {r0 - r12} )
2697 @@ -495,7 +591,9 @@ __und_usr:
2698 tst r3, #PSR_T_BIT @ Thumb mode?
2699 bne __und_usr_thumb
2700 sub r4, r2, #4 @ ARM instr at LR - 4
2701 + pax_open_userland
2702 1: ldrt r0, [r4]
2703 + pax_close_userland
2704 ARM_BE8(rev r0, r0) @ little endian instruction
2705
2706 uaccess_disable ip
2707 @@ -531,11 +629,15 @@ __und_usr_thumb:
2708 */
2709 .arch armv6t2
2710 #endif
2711 + pax_open_userland
2712 2: ldrht r5, [r4]
2713 + pax_close_userland
2714 ARM_BE8(rev16 r5, r5) @ little endian instruction
2715 cmp r5, #0xe800 @ 32bit instruction if xx != 0
2716 blo __und_usr_fault_16_pan @ 16bit undefined instruction
2717 + pax_open_userland
2718 3: ldrht r0, [r2]
2719 + pax_close_userland
2720 ARM_BE8(rev16 r0, r0) @ little endian instruction
2721 uaccess_disable ip
2722 add r2, r2, #2 @ r2 is PC + 2, make it PC + 4
2723 @@ -566,7 +668,8 @@ ENDPROC(__und_usr)
2724 */
2725 .pushsection .text.fixup, "ax"
2726 .align 2
2727 -4: str r4, [sp, #S_PC] @ retry current instruction
2728 +4: pax_close_userland
2729 + str r4, [sp, #S_PC] @ retry current instruction
2730 ret r9
2731 .popsection
2732 .pushsection __ex_table,"a"
2733 @@ -788,7 +891,7 @@ ENTRY(__switch_to)
2734 THUMB( str lr, [ip], #4 )
2735 ldr r4, [r2, #TI_TP_VALUE]
2736 ldr r5, [r2, #TI_TP_VALUE + 4]
2737 -#ifdef CONFIG_CPU_USE_DOMAINS
2738 +#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
2739 mrc p15, 0, r6, c3, c0, 0 @ Get domain register
2740 str r6, [r1, #TI_CPU_DOMAIN] @ Save old domain register
2741 ldr r6, [r2, #TI_CPU_DOMAIN]
2742 @@ -799,7 +902,7 @@ ENTRY(__switch_to)
2743 ldr r8, =__stack_chk_guard
2744 ldr r7, [r7, #TSK_STACK_CANARY]
2745 #endif
2746 -#ifdef CONFIG_CPU_USE_DOMAINS
2747 +#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
2748 mcr p15, 0, r6, c3, c0, 0 @ Set domain register
2749 #endif
2750 mov r5, r0
2751 diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
2752 index 10c3283..c47cdf5 100644
2753 --- a/arch/arm/kernel/entry-common.S
2754 +++ b/arch/arm/kernel/entry-common.S
2755 @@ -11,18 +11,46 @@
2756 #include <asm/assembler.h>
2757 #include <asm/unistd.h>
2758 #include <asm/ftrace.h>
2759 +#include <asm/domain.h>
2760 #include <asm/unwind.h>
2761
2762 +#include "entry-header.S"
2763 +
2764 #ifdef CONFIG_NEED_RET_TO_USER
2765 #include <mach/entry-macro.S>
2766 #else
2767 .macro arch_ret_to_user, tmp1, tmp2
2768 +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
2769 + @ save regs
2770 + stmdb sp!, {r1, r2}
2771 + @ read DACR from cpu_domain into r1
2772 + mov r2, sp
2773 + @ assume 8K pages, since we have to split the immediate in two
2774 + bic r2, r2, #(0x1fc0)
2775 + bic r2, r2, #(0x3f)
2776 + ldr r1, [r2, #TI_CPU_DOMAIN]
2777 +#ifdef CONFIG_PAX_KERNEXEC
2778 + @ set type of DOMAIN_KERNEL to DOMAIN_KERNELCLIENT
2779 + bic r1, r1, #(domain_val(DOMAIN_KERNEL, 3))
2780 + orr r1, r1, #(domain_val(DOMAIN_KERNEL, DOMAIN_KERNELCLIENT))
2781 +#endif
2782 +#ifdef CONFIG_PAX_MEMORY_UDEREF
2783 + @ set current DOMAIN_USER to DOMAIN_UDEREF
2784 + bic r1, r1, #(domain_val(DOMAIN_USER, 3))
2785 + orr r1, r1, #(domain_val(DOMAIN_USER, DOMAIN_UDEREF))
2786 +#endif
2787 + @ write r1 to current_thread_info()->cpu_domain
2788 + str r1, [r2, #TI_CPU_DOMAIN]
2789 + @ write r1 to DACR
2790 + mcr p15, 0, r1, c3, c0, 0
2791 + @ instruction sync
2792 + instr_sync
2793 + @ restore regs
2794 + ldmia sp!, {r1, r2}
2795 +#endif
2796 .endm
2797 #endif
2798
2799 -#include "entry-header.S"
2800 -
2801 -
2802 .align 5
2803 #if !(IS_ENABLED(CONFIG_TRACE_IRQFLAGS) || IS_ENABLED(CONFIG_CONTEXT_TRACKING))
2804 /*
2805 @@ -36,7 +64,9 @@ ret_fast_syscall:
2806 UNWIND(.cantunwind )
2807 disable_irq_notrace @ disable interrupts
2808 ldr r1, [tsk, #TI_FLAGS] @ re-check for syscall tracing
2809 - tst r1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK
2810 + tst r1, #_TIF_SYSCALL_WORK
2811 + bne fast_work_pending
2812 + tst r1, #_TIF_WORK_MASK
2813 bne fast_work_pending
2814
2815 /* perform architecture specific actions before user return */
2816 @@ -62,7 +92,9 @@ ret_fast_syscall:
2817 str r0, [sp, #S_R0 + S_OFF]! @ save returned r0
2818 disable_irq_notrace @ disable interrupts
2819 ldr r1, [tsk, #TI_FLAGS] @ re-check for syscall tracing
2820 - tst r1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK
2821 + tst r1, #_TIF_SYSCALL_WORK
2822 + bne __sys_trace_return_nosave
2823 + tst r1, #_TIF_WORK_MASK
2824 beq no_work_pending
2825 UNWIND(.fnend )
2826 ENDPROC(ret_fast_syscall)
2827 @@ -199,6 +231,12 @@ ENTRY(vector_swi)
2828
2829 uaccess_disable tbl
2830
2831 + /*
2832 + * do this here to avoid a performance hit of wrapping the code above
2833 + * that directly dereferences userland to parse the SWI instruction
2834 + */
2835 + pax_enter_kernel_user
2836 +
2837 adr tbl, sys_call_table @ load syscall table pointer
2838
2839 #if defined(CONFIG_OABI_COMPAT)
2840 diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S
2841 index 6391728..6bf90b8 100644
2842 --- a/arch/arm/kernel/entry-header.S
2843 +++ b/arch/arm/kernel/entry-header.S
2844 @@ -196,6 +196,59 @@
2845 msr cpsr_c, \rtemp @ switch back to the SVC mode
2846 .endm
2847
2848 + .macro pax_enter_kernel_user
2849 +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
2850 + @ save regs
2851 + stmdb sp!, {r0, r1}
2852 + @ read DACR from cpu_domain into r1
2853 + mov r0, sp
2854 + @ assume 8K pages, since we have to split the immediate in two
2855 + bic r0, r0, #(0x1fc0)
2856 + bic r0, r0, #(0x3f)
2857 + ldr r1, [r0, #TI_CPU_DOMAIN]
2858 +#ifdef CONFIG_PAX_MEMORY_UDEREF
2859 + @ set current DOMAIN_USER to DOMAIN_NOACCESS
2860 + bic r1, r1, #(domain_val(DOMAIN_USER, 3))
2861 +#endif
2862 +#ifdef CONFIG_PAX_KERNEXEC
2863 + @ set current DOMAIN_KERNEL to DOMAIN_KERNELCLIENT
2864 + bic r1, r1, #(domain_val(DOMAIN_KERNEL, 3))
2865 + orr r1, r1, #(domain_val(DOMAIN_KERNEL, DOMAIN_KERNELCLIENT))
2866 +#endif
2867 + @ write r1 to current_thread_info()->cpu_domain
2868 + str r1, [r0, #TI_CPU_DOMAIN]
2869 + @ write r1 to DACR
2870 + mcr p15, 0, r1, c3, c0, 0
2871 + @ instruction sync
2872 + instr_sync
2873 + @ restore regs
2874 + ldmia sp!, {r0, r1}
2875 +#endif
2876 + .endm
2877 +
2878 + .macro pax_exit_kernel
2879 +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
2880 + @ save regs
2881 + stmdb sp!, {r0, r1}
2882 + @ read old DACR from stack into r1
2883 + ldr r1, [sp, #(8 + S_SP)]
2884 + sub r1, r1, #8
2885 + ldr r1, [r1]
2886 +
2887 + @ write r1 to current_thread_info()->cpu_domain
2888 + mov r0, sp
2889 + @ assume 8K pages, since we have to split the immediate in two
2890 + bic r0, r0, #(0x1fc0)
2891 + bic r0, r0, #(0x3f)
2892 + str r1, [r0, #TI_CPU_DOMAIN]
2893 + @ write r1 to DACR
2894 + mcr p15, 0, r1, c3, c0, 0
2895 + @ instruction sync
2896 + instr_sync
2897 + @ restore regs
2898 + ldmia sp!, {r0, r1}
2899 +#endif
2900 + .endm
2901
2902 .macro svc_exit, rpsr, irq = 0
2903 .if \irq != 0
2904 @@ -219,6 +272,8 @@
2905 uaccess_restore
2906 str r1, [tsk, #TI_ADDR_LIMIT]
2907
2908 + pax_exit_kernel
2909 +
2910 #ifndef CONFIG_THUMB2_KERNEL
2911 @ ARM mode SVC restore
2912 msr spsr_cxsf, \rpsr
2913 diff --git a/arch/arm/kernel/fiq.c b/arch/arm/kernel/fiq.c
2914 index 059c3da..8e45cfc 100644
2915 --- a/arch/arm/kernel/fiq.c
2916 +++ b/arch/arm/kernel/fiq.c
2917 @@ -95,7 +95,10 @@ void set_fiq_handler(void *start, unsigned int length)
2918 void *base = vectors_page;
2919 unsigned offset = FIQ_OFFSET;
2920
2921 + pax_open_kernel();
2922 memcpy(base + offset, start, length);
2923 + pax_close_kernel();
2924 +
2925 if (!cache_is_vipt_nonaliasing())
2926 flush_icache_range((unsigned long)base + offset, offset +
2927 length);
2928 diff --git a/arch/arm/kernel/module-plts.c b/arch/arm/kernel/module-plts.c
2929 index 0c7efc3..3927085 100644
2930 --- a/arch/arm/kernel/module-plts.c
2931 +++ b/arch/arm/kernel/module-plts.c
2932 @@ -30,17 +30,12 @@ struct plt_entries {
2933 u32 lit[PLT_ENT_COUNT];
2934 };
2935
2936 -static bool in_init(const struct module *mod, u32 addr)
2937 -{
2938 - return addr - (u32)mod->init_layout.base < mod->init_layout.size;
2939 -}
2940 -
2941 u32 get_module_plt(struct module *mod, unsigned long loc, Elf32_Addr val)
2942 {
2943 struct plt_entries *plt, *plt_end;
2944 int c, *count;
2945
2946 - if (in_init(mod, loc)) {
2947 + if (within_module_init(loc, mod)) {
2948 plt = (void *)mod->arch.init_plt->sh_addr;
2949 plt_end = (void *)plt + mod->arch.init_plt->sh_size;
2950 count = &mod->arch.init_plt_count;
2951 diff --git a/arch/arm/kernel/module.c b/arch/arm/kernel/module.c
2952 index 4f14b5c..91ff261 100644
2953 --- a/arch/arm/kernel/module.c
2954 +++ b/arch/arm/kernel/module.c
2955 @@ -38,17 +38,47 @@
2956 #endif
2957
2958 #ifdef CONFIG_MMU
2959 -void *module_alloc(unsigned long size)
2960 +static inline void *__module_alloc(unsigned long size, pgprot_t prot)
2961 {
2962 - void *p = __vmalloc_node_range(size, 1, MODULES_VADDR, MODULES_END,
2963 - GFP_KERNEL, PAGE_KERNEL_EXEC, 0, NUMA_NO_NODE,
2964 + void *p;
2965 +
2966 + if (!size || (!IS_ENABLED(CONFIG_ARM_MODULE_PLTS) && PAGE_ALIGN(size) > MODULES_END - MODULES_VADDR))
2967 + return NULL;
2968 +
2969 + p = __vmalloc_node_range(size, 1, MODULES_VADDR, MODULES_END,
2970 + GFP_KERNEL, prot, 0, NUMA_NO_NODE,
2971 __builtin_return_address(0));
2972 if (!IS_ENABLED(CONFIG_ARM_MODULE_PLTS) || p)
2973 return p;
2974 return __vmalloc_node_range(size, 1, VMALLOC_START, VMALLOC_END,
2975 - GFP_KERNEL, PAGE_KERNEL_EXEC, 0, NUMA_NO_NODE,
2976 + GFP_KERNEL, prot, 0, NUMA_NO_NODE,
2977 __builtin_return_address(0));
2978 }
2979 +
2980 +void *module_alloc(unsigned long size)
2981 +{
2982 +
2983 +#ifdef CONFIG_PAX_KERNEXEC
2984 + return __module_alloc(size, PAGE_KERNEL);
2985 +#else
2986 + return __module_alloc(size, PAGE_KERNEL_EXEC);
2987 +#endif
2988 +
2989 +}
2990 +
2991 +#ifdef CONFIG_PAX_KERNEXEC
2992 +void module_memfree_exec(void *module_region)
2993 +{
2994 + module_memfree(module_region);
2995 +}
2996 +EXPORT_SYMBOL(module_memfree_exec);
2997 +
2998 +void *module_alloc_exec(unsigned long size)
2999 +{
3000 + return __module_alloc(size, PAGE_KERNEL_EXEC);
3001 +}
3002 +EXPORT_SYMBOL(module_alloc_exec);
3003 +#endif
3004 #endif
3005
3006 int
3007 diff --git a/arch/arm/kernel/patch.c b/arch/arm/kernel/patch.c
3008 index 69bda1a..755113a 100644
3009 --- a/arch/arm/kernel/patch.c
3010 +++ b/arch/arm/kernel/patch.c
3011 @@ -66,6 +66,7 @@ void __kprobes __patch_text_real(void *addr, unsigned int insn, bool remap)
3012 else
3013 __acquire(&patch_lock);
3014
3015 + pax_open_kernel();
3016 if (thumb2 && __opcode_is_thumb16(insn)) {
3017 *(u16 *)waddr = __opcode_to_mem_thumb16(insn);
3018 size = sizeof(u16);
3019 @@ -97,6 +98,7 @@ void __kprobes __patch_text_real(void *addr, unsigned int insn, bool remap)
3020 *(u32 *)waddr = insn;
3021 size = sizeof(u32);
3022 }
3023 + pax_close_kernel();
3024
3025 if (waddr != addr) {
3026 flush_kernel_vmap_range(waddr, twopage ? size / 2 : size);
3027 diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c
3028 index 612eb53..5a44c8c 100644
3029 --- a/arch/arm/kernel/process.c
3030 +++ b/arch/arm/kernel/process.c
3031 @@ -118,8 +118,8 @@ void __show_regs(struct pt_regs *regs)
3032
3033 show_regs_print_info(KERN_DEFAULT);
3034
3035 - print_symbol("PC is at %s\n", instruction_pointer(regs));
3036 - print_symbol("LR is at %s\n", regs->ARM_lr);
3037 + printk("PC is at %pA\n", (void *)instruction_pointer(regs));
3038 + printk("LR is at %pA\n", (void *)regs->ARM_lr);
3039 printk("pc : [<%08lx>] lr : [<%08lx>] psr: %08lx\n"
3040 "sp : %08lx ip : %08lx fp : %08lx\n",
3041 regs->ARM_pc, regs->ARM_lr, regs->ARM_cpsr,
3042 @@ -233,7 +233,7 @@ copy_thread(unsigned long clone_flags, unsigned long stack_start,
3043
3044 memset(&thread->cpu_context, 0, sizeof(struct cpu_context_save));
3045
3046 -#ifdef CONFIG_CPU_USE_DOMAINS
3047 +#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
3048 /*
3049 * Copy the initial value of the domain access control register
3050 * from the current thread: thread->addr_limit will have been
3051 @@ -337,7 +337,7 @@ static struct vm_area_struct gate_vma = {
3052
3053 static int __init gate_vma_init(void)
3054 {
3055 - gate_vma.vm_page_prot = PAGE_READONLY_EXEC;
3056 + gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags);
3057 return 0;
3058 }
3059 arch_initcall(gate_vma_init);
3060 @@ -366,92 +366,14 @@ const char *arch_vma_name(struct vm_area_struct *vma)
3061 return is_gate_vma(vma) ? "[vectors]" : NULL;
3062 }
3063
3064 -/* If possible, provide a placement hint at a random offset from the
3065 - * stack for the sigpage and vdso pages.
3066 - */
3067 -static unsigned long sigpage_addr(const struct mm_struct *mm,
3068 - unsigned int npages)
3069 -{
3070 - unsigned long offset;
3071 - unsigned long first;
3072 - unsigned long last;
3073 - unsigned long addr;
3074 - unsigned int slots;
3075 -
3076 - first = PAGE_ALIGN(mm->start_stack);
3077 -
3078 - last = TASK_SIZE - (npages << PAGE_SHIFT);
3079 -
3080 - /* No room after stack? */
3081 - if (first > last)
3082 - return 0;
3083 -
3084 - /* Just enough room? */
3085 - if (first == last)
3086 - return first;
3087 -
3088 - slots = ((last - first) >> PAGE_SHIFT) + 1;
3089 -
3090 - offset = get_random_int() % slots;
3091 -
3092 - addr = first + (offset << PAGE_SHIFT);
3093 -
3094 - return addr;
3095 -}
3096 -
3097 -static struct page *signal_page;
3098 -extern struct page *get_signal_page(void);
3099 -
3100 -static const struct vm_special_mapping sigpage_mapping = {
3101 - .name = "[sigpage]",
3102 - .pages = &signal_page,
3103 -};
3104 -
3105 int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
3106 {
3107 struct mm_struct *mm = current->mm;
3108 - struct vm_area_struct *vma;
3109 - unsigned long npages;
3110 - unsigned long addr;
3111 - unsigned long hint;
3112 - int ret = 0;
3113 -
3114 - if (!signal_page)
3115 - signal_page = get_signal_page();
3116 - if (!signal_page)
3117 - return -ENOMEM;
3118 -
3119 - npages = 1; /* for sigpage */
3120 - npages += vdso_total_pages;
3121
3122 if (down_write_killable(&mm->mmap_sem))
3123 return -EINTR;
3124 - hint = sigpage_addr(mm, npages);
3125 - addr = get_unmapped_area(NULL, hint, npages << PAGE_SHIFT, 0, 0);
3126 - if (IS_ERR_VALUE(addr)) {
3127 - ret = addr;
3128 - goto up_fail;
3129 - }
3130 -
3131 - vma = _install_special_mapping(mm, addr, PAGE_SIZE,
3132 - VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC,
3133 - &sigpage_mapping);
3134 -
3135 - if (IS_ERR(vma)) {
3136 - ret = PTR_ERR(vma);
3137 - goto up_fail;
3138 - }
3139 -
3140 - mm->context.sigpage = addr;
3141 -
3142 - /* Unlike the sigpage, failure to install the vdso is unlikely
3143 - * to be fatal to the process, so no error check needed
3144 - * here.
3145 - */
3146 - arm_install_vdso(mm, addr + PAGE_SIZE);
3147 -
3148 - up_fail:
3149 + mm->context.sigpage = (PAGE_OFFSET + (get_random_int() % 0x3FFEFFE0)) & 0xFFFFFFFC;
3150 up_write(&mm->mmap_sem);
3151 - return ret;
3152 + return 0;
3153 }
3154 #endif
3155 diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
3156 index ce131ed..26f9765 100644
3157 --- a/arch/arm/kernel/ptrace.c
3158 +++ b/arch/arm/kernel/ptrace.c
3159 @@ -928,10 +928,19 @@ static void tracehook_report_syscall(struct pt_regs *regs,
3160 regs->ARM_ip = ip;
3161 }
3162
3163 +#ifdef CONFIG_GRKERNSEC_SETXID
3164 +extern void gr_delayed_cred_worker(void);
3165 +#endif
3166 +
3167 asmlinkage int syscall_trace_enter(struct pt_regs *regs, int scno)
3168 {
3169 current_thread_info()->syscall = scno;
3170
3171 +#ifdef CONFIG_GRKERNSEC_SETXID
3172 + if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID)))
3173 + gr_delayed_cred_worker();
3174 +#endif
3175 +
3176 if (test_thread_flag(TIF_SYSCALL_TRACE))
3177 tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER);
3178
3179 diff --git a/arch/arm/kernel/reboot.c b/arch/arm/kernel/reboot.c
3180 index 3fa867a..d610607 100644
3181 --- a/arch/arm/kernel/reboot.c
3182 +++ b/arch/arm/kernel/reboot.c
3183 @@ -120,6 +120,7 @@ void machine_power_off(void)
3184
3185 if (pm_power_off)
3186 pm_power_off();
3187 + while (1);
3188 }
3189
3190 /*
3191 diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c
3192 index df7f2a7..d9d2bc1 100644
3193 --- a/arch/arm/kernel/setup.c
3194 +++ b/arch/arm/kernel/setup.c
3195 @@ -112,21 +112,23 @@ EXPORT_SYMBOL(elf_hwcap);
3196 unsigned int elf_hwcap2 __read_mostly;
3197 EXPORT_SYMBOL(elf_hwcap2);
3198
3199 +pteval_t __supported_pte_mask __read_only;
3200 +pmdval_t __supported_pmd_mask __read_only;
3201
3202 #ifdef MULTI_CPU
3203 -struct processor processor __read_mostly;
3204 +struct processor processor __read_only;
3205 #endif
3206 #ifdef MULTI_TLB
3207 -struct cpu_tlb_fns cpu_tlb __read_mostly;
3208 +struct cpu_tlb_fns cpu_tlb __read_only;
3209 #endif
3210 #ifdef MULTI_USER
3211 -struct cpu_user_fns cpu_user __read_mostly;
3212 +struct cpu_user_fns cpu_user __read_only;
3213 #endif
3214 #ifdef MULTI_CACHE
3215 -struct cpu_cache_fns cpu_cache __read_mostly;
3216 +struct cpu_cache_fns cpu_cache __read_only;
3217 #endif
3218 #ifdef CONFIG_OUTER_CACHE
3219 -struct outer_cache_fns outer_cache __read_mostly;
3220 +struct outer_cache_fns outer_cache __read_only;
3221 EXPORT_SYMBOL(outer_cache);
3222 #endif
3223
3224 @@ -257,9 +259,13 @@ static int __get_cpu_architecture(void)
3225 * Register 0 and check for VMSAv7 or PMSAv7 */
3226 unsigned int mmfr0 = read_cpuid_ext(CPUID_EXT_MMFR0);
3227 if ((mmfr0 & 0x0000000f) >= 0x00000003 ||
3228 - (mmfr0 & 0x000000f0) >= 0x00000030)
3229 + (mmfr0 & 0x000000f0) >= 0x00000030) {
3230 cpu_arch = CPU_ARCH_ARMv7;
3231 - else if ((mmfr0 & 0x0000000f) == 0x00000002 ||
3232 + if ((mmfr0 & 0x0000000f) == 0x00000005 || (mmfr0 & 0x0000000f) == 0x00000004) {
3233 + __supported_pte_mask |= L_PTE_PXN;
3234 + __supported_pmd_mask |= PMD_PXNTABLE;
3235 + }
3236 + } else if ((mmfr0 & 0x0000000f) == 0x00000002 ||
3237 (mmfr0 & 0x000000f0) == 0x00000020)
3238 cpu_arch = CPU_ARCH_ARMv6;
3239 else
3240 diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c
3241 index 7b8f214..ece8e28 100644
3242 --- a/arch/arm/kernel/signal.c
3243 +++ b/arch/arm/kernel/signal.c
3244 @@ -24,8 +24,6 @@
3245
3246 extern const unsigned long sigreturn_codes[7];
3247
3248 -static unsigned long signal_return_offset;
3249 -
3250 #ifdef CONFIG_CRUNCH
3251 static int preserve_crunch_context(struct crunch_sigframe __user *frame)
3252 {
3253 @@ -388,8 +386,7 @@ setup_return(struct pt_regs *regs, struct ksignal *ksig,
3254 * except when the MPU has protected the vectors
3255 * page from PL0
3256 */
3257 - retcode = mm->context.sigpage + signal_return_offset +
3258 - (idx << 2) + thumb;
3259 + retcode = mm->context.sigpage + (idx << 2) + thumb;
3260 } else
3261 #endif
3262 {
3263 @@ -601,33 +598,3 @@ do_work_pending(struct pt_regs *regs, unsigned int thread_flags, int syscall)
3264 } while (thread_flags & _TIF_WORK_MASK);
3265 return 0;
3266 }
3267 -
3268 -struct page *get_signal_page(void)
3269 -{
3270 - unsigned long ptr;
3271 - unsigned offset;
3272 - struct page *page;
3273 - void *addr;
3274 -
3275 - page = alloc_pages(GFP_KERNEL, 0);
3276 -
3277 - if (!page)
3278 - return NULL;
3279 -
3280 - addr = page_address(page);
3281 -
3282 - /* Give the signal return code some randomness */
3283 - offset = 0x200 + (get_random_int() & 0x7fc);
3284 - signal_return_offset = offset;
3285 -
3286 - /*
3287 - * Copy signal return handlers into the vector page, and
3288 - * set sigreturn to be a pointer to these.
3289 - */
3290 - memcpy(addr + offset, sigreturn_codes, sizeof(sigreturn_codes));
3291 -
3292 - ptr = (unsigned long)addr + offset;
3293 - flush_icache_range(ptr, ptr + sizeof(sigreturn_codes));
3294 -
3295 - return page;
3296 -}
3297 diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c
3298 index 8615216..f5be307 100644
3299 --- a/arch/arm/kernel/smp.c
3300 +++ b/arch/arm/kernel/smp.c
3301 @@ -82,7 +82,7 @@ enum ipi_msg_type {
3302
3303 static DECLARE_COMPLETION(cpu_running);
3304
3305 -static struct smp_operations smp_ops;
3306 +static struct smp_operations smp_ops __read_only;
3307
3308 void __init smp_set_ops(const struct smp_operations *ops)
3309 {
3310 diff --git a/arch/arm/kernel/tcm.c b/arch/arm/kernel/tcm.c
3311 index b10e136..cb5edf9 100644
3312 --- a/arch/arm/kernel/tcm.c
3313 +++ b/arch/arm/kernel/tcm.c
3314 @@ -64,7 +64,7 @@ static struct map_desc itcm_iomap[] __initdata = {
3315 .virtual = ITCM_OFFSET,
3316 .pfn = __phys_to_pfn(ITCM_OFFSET),
3317 .length = 0,
3318 - .type = MT_MEMORY_RWX_ITCM,
3319 + .type = MT_MEMORY_RX_ITCM,
3320 }
3321 };
3322
3323 @@ -362,7 +362,9 @@ no_dtcm:
3324 start = &__sitcm_text;
3325 end = &__eitcm_text;
3326 ram = &__itcm_start;
3327 + pax_open_kernel();
3328 memcpy(start, ram, itcm_code_sz);
3329 + pax_close_kernel();
3330 pr_debug("CPU ITCM: copied code from %p - %p\n",
3331 start, end);
3332 itcm_present = true;
3333 diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
3334 index bc69838..e5dfdd4 100644
3335 --- a/arch/arm/kernel/traps.c
3336 +++ b/arch/arm/kernel/traps.c
3337 @@ -65,7 +65,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long);
3338 void dump_backtrace_entry(unsigned long where, unsigned long from, unsigned long frame)
3339 {
3340 #ifdef CONFIG_KALLSYMS
3341 - printk("[<%08lx>] (%ps) from [<%08lx>] (%pS)\n", where, (void *)where, from, (void *)from);
3342 + printk("[<%08lx>] (%pA) from [<%08lx>] (%pA)\n", where, (void *)where, from, (void *)from);
3343 #else
3344 printk("Function entered at [<%08lx>] from [<%08lx>]\n", where, from);
3345 #endif
3346 @@ -267,6 +267,8 @@ static arch_spinlock_t die_lock = __ARCH_SPIN_LOCK_UNLOCKED;
3347 static int die_owner = -1;
3348 static unsigned int die_nest_count;
3349
3350 +extern void gr_handle_kernel_exploit(void);
3351 +
3352 static unsigned long oops_begin(void)
3353 {
3354 int cpu;
3355 @@ -309,6 +311,9 @@ static void oops_end(unsigned long flags, struct pt_regs *regs, int signr)
3356 panic("Fatal exception in interrupt");
3357 if (panic_on_oops)
3358 panic("Fatal exception");
3359 +
3360 + gr_handle_kernel_exploit();
3361 +
3362 if (signr)
3363 do_exit(signr);
3364 }
3365 diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
3366 index d24e5dd..77cf6cf 100644
3367 --- a/arch/arm/kernel/vmlinux.lds.S
3368 +++ b/arch/arm/kernel/vmlinux.lds.S
3369 @@ -44,7 +44,8 @@
3370 #endif
3371
3372 #if (defined(CONFIG_SMP_ON_UP) && !defined(CONFIG_DEBUG_SPINLOCK)) || \
3373 - defined(CONFIG_GENERIC_BUG) || defined(CONFIG_JUMP_LABEL)
3374 + defined(CONFIG_GENERIC_BUG) || defined(CONFIG_JUMP_LABEL) || \
3375 + defined(CONFIG_PAX_REFCOUNT)
3376 #define ARM_EXIT_KEEP(x) x
3377 #define ARM_EXIT_DISCARD(x)
3378 #else
3379 diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
3380 index c94b90d..0cc6830 100644
3381 --- a/arch/arm/kvm/arm.c
3382 +++ b/arch/arm/kvm/arm.c
3383 @@ -59,7 +59,7 @@ static unsigned long hyp_default_vectors;
3384 static DEFINE_PER_CPU(struct kvm_vcpu *, kvm_arm_running_vcpu);
3385
3386 /* The VMID used in the VTTBR */
3387 -static atomic64_t kvm_vmid_gen = ATOMIC64_INIT(1);
3388 +static atomic64_unchecked_t kvm_vmid_gen = ATOMIC64_INIT(1);
3389 static u32 kvm_next_vmid;
3390 static unsigned int kvm_vmid_bits __read_mostly;
3391 static DEFINE_SPINLOCK(kvm_vmid_lock);
3392 @@ -388,7 +388,7 @@ void force_vm_exit(const cpumask_t *mask)
3393 */
3394 static bool need_new_vmid_gen(struct kvm *kvm)
3395 {
3396 - return unlikely(kvm->arch.vmid_gen != atomic64_read(&kvm_vmid_gen));
3397 + return unlikely(kvm->arch.vmid_gen != atomic64_read_unchecked(&kvm_vmid_gen));
3398 }
3399
3400 /**
3401 @@ -421,7 +421,7 @@ static void update_vttbr(struct kvm *kvm)
3402
3403 /* First user of a new VMID generation? */
3404 if (unlikely(kvm_next_vmid == 0)) {
3405 - atomic64_inc(&kvm_vmid_gen);
3406 + atomic64_inc_unchecked(&kvm_vmid_gen);
3407 kvm_next_vmid = 1;
3408
3409 /*
3410 @@ -438,7 +438,7 @@ static void update_vttbr(struct kvm *kvm)
3411 kvm_call_hyp(__kvm_flush_vm_context);
3412 }
3413
3414 - kvm->arch.vmid_gen = atomic64_read(&kvm_vmid_gen);
3415 + kvm->arch.vmid_gen = atomic64_read_unchecked(&kvm_vmid_gen);
3416 kvm->arch.vmid = kvm_next_vmid;
3417 kvm_next_vmid++;
3418 kvm_next_vmid &= (1 << kvm_vmid_bits) - 1;
3419 diff --git a/arch/arm/lib/copy_page.S b/arch/arm/lib/copy_page.S
3420 index 6ee2f67..d1cce76 100644
3421 --- a/arch/arm/lib/copy_page.S
3422 +++ b/arch/arm/lib/copy_page.S
3423 @@ -10,6 +10,7 @@
3424 * ASM optimised string functions
3425 */
3426 #include <linux/linkage.h>
3427 +#include <linux/const.h>
3428 #include <asm/assembler.h>
3429 #include <asm/asm-offsets.h>
3430 #include <asm/cache.h>
3431 diff --git a/arch/arm/lib/csumpartialcopyuser.S b/arch/arm/lib/csumpartialcopyuser.S
3432 index 1712f13..a3165dc 100644
3433 --- a/arch/arm/lib/csumpartialcopyuser.S
3434 +++ b/arch/arm/lib/csumpartialcopyuser.S
3435 @@ -71,8 +71,8 @@
3436 * Returns : r0 = checksum, [[sp, #0], #0] = 0 or -EFAULT
3437 */
3438
3439 -#define FN_ENTRY ENTRY(csum_partial_copy_from_user)
3440 -#define FN_EXIT ENDPROC(csum_partial_copy_from_user)
3441 +#define FN_ENTRY ENTRY(__csum_partial_copy_from_user)
3442 +#define FN_EXIT ENDPROC(__csum_partial_copy_from_user)
3443
3444 #include "csumpartialcopygeneric.S"
3445
3446 diff --git a/arch/arm/lib/delay.c b/arch/arm/lib/delay.c
3447 index 8044591..c9b2609 100644
3448 --- a/arch/arm/lib/delay.c
3449 +++ b/arch/arm/lib/delay.c
3450 @@ -29,7 +29,7 @@
3451 /*
3452 * Default to the loop-based delay implementation.
3453 */
3454 -struct arm_delay_ops arm_delay_ops = {
3455 +struct arm_delay_ops arm_delay_ops __read_only = {
3456 .delay = __loop_delay,
3457 .const_udelay = __loop_const_udelay,
3458 .udelay = __loop_udelay,
3459 diff --git a/arch/arm/lib/uaccess_with_memcpy.c b/arch/arm/lib/uaccess_with_memcpy.c
3460 index 6bd1089..e999400 100644
3461 --- a/arch/arm/lib/uaccess_with_memcpy.c
3462 +++ b/arch/arm/lib/uaccess_with_memcpy.c
3463 @@ -84,7 +84,7 @@ pin_page_for_write(const void __user *_addr, pte_t **ptep, spinlock_t **ptlp)
3464 return 1;
3465 }
3466
3467 -static unsigned long noinline
3468 +static unsigned long noinline __size_overflow(3)
3469 __copy_to_user_memcpy(void __user *to, const void *from, unsigned long n)
3470 {
3471 unsigned long ua_flags;
3472 @@ -157,7 +157,7 @@ arm_copy_to_user(void __user *to, const void *from, unsigned long n)
3473 return n;
3474 }
3475
3476 -static unsigned long noinline
3477 +static unsigned long noinline __size_overflow(2)
3478 __clear_user_memset(void __user *addr, unsigned long n)
3479 {
3480 unsigned long ua_flags;
3481 diff --git a/arch/arm/mach-exynos/suspend.c b/arch/arm/mach-exynos/suspend.c
3482 index 06332f6..1fa0c71 100644
3483 --- a/arch/arm/mach-exynos/suspend.c
3484 +++ b/arch/arm/mach-exynos/suspend.c
3485 @@ -724,8 +724,10 @@ void __init exynos_pm_init(void)
3486 tmp |= pm_data->wake_disable_mask;
3487 pmu_raw_writel(tmp, S5P_WAKEUP_MASK);
3488
3489 - exynos_pm_syscore_ops.suspend = pm_data->pm_suspend;
3490 - exynos_pm_syscore_ops.resume = pm_data->pm_resume;
3491 + pax_open_kernel();
3492 + const_cast(exynos_pm_syscore_ops.suspend) = pm_data->pm_suspend;
3493 + const_cast(exynos_pm_syscore_ops.resume) = pm_data->pm_resume;
3494 + pax_close_kernel();
3495
3496 register_syscore_ops(&exynos_pm_syscore_ops);
3497 suspend_set_ops(&exynos_suspend_ops);
3498 diff --git a/arch/arm/mach-mmp/mmp2.c b/arch/arm/mach-mmp/mmp2.c
3499 index afba546..9e5403d 100644
3500 --- a/arch/arm/mach-mmp/mmp2.c
3501 +++ b/arch/arm/mach-mmp/mmp2.c
3502 @@ -98,7 +98,9 @@ void __init mmp2_init_irq(void)
3503 {
3504 mmp2_init_icu();
3505 #ifdef CONFIG_PM
3506 - icu_irq_chip.irq_set_wake = mmp2_set_wake;
3507 + pax_open_kernel();
3508 + const_cast(icu_irq_chip.irq_set_wake) = mmp2_set_wake;
3509 + pax_close_kernel();
3510 #endif
3511 }
3512
3513 diff --git a/arch/arm/mach-mmp/pxa910.c b/arch/arm/mach-mmp/pxa910.c
3514 index 1ccbba9..7a95c29 100644
3515 --- a/arch/arm/mach-mmp/pxa910.c
3516 +++ b/arch/arm/mach-mmp/pxa910.c
3517 @@ -84,7 +84,9 @@ void __init pxa910_init_irq(void)
3518 {
3519 icu_init_irq();
3520 #ifdef CONFIG_PM
3521 - icu_irq_chip.irq_set_wake = pxa910_set_wake;
3522 + pax_open_kernel();
3523 + const_cast(icu_irq_chip.irq_set_wake) = pxa910_set_wake;
3524 + pax_close_kernel();
3525 #endif
3526 }
3527
3528 diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c
3529 index ae2a018..297ad08 100644
3530 --- a/arch/arm/mach-mvebu/coherency.c
3531 +++ b/arch/arm/mach-mvebu/coherency.c
3532 @@ -156,7 +156,7 @@ exit:
3533
3534 /*
3535 * This ioremap hook is used on Armada 375/38x to ensure that all MMIO
3536 - * areas are mapped as MT_UNCACHED instead of MT_DEVICE. This is
3537 + * areas are mapped as MT_UNCACHED_RW instead of MT_DEVICE. This is
3538 * needed for the HW I/O coherency mechanism to work properly without
3539 * deadlock.
3540 */
3541 @@ -164,7 +164,7 @@ static void __iomem *
3542 armada_wa_ioremap_caller(phys_addr_t phys_addr, size_t size,
3543 unsigned int mtype, void *caller)
3544 {
3545 - mtype = MT_UNCACHED;
3546 + mtype = MT_UNCACHED_RW;
3547 return __arm_ioremap_caller(phys_addr, size, mtype, caller);
3548 }
3549
3550 @@ -174,7 +174,7 @@ static void __init armada_375_380_coherency_init(struct device_node *np)
3551
3552 coherency_cpu_base = of_iomap(np, 0);
3553 arch_ioremap_caller = armada_wa_ioremap_caller;
3554 - pci_ioremap_set_mem_type(MT_UNCACHED);
3555 + pci_ioremap_set_mem_type(MT_UNCACHED_RW);
3556
3557 /*
3558 * We should switch the PL310 to I/O coherency mode only if
3559 diff --git a/arch/arm/mach-mvebu/pmsu.c b/arch/arm/mach-mvebu/pmsu.c
3560 index f39bd51..866c780 100644
3561 --- a/arch/arm/mach-mvebu/pmsu.c
3562 +++ b/arch/arm/mach-mvebu/pmsu.c
3563 @@ -93,7 +93,7 @@
3564 #define ARMADA_370_CRYPT0_ENG_ATTR 0x1
3565
3566 extern void ll_disable_coherency(void);
3567 -extern void ll_enable_coherency(void);
3568 +extern int ll_enable_coherency(void);
3569
3570 extern void armada_370_xp_cpu_resume(void);
3571 extern void armada_38x_cpu_resume(void);
3572 diff --git a/arch/arm/mach-omap2/board-n8x0.c b/arch/arm/mach-omap2/board-n8x0.c
3573 index b6443a4..20a0b74 100644
3574 --- a/arch/arm/mach-omap2/board-n8x0.c
3575 +++ b/arch/arm/mach-omap2/board-n8x0.c
3576 @@ -569,7 +569,7 @@ static int n8x0_menelaus_late_init(struct device *dev)
3577 }
3578 #endif
3579
3580 -struct menelaus_platform_data n8x0_menelaus_platform_data __initdata = {
3581 +struct menelaus_platform_data n8x0_menelaus_platform_data __initconst = {
3582 .late_init = n8x0_menelaus_late_init,
3583 };
3584
3585 diff --git a/arch/arm/mach-omap2/omap-mpuss-lowpower.c b/arch/arm/mach-omap2/omap-mpuss-lowpower.c
3586 index ad98246..69437a8 100644
3587 --- a/arch/arm/mach-omap2/omap-mpuss-lowpower.c
3588 +++ b/arch/arm/mach-omap2/omap-mpuss-lowpower.c
3589 @@ -88,7 +88,7 @@ struct cpu_pm_ops {
3590 void (*resume)(void);
3591 void (*scu_prepare)(unsigned int cpu_id, unsigned int cpu_state);
3592 void (*hotplug_restart)(void);
3593 -};
3594 +} __no_const;
3595
3596 static DEFINE_PER_CPU(struct omap4_cpu_pm_info, omap4_pm_info);
3597 static struct powerdomain *mpuss_pd;
3598 @@ -106,7 +106,7 @@ static void dummy_cpu_resume(void)
3599 static void dummy_scu_prepare(unsigned int cpu_id, unsigned int cpu_state)
3600 {}
3601
3602 -static struct cpu_pm_ops omap_pm_ops = {
3603 +static struct cpu_pm_ops omap_pm_ops __read_only = {
3604 .finish_suspend = default_finish_suspend,
3605 .resume = dummy_cpu_resume,
3606 .scu_prepare = dummy_scu_prepare,
3607 diff --git a/arch/arm/mach-omap2/omap-smp.c b/arch/arm/mach-omap2/omap-smp.c
3608 index b4de3da..e027393 100644
3609 --- a/arch/arm/mach-omap2/omap-smp.c
3610 +++ b/arch/arm/mach-omap2/omap-smp.c
3611 @@ -19,6 +19,7 @@
3612 #include <linux/device.h>
3613 #include <linux/smp.h>
3614 #include <linux/io.h>
3615 +#include <linux/irq.h>
3616 #include <linux/irqchip/arm-gic.h>
3617
3618 #include <asm/smp_scu.h>
3619 diff --git a/arch/arm/mach-omap2/omap_device.c b/arch/arm/mach-omap2/omap_device.c
3620 index e920dd8..ef999171 100644
3621 --- a/arch/arm/mach-omap2/omap_device.c
3622 +++ b/arch/arm/mach-omap2/omap_device.c
3623 @@ -530,7 +530,7 @@ void omap_device_delete(struct omap_device *od)
3624 struct platform_device __init *omap_device_build(const char *pdev_name,
3625 int pdev_id,
3626 struct omap_hwmod *oh,
3627 - void *pdata, int pdata_len)
3628 + const void *pdata, int pdata_len)
3629 {
3630 struct omap_hwmod *ohs[] = { oh };
3631
3632 @@ -558,7 +558,7 @@ struct platform_device __init *omap_device_build(const char *pdev_name,
3633 struct platform_device __init *omap_device_build_ss(const char *pdev_name,
3634 int pdev_id,
3635 struct omap_hwmod **ohs,
3636 - int oh_cnt, void *pdata,
3637 + int oh_cnt, const void *pdata,
3638 int pdata_len)
3639 {
3640 int ret = -ENOMEM;
3641 diff --git a/arch/arm/mach-omap2/omap_device.h b/arch/arm/mach-omap2/omap_device.h
3642 index 78c02b3..c94109a 100644
3643 --- a/arch/arm/mach-omap2/omap_device.h
3644 +++ b/arch/arm/mach-omap2/omap_device.h
3645 @@ -72,12 +72,12 @@ int omap_device_idle(struct platform_device *pdev);
3646 /* Core code interface */
3647
3648 struct platform_device *omap_device_build(const char *pdev_name, int pdev_id,
3649 - struct omap_hwmod *oh, void *pdata,
3650 + struct omap_hwmod *oh, const void *pdata,
3651 int pdata_len);
3652
3653 struct platform_device *omap_device_build_ss(const char *pdev_name, int pdev_id,
3654 struct omap_hwmod **oh, int oh_cnt,
3655 - void *pdata, int pdata_len);
3656 + const void *pdata, int pdata_len);
3657
3658 struct omap_device *omap_device_alloc(struct platform_device *pdev,
3659 struct omap_hwmod **ohs, int oh_cnt);
3660 diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c
3661 index 1052b29..54669b0 100644
3662 --- a/arch/arm/mach-omap2/omap_hwmod.c
3663 +++ b/arch/arm/mach-omap2/omap_hwmod.c
3664 @@ -206,10 +206,10 @@ struct omap_hwmod_soc_ops {
3665 void (*update_context_lost)(struct omap_hwmod *oh);
3666 int (*get_context_lost)(struct omap_hwmod *oh);
3667 int (*disable_direct_prcm)(struct omap_hwmod *oh);
3668 -};
3669 +} __no_const;
3670
3671 /* soc_ops: adapts the omap_hwmod code to the currently-booted SoC */
3672 -static struct omap_hwmod_soc_ops soc_ops;
3673 +static struct omap_hwmod_soc_ops soc_ops __read_only;
3674
3675 /* omap_hwmod_list contains all registered struct omap_hwmods */
3676 static LIST_HEAD(omap_hwmod_list);
3677 diff --git a/arch/arm/mach-omap2/powerdomains43xx_data.c b/arch/arm/mach-omap2/powerdomains43xx_data.c
3678 index 95fee54..b5dd79d 100644
3679 --- a/arch/arm/mach-omap2/powerdomains43xx_data.c
3680 +++ b/arch/arm/mach-omap2/powerdomains43xx_data.c
3681 @@ -10,6 +10,7 @@
3682
3683 #include <linux/kernel.h>
3684 #include <linux/init.h>
3685 +#include <asm/pgtable.h>
3686
3687 #include "powerdomain.h"
3688
3689 @@ -129,7 +130,9 @@ static int am43xx_check_vcvp(void)
3690
3691 void __init am43xx_powerdomains_init(void)
3692 {
3693 - omap4_pwrdm_operations.pwrdm_has_voltdm = am43xx_check_vcvp;
3694 + pax_open_kernel();
3695 + const_cast(omap4_pwrdm_operations.pwrdm_has_voltdm) = am43xx_check_vcvp;
3696 + pax_close_kernel();
3697 pwrdm_register_platform_funcs(&omap4_pwrdm_operations);
3698 pwrdm_register_pwrdms(powerdomains_am43xx);
3699 pwrdm_complete_init();
3700 diff --git a/arch/arm/mach-omap2/wd_timer.c b/arch/arm/mach-omap2/wd_timer.c
3701 index ff0a68c..b312aa0 100644
3702 --- a/arch/arm/mach-omap2/wd_timer.c
3703 +++ b/arch/arm/mach-omap2/wd_timer.c
3704 @@ -110,7 +110,9 @@ static int __init omap_init_wdt(void)
3705 struct omap_hwmod *oh;
3706 char *oh_name = "wd_timer2";
3707 char *dev_name = "omap_wdt";
3708 - struct omap_wd_timer_platform_data pdata;
3709 + static struct omap_wd_timer_platform_data pdata = {
3710 + .read_reset_sources = prm_read_reset_sources
3711 + };
3712
3713 if (!cpu_class_is_omap2() || of_have_populated_dt())
3714 return 0;
3715 @@ -121,8 +123,6 @@ static int __init omap_init_wdt(void)
3716 return -EINVAL;
3717 }
3718
3719 - pdata.read_reset_sources = prm_read_reset_sources;
3720 -
3721 pdev = omap_device_build(dev_name, id, oh, &pdata,
3722 sizeof(struct omap_wd_timer_platform_data));
3723 WARN(IS_ERR(pdev), "Can't build omap_device for %s:%s.\n",
3724 diff --git a/arch/arm/mach-s3c64xx/mach-smdk6410.c b/arch/arm/mach-s3c64xx/mach-smdk6410.c
3725 index 92ec8c3..3b09472 100644
3726 --- a/arch/arm/mach-s3c64xx/mach-smdk6410.c
3727 +++ b/arch/arm/mach-s3c64xx/mach-smdk6410.c
3728 @@ -240,7 +240,7 @@ static struct platform_device smdk6410_b_pwr_5v = {
3729 };
3730 #endif
3731
3732 -static struct s3c_ide_platdata smdk6410_ide_pdata __initdata = {
3733 +static const struct s3c_ide_platdata smdk6410_ide_pdata __initconst = {
3734 .setup_gpio = s3c64xx_ide_setup_gpio,
3735 };
3736
3737 diff --git a/arch/arm/mach-shmobile/platsmp-apmu.c b/arch/arm/mach-shmobile/platsmp-apmu.c
3738 index 0c6bb45..0f18d70 100644
3739 --- a/arch/arm/mach-shmobile/platsmp-apmu.c
3740 +++ b/arch/arm/mach-shmobile/platsmp-apmu.c
3741 @@ -22,6 +22,7 @@
3742 #include <asm/proc-fns.h>
3743 #include <asm/smp_plat.h>
3744 #include <asm/suspend.h>
3745 +#include <asm/pgtable.h>
3746 #include "common.h"
3747 #include "platsmp-apmu.h"
3748 #include "rcar-gen2.h"
3749 @@ -316,6 +317,8 @@ static int shmobile_smp_apmu_enter_suspend(suspend_state_t state)
3750
3751 void __init shmobile_smp_apmu_suspend_init(void)
3752 {
3753 - shmobile_suspend_ops.enter = shmobile_smp_apmu_enter_suspend;
3754 + pax_open_kernel();
3755 + const_cast(shmobile_suspend_ops.enter) = shmobile_smp_apmu_enter_suspend;
3756 + pax_close_kernel();
3757 }
3758 #endif
3759 diff --git a/arch/arm/mach-tegra/cpuidle-tegra20.c b/arch/arm/mach-tegra/cpuidle-tegra20.c
3760 index afcee04..63e52ac 100644
3761 --- a/arch/arm/mach-tegra/cpuidle-tegra20.c
3762 +++ b/arch/arm/mach-tegra/cpuidle-tegra20.c
3763 @@ -178,7 +178,7 @@ static int tegra20_idle_lp2_coupled(struct cpuidle_device *dev,
3764 bool entered_lp2 = false;
3765
3766 if (tegra_pending_sgi())
3767 - ACCESS_ONCE(abort_flag) = true;
3768 + ACCESS_ONCE_RW(abort_flag) = true;
3769
3770 cpuidle_coupled_parallel_barrier(dev, &abort_barrier);
3771
3772 diff --git a/arch/arm/mach-tegra/irq.c b/arch/arm/mach-tegra/irq.c
3773 index a69b22d..8523a03 100644
3774 --- a/arch/arm/mach-tegra/irq.c
3775 +++ b/arch/arm/mach-tegra/irq.c
3776 @@ -20,6 +20,7 @@
3777 #include <linux/cpu_pm.h>
3778 #include <linux/interrupt.h>
3779 #include <linux/io.h>
3780 +#include <linux/irq.h>
3781 #include <linux/irqchip/arm-gic.h>
3782 #include <linux/irq.h>
3783 #include <linux/kernel.h>
3784 diff --git a/arch/arm/mach-ux500/pm.c b/arch/arm/mach-ux500/pm.c
3785 index 8538910..2f39bc4 100644
3786 --- a/arch/arm/mach-ux500/pm.c
3787 +++ b/arch/arm/mach-ux500/pm.c
3788 @@ -10,6 +10,7 @@
3789 */
3790
3791 #include <linux/kernel.h>
3792 +#include <linux/irq.h>
3793 #include <linux/irqchip/arm-gic.h>
3794 #include <linux/delay.h>
3795 #include <linux/io.h>
3796 diff --git a/arch/arm/mach-zynq/platsmp.c b/arch/arm/mach-zynq/platsmp.c
3797 index 7cd9865..a00b6ab 100644
3798 --- a/arch/arm/mach-zynq/platsmp.c
3799 +++ b/arch/arm/mach-zynq/platsmp.c
3800 @@ -24,6 +24,7 @@
3801 #include <linux/io.h>
3802 #include <asm/cacheflush.h>
3803 #include <asm/smp_scu.h>
3804 +#include <linux/irq.h>
3805 #include <linux/irqchip/arm-gic.h>
3806 #include "common.h"
3807
3808 diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig
3809 index d15a7fe..6cc4fc9 100644
3810 --- a/arch/arm/mm/Kconfig
3811 +++ b/arch/arm/mm/Kconfig
3812 @@ -445,6 +445,7 @@ config CPU_32v5
3813
3814 config CPU_32v6
3815 bool
3816 + select CPU_USE_DOMAINS if CPU_V6 && MMU && !PAX_KERNEXEC && !PAX_MEMORY_UDEREF
3817 select TLS_REG_EMUL if !CPU_32v6K && !MMU
3818
3819 config CPU_32v6K
3820 @@ -599,6 +600,7 @@ config CPU_CP15_MPU
3821
3822 config CPU_USE_DOMAINS
3823 bool
3824 + depends on !ARM_LPAE && !PAX_KERNEXEC && !PAX_MEMORY_UDEREF
3825 help
3826 This option enables or disables the use of domain switching
3827 via the set_fs() function.
3828 @@ -809,7 +811,7 @@ config NEED_KUSER_HELPERS
3829
3830 config KUSER_HELPERS
3831 bool "Enable kuser helpers in vector page" if !NEED_KUSER_HELPERS
3832 - depends on MMU
3833 + depends on MMU && (!(CPU_V6 || CPU_V6K || CPU_V7) || GRKERNSEC_OLD_ARM_USERLAND)
3834 default y
3835 help
3836 Warning: disabling this option may break user programs.
3837 @@ -823,7 +825,7 @@ config KUSER_HELPERS
3838 See Documentation/arm/kernel_user_helpers.txt for details.
3839
3840 However, the fixed address nature of these helpers can be used
3841 - by ROP (return orientated programming) authors when creating
3842 + by ROP (Return Oriented Programming) authors when creating
3843 exploits.
3844
3845 If all of the binaries and libraries which run on your platform
3846 @@ -838,7 +840,7 @@ config KUSER_HELPERS
3847
3848 config VDSO
3849 bool "Enable VDSO for acceleration of some system calls"
3850 - depends on AEABI && MMU && CPU_V7
3851 + depends on AEABI && MMU && CPU_V7 && !PAX_KERNEXEC && !PAX_MEMORY_UDEREF
3852 default y if ARM_ARCH_TIMER
3853 select GENERIC_TIME_VSYSCALL
3854 help
3855 diff --git a/arch/arm/mm/alignment.c b/arch/arm/mm/alignment.c
3856 index 7d5f4c7..c6a0816 100644
3857 --- a/arch/arm/mm/alignment.c
3858 +++ b/arch/arm/mm/alignment.c
3859 @@ -778,6 +778,7 @@ do_alignment(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
3860 u16 tinstr = 0;
3861 int isize = 4;
3862 int thumb2_32b = 0;
3863 + bool is_user_mode = user_mode(regs);
3864
3865 if (interrupts_enabled(regs))
3866 local_irq_enable();
3867 @@ -786,14 +787,24 @@ do_alignment(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
3868
3869 if (thumb_mode(regs)) {
3870 u16 *ptr = (u16 *)(instrptr & ~1);
3871 - fault = probe_kernel_address(ptr, tinstr);
3872 + if (is_user_mode) {
3873 + pax_open_userland();
3874 + fault = probe_kernel_address(ptr, tinstr);
3875 + pax_close_userland();
3876 + } else
3877 + fault = probe_kernel_address(ptr, tinstr);
3878 tinstr = __mem_to_opcode_thumb16(tinstr);
3879 if (!fault) {
3880 if (cpu_architecture() >= CPU_ARCH_ARMv7 &&
3881 IS_T32(tinstr)) {
3882 /* Thumb-2 32-bit */
3883 u16 tinst2 = 0;
3884 - fault = probe_kernel_address(ptr + 1, tinst2);
3885 + if (is_user_mode) {
3886 + pax_open_userland();
3887 + fault = probe_kernel_address(ptr + 1, tinst2);
3888 + pax_close_userland();
3889 + } else
3890 + fault = probe_kernel_address(ptr + 1, tinst2);
3891 tinst2 = __mem_to_opcode_thumb16(tinst2);
3892 instr = __opcode_thumb32_compose(tinstr, tinst2);
3893 thumb2_32b = 1;
3894 @@ -803,7 +814,12 @@ do_alignment(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
3895 }
3896 }
3897 } else {
3898 - fault = probe_kernel_address((void *)instrptr, instr);
3899 + if (is_user_mode) {
3900 + pax_open_userland();
3901 + fault = probe_kernel_address((void *)instrptr, instr);
3902 + pax_close_userland();
3903 + } else
3904 + fault = probe_kernel_address((void *)instrptr, instr);
3905 instr = __mem_to_opcode_arm(instr);
3906 }
3907
3908 @@ -812,7 +828,7 @@ do_alignment(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
3909 goto bad_or_fault;
3910 }
3911
3912 - if (user_mode(regs))
3913 + if (is_user_mode)
3914 goto user;
3915
3916 ai_sys += 1;
3917 diff --git a/arch/arm/mm/cache-l2x0.c b/arch/arm/mm/cache-l2x0.c
3918 index cc12905..88463b3 100644
3919 --- a/arch/arm/mm/cache-l2x0.c
3920 +++ b/arch/arm/mm/cache-l2x0.c
3921 @@ -44,7 +44,7 @@ struct l2c_init_data {
3922 void (*configure)(void __iomem *);
3923 void (*unlock)(void __iomem *, unsigned);
3924 struct outer_cache_fns outer_cache;
3925 -};
3926 +} __do_const;
3927
3928 #define CACHE_LINE_SIZE 32
3929
3930 diff --git a/arch/arm/mm/context.c b/arch/arm/mm/context.c
3931 index c8c8b9e..c55cc79 100644
3932 --- a/arch/arm/mm/context.c
3933 +++ b/arch/arm/mm/context.c
3934 @@ -43,7 +43,7 @@
3935 #define NUM_USER_ASIDS ASID_FIRST_VERSION
3936
3937 static DEFINE_RAW_SPINLOCK(cpu_asid_lock);
3938 -static atomic64_t asid_generation = ATOMIC64_INIT(ASID_FIRST_VERSION);
3939 +static atomic64_unchecked_t asid_generation = ATOMIC64_INIT(ASID_FIRST_VERSION);
3940 static DECLARE_BITMAP(asid_map, NUM_USER_ASIDS);
3941
3942 static DEFINE_PER_CPU(atomic64_t, active_asids);
3943 @@ -193,7 +193,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
3944 {
3945 static u32 cur_idx = 1;
3946 u64 asid = atomic64_read(&mm->context.id);
3947 - u64 generation = atomic64_read(&asid_generation);
3948 + u64 generation = atomic64_read_unchecked(&asid_generation);
3949
3950 if (asid != 0) {
3951 u64 newasid = generation | (asid & ~ASID_MASK);
3952 @@ -225,7 +225,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
3953 */
3954 asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, cur_idx);
3955 if (asid == NUM_USER_ASIDS) {
3956 - generation = atomic64_add_return(ASID_FIRST_VERSION,
3957 + generation = atomic64_add_return_unchecked(ASID_FIRST_VERSION,
3958 &asid_generation);
3959 flush_context(cpu);
3960 asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, 1);
3961 @@ -254,14 +254,14 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk)
3962 cpu_set_reserved_ttbr0();
3963
3964 asid = atomic64_read(&mm->context.id);
3965 - if (!((asid ^ atomic64_read(&asid_generation)) >> ASID_BITS)
3966 + if (!((asid ^ atomic64_read_unchecked(&asid_generation)) >> ASID_BITS)
3967 && atomic64_xchg(&per_cpu(active_asids, cpu), asid))
3968 goto switch_mm_fastpath;
3969
3970 raw_spin_lock_irqsave(&cpu_asid_lock, flags);
3971 /* Check that our ASID belongs to the current generation. */
3972 asid = atomic64_read(&mm->context.id);
3973 - if ((asid ^ atomic64_read(&asid_generation)) >> ASID_BITS) {
3974 + if ((asid ^ atomic64_read_unchecked(&asid_generation)) >> ASID_BITS) {
3975 asid = new_context(mm, cpu);
3976 atomic64_set(&mm->context.id, asid);
3977 }
3978 diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
3979 index 3a2e678..ebdbf80 100644
3980 --- a/arch/arm/mm/fault.c
3981 +++ b/arch/arm/mm/fault.c
3982 @@ -25,6 +25,7 @@
3983 #include <asm/system_misc.h>
3984 #include <asm/system_info.h>
3985 #include <asm/tlbflush.h>
3986 +#include <asm/sections.h>
3987
3988 #include "fault.h"
3989
3990 @@ -138,6 +139,31 @@ __do_kernel_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr,
3991 if (fixup_exception(regs))
3992 return;
3993
3994 +#ifdef CONFIG_PAX_MEMORY_UDEREF
3995 + if (addr < TASK_SIZE) {
3996 + if (current->signal->curr_ip)
3997 + printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
3998 + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr);
3999 + else
4000 + printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current),
4001 + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr);
4002 + }
4003 +#endif
4004 +
4005 +#ifdef CONFIG_PAX_KERNEXEC
4006 + if ((fsr & FSR_WRITE) &&
4007 + (((unsigned long)_stext <= addr && addr < init_mm.end_code) ||
4008 + (MODULES_VADDR <= addr && addr < MODULES_END)))
4009 + {
4010 + if (current->signal->curr_ip)
4011 + printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
4012 + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
4013 + else
4014 + printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current),
4015 + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
4016 + }
4017 +#endif
4018 +
4019 /*
4020 * No handler, we'll have to terminate things with extreme prejudice.
4021 */
4022 @@ -173,6 +199,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr,
4023 }
4024 #endif
4025
4026 +#ifdef CONFIG_PAX_PAGEEXEC
4027 + if ((tsk->mm->pax_flags & MF_PAX_PAGEEXEC) && (fsr & FSR_LNX_PF)) {
4028 + pax_report_fault(regs, (void *)regs->ARM_pc, (void *)regs->ARM_sp);
4029 + do_group_exit(SIGKILL);
4030 + }
4031 +#endif
4032 +
4033 tsk->thread.address = addr;
4034 tsk->thread.error_code = fsr;
4035 tsk->thread.trap_no = 14;
4036 @@ -400,6 +433,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
4037 }
4038 #endif /* CONFIG_MMU */
4039
4040 +#ifdef CONFIG_PAX_PAGEEXEC
4041 +void pax_report_insns(struct pt_regs *regs, void *pc, void *sp)
4042 +{
4043 + long i;
4044 +
4045 + printk(KERN_ERR "PAX: bytes at PC: ");
4046 + for (i = 0; i < 20; i++) {
4047 + unsigned char c;
4048 + if (get_user(c, (__force unsigned char __user *)pc+i))
4049 + printk(KERN_CONT "?? ");
4050 + else
4051 + printk(KERN_CONT "%02x ", c);
4052 + }
4053 + printk("\n");
4054 +
4055 + printk(KERN_ERR "PAX: bytes at SP-4: ");
4056 + for (i = -1; i < 20; i++) {
4057 + unsigned long c;
4058 + if (get_user(c, (__force unsigned long __user *)sp+i))
4059 + printk(KERN_CONT "???????? ");
4060 + else
4061 + printk(KERN_CONT "%08lx ", c);
4062 + }
4063 + printk("\n");
4064 +}
4065 +#endif
4066 +
4067 /*
4068 * First Level Translation Fault Handler
4069 *
4070 @@ -547,9 +607,22 @@ do_DataAbort(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
4071 const struct fsr_info *inf = fsr_info + fsr_fs(fsr);
4072 struct siginfo info;
4073
4074 +#ifdef CONFIG_PAX_MEMORY_UDEREF
4075 + if (addr < TASK_SIZE && is_domain_fault(fsr)) {
4076 + if (current->signal->curr_ip)
4077 + printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
4078 + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr);
4079 + else
4080 + printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current),
4081 + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr);
4082 + goto die;
4083 + }
4084 +#endif
4085 +
4086 if (!inf->fn(addr, fsr & ~FSR_LNX_PF, regs))
4087 return;
4088
4089 +die:
4090 pr_alert("Unhandled fault: %s (0x%03x) at 0x%08lx\n",
4091 inf->name, fsr, addr);
4092 show_pte(current->mm, addr);
4093 @@ -574,15 +647,118 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs *
4094 ifsr_info[nr].name = name;
4095 }
4096
4097 +asmlinkage int sys_sigreturn(struct pt_regs *regs);
4098 +asmlinkage int sys_rt_sigreturn(struct pt_regs *regs);
4099 +
4100 asmlinkage void __exception
4101 do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs)
4102 {
4103 const struct fsr_info *inf = ifsr_info + fsr_fs(ifsr);
4104 struct siginfo info;
4105 + unsigned long pc = instruction_pointer(regs);
4106 +
4107 + if (user_mode(regs)) {
4108 + unsigned long sigpage = current->mm->context.sigpage;
4109 +
4110 + if (sigpage <= pc && pc < sigpage + 7*4) {
4111 + if (pc < sigpage + 3*4)
4112 + sys_sigreturn(regs);
4113 + else
4114 + sys_rt_sigreturn(regs);
4115 + return;
4116 + }
4117 + if (pc == 0xffff0f60UL) {
4118 + /*
4119 + * PaX: __kuser_cmpxchg64 emulation
4120 + */
4121 + // TODO
4122 + //regs->ARM_pc = regs->ARM_lr;
4123 + //return;
4124 + }
4125 + if (pc == 0xffff0fa0UL) {
4126 + /*
4127 + * PaX: __kuser_memory_barrier emulation
4128 + */
4129 + // dmb(); implied by the exception
4130 + regs->ARM_pc = regs->ARM_lr;
4131 +#ifdef CONFIG_ARM_THUMB
4132 + if (regs->ARM_lr & 1) {
4133 + regs->ARM_cpsr |= PSR_T_BIT;
4134 + regs->ARM_pc &= ~0x1U;
4135 + } else
4136 + regs->ARM_cpsr &= ~PSR_T_BIT;
4137 +#endif
4138 + return;
4139 + }
4140 + if (pc == 0xffff0fc0UL) {
4141 + /*
4142 + * PaX: __kuser_cmpxchg emulation
4143 + */
4144 + // TODO
4145 + //long new;
4146 + //int op;
4147 +
4148 + //op = FUTEX_OP_SET << 28;
4149 + //new = futex_atomic_op_inuser(op, regs->ARM_r2);
4150 + //regs->ARM_r0 = old != new;
4151 + //regs->ARM_pc = regs->ARM_lr;
4152 + //return;
4153 + }
4154 + if (pc == 0xffff0fe0UL) {
4155 + /*
4156 + * PaX: __kuser_get_tls emulation
4157 + */
4158 + regs->ARM_r0 = current_thread_info()->tp_value[0];
4159 + regs->ARM_pc = regs->ARM_lr;
4160 +#ifdef CONFIG_ARM_THUMB
4161 + if (regs->ARM_lr & 1) {
4162 + regs->ARM_cpsr |= PSR_T_BIT;
4163 + regs->ARM_pc &= ~0x1U;
4164 + } else
4165 + regs->ARM_cpsr &= ~PSR_T_BIT;
4166 +#endif
4167 + return;
4168 + }
4169 + }
4170 +
4171 +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
4172 + else if (is_domain_fault(ifsr) || is_xn_fault(ifsr)) {
4173 + if (current->signal->curr_ip)
4174 + printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
4175 + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()),
4176 + pc >= TASK_SIZE ? "non-executable kernel" : "userland", pc);
4177 + else
4178 + printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", current->comm, task_pid_nr(current),
4179 + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()),
4180 + pc >= TASK_SIZE ? "non-executable kernel" : "userland", pc);
4181 + goto die;
4182 + }
4183 +#endif
4184 +
4185 +#ifdef CONFIG_PAX_REFCOUNT
4186 + if (fsr_fs(ifsr) == FAULT_CODE_DEBUG) {
4187 +#ifdef CONFIG_THUMB2_KERNEL
4188 + unsigned short bkpt;
4189 +
4190 + if (!probe_kernel_address((const unsigned short *)pc, bkpt) && cpu_to_le16(bkpt) == 0xbef1) {
4191 +#else
4192 + unsigned int bkpt;
4193 +
4194 + if (!probe_kernel_address((const unsigned int *)pc, bkpt) && cpu_to_le32(bkpt) == 0xe12f1073) {
4195 +#endif
4196 + current->thread.error_code = ifsr;
4197 + current->thread.trap_no = 0;
4198 + pax_report_refcount_error(regs, NULL);
4199 + fixup_exception(regs);
4200 + return;
4201 + }
4202 + }
4203 +#endif
4204
4205 if (!inf->fn(addr, ifsr | FSR_LNX_PF, regs))
4206 return;
4207
4208 +die:
4209 pr_alert("Unhandled prefetch abort: %s (0x%03x) at 0x%08lx\n",
4210 inf->name, ifsr, addr);
4211
4212 diff --git a/arch/arm/mm/fault.h b/arch/arm/mm/fault.h
4213 index 05ec5e0..0b70277 100644
4214 --- a/arch/arm/mm/fault.h
4215 +++ b/arch/arm/mm/fault.h
4216 @@ -3,6 +3,7 @@
4217
4218 /*
4219 * Fault status register encodings. We steal bit 31 for our own purposes.
4220 + * Set when the FSR value is from an instruction fault.
4221 */
4222 #define FSR_LNX_PF (1 << 31)
4223 #define FSR_WRITE (1 << 11)
4224 @@ -22,6 +23,17 @@ static inline int fsr_fs(unsigned int fsr)
4225 }
4226 #endif
4227
4228 +/* valid for LPAE and !LPAE */
4229 +static inline int is_xn_fault(unsigned int fsr)
4230 +{
4231 + return ((fsr_fs(fsr) & 0x3c) == 0xc);
4232 +}
4233 +
4234 +static inline int is_domain_fault(unsigned int fsr)
4235 +{
4236 + return ((fsr_fs(fsr) & 0xD) == 0x9);
4237 +}
4238 +
4239 void do_bad_area(unsigned long addr, unsigned int fsr, struct pt_regs *regs);
4240 unsigned long search_exception_table(unsigned long addr);
4241 void early_abt_enable(void);
4242 diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
4243 index 370581a..b985cc1 100644
4244 --- a/arch/arm/mm/init.c
4245 +++ b/arch/arm/mm/init.c
4246 @@ -747,7 +747,46 @@ void free_tcmmem(void)
4247 {
4248 #ifdef CONFIG_HAVE_TCM
4249 extern char __tcm_start, __tcm_end;
4250 +#endif
4251
4252 +#ifdef CONFIG_PAX_KERNEXEC
4253 + unsigned long addr;
4254 + pgd_t *pgd;
4255 + pud_t *pud;
4256 + pmd_t *pmd;
4257 + int cpu_arch = cpu_architecture();
4258 + unsigned int cr = get_cr();
4259 +
4260 + if (cpu_arch >= CPU_ARCH_ARMv6 && (cr & CR_XP)) {
4261 + /* make pages tables, etc before .text NX */
4262 + for (addr = PAGE_OFFSET; addr < (unsigned long)_stext; addr += SECTION_SIZE) {
4263 + pgd = pgd_offset_k(addr);
4264 + pud = pud_offset(pgd, addr);
4265 + pmd = pmd_offset(pud, addr);
4266 + __section_update(pmd, addr, PMD_SECT_XN);
4267 + }
4268 + /* make init NX */
4269 + for (addr = (unsigned long)__init_begin; addr < (unsigned long)_sdata; addr += SECTION_SIZE) {
4270 + pgd = pgd_offset_k(addr);
4271 + pud = pud_offset(pgd, addr);
4272 + pmd = pmd_offset(pud, addr);
4273 + __section_update(pmd, addr, PMD_SECT_XN);
4274 + }
4275 + /* make kernel code/rodata RX */
4276 + for (addr = (unsigned long)_stext; addr < (unsigned long)__init_begin; addr += SECTION_SIZE) {
4277 + pgd = pgd_offset_k(addr);
4278 + pud = pud_offset(pgd, addr);
4279 + pmd = pmd_offset(pud, addr);
4280 +#ifdef CONFIG_ARM_LPAE
4281 + __section_update(pmd, addr, PMD_SECT_RDONLY);
4282 +#else
4283 + __section_update(pmd, addr, PMD_SECT_APX|PMD_SECT_AP_WRITE);
4284 +#endif
4285 + }
4286 + }
4287 +#endif
4288 +
4289 +#ifdef CONFIG_HAVE_TCM
4290 poison_init_mem(&__tcm_start, &__tcm_end - &__tcm_start);
4291 free_reserved_area(&__tcm_start, &__tcm_end, -1, "TCM link");
4292 #endif
4293 diff --git a/arch/arm/mm/ioremap.c b/arch/arm/mm/ioremap.c
4294 index ff0eed2..f17f1c9 100644
4295 --- a/arch/arm/mm/ioremap.c
4296 +++ b/arch/arm/mm/ioremap.c
4297 @@ -411,9 +411,9 @@ __arm_ioremap_exec(phys_addr_t phys_addr, size_t size, bool cached)
4298 unsigned int mtype;
4299
4300 if (cached)
4301 - mtype = MT_MEMORY_RWX;
4302 + mtype = MT_MEMORY_RX;
4303 else
4304 - mtype = MT_MEMORY_RWX_NONCACHED;
4305 + mtype = MT_MEMORY_RX_NONCACHED;
4306
4307 return __arm_ioremap_caller(phys_addr, size, mtype,
4308 __builtin_return_address(0));
4309 diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c
4310 index 66353ca..8aad9f8 100644
4311 --- a/arch/arm/mm/mmap.c
4312 +++ b/arch/arm/mm/mmap.c
4313 @@ -59,6 +59,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
4314 struct vm_area_struct *vma;
4315 int do_align = 0;
4316 int aliasing = cache_is_vipt_aliasing();
4317 + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
4318 struct vm_unmapped_area_info info;
4319
4320 /*
4321 @@ -81,6 +82,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
4322 if (len > TASK_SIZE)
4323 return -ENOMEM;
4324
4325 +#ifdef CONFIG_PAX_RANDMMAP
4326 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
4327 +#endif
4328 +
4329 if (addr) {
4330 if (do_align)
4331 addr = COLOUR_ALIGN(addr, pgoff);
4332 @@ -88,8 +93,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
4333 addr = PAGE_ALIGN(addr);
4334
4335 vma = find_vma(mm, addr);
4336 - if (TASK_SIZE - len >= addr &&
4337 - (!vma || addr + len <= vma->vm_start))
4338 + if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset))
4339 return addr;
4340 }
4341
4342 @@ -99,19 +103,21 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
4343 info.high_limit = TASK_SIZE;
4344 info.align_mask = do_align ? (PAGE_MASK & (SHMLBA - 1)) : 0;
4345 info.align_offset = pgoff << PAGE_SHIFT;
4346 + info.threadstack_offset = offset;
4347 return vm_unmapped_area(&info);
4348 }
4349
4350 unsigned long
4351 -arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
4352 - const unsigned long len, const unsigned long pgoff,
4353 - const unsigned long flags)
4354 +arch_get_unmapped_area_topdown(struct file *filp, unsigned long addr0,
4355 + unsigned long len, unsigned long pgoff,
4356 + unsigned long flags)
4357 {
4358 struct vm_area_struct *vma;
4359 struct mm_struct *mm = current->mm;
4360 unsigned long addr = addr0;
4361 int do_align = 0;
4362 int aliasing = cache_is_vipt_aliasing();
4363 + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
4364 struct vm_unmapped_area_info info;
4365
4366 /*
4367 @@ -132,6 +138,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
4368 return addr;
4369 }
4370
4371 +#ifdef CONFIG_PAX_RANDMMAP
4372 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
4373 +#endif
4374 +
4375 /* requesting a specific address */
4376 if (addr) {
4377 if (do_align)
4378 @@ -139,8 +149,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
4379 else
4380 addr = PAGE_ALIGN(addr);
4381 vma = find_vma(mm, addr);
4382 - if (TASK_SIZE - len >= addr &&
4383 - (!vma || addr + len <= vma->vm_start))
4384 + if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset))
4385 return addr;
4386 }
4387
4388 @@ -150,6 +159,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
4389 info.high_limit = mm->mmap_base;
4390 info.align_mask = do_align ? (PAGE_MASK & (SHMLBA - 1)) : 0;
4391 info.align_offset = pgoff << PAGE_SHIFT;
4392 + info.threadstack_offset = offset;
4393 addr = vm_unmapped_area(&info);
4394
4395 /*
4396 @@ -182,14 +192,30 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
4397 {
4398 unsigned long random_factor = 0UL;
4399
4400 +#ifdef CONFIG_PAX_RANDMMAP
4401 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
4402 +#endif
4403 +
4404 if (current->flags & PF_RANDOMIZE)
4405 random_factor = arch_mmap_rnd();
4406
4407 if (mmap_is_legacy()) {
4408 mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
4409 +
4410 +#ifdef CONFIG_PAX_RANDMMAP
4411 + if (mm->pax_flags & MF_PAX_RANDMMAP)
4412 + mm->mmap_base += mm->delta_mmap;
4413 +#endif
4414 +
4415 mm->get_unmapped_area = arch_get_unmapped_area;
4416 } else {
4417 mm->mmap_base = mmap_base(random_factor);
4418 +
4419 +#ifdef CONFIG_PAX_RANDMMAP
4420 + if (mm->pax_flags & MF_PAX_RANDMMAP)
4421 + mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
4422 +#endif
4423 +
4424 mm->get_unmapped_area = arch_get_unmapped_area_topdown;
4425 }
4426 }
4427 diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c
4428 index 30fe03f..738d54e 100644
4429 --- a/arch/arm/mm/mmu.c
4430 +++ b/arch/arm/mm/mmu.c
4431 @@ -243,7 +243,15 @@ __setup("noalign", noalign_setup);
4432 #define PROT_PTE_S2_DEVICE PROT_PTE_DEVICE
4433 #define PROT_SECT_DEVICE PMD_TYPE_SECT|PMD_SECT_AP_WRITE
4434
4435 -static struct mem_type mem_types[] = {
4436 +#ifdef CONFIG_PAX_KERNEXEC
4437 +#define L_PTE_KERNEXEC L_PTE_RDONLY
4438 +#define PMD_SECT_KERNEXEC PMD_SECT_RDONLY
4439 +#else
4440 +#define L_PTE_KERNEXEC L_PTE_DIRTY
4441 +#define PMD_SECT_KERNEXEC PMD_SECT_AP_WRITE
4442 +#endif
4443 +
4444 +static struct mem_type mem_types[] __read_only = {
4445 [MT_DEVICE] = { /* Strongly ordered / ARMv6 shared device */
4446 .prot_pte = PROT_PTE_DEVICE | L_PTE_MT_DEV_SHARED |
4447 L_PTE_SHARED,
4448 @@ -272,19 +280,19 @@ static struct mem_type mem_types[] = {
4449 .prot_sect = PROT_SECT_DEVICE,
4450 .domain = DOMAIN_IO,
4451 },
4452 - [MT_UNCACHED] = {
4453 + [MT_UNCACHED_RW] = {
4454 .prot_pte = PROT_PTE_DEVICE,
4455 .prot_l1 = PMD_TYPE_TABLE,
4456 .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN,
4457 .domain = DOMAIN_IO,
4458 },
4459 - [MT_CACHECLEAN] = {
4460 - .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN,
4461 + [MT_CACHECLEAN_RO] = {
4462 + .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN | PMD_SECT_RDONLY,
4463 .domain = DOMAIN_KERNEL,
4464 },
4465 #ifndef CONFIG_ARM_LPAE
4466 - [MT_MINICLEAN] = {
4467 - .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN | PMD_SECT_MINICACHE,
4468 + [MT_MINICLEAN_RO] = {
4469 + .prot_sect = PMD_TYPE_SECT | PMD_SECT_MINICACHE | PMD_SECT_XN | PMD_SECT_RDONLY,
4470 .domain = DOMAIN_KERNEL,
4471 },
4472 #endif
4473 @@ -300,7 +308,7 @@ static struct mem_type mem_types[] = {
4474 .prot_l1 = PMD_TYPE_TABLE,
4475 .domain = DOMAIN_VECTORS,
4476 },
4477 - [MT_MEMORY_RWX] = {
4478 + [__MT_MEMORY_RWX] = {
4479 .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY,
4480 .prot_l1 = PMD_TYPE_TABLE,
4481 .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE,
4482 @@ -313,17 +321,30 @@ static struct mem_type mem_types[] = {
4483 .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE,
4484 .domain = DOMAIN_KERNEL,
4485 },
4486 - [MT_ROM] = {
4487 - .prot_sect = PMD_TYPE_SECT,
4488 + [MT_MEMORY_RX] = {
4489 + .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_KERNEXEC,
4490 + .prot_l1 = PMD_TYPE_TABLE,
4491 + .prot_sect = PMD_TYPE_SECT | PMD_SECT_KERNEXEC,
4492 + .domain = DOMAIN_KERNEL,
4493 + },
4494 + [MT_ROM_RX] = {
4495 + .prot_sect = PMD_TYPE_SECT | PMD_SECT_RDONLY,
4496 .domain = DOMAIN_KERNEL,
4497 },
4498 - [MT_MEMORY_RWX_NONCACHED] = {
4499 + [MT_MEMORY_RW_NONCACHED] = {
4500 .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY |
4501 L_PTE_MT_BUFFERABLE,
4502 .prot_l1 = PMD_TYPE_TABLE,
4503 .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE,
4504 .domain = DOMAIN_KERNEL,
4505 },
4506 + [MT_MEMORY_RX_NONCACHED] = {
4507 + .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_KERNEXEC |
4508 + L_PTE_MT_BUFFERABLE,
4509 + .prot_l1 = PMD_TYPE_TABLE,
4510 + .prot_sect = PMD_TYPE_SECT | PMD_SECT_KERNEXEC,
4511 + .domain = DOMAIN_KERNEL,
4512 + },
4513 [MT_MEMORY_RW_DTCM] = {
4514 .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY |
4515 L_PTE_XN,
4516 @@ -331,9 +352,10 @@ static struct mem_type mem_types[] = {
4517 .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN,
4518 .domain = DOMAIN_KERNEL,
4519 },
4520 - [MT_MEMORY_RWX_ITCM] = {
4521 - .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY,
4522 + [MT_MEMORY_RX_ITCM] = {
4523 + .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_KERNEXEC,
4524 .prot_l1 = PMD_TYPE_TABLE,
4525 + .prot_sect = PMD_TYPE_SECT | PMD_SECT_KERNEXEC,
4526 .domain = DOMAIN_KERNEL,
4527 },
4528 [MT_MEMORY_RW_SO] = {
4529 @@ -586,9 +608,14 @@ static void __init build_mem_type_table(void)
4530 * Mark cache clean areas and XIP ROM read only
4531 * from SVC mode and no access from userspace.
4532 */
4533 - mem_types[MT_ROM].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
4534 - mem_types[MT_MINICLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
4535 - mem_types[MT_CACHECLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
4536 + mem_types[MT_ROM_RX].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
4537 +#ifdef CONFIG_PAX_KERNEXEC
4538 + mem_types[MT_MEMORY_RX].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
4539 + mem_types[MT_MEMORY_RX_NONCACHED].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
4540 + mem_types[MT_MEMORY_RX_ITCM].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
4541 +#endif
4542 + mem_types[MT_MINICLEAN_RO].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
4543 + mem_types[MT_CACHECLEAN_RO].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
4544 #endif
4545
4546 /*
4547 @@ -605,13 +632,17 @@ static void __init build_mem_type_table(void)
4548 mem_types[MT_DEVICE_WC].prot_pte |= L_PTE_SHARED;
4549 mem_types[MT_DEVICE_CACHED].prot_sect |= PMD_SECT_S;
4550 mem_types[MT_DEVICE_CACHED].prot_pte |= L_PTE_SHARED;
4551 - mem_types[MT_MEMORY_RWX].prot_sect |= PMD_SECT_S;
4552 - mem_types[MT_MEMORY_RWX].prot_pte |= L_PTE_SHARED;
4553 + mem_types[__MT_MEMORY_RWX].prot_sect |= PMD_SECT_S;
4554 + mem_types[__MT_MEMORY_RWX].prot_pte |= L_PTE_SHARED;
4555 mem_types[MT_MEMORY_RW].prot_sect |= PMD_SECT_S;
4556 mem_types[MT_MEMORY_RW].prot_pte |= L_PTE_SHARED;
4557 + mem_types[MT_MEMORY_RX].prot_sect |= PMD_SECT_S;
4558 + mem_types[MT_MEMORY_RX].prot_pte |= L_PTE_SHARED;
4559 mem_types[MT_MEMORY_DMA_READY].prot_pte |= L_PTE_SHARED;
4560 - mem_types[MT_MEMORY_RWX_NONCACHED].prot_sect |= PMD_SECT_S;
4561 - mem_types[MT_MEMORY_RWX_NONCACHED].prot_pte |= L_PTE_SHARED;
4562 + mem_types[MT_MEMORY_RW_NONCACHED].prot_sect |= PMD_SECT_S;
4563 + mem_types[MT_MEMORY_RW_NONCACHED].prot_pte |= L_PTE_SHARED;
4564 + mem_types[MT_MEMORY_RX_NONCACHED].prot_sect |= PMD_SECT_S;
4565 + mem_types[MT_MEMORY_RX_NONCACHED].prot_pte |= L_PTE_SHARED;
4566 }
4567 }
4568
4569 @@ -622,15 +653,20 @@ static void __init build_mem_type_table(void)
4570 if (cpu_arch >= CPU_ARCH_ARMv6) {
4571 if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) {
4572 /* Non-cacheable Normal is XCB = 001 */
4573 - mem_types[MT_MEMORY_RWX_NONCACHED].prot_sect |=
4574 + mem_types[MT_MEMORY_RW_NONCACHED].prot_sect |=
4575 + PMD_SECT_BUFFERED;
4576 + mem_types[MT_MEMORY_RX_NONCACHED].prot_sect |=
4577 PMD_SECT_BUFFERED;
4578 } else {
4579 /* For both ARMv6 and non-TEX-remapping ARMv7 */
4580 - mem_types[MT_MEMORY_RWX_NONCACHED].prot_sect |=
4581 + mem_types[MT_MEMORY_RW_NONCACHED].prot_sect |=
4582 + PMD_SECT_TEX(1);
4583 + mem_types[MT_MEMORY_RX_NONCACHED].prot_sect |=
4584 PMD_SECT_TEX(1);
4585 }
4586 } else {
4587 - mem_types[MT_MEMORY_RWX_NONCACHED].prot_sect |= PMD_SECT_BUFFERABLE;
4588 + mem_types[MT_MEMORY_RW_NONCACHED].prot_sect |= PMD_SECT_BUFFERABLE;
4589 + mem_types[MT_MEMORY_RX_NONCACHED].prot_sect |= PMD_SECT_BUFFERABLE;
4590 }
4591
4592 #ifdef CONFIG_ARM_LPAE
4593 @@ -651,6 +687,8 @@ static void __init build_mem_type_table(void)
4594 user_pgprot |= PTE_EXT_PXN;
4595 #endif
4596
4597 + user_pgprot |= __supported_pte_mask;
4598 +
4599 for (i = 0; i < 16; i++) {
4600 pteval_t v = pgprot_val(protection_map[i]);
4601 protection_map[i] = __pgprot(v | user_pgprot);
4602 @@ -668,21 +706,24 @@ static void __init build_mem_type_table(void)
4603
4604 mem_types[MT_LOW_VECTORS].prot_l1 |= ecc_mask;
4605 mem_types[MT_HIGH_VECTORS].prot_l1 |= ecc_mask;
4606 - mem_types[MT_MEMORY_RWX].prot_sect |= ecc_mask | cp->pmd;
4607 - mem_types[MT_MEMORY_RWX].prot_pte |= kern_pgprot;
4608 + mem_types[__MT_MEMORY_RWX].prot_sect |= ecc_mask | cp->pmd;
4609 + mem_types[__MT_MEMORY_RWX].prot_pte |= kern_pgprot;
4610 mem_types[MT_MEMORY_RW].prot_sect |= ecc_mask | cp->pmd;
4611 mem_types[MT_MEMORY_RW].prot_pte |= kern_pgprot;
4612 + mem_types[MT_MEMORY_RX].prot_sect |= ecc_mask | cp->pmd;
4613 + mem_types[MT_MEMORY_RX].prot_pte |= kern_pgprot;
4614 mem_types[MT_MEMORY_DMA_READY].prot_pte |= kern_pgprot;
4615 - mem_types[MT_MEMORY_RWX_NONCACHED].prot_sect |= ecc_mask;
4616 - mem_types[MT_ROM].prot_sect |= cp->pmd;
4617 + mem_types[MT_MEMORY_RW_NONCACHED].prot_sect |= ecc_mask;
4618 + mem_types[MT_MEMORY_RX_NONCACHED].prot_sect |= ecc_mask;
4619 + mem_types[MT_ROM_RX].prot_sect |= cp->pmd;
4620
4621 switch (cp->pmd) {
4622 case PMD_SECT_WT:
4623 - mem_types[MT_CACHECLEAN].prot_sect |= PMD_SECT_WT;
4624 + mem_types[MT_CACHECLEAN_RO].prot_sect |= PMD_SECT_WT;
4625 break;
4626 case PMD_SECT_WB:
4627 case PMD_SECT_WBWA:
4628 - mem_types[MT_CACHECLEAN].prot_sect |= PMD_SECT_WB;
4629 + mem_types[MT_CACHECLEAN_RO].prot_sect |= PMD_SECT_WB;
4630 break;
4631 }
4632 pr_info("Memory policy: %sData cache %s\n",
4633 @@ -959,7 +1000,7 @@ static void __init create_mapping(struct map_desc *md)
4634 return;
4635 }
4636
4637 - if ((md->type == MT_DEVICE || md->type == MT_ROM) &&
4638 + if ((md->type == MT_DEVICE || md->type == MT_ROM_RX) &&
4639 md->virtual >= PAGE_OFFSET && md->virtual < FIXADDR_START &&
4640 (md->virtual < VMALLOC_START || md->virtual >= VMALLOC_END)) {
4641 pr_warn("BUG: mapping for 0x%08llx at 0x%08lx out of vmalloc space\n",
4642 @@ -1320,18 +1361,15 @@ void __init arm_mm_memblock_reserve(void)
4643 * Any other function or debugging method which may touch any device _will_
4644 * crash the kernel.
4645 */
4646 +
4647 +static char vectors[PAGE_SIZE * 2] __read_only __aligned(PAGE_SIZE);
4648 +
4649 static void __init devicemaps_init(const struct machine_desc *mdesc)
4650 {
4651 struct map_desc map;
4652 unsigned long addr;
4653 - void *vectors;
4654
4655 - /*
4656 - * Allocate the vector page early.
4657 - */
4658 - vectors = early_alloc(PAGE_SIZE * 2);
4659 -
4660 - early_trap_init(vectors);
4661 + early_trap_init(&vectors);
4662
4663 /*
4664 * Clear page table except top pmd used by early fixmaps
4665 @@ -1347,7 +1385,7 @@ static void __init devicemaps_init(const struct machine_desc *mdesc)
4666 map.pfn = __phys_to_pfn(CONFIG_XIP_PHYS_ADDR & SECTION_MASK);
4667 map.virtual = MODULES_VADDR;
4668 map.length = ((unsigned long)_exiprom - map.virtual + ~SECTION_MASK) & SECTION_MASK;
4669 - map.type = MT_ROM;
4670 + map.type = MT_ROM_RX;
4671 create_mapping(&map);
4672 #endif
4673
4674 @@ -1358,14 +1396,14 @@ static void __init devicemaps_init(const struct machine_desc *mdesc)
4675 map.pfn = __phys_to_pfn(FLUSH_BASE_PHYS);
4676 map.virtual = FLUSH_BASE;
4677 map.length = SZ_1M;
4678 - map.type = MT_CACHECLEAN;
4679 + map.type = MT_CACHECLEAN_RO;
4680 create_mapping(&map);
4681 #endif
4682 #ifdef FLUSH_BASE_MINICACHE
4683 map.pfn = __phys_to_pfn(FLUSH_BASE_PHYS + SZ_1M);
4684 map.virtual = FLUSH_BASE_MINICACHE;
4685 map.length = SZ_1M;
4686 - map.type = MT_MINICLEAN;
4687 + map.type = MT_MINICLEAN_RO;
4688 create_mapping(&map);
4689 #endif
4690
4691 @@ -1374,7 +1412,7 @@ static void __init devicemaps_init(const struct machine_desc *mdesc)
4692 * location (0xffff0000). If we aren't using high-vectors, also
4693 * create a mapping at the low-vectors virtual address.
4694 */
4695 - map.pfn = __phys_to_pfn(virt_to_phys(vectors));
4696 + map.pfn = __phys_to_pfn(virt_to_phys(&vectors));
4697 map.virtual = 0xffff0000;
4698 map.length = PAGE_SIZE;
4699 #ifdef CONFIG_KUSER_HELPERS
4700 @@ -1437,12 +1475,14 @@ static void __init kmap_init(void)
4701 static void __init map_lowmem(void)
4702 {
4703 struct memblock_region *reg;
4704 +#ifndef CONFIG_PAX_KERNEXEC
4705 #ifdef CONFIG_XIP_KERNEL
4706 phys_addr_t kernel_x_start = round_down(__pa(_sdata), SECTION_SIZE);
4707 #else
4708 phys_addr_t kernel_x_start = round_down(__pa(_stext), SECTION_SIZE);
4709 #endif
4710 phys_addr_t kernel_x_end = round_up(__pa(__init_end), SECTION_SIZE);
4711 +#endif
4712
4713 /* Map all the lowmem memory banks. */
4714 for_each_memblock(memory, reg) {
4715 @@ -1458,11 +1498,48 @@ static void __init map_lowmem(void)
4716 if (start >= end)
4717 break;
4718
4719 +#ifdef CONFIG_PAX_KERNEXEC
4720 + map.pfn = __phys_to_pfn(start);
4721 + map.virtual = __phys_to_virt(start);
4722 + map.length = end - start;
4723 +
4724 + if (map.virtual <= (unsigned long)_stext && ((unsigned long)_end < (map.virtual + map.length))) {
4725 + struct map_desc kernel;
4726 + struct map_desc initmap;
4727 +
4728 + /* when freeing initmem we will make this RW */
4729 + initmap.pfn = __phys_to_pfn(__pa(__init_begin));
4730 + initmap.virtual = (unsigned long)__init_begin;
4731 + initmap.length = _sdata - __init_begin;
4732 + initmap.type = __MT_MEMORY_RWX;
4733 + create_mapping(&initmap);
4734 +
4735 + /* when freeing initmem we will make this RX */
4736 + kernel.pfn = __phys_to_pfn(__pa(_stext));
4737 + kernel.virtual = (unsigned long)_stext;
4738 + kernel.length = __init_begin - _stext;
4739 + kernel.type = __MT_MEMORY_RWX;
4740 + create_mapping(&kernel);
4741 +
4742 + if (map.virtual < (unsigned long)_stext) {
4743 + map.length = (unsigned long)_stext - map.virtual;
4744 + map.type = __MT_MEMORY_RWX;
4745 + create_mapping(&map);
4746 + }
4747 +
4748 + map.pfn = __phys_to_pfn(__pa(_sdata));
4749 + map.virtual = (unsigned long)_sdata;
4750 + map.length = end - __pa(_sdata);
4751 + }
4752 +
4753 + map.type = MT_MEMORY_RW;
4754 + create_mapping(&map);
4755 +#else
4756 if (end < kernel_x_start) {
4757 map.pfn = __phys_to_pfn(start);
4758 map.virtual = __phys_to_virt(start);
4759 map.length = end - start;
4760 - map.type = MT_MEMORY_RWX;
4761 + map.type = __MT_MEMORY_RWX;
4762
4763 create_mapping(&map);
4764 } else if (start >= kernel_x_end) {
4765 @@ -1486,7 +1563,7 @@ static void __init map_lowmem(void)
4766 map.pfn = __phys_to_pfn(kernel_x_start);
4767 map.virtual = __phys_to_virt(kernel_x_start);
4768 map.length = kernel_x_end - kernel_x_start;
4769 - map.type = MT_MEMORY_RWX;
4770 + map.type = __MT_MEMORY_RWX;
4771
4772 create_mapping(&map);
4773
4774 @@ -1499,6 +1576,7 @@ static void __init map_lowmem(void)
4775 create_mapping(&map);
4776 }
4777 }
4778 +#endif
4779 }
4780 }
4781
4782 diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c
4783 index 93d0b6d..2db6d99 100644
4784 --- a/arch/arm/net/bpf_jit_32.c
4785 +++ b/arch/arm/net/bpf_jit_32.c
4786 @@ -20,6 +20,7 @@
4787 #include <asm/cacheflush.h>
4788 #include <asm/hwcap.h>
4789 #include <asm/opcodes.h>
4790 +#include <asm/pgtable.h>
4791
4792 #include "bpf_jit_32.h"
4793
4794 @@ -72,54 +73,38 @@ struct jit_ctx {
4795 #endif
4796 };
4797
4798 +#ifdef CONFIG_GRKERNSEC_BPF_HARDEN
4799 +int bpf_jit_enable __read_only;
4800 +#else
4801 int bpf_jit_enable __read_mostly;
4802 +#endif
4803
4804 -static inline int call_neg_helper(struct sk_buff *skb, int offset, void *ret,
4805 - unsigned int size)
4806 -{
4807 - void *ptr = bpf_internal_load_pointer_neg_helper(skb, offset, size);
4808 -
4809 - if (!ptr)
4810 - return -EFAULT;
4811 - memcpy(ret, ptr, size);
4812 - return 0;
4813 -}
4814 -
4815 -static u64 jit_get_skb_b(struct sk_buff *skb, int offset)
4816 +static u64 jit_get_skb_b(struct sk_buff *skb, unsigned offset)
4817 {
4818 u8 ret;
4819 int err;
4820
4821 - if (offset < 0)
4822 - err = call_neg_helper(skb, offset, &ret, 1);
4823 - else
4824 - err = skb_copy_bits(skb, offset, &ret, 1);
4825 + err = skb_copy_bits(skb, offset, &ret, 1);
4826
4827 return (u64)err << 32 | ret;
4828 }
4829
4830 -static u64 jit_get_skb_h(struct sk_buff *skb, int offset)
4831 +static u64 jit_get_skb_h(struct sk_buff *skb, unsigned offset)
4832 {
4833 u16 ret;
4834 int err;
4835
4836 - if (offset < 0)
4837 - err = call_neg_helper(skb, offset, &ret, 2);
4838 - else
4839 - err = skb_copy_bits(skb, offset, &ret, 2);
4840 + err = skb_copy_bits(skb, offset, &ret, 2);
4841
4842 return (u64)err << 32 | ntohs(ret);
4843 }
4844
4845 -static u64 jit_get_skb_w(struct sk_buff *skb, int offset)
4846 +static u64 jit_get_skb_w(struct sk_buff *skb, unsigned offset)
4847 {
4848 u32 ret;
4849 int err;
4850
4851 - if (offset < 0)
4852 - err = call_neg_helper(skb, offset, &ret, 4);
4853 - else
4854 - err = skb_copy_bits(skb, offset, &ret, 4);
4855 + err = skb_copy_bits(skb, offset, &ret, 4);
4856
4857 return (u64)err << 32 | ntohl(ret);
4858 }
4859 @@ -191,8 +176,10 @@ static void jit_fill_hole(void *area, unsigned int size)
4860 {
4861 u32 *ptr;
4862 /* We are guaranteed to have aligned memory. */
4863 + pax_open_kernel();
4864 for (ptr = area; size >= sizeof(u32); size -= sizeof(u32))
4865 *ptr++ = __opcode_to_mem_arm(ARM_INST_UDF);
4866 + pax_close_kernel();
4867 }
4868
4869 static void build_prologue(struct jit_ctx *ctx)
4870 @@ -554,6 +541,9 @@ static int build_body(struct jit_ctx *ctx)
4871 case BPF_LD | BPF_B | BPF_ABS:
4872 load_order = 0;
4873 load:
4874 + /* the interpreter will deal with the negative K */
4875 + if ((int)k < 0)
4876 + return -ENOTSUPP;
4877 emit_mov_i(r_off, k, ctx);
4878 load_common:
4879 ctx->seen |= SEEN_DATA | SEEN_CALL;
4880 @@ -568,18 +558,6 @@ load_common:
4881 condt = ARM_COND_HI;
4882 }
4883
4884 - /*
4885 - * test for negative offset, only if we are
4886 - * currently scheduled to take the fast
4887 - * path. this will update the flags so that
4888 - * the slowpath instruction are ignored if the
4889 - * offset is negative.
4890 - *
4891 - * for loard_order == 0 the HI condition will
4892 - * make loads at offset 0 take the slow path too.
4893 - */
4894 - _emit(condt, ARM_CMP_I(r_off, 0), ctx);
4895 -
4896 _emit(condt, ARM_ADD_R(r_scratch, r_off, r_skb_data),
4897 ctx);
4898
4899 diff --git a/arch/arm/plat-iop/setup.c b/arch/arm/plat-iop/setup.c
4900 index 8151bde..9be301f 100644
4901 --- a/arch/arm/plat-iop/setup.c
4902 +++ b/arch/arm/plat-iop/setup.c
4903 @@ -24,7 +24,7 @@ static struct map_desc iop3xx_std_desc[] __initdata = {
4904 .virtual = IOP3XX_PERIPHERAL_VIRT_BASE,
4905 .pfn = __phys_to_pfn(IOP3XX_PERIPHERAL_PHYS_BASE),
4906 .length = IOP3XX_PERIPHERAL_SIZE,
4907 - .type = MT_UNCACHED,
4908 + .type = MT_UNCACHED_RW,
4909 },
4910 };
4911
4912 diff --git a/arch/arm/plat-omap/sram.c b/arch/arm/plat-omap/sram.c
4913 index a5bc92d..0bb4730 100644
4914 --- a/arch/arm/plat-omap/sram.c
4915 +++ b/arch/arm/plat-omap/sram.c
4916 @@ -93,6 +93,8 @@ void __init omap_map_sram(unsigned long start, unsigned long size,
4917 * Looks like we need to preserve some bootloader code at the
4918 * beginning of SRAM for jumping to flash for reboot to work...
4919 */
4920 + pax_open_kernel();
4921 memset_io(omap_sram_base + omap_sram_skip, 0,
4922 omap_sram_size - omap_sram_skip);
4923 + pax_close_kernel();
4924 }
4925 diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
4926 index bc3f00f..88ded6a 100644
4927 --- a/arch/arm64/Kconfig
4928 +++ b/arch/arm64/Kconfig
4929 @@ -891,6 +891,7 @@ config RELOCATABLE
4930
4931 config RANDOMIZE_BASE
4932 bool "Randomize the address of the kernel image"
4933 + depends on BROKEN_SECURITY
4934 select ARM64_MODULE_PLTS if MODULES
4935 select RELOCATABLE
4936 help
4937 diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug
4938 index 0cc758c..de67415 100644
4939 --- a/arch/arm64/Kconfig.debug
4940 +++ b/arch/arm64/Kconfig.debug
4941 @@ -6,6 +6,7 @@ config ARM64_PTDUMP
4942 bool "Export kernel pagetable layout to userspace via debugfs"
4943 depends on DEBUG_KERNEL
4944 select DEBUG_FS
4945 + depends on !GRKERNSEC_KMEM
4946 help
4947 Say Y here if you want to show the kernel pagetable layout in a
4948 debugfs file. This information is only useful for kernel developers
4949 diff --git a/arch/arm64/crypto/sha1-ce-glue.c b/arch/arm64/crypto/sha1-ce-glue.c
4950 index aefda98..2937874 100644
4951 --- a/arch/arm64/crypto/sha1-ce-glue.c
4952 +++ b/arch/arm64/crypto/sha1-ce-glue.c
4953 @@ -29,7 +29,7 @@ struct sha1_ce_state {
4954 u32 finalize;
4955 };
4956
4957 -asmlinkage void sha1_ce_transform(struct sha1_ce_state *sst, u8 const *src,
4958 +asmlinkage void sha1_ce_transform(struct sha1_state *sst, u8 const *src,
4959 int blocks);
4960
4961 static int sha1_ce_update(struct shash_desc *desc, const u8 *data,
4962 @@ -39,8 +39,7 @@ static int sha1_ce_update(struct shash_desc *desc, const u8 *data,
4963
4964 sctx->finalize = 0;
4965 kernel_neon_begin_partial(16);
4966 - sha1_base_do_update(desc, data, len,
4967 - (sha1_block_fn *)sha1_ce_transform);
4968 + sha1_base_do_update(desc, data, len, sha1_ce_transform);
4969 kernel_neon_end();
4970
4971 return 0;
4972 @@ -64,10 +63,9 @@ static int sha1_ce_finup(struct shash_desc *desc, const u8 *data,
4973 sctx->finalize = finalize;
4974
4975 kernel_neon_begin_partial(16);
4976 - sha1_base_do_update(desc, data, len,
4977 - (sha1_block_fn *)sha1_ce_transform);
4978 + sha1_base_do_update(desc, data, len, sha1_ce_transform);
4979 if (!finalize)
4980 - sha1_base_do_finalize(desc, (sha1_block_fn *)sha1_ce_transform);
4981 + sha1_base_do_finalize(desc, sha1_ce_transform);
4982 kernel_neon_end();
4983 return sha1_base_finish(desc, out);
4984 }
4985 @@ -78,7 +76,7 @@ static int sha1_ce_final(struct shash_desc *desc, u8 *out)
4986
4987 sctx->finalize = 0;
4988 kernel_neon_begin_partial(16);
4989 - sha1_base_do_finalize(desc, (sha1_block_fn *)sha1_ce_transform);
4990 + sha1_base_do_finalize(desc, sha1_ce_transform);
4991 kernel_neon_end();
4992 return sha1_base_finish(desc, out);
4993 }
4994 diff --git a/arch/arm64/include/asm/atomic.h b/arch/arm64/include/asm/atomic.h
4995 index c0235e0..86eb684 100644
4996 --- a/arch/arm64/include/asm/atomic.h
4997 +++ b/arch/arm64/include/asm/atomic.h
4998 @@ -57,11 +57,13 @@
4999 #define atomic_set(v, i) WRITE_ONCE(((v)->counter), (i))
5000
5001 #define atomic_add_return_relaxed atomic_add_return_relaxed
5002 +#define atomic_add_return_unchecked_relaxed atomic_add_return_relaxed
5003 #define atomic_add_return_acquire atomic_add_return_acquire
5004 #define atomic_add_return_release atomic_add_return_release
5005 #define atomic_add_return atomic_add_return
5006
5007 #define atomic_inc_return_relaxed(v) atomic_add_return_relaxed(1, (v))
5008 +#define atomic_inc_return_unchecked_relaxed(v) atomic_add_return_relaxed(1, (v))
5009 #define atomic_inc_return_acquire(v) atomic_add_return_acquire(1, (v))
5010 #define atomic_inc_return_release(v) atomic_add_return_release(1, (v))
5011 #define atomic_inc_return(v) atomic_add_return(1, (v))
5012 @@ -128,6 +130,8 @@
5013 #define __atomic_add_unless(v, a, u) ___atomic_add_unless(v, a, u,)
5014 #define atomic_andnot atomic_andnot
5015
5016 +#define atomic_inc_return_unchecked_relaxed(v) atomic_add_return_relaxed(1, (v))
5017 +
5018 /*
5019 * 64-bit atomic operations.
5020 */
5021 @@ -206,5 +210,16 @@
5022
5023 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
5024
5025 +#define atomic64_read_unchecked(v) atomic64_read(v)
5026 +#define atomic64_set_unchecked(v, i) atomic64_set((v), (i))
5027 +#define atomic64_add_unchecked(a, v) atomic64_add((a), (v))
5028 +#define atomic64_add_return_unchecked(a, v) atomic64_add_return((a), (v))
5029 +#define atomic64_sub_unchecked(a, v) atomic64_sub((a), (v))
5030 +#define atomic64_inc_unchecked(v) atomic64_inc(v)
5031 +#define atomic64_inc_return_unchecked(v) atomic64_inc_return(v)
5032 +#define atomic64_dec_unchecked(v) atomic64_dec(v)
5033 +#define atomic64_cmpxchg_unchecked(v, o, n) atomic64_cmpxchg((v), (o), (n))
5034 +#define atomic64_xchg_unchecked(v, n) atomic64_xchg((v), (n))
5035 +
5036 #endif
5037 #endif
5038 diff --git a/arch/arm64/include/asm/cache.h b/arch/arm64/include/asm/cache.h
5039 index 5082b30..9ef38c2 100644
5040 --- a/arch/arm64/include/asm/cache.h
5041 +++ b/arch/arm64/include/asm/cache.h
5042 @@ -16,10 +16,14 @@
5043 #ifndef __ASM_CACHE_H
5044 #define __ASM_CACHE_H
5045
5046 +#include <linux/const.h>
5047 +
5048 #include <asm/cachetype.h>
5049
5050 +#include <linux/const.h>
5051 +
5052 #define L1_CACHE_SHIFT 7
5053 -#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
5054 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
5055
5056 /*
5057 * Memory returned by kmalloc() may be used for DMA, so we must make
5058 diff --git a/arch/arm64/include/asm/percpu.h b/arch/arm64/include/asm/percpu.h
5059 index 5394c84..05e5a95 100644
5060 --- a/arch/arm64/include/asm/percpu.h
5061 +++ b/arch/arm64/include/asm/percpu.h
5062 @@ -123,16 +123,16 @@ static inline void __percpu_write(void *ptr, unsigned long val, int size)
5063 {
5064 switch (size) {
5065 case 1:
5066 - ACCESS_ONCE(*(u8 *)ptr) = (u8)val;
5067 + ACCESS_ONCE_RW(*(u8 *)ptr) = (u8)val;
5068 break;
5069 case 2:
5070 - ACCESS_ONCE(*(u16 *)ptr) = (u16)val;
5071 + ACCESS_ONCE_RW(*(u16 *)ptr) = (u16)val;
5072 break;
5073 case 4:
5074 - ACCESS_ONCE(*(u32 *)ptr) = (u32)val;
5075 + ACCESS_ONCE_RW(*(u32 *)ptr) = (u32)val;
5076 break;
5077 case 8:
5078 - ACCESS_ONCE(*(u64 *)ptr) = (u64)val;
5079 + ACCESS_ONCE_RW(*(u64 *)ptr) = (u64)val;
5080 break;
5081 default:
5082 BUILD_BUG();
5083 diff --git a/arch/arm64/include/asm/pgalloc.h b/arch/arm64/include/asm/pgalloc.h
5084 index d25f4f1..61d52da 100644
5085 --- a/arch/arm64/include/asm/pgalloc.h
5086 +++ b/arch/arm64/include/asm/pgalloc.h
5087 @@ -51,6 +51,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
5088 {
5089 __pud_populate(pud, __pa(pmd), PMD_TYPE_TABLE);
5090 }
5091 +
5092 +static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
5093 +{
5094 + pud_populate(mm, pud, pmd);
5095 +}
5096 #else
5097 static inline void __pud_populate(pud_t *pud, phys_addr_t pmd, pudval_t prot)
5098 {
5099 @@ -80,6 +85,11 @@ static inline void pgd_populate(struct mm_struct *mm, pgd_t *pgd, pud_t *pud)
5100 {
5101 __pgd_populate(pgd, __pa(pud), PUD_TYPE_TABLE);
5102 }
5103 +
5104 +static inline void pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pud_t *pud)
5105 +{
5106 + pgd_populate(mm, pgd, pud);
5107 +}
5108 #else
5109 static inline void __pgd_populate(pgd_t *pgdp, phys_addr_t pud, pgdval_t prot)
5110 {
5111 diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
5112 index e20bd43..7e476da 100644
5113 --- a/arch/arm64/include/asm/pgtable.h
5114 +++ b/arch/arm64/include/asm/pgtable.h
5115 @@ -23,6 +23,9 @@
5116 #include <asm/pgtable-hwdef.h>
5117 #include <asm/pgtable-prot.h>
5118
5119 +#define ktla_ktva(addr) (addr)
5120 +#define ktva_ktla(addr) (addr)
5121 +
5122 /*
5123 * VMALLOC range.
5124 *
5125 @@ -718,6 +721,9 @@ static inline void update_mmu_cache(struct vm_area_struct *vma,
5126 #define kc_vaddr_to_offset(v) ((v) & ~VA_START)
5127 #define kc_offset_to_vaddr(o) ((o) | VA_START)
5128
5129 +#define ktla_ktva(addr) (addr)
5130 +#define ktva_ktla(addr) (addr)
5131 +
5132 #endif /* !__ASSEMBLY__ */
5133
5134 #endif /* __ASM_PGTABLE_H */
5135 diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
5136 index ace0a96..c7c4d3c 100644
5137 --- a/arch/arm64/include/asm/processor.h
5138 +++ b/arch/arm64/include/asm/processor.h
5139 @@ -194,4 +194,11 @@ void cpu_enable_pan(void *__unused);
5140 void cpu_enable_uao(void *__unused);
5141 void cpu_enable_cache_maint_trap(void *__unused);
5142
5143 +#ifdef CONFIG_PAX_RAP
5144 +static inline void pax_reload_rap_cookie(unsigned long *rap_cookie)
5145 +{
5146 + asm volatile("mov\tx19, %0\n\t" : : "r"(*rap_cookie) : "r19");
5147 +}
5148 +#endif
5149 +
5150 #endif /* __ASM_PROCESSOR_H */
5151 diff --git a/arch/arm64/include/asm/string.h b/arch/arm64/include/asm/string.h
5152 index 2eb714c..3a10471 100644
5153 --- a/arch/arm64/include/asm/string.h
5154 +++ b/arch/arm64/include/asm/string.h
5155 @@ -17,40 +17,40 @@
5156 #define __ASM_STRING_H
5157
5158 #define __HAVE_ARCH_STRRCHR
5159 -extern char *strrchr(const char *, int c);
5160 +extern char *strrchr(const char *, int c) __nocapture(-1);
5161
5162 #define __HAVE_ARCH_STRCHR
5163 -extern char *strchr(const char *, int c);
5164 +extern char *strchr(const char *, int c) __nocapture(-1);
5165
5166 #define __HAVE_ARCH_STRCMP
5167 -extern int strcmp(const char *, const char *);
5168 +extern int strcmp(const char *, const char *) __nocapture();
5169
5170 #define __HAVE_ARCH_STRNCMP
5171 -extern int strncmp(const char *, const char *, __kernel_size_t);
5172 +extern int strncmp(const char *, const char *, __kernel_size_t) __nocapture(1, 2);
5173
5174 #define __HAVE_ARCH_STRLEN
5175 -extern __kernel_size_t strlen(const char *);
5176 +extern __kernel_size_t strlen(const char *) __nocapture(1);
5177
5178 #define __HAVE_ARCH_STRNLEN
5179 -extern __kernel_size_t strnlen(const char *, __kernel_size_t);
5180 +extern __kernel_size_t strnlen(const char *, __kernel_size_t) __nocapture(1);
5181
5182 #define __HAVE_ARCH_MEMCPY
5183 -extern void *memcpy(void *, const void *, __kernel_size_t);
5184 -extern void *__memcpy(void *, const void *, __kernel_size_t);
5185 +extern void *memcpy(void *, const void *, __kernel_size_t) __nocapture(2);
5186 +extern void *__memcpy(void *, const void *, __kernel_size_t) __nocapture(2);
5187
5188 #define __HAVE_ARCH_MEMMOVE
5189 -extern void *memmove(void *, const void *, __kernel_size_t);
5190 -extern void *__memmove(void *, const void *, __kernel_size_t);
5191 +extern void *memmove(void *, const void *, __kernel_size_t) __nocapture(2);
5192 +extern void *__memmove(void *, const void *, __kernel_size_t) __nocapture(2);
5193
5194 #define __HAVE_ARCH_MEMCHR
5195 -extern void *memchr(const void *, int, __kernel_size_t);
5196 +extern void *memchr(const void *, int, __kernel_size_t) __nocapture(-1);
5197
5198 #define __HAVE_ARCH_MEMSET
5199 extern void *memset(void *, int, __kernel_size_t);
5200 extern void *__memset(void *, int, __kernel_size_t);
5201
5202 #define __HAVE_ARCH_MEMCMP
5203 -extern int memcmp(const void *, const void *, size_t);
5204 +extern int memcmp(const void *, const void *, size_t) __nocapture(1, 2);
5205
5206
5207 #if defined(CONFIG_KASAN) && !defined(__SANITIZE_ADDRESS__)
5208 diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h
5209 index db84983..d256a3edc 100644
5210 --- a/arch/arm64/include/asm/uaccess.h
5211 +++ b/arch/arm64/include/asm/uaccess.h
5212 @@ -110,6 +110,7 @@ static inline void set_fs(mm_segment_t fs)
5213 */
5214 #define untagged_addr(addr) sign_extend64(addr, 55)
5215
5216 +#define access_ok_noprefault(type, addr, size) access_ok((type), (addr), (size))
5217 #define access_ok(type, addr, size) __range_ok(addr, size)
5218 #define user_addr_max get_fs
5219
5220 @@ -279,6 +280,9 @@ static inline unsigned long __must_check __copy_from_user(void *to, const void _
5221
5222 static inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n)
5223 {
5224 + if ((long)n < 0)
5225 + return n;
5226 +
5227 kasan_check_read(from, n);
5228 check_object_size(from, n, true);
5229 return __arch_copy_to_user(to, from, n);
5230 @@ -286,6 +290,9 @@ static inline unsigned long __must_check __copy_to_user(void __user *to, const v
5231
5232 static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
5233 {
5234 + if ((long)n < 0)
5235 + return n;
5236 +
5237 kasan_check_write(to, n);
5238
5239 if (access_ok(VERIFY_READ, from, n)) {
5240 @@ -298,6 +305,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u
5241
5242 static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
5243 {
5244 + if ((long)n < 0)
5245 + return n;
5246 +
5247 kasan_check_read(from, n);
5248
5249 if (access_ok(VERIFY_WRITE, to, n)) {
5250 diff --git a/arch/arm64/kernel/hibernate.c b/arch/arm64/kernel/hibernate.c
5251 index 65d81f9..6a46f09 100644
5252 --- a/arch/arm64/kernel/hibernate.c
5253 +++ b/arch/arm64/kernel/hibernate.c
5254 @@ -166,7 +166,7 @@ EXPORT_SYMBOL(arch_hibernation_header_restore);
5255 static int create_safe_exec_page(void *src_start, size_t length,
5256 unsigned long dst_addr,
5257 phys_addr_t *phys_dst_addr,
5258 - void *(*allocator)(gfp_t mask),
5259 + unsigned long (*allocator)(gfp_t mask),
5260 gfp_t mask)
5261 {
5262 int rc = 0;
5263 @@ -174,7 +174,7 @@ static int create_safe_exec_page(void *src_start, size_t length,
5264 pud_t *pud;
5265 pmd_t *pmd;
5266 pte_t *pte;
5267 - unsigned long dst = (unsigned long)allocator(mask);
5268 + unsigned long dst = allocator(mask);
5269
5270 if (!dst) {
5271 rc = -ENOMEM;
5272 @@ -184,9 +184,9 @@ static int create_safe_exec_page(void *src_start, size_t length,
5273 memcpy((void *)dst, src_start, length);
5274 flush_icache_range(dst, dst + length);
5275
5276 - pgd = pgd_offset_raw(allocator(mask), dst_addr);
5277 + pgd = pgd_offset_raw((pgd_t *)allocator(mask), dst_addr);
5278 if (pgd_none(*pgd)) {
5279 - pud = allocator(mask);
5280 + pud = (pud_t *)allocator(mask);
5281 if (!pud) {
5282 rc = -ENOMEM;
5283 goto out;
5284 @@ -196,7 +196,7 @@ static int create_safe_exec_page(void *src_start, size_t length,
5285
5286 pud = pud_offset(pgd, dst_addr);
5287 if (pud_none(*pud)) {
5288 - pmd = allocator(mask);
5289 + pmd = (pmd_t *)allocator(mask);
5290 if (!pmd) {
5291 rc = -ENOMEM;
5292 goto out;
5293 @@ -206,7 +206,7 @@ static int create_safe_exec_page(void *src_start, size_t length,
5294
5295 pmd = pmd_offset(pud, dst_addr);
5296 if (pmd_none(*pmd)) {
5297 - pte = allocator(mask);
5298 + pte = (pte_t *)allocator(mask);
5299 if (!pte) {
5300 rc = -ENOMEM;
5301 goto out;
5302 @@ -449,7 +449,7 @@ int swsusp_arch_resume(void)
5303 rc = create_safe_exec_page(__hibernate_exit_text_start, exit_size,
5304 (unsigned long)hibernate_exit,
5305 &phys_hibernate_exit,
5306 - (void *)get_safe_page, GFP_ATOMIC);
5307 + get_safe_page, GFP_ATOMIC);
5308 if (rc) {
5309 pr_err("Failed to create safe executable page for hibernate_exit code.");
5310 goto out;
5311 diff --git a/arch/arm64/kernel/probes/decode-insn.c b/arch/arm64/kernel/probes/decode-insn.c
5312 index 37e47a9..f8597fc 100644
5313 --- a/arch/arm64/kernel/probes/decode-insn.c
5314 +++ b/arch/arm64/kernel/probes/decode-insn.c
5315 @@ -157,10 +157,10 @@ arm_kprobe_decode_insn(kprobe_opcode_t *addr, struct arch_specific_insn *asi)
5316 mod = __module_address((unsigned long)addr);
5317 if (mod && within_module_init((unsigned long)addr, mod) &&
5318 !within_module_init((unsigned long)scan_end, mod))
5319 - scan_end = (kprobe_opcode_t *)mod->init_layout.base;
5320 + scan_end = (kprobe_opcode_t *)mod->init_layout.base_rx;
5321 else if (mod && within_module_core((unsigned long)addr, mod) &&
5322 !within_module_core((unsigned long)scan_end, mod))
5323 - scan_end = (kprobe_opcode_t *)mod->core_layout.base;
5324 + scan_end = (kprobe_opcode_t *)mod->core_layout.base_rx;
5325 preempt_enable();
5326 }
5327 #endif
5328 diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
5329 index 6cd2612..56d72e5c 100644
5330 --- a/arch/arm64/kernel/process.c
5331 +++ b/arch/arm64/kernel/process.c
5332 @@ -63,7 +63,7 @@ EXPORT_SYMBOL(__stack_chk_guard);
5333 /*
5334 * Function pointers to optional machine specific functions
5335 */
5336 -void (*pm_power_off)(void);
5337 +void (* pm_power_off)(void);
5338 EXPORT_SYMBOL_GPL(pm_power_off);
5339
5340 void (*arm_pm_restart)(enum reboot_mode reboot_mode, const char *cmd);
5341 @@ -109,7 +109,7 @@ void machine_shutdown(void)
5342 * activity (executing tasks, handling interrupts). smp_send_stop()
5343 * achieves this.
5344 */
5345 -void machine_halt(void)
5346 +void __noreturn machine_halt(void)
5347 {
5348 local_irq_disable();
5349 smp_send_stop();
5350 @@ -122,12 +122,13 @@ void machine_halt(void)
5351 * achieves this. When the system power is turned off, it will take all CPUs
5352 * with it.
5353 */
5354 -void machine_power_off(void)
5355 +void __noreturn machine_power_off(void)
5356 {
5357 local_irq_disable();
5358 smp_send_stop();
5359 if (pm_power_off)
5360 pm_power_off();
5361 + while(1);
5362 }
5363
5364 /*
5365 @@ -139,7 +140,7 @@ void machine_power_off(void)
5366 * executing pre-reset code, and using RAM that the primary CPU's code wishes
5367 * to use. Implementing such co-ordination would be essentially impossible.
5368 */
5369 -void machine_restart(char *cmd)
5370 +void __noreturn machine_restart(char *cmd)
5371 {
5372 /* Disable interrupts first */
5373 local_irq_disable();
5374 diff --git a/arch/arm64/kernel/stacktrace.c b/arch/arm64/kernel/stacktrace.c
5375 index d34fd72..8b6faee 100644
5376 --- a/arch/arm64/kernel/stacktrace.c
5377 +++ b/arch/arm64/kernel/stacktrace.c
5378 @@ -95,8 +95,8 @@ int notrace unwind_frame(struct task_struct *tsk, struct stackframe *frame)
5379 struct pt_regs *irq_args;
5380 unsigned long orig_sp = IRQ_STACK_TO_TASK_STACK(irq_stack_ptr);
5381
5382 - if (object_is_on_stack((void *)orig_sp) &&
5383 - object_is_on_stack((void *)frame->fp)) {
5384 + if (object_starts_on_stack((void *)orig_sp) &&
5385 + object_starts_on_stack((void *)frame->fp)) {
5386 frame->sp = orig_sp;
5387
5388 /* orig_sp is the saved pt_regs, find the elr */
5389 diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
5390 index 771a01a7f..db6d9cc 100644
5391 --- a/arch/arm64/kernel/traps.c
5392 +++ b/arch/arm64/kernel/traps.c
5393 @@ -511,7 +511,7 @@ asmlinkage long do_ni_syscall(struct pt_regs *regs)
5394 __show_regs(regs);
5395 }
5396
5397 - return sys_ni_syscall();
5398 + return -ENOSYS;
5399 }
5400
5401 static const char *esr_class_str[] = {
5402 diff --git a/arch/avr32/include/asm/cache.h b/arch/avr32/include/asm/cache.h
5403 index c3a58a1..78fbf54 100644
5404 --- a/arch/avr32/include/asm/cache.h
5405 +++ b/arch/avr32/include/asm/cache.h
5406 @@ -1,8 +1,10 @@
5407 #ifndef __ASM_AVR32_CACHE_H
5408 #define __ASM_AVR32_CACHE_H
5409
5410 +#include <linux/const.h>
5411 +
5412 #define L1_CACHE_SHIFT 5
5413 -#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
5414 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
5415
5416 /*
5417 * Memory returned by kmalloc() may be used for DMA, so we must make
5418 diff --git a/arch/avr32/include/asm/elf.h b/arch/avr32/include/asm/elf.h
5419 index 0388ece..87c8df1 100644
5420 --- a/arch/avr32/include/asm/elf.h
5421 +++ b/arch/avr32/include/asm/elf.h
5422 @@ -84,8 +84,14 @@ typedef struct user_fpu_struct elf_fpregset_t;
5423 the loader. We need to make sure that it is out of the way of the program
5424 that it will "exec", and that there is sufficient room for the brk. */
5425
5426 -#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
5427 +#define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
5428
5429 +#ifdef CONFIG_PAX_ASLR
5430 +#define PAX_ELF_ET_DYN_BASE 0x00001000UL
5431 +
5432 +#define PAX_DELTA_MMAP_LEN 15
5433 +#define PAX_DELTA_STACK_LEN 15
5434 +#endif
5435
5436 /* This yields a mask that user programs can use to figure out what
5437 instruction set this CPU supports. This could be done in user space,
5438 diff --git a/arch/avr32/include/asm/kmap_types.h b/arch/avr32/include/asm/kmap_types.h
5439 index 479330b..53717a8 100644
5440 --- a/arch/avr32/include/asm/kmap_types.h
5441 +++ b/arch/avr32/include/asm/kmap_types.h
5442 @@ -2,9 +2,9 @@
5443 #define __ASM_AVR32_KMAP_TYPES_H
5444
5445 #ifdef CONFIG_DEBUG_HIGHMEM
5446 -# define KM_TYPE_NR 29
5447 +# define KM_TYPE_NR 30
5448 #else
5449 -# define KM_TYPE_NR 14
5450 +# define KM_TYPE_NR 15
5451 #endif
5452
5453 #endif /* __ASM_AVR32_KMAP_TYPES_H */
5454 diff --git a/arch/avr32/mm/fault.c b/arch/avr32/mm/fault.c
5455 index a4b7eda..d057f9e 100644
5456 --- a/arch/avr32/mm/fault.c
5457 +++ b/arch/avr32/mm/fault.c
5458 @@ -41,6 +41,23 @@ static inline int notify_page_fault(struct pt_regs *regs, int trap)
5459
5460 int exception_trace = 1;
5461
5462 +#ifdef CONFIG_PAX_PAGEEXEC
5463 +void pax_report_insns(struct pt_regs *regs, void *pc, void *sp)
5464 +{
5465 + unsigned long i;
5466 +
5467 + printk(KERN_ERR "PAX: bytes at PC: ");
5468 + for (i = 0; i < 20; i++) {
5469 + unsigned char c;
5470 + if (get_user(c, (unsigned char *)pc+i))
5471 + printk(KERN_CONT "???????? ");
5472 + else
5473 + printk(KERN_CONT "%02x ", c);
5474 + }
5475 + printk("\n");
5476 +}
5477 +#endif
5478 +
5479 /*
5480 * This routine handles page faults. It determines the address and the
5481 * problem, and then passes it off to one of the appropriate routines.
5482 @@ -178,6 +195,16 @@ bad_area:
5483 up_read(&mm->mmap_sem);
5484
5485 if (user_mode(regs)) {
5486 +
5487 +#ifdef CONFIG_PAX_PAGEEXEC
5488 + if (mm->pax_flags & MF_PAX_PAGEEXEC) {
5489 + if (ecr == ECR_PROTECTION_X || ecr == ECR_TLB_MISS_X) {
5490 + pax_report_fault(regs, (void *)regs->pc, (void *)regs->sp);
5491 + do_group_exit(SIGKILL);
5492 + }
5493 + }
5494 +#endif
5495 +
5496 if (exception_trace && printk_ratelimit())
5497 printk("%s%s[%d]: segfault at %08lx pc %08lx "
5498 "sp %08lx ecr %lu\n",
5499 diff --git a/arch/blackfin/Kconfig.debug b/arch/blackfin/Kconfig.debug
5500 index f3337ee..15b6f8d 100644
5501 --- a/arch/blackfin/Kconfig.debug
5502 +++ b/arch/blackfin/Kconfig.debug
5503 @@ -18,6 +18,7 @@ config DEBUG_VERBOSE
5504 config DEBUG_MMRS
5505 tristate "Generate Blackfin MMR tree"
5506 select DEBUG_FS
5507 + depends on !GRKERNSEC_KMEM
5508 help
5509 Create a tree of Blackfin MMRs via the debugfs tree. If
5510 you enable this, you will find all MMRs laid out in the
5511 diff --git a/arch/blackfin/include/asm/cache.h b/arch/blackfin/include/asm/cache.h
5512 index 568885a..f8008df 100644
5513 --- a/arch/blackfin/include/asm/cache.h
5514 +++ b/arch/blackfin/include/asm/cache.h
5515 @@ -7,6 +7,7 @@
5516 #ifndef __ARCH_BLACKFIN_CACHE_H
5517 #define __ARCH_BLACKFIN_CACHE_H
5518
5519 +#include <linux/const.h>
5520 #include <linux/linkage.h> /* for asmlinkage */
5521
5522 /*
5523 @@ -14,7 +15,7 @@
5524 * Blackfin loads 32 bytes for cache
5525 */
5526 #define L1_CACHE_SHIFT 5
5527 -#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
5528 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
5529 #define SMP_CACHE_BYTES L1_CACHE_BYTES
5530
5531 #define ARCH_DMA_MINALIGN L1_CACHE_BYTES
5532 diff --git a/arch/cris/include/arch-v10/arch/cache.h b/arch/cris/include/arch-v10/arch/cache.h
5533 index aea2718..3639a60 100644
5534 --- a/arch/cris/include/arch-v10/arch/cache.h
5535 +++ b/arch/cris/include/arch-v10/arch/cache.h
5536 @@ -1,8 +1,9 @@
5537 #ifndef _ASM_ARCH_CACHE_H
5538 #define _ASM_ARCH_CACHE_H
5539
5540 +#include <linux/const.h>
5541 /* Etrax 100LX have 32-byte cache-lines. */
5542 -#define L1_CACHE_BYTES 32
5543 #define L1_CACHE_SHIFT 5
5544 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
5545
5546 #endif /* _ASM_ARCH_CACHE_H */
5547 diff --git a/arch/cris/include/arch-v32/arch/cache.h b/arch/cris/include/arch-v32/arch/cache.h
5548 index 7caf25d..ee65ac5 100644
5549 --- a/arch/cris/include/arch-v32/arch/cache.h
5550 +++ b/arch/cris/include/arch-v32/arch/cache.h
5551 @@ -1,11 +1,12 @@
5552 #ifndef _ASM_CRIS_ARCH_CACHE_H
5553 #define _ASM_CRIS_ARCH_CACHE_H
5554
5555 +#include <linux/const.h>
5556 #include <arch/hwregs/dma.h>
5557
5558 /* A cache-line is 32 bytes. */
5559 -#define L1_CACHE_BYTES 32
5560 #define L1_CACHE_SHIFT 5
5561 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
5562
5563 #define __read_mostly __attribute__((__section__(".data..read_mostly")))
5564
5565 diff --git a/arch/frv/include/asm/atomic.h b/arch/frv/include/asm/atomic.h
5566 index 1c2a5e2..2579e5f 100644
5567 --- a/arch/frv/include/asm/atomic.h
5568 +++ b/arch/frv/include/asm/atomic.h
5569 @@ -146,6 +146,16 @@ static inline void atomic64_dec(atomic64_t *v)
5570 #define atomic64_cmpxchg(v, old, new) (__cmpxchg_64(old, new, &(v)->counter))
5571 #define atomic64_xchg(v, new) (__xchg_64(new, &(v)->counter))
5572
5573 +#define atomic64_read_unchecked(v) atomic64_read(v)
5574 +#define atomic64_set_unchecked(v, i) atomic64_set((v), (i))
5575 +#define atomic64_add_unchecked(a, v) atomic64_add((a), (v))
5576 +#define atomic64_add_return_unchecked(a, v) atomic64_add_return((a), (v))
5577 +#define atomic64_sub_unchecked(a, v) atomic64_sub((a), (v))
5578 +#define atomic64_inc_unchecked(v) atomic64_inc(v)
5579 +#define atomic64_inc_return_unchecked(v) atomic64_inc_return(v)
5580 +#define atomic64_dec_unchecked(v) atomic64_dec(v)
5581 +#define atomic64_cmpxchg_unchecked(v, o, n) atomic64_cmpxchg((v), (o), (n))
5582 +
5583 static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u)
5584 {
5585 int c, old;
5586 diff --git a/arch/frv/include/asm/cache.h b/arch/frv/include/asm/cache.h
5587 index 2797163..c2a401df9 100644
5588 --- a/arch/frv/include/asm/cache.h
5589 +++ b/arch/frv/include/asm/cache.h
5590 @@ -12,10 +12,11 @@
5591 #ifndef __ASM_CACHE_H
5592 #define __ASM_CACHE_H
5593
5594 +#include <linux/const.h>
5595
5596 /* bytes per L1 cache line */
5597 #define L1_CACHE_SHIFT (CONFIG_FRV_L1_CACHE_SHIFT)
5598 -#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
5599 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
5600
5601 #define __cacheline_aligned __attribute__((aligned(L1_CACHE_BYTES)))
5602 #define ____cacheline_aligned __attribute__((aligned(L1_CACHE_BYTES)))
5603 diff --git a/arch/frv/include/asm/kmap_types.h b/arch/frv/include/asm/kmap_types.h
5604 index 43901f2..0d8b865 100644
5605 --- a/arch/frv/include/asm/kmap_types.h
5606 +++ b/arch/frv/include/asm/kmap_types.h
5607 @@ -2,6 +2,6 @@
5608 #ifndef _ASM_KMAP_TYPES_H
5609 #define _ASM_KMAP_TYPES_H
5610
5611 -#define KM_TYPE_NR 17
5612 +#define KM_TYPE_NR 18
5613
5614 #endif
5615 diff --git a/arch/frv/mm/elf-fdpic.c b/arch/frv/mm/elf-fdpic.c
5616 index 836f1470..4cf23f5 100644
5617 --- a/arch/frv/mm/elf-fdpic.c
5618 +++ b/arch/frv/mm/elf-fdpic.c
5619 @@ -61,6 +61,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
5620 {
5621 struct vm_area_struct *vma;
5622 struct vm_unmapped_area_info info;
5623 + unsigned long offset = gr_rand_threadstack_offset(current->mm, filp, flags);
5624
5625 if (len > TASK_SIZE)
5626 return -ENOMEM;
5627 @@ -73,8 +74,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
5628 if (addr) {
5629 addr = PAGE_ALIGN(addr);
5630 vma = find_vma(current->mm, addr);
5631 - if (TASK_SIZE - len >= addr &&
5632 - (!vma || addr + len <= vma->vm_start))
5633 + if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset))
5634 goto success;
5635 }
5636
5637 @@ -85,6 +85,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
5638 info.high_limit = (current->mm->start_stack - 0x00200000);
5639 info.align_mask = 0;
5640 info.align_offset = 0;
5641 + info.threadstack_offset = offset;
5642 addr = vm_unmapped_area(&info);
5643 if (!(addr & ~PAGE_MASK))
5644 goto success;
5645 diff --git a/arch/hexagon/include/asm/cache.h b/arch/hexagon/include/asm/cache.h
5646 index 69952c18..4fa2908 100644
5647 --- a/arch/hexagon/include/asm/cache.h
5648 +++ b/arch/hexagon/include/asm/cache.h
5649 @@ -21,9 +21,11 @@
5650 #ifndef __ASM_CACHE_H
5651 #define __ASM_CACHE_H
5652
5653 +#include <linux/const.h>
5654 +
5655 /* Bytes per L1 cache line */
5656 -#define L1_CACHE_SHIFT (5)
5657 -#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
5658 +#define L1_CACHE_SHIFT 5
5659 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
5660
5661 #define ARCH_DMA_MINALIGN L1_CACHE_BYTES
5662
5663 diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig
5664 index 18ca6a9..77b0e0d 100644
5665 --- a/arch/ia64/Kconfig
5666 +++ b/arch/ia64/Kconfig
5667 @@ -519,6 +519,7 @@ config KEXEC
5668 bool "kexec system call"
5669 depends on !IA64_HP_SIM && (!SMP || HOTPLUG_CPU)
5670 select KEXEC_CORE
5671 + depends on !GRKERNSEC_KMEM
5672 help
5673 kexec is a system call that implements the ability to shutdown your
5674 current kernel, and to start another kernel. It is like a reboot
5675 diff --git a/arch/ia64/Makefile b/arch/ia64/Makefile
5676 index c100d78..07538cc 100644
5677 --- a/arch/ia64/Makefile
5678 +++ b/arch/ia64/Makefile
5679 @@ -98,5 +98,6 @@ endef
5680 archprepare: make_nr_irqs_h
5681 PHONY += make_nr_irqs_h
5682
5683 +make_nr_irqs_h: KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS))
5684 make_nr_irqs_h:
5685 $(Q)$(MAKE) $(build)=arch/ia64/kernel include/generated/nr-irqs.h
5686 diff --git a/arch/ia64/include/asm/atomic.h b/arch/ia64/include/asm/atomic.h
5687 index f565ad3..484af46 100644
5688 --- a/arch/ia64/include/asm/atomic.h
5689 +++ b/arch/ia64/include/asm/atomic.h
5690 @@ -307,4 +307,14 @@ atomic64_add_negative (__s64 i, atomic64_t *v)
5691 #define atomic64_inc(v) atomic64_add(1, (v))
5692 #define atomic64_dec(v) atomic64_sub(1, (v))
5693
5694 +#define atomic64_read_unchecked(v) atomic64_read(v)
5695 +#define atomic64_set_unchecked(v, i) atomic64_set((v), (i))
5696 +#define atomic64_add_unchecked(a, v) atomic64_add((a), (v))
5697 +#define atomic64_add_return_unchecked(a, v) atomic64_add_return((a), (v))
5698 +#define atomic64_sub_unchecked(a, v) atomic64_sub((a), (v))
5699 +#define atomic64_inc_unchecked(v) atomic64_inc(v)
5700 +#define atomic64_inc_return_unchecked(v) atomic64_inc_return(v)
5701 +#define atomic64_dec_unchecked(v) atomic64_dec(v)
5702 +#define atomic64_cmpxchg_unchecked(v, o, n) atomic64_cmpxchg((v), (o), (n))
5703 +
5704 #endif /* _ASM_IA64_ATOMIC_H */
5705 diff --git a/arch/ia64/include/asm/cache.h b/arch/ia64/include/asm/cache.h
5706 index 988254a..e1ee885 100644
5707 --- a/arch/ia64/include/asm/cache.h
5708 +++ b/arch/ia64/include/asm/cache.h
5709 @@ -1,6 +1,7 @@
5710 #ifndef _ASM_IA64_CACHE_H
5711 #define _ASM_IA64_CACHE_H
5712
5713 +#include <linux/const.h>
5714
5715 /*
5716 * Copyright (C) 1998-2000 Hewlett-Packard Co
5717 @@ -9,7 +10,7 @@
5718
5719 /* Bytes per L1 (data) cache line. */
5720 #define L1_CACHE_SHIFT CONFIG_IA64_L1_CACHE_SHIFT
5721 -#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
5722 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
5723
5724 #ifdef CONFIG_SMP
5725 # define SMP_CACHE_SHIFT L1_CACHE_SHIFT
5726 diff --git a/arch/ia64/include/asm/elf.h b/arch/ia64/include/asm/elf.h
5727 index 5a83c5c..4d7f553 100644
5728 --- a/arch/ia64/include/asm/elf.h
5729 +++ b/arch/ia64/include/asm/elf.h
5730 @@ -42,6 +42,13 @@
5731 */
5732 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x800000000UL)
5733
5734 +#ifdef CONFIG_PAX_ASLR
5735 +#define PAX_ELF_ET_DYN_BASE (current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL)
5736 +
5737 +#define PAX_DELTA_MMAP_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
5738 +#define PAX_DELTA_STACK_LEN (current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
5739 +#endif
5740 +
5741 #define PT_IA_64_UNWIND 0x70000001
5742
5743 /* IA-64 relocations: */
5744 diff --git a/arch/ia64/include/asm/pgalloc.h b/arch/ia64/include/asm/pgalloc.h
5745 index f5e70e9..624fad5 100644
5746 --- a/arch/ia64/include/asm/pgalloc.h
5747 +++ b/arch/ia64/include/asm/pgalloc.h
5748 @@ -39,6 +39,12 @@ pgd_populate(struct mm_struct *mm, pgd_t * pgd_entry, pud_t * pud)
5749 pgd_val(*pgd_entry) = __pa(pud);
5750 }
5751
5752 +static inline void
5753 +pgd_populate_kernel(struct mm_struct *mm, pgd_t * pgd_entry, pud_t * pud)
5754 +{
5755 + pgd_populate(mm, pgd_entry, pud);
5756 +}
5757 +
5758 static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr)
5759 {
5760 return quicklist_alloc(0, GFP_KERNEL, NULL);
5761 @@ -57,6 +63,12 @@ pud_populate(struct mm_struct *mm, pud_t * pud_entry, pmd_t * pmd)
5762 pud_val(*pud_entry) = __pa(pmd);
5763 }
5764
5765 +static inline void
5766 +pud_populate_kernel(struct mm_struct *mm, pud_t * pud_entry, pmd_t * pmd)
5767 +{
5768 + pud_populate(mm, pud_entry, pmd);
5769 +}
5770 +
5771 static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr)
5772 {
5773 return quicklist_alloc(0, GFP_KERNEL, NULL);
5774 diff --git a/arch/ia64/include/asm/pgtable.h b/arch/ia64/include/asm/pgtable.h
5775 index 9f3ed9e..c99b418 100644
5776 --- a/arch/ia64/include/asm/pgtable.h
5777 +++ b/arch/ia64/include/asm/pgtable.h
5778 @@ -12,7 +12,7 @@
5779 * David Mosberger-Tang <davidm@hpl.hp.com>
5780 */
5781
5782 -
5783 +#include <linux/const.h>
5784 #include <asm/mman.h>
5785 #include <asm/page.h>
5786 #include <asm/processor.h>
5787 @@ -139,6 +139,17 @@
5788 #define PAGE_READONLY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
5789 #define PAGE_COPY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
5790 #define PAGE_COPY_EXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RX)
5791 +
5792 +#ifdef CONFIG_PAX_PAGEEXEC
5793 +# define PAGE_SHARED_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RW)
5794 +# define PAGE_READONLY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
5795 +# define PAGE_COPY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
5796 +#else
5797 +# define PAGE_SHARED_NOEXEC PAGE_SHARED
5798 +# define PAGE_READONLY_NOEXEC PAGE_READONLY
5799 +# define PAGE_COPY_NOEXEC PAGE_COPY
5800 +#endif
5801 +
5802 #define PAGE_GATE __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_X_RX)
5803 #define PAGE_KERNEL __pgprot(__DIRTY_BITS | _PAGE_PL_0 | _PAGE_AR_RWX)
5804 #define PAGE_KERNELRX __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_RX)
5805 diff --git a/arch/ia64/include/asm/spinlock.h b/arch/ia64/include/asm/spinlock.h
5806 index ca9e761..40dffaf 100644
5807 --- a/arch/ia64/include/asm/spinlock.h
5808 +++ b/arch/ia64/include/asm/spinlock.h
5809 @@ -73,7 +73,7 @@ static __always_inline void __ticket_spin_unlock(arch_spinlock_t *lock)
5810 unsigned short *p = (unsigned short *)&lock->lock + 1, tmp;
5811
5812 asm volatile ("ld2.bias %0=[%1]" : "=r"(tmp) : "r"(p));
5813 - ACCESS_ONCE(*p) = (tmp + 2) & ~1;
5814 + ACCESS_ONCE_RW(*p) = (tmp + 2) & ~1;
5815 }
5816
5817 static __always_inline void __ticket_spin_unlock_wait(arch_spinlock_t *lock)
5818 diff --git a/arch/ia64/include/asm/uaccess.h b/arch/ia64/include/asm/uaccess.h
5819 index bfe1319..da0014b 100644
5820 --- a/arch/ia64/include/asm/uaccess.h
5821 +++ b/arch/ia64/include/asm/uaccess.h
5822 @@ -70,6 +70,7 @@
5823 && ((segment).seg == KERNEL_DS.seg \
5824 || likely(REGION_OFFSET((unsigned long) (addr)) < RGN_MAP_LIMIT))); \
5825 })
5826 +#define access_ok_noprefault(type, addr, size) access_ok((type), (addr), (size))
5827 #define access_ok(type, addr, size) __access_ok((addr), (size), get_fs())
5828
5829 /*
5830 @@ -241,17 +242,23 @@ extern unsigned long __must_check __copy_user (void __user *to, const void __use
5831 static inline unsigned long
5832 __copy_to_user (void __user *to, const void *from, unsigned long count)
5833 {
5834 + if (count > INT_MAX)
5835 + return count;
5836 +
5837 check_object_size(from, count, true);
5838
5839 - return __copy_user(to, (__force void __user *) from, count);
5840 + return __copy_user(to, (void __force_user *) from, count);
5841 }
5842
5843 static inline unsigned long
5844 __copy_from_user (void *to, const void __user *from, unsigned long count)
5845 {
5846 + if (count > INT_MAX)
5847 + return count;
5848 +
5849 check_object_size(to, count, false);
5850
5851 - return __copy_user((__force void __user *) to, from, count);
5852 + return __copy_user((void __force_user *) to, from, count);
5853 }
5854
5855 #define __copy_to_user_inatomic __copy_to_user
5856 @@ -260,11 +267,11 @@ __copy_from_user (void *to, const void __user *from, unsigned long count)
5857 ({ \
5858 void __user *__cu_to = (to); \
5859 const void *__cu_from = (from); \
5860 - long __cu_len = (n); \
5861 + unsigned long __cu_len = (n); \
5862 \
5863 - if (__access_ok(__cu_to, __cu_len, get_fs())) { \
5864 - check_object_size(__cu_from, __cu_len, true); \
5865 - __cu_len = __copy_user(__cu_to, (__force void __user *) __cu_from, __cu_len); \
5866 + if (__cu_len <= INT_MAX && __access_ok(__cu_to, __cu_len, get_fs())) { \
5867 + check_object_size(__cu_from, __cu_len, true); \
5868 + __cu_len = __copy_user(__cu_to, (void __force_user *) __cu_from, __cu_len); \
5869 } \
5870 __cu_len; \
5871 })
5872 @@ -272,10 +279,10 @@ __copy_from_user (void *to, const void __user *from, unsigned long count)
5873 static inline unsigned long
5874 copy_from_user(void *to, const void __user *from, unsigned long n)
5875 {
5876 - check_object_size(to, n, false);
5877 - if (likely(__access_ok(from, n, get_fs())))
5878 - n = __copy_user((__force void __user *) to, from, n);
5879 - else
5880 + if (likely(__access_ok(from, n, get_fs()))) {
5881 + check_object_size(to, n, false);
5882 + n = __copy_user((void __force_user *) to, from, n);
5883 + } else if ((long)n > 0)
5884 memset(to, 0, n);
5885 return n;
5886 }
5887 diff --git a/arch/ia64/kernel/module.c b/arch/ia64/kernel/module.c
5888 index 6ab0ae7..88f1b60 100644
5889 --- a/arch/ia64/kernel/module.c
5890 +++ b/arch/ia64/kernel/module.c
5891 @@ -486,13 +486,13 @@ module_frob_arch_sections (Elf_Ehdr *ehdr, Elf_Shdr *sechdrs, char *secstrings,
5892 static inline int
5893 in_init (const struct module *mod, uint64_t addr)
5894 {
5895 - return addr - (uint64_t) mod->init_layout.base < mod->init_layout.size;
5896 + return within_module_init(addr, mod);
5897 }
5898
5899 static inline int
5900 in_core (const struct module *mod, uint64_t addr)
5901 {
5902 - return addr - (uint64_t) mod->core_layout.base < mod->core_layout.size;
5903 + return within_module_core(addr, mod);
5904 }
5905
5906 static inline int
5907 @@ -676,6 +676,14 @@ do_reloc (struct module *mod, uint8_t r_type, Elf64_Sym *sym, uint64_t addend,
5908
5909 case RV_BDREL:
5910 val -= (uint64_t) (in_init(mod, val) ? mod->init_layout.base : mod->core_layout.base);
5911 + if (within_module_rx(val, &mod->init_layout))
5912 + val -= mod->init_layout.base_rx;
5913 + else if (within_module_rw(val, &mod->init_layout))
5914 + val -= mod->init_layout.base_rw;
5915 + else if (within_module_rx(val, &mod->core_layout))
5916 + val -= mod->core_layout.base_rx;
5917 + else if (within_module_rw(val, &mod->core_layout))
5918 + val -= mod->core_layout.base_rw;
5919 break;
5920
5921 case RV_LTV:
5922 @@ -810,15 +818,15 @@ apply_relocate_add (Elf64_Shdr *sechdrs, const char *strtab, unsigned int symind
5923 * addresses have been selected...
5924 */
5925 uint64_t gp;
5926 - if (mod->core_layout.size > MAX_LTOFF)
5927 + if (mod->core_layout.size_rx + mod->core_layout.size_rw > MAX_LTOFF)
5928 /*
5929 * This takes advantage of fact that SHF_ARCH_SMALL gets allocated
5930 * at the end of the module.
5931 */
5932 - gp = mod->core_layout.size - MAX_LTOFF / 2;
5933 + gp = mod->core_layout.size_rx + mod->core_layout.size_rw - MAX_LTOFF / 2;
5934 else
5935 - gp = mod->core_layout.size / 2;
5936 - gp = (uint64_t) mod->core_layout.base + ((gp + 7) & -8);
5937 + gp = (mod->core_layout.size_rx + mod->core_layout.size_rw) / 2;
5938 + gp = (uint64_t) mod->core_layout.base_rx + ((gp + 7) & -8);
5939 mod->arch.gp = gp;
5940 DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp);
5941 }
5942 diff --git a/arch/ia64/kernel/palinfo.c b/arch/ia64/kernel/palinfo.c
5943 index c39c3cd..3c77738 100644
5944 --- a/arch/ia64/kernel/palinfo.c
5945 +++ b/arch/ia64/kernel/palinfo.c
5946 @@ -980,7 +980,7 @@ static int palinfo_cpu_callback(struct notifier_block *nfb,
5947 return NOTIFY_OK;
5948 }
5949
5950 -static struct notifier_block __refdata palinfo_cpu_notifier =
5951 +static struct notifier_block palinfo_cpu_notifier =
5952 {
5953 .notifier_call = palinfo_cpu_callback,
5954 .priority = 0,
5955 diff --git a/arch/ia64/kernel/sys_ia64.c b/arch/ia64/kernel/sys_ia64.c
5956 index 41e33f8..65180b2a 100644
5957 --- a/arch/ia64/kernel/sys_ia64.c
5958 +++ b/arch/ia64/kernel/sys_ia64.c
5959 @@ -28,6 +28,7 @@ arch_get_unmapped_area (struct file *filp, unsigned long addr, unsigned long len
5960 unsigned long align_mask = 0;
5961 struct mm_struct *mm = current->mm;
5962 struct vm_unmapped_area_info info;
5963 + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
5964
5965 if (len > RGN_MAP_LIMIT)
5966 return -ENOMEM;
5967 @@ -43,6 +44,13 @@ arch_get_unmapped_area (struct file *filp, unsigned long addr, unsigned long len
5968 if (REGION_NUMBER(addr) == RGN_HPAGE)
5969 addr = 0;
5970 #endif
5971 +
5972 +#ifdef CONFIG_PAX_RANDMMAP
5973 + if (mm->pax_flags & MF_PAX_RANDMMAP)
5974 + addr = mm->free_area_cache;
5975 + else
5976 +#endif
5977 +
5978 if (!addr)
5979 addr = TASK_UNMAPPED_BASE;
5980
5981 @@ -61,6 +69,7 @@ arch_get_unmapped_area (struct file *filp, unsigned long addr, unsigned long len
5982 info.high_limit = TASK_SIZE;
5983 info.align_mask = align_mask;
5984 info.align_offset = 0;
5985 + info.threadstack_offset = offset;
5986 return vm_unmapped_area(&info);
5987 }
5988
5989 diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S
5990 index dc506b0..39baade 100644
5991 --- a/arch/ia64/kernel/vmlinux.lds.S
5992 +++ b/arch/ia64/kernel/vmlinux.lds.S
5993 @@ -171,7 +171,7 @@ SECTIONS {
5994 /* Per-cpu data: */
5995 . = ALIGN(PERCPU_PAGE_SIZE);
5996 PERCPU_VADDR(SMP_CACHE_BYTES, PERCPU_ADDR, :percpu)
5997 - __phys_per_cpu_start = __per_cpu_load;
5998 + __phys_per_cpu_start = per_cpu_load;
5999 /*
6000 * ensure percpu data fits
6001 * into percpu page size
6002 diff --git a/arch/ia64/mm/fault.c b/arch/ia64/mm/fault.c
6003 index fa6ad95..b46bd89 100644
6004 --- a/arch/ia64/mm/fault.c
6005 +++ b/arch/ia64/mm/fault.c
6006 @@ -72,6 +72,23 @@ mapped_kernel_page_is_present (unsigned long address)
6007 return pte_present(pte);
6008 }
6009
6010 +#ifdef CONFIG_PAX_PAGEEXEC
6011 +void pax_report_insns(struct pt_regs *regs, void *pc, void *sp)
6012 +{
6013 + unsigned long i;
6014 +
6015 + printk(KERN_ERR "PAX: bytes at PC: ");
6016 + for (i = 0; i < 8; i++) {
6017 + unsigned int c;
6018 + if (get_user(c, (unsigned int *)pc+i))
6019 + printk(KERN_CONT "???????? ");
6020 + else
6021 + printk(KERN_CONT "%08x ", c);
6022 + }
6023 + printk("\n");
6024 +}
6025 +#endif
6026 +
6027 # define VM_READ_BIT 0
6028 # define VM_WRITE_BIT 1
6029 # define VM_EXEC_BIT 2
6030 @@ -151,8 +168,21 @@ retry:
6031 if (((isr >> IA64_ISR_R_BIT) & 1UL) && (!(vma->vm_flags & (VM_READ | VM_WRITE))))
6032 goto bad_area;
6033
6034 - if ((vma->vm_flags & mask) != mask)
6035 + if ((vma->vm_flags & mask) != mask) {
6036 +
6037 +#ifdef CONFIG_PAX_PAGEEXEC
6038 + if (!(vma->vm_flags & VM_EXEC) && (mask & VM_EXEC)) {
6039 + if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->cr_iip)
6040 + goto bad_area;
6041 +
6042 + up_read(&mm->mmap_sem);
6043 + pax_report_fault(regs, (void *)regs->cr_iip, (void *)regs->r12);
6044 + do_group_exit(SIGKILL);
6045 + }
6046 +#endif
6047 +
6048 goto bad_area;
6049 + }
6050
6051 /*
6052 * If for any reason at all we couldn't handle the fault, make
6053 diff --git a/arch/ia64/mm/hugetlbpage.c b/arch/ia64/mm/hugetlbpage.c
6054 index 85de86d..db7f6b8 100644
6055 --- a/arch/ia64/mm/hugetlbpage.c
6056 +++ b/arch/ia64/mm/hugetlbpage.c
6057 @@ -138,6 +138,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u
6058 unsigned long pgoff, unsigned long flags)
6059 {
6060 struct vm_unmapped_area_info info;
6061 + unsigned long offset = gr_rand_threadstack_offset(current->mm, file, flags);
6062
6063 if (len > RGN_MAP_LIMIT)
6064 return -ENOMEM;
6065 @@ -161,6 +162,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u
6066 info.high_limit = HPAGE_REGION_BASE + RGN_MAP_LIMIT;
6067 info.align_mask = PAGE_MASK & (HPAGE_SIZE - 1);
6068 info.align_offset = 0;
6069 + info.threadstack_offset = offset;
6070 return vm_unmapped_area(&info);
6071 }
6072
6073 diff --git a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c
6074 index 1841ef6..74d8330 100644
6075 --- a/arch/ia64/mm/init.c
6076 +++ b/arch/ia64/mm/init.c
6077 @@ -119,6 +119,19 @@ ia64_init_addr_space (void)
6078 vma->vm_start = current->thread.rbs_bot & PAGE_MASK;
6079 vma->vm_end = vma->vm_start + PAGE_SIZE;
6080 vma->vm_flags = VM_DATA_DEFAULT_FLAGS|VM_GROWSUP|VM_ACCOUNT;
6081 +
6082 +#ifdef CONFIG_PAX_PAGEEXEC
6083 + if (current->mm->pax_flags & MF_PAX_PAGEEXEC) {
6084 + vma->vm_flags &= ~VM_EXEC;
6085 +
6086 +#ifdef CONFIG_PAX_MPROTECT
6087 + if (current->mm->pax_flags & MF_PAX_MPROTECT)
6088 + vma->vm_flags &= ~VM_MAYEXEC;
6089 +#endif
6090 +
6091 + }
6092 +#endif
6093 +
6094 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
6095 down_write(&current->mm->mmap_sem);
6096 if (insert_vm_struct(current->mm, vma)) {
6097 @@ -279,7 +292,7 @@ static int __init gate_vma_init(void)
6098 gate_vma.vm_start = FIXADDR_USER_START;
6099 gate_vma.vm_end = FIXADDR_USER_END;
6100 gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
6101 - gate_vma.vm_page_prot = __P101;
6102 + gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags);
6103
6104 return 0;
6105 }
6106 diff --git a/arch/m32r/include/asm/cache.h b/arch/m32r/include/asm/cache.h
6107 index 40b3ee98..8c2c112 100644
6108 --- a/arch/m32r/include/asm/cache.h
6109 +++ b/arch/m32r/include/asm/cache.h
6110 @@ -1,8 +1,10 @@
6111 #ifndef _ASM_M32R_CACHE_H
6112 #define _ASM_M32R_CACHE_H
6113
6114 +#include <linux/const.h>
6115 +
6116 /* L1 cache line size */
6117 #define L1_CACHE_SHIFT 4
6118 -#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
6119 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
6120
6121 #endif /* _ASM_M32R_CACHE_H */
6122 diff --git a/arch/m32r/lib/usercopy.c b/arch/m32r/lib/usercopy.c
6123 index 82abd15..d95ae5d 100644
6124 --- a/arch/m32r/lib/usercopy.c
6125 +++ b/arch/m32r/lib/usercopy.c
6126 @@ -14,6 +14,9 @@
6127 unsigned long
6128 __generic_copy_to_user(void __user *to, const void *from, unsigned long n)
6129 {
6130 + if ((long)n < 0)
6131 + return n;
6132 +
6133 prefetch(from);
6134 if (access_ok(VERIFY_WRITE, to, n))
6135 __copy_user(to,from,n);
6136 @@ -23,6 +26,9 @@ __generic_copy_to_user(void __user *to, const void *from, unsigned long n)
6137 unsigned long
6138 __generic_copy_from_user(void *to, const void __user *from, unsigned long n)
6139 {
6140 + if ((long)n < 0)
6141 + return n;
6142 +
6143 prefetchw(to);
6144 if (access_ok(VERIFY_READ, from, n))
6145 __copy_user_zeroing(to,from,n);
6146 diff --git a/arch/m68k/include/asm/cache.h b/arch/m68k/include/asm/cache.h
6147 index 0395c51..5f26031 100644
6148 --- a/arch/m68k/include/asm/cache.h
6149 +++ b/arch/m68k/include/asm/cache.h
6150 @@ -4,9 +4,11 @@
6151 #ifndef __ARCH_M68K_CACHE_H
6152 #define __ARCH_M68K_CACHE_H
6153
6154 +#include <linux/const.h>
6155 +
6156 /* bytes per L1 cache line */
6157 #define L1_CACHE_SHIFT 4
6158 -#define L1_CACHE_BYTES (1<< L1_CACHE_SHIFT)
6159 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
6160
6161 #define ARCH_DMA_MINALIGN L1_CACHE_BYTES
6162
6163 diff --git a/arch/m68k/kernel/time.c b/arch/m68k/kernel/time.c
6164 index 4e5aa2f..172c469 100644
6165 --- a/arch/m68k/kernel/time.c
6166 +++ b/arch/m68k/kernel/time.c
6167 @@ -107,6 +107,7 @@ static int rtc_ioctl(struct device *dev, unsigned int cmd, unsigned long arg)
6168
6169 switch (cmd) {
6170 case RTC_PLL_GET:
6171 + memset(&pll, 0, sizeof(pll));
6172 if (!mach_get_rtc_pll || mach_get_rtc_pll(&pll))
6173 return -EINVAL;
6174 return copy_to_user(argp, &pll, sizeof pll) ? -EFAULT : 0;
6175 diff --git a/arch/metag/mm/hugetlbpage.c b/arch/metag/mm/hugetlbpage.c
6176 index db1b7da..8e13684 100644
6177 --- a/arch/metag/mm/hugetlbpage.c
6178 +++ b/arch/metag/mm/hugetlbpage.c
6179 @@ -189,6 +189,7 @@ hugetlb_get_unmapped_area_new_pmd(unsigned long len)
6180 info.high_limit = TASK_SIZE;
6181 info.align_mask = PAGE_MASK & HUGEPT_MASK;
6182 info.align_offset = 0;
6183 + info.threadstack_offset = 0;
6184 return vm_unmapped_area(&info);
6185 }
6186
6187 diff --git a/arch/microblaze/include/asm/cache.h b/arch/microblaze/include/asm/cache.h
6188 index 4efe96a..60e8699 100644
6189 --- a/arch/microblaze/include/asm/cache.h
6190 +++ b/arch/microblaze/include/asm/cache.h
6191 @@ -13,11 +13,12 @@
6192 #ifndef _ASM_MICROBLAZE_CACHE_H
6193 #define _ASM_MICROBLAZE_CACHE_H
6194
6195 +#include <linux/const.h>
6196 #include <asm/registers.h>
6197
6198 #define L1_CACHE_SHIFT 5
6199 /* word-granular cache in microblaze */
6200 -#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
6201 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
6202
6203 #define SMP_CACHE_BYTES L1_CACHE_BYTES
6204
6205 diff --git a/arch/mips/Kbuild b/arch/mips/Kbuild
6206 index 5c3f688..f8cc1b3 100644
6207 --- a/arch/mips/Kbuild
6208 +++ b/arch/mips/Kbuild
6209 @@ -1,7 +1,7 @@
6210 # Fail on warnings - also for files referenced in subdirs
6211 # -Werror can be disabled for specific files using:
6212 # CFLAGS_<file.o> := -Wno-error
6213 -subdir-ccflags-y := -Werror
6214 +# subdir-ccflags-y := -Werror
6215
6216 # platform specific definitions
6217 include arch/mips/Kbuild.platforms
6218 diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
6219 index 212ff92..36b3437 100644
6220 --- a/arch/mips/Kconfig
6221 +++ b/arch/mips/Kconfig
6222 @@ -50,6 +50,7 @@ config MIPS
6223 select HAVE_MOD_ARCH_SPECIFIC
6224 select HAVE_NMI
6225 select VIRT_TO_BUS
6226 + select HAVE_GCC_PLUGINS
6227 select MODULES_USE_ELF_REL if MODULES
6228 select MODULES_USE_ELF_RELA if MODULES && 64BIT
6229 select CLONE_BACKWARDS
6230 @@ -2561,7 +2562,7 @@ config RELOCATION_TABLE_SIZE
6231
6232 config RANDOMIZE_BASE
6233 bool "Randomize the address of the kernel image"
6234 - depends on RELOCATABLE
6235 + depends on RELOCATABLE && BROKEN_SECURITY
6236 ---help---
6237 Randomizes the physical and virtual address at which the
6238 kernel image is loaded, as a security feature that
6239 @@ -2777,6 +2778,7 @@ source "kernel/Kconfig.preempt"
6240 config KEXEC
6241 bool "Kexec system call"
6242 select KEXEC_CORE
6243 + depends on !GRKERNSEC_KMEM
6244 help
6245 kexec is a system call that implements the ability to shutdown your
6246 current kernel, and to start another kernel. It is like a reboot
6247 diff --git a/arch/mips/include/asm/atomic.h b/arch/mips/include/asm/atomic.h
6248 index 0ab176b..c4469a4 100644
6249 --- a/arch/mips/include/asm/atomic.h
6250 +++ b/arch/mips/include/asm/atomic.h
6251 @@ -22,15 +22,39 @@
6252 #include <asm/cmpxchg.h>
6253 #include <asm/war.h>
6254
6255 +#ifdef CONFIG_GENERIC_ATOMIC64
6256 +#include <asm-generic/atomic64.h>
6257 +#endif
6258 +
6259 #define ATOMIC_INIT(i) { (i) }
6260
6261 +#ifdef CONFIG_64BIT
6262 +#define _ASM_EXTABLE(from, to) \
6263 +" .section __ex_table,\"a\"\n" \
6264 +" .dword " #from ", " #to"\n" \
6265 +" .previous\n"
6266 +#else
6267 +#define _ASM_EXTABLE(from, to) \
6268 +" .section __ex_table,\"a\"\n" \
6269 +" .word " #from ", " #to"\n" \
6270 +" .previous\n"
6271 +#endif
6272 +
6273 /*
6274 * atomic_read - read atomic variable
6275 * @v: pointer of type atomic_t
6276 *
6277 * Atomically reads the value of @v.
6278 */
6279 -#define atomic_read(v) READ_ONCE((v)->counter)
6280 +static inline int atomic_read(const atomic_t *v)
6281 +{
6282 + return READ_ONCE(v->counter);
6283 +}
6284 +
6285 +static inline int atomic_read_unchecked(const atomic_unchecked_t *v)
6286 +{
6287 + return READ_ONCE(v->counter);
6288 +}
6289
6290 /*
6291 * atomic_set - set atomic variable
6292 @@ -39,47 +63,77 @@
6293 *
6294 * Atomically sets the value of @v to @i.
6295 */
6296 -#define atomic_set(v, i) WRITE_ONCE((v)->counter, (i))
6297 +static inline void atomic_set(atomic_t *v, int i)
6298 +{
6299 + WRITE_ONCE(v->counter, i);
6300 +}
6301
6302 -#define ATOMIC_OP(op, c_op, asm_op) \
6303 -static __inline__ void atomic_##op(int i, atomic_t * v) \
6304 +static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i)
6305 +{
6306 + WRITE_ONCE(v->counter, i);
6307 +}
6308 +
6309 +#ifdef CONFIG_PAX_REFCOUNT
6310 +#define __OVERFLOW_POST \
6311 + " b 4f \n" \
6312 + " .set noreorder \n" \
6313 + "3: b 5f \n" \
6314 + " move %0, %1 \n" \
6315 + " .set reorder \n"
6316 +#define __OVERFLOW_EXTABLE \
6317 + "3:\n" \
6318 + _ASM_EXTABLE(2b, 3b)
6319 +#else
6320 +#define __OVERFLOW_POST
6321 +#define __OVERFLOW_EXTABLE
6322 +#endif
6323 +
6324 +#define __ATOMIC_OP(op, suffix, asm_op, extable) \
6325 +static inline void atomic_##op##suffix(int i, atomic##suffix##_t * v) \
6326 { \
6327 if (kernel_uses_llsc && R10000_LLSC_WAR) { \
6328 int temp; \
6329 \
6330 __asm__ __volatile__( \
6331 - " .set arch=r4000 \n" \
6332 - "1: ll %0, %1 # atomic_" #op " \n" \
6333 - " " #asm_op " %0, %2 \n" \
6334 + " .set mips3 \n" \
6335 + "1: ll %0, %1 # atomic_" #op #suffix "\n" \
6336 + "2: " #asm_op " %0, %2 \n" \
6337 " sc %0, %1 \n" \
6338 " beqzl %0, 1b \n" \
6339 + extable \
6340 " .set mips0 \n" \
6341 : "=&r" (temp), "+" GCC_OFF_SMALL_ASM() (v->counter) \
6342 : "Ir" (i)); \
6343 } else if (kernel_uses_llsc) { \
6344 int temp; \
6345 \
6346 - do { \
6347 - __asm__ __volatile__( \
6348 - " .set "MIPS_ISA_LEVEL" \n" \
6349 - " ll %0, %1 # atomic_" #op "\n" \
6350 - " " #asm_op " %0, %2 \n" \
6351 - " sc %0, %1 \n" \
6352 - " .set mips0 \n" \
6353 - : "=&r" (temp), "+" GCC_OFF_SMALL_ASM() (v->counter) \
6354 - : "Ir" (i)); \
6355 - } while (unlikely(!temp)); \
6356 + __asm__ __volatile__( \
6357 + " .set "MIPS_ISA_LEVEL" \n" \
6358 + "1: ll %0, %1 # atomic_" #op #suffix "\n" \
6359 + "2: " #asm_op " %0, %2 \n" \
6360 + " sc %0, %1 \n" \
6361 + " beqz %0, 1b \n" \
6362 + extable \
6363 + " .set mips0 \n" \
6364 + : "=&r" (temp), "+" GCC_OFF_SMALL_ASM() (v->counter) \
6365 + : "Ir" (i)); \
6366 } else { \
6367 unsigned long flags; \
6368 \
6369 raw_local_irq_save(flags); \
6370 - v->counter c_op i; \
6371 + __asm__ __volatile__( \
6372 + "2: " #asm_op " %0, %1 \n" \
6373 + extable \
6374 + : "+r" (v->counter) : "Ir" (i)); \
6375 raw_local_irq_restore(flags); \
6376 } \
6377 }
6378
6379 -#define ATOMIC_OP_RETURN(op, c_op, asm_op) \
6380 -static __inline__ int atomic_##op##_return_relaxed(int i, atomic_t * v) \
6381 +#define ATOMIC_OP(op, asm_op) __ATOMIC_OP(op, _unchecked, asm_op##u, ) \
6382 + __ATOMIC_OP(op, , asm_op, __OVERFLOW_EXTABLE)
6383 +
6384 +#define __ATOMIC_OP_RETURN(op, suffix, asm_op, post_op, extable) \
6385 +static inline int atomic_##op##_return##suffix##_relaxed(int i, atomic##suffix##_t * v) \
6386 { \
6387 int result; \
6388 \
6389 @@ -87,12 +141,15 @@ static __inline__ int atomic_##op##_return_relaxed(int i, atomic_t * v) \
6390 int temp; \
6391 \
6392 __asm__ __volatile__( \
6393 - " .set arch=r4000 \n" \
6394 - "1: ll %1, %2 # atomic_" #op "_return \n" \
6395 - " " #asm_op " %0, %1, %3 \n" \
6396 + " .set mips3 \n" \
6397 + "1: ll %1, %2 # atomic_" #op "_return" #suffix"\n" \
6398 + "2: " #asm_op " %0, %1, %3 \n" \
6399 " sc %0, %2 \n" \
6400 " beqzl %0, 1b \n" \
6401 - " " #asm_op " %0, %1, %3 \n" \
6402 + post_op \
6403 + extable \
6404 + "4: " #asm_op " %0, %1, %3 \n" \
6405 + "5: \n" \
6406 " .set mips0 \n" \
6407 : "=&r" (result), "=&r" (temp), \
6408 "+" GCC_OFF_SMALL_ASM() (v->counter) \
6409 @@ -100,32 +157,40 @@ static __inline__ int atomic_##op##_return_relaxed(int i, atomic_t * v) \
6410 } else if (kernel_uses_llsc) { \
6411 int temp; \
6412 \
6413 - do { \
6414 - __asm__ __volatile__( \
6415 - " .set "MIPS_ISA_LEVEL" \n" \
6416 - " ll %1, %2 # atomic_" #op "_return \n" \
6417 - " " #asm_op " %0, %1, %3 \n" \
6418 - " sc %0, %2 \n" \
6419 - " .set mips0 \n" \
6420 - : "=&r" (result), "=&r" (temp), \
6421 - "+" GCC_OFF_SMALL_ASM() (v->counter) \
6422 - : "Ir" (i)); \
6423 - } while (unlikely(!result)); \
6424 - \
6425 - result = temp; result c_op i; \
6426 + __asm__ __volatile__( \
6427 + " .set "MIPS_ISA_LEVEL" \n" \
6428 + "1: ll %1, %2 # atomic_" #op "_return" #suffix "\n" \
6429 + "2: " #asm_op " %0, %1, %3 \n" \
6430 + " sc %0, %2 \n" \
6431 + post_op \
6432 + extable \
6433 + "4: " #asm_op " %0, %1, %3 \n" \
6434 + "5: \n" \
6435 + " .set mips0 \n" \
6436 + : "=&r" (result), "=&r" (temp), \
6437 + "+" GCC_OFF_SMALL_ASM() (v->counter) \
6438 + : "Ir" (i)); \
6439 } else { \
6440 unsigned long flags; \
6441 \
6442 raw_local_irq_save(flags); \
6443 - result = v->counter; \
6444 - result c_op i; \
6445 - v->counter = result; \
6446 + __asm__ __volatile__( \
6447 + " lw %0, %1 \n" \
6448 + "2: " #asm_op " %0, %1, %2 \n" \
6449 + " sw %0, %1 \n" \
6450 + "3: \n" \
6451 + extable \
6452 + : "=&r" (result), "+" GCC_OFF_SMALL_ASM() (v->counter) \
6453 + : "Ir" (i)); \
6454 raw_local_irq_restore(flags); \
6455 } \
6456 \
6457 return result; \
6458 }
6459
6460 +#define ATOMIC_OP_RETURN(op, asm_op) __ATOMIC_OP_RETURN(op, _unchecked, asm_op##u, , ) \
6461 + __ATOMIC_OP_RETURN(op, , asm_op, __OVERFLOW_POST, __OVERFLOW_EXTABLE)
6462 +
6463 #define ATOMIC_FETCH_OP(op, c_op, asm_op) \
6464 static __inline__ int atomic_fetch_##op##_relaxed(int i, atomic_t * v) \
6465 { \
6466 @@ -173,13 +238,13 @@ static __inline__ int atomic_fetch_##op##_relaxed(int i, atomic_t * v) \
6467 return result; \
6468 }
6469
6470 -#define ATOMIC_OPS(op, c_op, asm_op) \
6471 - ATOMIC_OP(op, c_op, asm_op) \
6472 - ATOMIC_OP_RETURN(op, c_op, asm_op) \
6473 - ATOMIC_FETCH_OP(op, c_op, asm_op)
6474 +#define ATOMIC_OPS(op, asm_op) \
6475 + ATOMIC_OP(op, asm_op) \
6476 + ATOMIC_OP_RETURN(op, asm_op) \
6477 + ATOMIC_FETCH_OP(op, asm_op)
6478
6479 -ATOMIC_OPS(add, +=, addu)
6480 -ATOMIC_OPS(sub, -=, subu)
6481 +ATOMIC_OPS(add, addu)
6482 +ATOMIC_OPS(sub, subu)
6483
6484 #define atomic_add_return_relaxed atomic_add_return_relaxed
6485 #define atomic_sub_return_relaxed atomic_sub_return_relaxed
6486 @@ -187,13 +252,13 @@ ATOMIC_OPS(sub, -=, subu)
6487 #define atomic_fetch_sub_relaxed atomic_fetch_sub_relaxed
6488
6489 #undef ATOMIC_OPS
6490 -#define ATOMIC_OPS(op, c_op, asm_op) \
6491 - ATOMIC_OP(op, c_op, asm_op) \
6492 - ATOMIC_FETCH_OP(op, c_op, asm_op)
6493 +#define ATOMIC_OPS(op, asm_op) \
6494 + ATOMIC_OP(op, asm_op) \
6495 + ATOMIC_FETCH_OP(op, asm_op)
6496
6497 -ATOMIC_OPS(and, &=, and)
6498 -ATOMIC_OPS(or, |=, or)
6499 -ATOMIC_OPS(xor, ^=, xor)
6500 +ATOMIC_OPS(and, and)
6501 +ATOMIC_OPS(or, or)
6502 +ATOMIC_OPS(xor, xor)
6503
6504 #define atomic_fetch_and_relaxed atomic_fetch_and_relaxed
6505 #define atomic_fetch_or_relaxed atomic_fetch_or_relaxed
6506 @@ -202,7 +267,9 @@ ATOMIC_OPS(xor, ^=, xor)
6507 #undef ATOMIC_OPS
6508 #undef ATOMIC_FETCH_OP
6509 #undef ATOMIC_OP_RETURN
6510 +#undef __ATOMIC_OP_RETURN
6511 #undef ATOMIC_OP
6512 +#undef __ATOMIC_OP
6513
6514 /*
6515 * atomic_sub_if_positive - conditionally subtract integer from atomic variable
6516 @@ -212,7 +279,7 @@ ATOMIC_OPS(xor, ^=, xor)
6517 * Atomically test @v and subtract @i if @v is greater or equal than @i.
6518 * The function returns the old value of @v minus @i.
6519 */
6520 -static __inline__ int atomic_sub_if_positive(int i, atomic_t * v)
6521 +static __inline__ int atomic_sub_if_positive(int i, atomic_t *v)
6522 {
6523 int result;
6524
6525 @@ -222,7 +289,7 @@ static __inline__ int atomic_sub_if_positive(int i, atomic_t * v)
6526 int temp;
6527
6528 __asm__ __volatile__(
6529 - " .set arch=r4000 \n"
6530 + " .set "MIPS_ISA_LEVEL" \n"
6531 "1: ll %1, %2 # atomic_sub_if_positive\n"
6532 " subu %0, %1, %3 \n"
6533 " bltz %0, 1f \n"
6534 @@ -271,8 +338,26 @@ static __inline__ int atomic_sub_if_positive(int i, atomic_t * v)
6535 return result;
6536 }
6537
6538 -#define atomic_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n)))
6539 -#define atomic_xchg(v, new) (xchg(&((v)->counter), (new)))
6540 +static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
6541 +{
6542 + return cmpxchg(&v->counter, old, new);
6543 +}
6544 +
6545 +static inline int atomic_cmpxchg_unchecked(atomic_unchecked_t *v, int old,
6546 + int new)
6547 +{
6548 + return cmpxchg(&(v->counter), old, new);
6549 +}
6550 +
6551 +static inline int atomic_xchg(atomic_t *v, int new)
6552 +{
6553 + return xchg(&v->counter, new);
6554 +}
6555 +
6556 +static inline int atomic_xchg_unchecked(atomic_unchecked_t *v, int new)
6557 +{
6558 + return xchg(&(v->counter), new);
6559 +}
6560
6561 /**
6562 * __atomic_add_unless - add unless the number is a given value
6563 @@ -300,6 +385,10 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u)
6564
6565 #define atomic_dec_return(v) atomic_sub_return(1, (v))
6566 #define atomic_inc_return(v) atomic_add_return(1, (v))
6567 +static __inline__ int atomic_inc_return_unchecked(atomic_unchecked_t *v)
6568 +{
6569 + return atomic_add_return_unchecked(1, v);
6570 +}
6571
6572 /*
6573 * atomic_sub_and_test - subtract value from variable and test result
6574 @@ -321,6 +410,10 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u)
6575 * other cases.
6576 */
6577 #define atomic_inc_and_test(v) (atomic_inc_return(v) == 0)
6578 +static __inline__ int atomic_inc_and_test_unchecked(atomic_unchecked_t *v)
6579 +{
6580 + return atomic_add_return_unchecked(1, v) == 0;
6581 +}
6582
6583 /*
6584 * atomic_dec_and_test - decrement by 1 and test
6585 @@ -345,6 +438,10 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u)
6586 * Atomically increments @v by 1.
6587 */
6588 #define atomic_inc(v) atomic_add(1, (v))
6589 +static __inline__ void atomic_inc_unchecked(atomic_unchecked_t *v)
6590 +{
6591 + atomic_add_unchecked(1, v);
6592 +}
6593
6594 /*
6595 * atomic_dec - decrement and test
6596 @@ -353,6 +450,10 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u)
6597 * Atomically decrements @v by 1.
6598 */
6599 #define atomic_dec(v) atomic_sub(1, (v))
6600 +static __inline__ void atomic_dec_unchecked(atomic_unchecked_t *v)
6601 +{
6602 + atomic_sub_unchecked(1, v);
6603 +}
6604
6605 /*
6606 * atomic_add_negative - add and test if negative
6607 @@ -374,54 +475,77 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u)
6608 * @v: pointer of type atomic64_t
6609 *
6610 */
6611 -#define atomic64_read(v) READ_ONCE((v)->counter)
6612 +static inline long atomic64_read(const atomic64_t *v)
6613 +{
6614 + return READ_ONCE(v->counter);
6615 +}
6616 +
6617 +static inline long atomic64_read_unchecked(const atomic64_unchecked_t *v)
6618 +{
6619 + return READ_ONCE(v->counter);
6620 +}
6621
6622 /*
6623 * atomic64_set - set atomic variable
6624 * @v: pointer of type atomic64_t
6625 * @i: required value
6626 */
6627 -#define atomic64_set(v, i) WRITE_ONCE((v)->counter, (i))
6628 +static inline void atomic64_set(atomic64_t *v, long i)
6629 +{
6630 + WRITE_ONCE(v->counter, i);
6631 +}
6632
6633 -#define ATOMIC64_OP(op, c_op, asm_op) \
6634 -static __inline__ void atomic64_##op(long i, atomic64_t * v) \
6635 +static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, long i)
6636 +{
6637 + WRITE_ONCE(v->counter, i);
6638 +}
6639 +
6640 +#define __ATOMIC64_OP(op, suffix, asm_op, extable) \
6641 +static inline void atomic64_##op##suffix(long i, atomic64##suffix##_t * v) \
6642 { \
6643 if (kernel_uses_llsc && R10000_LLSC_WAR) { \
6644 long temp; \
6645 \
6646 __asm__ __volatile__( \
6647 - " .set arch=r4000 \n" \
6648 - "1: lld %0, %1 # atomic64_" #op " \n" \
6649 - " " #asm_op " %0, %2 \n" \
6650 + " .set "MIPS_ISA_LEVEL" \n" \
6651 + "1: lld %0, %1 # atomic64_" #op #suffix "\n" \
6652 + "2: " #asm_op " %0, %2 \n" \
6653 " scd %0, %1 \n" \
6654 " beqzl %0, 1b \n" \
6655 + extable \
6656 " .set mips0 \n" \
6657 : "=&r" (temp), "+" GCC_OFF_SMALL_ASM() (v->counter) \
6658 : "Ir" (i)); \
6659 } else if (kernel_uses_llsc) { \
6660 long temp; \
6661 \
6662 - do { \
6663 - __asm__ __volatile__( \
6664 - " .set "MIPS_ISA_LEVEL" \n" \
6665 - " lld %0, %1 # atomic64_" #op "\n" \
6666 - " " #asm_op " %0, %2 \n" \
6667 - " scd %0, %1 \n" \
6668 - " .set mips0 \n" \
6669 - : "=&r" (temp), "+" GCC_OFF_SMALL_ASM() (v->counter) \
6670 - : "Ir" (i)); \
6671 - } while (unlikely(!temp)); \
6672 + __asm__ __volatile__( \
6673 + " .set "MIPS_ISA_LEVEL" \n" \
6674 + "1: lld %0, %1 # atomic64_" #op #suffix "\n" \
6675 + "2: " #asm_op " %0, %2 \n" \
6676 + " scd %0, %1 \n" \
6677 + " beqz %0, 1b \n" \
6678 + extable \
6679 + " .set mips0 \n" \
6680 + : "=&r" (temp), "+" GCC_OFF_SMALL_ASM() (v->counter) \
6681 + : "Ir" (i)); \
6682 } else { \
6683 unsigned long flags; \
6684 \
6685 raw_local_irq_save(flags); \
6686 - v->counter c_op i; \
6687 + __asm__ __volatile__( \
6688 + "2: " #asm_op " %0, %1 \n" \
6689 + extable \
6690 + : "+" GCC_OFF_SMALL_ASM() (v->counter) : "Ir" (i)); \
6691 raw_local_irq_restore(flags); \
6692 } \
6693 }
6694
6695 -#define ATOMIC64_OP_RETURN(op, c_op, asm_op) \
6696 -static __inline__ long atomic64_##op##_return_relaxed(long i, atomic64_t * v) \
6697 +#define ATOMIC64_OP(op, asm_op) __ATOMIC64_OP(op, _unchecked, asm_op##u, ) \
6698 + __ATOMIC64_OP(op, , asm_op, __OVERFLOW_EXTABLE)
6699 +
6700 +#define __ATOMIC64_OP_RETURN(op, suffix, asm_op, post_op, extable) \
6701 +static inline long atomic64_##op##_return##suffix##_relaxed(long i, atomic64##suffix##_t * v)\
6702 { \
6703 long result; \
6704 \
6705 @@ -429,12 +553,15 @@ static __inline__ long atomic64_##op##_return_relaxed(long i, atomic64_t * v) \
6706 long temp; \
6707 \
6708 __asm__ __volatile__( \
6709 - " .set arch=r4000 \n" \
6710 + " .set mips3 \n" \
6711 "1: lld %1, %2 # atomic64_" #op "_return\n" \
6712 - " " #asm_op " %0, %1, %3 \n" \
6713 + "2: " #asm_op " %0, %1, %3 \n" \
6714 " scd %0, %2 \n" \
6715 " beqzl %0, 1b \n" \
6716 - " " #asm_op " %0, %1, %3 \n" \
6717 + post_op \
6718 + extable \
6719 + "4: " #asm_op " %0, %1, %3 \n" \
6720 + "5: \n" \
6721 " .set mips0 \n" \
6722 : "=&r" (result), "=&r" (temp), \
6723 "+" GCC_OFF_SMALL_ASM() (v->counter) \
6724 @@ -442,33 +569,42 @@ static __inline__ long atomic64_##op##_return_relaxed(long i, atomic64_t * v) \
6725 } else if (kernel_uses_llsc) { \
6726 long temp; \
6727 \
6728 - do { \
6729 - __asm__ __volatile__( \
6730 - " .set "MIPS_ISA_LEVEL" \n" \
6731 - " lld %1, %2 # atomic64_" #op "_return\n" \
6732 - " " #asm_op " %0, %1, %3 \n" \
6733 - " scd %0, %2 \n" \
6734 - " .set mips0 \n" \
6735 - : "=&r" (result), "=&r" (temp), \
6736 - "=" GCC_OFF_SMALL_ASM() (v->counter) \
6737 - : "Ir" (i), GCC_OFF_SMALL_ASM() (v->counter) \
6738 - : "memory"); \
6739 - } while (unlikely(!result)); \
6740 - \
6741 - result = temp; result c_op i; \
6742 + __asm__ __volatile__( \
6743 + " .set "MIPS_ISA_LEVEL" \n" \
6744 + "1: lld %1, %2 # atomic64_" #op "_return" #suffix "\n"\
6745 + "2: " #asm_op " %0, %1, %3 \n" \
6746 + " scd %0, %2 \n" \
6747 + " beqz %0, 1b \n" \
6748 + post_op \
6749 + extable \
6750 + "4: " #asm_op " %0, %1, %3 \n" \
6751 + "5: \n" \
6752 + " .set mips0 \n" \
6753 + : "=&r" (result), "=&r" (temp), \
6754 + "=" GCC_OFF_SMALL_ASM() (v->counter) \
6755 + : "Ir" (i), GCC_OFF_SMALL_ASM() (v->counter) \
6756 + : "memory"); \
6757 } else { \
6758 unsigned long flags; \
6759 \
6760 raw_local_irq_save(flags); \
6761 - result = v->counter; \
6762 - result c_op i; \
6763 - v->counter = result; \
6764 + __asm__ __volatile__( \
6765 + " ld %0, %1 \n" \
6766 + "2: " #asm_op " %0, %1, %2 \n" \
6767 + " sd %0, %1 \n" \
6768 + "3: \n" \
6769 + extable \
6770 + : "=&r" (result), "+" GCC_OFF_SMALL_ASM() (v->counter) \
6771 + : "Ir" (i)); \
6772 raw_local_irq_restore(flags); \
6773 } \
6774 \
6775 return result; \
6776 }
6777
6778 +#define ATOMIC64_OP_RETURN(op, asm_op) __ATOMIC64_OP_RETURN(op, _unchecked, asm_op##u, , ) \
6779 + __ATOMIC64_OP_RETURN(op, , asm_op, __OVERFLOW_POST, __OVERFLOW_EXTABLE)
6780 +
6781 #define ATOMIC64_FETCH_OP(op, c_op, asm_op) \
6782 static __inline__ long atomic64_fetch_##op##_relaxed(long i, atomic64_t * v) \
6783 { \
6784 @@ -517,13 +653,13 @@ static __inline__ long atomic64_fetch_##op##_relaxed(long i, atomic64_t * v) \
6785 return result; \
6786 }
6787
6788 -#define ATOMIC64_OPS(op, c_op, asm_op) \
6789 - ATOMIC64_OP(op, c_op, asm_op) \
6790 - ATOMIC64_OP_RETURN(op, c_op, asm_op) \
6791 - ATOMIC64_FETCH_OP(op, c_op, asm_op)
6792 +#define ATOMIC64_OPS(op, asm_op) \
6793 + ATOMIC64_OP(op, asm_op) \
6794 + ATOMIC64_OP_RETURN(op, asm_op) \
6795 + ATOMIC64_FETCH_OP(op, asm_op)
6796
6797 -ATOMIC64_OPS(add, +=, daddu)
6798 -ATOMIC64_OPS(sub, -=, dsubu)
6799 +ATOMIC64_OPS(add, daddu)
6800 +ATOMIC64_OPS(sub, dsubu)
6801
6802 #define atomic64_add_return_relaxed atomic64_add_return_relaxed
6803 #define atomic64_sub_return_relaxed atomic64_sub_return_relaxed
6804 @@ -531,13 +667,13 @@ ATOMIC64_OPS(sub, -=, dsubu)
6805 #define atomic64_fetch_sub_relaxed atomic64_fetch_sub_relaxed
6806
6807 #undef ATOMIC64_OPS
6808 -#define ATOMIC64_OPS(op, c_op, asm_op) \
6809 - ATOMIC64_OP(op, c_op, asm_op) \
6810 - ATOMIC64_FETCH_OP(op, c_op, asm_op)
6811 +#define ATOMIC64_OPS(op, asm_op) \
6812 + ATOMIC64_OP(op, asm_op) \
6813 + ATOMIC64_FETCH_OP(op, asm_op)
6814
6815 -ATOMIC64_OPS(and, &=, and)
6816 -ATOMIC64_OPS(or, |=, or)
6817 -ATOMIC64_OPS(xor, ^=, xor)
6818 +ATOMIC64_OPS(and, and)
6819 +ATOMIC64_OPS(or, or)
6820 +ATOMIC64_OPS(xor, xor)
6821
6822 #define atomic64_fetch_and_relaxed atomic64_fetch_and_relaxed
6823 #define atomic64_fetch_or_relaxed atomic64_fetch_or_relaxed
6824 @@ -546,7 +682,11 @@ ATOMIC64_OPS(xor, ^=, xor)
6825 #undef ATOMIC64_OPS
6826 #undef ATOMIC64_FETCH_OP
6827 #undef ATOMIC64_OP_RETURN
6828 +#undef __ATOMIC64_OP_RETURN
6829 #undef ATOMIC64_OP
6830 +#undef __ATOMIC64_OP
6831 +#undef __OVERFLOW_EXTABLE
6832 +#undef __OVERFLOW_POST
6833
6834 /*
6835 * atomic64_sub_if_positive - conditionally subtract integer from atomic
6836 @@ -557,7 +697,7 @@ ATOMIC64_OPS(xor, ^=, xor)
6837 * Atomically test @v and subtract @i if @v is greater or equal than @i.
6838 * The function returns the old value of @v minus @i.
6839 */
6840 -static __inline__ long atomic64_sub_if_positive(long i, atomic64_t * v)
6841 +static __inline__ long atomic64_sub_if_positive(long i, atomic64_t *v)
6842 {
6843 long result;
6844
6845 @@ -567,7 +707,7 @@ static __inline__ long atomic64_sub_if_positive(long i, atomic64_t * v)
6846 long temp;
6847
6848 __asm__ __volatile__(
6849 - " .set arch=r4000 \n"
6850 + " .set "MIPS_ISA_LEVEL" \n"
6851 "1: lld %1, %2 # atomic64_sub_if_positive\n"
6852 " dsubu %0, %1, %3 \n"
6853 " bltz %0, 1f \n"
6854 @@ -616,9 +756,26 @@ static __inline__ long atomic64_sub_if_positive(long i, atomic64_t * v)
6855 return result;
6856 }
6857
6858 -#define atomic64_cmpxchg(v, o, n) \
6859 - ((__typeof__((v)->counter))cmpxchg(&((v)->counter), (o), (n)))
6860 -#define atomic64_xchg(v, new) (xchg(&((v)->counter), (new)))
6861 +static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new)
6862 +{
6863 + return cmpxchg(&v->counter, old, new);
6864 +}
6865 +
6866 +static inline long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, long old,
6867 + long new)
6868 +{
6869 + return cmpxchg(&(v->counter), old, new);
6870 +}
6871 +
6872 +static inline long atomic64_xchg(atomic64_t *v, long new)
6873 +{
6874 + return xchg(&v->counter, new);
6875 +}
6876 +
6877 +static inline long atomic64_xchg_unchecked(atomic64_unchecked_t *v, long new)
6878 +{
6879 + return xchg(&(v->counter), new);
6880 +}
6881
6882 /**
6883 * atomic64_add_unless - add unless the number is a given value
6884 @@ -648,6 +805,7 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u)
6885
6886 #define atomic64_dec_return(v) atomic64_sub_return(1, (v))
6887 #define atomic64_inc_return(v) atomic64_add_return(1, (v))
6888 +#define atomic64_inc_return_unchecked(v) atomic64_add_return_unchecked(1, (v))
6889
6890 /*
6891 * atomic64_sub_and_test - subtract value from variable and test result
6892 @@ -669,6 +827,7 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u)
6893 * other cases.
6894 */
6895 #define atomic64_inc_and_test(v) (atomic64_inc_return(v) == 0)
6896 +#define atomic64_inc_and_test_unchecked(v) atomic64_add_return_unchecked(1, (v)) == 0)
6897
6898 /*
6899 * atomic64_dec_and_test - decrement by 1 and test
6900 @@ -693,6 +852,7 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u)
6901 * Atomically increments @v by 1.
6902 */
6903 #define atomic64_inc(v) atomic64_add(1, (v))
6904 +#define atomic64_inc_unchecked(v) atomic64_add_unchecked(1, (v))
6905
6906 /*
6907 * atomic64_dec - decrement and test
6908 @@ -701,6 +861,7 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u)
6909 * Atomically decrements @v by 1.
6910 */
6911 #define atomic64_dec(v) atomic64_sub(1, (v))
6912 +#define atomic64_dec_unchecked(v) atomic64_sub_unchecked(1, (v))
6913
6914 /*
6915 * atomic64_add_negative - add and test if negative
6916 diff --git a/arch/mips/include/asm/cache.h b/arch/mips/include/asm/cache.h
6917 index b4db69f..8f3b093 100644
6918 --- a/arch/mips/include/asm/cache.h
6919 +++ b/arch/mips/include/asm/cache.h
6920 @@ -9,10 +9,11 @@
6921 #ifndef _ASM_CACHE_H
6922 #define _ASM_CACHE_H
6923
6924 +#include <linux/const.h>
6925 #include <kmalloc.h>
6926
6927 #define L1_CACHE_SHIFT CONFIG_MIPS_L1_CACHE_SHIFT
6928 -#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
6929 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
6930
6931 #define SMP_CACHE_SHIFT L1_CACHE_SHIFT
6932 #define SMP_CACHE_BYTES L1_CACHE_BYTES
6933 diff --git a/arch/mips/include/asm/elf.h b/arch/mips/include/asm/elf.h
6934 index 2b3dc29..1f7bdc4 100644
6935 --- a/arch/mips/include/asm/elf.h
6936 +++ b/arch/mips/include/asm/elf.h
6937 @@ -458,6 +458,13 @@ extern const char *__elf_platform;
6938 #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
6939 #endif
6940
6941 +#ifdef CONFIG_PAX_ASLR
6942 +#define PAX_ELF_ET_DYN_BASE (TASK_IS_32BIT_ADDR ? 0x00400000UL : 0x00400000UL)
6943 +
6944 +#define PAX_DELTA_MMAP_LEN (TASK_IS_32BIT_ADDR ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
6945 +#define PAX_DELTA_STACK_LEN (TASK_IS_32BIT_ADDR ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
6946 +#endif
6947 +
6948 /* update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT entries changes */
6949 #define ARCH_DLINFO \
6950 do { \
6951 diff --git a/arch/mips/include/asm/exec.h b/arch/mips/include/asm/exec.h
6952 index c1f6afa..38cc6e9 100644
6953 --- a/arch/mips/include/asm/exec.h
6954 +++ b/arch/mips/include/asm/exec.h
6955 @@ -12,6 +12,6 @@
6956 #ifndef _ASM_EXEC_H
6957 #define _ASM_EXEC_H
6958
6959 -extern unsigned long arch_align_stack(unsigned long sp);
6960 +#define arch_align_stack(x) ((x) & ~0xfUL)
6961
6962 #endif /* _ASM_EXEC_H */
6963 diff --git a/arch/mips/include/asm/hw_irq.h b/arch/mips/include/asm/hw_irq.h
6964 index 9e8ef59..1139d6b 100644
6965 --- a/arch/mips/include/asm/hw_irq.h
6966 +++ b/arch/mips/include/asm/hw_irq.h
6967 @@ -10,7 +10,7 @@
6968
6969 #include <linux/atomic.h>
6970
6971 -extern atomic_t irq_err_count;
6972 +extern atomic_unchecked_t irq_err_count;
6973
6974 /*
6975 * interrupt-retrigger: NOP for now. This may not be appropriate for all
6976 diff --git a/arch/mips/include/asm/irq.h b/arch/mips/include/asm/irq.h
6977 index 15e0fec..3ee3eec 100644
6978 --- a/arch/mips/include/asm/irq.h
6979 +++ b/arch/mips/include/asm/irq.h
6980 @@ -11,7 +11,6 @@
6981
6982 #include <linux/linkage.h>
6983 #include <linux/smp.h>
6984 -#include <linux/irqdomain.h>
6985
6986 #include <asm/mipsmtregs.h>
6987
6988 diff --git a/arch/mips/include/asm/local.h b/arch/mips/include/asm/local.h
6989 index 8feaed6..1bd8a64 100644
6990 --- a/arch/mips/include/asm/local.h
6991 +++ b/arch/mips/include/asm/local.h
6992 @@ -13,15 +13,25 @@ typedef struct
6993 atomic_long_t a;
6994 } local_t;
6995
6996 +typedef struct {
6997 + atomic_long_unchecked_t a;
6998 +} local_unchecked_t;
6999 +
7000 #define LOCAL_INIT(i) { ATOMIC_LONG_INIT(i) }
7001
7002 #define local_read(l) atomic_long_read(&(l)->a)
7003 +#define local_read_unchecked(l) atomic_long_read_unchecked(&(l)->a)
7004 #define local_set(l, i) atomic_long_set(&(l)->a, (i))
7005 +#define local_set_unchecked(l, i) atomic_long_set_unchecked(&(l)->a, (i))
7006
7007 #define local_add(i, l) atomic_long_add((i), (&(l)->a))
7008 +#define local_add_unchecked(i, l) atomic_long_add_unchecked((i), (&(l)->a))
7009 #define local_sub(i, l) atomic_long_sub((i), (&(l)->a))
7010 +#define local_sub_unchecked(i, l) atomic_long_sub_unchecked((i), (&(l)->a))
7011 #define local_inc(l) atomic_long_inc(&(l)->a)
7012 +#define local_inc_unchecked(l) atomic_long_inc_unchecked(&(l)->a)
7013 #define local_dec(l) atomic_long_dec(&(l)->a)
7014 +#define local_dec_unchecked(l) atomic_long_dec_unchecked(&(l)->a)
7015
7016 /*
7017 * Same as above, but return the result value
7018 @@ -71,6 +81,51 @@ static __inline__ long local_add_return(long i, local_t * l)
7019 return result;
7020 }
7021
7022 +static __inline__ long local_add_return_unchecked(long i, local_unchecked_t * l)
7023 +{
7024 + unsigned long result;
7025 +
7026 + if (kernel_uses_llsc && R10000_LLSC_WAR) {
7027 + unsigned long temp;
7028 +
7029 + __asm__ __volatile__(
7030 + " .set mips3 \n"
7031 + "1:" __LL "%1, %2 # local_add_return \n"
7032 + " addu %0, %1, %3 \n"
7033 + __SC "%0, %2 \n"
7034 + " beqzl %0, 1b \n"
7035 + " addu %0, %1, %3 \n"
7036 + " .set mips0 \n"
7037 + : "=&r" (result), "=&r" (temp), "=m" (l->a.counter)
7038 + : "Ir" (i), "m" (l->a.counter)
7039 + : "memory");
7040 + } else if (kernel_uses_llsc) {
7041 + unsigned long temp;
7042 +
7043 + __asm__ __volatile__(
7044 + " .set mips3 \n"
7045 + "1:" __LL "%1, %2 # local_add_return \n"
7046 + " addu %0, %1, %3 \n"
7047 + __SC "%0, %2 \n"
7048 + " beqz %0, 1b \n"
7049 + " addu %0, %1, %3 \n"
7050 + " .set mips0 \n"
7051 + : "=&r" (result), "=&r" (temp), "=m" (l->a.counter)
7052 + : "Ir" (i), "m" (l->a.counter)
7053 + : "memory");
7054 + } else {
7055 + unsigned long flags;
7056 +
7057 + local_irq_save(flags);
7058 + result = l->a.counter;
7059 + result += i;
7060 + l->a.counter = result;
7061 + local_irq_restore(flags);
7062 + }
7063 +
7064 + return result;
7065 +}
7066 +
7067 static __inline__ long local_sub_return(long i, local_t * l)
7068 {
7069 unsigned long result;
7070 @@ -118,6 +173,8 @@ static __inline__ long local_sub_return(long i, local_t * l)
7071
7072 #define local_cmpxchg(l, o, n) \
7073 ((long)cmpxchg_local(&((l)->a.counter), (o), (n)))
7074 +#define local_cmpxchg_unchecked(l, o, n) \
7075 + ((long)cmpxchg_local(&((l)->a.counter), (o), (n)))
7076 #define local_xchg(l, n) (atomic_long_xchg((&(l)->a), (n)))
7077
7078 /**
7079 diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h
7080 index 5f98759..a3a7cb2 100644
7081 --- a/arch/mips/include/asm/page.h
7082 +++ b/arch/mips/include/asm/page.h
7083 @@ -118,7 +118,7 @@ extern void copy_user_highpage(struct page *to, struct page *from,
7084 #ifdef CONFIG_CPU_MIPS32
7085 typedef struct { unsigned long pte_low, pte_high; } pte_t;
7086 #define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32))
7087 - #define __pte(x) ({ pte_t __pte = {(x), ((unsigned long long)(x)) >> 32}; __pte; })
7088 + #define __pte(x) ({ pte_t __pte = {(x), (x) >> 32}; __pte; })
7089 #else
7090 typedef struct { unsigned long long pte; } pte_t;
7091 #define pte_val(x) ((x).pte)
7092 diff --git a/arch/mips/include/asm/pgalloc.h b/arch/mips/include/asm/pgalloc.h
7093 index 93c079a..1d6bf7c 100644
7094 --- a/arch/mips/include/asm/pgalloc.h
7095 +++ b/arch/mips/include/asm/pgalloc.h
7096 @@ -37,6 +37,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
7097 {
7098 set_pud(pud, __pud((unsigned long)pmd));
7099 }
7100 +
7101 +static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
7102 +{
7103 + pud_populate(mm, pud, pmd);
7104 +}
7105 #endif
7106
7107 /*
7108 diff --git a/arch/mips/include/asm/pgtable.h b/arch/mips/include/asm/pgtable.h
7109 index 70128d3..471bc25 100644
7110 --- a/arch/mips/include/asm/pgtable.h
7111 +++ b/arch/mips/include/asm/pgtable.h
7112 @@ -20,6 +20,9 @@
7113 #include <asm/io.h>
7114 #include <asm/pgtable-bits.h>
7115
7116 +#define ktla_ktva(addr) (addr)
7117 +#define ktva_ktla(addr) (addr)
7118 +
7119 struct mm_struct;
7120 struct vm_area_struct;
7121
7122 diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h
7123 index e309d8f..20eefec 100644
7124 --- a/arch/mips/include/asm/thread_info.h
7125 +++ b/arch/mips/include/asm/thread_info.h
7126 @@ -101,6 +101,9 @@ static inline struct thread_info *current_thread_info(void)
7127 #define TIF_NOTIFY_RESUME 5 /* callback before returning to user */
7128 #define TIF_UPROBE 6 /* breakpointed or singlestepping */
7129 #define TIF_RESTORE_SIGMASK 9 /* restore signal mask in do_signal() */
7130 +/* li takes a 32bit immediate */
7131 +#define TIF_GRSEC_SETXID 10 /* update credentials on syscall entry/exit */
7132 +
7133 #define TIF_USEDFPU 16 /* FPU was used by this task this quantum (SMP) */
7134 #define TIF_MEMDIE 18 /* is terminating due to OOM killer */
7135 #define TIF_NOHZ 19 /* in adaptive nohz mode */
7136 @@ -137,14 +140,16 @@ static inline struct thread_info *current_thread_info(void)
7137 #define _TIF_USEDMSA (1<<TIF_USEDMSA)
7138 #define _TIF_MSA_CTX_LIVE (1<<TIF_MSA_CTX_LIVE)
7139 #define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT)
7140 +#define _TIF_GRSEC_SETXID (1<<TIF_GRSEC_SETXID)
7141
7142 #define _TIF_WORK_SYSCALL_ENTRY (_TIF_NOHZ | _TIF_SYSCALL_TRACE | \
7143 _TIF_SYSCALL_AUDIT | \
7144 - _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP)
7145 + _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP | \
7146 + _TIF_GRSEC_SETXID)
7147
7148 /* work to do in syscall_trace_leave() */
7149 #define _TIF_WORK_SYSCALL_EXIT (_TIF_NOHZ | _TIF_SYSCALL_TRACE | \
7150 - _TIF_SYSCALL_AUDIT | _TIF_SYSCALL_TRACEPOINT)
7151 + _TIF_SYSCALL_AUDIT | _TIF_SYSCALL_TRACEPOINT | _TIF_GRSEC_SETXID)
7152
7153 /* work to do on interrupt/exception return */
7154 #define _TIF_WORK_MASK \
7155 @@ -153,7 +158,7 @@ static inline struct thread_info *current_thread_info(void)
7156 /* work to do on any return to u-space */
7157 #define _TIF_ALLWORK_MASK (_TIF_NOHZ | _TIF_WORK_MASK | \
7158 _TIF_WORK_SYSCALL_EXIT | \
7159 - _TIF_SYSCALL_TRACEPOINT)
7160 + _TIF_SYSCALL_TRACEPOINT | _TIF_GRSEC_SETXID)
7161
7162 /*
7163 * We stash processor id into a COP0 register to retrieve it fast
7164 diff --git a/arch/mips/include/asm/uaccess.h b/arch/mips/include/asm/uaccess.h
7165 index 21a2aab..c00b80d 100644
7166 --- a/arch/mips/include/asm/uaccess.h
7167 +++ b/arch/mips/include/asm/uaccess.h
7168 @@ -147,6 +147,7 @@ static inline bool eva_kernel_access(void)
7169 __ok == 0; \
7170 })
7171
7172 +#define access_ok_noprefault(type, addr, size) access_ok((type), (addr), (size))
7173 #define access_ok(type, addr, size) \
7174 likely(__access_ok((addr), (size), __access_mask))
7175
7176 diff --git a/arch/mips/kernel/binfmt_elfn32.c b/arch/mips/kernel/binfmt_elfn32.c
7177 index 58ad63d..051b4b7 100644
7178 --- a/arch/mips/kernel/binfmt_elfn32.c
7179 +++ b/arch/mips/kernel/binfmt_elfn32.c
7180 @@ -36,6 +36,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG];
7181 #undef ELF_ET_DYN_BASE
7182 #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
7183
7184 +#ifdef CONFIG_PAX_ASLR
7185 +#define PAX_ELF_ET_DYN_BASE (TASK_IS_32BIT_ADDR ? 0x00400000UL : 0x00400000UL)
7186 +
7187 +#define PAX_DELTA_MMAP_LEN (TASK_IS_32BIT_ADDR ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
7188 +#define PAX_DELTA_STACK_LEN (TASK_IS_32BIT_ADDR ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
7189 +#endif
7190 +
7191 #include <asm/processor.h>
7192 #include <linux/module.h>
7193 #include <linux/elfcore.h>
7194 diff --git a/arch/mips/kernel/binfmt_elfo32.c b/arch/mips/kernel/binfmt_elfo32.c
7195 index 49fb881..b9ab7c2 100644
7196 --- a/arch/mips/kernel/binfmt_elfo32.c
7197 +++ b/arch/mips/kernel/binfmt_elfo32.c
7198 @@ -40,6 +40,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG];
7199 #undef ELF_ET_DYN_BASE
7200 #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
7201
7202 +#ifdef CONFIG_PAX_ASLR
7203 +#define PAX_ELF_ET_DYN_BASE (TASK_IS_32BIT_ADDR ? 0x00400000UL : 0x00400000UL)
7204 +
7205 +#define PAX_DELTA_MMAP_LEN (TASK_IS_32BIT_ADDR ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
7206 +#define PAX_DELTA_STACK_LEN (TASK_IS_32BIT_ADDR ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
7207 +#endif
7208 +
7209 #include <asm/processor.h>
7210
7211 #include <linux/module.h>
7212 diff --git a/arch/mips/kernel/irq-gt641xx.c b/arch/mips/kernel/irq-gt641xx.c
7213 index 44a1f79..2bd6aa3 100644
7214 --- a/arch/mips/kernel/irq-gt641xx.c
7215 +++ b/arch/mips/kernel/irq-gt641xx.c
7216 @@ -110,7 +110,7 @@ void gt641xx_irq_dispatch(void)
7217 }
7218 }
7219
7220 - atomic_inc(&irq_err_count);
7221 + atomic_inc_unchecked(&irq_err_count);
7222 }
7223
7224 void __init gt641xx_irq_init(void)
7225 diff --git a/arch/mips/kernel/irq.c b/arch/mips/kernel/irq.c
7226 index f25f7ea..19e1c62 100644
7227 --- a/arch/mips/kernel/irq.c
7228 +++ b/arch/mips/kernel/irq.c
7229 @@ -34,17 +34,17 @@ void ack_bad_irq(unsigned int irq)
7230 printk("unexpected IRQ # %d\n", irq);
7231 }
7232
7233 -atomic_t irq_err_count;
7234 +atomic_unchecked_t irq_err_count;
7235
7236 int arch_show_interrupts(struct seq_file *p, int prec)
7237 {
7238 - seq_printf(p, "%*s: %10u\n", prec, "ERR", atomic_read(&irq_err_count));
7239 + seq_printf(p, "%*s: %10u\n", prec, "ERR", atomic_read_unchecked(&irq_err_count));
7240 return 0;
7241 }
7242
7243 asmlinkage void spurious_interrupt(void)
7244 {
7245 - atomic_inc(&irq_err_count);
7246 + atomic_inc_unchecked(&irq_err_count);
7247 }
7248
7249 void __init init_IRQ(void)
7250 @@ -61,6 +61,8 @@ void __init init_IRQ(void)
7251 }
7252
7253 #ifdef CONFIG_DEBUG_STACKOVERFLOW
7254 +
7255 +extern void gr_handle_kernel_exploit(void);
7256 static inline void check_stack_overflow(void)
7257 {
7258 unsigned long sp;
7259 @@ -76,6 +78,7 @@ static inline void check_stack_overflow(void)
7260 printk("do_IRQ: stack overflow: %ld\n",
7261 sp - sizeof(struct thread_info));
7262 dump_stack();
7263 + gr_handle_kernel_exploit();
7264 }
7265 }
7266 #else
7267 diff --git a/arch/mips/kernel/pm-cps.c b/arch/mips/kernel/pm-cps.c
7268 index 5b31a94..15ac4a1 100644
7269 --- a/arch/mips/kernel/pm-cps.c
7270 +++ b/arch/mips/kernel/pm-cps.c
7271 @@ -172,7 +172,7 @@ int cps_pm_enter_state(enum cps_pm_state state)
7272 nc_core_ready_count = nc_addr;
7273
7274 /* Ensure ready_count is zero-initialised before the assembly runs */
7275 - ACCESS_ONCE(*nc_core_ready_count) = 0;
7276 + ACCESS_ONCE_RW(*nc_core_ready_count) = 0;
7277 coupled_barrier(&per_cpu(pm_barrier, core), online);
7278
7279 /* Run the generated entry code */
7280 diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c
7281 index d2d0615..46c1803 100644
7282 --- a/arch/mips/kernel/process.c
7283 +++ b/arch/mips/kernel/process.c
7284 @@ -545,18 +545,6 @@ out:
7285 return pc;
7286 }
7287
7288 -/*
7289 - * Don't forget that the stack pointer must be aligned on a 8 bytes
7290 - * boundary for 32-bits ABI and 16 bytes for 64-bits ABI.
7291 - */
7292 -unsigned long arch_align_stack(unsigned long sp)
7293 -{
7294 - if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
7295 - sp -= get_random_int() & ~PAGE_MASK;
7296 -
7297 - return sp & ALMASK;
7298 -}
7299 -
7300 static void arch_dump_stack(void *info)
7301 {
7302 struct pt_regs *regs;
7303 diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
7304 index 6103b24..8253315 100644
7305 --- a/arch/mips/kernel/ptrace.c
7306 +++ b/arch/mips/kernel/ptrace.c
7307 @@ -882,6 +882,10 @@ long arch_ptrace(struct task_struct *child, long request,
7308 return ret;
7309 }
7310
7311 +#ifdef CONFIG_GRKERNSEC_SETXID
7312 +extern void gr_delayed_cred_worker(void);
7313 +#endif
7314 +
7315 /*
7316 * Notification of system call entry/exit
7317 * - triggered by current->work.syscall_trace
7318 @@ -899,6 +903,11 @@ asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall)
7319 if (secure_computing(NULL) == -1)
7320 return -1;
7321
7322 +#ifdef CONFIG_GRKERNSEC_SETXID
7323 + if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID)))
7324 + gr_delayed_cred_worker();
7325 +#endif
7326 +
7327 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
7328 trace_sys_enter(regs, regs->regs[2]);
7329
7330 diff --git a/arch/mips/kernel/sync-r4k.c b/arch/mips/kernel/sync-r4k.c
7331 index 4472a7f..c5905e6 100644
7332 --- a/arch/mips/kernel/sync-r4k.c
7333 +++ b/arch/mips/kernel/sync-r4k.c
7334 @@ -18,8 +18,8 @@
7335 #include <asm/mipsregs.h>
7336
7337 static unsigned int initcount = 0;
7338 -static atomic_t count_count_start = ATOMIC_INIT(0);
7339 -static atomic_t count_count_stop = ATOMIC_INIT(0);
7340 +static atomic_unchecked_t count_count_start = ATOMIC_INIT(0);
7341 +static atomic_unchecked_t count_count_stop = ATOMIC_INIT(0);
7342
7343 #define COUNTON 100
7344 #define NR_LOOPS 3
7345 @@ -46,13 +46,13 @@ void synchronise_count_master(int cpu)
7346
7347 for (i = 0; i < NR_LOOPS; i++) {
7348 /* slaves loop on '!= 2' */
7349 - while (atomic_read(&count_count_start) != 1)
7350 + while (atomic_read_unchecked(&count_count_start) != 1)
7351 mb();
7352 - atomic_set(&count_count_stop, 0);
7353 + atomic_set_unchecked(&count_count_stop, 0);
7354 smp_wmb();
7355
7356 /* Let the slave writes its count register */
7357 - atomic_inc(&count_count_start);
7358 + atomic_inc_unchecked(&count_count_start);
7359
7360 /* Count will be initialised to current timer */
7361 if (i == 1)
7362 @@ -67,11 +67,11 @@ void synchronise_count_master(int cpu)
7363 /*
7364 * Wait for slave to leave the synchronization point:
7365 */
7366 - while (atomic_read(&count_count_stop) != 1)
7367 + while (atomic_read_unchecked(&count_count_stop) != 1)
7368 mb();
7369 - atomic_set(&count_count_start, 0);
7370 + atomic_set_unchecked(&count_count_start, 0);
7371 smp_wmb();
7372 - atomic_inc(&count_count_stop);
7373 + atomic_inc_unchecked(&count_count_stop);
7374 }
7375 /* Arrange for an interrupt in a short while */
7376 write_c0_compare(read_c0_count() + COUNTON);
7377 @@ -96,8 +96,8 @@ void synchronise_count_slave(int cpu)
7378 */
7379
7380 for (i = 0; i < NR_LOOPS; i++) {
7381 - atomic_inc(&count_count_start);
7382 - while (atomic_read(&count_count_start) != 2)
7383 + atomic_inc_unchecked(&count_count_start);
7384 + while (atomic_read_unchecked(&count_count_start) != 2)
7385 mb();
7386
7387 /*
7388 @@ -106,8 +106,8 @@ void synchronise_count_slave(int cpu)
7389 if (i == NR_LOOPS-1)
7390 write_c0_count(initcount);
7391
7392 - atomic_inc(&count_count_stop);
7393 - while (atomic_read(&count_count_stop) != 2)
7394 + atomic_inc_unchecked(&count_count_stop);
7395 + while (atomic_read_unchecked(&count_count_stop) != 2)
7396 mb();
7397 }
7398 /* Arrange for an interrupt in a short while */
7399 diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
7400 index 3de85be..73560ec 100644
7401 --- a/arch/mips/kernel/traps.c
7402 +++ b/arch/mips/kernel/traps.c
7403 @@ -695,7 +695,18 @@ asmlinkage void do_ov(struct pt_regs *regs)
7404 };
7405
7406 prev_state = exception_enter();
7407 - die_if_kernel("Integer overflow", regs);
7408 + if (unlikely(!user_mode(regs))) {
7409 +
7410 +#ifdef CONFIG_PAX_REFCOUNT
7411 + if (fixup_exception(regs)) {
7412 + pax_report_refcount_error(regs, NULL);
7413 + exception_exit(prev_state);
7414 + return;
7415 + }
7416 +#endif
7417 +
7418 + die("Integer overflow", regs);
7419 + }
7420
7421 force_sig_info(SIGFPE, &info, current);
7422 exception_exit(prev_state);
7423 diff --git a/arch/mips/lib/ashldi3.c b/arch/mips/lib/ashldi3.c
7424 index 927dc94..27269ee 100644
7425 --- a/arch/mips/lib/ashldi3.c
7426 +++ b/arch/mips/lib/ashldi3.c
7427 @@ -2,7 +2,11 @@
7428
7429 #include "libgcc.h"
7430
7431 -long long notrace __ashldi3(long long u, word_type b)
7432 +#ifdef CONFIG_64BIT
7433 +DWtype notrace __ashlti3(DWtype u, word_type b)
7434 +#else
7435 +DWtype notrace __ashldi3(DWtype u, word_type b)
7436 +#endif
7437 {
7438 DWunion uu, w;
7439 word_type bm;
7440 @@ -11,19 +15,22 @@ long long notrace __ashldi3(long long u, word_type b)
7441 return u;
7442
7443 uu.ll = u;
7444 - bm = 32 - b;
7445 + bm = BITS_PER_LONG - b;
7446
7447 if (bm <= 0) {
7448 w.s.low = 0;
7449 - w.s.high = (unsigned int) uu.s.low << -bm;
7450 + w.s.high = (unsigned long) uu.s.low << -bm;
7451 } else {
7452 - const unsigned int carries = (unsigned int) uu.s.low >> bm;
7453 + const unsigned long carries = (unsigned long) uu.s.low >> bm;
7454
7455 - w.s.low = (unsigned int) uu.s.low << b;
7456 - w.s.high = ((unsigned int) uu.s.high << b) | carries;
7457 + w.s.low = (unsigned long) uu.s.low << b;
7458 + w.s.high = ((unsigned long) uu.s.high << b) | carries;
7459 }
7460
7461 return w.ll;
7462 }
7463 -
7464 +#ifdef CONFIG_64BIT
7465 +EXPORT_SYMBOL(__ashlti3);
7466 +#else
7467 EXPORT_SYMBOL(__ashldi3);
7468 +#endif
7469 diff --git a/arch/mips/lib/ashrdi3.c b/arch/mips/lib/ashrdi3.c
7470 index 9fdf1a5..6741f0e 100644
7471 --- a/arch/mips/lib/ashrdi3.c
7472 +++ b/arch/mips/lib/ashrdi3.c
7473 @@ -2,7 +2,11 @@
7474
7475 #include "libgcc.h"
7476
7477 -long long notrace __ashrdi3(long long u, word_type b)
7478 +#ifdef CONFIG_64BIT
7479 +DWtype notrace __ashrti3(DWtype u, word_type b)
7480 +#else
7481 +DWtype notrace __ashrdi3(DWtype u, word_type b)
7482 +#endif
7483 {
7484 DWunion uu, w;
7485 word_type bm;
7486 @@ -11,21 +15,24 @@ long long notrace __ashrdi3(long long u, word_type b)
7487 return u;
7488
7489 uu.ll = u;
7490 - bm = 32 - b;
7491 + bm = BITS_PER_LONG - b;
7492
7493 if (bm <= 0) {
7494 /* w.s.high = 1..1 or 0..0 */
7495 w.s.high =
7496 - uu.s.high >> 31;
7497 + uu.s.high >> (BITS_PER_LONG - 1);
7498 w.s.low = uu.s.high >> -bm;
7499 } else {
7500 - const unsigned int carries = (unsigned int) uu.s.high << bm;
7501 + const unsigned long carries = (unsigned long) uu.s.high << bm;
7502
7503 w.s.high = uu.s.high >> b;
7504 - w.s.low = ((unsigned int) uu.s.low >> b) | carries;
7505 + w.s.low = ((unsigned long) uu.s.low >> b) | carries;
7506 }
7507
7508 return w.ll;
7509 }
7510 -
7511 +#ifdef CONFIG_64BIT
7512 +EXPORT_SYMBOL(__ashrti3);
7513 +#else
7514 EXPORT_SYMBOL(__ashrdi3);
7515 +#endif
7516 diff --git a/arch/mips/lib/libgcc.h b/arch/mips/lib/libgcc.h
7517 index 05909d58..b03284b 100644
7518 --- a/arch/mips/lib/libgcc.h
7519 +++ b/arch/mips/lib/libgcc.h
7520 @@ -5,13 +5,19 @@
7521
7522 typedef int word_type __attribute__ ((mode (__word__)));
7523
7524 +#ifdef CONFIG_64BIT
7525 +typedef int DWtype __attribute__((mode(TI)));
7526 +#else
7527 +typedef long long DWtype;
7528 +#endif
7529 +
7530 #ifdef __BIG_ENDIAN
7531 struct DWstruct {
7532 - int high, low;
7533 + long high, low;
7534 };
7535 #elif defined(__LITTLE_ENDIAN)
7536 struct DWstruct {
7537 - int low, high;
7538 + long low, high;
7539 };
7540 #else
7541 #error I feel sick.
7542 @@ -19,7 +25,7 @@ struct DWstruct {
7543
7544 typedef union {
7545 struct DWstruct s;
7546 - long long ll;
7547 + DWtype ll;
7548 } DWunion;
7549
7550 #endif /* __ASM_LIBGCC_H */
7551 diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c
7552 index 9560ad7..da27540 100644
7553 --- a/arch/mips/mm/fault.c
7554 +++ b/arch/mips/mm/fault.c
7555 @@ -31,6 +31,23 @@
7556
7557 int show_unhandled_signals = 1;
7558
7559 +#ifdef CONFIG_PAX_PAGEEXEC
7560 +void pax_report_insns(struct pt_regs *regs, void *pc, void *sp)
7561 +{
7562 + unsigned long i;
7563 +
7564 + printk(KERN_ERR "PAX: bytes at PC: ");
7565 + for (i = 0; i < 5; i++) {
7566 + unsigned int c;
7567 + if (get_user(c, (unsigned int *)pc+i))
7568 + printk(KERN_CONT "???????? ");
7569 + else
7570 + printk(KERN_CONT "%08x ", c);
7571 + }
7572 + printk("\n");
7573 +}
7574 +#endif
7575 +
7576 /*
7577 * This routine handles page faults. It determines the address,
7578 * and the problem, and then passes it off to one of the appropriate
7579 @@ -205,6 +222,14 @@ bad_area:
7580 bad_area_nosemaphore:
7581 /* User mode accesses just cause a SIGSEGV */
7582 if (user_mode(regs)) {
7583 +
7584 +#ifdef CONFIG_PAX_PAGEEXEC
7585 + if (cpu_has_rixi && (mm->pax_flags & MF_PAX_PAGEEXEC) && !write && address == instruction_pointer(regs)) {
7586 + pax_report_fault(regs, (void *)address, (void *)user_stack_pointer(regs));
7587 + do_group_exit(SIGKILL);
7588 + }
7589 +#endif
7590 +
7591 tsk->thread.cp0_badvaddr = address;
7592 tsk->thread.error_code = write;
7593 if (show_unhandled_signals &&
7594 diff --git a/arch/mips/mm/init.c b/arch/mips/mm/init.c
7595 index 72f7478..06abd2a 100644
7596 --- a/arch/mips/mm/init.c
7597 +++ b/arch/mips/mm/init.c
7598 @@ -474,10 +474,10 @@ void __init mem_init(void)
7599
7600 #ifdef CONFIG_64BIT
7601 if ((unsigned long) &_text > (unsigned long) CKSEG0)
7602 - /* The -4 is a hack so that user tools don't have to handle
7603 + /* The -0x2000-4 is a hack so that user tools don't have to handle
7604 the overflow. */
7605 kclist_add(&kcore_kseg0, (void *) CKSEG0,
7606 - 0x80000000 - 4, KCORE_TEXT);
7607 + 0x80000000 - 0x2000 - 4, KCORE_TEXT);
7608 #endif
7609 }
7610 #endif /* !CONFIG_NEED_MULTIPLE_NODES */
7611 diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c
7612 index 3530376..754dde3 100644
7613 --- a/arch/mips/mm/mmap.c
7614 +++ b/arch/mips/mm/mmap.c
7615 @@ -59,6 +59,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
7616 struct vm_area_struct *vma;
7617 unsigned long addr = addr0;
7618 int do_color_align;
7619 + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
7620 struct vm_unmapped_area_info info;
7621
7622 if (unlikely(len > TASK_SIZE))
7623 @@ -84,6 +85,11 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
7624 do_color_align = 1;
7625
7626 /* requesting a specific address */
7627 +
7628 +#ifdef CONFIG_PAX_RANDMMAP
7629 + if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
7630 +#endif
7631 +
7632 if (addr) {
7633 if (do_color_align)
7634 addr = COLOUR_ALIGN(addr, pgoff);
7635 @@ -91,14 +97,14 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
7636 addr = PAGE_ALIGN(addr);
7637
7638 vma = find_vma(mm, addr);
7639 - if (TASK_SIZE - len >= addr &&
7640 - (!vma || addr + len <= vma->vm_start))
7641 + if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset))
7642 return addr;
7643 }
7644
7645 info.length = len;
7646 info.align_mask = do_color_align ? (PAGE_MASK & shm_align_mask) : 0;
7647 info.align_offset = pgoff << PAGE_SHIFT;
7648 + info.threadstack_offset = offset;
7649
7650 if (dir == DOWN) {
7651 info.flags = VM_UNMAPPED_AREA_TOPDOWN;
7652 @@ -160,14 +166,30 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
7653 {
7654 unsigned long random_factor = 0UL;
7655
7656 +#ifdef CONFIG_PAX_RANDMMAP
7657 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
7658 +#endif
7659 +
7660 if (current->flags & PF_RANDOMIZE)
7661 random_factor = arch_mmap_rnd();
7662
7663 if (mmap_is_legacy()) {
7664 mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
7665 +
7666 +#ifdef CONFIG_PAX_RANDMMAP
7667 + if (mm->pax_flags & MF_PAX_RANDMMAP)
7668 + mm->mmap_base += mm->delta_mmap;
7669 +#endif
7670 +
7671 mm->get_unmapped_area = arch_get_unmapped_area;
7672 } else {
7673 mm->mmap_base = mmap_base(random_factor);
7674 +
7675 +#ifdef CONFIG_PAX_RANDMMAP
7676 + if (mm->pax_flags & MF_PAX_RANDMMAP)
7677 + mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
7678 +#endif
7679 +
7680 mm->get_unmapped_area = arch_get_unmapped_area_topdown;
7681 }
7682 }
7683 diff --git a/arch/mips/sgi-ip27/ip27-nmi.c b/arch/mips/sgi-ip27/ip27-nmi.c
7684 index cfceaea..65deeb4 100644
7685 --- a/arch/mips/sgi-ip27/ip27-nmi.c
7686 +++ b/arch/mips/sgi-ip27/ip27-nmi.c
7687 @@ -187,9 +187,9 @@ void
7688 cont_nmi_dump(void)
7689 {
7690 #ifndef REAL_NMI_SIGNAL
7691 - static atomic_t nmied_cpus = ATOMIC_INIT(0);
7692 + static atomic_unchecked_t nmied_cpus = ATOMIC_INIT(0);
7693
7694 - atomic_inc(&nmied_cpus);
7695 + atomic_inc_unchecked(&nmied_cpus);
7696 #endif
7697 /*
7698 * Only allow 1 cpu to proceed
7699 @@ -233,7 +233,7 @@ cont_nmi_dump(void)
7700 udelay(10000);
7701 }
7702 #else
7703 - while (atomic_read(&nmied_cpus) != num_online_cpus());
7704 + while (atomic_read_unchecked(&nmied_cpus) != num_online_cpus());
7705 #endif
7706
7707 /*
7708 diff --git a/arch/mips/sni/rm200.c b/arch/mips/sni/rm200.c
7709 index 160b880..3b53fdc 100644
7710 --- a/arch/mips/sni/rm200.c
7711 +++ b/arch/mips/sni/rm200.c
7712 @@ -270,7 +270,7 @@ spurious_8259A_irq:
7713 "spurious RM200 8259A interrupt: IRQ%d.\n", irq);
7714 spurious_irq_mask |= irqmask;
7715 }
7716 - atomic_inc(&irq_err_count);
7717 + atomic_inc_unchecked(&irq_err_count);
7718 /*
7719 * Theoretically we do not have to handle this IRQ,
7720 * but in Linux this does not cause problems and is
7721 diff --git a/arch/mips/vr41xx/common/icu.c b/arch/mips/vr41xx/common/icu.c
7722 index 41e873b..34d33a7 100644
7723 --- a/arch/mips/vr41xx/common/icu.c
7724 +++ b/arch/mips/vr41xx/common/icu.c
7725 @@ -653,7 +653,7 @@ static int icu_get_irq(unsigned int irq)
7726
7727 printk(KERN_ERR "spurious ICU interrupt: %04x,%04x\n", pend1, pend2);
7728
7729 - atomic_inc(&irq_err_count);
7730 + atomic_inc_unchecked(&irq_err_count);
7731
7732 return -1;
7733 }
7734 diff --git a/arch/mips/vr41xx/common/irq.c b/arch/mips/vr41xx/common/irq.c
7735 index ae0e4ee..e8f0692 100644
7736 --- a/arch/mips/vr41xx/common/irq.c
7737 +++ b/arch/mips/vr41xx/common/irq.c
7738 @@ -64,7 +64,7 @@ static void irq_dispatch(unsigned int irq)
7739 irq_cascade_t *cascade;
7740
7741 if (irq >= NR_IRQS) {
7742 - atomic_inc(&irq_err_count);
7743 + atomic_inc_unchecked(&irq_err_count);
7744 return;
7745 }
7746
7747 @@ -84,7 +84,7 @@ static void irq_dispatch(unsigned int irq)
7748 ret = cascade->get_irq(irq);
7749 irq = ret;
7750 if (ret < 0)
7751 - atomic_inc(&irq_err_count);
7752 + atomic_inc_unchecked(&irq_err_count);
7753 else
7754 irq_dispatch(irq);
7755 if (!irqd_irq_disabled(idata) && chip->irq_unmask)
7756 diff --git a/arch/mn10300/proc-mn103e010/include/proc/cache.h b/arch/mn10300/proc-mn103e010/include/proc/cache.h
7757 index 967d144..db12197 100644
7758 --- a/arch/mn10300/proc-mn103e010/include/proc/cache.h
7759 +++ b/arch/mn10300/proc-mn103e010/include/proc/cache.h
7760 @@ -11,12 +11,14 @@
7761 #ifndef _ASM_PROC_CACHE_H
7762 #define _ASM_PROC_CACHE_H
7763
7764 +#include <linux/const.h>
7765 +
7766 /* L1 cache */
7767
7768 #define L1_CACHE_NWAYS 4 /* number of ways in caches */
7769 #define L1_CACHE_NENTRIES 256 /* number of entries in each way */
7770 -#define L1_CACHE_BYTES 16 /* bytes per entry */
7771 #define L1_CACHE_SHIFT 4 /* shift for bytes per entry */
7772 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) /* bytes per entry */
7773 #define L1_CACHE_WAYDISP 0x1000 /* displacement of one way from the next */
7774
7775 #define L1_CACHE_TAG_VALID 0x00000001 /* cache tag valid bit */
7776 diff --git a/arch/mn10300/proc-mn2ws0050/include/proc/cache.h b/arch/mn10300/proc-mn2ws0050/include/proc/cache.h
7777 index bcb5df2..84fabd2 100644
7778 --- a/arch/mn10300/proc-mn2ws0050/include/proc/cache.h
7779 +++ b/arch/mn10300/proc-mn2ws0050/include/proc/cache.h
7780 @@ -16,13 +16,15 @@
7781 #ifndef _ASM_PROC_CACHE_H
7782 #define _ASM_PROC_CACHE_H
7783
7784 +#include <linux/const.h>
7785 +
7786 /*
7787 * L1 cache
7788 */
7789 #define L1_CACHE_NWAYS 4 /* number of ways in caches */
7790 #define L1_CACHE_NENTRIES 128 /* number of entries in each way */
7791 -#define L1_CACHE_BYTES 32 /* bytes per entry */
7792 #define L1_CACHE_SHIFT 5 /* shift for bytes per entry */
7793 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) /* bytes per entry */
7794 #define L1_CACHE_WAYDISP 0x1000 /* distance from one way to the next */
7795
7796 #define L1_CACHE_TAG_VALID 0x00000001 /* cache tag valid bit */
7797 diff --git a/arch/openrisc/include/asm/cache.h b/arch/openrisc/include/asm/cache.h
7798 index 4ce7a01..449202a 100644
7799 --- a/arch/openrisc/include/asm/cache.h
7800 +++ b/arch/openrisc/include/asm/cache.h
7801 @@ -19,11 +19,13 @@
7802 #ifndef __ASM_OPENRISC_CACHE_H
7803 #define __ASM_OPENRISC_CACHE_H
7804
7805 +#include <linux/const.h>
7806 +
7807 /* FIXME: How can we replace these with values from the CPU...
7808 * they shouldn't be hard-coded!
7809 */
7810
7811 -#define L1_CACHE_BYTES 16
7812 #define L1_CACHE_SHIFT 4
7813 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
7814
7815 #endif /* __ASM_OPENRISC_CACHE_H */
7816 diff --git a/arch/parisc/include/asm/atomic.h b/arch/parisc/include/asm/atomic.h
7817 index 5394b9c..e77a306 100644
7818 --- a/arch/parisc/include/asm/atomic.h
7819 +++ b/arch/parisc/include/asm/atomic.h
7820 @@ -327,6 +327,16 @@ static inline long atomic64_dec_if_positive(atomic64_t *v)
7821 return dec;
7822 }
7823
7824 +#define atomic64_read_unchecked(v) atomic64_read(v)
7825 +#define atomic64_set_unchecked(v, i) atomic64_set((v), (i))
7826 +#define atomic64_add_unchecked(a, v) atomic64_add((a), (v))
7827 +#define atomic64_add_return_unchecked(a, v) atomic64_add_return((a), (v))
7828 +#define atomic64_sub_unchecked(a, v) atomic64_sub((a), (v))
7829 +#define atomic64_inc_unchecked(v) atomic64_inc(v)
7830 +#define atomic64_inc_return_unchecked(v) atomic64_inc_return(v)
7831 +#define atomic64_dec_unchecked(v) atomic64_dec(v)
7832 +#define atomic64_cmpxchg_unchecked(v, o, n) atomic64_cmpxchg((v), (o), (n))
7833 +
7834 #endif /* !CONFIG_64BIT */
7835
7836
7837 diff --git a/arch/parisc/include/asm/cache.h b/arch/parisc/include/asm/cache.h
7838 index df0f52b..810699b 100644
7839 --- a/arch/parisc/include/asm/cache.h
7840 +++ b/arch/parisc/include/asm/cache.h
7841 @@ -5,6 +5,7 @@
7842 #ifndef __ARCH_PARISC_CACHE_H
7843 #define __ARCH_PARISC_CACHE_H
7844
7845 +#include <linux/const.h>
7846
7847 /*
7848 * PA 2.0 processors have 64 and 128-byte L2 cachelines; PA 1.1 processors
7849 @@ -14,6 +15,8 @@
7850 #define L1_CACHE_BYTES 16
7851 #define L1_CACHE_SHIFT 4
7852
7853 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
7854 +
7855 #ifndef __ASSEMBLY__
7856
7857 #define SMP_CACHE_BYTES L1_CACHE_BYTES
7858 diff --git a/arch/parisc/include/asm/elf.h b/arch/parisc/include/asm/elf.h
7859 index 78c9fd3..42fa66a 100644
7860 --- a/arch/parisc/include/asm/elf.h
7861 +++ b/arch/parisc/include/asm/elf.h
7862 @@ -342,6 +342,13 @@ struct pt_regs; /* forward declaration... */
7863
7864 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x01000000)
7865
7866 +#ifdef CONFIG_PAX_ASLR
7867 +#define PAX_ELF_ET_DYN_BASE 0x10000UL
7868 +
7869 +#define PAX_DELTA_MMAP_LEN 16
7870 +#define PAX_DELTA_STACK_LEN 16
7871 +#endif
7872 +
7873 /* This yields a mask that user programs can use to figure out what
7874 instruction set this CPU supports. This could be done in user space,
7875 but it's not easy, and we've already done it here. */
7876 diff --git a/arch/parisc/include/asm/pgalloc.h b/arch/parisc/include/asm/pgalloc.h
7877 index f08dda3..ea6aa1b 100644
7878 --- a/arch/parisc/include/asm/pgalloc.h
7879 +++ b/arch/parisc/include/asm/pgalloc.h
7880 @@ -61,6 +61,11 @@ static inline void pgd_populate(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd)
7881 (__u32)(__pa((unsigned long)pmd) >> PxD_VALUE_SHIFT));
7882 }
7883
7884 +static inline void pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd)
7885 +{
7886 + pgd_populate(mm, pgd, pmd);
7887 +}
7888 +
7889 static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long address)
7890 {
7891 pmd_t *pmd = (pmd_t *)__get_free_pages(GFP_KERNEL, PMD_ORDER);
7892 @@ -96,6 +101,7 @@ static inline void pmd_free(struct mm_struct *mm, pmd_t *pmd)
7893 #define pmd_alloc_one(mm, addr) ({ BUG(); ((pmd_t *)2); })
7894 #define pmd_free(mm, x) do { } while (0)
7895 #define pgd_populate(mm, pmd, pte) BUG()
7896 +#define pgd_populate_kernel(mm, pmd, pte) BUG()
7897
7898 #endif
7899
7900 diff --git a/arch/parisc/include/asm/pgtable.h b/arch/parisc/include/asm/pgtable.h
7901 index c2c43f7..b08ffd9 100644
7902 --- a/arch/parisc/include/asm/pgtable.h
7903 +++ b/arch/parisc/include/asm/pgtable.h
7904 @@ -236,6 +236,17 @@ static inline void purge_tlb_entries(struct mm_struct *mm, unsigned long addr)
7905 #define PAGE_EXECREAD __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_EXEC |_PAGE_ACCESSED)
7906 #define PAGE_COPY PAGE_EXECREAD
7907 #define PAGE_RWX __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_EXEC |_PAGE_ACCESSED)
7908 +
7909 +#ifdef CONFIG_PAX_PAGEEXEC
7910 +# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_ACCESSED)
7911 +# define PAGE_COPY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_ACCESSED)
7912 +# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_ACCESSED)
7913 +#else
7914 +# define PAGE_SHARED_NOEXEC PAGE_SHARED
7915 +# define PAGE_COPY_NOEXEC PAGE_COPY
7916 +# define PAGE_READONLY_NOEXEC PAGE_READONLY
7917 +#endif
7918 +
7919 #define PAGE_KERNEL __pgprot(_PAGE_KERNEL)
7920 #define PAGE_KERNEL_EXEC __pgprot(_PAGE_KERNEL_EXEC)
7921 #define PAGE_KERNEL_RWX __pgprot(_PAGE_KERNEL_RWX)
7922 diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h
7923 index 4828478..89b1fbe 100644
7924 --- a/arch/parisc/include/asm/uaccess.h
7925 +++ b/arch/parisc/include/asm/uaccess.h
7926 @@ -221,17 +221,17 @@ static inline unsigned long __must_check copy_from_user(void *to,
7927 const void __user *from,
7928 unsigned long n)
7929 {
7930 - int sz = __compiletime_object_size(to);
7931 + size_t sz = __compiletime_object_size(to);
7932 unsigned long ret = n;
7933
7934 - if (likely(sz == -1 || sz >= n))
7935 + if (likely(sz == (size_t)-1 || sz >= n))
7936 ret = __copy_from_user(to, from, n);
7937 else if (!__builtin_constant_p(n))
7938 copy_user_overflow(sz, n);
7939 else
7940 __bad_copy_user();
7941
7942 - if (unlikely(ret))
7943 + if (unlikely(ret && (long)ret > 0))
7944 memset(to + (n - ret), 0, ret);
7945 return ret;
7946 }
7947 diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c
7948 index a0ecdb4a..71d2069 100644
7949 --- a/arch/parisc/kernel/module.c
7950 +++ b/arch/parisc/kernel/module.c
7951 @@ -100,14 +100,12 @@
7952 * or init pieces the location is */
7953 static inline int in_init(struct module *me, void *loc)
7954 {
7955 - return (loc >= me->init_layout.base &&
7956 - loc <= (me->init_layout.base + me->init_layout.size));
7957 + within_module_init((unsigned long)loc, me);
7958 }
7959
7960 static inline int in_core(struct module *me, void *loc)
7961 {
7962 - return (loc >= me->core_layout.base &&
7963 - loc <= (me->core_layout.base + me->core_layout.size));
7964 + within_module_core((unsigned long)loc, me);
7965 }
7966
7967 static inline int in_local(struct module *me, void *loc)
7968 @@ -367,13 +365,13 @@ int module_frob_arch_sections(CONST Elf_Ehdr *hdr,
7969 }
7970
7971 /* align things a bit */
7972 - me->core_layout.size = ALIGN(me->core_layout.size, 16);
7973 - me->arch.got_offset = me->core_layout.size;
7974 - me->core_layout.size += gots * sizeof(struct got_entry);
7975 + me->core_layout.size_rw = ALIGN(me->core_layout.size_rw, 16);
7976 + me->arch.got_offset = me->core_layout.size_rw;
7977 + me->core_layout.size_rw += gots * sizeof(struct got_entry);
7978
7979 - me->core_layout.size = ALIGN(me->core_layout.size, 16);
7980 - me->arch.fdesc_offset = me->core_layout.size;
7981 - me->core_layout.size += fdescs * sizeof(Elf_Fdesc);
7982 + me->core_layout.size_rw = ALIGN(me->core_layout.size_rw, 16);
7983 + me->arch.fdesc_offset = me->core_layout.size_rw;
7984 + me->core_layout.size_rw += fdescs * sizeof(Elf_Fdesc);
7985
7986 me->arch.got_max = gots;
7987 me->arch.fdesc_max = fdescs;
7988 @@ -391,7 +389,7 @@ static Elf64_Word get_got(struct module *me, unsigned long value, long addend)
7989
7990 BUG_ON(value == 0);
7991
7992 - got = me->core_layout.base + me->arch.got_offset;
7993 + got = me->core_layout.base_rw + me->arch.got_offset;
7994 for (i = 0; got[i].addr; i++)
7995 if (got[i].addr == value)
7996 goto out;
7997 @@ -409,7 +407,7 @@ static Elf64_Word get_got(struct module *me, unsigned long value, long addend)
7998 #ifdef CONFIG_64BIT
7999 static Elf_Addr get_fdesc(struct module *me, unsigned long value)
8000 {
8001 - Elf_Fdesc *fdesc = me->core_layout.base + me->arch.fdesc_offset;
8002 + Elf_Fdesc *fdesc = me->core_layout.base_rw + me->arch.fdesc_offset;
8003
8004 if (!value) {
8005 printk(KERN_ERR "%s: zero OPD requested!\n", me->name);
8006 @@ -427,7 +425,7 @@ static Elf_Addr get_fdesc(struct module *me, unsigned long value)
8007
8008 /* Create new one */
8009 fdesc->addr = value;
8010 - fdesc->gp = (Elf_Addr)me->core_layout.base + me->arch.got_offset;
8011 + fdesc->gp = (Elf_Addr)me->core_layout.base_rw + me->arch.got_offset;
8012 return (Elf_Addr)fdesc;
8013 }
8014 #endif /* CONFIG_64BIT */
8015 @@ -847,7 +845,7 @@ register_unwind_table(struct module *me,
8016
8017 table = (unsigned char *)sechdrs[me->arch.unwind_section].sh_addr;
8018 end = table + sechdrs[me->arch.unwind_section].sh_size;
8019 - gp = (Elf_Addr)me->core_layout.base + me->arch.got_offset;
8020 + gp = (Elf_Addr)me->core_layout.base_rw + me->arch.got_offset;
8021
8022 DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n",
8023 me->arch.unwind_section, table, end, gp);
8024 diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c
8025 index 0a393a0..5b3199e0 100644
8026 --- a/arch/parisc/kernel/sys_parisc.c
8027 +++ b/arch/parisc/kernel/sys_parisc.c
8028 @@ -92,6 +92,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
8029 unsigned long task_size = TASK_SIZE;
8030 int do_color_align, last_mmap;
8031 struct vm_unmapped_area_info info;
8032 + unsigned long offset = gr_rand_threadstack_offset(current->mm, filp, flags);
8033
8034 if (len > task_size)
8035 return -ENOMEM;
8036 @@ -109,6 +110,10 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
8037 goto found_addr;
8038 }
8039
8040 +#ifdef CONFIG_PAX_RANDMMAP
8041 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
8042 +#endif
8043 +
8044 if (addr) {
8045 if (do_color_align && last_mmap)
8046 addr = COLOR_ALIGN(addr, last_mmap, pgoff);
8047 @@ -127,6 +132,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
8048 info.high_limit = mmap_upper_limit();
8049 info.align_mask = last_mmap ? (PAGE_MASK & (SHM_COLOUR - 1)) : 0;
8050 info.align_offset = shared_align_offset(last_mmap, pgoff);
8051 + info.threadstack_offset = offset;
8052 addr = vm_unmapped_area(&info);
8053
8054 found_addr:
8055 @@ -146,6 +152,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
8056 unsigned long addr = addr0;
8057 int do_color_align, last_mmap;
8058 struct vm_unmapped_area_info info;
8059 + unsigned long offset = gr_rand_threadstack_offset(current->mm, filp, flags);
8060
8061 #ifdef CONFIG_64BIT
8062 /* This should only ever run for 32-bit processes. */
8063 @@ -170,6 +177,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
8064 }
8065
8066 /* requesting a specific address */
8067 +#ifdef CONFIG_PAX_RANDMMAP
8068 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
8069 +#endif
8070 +
8071 if (addr) {
8072 if (do_color_align && last_mmap)
8073 addr = COLOR_ALIGN(addr, last_mmap, pgoff);
8074 @@ -187,6 +198,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
8075 info.high_limit = mm->mmap_base;
8076 info.align_mask = last_mmap ? (PAGE_MASK & (SHM_COLOUR - 1)) : 0;
8077 info.align_offset = shared_align_offset(last_mmap, pgoff);
8078 + info.threadstack_offset = offset;
8079 addr = vm_unmapped_area(&info);
8080 if (!(addr & ~PAGE_MASK))
8081 goto found_addr;
8082 @@ -252,6 +264,13 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
8083 mm->mmap_legacy_base = mmap_legacy_base();
8084 mm->mmap_base = mmap_upper_limit();
8085
8086 +#ifdef CONFIG_PAX_RANDMMAP
8087 + if (mm->pax_flags & MF_PAX_RANDMMAP) {
8088 + mm->mmap_legacy_base += mm->delta_mmap;
8089 + mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
8090 + }
8091 +#endif
8092 +
8093 if (mmap_is_legacy()) {
8094 mm->mmap_base = mm->mmap_legacy_base;
8095 mm->get_unmapped_area = arch_get_unmapped_area;
8096 diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c
8097 index 97d6b20..2ab0232 100644
8098 --- a/arch/parisc/kernel/traps.c
8099 +++ b/arch/parisc/kernel/traps.c
8100 @@ -719,9 +719,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs)
8101
8102 down_read(&current->mm->mmap_sem);
8103 vma = find_vma(current->mm,regs->iaoq[0]);
8104 - if (vma && (regs->iaoq[0] >= vma->vm_start)
8105 - && (vma->vm_flags & VM_EXEC)) {
8106 -
8107 + if (vma && (regs->iaoq[0] >= vma->vm_start)) {
8108 fault_address = regs->iaoq[0];
8109 fault_space = regs->iasq[0];
8110
8111 diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c
8112 index 163af2c..ed77b14 100644
8113 --- a/arch/parisc/mm/fault.c
8114 +++ b/arch/parisc/mm/fault.c
8115 @@ -16,6 +16,7 @@
8116 #include <linux/interrupt.h>
8117 #include <linux/module.h>
8118 #include <linux/uaccess.h>
8119 +#include <linux/unistd.h>
8120
8121 #include <asm/traps.h>
8122
8123 @@ -50,7 +51,7 @@ int show_unhandled_signals = 1;
8124 static unsigned long
8125 parisc_acctyp(unsigned long code, unsigned int inst)
8126 {
8127 - if (code == 6 || code == 16)
8128 + if (code == 6 || code == 7 || code == 16)
8129 return VM_EXEC;
8130
8131 switch (inst & 0xf0000000) {
8132 @@ -136,6 +137,116 @@ parisc_acctyp(unsigned long code, unsigned int inst)
8133 }
8134 #endif
8135
8136 +#ifdef CONFIG_PAX_PAGEEXEC
8137 +/*
8138 + * PaX: decide what to do with offenders (instruction_pointer(regs) = fault address)
8139 + *
8140 + * returns 1 when task should be killed
8141 + * 2 when rt_sigreturn trampoline was detected
8142 + * 3 when unpatched PLT trampoline was detected
8143 + */
8144 +static int pax_handle_fetch_fault(struct pt_regs *regs)
8145 +{
8146 +
8147 +#ifdef CONFIG_PAX_EMUPLT
8148 + int err;
8149 +
8150 + do { /* PaX: unpatched PLT emulation */
8151 + unsigned int bl, depwi;
8152 +
8153 + err = get_user(bl, (unsigned int *)instruction_pointer(regs));
8154 + err |= get_user(depwi, (unsigned int *)(instruction_pointer(regs)+4));
8155 +
8156 + if (err)
8157 + break;
8158 +
8159 + if (bl == 0xEA9F1FDDU && depwi == 0xD6801C1EU) {
8160 + unsigned int ldw, bv, ldw2, addr = instruction_pointer(regs)-12;
8161 +
8162 + err = get_user(ldw, (unsigned int *)addr);
8163 + err |= get_user(bv, (unsigned int *)(addr+4));
8164 + err |= get_user(ldw2, (unsigned int *)(addr+8));
8165 +
8166 + if (err)
8167 + break;
8168 +
8169 + if (ldw == 0x0E801096U &&
8170 + bv == 0xEAC0C000U &&
8171 + ldw2 == 0x0E881095U)
8172 + {
8173 + unsigned int resolver, map;
8174 +
8175 + err = get_user(resolver, (unsigned int *)(instruction_pointer(regs)+8));
8176 + err |= get_user(map, (unsigned int *)(instruction_pointer(regs)+12));
8177 + if (err)
8178 + break;
8179 +
8180 + regs->gr[20] = instruction_pointer(regs)+8;
8181 + regs->gr[21] = map;
8182 + regs->gr[22] = resolver;
8183 + regs->iaoq[0] = resolver | 3UL;
8184 + regs->iaoq[1] = regs->iaoq[0] + 4;
8185 + return 3;
8186 + }
8187 + }
8188 + } while (0);
8189 +#endif
8190 +
8191 +#ifdef CONFIG_PAX_EMUTRAMP
8192 +
8193 +#ifndef CONFIG_PAX_EMUSIGRT
8194 + if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP))
8195 + return 1;
8196 +#endif
8197 +
8198 + do { /* PaX: rt_sigreturn emulation */
8199 + unsigned int ldi1, ldi2, bel, nop;
8200 +
8201 + err = get_user(ldi1, (unsigned int *)instruction_pointer(regs));
8202 + err |= get_user(ldi2, (unsigned int *)(instruction_pointer(regs)+4));
8203 + err |= get_user(bel, (unsigned int *)(instruction_pointer(regs)+8));
8204 + err |= get_user(nop, (unsigned int *)(instruction_pointer(regs)+12));
8205 +
8206 + if (err)
8207 + break;
8208 +
8209 + if ((ldi1 == 0x34190000U || ldi1 == 0x34190002U) &&
8210 + ldi2 == 0x3414015AU &&
8211 + bel == 0xE4008200U &&
8212 + nop == 0x08000240U)
8213 + {
8214 + regs->gr[25] = (ldi1 & 2) >> 1;
8215 + regs->gr[20] = __NR_rt_sigreturn;
8216 + regs->gr[31] = regs->iaoq[1] + 16;
8217 + regs->sr[0] = regs->iasq[1];
8218 + regs->iaoq[0] = 0x100UL;
8219 + regs->iaoq[1] = regs->iaoq[0] + 4;
8220 + regs->iasq[0] = regs->sr[2];
8221 + regs->iasq[1] = regs->sr[2];
8222 + return 2;
8223 + }
8224 + } while (0);
8225 +#endif
8226 +
8227 + return 1;
8228 +}
8229 +
8230 +void pax_report_insns(struct pt_regs *regs, void *pc, void *sp)
8231 +{
8232 + unsigned long i;
8233 +
8234 + printk(KERN_ERR "PAX: bytes at PC: ");
8235 + for (i = 0; i < 5; i++) {
8236 + unsigned int c;
8237 + if (get_user(c, (unsigned int *)pc+i))
8238 + printk(KERN_CONT "???????? ");
8239 + else
8240 + printk(KERN_CONT "%08x ", c);
8241 + }
8242 + printk("\n");
8243 +}
8244 +#endif
8245 +
8246 int fixup_exception(struct pt_regs *regs)
8247 {
8248 const struct exception_table_entry *fix;
8249 @@ -230,8 +341,33 @@ retry:
8250
8251 good_area:
8252
8253 - if ((vma->vm_flags & acc_type) != acc_type)
8254 + if ((vma->vm_flags & acc_type) != acc_type) {
8255 +
8256 +#ifdef CONFIG_PAX_PAGEEXEC
8257 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && (acc_type & VM_EXEC) &&
8258 + (address & ~3UL) == instruction_pointer(regs))
8259 + {
8260 + up_read(&mm->mmap_sem);
8261 + switch (pax_handle_fetch_fault(regs)) {
8262 +
8263 +#ifdef CONFIG_PAX_EMUPLT
8264 + case 3:
8265 + return;
8266 +#endif
8267 +
8268 +#ifdef CONFIG_PAX_EMUTRAMP
8269 + case 2:
8270 + return;
8271 +#endif
8272 +
8273 + }
8274 + pax_report_fault(regs, (void *)instruction_pointer(regs), (void *)regs->gr[30]);
8275 + do_group_exit(SIGKILL);
8276 + }
8277 +#endif
8278 +
8279 goto bad_area;
8280 + }
8281
8282 /*
8283 * If for any reason at all we couldn't handle the fault, make
8284 diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
8285 index 792cb17..1a96a22 100644
8286 --- a/arch/powerpc/Kconfig
8287 +++ b/arch/powerpc/Kconfig
8288 @@ -146,6 +146,7 @@ config PPC
8289 select ARCH_USE_BUILTIN_BSWAP
8290 select OLD_SIGSUSPEND
8291 select OLD_SIGACTION if PPC32
8292 + select HAVE_GCC_PLUGINS
8293 select HAVE_DEBUG_STACKOVERFLOW
8294 select HAVE_IRQ_EXIT_ON_IRQ_STACK
8295 select ARCH_USE_CMPXCHG_LOCKREF if PPC64
8296 @@ -446,6 +447,7 @@ config KEXEC
8297 bool "kexec system call"
8298 depends on (PPC_BOOK3S || FSL_BOOKE || (44x && !SMP)) || PPC_BOOK3E
8299 select KEXEC_CORE
8300 + depends on !GRKERNSEC_KMEM
8301 help
8302 kexec is a system call that implements the ability to shutdown your
8303 current kernel, and to start another kernel. It is like a reboot
8304 diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h
8305 index f08d567..94e5497 100644
8306 --- a/arch/powerpc/include/asm/atomic.h
8307 +++ b/arch/powerpc/include/asm/atomic.h
8308 @@ -12,6 +12,11 @@
8309
8310 #define ATOMIC_INIT(i) { (i) }
8311
8312 +#define _ASM_EXTABLE(from, to) \
8313 +" .section __ex_table,\"a\"\n" \
8314 + PPC_LONG" " #from ", " #to"\n" \
8315 +" .previous\n"
8316 +
8317 /*
8318 * Since *_return_relaxed and {cmp}xchg_relaxed are implemented with
8319 * a "bne-" instruction at the end, so an isync is enough as a acquire barrier
8320 @@ -39,38 +44,79 @@ static __inline__ int atomic_read(const atomic_t *v)
8321 return t;
8322 }
8323
8324 +static __inline__ int atomic_read_unchecked(const atomic_unchecked_t *v)
8325 +{
8326 + int t;
8327 +
8328 + __asm__ __volatile__("lwz%U1%X1 %0,%1" : "=r"(t) : "m"(v->counter));
8329 +
8330 + return t;
8331 +}
8332 +
8333 static __inline__ void atomic_set(atomic_t *v, int i)
8334 {
8335 __asm__ __volatile__("stw%U0%X0 %1,%0" : "=m"(v->counter) : "r"(i));
8336 }
8337
8338 -#define ATOMIC_OP(op, asm_op) \
8339 -static __inline__ void atomic_##op(int a, atomic_t *v) \
8340 +static __inline__ void atomic_set_unchecked(atomic_unchecked_t *v, int i)
8341 +{
8342 + __asm__ __volatile__("stw%U0%X0 %1,%0" : "=m"(v->counter) : "r"(i));
8343 +}
8344 +
8345 +#ifdef CONFIG_PAX_REFCOUNT
8346 +#define __REFCOUNT_OP(op) op##o.
8347 +#define __OVERFLOW_PRE \
8348 + " mcrxr cr0\n"
8349 +#define __OVERFLOW_POST \
8350 + " bf 4*cr0+so, 3f\n" \
8351 + "2: .long 0x00c00b00\n" \
8352 + "3:\n"
8353 +#define __OVERFLOW_EXTABLE \
8354 + "\n4:\n" \
8355 + _ASM_EXTABLE(2b, 4b)
8356 +#else
8357 +#define __REFCOUNT_OP(op) op
8358 +#define __OVERFLOW_PRE
8359 +#define __OVERFLOW_POST
8360 +#define __OVERFLOW_EXTABLE
8361 +#endif
8362 +
8363 +#define __ATOMIC_OP(op, suffix, pre_op, asm_op, post_op, extable) \
8364 +static inline void atomic_##op##suffix(int a, atomic##suffix##_t *v) \
8365 { \
8366 int t; \
8367 \
8368 __asm__ __volatile__( \
8369 -"1: lwarx %0,0,%3 # atomic_" #op "\n" \
8370 +"1: lwarx %0,0,%3 # atomic_" #op #suffix "\n" \
8371 + pre_op \
8372 #asm_op " %0,%2,%0\n" \
8373 + post_op \
8374 PPC405_ERR77(0,%3) \
8375 " stwcx. %0,0,%3 \n" \
8376 " bne- 1b\n" \
8377 + extable \
8378 : "=&r" (t), "+m" (v->counter) \
8379 : "r" (a), "r" (&v->counter) \
8380 : "cc"); \
8381 } \
8382
8383 -#define ATOMIC_OP_RETURN_RELAXED(op, asm_op) \
8384 -static inline int atomic_##op##_return_relaxed(int a, atomic_t *v) \
8385 +#define ATOMIC_OP(op, asm_op) __ATOMIC_OP(op, , , asm_op, , ) \
8386 + __ATOMIC_OP(op, _unchecked, __OVERFLOW_PRE, __REFCOUNT_OP(asm_op), __OVERFLOW_POST, __OVERFLOW_EXTABLE)
8387 +
8388 +#define __ATOMIC_OP_RETURN(op, suffix, pre_op, asm_op, post_op, extable)\
8389 +static inline int atomic_##op##_return##suffix##_relaxed(int a, atomic##suffix##_t *v)\
8390 { \
8391 int t; \
8392 \
8393 __asm__ __volatile__( \
8394 -"1: lwarx %0,0,%3 # atomic_" #op "_return_relaxed\n" \
8395 +"1: lwarx %0,0,%2 # atomic_" #op "_return" #suffix "_relaxed\n"\
8396 + pre_op \
8397 #asm_op " %0,%2,%0\n" \
8398 + post_op \
8399 PPC405_ERR77(0, %3) \
8400 " stwcx. %0,0,%3\n" \
8401 " bne- 1b\n" \
8402 + extable \
8403 : "=&r" (t), "+m" (v->counter) \
8404 : "r" (a), "r" (&v->counter) \
8405 : "cc"); \
8406 @@ -78,6 +124,9 @@ static inline int atomic_##op##_return_relaxed(int a, atomic_t *v) \
8407 return t; \
8408 }
8409
8410 +#define ATOMIC_OP_RETURN_RELAXED(op, asm_op) __ATOMIC_OP_RETURN(op, , , asm_op, , )\
8411 + __ATOMIC_OP_RETURN(op, _unchecked, __OVERFLOW_PRE, __REFCOUNT_OP(asm_op), __OVERFLOW_POST, __OVERFLOW_EXTABLE)
8412 +
8413 #define ATOMIC_FETCH_OP_RELAXED(op, asm_op) \
8414 static inline int atomic_fetch_##op##_relaxed(int a, atomic_t *v) \
8415 { \
8416 @@ -105,6 +154,7 @@ ATOMIC_OPS(add, add)
8417 ATOMIC_OPS(sub, subf)
8418
8419 #define atomic_add_return_relaxed atomic_add_return_relaxed
8420 +#define atomic_add_return_unchecked_relaxed atomic_add_return_unchecked_relaxed
8421 #define atomic_sub_return_relaxed atomic_sub_return_relaxed
8422
8423 #define atomic_fetch_add_relaxed atomic_fetch_add_relaxed
8424 @@ -126,41 +176,22 @@ ATOMIC_OPS(xor, xor)
8425 #undef ATOMIC_OPS
8426 #undef ATOMIC_FETCH_OP_RELAXED
8427 #undef ATOMIC_OP_RETURN_RELAXED
8428 +#undef __ATOMIC_OP_RETURN
8429 #undef ATOMIC_OP
8430 +#undef __ATOMIC_OP
8431
8432 #define atomic_add_negative(a, v) (atomic_add_return((a), (v)) < 0)
8433
8434 -static __inline__ void atomic_inc(atomic_t *v)
8435 -{
8436 - int t;
8437 -
8438 - __asm__ __volatile__(
8439 -"1: lwarx %0,0,%2 # atomic_inc\n\
8440 - addic %0,%0,1\n"
8441 - PPC405_ERR77(0,%2)
8442 -" stwcx. %0,0,%2 \n\
8443 - bne- 1b"
8444 - : "=&r" (t), "+m" (v->counter)
8445 - : "r" (&v->counter)
8446 - : "cc", "xer");
8447 -}
8448 -
8449 -static __inline__ int atomic_inc_return_relaxed(atomic_t *v)
8450 -{
8451 - int t;
8452 -
8453 - __asm__ __volatile__(
8454 -"1: lwarx %0,0,%2 # atomic_inc_return_relaxed\n"
8455 -" addic %0,%0,1\n"
8456 - PPC405_ERR77(0, %2)
8457 -" stwcx. %0,0,%2\n"
8458 -" bne- 1b"
8459 - : "=&r" (t), "+m" (v->counter)
8460 - : "r" (&v->counter)
8461 - : "cc", "xer");
8462 -
8463 - return t;
8464 -}
8465 +/*
8466 + * atomic_inc - increment atomic variable
8467 + * @v: pointer of type atomic_t
8468 + *
8469 + * Automatically increments @v by 1
8470 + */
8471 +#define atomic_inc(v) atomic_add(1, (v))
8472 +#define atomic_inc_unchecked(v) atomic_add_unchecked(1, (v))
8473 +#define atomic_inc_return_relaxed(v) atomic_add_return_relaxed(1, (v))
8474 +#define atomic_inc_return_unchecked_relaxed(v) atomic_add_return_unchecked_relaxed(1, (v))
8475
8476 /*
8477 * atomic_inc_and_test - increment and test
8478 @@ -171,37 +202,20 @@ static __inline__ int atomic_inc_return_relaxed(atomic_t *v)
8479 * other cases.
8480 */
8481 #define atomic_inc_and_test(v) (atomic_inc_return(v) == 0)
8482 -
8483 -static __inline__ void atomic_dec(atomic_t *v)
8484 -{
8485 - int t;
8486 -
8487 - __asm__ __volatile__(
8488 -"1: lwarx %0,0,%2 # atomic_dec\n\
8489 - addic %0,%0,-1\n"
8490 - PPC405_ERR77(0,%2)\
8491 -" stwcx. %0,0,%2\n\
8492 - bne- 1b"
8493 - : "=&r" (t), "+m" (v->counter)
8494 - : "r" (&v->counter)
8495 - : "cc", "xer");
8496 -}
8497 -
8498 -static __inline__ int atomic_dec_return_relaxed(atomic_t *v)
8499 +#define atomic_inc_and_test_unchecked(v) (atomic_inc_return_unchecked(v) == 0)
8500 +
8501 +/*
8502 + * atomic_dec - decrement atomic variable
8503 + * @v: pointer of type atomic_t
8504 + *
8505 + * Atomically decrements @v by 1
8506 + */
8507 +#define atomic_dec(v) atomic_sub(1, (v))
8508 +#define atomic_dec_return_relaxed(v) atomic_sub_return_relaxed(1, (v))
8509 +
8510 +static __inline__ void atomic_dec_unchecked(atomic_unchecked_t *v)
8511 {
8512 - int t;
8513 -
8514 - __asm__ __volatile__(
8515 -"1: lwarx %0,0,%2 # atomic_dec_return_relaxed\n"
8516 -" addic %0,%0,-1\n"
8517 - PPC405_ERR77(0, %2)
8518 -" stwcx. %0,0,%2\n"
8519 -" bne- 1b"
8520 - : "=&r" (t), "+m" (v->counter)
8521 - : "r" (&v->counter)
8522 - : "cc", "xer");
8523 -
8524 - return t;
8525 + atomic_sub_unchecked(1, v);
8526 }
8527
8528 #define atomic_inc_return_relaxed atomic_inc_return_relaxed
8529 @@ -216,6 +230,16 @@ static __inline__ int atomic_dec_return_relaxed(atomic_t *v)
8530 #define atomic_xchg(v, new) (xchg(&((v)->counter), new))
8531 #define atomic_xchg_relaxed(v, new) xchg_relaxed(&((v)->counter), (new))
8532
8533 +static inline int atomic_cmpxchg_unchecked(atomic_unchecked_t *v, int old, int new)
8534 +{
8535 + return cmpxchg(&(v->counter), old, new);
8536 +}
8537 +
8538 +static inline int atomic_xchg_unchecked(atomic_unchecked_t *v, int new)
8539 +{
8540 + return xchg(&(v->counter), new);
8541 +}
8542 +
8543 /**
8544 * __atomic_add_unless - add unless the number is a given value
8545 * @v: pointer of type atomic_t
8546 @@ -233,14 +257,21 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u)
8547 PPC_ATOMIC_ENTRY_BARRIER
8548 "1: lwarx %0,0,%1 # __atomic_add_unless\n\
8549 cmpw 0,%0,%3 \n\
8550 - beq- 2f \n\
8551 - add %0,%2,%0 \n"
8552 + beq- 5f \n"
8553 +
8554 + __OVERFLOW_PRE
8555 + __REFCOUNT_OP(add) " %0,%2,%0 \n"
8556 + __OVERFLOW_POST
8557 +
8558 PPC405_ERR77(0,%2)
8559 " stwcx. %0,0,%1 \n\
8560 bne- 1b \n"
8561 +
8562 + __OVERFLOW_EXTABLE
8563 +
8564 PPC_ATOMIC_EXIT_BARRIER
8565 " subf %0,%2,%0 \n\
8566 -2:"
8567 +5:"
8568 : "=&r" (t)
8569 : "r" (&v->counter), "r" (a), "r" (u)
8570 : "cc", "memory");
8571 @@ -323,37 +354,59 @@ static __inline__ long atomic64_read(const atomic64_t *v)
8572 return t;
8573 }
8574
8575 +static __inline__ long atomic64_read_unchecked(const atomic64_unchecked_t *v)
8576 +{
8577 + long t;
8578 +
8579 + __asm__ __volatile__("ld%U1%X1 %0,%1" : "=r"(t) : "m"(v->counter));
8580 +
8581 + return t;
8582 +}
8583 +
8584 static __inline__ void atomic64_set(atomic64_t *v, long i)
8585 {
8586 __asm__ __volatile__("std%U0%X0 %1,%0" : "=m"(v->counter) : "r"(i));
8587 }
8588
8589 -#define ATOMIC64_OP(op, asm_op) \
8590 -static __inline__ void atomic64_##op(long a, atomic64_t *v) \
8591 +static __inline__ void atomic64_set_unchecked(atomic64_unchecked_t *v, long i)
8592 +{
8593 + __asm__ __volatile__("std%U0%X0 %1,%0" : "=m"(v->counter) : "r"(i));
8594 +}
8595 +
8596 +#define __ATOMIC64_OP(op, suffix, pre_op, asm_op, post_op, extable) \
8597 +static inline void atomic64_##op##suffix(long a, atomic64##suffix##_t *v)\
8598 { \
8599 long t; \
8600 \
8601 __asm__ __volatile__( \
8602 "1: ldarx %0,0,%3 # atomic64_" #op "\n" \
8603 + pre_op \
8604 #asm_op " %0,%2,%0\n" \
8605 + post_op \
8606 " stdcx. %0,0,%3 \n" \
8607 " bne- 1b\n" \
8608 + extable \
8609 : "=&r" (t), "+m" (v->counter) \
8610 : "r" (a), "r" (&v->counter) \
8611 : "cc"); \
8612 }
8613
8614 -#define ATOMIC64_OP_RETURN_RELAXED(op, asm_op) \
8615 -static inline long \
8616 -atomic64_##op##_return_relaxed(long a, atomic64_t *v) \
8617 +#define ATOMIC64_OP(op, asm_op) __ATOMIC64_OP(op, , , asm_op, , ) \
8618 + __ATOMIC64_OP(op, _unchecked, __OVERFLOW_PRE, __REFCOUNT_OP(asm_op), __OVERFLOW_POST, __OVERFLOW_EXTABLE)
8619 +
8620 +#define __ATOMIC64_OP_RETURN(op, suffix, pre_op, asm_op, post_op, extable)\
8621 +static inline long atomic64_##op##_return##suffix##_relaxed(long a, atomic64##suffix##_t *v)\
8622 { \
8623 long t; \
8624 \
8625 __asm__ __volatile__( \
8626 "1: ldarx %0,0,%3 # atomic64_" #op "_return_relaxed\n" \
8627 + pre_op \
8628 #asm_op " %0,%2,%0\n" \
8629 + post_op \
8630 " stdcx. %0,0,%3\n" \
8631 " bne- 1b\n" \
8632 + extable \
8633 : "=&r" (t), "+m" (v->counter) \
8634 : "r" (a), "r" (&v->counter) \
8635 : "cc"); \
8636 @@ -361,6 +414,9 @@ atomic64_##op##_return_relaxed(long a, atomic64_t *v) \
8637 return t; \
8638 }
8639
8640 +#define ATOMIC64_OP_RETURN_RELAXED(op, asm_op) __ATOMIC64_OP_RETURN(op, , , asm_op, , )\
8641 + __ATOMIC64_OP_RETURN(op, _unchecked, __OVERFLOW_PRE, __REFCOUNT_OP(asm_op), __OVERFLOW_POST, __OVERFLOW_EXTABLE)
8642 +
8643 #define ATOMIC64_FETCH_OP_RELAXED(op, asm_op) \
8644 static inline long \
8645 atomic64_fetch_##op##_relaxed(long a, atomic64_t *v) \
8646 @@ -409,38 +465,33 @@ ATOMIC64_OPS(xor, xor)
8647 #undef ATOPIC64_OPS
8648 #undef ATOMIC64_FETCH_OP_RELAXED
8649 #undef ATOMIC64_OP_RETURN_RELAXED
8650 +#undef __ATOMIC64_OP_RETURN
8651 #undef ATOMIC64_OP
8652 +#undef __ATOMIC64_OP
8653 +#undef __OVERFLOW_EXTABLE
8654 +#undef __OVERFLOW_POST
8655 +#undef __OVERFLOW_PRE
8656 +#undef __REFCOUNT_OP
8657
8658 #define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0)
8659
8660 -static __inline__ void atomic64_inc(atomic64_t *v)
8661 -{
8662 - long t;
8663 +/*
8664 + * atomic64_inc - increment atomic variable
8665 + * @v: pointer of type atomic64_t
8666 + *
8667 + * Automatically increments @v by 1
8668 + */
8669 +#define atomic64_inc(v) atomic64_add(1, (v))
8670 +#define atomic64_inc_return_relaxed(v) atomic64_add_return_relaxed(1, (v))
8671
8672 - __asm__ __volatile__(
8673 -"1: ldarx %0,0,%2 # atomic64_inc\n\
8674 - addic %0,%0,1\n\
8675 - stdcx. %0,0,%2 \n\
8676 - bne- 1b"
8677 - : "=&r" (t), "+m" (v->counter)
8678 - : "r" (&v->counter)
8679 - : "cc", "xer");
8680 +static inline void atomic64_inc_unchecked(atomic64_unchecked_t *v)
8681 +{
8682 + atomic64_add_unchecked(1, v);
8683 }
8684
8685 -static __inline__ long atomic64_inc_return_relaxed(atomic64_t *v)
8686 +static inline long atomic64_inc_return_unchecked_relaxed(atomic64_unchecked_t *v)
8687 {
8688 - long t;
8689 -
8690 - __asm__ __volatile__(
8691 -"1: ldarx %0,0,%2 # atomic64_inc_return_relaxed\n"
8692 -" addic %0,%0,1\n"
8693 -" stdcx. %0,0,%2\n"
8694 -" bne- 1b"
8695 - : "=&r" (t), "+m" (v->counter)
8696 - : "r" (&v->counter)
8697 - : "cc", "xer");
8698 -
8699 - return t;
8700 + return atomic64_add_return_unchecked_relaxed(1, v);
8701 }
8702
8703 /*
8704 @@ -453,34 +504,18 @@ static __inline__ long atomic64_inc_return_relaxed(atomic64_t *v)
8705 */
8706 #define atomic64_inc_and_test(v) (atomic64_inc_return(v) == 0)
8707
8708 -static __inline__ void atomic64_dec(atomic64_t *v)
8709 +/*
8710 + * atomic64_dec - decrement atomic variable
8711 + * @v: pointer of type atomic64_t
8712 + *
8713 + * Atomically decrements @v by 1
8714 + */
8715 +#define atomic64_dec(v) atomic64_sub(1, (v))
8716 +#define atomic64_dec_return_relaxed(v) atomic64_sub_return_relaxed(1, (v))
8717 +
8718 +static __inline__ void atomic64_dec_unchecked(atomic64_unchecked_t *v)
8719 {
8720 - long t;
8721 -
8722 - __asm__ __volatile__(
8723 -"1: ldarx %0,0,%2 # atomic64_dec\n\
8724 - addic %0,%0,-1\n\
8725 - stdcx. %0,0,%2\n\
8726 - bne- 1b"
8727 - : "=&r" (t), "+m" (v->counter)
8728 - : "r" (&v->counter)
8729 - : "cc", "xer");
8730 -}
8731 -
8732 -static __inline__ long atomic64_dec_return_relaxed(atomic64_t *v)
8733 -{
8734 - long t;
8735 -
8736 - __asm__ __volatile__(
8737 -"1: ldarx %0,0,%2 # atomic64_dec_return_relaxed\n"
8738 -" addic %0,%0,-1\n"
8739 -" stdcx. %0,0,%2\n"
8740 -" bne- 1b"
8741 - : "=&r" (t), "+m" (v->counter)
8742 - : "r" (&v->counter)
8743 - : "cc", "xer");
8744 -
8745 - return t;
8746 + atomic64_sub_unchecked(1, v);
8747 }
8748
8749 #define atomic64_inc_return_relaxed atomic64_inc_return_relaxed
8750 @@ -522,6 +557,16 @@ static __inline__ long atomic64_dec_if_positive(atomic64_t *v)
8751 #define atomic64_xchg(v, new) (xchg(&((v)->counter), new))
8752 #define atomic64_xchg_relaxed(v, new) xchg_relaxed(&((v)->counter), (new))
8753
8754 +static inline long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, long old, long new)
8755 +{
8756 + return cmpxchg(&(v->counter), old, new);
8757 +}
8758 +
8759 +static inline long atomic64_xchg_unchecked(atomic64_unchecked_t *v, long new)
8760 +{
8761 + return xchg(&(v->counter), new);
8762 +}
8763 +
8764 /**
8765 * atomic64_add_unless - add unless the number is a given value
8766 * @v: pointer of type atomic64_t
8767 @@ -537,15 +582,22 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u)
8768
8769 __asm__ __volatile__ (
8770 PPC_ATOMIC_ENTRY_BARRIER
8771 -"1: ldarx %0,0,%1 # __atomic_add_unless\n\
8772 +"1: ldarx %0,0,%1 # atomic64_add_unless\n\
8773 cmpd 0,%0,%3 \n\
8774 - beq- 2f \n\
8775 - add %0,%2,%0 \n"
8776 + beq- 5f \n"
8777 +
8778 + __OVERFLOW_PRE
8779 + __REFCOUNT_OP(add) " %0,%2,%0 \n"
8780 + __OVERFLOW_POST
8781 +
8782 " stdcx. %0,0,%1 \n\
8783 bne- 1b \n"
8784 PPC_ATOMIC_EXIT_BARRIER
8785 +
8786 + __OVERFLOW_EXTABLE
8787 +
8788 " subf %0,%2,%0 \n\
8789 -2:"
8790 +5:"
8791 : "=&r" (t)
8792 : "r" (&v->counter), "r" (a), "r" (u)
8793 : "cc", "memory");
8794 diff --git a/arch/powerpc/include/asm/book3s/32/hash.h b/arch/powerpc/include/asm/book3s/32/hash.h
8795 index 880db13..bb4ed4a 100644
8796 --- a/arch/powerpc/include/asm/book3s/32/hash.h
8797 +++ b/arch/powerpc/include/asm/book3s/32/hash.h
8798 @@ -20,6 +20,7 @@
8799 #define _PAGE_HASHPTE 0x002 /* hash_page has made an HPTE for this pte */
8800 #define _PAGE_USER 0x004 /* usermode access allowed */
8801 #define _PAGE_GUARDED 0x008 /* G: prohibit speculative access */
8802 +#define _PAGE_NX _PAGE_GUARDED
8803 #define _PAGE_COHERENT 0x010 /* M: enforce memory coherence (SMP systems) */
8804 #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */
8805 #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */
8806 diff --git a/arch/powerpc/include/asm/book3s/32/pgtable.h b/arch/powerpc/include/asm/book3s/32/pgtable.h
8807 index 38b33dc..945d1f1 100644
8808 --- a/arch/powerpc/include/asm/book3s/32/pgtable.h
8809 +++ b/arch/powerpc/include/asm/book3s/32/pgtable.h
8810 @@ -226,7 +226,7 @@ static inline void huge_ptep_set_wrprotect(struct mm_struct *mm,
8811 static inline void __ptep_set_access_flags(pte_t *ptep, pte_t entry)
8812 {
8813 unsigned long set = pte_val(entry) &
8814 - (_PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_RW | _PAGE_EXEC);
8815 + (_PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_RW | _PAGE_EXEC | _PAGE_NX);
8816 unsigned long clr = ~pte_val(entry) & _PAGE_RO;
8817
8818 pte_update(ptep, clr, set);
8819 diff --git a/arch/powerpc/include/asm/book3s/64/pgalloc.h b/arch/powerpc/include/asm/book3s/64/pgalloc.h
8820 index cd5e7aa..7709061 100644
8821 --- a/arch/powerpc/include/asm/book3s/64/pgalloc.h
8822 +++ b/arch/powerpc/include/asm/book3s/64/pgalloc.h
8823 @@ -91,6 +91,11 @@ static inline void pgd_populate(struct mm_struct *mm, pgd_t *pgd, pud_t *pud)
8824 pgd_set(pgd, __pgtable_ptr_val(pud) | PGD_VAL_BITS);
8825 }
8826
8827 +static inline void pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pud_t *pud)
8828 +{
8829 + pgd_populate(mm, pgd, pud);
8830 +}
8831 +
8832 static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr)
8833 {
8834 return kmem_cache_alloc(PGT_CACHE(PUD_INDEX_SIZE), GFP_KERNEL);
8835 @@ -106,6 +111,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
8836 pud_set(pud, __pgtable_ptr_val(pmd) | PUD_VAL_BITS);
8837 }
8838
8839 +static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
8840 +{
8841 + pud_populate_kernel(mm, pud, pmd);
8842 +}
8843 +
8844 static inline void __pud_free_tlb(struct mmu_gather *tlb, pud_t *pud,
8845 unsigned long address)
8846 {
8847 diff --git a/arch/powerpc/include/asm/cache.h b/arch/powerpc/include/asm/cache.h
8848 index ffbafbf..71d037fb 100644
8849 --- a/arch/powerpc/include/asm/cache.h
8850 +++ b/arch/powerpc/include/asm/cache.h
8851 @@ -3,6 +3,8 @@
8852
8853 #ifdef __KERNEL__
8854
8855 +#include <asm/reg.h>
8856 +#include <linux/const.h>
8857
8858 /* bytes per L1 cache line */
8859 #if defined(CONFIG_8xx) || defined(CONFIG_403GCX)
8860 @@ -22,7 +24,7 @@
8861 #define L1_CACHE_SHIFT 7
8862 #endif
8863
8864 -#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
8865 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
8866
8867 #define SMP_CACHE_BYTES L1_CACHE_BYTES
8868
8869 diff --git a/arch/powerpc/include/asm/elf.h b/arch/powerpc/include/asm/elf.h
8870 index ee46ffe..b36c98c 100644
8871 --- a/arch/powerpc/include/asm/elf.h
8872 +++ b/arch/powerpc/include/asm/elf.h
8873 @@ -30,6 +30,18 @@
8874
8875 #define ELF_ET_DYN_BASE 0x20000000
8876
8877 +#ifdef CONFIG_PAX_ASLR
8878 +#define PAX_ELF_ET_DYN_BASE (0x10000000UL)
8879 +
8880 +#ifdef __powerpc64__
8881 +#define PAX_DELTA_MMAP_LEN (is_32bit_task() ? 16 : 28)
8882 +#define PAX_DELTA_STACK_LEN (is_32bit_task() ? 16 : 28)
8883 +#else
8884 +#define PAX_DELTA_MMAP_LEN 15
8885 +#define PAX_DELTA_STACK_LEN 15
8886 +#endif
8887 +#endif
8888 +
8889 #define ELF_CORE_EFLAGS (is_elf2_task() ? 2 : 0)
8890
8891 /*
8892 diff --git a/arch/powerpc/include/asm/exec.h b/arch/powerpc/include/asm/exec.h
8893 index 8196e9c..d83a9f3 100644
8894 --- a/arch/powerpc/include/asm/exec.h
8895 +++ b/arch/powerpc/include/asm/exec.h
8896 @@ -4,6 +4,6 @@
8897 #ifndef _ASM_POWERPC_EXEC_H
8898 #define _ASM_POWERPC_EXEC_H
8899
8900 -extern unsigned long arch_align_stack(unsigned long sp);
8901 +#define arch_align_stack(x) ((x) & ~0xfUL)
8902
8903 #endif /* _ASM_POWERPC_EXEC_H */
8904 diff --git a/arch/powerpc/include/asm/kmap_types.h b/arch/powerpc/include/asm/kmap_types.h
8905 index 5acabbd..7ea14fa 100644
8906 --- a/arch/powerpc/include/asm/kmap_types.h
8907 +++ b/arch/powerpc/include/asm/kmap_types.h
8908 @@ -10,7 +10,7 @@
8909 * 2 of the License, or (at your option) any later version.
8910 */
8911
8912 -#define KM_TYPE_NR 16
8913 +#define KM_TYPE_NR 17
8914
8915 #endif /* __KERNEL__ */
8916 #endif /* _ASM_POWERPC_KMAP_TYPES_H */
8917 diff --git a/arch/powerpc/include/asm/local.h b/arch/powerpc/include/asm/local.h
8918 index b8da913..c02b593 100644
8919 --- a/arch/powerpc/include/asm/local.h
8920 +++ b/arch/powerpc/include/asm/local.h
8921 @@ -9,21 +9,65 @@ typedef struct
8922 atomic_long_t a;
8923 } local_t;
8924
8925 +typedef struct
8926 +{
8927 + atomic_long_unchecked_t a;
8928 +} local_unchecked_t;
8929 +
8930 #define LOCAL_INIT(i) { ATOMIC_LONG_INIT(i) }
8931
8932 #define local_read(l) atomic_long_read(&(l)->a)
8933 +#define local_read_unchecked(l) atomic_long_read_unchecked(&(l)->a)
8934 #define local_set(l,i) atomic_long_set(&(l)->a, (i))
8935 +#define local_set_unchecked(l,i) atomic_long_set_unchecked(&(l)->a, (i))
8936
8937 #define local_add(i,l) atomic_long_add((i),(&(l)->a))
8938 +#define local_add_unchecked(i,l) atomic_long_add_unchecked((i),(&(l)->a))
8939 #define local_sub(i,l) atomic_long_sub((i),(&(l)->a))
8940 +#define local_sub_unchecked(i,l) atomic_long_sub_unchecked((i),(&(l)->a))
8941 #define local_inc(l) atomic_long_inc(&(l)->a)
8942 +#define local_inc_unchecked(l) atomic_long_inc_unchecked(&(l)->a)
8943 #define local_dec(l) atomic_long_dec(&(l)->a)
8944 +#define local_dec_unchecked(l) atomic_long_dec_unchecked(&(l)->a)
8945
8946 static __inline__ long local_add_return(long a, local_t *l)
8947 {
8948 long t;
8949
8950 __asm__ __volatile__(
8951 +"1:" PPC_LLARX(%0,0,%2,0) " # local_add_return\n"
8952 +
8953 +#ifdef CONFIG_PAX_REFCOUNT
8954 +" mcrxr cr0\n"
8955 +" addo. %0,%1,%0\n"
8956 +" bf 4*cr0+so, 3f\n"
8957 +"2:.long " "0x00c00b00""\n"
8958 +#else
8959 +" add %0,%1,%0\n"
8960 +#endif
8961 +
8962 +"3:\n"
8963 + PPC405_ERR77(0,%2)
8964 + PPC_STLCX "%0,0,%2 \n\
8965 + bne- 1b"
8966 +
8967 +#ifdef CONFIG_PAX_REFCOUNT
8968 +"\n4:\n"
8969 + _ASM_EXTABLE(2b, 4b)
8970 +#endif
8971 +
8972 + : "=&r" (t)
8973 + : "r" (a), "r" (&(l->a.counter))
8974 + : "cc", "memory");
8975 +
8976 + return t;
8977 +}
8978 +
8979 +static __inline__ long local_add_return_unchecked(long a, local_unchecked_t *l)
8980 +{
8981 + long t;
8982 +
8983 + __asm__ __volatile__(
8984 "1:" PPC_LLARX(%0,0,%2,0) " # local_add_return\n\
8985 add %0,%1,%0\n"
8986 PPC405_ERR77(0,%2)
8987 @@ -101,6 +145,8 @@ static __inline__ long local_dec_return(local_t *l)
8988
8989 #define local_cmpxchg(l, o, n) \
8990 (cmpxchg_local(&((l)->a.counter), (o), (n)))
8991 +#define local_cmpxchg_unchecked(l, o, n) \
8992 + (cmpxchg_local(&((l)->a.counter), (o), (n)))
8993 #define local_xchg(l, n) (xchg_local(&((l)->a.counter), (n)))
8994
8995 /**
8996 diff --git a/arch/powerpc/include/asm/mman.h b/arch/powerpc/include/asm/mman.h
8997 index 30922f6..0bb237c 100644
8998 --- a/arch/powerpc/include/asm/mman.h
8999 +++ b/arch/powerpc/include/asm/mman.h
9000 @@ -26,7 +26,7 @@ static inline unsigned long arch_calc_vm_prot_bits(unsigned long prot,
9001 }
9002 #define arch_calc_vm_prot_bits(prot, pkey) arch_calc_vm_prot_bits(prot, pkey)
9003
9004 -static inline pgprot_t arch_vm_get_page_prot(unsigned long vm_flags)
9005 +static inline pgprot_t arch_vm_get_page_prot(vm_flags_t vm_flags)
9006 {
9007 return (vm_flags & VM_SAO) ? __pgprot(_PAGE_SAO) : __pgprot(0);
9008 }
9009 diff --git a/arch/powerpc/include/asm/nohash/64/pgalloc.h b/arch/powerpc/include/asm/nohash/64/pgalloc.h
9010 index 897d2e1..399f34f 100644
9011 --- a/arch/powerpc/include/asm/nohash/64/pgalloc.h
9012 +++ b/arch/powerpc/include/asm/nohash/64/pgalloc.h
9013 @@ -54,6 +54,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd)
9014 #ifndef CONFIG_PPC_64K_PAGES
9015
9016 #define pgd_populate(MM, PGD, PUD) pgd_set(PGD, (unsigned long)PUD)
9017 +#define pgd_populate_kernel(MM, PGD, PUD) pgd_populate((MM), (PGD), (PUD))
9018
9019 static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr)
9020 {
9021 @@ -70,6 +71,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
9022 pud_set(pud, (unsigned long)pmd);
9023 }
9024
9025 +static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
9026 +{
9027 + pud_populate(mm, pud, pmd);
9028 +}
9029 +
9030 static inline void pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmd,
9031 pte_t *pte)
9032 {
9033 @@ -139,6 +145,7 @@ extern void __tlb_remove_table(void *_table);
9034 #endif
9035
9036 #define pud_populate(mm, pud, pmd) pud_set(pud, (unsigned long)pmd)
9037 +#define pud_populate_kernel(mm, pud, pmd) pud_populate((mm), (pud), (pmd))
9038
9039 static inline void pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmd,
9040 pte_t *pte)
9041 diff --git a/arch/powerpc/include/asm/page.h b/arch/powerpc/include/asm/page.h
9042 index 56398e7..287a772 100644
9043 --- a/arch/powerpc/include/asm/page.h
9044 +++ b/arch/powerpc/include/asm/page.h
9045 @@ -230,8 +230,9 @@ extern long long virt_phys_offset;
9046 * and needs to be executable. This means the whole heap ends
9047 * up being executable.
9048 */
9049 -#define VM_DATA_DEFAULT_FLAGS32 (VM_READ | VM_WRITE | VM_EXEC | \
9050 - VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
9051 +#define VM_DATA_DEFAULT_FLAGS32 \
9052 + (((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \
9053 + VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
9054
9055 #define VM_DATA_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \
9056 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
9057 @@ -259,6 +260,9 @@ extern long long virt_phys_offset;
9058 #define is_kernel_addr(x) ((x) >= PAGE_OFFSET)
9059 #endif
9060
9061 +#define ktla_ktva(addr) (addr)
9062 +#define ktva_ktla(addr) (addr)
9063 +
9064 #ifndef CONFIG_PPC_BOOK3S_64
9065 /*
9066 * Use the top bit of the higher-level page table entries to indicate whether
9067 diff --git a/arch/powerpc/include/asm/page_64.h b/arch/powerpc/include/asm/page_64.h
9068 index dd5f071..0470718 100644
9069 --- a/arch/powerpc/include/asm/page_64.h
9070 +++ b/arch/powerpc/include/asm/page_64.h
9071 @@ -169,15 +169,18 @@ do { \
9072 * stack by default, so in the absence of a PT_GNU_STACK program header
9073 * we turn execute permission off.
9074 */
9075 -#define VM_STACK_DEFAULT_FLAGS32 (VM_READ | VM_WRITE | VM_EXEC | \
9076 - VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
9077 +#define VM_STACK_DEFAULT_FLAGS32 \
9078 + (((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \
9079 + VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
9080
9081 #define VM_STACK_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \
9082 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
9083
9084 +#ifndef CONFIG_PAX_PAGEEXEC
9085 #define VM_STACK_DEFAULT_FLAGS \
9086 (is_32bit_task() ? \
9087 VM_STACK_DEFAULT_FLAGS32 : VM_STACK_DEFAULT_FLAGS64)
9088 +#endif
9089
9090 #include <asm-generic/getorder.h>
9091
9092 diff --git a/arch/powerpc/include/asm/pgtable.h b/arch/powerpc/include/asm/pgtable.h
9093 index 9bd87f2..f600e6d 100644
9094 --- a/arch/powerpc/include/asm/pgtable.h
9095 +++ b/arch/powerpc/include/asm/pgtable.h
9096 @@ -1,6 +1,7 @@
9097 #ifndef _ASM_POWERPC_PGTABLE_H
9098 #define _ASM_POWERPC_PGTABLE_H
9099
9100 +#include <linux/const.h>
9101 #ifndef __ASSEMBLY__
9102 #include <linux/mmdebug.h>
9103 #include <linux/mmzone.h>
9104 diff --git a/arch/powerpc/include/asm/pte-common.h b/arch/powerpc/include/asm/pte-common.h
9105 index 4ba26dd..2d1137d 100644
9106 --- a/arch/powerpc/include/asm/pte-common.h
9107 +++ b/arch/powerpc/include/asm/pte-common.h
9108 @@ -16,6 +16,9 @@
9109 #ifndef _PAGE_EXEC
9110 #define _PAGE_EXEC 0
9111 #endif
9112 +#ifndef _PAGE_NX
9113 +#define _PAGE_NX 0
9114 +#endif
9115 #ifndef _PAGE_ENDIAN
9116 #define _PAGE_ENDIAN 0
9117 #endif
9118 @@ -53,13 +56,13 @@
9119 #define PMD_PAGE_SIZE(pmd) bad_call_to_PMD_PAGE_SIZE()
9120 #endif
9121 #ifndef _PAGE_KERNEL_RO
9122 -#define _PAGE_KERNEL_RO (_PAGE_RO)
9123 +#define _PAGE_KERNEL_RO (_PAGE_RO | _PAGE_NX)
9124 #endif
9125 #ifndef _PAGE_KERNEL_ROX
9126 #define _PAGE_KERNEL_ROX (_PAGE_EXEC | _PAGE_RO)
9127 #endif
9128 #ifndef _PAGE_KERNEL_RW
9129 -#define _PAGE_KERNEL_RW (_PAGE_DIRTY | _PAGE_RW | _PAGE_HWWRITE)
9130 +#define _PAGE_KERNEL_RW (_PAGE_DIRTY | _PAGE_RW | _PAGE_HWWRITE | _PAGE_NX)
9131 #endif
9132 #ifndef _PAGE_KERNEL_RWX
9133 #define _PAGE_KERNEL_RWX (_PAGE_DIRTY | _PAGE_RW | _PAGE_HWWRITE | _PAGE_EXEC)
9134 @@ -142,15 +145,12 @@ static inline bool pte_user(pte_t pte)
9135 * Note due to the way vm flags are laid out, the bits are XWR
9136 */
9137 #define PAGE_NONE __pgprot(_PAGE_BASE)
9138 -#define PAGE_SHARED __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW)
9139 -#define PAGE_SHARED_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW | \
9140 - _PAGE_EXEC)
9141 -#define PAGE_COPY __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RO)
9142 -#define PAGE_COPY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RO | \
9143 - _PAGE_EXEC)
9144 -#define PAGE_READONLY __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RO)
9145 -#define PAGE_READONLY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RO | \
9146 - _PAGE_EXEC)
9147 +#define PAGE_SHARED __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW | _PAGE_NX)
9148 +#define PAGE_SHARED_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW | _PAGE_EXEC)
9149 +#define PAGE_COPY __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RO | _PAGE_NX)
9150 +#define PAGE_COPY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RO | _PAGE_EXEC)
9151 +#define PAGE_READONLY __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RO | _PAGE_NX)
9152 +#define PAGE_READONLY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RO | _PAGE_EXEC)
9153
9154 #define __P000 PAGE_NONE
9155 #define __P001 PAGE_READONLY
9156 @@ -171,11 +171,9 @@ static inline bool pte_user(pte_t pte)
9157 #define __S111 PAGE_SHARED_X
9158
9159 /* Permission masks used for kernel mappings */
9160 -#define PAGE_KERNEL __pgprot(_PAGE_BASE | _PAGE_KERNEL_RW)
9161 -#define PAGE_KERNEL_NC __pgprot(_PAGE_BASE_NC | _PAGE_KERNEL_RW | \
9162 - _PAGE_NO_CACHE)
9163 -#define PAGE_KERNEL_NCG __pgprot(_PAGE_BASE_NC | _PAGE_KERNEL_RW | \
9164 - _PAGE_NO_CACHE | _PAGE_GUARDED)
9165 +#define PAGE_KERNEL __pgprot(_PAGE_BASE | _PAGE_KERNEL_RW | _PAGE_NX)
9166 +#define PAGE_KERNEL_NC __pgprot(_PAGE_BASE_NC | _PAGE_KERNEL_RW | _PAGE_NO_CACHE)
9167 +#define PAGE_KERNEL_NCG __pgprot(_PAGE_BASE_NC | _PAGE_KERNEL_RW | _PAGE_NO_CACHE | _PAGE_GUARDED)
9168 #define PAGE_KERNEL_X __pgprot(_PAGE_BASE | _PAGE_KERNEL_RWX)
9169 #define PAGE_KERNEL_RO __pgprot(_PAGE_BASE | _PAGE_KERNEL_RO)
9170 #define PAGE_KERNEL_ROX __pgprot(_PAGE_BASE | _PAGE_KERNEL_ROX)
9171 diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h
9172 index 978dada..5d29335 100644
9173 --- a/arch/powerpc/include/asm/reg.h
9174 +++ b/arch/powerpc/include/asm/reg.h
9175 @@ -270,6 +270,7 @@
9176 #define SPRN_DBCR 0x136 /* e300 Data Breakpoint Control Reg */
9177 #define SPRN_DSISR 0x012 /* Data Storage Interrupt Status Register */
9178 #define DSISR_NOHPTE 0x40000000 /* no translation found */
9179 +#define DSISR_GUARDED 0x10000000 /* fetch from guarded storage */
9180 #define DSISR_PROTFAULT 0x08000000 /* protection fault */
9181 #define DSISR_ISSTORE 0x02000000 /* access was a store */
9182 #define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */
9183 diff --git a/arch/powerpc/include/asm/smp.h b/arch/powerpc/include/asm/smp.h
9184 index 0d02c11..33a8f08 100644
9185 --- a/arch/powerpc/include/asm/smp.h
9186 +++ b/arch/powerpc/include/asm/smp.h
9187 @@ -51,7 +51,7 @@ struct smp_ops_t {
9188 int (*cpu_disable)(void);
9189 void (*cpu_die)(unsigned int nr);
9190 int (*cpu_bootable)(unsigned int nr);
9191 -};
9192 +} __no_const;
9193
9194 extern void smp_send_debugger_break(void);
9195 extern void start_secondary_resume(void);
9196 diff --git a/arch/powerpc/include/asm/spinlock.h b/arch/powerpc/include/asm/spinlock.h
9197 index fa37fe9..867d3cf 100644
9198 --- a/arch/powerpc/include/asm/spinlock.h
9199 +++ b/arch/powerpc/include/asm/spinlock.h
9200 @@ -27,6 +27,7 @@
9201 #include <asm/asm-compat.h>
9202 #include <asm/synch.h>
9203 #include <asm/ppc-opcode.h>
9204 +#include <asm/atomic.h>
9205
9206 #ifdef CONFIG_PPC64
9207 /* use 0x800000yy when locked, where yy == CPU number */
9208 @@ -228,13 +229,29 @@ static inline long __arch_read_trylock(arch_rwlock_t *rw)
9209 __asm__ __volatile__(
9210 "1: " PPC_LWARX(%0,0,%1,1) "\n"
9211 __DO_SIGN_EXTEND
9212 -" addic. %0,%0,1\n\
9213 - ble- 2f\n"
9214 +
9215 +#ifdef CONFIG_PAX_REFCOUNT
9216 +" mcrxr cr0\n"
9217 +" addico. %0,%0,1\n"
9218 +" bf 4*cr0+so, 3f\n"
9219 +"2:.long " "0x00c00b00""\n"
9220 +#else
9221 +" addic. %0,%0,1\n"
9222 +#endif
9223 +
9224 +"3:\n"
9225 + "ble- 4f\n"
9226 PPC405_ERR77(0,%1)
9227 " stwcx. %0,0,%1\n\
9228 bne- 1b\n"
9229 PPC_ACQUIRE_BARRIER
9230 -"2:" : "=&r" (tmp)
9231 +"4:"
9232 +
9233 +#ifdef CONFIG_PAX_REFCOUNT
9234 + _ASM_EXTABLE(2b,4b)
9235 +#endif
9236 +
9237 + : "=&r" (tmp)
9238 : "r" (&rw->lock)
9239 : "cr0", "xer", "memory");
9240
9241 @@ -310,11 +327,27 @@ static inline void arch_read_unlock(arch_rwlock_t *rw)
9242 __asm__ __volatile__(
9243 "# read_unlock\n\t"
9244 PPC_RELEASE_BARRIER
9245 -"1: lwarx %0,0,%1\n\
9246 - addic %0,%0,-1\n"
9247 +"1: lwarx %0,0,%1\n"
9248 +
9249 +#ifdef CONFIG_PAX_REFCOUNT
9250 +" mcrxr cr0\n"
9251 +" addico. %0,%0,-1\n"
9252 +" bf 4*cr0+so, 3f\n"
9253 +"2:.long " "0x00c00b00""\n"
9254 +#else
9255 +" addic. %0,%0,-1\n"
9256 +#endif
9257 +
9258 +"3:\n"
9259 PPC405_ERR77(0,%1)
9260 " stwcx. %0,0,%1\n\
9261 bne- 1b"
9262 +
9263 +#ifdef CONFIG_PAX_REFCOUNT
9264 +"\n4:\n"
9265 + _ASM_EXTABLE(2b, 4b)
9266 +#endif
9267 +
9268 : "=&r"(tmp)
9269 : "r"(&rw->lock)
9270 : "cr0", "xer", "memory");
9271 diff --git a/arch/powerpc/include/asm/string.h b/arch/powerpc/include/asm/string.h
9272 index da3cdff..c774844 100644
9273 --- a/arch/powerpc/include/asm/string.h
9274 +++ b/arch/powerpc/include/asm/string.h
9275 @@ -11,17 +11,17 @@
9276 #define __HAVE_ARCH_MEMCMP
9277 #define __HAVE_ARCH_MEMCHR
9278
9279 -extern char * strcpy(char *,const char *);
9280 -extern char * strncpy(char *,const char *, __kernel_size_t);
9281 -extern __kernel_size_t strlen(const char *);
9282 -extern int strcmp(const char *,const char *);
9283 -extern int strncmp(const char *, const char *, __kernel_size_t);
9284 -extern char * strcat(char *, const char *);
9285 +extern char * strcpy(char *,const char *) __nocapture(2);
9286 +extern char * strncpy(char *,const char *, __kernel_size_t) __nocapture(2);
9287 +extern __kernel_size_t strlen(const char *) __nocapture(1);
9288 +extern int strcmp(const char *,const char *) __nocapture();
9289 +extern int strncmp(const char *, const char *, __kernel_size_t) __nocapture(1, 2);
9290 +extern char * strcat(char *, const char *) __nocapture(2);
9291 extern void * memset(void *,int,__kernel_size_t);
9292 -extern void * memcpy(void *,const void *,__kernel_size_t);
9293 -extern void * memmove(void *,const void *,__kernel_size_t);
9294 -extern int memcmp(const void *,const void *,__kernel_size_t);
9295 -extern void * memchr(const void *,int,__kernel_size_t);
9296 +extern void * memcpy(void *,const void *,__kernel_size_t) __nocapture(2);
9297 +extern void * memmove(void *,const void *,__kernel_size_t) __nocapture(2);
9298 +extern int memcmp(const void *,const void *,__kernel_size_t) __nocapture(1, 2);
9299 +extern void * memchr(const void *,int,__kernel_size_t) __nocapture(1);
9300
9301 #endif /* __KERNEL__ */
9302
9303 diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h
9304 index 87e4b2d..c362390 100644
9305 --- a/arch/powerpc/include/asm/thread_info.h
9306 +++ b/arch/powerpc/include/asm/thread_info.h
9307 @@ -107,6 +107,8 @@ static inline struct thread_info *current_thread_info(void)
9308 #if defined(CONFIG_PPC64)
9309 #define TIF_ELF2ABI 18 /* function descriptors must die! */
9310 #endif
9311 +/* mask must be expressable within 16 bits to satisfy 'andi' instruction reqs */
9312 +#define TIF_GRSEC_SETXID 6 /* update credentials on syscall entry/exit */
9313
9314 /* as above, but as bit values */
9315 #define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE)
9316 @@ -125,9 +127,10 @@ static inline struct thread_info *current_thread_info(void)
9317 #define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT)
9318 #define _TIF_EMULATE_STACK_STORE (1<<TIF_EMULATE_STACK_STORE)
9319 #define _TIF_NOHZ (1<<TIF_NOHZ)
9320 +#define _TIF_GRSEC_SETXID (1<<TIF_GRSEC_SETXID)
9321 #define _TIF_SYSCALL_DOTRACE (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \
9322 _TIF_SECCOMP | _TIF_SYSCALL_TRACEPOINT | \
9323 - _TIF_NOHZ)
9324 + _TIF_NOHZ | _TIF_GRSEC_SETXID)
9325
9326 #define _TIF_USER_WORK_MASK (_TIF_SIGPENDING | _TIF_NEED_RESCHED | \
9327 _TIF_NOTIFY_RESUME | _TIF_UPROBE | \
9328 diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
9329 index c266227..f3dc6bb 100644
9330 --- a/arch/powerpc/include/asm/uaccess.h
9331 +++ b/arch/powerpc/include/asm/uaccess.h
9332 @@ -58,6 +58,7 @@
9333
9334 #endif
9335
9336 +#define access_ok_noprefault(type, addr, size) access_ok((type), (addr), (size))
9337 #define access_ok(type, addr, size) \
9338 (__chk_user_ptr(addr), \
9339 __access_ok((__force unsigned long)(addr), (size), get_fs()))
9340 @@ -303,43 +304,6 @@ do { \
9341 extern unsigned long __copy_tofrom_user(void __user *to,
9342 const void __user *from, unsigned long size);
9343
9344 -#ifndef __powerpc64__
9345 -
9346 -static inline unsigned long copy_from_user(void *to,
9347 - const void __user *from, unsigned long n)
9348 -{
9349 - if (likely(access_ok(VERIFY_READ, from, n))) {
9350 - check_object_size(to, n, false);
9351 - return __copy_tofrom_user((__force void __user *)to, from, n);
9352 - }
9353 - memset(to, 0, n);
9354 - return n;
9355 -}
9356 -
9357 -static inline unsigned long copy_to_user(void __user *to,
9358 - const void *from, unsigned long n)
9359 -{
9360 - if (access_ok(VERIFY_WRITE, to, n)) {
9361 - check_object_size(from, n, true);
9362 - return __copy_tofrom_user(to, (__force void __user *)from, n);
9363 - }
9364 - return n;
9365 -}
9366 -
9367 -#else /* __powerpc64__ */
9368 -
9369 -#define __copy_in_user(to, from, size) \
9370 - __copy_tofrom_user((to), (from), (size))
9371 -
9372 -extern unsigned long copy_from_user(void *to, const void __user *from,
9373 - unsigned long n);
9374 -extern unsigned long copy_to_user(void __user *to, const void *from,
9375 - unsigned long n);
9376 -extern unsigned long copy_in_user(void __user *to, const void __user *from,
9377 - unsigned long n);
9378 -
9379 -#endif /* __powerpc64__ */
9380 -
9381 static inline unsigned long __copy_from_user_inatomic(void *to,
9382 const void __user *from, unsigned long n)
9383 {
9384 @@ -412,6 +376,70 @@ static inline unsigned long __copy_to_user(void __user *to,
9385 return __copy_to_user_inatomic(to, from, size);
9386 }
9387
9388 +#ifndef __powerpc64__
9389 +
9390 +static inline unsigned long __must_check copy_from_user(void *to,
9391 + const void __user *from, unsigned long n)
9392 +{
9393 + if ((long)n < 0)
9394 + return n;
9395 +
9396 + if (likely(access_ok(VERIFY_READ, from, n))) {
9397 + check_object_size(to, n, false);
9398 + return __copy_tofrom_user((void __force_user *)to, from, n);
9399 + }
9400 + memset(to, 0, n);
9401 + return n;
9402 +}
9403 +
9404 +static inline unsigned long __must_check copy_to_user(void __user *to,
9405 + const void *from, unsigned long n)
9406 +{
9407 + if ((long)n < 0)
9408 + return n;
9409 +
9410 + if (likely(access_ok(VERIFY_WRITE, to, n))) {
9411 + check_object_size(from, n, true);
9412 + return __copy_tofrom_user(to, (void __force_user *)from, n);
9413 + }
9414 + return n;
9415 +}
9416 +
9417 +#else /* __powerpc64__ */
9418 +
9419 +#define __copy_in_user(to, from, size) \
9420 + __copy_tofrom_user((to), (from), (size))
9421 +
9422 +static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
9423 +{
9424 + if ((long)n < 0 || n > INT_MAX)
9425 + return n;
9426 +
9427 + if (likely(access_ok(VERIFY_READ, from, n))) {
9428 + check_object_size(to, n, false);
9429 + n = __copy_from_user(to, from, n);
9430 + } else
9431 + memset(to, 0, n);
9432 + return n;
9433 +}
9434 +
9435 +static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
9436 +{
9437 + if ((long)n < 0 || n > INT_MAX)
9438 + return n;
9439 +
9440 + if (likely(access_ok(VERIFY_WRITE, to, n))) {
9441 + check_object_size(from, n, true);
9442 + n = __copy_to_user(to, from, n);
9443 + }
9444 + return n;
9445 +}
9446 +
9447 +extern unsigned long copy_in_user(void __user *to, const void __user *from,
9448 + unsigned long n);
9449 +
9450 +#endif /* __powerpc64__ */
9451 +
9452 extern unsigned long __clear_user(void __user *addr, unsigned long size);
9453
9454 static inline unsigned long clear_user(void __user *addr, unsigned long size)
9455 diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
9456 index fe4c075..fcb4600 100644
9457 --- a/arch/powerpc/kernel/Makefile
9458 +++ b/arch/powerpc/kernel/Makefile
9459 @@ -14,6 +14,11 @@ CFLAGS_prom_init.o += -fPIC
9460 CFLAGS_btext.o += -fPIC
9461 endif
9462
9463 +CFLAGS_cputable.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
9464 +CFLAGS_prom_init.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
9465 +CFLAGS_btext.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
9466 +CFLAGS_prom.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
9467 +
9468 ifdef CONFIG_FUNCTION_TRACER
9469 # Do not trace early boot code
9470 CFLAGS_REMOVE_cputable.o = -mno-sched-epilog $(CC_FLAGS_FTRACE)
9471 @@ -26,6 +31,8 @@ CFLAGS_REMOVE_ftrace.o = -mno-sched-epilog $(CC_FLAGS_FTRACE)
9472 CFLAGS_REMOVE_time.o = -mno-sched-epilog $(CC_FLAGS_FTRACE)
9473 endif
9474
9475 +CFLAGS_REMOVE_prom_init.o += $(LATENT_ENTROPY_PLUGIN_CFLAGS)
9476 +
9477 obj-y := cputable.o ptrace.o syscalls.o \
9478 irq.o align.o signal_32.o pmc.o vdso.o \
9479 process.o systbl.o idle.o \
9480 diff --git a/arch/powerpc/kernel/exceptions-64e.S b/arch/powerpc/kernel/exceptions-64e.S
9481 index 38a1f96..ed94e42 100644
9482 --- a/arch/powerpc/kernel/exceptions-64e.S
9483 +++ b/arch/powerpc/kernel/exceptions-64e.S
9484 @@ -1010,6 +1010,7 @@ storage_fault_common:
9485 std r14,_DAR(r1)
9486 std r15,_DSISR(r1)
9487 addi r3,r1,STACK_FRAME_OVERHEAD
9488 + bl save_nvgprs
9489 mr r4,r14
9490 mr r5,r15
9491 ld r14,PACA_EXGEN+EX_R14(r13)
9492 @@ -1018,8 +1019,7 @@ storage_fault_common:
9493 cmpdi r3,0
9494 bne- 1f
9495 b ret_from_except_lite
9496 -1: bl save_nvgprs
9497 - mr r5,r3
9498 +1: mr r5,r3
9499 addi r3,r1,STACK_FRAME_OVERHEAD
9500 ld r4,_DAR(r1)
9501 bl bad_page_fault
9502 diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S
9503 index bffec73..9cc5a35 100644
9504 --- a/arch/powerpc/kernel/exceptions-64s.S
9505 +++ b/arch/powerpc/kernel/exceptions-64s.S
9506 @@ -1520,10 +1520,10 @@ handle_page_fault:
9507 11: ld r4,_DAR(r1)
9508 ld r5,_DSISR(r1)
9509 addi r3,r1,STACK_FRAME_OVERHEAD
9510 + bl save_nvgprs
9511 bl do_page_fault
9512 cmpdi r3,0
9513 beq+ 12f
9514 - bl save_nvgprs
9515 mr r5,r3
9516 addi r3,r1,STACK_FRAME_OVERHEAD
9517 lwz r4,_DAR(r1)
9518 diff --git a/arch/powerpc/kernel/irq.c b/arch/powerpc/kernel/irq.c
9519 index 08887cf..0c98725 100644
9520 --- a/arch/powerpc/kernel/irq.c
9521 +++ b/arch/powerpc/kernel/irq.c
9522 @@ -477,6 +477,8 @@ void migrate_irqs(void)
9523 }
9524 #endif
9525
9526 +extern void gr_handle_kernel_exploit(void);
9527 +
9528 static inline void check_stack_overflow(void)
9529 {
9530 #ifdef CONFIG_DEBUG_STACKOVERFLOW
9531 @@ -489,6 +491,7 @@ static inline void check_stack_overflow(void)
9532 pr_err("do_IRQ: stack overflow: %ld\n",
9533 sp - sizeof(struct thread_info));
9534 dump_stack();
9535 + gr_handle_kernel_exploit();
9536 }
9537 #endif
9538 }
9539 diff --git a/arch/powerpc/kernel/module_32.c b/arch/powerpc/kernel/module_32.c
9540 index 5a7a78f..c0e4207 100644
9541 --- a/arch/powerpc/kernel/module_32.c
9542 +++ b/arch/powerpc/kernel/module_32.c
9543 @@ -158,7 +158,7 @@ int module_frob_arch_sections(Elf32_Ehdr *hdr,
9544 me->arch.core_plt_section = i;
9545 }
9546 if (!me->arch.core_plt_section || !me->arch.init_plt_section) {
9547 - pr_err("Module doesn't contain .plt or .init.plt sections.\n");
9548 + pr_err("Module $s doesn't contain .plt or .init.plt sections.\n", me->name);
9549 return -ENOEXEC;
9550 }
9551
9552 @@ -188,11 +188,16 @@ static uint32_t do_plt_call(void *location,
9553
9554 pr_debug("Doing plt for call to 0x%x at 0x%x\n", val, (unsigned int)location);
9555 /* Init, or core PLT? */
9556 - if (location >= mod->core_layout.base
9557 - && location < mod->core_layout.base + mod->core_layout.size)
9558 + if ((location >= mod->core_layout.base_rx && location < mod->core_layout.base_rx + mod->core_layout.size_rx) ||
9559 + (location >= mod->core_layout.base_rw && location < mod->core_layout.base_rw + mod->core_layout.size_rw))
9560 entry = (void *)sechdrs[mod->arch.core_plt_section].sh_addr;
9561 - else
9562 + else if ((location >= mod->init_layout.base_rx && location < mod->init_layout.base_rx + mod->init_layout.size_rx) ||
9563 + (location >= mod->init_layout.base_rw && location < mod->init_layout.base_rw + mod->init_layout.size_rw))
9564 entry = (void *)sechdrs[mod->arch.init_plt_section].sh_addr;
9565 + else {
9566 + printk(KERN_ERR "%s: invalid R_PPC_REL24 entry found\n", mod->name);
9567 + return ~0UL;
9568 + }
9569
9570 /* Find this entry, or if that fails, the next avail. entry */
9571 while (entry->jump[0]) {
9572 @@ -301,7 +306,7 @@ int apply_relocate_add(Elf32_Shdr *sechdrs,
9573 #ifdef CONFIG_DYNAMIC_FTRACE
9574 int module_finalize_ftrace(struct module *module, const Elf_Shdr *sechdrs)
9575 {
9576 - module->arch.tramp = do_plt_call(module->core_layout.base,
9577 + module->arch.tramp = do_plt_call(module->core_layout.base_rx,
9578 (unsigned long)ftrace_caller,
9579 sechdrs, module);
9580 if (!module->arch.tramp)
9581 diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
9582 index ad37aa1..51da6c4 100644
9583 --- a/arch/powerpc/kernel/process.c
9584 +++ b/arch/powerpc/kernel/process.c
9585 @@ -1360,8 +1360,8 @@ void show_regs(struct pt_regs * regs)
9586 * Lookup NIP late so we have the best change of getting the
9587 * above info out without failing
9588 */
9589 - printk("NIP ["REG"] %pS\n", regs->nip, (void *)regs->nip);
9590 - printk("LR ["REG"] %pS\n", regs->link, (void *)regs->link);
9591 + printk("NIP ["REG"] %pA\n", regs->nip, (void *)regs->nip);
9592 + printk("LR ["REG"] %pA\n", regs->link, (void *)regs->link);
9593 #endif
9594 show_stack(current, (unsigned long *) regs->gpr[1]);
9595 if (!user_mode(regs))
9596 @@ -1882,10 +1882,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
9597 newsp = stack[0];
9598 ip = stack[STACK_FRAME_LR_SAVE];
9599 if (!firstframe || ip != lr) {
9600 - printk("["REG"] ["REG"] %pS", sp, ip, (void *)ip);
9601 + printk("["REG"] ["REG"] %pA", sp, ip, (void *)ip);
9602 #ifdef CONFIG_FUNCTION_GRAPH_TRACER
9603 if ((ip == rth) && curr_frame >= 0) {
9604 - printk(" (%pS)",
9605 + printk(" (%pA)",
9606 (void *)current->ret_stack[curr_frame].ret);
9607 curr_frame--;
9608 }
9609 @@ -1905,7 +1905,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
9610 struct pt_regs *regs = (struct pt_regs *)
9611 (sp + STACK_FRAME_OVERHEAD);
9612 lr = regs->link;
9613 - printk("--- interrupt: %lx at %pS\n LR = %pS\n",
9614 + printk("--- interrupt: %lx at %pA\n LR = %pA\n",
9615 regs->trap, (void *)regs->nip, (void *)lr);
9616 firstframe = 1;
9617 }
9618 @@ -1942,13 +1942,6 @@ void notrace __ppc64_runlatch_off(void)
9619 }
9620 #endif /* CONFIG_PPC64 */
9621
9622 -unsigned long arch_align_stack(unsigned long sp)
9623 -{
9624 - if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
9625 - sp -= get_random_int() & ~PAGE_MASK;
9626 - return sp & ~0xf;
9627 -}
9628 -
9629 static inline unsigned long brk_rnd(void)
9630 {
9631 unsigned long rnd = 0;
9632 diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
9633 index bf91658..edd21f8 100644
9634 --- a/arch/powerpc/kernel/ptrace.c
9635 +++ b/arch/powerpc/kernel/ptrace.c
9636 @@ -3312,6 +3312,10 @@ static int do_seccomp(struct pt_regs *regs)
9637 static inline int do_seccomp(struct pt_regs *regs) { return 0; }
9638 #endif /* CONFIG_SECCOMP */
9639
9640 +#ifdef CONFIG_GRKERNSEC_SETXID
9641 +extern void gr_delayed_cred_worker(void);
9642 +#endif
9643 +
9644 /**
9645 * do_syscall_trace_enter() - Do syscall tracing on kernel entry.
9646 * @regs: the pt_regs of the task to trace (current)
9647 @@ -3335,6 +3339,11 @@ long do_syscall_trace_enter(struct pt_regs *regs)
9648 {
9649 user_exit();
9650
9651 +#ifdef CONFIG_GRKERNSEC_SETXID
9652 + if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID)))
9653 + gr_delayed_cred_worker();
9654 +#endif
9655 +
9656 /*
9657 * The tracer may decide to abort the syscall, if so tracehook
9658 * will return !0. Note that the tracer may also just change
9659 @@ -3353,6 +3362,7 @@ long do_syscall_trace_enter(struct pt_regs *regs)
9660 if (regs->gpr[0] >= NR_syscalls)
9661 goto skip;
9662
9663 +
9664 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
9665 trace_sys_enter(regs, regs->gpr[0]);
9666
9667 @@ -3384,6 +3394,11 @@ void do_syscall_trace_leave(struct pt_regs *regs)
9668 {
9669 int step;
9670
9671 +#ifdef CONFIG_GRKERNSEC_SETXID
9672 + if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID)))
9673 + gr_delayed_cred_worker();
9674 +#endif
9675 +
9676 audit_syscall_exit(regs);
9677
9678 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
9679 diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
9680 index a7daf74..d8159e5 100644
9681 --- a/arch/powerpc/kernel/signal_32.c
9682 +++ b/arch/powerpc/kernel/signal_32.c
9683 @@ -1000,7 +1000,7 @@ int handle_rt_signal32(struct ksignal *ksig, sigset_t *oldset,
9684 /* Save user registers on the stack */
9685 frame = &rt_sf->uc.uc_mcontext;
9686 addr = frame;
9687 - if (vdso32_rt_sigtramp && current->mm->context.vdso_base) {
9688 + if (vdso32_rt_sigtramp && current->mm->context.vdso_base != ~0UL) {
9689 sigret = 0;
9690 tramp = current->mm->context.vdso_base + vdso32_rt_sigtramp;
9691 } else {
9692 diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c
9693 index 70409bb..6cc6990 100644
9694 --- a/arch/powerpc/kernel/signal_64.c
9695 +++ b/arch/powerpc/kernel/signal_64.c
9696 @@ -770,7 +770,7 @@ int handle_rt_signal64(struct ksignal *ksig, sigset_t *set, struct pt_regs *regs
9697 current->thread.fp_state.fpscr = 0;
9698
9699 /* Set up to return from userspace. */
9700 - if (vdso64_rt_sigtramp && current->mm->context.vdso_base) {
9701 + if (vdso64_rt_sigtramp && current->mm->context.vdso_base != ~0UL) {
9702 regs->link = current->mm->context.vdso_base + vdso64_rt_sigtramp;
9703 } else {
9704 err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]);
9705 diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
9706 index 62859eb..035955d 100644
9707 --- a/arch/powerpc/kernel/traps.c
9708 +++ b/arch/powerpc/kernel/traps.c
9709 @@ -37,6 +37,7 @@
9710 #include <linux/debugfs.h>
9711 #include <linux/ratelimit.h>
9712 #include <linux/context_tracking.h>
9713 +#include <linux/uaccess.h>
9714
9715 #include <asm/emulated_ops.h>
9716 #include <asm/pgtable.h>
9717 @@ -145,6 +146,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs)
9718 return flags;
9719 }
9720
9721 +extern void gr_handle_kernel_exploit(void);
9722 +
9723 static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
9724 int signr)
9725 {
9726 @@ -194,6 +197,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
9727 panic("Fatal exception in interrupt");
9728 if (panic_on_oops)
9729 panic("Fatal exception");
9730 +
9731 + gr_handle_kernel_exploit();
9732 +
9733 do_exit(signr);
9734 }
9735
9736 @@ -1145,6 +1151,26 @@ void __kprobes program_check_exception(struct pt_regs *regs)
9737 enum ctx_state prev_state = exception_enter();
9738 unsigned int reason = get_reason(regs);
9739
9740 +#ifdef CONFIG_PAX_REFCOUNT
9741 + unsigned int bkpt;
9742 + const struct exception_table_entry *entry;
9743 +
9744 + if (reason & REASON_ILLEGAL) {
9745 + /* Check if PaX bad instruction */
9746 + if (!probe_kernel_address((const void *)regs->nip, bkpt) && bkpt == 0xc00b00) {
9747 + current->thread.trap_nr = 0;
9748 + pax_report_refcount_error(regs, NULL);
9749 + /* fixup_exception() for PowerPC does not exist, simulate its job */
9750 + if ((entry = search_exception_tables(regs->nip)) != NULL) {
9751 + regs->nip = entry->fixup;
9752 + return;
9753 + }
9754 + /* fixup_exception() could not handle */
9755 + goto bail;
9756 + }
9757 + }
9758 +#endif
9759 +
9760 /* We can now get here via a FP Unavailable exception if the core
9761 * has no FPU, in that case the reason flags will be 0 */
9762
9763 diff --git a/arch/powerpc/kernel/vdso.c b/arch/powerpc/kernel/vdso.c
9764 index 4111d30..fa5e7be 100644
9765 --- a/arch/powerpc/kernel/vdso.c
9766 +++ b/arch/powerpc/kernel/vdso.c
9767 @@ -35,6 +35,7 @@
9768 #include <asm/vdso.h>
9769 #include <asm/vdso_datapage.h>
9770 #include <asm/setup.h>
9771 +#include <asm/mman.h>
9772
9773 #undef DEBUG
9774
9775 @@ -180,7 +181,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
9776 vdso_base = VDSO32_MBASE;
9777 #endif
9778
9779 - current->mm->context.vdso_base = 0;
9780 + current->mm->context.vdso_base = ~0UL;
9781
9782 /* vDSO has a problem and was disabled, just don't "enable" it for the
9783 * process
9784 @@ -201,7 +202,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
9785 vdso_base = get_unmapped_area(NULL, vdso_base,
9786 (vdso_pages << PAGE_SHIFT) +
9787 ((VDSO_ALIGNMENT - 1) & PAGE_MASK),
9788 - 0, 0);
9789 + 0, MAP_PRIVATE | MAP_EXECUTABLE);
9790 if (IS_ERR_VALUE(vdso_base)) {
9791 rc = vdso_base;
9792 goto fail_mmapsem;
9793 diff --git a/arch/powerpc/lib/usercopy_64.c b/arch/powerpc/lib/usercopy_64.c
9794 index 5eea6f3..5d10396 100644
9795 --- a/arch/powerpc/lib/usercopy_64.c
9796 +++ b/arch/powerpc/lib/usercopy_64.c
9797 @@ -9,22 +9,6 @@
9798 #include <linux/module.h>
9799 #include <asm/uaccess.h>
9800
9801 -unsigned long copy_from_user(void *to, const void __user *from, unsigned long n)
9802 -{
9803 - if (likely(access_ok(VERIFY_READ, from, n)))
9804 - n = __copy_from_user(to, from, n);
9805 - else
9806 - memset(to, 0, n);
9807 - return n;
9808 -}
9809 -
9810 -unsigned long copy_to_user(void __user *to, const void *from, unsigned long n)
9811 -{
9812 - if (likely(access_ok(VERIFY_WRITE, to, n)))
9813 - n = __copy_to_user(to, from, n);
9814 - return n;
9815 -}
9816 -
9817 unsigned long copy_in_user(void __user *to, const void __user *from,
9818 unsigned long n)
9819 {
9820 @@ -35,7 +19,5 @@ unsigned long copy_in_user(void __user *to, const void __user *from,
9821 return n;
9822 }
9823
9824 -EXPORT_SYMBOL(copy_from_user);
9825 -EXPORT_SYMBOL(copy_to_user);
9826 EXPORT_SYMBOL(copy_in_user);
9827
9828 diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
9829 index bb1ffc5..9ae5cb6 100644
9830 --- a/arch/powerpc/mm/fault.c
9831 +++ b/arch/powerpc/mm/fault.c
9832 @@ -34,6 +34,10 @@
9833 #include <linux/context_tracking.h>
9834 #include <linux/hugetlb.h>
9835 #include <linux/uaccess.h>
9836 +#include <linux/slab.h>
9837 +#include <linux/pagemap.h>
9838 +#include <linux/compiler.h>
9839 +#include <linux/unistd.h>
9840
9841 #include <asm/firmware.h>
9842 #include <asm/page.h>
9843 @@ -68,6 +72,33 @@ static inline int notify_page_fault(struct pt_regs *regs)
9844 }
9845 #endif
9846
9847 +#ifdef CONFIG_PAX_PAGEEXEC
9848 +/*
9849 + * PaX: decide what to do with offenders (regs->nip = fault address)
9850 + *
9851 + * returns 1 when task should be killed
9852 + */
9853 +static int pax_handle_fetch_fault(struct pt_regs *regs)
9854 +{
9855 + return 1;
9856 +}
9857 +
9858 +void pax_report_insns(struct pt_regs *regs, void *pc, void *sp)
9859 +{
9860 + unsigned long i;
9861 +
9862 + printk(KERN_ERR "PAX: bytes at PC: ");
9863 + for (i = 0; i < 5; i++) {
9864 + unsigned int c;
9865 + if (get_user(c, (unsigned int __user *)pc+i))
9866 + printk(KERN_CONT "???????? ");
9867 + else
9868 + printk(KERN_CONT "%08x ", c);
9869 + }
9870 + printk("\n");
9871 +}
9872 +#endif
9873 +
9874 /*
9875 * Check whether the instruction at regs->nip is a store using
9876 * an update addressing form which will update r1.
9877 @@ -227,7 +258,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address,
9878 * indicate errors in DSISR but can validly be set in SRR1.
9879 */
9880 if (trap == 0x400)
9881 - error_code &= 0x48200000;
9882 + error_code &= 0x58200000;
9883 else
9884 is_write = error_code & DSISR_ISSTORE;
9885 #else
9886 @@ -384,12 +415,16 @@ good_area:
9887 * "undefined". Of those that can be set, this is the only
9888 * one which seems bad.
9889 */
9890 - if (error_code & 0x10000000)
9891 + if (error_code & DSISR_GUARDED)
9892 /* Guarded storage error. */
9893 goto bad_area;
9894 #endif /* CONFIG_8xx */
9895
9896 if (is_exec) {
9897 +#ifdef CONFIG_PPC_STD_MMU
9898 + if (error_code & DSISR_GUARDED)
9899 + goto bad_area;
9900 +#endif
9901 /*
9902 * Allow execution from readable areas if the MMU does not
9903 * provide separate controls over reading and executing.
9904 @@ -484,6 +519,23 @@ bad_area:
9905 bad_area_nosemaphore:
9906 /* User mode accesses cause a SIGSEGV */
9907 if (user_mode(regs)) {
9908 +
9909 +#ifdef CONFIG_PAX_PAGEEXEC
9910 + if (mm->pax_flags & MF_PAX_PAGEEXEC) {
9911 +#ifdef CONFIG_PPC_STD_MMU
9912 + if (is_exec && (error_code & (DSISR_PROTFAULT | DSISR_GUARDED))) {
9913 +#else
9914 + if (is_exec && regs->nip == address) {
9915 +#endif
9916 + switch (pax_handle_fetch_fault(regs)) {
9917 + }
9918 +
9919 + pax_report_fault(regs, (void *)regs->nip, (void *)regs->gpr[PT_R1]);
9920 + do_group_exit(SIGKILL);
9921 + }
9922 + }
9923 +#endif
9924 +
9925 _exception(SIGSEGV, regs, code, address);
9926 goto bail;
9927 }
9928 diff --git a/arch/powerpc/mm/mmap.c b/arch/powerpc/mm/mmap.c
9929 index 2f1e443..de888bf 100644
9930 --- a/arch/powerpc/mm/mmap.c
9931 +++ b/arch/powerpc/mm/mmap.c
9932 @@ -194,6 +194,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
9933 {
9934 unsigned long random_factor = 0UL;
9935
9936 +#ifdef CONFIG_PAX_RANDMMAP
9937 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
9938 +#endif
9939 +
9940 if (current->flags & PF_RANDOMIZE)
9941 random_factor = arch_mmap_rnd();
9942
9943 @@ -205,9 +209,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
9944 */
9945 if (mmap_is_legacy()) {
9946 mm->mmap_base = TASK_UNMAPPED_BASE;
9947 +
9948 +#ifdef CONFIG_PAX_RANDMMAP
9949 + if (mm->pax_flags & MF_PAX_RANDMMAP)
9950 + mm->mmap_base += mm->delta_mmap;
9951 +#endif
9952 +
9953 mm->get_unmapped_area = arch_get_unmapped_area;
9954 } else {
9955 mm->mmap_base = mmap_base(random_factor);
9956 +
9957 +#ifdef CONFIG_PAX_RANDMMAP
9958 + if (mm->pax_flags & MF_PAX_RANDMMAP)
9959 + mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
9960 +#endif
9961 +
9962 mm->get_unmapped_area = arch_get_unmapped_area_topdown;
9963 }
9964 }
9965 diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c
9966 index 2b27458..7c7c59b 100644
9967 --- a/arch/powerpc/mm/slice.c
9968 +++ b/arch/powerpc/mm/slice.c
9969 @@ -105,7 +105,7 @@ static int slice_area_is_free(struct mm_struct *mm, unsigned long addr,
9970 if ((mm->task_size - len) < addr)
9971 return 0;
9972 vma = find_vma(mm, addr);
9973 - return (!vma || (addr + len) <= vma->vm_start);
9974 + return check_heap_stack_gap(vma, addr, len, 0);
9975 }
9976
9977 static int slice_low_has_vma(struct mm_struct *mm, unsigned long slice)
9978 @@ -276,6 +276,12 @@ static unsigned long slice_find_area_bottomup(struct mm_struct *mm,
9979 info.align_offset = 0;
9980
9981 addr = TASK_UNMAPPED_BASE;
9982 +
9983 +#ifdef CONFIG_PAX_RANDMMAP
9984 + if (mm->pax_flags & MF_PAX_RANDMMAP)
9985 + addr += mm->delta_mmap;
9986 +#endif
9987 +
9988 while (addr < TASK_SIZE) {
9989 info.low_limit = addr;
9990 if (!slice_scan_available(addr, available, 1, &addr))
9991 @@ -410,6 +416,11 @@ unsigned long slice_get_unmapped_area(unsigned long addr, unsigned long len,
9992 if (fixed && addr > (mm->task_size - len))
9993 return -ENOMEM;
9994
9995 +#ifdef CONFIG_PAX_RANDMMAP
9996 + if (!fixed && (mm->pax_flags & MF_PAX_RANDMMAP))
9997 + addr = 0;
9998 +#endif
9999 +
10000 /* If hint, make sure it matches our alignment restrictions */
10001 if (!fixed && addr) {
10002 addr = _ALIGN_UP(addr, 1ul << pshift);
10003 @@ -555,10 +566,10 @@ unsigned long arch_get_unmapped_area(struct file *filp,
10004 }
10005
10006 unsigned long arch_get_unmapped_area_topdown(struct file *filp,
10007 - const unsigned long addr0,
10008 - const unsigned long len,
10009 - const unsigned long pgoff,
10010 - const unsigned long flags)
10011 + unsigned long addr0,
10012 + unsigned long len,
10013 + unsigned long pgoff,
10014 + unsigned long flags)
10015 {
10016 return slice_get_unmapped_area(addr0, len, flags,
10017 current->mm->context.user_psize, 1);
10018 diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c
10019 index 0625446..139a0aa 100644
10020 --- a/arch/powerpc/platforms/cell/spufs/file.c
10021 +++ b/arch/powerpc/platforms/cell/spufs/file.c
10022 @@ -263,9 +263,9 @@ spufs_mem_mmap_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
10023 return VM_FAULT_NOPAGE;
10024 }
10025
10026 -static int spufs_mem_mmap_access(struct vm_area_struct *vma,
10027 +static ssize_t spufs_mem_mmap_access(struct vm_area_struct *vma,
10028 unsigned long address,
10029 - void *buf, int len, int write)
10030 + void *buf, size_t len, int write)
10031 {
10032 struct spu_context *ctx = vma->vm_file->private_data;
10033 unsigned long offset = address - vma->vm_start;
10034 diff --git a/arch/s390/Kconfig.debug b/arch/s390/Kconfig.debug
10035 index 26c5d5be..a308c28 100644
10036 --- a/arch/s390/Kconfig.debug
10037 +++ b/arch/s390/Kconfig.debug
10038 @@ -9,6 +9,7 @@ config S390_PTDUMP
10039 bool "Export kernel pagetable layout to userspace via debugfs"
10040 depends on DEBUG_KERNEL
10041 select DEBUG_FS
10042 + depends on !GRKERNSEC_KMEM
10043 ---help---
10044 Say Y here if you want to show the kernel pagetable layout in a
10045 debugfs file. This information is only useful for kernel developers
10046 diff --git a/arch/s390/include/asm/atomic.h b/arch/s390/include/asm/atomic.h
10047 index d28cc2f..a937312 100644
10048 --- a/arch/s390/include/asm/atomic.h
10049 +++ b/arch/s390/include/asm/atomic.h
10050 @@ -342,4 +342,14 @@ static inline long long atomic64_dec_if_positive(atomic64_t *v)
10051 #define atomic64_dec_and_test(_v) (atomic64_sub_return(1, _v) == 0)
10052 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
10053
10054 +#define atomic64_read_unchecked(v) atomic64_read(v)
10055 +#define atomic64_set_unchecked(v, i) atomic64_set((v), (i))
10056 +#define atomic64_add_unchecked(a, v) atomic64_add((a), (v))
10057 +#define atomic64_add_return_unchecked(a, v) atomic64_add_return((a), (v))
10058 +#define atomic64_sub_unchecked(a, v) atomic64_sub((a), (v))
10059 +#define atomic64_inc_unchecked(v) atomic64_inc(v)
10060 +#define atomic64_inc_return_unchecked(v) atomic64_inc_return(v)
10061 +#define atomic64_dec_unchecked(v) atomic64_dec(v)
10062 +#define atomic64_cmpxchg_unchecked(v, o, n) atomic64_cmpxchg((v), (o), (n))
10063 +
10064 #endif /* __ARCH_S390_ATOMIC__ */
10065 diff --git a/arch/s390/include/asm/cache.h b/arch/s390/include/asm/cache.h
10066 index 05219a5..032f5f0 100644
10067 --- a/arch/s390/include/asm/cache.h
10068 +++ b/arch/s390/include/asm/cache.h
10069 @@ -9,8 +9,10 @@
10070 #ifndef __ARCH_S390_CACHE_H
10071 #define __ARCH_S390_CACHE_H
10072
10073 -#define L1_CACHE_BYTES 256
10074 +#include <linux/const.h>
10075 +
10076 #define L1_CACHE_SHIFT 8
10077 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
10078 #define NET_SKB_PAD 32
10079
10080 #define __read_mostly __section(.data..read_mostly)
10081 diff --git a/arch/s390/include/asm/elf.h b/arch/s390/include/asm/elf.h
10082 index 1736c7d..261351c 100644
10083 --- a/arch/s390/include/asm/elf.h
10084 +++ b/arch/s390/include/asm/elf.h
10085 @@ -167,6 +167,13 @@ extern unsigned int vdso_enabled;
10086 (STACK_TOP / 3 * 2) : \
10087 (STACK_TOP / 3 * 2) & ~((1UL << 32) - 1))
10088
10089 +#ifdef CONFIG_PAX_ASLR
10090 +#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_31BIT) ? 0x10000UL : 0x80000000UL)
10091 +
10092 +#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_31BIT) ? 15 : 26)
10093 +#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_31BIT) ? 15 : 26)
10094 +#endif
10095 +
10096 /* This yields a mask that user programs can use to figure out what
10097 instruction set this CPU supports. */
10098
10099 diff --git a/arch/s390/include/asm/exec.h b/arch/s390/include/asm/exec.h
10100 index c4a93d6..4d2a9b4 100644
10101 --- a/arch/s390/include/asm/exec.h
10102 +++ b/arch/s390/include/asm/exec.h
10103 @@ -7,6 +7,6 @@
10104 #ifndef __ASM_EXEC_H
10105 #define __ASM_EXEC_H
10106
10107 -extern unsigned long arch_align_stack(unsigned long sp);
10108 +#define arch_align_stack(x) ((x) & ~0xfUL)
10109
10110 #endif /* __ASM_EXEC_H */
10111 diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h
10112 index 52d7c87..577d292 100644
10113 --- a/arch/s390/include/asm/uaccess.h
10114 +++ b/arch/s390/include/asm/uaccess.h
10115 @@ -59,6 +59,7 @@ static inline int __range_ok(unsigned long addr, unsigned long size)
10116 __range_ok((unsigned long)(addr), (size)); \
10117 })
10118
10119 +#define access_ok_noprefault(type, addr, size) access_ok((type), (addr), (size))
10120 #define access_ok(type, addr, size) __access_ok(addr, size)
10121
10122 /*
10123 @@ -337,6 +338,10 @@ static inline unsigned long __must_check
10124 copy_to_user(void __user *to, const void *from, unsigned long n)
10125 {
10126 might_fault();
10127 +
10128 + if ((long)n < 0)
10129 + return n;
10130 +
10131 return __copy_to_user(to, from, n);
10132 }
10133
10134 @@ -360,10 +365,14 @@ copy_to_user(void __user *to, const void *from, unsigned long n)
10135 static inline unsigned long __must_check
10136 copy_from_user(void *to, const void __user *from, unsigned long n)
10137 {
10138 - unsigned int sz = __compiletime_object_size(to);
10139 + size_t sz = __compiletime_object_size(to);
10140
10141 might_fault();
10142 - if (unlikely(sz != -1 && sz < n)) {
10143 +
10144 + if ((long)n < 0)
10145 + return n;
10146 +
10147 + if (unlikely(sz != (size_t)-1 && sz < n)) {
10148 if (!__builtin_constant_p(n))
10149 copy_user_overflow(sz, n);
10150 else
10151 diff --git a/arch/s390/kernel/module.c b/arch/s390/kernel/module.c
10152 index fbc0789..e7962a1 100644
10153 --- a/arch/s390/kernel/module.c
10154 +++ b/arch/s390/kernel/module.c
10155 @@ -163,11 +163,11 @@ int module_frob_arch_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs,
10156
10157 /* Increase core size by size of got & plt and set start
10158 offsets for got and plt. */
10159 - me->core_layout.size = ALIGN(me->core_layout.size, 4);
10160 - me->arch.got_offset = me->core_layout.size;
10161 - me->core_layout.size += me->arch.got_size;
10162 - me->arch.plt_offset = me->core_layout.size;
10163 - me->core_layout.size += me->arch.plt_size;
10164 + me->core_layout.size_rw = ALIGN(me->core_layout.size_rw, 4);
10165 + me->arch.got_offset = me->core_layout.size_rw;
10166 + me->core_layout.size_rw += me->arch.got_size;
10167 + me->arch.plt_offset = me->core_layout.size_rx;
10168 + me->core_layout.size_rx += me->arch.plt_size;
10169 return 0;
10170 }
10171
10172 @@ -283,7 +283,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
10173 if (info->got_initialized == 0) {
10174 Elf_Addr *gotent;
10175
10176 - gotent = me->core_layout.base + me->arch.got_offset +
10177 + gotent = me->core_layout.base_rw + me->arch.got_offset +
10178 info->got_offset;
10179 *gotent = val;
10180 info->got_initialized = 1;
10181 @@ -306,7 +306,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
10182 rc = apply_rela_bits(loc, val, 0, 64, 0);
10183 else if (r_type == R_390_GOTENT ||
10184 r_type == R_390_GOTPLTENT) {
10185 - val += (Elf_Addr) me->core_layout.base - loc;
10186 + val += (Elf_Addr) me->core_layout.base_rw - loc;
10187 rc = apply_rela_bits(loc, val, 1, 32, 1);
10188 }
10189 break;
10190 @@ -319,7 +319,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
10191 case R_390_PLTOFF64: /* 16 bit offset from GOT to PLT. */
10192 if (info->plt_initialized == 0) {
10193 unsigned int *ip;
10194 - ip = me->core_layout.base + me->arch.plt_offset +
10195 + ip = me->core_layout.base_rx + me->arch.plt_offset +
10196 info->plt_offset;
10197 ip[0] = 0x0d10e310; /* basr 1,0; lg 1,10(1); br 1 */
10198 ip[1] = 0x100a0004;
10199 @@ -338,7 +338,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
10200 val - loc + 0xffffUL < 0x1ffffeUL) ||
10201 (r_type == R_390_PLT32DBL &&
10202 val - loc + 0xffffffffULL < 0x1fffffffeULL)))
10203 - val = (Elf_Addr) me->core_layout.base +
10204 + val = (Elf_Addr) me->core_layout.base_rx +
10205 me->arch.plt_offset +
10206 info->plt_offset;
10207 val += rela->r_addend - loc;
10208 @@ -360,7 +360,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
10209 case R_390_GOTOFF32: /* 32 bit offset to GOT. */
10210 case R_390_GOTOFF64: /* 64 bit offset to GOT. */
10211 val = val + rela->r_addend -
10212 - ((Elf_Addr) me->core_layout.base + me->arch.got_offset);
10213 + ((Elf_Addr) me->core_layout.base_rw + me->arch.got_offset);
10214 if (r_type == R_390_GOTOFF16)
10215 rc = apply_rela_bits(loc, val, 0, 16, 0);
10216 else if (r_type == R_390_GOTOFF32)
10217 @@ -370,7 +370,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
10218 break;
10219 case R_390_GOTPC: /* 32 bit PC relative offset to GOT. */
10220 case R_390_GOTPCDBL: /* 32 bit PC rel. off. to GOT shifted by 1. */
10221 - val = (Elf_Addr) me->core_layout.base + me->arch.got_offset +
10222 + val = (Elf_Addr) me->core_layout.base_rw + me->arch.got_offset +
10223 rela->r_addend - loc;
10224 if (r_type == R_390_GOTPC)
10225 rc = apply_rela_bits(loc, val, 1, 32, 0);
10226 diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c
10227 index bba4fa7..9c32b3c 100644
10228 --- a/arch/s390/kernel/process.c
10229 +++ b/arch/s390/kernel/process.c
10230 @@ -217,13 +217,6 @@ unsigned long get_wchan(struct task_struct *p)
10231 return 0;
10232 }
10233
10234 -unsigned long arch_align_stack(unsigned long sp)
10235 -{
10236 - if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
10237 - sp -= get_random_int() & ~PAGE_MASK;
10238 - return sp & ~0xf;
10239 -}
10240 -
10241 static inline unsigned long brk_rnd(void)
10242 {
10243 return (get_random_int() & BRK_RND_MASK) << PAGE_SHIFT;
10244 diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c
10245 index eb9df28..7b686ba 100644
10246 --- a/arch/s390/mm/mmap.c
10247 +++ b/arch/s390/mm/mmap.c
10248 @@ -201,9 +201,9 @@ s390_get_unmapped_area(struct file *filp, unsigned long addr,
10249 }
10250
10251 static unsigned long
10252 -s390_get_unmapped_area_topdown(struct file *filp, const unsigned long addr,
10253 - const unsigned long len, const unsigned long pgoff,
10254 - const unsigned long flags)
10255 +s390_get_unmapped_area_topdown(struct file *filp, unsigned long addr,
10256 + unsigned long len, unsigned long pgoff,
10257 + unsigned long flags)
10258 {
10259 struct mm_struct *mm = current->mm;
10260 unsigned long area;
10261 @@ -230,6 +230,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
10262 {
10263 unsigned long random_factor = 0UL;
10264
10265 +#ifdef CONFIG_PAX_RANDMMAP
10266 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
10267 +#endif
10268 +
10269 if (current->flags & PF_RANDOMIZE)
10270 random_factor = arch_mmap_rnd();
10271
10272 @@ -239,9 +243,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
10273 */
10274 if (mmap_is_legacy()) {
10275 mm->mmap_base = mmap_base_legacy(random_factor);
10276 +
10277 +#ifdef CONFIG_PAX_RANDMMAP
10278 + if (mm->pax_flags & MF_PAX_RANDMMAP)
10279 + mm->mmap_base += mm->delta_mmap;
10280 +#endif
10281 +
10282 mm->get_unmapped_area = s390_get_unmapped_area;
10283 } else {
10284 mm->mmap_base = mmap_base(random_factor);
10285 +
10286 +#ifdef CONFIG_PAX_RANDMMAP
10287 + if (mm->pax_flags & MF_PAX_RANDMMAP)
10288 + mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
10289 +#endif
10290 +
10291 mm->get_unmapped_area = s390_get_unmapped_area_topdown;
10292 }
10293 }
10294 diff --git a/arch/score/include/asm/cache.h b/arch/score/include/asm/cache.h
10295 index ae3d59f..f65f075 100644
10296 --- a/arch/score/include/asm/cache.h
10297 +++ b/arch/score/include/asm/cache.h
10298 @@ -1,7 +1,9 @@
10299 #ifndef _ASM_SCORE_CACHE_H
10300 #define _ASM_SCORE_CACHE_H
10301
10302 +#include <linux/const.h>
10303 +
10304 #define L1_CACHE_SHIFT 4
10305 -#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
10306 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
10307
10308 #endif /* _ASM_SCORE_CACHE_H */
10309 diff --git a/arch/score/include/asm/exec.h b/arch/score/include/asm/exec.h
10310 index f9f3cd5..58ff438 100644
10311 --- a/arch/score/include/asm/exec.h
10312 +++ b/arch/score/include/asm/exec.h
10313 @@ -1,6 +1,6 @@
10314 #ifndef _ASM_SCORE_EXEC_H
10315 #define _ASM_SCORE_EXEC_H
10316
10317 -extern unsigned long arch_align_stack(unsigned long sp);
10318 +#define arch_align_stack(x) (x)
10319
10320 #endif /* _ASM_SCORE_EXEC_H */
10321 diff --git a/arch/score/kernel/process.c b/arch/score/kernel/process.c
10322 index aae9480..93e40a4 100644
10323 --- a/arch/score/kernel/process.c
10324 +++ b/arch/score/kernel/process.c
10325 @@ -114,8 +114,3 @@ unsigned long get_wchan(struct task_struct *task)
10326
10327 return task_pt_regs(task)->cp0_epc;
10328 }
10329 -
10330 -unsigned long arch_align_stack(unsigned long sp)
10331 -{
10332 - return sp;
10333 -}
10334 diff --git a/arch/sh/include/asm/cache.h b/arch/sh/include/asm/cache.h
10335 index ef9e555..331bd29 100644
10336 --- a/arch/sh/include/asm/cache.h
10337 +++ b/arch/sh/include/asm/cache.h
10338 @@ -9,10 +9,11 @@
10339 #define __ASM_SH_CACHE_H
10340 #ifdef __KERNEL__
10341
10342 +#include <linux/const.h>
10343 #include <linux/init.h>
10344 #include <cpu/cache.h>
10345
10346 -#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
10347 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
10348
10349 #define __read_mostly __attribute__((__section__(".data..read_mostly")))
10350
10351 diff --git a/arch/sh/mm/mmap.c b/arch/sh/mm/mmap.c
10352 index 6777177..d44b592 100644
10353 --- a/arch/sh/mm/mmap.c
10354 +++ b/arch/sh/mm/mmap.c
10355 @@ -36,6 +36,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
10356 struct mm_struct *mm = current->mm;
10357 struct vm_area_struct *vma;
10358 int do_colour_align;
10359 + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
10360 struct vm_unmapped_area_info info;
10361
10362 if (flags & MAP_FIXED) {
10363 @@ -55,6 +56,10 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
10364 if (filp || (flags & MAP_SHARED))
10365 do_colour_align = 1;
10366
10367 +#ifdef CONFIG_PAX_RANDMMAP
10368 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
10369 +#endif
10370 +
10371 if (addr) {
10372 if (do_colour_align)
10373 addr = COLOUR_ALIGN(addr, pgoff);
10374 @@ -62,14 +67,13 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
10375 addr = PAGE_ALIGN(addr);
10376
10377 vma = find_vma(mm, addr);
10378 - if (TASK_SIZE - len >= addr &&
10379 - (!vma || addr + len <= vma->vm_start))
10380 + if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset))
10381 return addr;
10382 }
10383
10384 info.flags = 0;
10385 info.length = len;
10386 - info.low_limit = TASK_UNMAPPED_BASE;
10387 + info.low_limit = mm->mmap_base;
10388 info.high_limit = TASK_SIZE;
10389 info.align_mask = do_colour_align ? (PAGE_MASK & shm_align_mask) : 0;
10390 info.align_offset = pgoff << PAGE_SHIFT;
10391 @@ -77,14 +81,15 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
10392 }
10393
10394 unsigned long
10395 -arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
10396 - const unsigned long len, const unsigned long pgoff,
10397 - const unsigned long flags)
10398 +arch_get_unmapped_area_topdown(struct file *filp, unsigned long addr0,
10399 + unsigned long len, unsigned long pgoff,
10400 + unsigned long flags)
10401 {
10402 struct vm_area_struct *vma;
10403 struct mm_struct *mm = current->mm;
10404 unsigned long addr = addr0;
10405 int do_colour_align;
10406 + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
10407 struct vm_unmapped_area_info info;
10408
10409 if (flags & MAP_FIXED) {
10410 @@ -104,6 +109,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
10411 if (filp || (flags & MAP_SHARED))
10412 do_colour_align = 1;
10413
10414 +#ifdef CONFIG_PAX_RANDMMAP
10415 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
10416 +#endif
10417 +
10418 /* requesting a specific address */
10419 if (addr) {
10420 if (do_colour_align)
10421 @@ -112,8 +121,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
10422 addr = PAGE_ALIGN(addr);
10423
10424 vma = find_vma(mm, addr);
10425 - if (TASK_SIZE - len >= addr &&
10426 - (!vma || addr + len <= vma->vm_start))
10427 + if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset))
10428 return addr;
10429 }
10430
10431 @@ -135,6 +143,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
10432 VM_BUG_ON(addr != -ENOMEM);
10433 info.flags = 0;
10434 info.low_limit = TASK_UNMAPPED_BASE;
10435 +
10436 +#ifdef CONFIG_PAX_RANDMMAP
10437 + if (mm->pax_flags & MF_PAX_RANDMMAP)
10438 + info.low_limit += mm->delta_mmap;
10439 +#endif
10440 +
10441 info.high_limit = TASK_SIZE;
10442 addr = vm_unmapped_area(&info);
10443 }
10444 diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig
10445 index 59b0960..75a8bcb 100644
10446 --- a/arch/sparc/Kconfig
10447 +++ b/arch/sparc/Kconfig
10448 @@ -39,6 +39,7 @@ config SPARC
10449 select GENERIC_STRNCPY_FROM_USER
10450 select GENERIC_STRNLEN_USER
10451 select MODULES_USE_ELF_RELA
10452 + select HAVE_GCC_PLUGINS
10453 select ODD_RT_SIGACTION
10454 select OLD_SIGSUSPEND
10455 select ARCH_HAS_SG_CHAIN
10456 diff --git a/arch/sparc/include/asm/atomic_64.h b/arch/sparc/include/asm/atomic_64.h
10457 index 24827a3..5dd45ac4 100644
10458 --- a/arch/sparc/include/asm/atomic_64.h
10459 +++ b/arch/sparc/include/asm/atomic_64.h
10460 @@ -15,18 +15,38 @@
10461 #define ATOMIC64_INIT(i) { (i) }
10462
10463 #define atomic_read(v) READ_ONCE((v)->counter)
10464 +static inline int atomic_read_unchecked(const atomic_unchecked_t *v)
10465 +{
10466 + return READ_ONCE(v->counter);
10467 +}
10468 #define atomic64_read(v) READ_ONCE((v)->counter)
10469 +static inline long atomic64_read_unchecked(const atomic64_unchecked_t *v)
10470 +{
10471 + return READ_ONCE(v->counter);
10472 +}
10473
10474 #define atomic_set(v, i) WRITE_ONCE(((v)->counter), (i))
10475 +static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i)
10476 +{
10477 + WRITE_ONCE(v->counter, i);
10478 +}
10479 #define atomic64_set(v, i) WRITE_ONCE(((v)->counter), (i))
10480 +static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, long i)
10481 +{
10482 + WRITE_ONCE(v->counter, i);
10483 +}
10484
10485 -#define ATOMIC_OP(op) \
10486 -void atomic_##op(int, atomic_t *); \
10487 -void atomic64_##op(long, atomic64_t *);
10488 +#define __ATOMIC_OP(op, suffix) \
10489 +void atomic_##op##suffix(int, atomic##suffix##_t *); \
10490 +void atomic64_##op##suffix(long, atomic64##suffix##_t *);
10491
10492 -#define ATOMIC_OP_RETURN(op) \
10493 -int atomic_##op##_return(int, atomic_t *); \
10494 -long atomic64_##op##_return(long, atomic64_t *);
10495 +#define ATOMIC_OP(op) __ATOMIC_OP(op, ) __ATOMIC_OP(op, _unchecked)
10496 +
10497 +#define __ATOMIC_OP_RETURN(op, suffix) \
10498 +int atomic_##op##_return##suffix(int, atomic##suffix##_t *); \
10499 +long atomic64_##op##_return##suffix(long, atomic64##suffix##_t *);
10500 +
10501 +#define ATOMIC_OP_RETURN(op) __ATOMIC_OP_RETURN(op, ) __ATOMIC_OP_RETURN(op, _unchecked)
10502
10503 #define ATOMIC_FETCH_OP(op) \
10504 int atomic_fetch_##op(int, atomic_t *); \
10505 @@ -47,13 +67,23 @@ ATOMIC_OPS(xor)
10506 #undef ATOMIC_OPS
10507 #undef ATOMIC_FETCH_OP
10508 #undef ATOMIC_OP_RETURN
10509 +#undef __ATOMIC_OP_RETURN
10510 #undef ATOMIC_OP
10511 +#undef __ATOMIC_OP
10512
10513 #define atomic_dec_return(v) atomic_sub_return(1, v)
10514 #define atomic64_dec_return(v) atomic64_sub_return(1, v)
10515
10516 #define atomic_inc_return(v) atomic_add_return(1, v)
10517 +static inline int atomic_inc_return_unchecked(atomic_unchecked_t *v)
10518 +{
10519 + return atomic_add_return_unchecked(1, v);
10520 +}
10521 #define atomic64_inc_return(v) atomic64_add_return(1, v)
10522 +static inline long atomic64_inc_return_unchecked(atomic64_unchecked_t *v)
10523 +{
10524 + return atomic64_add_return_unchecked(1, v);
10525 +}
10526
10527 /*
10528 * atomic_inc_and_test - increment and test
10529 @@ -64,6 +94,10 @@ ATOMIC_OPS(xor)
10530 * other cases.
10531 */
10532 #define atomic_inc_and_test(v) (atomic_inc_return(v) == 0)
10533 +static inline int atomic_inc_and_test_unchecked(atomic_unchecked_t *v)
10534 +{
10535 + return atomic_inc_return_unchecked(v) == 0;
10536 +}
10537 #define atomic64_inc_and_test(v) (atomic64_inc_return(v) == 0)
10538
10539 #define atomic_sub_and_test(i, v) (atomic_sub_return(i, v) == 0)
10540 @@ -73,25 +107,60 @@ ATOMIC_OPS(xor)
10541 #define atomic64_dec_and_test(v) (atomic64_sub_return(1, v) == 0)
10542
10543 #define atomic_inc(v) atomic_add(1, v)
10544 +static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
10545 +{
10546 + atomic_add_unchecked(1, v);
10547 +}
10548 #define atomic64_inc(v) atomic64_add(1, v)
10549 +static inline void atomic64_inc_unchecked(atomic64_unchecked_t *v)
10550 +{
10551 + atomic64_add_unchecked(1, v);
10552 +}
10553
10554 #define atomic_dec(v) atomic_sub(1, v)
10555 +static inline void atomic_dec_unchecked(atomic_unchecked_t *v)
10556 +{
10557 + atomic_sub_unchecked(1, v);
10558 +}
10559 #define atomic64_dec(v) atomic64_sub(1, v)
10560 +static inline void atomic64_dec_unchecked(atomic64_unchecked_t *v)
10561 +{
10562 + atomic64_sub_unchecked(1, v);
10563 +}
10564
10565 #define atomic_add_negative(i, v) (atomic_add_return(i, v) < 0)
10566 #define atomic64_add_negative(i, v) (atomic64_add_return(i, v) < 0)
10567
10568 #define atomic_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n)))
10569 +static inline int atomic_cmpxchg_unchecked(atomic_unchecked_t *v, int old, int new)
10570 +{
10571 + return cmpxchg(&v->counter, old, new);
10572 +}
10573 #define atomic_xchg(v, new) (xchg(&((v)->counter), new))
10574 +static inline int atomic_xchg_unchecked(atomic_unchecked_t *v, int new)
10575 +{
10576 + return xchg(&v->counter, new);
10577 +}
10578
10579 static inline int __atomic_add_unless(atomic_t *v, int a, int u)
10580 {
10581 - int c, old;
10582 + int c, old, new;
10583 c = atomic_read(v);
10584 for (;;) {
10585 - if (unlikely(c == (u)))
10586 + if (unlikely(c == u))
10587 break;
10588 - old = atomic_cmpxchg((v), c, c + (a));
10589 +
10590 + asm volatile("addcc %2, %0, %0\n"
10591 +
10592 +#ifdef CONFIG_PAX_REFCOUNT
10593 + "tvs %%icc, 6\n"
10594 +#endif
10595 +
10596 + : "=r" (new)
10597 + : "0" (c), "ir" (a)
10598 + : "cc");
10599 +
10600 + old = atomic_cmpxchg(v, c, new);
10601 if (likely(old == c))
10602 break;
10603 c = old;
10604 @@ -101,21 +170,42 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
10605
10606 #define atomic64_cmpxchg(v, o, n) \
10607 ((__typeof__((v)->counter))cmpxchg(&((v)->counter), (o), (n)))
10608 +static inline long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, long old,
10609 + long new)
10610 +{
10611 + return cmpxchg(&(v->counter), old, new);
10612 +}
10613 +
10614 #define atomic64_xchg(v, new) (xchg(&((v)->counter), new))
10615 +static inline long atomic64_xchg_unchecked(atomic64_unchecked_t *v, long new)
10616 +{
10617 + return xchg(&v->counter, new);
10618 +}
10619
10620 static inline long atomic64_add_unless(atomic64_t *v, long a, long u)
10621 {
10622 - long c, old;
10623 + long c, old, new;
10624 c = atomic64_read(v);
10625 for (;;) {
10626 - if (unlikely(c == (u)))
10627 + if (unlikely(c == u))
10628 break;
10629 - old = atomic64_cmpxchg((v), c, c + (a));
10630 +
10631 + asm volatile("addcc %2, %0, %0\n"
10632 +
10633 +#ifdef CONFIG_PAX_REFCOUNT
10634 + "tvs %%xcc, 6\n"
10635 +#endif
10636 +
10637 + : "=r" (new)
10638 + : "0" (c), "ir" (a)
10639 + : "cc");
10640 +
10641 + old = atomic64_cmpxchg(v, c, new);
10642 if (likely(old == c))
10643 break;
10644 c = old;
10645 }
10646 - return c != (u);
10647 + return c != u;
10648 }
10649
10650 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
10651 diff --git a/arch/sparc/include/asm/cache.h b/arch/sparc/include/asm/cache.h
10652 index 5bb6991..5c2132e 100644
10653 --- a/arch/sparc/include/asm/cache.h
10654 +++ b/arch/sparc/include/asm/cache.h
10655 @@ -7,10 +7,12 @@
10656 #ifndef _SPARC_CACHE_H
10657 #define _SPARC_CACHE_H
10658
10659 +#include <linux/const.h>
10660 +
10661 #define ARCH_SLAB_MINALIGN __alignof__(unsigned long long)
10662
10663 #define L1_CACHE_SHIFT 5
10664 -#define L1_CACHE_BYTES 32
10665 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
10666
10667 #ifdef CONFIG_SPARC32
10668 #define SMP_CACHE_BYTES_SHIFT 5
10669 diff --git a/arch/sparc/include/asm/elf_32.h b/arch/sparc/include/asm/elf_32.h
10670 index a24e41f..47677ff 100644
10671 --- a/arch/sparc/include/asm/elf_32.h
10672 +++ b/arch/sparc/include/asm/elf_32.h
10673 @@ -114,6 +114,13 @@ typedef struct {
10674
10675 #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE)
10676
10677 +#ifdef CONFIG_PAX_ASLR
10678 +#define PAX_ELF_ET_DYN_BASE 0x10000UL
10679 +
10680 +#define PAX_DELTA_MMAP_LEN 16
10681 +#define PAX_DELTA_STACK_LEN 16
10682 +#endif
10683 +
10684 /* This yields a mask that user programs can use to figure out what
10685 instruction set this cpu supports. This can NOT be done in userspace
10686 on Sparc. */
10687 diff --git a/arch/sparc/include/asm/elf_64.h b/arch/sparc/include/asm/elf_64.h
10688 index 9331083..59c0499 100644
10689 --- a/arch/sparc/include/asm/elf_64.h
10690 +++ b/arch/sparc/include/asm/elf_64.h
10691 @@ -190,6 +190,13 @@ typedef struct {
10692 #define ELF_ET_DYN_BASE 0x0000010000000000UL
10693 #define COMPAT_ELF_ET_DYN_BASE 0x0000000070000000UL
10694
10695 +#ifdef CONFIG_PAX_ASLR
10696 +#define PAX_ELF_ET_DYN_BASE (test_thread_flag(TIF_32BIT) ? 0x10000UL : 0x100000UL)
10697 +
10698 +#define PAX_DELTA_MMAP_LEN (test_thread_flag(TIF_32BIT) ? 14 : 28)
10699 +#define PAX_DELTA_STACK_LEN (test_thread_flag(TIF_32BIT) ? 15 : 29)
10700 +#endif
10701 +
10702 extern unsigned long sparc64_elf_hwcap;
10703 #define ELF_HWCAP sparc64_elf_hwcap
10704
10705 diff --git a/arch/sparc/include/asm/pgalloc_32.h b/arch/sparc/include/asm/pgalloc_32.h
10706 index 0346c7e..c5c25b9 100644
10707 --- a/arch/sparc/include/asm/pgalloc_32.h
10708 +++ b/arch/sparc/include/asm/pgalloc_32.h
10709 @@ -35,6 +35,7 @@ static inline void pgd_set(pgd_t * pgdp, pmd_t * pmdp)
10710 }
10711
10712 #define pgd_populate(MM, PGD, PMD) pgd_set(PGD, PMD)
10713 +#define pgd_populate_kernel(MM, PGD, PMD) pgd_populate((MM), (PGD), (PMD))
10714
10715 static inline pmd_t *pmd_alloc_one(struct mm_struct *mm,
10716 unsigned long address)
10717 diff --git a/arch/sparc/include/asm/pgalloc_64.h b/arch/sparc/include/asm/pgalloc_64.h
10718 index 3529f13..d98a28c 100644
10719 --- a/arch/sparc/include/asm/pgalloc_64.h
10720 +++ b/arch/sparc/include/asm/pgalloc_64.h
10721 @@ -21,6 +21,7 @@ static inline void __pgd_populate(pgd_t *pgd, pud_t *pud)
10722 }
10723
10724 #define pgd_populate(MM, PGD, PUD) __pgd_populate(PGD, PUD)
10725 +#define pgd_populate_kernel(MM, PGD, PMD) pgd_populate((MM), (PGD), (PMD))
10726
10727 static inline pgd_t *pgd_alloc(struct mm_struct *mm)
10728 {
10729 @@ -38,6 +39,7 @@ static inline void __pud_populate(pud_t *pud, pmd_t *pmd)
10730 }
10731
10732 #define pud_populate(MM, PUD, PMD) __pud_populate(PUD, PMD)
10733 +#define pud_populate_kernel(MM, PUD, PMD) pud_populate((MM), (PUD), (PMD))
10734
10735 static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr)
10736 {
10737 diff --git a/arch/sparc/include/asm/pgtable.h b/arch/sparc/include/asm/pgtable.h
10738 index 59ba6f6..4518128 100644
10739 --- a/arch/sparc/include/asm/pgtable.h
10740 +++ b/arch/sparc/include/asm/pgtable.h
10741 @@ -5,4 +5,8 @@
10742 #else
10743 #include <asm/pgtable_32.h>
10744 #endif
10745 +
10746 +#define ktla_ktva(addr) (addr)
10747 +#define ktva_ktla(addr) (addr)
10748 +
10749 #endif
10750 diff --git a/arch/sparc/include/asm/pgtable_32.h b/arch/sparc/include/asm/pgtable_32.h
10751 index ce6f569..593b043 100644
10752 --- a/arch/sparc/include/asm/pgtable_32.h
10753 +++ b/arch/sparc/include/asm/pgtable_32.h
10754 @@ -51,6 +51,9 @@ unsigned long __init bootmem_init(unsigned long *pages_avail);
10755 #define PAGE_SHARED SRMMU_PAGE_SHARED
10756 #define PAGE_COPY SRMMU_PAGE_COPY
10757 #define PAGE_READONLY SRMMU_PAGE_RDONLY
10758 +#define PAGE_SHARED_NOEXEC SRMMU_PAGE_SHARED_NOEXEC
10759 +#define PAGE_COPY_NOEXEC SRMMU_PAGE_COPY_NOEXEC
10760 +#define PAGE_READONLY_NOEXEC SRMMU_PAGE_RDONLY_NOEXEC
10761 #define PAGE_KERNEL SRMMU_PAGE_KERNEL
10762
10763 /* Top-level page directory - dummy used by init-mm.
10764 @@ -63,18 +66,18 @@ extern unsigned long ptr_in_current_pgd;
10765
10766 /* xwr */
10767 #define __P000 PAGE_NONE
10768 -#define __P001 PAGE_READONLY
10769 -#define __P010 PAGE_COPY
10770 -#define __P011 PAGE_COPY
10771 +#define __P001 PAGE_READONLY_NOEXEC
10772 +#define __P010 PAGE_COPY_NOEXEC
10773 +#define __P011 PAGE_COPY_NOEXEC
10774 #define __P100 PAGE_READONLY
10775 #define __P101 PAGE_READONLY
10776 #define __P110 PAGE_COPY
10777 #define __P111 PAGE_COPY
10778
10779 #define __S000 PAGE_NONE
10780 -#define __S001 PAGE_READONLY
10781 -#define __S010 PAGE_SHARED
10782 -#define __S011 PAGE_SHARED
10783 +#define __S001 PAGE_READONLY_NOEXEC
10784 +#define __S010 PAGE_SHARED_NOEXEC
10785 +#define __S011 PAGE_SHARED_NOEXEC
10786 #define __S100 PAGE_READONLY
10787 #define __S101 PAGE_READONLY
10788 #define __S110 PAGE_SHARED
10789 diff --git a/arch/sparc/include/asm/pgtsrmmu.h b/arch/sparc/include/asm/pgtsrmmu.h
10790 index ae51a11..eadfd03 100644
10791 --- a/arch/sparc/include/asm/pgtsrmmu.h
10792 +++ b/arch/sparc/include/asm/pgtsrmmu.h
10793 @@ -111,6 +111,11 @@
10794 SRMMU_EXEC | SRMMU_REF)
10795 #define SRMMU_PAGE_RDONLY __pgprot(SRMMU_VALID | SRMMU_CACHE | \
10796 SRMMU_EXEC | SRMMU_REF)
10797 +
10798 +#define SRMMU_PAGE_SHARED_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_WRITE | SRMMU_REF)
10799 +#define SRMMU_PAGE_COPY_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_REF)
10800 +#define SRMMU_PAGE_RDONLY_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_REF)
10801 +
10802 #define SRMMU_PAGE_KERNEL __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_PRIV | \
10803 SRMMU_DIRTY | SRMMU_REF)
10804
10805 diff --git a/arch/sparc/include/asm/setup.h b/arch/sparc/include/asm/setup.h
10806 index 29d64b1..4272fe8 100644
10807 --- a/arch/sparc/include/asm/setup.h
10808 +++ b/arch/sparc/include/asm/setup.h
10809 @@ -55,8 +55,8 @@ int handle_ldf_stq(u32 insn, struct pt_regs *regs);
10810 void handle_ld_nf(u32 insn, struct pt_regs *regs);
10811
10812 /* init_64.c */
10813 -extern atomic_t dcpage_flushes;
10814 -extern atomic_t dcpage_flushes_xcall;
10815 +extern atomic_unchecked_t dcpage_flushes;
10816 +extern atomic_unchecked_t dcpage_flushes_xcall;
10817
10818 extern int sysctl_tsb_ratio;
10819 #endif
10820 diff --git a/arch/sparc/include/asm/spinlock_64.h b/arch/sparc/include/asm/spinlock_64.h
10821 index 87990b7..352fff0 100644
10822 --- a/arch/sparc/include/asm/spinlock_64.h
10823 +++ b/arch/sparc/include/asm/spinlock_64.h
10824 @@ -96,14 +96,19 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *lock, unsigned long fla
10825
10826 /* Multi-reader locks, these are much saner than the 32-bit Sparc ones... */
10827
10828 -static void inline arch_read_lock(arch_rwlock_t *lock)
10829 +static inline void arch_read_lock(arch_rwlock_t *lock)
10830 {
10831 unsigned long tmp1, tmp2;
10832
10833 __asm__ __volatile__ (
10834 "1: ldsw [%2], %0\n"
10835 " brlz,pn %0, 2f\n"
10836 -"4: add %0, 1, %1\n"
10837 +"4: addcc %0, 1, %1\n"
10838 +
10839 +#ifdef CONFIG_PAX_REFCOUNT
10840 +" tvs %%icc, 6\n"
10841 +#endif
10842 +
10843 " cas [%2], %0, %1\n"
10844 " cmp %0, %1\n"
10845 " bne,pn %%icc, 1b\n"
10846 @@ -116,10 +121,10 @@ static void inline arch_read_lock(arch_rwlock_t *lock)
10847 " .previous"
10848 : "=&r" (tmp1), "=&r" (tmp2)
10849 : "r" (lock)
10850 - : "memory");
10851 + : "memory", "cc");
10852 }
10853
10854 -static int inline arch_read_trylock(arch_rwlock_t *lock)
10855 +static inline int arch_read_trylock(arch_rwlock_t *lock)
10856 {
10857 int tmp1, tmp2;
10858
10859 @@ -127,7 +132,12 @@ static int inline arch_read_trylock(arch_rwlock_t *lock)
10860 "1: ldsw [%2], %0\n"
10861 " brlz,a,pn %0, 2f\n"
10862 " mov 0, %0\n"
10863 -" add %0, 1, %1\n"
10864 +" addcc %0, 1, %1\n"
10865 +
10866 +#ifdef CONFIG_PAX_REFCOUNT
10867 +" tvs %%icc, 6\n"
10868 +#endif
10869 +
10870 " cas [%2], %0, %1\n"
10871 " cmp %0, %1\n"
10872 " bne,pn %%icc, 1b\n"
10873 @@ -140,13 +150,18 @@ static int inline arch_read_trylock(arch_rwlock_t *lock)
10874 return tmp1;
10875 }
10876
10877 -static void inline arch_read_unlock(arch_rwlock_t *lock)
10878 +static inline void arch_read_unlock(arch_rwlock_t *lock)
10879 {
10880 unsigned long tmp1, tmp2;
10881
10882 __asm__ __volatile__(
10883 "1: lduw [%2], %0\n"
10884 -" sub %0, 1, %1\n"
10885 +" subcc %0, 1, %1\n"
10886 +
10887 +#ifdef CONFIG_PAX_REFCOUNT
10888 +" tvs %%icc, 6\n"
10889 +#endif
10890 +
10891 " cas [%2], %0, %1\n"
10892 " cmp %0, %1\n"
10893 " bne,pn %%xcc, 1b\n"
10894 @@ -156,7 +171,7 @@ static void inline arch_read_unlock(arch_rwlock_t *lock)
10895 : "memory");
10896 }
10897
10898 -static void inline arch_write_lock(arch_rwlock_t *lock)
10899 +static inline void arch_write_lock(arch_rwlock_t *lock)
10900 {
10901 unsigned long mask, tmp1, tmp2;
10902
10903 @@ -181,7 +196,7 @@ static void inline arch_write_lock(arch_rwlock_t *lock)
10904 : "memory");
10905 }
10906
10907 -static void inline arch_write_unlock(arch_rwlock_t *lock)
10908 +static inline void arch_write_unlock(arch_rwlock_t *lock)
10909 {
10910 __asm__ __volatile__(
10911 " stw %%g0, [%0]"
10912 @@ -190,7 +205,7 @@ static void inline arch_write_unlock(arch_rwlock_t *lock)
10913 : "memory");
10914 }
10915
10916 -static int inline arch_write_trylock(arch_rwlock_t *lock)
10917 +static inline int arch_write_trylock(arch_rwlock_t *lock)
10918 {
10919 unsigned long mask, tmp1, tmp2, result;
10920
10921 diff --git a/arch/sparc/include/asm/thread_info_32.h b/arch/sparc/include/asm/thread_info_32.h
10922 index 229475f..2fca9163 100644
10923 --- a/arch/sparc/include/asm/thread_info_32.h
10924 +++ b/arch/sparc/include/asm/thread_info_32.h
10925 @@ -48,6 +48,7 @@ struct thread_info {
10926 struct reg_window32 reg_window[NSWINS]; /* align for ldd! */
10927 unsigned long rwbuf_stkptrs[NSWINS];
10928 unsigned long w_saved;
10929 + unsigned long lowest_stack;
10930 };
10931
10932 /*
10933 diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h
10934 index 3d7b925..493ce82 100644
10935 --- a/arch/sparc/include/asm/thread_info_64.h
10936 +++ b/arch/sparc/include/asm/thread_info_64.h
10937 @@ -59,6 +59,8 @@ struct thread_info {
10938 struct pt_regs *kern_una_regs;
10939 unsigned int kern_una_insn;
10940
10941 + unsigned long lowest_stack;
10942 +
10943 unsigned long fpregs[(7 * 256) / sizeof(unsigned long)]
10944 __attribute__ ((aligned(64)));
10945 };
10946 @@ -180,12 +182,13 @@ register struct thread_info *current_thread_info_reg asm("g6");
10947 #define TIF_NEED_RESCHED 3 /* rescheduling necessary */
10948 /* flag bit 4 is available */
10949 #define TIF_UNALIGNED 5 /* allowed to do unaligned accesses */
10950 -/* flag bit 6 is available */
10951 +#define TIF_GRSEC_SETXID 6 /* update credentials on syscall entry/exit */
10952 #define TIF_32BIT 7 /* 32-bit binary */
10953 #define TIF_NOHZ 8 /* in adaptive nohz mode */
10954 #define TIF_SECCOMP 9 /* secure computing */
10955 #define TIF_SYSCALL_AUDIT 10 /* syscall auditing active */
10956 #define TIF_SYSCALL_TRACEPOINT 11 /* syscall tracepoint instrumentation */
10957 +
10958 /* NOTE: Thread flags >= 12 should be ones we have no interest
10959 * in using in assembly, else we can't use the mask as
10960 * an immediate value in instructions such as andcc.
10961 @@ -205,12 +208,17 @@ register struct thread_info *current_thread_info_reg asm("g6");
10962 #define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT)
10963 #define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT)
10964 #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
10965 +#define _TIF_GRSEC_SETXID (1<<TIF_GRSEC_SETXID)
10966
10967 #define _TIF_USER_WORK_MASK ((0xff << TI_FLAG_WSAVED_SHIFT) | \
10968 _TIF_DO_NOTIFY_RESUME_MASK | \
10969 _TIF_NEED_RESCHED)
10970 #define _TIF_DO_NOTIFY_RESUME_MASK (_TIF_NOTIFY_RESUME | _TIF_SIGPENDING)
10971
10972 +#define _TIF_WORK_SYSCALL \
10973 + (_TIF_SYSCALL_TRACE | _TIF_SECCOMP | _TIF_SYSCALL_AUDIT | \
10974 + _TIF_SYSCALL_TRACEPOINT | _TIF_NOHZ | _TIF_GRSEC_SETXID)
10975 +
10976 #define is_32bit_task() (test_thread_flag(TIF_32BIT))
10977
10978 /*
10979 diff --git a/arch/sparc/include/asm/uaccess.h b/arch/sparc/include/asm/uaccess.h
10980 index bd56c28..4b63d83 100644
10981 --- a/arch/sparc/include/asm/uaccess.h
10982 +++ b/arch/sparc/include/asm/uaccess.h
10983 @@ -1,5 +1,6 @@
10984 #ifndef ___ASM_SPARC_UACCESS_H
10985 #define ___ASM_SPARC_UACCESS_H
10986 +
10987 #if defined(__sparc__) && defined(__arch64__)
10988 #include <asm/uaccess_64.h>
10989 #else
10990 diff --git a/arch/sparc/include/asm/uaccess_32.h b/arch/sparc/include/asm/uaccess_32.h
10991 index ea55f86..dbf15cf 100644
10992 --- a/arch/sparc/include/asm/uaccess_32.h
10993 +++ b/arch/sparc/include/asm/uaccess_32.h
10994 @@ -47,6 +47,7 @@
10995 #define __user_ok(addr, size) ({ (void)(size); (addr) < STACK_TOP; })
10996 #define __kernel_ok (segment_eq(get_fs(), KERNEL_DS))
10997 #define __access_ok(addr, size) (__user_ok((addr) & get_fs().seg, (size)))
10998 +#define access_ok_noprefault(type, addr, size) access_ok((type), (addr), (size))
10999 #define access_ok(type, addr, size) \
11000 ({ (void)(type); __access_ok((unsigned long)(addr), size); })
11001
11002 @@ -248,6 +249,9 @@ unsigned long __copy_user(void __user *to, const void __user *from, unsigned lon
11003
11004 static inline unsigned long copy_to_user(void __user *to, const void *from, unsigned long n)
11005 {
11006 + if ((long)n < 0)
11007 + return n;
11008 +
11009 if (n && __access_ok((unsigned long) to, n)) {
11010 check_object_size(from, n, true);
11011 return __copy_user(to, (__force void __user *) from, n);
11012 @@ -257,12 +261,18 @@ static inline unsigned long copy_to_user(void __user *to, const void *from, unsi
11013
11014 static inline unsigned long __copy_to_user(void __user *to, const void *from, unsigned long n)
11015 {
11016 + if ((long)n < 0)
11017 + return n;
11018 +
11019 check_object_size(from, n, true);
11020 return __copy_user(to, (__force void __user *) from, n);
11021 }
11022
11023 static inline unsigned long copy_from_user(void *to, const void __user *from, unsigned long n)
11024 {
11025 + if ((long)n < 0)
11026 + return n;
11027 +
11028 if (n && __access_ok((unsigned long) from, n)) {
11029 check_object_size(to, n, false);
11030 return __copy_user((__force void __user *) to, from, n);
11031 @@ -274,6 +284,9 @@ static inline unsigned long copy_from_user(void *to, const void __user *from, un
11032
11033 static inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n)
11034 {
11035 + if ((long)n < 0)
11036 + return n;
11037 +
11038 return __copy_user((__force void __user *) to, from, n);
11039 }
11040
11041 diff --git a/arch/sparc/include/asm/uaccess_64.h b/arch/sparc/include/asm/uaccess_64.h
11042 index 37a315d..75ce910 100644
11043 --- a/arch/sparc/include/asm/uaccess_64.h
11044 +++ b/arch/sparc/include/asm/uaccess_64.h
11045 @@ -10,6 +10,7 @@
11046 #include <linux/compiler.h>
11047 #include <linux/string.h>
11048 #include <linux/thread_info.h>
11049 +#include <linux/kernel.h>
11050 #include <asm/asi.h>
11051 #include <asm/spitfire.h>
11052 #include <asm-generic/uaccess-unaligned.h>
11053 @@ -76,6 +77,11 @@ static inline int __access_ok(const void __user * addr, unsigned long size)
11054 return 1;
11055 }
11056
11057 +static inline int access_ok_noprefault(int type, const void __user * addr, unsigned long size)
11058 +{
11059 + return 1;
11060 +}
11061 +
11062 static inline int access_ok(int type, const void __user * addr, unsigned long size)
11063 {
11064 return 1;
11065 @@ -212,6 +218,9 @@ copy_from_user(void *to, const void __user *from, unsigned long size)
11066 {
11067 unsigned long ret;
11068
11069 + if ((long)size < 0 || size > INT_MAX)
11070 + return size;
11071 +
11072 check_object_size(to, size, false);
11073
11074 ret = ___copy_from_user(to, from, size);
11075 @@ -232,6 +241,9 @@ copy_to_user(void __user *to, const void *from, unsigned long size)
11076 {
11077 unsigned long ret;
11078
11079 + if ((long)size < 0 || size > INT_MAX)
11080 + return size;
11081 +
11082 check_object_size(from, size, true);
11083
11084 ret = ___copy_to_user(to, from, size);
11085 diff --git a/arch/sparc/kernel/Makefile b/arch/sparc/kernel/Makefile
11086 index fdb1332..1b10f89 100644
11087 --- a/arch/sparc/kernel/Makefile
11088 +++ b/arch/sparc/kernel/Makefile
11089 @@ -4,7 +4,7 @@
11090 #
11091
11092 asflags-y := -ansi
11093 -ccflags-y := -Werror
11094 +#ccflags-y := -Werror
11095
11096 extra-y := head_$(BITS).o
11097
11098 diff --git a/arch/sparc/kernel/process_32.c b/arch/sparc/kernel/process_32.c
11099 index b7780a5..28315f0 100644
11100 --- a/arch/sparc/kernel/process_32.c
11101 +++ b/arch/sparc/kernel/process_32.c
11102 @@ -123,14 +123,14 @@ void show_regs(struct pt_regs *r)
11103
11104 printk("PSR: %08lx PC: %08lx NPC: %08lx Y: %08lx %s\n",
11105 r->psr, r->pc, r->npc, r->y, print_tainted());
11106 - printk("PC: <%pS>\n", (void *) r->pc);
11107 + printk("PC: <%pA>\n", (void *) r->pc);
11108 printk("%%G: %08lx %08lx %08lx %08lx %08lx %08lx %08lx %08lx\n",
11109 r->u_regs[0], r->u_regs[1], r->u_regs[2], r->u_regs[3],
11110 r->u_regs[4], r->u_regs[5], r->u_regs[6], r->u_regs[7]);
11111 printk("%%O: %08lx %08lx %08lx %08lx %08lx %08lx %08lx %08lx\n",
11112 r->u_regs[8], r->u_regs[9], r->u_regs[10], r->u_regs[11],
11113 r->u_regs[12], r->u_regs[13], r->u_regs[14], r->u_regs[15]);
11114 - printk("RPC: <%pS>\n", (void *) r->u_regs[15]);
11115 + printk("RPC: <%pA>\n", (void *) r->u_regs[15]);
11116
11117 printk("%%L: %08lx %08lx %08lx %08lx %08lx %08lx %08lx %08lx\n",
11118 rw->locals[0], rw->locals[1], rw->locals[2], rw->locals[3],
11119 @@ -167,7 +167,7 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp)
11120 rw = (struct reg_window32 *) fp;
11121 pc = rw->ins[7];
11122 printk("[%08lx : ", pc);
11123 - printk("%pS ] ", (void *) pc);
11124 + printk("%pA ] ", (void *) pc);
11125 fp = rw->ins[6];
11126 } while (++count < 16);
11127 printk("\n");
11128 diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c
11129 index fa14402..b2a7408 100644
11130 --- a/arch/sparc/kernel/process_64.c
11131 +++ b/arch/sparc/kernel/process_64.c
11132 @@ -161,7 +161,7 @@ static void show_regwindow(struct pt_regs *regs)
11133 printk("i4: %016lx i5: %016lx i6: %016lx i7: %016lx\n",
11134 rwk->ins[4], rwk->ins[5], rwk->ins[6], rwk->ins[7]);
11135 if (regs->tstate & TSTATE_PRIV)
11136 - printk("I7: <%pS>\n", (void *) rwk->ins[7]);
11137 + printk("I7: <%pA>\n", (void *) rwk->ins[7]);
11138 }
11139
11140 void show_regs(struct pt_regs *regs)
11141 @@ -170,7 +170,7 @@ void show_regs(struct pt_regs *regs)
11142
11143 printk("TSTATE: %016lx TPC: %016lx TNPC: %016lx Y: %08x %s\n", regs->tstate,
11144 regs->tpc, regs->tnpc, regs->y, print_tainted());
11145 - printk("TPC: <%pS>\n", (void *) regs->tpc);
11146 + printk("TPC: <%pA>\n", (void *) regs->tpc);
11147 printk("g0: %016lx g1: %016lx g2: %016lx g3: %016lx\n",
11148 regs->u_regs[0], regs->u_regs[1], regs->u_regs[2],
11149 regs->u_regs[3]);
11150 @@ -183,7 +183,7 @@ void show_regs(struct pt_regs *regs)
11151 printk("o4: %016lx o5: %016lx sp: %016lx ret_pc: %016lx\n",
11152 regs->u_regs[12], regs->u_regs[13], regs->u_regs[14],
11153 regs->u_regs[15]);
11154 - printk("RPC: <%pS>\n", (void *) regs->u_regs[15]);
11155 + printk("RPC: <%pA>\n", (void *) regs->u_regs[15]);
11156 show_regwindow(regs);
11157 show_stack(current, (unsigned long *) regs->u_regs[UREG_FP]);
11158 }
11159 @@ -278,7 +278,7 @@ void arch_trigger_all_cpu_backtrace(bool include_self)
11160 ((tp && tp->task) ? tp->task->pid : -1));
11161
11162 if (gp->tstate & TSTATE_PRIV) {
11163 - printk(" TPC[%pS] O7[%pS] I7[%pS] RPC[%pS]\n",
11164 + printk(" TPC[%pA] O7[%pA] I7[%pA] RPC[%pA]\n",
11165 (void *) gp->tpc,
11166 (void *) gp->o7,
11167 (void *) gp->i7,
11168 diff --git a/arch/sparc/kernel/prom_common.c b/arch/sparc/kernel/prom_common.c
11169 index 79cc0d1..46d6233 100644
11170 --- a/arch/sparc/kernel/prom_common.c
11171 +++ b/arch/sparc/kernel/prom_common.c
11172 @@ -144,7 +144,7 @@ static int __init prom_common_nextprop(phandle node, char *prev, char *buf)
11173
11174 unsigned int prom_early_allocated __initdata;
11175
11176 -static struct of_pdt_ops prom_sparc_ops __initdata = {
11177 +static const struct of_pdt_ops prom_sparc_ops __initconst = {
11178 .nextprop = prom_common_nextprop,
11179 .getproplen = prom_getproplen,
11180 .getproperty = prom_getproperty,
11181 diff --git a/arch/sparc/kernel/ptrace_64.c b/arch/sparc/kernel/ptrace_64.c
11182 index 9ddc492..27a5619 100644
11183 --- a/arch/sparc/kernel/ptrace_64.c
11184 +++ b/arch/sparc/kernel/ptrace_64.c
11185 @@ -1060,6 +1060,10 @@ long arch_ptrace(struct task_struct *child, long request,
11186 return ret;
11187 }
11188
11189 +#ifdef CONFIG_GRKERNSEC_SETXID
11190 +extern void gr_delayed_cred_worker(void);
11191 +#endif
11192 +
11193 asmlinkage int syscall_trace_enter(struct pt_regs *regs)
11194 {
11195 int ret = 0;
11196 @@ -1070,6 +1074,11 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs)
11197 if (test_thread_flag(TIF_NOHZ))
11198 user_exit();
11199
11200 +#ifdef CONFIG_GRKERNSEC_SETXID
11201 + if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID)))
11202 + gr_delayed_cred_worker();
11203 +#endif
11204 +
11205 if (test_thread_flag(TIF_SYSCALL_TRACE))
11206 ret = tracehook_report_syscall_entry(regs);
11207
11208 @@ -1088,6 +1097,11 @@ asmlinkage void syscall_trace_leave(struct pt_regs *regs)
11209 if (test_thread_flag(TIF_NOHZ))
11210 user_exit();
11211
11212 +#ifdef CONFIG_GRKERNSEC_SETXID
11213 + if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID)))
11214 + gr_delayed_cred_worker();
11215 +#endif
11216 +
11217 audit_syscall_exit(regs);
11218
11219 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
11220 diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c
11221 index d3035ba..40683bd 100644
11222 --- a/arch/sparc/kernel/smp_64.c
11223 +++ b/arch/sparc/kernel/smp_64.c
11224 @@ -891,7 +891,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu)
11225 return;
11226
11227 #ifdef CONFIG_DEBUG_DCFLUSH
11228 - atomic_inc(&dcpage_flushes);
11229 + atomic_inc_unchecked(&dcpage_flushes);
11230 #endif
11231
11232 this_cpu = get_cpu();
11233 @@ -915,7 +915,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu)
11234 xcall_deliver(data0, __pa(pg_addr),
11235 (u64) pg_addr, cpumask_of(cpu));
11236 #ifdef CONFIG_DEBUG_DCFLUSH
11237 - atomic_inc(&dcpage_flushes_xcall);
11238 + atomic_inc_unchecked(&dcpage_flushes_xcall);
11239 #endif
11240 }
11241 }
11242 @@ -934,7 +934,7 @@ void flush_dcache_page_all(struct mm_struct *mm, struct page *page)
11243 preempt_disable();
11244
11245 #ifdef CONFIG_DEBUG_DCFLUSH
11246 - atomic_inc(&dcpage_flushes);
11247 + atomic_inc_unchecked(&dcpage_flushes);
11248 #endif
11249 data0 = 0;
11250 pg_addr = page_address(page);
11251 @@ -951,7 +951,7 @@ void flush_dcache_page_all(struct mm_struct *mm, struct page *page)
11252 xcall_deliver(data0, __pa(pg_addr),
11253 (u64) pg_addr, cpu_online_mask);
11254 #ifdef CONFIG_DEBUG_DCFLUSH
11255 - atomic_inc(&dcpage_flushes_xcall);
11256 + atomic_inc_unchecked(&dcpage_flushes_xcall);
11257 #endif
11258 }
11259 __local_flush_dcache_page(page);
11260 diff --git a/arch/sparc/kernel/sys_sparc_32.c b/arch/sparc/kernel/sys_sparc_32.c
11261 index 646988d..b88905f 100644
11262 --- a/arch/sparc/kernel/sys_sparc_32.c
11263 +++ b/arch/sparc/kernel/sys_sparc_32.c
11264 @@ -54,7 +54,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
11265 if (len > TASK_SIZE - PAGE_SIZE)
11266 return -ENOMEM;
11267 if (!addr)
11268 - addr = TASK_UNMAPPED_BASE;
11269 + addr = current->mm->mmap_base;
11270
11271 info.flags = 0;
11272 info.length = len;
11273 diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c
11274 index fe8b8ee..3f17a96 100644
11275 --- a/arch/sparc/kernel/sys_sparc_64.c
11276 +++ b/arch/sparc/kernel/sys_sparc_64.c
11277 @@ -89,13 +89,14 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
11278 struct vm_area_struct * vma;
11279 unsigned long task_size = TASK_SIZE;
11280 int do_color_align;
11281 + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
11282 struct vm_unmapped_area_info info;
11283
11284 if (flags & MAP_FIXED) {
11285 /* We do not accept a shared mapping if it would violate
11286 * cache aliasing constraints.
11287 */
11288 - if ((flags & MAP_SHARED) &&
11289 + if ((filp || (flags & MAP_SHARED)) &&
11290 ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1)))
11291 return -EINVAL;
11292 return addr;
11293 @@ -110,6 +111,10 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
11294 if (filp || (flags & MAP_SHARED))
11295 do_color_align = 1;
11296
11297 +#ifdef CONFIG_PAX_RANDMMAP
11298 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
11299 +#endif
11300 +
11301 if (addr) {
11302 if (do_color_align)
11303 addr = COLOR_ALIGN(addr, pgoff);
11304 @@ -117,22 +122,28 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
11305 addr = PAGE_ALIGN(addr);
11306
11307 vma = find_vma(mm, addr);
11308 - if (task_size - len >= addr &&
11309 - (!vma || addr + len <= vma->vm_start))
11310 + if (task_size - len >= addr && check_heap_stack_gap(vma, addr, len, offset))
11311 return addr;
11312 }
11313
11314 info.flags = 0;
11315 info.length = len;
11316 - info.low_limit = TASK_UNMAPPED_BASE;
11317 + info.low_limit = mm->mmap_base;
11318 info.high_limit = min(task_size, VA_EXCLUDE_START);
11319 info.align_mask = do_color_align ? (PAGE_MASK & (SHMLBA - 1)) : 0;
11320 info.align_offset = pgoff << PAGE_SHIFT;
11321 + info.threadstack_offset = offset;
11322 addr = vm_unmapped_area(&info);
11323
11324 if ((addr & ~PAGE_MASK) && task_size > VA_EXCLUDE_END) {
11325 VM_BUG_ON(addr != -ENOMEM);
11326 info.low_limit = VA_EXCLUDE_END;
11327 +
11328 +#ifdef CONFIG_PAX_RANDMMAP
11329 + if (mm->pax_flags & MF_PAX_RANDMMAP)
11330 + info.low_limit += mm->delta_mmap;
11331 +#endif
11332 +
11333 info.high_limit = task_size;
11334 addr = vm_unmapped_area(&info);
11335 }
11336 @@ -141,15 +152,16 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
11337 }
11338
11339 unsigned long
11340 -arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
11341 - const unsigned long len, const unsigned long pgoff,
11342 - const unsigned long flags)
11343 +arch_get_unmapped_area_topdown(struct file *filp, unsigned long addr0,
11344 + unsigned long len, unsigned long pgoff,
11345 + unsigned long flags)
11346 {
11347 struct vm_area_struct *vma;
11348 struct mm_struct *mm = current->mm;
11349 unsigned long task_size = STACK_TOP32;
11350 unsigned long addr = addr0;
11351 int do_color_align;
11352 + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
11353 struct vm_unmapped_area_info info;
11354
11355 /* This should only ever run for 32-bit processes. */
11356 @@ -159,7 +171,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
11357 /* We do not accept a shared mapping if it would violate
11358 * cache aliasing constraints.
11359 */
11360 - if ((flags & MAP_SHARED) &&
11361 + if ((filp || (flags & MAP_SHARED)) &&
11362 ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1)))
11363 return -EINVAL;
11364 return addr;
11365 @@ -172,6 +184,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
11366 if (filp || (flags & MAP_SHARED))
11367 do_color_align = 1;
11368
11369 +#ifdef CONFIG_PAX_RANDMMAP
11370 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
11371 +#endif
11372 +
11373 /* requesting a specific address */
11374 if (addr) {
11375 if (do_color_align)
11376 @@ -180,8 +196,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
11377 addr = PAGE_ALIGN(addr);
11378
11379 vma = find_vma(mm, addr);
11380 - if (task_size - len >= addr &&
11381 - (!vma || addr + len <= vma->vm_start))
11382 + if (task_size - len >= addr && check_heap_stack_gap(vma, addr, len, offset))
11383 return addr;
11384 }
11385
11386 @@ -191,6 +206,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
11387 info.high_limit = mm->mmap_base;
11388 info.align_mask = do_color_align ? (PAGE_MASK & (SHMLBA - 1)) : 0;
11389 info.align_offset = pgoff << PAGE_SHIFT;
11390 + info.threadstack_offset = offset;
11391 addr = vm_unmapped_area(&info);
11392
11393 /*
11394 @@ -203,6 +219,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
11395 VM_BUG_ON(addr != -ENOMEM);
11396 info.flags = 0;
11397 info.low_limit = TASK_UNMAPPED_BASE;
11398 +
11399 +#ifdef CONFIG_PAX_RANDMMAP
11400 + if (mm->pax_flags & MF_PAX_RANDMMAP)
11401 + info.low_limit += mm->delta_mmap;
11402 +#endif
11403 +
11404 info.high_limit = STACK_TOP32;
11405 addr = vm_unmapped_area(&info);
11406 }
11407 @@ -259,10 +281,14 @@ unsigned long get_fb_unmapped_area(struct file *filp, unsigned long orig_addr, u
11408 EXPORT_SYMBOL(get_fb_unmapped_area);
11409
11410 /* Essentially the same as PowerPC. */
11411 -static unsigned long mmap_rnd(void)
11412 +static unsigned long mmap_rnd(struct mm_struct *mm)
11413 {
11414 unsigned long rnd = 0UL;
11415
11416 +#ifdef CONFIG_PAX_RANDMMAP
11417 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
11418 +#endif
11419 +
11420 if (current->flags & PF_RANDOMIZE) {
11421 unsigned long val = get_random_long();
11422 if (test_thread_flag(TIF_32BIT))
11423 @@ -275,7 +301,7 @@ static unsigned long mmap_rnd(void)
11424
11425 void arch_pick_mmap_layout(struct mm_struct *mm)
11426 {
11427 - unsigned long random_factor = mmap_rnd();
11428 + unsigned long random_factor = mmap_rnd(mm);
11429 unsigned long gap;
11430
11431 /*
11432 @@ -288,6 +314,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
11433 gap == RLIM_INFINITY ||
11434 sysctl_legacy_va_layout) {
11435 mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
11436 +
11437 +#ifdef CONFIG_PAX_RANDMMAP
11438 + if (mm->pax_flags & MF_PAX_RANDMMAP)
11439 + mm->mmap_base += mm->delta_mmap;
11440 +#endif
11441 +
11442 mm->get_unmapped_area = arch_get_unmapped_area;
11443 } else {
11444 /* We know it's 32-bit */
11445 @@ -299,6 +331,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
11446 gap = (task_size / 6 * 5);
11447
11448 mm->mmap_base = PAGE_ALIGN(task_size - gap - random_factor);
11449 +
11450 +#ifdef CONFIG_PAX_RANDMMAP
11451 + if (mm->pax_flags & MF_PAX_RANDMMAP)
11452 + mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
11453 +#endif
11454 +
11455 mm->get_unmapped_area = arch_get_unmapped_area_topdown;
11456 }
11457 }
11458 diff --git a/arch/sparc/kernel/syscalls.S b/arch/sparc/kernel/syscalls.S
11459 index c4a1b5c..c5e0ef3 100644
11460 --- a/arch/sparc/kernel/syscalls.S
11461 +++ b/arch/sparc/kernel/syscalls.S
11462 @@ -62,7 +62,7 @@ sys32_rt_sigreturn:
11463 #endif
11464 .align 32
11465 1: ldx [%g6 + TI_FLAGS], %l5
11466 - andcc %l5, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT|_TIF_NOHZ), %g0
11467 + andcc %l5, _TIF_WORK_SYSCALL, %g0
11468 be,pt %icc, rtrap
11469 nop
11470 call syscall_trace_leave
11471 @@ -230,7 +230,7 @@ linux_sparc_syscall32:
11472
11473 srl %i3, 0, %o3 ! IEU0
11474 srl %i2, 0, %o2 ! IEU0 Group
11475 - andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT|_TIF_NOHZ), %g0
11476 + andcc %l0, _TIF_WORK_SYSCALL, %g0
11477 bne,pn %icc, linux_syscall_trace32 ! CTI
11478 mov %i0, %l5 ! IEU1
11479 5: call %l7 ! CTI Group brk forced
11480 @@ -254,7 +254,7 @@ linux_sparc_syscall:
11481
11482 mov %i3, %o3 ! IEU1
11483 mov %i4, %o4 ! IEU0 Group
11484 - andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT|_TIF_NOHZ), %g0
11485 + andcc %l0, _TIF_WORK_SYSCALL, %g0
11486 bne,pn %icc, linux_syscall_trace ! CTI Group
11487 mov %i0, %l5 ! IEU0
11488 2: call %l7 ! CTI Group brk forced
11489 @@ -269,7 +269,7 @@ ret_sys_call:
11490
11491 cmp %o0, -ERESTART_RESTARTBLOCK
11492 bgeu,pn %xcc, 1f
11493 - andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT|_TIF_NOHZ), %g0
11494 + andcc %l0, _TIF_WORK_SYSCALL, %g0
11495 ldx [%sp + PTREGS_OFF + PT_V9_TNPC], %l1 ! pc = npc
11496
11497 2:
11498 diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c
11499 index 4f21df7..0a374da 100644
11500 --- a/arch/sparc/kernel/traps_32.c
11501 +++ b/arch/sparc/kernel/traps_32.c
11502 @@ -44,6 +44,8 @@ static void instruction_dump(unsigned long *pc)
11503 #define __SAVE __asm__ __volatile__("save %sp, -0x40, %sp\n\t")
11504 #define __RESTORE __asm__ __volatile__("restore %g0, %g0, %g0\n\t")
11505
11506 +extern void gr_handle_kernel_exploit(void);
11507 +
11508 void __noreturn die_if_kernel(char *str, struct pt_regs *regs)
11509 {
11510 static int die_counter;
11511 @@ -76,15 +78,17 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs)
11512 count++ < 30 &&
11513 (((unsigned long) rw) >= PAGE_OFFSET) &&
11514 !(((unsigned long) rw) & 0x7)) {
11515 - printk("Caller[%08lx]: %pS\n", rw->ins[7],
11516 + printk("Caller[%08lx]: %pA\n", rw->ins[7],
11517 (void *) rw->ins[7]);
11518 rw = (struct reg_window32 *)rw->ins[6];
11519 }
11520 }
11521 printk("Instruction DUMP:");
11522 instruction_dump ((unsigned long *) regs->pc);
11523 - if(regs->psr & PSR_PS)
11524 + if(regs->psr & PSR_PS) {
11525 + gr_handle_kernel_exploit();
11526 do_exit(SIGKILL);
11527 + }
11528 do_exit(SIGSEGV);
11529 }
11530
11531 diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c
11532 index d21cd62..4e2ca86 100644
11533 --- a/arch/sparc/kernel/traps_64.c
11534 +++ b/arch/sparc/kernel/traps_64.c
11535 @@ -79,7 +79,7 @@ static void dump_tl1_traplog(struct tl1_traplog *p)
11536 i + 1,
11537 p->trapstack[i].tstate, p->trapstack[i].tpc,
11538 p->trapstack[i].tnpc, p->trapstack[i].tt);
11539 - printk("TRAPLOG: TPC<%pS>\n", (void *) p->trapstack[i].tpc);
11540 + printk("TRAPLOG: TPC<%pA>\n", (void *) p->trapstack[i].tpc);
11541 }
11542 }
11543
11544 @@ -99,6 +99,12 @@ void bad_trap(struct pt_regs *regs, long lvl)
11545
11546 lvl -= 0x100;
11547 if (regs->tstate & TSTATE_PRIV) {
11548 +
11549 +#ifdef CONFIG_PAX_REFCOUNT
11550 + if (lvl == 6)
11551 + pax_report_refcount_error(regs, NULL);
11552 +#endif
11553 +
11554 sprintf(buffer, "Kernel bad sw trap %lx", lvl);
11555 die_if_kernel(buffer, regs);
11556 }
11557 @@ -117,11 +123,16 @@ void bad_trap(struct pt_regs *regs, long lvl)
11558 void bad_trap_tl1(struct pt_regs *regs, long lvl)
11559 {
11560 char buffer[32];
11561 -
11562 +
11563 if (notify_die(DIE_TRAP_TL1, "bad trap tl1", regs,
11564 0, lvl, SIGTRAP) == NOTIFY_STOP)
11565 return;
11566
11567 +#ifdef CONFIG_PAX_REFCOUNT
11568 + if (lvl == 6)
11569 + pax_report_refcount_error(regs, NULL);
11570 +#endif
11571 +
11572 dump_tl1_traplog((struct tl1_traplog *)(regs + 1));
11573
11574 sprintf (buffer, "Bad trap %lx at tl>0", lvl);
11575 @@ -1151,7 +1162,7 @@ static void cheetah_log_errors(struct pt_regs *regs, struct cheetah_err_info *in
11576 regs->tpc, regs->tnpc, regs->u_regs[UREG_I7], regs->tstate);
11577 printk("%s" "ERROR(%d): ",
11578 (recoverable ? KERN_WARNING : KERN_CRIT), smp_processor_id());
11579 - printk("TPC<%pS>\n", (void *) regs->tpc);
11580 + printk("TPC<%pA>\n", (void *) regs->tpc);
11581 printk("%s" "ERROR(%d): M_SYND(%lx), E_SYND(%lx)%s%s\n",
11582 (recoverable ? KERN_WARNING : KERN_CRIT), smp_processor_id(),
11583 (afsr & CHAFSR_M_SYNDROME) >> CHAFSR_M_SYNDROME_SHIFT,
11584 @@ -1758,7 +1769,7 @@ void cheetah_plus_parity_error(int type, struct pt_regs *regs)
11585 smp_processor_id(),
11586 (type & 0x1) ? 'I' : 'D',
11587 regs->tpc);
11588 - printk(KERN_EMERG "TPC<%pS>\n", (void *) regs->tpc);
11589 + printk(KERN_EMERG "TPC<%pA>\n", (void *) regs->tpc);
11590 panic("Irrecoverable Cheetah+ parity error.");
11591 }
11592
11593 @@ -1766,7 +1777,7 @@ void cheetah_plus_parity_error(int type, struct pt_regs *regs)
11594 smp_processor_id(),
11595 (type & 0x1) ? 'I' : 'D',
11596 regs->tpc);
11597 - printk(KERN_WARNING "TPC<%pS>\n", (void *) regs->tpc);
11598 + printk(KERN_WARNING "TPC<%pA>\n", (void *) regs->tpc);
11599 }
11600
11601 struct sun4v_error_entry {
11602 @@ -1839,8 +1850,8 @@ struct sun4v_error_entry {
11603 /*0x38*/u64 reserved_5;
11604 };
11605
11606 -static atomic_t sun4v_resum_oflow_cnt = ATOMIC_INIT(0);
11607 -static atomic_t sun4v_nonresum_oflow_cnt = ATOMIC_INIT(0);
11608 +static atomic_unchecked_t sun4v_resum_oflow_cnt = ATOMIC_INIT(0);
11609 +static atomic_unchecked_t sun4v_nonresum_oflow_cnt = ATOMIC_INIT(0);
11610
11611 static const char *sun4v_err_type_to_str(u8 type)
11612 {
11613 @@ -1932,7 +1943,7 @@ static void sun4v_report_real_raddr(const char *pfx, struct pt_regs *regs)
11614 }
11615
11616 static void sun4v_log_error(struct pt_regs *regs, struct sun4v_error_entry *ent,
11617 - int cpu, const char *pfx, atomic_t *ocnt)
11618 + int cpu, const char *pfx, atomic_unchecked_t *ocnt)
11619 {
11620 u64 *raw_ptr = (u64 *) ent;
11621 u32 attrs;
11622 @@ -1990,8 +2001,8 @@ static void sun4v_log_error(struct pt_regs *regs, struct sun4v_error_entry *ent,
11623
11624 show_regs(regs);
11625
11626 - if ((cnt = atomic_read(ocnt)) != 0) {
11627 - atomic_set(ocnt, 0);
11628 + if ((cnt = atomic_read_unchecked(ocnt)) != 0) {
11629 + atomic_set_unchecked(ocnt, 0);
11630 wmb();
11631 printk("%s: Queue overflowed %d times.\n",
11632 pfx, cnt);
11633 @@ -2048,7 +2059,7 @@ out:
11634 */
11635 void sun4v_resum_overflow(struct pt_regs *regs)
11636 {
11637 - atomic_inc(&sun4v_resum_oflow_cnt);
11638 + atomic_inc_unchecked(&sun4v_resum_oflow_cnt);
11639 }
11640
11641 /* We run with %pil set to PIL_NORMAL_MAX and PSTATE_IE enabled in %pstate.
11642 @@ -2101,7 +2112,7 @@ void sun4v_nonresum_overflow(struct pt_regs *regs)
11643 /* XXX Actually even this can make not that much sense. Perhaps
11644 * XXX we should just pull the plug and panic directly from here?
11645 */
11646 - atomic_inc(&sun4v_nonresum_oflow_cnt);
11647 + atomic_inc_unchecked(&sun4v_nonresum_oflow_cnt);
11648 }
11649
11650 static void sun4v_tlb_error(struct pt_regs *regs)
11651 @@ -2120,9 +2131,9 @@ void sun4v_itlb_error_report(struct pt_regs *regs, int tl)
11652
11653 printk(KERN_EMERG "SUN4V-ITLB: Error at TPC[%lx], tl %d\n",
11654 regs->tpc, tl);
11655 - printk(KERN_EMERG "SUN4V-ITLB: TPC<%pS>\n", (void *) regs->tpc);
11656 + printk(KERN_EMERG "SUN4V-ITLB: TPC<%pA>\n", (void *) regs->tpc);
11657 printk(KERN_EMERG "SUN4V-ITLB: O7[%lx]\n", regs->u_regs[UREG_I7]);
11658 - printk(KERN_EMERG "SUN4V-ITLB: O7<%pS>\n",
11659 + printk(KERN_EMERG "SUN4V-ITLB: O7<%pA>\n",
11660 (void *) regs->u_regs[UREG_I7]);
11661 printk(KERN_EMERG "SUN4V-ITLB: vaddr[%lx] ctx[%lx] "
11662 "pte[%lx] error[%lx]\n",
11663 @@ -2143,9 +2154,9 @@ void sun4v_dtlb_error_report(struct pt_regs *regs, int tl)
11664
11665 printk(KERN_EMERG "SUN4V-DTLB: Error at TPC[%lx], tl %d\n",
11666 regs->tpc, tl);
11667 - printk(KERN_EMERG "SUN4V-DTLB: TPC<%pS>\n", (void *) regs->tpc);
11668 + printk(KERN_EMERG "SUN4V-DTLB: TPC<%pA>\n", (void *) regs->tpc);
11669 printk(KERN_EMERG "SUN4V-DTLB: O7[%lx]\n", regs->u_regs[UREG_I7]);
11670 - printk(KERN_EMERG "SUN4V-DTLB: O7<%pS>\n",
11671 + printk(KERN_EMERG "SUN4V-DTLB: O7<%pA>\n",
11672 (void *) regs->u_regs[UREG_I7]);
11673 printk(KERN_EMERG "SUN4V-DTLB: vaddr[%lx] ctx[%lx] "
11674 "pte[%lx] error[%lx]\n",
11675 @@ -2362,13 +2373,13 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp)
11676 fp = (unsigned long)sf->fp + STACK_BIAS;
11677 }
11678
11679 - printk(" [%016lx] %pS\n", pc, (void *) pc);
11680 + printk(" [%016lx] %pA\n", pc, (void *) pc);
11681 #ifdef CONFIG_FUNCTION_GRAPH_TRACER
11682 if ((pc + 8UL) == (unsigned long) &return_to_handler) {
11683 int index = tsk->curr_ret_stack;
11684 if (tsk->ret_stack && index >= graph) {
11685 pc = tsk->ret_stack[index - graph].ret;
11686 - printk(" [%016lx] %pS\n", pc, (void *) pc);
11687 + printk(" [%016lx] %pA\n", pc, (void *) pc);
11688 graph++;
11689 }
11690 }
11691 @@ -2386,6 +2397,8 @@ static inline struct reg_window *kernel_stack_up(struct reg_window *rw)
11692 return (struct reg_window *) (fp + STACK_BIAS);
11693 }
11694
11695 +extern void gr_handle_kernel_exploit(void);
11696 +
11697 void __noreturn die_if_kernel(char *str, struct pt_regs *regs)
11698 {
11699 static int die_counter;
11700 @@ -2414,7 +2427,7 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs)
11701 while (rw &&
11702 count++ < 30 &&
11703 kstack_valid(tp, (unsigned long) rw)) {
11704 - printk("Caller[%016lx]: %pS\n", rw->ins[7],
11705 + printk("Caller[%016lx]: %pA\n", rw->ins[7],
11706 (void *) rw->ins[7]);
11707
11708 rw = kernel_stack_up(rw);
11709 @@ -2429,8 +2442,10 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs)
11710 }
11711 if (panic_on_oops)
11712 panic("Fatal exception");
11713 - if (regs->tstate & TSTATE_PRIV)
11714 + if (regs->tstate & TSTATE_PRIV) {
11715 + gr_handle_kernel_exploit();
11716 do_exit(SIGKILL);
11717 + }
11718 do_exit(SIGSEGV);
11719 }
11720 EXPORT_SYMBOL(die_if_kernel);
11721 diff --git a/arch/sparc/kernel/unaligned_64.c b/arch/sparc/kernel/unaligned_64.c
11722 index 9aacb91..6415c82 100644
11723 --- a/arch/sparc/kernel/unaligned_64.c
11724 +++ b/arch/sparc/kernel/unaligned_64.c
11725 @@ -297,7 +297,7 @@ static void log_unaligned(struct pt_regs *regs)
11726 static DEFINE_RATELIMIT_STATE(ratelimit, 5 * HZ, 5);
11727
11728 if (__ratelimit(&ratelimit)) {
11729 - printk("Kernel unaligned access at TPC[%lx] %pS\n",
11730 + printk("Kernel unaligned access at TPC[%lx] %pA\n",
11731 regs->tpc, (void *) regs->tpc);
11732 }
11733 }
11734 diff --git a/arch/sparc/lib/Makefile b/arch/sparc/lib/Makefile
11735 index 3269b02..64f5231 100644
11736 --- a/arch/sparc/lib/Makefile
11737 +++ b/arch/sparc/lib/Makefile
11738 @@ -2,7 +2,7 @@
11739 #
11740
11741 asflags-y := -ansi -DST_DIV0=0x02
11742 -ccflags-y := -Werror
11743 +#ccflags-y := -Werror
11744
11745 lib-$(CONFIG_SPARC32) += ashrdi3.o
11746 lib-$(CONFIG_SPARC32) += memcpy.o memset.o
11747 diff --git a/arch/sparc/lib/atomic_64.S b/arch/sparc/lib/atomic_64.S
11748 index a5c5a02..b62dbfec 100644
11749 --- a/arch/sparc/lib/atomic_64.S
11750 +++ b/arch/sparc/lib/atomic_64.S
11751 @@ -16,11 +16,22 @@
11752 * barriers.
11753 */
11754
11755 -#define ATOMIC_OP(op) \
11756 -ENTRY(atomic_##op) /* %o0 = increment, %o1 = atomic_ptr */ \
11757 +#ifdef CONFIG_PAX_REFCOUNT
11758 +#define __REFCOUNT_OP(op) op##cc
11759 +#define __OVERFLOW_IOP tvs %icc, 6;
11760 +#define __OVERFLOW_XOP tvs %xcc, 6;
11761 +#else
11762 +#define __REFCOUNT_OP(op) op
11763 +#define __OVERFLOW_IOP
11764 +#define __OVERFLOW_XOP
11765 +#endif
11766 +
11767 +#define __ATOMIC_OP(op, suffix, asm_op, post_op) \
11768 +ENTRY(atomic_##op##suffix) /* %o0 = increment, %o1 = atomic_ptr */ \
11769 BACKOFF_SETUP(%o2); \
11770 1: lduw [%o1], %g1; \
11771 - op %g1, %o0, %g7; \
11772 + asm_op %g1, %o0, %g7; \
11773 + post_op \
11774 cas [%o1], %g1, %g7; \
11775 cmp %g1, %g7; \
11776 bne,pn %icc, BACKOFF_LABEL(2f, 1b); \
11777 @@ -30,11 +41,15 @@ ENTRY(atomic_##op) /* %o0 = increment, %o1 = atomic_ptr */ \
11778 2: BACKOFF_SPIN(%o2, %o3, 1b); \
11779 ENDPROC(atomic_##op); \
11780
11781 -#define ATOMIC_OP_RETURN(op) \
11782 -ENTRY(atomic_##op##_return) /* %o0 = increment, %o1 = atomic_ptr */ \
11783 +#define ATOMIC_OP(op) __ATOMIC_OP(op, , op, ) \
11784 + __ATOMIC_OP(op, _unchecked, __REFCOUNT_OP(op), __OVERFLOW_IOP)
11785 +
11786 +#define __ATOMIC_OP_RETURN(op, suffix, asm_op, post_op) \
11787 +ENTRY(atomic_##op##_return##suffix) /* %o0 = increment, %o1 = atomic_ptr */\
11788 BACKOFF_SETUP(%o2); \
11789 1: lduw [%o1], %g1; \
11790 - op %g1, %o0, %g7; \
11791 + asm_op %g1, %o0, %g7; \
11792 + post_op \
11793 cas [%o1], %g1, %g7; \
11794 cmp %g1, %g7; \
11795 bne,pn %icc, BACKOFF_LABEL(2f, 1b); \
11796 @@ -44,6 +59,9 @@ ENTRY(atomic_##op##_return) /* %o0 = increment, %o1 = atomic_ptr */ \
11797 2: BACKOFF_SPIN(%o2, %o3, 1b); \
11798 ENDPROC(atomic_##op##_return);
11799
11800 +#define ATOMIC_OP_RETURN(op) __ATOMIC_OP_RETURN(op, , op, ) \
11801 + __ATOMIC_OP_RETURN(op, _unchecked, __REFCOUNT_OP(op), __OVERFLOW_IOP)
11802 +
11803 #define ATOMIC_FETCH_OP(op) \
11804 ENTRY(atomic_fetch_##op) /* %o0 = increment, %o1 = atomic_ptr */ \
11805 BACKOFF_SETUP(%o2); \
11806 @@ -73,13 +91,16 @@ ATOMIC_OPS(xor)
11807 #undef ATOMIC_OPS
11808 #undef ATOMIC_FETCH_OP
11809 #undef ATOMIC_OP_RETURN
11810 +#undef __ATOMIC_OP_RETURN
11811 #undef ATOMIC_OP
11812 +#undef __ATOMIC_OP
11813
11814 -#define ATOMIC64_OP(op) \
11815 -ENTRY(atomic64_##op) /* %o0 = increment, %o1 = atomic_ptr */ \
11816 +#define __ATOMIC64_OP(op, suffix, asm_op, post_op) \
11817 +ENTRY(atomic64_##op##suffix) /* %o0 = increment, %o1 = atomic_ptr */ \
11818 BACKOFF_SETUP(%o2); \
11819 1: ldx [%o1], %g1; \
11820 - op %g1, %o0, %g7; \
11821 + asm_op %g1, %o0, %g7; \
11822 + post_op \
11823 casx [%o1], %g1, %g7; \
11824 cmp %g1, %g7; \
11825 bne,pn %xcc, BACKOFF_LABEL(2f, 1b); \
11826 @@ -89,11 +110,15 @@ ENTRY(atomic64_##op) /* %o0 = increment, %o1 = atomic_ptr */ \
11827 2: BACKOFF_SPIN(%o2, %o3, 1b); \
11828 ENDPROC(atomic64_##op); \
11829
11830 -#define ATOMIC64_OP_RETURN(op) \
11831 -ENTRY(atomic64_##op##_return) /* %o0 = increment, %o1 = atomic_ptr */ \
11832 +#define ATOMIC64_OP(op) __ATOMIC64_OP(op, , op, ) \
11833 + __ATOMIC64_OP(op, _unchecked, __REFCOUNT_OP(op), __OVERFLOW_XOP)
11834 +
11835 +#define __ATOMIC64_OP_RETURN(op, suffix, asm_op, post_op) \
11836 +ENTRY(atomic64_##op##_return##suffix) /* %o0 = increment, %o1 = atomic_ptr */\
11837 BACKOFF_SETUP(%o2); \
11838 1: ldx [%o1], %g1; \
11839 - op %g1, %o0, %g7; \
11840 + asm_op %g1, %o0, %g7; \
11841 + post_op \
11842 casx [%o1], %g1, %g7; \
11843 cmp %g1, %g7; \
11844 bne,pn %xcc, BACKOFF_LABEL(2f, 1b); \
11845 @@ -103,6 +128,9 @@ ENTRY(atomic64_##op##_return) /* %o0 = increment, %o1 = atomic_ptr */ \
11846 2: BACKOFF_SPIN(%o2, %o3, 1b); \
11847 ENDPROC(atomic64_##op##_return);
11848
11849 +#define ATOMIC64_OP_RETURN(op) __ATOMIC64_OP_RETURN(op, , op, ) \
11850 + __ATOMIC64_OP_RETURN(op, _unchecked, __REFCOUNT_OP(op), __OVERFLOW_XOP)
11851 +
11852 #define ATOMIC64_FETCH_OP(op) \
11853 ENTRY(atomic64_fetch_##op) /* %o0 = increment, %o1 = atomic_ptr */ \
11854 BACKOFF_SETUP(%o2); \
11855 @@ -132,7 +160,12 @@ ATOMIC64_OPS(xor)
11856 #undef ATOMIC64_OPS
11857 #undef ATOMIC64_FETCH_OP
11858 #undef ATOMIC64_OP_RETURN
11859 +#undef __ATOMIC64_OP_RETURN
11860 #undef ATOMIC64_OP
11861 +#undef __ATOMIC64_OP
11862 +#undef __OVERFLOW_XOP
11863 +#undef __OVERFLOW_IOP
11864 +#undef __REFCOUNT_OP
11865
11866 ENTRY(atomic64_dec_if_positive) /* %o0 = atomic_ptr */
11867 BACKOFF_SETUP(%o2)
11868 diff --git a/arch/sparc/lib/ksyms.c b/arch/sparc/lib/ksyms.c
11869 index de5e978..cf48854 100644
11870 --- a/arch/sparc/lib/ksyms.c
11871 +++ b/arch/sparc/lib/ksyms.c
11872 @@ -101,7 +101,9 @@ EXPORT_SYMBOL(__clear_user);
11873 /* Atomic counter implementation. */
11874 #define ATOMIC_OP(op) \
11875 EXPORT_SYMBOL(atomic_##op); \
11876 -EXPORT_SYMBOL(atomic64_##op);
11877 +EXPORT_SYMBOL(atomic_##op##_unchecked); \
11878 +EXPORT_SYMBOL(atomic64_##op); \
11879 +EXPORT_SYMBOL(atomic64_##op##_unchecked);
11880
11881 #define ATOMIC_OP_RETURN(op) \
11882 EXPORT_SYMBOL(atomic_##op##_return); \
11883 @@ -114,6 +116,8 @@ EXPORT_SYMBOL(atomic64_fetch_##op);
11884 #define ATOMIC_OPS(op) ATOMIC_OP(op) ATOMIC_OP_RETURN(op) ATOMIC_FETCH_OP(op)
11885
11886 ATOMIC_OPS(add)
11887 +EXPORT_SYMBOL(atomic_add_return_unchecked);
11888 +EXPORT_SYMBOL(atomic64_add_return_unchecked);
11889 ATOMIC_OPS(sub)
11890
11891 #undef ATOMIC_OPS
11892 diff --git a/arch/sparc/mm/Makefile b/arch/sparc/mm/Makefile
11893 index 30c3ecc..736f015 100644
11894 --- a/arch/sparc/mm/Makefile
11895 +++ b/arch/sparc/mm/Makefile
11896 @@ -2,7 +2,7 @@
11897 #
11898
11899 asflags-y := -ansi
11900 -ccflags-y := -Werror
11901 +#ccflags-y := -Werror
11902
11903 obj-$(CONFIG_SPARC64) += ultra.o tlb.o tsb.o gup.o
11904 obj-y += fault_$(BITS).o
11905 diff --git a/arch/sparc/mm/fault_32.c b/arch/sparc/mm/fault_32.c
11906 index 4714061..bad7f9a 100644
11907 --- a/arch/sparc/mm/fault_32.c
11908 +++ b/arch/sparc/mm/fault_32.c
11909 @@ -22,6 +22,9 @@
11910 #include <linux/interrupt.h>
11911 #include <linux/kdebug.h>
11912 #include <linux/uaccess.h>
11913 +#include <linux/slab.h>
11914 +#include <linux/pagemap.h>
11915 +#include <linux/compiler.h>
11916
11917 #include <asm/page.h>
11918 #include <asm/pgtable.h>
11919 @@ -156,6 +159,277 @@ static unsigned long compute_si_addr(struct pt_regs *regs, int text_fault)
11920 return safe_compute_effective_address(regs, insn);
11921 }
11922
11923 +#ifdef CONFIG_PAX_PAGEEXEC
11924 +#ifdef CONFIG_PAX_DLRESOLVE
11925 +static void pax_emuplt_close(struct vm_area_struct *vma)
11926 +{
11927 + vma->vm_mm->call_dl_resolve = 0UL;
11928 +}
11929 +
11930 +static int pax_emuplt_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
11931 +{
11932 + unsigned int *kaddr;
11933 +
11934 + vmf->page = alloc_page(GFP_HIGHUSER);
11935 + if (!vmf->page)
11936 + return VM_FAULT_OOM;
11937 +
11938 + kaddr = kmap(vmf->page);
11939 + memset(kaddr, 0, PAGE_SIZE);
11940 + kaddr[0] = 0x9DE3BFA8U; /* save */
11941 + flush_dcache_page(vmf->page);
11942 + kunmap(vmf->page);
11943 + return VM_FAULT_MAJOR;
11944 +}
11945 +
11946 +static const struct vm_operations_struct pax_vm_ops = {
11947 + .close = pax_emuplt_close,
11948 + .fault = pax_emuplt_fault
11949 +};
11950 +
11951 +static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
11952 +{
11953 + int ret;
11954 +
11955 + INIT_LIST_HEAD(&vma->anon_vma_chain);
11956 + vma->vm_mm = current->mm;
11957 + vma->vm_start = addr;
11958 + vma->vm_end = addr + PAGE_SIZE;
11959 + vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC;
11960 + vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
11961 + vma->vm_ops = &pax_vm_ops;
11962 +
11963 + ret = insert_vm_struct(current->mm, vma);
11964 + if (ret)
11965 + return ret;
11966 +
11967 + ++current->mm->total_vm;
11968 + return 0;
11969 +}
11970 +#endif
11971 +
11972 +/*
11973 + * PaX: decide what to do with offenders (regs->pc = fault address)
11974 + *
11975 + * returns 1 when task should be killed
11976 + * 2 when patched PLT trampoline was detected
11977 + * 3 when unpatched PLT trampoline was detected
11978 + */
11979 +static int pax_handle_fetch_fault(struct pt_regs *regs)
11980 +{
11981 +
11982 +#ifdef CONFIG_PAX_EMUPLT
11983 + int err;
11984 +
11985 + do { /* PaX: patched PLT emulation #1 */
11986 + unsigned int sethi1, sethi2, jmpl;
11987 +
11988 + err = get_user(sethi1, (unsigned int *)regs->pc);
11989 + err |= get_user(sethi2, (unsigned int *)(regs->pc+4));
11990 + err |= get_user(jmpl, (unsigned int *)(regs->pc+8));
11991 +
11992 + if (err)
11993 + break;
11994 +
11995 + if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
11996 + (sethi2 & 0xFFC00000U) == 0x03000000U &&
11997 + (jmpl & 0xFFFFE000U) == 0x81C06000U)
11998 + {
11999 + unsigned int addr;
12000 +
12001 + regs->u_regs[UREG_G1] = (sethi2 & 0x003FFFFFU) << 10;
12002 + addr = regs->u_regs[UREG_G1];
12003 + addr += (((jmpl | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U);
12004 + regs->pc = addr;
12005 + regs->npc = addr+4;
12006 + return 2;
12007 + }
12008 + } while (0);
12009 +
12010 + do { /* PaX: patched PLT emulation #2 */
12011 + unsigned int ba;
12012 +
12013 + err = get_user(ba, (unsigned int *)regs->pc);
12014 +
12015 + if (err)
12016 + break;
12017 +
12018 + if ((ba & 0xFFC00000U) == 0x30800000U || (ba & 0xFFF80000U) == 0x30480000U) {
12019 + unsigned int addr;
12020 +
12021 + if ((ba & 0xFFC00000U) == 0x30800000U)
12022 + addr = regs->pc + ((((ba | 0xFFC00000U) ^ 0x00200000U) + 0x00200000U) << 2);
12023 + else
12024 + addr = regs->pc + ((((ba | 0xFFF80000U) ^ 0x00040000U) + 0x00040000U) << 2);
12025 + regs->pc = addr;
12026 + regs->npc = addr+4;
12027 + return 2;
12028 + }
12029 + } while (0);
12030 +
12031 + do { /* PaX: patched PLT emulation #3 */
12032 + unsigned int sethi, bajmpl, nop;
12033 +
12034 + err = get_user(sethi, (unsigned int *)regs->pc);
12035 + err |= get_user(bajmpl, (unsigned int *)(regs->pc+4));
12036 + err |= get_user(nop, (unsigned int *)(regs->pc+8));
12037 +
12038 + if (err)
12039 + break;
12040 +
12041 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
12042 + ((bajmpl & 0xFFFFE000U) == 0x81C06000U || (bajmpl & 0xFFF80000U) == 0x30480000U) &&
12043 + nop == 0x01000000U)
12044 + {
12045 + unsigned int addr;
12046 +
12047 + addr = (sethi & 0x003FFFFFU) << 10;
12048 + regs->u_regs[UREG_G1] = addr;
12049 + if ((bajmpl & 0xFFFFE000U) == 0x81C06000U)
12050 + addr += (((bajmpl | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U);
12051 + else
12052 + addr = regs->pc + ((((bajmpl | 0xFFF80000U) ^ 0x00040000U) + 0x00040000U) << 2);
12053 + regs->pc = addr;
12054 + regs->npc = addr+4;
12055 + return 2;
12056 + }
12057 + } while (0);
12058 +
12059 + do { /* PaX: unpatched PLT emulation step 1 */
12060 + unsigned int sethi, ba, nop;
12061 +
12062 + err = get_user(sethi, (unsigned int *)regs->pc);
12063 + err |= get_user(ba, (unsigned int *)(regs->pc+4));
12064 + err |= get_user(nop, (unsigned int *)(regs->pc+8));
12065 +
12066 + if (err)
12067 + break;
12068 +
12069 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
12070 + ((ba & 0xFFC00000U) == 0x30800000U || (ba & 0xFFF80000U) == 0x30680000U) &&
12071 + nop == 0x01000000U)
12072 + {
12073 + unsigned int addr, save, call;
12074 +
12075 + if ((ba & 0xFFC00000U) == 0x30800000U)
12076 + addr = regs->pc + 4 + ((((ba | 0xFFC00000U) ^ 0x00200000U) + 0x00200000U) << 2);
12077 + else
12078 + addr = regs->pc + 4 + ((((ba | 0xFFF80000U) ^ 0x00040000U) + 0x00040000U) << 2);
12079 +
12080 + err = get_user(save, (unsigned int *)addr);
12081 + err |= get_user(call, (unsigned int *)(addr+4));
12082 + err |= get_user(nop, (unsigned int *)(addr+8));
12083 + if (err)
12084 + break;
12085 +
12086 +#ifdef CONFIG_PAX_DLRESOLVE
12087 + if (save == 0x9DE3BFA8U &&
12088 + (call & 0xC0000000U) == 0x40000000U &&
12089 + nop == 0x01000000U)
12090 + {
12091 + struct vm_area_struct *vma;
12092 + unsigned long call_dl_resolve;
12093 +
12094 + down_read(&current->mm->mmap_sem);
12095 + call_dl_resolve = current->mm->call_dl_resolve;
12096 + up_read(&current->mm->mmap_sem);
12097 + if (likely(call_dl_resolve))
12098 + goto emulate;
12099 +
12100 + vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
12101 +
12102 + down_write(&current->mm->mmap_sem);
12103 + if (current->mm->call_dl_resolve) {
12104 + call_dl_resolve = current->mm->call_dl_resolve;
12105 + up_write(&current->mm->mmap_sem);
12106 + if (vma)
12107 + kmem_cache_free(vm_area_cachep, vma);
12108 + goto emulate;
12109 + }
12110 +
12111 + call_dl_resolve = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE);
12112 + if (!vma || (call_dl_resolve & ~PAGE_MASK)) {
12113 + up_write(&current->mm->mmap_sem);
12114 + if (vma)
12115 + kmem_cache_free(vm_area_cachep, vma);
12116 + return 1;
12117 + }
12118 +
12119 + if (pax_insert_vma(vma, call_dl_resolve)) {
12120 + up_write(&current->mm->mmap_sem);
12121 + kmem_cache_free(vm_area_cachep, vma);
12122 + return 1;
12123 + }
12124 +
12125 + current->mm->call_dl_resolve = call_dl_resolve;
12126 + up_write(&current->mm->mmap_sem);
12127 +
12128 +emulate:
12129 + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
12130 + regs->pc = call_dl_resolve;
12131 + regs->npc = addr+4;
12132 + return 3;
12133 + }
12134 +#endif
12135 +
12136 + /* PaX: glibc 2.4+ generates sethi/jmpl instead of save/call */
12137 + if ((save & 0xFFC00000U) == 0x05000000U &&
12138 + (call & 0xFFFFE000U) == 0x85C0A000U &&
12139 + nop == 0x01000000U)
12140 + {
12141 + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
12142 + regs->u_regs[UREG_G2] = addr + 4;
12143 + addr = (save & 0x003FFFFFU) << 10;
12144 + addr += (((call | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U);
12145 + regs->pc = addr;
12146 + regs->npc = addr+4;
12147 + return 3;
12148 + }
12149 + }
12150 + } while (0);
12151 +
12152 + do { /* PaX: unpatched PLT emulation step 2 */
12153 + unsigned int save, call, nop;
12154 +
12155 + err = get_user(save, (unsigned int *)(regs->pc-4));
12156 + err |= get_user(call, (unsigned int *)regs->pc);
12157 + err |= get_user(nop, (unsigned int *)(regs->pc+4));
12158 + if (err)
12159 + break;
12160 +
12161 + if (save == 0x9DE3BFA8U &&
12162 + (call & 0xC0000000U) == 0x40000000U &&
12163 + nop == 0x01000000U)
12164 + {
12165 + unsigned int dl_resolve = regs->pc + ((((call | 0xC0000000U) ^ 0x20000000U) + 0x20000000U) << 2);
12166 +
12167 + regs->u_regs[UREG_RETPC] = regs->pc;
12168 + regs->pc = dl_resolve;
12169 + regs->npc = dl_resolve+4;
12170 + return 3;
12171 + }
12172 + } while (0);
12173 +#endif
12174 +
12175 + return 1;
12176 +}
12177 +
12178 +void pax_report_insns(struct pt_regs *regs, void *pc, void *sp)
12179 +{
12180 + unsigned long i;
12181 +
12182 + printk(KERN_ERR "PAX: bytes at PC: ");
12183 + for (i = 0; i < 8; i++) {
12184 + unsigned int c;
12185 + if (get_user(c, (unsigned int *)pc+i))
12186 + printk(KERN_CONT "???????? ");
12187 + else
12188 + printk(KERN_CONT "%08x ", c);
12189 + }
12190 + printk("\n");
12191 +}
12192 +#endif
12193 +
12194 static noinline void do_fault_siginfo(int code, int sig, struct pt_regs *regs,
12195 int text_fault)
12196 {
12197 @@ -226,6 +500,24 @@ good_area:
12198 if (!(vma->vm_flags & VM_WRITE))
12199 goto bad_area;
12200 } else {
12201 +
12202 +#ifdef CONFIG_PAX_PAGEEXEC
12203 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && text_fault && !(vma->vm_flags & VM_EXEC)) {
12204 + up_read(&mm->mmap_sem);
12205 + switch (pax_handle_fetch_fault(regs)) {
12206 +
12207 +#ifdef CONFIG_PAX_EMUPLT
12208 + case 2:
12209 + case 3:
12210 + return;
12211 +#endif
12212 +
12213 + }
12214 + pax_report_fault(regs, (void *)regs->pc, (void *)regs->u_regs[UREG_FP]);
12215 + do_group_exit(SIGKILL);
12216 + }
12217 +#endif
12218 +
12219 /* Allow reads even for write-only mappings */
12220 if (!(vma->vm_flags & (VM_READ | VM_EXEC)))
12221 goto bad_area;
12222 diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c
12223 index 3f291d8..b335338 100644
12224 --- a/arch/sparc/mm/fault_64.c
12225 +++ b/arch/sparc/mm/fault_64.c
12226 @@ -23,6 +23,9 @@
12227 #include <linux/percpu.h>
12228 #include <linux/context_tracking.h>
12229 #include <linux/uaccess.h>
12230 +#include <linux/slab.h>
12231 +#include <linux/pagemap.h>
12232 +#include <linux/compiler.h>
12233
12234 #include <asm/page.h>
12235 #include <asm/pgtable.h>
12236 @@ -76,7 +79,7 @@ static void __kprobes bad_kernel_pc(struct pt_regs *regs, unsigned long vaddr)
12237 printk(KERN_CRIT "OOPS: Bogus kernel PC [%016lx] in fault handler\n",
12238 regs->tpc);
12239 printk(KERN_CRIT "OOPS: RPC [%016lx]\n", regs->u_regs[15]);
12240 - printk("OOPS: RPC <%pS>\n", (void *) regs->u_regs[15]);
12241 + printk("OOPS: RPC <%pA>\n", (void *) regs->u_regs[15]);
12242 printk(KERN_CRIT "OOPS: Fault was to vaddr[%lx]\n", vaddr);
12243 dump_stack();
12244 unhandled_fault(regs->tpc, current, regs);
12245 @@ -276,6 +279,466 @@ static void noinline __kprobes bogus_32bit_fault_tpc(struct pt_regs *regs)
12246 show_regs(regs);
12247 }
12248
12249 +#ifdef CONFIG_PAX_PAGEEXEC
12250 +#ifdef CONFIG_PAX_DLRESOLVE
12251 +static void pax_emuplt_close(struct vm_area_struct *vma)
12252 +{
12253 + vma->vm_mm->call_dl_resolve = 0UL;
12254 +}
12255 +
12256 +static int pax_emuplt_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
12257 +{
12258 + unsigned int *kaddr;
12259 +
12260 + vmf->page = alloc_page(GFP_HIGHUSER);
12261 + if (!vmf->page)
12262 + return VM_FAULT_OOM;
12263 +
12264 + kaddr = kmap(vmf->page);
12265 + memset(kaddr, 0, PAGE_SIZE);
12266 + kaddr[0] = 0x9DE3BFA8U; /* save */
12267 + flush_dcache_page(vmf->page);
12268 + kunmap(vmf->page);
12269 + return VM_FAULT_MAJOR;
12270 +}
12271 +
12272 +static const struct vm_operations_struct pax_vm_ops = {
12273 + .close = pax_emuplt_close,
12274 + .fault = pax_emuplt_fault
12275 +};
12276 +
12277 +static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
12278 +{
12279 + int ret;
12280 +
12281 + INIT_LIST_HEAD(&vma->anon_vma_chain);
12282 + vma->vm_mm = current->mm;
12283 + vma->vm_start = addr;
12284 + vma->vm_end = addr + PAGE_SIZE;
12285 + vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC;
12286 + vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
12287 + vma->vm_ops = &pax_vm_ops;
12288 +
12289 + ret = insert_vm_struct(current->mm, vma);
12290 + if (ret)
12291 + return ret;
12292 +
12293 + ++current->mm->total_vm;
12294 + return 0;
12295 +}
12296 +#endif
12297 +
12298 +/*
12299 + * PaX: decide what to do with offenders (regs->tpc = fault address)
12300 + *
12301 + * returns 1 when task should be killed
12302 + * 2 when patched PLT trampoline was detected
12303 + * 3 when unpatched PLT trampoline was detected
12304 + */
12305 +static int pax_handle_fetch_fault(struct pt_regs *regs)
12306 +{
12307 +
12308 +#ifdef CONFIG_PAX_EMUPLT
12309 + int err;
12310 +
12311 + do { /* PaX: patched PLT emulation #1 */
12312 + unsigned int sethi1, sethi2, jmpl;
12313 +
12314 + err = get_user(sethi1, (unsigned int *)regs->tpc);
12315 + err |= get_user(sethi2, (unsigned int *)(regs->tpc+4));
12316 + err |= get_user(jmpl, (unsigned int *)(regs->tpc+8));
12317 +
12318 + if (err)
12319 + break;
12320 +
12321 + if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
12322 + (sethi2 & 0xFFC00000U) == 0x03000000U &&
12323 + (jmpl & 0xFFFFE000U) == 0x81C06000U)
12324 + {
12325 + unsigned long addr;
12326 +
12327 + regs->u_regs[UREG_G1] = (sethi2 & 0x003FFFFFU) << 10;
12328 + addr = regs->u_regs[UREG_G1];
12329 + addr += (((jmpl | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL);
12330 +
12331 + if (test_thread_flag(TIF_32BIT))
12332 + addr &= 0xFFFFFFFFUL;
12333 +
12334 + regs->tpc = addr;
12335 + regs->tnpc = addr+4;
12336 + return 2;
12337 + }
12338 + } while (0);
12339 +
12340 + do { /* PaX: patched PLT emulation #2 */
12341 + unsigned int ba;
12342 +
12343 + err = get_user(ba, (unsigned int *)regs->tpc);
12344 +
12345 + if (err)
12346 + break;
12347 +
12348 + if ((ba & 0xFFC00000U) == 0x30800000U || (ba & 0xFFF80000U) == 0x30480000U) {
12349 + unsigned long addr;
12350 +
12351 + if ((ba & 0xFFC00000U) == 0x30800000U)
12352 + addr = regs->tpc + ((((ba | 0xFFFFFFFFFFC00000UL) ^ 0x00200000UL) + 0x00200000UL) << 2);
12353 + else
12354 + addr = regs->tpc + ((((ba | 0xFFFFFFFFFFF80000UL) ^ 0x00040000UL) + 0x00040000UL) << 2);
12355 +
12356 + if (test_thread_flag(TIF_32BIT))
12357 + addr &= 0xFFFFFFFFUL;
12358 +
12359 + regs->tpc = addr;
12360 + regs->tnpc = addr+4;
12361 + return 2;
12362 + }
12363 + } while (0);
12364 +
12365 + do { /* PaX: patched PLT emulation #3 */
12366 + unsigned int sethi, bajmpl, nop;
12367 +
12368 + err = get_user(sethi, (unsigned int *)regs->tpc);
12369 + err |= get_user(bajmpl, (unsigned int *)(regs->tpc+4));
12370 + err |= get_user(nop, (unsigned int *)(regs->tpc+8));
12371 +
12372 + if (err)
12373 + break;
12374 +
12375 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
12376 + ((bajmpl & 0xFFFFE000U) == 0x81C06000U || (bajmpl & 0xFFF80000U) == 0x30480000U) &&
12377 + nop == 0x01000000U)
12378 + {
12379 + unsigned long addr;
12380 +
12381 + addr = (sethi & 0x003FFFFFU) << 10;
12382 + regs->u_regs[UREG_G1] = addr;
12383 + if ((bajmpl & 0xFFFFE000U) == 0x81C06000U)
12384 + addr += (((bajmpl | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL);
12385 + else
12386 + addr = regs->tpc + ((((bajmpl | 0xFFFFFFFFFFF80000UL) ^ 0x00040000UL) + 0x00040000UL) << 2);
12387 +
12388 + if (test_thread_flag(TIF_32BIT))
12389 + addr &= 0xFFFFFFFFUL;
12390 +
12391 + regs->tpc = addr;
12392 + regs->tnpc = addr+4;
12393 + return 2;
12394 + }
12395 + } while (0);
12396 +
12397 + do { /* PaX: patched PLT emulation #4 */
12398 + unsigned int sethi, mov1, call, mov2;
12399 +
12400 + err = get_user(sethi, (unsigned int *)regs->tpc);
12401 + err |= get_user(mov1, (unsigned int *)(regs->tpc+4));
12402 + err |= get_user(call, (unsigned int *)(regs->tpc+8));
12403 + err |= get_user(mov2, (unsigned int *)(regs->tpc+12));
12404 +
12405 + if (err)
12406 + break;
12407 +
12408 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
12409 + mov1 == 0x8210000FU &&
12410 + (call & 0xC0000000U) == 0x40000000U &&
12411 + mov2 == 0x9E100001U)
12412 + {
12413 + unsigned long addr;
12414 +
12415 + regs->u_regs[UREG_G1] = regs->u_regs[UREG_RETPC];
12416 + addr = regs->tpc + 4 + ((((call | 0xFFFFFFFFC0000000UL) ^ 0x20000000UL) + 0x20000000UL) << 2);
12417 +
12418 + if (test_thread_flag(TIF_32BIT))
12419 + addr &= 0xFFFFFFFFUL;
12420 +
12421 + regs->tpc = addr;
12422 + regs->tnpc = addr+4;
12423 + return 2;
12424 + }
12425 + } while (0);
12426 +
12427 + do { /* PaX: patched PLT emulation #5 */
12428 + unsigned int sethi, sethi1, sethi2, or1, or2, sllx, jmpl, nop;
12429 +
12430 + err = get_user(sethi, (unsigned int *)regs->tpc);
12431 + err |= get_user(sethi1, (unsigned int *)(regs->tpc+4));
12432 + err |= get_user(sethi2, (unsigned int *)(regs->tpc+8));
12433 + err |= get_user(or1, (unsigned int *)(regs->tpc+12));
12434 + err |= get_user(or2, (unsigned int *)(regs->tpc+16));
12435 + err |= get_user(sllx, (unsigned int *)(regs->tpc+20));
12436 + err |= get_user(jmpl, (unsigned int *)(regs->tpc+24));
12437 + err |= get_user(nop, (unsigned int *)(regs->tpc+28));
12438 +
12439 + if (err)
12440 + break;
12441 +
12442 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
12443 + (sethi1 & 0xFFC00000U) == 0x03000000U &&
12444 + (sethi2 & 0xFFC00000U) == 0x0B000000U &&
12445 + (or1 & 0xFFFFE000U) == 0x82106000U &&
12446 + (or2 & 0xFFFFE000U) == 0x8A116000U &&
12447 + sllx == 0x83287020U &&
12448 + jmpl == 0x81C04005U &&
12449 + nop == 0x01000000U)
12450 + {
12451 + unsigned long addr;
12452 +
12453 + regs->u_regs[UREG_G1] = ((sethi1 & 0x003FFFFFU) << 10) | (or1 & 0x000003FFU);
12454 + regs->u_regs[UREG_G1] <<= 32;
12455 + regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or2 & 0x000003FFU);
12456 + addr = regs->u_regs[UREG_G1] + regs->u_regs[UREG_G5];
12457 + regs->tpc = addr;
12458 + regs->tnpc = addr+4;
12459 + return 2;
12460 + }
12461 + } while (0);
12462 +
12463 + do { /* PaX: patched PLT emulation #6 */
12464 + unsigned int sethi, sethi1, sethi2, sllx, or, jmpl, nop;
12465 +
12466 + err = get_user(sethi, (unsigned int *)regs->tpc);
12467 + err |= get_user(sethi1, (unsigned int *)(regs->tpc+4));
12468 + err |= get_user(sethi2, (unsigned int *)(regs->tpc+8));
12469 + err |= get_user(sllx, (unsigned int *)(regs->tpc+12));
12470 + err |= get_user(or, (unsigned int *)(regs->tpc+16));
12471 + err |= get_user(jmpl, (unsigned int *)(regs->tpc+20));
12472 + err |= get_user(nop, (unsigned int *)(regs->tpc+24));
12473 +
12474 + if (err)
12475 + break;
12476 +
12477 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
12478 + (sethi1 & 0xFFC00000U) == 0x03000000U &&
12479 + (sethi2 & 0xFFC00000U) == 0x0B000000U &&
12480 + sllx == 0x83287020U &&
12481 + (or & 0xFFFFE000U) == 0x8A116000U &&
12482 + jmpl == 0x81C04005U &&
12483 + nop == 0x01000000U)
12484 + {
12485 + unsigned long addr;
12486 +
12487 + regs->u_regs[UREG_G1] = (sethi1 & 0x003FFFFFU) << 10;
12488 + regs->u_regs[UREG_G1] <<= 32;
12489 + regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or & 0x3FFU);
12490 + addr = regs->u_regs[UREG_G1] + regs->u_regs[UREG_G5];
12491 + regs->tpc = addr;
12492 + regs->tnpc = addr+4;
12493 + return 2;
12494 + }
12495 + } while (0);
12496 +
12497 + do { /* PaX: unpatched PLT emulation step 1 */
12498 + unsigned int sethi, ba, nop;
12499 +
12500 + err = get_user(sethi, (unsigned int *)regs->tpc);
12501 + err |= get_user(ba, (unsigned int *)(regs->tpc+4));
12502 + err |= get_user(nop, (unsigned int *)(regs->tpc+8));
12503 +
12504 + if (err)
12505 + break;
12506 +
12507 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
12508 + ((ba & 0xFFC00000U) == 0x30800000U || (ba & 0xFFF80000U) == 0x30680000U) &&
12509 + nop == 0x01000000U)
12510 + {
12511 + unsigned long addr;
12512 + unsigned int save, call;
12513 + unsigned int sethi1, sethi2, or1, or2, sllx, add, jmpl;
12514 +
12515 + if ((ba & 0xFFC00000U) == 0x30800000U)
12516 + addr = regs->tpc + 4 + ((((ba | 0xFFFFFFFFFFC00000UL) ^ 0x00200000UL) + 0x00200000UL) << 2);
12517 + else
12518 + addr = regs->tpc + 4 + ((((ba | 0xFFFFFFFFFFF80000UL) ^ 0x00040000UL) + 0x00040000UL) << 2);
12519 +
12520 + if (test_thread_flag(TIF_32BIT))
12521 + addr &= 0xFFFFFFFFUL;
12522 +
12523 + err = get_user(save, (unsigned int *)addr);
12524 + err |= get_user(call, (unsigned int *)(addr+4));
12525 + err |= get_user(nop, (unsigned int *)(addr+8));
12526 + if (err)
12527 + break;
12528 +
12529 +#ifdef CONFIG_PAX_DLRESOLVE
12530 + if (save == 0x9DE3BFA8U &&
12531 + (call & 0xC0000000U) == 0x40000000U &&
12532 + nop == 0x01000000U)
12533 + {
12534 + struct vm_area_struct *vma;
12535 + unsigned long call_dl_resolve;
12536 +
12537 + down_read(&current->mm->mmap_sem);
12538 + call_dl_resolve = current->mm->call_dl_resolve;
12539 + up_read(&current->mm->mmap_sem);
12540 + if (likely(call_dl_resolve))
12541 + goto emulate;
12542 +
12543 + vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
12544 +
12545 + down_write(&current->mm->mmap_sem);
12546 + if (current->mm->call_dl_resolve) {
12547 + call_dl_resolve = current->mm->call_dl_resolve;
12548 + up_write(&current->mm->mmap_sem);
12549 + if (vma)
12550 + kmem_cache_free(vm_area_cachep, vma);
12551 + goto emulate;
12552 + }
12553 +
12554 + call_dl_resolve = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE);
12555 + if (!vma || (call_dl_resolve & ~PAGE_MASK)) {
12556 + up_write(&current->mm->mmap_sem);
12557 + if (vma)
12558 + kmem_cache_free(vm_area_cachep, vma);
12559 + return 1;
12560 + }
12561 +
12562 + if (pax_insert_vma(vma, call_dl_resolve)) {
12563 + up_write(&current->mm->mmap_sem);
12564 + kmem_cache_free(vm_area_cachep, vma);
12565 + return 1;
12566 + }
12567 +
12568 + current->mm->call_dl_resolve = call_dl_resolve;
12569 + up_write(&current->mm->mmap_sem);
12570 +
12571 +emulate:
12572 + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
12573 + regs->tpc = call_dl_resolve;
12574 + regs->tnpc = addr+4;
12575 + return 3;
12576 + }
12577 +#endif
12578 +
12579 + /* PaX: glibc 2.4+ generates sethi/jmpl instead of save/call */
12580 + if ((save & 0xFFC00000U) == 0x05000000U &&
12581 + (call & 0xFFFFE000U) == 0x85C0A000U &&
12582 + nop == 0x01000000U)
12583 + {
12584 + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
12585 + regs->u_regs[UREG_G2] = addr + 4;
12586 + addr = (save & 0x003FFFFFU) << 10;
12587 + addr += (((call | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL);
12588 +
12589 + if (test_thread_flag(TIF_32BIT))
12590 + addr &= 0xFFFFFFFFUL;
12591 +
12592 + regs->tpc = addr;
12593 + regs->tnpc = addr+4;
12594 + return 3;
12595 + }
12596 +
12597 + /* PaX: 64-bit PLT stub */
12598 + err = get_user(sethi1, (unsigned int *)addr);
12599 + err |= get_user(sethi2, (unsigned int *)(addr+4));
12600 + err |= get_user(or1, (unsigned int *)(addr+8));
12601 + err |= get_user(or2, (unsigned int *)(addr+12));
12602 + err |= get_user(sllx, (unsigned int *)(addr+16));
12603 + err |= get_user(add, (unsigned int *)(addr+20));
12604 + err |= get_user(jmpl, (unsigned int *)(addr+24));
12605 + err |= get_user(nop, (unsigned int *)(addr+28));
12606 + if (err)
12607 + break;
12608 +
12609 + if ((sethi1 & 0xFFC00000U) == 0x09000000U &&
12610 + (sethi2 & 0xFFC00000U) == 0x0B000000U &&
12611 + (or1 & 0xFFFFE000U) == 0x88112000U &&
12612 + (or2 & 0xFFFFE000U) == 0x8A116000U &&
12613 + sllx == 0x89293020U &&
12614 + add == 0x8A010005U &&
12615 + jmpl == 0x89C14000U &&
12616 + nop == 0x01000000U)
12617 + {
12618 + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
12619 + regs->u_regs[UREG_G4] = ((sethi1 & 0x003FFFFFU) << 10) | (or1 & 0x000003FFU);
12620 + regs->u_regs[UREG_G4] <<= 32;
12621 + regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or2 & 0x000003FFU);
12622 + regs->u_regs[UREG_G5] += regs->u_regs[UREG_G4];
12623 + regs->u_regs[UREG_G4] = addr + 24;
12624 + addr = regs->u_regs[UREG_G5];
12625 + regs->tpc = addr;
12626 + regs->tnpc = addr+4;
12627 + return 3;
12628 + }
12629 + }
12630 + } while (0);
12631 +
12632 +#ifdef CONFIG_PAX_DLRESOLVE
12633 + do { /* PaX: unpatched PLT emulation step 2 */
12634 + unsigned int save, call, nop;
12635 +
12636 + err = get_user(save, (unsigned int *)(regs->tpc-4));
12637 + err |= get_user(call, (unsigned int *)regs->tpc);
12638 + err |= get_user(nop, (unsigned int *)(regs->tpc+4));
12639 + if (err)
12640 + break;
12641 +
12642 + if (save == 0x9DE3BFA8U &&
12643 + (call & 0xC0000000U) == 0x40000000U &&
12644 + nop == 0x01000000U)
12645 + {
12646 + unsigned long dl_resolve = regs->tpc + ((((call | 0xFFFFFFFFC0000000UL) ^ 0x20000000UL) + 0x20000000UL) << 2);
12647 +
12648 + if (test_thread_flag(TIF_32BIT))
12649 + dl_resolve &= 0xFFFFFFFFUL;
12650 +
12651 + regs->u_regs[UREG_RETPC] = regs->tpc;
12652 + regs->tpc = dl_resolve;
12653 + regs->tnpc = dl_resolve+4;
12654 + return 3;
12655 + }
12656 + } while (0);
12657 +#endif
12658 +
12659 + do { /* PaX: patched PLT emulation #7, must be AFTER the unpatched PLT emulation */
12660 + unsigned int sethi, ba, nop;
12661 +
12662 + err = get_user(sethi, (unsigned int *)regs->tpc);
12663 + err |= get_user(ba, (unsigned int *)(regs->tpc+4));
12664 + err |= get_user(nop, (unsigned int *)(regs->tpc+8));
12665 +
12666 + if (err)
12667 + break;
12668 +
12669 + if ((sethi & 0xFFC00000U) == 0x03000000U &&
12670 + (ba & 0xFFF00000U) == 0x30600000U &&
12671 + nop == 0x01000000U)
12672 + {
12673 + unsigned long addr;
12674 +
12675 + addr = (sethi & 0x003FFFFFU) << 10;
12676 + regs->u_regs[UREG_G1] = addr;
12677 + addr = regs->tpc + ((((ba | 0xFFFFFFFFFFF80000UL) ^ 0x00040000UL) + 0x00040000UL) << 2);
12678 +
12679 + if (test_thread_flag(TIF_32BIT))
12680 + addr &= 0xFFFFFFFFUL;
12681 +
12682 + regs->tpc = addr;
12683 + regs->tnpc = addr+4;
12684 + return 2;
12685 + }
12686 + } while (0);
12687 +
12688 +#endif
12689 +
12690 + return 1;
12691 +}
12692 +
12693 +void pax_report_insns(struct pt_regs *regs, void *pc, void *sp)
12694 +{
12695 + unsigned long i;
12696 +
12697 + printk(KERN_ERR "PAX: bytes at PC: ");
12698 + for (i = 0; i < 8; i++) {
12699 + unsigned int c;
12700 + if (get_user(c, (unsigned int *)pc+i))
12701 + printk(KERN_CONT "???????? ");
12702 + else
12703 + printk(KERN_CONT "%08x ", c);
12704 + }
12705 + printk("\n");
12706 +}
12707 +#endif
12708 +
12709 asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs)
12710 {
12711 enum ctx_state prev_state = exception_enter();
12712 @@ -350,6 +813,29 @@ retry:
12713 if (!vma)
12714 goto bad_area;
12715
12716 +#ifdef CONFIG_PAX_PAGEEXEC
12717 + /* PaX: detect ITLB misses on non-exec pages */
12718 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && vma->vm_start <= address &&
12719 + !(vma->vm_flags & VM_EXEC) && (fault_code & FAULT_CODE_ITLB))
12720 + {
12721 + if (address != regs->tpc)
12722 + goto good_area;
12723 +
12724 + up_read(&mm->mmap_sem);
12725 + switch (pax_handle_fetch_fault(regs)) {
12726 +
12727 +#ifdef CONFIG_PAX_EMUPLT
12728 + case 2:
12729 + case 3:
12730 + return;
12731 +#endif
12732 +
12733 + }
12734 + pax_report_fault(regs, (void *)regs->tpc, (void *)(regs->u_regs[UREG_FP] + STACK_BIAS));
12735 + do_group_exit(SIGKILL);
12736 + }
12737 +#endif
12738 +
12739 /* Pure DTLB misses do not tell us whether the fault causing
12740 * load/store/atomic was a write or not, it only says that there
12741 * was no match. So in such a case we (carefully) read the
12742 diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c
12743 index 988acc8b..f26345c 100644
12744 --- a/arch/sparc/mm/hugetlbpage.c
12745 +++ b/arch/sparc/mm/hugetlbpage.c
12746 @@ -26,8 +26,10 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp,
12747 unsigned long addr,
12748 unsigned long len,
12749 unsigned long pgoff,
12750 - unsigned long flags)
12751 + unsigned long flags,
12752 + unsigned long offset)
12753 {
12754 + struct mm_struct *mm = current->mm;
12755 unsigned long task_size = TASK_SIZE;
12756 struct vm_unmapped_area_info info;
12757
12758 @@ -36,15 +38,22 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp,
12759
12760 info.flags = 0;
12761 info.length = len;
12762 - info.low_limit = TASK_UNMAPPED_BASE;
12763 + info.low_limit = mm->mmap_base;
12764 info.high_limit = min(task_size, VA_EXCLUDE_START);
12765 info.align_mask = PAGE_MASK & ~HPAGE_MASK;
12766 info.align_offset = 0;
12767 + info.threadstack_offset = offset;
12768 addr = vm_unmapped_area(&info);
12769
12770 if ((addr & ~PAGE_MASK) && task_size > VA_EXCLUDE_END) {
12771 VM_BUG_ON(addr != -ENOMEM);
12772 info.low_limit = VA_EXCLUDE_END;
12773 +
12774 +#ifdef CONFIG_PAX_RANDMMAP
12775 + if (mm->pax_flags & MF_PAX_RANDMMAP)
12776 + info.low_limit += mm->delta_mmap;
12777 +#endif
12778 +
12779 info.high_limit = task_size;
12780 addr = vm_unmapped_area(&info);
12781 }
12782 @@ -53,10 +62,11 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp,
12783 }
12784
12785 static unsigned long
12786 -hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
12787 - const unsigned long len,
12788 - const unsigned long pgoff,
12789 - const unsigned long flags)
12790 +hugetlb_get_unmapped_area_topdown(struct file *filp, unsigned long addr0,
12791 + unsigned long len,
12792 + unsigned long pgoff,
12793 + unsigned long flags,
12794 + unsigned long offset)
12795 {
12796 struct mm_struct *mm = current->mm;
12797 unsigned long addr = addr0;
12798 @@ -71,6 +81,7 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
12799 info.high_limit = mm->mmap_base;
12800 info.align_mask = PAGE_MASK & ~HPAGE_MASK;
12801 info.align_offset = 0;
12802 + info.threadstack_offset = offset;
12803 addr = vm_unmapped_area(&info);
12804
12805 /*
12806 @@ -83,6 +94,12 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
12807 VM_BUG_ON(addr != -ENOMEM);
12808 info.flags = 0;
12809 info.low_limit = TASK_UNMAPPED_BASE;
12810 +
12811 +#ifdef CONFIG_PAX_RANDMMAP
12812 + if (mm->pax_flags & MF_PAX_RANDMMAP)
12813 + info.low_limit += mm->delta_mmap;
12814 +#endif
12815 +
12816 info.high_limit = STACK_TOP32;
12817 addr = vm_unmapped_area(&info);
12818 }
12819 @@ -97,6 +114,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
12820 struct mm_struct *mm = current->mm;
12821 struct vm_area_struct *vma;
12822 unsigned long task_size = TASK_SIZE;
12823 + unsigned long offset = gr_rand_threadstack_offset(mm, file, flags);
12824
12825 if (test_thread_flag(TIF_32BIT))
12826 task_size = STACK_TOP32;
12827 @@ -112,19 +130,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
12828 return addr;
12829 }
12830
12831 +#ifdef CONFIG_PAX_RANDMMAP
12832 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
12833 +#endif
12834 +
12835 if (addr) {
12836 addr = ALIGN(addr, HPAGE_SIZE);
12837 vma = find_vma(mm, addr);
12838 - if (task_size - len >= addr &&
12839 - (!vma || addr + len <= vma->vm_start))
12840 + if (task_size - len >= addr && check_heap_stack_gap(vma, addr, len, offset))
12841 return addr;
12842 }
12843 if (mm->get_unmapped_area == arch_get_unmapped_area)
12844 return hugetlb_get_unmapped_area_bottomup(file, addr, len,
12845 - pgoff, flags);
12846 + pgoff, flags, offset);
12847 else
12848 return hugetlb_get_unmapped_area_topdown(file, addr, len,
12849 - pgoff, flags);
12850 + pgoff, flags, offset);
12851 }
12852
12853 pte_t *huge_pte_alloc(struct mm_struct *mm,
12854 diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c
12855 index 7ac6b62..58e934c 100644
12856 --- a/arch/sparc/mm/init_64.c
12857 +++ b/arch/sparc/mm/init_64.c
12858 @@ -189,9 +189,9 @@ unsigned long sparc64_kern_sec_context __read_mostly;
12859 int num_kernel_image_mappings;
12860
12861 #ifdef CONFIG_DEBUG_DCFLUSH
12862 -atomic_t dcpage_flushes = ATOMIC_INIT(0);
12863 +atomic_unchecked_t dcpage_flushes = ATOMIC_INIT(0);
12864 #ifdef CONFIG_SMP
12865 -atomic_t dcpage_flushes_xcall = ATOMIC_INIT(0);
12866 +atomic_unchecked_t dcpage_flushes_xcall = ATOMIC_INIT(0);
12867 #endif
12868 #endif
12869
12870 @@ -199,7 +199,7 @@ inline void flush_dcache_page_impl(struct page *page)
12871 {
12872 BUG_ON(tlb_type == hypervisor);
12873 #ifdef CONFIG_DEBUG_DCFLUSH
12874 - atomic_inc(&dcpage_flushes);
12875 + atomic_inc_unchecked(&dcpage_flushes);
12876 #endif
12877
12878 #ifdef DCACHE_ALIASING_POSSIBLE
12879 @@ -462,10 +462,10 @@ void mmu_info(struct seq_file *m)
12880
12881 #ifdef CONFIG_DEBUG_DCFLUSH
12882 seq_printf(m, "DCPageFlushes\t: %d\n",
12883 - atomic_read(&dcpage_flushes));
12884 + atomic_read_unchecked(&dcpage_flushes));
12885 #ifdef CONFIG_SMP
12886 seq_printf(m, "DCPageFlushesXC\t: %d\n",
12887 - atomic_read(&dcpage_flushes_xcall));
12888 + atomic_read_unchecked(&dcpage_flushes_xcall));
12889 #endif /* CONFIG_SMP */
12890 #endif /* CONFIG_DEBUG_DCFLUSH */
12891 }
12892 diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig
12893 index 78da75b..264302d 100644
12894 --- a/arch/tile/Kconfig
12895 +++ b/arch/tile/Kconfig
12896 @@ -193,6 +193,7 @@ source "kernel/Kconfig.hz"
12897 config KEXEC
12898 bool "kexec system call"
12899 select KEXEC_CORE
12900 + depends on !GRKERNSEC_KMEM
12901 ---help---
12902 kexec is a system call that implements the ability to shutdown your
12903 current kernel, and to start another kernel. It is like a reboot
12904 diff --git a/arch/tile/include/asm/atomic_64.h b/arch/tile/include/asm/atomic_64.h
12905 index 4cefa0c..98d8b83 100644
12906 --- a/arch/tile/include/asm/atomic_64.h
12907 +++ b/arch/tile/include/asm/atomic_64.h
12908 @@ -195,6 +195,16 @@ static inline long atomic64_add_unless(atomic64_t *v, long a, long u)
12909
12910 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
12911
12912 +#define atomic64_read_unchecked(v) atomic64_read(v)
12913 +#define atomic64_set_unchecked(v, i) atomic64_set((v), (i))
12914 +#define atomic64_add_unchecked(a, v) atomic64_add((a), (v))
12915 +#define atomic64_add_return_unchecked(a, v) atomic64_add_return((a), (v))
12916 +#define atomic64_sub_unchecked(a, v) atomic64_sub((a), (v))
12917 +#define atomic64_inc_unchecked(v) atomic64_inc(v)
12918 +#define atomic64_inc_return_unchecked(v) atomic64_inc_return(v)
12919 +#define atomic64_dec_unchecked(v) atomic64_dec(v)
12920 +#define atomic64_cmpxchg_unchecked(v, o, n) atomic64_cmpxchg((v), (o), (n))
12921 +
12922 #endif /* !__ASSEMBLY__ */
12923
12924 #endif /* _ASM_TILE_ATOMIC_64_H */
12925 diff --git a/arch/tile/include/asm/cache.h b/arch/tile/include/asm/cache.h
12926 index 6160761..00cac88 100644
12927 --- a/arch/tile/include/asm/cache.h
12928 +++ b/arch/tile/include/asm/cache.h
12929 @@ -15,11 +15,12 @@
12930 #ifndef _ASM_TILE_CACHE_H
12931 #define _ASM_TILE_CACHE_H
12932
12933 +#include <linux/const.h>
12934 #include <arch/chip.h>
12935
12936 /* bytes per L1 data cache line */
12937 #define L1_CACHE_SHIFT CHIP_L1D_LOG_LINE_SIZE()
12938 -#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
12939 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
12940
12941 /* bytes per L2 cache line */
12942 #define L2_CACHE_SHIFT CHIP_L2_LOG_LINE_SIZE()
12943 diff --git a/arch/tile/include/asm/uaccess.h b/arch/tile/include/asm/uaccess.h
12944 index a77369e..7ba6ecd 100644
12945 --- a/arch/tile/include/asm/uaccess.h
12946 +++ b/arch/tile/include/asm/uaccess.h
12947 @@ -428,9 +428,9 @@ static inline unsigned long __must_check copy_from_user(void *to,
12948 const void __user *from,
12949 unsigned long n)
12950 {
12951 - int sz = __compiletime_object_size(to);
12952 + size_t sz = __compiletime_object_size(to);
12953
12954 - if (likely(sz == -1 || sz >= n))
12955 + if (likely(sz == (size_t)-1 || sz >= n))
12956 n = _copy_from_user(to, from, n);
12957 else if (!__builtin_constant_p(n))
12958 copy_user_overflow(sz, n);
12959 diff --git a/arch/tile/mm/hugetlbpage.c b/arch/tile/mm/hugetlbpage.c
12960 index 77ceaa3..3630dea 100644
12961 --- a/arch/tile/mm/hugetlbpage.c
12962 +++ b/arch/tile/mm/hugetlbpage.c
12963 @@ -174,6 +174,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
12964 info.high_limit = TASK_SIZE;
12965 info.align_mask = PAGE_MASK & ~huge_page_mask(h);
12966 info.align_offset = 0;
12967 + info.threadstack_offset = 0;
12968 return vm_unmapped_area(&info);
12969 }
12970
12971 @@ -191,6 +192,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
12972 info.high_limit = current->mm->mmap_base;
12973 info.align_mask = PAGE_MASK & ~huge_page_mask(h);
12974 info.align_offset = 0;
12975 + info.threadstack_offset = 0;
12976 addr = vm_unmapped_area(&info);
12977
12978 /*
12979 diff --git a/arch/um/Makefile b/arch/um/Makefile
12980 index 0ca46ede..8d7fd38 100644
12981 --- a/arch/um/Makefile
12982 +++ b/arch/um/Makefile
12983 @@ -73,6 +73,8 @@ USER_CFLAGS = $(patsubst $(KERNEL_DEFINES),,$(patsubst -I%,,$(KBUILD_CFLAGS))) \
12984 -D_FILE_OFFSET_BITS=64 -idirafter $(srctree)/include \
12985 -idirafter $(obj)/include -D__KERNEL__ -D__UM_HOST__
12986
12987 +USER_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(USER_CFLAGS))
12988 +
12989 #This will adjust *FLAGS accordingly to the platform.
12990 include $(ARCH_DIR)/Makefile-os-$(OS)
12991
12992 diff --git a/arch/um/include/asm/cache.h b/arch/um/include/asm/cache.h
12993 index 19e1bdd..3665b77 100644
12994 --- a/arch/um/include/asm/cache.h
12995 +++ b/arch/um/include/asm/cache.h
12996 @@ -1,6 +1,7 @@
12997 #ifndef __UM_CACHE_H
12998 #define __UM_CACHE_H
12999
13000 +#include <linux/const.h>
13001
13002 #if defined(CONFIG_UML_X86) && !defined(CONFIG_64BIT)
13003 # define L1_CACHE_SHIFT (CONFIG_X86_L1_CACHE_SHIFT)
13004 @@ -12,6 +13,6 @@
13005 # define L1_CACHE_SHIFT 5
13006 #endif
13007
13008 -#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
13009 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
13010
13011 #endif
13012 diff --git a/arch/um/include/asm/kmap_types.h b/arch/um/include/asm/kmap_types.h
13013 index 2e0a6b1..a64d0f5 100644
13014 --- a/arch/um/include/asm/kmap_types.h
13015 +++ b/arch/um/include/asm/kmap_types.h
13016 @@ -8,6 +8,6 @@
13017
13018 /* No more #include "asm/arch/kmap_types.h" ! */
13019
13020 -#define KM_TYPE_NR 14
13021 +#define KM_TYPE_NR 15
13022
13023 #endif
13024 diff --git a/arch/um/include/asm/page.h b/arch/um/include/asm/page.h
13025 index f878bec..ca09300 100644
13026 --- a/arch/um/include/asm/page.h
13027 +++ b/arch/um/include/asm/page.h
13028 @@ -14,6 +14,9 @@
13029 #define PAGE_SIZE (_AC(1, UL) << PAGE_SHIFT)
13030 #define PAGE_MASK (~(PAGE_SIZE-1))
13031
13032 +#define ktla_ktva(addr) (addr)
13033 +#define ktva_ktla(addr) (addr)
13034 +
13035 #ifndef __ASSEMBLY__
13036
13037 struct page;
13038 diff --git a/arch/um/include/asm/pgtable-3level.h b/arch/um/include/asm/pgtable-3level.h
13039 index bae8523..ba9484b 100644
13040 --- a/arch/um/include/asm/pgtable-3level.h
13041 +++ b/arch/um/include/asm/pgtable-3level.h
13042 @@ -58,6 +58,7 @@
13043 #define pud_present(x) (pud_val(x) & _PAGE_PRESENT)
13044 #define pud_populate(mm, pud, pmd) \
13045 set_pud(pud, __pud(_PAGE_TABLE + __pa(pmd)))
13046 +#define pud_populate_kernel(mm, pud, pmd) pud_populate((mm), (pud), (pmd))
13047
13048 #ifdef CONFIG_64BIT
13049 #define set_pud(pudptr, pudval) set_64bit((u64 *) (pudptr), pud_val(pudval))
13050 diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c
13051 index 034b42c7..5c186ce 100644
13052 --- a/arch/um/kernel/process.c
13053 +++ b/arch/um/kernel/process.c
13054 @@ -343,22 +343,6 @@ int singlestepping(void * t)
13055 return 2;
13056 }
13057
13058 -/*
13059 - * Only x86 and x86_64 have an arch_align_stack().
13060 - * All other arches have "#define arch_align_stack(x) (x)"
13061 - * in their asm/exec.h
13062 - * As this is included in UML from asm-um/system-generic.h,
13063 - * we can use it to behave as the subarch does.
13064 - */
13065 -#ifndef arch_align_stack
13066 -unsigned long arch_align_stack(unsigned long sp)
13067 -{
13068 - if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
13069 - sp -= get_random_int() % 8192;
13070 - return sp & ~0xf;
13071 -}
13072 -#endif
13073 -
13074 unsigned long get_wchan(struct task_struct *p)
13075 {
13076 unsigned long stack_page, sp, ip;
13077 diff --git a/arch/unicore32/include/asm/cache.h b/arch/unicore32/include/asm/cache.h
13078 index ad8f795..2c7eec6 100644
13079 --- a/arch/unicore32/include/asm/cache.h
13080 +++ b/arch/unicore32/include/asm/cache.h
13081 @@ -12,8 +12,10 @@
13082 #ifndef __UNICORE_CACHE_H__
13083 #define __UNICORE_CACHE_H__
13084
13085 -#define L1_CACHE_SHIFT (5)
13086 -#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
13087 +#include <linux/const.h>
13088 +
13089 +#define L1_CACHE_SHIFT 5
13090 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
13091
13092 /*
13093 * Memory returned by kmalloc() may be used for DMA, so we must make
13094 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
13095 index 2a1f0ce..ca2cc51 100644
13096 --- a/arch/x86/Kconfig
13097 +++ b/arch/x86/Kconfig
13098 @@ -39,14 +39,13 @@ config X86
13099 select ARCH_MIGHT_HAVE_PC_SERIO
13100 select ARCH_SUPPORTS_ATOMIC_RMW
13101 select ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT
13102 - select ARCH_SUPPORTS_INT128 if X86_64
13103 + select ARCH_SUPPORTS_INT128 if X86_64 && !PAX_SIZE_OVERFLOW_EXTRA && !PAX_SIZE_OVERFLOW
13104 select ARCH_SUPPORTS_NUMA_BALANCING if X86_64
13105 select ARCH_USE_BUILTIN_BSWAP
13106 select ARCH_USE_CMPXCHG_LOCKREF if X86_64
13107 select ARCH_USE_QUEUED_RWLOCKS
13108 select ARCH_USE_QUEUED_SPINLOCKS
13109 select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH if SMP
13110 - select ARCH_WANTS_DYNAMIC_TASK_STRUCT
13111 select ARCH_WANT_FRAME_POINTERS
13112 select ARCH_WANT_IPC_PARSE_VERSION if X86_32
13113 select BUILDTIME_EXTABLE_SORT
13114 @@ -93,7 +92,7 @@ config X86
13115 select HAVE_ARCH_TRANSPARENT_HUGEPAGE
13116 select HAVE_ARCH_WITHIN_STACK_FRAMES
13117 select HAVE_EBPF_JIT if X86_64
13118 - select HAVE_CC_STACKPROTECTOR
13119 + select HAVE_CC_STACKPROTECTOR if X86_64 || !PAX_MEMORY_UDEREF
13120 select HAVE_CMPXCHG_DOUBLE
13121 select HAVE_CMPXCHG_LOCAL
13122 select HAVE_CONTEXT_TRACKING if X86_64
13123 @@ -136,6 +135,7 @@ config X86
13124 select HAVE_NMI
13125 select HAVE_OPROFILE
13126 select HAVE_OPTPROBES
13127 + select HAVE_PAX_INITIFY_INIT_EXIT if GCC_PLUGINS
13128 select HAVE_PCSPKR_PLATFORM
13129 select HAVE_PERF_EVENTS
13130 select HAVE_PERF_EVENTS_NMI
13131 @@ -189,11 +189,13 @@ config MMU
13132 def_bool y
13133
13134 config ARCH_MMAP_RND_BITS_MIN
13135 - default 28 if 64BIT
13136 + default 28 if 64BIT && !PAX_PER_CPU_PGD
13137 + default 27 if 64BIT && PAX_PER_CPU_PGD
13138 default 8
13139
13140 config ARCH_MMAP_RND_BITS_MAX
13141 - default 32 if 64BIT
13142 + default 32 if 64BIT && !PAX_PER_CPU_PGD
13143 + default 27 if 64BIT && PAX_PER_CPU_PGD
13144 default 16
13145
13146 config ARCH_MMAP_RND_COMPAT_BITS_MIN
13147 @@ -295,7 +297,7 @@ config X86_64_SMP
13148
13149 config X86_32_LAZY_GS
13150 def_bool y
13151 - depends on X86_32 && !CC_STACKPROTECTOR
13152 + depends on X86_32 && !CC_STACKPROTECTOR && !PAX_MEMORY_UDEREF
13153
13154 config ARCH_SUPPORTS_UPROBES
13155 def_bool y
13156 @@ -677,6 +679,7 @@ config SCHED_OMIT_FRAME_POINTER
13157
13158 menuconfig HYPERVISOR_GUEST
13159 bool "Linux guest support"
13160 + depends on !GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_VIRT_GUEST || (GRKERNSEC_CONFIG_VIRT_HOST && GRKERNSEC_CONFIG_VIRT_XEN)
13161 ---help---
13162 Say Y here to enable options for running Linux under various hyper-
13163 visors. This option enables basic hypervisor detection and platform
13164 @@ -1078,6 +1081,7 @@ config VM86
13165
13166 config X86_16BIT
13167 bool "Enable support for 16-bit segments" if EXPERT
13168 + depends on !GRKERNSEC
13169 default y
13170 depends on MODIFY_LDT_SYSCALL
13171 ---help---
13172 @@ -1232,6 +1236,7 @@ choice
13173
13174 config NOHIGHMEM
13175 bool "off"
13176 + depends on !(PAX_PAGEEXEC && PAX_ENABLE_PAE)
13177 ---help---
13178 Linux can use up to 64 Gigabytes of physical memory on x86 systems.
13179 However, the address space of 32-bit x86 processors is only 4
13180 @@ -1268,6 +1273,7 @@ config NOHIGHMEM
13181
13182 config HIGHMEM4G
13183 bool "4GB"
13184 + depends on !(PAX_PAGEEXEC && PAX_ENABLE_PAE)
13185 ---help---
13186 Select this if you have a 32-bit processor and between 1 and 4
13187 gigabytes of physical RAM.
13188 @@ -1320,7 +1326,7 @@ config PAGE_OFFSET
13189 hex
13190 default 0xB0000000 if VMSPLIT_3G_OPT
13191 default 0x80000000 if VMSPLIT_2G
13192 - default 0x78000000 if VMSPLIT_2G_OPT
13193 + default 0x70000000 if VMSPLIT_2G_OPT
13194 default 0x40000000 if VMSPLIT_1G
13195 default 0xC0000000
13196 depends on X86_32
13197 @@ -1341,7 +1347,6 @@ config X86_PAE
13198
13199 config ARCH_PHYS_ADDR_T_64BIT
13200 def_bool y
13201 - depends on X86_64 || X86_PAE
13202
13203 config ARCH_DMA_ADDR_T_64BIT
13204 def_bool y
13205 @@ -1472,7 +1477,7 @@ config ARCH_PROC_KCORE_TEXT
13206
13207 config ILLEGAL_POINTER_VALUE
13208 hex
13209 - default 0 if X86_32
13210 + default 0xfffff000 if X86_32
13211 default 0xdead000000000000 if X86_64
13212
13213 source "mm/Kconfig"
13214 @@ -1795,6 +1800,7 @@ source kernel/Kconfig.hz
13215 config KEXEC
13216 bool "kexec system call"
13217 select KEXEC_CORE
13218 + depends on !GRKERNSEC_KMEM
13219 ---help---
13220 kexec is a system call that implements the ability to shutdown your
13221 current kernel, and to start another kernel. It is like a reboot
13222 @@ -1922,7 +1928,7 @@ config RELOCATABLE
13223
13224 config RANDOMIZE_BASE
13225 bool "Randomize the address of the kernel image (KASLR)"
13226 - depends on RELOCATABLE
13227 + depends on RELOCATABLE && BROKEN_SECURITY
13228 default n
13229 ---help---
13230 In support of Kernel Address Space Layout Randomization (KASLR),
13231 @@ -1966,7 +1972,9 @@ config X86_NEED_RELOCS
13232
13233 config PHYSICAL_ALIGN
13234 hex "Alignment value to which kernel should be aligned"
13235 - default "0x200000"
13236 + default "0x1000000"
13237 + range 0x200000 0x1000000 if PAX_KERNEXEC && X86_PAE
13238 + range 0x400000 0x1000000 if PAX_KERNEXEC && !X86_PAE
13239 range 0x2000 0x1000000 if X86_32
13240 range 0x200000 0x1000000 if X86_64
13241 ---help---
13242 @@ -2081,6 +2089,7 @@ config COMPAT_VDSO
13243 def_bool n
13244 prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
13245 depends on X86_32 || IA32_EMULATION
13246 + depends on !PAX_PAGEEXEC && !PAX_SEGMEXEC && !PAX_KERNEXEC && !PAX_MEMORY_UDEREF
13247 ---help---
13248 Certain buggy versions of glibc will crash if they are
13249 presented with a 32-bit vDSO that is not mapped at the address
13250 @@ -2121,15 +2130,6 @@ choice
13251
13252 If unsure, select "Emulate".
13253
13254 - config LEGACY_VSYSCALL_NATIVE
13255 - bool "Native"
13256 - help
13257 - Actual executable code is located in the fixed vsyscall
13258 - address mapping, implementing time() efficiently. Since
13259 - this makes the mapping executable, it can be used during
13260 - security vulnerability exploitation (traditionally as
13261 - ROP gadgets). This configuration is not recommended.
13262 -
13263 config LEGACY_VSYSCALL_EMULATE
13264 bool "Emulate"
13265 help
13266 @@ -2210,6 +2210,22 @@ config MODIFY_LDT_SYSCALL
13267
13268 Saying 'N' here may make sense for embedded or server kernels.
13269
13270 +config DEFAULT_MODIFY_LDT_SYSCALL
13271 + bool "Allow userspace to modify the LDT by default"
13272 + default y
13273 +
13274 + ---help---
13275 + Modifying the LDT (Local Descriptor Table) may be needed to run a
13276 + 16-bit or segmented code such as Dosemu or Wine. This is done via
13277 + a system call which is not needed to run portable applications,
13278 + and which can sometimes be abused to exploit some weaknesses of
13279 + the architecture, opening new vulnerabilities.
13280 +
13281 + For this reason this option allows one to enable or disable the
13282 + feature at runtime. It is recommended to say 'N' here to leave
13283 + the system protected, and to enable it at runtime only if needed
13284 + by setting the sys.kernel.modify_ldt sysctl.
13285 +
13286 source "kernel/livepatch/Kconfig"
13287
13288 endmenu
13289 diff --git a/arch/x86/Kconfig.cpu b/arch/x86/Kconfig.cpu
13290 index 3ba5ff2..44bdacc 100644
13291 --- a/arch/x86/Kconfig.cpu
13292 +++ b/arch/x86/Kconfig.cpu
13293 @@ -329,7 +329,7 @@ config X86_PPRO_FENCE
13294
13295 config X86_F00F_BUG
13296 def_bool y
13297 - depends on M586MMX || M586TSC || M586 || M486
13298 + depends on (M586MMX || M586TSC || M586 || M486) && !PAX_KERNEXEC
13299
13300 config X86_INVD_BUG
13301 def_bool y
13302 @@ -337,7 +337,7 @@ config X86_INVD_BUG
13303
13304 config X86_ALIGNMENT_16
13305 def_bool y
13306 - depends on MWINCHIP3D || MWINCHIPC6 || MCYRIXIII || MELAN || MK6 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
13307 + depends on MWINCHIP3D || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK8 || MK7 || MK6 || MCORE2 || MPENTIUM4 || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
13308
13309 config X86_INTEL_USERCOPY
13310 def_bool y
13311 @@ -379,7 +379,7 @@ config X86_CMPXCHG64
13312 # generates cmov.
13313 config X86_CMOV
13314 def_bool y
13315 - depends on (MK8 || MK7 || MCORE2 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM || MGEODE_LX)
13316 + depends on (MK8 || MK7 || MCORE2 || MPSC || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64 || MATOM || MGEODE_LX)
13317
13318 config X86_MINIMUM_CPU_FAMILY
13319 int
13320 diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
13321 index 67eec55..1a5c1ab 100644
13322 --- a/arch/x86/Kconfig.debug
13323 +++ b/arch/x86/Kconfig.debug
13324 @@ -55,6 +55,7 @@ config X86_PTDUMP
13325 tristate "Export kernel pagetable layout to userspace via debugfs"
13326 depends on DEBUG_KERNEL
13327 select DEBUG_FS
13328 + depends on !GRKERNSEC_KMEM
13329 select X86_PTDUMP_CORE
13330 ---help---
13331 Say Y here if you want to show the kernel pagetable layout in a
13332 @@ -84,6 +85,7 @@ config DEBUG_RODATA_TEST
13333
13334 config DEBUG_WX
13335 bool "Warn on W+X mappings at boot"
13336 + depends on BROKEN
13337 select X86_PTDUMP_CORE
13338 ---help---
13339 Generate a warning if any W+X mappings are found at boot.
13340 @@ -111,7 +113,7 @@ config DEBUG_WX
13341
13342 config DEBUG_SET_MODULE_RONX
13343 bool "Set loadable kernel module data as NX and text as RO"
13344 - depends on MODULES
13345 + depends on MODULES && BROKEN
13346 ---help---
13347 This option helps catch unintended modifications to loadable
13348 kernel module's text and read-only data. It also prevents execution
13349 @@ -353,6 +355,7 @@ config X86_DEBUG_FPU
13350 config PUNIT_ATOM_DEBUG
13351 tristate "ATOM Punit debug driver"
13352 select DEBUG_FS
13353 + depends on !GRKERNSEC_KMEM
13354 select IOSF_MBI
13355 ---help---
13356 This is a debug driver, which gets the power states
13357 diff --git a/arch/x86/Makefile b/arch/x86/Makefile
13358 index 830ed39..56602a5 100644
13359 --- a/arch/x86/Makefile
13360 +++ b/arch/x86/Makefile
13361 @@ -75,9 +75,6 @@ ifeq ($(CONFIG_X86_32),y)
13362 # CPU-specific tuning. Anything which can be shared with UML should go here.
13363 include arch/x86/Makefile_32.cpu
13364 KBUILD_CFLAGS += $(cflags-y)
13365 -
13366 - # temporary until string.h is fixed
13367 - KBUILD_CFLAGS += -ffreestanding
13368 else
13369 BITS := 64
13370 UTS_MACHINE := x86_64
13371 @@ -126,6 +123,9 @@ else
13372 KBUILD_CFLAGS += $(call cc-option,-maccumulate-outgoing-args)
13373 endif
13374
13375 +# temporary until string.h is fixed
13376 +KBUILD_CFLAGS += -ffreestanding
13377 +
13378 ifdef CONFIG_X86_X32
13379 x32_ld_ok := $(call try-run,\
13380 /bin/echo -e '1: .quad 1b' | \
13381 @@ -191,6 +191,7 @@ archheaders:
13382 $(Q)$(MAKE) $(build)=arch/x86/entry/syscalls all
13383
13384 archprepare:
13385 + $(if $(LDFLAGS_BUILD_ID),,$(error $(OLD_LD)))
13386 ifeq ($(CONFIG_KEXEC_FILE),y)
13387 $(Q)$(MAKE) $(build)=arch/x86/purgatory arch/x86/purgatory/kexec-purgatory.c
13388 endif
13389 @@ -277,3 +278,9 @@ define archhelp
13390 echo ' FDARGS="..." arguments for the booted kernel'
13391 echo ' FDINITRD=file initrd for the booted kernel'
13392 endef
13393 +
13394 +define OLD_LD
13395 +
13396 +*** ${VERSION}.${PATCHLEVEL} PaX kernels no longer build correctly with old versions of binutils.
13397 +*** Please upgrade your binutils to 2.18 or newer
13398 +endef
13399 diff --git a/arch/x86/boot/bitops.h b/arch/x86/boot/bitops.h
13400 index 0d41d68..2d6120c 100644
13401 --- a/arch/x86/boot/bitops.h
13402 +++ b/arch/x86/boot/bitops.h
13403 @@ -28,7 +28,7 @@ static inline bool variable_test_bit(int nr, const void *addr)
13404 bool v;
13405 const u32 *p = (const u32 *)addr;
13406
13407 - asm("btl %2,%1; setc %0" : "=qm" (v) : "m" (*p), "Ir" (nr));
13408 + asm volatile("btl %2,%1; setc %0" : "=qm" (v) : "m" (*p), "Ir" (nr));
13409 return v;
13410 }
13411
13412 @@ -39,7 +39,7 @@ static inline bool variable_test_bit(int nr, const void *addr)
13413
13414 static inline void set_bit(int nr, void *addr)
13415 {
13416 - asm("btsl %1,%0" : "+m" (*(u32 *)addr) : "Ir" (nr));
13417 + asm volatile("btsl %1,%0" : "+m" (*(u32 *)addr) : "Ir" (nr));
13418 }
13419
13420 #endif /* BOOT_BITOPS_H */
13421 diff --git a/arch/x86/boot/boot.h b/arch/x86/boot/boot.h
13422 index e5612f3..e755d05 100644
13423 --- a/arch/x86/boot/boot.h
13424 +++ b/arch/x86/boot/boot.h
13425 @@ -84,7 +84,7 @@ static inline void io_delay(void)
13426 static inline u16 ds(void)
13427 {
13428 u16 seg;
13429 - asm("movw %%ds,%0" : "=rm" (seg));
13430 + asm volatile("movw %%ds,%0" : "=rm" (seg));
13431 return seg;
13432 }
13433
13434 diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
13435 index 536ccfc..1295cc1f 100644
13436 --- a/arch/x86/boot/compressed/Makefile
13437 +++ b/arch/x86/boot/compressed/Makefile
13438 @@ -35,6 +35,23 @@ KBUILD_CFLAGS += -mno-mmx -mno-sse
13439 KBUILD_CFLAGS += $(call cc-option,-ffreestanding)
13440 KBUILD_CFLAGS += $(call cc-option,-fno-stack-protector)
13441
13442 +ifdef CONFIG_DEBUG_INFO
13443 +ifdef CONFIG_DEBUG_INFO_SPLIT
13444 +KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g)
13445 +else
13446 +KBUILD_CFLAGS += -g
13447 +endif
13448 +KBUILD_AFLAGS += -Wa,--gdwarf-2
13449 +endif
13450 +ifdef CONFIG_DEBUG_INFO_DWARF4
13451 +KBUILD_CFLAGS += $(call cc-option, -gdwarf-4,)
13452 +endif
13453 +
13454 +ifdef CONFIG_DEBUG_INFO_REDUCED
13455 +KBUILD_CFLAGS += $(call cc-option, -femit-struct-debug-baseonly) \
13456 + $(call cc-option,-fno-var-tracking)
13457 +endif
13458 +
13459 KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__
13460 GCOV_PROFILE := n
13461 UBSAN_SANITIZE :=n
13462 diff --git a/arch/x86/boot/compressed/efi_stub_32.S b/arch/x86/boot/compressed/efi_stub_32.S
13463 index a53440e..c3dbf1e 100644
13464 --- a/arch/x86/boot/compressed/efi_stub_32.S
13465 +++ b/arch/x86/boot/compressed/efi_stub_32.S
13466 @@ -46,16 +46,13 @@ ENTRY(efi_call_phys)
13467 * parameter 2, ..., param n. To make things easy, we save the return
13468 * address of efi_call_phys in a global variable.
13469 */
13470 - popl %ecx
13471 - movl %ecx, saved_return_addr(%edx)
13472 - /* get the function pointer into ECX*/
13473 - popl %ecx
13474 - movl %ecx, efi_rt_function_ptr(%edx)
13475 + popl saved_return_addr(%edx)
13476 + popl efi_rt_function_ptr(%edx)
13477
13478 /*
13479 * 3. Call the physical function.
13480 */
13481 - call *%ecx
13482 + call *efi_rt_function_ptr(%edx)
13483
13484 /*
13485 * 4. Balance the stack. And because EAX contain the return value,
13486 @@ -67,15 +64,12 @@ ENTRY(efi_call_phys)
13487 1: popl %edx
13488 subl $1b, %edx
13489
13490 - movl efi_rt_function_ptr(%edx), %ecx
13491 - pushl %ecx
13492 + pushl efi_rt_function_ptr(%edx)
13493
13494 /*
13495 * 10. Push the saved return address onto the stack and return.
13496 */
13497 - movl saved_return_addr(%edx), %ecx
13498 - pushl %ecx
13499 - ret
13500 + jmpl *saved_return_addr(%edx)
13501 ENDPROC(efi_call_phys)
13502 .previous
13503
13504 diff --git a/arch/x86/boot/compressed/efi_thunk_64.S b/arch/x86/boot/compressed/efi_thunk_64.S
13505 index 630384a..278e788 100644
13506 --- a/arch/x86/boot/compressed/efi_thunk_64.S
13507 +++ b/arch/x86/boot/compressed/efi_thunk_64.S
13508 @@ -189,8 +189,8 @@ efi_gdt64:
13509 .long 0 /* Filled out by user */
13510 .word 0
13511 .quad 0x0000000000000000 /* NULL descriptor */
13512 - .quad 0x00af9a000000ffff /* __KERNEL_CS */
13513 - .quad 0x00cf92000000ffff /* __KERNEL_DS */
13514 + .quad 0x00af9b000000ffff /* __KERNEL_CS */
13515 + .quad 0x00cf93000000ffff /* __KERNEL_DS */
13516 .quad 0x0080890000000000 /* TS descriptor */
13517 .quad 0x0000000000000000 /* TS continued */
13518 efi_gdt64_end:
13519 diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S
13520 index 1038524..b6acc21 100644
13521 --- a/arch/x86/boot/compressed/head_32.S
13522 +++ b/arch/x86/boot/compressed/head_32.S
13523 @@ -169,10 +169,10 @@ preferred_addr:
13524 addl %eax, %ebx
13525 notl %eax
13526 andl %eax, %ebx
13527 - cmpl $LOAD_PHYSICAL_ADDR, %ebx
13528 + cmpl $____LOAD_PHYSICAL_ADDR, %ebx
13529 jge 1f
13530 #endif
13531 - movl $LOAD_PHYSICAL_ADDR, %ebx
13532 + movl $____LOAD_PHYSICAL_ADDR, %ebx
13533 1:
13534
13535 /* Target address to relocate to for decompression */
13536 diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
13537 index 0d80a7a..ed3e0ff 100644
13538 --- a/arch/x86/boot/compressed/head_64.S
13539 +++ b/arch/x86/boot/compressed/head_64.S
13540 @@ -103,10 +103,10 @@ ENTRY(startup_32)
13541 addl %eax, %ebx
13542 notl %eax
13543 andl %eax, %ebx
13544 - cmpl $LOAD_PHYSICAL_ADDR, %ebx
13545 + cmpl $____LOAD_PHYSICAL_ADDR, %ebx
13546 jge 1f
13547 #endif
13548 - movl $LOAD_PHYSICAL_ADDR, %ebx
13549 + movl $____LOAD_PHYSICAL_ADDR, %ebx
13550 1:
13551
13552 /* Target address to relocate to for decompression */
13553 @@ -333,10 +333,10 @@ preferred_addr:
13554 addq %rax, %rbp
13555 notq %rax
13556 andq %rax, %rbp
13557 - cmpq $LOAD_PHYSICAL_ADDR, %rbp
13558 + cmpq $____LOAD_PHYSICAL_ADDR, %rbp
13559 jge 1f
13560 #endif
13561 - movq $LOAD_PHYSICAL_ADDR, %rbp
13562 + movq $____LOAD_PHYSICAL_ADDR, %rbp
13563 1:
13564
13565 /* Target address to relocate to for decompression */
13566 @@ -444,8 +444,8 @@ gdt:
13567 .long gdt
13568 .word 0
13569 .quad 0x0000000000000000 /* NULL descriptor */
13570 - .quad 0x00af9a000000ffff /* __KERNEL_CS */
13571 - .quad 0x00cf92000000ffff /* __KERNEL_DS */
13572 + .quad 0x00af9b000000ffff /* __KERNEL_CS */
13573 + .quad 0x00cf93000000ffff /* __KERNEL_DS */
13574 .quad 0x0080890000000000 /* TS descriptor */
13575 .quad 0x0000000000000000 /* TS continued */
13576 gdt_end:
13577 diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
13578 index b3c5a5f0..596115e 100644
13579 --- a/arch/x86/boot/compressed/misc.c
13580 +++ b/arch/x86/boot/compressed/misc.c
13581 @@ -176,13 +176,17 @@ static void handle_relocations(void *output, unsigned long output_len,
13582 int *reloc;
13583 unsigned long delta, map, ptr;
13584 unsigned long min_addr = (unsigned long)output;
13585 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
13586 + unsigned long max_addr = min_addr + (VO___bss_start - VO__text - __PAGE_OFFSET - ____LOAD_PHYSICAL_ADDR);
13587 +#else
13588 unsigned long max_addr = min_addr + (VO___bss_start - VO__text);
13589 +#endif
13590
13591 /*
13592 * Calculate the delta between where vmlinux was linked to load
13593 * and where it was actually loaded.
13594 */
13595 - delta = min_addr - LOAD_PHYSICAL_ADDR;
13596 + delta = min_addr - ____LOAD_PHYSICAL_ADDR;
13597
13598 /*
13599 * The kernel contains a table of relocation addresses. Those
13600 @@ -199,7 +203,7 @@ static void handle_relocations(void *output, unsigned long output_len,
13601 * from __START_KERNEL_map.
13602 */
13603 if (IS_ENABLED(CONFIG_X86_64))
13604 - delta = virt_addr - LOAD_PHYSICAL_ADDR;
13605 + delta = virt_addr - ____LOAD_PHYSICAL_ADDR;
13606
13607 if (!delta) {
13608 debug_putstr("No relocation needed... ");
13609 @@ -274,7 +278,7 @@ static void parse_elf(void *output)
13610 Elf32_Ehdr ehdr;
13611 Elf32_Phdr *phdrs, *phdr;
13612 #endif
13613 - void *dest;
13614 + void *dest, *prev;
13615 int i;
13616
13617 memcpy(&ehdr, output, sizeof(ehdr));
13618 @@ -301,11 +305,14 @@ static void parse_elf(void *output)
13619 case PT_LOAD:
13620 #ifdef CONFIG_RELOCATABLE
13621 dest = output;
13622 - dest += (phdr->p_paddr - LOAD_PHYSICAL_ADDR);
13623 + dest += (phdr->p_paddr - ____LOAD_PHYSICAL_ADDR);
13624 #else
13625 dest = (void *)(phdr->p_paddr);
13626 #endif
13627 memmove(dest, output + phdr->p_offset, phdr->p_filesz);
13628 + if (i)
13629 + memset(prev, 0xff, dest - prev);
13630 + prev = dest + phdr->p_filesz;
13631 break;
13632 default: /* Ignore other PT_* */ break;
13633 }
13634 @@ -337,7 +344,11 @@ asmlinkage __visible void *extract_kernel(void *rmode, memptr heap,
13635 unsigned char *output,
13636 unsigned long output_len)
13637 {
13638 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
13639 + const unsigned long kernel_total_size = VO__end - VO__text - __PAGE_OFFSET - ____LOAD_PHYSICAL_ADDR;
13640 +#else
13641 const unsigned long kernel_total_size = VO__end - VO__text;
13642 +#endif
13643 unsigned long virt_addr = (unsigned long)output;
13644
13645 /* Retain x86 boot parameters pointer passed from startup_32/64. */
13646 @@ -395,7 +406,7 @@ asmlinkage __visible void *extract_kernel(void *rmode, memptr heap,
13647 error("Destination address too large");
13648 #endif
13649 #ifndef CONFIG_RELOCATABLE
13650 - if ((unsigned long)output != LOAD_PHYSICAL_ADDR)
13651 + if ((unsigned long)output != ____LOAD_PHYSICAL_ADDR)
13652 error("Destination address does not match LOAD_PHYSICAL_ADDR");
13653 if ((unsigned long)output != virt_addr)
13654 error("Destination virtual address changed when not relocatable");
13655 diff --git a/arch/x86/boot/compressed/pagetable.c b/arch/x86/boot/compressed/pagetable.c
13656 index 56589d0..f2085be 100644
13657 --- a/arch/x86/boot/compressed/pagetable.c
13658 +++ b/arch/x86/boot/compressed/pagetable.c
13659 @@ -14,6 +14,7 @@
13660 */
13661 #define __pa(x) ((unsigned long)(x))
13662 #define __va(x) ((void *)((unsigned long)(x)))
13663 +#undef CONFIG_PAX_KERNEXEC
13664
13665 #include "misc.h"
13666
13667 diff --git a/arch/x86/boot/cpucheck.c b/arch/x86/boot/cpucheck.c
13668 index 4ad7d70..c703963 100644
13669 --- a/arch/x86/boot/cpucheck.c
13670 +++ b/arch/x86/boot/cpucheck.c
13671 @@ -126,9 +126,9 @@ int check_cpu(int *cpu_level_ptr, int *req_level_ptr, u32 **err_flags_ptr)
13672 u32 ecx = MSR_K7_HWCR;
13673 u32 eax, edx;
13674
13675 - asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
13676 + asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
13677 eax &= ~(1 << 15);
13678 - asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
13679 + asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
13680
13681 get_cpuflags(); /* Make sure it really did something */
13682 err = check_cpuflags();
13683 @@ -141,9 +141,9 @@ int check_cpu(int *cpu_level_ptr, int *req_level_ptr, u32 **err_flags_ptr)
13684 u32 ecx = MSR_VIA_FCR;
13685 u32 eax, edx;
13686
13687 - asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
13688 + asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
13689 eax |= (1<<1)|(1<<7);
13690 - asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
13691 + asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
13692
13693 set_bit(X86_FEATURE_CX8, cpu.flags);
13694 err = check_cpuflags();
13695 @@ -154,12 +154,12 @@ int check_cpu(int *cpu_level_ptr, int *req_level_ptr, u32 **err_flags_ptr)
13696 u32 eax, edx;
13697 u32 level = 1;
13698
13699 - asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
13700 - asm("wrmsr" : : "a" (~0), "d" (edx), "c" (ecx));
13701 - asm("cpuid"
13702 + asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
13703 + asm volatile("wrmsr" : : "a" (~0), "d" (edx), "c" (ecx));
13704 + asm volatile("cpuid"
13705 : "+a" (level), "=d" (cpu.flags[0])
13706 : : "ecx", "ebx");
13707 - asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
13708 + asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
13709
13710 err = check_cpuflags();
13711 } else if (err == 0x01 &&
13712 diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
13713 index 3dd5be3..16720a2 100644
13714 --- a/arch/x86/boot/header.S
13715 +++ b/arch/x86/boot/header.S
13716 @@ -438,7 +438,7 @@ setup_data: .quad 0 # 64-bit physical pointer to
13717 # single linked list of
13718 # struct setup_data
13719
13720 -pref_address: .quad LOAD_PHYSICAL_ADDR # preferred load addr
13721 +pref_address: .quad ____LOAD_PHYSICAL_ADDR # preferred load addr
13722
13723 #
13724 # Getting to provably safe in-place decompression is hard. Worst case
13725 @@ -543,7 +543,12 @@ pref_address: .quad LOAD_PHYSICAL_ADDR # preferred load addr
13726
13727 #define ZO_INIT_SIZE (ZO__end - ZO_startup_32 + ZO_z_min_extract_offset)
13728
13729 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
13730 +#define VO_INIT_SIZE (VO__end - VO__text - __PAGE_OFFSET - ____LOAD_PHYSICAL_ADDR)
13731 +#else
13732 #define VO_INIT_SIZE (VO__end - VO__text)
13733 +#endif
13734 +
13735 #if ZO_INIT_SIZE > VO_INIT_SIZE
13736 # define INIT_SIZE ZO_INIT_SIZE
13737 #else
13738 diff --git a/arch/x86/boot/memory.c b/arch/x86/boot/memory.c
13739 index db75d07..8e6d0af 100644
13740 --- a/arch/x86/boot/memory.c
13741 +++ b/arch/x86/boot/memory.c
13742 @@ -19,7 +19,7 @@
13743
13744 static int detect_memory_e820(void)
13745 {
13746 - int count = 0;
13747 + unsigned int count = 0;
13748 struct biosregs ireg, oreg;
13749 struct e820entry *desc = boot_params.e820_map;
13750 static struct e820entry buf; /* static so it is zeroed */
13751 diff --git a/arch/x86/boot/video-vesa.c b/arch/x86/boot/video-vesa.c
13752 index ba3e100..6501b8f 100644
13753 --- a/arch/x86/boot/video-vesa.c
13754 +++ b/arch/x86/boot/video-vesa.c
13755 @@ -201,6 +201,7 @@ static void vesa_store_pm_info(void)
13756
13757 boot_params.screen_info.vesapm_seg = oreg.es;
13758 boot_params.screen_info.vesapm_off = oreg.di;
13759 + boot_params.screen_info.vesapm_size = oreg.cx;
13760 }
13761
13762 /*
13763 diff --git a/arch/x86/boot/video.c b/arch/x86/boot/video.c
13764 index 77780e3..86be0cb 100644
13765 --- a/arch/x86/boot/video.c
13766 +++ b/arch/x86/boot/video.c
13767 @@ -100,7 +100,7 @@ static void store_mode_params(void)
13768 static unsigned int get_entry(void)
13769 {
13770 char entry_buf[4];
13771 - int i, len = 0;
13772 + unsigned int i, len = 0;
13773 int key;
13774 unsigned int v;
13775
13776 diff --git a/arch/x86/crypto/aes-x86_64-asm_64.S b/arch/x86/crypto/aes-x86_64-asm_64.S
13777 index 9105655..41779c1 100644
13778 --- a/arch/x86/crypto/aes-x86_64-asm_64.S
13779 +++ b/arch/x86/crypto/aes-x86_64-asm_64.S
13780 @@ -8,6 +8,8 @@
13781 * including this sentence is retained in full.
13782 */
13783
13784 +#include <asm/alternative-asm.h>
13785 +
13786 .extern crypto_ft_tab
13787 .extern crypto_it_tab
13788 .extern crypto_fl_tab
13789 @@ -70,6 +72,8 @@
13790 je B192; \
13791 leaq 32(r9),r9;
13792
13793 +#define ret pax_force_retaddr; ret
13794 +
13795 #define epilogue(FUNC,r1,r2,r3,r4,r5,r6,r7,r8,r9) \
13796 movq r1,r2; \
13797 movq r3,r4; \
13798 diff --git a/arch/x86/crypto/aesni-intel_asm.S b/arch/x86/crypto/aesni-intel_asm.S
13799 index 383a6f8..a4db591 100644
13800 --- a/arch/x86/crypto/aesni-intel_asm.S
13801 +++ b/arch/x86/crypto/aesni-intel_asm.S
13802 @@ -32,6 +32,7 @@
13803 #include <linux/linkage.h>
13804 #include <asm/inst.h>
13805 #include <asm/frame.h>
13806 +#include <asm/alternative-asm.h>
13807
13808 /*
13809 * The following macros are used to move an (un)aligned 16 byte value to/from
13810 @@ -218,7 +219,7 @@ enc: .octa 0x2
13811 * num_initial_blocks = b mod 4
13812 * encrypt the initial num_initial_blocks blocks and apply ghash on
13813 * the ciphertext
13814 -* %r10, %r11, %r12, %rax, %xmm5, %xmm6, %xmm7, %xmm8, %xmm9 registers
13815 +* %r10, %r11, %r15, %rax, %xmm5, %xmm6, %xmm7, %xmm8, %xmm9 registers
13816 * are clobbered
13817 * arg1, %arg2, %arg3, %r14 are used as a pointer only, not modified
13818 */
13819 @@ -228,8 +229,8 @@ enc: .octa 0x2
13820 XMM2 XMM3 XMM4 XMMDst TMP6 TMP7 i i_seq operation
13821 MOVADQ SHUF_MASK(%rip), %xmm14
13822 mov arg7, %r10 # %r10 = AAD
13823 - mov arg8, %r12 # %r12 = aadLen
13824 - mov %r12, %r11
13825 + mov arg8, %r15 # %r15 = aadLen
13826 + mov %r15, %r11
13827 pxor %xmm\i, %xmm\i
13828
13829 _get_AAD_loop\num_initial_blocks\operation:
13830 @@ -238,17 +239,17 @@ _get_AAD_loop\num_initial_blocks\operation:
13831 psrldq $4, %xmm\i
13832 pxor \TMP1, %xmm\i
13833 add $4, %r10
13834 - sub $4, %r12
13835 + sub $4, %r15
13836 jne _get_AAD_loop\num_initial_blocks\operation
13837
13838 cmp $16, %r11
13839 je _get_AAD_loop2_done\num_initial_blocks\operation
13840
13841 - mov $16, %r12
13842 + mov $16, %r15
13843 _get_AAD_loop2\num_initial_blocks\operation:
13844 psrldq $4, %xmm\i
13845 - sub $4, %r12
13846 - cmp %r11, %r12
13847 + sub $4, %r15
13848 + cmp %r11, %r15
13849 jne _get_AAD_loop2\num_initial_blocks\operation
13850
13851 _get_AAD_loop2_done\num_initial_blocks\operation:
13852 @@ -443,7 +444,7 @@ _initial_blocks_done\num_initial_blocks\operation:
13853 * num_initial_blocks = b mod 4
13854 * encrypt the initial num_initial_blocks blocks and apply ghash on
13855 * the ciphertext
13856 -* %r10, %r11, %r12, %rax, %xmm5, %xmm6, %xmm7, %xmm8, %xmm9 registers
13857 +* %r10, %r11, %r15, %rax, %xmm5, %xmm6, %xmm7, %xmm8, %xmm9 registers
13858 * are clobbered
13859 * arg1, %arg2, %arg3, %r14 are used as a pointer only, not modified
13860 */
13861 @@ -453,8 +454,8 @@ _initial_blocks_done\num_initial_blocks\operation:
13862 XMM2 XMM3 XMM4 XMMDst TMP6 TMP7 i i_seq operation
13863 MOVADQ SHUF_MASK(%rip), %xmm14
13864 mov arg7, %r10 # %r10 = AAD
13865 - mov arg8, %r12 # %r12 = aadLen
13866 - mov %r12, %r11
13867 + mov arg8, %r15 # %r15 = aadLen
13868 + mov %r15, %r11
13869 pxor %xmm\i, %xmm\i
13870 _get_AAD_loop\num_initial_blocks\operation:
13871 movd (%r10), \TMP1
13872 @@ -462,15 +463,15 @@ _get_AAD_loop\num_initial_blocks\operation:
13873 psrldq $4, %xmm\i
13874 pxor \TMP1, %xmm\i
13875 add $4, %r10
13876 - sub $4, %r12
13877 + sub $4, %r15
13878 jne _get_AAD_loop\num_initial_blocks\operation
13879 cmp $16, %r11
13880 je _get_AAD_loop2_done\num_initial_blocks\operation
13881 - mov $16, %r12
13882 + mov $16, %r15
13883 _get_AAD_loop2\num_initial_blocks\operation:
13884 psrldq $4, %xmm\i
13885 - sub $4, %r12
13886 - cmp %r11, %r12
13887 + sub $4, %r15
13888 + cmp %r11, %r15
13889 jne _get_AAD_loop2\num_initial_blocks\operation
13890 _get_AAD_loop2_done\num_initial_blocks\operation:
13891 PSHUFB_XMM %xmm14, %xmm\i # byte-reflect the AAD data
13892 @@ -1280,8 +1281,8 @@ _esb_loop_\@:
13893 * poly = x^128 + x^127 + x^126 + x^121 + 1
13894 *
13895 *****************************************************************************/
13896 -ENTRY(aesni_gcm_dec)
13897 - push %r12
13898 +RAP_ENTRY(aesni_gcm_dec)
13899 + push %r15
13900 push %r13
13901 push %r14
13902 mov %rsp, %r14
13903 @@ -1291,8 +1292,8 @@ ENTRY(aesni_gcm_dec)
13904 */
13905 sub $VARIABLE_OFFSET, %rsp
13906 and $~63, %rsp # align rsp to 64 bytes
13907 - mov %arg6, %r12
13908 - movdqu (%r12), %xmm13 # %xmm13 = HashKey
13909 + mov %arg6, %r15
13910 + movdqu (%r15), %xmm13 # %xmm13 = HashKey
13911 movdqa SHUF_MASK(%rip), %xmm2
13912 PSHUFB_XMM %xmm2, %xmm13
13913
13914 @@ -1320,10 +1321,10 @@ ENTRY(aesni_gcm_dec)
13915 movdqa %xmm13, HashKey(%rsp) # store HashKey<<1 (mod poly)
13916 mov %arg4, %r13 # save the number of bytes of plaintext/ciphertext
13917 and $-16, %r13 # %r13 = %r13 - (%r13 mod 16)
13918 - mov %r13, %r12
13919 - and $(3<<4), %r12
13920 + mov %r13, %r15
13921 + and $(3<<4), %r15
13922 jz _initial_num_blocks_is_0_decrypt
13923 - cmp $(2<<4), %r12
13924 + cmp $(2<<4), %r15
13925 jb _initial_num_blocks_is_1_decrypt
13926 je _initial_num_blocks_is_2_decrypt
13927 _initial_num_blocks_is_3_decrypt:
13928 @@ -1373,16 +1374,16 @@ _zero_cipher_left_decrypt:
13929 sub $16, %r11
13930 add %r13, %r11
13931 movdqu (%arg3,%r11,1), %xmm1 # receive the last <16 byte block
13932 - lea SHIFT_MASK+16(%rip), %r12
13933 - sub %r13, %r12
13934 + lea SHIFT_MASK+16(%rip), %r15
13935 + sub %r13, %r15
13936 # adjust the shuffle mask pointer to be able to shift 16-%r13 bytes
13937 # (%r13 is the number of bytes in plaintext mod 16)
13938 - movdqu (%r12), %xmm2 # get the appropriate shuffle mask
13939 + movdqu (%r15), %xmm2 # get the appropriate shuffle mask
13940 PSHUFB_XMM %xmm2, %xmm1 # right shift 16-%r13 butes
13941
13942 movdqa %xmm1, %xmm2
13943 pxor %xmm1, %xmm0 # Ciphertext XOR E(K, Yn)
13944 - movdqu ALL_F-SHIFT_MASK(%r12), %xmm1
13945 + movdqu ALL_F-SHIFT_MASK(%r15), %xmm1
13946 # get the appropriate mask to mask out top 16-%r13 bytes of %xmm0
13947 pand %xmm1, %xmm0 # mask out top 16-%r13 bytes of %xmm0
13948 pand %xmm1, %xmm2
13949 @@ -1411,9 +1412,9 @@ _less_than_8_bytes_left_decrypt:
13950 sub $1, %r13
13951 jne _less_than_8_bytes_left_decrypt
13952 _multiple_of_16_bytes_decrypt:
13953 - mov arg8, %r12 # %r13 = aadLen (number of bytes)
13954 - shl $3, %r12 # convert into number of bits
13955 - movd %r12d, %xmm15 # len(A) in %xmm15
13956 + mov arg8, %r15 # %r13 = aadLen (number of bytes)
13957 + shl $3, %r15 # convert into number of bits
13958 + movd %r15d, %xmm15 # len(A) in %xmm15
13959 shl $3, %arg4 # len(C) in bits (*128)
13960 MOVQ_R64_XMM %arg4, %xmm1
13961 pslldq $8, %xmm15 # %xmm15 = len(A)||0x0000000000000000
13962 @@ -1452,7 +1453,8 @@ _return_T_done_decrypt:
13963 mov %r14, %rsp
13964 pop %r14
13965 pop %r13
13966 - pop %r12
13967 + pop %r15
13968 + pax_force_retaddr
13969 ret
13970 ENDPROC(aesni_gcm_dec)
13971
13972 @@ -1540,8 +1542,8 @@ ENDPROC(aesni_gcm_dec)
13973 *
13974 * poly = x^128 + x^127 + x^126 + x^121 + 1
13975 ***************************************************************************/
13976 -ENTRY(aesni_gcm_enc)
13977 - push %r12
13978 +RAP_ENTRY(aesni_gcm_enc)
13979 + push %r15
13980 push %r13
13981 push %r14
13982 mov %rsp, %r14
13983 @@ -1551,8 +1553,8 @@ ENTRY(aesni_gcm_enc)
13984 #
13985 sub $VARIABLE_OFFSET, %rsp
13986 and $~63, %rsp
13987 - mov %arg6, %r12
13988 - movdqu (%r12), %xmm13
13989 + mov %arg6, %r15
13990 + movdqu (%r15), %xmm13
13991 movdqa SHUF_MASK(%rip), %xmm2
13992 PSHUFB_XMM %xmm2, %xmm13
13993
13994 @@ -1576,13 +1578,13 @@ ENTRY(aesni_gcm_enc)
13995 movdqa %xmm13, HashKey(%rsp)
13996 mov %arg4, %r13 # %xmm13 holds HashKey<<1 (mod poly)
13997 and $-16, %r13
13998 - mov %r13, %r12
13999 + mov %r13, %r15
14000
14001 # Encrypt first few blocks
14002
14003 - and $(3<<4), %r12
14004 + and $(3<<4), %r15
14005 jz _initial_num_blocks_is_0_encrypt
14006 - cmp $(2<<4), %r12
14007 + cmp $(2<<4), %r15
14008 jb _initial_num_blocks_is_1_encrypt
14009 je _initial_num_blocks_is_2_encrypt
14010 _initial_num_blocks_is_3_encrypt:
14011 @@ -1635,14 +1637,14 @@ _zero_cipher_left_encrypt:
14012 sub $16, %r11
14013 add %r13, %r11
14014 movdqu (%arg3,%r11,1), %xmm1 # receive the last <16 byte blocks
14015 - lea SHIFT_MASK+16(%rip), %r12
14016 - sub %r13, %r12
14017 + lea SHIFT_MASK+16(%rip), %r15
14018 + sub %r13, %r15
14019 # adjust the shuffle mask pointer to be able to shift 16-r13 bytes
14020 # (%r13 is the number of bytes in plaintext mod 16)
14021 - movdqu (%r12), %xmm2 # get the appropriate shuffle mask
14022 + movdqu (%r15), %xmm2 # get the appropriate shuffle mask
14023 PSHUFB_XMM %xmm2, %xmm1 # shift right 16-r13 byte
14024 pxor %xmm1, %xmm0 # Plaintext XOR Encrypt(K, Yn)
14025 - movdqu ALL_F-SHIFT_MASK(%r12), %xmm1
14026 + movdqu ALL_F-SHIFT_MASK(%r15), %xmm1
14027 # get the appropriate mask to mask out top 16-r13 bytes of xmm0
14028 pand %xmm1, %xmm0 # mask out top 16-r13 bytes of xmm0
14029 movdqa SHUF_MASK(%rip), %xmm10
14030 @@ -1675,9 +1677,9 @@ _less_than_8_bytes_left_encrypt:
14031 sub $1, %r13
14032 jne _less_than_8_bytes_left_encrypt
14033 _multiple_of_16_bytes_encrypt:
14034 - mov arg8, %r12 # %r12 = addLen (number of bytes)
14035 - shl $3, %r12
14036 - movd %r12d, %xmm15 # len(A) in %xmm15
14037 + mov arg8, %r15 # %r15 = addLen (number of bytes)
14038 + shl $3, %r15
14039 + movd %r15d, %xmm15 # len(A) in %xmm15
14040 shl $3, %arg4 # len(C) in bits (*128)
14041 MOVQ_R64_XMM %arg4, %xmm1
14042 pslldq $8, %xmm15 # %xmm15 = len(A)||0x0000000000000000
14043 @@ -1716,7 +1718,8 @@ _return_T_done_encrypt:
14044 mov %r14, %rsp
14045 pop %r14
14046 pop %r13
14047 - pop %r12
14048 + pop %r15
14049 + pax_force_retaddr
14050 ret
14051 ENDPROC(aesni_gcm_enc)
14052
14053 @@ -1734,6 +1737,7 @@ _key_expansion_256a:
14054 pxor %xmm1, %xmm0
14055 movaps %xmm0, (TKEYP)
14056 add $0x10, TKEYP
14057 + pax_force_retaddr
14058 ret
14059 ENDPROC(_key_expansion_128)
14060 ENDPROC(_key_expansion_256a)
14061 @@ -1760,6 +1764,7 @@ _key_expansion_192a:
14062 shufps $0b01001110, %xmm2, %xmm1
14063 movaps %xmm1, 0x10(TKEYP)
14064 add $0x20, TKEYP
14065 + pax_force_retaddr
14066 ret
14067 ENDPROC(_key_expansion_192a)
14068
14069 @@ -1780,6 +1785,7 @@ _key_expansion_192b:
14070
14071 movaps %xmm0, (TKEYP)
14072 add $0x10, TKEYP
14073 + pax_force_retaddr
14074 ret
14075 ENDPROC(_key_expansion_192b)
14076
14077 @@ -1793,6 +1799,7 @@ _key_expansion_256b:
14078 pxor %xmm1, %xmm2
14079 movaps %xmm2, (TKEYP)
14080 add $0x10, TKEYP
14081 + pax_force_retaddr
14082 ret
14083 ENDPROC(_key_expansion_256b)
14084
14085 @@ -1908,13 +1915,14 @@ ENTRY(aesni_set_key)
14086 popl KEYP
14087 #endif
14088 FRAME_END
14089 + pax_force_retaddr
14090 ret
14091 ENDPROC(aesni_set_key)
14092
14093 /*
14094 * void aesni_enc(struct crypto_aes_ctx *ctx, u8 *dst, const u8 *src)
14095 */
14096 -ENTRY(aesni_enc)
14097 +RAP_ENTRY(aesni_enc)
14098 FRAME_BEGIN
14099 #ifndef __x86_64__
14100 pushl KEYP
14101 @@ -1932,6 +1940,7 @@ ENTRY(aesni_enc)
14102 popl KEYP
14103 #endif
14104 FRAME_END
14105 + pax_force_retaddr
14106 ret
14107 ENDPROC(aesni_enc)
14108
14109 @@ -1990,6 +1999,7 @@ _aesni_enc1:
14110 AESENC KEY STATE
14111 movaps 0x70(TKEYP), KEY
14112 AESENCLAST KEY STATE
14113 + pax_force_retaddr
14114 ret
14115 ENDPROC(_aesni_enc1)
14116
14117 @@ -2099,13 +2109,14 @@ _aesni_enc4:
14118 AESENCLAST KEY STATE2
14119 AESENCLAST KEY STATE3
14120 AESENCLAST KEY STATE4
14121 + pax_force_retaddr
14122 ret
14123 ENDPROC(_aesni_enc4)
14124
14125 /*
14126 * void aesni_dec (struct crypto_aes_ctx *ctx, u8 *dst, const u8 *src)
14127 */
14128 -ENTRY(aesni_dec)
14129 +RAP_ENTRY(aesni_dec)
14130 FRAME_BEGIN
14131 #ifndef __x86_64__
14132 pushl KEYP
14133 @@ -2124,6 +2135,7 @@ ENTRY(aesni_dec)
14134 popl KEYP
14135 #endif
14136 FRAME_END
14137 + pax_force_retaddr
14138 ret
14139 ENDPROC(aesni_dec)
14140
14141 @@ -2182,6 +2194,7 @@ _aesni_dec1:
14142 AESDEC KEY STATE
14143 movaps 0x70(TKEYP), KEY
14144 AESDECLAST KEY STATE
14145 + pax_force_retaddr
14146 ret
14147 ENDPROC(_aesni_dec1)
14148
14149 @@ -2291,6 +2304,7 @@ _aesni_dec4:
14150 AESDECLAST KEY STATE2
14151 AESDECLAST KEY STATE3
14152 AESDECLAST KEY STATE4
14153 + pax_force_retaddr
14154 ret
14155 ENDPROC(_aesni_dec4)
14156
14157 @@ -2351,6 +2365,7 @@ ENTRY(aesni_ecb_enc)
14158 popl LEN
14159 #endif
14160 FRAME_END
14161 + pax_force_retaddr
14162 ret
14163 ENDPROC(aesni_ecb_enc)
14164
14165 @@ -2412,6 +2427,7 @@ ENTRY(aesni_ecb_dec)
14166 popl LEN
14167 #endif
14168 FRAME_END
14169 + pax_force_retaddr
14170 ret
14171 ENDPROC(aesni_ecb_dec)
14172
14173 @@ -2456,6 +2472,7 @@ ENTRY(aesni_cbc_enc)
14174 popl IVP
14175 #endif
14176 FRAME_END
14177 + pax_force_retaddr
14178 ret
14179 ENDPROC(aesni_cbc_enc)
14180
14181 @@ -2549,6 +2566,7 @@ ENTRY(aesni_cbc_dec)
14182 popl IVP
14183 #endif
14184 FRAME_END
14185 + pax_force_retaddr
14186 ret
14187 ENDPROC(aesni_cbc_dec)
14188
14189 @@ -2578,6 +2596,7 @@ _aesni_inc_init:
14190 mov $1, TCTR_LOW
14191 MOVQ_R64_XMM TCTR_LOW INC
14192 MOVQ_R64_XMM CTR TCTR_LOW
14193 + pax_force_retaddr
14194 ret
14195 ENDPROC(_aesni_inc_init)
14196
14197 @@ -2607,6 +2626,7 @@ _aesni_inc:
14198 .Linc_low:
14199 movaps CTR, IV
14200 PSHUFB_XMM BSWAP_MASK IV
14201 + pax_force_retaddr
14202 ret
14203 ENDPROC(_aesni_inc)
14204
14205 @@ -2614,7 +2634,7 @@ ENDPROC(_aesni_inc)
14206 * void aesni_ctr_enc(struct crypto_aes_ctx *ctx, const u8 *dst, u8 *src,
14207 * size_t len, u8 *iv)
14208 */
14209 -ENTRY(aesni_ctr_enc)
14210 +RAP_ENTRY(aesni_ctr_enc)
14211 FRAME_BEGIN
14212 cmp $16, LEN
14213 jb .Lctr_enc_just_ret
14214 @@ -2670,6 +2690,7 @@ ENTRY(aesni_ctr_enc)
14215 movups IV, (IVP)
14216 .Lctr_enc_just_ret:
14217 FRAME_END
14218 + pax_force_retaddr
14219 ret
14220 ENDPROC(aesni_ctr_enc)
14221
14222 @@ -2798,6 +2819,7 @@ ENTRY(aesni_xts_crypt8)
14223 movdqu STATE4, 0x70(OUTP)
14224
14225 FRAME_END
14226 + pax_force_retaddr
14227 ret
14228 ENDPROC(aesni_xts_crypt8)
14229
14230 diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
14231 index 0ab5ee1..a5d431f 100644
14232 --- a/arch/x86/crypto/aesni-intel_glue.c
14233 +++ b/arch/x86/crypto/aesni-intel_glue.c
14234 @@ -71,9 +71,9 @@ struct aesni_xts_ctx {
14235
14236 asmlinkage int aesni_set_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
14237 unsigned int key_len);
14238 -asmlinkage void aesni_enc(struct crypto_aes_ctx *ctx, u8 *out,
14239 +asmlinkage void aesni_enc(void *ctx, u8 *out,
14240 const u8 *in);
14241 -asmlinkage void aesni_dec(struct crypto_aes_ctx *ctx, u8 *out,
14242 +asmlinkage void aesni_dec(void *ctx, u8 *out,
14243 const u8 *in);
14244 asmlinkage void aesni_ecb_enc(struct crypto_aes_ctx *ctx, u8 *out,
14245 const u8 *in, unsigned int len);
14246 diff --git a/arch/x86/crypto/blowfish-x86_64-asm_64.S b/arch/x86/crypto/blowfish-x86_64-asm_64.S
14247 index 246c670..4fb7603 100644
14248 --- a/arch/x86/crypto/blowfish-x86_64-asm_64.S
14249 +++ b/arch/x86/crypto/blowfish-x86_64-asm_64.S
14250 @@ -21,6 +21,7 @@
14251 */
14252
14253 #include <linux/linkage.h>
14254 +#include <asm/alternative-asm.h>
14255
14256 .file "blowfish-x86_64-asm.S"
14257 .text
14258 @@ -149,13 +150,15 @@ ENTRY(__blowfish_enc_blk)
14259 jnz .L__enc_xor;
14260
14261 write_block();
14262 + pax_force_retaddr
14263 ret;
14264 .L__enc_xor:
14265 xor_block();
14266 + pax_force_retaddr
14267 ret;
14268 ENDPROC(__blowfish_enc_blk)
14269
14270 -ENTRY(blowfish_dec_blk)
14271 +RAP_ENTRY(blowfish_dec_blk)
14272 /* input:
14273 * %rdi: ctx, CTX
14274 * %rsi: dst
14275 @@ -183,6 +186,7 @@ ENTRY(blowfish_dec_blk)
14276
14277 movq %r11, %rbp;
14278
14279 + pax_force_retaddr
14280 ret;
14281 ENDPROC(blowfish_dec_blk)
14282
14283 @@ -334,6 +338,7 @@ ENTRY(__blowfish_enc_blk_4way)
14284
14285 popq %rbx;
14286 popq %rbp;
14287 + pax_force_retaddr
14288 ret;
14289
14290 .L__enc_xor4:
14291 @@ -341,10 +346,11 @@ ENTRY(__blowfish_enc_blk_4way)
14292
14293 popq %rbx;
14294 popq %rbp;
14295 + pax_force_retaddr
14296 ret;
14297 ENDPROC(__blowfish_enc_blk_4way)
14298
14299 -ENTRY(blowfish_dec_blk_4way)
14300 +RAP_ENTRY(blowfish_dec_blk_4way)
14301 /* input:
14302 * %rdi: ctx, CTX
14303 * %rsi: dst
14304 @@ -375,5 +381,6 @@ ENTRY(blowfish_dec_blk_4way)
14305 popq %rbx;
14306 popq %rbp;
14307
14308 + pax_force_retaddr
14309 ret;
14310 ENDPROC(blowfish_dec_blk_4way)
14311 diff --git a/arch/x86/crypto/camellia-aesni-avx-asm_64.S b/arch/x86/crypto/camellia-aesni-avx-asm_64.S
14312 index aa9e8bd..0b8def4 100644
14313 --- a/arch/x86/crypto/camellia-aesni-avx-asm_64.S
14314 +++ b/arch/x86/crypto/camellia-aesni-avx-asm_64.S
14315 @@ -17,6 +17,7 @@
14316
14317 #include <linux/linkage.h>
14318 #include <asm/frame.h>
14319 +#include <asm/alternative-asm.h>
14320
14321 #define CAMELLIA_TABLE_BYTE_LEN 272
14322
14323 @@ -192,6 +193,7 @@ roundsm16_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd:
14324 roundsm16(%xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7,
14325 %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, %xmm15,
14326 %rcx, (%r9));
14327 + pax_force_retaddr
14328 ret;
14329 ENDPROC(roundsm16_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd)
14330
14331 @@ -200,6 +202,7 @@ roundsm16_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab:
14332 roundsm16(%xmm4, %xmm5, %xmm6, %xmm7, %xmm0, %xmm1, %xmm2, %xmm3,
14333 %xmm12, %xmm13, %xmm14, %xmm15, %xmm8, %xmm9, %xmm10, %xmm11,
14334 %rax, (%r9));
14335 + pax_force_retaddr
14336 ret;
14337 ENDPROC(roundsm16_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab)
14338
14339 @@ -783,6 +786,7 @@ __camellia_enc_blk16:
14340 %xmm15, (key_table)(CTX, %r8, 8), (%rax), 1 * 16(%rax));
14341
14342 FRAME_END
14343 + pax_force_retaddr
14344 ret;
14345
14346 .align 8
14347 @@ -870,6 +874,7 @@ __camellia_dec_blk16:
14348 %xmm15, (key_table)(CTX), (%rax), 1 * 16(%rax));
14349
14350 FRAME_END
14351 + pax_force_retaddr
14352 ret;
14353
14354 .align 8
14355 @@ -889,7 +894,7 @@ __camellia_dec_blk16:
14356 jmp .Ldec_max24;
14357 ENDPROC(__camellia_dec_blk16)
14358
14359 -ENTRY(camellia_ecb_enc_16way)
14360 +RAP_ENTRY(camellia_ecb_enc_16way)
14361 /* input:
14362 * %rdi: ctx, CTX
14363 * %rsi: dst (16 blocks)
14364 @@ -911,10 +916,11 @@ ENTRY(camellia_ecb_enc_16way)
14365 %xmm8, %rsi);
14366
14367 FRAME_END
14368 + pax_force_retaddr
14369 ret;
14370 ENDPROC(camellia_ecb_enc_16way)
14371
14372 -ENTRY(camellia_ecb_dec_16way)
14373 +RAP_ENTRY(camellia_ecb_dec_16way)
14374 /* input:
14375 * %rdi: ctx, CTX
14376 * %rsi: dst (16 blocks)
14377 @@ -941,10 +947,11 @@ ENTRY(camellia_ecb_dec_16way)
14378 %xmm8, %rsi);
14379
14380 FRAME_END
14381 + pax_force_retaddr
14382 ret;
14383 ENDPROC(camellia_ecb_dec_16way)
14384
14385 -ENTRY(camellia_cbc_dec_16way)
14386 +RAP_ENTRY(camellia_cbc_dec_16way)
14387 /* input:
14388 * %rdi: ctx, CTX
14389 * %rsi: dst (16 blocks)
14390 @@ -992,6 +999,7 @@ ENTRY(camellia_cbc_dec_16way)
14391 %xmm8, %rsi);
14392
14393 FRAME_END
14394 + pax_force_retaddr
14395 ret;
14396 ENDPROC(camellia_cbc_dec_16way)
14397
14398 @@ -1001,7 +1009,7 @@ ENDPROC(camellia_cbc_dec_16way)
14399 vpslldq $8, tmp, tmp; \
14400 vpsubq tmp, x, x;
14401
14402 -ENTRY(camellia_ctr_16way)
14403 +RAP_ENTRY(camellia_ctr_16way)
14404 /* input:
14405 * %rdi: ctx, CTX
14406 * %rsi: dst (16 blocks)
14407 @@ -1105,6 +1113,7 @@ ENTRY(camellia_ctr_16way)
14408 %xmm8, %rsi);
14409
14410 FRAME_END
14411 + pax_force_retaddr
14412 ret;
14413 ENDPROC(camellia_ctr_16way)
14414
14415 @@ -1249,10 +1258,11 @@ camellia_xts_crypt_16way:
14416 %xmm8, %rsi);
14417
14418 FRAME_END
14419 + pax_force_retaddr
14420 ret;
14421 ENDPROC(camellia_xts_crypt_16way)
14422
14423 -ENTRY(camellia_xts_enc_16way)
14424 +RAP_ENTRY(camellia_xts_enc_16way)
14425 /* input:
14426 * %rdi: ctx, CTX
14427 * %rsi: dst (16 blocks)
14428 @@ -1266,7 +1276,7 @@ ENTRY(camellia_xts_enc_16way)
14429 jmp camellia_xts_crypt_16way;
14430 ENDPROC(camellia_xts_enc_16way)
14431
14432 -ENTRY(camellia_xts_dec_16way)
14433 +RAP_ENTRY(camellia_xts_dec_16way)
14434 /* input:
14435 * %rdi: ctx, CTX
14436 * %rsi: dst (16 blocks)
14437 diff --git a/arch/x86/crypto/camellia-aesni-avx2-asm_64.S b/arch/x86/crypto/camellia-aesni-avx2-asm_64.S
14438 index 16186c1..3468f83 100644
14439 --- a/arch/x86/crypto/camellia-aesni-avx2-asm_64.S
14440 +++ b/arch/x86/crypto/camellia-aesni-avx2-asm_64.S
14441 @@ -12,6 +12,7 @@
14442
14443 #include <linux/linkage.h>
14444 #include <asm/frame.h>
14445 +#include <asm/alternative-asm.h>
14446
14447 #define CAMELLIA_TABLE_BYTE_LEN 272
14448
14449 @@ -231,6 +232,7 @@ roundsm32_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd:
14450 roundsm32(%ymm0, %ymm1, %ymm2, %ymm3, %ymm4, %ymm5, %ymm6, %ymm7,
14451 %ymm8, %ymm9, %ymm10, %ymm11, %ymm12, %ymm13, %ymm14, %ymm15,
14452 %rcx, (%r9));
14453 + pax_force_retaddr
14454 ret;
14455 ENDPROC(roundsm32_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd)
14456
14457 @@ -239,6 +241,7 @@ roundsm32_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab:
14458 roundsm32(%ymm4, %ymm5, %ymm6, %ymm7, %ymm0, %ymm1, %ymm2, %ymm3,
14459 %ymm12, %ymm13, %ymm14, %ymm15, %ymm8, %ymm9, %ymm10, %ymm11,
14460 %rax, (%r9));
14461 + pax_force_retaddr
14462 ret;
14463 ENDPROC(roundsm32_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab)
14464
14465 @@ -823,6 +826,7 @@ __camellia_enc_blk32:
14466 %ymm15, (key_table)(CTX, %r8, 8), (%rax), 1 * 32(%rax));
14467
14468 FRAME_END
14469 + pax_force_retaddr
14470 ret;
14471
14472 .align 8
14473 @@ -910,6 +914,7 @@ __camellia_dec_blk32:
14474 %ymm15, (key_table)(CTX), (%rax), 1 * 32(%rax));
14475
14476 FRAME_END
14477 + pax_force_retaddr
14478 ret;
14479
14480 .align 8
14481 @@ -929,7 +934,7 @@ __camellia_dec_blk32:
14482 jmp .Ldec_max24;
14483 ENDPROC(__camellia_dec_blk32)
14484
14485 -ENTRY(camellia_ecb_enc_32way)
14486 +RAP_ENTRY(camellia_ecb_enc_32way)
14487 /* input:
14488 * %rdi: ctx, CTX
14489 * %rsi: dst (32 blocks)
14490 @@ -955,10 +960,11 @@ ENTRY(camellia_ecb_enc_32way)
14491 vzeroupper;
14492
14493 FRAME_END
14494 + pax_force_retaddr
14495 ret;
14496 ENDPROC(camellia_ecb_enc_32way)
14497
14498 -ENTRY(camellia_ecb_dec_32way)
14499 +RAP_ENTRY(camellia_ecb_dec_32way)
14500 /* input:
14501 * %rdi: ctx, CTX
14502 * %rsi: dst (32 blocks)
14503 @@ -989,10 +995,11 @@ ENTRY(camellia_ecb_dec_32way)
14504 vzeroupper;
14505
14506 FRAME_END
14507 + pax_force_retaddr
14508 ret;
14509 ENDPROC(camellia_ecb_dec_32way)
14510
14511 -ENTRY(camellia_cbc_dec_32way)
14512 +RAP_ENTRY(camellia_cbc_dec_32way)
14513 /* input:
14514 * %rdi: ctx, CTX
14515 * %rsi: dst (32 blocks)
14516 @@ -1057,6 +1064,7 @@ ENTRY(camellia_cbc_dec_32way)
14517 vzeroupper;
14518
14519 FRAME_END
14520 + pax_force_retaddr
14521 ret;
14522 ENDPROC(camellia_cbc_dec_32way)
14523
14524 @@ -1074,7 +1082,7 @@ ENDPROC(camellia_cbc_dec_32way)
14525 vpslldq $8, tmp1, tmp1; \
14526 vpsubq tmp1, x, x;
14527
14528 -ENTRY(camellia_ctr_32way)
14529 +RAP_ENTRY(camellia_ctr_32way)
14530 /* input:
14531 * %rdi: ctx, CTX
14532 * %rsi: dst (32 blocks)
14533 @@ -1197,6 +1205,7 @@ ENTRY(camellia_ctr_32way)
14534 vzeroupper;
14535
14536 FRAME_END
14537 + pax_force_retaddr
14538 ret;
14539 ENDPROC(camellia_ctr_32way)
14540
14541 @@ -1364,10 +1373,11 @@ camellia_xts_crypt_32way:
14542 vzeroupper;
14543
14544 FRAME_END
14545 + pax_force_retaddr
14546 ret;
14547 ENDPROC(camellia_xts_crypt_32way)
14548
14549 -ENTRY(camellia_xts_enc_32way)
14550 +RAP_ENTRY(camellia_xts_enc_32way)
14551 /* input:
14552 * %rdi: ctx, CTX
14553 * %rsi: dst (32 blocks)
14554 @@ -1382,7 +1392,7 @@ ENTRY(camellia_xts_enc_32way)
14555 jmp camellia_xts_crypt_32way;
14556 ENDPROC(camellia_xts_enc_32way)
14557
14558 -ENTRY(camellia_xts_dec_32way)
14559 +RAP_ENTRY(camellia_xts_dec_32way)
14560 /* input:
14561 * %rdi: ctx, CTX
14562 * %rsi: dst (32 blocks)
14563 diff --git a/arch/x86/crypto/camellia-x86_64-asm_64.S b/arch/x86/crypto/camellia-x86_64-asm_64.S
14564 index 310319c..9253a8f 100644
14565 --- a/arch/x86/crypto/camellia-x86_64-asm_64.S
14566 +++ b/arch/x86/crypto/camellia-x86_64-asm_64.S
14567 @@ -21,6 +21,7 @@
14568 */
14569
14570 #include <linux/linkage.h>
14571 +#include <asm/alternative-asm.h>
14572
14573 .file "camellia-x86_64-asm_64.S"
14574 .text
14575 @@ -228,16 +229,18 @@ ENTRY(__camellia_enc_blk)
14576 enc_outunpack(mov, RT1);
14577
14578 movq RRBP, %rbp;
14579 + pax_force_retaddr
14580 ret;
14581
14582 .L__enc_xor:
14583 enc_outunpack(xor, RT1);
14584
14585 movq RRBP, %rbp;
14586 + pax_force_retaddr
14587 ret;
14588 ENDPROC(__camellia_enc_blk)
14589
14590 -ENTRY(camellia_dec_blk)
14591 +RAP_ENTRY(camellia_dec_blk)
14592 /* input:
14593 * %rdi: ctx, CTX
14594 * %rsi: dst
14595 @@ -272,6 +275,7 @@ ENTRY(camellia_dec_blk)
14596 dec_outunpack();
14597
14598 movq RRBP, %rbp;
14599 + pax_force_retaddr
14600 ret;
14601 ENDPROC(camellia_dec_blk)
14602
14603 @@ -463,6 +467,7 @@ ENTRY(__camellia_enc_blk_2way)
14604
14605 movq RRBP, %rbp;
14606 popq %rbx;
14607 + pax_force_retaddr
14608 ret;
14609
14610 .L__enc2_xor:
14611 @@ -470,10 +475,11 @@ ENTRY(__camellia_enc_blk_2way)
14612
14613 movq RRBP, %rbp;
14614 popq %rbx;
14615 + pax_force_retaddr
14616 ret;
14617 ENDPROC(__camellia_enc_blk_2way)
14618
14619 -ENTRY(camellia_dec_blk_2way)
14620 +RAP_ENTRY(camellia_dec_blk_2way)
14621 /* input:
14622 * %rdi: ctx, CTX
14623 * %rsi: dst
14624 @@ -510,5 +516,6 @@ ENTRY(camellia_dec_blk_2way)
14625
14626 movq RRBP, %rbp;
14627 movq RXOR, %rbx;
14628 + pax_force_retaddr
14629 ret;
14630 ENDPROC(camellia_dec_blk_2way)
14631 diff --git a/arch/x86/crypto/camellia_aesni_avx2_glue.c b/arch/x86/crypto/camellia_aesni_avx2_glue.c
14632 index 60907c1..fe8638d 100644
14633 --- a/arch/x86/crypto/camellia_aesni_avx2_glue.c
14634 +++ b/arch/x86/crypto/camellia_aesni_avx2_glue.c
14635 @@ -27,20 +27,20 @@
14636 #define CAMELLIA_AESNI_AVX2_PARALLEL_BLOCKS 32
14637
14638 /* 32-way AVX2/AES-NI parallel cipher functions */
14639 -asmlinkage void camellia_ecb_enc_32way(struct camellia_ctx *ctx, u8 *dst,
14640 +asmlinkage void camellia_ecb_enc_32way(void *ctx, u8 *dst,
14641 const u8 *src);
14642 -asmlinkage void camellia_ecb_dec_32way(struct camellia_ctx *ctx, u8 *dst,
14643 +asmlinkage void camellia_ecb_dec_32way(void *ctx, u8 *dst,
14644 const u8 *src);
14645
14646 -asmlinkage void camellia_cbc_dec_32way(struct camellia_ctx *ctx, u8 *dst,
14647 +asmlinkage void camellia_cbc_dec_32way(void *ctx, u8 *dst,
14648 const u8 *src);
14649 -asmlinkage void camellia_ctr_32way(struct camellia_ctx *ctx, u8 *dst,
14650 - const u8 *src, le128 *iv);
14651 +asmlinkage void camellia_ctr_32way(void *ctx, u128 *dst,
14652 + const u128 *src, le128 *iv);
14653
14654 -asmlinkage void camellia_xts_enc_32way(struct camellia_ctx *ctx, u8 *dst,
14655 - const u8 *src, le128 *iv);
14656 -asmlinkage void camellia_xts_dec_32way(struct camellia_ctx *ctx, u8 *dst,
14657 - const u8 *src, le128 *iv);
14658 +asmlinkage void camellia_xts_enc_32way(void *ctx, u128 *dst,
14659 + const u128 *src, le128 *iv);
14660 +asmlinkage void camellia_xts_dec_32way(void *ctx, u128 *dst,
14661 + const u128 *src, le128 *iv);
14662
14663 static const struct common_glue_ctx camellia_enc = {
14664 .num_funcs = 4,
14665 diff --git a/arch/x86/crypto/camellia_aesni_avx_glue.c b/arch/x86/crypto/camellia_aesni_avx_glue.c
14666 index d96429d..18ab2e6 100644
14667 --- a/arch/x86/crypto/camellia_aesni_avx_glue.c
14668 +++ b/arch/x86/crypto/camellia_aesni_avx_glue.c
14669 @@ -26,28 +26,28 @@
14670 #define CAMELLIA_AESNI_PARALLEL_BLOCKS 16
14671
14672 /* 16-way parallel cipher functions (avx/aes-ni) */
14673 -asmlinkage void camellia_ecb_enc_16way(struct camellia_ctx *ctx, u8 *dst,
14674 +asmlinkage void camellia_ecb_enc_16way(void *ctx, u8 *dst,
14675 const u8 *src);
14676 EXPORT_SYMBOL_GPL(camellia_ecb_enc_16way);
14677
14678 -asmlinkage void camellia_ecb_dec_16way(struct camellia_ctx *ctx, u8 *dst,
14679 +asmlinkage void camellia_ecb_dec_16way(void *ctx, u8 *dst,
14680 const u8 *src);
14681 EXPORT_SYMBOL_GPL(camellia_ecb_dec_16way);
14682
14683 -asmlinkage void camellia_cbc_dec_16way(struct camellia_ctx *ctx, u8 *dst,
14684 +asmlinkage void camellia_cbc_dec_16way(void *ctx, u8 *dst,
14685 const u8 *src);
14686 EXPORT_SYMBOL_GPL(camellia_cbc_dec_16way);
14687
14688 -asmlinkage void camellia_ctr_16way(struct camellia_ctx *ctx, u8 *dst,
14689 - const u8 *src, le128 *iv);
14690 +asmlinkage void camellia_ctr_16way(void *ctx, u128 *dst,
14691 + const u128 *src, le128 *iv);
14692 EXPORT_SYMBOL_GPL(camellia_ctr_16way);
14693
14694 -asmlinkage void camellia_xts_enc_16way(struct camellia_ctx *ctx, u8 *dst,
14695 - const u8 *src, le128 *iv);
14696 +asmlinkage void camellia_xts_enc_16way(void *ctx, u128 *dst,
14697 + const u128 *src, le128 *iv);
14698 EXPORT_SYMBOL_GPL(camellia_xts_enc_16way);
14699
14700 -asmlinkage void camellia_xts_dec_16way(struct camellia_ctx *ctx, u8 *dst,
14701 - const u8 *src, le128 *iv);
14702 +asmlinkage void camellia_xts_dec_16way(void *ctx, u128 *dst,
14703 + const u128 *src, le128 *iv);
14704 EXPORT_SYMBOL_GPL(camellia_xts_dec_16way);
14705
14706 void camellia_xts_enc(void *ctx, u128 *dst, const u128 *src, le128 *iv)
14707 diff --git a/arch/x86/crypto/camellia_glue.c b/arch/x86/crypto/camellia_glue.c
14708 index aa76cad..ffd8808 100644
14709 --- a/arch/x86/crypto/camellia_glue.c
14710 +++ b/arch/x86/crypto/camellia_glue.c
14711 @@ -39,7 +39,7 @@
14712 asmlinkage void __camellia_enc_blk(struct camellia_ctx *ctx, u8 *dst,
14713 const u8 *src, bool xor);
14714 EXPORT_SYMBOL_GPL(__camellia_enc_blk);
14715 -asmlinkage void camellia_dec_blk(struct camellia_ctx *ctx, u8 *dst,
14716 +asmlinkage void camellia_dec_blk(void *ctx, u8 *dst,
14717 const u8 *src);
14718 EXPORT_SYMBOL_GPL(camellia_dec_blk);
14719
14720 @@ -47,7 +47,7 @@ EXPORT_SYMBOL_GPL(camellia_dec_blk);
14721 asmlinkage void __camellia_enc_blk_2way(struct camellia_ctx *ctx, u8 *dst,
14722 const u8 *src, bool xor);
14723 EXPORT_SYMBOL_GPL(__camellia_enc_blk_2way);
14724 -asmlinkage void camellia_dec_blk_2way(struct camellia_ctx *ctx, u8 *dst,
14725 +asmlinkage void camellia_dec_blk_2way(void *ctx, u8 *dst,
14726 const u8 *src);
14727 EXPORT_SYMBOL_GPL(camellia_dec_blk_2way);
14728
14729 @@ -1279,8 +1279,10 @@ static int camellia_setkey(struct crypto_tfm *tfm, const u8 *in_key,
14730 &tfm->crt_flags);
14731 }
14732
14733 -void camellia_decrypt_cbc_2way(void *ctx, u128 *dst, const u128 *src)
14734 +void camellia_decrypt_cbc_2way(void *ctx, u8 *_dst, const u8 *_src)
14735 {
14736 + u128 *dst = (u128 *)_dst;
14737 + u128 *src = (u128 *)_src;
14738 u128 iv = *src;
14739
14740 camellia_dec_blk_2way(ctx, (u8 *)dst, (u8 *)src);
14741 diff --git a/arch/x86/crypto/cast5-avx-x86_64-asm_64.S b/arch/x86/crypto/cast5-avx-x86_64-asm_64.S
14742 index 14fa196..5de8a4a 100644
14743 --- a/arch/x86/crypto/cast5-avx-x86_64-asm_64.S
14744 +++ b/arch/x86/crypto/cast5-avx-x86_64-asm_64.S
14745 @@ -25,6 +25,7 @@
14746
14747 #include <linux/linkage.h>
14748 #include <asm/frame.h>
14749 +#include <asm/alternative-asm.h>
14750
14751 .file "cast5-avx-x86_64-asm_64.S"
14752
14753 @@ -282,6 +283,7 @@ __cast5_enc_blk16:
14754 outunpack_blocks(RR3, RL3, RTMP, RX, RKM);
14755 outunpack_blocks(RR4, RL4, RTMP, RX, RKM);
14756
14757 + pax_force_retaddr
14758 ret;
14759 ENDPROC(__cast5_enc_blk16)
14760
14761 @@ -353,6 +355,7 @@ __cast5_dec_blk16:
14762 outunpack_blocks(RR3, RL3, RTMP, RX, RKM);
14763 outunpack_blocks(RR4, RL4, RTMP, RX, RKM);
14764
14765 + pax_force_retaddr
14766 ret;
14767
14768 .L__skip_dec:
14769 @@ -360,7 +363,7 @@ __cast5_dec_blk16:
14770 jmp .L__dec_tail;
14771 ENDPROC(__cast5_dec_blk16)
14772
14773 -ENTRY(cast5_ecb_enc_16way)
14774 +RAP_ENTRY(cast5_ecb_enc_16way)
14775 /* input:
14776 * %rdi: ctx, CTX
14777 * %rsi: dst
14778 @@ -391,10 +394,11 @@ ENTRY(cast5_ecb_enc_16way)
14779 vmovdqu RL4, (7*4*4)(%r11);
14780
14781 FRAME_END
14782 + pax_force_retaddr
14783 ret;
14784 ENDPROC(cast5_ecb_enc_16way)
14785
14786 -ENTRY(cast5_ecb_dec_16way)
14787 +RAP_ENTRY(cast5_ecb_dec_16way)
14788 /* input:
14789 * %rdi: ctx, CTX
14790 * %rsi: dst
14791 @@ -425,6 +429,7 @@ ENTRY(cast5_ecb_dec_16way)
14792 vmovdqu RL4, (7*4*4)(%r11);
14793
14794 FRAME_END
14795 + pax_force_retaddr
14796 ret;
14797 ENDPROC(cast5_ecb_dec_16way)
14798
14799 @@ -436,10 +441,10 @@ ENTRY(cast5_cbc_dec_16way)
14800 */
14801 FRAME_BEGIN
14802
14803 - pushq %r12;
14804 + pushq %r14;
14805
14806 movq %rsi, %r11;
14807 - movq %rdx, %r12;
14808 + movq %rdx, %r14;
14809
14810 vmovdqu (0*16)(%rdx), RL1;
14811 vmovdqu (1*16)(%rdx), RR1;
14812 @@ -453,16 +458,16 @@ ENTRY(cast5_cbc_dec_16way)
14813 call __cast5_dec_blk16;
14814
14815 /* xor with src */
14816 - vmovq (%r12), RX;
14817 + vmovq (%r14), RX;
14818 vpshufd $0x4f, RX, RX;
14819 vpxor RX, RR1, RR1;
14820 - vpxor 0*16+8(%r12), RL1, RL1;
14821 - vpxor 1*16+8(%r12), RR2, RR2;
14822 - vpxor 2*16+8(%r12), RL2, RL2;
14823 - vpxor 3*16+8(%r12), RR3, RR3;
14824 - vpxor 4*16+8(%r12), RL3, RL3;
14825 - vpxor 5*16+8(%r12), RR4, RR4;
14826 - vpxor 6*16+8(%r12), RL4, RL4;
14827 + vpxor 0*16+8(%r14), RL1, RL1;
14828 + vpxor 1*16+8(%r14), RR2, RR2;
14829 + vpxor 2*16+8(%r14), RL2, RL2;
14830 + vpxor 3*16+8(%r14), RR3, RR3;
14831 + vpxor 4*16+8(%r14), RL3, RL3;
14832 + vpxor 5*16+8(%r14), RR4, RR4;
14833 + vpxor 6*16+8(%r14), RL4, RL4;
14834
14835 vmovdqu RR1, (0*16)(%r11);
14836 vmovdqu RL1, (1*16)(%r11);
14837 @@ -473,9 +478,10 @@ ENTRY(cast5_cbc_dec_16way)
14838 vmovdqu RR4, (6*16)(%r11);
14839 vmovdqu RL4, (7*16)(%r11);
14840
14841 - popq %r12;
14842 + popq %r14;
14843
14844 FRAME_END
14845 + pax_force_retaddr
14846 ret;
14847 ENDPROC(cast5_cbc_dec_16way)
14848
14849 @@ -488,10 +494,10 @@ ENTRY(cast5_ctr_16way)
14850 */
14851 FRAME_BEGIN
14852
14853 - pushq %r12;
14854 + pushq %r14;
14855
14856 movq %rsi, %r11;
14857 - movq %rdx, %r12;
14858 + movq %rdx, %r14;
14859
14860 vpcmpeqd RTMP, RTMP, RTMP;
14861 vpsrldq $8, RTMP, RTMP; /* low: -1, high: 0 */
14862 @@ -531,14 +537,14 @@ ENTRY(cast5_ctr_16way)
14863 call __cast5_enc_blk16;
14864
14865 /* dst = src ^ iv */
14866 - vpxor (0*16)(%r12), RR1, RR1;
14867 - vpxor (1*16)(%r12), RL1, RL1;
14868 - vpxor (2*16)(%r12), RR2, RR2;
14869 - vpxor (3*16)(%r12), RL2, RL2;
14870 - vpxor (4*16)(%r12), RR3, RR3;
14871 - vpxor (5*16)(%r12), RL3, RL3;
14872 - vpxor (6*16)(%r12), RR4, RR4;
14873 - vpxor (7*16)(%r12), RL4, RL4;
14874 + vpxor (0*16)(%r14), RR1, RR1;
14875 + vpxor (1*16)(%r14), RL1, RL1;
14876 + vpxor (2*16)(%r14), RR2, RR2;
14877 + vpxor (3*16)(%r14), RL2, RL2;
14878 + vpxor (4*16)(%r14), RR3, RR3;
14879 + vpxor (5*16)(%r14), RL3, RL3;
14880 + vpxor (6*16)(%r14), RR4, RR4;
14881 + vpxor (7*16)(%r14), RL4, RL4;
14882 vmovdqu RR1, (0*16)(%r11);
14883 vmovdqu RL1, (1*16)(%r11);
14884 vmovdqu RR2, (2*16)(%r11);
14885 @@ -548,8 +554,9 @@ ENTRY(cast5_ctr_16way)
14886 vmovdqu RR4, (6*16)(%r11);
14887 vmovdqu RL4, (7*16)(%r11);
14888
14889 - popq %r12;
14890 + popq %r14;
14891
14892 FRAME_END
14893 + pax_force_retaddr
14894 ret;
14895 ENDPROC(cast5_ctr_16way)
14896 diff --git a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S
14897 index c419389..b853452 100644
14898 --- a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S
14899 +++ b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S
14900 @@ -25,6 +25,7 @@
14901
14902 #include <linux/linkage.h>
14903 #include <asm/frame.h>
14904 +#include <asm/alternative-asm.h>
14905 #include "glue_helper-asm-avx.S"
14906
14907 .file "cast6-avx-x86_64-asm_64.S"
14908 @@ -296,6 +297,7 @@ __cast6_enc_blk8:
14909 outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM);
14910 outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM);
14911
14912 + pax_force_retaddr
14913 ret;
14914 ENDPROC(__cast6_enc_blk8)
14915
14916 @@ -341,10 +343,11 @@ __cast6_dec_blk8:
14917 outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM);
14918 outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM);
14919
14920 + pax_force_retaddr
14921 ret;
14922 ENDPROC(__cast6_dec_blk8)
14923
14924 -ENTRY(cast6_ecb_enc_8way)
14925 +RAP_ENTRY(cast6_ecb_enc_8way)
14926 /* input:
14927 * %rdi: ctx, CTX
14928 * %rsi: dst
14929 @@ -361,10 +364,11 @@ ENTRY(cast6_ecb_enc_8way)
14930 store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
14931
14932 FRAME_END
14933 + pax_force_retaddr
14934 ret;
14935 ENDPROC(cast6_ecb_enc_8way)
14936
14937 -ENTRY(cast6_ecb_dec_8way)
14938 +RAP_ENTRY(cast6_ecb_dec_8way)
14939 /* input:
14940 * %rdi: ctx, CTX
14941 * %rsi: dst
14942 @@ -381,10 +385,11 @@ ENTRY(cast6_ecb_dec_8way)
14943 store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
14944
14945 FRAME_END
14946 + pax_force_retaddr
14947 ret;
14948 ENDPROC(cast6_ecb_dec_8way)
14949
14950 -ENTRY(cast6_cbc_dec_8way)
14951 +RAP_ENTRY(cast6_cbc_dec_8way)
14952 /* input:
14953 * %rdi: ctx, CTX
14954 * %rsi: dst
14955 @@ -392,24 +397,25 @@ ENTRY(cast6_cbc_dec_8way)
14956 */
14957 FRAME_BEGIN
14958
14959 - pushq %r12;
14960 + pushq %r14;
14961
14962 movq %rsi, %r11;
14963 - movq %rdx, %r12;
14964 + movq %rdx, %r14;
14965
14966 load_8way(%rdx, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
14967
14968 call __cast6_dec_blk8;
14969
14970 - store_cbc_8way(%r12, %r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
14971 + store_cbc_8way(%r14, %r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
14972
14973 - popq %r12;
14974 + popq %r14;
14975
14976 FRAME_END
14977 + pax_force_retaddr
14978 ret;
14979 ENDPROC(cast6_cbc_dec_8way)
14980
14981 -ENTRY(cast6_ctr_8way)
14982 +RAP_ENTRY(cast6_ctr_8way)
14983 /* input:
14984 * %rdi: ctx, CTX
14985 * %rsi: dst
14986 @@ -418,25 +424,26 @@ ENTRY(cast6_ctr_8way)
14987 */
14988 FRAME_BEGIN
14989
14990 - pushq %r12;
14991 + pushq %r14;
14992
14993 movq %rsi, %r11;
14994 - movq %rdx, %r12;
14995 + movq %rdx, %r14;
14996
14997 load_ctr_8way(%rcx, .Lbswap128_mask, RA1, RB1, RC1, RD1, RA2, RB2, RC2,
14998 RD2, RX, RKR, RKM);
14999
15000 call __cast6_enc_blk8;
15001
15002 - store_ctr_8way(%r12, %r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
15003 + store_ctr_8way(%r14, %r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
15004
15005 - popq %r12;
15006 + popq %r14;
15007
15008 FRAME_END
15009 + pax_force_retaddr
15010 ret;
15011 ENDPROC(cast6_ctr_8way)
15012
15013 -ENTRY(cast6_xts_enc_8way)
15014 +RAP_ENTRY(cast6_xts_enc_8way)
15015 /* input:
15016 * %rdi: ctx, CTX
15017 * %rsi: dst
15018 @@ -457,10 +464,11 @@ ENTRY(cast6_xts_enc_8way)
15019 store_xts_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
15020
15021 FRAME_END
15022 + pax_force_retaddr
15023 ret;
15024 ENDPROC(cast6_xts_enc_8way)
15025
15026 -ENTRY(cast6_xts_dec_8way)
15027 +RAP_ENTRY(cast6_xts_dec_8way)
15028 /* input:
15029 * %rdi: ctx, CTX
15030 * %rsi: dst
15031 @@ -481,5 +489,6 @@ ENTRY(cast6_xts_dec_8way)
15032 store_xts_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
15033
15034 FRAME_END
15035 + pax_force_retaddr
15036 ret;
15037 ENDPROC(cast6_xts_dec_8way)
15038 diff --git a/arch/x86/crypto/cast6_avx_glue.c b/arch/x86/crypto/cast6_avx_glue.c
15039 index 50e6847..bf7c2d8 100644
15040 --- a/arch/x86/crypto/cast6_avx_glue.c
15041 +++ b/arch/x86/crypto/cast6_avx_glue.c
15042 @@ -41,20 +41,20 @@
15043
15044 #define CAST6_PARALLEL_BLOCKS 8
15045
15046 -asmlinkage void cast6_ecb_enc_8way(struct cast6_ctx *ctx, u8 *dst,
15047 +asmlinkage void cast6_ecb_enc_8way(void *ctx, u8 *dst,
15048 const u8 *src);
15049 -asmlinkage void cast6_ecb_dec_8way(struct cast6_ctx *ctx, u8 *dst,
15050 +asmlinkage void cast6_ecb_dec_8way(void *ctx, u8 *dst,
15051 const u8 *src);
15052
15053 -asmlinkage void cast6_cbc_dec_8way(struct cast6_ctx *ctx, u8 *dst,
15054 +asmlinkage void cast6_cbc_dec_8way(void *ctx, u8 *dst,
15055 const u8 *src);
15056 -asmlinkage void cast6_ctr_8way(struct cast6_ctx *ctx, u8 *dst, const u8 *src,
15057 +asmlinkage void cast6_ctr_8way(void *ctx, u128 *dst, const u128 *src,
15058 le128 *iv);
15059
15060 -asmlinkage void cast6_xts_enc_8way(struct cast6_ctx *ctx, u8 *dst,
15061 - const u8 *src, le128 *iv);
15062 -asmlinkage void cast6_xts_dec_8way(struct cast6_ctx *ctx, u8 *dst,
15063 - const u8 *src, le128 *iv);
15064 +asmlinkage void cast6_xts_enc_8way(void *ctx, u128 *dst,
15065 + const u128 *src, le128 *iv);
15066 +asmlinkage void cast6_xts_dec_8way(void *ctx, u128 *dst,
15067 + const u128 *src, le128 *iv);
15068
15069 static void cast6_xts_enc(void *ctx, u128 *dst, const u128 *src, le128 *iv)
15070 {
15071 diff --git a/arch/x86/crypto/crc32-pclmul_asm.S b/arch/x86/crypto/crc32-pclmul_asm.S
15072 index f247304..b500391 100644
15073 --- a/arch/x86/crypto/crc32-pclmul_asm.S
15074 +++ b/arch/x86/crypto/crc32-pclmul_asm.S
15075 @@ -102,6 +102,12 @@
15076 * size_t len, uint crc32)
15077 */
15078
15079 +#ifndef __x86_64__
15080 +__i686_get_pc_thunk_cx:
15081 + mov (%esp),%ecx
15082 + ret
15083 +#endif
15084 +
15085 ENTRY(crc32_pclmul_le_16) /* buffer and buffer size are 16 bytes aligned */
15086 movdqa (BUF), %xmm1
15087 movdqa 0x10(BUF), %xmm2
15088 @@ -113,9 +119,8 @@ ENTRY(crc32_pclmul_le_16) /* buffer and buffer size are 16 bytes aligned */
15089 add $0x40, BUF
15090 #ifndef __x86_64__
15091 /* This is for position independent code(-fPIC) support for 32bit */
15092 - call delta
15093 + call __i686_get_pc_thunk_cx
15094 delta:
15095 - pop %ecx
15096 #endif
15097 cmp $0x40, LEN
15098 jb less_64
15099 @@ -123,7 +128,7 @@ delta:
15100 #ifdef __x86_64__
15101 movdqa .Lconstant_R2R1(%rip), CONSTANT
15102 #else
15103 - movdqa .Lconstant_R2R1 - delta(%ecx), CONSTANT
15104 + movdqa %cs:.Lconstant_R2R1 - delta (%ecx), CONSTANT
15105 #endif
15106
15107 loop_64:/* 64 bytes Full cache line folding */
15108 @@ -172,7 +177,7 @@ less_64:/* Folding cache line into 128bit */
15109 #ifdef __x86_64__
15110 movdqa .Lconstant_R4R3(%rip), CONSTANT
15111 #else
15112 - movdqa .Lconstant_R4R3 - delta(%ecx), CONSTANT
15113 + movdqa %cs:.Lconstant_R4R3 - delta(%ecx), CONSTANT
15114 #endif
15115 prefetchnta (BUF)
15116
15117 @@ -220,8 +225,8 @@ fold_64:
15118 movdqa .Lconstant_R5(%rip), CONSTANT
15119 movdqa .Lconstant_mask32(%rip), %xmm3
15120 #else
15121 - movdqa .Lconstant_R5 - delta(%ecx), CONSTANT
15122 - movdqa .Lconstant_mask32 - delta(%ecx), %xmm3
15123 + movdqa %cs:.Lconstant_R5 - delta(%ecx), CONSTANT
15124 + movdqa %cs:.Lconstant_mask32 - delta(%ecx), %xmm3
15125 #endif
15126 psrldq $0x04, %xmm2
15127 pand %xmm3, %xmm1
15128 @@ -232,7 +237,7 @@ fold_64:
15129 #ifdef __x86_64__
15130 movdqa .Lconstant_RUpoly(%rip), CONSTANT
15131 #else
15132 - movdqa .Lconstant_RUpoly - delta(%ecx), CONSTANT
15133 + movdqa %cs:.Lconstant_RUpoly - delta(%ecx), CONSTANT
15134 #endif
15135 movdqa %xmm1, %xmm2
15136 pand %xmm3, %xmm1
15137 diff --git a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
15138 index dc05f010..23c8bfd 100644
15139 --- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
15140 +++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
15141 @@ -45,6 +45,7 @@
15142
15143 #include <asm/inst.h>
15144 #include <linux/linkage.h>
15145 +#include <asm/alternative-asm.h>
15146
15147 ## ISCSI CRC 32 Implementation with crc32 and pclmulqdq Instruction
15148
15149 @@ -309,6 +310,7 @@ do_return:
15150 popq %rsi
15151 popq %rdi
15152 popq %rbx
15153 + pax_force_retaddr
15154 ret
15155 ENDPROC(crc_pcl)
15156
15157 diff --git a/arch/x86/crypto/ghash-clmulni-intel_asm.S b/arch/x86/crypto/ghash-clmulni-intel_asm.S
15158 index eed55c8..b354187 100644
15159 --- a/arch/x86/crypto/ghash-clmulni-intel_asm.S
15160 +++ b/arch/x86/crypto/ghash-clmulni-intel_asm.S
15161 @@ -19,6 +19,7 @@
15162 #include <linux/linkage.h>
15163 #include <asm/inst.h>
15164 #include <asm/frame.h>
15165 +#include <asm/alternative-asm.h>
15166
15167 .data
15168
15169 @@ -90,6 +91,7 @@ __clmul_gf128mul_ble:
15170 psrlq $1, T2
15171 pxor T2, T1
15172 pxor T1, DATA
15173 + pax_force_retaddr
15174 ret
15175 ENDPROC(__clmul_gf128mul_ble)
15176
15177 @@ -104,6 +106,7 @@ ENTRY(clmul_ghash_mul)
15178 PSHUFB_XMM BSWAP DATA
15179 movups DATA, (%rdi)
15180 FRAME_END
15181 + pax_force_retaddr
15182 ret
15183 ENDPROC(clmul_ghash_mul)
15184
15185 @@ -133,5 +136,6 @@ ENTRY(clmul_ghash_update)
15186 movups DATA, (%rdi)
15187 .Lupdate_just_ret:
15188 FRAME_END
15189 + pax_force_retaddr
15190 ret
15191 ENDPROC(clmul_ghash_update)
15192 diff --git a/arch/x86/crypto/glue_helper.c b/arch/x86/crypto/glue_helper.c
15193 index 6a85598..fed2ada 100644
15194 --- a/arch/x86/crypto/glue_helper.c
15195 +++ b/arch/x86/crypto/glue_helper.c
15196 @@ -165,7 +165,7 @@ __glue_cbc_decrypt_128bit(const struct common_glue_ctx *gctx,
15197 src -= num_blocks - 1;
15198 dst -= num_blocks - 1;
15199
15200 - gctx->funcs[i].fn_u.cbc(ctx, dst, src);
15201 + gctx->funcs[i].fn_u.cbc(ctx, (u8 *)dst, (u8 *)src);
15202
15203 nbytes -= bsize;
15204 if (nbytes < bsize)
15205 diff --git a/arch/x86/crypto/salsa20-x86_64-asm_64.S b/arch/x86/crypto/salsa20-x86_64-asm_64.S
15206 index 9279e0b..c4b3d2c 100644
15207 --- a/arch/x86/crypto/salsa20-x86_64-asm_64.S
15208 +++ b/arch/x86/crypto/salsa20-x86_64-asm_64.S
15209 @@ -1,4 +1,5 @@
15210 #include <linux/linkage.h>
15211 +#include <asm/alternative-asm.h>
15212
15213 # enter salsa20_encrypt_bytes
15214 ENTRY(salsa20_encrypt_bytes)
15215 @@ -789,6 +790,7 @@ ENTRY(salsa20_encrypt_bytes)
15216 add %r11,%rsp
15217 mov %rdi,%rax
15218 mov %rsi,%rdx
15219 + pax_force_retaddr
15220 ret
15221 # bytesatleast65:
15222 ._bytesatleast65:
15223 @@ -889,6 +891,7 @@ ENTRY(salsa20_keysetup)
15224 add %r11,%rsp
15225 mov %rdi,%rax
15226 mov %rsi,%rdx
15227 + pax_force_retaddr
15228 ret
15229 ENDPROC(salsa20_keysetup)
15230
15231 @@ -914,5 +917,6 @@ ENTRY(salsa20_ivsetup)
15232 add %r11,%rsp
15233 mov %rdi,%rax
15234 mov %rsi,%rdx
15235 + pax_force_retaddr
15236 ret
15237 ENDPROC(salsa20_ivsetup)
15238 diff --git a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S
15239 index 8be5718..d2bcbcd 100644
15240 --- a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S
15241 +++ b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S
15242 @@ -25,6 +25,7 @@
15243
15244 #include <linux/linkage.h>
15245 #include <asm/frame.h>
15246 +#include <asm/alternative-asm.h>
15247 #include "glue_helper-asm-avx.S"
15248
15249 .file "serpent-avx-x86_64-asm_64.S"
15250 @@ -619,6 +620,7 @@ __serpent_enc_blk8_avx:
15251 write_blocks(RA1, RB1, RC1, RD1, RK0, RK1, RK2);
15252 write_blocks(RA2, RB2, RC2, RD2, RK0, RK1, RK2);
15253
15254 + pax_force_retaddr
15255 ret;
15256 ENDPROC(__serpent_enc_blk8_avx)
15257
15258 @@ -673,10 +675,11 @@ __serpent_dec_blk8_avx:
15259 write_blocks(RC1, RD1, RB1, RE1, RK0, RK1, RK2);
15260 write_blocks(RC2, RD2, RB2, RE2, RK0, RK1, RK2);
15261
15262 + pax_force_retaddr
15263 ret;
15264 ENDPROC(__serpent_dec_blk8_avx)
15265
15266 -ENTRY(serpent_ecb_enc_8way_avx)
15267 +RAP_ENTRY(serpent_ecb_enc_8way_avx)
15268 /* input:
15269 * %rdi: ctx, CTX
15270 * %rsi: dst
15271 @@ -691,10 +694,11 @@ ENTRY(serpent_ecb_enc_8way_avx)
15272 store_8way(%rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
15273
15274 FRAME_END
15275 + pax_force_retaddr
15276 ret;
15277 ENDPROC(serpent_ecb_enc_8way_avx)
15278
15279 -ENTRY(serpent_ecb_dec_8way_avx)
15280 +RAP_ENTRY(serpent_ecb_dec_8way_avx)
15281 /* input:
15282 * %rdi: ctx, CTX
15283 * %rsi: dst
15284 @@ -709,10 +713,11 @@ ENTRY(serpent_ecb_dec_8way_avx)
15285 store_8way(%rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2);
15286
15287 FRAME_END
15288 + pax_force_retaddr
15289 ret;
15290 ENDPROC(serpent_ecb_dec_8way_avx)
15291
15292 -ENTRY(serpent_cbc_dec_8way_avx)
15293 +RAP_ENTRY(serpent_cbc_dec_8way_avx)
15294 /* input:
15295 * %rdi: ctx, CTX
15296 * %rsi: dst
15297 @@ -727,10 +732,11 @@ ENTRY(serpent_cbc_dec_8way_avx)
15298 store_cbc_8way(%rdx, %rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2);
15299
15300 FRAME_END
15301 + pax_force_retaddr
15302 ret;
15303 ENDPROC(serpent_cbc_dec_8way_avx)
15304
15305 -ENTRY(serpent_ctr_8way_avx)
15306 +RAP_ENTRY(serpent_ctr_8way_avx)
15307 /* input:
15308 * %rdi: ctx, CTX
15309 * %rsi: dst
15310 @@ -747,10 +753,11 @@ ENTRY(serpent_ctr_8way_avx)
15311 store_ctr_8way(%rdx, %rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
15312
15313 FRAME_END
15314 + pax_force_retaddr
15315 ret;
15316 ENDPROC(serpent_ctr_8way_avx)
15317
15318 -ENTRY(serpent_xts_enc_8way_avx)
15319 +RAP_ENTRY(serpent_xts_enc_8way_avx)
15320 /* input:
15321 * %rdi: ctx, CTX
15322 * %rsi: dst
15323 @@ -769,10 +776,11 @@ ENTRY(serpent_xts_enc_8way_avx)
15324 store_xts_8way(%rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
15325
15326 FRAME_END
15327 + pax_force_retaddr
15328 ret;
15329 ENDPROC(serpent_xts_enc_8way_avx)
15330
15331 -ENTRY(serpent_xts_dec_8way_avx)
15332 +RAP_ENTRY(serpent_xts_dec_8way_avx)
15333 /* input:
15334 * %rdi: ctx, CTX
15335 * %rsi: dst
15336 @@ -791,5 +799,6 @@ ENTRY(serpent_xts_dec_8way_avx)
15337 store_xts_8way(%rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2);
15338
15339 FRAME_END
15340 + pax_force_retaddr
15341 ret;
15342 ENDPROC(serpent_xts_dec_8way_avx)
15343 diff --git a/arch/x86/crypto/serpent-avx2-asm_64.S b/arch/x86/crypto/serpent-avx2-asm_64.S
15344 index 97c48ad..25416de 100644
15345 --- a/arch/x86/crypto/serpent-avx2-asm_64.S
15346 +++ b/arch/x86/crypto/serpent-avx2-asm_64.S
15347 @@ -16,6 +16,7 @@
15348
15349 #include <linux/linkage.h>
15350 #include <asm/frame.h>
15351 +#include <asm/alternative-asm.h>
15352 #include "glue_helper-asm-avx2.S"
15353
15354 .file "serpent-avx2-asm_64.S"
15355 @@ -611,6 +612,7 @@ __serpent_enc_blk16:
15356 write_blocks(RA1, RB1, RC1, RD1, RK0, RK1, RK2);
15357 write_blocks(RA2, RB2, RC2, RD2, RK0, RK1, RK2);
15358
15359 + pax_force_retaddr
15360 ret;
15361 ENDPROC(__serpent_enc_blk16)
15362
15363 @@ -665,10 +667,11 @@ __serpent_dec_blk16:
15364 write_blocks(RC1, RD1, RB1, RE1, RK0, RK1, RK2);
15365 write_blocks(RC2, RD2, RB2, RE2, RK0, RK1, RK2);
15366
15367 + pax_force_retaddr
15368 ret;
15369 ENDPROC(__serpent_dec_blk16)
15370
15371 -ENTRY(serpent_ecb_enc_16way)
15372 +RAP_ENTRY(serpent_ecb_enc_16way)
15373 /* input:
15374 * %rdi: ctx, CTX
15375 * %rsi: dst
15376 @@ -687,10 +690,11 @@ ENTRY(serpent_ecb_enc_16way)
15377 vzeroupper;
15378
15379 FRAME_END
15380 + pax_force_retaddr
15381 ret;
15382 ENDPROC(serpent_ecb_enc_16way)
15383
15384 -ENTRY(serpent_ecb_dec_16way)
15385 +RAP_ENTRY(serpent_ecb_dec_16way)
15386 /* input:
15387 * %rdi: ctx, CTX
15388 * %rsi: dst
15389 @@ -709,10 +713,11 @@ ENTRY(serpent_ecb_dec_16way)
15390 vzeroupper;
15391
15392 FRAME_END
15393 + pax_force_retaddr
15394 ret;
15395 ENDPROC(serpent_ecb_dec_16way)
15396
15397 -ENTRY(serpent_cbc_dec_16way)
15398 +RAP_ENTRY(serpent_cbc_dec_16way)
15399 /* input:
15400 * %rdi: ctx, CTX
15401 * %rsi: dst
15402 @@ -732,10 +737,11 @@ ENTRY(serpent_cbc_dec_16way)
15403 vzeroupper;
15404
15405 FRAME_END
15406 + pax_force_retaddr
15407 ret;
15408 ENDPROC(serpent_cbc_dec_16way)
15409
15410 -ENTRY(serpent_ctr_16way)
15411 +RAP_ENTRY(serpent_ctr_16way)
15412 /* input:
15413 * %rdi: ctx, CTX
15414 * %rsi: dst (16 blocks)
15415 @@ -757,10 +763,11 @@ ENTRY(serpent_ctr_16way)
15416 vzeroupper;
15417
15418 FRAME_END
15419 + pax_force_retaddr
15420 ret;
15421 ENDPROC(serpent_ctr_16way)
15422
15423 -ENTRY(serpent_xts_enc_16way)
15424 +RAP_ENTRY(serpent_xts_enc_16way)
15425 /* input:
15426 * %rdi: ctx, CTX
15427 * %rsi: dst (16 blocks)
15428 @@ -783,10 +790,11 @@ ENTRY(serpent_xts_enc_16way)
15429 vzeroupper;
15430
15431 FRAME_END
15432 + pax_force_retaddr
15433 ret;
15434 ENDPROC(serpent_xts_enc_16way)
15435
15436 -ENTRY(serpent_xts_dec_16way)
15437 +RAP_ENTRY(serpent_xts_dec_16way)
15438 /* input:
15439 * %rdi: ctx, CTX
15440 * %rsi: dst (16 blocks)
15441 @@ -809,5 +817,6 @@ ENTRY(serpent_xts_dec_16way)
15442 vzeroupper;
15443
15444 FRAME_END
15445 + pax_force_retaddr
15446 ret;
15447 ENDPROC(serpent_xts_dec_16way)
15448 diff --git a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S
15449 index acc066c..1559cc4 100644
15450 --- a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S
15451 +++ b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S
15452 @@ -25,6 +25,7 @@
15453 */
15454
15455 #include <linux/linkage.h>
15456 +#include <asm/alternative-asm.h>
15457
15458 .file "serpent-sse2-x86_64-asm_64.S"
15459 .text
15460 @@ -690,12 +691,14 @@ ENTRY(__serpent_enc_blk_8way)
15461 write_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2);
15462 write_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2);
15463
15464 + pax_force_retaddr
15465 ret;
15466
15467 .L__enc_xor8:
15468 xor_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2);
15469 xor_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2);
15470
15471 + pax_force_retaddr
15472 ret;
15473 ENDPROC(__serpent_enc_blk_8way)
15474
15475 @@ -750,5 +753,6 @@ ENTRY(serpent_dec_blk_8way)
15476 write_blocks(%rsi, RC1, RD1, RB1, RE1, RK0, RK1, RK2);
15477 write_blocks(%rax, RC2, RD2, RB2, RE2, RK0, RK1, RK2);
15478
15479 + pax_force_retaddr
15480 ret;
15481 ENDPROC(serpent_dec_blk_8way)
15482 diff --git a/arch/x86/crypto/serpent_avx2_glue.c b/arch/x86/crypto/serpent_avx2_glue.c
15483 index 870f6d8..9fed18e 100644
15484 --- a/arch/x86/crypto/serpent_avx2_glue.c
15485 +++ b/arch/x86/crypto/serpent_avx2_glue.c
15486 @@ -27,18 +27,18 @@
15487 #define SERPENT_AVX2_PARALLEL_BLOCKS 16
15488
15489 /* 16-way AVX2 parallel cipher functions */
15490 -asmlinkage void serpent_ecb_enc_16way(struct serpent_ctx *ctx, u8 *dst,
15491 +asmlinkage void serpent_ecb_enc_16way(void *ctx, u8 *dst,
15492 const u8 *src);
15493 -asmlinkage void serpent_ecb_dec_16way(struct serpent_ctx *ctx, u8 *dst,
15494 +asmlinkage void serpent_ecb_dec_16way(void *ctx, u8 *dst,
15495 const u8 *src);
15496 -asmlinkage void serpent_cbc_dec_16way(void *ctx, u128 *dst, const u128 *src);
15497 +asmlinkage void serpent_cbc_dec_16way(void *ctx, u8 *dst, const u8 *src);
15498
15499 asmlinkage void serpent_ctr_16way(void *ctx, u128 *dst, const u128 *src,
15500 le128 *iv);
15501 -asmlinkage void serpent_xts_enc_16way(struct serpent_ctx *ctx, u8 *dst,
15502 - const u8 *src, le128 *iv);
15503 -asmlinkage void serpent_xts_dec_16way(struct serpent_ctx *ctx, u8 *dst,
15504 - const u8 *src, le128 *iv);
15505 +asmlinkage void serpent_xts_enc_16way(void *ctx, u128 *dst,
15506 + const u128 *src, le128 *iv);
15507 +asmlinkage void serpent_xts_dec_16way(void *ctx, u128 *dst,
15508 + const u128 *src, le128 *iv);
15509
15510 static const struct common_glue_ctx serpent_enc = {
15511 .num_funcs = 3,
15512 diff --git a/arch/x86/crypto/serpent_avx_glue.c b/arch/x86/crypto/serpent_avx_glue.c
15513 index 6f778d3..3cf277e 100644
15514 --- a/arch/x86/crypto/serpent_avx_glue.c
15515 +++ b/arch/x86/crypto/serpent_avx_glue.c
15516 @@ -41,28 +41,28 @@
15517 #include <asm/crypto/glue_helper.h>
15518
15519 /* 8-way parallel cipher functions */
15520 -asmlinkage void serpent_ecb_enc_8way_avx(struct serpent_ctx *ctx, u8 *dst,
15521 +asmlinkage void serpent_ecb_enc_8way_avx(void *ctx, u8 *dst,
15522 const u8 *src);
15523 EXPORT_SYMBOL_GPL(serpent_ecb_enc_8way_avx);
15524
15525 -asmlinkage void serpent_ecb_dec_8way_avx(struct serpent_ctx *ctx, u8 *dst,
15526 +asmlinkage void serpent_ecb_dec_8way_avx(void *ctx, u8 *dst,
15527 const u8 *src);
15528 EXPORT_SYMBOL_GPL(serpent_ecb_dec_8way_avx);
15529
15530 -asmlinkage void serpent_cbc_dec_8way_avx(struct serpent_ctx *ctx, u8 *dst,
15531 +asmlinkage void serpent_cbc_dec_8way_avx(void *ctx, u8 *dst,
15532 const u8 *src);
15533 EXPORT_SYMBOL_GPL(serpent_cbc_dec_8way_avx);
15534
15535 -asmlinkage void serpent_ctr_8way_avx(struct serpent_ctx *ctx, u8 *dst,
15536 - const u8 *src, le128 *iv);
15537 +asmlinkage void serpent_ctr_8way_avx(void *ctx, u128 *dst,
15538 + const u128 *src, le128 *iv);
15539 EXPORT_SYMBOL_GPL(serpent_ctr_8way_avx);
15540
15541 -asmlinkage void serpent_xts_enc_8way_avx(struct serpent_ctx *ctx, u8 *dst,
15542 - const u8 *src, le128 *iv);
15543 +asmlinkage void serpent_xts_enc_8way_avx(void *ctx, u128 *dst,
15544 + const u128 *src, le128 *iv);
15545 EXPORT_SYMBOL_GPL(serpent_xts_enc_8way_avx);
15546
15547 -asmlinkage void serpent_xts_dec_8way_avx(struct serpent_ctx *ctx, u8 *dst,
15548 - const u8 *src, le128 *iv);
15549 +asmlinkage void serpent_xts_dec_8way_avx(void *ctx, u128 *dst,
15550 + const u128 *src, le128 *iv);
15551 EXPORT_SYMBOL_GPL(serpent_xts_dec_8way_avx);
15552
15553 void __serpent_crypt_ctr(void *ctx, u128 *dst, const u128 *src, le128 *iv)
15554 diff --git a/arch/x86/crypto/serpent_sse2_glue.c b/arch/x86/crypto/serpent_sse2_glue.c
15555 index 644f97a..4d069a1 100644
15556 --- a/arch/x86/crypto/serpent_sse2_glue.c
15557 +++ b/arch/x86/crypto/serpent_sse2_glue.c
15558 @@ -45,8 +45,10 @@
15559 #include <asm/crypto/serpent-sse2.h>
15560 #include <asm/crypto/glue_helper.h>
15561
15562 -static void serpent_decrypt_cbc_xway(void *ctx, u128 *dst, const u128 *src)
15563 +static void serpent_decrypt_cbc_xway(void *ctx, u8 *_dst, const u8 *_src)
15564 {
15565 + u128 *dst = (u128 *)_dst;
15566 + const u128 *src = (const u128 *)_src;
15567 u128 ivs[SERPENT_PARALLEL_BLOCKS - 1];
15568 unsigned int j;
15569
15570 diff --git a/arch/x86/crypto/sha1-mb/sha1_mb_mgr_flush_avx2.S b/arch/x86/crypto/sha1-mb/sha1_mb_mgr_flush_avx2.S
15571 index 96df6a3..8519a8f 100644
15572 --- a/arch/x86/crypto/sha1-mb/sha1_mb_mgr_flush_avx2.S
15573 +++ b/arch/x86/crypto/sha1-mb/sha1_mb_mgr_flush_avx2.S
15574 @@ -103,7 +103,7 @@ offset = \_offset
15575
15576 # JOB* sha1_mb_mgr_flush_avx2(MB_MGR *state)
15577 # arg 1 : rcx : state
15578 -ENTRY(sha1_mb_mgr_flush_avx2)
15579 +RAP_ENTRY(sha1_mb_mgr_flush_avx2)
15580 FRAME_BEGIN
15581 push %rbx
15582
15583 @@ -226,7 +226,7 @@ ENDPROC(sha1_mb_mgr_flush_avx2)
15584 #################################################################
15585
15586 .align 16
15587 -ENTRY(sha1_mb_mgr_get_comp_job_avx2)
15588 +RAP_ENTRY(sha1_mb_mgr_get_comp_job_avx2)
15589 push %rbx
15590
15591 ## if bit 32+3 is set, then all lanes are empty
15592 diff --git a/arch/x86/crypto/sha1-mb/sha1_mb_mgr_submit_avx2.S b/arch/x86/crypto/sha1-mb/sha1_mb_mgr_submit_avx2.S
15593 index 63a0d9c..a6038fd 100644
15594 --- a/arch/x86/crypto/sha1-mb/sha1_mb_mgr_submit_avx2.S
15595 +++ b/arch/x86/crypto/sha1-mb/sha1_mb_mgr_submit_avx2.S
15596 @@ -98,7 +98,7 @@ lane_data = %r10
15597 # JOB* submit_mb_mgr_submit_avx2(MB_MGR *state, job_sha1 *job)
15598 # arg 1 : rcx : state
15599 # arg 2 : rdx : job
15600 -ENTRY(sha1_mb_mgr_submit_avx2)
15601 +RAP_ENTRY(sha1_mb_mgr_submit_avx2)
15602 FRAME_BEGIN
15603 push %rbx
15604 push %r12
15605 diff --git a/arch/x86/crypto/sha1_ssse3_asm.S b/arch/x86/crypto/sha1_ssse3_asm.S
15606 index a410950..02d2056 100644
15607 --- a/arch/x86/crypto/sha1_ssse3_asm.S
15608 +++ b/arch/x86/crypto/sha1_ssse3_asm.S
15609 @@ -29,6 +29,7 @@
15610 */
15611
15612 #include <linux/linkage.h>
15613 +#include <asm/alternative-asm.h>
15614
15615 #define CTX %rdi // arg1
15616 #define BUF %rsi // arg2
15617 @@ -71,13 +72,14 @@
15618 * param: function's name
15619 */
15620 .macro SHA1_VECTOR_ASM name
15621 - ENTRY(\name)
15622 +ALIGN
15623 + RAP_ENTRY(\name)
15624
15625 push %rbx
15626 push %rbp
15627 - push %r12
15628 + push %r14
15629
15630 - mov %rsp, %r12
15631 + mov %rsp, %r14
15632 sub $64, %rsp # allocate workspace
15633 and $~15, %rsp # align stack
15634
15635 @@ -99,11 +101,12 @@
15636 xor %rax, %rax
15637 rep stosq
15638
15639 - mov %r12, %rsp # deallocate workspace
15640 + mov %r14, %rsp # deallocate workspace
15641
15642 - pop %r12
15643 + pop %r14
15644 pop %rbp
15645 pop %rbx
15646 + pax_force_retaddr
15647 ret
15648
15649 ENDPROC(\name)
15650 diff --git a/arch/x86/crypto/sha1_ssse3_glue.c b/arch/x86/crypto/sha1_ssse3_glue.c
15651 index fc61739..03f7efe 100644
15652 --- a/arch/x86/crypto/sha1_ssse3_glue.c
15653 +++ b/arch/x86/crypto/sha1_ssse3_glue.c
15654 @@ -31,8 +31,8 @@
15655 #include <crypto/sha1_base.h>
15656 #include <asm/fpu/api.h>
15657
15658 -typedef void (sha1_transform_fn)(u32 *digest, const char *data,
15659 - unsigned int rounds);
15660 +typedef void (sha1_transform_fn)(struct sha1_state *digest, const u8 *data,
15661 + int rounds);
15662
15663 static int sha1_update(struct shash_desc *desc, const u8 *data,
15664 unsigned int len, sha1_transform_fn *sha1_xform)
15665 @@ -47,8 +47,7 @@ static int sha1_update(struct shash_desc *desc, const u8 *data,
15666 BUILD_BUG_ON(offsetof(struct sha1_state, state) != 0);
15667
15668 kernel_fpu_begin();
15669 - sha1_base_do_update(desc, data, len,
15670 - (sha1_block_fn *)sha1_xform);
15671 + sha1_base_do_update(desc, data, len, sha1_xform);
15672 kernel_fpu_end();
15673
15674 return 0;
15675 @@ -62,29 +61,26 @@ static int sha1_finup(struct shash_desc *desc, const u8 *data,
15676
15677 kernel_fpu_begin();
15678 if (len)
15679 - sha1_base_do_update(desc, data, len,
15680 - (sha1_block_fn *)sha1_xform);
15681 - sha1_base_do_finalize(desc, (sha1_block_fn *)sha1_xform);
15682 + sha1_base_do_update(desc, data, len, sha1_xform);
15683 + sha1_base_do_finalize(desc, sha1_xform);
15684 kernel_fpu_end();
15685
15686 return sha1_base_finish(desc, out);
15687 }
15688
15689 -asmlinkage void sha1_transform_ssse3(u32 *digest, const char *data,
15690 - unsigned int rounds);
15691 +asmlinkage void sha1_transform_ssse3(struct sha1_state *digest, const u8 *data,
15692 + int rounds);
15693
15694 static int sha1_ssse3_update(struct shash_desc *desc, const u8 *data,
15695 unsigned int len)
15696 {
15697 - return sha1_update(desc, data, len,
15698 - (sha1_transform_fn *) sha1_transform_ssse3);
15699 + return sha1_update(desc, data, len, sha1_transform_ssse3);
15700 }
15701
15702 static int sha1_ssse3_finup(struct shash_desc *desc, const u8 *data,
15703 unsigned int len, u8 *out)
15704 {
15705 - return sha1_finup(desc, data, len, out,
15706 - (sha1_transform_fn *) sha1_transform_ssse3);
15707 + return sha1_finup(desc, data, len, out, sha1_transform_ssse3);
15708 }
15709
15710 /* Add padding and return the message digest. */
15711 @@ -124,21 +120,19 @@ static void unregister_sha1_ssse3(void)
15712 }
15713
15714 #ifdef CONFIG_AS_AVX
15715 -asmlinkage void sha1_transform_avx(u32 *digest, const char *data,
15716 - unsigned int rounds);
15717 +asmlinkage void sha1_transform_avx(struct sha1_state *digest, const u8 *data,
15718 + int rounds);
15719
15720 static int sha1_avx_update(struct shash_desc *desc, const u8 *data,
15721 unsigned int len)
15722 {
15723 - return sha1_update(desc, data, len,
15724 - (sha1_transform_fn *) sha1_transform_avx);
15725 + return sha1_update(desc, data, len, sha1_transform_avx);
15726 }
15727
15728 static int sha1_avx_finup(struct shash_desc *desc, const u8 *data,
15729 unsigned int len, u8 *out)
15730 {
15731 - return sha1_finup(desc, data, len, out,
15732 - (sha1_transform_fn *) sha1_transform_avx);
15733 + return sha1_finup(desc, data, len, out, sha1_transform_avx);
15734 }
15735
15736 static int sha1_avx_final(struct shash_desc *desc, u8 *out)
15737 @@ -196,8 +190,8 @@ static inline void unregister_sha1_avx(void) { }
15738 #if defined(CONFIG_AS_AVX2) && (CONFIG_AS_AVX)
15739 #define SHA1_AVX2_BLOCK_OPTSIZE 4 /* optimal 4*64 bytes of SHA1 blocks */
15740
15741 -asmlinkage void sha1_transform_avx2(u32 *digest, const char *data,
15742 - unsigned int rounds);
15743 +asmlinkage void sha1_transform_avx2(struct sha1_state *digest, const u8 *data,
15744 + int rounds);
15745
15746 static bool avx2_usable(void)
15747 {
15748 @@ -209,8 +203,8 @@ static bool avx2_usable(void)
15749 return false;
15750 }
15751
15752 -static void sha1_apply_transform_avx2(u32 *digest, const char *data,
15753 - unsigned int rounds)
15754 +static void sha1_apply_transform_avx2(struct sha1_state *digest, const u8 *data,
15755 + int rounds)
15756 {
15757 /* Select the optimal transform based on data block size */
15758 if (rounds >= SHA1_AVX2_BLOCK_OPTSIZE)
15759 @@ -222,15 +216,13 @@ static void sha1_apply_transform_avx2(u32 *digest, const char *data,
15760 static int sha1_avx2_update(struct shash_desc *desc, const u8 *data,
15761 unsigned int len)
15762 {
15763 - return sha1_update(desc, data, len,
15764 - (sha1_transform_fn *) sha1_apply_transform_avx2);
15765 + return sha1_update(desc, data, len, sha1_apply_transform_avx2);
15766 }
15767
15768 static int sha1_avx2_finup(struct shash_desc *desc, const u8 *data,
15769 unsigned int len, u8 *out)
15770 {
15771 - return sha1_finup(desc, data, len, out,
15772 - (sha1_transform_fn *) sha1_apply_transform_avx2);
15773 + return sha1_finup(desc, data, len, out, sha1_apply_transform_avx2);
15774 }
15775
15776 static int sha1_avx2_final(struct shash_desc *desc, u8 *out)
15777 @@ -274,21 +266,19 @@ static inline void unregister_sha1_avx2(void) { }
15778 #endif
15779
15780 #ifdef CONFIG_AS_SHA1_NI
15781 -asmlinkage void sha1_ni_transform(u32 *digest, const char *data,
15782 - unsigned int rounds);
15783 +asmlinkage void sha1_ni_transform(struct sha1_state *digest, const u8 *data,
15784 + int rounds);
15785
15786 static int sha1_ni_update(struct shash_desc *desc, const u8 *data,
15787 unsigned int len)
15788 {
15789 - return sha1_update(desc, data, len,
15790 - (sha1_transform_fn *) sha1_ni_transform);
15791 + return sha1_update(desc, data, len, sha1_ni_transform);
15792 }
15793
15794 static int sha1_ni_finup(struct shash_desc *desc, const u8 *data,
15795 unsigned int len, u8 *out)
15796 {
15797 - return sha1_finup(desc, data, len, out,
15798 - (sha1_transform_fn *) sha1_ni_transform);
15799 + return sha1_finup(desc, data, len, out, sha1_ni_transform);
15800 }
15801
15802 static int sha1_ni_final(struct shash_desc *desc, u8 *out)
15803 diff --git a/arch/x86/crypto/sha256-avx-asm.S b/arch/x86/crypto/sha256-avx-asm.S
15804 index 92b3b5d..8732479 100644
15805 --- a/arch/x86/crypto/sha256-avx-asm.S
15806 +++ b/arch/x86/crypto/sha256-avx-asm.S
15807 @@ -49,6 +49,7 @@
15808
15809 #ifdef CONFIG_AS_AVX
15810 #include <linux/linkage.h>
15811 +#include <asm/alternative-asm.h>
15812
15813 ## assume buffers not aligned
15814 #define VMOVDQ vmovdqu
15815 @@ -347,8 +348,7 @@ a = TMP_
15816 ## arg 3 : Num blocks
15817 ########################################################################
15818 .text
15819 -ENTRY(sha256_transform_avx)
15820 -.align 32
15821 +RAP_ENTRY(sha256_transform_avx)
15822 pushq %rbx
15823 pushq %rbp
15824 pushq %r13
15825 @@ -460,6 +460,7 @@ done_hash:
15826 popq %r13
15827 popq %rbp
15828 popq %rbx
15829 + pax_force_retaddr
15830 ret
15831 ENDPROC(sha256_transform_avx)
15832
15833 diff --git a/arch/x86/crypto/sha256-avx2-asm.S b/arch/x86/crypto/sha256-avx2-asm.S
15834 index 570ec5e..9bcfa25 100644
15835 --- a/arch/x86/crypto/sha256-avx2-asm.S
15836 +++ b/arch/x86/crypto/sha256-avx2-asm.S
15837 @@ -50,6 +50,7 @@
15838
15839 #ifdef CONFIG_AS_AVX2
15840 #include <linux/linkage.h>
15841 +#include <asm/alternative-asm.h>
15842
15843 ## assume buffers not aligned
15844 #define VMOVDQ vmovdqu
15845 @@ -528,8 +529,7 @@ STACK_SIZE = _RSP + _RSP_SIZE
15846 ## arg 3 : Num blocks
15847 ########################################################################
15848 .text
15849 -ENTRY(sha256_transform_rorx)
15850 -.align 32
15851 +RAP_ENTRY(sha256_transform_rorx)
15852 pushq %rbx
15853 pushq %rbp
15854 pushq %r12
15855 @@ -720,6 +720,7 @@ done_hash:
15856 popq %r12
15857 popq %rbp
15858 popq %rbx
15859 + pax_force_retaddr
15860 ret
15861 ENDPROC(sha256_transform_rorx)
15862
15863 diff --git a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S b/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
15864 index a78a069..127cb66 100644
15865 --- a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
15866 +++ b/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
15867 @@ -101,7 +101,7 @@ offset = \_offset
15868
15869 # JOB_SHA256* sha256_mb_mgr_flush_avx2(MB_MGR *state)
15870 # arg 1 : rcx : state
15871 -ENTRY(sha256_mb_mgr_flush_avx2)
15872 +RAP_ENTRY(sha256_mb_mgr_flush_avx2)
15873 FRAME_BEGIN
15874 push %rbx
15875
15876 @@ -225,7 +225,7 @@ ENDPROC(sha256_mb_mgr_flush_avx2)
15877 ##############################################################################
15878
15879 .align 16
15880 -ENTRY(sha256_mb_mgr_get_comp_job_avx2)
15881 +RAP_ENTRY(sha256_mb_mgr_get_comp_job_avx2)
15882 push %rbx
15883
15884 ## if bit 32+3 is set, then all lanes are empty
15885 diff --git a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_submit_avx2.S b/arch/x86/crypto/sha256-mb/sha256_mb_mgr_submit_avx2.S
15886 index 7ea670e..5aa297a 100644
15887 --- a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_submit_avx2.S
15888 +++ b/arch/x86/crypto/sha256-mb/sha256_mb_mgr_submit_avx2.S
15889 @@ -96,7 +96,7 @@ lane_data = %r10
15890 # JOB* sha256_mb_mgr_submit_avx2(MB_MGR *state, JOB_SHA256 *job)
15891 # arg 1 : rcx : state
15892 # arg 2 : rdx : job
15893 -ENTRY(sha256_mb_mgr_submit_avx2)
15894 +RAP_ENTRY(sha256_mb_mgr_submit_avx2)
15895 FRAME_BEGIN
15896 push %rbx
15897 push %r12
15898 diff --git a/arch/x86/crypto/sha256-ssse3-asm.S b/arch/x86/crypto/sha256-ssse3-asm.S
15899 index 2cedc44..6fb8582 100644
15900 --- a/arch/x86/crypto/sha256-ssse3-asm.S
15901 +++ b/arch/x86/crypto/sha256-ssse3-asm.S
15902 @@ -47,6 +47,7 @@
15903 ########################################################################
15904
15905 #include <linux/linkage.h>
15906 +#include <asm/alternative-asm.h>
15907
15908 ## assume buffers not aligned
15909 #define MOVDQ movdqu
15910 @@ -352,9 +353,7 @@ a = TMP_
15911 ## arg 2 : pointer to input data
15912 ## arg 3 : Num blocks
15913 ########################################################################
15914 -.text
15915 -ENTRY(sha256_transform_ssse3)
15916 -.align 32
15917 +RAP_ENTRY(sha256_transform_ssse3)
15918 pushq %rbx
15919 pushq %rbp
15920 pushq %r13
15921 @@ -471,6 +470,7 @@ done_hash:
15922 popq %rbp
15923 popq %rbx
15924
15925 + pax_force_retaddr
15926 ret
15927 ENDPROC(sha256_transform_ssse3)
15928
15929 diff --git a/arch/x86/crypto/sha256_ni_asm.S b/arch/x86/crypto/sha256_ni_asm.S
15930 index 748cdf2..959bb4d 100644
15931 --- a/arch/x86/crypto/sha256_ni_asm.S
15932 +++ b/arch/x86/crypto/sha256_ni_asm.S
15933 @@ -97,7 +97,7 @@
15934
15935 .text
15936 .align 32
15937 -ENTRY(sha256_ni_transform)
15938 +RAP_ENTRY(sha256_ni_transform)
15939
15940 shl $6, NUM_BLKS /* convert to bytes */
15941 jz .Ldone_hash
15942 diff --git a/arch/x86/crypto/sha256_ssse3_glue.c b/arch/x86/crypto/sha256_ssse3_glue.c
15943 index 9e79baf..c5186c74 100644
15944 --- a/arch/x86/crypto/sha256_ssse3_glue.c
15945 +++ b/arch/x86/crypto/sha256_ssse3_glue.c
15946 @@ -40,9 +40,9 @@
15947 #include <asm/fpu/api.h>
15948 #include <linux/string.h>
15949
15950 -asmlinkage void sha256_transform_ssse3(u32 *digest, const char *data,
15951 - u64 rounds);
15952 -typedef void (sha256_transform_fn)(u32 *digest, const char *data, u64 rounds);
15953 +asmlinkage void sha256_transform_ssse3(struct sha256_state *digest, const u8 *data,
15954 + int rounds);
15955 +typedef void (sha256_transform_fn)(struct sha256_state *digest, const u8 *data, int rounds);
15956
15957 static int sha256_update(struct shash_desc *desc, const u8 *data,
15958 unsigned int len, sha256_transform_fn *sha256_xform)
15959 @@ -57,8 +57,7 @@ static int sha256_update(struct shash_desc *desc, const u8 *data,
15960 BUILD_BUG_ON(offsetof(struct sha256_state, state) != 0);
15961
15962 kernel_fpu_begin();
15963 - sha256_base_do_update(desc, data, len,
15964 - (sha256_block_fn *)sha256_xform);
15965 + sha256_base_do_update(desc, data, len, sha256_xform);
15966 kernel_fpu_end();
15967
15968 return 0;
15969 @@ -72,9 +71,8 @@ static int sha256_finup(struct shash_desc *desc, const u8 *data,
15970
15971 kernel_fpu_begin();
15972 if (len)
15973 - sha256_base_do_update(desc, data, len,
15974 - (sha256_block_fn *)sha256_xform);
15975 - sha256_base_do_finalize(desc, (sha256_block_fn *)sha256_xform);
15976 + sha256_base_do_update(desc, data, len, sha256_xform);
15977 + sha256_base_do_finalize(desc, sha256_xform);
15978 kernel_fpu_end();
15979
15980 return sha256_base_finish(desc, out);
15981 @@ -146,8 +144,8 @@ static void unregister_sha256_ssse3(void)
15982 }
15983
15984 #ifdef CONFIG_AS_AVX
15985 -asmlinkage void sha256_transform_avx(u32 *digest, const char *data,
15986 - u64 rounds);
15987 +asmlinkage void sha256_transform_avx(struct sha256_state *digest, const u8 *data,
15988 + int rounds);
15989
15990 static int sha256_avx_update(struct shash_desc *desc, const u8 *data,
15991 unsigned int len)
15992 @@ -230,8 +228,8 @@ static inline void unregister_sha256_avx(void) { }
15993 #endif
15994
15995 #if defined(CONFIG_AS_AVX2) && defined(CONFIG_AS_AVX)
15996 -asmlinkage void sha256_transform_rorx(u32 *digest, const char *data,
15997 - u64 rounds);
15998 +asmlinkage void sha256_transform_rorx(struct sha256_state *digest, const u8 *data,
15999 + int rounds);
16000
16001 static int sha256_avx2_update(struct shash_desc *desc, const u8 *data,
16002 unsigned int len)
16003 @@ -312,8 +310,8 @@ static inline void unregister_sha256_avx2(void) { }
16004 #endif
16005
16006 #ifdef CONFIG_AS_SHA256_NI
16007 -asmlinkage void sha256_ni_transform(u32 *digest, const char *data,
16008 - u64 rounds); /*unsigned int rounds);*/
16009 +asmlinkage void sha256_ni_transform(struct sha256_state *digest, const u8 *data,
16010 + int rounds); /*unsigned int rounds);*/
16011
16012 static int sha256_ni_update(struct shash_desc *desc, const u8 *data,
16013 unsigned int len)
16014 diff --git a/arch/x86/crypto/sha512-avx-asm.S b/arch/x86/crypto/sha512-avx-asm.S
16015 index 565274d..779d34a 100644
16016 --- a/arch/x86/crypto/sha512-avx-asm.S
16017 +++ b/arch/x86/crypto/sha512-avx-asm.S
16018 @@ -49,6 +49,7 @@
16019
16020 #ifdef CONFIG_AS_AVX
16021 #include <linux/linkage.h>
16022 +#include <asm/alternative-asm.h>
16023
16024 .text
16025
16026 @@ -277,7 +278,8 @@ frame_size = frame_GPRSAVE + GPRSAVE_SIZE
16027 # message blocks.
16028 # L is the message length in SHA512 blocks
16029 ########################################################################
16030 -ENTRY(sha512_transform_avx)
16031 +ALIGN
16032 +RAP_ENTRY(sha512_transform_avx)
16033 cmp $0, msglen
16034 je nowork
16035
16036 @@ -364,6 +366,7 @@ updateblock:
16037 mov frame_RSPSAVE(%rsp), %rsp
16038
16039 nowork:
16040 + pax_force_retaddr
16041 ret
16042 ENDPROC(sha512_transform_avx)
16043
16044 diff --git a/arch/x86/crypto/sha512-avx2-asm.S b/arch/x86/crypto/sha512-avx2-asm.S
16045 index 1f20b35..ab1f3a8 100644
16046 --- a/arch/x86/crypto/sha512-avx2-asm.S
16047 +++ b/arch/x86/crypto/sha512-avx2-asm.S
16048 @@ -51,6 +51,7 @@
16049
16050 #ifdef CONFIG_AS_AVX2
16051 #include <linux/linkage.h>
16052 +#include <asm/alternative-asm.h>
16053
16054 .text
16055
16056 @@ -568,7 +569,8 @@ frame_size = frame_GPRSAVE + GPRSAVE_SIZE
16057 # message blocks.
16058 # L is the message length in SHA512 blocks
16059 ########################################################################
16060 -ENTRY(sha512_transform_rorx)
16061 +ALIGN
16062 +RAP_ENTRY(sha512_transform_rorx)
16063 # Allocate Stack Space
16064 mov %rsp, %rax
16065 sub $frame_size, %rsp
16066 @@ -678,6 +680,7 @@ done_hash:
16067
16068 # Restore Stack Pointer
16069 mov frame_RSPSAVE(%rsp), %rsp
16070 + pax_force_retaddr
16071 ret
16072 ENDPROC(sha512_transform_rorx)
16073
16074 diff --git a/arch/x86/crypto/sha512-mb/sha512_mb_mgr_flush_avx2.S b/arch/x86/crypto/sha512-mb/sha512_mb_mgr_flush_avx2.S
16075 index 3ddba19..2d3abc7 100644
16076 --- a/arch/x86/crypto/sha512-mb/sha512_mb_mgr_flush_avx2.S
16077 +++ b/arch/x86/crypto/sha512-mb/sha512_mb_mgr_flush_avx2.S
16078 @@ -107,7 +107,7 @@ offset = \_offset
16079
16080 # JOB* sha512_mb_mgr_flush_avx2(MB_MGR *state)
16081 # arg 1 : rcx : state
16082 -ENTRY(sha512_mb_mgr_flush_avx2)
16083 +RAP_ENTRY(sha512_mb_mgr_flush_avx2)
16084 FRAME_BEGIN
16085 push %rbx
16086
16087 @@ -220,7 +220,7 @@ return_null:
16088 ENDPROC(sha512_mb_mgr_flush_avx2)
16089 .align 16
16090
16091 -ENTRY(sha512_mb_mgr_get_comp_job_avx2)
16092 +RAP_ENTRY(sha512_mb_mgr_get_comp_job_avx2)
16093 push %rbx
16094
16095 mov _unused_lanes(state), unused_lanes
16096 diff --git a/arch/x86/crypto/sha512-mb/sha512_mb_mgr_submit_avx2.S b/arch/x86/crypto/sha512-mb/sha512_mb_mgr_submit_avx2.S
16097 index 815f07b..70fbc7b 100644
16098 --- a/arch/x86/crypto/sha512-mb/sha512_mb_mgr_submit_avx2.S
16099 +++ b/arch/x86/crypto/sha512-mb/sha512_mb_mgr_submit_avx2.S
16100 @@ -98,7 +98,7 @@
16101 # JOB* sha512_mb_mgr_submit_avx2(MB_MGR *state, JOB *job)
16102 # arg 1 : rcx : state
16103 # arg 2 : rdx : job
16104 -ENTRY(sha512_mb_mgr_submit_avx2)
16105 +RAP_ENTRY(sha512_mb_mgr_submit_avx2)
16106 FRAME_BEGIN
16107 push %rbx
16108 push %r12
16109 diff --git a/arch/x86/crypto/sha512-ssse3-asm.S b/arch/x86/crypto/sha512-ssse3-asm.S
16110 index e610e29..83f1cde 100644
16111 --- a/arch/x86/crypto/sha512-ssse3-asm.S
16112 +++ b/arch/x86/crypto/sha512-ssse3-asm.S
16113 @@ -48,6 +48,7 @@
16114 ########################################################################
16115
16116 #include <linux/linkage.h>
16117 +#include <asm/alternative-asm.h>
16118
16119 .text
16120
16121 @@ -275,7 +276,8 @@ frame_size = frame_GPRSAVE + GPRSAVE_SIZE
16122 # message blocks.
16123 # L is the message length in SHA512 blocks.
16124 ########################################################################
16125 -ENTRY(sha512_transform_ssse3)
16126 +ALIGN
16127 +RAP_ENTRY(sha512_transform_ssse3)
16128
16129 cmp $0, msglen
16130 je nowork
16131 @@ -363,6 +365,7 @@ updateblock:
16132 mov frame_RSPSAVE(%rsp), %rsp
16133
16134 nowork:
16135 + pax_force_retaddr
16136 ret
16137 ENDPROC(sha512_transform_ssse3)
16138
16139 diff --git a/arch/x86/crypto/sha512_ssse3_glue.c b/arch/x86/crypto/sha512_ssse3_glue.c
16140 index 2b0e2a6..59a1f94 100644
16141 --- a/arch/x86/crypto/sha512_ssse3_glue.c
16142 +++ b/arch/x86/crypto/sha512_ssse3_glue.c
16143 @@ -39,10 +39,10 @@
16144
16145 #include <linux/string.h>
16146
16147 -asmlinkage void sha512_transform_ssse3(u64 *digest, const char *data,
16148 - u64 rounds);
16149 +asmlinkage void sha512_transform_ssse3(struct sha512_state *digest, const u8 *data,
16150 + int rounds);
16151
16152 -typedef void (sha512_transform_fn)(u64 *digest, const char *data, u64 rounds);
16153 +typedef void (sha512_transform_fn)(struct sha512_state *digest, const u8 *data, int rounds);
16154
16155 static int sha512_update(struct shash_desc *desc, const u8 *data,
16156 unsigned int len, sha512_transform_fn *sha512_xform)
16157 @@ -57,8 +57,7 @@ static int sha512_update(struct shash_desc *desc, const u8 *data,
16158 BUILD_BUG_ON(offsetof(struct sha512_state, state) != 0);
16159
16160 kernel_fpu_begin();
16161 - sha512_base_do_update(desc, data, len,
16162 - (sha512_block_fn *)sha512_xform);
16163 + sha512_base_do_update(desc, data, len, sha512_xform);
16164 kernel_fpu_end();
16165
16166 return 0;
16167 @@ -72,9 +71,8 @@ static int sha512_finup(struct shash_desc *desc, const u8 *data,
16168
16169 kernel_fpu_begin();
16170 if (len)
16171 - sha512_base_do_update(desc, data, len,
16172 - (sha512_block_fn *)sha512_xform);
16173 - sha512_base_do_finalize(desc, (sha512_block_fn *)sha512_xform);
16174 + sha512_base_do_update(desc, data, len, sha512_xform);
16175 + sha512_base_do_finalize(desc, sha512_xform);
16176 kernel_fpu_end();
16177
16178 return sha512_base_finish(desc, out);
16179 @@ -146,8 +144,8 @@ static void unregister_sha512_ssse3(void)
16180 }
16181
16182 #ifdef CONFIG_AS_AVX
16183 -asmlinkage void sha512_transform_avx(u64 *digest, const char *data,
16184 - u64 rounds);
16185 +asmlinkage void sha512_transform_avx(struct sha512_state *digest, const u8 *data,
16186 + int rounds);
16187 static bool avx_usable(void)
16188 {
16189 if (!cpu_has_xfeatures(XFEATURE_MASK_SSE | XFEATURE_MASK_YMM, NULL)) {
16190 @@ -229,8 +227,8 @@ static inline void unregister_sha512_avx(void) { }
16191 #endif
16192
16193 #if defined(CONFIG_AS_AVX2) && defined(CONFIG_AS_AVX)
16194 -asmlinkage void sha512_transform_rorx(u64 *digest, const char *data,
16195 - u64 rounds);
16196 +asmlinkage void sha512_transform_rorx(struct sha512_state *digest, const u8 *data,
16197 + int rounds);
16198
16199 static int sha512_avx2_update(struct shash_desc *desc, const u8 *data,
16200 unsigned int len)
16201 diff --git a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S
16202 index dc66273..30aba4b 100644
16203 --- a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S
16204 +++ b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S
16205 @@ -25,6 +25,7 @@
16206
16207 #include <linux/linkage.h>
16208 #include <asm/frame.h>
16209 +#include <asm/alternative-asm.h>
16210 #include "glue_helper-asm-avx.S"
16211
16212 .file "twofish-avx-x86_64-asm_64.S"
16213 @@ -285,6 +286,7 @@ __twofish_enc_blk8:
16214 outunpack_blocks(RC1, RD1, RA1, RB1, RK1, RX0, RY0, RK2);
16215 outunpack_blocks(RC2, RD2, RA2, RB2, RK1, RX0, RY0, RK2);
16216
16217 + pax_force_retaddr
16218 ret;
16219 ENDPROC(__twofish_enc_blk8)
16220
16221 @@ -325,10 +327,11 @@ __twofish_dec_blk8:
16222 outunpack_blocks(RA1, RB1, RC1, RD1, RK1, RX0, RY0, RK2);
16223 outunpack_blocks(RA2, RB2, RC2, RD2, RK1, RX0, RY0, RK2);
16224
16225 + pax_force_retaddr
16226 ret;
16227 ENDPROC(__twofish_dec_blk8)
16228
16229 -ENTRY(twofish_ecb_enc_8way)
16230 +RAP_ENTRY(twofish_ecb_enc_8way)
16231 /* input:
16232 * %rdi: ctx, CTX
16233 * %rsi: dst
16234 @@ -345,10 +348,11 @@ ENTRY(twofish_ecb_enc_8way)
16235 store_8way(%r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2);
16236
16237 FRAME_END
16238 + pax_force_retaddr
16239 ret;
16240 ENDPROC(twofish_ecb_enc_8way)
16241
16242 -ENTRY(twofish_ecb_dec_8way)
16243 +RAP_ENTRY(twofish_ecb_dec_8way)
16244 /* input:
16245 * %rdi: ctx, CTX
16246 * %rsi: dst
16247 @@ -365,10 +369,11 @@ ENTRY(twofish_ecb_dec_8way)
16248 store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
16249
16250 FRAME_END
16251 + pax_force_retaddr
16252 ret;
16253 ENDPROC(twofish_ecb_dec_8way)
16254
16255 -ENTRY(twofish_cbc_dec_8way)
16256 +RAP_ENTRY(twofish_cbc_dec_8way)
16257 /* input:
16258 * %rdi: ctx, CTX
16259 * %rsi: dst
16260 @@ -376,24 +381,25 @@ ENTRY(twofish_cbc_dec_8way)
16261 */
16262 FRAME_BEGIN
16263
16264 - pushq %r12;
16265 + pushq %r14;
16266
16267 movq %rsi, %r11;
16268 - movq %rdx, %r12;
16269 + movq %rdx, %r14;
16270
16271 load_8way(%rdx, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2);
16272
16273 call __twofish_dec_blk8;
16274
16275 - store_cbc_8way(%r12, %r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
16276 + store_cbc_8way(%r14, %r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
16277
16278 - popq %r12;
16279 + popq %r14;
16280
16281 FRAME_END
16282 + pax_force_retaddr
16283 ret;
16284 ENDPROC(twofish_cbc_dec_8way)
16285
16286 -ENTRY(twofish_ctr_8way)
16287 +RAP_ENTRY(twofish_ctr_8way)
16288 /* input:
16289 * %rdi: ctx, CTX
16290 * %rsi: dst
16291 @@ -402,25 +408,26 @@ ENTRY(twofish_ctr_8way)
16292 */
16293 FRAME_BEGIN
16294
16295 - pushq %r12;
16296 + pushq %r14;
16297
16298 movq %rsi, %r11;
16299 - movq %rdx, %r12;
16300 + movq %rdx, %r14;
16301
16302 load_ctr_8way(%rcx, .Lbswap128_mask, RA1, RB1, RC1, RD1, RA2, RB2, RC2,
16303 RD2, RX0, RX1, RY0);
16304
16305 call __twofish_enc_blk8;
16306
16307 - store_ctr_8way(%r12, %r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2);
16308 + store_ctr_8way(%r14, %r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2);
16309
16310 - popq %r12;
16311 + popq %r14;
16312
16313 FRAME_END
16314 + pax_force_retaddr
16315 ret;
16316 ENDPROC(twofish_ctr_8way)
16317
16318 -ENTRY(twofish_xts_enc_8way)
16319 +RAP_ENTRY(twofish_xts_enc_8way)
16320 /* input:
16321 * %rdi: ctx, CTX
16322 * %rsi: dst
16323 @@ -441,10 +448,11 @@ ENTRY(twofish_xts_enc_8way)
16324 store_xts_8way(%r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2);
16325
16326 FRAME_END
16327 + pax_force_retaddr
16328 ret;
16329 ENDPROC(twofish_xts_enc_8way)
16330
16331 -ENTRY(twofish_xts_dec_8way)
16332 +RAP_ENTRY(twofish_xts_dec_8way)
16333 /* input:
16334 * %rdi: ctx, CTX
16335 * %rsi: dst
16336 @@ -465,5 +473,6 @@ ENTRY(twofish_xts_dec_8way)
16337 store_xts_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
16338
16339 FRAME_END
16340 + pax_force_retaddr
16341 ret;
16342 ENDPROC(twofish_xts_dec_8way)
16343 diff --git a/arch/x86/crypto/twofish-i586-asm_32.S b/arch/x86/crypto/twofish-i586-asm_32.S
16344 index 694ea45..f2c1418 100644
16345 --- a/arch/x86/crypto/twofish-i586-asm_32.S
16346 +++ b/arch/x86/crypto/twofish-i586-asm_32.S
16347 @@ -220,7 +220,7 @@
16348 xor %esi, d ## D;\
16349 ror $1, d ## D;
16350
16351 -ENTRY(twofish_enc_blk)
16352 +RAP_ENTRY(twofish_enc_blk)
16353 push %ebp /* save registers according to calling convention*/
16354 push %ebx
16355 push %esi
16356 @@ -276,7 +276,7 @@ ENTRY(twofish_enc_blk)
16357 ret
16358 ENDPROC(twofish_enc_blk)
16359
16360 -ENTRY(twofish_dec_blk)
16361 +RAP_ENTRY(twofish_dec_blk)
16362 push %ebp /* save registers according to calling convention*/
16363 push %ebx
16364 push %esi
16365 diff --git a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S
16366 index 1c3b7ce..c9912c7 100644
16367 --- a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S
16368 +++ b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S
16369 @@ -21,6 +21,7 @@
16370 */
16371
16372 #include <linux/linkage.h>
16373 +#include <asm/alternative-asm.h>
16374
16375 .file "twofish-x86_64-asm-3way.S"
16376 .text
16377 @@ -258,6 +259,7 @@ ENTRY(__twofish_enc_blk_3way)
16378 popq %r13;
16379 popq %r14;
16380 popq %r15;
16381 + pax_force_retaddr
16382 ret;
16383
16384 .L__enc_xor3:
16385 @@ -269,10 +271,11 @@ ENTRY(__twofish_enc_blk_3way)
16386 popq %r13;
16387 popq %r14;
16388 popq %r15;
16389 + pax_force_retaddr
16390 ret;
16391 ENDPROC(__twofish_enc_blk_3way)
16392
16393 -ENTRY(twofish_dec_blk_3way)
16394 +RAP_ENTRY(twofish_dec_blk_3way)
16395 /* input:
16396 * %rdi: ctx, CTX
16397 * %rsi: dst
16398 @@ -308,5 +311,6 @@ ENTRY(twofish_dec_blk_3way)
16399 popq %r13;
16400 popq %r14;
16401 popq %r15;
16402 + pax_force_retaddr
16403 ret;
16404 ENDPROC(twofish_dec_blk_3way)
16405 diff --git a/arch/x86/crypto/twofish-x86_64-asm_64.S b/arch/x86/crypto/twofish-x86_64-asm_64.S
16406 index a350c99..080c5ab 100644
16407 --- a/arch/x86/crypto/twofish-x86_64-asm_64.S
16408 +++ b/arch/x86/crypto/twofish-x86_64-asm_64.S
16409 @@ -22,6 +22,7 @@
16410
16411 #include <linux/linkage.h>
16412 #include <asm/asm-offsets.h>
16413 +#include <asm/alternative-asm.h>
16414
16415 #define a_offset 0
16416 #define b_offset 4
16417 @@ -215,7 +216,7 @@
16418 xor %r8d, d ## D;\
16419 ror $1, d ## D;
16420
16421 -ENTRY(twofish_enc_blk)
16422 +RAP_ENTRY(twofish_enc_blk)
16423 pushq R1
16424
16425 /* %rdi contains the ctx address */
16426 @@ -265,10 +266,11 @@ ENTRY(twofish_enc_blk)
16427
16428 popq R1
16429 movl $1,%eax
16430 + pax_force_retaddr
16431 ret
16432 ENDPROC(twofish_enc_blk)
16433
16434 -ENTRY(twofish_dec_blk)
16435 +RAP_ENTRY(twofish_dec_blk)
16436 pushq R1
16437
16438 /* %rdi contains the ctx address */
16439 @@ -317,5 +319,6 @@ ENTRY(twofish_dec_blk)
16440
16441 popq R1
16442 movl $1,%eax
16443 + pax_force_retaddr
16444 ret
16445 ENDPROC(twofish_dec_blk)
16446 diff --git a/arch/x86/crypto/twofish_avx_glue.c b/arch/x86/crypto/twofish_avx_glue.c
16447 index b7a3904b..3e4d0d6 100644
16448 --- a/arch/x86/crypto/twofish_avx_glue.c
16449 +++ b/arch/x86/crypto/twofish_avx_glue.c
16450 @@ -46,24 +46,25 @@
16451 #define TWOFISH_PARALLEL_BLOCKS 8
16452
16453 /* 8-way parallel cipher functions */
16454 -asmlinkage void twofish_ecb_enc_8way(struct twofish_ctx *ctx, u8 *dst,
16455 +asmlinkage void twofish_ecb_enc_8way(void *ctx, u8 *dst,
16456 const u8 *src);
16457 -asmlinkage void twofish_ecb_dec_8way(struct twofish_ctx *ctx, u8 *dst,
16458 +asmlinkage void twofish_ecb_dec_8way(void *ctx, u8 *dst,
16459 const u8 *src);
16460
16461 -asmlinkage void twofish_cbc_dec_8way(struct twofish_ctx *ctx, u8 *dst,
16462 +asmlinkage void twofish_cbc_dec_8way(void *ctx, u8 *dst,
16463 const u8 *src);
16464 -asmlinkage void twofish_ctr_8way(struct twofish_ctx *ctx, u8 *dst,
16465 - const u8 *src, le128 *iv);
16466 +asmlinkage void twofish_ctr_8way(void *ctx, u128 *dst,
16467 + const u128 *src, le128 *iv);
16468
16469 -asmlinkage void twofish_xts_enc_8way(struct twofish_ctx *ctx, u8 *dst,
16470 - const u8 *src, le128 *iv);
16471 -asmlinkage void twofish_xts_dec_8way(struct twofish_ctx *ctx, u8 *dst,
16472 - const u8 *src, le128 *iv);
16473 +asmlinkage void twofish_xts_enc_8way(void *ctx, u128 *dst,
16474 + const u128 *src, le128 *iv);
16475 +asmlinkage void twofish_xts_dec_8way(void *ctx, u128 *dst,
16476 + const u128 *src, le128 *iv);
16477
16478 -static inline void twofish_enc_blk_3way(struct twofish_ctx *ctx, u8 *dst,
16479 +static inline void twofish_enc_blk_3way(void *_ctx, u8 *dst,
16480 const u8 *src)
16481 {
16482 + struct twofish_ctx *ctx = _ctx;
16483 __twofish_enc_blk_3way(ctx, dst, src, false);
16484 }
16485
16486 diff --git a/arch/x86/crypto/twofish_glue.c b/arch/x86/crypto/twofish_glue.c
16487 index 77e06c2..a45c27b 100644
16488 --- a/arch/x86/crypto/twofish_glue.c
16489 +++ b/arch/x86/crypto/twofish_glue.c
16490 @@ -44,10 +44,10 @@
16491 #include <linux/module.h>
16492 #include <linux/types.h>
16493
16494 -asmlinkage void twofish_enc_blk(struct twofish_ctx *ctx, u8 *dst,
16495 +asmlinkage void twofish_enc_blk(void *ctx, u8 *dst,
16496 const u8 *src);
16497 EXPORT_SYMBOL_GPL(twofish_enc_blk);
16498 -asmlinkage void twofish_dec_blk(struct twofish_ctx *ctx, u8 *dst,
16499 +asmlinkage void twofish_dec_blk(void *ctx, u8 *dst,
16500 const u8 *src);
16501 EXPORT_SYMBOL_GPL(twofish_dec_blk);
16502
16503 diff --git a/arch/x86/crypto/twofish_glue_3way.c b/arch/x86/crypto/twofish_glue_3way.c
16504 index 2ebb5e9..a0b0aa9 100644
16505 --- a/arch/x86/crypto/twofish_glue_3way.c
16506 +++ b/arch/x86/crypto/twofish_glue_3way.c
16507 @@ -36,21 +36,21 @@
16508 EXPORT_SYMBOL_GPL(__twofish_enc_blk_3way);
16509 EXPORT_SYMBOL_GPL(twofish_dec_blk_3way);
16510
16511 -static inline void twofish_enc_blk_3way(struct twofish_ctx *ctx, u8 *dst,
16512 +static inline void twofish_enc_blk_3way(void *ctx, u8 *dst,
16513 const u8 *src)
16514 {
16515 __twofish_enc_blk_3way(ctx, dst, src, false);
16516 }
16517
16518 -static inline void twofish_enc_blk_xor_3way(struct twofish_ctx *ctx, u8 *dst,
16519 +static inline void twofish_enc_blk_xor_3way(void *ctx, u8 *dst,
16520 const u8 *src)
16521 {
16522 __twofish_enc_blk_3way(ctx, dst, src, true);
16523 }
16524
16525 -void twofish_dec_blk_cbc_3way(void *ctx, u128 *dst, const u128 *src)
16526 +void twofish_dec_blk_cbc_3way(void *ctx, u8 *_dst, const u8 *_src)
16527 {
16528 - u128 ivs[2];
16529 + u128 ivs[2], *dst = (u128 *)_dst, *src = (u128 *)_src;
16530
16531 ivs[0] = src[0];
16532 ivs[1] = src[1];
16533 @@ -118,10 +118,10 @@ static const struct common_glue_ctx twofish_ctr = {
16534
16535 .funcs = { {
16536 .num_blocks = 3,
16537 - .fn_u = { .ecb = GLUE_FUNC_CAST(twofish_enc_blk_ctr_3way) }
16538 + .fn_u = { .ctr = GLUE_CTR_FUNC_CAST(twofish_enc_blk_ctr_3way) }
16539 }, {
16540 .num_blocks = 1,
16541 - .fn_u = { .ecb = GLUE_FUNC_CAST(twofish_enc_blk_ctr) }
16542 + .fn_u = { .ctr = GLUE_CTR_FUNC_CAST(twofish_enc_blk_ctr) }
16543 } }
16544 };
16545
16546 diff --git a/arch/x86/entry/Makefile b/arch/x86/entry/Makefile
16547 index 77f28ce..7714ca0 100644
16548 --- a/arch/x86/entry/Makefile
16549 +++ b/arch/x86/entry/Makefile
16550 @@ -15,3 +15,5 @@ obj-y += vsyscall/
16551
16552 obj-$(CONFIG_IA32_EMULATION) += entry_64_compat.o syscall_32.o
16553
16554 +CFLAGS_REMOVE_syscall_32.o = $(RAP_PLUGIN_ABS_CFLAGS)
16555 +CFLAGS_REMOVE_syscall_64.o = $(RAP_PLUGIN_ABS_CFLAGS)
16556 diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h
16557 index 9a9e588..b900d1c 100644
16558 --- a/arch/x86/entry/calling.h
16559 +++ b/arch/x86/entry/calling.h
16560 @@ -95,23 +95,26 @@ For 32-bit we have the following conventions - kernel is built with
16561 .endm
16562
16563 .macro SAVE_C_REGS_HELPER offset=0 rax=1 rcx=1 r8910=1 r11=1
16564 +#ifdef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR
16565 + movq %r12, R12+\offset(%rsp)
16566 +#endif
16567 .if \r11
16568 - movq %r11, 6*8+\offset(%rsp)
16569 + movq %r11, R11+\offset(%rsp)
16570 .endif
16571 .if \r8910
16572 - movq %r10, 7*8+\offset(%rsp)
16573 - movq %r9, 8*8+\offset(%rsp)
16574 - movq %r8, 9*8+\offset(%rsp)
16575 + movq %r10, R10+\offset(%rsp)
16576 + movq %r9, R9+\offset(%rsp)
16577 + movq %r8, R8+\offset(%rsp)
16578 .endif
16579 .if \rax
16580 - movq %rax, 10*8+\offset(%rsp)
16581 + movq %rax, RAX+\offset(%rsp)
16582 .endif
16583 .if \rcx
16584 - movq %rcx, 11*8+\offset(%rsp)
16585 + movq %rcx, RCX+\offset(%rsp)
16586 .endif
16587 - movq %rdx, 12*8+\offset(%rsp)
16588 - movq %rsi, 13*8+\offset(%rsp)
16589 - movq %rdi, 14*8+\offset(%rsp)
16590 + movq %rdx, RDX+\offset(%rsp)
16591 + movq %rsi, RSI+\offset(%rsp)
16592 + movq %rdi, RDI+\offset(%rsp)
16593 .endm
16594 .macro SAVE_C_REGS offset=0
16595 SAVE_C_REGS_HELPER \offset, 1, 1, 1, 1
16596 @@ -130,67 +133,78 @@ For 32-bit we have the following conventions - kernel is built with
16597 .endm
16598
16599 .macro SAVE_EXTRA_REGS offset=0
16600 - movq %r15, 0*8+\offset(%rsp)
16601 - movq %r14, 1*8+\offset(%rsp)
16602 - movq %r13, 2*8+\offset(%rsp)
16603 - movq %r12, 3*8+\offset(%rsp)
16604 - movq %rbp, 4*8+\offset(%rsp)
16605 - movq %rbx, 5*8+\offset(%rsp)
16606 + movq %r15, R15+\offset(%rsp)
16607 + movq %r14, R14+\offset(%rsp)
16608 + movq %r13, R13+\offset(%rsp)
16609 +#ifndef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR
16610 + movq %r12, R12+\offset(%rsp)
16611 +#endif
16612 + movq %rbp, RBP+\offset(%rsp)
16613 + movq %rbx, RBX+\offset(%rsp)
16614 .endm
16615
16616 .macro RESTORE_EXTRA_REGS offset=0
16617 - movq 0*8+\offset(%rsp), %r15
16618 - movq 1*8+\offset(%rsp), %r14
16619 - movq 2*8+\offset(%rsp), %r13
16620 - movq 3*8+\offset(%rsp), %r12
16621 - movq 4*8+\offset(%rsp), %rbp
16622 - movq 5*8+\offset(%rsp), %rbx
16623 + movq R15+\offset(%rsp), %r15
16624 + movq R14+\offset(%rsp), %r14
16625 + movq R13+\offset(%rsp), %r13
16626 +#ifndef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR
16627 + movq R12+\offset(%rsp), %r12
16628 +#endif
16629 + movq RBP+\offset(%rsp), %rbp
16630 + movq RBX+\offset(%rsp), %rbx
16631 .endm
16632
16633 .macro ZERO_EXTRA_REGS
16634 xorl %r15d, %r15d
16635 xorl %r14d, %r14d
16636 xorl %r13d, %r13d
16637 +#ifndef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR
16638 xorl %r12d, %r12d
16639 +#endif
16640 xorl %ebp, %ebp
16641 xorl %ebx, %ebx
16642 .endm
16643
16644 - .macro RESTORE_C_REGS_HELPER rstor_rax=1, rstor_rcx=1, rstor_r11=1, rstor_r8910=1, rstor_rdx=1
16645 + .macro RESTORE_C_REGS_HELPER rstor_rax=1, rstor_rcx=1, rstor_r11=1, rstor_r8910=1, rstor_rdx=1, rstor_r12=1
16646 +#ifdef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR
16647 + .if \rstor_r12
16648 + movq R12(%rsp), %r12
16649 + .endif
16650 +#endif
16651 .if \rstor_r11
16652 - movq 6*8(%rsp), %r11
16653 + movq R11(%rsp), %r11
16654 .endif
16655 .if \rstor_r8910
16656 - movq 7*8(%rsp), %r10
16657 - movq 8*8(%rsp), %r9
16658 - movq 9*8(%rsp), %r8
16659 + movq R10(%rsp), %r10
16660 + movq R9(%rsp), %r9
16661 + movq R8(%rsp), %r8
16662 .endif
16663 .if \rstor_rax
16664 - movq 10*8(%rsp), %rax
16665 + movq RAX(%rsp), %rax
16666 .endif
16667 .if \rstor_rcx
16668 - movq 11*8(%rsp), %rcx
16669 + movq RCX(%rsp), %rcx
16670 .endif
16671 .if \rstor_rdx
16672 - movq 12*8(%rsp), %rdx
16673 + movq RDX(%rsp), %rdx
16674 .endif
16675 - movq 13*8(%rsp), %rsi
16676 - movq 14*8(%rsp), %rdi
16677 + movq RSI(%rsp), %rsi
16678 + movq RDI(%rsp), %rdi
16679 .endm
16680 .macro RESTORE_C_REGS
16681 - RESTORE_C_REGS_HELPER 1,1,1,1,1
16682 + RESTORE_C_REGS_HELPER 1,1,1,1,1,1
16683 .endm
16684 .macro RESTORE_C_REGS_EXCEPT_RAX
16685 - RESTORE_C_REGS_HELPER 0,1,1,1,1
16686 + RESTORE_C_REGS_HELPER 0,1,1,1,1,0
16687 .endm
16688 .macro RESTORE_C_REGS_EXCEPT_RCX
16689 - RESTORE_C_REGS_HELPER 1,0,1,1,1
16690 + RESTORE_C_REGS_HELPER 1,0,1,1,1,0
16691 .endm
16692 .macro RESTORE_C_REGS_EXCEPT_R11
16693 - RESTORE_C_REGS_HELPER 1,1,0,1,1
16694 + RESTORE_C_REGS_HELPER 1,1,0,1,1,1
16695 .endm
16696 .macro RESTORE_C_REGS_EXCEPT_RCX_R11
16697 - RESTORE_C_REGS_HELPER 1,0,0,1,1
16698 + RESTORE_C_REGS_HELPER 1,0,0,1,1,1
16699 .endm
16700
16701 .macro REMOVE_PT_GPREGS_FROM_STACK addskip=0
16702 diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
16703 index 1433f6b..dac4cbe 100644
16704 --- a/arch/x86/entry/common.c
16705 +++ b/arch/x86/entry/common.c
16706 @@ -33,9 +33,7 @@
16707
16708 static struct thread_info *pt_regs_to_thread_info(struct pt_regs *regs)
16709 {
16710 - unsigned long top_of_stack =
16711 - (unsigned long)(regs + 1) + TOP_OF_KERNEL_STACK_PADDING;
16712 - return (struct thread_info *)(top_of_stack - THREAD_SIZE);
16713 + return current_thread_info();
16714 }
16715
16716 #ifdef CONFIG_CONTEXT_TRACKING
16717 @@ -49,6 +47,12 @@ __visible inline void enter_from_user_mode(void)
16718 static inline void enter_from_user_mode(void) {}
16719 #endif
16720
16721 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK
16722 +asmlinkage void pax_erase_kstack(void);
16723 +#else
16724 +static void pax_erase_kstack(void) {}
16725 +#endif
16726 +
16727 static void do_audit_syscall_entry(struct pt_regs *regs, u32 arch)
16728 {
16729 #ifdef CONFIG_X86_64
16730 @@ -63,6 +67,10 @@ static void do_audit_syscall_entry(struct pt_regs *regs, u32 arch)
16731 }
16732 }
16733
16734 +#ifdef CONFIG_GRKERNSEC_SETXID
16735 +extern void gr_delayed_cred_worker(void);
16736 +#endif
16737 +
16738 /*
16739 * Returns the syscall nr to run (which should match regs->orig_ax) or -1
16740 * to skip the syscall.
16741 @@ -81,12 +89,19 @@ static long syscall_trace_enter(struct pt_regs *regs)
16742
16743 work = ACCESS_ONCE(ti->flags) & _TIF_WORK_SYSCALL_ENTRY;
16744
16745 +#ifdef CONFIG_GRKERNSEC_SETXID
16746 + if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID)))
16747 + gr_delayed_cred_worker();
16748 +#endif
16749 +
16750 if (unlikely(work & _TIF_SYSCALL_EMU))
16751 emulated = true;
16752
16753 if ((emulated || (work & _TIF_SYSCALL_TRACE)) &&
16754 - tracehook_report_syscall_entry(regs))
16755 + tracehook_report_syscall_entry(regs)) {
16756 + pax_erase_kstack();
16757 return -1L;
16758 + }
16759
16760 if (emulated)
16761 return -1L;
16762 @@ -121,8 +136,10 @@ static long syscall_trace_enter(struct pt_regs *regs)
16763 }
16764
16765 ret = __secure_computing(&sd);
16766 - if (ret == -1)
16767 + if (ret == -1) {
16768 + pax_erase_kstack();
16769 return ret;
16770 + }
16771 }
16772 #endif
16773
16774 @@ -131,6 +148,7 @@ static long syscall_trace_enter(struct pt_regs *regs)
16775
16776 do_audit_syscall_entry(regs, arch);
16777
16778 + pax_erase_kstack();
16779 return ret ?: regs->orig_ax;
16780 }
16781
16782 @@ -237,7 +255,7 @@ static void syscall_slow_exit_work(struct pt_regs *regs, u32 cached_flags)
16783 step = unlikely(
16784 (cached_flags & (_TIF_SINGLESTEP | _TIF_SYSCALL_EMU))
16785 == _TIF_SINGLESTEP);
16786 - if (step || cached_flags & _TIF_SYSCALL_TRACE)
16787 + if (step || (cached_flags & _TIF_SYSCALL_TRACE))
16788 tracehook_report_syscall_exit(regs, step);
16789 }
16790
16791 @@ -256,6 +274,11 @@ __visible inline void syscall_return_slowpath(struct pt_regs *regs)
16792 WARN(irqs_disabled(), "syscall %ld left IRQs disabled", regs->orig_ax))
16793 local_irq_enable();
16794
16795 +#ifdef CONFIG_GRKERNSEC_SETXID
16796 + if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID)))
16797 + gr_delayed_cred_worker();
16798 +#endif
16799 +
16800 /*
16801 * First do one-time work. If these work items are enabled, we
16802 * want to run them exactly once per syscall exit with IRQs on.
16803 @@ -285,9 +308,29 @@ __visible void do_syscall_64(struct pt_regs *regs)
16804 * regs->orig_ax, which changes the behavior of some syscalls.
16805 */
16806 if (likely((nr & __SYSCALL_MASK) < NR_syscalls)) {
16807 +#ifdef CONFIG_PAX_RAP
16808 + asm volatile("movq %[param1],%%rdi\n\t"
16809 + "movq %[param2],%%rsi\n\t"
16810 + "movq %[param3],%%rdx\n\t"
16811 + "movq %[param4],%%rcx\n\t"
16812 + "movq %[param5],%%r8\n\t"
16813 + "movq %[param6],%%r9\n\t"
16814 + "call *%P[syscall]\n\t"
16815 + "mov %%rax,%[result]\n\t"
16816 + : [result] "=m" (regs->ax)
16817 + : [syscall] "m" (sys_call_table[nr & __SYSCALL_MASK]),
16818 + [param1] "m" (regs->di),
16819 + [param2] "m" (regs->si),
16820 + [param3] "m" (regs->dx),
16821 + [param4] "m" (regs->r10),
16822 + [param5] "m" (regs->r8),
16823 + [param6] "m" (regs->r9)
16824 + : "ax", "di", "si", "dx", "cx", "r8", "r9", "r10", "r11", "memory");
16825 +#else
16826 regs->ax = sys_call_table[nr & __SYSCALL_MASK](
16827 regs->di, regs->si, regs->dx,
16828 regs->r10, regs->r8, regs->r9);
16829 +#endif
16830 }
16831
16832 syscall_return_slowpath(regs);
16833 @@ -327,10 +370,51 @@ static __always_inline void do_syscall_32_irqs_on(struct pt_regs *regs)
16834 * the high bits are zero. Make sure we zero-extend all
16835 * of the args.
16836 */
16837 +#ifdef CONFIG_PAX_RAP
16838 +#ifdef CONFIG_X86_64
16839 + asm volatile("movl %[param1],%%edi\n\t"
16840 + "movl %[param2],%%esi\n\t"
16841 + "movl %[param3],%%edx\n\t"
16842 + "movl %[param4],%%ecx\n\t"
16843 + "movl %[param5],%%r8d\n\t"
16844 + "movl %[param6],%%r9d\n\t"
16845 + "call *%P[syscall]\n\t"
16846 + "mov %%rax,%[result]\n\t"
16847 + : [result] "=m" (regs->ax)
16848 + : [syscall] "m" (ia32_sys_call_table[nr]),
16849 + [param1] "m" (regs->bx),
16850 + [param2] "m" (regs->cx),
16851 + [param3] "m" (regs->dx),
16852 + [param4] "m" (regs->si),
16853 + [param5] "m" (regs->di),
16854 + [param6] "m" (regs->bp)
16855 + : "ax", "di", "si", "dx", "cx", "r8", "r9", "r10", "r11", "memory");
16856 +#else
16857 + asm volatile("pushl %[param6]\n\t"
16858 + "pushl %[param5]\n\t"
16859 + "pushl %[param4]\n\t"
16860 + "pushl %[param3]\n\t"
16861 + "pushl %[param2]\n\t"
16862 + "pushl %[param1]\n\t"
16863 + "call *%P[syscall]\n\t"
16864 + "addl $6*8,%%esp\n\t"
16865 + "mov %%eax,%[result]\n\t"
16866 + : [result] "=m" (regs->ax)
16867 + : [syscall] "m" (ia32_sys_call_table[nr]),
16868 + [param1] "m" (regs->bx),
16869 + [param2] "m" (regs->cx),
16870 + [param3] "m" (regs->dx),
16871 + [param4] "m" (regs->si),
16872 + [param5] "m" (regs->di),
16873 + [param6] "m" (regs->bp)
16874 + : "ax", "dx", "cx", "memory");
16875 +#endif
16876 +#else
16877 regs->ax = ia32_sys_call_table[nr](
16878 (unsigned int)regs->bx, (unsigned int)regs->cx,
16879 (unsigned int)regs->dx, (unsigned int)regs->si,
16880 (unsigned int)regs->di, (unsigned int)regs->bp);
16881 +#endif
16882 }
16883
16884 syscall_return_slowpath(regs);
16885 @@ -354,6 +438,7 @@ __visible long do_fast_syscall_32(struct pt_regs *regs)
16886
16887 unsigned long landing_pad = (unsigned long)current->mm->context.vdso +
16888 vdso_image_32.sym_int80_landing_pad;
16889 + u32 __user *saved_bp = (u32 __force_user *)(unsigned long)(u32)regs->sp;
16890
16891 /*
16892 * SYSENTER loses EIP, and even SYSCALL32 needs us to skip forward
16893 @@ -373,11 +458,9 @@ __visible long do_fast_syscall_32(struct pt_regs *regs)
16894 * Micro-optimization: the pointer we're following is explicitly
16895 * 32 bits, so it can't be out of range.
16896 */
16897 - __get_user(*(u32 *)&regs->bp,
16898 - (u32 __user __force *)(unsigned long)(u32)regs->sp)
16899 + __get_user_nocheck(*(u32 *)&regs->bp, saved_bp, sizeof(u32))
16900 #else
16901 - get_user(*(u32 *)&regs->bp,
16902 - (u32 __user __force *)(unsigned long)(u32)regs->sp)
16903 + get_user(regs->bp, saved_bp)
16904 #endif
16905 ) {
16906
16907 diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S
16908 index 0b56666..92043f9 100644
16909 --- a/arch/x86/entry/entry_32.S
16910 +++ b/arch/x86/entry/entry_32.S
16911 @@ -147,13 +147,157 @@
16912 movl \reg, PT_GS(%esp)
16913 .endm
16914 .macro SET_KERNEL_GS reg
16915 +
16916 +#ifdef CONFIG_CC_STACKPROTECTOR
16917 movl $(__KERNEL_STACK_CANARY), \reg
16918 +#elif defined(CONFIG_PAX_MEMORY_UDEREF)
16919 + movl $(__USER_DS), \reg
16920 +#else
16921 + xorl \reg, \reg
16922 +#endif
16923 +
16924 movl \reg, %gs
16925 .endm
16926
16927 #endif /* CONFIG_X86_32_LAZY_GS */
16928
16929 -.macro SAVE_ALL pt_regs_ax=%eax
16930 +.macro pax_enter_kernel
16931 +#ifdef CONFIG_PAX_KERNEXEC
16932 + call pax_enter_kernel
16933 +#endif
16934 +.endm
16935 +
16936 +.macro pax_exit_kernel
16937 +#ifdef CONFIG_PAX_KERNEXEC
16938 + call pax_exit_kernel
16939 +#endif
16940 +.endm
16941 +
16942 +#ifdef CONFIG_PAX_KERNEXEC
16943 +ENTRY(pax_enter_kernel)
16944 +#ifdef CONFIG_PARAVIRT
16945 + pushl %eax
16946 + pushl %ecx
16947 + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0)
16948 + mov %eax, %esi
16949 +#else
16950 + mov %cr0, %esi
16951 +#endif
16952 + bts $X86_CR0_WP_BIT, %esi
16953 + jnc 1f
16954 + mov %cs, %esi
16955 + cmp $__KERNEL_CS, %esi
16956 + jz 3f
16957 + ljmp $__KERNEL_CS, $3f
16958 +1: ljmp $__KERNEXEC_KERNEL_CS, $2f
16959 +2:
16960 +#ifdef CONFIG_PARAVIRT
16961 + mov %esi, %eax
16962 + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0)
16963 +#else
16964 + mov %esi, %cr0
16965 +#endif
16966 +3:
16967 +#ifdef CONFIG_PARAVIRT
16968 + popl %ecx
16969 + popl %eax
16970 +#endif
16971 + ret
16972 +ENDPROC(pax_enter_kernel)
16973 +
16974 +ENTRY(pax_exit_kernel)
16975 +#ifdef CONFIG_PARAVIRT
16976 + pushl %eax
16977 + pushl %ecx
16978 +#endif
16979 + mov %cs, %esi
16980 + cmp $__KERNEXEC_KERNEL_CS, %esi
16981 + jnz 2f
16982 +#ifdef CONFIG_PARAVIRT
16983 + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0);
16984 + mov %eax, %esi
16985 +#else
16986 + mov %cr0, %esi
16987 +#endif
16988 + btr $X86_CR0_WP_BIT, %esi
16989 + ljmp $__KERNEL_CS, $1f
16990 +1:
16991 +#ifdef CONFIG_PARAVIRT
16992 + mov %esi, %eax
16993 + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0);
16994 +#else
16995 + mov %esi, %cr0
16996 +#endif
16997 +2:
16998 +#ifdef CONFIG_PARAVIRT
16999 + popl %ecx
17000 + popl %eax
17001 +#endif
17002 + ret
17003 +ENDPROC(pax_exit_kernel)
17004 +#endif
17005 +
17006 + .macro pax_erase_kstack
17007 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK
17008 + call pax_erase_kstack
17009 +#endif
17010 + .endm
17011 +
17012 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK
17013 +/*
17014 + * ebp: thread_info
17015 + */
17016 +ENTRY(pax_erase_kstack)
17017 + pushl %edi
17018 + pushl %ecx
17019 + pushl %eax
17020 + pushl %ebp
17021 +
17022 + GET_THREAD_INFO(%ebp)
17023 + mov TI_lowest_stack(%ebp), %edi
17024 + mov $-0xBEEF, %eax
17025 + std
17026 +
17027 +1: mov %edi, %ecx
17028 + and $THREAD_SIZE_asm - 1, %ecx
17029 + shr $2, %ecx
17030 + repne scasl
17031 + jecxz 2f
17032 +
17033 + cmp $2*16, %ecx
17034 + jc 2f
17035 +
17036 + mov $2*16, %ecx
17037 + repe scasl
17038 + jecxz 2f
17039 + jne 1b
17040 +
17041 +2: cld
17042 + or $2*4, %edi
17043 + mov %esp, %ecx
17044 + sub %edi, %ecx
17045 +
17046 + cmp $THREAD_SIZE_asm, %ecx
17047 + jb 3f
17048 + ud2
17049 +3:
17050 +
17051 + shr $2, %ecx
17052 + rep stosl
17053 +
17054 + mov TI_task_thread_sp0(%ebp), %edi
17055 + sub $128, %edi
17056 + mov %edi, TI_lowest_stack(%ebp)
17057 +
17058 + popl %ebp
17059 + popl %eax
17060 + popl %ecx
17061 + popl %edi
17062 + ret
17063 +ENDPROC(pax_erase_kstack)
17064 +#endif
17065 +
17066 +.macro __SAVE_ALL pt_regs_ax, _DS
17067 cld
17068 PUSH_GS
17069 pushl %fs
17070 @@ -166,7 +310,7 @@
17071 pushl %edx
17072 pushl %ecx
17073 pushl %ebx
17074 - movl $(__USER_DS), %edx
17075 + movl $\_DS, %edx
17076 movl %edx, %ds
17077 movl %edx, %es
17078 movl $(__KERNEL_PERCPU), %edx
17079 @@ -174,6 +318,15 @@
17080 SET_KERNEL_GS %edx
17081 .endm
17082
17083 +.macro SAVE_ALL pt_regs_ax=%eax
17084 +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
17085 + __SAVE_ALL \pt_regs_ax, __KERNEL_DS
17086 + pax_enter_kernel
17087 +#else
17088 + __SAVE_ALL \pt_regs_ax, __USER_DS
17089 +#endif
17090 +.endm
17091 +
17092 .macro RESTORE_INT_REGS
17093 popl %ebx
17094 popl %ecx
17095 @@ -213,7 +366,7 @@ ENTRY(ret_from_fork)
17096 movl %esp, %eax
17097 call syscall_return_slowpath
17098 jmp restore_all
17099 -END(ret_from_fork)
17100 +ENDPROC(ret_from_fork)
17101
17102 ENTRY(ret_from_kernel_thread)
17103 pushl %eax
17104 @@ -257,15 +410,23 @@ ret_from_intr:
17105 andl $SEGMENT_RPL_MASK, %eax
17106 #endif
17107 cmpl $USER_RPL, %eax
17108 +
17109 +#ifdef CONFIG_PAX_KERNEXEC
17110 + jae resume_userspace
17111 +
17112 + pax_exit_kernel
17113 + jmp resume_kernel
17114 +#else
17115 jb resume_kernel # not returning to v8086 or userspace
17116 +#endif
17117
17118 ENTRY(resume_userspace)
17119 DISABLE_INTERRUPTS(CLBR_ANY)
17120 TRACE_IRQS_OFF
17121 movl %esp, %eax
17122 call prepare_exit_to_usermode
17123 - jmp restore_all
17124 -END(ret_from_exception)
17125 + jmp .Lsyscall_32_done
17126 +ENDPROC(ret_from_exception)
17127
17128 #ifdef CONFIG_PREEMPT
17129 ENTRY(resume_kernel)
17130 @@ -277,7 +438,7 @@ need_resched:
17131 jz restore_all
17132 call preempt_schedule_irq
17133 jmp need_resched
17134 -END(resume_kernel)
17135 +ENDPROC(resume_kernel)
17136 #endif
17137
17138 GLOBAL(__begin_SYSENTER_singlestep_region)
17139 @@ -344,6 +505,10 @@ sysenter_past_esp:
17140 pushl %eax /* pt_regs->orig_ax */
17141 SAVE_ALL pt_regs_ax=$-ENOSYS /* save rest */
17142
17143 +#ifdef CONFIG_PAX_RANDKSTACK
17144 + pax_erase_kstack
17145 +#endif
17146 +
17147 /*
17148 * SYSENTER doesn't filter flags, so we need to clear NT, AC
17149 * and TF ourselves. To save a few cycles, we can check whether
17150 @@ -379,11 +544,20 @@ sysenter_past_esp:
17151 ALTERNATIVE "testl %eax, %eax; jz .Lsyscall_32_done", \
17152 "jmp .Lsyscall_32_done", X86_FEATURE_XENPV
17153
17154 +#ifdef CONFIG_PAX_RANDKSTACK
17155 + movl %esp, %eax
17156 + call pax_randomize_kstack
17157 +#endif
17158 +
17159 + pax_erase_kstack
17160 +
17161 /* Opportunistic SYSEXIT */
17162 TRACE_IRQS_ON /* User mode traces as IRQs on. */
17163 movl PT_EIP(%esp), %edx /* pt_regs->ip */
17164 movl PT_OLDESP(%esp), %ecx /* pt_regs->sp */
17165 1: mov PT_FS(%esp), %fs
17166 +2: mov PT_DS(%esp), %ds
17167 +3: mov PT_ES(%esp), %es
17168 PTGS_TO_GS
17169 popl %ebx /* pt_regs->bx */
17170 addl $2*4, %esp /* skip pt_regs->cx and pt_regs->dx */
17171 @@ -409,10 +583,16 @@ sysenter_past_esp:
17172 sysexit
17173
17174 .pushsection .fixup, "ax"
17175 -2: movl $0, PT_FS(%esp)
17176 +4: movl $0, PT_FS(%esp)
17177 + jmp 1b
17178 +5: movl $0, PT_DS(%esp)
17179 + jmp 1b
17180 +6: movl $0, PT_ES(%esp)
17181 jmp 1b
17182 .popsection
17183 - _ASM_EXTABLE(1b, 2b)
17184 + _ASM_EXTABLE(1b, 4b)
17185 + _ASM_EXTABLE(2b, 5b)
17186 + _ASM_EXTABLE(3b, 6b)
17187 PTGS_TO_GS_EX
17188
17189 .Lsysenter_fix_flags:
17190 @@ -455,6 +635,10 @@ ENTRY(entry_INT80_32)
17191 pushl %eax /* pt_regs->orig_ax */
17192 SAVE_ALL pt_regs_ax=$-ENOSYS /* save rest */
17193
17194 +#ifdef CONFIG_PAX_RANDKSTACK
17195 + pax_erase_kstack
17196 +#endif
17197 +
17198 /*
17199 * User mode is traced as though IRQs are on, and the interrupt gate
17200 * turned them off.
17201 @@ -465,6 +649,13 @@ ENTRY(entry_INT80_32)
17202 call do_int80_syscall_32
17203 .Lsyscall_32_done:
17204
17205 +#ifdef CONFIG_PAX_RANDKSTACK
17206 + movl %esp, %eax
17207 + call pax_randomize_kstack
17208 +#endif
17209 +
17210 + pax_erase_kstack
17211 +
17212 restore_all:
17213 TRACE_IRQS_IRET
17214 restore_all_notrace:
17215 @@ -508,14 +699,34 @@ ldt_ss:
17216 * compensating for the offset by changing to the ESPFIX segment with
17217 * a base address that matches for the difference.
17218 */
17219 -#define GDT_ESPFIX_SS PER_CPU_VAR(gdt_page) + (GDT_ENTRY_ESPFIX_SS * 8)
17220 +#define GDT_ESPFIX_SS (GDT_ENTRY_ESPFIX_SS * 8)(%ebx)
17221 mov %esp, %edx /* load kernel esp */
17222 mov PT_OLDESP(%esp), %eax /* load userspace esp */
17223 mov %dx, %ax /* eax: new kernel esp */
17224 sub %eax, %edx /* offset (low word is 0) */
17225 +#ifdef CONFIG_SMP
17226 + movl PER_CPU_VAR(cpu_number), %ebx
17227 + shll $PAGE_SHIFT_asm, %ebx
17228 + addl $cpu_gdt_table, %ebx
17229 +#else
17230 + movl $cpu_gdt_table, %ebx
17231 +#endif
17232 shr $16, %edx
17233 - mov %dl, GDT_ESPFIX_SS + 4 /* bits 16..23 */
17234 - mov %dh, GDT_ESPFIX_SS + 7 /* bits 24..31 */
17235 +
17236 +#ifdef CONFIG_PAX_KERNEXEC
17237 + mov %cr0, %esi
17238 + btr $X86_CR0_WP_BIT, %esi
17239 + mov %esi, %cr0
17240 +#endif
17241 +
17242 + mov %dl, 4 + GDT_ESPFIX_SS /* bits 16..23 */
17243 + mov %dh, 7 + GDT_ESPFIX_SS /* bits 24..31 */
17244 +
17245 +#ifdef CONFIG_PAX_KERNEXEC
17246 + bts $X86_CR0_WP_BIT, %esi
17247 + mov %esi, %cr0
17248 +#endif
17249 +
17250 pushl $__ESPFIX_SS
17251 pushl %eax /* new kernel esp */
17252 /*
17253 @@ -539,8 +750,15 @@ ENDPROC(entry_INT80_32)
17254 */
17255 #ifdef CONFIG_X86_ESPFIX32
17256 /* fixup the stack */
17257 - mov GDT_ESPFIX_SS + 4, %al /* bits 16..23 */
17258 - mov GDT_ESPFIX_SS + 7, %ah /* bits 24..31 */
17259 +#ifdef CONFIG_SMP
17260 + movl PER_CPU_VAR(cpu_number), %ebx
17261 + shll $PAGE_SHIFT_asm, %ebx
17262 + addl $cpu_gdt_table, %ebx
17263 +#else
17264 + movl $cpu_gdt_table, %ebx
17265 +#endif
17266 + mov 4 + GDT_ESPFIX_SS, %al /* bits 16..23 */
17267 + mov 7 + GDT_ESPFIX_SS, %ah /* bits 24..31 */
17268 shl $16, %eax
17269 addl %esp, %eax /* the adjusted stack pointer */
17270 pushl $__KERNEL_DS
17271 @@ -576,7 +794,7 @@ ENTRY(irq_entries_start)
17272 jmp common_interrupt
17273 .align 8
17274 .endr
17275 -END(irq_entries_start)
17276 +ENDPROC(irq_entries_start)
17277
17278 /*
17279 * the CPU automatically disables interrupts when executing an IRQ vector,
17280 @@ -623,7 +841,7 @@ ENTRY(coprocessor_error)
17281 pushl $0
17282 pushl $do_coprocessor_error
17283 jmp error_code
17284 -END(coprocessor_error)
17285 +ENDPROC(coprocessor_error)
17286
17287 ENTRY(simd_coprocessor_error)
17288 ASM_CLAC
17289 @@ -637,20 +855,20 @@ ENTRY(simd_coprocessor_error)
17290 pushl $do_simd_coprocessor_error
17291 #endif
17292 jmp error_code
17293 -END(simd_coprocessor_error)
17294 +ENDPROC(simd_coprocessor_error)
17295
17296 ENTRY(device_not_available)
17297 ASM_CLAC
17298 pushl $-1 # mark this as an int
17299 pushl $do_device_not_available
17300 jmp error_code
17301 -END(device_not_available)
17302 +ENDPROC(device_not_available)
17303
17304 #ifdef CONFIG_PARAVIRT
17305 ENTRY(native_iret)
17306 iret
17307 _ASM_EXTABLE(native_iret, iret_exc)
17308 -END(native_iret)
17309 +ENDPROC(native_iret)
17310 #endif
17311
17312 ENTRY(overflow)
17313 @@ -658,59 +876,59 @@ ENTRY(overflow)
17314 pushl $0
17315 pushl $do_overflow
17316 jmp error_code
17317 -END(overflow)
17318 +ENDPROC(overflow)
17319
17320 ENTRY(bounds)
17321 ASM_CLAC
17322 pushl $0
17323 pushl $do_bounds
17324 jmp error_code
17325 -END(bounds)
17326 +ENDPROC(bounds)
17327
17328 ENTRY(invalid_op)
17329 ASM_CLAC
17330 pushl $0
17331 pushl $do_invalid_op
17332 jmp error_code
17333 -END(invalid_op)
17334 +ENDPROC(invalid_op)
17335
17336 ENTRY(coprocessor_segment_overrun)
17337 ASM_CLAC
17338 pushl $0
17339 pushl $do_coprocessor_segment_overrun
17340 jmp error_code
17341 -END(coprocessor_segment_overrun)
17342 +ENDPROC(coprocessor_segment_overrun)
17343
17344 ENTRY(invalid_TSS)
17345 ASM_CLAC
17346 pushl $do_invalid_TSS
17347 jmp error_code
17348 -END(invalid_TSS)
17349 +ENDPROC(invalid_TSS)
17350
17351 ENTRY(segment_not_present)
17352 ASM_CLAC
17353 pushl $do_segment_not_present
17354 jmp error_code
17355 -END(segment_not_present)
17356 +ENDPROC(segment_not_present)
17357
17358 ENTRY(stack_segment)
17359 ASM_CLAC
17360 pushl $do_stack_segment
17361 jmp error_code
17362 -END(stack_segment)
17363 +ENDPROC(stack_segment)
17364
17365 ENTRY(alignment_check)
17366 ASM_CLAC
17367 pushl $do_alignment_check
17368 jmp error_code
17369 -END(alignment_check)
17370 +ENDPROC(alignment_check)
17371
17372 ENTRY(divide_error)
17373 ASM_CLAC
17374 pushl $0 # no error code
17375 pushl $do_divide_error
17376 jmp error_code
17377 -END(divide_error)
17378 +ENDPROC(divide_error)
17379
17380 #ifdef CONFIG_X86_MCE
17381 ENTRY(machine_check)
17382 @@ -718,7 +936,7 @@ ENTRY(machine_check)
17383 pushl $0
17384 pushl machine_check_vector
17385 jmp error_code
17386 -END(machine_check)
17387 +ENDPROC(machine_check)
17388 #endif
17389
17390 ENTRY(spurious_interrupt_bug)
17391 @@ -726,7 +944,16 @@ ENTRY(spurious_interrupt_bug)
17392 pushl $0
17393 pushl $do_spurious_interrupt_bug
17394 jmp error_code
17395 -END(spurious_interrupt_bug)
17396 +ENDPROC(spurious_interrupt_bug)
17397 +
17398 +#ifdef CONFIG_PAX_REFCOUNT
17399 +ENTRY(refcount_error)
17400 + ASM_CLAC
17401 + pushl $0
17402 + pushl $do_refcount_error
17403 + jmp error_code
17404 +ENDPROC(refcount_error)
17405 +#endif
17406
17407 #ifdef CONFIG_XEN
17408 ENTRY(xen_hypervisor_callback)
17409 @@ -825,7 +1052,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
17410
17411 ENTRY(mcount)
17412 ret
17413 -END(mcount)
17414 +ENDPROC(mcount)
17415
17416 ENTRY(ftrace_caller)
17417 pushl %eax
17418 @@ -855,7 +1082,7 @@ ftrace_graph_call:
17419 .globl ftrace_stub
17420 ftrace_stub:
17421 ret
17422 -END(ftrace_caller)
17423 +ENDPROC(ftrace_caller)
17424
17425 ENTRY(ftrace_regs_caller)
17426 pushf /* push flags before compare (in cs location) */
17427 @@ -953,7 +1180,7 @@ trace:
17428 popl %ecx
17429 popl %eax
17430 jmp ftrace_stub
17431 -END(mcount)
17432 +ENDPROC(mcount)
17433 #endif /* CONFIG_DYNAMIC_FTRACE */
17434 #endif /* CONFIG_FUNCTION_TRACER */
17435
17436 @@ -971,7 +1198,7 @@ ENTRY(ftrace_graph_caller)
17437 popl %ecx
17438 popl %eax
17439 ret
17440 -END(ftrace_graph_caller)
17441 +ENDPROC(ftrace_graph_caller)
17442
17443 .globl return_to_handler
17444 return_to_handler:
17445 @@ -990,7 +1217,7 @@ ENTRY(trace_page_fault)
17446 ASM_CLAC
17447 pushl $trace_do_page_fault
17448 jmp error_code
17449 -END(trace_page_fault)
17450 +ENDPROC(trace_page_fault)
17451 #endif
17452
17453 ENTRY(page_fault)
17454 @@ -1019,16 +1246,19 @@ error_code:
17455 movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
17456 REG_TO_PTGS %ecx
17457 SET_KERNEL_GS %ecx
17458 - movl $(__USER_DS), %ecx
17459 + movl $(__KERNEL_DS), %ecx
17460 movl %ecx, %ds
17461 movl %ecx, %es
17462 +
17463 + pax_enter_kernel
17464 +
17465 TRACE_IRQS_OFF
17466 movl %esp, %eax # pt_regs pointer
17467 call *%edi
17468 jmp ret_from_exception
17469 -END(page_fault)
17470 +ENDPROC(page_fault)
17471
17472 -ENTRY(debug)
17473 +ENTRY(int1)
17474 /*
17475 * #DB can happen at the first instruction of
17476 * entry_SYSENTER_32 or in Xen's SYSENTER prologue. If this
17477 @@ -1045,7 +1275,13 @@ ENTRY(debug)
17478 movl %esp, %eax # pt_regs pointer
17479
17480 /* Are we currently on the SYSENTER stack? */
17481 - PER_CPU(cpu_tss + CPU_TSS_SYSENTER_stack + SIZEOF_SYSENTER_stack, %ecx)
17482 +#ifdef CONFIG_SMP
17483 + imul $TSS_size, PER_CPU_VAR(cpu_number), %ecx
17484 + lea cpu_tss(%ecx), %ecx
17485 +#else
17486 + movl $cpu_tss, %ecx
17487 +#endif
17488 + movl CPU_TSS_SYSENTER_stack + SIZEOF_SYSENTER_stack(%ecx), %ecx
17489 subl %eax, %ecx /* ecx = (end of SYSENTER_stack) - esp */
17490 cmpl $SIZEOF_SYSENTER_stack, %ecx
17491 jb .Ldebug_from_sysenter_stack
17492 @@ -1062,7 +1298,7 @@ ENTRY(debug)
17493 call do_debug
17494 movl %ebp, %esp
17495 jmp ret_from_exception
17496 -END(debug)
17497 +ENDPROC(int1)
17498
17499 /*
17500 * NMI is doubly nasty. It can happen on the first instruction of
17501 @@ -1087,13 +1323,22 @@ ENTRY(nmi)
17502 movl %esp, %eax # pt_regs pointer
17503
17504 /* Are we currently on the SYSENTER stack? */
17505 - PER_CPU(cpu_tss + CPU_TSS_SYSENTER_stack + SIZEOF_SYSENTER_stack, %ecx)
17506 +#ifdef CONFIG_SMP
17507 + imul $TSS_size, PER_CPU_VAR(cpu_number), %ecx
17508 + lea cpu_tss(%ecx), %ecx
17509 +#else
17510 + movl $cpu_tss, %ecx
17511 +#endif
17512 + movl CPU_TSS_SYSENTER_stack + SIZEOF_SYSENTER_stack(%ecx), %ecx
17513 subl %eax, %ecx /* ecx = (end of SYSENTER_stack) - esp */
17514 cmpl $SIZEOF_SYSENTER_stack, %ecx
17515 jb .Lnmi_from_sysenter_stack
17516
17517 /* Not on SYSENTER stack. */
17518 call do_nmi
17519 +
17520 + pax_exit_kernel
17521 +
17522 jmp restore_all_notrace
17523
17524 .Lnmi_from_sysenter_stack:
17525 @@ -1105,6 +1350,9 @@ ENTRY(nmi)
17526 movl PER_CPU_VAR(cpu_current_top_of_stack), %esp
17527 call do_nmi
17528 movl %ebp, %esp
17529 +
17530 + pax_exit_kernel
17531 +
17532 jmp restore_all_notrace
17533
17534 #ifdef CONFIG_X86_ESPFIX32
17535 @@ -1124,11 +1372,14 @@ nmi_espfix_stack:
17536 FIXUP_ESPFIX_STACK # %eax == %esp
17537 xorl %edx, %edx # zero error code
17538 call do_nmi
17539 +
17540 + pax_exit_kernel
17541 +
17542 RESTORE_REGS
17543 lss 12+4(%esp), %esp # back to espfix stack
17544 jmp irq_return
17545 #endif
17546 -END(nmi)
17547 +ENDPROC(nmi)
17548
17549 ENTRY(int3)
17550 ASM_CLAC
17551 @@ -1139,19 +1390,19 @@ ENTRY(int3)
17552 movl %esp, %eax # pt_regs pointer
17553 call do_int3
17554 jmp ret_from_exception
17555 -END(int3)
17556 +ENDPROC(int3)
17557
17558 ENTRY(general_protection)
17559 pushl $do_general_protection
17560 jmp error_code
17561 -END(general_protection)
17562 +ENDPROC(general_protection)
17563
17564 #ifdef CONFIG_KVM_GUEST
17565 ENTRY(async_page_fault)
17566 ASM_CLAC
17567 pushl $do_async_page_fault
17568 jmp error_code
17569 -END(async_page_fault)
17570 +ENDPROC(async_page_fault)
17571 #endif
17572
17573 ENTRY(rewind_stack_do_exit)
17574 @@ -1161,6 +1412,6 @@ ENTRY(rewind_stack_do_exit)
17575 movl PER_CPU_VAR(cpu_current_top_of_stack), %esi
17576 leal -TOP_OF_KERNEL_STACK_PADDING-PTREGS_SIZE(%esi), %esp
17577
17578 - call do_exit
17579 + call do_group_exit
17580 1: jmp 1b
17581 -END(rewind_stack_do_exit)
17582 +ENDPROC(rewind_stack_do_exit)
17583 diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
17584 index 02fff3e..c6685ec 100644
17585 --- a/arch/x86/entry/entry_64.S
17586 +++ b/arch/x86/entry/entry_64.S
17587 @@ -36,6 +36,8 @@
17588 #include <asm/smap.h>
17589 #include <asm/pgtable_types.h>
17590 #include <linux/err.h>
17591 +#include <asm/pgtable.h>
17592 +#include <asm/alternative-asm.h>
17593
17594 /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
17595 #include <linux/elf-em.h>
17596 @@ -53,6 +55,395 @@ ENTRY(native_usergs_sysret64)
17597 ENDPROC(native_usergs_sysret64)
17598 #endif /* CONFIG_PARAVIRT */
17599
17600 + .macro ljmpq sel, off
17601 +#if defined(CONFIG_MPSC) || defined(CONFIG_MCORE2) || defined (CONFIG_MATOM)
17602 + .byte 0x48; ljmp *1234f(%rip)
17603 + .pushsection .rodata
17604 + .align 16
17605 + 1234: .quad \off; .word \sel
17606 + .popsection
17607 +#else
17608 + pushq $\sel
17609 + pushq $\off
17610 + lretq
17611 +#endif
17612 + .endm
17613 +
17614 + .macro pax_enter_kernel
17615 + pax_set_fptr_mask
17616 +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
17617 + call pax_enter_kernel
17618 +#endif
17619 + .endm
17620 +
17621 + .macro pax_exit_kernel
17622 +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
17623 + call pax_exit_kernel
17624 +#endif
17625 + .endm
17626 +
17627 +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
17628 +ENTRY(pax_enter_kernel)
17629 + pushq %rdi
17630 +
17631 +#ifdef CONFIG_PARAVIRT
17632 + PV_SAVE_REGS(CLBR_RDI)
17633 +#endif
17634 +
17635 +#ifdef CONFIG_PAX_KERNEXEC
17636 + GET_CR0_INTO_RDI
17637 + bts $X86_CR0_WP_BIT,%rdi
17638 + jnc 3f
17639 + mov %cs,%edi
17640 + cmp $__KERNEL_CS,%edi
17641 + jnz 2f
17642 +1:
17643 +#endif
17644 +
17645 +#ifdef CONFIG_PAX_MEMORY_UDEREF
17646 + ALTERNATIVE "jmp 111f", "", X86_FEATURE_PCID
17647 + GET_CR3_INTO_RDI
17648 + cmp $0,%dil
17649 + jnz 112f
17650 + mov $__KERNEL_DS,%edi
17651 + mov %edi,%ss
17652 + jmp 111f
17653 +112: cmp $1,%dil
17654 + jz 113f
17655 + ud2
17656 +113: sub $4097,%rdi
17657 + bts $63,%rdi
17658 + SET_RDI_INTO_CR3
17659 + mov $__UDEREF_KERNEL_DS,%edi
17660 + mov %edi,%ss
17661 +111:
17662 +#endif
17663 +
17664 +#ifdef CONFIG_PARAVIRT
17665 + PV_RESTORE_REGS(CLBR_RDI)
17666 +#endif
17667 +
17668 + popq %rdi
17669 + pax_force_retaddr
17670 + retq
17671 +
17672 +#ifdef CONFIG_PAX_KERNEXEC
17673 +2: ljmpq __KERNEL_CS,1b
17674 +3: ljmpq __KERNEXEC_KERNEL_CS,4f
17675 +4: SET_RDI_INTO_CR0
17676 + jmp 1b
17677 +#endif
17678 +ENDPROC(pax_enter_kernel)
17679 +
17680 +ENTRY(pax_exit_kernel)
17681 + pushq %rdi
17682 +
17683 +#ifdef CONFIG_PARAVIRT
17684 + PV_SAVE_REGS(CLBR_RDI)
17685 +#endif
17686 +
17687 +#ifdef CONFIG_PAX_KERNEXEC
17688 + mov %cs,%rdi
17689 + cmp $__KERNEXEC_KERNEL_CS,%edi
17690 + jz 2f
17691 + GET_CR0_INTO_RDI
17692 + bts $X86_CR0_WP_BIT,%rdi
17693 + jnc 4f
17694 +1:
17695 +#endif
17696 +
17697 +#ifdef CONFIG_PAX_MEMORY_UDEREF
17698 + ALTERNATIVE "jmp 111f", "", X86_FEATURE_PCID
17699 + mov %ss,%edi
17700 + cmp $__UDEREF_KERNEL_DS,%edi
17701 + jnz 111f
17702 + GET_CR3_INTO_RDI
17703 + cmp $0,%dil
17704 + jz 112f
17705 + ud2
17706 +112: add $4097,%rdi
17707 + bts $63,%rdi
17708 + SET_RDI_INTO_CR3
17709 + mov $__KERNEL_DS,%edi
17710 + mov %edi,%ss
17711 +111:
17712 +#endif
17713 +
17714 +#ifdef CONFIG_PARAVIRT
17715 + PV_RESTORE_REGS(CLBR_RDI);
17716 +#endif
17717 +
17718 + popq %rdi
17719 + pax_force_retaddr
17720 + retq
17721 +
17722 +#ifdef CONFIG_PAX_KERNEXEC
17723 +2: GET_CR0_INTO_RDI
17724 + btr $X86_CR0_WP_BIT,%rdi
17725 + jnc 4f
17726 + ljmpq __KERNEL_CS,3f
17727 +3: SET_RDI_INTO_CR0
17728 + jmp 1b
17729 +4: ud2
17730 + jmp 4b
17731 +#endif
17732 +ENDPROC(pax_exit_kernel)
17733 +#endif
17734 +
17735 + .macro pax_enter_kernel_user
17736 + pax_set_fptr_mask
17737 +#ifdef CONFIG_PAX_MEMORY_UDEREF
17738 + call pax_enter_kernel_user
17739 +#endif
17740 + .endm
17741 +
17742 + .macro pax_exit_kernel_user
17743 +#ifdef CONFIG_PAX_MEMORY_UDEREF
17744 + call pax_exit_kernel_user
17745 +#endif
17746 +#ifdef CONFIG_PAX_RANDKSTACK
17747 + pushq %rax
17748 + pushq %r11
17749 + call pax_randomize_kstack
17750 + popq %r11
17751 + popq %rax
17752 +#endif
17753 + .endm
17754 +
17755 +#ifdef CONFIG_PAX_MEMORY_UDEREF
17756 +ENTRY(pax_enter_kernel_user)
17757 + pushq %rdi
17758 + pushq %rbx
17759 +
17760 +#ifdef CONFIG_PARAVIRT
17761 + PV_SAVE_REGS(CLBR_RDI)
17762 +#endif
17763 +
17764 + ALTERNATIVE "jmp 111f", "", X86_FEATURE_PCID
17765 + GET_CR3_INTO_RDI
17766 + cmp $1,%dil
17767 + jnz 4f
17768 + sub $4097,%rdi
17769 + bts $63,%rdi
17770 + SET_RDI_INTO_CR3
17771 + jmp 3f
17772 +111:
17773 +
17774 + GET_CR3_INTO_RDI
17775 + mov %rdi,%rbx
17776 + add $__START_KERNEL_map,%rbx
17777 + sub phys_base(%rip),%rbx
17778 +
17779 +#ifdef CONFIG_PARAVIRT
17780 + pushq %rdi
17781 + i = 0
17782 + .rept USER_PGD_PTRS
17783 + mov i*8(%rbx),%rsi
17784 + mov $0,%sil
17785 + lea i*8(%rbx),%rdi
17786 + call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd_batched)
17787 + i = i + 1
17788 + .endr
17789 + popq %rdi
17790 +#else
17791 + i = 0
17792 + .rept USER_PGD_PTRS
17793 + movb $0,i*8(%rbx)
17794 + i = i + 1
17795 + .endr
17796 +#endif
17797 +
17798 + SET_RDI_INTO_CR3
17799 +
17800 +#ifdef CONFIG_PAX_KERNEXEC
17801 + GET_CR0_INTO_RDI
17802 + bts $X86_CR0_WP_BIT,%rdi
17803 + SET_RDI_INTO_CR0
17804 +#endif
17805 +
17806 +3:
17807 +
17808 +#ifdef CONFIG_PARAVIRT
17809 + PV_RESTORE_REGS(CLBR_RDI)
17810 +#endif
17811 +
17812 + popq %rbx
17813 + popq %rdi
17814 + pax_force_retaddr
17815 + retq
17816 +4: ud2
17817 +ENDPROC(pax_enter_kernel_user)
17818 +
17819 +ENTRY(pax_exit_kernel_user)
17820 + pushq %rdi
17821 + pushq %rbx
17822 +
17823 +#ifdef CONFIG_PARAVIRT
17824 + PV_SAVE_REGS(CLBR_RDI)
17825 +#endif
17826 +
17827 + GET_CR3_INTO_RDI
17828 + ALTERNATIVE "jmp 1f", "", X86_FEATURE_PCID
17829 + cmp $0,%dil
17830 + jnz 3f
17831 + add $4097,%rdi
17832 + bts $63,%rdi
17833 + SET_RDI_INTO_CR3
17834 + jmp 2f
17835 +1:
17836 +
17837 + mov %rdi,%rbx
17838 +
17839 +#ifdef CONFIG_PAX_KERNEXEC
17840 + GET_CR0_INTO_RDI
17841 + btr $X86_CR0_WP_BIT,%rdi
17842 + jnc 3f
17843 + SET_RDI_INTO_CR0
17844 +#endif
17845 +
17846 + add $__START_KERNEL_map,%rbx
17847 + sub phys_base(%rip),%rbx
17848 +
17849 +#ifdef CONFIG_PARAVIRT
17850 + i = 0
17851 + .rept USER_PGD_PTRS
17852 + mov i*8(%rbx),%rsi
17853 + mov $0x67,%sil
17854 + lea i*8(%rbx),%rdi
17855 + call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd_batched)
17856 + i = i + 1
17857 + .endr
17858 +#else
17859 + i = 0
17860 + .rept USER_PGD_PTRS
17861 + movb $0x67,i*8(%rbx)
17862 + i = i + 1
17863 + .endr
17864 +#endif
17865 +
17866 +2:
17867 +
17868 +#ifdef CONFIG_PARAVIRT
17869 + PV_RESTORE_REGS(CLBR_RDI)
17870 +#endif
17871 +
17872 + popq %rbx
17873 + popq %rdi
17874 + pax_force_retaddr
17875 + retq
17876 +3: ud2
17877 +ENDPROC(pax_exit_kernel_user)
17878 +#endif
17879 +
17880 + .macro pax_enter_kernel_nmi
17881 + pax_set_fptr_mask
17882 +
17883 +#ifdef CONFIG_PAX_KERNEXEC
17884 + GET_CR0_INTO_RDI
17885 + bts $X86_CR0_WP_BIT,%rdi
17886 + jc 110f
17887 + SET_RDI_INTO_CR0
17888 + or $2,%ebx
17889 +110:
17890 +#endif
17891 +
17892 +#ifdef CONFIG_PAX_MEMORY_UDEREF
17893 + ALTERNATIVE "jmp 111f", "", X86_FEATURE_PCID
17894 + GET_CR3_INTO_RDI
17895 + cmp $0,%dil
17896 + jz 111f
17897 + sub $4097,%rdi
17898 + or $4,%ebx
17899 + bts $63,%rdi
17900 + SET_RDI_INTO_CR3
17901 + mov $__UDEREF_KERNEL_DS,%edi
17902 + mov %edi,%ss
17903 +111:
17904 +#endif
17905 + .endm
17906 +
17907 + .macro pax_exit_kernel_nmi
17908 +#ifdef CONFIG_PAX_KERNEXEC
17909 + btr $1,%ebx
17910 + jnc 110f
17911 + GET_CR0_INTO_RDI
17912 + btr $X86_CR0_WP_BIT,%rdi
17913 + SET_RDI_INTO_CR0
17914 +110:
17915 +#endif
17916 +
17917 +#ifdef CONFIG_PAX_MEMORY_UDEREF
17918 + ALTERNATIVE "jmp 111f", "", X86_FEATURE_PCID
17919 + btr $2,%ebx
17920 + jnc 111f
17921 + GET_CR3_INTO_RDI
17922 + add $4097,%rdi
17923 + bts $63,%rdi
17924 + SET_RDI_INTO_CR3
17925 + mov $__KERNEL_DS,%edi
17926 + mov %edi,%ss
17927 +111:
17928 +#endif
17929 + .endm
17930 +
17931 + .macro pax_erase_kstack
17932 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK
17933 + call pax_erase_kstack
17934 +#endif
17935 + .endm
17936 +
17937 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK
17938 +ENTRY(pax_erase_kstack)
17939 + pushq %rdi
17940 + pushq %rcx
17941 + pushq %rax
17942 + pushq %r11
17943 +
17944 + GET_THREAD_INFO(%r11)
17945 + mov TI_lowest_stack(%r11), %rdi
17946 + mov $-0xBEEF, %rax
17947 + std
17948 +
17949 +1: mov %edi, %ecx
17950 + and $THREAD_SIZE_asm - 1, %ecx
17951 + shr $3, %ecx
17952 + repne scasq
17953 + jecxz 2f
17954 +
17955 + cmp $2*8, %ecx
17956 + jc 2f
17957 +
17958 + mov $2*8, %ecx
17959 + repe scasq
17960 + jecxz 2f
17961 + jne 1b
17962 +
17963 +2: cld
17964 + or $2*8, %rdi
17965 + mov %esp, %ecx
17966 + sub %edi, %ecx
17967 +
17968 + cmp $THREAD_SIZE_asm, %rcx
17969 + jb 3f
17970 + ud2
17971 +3:
17972 +
17973 + shr $3, %ecx
17974 + rep stosq
17975 +
17976 + mov TI_task_thread_sp0(%r11), %rdi
17977 + sub $256, %rdi
17978 + mov %rdi, TI_lowest_stack(%r11)
17979 +
17980 + popq %r11
17981 + popq %rax
17982 + popq %rcx
17983 + popq %rdi
17984 + pax_force_retaddr
17985 + ret
17986 +ENDPROC(pax_erase_kstack)
17987 +#endif
17988 +
17989 .macro TRACE_IRQS_IRETQ
17990 #ifdef CONFIG_TRACE_IRQFLAGS
17991 bt $9, EFLAGS(%rsp) /* interrupts off? */
17992 @@ -88,7 +479,7 @@ ENDPROC(native_usergs_sysret64)
17993 .endm
17994
17995 .macro TRACE_IRQS_IRETQ_DEBUG
17996 - bt $9, EFLAGS(%rsp) /* interrupts off? */
17997 + bt $X86_EFLAGS_IF_BIT, EFLAGS(%rsp) /* interrupts off? */
17998 jnc 1f
17999 TRACE_IRQS_ON_DEBUG
18000 1:
18001 @@ -175,11 +566,22 @@ GLOBAL(entry_SYSCALL_64_after_swapgs)
18002 pushq %r11 /* pt_regs->r11 */
18003 sub $(6*8), %rsp /* pt_regs->bp, bx, r12-15 not saved */
18004
18005 +#ifdef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR
18006 + movq %r12, R12(%rsp)
18007 +#endif
18008 +
18009 + pax_enter_kernel_user
18010 +
18011 +#ifdef CONFIG_PAX_RANDKSTACK
18012 + pax_erase_kstack
18013 +#endif
18014 +
18015 /*
18016 * If we need to do entry work or if we guess we'll need to do
18017 * exit work, go straight to the slow path.
18018 */
18019 - testl $_TIF_WORK_SYSCALL_ENTRY|_TIF_ALLWORK_MASK, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
18020 + GET_THREAD_INFO(%rcx)
18021 + testl $_TIF_WORK_SYSCALL_ENTRY|_TIF_ALLWORK_MASK, TI_flags(%rcx)
18022 jnz entry_SYSCALL64_slow_path
18023
18024 entry_SYSCALL_64_fastpath:
18025 @@ -217,9 +619,13 @@ entry_SYSCALL_64_fastpath:
18026 */
18027 DISABLE_INTERRUPTS(CLBR_NONE)
18028 TRACE_IRQS_OFF
18029 - testl $_TIF_ALLWORK_MASK, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
18030 + GET_THREAD_INFO(%rcx)
18031 + testl $_TIF_ALLWORK_MASK, TI_flags(%rcx)
18032 jnz 1f
18033
18034 + pax_exit_kernel_user
18035 + pax_erase_kstack
18036 +
18037 LOCKDEP_SYS_EXIT
18038 TRACE_IRQS_ON /* user mode is traced as IRQs on */
18039 movq RIP(%rsp), %rcx
18040 @@ -248,6 +654,9 @@ entry_SYSCALL64_slow_path:
18041 call do_syscall_64 /* returns with IRQs disabled */
18042
18043 return_from_SYSCALL_64:
18044 + pax_exit_kernel_user
18045 + pax_erase_kstack
18046 +
18047 RESTORE_EXTRA_REGS
18048 TRACE_IRQS_IRETQ /* we're about to change IF */
18049
18050 @@ -272,13 +681,12 @@ return_from_SYSCALL_64:
18051 .error "virtual address width changed -- SYSRET checks need update"
18052 .endif
18053
18054 - /* Change top 16 bits to be the sign-extension of 47th bit */
18055 - shl $(64 - (__VIRTUAL_MASK_SHIFT+1)), %rcx
18056 - sar $(64 - (__VIRTUAL_MASK_SHIFT+1)), %rcx
18057 -
18058 - /* If this changed %rcx, it was not canonical */
18059 - cmpq %rcx, %r11
18060 - jne opportunistic_sysret_failed
18061 + /*
18062 + * If the top 17 bits are not 0 then RIP isn't a userland address,
18063 + * it may not even be canonical, fall back to iret
18064 + */
18065 + shr $(__VIRTUAL_MASK_SHIFT), %r11
18066 + jnz opportunistic_sysret_failed
18067
18068 cmpq $__USER_CS, CS(%rsp) /* CS must match SYSRET */
18069 jne opportunistic_sysret_failed
18070 @@ -326,7 +734,7 @@ syscall_return_via_sysret:
18071 opportunistic_sysret_failed:
18072 SWAPGS
18073 jmp restore_c_regs_and_iret
18074 -END(entry_SYSCALL_64)
18075 +ENDPROC(entry_SYSCALL_64)
18076
18077 ENTRY(stub_ptregs_64)
18078 /*
18079 @@ -353,13 +761,13 @@ ENTRY(stub_ptregs_64)
18080 1:
18081 /* Called from C */
18082 jmp *%rax /* called from C */
18083 -END(stub_ptregs_64)
18084 +ENDPROC(stub_ptregs_64)
18085
18086 .macro ptregs_stub func
18087 ENTRY(ptregs_\func)
18088 leaq \func(%rip), %rax
18089 jmp stub_ptregs_64
18090 -END(ptregs_\func)
18091 +ENDPROC(ptregs_\func)
18092 .endm
18093
18094 /* Instantiate ptregs_stub for each ptregs-using syscall */
18095 @@ -401,10 +809,12 @@ ENTRY(ret_from_fork)
18096 1:
18097 movq %rsp, %rdi
18098 call syscall_return_slowpath /* returns with IRQs disabled */
18099 + pax_exit_kernel_user
18100 + pax_erase_kstack
18101 TRACE_IRQS_ON /* user mode is traced as IRQS on */
18102 SWAPGS
18103 jmp restore_regs_and_iret
18104 -END(ret_from_fork)
18105 +ENDPROC(ret_from_fork)
18106
18107 /*
18108 * Build the entry stubs with some assembler magic.
18109 @@ -419,7 +829,7 @@ ENTRY(irq_entries_start)
18110 jmp common_interrupt
18111 .align 8
18112 .endr
18113 -END(irq_entries_start)
18114 +ENDPROC(irq_entries_start)
18115
18116 /*
18117 * Interrupt entry/exit.
18118 @@ -445,6 +855,12 @@ END(irq_entries_start)
18119 */
18120 SWAPGS
18121
18122 +#ifdef CONFIG_PAX_MEMORY_UDEREF
18123 + pax_enter_kernel_user
18124 +#else
18125 + pax_enter_kernel
18126 +#endif
18127 +
18128 /*
18129 * We need to tell lockdep that IRQs are off. We can't do this until
18130 * we fix gsbase, and we should do it before enter_from_user_mode
18131 @@ -457,7 +873,9 @@ END(irq_entries_start)
18132
18133 CALL_enter_from_user_mode
18134
18135 -1:
18136 + jmp 2f
18137 +1: pax_enter_kernel
18138 +2:
18139 /*
18140 * Save previous stack pointer, optionally switch to interrupt stack.
18141 * irq_count is used to check if a CPU is already on an interrupt stack
18142 @@ -469,6 +887,7 @@ END(irq_entries_start)
18143 incl PER_CPU_VAR(irq_count)
18144 cmovzq PER_CPU_VAR(irq_stack_ptr), %rsp
18145 pushq %rdi
18146 +
18147 /* We entered an interrupt context - irqs are off: */
18148 TRACE_IRQS_OFF
18149
18150 @@ -500,6 +919,8 @@ ret_from_intr:
18151 GLOBAL(retint_user)
18152 mov %rsp,%rdi
18153 call prepare_exit_to_usermode
18154 + pax_exit_kernel_user
18155 +# pax_erase_kstack
18156 TRACE_IRQS_IRETQ
18157 SWAPGS
18158 jmp restore_regs_and_iret
18159 @@ -517,6 +938,21 @@ retint_kernel:
18160 jmp 0b
18161 1:
18162 #endif
18163 +
18164 + pax_exit_kernel
18165 +
18166 +#if defined(CONFIG_EFI) && defined(CONFIG_PAX_KERNEXEC_PLUGIN)
18167 + /* This is a quirk to allow IRQs/NMIs/MCEs during early EFI setup,
18168 + * namely calling EFI runtime services with a phys mapping. We're
18169 + * starting off with NOPs and patch in the real instrumentation
18170 + * (BTS/OR) before starting any userland process; even before starting
18171 + * up the APs.
18172 + */
18173 + ALTERNATIVE "", "pax_force_retaddr 16*8", X86_FEATURE_ALWAYS
18174 +#else
18175 + pax_force_retaddr RIP
18176 +#endif
18177 +
18178 /*
18179 * The iretq could re-enable interrupts:
18180 */
18181 @@ -560,15 +996,15 @@ native_irq_return_ldt:
18182 SWAPGS
18183 movq PER_CPU_VAR(espfix_waddr), %rdi
18184 movq %rax, (0*8)(%rdi) /* RAX */
18185 - movq (2*8)(%rsp), %rax /* RIP */
18186 + movq (2*8 + RIP-RIP)(%rsp), %rax /* RIP */
18187 movq %rax, (1*8)(%rdi)
18188 - movq (3*8)(%rsp), %rax /* CS */
18189 + movq (2*8 + CS-RIP)(%rsp), %rax /* CS */
18190 movq %rax, (2*8)(%rdi)
18191 - movq (4*8)(%rsp), %rax /* RFLAGS */
18192 + movq (2*8 + EFLAGS-RIP)(%rsp), %rax /* RFLAGS */
18193 movq %rax, (3*8)(%rdi)
18194 - movq (6*8)(%rsp), %rax /* SS */
18195 + movq (2*8 + SS-RIP)(%rsp), %rax /* SS */
18196 movq %rax, (5*8)(%rdi)
18197 - movq (5*8)(%rsp), %rax /* RSP */
18198 + movq (2*8 + RSP-RIP)(%rsp), %rax /* RSP */
18199 movq %rax, (4*8)(%rdi)
18200 andl $0xffff0000, %eax
18201 popq %rdi
18202 @@ -578,7 +1014,7 @@ native_irq_return_ldt:
18203 popq %rax
18204 jmp native_irq_return_iret
18205 #endif
18206 -END(common_interrupt)
18207 +ENDPROC(common_interrupt)
18208
18209 /*
18210 * APIC interrupts.
18211 @@ -590,7 +1026,7 @@ ENTRY(\sym)
18212 .Lcommon_\sym:
18213 interrupt \do_sym
18214 jmp ret_from_intr
18215 -END(\sym)
18216 +ENDPROC(\sym)
18217 .endm
18218
18219 #ifdef CONFIG_TRACING
18220 @@ -666,7 +1102,7 @@ apicinterrupt IRQ_WORK_VECTOR irq_work_interrupt smp_irq_work_interrupt
18221 /*
18222 * Exception entry points.
18223 */
18224 -#define CPU_TSS_IST(x) PER_CPU_VAR(cpu_tss) + (TSS_ist + ((x) - 1) * 8)
18225 +#define CPU_TSS_IST(x) (TSS_ist + ((x) - 1) * 8)(%r13)
18226
18227 .macro idtentry sym do_sym has_error_code:req paranoid=0 shift_ist=-1
18228 ENTRY(\sym)
18229 @@ -713,6 +1149,12 @@ ENTRY(\sym)
18230 .endif
18231
18232 .if \shift_ist != -1
18233 +#ifdef CONFIG_SMP
18234 + imul $TSS_size, PER_CPU_VAR(cpu_number), %r13d
18235 + leaq cpu_tss(%r13), %r13
18236 +#else
18237 + leaq cpu_tss(%rip), %r13
18238 +#endif
18239 subq $EXCEPTION_STKSZ, CPU_TSS_IST(\shift_ist)
18240 .endif
18241
18242 @@ -756,7 +1198,7 @@ ENTRY(\sym)
18243
18244 jmp error_exit /* %ebx: no swapgs flag */
18245 .endif
18246 -END(\sym)
18247 +ENDPROC(\sym)
18248 .endm
18249
18250 #ifdef CONFIG_TRACING
18251 @@ -784,6 +1226,9 @@ idtentry coprocessor_error do_coprocessor_error has_error_code=0
18252 idtentry alignment_check do_alignment_check has_error_code=1
18253 idtentry simd_coprocessor_error do_simd_coprocessor_error has_error_code=0
18254
18255 +#ifdef CONFIG_PAX_REFCOUNT
18256 +idtentry refcount_error do_refcount_error has_error_code=0
18257 +#endif
18258
18259 /*
18260 * Reload gs selector with exception handling
18261 @@ -798,8 +1243,9 @@ ENTRY(native_load_gs_index)
18262 2: ALTERNATIVE "", "mfence", X86_BUG_SWAPGS_FENCE
18263 SWAPGS
18264 popfq
18265 + pax_force_retaddr
18266 ret
18267 -END(native_load_gs_index)
18268 +ENDPROC(native_load_gs_index)
18269
18270 _ASM_EXTABLE(.Lgs_change, bad_gs)
18271 .section .fixup, "ax"
18272 @@ -827,8 +1273,9 @@ ENTRY(do_softirq_own_stack)
18273 call __do_softirq
18274 leaveq
18275 decl PER_CPU_VAR(irq_count)
18276 + pax_force_retaddr
18277 ret
18278 -END(do_softirq_own_stack)
18279 +ENDPROC(do_softirq_own_stack)
18280
18281 #ifdef CONFIG_XEN
18282 idtentry xen_hypervisor_callback xen_do_hypervisor_callback has_error_code=0
18283 @@ -864,7 +1311,7 @@ ENTRY(xen_do_hypervisor_callback) /* do_hypervisor_callback(struct *pt_regs) */
18284 call xen_maybe_preempt_hcall
18285 #endif
18286 jmp error_exit
18287 -END(xen_do_hypervisor_callback)
18288 +ENDPROC(xen_do_hypervisor_callback)
18289
18290 /*
18291 * Hypervisor uses this for application faults while it executes.
18292 @@ -909,7 +1356,7 @@ ENTRY(xen_failsafe_callback)
18293 SAVE_C_REGS
18294 SAVE_EXTRA_REGS
18295 jmp error_exit
18296 -END(xen_failsafe_callback)
18297 +ENDPROC(xen_failsafe_callback)
18298
18299 apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
18300 xen_hvm_callback_vector xen_evtchn_do_upcall
18301 @@ -921,7 +1368,7 @@ apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
18302 hyperv_callback_vector hyperv_vector_handler
18303 #endif /* CONFIG_HYPERV */
18304
18305 -idtentry debug do_debug has_error_code=0 paranoid=1 shift_ist=DEBUG_STACK
18306 +idtentry int1 do_debug has_error_code=0 paranoid=1 shift_ist=DEBUG_STACK
18307 idtentry int3 do_int3 has_error_code=0 paranoid=1 shift_ist=DEBUG_STACK
18308 idtentry stack_segment do_stack_segment has_error_code=1
18309
18310 @@ -958,8 +1405,34 @@ ENTRY(paranoid_entry)
18311 js 1f /* negative -> in kernel */
18312 SWAPGS
18313 xorl %ebx, %ebx
18314 -1: ret
18315 -END(paranoid_entry)
18316 +1:
18317 +#ifdef CONFIG_PAX_MEMORY_UDEREF
18318 + testb $3, CS+8(%rsp)
18319 + jz 1f
18320 + pax_enter_kernel_user
18321 + jmp 2f
18322 +#endif
18323 +1: pax_enter_kernel
18324 +2:
18325 + pax_force_retaddr
18326 + ret
18327 +ENDPROC(paranoid_entry)
18328 +
18329 +ENTRY(paranoid_entry_nmi)
18330 + cld
18331 + SAVE_C_REGS 8
18332 + SAVE_EXTRA_REGS 8
18333 + movl $1, %ebx
18334 + movl $MSR_GS_BASE, %ecx
18335 + rdmsr
18336 + testl %edx, %edx
18337 + js 1f /* negative -> in kernel */
18338 + SWAPGS
18339 + xorl %ebx, %ebx
18340 +1: pax_enter_kernel_nmi
18341 + pax_force_retaddr
18342 + ret
18343 +ENDPROC(paranoid_entry_nmi)
18344
18345 /*
18346 * "Paranoid" exit path from exception stack. This is invoked
18347 @@ -976,19 +1449,26 @@ END(paranoid_entry)
18348 ENTRY(paranoid_exit)
18349 DISABLE_INTERRUPTS(CLBR_NONE)
18350 TRACE_IRQS_OFF_DEBUG
18351 - testl %ebx, %ebx /* swapgs needed? */
18352 + testl $1, %ebx /* swapgs needed? */
18353 jnz paranoid_exit_no_swapgs
18354 +#ifdef CONFIG_PAX_MEMORY_UDEREF
18355 + pax_exit_kernel_user
18356 +#else
18357 + pax_exit_kernel
18358 +#endif
18359 TRACE_IRQS_IRETQ
18360 SWAPGS_UNSAFE_STACK
18361 jmp paranoid_exit_restore
18362 paranoid_exit_no_swapgs:
18363 + pax_exit_kernel
18364 TRACE_IRQS_IRETQ_DEBUG
18365 paranoid_exit_restore:
18366 RESTORE_EXTRA_REGS
18367 RESTORE_C_REGS
18368 REMOVE_PT_GPREGS_FROM_STACK 8
18369 + pax_force_retaddr_bts
18370 INTERRUPT_RETURN
18371 -END(paranoid_exit)
18372 +ENDPROC(paranoid_exit)
18373
18374 /*
18375 * Save all registers in pt_regs, and switch gs if needed.
18376 @@ -1008,6 +1488,12 @@ ENTRY(error_entry)
18377 */
18378 SWAPGS
18379
18380 +#ifdef CONFIG_PAX_MEMORY_UDEREF
18381 + pax_enter_kernel_user
18382 +#else
18383 + pax_enter_kernel
18384 +#endif
18385 +
18386 .Lerror_entry_from_usermode_after_swapgs:
18387 /*
18388 * We need to tell lockdep that IRQs are off. We can't do this until
18389 @@ -1016,10 +1502,12 @@ ENTRY(error_entry)
18390 */
18391 TRACE_IRQS_OFF
18392 CALL_enter_from_user_mode
18393 + pax_force_retaddr
18394 ret
18395
18396 .Lerror_entry_done:
18397 TRACE_IRQS_OFF
18398 + pax_force_retaddr
18399 ret
18400
18401 /*
18402 @@ -1037,7 +1525,7 @@ ENTRY(error_entry)
18403 cmpq %rax, RIP+8(%rsp)
18404 je .Lbstep_iret
18405 cmpq $.Lgs_change, RIP+8(%rsp)
18406 - jne .Lerror_entry_done
18407 + jne 1f
18408
18409 /*
18410 * hack: .Lgs_change can fail with user gsbase. If this happens, fix up
18411 @@ -1045,7 +1533,8 @@ ENTRY(error_entry)
18412 * .Lgs_change's error handler with kernel gsbase.
18413 */
18414 SWAPGS
18415 - jmp .Lerror_entry_done
18416 +1: pax_enter_kernel
18417 + jmp .Lerror_entry_done
18418
18419 .Lbstep_iret:
18420 /* Fix truncated RIP */
18421 @@ -1059,6 +1548,12 @@ ENTRY(error_entry)
18422 */
18423 SWAPGS
18424
18425 +#ifdef CONFIG_PAX_MEMORY_UDEREF
18426 + pax_enter_kernel_user
18427 +#else
18428 + pax_enter_kernel
18429 +#endif
18430 +
18431 /*
18432 * Pretend that the exception came from user mode: set up pt_regs
18433 * as if we faulted immediately after IRET and clear EBX so that
18434 @@ -1069,11 +1564,11 @@ ENTRY(error_entry)
18435 mov %rax, %rsp
18436 decl %ebx
18437 jmp .Lerror_entry_from_usermode_after_swapgs
18438 -END(error_entry)
18439 +ENDPROC(error_entry)
18440
18441
18442 /*
18443 - * On entry, EBS is a "return to kernel mode" flag:
18444 + * On entry, EBX is a "return to kernel mode" flag:
18445 * 1: already in kernel mode, don't need SWAPGS
18446 * 0: user gsbase is loaded, we need SWAPGS and standard preparation for return to usermode
18447 */
18448 @@ -1081,10 +1576,10 @@ ENTRY(error_exit)
18449 movl %ebx, %eax
18450 DISABLE_INTERRUPTS(CLBR_NONE)
18451 TRACE_IRQS_OFF
18452 - testl %eax, %eax
18453 + testl $1, %eax
18454 jnz retint_kernel
18455 jmp retint_user
18456 -END(error_exit)
18457 +ENDPROC(error_exit)
18458
18459 /* Runs on exception stack */
18460 ENTRY(nmi)
18461 @@ -1138,6 +1633,8 @@ ENTRY(nmi)
18462 * other IST entries.
18463 */
18464
18465 + ASM_CLAC
18466 +
18467 /* Use %rdx as our temp variable throughout */
18468 pushq %rdx
18469
18470 @@ -1181,6 +1678,12 @@ ENTRY(nmi)
18471 pushq %r14 /* pt_regs->r14 */
18472 pushq %r15 /* pt_regs->r15 */
18473
18474 +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
18475 + xorl %ebx, %ebx
18476 +#endif
18477 +
18478 + pax_enter_kernel_nmi
18479 +
18480 /*
18481 * At this point we no longer need to worry about stack damage
18482 * due to nesting -- we're on the normal thread stack and we're
18483 @@ -1191,12 +1694,19 @@ ENTRY(nmi)
18484 movq $-1, %rsi
18485 call do_nmi
18486
18487 + pax_exit_kernel_nmi
18488 +
18489 /*
18490 * Return back to user mode. We must *not* do the normal exit
18491 * work, because we don't want to enable interrupts. Fortunately,
18492 * do_nmi doesn't modify pt_regs.
18493 */
18494 SWAPGS
18495 +
18496 +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
18497 + movq RBX(%rsp), %rbx
18498 +#endif
18499 +
18500 jmp restore_c_regs_and_iret
18501
18502 .Lnmi_from_kernel:
18503 @@ -1318,6 +1828,7 @@ nested_nmi_out:
18504 popq %rdx
18505
18506 /* We are returning to kernel mode, so this cannot result in a fault. */
18507 +# pax_force_retaddr_bts
18508 INTERRUPT_RETURN
18509
18510 first_nmi:
18511 @@ -1346,7 +1857,7 @@ first_nmi:
18512 pushq %rsp /* RSP (minus 8 because of the previous push) */
18513 addq $8, (%rsp) /* Fix up RSP */
18514 pushfq /* RFLAGS */
18515 - pushq $__KERNEL_CS /* CS */
18516 + pushq 4*8(%rsp) /* CS */
18517 pushq $1f /* RIP */
18518 INTERRUPT_RETURN /* continues at repeat_nmi below */
18519 1:
18520 @@ -1391,20 +1902,22 @@ end_repeat_nmi:
18521 ALLOC_PT_GPREGS_ON_STACK
18522
18523 /*
18524 - * Use paranoid_entry to handle SWAPGS, but no need to use paranoid_exit
18525 + * Use paranoid_entry_nmi to handle SWAPGS, but no need to use paranoid_exit
18526 * as we should not be calling schedule in NMI context.
18527 * Even with normal interrupts enabled. An NMI should not be
18528 * setting NEED_RESCHED or anything that normal interrupts and
18529 * exceptions might do.
18530 */
18531 - call paranoid_entry
18532 + call paranoid_entry_nmi
18533
18534 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
18535 movq %rsp, %rdi
18536 movq $-1, %rsi
18537 call do_nmi
18538
18539 - testl %ebx, %ebx /* swapgs needed? */
18540 + pax_exit_kernel_nmi
18541 +
18542 + testl $1, %ebx /* swapgs needed? */
18543 jnz nmi_restore
18544 nmi_swapgs:
18545 SWAPGS_UNSAFE_STACK
18546 @@ -1415,6 +1928,8 @@ nmi_restore:
18547 /* Point RSP at the "iret" frame. */
18548 REMOVE_PT_GPREGS_FROM_STACK 6*8
18549
18550 + pax_force_retaddr_bts
18551 +
18552 /*
18553 * Clear "NMI executing". Set DF first so that we can easily
18554 * distinguish the remaining code between here and IRET from
18555 @@ -1432,12 +1947,12 @@ nmi_restore:
18556 * mode, so this cannot result in a fault.
18557 */
18558 INTERRUPT_RETURN
18559 -END(nmi)
18560 +ENDPROC(nmi)
18561
18562 ENTRY(ignore_sysret)
18563 mov $-ENOSYS, %eax
18564 sysret
18565 -END(ignore_sysret)
18566 +ENDPROC(ignore_sysret)
18567
18568 ENTRY(rewind_stack_do_exit)
18569 /* Prevent any naive code from trying to unwind to our caller. */
18570 @@ -1446,6 +1961,6 @@ ENTRY(rewind_stack_do_exit)
18571 movq PER_CPU_VAR(cpu_current_top_of_stack), %rax
18572 leaq -TOP_OF_KERNEL_STACK_PADDING-PTREGS_SIZE(%rax), %rsp
18573
18574 - call do_exit
18575 + call do_group_exit
18576 1: jmp 1b
18577 -END(rewind_stack_do_exit)
18578 +ENDPROC(rewind_stack_do_exit)
18579 diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
18580 index e1721da..83f2c49 100644
18581 --- a/arch/x86/entry/entry_64_compat.S
18582 +++ b/arch/x86/entry/entry_64_compat.S
18583 @@ -13,11 +13,39 @@
18584 #include <asm/irqflags.h>
18585 #include <asm/asm.h>
18586 #include <asm/smap.h>
18587 +#include <asm/pgtable.h>
18588 #include <linux/linkage.h>
18589 #include <linux/err.h>
18590 +#include <asm/alternative-asm.h>
18591
18592 .section .entry.text, "ax"
18593
18594 + .macro pax_enter_kernel_user
18595 + pax_set_fptr_mask
18596 +#ifdef CONFIG_PAX_MEMORY_UDEREF
18597 + call pax_enter_kernel_user
18598 +#endif
18599 + .endm
18600 +
18601 + .macro pax_exit_kernel_user
18602 +#ifdef CONFIG_PAX_MEMORY_UDEREF
18603 + call pax_exit_kernel_user
18604 +#endif
18605 +#ifdef CONFIG_PAX_RANDKSTACK
18606 + pushq %rax
18607 + pushq %r11
18608 + call pax_randomize_kstack
18609 + popq %r11
18610 + popq %rax
18611 +#endif
18612 + .endm
18613 +
18614 + .macro pax_erase_kstack
18615 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK
18616 + call pax_erase_kstack
18617 +#endif
18618 + .endm
18619 +
18620 /*
18621 * 32-bit SYSENTER entry.
18622 *
18623 @@ -74,23 +102,34 @@ ENTRY(entry_SYSENTER_compat)
18624 pushq $__USER32_CS /* pt_regs->cs */
18625 pushq $0 /* pt_regs->ip = 0 (placeholder) */
18626 pushq %rax /* pt_regs->orig_ax */
18627 + xorl %eax,%eax
18628 pushq %rdi /* pt_regs->di */
18629 pushq %rsi /* pt_regs->si */
18630 pushq %rdx /* pt_regs->dx */
18631 pushq %rcx /* pt_regs->cx */
18632 pushq $-ENOSYS /* pt_regs->ax */
18633 - pushq $0 /* pt_regs->r8 = 0 */
18634 - pushq $0 /* pt_regs->r9 = 0 */
18635 - pushq $0 /* pt_regs->r10 = 0 */
18636 - pushq $0 /* pt_regs->r11 = 0 */
18637 + pushq %rax /* pt_regs->r8 = 0 */
18638 + pushq %rax /* pt_regs->r9 = 0 */
18639 + pushq %rax /* pt_regs->r10 = 0 */
18640 + pushq %rax /* pt_regs->r11 = 0 */
18641 pushq %rbx /* pt_regs->rbx */
18642 pushq %rbp /* pt_regs->rbp (will be overwritten) */
18643 - pushq $0 /* pt_regs->r12 = 0 */
18644 - pushq $0 /* pt_regs->r13 = 0 */
18645 - pushq $0 /* pt_regs->r14 = 0 */
18646 - pushq $0 /* pt_regs->r15 = 0 */
18647 +#ifdef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR
18648 + pushq %r12 /* pt_regs->r12 */
18649 +#else
18650 + pushq %rax /* pt_regs->r12 = 0 */
18651 +#endif
18652 + pushq %rax /* pt_regs->r13 = 0 */
18653 + pushq %rax /* pt_regs->r14 = 0 */
18654 + pushq %rax /* pt_regs->r15 = 0 */
18655 cld
18656
18657 + pax_enter_kernel_user
18658 +
18659 +#ifdef CONFIG_PAX_RANDKSTACK
18660 + pax_erase_kstack
18661 +#endif
18662 +
18663 /*
18664 * SYSENTER doesn't filter flags, so we need to clear NT and AC
18665 * ourselves. To save a few cycles, we can check whether
18666 @@ -204,16 +243,27 @@ ENTRY(entry_SYSCALL_compat)
18667 pushq %rdx /* pt_regs->dx */
18668 pushq %rbp /* pt_regs->cx (stashed in bp) */
18669 pushq $-ENOSYS /* pt_regs->ax */
18670 - pushq $0 /* pt_regs->r8 = 0 */
18671 - pushq $0 /* pt_regs->r9 = 0 */
18672 - pushq $0 /* pt_regs->r10 = 0 */
18673 - pushq $0 /* pt_regs->r11 = 0 */
18674 + xorl %eax,%eax
18675 + pushq %rax /* pt_regs->r8 = 0 */
18676 + pushq %rax /* pt_regs->r9 = 0 */
18677 + pushq %rax /* pt_regs->r10 = 0 */
18678 + pushq %rax /* pt_regs->r11 = 0 */
18679 pushq %rbx /* pt_regs->rbx */
18680 pushq %rbp /* pt_regs->rbp (will be overwritten) */
18681 - pushq $0 /* pt_regs->r12 = 0 */
18682 - pushq $0 /* pt_regs->r13 = 0 */
18683 - pushq $0 /* pt_regs->r14 = 0 */
18684 - pushq $0 /* pt_regs->r15 = 0 */
18685 +#ifdef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR
18686 + pushq %r12 /* pt_regs->r12 */
18687 +#else
18688 + pushq %rax /* pt_regs->r12 = 0 */
18689 +#endif
18690 + pushq %rax /* pt_regs->r13 = 0 */
18691 + pushq %rax /* pt_regs->r14 = 0 */
18692 + pushq %rax /* pt_regs->r15 = 0 */
18693 +
18694 + pax_enter_kernel_user
18695 +
18696 +#ifdef CONFIG_PAX_RANDKSTACK
18697 + pax_erase_kstack
18698 +#endif
18699
18700 /*
18701 * User mode is traced as though IRQs are on, and SYSENTER
18702 @@ -229,11 +279,18 @@ ENTRY(entry_SYSCALL_compat)
18703
18704 /* Opportunistic SYSRET */
18705 sysret32_from_system_call:
18706 + pax_exit_kernel_user
18707 + pax_erase_kstack
18708 TRACE_IRQS_ON /* User mode traces as IRQs on. */
18709 movq RBX(%rsp), %rbx /* pt_regs->rbx */
18710 movq RBP(%rsp), %rbp /* pt_regs->rbp */
18711 movq EFLAGS(%rsp), %r11 /* pt_regs->flags (in r11) */
18712 movq RIP(%rsp), %rcx /* pt_regs->ip (in rcx) */
18713 +
18714 +#ifdef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR
18715 + movq R12(%rsp), %r12
18716 +#endif
18717 +
18718 addq $RAX, %rsp /* Skip r8-r15 */
18719 popq %rax /* pt_regs->rax */
18720 popq %rdx /* Skip pt_regs->cx */
18721 @@ -262,7 +319,7 @@ sysret32_from_system_call:
18722 movq RSP-ORIG_RAX(%rsp), %rsp
18723 swapgs
18724 sysretl
18725 -END(entry_SYSCALL_compat)
18726 +ENDPROC(entry_SYSCALL_compat)
18727
18728 /*
18729 * 32-bit legacy system call entry.
18730 @@ -314,10 +371,11 @@ ENTRY(entry_INT80_compat)
18731 pushq %rdx /* pt_regs->dx */
18732 pushq %rcx /* pt_regs->cx */
18733 pushq $-ENOSYS /* pt_regs->ax */
18734 - pushq $0 /* pt_regs->r8 = 0 */
18735 - pushq $0 /* pt_regs->r9 = 0 */
18736 - pushq $0 /* pt_regs->r10 = 0 */
18737 - pushq $0 /* pt_regs->r11 = 0 */
18738 + xorl %eax,%eax
18739 + pushq %rax /* pt_regs->r8 = 0 */
18740 + pushq %rax /* pt_regs->r9 = 0 */
18741 + pushq %rax /* pt_regs->r10 = 0 */
18742 + pushq %rax /* pt_regs->r11 = 0 */
18743 pushq %rbx /* pt_regs->rbx */
18744 pushq %rbp /* pt_regs->rbp */
18745 pushq %r12 /* pt_regs->r12 */
18746 @@ -326,6 +384,12 @@ ENTRY(entry_INT80_compat)
18747 pushq %r15 /* pt_regs->r15 */
18748 cld
18749
18750 + pax_enter_kernel_user
18751 +
18752 +#ifdef CONFIG_PAX_RANDKSTACK
18753 + pax_erase_kstack
18754 +#endif
18755 +
18756 /*
18757 * User mode is traced as though IRQs are on, and the interrupt
18758 * gate turned them off.
18759 @@ -337,10 +401,12 @@ ENTRY(entry_INT80_compat)
18760 .Lsyscall_32_done:
18761
18762 /* Go back to user mode. */
18763 + pax_exit_kernel_user
18764 + pax_erase_kstack
18765 TRACE_IRQS_ON
18766 SWAPGS
18767 jmp restore_regs_and_iret
18768 -END(entry_INT80_compat)
18769 +ENDPROC(entry_INT80_compat)
18770
18771 ALIGN
18772 GLOBAL(stub32_clone)
18773 diff --git a/arch/x86/entry/thunk_64.S b/arch/x86/entry/thunk_64.S
18774 index 627ecbc..6490d11 100644
18775 --- a/arch/x86/entry/thunk_64.S
18776 +++ b/arch/x86/entry/thunk_64.S
18777 @@ -8,6 +8,7 @@
18778 #include <linux/linkage.h>
18779 #include "calling.h"
18780 #include <asm/asm.h>
18781 +#include <asm/alternative-asm.h>
18782
18783 /* rdi: arg1 ... normal C conventions. rax is saved/restored. */
18784 .macro THUNK name, func, put_ret_addr_in_rdi=0
18785 @@ -65,6 +66,7 @@
18786 popq %rsi
18787 popq %rdi
18788 popq %rbp
18789 + pax_force_retaddr
18790 ret
18791 _ASM_NOKPROBE(.L_restore)
18792 #endif
18793 diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile
18794 index d540966..443f0d7 100644
18795 --- a/arch/x86/entry/vdso/Makefile
18796 +++ b/arch/x86/entry/vdso/Makefile
18797 @@ -170,7 +170,7 @@ quiet_cmd_vdso = VDSO $@
18798 -Wl,-T,$(filter %.lds,$^) $(filter %.o,$^) && \
18799 sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
18800
18801 -VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=both) \
18802 +VDSO_LDFLAGS = -fPIC -shared -Wl,--no-undefined $(call cc-ldoption, -Wl$(comma)--hash-style=both) \
18803 $(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic $(LTO_CFLAGS)
18804 GCOV_PROFILE := n
18805
18806 diff --git a/arch/x86/entry/vdso/vclock_gettime.c b/arch/x86/entry/vdso/vclock_gettime.c
18807 index 94d54d0..390dce1 100644
18808 --- a/arch/x86/entry/vdso/vclock_gettime.c
18809 +++ b/arch/x86/entry/vdso/vclock_gettime.c
18810 @@ -300,5 +300,5 @@ notrace time_t __vdso_time(time_t *t)
18811 *t = result;
18812 return result;
18813 }
18814 -int time(time_t *t)
18815 +time_t time(time_t *t)
18816 __attribute__((weak, alias("__vdso_time")));
18817 diff --git a/arch/x86/entry/vdso/vdso2c.h b/arch/x86/entry/vdso/vdso2c.h
18818 index 3dab75f..2c439d0 100644
18819 --- a/arch/x86/entry/vdso/vdso2c.h
18820 +++ b/arch/x86/entry/vdso/vdso2c.h
18821 @@ -12,7 +12,7 @@ static void BITSFUNC(go)(void *raw_addr, size_t raw_len,
18822 unsigned long load_size = -1; /* Work around bogus warning */
18823 unsigned long mapping_size;
18824 ELF(Ehdr) *hdr = (ELF(Ehdr) *)raw_addr;
18825 - int i;
18826 + unsigned int i;
18827 unsigned long j;
18828 ELF(Shdr) *symtab_hdr = NULL, *strtab_hdr, *secstrings_hdr,
18829 *alt_sec = NULL;
18830 @@ -89,7 +89,7 @@ static void BITSFUNC(go)(void *raw_addr, size_t raw_len,
18831 for (i = 0;
18832 i < GET_LE(&symtab_hdr->sh_size) / GET_LE(&symtab_hdr->sh_entsize);
18833 i++) {
18834 - int k;
18835 + unsigned int k;
18836 ELF(Sym) *sym = raw_addr + GET_LE(&symtab_hdr->sh_offset) +
18837 GET_LE(&symtab_hdr->sh_entsize) * i;
18838 const char *name = raw_addr + GET_LE(&strtab_hdr->sh_offset) +
18839 diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c
18840 index f840766..222abb1 100644
18841 --- a/arch/x86/entry/vdso/vma.c
18842 +++ b/arch/x86/entry/vdso/vma.c
18843 @@ -21,10 +21,7 @@
18844 #include <asm/page.h>
18845 #include <asm/desc.h>
18846 #include <asm/cpufeature.h>
18847 -
18848 -#if defined(CONFIG_X86_64)
18849 -unsigned int __read_mostly vdso64_enabled = 1;
18850 -#endif
18851 +#include <asm/mman.h>
18852
18853 void __init init_vdso_image(const struct vdso_image *image)
18854 {
18855 @@ -90,7 +87,7 @@ static int vdso_fault(const struct vm_special_mapping *sm,
18856 {
18857 const struct vdso_image *image = vma->vm_mm->context.vdso_image;
18858
18859 - if (!image || (vmf->pgoff << PAGE_SHIFT) >= image->size)
18860 + if (!image || vmf->pgoff >= (image->size >> PAGE_SHIFT))
18861 return VM_FAULT_SIGBUS;
18862
18863 vmf->page = virt_to_page(image->data + (vmf->pgoff << PAGE_SHIFT));
18864 @@ -128,7 +125,7 @@ static int vdso_mremap(const struct vm_special_mapping *sm,
18865 return -EFAULT;
18866
18867 vdso_fix_landing(image, new_vma);
18868 - current->mm->context.vdso = (void __user *)new_vma->vm_start;
18869 + current->mm->context.vdso = new_vma->vm_start;
18870
18871 return 0;
18872 }
18873 @@ -193,6 +190,11 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
18874 .fault = vvar_fault,
18875 };
18876
18877 +#ifdef CONFIG_PAX_RANDMMAP
18878 + if (mm->pax_flags & MF_PAX_RANDMMAP)
18879 + calculate_addr = false;
18880 +#endif
18881 +
18882 if (calculate_addr) {
18883 addr = vdso_addr(current->mm->start_stack,
18884 image->size - image->sym_vvar_start);
18885 @@ -204,15 +206,15 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
18886 return -EINTR;
18887
18888 addr = get_unmapped_area(NULL, addr,
18889 - image->size - image->sym_vvar_start, 0, 0);
18890 + image->size - image->sym_vvar_start, 0, MAP_EXECUTABLE);
18891 if (IS_ERR_VALUE(addr)) {
18892 ret = addr;
18893 goto up_fail;
18894 }
18895
18896 text_start = addr - image->sym_vvar_start;
18897 - current->mm->context.vdso = (void __user *)text_start;
18898 - current->mm->context.vdso_image = image;
18899 + mm->context.vdso = text_start;
18900 + mm->context.vdso_image = image;
18901
18902 /*
18903 * MAYWRITE to allow gdb to COW and set breakpoints
18904 @@ -236,14 +238,12 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
18905 VM_PFNMAP,
18906 &vvar_mapping);
18907
18908 - if (IS_ERR(vma)) {
18909 + if (IS_ERR(vma))
18910 ret = PTR_ERR(vma);
18911 - goto up_fail;
18912 - }
18913
18914 up_fail:
18915 if (ret)
18916 - current->mm->context.vdso = NULL;
18917 + mm->context.vdso = 0;
18918
18919 up_write(&mm->mmap_sem);
18920 return ret;
18921 @@ -262,9 +262,6 @@ static int load_vdso32(void)
18922 #ifdef CONFIG_X86_64
18923 int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
18924 {
18925 - if (!vdso64_enabled)
18926 - return 0;
18927 -
18928 return map_vdso(&vdso_image_64, true);
18929 }
18930
18931 @@ -273,12 +270,8 @@ int compat_arch_setup_additional_pages(struct linux_binprm *bprm,
18932 int uses_interp)
18933 {
18934 #ifdef CONFIG_X86_X32_ABI
18935 - if (test_thread_flag(TIF_X32)) {
18936 - if (!vdso64_enabled)
18937 - return 0;
18938 -
18939 + if (test_thread_flag(TIF_X32))
18940 return map_vdso(&vdso_image_x32, true);
18941 - }
18942 #endif
18943 #ifdef CONFIG_IA32_EMULATION
18944 return load_vdso32();
18945 @@ -295,15 +288,6 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
18946 #endif
18947
18948 #ifdef CONFIG_X86_64
18949 -static __init int vdso_setup(char *s)
18950 -{
18951 - vdso64_enabled = simple_strtoul(s, NULL, 0);
18952 - return 0;
18953 -}
18954 -__setup("vdso=", vdso_setup);
18955 -#endif
18956 -
18957 -#ifdef CONFIG_X86_64
18958 static void vgetcpu_cpu_init(void *arg)
18959 {
18960 int cpu = smp_processor_id();
18961 diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscall/vsyscall_64.c
18962 index 636c4b3..666991b 100644
18963 --- a/arch/x86/entry/vsyscall/vsyscall_64.c
18964 +++ b/arch/x86/entry/vsyscall/vsyscall_64.c
18965 @@ -38,10 +38,8 @@
18966 #define CREATE_TRACE_POINTS
18967 #include "vsyscall_trace.h"
18968
18969 -static enum { EMULATE, NATIVE, NONE } vsyscall_mode =
18970 -#if defined(CONFIG_LEGACY_VSYSCALL_NATIVE)
18971 - NATIVE;
18972 -#elif defined(CONFIG_LEGACY_VSYSCALL_NONE)
18973 +static enum { EMULATE, NONE } vsyscall_mode =
18974 +#if defined(CONFIG_LEGACY_VSYSCALL_NONE)
18975 NONE;
18976 #else
18977 EMULATE;
18978 @@ -52,8 +50,6 @@ static int __init vsyscall_setup(char *str)
18979 if (str) {
18980 if (!strcmp("emulate", str))
18981 vsyscall_mode = EMULATE;
18982 - else if (!strcmp("native", str))
18983 - vsyscall_mode = NATIVE;
18984 else if (!strcmp("none", str))
18985 vsyscall_mode = NONE;
18986 else
18987 @@ -271,8 +267,7 @@ do_ret:
18988 return true;
18989
18990 sigsegv:
18991 - force_sig(SIGSEGV, current);
18992 - return true;
18993 + do_group_exit(SIGKILL);
18994 }
18995
18996 /*
18997 @@ -290,8 +285,8 @@ static const struct vm_operations_struct gate_vma_ops = {
18998 static struct vm_area_struct gate_vma = {
18999 .vm_start = VSYSCALL_ADDR,
19000 .vm_end = VSYSCALL_ADDR + PAGE_SIZE,
19001 - .vm_page_prot = PAGE_READONLY_EXEC,
19002 - .vm_flags = VM_READ | VM_EXEC,
19003 + .vm_page_prot = PAGE_READONLY,
19004 + .vm_flags = VM_READ,
19005 .vm_ops = &gate_vma_ops,
19006 };
19007
19008 @@ -332,10 +327,7 @@ void __init map_vsyscall(void)
19009 unsigned long physaddr_vsyscall = __pa_symbol(&__vsyscall_page);
19010
19011 if (vsyscall_mode != NONE)
19012 - __set_fixmap(VSYSCALL_PAGE, physaddr_vsyscall,
19013 - vsyscall_mode == NATIVE
19014 - ? PAGE_KERNEL_VSYSCALL
19015 - : PAGE_KERNEL_VVAR);
19016 + __set_fixmap(VSYSCALL_PAGE, physaddr_vsyscall, PAGE_KERNEL_VVAR);
19017
19018 BUILD_BUG_ON((unsigned long)__fix_to_virt(VSYSCALL_PAGE) !=
19019 (unsigned long)VSYSCALL_ADDR);
19020 diff --git a/arch/x86/entry/vsyscall/vsyscall_emu_64.S b/arch/x86/entry/vsyscall/vsyscall_emu_64.S
19021 index c9596a9..e1f6d5d 100644
19022 --- a/arch/x86/entry/vsyscall/vsyscall_emu_64.S
19023 +++ b/arch/x86/entry/vsyscall/vsyscall_emu_64.S
19024 @@ -7,12 +7,13 @@
19025 */
19026
19027 #include <linux/linkage.h>
19028 +#include <linux/init.h>
19029
19030 #include <asm/irq_vectors.h>
19031 #include <asm/page_types.h>
19032 #include <asm/unistd_64.h>
19033
19034 -__PAGE_ALIGNED_DATA
19035 + __READ_ONLY
19036 .globl __vsyscall_page
19037 .balign PAGE_SIZE, 0xcc
19038 .type __vsyscall_page, @object
19039 diff --git a/arch/x86/events/amd/iommu.c b/arch/x86/events/amd/iommu.c
19040 index b28200d..e93e14d 100644
19041 --- a/arch/x86/events/amd/iommu.c
19042 +++ b/arch/x86/events/amd/iommu.c
19043 @@ -80,12 +80,12 @@ static struct attribute_group amd_iommu_format_group = {
19044 * sysfs events attributes
19045 *---------------------------------------------*/
19046 struct amd_iommu_event_desc {
19047 - struct kobj_attribute attr;
19048 + struct device_attribute attr;
19049 const char *event;
19050 };
19051
19052 -static ssize_t _iommu_event_show(struct kobject *kobj,
19053 - struct kobj_attribute *attr, char *buf)
19054 +static ssize_t _iommu_event_show(struct device *dev,
19055 + struct device_attribute *attr, char *buf)
19056 {
19057 struct amd_iommu_event_desc *event =
19058 container_of(attr, struct amd_iommu_event_desc, attr);
19059 @@ -407,7 +407,7 @@ static void perf_iommu_del(struct perf_event *event, int flags)
19060 static __init int _init_events_attrs(struct perf_amd_iommu *perf_iommu)
19061 {
19062 struct attribute **attrs;
19063 - struct attribute_group *attr_group;
19064 + attribute_group_no_const *attr_group;
19065 int i = 0, j;
19066
19067 while (amd_iommu_v2_event_descs[i].attr.attr.name)
19068 diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c
19069 index d0efb5c..10f0a95 100644
19070 --- a/arch/x86/events/core.c
19071 +++ b/arch/x86/events/core.c
19072 @@ -1545,7 +1545,7 @@ static void __init pmu_check_apic(void)
19073
19074 }
19075
19076 -static struct attribute_group x86_pmu_format_group = {
19077 +static attribute_group_no_const x86_pmu_format_group = {
19078 .name = "format",
19079 .attrs = NULL,
19080 };
19081 @@ -1676,7 +1676,7 @@ static struct attribute *events_attr[] = {
19082 NULL,
19083 };
19084
19085 -static struct attribute_group x86_pmu_events_group = {
19086 +static attribute_group_no_const x86_pmu_events_group = {
19087 .name = "events",
19088 .attrs = events_attr,
19089 };
19090 @@ -2313,7 +2313,7 @@ static unsigned long get_segment_base(unsigned int segment)
19091 if (idx > GDT_ENTRIES)
19092 return 0;
19093
19094 - desc = raw_cpu_ptr(gdt_page.gdt) + idx;
19095 + desc = get_cpu_gdt_table(smp_processor_id()) + idx;
19096 }
19097
19098 return get_desc_base(desc);
19099 @@ -2419,7 +2419,7 @@ perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs
19100 break;
19101
19102 perf_callchain_store(entry, frame.return_address);
19103 - fp = (void __user *)frame.next_frame;
19104 + fp = (void __force_user *)frame.next_frame;
19105 }
19106 pagefault_enable();
19107 }
19108 diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
19109 index 4c9a79b..7c0d6ca 100644
19110 --- a/arch/x86/events/intel/core.c
19111 +++ b/arch/x86/events/intel/core.c
19112 @@ -2408,6 +2408,8 @@ __intel_get_event_constraints(struct cpu_hw_events *cpuc, int idx,
19113 }
19114
19115 static void
19116 +intel_start_scheduling(struct cpu_hw_events *cpuc) __acquires(&cpuc->excl_cntrs->lock);
19117 +static void
19118 intel_start_scheduling(struct cpu_hw_events *cpuc)
19119 {
19120 struct intel_excl_cntrs *excl_cntrs = cpuc->excl_cntrs;
19121 @@ -2417,14 +2419,18 @@ intel_start_scheduling(struct cpu_hw_events *cpuc)
19122 /*
19123 * nothing needed if in group validation mode
19124 */
19125 - if (cpuc->is_fake || !is_ht_workaround_enabled())
19126 + if (cpuc->is_fake || !is_ht_workaround_enabled()) {
19127 + __acquire(&excl_cntrs->lock);
19128 return;
19129 + }
19130
19131 /*
19132 * no exclusion needed
19133 */
19134 - if (WARN_ON_ONCE(!excl_cntrs))
19135 + if (WARN_ON_ONCE(!excl_cntrs)) {
19136 + __acquire(&excl_cntrs->lock);
19137 return;
19138 + }
19139
19140 xl = &excl_cntrs->states[tid];
19141
19142 @@ -2464,6 +2470,8 @@ static void intel_commit_scheduling(struct cpu_hw_events *cpuc, int idx, int cnt
19143 }
19144
19145 static void
19146 +intel_stop_scheduling(struct cpu_hw_events *cpuc) __releases(&cpuc->excl_cntrs->lock);
19147 +static void
19148 intel_stop_scheduling(struct cpu_hw_events *cpuc)
19149 {
19150 struct intel_excl_cntrs *excl_cntrs = cpuc->excl_cntrs;
19151 @@ -2473,13 +2481,18 @@ intel_stop_scheduling(struct cpu_hw_events *cpuc)
19152 /*
19153 * nothing needed if in group validation mode
19154 */
19155 - if (cpuc->is_fake || !is_ht_workaround_enabled())
19156 + if (cpuc->is_fake || !is_ht_workaround_enabled()) {
19157 + __release(&excl_cntrs->lock);
19158 return;
19159 + }
19160 +
19161 /*
19162 * no exclusion needed
19163 */
19164 - if (WARN_ON_ONCE(!excl_cntrs))
19165 + if (WARN_ON_ONCE(!excl_cntrs)) {
19166 + __release(&excl_cntrs->lock);
19167 return;
19168 + }
19169
19170 xl = &excl_cntrs->states[tid];
19171
19172 @@ -2662,19 +2675,22 @@ static void intel_put_excl_constraints(struct cpu_hw_events *cpuc,
19173 * unused now.
19174 */
19175 if (hwc->idx >= 0) {
19176 + bool sched_started;
19177 +
19178 xl = &excl_cntrs->states[tid];
19179 + sched_started = xl->sched_started;
19180
19181 /*
19182 * put_constraint may be called from x86_schedule_events()
19183 * which already has the lock held so here make locking
19184 * conditional.
19185 */
19186 - if (!xl->sched_started)
19187 + if (!sched_started)
19188 raw_spin_lock(&excl_cntrs->lock);
19189
19190 xl->state[hwc->idx] = INTEL_EXCL_UNUSED;
19191
19192 - if (!xl->sched_started)
19193 + if (!sched_started)
19194 raw_spin_unlock(&excl_cntrs->lock);
19195 }
19196 }
19197 @@ -3608,10 +3624,10 @@ __init int intel_pmu_init(void)
19198 x86_pmu.num_counters_fixed = max((int)edx.split.num_counters_fixed, 3);
19199
19200 if (boot_cpu_has(X86_FEATURE_PDCM)) {
19201 - u64 capabilities;
19202 + u64 capabilities = x86_pmu.intel_cap.capabilities;
19203
19204 - rdmsrl(MSR_IA32_PERF_CAPABILITIES, capabilities);
19205 - x86_pmu.intel_cap.capabilities = capabilities;
19206 + if (rdmsrl_safe(MSR_IA32_PERF_CAPABILITIES, &x86_pmu.intel_cap.capabilities))
19207 + x86_pmu.intel_cap.capabilities = capabilities;
19208 }
19209
19210 intel_ds_init();
19211 diff --git a/arch/x86/events/intel/cqm.c b/arch/x86/events/intel/cqm.c
19212 index 8f82b02..b10c4b0 100644
19213 --- a/arch/x86/events/intel/cqm.c
19214 +++ b/arch/x86/events/intel/cqm.c
19215 @@ -1488,7 +1488,7 @@ static struct attribute *intel_cmt_mbm_events_attr[] = {
19216 NULL,
19217 };
19218
19219 -static struct attribute_group intel_cqm_events_group = {
19220 +static attribute_group_no_const intel_cqm_events_group __read_only = {
19221 .name = "events",
19222 .attrs = NULL,
19223 };
19224 @@ -1732,7 +1732,9 @@ static int __init intel_cqm_init(void)
19225 goto out;
19226 }
19227
19228 - event_attr_intel_cqm_llc_scale.event_str = str;
19229 + pax_open_kernel();
19230 + const_cast(event_attr_intel_cqm_llc_scale.event_str) = str;
19231 + pax_close_kernel();
19232
19233 ret = intel_cqm_setup_rmid_cache();
19234 if (ret)
19235 @@ -1743,12 +1745,14 @@ static int __init intel_cqm_init(void)
19236 if (ret && !cqm_enabled)
19237 goto out;
19238
19239 + pax_open_kernel();
19240 if (cqm_enabled && mbm_enabled)
19241 - intel_cqm_events_group.attrs = intel_cmt_mbm_events_attr;
19242 + const_cast(intel_cqm_events_group.attrs) = intel_cmt_mbm_events_attr;
19243 else if (!cqm_enabled && mbm_enabled)
19244 - intel_cqm_events_group.attrs = intel_mbm_events_attr;
19245 + const_cast(intel_cqm_events_group.attrs) = intel_mbm_events_attr;
19246 else if (cqm_enabled && !mbm_enabled)
19247 - intel_cqm_events_group.attrs = intel_cqm_events_attr;
19248 + const_cast(intel_cqm_events_group.attrs) = intel_cqm_events_attr;
19249 + pax_close_kernel();
19250
19251 ret = perf_pmu_register(&intel_cqm_pmu, "intel_cqm", -1);
19252 if (ret) {
19253 diff --git a/arch/x86/events/intel/cstate.c b/arch/x86/events/intel/cstate.c
19254 index 3ca87b5..207a386 100644
19255 --- a/arch/x86/events/intel/cstate.c
19256 +++ b/arch/x86/events/intel/cstate.c
19257 @@ -95,14 +95,14 @@
19258 MODULE_LICENSE("GPL");
19259
19260 #define DEFINE_CSTATE_FORMAT_ATTR(_var, _name, _format) \
19261 -static ssize_t __cstate_##_var##_show(struct kobject *kobj, \
19262 - struct kobj_attribute *attr, \
19263 +static ssize_t __cstate_##_var##_show(struct device *dev, \
19264 + struct device_attribute *attr, \
19265 char *page) \
19266 { \
19267 BUILD_BUG_ON(sizeof(_format) >= PAGE_SIZE); \
19268 return sprintf(page, _format "\n"); \
19269 } \
19270 -static struct kobj_attribute format_attr_##_var = \
19271 +static struct device_attribute format_attr_##_var = \
19272 __ATTR(_name, 0444, __cstate_##_var##_show, NULL)
19273
19274 static ssize_t cstate_get_attr_cpumask(struct device *dev,
19275 diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c
19276 index 9b983a4..b31c136 100644
19277 --- a/arch/x86/events/intel/ds.c
19278 +++ b/arch/x86/events/intel/ds.c
19279 @@ -601,7 +601,7 @@ unlock:
19280
19281 static inline void intel_pmu_drain_pebs_buffer(void)
19282 {
19283 - struct pt_regs regs;
19284 + struct pt_regs regs = {};
19285
19286 x86_pmu.drain_pebs(&regs);
19287 }
19288 @@ -909,7 +909,7 @@ static int intel_pmu_pebs_fixup_ip(struct pt_regs *regs)
19289 struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events);
19290 unsigned long from = cpuc->lbr_entries[0].from;
19291 unsigned long old_to, to = cpuc->lbr_entries[0].to;
19292 - unsigned long ip = regs->ip;
19293 + unsigned long ip = ktva_ktla(regs->ip);
19294 int is_64bit = 0;
19295 void *kaddr;
19296 int size;
19297 @@ -961,6 +961,7 @@ static int intel_pmu_pebs_fixup_ip(struct pt_regs *regs)
19298 } else {
19299 kaddr = (void *)to;
19300 }
19301 + kaddr = (void *)ktva_ktla((unsigned long)kaddr);
19302
19303 do {
19304 struct insn insn;
19305 @@ -1109,7 +1110,7 @@ static void setup_pebs_sample_data(struct perf_event *event,
19306 }
19307
19308 if (event->attr.precise_ip > 1 && x86_pmu.intel_cap.pebs_format >= 2) {
19309 - regs->ip = pebs->real_ip;
19310 + set_linear_ip(regs, pebs->real_ip);
19311 regs->flags |= PERF_EFLAGS_EXACT;
19312 } else if (event->attr.precise_ip > 1 && intel_pmu_pebs_fixup_ip(regs))
19313 regs->flags |= PERF_EFLAGS_EXACT;
19314 diff --git a/arch/x86/events/intel/lbr.c b/arch/x86/events/intel/lbr.c
19315 index 707d358..9eb1c4f 100644
19316 --- a/arch/x86/events/intel/lbr.c
19317 +++ b/arch/x86/events/intel/lbr.c
19318 @@ -811,7 +811,7 @@ static int branch_type(unsigned long from, unsigned long to, int abort)
19319 * Ensure we don't blindy read any address by validating it is
19320 * a known text address.
19321 */
19322 - if (kernel_text_address(from)) {
19323 + if (kernel_text_address(ktva_ktla(from))) {
19324 addr = (void *)from;
19325 /*
19326 * Assume we can get the maximum possible size
19327 @@ -833,7 +833,7 @@ static int branch_type(unsigned long from, unsigned long to, int abort)
19328 #ifdef CONFIG_X86_64
19329 is64 = kernel_ip((unsigned long)addr) || !test_thread_flag(TIF_IA32);
19330 #endif
19331 - insn_init(&insn, addr, bytes_read, is64);
19332 + insn_init(&insn, (void *)ktva_ktla((unsigned long)addr), bytes_read, is64);
19333 insn_get_opcode(&insn);
19334 if (!insn.opcode.got)
19335 return X86_BR_ABORT;
19336 diff --git a/arch/x86/events/intel/pt.c b/arch/x86/events/intel/pt.c
19337 index 861a7d9..2ff89b2 100644
19338 --- a/arch/x86/events/intel/pt.c
19339 +++ b/arch/x86/events/intel/pt.c
19340 @@ -172,11 +172,9 @@ static const struct attribute_group *pt_attr_groups[] = {
19341
19342 static int __init pt_pmu_hw_init(void)
19343 {
19344 - struct dev_ext_attribute *de_attrs;
19345 - struct attribute **attrs;
19346 - size_t size;
19347 + static struct dev_ext_attribute de_attrs[ARRAY_SIZE(pt_caps)];
19348 + static struct attribute *attrs[ARRAY_SIZE(pt_caps)];
19349 u64 reg;
19350 - int ret;
19351 long i;
19352
19353 rdmsrl(MSR_PLATFORM_INFO, reg);
19354 @@ -207,8 +205,6 @@ static int __init pt_pmu_hw_init(void)
19355 pt_pmu.vmx = true;
19356 }
19357
19358 - attrs = NULL;
19359 -
19360 for (i = 0; i < PT_CPUID_LEAVES; i++) {
19361 cpuid_count(20, i,
19362 &pt_pmu.caps[CR_EAX + i*PT_CPUID_REGS_NUM],
19363 @@ -217,39 +213,25 @@ static int __init pt_pmu_hw_init(void)
19364 &pt_pmu.caps[CR_EDX + i*PT_CPUID_REGS_NUM]);
19365 }
19366
19367 - ret = -ENOMEM;
19368 - size = sizeof(struct attribute *) * (ARRAY_SIZE(pt_caps)+1);
19369 - attrs = kzalloc(size, GFP_KERNEL);
19370 - if (!attrs)
19371 - goto fail;
19372 -
19373 - size = sizeof(struct dev_ext_attribute) * (ARRAY_SIZE(pt_caps)+1);
19374 - de_attrs = kzalloc(size, GFP_KERNEL);
19375 - if (!de_attrs)
19376 - goto fail;
19377 -
19378 + pax_open_kernel();
19379 for (i = 0; i < ARRAY_SIZE(pt_caps); i++) {
19380 - struct dev_ext_attribute *de_attr = de_attrs + i;
19381 + struct dev_ext_attribute *de_attr = &de_attrs[i];
19382
19383 - de_attr->attr.attr.name = pt_caps[i].name;
19384 + const_cast(de_attr->attr.attr.name) = pt_caps[i].name;
19385
19386 sysfs_attr_init(&de_attr->attr.attr);
19387
19388 - de_attr->attr.attr.mode = S_IRUGO;
19389 - de_attr->attr.show = pt_cap_show;
19390 - de_attr->var = (void *)i;
19391 + const_cast(de_attr->attr.attr.mode) = S_IRUGO;
19392 + const_cast(de_attr->attr.show) = pt_cap_show;
19393 + const_cast(de_attr->var) = (void *)i;
19394
19395 attrs[i] = &de_attr->attr.attr;
19396 }
19397
19398 - pt_cap_group.attrs = attrs;
19399 + const_cast(pt_cap_group.attrs) = attrs;
19400 + pax_close_kernel();
19401
19402 return 0;
19403 -
19404 -fail:
19405 - kfree(attrs);
19406 -
19407 - return ret;
19408 }
19409
19410 #define RTIT_CTL_CYC_PSB (RTIT_CTL_CYCLEACC | \
19411 diff --git a/arch/x86/events/intel/rapl.c b/arch/x86/events/intel/rapl.c
19412 index 2886593..f191122 100644
19413 --- a/arch/x86/events/intel/rapl.c
19414 +++ b/arch/x86/events/intel/rapl.c
19415 @@ -117,14 +117,14 @@ static const char *const rapl_domain_names[NR_RAPL_DOMAINS] __initconst = {
19416 #define RAPL_EVENT_MASK 0xFFULL
19417
19418 #define DEFINE_RAPL_FORMAT_ATTR(_var, _name, _format) \
19419 -static ssize_t __rapl_##_var##_show(struct kobject *kobj, \
19420 - struct kobj_attribute *attr, \
19421 +static ssize_t __rapl_##_var##_show(struct device *dev, \
19422 + struct device_attribute *attr, \
19423 char *page) \
19424 { \
19425 BUILD_BUG_ON(sizeof(_format) >= PAGE_SIZE); \
19426 return sprintf(page, _format "\n"); \
19427 } \
19428 -static struct kobj_attribute format_attr_##_var = \
19429 +static struct device_attribute format_attr_##_var = \
19430 __ATTR(_name, 0444, __rapl_##_var##_show, NULL)
19431
19432 #define RAPL_CNTR_WIDTH 32
19433 @@ -533,7 +533,7 @@ static struct attribute *rapl_events_knl_attr[] = {
19434 NULL,
19435 };
19436
19437 -static struct attribute_group rapl_pmu_events_group = {
19438 +static attribute_group_no_const rapl_pmu_events_group __read_only = {
19439 .name = "events",
19440 .attrs = NULL, /* patched at runtime */
19441 };
19442 diff --git a/arch/x86/events/intel/uncore.c b/arch/x86/events/intel/uncore.c
19443 index 463dc7a..4c8d08b 100644
19444 --- a/arch/x86/events/intel/uncore.c
19445 +++ b/arch/x86/events/intel/uncore.c
19446 @@ -90,8 +90,8 @@ end:
19447 return map;
19448 }
19449
19450 -ssize_t uncore_event_show(struct kobject *kobj,
19451 - struct kobj_attribute *attr, char *buf)
19452 +ssize_t uncore_event_show(struct device *dev,
19453 + struct device_attribute *attr, char *buf)
19454 {
19455 struct uncore_event_desc *event =
19456 container_of(attr, struct uncore_event_desc, attr);
19457 @@ -819,7 +819,7 @@ static void uncore_types_exit(struct intel_uncore_type **types)
19458 static int __init uncore_type_init(struct intel_uncore_type *type, bool setid)
19459 {
19460 struct intel_uncore_pmu *pmus;
19461 - struct attribute_group *attr_group;
19462 + attribute_group_no_const *attr_group;
19463 struct attribute **attrs;
19464 size_t size;
19465 int i, j;
19466 diff --git a/arch/x86/events/intel/uncore.h b/arch/x86/events/intel/uncore.h
19467 index 78b9c23..2f5c61e 100644
19468 --- a/arch/x86/events/intel/uncore.h
19469 +++ b/arch/x86/events/intel/uncore.h
19470 @@ -122,9 +122,9 @@ struct intel_uncore_box {
19471 #define UNCORE_BOX_FLAG_INITIATED 0
19472
19473 struct uncore_event_desc {
19474 - struct kobj_attribute attr;
19475 + struct device_attribute attr;
19476 const char *config;
19477 -};
19478 +} __do_const;
19479
19480 struct pci2phy_map {
19481 struct list_head list;
19482 @@ -134,8 +134,8 @@ struct pci2phy_map {
19483
19484 struct pci2phy_map *__find_pci2phy_map(int segment);
19485
19486 -ssize_t uncore_event_show(struct kobject *kobj,
19487 - struct kobj_attribute *attr, char *buf);
19488 +ssize_t uncore_event_show(struct device *dev,
19489 + struct device_attribute *attr, char *buf);
19490
19491 #define INTEL_UNCORE_EVENT_DESC(_name, _config) \
19492 { \
19493 @@ -144,14 +144,14 @@ ssize_t uncore_event_show(struct kobject *kobj,
19494 }
19495
19496 #define DEFINE_UNCORE_FORMAT_ATTR(_var, _name, _format) \
19497 -static ssize_t __uncore_##_var##_show(struct kobject *kobj, \
19498 - struct kobj_attribute *attr, \
19499 +static ssize_t __uncore_##_var##_show(struct device *dev, \
19500 + struct device_attribute *attr, \
19501 char *page) \
19502 { \
19503 BUILD_BUG_ON(sizeof(_format) >= PAGE_SIZE); \
19504 return sprintf(page, _format "\n"); \
19505 } \
19506 -static struct kobj_attribute format_attr_##_var = \
19507 +static struct device_attribute format_attr_##_var = \
19508 __ATTR(_name, 0444, __uncore_##_var##_show, NULL)
19509
19510 static inline unsigned uncore_pci_box_ctl(struct intel_uncore_box *box)
19511 diff --git a/arch/x86/events/perf_event.h b/arch/x86/events/perf_event.h
19512 index 8c4a477..bd8370d 100644
19513 --- a/arch/x86/events/perf_event.h
19514 +++ b/arch/x86/events/perf_event.h
19515 @@ -801,7 +801,7 @@ static inline void set_linear_ip(struct pt_regs *regs, unsigned long ip)
19516 regs->cs = kernel_ip(ip) ? __KERNEL_CS : __USER_CS;
19517 if (regs->flags & X86_VM_MASK)
19518 regs->flags ^= (PERF_EFLAGS_VM | X86_VM_MASK);
19519 - regs->ip = ip;
19520 + regs->ip = kernel_ip(ip) ? ktva_ktla(ip) : ip;
19521 }
19522
19523 ssize_t x86_event_sysfs_show(char *page, u64 config, u64 event);
19524 diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c
19525 index cb26f18..4f43f23 100644
19526 --- a/arch/x86/ia32/ia32_aout.c
19527 +++ b/arch/x86/ia32/ia32_aout.c
19528 @@ -153,6 +153,8 @@ static int aout_core_dump(struct coredump_params *cprm)
19529 unsigned long dump_start, dump_size;
19530 struct user32 dump;
19531
19532 + memset(&dump, 0, sizeof(dump));
19533 +
19534 fs = get_fs();
19535 set_fs(KERNEL_DS);
19536 has_dumped = 1;
19537 diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c
19538 index 2f29f4e..ac453b4 100644
19539 --- a/arch/x86/ia32/ia32_signal.c
19540 +++ b/arch/x86/ia32/ia32_signal.c
19541 @@ -123,7 +123,7 @@ asmlinkage long sys32_sigreturn(void)
19542 if (__get_user(set.sig[0], &frame->sc.oldmask)
19543 || (_COMPAT_NSIG_WORDS > 1
19544 && __copy_from_user((((char *) &set.sig) + 4),
19545 - &frame->extramask,
19546 + frame->extramask,
19547 sizeof(frame->extramask))))
19548 goto badframe;
19549
19550 @@ -243,7 +243,7 @@ static void __user *get_sigframe(struct ksignal *ksig, struct pt_regs *regs,
19551 sp -= frame_size;
19552 /* Align the stack pointer according to the i386 ABI,
19553 * i.e. so that on function entry ((sp + 4) & 15) == 0. */
19554 - sp = ((sp + 4) & -16ul) - 4;
19555 + sp = ((sp - 12) & -16ul) - 4;
19556 return (void __user *) sp;
19557 }
19558
19559 @@ -288,10 +288,10 @@ int ia32_setup_frame(int sig, struct ksignal *ksig,
19560 } else {
19561 /* Return stub is in 32bit vsyscall page */
19562 if (current->mm->context.vdso)
19563 - restorer = current->mm->context.vdso +
19564 - vdso_image_32.sym___kernel_sigreturn;
19565 + restorer = (void __force_user *)(current->mm->context.vdso +
19566 + vdso_image_32.sym___kernel_sigreturn);
19567 else
19568 - restorer = &frame->retcode;
19569 + restorer = frame->retcode;
19570 }
19571
19572 put_user_try {
19573 @@ -301,7 +301,7 @@ int ia32_setup_frame(int sig, struct ksignal *ksig,
19574 * These are actually not used anymore, but left because some
19575 * gdb versions depend on them as a marker.
19576 */
19577 - put_user_ex(*((u64 *)&code), (u64 __user *)frame->retcode);
19578 + put_user_ex(*((const u64 *)&code), (u64 __user *)frame->retcode);
19579 } put_user_catch(err);
19580
19581 if (err)
19582 @@ -343,7 +343,7 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig,
19583 0xb8,
19584 __NR_ia32_rt_sigreturn,
19585 0x80cd,
19586 - 0,
19587 + 0
19588 };
19589
19590 frame = get_sigframe(ksig, regs, sizeof(*frame), &fpstate);
19591 @@ -366,16 +366,19 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig,
19592
19593 if (ksig->ka.sa.sa_flags & SA_RESTORER)
19594 restorer = ksig->ka.sa.sa_restorer;
19595 + else if (current->mm->context.vdso)
19596 + /* Return stub is in 32bit vsyscall page */
19597 + restorer = (void __force_user *)(current->mm->context.vdso +
19598 + vdso_image_32.sym___kernel_rt_sigreturn);
19599 else
19600 - restorer = current->mm->context.vdso +
19601 - vdso_image_32.sym___kernel_rt_sigreturn;
19602 + restorer = frame->retcode;
19603 put_user_ex(ptr_to_compat(restorer), &frame->pretcode);
19604
19605 /*
19606 * Not actually used anymore, but left because some gdb
19607 * versions need it.
19608 */
19609 - put_user_ex(*((u64 *)&code), (u64 __user *)frame->retcode);
19610 + put_user_ex(*((const u64 *)&code), (u64 __user *)frame->retcode);
19611 } put_user_catch(err);
19612
19613 err |= copy_siginfo_to_user32(&frame->info, &ksig->info);
19614 diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c
19615 index 719cd70..72af944 100644
19616 --- a/arch/x86/ia32/sys_ia32.c
19617 +++ b/arch/x86/ia32/sys_ia32.c
19618 @@ -49,18 +49,26 @@
19619
19620 #define AA(__x) ((unsigned long)(__x))
19621
19622 +static inline loff_t compose_loff(unsigned int high, unsigned int low)
19623 +{
19624 + loff_t retval = low;
19625 +
19626 + BUILD_BUG_ON(sizeof retval != sizeof low + sizeof high);
19627 + __builtin_memcpy((unsigned char *)&retval + sizeof low, &high, sizeof high);
19628 + return retval;
19629 +}
19630
19631 asmlinkage long sys32_truncate64(const char __user *filename,
19632 - unsigned long offset_low,
19633 - unsigned long offset_high)
19634 + unsigned int offset_low,
19635 + unsigned int offset_high)
19636 {
19637 - return sys_truncate(filename, ((loff_t) offset_high << 32) | offset_low);
19638 + return sys_truncate(filename, compose_loff(offset_high, offset_low));
19639 }
19640
19641 -asmlinkage long sys32_ftruncate64(unsigned int fd, unsigned long offset_low,
19642 - unsigned long offset_high)
19643 +asmlinkage long sys32_ftruncate64(unsigned int fd, unsigned int offset_low,
19644 + unsigned int offset_high)
19645 {
19646 - return sys_ftruncate(fd, ((loff_t) offset_high << 32) | offset_low);
19647 + return sys_ftruncate(fd, ((unsigned long) offset_high << 32) | offset_low);
19648 }
19649
19650 /*
19651 @@ -69,8 +77,8 @@ asmlinkage long sys32_ftruncate64(unsigned int fd, unsigned long offset_low,
19652 */
19653 static int cp_stat64(struct stat64 __user *ubuf, struct kstat *stat)
19654 {
19655 - typeof(ubuf->st_uid) uid = 0;
19656 - typeof(ubuf->st_gid) gid = 0;
19657 + typeof(((struct stat64 *)0)->st_uid) uid = 0;
19658 + typeof(((struct stat64 *)0)->st_gid) gid = 0;
19659 SET_UID(uid, from_kuid_munged(current_user_ns(), stat->uid));
19660 SET_GID(gid, from_kgid_munged(current_user_ns(), stat->gid));
19661 if (!access_ok(VERIFY_WRITE, ubuf, sizeof(struct stat64)) ||
19662 @@ -196,29 +204,29 @@ long sys32_fadvise64_64(int fd, __u32 offset_low, __u32 offset_high,
19663 __u32 len_low, __u32 len_high, int advice)
19664 {
19665 return sys_fadvise64_64(fd,
19666 - (((u64)offset_high)<<32) | offset_low,
19667 - (((u64)len_high)<<32) | len_low,
19668 + compose_loff(offset_high, offset_low),
19669 + compose_loff(len_high, len_low),
19670 advice);
19671 }
19672
19673 asmlinkage ssize_t sys32_readahead(int fd, unsigned off_lo, unsigned off_hi,
19674 size_t count)
19675 {
19676 - return sys_readahead(fd, ((u64)off_hi << 32) | off_lo, count);
19677 + return sys_readahead(fd, compose_loff(off_hi, off_lo), count);
19678 }
19679
19680 asmlinkage long sys32_sync_file_range(int fd, unsigned off_low, unsigned off_hi,
19681 unsigned n_low, unsigned n_hi, int flags)
19682 {
19683 return sys_sync_file_range(fd,
19684 - ((u64)off_hi << 32) | off_low,
19685 - ((u64)n_hi << 32) | n_low, flags);
19686 + compose_loff(off_hi, off_low),
19687 + compose_loff(n_hi, n_low), flags);
19688 }
19689
19690 asmlinkage long sys32_fadvise64(int fd, unsigned offset_lo, unsigned offset_hi,
19691 - size_t len, int advice)
19692 + int len, int advice)
19693 {
19694 - return sys_fadvise64_64(fd, ((u64)offset_hi << 32) | offset_lo,
19695 + return sys_fadvise64_64(fd, compose_loff(offset_hi, offset_lo),
19696 len, advice);
19697 }
19698
19699 @@ -226,6 +234,6 @@ asmlinkage long sys32_fallocate(int fd, int mode, unsigned offset_lo,
19700 unsigned offset_hi, unsigned len_lo,
19701 unsigned len_hi)
19702 {
19703 - return sys_fallocate(fd, mode, ((u64)offset_hi << 32) | offset_lo,
19704 - ((u64)len_hi << 32) | len_lo);
19705 + return sys_fallocate(fd, mode, compose_loff(offset_hi, offset_lo),
19706 + compose_loff(len_hi, len_lo));
19707 }
19708 diff --git a/arch/x86/include/asm/alternative-asm.h b/arch/x86/include/asm/alternative-asm.h
19709 index e7636ba..b9d3a6d 100644
19710 --- a/arch/x86/include/asm/alternative-asm.h
19711 +++ b/arch/x86/include/asm/alternative-asm.h
19712 @@ -4,6 +4,7 @@
19713 #ifdef __ASSEMBLY__
19714
19715 #include <asm/asm.h>
19716 +#include <asm/irq_vectors.h>
19717
19718 #ifdef CONFIG_SMP
19719 .macro LOCK_PREFIX
19720 @@ -18,6 +19,45 @@
19721 .endm
19722 #endif
19723
19724 +#ifdef KERNEXEC_PLUGIN
19725 + .macro pax_force_retaddr_bts rip=0
19726 + btsq $63,\rip(%rsp)
19727 + .endm
19728 +#ifdef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_BTS
19729 + .macro pax_force_retaddr rip=0, reload=0
19730 + btsq $63,\rip(%rsp)
19731 + .endm
19732 + .macro pax_force_fptr ptr
19733 + btsq $63,\ptr
19734 + .endm
19735 + .macro pax_set_fptr_mask
19736 + .endm
19737 +#endif
19738 +#ifdef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR
19739 + .macro pax_force_retaddr rip=0, reload=0
19740 + .if \reload
19741 + pax_set_fptr_mask
19742 + .endif
19743 + orq %r12,\rip(%rsp)
19744 + .endm
19745 + .macro pax_force_fptr ptr
19746 + orq %r12,\ptr
19747 + .endm
19748 + .macro pax_set_fptr_mask
19749 + movabs $0x8000000000000000,%r12
19750 + .endm
19751 +#endif
19752 +#else
19753 + .macro pax_force_retaddr rip=0, reload=0
19754 + .endm
19755 + .macro pax_force_fptr ptr
19756 + .endm
19757 + .macro pax_force_retaddr_bts rip=0
19758 + .endm
19759 + .macro pax_set_fptr_mask
19760 + .endm
19761 +#endif
19762 +
19763 /*
19764 * Issue one struct alt_instr descriptor entry (need to put it into
19765 * the section .altinstructions, see below). This entry contains
19766 @@ -50,7 +90,7 @@
19767 altinstruction_entry 140b,143f,\feature,142b-140b,144f-143f,142b-141b
19768 .popsection
19769
19770 - .pushsection .altinstr_replacement,"ax"
19771 + .pushsection .altinstr_replacement,"a"
19772 143:
19773 \newinstr
19774 144:
19775 @@ -86,7 +126,7 @@
19776 altinstruction_entry 140b,144f,\feature2,142b-140b,145f-144f,142b-141b
19777 .popsection
19778
19779 - .pushsection .altinstr_replacement,"ax"
19780 + .pushsection .altinstr_replacement,"a"
19781 143:
19782 \newinstr1
19783 144:
19784 @@ -95,6 +135,26 @@
19785 .popsection
19786 .endm
19787
19788 +.macro __PAX_REFCOUNT section, counter
19789 +#ifdef CONFIG_PAX_REFCOUNT
19790 + jo 111f
19791 + .pushsection .text.\section
19792 +111: lea \counter,%_ASM_CX
19793 + int $X86_REFCOUNT_VECTOR
19794 +222:
19795 + .popsection
19796 +333:
19797 + _ASM_EXTABLE(222b, 333b)
19798 +#endif
19799 +.endm
19800 +
19801 +.macro PAX_REFCOUNT64_OVERFLOW counter
19802 + __PAX_REFCOUNT refcount64_overflow, \counter
19803 +.endm
19804 +
19805 +.macro PAX_REFCOUNT64_UNDERFLOW counter
19806 + __PAX_REFCOUNT refcount64_underflow, \counter
19807 +.endm
19808 #endif /* __ASSEMBLY__ */
19809
19810 #endif /* _ASM_X86_ALTERNATIVE_ASM_H */
19811 diff --git a/arch/x86/include/asm/alternative.h b/arch/x86/include/asm/alternative.h
19812 index e77a644..6bbec6f 100644
19813 --- a/arch/x86/include/asm/alternative.h
19814 +++ b/arch/x86/include/asm/alternative.h
19815 @@ -7,6 +7,7 @@
19816 #include <linux/stddef.h>
19817 #include <linux/stringify.h>
19818 #include <asm/asm.h>
19819 +#include <asm/irq_vectors.h>
19820
19821 /*
19822 * Alternative inline assembly for SMP.
19823 @@ -137,7 +138,7 @@ static inline int alternatives_text_reserved(void *start, void *end)
19824 ".pushsection .altinstructions,\"a\"\n" \
19825 ALTINSTR_ENTRY(feature, 1) \
19826 ".popsection\n" \
19827 - ".pushsection .altinstr_replacement, \"ax\"\n" \
19828 + ".pushsection .altinstr_replacement, \"a\"\n" \
19829 ALTINSTR_REPLACEMENT(newinstr, feature, 1) \
19830 ".popsection"
19831
19832 @@ -147,7 +148,7 @@ static inline int alternatives_text_reserved(void *start, void *end)
19833 ALTINSTR_ENTRY(feature1, 1) \
19834 ALTINSTR_ENTRY(feature2, 2) \
19835 ".popsection\n" \
19836 - ".pushsection .altinstr_replacement, \"ax\"\n" \
19837 + ".pushsection .altinstr_replacement, \"a\"\n" \
19838 ALTINSTR_REPLACEMENT(newinstr1, feature1, 1) \
19839 ALTINSTR_REPLACEMENT(newinstr2, feature2, 2) \
19840 ".popsection"
19841 @@ -234,6 +235,35 @@ static inline int alternatives_text_reserved(void *start, void *end)
19842 */
19843 #define ASM_NO_INPUT_CLOBBER(clbr...) "i" (0) : clbr
19844
19845 +#ifdef CONFIG_PAX_REFCOUNT
19846 +#define __PAX_REFCOUNT(size) \
19847 + "jo 111f\n" \
19848 + ".if "__stringify(size)" == 4\n\t" \
19849 + ".pushsection .text.refcount_overflow\n" \
19850 + ".elseif "__stringify(size)" == -4\n\t" \
19851 + ".pushsection .text.refcount_underflow\n" \
19852 + ".elseif "__stringify(size)" == 8\n\t" \
19853 + ".pushsection .text.refcount64_overflow\n" \
19854 + ".elseif "__stringify(size)" == -8\n\t" \
19855 + ".pushsection .text.refcount64_underflow\n" \
19856 + ".else\n" \
19857 + ".error \"invalid size\"\n" \
19858 + ".endif\n" \
19859 + "111:\tlea %[counter],%%"_ASM_CX"\n\t" \
19860 + "int $"__stringify(X86_REFCOUNT_VECTOR)"\n" \
19861 + "222:\n\t" \
19862 + ".popsection\n" \
19863 + "333:\n" \
19864 + _ASM_EXTABLE(222b, 333b)
19865 +
19866 +#define PAX_REFCOUNT_OVERFLOW(size) __PAX_REFCOUNT(size)
19867 +#define PAX_REFCOUNT_UNDERFLOW(size) __PAX_REFCOUNT(-(size))
19868 +#else
19869 +#define __PAX_REFCOUNT(size)
19870 +#define PAX_REFCOUNT_OVERFLOW(size)
19871 +#define PAX_REFCOUNT_UNDERFLOW(size)
19872 +#endif
19873 +
19874 #endif /* __ASSEMBLY__ */
19875
19876 #endif /* _ASM_X86_ALTERNATIVE_H */
19877 diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h
19878 index 1243577..302ac39 100644
19879 --- a/arch/x86/include/asm/apic.h
19880 +++ b/arch/x86/include/asm/apic.h
19881 @@ -49,7 +49,7 @@ static inline void generic_apic_probe(void)
19882
19883 #ifdef CONFIG_X86_LOCAL_APIC
19884
19885 -extern unsigned int apic_verbosity;
19886 +extern int apic_verbosity;
19887 extern int local_apic_timer_c2_ok;
19888
19889 extern int disable_apic;
19890 diff --git a/arch/x86/include/asm/apm.h b/arch/x86/include/asm/apm.h
19891 index 93eebc63..6a64395 100644
19892 --- a/arch/x86/include/asm/apm.h
19893 +++ b/arch/x86/include/asm/apm.h
19894 @@ -34,7 +34,7 @@ static inline void apm_bios_call_asm(u32 func, u32 ebx_in, u32 ecx_in,
19895 __asm__ __volatile__(APM_DO_ZERO_SEGS
19896 "pushl %%edi\n\t"
19897 "pushl %%ebp\n\t"
19898 - "lcall *%%cs:apm_bios_entry\n\t"
19899 + "lcall *%%ss:apm_bios_entry\n\t"
19900 "setc %%al\n\t"
19901 "popl %%ebp\n\t"
19902 "popl %%edi\n\t"
19903 @@ -58,7 +58,7 @@ static inline bool apm_bios_call_simple_asm(u32 func, u32 ebx_in,
19904 __asm__ __volatile__(APM_DO_ZERO_SEGS
19905 "pushl %%edi\n\t"
19906 "pushl %%ebp\n\t"
19907 - "lcall *%%cs:apm_bios_entry\n\t"
19908 + "lcall *%%ss:apm_bios_entry\n\t"
19909 "setc %%bl\n\t"
19910 "popl %%ebp\n\t"
19911 "popl %%edi\n\t"
19912 diff --git a/arch/x86/include/asm/asm.h b/arch/x86/include/asm/asm.h
19913 index 7acb51c..46ba0b3 100644
19914 --- a/arch/x86/include/asm/asm.h
19915 +++ b/arch/x86/include/asm/asm.h
19916 @@ -79,30 +79,6 @@
19917 _ASM_PTR (entry); \
19918 .popsection
19919
19920 -.macro ALIGN_DESTINATION
19921 - /* check for bad alignment of destination */
19922 - movl %edi,%ecx
19923 - andl $7,%ecx
19924 - jz 102f /* already aligned */
19925 - subl $8,%ecx
19926 - negl %ecx
19927 - subl %ecx,%edx
19928 -100: movb (%rsi),%al
19929 -101: movb %al,(%rdi)
19930 - incq %rsi
19931 - incq %rdi
19932 - decl %ecx
19933 - jnz 100b
19934 -102:
19935 - .section .fixup,"ax"
19936 -103: addl %ecx,%edx /* ecx is zerorest also */
19937 - jmp copy_user_handle_tail
19938 - .previous
19939 -
19940 - _ASM_EXTABLE(100b,103b)
19941 - _ASM_EXTABLE(101b,103b)
19942 - .endm
19943 -
19944 #else
19945 # define _EXPAND_EXTABLE_HANDLE(x) #x
19946 # define _ASM_EXTABLE_HANDLE(from, to, handler) \
19947 diff --git a/arch/x86/include/asm/atomic.h b/arch/x86/include/asm/atomic.h
19948 index 14635c5..199ea31 100644
19949 --- a/arch/x86/include/asm/atomic.h
19950 +++ b/arch/x86/include/asm/atomic.h
19951 @@ -27,6 +27,17 @@ static __always_inline int atomic_read(const atomic_t *v)
19952 }
19953
19954 /**
19955 + * atomic_read_unchecked - read atomic variable
19956 + * @v: pointer of type atomic_unchecked_t
19957 + *
19958 + * Atomically reads the value of @v.
19959 + */
19960 +static __always_inline int __intentional_overflow(-1) atomic_read_unchecked(const atomic_unchecked_t *v)
19961 +{
19962 + return ACCESS_ONCE((v)->counter);
19963 +}
19964 +
19965 +/**
19966 * atomic_set - set atomic variable
19967 * @v: pointer of type atomic_t
19968 * @i: required value
19969 @@ -39,6 +50,18 @@ static __always_inline void atomic_set(atomic_t *v, int i)
19970 }
19971
19972 /**
19973 + * atomic_set_unchecked - set atomic variable
19974 + * @v: pointer of type atomic_unchecked_t
19975 + * @i: required value
19976 + *
19977 + * Atomically sets the value of @v to @i.
19978 + */
19979 +static __always_inline void atomic_set_unchecked(atomic_unchecked_t *v, int i)
19980 +{
19981 + v->counter = i;
19982 +}
19983 +
19984 +/**
19985 * atomic_add - add integer to atomic variable
19986 * @i: integer value to add
19987 * @v: pointer of type atomic_t
19988 @@ -47,8 +70,24 @@ static __always_inline void atomic_set(atomic_t *v, int i)
19989 */
19990 static __always_inline void atomic_add(int i, atomic_t *v)
19991 {
19992 - asm volatile(LOCK_PREFIX "addl %1,%0"
19993 - : "+m" (v->counter)
19994 + asm volatile(LOCK_PREFIX "addl %1,%0\n\t"
19995 + PAX_REFCOUNT_OVERFLOW(4)
19996 + : [counter] "+m" (v->counter)
19997 + : "ir" (i)
19998 + : "cc", "cx");
19999 +}
20000 +
20001 +/**
20002 + * atomic_add_unchecked - add integer to atomic variable
20003 + * @i: integer value to add
20004 + * @v: pointer of type atomic_unchecked_t
20005 + *
20006 + * Atomically adds @i to @v.
20007 + */
20008 +static __always_inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
20009 +{
20010 + asm volatile(LOCK_PREFIX "addl %1,%0\n"
20011 + : [counter] "+m" (v->counter)
20012 : "ir" (i));
20013 }
20014
20015 @@ -61,7 +100,23 @@ static __always_inline void atomic_add(int i, atomic_t *v)
20016 */
20017 static __always_inline void atomic_sub(int i, atomic_t *v)
20018 {
20019 - asm volatile(LOCK_PREFIX "subl %1,%0"
20020 + asm volatile(LOCK_PREFIX "subl %1,%0\n\t"
20021 + PAX_REFCOUNT_UNDERFLOW(4)
20022 + : [counter] "+m" (v->counter)
20023 + : "ir" (i)
20024 + : "cc", "cx");
20025 +}
20026 +
20027 +/**
20028 + * atomic_sub_unchecked - subtract integer from atomic variable
20029 + * @i: integer value to subtract
20030 + * @v: pointer of type atomic_unchecked_t
20031 + *
20032 + * Atomically subtracts @i from @v.
20033 + */
20034 +static __always_inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
20035 +{
20036 + asm volatile(LOCK_PREFIX "subl %1,%0\n"
20037 : "+m" (v->counter)
20038 : "ir" (i));
20039 }
20040 @@ -77,7 +132,7 @@ static __always_inline void atomic_sub(int i, atomic_t *v)
20041 */
20042 static __always_inline bool atomic_sub_and_test(int i, atomic_t *v)
20043 {
20044 - GEN_BINARY_RMWcc(LOCK_PREFIX "subl", v->counter, "er", i, "%0", e);
20045 + GEN_BINARY_RMWcc(LOCK_PREFIX "subl", v->counter, -4, "er", i, "%0", e);
20046 }
20047
20048 /**
20049 @@ -88,7 +143,21 @@ static __always_inline bool atomic_sub_and_test(int i, atomic_t *v)
20050 */
20051 static __always_inline void atomic_inc(atomic_t *v)
20052 {
20053 - asm volatile(LOCK_PREFIX "incl %0"
20054 + asm volatile(LOCK_PREFIX "incl %0\n\t"
20055 + PAX_REFCOUNT_OVERFLOW(4)
20056 + : [counter] "+m" (v->counter)
20057 + : : "cc", "cx");
20058 +}
20059 +
20060 +/**
20061 + * atomic_inc_unchecked - increment atomic variable
20062 + * @v: pointer of type atomic_unchecked_t
20063 + *
20064 + * Atomically increments @v by 1.
20065 + */
20066 +static __always_inline void atomic_inc_unchecked(atomic_unchecked_t *v)
20067 +{
20068 + asm volatile(LOCK_PREFIX "incl %0\n"
20069 : "+m" (v->counter));
20070 }
20071
20072 @@ -100,7 +169,21 @@ static __always_inline void atomic_inc(atomic_t *v)
20073 */
20074 static __always_inline void atomic_dec(atomic_t *v)
20075 {
20076 - asm volatile(LOCK_PREFIX "decl %0"
20077 + asm volatile(LOCK_PREFIX "decl %0\n\t"
20078 + PAX_REFCOUNT_UNDERFLOW(4)
20079 + : [counter] "+m" (v->counter)
20080 + : : "cc", "cx");
20081 +}
20082 +
20083 +/**
20084 + * atomic_dec_unchecked - decrement atomic variable
20085 + * @v: pointer of type atomic_unchecked_t
20086 + *
20087 + * Atomically decrements @v by 1.
20088 + */
20089 +static __always_inline void atomic_dec_unchecked(atomic_unchecked_t *v)
20090 +{
20091 + asm volatile(LOCK_PREFIX "decl %0\n"
20092 : "+m" (v->counter));
20093 }
20094
20095 @@ -114,7 +197,7 @@ static __always_inline void atomic_dec(atomic_t *v)
20096 */
20097 static __always_inline bool atomic_dec_and_test(atomic_t *v)
20098 {
20099 - GEN_UNARY_RMWcc(LOCK_PREFIX "decl", v->counter, "%0", e);
20100 + GEN_UNARY_RMWcc(LOCK_PREFIX "decl", v->counter, -4, "%0", e);
20101 }
20102
20103 /**
20104 @@ -127,7 +210,20 @@ static __always_inline bool atomic_dec_and_test(atomic_t *v)
20105 */
20106 static __always_inline bool atomic_inc_and_test(atomic_t *v)
20107 {
20108 - GEN_UNARY_RMWcc(LOCK_PREFIX "incl", v->counter, "%0", e);
20109 + GEN_UNARY_RMWcc(LOCK_PREFIX "incl", v->counter, 4, "%0", e);
20110 +}
20111 +
20112 +/**
20113 + * atomic_inc_and_test_unchecked - increment and test
20114 + * @v: pointer of type atomic_unchecked_t
20115 + *
20116 + * Atomically increments @v by 1
20117 + * and returns true if the result is zero, or false for all
20118 + * other cases.
20119 + */
20120 +static __always_inline int atomic_inc_and_test_unchecked(atomic_unchecked_t *v)
20121 +{
20122 + GEN_UNARY_RMWcc_unchecked(LOCK_PREFIX "incl", v->counter, "%0", e);
20123 }
20124
20125 /**
20126 @@ -141,7 +237,7 @@ static __always_inline bool atomic_inc_and_test(atomic_t *v)
20127 */
20128 static __always_inline bool atomic_add_negative(int i, atomic_t *v)
20129 {
20130 - GEN_BINARY_RMWcc(LOCK_PREFIX "addl", v->counter, "er", i, "%0", s);
20131 + GEN_BINARY_RMWcc(LOCK_PREFIX "addl", v->counter, 4, "er", i, "%0", s);
20132 }
20133
20134 /**
20135 @@ -151,7 +247,19 @@ static __always_inline bool atomic_add_negative(int i, atomic_t *v)
20136 *
20137 * Atomically adds @i to @v and returns @i + @v
20138 */
20139 -static __always_inline int atomic_add_return(int i, atomic_t *v)
20140 +static __always_inline int __intentional_overflow(-1) atomic_add_return(int i, atomic_t *v)
20141 +{
20142 + return i + xadd_check_overflow(&v->counter, i);
20143 +}
20144 +
20145 +/**
20146 + * atomic_add_return_unchecked - add integer and return
20147 + * @i: integer value to add
20148 + * @v: pointer of type atomi_uncheckedc_t
20149 + *
20150 + * Atomically adds @i to @v and returns @i + @v
20151 + */
20152 +static __always_inline int atomic_add_return_unchecked(int i, atomic_unchecked_t *v)
20153 {
20154 return i + xadd(&v->counter, i);
20155 }
20156 @@ -163,25 +271,34 @@ static __always_inline int atomic_add_return(int i, atomic_t *v)
20157 *
20158 * Atomically subtracts @i from @v and returns @v - @i
20159 */
20160 -static __always_inline int atomic_sub_return(int i, atomic_t *v)
20161 +static __always_inline int __intentional_overflow(-1) atomic_sub_return(int i, atomic_t *v)
20162 {
20163 return atomic_add_return(-i, v);
20164 }
20165
20166 #define atomic_inc_return(v) (atomic_add_return(1, v))
20167 +static __always_inline int atomic_inc_return_unchecked(atomic_unchecked_t *v)
20168 +{
20169 + return atomic_add_return_unchecked(1, v);
20170 +}
20171 #define atomic_dec_return(v) (atomic_sub_return(1, v))
20172
20173 static __always_inline int atomic_fetch_add(int i, atomic_t *v)
20174 {
20175 - return xadd(&v->counter, i);
20176 + return xadd_check_overflow(&v->counter, i);
20177 }
20178
20179 static __always_inline int atomic_fetch_sub(int i, atomic_t *v)
20180 {
20181 - return xadd(&v->counter, -i);
20182 + return xadd_check_overflow(&v->counter, -i);
20183 }
20184
20185 -static __always_inline int atomic_cmpxchg(atomic_t *v, int old, int new)
20186 +static __always_inline int __intentional_overflow(-1) atomic_cmpxchg(atomic_t *v, int old, int new)
20187 +{
20188 + return cmpxchg(&v->counter, old, new);
20189 +}
20190 +
20191 +static __always_inline int atomic_cmpxchg_unchecked(atomic_unchecked_t *v, int old, int new)
20192 {
20193 return cmpxchg(&v->counter, old, new);
20194 }
20195 @@ -191,6 +308,11 @@ static inline int atomic_xchg(atomic_t *v, int new)
20196 return xchg(&v->counter, new);
20197 }
20198
20199 +static inline int atomic_xchg_unchecked(atomic_unchecked_t *v, int new)
20200 +{
20201 + return xchg(&v->counter, new);
20202 +}
20203 +
20204 #define ATOMIC_OP(op) \
20205 static inline void atomic_##op(int i, atomic_t *v) \
20206 { \
20207 @@ -236,12 +358,20 @@ ATOMIC_OPS(xor, ^)
20208 */
20209 static __always_inline int __atomic_add_unless(atomic_t *v, int a, int u)
20210 {
20211 - int c, old;
20212 + int c, old, new;
20213 c = atomic_read(v);
20214 for (;;) {
20215 - if (unlikely(c == (u)))
20216 + if (unlikely(c == u))
20217 break;
20218 - old = atomic_cmpxchg((v), c, c + (a));
20219 +
20220 + asm volatile("addl %2,%0\n\t"
20221 + PAX_REFCOUNT_OVERFLOW(4)
20222 + : "=r" (new)
20223 + : "0" (c), "ir" (a),
20224 + [counter] "m" (v->counter)
20225 + : "cc", "cx");
20226 +
20227 + old = atomic_cmpxchg(v, c, new);
20228 if (likely(old == c))
20229 break;
20230 c = old;
20231 @@ -250,6 +380,114 @@ static __always_inline int __atomic_add_unless(atomic_t *v, int a, int u)
20232 }
20233
20234 /**
20235 + * atomic_inc_not_zero_hint - increment if not null
20236 + * @v: pointer of type atomic_t
20237 + * @hint: probable value of the atomic before the increment
20238 + *
20239 + * This version of atomic_inc_not_zero() gives a hint of probable
20240 + * value of the atomic. This helps processor to not read the memory
20241 + * before doing the atomic read/modify/write cycle, lowering
20242 + * number of bus transactions on some arches.
20243 + *
20244 + * Returns: 0 if increment was not done, 1 otherwise.
20245 + */
20246 +#define atomic_inc_not_zero_hint atomic_inc_not_zero_hint
20247 +static inline int atomic_inc_not_zero_hint(atomic_t *v, int hint)
20248 +{
20249 + int val, c = hint, new;
20250 +
20251 + /* sanity test, should be removed by compiler if hint is a constant */
20252 + if (!hint)
20253 + return __atomic_add_unless(v, 1, 0);
20254 +
20255 + do {
20256 + asm volatile("incl %0\n\t"
20257 + PAX_REFCOUNT_OVERFLOW(4)
20258 + : "=r" (new)
20259 + : "0" (c),
20260 + [counter] "m" (v->counter)
20261 + : "cc", "cx");
20262 +
20263 + val = atomic_cmpxchg(v, c, new);
20264 + if (val == c)
20265 + return 1;
20266 + c = val;
20267 + } while (c);
20268 +
20269 + return 0;
20270 +}
20271 +
20272 +#define atomic_inc_unless_negative atomic_inc_unless_negative
20273 +static inline int atomic_inc_unless_negative(atomic_t *p)
20274 +{
20275 + int v, v1, new;
20276 +
20277 + for (v = 0; v >= 0; v = v1) {
20278 + asm volatile("incl %0\n\t"
20279 + PAX_REFCOUNT_OVERFLOW(4)
20280 + : "=r" (new)
20281 + : "0" (v),
20282 + [counter] "m" (p->counter)
20283 + : "cc", "cx");
20284 +
20285 + v1 = atomic_cmpxchg(p, v, new);
20286 + if (likely(v1 == v))
20287 + return 1;
20288 + }
20289 + return 0;
20290 +}
20291 +
20292 +#define atomic_dec_unless_positive atomic_dec_unless_positive
20293 +static inline int atomic_dec_unless_positive(atomic_t *p)
20294 +{
20295 + int v, v1, new;
20296 +
20297 + for (v = 0; v <= 0; v = v1) {
20298 + asm volatile("decl %0\n\t"
20299 + PAX_REFCOUNT_UNDERFLOW(4)
20300 + : "=r" (new)
20301 + : "0" (v),
20302 + [counter] "m" (p->counter)
20303 + : "cc", "cx");
20304 +
20305 + v1 = atomic_cmpxchg(p, v, new);
20306 + if (likely(v1 == v))
20307 + return 1;
20308 + }
20309 + return 0;
20310 +}
20311 +
20312 +/*
20313 + * atomic_dec_if_positive - decrement by 1 if old value positive
20314 + * @v: pointer of type atomic_t
20315 + *
20316 + * The function returns the old value of *v minus 1, even if
20317 + * the atomic variable, v, was not decremented.
20318 + */
20319 +#define atomic_dec_if_positive atomic_dec_if_positive
20320 +static inline int atomic_dec_if_positive(atomic_t *v)
20321 +{
20322 + int c, old, dec;
20323 + c = atomic_read(v);
20324 + for (;;) {
20325 + asm volatile("decl %0\n\t"
20326 + PAX_REFCOUNT_UNDERFLOW(4)
20327 + : "=r" (dec)
20328 + : "0" (c),
20329 + [counter] "m" (v->counter)
20330 + : "cc", "cx");
20331 +
20332 + if (unlikely(dec < 0))
20333 + break;
20334 + old = atomic_cmpxchg(v, c, dec);
20335 + if (likely(old == c))
20336 + break;
20337 + c = old;
20338 + }
20339 + return dec;
20340 +}
20341 +
20342 +/**
20343 * atomic_inc_short - increment of a short integer
20344 * @v: pointer to type int
20345 *
20346 diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h
20347 index 71d7705..99a1fe8 100644
20348 --- a/arch/x86/include/asm/atomic64_32.h
20349 +++ b/arch/x86/include/asm/atomic64_32.h
20350 @@ -8,9 +8,17 @@
20351 /* An 64bit atomic type */
20352
20353 typedef struct {
20354 - u64 __aligned(8) counter;
20355 + s64 __aligned(8) counter;
20356 } atomic64_t;
20357
20358 +#ifdef CONFIG_PAX_REFCOUNT
20359 +typedef struct {
20360 + s64 __aligned(8) counter;
20361 +} atomic64_unchecked_t;
20362 +#else
20363 +typedef atomic64_t atomic64_unchecked_t;
20364 +#endif
20365 +
20366 #define ATOMIC64_INIT(val) { (val) }
20367
20368 #define __ATOMIC64_DECL(sym) void atomic64_##sym(atomic64_t *, ...)
20369 @@ -36,21 +44,31 @@ typedef struct {
20370 ATOMIC64_DECL_ONE(sym##_386)
20371
20372 ATOMIC64_DECL_ONE(add_386);
20373 +ATOMIC64_DECL_ONE(add_unchecked_386);
20374 ATOMIC64_DECL_ONE(sub_386);
20375 +ATOMIC64_DECL_ONE(sub_unchecked_386);
20376 ATOMIC64_DECL_ONE(inc_386);
20377 +ATOMIC64_DECL_ONE(inc_unchecked_386);
20378 ATOMIC64_DECL_ONE(dec_386);
20379 +ATOMIC64_DECL_ONE(dec_unchecked_386);
20380 #endif
20381
20382 #define alternative_atomic64(f, out, in...) \
20383 __alternative_atomic64(f, f, ASM_OUTPUT2(out), ## in)
20384
20385 ATOMIC64_DECL(read);
20386 +ATOMIC64_DECL(read_unchecked);
20387 ATOMIC64_DECL(set);
20388 +ATOMIC64_DECL(set_unchecked);
20389 ATOMIC64_DECL(xchg);
20390 ATOMIC64_DECL(add_return);
20391 +ATOMIC64_DECL(add_return_unchecked);
20392 ATOMIC64_DECL(sub_return);
20393 +ATOMIC64_DECL(sub_return_unchecked);
20394 ATOMIC64_DECL(inc_return);
20395 +ATOMIC64_DECL(inc_return_unchecked);
20396 ATOMIC64_DECL(dec_return);
20397 +ATOMIC64_DECL(dec_return_unchecked);
20398 ATOMIC64_DECL(dec_if_positive);
20399 ATOMIC64_DECL(inc_not_zero);
20400 ATOMIC64_DECL(add_unless);
20401 @@ -76,6 +94,21 @@ static inline long long atomic64_cmpxchg(atomic64_t *v, long long o, long long n
20402 }
20403
20404 /**
20405 + * atomic64_cmpxchg_unchecked - cmpxchg atomic64 variable
20406 + * @p: pointer to type atomic64_unchecked_t
20407 + * @o: expected value
20408 + * @n: new value
20409 + *
20410 + * Atomically sets @v to @n if it was equal to @o and returns
20411 + * the old value.
20412 + */
20413 +
20414 +static inline long long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, long long o, long long n)
20415 +{
20416 + return cmpxchg64(&v->counter, o, n);
20417 +}
20418 +
20419 +/**
20420 * atomic64_xchg - xchg atomic64 variable
20421 * @v: pointer to type atomic64_t
20422 * @n: value to assign
20423 @@ -95,6 +128,25 @@ static inline long long atomic64_xchg(atomic64_t *v, long long n)
20424 }
20425
20426 /**
20427 + * atomic64_xchg_unchecked - xchg atomic64 variable
20428 + * @v: pointer to type atomic64_unchecked_t
20429 + * @n: value to assign
20430 + *
20431 + * Atomically xchgs the value of @v to @n and returns
20432 + * the old value.
20433 + */
20434 +static inline long long atomic64_xchg_unchecked(atomic64_unchecked_t *v, long long n)
20435 +{
20436 + long long o;
20437 + unsigned high = (unsigned)(n >> 32);
20438 + unsigned low = (unsigned)n;
20439 + alternative_atomic64(xchg, "=&A" (o),
20440 + "S" (v), "b" (low), "c" (high)
20441 + : "memory");
20442 + return o;
20443 +}
20444 +
20445 +/**
20446 * atomic64_set - set atomic64 variable
20447 * @v: pointer to type atomic64_t
20448 * @i: value to assign
20449 @@ -111,6 +163,22 @@ static inline void atomic64_set(atomic64_t *v, long long i)
20450 }
20451
20452 /**
20453 + * atomic64_set_unchecked - set atomic64 variable
20454 + * @v: pointer to type atomic64_unchecked_t
20455 + * @n: value to assign
20456 + *
20457 + * Atomically sets the value of @v to @n.
20458 + */
20459 +static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, long long i)
20460 +{
20461 + unsigned high = (unsigned)(i >> 32);
20462 + unsigned low = (unsigned)i;
20463 + alternative_atomic64(set, /* no output */,
20464 + "S" (v), "b" (low), "c" (high)
20465 + : "eax", "edx", "memory");
20466 +}
20467 +
20468 +/**
20469 * atomic64_read - read atomic64 variable
20470 * @v: pointer to type atomic64_t
20471 *
20472 @@ -124,6 +192,19 @@ static inline long long atomic64_read(const atomic64_t *v)
20473 }
20474
20475 /**
20476 + * atomic64_read_unchecked - read atomic64 variable
20477 + * @v: pointer to type atomic64_unchecked_t
20478 + *
20479 + * Atomically reads the value of @v and returns it.
20480 + */
20481 +static inline long long __intentional_overflow(-1) atomic64_read_unchecked(const atomic64_unchecked_t *v)
20482 +{
20483 + long long r;
20484 + alternative_atomic64(read, "=&A" (r), "c" (v) : "memory");
20485 + return r;
20486 + }
20487 +
20488 +/**
20489 * atomic64_add_return - add and return
20490 * @i: integer value to add
20491 * @v: pointer to type atomic64_t
20492 @@ -138,6 +219,21 @@ static inline long long atomic64_add_return(long long i, atomic64_t *v)
20493 return i;
20494 }
20495
20496 +/**
20497 + * atomic64_add_return_unchecked - add and return
20498 + * @i: integer value to add
20499 + * @v: pointer to type atomic64_unchecked_t
20500 + *
20501 + * Atomically adds @i to @v and returns @i + *@v
20502 + */
20503 +static inline long long atomic64_add_return_unchecked(long long i, atomic64_unchecked_t *v)
20504 +{
20505 + alternative_atomic64(add_return_unchecked,
20506 + ASM_OUTPUT2("+A" (i), "+c" (v)),
20507 + ASM_NO_INPUT_CLOBBER("memory"));
20508 + return i;
20509 +}
20510 +
20511 /*
20512 * Other variants with different arithmetic operators:
20513 */
20514 @@ -157,6 +253,14 @@ static inline long long atomic64_inc_return(atomic64_t *v)
20515 return a;
20516 }
20517
20518 +static inline long long atomic64_inc_return_unchecked(atomic64_unchecked_t *v)
20519 +{
20520 + long long a;
20521 + alternative_atomic64(inc_return_unchecked, "=&A" (a),
20522 + "S" (v) : "memory", "ecx");
20523 + return a;
20524 +}
20525 +
20526 static inline long long atomic64_dec_return(atomic64_t *v)
20527 {
20528 long long a;
20529 @@ -181,6 +285,21 @@ static inline long long atomic64_add(long long i, atomic64_t *v)
20530 }
20531
20532 /**
20533 + * atomic64_add_unchecked - add integer to atomic64 variable
20534 + * @i: integer value to add
20535 + * @v: pointer to type atomic64_unchecked_t
20536 + *
20537 + * Atomically adds @i to @v.
20538 + */
20539 +static inline long long atomic64_add_unchecked(long long i, atomic64_unchecked_t *v)
20540 +{
20541 + __alternative_atomic64(add_unchecked, add_return_unchecked,
20542 + ASM_OUTPUT2("+A" (i), "+c" (v)),
20543 + ASM_NO_INPUT_CLOBBER("memory"));
20544 + return i;
20545 +}
20546 +
20547 +/**
20548 * atomic64_sub - subtract the atomic64 variable
20549 * @i: integer value to subtract
20550 * @v: pointer to type atomic64_t
20551 @@ -222,6 +341,18 @@ static inline void atomic64_inc(atomic64_t *v)
20552 }
20553
20554 /**
20555 + * atomic64_inc_unchecked - increment atomic64 variable
20556 + * @v: pointer to type atomic64_unchecked_t
20557 + *
20558 + * Atomically increments @v by 1.
20559 + */
20560 +static inline void atomic64_inc_unchecked(atomic64_unchecked_t *v)
20561 +{
20562 + __alternative_atomic64(inc_unchecked, inc_return_unchecked, /* no output */,
20563 + "S" (v) : "memory", "eax", "ecx", "edx");
20564 +}
20565 +
20566 +/**
20567 * atomic64_dec - decrement atomic64 variable
20568 * @v: pointer to type atomic64_t
20569 *
20570 diff --git a/arch/x86/include/asm/atomic64_64.h b/arch/x86/include/asm/atomic64_64.h
20571 index 89ed2f6..25490ad 100644
20572 --- a/arch/x86/include/asm/atomic64_64.h
20573 +++ b/arch/x86/include/asm/atomic64_64.h
20574 @@ -22,6 +22,18 @@ static inline long atomic64_read(const atomic64_t *v)
20575 }
20576
20577 /**
20578 + * atomic64_read_unchecked - read atomic64 variable
20579 + * @v: pointer of type atomic64_unchecked_t
20580 + *
20581 + * Atomically reads the value of @v.
20582 + * Doesn't imply a read memory barrier.
20583 + */
20584 +static inline long __intentional_overflow(-1) atomic64_read_unchecked(const atomic64_unchecked_t *v)
20585 +{
20586 + return ACCESS_ONCE((v)->counter);
20587 +}
20588 +
20589 +/**
20590 * atomic64_set - set atomic64 variable
20591 * @v: pointer to type atomic64_t
20592 * @i: required value
20593 @@ -34,6 +46,18 @@ static inline void atomic64_set(atomic64_t *v, long i)
20594 }
20595
20596 /**
20597 + * atomic64_set_unchecked - set atomic64 variable
20598 + * @v: pointer to type atomic64_unchecked_t
20599 + * @i: required value
20600 + *
20601 + * Atomically sets the value of @v to @i.
20602 + */
20603 +static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, long i)
20604 +{
20605 + v->counter = i;
20606 +}
20607 +
20608 +/**
20609 * atomic64_add - add integer to atomic64 variable
20610 * @i: integer value to add
20611 * @v: pointer to type atomic64_t
20612 @@ -42,6 +66,22 @@ static inline void atomic64_set(atomic64_t *v, long i)
20613 */
20614 static __always_inline void atomic64_add(long i, atomic64_t *v)
20615 {
20616 + asm volatile(LOCK_PREFIX "addq %1,%0\n\t"
20617 + PAX_REFCOUNT_OVERFLOW(8)
20618 + : [counter] "=m" (v->counter)
20619 + : "er" (i), "m" (v->counter)
20620 + : "cc", "cx");
20621 +}
20622 +
20623 +/**
20624 + * atomic64_add_unchecked - add integer to atomic64 variable
20625 + * @i: integer value to add
20626 + * @v: pointer to type atomic64_unchecked_t
20627 + *
20628 + * Atomically adds @i to @v.
20629 + */
20630 +static __always_inline void atomic64_add_unchecked(long i, atomic64_unchecked_t *v)
20631 +{
20632 asm volatile(LOCK_PREFIX "addq %1,%0"
20633 : "=m" (v->counter)
20634 : "er" (i), "m" (v->counter));
20635 @@ -56,7 +96,23 @@ static __always_inline void atomic64_add(long i, atomic64_t *v)
20636 */
20637 static inline void atomic64_sub(long i, atomic64_t *v)
20638 {
20639 - asm volatile(LOCK_PREFIX "subq %1,%0"
20640 + asm volatile(LOCK_PREFIX "subq %1,%0\n\t"
20641 + PAX_REFCOUNT_UNDERFLOW(8)
20642 + : [counter] "=m" (v->counter)
20643 + : "er" (i), "m" (v->counter)
20644 + : "cc", "cx");
20645 +}
20646 +
20647 +/**
20648 + * atomic64_sub_unchecked - subtract the atomic64 variable
20649 + * @i: integer value to subtract
20650 + * @v: pointer to type atomic64_unchecked_t
20651 + *
20652 + * Atomically subtracts @i from @v.
20653 + */
20654 +static inline void atomic64_sub_unchecked(long i, atomic64_unchecked_t *v)
20655 +{
20656 + asm volatile(LOCK_PREFIX "subq %1,%0\n"
20657 : "=m" (v->counter)
20658 : "er" (i), "m" (v->counter));
20659 }
20660 @@ -72,7 +128,7 @@ static inline void atomic64_sub(long i, atomic64_t *v)
20661 */
20662 static inline bool atomic64_sub_and_test(long i, atomic64_t *v)
20663 {
20664 - GEN_BINARY_RMWcc(LOCK_PREFIX "subq", v->counter, "er", i, "%0", e);
20665 + GEN_BINARY_RMWcc(LOCK_PREFIX "subq", v->counter, -8, "er", i, "%0", e);
20666 }
20667
20668 /**
20669 @@ -83,6 +139,21 @@ static inline bool atomic64_sub_and_test(long i, atomic64_t *v)
20670 */
20671 static __always_inline void atomic64_inc(atomic64_t *v)
20672 {
20673 + asm volatile(LOCK_PREFIX "incq %0\n\t"
20674 + PAX_REFCOUNT_OVERFLOW(8)
20675 + : [counter] "=m" (v->counter)
20676 + : "m" (v->counter)
20677 + : "cc", "cx");
20678 +}
20679 +
20680 +/**
20681 + * atomic64_inc_unchecked - increment atomic64 variable
20682 + * @v: pointer to type atomic64_unchecked_t
20683 + *
20684 + * Atomically increments @v by 1.
20685 + */
20686 +static __always_inline void atomic64_inc_unchecked(atomic64_unchecked_t *v)
20687 +{
20688 asm volatile(LOCK_PREFIX "incq %0"
20689 : "=m" (v->counter)
20690 : "m" (v->counter));
20691 @@ -96,7 +167,22 @@ static __always_inline void atomic64_inc(atomic64_t *v)
20692 */
20693 static __always_inline void atomic64_dec(atomic64_t *v)
20694 {
20695 - asm volatile(LOCK_PREFIX "decq %0"
20696 + asm volatile(LOCK_PREFIX "decq %0\n\t"
20697 + PAX_REFCOUNT_UNDERFLOW(8)
20698 + : [counter] "=m" (v->counter)
20699 + : "m" (v->counter)
20700 + : "cc", "cx");
20701 +}
20702 +
20703 +/**
20704 + * atomic64_dec_unchecked - decrement atomic64 variable
20705 + * @v: pointer to type atomic64_t
20706 + *
20707 + * Atomically decrements @v by 1.
20708 + */
20709 +static __always_inline void atomic64_dec_unchecked(atomic64_unchecked_t *v)
20710 +{
20711 + asm volatile(LOCK_PREFIX "decq %0\n"
20712 : "=m" (v->counter)
20713 : "m" (v->counter));
20714 }
20715 @@ -111,7 +197,7 @@ static __always_inline void atomic64_dec(atomic64_t *v)
20716 */
20717 static inline bool atomic64_dec_and_test(atomic64_t *v)
20718 {
20719 - GEN_UNARY_RMWcc(LOCK_PREFIX "decq", v->counter, "%0", e);
20720 + GEN_UNARY_RMWcc(LOCK_PREFIX "decq", v->counter, -8, "%0", e);
20721 }
20722
20723 /**
20724 @@ -124,7 +210,7 @@ static inline bool atomic64_dec_and_test(atomic64_t *v)
20725 */
20726 static inline bool atomic64_inc_and_test(atomic64_t *v)
20727 {
20728 - GEN_UNARY_RMWcc(LOCK_PREFIX "incq", v->counter, "%0", e);
20729 + GEN_UNARY_RMWcc(LOCK_PREFIX "incq", v->counter, 8, "%0", e);
20730 }
20731
20732 /**
20733 @@ -138,7 +224,7 @@ static inline bool atomic64_inc_and_test(atomic64_t *v)
20734 */
20735 static inline bool atomic64_add_negative(long i, atomic64_t *v)
20736 {
20737 - GEN_BINARY_RMWcc(LOCK_PREFIX "addq", v->counter, "er", i, "%0", s);
20738 + GEN_BINARY_RMWcc(LOCK_PREFIX "addq", v->counter, 8, "er", i, "%0", s);
20739 }
20740
20741 /**
20742 @@ -150,6 +236,18 @@ static inline bool atomic64_add_negative(long i, atomic64_t *v)
20743 */
20744 static __always_inline long atomic64_add_return(long i, atomic64_t *v)
20745 {
20746 + return i + xadd_check_overflow(&v->counter, i);
20747 +}
20748 +
20749 +/**
20750 + * atomic64_add_return_unchecked - add and return
20751 + * @i: integer value to add
20752 + * @v: pointer to type atomic64_unchecked_t
20753 + *
20754 + * Atomically adds @i to @v and returns @i + @v
20755 + */
20756 +static __always_inline long atomic64_add_return_unchecked(long i, atomic64_unchecked_t *v)
20757 +{
20758 return i + xadd(&v->counter, i);
20759 }
20760
20761 @@ -160,15 +258,19 @@ static inline long atomic64_sub_return(long i, atomic64_t *v)
20762
20763 static inline long atomic64_fetch_add(long i, atomic64_t *v)
20764 {
20765 - return xadd(&v->counter, i);
20766 + return xadd_check_overflow(&v->counter, i);
20767 }
20768
20769 static inline long atomic64_fetch_sub(long i, atomic64_t *v)
20770 {
20771 - return xadd(&v->counter, -i);
20772 + return xadd_check_overflow(&v->counter, -i);
20773 }
20774
20775 #define atomic64_inc_return(v) (atomic64_add_return(1, (v)))
20776 +static inline long atomic64_inc_return_unchecked(atomic64_unchecked_t *v)
20777 +{
20778 + return atomic64_add_return_unchecked(1, v);
20779 +}
20780 #define atomic64_dec_return(v) (atomic64_sub_return(1, (v)))
20781
20782 static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new)
20783 @@ -176,11 +278,21 @@ static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new)
20784 return cmpxchg(&v->counter, old, new);
20785 }
20786
20787 +static inline long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, long old, long new)
20788 +{
20789 + return cmpxchg(&v->counter, old, new);
20790 +}
20791 +
20792 static inline long atomic64_xchg(atomic64_t *v, long new)
20793 {
20794 return xchg(&v->counter, new);
20795 }
20796
20797 +static inline long atomic64_xchg_unchecked(atomic64_unchecked_t *v, long new)
20798 +{
20799 + return xchg(&v->counter, new);
20800 +}
20801 +
20802 /**
20803 * atomic64_add_unless - add unless the number is a given value
20804 * @v: pointer of type atomic64_t
20805 @@ -192,17 +304,25 @@ static inline long atomic64_xchg(atomic64_t *v, long new)
20806 */
20807 static inline bool atomic64_add_unless(atomic64_t *v, long a, long u)
20808 {
20809 - long c, old;
20810 + long c, old, new;
20811 c = atomic64_read(v);
20812 for (;;) {
20813 - if (unlikely(c == (u)))
20814 + if (unlikely(c == u))
20815 break;
20816 - old = atomic64_cmpxchg((v), c, c + (a));
20817 +
20818 + asm volatile("addq %2,%0\n\t"
20819 + PAX_REFCOUNT_OVERFLOW(8)
20820 + : "=r" (new)
20821 + : "0" (c), "ir" (a),
20822 + [counter] "m" (v->counter)
20823 + : "cc", "cx");
20824 +
20825 + old = atomic64_cmpxchg(v, c, new);
20826 if (likely(old == c))
20827 break;
20828 c = old;
20829 }
20830 - return c != (u);
20831 + return c != u;
20832 }
20833
20834 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
20835 diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h
20836 index 68557f52..d9828ec 100644
20837 --- a/arch/x86/include/asm/bitops.h
20838 +++ b/arch/x86/include/asm/bitops.h
20839 @@ -50,7 +50,7 @@
20840 * a mask operation on a byte.
20841 */
20842 #define IS_IMMEDIATE(nr) (__builtin_constant_p(nr))
20843 -#define CONST_MASK_ADDR(nr, addr) BITOP_ADDR((void *)(addr) + ((nr)>>3))
20844 +#define CONST_MASK_ADDR(nr, addr) BITOP_ADDR((volatile void *)(addr) + ((nr)>>3))
20845 #define CONST_MASK(nr) (1 << ((nr) & 7))
20846
20847 /**
20848 @@ -203,7 +203,7 @@ static __always_inline void change_bit(long nr, volatile unsigned long *addr)
20849 */
20850 static __always_inline bool test_and_set_bit(long nr, volatile unsigned long *addr)
20851 {
20852 - GEN_BINARY_RMWcc(LOCK_PREFIX "bts", *addr, "Ir", nr, "%0", c);
20853 + GEN_BINARY_RMWcc_unchecked(LOCK_PREFIX "bts", *addr, "Ir", nr, "%0", c);
20854 }
20855
20856 /**
20857 @@ -249,7 +249,7 @@ static __always_inline bool __test_and_set_bit(long nr, volatile unsigned long *
20858 */
20859 static __always_inline bool test_and_clear_bit(long nr, volatile unsigned long *addr)
20860 {
20861 - GEN_BINARY_RMWcc(LOCK_PREFIX "btr", *addr, "Ir", nr, "%0", c);
20862 + GEN_BINARY_RMWcc_unchecked(LOCK_PREFIX "btr", *addr, "Ir", nr, "%0", c);
20863 }
20864
20865 /**
20866 @@ -302,7 +302,7 @@ static __always_inline bool __test_and_change_bit(long nr, volatile unsigned lon
20867 */
20868 static __always_inline bool test_and_change_bit(long nr, volatile unsigned long *addr)
20869 {
20870 - GEN_BINARY_RMWcc(LOCK_PREFIX "btc", *addr, "Ir", nr, "%0", c);
20871 + GEN_BINARY_RMWcc_unchecked(LOCK_PREFIX "btc", *addr, "Ir", nr, "%0", c);
20872 }
20873
20874 static __always_inline bool constant_test_bit(long nr, const volatile unsigned long *addr)
20875 @@ -343,7 +343,7 @@ static bool test_bit(int nr, const volatile unsigned long *addr);
20876 *
20877 * Undefined if no bit exists, so code should check against 0 first.
20878 */
20879 -static __always_inline unsigned long __ffs(unsigned long word)
20880 +static __always_inline unsigned long __intentional_overflow(-1) __ffs(unsigned long word)
20881 {
20882 asm("rep; bsf %1,%0"
20883 : "=r" (word)
20884 @@ -357,7 +357,7 @@ static __always_inline unsigned long __ffs(unsigned long word)
20885 *
20886 * Undefined if no zero exists, so code should check against ~0UL first.
20887 */
20888 -static __always_inline unsigned long ffz(unsigned long word)
20889 +static __always_inline unsigned long __intentional_overflow(-1) ffz(unsigned long word)
20890 {
20891 asm("rep; bsf %1,%0"
20892 : "=r" (word)
20893 @@ -371,7 +371,7 @@ static __always_inline unsigned long ffz(unsigned long word)
20894 *
20895 * Undefined if no set bit exists, so code should check against 0 first.
20896 */
20897 -static __always_inline unsigned long __fls(unsigned long word)
20898 +static __always_inline unsigned long __intentional_overflow(-1) __fls(unsigned long word)
20899 {
20900 asm("bsr %1,%0"
20901 : "=r" (word)
20902 @@ -434,7 +434,7 @@ static __always_inline int ffs(int x)
20903 * set bit if value is nonzero. The last (most significant) bit is
20904 * at position 32.
20905 */
20906 -static __always_inline int fls(int x)
20907 +static __always_inline int __intentional_overflow(-1) fls(int x)
20908 {
20909 int r;
20910
20911 @@ -476,7 +476,7 @@ static __always_inline int fls(int x)
20912 * at position 64.
20913 */
20914 #ifdef CONFIG_X86_64
20915 -static __always_inline int fls64(__u64 x)
20916 +static __always_inline __intentional_overflow(-1) int fls64(__u64 x)
20917 {
20918 int bitpos = -1;
20919 /*
20920 diff --git a/arch/x86/include/asm/boot.h b/arch/x86/include/asm/boot.h
20921 index abd06b1..17fc65f 100644
20922 --- a/arch/x86/include/asm/boot.h
20923 +++ b/arch/x86/include/asm/boot.h
20924 @@ -6,7 +6,7 @@
20925 #include <uapi/asm/boot.h>
20926
20927 /* Physical address where kernel should be loaded. */
20928 -#define LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \
20929 +#define ____LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \
20930 + (CONFIG_PHYSICAL_ALIGN - 1)) \
20931 & ~(CONFIG_PHYSICAL_ALIGN - 1))
20932
20933 diff --git a/arch/x86/include/asm/cache.h b/arch/x86/include/asm/cache.h
20934 index 48f99f1..26ab08a 100644
20935 --- a/arch/x86/include/asm/cache.h
20936 +++ b/arch/x86/include/asm/cache.h
20937 @@ -5,12 +5,12 @@
20938
20939 /* L1 cache line size */
20940 #define L1_CACHE_SHIFT (CONFIG_X86_L1_CACHE_SHIFT)
20941 -#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
20942 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
20943
20944 #define __read_mostly __attribute__((__section__(".data..read_mostly")))
20945
20946 #define INTERNODE_CACHE_SHIFT CONFIG_X86_INTERNODE_CACHE_SHIFT
20947 -#define INTERNODE_CACHE_BYTES (1 << INTERNODE_CACHE_SHIFT)
20948 +#define INTERNODE_CACHE_BYTES (_AC(1,UL) << INTERNODE_CACHE_SHIFT)
20949
20950 #ifdef CONFIG_X86_VSMP
20951 #ifdef CONFIG_SMP
20952 diff --git a/arch/x86/include/asm/checksum_32.h b/arch/x86/include/asm/checksum_32.h
20953 index 7b53743..5f207d2 100644
20954 --- a/arch/x86/include/asm/checksum_32.h
20955 +++ b/arch/x86/include/asm/checksum_32.h
20956 @@ -30,6 +30,14 @@ asmlinkage __wsum csum_partial_copy_generic(const void *src, void *dst,
20957 int len, __wsum sum,
20958 int *src_err_ptr, int *dst_err_ptr);
20959
20960 +asmlinkage __wsum csum_partial_copy_generic_to_user(const void *src, void *dst,
20961 + int len, __wsum sum,
20962 + int *src_err_ptr, int *dst_err_ptr);
20963 +
20964 +asmlinkage __wsum csum_partial_copy_generic_from_user(const void *src, void *dst,
20965 + int len, __wsum sum,
20966 + int *src_err_ptr, int *dst_err_ptr);
20967 +
20968 /*
20969 * Note: when you get a NULL pointer exception here this means someone
20970 * passed in an incorrect kernel address to one of these functions.
20971 @@ -52,7 +60,7 @@ static inline __wsum csum_partial_copy_from_user(const void __user *src,
20972
20973 might_sleep();
20974 stac();
20975 - ret = csum_partial_copy_generic((__force void *)src, dst,
20976 + ret = csum_partial_copy_generic_from_user((__force void *)src, dst,
20977 len, sum, err_ptr, NULL);
20978 clac();
20979
20980 @@ -183,7 +191,7 @@ static inline __wsum csum_and_copy_to_user(const void *src,
20981 might_sleep();
20982 if (access_ok(VERIFY_WRITE, dst, len)) {
20983 stac();
20984 - ret = csum_partial_copy_generic(src, (__force void *)dst,
20985 + ret = csum_partial_copy_generic_to_user(src, (__force void *)dst,
20986 len, sum, NULL, err_ptr);
20987 clac();
20988 return ret;
20989 diff --git a/arch/x86/include/asm/cmpxchg.h b/arch/x86/include/asm/cmpxchg.h
20990 index 9733361..49bda42 100644
20991 --- a/arch/x86/include/asm/cmpxchg.h
20992 +++ b/arch/x86/include/asm/cmpxchg.h
20993 @@ -15,8 +15,12 @@ extern void __cmpxchg_wrong_size(void)
20994 __compiletime_error("Bad argument size for cmpxchg");
20995 extern void __xadd_wrong_size(void)
20996 __compiletime_error("Bad argument size for xadd");
20997 +extern void __xadd_check_overflow_wrong_size(void)
20998 + __compiletime_error("Bad argument size for xadd_check_overflow");
20999 extern void __add_wrong_size(void)
21000 __compiletime_error("Bad argument size for add");
21001 +extern void __add_check_overflow_wrong_size(void)
21002 + __compiletime_error("Bad argument size for add_check_overflow");
21003
21004 /*
21005 * Constants for operation sizes. On 32-bit, the 64-bit size it set to
21006 @@ -68,6 +72,32 @@ extern void __add_wrong_size(void)
21007 __ret; \
21008 })
21009
21010 +#ifdef CONFIG_PAX_REFCOUNT
21011 +#define __xchg_op_check_overflow(ptr, arg, op, lock) \
21012 + ({ \
21013 + __typeof__ (*(ptr)) __ret = (arg); \
21014 + switch (sizeof(*(ptr))) { \
21015 + case __X86_CASE_L: \
21016 + asm volatile (lock #op "l %0, %1\n" \
21017 + PAX_REFCOUNT_OVERFLOW(4) \
21018 + : "+r" (__ret), [counter] "+m" (*(ptr))\
21019 + : : "memory", "cc", "cx"); \
21020 + break; \
21021 + case __X86_CASE_Q: \
21022 + asm volatile (lock #op "q %q0, %1\n" \
21023 + PAX_REFCOUNT_OVERFLOW(8) \
21024 + : "+r" (__ret), [counter] "+m" (*(ptr))\
21025 + : : "memory", "cc", "cx"); \
21026 + break; \
21027 + default: \
21028 + __ ## op ## _check_overflow_wrong_size(); \
21029 + } \
21030 + __ret; \
21031 + })
21032 +#else
21033 +#define __xchg_op_check_overflow(ptr, arg, op, lock) __xchg_op(ptr, arg, op, lock)
21034 +#endif
21035 +
21036 /*
21037 * Note: no "lock" prefix even on SMP: xchg always implies lock anyway.
21038 * Since this is generally used to protect other memory information, we
21039 @@ -166,6 +196,9 @@ extern void __add_wrong_size(void)
21040 #define xadd_sync(ptr, inc) __xadd((ptr), (inc), "lock; ")
21041 #define xadd_local(ptr, inc) __xadd((ptr), (inc), "")
21042
21043 +#define __xadd_check_overflow(ptr, inc, lock) __xchg_op_check_overflow((ptr), (inc), xadd, lock)
21044 +#define xadd_check_overflow(ptr, inc) __xadd_check_overflow((ptr), (inc), LOCK_PREFIX)
21045 +
21046 #define __add(ptr, inc, lock) \
21047 ({ \
21048 __typeof__ (*(ptr)) __ret = (inc); \
21049 diff --git a/arch/x86/include/asm/compat.h b/arch/x86/include/asm/compat.h
21050 index a188061..280d840 100644
21051 --- a/arch/x86/include/asm/compat.h
21052 +++ b/arch/x86/include/asm/compat.h
21053 @@ -42,7 +42,11 @@ typedef u32 compat_uint_t;
21054 typedef u32 compat_ulong_t;
21055 typedef u32 compat_u32;
21056 typedef u64 __attribute__((aligned(4))) compat_u64;
21057 +#ifdef CHECKER_PLUGIN_USER
21058 typedef u32 compat_uptr_t;
21059 +#else
21060 +typedef u32 __user compat_uptr_t;
21061 +#endif
21062
21063 struct compat_timespec {
21064 compat_time_t tv_sec;
21065 diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
21066 index 1d2b69f..8ca35d6 100644
21067 --- a/arch/x86/include/asm/cpufeature.h
21068 +++ b/arch/x86/include/asm/cpufeature.h
21069 @@ -156,7 +156,7 @@ static __always_inline __pure bool _static_cpu_has(u16 bit)
21070 " .byte 5f - 4f\n" /* repl len */
21071 " .byte 3b - 2b\n" /* pad len */
21072 ".previous\n"
21073 - ".section .altinstr_replacement,\"ax\"\n"
21074 + ".section .altinstr_replacement,\"a\"\n"
21075 "4: jmp %l[t_no]\n"
21076 "5:\n"
21077 ".previous\n"
21078 diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
21079 index 92a8308..4e44144 100644
21080 --- a/arch/x86/include/asm/cpufeatures.h
21081 +++ b/arch/x86/include/asm/cpufeatures.h
21082 @@ -205,7 +205,8 @@
21083
21084 #define X86_FEATURE_VMMCALL ( 8*32+15) /* Prefer vmmcall to vmcall */
21085 #define X86_FEATURE_XENPV ( 8*32+16) /* "" Xen paravirtual guest */
21086 -
21087 +#define X86_FEATURE_PCIDUDEREF ( 8*32+30) /* PaX PCID based UDEREF */
21088 +#define X86_FEATURE_STRONGUDEREF (8*32+31) /* PaX PCID based strong UDEREF */
21089
21090 /* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 9 */
21091 #define X86_FEATURE_FSGSBASE ( 9*32+ 0) /* {RD/WR}{FS/GS}BASE instructions*/
21092 @@ -213,7 +214,7 @@
21093 #define X86_FEATURE_BMI1 ( 9*32+ 3) /* 1st group bit manipulation extensions */
21094 #define X86_FEATURE_HLE ( 9*32+ 4) /* Hardware Lock Elision */
21095 #define X86_FEATURE_AVX2 ( 9*32+ 5) /* AVX2 instructions */
21096 -#define X86_FEATURE_SMEP ( 9*32+ 7) /* Supervisor Mode Execution Protection */
21097 +#define X86_FEATURE_SMEP ( 9*32+ 7) /* Supervisor Mode Execution Prevention */
21098 #define X86_FEATURE_BMI2 ( 9*32+ 8) /* 2nd group bit manipulation extensions */
21099 #define X86_FEATURE_ERMS ( 9*32+ 9) /* Enhanced REP MOVSB/STOSB */
21100 #define X86_FEATURE_INVPCID ( 9*32+10) /* Invalidate Processor Context ID */
21101 diff --git a/arch/x86/include/asm/crypto/camellia.h b/arch/x86/include/asm/crypto/camellia.h
21102 index bb93333..e3d3d57 100644
21103 --- a/arch/x86/include/asm/crypto/camellia.h
21104 +++ b/arch/x86/include/asm/crypto/camellia.h
21105 @@ -39,34 +39,35 @@ extern int xts_camellia_setkey(struct crypto_tfm *tfm, const u8 *key,
21106 /* regular block cipher functions */
21107 asmlinkage void __camellia_enc_blk(struct camellia_ctx *ctx, u8 *dst,
21108 const u8 *src, bool xor);
21109 -asmlinkage void camellia_dec_blk(struct camellia_ctx *ctx, u8 *dst,
21110 +asmlinkage void camellia_dec_blk(void *ctx, u8 *dst,
21111 const u8 *src);
21112
21113 /* 2-way parallel cipher functions */
21114 asmlinkage void __camellia_enc_blk_2way(struct camellia_ctx *ctx, u8 *dst,
21115 const u8 *src, bool xor);
21116 -asmlinkage void camellia_dec_blk_2way(struct camellia_ctx *ctx, u8 *dst,
21117 +asmlinkage void camellia_dec_blk_2way(void *ctx, u8 *dst,
21118 const u8 *src);
21119
21120 /* 16-way parallel cipher functions (avx/aes-ni) */
21121 -asmlinkage void camellia_ecb_enc_16way(struct camellia_ctx *ctx, u8 *dst,
21122 +asmlinkage void camellia_ecb_enc_16way(void *ctx, u8 *dst,
21123 const u8 *src);
21124 -asmlinkage void camellia_ecb_dec_16way(struct camellia_ctx *ctx, u8 *dst,
21125 +asmlinkage void camellia_ecb_dec_16way(void *ctx, u8 *dst,
21126 const u8 *src);
21127
21128 -asmlinkage void camellia_cbc_dec_16way(struct camellia_ctx *ctx, u8 *dst,
21129 +asmlinkage void camellia_cbc_dec_16way(void *ctx, u8 *dst,
21130 const u8 *src);
21131 -asmlinkage void camellia_ctr_16way(struct camellia_ctx *ctx, u8 *dst,
21132 - const u8 *src, le128 *iv);
21133 +asmlinkage void camellia_ctr_16way(void *ctx, u128 *dst,
21134 + const u128 *src, le128 *iv);
21135
21136 -asmlinkage void camellia_xts_enc_16way(struct camellia_ctx *ctx, u8 *dst,
21137 - const u8 *src, le128 *iv);
21138 -asmlinkage void camellia_xts_dec_16way(struct camellia_ctx *ctx, u8 *dst,
21139 - const u8 *src, le128 *iv);
21140 +asmlinkage void camellia_xts_enc_16way(void *ctx, u128 *dst,
21141 + const u128 *src, le128 *iv);
21142 +asmlinkage void camellia_xts_dec_16way(void *ctx, u128 *dst,
21143 + const u128 *src, le128 *iv);
21144
21145 -static inline void camellia_enc_blk(struct camellia_ctx *ctx, u8 *dst,
21146 +static inline void camellia_enc_blk(void *_ctx, u8 *dst,
21147 const u8 *src)
21148 {
21149 + struct camellia_ctx *ctx = _ctx;
21150 __camellia_enc_blk(ctx, dst, src, false);
21151 }
21152
21153 @@ -76,9 +77,10 @@ static inline void camellia_enc_blk_xor(struct camellia_ctx *ctx, u8 *dst,
21154 __camellia_enc_blk(ctx, dst, src, true);
21155 }
21156
21157 -static inline void camellia_enc_blk_2way(struct camellia_ctx *ctx, u8 *dst,
21158 +static inline void camellia_enc_blk_2way(void *_ctx, u8 *dst,
21159 const u8 *src)
21160 {
21161 + struct camellia_ctx *ctx = _ctx;
21162 __camellia_enc_blk_2way(ctx, dst, src, false);
21163 }
21164
21165 @@ -89,7 +91,7 @@ static inline void camellia_enc_blk_xor_2way(struct camellia_ctx *ctx, u8 *dst,
21166 }
21167
21168 /* glue helpers */
21169 -extern void camellia_decrypt_cbc_2way(void *ctx, u128 *dst, const u128 *src);
21170 +extern void camellia_decrypt_cbc_2way(void *ctx, u8 *dst, const u8 *src);
21171 extern void camellia_crypt_ctr(void *ctx, u128 *dst, const u128 *src,
21172 le128 *iv);
21173 extern void camellia_crypt_ctr_2way(void *ctx, u128 *dst, const u128 *src,
21174 diff --git a/arch/x86/include/asm/crypto/glue_helper.h b/arch/x86/include/asm/crypto/glue_helper.h
21175 index 03bb106..9e7a45c 100644
21176 --- a/arch/x86/include/asm/crypto/glue_helper.h
21177 +++ b/arch/x86/include/asm/crypto/glue_helper.h
21178 @@ -11,16 +11,16 @@
21179 #include <crypto/b128ops.h>
21180
21181 typedef void (*common_glue_func_t)(void *ctx, u8 *dst, const u8 *src);
21182 -typedef void (*common_glue_cbc_func_t)(void *ctx, u128 *dst, const u128 *src);
21183 +typedef void (*common_glue_cbc_func_t)(void *ctx, u8 *dst, const u8 *src);
21184 typedef void (*common_glue_ctr_func_t)(void *ctx, u128 *dst, const u128 *src,
21185 le128 *iv);
21186 typedef void (*common_glue_xts_func_t)(void *ctx, u128 *dst, const u128 *src,
21187 le128 *iv);
21188
21189 -#define GLUE_FUNC_CAST(fn) ((common_glue_func_t)(fn))
21190 -#define GLUE_CBC_FUNC_CAST(fn) ((common_glue_cbc_func_t)(fn))
21191 -#define GLUE_CTR_FUNC_CAST(fn) ((common_glue_ctr_func_t)(fn))
21192 -#define GLUE_XTS_FUNC_CAST(fn) ((common_glue_xts_func_t)(fn))
21193 +#define GLUE_FUNC_CAST(fn) (fn)
21194 +#define GLUE_CBC_FUNC_CAST(fn) (fn)
21195 +#define GLUE_CTR_FUNC_CAST(fn) (fn)
21196 +#define GLUE_XTS_FUNC_CAST(fn) (fn)
21197
21198 struct common_glue_func_entry {
21199 unsigned int num_blocks; /* number of blocks that @fn will process */
21200 diff --git a/arch/x86/include/asm/crypto/serpent-avx.h b/arch/x86/include/asm/crypto/serpent-avx.h
21201 index 33c2b8a..586871f 100644
21202 --- a/arch/x86/include/asm/crypto/serpent-avx.h
21203 +++ b/arch/x86/include/asm/crypto/serpent-avx.h
21204 @@ -16,20 +16,20 @@ struct serpent_xts_ctx {
21205 struct serpent_ctx crypt_ctx;
21206 };
21207
21208 -asmlinkage void serpent_ecb_enc_8way_avx(struct serpent_ctx *ctx, u8 *dst,
21209 +asmlinkage void serpent_ecb_enc_8way_avx(void *ctx, u8 *dst,
21210 const u8 *src);
21211 -asmlinkage void serpent_ecb_dec_8way_avx(struct serpent_ctx *ctx, u8 *dst,
21212 +asmlinkage void serpent_ecb_dec_8way_avx(void *ctx, u8 *dst,
21213 const u8 *src);
21214
21215 -asmlinkage void serpent_cbc_dec_8way_avx(struct serpent_ctx *ctx, u8 *dst,
21216 +asmlinkage void serpent_cbc_dec_8way_avx(void *ctx, u8 *dst,
21217 const u8 *src);
21218 -asmlinkage void serpent_ctr_8way_avx(struct serpent_ctx *ctx, u8 *dst,
21219 - const u8 *src, le128 *iv);
21220 +asmlinkage void serpent_ctr_8way_avx(void *ctx, u128 *dst,
21221 + const u128 *src, le128 *iv);
21222
21223 -asmlinkage void serpent_xts_enc_8way_avx(struct serpent_ctx *ctx, u8 *dst,
21224 - const u8 *src, le128 *iv);
21225 -asmlinkage void serpent_xts_dec_8way_avx(struct serpent_ctx *ctx, u8 *dst,
21226 - const u8 *src, le128 *iv);
21227 +asmlinkage void serpent_xts_enc_8way_avx(void *ctx, u128 *dst,
21228 + const u128 *src, le128 *iv);
21229 +asmlinkage void serpent_xts_dec_8way_avx(void *ctx, u128 *dst,
21230 + const u128 *src, le128 *iv);
21231
21232 extern void __serpent_crypt_ctr(void *ctx, u128 *dst, const u128 *src,
21233 le128 *iv);
21234 diff --git a/arch/x86/include/asm/crypto/serpent-sse2.h b/arch/x86/include/asm/crypto/serpent-sse2.h
21235 index e6e77df..fe42081 100644
21236 --- a/arch/x86/include/asm/crypto/serpent-sse2.h
21237 +++ b/arch/x86/include/asm/crypto/serpent-sse2.h
21238 @@ -13,7 +13,7 @@ asmlinkage void __serpent_enc_blk_4way(struct serpent_ctx *ctx, u8 *dst,
21239 asmlinkage void serpent_dec_blk_4way(struct serpent_ctx *ctx, u8 *dst,
21240 const u8 *src);
21241
21242 -static inline void serpent_enc_blk_xway(struct serpent_ctx *ctx, u8 *dst,
21243 +static inline void serpent_enc_blk_xway(void *ctx, u8 *dst,
21244 const u8 *src)
21245 {
21246 __serpent_enc_blk_4way(ctx, dst, src, false);
21247 @@ -25,7 +25,7 @@ static inline void serpent_enc_blk_xway_xor(struct serpent_ctx *ctx, u8 *dst,
21248 __serpent_enc_blk_4way(ctx, dst, src, true);
21249 }
21250
21251 -static inline void serpent_dec_blk_xway(struct serpent_ctx *ctx, u8 *dst,
21252 +static inline void serpent_dec_blk_xway(void *ctx, u8 *dst,
21253 const u8 *src)
21254 {
21255 serpent_dec_blk_4way(ctx, dst, src);
21256 @@ -40,7 +40,7 @@ asmlinkage void __serpent_enc_blk_8way(struct serpent_ctx *ctx, u8 *dst,
21257 asmlinkage void serpent_dec_blk_8way(struct serpent_ctx *ctx, u8 *dst,
21258 const u8 *src);
21259
21260 -static inline void serpent_enc_blk_xway(struct serpent_ctx *ctx, u8 *dst,
21261 +static inline void serpent_enc_blk_xway(void *ctx, u8 *dst,
21262 const u8 *src)
21263 {
21264 __serpent_enc_blk_8way(ctx, dst, src, false);
21265 @@ -52,7 +52,7 @@ static inline void serpent_enc_blk_xway_xor(struct serpent_ctx *ctx, u8 *dst,
21266 __serpent_enc_blk_8way(ctx, dst, src, true);
21267 }
21268
21269 -static inline void serpent_dec_blk_xway(struct serpent_ctx *ctx, u8 *dst,
21270 +static inline void serpent_dec_blk_xway(void *ctx, u8 *dst,
21271 const u8 *src)
21272 {
21273 serpent_dec_blk_8way(ctx, dst, src);
21274 diff --git a/arch/x86/include/asm/crypto/twofish.h b/arch/x86/include/asm/crypto/twofish.h
21275 index 878c51c..86fc65f 100644
21276 --- a/arch/x86/include/asm/crypto/twofish.h
21277 +++ b/arch/x86/include/asm/crypto/twofish.h
21278 @@ -17,19 +17,19 @@ struct twofish_xts_ctx {
21279 };
21280
21281 /* regular block cipher functions from twofish_x86_64 module */
21282 -asmlinkage void twofish_enc_blk(struct twofish_ctx *ctx, u8 *dst,
21283 +asmlinkage void twofish_enc_blk(void *ctx, u8 *dst,
21284 const u8 *src);
21285 -asmlinkage void twofish_dec_blk(struct twofish_ctx *ctx, u8 *dst,
21286 +asmlinkage void twofish_dec_blk(void *ctx, u8 *dst,
21287 const u8 *src);
21288
21289 /* 3-way parallel cipher functions */
21290 -asmlinkage void __twofish_enc_blk_3way(struct twofish_ctx *ctx, u8 *dst,
21291 +asmlinkage void __twofish_enc_blk_3way(void *ctx, u8 *dst,
21292 const u8 *src, bool xor);
21293 -asmlinkage void twofish_dec_blk_3way(struct twofish_ctx *ctx, u8 *dst,
21294 +asmlinkage void twofish_dec_blk_3way(void *ctx, u8 *dst,
21295 const u8 *src);
21296
21297 /* helpers from twofish_x86_64-3way module */
21298 -extern void twofish_dec_blk_cbc_3way(void *ctx, u128 *dst, const u128 *src);
21299 +extern void twofish_dec_blk_cbc_3way(void *ctx, u8 *dst, const u8 *src);
21300 extern void twofish_enc_blk_ctr(void *ctx, u128 *dst, const u128 *src,
21301 le128 *iv);
21302 extern void twofish_enc_blk_ctr_3way(void *ctx, u128 *dst, const u128 *src,
21303 diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h
21304 index 4e10d73..7319a47 100644
21305 --- a/arch/x86/include/asm/desc.h
21306 +++ b/arch/x86/include/asm/desc.h
21307 @@ -4,6 +4,7 @@
21308 #include <asm/desc_defs.h>
21309 #include <asm/ldt.h>
21310 #include <asm/mmu.h>
21311 +#include <asm/pgtable.h>
21312
21313 #include <linux/smp.h>
21314 #include <linux/percpu.h>
21315 @@ -17,6 +18,7 @@ static inline void fill_ldt(struct desc_struct *desc, const struct user_desc *in
21316
21317 desc->type = (info->read_exec_only ^ 1) << 1;
21318 desc->type |= info->contents << 2;
21319 + desc->type |= info->seg_not_present ^ 1;
21320
21321 desc->s = 1;
21322 desc->dpl = 0x3;
21323 @@ -35,19 +37,14 @@ static inline void fill_ldt(struct desc_struct *desc, const struct user_desc *in
21324 }
21325
21326 extern struct desc_ptr idt_descr;
21327 -extern gate_desc idt_table[];
21328 -extern struct desc_ptr debug_idt_descr;
21329 -extern gate_desc debug_idt_table[];
21330 -
21331 -struct gdt_page {
21332 - struct desc_struct gdt[GDT_ENTRIES];
21333 -} __attribute__((aligned(PAGE_SIZE)));
21334 -
21335 -DECLARE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page);
21336 +extern gate_desc idt_table[IDT_ENTRIES];
21337 +extern const struct desc_ptr debug_idt_descr;
21338 +extern gate_desc debug_idt_table[IDT_ENTRIES];
21339
21340 +extern struct desc_struct cpu_gdt_table[NR_CPUS][PAGE_SIZE / sizeof(struct desc_struct)];
21341 static inline struct desc_struct *get_cpu_gdt_table(unsigned int cpu)
21342 {
21343 - return per_cpu(gdt_page, cpu).gdt;
21344 + return cpu_gdt_table[cpu];
21345 }
21346
21347 #ifdef CONFIG_X86_64
21348 @@ -72,8 +69,14 @@ static inline void pack_gate(gate_desc *gate, unsigned char type,
21349 unsigned long base, unsigned dpl, unsigned flags,
21350 unsigned short seg)
21351 {
21352 - gate->a = (seg << 16) | (base & 0xffff);
21353 - gate->b = (base & 0xffff0000) | (((0x80 | type | (dpl << 5)) & 0xff) << 8);
21354 + gate->gate.offset_low = base;
21355 + gate->gate.seg = seg;
21356 + gate->gate.reserved = 0;
21357 + gate->gate.type = type;
21358 + gate->gate.s = 0;
21359 + gate->gate.dpl = dpl;
21360 + gate->gate.p = 1;
21361 + gate->gate.offset_high = base >> 16;
21362 }
21363
21364 #endif
21365 @@ -118,12 +121,16 @@ static inline void paravirt_free_ldt(struct desc_struct *ldt, unsigned entries)
21366
21367 static inline void native_write_idt_entry(gate_desc *idt, int entry, const gate_desc *gate)
21368 {
21369 + pax_open_kernel();
21370 memcpy(&idt[entry], gate, sizeof(*gate));
21371 + pax_close_kernel();
21372 }
21373
21374 static inline void native_write_ldt_entry(struct desc_struct *ldt, int entry, const void *desc)
21375 {
21376 + pax_open_kernel();
21377 memcpy(&ldt[entry], desc, 8);
21378 + pax_close_kernel();
21379 }
21380
21381 static inline void
21382 @@ -137,7 +144,9 @@ native_write_gdt_entry(struct desc_struct *gdt, int entry, const void *desc, int
21383 default: size = sizeof(*gdt); break;
21384 }
21385
21386 + pax_open_kernel();
21387 memcpy(&gdt[entry], desc, size);
21388 + pax_close_kernel();
21389 }
21390
21391 static inline void pack_descriptor(struct desc_struct *desc, unsigned long base,
21392 @@ -210,7 +219,9 @@ static inline void native_set_ldt(const void *addr, unsigned int entries)
21393
21394 static inline void native_load_tr_desc(void)
21395 {
21396 + pax_open_kernel();
21397 asm volatile("ltr %w0"::"q" (GDT_ENTRY_TSS*8));
21398 + pax_close_kernel();
21399 }
21400
21401 static inline void native_load_gdt(const struct desc_ptr *dtr)
21402 @@ -247,8 +258,10 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu)
21403 struct desc_struct *gdt = get_cpu_gdt_table(cpu);
21404 unsigned int i;
21405
21406 + pax_open_kernel();
21407 for (i = 0; i < GDT_ENTRY_TLS_ENTRIES; i++)
21408 gdt[GDT_ENTRY_TLS_MIN + i] = t->tls_array[i];
21409 + pax_close_kernel();
21410 }
21411
21412 /* This intentionally ignores lm, since 32-bit apps don't have that field. */
21413 @@ -280,7 +293,7 @@ static inline void clear_LDT(void)
21414 set_ldt(NULL, 0);
21415 }
21416
21417 -static inline unsigned long get_desc_base(const struct desc_struct *desc)
21418 +static inline unsigned long __intentional_overflow(-1) get_desc_base(const struct desc_struct *desc)
21419 {
21420 return (unsigned)(desc->base0 | ((desc->base1) << 16) | ((desc->base2) << 24));
21421 }
21422 @@ -304,7 +317,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit)
21423 }
21424
21425 #ifdef CONFIG_X86_64
21426 -static inline void set_nmi_gate(int gate, void *addr)
21427 +static inline void set_nmi_gate(int gate, const void *addr)
21428 {
21429 gate_desc s;
21430
21431 @@ -314,14 +327,14 @@ static inline void set_nmi_gate(int gate, void *addr)
21432 #endif
21433
21434 #ifdef CONFIG_TRACING
21435 -extern struct desc_ptr trace_idt_descr;
21436 -extern gate_desc trace_idt_table[];
21437 +extern const struct desc_ptr trace_idt_descr;
21438 +extern gate_desc trace_idt_table[IDT_ENTRIES];
21439 static inline void write_trace_idt_entry(int entry, const gate_desc *gate)
21440 {
21441 write_idt_entry(trace_idt_table, entry, gate);
21442 }
21443
21444 -static inline void _trace_set_gate(int gate, unsigned type, void *addr,
21445 +static inline void _trace_set_gate(int gate, unsigned type, const void *addr,
21446 unsigned dpl, unsigned ist, unsigned seg)
21447 {
21448 gate_desc s;
21449 @@ -341,7 +354,7 @@ static inline void write_trace_idt_entry(int entry, const gate_desc *gate)
21450 #define _trace_set_gate(gate, type, addr, dpl, ist, seg)
21451 #endif
21452
21453 -static inline void _set_gate(int gate, unsigned type, void *addr,
21454 +static inline void _set_gate(int gate, unsigned type, const void *addr,
21455 unsigned dpl, unsigned ist, unsigned seg)
21456 {
21457 gate_desc s;
21458 @@ -364,14 +377,14 @@ static inline void _set_gate(int gate, unsigned type, void *addr,
21459 #define set_intr_gate_notrace(n, addr) \
21460 do { \
21461 BUG_ON((unsigned)n > 0xFF); \
21462 - _set_gate(n, GATE_INTERRUPT, (void *)addr, 0, 0, \
21463 + _set_gate(n, GATE_INTERRUPT, (const void *)addr, 0, 0, \
21464 __KERNEL_CS); \
21465 } while (0)
21466
21467 #define set_intr_gate(n, addr) \
21468 do { \
21469 set_intr_gate_notrace(n, addr); \
21470 - _trace_set_gate(n, GATE_INTERRUPT, (void *)trace_##addr,\
21471 + _trace_set_gate(n, GATE_INTERRUPT, (const void *)trace_##addr,\
21472 0, 0, __KERNEL_CS); \
21473 } while (0)
21474
21475 @@ -399,19 +412,19 @@ static inline void alloc_system_vector(int vector)
21476 /*
21477 * This routine sets up an interrupt gate at directory privilege level 3.
21478 */
21479 -static inline void set_system_intr_gate(unsigned int n, void *addr)
21480 +static inline void set_system_intr_gate(unsigned int n, const void *addr)
21481 {
21482 BUG_ON((unsigned)n > 0xFF);
21483 _set_gate(n, GATE_INTERRUPT, addr, 0x3, 0, __KERNEL_CS);
21484 }
21485
21486 -static inline void set_system_trap_gate(unsigned int n, void *addr)
21487 +static inline void set_system_trap_gate(unsigned int n, const void *addr)
21488 {
21489 BUG_ON((unsigned)n > 0xFF);
21490 _set_gate(n, GATE_TRAP, addr, 0x3, 0, __KERNEL_CS);
21491 }
21492
21493 -static inline void set_trap_gate(unsigned int n, void *addr)
21494 +static inline void set_trap_gate(unsigned int n, const void *addr)
21495 {
21496 BUG_ON((unsigned)n > 0xFF);
21497 _set_gate(n, GATE_TRAP, addr, 0, 0, __KERNEL_CS);
21498 @@ -420,16 +433,16 @@ static inline void set_trap_gate(unsigned int n, void *addr)
21499 static inline void set_task_gate(unsigned int n, unsigned int gdt_entry)
21500 {
21501 BUG_ON((unsigned)n > 0xFF);
21502 - _set_gate(n, GATE_TASK, (void *)0, 0, 0, (gdt_entry<<3));
21503 + _set_gate(n, GATE_TASK, (const void *)0, 0, 0, (gdt_entry<<3));
21504 }
21505
21506 -static inline void set_intr_gate_ist(int n, void *addr, unsigned ist)
21507 +static inline void set_intr_gate_ist(int n, const void *addr, unsigned ist)
21508 {
21509 BUG_ON((unsigned)n > 0xFF);
21510 _set_gate(n, GATE_INTERRUPT, addr, 0, ist, __KERNEL_CS);
21511 }
21512
21513 -static inline void set_system_intr_gate_ist(int n, void *addr, unsigned ist)
21514 +static inline void set_system_intr_gate_ist(int n, const void *addr, unsigned ist)
21515 {
21516 BUG_ON((unsigned)n > 0xFF);
21517 _set_gate(n, GATE_INTERRUPT, addr, 0x3, ist, __KERNEL_CS);
21518 @@ -501,4 +514,17 @@ static inline void load_current_idt(void)
21519 else
21520 load_idt((const struct desc_ptr *)&idt_descr);
21521 }
21522 +
21523 +#ifdef CONFIG_X86_32
21524 +static inline void set_user_cs(unsigned long base, unsigned long limit, int cpu)
21525 +{
21526 + struct desc_struct d;
21527 +
21528 + if (likely(limit))
21529 + limit = (limit - 1UL) >> PAGE_SHIFT;
21530 + pack_descriptor(&d, base, limit, 0xFB, 0xC);
21531 + write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_DEFAULT_USER_CS, &d, DESCTYPE_S);
21532 +}
21533 +#endif
21534 +
21535 #endif /* _ASM_X86_DESC_H */
21536 diff --git a/arch/x86/include/asm/desc_defs.h b/arch/x86/include/asm/desc_defs.h
21537 index eb5deb4..ec19436 100644
21538 --- a/arch/x86/include/asm/desc_defs.h
21539 +++ b/arch/x86/include/asm/desc_defs.h
21540 @@ -31,6 +31,12 @@ struct desc_struct {
21541 unsigned base1: 8, type: 4, s: 1, dpl: 2, p: 1;
21542 unsigned limit: 4, avl: 1, l: 1, d: 1, g: 1, base2: 8;
21543 };
21544 + struct {
21545 + u16 offset_low;
21546 + u16 seg;
21547 + unsigned reserved: 8, type: 4, s: 1, dpl: 2, p: 1;
21548 + unsigned offset_high: 16;
21549 + } gate;
21550 };
21551 } __attribute__((packed));
21552
21553 diff --git a/arch/x86/include/asm/div64.h b/arch/x86/include/asm/div64.h
21554 index ced283a..ffe04cc 100644
21555 --- a/arch/x86/include/asm/div64.h
21556 +++ b/arch/x86/include/asm/div64.h
21557 @@ -39,7 +39,7 @@
21558 __mod; \
21559 })
21560
21561 -static inline u64 div_u64_rem(u64 dividend, u32 divisor, u32 *remainder)
21562 +static inline u64 __intentional_overflow(-1) div_u64_rem(u64 dividend, u32 divisor, u32 *remainder)
21563 {
21564 union {
21565 u64 v64;
21566 diff --git a/arch/x86/include/asm/dma.h b/arch/x86/include/asm/dma.h
21567 index fe884e1..46149ae 100644
21568 --- a/arch/x86/include/asm/dma.h
21569 +++ b/arch/x86/include/asm/dma.h
21570 @@ -149,6 +149,7 @@
21571 #ifdef CONFIG_ISA_DMA_API
21572 extern spinlock_t dma_spin_lock;
21573
21574 +static inline unsigned long claim_dma_lock(void) __acquires(&dma_spin_lock);
21575 static inline unsigned long claim_dma_lock(void)
21576 {
21577 unsigned long flags;
21578 @@ -156,6 +157,7 @@ static inline unsigned long claim_dma_lock(void)
21579 return flags;
21580 }
21581
21582 +static inline void release_dma_lock(unsigned long flags) __releases(&dma_spin_lock);
21583 static inline void release_dma_lock(unsigned long flags)
21584 {
21585 spin_unlock_irqrestore(&dma_spin_lock, flags);
21586 diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h
21587 index d0bb76d..bb192fc 100644
21588 --- a/arch/x86/include/asm/efi.h
21589 +++ b/arch/x86/include/asm/efi.h
21590 @@ -151,6 +151,11 @@ static inline bool efi_is_native(void)
21591
21592 static inline bool efi_runtime_supported(void)
21593 {
21594 +
21595 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
21596 + return false;
21597 +#endif
21598 +
21599 if (efi_is_native())
21600 return true;
21601
21602 diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
21603 index e7f155c..8611814 100644
21604 --- a/arch/x86/include/asm/elf.h
21605 +++ b/arch/x86/include/asm/elf.h
21606 @@ -75,9 +75,6 @@ typedef struct user_fxsr_struct elf_fpxregset_t;
21607
21608 #include <asm/vdso.h>
21609
21610 -#ifdef CONFIG_X86_64
21611 -extern unsigned int vdso64_enabled;
21612 -#endif
21613 #if defined(CONFIG_X86_32) || defined(CONFIG_IA32_EMULATION)
21614 extern unsigned int vdso32_enabled;
21615 #endif
21616 @@ -250,7 +247,25 @@ extern int force_personality32;
21617 the loader. We need to make sure that it is out of the way of the program
21618 that it will "exec", and that there is sufficient room for the brk. */
21619
21620 +#ifdef CONFIG_PAX_SEGMEXEC
21621 +#define ELF_ET_DYN_BASE ((current->mm->pax_flags & MF_PAX_SEGMEXEC) ? SEGMEXEC_TASK_SIZE/3*2 : TASK_SIZE/3*2)
21622 +#else
21623 #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
21624 +#endif
21625 +
21626 +#ifdef CONFIG_PAX_ASLR
21627 +#ifdef CONFIG_X86_32
21628 +#define PAX_ELF_ET_DYN_BASE 0x10000000UL
21629 +
21630 +#define PAX_DELTA_MMAP_LEN (current->mm->pax_flags & MF_PAX_SEGMEXEC ? 15 : 16)
21631 +#define PAX_DELTA_STACK_LEN (current->mm->pax_flags & MF_PAX_SEGMEXEC ? 15 : 16)
21632 +#else
21633 +#define PAX_ELF_ET_DYN_BASE 0x400000UL
21634 +
21635 +#define PAX_DELTA_MMAP_LEN ((test_thread_flag(TIF_ADDR32)) ? 16 : TASK_SIZE_MAX_SHIFT - PAGE_SHIFT - 3)
21636 +#define PAX_DELTA_STACK_LEN ((test_thread_flag(TIF_ADDR32)) ? 16 : TASK_SIZE_MAX_SHIFT - PAGE_SHIFT - 3)
21637 +#endif
21638 +#endif
21639
21640 /* This yields a mask that user programs can use to figure out what
21641 instruction set this CPU supports. This could be done in user space,
21642 @@ -299,17 +314,13 @@ do { \
21643
21644 #define ARCH_DLINFO \
21645 do { \
21646 - if (vdso64_enabled) \
21647 - NEW_AUX_ENT(AT_SYSINFO_EHDR, \
21648 - (unsigned long __force)current->mm->context.vdso); \
21649 + NEW_AUX_ENT(AT_SYSINFO_EHDR, current->mm->context.vdso); \
21650 } while (0)
21651
21652 /* As a historical oddity, the x32 and x86_64 vDSOs are controlled together. */
21653 #define ARCH_DLINFO_X32 \
21654 do { \
21655 - if (vdso64_enabled) \
21656 - NEW_AUX_ENT(AT_SYSINFO_EHDR, \
21657 - (unsigned long __force)current->mm->context.vdso); \
21658 + NEW_AUX_ENT(AT_SYSINFO_EHDR, current->mm->context.vdso); \
21659 } while (0)
21660
21661 #define AT_SYSINFO 32
21662 @@ -324,10 +335,10 @@ else \
21663
21664 #endif /* !CONFIG_X86_32 */
21665
21666 -#define VDSO_CURRENT_BASE ((unsigned long)current->mm->context.vdso)
21667 +#define VDSO_CURRENT_BASE (current->mm->context.vdso)
21668
21669 #define VDSO_ENTRY \
21670 - ((unsigned long)current->mm->context.vdso + \
21671 + (current->mm->context.vdso + \
21672 vdso_image_32.sym___kernel_vsyscall)
21673
21674 struct linux_binprm;
21675 diff --git a/arch/x86/include/asm/emergency-restart.h b/arch/x86/include/asm/emergency-restart.h
21676 index 77a99ac..39ff7f5 100644
21677 --- a/arch/x86/include/asm/emergency-restart.h
21678 +++ b/arch/x86/include/asm/emergency-restart.h
21679 @@ -1,6 +1,6 @@
21680 #ifndef _ASM_X86_EMERGENCY_RESTART_H
21681 #define _ASM_X86_EMERGENCY_RESTART_H
21682
21683 -extern void machine_emergency_restart(void);
21684 +extern void machine_emergency_restart(void) __noreturn;
21685
21686 #endif /* _ASM_X86_EMERGENCY_RESTART_H */
21687 diff --git a/arch/x86/include/asm/fixmap.h b/arch/x86/include/asm/fixmap.h
21688 index 8554f96..6c58add9 100644
21689 --- a/arch/x86/include/asm/fixmap.h
21690 +++ b/arch/x86/include/asm/fixmap.h
21691 @@ -142,7 +142,7 @@ extern pte_t *kmap_pte;
21692 extern pte_t *pkmap_page_table;
21693
21694 void __native_set_fixmap(enum fixed_addresses idx, pte_t pte);
21695 -void native_set_fixmap(enum fixed_addresses idx,
21696 +void native_set_fixmap(unsigned int idx,
21697 phys_addr_t phys, pgprot_t flags);
21698
21699 #ifndef CONFIG_PARAVIRT
21700 diff --git a/arch/x86/include/asm/floppy.h b/arch/x86/include/asm/floppy.h
21701 index 1c7eefe..d0e4702 100644
21702 --- a/arch/x86/include/asm/floppy.h
21703 +++ b/arch/x86/include/asm/floppy.h
21704 @@ -229,18 +229,18 @@ static struct fd_routine_l {
21705 int (*_dma_setup)(char *addr, unsigned long size, int mode, int io);
21706 } fd_routine[] = {
21707 {
21708 - request_dma,
21709 - free_dma,
21710 - get_dma_residue,
21711 - dma_mem_alloc,
21712 - hard_dma_setup
21713 + ._request_dma = request_dma,
21714 + ._free_dma = free_dma,
21715 + ._get_dma_residue = get_dma_residue,
21716 + ._dma_mem_alloc = dma_mem_alloc,
21717 + ._dma_setup = hard_dma_setup
21718 },
21719 {
21720 - vdma_request_dma,
21721 - vdma_nop,
21722 - vdma_get_dma_residue,
21723 - vdma_mem_alloc,
21724 - vdma_dma_setup
21725 + ._request_dma = vdma_request_dma,
21726 + ._free_dma = vdma_nop,
21727 + ._get_dma_residue = vdma_get_dma_residue,
21728 + ._dma_mem_alloc = vdma_mem_alloc,
21729 + ._dma_setup = vdma_dma_setup
21730 }
21731 };
21732
21733 diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h
21734 index 2737366..e152d4b 100644
21735 --- a/arch/x86/include/asm/fpu/internal.h
21736 +++ b/arch/x86/include/asm/fpu/internal.h
21737 @@ -102,9 +102,11 @@ extern void fpstate_sanitize_xstate(struct fpu *fpu);
21738 #define user_insn(insn, output, input...) \
21739 ({ \
21740 int err; \
21741 - asm volatile(ASM_STAC "\n" \
21742 - "1:" #insn "\n\t" \
21743 - "2: " ASM_CLAC "\n" \
21744 + user_access_begin(); \
21745 + asm volatile("1:" \
21746 + __copyuser_seg \
21747 + #insn "\n\t" \
21748 + "2:\n" \
21749 ".section .fixup,\"ax\"\n" \
21750 "3: movl $-1,%[err]\n" \
21751 " jmp 2b\n" \
21752 @@ -112,6 +114,7 @@ extern void fpstate_sanitize_xstate(struct fpu *fpu);
21753 _ASM_EXTABLE(1b, 3b) \
21754 : [err] "=r" (err), output \
21755 : "0"(0), input); \
21756 + user_access_end(); \
21757 err; \
21758 })
21759
21760 @@ -191,9 +194,9 @@ static inline int copy_user_to_fregs(struct fregs_state __user *fx)
21761 static inline void copy_fxregs_to_kernel(struct fpu *fpu)
21762 {
21763 if (IS_ENABLED(CONFIG_X86_32))
21764 - asm volatile( "fxsave %[fx]" : [fx] "=m" (fpu->state.fxsave));
21765 + asm volatile( "fxsave %[fx]" : [fx] "=m" (fpu->state->fxsave));
21766 else if (IS_ENABLED(CONFIG_AS_FXSAVEQ))
21767 - asm volatile("fxsaveq %[fx]" : [fx] "=m" (fpu->state.fxsave));
21768 + asm volatile("fxsaveq %[fx]" : [fx] "=m" (fpu->state->fxsave));
21769 else {
21770 /* Using "rex64; fxsave %0" is broken because, if the memory
21771 * operand uses any extended registers for addressing, a second
21772 @@ -210,15 +213,15 @@ static inline void copy_fxregs_to_kernel(struct fpu *fpu)
21773 * an extended register is needed for addressing (fix submitted
21774 * to mainline 2005-11-21).
21775 *
21776 - * asm volatile("rex64/fxsave %0" : "=m" (fpu->state.fxsave));
21777 + * asm volatile("rex64/fxsave %0" : "=m" (fpu->state->fxsave));
21778 *
21779 * This, however, we can work around by forcing the compiler to
21780 * select an addressing mode that doesn't require extended
21781 * registers.
21782 */
21783 asm volatile( "rex64/fxsave (%[fx])"
21784 - : "=m" (fpu->state.fxsave)
21785 - : [fx] "R" (&fpu->state.fxsave));
21786 + : "=m" (fpu->state->fxsave)
21787 + : [fx] "R" (&fpu->state->fxsave));
21788 }
21789 }
21790
21791 @@ -390,9 +393,9 @@ static inline int copy_xregs_to_user(struct xregs_state __user *buf)
21792 if (unlikely(err))
21793 return -EFAULT;
21794
21795 - stac();
21796 - XSTATE_OP(XSAVE, buf, -1, -1, err);
21797 - clac();
21798 + user_access_begin();
21799 + XSTATE_OP(__copyuser_seg XSAVE, buf, -1, -1, err);
21800 + user_access_end();
21801
21802 return err;
21803 }
21804 @@ -402,14 +405,14 @@ static inline int copy_xregs_to_user(struct xregs_state __user *buf)
21805 */
21806 static inline int copy_user_to_xregs(struct xregs_state __user *buf, u64 mask)
21807 {
21808 - struct xregs_state *xstate = ((__force struct xregs_state *)buf);
21809 + struct xregs_state *xstate = ((__force_kernel struct xregs_state *)buf);
21810 u32 lmask = mask;
21811 u32 hmask = mask >> 32;
21812 int err;
21813
21814 - stac();
21815 - XSTATE_OP(XRSTOR, xstate, lmask, hmask, err);
21816 - clac();
21817 + user_access_begin();
21818 + XSTATE_OP(__copyuser_seg XRSTOR, xstate, lmask, hmask, err);
21819 + user_access_end();
21820
21821 return err;
21822 }
21823 @@ -427,7 +430,7 @@ static inline int copy_user_to_xregs(struct xregs_state __user *buf, u64 mask)
21824 static inline int copy_fpregs_to_fpstate(struct fpu *fpu)
21825 {
21826 if (likely(use_xsave())) {
21827 - copy_xregs_to_kernel(&fpu->state.xsave);
21828 + copy_xregs_to_kernel(&fpu->state->xsave);
21829 return 1;
21830 }
21831
21832 @@ -440,7 +443,7 @@ static inline int copy_fpregs_to_fpstate(struct fpu *fpu)
21833 * Legacy FPU register saving, FNSAVE always clears FPU registers,
21834 * so we have to mark them inactive:
21835 */
21836 - asm volatile("fnsave %[fp]; fwait" : [fp] "=m" (fpu->state.fsave));
21837 + asm volatile("fnsave %[fp]; fwait" : [fp] "=m" (fpu->state->fsave));
21838
21839 return 0;
21840 }
21841 @@ -469,7 +472,7 @@ static inline void copy_kernel_to_fpregs(union fpregs_state *fpstate)
21842 "fnclex\n\t"
21843 "emms\n\t"
21844 "fildl %P[addr]" /* set F?P to defined value */
21845 - : : [addr] "m" (fpstate));
21846 + : : [addr] "m" (cpu_tss[raw_smp_processor_id()].x86_tss.sp0));
21847 }
21848
21849 __copy_kernel_to_fpregs(fpstate);
21850 @@ -614,7 +617,7 @@ switch_fpu_prepare(struct fpu *old_fpu, struct fpu *new_fpu, int cpu)
21851 new_fpu->counter++;
21852 __fpregs_activate(new_fpu);
21853 trace_x86_fpu_regs_activated(new_fpu);
21854 - prefetch(&new_fpu->state);
21855 + prefetch(new_fpu->state);
21856 } else {
21857 __fpregs_deactivate_hw();
21858 }
21859 @@ -626,7 +629,7 @@ switch_fpu_prepare(struct fpu *old_fpu, struct fpu *new_fpu, int cpu)
21860 if (fpu_want_lazy_restore(new_fpu, cpu))
21861 fpu.preload = 0;
21862 else
21863 - prefetch(&new_fpu->state);
21864 + prefetch(new_fpu->state);
21865 fpregs_activate(new_fpu);
21866 }
21867 }
21868 @@ -646,7 +649,7 @@ switch_fpu_prepare(struct fpu *old_fpu, struct fpu *new_fpu, int cpu)
21869 static inline void switch_fpu_finish(struct fpu *new_fpu, fpu_switch_t fpu_switch)
21870 {
21871 if (fpu_switch.preload)
21872 - copy_kernel_to_fpregs(&new_fpu->state);
21873 + copy_kernel_to_fpregs(new_fpu->state);
21874 }
21875
21876 /*
21877 diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h
21878 index 48df486..e32babd 100644
21879 --- a/arch/x86/include/asm/fpu/types.h
21880 +++ b/arch/x86/include/asm/fpu/types.h
21881 @@ -276,6 +276,39 @@ union fpregs_state {
21882 */
21883 struct fpu {
21884 /*
21885 + * @state:
21886 + *
21887 + * In-memory copy of all FPU registers that we save/restore
21888 + * over context switches. If the task is using the FPU then
21889 + * the registers in the FPU are more recent than this state
21890 + * copy. If the task context-switches away then they get
21891 + * saved here and represent the FPU state.
21892 + *
21893 + * After context switches there may be a (short) time period
21894 + * during which the in-FPU hardware registers are unchanged
21895 + * and still perfectly match this state, if the tasks
21896 + * scheduled afterwards are not using the FPU.
21897 + *
21898 + * This is the 'lazy restore' window of optimization, which
21899 + * we track though 'fpu_fpregs_owner_ctx' and 'fpu->last_cpu'.
21900 + *
21901 + * We detect whether a subsequent task uses the FPU via setting
21902 + * CR0::TS to 1, which causes any FPU use to raise a #NM fault.
21903 + *
21904 + * During this window, if the task gets scheduled again, we
21905 + * might be able to skip having to do a restore from this
21906 + * memory buffer to the hardware registers - at the cost of
21907 + * incurring the overhead of #NM fault traps.
21908 + *
21909 + * Note that on modern CPUs that support the XSAVEOPT (or other
21910 + * optimized XSAVE instructions), we don't use #NM traps anymore,
21911 + * as the hardware can track whether FPU registers need saving
21912 + * or not. On such CPUs we activate the non-lazy ('eagerfpu')
21913 + * logic, which unconditionally saves/restores all FPU state
21914 + * across context switches. (if FPU state exists.)
21915 + */
21916 + union fpregs_state *state;
21917 + /*
21918 * @last_cpu:
21919 *
21920 * Records the last CPU on which this context was loaded into
21921 @@ -332,43 +365,6 @@ struct fpu {
21922 * deal with bursty apps that only use the FPU for a short time:
21923 */
21924 unsigned char counter;
21925 - /*
21926 - * @state:
21927 - *
21928 - * In-memory copy of all FPU registers that we save/restore
21929 - * over context switches. If the task is using the FPU then
21930 - * the registers in the FPU are more recent than this state
21931 - * copy. If the task context-switches away then they get
21932 - * saved here and represent the FPU state.
21933 - *
21934 - * After context switches there may be a (short) time period
21935 - * during which the in-FPU hardware registers are unchanged
21936 - * and still perfectly match this state, if the tasks
21937 - * scheduled afterwards are not using the FPU.
21938 - *
21939 - * This is the 'lazy restore' window of optimization, which
21940 - * we track though 'fpu_fpregs_owner_ctx' and 'fpu->last_cpu'.
21941 - *
21942 - * We detect whether a subsequent task uses the FPU via setting
21943 - * CR0::TS to 1, which causes any FPU use to raise a #NM fault.
21944 - *
21945 - * During this window, if the task gets scheduled again, we
21946 - * might be able to skip having to do a restore from this
21947 - * memory buffer to the hardware registers - at the cost of
21948 - * incurring the overhead of #NM fault traps.
21949 - *
21950 - * Note that on modern CPUs that support the XSAVEOPT (or other
21951 - * optimized XSAVE instructions), we don't use #NM traps anymore,
21952 - * as the hardware can track whether FPU registers need saving
21953 - * or not. On such CPUs we activate the non-lazy ('eagerfpu')
21954 - * logic, which unconditionally saves/restores all FPU state
21955 - * across context switches. (if FPU state exists.)
21956 - */
21957 - union fpregs_state state;
21958 - /*
21959 - * WARNING: 'state' is dynamically-sized. Do not put
21960 - * anything after it here.
21961 - */
21962 };
21963
21964 #endif /* _ASM_X86_FPU_H */
21965 diff --git a/arch/x86/include/asm/fpu/xstate.h b/arch/x86/include/asm/fpu/xstate.h
21966 index 19f30a8..d0561c13 100644
21967 --- a/arch/x86/include/asm/fpu/xstate.h
21968 +++ b/arch/x86/include/asm/fpu/xstate.h
21969 @@ -43,6 +43,7 @@
21970 #define REX_PREFIX
21971 #endif
21972
21973 +extern unsigned int xstate_size;
21974 extern u64 xfeatures_mask;
21975 extern u64 xstate_fx_sw_bytes[USER_XSTATE_FX_SW_WORDS];
21976
21977 diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h
21978 index b4c1f54..726053d 100644
21979 --- a/arch/x86/include/asm/futex.h
21980 +++ b/arch/x86/include/asm/futex.h
21981 @@ -12,25 +12,25 @@
21982 #include <asm/smap.h>
21983
21984 #define __futex_atomic_op1(insn, ret, oldval, uaddr, oparg) \
21985 - asm volatile("\t" ASM_STAC "\n" \
21986 - "1:\t" insn "\n" \
21987 - "2:\t" ASM_CLAC "\n" \
21988 + typecheck(u32 __user *, uaddr); \
21989 + asm volatile("1:\t" insn "\n" \
21990 + "2:\t\n" \
21991 "\t.section .fixup,\"ax\"\n" \
21992 "3:\tmov\t%3, %1\n" \
21993 "\tjmp\t2b\n" \
21994 "\t.previous\n" \
21995 _ASM_EXTABLE(1b, 3b) \
21996 - : "=r" (oldval), "=r" (ret), "+m" (*uaddr) \
21997 + : "=r" (oldval), "=r" (ret), "+m" (*(u32 __user *)____m(uaddr)) \
21998 : "i" (-EFAULT), "0" (oparg), "1" (0))
21999
22000 #define __futex_atomic_op2(insn, ret, oldval, uaddr, oparg) \
22001 - asm volatile("\t" ASM_STAC "\n" \
22002 - "1:\tmovl %2, %0\n" \
22003 + typecheck(u32 __user *, uaddr); \
22004 + asm volatile("1:\tmovl %2, %0\n" \
22005 "\tmovl\t%0, %3\n" \
22006 "\t" insn "\n" \
22007 - "2:\t" LOCK_PREFIX "cmpxchgl %3, %2\n" \
22008 + "2:\t" LOCK_PREFIX __copyuser_seg"cmpxchgl %3, %2\n" \
22009 "\tjnz\t1b\n" \
22010 - "3:\t" ASM_CLAC "\n" \
22011 + "3:\t\n" \
22012 "\t.section .fixup,\"ax\"\n" \
22013 "4:\tmov\t%5, %1\n" \
22014 "\tjmp\t3b\n" \
22015 @@ -38,7 +38,7 @@
22016 _ASM_EXTABLE(1b, 4b) \
22017 _ASM_EXTABLE(2b, 4b) \
22018 : "=&a" (oldval), "=&r" (ret), \
22019 - "+m" (*uaddr), "=&r" (tem) \
22020 + "+m" (*(u32 __user *)____m(uaddr)), "=&r" (tem) \
22021 : "r" (oparg), "i" (-EFAULT), "1" (0))
22022
22023 static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)
22024 @@ -57,12 +57,13 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)
22025
22026 pagefault_disable();
22027
22028 + user_access_begin();
22029 switch (op) {
22030 case FUTEX_OP_SET:
22031 - __futex_atomic_op1("xchgl %0, %2", ret, oldval, uaddr, oparg);
22032 + __futex_atomic_op1(__copyuser_seg"xchgl %0, %2", ret, oldval, uaddr, oparg);
22033 break;
22034 case FUTEX_OP_ADD:
22035 - __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %2", ret, oldval,
22036 + __futex_atomic_op1(LOCK_PREFIX __copyuser_seg"xaddl %0, %2", ret, oldval,
22037 uaddr, oparg);
22038 break;
22039 case FUTEX_OP_OR:
22040 @@ -77,6 +78,7 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)
22041 default:
22042 ret = -ENOSYS;
22043 }
22044 + user_access_end();
22045
22046 pagefault_enable();
22047
22048 diff --git a/arch/x86/include/asm/hw_irq.h b/arch/x86/include/asm/hw_irq.h
22049 index b90e105..30a5950 100644
22050 --- a/arch/x86/include/asm/hw_irq.h
22051 +++ b/arch/x86/include/asm/hw_irq.h
22052 @@ -164,8 +164,8 @@ static inline void unlock_vector_lock(void) {}
22053 #endif /* CONFIG_X86_LOCAL_APIC */
22054
22055 /* Statistics */
22056 -extern atomic_t irq_err_count;
22057 -extern atomic_t irq_mis_count;
22058 +extern atomic_unchecked_t irq_err_count;
22059 +extern atomic_unchecked_t irq_mis_count;
22060
22061 extern void elcr_set_level_irq(unsigned int irq);
22062
22063 diff --git a/arch/x86/include/asm/hypervisor.h b/arch/x86/include/asm/hypervisor.h
22064 index 055ea99..7dabb68 100644
22065 --- a/arch/x86/include/asm/hypervisor.h
22066 +++ b/arch/x86/include/asm/hypervisor.h
22067 @@ -43,7 +43,7 @@ struct hypervisor_x86 {
22068
22069 /* X2APIC detection (run once per boot) */
22070 bool (*x2apic_available)(void);
22071 -};
22072 +} __do_const;
22073
22074 extern const struct hypervisor_x86 *x86_hyper;
22075
22076 diff --git a/arch/x86/include/asm/i8259.h b/arch/x86/include/asm/i8259.h
22077 index 39bcefc..272d904 100644
22078 --- a/arch/x86/include/asm/i8259.h
22079 +++ b/arch/x86/include/asm/i8259.h
22080 @@ -63,7 +63,7 @@ struct legacy_pic {
22081 int (*probe)(void);
22082 int (*irq_pending)(unsigned int irq);
22083 void (*make_irq)(unsigned int irq);
22084 -};
22085 +} __do_const;
22086
22087 extern struct legacy_pic *legacy_pic;
22088 extern struct legacy_pic null_legacy_pic;
22089 diff --git a/arch/x86/include/asm/io.h b/arch/x86/include/asm/io.h
22090 index de25aad..dc04476 100644
22091 --- a/arch/x86/include/asm/io.h
22092 +++ b/arch/x86/include/asm/io.h
22093 @@ -42,6 +42,7 @@
22094 #include <asm/page.h>
22095 #include <asm/early_ioremap.h>
22096 #include <asm/pgtable_types.h>
22097 +#include <asm/processor.h>
22098
22099 #define build_mmio_read(name, size, type, reg, barrier) \
22100 static inline type name(const volatile void __iomem *addr) \
22101 @@ -54,12 +55,12 @@ static inline void name(type val, volatile void __iomem *addr) \
22102 "m" (*(volatile type __force *)addr) barrier); }
22103
22104 build_mmio_read(readb, "b", unsigned char, "=q", :"memory")
22105 -build_mmio_read(readw, "w", unsigned short, "=r", :"memory")
22106 -build_mmio_read(readl, "l", unsigned int, "=r", :"memory")
22107 +build_mmio_read(__intentional_overflow(-1) readw, "w", unsigned short, "=r", :"memory")
22108 +build_mmio_read(__intentional_overflow(-1) readl, "l", unsigned int, "=r", :"memory")
22109
22110 build_mmio_read(__readb, "b", unsigned char, "=q", )
22111 -build_mmio_read(__readw, "w", unsigned short, "=r", )
22112 -build_mmio_read(__readl, "l", unsigned int, "=r", )
22113 +build_mmio_read(__intentional_overflow(-1) __readw, "w", unsigned short, "=r", )
22114 +build_mmio_read(__intentional_overflow(-1) __readl, "l", unsigned int, "=r", )
22115
22116 build_mmio_write(writeb, "b", unsigned char, "q", :"memory")
22117 build_mmio_write(writew, "w", unsigned short, "r", :"memory")
22118 @@ -115,7 +116,7 @@ build_mmio_write(writeq, "q", unsigned long, "r", :"memory")
22119 * this function
22120 */
22121
22122 -static inline phys_addr_t virt_to_phys(volatile void *address)
22123 +static inline phys_addr_t __intentional_overflow(-1) virt_to_phys(volatile void *address)
22124 {
22125 return __pa(address);
22126 }
22127 @@ -194,7 +195,7 @@ static inline void __iomem *ioremap(resource_size_t offset, unsigned long size)
22128 return ioremap_nocache(offset, size);
22129 }
22130
22131 -extern void iounmap(volatile void __iomem *addr);
22132 +extern void iounmap(const volatile void __iomem *addr);
22133
22134 extern void set_iounmap_nonlazy(void);
22135
22136 @@ -202,6 +203,17 @@ extern void set_iounmap_nonlazy(void);
22137
22138 #include <asm-generic/iomap.h>
22139
22140 +#define ARCH_HAS_VALID_PHYS_ADDR_RANGE
22141 +static inline int valid_phys_addr_range(unsigned long addr, size_t count)
22142 +{
22143 + return ((addr + count + PAGE_SIZE - 1) >> PAGE_SHIFT) < (1ULL << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
22144 +}
22145 +
22146 +static inline int valid_mmap_phys_addr_range(unsigned long pfn, size_t count)
22147 +{
22148 + return (pfn + (count >> PAGE_SHIFT)) < (1ULL << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
22149 +}
22150 +
22151 /*
22152 * Convert a virtual cached pointer to an uncached pointer
22153 */
22154 diff --git a/arch/x86/include/asm/irq_vectors.h b/arch/x86/include/asm/irq_vectors.h
22155 index 6ca9fd6..4c0aa55 100644
22156 --- a/arch/x86/include/asm/irq_vectors.h
22157 +++ b/arch/x86/include/asm/irq_vectors.h
22158 @@ -48,6 +48,8 @@
22159
22160 #define IA32_SYSCALL_VECTOR 0x80
22161
22162 +#define X86_REFCOUNT_VECTOR 0x81 /* Refcount Overflow or Underflow Exception */
22163 +
22164 /*
22165 * Vectors 0x30-0x3f are used for ISA interrupts.
22166 * round up to the next 16-vector boundary
22167 diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h
22168 index b77f5ed..3862b91 100644
22169 --- a/arch/x86/include/asm/irqflags.h
22170 +++ b/arch/x86/include/asm/irqflags.h
22171 @@ -23,11 +23,13 @@ static inline unsigned long native_save_fl(void)
22172 : /* no input */
22173 : "memory");
22174
22175 + BUG_ON(flags & X86_EFLAGS_AC);
22176 return flags;
22177 }
22178
22179 static inline void native_restore_fl(unsigned long flags)
22180 {
22181 + BUG_ON(flags & X86_EFLAGS_AC);
22182 asm volatile("push %0 ; popf"
22183 : /* no output */
22184 :"g" (flags)
22185 @@ -137,6 +139,11 @@ static inline notrace unsigned long arch_local_irq_save(void)
22186 swapgs; \
22187 sysretl
22188
22189 +#define GET_CR0_INTO_RDI mov %cr0, %rdi
22190 +#define SET_RDI_INTO_CR0 mov %rdi, %cr0
22191 +#define GET_CR3_INTO_RDI mov %cr3, %rdi
22192 +#define SET_RDI_INTO_CR3 mov %rdi, %cr3
22193 +
22194 #else
22195 #define INTERRUPT_RETURN iret
22196 #define ENABLE_INTERRUPTS_SYSEXIT sti; sysexit
22197 diff --git a/arch/x86/include/asm/kprobes.h b/arch/x86/include/asm/kprobes.h
22198 index d1d1e50..5bacb6d 100644
22199 --- a/arch/x86/include/asm/kprobes.h
22200 +++ b/arch/x86/include/asm/kprobes.h
22201 @@ -37,7 +37,7 @@ typedef u8 kprobe_opcode_t;
22202 #define RELATIVEJUMP_SIZE 5
22203 #define RELATIVECALL_OPCODE 0xe8
22204 #define RELATIVE_ADDR_SIZE 4
22205 -#define MAX_STACK_SIZE 64
22206 +#define MAX_STACK_SIZE 64UL
22207 #define CUR_STACK_SIZE(ADDR) \
22208 (current_top_of_stack() - (unsigned long)(ADDR))
22209 #define MIN_STACK_SIZE(ADDR) \
22210 diff --git a/arch/x86/include/asm/kvm_emulate.h b/arch/x86/include/asm/kvm_emulate.h
22211 index e9cd7be..0f3574f 100644
22212 --- a/arch/x86/include/asm/kvm_emulate.h
22213 +++ b/arch/x86/include/asm/kvm_emulate.h
22214 @@ -279,6 +279,8 @@ enum x86emul_mode {
22215 #define X86EMUL_SMM_MASK (1 << 6)
22216 #define X86EMUL_SMM_INSIDE_NMI_MASK (1 << 7)
22217
22218 +struct fastop;
22219 +
22220 struct x86_emulate_ctxt {
22221 const struct x86_emulate_ops *ops;
22222
22223 @@ -311,7 +313,10 @@ struct x86_emulate_ctxt {
22224 struct operand src;
22225 struct operand src2;
22226 struct operand dst;
22227 - int (*execute)(struct x86_emulate_ctxt *ctxt);
22228 + union {
22229 + int (*execute)(struct x86_emulate_ctxt *ctxt);
22230 + void (*fastop)(struct fastop *fake);
22231 + } u;
22232 int (*check_perm)(struct x86_emulate_ctxt *ctxt);
22233 /*
22234 * The following six fields are cleared together,
22235 diff --git a/arch/x86/include/asm/local.h b/arch/x86/include/asm/local.h
22236 index 7511978..cf52573 100644
22237 --- a/arch/x86/include/asm/local.h
22238 +++ b/arch/x86/include/asm/local.h
22239 @@ -10,33 +10,73 @@ typedef struct {
22240 atomic_long_t a;
22241 } local_t;
22242
22243 +typedef struct {
22244 + atomic_long_unchecked_t a;
22245 +} local_unchecked_t;
22246 +
22247 #define LOCAL_INIT(i) { ATOMIC_LONG_INIT(i) }
22248
22249 #define local_read(l) atomic_long_read(&(l)->a)
22250 +#define local_read_unchecked(l) atomic_long_read_unchecked(&(l)->a)
22251 #define local_set(l, i) atomic_long_set(&(l)->a, (i))
22252 +#define local_set_unchecked(l, i) atomic_long_set_unchecked(&(l)->a, (i))
22253
22254 static inline void local_inc(local_t *l)
22255 {
22256 - asm volatile(_ASM_INC "%0"
22257 + asm volatile(_ASM_INC "%0\n\t"
22258 + PAX_REFCOUNT_OVERFLOW(BITS_PER_LONG/8)
22259 + : [counter] "+m" (l->a.counter)
22260 + : : "cc", "cx");
22261 +}
22262 +
22263 +static inline void local_inc_unchecked(local_unchecked_t *l)
22264 +{
22265 + asm volatile(_ASM_INC "%0\n"
22266 : "+m" (l->a.counter));
22267 }
22268
22269 static inline void local_dec(local_t *l)
22270 {
22271 - asm volatile(_ASM_DEC "%0"
22272 + asm volatile(_ASM_DEC "%0\n\t"
22273 + PAX_REFCOUNT_UNDERFLOW(BITS_PER_LONG/8)
22274 + : [counter] "+m" (l->a.counter)
22275 + : : "cc", "cx");
22276 +}
22277 +
22278 +static inline void local_dec_unchecked(local_unchecked_t *l)
22279 +{
22280 + asm volatile(_ASM_DEC "%0\n"
22281 : "+m" (l->a.counter));
22282 }
22283
22284 static inline void local_add(long i, local_t *l)
22285 {
22286 - asm volatile(_ASM_ADD "%1,%0"
22287 + asm volatile(_ASM_ADD "%1,%0\n\t"
22288 + PAX_REFCOUNT_OVERFLOW(BITS_PER_LONG/8)
22289 + : [counter] "+m" (l->a.counter)
22290 + : "ir" (i)
22291 + : "cc", "cx");
22292 +}
22293 +
22294 +static inline void local_add_unchecked(long i, local_unchecked_t *l)
22295 +{
22296 + asm volatile(_ASM_ADD "%1,%0\n"
22297 : "+m" (l->a.counter)
22298 : "ir" (i));
22299 }
22300
22301 static inline void local_sub(long i, local_t *l)
22302 {
22303 - asm volatile(_ASM_SUB "%1,%0"
22304 + asm volatile(_ASM_SUB "%1,%0\n\t"
22305 + PAX_REFCOUNT_UNDERFLOW(BITS_PER_LONG/8)
22306 + : [counter] "+m" (l->a.counter)
22307 + : "ir" (i)
22308 + : "cc", "cx");
22309 +}
22310 +
22311 +static inline void local_sub_unchecked(long i, local_unchecked_t *l)
22312 +{
22313 + asm volatile(_ASM_SUB "%1,%0\n"
22314 : "+m" (l->a.counter)
22315 : "ir" (i));
22316 }
22317 @@ -52,7 +92,7 @@ static inline void local_sub(long i, local_t *l)
22318 */
22319 static inline bool local_sub_and_test(long i, local_t *l)
22320 {
22321 - GEN_BINARY_RMWcc(_ASM_SUB, l->a.counter, "er", i, "%0", e);
22322 + GEN_BINARY_RMWcc(_ASM_SUB, l->a.counter, -BITS_PER_LONG/8, "er", i, "%0", e);
22323 }
22324
22325 /**
22326 @@ -65,7 +105,7 @@ static inline bool local_sub_and_test(long i, local_t *l)
22327 */
22328 static inline bool local_dec_and_test(local_t *l)
22329 {
22330 - GEN_UNARY_RMWcc(_ASM_DEC, l->a.counter, "%0", e);
22331 + GEN_UNARY_RMWcc(_ASM_DEC, l->a.counter, -BITS_PER_LONG/8, "%0", e);
22332 }
22333
22334 /**
22335 @@ -78,7 +118,7 @@ static inline bool local_dec_and_test(local_t *l)
22336 */
22337 static inline bool local_inc_and_test(local_t *l)
22338 {
22339 - GEN_UNARY_RMWcc(_ASM_INC, l->a.counter, "%0", e);
22340 + GEN_UNARY_RMWcc(_ASM_INC, l->a.counter, BITS_PER_LONG/8, "%0", e);
22341 }
22342
22343 /**
22344 @@ -92,7 +132,7 @@ static inline bool local_inc_and_test(local_t *l)
22345 */
22346 static inline bool local_add_negative(long i, local_t *l)
22347 {
22348 - GEN_BINARY_RMWcc(_ASM_ADD, l->a.counter, "er", i, "%0", s);
22349 + GEN_BINARY_RMWcc(_ASM_ADD, l->a.counter, BITS_PER_LONG/8, "er", i, "%0", s);
22350 }
22351
22352 /**
22353 @@ -105,6 +145,23 @@ static inline bool local_add_negative(long i, local_t *l)
22354 static inline long local_add_return(long i, local_t *l)
22355 {
22356 long __i = i;
22357 + asm volatile(_ASM_XADD "%0, %1\n\t"
22358 + PAX_REFCOUNT_OVERFLOW(BITS_PER_LONG/8)
22359 + : "+r" (i), [counter] "+m" (l->a.counter)
22360 + : : "memory", "cc", "cx");
22361 + return i + __i;
22362 +}
22363 +
22364 +/**
22365 + * local_add_return_unchecked - add and return
22366 + * @i: integer value to add
22367 + * @l: pointer to type local_unchecked_t
22368 + *
22369 + * Atomically adds @i to @l and returns @i + @l
22370 + */
22371 +static inline long local_add_return_unchecked(long i, local_unchecked_t *l)
22372 +{
22373 + long __i = i;
22374 asm volatile(_ASM_XADD "%0, %1;"
22375 : "+r" (i), "+m" (l->a.counter)
22376 : : "memory");
22377 @@ -121,6 +178,8 @@ static inline long local_sub_return(long i, local_t *l)
22378
22379 #define local_cmpxchg(l, o, n) \
22380 (cmpxchg_local(&((l)->a.counter), (o), (n)))
22381 +#define local_cmpxchg_unchecked(l, o, n) \
22382 + (cmpxchg_local(&((l)->a.counter), (o), (n)))
22383 /* Always has a lock prefix */
22384 #define local_xchg(l, n) (xchg(&((l)->a.counter), (n)))
22385
22386 diff --git a/arch/x86/include/asm/mce.h b/arch/x86/include/asm/mce.h
22387 index 8bf766e..d800b61 100644
22388 --- a/arch/x86/include/asm/mce.h
22389 +++ b/arch/x86/include/asm/mce.h
22390 @@ -184,7 +184,7 @@ struct mca_msr_regs {
22391 u32 (*status) (int bank);
22392 u32 (*addr) (int bank);
22393 u32 (*misc) (int bank);
22394 -};
22395 +} __no_const;
22396
22397 extern struct mce_vendor_flags mce_flags;
22398
22399 diff --git a/arch/x86/include/asm/mman.h b/arch/x86/include/asm/mman.h
22400 new file mode 100644
22401 index 0000000..2bfd3ba
22402 --- /dev/null
22403 +++ b/arch/x86/include/asm/mman.h
22404 @@ -0,0 +1,15 @@
22405 +#ifndef _X86_MMAN_H
22406 +#define _X86_MMAN_H
22407 +
22408 +#include <uapi/asm/mman.h>
22409 +
22410 +#ifdef __KERNEL__
22411 +#ifndef __ASSEMBLY__
22412 +#ifdef CONFIG_X86_32
22413 +#define arch_mmap_check i386_mmap_check
22414 +int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags);
22415 +#endif
22416 +#endif
22417 +#endif
22418 +
22419 +#endif /* X86_MMAN_H */
22420 diff --git a/arch/x86/include/asm/mmu.h b/arch/x86/include/asm/mmu.h
22421 index 1ea0bae..25de747 100644
22422 --- a/arch/x86/include/asm/mmu.h
22423 +++ b/arch/x86/include/asm/mmu.h
22424 @@ -19,7 +19,19 @@ typedef struct {
22425 #endif
22426
22427 struct mutex lock;
22428 - void __user *vdso; /* vdso base address */
22429 + unsigned long vdso; /* vdso base address */
22430 +
22431 +#ifdef CONFIG_X86_32
22432 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
22433 + unsigned long user_cs_base;
22434 + unsigned long user_cs_limit;
22435 +
22436 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
22437 + cpumask_t cpu_user_cs_mask;
22438 +#endif
22439 +
22440 +#endif
22441 +#endif
22442 const struct vdso_image *vdso_image; /* vdso image in use */
22443
22444 atomic_t perf_rdpmc_allowed; /* nonzero if rdpmc is allowed */
22445 diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
22446 index d8abfcf..721da30 100644
22447 --- a/arch/x86/include/asm/mmu_context.h
22448 +++ b/arch/x86/include/asm/mmu_context.h
22449 @@ -46,7 +46,7 @@ struct ldt_struct {
22450 * allocations, but it's not worth trying to optimize.
22451 */
22452 struct desc_struct *entries;
22453 - int size;
22454 + unsigned int size;
22455 };
22456
22457 /*
22458 @@ -58,6 +58,23 @@ void destroy_context_ldt(struct mm_struct *mm);
22459 static inline int init_new_context_ldt(struct task_struct *tsk,
22460 struct mm_struct *mm)
22461 {
22462 + if (tsk == current) {
22463 + mm->context.vdso = 0;
22464 +
22465 +#ifdef CONFIG_X86_32
22466 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
22467 + mm->context.user_cs_base = 0UL;
22468 + mm->context.user_cs_limit = ~0UL;
22469 +
22470 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
22471 + cpumask_clear(&mm->context.cpu_user_cs_mask);
22472 +#endif
22473 +
22474 +#endif
22475 +#endif
22476 +
22477 + }
22478 +
22479 return 0;
22480 }
22481 static inline void destroy_context_ldt(struct mm_struct *mm) {}
22482 @@ -98,6 +115,20 @@ static inline void load_mm_ldt(struct mm_struct *mm)
22483
22484 static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk)
22485 {
22486 +
22487 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
22488 + if (!(static_cpu_has(X86_FEATURE_PCIDUDEREF))) {
22489 + unsigned int i;
22490 + pgd_t *pgd;
22491 +
22492 + pax_open_kernel();
22493 + pgd = get_cpu_pgd(smp_processor_id(), kernel);
22494 + for (i = USER_PGD_PTRS; i < 2 * USER_PGD_PTRS; ++i)
22495 + set_pgd_batched(pgd+i, native_make_pgd(0));
22496 + pax_close_kernel();
22497 + }
22498 +#endif
22499 +
22500 #ifdef CONFIG_SMP
22501 if (this_cpu_read(cpu_tlbstate.state) == TLBSTATE_OK)
22502 this_cpu_write(cpu_tlbstate.state, TLBSTATE_LAZY);
22503 diff --git a/arch/x86/include/asm/module.h b/arch/x86/include/asm/module.h
22504 index e3b7819..ba128ec 100644
22505 --- a/arch/x86/include/asm/module.h
22506 +++ b/arch/x86/include/asm/module.h
22507 @@ -5,6 +5,7 @@
22508
22509 #ifdef CONFIG_X86_64
22510 /* X86_64 does not define MODULE_PROC_FAMILY */
22511 +#define MODULE_PROC_FAMILY ""
22512 #elif defined CONFIG_M486
22513 #define MODULE_PROC_FAMILY "486 "
22514 #elif defined CONFIG_M586
22515 @@ -57,8 +58,26 @@
22516 #error unknown processor family
22517 #endif
22518
22519 -#ifdef CONFIG_X86_32
22520 -# define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY
22521 +#ifdef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_BTS
22522 +#define MODULE_PAX_KERNEXEC "KERNEXEC_BTS "
22523 +#elif defined(CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR)
22524 +#define MODULE_PAX_KERNEXEC "KERNEXEC_OR "
22525 +#else
22526 +#define MODULE_PAX_KERNEXEC ""
22527 #endif
22528
22529 +#ifdef CONFIG_PAX_MEMORY_UDEREF
22530 +#define MODULE_PAX_UDEREF "UDEREF "
22531 +#else
22532 +#define MODULE_PAX_UDEREF ""
22533 +#endif
22534 +
22535 +#ifdef CONFIG_PAX_RAP
22536 +#define MODULE_PAX_RAP "RAP "
22537 +#else
22538 +#define MODULE_PAX_RAP ""
22539 +#endif
22540 +
22541 +#define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_PAX_KERNEXEC MODULE_PAX_UDEREF MODULE_PAX_RAP
22542 +
22543 #endif /* _ASM_X86_MODULE_H */
22544 diff --git a/arch/x86/include/asm/nmi.h b/arch/x86/include/asm/nmi.h
22545 index 5f2fc44..106caa6 100644
22546 --- a/arch/x86/include/asm/nmi.h
22547 +++ b/arch/x86/include/asm/nmi.h
22548 @@ -36,26 +36,35 @@ enum {
22549
22550 typedef int (*nmi_handler_t)(unsigned int, struct pt_regs *);
22551
22552 +struct nmiaction;
22553 +
22554 +struct nmiwork {
22555 + const struct nmiaction *action;
22556 + u64 max_duration;
22557 + struct irq_work irq_work;
22558 +};
22559 +
22560 struct nmiaction {
22561 struct list_head list;
22562 nmi_handler_t handler;
22563 - u64 max_duration;
22564 - struct irq_work irq_work;
22565 unsigned long flags;
22566 const char *name;
22567 -};
22568 + struct nmiwork *work;
22569 +} __do_const;
22570
22571 #define register_nmi_handler(t, fn, fg, n, init...) \
22572 ({ \
22573 - static struct nmiaction init fn##_na = { \
22574 + static struct nmiwork fn##_nw; \
22575 + static const struct nmiaction init fn##_na = { \
22576 .handler = (fn), \
22577 .name = (n), \
22578 .flags = (fg), \
22579 + .work = &fn##_nw, \
22580 }; \
22581 __register_nmi_handler((t), &fn##_na); \
22582 })
22583
22584 -int __register_nmi_handler(unsigned int, struct nmiaction *);
22585 +int __register_nmi_handler(unsigned int, const struct nmiaction *);
22586
22587 void unregister_nmi_handler(unsigned int, const char *);
22588
22589 diff --git a/arch/x86/include/asm/page.h b/arch/x86/include/asm/page.h
22590 index cf8f619..bbcf5e6 100644
22591 --- a/arch/x86/include/asm/page.h
22592 +++ b/arch/x86/include/asm/page.h
22593 @@ -58,6 +58,8 @@ static inline void copy_user_page(void *to, void *from, unsigned long vaddr,
22594 #define __va(x) ((void *)((unsigned long)(x)+PAGE_OFFSET))
22595 #endif
22596
22597 +#define __early_va(x) ((void *)((unsigned long)(x)+__START_KERNEL_map - phys_base))
22598 +
22599 #define __boot_va(x) __va(x)
22600 #define __boot_pa(x) __pa(x)
22601
22602 @@ -65,11 +67,21 @@ static inline void copy_user_page(void *to, void *from, unsigned long vaddr,
22603 * virt_to_page(kaddr) returns a valid pointer if and only if
22604 * virt_addr_valid(kaddr) returns true.
22605 */
22606 -#define virt_to_page(kaddr) pfn_to_page(__pa(kaddr) >> PAGE_SHIFT)
22607 #define pfn_to_kaddr(pfn) __va((pfn) << PAGE_SHIFT)
22608 extern bool __virt_addr_valid(unsigned long kaddr);
22609 #define virt_addr_valid(kaddr) __virt_addr_valid((unsigned long) (kaddr))
22610
22611 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
22612 +#define virt_to_page(kaddr) \
22613 + ({ \
22614 + const void *__kaddr = (const void *)(kaddr); \
22615 + BUG_ON(!virt_addr_valid(__kaddr)); \
22616 + pfn_to_page(__pa(__kaddr) >> PAGE_SHIFT); \
22617 + })
22618 +#else
22619 +#define virt_to_page(kaddr) pfn_to_page(__pa(kaddr) >> PAGE_SHIFT)
22620 +#endif
22621 +
22622 #endif /* __ASSEMBLY__ */
22623
22624 #include <asm-generic/memory_model.h>
22625 diff --git a/arch/x86/include/asm/page_32.h b/arch/x86/include/asm/page_32.h
22626 index 904f528..b4d0d24 100644
22627 --- a/arch/x86/include/asm/page_32.h
22628 +++ b/arch/x86/include/asm/page_32.h
22629 @@ -7,11 +7,17 @@
22630
22631 #define __phys_addr_nodebug(x) ((x) - PAGE_OFFSET)
22632 #ifdef CONFIG_DEBUG_VIRTUAL
22633 -extern unsigned long __phys_addr(unsigned long);
22634 +extern unsigned long __intentional_overflow(-1) __phys_addr(unsigned long);
22635 #else
22636 -#define __phys_addr(x) __phys_addr_nodebug(x)
22637 +static inline unsigned long __intentional_overflow(-1) __phys_addr(unsigned long x)
22638 +{
22639 + return __phys_addr_nodebug(x);
22640 +}
22641 #endif
22642 -#define __phys_addr_symbol(x) __phys_addr(x)
22643 +static inline unsigned long __intentional_overflow(-1) __phys_addr_symbol(unsigned long x)
22644 +{
22645 + return __phys_addr(x);
22646 +}
22647 #define __phys_reloc_hide(x) RELOC_HIDE((x), 0)
22648
22649 #ifdef CONFIG_FLATMEM
22650 diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h
22651 index b3bebf9..cb419e7 100644
22652 --- a/arch/x86/include/asm/page_64.h
22653 +++ b/arch/x86/include/asm/page_64.h
22654 @@ -7,9 +7,9 @@
22655
22656 /* duplicated to the one in bootmem.h */
22657 extern unsigned long max_pfn;
22658 -extern unsigned long phys_base;
22659 +extern const unsigned long phys_base;
22660
22661 -static inline unsigned long __phys_addr_nodebug(unsigned long x)
22662 +static inline unsigned long __intentional_overflow(-1) __phys_addr_nodebug(unsigned long x)
22663 {
22664 unsigned long y = x - __START_KERNEL_map;
22665
22666 @@ -20,12 +20,14 @@ static inline unsigned long __phys_addr_nodebug(unsigned long x)
22667 }
22668
22669 #ifdef CONFIG_DEBUG_VIRTUAL
22670 -extern unsigned long __phys_addr(unsigned long);
22671 -extern unsigned long __phys_addr_symbol(unsigned long);
22672 +extern unsigned long __intentional_overflow(-1) __phys_addr(unsigned long);
22673 +extern unsigned long __intentional_overflow(-1) __phys_addr_symbol(unsigned long);
22674 #else
22675 #define __phys_addr(x) __phys_addr_nodebug(x)
22676 -#define __phys_addr_symbol(x) \
22677 - ((unsigned long)(x) - __START_KERNEL_map + phys_base)
22678 +static inline unsigned long __intentional_overflow(-1) __phys_addr_symbol(unsigned long x)
22679 +{
22680 + return x - __START_KERNEL_map + phys_base;
22681 +}
22682 #endif
22683
22684 #define __phys_reloc_hide(x) (x)
22685 diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h
22686 index 2970d22..fce32bd 100644
22687 --- a/arch/x86/include/asm/paravirt.h
22688 +++ b/arch/x86/include/asm/paravirt.h
22689 @@ -509,7 +509,7 @@ static inline pmd_t __pmd(pmdval_t val)
22690 return (pmd_t) { ret };
22691 }
22692
22693 -static inline pmdval_t pmd_val(pmd_t pmd)
22694 +static inline __intentional_overflow(-1) pmdval_t pmd_val(pmd_t pmd)
22695 {
22696 pmdval_t ret;
22697
22698 @@ -575,6 +575,18 @@ static inline void set_pgd(pgd_t *pgdp, pgd_t pgd)
22699 val);
22700 }
22701
22702 +static inline void set_pgd_batched(pgd_t *pgdp, pgd_t pgd)
22703 +{
22704 + pgdval_t val = native_pgd_val(pgd);
22705 +
22706 + if (sizeof(pgdval_t) > sizeof(long))
22707 + PVOP_VCALL3(pv_mmu_ops.set_pgd_batched, pgdp,
22708 + val, (u64)val >> 32);
22709 + else
22710 + PVOP_VCALL2(pv_mmu_ops.set_pgd_batched, pgdp,
22711 + val);
22712 +}
22713 +
22714 static inline void pgd_clear(pgd_t *pgdp)
22715 {
22716 set_pgd(pgdp, __pgd(0));
22717 @@ -659,6 +671,21 @@ static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx,
22718 pv_mmu_ops.set_fixmap(idx, phys, flags);
22719 }
22720
22721 +#ifdef CONFIG_PAX_KERNEXEC
22722 +static inline unsigned long pax_open_kernel(void)
22723 +{
22724 + return PVOP_CALL0(unsigned long, pv_mmu_ops.pax_open_kernel);
22725 +}
22726 +
22727 +static inline unsigned long pax_close_kernel(void)
22728 +{
22729 + return PVOP_CALL0(unsigned long, pv_mmu_ops.pax_close_kernel);
22730 +}
22731 +#else
22732 +static inline unsigned long pax_open_kernel(void) { return 0; }
22733 +static inline unsigned long pax_close_kernel(void) { return 0; }
22734 +#endif
22735 +
22736 #if defined(CONFIG_SMP) && defined(CONFIG_PARAVIRT_SPINLOCKS)
22737
22738 #ifdef CONFIG_QUEUED_SPINLOCKS
22739 @@ -886,7 +913,7 @@ extern void default_banner(void);
22740
22741 #define PARA_PATCH(struct, off) ((PARAVIRT_PATCH_##struct + (off)) / 4)
22742 #define PARA_SITE(ptype, clobbers, ops) _PVSITE(ptype, clobbers, ops, .long, 4)
22743 -#define PARA_INDIRECT(addr) *%cs:addr
22744 +#define PARA_INDIRECT(addr) *%ss:addr
22745 #endif
22746
22747 #define INTERRUPT_RETURN \
22748 @@ -944,6 +971,21 @@ extern void default_banner(void);
22749 PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_usergs_sysret64), \
22750 CLBR_NONE, \
22751 jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_usergs_sysret64))
22752 +
22753 +#define GET_CR0_INTO_RDI \
22754 + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_read_cr0); \
22755 + mov %rax,%rdi
22756 +
22757 +#define SET_RDI_INTO_CR0 \
22758 + call PARA_INDIRECT(pv_cpu_ops+PV_CPU_write_cr0)
22759 +
22760 +#define GET_CR3_INTO_RDI \
22761 + call PARA_INDIRECT(pv_mmu_ops+PV_MMU_read_cr3); \
22762 + mov %rax,%rdi
22763 +
22764 +#define SET_RDI_INTO_CR3 \
22765 + call PARA_INDIRECT(pv_mmu_ops+PV_MMU_write_cr3)
22766 +
22767 #endif /* CONFIG_X86_32 */
22768
22769 #endif /* __ASSEMBLY__ */
22770 diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h
22771 index 7fa9e77..aa09e68 100644
22772 --- a/arch/x86/include/asm/paravirt_types.h
22773 +++ b/arch/x86/include/asm/paravirt_types.h
22774 @@ -83,7 +83,7 @@ struct pv_init_ops {
22775 */
22776 unsigned (*patch)(u8 type, u16 clobber, void *insnbuf,
22777 unsigned long addr, unsigned len);
22778 -};
22779 +} __no_const __no_randomize_layout;
22780
22781
22782 struct pv_lazy_ops {
22783 @@ -91,12 +91,12 @@ struct pv_lazy_ops {
22784 void (*enter)(void);
22785 void (*leave)(void);
22786 void (*flush)(void);
22787 -};
22788 +} __no_randomize_layout;
22789
22790 struct pv_time_ops {
22791 unsigned long long (*sched_clock)(void);
22792 unsigned long long (*steal_clock)(int cpu);
22793 -};
22794 +} __no_const __no_randomize_layout;
22795
22796 struct pv_cpu_ops {
22797 /* hooks for various privileged instructions */
22798 @@ -178,7 +178,7 @@ struct pv_cpu_ops {
22799
22800 void (*start_context_switch)(struct task_struct *prev);
22801 void (*end_context_switch)(struct task_struct *next);
22802 -};
22803 +} __no_const __no_randomize_layout;
22804
22805 struct pv_irq_ops {
22806 /*
22807 @@ -201,7 +201,7 @@ struct pv_irq_ops {
22808 #ifdef CONFIG_X86_64
22809 void (*adjust_exception_frame)(void);
22810 #endif
22811 -};
22812 +} __no_randomize_layout;
22813
22814 struct pv_mmu_ops {
22815 unsigned long (*read_cr2)(void);
22816 @@ -285,6 +285,7 @@ struct pv_mmu_ops {
22817 struct paravirt_callee_save make_pud;
22818
22819 void (*set_pgd)(pgd_t *pudp, pgd_t pgdval);
22820 + void (*set_pgd_batched)(pgd_t *pudp, pgd_t pgdval);
22821 #endif /* CONFIG_PGTABLE_LEVELS == 4 */
22822 #endif /* CONFIG_PGTABLE_LEVELS >= 3 */
22823
22824 @@ -296,7 +297,13 @@ struct pv_mmu_ops {
22825 an mfn. We can tell which is which from the index. */
22826 void (*set_fixmap)(unsigned /* enum fixed_addresses */ idx,
22827 phys_addr_t phys, pgprot_t flags);
22828 -};
22829 +
22830 +#ifdef CONFIG_PAX_KERNEXEC
22831 + unsigned long (*pax_open_kernel)(void);
22832 + unsigned long (*pax_close_kernel)(void);
22833 +#endif
22834 +
22835 +} __no_randomize_layout;
22836
22837 struct arch_spinlock;
22838 #ifdef CONFIG_SMP
22839 @@ -318,11 +325,14 @@ struct pv_lock_ops {
22840 struct paravirt_callee_save lock_spinning;
22841 void (*unlock_kick)(struct arch_spinlock *lock, __ticket_t ticket);
22842 #endif /* !CONFIG_QUEUED_SPINLOCKS */
22843 -};
22844 +} __no_randomize_layout;
22845
22846 /* This contains all the paravirt structures: we get a convenient
22847 * number for each function using the offset which we use to indicate
22848 - * what to patch. */
22849 + * what to patch.
22850 + * shouldn't be randomized due to the "NEAT TRICK" in paravirt.c
22851 + */
22852 +
22853 struct paravirt_patch_template {
22854 struct pv_init_ops pv_init_ops;
22855 struct pv_time_ops pv_time_ops;
22856 @@ -330,7 +340,7 @@ struct paravirt_patch_template {
22857 struct pv_irq_ops pv_irq_ops;
22858 struct pv_mmu_ops pv_mmu_ops;
22859 struct pv_lock_ops pv_lock_ops;
22860 -};
22861 +} __no_randomize_layout;
22862
22863 extern struct pv_info pv_info;
22864 extern struct pv_init_ops pv_init_ops;
22865 diff --git a/arch/x86/include/asm/pgalloc.h b/arch/x86/include/asm/pgalloc.h
22866 index b6d4259..da6324e 100644
22867 --- a/arch/x86/include/asm/pgalloc.h
22868 +++ b/arch/x86/include/asm/pgalloc.h
22869 @@ -63,6 +63,13 @@ static inline void pmd_populate_kernel(struct mm_struct *mm,
22870 pmd_t *pmd, pte_t *pte)
22871 {
22872 paravirt_alloc_pte(mm, __pa(pte) >> PAGE_SHIFT);
22873 + set_pmd(pmd, __pmd(__pa(pte) | _KERNPG_TABLE));
22874 +}
22875 +
22876 +static inline void pmd_populate_user(struct mm_struct *mm,
22877 + pmd_t *pmd, pte_t *pte)
22878 +{
22879 + paravirt_alloc_pte(mm, __pa(pte) >> PAGE_SHIFT);
22880 set_pmd(pmd, __pmd(__pa(pte) | _PAGE_TABLE));
22881 }
22882
22883 @@ -112,12 +119,22 @@ static inline void __pmd_free_tlb(struct mmu_gather *tlb, pmd_t *pmd,
22884
22885 #ifdef CONFIG_X86_PAE
22886 extern void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd);
22887 +static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd)
22888 +{
22889 + pud_populate(mm, pudp, pmd);
22890 +}
22891 #else /* !CONFIG_X86_PAE */
22892 static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
22893 {
22894 paravirt_alloc_pmd(mm, __pa(pmd) >> PAGE_SHIFT);
22895 set_pud(pud, __pud(_PAGE_TABLE | __pa(pmd)));
22896 }
22897 +
22898 +static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
22899 +{
22900 + paravirt_alloc_pmd(mm, __pa(pmd) >> PAGE_SHIFT);
22901 + set_pud(pud, __pud(_KERNPG_TABLE | __pa(pmd)));
22902 +}
22903 #endif /* CONFIG_X86_PAE */
22904
22905 #if CONFIG_PGTABLE_LEVELS > 3
22906 @@ -127,6 +144,12 @@ static inline void pgd_populate(struct mm_struct *mm, pgd_t *pgd, pud_t *pud)
22907 set_pgd(pgd, __pgd(_PAGE_TABLE | __pa(pud)));
22908 }
22909
22910 +static inline void pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pud_t *pud)
22911 +{
22912 + paravirt_alloc_pud(mm, __pa(pud) >> PAGE_SHIFT);
22913 + set_pgd(pgd, __pgd(_KERNPG_TABLE | __pa(pud)));
22914 +}
22915 +
22916 static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr)
22917 {
22918 gfp_t gfp = GFP_KERNEL_ACCOUNT;
22919 diff --git a/arch/x86/include/asm/pgtable-2level.h b/arch/x86/include/asm/pgtable-2level.h
22920 index fd74a11..35fd5af 100644
22921 --- a/arch/x86/include/asm/pgtable-2level.h
22922 +++ b/arch/x86/include/asm/pgtable-2level.h
22923 @@ -18,7 +18,9 @@ static inline void native_set_pte(pte_t *ptep , pte_t pte)
22924
22925 static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
22926 {
22927 + pax_open_kernel();
22928 *pmdp = pmd;
22929 + pax_close_kernel();
22930 }
22931
22932 static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte)
22933 diff --git a/arch/x86/include/asm/pgtable-3level.h b/arch/x86/include/asm/pgtable-3level.h
22934 index cdaa58c..ae30f0d 100644
22935 --- a/arch/x86/include/asm/pgtable-3level.h
22936 +++ b/arch/x86/include/asm/pgtable-3level.h
22937 @@ -92,12 +92,16 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte)
22938
22939 static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
22940 {
22941 + pax_open_kernel();
22942 set_64bit((unsigned long long *)(pmdp), native_pmd_val(pmd));
22943 + pax_close_kernel();
22944 }
22945
22946 static inline void native_set_pud(pud_t *pudp, pud_t pud)
22947 {
22948 + pax_open_kernel();
22949 set_64bit((unsigned long long *)(pudp), native_pud_val(pud));
22950 + pax_close_kernel();
22951 }
22952
22953 /*
22954 @@ -116,9 +120,12 @@ static inline void native_pte_clear(struct mm_struct *mm, unsigned long addr,
22955 static inline void native_pmd_clear(pmd_t *pmd)
22956 {
22957 u32 *tmp = (u32 *)pmd;
22958 +
22959 + pax_open_kernel();
22960 *tmp = 0;
22961 smp_wmb();
22962 *(tmp + 1) = 0;
22963 + pax_close_kernel();
22964 }
22965
22966 static inline void pud_clear(pud_t *pudp)
22967 diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
22968 index 437feb4..a4b2570 100644
22969 --- a/arch/x86/include/asm/pgtable.h
22970 +++ b/arch/x86/include/asm/pgtable.h
22971 @@ -54,6 +54,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page);
22972
22973 #ifndef __PAGETABLE_PUD_FOLDED
22974 #define set_pgd(pgdp, pgd) native_set_pgd(pgdp, pgd)
22975 +#define set_pgd_batched(pgdp, pgd) native_set_pgd_batched(pgdp, pgd)
22976 #define pgd_clear(pgd) native_pgd_clear(pgd)
22977 #endif
22978
22979 @@ -88,12 +89,53 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page);
22980
22981 #define arch_end_context_switch(prev) do {} while(0)
22982
22983 +#define pax_open_kernel() native_pax_open_kernel()
22984 +#define pax_close_kernel() native_pax_close_kernel()
22985 #endif /* CONFIG_PARAVIRT */
22986
22987 +#define __HAVE_ARCH_PAX_OPEN_KERNEL
22988 +#define __HAVE_ARCH_PAX_CLOSE_KERNEL
22989 +
22990 +#ifdef CONFIG_PAX_KERNEXEC
22991 +static inline unsigned long native_pax_open_kernel(void)
22992 +{
22993 + unsigned long cr0;
22994 +
22995 + preempt_disable();
22996 + barrier();
22997 + cr0 = read_cr0() ^ X86_CR0_WP;
22998 + BUG_ON(cr0 & X86_CR0_WP);
22999 + write_cr0(cr0);
23000 + barrier();
23001 + return cr0 ^ X86_CR0_WP;
23002 +}
23003 +
23004 +static inline unsigned long native_pax_close_kernel(void)
23005 +{
23006 + unsigned long cr0;
23007 +
23008 + barrier();
23009 + cr0 = read_cr0() ^ X86_CR0_WP;
23010 + BUG_ON(!(cr0 & X86_CR0_WP));
23011 + write_cr0(cr0);
23012 + barrier();
23013 + preempt_enable_no_resched();
23014 + return cr0 ^ X86_CR0_WP;
23015 +}
23016 +#else
23017 +static inline unsigned long native_pax_open_kernel(void) { return 0; }
23018 +static inline unsigned long native_pax_close_kernel(void) { return 0; }
23019 +#endif
23020 +
23021 /*
23022 * The following only work if pte_present() is true.
23023 * Undefined behaviour if not..
23024 */
23025 +static inline int pte_user(pte_t pte)
23026 +{
23027 + return pte_val(pte) & _PAGE_USER;
23028 +}
23029 +
23030 static inline int pte_dirty(pte_t pte)
23031 {
23032 return pte_flags(pte) & _PAGE_DIRTY;
23033 @@ -168,6 +210,11 @@ static inline unsigned long pud_pfn(pud_t pud)
23034 return (pud_val(pud) & pud_pfn_mask(pud)) >> PAGE_SHIFT;
23035 }
23036
23037 +static inline unsigned long pgd_pfn(pgd_t pgd)
23038 +{
23039 + return (pgd_val(pgd) & PTE_PFN_MASK) >> PAGE_SHIFT;
23040 +}
23041 +
23042 #define pte_page(pte) pfn_to_page(pte_pfn(pte))
23043
23044 static inline int pmd_large(pmd_t pte)
23045 @@ -224,9 +271,29 @@ static inline pte_t pte_wrprotect(pte_t pte)
23046 return pte_clear_flags(pte, _PAGE_RW);
23047 }
23048
23049 +static inline pte_t pte_mkread(pte_t pte)
23050 +{
23051 + return __pte(pte_val(pte) | _PAGE_USER);
23052 +}
23053 +
23054 static inline pte_t pte_mkexec(pte_t pte)
23055 {
23056 - return pte_clear_flags(pte, _PAGE_NX);
23057 +#ifdef CONFIG_X86_PAE
23058 + if (__supported_pte_mask & _PAGE_NX)
23059 + return pte_clear_flags(pte, _PAGE_NX);
23060 + else
23061 +#endif
23062 + return pte_set_flags(pte, _PAGE_USER);
23063 +}
23064 +
23065 +static inline pte_t pte_exprotect(pte_t pte)
23066 +{
23067 +#ifdef CONFIG_X86_PAE
23068 + if (__supported_pte_mask & _PAGE_NX)
23069 + return pte_set_flags(pte, _PAGE_NX);
23070 + else
23071 +#endif
23072 + return pte_clear_flags(pte, _PAGE_USER);
23073 }
23074
23075 static inline pte_t pte_mkdirty(pte_t pte)
23076 @@ -431,7 +498,7 @@ static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot)
23077
23078 #define canon_pgprot(p) __pgprot(massage_pgprot(p))
23079
23080 -static inline int is_new_memtype_allowed(u64 paddr, unsigned long size,
23081 +static inline int is_new_memtype_allowed(u64 paddr, u64 size,
23082 enum page_cache_mode pcm,
23083 enum page_cache_mode new_pcm)
23084 {
23085 @@ -474,6 +541,16 @@ pte_t *populate_extra_pte(unsigned long vaddr);
23086 #endif
23087
23088 #ifndef __ASSEMBLY__
23089 +
23090 +#ifdef CONFIG_PAX_PER_CPU_PGD
23091 +extern pgd_t cpu_pgd[NR_CPUS][2][PTRS_PER_PGD];
23092 +enum cpu_pgd_type {kernel = 0, user = 1};
23093 +static inline pgd_t *get_cpu_pgd(unsigned int cpu, enum cpu_pgd_type type)
23094 +{
23095 + return cpu_pgd[cpu][type];
23096 +}
23097 +#endif
23098 +
23099 #include <linux/mm_types.h>
23100 #include <linux/mmdebug.h>
23101 #include <linux/log2.h>
23102 @@ -675,7 +752,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
23103 * Currently stuck as a macro due to indirect forward reference to
23104 * linux/mmzone.h's __section_mem_map_addr() definition:
23105 */
23106 -#define pgd_page(pgd) pfn_to_page(pgd_val(pgd) >> PAGE_SHIFT)
23107 +#define pgd_page(pgd) pfn_to_page((pgd_val(pgd) & PTE_PFN_MASK) >> PAGE_SHIFT)
23108
23109 /* to find an entry in a page-table-directory. */
23110 static inline unsigned long pud_index(unsigned long address)
23111 @@ -690,7 +767,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
23112
23113 static inline int pgd_bad(pgd_t pgd)
23114 {
23115 - return (pgd_flags(pgd) & ~_PAGE_USER) != _KERNPG_TABLE;
23116 + return (pgd_flags(pgd) & ~(_PAGE_USER | _PAGE_NX)) != _KERNPG_TABLE;
23117 }
23118
23119 static inline int pgd_none(pgd_t pgd)
23120 @@ -719,7 +796,12 @@ static inline int pgd_none(pgd_t pgd)
23121 * pgd_offset() returns a (pgd_t *)
23122 * pgd_index() is used get the offset into the pgd page's array of pgd_t's;
23123 */
23124 -#define pgd_offset(mm, address) ((mm)->pgd + pgd_index((address)))
23125 +#define pgd_offset(mm, address) ((mm)->pgd + pgd_index(address))
23126 +
23127 +#ifdef CONFIG_PAX_PER_CPU_PGD
23128 +#define pgd_offset_cpu(cpu, type, address) (get_cpu_pgd(cpu, type) + pgd_index(address))
23129 +#endif
23130 +
23131 /*
23132 * a shortcut which implies the use of the kernel's pgd, instead
23133 * of a process's
23134 @@ -730,6 +812,25 @@ static inline int pgd_none(pgd_t pgd)
23135 #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET)
23136 #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY)
23137
23138 +#ifdef CONFIG_X86_32
23139 +#define USER_PGD_PTRS KERNEL_PGD_BOUNDARY
23140 +#else
23141 +#define TASK_SIZE_MAX_SHIFT CONFIG_TASK_SIZE_MAX_SHIFT
23142 +#define USER_PGD_PTRS (_AC(1,UL) << (TASK_SIZE_MAX_SHIFT - PGDIR_SHIFT))
23143 +
23144 +#ifdef CONFIG_PAX_MEMORY_UDEREF
23145 +#ifdef __ASSEMBLY__
23146 +#define pax_user_shadow_base pax_user_shadow_base(%rip)
23147 +#else
23148 +extern unsigned long pax_user_shadow_base;
23149 +extern pgdval_t clone_pgd_mask;
23150 +#endif
23151 +#else
23152 +#define pax_user_shadow_base (0UL)
23153 +#endif
23154 +
23155 +#endif
23156 +
23157 #ifndef __ASSEMBLY__
23158
23159 extern int direct_gbpages;
23160 @@ -901,11 +1002,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
23161 * dst and src can be on the same page, but the range must not overlap,
23162 * and must not cross a page boundary.
23163 */
23164 -static inline void clone_pgd_range(pgd_t *dst, pgd_t *src, int count)
23165 +static inline void clone_pgd_range(pgd_t *dst, const pgd_t *src, int count)
23166 {
23167 - memcpy(dst, src, count * sizeof(pgd_t));
23168 + pax_open_kernel();
23169 + while (count--)
23170 + *dst++ = *src++;
23171 + pax_close_kernel();
23172 }
23173
23174 +#ifdef CONFIG_PAX_PER_CPU_PGD
23175 +extern void __clone_user_pgds(pgd_t *dst, const pgd_t *src);
23176 +#endif
23177 +
23178 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
23179 +extern void __shadow_user_pgds(pgd_t *dst, const pgd_t *src);
23180 +#else
23181 +static inline void __shadow_user_pgds(pgd_t *dst, const pgd_t *src) {}
23182 +#endif
23183 +
23184 #define PTE_SHIFT ilog2(PTRS_PER_PTE)
23185 static inline int page_level_shift(enum pg_level level)
23186 {
23187 diff --git a/arch/x86/include/asm/pgtable_32.h b/arch/x86/include/asm/pgtable_32.h
23188 index b6c0b40..3535d47 100644
23189 --- a/arch/x86/include/asm/pgtable_32.h
23190 +++ b/arch/x86/include/asm/pgtable_32.h
23191 @@ -25,9 +25,6 @@
23192 struct mm_struct;
23193 struct vm_area_struct;
23194
23195 -extern pgd_t swapper_pg_dir[1024];
23196 -extern pgd_t initial_page_table[1024];
23197 -
23198 static inline void pgtable_cache_init(void) { }
23199 static inline void check_pgt_cache(void) { }
23200 void paging_init(void);
23201 @@ -45,6 +42,12 @@ void paging_init(void);
23202 # include <asm/pgtable-2level.h>
23203 #endif
23204
23205 +extern pgd_t swapper_pg_dir[PTRS_PER_PGD];
23206 +extern pgd_t initial_page_table[PTRS_PER_PGD];
23207 +#ifdef CONFIG_X86_PAE
23208 +extern pmd_t swapper_pm_dir[PTRS_PER_PGD][PTRS_PER_PMD];
23209 +#endif
23210 +
23211 #if defined(CONFIG_HIGHPTE)
23212 #define pte_offset_map(dir, address) \
23213 ((pte_t *)kmap_atomic(pmd_page(*(dir))) + \
23214 @@ -59,12 +62,17 @@ void paging_init(void);
23215 /* Clear a kernel PTE and flush it from the TLB */
23216 #define kpte_clear_flush(ptep, vaddr) \
23217 do { \
23218 + pax_open_kernel(); \
23219 pte_clear(&init_mm, (vaddr), (ptep)); \
23220 + pax_close_kernel(); \
23221 __flush_tlb_one((vaddr)); \
23222 } while (0)
23223
23224 #endif /* !__ASSEMBLY__ */
23225
23226 +#define HAVE_ARCH_UNMAPPED_AREA
23227 +#define HAVE_ARCH_UNMAPPED_AREA_TOPDOWN
23228 +
23229 /*
23230 * kern_addr_valid() is (1) for FLATMEM and (0) for
23231 * SPARSEMEM and DISCONTIGMEM
23232 diff --git a/arch/x86/include/asm/pgtable_32_types.h b/arch/x86/include/asm/pgtable_32_types.h
23233 index 9fb2f2b..8e18c70 100644
23234 --- a/arch/x86/include/asm/pgtable_32_types.h
23235 +++ b/arch/x86/include/asm/pgtable_32_types.h
23236 @@ -8,7 +8,7 @@
23237 */
23238 #ifdef CONFIG_X86_PAE
23239 # include <asm/pgtable-3level_types.h>
23240 -# define PMD_SIZE (1UL << PMD_SHIFT)
23241 +# define PMD_SIZE (_AC(1, UL) << PMD_SHIFT)
23242 # define PMD_MASK (~(PMD_SIZE - 1))
23243 #else
23244 # include <asm/pgtable-2level_types.h>
23245 @@ -46,6 +46,28 @@ extern bool __vmalloc_start_set; /* set once high_memory is set */
23246 # define VMALLOC_END (FIXADDR_START - 2 * PAGE_SIZE)
23247 #endif
23248
23249 +#ifdef CONFIG_PAX_KERNEXEC
23250 +#ifndef __ASSEMBLY__
23251 +extern unsigned char MODULES_EXEC_VADDR[];
23252 +extern unsigned char MODULES_EXEC_END[];
23253 +
23254 +extern unsigned char __LOAD_PHYSICAL_ADDR[];
23255 +#define LOAD_PHYSICAL_ADDR ((unsigned long)__LOAD_PHYSICAL_ADDR)
23256 +static inline unsigned long __intentional_overflow(-1) ktla_ktva(unsigned long addr)
23257 +{
23258 + return addr + LOAD_PHYSICAL_ADDR + PAGE_OFFSET;
23259 +
23260 +}
23261 +static inline unsigned long __intentional_overflow(-1) ktva_ktla(unsigned long addr)
23262 +{
23263 + return addr - LOAD_PHYSICAL_ADDR - PAGE_OFFSET;
23264 +}
23265 +#endif
23266 +#else
23267 +#define ktla_ktva(addr) (addr)
23268 +#define ktva_ktla(addr) (addr)
23269 +#endif
23270 +
23271 #define MODULES_VADDR VMALLOC_START
23272 #define MODULES_END VMALLOC_END
23273 #define MODULES_LEN (MODULES_VADDR - MODULES_END)
23274 diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h
23275 index 1cc82ec..ba29fd8 100644
23276 --- a/arch/x86/include/asm/pgtable_64.h
23277 +++ b/arch/x86/include/asm/pgtable_64.h
23278 @@ -16,11 +16,17 @@
23279
23280 extern pud_t level3_kernel_pgt[512];
23281 extern pud_t level3_ident_pgt[512];
23282 +extern pud_t level3_vmalloc_start_pgt[4][512];
23283 +extern pud_t level3_vmalloc_end_pgt[512];
23284 +extern pud_t level3_vmemmap_pgt[512];
23285 +extern pud_t level2_vmemmap_pgt[512];
23286 extern pmd_t level2_kernel_pgt[512];
23287 extern pmd_t level2_fixmap_pgt[512];
23288 -extern pmd_t level2_ident_pgt[512];
23289 -extern pte_t level1_fixmap_pgt[512];
23290 -extern pgd_t init_level4_pgt[];
23291 +extern pmd_t level2_ident_pgt[2][512];
23292 +extern pte_t level1_modules_pgt[4][512];
23293 +extern pte_t level1_fixmap_pgt[3][512];
23294 +extern pte_t level1_vsyscall_pgt[512];
23295 +extern pgd_t init_level4_pgt[512];
23296
23297 #define swapper_pg_dir init_level4_pgt
23298
23299 @@ -62,7 +68,9 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte)
23300
23301 static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
23302 {
23303 + pax_open_kernel();
23304 *pmdp = pmd;
23305 + pax_close_kernel();
23306 }
23307
23308 static inline void native_pmd_clear(pmd_t *pmd)
23309 @@ -98,7 +106,9 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp)
23310
23311 static inline void native_set_pud(pud_t *pudp, pud_t pud)
23312 {
23313 + pax_open_kernel();
23314 *pudp = pud;
23315 + pax_close_kernel();
23316 }
23317
23318 static inline void native_pud_clear(pud_t *pud)
23319 @@ -108,6 +118,13 @@ static inline void native_pud_clear(pud_t *pud)
23320
23321 static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd)
23322 {
23323 + pax_open_kernel();
23324 + *pgdp = pgd;
23325 + pax_close_kernel();
23326 +}
23327 +
23328 +static inline void native_set_pgd_batched(pgd_t *pgdp, pgd_t pgd)
23329 +{
23330 *pgdp = pgd;
23331 }
23332
23333 diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h
23334 index 6fdef9e..7cda9d5 100644
23335 --- a/arch/x86/include/asm/pgtable_64_types.h
23336 +++ b/arch/x86/include/asm/pgtable_64_types.h
23337 @@ -67,11 +67,16 @@ typedef struct { pteval_t pte; } pte_t;
23338 #define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE)
23339 #define MODULES_END _AC(0xffffffffff000000, UL)
23340 #define MODULES_LEN (MODULES_END - MODULES_VADDR)
23341 +#define MODULES_EXEC_VADDR MODULES_VADDR
23342 +#define MODULES_EXEC_END MODULES_END
23343 #define ESPFIX_PGD_ENTRY _AC(-2, UL)
23344 #define ESPFIX_BASE_ADDR (ESPFIX_PGD_ENTRY << PGDIR_SHIFT)
23345 #define EFI_VA_START ( -4 * (_AC(1, UL) << 30))
23346 #define EFI_VA_END (-68 * (_AC(1, UL) << 30))
23347
23348 +#define ktla_ktva(addr) (addr)
23349 +#define ktva_ktla(addr) (addr)
23350 +
23351 #define EARLY_DYNAMIC_PAGE_TABLES 64
23352
23353 #endif /* _ASM_X86_PGTABLE_64_DEFS_H */
23354 diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
23355 index f1218f5..b0cafcd 100644
23356 --- a/arch/x86/include/asm/pgtable_types.h
23357 +++ b/arch/x86/include/asm/pgtable_types.h
23358 @@ -112,10 +112,14 @@
23359
23360 #if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
23361 #define _PAGE_NX (_AT(pteval_t, 1) << _PAGE_BIT_NX)
23362 +#ifdef CONFIG_PAX_SEGMEXEC
23363 +#define _PAGE_DEVMAP (_AT(pteval_t, 0))
23364 +#else
23365 #define _PAGE_DEVMAP (_AT(u64, 1) << _PAGE_BIT_DEVMAP)
23366 #define __HAVE_ARCH_PTE_DEVMAP
23367 +#endif
23368 #else
23369 -#define _PAGE_NX (_AT(pteval_t, 0))
23370 +#define _PAGE_NX (_AT(pteval_t, 1) << _PAGE_BIT_SOFTW2)
23371 #define _PAGE_DEVMAP (_AT(pteval_t, 0))
23372 #endif
23373
23374 @@ -176,6 +180,9 @@ enum page_cache_mode {
23375 #define PAGE_READONLY_EXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | \
23376 _PAGE_ACCESSED)
23377
23378 +#define PAGE_READONLY_NOEXEC PAGE_READONLY
23379 +#define PAGE_SHARED_NOEXEC PAGE_SHARED
23380 +
23381 #define __PAGE_KERNEL_EXEC \
23382 (_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_GLOBAL)
23383 #define __PAGE_KERNEL (__PAGE_KERNEL_EXEC | _PAGE_NX)
23384 @@ -183,7 +190,7 @@ enum page_cache_mode {
23385 #define __PAGE_KERNEL_RO (__PAGE_KERNEL & ~_PAGE_RW)
23386 #define __PAGE_KERNEL_RX (__PAGE_KERNEL_EXEC & ~_PAGE_RW)
23387 #define __PAGE_KERNEL_NOCACHE (__PAGE_KERNEL | _PAGE_NOCACHE)
23388 -#define __PAGE_KERNEL_VSYSCALL (__PAGE_KERNEL_RX | _PAGE_USER)
23389 +#define __PAGE_KERNEL_VSYSCALL (__PAGE_KERNEL_RO | _PAGE_USER)
23390 #define __PAGE_KERNEL_VVAR (__PAGE_KERNEL_RO | _PAGE_USER)
23391 #define __PAGE_KERNEL_LARGE (__PAGE_KERNEL | _PAGE_PSE)
23392 #define __PAGE_KERNEL_LARGE_EXEC (__PAGE_KERNEL_EXEC | _PAGE_PSE)
23393 @@ -229,7 +236,7 @@ enum page_cache_mode {
23394 #ifdef CONFIG_X86_64
23395 #define __PAGE_KERNEL_IDENT_LARGE_EXEC __PAGE_KERNEL_LARGE_EXEC
23396 #else
23397 -#define PTE_IDENT_ATTR 0x003 /* PRESENT+RW */
23398 +#define PTE_IDENT_ATTR 0x063 /* PRESENT+RW+DIRTY+ACCESSED */
23399 #define PDE_IDENT_ATTR 0x063 /* PRESENT+RW+DIRTY+ACCESSED */
23400 #define PGD_IDENT_ATTR 0x001 /* PRESENT (no other attributes) */
23401 #endif
23402 @@ -271,7 +278,17 @@ static inline pgdval_t pgd_flags(pgd_t pgd)
23403 {
23404 return native_pgd_val(pgd) & PTE_FLAGS_MASK;
23405 }
23406 +#endif
23407
23408 +#if CONFIG_PGTABLE_LEVELS == 3
23409 +#include <asm-generic/pgtable-nopud.h>
23410 +#endif
23411 +
23412 +#if CONFIG_PGTABLE_LEVELS == 2
23413 +#include <asm-generic/pgtable-nopmd.h>
23414 +#endif
23415 +
23416 +#ifndef __ASSEMBLY__
23417 #if CONFIG_PGTABLE_LEVELS > 3
23418 typedef struct { pudval_t pud; } pud_t;
23419
23420 @@ -285,8 +302,6 @@ static inline pudval_t native_pud_val(pud_t pud)
23421 return pud.pud;
23422 }
23423 #else
23424 -#include <asm-generic/pgtable-nopud.h>
23425 -
23426 static inline pudval_t native_pud_val(pud_t pud)
23427 {
23428 return native_pgd_val(pud.pgd);
23429 @@ -306,8 +321,6 @@ static inline pmdval_t native_pmd_val(pmd_t pmd)
23430 return pmd.pmd;
23431 }
23432 #else
23433 -#include <asm-generic/pgtable-nopmd.h>
23434 -
23435 static inline pmdval_t native_pmd_val(pmd_t pmd)
23436 {
23437 return native_pgd_val(pmd.pud.pgd);
23438 @@ -424,7 +437,6 @@ typedef struct page *pgtable_t;
23439
23440 extern pteval_t __supported_pte_mask;
23441 extern void set_nx(void);
23442 -extern int nx_enabled;
23443
23444 #define pgprot_writecombine pgprot_writecombine
23445 extern pgprot_t pgprot_writecombine(pgprot_t prot);
23446 diff --git a/arch/x86/include/asm/pmem.h b/arch/x86/include/asm/pmem.h
23447 index 643eba4..0dbfcf5 100644
23448 --- a/arch/x86/include/asm/pmem.h
23449 +++ b/arch/x86/include/asm/pmem.h
23450 @@ -38,7 +38,7 @@ static inline void arch_memcpy_to_pmem(void *dst, const void *src, size_t n)
23451 * fault) we would have already reported a general protection fault
23452 * before the WARN+BUG.
23453 */
23454 - rem = __copy_from_user_inatomic_nocache(dst, (void __user *) src, n);
23455 + rem = __copy_from_user_inatomic_nocache(dst, (void __force_user *) src, n);
23456 if (WARN(rem, "%s: fault copying %p <- %p unwritten: %d\n",
23457 __func__, dst, src, rem))
23458 BUG();
23459 diff --git a/arch/x86/include/asm/preempt.h b/arch/x86/include/asm/preempt.h
23460 index 17f2186..f394307 100644
23461 --- a/arch/x86/include/asm/preempt.h
23462 +++ b/arch/x86/include/asm/preempt.h
23463 @@ -81,7 +81,7 @@ static __always_inline void __preempt_count_sub(int val)
23464 */
23465 static __always_inline bool __preempt_count_dec_and_test(void)
23466 {
23467 - GEN_UNARY_RMWcc("decl", __preempt_count, __percpu_arg(0), e);
23468 + GEN_UNARY_RMWcc("decl", __preempt_count, -4, __percpu_arg(0), e);
23469 }
23470
23471 /*
23472 diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
23473 index 63def95..3d8c203 100644
23474 --- a/arch/x86/include/asm/processor.h
23475 +++ b/arch/x86/include/asm/processor.h
23476 @@ -135,7 +135,7 @@ struct cpuinfo_x86 {
23477 /* Index into per_cpu list: */
23478 u16 cpu_index;
23479 u32 microcode;
23480 -};
23481 +} __randomize_layout;
23482
23483 #define X86_VENDOR_INTEL 0
23484 #define X86_VENDOR_CYRIX 1
23485 @@ -205,9 +205,21 @@ static inline void native_cpuid(unsigned int *eax, unsigned int *ebx,
23486 : "memory");
23487 }
23488
23489 +/* invpcid (%rdx),%rax */
23490 +#define __ASM_INVPCID ".byte 0x66,0x0f,0x38,0x82,0x02"
23491 +
23492 +#define INVPCID_SINGLE_ADDRESS 0UL
23493 +#define INVPCID_SINGLE_CONTEXT 1UL
23494 +#define INVPCID_ALL_GLOBAL 2UL
23495 +#define INVPCID_ALL_NONGLOBAL 3UL
23496 +
23497 +#define PCID_KERNEL 0UL
23498 +#define PCID_USER 1UL
23499 +#define PCID_NOFLUSH (1UL << 63)
23500 +
23501 static inline void load_cr3(pgd_t *pgdir)
23502 {
23503 - write_cr3(__pa(pgdir));
23504 + write_cr3(__pa(pgdir) | PCID_KERNEL);
23505 }
23506
23507 #ifdef CONFIG_X86_32
23508 @@ -307,11 +319,9 @@ struct tss_struct {
23509
23510 } ____cacheline_aligned;
23511
23512 -DECLARE_PER_CPU_SHARED_ALIGNED(struct tss_struct, cpu_tss);
23513 +extern struct tss_struct cpu_tss[NR_CPUS];
23514
23515 -#ifdef CONFIG_X86_32
23516 DECLARE_PER_CPU(unsigned long, cpu_current_top_of_stack);
23517 -#endif
23518
23519 /*
23520 * Save the original ist values for checking stack pointers during debugging
23521 @@ -388,6 +398,7 @@ struct thread_struct {
23522 unsigned short ds;
23523 unsigned short fsindex;
23524 unsigned short gsindex;
23525 + unsigned short ss;
23526 #endif
23527 #ifdef CONFIG_X86_32
23528 unsigned long ip;
23529 @@ -404,6 +415,9 @@ struct thread_struct {
23530 unsigned long gs;
23531 #endif
23532
23533 + /* Floating point and extended processor state */
23534 + struct fpu fpu;
23535 +
23536 /* Save middle states of ptrace breakpoints */
23537 struct perf_event *ptrace_bps[HBP_NUM];
23538 /* Debug status used for traps, single steps, etc... */
23539 @@ -424,18 +438,9 @@ struct thread_struct {
23540 /* Max allowed port in the bitmap, in bytes: */
23541 unsigned io_bitmap_max;
23542
23543 - mm_segment_t addr_limit;
23544 -
23545 unsigned int sig_on_uaccess_err:1;
23546 unsigned int uaccess_err:1; /* uaccess failed */
23547 -
23548 - /* Floating point and extended processor state */
23549 - struct fpu fpu;
23550 - /*
23551 - * WARNING: 'fpu' is dynamically-sized. It *MUST* be at
23552 - * the end.
23553 - */
23554 -};
23555 +} __randomize_layout;
23556
23557 /*
23558 * Set IOPL bits in EFLAGS from given mask
23559 @@ -478,12 +483,8 @@ static inline void native_swapgs(void)
23560
23561 static inline unsigned long current_top_of_stack(void)
23562 {
23563 -#ifdef CONFIG_X86_64
23564 - return this_cpu_read_stable(cpu_tss.x86_tss.sp0);
23565 -#else
23566 /* sp0 on x86_32 is special in and around vm86 mode. */
23567 return this_cpu_read_stable(cpu_current_top_of_stack);
23568 -#endif
23569 }
23570
23571 #ifdef CONFIG_PARAVIRT
23572 @@ -708,20 +709,29 @@ static inline void spin_lock_prefetch(const void *x)
23573 #define TOP_OF_INIT_STACK ((unsigned long)&init_stack + sizeof(init_stack) - \
23574 TOP_OF_KERNEL_STACK_PADDING)
23575
23576 +extern union fpregs_state init_fpregs_state;
23577 +
23578 #ifdef CONFIG_X86_32
23579 /*
23580 * User space process size: 3GB (default).
23581 */
23582 #define TASK_SIZE PAGE_OFFSET
23583 #define TASK_SIZE_MAX TASK_SIZE
23584 +
23585 +#ifdef CONFIG_PAX_SEGMEXEC
23586 +#define SEGMEXEC_TASK_SIZE (TASK_SIZE / 2)
23587 +#define STACK_TOP ((current->mm->pax_flags & MF_PAX_SEGMEXEC)?SEGMEXEC_TASK_SIZE:TASK_SIZE)
23588 +#else
23589 #define STACK_TOP TASK_SIZE
23590 -#define STACK_TOP_MAX STACK_TOP
23591 +#endif
23592 +
23593 +#define STACK_TOP_MAX TASK_SIZE
23594
23595 #define INIT_THREAD { \
23596 .sp0 = TOP_OF_INIT_STACK, \
23597 .sysenter_cs = __KERNEL_CS, \
23598 .io_bitmap_ptr = NULL, \
23599 - .addr_limit = KERNEL_DS, \
23600 + .fpu.state = &init_fpregs_state, \
23601 }
23602
23603 extern unsigned long thread_saved_pc(struct task_struct *tsk);
23604 @@ -736,12 +746,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
23605 * "struct pt_regs" is possible, but they may contain the
23606 * completely wrong values.
23607 */
23608 -#define task_pt_regs(task) \
23609 -({ \
23610 - unsigned long __ptr = (unsigned long)task_stack_page(task); \
23611 - __ptr += THREAD_SIZE - TOP_OF_KERNEL_STACK_PADDING; \
23612 - ((struct pt_regs *)__ptr) - 1; \
23613 -})
23614 +#define task_pt_regs(tsk) ((struct pt_regs *)(tsk)->thread.sp0 - 1)
23615
23616 #define KSTK_ESP(task) (task_pt_regs(task)->sp)
23617
23618 @@ -755,13 +760,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
23619 * particular problem by preventing anything from being mapped
23620 * at the maximum canonical address.
23621 */
23622 -#define TASK_SIZE_MAX ((1UL << 47) - PAGE_SIZE)
23623 +#define TASK_SIZE_MAX ((1UL << TASK_SIZE_MAX_SHIFT) - PAGE_SIZE)
23624
23625 /* This decides where the kernel will search for a free chunk of vm
23626 * space during mmap's.
23627 */
23628 #define IA32_PAGE_OFFSET ((current->personality & ADDR_LIMIT_3GB) ? \
23629 - 0xc0000000 : 0xFFFFe000)
23630 + 0xc0000000 : 0xFFFFf000)
23631
23632 #define TASK_SIZE (test_thread_flag(TIF_ADDR32) ? \
23633 IA32_PAGE_OFFSET : TASK_SIZE_MAX)
23634 @@ -773,7 +778,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
23635
23636 #define INIT_THREAD { \
23637 .sp0 = TOP_OF_INIT_STACK, \
23638 - .addr_limit = KERNEL_DS, \
23639 + .fpu.state = &init_fpregs_state, \
23640 }
23641
23642 /*
23643 @@ -796,6 +801,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
23644 */
23645 #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3))
23646
23647 +#ifdef CONFIG_PAX_SEGMEXEC
23648 +#define SEGMEXEC_TASK_UNMAPPED_BASE (PAGE_ALIGN(SEGMEXEC_TASK_SIZE / 3))
23649 +#endif
23650 +
23651 #define KSTK_EIP(task) (task_pt_regs(task)->ip)
23652
23653 /* Get/set a process' ability to use the timestamp counter instruction */
23654 @@ -841,7 +850,7 @@ static inline uint32_t hypervisor_cpuid_base(const char *sig, uint32_t leaves)
23655 return 0;
23656 }
23657
23658 -extern unsigned long arch_align_stack(unsigned long sp);
23659 +#define arch_align_stack(x) ((x) & ~0xfUL)
23660 extern void free_init_pages(char *what, unsigned long begin, unsigned long end);
23661
23662 void default_idle(void);
23663 @@ -851,6 +860,6 @@ bool xen_set_default_idle(void);
23664 #define xen_set_default_idle 0
23665 #endif
23666
23667 -void stop_this_cpu(void *dummy);
23668 +void stop_this_cpu(void *dummy) __noreturn;
23669 void df_debug(struct pt_regs *regs, long error_code);
23670 #endif /* _ASM_X86_PROCESSOR_H */
23671 diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
23672 index 2b5d686..8693ed0 100644
23673 --- a/arch/x86/include/asm/ptrace.h
23674 +++ b/arch/x86/include/asm/ptrace.h
23675 @@ -118,15 +118,16 @@ static inline int v8086_mode(struct pt_regs *regs)
23676 #ifdef CONFIG_X86_64
23677 static inline bool user_64bit_mode(struct pt_regs *regs)
23678 {
23679 + unsigned long cs = regs->cs & 0xffff;
23680 #ifndef CONFIG_PARAVIRT
23681 /*
23682 * On non-paravirt systems, this is the only long mode CPL 3
23683 * selector. We do not allow long mode selectors in the LDT.
23684 */
23685 - return regs->cs == __USER_CS;
23686 + return cs == __USER_CS;
23687 #else
23688 /* Headers are too twisted for this to go in paravirt.h. */
23689 - return regs->cs == __USER_CS || regs->cs == pv_info.extra_user_64bit_cs;
23690 + return cs == __USER_CS || cs == pv_info.extra_user_64bit_cs;
23691 #endif
23692 }
23693
23694 @@ -173,9 +174,11 @@ static inline unsigned long regs_get_register(struct pt_regs *regs,
23695 * Traps from the kernel do not save sp and ss.
23696 * Use the helper function to retrieve sp.
23697 */
23698 - if (offset == offsetof(struct pt_regs, sp) &&
23699 - regs->cs == __KERNEL_CS)
23700 - return kernel_stack_pointer(regs);
23701 + if (offset == offsetof(struct pt_regs, sp)) {
23702 + unsigned long cs = regs->cs & 0xffff;
23703 + if (cs == __KERNEL_CS || cs == __KERNEXEC_KERNEL_CS)
23704 + return kernel_stack_pointer(regs);
23705 + }
23706 #endif
23707 return *(unsigned long *)((unsigned long)regs + offset);
23708 }
23709 diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h
23710 index b2988c0..421f625 100644
23711 --- a/arch/x86/include/asm/realmode.h
23712 +++ b/arch/x86/include/asm/realmode.h
23713 @@ -22,16 +22,14 @@ struct real_mode_header {
23714 #endif
23715 /* APM/BIOS reboot */
23716 u32 machine_real_restart_asm;
23717 -#ifdef CONFIG_X86_64
23718 u32 machine_real_restart_seg;
23719 -#endif
23720 };
23721
23722 /* This must match data at trampoline_32/64.S */
23723 struct trampoline_header {
23724 #ifdef CONFIG_X86_32
23725 u32 start;
23726 - u16 gdt_pad;
23727 + u16 boot_cs;
23728 u16 gdt_limit;
23729 u32 gdt_base;
23730 #else
23731 diff --git a/arch/x86/include/asm/reboot.h b/arch/x86/include/asm/reboot.h
23732 index 2cb1cc2..787d524 100644
23733 --- a/arch/x86/include/asm/reboot.h
23734 +++ b/arch/x86/include/asm/reboot.h
23735 @@ -6,13 +6,13 @@
23736 struct pt_regs;
23737
23738 struct machine_ops {
23739 - void (*restart)(char *cmd);
23740 - void (*halt)(void);
23741 - void (*power_off)(void);
23742 + void (* __noreturn restart)(char *cmd);
23743 + void (* __noreturn halt)(void);
23744 + void (* __noreturn power_off)(void);
23745 void (*shutdown)(void);
23746 void (*crash_shutdown)(struct pt_regs *);
23747 - void (*emergency_restart)(void);
23748 -};
23749 + void (* __noreturn emergency_restart)(void);
23750 +} __no_const;
23751
23752 extern struct machine_ops machine_ops;
23753
23754 diff --git a/arch/x86/include/asm/rmwcc.h b/arch/x86/include/asm/rmwcc.h
23755 index 661dd30..e804f84 100644
23756 --- a/arch/x86/include/asm/rmwcc.h
23757 +++ b/arch/x86/include/asm/rmwcc.h
23758 @@ -5,7 +5,19 @@
23759
23760 /* Use asm goto */
23761
23762 -#define __GEN_RMWcc(fullop, var, cc, ...) \
23763 +#define __GEN_RMWcc(fullop, var, size, cc, ...) \
23764 +do { \
23765 + asm_volatile_goto (fullop \
23766 + "\n\t"__PAX_REFCOUNT(size) \
23767 + ";j" #cc " %l[cc_label]" \
23768 + : : [counter] "m" (var), ## __VA_ARGS__ \
23769 + : "memory", "cc", "cx" : cc_label); \
23770 + return 0; \
23771 +cc_label: \
23772 + return 1; \
23773 +} while (0)
23774 +
23775 +#define __GEN_RMWcc_unchecked(fullop, var, cc, ...) \
23776 do { \
23777 asm_volatile_goto (fullop "; j" #cc " %l[cc_label]" \
23778 : : "m" (var), ## __VA_ARGS__ \
23779 @@ -15,17 +27,34 @@ cc_label: \
23780 return 1; \
23781 } while (0)
23782
23783 -#define GEN_UNARY_RMWcc(op, var, arg0, cc) \
23784 - __GEN_RMWcc(op " " arg0, var, cc)
23785 +#define GEN_UNARY_RMWcc(op, var, size, arg0, cc) \
23786 + __GEN_RMWcc(op " " arg0, var, size, cc)
23787
23788 -#define GEN_BINARY_RMWcc(op, var, vcon, val, arg0, cc) \
23789 - __GEN_RMWcc(op " %1, " arg0, var, cc, vcon (val))
23790 +#define GEN_UNARY_RMWcc_unchecked(op, var, arg0, cc) \
23791 + __GEN_RMWcc_unchecked(op " " arg0, var, cc)
23792 +
23793 +#define GEN_BINARY_RMWcc(op, var, size, vcon, val, arg0, cc) \
23794 + __GEN_RMWcc(op " %1, " arg0, var, size, cc, vcon (val))
23795 +
23796 +#define GEN_BINARY_RMWcc_unchecked(op, var, vcon, val, arg0, cc) \
23797 + __GEN_RMWcc_unchecked(op " %1, " arg0, var, cc, vcon (val))
23798
23799 #else /* defined(__GCC_ASM_FLAG_OUTPUTS__) || !defined(CC_HAVE_ASM_GOTO) */
23800
23801 /* Use flags output or a set instruction */
23802
23803 -#define __GEN_RMWcc(fullop, var, cc, ...) \
23804 +#define __GEN_RMWcc(fullop, var, size, cc, ...) \
23805 +do { \
23806 + bool c; \
23807 + asm volatile (fullop \
23808 + "\n\t"__PAX_REFCOUNT(size) \
23809 + ";" CC_SET(cc) \
23810 + : [counter] "+m" (var), CC_OUT(cc) (c) \
23811 + : __VA_ARGS__ : "memory", "cc", "cx"); \
23812 + return c != 0; \
23813 +} while (0)
23814 +
23815 +#define __GEN_RMWcc_unchecked(fullop, var, cc, ...) \
23816 do { \
23817 bool c; \
23818 asm volatile (fullop ";" CC_SET(cc) \
23819 @@ -34,11 +63,17 @@ do { \
23820 return c; \
23821 } while (0)
23822
23823 -#define GEN_UNARY_RMWcc(op, var, arg0, cc) \
23824 - __GEN_RMWcc(op " " arg0, var, cc)
23825 +#define GEN_UNARY_RMWcc(op, var, size, arg0, cc) \
23826 + __GEN_RMWcc(op " " arg0, var, size, cc)
23827
23828 -#define GEN_BINARY_RMWcc(op, var, vcon, val, arg0, cc) \
23829 - __GEN_RMWcc(op " %2, " arg0, var, cc, vcon (val))
23830 +#define GEN_UNARY_RMWcc_unchecked(op, var, arg0, cc) \
23831 + __GEN_RMWcc_unchecked(op " " arg0, var, cc)
23832 +
23833 +#define GEN_BINARY_RMWcc(op, var, size, vcon, val, arg0, cc) \
23834 + __GEN_RMWcc(op " %2, " arg0, var, size, cc, vcon (val))
23835 +
23836 +#define GEN_BINARY_RMWcc_unchecked(op, var, vcon, val, arg0, cc) \
23837 + __GEN_RMWcc_unchecked(op " %2, " arg0, var, cc, vcon (val))
23838
23839 #endif /* defined(__GCC_ASM_FLAG_OUTPUTS__) || !defined(CC_HAVE_ASM_GOTO) */
23840
23841 diff --git a/arch/x86/include/asm/rwsem.h b/arch/x86/include/asm/rwsem.h
23842 index 8dbc762..5ff77d9 100644
23843 --- a/arch/x86/include/asm/rwsem.h
23844 +++ b/arch/x86/include/asm/rwsem.h
23845 @@ -64,14 +64,15 @@ static inline void __down_read(struct rw_semaphore *sem)
23846 {
23847 asm volatile("# beginning down_read\n\t"
23848 LOCK_PREFIX _ASM_INC "(%1)\n\t"
23849 + PAX_REFCOUNT_OVERFLOW(BITS_PER_LONG/8)
23850 /* adds 0x00000001 */
23851 " jns 1f\n"
23852 " call call_rwsem_down_read_failed\n"
23853 "1:\n\t"
23854 "# ending down_read\n\t"
23855 - : "+m" (sem->count)
23856 + : [counter] "+m" (sem->count)
23857 : "a" (sem)
23858 - : "memory", "cc");
23859 + : "memory", "cc", "cx");
23860 }
23861
23862 /*
23863 @@ -85,14 +86,15 @@ static inline bool __down_read_trylock(struct rw_semaphore *sem)
23864 "1:\n\t"
23865 " mov %1,%2\n\t"
23866 " add %3,%2\n\t"
23867 + PAX_REFCOUNT_OVERFLOW(BITS_PER_LONG/8)
23868 " jle 2f\n\t"
23869 LOCK_PREFIX " cmpxchg %2,%0\n\t"
23870 " jnz 1b\n\t"
23871 "2:\n\t"
23872 "# ending __down_read_trylock\n\t"
23873 - : "+m" (sem->count), "=&a" (result), "=&r" (tmp)
23874 + : [counter] "+m" (sem->count), "=&a" (result), "=&r" (tmp)
23875 : "i" (RWSEM_ACTIVE_READ_BIAS)
23876 - : "memory", "cc");
23877 + : "memory", "cc", "cx");
23878 return result >= 0;
23879 }
23880
23881 @@ -105,6 +107,7 @@ static inline bool __down_read_trylock(struct rw_semaphore *sem)
23882 struct rw_semaphore* ret; \
23883 asm volatile("# beginning down_write\n\t" \
23884 LOCK_PREFIX " xadd %1,(%3)\n\t" \
23885 + PAX_REFCOUNT_OVERFLOW(BITS_PER_LONG/8)\
23886 /* adds 0xffff0001, returns the old value */ \
23887 " test " __ASM_SEL(%w1,%k1) "," __ASM_SEL(%w1,%k1) "\n\t" \
23888 /* was the active mask 0 before? */\
23889 @@ -112,9 +115,9 @@ static inline bool __down_read_trylock(struct rw_semaphore *sem)
23890 " call " slow_path "\n" \
23891 "1:\n" \
23892 "# ending down_write" \
23893 - : "+m" (sem->count), "=d" (tmp), "=a" (ret) \
23894 + : [counter] "+m" (sem->count), "=d" (tmp), "=a" (ret)\
23895 : "a" (sem), "1" (RWSEM_ACTIVE_WRITE_BIAS) \
23896 - : "memory", "cc"); \
23897 + : "memory", "cc", "cx"); \
23898 ret; \
23899 })
23900
23901 @@ -146,15 +149,16 @@ static inline bool __down_write_trylock(struct rw_semaphore *sem)
23902 " jnz 2f\n\t"
23903 " mov %1,%2\n\t"
23904 " add %4,%2\n\t"
23905 + PAX_REFCOUNT_OVERFLOW(BITS_PER_LONG/8)
23906 LOCK_PREFIX " cmpxchg %2,%0\n\t"
23907 " jnz 1b\n\t"
23908 "2:\n\t"
23909 CC_SET(e)
23910 "# ending __down_write_trylock\n\t"
23911 - : "+m" (sem->count), "=&a" (tmp0), "=&r" (tmp1),
23912 + : [counter] "+m" (sem->count), "=&a" (tmp0), "=&r" (tmp1),
23913 CC_OUT(e) (result)
23914 : "er" (RWSEM_ACTIVE_WRITE_BIAS)
23915 - : "memory", "cc");
23916 + : "memory", "cc", "cx");
23917 return result;
23918 }
23919
23920 @@ -166,14 +170,15 @@ static inline void __up_read(struct rw_semaphore *sem)
23921 long tmp;
23922 asm volatile("# beginning __up_read\n\t"
23923 LOCK_PREFIX " xadd %1,(%2)\n\t"
23924 + PAX_REFCOUNT_UNDERFLOW(BITS_PER_LONG/8)
23925 /* subtracts 1, returns the old value */
23926 " jns 1f\n\t"
23927 " call call_rwsem_wake\n" /* expects old value in %edx */
23928 "1:\n"
23929 "# ending __up_read\n"
23930 - : "+m" (sem->count), "=d" (tmp)
23931 + : [counter] "+m" (sem->count), "=d" (tmp)
23932 : "a" (sem), "1" (-RWSEM_ACTIVE_READ_BIAS)
23933 - : "memory", "cc");
23934 + : "memory", "cc", "cx");
23935 }
23936
23937 /*
23938 @@ -184,14 +189,15 @@ static inline void __up_write(struct rw_semaphore *sem)
23939 long tmp;
23940 asm volatile("# beginning __up_write\n\t"
23941 LOCK_PREFIX " xadd %1,(%2)\n\t"
23942 + PAX_REFCOUNT_UNDERFLOW(BITS_PER_LONG/8)
23943 /* subtracts 0xffff0001, returns the old value */
23944 " jns 1f\n\t"
23945 " call call_rwsem_wake\n" /* expects old value in %edx */
23946 "1:\n\t"
23947 "# ending __up_write\n"
23948 - : "+m" (sem->count), "=d" (tmp)
23949 + : [counter] "+m" (sem->count), "=d" (tmp)
23950 : "a" (sem), "1" (-RWSEM_ACTIVE_WRITE_BIAS)
23951 - : "memory", "cc");
23952 + : "memory", "cc", "cx");
23953 }
23954
23955 /*
23956 @@ -201,6 +207,7 @@ static inline void __downgrade_write(struct rw_semaphore *sem)
23957 {
23958 asm volatile("# beginning __downgrade_write\n\t"
23959 LOCK_PREFIX _ASM_ADD "%2,(%1)\n\t"
23960 + PAX_REFCOUNT_OVERFLOW(BITS_PER_LONG/8)
23961 /*
23962 * transitions 0xZZZZ0001 -> 0xYYYY0001 (i386)
23963 * 0xZZZZZZZZ00000001 -> 0xYYYYYYYY00000001 (x86_64)
23964 @@ -209,9 +216,9 @@ static inline void __downgrade_write(struct rw_semaphore *sem)
23965 " call call_rwsem_downgrade_wake\n"
23966 "1:\n\t"
23967 "# ending __downgrade_write\n"
23968 - : "+m" (sem->count)
23969 + : [counter] "+m" (sem->count)
23970 : "a" (sem), "er" (-RWSEM_WAITING_BIAS)
23971 - : "memory", "cc");
23972 + : "memory", "cc", "cx");
23973 }
23974
23975 #endif /* __KERNEL__ */
23976 diff --git a/arch/x86/include/asm/segment.h b/arch/x86/include/asm/segment.h
23977 index 1549caa0..aa9ebe1 100644
23978 --- a/arch/x86/include/asm/segment.h
23979 +++ b/arch/x86/include/asm/segment.h
23980 @@ -83,14 +83,20 @@
23981 * 26 - ESPFIX small SS
23982 * 27 - per-cpu [ offset to per-cpu data area ]
23983 * 28 - stack_canary-20 [ for stack protector ] <=== cacheline #8
23984 - * 29 - unused
23985 - * 30 - unused
23986 + * 29 - PCI BIOS CS
23987 + * 30 - PCI BIOS DS
23988 * 31 - TSS for double fault handler
23989 */
23990 +#define GDT_ENTRY_KERNEXEC_EFI_CS (1)
23991 +#define GDT_ENTRY_KERNEXEC_EFI_DS (2)
23992 +#define __KERNEXEC_EFI_CS (GDT_ENTRY_KERNEXEC_EFI_CS*8)
23993 +#define __KERNEXEC_EFI_DS (GDT_ENTRY_KERNEXEC_EFI_DS*8)
23994 +
23995 #define GDT_ENTRY_TLS_MIN 6
23996 #define GDT_ENTRY_TLS_MAX (GDT_ENTRY_TLS_MIN + GDT_ENTRY_TLS_ENTRIES - 1)
23997
23998 #define GDT_ENTRY_KERNEL_CS 12
23999 +#define GDT_ENTRY_KERNEXEC_KERNEL_CS 4
24000 #define GDT_ENTRY_KERNEL_DS 13
24001 #define GDT_ENTRY_DEFAULT_USER_CS 14
24002 #define GDT_ENTRY_DEFAULT_USER_DS 15
24003 @@ -107,6 +113,12 @@
24004 #define GDT_ENTRY_PERCPU 27
24005 #define GDT_ENTRY_STACK_CANARY 28
24006
24007 +#define GDT_ENTRY_PCIBIOS_CS 29
24008 +#define __PCIBIOS_DS (GDT_ENTRY_PCIBIOS_DS * 8)
24009 +
24010 +#define GDT_ENTRY_PCIBIOS_DS 30
24011 +#define __PCIBIOS_CS (GDT_ENTRY_PCIBIOS_CS * 8)
24012 +
24013 #define GDT_ENTRY_DOUBLEFAULT_TSS 31
24014
24015 /*
24016 @@ -119,6 +131,7 @@
24017 */
24018
24019 #define __KERNEL_CS (GDT_ENTRY_KERNEL_CS*8)
24020 +#define __KERNEXEC_KERNEL_CS (GDT_ENTRY_KERNEXEC_KERNEL_CS*8)
24021 #define __KERNEL_DS (GDT_ENTRY_KERNEL_DS*8)
24022 #define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS*8 + 3)
24023 #define __USER_CS (GDT_ENTRY_DEFAULT_USER_CS*8 + 3)
24024 @@ -130,7 +143,7 @@
24025 #define PNP_CS16 (GDT_ENTRY_PNPBIOS_CS16*8)
24026
24027 /* "Is this PNP code selector (PNP_CS32 or PNP_CS16)?" */
24028 -#define SEGMENT_IS_PNP_CODE(x) (((x) & 0xf4) == PNP_CS32)
24029 +#define SEGMENT_IS_PNP_CODE(x) (((x) & 0xFFFCU) == PNP_CS32 || ((x) & 0xFFFCU) == PNP_CS16)
24030
24031 /* data segment for BIOS: */
24032 #define PNP_DS (GDT_ENTRY_PNPBIOS_DS*8)
24033 @@ -177,6 +190,8 @@
24034 #define GDT_ENTRY_DEFAULT_USER_DS 5
24035 #define GDT_ENTRY_DEFAULT_USER_CS 6
24036
24037 +#define GDT_ENTRY_KERNEXEC_KERNEL_CS 7
24038 +
24039 /* Needs two entries */
24040 #define GDT_ENTRY_TSS 8
24041 /* Needs two entries */
24042 @@ -188,10 +203,12 @@
24043 /* Abused to load per CPU data from limit */
24044 #define GDT_ENTRY_PER_CPU 15
24045
24046 +#define GDT_ENTRY_UDEREF_KERNEL_DS 16
24047 +
24048 /*
24049 * Number of entries in the GDT table:
24050 */
24051 -#define GDT_ENTRIES 16
24052 +#define GDT_ENTRIES 17
24053
24054 /*
24055 * Segment selector values corresponding to the above entries:
24056 @@ -201,7 +218,9 @@
24057 */
24058 #define __KERNEL32_CS (GDT_ENTRY_KERNEL32_CS*8)
24059 #define __KERNEL_CS (GDT_ENTRY_KERNEL_CS*8)
24060 +#define __KERNEXEC_KERNEL_CS (GDT_ENTRY_KERNEXEC_KERNEL_CS*8)
24061 #define __KERNEL_DS (GDT_ENTRY_KERNEL_DS*8)
24062 +#define __UDEREF_KERNEL_DS (GDT_ENTRY_UDEREF_KERNEL_DS*8)
24063 #define __USER32_CS (GDT_ENTRY_DEFAULT_USER32_CS*8 + 3)
24064 #define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS*8 + 3)
24065 #define __USER32_DS __USER_DS
24066 diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h
24067 index ac1d5da..6c4be50 100644
24068 --- a/arch/x86/include/asm/setup.h
24069 +++ b/arch/x86/include/asm/setup.h
24070 @@ -61,6 +61,7 @@ static inline void x86_ce4100_early_setup(void) { }
24071 #ifndef _SETUP
24072
24073 #include <asm/espfix.h>
24074 +#include <asm/uaccess.h>
24075 #include <linux/kernel.h>
24076
24077 /*
24078 @@ -76,7 +77,7 @@ static inline bool kaslr_enabled(void)
24079
24080 static inline unsigned long kaslr_offset(void)
24081 {
24082 - return (unsigned long)&_text - __START_KERNEL;
24083 + return ktla_ktva((unsigned long)&_text) - __START_KERNEL;
24084 }
24085
24086 /*
24087 diff --git a/arch/x86/include/asm/smap.h b/arch/x86/include/asm/smap.h
24088 index db33330..fa80df3 100644
24089 --- a/arch/x86/include/asm/smap.h
24090 +++ b/arch/x86/include/asm/smap.h
24091 @@ -25,6 +25,18 @@
24092
24093 #include <asm/alternative-asm.h>
24094
24095 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
24096 +#define ASM_PAX_OPEN_USERLAND \
24097 + ALTERNATIVE "", "call __pax_open_userland", X86_FEATURE_STRONGUDEREF
24098 +
24099 +#define ASM_PAX_CLOSE_USERLAND \
24100 + ALTERNATIVE "", "call __pax_close_userland", X86_FEATURE_STRONGUDEREF
24101 +
24102 +#else
24103 +#define ASM_PAX_OPEN_USERLAND
24104 +#define ASM_PAX_CLOSE_USERLAND
24105 +#endif
24106 +
24107 #ifdef CONFIG_X86_SMAP
24108
24109 #define ASM_CLAC \
24110 @@ -40,10 +52,44 @@
24111
24112 #endif /* CONFIG_X86_SMAP */
24113
24114 +#define ASM_USER_ACCESS_BEGIN ASM_PAX_OPEN_USERLAND; ASM_STAC
24115 +#define ASM_USER_ACCESS_END ASM_CLAC; ASM_PAX_CLOSE_USERLAND
24116 +
24117 #else /* __ASSEMBLY__ */
24118
24119 #include <asm/alternative.h>
24120
24121 +#define __HAVE_ARCH_PAX_OPEN_USERLAND
24122 +#define __HAVE_ARCH_PAX_CLOSE_USERLAND
24123 +
24124 +extern void __pax_open_userland(void);
24125 +static __always_inline unsigned long pax_open_userland(void)
24126 +{
24127 +
24128 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
24129 + asm volatile(ALTERNATIVE("", "call %P[open]", X86_FEATURE_STRONGUDEREF)
24130 + :
24131 + : [open] "i" (__pax_open_userland)
24132 + : "memory", "rax");
24133 +#endif
24134 +
24135 + return 0;
24136 +}
24137 +
24138 +extern void __pax_close_userland(void);
24139 +static __always_inline unsigned long pax_close_userland(void)
24140 +{
24141 +
24142 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
24143 + asm volatile(ALTERNATIVE("", "call %P[close]", X86_FEATURE_STRONGUDEREF)
24144 + :
24145 + : [close] "i" (__pax_close_userland)
24146 + : "memory", "rax");
24147 +#endif
24148 +
24149 + return 0;
24150 +}
24151 +
24152 #ifdef CONFIG_X86_SMAP
24153
24154 static __always_inline void clac(void)
24155 diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h
24156 index ebd0c16..ff7f35d 100644
24157 --- a/arch/x86/include/asm/smp.h
24158 +++ b/arch/x86/include/asm/smp.h
24159 @@ -25,7 +25,7 @@ DECLARE_PER_CPU_READ_MOSTLY(cpumask_var_t, cpu_core_map);
24160 /* cpus sharing the last level cache: */
24161 DECLARE_PER_CPU_READ_MOSTLY(cpumask_var_t, cpu_llc_shared_map);
24162 DECLARE_PER_CPU_READ_MOSTLY(u16, cpu_llc_id);
24163 -DECLARE_PER_CPU_READ_MOSTLY(int, cpu_number);
24164 +DECLARE_PER_CPU_READ_MOSTLY(unsigned int, cpu_number);
24165
24166 static inline struct cpumask *cpu_llc_shared_mask(int cpu)
24167 {
24168 @@ -59,7 +59,7 @@ struct smp_ops {
24169
24170 void (*send_call_func_ipi)(const struct cpumask *mask);
24171 void (*send_call_func_single_ipi)(int cpu);
24172 -};
24173 +} __no_const;
24174
24175 /* Globals due to paravirt */
24176 extern void set_cpu_sibling_map(int cpu);
24177 diff --git a/arch/x86/include/asm/stackprotector.h b/arch/x86/include/asm/stackprotector.h
24178 index 58505f0..bff3b5b 100644
24179 --- a/arch/x86/include/asm/stackprotector.h
24180 +++ b/arch/x86/include/asm/stackprotector.h
24181 @@ -49,7 +49,7 @@
24182 * head_32 for boot CPU and setup_per_cpu_areas() for others.
24183 */
24184 #define GDT_STACK_CANARY_INIT \
24185 - [GDT_ENTRY_STACK_CANARY] = GDT_ENTRY_INIT(0x4090, 0, 0x18),
24186 + [GDT_ENTRY_STACK_CANARY] = GDT_ENTRY_INIT(0x4090, 0, 0x17),
24187
24188 /*
24189 * Initialize the stackprotector canary value.
24190 @@ -114,7 +114,7 @@ static inline void setup_stack_canary_segment(int cpu)
24191
24192 static inline void load_stack_canary_segment(void)
24193 {
24194 -#ifdef CONFIG_X86_32
24195 +#if defined(CONFIG_X86_32) && !defined(CONFIG_PAX_MEMORY_UDEREF)
24196 asm volatile ("mov %0, %%gs" : : "r" (0));
24197 #endif
24198 }
24199 diff --git a/arch/x86/include/asm/stacktrace.h b/arch/x86/include/asm/stacktrace.h
24200 index 0944218..2f17b1b 100644
24201 --- a/arch/x86/include/asm/stacktrace.h
24202 +++ b/arch/x86/include/asm/stacktrace.h
24203 @@ -11,28 +11,20 @@
24204
24205 extern int kstack_depth_to_print;
24206
24207 -struct thread_info;
24208 +struct task_struct;
24209 struct stacktrace_ops;
24210
24211 -typedef unsigned long (*walk_stack_t)(struct task_struct *task,
24212 - unsigned long *stack,
24213 - unsigned long bp,
24214 - const struct stacktrace_ops *ops,
24215 - void *data,
24216 - unsigned long *end,
24217 - int *graph);
24218 +typedef unsigned long walk_stack_t(struct task_struct *task,
24219 + void *stack_start,
24220 + unsigned long *stack,
24221 + unsigned long bp,
24222 + const struct stacktrace_ops *ops,
24223 + void *data,
24224 + unsigned long *end,
24225 + int *graph);
24226
24227 -extern unsigned long
24228 -print_context_stack(struct task_struct *task,
24229 - unsigned long *stack, unsigned long bp,
24230 - const struct stacktrace_ops *ops, void *data,
24231 - unsigned long *end, int *graph);
24232 -
24233 -extern unsigned long
24234 -print_context_stack_bp(struct task_struct *task,
24235 - unsigned long *stack, unsigned long bp,
24236 - const struct stacktrace_ops *ops, void *data,
24237 - unsigned long *end, int *graph);
24238 +extern walk_stack_t print_context_stack;
24239 +extern walk_stack_t print_context_stack_bp;
24240
24241 /* Generic stack tracer with callbacks */
24242
24243 @@ -40,7 +32,7 @@ struct stacktrace_ops {
24244 int (*address)(void *data, unsigned long address, int reliable);
24245 /* On negative return stop dumping */
24246 int (*stack)(void *data, char *name);
24247 - walk_stack_t walk_stack;
24248 + walk_stack_t *walk_stack;
24249 };
24250
24251 void dump_trace(struct task_struct *tsk, struct pt_regs *regs,
24252 diff --git a/arch/x86/include/asm/string_32.h b/arch/x86/include/asm/string_32.h
24253 index 3d3e835..50b64b1 100644
24254 --- a/arch/x86/include/asm/string_32.h
24255 +++ b/arch/x86/include/asm/string_32.h
24256 @@ -6,28 +6,28 @@
24257 /* Let gcc decide whether to inline or use the out of line functions */
24258
24259 #define __HAVE_ARCH_STRCPY
24260 -extern char *strcpy(char *dest, const char *src);
24261 +extern char *strcpy(char *dest, const char *src) __nocapture(2);
24262
24263 #define __HAVE_ARCH_STRNCPY
24264 -extern char *strncpy(char *dest, const char *src, size_t count);
24265 +extern char *strncpy(char *dest, const char *src, size_t count) __nocapture(2);
24266
24267 #define __HAVE_ARCH_STRCAT
24268 -extern char *strcat(char *dest, const char *src);
24269 +extern char *strcat(char *dest, const char *src) __nocapture(2);
24270
24271 #define __HAVE_ARCH_STRNCAT
24272 -extern char *strncat(char *dest, const char *src, size_t count);
24273 +extern char *strncat(char *dest, const char *src, size_t count) __nocapture(2);
24274
24275 #define __HAVE_ARCH_STRCMP
24276 -extern int strcmp(const char *cs, const char *ct);
24277 +extern int strcmp(const char *cs, const char *ct) __nocapture();
24278
24279 #define __HAVE_ARCH_STRNCMP
24280 -extern int strncmp(const char *cs, const char *ct, size_t count);
24281 +extern int strncmp(const char *cs, const char *ct, size_t count) __nocapture(1, 2);
24282
24283 #define __HAVE_ARCH_STRCHR
24284 -extern char *strchr(const char *s, int c);
24285 +extern char *strchr(const char *s, int c) __nocapture(-1);
24286
24287 #define __HAVE_ARCH_STRLEN
24288 -extern size_t strlen(const char *s);
24289 +extern size_t strlen(const char *s) __nocapture(1);
24290
24291 static __always_inline void *__memcpy(void *to, const void *from, size_t n)
24292 {
24293 @@ -197,12 +197,12 @@ static inline void *__memcpy3d(void *to, const void *from, size_t len)
24294 #endif
24295
24296 #define __HAVE_ARCH_MEMMOVE
24297 -void *memmove(void *dest, const void *src, size_t n);
24298 +void *memmove(void *dest, const void *src, size_t n) __nocapture(2);
24299
24300 #define memcmp __builtin_memcmp
24301
24302 #define __HAVE_ARCH_MEMCHR
24303 -extern void *memchr(const void *cs, int c, size_t count);
24304 +extern void *memchr(const void *cs, int c, size_t count) __nocapture(-1);
24305
24306 static inline void *__memset_generic(void *s, char c, size_t count)
24307 {
24308 @@ -243,11 +243,11 @@ void *__constant_c_memset(void *s, unsigned long c, size_t count)
24309
24310 /* Added by Gertjan van Wingerde to make minix and sysv module work */
24311 #define __HAVE_ARCH_STRNLEN
24312 -extern size_t strnlen(const char *s, size_t count);
24313 +extern size_t strnlen(const char *s, size_t count) __nocapture(1);
24314 /* end of additional stuff */
24315
24316 #define __HAVE_ARCH_STRSTR
24317 -extern char *strstr(const char *cs, const char *ct);
24318 +extern char *strstr(const char *cs, const char *ct) __nocapture(-1, 2);
24319
24320 /*
24321 * This looks horribly ugly, but the compiler can optimize it totally,
24322 diff --git a/arch/x86/include/asm/string_64.h b/arch/x86/include/asm/string_64.h
24323 index 90dbbd9..607d3ba 100644
24324 --- a/arch/x86/include/asm/string_64.h
24325 +++ b/arch/x86/include/asm/string_64.h
24326 @@ -27,8 +27,8 @@ static __always_inline void *__inline_memcpy(void *to, const void *from, size_t
24327 function. */
24328
24329 #define __HAVE_ARCH_MEMCPY 1
24330 -extern void *memcpy(void *to, const void *from, size_t len);
24331 -extern void *__memcpy(void *to, const void *from, size_t len);
24332 +extern void *memcpy(void *to, const void *from, size_t len) __nocapture(2);
24333 +extern void *__memcpy(void *to, const void *from, size_t len) __nocapture(2);
24334
24335 #ifndef CONFIG_KMEMCHECK
24336 #if (__GNUC__ == 4 && __GNUC_MINOR__ < 3) || __GNUC__ < 4
24337 @@ -56,14 +56,14 @@ void *memset(void *s, int c, size_t n);
24338 void *__memset(void *s, int c, size_t n);
24339
24340 #define __HAVE_ARCH_MEMMOVE
24341 -void *memmove(void *dest, const void *src, size_t count);
24342 -void *__memmove(void *dest, const void *src, size_t count);
24343 +void *memmove(void *dest, const void *src, size_t count) __nocapture(2);
24344 +void *__memmove(void *dest, const void *src, size_t count) __nocapture(2);
24345
24346 -int memcmp(const void *cs, const void *ct, size_t count);
24347 -size_t strlen(const char *s);
24348 -char *strcpy(char *dest, const char *src);
24349 -char *strcat(char *dest, const char *src);
24350 -int strcmp(const char *cs, const char *ct);
24351 +int memcmp(const void *cs, const void *ct, size_t count) __nocapture(1, 2);
24352 +size_t strlen(const char *s) __nocapture(1);
24353 +char *strcpy(char *dest, const char *src) __nocapture(2);
24354 +char *strcat(char *dest, const char *src) __nocapture(2);
24355 +int strcmp(const char *cs, const char *ct) __nocapture(1, 2);
24356
24357 #if defined(CONFIG_KASAN) && !defined(__SANITIZE_ADDRESS__)
24358
24359 @@ -89,7 +89,7 @@ int strcmp(const char *cs, const char *ct);
24360 *
24361 * Return 0 for success, -EFAULT for fail
24362 */
24363 -int memcpy_mcsafe(void *dst, const void *src, size_t cnt);
24364 +int memcpy_mcsafe(void *dst, const void *src, size_t cnt) __nocapture(2);
24365
24366 #endif /* __KERNEL__ */
24367
24368 diff --git a/arch/x86/include/asm/switch_to.h b/arch/x86/include/asm/switch_to.h
24369 index 8f321a1..6207183 100644
24370 --- a/arch/x86/include/asm/switch_to.h
24371 +++ b/arch/x86/include/asm/switch_to.h
24372 @@ -110,7 +110,7 @@ do { \
24373 "call __switch_to\n\t" \
24374 "movq "__percpu_arg([current_task])",%%rsi\n\t" \
24375 __switch_canary \
24376 - "movq %P[thread_info](%%rsi),%%r8\n\t" \
24377 + "movq "__percpu_arg([thread_info])",%%r8\n\t" \
24378 "movq %%rax,%%rdi\n\t" \
24379 "testl %[_tif_fork],%P[ti_flags](%%r8)\n\t" \
24380 "jnz ret_from_fork\n\t" \
24381 @@ -121,7 +121,7 @@ do { \
24382 [threadrsp] "i" (offsetof(struct task_struct, thread.sp)), \
24383 [ti_flags] "i" (offsetof(struct thread_info, flags)), \
24384 [_tif_fork] "i" (_TIF_FORK), \
24385 - [thread_info] "i" (offsetof(struct task_struct, stack)), \
24386 + [thread_info] "m" (current_tinfo), \
24387 [current_task] "m" (current_task) \
24388 __switch_canary_iparam \
24389 : "memory", "cc" __EXTRA_CLOBBER)
24390 diff --git a/arch/x86/include/asm/sys_ia32.h b/arch/x86/include/asm/sys_ia32.h
24391 index 82c34ee..940fa40 100644
24392 --- a/arch/x86/include/asm/sys_ia32.h
24393 +++ b/arch/x86/include/asm/sys_ia32.h
24394 @@ -20,8 +20,8 @@
24395 #include <asm/ia32.h>
24396
24397 /* ia32/sys_ia32.c */
24398 -asmlinkage long sys32_truncate64(const char __user *, unsigned long, unsigned long);
24399 -asmlinkage long sys32_ftruncate64(unsigned int, unsigned long, unsigned long);
24400 +asmlinkage long sys32_truncate64(const char __user *, unsigned int, unsigned int);
24401 +asmlinkage long sys32_ftruncate64(unsigned int, unsigned int, unsigned int);
24402
24403 asmlinkage long sys32_stat64(const char __user *, struct stat64 __user *);
24404 asmlinkage long sys32_lstat64(const char __user *, struct stat64 __user *);
24405 @@ -42,7 +42,7 @@ long sys32_vm86_warning(void);
24406 asmlinkage ssize_t sys32_readahead(int, unsigned, unsigned, size_t);
24407 asmlinkage long sys32_sync_file_range(int, unsigned, unsigned,
24408 unsigned, unsigned, int);
24409 -asmlinkage long sys32_fadvise64(int, unsigned, unsigned, size_t, int);
24410 +asmlinkage long sys32_fadvise64(int, unsigned, unsigned, int, int);
24411 asmlinkage long sys32_fallocate(int, int, unsigned,
24412 unsigned, unsigned, unsigned);
24413
24414 diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
24415 index 8b7c8d8e..a60b006 100644
24416 --- a/arch/x86/include/asm/thread_info.h
24417 +++ b/arch/x86/include/asm/thread_info.h
24418 @@ -39,7 +39,7 @@
24419 # define TOP_OF_KERNEL_STACK_PADDING 8
24420 # endif
24421 #else
24422 -# define TOP_OF_KERNEL_STACK_PADDING 0
24423 +# define TOP_OF_KERNEL_STACK_PADDING 16
24424 #endif
24425
24426 /*
24427 @@ -53,20 +53,21 @@ struct task_struct;
24428 #include <linux/atomic.h>
24429
24430 struct thread_info {
24431 - struct task_struct *task; /* main task structure */
24432 __u32 flags; /* low level flags */
24433 __u32 status; /* thread synchronous flags */
24434 __u32 cpu; /* current CPU */
24435 + mm_segment_t addr_limit;
24436 + unsigned long lowest_stack;
24437 };
24438
24439 -#define INIT_THREAD_INFO(tsk) \
24440 +#define INIT_THREAD_INFO \
24441 { \
24442 - .task = &tsk, \
24443 .flags = 0, \
24444 .cpu = 0, \
24445 + .addr_limit = KERNEL_DS, \
24446 }
24447
24448 -#define init_thread_info (init_thread_union.thread_info)
24449 +#define init_thread_info (init_thread_union.stack)
24450 #define init_stack (init_thread_union.stack)
24451
24452 #else /* !__ASSEMBLY__ */
24453 @@ -106,6 +107,7 @@ struct thread_info {
24454 #define TIF_SYSCALL_TRACEPOINT 28 /* syscall tracepoint instrumentation */
24455 #define TIF_ADDR32 29 /* 32-bit address space on 64 bits */
24456 #define TIF_X32 30 /* 32-bit native x86-64 binary */
24457 +#define TIF_GRSEC_SETXID 31 /* update credentials on syscall entry/exit */
24458
24459 #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE)
24460 #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME)
24461 @@ -129,6 +131,7 @@ struct thread_info {
24462 #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT)
24463 #define _TIF_ADDR32 (1 << TIF_ADDR32)
24464 #define _TIF_X32 (1 << TIF_X32)
24465 +#define _TIF_GRSEC_SETXID (1 << TIF_GRSEC_SETXID)
24466
24467 /*
24468 * work to do in syscall_trace_enter(). Also includes TIF_NOHZ for
24469 @@ -137,12 +140,12 @@ struct thread_info {
24470 #define _TIF_WORK_SYSCALL_ENTRY \
24471 (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_EMU | _TIF_SYSCALL_AUDIT | \
24472 _TIF_SECCOMP | _TIF_SYSCALL_TRACEPOINT | \
24473 - _TIF_NOHZ)
24474 + _TIF_NOHZ | _TIF_GRSEC_SETXID)
24475
24476 /* work to do on any return to user space */
24477 #define _TIF_ALLWORK_MASK \
24478 ((0x0000FFFF & ~_TIF_SECCOMP) | _TIF_SYSCALL_TRACEPOINT | \
24479 - _TIF_NOHZ)
24480 + _TIF_NOHZ | _TIF_GRSEC_SETXID)
24481
24482 /* flags to check in __switch_to() */
24483 #define _TIF_WORK_CTXSW \
24484 @@ -160,9 +163,11 @@ struct thread_info {
24485 */
24486 #ifndef __ASSEMBLY__
24487
24488 +DECLARE_PER_CPU(struct thread_info *, current_tinfo);
24489 +
24490 static inline struct thread_info *current_thread_info(void)
24491 {
24492 - return (struct thread_info *)(current_top_of_stack() - THREAD_SIZE);
24493 + return this_cpu_read_stable(current_tinfo);
24494 }
24495
24496 static inline unsigned long current_stack_pointer(void)
24497 @@ -181,21 +186,21 @@ static inline unsigned long current_stack_pointer(void)
24498 * entirely contained by a single stack frame.
24499 *
24500 * Returns:
24501 - * 1 if within a frame
24502 - * -1 if placed across a frame boundary (or outside stack)
24503 - * 0 unable to determine (no frame pointers, etc)
24504 + * GOOD_FRAME if within a frame
24505 + * BAD_STACK if placed across a frame boundary (or outside stack)
24506 + * GOOD_STACK unable to determine (no frame pointers, etc)
24507 */
24508 -static inline int arch_within_stack_frames(const void * const stack,
24509 - const void * const stackend,
24510 - const void *obj, unsigned long len)
24511 +static __always_inline int arch_within_stack_frames(unsigned long stack,
24512 + unsigned long stackend,
24513 + unsigned long obj, unsigned long len)
24514 {
24515 #if defined(CONFIG_FRAME_POINTER)
24516 - const void *frame = NULL;
24517 - const void *oldframe;
24518 + unsigned long frame = 0;
24519 + unsigned long oldframe;
24520
24521 - oldframe = __builtin_frame_address(1);
24522 + oldframe = (unsigned long)__builtin_frame_address(1);
24523 if (oldframe)
24524 - frame = __builtin_frame_address(2);
24525 + frame = (unsigned long)__builtin_frame_address(2);
24526 /*
24527 * low ----------------------------------------------> high
24528 * [saved bp][saved ip][args][local vars][saved bp][saved ip]
24529 @@ -210,48 +215,21 @@ static inline int arch_within_stack_frames(const void * const stack,
24530 * the copy as invalid.
24531 */
24532 if (obj + len <= frame)
24533 - return obj >= oldframe + 2 * sizeof(void *) ? 1 : -1;
24534 + return obj >= oldframe + 2 * sizeof(unsigned long) ? GOOD_FRAME : BAD_STACK;
24535 oldframe = frame;
24536 - frame = *(const void * const *)frame;
24537 + frame = *(unsigned long *)frame;
24538 }
24539 - return -1;
24540 + return BAD_STACK;
24541 #else
24542 - return 0;
24543 + return GOOD_STACK;
24544 #endif
24545 }
24546
24547 #else /* !__ASSEMBLY__ */
24548
24549 -#ifdef CONFIG_X86_64
24550 -# define cpu_current_top_of_stack (cpu_tss + TSS_sp0)
24551 -#endif
24552 -
24553 -/*
24554 - * ASM operand which evaluates to a 'thread_info' address of
24555 - * the current task, if it is known that "reg" is exactly "off"
24556 - * bytes below the top of the stack currently.
24557 - *
24558 - * ( The kernel stack's size is known at build time, it is usually
24559 - * 2 or 4 pages, and the bottom of the kernel stack contains
24560 - * the thread_info structure. So to access the thread_info very
24561 - * quickly from assembly code we can calculate down from the
24562 - * top of the kernel stack to the bottom, using constant,
24563 - * build-time calculations only. )
24564 - *
24565 - * For example, to fetch the current thread_info->flags value into %eax
24566 - * on x86-64 defconfig kernels, in syscall entry code where RSP is
24567 - * currently at exactly SIZEOF_PTREGS bytes away from the top of the
24568 - * stack:
24569 - *
24570 - * mov ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS), %eax
24571 - *
24572 - * will translate to:
24573 - *
24574 - * 8b 84 24 b8 c0 ff ff mov -0x3f48(%rsp), %eax
24575 - *
24576 - * which is below the current RSP by almost 16K.
24577 - */
24578 -#define ASM_THREAD_INFO(field, reg, off) ((field)+(off)-THREAD_SIZE)(reg)
24579 +/* Load thread_info address into "reg" */
24580 +#define GET_THREAD_INFO(reg) \
24581 + _ASM_MOV PER_CPU_VAR(current_tinfo),reg ;
24582
24583 #endif
24584
24585 @@ -293,6 +271,13 @@ static inline bool in_ia32_syscall(void)
24586 extern void arch_task_cache_init(void);
24587 extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src);
24588 extern void arch_release_task_struct(struct task_struct *tsk);
24589 +
24590 +#define __HAVE_THREAD_FUNCTIONS
24591 +#define task_thread_info(task) (&(task)->tinfo)
24592 +#define task_stack_page(task) ((task)->stack)
24593 +#define setup_thread_stack(p, org) do {} while (0)
24594 +#define end_of_stack(p) ((unsigned long *)task_stack_page(p) + 1)
24595 +
24596 #endif /* !__ASSEMBLY__ */
24597
24598 #endif /* _ASM_X86_THREAD_INFO_H */
24599 diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
24600 index dee8a70..270877a 100644
24601 --- a/arch/x86/include/asm/tlbflush.h
24602 +++ b/arch/x86/include/asm/tlbflush.h
24603 @@ -89,7 +89,9 @@ static inline void cr4_set_bits(unsigned long mask)
24604 {
24605 unsigned long cr4;
24606
24607 +// BUG_ON(!arch_irqs_disabled());
24608 cr4 = this_cpu_read(cpu_tlbstate.cr4);
24609 + BUG_ON(cr4 != __read_cr4());
24610 if ((cr4 | mask) != cr4) {
24611 cr4 |= mask;
24612 this_cpu_write(cpu_tlbstate.cr4, cr4);
24613 @@ -102,7 +104,9 @@ static inline void cr4_clear_bits(unsigned long mask)
24614 {
24615 unsigned long cr4;
24616
24617 +// BUG_ON(!arch_irqs_disabled());
24618 cr4 = this_cpu_read(cpu_tlbstate.cr4);
24619 + BUG_ON(cr4 != __read_cr4());
24620 if ((cr4 & ~mask) != cr4) {
24621 cr4 &= ~mask;
24622 this_cpu_write(cpu_tlbstate.cr4, cr4);
24623 @@ -113,6 +117,7 @@ static inline void cr4_clear_bits(unsigned long mask)
24624 /* Read the CR4 shadow. */
24625 static inline unsigned long cr4_read_shadow(void)
24626 {
24627 +// BUG_ON(!arch_irqs_disabled());
24628 return this_cpu_read(cpu_tlbstate.cr4);
24629 }
24630
24631 @@ -135,6 +140,25 @@ static inline void cr4_set_bits_and_update_boot(unsigned long mask)
24632
24633 static inline void __native_flush_tlb(void)
24634 {
24635 + if (static_cpu_has(X86_FEATURE_INVPCID)) {
24636 + u64 descriptor[2];
24637 +
24638 + descriptor[0] = PCID_KERNEL;
24639 + asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_NONGLOBAL) : "memory");
24640 + return;
24641 + }
24642 +
24643 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
24644 + if (static_cpu_has(X86_FEATURE_PCIDUDEREF)) {
24645 + unsigned int cpu = raw_get_cpu();
24646 +
24647 + native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER);
24648 + native_write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL);
24649 + raw_put_cpu_no_resched();
24650 + return;
24651 + }
24652 +#endif
24653 +
24654 /*
24655 * If current->mm == NULL then we borrow a mm which may change during a
24656 * task switch and therefore we must not be preempted while we write CR3
24657 @@ -147,13 +171,21 @@ static inline void __native_flush_tlb(void)
24658
24659 static inline void __native_flush_tlb_global_irq_disabled(void)
24660 {
24661 - unsigned long cr4;
24662 + if (static_cpu_has(X86_FEATURE_INVPCID)) {
24663 + u64 descriptor[2];
24664
24665 - cr4 = this_cpu_read(cpu_tlbstate.cr4);
24666 - /* clear PGE */
24667 - native_write_cr4(cr4 & ~X86_CR4_PGE);
24668 - /* write old PGE again and flush TLBs */
24669 - native_write_cr4(cr4);
24670 + descriptor[0] = PCID_KERNEL;
24671 + asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_GLOBAL) : "memory");
24672 + } else {
24673 + unsigned long cr4;
24674 +
24675 + cr4 = this_cpu_read(cpu_tlbstate.cr4);
24676 + BUG_ON(cr4 != __read_cr4());
24677 + /* clear PGE */
24678 + native_write_cr4(cr4 & ~X86_CR4_PGE);
24679 + /* write old PGE again and flush TLBs */
24680 + native_write_cr4(cr4);
24681 + }
24682 }
24683
24684 static inline void __native_flush_tlb_global(void)
24685 @@ -183,6 +215,43 @@ static inline void __native_flush_tlb_global(void)
24686
24687 static inline void __native_flush_tlb_single(unsigned long addr)
24688 {
24689 + if (static_cpu_has(X86_FEATURE_INVPCID)) {
24690 + u64 descriptor[2];
24691 +
24692 + descriptor[0] = PCID_KERNEL;
24693 + descriptor[1] = addr;
24694 +
24695 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
24696 + if (static_cpu_has(X86_FEATURE_PCIDUDEREF)) {
24697 + if (!static_cpu_has(X86_FEATURE_STRONGUDEREF) || addr >= TASK_SIZE_MAX) {
24698 + if (addr < TASK_SIZE_MAX)
24699 + descriptor[1] += pax_user_shadow_base;
24700 + asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory");
24701 + }
24702 +
24703 + descriptor[0] = PCID_USER;
24704 + descriptor[1] = addr;
24705 + }
24706 +#endif
24707 +
24708 + asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory");
24709 + return;
24710 + }
24711 +
24712 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
24713 + if (static_cpu_has(X86_FEATURE_PCIDUDEREF)) {
24714 + unsigned int cpu = raw_get_cpu();
24715 +
24716 + native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER | PCID_NOFLUSH);
24717 + asm volatile("invlpg (%0)" ::"r" (addr) : "memory");
24718 + native_write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH);
24719 + raw_put_cpu_no_resched();
24720 +
24721 + if (!static_cpu_has(X86_FEATURE_STRONGUDEREF) && addr < TASK_SIZE_MAX)
24722 + addr += pax_user_shadow_base;
24723 + }
24724 +#endif
24725 +
24726 asm volatile("invlpg (%0)" ::"r" (addr) : "memory");
24727 }
24728
24729 diff --git a/arch/x86/include/asm/trace/fpu.h b/arch/x86/include/asm/trace/fpu.h
24730 index 9217ab1..90c91bf 100644
24731 --- a/arch/x86/include/asm/trace/fpu.h
24732 +++ b/arch/x86/include/asm/trace/fpu.h
24733 @@ -25,8 +25,8 @@ DECLARE_EVENT_CLASS(x86_fpu,
24734 __entry->fpstate_active = fpu->fpstate_active;
24735 __entry->counter = fpu->counter;
24736 if (boot_cpu_has(X86_FEATURE_OSXSAVE)) {
24737 - __entry->xfeatures = fpu->state.xsave.header.xfeatures;
24738 - __entry->xcomp_bv = fpu->state.xsave.header.xcomp_bv;
24739 + __entry->xfeatures = fpu->state->xsave.header.xfeatures;
24740 + __entry->xcomp_bv = fpu->state->xsave.header.xcomp_bv;
24741 }
24742 ),
24743 TP_printk("x86/fpu: %p fpregs_active: %d fpstate_active: %d counter: %d xfeatures: %llx xcomp_bv: %llx",
24744 diff --git a/arch/x86/include/asm/traps.h b/arch/x86/include/asm/traps.h
24745 index c3496619..9b914af 100644
24746 --- a/arch/x86/include/asm/traps.h
24747 +++ b/arch/x86/include/asm/traps.h
24748 @@ -10,7 +10,7 @@
24749 #define dotraplinkage __visible
24750
24751 asmlinkage void divide_error(void);
24752 -asmlinkage void debug(void);
24753 +asmlinkage void int1(void);
24754 asmlinkage void nmi(void);
24755 asmlinkage void int3(void);
24756 asmlinkage void xen_debug(void);
24757 @@ -38,6 +38,15 @@ asmlinkage void machine_check(void);
24758 #endif /* CONFIG_X86_MCE */
24759 asmlinkage void simd_coprocessor_error(void);
24760
24761 +#ifdef CONFIG_PAX_REFCOUNT
24762 +asmlinkage void refcount_error(void);
24763 +#endif
24764 +
24765 +#ifdef CONFIG_PAX_RAP
24766 +asmlinkage void rap_call_error(void);
24767 +asmlinkage void rap_ret_error(void);
24768 +#endif
24769 +
24770 #ifdef CONFIG_TRACING
24771 asmlinkage void trace_page_fault(void);
24772 #define trace_stack_segment stack_segment
24773 @@ -54,6 +63,7 @@ asmlinkage void trace_page_fault(void);
24774 #define trace_alignment_check alignment_check
24775 #define trace_simd_coprocessor_error simd_coprocessor_error
24776 #define trace_async_page_fault async_page_fault
24777 +#define trace_refcount_error refcount_error
24778 #endif
24779
24780 dotraplinkage void do_divide_error(struct pt_regs *, long);
24781 @@ -107,7 +117,7 @@ extern int panic_on_unrecovered_nmi;
24782
24783 void math_emulate(struct math_emu_info *);
24784 #ifndef CONFIG_X86_32
24785 -asmlinkage void smp_thermal_interrupt(void);
24786 +asmlinkage void smp_thermal_interrupt(struct pt_regs *regs);
24787 asmlinkage void smp_threshold_interrupt(void);
24788 asmlinkage void smp_deferred_error_interrupt(void);
24789 #endif
24790 @@ -139,6 +149,9 @@ enum {
24791 X86_TRAP_AC, /* 17, Alignment Check */
24792 X86_TRAP_MC, /* 18, Machine Check */
24793 X86_TRAP_XF, /* 19, SIMD Floating-Point Exception */
24794 + X86_TRAP_VE, /* 20, Virtualization Exception */
24795 + X86_TRAP_CP, /* 21, Control Protection Exception */
24796 + X86_TRAP_SX = 30, /* 30, Security Exception */
24797 X86_TRAP_IRET = 32, /* 32, IRET Exception */
24798 };
24799
24800 diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
24801 index 2131c4c..120dcaa 100644
24802 --- a/arch/x86/include/asm/uaccess.h
24803 +++ b/arch/x86/include/asm/uaccess.h
24804 @@ -8,6 +8,7 @@
24805 #include <linux/kasan-checks.h>
24806 #include <linux/thread_info.h>
24807 #include <linux/string.h>
24808 +#include <linux/spinlock.h>
24809 #include <asm/asm.h>
24810 #include <asm/page.h>
24811 #include <asm/smap.h>
24812 @@ -29,12 +30,17 @@
24813 #define USER_DS MAKE_MM_SEG(TASK_SIZE_MAX)
24814
24815 #define get_ds() (KERNEL_DS)
24816 -#define get_fs() (current->thread.addr_limit)
24817 -#define set_fs(x) (current->thread.addr_limit = (x))
24818 +#define get_fs() (current_thread_info()->addr_limit)
24819 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
24820 +void __set_fs(mm_segment_t x);
24821 +void set_fs(mm_segment_t x);
24822 +#else
24823 +#define set_fs(x) (current_thread_info()->addr_limit = (x))
24824 +#endif
24825
24826 #define segment_eq(a, b) ((a).seg == (b).seg)
24827
24828 -#define user_addr_max() (current->thread.addr_limit.seg)
24829 +#define user_addr_max() (current_thread_info()->addr_limit.seg)
24830 #define __addr_ok(addr) \
24831 ((unsigned long __force)(addr) < user_addr_max())
24832
24833 @@ -87,8 +93,36 @@ static inline bool __chk_range_not_ok(unsigned long addr, unsigned long size, un
24834 * checks that the pointer is in the user space range - after calling
24835 * this function, memory access functions may still return -EFAULT.
24836 */
24837 -#define access_ok(type, addr, size) \
24838 - likely(!__range_not_ok(addr, size, user_addr_max()))
24839 +extern int _cond_resched(void);
24840 +#define access_ok_noprefault(type, addr, size) (likely(!__range_not_ok(addr, size, user_addr_max())))
24841 +#define access_ok(type, addr, size) \
24842 +({ \
24843 + unsigned long __size = size; \
24844 + unsigned long __addr = (unsigned long)addr; \
24845 + bool __ret_ao = __range_not_ok(__addr, __size, user_addr_max()) == 0;\
24846 + if (__ret_ao && __size < 256 * PAGE_SIZE) { \
24847 + unsigned long __addr_ao = __addr & PAGE_MASK; \
24848 + unsigned long __end_ao = __addr + __size - 1; \
24849 + if (unlikely((__end_ao ^ __addr_ao) & PAGE_MASK)) { \
24850 + while (__addr_ao <= __end_ao) { \
24851 + char __c_ao; \
24852 + __addr_ao += PAGE_SIZE; \
24853 + if (__size > PAGE_SIZE) \
24854 + _cond_resched(); \
24855 + if (__get_user(__c_ao, (char __user *)__addr)) \
24856 + break; \
24857 + if ((type) != VERIFY_WRITE) { \
24858 + __addr = __addr_ao; \
24859 + continue; \
24860 + } \
24861 + if (__put_user(__c_ao, (char __user *)__addr)) \
24862 + break; \
24863 + __addr = __addr_ao; \
24864 + } \
24865 + } \
24866 + } \
24867 + __ret_ao; \
24868 +})
24869
24870 /*
24871 * The exception table consists of triples of addresses relative to the
24872 @@ -142,15 +176,27 @@ extern int __get_user_4(void);
24873 extern int __get_user_8(void);
24874 extern int __get_user_bad(void);
24875
24876 -#define __uaccess_begin() stac()
24877 -#define __uaccess_end() clac()
24878 +#define __uaccess_begin() pax_open_userland(); stac()
24879 +#define __uaccess_end() clac(); pax_close_userland()
24880 +
24881 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
24882 +#define __copyuser_seg "gs;"
24883 +#define __COPYUSER_SET_ES "pushl %%gs; popl %%es\n"
24884 +#define __COPYUSER_RESTORE_ES "pushl %%ss; popl %%es\n"
24885 +#else
24886 +#define __copyuser_seg
24887 +#define __COPYUSER_SET_ES
24888 +#define __COPYUSER_RESTORE_ES
24889 +#endif
24890
24891 /*
24892 - * This is a type: either unsigned long, if the argument fits into
24893 - * that type, or otherwise unsigned long long.
24894 + * This is a type: either (un)signed int, if the argument fits into
24895 + * that type, or otherwise (un)signed long long.
24896 */
24897 #define __inttype(x) \
24898 -__typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
24899 +__typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0U), \
24900 + __builtin_choose_expr(__type_is_unsigned(__typeof__(x)), 0ULL, 0LL),\
24901 + __builtin_choose_expr(__type_is_unsigned(__typeof__(x)), 0U, 0)))
24902
24903 /**
24904 * get_user: - Get a simple variable from user space.
24905 @@ -201,14 +247,12 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
24906 asm volatile("call __put_user_" #size : "=a" (__ret_pu) \
24907 : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx")
24908
24909 -
24910 -
24911 #ifdef CONFIG_X86_32
24912 #define __put_user_asm_u64(x, addr, err, errret) \
24913 asm volatile("\n" \
24914 - "1: movl %%eax,0(%2)\n" \
24915 - "2: movl %%edx,4(%2)\n" \
24916 - "3:" \
24917 + "1: "__copyuser_seg"movl %%eax,0(%2)\n" \
24918 + "2: "__copyuser_seg"movl %%edx,4(%2)\n" \
24919 + "3:\n" \
24920 ".section .fixup,\"ax\"\n" \
24921 "4: movl %3,%0\n" \
24922 " jmp 3b\n" \
24923 @@ -220,9 +264,9 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
24924
24925 #define __put_user_asm_ex_u64(x, addr) \
24926 asm volatile("\n" \
24927 - "1: movl %%eax,0(%1)\n" \
24928 - "2: movl %%edx,4(%1)\n" \
24929 - "3:" \
24930 + "1: "__copyuser_seg"movl %%eax,0(%1)\n" \
24931 + "2: "__copyuser_seg"movl %%edx,4(%1)\n" \
24932 + "3:\n" \
24933 _ASM_EXTABLE_EX(1b, 2b) \
24934 _ASM_EXTABLE_EX(2b, 3b) \
24935 : : "A" (x), "r" (addr))
24936 @@ -269,10 +313,10 @@ extern void __put_user_8(void);
24937 #define put_user(x, ptr) \
24938 ({ \
24939 int __ret_pu; \
24940 - __typeof__(*(ptr)) __pu_val; \
24941 + __inttype(*(ptr)) __pu_val; \
24942 __chk_user_ptr(ptr); \
24943 might_fault(); \
24944 - __pu_val = x; \
24945 + __pu_val = (__inttype(*(ptr)))(x); \
24946 switch (sizeof(*(ptr))) { \
24947 case 1: \
24948 __put_user_x(1, __pu_val, ptr, __ret_pu); \
24949 @@ -345,10 +389,9 @@ do { \
24950 #define __get_user_asm_u64(x, ptr, retval, errret) \
24951 ({ \
24952 __typeof__(ptr) __ptr = (ptr); \
24953 - asm volatile(ASM_STAC "\n" \
24954 - "1: movl %2,%%eax\n" \
24955 + asm volatile("1: movl %2,%%eax\n" \
24956 "2: movl %3,%%edx\n" \
24957 - "3: " ASM_CLAC "\n" \
24958 + "3:\n" \
24959 ".section .fixup,\"ax\"\n" \
24960 "4: mov %4,%0\n" \
24961 " xorl %%eax,%%eax\n" \
24962 @@ -376,10 +419,10 @@ do { \
24963 __chk_user_ptr(ptr); \
24964 switch (size) { \
24965 case 1: \
24966 - __get_user_asm(x, ptr, retval, "b", "b", "=q", errret); \
24967 + __get_user_asm(x, ptr, retval, "zbl", "k", "=r", errret);\
24968 break; \
24969 case 2: \
24970 - __get_user_asm(x, ptr, retval, "w", "w", "=r", errret); \
24971 + __get_user_asm(x, ptr, retval, "zwl", "k", "=r", errret);\
24972 break; \
24973 case 4: \
24974 __get_user_asm(x, ptr, retval, "l", "k", "=r", errret); \
24975 @@ -393,17 +436,19 @@ do { \
24976 } while (0)
24977
24978 #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \
24979 +do { \
24980 asm volatile("\n" \
24981 - "1: mov"itype" %2,%"rtype"1\n" \
24982 + "1: "__copyuser_seg"mov"itype" %2,%"rtype"1\n"\
24983 "2:\n" \
24984 ".section .fixup,\"ax\"\n" \
24985 "3: mov %3,%0\n" \
24986 - " xor"itype" %"rtype"1,%"rtype"1\n" \
24987 + " xorl %k1,%k1\n" \
24988 " jmp 2b\n" \
24989 ".previous\n" \
24990 _ASM_EXTABLE(1b, 3b) \
24991 - : "=r" (err), ltype(x) \
24992 - : "m" (__m(addr)), "i" (errret), "0" (err))
24993 + : "=r" (err), ltype (x) \
24994 + : "m" (__m(addr)), "i" (errret), "0" (err)); \
24995 +} while (0)
24996
24997 /*
24998 * This doesn't do __uaccess_begin/end - the exception handling
24999 @@ -414,10 +459,10 @@ do { \
25000 __chk_user_ptr(ptr); \
25001 switch (size) { \
25002 case 1: \
25003 - __get_user_asm_ex(x, ptr, "b", "b", "=q"); \
25004 + __get_user_asm_ex(x, ptr, "zbl", "k", "=r"); \
25005 break; \
25006 case 2: \
25007 - __get_user_asm_ex(x, ptr, "w", "w", "=r"); \
25008 + __get_user_asm_ex(x, ptr, "zwl", "k", "=r"); \
25009 break; \
25010 case 4: \
25011 __get_user_asm_ex(x, ptr, "l", "k", "=r"); \
25012 @@ -431,10 +476,10 @@ do { \
25013 } while (0)
25014
25015 #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \
25016 - asm volatile("1: mov"itype" %1,%"rtype"0\n" \
25017 + asm volatile("1: "__copyuser_seg"mov"itype" %1,%"rtype"0\n"\
25018 "2:\n" \
25019 ".section .fixup,\"ax\"\n" \
25020 - "3:xor"itype" %"rtype"0,%"rtype"0\n" \
25021 + "3:xorl %k0,%k0\n" \
25022 " jmp 2b\n" \
25023 ".previous\n" \
25024 _ASM_EXTABLE_EX(1b, 3b) \
25025 @@ -456,13 +501,24 @@ do { \
25026 __uaccess_begin(); \
25027 __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \
25028 __uaccess_end(); \
25029 - (x) = (__force __typeof__(*(ptr)))__gu_val; \
25030 + (x) = (__typeof__(*(ptr)))__gu_val; \
25031 __builtin_expect(__gu_err, 0); \
25032 })
25033
25034 /* FIXME: this hack is definitely wrong -AK */
25035 struct __large_struct { unsigned long buf[100]; };
25036 -#define __m(x) (*(struct __large_struct __user *)(x))
25037 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
25038 +#define ____m(x) \
25039 +({ \
25040 + unsigned long ____x = (unsigned long)(x); \
25041 + if (____x < pax_user_shadow_base) \
25042 + ____x += pax_user_shadow_base; \
25043 + (typeof(x))____x; \
25044 +})
25045 +#else
25046 +#define ____m(x) (x)
25047 +#endif
25048 +#define __m(x) (*(struct __large_struct __user *)____m(x))
25049
25050 /*
25051 * Tell gcc we read from memory instead of writing: this is because
25052 @@ -470,8 +526,9 @@ struct __large_struct { unsigned long buf[100]; };
25053 * aliasing issues.
25054 */
25055 #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \
25056 +do { \
25057 asm volatile("\n" \
25058 - "1: mov"itype" %"rtype"1,%2\n" \
25059 + "1: "__copyuser_seg"mov"itype" %"rtype"1,%2\n"\
25060 "2:\n" \
25061 ".section .fixup,\"ax\"\n" \
25062 "3: mov %3,%0\n" \
25063 @@ -479,10 +536,11 @@ struct __large_struct { unsigned long buf[100]; };
25064 ".previous\n" \
25065 _ASM_EXTABLE(1b, 3b) \
25066 : "=r"(err) \
25067 - : ltype(x), "m" (__m(addr)), "i" (errret), "0" (err))
25068 + : ltype (x), "m" (__m(addr)), "i" (errret), "0" (err));\
25069 +} while (0)
25070
25071 #define __put_user_asm_ex(x, addr, itype, rtype, ltype) \
25072 - asm volatile("1: mov"itype" %"rtype"0,%1\n" \
25073 + asm volatile("1: "__copyuser_seg"mov"itype" %"rtype"0,%1\n"\
25074 "2:\n" \
25075 _ASM_EXTABLE_EX(1b, 2b) \
25076 : : ltype(x), "m" (__m(addr)))
25077 @@ -522,8 +580,12 @@ struct __large_struct { unsigned long buf[100]; };
25078 * On error, the variable @x is set to zero.
25079 */
25080
25081 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
25082 +#define __get_user(x, ptr) get_user((x), (ptr))
25083 +#else
25084 #define __get_user(x, ptr) \
25085 __get_user_nocheck((x), (ptr), sizeof(*(ptr)))
25086 +#endif
25087
25088 /**
25089 * __put_user: - Write a simple value into user space, with less checking.
25090 @@ -546,8 +608,12 @@ struct __large_struct { unsigned long buf[100]; };
25091 * Returns zero on success, or -EFAULT on error.
25092 */
25093
25094 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
25095 +#define __put_user(x, ptr) put_user((x), (ptr))
25096 +#else
25097 #define __put_user(x, ptr) \
25098 __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
25099 +#endif
25100
25101 #define __get_user_unaligned __get_user
25102 #define __put_user_unaligned __put_user
25103 @@ -565,7 +631,7 @@ struct __large_struct { unsigned long buf[100]; };
25104 #define get_user_ex(x, ptr) do { \
25105 unsigned long __gue_val; \
25106 __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \
25107 - (x) = (__force __typeof__(*(ptr)))__gue_val; \
25108 + (x) = (__typeof__(*(ptr)))__gue_val; \
25109 } while (0)
25110
25111 #define put_user_try uaccess_try
25112 @@ -583,7 +649,7 @@ extern __must_check long strlen_user(const char __user *str);
25113 extern __must_check long strnlen_user(const char __user *str, long n);
25114
25115 unsigned long __must_check clear_user(void __user *mem, unsigned long len);
25116 -unsigned long __must_check __clear_user(void __user *mem, unsigned long len);
25117 +unsigned long __must_check __clear_user(void __user *mem, unsigned long len) __size_overflow(2);
25118
25119 extern void __cmpxchg_wrong_size(void)
25120 __compiletime_error("Bad argument size for cmpxchg");
25121 @@ -591,22 +657,22 @@ extern void __cmpxchg_wrong_size(void)
25122 #define __user_atomic_cmpxchg_inatomic(uval, ptr, old, new, size) \
25123 ({ \
25124 int __ret = 0; \
25125 - __typeof__(ptr) __uval = (uval); \
25126 - __typeof__(*(ptr)) __old = (old); \
25127 - __typeof__(*(ptr)) __new = (new); \
25128 + __typeof__(uval) __uval = (uval); \
25129 + __typeof__(*(uval)) __old = (old); \
25130 + __typeof__(*(uval)) __new = (new); \
25131 __uaccess_begin(); \
25132 switch (size) { \
25133 case 1: \
25134 { \
25135 asm volatile("\n" \
25136 - "1:\t" LOCK_PREFIX "cmpxchgb %4, %2\n" \
25137 + "1:\t" LOCK_PREFIX __copyuser_seg"cmpxchgb %4, %2\n"\
25138 "2:\n" \
25139 "\t.section .fixup, \"ax\"\n" \
25140 "3:\tmov %3, %0\n" \
25141 "\tjmp 2b\n" \
25142 "\t.previous\n" \
25143 _ASM_EXTABLE(1b, 3b) \
25144 - : "+r" (__ret), "=a" (__old), "+m" (*(ptr)) \
25145 + : "+r" (__ret), "=a" (__old), "+m" (*____m(ptr))\
25146 : "i" (-EFAULT), "q" (__new), "1" (__old) \
25147 : "memory" \
25148 ); \
25149 @@ -615,14 +681,14 @@ extern void __cmpxchg_wrong_size(void)
25150 case 2: \
25151 { \
25152 asm volatile("\n" \
25153 - "1:\t" LOCK_PREFIX "cmpxchgw %4, %2\n" \
25154 + "1:\t" LOCK_PREFIX __copyuser_seg"cmpxchgw %4, %2\n"\
25155 "2:\n" \
25156 "\t.section .fixup, \"ax\"\n" \
25157 "3:\tmov %3, %0\n" \
25158 "\tjmp 2b\n" \
25159 "\t.previous\n" \
25160 _ASM_EXTABLE(1b, 3b) \
25161 - : "+r" (__ret), "=a" (__old), "+m" (*(ptr)) \
25162 + : "+r" (__ret), "=a" (__old), "+m" (*____m(ptr))\
25163 : "i" (-EFAULT), "r" (__new), "1" (__old) \
25164 : "memory" \
25165 ); \
25166 @@ -631,14 +697,14 @@ extern void __cmpxchg_wrong_size(void)
25167 case 4: \
25168 { \
25169 asm volatile("\n" \
25170 - "1:\t" LOCK_PREFIX "cmpxchgl %4, %2\n" \
25171 + "1:\t" LOCK_PREFIX __copyuser_seg"cmpxchgl %4, %2\n"\
25172 "2:\n" \
25173 "\t.section .fixup, \"ax\"\n" \
25174 "3:\tmov %3, %0\n" \
25175 "\tjmp 2b\n" \
25176 "\t.previous\n" \
25177 _ASM_EXTABLE(1b, 3b) \
25178 - : "+r" (__ret), "=a" (__old), "+m" (*(ptr)) \
25179 + : "+r" (__ret), "=a" (__old), "+m" (*____m(ptr))\
25180 : "i" (-EFAULT), "r" (__new), "1" (__old) \
25181 : "memory" \
25182 ); \
25183 @@ -650,14 +716,14 @@ extern void __cmpxchg_wrong_size(void)
25184 __cmpxchg_wrong_size(); \
25185 \
25186 asm volatile("\n" \
25187 - "1:\t" LOCK_PREFIX "cmpxchgq %4, %2\n" \
25188 + "1:\t" LOCK_PREFIX __copyuser_seg"cmpxchgq %4, %2\n"\
25189 "2:\n" \
25190 "\t.section .fixup, \"ax\"\n" \
25191 "3:\tmov %3, %0\n" \
25192 "\tjmp 2b\n" \
25193 "\t.previous\n" \
25194 _ASM_EXTABLE(1b, 3b) \
25195 - : "+r" (__ret), "=a" (__old), "+m" (*(ptr)) \
25196 + : "+r" (__ret), "=a" (__old), "+m" (*____m(ptr))\
25197 : "i" (-EFAULT), "r" (__new), "1" (__old) \
25198 : "memory" \
25199 ); \
25200 @@ -690,17 +756,6 @@ extern struct movsl_mask {
25201
25202 #define ARCH_HAS_NOCACHE_UACCESS 1
25203
25204 -#ifdef CONFIG_X86_32
25205 -# include <asm/uaccess_32.h>
25206 -#else
25207 -# include <asm/uaccess_64.h>
25208 -#endif
25209 -
25210 -unsigned long __must_check _copy_from_user(void *to, const void __user *from,
25211 - unsigned n);
25212 -unsigned long __must_check _copy_to_user(void __user *to, const void *from,
25213 - unsigned n);
25214 -
25215 extern void __compiletime_error("usercopy buffer size is too small")
25216 __bad_copy_user(void);
25217
25218 @@ -709,22 +764,30 @@ static inline void copy_user_overflow(int size, unsigned long count)
25219 WARN(1, "Buffer overflow detected (%d < %lu)!\n", size, count);
25220 }
25221
25222 +#ifdef CONFIG_X86_32
25223 +# include <asm/uaccess_32.h>
25224 +#else
25225 +# include <asm/uaccess_64.h>
25226 +#endif
25227 +
25228 static __always_inline unsigned long __must_check
25229 copy_from_user(void *to, const void __user *from, unsigned long n)
25230 {
25231 - int sz = __compiletime_object_size(to);
25232 + size_t sz = __compiletime_object_size(to);
25233
25234 might_fault();
25235
25236 kasan_check_write(to, n);
25237
25238 - if (likely(sz < 0 || sz >= n)) {
25239 - check_object_size(to, n, false);
25240 - n = _copy_from_user(to, from, n);
25241 - } else if (!__builtin_constant_p(n))
25242 - copy_user_overflow(sz, n);
25243 - else
25244 - __bad_copy_user();
25245 + if (unlikely(sz != (size_t)-1 && sz < n)) {
25246 + if (!__builtin_constant_p(n))
25247 + copy_user_overflow(sz, n);
25248 + else
25249 + __bad_copy_user();
25250 + } else if (access_ok(VERIFY_READ, from, n))
25251 + n = __copy_from_user(to, from, n);
25252 + else if ((long)n > 0)
25253 + memset(to, 0, n);
25254
25255 return n;
25256 }
25257 @@ -732,19 +795,19 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
25258 static __always_inline unsigned long __must_check
25259 copy_to_user(void __user *to, const void *from, unsigned long n)
25260 {
25261 - int sz = __compiletime_object_size(from);
25262 + size_t sz = __compiletime_object_size(from);
25263
25264 kasan_check_read(from, n);
25265
25266 might_fault();
25267
25268 - if (likely(sz < 0 || sz >= n)) {
25269 - check_object_size(from, n, true);
25270 - n = _copy_to_user(to, from, n);
25271 - } else if (!__builtin_constant_p(n))
25272 - copy_user_overflow(sz, n);
25273 - else
25274 - __bad_copy_user();
25275 + if (unlikely(sz != (size_t)-1 && sz < n)) {
25276 + if (!__builtin_constant_p(n))
25277 + copy_user_overflow(sz, n);
25278 + else
25279 + __bad_copy_user();
25280 + } else if (access_ok(VERIFY_WRITE, to, n))
25281 + n = __copy_to_user(to, from, n);
25282
25283 return n;
25284 }
25285 diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h
25286 index 7d3bdd1..67d81f6 100644
25287 --- a/arch/x86/include/asm/uaccess_32.h
25288 +++ b/arch/x86/include/asm/uaccess_32.h
25289 @@ -34,9 +34,12 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero
25290 * The caller should also make sure he pins the user space address
25291 * so that we don't result in page fault and sleep.
25292 */
25293 -static __always_inline unsigned long __must_check
25294 +static __always_inline __size_overflow(3) unsigned long __must_check
25295 __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
25296 {
25297 + if ((long)n < 0)
25298 + return n;
25299 +
25300 check_object_size(from, n, true);
25301 return __copy_to_user_ll(to, from, n);
25302 }
25303 @@ -60,12 +63,17 @@ static __always_inline unsigned long __must_check
25304 __copy_to_user(void __user *to, const void *from, unsigned long n)
25305 {
25306 might_fault();
25307 +
25308 return __copy_to_user_inatomic(to, from, n);
25309 }
25310
25311 -static __always_inline unsigned long
25312 +static __always_inline __size_overflow(3) unsigned long
25313 __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n)
25314 {
25315 + if ((long)n < 0)
25316 + return n;
25317 +
25318 + check_object_size(to, n, false);
25319 return __copy_from_user_ll_nozero(to, from, n);
25320 }
25321
25322 @@ -96,6 +104,10 @@ static __always_inline unsigned long
25323 __copy_from_user(void *to, const void __user *from, unsigned long n)
25324 {
25325 might_fault();
25326 +
25327 + if ((long)n < 0)
25328 + return n;
25329 +
25330 check_object_size(to, n, false);
25331 if (__builtin_constant_p(n)) {
25332 unsigned long ret;
25333 @@ -125,6 +137,11 @@ static __always_inline unsigned long __copy_from_user_nocache(void *to,
25334 const void __user *from, unsigned long n)
25335 {
25336 might_fault();
25337 +
25338 + if ((long)n < 0)
25339 + return n;
25340 +
25341 + check_object_size(to, n, false);
25342 if (__builtin_constant_p(n)) {
25343 unsigned long ret;
25344
25345 @@ -153,7 +170,11 @@ static __always_inline unsigned long
25346 __copy_from_user_inatomic_nocache(void *to, const void __user *from,
25347 unsigned long n)
25348 {
25349 - return __copy_from_user_ll_nocache_nozero(to, from, n);
25350 + if ((long)n < 0)
25351 + return n;
25352 +
25353 + check_object_size(to, n, false);
25354 + return __copy_from_user_ll_nocache_nozero(to, from, n);
25355 }
25356
25357 #endif /* _ASM_X86_UACCESS_32_H */
25358 diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
25359 index 673059a..286a5bf 100644
25360 --- a/arch/x86/include/asm/uaccess_64.h
25361 +++ b/arch/x86/include/asm/uaccess_64.h
25362 @@ -11,6 +11,7 @@
25363 #include <asm/alternative.h>
25364 #include <asm/cpufeatures.h>
25365 #include <asm/page.h>
25366 +#include <asm/pgtable.h>
25367
25368 /*
25369 * Copy To/From Userspace
25370 @@ -24,8 +25,8 @@ copy_user_generic_string(void *to, const void *from, unsigned len);
25371 __must_check unsigned long
25372 copy_user_generic_unrolled(void *to, const void *from, unsigned len);
25373
25374 -static __always_inline __must_check unsigned long
25375 -copy_user_generic(void *to, const void *from, unsigned len)
25376 +static __always_inline __must_check __size_overflow(3) unsigned long
25377 +copy_user_generic(void *to, const void *from, unsigned long len)
25378 {
25379 unsigned ret;
25380
25381 @@ -47,68 +48,86 @@ copy_user_generic(void *to, const void *from, unsigned len)
25382 }
25383
25384 __must_check unsigned long
25385 -copy_in_user(void __user *to, const void __user *from, unsigned len);
25386 +copy_in_user(void __user *to, const void __user *from, unsigned long len);
25387
25388 static __always_inline __must_check
25389 -int __copy_from_user_nocheck(void *dst, const void __user *src, unsigned size)
25390 +unsigned long __copy_from_user_nocheck(void *dst, const void __user *src, unsigned long size)
25391 {
25392 - int ret = 0;
25393 + size_t sz = __compiletime_object_size(dst);
25394 + unsigned ret = 0;
25395 +
25396 + if (size > INT_MAX)
25397 + return size;
25398
25399 check_object_size(dst, size, false);
25400 +
25401 +#ifdef CONFIG_PAX_MEMORY_UDEREF
25402 + if (!access_ok_noprefault(VERIFY_READ, src, size))
25403 + return size;
25404 +#endif
25405 +
25406 + if (unlikely(sz != (size_t)-1 && sz < size)) {
25407 + if(__builtin_constant_p(size))
25408 + __bad_copy_user();
25409 + else
25410 + copy_user_overflow(sz, size);
25411 + return size;
25412 + }
25413 +
25414 if (!__builtin_constant_p(size))
25415 - return copy_user_generic(dst, (__force void *)src, size);
25416 + return copy_user_generic(dst, (__force_kernel const void *)____m(src), size);
25417 switch (size) {
25418 case 1:
25419 __uaccess_begin();
25420 - __get_user_asm(*(u8 *)dst, (u8 __user *)src,
25421 + __get_user_asm(*(u8 *)dst, (const u8 __user *)src,
25422 ret, "b", "b", "=q", 1);
25423 __uaccess_end();
25424 return ret;
25425 case 2:
25426 __uaccess_begin();
25427 - __get_user_asm(*(u16 *)dst, (u16 __user *)src,
25428 + __get_user_asm(*(u16 *)dst, (const u16 __user *)src,
25429 ret, "w", "w", "=r", 2);
25430 __uaccess_end();
25431 return ret;
25432 case 4:
25433 __uaccess_begin();
25434 - __get_user_asm(*(u32 *)dst, (u32 __user *)src,
25435 + __get_user_asm(*(u32 *)dst, (const u32 __user *)src,
25436 ret, "l", "k", "=r", 4);
25437 __uaccess_end();
25438 return ret;
25439 case 8:
25440 __uaccess_begin();
25441 - __get_user_asm(*(u64 *)dst, (u64 __user *)src,
25442 + __get_user_asm(*(u64 *)dst, (const u64 __user *)src,
25443 ret, "q", "", "=r", 8);
25444 __uaccess_end();
25445 return ret;
25446 case 10:
25447 __uaccess_begin();
25448 - __get_user_asm(*(u64 *)dst, (u64 __user *)src,
25449 + __get_user_asm(*(u64 *)dst, (const u64 __user *)src,
25450 ret, "q", "", "=r", 10);
25451 if (likely(!ret))
25452 __get_user_asm(*(u16 *)(8 + (char *)dst),
25453 - (u16 __user *)(8 + (char __user *)src),
25454 + (const u16 __user *)(8 + (const char __user *)src),
25455 ret, "w", "w", "=r", 2);
25456 __uaccess_end();
25457 return ret;
25458 case 16:
25459 __uaccess_begin();
25460 - __get_user_asm(*(u64 *)dst, (u64 __user *)src,
25461 + __get_user_asm(*(u64 *)dst, (const u64 __user *)src,
25462 ret, "q", "", "=r", 16);
25463 if (likely(!ret))
25464 __get_user_asm(*(u64 *)(8 + (char *)dst),
25465 - (u64 __user *)(8 + (char __user *)src),
25466 + (const u64 __user *)(8 + (const char __user *)src),
25467 ret, "q", "", "=r", 8);
25468 __uaccess_end();
25469 return ret;
25470 default:
25471 - return copy_user_generic(dst, (__force void *)src, size);
25472 + return copy_user_generic(dst, (__force_kernel const void *)____m(src), size);
25473 }
25474 }
25475
25476 static __always_inline __must_check
25477 -int __copy_from_user(void *dst, const void __user *src, unsigned size)
25478 +unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long size)
25479 {
25480 might_fault();
25481 kasan_check_write(dst, size);
25482 @@ -116,67 +135,85 @@ int __copy_from_user(void *dst, const void __user *src, unsigned size)
25483 }
25484
25485 static __always_inline __must_check
25486 -int __copy_to_user_nocheck(void __user *dst, const void *src, unsigned size)
25487 +unsigned long __copy_to_user_nocheck(void __user *dst, const void *src, unsigned long size)
25488 {
25489 - int ret = 0;
25490 + size_t sz = __compiletime_object_size(src);
25491 + unsigned ret = 0;
25492 +
25493 + if (size > INT_MAX)
25494 + return size;
25495
25496 check_object_size(src, size, true);
25497 +
25498 +#ifdef CONFIG_PAX_MEMORY_UDEREF
25499 + if (!access_ok_noprefault(VERIFY_WRITE, dst, size))
25500 + return size;
25501 +#endif
25502 +
25503 + if (unlikely(sz != (size_t)-1 && sz < size)) {
25504 + if(__builtin_constant_p(size))
25505 + __bad_copy_user();
25506 + else
25507 + copy_user_overflow(sz, size);
25508 + return size;
25509 + }
25510 +
25511 if (!__builtin_constant_p(size))
25512 - return copy_user_generic((__force void *)dst, src, size);
25513 + return copy_user_generic((__force_kernel void *)____m(dst), src, size);
25514 switch (size) {
25515 case 1:
25516 __uaccess_begin();
25517 - __put_user_asm(*(u8 *)src, (u8 __user *)dst,
25518 + __put_user_asm(*(const u8 *)src, (u8 __user *)dst,
25519 ret, "b", "b", "iq", 1);
25520 __uaccess_end();
25521 return ret;
25522 case 2:
25523 __uaccess_begin();
25524 - __put_user_asm(*(u16 *)src, (u16 __user *)dst,
25525 + __put_user_asm(*(const u16 *)src, (u16 __user *)dst,
25526 ret, "w", "w", "ir", 2);
25527 __uaccess_end();
25528 return ret;
25529 case 4:
25530 __uaccess_begin();
25531 - __put_user_asm(*(u32 *)src, (u32 __user *)dst,
25532 + __put_user_asm(*(const u32 *)src, (u32 __user *)dst,
25533 ret, "l", "k", "ir", 4);
25534 __uaccess_end();
25535 return ret;
25536 case 8:
25537 __uaccess_begin();
25538 - __put_user_asm(*(u64 *)src, (u64 __user *)dst,
25539 + __put_user_asm(*(const u64 *)src, (u64 __user *)dst,
25540 ret, "q", "", "er", 8);
25541 __uaccess_end();
25542 return ret;
25543 case 10:
25544 __uaccess_begin();
25545 - __put_user_asm(*(u64 *)src, (u64 __user *)dst,
25546 + __put_user_asm(*(const u64 *)src, (u64 __user *)dst,
25547 ret, "q", "", "er", 10);
25548 if (likely(!ret)) {
25549 asm("":::"memory");
25550 - __put_user_asm(4[(u16 *)src], 4 + (u16 __user *)dst,
25551 + __put_user_asm(4[(const u16 *)src], 4 + (u16 __user *)dst,
25552 ret, "w", "w", "ir", 2);
25553 }
25554 __uaccess_end();
25555 return ret;
25556 case 16:
25557 __uaccess_begin();
25558 - __put_user_asm(*(u64 *)src, (u64 __user *)dst,
25559 + __put_user_asm(*(const u64 *)src, (u64 __user *)dst,
25560 ret, "q", "", "er", 16);
25561 if (likely(!ret)) {
25562 asm("":::"memory");
25563 - __put_user_asm(1[(u64 *)src], 1 + (u64 __user *)dst,
25564 + __put_user_asm(1[(const u64 *)src], 1 + (u64 __user *)dst,
25565 ret, "q", "", "er", 8);
25566 }
25567 __uaccess_end();
25568 return ret;
25569 default:
25570 - return copy_user_generic((__force void *)dst, src, size);
25571 + return copy_user_generic((__force_kernel void *)____m(dst), src, size);
25572 }
25573 }
25574
25575 static __always_inline __must_check
25576 -int __copy_to_user(void __user *dst, const void *src, unsigned size)
25577 +unsigned long __copy_to_user(void __user *dst, const void *src, unsigned long size)
25578 {
25579 might_fault();
25580 kasan_check_read(src, size);
25581 @@ -184,19 +221,30 @@ int __copy_to_user(void __user *dst, const void *src, unsigned size)
25582 }
25583
25584 static __always_inline __must_check
25585 -int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
25586 +unsigned long __copy_in_user(void __user *dst, const void __user *src, unsigned size)
25587 {
25588 - int ret = 0;
25589 + unsigned ret = 0;
25590
25591 might_fault();
25592 +
25593 + if (size > INT_MAX)
25594 + return size;
25595 +
25596 +#ifdef CONFIG_PAX_MEMORY_UDEREF
25597 + if (!access_ok_noprefault(VERIFY_READ, src, size))
25598 + return size;
25599 + if (!access_ok_noprefault(VERIFY_WRITE, dst, size))
25600 + return size;
25601 +#endif
25602 +
25603 if (!__builtin_constant_p(size))
25604 - return copy_user_generic((__force void *)dst,
25605 - (__force void *)src, size);
25606 + return copy_user_generic((__force_kernel void *)____m(dst),
25607 + (__force_kernel const void *)____m(src), size);
25608 switch (size) {
25609 case 1: {
25610 u8 tmp;
25611 __uaccess_begin();
25612 - __get_user_asm(tmp, (u8 __user *)src,
25613 + __get_user_asm(tmp, (const u8 __user *)src,
25614 ret, "b", "b", "=q", 1);
25615 if (likely(!ret))
25616 __put_user_asm(tmp, (u8 __user *)dst,
25617 @@ -207,7 +255,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
25618 case 2: {
25619 u16 tmp;
25620 __uaccess_begin();
25621 - __get_user_asm(tmp, (u16 __user *)src,
25622 + __get_user_asm(tmp, (const u16 __user *)src,
25623 ret, "w", "w", "=r", 2);
25624 if (likely(!ret))
25625 __put_user_asm(tmp, (u16 __user *)dst,
25626 @@ -219,7 +267,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
25627 case 4: {
25628 u32 tmp;
25629 __uaccess_begin();
25630 - __get_user_asm(tmp, (u32 __user *)src,
25631 + __get_user_asm(tmp, (const u32 __user *)src,
25632 ret, "l", "k", "=r", 4);
25633 if (likely(!ret))
25634 __put_user_asm(tmp, (u32 __user *)dst,
25635 @@ -230,7 +278,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
25636 case 8: {
25637 u64 tmp;
25638 __uaccess_begin();
25639 - __get_user_asm(tmp, (u64 __user *)src,
25640 + __get_user_asm(tmp, (const u64 __user *)src,
25641 ret, "q", "", "=r", 8);
25642 if (likely(!ret))
25643 __put_user_asm(tmp, (u64 __user *)dst,
25644 @@ -239,45 +287,67 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
25645 return ret;
25646 }
25647 default:
25648 - return copy_user_generic((__force void *)dst,
25649 - (__force void *)src, size);
25650 + return copy_user_generic((__force_kernel void *)____m(dst),
25651 + (__force_kernel const void *)____m(src), size);
25652 }
25653 }
25654
25655 -static __must_check __always_inline int
25656 -__copy_from_user_inatomic(void *dst, const void __user *src, unsigned size)
25657 +static __must_check __always_inline unsigned long
25658 +__copy_from_user_inatomic(void *dst, const void __user *src, unsigned long size)
25659 {
25660 kasan_check_write(dst, size);
25661 return __copy_from_user_nocheck(dst, src, size);
25662 }
25663
25664 -static __must_check __always_inline int
25665 -__copy_to_user_inatomic(void __user *dst, const void *src, unsigned size)
25666 +static __must_check __always_inline unsigned long
25667 +__copy_to_user_inatomic(void __user *dst, const void *src, unsigned long size)
25668 {
25669 kasan_check_read(src, size);
25670 return __copy_to_user_nocheck(dst, src, size);
25671 }
25672
25673 -extern long __copy_user_nocache(void *dst, const void __user *src,
25674 - unsigned size, int zerorest);
25675 +extern unsigned long __copy_user_nocache(void *dst, const void __user *src,
25676 + unsigned long size, int zerorest) __size_overflow(3);
25677
25678 -static inline int
25679 -__copy_from_user_nocache(void *dst, const void __user *src, unsigned size)
25680 +static inline unsigned long
25681 +__copy_from_user_nocache(void *dst, const void __user *src, unsigned long size)
25682 {
25683 might_fault();
25684 kasan_check_write(dst, size);
25685 +
25686 + if (size > INT_MAX)
25687 + return size;
25688 +
25689 + check_object_size(dst, size, false);
25690 +
25691 +#ifdef CONFIG_PAX_MEMORY_UDEREF
25692 + if (!access_ok_noprefault(VERIFY_READ, src, size))
25693 + return size;
25694 +#endif
25695 +
25696 return __copy_user_nocache(dst, src, size, 1);
25697 }
25698
25699 -static inline int
25700 +static inline unsigned long
25701 __copy_from_user_inatomic_nocache(void *dst, const void __user *src,
25702 - unsigned size)
25703 + unsigned long size)
25704 {
25705 kasan_check_write(dst, size);
25706 +
25707 + if (size > INT_MAX)
25708 + return size;
25709 +
25710 + check_object_size(dst, size, false);
25711 +
25712 +#ifdef CONFIG_PAX_MEMORY_UDEREF
25713 + if (!access_ok_noprefault(VERIFY_READ, src, size))
25714 + return size;
25715 +#endif
25716 +
25717 return __copy_user_nocache(dst, src, size, 0);
25718 }
25719
25720 unsigned long
25721 -copy_user_handle_tail(char *to, char *from, unsigned len);
25722 +copy_user_handle_tail(char __user *to, char __user *from, unsigned long len) __size_overflow(3);
25723
25724 #endif /* _ASM_X86_UACCESS_64_H */
25725 diff --git a/arch/x86/include/asm/word-at-a-time.h b/arch/x86/include/asm/word-at-a-time.h
25726 index 5b238981..77fdd78 100644
25727 --- a/arch/x86/include/asm/word-at-a-time.h
25728 +++ b/arch/x86/include/asm/word-at-a-time.h
25729 @@ -11,7 +11,7 @@
25730 * and shift, for example.
25731 */
25732 struct word_at_a_time {
25733 - const unsigned long one_bits, high_bits;
25734 + unsigned long one_bits, high_bits;
25735 };
25736
25737 #define WORD_AT_A_TIME_CONSTANTS { REPEAT_BYTE(0x01), REPEAT_BYTE(0x80) }
25738 diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h
25739 index 6ba7931..dc843cd 100644
25740 --- a/arch/x86/include/asm/x86_init.h
25741 +++ b/arch/x86/include/asm/x86_init.h
25742 @@ -126,7 +126,7 @@ struct x86_init_ops {
25743 struct x86_init_timers timers;
25744 struct x86_init_iommu iommu;
25745 struct x86_init_pci pci;
25746 -};
25747 +} __no_const;
25748
25749 /**
25750 * struct x86_cpuinit_ops - platform specific cpu hotplug setups
25751 @@ -137,7 +137,7 @@ struct x86_cpuinit_ops {
25752 void (*setup_percpu_clockev)(void);
25753 void (*early_percpu_clock_init)(void);
25754 void (*fixup_cpu_id)(struct cpuinfo_x86 *c, int node);
25755 -};
25756 +} __no_const;
25757
25758 struct timespec;
25759
25760 @@ -225,12 +225,12 @@ struct x86_msi_ops {
25761 void (*teardown_msi_irq)(unsigned int irq);
25762 void (*teardown_msi_irqs)(struct pci_dev *dev);
25763 void (*restore_msi_irqs)(struct pci_dev *dev);
25764 -};
25765 +} __no_const;
25766
25767 struct x86_io_apic_ops {
25768 unsigned int (*read) (unsigned int apic, unsigned int reg);
25769 void (*disable)(void);
25770 -};
25771 +} __no_const;
25772
25773 extern struct x86_init_ops x86_init;
25774 extern struct x86_cpuinit_ops x86_cpuinit;
25775 diff --git a/arch/x86/include/asm/xen/page.h b/arch/x86/include/asm/xen/page.h
25776 index f5fb840..e45184e 100644
25777 --- a/arch/x86/include/asm/xen/page.h
25778 +++ b/arch/x86/include/asm/xen/page.h
25779 @@ -82,7 +82,7 @@ static inline int xen_safe_read_ulong(unsigned long *addr, unsigned long *val)
25780 * - get_phys_to_machine() is to be called by __pfn_to_mfn() only in special
25781 * cases needing an extended handling.
25782 */
25783 -static inline unsigned long __pfn_to_mfn(unsigned long pfn)
25784 +static inline unsigned long __intentional_overflow(-1) __pfn_to_mfn(unsigned long pfn)
25785 {
25786 unsigned long mfn;
25787
25788 diff --git a/arch/x86/include/uapi/asm/e820.h b/arch/x86/include/uapi/asm/e820.h
25789 index 9dafe59..0293c1d 100644
25790 --- a/arch/x86/include/uapi/asm/e820.h
25791 +++ b/arch/x86/include/uapi/asm/e820.h
25792 @@ -69,7 +69,7 @@ struct e820map {
25793 #define ISA_START_ADDRESS 0xa0000
25794 #define ISA_END_ADDRESS 0x100000
25795
25796 -#define BIOS_BEGIN 0x000a0000
25797 +#define BIOS_BEGIN 0x000c0000
25798 #define BIOS_END 0x00100000
25799
25800 #define BIOS_ROM_BASE 0xffe00000
25801 diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
25802 index 0503f5b..f00b6e8 100644
25803 --- a/arch/x86/kernel/Makefile
25804 +++ b/arch/x86/kernel/Makefile
25805 @@ -46,7 +46,7 @@ obj-$(CONFIG_MODIFY_LDT_SYSCALL) += ldt.o
25806 obj-y += setup.o x86_init.o i8259.o irqinit.o jump_label.o
25807 obj-$(CONFIG_IRQ_WORK) += irq_work.o
25808 obj-y += probe_roms.o
25809 -obj-$(CONFIG_X86_32) += i386_ksyms_32.o
25810 +obj-$(CONFIG_X86_32) += sys_i386_32.o i386_ksyms_32.o
25811 obj-$(CONFIG_X86_64) += sys_x86_64.o x8664_ksyms_64.o
25812 obj-$(CONFIG_X86_64) += mcount_64.o
25813 obj-$(CONFIG_X86_ESPFIX64) += espfix_64.o
25814 diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
25815 index fbd1944..7d27c3c 100644
25816 --- a/arch/x86/kernel/acpi/boot.c
25817 +++ b/arch/x86/kernel/acpi/boot.c
25818 @@ -1357,7 +1357,7 @@ static void __init acpi_reduced_hw_init(void)
25819 * If your system is blacklisted here, but you find that acpi=force
25820 * works for you, please contact linux-acpi@vger.kernel.org
25821 */
25822 -static struct dmi_system_id __initdata acpi_dmi_table[] = {
25823 +static const struct dmi_system_id __initconst acpi_dmi_table[] = {
25824 /*
25825 * Boxes that need ACPI disabled
25826 */
25827 @@ -1432,7 +1432,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = {
25828 };
25829
25830 /* second table for DMI checks that should run after early-quirks */
25831 -static struct dmi_system_id __initdata acpi_dmi_table_late[] = {
25832 +static const struct dmi_system_id __initconst acpi_dmi_table_late[] = {
25833 /*
25834 * HP laptops which use a DSDT reporting as HP/SB400/10000,
25835 * which includes some code which overrides all temperature
25836 diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c
25837 index adb3eaf..0eb666c 100644
25838 --- a/arch/x86/kernel/acpi/sleep.c
25839 +++ b/arch/x86/kernel/acpi/sleep.c
25840 @@ -100,8 +100,12 @@ int x86_acpi_suspend_lowlevel(void)
25841 #else /* CONFIG_64BIT */
25842 #ifdef CONFIG_SMP
25843 stack_start = (unsigned long)temp_stack + sizeof(temp_stack);
25844 +
25845 + pax_open_kernel();
25846 early_gdt_descr.address =
25847 (unsigned long)get_cpu_gdt_table(smp_processor_id());
25848 + pax_close_kernel();
25849 +
25850 initial_gs = per_cpu_offset(smp_processor_id());
25851 #endif
25852 initial_code = (unsigned long)wakeup_long64;
25853 diff --git a/arch/x86/kernel/acpi/wakeup_32.S b/arch/x86/kernel/acpi/wakeup_32.S
25854 index 0c26b1b..9120e26 100644
25855 --- a/arch/x86/kernel/acpi/wakeup_32.S
25856 +++ b/arch/x86/kernel/acpi/wakeup_32.S
25857 @@ -2,6 +2,7 @@
25858 #include <linux/linkage.h>
25859 #include <asm/segment.h>
25860 #include <asm/page_types.h>
25861 +#include <asm/smap.h>
25862
25863 # Copyright 2003, 2008 Pavel Machek <pavel@suse.cz>, distribute under GPLv2
25864
25865 @@ -31,13 +32,11 @@ wakeup_pmode_return:
25866 # and restore the stack ... but you need gdt for this to work
25867 movl saved_context_esp, %esp
25868
25869 - movl %cs:saved_magic, %eax
25870 - cmpl $0x12345678, %eax
25871 + cmpl $0x12345678, saved_magic
25872 jne bogus_magic
25873
25874 # jump to place where we left off
25875 - movl saved_eip, %eax
25876 - jmp *%eax
25877 + jmp *(saved_eip)
25878
25879 bogus_magic:
25880 jmp bogus_magic
25881 @@ -69,6 +68,7 @@ restore_registers:
25882 movl saved_context_edi, %edi
25883 pushl saved_context_eflags
25884 popfl
25885 + ASM_CLAC
25886 ret
25887
25888 ENTRY(do_suspend_lowlevel)
25889 diff --git a/arch/x86/kernel/acpi/wakeup_64.S b/arch/x86/kernel/acpi/wakeup_64.S
25890 index 169963f..d5caf11 100644
25891 --- a/arch/x86/kernel/acpi/wakeup_64.S
25892 +++ b/arch/x86/kernel/acpi/wakeup_64.S
25893 @@ -6,6 +6,7 @@
25894 #include <asm/msr.h>
25895 #include <asm/asm-offsets.h>
25896 #include <asm/frame.h>
25897 +#include <asm/smap.h>
25898
25899 # Copyright 2003 Pavel Machek <pavel@suse.cz>, distribute under GPLv2
25900
25901 @@ -93,6 +94,7 @@ ENTRY(do_suspend_lowlevel)
25902 movq %rbx, %cr0
25903 pushq pt_regs_flags(%rax)
25904 popfq
25905 + ASM_CLAC
25906 movq pt_regs_sp(%rax), %rsp
25907 movq pt_regs_bp(%rax), %rbp
25908 movq pt_regs_si(%rax), %rsi
25909 diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
25910 index 5cb272a..cddd2e9 100644
25911 --- a/arch/x86/kernel/alternative.c
25912 +++ b/arch/x86/kernel/alternative.c
25913 @@ -21,6 +21,7 @@
25914 #include <asm/tlbflush.h>
25915 #include <asm/io.h>
25916 #include <asm/fixmap.h>
25917 +#include <asm/boot.h>
25918
25919 int __read_mostly alternatives_patched;
25920
25921 @@ -262,7 +263,9 @@ static void __init_or_module add_nops(void *insns, unsigned int len)
25922 unsigned int noplen = len;
25923 if (noplen > ASM_NOP_MAX)
25924 noplen = ASM_NOP_MAX;
25925 + pax_open_kernel();
25926 memcpy(insns, ideal_nops[noplen], noplen);
25927 + pax_close_kernel();
25928 insns += noplen;
25929 len -= noplen;
25930 }
25931 @@ -290,6 +293,13 @@ recompute_jump(struct alt_instr *a, u8 *orig_insn, u8 *repl_insn, u8 *insnbuf)
25932 if (a->replacementlen != 5)
25933 return;
25934
25935 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
25936 + if (orig_insn < (u8 *)_text || (u8 *)_einittext <= orig_insn)
25937 + orig_insn = (u8 *)ktva_ktla((unsigned long)orig_insn);
25938 + else
25939 + orig_insn -= ____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR;
25940 +#endif
25941 +
25942 o_dspl = *(s32 *)(insnbuf + 1);
25943
25944 /* next_rip of the replacement JMP */
25945 @@ -365,6 +375,7 @@ void __init_or_module apply_alternatives(struct alt_instr *start,
25946 {
25947 struct alt_instr *a;
25948 u8 *instr, *replacement;
25949 + u8 *vinstr, *vreplacement;
25950 u8 insnbuf[MAX_PATCH_LEN];
25951
25952 DPRINTK("alt table %p -> %p", start, end);
25953 @@ -380,46 +391,71 @@ void __init_or_module apply_alternatives(struct alt_instr *start,
25954 for (a = start; a < end; a++) {
25955 int insnbuf_sz = 0;
25956
25957 - instr = (u8 *)&a->instr_offset + a->instr_offset;
25958 - replacement = (u8 *)&a->repl_offset + a->repl_offset;
25959 + vinstr = instr = (u8 *)&a->instr_offset + a->instr_offset;
25960 +
25961 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
25962 + if ((u8 *)_text - (____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR) <= instr &&
25963 + instr < (u8 *)_einittext - (____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR)) {
25964 + instr += ____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR;
25965 + vinstr = (u8 *)ktla_ktva((unsigned long)instr);
25966 + } else if ((u8 *)_text <= instr && instr < (u8 *)_einittext) {
25967 + vinstr = (u8 *)ktla_ktva((unsigned long)instr);
25968 + } else {
25969 + instr = (u8 *)ktva_ktla((unsigned long)instr);
25970 + }
25971 +#endif
25972 +
25973 + vreplacement = replacement = (u8 *)&a->repl_offset + a->repl_offset;
25974 +
25975 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
25976 + if ((u8 *)_text - (____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR) <= replacement &&
25977 + replacement < (u8 *)_einittext - (____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR)) {
25978 + replacement += ____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR;
25979 + vreplacement = (u8 *)ktla_ktva((unsigned long)replacement);
25980 + } else if ((u8 *)_text <= replacement && replacement < (u8 *)_einittext) {
25981 + vreplacement = (u8 *)ktla_ktva((unsigned long)replacement);
25982 + } else
25983 + replacement = (u8 *)ktva_ktla((unsigned long)replacement);
25984 +#endif
25985 +
25986 BUG_ON(a->instrlen > sizeof(insnbuf));
25987 BUG_ON(a->cpuid >= (NCAPINTS + NBUGINTS) * 32);
25988 if (!boot_cpu_has(a->cpuid)) {
25989 if (a->padlen > 1)
25990 - optimize_nops(a, instr);
25991 + optimize_nops(a, vinstr);
25992
25993 continue;
25994 }
25995
25996 - DPRINTK("feat: %d*32+%d, old: (%p, len: %d), repl: (%p, len: %d), pad: %d",
25997 + DPRINTK("feat: %d*32+%d, old: (%p/%p, len: %d), repl: (%p, len: %d), pad: %d",
25998 a->cpuid >> 5,
25999 a->cpuid & 0x1f,
26000 - instr, a->instrlen,
26001 - replacement, a->replacementlen, a->padlen);
26002 + instr, vinstr, a->instrlen,
26003 + vreplacement, a->replacementlen, a->padlen);
26004
26005 - DUMP_BYTES(instr, a->instrlen, "%p: old_insn: ", instr);
26006 - DUMP_BYTES(replacement, a->replacementlen, "%p: rpl_insn: ", replacement);
26007 + DUMP_BYTES(vinstr, a->instrlen, "%p: old_insn: ", vinstr);
26008 + DUMP_BYTES(vreplacement, a->replacementlen, "%p: rpl_insn: ", vreplacement);
26009
26010 - memcpy(insnbuf, replacement, a->replacementlen);
26011 + memcpy(insnbuf, vreplacement, a->replacementlen);
26012 insnbuf_sz = a->replacementlen;
26013
26014 /* 0xe8 is a relative jump; fix the offset. */
26015 if (*insnbuf == 0xe8 && a->replacementlen == 5) {
26016 - *(s32 *)(insnbuf + 1) += replacement - instr;
26017 + *(s32 *)(insnbuf + 1) += vreplacement - instr;
26018 DPRINTK("Fix CALL offset: 0x%x, CALL 0x%lx",
26019 *(s32 *)(insnbuf + 1),
26020 - (unsigned long)instr + *(s32 *)(insnbuf + 1) + 5);
26021 + (unsigned long)vinstr + *(s32 *)(insnbuf + 1) + 5);
26022 }
26023
26024 - if (a->replacementlen && is_jmp(replacement[0]))
26025 - recompute_jump(a, instr, replacement, insnbuf);
26026 + if (a->replacementlen && is_jmp(vreplacement[0]))
26027 + recompute_jump(a, instr, vreplacement, insnbuf);
26028
26029 if (a->instrlen > a->replacementlen) {
26030 add_nops(insnbuf + a->replacementlen,
26031 a->instrlen - a->replacementlen);
26032 insnbuf_sz += a->instrlen - a->replacementlen;
26033 }
26034 - DUMP_BYTES(insnbuf, insnbuf_sz, "%p: final_insn: ", instr);
26035 + DUMP_BYTES(insnbuf, insnbuf_sz, "%p: final_insn: ", vinstr);
26036
26037 text_poke_early(instr, insnbuf, insnbuf_sz);
26038 }
26039 @@ -435,10 +471,16 @@ static void alternatives_smp_lock(const s32 *start, const s32 *end,
26040 for (poff = start; poff < end; poff++) {
26041 u8 *ptr = (u8 *)poff + *poff;
26042
26043 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
26044 + ptr += ____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR;
26045 + if (ptr < (u8 *)_text || (u8 *)_einittext <= ptr)
26046 + ptr -= ____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR;
26047 +#endif
26048 +
26049 if (!*poff || ptr < text || ptr >= text_end)
26050 continue;
26051 /* turn DS segment override prefix into lock prefix */
26052 - if (*ptr == 0x3e)
26053 + if (*(u8 *)ktla_ktva((unsigned long)ptr) == 0x3e)
26054 text_poke(ptr, ((unsigned char []){0xf0}), 1);
26055 }
26056 mutex_unlock(&text_mutex);
26057 @@ -453,10 +495,16 @@ static void alternatives_smp_unlock(const s32 *start, const s32 *end,
26058 for (poff = start; poff < end; poff++) {
26059 u8 *ptr = (u8 *)poff + *poff;
26060
26061 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
26062 + ptr += ____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR;
26063 + if (ptr < (u8 *)_text || (u8 *)_einittext <= ptr)
26064 + ptr -= ____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR;
26065 +#endif
26066 +
26067 if (!*poff || ptr < text || ptr >= text_end)
26068 continue;
26069 /* turn lock prefix into DS segment override prefix */
26070 - if (*ptr == 0xf0)
26071 + if (*(u8 *)ktla_ktva((unsigned long)ptr) == 0xf0)
26072 text_poke(ptr, ((unsigned char []){0x3E}), 1);
26073 }
26074 mutex_unlock(&text_mutex);
26075 @@ -593,7 +641,7 @@ void __init_or_module apply_paravirt(struct paravirt_patch_site *start,
26076
26077 BUG_ON(p->len > MAX_PATCH_LEN);
26078 /* prep the buffer with the original instructions */
26079 - memcpy(insnbuf, p->instr, p->len);
26080 + memcpy(insnbuf, (const void *)ktla_ktva((unsigned long)p->instr), p->len);
26081 used = pv_init_ops.patch(p->instrtype, p->clobbers, insnbuf,
26082 (unsigned long)p->instr, p->len);
26083
26084 @@ -640,7 +688,7 @@ void __init alternative_instructions(void)
26085 if (!uniproc_patched || num_possible_cpus() == 1)
26086 free_init_pages("SMP alternatives",
26087 (unsigned long)__smp_locks,
26088 - (unsigned long)__smp_locks_end);
26089 + PAGE_ALIGN((unsigned long)__smp_locks_end));
26090 #endif
26091
26092 apply_paravirt(__parainstructions, __parainstructions_end);
26093 @@ -661,13 +709,17 @@ void __init alternative_instructions(void)
26094 * instructions. And on the local CPU you need to be protected again NMI or MCE
26095 * handlers seeing an inconsistent instruction while you patch.
26096 */
26097 -void *__init_or_module text_poke_early(void *addr, const void *opcode,
26098 +void *__kprobes text_poke_early(void *addr, const void *opcode,
26099 size_t len)
26100 {
26101 unsigned long flags;
26102 local_irq_save(flags);
26103 - memcpy(addr, opcode, len);
26104 +
26105 + pax_open_kernel();
26106 + memcpy((void *)ktla_ktva((unsigned long)addr), opcode, len);
26107 sync_core();
26108 + pax_close_kernel();
26109 +
26110 local_irq_restore(flags);
26111 /* Could also do a CLFLUSH here to speed up CPU recovery; but
26112 that causes hangs on some VIA CPUs. */
26113 @@ -689,20 +741,29 @@ void *__init_or_module text_poke_early(void *addr, const void *opcode,
26114 */
26115 void *text_poke(void *addr, const void *opcode, size_t len)
26116 {
26117 - unsigned long flags;
26118 - char *vaddr;
26119 + unsigned char *vaddr = (void *)ktla_ktva((unsigned long)addr);
26120 struct page *pages[2];
26121 - int i;
26122 + size_t i;
26123 +
26124 +#ifndef CONFIG_PAX_KERNEXEC
26125 + unsigned long flags;
26126 +#endif
26127
26128 if (!core_kernel_text((unsigned long)addr)) {
26129 - pages[0] = vmalloc_to_page(addr);
26130 - pages[1] = vmalloc_to_page(addr + PAGE_SIZE);
26131 + pages[0] = vmalloc_to_page(vaddr);
26132 + pages[1] = vmalloc_to_page(vaddr + PAGE_SIZE);
26133 } else {
26134 - pages[0] = virt_to_page(addr);
26135 + pages[0] = virt_to_page(vaddr);
26136 WARN_ON(!PageReserved(pages[0]));
26137 - pages[1] = virt_to_page(addr + PAGE_SIZE);
26138 + pages[1] = virt_to_page(vaddr + PAGE_SIZE);
26139 }
26140 BUG_ON(!pages[0]);
26141 +
26142 +#ifdef CONFIG_PAX_KERNEXEC
26143 + text_poke_early(addr, opcode, len);
26144 + for (i = 0; i < len; i++)
26145 + BUG_ON((vaddr)[i] != ((const unsigned char *)opcode)[i]);
26146 +#else
26147 local_irq_save(flags);
26148 set_fixmap(FIX_TEXT_POKE0, page_to_phys(pages[0]));
26149 if (pages[1])
26150 @@ -719,6 +780,7 @@ void *text_poke(void *addr, const void *opcode, size_t len)
26151 for (i = 0; i < len; i++)
26152 BUG_ON(((char *)addr)[i] != ((char *)opcode)[i]);
26153 local_irq_restore(flags);
26154 +#endif
26155 return addr;
26156 }
26157
26158 @@ -772,7 +834,7 @@ int poke_int3_handler(struct pt_regs *regs)
26159 */
26160 void *text_poke_bp(void *addr, const void *opcode, size_t len, void *handler)
26161 {
26162 - unsigned char int3 = 0xcc;
26163 + const unsigned char int3 = 0xcc;
26164
26165 bp_int3_handler = handler;
26166 bp_int3_addr = (u8 *)addr + sizeof(int3);
26167 diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
26168 index 076c315..88957c6 100644
26169 --- a/arch/x86/kernel/apic/apic.c
26170 +++ b/arch/x86/kernel/apic/apic.c
26171 @@ -181,7 +181,7 @@ int first_system_vector = FIRST_SYSTEM_VECTOR;
26172 /*
26173 * Debug level, exported for io_apic.c
26174 */
26175 -unsigned int apic_verbosity;
26176 +int apic_verbosity;
26177
26178 int pic_mode;
26179
26180 @@ -1905,7 +1905,7 @@ static void __smp_error_interrupt(struct pt_regs *regs)
26181 apic_write(APIC_ESR, 0);
26182 v = apic_read(APIC_ESR);
26183 ack_APIC_irq();
26184 - atomic_inc(&irq_err_count);
26185 + atomic_inc_unchecked(&irq_err_count);
26186
26187 apic_printk(APIC_DEBUG, KERN_DEBUG "APIC error on CPU%d: %02x",
26188 smp_processor_id(), v);
26189 diff --git a/arch/x86/kernel/apic/apic_flat_64.c b/arch/x86/kernel/apic/apic_flat_64.c
26190 index 5b2ae10..b3551c0 100644
26191 --- a/arch/x86/kernel/apic/apic_flat_64.c
26192 +++ b/arch/x86/kernel/apic/apic_flat_64.c
26193 @@ -25,7 +25,7 @@
26194 static struct apic apic_physflat;
26195 static struct apic apic_flat;
26196
26197 -struct apic __read_mostly *apic = &apic_flat;
26198 +struct apic *apic __read_only = &apic_flat;
26199 EXPORT_SYMBOL_GPL(apic);
26200
26201 static int flat_acpi_madt_oem_check(char *oem_id, char *oem_table_id)
26202 @@ -154,7 +154,7 @@ static int flat_probe(void)
26203 return 1;
26204 }
26205
26206 -static struct apic apic_flat = {
26207 +static struct apic apic_flat __read_only = {
26208 .name = "flat",
26209 .probe = flat_probe,
26210 .acpi_madt_oem_check = flat_acpi_madt_oem_check,
26211 @@ -248,7 +248,7 @@ static int physflat_probe(void)
26212 return 0;
26213 }
26214
26215 -static struct apic apic_physflat = {
26216 +static struct apic apic_physflat __read_only = {
26217
26218 .name = "physical flat",
26219 .probe = physflat_probe,
26220 diff --git a/arch/x86/kernel/apic/apic_noop.c b/arch/x86/kernel/apic/apic_noop.c
26221 index c05688b..a250c5a 100644
26222 --- a/arch/x86/kernel/apic/apic_noop.c
26223 +++ b/arch/x86/kernel/apic/apic_noop.c
26224 @@ -108,7 +108,7 @@ static void noop_apic_write(u32 reg, u32 v)
26225 WARN_ON_ONCE(boot_cpu_has(X86_FEATURE_APIC) && !disable_apic);
26226 }
26227
26228 -struct apic apic_noop = {
26229 +struct apic apic_noop __read_only = {
26230 .name = "noop",
26231 .probe = noop_probe,
26232 .acpi_madt_oem_check = NULL,
26233 diff --git a/arch/x86/kernel/apic/bigsmp_32.c b/arch/x86/kernel/apic/bigsmp_32.c
26234 index 06dbaa4..817a7bb 100644
26235 --- a/arch/x86/kernel/apic/bigsmp_32.c
26236 +++ b/arch/x86/kernel/apic/bigsmp_32.c
26237 @@ -142,7 +142,7 @@ static int probe_bigsmp(void)
26238 return dmi_bigsmp;
26239 }
26240
26241 -static struct apic apic_bigsmp = {
26242 +static struct apic apic_bigsmp __read_only = {
26243
26244 .name = "bigsmp",
26245 .probe = probe_bigsmp,
26246 diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
26247 index 48e6d84..fdefc57 100644
26248 --- a/arch/x86/kernel/apic/io_apic.c
26249 +++ b/arch/x86/kernel/apic/io_apic.c
26250 @@ -1683,7 +1683,7 @@ static unsigned int startup_ioapic_irq(struct irq_data *data)
26251 return was_pending;
26252 }
26253
26254 -atomic_t irq_mis_count;
26255 +atomic_unchecked_t irq_mis_count;
26256
26257 #ifdef CONFIG_GENERIC_PENDING_IRQ
26258 static bool io_apic_level_ack_pending(struct mp_chip_data *data)
26259 @@ -1822,7 +1822,7 @@ static void ioapic_ack_level(struct irq_data *irq_data)
26260 * at the cpu.
26261 */
26262 if (!(v & (1 << (i & 0x1f)))) {
26263 - atomic_inc(&irq_mis_count);
26264 + atomic_inc_unchecked(&irq_mis_count);
26265 eoi_ioapic_pin(cfg->vector, irq_data->chip_data);
26266 }
26267
26268 @@ -1868,7 +1868,7 @@ static int ioapic_set_affinity(struct irq_data *irq_data,
26269 return ret;
26270 }
26271
26272 -static struct irq_chip ioapic_chip __read_mostly = {
26273 +static struct irq_chip ioapic_chip = {
26274 .name = "IO-APIC",
26275 .irq_startup = startup_ioapic_irq,
26276 .irq_mask = mask_ioapic_irq,
26277 @@ -1879,7 +1879,7 @@ static struct irq_chip ioapic_chip __read_mostly = {
26278 .flags = IRQCHIP_SKIP_SET_WAKE,
26279 };
26280
26281 -static struct irq_chip ioapic_ir_chip __read_mostly = {
26282 +static struct irq_chip ioapic_ir_chip = {
26283 .name = "IR-IO-APIC",
26284 .irq_startup = startup_ioapic_irq,
26285 .irq_mask = mask_ioapic_irq,
26286 @@ -1937,7 +1937,7 @@ static void ack_lapic_irq(struct irq_data *data)
26287 ack_APIC_irq();
26288 }
26289
26290 -static struct irq_chip lapic_chip __read_mostly = {
26291 +static struct irq_chip lapic_chip = {
26292 .name = "local-APIC",
26293 .irq_mask = mask_lapic_irq,
26294 .irq_unmask = unmask_lapic_irq,
26295 diff --git a/arch/x86/kernel/apic/msi.c b/arch/x86/kernel/apic/msi.c
26296 index ade2532..5fc7f4f9 100644
26297 --- a/arch/x86/kernel/apic/msi.c
26298 +++ b/arch/x86/kernel/apic/msi.c
26299 @@ -269,7 +269,7 @@ static void hpet_msi_write_msg(struct irq_data *data, struct msi_msg *msg)
26300 hpet_msi_write(irq_data_get_irq_handler_data(data), msg);
26301 }
26302
26303 -static struct irq_chip hpet_msi_controller = {
26304 +static irq_chip_no_const hpet_msi_controller __read_only = {
26305 .name = "HPET-MSI",
26306 .irq_unmask = hpet_msi_unmask,
26307 .irq_mask = hpet_msi_mask,
26308 diff --git a/arch/x86/kernel/apic/probe_32.c b/arch/x86/kernel/apic/probe_32.c
26309 index 5630962..0ed042c 100644
26310 --- a/arch/x86/kernel/apic/probe_32.c
26311 +++ b/arch/x86/kernel/apic/probe_32.c
26312 @@ -72,7 +72,7 @@ static int probe_default(void)
26313 return 1;
26314 }
26315
26316 -static struct apic apic_default = {
26317 +static struct apic apic_default __read_only = {
26318
26319 .name = "default",
26320 .probe = probe_default,
26321 @@ -126,7 +126,7 @@ static struct apic apic_default = {
26322
26323 apic_driver(apic_default);
26324
26325 -struct apic *apic = &apic_default;
26326 +struct apic *apic __read_only = &apic_default;
26327 EXPORT_SYMBOL_GPL(apic);
26328
26329 static int cmdline_apic __initdata;
26330 diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c
26331 index 5d30c5e..3c83cc4 100644
26332 --- a/arch/x86/kernel/apic/vector.c
26333 +++ b/arch/x86/kernel/apic/vector.c
26334 @@ -37,6 +37,7 @@ static struct irq_chip lapic_controller;
26335 static struct apic_chip_data *legacy_irq_data[NR_IRQS_LEGACY];
26336 #endif
26337
26338 +void lock_vector_lock(void) __acquires(&vector_lock);
26339 void lock_vector_lock(void)
26340 {
26341 /* Used to the online set of cpus does not change
26342 @@ -45,6 +46,7 @@ void lock_vector_lock(void)
26343 raw_spin_lock(&vector_lock);
26344 }
26345
26346 +void unlock_vector_lock(void) __releases(&vector_lock);
26347 void unlock_vector_lock(void)
26348 {
26349 raw_spin_unlock(&vector_lock);
26350 diff --git a/arch/x86/kernel/apic/x2apic_cluster.c b/arch/x86/kernel/apic/x2apic_cluster.c
26351 index 54f35d9..d752bd5 100644
26352 --- a/arch/x86/kernel/apic/x2apic_cluster.c
26353 +++ b/arch/x86/kernel/apic/x2apic_cluster.c
26354 @@ -227,7 +227,7 @@ static void cluster_vector_allocation_domain(int cpu, struct cpumask *retmask,
26355 cpumask_and(retmask, mask, per_cpu(cpus_in_cluster, cpu));
26356 }
26357
26358 -static struct apic apic_x2apic_cluster = {
26359 +static struct apic apic_x2apic_cluster __read_only = {
26360
26361 .name = "cluster x2apic",
26362 .probe = x2apic_cluster_probe,
26363 diff --git a/arch/x86/kernel/apic/x2apic_phys.c b/arch/x86/kernel/apic/x2apic_phys.c
26364 index 4f13f54f..96e4431 100644
26365 --- a/arch/x86/kernel/apic/x2apic_phys.c
26366 +++ b/arch/x86/kernel/apic/x2apic_phys.c
26367 @@ -98,7 +98,7 @@ static int x2apic_phys_probe(void)
26368 return apic == &apic_x2apic_phys;
26369 }
26370
26371 -static struct apic apic_x2apic_phys = {
26372 +static struct apic apic_x2apic_phys __read_only = {
26373
26374 .name = "physical x2apic",
26375 .probe = x2apic_phys_probe,
26376 diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c
26377 index cb0673c..dc976d7 100644
26378 --- a/arch/x86/kernel/apic/x2apic_uv_x.c
26379 +++ b/arch/x86/kernel/apic/x2apic_uv_x.c
26380 @@ -560,7 +560,7 @@ static int uv_probe(void)
26381 return apic == &apic_x2apic_uv_x;
26382 }
26383
26384 -static struct apic __refdata apic_x2apic_uv_x = {
26385 +static struct apic apic_x2apic_uv_x __read_only = {
26386
26387 .name = "UV large system",
26388 .probe = uv_probe,
26389 diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c
26390 index c7364bd..20cd21a 100644
26391 --- a/arch/x86/kernel/apm_32.c
26392 +++ b/arch/x86/kernel/apm_32.c
26393 @@ -432,7 +432,7 @@ static DEFINE_MUTEX(apm_mutex);
26394 * This is for buggy BIOS's that refer to (real mode) segment 0x40
26395 * even though they are called in protected mode.
26396 */
26397 -static struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4092,
26398 +static const struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4093,
26399 (unsigned long)__va(0x400UL), PAGE_SIZE - 0x400 - 1);
26400
26401 static const char driver_version[] = "1.16ac"; /* no spaces */
26402 @@ -610,7 +610,10 @@ static long __apm_bios_call(void *_call)
26403 BUG_ON(cpu != 0);
26404 gdt = get_cpu_gdt_table(cpu);
26405 save_desc_40 = gdt[0x40 / 8];
26406 +
26407 + pax_open_kernel();
26408 gdt[0x40 / 8] = bad_bios_desc;
26409 + pax_close_kernel();
26410
26411 apm_irq_save(flags);
26412 APM_DO_SAVE_SEGS;
26413 @@ -619,7 +622,11 @@ static long __apm_bios_call(void *_call)
26414 &call->esi);
26415 APM_DO_RESTORE_SEGS;
26416 apm_irq_restore(flags);
26417 +
26418 + pax_open_kernel();
26419 gdt[0x40 / 8] = save_desc_40;
26420 + pax_close_kernel();
26421 +
26422 put_cpu();
26423
26424 return call->eax & 0xff;
26425 @@ -686,7 +693,10 @@ static long __apm_bios_call_simple(void *_call)
26426 BUG_ON(cpu != 0);
26427 gdt = get_cpu_gdt_table(cpu);
26428 save_desc_40 = gdt[0x40 / 8];
26429 +
26430 + pax_open_kernel();
26431 gdt[0x40 / 8] = bad_bios_desc;
26432 + pax_close_kernel();
26433
26434 apm_irq_save(flags);
26435 APM_DO_SAVE_SEGS;
26436 @@ -694,7 +704,11 @@ static long __apm_bios_call_simple(void *_call)
26437 &call->eax);
26438 APM_DO_RESTORE_SEGS;
26439 apm_irq_restore(flags);
26440 +
26441 + pax_open_kernel();
26442 gdt[0x40 / 8] = save_desc_40;
26443 + pax_close_kernel();
26444 +
26445 put_cpu();
26446 return error;
26447 }
26448 @@ -2039,7 +2053,7 @@ static int __init swab_apm_power_in_minutes(const struct dmi_system_id *d)
26449 return 0;
26450 }
26451
26452 -static struct dmi_system_id __initdata apm_dmi_table[] = {
26453 +static const struct dmi_system_id __initconst apm_dmi_table[] = {
26454 {
26455 print_if_true,
26456 KERN_WARNING "IBM T23 - BIOS 1.03b+ and controller firmware 1.02+ may be needed for Linux APM.",
26457 @@ -2349,12 +2363,15 @@ static int __init apm_init(void)
26458 * code to that CPU.
26459 */
26460 gdt = get_cpu_gdt_table(0);
26461 +
26462 + pax_open_kernel();
26463 set_desc_base(&gdt[APM_CS >> 3],
26464 (unsigned long)__va((unsigned long)apm_info.bios.cseg << 4));
26465 set_desc_base(&gdt[APM_CS_16 >> 3],
26466 (unsigned long)__va((unsigned long)apm_info.bios.cseg_16 << 4));
26467 set_desc_base(&gdt[APM_DS >> 3],
26468 (unsigned long)__va((unsigned long)apm_info.bios.dseg << 4));
26469 + pax_close_kernel();
26470
26471 proc_create("apm", 0, NULL, &apm_file_ops);
26472
26473 diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c
26474 index 2bd5c6f..4907fd0 100644
26475 --- a/arch/x86/kernel/asm-offsets.c
26476 +++ b/arch/x86/kernel/asm-offsets.c
26477 @@ -31,9 +31,11 @@ void common(void) {
26478 BLANK();
26479 OFFSET(TI_flags, thread_info, flags);
26480 OFFSET(TI_status, thread_info, status);
26481 + OFFSET(TI_lowest_stack, thread_info, lowest_stack);
26482 + DEFINE(TI_task_thread_sp0, offsetof(struct task_struct, thread.sp0) - offsetof(struct task_struct, tinfo));
26483
26484 BLANK();
26485 - OFFSET(TASK_addr_limit, task_struct, thread.addr_limit);
26486 + OFFSET(TASK_addr_limit, task_struct, tinfo.addr_limit);
26487
26488 BLANK();
26489 OFFSET(crypto_tfm_ctx_offset, crypto_tfm, __crt_ctx);
26490 @@ -68,8 +70,26 @@ void common(void) {
26491 OFFSET(PV_CPU_iret, pv_cpu_ops, iret);
26492 OFFSET(PV_CPU_read_cr0, pv_cpu_ops, read_cr0);
26493 OFFSET(PV_MMU_read_cr2, pv_mmu_ops, read_cr2);
26494 +
26495 +#ifdef CONFIG_PAX_KERNEXEC
26496 + OFFSET(PV_CPU_write_cr0, pv_cpu_ops, write_cr0);
26497 #endif
26498
26499 +#ifdef CONFIG_PAX_MEMORY_UDEREF
26500 + OFFSET(PV_MMU_read_cr3, pv_mmu_ops, read_cr3);
26501 + OFFSET(PV_MMU_write_cr3, pv_mmu_ops, write_cr3);
26502 +#ifdef CONFIG_X86_64
26503 + OFFSET(PV_MMU_set_pgd_batched, pv_mmu_ops, set_pgd_batched);
26504 +#endif
26505 +#endif
26506 +
26507 +#endif
26508 +
26509 + BLANK();
26510 + DEFINE(PAGE_SIZE_asm, PAGE_SIZE);
26511 + DEFINE(PAGE_SHIFT_asm, PAGE_SHIFT);
26512 + DEFINE(THREAD_SIZE_asm, THREAD_SIZE);
26513 +
26514 #ifdef CONFIG_XEN
26515 BLANK();
26516 OFFSET(XEN_vcpu_info_mask, vcpu_info, evtchn_upcall_mask);
26517 @@ -88,4 +108,5 @@ void common(void) {
26518
26519 BLANK();
26520 DEFINE(PTREGS_SIZE, sizeof(struct pt_regs));
26521 + DEFINE(TSS_size, sizeof(struct tss_struct));
26522 }
26523 diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile
26524 index 4a8697f..8a13428 100644
26525 --- a/arch/x86/kernel/cpu/Makefile
26526 +++ b/arch/x86/kernel/cpu/Makefile
26527 @@ -12,10 +12,6 @@ endif
26528 KCOV_INSTRUMENT_common.o := n
26529 KCOV_INSTRUMENT_perf_event.o := n
26530
26531 -# Make sure load_percpu_segment has no stackprotector
26532 -nostackp := $(call cc-option, -fno-stack-protector)
26533 -CFLAGS_common.o := $(nostackp)
26534 -
26535 obj-y := intel_cacheinfo.o scattered.o topology.o
26536 obj-y += common.o
26537 obj-y += rdrand.o
26538 diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
26539 index b81fe2d..fa46eca 100644
26540 --- a/arch/x86/kernel/cpu/amd.c
26541 +++ b/arch/x86/kernel/cpu/amd.c
26542 @@ -792,7 +792,7 @@ static void init_amd(struct cpuinfo_x86 *c)
26543 static unsigned int amd_size_cache(struct cpuinfo_x86 *c, unsigned int size)
26544 {
26545 /* AMD errata T13 (order #21922) */
26546 - if ((c->x86 == 6)) {
26547 + if (c->x86 == 6) {
26548 /* Duron Rev A0 */
26549 if (c->x86_model == 3 && c->x86_mask == 0)
26550 size = 64;
26551 diff --git a/arch/x86/kernel/cpu/bugs_64.c b/arch/x86/kernel/cpu/bugs_64.c
26552 index a972ac4..938c163 100644
26553 --- a/arch/x86/kernel/cpu/bugs_64.c
26554 +++ b/arch/x86/kernel/cpu/bugs_64.c
26555 @@ -10,6 +10,7 @@
26556 #include <asm/processor.h>
26557 #include <asm/mtrr.h>
26558 #include <asm/cacheflush.h>
26559 +#include <asm/sections.h>
26560
26561 void __init check_bugs(void)
26562 {
26563 @@ -18,6 +19,7 @@ void __init check_bugs(void)
26564 pr_info("CPU: ");
26565 print_cpu_info(&boot_cpu_data);
26566 #endif
26567 + set_memory_nx((unsigned long)_sinitdata, (__START_KERNEL_map + KERNEL_IMAGE_SIZE - (unsigned long)_sinitdata) >> PAGE_SHIFT);
26568 alternative_instructions();
26569
26570 /*
26571 diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
26572 index bcc9ccc..84b8a82 100644
26573 --- a/arch/x86/kernel/cpu/common.c
26574 +++ b/arch/x86/kernel/cpu/common.c
26575 @@ -93,60 +93,6 @@ static const struct cpu_dev default_cpu = {
26576
26577 static const struct cpu_dev *this_cpu = &default_cpu;
26578
26579 -DEFINE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page) = { .gdt = {
26580 -#ifdef CONFIG_X86_64
26581 - /*
26582 - * We need valid kernel segments for data and code in long mode too
26583 - * IRET will check the segment types kkeil 2000/10/28
26584 - * Also sysret mandates a special GDT layout
26585 - *
26586 - * TLS descriptors are currently at a different place compared to i386.
26587 - * Hopefully nobody expects them at a fixed place (Wine?)
26588 - */
26589 - [GDT_ENTRY_KERNEL32_CS] = GDT_ENTRY_INIT(0xc09b, 0, 0xfffff),
26590 - [GDT_ENTRY_KERNEL_CS] = GDT_ENTRY_INIT(0xa09b, 0, 0xfffff),
26591 - [GDT_ENTRY_KERNEL_DS] = GDT_ENTRY_INIT(0xc093, 0, 0xfffff),
26592 - [GDT_ENTRY_DEFAULT_USER32_CS] = GDT_ENTRY_INIT(0xc0fb, 0, 0xfffff),
26593 - [GDT_ENTRY_DEFAULT_USER_DS] = GDT_ENTRY_INIT(0xc0f3, 0, 0xfffff),
26594 - [GDT_ENTRY_DEFAULT_USER_CS] = GDT_ENTRY_INIT(0xa0fb, 0, 0xfffff),
26595 -#else
26596 - [GDT_ENTRY_KERNEL_CS] = GDT_ENTRY_INIT(0xc09a, 0, 0xfffff),
26597 - [GDT_ENTRY_KERNEL_DS] = GDT_ENTRY_INIT(0xc092, 0, 0xfffff),
26598 - [GDT_ENTRY_DEFAULT_USER_CS] = GDT_ENTRY_INIT(0xc0fa, 0, 0xfffff),
26599 - [GDT_ENTRY_DEFAULT_USER_DS] = GDT_ENTRY_INIT(0xc0f2, 0, 0xfffff),
26600 - /*
26601 - * Segments used for calling PnP BIOS have byte granularity.
26602 - * They code segments and data segments have fixed 64k limits,
26603 - * the transfer segment sizes are set at run time.
26604 - */
26605 - /* 32-bit code */
26606 - [GDT_ENTRY_PNPBIOS_CS32] = GDT_ENTRY_INIT(0x409a, 0, 0xffff),
26607 - /* 16-bit code */
26608 - [GDT_ENTRY_PNPBIOS_CS16] = GDT_ENTRY_INIT(0x009a, 0, 0xffff),
26609 - /* 16-bit data */
26610 - [GDT_ENTRY_PNPBIOS_DS] = GDT_ENTRY_INIT(0x0092, 0, 0xffff),
26611 - /* 16-bit data */
26612 - [GDT_ENTRY_PNPBIOS_TS1] = GDT_ENTRY_INIT(0x0092, 0, 0),
26613 - /* 16-bit data */
26614 - [GDT_ENTRY_PNPBIOS_TS2] = GDT_ENTRY_INIT(0x0092, 0, 0),
26615 - /*
26616 - * The APM segments have byte granularity and their bases
26617 - * are set at run time. All have 64k limits.
26618 - */
26619 - /* 32-bit code */
26620 - [GDT_ENTRY_APMBIOS_BASE] = GDT_ENTRY_INIT(0x409a, 0, 0xffff),
26621 - /* 16-bit code */
26622 - [GDT_ENTRY_APMBIOS_BASE+1] = GDT_ENTRY_INIT(0x009a, 0, 0xffff),
26623 - /* data */
26624 - [GDT_ENTRY_APMBIOS_BASE+2] = GDT_ENTRY_INIT(0x4092, 0, 0xffff),
26625 -
26626 - [GDT_ENTRY_ESPFIX_SS] = GDT_ENTRY_INIT(0xc092, 0, 0xfffff),
26627 - [GDT_ENTRY_PERCPU] = GDT_ENTRY_INIT(0xc092, 0, 0xfffff),
26628 - GDT_STACK_CANARY_INIT
26629 -#endif
26630 -} };
26631 -EXPORT_PER_CPU_SYMBOL_GPL(gdt_page);
26632 -
26633 static int __init x86_mpx_setup(char *s)
26634 {
26635 /* require an exact match without trailing characters */
26636 @@ -281,6 +227,10 @@ static __always_inline void setup_smep(struct cpuinfo_x86 *c)
26637 {
26638 if (cpu_has(c, X86_FEATURE_SMEP))
26639 cr4_set_bits(X86_CR4_SMEP);
26640 +#ifdef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_NONE
26641 + else
26642 + panic("PAX: this KERNEXEC configuration requires SMEP support\n");
26643 +#endif
26644 }
26645
26646 static __init int setup_disable_smap(char *arg)
26647 @@ -306,6 +256,109 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
26648 }
26649 }
26650
26651 +#ifdef CONFIG_PAX_MEMORY_UDEREF
26652 +#ifdef CONFIG_X86_64
26653 +static bool uderef_enabled __read_only = true;
26654 +unsigned long pax_user_shadow_base __read_only;
26655 +EXPORT_SYMBOL(pax_user_shadow_base);
26656 +extern char pax_enter_kernel_user[];
26657 +extern char pax_exit_kernel_user[];
26658 +
26659 +static int __init setup_pax_weakuderef(char *str)
26660 +{
26661 + if (uderef_enabled)
26662 + pax_user_shadow_base = 1UL << TASK_SIZE_MAX_SHIFT;
26663 + return 1;
26664 +}
26665 +__setup("pax_weakuderef", setup_pax_weakuderef);
26666 +#endif
26667 +
26668 +static int __init setup_pax_nouderef(char *str)
26669 +{
26670 +#ifdef CONFIG_X86_32
26671 + unsigned int cpu;
26672 + struct desc_struct *gdt;
26673 +
26674 + for (cpu = 0; cpu < nr_cpu_ids; cpu++) {
26675 + gdt = get_cpu_gdt_table(cpu);
26676 + gdt[GDT_ENTRY_KERNEL_DS].type = 3;
26677 + gdt[GDT_ENTRY_KERNEL_DS].limit = 0xf;
26678 + gdt[GDT_ENTRY_DEFAULT_USER_CS].limit = 0xf;
26679 + gdt[GDT_ENTRY_DEFAULT_USER_DS].limit = 0xf;
26680 + }
26681 + loadsegment(ds, __KERNEL_DS);
26682 + loadsegment(es, __KERNEL_DS);
26683 + loadsegment(ss, __KERNEL_DS);
26684 +#else
26685 + memcpy(pax_enter_kernel_user, (unsigned char []){0xc3}, 1);
26686 + memcpy(pax_exit_kernel_user, (unsigned char []){0xc3}, 1);
26687 + clone_pgd_mask = ~(pgdval_t)0UL;
26688 + pax_user_shadow_base = 0UL;
26689 + setup_clear_cpu_cap(X86_FEATURE_PCIDUDEREF);
26690 + uderef_enabled = false;
26691 +#endif
26692 +
26693 + return 0;
26694 +}
26695 +early_param("pax_nouderef", setup_pax_nouderef);
26696 +#endif
26697 +
26698 +#ifdef CONFIG_X86_64
26699 +static __init int setup_disable_pcid(char *arg)
26700 +{
26701 + setup_clear_cpu_cap(X86_FEATURE_PCID);
26702 + setup_clear_cpu_cap(X86_FEATURE_INVPCID);
26703 +
26704 +#ifdef CONFIG_PAX_MEMORY_UDEREF
26705 + if (uderef_enabled)
26706 + pax_user_shadow_base = 1UL << TASK_SIZE_MAX_SHIFT;
26707 +#endif
26708 +
26709 + return 1;
26710 +}
26711 +__setup("nopcid", setup_disable_pcid);
26712 +
26713 +static void setup_pcid(struct cpuinfo_x86 *c)
26714 +{
26715 + if (cpu_has(c, X86_FEATURE_PCID)) {
26716 + printk("PAX: PCID detected\n");
26717 + cr4_set_bits(X86_CR4_PCIDE);
26718 + } else
26719 + clear_cpu_cap(c, X86_FEATURE_INVPCID);
26720 +
26721 + if (cpu_has(c, X86_FEATURE_INVPCID))
26722 + printk("PAX: INVPCID detected\n");
26723 +
26724 +#ifdef CONFIG_PAX_MEMORY_UDEREF
26725 + if (!uderef_enabled) {
26726 + printk("PAX: UDEREF disabled\n");
26727 + return;
26728 + }
26729 +
26730 + if (!cpu_has(c, X86_FEATURE_PCID)) {
26731 + pax_open_kernel();
26732 + pax_user_shadow_base = 1UL << TASK_SIZE_MAX_SHIFT;
26733 + pax_close_kernel();
26734 + printk("PAX: slow and weak UDEREF enabled\n");
26735 + return;
26736 + }
26737 +
26738 + set_cpu_cap(c, X86_FEATURE_PCIDUDEREF);
26739 +
26740 + pax_open_kernel();
26741 + clone_pgd_mask = ~(pgdval_t)0UL;
26742 + pax_close_kernel();
26743 + if (pax_user_shadow_base)
26744 + printk("PAX: weak UDEREF enabled\n");
26745 + else {
26746 + set_cpu_cap(c, X86_FEATURE_STRONGUDEREF);
26747 + printk("PAX: strong UDEREF enabled\n");
26748 + }
26749 +#endif
26750 +
26751 +}
26752 +#endif
26753 +
26754 /*
26755 * Protection Keys are not available in 32-bit mode.
26756 */
26757 @@ -451,7 +504,7 @@ void switch_to_new_gdt(int cpu)
26758 {
26759 struct desc_ptr gdt_descr;
26760
26761 - gdt_descr.address = (long)get_cpu_gdt_table(cpu);
26762 + gdt_descr.address = (unsigned long)get_cpu_gdt_table(cpu);
26763 gdt_descr.size = GDT_SIZE - 1;
26764 load_gdt(&gdt_descr);
26765 /* Reload the per-cpu base */
26766 @@ -972,9 +1025,11 @@ static void x86_init_cache_qos(struct cpuinfo_x86 *c)
26767 * in case CQM bits really aren't there in this CPU.
26768 */
26769 if (c != &boot_cpu_data) {
26770 + pax_open_kernel();
26771 boot_cpu_data.x86_cache_max_rmid =
26772 min(boot_cpu_data.x86_cache_max_rmid,
26773 c->x86_cache_max_rmid);
26774 + pax_close_kernel();
26775 }
26776 }
26777
26778 @@ -1041,6 +1096,20 @@ static void identify_cpu(struct cpuinfo_x86 *c)
26779 setup_smep(c);
26780 setup_smap(c);
26781
26782 +#ifdef CONFIG_X86_32
26783 +#ifdef CONFIG_PAX_PAGEEXEC
26784 + if (!(__supported_pte_mask & _PAGE_NX))
26785 + clear_cpu_cap(c, X86_FEATURE_PSE);
26786 +#endif
26787 +#if defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
26788 + clear_cpu_cap(c, X86_FEATURE_SEP);
26789 +#endif
26790 +#endif
26791 +
26792 +#ifdef CONFIG_X86_64
26793 + setup_pcid(c);
26794 +#endif
26795 +
26796 /*
26797 * The vendor-specific functions might have changed features.
26798 * Now we do "generic changes."
26799 @@ -1086,10 +1155,14 @@ static void identify_cpu(struct cpuinfo_x86 *c)
26800 * executed, c == &boot_cpu_data.
26801 */
26802 if (c != &boot_cpu_data) {
26803 + pax_open_kernel();
26804 +
26805 /* AND the already accumulated flags with these */
26806 for (i = 0; i < NCAPINTS; i++)
26807 boot_cpu_data.x86_capability[i] &= c->x86_capability[i];
26808
26809 + pax_close_kernel();
26810 +
26811 /* OR, i.e. replicate the bug flags */
26812 for (i = NCAPINTS; i < NCAPINTS + NBUGINTS; i++)
26813 c->x86_capability[i] |= boot_cpu_data.x86_capability[i];
26814 @@ -1121,7 +1194,7 @@ void enable_sep_cpu(void)
26815 return;
26816
26817 cpu = get_cpu();
26818 - tss = &per_cpu(cpu_tss, cpu);
26819 + tss = cpu_tss + cpu;
26820
26821 /*
26822 * We cache MSR_IA32_SYSENTER_CS's value in the TSS's ss1 field --
26823 @@ -1263,10 +1336,12 @@ static __init int setup_disablecpuid(char *arg)
26824 }
26825 __setup("clearcpuid=", setup_disablecpuid);
26826
26827 +DEFINE_PER_CPU(struct thread_info *, current_tinfo) = &init_task.tinfo;
26828 +EXPORT_PER_CPU_SYMBOL(current_tinfo);
26829 +
26830 #ifdef CONFIG_X86_64
26831 -struct desc_ptr idt_descr = { NR_VECTORS * 16 - 1, (unsigned long) idt_table };
26832 -struct desc_ptr debug_idt_descr = { NR_VECTORS * 16 - 1,
26833 - (unsigned long) debug_idt_table };
26834 +struct desc_ptr idt_descr __read_only = { NR_VECTORS * 16 - 1, (unsigned long) idt_table };
26835 +const struct desc_ptr debug_idt_descr = { NR_VECTORS * 16 - 1, (unsigned long) debug_idt_table };
26836
26837 DEFINE_PER_CPU_FIRST(union irq_stack_union,
26838 irq_stack_union) __aligned(PAGE_SIZE) __visible;
26839 @@ -1378,21 +1453,21 @@ EXPORT_PER_CPU_SYMBOL(current_task);
26840 DEFINE_PER_CPU(int, __preempt_count) = INIT_PREEMPT_COUNT;
26841 EXPORT_PER_CPU_SYMBOL(__preempt_count);
26842
26843 +#ifdef CONFIG_CC_STACKPROTECTOR
26844 +DEFINE_PER_CPU_ALIGNED(struct stack_canary, stack_canary);
26845 +#endif
26846 +
26847 +#endif /* CONFIG_X86_64 */
26848 +
26849 /*
26850 * On x86_32, vm86 modifies tss.sp0, so sp0 isn't a reliable way to find
26851 * the top of the kernel stack. Use an extra percpu variable to track the
26852 * top of the kernel stack directly.
26853 */
26854 DEFINE_PER_CPU(unsigned long, cpu_current_top_of_stack) =
26855 - (unsigned long)&init_thread_union + THREAD_SIZE;
26856 + (unsigned long)&init_thread_union - 16 + THREAD_SIZE;
26857 EXPORT_PER_CPU_SYMBOL(cpu_current_top_of_stack);
26858
26859 -#ifdef CONFIG_CC_STACKPROTECTOR
26860 -DEFINE_PER_CPU_ALIGNED(struct stack_canary, stack_canary);
26861 -#endif
26862 -
26863 -#endif /* CONFIG_X86_64 */
26864 -
26865 /*
26866 * Clear all 6 debug registers:
26867 */
26868 @@ -1468,7 +1543,7 @@ void cpu_init(void)
26869 */
26870 load_ucode_ap();
26871
26872 - t = &per_cpu(cpu_tss, cpu);
26873 + t = cpu_tss + cpu;
26874 oist = &per_cpu(orig_ist, cpu);
26875
26876 #ifdef CONFIG_NUMA
26877 @@ -1500,7 +1575,6 @@ void cpu_init(void)
26878 wrmsrl(MSR_KERNEL_GS_BASE, 0);
26879 barrier();
26880
26881 - x86_configure_nx();
26882 x2apic_setup();
26883
26884 /*
26885 @@ -1552,7 +1626,7 @@ void cpu_init(void)
26886 {
26887 int cpu = smp_processor_id();
26888 struct task_struct *curr = current;
26889 - struct tss_struct *t = &per_cpu(cpu_tss, cpu);
26890 + struct tss_struct *t = cpu_tss + cpu;
26891 struct thread_struct *thread = &curr->thread;
26892
26893 wait_for_master_cpu(cpu);
26894 diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c
26895 index de6626c..c84e8c1 100644
26896 --- a/arch/x86/kernel/cpu/intel_cacheinfo.c
26897 +++ b/arch/x86/kernel/cpu/intel_cacheinfo.c
26898 @@ -519,25 +519,23 @@ cache_private_attrs_is_visible(struct kobject *kobj,
26899 return 0;
26900 }
26901
26902 +static struct attribute *amd_l3_attrs[4];
26903 +
26904 static struct attribute_group cache_private_group = {
26905 .is_visible = cache_private_attrs_is_visible,
26906 + .attrs = amd_l3_attrs,
26907 };
26908
26909 static void init_amd_l3_attrs(void)
26910 {
26911 int n = 1;
26912 - static struct attribute **amd_l3_attrs;
26913 -
26914 - if (amd_l3_attrs) /* already initialized */
26915 - return;
26916
26917 if (amd_nb_has_feature(AMD_NB_L3_INDEX_DISABLE))
26918 n += 2;
26919 if (amd_nb_has_feature(AMD_NB_L3_PARTITIONING))
26920 n += 1;
26921
26922 - amd_l3_attrs = kcalloc(n, sizeof(*amd_l3_attrs), GFP_KERNEL);
26923 - if (!amd_l3_attrs)
26924 + if (n > 1 && amd_l3_attrs[0]) /* already initialized */
26925 return;
26926
26927 n = 0;
26928 @@ -547,8 +545,6 @@ static void init_amd_l3_attrs(void)
26929 }
26930 if (amd_nb_has_feature(AMD_NB_L3_PARTITIONING))
26931 amd_l3_attrs[n++] = &dev_attr_subcaches.attr;
26932 -
26933 - cache_private_group.attrs = amd_l3_attrs;
26934 }
26935
26936 const struct attribute_group *
26937 @@ -559,7 +555,7 @@ cache_get_priv_group(struct cacheinfo *this_leaf)
26938 if (this_leaf->level < 3 || !nb)
26939 return NULL;
26940
26941 - if (nb && nb->l3_cache.indices)
26942 + if (nb->l3_cache.indices)
26943 init_amd_l3_attrs();
26944
26945 return &cache_private_group;
26946 diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
26947 index 79d8ec8..ba9ae33 100644
26948 --- a/arch/x86/kernel/cpu/mcheck/mce.c
26949 +++ b/arch/x86/kernel/cpu/mcheck/mce.c
26950 @@ -47,6 +47,7 @@
26951 #include <asm/tlbflush.h>
26952 #include <asm/mce.h>
26953 #include <asm/msr.h>
26954 +#include <asm/local.h>
26955
26956 #include "mce-internal.h"
26957
26958 @@ -209,8 +210,7 @@ static struct notifier_block mce_srao_nb;
26959 void mce_register_decode_chain(struct notifier_block *nb)
26960 {
26961 /* Ensure SRAO notifier has the highest priority in the decode chain. */
26962 - if (nb != &mce_srao_nb && nb->priority == INT_MAX)
26963 - nb->priority -= 1;
26964 + BUG_ON(nb != &mce_srao_nb && nb->priority == INT_MAX);
26965
26966 atomic_notifier_chain_register(&x86_mce_decoder_chain, nb);
26967 }
26968 @@ -262,7 +262,7 @@ static inline u32 smca_misc_reg(int bank)
26969 return MSR_AMD64_SMCA_MCx_MISC(bank);
26970 }
26971
26972 -struct mca_msr_regs msr_ops = {
26973 +struct mca_msr_regs msr_ops __read_only = {
26974 .ctl = ctl_reg,
26975 .status = status_reg,
26976 .addr = addr_reg,
26977 @@ -281,7 +281,7 @@ static void print_mce(struct mce *m)
26978 !(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "",
26979 m->cs, m->ip);
26980
26981 - if (m->cs == __KERNEL_CS)
26982 + if (m->cs == __KERNEL_CS || m->cs == __KERNEXEC_KERNEL_CS)
26983 print_symbol("{%s}", m->ip);
26984 pr_cont("\n");
26985 }
26986 @@ -314,10 +314,10 @@ static void print_mce(struct mce *m)
26987
26988 #define PANIC_TIMEOUT 5 /* 5 seconds */
26989
26990 -static atomic_t mce_panicked;
26991 +static atomic_unchecked_t mce_panicked;
26992
26993 static int fake_panic;
26994 -static atomic_t mce_fake_panicked;
26995 +static atomic_unchecked_t mce_fake_panicked;
26996
26997 /* Panic in progress. Enable interrupts and wait for final IPI */
26998 static void wait_for_panic(void)
26999 @@ -343,7 +343,7 @@ static void mce_panic(const char *msg, struct mce *final, char *exp)
27000 /*
27001 * Make sure only one CPU runs in machine check panic
27002 */
27003 - if (atomic_inc_return(&mce_panicked) > 1)
27004 + if (atomic_inc_return_unchecked(&mce_panicked) > 1)
27005 wait_for_panic();
27006 barrier();
27007
27008 @@ -351,7 +351,7 @@ static void mce_panic(const char *msg, struct mce *final, char *exp)
27009 console_verbose();
27010 } else {
27011 /* Don't log too much for fake panic */
27012 - if (atomic_inc_return(&mce_fake_panicked) > 1)
27013 + if (atomic_inc_return_unchecked(&mce_fake_panicked) > 1)
27014 return;
27015 }
27016 pending = mce_gen_pool_prepare_records();
27017 @@ -387,7 +387,7 @@ static void mce_panic(const char *msg, struct mce *final, char *exp)
27018 if (!fake_panic) {
27019 if (panic_timeout == 0)
27020 panic_timeout = mca_cfg.panic_timeout;
27021 - panic(msg);
27022 + panic("%s", msg);
27023 } else
27024 pr_emerg(HW_ERR "Fake kernel panic: %s\n", msg);
27025 }
27026 @@ -761,7 +761,7 @@ static int mce_timed_out(u64 *t, const char *msg)
27027 * might have been modified by someone else.
27028 */
27029 rmb();
27030 - if (atomic_read(&mce_panicked))
27031 + if (atomic_read_unchecked(&mce_panicked))
27032 wait_for_panic();
27033 if (!mca_cfg.monarch_timeout)
27034 goto out;
27035 @@ -1691,10 +1691,12 @@ static void __mcheck_cpu_init_vendor(struct cpuinfo_x86 *c)
27036 * Install proper ops for Scalable MCA enabled processors
27037 */
27038 if (mce_flags.smca) {
27039 + pax_open_kernel();
27040 msr_ops.ctl = smca_ctl_reg;
27041 msr_ops.status = smca_status_reg;
27042 msr_ops.addr = smca_addr_reg;
27043 msr_ops.misc = smca_misc_reg;
27044 + pax_close_kernel();
27045 }
27046 mce_amd_feature_init(c);
27047
27048 @@ -1747,7 +1749,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code)
27049 }
27050
27051 /* Call the installed machine check handler for this CPU setup. */
27052 -void (*machine_check_vector)(struct pt_regs *, long error_code) =
27053 +void (*machine_check_vector)(struct pt_regs *, long error_code) __read_only =
27054 unexpected_machine_check;
27055
27056 /*
27057 @@ -1776,7 +1778,9 @@ void mcheck_cpu_init(struct cpuinfo_x86 *c)
27058 return;
27059 }
27060
27061 + pax_open_kernel();
27062 machine_check_vector = do_machine_check;
27063 + pax_close_kernel();
27064
27065 __mcheck_cpu_init_generic();
27066 __mcheck_cpu_init_vendor(c);
27067 @@ -1808,7 +1812,7 @@ void mcheck_cpu_clear(struct cpuinfo_x86 *c)
27068 */
27069
27070 static DEFINE_SPINLOCK(mce_chrdev_state_lock);
27071 -static int mce_chrdev_open_count; /* #times opened */
27072 +static local_t mce_chrdev_open_count; /* #times opened */
27073 static int mce_chrdev_open_exclu; /* already open exclusive? */
27074
27075 static int mce_chrdev_open(struct inode *inode, struct file *file)
27076 @@ -1816,7 +1820,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
27077 spin_lock(&mce_chrdev_state_lock);
27078
27079 if (mce_chrdev_open_exclu ||
27080 - (mce_chrdev_open_count && (file->f_flags & O_EXCL))) {
27081 + (local_read(&mce_chrdev_open_count) && (file->f_flags & O_EXCL))) {
27082 spin_unlock(&mce_chrdev_state_lock);
27083
27084 return -EBUSY;
27085 @@ -1824,7 +1828,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
27086
27087 if (file->f_flags & O_EXCL)
27088 mce_chrdev_open_exclu = 1;
27089 - mce_chrdev_open_count++;
27090 + local_inc(&mce_chrdev_open_count);
27091
27092 spin_unlock(&mce_chrdev_state_lock);
27093
27094 @@ -1835,7 +1839,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file)
27095 {
27096 spin_lock(&mce_chrdev_state_lock);
27097
27098 - mce_chrdev_open_count--;
27099 + local_dec(&mce_chrdev_open_count);
27100 mce_chrdev_open_exclu = 0;
27101
27102 spin_unlock(&mce_chrdev_state_lock);
27103 @@ -2529,7 +2533,7 @@ static __init void mce_init_banks(void)
27104
27105 for (i = 0; i < mca_cfg.banks; i++) {
27106 struct mce_bank *b = &mce_banks[i];
27107 - struct device_attribute *a = &b->attr;
27108 + device_attribute_no_const *a = &b->attr;
27109
27110 sysfs_attr_init(&a->attr);
27111 a->attr.name = b->attrname;
27112 @@ -2636,7 +2640,7 @@ struct dentry *mce_get_debugfs_dir(void)
27113 static void mce_reset(void)
27114 {
27115 cpu_missing = 0;
27116 - atomic_set(&mce_fake_panicked, 0);
27117 + atomic_set_unchecked(&mce_fake_panicked, 0);
27118 atomic_set(&mce_executing, 0);
27119 atomic_set(&mce_callin, 0);
27120 atomic_set(&global_nwo, 0);
27121 diff --git a/arch/x86/kernel/cpu/mcheck/p5.c b/arch/x86/kernel/cpu/mcheck/p5.c
27122 index 2a0717b..7fbc641 100644
27123 --- a/arch/x86/kernel/cpu/mcheck/p5.c
27124 +++ b/arch/x86/kernel/cpu/mcheck/p5.c
27125 @@ -12,6 +12,7 @@
27126 #include <asm/tlbflush.h>
27127 #include <asm/mce.h>
27128 #include <asm/msr.h>
27129 +#include <asm/pgtable.h>
27130
27131 /* By default disabled */
27132 int mce_p5_enabled __read_mostly;
27133 @@ -52,7 +53,9 @@ void intel_p5_mcheck_init(struct cpuinfo_x86 *c)
27134 if (!cpu_has(c, X86_FEATURE_MCE))
27135 return;
27136
27137 + pax_open_kernel();
27138 machine_check_vector = pentium_machine_check;
27139 + pax_close_kernel();
27140 /* Make sure the vector pointer is visible before we enable MCEs: */
27141 wmb();
27142
27143 diff --git a/arch/x86/kernel/cpu/mcheck/winchip.c b/arch/x86/kernel/cpu/mcheck/winchip.c
27144 index c6a722e..4016140 100644
27145 --- a/arch/x86/kernel/cpu/mcheck/winchip.c
27146 +++ b/arch/x86/kernel/cpu/mcheck/winchip.c
27147 @@ -11,6 +11,7 @@
27148 #include <asm/tlbflush.h>
27149 #include <asm/mce.h>
27150 #include <asm/msr.h>
27151 +#include <asm/pgtable.h>
27152
27153 /* Machine check handler for WinChip C6: */
27154 static void winchip_machine_check(struct pt_regs *regs, long error_code)
27155 @@ -28,7 +29,9 @@ void winchip_mcheck_init(struct cpuinfo_x86 *c)
27156 {
27157 u32 lo, hi;
27158
27159 + pax_open_kernel();
27160 machine_check_vector = winchip_machine_check;
27161 + pax_close_kernel();
27162 /* Make sure the vector pointer is visible before we enable MCEs: */
27163 wmb();
27164
27165 diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c
27166 index cdc0dea..ada8a20 100644
27167 --- a/arch/x86/kernel/cpu/microcode/intel.c
27168 +++ b/arch/x86/kernel/cpu/microcode/intel.c
27169 @@ -1072,13 +1072,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device,
27170
27171 static int get_ucode_user(void *to, const void *from, size_t n)
27172 {
27173 - return copy_from_user(to, from, n);
27174 + return copy_from_user(to, (const void __force_user *)from, n);
27175 }
27176
27177 static enum ucode_state
27178 request_microcode_user(int cpu, const void __user *buf, size_t size)
27179 {
27180 - return generic_load_microcode(cpu, (void *)buf, size, &get_ucode_user);
27181 + return generic_load_microcode(cpu, (__force_kernel void *)buf, size, &get_ucode_user);
27182 }
27183
27184 static void microcode_fini_cpu(int cpu)
27185 diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c
27186 index 8f44c5a..ed71f8c 100644
27187 --- a/arch/x86/kernel/cpu/mshyperv.c
27188 +++ b/arch/x86/kernel/cpu/mshyperv.c
27189 @@ -206,7 +206,7 @@ static void __init ms_hyperv_init_platform(void)
27190 x86_platform.get_nmi_reason = hv_get_nmi_reason;
27191 }
27192
27193 -const __refconst struct hypervisor_x86 x86_hyper_ms_hyperv = {
27194 +const struct hypervisor_x86 x86_hyper_ms_hyperv = {
27195 .name = "Microsoft HyperV",
27196 .detect = ms_hyperv_platform,
27197 .init_platform = ms_hyperv_init_platform,
27198 diff --git a/arch/x86/kernel/cpu/mtrr/generic.c b/arch/x86/kernel/cpu/mtrr/generic.c
27199 index fdc5521..d31149c 100644
27200 --- a/arch/x86/kernel/cpu/mtrr/generic.c
27201 +++ b/arch/x86/kernel/cpu/mtrr/generic.c
27202 @@ -726,7 +726,8 @@ static DEFINE_RAW_SPINLOCK(set_atomicity_lock);
27203 * The caller must ensure that local interrupts are disabled and
27204 * are reenabled after post_set() has been called.
27205 */
27206 -static void prepare_set(void) __acquires(set_atomicity_lock)
27207 +static void prepare_set(void) __acquires(&set_atomicity_lock);
27208 +static void prepare_set(void)
27209 {
27210 unsigned long cr0;
27211
27212 @@ -762,7 +763,8 @@ static void prepare_set(void) __acquires(set_atomicity_lock)
27213 wbinvd();
27214 }
27215
27216 -static void post_set(void) __releases(set_atomicity_lock)
27217 +static void post_set(void) __releases(&set_atomicity_lock);
27218 +static void post_set(void)
27219 {
27220 /* Flush TLBs (no need to flush caches - they are disabled) */
27221 count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
27222 diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c
27223 index 28f1b54..1004b6d 100644
27224 --- a/arch/x86/kernel/cpu/mtrr/main.c
27225 +++ b/arch/x86/kernel/cpu/mtrr/main.c
27226 @@ -72,7 +72,7 @@ static DEFINE_MUTEX(mtrr_mutex);
27227 u64 size_or_mask, size_and_mask;
27228 static bool mtrr_aps_delayed_init;
27229
27230 -static const struct mtrr_ops *mtrr_ops[X86_VENDOR_NUM];
27231 +static const struct mtrr_ops *mtrr_ops[X86_VENDOR_NUM] __read_only;
27232
27233 const struct mtrr_ops *mtrr_if;
27234
27235 diff --git a/arch/x86/kernel/cpu/mtrr/mtrr.h b/arch/x86/kernel/cpu/mtrr/mtrr.h
27236 index 6c7ced0..55ee554 100644
27237 --- a/arch/x86/kernel/cpu/mtrr/mtrr.h
27238 +++ b/arch/x86/kernel/cpu/mtrr/mtrr.h
27239 @@ -25,7 +25,7 @@ struct mtrr_ops {
27240 int (*validate_add_page)(unsigned long base, unsigned long size,
27241 unsigned int type);
27242 int (*have_wrcomb)(void);
27243 -};
27244 +} __do_const;
27245
27246 extern int generic_get_free_region(unsigned long base, unsigned long size,
27247 int replace_reg);
27248 diff --git a/arch/x86/kernel/cpu/vmware.c b/arch/x86/kernel/cpu/vmware.c
27249 index 1ff0598..5ef5631 100644
27250 --- a/arch/x86/kernel/cpu/vmware.c
27251 +++ b/arch/x86/kernel/cpu/vmware.c
27252 @@ -137,7 +137,7 @@ static bool __init vmware_legacy_x2apic_available(void)
27253 (eax & (1 << VMWARE_PORT_CMD_LEGACY_X2APIC)) != 0;
27254 }
27255
27256 -const __refconst struct hypervisor_x86 x86_hyper_vmware = {
27257 +const struct hypervisor_x86 x86_hyper_vmware = {
27258 .name = "VMware",
27259 .detect = vmware_platform,
27260 .set_cpu_features = vmware_set_cpu_features,
27261 diff --git a/arch/x86/kernel/crash_dump_64.c b/arch/x86/kernel/crash_dump_64.c
27262 index afa64ad..dce67dd 100644
27263 --- a/arch/x86/kernel/crash_dump_64.c
27264 +++ b/arch/x86/kernel/crash_dump_64.c
27265 @@ -36,7 +36,7 @@ ssize_t copy_oldmem_page(unsigned long pfn, char *buf,
27266 return -ENOMEM;
27267
27268 if (userbuf) {
27269 - if (copy_to_user(buf, vaddr + offset, csize)) {
27270 + if (copy_to_user((char __force_user *)buf, vaddr + offset, csize)) {
27271 iounmap(vaddr);
27272 return -EFAULT;
27273 }
27274 diff --git a/arch/x86/kernel/doublefault.c b/arch/x86/kernel/doublefault.c
27275 index f6dfd93..892ade4 100644
27276 --- a/arch/x86/kernel/doublefault.c
27277 +++ b/arch/x86/kernel/doublefault.c
27278 @@ -12,7 +12,7 @@
27279
27280 #define DOUBLEFAULT_STACKSIZE (1024)
27281 static unsigned long doublefault_stack[DOUBLEFAULT_STACKSIZE];
27282 -#define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE)
27283 +#define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE-2)
27284
27285 #define ptr_ok(x) ((x) > PAGE_OFFSET && (x) < PAGE_OFFSET + MAXMEM)
27286
27287 @@ -22,7 +22,7 @@ static void doublefault_fn(void)
27288 unsigned long gdt, tss;
27289
27290 native_store_gdt(&gdt_desc);
27291 - gdt = gdt_desc.address;
27292 + gdt = (unsigned long)gdt_desc.address;
27293
27294 printk(KERN_EMERG "PANIC: double fault, gdt at %08lx [%d bytes]\n", gdt, gdt_desc.size);
27295
27296 @@ -59,10 +59,10 @@ struct tss_struct doublefault_tss __cacheline_aligned = {
27297 /* 0x2 bit is always set */
27298 .flags = X86_EFLAGS_SF | 0x2,
27299 .sp = STACK_START,
27300 - .es = __USER_DS,
27301 + .es = __KERNEL_DS,
27302 .cs = __KERNEL_CS,
27303 .ss = __KERNEL_DS,
27304 - .ds = __USER_DS,
27305 + .ds = __KERNEL_DS,
27306 .fs = __KERNEL_PERCPU,
27307
27308 .__cr3 = __pa_nodebug(swapper_pg_dir),
27309 diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c
27310 index 92e8f0a..a2430f0 100644
27311 --- a/arch/x86/kernel/dumpstack.c
27312 +++ b/arch/x86/kernel/dumpstack.c
27313 @@ -2,6 +2,9 @@
27314 * Copyright (C) 1991, 1992 Linus Torvalds
27315 * Copyright (C) 2000, 2001, 2002 Andi Kleen, SuSE Labs
27316 */
27317 +#ifdef CONFIG_GRKERNSEC_HIDESYM
27318 +#define __INCLUDED_BY_HIDESYM 1
27319 +#endif
27320 #include <linux/kallsyms.h>
27321 #include <linux/kprobes.h>
27322 #include <linux/uaccess.h>
27323 @@ -35,7 +38,7 @@ static void printk_stack_address(unsigned long address, int reliable,
27324
27325 void printk_address(unsigned long address)
27326 {
27327 - pr_cont(" [<%p>] %pS\n", (void *)address, (void *)address);
27328 + pr_cont(" [<%p>] %pA\n", (void *)address, (void *)address);
27329 }
27330
27331 #ifdef CONFIG_FUNCTION_GRAPH_TRACER
27332 @@ -77,10 +80,8 @@ print_ftrace_graph_addr(unsigned long addr, void *data,
27333 * severe exception (double fault, nmi, stack fault, debug, mce) hardware stack
27334 */
27335
27336 -static inline int valid_stack_ptr(struct task_struct *task,
27337 - void *p, unsigned int size, void *end)
27338 +static inline int valid_stack_ptr(void *t, void *p, unsigned int size, void *end)
27339 {
27340 - void *t = task_stack_page(task);
27341 if (end) {
27342 if (p < end && p >= (end-THREAD_SIZE))
27343 return 1;
27344 @@ -91,7 +92,7 @@ static inline int valid_stack_ptr(struct task_struct *task,
27345 }
27346
27347 unsigned long
27348 -print_context_stack(struct task_struct *task,
27349 +print_context_stack(struct task_struct *task, void *stack_start,
27350 unsigned long *stack, unsigned long bp,
27351 const struct stacktrace_ops *ops, void *data,
27352 unsigned long *end, int *graph)
27353 @@ -106,7 +107,7 @@ print_context_stack(struct task_struct *task,
27354 PAGE_SIZE)
27355 stack = (unsigned long *)task_stack_page(task);
27356
27357 - while (valid_stack_ptr(task, stack, sizeof(*stack), end)) {
27358 + while (valid_stack_ptr(stack_start, stack, sizeof(*stack), end)) {
27359 unsigned long addr;
27360
27361 addr = *stack;
27362 @@ -127,7 +128,7 @@ print_context_stack(struct task_struct *task,
27363 EXPORT_SYMBOL_GPL(print_context_stack);
27364
27365 unsigned long
27366 -print_context_stack_bp(struct task_struct *task,
27367 +print_context_stack_bp(struct task_struct *task, void *stack_start,
27368 unsigned long *stack, unsigned long bp,
27369 const struct stacktrace_ops *ops, void *data,
27370 unsigned long *end, int *graph)
27371 @@ -135,7 +136,7 @@ print_context_stack_bp(struct task_struct *task,
27372 struct stack_frame *frame = (struct stack_frame *)bp;
27373 unsigned long *ret_addr = &frame->return_address;
27374
27375 - while (valid_stack_ptr(task, ret_addr, sizeof(*ret_addr), end)) {
27376 + while (valid_stack_ptr(stack_start, ret_addr, sizeof(*ret_addr), end)) {
27377 unsigned long addr = *ret_addr;
27378
27379 if (!__kernel_text_address(addr))
27380 @@ -240,6 +241,7 @@ EXPORT_SYMBOL_GPL(oops_begin);
27381 NOKPROBE_SYMBOL(oops_begin);
27382
27383 void __noreturn rewind_stack_do_exit(int signr);
27384 +extern void gr_handle_kernel_exploit(void);
27385
27386 void oops_end(unsigned long flags, struct pt_regs *regs, int signr)
27387 {
27388 @@ -263,6 +265,8 @@ void oops_end(unsigned long flags, struct pt_regs *regs, int signr)
27389 if (panic_on_oops)
27390 panic("Fatal exception");
27391
27392 + gr_handle_kernel_exploit();
27393 +
27394 /*
27395 * We're not going to return, but we might be on an IST stack or
27396 * have very little stack space left. Rewind the stack and kill
27397 diff --git a/arch/x86/kernel/dumpstack_32.c b/arch/x86/kernel/dumpstack_32.c
27398 index 0967571..84666bc 100644
27399 --- a/arch/x86/kernel/dumpstack_32.c
27400 +++ b/arch/x86/kernel/dumpstack_32.c
27401 @@ -15,6 +15,7 @@
27402 #include <linux/nmi.h>
27403
27404 #include <asm/stacktrace.h>
27405 +#include <asm/desc.h>
27406
27407 static void *is_irq_stack(void *p, void *irq)
27408 {
27409 @@ -61,13 +62,14 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
27410 bp = stack_frame(task, regs);
27411
27412 for (;;) {
27413 + void *stack_start = (void *)((unsigned long)stack & ~(THREAD_SIZE-1));
27414 void *end_stack;
27415
27416 end_stack = is_hardirq_stack(stack, cpu);
27417 if (!end_stack)
27418 end_stack = is_softirq_stack(stack, cpu);
27419
27420 - bp = ops->walk_stack(task, stack, bp, ops, data,
27421 + bp = ops->walk_stack(task, stack_start, stack, bp, ops, data,
27422 end_stack, &graph);
27423
27424 /* Stop if not on irq stack */
27425 @@ -137,16 +139,17 @@ void show_regs(struct pt_regs *regs)
27426 unsigned int code_len = code_bytes;
27427 unsigned char c;
27428 u8 *ip;
27429 + unsigned long cs_base = get_desc_base(&get_cpu_gdt_table(0)[(0xffff & regs->cs) >> 3]);
27430
27431 pr_emerg("Stack:\n");
27432 show_stack_log_lvl(NULL, regs, &regs->sp, 0, KERN_EMERG);
27433
27434 pr_emerg("Code:");
27435
27436 - ip = (u8 *)regs->ip - code_prologue;
27437 + ip = (u8 *)regs->ip - code_prologue + cs_base;
27438 if (ip < (u8 *)PAGE_OFFSET || probe_kernel_address(ip, c)) {
27439 /* try starting at IP */
27440 - ip = (u8 *)regs->ip;
27441 + ip = (u8 *)regs->ip + cs_base;
27442 code_len = code_len - code_prologue + 1;
27443 }
27444 for (i = 0; i < code_len; i++, ip++) {
27445 @@ -155,7 +158,7 @@ void show_regs(struct pt_regs *regs)
27446 pr_cont(" Bad EIP value.");
27447 break;
27448 }
27449 - if (ip == (u8 *)regs->ip)
27450 + if (ip == (u8 *)regs->ip + cs_base)
27451 pr_cont(" <%02x>", c);
27452 else
27453 pr_cont(" %02x", c);
27454 @@ -168,6 +171,7 @@ int is_valid_bugaddr(unsigned long ip)
27455 {
27456 unsigned short ud2;
27457
27458 + ip = ktla_ktva(ip);
27459 if (ip < PAGE_OFFSET)
27460 return 0;
27461 if (probe_kernel_address((unsigned short *)ip, ud2))
27462 @@ -175,3 +179,15 @@ int is_valid_bugaddr(unsigned long ip)
27463
27464 return ud2 == 0x0b0f;
27465 }
27466 +
27467 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK
27468 +void __used pax_check_alloca(unsigned long size)
27469 +{
27470 + unsigned long sp = (unsigned long)&sp, stack_left;
27471 +
27472 + /* all kernel stacks are of the same size */
27473 + stack_left = sp & (THREAD_SIZE - 1);
27474 + BUG_ON(stack_left < 256 || size >= stack_left - 256);
27475 +}
27476 +EXPORT_SYMBOL(pax_check_alloca);
27477 +#endif
27478 diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c
27479 index 9ee4520..bacb90c 100644
27480 --- a/arch/x86/kernel/dumpstack_64.c
27481 +++ b/arch/x86/kernel/dumpstack_64.c
27482 @@ -158,6 +158,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
27483 unsigned used = 0;
27484 int graph = 0;
27485 int done = 0;
27486 + void *stack_start;
27487
27488 if (!task)
27489 task = current;
27490 @@ -190,17 +191,19 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
27491 done = 1;
27492
27493 switch (stype) {
27494 -
27495 - /* Break out early if we are on the thread stack */
27496 case STACK_IS_NORMAL:
27497 + /*
27498 + * This handles the process stack:
27499 + */
27500 + stack_start = (void *)((unsigned long)stack & ~(THREAD_SIZE-1));
27501 + bp = ops->walk_stack(task, stack_start, stack, bp, ops, data, NULL, &graph);
27502 break;
27503
27504 case STACK_IS_EXCEPTION:
27505 -
27506 if (ops->stack(data, id) < 0)
27507 break;
27508
27509 - bp = ops->walk_stack(task, stack, bp, ops,
27510 + bp = ops->walk_stack(task, stack_end - EXCEPTION_STKSZ, stack, bp, ops,
27511 data, stack_end, &graph);
27512 ops->stack(data, "<EOE>");
27513 /*
27514 @@ -208,15 +211,16 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
27515 * second-to-last pointer (index -2 to end) in the
27516 * exception stack:
27517 */
27518 + if ((u16)stack_end[-1] != __KERNEL_DS)
27519 + goto out;
27520 stack = (unsigned long *) stack_end[-2];
27521 done = 0;
27522 break;
27523
27524 case STACK_IS_IRQ:
27525 -
27526 if (ops->stack(data, "IRQ") < 0)
27527 break;
27528 - bp = ops->walk_stack(task, stack, bp,
27529 + bp = ops->walk_stack(task, irq_stack, stack, bp,
27530 ops, data, stack_end, &graph);
27531 /*
27532 * We link to the next stack (which would be
27533 @@ -235,10 +239,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
27534 }
27535 }
27536
27537 - /*
27538 - * This handles the process stack:
27539 - */
27540 - bp = ops->walk_stack(task, stack, bp, ops, data, NULL, &graph);
27541 +out:
27542 put_cpu();
27543 }
27544 EXPORT_SYMBOL(dump_trace);
27545 @@ -355,8 +356,55 @@ int is_valid_bugaddr(unsigned long ip)
27546 {
27547 unsigned short ud2;
27548
27549 - if (__copy_from_user(&ud2, (const void __user *) ip, sizeof(ud2)))
27550 + if (probe_kernel_address((unsigned short *)ip, ud2))
27551 return 0;
27552
27553 return ud2 == 0x0b0f;
27554 }
27555 +
27556 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK
27557 +void __used pax_check_alloca(unsigned long size)
27558 +{
27559 + unsigned long sp = (unsigned long)&sp, stack_start, stack_end;
27560 + unsigned cpu, used;
27561 + char *id;
27562 +
27563 + /* check the process stack first */
27564 + stack_start = (unsigned long)task_stack_page(current);
27565 + stack_end = stack_start + THREAD_SIZE;
27566 + if (likely(stack_start <= sp && sp < stack_end)) {
27567 + unsigned long stack_left = sp & (THREAD_SIZE - 1);
27568 + BUG_ON(stack_left < 256 || size >= stack_left - 256);
27569 + return;
27570 + }
27571 +
27572 + cpu = get_cpu();
27573 +
27574 + /* check the irq stacks */
27575 + stack_end = (unsigned long)per_cpu(irq_stack_ptr, cpu);
27576 + stack_start = stack_end - IRQ_STACK_SIZE;
27577 + if (stack_start <= sp && sp < stack_end) {
27578 + unsigned long stack_left = sp & (IRQ_STACK_SIZE - 1);
27579 + put_cpu();
27580 + BUG_ON(stack_left < 256 || size >= stack_left - 256);
27581 + return;
27582 + }
27583 +
27584 + /* check the exception stacks */
27585 + used = 0;
27586 + stack_end = (unsigned long)in_exception_stack(cpu, sp, &used, &id);
27587 + stack_start = stack_end - EXCEPTION_STKSZ;
27588 + if (stack_end && stack_start <= sp && sp < stack_end) {
27589 + unsigned long stack_left = sp & (EXCEPTION_STKSZ - 1);
27590 + put_cpu();
27591 + BUG_ON(stack_left < 256 || size >= stack_left - 256);
27592 + return;
27593 + }
27594 +
27595 + put_cpu();
27596 +
27597 + /* unknown stack */
27598 + BUG();
27599 +}
27600 +EXPORT_SYMBOL(pax_check_alloca);
27601 +#endif
27602 diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c
27603 index 625eb69..e12a513 100644
27604 --- a/arch/x86/kernel/e820.c
27605 +++ b/arch/x86/kernel/e820.c
27606 @@ -800,8 +800,8 @@ unsigned long __init e820_end_of_low_ram_pfn(void)
27607
27608 static void early_panic(char *msg)
27609 {
27610 - early_printk(msg);
27611 - panic(msg);
27612 + early_printk("%s", msg);
27613 + panic("%s", msg);
27614 }
27615
27616 static int userdef __initdata;
27617 diff --git a/arch/x86/kernel/early_printk.c b/arch/x86/kernel/early_printk.c
27618 index 8a12199..e63bebf 100644
27619 --- a/arch/x86/kernel/early_printk.c
27620 +++ b/arch/x86/kernel/early_printk.c
27621 @@ -7,6 +7,7 @@
27622 #include <linux/pci_regs.h>
27623 #include <linux/pci_ids.h>
27624 #include <linux/errno.h>
27625 +#include <linux/sched.h>
27626 #include <asm/io.h>
27627 #include <asm/processor.h>
27628 #include <asm/fcntl.h>
27629 diff --git a/arch/x86/kernel/espfix_64.c b/arch/x86/kernel/espfix_64.c
27630 index 04f89ca..43ad7de 100644
27631 --- a/arch/x86/kernel/espfix_64.c
27632 +++ b/arch/x86/kernel/espfix_64.c
27633 @@ -41,6 +41,7 @@
27634 #include <asm/pgalloc.h>
27635 #include <asm/setup.h>
27636 #include <asm/espfix.h>
27637 +#include <asm/bug.h>
27638
27639 /*
27640 * Note: we only need 6*8 = 48 bytes for the espfix stack, but round
27641 @@ -70,8 +71,10 @@ static DEFINE_MUTEX(espfix_init_mutex);
27642 #define ESPFIX_MAX_PAGES DIV_ROUND_UP(CONFIG_NR_CPUS, ESPFIX_STACKS_PER_PAGE)
27643 static void *espfix_pages[ESPFIX_MAX_PAGES];
27644
27645 -static __page_aligned_bss pud_t espfix_pud_page[PTRS_PER_PUD]
27646 - __aligned(PAGE_SIZE);
27647 +static __page_aligned_rodata pud_t espfix_pud_page[PTRS_PER_PUD];
27648 +static __page_aligned_rodata pmd_t espfix_pmd_page[PTRS_PER_PMD];
27649 +static __page_aligned_rodata pte_t espfix_pte_page[PTRS_PER_PTE];
27650 +static __page_aligned_rodata char espfix_stack_page[ESPFIX_MAX_PAGES][PAGE_SIZE];
27651
27652 static unsigned int page_random, slot_random;
27653
27654 @@ -122,10 +125,19 @@ static void init_espfix_random(void)
27655 void __init init_espfix_bsp(void)
27656 {
27657 pgd_t *pgd_p;
27658 + pud_t *pud_p;
27659 + unsigned long index = pgd_index(ESPFIX_BASE_ADDR);
27660
27661 /* Install the espfix pud into the kernel page directory */
27662 - pgd_p = &init_level4_pgt[pgd_index(ESPFIX_BASE_ADDR)];
27663 - pgd_populate(&init_mm, pgd_p, (pud_t *)espfix_pud_page);
27664 + pgd_p = &init_level4_pgt[index];
27665 + pud_p = espfix_pud_page;
27666 + paravirt_alloc_pud(&init_mm, __pa(pud_p) >> PAGE_SHIFT);
27667 + set_pgd(pgd_p, __pgd(PGTABLE_PROT | __pa(pud_p)));
27668 +
27669 +#ifdef CONFIG_PAX_PER_CPU_PGD
27670 + clone_pgd_range(get_cpu_pgd(0, kernel) + index, swapper_pg_dir + index, 1);
27671 + clone_pgd_range(get_cpu_pgd(0, user) + index, swapper_pg_dir + index, 1);
27672 +#endif
27673
27674 /* Randomize the locations */
27675 init_espfix_random();
27676 @@ -170,35 +182,39 @@ void init_espfix_ap(int cpu)
27677 pud_p = &espfix_pud_page[pud_index(addr)];
27678 pud = *pud_p;
27679 if (!pud_present(pud)) {
27680 - struct page *page = alloc_pages_node(node, PGALLOC_GFP, 0);
27681 -
27682 - pmd_p = (pmd_t *)page_address(page);
27683 + if (cpu)
27684 + pmd_p = page_address(alloc_pages_node(node, PGALLOC_GFP, 0));
27685 + else
27686 + pmd_p = espfix_pmd_page;
27687 pud = __pud(__pa(pmd_p) | (PGTABLE_PROT & ptemask));
27688 paravirt_alloc_pmd(&init_mm, __pa(pmd_p) >> PAGE_SHIFT);
27689 for (n = 0; n < ESPFIX_PUD_CLONES; n++)
27690 set_pud(&pud_p[n], pud);
27691 - }
27692 + } else
27693 + BUG_ON(!cpu);
27694
27695 pmd_p = pmd_offset(&pud, addr);
27696 pmd = *pmd_p;
27697 if (!pmd_present(pmd)) {
27698 - struct page *page = alloc_pages_node(node, PGALLOC_GFP, 0);
27699 -
27700 - pte_p = (pte_t *)page_address(page);
27701 + if (cpu)
27702 + pte_p = page_address(alloc_pages_node(node, PGALLOC_GFP, 0));
27703 + else
27704 + pte_p = espfix_pte_page;
27705 pmd = __pmd(__pa(pte_p) | (PGTABLE_PROT & ptemask));
27706 paravirt_alloc_pte(&init_mm, __pa(pte_p) >> PAGE_SHIFT);
27707 for (n = 0; n < ESPFIX_PMD_CLONES; n++)
27708 set_pmd(&pmd_p[n], pmd);
27709 - }
27710 + } else
27711 + BUG_ON(!cpu);
27712
27713 pte_p = pte_offset_kernel(&pmd, addr);
27714 - stack_page = page_address(alloc_pages_node(node, GFP_KERNEL, 0));
27715 + stack_page = espfix_stack_page[page];
27716 pte = __pte(__pa(stack_page) | (__PAGE_KERNEL_RO & ptemask));
27717 for (n = 0; n < ESPFIX_PTE_CLONES; n++)
27718 set_pte(&pte_p[n*PTE_STRIDE], pte);
27719
27720 /* Job is done for this CPU and any CPU which shares this page */
27721 - ACCESS_ONCE(espfix_pages[page]) = stack_page;
27722 + ACCESS_ONCE_RW(espfix_pages[page]) = stack_page;
27723
27724 unlock_done:
27725 mutex_unlock(&espfix_init_mutex);
27726 diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
27727 index 3fc03a0..37177e4 100644
27728 --- a/arch/x86/kernel/fpu/core.c
27729 +++ b/arch/x86/kernel/fpu/core.c
27730 @@ -135,7 +135,7 @@ void __kernel_fpu_end(void)
27731 struct fpu *fpu = &current->thread.fpu;
27732
27733 if (fpu->fpregs_active)
27734 - copy_kernel_to_fpregs(&fpu->state);
27735 + copy_kernel_to_fpregs(fpu->state);
27736 else
27737 __fpregs_deactivate_hw();
27738
27739 @@ -200,7 +200,7 @@ void fpu__save(struct fpu *fpu)
27740 if (fpu->fpregs_active) {
27741 if (!copy_fpregs_to_fpstate(fpu)) {
27742 if (use_eager_fpu())
27743 - copy_kernel_to_fpregs(&fpu->state);
27744 + copy_kernel_to_fpregs(fpu->state);
27745 else
27746 fpregs_deactivate(fpu);
27747 }
27748 @@ -260,7 +260,7 @@ int fpu__copy(struct fpu *dst_fpu, struct fpu *src_fpu)
27749 * leak into the child task:
27750 */
27751 if (use_eager_fpu())
27752 - memset(&dst_fpu->state.xsave, 0, fpu_kernel_xstate_size);
27753 + memset(&dst_fpu->state->xsave, 0, fpu_kernel_xstate_size);
27754
27755 /*
27756 * Save current FPU registers directly into the child
27757 @@ -279,11 +279,10 @@ int fpu__copy(struct fpu *dst_fpu, struct fpu *src_fpu)
27758 */
27759 preempt_disable();
27760 if (!copy_fpregs_to_fpstate(dst_fpu)) {
27761 - memcpy(&src_fpu->state, &dst_fpu->state,
27762 - fpu_kernel_xstate_size);
27763 + memcpy(src_fpu->state, dst_fpu->state, fpu_kernel_xstate_size);
27764
27765 if (use_eager_fpu())
27766 - copy_kernel_to_fpregs(&src_fpu->state);
27767 + copy_kernel_to_fpregs(src_fpu->state);
27768 else
27769 fpregs_deactivate(src_fpu);
27770 }
27771 @@ -304,7 +303,7 @@ void fpu__activate_curr(struct fpu *fpu)
27772 WARN_ON_FPU(fpu != &current->thread.fpu);
27773
27774 if (!fpu->fpstate_active) {
27775 - fpstate_init(&fpu->state);
27776 + fpstate_init(fpu->state);
27777 trace_x86_fpu_init_state(fpu);
27778
27779 trace_x86_fpu_activate_state(fpu);
27780 @@ -332,7 +331,7 @@ void fpu__activate_fpstate_read(struct fpu *fpu)
27781 fpu__save(fpu);
27782 } else {
27783 if (!fpu->fpstate_active) {
27784 - fpstate_init(&fpu->state);
27785 + fpstate_init(fpu->state);
27786 trace_x86_fpu_init_state(fpu);
27787
27788 trace_x86_fpu_activate_state(fpu);
27789 @@ -367,7 +366,7 @@ void fpu__activate_fpstate_write(struct fpu *fpu)
27790 /* Invalidate any lazy state: */
27791 fpu->last_cpu = -1;
27792 } else {
27793 - fpstate_init(&fpu->state);
27794 + fpstate_init(fpu->state);
27795 trace_x86_fpu_init_state(fpu);
27796
27797 trace_x86_fpu_activate_state(fpu);
27798 @@ -430,7 +429,7 @@ void fpu__current_fpstate_write_end(void)
27799 * an XRSTOR if they are active.
27800 */
27801 if (fpregs_active())
27802 - copy_kernel_to_fpregs(&fpu->state);
27803 + copy_kernel_to_fpregs(fpu->state);
27804
27805 /*
27806 * Our update is done and the fpregs/fpstate are in sync
27807 @@ -457,7 +456,7 @@ void fpu__restore(struct fpu *fpu)
27808 kernel_fpu_disable();
27809 trace_x86_fpu_before_restore(fpu);
27810 fpregs_activate(fpu);
27811 - copy_kernel_to_fpregs(&fpu->state);
27812 + copy_kernel_to_fpregs(fpu->state);
27813 fpu->counter++;
27814 trace_x86_fpu_after_restore(fpu);
27815 kernel_fpu_enable();
27816 @@ -550,11 +549,11 @@ int fpu__exception_code(struct fpu *fpu, int trap_nr)
27817 * fully reproduce the context of the exception.
27818 */
27819 if (boot_cpu_has(X86_FEATURE_FXSR)) {
27820 - cwd = fpu->state.fxsave.cwd;
27821 - swd = fpu->state.fxsave.swd;
27822 + cwd = fpu->state->fxsave.cwd;
27823 + swd = fpu->state->fxsave.swd;
27824 } else {
27825 - cwd = (unsigned short)fpu->state.fsave.cwd;
27826 - swd = (unsigned short)fpu->state.fsave.swd;
27827 + cwd = (unsigned short)fpu->state->fsave.cwd;
27828 + swd = (unsigned short)fpu->state->fsave.swd;
27829 }
27830
27831 err = swd & ~cwd;
27832 @@ -568,7 +567,7 @@ int fpu__exception_code(struct fpu *fpu, int trap_nr)
27833 unsigned short mxcsr = MXCSR_DEFAULT;
27834
27835 if (boot_cpu_has(X86_FEATURE_XMM))
27836 - mxcsr = fpu->state.fxsave.mxcsr;
27837 + mxcsr = fpu->state->fxsave.mxcsr;
27838
27839 err = ~(mxcsr >> 7) & mxcsr;
27840 }
27841 diff --git a/arch/x86/kernel/fpu/init.c b/arch/x86/kernel/fpu/init.c
27842 index 93982ae..086162e 100644
27843 --- a/arch/x86/kernel/fpu/init.c
27844 +++ b/arch/x86/kernel/fpu/init.c
27845 @@ -45,7 +45,7 @@ static void fpu__init_cpu_generic(void)
27846 /* Flush out any pending x87 state: */
27847 #ifdef CONFIG_MATH_EMULATION
27848 if (!boot_cpu_has(X86_FEATURE_FPU))
27849 - fpstate_init_soft(&current->thread.fpu.state.soft);
27850 + fpstate_init_soft(&current->thread.fpu.state->soft);
27851 else
27852 #endif
27853 asm volatile ("fninit");
27854 @@ -148,51 +148,7 @@ static void __init fpu__init_system_generic(void)
27855 unsigned int fpu_kernel_xstate_size;
27856 EXPORT_SYMBOL_GPL(fpu_kernel_xstate_size);
27857
27858 -/* Get alignment of the TYPE. */
27859 -#define TYPE_ALIGN(TYPE) offsetof(struct { char x; TYPE test; }, test)
27860 -
27861 -/*
27862 - * Enforce that 'MEMBER' is the last field of 'TYPE'.
27863 - *
27864 - * Align the computed size with alignment of the TYPE,
27865 - * because that's how C aligns structs.
27866 - */
27867 -#define CHECK_MEMBER_AT_END_OF(TYPE, MEMBER) \
27868 - BUILD_BUG_ON(sizeof(TYPE) != ALIGN(offsetofend(TYPE, MEMBER), \
27869 - TYPE_ALIGN(TYPE)))
27870 -
27871 -/*
27872 - * We append the 'struct fpu' to the task_struct:
27873 - */
27874 -static void __init fpu__init_task_struct_size(void)
27875 -{
27876 - int task_size = sizeof(struct task_struct);
27877 -
27878 - /*
27879 - * Subtract off the static size of the register state.
27880 - * It potentially has a bunch of padding.
27881 - */
27882 - task_size -= sizeof(((struct task_struct *)0)->thread.fpu.state);
27883 -
27884 - /*
27885 - * Add back the dynamically-calculated register state
27886 - * size.
27887 - */
27888 - task_size += fpu_kernel_xstate_size;
27889 -
27890 - /*
27891 - * We dynamically size 'struct fpu', so we require that
27892 - * it be at the end of 'thread_struct' and that
27893 - * 'thread_struct' be at the end of 'task_struct'. If
27894 - * you hit a compile error here, check the structure to
27895 - * see if something got added to the end.
27896 - */
27897 - CHECK_MEMBER_AT_END_OF(struct fpu, state);
27898 - CHECK_MEMBER_AT_END_OF(struct thread_struct, fpu);
27899 - CHECK_MEMBER_AT_END_OF(struct task_struct, thread);
27900 -
27901 - arch_task_struct_size = task_size;
27902 -}
27903 +union fpregs_state init_fpregs_state;
27904
27905 /*
27906 * Set up the user and kernel xstate sizes based on the legacy FPU context size.
27907 @@ -387,7 +343,6 @@ void __init fpu__init_system(struct cpuinfo_x86 *c)
27908 fpu__init_system_generic();
27909 fpu__init_system_xstate_size_legacy();
27910 fpu__init_system_xstate();
27911 - fpu__init_task_struct_size();
27912
27913 fpu__init_system_ctx_switch();
27914 }
27915 diff --git a/arch/x86/kernel/fpu/regset.c b/arch/x86/kernel/fpu/regset.c
27916 index c114b13..0b0d959 100644
27917 --- a/arch/x86/kernel/fpu/regset.c
27918 +++ b/arch/x86/kernel/fpu/regset.c
27919 @@ -41,7 +41,7 @@ int xfpregs_get(struct task_struct *target, const struct user_regset *regset,
27920 fpstate_sanitize_xstate(fpu);
27921
27922 return user_regset_copyout(&pos, &count, &kbuf, &ubuf,
27923 - &fpu->state.fxsave, 0, -1);
27924 + &fpu->state->fxsave, 0, -1);
27925 }
27926
27927 int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
27928 @@ -58,19 +58,19 @@ int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
27929 fpstate_sanitize_xstate(fpu);
27930
27931 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
27932 - &fpu->state.fxsave, 0, -1);
27933 + &fpu->state->fxsave, 0, -1);
27934
27935 /*
27936 * mxcsr reserved bits must be masked to zero for security reasons.
27937 */
27938 - fpu->state.fxsave.mxcsr &= mxcsr_feature_mask;
27939 + fpu->state->fxsave.mxcsr &= mxcsr_feature_mask;
27940
27941 /*
27942 * update the header bits in the xsave header, indicating the
27943 * presence of FP and SSE state.
27944 */
27945 if (boot_cpu_has(X86_FEATURE_XSAVE))
27946 - fpu->state.xsave.header.xfeatures |= XFEATURE_MASK_FPSSE;
27947 + fpu->state->xsave.header.xfeatures |= XFEATURE_MASK_FPSSE;
27948
27949 return ret;
27950 }
27951 @@ -86,7 +86,7 @@ int xstateregs_get(struct task_struct *target, const struct user_regset *regset,
27952 if (!boot_cpu_has(X86_FEATURE_XSAVE))
27953 return -ENODEV;
27954
27955 - xsave = &fpu->state.xsave;
27956 + xsave = &fpu->state->xsave;
27957
27958 fpu__activate_fpstate_read(fpu);
27959
27960 @@ -126,7 +126,7 @@ int xstateregs_set(struct task_struct *target, const struct user_regset *regset,
27961 if ((pos != 0) || (count < fpu_user_xstate_size))
27962 return -EFAULT;
27963
27964 - xsave = &fpu->state.xsave;
27965 + xsave = &fpu->state->xsave;
27966
27967 fpu__activate_fpstate_write(fpu);
27968
27969 @@ -139,7 +139,7 @@ int xstateregs_set(struct task_struct *target, const struct user_regset *regset,
27970 * In case of failure, mark all states as init:
27971 */
27972 if (ret)
27973 - fpstate_init(&fpu->state);
27974 + fpstate_init(fpu->state);
27975
27976 /*
27977 * mxcsr reserved bits must be masked to zero for security reasons.
27978 @@ -229,7 +229,7 @@ static inline u32 twd_fxsr_to_i387(struct fxregs_state *fxsave)
27979 void
27980 convert_from_fxsr(struct user_i387_ia32_struct *env, struct task_struct *tsk)
27981 {
27982 - struct fxregs_state *fxsave = &tsk->thread.fpu.state.fxsave;
27983 + struct fxregs_state *fxsave = &tsk->thread.fpu.state->fxsave;
27984 struct _fpreg *to = (struct _fpreg *) &env->st_space[0];
27985 struct _fpxreg *from = (struct _fpxreg *) &fxsave->st_space[0];
27986 int i;
27987 @@ -267,7 +267,7 @@ void convert_to_fxsr(struct task_struct *tsk,
27988 const struct user_i387_ia32_struct *env)
27989
27990 {
27991 - struct fxregs_state *fxsave = &tsk->thread.fpu.state.fxsave;
27992 + struct fxregs_state *fxsave = &tsk->thread.fpu.state->fxsave;
27993 struct _fpreg *from = (struct _fpreg *) &env->st_space[0];
27994 struct _fpxreg *to = (struct _fpxreg *) &fxsave->st_space[0];
27995 int i;
27996 @@ -305,7 +305,7 @@ int fpregs_get(struct task_struct *target, const struct user_regset *regset,
27997
27998 if (!boot_cpu_has(X86_FEATURE_FXSR))
27999 return user_regset_copyout(&pos, &count, &kbuf, &ubuf,
28000 - &fpu->state.fsave, 0,
28001 + &fpu->state->fsave, 0,
28002 -1);
28003
28004 fpstate_sanitize_xstate(fpu);
28005 @@ -336,7 +336,7 @@ int fpregs_set(struct task_struct *target, const struct user_regset *regset,
28006
28007 if (!boot_cpu_has(X86_FEATURE_FXSR))
28008 return user_regset_copyin(&pos, &count, &kbuf, &ubuf,
28009 - &fpu->state.fsave, 0,
28010 + &fpu->state->fsave, 0,
28011 -1);
28012
28013 if (pos > 0 || count < sizeof(env))
28014 @@ -351,7 +351,7 @@ int fpregs_set(struct task_struct *target, const struct user_regset *regset,
28015 * presence of FP.
28016 */
28017 if (boot_cpu_has(X86_FEATURE_XSAVE))
28018 - fpu->state.xsave.header.xfeatures |= XFEATURE_MASK_FP;
28019 + fpu->state->xsave.header.xfeatures |= XFEATURE_MASK_FP;
28020 return ret;
28021 }
28022
28023 diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
28024 index a184c21..a1731b7 100644
28025 --- a/arch/x86/kernel/fpu/signal.c
28026 +++ b/arch/x86/kernel/fpu/signal.c
28027 @@ -56,7 +56,7 @@ static inline int check_for_xstate(struct fxregs_state __user *buf,
28028 static inline int save_fsave_header(struct task_struct *tsk, void __user *buf)
28029 {
28030 if (use_fxsr()) {
28031 - struct xregs_state *xsave = &tsk->thread.fpu.state.xsave;
28032 + struct xregs_state *xsave = &tsk->thread.fpu.state->xsave;
28033 struct user_i387_ia32_struct env;
28034 struct _fpstate_32 __user *fp = buf;
28035
28036 @@ -85,19 +85,19 @@ static inline int save_xstate_epilog(void __user *buf, int ia32_frame)
28037
28038 /* Setup the bytes not touched by the [f]xsave and reserved for SW. */
28039 sw_bytes = ia32_frame ? &fx_sw_reserved_ia32 : &fx_sw_reserved;
28040 - err = __copy_to_user(&x->i387.sw_reserved, sw_bytes, sizeof(*sw_bytes));
28041 + err = __copy_to_user(x->i387.sw_reserved, sw_bytes, sizeof(*sw_bytes));
28042
28043 if (!use_xsave())
28044 return err;
28045
28046 err |= __put_user(FP_XSTATE_MAGIC2,
28047 - (__u32 *)(buf + fpu_user_xstate_size));
28048 + (__u32 __user *)(buf + fpu_user_xstate_size));
28049
28050 /*
28051 * Read the xfeatures which we copied (directly from the cpu or
28052 * from the state in task struct) to the user buffers.
28053 */
28054 - err |= __get_user(xfeatures, (__u32 *)&x->header.xfeatures);
28055 + err |= __get_user(xfeatures, (__u32 __user *)&x->header.xfeatures);
28056
28057 /*
28058 * For legacy compatible, we always set FP/SSE bits in the bit
28059 @@ -112,7 +112,7 @@ static inline int save_xstate_epilog(void __user *buf, int ia32_frame)
28060 */
28061 xfeatures |= XFEATURE_MASK_FPSSE;
28062
28063 - err |= __put_user(xfeatures, (__u32 *)&x->header.xfeatures);
28064 + err |= __put_user(xfeatures, (__u32 __user *)&x->header.xfeatures);
28065
28066 return err;
28067 }
28068 @@ -121,6 +121,7 @@ static inline int copy_fpregs_to_sigframe(struct xregs_state __user *buf)
28069 {
28070 int err;
28071
28072 + buf = (struct xregs_state __user *)____m(buf);
28073 if (use_xsave())
28074 err = copy_xregs_to_user(buf);
28075 else if (use_fxsr())
28076 @@ -155,7 +156,7 @@ static inline int copy_fpregs_to_sigframe(struct xregs_state __user *buf)
28077 */
28078 int copy_fpstate_to_sigframe(void __user *buf, void __user *buf_fx, int size)
28079 {
28080 - struct xregs_state *xsave = &current->thread.fpu.state.xsave;
28081 + struct xregs_state *xsave = &current->thread.fpu.state->xsave;
28082 struct task_struct *tsk = current;
28083 int ia32_fxstate = (buf != buf_fx);
28084
28085 @@ -209,7 +210,7 @@ sanitize_restored_xstate(struct task_struct *tsk,
28086 struct user_i387_ia32_struct *ia32_env,
28087 u64 xfeatures, int fx_only)
28088 {
28089 - struct xregs_state *xsave = &tsk->thread.fpu.state.xsave;
28090 + struct xregs_state *xsave = &tsk->thread.fpu.state->xsave;
28091 struct xstate_header *header = &xsave->header;
28092
28093 if (use_xsave()) {
28094 @@ -242,6 +243,7 @@ sanitize_restored_xstate(struct task_struct *tsk,
28095 */
28096 static inline int copy_user_to_fpregs_zeroing(void __user *buf, u64 xbv, int fx_only)
28097 {
28098 + buf = (void __user *)____m(buf);
28099 if (use_xsave()) {
28100 if ((unsigned long)buf % 64 || fx_only) {
28101 u64 init_bv = xfeatures_mask & ~XFEATURE_MASK_FPSSE;
28102 @@ -325,14 +327,14 @@ static int __fpu__restore_sig(void __user *buf, void __user *buf_fx, int size)
28103
28104 if (using_compacted_format()) {
28105 err = copyin_to_xsaves(NULL, buf_fx,
28106 - &fpu->state.xsave);
28107 + &fpu->state->xsave);
28108 } else {
28109 - err = __copy_from_user(&fpu->state.xsave,
28110 + err = __copy_from_user(&fpu->state->xsave,
28111 buf_fx, state_size);
28112 }
28113
28114 if (err || __copy_from_user(&env, buf, sizeof(env))) {
28115 - fpstate_init(&fpu->state);
28116 + fpstate_init(fpu->state);
28117 trace_x86_fpu_init_state(fpu);
28118 err = -1;
28119 } else {
28120 diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
28121 index 01567aa..4583b36 100644
28122 --- a/arch/x86/kernel/fpu/xstate.c
28123 +++ b/arch/x86/kernel/fpu/xstate.c
28124 @@ -151,14 +151,14 @@ static int xfeature_is_user(int xfeature_nr)
28125 */
28126 void fpstate_sanitize_xstate(struct fpu *fpu)
28127 {
28128 - struct fxregs_state *fx = &fpu->state.fxsave;
28129 + struct fxregs_state *fx = &fpu->state->fxsave;
28130 int feature_bit;
28131 u64 xfeatures;
28132
28133 if (!use_xsaveopt())
28134 return;
28135
28136 - xfeatures = fpu->state.xsave.header.xfeatures;
28137 + xfeatures = fpu->state->xsave.header.xfeatures;
28138
28139 /*
28140 * None of the feature bits are in init state. So nothing else
28141 @@ -863,7 +863,7 @@ const void *get_xsave_field_ptr(int xsave_state)
28142 */
28143 fpu__save(fpu);
28144
28145 - return get_xsave_addr(&fpu->state.xsave, xsave_state);
28146 + return get_xsave_addr(&fpu->state->xsave, xsave_state);
28147 }
28148
28149 #define NR_VALID_PKRU_BITS (CONFIG_NR_PROTECTION_KEYS * 2)
28150 diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
28151 index d036cfb..cb4c991 100644
28152 --- a/arch/x86/kernel/ftrace.c
28153 +++ b/arch/x86/kernel/ftrace.c
28154 @@ -89,7 +89,7 @@ static unsigned long text_ip_addr(unsigned long ip)
28155 * kernel identity mapping to modify code.
28156 */
28157 if (within(ip, (unsigned long)_text, (unsigned long)_etext))
28158 - ip = (unsigned long)__va(__pa_symbol(ip));
28159 + ip = (unsigned long)__va(__pa_symbol(ktla_ktva(ip)));
28160
28161 return ip;
28162 }
28163 @@ -105,6 +105,8 @@ ftrace_modify_code_direct(unsigned long ip, unsigned const char *old_code,
28164 {
28165 unsigned char replaced[MCOUNT_INSN_SIZE];
28166
28167 + ip = ktla_ktva(ip);
28168 +
28169 ftrace_expected = old_code;
28170
28171 /*
28172 @@ -233,7 +235,7 @@ static int update_ftrace_func(unsigned long ip, void *new)
28173 unsigned char old[MCOUNT_INSN_SIZE];
28174 int ret;
28175
28176 - memcpy(old, (void *)ip, MCOUNT_INSN_SIZE);
28177 + memcpy(old, (void *)ktla_ktva(ip), MCOUNT_INSN_SIZE);
28178
28179 ftrace_update_func = ip;
28180 /* Make sure the breakpoints see the ftrace_update_func update */
28181 @@ -314,7 +316,7 @@ static int add_break(unsigned long ip, const char *old)
28182 unsigned char replaced[MCOUNT_INSN_SIZE];
28183 unsigned char brk = BREAKPOINT_INSTRUCTION;
28184
28185 - if (probe_kernel_read(replaced, (void *)ip, MCOUNT_INSN_SIZE))
28186 + if (probe_kernel_read(replaced, (void *)ktla_ktva(ip), MCOUNT_INSN_SIZE))
28187 return -EFAULT;
28188
28189 ftrace_expected = old;
28190 @@ -681,11 +683,11 @@ static unsigned char *ftrace_jmp_replace(unsigned long ip, unsigned long addr)
28191 /* Module allocation simplifies allocating memory for code */
28192 static inline void *alloc_tramp(unsigned long size)
28193 {
28194 - return module_alloc(size);
28195 + return module_alloc_exec(size);
28196 }
28197 static inline void tramp_free(void *tramp)
28198 {
28199 - module_memfree(tramp);
28200 + module_memfree_exec(tramp);
28201 }
28202 #else
28203 /* Trampolines can only be created if modules are supported */
28204 @@ -763,7 +765,9 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
28205 *tramp_size = size + MCOUNT_INSN_SIZE + sizeof(void *);
28206
28207 /* Copy ftrace_caller onto the trampoline memory */
28208 + pax_open_kernel();
28209 ret = probe_kernel_read(trampoline, (void *)start_offset, size);
28210 + pax_close_kernel();
28211 if (WARN_ON(ret < 0)) {
28212 tramp_free(trampoline);
28213 return 0;
28214 @@ -773,6 +777,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
28215
28216 /* The trampoline ends with a jmp to ftrace_epilogue */
28217 jmp = ftrace_jmp_replace(ip, (unsigned long)ftrace_epilogue);
28218 + pax_open_kernel();
28219 memcpy(trampoline + size, jmp, MCOUNT_INSN_SIZE);
28220
28221 /*
28222 @@ -785,6 +790,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
28223
28224 ptr = (unsigned long *)(trampoline + size + MCOUNT_INSN_SIZE);
28225 *ptr = (unsigned long)ops;
28226 + pax_close_kernel();
28227
28228 op_offset -= start_offset;
28229 memcpy(&op_ptr, trampoline + op_offset, OP_REF_SIZE);
28230 @@ -802,7 +808,9 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
28231 op_ptr.offset = offset;
28232
28233 /* put in the new offset to the ftrace_ops */
28234 + pax_open_kernel();
28235 memcpy(trampoline + op_offset, &op_ptr, OP_REF_SIZE);
28236 + pax_close_kernel();
28237
28238 /* ALLOC_TRAMP flags lets us know we created it */
28239 ops->flags |= FTRACE_OPS_FL_ALLOC_TRAMP;
28240 diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
28241 index 54a2372..46504a4 100644
28242 --- a/arch/x86/kernel/head64.c
28243 +++ b/arch/x86/kernel/head64.c
28244 @@ -62,12 +62,12 @@ again:
28245 pgd = *pgd_p;
28246
28247 /*
28248 - * The use of __START_KERNEL_map rather than __PAGE_OFFSET here is
28249 - * critical -- __PAGE_OFFSET would point us back into the dynamic
28250 + * The use of __early_va rather than __va here is critical:
28251 + * __va would point us back into the dynamic
28252 * range and we might end up looping forever...
28253 */
28254 if (pgd)
28255 - pud_p = (pudval_t *)((pgd & PTE_PFN_MASK) + __START_KERNEL_map - phys_base);
28256 + pud_p = (pudval_t *)(__early_va(pgd & PTE_PFN_MASK));
28257 else {
28258 if (next_early_pgt >= EARLY_DYNAMIC_PAGE_TABLES) {
28259 reset_early_page_tables();
28260 @@ -76,13 +76,13 @@ again:
28261
28262 pud_p = (pudval_t *)early_dynamic_pgts[next_early_pgt++];
28263 memset(pud_p, 0, sizeof(*pud_p) * PTRS_PER_PUD);
28264 - *pgd_p = (pgdval_t)pud_p - __START_KERNEL_map + phys_base + _KERNPG_TABLE;
28265 + *pgd_p = (pgdval_t)__pa(pud_p) + _KERNPG_TABLE;
28266 }
28267 pud_p += pud_index(address);
28268 pud = *pud_p;
28269
28270 if (pud)
28271 - pmd_p = (pmdval_t *)((pud & PTE_PFN_MASK) + __START_KERNEL_map - phys_base);
28272 + pmd_p = (pmdval_t *)(__early_va(pud & PTE_PFN_MASK));
28273 else {
28274 if (next_early_pgt >= EARLY_DYNAMIC_PAGE_TABLES) {
28275 reset_early_page_tables();
28276 @@ -91,7 +91,7 @@ again:
28277
28278 pmd_p = (pmdval_t *)early_dynamic_pgts[next_early_pgt++];
28279 memset(pmd_p, 0, sizeof(*pmd_p) * PTRS_PER_PMD);
28280 - *pud_p = (pudval_t)pmd_p - __START_KERNEL_map + phys_base + _KERNPG_TABLE;
28281 + *pud_p = (pudval_t)__pa(pmd_p) + _KERNPG_TABLE;
28282 }
28283 pmd = (physaddr & PMD_MASK) + early_pmd_flags;
28284 pmd_p[pmd_index(address)] = pmd;
28285 @@ -155,8 +155,6 @@ asmlinkage __visible void __init x86_64_start_kernel(char * real_mode_data)
28286
28287 clear_bss();
28288
28289 - clear_page(init_level4_pgt);
28290 -
28291 kasan_early_init();
28292
28293 for (i = 0; i < NUM_EXCEPTION_VECTORS; i++)
28294 diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
28295 index 6f8902b..5d42150 100644
28296 --- a/arch/x86/kernel/head_32.S
28297 +++ b/arch/x86/kernel/head_32.S
28298 @@ -27,6 +27,12 @@
28299 /* Physical address */
28300 #define pa(X) ((X) - __PAGE_OFFSET)
28301
28302 +#ifdef CONFIG_PAX_KERNEXEC
28303 +#define ta(X) (X)
28304 +#else
28305 +#define ta(X) ((X) - __PAGE_OFFSET)
28306 +#endif
28307 +
28308 /*
28309 * References to members of the new_cpu_data structure.
28310 */
28311 @@ -56,11 +62,7 @@
28312 * and small than max_low_pfn, otherwise will waste some page table entries
28313 */
28314
28315 -#if PTRS_PER_PMD > 1
28316 -#define PAGE_TABLE_SIZE(pages) (((pages) / PTRS_PER_PMD) + PTRS_PER_PGD)
28317 -#else
28318 -#define PAGE_TABLE_SIZE(pages) ((pages) / PTRS_PER_PGD)
28319 -#endif
28320 +#define PAGE_TABLE_SIZE(pages) ((pages) / PTRS_PER_PTE)
28321
28322 /*
28323 * Number of possible pages in the lowmem region.
28324 @@ -86,6 +88,12 @@ INIT_MAP_SIZE = PAGE_TABLE_SIZE(KERNEL_PAGES) * PAGE_SIZE
28325 RESERVE_BRK(pagetables, INIT_MAP_SIZE)
28326
28327 /*
28328 + * Real beginning of normal "text" segment
28329 + */
28330 +ENTRY(stext)
28331 +ENTRY(_stext)
28332 +
28333 +/*
28334 * 32-bit kernel entrypoint; only used by the boot CPU. On entry,
28335 * %esi points to the real-mode code as a 32-bit pointer.
28336 * CS and DS must be 4 GB flat segments, but we don't depend on
28337 @@ -93,6 +101,13 @@ RESERVE_BRK(pagetables, INIT_MAP_SIZE)
28338 * can.
28339 */
28340 __HEAD
28341 +
28342 +#ifdef CONFIG_PAX_KERNEXEC
28343 + jmp startup_32
28344 +/* PaX: fill first page in .text with int3 to catch NULL derefs in kernel mode */
28345 +.fill PAGE_SIZE-5,1,0xcc
28346 +#endif
28347 +
28348 ENTRY(startup_32)
28349 movl pa(stack_start),%ecx
28350
28351 @@ -114,6 +129,66 @@ ENTRY(startup_32)
28352 2:
28353 leal -__PAGE_OFFSET(%ecx),%esp
28354
28355 +#ifdef CONFIG_SMP
28356 + movl $pa(cpu_gdt_table),%edi
28357 + movl $__per_cpu_load,%eax
28358 + movw %ax,GDT_ENTRY_PERCPU * 8 + 2(%edi)
28359 + rorl $16,%eax
28360 + movb %al,GDT_ENTRY_PERCPU * 8 + 4(%edi)
28361 + movb %ah,GDT_ENTRY_PERCPU * 8 + 7(%edi)
28362 + movl $__per_cpu_end - 1,%eax
28363 + subl $__per_cpu_start,%eax
28364 + cmpl $0x100000,%eax
28365 + jb 1f
28366 + shrl $PAGE_SHIFT,%eax
28367 + orb $0x80,GDT_ENTRY_PERCPU * 8 + 6(%edi)
28368 +1:
28369 + movw %ax,GDT_ENTRY_PERCPU * 8 + 0(%edi)
28370 + shrl $16,%eax
28371 + orb %al,GDT_ENTRY_PERCPU * 8 + 6(%edi)
28372 +#endif
28373 +
28374 +#ifdef CONFIG_PAX_MEMORY_UDEREF
28375 + movl $NR_CPUS,%ecx
28376 + movl $pa(cpu_gdt_table),%edi
28377 +1:
28378 + movl $((((__PAGE_OFFSET-1) & 0xf0000000) >> 12) | 0x00c09700),GDT_ENTRY_KERNEL_DS * 8 + 4(%edi)
28379 + movl $((((__PAGE_OFFSET-1) & 0xf0000000) >> 12) | 0x00c0fb00),GDT_ENTRY_DEFAULT_USER_CS * 8 + 4(%edi)
28380 + movl $((((__PAGE_OFFSET-1) & 0xf0000000) >> 12) | 0x00c0f300),GDT_ENTRY_DEFAULT_USER_DS * 8 + 4(%edi)
28381 + addl $PAGE_SIZE_asm,%edi
28382 + loop 1b
28383 +#endif
28384 +
28385 +#ifdef CONFIG_PAX_KERNEXEC
28386 + movl $pa(boot_gdt),%edi
28387 + movl $__LOAD_PHYSICAL_ADDR,%eax
28388 + movw %ax,GDT_ENTRY_BOOT_CS * 8 + 2(%edi)
28389 + rorl $16,%eax
28390 + movb %al,GDT_ENTRY_BOOT_CS * 8 + 4(%edi)
28391 + movb %ah,GDT_ENTRY_BOOT_CS * 8 + 7(%edi)
28392 + rorl $16,%eax
28393 +
28394 + ljmp $(__BOOT_CS),$1f
28395 +1:
28396 +
28397 + movl $NR_CPUS,%ecx
28398 + movl $pa(cpu_gdt_table),%edi
28399 + addl $__PAGE_OFFSET,%eax
28400 +1:
28401 + movb $0xc0,GDT_ENTRY_KERNEL_CS * 8 + 6(%edi)
28402 + movb $0xc0,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 6(%edi)
28403 + movw %ax,GDT_ENTRY_KERNEL_CS * 8 + 2(%edi)
28404 + movw %ax,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 2(%edi)
28405 + rorl $16,%eax
28406 + movb %al,GDT_ENTRY_KERNEL_CS * 8 + 4(%edi)
28407 + movb %al,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 4(%edi)
28408 + movb %ah,GDT_ENTRY_KERNEL_CS * 8 + 7(%edi)
28409 + movb %ah,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 7(%edi)
28410 + rorl $16,%eax
28411 + addl $PAGE_SIZE_asm,%edi
28412 + loop 1b
28413 +#endif
28414 +
28415 /*
28416 * Clear BSS first so that there are no surprises...
28417 */
28418 @@ -209,8 +284,11 @@ ENTRY(startup_32)
28419 movl %eax, pa(max_pfn_mapped)
28420
28421 /* Do early initialization of the fixmap area */
28422 - movl $pa(initial_pg_fixmap)+PDE_IDENT_ATTR,%eax
28423 - movl %eax,pa(initial_pg_pmd+0x1000*KPMDS-8)
28424 +#ifdef CONFIG_COMPAT_VDSO
28425 + movl $pa(initial_pg_fixmap)+PDE_IDENT_ATTR+_PAGE_USER,pa(initial_pg_pmd+0x1000*KPMDS-8)
28426 +#else
28427 + movl $pa(initial_pg_fixmap)+PDE_IDENT_ATTR,pa(initial_pg_pmd+0x1000*KPMDS-8)
28428 +#endif
28429 #else /* Not PAE */
28430
28431 page_pde_offset = (__PAGE_OFFSET >> 20);
28432 @@ -240,8 +318,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
28433 movl %eax, pa(max_pfn_mapped)
28434
28435 /* Do early initialization of the fixmap area */
28436 - movl $pa(initial_pg_fixmap)+PDE_IDENT_ATTR,%eax
28437 - movl %eax,pa(initial_page_table+0xffc)
28438 +#ifdef CONFIG_COMPAT_VDSO
28439 + movl $pa(initial_pg_fixmap)+PDE_IDENT_ATTR+_PAGE_USER,pa(initial_page_table+0xffc)
28440 +#else
28441 + movl $pa(initial_pg_fixmap)+PDE_IDENT_ATTR,pa(initial_page_table+0xffc)
28442 +#endif
28443 #endif
28444
28445 #ifdef CONFIG_PARAVIRT
28446 @@ -255,9 +336,7 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
28447 cmpl $num_subarch_entries, %eax
28448 jae bad_subarch
28449
28450 - movl pa(subarch_entries)(,%eax,4), %eax
28451 - subl $__PAGE_OFFSET, %eax
28452 - jmp *%eax
28453 + jmp *pa(subarch_entries)(,%eax,4)
28454
28455 bad_subarch:
28456 WEAK(lguest_entry)
28457 @@ -269,10 +348,10 @@ WEAK(xen_entry)
28458 __INITDATA
28459
28460 subarch_entries:
28461 - .long default_entry /* normal x86/PC */
28462 - .long lguest_entry /* lguest hypervisor */
28463 - .long xen_entry /* Xen hypervisor */
28464 - .long default_entry /* Moorestown MID */
28465 + .long ta(default_entry) /* normal x86/PC */
28466 + .long ta(lguest_entry) /* lguest hypervisor */
28467 + .long ta(xen_entry) /* Xen hypervisor */
28468 + .long ta(default_entry) /* Moorestown MID */
28469 num_subarch_entries = (. - subarch_entries) / 4
28470 .previous
28471 #else
28472 @@ -361,6 +440,7 @@ default_entry:
28473 movl pa(mmu_cr4_features),%eax
28474 movl %eax,%cr4
28475
28476 +#ifdef CONFIG_X86_PAE
28477 testb $X86_CR4_PAE, %al # check if PAE is enabled
28478 jz enable_paging
28479
28480 @@ -389,6 +469,9 @@ default_entry:
28481 /* Make changes effective */
28482 wrmsr
28483
28484 + btsl $_PAGE_BIT_NX-32,pa(__supported_pte_mask+4)
28485 +#endif
28486 +
28487 enable_paging:
28488
28489 /*
28490 @@ -456,14 +539,20 @@ is486:
28491 1: movl $(__KERNEL_DS),%eax # reload all the segment registers
28492 movl %eax,%ss # after changing gdt.
28493
28494 - movl $(__USER_DS),%eax # DS/ES contains default USER segment
28495 +# movl $(__KERNEL_DS),%eax # DS/ES contains default KERNEL segment
28496 movl %eax,%ds
28497 movl %eax,%es
28498
28499 movl $(__KERNEL_PERCPU), %eax
28500 movl %eax,%fs # set this cpu's percpu
28501
28502 +#ifdef CONFIG_CC_STACKPROTECTOR
28503 movl $(__KERNEL_STACK_CANARY),%eax
28504 +#elif defined(CONFIG_PAX_MEMORY_UDEREF)
28505 + movl $(__USER_DS),%eax
28506 +#else
28507 + xorl %eax,%eax
28508 +#endif
28509 movl %eax,%gs
28510
28511 xorl %eax,%eax # Clear LDT
28512 @@ -520,8 +609,11 @@ setup_once:
28513 * relocation. Manually set base address in stack canary
28514 * segment descriptor.
28515 */
28516 - movl $gdt_page,%eax
28517 + movl $cpu_gdt_table,%eax
28518 movl $stack_canary,%ecx
28519 +#ifdef CONFIG_SMP
28520 + addl $__per_cpu_load,%ecx
28521 +#endif
28522 movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax)
28523 shrl $16, %ecx
28524 movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax)
28525 @@ -608,8 +700,11 @@ ENDPROC(early_idt_handler_common)
28526 /* This is the default interrupt "handler" :-) */
28527 ALIGN
28528 ignore_int:
28529 - cld
28530 #ifdef CONFIG_PRINTK
28531 + cmpl $2,%ss:early_recursion_flag
28532 + je hlt_loop
28533 + incl %ss:early_recursion_flag
28534 + cld
28535 pushl %eax
28536 pushl %ecx
28537 pushl %edx
28538 @@ -618,9 +713,6 @@ ignore_int:
28539 movl $(__KERNEL_DS),%eax
28540 movl %eax,%ds
28541 movl %eax,%es
28542 - cmpl $2,early_recursion_flag
28543 - je hlt_loop
28544 - incl early_recursion_flag
28545 pushl 16(%esp)
28546 pushl 24(%esp)
28547 pushl 32(%esp)
28548 @@ -655,11 +747,8 @@ ENTRY(initial_code)
28549 ENTRY(setup_once_ref)
28550 .long setup_once
28551
28552 -/*
28553 - * BSS section
28554 - */
28555 -__PAGE_ALIGNED_BSS
28556 - .align PAGE_SIZE
28557 +__READ_ONLY
28558 + .balign PAGE_SIZE
28559 #ifdef CONFIG_X86_PAE
28560 initial_pg_pmd:
28561 .fill 1024*KPMDS,4,0
28562 @@ -672,15 +761,18 @@ initial_pg_fixmap:
28563 ENTRY(empty_zero_page)
28564 .fill 4096,1,0
28565 ENTRY(swapper_pg_dir)
28566 - .fill 1024,4,0
28567 +#ifdef CONFIG_X86_PAE
28568 + .fill PTRS_PER_PGD,8,0
28569 +#else
28570 + .fill PTRS_PER_PGD,4,0
28571 +#endif
28572
28573 /*
28574 * This starts the data section.
28575 */
28576 #ifdef CONFIG_X86_PAE
28577 -__PAGE_ALIGNED_DATA
28578 - /* Page-aligned for the benefit of paravirt? */
28579 - .align PAGE_SIZE
28580 +__READ_ONLY
28581 + .balign PAGE_SIZE
28582 ENTRY(initial_page_table)
28583 .long pa(initial_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
28584 # if KPMDS == 3
28585 @@ -698,13 +790,21 @@ ENTRY(initial_page_table)
28586 # else
28587 # error "Kernel PMDs should be 1, 2 or 3"
28588 # endif
28589 - .align PAGE_SIZE /* needs to be page-sized too */
28590 + .balign PAGE_SIZE /* needs to be page-sized too */
28591 +
28592 +# ifdef CONFIG_PAX_PER_CPU_PGD
28593 +ENTRY(cpu_pgd)
28594 + .rept 2*NR_CPUS
28595 + .fill PTRS_PER_PGD,8,0
28596 + .endr
28597 +# endif
28598 +
28599 #endif
28600
28601 .data
28602 .balign 4
28603 ENTRY(stack_start)
28604 - .long init_thread_union+THREAD_SIZE
28605 + .long init_thread_union+THREAD_SIZE-8
28606
28607 __INITRODATA
28608 int_msg:
28609 @@ -719,7 +819,7 @@ int_msg:
28610 * segment size, and 32-bit linear address value:
28611 */
28612
28613 - .data
28614 +__READ_ONLY
28615 .globl boot_gdt_descr
28616 .globl idt_descr
28617
28618 @@ -728,7 +828,7 @@ int_msg:
28619 .word 0 # 32 bit align gdt_desc.address
28620 boot_gdt_descr:
28621 .word __BOOT_DS+7
28622 - .long boot_gdt - __PAGE_OFFSET
28623 + .long pa(boot_gdt)
28624
28625 .word 0 # 32-bit align idt_desc.address
28626 idt_descr:
28627 @@ -739,7 +839,7 @@ idt_descr:
28628 .word 0 # 32 bit align gdt_desc.address
28629 ENTRY(early_gdt_descr)
28630 .word GDT_ENTRIES*8-1
28631 - .long gdt_page /* Overwritten for secondary CPUs */
28632 + .long cpu_gdt_table /* Overwritten for secondary CPUs */
28633
28634 /*
28635 * The boot_gdt must mirror the equivalent in setup.S and is
28636 @@ -748,5 +848,65 @@ ENTRY(early_gdt_descr)
28637 .align L1_CACHE_BYTES
28638 ENTRY(boot_gdt)
28639 .fill GDT_ENTRY_BOOT_CS,8,0
28640 - .quad 0x00cf9a000000ffff /* kernel 4GB code at 0x00000000 */
28641 - .quad 0x00cf92000000ffff /* kernel 4GB data at 0x00000000 */
28642 + .quad 0x00cf9b000000ffff /* kernel 4GB code at 0x00000000 */
28643 + .quad 0x00cf93000000ffff /* kernel 4GB data at 0x00000000 */
28644 +
28645 + .align PAGE_SIZE_asm
28646 +ENTRY(cpu_gdt_table)
28647 + .rept NR_CPUS
28648 + .quad 0x0000000000000000 /* NULL descriptor */
28649 + .quad 0x0000000000000000 /* 0x0b reserved */
28650 + .quad 0x0000000000000000 /* 0x13 reserved */
28651 + .quad 0x0000000000000000 /* 0x1b reserved */
28652 +
28653 +#ifdef CONFIG_PAX_KERNEXEC
28654 + .quad 0x00cf9b000000ffff /* 0x20 alternate kernel 4GB code at 0x00000000 */
28655 +#else
28656 + .quad 0x0000000000000000 /* 0x20 unused */
28657 +#endif
28658 +
28659 + .quad 0x0000000000000000 /* 0x28 unused */
28660 + .quad 0x0000000000000000 /* 0x33 TLS entry 1 */
28661 + .quad 0x0000000000000000 /* 0x3b TLS entry 2 */
28662 + .quad 0x0000000000000000 /* 0x43 TLS entry 3 */
28663 + .quad 0x0000000000000000 /* 0x4b reserved */
28664 + .quad 0x0000000000000000 /* 0x53 reserved */
28665 + .quad 0x0000000000000000 /* 0x5b reserved */
28666 +
28667 + .quad 0x00cf9b000000ffff /* 0x60 kernel 4GB code at 0x00000000 */
28668 + .quad 0x00cf93000000ffff /* 0x68 kernel 4GB data at 0x00000000 */
28669 + .quad 0x00cffb000000ffff /* 0x73 user 4GB code at 0x00000000 */
28670 + .quad 0x00cff3000000ffff /* 0x7b user 4GB data at 0x00000000 */
28671 +
28672 + .quad 0x0000000000000000 /* 0x80 TSS descriptor */
28673 + .quad 0x0000000000000000 /* 0x88 LDT descriptor */
28674 +
28675 + /*
28676 + * Segments used for calling PnP BIOS have byte granularity.
28677 + * The code segments and data segments have fixed 64k limits,
28678 + * the transfer segment sizes are set at run time.
28679 + */
28680 + .quad 0x00409b000000ffff /* 0x90 32-bit code */
28681 + .quad 0x00009b000000ffff /* 0x98 16-bit code */
28682 + .quad 0x000093000000ffff /* 0xa0 16-bit data */
28683 + .quad 0x0000930000000000 /* 0xa8 16-bit data */
28684 + .quad 0x0000930000000000 /* 0xb0 16-bit data */
28685 +
28686 + /*
28687 + * The APM segments have byte granularity and their bases
28688 + * are set at run time. All have 64k limits.
28689 + */
28690 + .quad 0x00409b000000ffff /* 0xb8 APM CS code */
28691 + .quad 0x00009b000000ffff /* 0xc0 APM CS 16 code (16 bit) */
28692 + .quad 0x004093000000ffff /* 0xc8 APM DS data */
28693 +
28694 + .quad 0x00c093000000ffff /* 0xd0 - ESPFIX SS */
28695 + .quad 0x0040930000000000 /* 0xd8 - PERCPU */
28696 + .quad 0x0040910000000017 /* 0xe0 - STACK_CANARY */
28697 + .quad 0x0000000000000000 /* 0xe8 - PCIBIOS_CS */
28698 + .quad 0x0000000000000000 /* 0xf0 - PCIBIOS_DS */
28699 + .quad 0x0000000000000000 /* 0xf8 - GDT entry 31: double-fault TSS */
28700 +
28701 + /* Be sure this is zeroed to avoid false validations in Xen */
28702 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0
28703 + .endr
28704 diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
28705 index 9f8efc9..e1942f9 100644
28706 --- a/arch/x86/kernel/head_64.S
28707 +++ b/arch/x86/kernel/head_64.S
28708 @@ -20,6 +20,8 @@
28709 #include <asm/processor-flags.h>
28710 #include <asm/percpu.h>
28711 #include <asm/nops.h>
28712 +#include <asm/cpufeatures.h>
28713 +#include <asm/alternative-asm.h>
28714 #include "../entry/calling.h"
28715
28716 #ifdef CONFIG_PARAVIRT
28717 @@ -41,6 +43,12 @@
28718 L4_PAGE_OFFSET = pgd_index(__PAGE_OFFSET_BASE)
28719 L4_START_KERNEL = pgd_index(__START_KERNEL_map)
28720 L3_START_KERNEL = pud_index(__START_KERNEL_map)
28721 +L4_VMALLOC_START = pgd_index(VMALLOC_START)
28722 +L3_VMALLOC_START = pud_index(VMALLOC_START)
28723 +L4_VMALLOC_END = pgd_index(VMALLOC_END)
28724 +L3_VMALLOC_END = pud_index(VMALLOC_END)
28725 +L4_VMEMMAP_START = pgd_index(VMEMMAP_START)
28726 +L3_VMEMMAP_START = pud_index(VMEMMAP_START)
28727
28728 .text
28729 __HEAD
28730 @@ -98,11 +106,36 @@ startup_64:
28731 * Fixup the physical addresses in the page table
28732 */
28733 addq %rbp, early_level4_pgt + (L4_START_KERNEL*8)(%rip)
28734 + addq %rbp, init_level4_pgt + (L4_PAGE_OFFSET*8)(%rip)
28735 + addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8)(%rip)
28736 + addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8) + 8(%rip)
28737 + addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8) + 16(%rip)
28738 + addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8) + 24(%rip)
28739 + addq %rbp, init_level4_pgt + (L4_VMALLOC_END*8)(%rip)
28740 + addq %rbp, init_level4_pgt + (L4_VMEMMAP_START*8)(%rip)
28741 + addq %rbp, init_level4_pgt + (L4_START_KERNEL*8)(%rip)
28742
28743 - addq %rbp, level3_kernel_pgt + (510*8)(%rip)
28744 - addq %rbp, level3_kernel_pgt + (511*8)(%rip)
28745 + addq %rbp, level3_ident_pgt + (0*8)(%rip)
28746 +#ifndef CONFIG_XEN
28747 + addq %rbp, level3_ident_pgt + (1*8)(%rip)
28748 +#endif
28749
28750 + addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip)
28751 +
28752 + addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip)
28753 + addq %rbp, level3_kernel_pgt + ((L3_START_KERNEL+1)*8)(%rip)
28754 +
28755 + addq %rbp, level2_ident_pgt + (0*8)(%rip)
28756 +
28757 + addq %rbp, level2_fixmap_pgt + (0*8)(%rip)
28758 + addq %rbp, level2_fixmap_pgt + (1*8)(%rip)
28759 + addq %rbp, level2_fixmap_pgt + (2*8)(%rip)
28760 + addq %rbp, level2_fixmap_pgt + (3*8)(%rip)
28761 +
28762 + addq %rbp, level2_fixmap_pgt + (504*8)(%rip)
28763 + addq %rbp, level2_fixmap_pgt + (505*8)(%rip)
28764 addq %rbp, level2_fixmap_pgt + (506*8)(%rip)
28765 + addq %rbp, level2_fixmap_pgt + (507*8)(%rip)
28766
28767 /*
28768 * Set up the identity mapping for the switchover. These
28769 @@ -186,11 +219,12 @@ ENTRY(secondary_startup_64)
28770 /* Sanitize CPU configuration */
28771 call verify_cpu
28772
28773 + orq $-1, %rbp
28774 movq $(init_level4_pgt - __START_KERNEL_map), %rax
28775 1:
28776
28777 - /* Enable PAE mode and PGE */
28778 - movl $(X86_CR4_PAE | X86_CR4_PGE), %ecx
28779 + /* Enable PAE mode and PSE/PGE */
28780 + movl $(X86_CR4_PSE | X86_CR4_PAE | X86_CR4_PGE), %ecx
28781 movq %rcx, %cr4
28782
28783 /* Setup early boot stage 4 level pagetables. */
28784 @@ -211,10 +245,24 @@ ENTRY(secondary_startup_64)
28785 movl $MSR_EFER, %ecx
28786 rdmsr
28787 btsl $_EFER_SCE, %eax /* Enable System Call */
28788 - btl $20,%edi /* No Execute supported? */
28789 + btl $(X86_FEATURE_NX & 31),%edi /* No Execute supported? */
28790 jnc 1f
28791 btsl $_EFER_NX, %eax
28792 + cmpq $-1, %rbp
28793 + je 1f
28794 btsq $_PAGE_BIT_NX,early_pmd_flags(%rip)
28795 + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_PAGE_OFFSET(%rip)
28796 + btsq $_PAGE_BIT_NX, init_level4_pgt + (8*L4_VMALLOC_START)(%rip)
28797 + btsq $_PAGE_BIT_NX, init_level4_pgt + (8*L4_VMALLOC_START) + 8(%rip)
28798 + btsq $_PAGE_BIT_NX, init_level4_pgt + (8*L4_VMALLOC_START) + 16(%rip)
28799 + btsq $_PAGE_BIT_NX, init_level4_pgt + (8*L4_VMALLOC_START) + 24(%rip)
28800 + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMALLOC_END(%rip)
28801 + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMEMMAP_START(%rip)
28802 + btsq $_PAGE_BIT_NX, level2_fixmap_pgt + 8*504(%rip)
28803 + btsq $_PAGE_BIT_NX, level2_fixmap_pgt + 8*505(%rip)
28804 + btsq $_PAGE_BIT_NX, level2_fixmap_pgt + 8*506(%rip)
28805 + btsq $_PAGE_BIT_NX, level2_fixmap_pgt + 8*507(%rip)
28806 + btsq $_PAGE_BIT_NX, __supported_pte_mask(%rip)
28807 1: wrmsr /* Make changes effective */
28808
28809 /* Setup cr0 */
28810 @@ -294,6 +342,7 @@ ENTRY(secondary_startup_64)
28811 * REX.W + FF /5 JMP m16:64 Jump far, absolute indirect,
28812 * address given in m16:64.
28813 */
28814 + pax_set_fptr_mask
28815 movq initial_code(%rip),%rax
28816 pushq $0 # fake return address to stop unwinder
28817 pushq $__KERNEL_CS # set correct cs
28818 @@ -328,7 +377,7 @@ ENDPROC(start_cpu0)
28819 .quad INIT_PER_CPU_VAR(irq_stack_union)
28820
28821 GLOBAL(stack_start)
28822 - .quad init_thread_union+THREAD_SIZE-8
28823 + .quad init_thread_union+THREAD_SIZE-16
28824 .word 0
28825 __FINITDATA
28826
28827 @@ -417,40 +466,70 @@ GLOBAL(name)
28828 __INITDATA
28829 NEXT_PAGE(early_level4_pgt)
28830 .fill 511,8,0
28831 - .quad level3_kernel_pgt - __START_KERNEL_map + _PAGE_TABLE
28832 + .quad level3_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE
28833
28834 NEXT_PAGE(early_dynamic_pgts)
28835 .fill 512*EARLY_DYNAMIC_PAGE_TABLES,8,0
28836
28837 - .data
28838 + __READ_ONLY
28839
28840 -#ifndef CONFIG_XEN
28841 NEXT_PAGE(init_level4_pgt)
28842 - .fill 512,8,0
28843 -#else
28844 -NEXT_PAGE(init_level4_pgt)
28845 - .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
28846 .org init_level4_pgt + L4_PAGE_OFFSET*8, 0
28847 .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
28848 + .org init_level4_pgt + L4_VMALLOC_START*8, 0
28849 + .quad level3_vmalloc_start_pgt - __START_KERNEL_map + PAGE_SIZE*0 + _KERNPG_TABLE
28850 + .quad level3_vmalloc_start_pgt - __START_KERNEL_map + PAGE_SIZE*1 + _KERNPG_TABLE
28851 + .quad level3_vmalloc_start_pgt - __START_KERNEL_map + PAGE_SIZE*2 + _KERNPG_TABLE
28852 + .quad level3_vmalloc_start_pgt - __START_KERNEL_map + PAGE_SIZE*3 + _KERNPG_TABLE
28853 + .org init_level4_pgt + L4_VMALLOC_END*8, 0
28854 + .quad level3_vmalloc_end_pgt - __START_KERNEL_map + _KERNPG_TABLE
28855 + .org init_level4_pgt + L4_VMEMMAP_START*8, 0
28856 + .quad level3_vmemmap_pgt - __START_KERNEL_map + _KERNPG_TABLE
28857 .org init_level4_pgt + L4_START_KERNEL*8, 0
28858 /* (2^48-(2*1024*1024*1024))/(2^39) = 511 */
28859 - .quad level3_kernel_pgt - __START_KERNEL_map + _PAGE_TABLE
28860 + .quad level3_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE
28861 +
28862 +#ifdef CONFIG_PAX_PER_CPU_PGD
28863 +NEXT_PAGE(cpu_pgd)
28864 + .rept 2*NR_CPUS
28865 + .fill 512,8,0
28866 + .endr
28867 +#endif
28868
28869 NEXT_PAGE(level3_ident_pgt)
28870 .quad level2_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
28871 +#ifdef CONFIG_XEN
28872 .fill 511, 8, 0
28873 +#else
28874 + .quad level2_ident_pgt + PAGE_SIZE - __START_KERNEL_map + _KERNPG_TABLE
28875 + .fill 510,8,0
28876 +#endif
28877 +
28878 +NEXT_PAGE(level3_vmalloc_start_pgt)
28879 + .fill 4*512,8,0
28880 +
28881 +NEXT_PAGE(level3_vmalloc_end_pgt)
28882 + .fill 512,8,0
28883 +
28884 +NEXT_PAGE(level3_vmemmap_pgt)
28885 + .fill L3_VMEMMAP_START,8,0
28886 + .quad level2_vmemmap_pgt - __START_KERNEL_map + _KERNPG_TABLE
28887 +
28888 NEXT_PAGE(level2_ident_pgt)
28889 - /* Since I easily can, map the first 1G.
28890 + .quad level1_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
28891 + /* Since I easily can, map the first 2G.
28892 * Don't set NX because code runs from these pages.
28893 */
28894 - PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, PTRS_PER_PMD)
28895 -#endif
28896 + PMDS(PMD_SIZE, __PAGE_KERNEL_IDENT_LARGE_EXEC, 2*PTRS_PER_PMD - 1)
28897
28898 NEXT_PAGE(level3_kernel_pgt)
28899 .fill L3_START_KERNEL,8,0
28900 /* (2^48-(2*1024*1024*1024)-((2^39)*511))/(2^30) = 510 */
28901 .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE
28902 - .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
28903 + .quad level2_fixmap_pgt - __START_KERNEL_map + _KERNPG_TABLE
28904 +
28905 +NEXT_PAGE(level2_vmemmap_pgt)
28906 + .fill 512,8,0
28907
28908 NEXT_PAGE(level2_kernel_pgt)
28909 /*
28910 @@ -467,31 +546,79 @@ NEXT_PAGE(level2_kernel_pgt)
28911 KERNEL_IMAGE_SIZE/PMD_SIZE)
28912
28913 NEXT_PAGE(level2_fixmap_pgt)
28914 - .fill 506,8,0
28915 - .quad level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
28916 - /* 8MB reserved for vsyscalls + a 2MB hole = 4 + 1 entries */
28917 - .fill 5,8,0
28918 + .quad level1_modules_pgt - __START_KERNEL_map + 0 * PAGE_SIZE + _KERNPG_TABLE
28919 + .quad level1_modules_pgt - __START_KERNEL_map + 1 * PAGE_SIZE + _KERNPG_TABLE
28920 + .quad level1_modules_pgt - __START_KERNEL_map + 2 * PAGE_SIZE + _KERNPG_TABLE
28921 + .quad level1_modules_pgt - __START_KERNEL_map + 3 * PAGE_SIZE + _KERNPG_TABLE
28922 + .fill 500,8,0
28923 + .quad level1_fixmap_pgt - __START_KERNEL_map + 0 * PAGE_SIZE + _KERNPG_TABLE
28924 + .quad level1_fixmap_pgt - __START_KERNEL_map + 1 * PAGE_SIZE + _KERNPG_TABLE
28925 + .quad level1_fixmap_pgt - __START_KERNEL_map + 2 * PAGE_SIZE + _KERNPG_TABLE
28926 + .quad level1_vsyscall_pgt - __START_KERNEL_map + _KERNPG_TABLE
28927 + /* 6MB reserved for vsyscalls + a 2MB hole = 3 + 1 entries */
28928 + .fill 4,8,0
28929 +
28930 +NEXT_PAGE(level1_ident_pgt)
28931 + .fill 512,8,0
28932 +
28933 +NEXT_PAGE(level1_modules_pgt)
28934 + .fill 4*512,8,0
28935
28936 NEXT_PAGE(level1_fixmap_pgt)
28937 + .fill 3*512,8,0
28938 +
28939 +NEXT_PAGE(level1_vsyscall_pgt)
28940 .fill 512,8,0
28941
28942 #undef PMDS
28943
28944 - .data
28945 + .align PAGE_SIZE
28946 +ENTRY(cpu_gdt_table)
28947 + .rept NR_CPUS
28948 + .quad 0x0000000000000000 /* NULL descriptor */
28949 + .quad 0x00cf9b000000ffff /* __KERNEL32_CS */
28950 + .quad 0x00af9b000000ffff /* __KERNEL_CS */
28951 + .quad 0x00cf93000000ffff /* __KERNEL_DS */
28952 + .quad 0x00cffb000000ffff /* __USER32_CS */
28953 + .quad 0x00cff3000000ffff /* __USER_DS, __USER32_DS */
28954 + .quad 0x00affb000000ffff /* __USER_CS */
28955 +
28956 +#ifdef CONFIG_PAX_KERNEXEC
28957 + .quad 0x00af9b000000ffff /* __KERNEXEC_KERNEL_CS */
28958 +#else
28959 + .quad 0x0 /* unused */
28960 +#endif
28961 +
28962 + .quad 0,0 /* TSS */
28963 + .quad 0,0 /* LDT */
28964 + .quad 0,0,0 /* three TLS descriptors */
28965 + .quad 0x0000f40000000000 /* node/CPU stored in limit */
28966 + /* asm/segment.h:GDT_ENTRIES must match this */
28967 +
28968 +#ifdef CONFIG_PAX_MEMORY_UDEREF
28969 + .quad 0x00cf93000000ffff /* __UDEREF_KERNEL_DS */
28970 +#else
28971 + .quad 0x0 /* unused */
28972 +#endif
28973 +
28974 + /* zero the remaining page */
28975 + .fill PAGE_SIZE / 8 - GDT_ENTRIES,8,0
28976 + .endr
28977 +
28978 .align 16
28979 .globl early_gdt_descr
28980 early_gdt_descr:
28981 .word GDT_ENTRIES*8-1
28982 early_gdt_descr_base:
28983 - .quad INIT_PER_CPU_VAR(gdt_page)
28984 + .quad cpu_gdt_table
28985
28986 ENTRY(phys_base)
28987 /* This must match the first entry in level2_kernel_pgt */
28988 .quad 0x0000000000000000
28989
28990 #include "../../x86/xen/xen-head.S"
28991 -
28992 - __PAGE_ALIGNED_BSS
28993 +
28994 + .section .rodata,"a",@progbits
28995 NEXT_PAGE(empty_zero_page)
28996 .skip PAGE_SIZE
28997
28998 diff --git a/arch/x86/kernel/hpet.c b/arch/x86/kernel/hpet.c
28999 index c6dfd80..5df5ed1 100644
29000 --- a/arch/x86/kernel/hpet.c
29001 +++ b/arch/x86/kernel/hpet.c
29002 @@ -136,7 +136,7 @@ int is_hpet_enabled(void)
29003 }
29004 EXPORT_SYMBOL_GPL(is_hpet_enabled);
29005
29006 -static void _hpet_print_config(const char *function, int line)
29007 +static void __nocapture(1) _hpet_print_config(const char *function, int line)
29008 {
29009 u32 i, timers, l, h;
29010 printk(KERN_INFO "hpet: %s(%d):\n", function, line);
29011 diff --git a/arch/x86/kernel/i386_ksyms_32.c b/arch/x86/kernel/i386_ksyms_32.c
29012 index 1f9b878..895e3ed 100644
29013 --- a/arch/x86/kernel/i386_ksyms_32.c
29014 +++ b/arch/x86/kernel/i386_ksyms_32.c
29015 @@ -21,8 +21,12 @@ extern void cmpxchg8b_emu(void);
29016 EXPORT_SYMBOL(cmpxchg8b_emu);
29017 #endif
29018
29019 +EXPORT_SYMBOL_GPL(cpu_gdt_table);
29020 +
29021 /* Networking helper routines. */
29022 EXPORT_SYMBOL(csum_partial_copy_generic);
29023 +EXPORT_SYMBOL(csum_partial_copy_generic_to_user);
29024 +EXPORT_SYMBOL(csum_partial_copy_generic_from_user);
29025
29026 EXPORT_SYMBOL(__get_user_1);
29027 EXPORT_SYMBOL(__get_user_2);
29028 @@ -45,3 +49,11 @@ EXPORT_SYMBOL(___preempt_schedule_notrace);
29029 #endif
29030
29031 EXPORT_SYMBOL(__sw_hweight32);
29032 +
29033 +#ifdef CONFIG_PAX_KERNEXEC
29034 +EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR);
29035 +#endif
29036 +
29037 +#ifdef CONFIG_PAX_PER_CPU_PGD
29038 +EXPORT_SYMBOL(cpu_pgd);
29039 +#endif
29040 diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c
29041 index be22f5a..a04fa14 100644
29042 --- a/arch/x86/kernel/i8259.c
29043 +++ b/arch/x86/kernel/i8259.c
29044 @@ -110,7 +110,7 @@ static int i8259A_irq_pending(unsigned int irq)
29045 static void make_8259A_irq(unsigned int irq)
29046 {
29047 disable_irq_nosync(irq);
29048 - io_apic_irqs &= ~(1<<irq);
29049 + io_apic_irqs &= ~(1UL<<irq);
29050 irq_set_chip_and_handler(irq, &i8259A_chip, handle_level_irq);
29051 enable_irq(irq);
29052 }
29053 @@ -208,7 +208,7 @@ spurious_8259A_irq:
29054 "spurious 8259A interrupt: IRQ%d.\n", irq);
29055 spurious_irq_mask |= irqmask;
29056 }
29057 - atomic_inc(&irq_err_count);
29058 + atomic_inc_unchecked(&irq_err_count);
29059 /*
29060 * Theoretically we do not have to handle this IRQ,
29061 * but in Linux this does not cause problems and is
29062 @@ -356,14 +356,16 @@ static void init_8259A(int auto_eoi)
29063 /* (slave's support for AEOI in flat mode is to be investigated) */
29064 outb_pic(SLAVE_ICW4_DEFAULT, PIC_SLAVE_IMR);
29065
29066 + pax_open_kernel();
29067 if (auto_eoi)
29068 /*
29069 * In AEOI mode we just have to mask the interrupt
29070 * when acking.
29071 */
29072 - i8259A_chip.irq_mask_ack = disable_8259A_irq;
29073 + const_cast(i8259A_chip.irq_mask_ack) = disable_8259A_irq;
29074 else
29075 - i8259A_chip.irq_mask_ack = mask_and_ack_8259A;
29076 + const_cast(i8259A_chip.irq_mask_ack) = mask_and_ack_8259A;
29077 + pax_close_kernel();
29078
29079 udelay(100); /* wait for 8259A to initialize */
29080
29081 diff --git a/arch/x86/kernel/io_delay.c b/arch/x86/kernel/io_delay.c
29082 index 50c89e8..e148d28 100644
29083 --- a/arch/x86/kernel/io_delay.c
29084 +++ b/arch/x86/kernel/io_delay.c
29085 @@ -58,7 +58,7 @@ static int __init dmi_io_delay_0xed_port(const struct dmi_system_id *id)
29086 * Quirk table for systems that misbehave (lock up, etc.) if port
29087 * 0x80 is used:
29088 */
29089 -static struct dmi_system_id __initdata io_delay_0xed_port_dmi_table[] = {
29090 +static const struct dmi_system_id __initconst io_delay_0xed_port_dmi_table[] = {
29091 {
29092 .callback = dmi_io_delay_0xed_port,
29093 .ident = "Compaq Presario V6000",
29094 diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
29095 index 589b319..41d6575 100644
29096 --- a/arch/x86/kernel/ioport.c
29097 +++ b/arch/x86/kernel/ioport.c
29098 @@ -6,6 +6,7 @@
29099 #include <linux/sched.h>
29100 #include <linux/kernel.h>
29101 #include <linux/capability.h>
29102 +#include <linux/security.h>
29103 #include <linux/errno.h>
29104 #include <linux/types.h>
29105 #include <linux/ioport.h>
29106 @@ -30,6 +31,12 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
29107 return -EINVAL;
29108 if (turn_on && !capable(CAP_SYS_RAWIO))
29109 return -EPERM;
29110 +#ifdef CONFIG_GRKERNSEC_IO
29111 + if (turn_on && grsec_disable_privio) {
29112 + gr_handle_ioperm();
29113 + return -ENODEV;
29114 + }
29115 +#endif
29116
29117 /*
29118 * If it's the first ioperm() call in this thread's lifetime, set the
29119 @@ -54,7 +61,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
29120 * because the ->io_bitmap_max value must match the bitmap
29121 * contents:
29122 */
29123 - tss = &per_cpu(cpu_tss, get_cpu());
29124 + tss = cpu_tss + get_cpu();
29125
29126 if (turn_on)
29127 bitmap_clear(t->io_bitmap_ptr, from, num);
29128 @@ -110,6 +117,12 @@ SYSCALL_DEFINE1(iopl, unsigned int, level)
29129 if (level > old) {
29130 if (!capable(CAP_SYS_RAWIO))
29131 return -EPERM;
29132 +#ifdef CONFIG_GRKERNSEC_IO
29133 + if (grsec_disable_privio) {
29134 + gr_handle_iopl();
29135 + return -ENODEV;
29136 + }
29137 +#endif
29138 }
29139 regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) |
29140 (level << X86_EFLAGS_IOPL_BIT);
29141 diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c
29142 index 9f669fd..00354af 100644
29143 --- a/arch/x86/kernel/irq.c
29144 +++ b/arch/x86/kernel/irq.c
29145 @@ -28,7 +28,7 @@ EXPORT_PER_CPU_SYMBOL(irq_stat);
29146 DEFINE_PER_CPU(struct pt_regs *, irq_regs);
29147 EXPORT_PER_CPU_SYMBOL(irq_regs);
29148
29149 -atomic_t irq_err_count;
29150 +atomic_unchecked_t irq_err_count;
29151
29152 /* Function pointer for generic interrupt vector handling */
29153 void (*x86_platform_ipi_callback)(void) = NULL;
29154 @@ -146,9 +146,9 @@ int arch_show_interrupts(struct seq_file *p, int prec)
29155 seq_puts(p, " Hypervisor callback interrupts\n");
29156 }
29157 #endif
29158 - seq_printf(p, "%*s: %10u\n", prec, "ERR", atomic_read(&irq_err_count));
29159 + seq_printf(p, "%*s: %10u\n", prec, "ERR", atomic_read_unchecked(&irq_err_count));
29160 #if defined(CONFIG_X86_IO_APIC)
29161 - seq_printf(p, "%*s: %10u\n", prec, "MIS", atomic_read(&irq_mis_count));
29162 + seq_printf(p, "%*s: %10u\n", prec, "MIS", atomic_read_unchecked(&irq_mis_count));
29163 #endif
29164 #ifdef CONFIG_HAVE_KVM
29165 seq_printf(p, "%*s: ", prec, "PIN");
29166 @@ -200,7 +200,7 @@ u64 arch_irq_stat_cpu(unsigned int cpu)
29167
29168 u64 arch_irq_stat(void)
29169 {
29170 - u64 sum = atomic_read(&irq_err_count);
29171 + u64 sum = atomic_read_unchecked(&irq_err_count);
29172 return sum;
29173 }
29174
29175 diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c
29176 index 1f38d9a..0eb6e6f 100644
29177 --- a/arch/x86/kernel/irq_32.c
29178 +++ b/arch/x86/kernel/irq_32.c
29179 @@ -22,6 +22,8 @@
29180
29181 #ifdef CONFIG_DEBUG_STACKOVERFLOW
29182
29183 +extern void gr_handle_kernel_exploit(void);
29184 +
29185 int sysctl_panic_on_stackoverflow __read_mostly;
29186
29187 /* Debugging check for stack overflow: is there less than 1KB free? */
29188 @@ -32,13 +34,14 @@ static int check_stack_overflow(void)
29189 __asm__ __volatile__("andl %%esp,%0" :
29190 "=r" (sp) : "0" (THREAD_SIZE - 1));
29191
29192 - return sp < (sizeof(struct thread_info) + STACK_WARN);
29193 + return sp < STACK_WARN;
29194 }
29195
29196 static void print_stack_overflow(void)
29197 {
29198 printk(KERN_WARNING "low stack detected by irq handler\n");
29199 dump_stack();
29200 + gr_handle_kernel_exploit();
29201 if (sysctl_panic_on_stackoverflow)
29202 panic("low stack detected by irq handler - check messages\n");
29203 }
29204 @@ -69,10 +72,9 @@ static inline void *current_stack(void)
29205
29206 static inline int execute_on_irq_stack(int overflow, struct irq_desc *desc)
29207 {
29208 - struct irq_stack *curstk, *irqstk;
29209 + struct irq_stack *irqstk;
29210 u32 *isp, *prev_esp, arg1;
29211
29212 - curstk = (struct irq_stack *) current_stack();
29213 irqstk = __this_cpu_read(hardirq_stack);
29214
29215 /*
29216 @@ -81,15 +83,19 @@ static inline int execute_on_irq_stack(int overflow, struct irq_desc *desc)
29217 * handler) we can't do that and just have to keep using the
29218 * current stack (which is the irq stack already after all)
29219 */
29220 - if (unlikely(curstk == irqstk))
29221 + if (unlikely((void *)current_stack_pointer - (void *)irqstk < THREAD_SIZE))
29222 return 0;
29223
29224 - isp = (u32 *) ((char *)irqstk + sizeof(*irqstk));
29225 + isp = (u32 *) ((char *)irqstk + sizeof(*irqstk) - 8);
29226
29227 /* Save the next esp at the bottom of the stack */
29228 prev_esp = (u32 *)irqstk;
29229 *prev_esp = current_stack_pointer();
29230
29231 +#ifdef CONFIG_PAX_MEMORY_UDEREF
29232 + __set_fs(MAKE_MM_SEG(0));
29233 +#endif
29234 +
29235 if (unlikely(overflow))
29236 call_on_stack(print_stack_overflow, isp);
29237
29238 @@ -100,6 +106,11 @@ static inline int execute_on_irq_stack(int overflow, struct irq_desc *desc)
29239 : "0" (desc), "1" (isp),
29240 "D" (desc->handle_irq)
29241 : "memory", "cc", "ecx");
29242 +
29243 +#ifdef CONFIG_PAX_MEMORY_UDEREF
29244 + __set_fs(current_thread_info()->addr_limit);
29245 +#endif
29246 +
29247 return 1;
29248 }
29249
29250 @@ -108,23 +119,11 @@ static inline int execute_on_irq_stack(int overflow, struct irq_desc *desc)
29251 */
29252 void irq_ctx_init(int cpu)
29253 {
29254 - struct irq_stack *irqstk;
29255 -
29256 if (per_cpu(hardirq_stack, cpu))
29257 return;
29258
29259 - irqstk = page_address(alloc_pages_node(cpu_to_node(cpu),
29260 - THREADINFO_GFP,
29261 - THREAD_SIZE_ORDER));
29262 - per_cpu(hardirq_stack, cpu) = irqstk;
29263 -
29264 - irqstk = page_address(alloc_pages_node(cpu_to_node(cpu),
29265 - THREADINFO_GFP,
29266 - THREAD_SIZE_ORDER));
29267 - per_cpu(softirq_stack, cpu) = irqstk;
29268 -
29269 - printk(KERN_DEBUG "CPU %u irqstacks, hard=%p soft=%p\n",
29270 - cpu, per_cpu(hardirq_stack, cpu), per_cpu(softirq_stack, cpu));
29271 + per_cpu(hardirq_stack, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREADINFO_GFP, THREAD_SIZE_ORDER));
29272 + per_cpu(softirq_stack, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREADINFO_GFP, THREAD_SIZE_ORDER));
29273 }
29274
29275 void do_softirq_own_stack(void)
29276 @@ -141,7 +140,16 @@ void do_softirq_own_stack(void)
29277 prev_esp = (u32 *)irqstk;
29278 *prev_esp = current_stack_pointer();
29279
29280 +#ifdef CONFIG_PAX_MEMORY_UDEREF
29281 + __set_fs(MAKE_MM_SEG(0));
29282 +#endif
29283 +
29284 call_on_stack(__do_softirq, isp);
29285 +
29286 +#ifdef CONFIG_PAX_MEMORY_UDEREF
29287 + __set_fs(current_thread_info()->addr_limit);
29288 +#endif
29289 +
29290 }
29291
29292 bool handle_irq(struct irq_desc *desc, struct pt_regs *regs)
29293 diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c
29294 index 4a79037..0c1319e 100644
29295 --- a/arch/x86/kernel/irq_64.c
29296 +++ b/arch/x86/kernel/irq_64.c
29297 @@ -19,6 +19,8 @@
29298 #include <asm/idle.h>
29299 #include <asm/apic.h>
29300
29301 +extern void gr_handle_kernel_exploit(void);
29302 +
29303 int sysctl_panic_on_stackoverflow;
29304
29305 /*
29306 @@ -45,9 +47,8 @@ static inline void stack_overflow_check(struct pt_regs *regs)
29307 regs->sp <= curbase + THREAD_SIZE)
29308 return;
29309
29310 - irq_stack_top = (u64)this_cpu_ptr(irq_stack_union.irq_stack) +
29311 - STACK_TOP_MARGIN;
29312 irq_stack_bottom = (u64)__this_cpu_read(irq_stack_ptr);
29313 + irq_stack_top = irq_stack_bottom - IRQ_STACK_SIZE + 64 + STACK_TOP_MARGIN;
29314 if (regs->sp >= irq_stack_top && regs->sp <= irq_stack_bottom)
29315 return;
29316
29317 @@ -62,6 +63,8 @@ static inline void stack_overflow_check(struct pt_regs *regs)
29318 irq_stack_top, irq_stack_bottom,
29319 estack_top, estack_bottom);
29320
29321 + gr_handle_kernel_exploit();
29322 +
29323 if (sysctl_panic_on_stackoverflow)
29324 panic("low stack detected by irq handler - check messages\n");
29325 #endif
29326 diff --git a/arch/x86/kernel/jump_label.c b/arch/x86/kernel/jump_label.c
29327 index fc25f69..d31d60c 100644
29328 --- a/arch/x86/kernel/jump_label.c
29329 +++ b/arch/x86/kernel/jump_label.c
29330 @@ -32,6 +32,8 @@ static void bug_at(unsigned char *ip, int line)
29331 * Something went wrong. Crash the box, as something could be
29332 * corrupting the kernel.
29333 */
29334 + ip = (unsigned char *)ktla_ktva((unsigned long)ip);
29335 + pr_warning("Unexpected op at %pS [%p] %s:%d\n", ip, ip, __FILE__, line);
29336 pr_warning("Unexpected op at %pS [%p] (%02x %02x %02x %02x %02x) %s:%d\n",
29337 ip, ip, ip[0], ip[1], ip[2], ip[3], ip[4], __FILE__, line);
29338 BUG();
29339 @@ -52,7 +54,7 @@ static void __jump_label_transform(struct jump_entry *entry,
29340 * Jump label is enabled for the first time.
29341 * So we expect a default_nop...
29342 */
29343 - if (unlikely(memcmp((void *)entry->code, default_nop, 5)
29344 + if (unlikely(memcmp((void *)ktla_ktva(entry->code), default_nop, 5)
29345 != 0))
29346 bug_at((void *)entry->code, __LINE__);
29347 } else {
29348 @@ -60,7 +62,7 @@ static void __jump_label_transform(struct jump_entry *entry,
29349 * ...otherwise expect an ideal_nop. Otherwise
29350 * something went horribly wrong.
29351 */
29352 - if (unlikely(memcmp((void *)entry->code, ideal_nop, 5)
29353 + if (unlikely(memcmp((void *)ktla_ktva(entry->code), ideal_nop, 5)
29354 != 0))
29355 bug_at((void *)entry->code, __LINE__);
29356 }
29357 @@ -76,13 +78,13 @@ static void __jump_label_transform(struct jump_entry *entry,
29358 * are converting the default nop to the ideal nop.
29359 */
29360 if (init) {
29361 - if (unlikely(memcmp((void *)entry->code, default_nop, 5) != 0))
29362 + if (unlikely(memcmp((void *)ktla_ktva(entry->code), default_nop, 5) != 0))
29363 bug_at((void *)entry->code, __LINE__);
29364 } else {
29365 code.jump = 0xe9;
29366 code.offset = entry->target -
29367 (entry->code + JUMP_LABEL_NOP_SIZE);
29368 - if (unlikely(memcmp((void *)entry->code, &code, 5) != 0))
29369 + if (unlikely(memcmp((void *)ktla_ktva(entry->code), &code, 5) != 0))
29370 bug_at((void *)entry->code, __LINE__);
29371 }
29372 memcpy(&code, ideal_nops[NOP_ATOMIC5], JUMP_LABEL_NOP_SIZE);
29373 diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c
29374 index 04cde52..8b2900b 100644
29375 --- a/arch/x86/kernel/kgdb.c
29376 +++ b/arch/x86/kernel/kgdb.c
29377 @@ -229,7 +229,10 @@ static void kgdb_correct_hw_break(void)
29378 bp->attr.bp_addr = breakinfo[breakno].addr;
29379 bp->attr.bp_len = breakinfo[breakno].len;
29380 bp->attr.bp_type = breakinfo[breakno].type;
29381 - info->address = breakinfo[breakno].addr;
29382 + if (breakinfo[breakno].type == X86_BREAKPOINT_EXECUTE)
29383 + info->address = ktla_ktva(breakinfo[breakno].addr);
29384 + else
29385 + info->address = breakinfo[breakno].addr;
29386 info->len = breakinfo[breakno].len;
29387 info->type = breakinfo[breakno].type;
29388 val = arch_install_hw_breakpoint(bp);
29389 @@ -476,12 +479,12 @@ int kgdb_arch_handle_exception(int e_vector, int signo, int err_code,
29390 case 'k':
29391 /* clear the trace bit */
29392 linux_regs->flags &= ~X86_EFLAGS_TF;
29393 - atomic_set(&kgdb_cpu_doing_single_step, -1);
29394 + atomic_set_unchecked(&kgdb_cpu_doing_single_step, -1);
29395
29396 /* set the trace bit if we're stepping */
29397 if (remcomInBuffer[0] == 's') {
29398 linux_regs->flags |= X86_EFLAGS_TF;
29399 - atomic_set(&kgdb_cpu_doing_single_step,
29400 + atomic_set_unchecked(&kgdb_cpu_doing_single_step,
29401 raw_smp_processor_id());
29402 }
29403
29404 @@ -551,7 +554,7 @@ static int __kgdb_notify(struct die_args *args, unsigned long cmd)
29405
29406 switch (cmd) {
29407 case DIE_DEBUG:
29408 - if (atomic_read(&kgdb_cpu_doing_single_step) != -1) {
29409 + if (atomic_read_unchecked(&kgdb_cpu_doing_single_step) != -1) {
29410 if (user_mode(regs))
29411 return single_step_cont(regs, args);
29412 break;
29413 @@ -754,11 +757,11 @@ int kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt)
29414 char opc[BREAK_INSTR_SIZE];
29415
29416 bpt->type = BP_BREAKPOINT;
29417 - err = probe_kernel_read(bpt->saved_instr, (char *)bpt->bpt_addr,
29418 + err = probe_kernel_read(bpt->saved_instr, (const void *)ktla_ktva(bpt->bpt_addr),
29419 BREAK_INSTR_SIZE);
29420 if (err)
29421 return err;
29422 - err = probe_kernel_write((char *)bpt->bpt_addr,
29423 + err = probe_kernel_write((void *)ktla_ktva(bpt->bpt_addr),
29424 arch_kgdb_ops.gdb_bpt_instr, BREAK_INSTR_SIZE);
29425 if (!err)
29426 return err;
29427 @@ -770,7 +773,7 @@ int kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt)
29428 return -EBUSY;
29429 text_poke((void *)bpt->bpt_addr, arch_kgdb_ops.gdb_bpt_instr,
29430 BREAK_INSTR_SIZE);
29431 - err = probe_kernel_read(opc, (char *)bpt->bpt_addr, BREAK_INSTR_SIZE);
29432 + err = probe_kernel_read(opc, (const void *)ktla_ktva(bpt->bpt_addr), BREAK_INSTR_SIZE);
29433 if (err)
29434 return err;
29435 if (memcmp(opc, arch_kgdb_ops.gdb_bpt_instr, BREAK_INSTR_SIZE))
29436 @@ -794,13 +797,13 @@ int kgdb_arch_remove_breakpoint(struct kgdb_bkpt *bpt)
29437 if (mutex_is_locked(&text_mutex))
29438 goto knl_write;
29439 text_poke((void *)bpt->bpt_addr, bpt->saved_instr, BREAK_INSTR_SIZE);
29440 - err = probe_kernel_read(opc, (char *)bpt->bpt_addr, BREAK_INSTR_SIZE);
29441 + err = probe_kernel_read(opc, (const void *)ktla_ktva(bpt->bpt_addr), BREAK_INSTR_SIZE);
29442 if (err || memcmp(opc, bpt->saved_instr, BREAK_INSTR_SIZE))
29443 goto knl_write;
29444 return err;
29445
29446 knl_write:
29447 - return probe_kernel_write((char *)bpt->bpt_addr,
29448 + return probe_kernel_write((void *)ktla_ktva(bpt->bpt_addr),
29449 (char *)bpt->saved_instr, BREAK_INSTR_SIZE);
29450 }
29451
29452 diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
29453 index 7847e5c..cec50fd 100644
29454 --- a/arch/x86/kernel/kprobes/core.c
29455 +++ b/arch/x86/kernel/kprobes/core.c
29456 @@ -122,9 +122,12 @@ __synthesize_relative_insn(void *from, void *to, u8 op)
29457 s32 raddr;
29458 } __packed *insn;
29459
29460 - insn = (struct __arch_relative_insn *)from;
29461 + insn = (struct __arch_relative_insn *)ktla_ktva((unsigned long)from);
29462 +
29463 + pax_open_kernel();
29464 insn->raddr = (s32)((long)(to) - ((long)(from) + 5));
29465 insn->op = op;
29466 + pax_close_kernel();
29467 }
29468
29469 /* Insert a jump instruction at address 'from', which jumps to address 'to'.*/
29470 @@ -170,7 +173,7 @@ int can_boost(kprobe_opcode_t *opcodes)
29471 kprobe_opcode_t opcode;
29472 kprobe_opcode_t *orig_opcodes = opcodes;
29473
29474 - if (search_exception_tables((unsigned long)opcodes))
29475 + if (search_exception_tables(ktva_ktla((unsigned long)opcodes)))
29476 return 0; /* Page fault may occur on this address. */
29477
29478 retry:
29479 @@ -262,12 +265,12 @@ __recover_probed_insn(kprobe_opcode_t *buf, unsigned long addr)
29480 * Fortunately, we know that the original code is the ideal 5-byte
29481 * long NOP.
29482 */
29483 - memcpy(buf, (void *)addr, MAX_INSN_SIZE * sizeof(kprobe_opcode_t));
29484 + memcpy(buf, (void *)ktla_ktva(addr), MAX_INSN_SIZE * sizeof(kprobe_opcode_t));
29485 if (faddr)
29486 memcpy(buf, ideal_nops[NOP_ATOMIC5], 5);
29487 else
29488 buf[0] = kp->opcode;
29489 - return (unsigned long)buf;
29490 + return ktva_ktla((unsigned long)buf);
29491 }
29492
29493 /*
29494 @@ -369,7 +372,9 @@ int __copy_instruction(u8 *dest, u8 *src)
29495 /* Another subsystem puts a breakpoint, failed to recover */
29496 if (insn.opcode.bytes[0] == BREAKPOINT_INSTRUCTION)
29497 return 0;
29498 + pax_open_kernel();
29499 memcpy(dest, insn.kaddr, length);
29500 + pax_close_kernel();
29501
29502 #ifdef CONFIG_X86_64
29503 if (insn_rip_relative(&insn)) {
29504 @@ -396,7 +401,9 @@ int __copy_instruction(u8 *dest, u8 *src)
29505 return 0;
29506 }
29507 disp = (u8 *) dest + insn_offset_displacement(&insn);
29508 + pax_open_kernel();
29509 *(s32 *) disp = (s32) newdisp;
29510 + pax_close_kernel();
29511 }
29512 #endif
29513 return length;
29514 @@ -538,7 +545,7 @@ static void setup_singlestep(struct kprobe *p, struct pt_regs *regs,
29515 * nor set current_kprobe, because it doesn't use single
29516 * stepping.
29517 */
29518 - regs->ip = (unsigned long)p->ainsn.insn;
29519 + regs->ip = ktva_ktla((unsigned long)p->ainsn.insn);
29520 preempt_enable_no_resched();
29521 return;
29522 }
29523 @@ -555,9 +562,9 @@ static void setup_singlestep(struct kprobe *p, struct pt_regs *regs,
29524 regs->flags &= ~X86_EFLAGS_IF;
29525 /* single step inline if the instruction is an int3 */
29526 if (p->opcode == BREAKPOINT_INSTRUCTION)
29527 - regs->ip = (unsigned long)p->addr;
29528 + regs->ip = ktla_ktva((unsigned long)p->addr);
29529 else
29530 - regs->ip = (unsigned long)p->ainsn.insn;
29531 + regs->ip = ktva_ktla((unsigned long)p->ainsn.insn);
29532 }
29533 NOKPROBE_SYMBOL(setup_singlestep);
29534
29535 @@ -642,7 +649,7 @@ int kprobe_int3_handler(struct pt_regs *regs)
29536 setup_singlestep(p, regs, kcb, 0);
29537 return 1;
29538 }
29539 - } else if (*addr != BREAKPOINT_INSTRUCTION) {
29540 + } else if (*(kprobe_opcode_t *)ktla_ktva((unsigned long)addr) != BREAKPOINT_INSTRUCTION) {
29541 /*
29542 * The breakpoint instruction was removed right
29543 * after we hit it. Another cpu has removed
29544 @@ -688,6 +695,9 @@ asm(
29545 " movq %rax, 152(%rsp)\n"
29546 RESTORE_REGS_STRING
29547 " popfq\n"
29548 +#ifdef KERNEXEC_PLUGIN
29549 + " btsq $63,(%rsp)\n"
29550 +#endif
29551 #else
29552 " pushf\n"
29553 SAVE_REGS_STRING
29554 @@ -829,7 +839,7 @@ static void resume_execution(struct kprobe *p, struct pt_regs *regs,
29555 struct kprobe_ctlblk *kcb)
29556 {
29557 unsigned long *tos = stack_addr(regs);
29558 - unsigned long copy_ip = (unsigned long)p->ainsn.insn;
29559 + unsigned long copy_ip = ktva_ktla((unsigned long)p->ainsn.insn);
29560 unsigned long orig_ip = (unsigned long)p->addr;
29561 kprobe_opcode_t *insn = p->ainsn.insn;
29562
29563 diff --git a/arch/x86/kernel/kprobes/opt.c b/arch/x86/kernel/kprobes/opt.c
29564 index 4425f59..34a112f 100644
29565 --- a/arch/x86/kernel/kprobes/opt.c
29566 +++ b/arch/x86/kernel/kprobes/opt.c
29567 @@ -80,6 +80,7 @@ found:
29568 /* Insert a move instruction which sets a pointer to eax/rdi (1st arg). */
29569 static void synthesize_set_arg1(kprobe_opcode_t *addr, unsigned long val)
29570 {
29571 + pax_open_kernel();
29572 #ifdef CONFIG_X86_64
29573 *addr++ = 0x48;
29574 *addr++ = 0xbf;
29575 @@ -87,6 +88,7 @@ static void synthesize_set_arg1(kprobe_opcode_t *addr, unsigned long val)
29576 *addr++ = 0xb8;
29577 #endif
29578 *(unsigned long *)addr = val;
29579 + pax_close_kernel();
29580 }
29581
29582 asm (
29583 @@ -343,7 +345,7 @@ int arch_prepare_optimized_kprobe(struct optimized_kprobe *op,
29584 * Verify if the address gap is in 2GB range, because this uses
29585 * a relative jump.
29586 */
29587 - rel = (long)op->optinsn.insn - (long)op->kp.addr + RELATIVEJUMP_SIZE;
29588 + rel = (long)op->optinsn.insn - ktla_ktva((long)op->kp.addr) + RELATIVEJUMP_SIZE;
29589 if (abs(rel) > 0x7fffffff) {
29590 __arch_remove_optimized_kprobe(op, 0);
29591 return -ERANGE;
29592 @@ -360,16 +362,18 @@ int arch_prepare_optimized_kprobe(struct optimized_kprobe *op,
29593 op->optinsn.size = ret;
29594
29595 /* Copy arch-dep-instance from template */
29596 - memcpy(buf, &optprobe_template_entry, TMPL_END_IDX);
29597 + pax_open_kernel();
29598 + memcpy(buf, (u8 *)ktla_ktva((unsigned long)&optprobe_template_entry), TMPL_END_IDX);
29599 + pax_close_kernel();
29600
29601 /* Set probe information */
29602 synthesize_set_arg1(buf + TMPL_MOVE_IDX, (unsigned long)op);
29603
29604 /* Set probe function call */
29605 - synthesize_relcall(buf + TMPL_CALL_IDX, optimized_callback);
29606 + synthesize_relcall((u8 *)ktva_ktla((unsigned long)buf) + TMPL_CALL_IDX, optimized_callback);
29607
29608 /* Set returning jmp instruction at the tail of out-of-line buffer */
29609 - synthesize_reljump(buf + TMPL_END_IDX + op->optinsn.size,
29610 + synthesize_reljump((u8 *)ktva_ktla((unsigned long)buf) + TMPL_END_IDX + op->optinsn.size,
29611 (u8 *)op->kp.addr + op->optinsn.size);
29612
29613 flush_icache_range((unsigned long) buf,
29614 @@ -394,7 +398,7 @@ void arch_optimize_kprobes(struct list_head *oplist)
29615 WARN_ON(kprobe_disabled(&op->kp));
29616
29617 /* Backup instructions which will be replaced by jump address */
29618 - memcpy(op->optinsn.copied_insn, op->kp.addr + INT3_SIZE,
29619 + memcpy(op->optinsn.copied_insn, (u8 *)ktla_ktva((unsigned long)op->kp.addr) + INT3_SIZE,
29620 RELATIVE_ADDR_SIZE);
29621
29622 insn_buf[0] = RELATIVEJUMP_OPCODE;
29623 @@ -442,7 +446,7 @@ int setup_detour_execution(struct kprobe *p, struct pt_regs *regs, int reenter)
29624 /* This kprobe is really able to run optimized path. */
29625 op = container_of(p, struct optimized_kprobe, kp);
29626 /* Detour through copied instructions */
29627 - regs->ip = (unsigned long)op->optinsn.insn + TMPL_END_IDX;
29628 + regs->ip = ktva_ktla((unsigned long)op->optinsn.insn) + TMPL_END_IDX;
29629 if (!reenter)
29630 reset_current_kprobe();
29631 preempt_enable_no_resched();
29632 diff --git a/arch/x86/kernel/ksysfs.c b/arch/x86/kernel/ksysfs.c
29633 index c2bedae..25e7ab60 100644
29634 --- a/arch/x86/kernel/ksysfs.c
29635 +++ b/arch/x86/kernel/ksysfs.c
29636 @@ -184,7 +184,7 @@ out:
29637
29638 static struct kobj_attribute type_attr = __ATTR_RO(type);
29639
29640 -static struct bin_attribute data_attr = {
29641 +static bin_attribute_no_const data_attr __read_only = {
29642 .attr = {
29643 .name = "data",
29644 .mode = S_IRUGO,
29645 diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
29646 index 1726c4c..feda8055 100644
29647 --- a/arch/x86/kernel/kvm.c
29648 +++ b/arch/x86/kernel/kvm.c
29649 @@ -544,7 +544,7 @@ static uint32_t __init kvm_detect(void)
29650 return kvm_cpuid_base();
29651 }
29652
29653 -const struct hypervisor_x86 x86_hyper_kvm __refconst = {
29654 +const struct hypervisor_x86 x86_hyper_kvm = {
29655 .name = "KVM",
29656 .detect = kvm_detect,
29657 .x2apic_available = kvm_para_available,
29658 diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c
29659 index 3692249..d2966c7 100644
29660 --- a/arch/x86/kernel/kvmclock.c
29661 +++ b/arch/x86/kernel/kvmclock.c
29662 @@ -29,7 +29,7 @@
29663 #include <asm/x86_init.h>
29664 #include <asm/reboot.h>
29665
29666 -static int kvmclock = 1;
29667 +static int kvmclock __read_only = 1;
29668 static int msr_kvm_system_time = MSR_KVM_SYSTEM_TIME;
29669 static int msr_kvm_wall_clock = MSR_KVM_WALL_CLOCK;
29670 static cycle_t kvm_sched_clock_offset;
29671 @@ -42,7 +42,7 @@ static int parse_no_kvmclock(char *arg)
29672 early_param("no-kvmclock", parse_no_kvmclock);
29673
29674 /* The hypervisor will put information about time periodically here */
29675 -static struct pvclock_vsyscall_time_info *hv_clock;
29676 +static struct pvclock_vsyscall_time_info hv_clock[NR_CPUS] __page_aligned_bss;
29677 static struct pvclock_wall_clock wall_clock;
29678
29679 struct pvclock_vsyscall_time_info *pvclock_pvti_cpu0_va(void)
29680 @@ -161,7 +161,7 @@ bool kvm_check_and_clear_guest_paused(void)
29681 struct pvclock_vcpu_time_info *src;
29682 int cpu = smp_processor_id();
29683
29684 - if (!hv_clock)
29685 + if (!kvmclock)
29686 return ret;
29687
29688 src = &hv_clock[cpu].pvti;
29689 @@ -188,7 +188,7 @@ int kvm_register_clock(char *txt)
29690 int low, high, ret;
29691 struct pvclock_vcpu_time_info *src;
29692
29693 - if (!hv_clock)
29694 + if (!kvmclock)
29695 return 0;
29696
29697 src = &hv_clock[cpu].pvti;
29698 @@ -248,7 +248,6 @@ static void kvm_shutdown(void)
29699 void __init kvmclock_init(void)
29700 {
29701 struct pvclock_vcpu_time_info *vcpu_time;
29702 - unsigned long mem;
29703 int size, cpu;
29704 u8 flags;
29705
29706 @@ -266,15 +265,8 @@ void __init kvmclock_init(void)
29707 printk(KERN_INFO "kvm-clock: Using msrs %x and %x",
29708 msr_kvm_system_time, msr_kvm_wall_clock);
29709
29710 - mem = memblock_alloc(size, PAGE_SIZE);
29711 - if (!mem)
29712 - return;
29713 - hv_clock = __va(mem);
29714 - memset(hv_clock, 0, size);
29715 -
29716 if (kvm_register_clock("primary cpu clock")) {
29717 - hv_clock = NULL;
29718 - memblock_free(mem, size);
29719 + kvmclock = 0;
29720 return;
29721 }
29722
29723 @@ -315,7 +307,7 @@ int __init kvm_setup_vsyscall_timeinfo(void)
29724 struct pvclock_vcpu_time_info *vcpu_time;
29725 unsigned int size;
29726
29727 - if (!hv_clock)
29728 + if (!kvmclock)
29729 return 0;
29730
29731 size = PAGE_ALIGN(sizeof(struct pvclock_vsyscall_time_info)*NR_CPUS);
29732 diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
29733 index 6707039..254f32c 100644
29734 --- a/arch/x86/kernel/ldt.c
29735 +++ b/arch/x86/kernel/ldt.c
29736 @@ -11,6 +11,7 @@
29737 #include <linux/sched.h>
29738 #include <linux/string.h>
29739 #include <linux/mm.h>
29740 +#include <linux/ratelimit.h>
29741 #include <linux/smp.h>
29742 #include <linux/slab.h>
29743 #include <linux/vmalloc.h>
29744 @@ -21,6 +22,14 @@
29745 #include <asm/mmu_context.h>
29746 #include <asm/syscalls.h>
29747
29748 +#ifdef CONFIG_GRKERNSEC
29749 +int sysctl_modify_ldt __read_only = 0;
29750 +#elif defined(CONFIG_DEFAULT_MODIFY_LDT_SYSCALL)
29751 +int sysctl_modify_ldt __read_only = 1;
29752 +#else
29753 +int sysctl_modify_ldt __read_only = 0;
29754 +#endif
29755 +
29756 /* context.lock is held for us, so we don't need any locking. */
29757 static void flush_ldt(void *current_mm)
29758 {
29759 @@ -109,6 +118,23 @@ int init_new_context_ldt(struct task_struct *tsk, struct mm_struct *mm)
29760 struct mm_struct *old_mm;
29761 int retval = 0;
29762
29763 + if (tsk == current) {
29764 + mm->context.vdso = 0;
29765 +
29766 +#ifdef CONFIG_X86_32
29767 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
29768 + mm->context.user_cs_base = 0UL;
29769 + mm->context.user_cs_limit = ~0UL;
29770 +
29771 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
29772 + cpumask_clear(&mm->context.cpu_user_cs_mask);
29773 +#endif
29774 +
29775 +#endif
29776 +#endif
29777 +
29778 + }
29779 +
29780 mutex_init(&mm->context.lock);
29781 old_mm = current->mm;
29782 if (!old_mm) {
29783 @@ -235,6 +261,14 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
29784 /* The user wants to clear the entry. */
29785 memset(&ldt, 0, sizeof(ldt));
29786 } else {
29787 +
29788 +#ifdef CONFIG_PAX_SEGMEXEC
29789 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (ldt_info.contents & MODIFY_LDT_CONTENTS_CODE)) {
29790 + error = -EINVAL;
29791 + goto out;
29792 + }
29793 +#endif
29794 +
29795 if (!IS_ENABLED(CONFIG_X86_16BIT) && !ldt_info.seg_32bit) {
29796 error = -EINVAL;
29797 goto out;
29798 @@ -276,6 +310,15 @@ asmlinkage int sys_modify_ldt(int func, void __user *ptr,
29799 {
29800 int ret = -ENOSYS;
29801
29802 + if (!sysctl_modify_ldt) {
29803 + printk_ratelimited(KERN_INFO
29804 + "Denied a call to modify_ldt() from %s[%d] (uid: %d)."
29805 + " Adjust sysctl if this was not an exploit attempt.\n",
29806 + current->comm, task_pid_nr(current),
29807 + from_kuid_munged(current_user_ns(), current_uid()));
29808 + return ret;
29809 + }
29810 +
29811 switch (func) {
29812 case 0:
29813 ret = read_ldt(ptr, bytecount);
29814 diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c
29815 index 469b23d..5449cfe 100644
29816 --- a/arch/x86/kernel/machine_kexec_32.c
29817 +++ b/arch/x86/kernel/machine_kexec_32.c
29818 @@ -26,7 +26,7 @@
29819 #include <asm/cacheflush.h>
29820 #include <asm/debugreg.h>
29821
29822 -static void set_idt(void *newidt, __u16 limit)
29823 +static void set_idt(struct desc_struct *newidt, __u16 limit)
29824 {
29825 struct desc_ptr curidt;
29826
29827 @@ -38,7 +38,7 @@ static void set_idt(void *newidt, __u16 limit)
29828 }
29829
29830
29831 -static void set_gdt(void *newgdt, __u16 limit)
29832 +static void set_gdt(struct desc_struct *newgdt, __u16 limit)
29833 {
29834 struct desc_ptr curgdt;
29835
29836 @@ -216,7 +216,7 @@ void machine_kexec(struct kimage *image)
29837 }
29838
29839 control_page = page_address(image->control_code_page);
29840 - memcpy(control_page, relocate_kernel, KEXEC_CONTROL_CODE_MAX_SIZE);
29841 + memcpy(control_page, (void *)ktla_ktva((unsigned long)relocate_kernel), KEXEC_CONTROL_CODE_MAX_SIZE);
29842
29843 relocate_kernel_ptr = control_page;
29844 page_list[PA_CONTROL_PAGE] = __pa(control_page);
29845 diff --git a/arch/x86/kernel/mcount_64.S b/arch/x86/kernel/mcount_64.S
29846 index 61924222..0e4856e 100644
29847 --- a/arch/x86/kernel/mcount_64.S
29848 +++ b/arch/x86/kernel/mcount_64.S
29849 @@ -7,7 +7,7 @@
29850 #include <linux/linkage.h>
29851 #include <asm/ptrace.h>
29852 #include <asm/ftrace.h>
29853 -
29854 +#include <asm/alternative-asm.h>
29855
29856 .code64
29857 .section .entry.text, "ax"
29858 @@ -148,8 +148,9 @@
29859 #ifdef CONFIG_DYNAMIC_FTRACE
29860
29861 ENTRY(function_hook)
29862 + pax_force_retaddr
29863 retq
29864 -END(function_hook)
29865 +ENDPROC(function_hook)
29866
29867 ENTRY(ftrace_caller)
29868 /* save_mcount_regs fills in first two parameters */
29869 @@ -183,9 +184,10 @@ GLOBAL(ftrace_graph_call)
29870 #endif
29871
29872 /* This is weak to keep gas from relaxing the jumps */
29873 -WEAK(ftrace_stub)
29874 +RAP_WEAK(ftrace_stub)
29875 + pax_force_retaddr
29876 retq
29877 -END(ftrace_caller)
29878 +ENDPROC(ftrace_caller)
29879
29880 ENTRY(ftrace_regs_caller)
29881 /* Save the current flags before any operations that can change them */
29882 @@ -256,7 +258,7 @@ GLOBAL(ftrace_regs_caller_end)
29883
29884 jmp ftrace_epilogue
29885
29886 -END(ftrace_regs_caller)
29887 +ENDPROC(ftrace_regs_caller)
29888
29889
29890 #else /* ! CONFIG_DYNAMIC_FTRACE */
29891 @@ -275,6 +277,7 @@ fgraph_trace:
29892 #endif
29893
29894 GLOBAL(ftrace_stub)
29895 + pax_force_retaddr
29896 retq
29897
29898 trace:
29899 @@ -287,12 +290,13 @@ trace:
29900 * ip and parent ip are used and the list function is called when
29901 * function tracing is enabled.
29902 */
29903 + pax_force_fptr ftrace_trace_function
29904 call *ftrace_trace_function
29905
29906 restore_mcount_regs
29907
29908 jmp fgraph_trace
29909 -END(function_hook)
29910 +ENDPROC(function_hook)
29911 #endif /* CONFIG_DYNAMIC_FTRACE */
29912 #endif /* CONFIG_FUNCTION_TRACER */
29913
29914 @@ -314,8 +318,9 @@ ENTRY(ftrace_graph_caller)
29915
29916 restore_mcount_regs
29917
29918 + pax_force_retaddr
29919 retq
29920 -END(ftrace_graph_caller)
29921 +ENDPROC(ftrace_graph_caller)
29922
29923 GLOBAL(return_to_handler)
29924 subq $24, %rsp
29925 @@ -331,5 +336,7 @@ GLOBAL(return_to_handler)
29926 movq 8(%rsp), %rdx
29927 movq (%rsp), %rax
29928 addq $24, %rsp
29929 + pax_force_fptr %rdi
29930 jmp *%rdi
29931 +ENDPROC(return_to_handler)
29932 #endif
29933 diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c
29934 index 477ae80..a280c67 100644
29935 --- a/arch/x86/kernel/module.c
29936 +++ b/arch/x86/kernel/module.c
29937 @@ -76,17 +76,17 @@ static unsigned long int get_module_load_offset(void)
29938 }
29939 #endif
29940
29941 -void *module_alloc(unsigned long size)
29942 +static inline void *__module_alloc(unsigned long size, pgprot_t prot)
29943 {
29944 void *p;
29945
29946 - if (PAGE_ALIGN(size) > MODULES_LEN)
29947 + if (!size || PAGE_ALIGN(size) > MODULES_LEN)
29948 return NULL;
29949
29950 p = __vmalloc_node_range(size, MODULE_ALIGN,
29951 MODULES_VADDR + get_module_load_offset(),
29952 - MODULES_END, GFP_KERNEL | __GFP_HIGHMEM,
29953 - PAGE_KERNEL_EXEC, 0, NUMA_NO_NODE,
29954 + MODULES_END, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO,
29955 + prot, 0, NUMA_NO_NODE,
29956 __builtin_return_address(0));
29957 if (p && (kasan_module_alloc(p, size) < 0)) {
29958 vfree(p);
29959 @@ -96,6 +96,51 @@ void *module_alloc(unsigned long size)
29960 return p;
29961 }
29962
29963 +void *module_alloc(unsigned long size)
29964 +{
29965 +
29966 +#ifdef CONFIG_PAX_KERNEXEC
29967 + return __module_alloc(size, PAGE_KERNEL);
29968 +#else
29969 + return __module_alloc(size, PAGE_KERNEL_EXEC);
29970 +#endif
29971 +
29972 +}
29973 +
29974 +#ifdef CONFIG_PAX_KERNEXEC
29975 +#ifdef CONFIG_X86_32
29976 +void *module_alloc_exec(unsigned long size)
29977 +{
29978 + struct vm_struct *area;
29979 +
29980 + if (size == 0)
29981 + return NULL;
29982 +
29983 + area = __get_vm_area(size, VM_ALLOC, (unsigned long)&MODULES_EXEC_VADDR, (unsigned long)&MODULES_EXEC_END);
29984 + return area ? area->addr : NULL;
29985 +}
29986 +EXPORT_SYMBOL(module_alloc_exec);
29987 +
29988 +void module_memfree_exec(void *module_region)
29989 +{
29990 + vunmap(module_region);
29991 +}
29992 +EXPORT_SYMBOL(module_memfree_exec);
29993 +#else
29994 +void module_memfree_exec(void *module_region)
29995 +{
29996 + module_memfree(module_region);
29997 +}
29998 +EXPORT_SYMBOL(module_memfree_exec);
29999 +
30000 +void *module_alloc_exec(unsigned long size)
30001 +{
30002 + return __module_alloc(size, PAGE_KERNEL_RX);
30003 +}
30004 +EXPORT_SYMBOL(module_alloc_exec);
30005 +#endif
30006 +#endif
30007 +
30008 #ifdef CONFIG_X86_32
30009 int apply_relocate(Elf32_Shdr *sechdrs,
30010 const char *strtab,
30011 @@ -106,14 +151,16 @@ int apply_relocate(Elf32_Shdr *sechdrs,
30012 unsigned int i;
30013 Elf32_Rel *rel = (void *)sechdrs[relsec].sh_addr;
30014 Elf32_Sym *sym;
30015 - uint32_t *location;
30016 + uint32_t *plocation, location;
30017
30018 DEBUGP("Applying relocate section %u to %u\n",
30019 relsec, sechdrs[relsec].sh_info);
30020 for (i = 0; i < sechdrs[relsec].sh_size / sizeof(*rel); i++) {
30021 /* This is where to make the change */
30022 - location = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr
30023 - + rel[i].r_offset;
30024 + plocation = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr + rel[i].r_offset;
30025 + location = (uint32_t)plocation;
30026 + if (sechdrs[sechdrs[relsec].sh_info].sh_flags & SHF_EXECINSTR)
30027 + plocation = (uint32_t *)ktla_ktva((unsigned long)plocation);
30028 /* This is the symbol it is referring to. Note that all
30029 undefined symbols have been resolved. */
30030 sym = (Elf32_Sym *)sechdrs[symindex].sh_addr
30031 @@ -122,11 +169,15 @@ int apply_relocate(Elf32_Shdr *sechdrs,
30032 switch (ELF32_R_TYPE(rel[i].r_info)) {
30033 case R_386_32:
30034 /* We add the value into the location given */
30035 - *location += sym->st_value;
30036 + pax_open_kernel();
30037 + *plocation += sym->st_value;
30038 + pax_close_kernel();
30039 break;
30040 case R_386_PC32:
30041 /* Add the value, subtract its position */
30042 - *location += sym->st_value - (uint32_t)location;
30043 + pax_open_kernel();
30044 + *plocation += sym->st_value - location;
30045 + pax_close_kernel();
30046 break;
30047 default:
30048 pr_err("%s: Unknown relocation: %u\n",
30049 @@ -171,21 +222,30 @@ int apply_relocate_add(Elf64_Shdr *sechdrs,
30050 case R_X86_64_NONE:
30051 break;
30052 case R_X86_64_64:
30053 + pax_open_kernel();
30054 *(u64 *)loc = val;
30055 + pax_close_kernel();
30056 break;
30057 case R_X86_64_32:
30058 + pax_open_kernel();
30059 *(u32 *)loc = val;
30060 + pax_close_kernel();
30061 if (val != *(u32 *)loc)
30062 goto overflow;
30063 break;
30064 case R_X86_64_32S:
30065 + pax_open_kernel();
30066 *(s32 *)loc = val;
30067 + pax_close_kernel();
30068 if ((s64)val != *(s32 *)loc)
30069 goto overflow;
30070 break;
30071 case R_X86_64_PC32:
30072 val -= (u64)loc;
30073 + pax_open_kernel();
30074 *(u32 *)loc = val;
30075 + pax_close_kernel();
30076 +
30077 #if 0
30078 if ((s64)val != *(s32 *)loc)
30079 goto overflow;
30080 diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
30081 index 7f3550a..e535783 100644
30082 --- a/arch/x86/kernel/msr.c
30083 +++ b/arch/x86/kernel/msr.c
30084 @@ -39,6 +39,7 @@
30085 #include <linux/notifier.h>
30086 #include <linux/uaccess.h>
30087 #include <linux/gfp.h>
30088 +#include <linux/grsecurity.h>
30089
30090 #include <asm/cpufeature.h>
30091 #include <asm/msr.h>
30092 @@ -83,6 +84,13 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
30093 int err = 0;
30094 ssize_t bytes = 0;
30095
30096 +#ifdef CONFIG_GRKERNSEC_KMEM
30097 + if (reg != MSR_IA32_ENERGY_PERF_BIAS) {
30098 + gr_handle_msr_write();
30099 + return -EPERM;
30100 + }
30101 +#endif
30102 +
30103 if (count % 8)
30104 return -EINVAL; /* Invalid chunk size */
30105
30106 @@ -130,6 +138,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
30107 err = -EBADF;
30108 break;
30109 }
30110 +#ifdef CONFIG_GRKERNSEC_KMEM
30111 + gr_handle_msr_write();
30112 + return -EPERM;
30113 +#endif
30114 if (copy_from_user(&regs, uregs, sizeof regs)) {
30115 err = -EFAULT;
30116 break;
30117 @@ -213,7 +225,7 @@ static int msr_class_cpu_callback(struct notifier_block *nfb,
30118 return notifier_from_errno(err);
30119 }
30120
30121 -static struct notifier_block __refdata msr_class_cpu_notifier = {
30122 +static struct notifier_block msr_class_cpu_notifier = {
30123 .notifier_call = msr_class_cpu_callback,
30124 };
30125
30126 diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c
30127 index bfe4d6c..1c3f03c 100644
30128 --- a/arch/x86/kernel/nmi.c
30129 +++ b/arch/x86/kernel/nmi.c
30130 @@ -101,16 +101,16 @@ fs_initcall(nmi_warning_debugfs);
30131
30132 static void nmi_max_handler(struct irq_work *w)
30133 {
30134 - struct nmiaction *a = container_of(w, struct nmiaction, irq_work);
30135 + struct nmiwork *n = container_of(w, struct nmiwork, irq_work);
30136 int remainder_ns, decimal_msecs;
30137 - u64 whole_msecs = ACCESS_ONCE(a->max_duration);
30138 + u64 whole_msecs = ACCESS_ONCE(n->max_duration);
30139
30140 remainder_ns = do_div(whole_msecs, (1000 * 1000));
30141 decimal_msecs = remainder_ns / 1000;
30142
30143 printk_ratelimited(KERN_INFO
30144 "INFO: NMI handler (%ps) took too long to run: %lld.%03d msecs\n",
30145 - a->handler, whole_msecs, decimal_msecs);
30146 + n->action->handler, whole_msecs, decimal_msecs);
30147 }
30148
30149 static int nmi_handle(unsigned int type, struct pt_regs *regs)
30150 @@ -137,11 +137,11 @@ static int nmi_handle(unsigned int type, struct pt_regs *regs)
30151 delta = sched_clock() - delta;
30152 trace_nmi_handler(a->handler, (int)delta, thishandled);
30153
30154 - if (delta < nmi_longest_ns || delta < a->max_duration)
30155 + if (delta < nmi_longest_ns || delta < a->work->max_duration)
30156 continue;
30157
30158 - a->max_duration = delta;
30159 - irq_work_queue(&a->irq_work);
30160 + a->work->max_duration = delta;
30161 + irq_work_queue(&a->work->irq_work);
30162 }
30163
30164 rcu_read_unlock();
30165 @@ -151,7 +151,7 @@ static int nmi_handle(unsigned int type, struct pt_regs *regs)
30166 }
30167 NOKPROBE_SYMBOL(nmi_handle);
30168
30169 -int __register_nmi_handler(unsigned int type, struct nmiaction *action)
30170 +int __register_nmi_handler(unsigned int type, const struct nmiaction *action)
30171 {
30172 struct nmi_desc *desc = nmi_to_desc(type);
30173 unsigned long flags;
30174 @@ -159,7 +159,8 @@ int __register_nmi_handler(unsigned int type, struct nmiaction *action)
30175 if (!action->handler)
30176 return -EINVAL;
30177
30178 - init_irq_work(&action->irq_work, nmi_max_handler);
30179 + action->work->action = action;
30180 + init_irq_work(&action->work->irq_work, nmi_max_handler);
30181
30182 spin_lock_irqsave(&desc->lock, flags);
30183
30184 @@ -177,9 +178,9 @@ int __register_nmi_handler(unsigned int type, struct nmiaction *action)
30185 * event confuses some handlers (kdump uses this flag)
30186 */
30187 if (action->flags & NMI_FLAG_FIRST)
30188 - list_add_rcu(&action->list, &desc->head);
30189 + pax_list_add_rcu((struct list_head *)&action->list, &desc->head);
30190 else
30191 - list_add_tail_rcu(&action->list, &desc->head);
30192 + pax_list_add_tail_rcu((struct list_head *)&action->list, &desc->head);
30193
30194 spin_unlock_irqrestore(&desc->lock, flags);
30195 return 0;
30196 @@ -202,7 +203,7 @@ void unregister_nmi_handler(unsigned int type, const char *name)
30197 if (!strcmp(n->name, name)) {
30198 WARN(in_nmi(),
30199 "Trying to free NMI (%s) from NMI context!\n", n->name);
30200 - list_del_rcu(&n->list);
30201 + pax_list_del_rcu((struct list_head *)&n->list);
30202 break;
30203 }
30204 }
30205 @@ -503,6 +504,17 @@ static DEFINE_PER_CPU(int, update_debug_stack);
30206 dotraplinkage notrace void
30207 do_nmi(struct pt_regs *regs, long error_code)
30208 {
30209 +
30210 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
30211 + if (!user_mode(regs)) {
30212 + unsigned long cs = regs->cs & 0xFFFF;
30213 + unsigned long ip = ktva_ktla(regs->ip);
30214 +
30215 + if ((cs == __KERNEL_CS || cs == __KERNEXEC_KERNEL_CS) && ip <= (unsigned long)_etext)
30216 + regs->ip = ip;
30217 + }
30218 +#endif
30219 +
30220 if (this_cpu_read(nmi_state) != NMI_NOT_RUNNING) {
30221 this_cpu_write(nmi_state, NMI_LATCHED);
30222 return;
30223 diff --git a/arch/x86/kernel/nmi_selftest.c b/arch/x86/kernel/nmi_selftest.c
30224 index 6d9582e..f746287 100644
30225 --- a/arch/x86/kernel/nmi_selftest.c
30226 +++ b/arch/x86/kernel/nmi_selftest.c
30227 @@ -43,7 +43,7 @@ static void __init init_nmi_testsuite(void)
30228 {
30229 /* trap all the unknown NMIs we may generate */
30230 register_nmi_handler(NMI_UNKNOWN, nmi_unk_cb, 0, "nmi_selftest_unk",
30231 - __initdata);
30232 + __initconst);
30233 }
30234
30235 static void __init cleanup_nmi_testsuite(void)
30236 @@ -66,7 +66,7 @@ static void __init test_nmi_ipi(struct cpumask *mask)
30237 unsigned long timeout;
30238
30239 if (register_nmi_handler(NMI_LOCAL, test_nmi_ipi_callback,
30240 - NMI_FLAG_FIRST, "nmi_selftest", __initdata)) {
30241 + NMI_FLAG_FIRST, "nmi_selftest", __initconst)) {
30242 nmi_fail = FAILURE;
30243 return;
30244 }
30245 diff --git a/arch/x86/kernel/paravirt-spinlocks.c b/arch/x86/kernel/paravirt-spinlocks.c
30246 index 1939a02..7e81a8f 100644
30247 --- a/arch/x86/kernel/paravirt-spinlocks.c
30248 +++ b/arch/x86/kernel/paravirt-spinlocks.c
30249 @@ -23,16 +23,32 @@ bool pv_is_native_spin_unlock(void)
30250 }
30251 #endif
30252
30253 -struct pv_lock_ops pv_lock_ops = {
30254 +#ifdef CONFIG_SMP
30255 +#ifdef CONFIG_QUEUED_SPINLOCKS
30256 +static void native_wait(u8 *ptr, u8 val)
30257 +{
30258 +}
30259 +
30260 +static void native_kick(int cpu)
30261 +{
30262 +}
30263 +#else /* !CONFIG_QUEUED_SPINLOCKS */
30264 +static void native_unlock_kick(struct arch_spinlock *lock, __ticket_t ticket)
30265 +{
30266 +}
30267 +#endif /* !CONFIG_QUEUED_SPINLOCKS */
30268 +#endif /* SMP */
30269 +
30270 +struct pv_lock_ops pv_lock_ops __read_only = {
30271 #ifdef CONFIG_SMP
30272 #ifdef CONFIG_QUEUED_SPINLOCKS
30273 .queued_spin_lock_slowpath = native_queued_spin_lock_slowpath,
30274 .queued_spin_unlock = PV_CALLEE_SAVE(__native_queued_spin_unlock),
30275 - .wait = paravirt_nop,
30276 - .kick = paravirt_nop,
30277 + .wait = native_wait,
30278 + .kick = native_kick,
30279 #else /* !CONFIG_QUEUED_SPINLOCKS */
30280 .lock_spinning = __PV_IS_CALLEE_SAVE(paravirt_nop),
30281 - .unlock_kick = paravirt_nop,
30282 + .unlock_kick = native_unlock_kick,
30283 #endif /* !CONFIG_QUEUED_SPINLOCKS */
30284 #endif /* SMP */
30285 };
30286 diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c
30287 index 1acfd76..8a3a86d 100644
30288 --- a/arch/x86/kernel/paravirt.c
30289 +++ b/arch/x86/kernel/paravirt.c
30290 @@ -65,6 +65,9 @@ u64 notrace _paravirt_ident_64(u64 x)
30291 {
30292 return x;
30293 }
30294 +#if defined(CONFIG_X86_32) && defined(CONFIG_X86_PAE)
30295 +PV_CALLEE_SAVE_REGS_THUNK(_paravirt_ident_64);
30296 +#endif
30297
30298 void __init default_banner(void)
30299 {
30300 @@ -140,15 +143,19 @@ unsigned paravirt_patch_default(u8 type, u16 clobbers, void *insnbuf,
30301
30302 if (opfunc == NULL)
30303 /* If there's no function, patch it with a ud2a (BUG) */
30304 - ret = paravirt_patch_insns(insnbuf, len, ud2a, ud2a+sizeof(ud2a));
30305 - else if (opfunc == _paravirt_nop)
30306 + ret = paravirt_patch_insns(insnbuf, len, (const char *)ktva_ktla((unsigned long)ud2a), ud2a+sizeof(ud2a));
30307 + else if (opfunc == (void *)_paravirt_nop)
30308 ret = 0;
30309
30310 /* identity functions just return their single argument */
30311 - else if (opfunc == _paravirt_ident_32)
30312 + else if (opfunc == (void *)_paravirt_ident_32)
30313 ret = paravirt_patch_ident_32(insnbuf, len);
30314 - else if (opfunc == _paravirt_ident_64)
30315 + else if (opfunc == (void *)_paravirt_ident_64)
30316 ret = paravirt_patch_ident_64(insnbuf, len);
30317 +#if defined(CONFIG_X86_32) && defined(CONFIG_X86_PAE)
30318 + else if (opfunc == (void *)__raw_callee_save__paravirt_ident_64)
30319 + ret = paravirt_patch_ident_64(insnbuf, len);
30320 +#endif
30321
30322 else if (type == PARAVIRT_PATCH(pv_cpu_ops.iret) ||
30323 type == PARAVIRT_PATCH(pv_cpu_ops.usergs_sysret64))
30324 @@ -171,7 +178,7 @@ unsigned paravirt_patch_insns(void *insnbuf, unsigned len,
30325 if (insn_len > len || start == NULL)
30326 insn_len = len;
30327 else
30328 - memcpy(insnbuf, start, insn_len);
30329 + memcpy(insnbuf, (const char *)ktla_ktva((unsigned long)start), insn_len);
30330
30331 return insn_len;
30332 }
30333 @@ -293,7 +300,7 @@ enum paravirt_lazy_mode paravirt_get_lazy_mode(void)
30334 return this_cpu_read(paravirt_lazy_mode);
30335 }
30336
30337 -struct pv_info pv_info = {
30338 +struct pv_info pv_info __read_only = {
30339 .name = "bare hardware",
30340 .kernel_rpl = 0,
30341 .shared_kernel_pmd = 1, /* Only used when CONFIG_X86_PAE is set */
30342 @@ -303,16 +310,16 @@ struct pv_info pv_info = {
30343 #endif
30344 };
30345
30346 -struct pv_init_ops pv_init_ops = {
30347 +struct pv_init_ops pv_init_ops __read_only = {
30348 .patch = native_patch,
30349 };
30350
30351 -struct pv_time_ops pv_time_ops = {
30352 +struct pv_time_ops pv_time_ops __read_only = {
30353 .sched_clock = native_sched_clock,
30354 .steal_clock = native_steal_clock,
30355 };
30356
30357 -__visible struct pv_irq_ops pv_irq_ops = {
30358 +__visible struct pv_irq_ops pv_irq_ops __read_only = {
30359 .save_fl = __PV_IS_CALLEE_SAVE(native_save_fl),
30360 .restore_fl = __PV_IS_CALLEE_SAVE(native_restore_fl),
30361 .irq_disable = __PV_IS_CALLEE_SAVE(native_irq_disable),
30362 @@ -324,7 +331,23 @@ __visible struct pv_irq_ops pv_irq_ops = {
30363 #endif
30364 };
30365
30366 -__visible struct pv_cpu_ops pv_cpu_ops = {
30367 +static void native_alloc_ldt(struct desc_struct *ldt, unsigned entries)
30368 +{
30369 +}
30370 +
30371 +static void native_free_ldt(struct desc_struct *ldt, unsigned entries)
30372 +{
30373 +}
30374 +
30375 +static void native_start_context_switch(struct task_struct *prev)
30376 +{
30377 +}
30378 +
30379 +static void native_end_context_switch(struct task_struct *next)
30380 +{
30381 +}
30382 +
30383 +__visible struct pv_cpu_ops pv_cpu_ops __read_only = {
30384 .cpuid = native_cpuid,
30385 .get_debugreg = native_get_debugreg,
30386 .set_debugreg = native_set_debugreg,
30387 @@ -358,8 +381,8 @@ __visible struct pv_cpu_ops pv_cpu_ops = {
30388 .write_gdt_entry = native_write_gdt_entry,
30389 .write_idt_entry = native_write_idt_entry,
30390
30391 - .alloc_ldt = paravirt_nop,
30392 - .free_ldt = paravirt_nop,
30393 + .alloc_ldt = native_alloc_ldt,
30394 + .free_ldt = native_free_ldt,
30395
30396 .load_sp0 = native_load_sp0,
30397
30398 @@ -372,8 +395,8 @@ __visible struct pv_cpu_ops pv_cpu_ops = {
30399 .set_iopl_mask = native_set_iopl_mask,
30400 .io_delay = native_io_delay,
30401
30402 - .start_context_switch = paravirt_nop,
30403 - .end_context_switch = paravirt_nop,
30404 + .start_context_switch = native_start_context_switch,
30405 + .end_context_switch = native_end_context_switch,
30406 };
30407
30408 /* At this point, native_get/set_debugreg has real function entries */
30409 @@ -381,15 +404,64 @@ NOKPROBE_SYMBOL(native_get_debugreg);
30410 NOKPROBE_SYMBOL(native_set_debugreg);
30411 NOKPROBE_SYMBOL(native_load_idt);
30412
30413 -#if defined(CONFIG_X86_32) && !defined(CONFIG_X86_PAE)
30414 +#ifdef CONFIG_X86_32
30415 +#ifdef CONFIG_X86_PAE
30416 +/* 64-bit pagetable entries */
30417 +#define PTE_IDENT PV_CALLEE_SAVE(_paravirt_ident_64)
30418 +#else
30419 /* 32-bit pagetable entries */
30420 #define PTE_IDENT __PV_IS_CALLEE_SAVE(_paravirt_ident_32)
30421 +#endif
30422 #else
30423 /* 64-bit pagetable entries */
30424 #define PTE_IDENT __PV_IS_CALLEE_SAVE(_paravirt_ident_64)
30425 #endif
30426
30427 -struct pv_mmu_ops pv_mmu_ops = {
30428 +static void native_pgd_free(struct mm_struct *mm, pgd_t *pgd)
30429 +{
30430 +}
30431 +
30432 +static void native_alloc_pte(struct mm_struct *mm, unsigned long pfn)
30433 +{
30434 +}
30435 +
30436 +static void native_alloc_pmd(struct mm_struct *mm, unsigned long pfn)
30437 +{
30438 +}
30439 +
30440 +static void native_alloc_pud(struct mm_struct *mm, unsigned long pfn)
30441 +{
30442 +}
30443 +
30444 +static void native_release_pte(unsigned long pfn)
30445 +{
30446 +}
30447 +
30448 +static void native_release_pmd(unsigned long pfn)
30449 +{
30450 +}
30451 +
30452 +static void native_release_pud(unsigned long pfn)
30453 +{
30454 +}
30455 +
30456 +static void native_pte_update(struct mm_struct *mm, unsigned long addr, pte_t *ptep)
30457 +{
30458 +}
30459 +
30460 +static void native_dup_mmap(struct mm_struct *oldmm, struct mm_struct *mm)
30461 +{
30462 +}
30463 +
30464 +static void native_exit_mmap(struct mm_struct *mm)
30465 +{
30466 +}
30467 +
30468 +static void native_activate_mm(struct mm_struct *prev, struct mm_struct *next)
30469 +{
30470 +}
30471 +
30472 +struct pv_mmu_ops pv_mmu_ops __read_only = {
30473
30474 .read_cr2 = native_read_cr2,
30475 .write_cr2 = native_write_cr2,
30476 @@ -402,20 +474,20 @@ struct pv_mmu_ops pv_mmu_ops = {
30477 .flush_tlb_others = native_flush_tlb_others,
30478
30479 .pgd_alloc = __paravirt_pgd_alloc,
30480 - .pgd_free = paravirt_nop,
30481 + .pgd_free = native_pgd_free,
30482
30483 - .alloc_pte = paravirt_nop,
30484 - .alloc_pmd = paravirt_nop,
30485 - .alloc_pud = paravirt_nop,
30486 - .release_pte = paravirt_nop,
30487 - .release_pmd = paravirt_nop,
30488 - .release_pud = paravirt_nop,
30489 + .alloc_pte = native_alloc_pte,
30490 + .alloc_pmd = native_alloc_pmd,
30491 + .alloc_pud = native_alloc_pud,
30492 + .release_pte = native_release_pte,
30493 + .release_pmd = native_release_pmd,
30494 + .release_pud = native_release_pud,
30495
30496 .set_pte = native_set_pte,
30497 .set_pte_at = native_set_pte_at,
30498 .set_pmd = native_set_pmd,
30499 .set_pmd_at = native_set_pmd_at,
30500 - .pte_update = paravirt_nop,
30501 + .pte_update = native_pte_update,
30502
30503 .ptep_modify_prot_start = __ptep_modify_prot_start,
30504 .ptep_modify_prot_commit = __ptep_modify_prot_commit,
30505 @@ -436,6 +508,7 @@ struct pv_mmu_ops pv_mmu_ops = {
30506 .make_pud = PTE_IDENT,
30507
30508 .set_pgd = native_set_pgd,
30509 + .set_pgd_batched = native_set_pgd_batched,
30510 #endif
30511 #endif /* CONFIG_PGTABLE_LEVELS >= 3 */
30512
30513 @@ -445,9 +518,9 @@ struct pv_mmu_ops pv_mmu_ops = {
30514 .make_pte = PTE_IDENT,
30515 .make_pgd = PTE_IDENT,
30516
30517 - .dup_mmap = paravirt_nop,
30518 - .exit_mmap = paravirt_nop,
30519 - .activate_mm = paravirt_nop,
30520 + .dup_mmap = native_dup_mmap,
30521 + .exit_mmap = native_exit_mmap,
30522 + .activate_mm = native_activate_mm,
30523
30524 .lazy_mode = {
30525 .enter = paravirt_nop,
30526 @@ -456,6 +529,12 @@ struct pv_mmu_ops pv_mmu_ops = {
30527 },
30528
30529 .set_fixmap = native_set_fixmap,
30530 +
30531 +#ifdef CONFIG_PAX_KERNEXEC
30532 + .pax_open_kernel = native_pax_open_kernel,
30533 + .pax_close_kernel = native_pax_close_kernel,
30534 +#endif
30535 +
30536 };
30537
30538 EXPORT_SYMBOL_GPL(pv_time_ops);
30539 diff --git a/arch/x86/kernel/paravirt_patch_64.c b/arch/x86/kernel/paravirt_patch_64.c
30540 index e70087a..b083377 100644
30541 --- a/arch/x86/kernel/paravirt_patch_64.c
30542 +++ b/arch/x86/kernel/paravirt_patch_64.c
30543 @@ -9,7 +9,11 @@ DEF_NATIVE(pv_irq_ops, save_fl, "pushfq; popq %rax");
30544 DEF_NATIVE(pv_mmu_ops, read_cr2, "movq %cr2, %rax");
30545 DEF_NATIVE(pv_mmu_ops, read_cr3, "movq %cr3, %rax");
30546 DEF_NATIVE(pv_mmu_ops, write_cr3, "movq %rdi, %cr3");
30547 +
30548 +#ifndef CONFIG_PAX_MEMORY_UDEREF
30549 DEF_NATIVE(pv_mmu_ops, flush_tlb_single, "invlpg (%rdi)");
30550 +#endif
30551 +
30552 DEF_NATIVE(pv_cpu_ops, clts, "clts");
30553 DEF_NATIVE(pv_cpu_ops, wbinvd, "wbinvd");
30554
30555 @@ -59,7 +63,11 @@ unsigned native_patch(u8 type, u16 clobbers, void *ibuf,
30556 PATCH_SITE(pv_mmu_ops, read_cr3);
30557 PATCH_SITE(pv_mmu_ops, write_cr3);
30558 PATCH_SITE(pv_cpu_ops, clts);
30559 +
30560 +#ifndef CONFIG_PAX_MEMORY_UDEREF
30561 PATCH_SITE(pv_mmu_ops, flush_tlb_single);
30562 +#endif
30563 +
30564 PATCH_SITE(pv_cpu_ops, wbinvd);
30565 #if defined(CONFIG_PARAVIRT_SPINLOCKS) && defined(CONFIG_QUEUED_SPINLOCKS)
30566 case PARAVIRT_PATCH(pv_lock_ops.queued_spin_unlock):
30567 diff --git a/arch/x86/kernel/pci-calgary_64.c b/arch/x86/kernel/pci-calgary_64.c
30568 index 5d400ba..eaad6f6 100644
30569 --- a/arch/x86/kernel/pci-calgary_64.c
30570 +++ b/arch/x86/kernel/pci-calgary_64.c
30571 @@ -1347,7 +1347,7 @@ static void __init get_tce_space_from_tar(void)
30572 tce_space = be64_to_cpu(readq(target));
30573 tce_space = tce_space & TAR_SW_BITS;
30574
30575 - tce_space = tce_space & (~specified_table_size);
30576 + tce_space = tce_space & (~(unsigned long)specified_table_size);
30577 info->tce_space = (u64 *)__va(tce_space);
30578 }
30579 }
30580 diff --git a/arch/x86/kernel/pci-iommu_table.c b/arch/x86/kernel/pci-iommu_table.c
30581 index f712dfd..0172a75 100644
30582 --- a/arch/x86/kernel/pci-iommu_table.c
30583 +++ b/arch/x86/kernel/pci-iommu_table.c
30584 @@ -2,7 +2,7 @@
30585 #include <asm/iommu_table.h>
30586 #include <linux/string.h>
30587 #include <linux/kallsyms.h>
30588 -
30589 +#include <linux/sched.h>
30590
30591 #define DEBUG 1
30592
30593 diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
30594 index 62c0b0e..43bd8da 100644
30595 --- a/arch/x86/kernel/process.c
30596 +++ b/arch/x86/kernel/process.c
30597 @@ -16,6 +16,7 @@
30598 #include <linux/dmi.h>
30599 #include <linux/utsname.h>
30600 #include <linux/stackprotector.h>
30601 +#include <linux/kthread.h>
30602 #include <linux/tick.h>
30603 #include <linux/cpuidle.h>
30604 #include <trace/events/power.h>
30605 @@ -40,7 +41,8 @@
30606 * section. Since TSS's are completely CPU-local, we want them
30607 * on exact cacheline boundaries, to eliminate cacheline ping-pong.
30608 */
30609 -__visible DEFINE_PER_CPU_SHARED_ALIGNED(struct tss_struct, cpu_tss) = {
30610 +struct tss_struct cpu_tss[NR_CPUS] __visible ____cacheline_internodealigned_in_smp = {
30611 + [0 ... NR_CPUS-1] = {
30612 .x86_tss = {
30613 .sp0 = TOP_OF_INIT_STACK,
30614 #ifdef CONFIG_X86_32
30615 @@ -61,6 +63,7 @@ __visible DEFINE_PER_CPU_SHARED_ALIGNED(struct tss_struct, cpu_tss) = {
30616 #ifdef CONFIG_X86_32
30617 .SYSENTER_stack_canary = STACK_END_MAGIC,
30618 #endif
30619 +}
30620 };
30621 EXPORT_PER_CPU_SYMBOL(cpu_tss);
30622
30623 @@ -81,13 +84,26 @@ void idle_notifier_unregister(struct notifier_block *n)
30624 EXPORT_SYMBOL_GPL(idle_notifier_unregister);
30625 #endif
30626
30627 +struct kmem_cache *fpregs_state_cachep;
30628 +EXPORT_SYMBOL(fpregs_state_cachep);
30629 +
30630 +void __init arch_task_cache_init(void)
30631 +{
30632 + /* create a slab on which task_structs can be allocated */
30633 + fpregs_state_cachep =
30634 + kmem_cache_create_usercopy("fpregs_state", fpu_kernel_xstate_size,
30635 + ARCH_MIN_TASKALIGN, SLAB_PANIC | SLAB_NOTRACK, 0, fpu_kernel_xstate_size, NULL);
30636 +}
30637 +
30638 /*
30639 * this gets called so that we can store lazy state into memory and copy the
30640 * current task into the new thread.
30641 */
30642 int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src)
30643 {
30644 - memcpy(dst, src, arch_task_struct_size);
30645 + *dst = *src;
30646 + dst->thread.fpu.state = kmem_cache_alloc_node(fpregs_state_cachep, GFP_KERNEL, tsk_fork_get_node(src));
30647 + memcpy(dst->thread.fpu.state, src->thread.fpu.state, fpu_kernel_xstate_size);
30648 #ifdef CONFIG_VM86
30649 dst->thread.vm86 = NULL;
30650 #endif
30651 @@ -95,6 +111,12 @@ int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src)
30652 return fpu__copy(&dst->thread.fpu, &src->thread.fpu);
30653 }
30654
30655 +void arch_release_task_struct(struct task_struct *tsk)
30656 +{
30657 + kmem_cache_free(fpregs_state_cachep, tsk->thread.fpu.state);
30658 + tsk->thread.fpu.state = NULL;
30659 +}
30660 +
30661 /*
30662 * Free current thread data structures etc..
30663 */
30664 @@ -105,7 +127,7 @@ void exit_thread(struct task_struct *tsk)
30665 struct fpu *fpu = &t->fpu;
30666
30667 if (bp) {
30668 - struct tss_struct *tss = &per_cpu(cpu_tss, get_cpu());
30669 + struct tss_struct *tss = cpu_tss + get_cpu();
30670
30671 t->io_bitmap_ptr = NULL;
30672 clear_thread_flag(TIF_IO_BITMAP);
30673 @@ -127,6 +149,9 @@ void flush_thread(void)
30674 {
30675 struct task_struct *tsk = current;
30676
30677 +#if defined(CONFIG_X86_32) && !defined(CONFIG_CC_STACKPROTECTOR) && !defined(CONFIG_PAX_MEMORY_UDEREF)
30678 + loadsegment(gs, 0);
30679 +#endif
30680 flush_ptrace_hw_breakpoint(tsk);
30681 memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array));
30682
30683 @@ -268,7 +293,7 @@ static void __exit_idle(void)
30684 void exit_idle(void)
30685 {
30686 /* idle loop has pid 0 */
30687 - if (current->pid)
30688 + if (task_pid_nr(current))
30689 return;
30690 __exit_idle();
30691 }
30692 @@ -321,7 +346,7 @@ bool xen_set_default_idle(void)
30693 return ret;
30694 }
30695 #endif
30696 -void stop_this_cpu(void *dummy)
30697 +__noreturn void stop_this_cpu(void *dummy)
30698 {
30699 local_irq_disable();
30700 /*
30701 @@ -499,13 +524,6 @@ static int __init idle_setup(char *str)
30702 }
30703 early_param("idle", idle_setup);
30704
30705 -unsigned long arch_align_stack(unsigned long sp)
30706 -{
30707 - if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
30708 - sp -= get_random_int() % 8192;
30709 - return sp & ~0xf;
30710 -}
30711 -
30712 unsigned long arch_randomize_brk(struct mm_struct *mm)
30713 {
30714 unsigned long range_end = mm->brk + 0x02000000;
30715 @@ -537,9 +555,7 @@ unsigned long get_wchan(struct task_struct *p)
30716 * PADDING
30717 * ----------- top = topmax - TOP_OF_KERNEL_STACK_PADDING
30718 * stack
30719 - * ----------- bottom = start + sizeof(thread_info)
30720 - * thread_info
30721 - * ----------- start
30722 + * ----------- bottom = start
30723 *
30724 * The tasks stack pointer points at the location where the
30725 * framepointer is stored. The data on the stack is:
30726 @@ -550,7 +566,7 @@ unsigned long get_wchan(struct task_struct *p)
30727 */
30728 top = start + THREAD_SIZE - TOP_OF_KERNEL_STACK_PADDING;
30729 top -= 2 * sizeof(unsigned long);
30730 - bottom = start + sizeof(struct thread_info);
30731 + bottom = start;
30732
30733 sp = READ_ONCE(p->thread.sp);
30734 if (sp < bottom || sp > top)
30735 @@ -567,3 +583,35 @@ unsigned long get_wchan(struct task_struct *p)
30736 } while (count++ < 16 && p->state != TASK_RUNNING);
30737 return 0;
30738 }
30739 +
30740 +#ifdef CONFIG_PAX_RANDKSTACK
30741 +void pax_randomize_kstack(struct pt_regs *regs)
30742 +{
30743 + struct thread_struct *thread = &current->thread;
30744 + unsigned long time;
30745 +
30746 + if (!randomize_va_space)
30747 + return;
30748 +
30749 + if (v8086_mode(regs))
30750 + return;
30751 +
30752 + time = rdtsc();
30753 +
30754 + /* P4 seems to return a 0 LSB, ignore it */
30755 +#ifdef CONFIG_MPENTIUM4
30756 + time &= 0x3EUL;
30757 + time <<= 2;
30758 +#elif defined(CONFIG_X86_64)
30759 + time &= 0xFUL;
30760 + time <<= 4;
30761 +#else
30762 + time &= 0x1FUL;
30763 + time <<= 3;
30764 +#endif
30765 +
30766 + thread->sp0 ^= time;
30767 + load_sp0(cpu_tss + smp_processor_id(), thread);
30768 + this_cpu_write(cpu_current_top_of_stack, thread->sp0);
30769 +}
30770 +#endif
30771 diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
30772 index d86be29..eb6012e 100644
30773 --- a/arch/x86/kernel/process_32.c
30774 +++ b/arch/x86/kernel/process_32.c
30775 @@ -64,6 +64,7 @@ asmlinkage void ret_from_kernel_thread(void) __asm__("ret_from_kernel_thread");
30776 unsigned long thread_saved_pc(struct task_struct *tsk)
30777 {
30778 return ((unsigned long *)tsk->thread.sp)[3];
30779 +//XXX return tsk->thread.eip;
30780 }
30781
30782 void __show_regs(struct pt_regs *regs, int all)
30783 @@ -76,16 +77,15 @@ void __show_regs(struct pt_regs *regs, int all)
30784 if (user_mode(regs)) {
30785 sp = regs->sp;
30786 ss = regs->ss & 0xffff;
30787 - gs = get_user_gs(regs);
30788 } else {
30789 sp = kernel_stack_pointer(regs);
30790 savesegment(ss, ss);
30791 - savesegment(gs, gs);
30792 }
30793 + gs = get_user_gs(regs);
30794
30795 printk(KERN_DEFAULT "EIP: %04x:[<%08lx>] EFLAGS: %08lx CPU: %d\n",
30796 (u16)regs->cs, regs->ip, regs->flags,
30797 - smp_processor_id());
30798 + raw_smp_processor_id());
30799 print_symbol("EIP is at %s\n", regs->ip);
30800
30801 printk(KERN_DEFAULT "EAX: %08lx EBX: %08lx ECX: %08lx EDX: %08lx\n",
30802 @@ -132,21 +132,22 @@ void release_thread(struct task_struct *dead_task)
30803 int copy_thread_tls(unsigned long clone_flags, unsigned long sp,
30804 unsigned long arg, struct task_struct *p, unsigned long tls)
30805 {
30806 - struct pt_regs *childregs = task_pt_regs(p);
30807 + struct pt_regs *childregs = task_stack_page(p) + THREAD_SIZE - sizeof(struct pt_regs) - 8;
30808 struct task_struct *tsk;
30809 int err;
30810
30811 p->thread.sp = (unsigned long) childregs;
30812 p->thread.sp0 = (unsigned long) (childregs+1);
30813 + p->tinfo.lowest_stack = (unsigned long)task_stack_page(p) + 2 * sizeof(unsigned long);
30814 memset(p->thread.ptrace_bps, 0, sizeof(p->thread.ptrace_bps));
30815
30816 if (unlikely(p->flags & PF_KTHREAD)) {
30817 /* kernel thread */
30818 memset(childregs, 0, sizeof(struct pt_regs));
30819 p->thread.ip = (unsigned long) ret_from_kernel_thread;
30820 - task_user_gs(p) = __KERNEL_STACK_CANARY;
30821 - childregs->ds = __USER_DS;
30822 - childregs->es = __USER_DS;
30823 + savesegment(gs, childregs->gs);
30824 + childregs->ds = __KERNEL_DS;
30825 + childregs->es = __KERNEL_DS;
30826 childregs->fs = __KERNEL_PERCPU;
30827 childregs->bx = sp; /* function */
30828 childregs->bp = arg;
30829 @@ -246,7 +247,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
30830 struct fpu *prev_fpu = &prev->fpu;
30831 struct fpu *next_fpu = &next->fpu;
30832 int cpu = smp_processor_id();
30833 - struct tss_struct *tss = &per_cpu(cpu_tss, cpu);
30834 + struct tss_struct *tss = cpu_tss + cpu;
30835 fpu_switch_t fpu_switch;
30836
30837 /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */
30838 @@ -265,6 +266,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
30839 */
30840 lazy_save_gs(prev->gs);
30841
30842 +#ifdef CONFIG_PAX_MEMORY_UDEREF
30843 + __set_fs(task_thread_info(next_p)->addr_limit);
30844 +#endif
30845 +
30846 /*
30847 * Load the per-thread Thread-Local Storage descriptor.
30848 */
30849 @@ -300,9 +305,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
30850 * current_thread_info().
30851 */
30852 load_sp0(tss, next);
30853 - this_cpu_write(cpu_current_top_of_stack,
30854 - (unsigned long)task_stack_page(next_p) +
30855 - THREAD_SIZE);
30856 + this_cpu_write(current_task, next_p);
30857 + this_cpu_write(current_tinfo, &next_p->tinfo);
30858 + this_cpu_write(cpu_current_top_of_stack, next->sp0);
30859
30860 /*
30861 * Restore %gs if needed (which is common)
30862 @@ -312,7 +317,5 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
30863
30864 switch_fpu_finish(next_fpu, fpu_switch);
30865
30866 - this_cpu_write(current_task, next_p);
30867 -
30868 return prev_p;
30869 }
30870 diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
30871 index a21068e..3f3a2eb 100644
30872 --- a/arch/x86/kernel/process_64.c
30873 +++ b/arch/x86/kernel/process_64.c
30874 @@ -144,9 +144,10 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp,
30875 struct pt_regs *childregs;
30876 struct task_struct *me = current;
30877
30878 - p->thread.sp0 = (unsigned long)task_stack_page(p) + THREAD_SIZE;
30879 + p->thread.sp0 = (unsigned long)task_stack_page(p) + THREAD_SIZE - 16;
30880 childregs = task_pt_regs(p);
30881 p->thread.sp = (unsigned long) childregs;
30882 + p->tinfo.lowest_stack = (unsigned long)task_stack_page(p) + 2 * sizeof(unsigned long);
30883 set_tsk_thread_flag(p, TIF_FORK);
30884 p->thread.io_bitmap_ptr = NULL;
30885
30886 @@ -156,6 +157,8 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp,
30887 p->thread.fsbase = p->thread.fsindex ? 0 : me->thread.fsbase;
30888 savesegment(es, p->thread.es);
30889 savesegment(ds, p->thread.ds);
30890 + savesegment(ss, p->thread.ss);
30891 + BUG_ON(p->thread.ss == __UDEREF_KERNEL_DS);
30892 memset(p->thread.ptrace_bps, 0, sizeof(p->thread.ptrace_bps));
30893
30894 if (unlikely(p->flags & PF_KTHREAD)) {
30895 @@ -263,7 +266,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
30896 struct fpu *prev_fpu = &prev->fpu;
30897 struct fpu *next_fpu = &next->fpu;
30898 int cpu = smp_processor_id();
30899 - struct tss_struct *tss = &per_cpu(cpu_tss, cpu);
30900 + struct tss_struct *tss = cpu_tss + cpu;
30901 unsigned prev_fsindex, prev_gsindex;
30902 fpu_switch_t fpu_switch;
30903
30904 @@ -314,6 +317,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
30905 if (unlikely(next->ds | prev->ds))
30906 loadsegment(ds, next->ds);
30907
30908 + savesegment(ss, prev->ss);
30909 + if (unlikely(next->ss != prev->ss))
30910 + loadsegment(ss, next->ss);
30911 +
30912 /*
30913 * Switch FS and GS.
30914 *
30915 @@ -423,10 +430,13 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
30916 * Switch the PDA and FPU contexts.
30917 */
30918 this_cpu_write(current_task, next_p);
30919 + this_cpu_write(current_tinfo, &next_p->tinfo);
30920
30921 /* Reload esp0 and ss1. This changes current_thread_info(). */
30922 load_sp0(tss, next);
30923
30924 + this_cpu_write(cpu_current_top_of_stack, next->sp0);
30925 +
30926 /*
30927 * Now maybe reload the debug registers and handle I/O bitmaps
30928 */
30929 diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
30930 index a1606ea..3e7a408 100644
30931 --- a/arch/x86/kernel/ptrace.c
30932 +++ b/arch/x86/kernel/ptrace.c
30933 @@ -169,7 +169,7 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs)
30934 unsigned long sp = (unsigned long)&regs->sp;
30935 u32 *prev_esp;
30936
30937 - if (context == (sp & ~(THREAD_SIZE - 1)))
30938 + if (context == ((sp + 8) & ~(THREAD_SIZE - 1)))
30939 return sp;
30940
30941 prev_esp = (u32 *)(context);
30942 @@ -411,6 +411,20 @@ static int putreg(struct task_struct *child,
30943 if (child->thread.gsbase != value)
30944 return do_arch_prctl(child, ARCH_SET_GS, value);
30945 return 0;
30946 +
30947 + case offsetof(struct user_regs_struct,ip):
30948 + /*
30949 + * Protect against any attempt to set ip to an
30950 + * impossible address. There are dragons lurking if the
30951 + * address is noncanonical. (This explicitly allows
30952 + * setting ip to TASK_SIZE_MAX, because user code can do
30953 + * that all by itself by running off the end of its
30954 + * address space.
30955 + */
30956 + if (value > TASK_SIZE_MAX)
30957 + return -EIO;
30958 + break;
30959 +
30960 #endif
30961 }
30962
30963 @@ -533,7 +547,7 @@ static void ptrace_triggered(struct perf_event *bp,
30964 static unsigned long ptrace_get_dr7(struct perf_event *bp[])
30965 {
30966 int i;
30967 - int dr7 = 0;
30968 + unsigned long dr7 = 0;
30969 struct arch_hw_breakpoint *info;
30970
30971 for (i = 0; i < HBP_NUM; i++) {
30972 @@ -767,7 +781,7 @@ long arch_ptrace(struct task_struct *child, long request,
30973 unsigned long addr, unsigned long data)
30974 {
30975 int ret;
30976 - unsigned long __user *datap = (unsigned long __user *)data;
30977 + unsigned long __user *datap = (__force unsigned long __user *)data;
30978
30979 switch (request) {
30980 /* read the word at location addr in the USER area. */
30981 @@ -852,14 +866,14 @@ long arch_ptrace(struct task_struct *child, long request,
30982 if ((int) addr < 0)
30983 return -EIO;
30984 ret = do_get_thread_area(child, addr,
30985 - (struct user_desc __user *)data);
30986 + (__force struct user_desc __user *) data);
30987 break;
30988
30989 case PTRACE_SET_THREAD_AREA:
30990 if ((int) addr < 0)
30991 return -EIO;
30992 ret = do_set_thread_area(child, addr,
30993 - (struct user_desc __user *)data, 0);
30994 + (__force struct user_desc __user *) data, 0);
30995 break;
30996 #endif
30997
30998 @@ -1250,7 +1264,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
30999
31000 #ifdef CONFIG_X86_64
31001
31002 -static struct user_regset x86_64_regsets[] __read_mostly = {
31003 +static user_regset_no_const x86_64_regsets[] __read_only = {
31004 [REGSET_GENERAL] = {
31005 .core_note_type = NT_PRSTATUS,
31006 .n = sizeof(struct user_regs_struct) / sizeof(long),
31007 @@ -1291,7 +1305,7 @@ static const struct user_regset_view user_x86_64_view = {
31008 #endif /* CONFIG_X86_64 */
31009
31010 #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION
31011 -static struct user_regset x86_32_regsets[] __read_mostly = {
31012 +static user_regset_no_const x86_32_regsets[] __read_only = {
31013 [REGSET_GENERAL] = {
31014 .core_note_type = NT_PRSTATUS,
31015 .n = sizeof(struct user_regs_struct32) / sizeof(u32),
31016 @@ -1344,7 +1358,7 @@ static const struct user_regset_view user_x86_32_view = {
31017 */
31018 u64 xstate_fx_sw_bytes[USER_XSTATE_FX_SW_WORDS];
31019
31020 -void update_regset_xstate_info(unsigned int size, u64 xstate_mask)
31021 +void __init update_regset_xstate_info(unsigned int size, u64 xstate_mask)
31022 {
31023 #ifdef CONFIG_X86_64
31024 x86_64_regsets[REGSET_XSTATE].n = size / sizeof(u64);
31025 @@ -1379,7 +1393,7 @@ static void fill_sigtrap_info(struct task_struct *tsk,
31026 memset(info, 0, sizeof(*info));
31027 info->si_signo = SIGTRAP;
31028 info->si_code = si_code;
31029 - info->si_addr = user_mode(regs) ? (void __user *)regs->ip : NULL;
31030 + info->si_addr = user_mode(regs) ? (__force void __user *)regs->ip : NULL;
31031 }
31032
31033 void user_single_step_siginfo(struct task_struct *tsk,
31034 diff --git a/arch/x86/kernel/pvclock.c b/arch/x86/kernel/pvclock.c
31035 index 3599404..ebc784f 100644
31036 --- a/arch/x86/kernel/pvclock.c
31037 +++ b/arch/x86/kernel/pvclock.c
31038 @@ -51,11 +51,11 @@ void pvclock_touch_watchdogs(void)
31039 reset_hung_task_detector();
31040 }
31041
31042 -static atomic64_t last_value = ATOMIC64_INIT(0);
31043 +static atomic64_unchecked_t last_value = ATOMIC64_INIT(0);
31044
31045 void pvclock_resume(void)
31046 {
31047 - atomic64_set(&last_value, 0);
31048 + atomic64_set_unchecked(&last_value, 0);
31049 }
31050
31051 u8 pvclock_read_flags(struct pvclock_vcpu_time_info *src)
31052 @@ -107,11 +107,11 @@ cycle_t pvclock_clocksource_read(struct pvclock_vcpu_time_info *src)
31053 * updating at the same time, and one of them could be slightly behind,
31054 * making the assumption that last_value always go forward fail to hold.
31055 */
31056 - last = atomic64_read(&last_value);
31057 + last = atomic64_read_unchecked(&last_value);
31058 do {
31059 if (ret < last)
31060 return last;
31061 - last = atomic64_cmpxchg(&last_value, last, ret);
31062 + last = atomic64_cmpxchg_unchecked(&last_value, last, ret);
31063 } while (unlikely(last != ret));
31064
31065 return ret;
31066 diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
31067 index 63bf27d..a75d12b 100644
31068 --- a/arch/x86/kernel/reboot.c
31069 +++ b/arch/x86/kernel/reboot.c
31070 @@ -83,6 +83,11 @@ static int __init set_bios_reboot(const struct dmi_system_id *d)
31071
31072 void __noreturn machine_real_restart(unsigned int type)
31073 {
31074 +
31075 +#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF))
31076 + struct desc_struct *gdt;
31077 +#endif
31078 +
31079 local_irq_disable();
31080
31081 /*
31082 @@ -110,7 +115,29 @@ void __noreturn machine_real_restart(unsigned int type)
31083
31084 /* Jump to the identity-mapped low memory code */
31085 #ifdef CONFIG_X86_32
31086 - asm volatile("jmpl *%0" : :
31087 +
31088 +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
31089 + gdt = get_cpu_gdt_table(smp_processor_id());
31090 + pax_open_kernel();
31091 +#ifdef CONFIG_PAX_MEMORY_UDEREF
31092 + gdt[GDT_ENTRY_KERNEL_DS].type = 3;
31093 + gdt[GDT_ENTRY_KERNEL_DS].limit = 0xf;
31094 + loadsegment(ds, __KERNEL_DS);
31095 + loadsegment(es, __KERNEL_DS);
31096 + loadsegment(ss, __KERNEL_DS);
31097 +#endif
31098 +#ifdef CONFIG_PAX_KERNEXEC
31099 + gdt[GDT_ENTRY_KERNEL_CS].base0 = 0;
31100 + gdt[GDT_ENTRY_KERNEL_CS].base1 = 0;
31101 + gdt[GDT_ENTRY_KERNEL_CS].base2 = 0;
31102 + gdt[GDT_ENTRY_KERNEL_CS].limit0 = 0xffff;
31103 + gdt[GDT_ENTRY_KERNEL_CS].limit = 0xf;
31104 + gdt[GDT_ENTRY_KERNEL_CS].g = 1;
31105 +#endif
31106 + pax_close_kernel();
31107 +#endif
31108 +
31109 + asm volatile("ljmpl *%0" : :
31110 "rm" (real_mode_header->machine_real_restart_asm),
31111 "a" (type));
31112 #else
31113 @@ -150,7 +177,7 @@ static int __init set_kbd_reboot(const struct dmi_system_id *d)
31114 /*
31115 * This is a single dmi_table handling all reboot quirks.
31116 */
31117 -static struct dmi_system_id __initdata reboot_dmi_table[] = {
31118 +static const struct dmi_system_id __initconst reboot_dmi_table[] = {
31119
31120 /* Acer */
31121 { /* Handle reboot issue on Acer Aspire one */
31122 @@ -540,7 +567,7 @@ void __attribute__((weak)) mach_reboot_fixups(void)
31123 * This means that this function can never return, it can misbehave
31124 * by not rebooting properly and hanging.
31125 */
31126 -static void native_machine_emergency_restart(void)
31127 +static void __noreturn native_machine_emergency_restart(void)
31128 {
31129 int i;
31130 int attempt = 0;
31131 @@ -669,13 +696,13 @@ void native_machine_shutdown(void)
31132 #endif
31133 }
31134
31135 -static void __machine_emergency_restart(int emergency)
31136 +static void __noreturn __machine_emergency_restart(int emergency)
31137 {
31138 reboot_emergency = emergency;
31139 machine_ops.emergency_restart();
31140 }
31141
31142 -static void native_machine_restart(char *__unused)
31143 +static void __noreturn native_machine_restart(char *__unused)
31144 {
31145 pr_notice("machine restart\n");
31146
31147 @@ -684,7 +711,7 @@ static void native_machine_restart(char *__unused)
31148 __machine_emergency_restart(0);
31149 }
31150
31151 -static void native_machine_halt(void)
31152 +static void __noreturn native_machine_halt(void)
31153 {
31154 /* Stop other cpus and apics */
31155 machine_shutdown();
31156 @@ -694,7 +721,7 @@ static void native_machine_halt(void)
31157 stop_this_cpu(NULL);
31158 }
31159
31160 -static void native_machine_power_off(void)
31161 +static void __noreturn native_machine_power_off(void)
31162 {
31163 if (pm_power_off) {
31164 if (!reboot_force)
31165 @@ -703,9 +730,10 @@ static void native_machine_power_off(void)
31166 }
31167 /* A fallback in case there is no PM info available */
31168 tboot_shutdown(TB_SHUTDOWN_HALT);
31169 + unreachable();
31170 }
31171
31172 -struct machine_ops machine_ops = {
31173 +struct machine_ops machine_ops __read_only = {
31174 .power_off = native_machine_power_off,
31175 .shutdown = native_machine_shutdown,
31176 .emergency_restart = native_machine_emergency_restart,
31177 diff --git a/arch/x86/kernel/reboot_fixups_32.c b/arch/x86/kernel/reboot_fixups_32.c
31178 index c8e41e9..64049ef 100644
31179 --- a/arch/x86/kernel/reboot_fixups_32.c
31180 +++ b/arch/x86/kernel/reboot_fixups_32.c
31181 @@ -57,7 +57,7 @@ struct device_fixup {
31182 unsigned int vendor;
31183 unsigned int device;
31184 void (*reboot_fixup)(struct pci_dev *);
31185 -};
31186 +} __do_const;
31187
31188 /*
31189 * PCI ids solely used for fixups_table go here
31190 diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S
31191 index 98111b3..73ca125 100644
31192 --- a/arch/x86/kernel/relocate_kernel_64.S
31193 +++ b/arch/x86/kernel/relocate_kernel_64.S
31194 @@ -96,8 +96,7 @@ relocate_kernel:
31195
31196 /* jump to identity mapped page */
31197 addq $(identity_mapped - relocate_kernel), %r8
31198 - pushq %r8
31199 - ret
31200 + jmp *%r8
31201
31202 identity_mapped:
31203 /* set return address to 0 if not preserving context */
31204 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
31205 index 98c9cd6..c32f54c 100644
31206 --- a/arch/x86/kernel/setup.c
31207 +++ b/arch/x86/kernel/setup.c
31208 @@ -114,6 +114,7 @@
31209 #include <asm/microcode.h>
31210 #include <asm/mmu_context.h>
31211 #include <asm/kaslr.h>
31212 +#include <asm/boot.h>
31213
31214 /*
31215 * max_low_pfn_mapped: highest direct mapped pfn under 4GB
31216 @@ -178,7 +179,7 @@ struct cpuinfo_x86 new_cpu_data = {
31217 .wp_works_ok = -1,
31218 };
31219 /* common cpu data for all cpus */
31220 -struct cpuinfo_x86 boot_cpu_data __read_mostly = {
31221 +struct cpuinfo_x86 boot_cpu_data __read_only = {
31222 .wp_works_ok = -1,
31223 };
31224 EXPORT_SYMBOL(boot_cpu_data);
31225 @@ -202,17 +203,19 @@ struct ist_info ist_info;
31226 #endif
31227
31228 #else
31229 -struct cpuinfo_x86 boot_cpu_data __read_mostly = {
31230 +struct cpuinfo_x86 boot_cpu_data __read_only = {
31231 .x86_phys_bits = MAX_PHYSMEM_BITS,
31232 };
31233 EXPORT_SYMBOL(boot_cpu_data);
31234 #endif
31235
31236
31237 -#if !defined(CONFIG_X86_PAE) || defined(CONFIG_X86_64)
31238 -__visible unsigned long mmu_cr4_features;
31239 +#ifdef CONFIG_X86_64
31240 +__visible unsigned long mmu_cr4_features __read_only = X86_CR4_PSE | X86_CR4_PAE | X86_CR4_PGE;
31241 +#elif defined(CONFIG_X86_PAE)
31242 +__visible unsigned long mmu_cr4_features __read_only = X86_CR4_PAE;
31243 #else
31244 -__visible unsigned long mmu_cr4_features = X86_CR4_PAE;
31245 +__visible unsigned long mmu_cr4_features __read_only;
31246 #endif
31247
31248 /* Boot loader ID and version as integers, for the benefit of proc_dointvec */
31249 @@ -761,7 +764,7 @@ static void __init trim_bios_range(void)
31250 * area (640->1Mb) as ram even though it is not.
31251 * take them out.
31252 */
31253 - e820_remove_range(BIOS_BEGIN, BIOS_END - BIOS_BEGIN, E820_RAM, 1);
31254 + e820_remove_range(ISA_START_ADDRESS, ISA_END_ADDRESS - ISA_START_ADDRESS, E820_RAM, 1);
31255
31256 sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map);
31257 }
31258 @@ -769,7 +772,7 @@ static void __init trim_bios_range(void)
31259 /* called before trim_bios_range() to spare extra sanitize */
31260 static void __init e820_add_kernel_range(void)
31261 {
31262 - u64 start = __pa_symbol(_text);
31263 + u64 start = __pa_symbol(ktla_ktva((unsigned long)_text));
31264 u64 size = __pa_symbol(_end) - start;
31265
31266 /*
31267 @@ -850,8 +853,8 @@ dump_kernel_offset(struct notifier_block *self, unsigned long v, void *p)
31268
31269 void __init setup_arch(char **cmdline_p)
31270 {
31271 - memblock_reserve(__pa_symbol(_text),
31272 - (unsigned long)__bss_stop - (unsigned long)_text);
31273 + memblock_reserve(__pa_symbol(ktla_ktva((unsigned long)_text)),
31274 + (unsigned long)__bss_stop - ktla_ktva((unsigned long)_text));
31275
31276 early_reserve_initrd();
31277
31278 @@ -944,16 +947,16 @@ void __init setup_arch(char **cmdline_p)
31279
31280 if (!boot_params.hdr.root_flags)
31281 root_mountflags &= ~MS_RDONLY;
31282 - init_mm.start_code = (unsigned long) _text;
31283 - init_mm.end_code = (unsigned long) _etext;
31284 - init_mm.end_data = (unsigned long) _edata;
31285 + init_mm.start_code = ktla_ktva((unsigned long)_text);
31286 + init_mm.end_code = ktla_ktva((unsigned long)_etext);
31287 + init_mm.end_data = (unsigned long)_edata;
31288 init_mm.brk = _brk_end;
31289
31290 mpx_mm_init(&init_mm);
31291
31292 - code_resource.start = __pa_symbol(_text);
31293 - code_resource.end = __pa_symbol(_etext)-1;
31294 - data_resource.start = __pa_symbol(_etext);
31295 + code_resource.start = __pa_symbol(ktla_ktva((unsigned long)_text));
31296 + code_resource.end = __pa_symbol(ktla_ktva((unsigned long)_etext))-1;
31297 + data_resource.start = __pa_symbol(_sdata);
31298 data_resource.end = __pa_symbol(_edata)-1;
31299 bss_resource.start = __pa_symbol(__bss_start);
31300 bss_resource.end = __pa_symbol(__bss_stop)-1;
31301 diff --git a/arch/x86/kernel/setup_percpu.c b/arch/x86/kernel/setup_percpu.c
31302 index 7a40e06..f60ccfe 100644
31303 --- a/arch/x86/kernel/setup_percpu.c
31304 +++ b/arch/x86/kernel/setup_percpu.c
31305 @@ -21,19 +21,17 @@
31306 #include <asm/cpu.h>
31307 #include <asm/stackprotector.h>
31308
31309 -DEFINE_PER_CPU_READ_MOSTLY(int, cpu_number);
31310 +#ifdef CONFIG_SMP
31311 +DEFINE_PER_CPU_READ_MOSTLY(unsigned int, cpu_number);
31312 EXPORT_PER_CPU_SYMBOL(cpu_number);
31313 +#endif
31314
31315 -#ifdef CONFIG_X86_64
31316 #define BOOT_PERCPU_OFFSET ((unsigned long)__per_cpu_load)
31317 -#else
31318 -#define BOOT_PERCPU_OFFSET 0
31319 -#endif
31320
31321 DEFINE_PER_CPU_READ_MOSTLY(unsigned long, this_cpu_off) = BOOT_PERCPU_OFFSET;
31322 EXPORT_PER_CPU_SYMBOL(this_cpu_off);
31323
31324 -unsigned long __per_cpu_offset[NR_CPUS] __read_mostly = {
31325 +unsigned long __per_cpu_offset[NR_CPUS] __read_only = {
31326 [0 ... NR_CPUS-1] = BOOT_PERCPU_OFFSET,
31327 };
31328 EXPORT_SYMBOL(__per_cpu_offset);
31329 @@ -66,7 +64,7 @@ static bool __init pcpu_need_numa(void)
31330 {
31331 #ifdef CONFIG_NEED_MULTIPLE_NODES
31332 pg_data_t *last = NULL;
31333 - unsigned int cpu;
31334 + int cpu;
31335
31336 for_each_possible_cpu(cpu) {
31337 int node = early_cpu_to_node(cpu);
31338 @@ -155,10 +153,10 @@ static inline void setup_percpu_segment(int cpu)
31339 {
31340 #ifdef CONFIG_X86_32
31341 struct desc_struct gdt;
31342 + unsigned long base = per_cpu_offset(cpu);
31343
31344 - pack_descriptor(&gdt, per_cpu_offset(cpu), 0xFFFFF,
31345 - 0x2 | DESCTYPE_S, 0x8);
31346 - gdt.s = 1;
31347 + pack_descriptor(&gdt, base, (VMALLOC_END - base - 1) >> PAGE_SHIFT,
31348 + 0x83 | DESCTYPE_S, 0xC);
31349 write_gdt_entry(get_cpu_gdt_table(cpu),
31350 GDT_ENTRY_PERCPU, &gdt, DESCTYPE_S);
31351 #endif
31352 @@ -219,6 +217,11 @@ void __init setup_per_cpu_areas(void)
31353 /* alrighty, percpu areas up and running */
31354 delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start;
31355 for_each_possible_cpu(cpu) {
31356 +#ifdef CONFIG_CC_STACKPROTECTOR
31357 +#ifdef CONFIG_X86_32
31358 + unsigned long canary = per_cpu(stack_canary.canary, cpu);
31359 +#endif
31360 +#endif
31361 per_cpu_offset(cpu) = delta + pcpu_unit_offsets[cpu];
31362 per_cpu(this_cpu_off, cpu) = per_cpu_offset(cpu);
31363 per_cpu(cpu_number, cpu) = cpu;
31364 @@ -261,6 +264,12 @@ void __init setup_per_cpu_areas(void)
31365 */
31366 set_cpu_numa_node(cpu, early_cpu_to_node(cpu));
31367 #endif
31368 +#ifdef CONFIG_CC_STACKPROTECTOR
31369 +#ifdef CONFIG_X86_32
31370 + if (!cpu)
31371 + per_cpu(stack_canary.canary, cpu) = canary;
31372 +#endif
31373 +#endif
31374 /*
31375 * Up to this point, the boot CPU has been using .init.data
31376 * area. Reload any changed state for the boot CPU.
31377 diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
31378 index 04cb321..e74f021 100644
31379 --- a/arch/x86/kernel/signal.c
31380 +++ b/arch/x86/kernel/signal.c
31381 @@ -226,7 +226,7 @@ static unsigned long align_sigframe(unsigned long sp)
31382 * Align the stack pointer according to the i386 ABI,
31383 * i.e. so that on function entry ((sp + 4) & 15) == 0.
31384 */
31385 - sp = ((sp + 4) & -16ul) - 4;
31386 + sp = ((sp - 12) & -16ul) - 4;
31387 #else /* !CONFIG_X86_32 */
31388 sp = round_down(sp, 16) - 8;
31389 #endif
31390 @@ -334,10 +334,9 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
31391 }
31392
31393 if (current->mm->context.vdso)
31394 - restorer = current->mm->context.vdso +
31395 - vdso_image_32.sym___kernel_sigreturn;
31396 + restorer = (void __force_user *)(current->mm->context.vdso + vdso_image_32.sym___kernel_sigreturn);
31397 else
31398 - restorer = &frame->retcode;
31399 + restorer = frame->retcode;
31400 if (ksig->ka.sa.sa_flags & SA_RESTORER)
31401 restorer = ksig->ka.sa.sa_restorer;
31402
31403 @@ -351,7 +350,7 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
31404 * reasons and because gdb uses it as a signature to notice
31405 * signal handler stack frames.
31406 */
31407 - err |= __put_user(*((u64 *)&retcode), (u64 *)frame->retcode);
31408 + err |= __put_user(*((u64 *)&retcode), (u64 __user *)frame->retcode);
31409
31410 if (err)
31411 return -EFAULT;
31412 @@ -398,8 +397,10 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
31413 save_altstack_ex(&frame->uc.uc_stack, regs->sp);
31414
31415 /* Set up to return from userspace. */
31416 - restorer = current->mm->context.vdso +
31417 - vdso_image_32.sym___kernel_rt_sigreturn;
31418 + if (current->mm->context.vdso)
31419 + restorer = (void __force_user *)(current->mm->context.vdso + vdso_image_32.sym___kernel_rt_sigreturn);
31420 + else
31421 + restorer = (void __user *)&frame->retcode;
31422 if (ksig->ka.sa.sa_flags & SA_RESTORER)
31423 restorer = ksig->ka.sa.sa_restorer;
31424 put_user_ex(restorer, &frame->pretcode);
31425 @@ -411,7 +412,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
31426 * reasons and because gdb uses it as a signature to notice
31427 * signal handler stack frames.
31428 */
31429 - put_user_ex(*((u64 *)&rt_retcode), (u64 *)frame->retcode);
31430 + put_user_ex(*((u64 *)&rt_retcode), (u64 __user *)frame->retcode);
31431 } put_user_catch(err);
31432
31433 err |= copy_siginfo_to_user(&frame->info, &ksig->info);
31434 diff --git a/arch/x86/kernel/smp.c b/arch/x86/kernel/smp.c
31435 index 658777c..6285f88 100644
31436 --- a/arch/x86/kernel/smp.c
31437 +++ b/arch/x86/kernel/smp.c
31438 @@ -336,7 +336,7 @@ static int __init nonmi_ipi_setup(char *str)
31439
31440 __setup("nonmi_ipi", nonmi_ipi_setup);
31441
31442 -struct smp_ops smp_ops = {
31443 +struct smp_ops smp_ops __read_only = {
31444 .smp_prepare_boot_cpu = native_smp_prepare_boot_cpu,
31445 .smp_prepare_cpus = native_smp_prepare_cpus,
31446 .smp_cpus_done = native_smp_cpus_done,
31447 diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
31448 index 9e152cd..60ef544 100644
31449 --- a/arch/x86/kernel/smpboot.c
31450 +++ b/arch/x86/kernel/smpboot.c
31451 @@ -225,14 +225,17 @@ static void notrace start_secondary(void *unused)
31452
31453 enable_start_cpu0 = 0;
31454
31455 -#ifdef CONFIG_X86_32
31456 + /* otherwise gcc will move up smp_processor_id before the cpu_init */
31457 + barrier();
31458 +
31459 /* switch away from the initial page table */
31460 +#ifdef CONFIG_PAX_PER_CPU_PGD
31461 + load_cr3(get_cpu_pgd(smp_processor_id(), kernel));
31462 +#else
31463 load_cr3(swapper_pg_dir);
31464 +#endif
31465 __flush_tlb_all();
31466 -#endif
31467
31468 - /* otherwise gcc will move up smp_processor_id before the cpu_init */
31469 - barrier();
31470 /*
31471 * Check TSC synchronization with the BP:
31472 */
31473 @@ -935,16 +938,15 @@ void common_cpu_up(unsigned int cpu, struct task_struct *idle)
31474 alternatives_enable_smp();
31475
31476 per_cpu(current_task, cpu) = idle;
31477 + per_cpu(current_tinfo, cpu) = &idle->tinfo;
31478
31479 #ifdef CONFIG_X86_32
31480 - /* Stack for startup_32 can be just as for start_secondary onwards */
31481 irq_ctx_init(cpu);
31482 - per_cpu(cpu_current_top_of_stack, cpu) =
31483 - (unsigned long)task_stack_page(idle) + THREAD_SIZE;
31484 #else
31485 clear_tsk_thread_flag(idle, TIF_FORK);
31486 initial_gs = per_cpu_offset(cpu);
31487 #endif
31488 + per_cpu(cpu_current_top_of_stack, cpu) = (unsigned long)task_stack_page(idle) - 16 + THREAD_SIZE;
31489 }
31490
31491 /*
31492 @@ -965,9 +967,11 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
31493 unsigned long timeout;
31494
31495 idle->thread.sp = (unsigned long) (((struct pt_regs *)
31496 - (THREAD_SIZE + task_stack_page(idle))) - 1);
31497 + (THREAD_SIZE - 16 + task_stack_page(idle))) - 1);
31498
31499 + pax_open_kernel();
31500 early_gdt_descr.address = (unsigned long)get_cpu_gdt_table(cpu);
31501 + pax_close_kernel();
31502 initial_code = (unsigned long)start_secondary;
31503 stack_start = idle->thread.sp;
31504
31505 @@ -1115,6 +1119,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle)
31506
31507 common_cpu_up(cpu, tidle);
31508
31509 +#ifdef CONFIG_PAX_PER_CPU_PGD
31510 + clone_pgd_range(get_cpu_pgd(cpu, kernel) + KERNEL_PGD_BOUNDARY,
31511 + swapper_pg_dir + KERNEL_PGD_BOUNDARY,
31512 + KERNEL_PGD_PTRS);
31513 + clone_pgd_range(get_cpu_pgd(cpu, user) + KERNEL_PGD_BOUNDARY,
31514 + swapper_pg_dir + KERNEL_PGD_BOUNDARY,
31515 + KERNEL_PGD_PTRS);
31516 +#endif
31517 +
31518 /*
31519 * We have to walk the irq descriptors to setup the vector
31520 * space for the cpu which comes online. Prevent irq
31521 diff --git a/arch/x86/kernel/step.c b/arch/x86/kernel/step.c
31522 index c9a0738..f0ab628 100644
31523 --- a/arch/x86/kernel/step.c
31524 +++ b/arch/x86/kernel/step.c
31525 @@ -45,7 +45,8 @@ unsigned long convert_ip_to_linear(struct task_struct *child, struct pt_regs *re
31526 addr += base;
31527 }
31528 mutex_unlock(&child->mm->context.lock);
31529 - }
31530 + } else if (seg == __KERNEL_CS || seg == __KERNEXEC_KERNEL_CS)
31531 + addr = ktla_ktva(addr);
31532 #endif
31533
31534 return addr;
31535 @@ -57,6 +58,9 @@ static int is_setting_trap_flag(struct task_struct *child, struct pt_regs *regs)
31536 unsigned char opcode[15];
31537 unsigned long addr = convert_ip_to_linear(child, regs);
31538
31539 + if (addr == -EINVAL)
31540 + return 0;
31541 +
31542 copied = access_process_vm(child, addr, opcode, sizeof(opcode), 0);
31543 for (i = 0; i < copied; i++) {
31544 switch (opcode[i]) {
31545 diff --git a/arch/x86/kernel/sys_i386_32.c b/arch/x86/kernel/sys_i386_32.c
31546 new file mode 100644
31547 index 0000000..920e413
31548 --- /dev/null
31549 +++ b/arch/x86/kernel/sys_i386_32.c
31550 @@ -0,0 +1,189 @@
31551 +/*
31552 + * This file contains various random system calls that
31553 + * have a non-standard calling sequence on the Linux/i386
31554 + * platform.
31555 + */
31556 +
31557 +#include <linux/errno.h>
31558 +#include <linux/sched.h>
31559 +#include <linux/mm.h>
31560 +#include <linux/fs.h>
31561 +#include <linux/smp.h>
31562 +#include <linux/sem.h>
31563 +#include <linux/msg.h>
31564 +#include <linux/shm.h>
31565 +#include <linux/stat.h>
31566 +#include <linux/syscalls.h>
31567 +#include <linux/mman.h>
31568 +#include <linux/file.h>
31569 +#include <linux/utsname.h>
31570 +#include <linux/ipc.h>
31571 +#include <linux/elf.h>
31572 +
31573 +#include <linux/uaccess.h>
31574 +#include <linux/unistd.h>
31575 +
31576 +#include <asm/syscalls.h>
31577 +
31578 +int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags)
31579 +{
31580 + unsigned long pax_task_size = TASK_SIZE;
31581 +
31582 +#ifdef CONFIG_PAX_SEGMEXEC
31583 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
31584 + pax_task_size = SEGMEXEC_TASK_SIZE;
31585 +#endif
31586 +
31587 + if (flags & MAP_FIXED)
31588 + if (len > pax_task_size || addr > pax_task_size - len)
31589 + return -EINVAL;
31590 +
31591 + return 0;
31592 +}
31593 +
31594 +/*
31595 + * Align a virtual address to avoid aliasing in the I$ on AMD F15h.
31596 + */
31597 +static unsigned long get_align_mask(void)
31598 +{
31599 + if (va_align.flags < 0 || !(va_align.flags & ALIGN_VA_32))
31600 + return 0;
31601 +
31602 + if (!(current->flags & PF_RANDOMIZE))
31603 + return 0;
31604 +
31605 + return va_align.mask;
31606 +}
31607 +
31608 +unsigned long
31609 +arch_get_unmapped_area(struct file *filp, unsigned long addr,
31610 + unsigned long len, unsigned long pgoff, unsigned long flags)
31611 +{
31612 + struct mm_struct *mm = current->mm;
31613 + struct vm_area_struct *vma;
31614 + unsigned long pax_task_size = TASK_SIZE;
31615 + struct vm_unmapped_area_info info;
31616 + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
31617 +
31618 +#ifdef CONFIG_PAX_SEGMEXEC
31619 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
31620 + pax_task_size = SEGMEXEC_TASK_SIZE;
31621 +#endif
31622 +
31623 + pax_task_size -= PAGE_SIZE;
31624 +
31625 + if (len > pax_task_size)
31626 + return -ENOMEM;
31627 +
31628 + if (flags & MAP_FIXED)
31629 + return addr;
31630 +
31631 +#ifdef CONFIG_PAX_RANDMMAP
31632 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
31633 +#endif
31634 +
31635 + if (addr) {
31636 + addr = PAGE_ALIGN(addr);
31637 + if (pax_task_size - len >= addr) {
31638 + vma = find_vma(mm, addr);
31639 + if (check_heap_stack_gap(vma, addr, len, offset))
31640 + return addr;
31641 + }
31642 + }
31643 +
31644 + info.flags = 0;
31645 + info.length = len;
31646 + info.align_mask = filp ? get_align_mask() : 0;
31647 + info.align_offset = pgoff << PAGE_SHIFT;
31648 + info.threadstack_offset = offset;
31649 +
31650 +#ifdef CONFIG_PAX_PAGEEXEC
31651 + if (!(__supported_pte_mask & _PAGE_NX) && (mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE)) {
31652 + info.low_limit = 0x00110000UL;
31653 + info.high_limit = mm->start_code;
31654 +
31655 +#ifdef CONFIG_PAX_RANDMMAP
31656 + if (mm->pax_flags & MF_PAX_RANDMMAP)
31657 + info.low_limit += mm->delta_mmap & 0x03FFF000UL;
31658 +#endif
31659 +
31660 + if (info.low_limit < info.high_limit) {
31661 + addr = vm_unmapped_area(&info);
31662 + if (!IS_ERR_VALUE(addr))
31663 + return addr;
31664 + }
31665 + } else
31666 +#endif
31667 +
31668 + info.low_limit = mm->mmap_base;
31669 + info.high_limit = pax_task_size;
31670 +
31671 + return vm_unmapped_area(&info);
31672 +}
31673 +
31674 +unsigned long
31675 +arch_get_unmapped_area_topdown(struct file *filp, unsigned long addr0,
31676 + unsigned long len, unsigned long pgoff,
31677 + unsigned long flags)
31678 +{
31679 + struct vm_area_struct *vma;
31680 + struct mm_struct *mm = current->mm;
31681 + unsigned long addr = addr0, pax_task_size = TASK_SIZE;
31682 + struct vm_unmapped_area_info info;
31683 + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
31684 +
31685 +#ifdef CONFIG_PAX_SEGMEXEC
31686 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
31687 + pax_task_size = SEGMEXEC_TASK_SIZE;
31688 +#endif
31689 +
31690 + pax_task_size -= PAGE_SIZE;
31691 +
31692 + /* requested length too big for entire address space */
31693 + if (len > pax_task_size)
31694 + return -ENOMEM;
31695 +
31696 + if (flags & MAP_FIXED)
31697 + return addr;
31698 +
31699 +#ifdef CONFIG_PAX_PAGEEXEC
31700 + if (!(__supported_pte_mask & _PAGE_NX) && (mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE))
31701 + goto bottomup;
31702 +#endif
31703 +
31704 +#ifdef CONFIG_PAX_RANDMMAP
31705 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
31706 +#endif
31707 +
31708 + /* requesting a specific address */
31709 + if (addr) {
31710 + addr = PAGE_ALIGN(addr);
31711 + if (pax_task_size - len >= addr) {
31712 + vma = find_vma(mm, addr);
31713 + if (check_heap_stack_gap(vma, addr, len, offset))
31714 + return addr;
31715 + }
31716 + }
31717 +
31718 + info.flags = VM_UNMAPPED_AREA_TOPDOWN;
31719 + info.length = len;
31720 + info.low_limit = PAGE_SIZE;
31721 + info.high_limit = mm->mmap_base;
31722 + info.align_mask = filp ? get_align_mask() : 0;
31723 + info.align_offset = pgoff << PAGE_SHIFT;
31724 + info.threadstack_offset = offset;
31725 +
31726 + addr = vm_unmapped_area(&info);
31727 + if (!(addr & ~PAGE_MASK))
31728 + return addr;
31729 + VM_BUG_ON(addr != -ENOMEM);
31730 +
31731 +bottomup:
31732 + /*
31733 + * A failed mmap() very likely causes application failure,
31734 + * so fall back to the bottom-up function here. This scenario
31735 + * can happen with large stack limits and large mmap()
31736 + * allocations.
31737 + */
31738 + return arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
31739 +}
31740 diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c
31741 index 10e0272..a73232f 100644
31742 --- a/arch/x86/kernel/sys_x86_64.c
31743 +++ b/arch/x86/kernel/sys_x86_64.c
31744 @@ -97,8 +97,8 @@ out:
31745 return error;
31746 }
31747
31748 -static void find_start_end(unsigned long flags, unsigned long *begin,
31749 - unsigned long *end)
31750 +static void find_start_end(struct mm_struct *mm, unsigned long flags,
31751 + unsigned long *begin, unsigned long *end)
31752 {
31753 if (!test_thread_flag(TIF_ADDR32) && (flags & MAP_32BIT)) {
31754 unsigned long new_begin;
31755 @@ -117,7 +117,7 @@ static void find_start_end(unsigned long flags, unsigned long *begin,
31756 *begin = new_begin;
31757 }
31758 } else {
31759 - *begin = current->mm->mmap_legacy_base;
31760 + *begin = mm->mmap_legacy_base;
31761 *end = TASK_SIZE;
31762 }
31763 }
31764 @@ -130,20 +130,24 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
31765 struct vm_area_struct *vma;
31766 struct vm_unmapped_area_info info;
31767 unsigned long begin, end;
31768 + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
31769
31770 if (flags & MAP_FIXED)
31771 return addr;
31772
31773 - find_start_end(flags, &begin, &end);
31774 + find_start_end(mm, flags, &begin, &end);
31775
31776 if (len > end)
31777 return -ENOMEM;
31778
31779 +#ifdef CONFIG_PAX_RANDMMAP
31780 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
31781 +#endif
31782 +
31783 if (addr) {
31784 addr = PAGE_ALIGN(addr);
31785 vma = find_vma(mm, addr);
31786 - if (end - len >= addr &&
31787 - (!vma || addr + len <= vma->vm_start))
31788 + if (end - len >= addr && check_heap_stack_gap(vma, addr, len, offset))
31789 return addr;
31790 }
31791
31792 @@ -157,18 +161,20 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
31793 info.align_mask = get_align_mask();
31794 info.align_offset += get_align_bits();
31795 }
31796 + info.threadstack_offset = offset;
31797 return vm_unmapped_area(&info);
31798 }
31799
31800 unsigned long
31801 -arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
31802 - const unsigned long len, const unsigned long pgoff,
31803 - const unsigned long flags)
31804 +arch_get_unmapped_area_topdown(struct file *filp, unsigned long addr0,
31805 + unsigned long len, unsigned long pgoff,
31806 + unsigned long flags)
31807 {
31808 struct vm_area_struct *vma;
31809 struct mm_struct *mm = current->mm;
31810 unsigned long addr = addr0;
31811 struct vm_unmapped_area_info info;
31812 + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
31813
31814 /* requested length too big for entire address space */
31815 if (len > TASK_SIZE)
31816 @@ -181,12 +187,15 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
31817 if (!test_thread_flag(TIF_ADDR32) && (flags & MAP_32BIT))
31818 goto bottomup;
31819
31820 +#ifdef CONFIG_PAX_RANDMMAP
31821 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
31822 +#endif
31823 +
31824 /* requesting a specific address */
31825 if (addr) {
31826 addr = PAGE_ALIGN(addr);
31827 vma = find_vma(mm, addr);
31828 - if (TASK_SIZE - len >= addr &&
31829 - (!vma || addr + len <= vma->vm_start))
31830 + if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset))
31831 return addr;
31832 }
31833
31834 @@ -200,6 +209,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
31835 info.align_mask = get_align_mask();
31836 info.align_offset += get_align_bits();
31837 }
31838 + info.threadstack_offset = offset;
31839 addr = vm_unmapped_area(&info);
31840 if (!(addr & ~PAGE_MASK))
31841 return addr;
31842 diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
31843 index 654f6c6..cb648a2 100644
31844 --- a/arch/x86/kernel/tboot.c
31845 +++ b/arch/x86/kernel/tboot.c
31846 @@ -44,6 +44,7 @@
31847 #include <asm/setup.h>
31848 #include <asm/e820.h>
31849 #include <asm/io.h>
31850 +#include <asm/tlbflush.h>
31851
31852 #include "../realmode/rm/wakeup.h"
31853
31854 @@ -145,6 +146,10 @@ static int map_tboot_pages(unsigned long vaddr, unsigned long start_pfn,
31855 if (!tboot_pg_dir)
31856 return -1;
31857
31858 + clone_pgd_range(tboot_pg_dir + KERNEL_PGD_BOUNDARY,
31859 + swapper_pg_dir + KERNEL_PGD_BOUNDARY,
31860 + KERNEL_PGD_PTRS);
31861 +
31862 for (; nr > 0; nr--, vaddr += PAGE_SIZE, start_pfn++) {
31863 if (map_tboot_page(vaddr, start_pfn, PAGE_KERNEL_EXEC))
31864 return -1;
31865 @@ -215,8 +220,6 @@ static int tboot_setup_sleep(void)
31866
31867 void tboot_shutdown(u32 shutdown_type)
31868 {
31869 - void (*shutdown)(void);
31870 -
31871 if (!tboot_enabled())
31872 return;
31873
31874 @@ -236,9 +239,12 @@ void tboot_shutdown(u32 shutdown_type)
31875 tboot->shutdown_type = shutdown_type;
31876
31877 switch_to_tboot_pt();
31878 + __write_cr4(__read_cr4() & ~X86_CR4_PCIDE);
31879
31880 - shutdown = (void(*)(void))(unsigned long)tboot->shutdown_entry;
31881 - shutdown();
31882 + /*
31883 + * PaX: can't be a C indirect function call due to KERNEXEC
31884 + */
31885 + asm volatile("jmp *%0" : : "r"((unsigned long)tboot->shutdown_entry));
31886
31887 /* should not reach here */
31888 while (1)
31889 @@ -304,7 +310,7 @@ static int tboot_extended_sleep(u8 sleep_state, u32 val_a, u32 val_b)
31890 return -ENODEV;
31891 }
31892
31893 -static atomic_t ap_wfs_count;
31894 +static atomic_unchecked_t ap_wfs_count;
31895
31896 static int tboot_wait_for_aps(int num_aps)
31897 {
31898 @@ -325,9 +331,9 @@ static int tboot_wait_for_aps(int num_aps)
31899
31900 static int tboot_dying_cpu(unsigned int cpu)
31901 {
31902 - atomic_inc(&ap_wfs_count);
31903 + atomic_inc_unchecked(&ap_wfs_count);
31904 if (num_online_cpus() == 1) {
31905 - if (tboot_wait_for_aps(atomic_read(&ap_wfs_count)))
31906 + if (tboot_wait_for_aps(atomic_read_unchecked(&ap_wfs_count)))
31907 return -EBUSY;
31908 }
31909 return 0;
31910 @@ -407,7 +413,7 @@ static __init int tboot_late_init(void)
31911
31912 tboot_create_trampoline();
31913
31914 - atomic_set(&ap_wfs_count, 0);
31915 + atomic_set_unchecked(&ap_wfs_count, 0);
31916 cpuhp_setup_state(CPUHP_AP_X86_TBOOT_DYING, "AP_X86_TBOOT_DYING", NULL,
31917 tboot_dying_cpu);
31918 #ifdef CONFIG_DEBUG_FS
31919 diff --git a/arch/x86/kernel/time.c b/arch/x86/kernel/time.c
31920 index d39c091..1df4349 100644
31921 --- a/arch/x86/kernel/time.c
31922 +++ b/arch/x86/kernel/time.c
31923 @@ -32,7 +32,7 @@ unsigned long profile_pc(struct pt_regs *regs)
31924
31925 if (!user_mode(regs) && in_lock_functions(pc)) {
31926 #ifdef CONFIG_FRAME_POINTER
31927 - return *(unsigned long *)(regs->bp + sizeof(long));
31928 + return ktla_ktva(*(unsigned long *)(regs->bp + sizeof(long)));
31929 #else
31930 unsigned long *sp =
31931 (unsigned long *)kernel_stack_pointer(regs);
31932 @@ -41,11 +41,17 @@ unsigned long profile_pc(struct pt_regs *regs)
31933 * or above a saved flags. Eflags has bits 22-31 zero,
31934 * kernel addresses don't.
31935 */
31936 +
31937 +#ifdef CONFIG_PAX_KERNEXEC
31938 + return ktla_ktva(sp[0]);
31939 +#else
31940 if (sp[0] >> 22)
31941 return sp[0];
31942 if (sp[1] >> 22)
31943 return sp[1];
31944 #endif
31945 +
31946 +#endif
31947 }
31948 return pc;
31949 }
31950 diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c
31951 index 9692a5e..aea9fa5 100644
31952 --- a/arch/x86/kernel/tls.c
31953 +++ b/arch/x86/kernel/tls.c
31954 @@ -140,6 +140,11 @@ int do_set_thread_area(struct task_struct *p, int idx,
31955 if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
31956 return -EINVAL;
31957
31958 +#ifdef CONFIG_PAX_SEGMEXEC
31959 + if ((p->mm->pax_flags & MF_PAX_SEGMEXEC) && (info.contents & MODIFY_LDT_CONTENTS_CODE))
31960 + return -EINVAL;
31961 +#endif
31962 +
31963 set_tls_desc(p, idx, &info, 1);
31964
31965 /*
31966 @@ -298,7 +303,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset,
31967
31968 if (kbuf)
31969 info = kbuf;
31970 - else if (__copy_from_user(infobuf, ubuf, count))
31971 + else if (count > sizeof infobuf || __copy_from_user(infobuf, ubuf, count))
31972 return -EFAULT;
31973 else
31974 info = infobuf;
31975 diff --git a/arch/x86/kernel/tracepoint.c b/arch/x86/kernel/tracepoint.c
31976 index 1c113db..287b42e 100644
31977 --- a/arch/x86/kernel/tracepoint.c
31978 +++ b/arch/x86/kernel/tracepoint.c
31979 @@ -9,11 +9,11 @@
31980 #include <linux/atomic.h>
31981
31982 atomic_t trace_idt_ctr = ATOMIC_INIT(0);
31983 -struct desc_ptr trace_idt_descr = { NR_VECTORS * 16 - 1,
31984 +const struct desc_ptr trace_idt_descr = { NR_VECTORS * 16 - 1,
31985 (unsigned long) trace_idt_table };
31986
31987 /* No need to be aligned, but done to keep all IDTs defined the same way. */
31988 -gate_desc trace_idt_table[NR_VECTORS] __page_aligned_bss;
31989 +gate_desc trace_idt_table[NR_VECTORS] __page_aligned_rodata;
31990
31991 static int trace_irq_vector_refcount;
31992 static DEFINE_MUTEX(irq_vector_mutex);
31993 diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
31994 index b70ca12..2eb1474 100644
31995 --- a/arch/x86/kernel/traps.c
31996 +++ b/arch/x86/kernel/traps.c
31997 @@ -71,7 +71,7 @@
31998 #include <asm/proto.h>
31999
32000 /* No need to be aligned, but done to keep all IDTs defined the same way. */
32001 -gate_desc debug_idt_table[NR_VECTORS] __page_aligned_bss;
32002 +gate_desc debug_idt_table[NR_VECTORS] __page_aligned_rodata;
32003 #else
32004 #include <asm/processor-flags.h>
32005 #include <asm/setup.h>
32006 @@ -79,7 +79,7 @@ gate_desc debug_idt_table[NR_VECTORS] __page_aligned_bss;
32007 #endif
32008
32009 /* Must be page-aligned because the real IDT is used in a fixmap. */
32010 -gate_desc idt_table[NR_VECTORS] __page_aligned_bss;
32011 +gate_desc idt_table[NR_VECTORS] __page_aligned_rodata;
32012
32013 DECLARE_BITMAP(used_vectors, NR_VECTORS);
32014 EXPORT_SYMBOL_GPL(used_vectors);
32015 @@ -169,7 +169,7 @@ void ist_end_non_atomic(void)
32016 }
32017
32018 static nokprobe_inline int
32019 -do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str,
32020 +do_trap_no_signal(struct task_struct *tsk, int trapnr, const char *str,
32021 struct pt_regs *regs, long error_code)
32022 {
32023 if (v8086_mode(regs)) {
32024 @@ -189,8 +189,25 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str,
32025 if (!fixup_exception(regs, trapnr)) {
32026 tsk->thread.error_code = error_code;
32027 tsk->thread.trap_nr = trapnr;
32028 +
32029 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
32030 + if (trapnr == X86_TRAP_SS && ((regs->cs & 0xFFFF) == __KERNEL_CS || (regs->cs & 0xFFFF) == __KERNEXEC_KERNEL_CS))
32031 + str = "PAX: suspicious stack segment fault";
32032 +#endif
32033 +
32034 +#ifdef CONFIG_PAX_RAP
32035 + if (trapnr == X86_TRAP_UD)
32036 + str = "PAX: overwritten function pointer or return address detected";
32037 +#endif
32038 +
32039 die(str, regs, error_code);
32040 }
32041 +
32042 +#ifdef CONFIG_PAX_REFCOUNT
32043 + if (trapnr == X86_REFCOUNT_VECTOR)
32044 + pax_report_refcount_error(regs, str);
32045 +#endif
32046 +
32047 return 0;
32048 }
32049
32050 @@ -229,7 +246,7 @@ static siginfo_t *fill_trap_info(struct pt_regs *regs, int signr, int trapnr,
32051 }
32052
32053 static void
32054 -do_trap(int trapnr, int signr, char *str, struct pt_regs *regs,
32055 +do_trap(int trapnr, int signr, const char *str, struct pt_regs *regs,
32056 long error_code, siginfo_t *info)
32057 {
32058 struct task_struct *tsk = current;
32059 @@ -252,7 +269,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs,
32060 if (show_unhandled_signals && unhandled_signal(tsk, signr) &&
32061 printk_ratelimit()) {
32062 pr_info("%s[%d] trap %s ip:%lx sp:%lx error:%lx",
32063 - tsk->comm, tsk->pid, str,
32064 + tsk->comm, task_pid_nr(tsk), str,
32065 regs->ip, regs->sp, error_code);
32066 print_vma_addr(" in ", regs->ip);
32067 pr_cont("\n");
32068 @@ -262,7 +279,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs,
32069 }
32070 NOKPROBE_SYMBOL(do_trap);
32071
32072 -static void do_error_trap(struct pt_regs *regs, long error_code, char *str,
32073 +static void do_error_trap(struct pt_regs *regs, long error_code, const char *str,
32074 unsigned long trapnr, int signr)
32075 {
32076 siginfo_t info;
32077 @@ -292,6 +309,37 @@ DO_ERROR(X86_TRAP_NP, SIGBUS, "segment not present", segment_not_present)
32078 DO_ERROR(X86_TRAP_SS, SIGBUS, "stack segment", stack_segment)
32079 DO_ERROR(X86_TRAP_AC, SIGBUS, "alignment check", alignment_check)
32080
32081 +#ifdef CONFIG_PAX_REFCOUNT
32082 +extern char __refcount_overflow_start[], __refcount_overflow_end[];
32083 +extern char __refcount64_overflow_start[], __refcount64_overflow_end[];
32084 +extern char __refcount_underflow_start[], __refcount_underflow_end[];
32085 +extern char __refcount64_underflow_start[], __refcount64_underflow_end[];
32086 +
32087 +dotraplinkage void do_refcount_error(struct pt_regs *regs, long error_code)
32088 +{
32089 + const char *str = NULL;
32090 +
32091 + BUG_ON(!(regs->flags & X86_EFLAGS_OF));
32092 +
32093 +#define range_check(size, direction, type, value) \
32094 + if ((unsigned long)__##size##_##direction##_start <= regs->ip && \
32095 + regs->ip < (unsigned long)__##size##_##direction##_end) { \
32096 + *(type *)regs->cx = value; \
32097 + str = #size " " #direction; \
32098 + }
32099 +
32100 + range_check(refcount, overflow, int, INT_MAX)
32101 + range_check(refcount64, overflow, long long, LLONG_MAX)
32102 + range_check(refcount, underflow, int, INT_MIN)
32103 + range_check(refcount64, underflow, long long, LLONG_MIN)
32104 +
32105 +#undef range_check
32106 +
32107 + BUG_ON(!str);
32108 + do_error_trap(regs, error_code, str, X86_REFCOUNT_VECTOR, SIGILL);
32109 +}
32110 +#endif
32111 +
32112 #ifdef CONFIG_X86_64
32113 /* Runs on IST stack */
32114 dotraplinkage void do_double_fault(struct pt_regs *regs, long error_code)
32115 @@ -332,6 +380,11 @@ dotraplinkage void do_double_fault(struct pt_regs *regs, long error_code)
32116 tsk->thread.error_code = error_code;
32117 tsk->thread.trap_nr = X86_TRAP_DF;
32118
32119 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
32120 + if ((unsigned long)tsk->stack - regs->sp <= PAGE_SIZE)
32121 + die("grsec: kernel stack overflow detected", regs, error_code);
32122 +#endif
32123 +
32124 #ifdef CONFIG_DOUBLEFAULT
32125 df_debug(regs, error_code);
32126 #endif
32127 @@ -444,11 +497,35 @@ do_general_protection(struct pt_regs *regs, long error_code)
32128 tsk->thread.error_code = error_code;
32129 tsk->thread.trap_nr = X86_TRAP_GP;
32130 if (notify_die(DIE_GPF, "general protection fault", regs, error_code,
32131 - X86_TRAP_GP, SIGSEGV) != NOTIFY_STOP)
32132 + X86_TRAP_GP, SIGSEGV) != NOTIFY_STOP) {
32133 +
32134 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
32135 + if ((regs->cs & 0xFFFF) == __KERNEL_CS || (regs->cs & 0xFFFF) == __KERNEXEC_KERNEL_CS)
32136 + die("PAX: suspicious general protection fault", regs, error_code);
32137 + else
32138 +#endif
32139 +
32140 die("general protection fault", regs, error_code);
32141 + }
32142 return;
32143 }
32144
32145 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
32146 + if (!(__supported_pte_mask & _PAGE_NX) && tsk->mm && (tsk->mm->pax_flags & MF_PAX_PAGEEXEC)) {
32147 + struct mm_struct *mm = tsk->mm;
32148 + unsigned long limit;
32149 +
32150 + down_write(&mm->mmap_sem);
32151 + limit = mm->context.user_cs_limit;
32152 + if (limit < TASK_SIZE) {
32153 + track_exec_limit(mm, limit, TASK_SIZE, VM_EXEC);
32154 + up_write(&mm->mmap_sem);
32155 + return;
32156 + }
32157 + up_write(&mm->mmap_sem);
32158 + }
32159 +#endif
32160 +
32161 tsk->thread.error_code = error_code;
32162 tsk->thread.trap_nr = X86_TRAP_GP;
32163
32164 @@ -546,6 +623,9 @@ struct bad_iret_stack *fixup_bad_iret(struct bad_iret_stack *s)
32165 container_of(task_pt_regs(current),
32166 struct bad_iret_stack, regs);
32167
32168 + if ((current->thread.sp0 ^ (unsigned long)s) < THREAD_SIZE)
32169 + new_stack = s;
32170 +
32171 /* Copy the IRET target to the new stack. */
32172 memmove(&new_stack->regs.ip, (void *)s->regs.sp, 5*8);
32173
32174 @@ -717,7 +797,7 @@ exit:
32175 * This is the most likely code path that involves non-trivial use
32176 * of the SYSENTER stack. Check that we haven't overrun it.
32177 */
32178 - WARN(this_cpu_read(cpu_tss.SYSENTER_stack_canary) != STACK_END_MAGIC,
32179 + WARN(cpu_tss[raw_smp_processor_id()].SYSENTER_stack_canary != STACK_END_MAGIC,
32180 "Overran or corrupted SYSENTER stack\n");
32181 #endif
32182 ist_exit(regs);
32183 @@ -847,7 +927,7 @@ void __init early_trap_init(void)
32184 * since we don't have trace_debug and it will be reset to
32185 * 'debug' in trap_init() by set_intr_gate_ist().
32186 */
32187 - set_intr_gate_notrace(X86_TRAP_DB, debug);
32188 + set_intr_gate_notrace(X86_TRAP_DB, int1);
32189 /* int3 can be called from all */
32190 set_system_intr_gate(X86_TRAP_BP, &int3);
32191 #ifdef CONFIG_X86_32
32192 @@ -914,6 +994,11 @@ void __init trap_init(void)
32193 set_bit(IA32_SYSCALL_VECTOR, used_vectors);
32194 #endif
32195
32196 +#ifdef CONFIG_PAX_REFCOUNT
32197 + set_intr_gate(X86_REFCOUNT_VECTOR, refcount_error);
32198 + set_bit(X86_REFCOUNT_VECTOR, used_vectors);
32199 +#endif
32200 +
32201 /*
32202 * Set the IDT descriptor to a fixed read-only location, so that the
32203 * "sidt" instruction will not leak the location of the kernel, and
32204 @@ -932,7 +1017,7 @@ void __init trap_init(void)
32205 * in early_trap_init(). However, ITS works only after
32206 * cpu_init() loads TSS. See comments in early_trap_init().
32207 */
32208 - set_intr_gate_ist(X86_TRAP_DB, &debug, DEBUG_STACK);
32209 + set_intr_gate_ist(X86_TRAP_DB, &int1, DEBUG_STACK);
32210 /* int3 can be called from all */
32211 set_system_intr_gate_ist(X86_TRAP_BP, &int3, DEBUG_STACK);
32212
32213 @@ -940,7 +1025,7 @@ void __init trap_init(void)
32214
32215 #ifdef CONFIG_X86_64
32216 memcpy(&debug_idt_table, &idt_table, IDT_ENTRIES * 16);
32217 - set_nmi_gate(X86_TRAP_DB, &debug);
32218 + set_nmi_gate(X86_TRAP_DB, &int1);
32219 set_nmi_gate(X86_TRAP_BP, &int3);
32220 #endif
32221 }
32222 diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
32223 index 78b9cb5..79fb053 100644
32224 --- a/arch/x86/kernel/tsc.c
32225 +++ b/arch/x86/kernel/tsc.c
32226 @@ -157,7 +157,7 @@ static void cyc2ns_write_end(int cpu, struct cyc2ns_data *data)
32227 */
32228 smp_wmb();
32229
32230 - ACCESS_ONCE(c2n->head) = data;
32231 + ACCESS_ONCE_RW(c2n->head) = data;
32232 }
32233
32234 /*
32235 diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c
32236 index 495c776..c0427ef 100644
32237 --- a/arch/x86/kernel/uprobes.c
32238 +++ b/arch/x86/kernel/uprobes.c
32239 @@ -287,7 +287,7 @@ static int uprobe_init_insn(struct arch_uprobe *auprobe, struct insn *insn, bool
32240 {
32241 u32 volatile *good_insns;
32242
32243 - insn_init(insn, auprobe->insn, sizeof(auprobe->insn), x86_64);
32244 + insn_init(insn, (void *)ktva_ktla((unsigned long)auprobe->insn), sizeof(auprobe->insn), x86_64);
32245 /* has the side-effect of processing the entire instruction */
32246 insn_get_length(insn);
32247 if (WARN_ON_ONCE(!insn_complete(insn)))
32248 @@ -978,7 +978,7 @@ arch_uretprobe_hijack_return_addr(unsigned long trampoline_vaddr, struct pt_regs
32249
32250 if (nleft != rasize) {
32251 pr_err("uprobe: return address clobbered: pid=%d, %%sp=%#lx, "
32252 - "%%ip=%#lx\n", current->pid, regs->sp, regs->ip);
32253 + "%%ip=%#lx\n", task_pid_nr(current), regs->sp, regs->ip);
32254
32255 force_sig_info(SIGSEGV, SEND_SIG_FORCED, current);
32256 }
32257 diff --git a/arch/x86/kernel/verify_cpu.S b/arch/x86/kernel/verify_cpu.S
32258 index 014ea59..03cfe40 100644
32259 --- a/arch/x86/kernel/verify_cpu.S
32260 +++ b/arch/x86/kernel/verify_cpu.S
32261 @@ -20,6 +20,7 @@
32262 * arch/x86/boot/compressed/head_64.S: Boot cpu verification
32263 * arch/x86/kernel/trampoline_64.S: secondary processor verification
32264 * arch/x86/kernel/head_32.S: processor startup
32265 + * arch/x86/kernel/acpi/realmode/wakeup.S: 32bit processor resume
32266 *
32267 * verify_cpu, returns the status of longmode and SSE in register %eax.
32268 * 0: Success 1: Failure
32269 diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c
32270 index 01f30e5..a304a4c 100644
32271 --- a/arch/x86/kernel/vm86_32.c
32272 +++ b/arch/x86/kernel/vm86_32.c
32273 @@ -144,7 +144,7 @@ void save_v86_state(struct kernel_vm86_regs *regs, int retval)
32274 do_exit(SIGSEGV);
32275 }
32276
32277 - tss = &per_cpu(cpu_tss, get_cpu());
32278 + tss = cpu_tss + get_cpu();
32279 tsk->thread.sp0 = vm86->saved_sp0;
32280 tsk->thread.sysenter_cs = __KERNEL_CS;
32281 load_sp0(tss, &tsk->thread);
32282 @@ -176,10 +176,8 @@ static void mark_screen_rdonly(struct mm_struct *mm)
32283 goto out;
32284 pmd = pmd_offset(pud, 0xA0000);
32285
32286 - if (pmd_trans_huge(*pmd)) {
32287 - struct vm_area_struct *vma = find_vma(mm, 0xA0000);
32288 - split_huge_pmd(vma, pmd, 0xA0000);
32289 - }
32290 + if (pmd_trans_huge(*pmd))
32291 + split_huge_pmd(find_vma(mm, 0xA0000), pmd, 0xA0000);
32292 if (pmd_none_or_clear_bad(pmd))
32293 goto out;
32294 pte = pte_offset_map_lock(mm, pmd, 0xA0000, &ptl);
32295 @@ -263,6 +261,13 @@ static long do_sys_vm86(struct vm86plus_struct __user *user_vm86, bool plus)
32296 return -EPERM;
32297 }
32298
32299 +#ifdef CONFIG_GRKERNSEC_VM86
32300 + if (!capable(CAP_SYS_RAWIO)) {
32301 + gr_handle_vm86();
32302 + return -EPERM;
32303 + }
32304 +#endif
32305 +
32306 if (!vm86) {
32307 if (!(vm86 = kzalloc(sizeof(*vm86), GFP_KERNEL)))
32308 return -ENOMEM;
32309 @@ -358,7 +363,7 @@ static long do_sys_vm86(struct vm86plus_struct __user *user_vm86, bool plus)
32310 vm86->saved_sp0 = tsk->thread.sp0;
32311 lazy_save_gs(vm86->regs32.gs);
32312
32313 - tss = &per_cpu(cpu_tss, get_cpu());
32314 + tss = cpu_tss + get_cpu();
32315 /* make room for real-mode segments */
32316 tsk->thread.sp0 += 16;
32317
32318 @@ -538,7 +543,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i,
32319 goto cannot_handle;
32320 if (i == 0x21 && is_revectored(AH(regs), &vm86->int21_revectored))
32321 goto cannot_handle;
32322 - intr_ptr = (unsigned long __user *) (i << 2);
32323 + intr_ptr = (unsigned long __force_user *) (i << 2);
32324 if (get_user(segoffs, intr_ptr))
32325 goto cannot_handle;
32326 if ((segoffs >> 16) == BIOSSEG)
32327 @@ -831,6 +836,14 @@ static inline int get_and_reset_irq(int irqnumber)
32328 static int do_vm86_irq_handling(int subfunction, int irqnumber)
32329 {
32330 int ret;
32331 +
32332 +#ifdef CONFIG_GRKERNSEC_VM86
32333 + if (!capable(CAP_SYS_RAWIO)) {
32334 + gr_handle_vm86();
32335 + return -EPERM;
32336 + }
32337 +#endif
32338 +
32339 switch (subfunction) {
32340 case VM86_GET_AND_RESET_IRQ: {
32341 return get_and_reset_irq(irqnumber);
32342 diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
32343 index 9297a00..3dc41ac 100644
32344 --- a/arch/x86/kernel/vmlinux.lds.S
32345 +++ b/arch/x86/kernel/vmlinux.lds.S
32346 @@ -26,6 +26,13 @@
32347 #include <asm/page_types.h>
32348 #include <asm/cache.h>
32349 #include <asm/boot.h>
32350 +#include <asm/segment.h>
32351 +
32352 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
32353 +#define __KERNEL_TEXT_OFFSET (LOAD_OFFSET + ____LOAD_PHYSICAL_ADDR)
32354 +#else
32355 +#define __KERNEL_TEXT_OFFSET 0
32356 +#endif
32357
32358 #undef i386 /* in case the preprocessor is a 32bit one */
32359
32360 @@ -68,30 +75,44 @@ jiffies_64 = jiffies;
32361
32362 PHDRS {
32363 text PT_LOAD FLAGS(5); /* R_E */
32364 +#ifdef CONFIG_X86_32
32365 + module PT_LOAD FLAGS(5); /* R_E */
32366 +#endif
32367 +#ifdef CONFIG_XEN
32368 + rodata PT_LOAD FLAGS(5); /* R_E */
32369 +#else
32370 + rodata PT_LOAD FLAGS(4); /* R__ */
32371 +#endif
32372 data PT_LOAD FLAGS(6); /* RW_ */
32373 -#ifdef CONFIG_X86_64
32374 + init.begin PT_LOAD FLAGS(6); /* RW_ */
32375 #ifdef CONFIG_SMP
32376 percpu PT_LOAD FLAGS(6); /* RW_ */
32377 #endif
32378 - init PT_LOAD FLAGS(7); /* RWE */
32379 -#endif
32380 + text.init PT_LOAD FLAGS(5); /* R_E */
32381 + text.exit PT_LOAD FLAGS(5); /* R_E */
32382 + init PT_LOAD FLAGS(6); /* RW_ */
32383 note PT_NOTE FLAGS(0); /* ___ */
32384 }
32385
32386 SECTIONS
32387 {
32388 #ifdef CONFIG_X86_32
32389 - . = LOAD_OFFSET + LOAD_PHYSICAL_ADDR;
32390 - phys_startup_32 = ABSOLUTE(startup_32 - LOAD_OFFSET);
32391 + . = LOAD_OFFSET + ____LOAD_PHYSICAL_ADDR;
32392 #else
32393 . = __START_KERNEL;
32394 - phys_startup_64 = ABSOLUTE(startup_64 - LOAD_OFFSET);
32395 #endif
32396
32397 /* Text and read-only data */
32398 - .text : AT(ADDR(.text) - LOAD_OFFSET) {
32399 - _text = .;
32400 + .text (. - __KERNEL_TEXT_OFFSET): AT(ADDR(.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) {
32401 /* bootstrapping code */
32402 +#ifdef CONFIG_X86_32
32403 + phys_startup_32 = ABSOLUTE(startup_32 - LOAD_OFFSET + __KERNEL_TEXT_OFFSET);
32404 + __LOAD_PHYSICAL_ADDR = . - LOAD_OFFSET + __KERNEL_TEXT_OFFSET;
32405 +#else
32406 + phys_startup_64 = ABSOLUTE(startup_64 - LOAD_OFFSET + __KERNEL_TEXT_OFFSET);
32407 + __LOAD_PHYSICAL_ADDR = ABSOLUTE(. - LOAD_OFFSET + __KERNEL_TEXT_OFFSET);
32408 +#endif
32409 + _text = .;
32410 HEAD_TEXT
32411 . = ALIGN(8);
32412 _stext = .;
32413 @@ -104,13 +125,35 @@ SECTIONS
32414 SOFTIRQENTRY_TEXT
32415 *(.fixup)
32416 *(.gnu.warning)
32417 - /* End of text section */
32418 - _etext = .;
32419 } :text = 0x9090
32420
32421 - NOTES :text :note
32422 + . += __KERNEL_TEXT_OFFSET;
32423
32424 - EXCEPTION_TABLE(16) :text = 0x9090
32425 +#ifdef CONFIG_X86_32
32426 + . = ALIGN(PAGE_SIZE);
32427 + .module.text : AT(ADDR(.module.text) - LOAD_OFFSET) {
32428 +
32429 +#ifdef CONFIG_PAX_KERNEXEC
32430 + MODULES_EXEC_VADDR = .;
32431 + BYTE(0)
32432 + . += (CONFIG_PAX_KERNEXEC_MODULE_TEXT * 1024 * 1024);
32433 + . = ALIGN(HPAGE_SIZE) - 1;
32434 + MODULES_EXEC_END = .;
32435 +#endif
32436 +
32437 + } :module
32438 +#endif
32439 +
32440 + .text.end : AT(ADDR(.text.end) - LOAD_OFFSET) {
32441 + /* End of text section */
32442 + BYTE(0)
32443 + _etext = . - __KERNEL_TEXT_OFFSET;
32444 + }
32445 +
32446 + . = ALIGN(PAGE_SIZE);
32447 + NOTES :rodata :note
32448 +
32449 + EXCEPTION_TABLE(16) :rodata
32450
32451 /* .text should occupy whole number of pages */
32452 . = ALIGN(PAGE_SIZE);
32453 @@ -120,16 +163,20 @@ SECTIONS
32454
32455 /* Data */
32456 .data : AT(ADDR(.data) - LOAD_OFFSET) {
32457 +
32458 +#ifdef CONFIG_PAX_KERNEXEC
32459 + . = ALIGN(HPAGE_SIZE);
32460 +#else
32461 + . = ALIGN(PAGE_SIZE);
32462 +#endif
32463 +
32464 /* Start of data section */
32465 _sdata = .;
32466
32467 /* init_task */
32468 INIT_TASK_DATA(THREAD_SIZE)
32469
32470 -#ifdef CONFIG_X86_32
32471 - /* 32 bit has nosave before _edata */
32472 NOSAVE_DATA
32473 -#endif
32474
32475 PAGE_ALIGNED_DATA(PAGE_SIZE)
32476
32477 @@ -172,12 +219,19 @@ SECTIONS
32478 . = ALIGN(__vvar_page + PAGE_SIZE, PAGE_SIZE);
32479
32480 /* Init code and data - will be freed after init */
32481 - . = ALIGN(PAGE_SIZE);
32482 .init.begin : AT(ADDR(.init.begin) - LOAD_OFFSET) {
32483 + BYTE(0)
32484 +
32485 +#ifdef CONFIG_PAX_KERNEXEC
32486 + . = ALIGN(HPAGE_SIZE);
32487 +#else
32488 + . = ALIGN(PAGE_SIZE);
32489 +#endif
32490 +
32491 __init_begin = .; /* paired with __init_end */
32492 - }
32493 + } :init.begin
32494
32495 -#if defined(CONFIG_X86_64) && defined(CONFIG_SMP)
32496 +#ifdef CONFIG_SMP
32497 /*
32498 * percpu offsets are zero-based on SMP. PERCPU_VADDR() changes the
32499 * output PHDR, so the next output section - .init.text - should
32500 @@ -188,10 +242,13 @@ SECTIONS
32501 "per-CPU data too large - increase CONFIG_PHYSICAL_START")
32502 #endif
32503
32504 - INIT_TEXT_SECTION(PAGE_SIZE)
32505 -#ifdef CONFIG_X86_64
32506 - :init
32507 -#endif
32508 + . = ALIGN(PAGE_SIZE);
32509 + init_begin = .;
32510 + .init.text (. - __KERNEL_TEXT_OFFSET): AT(init_begin - LOAD_OFFSET) {
32511 + VMLINUX_SYMBOL(_sinittext) = .;
32512 + INIT_TEXT
32513 + . = ALIGN(PAGE_SIZE);
32514 + } :text.init
32515
32516 /*
32517 * Section for code used exclusively before alternatives are run. All
32518 @@ -200,11 +257,29 @@ SECTIONS
32519 *
32520 * See static_cpu_has() for an example.
32521 */
32522 - .altinstr_aux : AT(ADDR(.altinstr_aux) - LOAD_OFFSET) {
32523 + .altinstr_aux : AT(ADDR(.altinstr_aux) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) {
32524 *(.altinstr_aux)
32525 }
32526
32527 - INIT_DATA_SECTION(16)
32528 + /*
32529 + * .exit.text is discard at runtime, not link time, to deal with
32530 + * references from .altinstructions and .eh_frame
32531 + */
32532 + .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) {
32533 + EXIT_TEXT
32534 + VMLINUX_SYMBOL(_einittext) = .;
32535 +
32536 +#ifdef CONFIG_PAX_KERNEXEC
32537 + . = ALIGN(HPAGE_SIZE);
32538 +#else
32539 + . = ALIGN(16);
32540 +#endif
32541 +
32542 + } :text.exit
32543 + . = init_begin + SIZEOF(.init.text) + SIZEOF(.altinstr_aux) + SIZEOF(.exit.text);
32544 +
32545 + . = ALIGN(PAGE_SIZE);
32546 + INIT_DATA_SECTION(16) :init
32547
32548 .x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) {
32549 __x86_cpu_dev_start = .;
32550 @@ -275,19 +350,12 @@ SECTIONS
32551 }
32552
32553 . = ALIGN(8);
32554 - /*
32555 - * .exit.text is discard at runtime, not link time, to deal with
32556 - * references from .altinstructions and .eh_frame
32557 - */
32558 - .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET) {
32559 - EXIT_TEXT
32560 - }
32561
32562 .exit.data : AT(ADDR(.exit.data) - LOAD_OFFSET) {
32563 EXIT_DATA
32564 }
32565
32566 -#if !defined(CONFIG_X86_64) || !defined(CONFIG_SMP)
32567 +#ifndef CONFIG_SMP
32568 PERCPU_SECTION(INTERNODE_CACHE_BYTES)
32569 #endif
32570
32571 @@ -306,16 +374,10 @@ SECTIONS
32572 .smp_locks : AT(ADDR(.smp_locks) - LOAD_OFFSET) {
32573 __smp_locks = .;
32574 *(.smp_locks)
32575 - . = ALIGN(PAGE_SIZE);
32576 __smp_locks_end = .;
32577 + . = ALIGN(PAGE_SIZE);
32578 }
32579
32580 -#ifdef CONFIG_X86_64
32581 - .data_nosave : AT(ADDR(.data_nosave) - LOAD_OFFSET) {
32582 - NOSAVE_DATA
32583 - }
32584 -#endif
32585 -
32586 /* BSS */
32587 . = ALIGN(PAGE_SIZE);
32588 .bss : AT(ADDR(.bss) - LOAD_OFFSET) {
32589 @@ -331,6 +393,7 @@ SECTIONS
32590 __brk_base = .;
32591 . += 64 * 1024; /* 64k alignment slop space */
32592 *(.brk_reservation) /* areas brk users have reserved */
32593 + . = ALIGN(HPAGE_SIZE);
32594 __brk_limit = .;
32595 }
32596
32597 @@ -361,13 +424,12 @@ SECTIONS
32598 * for the boot processor.
32599 */
32600 #define INIT_PER_CPU(x) init_per_cpu__##x = x + __per_cpu_load
32601 -INIT_PER_CPU(gdt_page);
32602 INIT_PER_CPU(irq_stack_union);
32603
32604 /*
32605 * Build-time check on the image size:
32606 */
32607 -. = ASSERT((_end - _text <= KERNEL_IMAGE_SIZE),
32608 +. = ASSERT((_end - _text - __KERNEL_TEXT_OFFSET <= KERNEL_IMAGE_SIZE),
32609 "kernel image bigger than KERNEL_IMAGE_SIZE");
32610
32611 #ifdef CONFIG_SMP
32612 diff --git a/arch/x86/kernel/x8664_ksyms_64.c b/arch/x86/kernel/x8664_ksyms_64.c
32613 index 95e49f6..975337d 100644
32614 --- a/arch/x86/kernel/x8664_ksyms_64.c
32615 +++ b/arch/x86/kernel/x8664_ksyms_64.c
32616 @@ -35,8 +35,6 @@ EXPORT_SYMBOL(copy_user_generic_string);
32617 EXPORT_SYMBOL(copy_user_generic_unrolled);
32618 EXPORT_SYMBOL(copy_user_enhanced_fast_string);
32619 EXPORT_SYMBOL(__copy_user_nocache);
32620 -EXPORT_SYMBOL(_copy_from_user);
32621 -EXPORT_SYMBOL(_copy_to_user);
32622
32623 EXPORT_SYMBOL_GPL(memcpy_mcsafe);
32624
32625 @@ -83,3 +81,7 @@ EXPORT_SYMBOL(native_load_gs_index);
32626 EXPORT_SYMBOL(___preempt_schedule);
32627 EXPORT_SYMBOL(___preempt_schedule_notrace);
32628 #endif
32629 +
32630 +#ifdef CONFIG_PAX_PER_CPU_PGD
32631 +EXPORT_SYMBOL(cpu_pgd);
32632 +#endif
32633 diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c
32634 index 76c5e52..6f2af84 100644
32635 --- a/arch/x86/kernel/x86_init.c
32636 +++ b/arch/x86/kernel/x86_init.c
32637 @@ -91,7 +91,7 @@ struct x86_cpuinit_ops x86_cpuinit = {
32638 static void default_nmi_init(void) { };
32639 static int default_i8042_detect(void) { return 1; };
32640
32641 -struct x86_platform_ops x86_platform = {
32642 +struct x86_platform_ops x86_platform __read_only = {
32643 .calibrate_cpu = native_calibrate_cpu,
32644 .calibrate_tsc = native_calibrate_tsc,
32645 .get_wallclock = mach_get_cmos_time,
32646 @@ -108,7 +108,7 @@ struct x86_platform_ops x86_platform = {
32647 EXPORT_SYMBOL_GPL(x86_platform);
32648
32649 #if defined(CONFIG_PCI_MSI)
32650 -struct x86_msi_ops x86_msi = {
32651 +struct x86_msi_ops x86_msi __read_only = {
32652 .setup_msi_irqs = native_setup_msi_irqs,
32653 .teardown_msi_irq = native_teardown_msi_irq,
32654 .teardown_msi_irqs = default_teardown_msi_irqs,
32655 @@ -137,7 +137,7 @@ void arch_restore_msi_irqs(struct pci_dev *dev)
32656 }
32657 #endif
32658
32659 -struct x86_io_apic_ops x86_io_apic_ops = {
32660 +struct x86_io_apic_ops x86_io_apic_ops __read_only = {
32661 .read = native_io_apic_read,
32662 .disable = native_disable_io_apic,
32663 };
32664 diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
32665 index 3235e0f..60b5e71 100644
32666 --- a/arch/x86/kvm/cpuid.c
32667 +++ b/arch/x86/kvm/cpuid.c
32668 @@ -224,15 +224,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu,
32669 struct kvm_cpuid2 *cpuid,
32670 struct kvm_cpuid_entry2 __user *entries)
32671 {
32672 - int r;
32673 + int r, i;
32674
32675 r = -E2BIG;
32676 if (cpuid->nent > KVM_MAX_CPUID_ENTRIES)
32677 goto out;
32678 r = -EFAULT;
32679 - if (copy_from_user(&vcpu->arch.cpuid_entries, entries,
32680 - cpuid->nent * sizeof(struct kvm_cpuid_entry2)))
32681 + if (!access_ok(VERIFY_READ, entries, cpuid->nent * sizeof(struct kvm_cpuid_entry2)))
32682 goto out;
32683 + for (i = 0; i < cpuid->nent; ++i) {
32684 + struct kvm_cpuid_entry2 cpuid_entry;
32685 + if (__copy_from_user(&cpuid_entry, entries + i, sizeof(cpuid_entry)))
32686 + goto out;
32687 + vcpu->arch.cpuid_entries[i] = cpuid_entry;
32688 + }
32689 vcpu->arch.cpuid_nent = cpuid->nent;
32690 kvm_apic_set_version(vcpu);
32691 kvm_x86_ops->cpuid_update(vcpu);
32692 @@ -245,15 +250,19 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
32693 struct kvm_cpuid2 *cpuid,
32694 struct kvm_cpuid_entry2 __user *entries)
32695 {
32696 - int r;
32697 + int r, i;
32698
32699 r = -E2BIG;
32700 if (cpuid->nent < vcpu->arch.cpuid_nent)
32701 goto out;
32702 r = -EFAULT;
32703 - if (copy_to_user(entries, &vcpu->arch.cpuid_entries,
32704 - vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2)))
32705 + if (!access_ok(VERIFY_WRITE, entries, vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2)))
32706 goto out;
32707 + for (i = 0; i < vcpu->arch.cpuid_nent; ++i) {
32708 + struct kvm_cpuid_entry2 cpuid_entry = vcpu->arch.cpuid_entries[i];
32709 + if (__copy_to_user(entries + i, &cpuid_entry, sizeof(cpuid_entry)))
32710 + goto out;
32711 + }
32712 return 0;
32713
32714 out:
32715 diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
32716 index 4e95d3e..e3e58b1 100644
32717 --- a/arch/x86/kvm/emulate.c
32718 +++ b/arch/x86/kvm/emulate.c
32719 @@ -971,7 +971,7 @@ static int em_bsr_c(struct x86_emulate_ctxt *ctxt)
32720 static __always_inline u8 test_cc(unsigned int condition, unsigned long flags)
32721 {
32722 u8 rc;
32723 - void (*fop)(void) = (void *)em_setcc + 4 * (condition & 0xf);
32724 + void (*fop)(struct fastop *) = (void *)em_setcc + 4 * (condition & 0xf);
32725
32726 flags = (flags & EFLAGS_MASK) | X86_EFLAGS_IF;
32727 asm("push %[flags]; popf; call *%[fastop]"
32728 @@ -1893,7 +1893,7 @@ static int em_push_sreg(struct x86_emulate_ctxt *ctxt)
32729 static int em_pop_sreg(struct x86_emulate_ctxt *ctxt)
32730 {
32731 int seg = ctxt->src2.val;
32732 - unsigned long selector;
32733 + u16 selector;
32734 int rc;
32735
32736 rc = emulate_pop(ctxt, &selector, 2);
32737 @@ -1905,7 +1905,7 @@ static int em_pop_sreg(struct x86_emulate_ctxt *ctxt)
32738 if (ctxt->op_bytes > 2)
32739 rsp_increment(ctxt, ctxt->op_bytes - 2);
32740
32741 - rc = load_segment_descriptor(ctxt, (u16)selector, seg);
32742 + rc = load_segment_descriptor(ctxt, selector, seg);
32743 return rc;
32744 }
32745
32746 @@ -3882,7 +3882,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
32747 int cr = ctxt->modrm_reg;
32748 u64 efer = 0;
32749
32750 - static u64 cr_reserved_bits[] = {
32751 + static const u64 cr_reserved_bits[] = {
32752 0xffffffff00000000ULL,
32753 0, 0, 0, /* CR3 checked later */
32754 CR4_RESERVED_BITS,
32755 @@ -4968,7 +4968,10 @@ done_prefixes:
32756 if (ctxt->d == 0)
32757 return EMULATION_FAILED;
32758
32759 - ctxt->execute = opcode.u.execute;
32760 + if (ctxt->d & Fastop)
32761 + ctxt->u.fastop = opcode.u.fastop;
32762 + else
32763 + ctxt->u.execute = opcode.u.execute;
32764
32765 if (unlikely(ctxt->ud) && likely(!(ctxt->d & EmulateOnUD)))
32766 return EMULATION_FAILED;
32767 @@ -5283,15 +5286,14 @@ special_insn:
32768 else
32769 ctxt->eflags &= ~X86_EFLAGS_RF;
32770
32771 - if (ctxt->execute) {
32772 + if (ctxt->u.execute) {
32773 if (ctxt->d & Fastop) {
32774 - void (*fop)(struct fastop *) = (void *)ctxt->execute;
32775 - rc = fastop(ctxt, fop);
32776 + rc = fastop(ctxt, ctxt->u.fastop);
32777 if (rc != X86EMUL_CONTINUE)
32778 goto done;
32779 goto writeback;
32780 }
32781 - rc = ctxt->execute(ctxt);
32782 + rc = ctxt->u.execute(ctxt);
32783 if (rc != X86EMUL_CONTINUE)
32784 goto done;
32785 goto writeback;
32786 diff --git a/arch/x86/kvm/i8259.c b/arch/x86/kvm/i8259.c
32787 index 7cc2360..6ae1236 100644
32788 --- a/arch/x86/kvm/i8259.c
32789 +++ b/arch/x86/kvm/i8259.c
32790 @@ -39,14 +39,14 @@
32791
32792 static void pic_irq_request(struct kvm *kvm, int level);
32793
32794 +static void pic_lock(struct kvm_pic *s) __acquires(&s->lock);
32795 static void pic_lock(struct kvm_pic *s)
32796 - __acquires(&s->lock)
32797 {
32798 spin_lock(&s->lock);
32799 }
32800
32801 +static void pic_unlock(struct kvm_pic *s) __releases(&s->lock);
32802 static void pic_unlock(struct kvm_pic *s)
32803 - __releases(&s->lock)
32804 {
32805 bool wakeup = s->wakeup_needed;
32806 struct kvm_vcpu *vcpu, *found = NULL;
32807 @@ -72,6 +72,7 @@ static void pic_unlock(struct kvm_pic *s)
32808 }
32809 }
32810
32811 +static void pic_clear_isr(struct kvm_kpic_state *s, int irq) __must_hold(s->pics_state);
32812 static void pic_clear_isr(struct kvm_kpic_state *s, int irq)
32813 {
32814 s->isr &= ~(1 << irq);
32815 @@ -219,6 +220,7 @@ void kvm_pic_clear_all(struct kvm_pic *s, int irq_source_id)
32816 /*
32817 * acknowledge interrupt 'irq'
32818 */
32819 +static inline void pic_intack(struct kvm_kpic_state *s, int irq) __must_hold(s);
32820 static inline void pic_intack(struct kvm_kpic_state *s, int irq)
32821 {
32822 s->isr |= 1 << irq;
32823 @@ -273,6 +275,7 @@ int kvm_pic_read_irq(struct kvm *kvm)
32824 return intno;
32825 }
32826
32827 +void kvm_pic_reset(struct kvm_kpic_state *s) __must_hold(s);
32828 void kvm_pic_reset(struct kvm_kpic_state *s)
32829 {
32830 int irq, i;
32831 @@ -307,6 +310,7 @@ void kvm_pic_reset(struct kvm_kpic_state *s)
32832 pic_clear_isr(s, irq);
32833 }
32834
32835 +static void pic_ioport_write(void *opaque, u32 addr, u32 val) __must_hold(opaque);
32836 static void pic_ioport_write(void *opaque, u32 addr, u32 val)
32837 {
32838 struct kvm_kpic_state *s = opaque;
32839 @@ -400,6 +404,7 @@ static void pic_ioport_write(void *opaque, u32 addr, u32 val)
32840 }
32841 }
32842
32843 +static u32 pic_poll_read(struct kvm_kpic_state *s, u32 addr1) __must_hold(s);
32844 static u32 pic_poll_read(struct kvm_kpic_state *s, u32 addr1)
32845 {
32846 int ret;
32847 @@ -422,6 +427,7 @@ static u32 pic_poll_read(struct kvm_kpic_state *s, u32 addr1)
32848 return ret;
32849 }
32850
32851 +static u32 pic_ioport_read(void *opaque, u32 addr1) __must_hold(opaque);
32852 static u32 pic_ioport_read(void *opaque, u32 addr1)
32853 {
32854 struct kvm_kpic_state *s = opaque;
32855 diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
32856 index 1a22de7..699421c 100644
32857 --- a/arch/x86/kvm/ioapic.c
32858 +++ b/arch/x86/kvm/ioapic.c
32859 @@ -415,6 +415,8 @@ static void kvm_ioapic_eoi_inject_work(struct work_struct *work)
32860 #define IOAPIC_SUCCESSIVE_IRQ_MAX_COUNT 10000
32861
32862 static void __kvm_ioapic_update_eoi(struct kvm_vcpu *vcpu,
32863 + struct kvm_ioapic *ioapic, int vector, int trigger_mode) __must_hold(&ioapic->lock);
32864 +static void __kvm_ioapic_update_eoi(struct kvm_vcpu *vcpu,
32865 struct kvm_ioapic *ioapic, int vector, int trigger_mode)
32866 {
32867 struct dest_map *dest_map = &ioapic->rtc_status.dest_map;
32868 diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
32869 index b62c852..bbf49f2 100644
32870 --- a/arch/x86/kvm/lapic.c
32871 +++ b/arch/x86/kvm/lapic.c
32872 @@ -57,7 +57,7 @@
32873 #define APIC_BUS_CYCLE_NS 1
32874
32875 /* #define apic_debug(fmt,arg...) printk(KERN_WARNING fmt,##arg) */
32876 -#define apic_debug(fmt, arg...)
32877 +#define apic_debug(fmt, arg...) do {} while (0)
32878
32879 /* 14 is the version for Xeon and Pentium 8.4.8*/
32880 #define APIC_VERSION (0x14UL | ((KVM_APIC_LVT_NUM - 1) << 16))
32881 diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
32882 index a011054..da14b47 100644
32883 --- a/arch/x86/kvm/paging_tmpl.h
32884 +++ b/arch/x86/kvm/paging_tmpl.h
32885 @@ -355,7 +355,7 @@ retry_walk:
32886 if (unlikely(kvm_is_error_hva(host_addr)))
32887 goto error;
32888
32889 - ptep_user = (pt_element_t __user *)((void *)host_addr + offset);
32890 + ptep_user = (pt_element_t __force_user *)((void *)host_addr + offset);
32891 if (unlikely(__copy_from_user(&pte, ptep_user, sizeof(pte))))
32892 goto error;
32893 walker->ptep_user[walker->level - 1] = ptep_user;
32894 diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
32895 index af523d8..ba7da48 100644
32896 --- a/arch/x86/kvm/svm.c
32897 +++ b/arch/x86/kvm/svm.c
32898 @@ -4120,7 +4120,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
32899 int cpu = raw_smp_processor_id();
32900
32901 struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
32902 +
32903 + pax_open_kernel();
32904 sd->tss_desc->type = 9; /* available 32/64-bit TSS */
32905 + pax_close_kernel();
32906 +
32907 load_TR_desc();
32908 }
32909
32910 @@ -4559,6 +4563,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
32911 #endif
32912 #endif
32913
32914 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
32915 + __set_fs(current_thread_info()->addr_limit);
32916 +#endif
32917 +
32918 reload_tss(vcpu);
32919
32920 local_irq_disable();
32921 @@ -4961,7 +4969,7 @@ static inline void avic_post_state_restore(struct kvm_vcpu *vcpu)
32922 avic_handle_ldr_update(vcpu);
32923 }
32924
32925 -static struct kvm_x86_ops svm_x86_ops = {
32926 +static struct kvm_x86_ops svm_x86_ops __read_only = {
32927 .cpu_has_kvm_support = has_svm,
32928 .disabled_by_bios = is_disabled,
32929 .hardware_setup = svm_hardware_setup,
32930 diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
32931 index 5cede40..f932797 100644
32932 --- a/arch/x86/kvm/vmx.c
32933 +++ b/arch/x86/kvm/vmx.c
32934 @@ -1666,14 +1666,14 @@ static __always_inline void vmcs_writel(unsigned long field, unsigned long value
32935 __vmcs_writel(field, value);
32936 }
32937
32938 -static __always_inline void vmcs_clear_bits(unsigned long field, u32 mask)
32939 +static __always_inline void vmcs_clear_bits(unsigned long field, unsigned long mask)
32940 {
32941 BUILD_BUG_ON_MSG(__builtin_constant_p(field) && ((field) & 0x6000) == 0x2000,
32942 "vmcs_clear_bits does not support 64-bit fields");
32943 __vmcs_writel(field, __vmcs_readl(field) & ~mask);
32944 }
32945
32946 -static __always_inline void vmcs_set_bits(unsigned long field, u32 mask)
32947 +static __always_inline void vmcs_set_bits(unsigned long field, unsigned long mask)
32948 {
32949 BUILD_BUG_ON_MSG(__builtin_constant_p(field) && ((field) & 0x6000) == 0x2000,
32950 "vmcs_set_bits does not support 64-bit fields");
32951 @@ -1952,7 +1952,11 @@ static void reload_tss(void)
32952 struct desc_struct *descs;
32953
32954 descs = (void *)gdt->address;
32955 +
32956 + pax_open_kernel();
32957 descs[GDT_ENTRY_TSS].type = 9; /* available TSS */
32958 + pax_close_kernel();
32959 +
32960 load_TR_desc();
32961 }
32962
32963 @@ -2256,6 +2260,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
32964 vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */
32965 vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */
32966
32967 +#ifdef CONFIG_PAX_PER_CPU_PGD
32968 + vmcs_writel(HOST_CR3, read_cr3()); /* 22.2.3 FIXME: shadow tables */
32969 +#endif
32970 +
32971 rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp);
32972 vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */
32973
32974 @@ -2580,7 +2588,7 @@ static void setup_msrs(struct vcpu_vmx *vmx)
32975 * guest_tsc = (host_tsc * tsc multiplier) >> 48 + tsc_offset
32976 * -- Intel TSC Scaling for Virtualization White Paper, sec 1.3
32977 */
32978 -static u64 guest_read_tsc(struct kvm_vcpu *vcpu)
32979 +static u64 __intentional_overflow(-1) guest_read_tsc(struct kvm_vcpu *vcpu)
32980 {
32981 u64 host_tsc, tsc_offset;
32982
32983 @@ -4840,7 +4848,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
32984 unsigned long cr4;
32985
32986 vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */
32987 +
32988 +#ifndef CONFIG_PAX_PER_CPU_PGD
32989 vmcs_writel(HOST_CR3, read_cr3()); /* 22.2.3 FIXME: shadow tables */
32990 +#endif
32991
32992 /* Save the most likely value for this task's CR4 in the VMCS. */
32993 cr4 = cr4_read_shadow();
32994 @@ -4867,7 +4878,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
32995 vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */
32996 vmx->host_idt_base = dt.address;
32997
32998 - vmcs_writel(HOST_RIP, vmx_return); /* 22.2.5 */
32999 + vmcs_writel(HOST_RIP, ktla_ktva(vmx_return)); /* 22.2.5 */
33000
33001 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
33002 vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
33003 @@ -6428,11 +6439,17 @@ static __init int hardware_setup(void)
33004 * page upon invalidation. No need to do anything if not
33005 * using the APIC_ACCESS_ADDR VMCS field.
33006 */
33007 - if (!flexpriority_enabled)
33008 + if (!flexpriority_enabled) {
33009 + pax_open_kernel();
33010 kvm_x86_ops->set_apic_access_page_addr = NULL;
33011 + pax_close_kernel();
33012 + }
33013
33014 - if (!cpu_has_vmx_tpr_shadow())
33015 + if (!cpu_has_vmx_tpr_shadow()) {
33016 + pax_open_kernel();
33017 kvm_x86_ops->update_cr8_intercept = NULL;
33018 + pax_close_kernel();
33019 + }
33020
33021 if (enable_ept && !cpu_has_vmx_ept_2m_page())
33022 kvm_disable_largepages();
33023 @@ -6498,10 +6515,12 @@ static __init int hardware_setup(void)
33024 enable_pml = 0;
33025
33026 if (!enable_pml) {
33027 + pax_open_kernel();
33028 kvm_x86_ops->slot_enable_log_dirty = NULL;
33029 kvm_x86_ops->slot_disable_log_dirty = NULL;
33030 kvm_x86_ops->flush_log_dirty = NULL;
33031 kvm_x86_ops->enable_log_dirty_pt_masked = NULL;
33032 + pax_close_kernel();
33033 }
33034
33035 if (cpu_has_vmx_preemption_timer() && enable_preemption_timer) {
33036 @@ -8890,6 +8909,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
33037 "jmp 2f \n\t"
33038 "1: " __ex(ASM_VMX_VMRESUME) "\n\t"
33039 "2: "
33040 +
33041 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
33042 + "ljmp %[cs],$3f\n\t"
33043 + "3: "
33044 +#endif
33045 +
33046 /* Save guest registers, load host registers, keep flags */
33047 "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t"
33048 "pop %0 \n\t"
33049 @@ -8942,6 +8967,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
33050 #endif
33051 [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
33052 [wordsize]"i"(sizeof(ulong))
33053 +
33054 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
33055 + ,[cs]"i"(__KERNEL_CS)
33056 +#endif
33057 +
33058 : "cc", "memory"
33059 #ifdef CONFIG_X86_64
33060 , "rax", "rbx", "rdi", "rsi"
33061 @@ -8955,7 +8985,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
33062 if (debugctlmsr)
33063 update_debugctlmsr(debugctlmsr);
33064
33065 -#ifndef CONFIG_X86_64
33066 +#ifdef CONFIG_X86_32
33067 /*
33068 * The sysexit path does not restore ds/es, so we must set them to
33069 * a reasonable value ourselves.
33070 @@ -8964,8 +8994,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
33071 * may be executed in interrupt context, which saves and restore segments
33072 * around it, nullifying its effect.
33073 */
33074 - loadsegment(ds, __USER_DS);
33075 - loadsegment(es, __USER_DS);
33076 + loadsegment(ds, __KERNEL_DS);
33077 + loadsegment(es, __KERNEL_DS);
33078 + loadsegment(ss, __KERNEL_DS);
33079 +
33080 +#ifdef CONFIG_PAX_KERNEXEC
33081 + loadsegment(fs, __KERNEL_PERCPU);
33082 +#endif
33083 +
33084 +#ifdef CONFIG_PAX_MEMORY_UDEREF
33085 + __set_fs(current_thread_info()->addr_limit);
33086 +#endif
33087 +
33088 #endif
33089
33090 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
33091 @@ -11177,7 +11217,7 @@ static void vmx_setup_mce(struct kvm_vcpu *vcpu)
33092 ~FEATURE_CONTROL_LMCE;
33093 }
33094
33095 -static struct kvm_x86_ops vmx_x86_ops = {
33096 +static struct kvm_x86_ops vmx_x86_ops __read_only = {
33097 .cpu_has_kvm_support = cpu_has_kvm_support,
33098 .disabled_by_bios = vmx_disabled_by_bios,
33099 .hardware_setup = hardware_setup,
33100 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
33101 index 699f872..52b660d 100644
33102 --- a/arch/x86/kvm/x86.c
33103 +++ b/arch/x86/kvm/x86.c
33104 @@ -1948,8 +1948,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
33105 {
33106 struct kvm *kvm = vcpu->kvm;
33107 int lm = is_long_mode(vcpu);
33108 - u8 *blob_addr = lm ? (u8 *)(long)kvm->arch.xen_hvm_config.blob_addr_64
33109 - : (u8 *)(long)kvm->arch.xen_hvm_config.blob_addr_32;
33110 + u8 __user *blob_addr = lm ? (u8 __user *)(long)kvm->arch.xen_hvm_config.blob_addr_64
33111 + : (u8 __user *)(long)kvm->arch.xen_hvm_config.blob_addr_32;
33112 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
33113 : kvm->arch.xen_hvm_config.blob_size_32;
33114 u32 page_num = data & ~PAGE_MASK;
33115 @@ -2657,6 +2657,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
33116 if (n < msr_list.nmsrs)
33117 goto out;
33118 r = -EFAULT;
33119 + if (num_msrs_to_save > ARRAY_SIZE(msrs_to_save))
33120 + goto out;
33121 if (copy_to_user(user_msr_list->indices, &msrs_to_save,
33122 num_msrs_to_save * sizeof(u32)))
33123 goto out;
33124 @@ -3073,7 +3075,7 @@ static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
33125
33126 static void fill_xsave(u8 *dest, struct kvm_vcpu *vcpu)
33127 {
33128 - struct xregs_state *xsave = &vcpu->arch.guest_fpu.state.xsave;
33129 + struct xregs_state *xsave = &vcpu->arch.guest_fpu.state->xsave;
33130 u64 xstate_bv = xsave->header.xfeatures;
33131 u64 valid;
33132
33133 @@ -3109,7 +3111,7 @@ static void fill_xsave(u8 *dest, struct kvm_vcpu *vcpu)
33134
33135 static void load_xsave(struct kvm_vcpu *vcpu, u8 *src)
33136 {
33137 - struct xregs_state *xsave = &vcpu->arch.guest_fpu.state.xsave;
33138 + struct xregs_state *xsave = &vcpu->arch.guest_fpu.state->xsave;
33139 u64 xstate_bv = *(u64 *)(src + XSAVE_HDR_OFFSET);
33140 u64 valid;
33141
33142 @@ -3153,7 +3155,7 @@ static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu,
33143 fill_xsave((u8 *) guest_xsave->region, vcpu);
33144 } else {
33145 memcpy(guest_xsave->region,
33146 - &vcpu->arch.guest_fpu.state.fxsave,
33147 + &vcpu->arch.guest_fpu.state->fxsave,
33148 sizeof(struct fxregs_state));
33149 *(u64 *)&guest_xsave->region[XSAVE_HDR_OFFSET / sizeof(u32)] =
33150 XFEATURE_MASK_FPSSE;
33151 @@ -3178,7 +3180,7 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
33152 } else {
33153 if (xstate_bv & ~XFEATURE_MASK_FPSSE)
33154 return -EINVAL;
33155 - memcpy(&vcpu->arch.guest_fpu.state.fxsave,
33156 + memcpy(&vcpu->arch.guest_fpu.state->fxsave,
33157 guest_xsave->region, sizeof(struct fxregs_state));
33158 }
33159 return 0;
33160 @@ -5739,7 +5741,7 @@ static unsigned long kvm_get_guest_ip(void)
33161 unsigned long ip = 0;
33162
33163 if (__this_cpu_read(current_vcpu))
33164 - ip = kvm_rip_read(__this_cpu_read(current_vcpu));
33165 + ip = kvm_get_linear_rip(__this_cpu_read(current_vcpu));
33166
33167 return ip;
33168 }
33169 @@ -6462,6 +6464,7 @@ void kvm_arch_mmu_notifier_invalidate_page(struct kvm *kvm,
33170 * exiting to the userspace. Otherwise, the value will be returned to the
33171 * userspace.
33172 */
33173 +static int vcpu_enter_guest(struct kvm_vcpu *vcpu) __must_hold(&vcpu->kvm->srcu);
33174 static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
33175 {
33176 int r;
33177 @@ -6737,6 +6740,7 @@ out:
33178 return r;
33179 }
33180
33181 +static inline int vcpu_block(struct kvm *kvm, struct kvm_vcpu *vcpu) __must_hold(&kvm->srcu);
33182 static inline int vcpu_block(struct kvm *kvm, struct kvm_vcpu *vcpu)
33183 {
33184 if (!kvm_arch_vcpu_runnable(vcpu) &&
33185 @@ -7284,7 +7288,7 @@ int kvm_arch_vcpu_ioctl_translate(struct kvm_vcpu *vcpu,
33186 int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
33187 {
33188 struct fxregs_state *fxsave =
33189 - &vcpu->arch.guest_fpu.state.fxsave;
33190 + &vcpu->arch.guest_fpu.state->fxsave;
33191
33192 memcpy(fpu->fpr, fxsave->st_space, 128);
33193 fpu->fcw = fxsave->cwd;
33194 @@ -7301,7 +7305,7 @@ int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
33195 int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
33196 {
33197 struct fxregs_state *fxsave =
33198 - &vcpu->arch.guest_fpu.state.fxsave;
33199 + &vcpu->arch.guest_fpu.state->fxsave;
33200
33201 memcpy(fxsave->st_space, fpu->fpr, 128);
33202 fxsave->cwd = fpu->fcw;
33203 @@ -7317,9 +7321,9 @@ int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
33204
33205 static void fx_init(struct kvm_vcpu *vcpu)
33206 {
33207 - fpstate_init(&vcpu->arch.guest_fpu.state);
33208 + fpstate_init(vcpu->arch.guest_fpu.state);
33209 if (boot_cpu_has(X86_FEATURE_XSAVES))
33210 - vcpu->arch.guest_fpu.state.xsave.header.xcomp_bv =
33211 + vcpu->arch.guest_fpu.state->xsave.header.xcomp_bv =
33212 host_xcr0 | XSTATE_COMPACTION_ENABLED;
33213
33214 /*
33215 @@ -7342,7 +7346,7 @@ void kvm_load_guest_fpu(struct kvm_vcpu *vcpu)
33216 */
33217 vcpu->guest_fpu_loaded = 1;
33218 __kernel_fpu_begin();
33219 - __copy_kernel_to_fpregs(&vcpu->arch.guest_fpu.state);
33220 + __copy_kernel_to_fpregs(vcpu->arch.guest_fpu.state);
33221 trace_kvm_fpu(1);
33222 }
33223
33224 @@ -7640,6 +7644,8 @@ bool kvm_vcpu_is_bsp(struct kvm_vcpu *vcpu)
33225 struct static_key kvm_no_apic_vcpu __read_mostly;
33226 EXPORT_SYMBOL_GPL(kvm_no_apic_vcpu);
33227
33228 +extern struct kmem_cache *fpregs_state_cachep;
33229 +
33230 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
33231 {
33232 struct page *page;
33233 @@ -7657,11 +7663,14 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
33234 else
33235 vcpu->arch.mp_state = KVM_MP_STATE_UNINITIALIZED;
33236
33237 - page = alloc_page(GFP_KERNEL | __GFP_ZERO);
33238 - if (!page) {
33239 - r = -ENOMEM;
33240 + r = -ENOMEM;
33241 + vcpu->arch.guest_fpu.state = kmem_cache_alloc(fpregs_state_cachep, GFP_KERNEL);
33242 + if (!vcpu->arch.guest_fpu.state)
33243 goto fail;
33244 - }
33245 +
33246 + page = alloc_page(GFP_KERNEL | __GFP_ZERO);
33247 + if (!page)
33248 + goto fail_free_fpregs;
33249 vcpu->arch.pio_data = page_address(page);
33250
33251 kvm_set_tsc_khz(vcpu, max_tsc_khz);
33252 @@ -7719,6 +7728,9 @@ fail_mmu_destroy:
33253 kvm_mmu_destroy(vcpu);
33254 fail_free_pio_data:
33255 free_page((unsigned long)vcpu->arch.pio_data);
33256 +fail_free_fpregs:
33257 + kmem_cache_free(fpregs_state_cachep, vcpu->arch.guest_fpu.state);
33258 + vcpu->arch.guest_fpu.state = NULL;
33259 fail:
33260 return r;
33261 }
33262 @@ -7737,6 +7749,8 @@ void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu)
33263 free_page((unsigned long)vcpu->arch.pio_data);
33264 if (!lapic_in_kernel(vcpu))
33265 static_key_slow_dec(&kvm_no_apic_vcpu);
33266 + kmem_cache_free(fpregs_state_cachep, vcpu->arch.guest_fpu.state);
33267 + vcpu->arch.guest_fpu.state = NULL;
33268 }
33269
33270 void kvm_arch_sched_in(struct kvm_vcpu *vcpu, int cpu)
33271 diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c
33272 index 25da5bc8..3c3fbd4 100644
33273 --- a/arch/x86/lguest/boot.c
33274 +++ b/arch/x86/lguest/boot.c
33275 @@ -1329,9 +1329,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count)
33276 * Rebooting also tells the Host we're finished, but the RESTART flag tells the
33277 * Launcher to reboot us.
33278 */
33279 -static void lguest_restart(char *reason)
33280 +static __noreturn void lguest_restart(char *reason)
33281 {
33282 hcall(LHCALL_SHUTDOWN, __pa(reason), LGUEST_SHUTDOWN_RESTART, 0, 0);
33283 + BUG();
33284 }
33285
33286 /*G:050
33287 diff --git a/arch/x86/lib/Makefile b/arch/x86/lib/Makefile
33288 index 34a7413..499d0da 100644
33289 --- a/arch/x86/lib/Makefile
33290 +++ b/arch/x86/lib/Makefile
33291 @@ -29,6 +29,10 @@ lib-$(CONFIG_RANDOMIZE_BASE) += kaslr.o
33292 obj-y += msr.o msr-reg.o msr-reg-export.o hweight.o
33293
33294 ifeq ($(CONFIG_X86_32),y)
33295 + CFLAGS_strstr_32.o += $(INITIFY_DISABLE_VERIFY_NOCAPTURE_FUNCTIONS)
33296 + CFLAGS_string_32.o += $(INITIFY_DISABLE_VERIFY_NOCAPTURE_FUNCTIONS)
33297 + CFLAGS_memcpy_32.o += $(INITIFY_DISABLE_VERIFY_NOCAPTURE_FUNCTIONS)
33298 +
33299 obj-y += atomic64_32.o
33300 lib-y += atomic64_cx8_32.o
33301 lib-y += checksum_32.o
33302 diff --git a/arch/x86/lib/atomic64_386_32.S b/arch/x86/lib/atomic64_386_32.S
33303 index 9b0ca8f..bf83b2c 100644
33304 --- a/arch/x86/lib/atomic64_386_32.S
33305 +++ b/arch/x86/lib/atomic64_386_32.S
33306 @@ -10,6 +10,7 @@
33307 */
33308
33309 #include <linux/linkage.h>
33310 +#include <asm/irq_vectors.h>
33311 #include <asm/alternative-asm.h>
33312
33313 /* if you want SMP support, implement these with real spinlocks */
33314 @@ -45,6 +46,10 @@ BEGIN(read)
33315 movl (v), %eax
33316 movl 4(v), %edx
33317 RET_ENDP
33318 +BEGIN(read_unchecked)
33319 + movl (v), %eax
33320 + movl 4(v), %edx
33321 +RET_ENDP
33322 #undef v
33323
33324 #define v %esi
33325 @@ -52,6 +57,10 @@ BEGIN(set)
33326 movl %ebx, (v)
33327 movl %ecx, 4(v)
33328 RET_ENDP
33329 +BEGIN(set_unchecked)
33330 + movl %ebx, (v)
33331 + movl %ecx, 4(v)
33332 +RET_ENDP
33333 #undef v
33334
33335 #define v %esi
33336 @@ -67,6 +76,12 @@ RET_ENDP
33337 BEGIN(add)
33338 addl %eax, (v)
33339 adcl %edx, 4(v)
33340 +
33341 + PAX_REFCOUNT64_OVERFLOW (v)
33342 +RET_ENDP
33343 +BEGIN(add_unchecked)
33344 + addl %eax, (v)
33345 + adcl %edx, 4(v)
33346 RET_ENDP
33347 #undef v
33348
33349 @@ -74,6 +89,15 @@ RET_ENDP
33350 BEGIN(add_return)
33351 addl (v), %eax
33352 adcl 4(v), %edx
33353 +
33354 + movl %eax, (v)
33355 + movl %edx, 4(v)
33356 +
33357 + PAX_REFCOUNT64_OVERFLOW (v)
33358 +RET_ENDP
33359 +BEGIN(add_return_unchecked)
33360 + addl (v), %eax
33361 + adcl 4(v), %edx
33362 movl %eax, (v)
33363 movl %edx, 4(v)
33364 RET_ENDP
33365 @@ -83,6 +107,12 @@ RET_ENDP
33366 BEGIN(sub)
33367 subl %eax, (v)
33368 sbbl %edx, 4(v)
33369 +
33370 + PAX_REFCOUNT64_UNDERFLOW (v)
33371 +RET_ENDP
33372 +BEGIN(sub_unchecked)
33373 + subl %eax, (v)
33374 + sbbl %edx, 4(v)
33375 RET_ENDP
33376 #undef v
33377
33378 @@ -93,6 +123,18 @@ BEGIN(sub_return)
33379 sbbl $0, %edx
33380 addl (v), %eax
33381 adcl 4(v), %edx
33382 +
33383 + movl %eax, (v)
33384 + movl %edx, 4(v)
33385 +
33386 + PAX_REFCOUNT64_UNDERFLOW (v)
33387 +RET_ENDP
33388 +BEGIN(sub_return_unchecked)
33389 + negl %edx
33390 + negl %eax
33391 + sbbl $0, %edx
33392 + addl (v), %eax
33393 + adcl 4(v), %edx
33394 movl %eax, (v)
33395 movl %edx, 4(v)
33396 RET_ENDP
33397 @@ -102,6 +144,12 @@ RET_ENDP
33398 BEGIN(inc)
33399 addl $1, (v)
33400 adcl $0, 4(v)
33401 +
33402 + PAX_REFCOUNT64_OVERFLOW (v)
33403 +RET_ENDP
33404 +BEGIN(inc_unchecked)
33405 + addl $1, (v)
33406 + adcl $0, 4(v)
33407 RET_ENDP
33408 #undef v
33409
33410 @@ -111,6 +159,17 @@ BEGIN(inc_return)
33411 movl 4(v), %edx
33412 addl $1, %eax
33413 adcl $0, %edx
33414 +
33415 + movl %eax, (v)
33416 + movl %edx, 4(v)
33417 +
33418 + PAX_REFCOUNT64_OVERFLOW (v)
33419 +RET_ENDP
33420 +BEGIN(inc_return_unchecked)
33421 + movl (v), %eax
33422 + movl 4(v), %edx
33423 + addl $1, %eax
33424 + adcl $0, %edx
33425 movl %eax, (v)
33426 movl %edx, 4(v)
33427 RET_ENDP
33428 @@ -120,6 +179,12 @@ RET_ENDP
33429 BEGIN(dec)
33430 subl $1, (v)
33431 sbbl $0, 4(v)
33432 +
33433 + PAX_REFCOUNT64_UNDERFLOW (v)
33434 +RET_ENDP
33435 +BEGIN(dec_unchecked)
33436 + subl $1, (v)
33437 + sbbl $0, 4(v)
33438 RET_ENDP
33439 #undef v
33440
33441 @@ -129,6 +194,17 @@ BEGIN(dec_return)
33442 movl 4(v), %edx
33443 subl $1, %eax
33444 sbbl $0, %edx
33445 +
33446 + movl %eax, (v)
33447 + movl %edx, 4(v)
33448 +
33449 + PAX_REFCOUNT64_UNDERFLOW (v)
33450 +RET_ENDP
33451 +BEGIN(dec_return_unchecked)
33452 + movl (v), %eax
33453 + movl 4(v), %edx
33454 + subl $1, %eax
33455 + sbbl $0, %edx
33456 movl %eax, (v)
33457 movl %edx, 4(v)
33458 RET_ENDP
33459 @@ -140,6 +216,9 @@ BEGIN(add_unless)
33460 adcl %edx, %edi
33461 addl (v), %eax
33462 adcl 4(v), %edx
33463 +
33464 + PAX_REFCOUNT64_OVERFLOW (v)
33465 +
33466 cmpl %eax, %ecx
33467 je 3f
33468 1:
33469 @@ -165,6 +244,9 @@ BEGIN(inc_not_zero)
33470 1:
33471 addl $1, %eax
33472 adcl $0, %edx
33473 +
33474 + PAX_REFCOUNT64_OVERFLOW (v)
33475 +
33476 movl %eax, (v)
33477 movl %edx, 4(v)
33478 movl $1, %eax
33479 @@ -183,6 +265,9 @@ BEGIN(dec_if_positive)
33480 movl 4(v), %edx
33481 subl $1, %eax
33482 sbbl $0, %edx
33483 +
33484 + PAX_REFCOUNT64_UNDERFLOW (v)
33485 +
33486 js 1f
33487 movl %eax, (v)
33488 movl %edx, 4(v)
33489 diff --git a/arch/x86/lib/atomic64_cx8_32.S b/arch/x86/lib/atomic64_cx8_32.S
33490 index db3ae854..3852140 100644
33491 --- a/arch/x86/lib/atomic64_cx8_32.S
33492 +++ b/arch/x86/lib/atomic64_cx8_32.S
33493 @@ -10,6 +10,7 @@
33494 */
33495
33496 #include <linux/linkage.h>
33497 +#include <asm/irq_vectors.h>
33498 #include <asm/alternative-asm.h>
33499
33500 .macro read64 reg
33501 @@ -22,9 +23,16 @@
33502
33503 ENTRY(atomic64_read_cx8)
33504 read64 %ecx
33505 + pax_force_retaddr
33506 ret
33507 ENDPROC(atomic64_read_cx8)
33508
33509 +ENTRY(atomic64_read_unchecked_cx8)
33510 + read64 %ecx
33511 + pax_force_retaddr
33512 + ret
33513 +ENDPROC(atomic64_read_unchecked_cx8)
33514 +
33515 ENTRY(atomic64_set_cx8)
33516 1:
33517 /* we don't need LOCK_PREFIX since aligned 64-bit writes
33518 @@ -32,20 +40,33 @@ ENTRY(atomic64_set_cx8)
33519 cmpxchg8b (%esi)
33520 jne 1b
33521
33522 + pax_force_retaddr
33523 ret
33524 ENDPROC(atomic64_set_cx8)
33525
33526 +ENTRY(atomic64_set_unchecked_cx8)
33527 +1:
33528 +/* we don't need LOCK_PREFIX since aligned 64-bit writes
33529 + * are atomic on 586 and newer */
33530 + cmpxchg8b (%esi)
33531 + jne 1b
33532 +
33533 + pax_force_retaddr
33534 + ret
33535 +ENDPROC(atomic64_set_unchecked_cx8)
33536 +
33537 ENTRY(atomic64_xchg_cx8)
33538 1:
33539 LOCK_PREFIX
33540 cmpxchg8b (%esi)
33541 jne 1b
33542
33543 + pax_force_retaddr
33544 ret
33545 ENDPROC(atomic64_xchg_cx8)
33546
33547 -.macro addsub_return func ins insc
33548 -ENTRY(atomic64_\func\()_return_cx8)
33549 +.macro addsub_return func ins insc unchecked=""
33550 +ENTRY(atomic64_\func\()_return\unchecked\()_cx8)
33551 pushl %ebp
33552 pushl %ebx
33553 pushl %esi
33554 @@ -61,26 +82,37 @@ ENTRY(atomic64_\func\()_return_cx8)
33555 movl %edx, %ecx
33556 \ins\()l %esi, %ebx
33557 \insc\()l %edi, %ecx
33558 +
33559 +.ifb \unchecked
33560 +.if \func == add
33561 + PAX_REFCOUNT64_OVERFLOW (%ebp)
33562 +.else
33563 + PAX_REFCOUNT64_UNDERFLOW (%ebp)
33564 +.endif
33565 +.endif
33566 +
33567 LOCK_PREFIX
33568 cmpxchg8b (%ebp)
33569 jne 1b
33570 -
33571 -10:
33572 movl %ebx, %eax
33573 movl %ecx, %edx
33574 +
33575 popl %edi
33576 popl %esi
33577 popl %ebx
33578 popl %ebp
33579 + pax_force_retaddr
33580 ret
33581 -ENDPROC(atomic64_\func\()_return_cx8)
33582 +ENDPROC(atomic64_\func\()_return\unchecked\()_cx8)
33583 .endm
33584
33585 addsub_return add add adc
33586 addsub_return sub sub sbb
33587 +addsub_return add add adc _unchecked
33588 +addsub_return sub sub sbb _unchecked
33589
33590 -.macro incdec_return func ins insc
33591 -ENTRY(atomic64_\func\()_return_cx8)
33592 +.macro incdec_return func ins insc unchecked=""
33593 +ENTRY(atomic64_\func\()_return\unchecked\()_cx8)
33594 pushl %ebx
33595
33596 read64 %esi
33597 @@ -89,20 +121,31 @@ ENTRY(atomic64_\func\()_return_cx8)
33598 movl %edx, %ecx
33599 \ins\()l $1, %ebx
33600 \insc\()l $0, %ecx
33601 +
33602 +.ifb \unchecked
33603 +.if \func == inc
33604 + PAX_REFCOUNT64_OVERFLOW (%esi)
33605 +.else
33606 + PAX_REFCOUNT64_UNDERFLOW (%esi)
33607 +.endif
33608 +.endif
33609 +
33610 LOCK_PREFIX
33611 cmpxchg8b (%esi)
33612 jne 1b
33613 -
33614 -10:
33615 movl %ebx, %eax
33616 movl %ecx, %edx
33617 +
33618 popl %ebx
33619 + pax_force_retaddr
33620 ret
33621 -ENDPROC(atomic64_\func\()_return_cx8)
33622 +ENDPROC(atomic64_\func\()_return\unchecked\()_cx8)
33623 .endm
33624
33625 incdec_return inc add adc
33626 incdec_return dec sub sbb
33627 +incdec_return inc add adc _unchecked
33628 +incdec_return dec sub sbb _unchecked
33629
33630 ENTRY(atomic64_dec_if_positive_cx8)
33631 pushl %ebx
33632 @@ -113,6 +156,9 @@ ENTRY(atomic64_dec_if_positive_cx8)
33633 movl %edx, %ecx
33634 subl $1, %ebx
33635 sbb $0, %ecx
33636 +
33637 + PAX_REFCOUNT64_UNDERFLOW (%esi)
33638 +
33639 js 2f
33640 LOCK_PREFIX
33641 cmpxchg8b (%esi)
33642 @@ -122,6 +168,7 @@ ENTRY(atomic64_dec_if_positive_cx8)
33643 movl %ebx, %eax
33644 movl %ecx, %edx
33645 popl %ebx
33646 + pax_force_retaddr
33647 ret
33648 ENDPROC(atomic64_dec_if_positive_cx8)
33649
33650 @@ -144,6 +191,9 @@ ENTRY(atomic64_add_unless_cx8)
33651 movl %edx, %ecx
33652 addl %ebp, %ebx
33653 adcl %edi, %ecx
33654 +
33655 + PAX_REFCOUNT64_OVERFLOW (%esi)
33656 +
33657 LOCK_PREFIX
33658 cmpxchg8b (%esi)
33659 jne 1b
33660 @@ -153,6 +203,7 @@ ENTRY(atomic64_add_unless_cx8)
33661 addl $8, %esp
33662 popl %ebx
33663 popl %ebp
33664 + pax_force_retaddr
33665 ret
33666 4:
33667 cmpl %edx, 4(%esp)
33668 @@ -173,6 +224,9 @@ ENTRY(atomic64_inc_not_zero_cx8)
33669 xorl %ecx, %ecx
33670 addl $1, %ebx
33671 adcl %edx, %ecx
33672 +
33673 + PAX_REFCOUNT64_OVERFLOW (%esi)
33674 +
33675 LOCK_PREFIX
33676 cmpxchg8b (%esi)
33677 jne 1b
33678 @@ -180,5 +234,6 @@ ENTRY(atomic64_inc_not_zero_cx8)
33679 movl $1, %eax
33680 3:
33681 popl %ebx
33682 + pax_force_retaddr
33683 ret
33684 ENDPROC(atomic64_inc_not_zero_cx8)
33685 diff --git a/arch/x86/lib/checksum_32.S b/arch/x86/lib/checksum_32.S
33686 index c1e6232..ebbeba7 100644
33687 --- a/arch/x86/lib/checksum_32.S
33688 +++ b/arch/x86/lib/checksum_32.S
33689 @@ -28,7 +28,8 @@
33690 #include <linux/linkage.h>
33691 #include <asm/errno.h>
33692 #include <asm/asm.h>
33693 -
33694 +#include <asm/segment.h>
33695 +
33696 /*
33697 * computes a partial checksum, e.g. for TCP/UDP fragments
33698 */
33699 @@ -280,7 +281,22 @@ unsigned int csum_partial_copy_generic (const char *src, char *dst,
33700
33701 #define ARGBASE 16
33702 #define FP 12
33703 -
33704 +
33705 +ENTRY(csum_partial_copy_generic_to_user)
33706 +
33707 +#ifdef CONFIG_PAX_MEMORY_UDEREF
33708 + pushl %gs
33709 + popl %es
33710 + jmp csum_partial_copy_generic
33711 +#endif
33712 +
33713 +ENTRY(csum_partial_copy_generic_from_user)
33714 +
33715 +#ifdef CONFIG_PAX_MEMORY_UDEREF
33716 + pushl %gs
33717 + popl %ds
33718 +#endif
33719 +
33720 ENTRY(csum_partial_copy_generic)
33721 subl $4,%esp
33722 pushl %edi
33723 @@ -299,7 +315,7 @@ ENTRY(csum_partial_copy_generic)
33724 jmp 4f
33725 SRC(1: movw (%esi), %bx )
33726 addl $2, %esi
33727 -DST( movw %bx, (%edi) )
33728 +DST( movw %bx, %es:(%edi) )
33729 addl $2, %edi
33730 addw %bx, %ax
33731 adcl $0, %eax
33732 @@ -311,30 +327,30 @@ DST( movw %bx, (%edi) )
33733 SRC(1: movl (%esi), %ebx )
33734 SRC( movl 4(%esi), %edx )
33735 adcl %ebx, %eax
33736 -DST( movl %ebx, (%edi) )
33737 +DST( movl %ebx, %es:(%edi) )
33738 adcl %edx, %eax
33739 -DST( movl %edx, 4(%edi) )
33740 +DST( movl %edx, %es:4(%edi) )
33741
33742 SRC( movl 8(%esi), %ebx )
33743 SRC( movl 12(%esi), %edx )
33744 adcl %ebx, %eax
33745 -DST( movl %ebx, 8(%edi) )
33746 +DST( movl %ebx, %es:8(%edi) )
33747 adcl %edx, %eax
33748 -DST( movl %edx, 12(%edi) )
33749 +DST( movl %edx, %es:12(%edi) )
33750
33751 SRC( movl 16(%esi), %ebx )
33752 SRC( movl 20(%esi), %edx )
33753 adcl %ebx, %eax
33754 -DST( movl %ebx, 16(%edi) )
33755 +DST( movl %ebx, %es:16(%edi) )
33756 adcl %edx, %eax
33757 -DST( movl %edx, 20(%edi) )
33758 +DST( movl %edx, %es:20(%edi) )
33759
33760 SRC( movl 24(%esi), %ebx )
33761 SRC( movl 28(%esi), %edx )
33762 adcl %ebx, %eax
33763 -DST( movl %ebx, 24(%edi) )
33764 +DST( movl %ebx, %es:24(%edi) )
33765 adcl %edx, %eax
33766 -DST( movl %edx, 28(%edi) )
33767 +DST( movl %edx, %es:28(%edi) )
33768
33769 lea 32(%esi), %esi
33770 lea 32(%edi), %edi
33771 @@ -348,7 +364,7 @@ DST( movl %edx, 28(%edi) )
33772 shrl $2, %edx # This clears CF
33773 SRC(3: movl (%esi), %ebx )
33774 adcl %ebx, %eax
33775 -DST( movl %ebx, (%edi) )
33776 +DST( movl %ebx, %es:(%edi) )
33777 lea 4(%esi), %esi
33778 lea 4(%edi), %edi
33779 dec %edx
33780 @@ -360,12 +376,12 @@ DST( movl %ebx, (%edi) )
33781 jb 5f
33782 SRC( movw (%esi), %cx )
33783 leal 2(%esi), %esi
33784 -DST( movw %cx, (%edi) )
33785 +DST( movw %cx, %es:(%edi) )
33786 leal 2(%edi), %edi
33787 je 6f
33788 shll $16,%ecx
33789 SRC(5: movb (%esi), %cl )
33790 -DST( movb %cl, (%edi) )
33791 +DST( movb %cl, %es:(%edi) )
33792 6: addl %ecx, %eax
33793 adcl $0, %eax
33794 7:
33795 @@ -376,7 +392,7 @@ DST( movb %cl, (%edi) )
33796
33797 6001:
33798 movl ARGBASE+20(%esp), %ebx # src_err_ptr
33799 - movl $-EFAULT, (%ebx)
33800 + movl $-EFAULT, %ss:(%ebx)
33801
33802 # zero the complete destination - computing the rest
33803 # is too much work
33804 @@ -389,34 +405,58 @@ DST( movb %cl, (%edi) )
33805
33806 6002:
33807 movl ARGBASE+24(%esp), %ebx # dst_err_ptr
33808 - movl $-EFAULT,(%ebx)
33809 + movl $-EFAULT,%ss:(%ebx)
33810 jmp 5000b
33811
33812 .previous
33813
33814 +#ifdef CONFIG_PAX_MEMORY_UDEREF
33815 + pushl %ss
33816 + popl %ds
33817 + pushl %ss
33818 + popl %es
33819 +#endif
33820 +
33821 popl %ebx
33822 popl %esi
33823 popl %edi
33824 popl %ecx # equivalent to addl $4,%esp
33825 ret
33826 -ENDPROC(csum_partial_copy_generic)
33827 +ENDPROC(csum_partial_copy_generic_to_user)
33828
33829 #else
33830
33831 /* Version for PentiumII/PPro */
33832
33833 #define ROUND1(x) \
33834 + nop; nop; nop; \
33835 SRC(movl x(%esi), %ebx ) ; \
33836 addl %ebx, %eax ; \
33837 - DST(movl %ebx, x(%edi) ) ;
33838 + DST(movl %ebx, %es:x(%edi)) ;
33839
33840 #define ROUND(x) \
33841 + nop; nop; nop; \
33842 SRC(movl x(%esi), %ebx ) ; \
33843 adcl %ebx, %eax ; \
33844 - DST(movl %ebx, x(%edi) ) ;
33845 + DST(movl %ebx, %es:x(%edi)) ;
33846
33847 #define ARGBASE 12
33848 -
33849 +
33850 +ENTRY(csum_partial_copy_generic_to_user)
33851 +
33852 +#ifdef CONFIG_PAX_MEMORY_UDEREF
33853 + pushl %gs
33854 + popl %es
33855 + jmp csum_partial_copy_generic
33856 +#endif
33857 +
33858 +ENTRY(csum_partial_copy_generic_from_user)
33859 +
33860 +#ifdef CONFIG_PAX_MEMORY_UDEREF
33861 + pushl %gs
33862 + popl %ds
33863 +#endif
33864 +
33865 ENTRY(csum_partial_copy_generic)
33866 pushl %ebx
33867 pushl %edi
33868 @@ -435,7 +475,7 @@ ENTRY(csum_partial_copy_generic)
33869 subl %ebx, %edi
33870 lea -1(%esi),%edx
33871 andl $-32,%edx
33872 - lea 3f(%ebx,%ebx), %ebx
33873 + lea 3f(%ebx,%ebx,2), %ebx
33874 testl %esi, %esi
33875 jmp *%ebx
33876 1: addl $64,%esi
33877 @@ -456,19 +496,19 @@ ENTRY(csum_partial_copy_generic)
33878 jb 5f
33879 SRC( movw (%esi), %dx )
33880 leal 2(%esi), %esi
33881 -DST( movw %dx, (%edi) )
33882 +DST( movw %dx, %es:(%edi) )
33883 leal 2(%edi), %edi
33884 je 6f
33885 shll $16,%edx
33886 5:
33887 SRC( movb (%esi), %dl )
33888 -DST( movb %dl, (%edi) )
33889 +DST( movb %dl, %es:(%edi) )
33890 6: addl %edx, %eax
33891 adcl $0, %eax
33892 7:
33893 .section .fixup, "ax"
33894 6001: movl ARGBASE+20(%esp), %ebx # src_err_ptr
33895 - movl $-EFAULT, (%ebx)
33896 + movl $-EFAULT, %ss:(%ebx)
33897 # zero the complete destination (computing the rest is too much work)
33898 movl ARGBASE+8(%esp),%edi # dst
33899 movl ARGBASE+12(%esp),%ecx # len
33900 @@ -476,15 +516,22 @@ DST( movb %dl, (%edi) )
33901 rep; stosb
33902 jmp 7b
33903 6002: movl ARGBASE+24(%esp), %ebx # dst_err_ptr
33904 - movl $-EFAULT, (%ebx)
33905 + movl $-EFAULT, %ss:(%ebx)
33906 jmp 7b
33907 .previous
33908
33909 +#ifdef CONFIG_PAX_MEMORY_UDEREF
33910 + pushl %ss
33911 + popl %ds
33912 + pushl %ss
33913 + popl %es
33914 +#endif
33915 +
33916 popl %esi
33917 popl %edi
33918 popl %ebx
33919 ret
33920 -ENDPROC(csum_partial_copy_generic)
33921 +ENDPROC(csum_partial_copy_generic_to_user)
33922
33923 #undef ROUND
33924 #undef ROUND1
33925 diff --git a/arch/x86/lib/clear_page_64.S b/arch/x86/lib/clear_page_64.S
33926 index 65be7cf..d4cb4b4 100644
33927 --- a/arch/x86/lib/clear_page_64.S
33928 +++ b/arch/x86/lib/clear_page_64.S
33929 @@ -21,6 +21,7 @@ ENTRY(clear_page)
33930 movl $4096/8,%ecx
33931 xorl %eax,%eax
33932 rep stosq
33933 + pax_force_retaddr
33934 ret
33935 ENDPROC(clear_page)
33936
33937 @@ -43,6 +44,7 @@ ENTRY(clear_page_orig)
33938 leaq 64(%rdi),%rdi
33939 jnz .Lloop
33940 nop
33941 + pax_force_retaddr
33942 ret
33943 ENDPROC(clear_page_orig)
33944
33945 @@ -50,5 +52,6 @@ ENTRY(clear_page_c_e)
33946 movl $4096,%ecx
33947 xorl %eax,%eax
33948 rep stosb
33949 + pax_force_retaddr
33950 ret
33951 ENDPROC(clear_page_c_e)
33952 diff --git a/arch/x86/lib/cmpxchg16b_emu.S b/arch/x86/lib/cmpxchg16b_emu.S
33953 index 9b33024..e52ee44 100644
33954 --- a/arch/x86/lib/cmpxchg16b_emu.S
33955 +++ b/arch/x86/lib/cmpxchg16b_emu.S
33956 @@ -7,6 +7,7 @@
33957 */
33958 #include <linux/linkage.h>
33959 #include <asm/percpu.h>
33960 +#include <asm/alternative-asm.h>
33961
33962 .text
33963
33964 @@ -43,11 +44,13 @@ ENTRY(this_cpu_cmpxchg16b_emu)
33965
33966 popfq
33967 mov $1, %al
33968 + pax_force_retaddr
33969 ret
33970
33971 .Lnot_same:
33972 popfq
33973 xor %al,%al
33974 + pax_force_retaddr
33975 ret
33976
33977 ENDPROC(this_cpu_cmpxchg16b_emu)
33978 diff --git a/arch/x86/lib/copy_page_64.S b/arch/x86/lib/copy_page_64.S
33979 index 24ef1c2..a119ef1 100644
33980 --- a/arch/x86/lib/copy_page_64.S
33981 +++ b/arch/x86/lib/copy_page_64.S
33982 @@ -15,13 +15,14 @@ ENTRY(copy_page)
33983 ALTERNATIVE "jmp copy_page_regs", "", X86_FEATURE_REP_GOOD
33984 movl $4096/8, %ecx
33985 rep movsq
33986 + pax_force_retaddr
33987 ret
33988 ENDPROC(copy_page)
33989
33990 ENTRY(copy_page_regs)
33991 subq $2*8, %rsp
33992 movq %rbx, (%rsp)
33993 - movq %r12, 1*8(%rsp)
33994 + movq %r13, 1*8(%rsp)
33995
33996 movl $(4096/64)-5, %ecx
33997 .p2align 4
33998 @@ -34,7 +35,7 @@ ENTRY(copy_page_regs)
33999 movq 0x8*4(%rsi), %r9
34000 movq 0x8*5(%rsi), %r10
34001 movq 0x8*6(%rsi), %r11
34002 - movq 0x8*7(%rsi), %r12
34003 + movq 0x8*7(%rsi), %r13
34004
34005 prefetcht0 5*64(%rsi)
34006
34007 @@ -45,7 +46,7 @@ ENTRY(copy_page_regs)
34008 movq %r9, 0x8*4(%rdi)
34009 movq %r10, 0x8*5(%rdi)
34010 movq %r11, 0x8*6(%rdi)
34011 - movq %r12, 0x8*7(%rdi)
34012 + movq %r13, 0x8*7(%rdi)
34013
34014 leaq 64 (%rsi), %rsi
34015 leaq 64 (%rdi), %rdi
34016 @@ -64,7 +65,7 @@ ENTRY(copy_page_regs)
34017 movq 0x8*4(%rsi), %r9
34018 movq 0x8*5(%rsi), %r10
34019 movq 0x8*6(%rsi), %r11
34020 - movq 0x8*7(%rsi), %r12
34021 + movq 0x8*7(%rsi), %r13
34022
34023 movq %rax, 0x8*0(%rdi)
34024 movq %rbx, 0x8*1(%rdi)
34025 @@ -73,14 +74,15 @@ ENTRY(copy_page_regs)
34026 movq %r9, 0x8*4(%rdi)
34027 movq %r10, 0x8*5(%rdi)
34028 movq %r11, 0x8*6(%rdi)
34029 - movq %r12, 0x8*7(%rdi)
34030 + movq %r13, 0x8*7(%rdi)
34031
34032 leaq 64(%rdi), %rdi
34033 leaq 64(%rsi), %rsi
34034 jnz .Loop2
34035
34036 movq (%rsp), %rbx
34037 - movq 1*8(%rsp), %r12
34038 + movq 1*8(%rsp), %r13
34039 addq $2*8, %rsp
34040 + pax_force_retaddr
34041 ret
34042 ENDPROC(copy_page_regs)
34043 diff --git a/arch/x86/lib/copy_user_64.S b/arch/x86/lib/copy_user_64.S
34044 index bf603eb..5271364 100644
34045 --- a/arch/x86/lib/copy_user_64.S
34046 +++ b/arch/x86/lib/copy_user_64.S
34047 @@ -14,51 +14,34 @@
34048 #include <asm/alternative-asm.h>
34049 #include <asm/asm.h>
34050 #include <asm/smap.h>
34051 +#include <asm/pgtable.h>
34052 +#include <asm/frame.h>
34053
34054 -/* Standard copy_to_user with segment limit checking */
34055 -ENTRY(_copy_to_user)
34056 - mov PER_CPU_VAR(current_task), %rax
34057 - movq %rdi,%rcx
34058 - addq %rdx,%rcx
34059 - jc bad_to_user
34060 - cmpq TASK_addr_limit(%rax),%rcx
34061 - ja bad_to_user
34062 - ALTERNATIVE_2 "jmp copy_user_generic_unrolled", \
34063 - "jmp copy_user_generic_string", \
34064 - X86_FEATURE_REP_GOOD, \
34065 - "jmp copy_user_enhanced_fast_string", \
34066 - X86_FEATURE_ERMS
34067 -ENDPROC(_copy_to_user)
34068 -
34069 -/* Standard copy_from_user with segment limit checking */
34070 -ENTRY(_copy_from_user)
34071 - mov PER_CPU_VAR(current_task), %rax
34072 - movq %rsi,%rcx
34073 - addq %rdx,%rcx
34074 - jc bad_from_user
34075 - cmpq TASK_addr_limit(%rax),%rcx
34076 - ja bad_from_user
34077 - ALTERNATIVE_2 "jmp copy_user_generic_unrolled", \
34078 - "jmp copy_user_generic_string", \
34079 - X86_FEATURE_REP_GOOD, \
34080 - "jmp copy_user_enhanced_fast_string", \
34081 - X86_FEATURE_ERMS
34082 -ENDPROC(_copy_from_user)
34083 -
34084 +.macro ALIGN_DESTINATION
34085 + /* check for bad alignment of destination */
34086 + movl %edi,%ecx
34087 + andl $7,%ecx
34088 + jz 102f /* already aligned */
34089 + subl $8,%ecx
34090 + negl %ecx
34091 + subl %ecx,%edx
34092 +100: movb (%rsi),%al
34093 +101: movb %al,(%rdi)
34094 + incq %rsi
34095 + incq %rdi
34096 + decl %ecx
34097 + jnz 100b
34098 +102:
34099 .section .fixup,"ax"
34100 - /* must zero dest */
34101 -ENTRY(bad_from_user)
34102 -bad_from_user:
34103 - movl %edx,%ecx
34104 - xorl %eax,%eax
34105 - rep
34106 - stosb
34107 -bad_to_user:
34108 - movl %edx,%eax
34109 - ret
34110 -ENDPROC(bad_from_user)
34111 +103: addl %ecx,%edx /* ecx is zerorest also */
34112 + FRAME_END
34113 + jmp copy_user_handle_tail
34114 .previous
34115
34116 + _ASM_EXTABLE(100b,103b)
34117 + _ASM_EXTABLE(101b,103b)
34118 +.endm
34119 +
34120 /*
34121 * copy_user_generic_unrolled - memory copy with exception handling.
34122 * This version is for CPUs like P4 that don't have efficient micro
34123 @@ -73,7 +56,8 @@ ENDPROC(bad_from_user)
34124 * eax uncopied bytes or 0 if successful.
34125 */
34126 ENTRY(copy_user_generic_unrolled)
34127 - ASM_STAC
34128 + FRAME_BEGIN
34129 + ASM_USER_ACCESS_BEGIN
34130 cmpl $8,%edx
34131 jb 20f /* less then 8 bytes, go to byte copy loop */
34132 ALIGN_DESTINATION
34133 @@ -121,7 +105,9 @@ ENTRY(copy_user_generic_unrolled)
34134 decl %ecx
34135 jnz 21b
34136 23: xor %eax,%eax
34137 - ASM_CLAC
34138 + ASM_USER_ACCESS_END
34139 + FRAME_END
34140 + pax_force_retaddr
34141 ret
34142
34143 .section .fixup,"ax"
34144 @@ -131,7 +117,8 @@ ENTRY(copy_user_generic_unrolled)
34145 40: leal (%rdx,%rcx,8),%edx
34146 jmp 60f
34147 50: movl %ecx,%edx
34148 -60: jmp copy_user_handle_tail /* ecx is zerorest also */
34149 +60: FRAME_END
34150 + jmp copy_user_handle_tail /* ecx is zerorest also */
34151 .previous
34152
34153 _ASM_EXTABLE(1b,30b)
34154 @@ -175,7 +162,8 @@ ENDPROC(copy_user_generic_unrolled)
34155 * eax uncopied bytes or 0 if successful.
34156 */
34157 ENTRY(copy_user_generic_string)
34158 - ASM_STAC
34159 + FRAME_BEGIN
34160 + ASM_USER_ACCESS_BEGIN
34161 cmpl $8,%edx
34162 jb 2f /* less than 8 bytes, go to byte copy loop */
34163 ALIGN_DESTINATION
34164 @@ -188,12 +176,15 @@ ENTRY(copy_user_generic_string)
34165 3: rep
34166 movsb
34167 xorl %eax,%eax
34168 - ASM_CLAC
34169 + ASM_USER_ACCESS_END
34170 + FRAME_END
34171 + pax_force_retaddr
34172 ret
34173
34174 .section .fixup,"ax"
34175 11: leal (%rdx,%rcx,8),%ecx
34176 12: movl %ecx,%edx /* ecx is zerorest also */
34177 + FRAME_END
34178 jmp copy_user_handle_tail
34179 .previous
34180
34181 @@ -214,16 +205,20 @@ ENDPROC(copy_user_generic_string)
34182 * eax uncopied bytes or 0 if successful.
34183 */
34184 ENTRY(copy_user_enhanced_fast_string)
34185 - ASM_STAC
34186 + FRAME_BEGIN
34187 + ASM_USER_ACCESS_BEGIN
34188 movl %edx,%ecx
34189 1: rep
34190 movsb
34191 xorl %eax,%eax
34192 - ASM_CLAC
34193 + ASM_USER_ACCESS_END
34194 + FRAME_END
34195 + pax_force_retaddr
34196 ret
34197
34198 .section .fixup,"ax"
34199 12: movl %ecx,%edx /* ecx is zerorest also */
34200 + FRAME_END
34201 jmp copy_user_handle_tail
34202 .previous
34203
34204 @@ -240,7 +235,17 @@ ENDPROC(copy_user_enhanced_fast_string)
34205 * - Require 4-byte alignment when size is 4 bytes.
34206 */
34207 ENTRY(__copy_user_nocache)
34208 - ASM_STAC
34209 + FRAME_BEGIN
34210 +
34211 +#ifdef CONFIG_PAX_MEMORY_UDEREF
34212 + mov pax_user_shadow_base,%rcx
34213 + cmp %rcx,%rsi
34214 + jae 1f
34215 + add %rcx,%rsi
34216 +1:
34217 +#endif
34218 +
34219 + ASM_USER_ACCESS_BEGIN
34220
34221 /* If size is less than 8 bytes, go to 4-byte copy */
34222 cmpl $8,%edx
34223 @@ -334,8 +339,10 @@ ENTRY(__copy_user_nocache)
34224 /* Finished copying; fence the prior stores */
34225 .L_finish_copy:
34226 xorl %eax,%eax
34227 - ASM_CLAC
34228 + ASM_USER_ACCESS_END
34229 sfence
34230 + FRAME_END
34231 + pax_force_retaddr
34232 ret
34233
34234 .section .fixup,"ax"
34235 @@ -353,6 +360,7 @@ ENTRY(__copy_user_nocache)
34236 movl %ecx,%edx
34237 .L_fixup_handle_tail:
34238 sfence
34239 + FRAME_END
34240 jmp copy_user_handle_tail
34241 .previous
34242
34243 diff --git a/arch/x86/lib/csum-copy_64.S b/arch/x86/lib/csum-copy_64.S
34244 index 7e48807..cc966ff 100644
34245 --- a/arch/x86/lib/csum-copy_64.S
34246 +++ b/arch/x86/lib/csum-copy_64.S
34247 @@ -8,6 +8,7 @@
34248 #include <linux/linkage.h>
34249 #include <asm/errno.h>
34250 #include <asm/asm.h>
34251 +#include <asm/alternative-asm.h>
34252
34253 /*
34254 * Checksum copy with exception handling.
34255 @@ -52,7 +53,7 @@ ENTRY(csum_partial_copy_generic)
34256 .Lignore:
34257 subq $7*8, %rsp
34258 movq %rbx, 2*8(%rsp)
34259 - movq %r12, 3*8(%rsp)
34260 + movq %r15, 3*8(%rsp)
34261 movq %r14, 4*8(%rsp)
34262 movq %r13, 5*8(%rsp)
34263 movq %rbp, 6*8(%rsp)
34264 @@ -64,16 +65,16 @@ ENTRY(csum_partial_copy_generic)
34265 movl %edx, %ecx
34266
34267 xorl %r9d, %r9d
34268 - movq %rcx, %r12
34269 + movq %rcx, %r15
34270
34271 - shrq $6, %r12
34272 + shrq $6, %r15
34273 jz .Lhandle_tail /* < 64 */
34274
34275 clc
34276
34277 /* main loop. clear in 64 byte blocks */
34278 /* r9: zero, r8: temp2, rbx: temp1, rax: sum, rcx: saved length */
34279 - /* r11: temp3, rdx: temp4, r12 loopcnt */
34280 + /* r11: temp3, rdx: temp4, r15 loopcnt */
34281 /* r10: temp5, rbp: temp6, r14 temp7, r13 temp8 */
34282 .p2align 4
34283 .Lloop:
34284 @@ -107,7 +108,7 @@ ENTRY(csum_partial_copy_generic)
34285 adcq %r14, %rax
34286 adcq %r13, %rax
34287
34288 - decl %r12d
34289 + decl %r15d
34290
34291 dest
34292 movq %rbx, (%rsi)
34293 @@ -200,11 +201,12 @@ ENTRY(csum_partial_copy_generic)
34294
34295 .Lende:
34296 movq 2*8(%rsp), %rbx
34297 - movq 3*8(%rsp), %r12
34298 + movq 3*8(%rsp), %r15
34299 movq 4*8(%rsp), %r14
34300 movq 5*8(%rsp), %r13
34301 movq 6*8(%rsp), %rbp
34302 addq $7*8, %rsp
34303 + pax_force_retaddr
34304 ret
34305
34306 /* Exception handlers. Very simple, zeroing is done in the wrappers */
34307 diff --git a/arch/x86/lib/csum-wrappers_64.c b/arch/x86/lib/csum-wrappers_64.c
34308 index 8bd5358..a6c9102 100644
34309 --- a/arch/x86/lib/csum-wrappers_64.c
34310 +++ b/arch/x86/lib/csum-wrappers_64.c
34311 @@ -53,10 +53,10 @@ csum_partial_copy_from_user(const void __user *src, void *dst,
34312 len -= 2;
34313 }
34314 }
34315 - stac();
34316 - isum = csum_partial_copy_generic((__force const void *)src,
34317 + user_access_begin();
34318 + isum = csum_partial_copy_generic((const void __force_kernel *)____m(src),
34319 dst, len, isum, errp, NULL);
34320 - clac();
34321 + user_access_end();
34322 if (unlikely(*errp))
34323 goto out_err;
34324
34325 @@ -110,10 +110,10 @@ csum_partial_copy_to_user(const void *src, void __user *dst,
34326 }
34327
34328 *errp = 0;
34329 - stac();
34330 - ret = csum_partial_copy_generic(src, (void __force *)dst,
34331 + user_access_begin();
34332 + ret = csum_partial_copy_generic(src, (void __force_kernel *)____m(dst),
34333 len, isum, NULL, errp);
34334 - clac();
34335 + user_access_end();
34336 return ret;
34337 }
34338 EXPORT_SYMBOL(csum_partial_copy_to_user);
34339 diff --git a/arch/x86/lib/getuser.S b/arch/x86/lib/getuser.S
34340 index 0ef5128..4a52ddc 100644
34341 --- a/arch/x86/lib/getuser.S
34342 +++ b/arch/x86/lib/getuser.S
34343 @@ -32,56 +32,127 @@
34344 #include <asm/thread_info.h>
34345 #include <asm/asm.h>
34346 #include <asm/smap.h>
34347 +#include <asm/segment.h>
34348 +#include <asm/pgtable.h>
34349 +#include <asm/frame.h>
34350 +#include <asm/alternative-asm.h>
34351 +
34352 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
34353 +#define __copyuser_seg gs;
34354 +#else
34355 +#define __copyuser_seg
34356 +#endif
34357
34358 .text
34359 ENTRY(__get_user_1)
34360 + FRAME_BEGIN
34361 +
34362 +#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_MEMORY_UDEREF)
34363 mov PER_CPU_VAR(current_task), %_ASM_DX
34364 cmp TASK_addr_limit(%_ASM_DX),%_ASM_AX
34365 jae bad_get_user
34366 - ASM_STAC
34367 -1: movzbl (%_ASM_AX),%edx
34368 +
34369 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
34370 + mov pax_user_shadow_base,%_ASM_DX
34371 + cmp %_ASM_DX,%_ASM_AX
34372 + jae 1234f
34373 + add %_ASM_DX,%_ASM_AX
34374 +1234:
34375 +#endif
34376 +
34377 +#endif
34378 +
34379 + ASM_USER_ACCESS_BEGIN
34380 +1: __copyuser_seg movzbl (%_ASM_AX),%edx
34381 xor %eax,%eax
34382 - ASM_CLAC
34383 + ASM_USER_ACCESS_END
34384 + FRAME_END
34385 + pax_force_retaddr
34386 ret
34387 ENDPROC(__get_user_1)
34388
34389 ENTRY(__get_user_2)
34390 + FRAME_BEGIN
34391 add $1,%_ASM_AX
34392 +
34393 +#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_MEMORY_UDEREF)
34394 jc bad_get_user
34395 mov PER_CPU_VAR(current_task), %_ASM_DX
34396 cmp TASK_addr_limit(%_ASM_DX),%_ASM_AX
34397 jae bad_get_user
34398 - ASM_STAC
34399 -2: movzwl -1(%_ASM_AX),%edx
34400 +
34401 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
34402 + mov pax_user_shadow_base,%_ASM_DX
34403 + cmp %_ASM_DX,%_ASM_AX
34404 + jae 1234f
34405 + add %_ASM_DX,%_ASM_AX
34406 +1234:
34407 +#endif
34408 +
34409 +#endif
34410 +
34411 + ASM_USER_ACCESS_BEGIN
34412 +2: __copyuser_seg movzwl -1(%_ASM_AX),%edx
34413 xor %eax,%eax
34414 - ASM_CLAC
34415 + ASM_USER_ACCESS_END
34416 + FRAME_END
34417 + pax_force_retaddr
34418 ret
34419 ENDPROC(__get_user_2)
34420
34421 ENTRY(__get_user_4)
34422 + FRAME_BEGIN
34423 add $3,%_ASM_AX
34424 +
34425 +#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_MEMORY_UDEREF)
34426 jc bad_get_user
34427 mov PER_CPU_VAR(current_task), %_ASM_DX
34428 cmp TASK_addr_limit(%_ASM_DX),%_ASM_AX
34429 jae bad_get_user
34430 - ASM_STAC
34431 -3: movl -3(%_ASM_AX),%edx
34432 +
34433 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
34434 + mov pax_user_shadow_base,%_ASM_DX
34435 + cmp %_ASM_DX,%_ASM_AX
34436 + jae 1234f
34437 + add %_ASM_DX,%_ASM_AX
34438 +1234:
34439 +#endif
34440 +
34441 +#endif
34442 +
34443 + ASM_USER_ACCESS_BEGIN
34444 +3: __copyuser_seg movl -3(%_ASM_AX),%edx
34445 xor %eax,%eax
34446 - ASM_CLAC
34447 + ASM_USER_ACCESS_END
34448 + FRAME_END
34449 + pax_force_retaddr
34450 ret
34451 ENDPROC(__get_user_4)
34452
34453 ENTRY(__get_user_8)
34454 + FRAME_BEGIN
34455 +
34456 #ifdef CONFIG_X86_64
34457 add $7,%_ASM_AX
34458 jc bad_get_user
34459 mov PER_CPU_VAR(current_task), %_ASM_DX
34460 cmp TASK_addr_limit(%_ASM_DX),%_ASM_AX
34461 jae bad_get_user
34462 - ASM_STAC
34463 +
34464 +#ifdef CONFIG_PAX_MEMORY_UDEREF
34465 + mov pax_user_shadow_base,%_ASM_DX
34466 + cmp %_ASM_DX,%_ASM_AX
34467 + jae 1234f
34468 + add %_ASM_DX,%_ASM_AX
34469 +1234:
34470 +#endif
34471 +
34472 + ASM_USER_ACCESS_BEGIN
34473 4: movq -7(%_ASM_AX),%rdx
34474 xor %eax,%eax
34475 - ASM_CLAC
34476 + ASM_USER_ACCESS_END
34477 + FRAME_END
34478 + pax_force_retaddr
34479 ret
34480 #else
34481 add $7,%_ASM_AX
34482 @@ -89,11 +160,13 @@ ENTRY(__get_user_8)
34483 mov PER_CPU_VAR(current_task), %_ASM_DX
34484 cmp TASK_addr_limit(%_ASM_DX),%_ASM_AX
34485 jae bad_get_user_8
34486 - ASM_STAC
34487 -4: movl -7(%_ASM_AX),%edx
34488 -5: movl -3(%_ASM_AX),%ecx
34489 + ASM_USER_ACCESS_BEGIN
34490 +4: __copyuser_seg movl -7(%_ASM_AX),%edx
34491 +5: __copyuser_seg movl -3(%_ASM_AX),%ecx
34492 xor %eax,%eax
34493 - ASM_CLAC
34494 + ASM_USER_ACCESS_END
34495 + FRAME_END
34496 + pax_force_retaddr
34497 ret
34498 #endif
34499 ENDPROC(__get_user_8)
34500 @@ -102,7 +175,9 @@ ENDPROC(__get_user_8)
34501 bad_get_user:
34502 xor %edx,%edx
34503 mov $(-EFAULT),%_ASM_AX
34504 - ASM_CLAC
34505 + ASM_USER_ACCESS_END
34506 + FRAME_END
34507 + pax_force_retaddr
34508 ret
34509 END(bad_get_user)
34510
34511 @@ -111,7 +186,9 @@ bad_get_user_8:
34512 xor %edx,%edx
34513 xor %ecx,%ecx
34514 mov $(-EFAULT),%_ASM_AX
34515 - ASM_CLAC
34516 + ASM_USER_ACCESS_END
34517 + FRAME_END
34518 + pax_force_retaddr
34519 ret
34520 END(bad_get_user_8)
34521 #endif
34522 diff --git a/arch/x86/lib/insn.c b/arch/x86/lib/insn.c
34523 index 1088eb8..fac8468 100644
34524 --- a/arch/x86/lib/insn.c
34525 +++ b/arch/x86/lib/insn.c
34526 @@ -20,8 +20,10 @@
34527
34528 #ifdef __KERNEL__
34529 #include <linux/string.h>
34530 +#include <asm/pgtable_types.h>
34531 #else
34532 #include <string.h>
34533 +#define ktla_ktva(addr) addr
34534 #endif
34535 #include <asm/inat.h>
34536 #include <asm/insn.h>
34537 @@ -60,9 +62,9 @@ void insn_init(struct insn *insn, const void *kaddr, int buf_len, int x86_64)
34538 buf_len = MAX_INSN_SIZE;
34539
34540 memset(insn, 0, sizeof(*insn));
34541 - insn->kaddr = kaddr;
34542 - insn->end_kaddr = kaddr + buf_len;
34543 - insn->next_byte = kaddr;
34544 + insn->kaddr = (void *)ktla_ktva((unsigned long)kaddr);
34545 + insn->end_kaddr = insn->kaddr + buf_len;
34546 + insn->next_byte = insn->kaddr;
34547 insn->x86_64 = x86_64 ? 1 : 0;
34548 insn->opnd_bytes = 4;
34549 if (x86_64)
34550 diff --git a/arch/x86/lib/iomap_copy_64.S b/arch/x86/lib/iomap_copy_64.S
34551 index 33147fe..12a8815 100644
34552 --- a/arch/x86/lib/iomap_copy_64.S
34553 +++ b/arch/x86/lib/iomap_copy_64.S
34554 @@ -16,6 +16,7 @@
34555 */
34556
34557 #include <linux/linkage.h>
34558 +#include <asm/alternative-asm.h>
34559
34560 /*
34561 * override generic version in lib/iomap_copy.c
34562 @@ -23,5 +24,6 @@
34563 ENTRY(__iowrite32_copy)
34564 movl %edx,%ecx
34565 rep movsd
34566 + pax_force_retaddr
34567 ret
34568 ENDPROC(__iowrite32_copy)
34569 diff --git a/arch/x86/lib/memcpy_64.S b/arch/x86/lib/memcpy_64.S
34570 index 2ec0b0abb..3e02ccd 100644
34571 --- a/arch/x86/lib/memcpy_64.S
34572 +++ b/arch/x86/lib/memcpy_64.S
34573 @@ -37,6 +37,7 @@ ENTRY(memcpy)
34574 rep movsq
34575 movl %edx, %ecx
34576 rep movsb
34577 + pax_force_retaddr
34578 ret
34579 ENDPROC(memcpy)
34580 ENDPROC(__memcpy)
34581 @@ -49,6 +50,7 @@ ENTRY(memcpy_erms)
34582 movq %rdi, %rax
34583 movq %rdx, %rcx
34584 rep movsb
34585 + pax_force_retaddr
34586 ret
34587 ENDPROC(memcpy_erms)
34588
34589 @@ -133,6 +135,7 @@ ENTRY(memcpy_orig)
34590 movq %r9, 1*8(%rdi)
34591 movq %r10, -2*8(%rdi, %rdx)
34592 movq %r11, -1*8(%rdi, %rdx)
34593 + pax_force_retaddr
34594 retq
34595 .p2align 4
34596 .Lless_16bytes:
34597 @@ -145,6 +148,7 @@ ENTRY(memcpy_orig)
34598 movq -1*8(%rsi, %rdx), %r9
34599 movq %r8, 0*8(%rdi)
34600 movq %r9, -1*8(%rdi, %rdx)
34601 + pax_force_retaddr
34602 retq
34603 .p2align 4
34604 .Lless_8bytes:
34605 @@ -158,6 +162,7 @@ ENTRY(memcpy_orig)
34606 movl -4(%rsi, %rdx), %r8d
34607 movl %ecx, (%rdi)
34608 movl %r8d, -4(%rdi, %rdx)
34609 + pax_force_retaddr
34610 retq
34611 .p2align 4
34612 .Lless_3bytes:
34613 @@ -176,6 +181,7 @@ ENTRY(memcpy_orig)
34614 movb %cl, (%rdi)
34615
34616 .Lend:
34617 + pax_force_retaddr
34618 retq
34619 ENDPROC(memcpy_orig)
34620
34621 diff --git a/arch/x86/lib/memmove_64.S b/arch/x86/lib/memmove_64.S
34622 index 90ce01b..8817b34 100644
34623 --- a/arch/x86/lib/memmove_64.S
34624 +++ b/arch/x86/lib/memmove_64.S
34625 @@ -41,7 +41,7 @@ ENTRY(__memmove)
34626 jg 2f
34627
34628 .Lmemmove_begin_forward:
34629 - ALTERNATIVE "", "movq %rdx, %rcx; rep movsb; retq", X86_FEATURE_ERMS
34630 + ALTERNATIVE "", "movq %rdx, %rcx; rep movsb; pax_force_retaddr; retq", X86_FEATURE_ERMS
34631
34632 /*
34633 * movsq instruction have many startup latency
34634 @@ -204,6 +204,7 @@ ENTRY(__memmove)
34635 movb (%rsi), %r11b
34636 movb %r11b, (%rdi)
34637 13:
34638 + pax_force_retaddr
34639 retq
34640 ENDPROC(__memmove)
34641 ENDPROC(memmove)
34642 diff --git a/arch/x86/lib/memset_64.S b/arch/x86/lib/memset_64.S
34643 index e1229ec..2ca5a7a 100644
34644 --- a/arch/x86/lib/memset_64.S
34645 +++ b/arch/x86/lib/memset_64.S
34646 @@ -40,6 +40,7 @@ ENTRY(__memset)
34647 movl %edx,%ecx
34648 rep stosb
34649 movq %r9,%rax
34650 + pax_force_retaddr
34651 ret
34652 ENDPROC(memset)
34653 ENDPROC(__memset)
34654 @@ -61,6 +62,7 @@ ENTRY(memset_erms)
34655 movq %rdx,%rcx
34656 rep stosb
34657 movq %r9,%rax
34658 + pax_force_retaddr
34659 ret
34660 ENDPROC(memset_erms)
34661
34662 @@ -123,6 +125,7 @@ ENTRY(memset_orig)
34663
34664 .Lende:
34665 movq %r10,%rax
34666 + pax_force_retaddr
34667 ret
34668
34669 .Lbad_alignment:
34670 diff --git a/arch/x86/lib/mmx_32.c b/arch/x86/lib/mmx_32.c
34671 index c2311a6..3b01ad9 100644
34672 --- a/arch/x86/lib/mmx_32.c
34673 +++ b/arch/x86/lib/mmx_32.c
34674 @@ -29,6 +29,7 @@ void *_mmx_memcpy(void *to, const void *from, size_t len)
34675 {
34676 void *p;
34677 int i;
34678 + unsigned long cr0;
34679
34680 if (unlikely(in_interrupt()))
34681 return __memcpy(to, from, len);
34682 @@ -39,44 +40,72 @@ void *_mmx_memcpy(void *to, const void *from, size_t len)
34683 kernel_fpu_begin();
34684
34685 __asm__ __volatile__ (
34686 - "1: prefetch (%0)\n" /* This set is 28 bytes */
34687 - " prefetch 64(%0)\n"
34688 - " prefetch 128(%0)\n"
34689 - " prefetch 192(%0)\n"
34690 - " prefetch 256(%0)\n"
34691 + "1: prefetch (%1)\n" /* This set is 28 bytes */
34692 + " prefetch 64(%1)\n"
34693 + " prefetch 128(%1)\n"
34694 + " prefetch 192(%1)\n"
34695 + " prefetch 256(%1)\n"
34696 "2: \n"
34697 ".section .fixup, \"ax\"\n"
34698 - "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
34699 + "3: \n"
34700 +
34701 +#ifdef CONFIG_PAX_KERNEXEC
34702 + " movl %%cr0, %0\n"
34703 + " movl %0, %%eax\n"
34704 + " andl $0xFFFEFFFF, %%eax\n"
34705 + " movl %%eax, %%cr0\n"
34706 +#endif
34707 +
34708 + " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
34709 +
34710 +#ifdef CONFIG_PAX_KERNEXEC
34711 + " movl %0, %%cr0\n"
34712 +#endif
34713 +
34714 " jmp 2b\n"
34715 ".previous\n"
34716 _ASM_EXTABLE(1b, 3b)
34717 - : : "r" (from));
34718 + : "=&r" (cr0) : "r" (from) : "ax");
34719
34720 for ( ; i > 5; i--) {
34721 __asm__ __volatile__ (
34722 - "1: prefetch 320(%0)\n"
34723 - "2: movq (%0), %%mm0\n"
34724 - " movq 8(%0), %%mm1\n"
34725 - " movq 16(%0), %%mm2\n"
34726 - " movq 24(%0), %%mm3\n"
34727 - " movq %%mm0, (%1)\n"
34728 - " movq %%mm1, 8(%1)\n"
34729 - " movq %%mm2, 16(%1)\n"
34730 - " movq %%mm3, 24(%1)\n"
34731 - " movq 32(%0), %%mm0\n"
34732 - " movq 40(%0), %%mm1\n"
34733 - " movq 48(%0), %%mm2\n"
34734 - " movq 56(%0), %%mm3\n"
34735 - " movq %%mm0, 32(%1)\n"
34736 - " movq %%mm1, 40(%1)\n"
34737 - " movq %%mm2, 48(%1)\n"
34738 - " movq %%mm3, 56(%1)\n"
34739 + "1: prefetch 320(%1)\n"
34740 + "2: movq (%1), %%mm0\n"
34741 + " movq 8(%1), %%mm1\n"
34742 + " movq 16(%1), %%mm2\n"
34743 + " movq 24(%1), %%mm3\n"
34744 + " movq %%mm0, (%2)\n"
34745 + " movq %%mm1, 8(%2)\n"
34746 + " movq %%mm2, 16(%2)\n"
34747 + " movq %%mm3, 24(%2)\n"
34748 + " movq 32(%1), %%mm0\n"
34749 + " movq 40(%1), %%mm1\n"
34750 + " movq 48(%1), %%mm2\n"
34751 + " movq 56(%1), %%mm3\n"
34752 + " movq %%mm0, 32(%2)\n"
34753 + " movq %%mm1, 40(%2)\n"
34754 + " movq %%mm2, 48(%2)\n"
34755 + " movq %%mm3, 56(%2)\n"
34756 ".section .fixup, \"ax\"\n"
34757 - "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */
34758 + "3:\n"
34759 +
34760 +#ifdef CONFIG_PAX_KERNEXEC
34761 + " movl %%cr0, %0\n"
34762 + " movl %0, %%eax\n"
34763 + " andl $0xFFFEFFFF, %%eax\n"
34764 + " movl %%eax, %%cr0\n"
34765 +#endif
34766 +
34767 + " movw $0x05EB, 1b\n" /* jmp on 5 bytes */
34768 +
34769 +#ifdef CONFIG_PAX_KERNEXEC
34770 + " movl %0, %%cr0\n"
34771 +#endif
34772 +
34773 " jmp 2b\n"
34774 ".previous\n"
34775 _ASM_EXTABLE(1b, 3b)
34776 - : : "r" (from), "r" (to) : "memory");
34777 + : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
34778
34779 from += 64;
34780 to += 64;
34781 @@ -158,6 +187,7 @@ static void fast_clear_page(void *page)
34782 static void fast_copy_page(void *to, void *from)
34783 {
34784 int i;
34785 + unsigned long cr0;
34786
34787 kernel_fpu_begin();
34788
34789 @@ -166,42 +196,70 @@ static void fast_copy_page(void *to, void *from)
34790 * but that is for later. -AV
34791 */
34792 __asm__ __volatile__(
34793 - "1: prefetch (%0)\n"
34794 - " prefetch 64(%0)\n"
34795 - " prefetch 128(%0)\n"
34796 - " prefetch 192(%0)\n"
34797 - " prefetch 256(%0)\n"
34798 + "1: prefetch (%1)\n"
34799 + " prefetch 64(%1)\n"
34800 + " prefetch 128(%1)\n"
34801 + " prefetch 192(%1)\n"
34802 + " prefetch 256(%1)\n"
34803 "2: \n"
34804 ".section .fixup, \"ax\"\n"
34805 - "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
34806 + "3: \n"
34807 +
34808 +#ifdef CONFIG_PAX_KERNEXEC
34809 + " movl %%cr0, %0\n"
34810 + " movl %0, %%eax\n"
34811 + " andl $0xFFFEFFFF, %%eax\n"
34812 + " movl %%eax, %%cr0\n"
34813 +#endif
34814 +
34815 + " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
34816 +
34817 +#ifdef CONFIG_PAX_KERNEXEC
34818 + " movl %0, %%cr0\n"
34819 +#endif
34820 +
34821 " jmp 2b\n"
34822 ".previous\n"
34823 - _ASM_EXTABLE(1b, 3b) : : "r" (from));
34824 + _ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from) : "ax");
34825
34826 for (i = 0; i < (4096-320)/64; i++) {
34827 __asm__ __volatile__ (
34828 - "1: prefetch 320(%0)\n"
34829 - "2: movq (%0), %%mm0\n"
34830 - " movntq %%mm0, (%1)\n"
34831 - " movq 8(%0), %%mm1\n"
34832 - " movntq %%mm1, 8(%1)\n"
34833 - " movq 16(%0), %%mm2\n"
34834 - " movntq %%mm2, 16(%1)\n"
34835 - " movq 24(%0), %%mm3\n"
34836 - " movntq %%mm3, 24(%1)\n"
34837 - " movq 32(%0), %%mm4\n"
34838 - " movntq %%mm4, 32(%1)\n"
34839 - " movq 40(%0), %%mm5\n"
34840 - " movntq %%mm5, 40(%1)\n"
34841 - " movq 48(%0), %%mm6\n"
34842 - " movntq %%mm6, 48(%1)\n"
34843 - " movq 56(%0), %%mm7\n"
34844 - " movntq %%mm7, 56(%1)\n"
34845 + "1: prefetch 320(%1)\n"
34846 + "2: movq (%1), %%mm0\n"
34847 + " movntq %%mm0, (%2)\n"
34848 + " movq 8(%1), %%mm1\n"
34849 + " movntq %%mm1, 8(%2)\n"
34850 + " movq 16(%1), %%mm2\n"
34851 + " movntq %%mm2, 16(%2)\n"
34852 + " movq 24(%1), %%mm3\n"
34853 + " movntq %%mm3, 24(%2)\n"
34854 + " movq 32(%1), %%mm4\n"
34855 + " movntq %%mm4, 32(%2)\n"
34856 + " movq 40(%1), %%mm5\n"
34857 + " movntq %%mm5, 40(%2)\n"
34858 + " movq 48(%1), %%mm6\n"
34859 + " movntq %%mm6, 48(%2)\n"
34860 + " movq 56(%1), %%mm7\n"
34861 + " movntq %%mm7, 56(%2)\n"
34862 ".section .fixup, \"ax\"\n"
34863 - "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */
34864 + "3:\n"
34865 +
34866 +#ifdef CONFIG_PAX_KERNEXEC
34867 + " movl %%cr0, %0\n"
34868 + " movl %0, %%eax\n"
34869 + " andl $0xFFFEFFFF, %%eax\n"
34870 + " movl %%eax, %%cr0\n"
34871 +#endif
34872 +
34873 + " movw $0x05EB, 1b\n" /* jmp on 5 bytes */
34874 +
34875 +#ifdef CONFIG_PAX_KERNEXEC
34876 + " movl %0, %%cr0\n"
34877 +#endif
34878 +
34879 " jmp 2b\n"
34880 ".previous\n"
34881 - _ASM_EXTABLE(1b, 3b) : : "r" (from), "r" (to) : "memory");
34882 + _ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
34883
34884 from += 64;
34885 to += 64;
34886 @@ -280,47 +338,76 @@ static void fast_clear_page(void *page)
34887 static void fast_copy_page(void *to, void *from)
34888 {
34889 int i;
34890 + unsigned long cr0;
34891
34892 kernel_fpu_begin();
34893
34894 __asm__ __volatile__ (
34895 - "1: prefetch (%0)\n"
34896 - " prefetch 64(%0)\n"
34897 - " prefetch 128(%0)\n"
34898 - " prefetch 192(%0)\n"
34899 - " prefetch 256(%0)\n"
34900 + "1: prefetch (%1)\n"
34901 + " prefetch 64(%1)\n"
34902 + " prefetch 128(%1)\n"
34903 + " prefetch 192(%1)\n"
34904 + " prefetch 256(%1)\n"
34905 "2: \n"
34906 ".section .fixup, \"ax\"\n"
34907 - "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
34908 + "3: \n"
34909 +
34910 +#ifdef CONFIG_PAX_KERNEXEC
34911 + " movl %%cr0, %0\n"
34912 + " movl %0, %%eax\n"
34913 + " andl $0xFFFEFFFF, %%eax\n"
34914 + " movl %%eax, %%cr0\n"
34915 +#endif
34916 +
34917 + " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */
34918 +
34919 +#ifdef CONFIG_PAX_KERNEXEC
34920 + " movl %0, %%cr0\n"
34921 +#endif
34922 +
34923 " jmp 2b\n"
34924 ".previous\n"
34925 - _ASM_EXTABLE(1b, 3b) : : "r" (from));
34926 + _ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from) : "ax");
34927
34928 for (i = 0; i < 4096/64; i++) {
34929 __asm__ __volatile__ (
34930 - "1: prefetch 320(%0)\n"
34931 - "2: movq (%0), %%mm0\n"
34932 - " movq 8(%0), %%mm1\n"
34933 - " movq 16(%0), %%mm2\n"
34934 - " movq 24(%0), %%mm3\n"
34935 - " movq %%mm0, (%1)\n"
34936 - " movq %%mm1, 8(%1)\n"
34937 - " movq %%mm2, 16(%1)\n"
34938 - " movq %%mm3, 24(%1)\n"
34939 - " movq 32(%0), %%mm0\n"
34940 - " movq 40(%0), %%mm1\n"
34941 - " movq 48(%0), %%mm2\n"
34942 - " movq 56(%0), %%mm3\n"
34943 - " movq %%mm0, 32(%1)\n"
34944 - " movq %%mm1, 40(%1)\n"
34945 - " movq %%mm2, 48(%1)\n"
34946 - " movq %%mm3, 56(%1)\n"
34947 + "1: prefetch 320(%1)\n"
34948 + "2: movq (%1), %%mm0\n"
34949 + " movq 8(%1), %%mm1\n"
34950 + " movq 16(%1), %%mm2\n"
34951 + " movq 24(%1), %%mm3\n"
34952 + " movq %%mm0, (%2)\n"
34953 + " movq %%mm1, 8(%2)\n"
34954 + " movq %%mm2, 16(%2)\n"
34955 + " movq %%mm3, 24(%2)\n"
34956 + " movq 32(%1), %%mm0\n"
34957 + " movq 40(%1), %%mm1\n"
34958 + " movq 48(%1), %%mm2\n"
34959 + " movq 56(%1), %%mm3\n"
34960 + " movq %%mm0, 32(%2)\n"
34961 + " movq %%mm1, 40(%2)\n"
34962 + " movq %%mm2, 48(%2)\n"
34963 + " movq %%mm3, 56(%2)\n"
34964 ".section .fixup, \"ax\"\n"
34965 - "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */
34966 + "3:\n"
34967 +
34968 +#ifdef CONFIG_PAX_KERNEXEC
34969 + " movl %%cr0, %0\n"
34970 + " movl %0, %%eax\n"
34971 + " andl $0xFFFEFFFF, %%eax\n"
34972 + " movl %%eax, %%cr0\n"
34973 +#endif
34974 +
34975 + " movw $0x05EB, 1b\n" /* jmp on 5 bytes */
34976 +
34977 +#ifdef CONFIG_PAX_KERNEXEC
34978 + " movl %0, %%cr0\n"
34979 +#endif
34980 +
34981 " jmp 2b\n"
34982 ".previous\n"
34983 _ASM_EXTABLE(1b, 3b)
34984 - : : "r" (from), "r" (to) : "memory");
34985 + : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
34986
34987 from += 64;
34988 to += 64;
34989 diff --git a/arch/x86/lib/msr-reg.S b/arch/x86/lib/msr-reg.S
34990 index c815564..303dcfa 100644
34991 --- a/arch/x86/lib/msr-reg.S
34992 +++ b/arch/x86/lib/msr-reg.S
34993 @@ -2,6 +2,7 @@
34994 #include <linux/errno.h>
34995 #include <asm/asm.h>
34996 #include <asm/msr.h>
34997 +#include <asm/alternative-asm.h>
34998
34999 #ifdef CONFIG_X86_64
35000 /*
35001 @@ -34,6 +35,7 @@ ENTRY(\op\()_safe_regs)
35002 movl %edi, 28(%r10)
35003 popq %rbp
35004 popq %rbx
35005 + pax_force_retaddr
35006 ret
35007 3:
35008 movl $-EIO, %r11d
35009 diff --git a/arch/x86/lib/putuser.S b/arch/x86/lib/putuser.S
35010 index c891ece..27057c0 100644
35011 --- a/arch/x86/lib/putuser.S
35012 +++ b/arch/x86/lib/putuser.S
35013 @@ -15,7 +15,10 @@
35014 #include <asm/errno.h>
35015 #include <asm/asm.h>
35016 #include <asm/smap.h>
35017 -
35018 +#include <asm/segment.h>
35019 +#include <asm/pgtable.h>
35020 +#include <asm/frame.h>
35021 +#include <asm/alternative-asm.h>
35022
35023 /*
35024 * __put_user_X
35025 @@ -29,55 +32,125 @@
35026 * as they get called from within inline assembly.
35027 */
35028
35029 -#define ENTER mov PER_CPU_VAR(current_task), %_ASM_BX
35030 -#define EXIT ASM_CLAC ; \
35031 +#define ENTER FRAME_BEGIN
35032 +#define EXIT ASM_USER_ACCESS_END ; \
35033 + FRAME_END ; \
35034 + pax_force_retaddr ; \
35035 ret
35036
35037 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
35038 +#define _DEST %_ASM_CX,%_ASM_BX
35039 +#else
35040 +#define _DEST %_ASM_CX
35041 +#endif
35042 +
35043 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF)
35044 +#define __copyuser_seg gs;
35045 +#else
35046 +#define __copyuser_seg
35047 +#endif
35048 +
35049 .text
35050 ENTRY(__put_user_1)
35051 ENTER
35052 +
35053 +#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_MEMORY_UDEREF)
35054 + mov PER_CPU_VAR(current_task), %_ASM_BX
35055 cmp TASK_addr_limit(%_ASM_BX),%_ASM_CX
35056 jae bad_put_user
35057 - ASM_STAC
35058 -1: movb %al,(%_ASM_CX)
35059 +
35060 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
35061 + mov pax_user_shadow_base,%_ASM_BX
35062 + cmp %_ASM_BX,%_ASM_CX
35063 + jb 1234f
35064 + xor %ebx,%ebx
35065 +1234:
35066 +#endif
35067 +
35068 +#endif
35069 +
35070 + ASM_USER_ACCESS_BEGIN
35071 +1: __copyuser_seg movb %al,(_DEST)
35072 xor %eax,%eax
35073 EXIT
35074 ENDPROC(__put_user_1)
35075
35076 ENTRY(__put_user_2)
35077 ENTER
35078 +
35079 +#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_MEMORY_UDEREF)
35080 + mov PER_CPU_VAR(current_task), %_ASM_BX
35081 mov TASK_addr_limit(%_ASM_BX),%_ASM_BX
35082 sub $1,%_ASM_BX
35083 cmp %_ASM_BX,%_ASM_CX
35084 jae bad_put_user
35085 - ASM_STAC
35086 -2: movw %ax,(%_ASM_CX)
35087 +
35088 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
35089 + mov pax_user_shadow_base,%_ASM_BX
35090 + cmp %_ASM_BX,%_ASM_CX
35091 + jb 1234f
35092 + xor %ebx,%ebx
35093 +1234:
35094 +#endif
35095 +
35096 +#endif
35097 +
35098 + ASM_USER_ACCESS_BEGIN
35099 +2: __copyuser_seg movw %ax,(_DEST)
35100 xor %eax,%eax
35101 EXIT
35102 ENDPROC(__put_user_2)
35103
35104 ENTRY(__put_user_4)
35105 ENTER
35106 +
35107 +#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_MEMORY_UDEREF)
35108 + mov PER_CPU_VAR(current_task), %_ASM_BX
35109 mov TASK_addr_limit(%_ASM_BX),%_ASM_BX
35110 sub $3,%_ASM_BX
35111 cmp %_ASM_BX,%_ASM_CX
35112 jae bad_put_user
35113 - ASM_STAC
35114 -3: movl %eax,(%_ASM_CX)
35115 +
35116 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
35117 + mov pax_user_shadow_base,%_ASM_BX
35118 + cmp %_ASM_BX,%_ASM_CX
35119 + jb 1234f
35120 + xor %ebx,%ebx
35121 +1234:
35122 +#endif
35123 +
35124 +#endif
35125 +
35126 + ASM_USER_ACCESS_BEGIN
35127 +3: __copyuser_seg movl %eax,(_DEST)
35128 xor %eax,%eax
35129 EXIT
35130 ENDPROC(__put_user_4)
35131
35132 ENTRY(__put_user_8)
35133 ENTER
35134 +
35135 +#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_MEMORY_UDEREF)
35136 + mov PER_CPU_VAR(current_task), %_ASM_BX
35137 mov TASK_addr_limit(%_ASM_BX),%_ASM_BX
35138 sub $7,%_ASM_BX
35139 cmp %_ASM_BX,%_ASM_CX
35140 jae bad_put_user
35141 - ASM_STAC
35142 -4: mov %_ASM_AX,(%_ASM_CX)
35143 +
35144 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
35145 + mov pax_user_shadow_base,%_ASM_BX
35146 + cmp %_ASM_BX,%_ASM_CX
35147 + jb 1234f
35148 + xor %ebx,%ebx
35149 +1234:
35150 +#endif
35151 +
35152 +#endif
35153 +
35154 + ASM_USER_ACCESS_BEGIN
35155 +4: __copyuser_seg mov %_ASM_AX,(_DEST)
35156 #ifdef CONFIG_X86_32
35157 -5: movl %edx,4(%_ASM_CX)
35158 +5: __copyuser_seg movl %edx,4(_DEST)
35159 #endif
35160 xor %eax,%eax
35161 EXIT
35162 diff --git a/arch/x86/lib/rwsem.S b/arch/x86/lib/rwsem.S
35163 index bf2c607..0e6d18b 100644
35164 --- a/arch/x86/lib/rwsem.S
35165 +++ b/arch/x86/lib/rwsem.S
35166 @@ -95,6 +95,7 @@ ENTRY(call_rwsem_down_read_failed)
35167 __ASM_SIZE(pop,) %__ASM_REG(dx)
35168 restore_common_regs
35169 FRAME_END
35170 + pax_force_retaddr
35171 ret
35172 ENDPROC(call_rwsem_down_read_failed)
35173
35174 @@ -105,6 +106,7 @@ ENTRY(call_rwsem_down_write_failed)
35175 call rwsem_down_write_failed
35176 restore_common_regs
35177 FRAME_END
35178 + pax_force_retaddr
35179 ret
35180 ENDPROC(call_rwsem_down_write_failed)
35181
35182 @@ -128,6 +130,7 @@ ENTRY(call_rwsem_wake)
35183 call rwsem_wake
35184 restore_common_regs
35185 1: FRAME_END
35186 + pax_force_retaddr
35187 ret
35188 ENDPROC(call_rwsem_wake)
35189
35190 @@ -140,5 +143,6 @@ ENTRY(call_rwsem_downgrade_wake)
35191 __ASM_SIZE(pop,) %__ASM_REG(dx)
35192 restore_common_regs
35193 FRAME_END
35194 + pax_force_retaddr
35195 ret
35196 ENDPROC(call_rwsem_downgrade_wake)
35197 diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c
35198 index 3bc7baf..63d1a4d 100644
35199 --- a/arch/x86/lib/usercopy_32.c
35200 +++ b/arch/x86/lib/usercopy_32.c
35201 @@ -42,11 +42,13 @@ do { \
35202 int __d0; \
35203 might_fault(); \
35204 __asm__ __volatile__( \
35205 + __COPYUSER_SET_ES \
35206 ASM_STAC "\n" \
35207 "0: rep; stosl\n" \
35208 " movl %2,%0\n" \
35209 "1: rep; stosb\n" \
35210 "2: " ASM_CLAC "\n" \
35211 + __COPYUSER_RESTORE_ES \
35212 ".section .fixup,\"ax\"\n" \
35213 "3: lea 0(%2,%0,4),%0\n" \
35214 " jmp 2b\n" \
35215 @@ -98,7 +100,7 @@ EXPORT_SYMBOL(__clear_user);
35216
35217 #ifdef CONFIG_X86_INTEL_USERCOPY
35218 static unsigned long
35219 -__copy_user_intel(void __user *to, const void *from, unsigned long size)
35220 +__generic_copy_to_user_intel(void __user *to, const void *from, unsigned long size)
35221 {
35222 int d0, d1;
35223 __asm__ __volatile__(
35224 @@ -110,36 +112,36 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size)
35225 " .align 2,0x90\n"
35226 "3: movl 0(%4), %%eax\n"
35227 "4: movl 4(%4), %%edx\n"
35228 - "5: movl %%eax, 0(%3)\n"
35229 - "6: movl %%edx, 4(%3)\n"
35230 + "5: "__copyuser_seg" movl %%eax, 0(%3)\n"
35231 + "6: "__copyuser_seg" movl %%edx, 4(%3)\n"
35232 "7: movl 8(%4), %%eax\n"
35233 "8: movl 12(%4),%%edx\n"
35234 - "9: movl %%eax, 8(%3)\n"
35235 - "10: movl %%edx, 12(%3)\n"
35236 + "9: "__copyuser_seg" movl %%eax, 8(%3)\n"
35237 + "10: "__copyuser_seg" movl %%edx, 12(%3)\n"
35238 "11: movl 16(%4), %%eax\n"
35239 "12: movl 20(%4), %%edx\n"
35240 - "13: movl %%eax, 16(%3)\n"
35241 - "14: movl %%edx, 20(%3)\n"
35242 + "13: "__copyuser_seg" movl %%eax, 16(%3)\n"
35243 + "14: "__copyuser_seg" movl %%edx, 20(%3)\n"
35244 "15: movl 24(%4), %%eax\n"
35245 "16: movl 28(%4), %%edx\n"
35246 - "17: movl %%eax, 24(%3)\n"
35247 - "18: movl %%edx, 28(%3)\n"
35248 + "17: "__copyuser_seg" movl %%eax, 24(%3)\n"
35249 + "18: "__copyuser_seg" movl %%edx, 28(%3)\n"
35250 "19: movl 32(%4), %%eax\n"
35251 "20: movl 36(%4), %%edx\n"
35252 - "21: movl %%eax, 32(%3)\n"
35253 - "22: movl %%edx, 36(%3)\n"
35254 + "21: "__copyuser_seg" movl %%eax, 32(%3)\n"
35255 + "22: "__copyuser_seg" movl %%edx, 36(%3)\n"
35256 "23: movl 40(%4), %%eax\n"
35257 "24: movl 44(%4), %%edx\n"
35258 - "25: movl %%eax, 40(%3)\n"
35259 - "26: movl %%edx, 44(%3)\n"
35260 + "25: "__copyuser_seg" movl %%eax, 40(%3)\n"
35261 + "26: "__copyuser_seg" movl %%edx, 44(%3)\n"
35262 "27: movl 48(%4), %%eax\n"
35263 "28: movl 52(%4), %%edx\n"
35264 - "29: movl %%eax, 48(%3)\n"
35265 - "30: movl %%edx, 52(%3)\n"
35266 + "29: "__copyuser_seg" movl %%eax, 48(%3)\n"
35267 + "30: "__copyuser_seg" movl %%edx, 52(%3)\n"
35268 "31: movl 56(%4), %%eax\n"
35269 "32: movl 60(%4), %%edx\n"
35270 - "33: movl %%eax, 56(%3)\n"
35271 - "34: movl %%edx, 60(%3)\n"
35272 + "33: "__copyuser_seg" movl %%eax, 56(%3)\n"
35273 + "34: "__copyuser_seg" movl %%edx, 60(%3)\n"
35274 " addl $-64, %0\n"
35275 " addl $64, %4\n"
35276 " addl $64, %3\n"
35277 @@ -149,10 +151,116 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size)
35278 " shrl $2, %0\n"
35279 " andl $3, %%eax\n"
35280 " cld\n"
35281 + __COPYUSER_SET_ES
35282 "99: rep; movsl\n"
35283 "36: movl %%eax, %0\n"
35284 "37: rep; movsb\n"
35285 "100:\n"
35286 + __COPYUSER_RESTORE_ES
35287 + ".section .fixup,\"ax\"\n"
35288 + "101: lea 0(%%eax,%0,4),%0\n"
35289 + " jmp 100b\n"
35290 + ".previous\n"
35291 + _ASM_EXTABLE(1b,100b)
35292 + _ASM_EXTABLE(2b,100b)
35293 + _ASM_EXTABLE(3b,100b)
35294 + _ASM_EXTABLE(4b,100b)
35295 + _ASM_EXTABLE(5b,100b)
35296 + _ASM_EXTABLE(6b,100b)
35297 + _ASM_EXTABLE(7b,100b)
35298 + _ASM_EXTABLE(8b,100b)
35299 + _ASM_EXTABLE(9b,100b)
35300 + _ASM_EXTABLE(10b,100b)
35301 + _ASM_EXTABLE(11b,100b)
35302 + _ASM_EXTABLE(12b,100b)
35303 + _ASM_EXTABLE(13b,100b)
35304 + _ASM_EXTABLE(14b,100b)
35305 + _ASM_EXTABLE(15b,100b)
35306 + _ASM_EXTABLE(16b,100b)
35307 + _ASM_EXTABLE(17b,100b)
35308 + _ASM_EXTABLE(18b,100b)
35309 + _ASM_EXTABLE(19b,100b)
35310 + _ASM_EXTABLE(20b,100b)
35311 + _ASM_EXTABLE(21b,100b)
35312 + _ASM_EXTABLE(22b,100b)
35313 + _ASM_EXTABLE(23b,100b)
35314 + _ASM_EXTABLE(24b,100b)
35315 + _ASM_EXTABLE(25b,100b)
35316 + _ASM_EXTABLE(26b,100b)
35317 + _ASM_EXTABLE(27b,100b)
35318 + _ASM_EXTABLE(28b,100b)
35319 + _ASM_EXTABLE(29b,100b)
35320 + _ASM_EXTABLE(30b,100b)
35321 + _ASM_EXTABLE(31b,100b)
35322 + _ASM_EXTABLE(32b,100b)
35323 + _ASM_EXTABLE(33b,100b)
35324 + _ASM_EXTABLE(34b,100b)
35325 + _ASM_EXTABLE(35b,100b)
35326 + _ASM_EXTABLE(36b,100b)
35327 + _ASM_EXTABLE(37b,100b)
35328 + _ASM_EXTABLE(99b,101b)
35329 + : "=&c"(size), "=&D" (d0), "=&S" (d1)
35330 + : "1"(to), "2"(from), "0"(size)
35331 + : "eax", "edx", "memory");
35332 + return size;
35333 +}
35334 +
35335 +static unsigned long
35336 +__generic_copy_from_user_intel(void *to, const void __user *from, unsigned long size)
35337 +{
35338 + int d0, d1;
35339 + __asm__ __volatile__(
35340 + " .align 2,0x90\n"
35341 + "1: "__copyuser_seg" movl 32(%4), %%eax\n"
35342 + " cmpl $67, %0\n"
35343 + " jbe 3f\n"
35344 + "2: "__copyuser_seg" movl 64(%4), %%eax\n"
35345 + " .align 2,0x90\n"
35346 + "3: "__copyuser_seg" movl 0(%4), %%eax\n"
35347 + "4: "__copyuser_seg" movl 4(%4), %%edx\n"
35348 + "5: movl %%eax, 0(%3)\n"
35349 + "6: movl %%edx, 4(%3)\n"
35350 + "7: "__copyuser_seg" movl 8(%4), %%eax\n"
35351 + "8: "__copyuser_seg" movl 12(%4),%%edx\n"
35352 + "9: movl %%eax, 8(%3)\n"
35353 + "10: movl %%edx, 12(%3)\n"
35354 + "11: "__copyuser_seg" movl 16(%4), %%eax\n"
35355 + "12: "__copyuser_seg" movl 20(%4), %%edx\n"
35356 + "13: movl %%eax, 16(%3)\n"
35357 + "14: movl %%edx, 20(%3)\n"
35358 + "15: "__copyuser_seg" movl 24(%4), %%eax\n"
35359 + "16: "__copyuser_seg" movl 28(%4), %%edx\n"
35360 + "17: movl %%eax, 24(%3)\n"
35361 + "18: movl %%edx, 28(%3)\n"
35362 + "19: "__copyuser_seg" movl 32(%4), %%eax\n"
35363 + "20: "__copyuser_seg" movl 36(%4), %%edx\n"
35364 + "21: movl %%eax, 32(%3)\n"
35365 + "22: movl %%edx, 36(%3)\n"
35366 + "23: "__copyuser_seg" movl 40(%4), %%eax\n"
35367 + "24: "__copyuser_seg" movl 44(%4), %%edx\n"
35368 + "25: movl %%eax, 40(%3)\n"
35369 + "26: movl %%edx, 44(%3)\n"
35370 + "27: "__copyuser_seg" movl 48(%4), %%eax\n"
35371 + "28: "__copyuser_seg" movl 52(%4), %%edx\n"
35372 + "29: movl %%eax, 48(%3)\n"
35373 + "30: movl %%edx, 52(%3)\n"
35374 + "31: "__copyuser_seg" movl 56(%4), %%eax\n"
35375 + "32: "__copyuser_seg" movl 60(%4), %%edx\n"
35376 + "33: movl %%eax, 56(%3)\n"
35377 + "34: movl %%edx, 60(%3)\n"
35378 + " addl $-64, %0\n"
35379 + " addl $64, %4\n"
35380 + " addl $64, %3\n"
35381 + " cmpl $63, %0\n"
35382 + " ja 1b\n"
35383 + "35: movl %0, %%eax\n"
35384 + " shrl $2, %0\n"
35385 + " andl $3, %%eax\n"
35386 + " cld\n"
35387 + "99: rep; "__copyuser_seg" movsl\n"
35388 + "36: movl %%eax, %0\n"
35389 + "37: rep; "__copyuser_seg" movsb\n"
35390 + "100:\n"
35391 ".section .fixup,\"ax\"\n"
35392 "101: lea 0(%%eax,%0,4),%0\n"
35393 " jmp 100b\n"
35394 @@ -207,41 +315,41 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size)
35395 int d0, d1;
35396 __asm__ __volatile__(
35397 " .align 2,0x90\n"
35398 - "0: movl 32(%4), %%eax\n"
35399 + "0: "__copyuser_seg" movl 32(%4), %%eax\n"
35400 " cmpl $67, %0\n"
35401 " jbe 2f\n"
35402 - "1: movl 64(%4), %%eax\n"
35403 + "1: "__copyuser_seg" movl 64(%4), %%eax\n"
35404 " .align 2,0x90\n"
35405 - "2: movl 0(%4), %%eax\n"
35406 - "21: movl 4(%4), %%edx\n"
35407 + "2: "__copyuser_seg" movl 0(%4), %%eax\n"
35408 + "21: "__copyuser_seg" movl 4(%4), %%edx\n"
35409 " movl %%eax, 0(%3)\n"
35410 " movl %%edx, 4(%3)\n"
35411 - "3: movl 8(%4), %%eax\n"
35412 - "31: movl 12(%4),%%edx\n"
35413 + "3: "__copyuser_seg" movl 8(%4), %%eax\n"
35414 + "31: "__copyuser_seg" movl 12(%4),%%edx\n"
35415 " movl %%eax, 8(%3)\n"
35416 " movl %%edx, 12(%3)\n"
35417 - "4: movl 16(%4), %%eax\n"
35418 - "41: movl 20(%4), %%edx\n"
35419 + "4: "__copyuser_seg" movl 16(%4), %%eax\n"
35420 + "41: "__copyuser_seg" movl 20(%4), %%edx\n"
35421 " movl %%eax, 16(%3)\n"
35422 " movl %%edx, 20(%3)\n"
35423 - "10: movl 24(%4), %%eax\n"
35424 - "51: movl 28(%4), %%edx\n"
35425 + "10: "__copyuser_seg" movl 24(%4), %%eax\n"
35426 + "51: "__copyuser_seg" movl 28(%4), %%edx\n"
35427 " movl %%eax, 24(%3)\n"
35428 " movl %%edx, 28(%3)\n"
35429 - "11: movl 32(%4), %%eax\n"
35430 - "61: movl 36(%4), %%edx\n"
35431 + "11: "__copyuser_seg" movl 32(%4), %%eax\n"
35432 + "61: "__copyuser_seg" movl 36(%4), %%edx\n"
35433 " movl %%eax, 32(%3)\n"
35434 " movl %%edx, 36(%3)\n"
35435 - "12: movl 40(%4), %%eax\n"
35436 - "71: movl 44(%4), %%edx\n"
35437 + "12: "__copyuser_seg" movl 40(%4), %%eax\n"
35438 + "71: "__copyuser_seg" movl 44(%4), %%edx\n"
35439 " movl %%eax, 40(%3)\n"
35440 " movl %%edx, 44(%3)\n"
35441 - "13: movl 48(%4), %%eax\n"
35442 - "81: movl 52(%4), %%edx\n"
35443 + "13: "__copyuser_seg" movl 48(%4), %%eax\n"
35444 + "81: "__copyuser_seg" movl 52(%4), %%edx\n"
35445 " movl %%eax, 48(%3)\n"
35446 " movl %%edx, 52(%3)\n"
35447 - "14: movl 56(%4), %%eax\n"
35448 - "91: movl 60(%4), %%edx\n"
35449 + "14: "__copyuser_seg" movl 56(%4), %%eax\n"
35450 + "91: "__copyuser_seg" movl 60(%4), %%edx\n"
35451 " movl %%eax, 56(%3)\n"
35452 " movl %%edx, 60(%3)\n"
35453 " addl $-64, %0\n"
35454 @@ -253,9 +361,9 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size)
35455 " shrl $2, %0\n"
35456 " andl $3, %%eax\n"
35457 " cld\n"
35458 - "6: rep; movsl\n"
35459 + "6: rep; "__copyuser_seg" movsl\n"
35460 " movl %%eax,%0\n"
35461 - "7: rep; movsb\n"
35462 + "7: rep; "__copyuser_seg" movsb\n"
35463 "8:\n"
35464 ".section .fixup,\"ax\"\n"
35465 "9: lea 0(%%eax,%0,4),%0\n"
35466 @@ -305,41 +413,41 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to,
35467
35468 __asm__ __volatile__(
35469 " .align 2,0x90\n"
35470 - "0: movl 32(%4), %%eax\n"
35471 + "0: "__copyuser_seg" movl 32(%4), %%eax\n"
35472 " cmpl $67, %0\n"
35473 " jbe 2f\n"
35474 - "1: movl 64(%4), %%eax\n"
35475 + "1: "__copyuser_seg" movl 64(%4), %%eax\n"
35476 " .align 2,0x90\n"
35477 - "2: movl 0(%4), %%eax\n"
35478 - "21: movl 4(%4), %%edx\n"
35479 + "2: "__copyuser_seg" movl 0(%4), %%eax\n"
35480 + "21: "__copyuser_seg" movl 4(%4), %%edx\n"
35481 " movnti %%eax, 0(%3)\n"
35482 " movnti %%edx, 4(%3)\n"
35483 - "3: movl 8(%4), %%eax\n"
35484 - "31: movl 12(%4),%%edx\n"
35485 + "3: "__copyuser_seg" movl 8(%4), %%eax\n"
35486 + "31: "__copyuser_seg" movl 12(%4),%%edx\n"
35487 " movnti %%eax, 8(%3)\n"
35488 " movnti %%edx, 12(%3)\n"
35489 - "4: movl 16(%4), %%eax\n"
35490 - "41: movl 20(%4), %%edx\n"
35491 + "4: "__copyuser_seg" movl 16(%4), %%eax\n"
35492 + "41: "__copyuser_seg" movl 20(%4), %%edx\n"
35493 " movnti %%eax, 16(%3)\n"
35494 " movnti %%edx, 20(%3)\n"
35495 - "10: movl 24(%4), %%eax\n"
35496 - "51: movl 28(%4), %%edx\n"
35497 + "10: "__copyuser_seg" movl 24(%4), %%eax\n"
35498 + "51: "__copyuser_seg" movl 28(%4), %%edx\n"
35499 " movnti %%eax, 24(%3)\n"
35500 " movnti %%edx, 28(%3)\n"
35501 - "11: movl 32(%4), %%eax\n"
35502 - "61: movl 36(%4), %%edx\n"
35503 + "11: "__copyuser_seg" movl 32(%4), %%eax\n"
35504 + "61: "__copyuser_seg" movl 36(%4), %%edx\n"
35505 " movnti %%eax, 32(%3)\n"
35506 " movnti %%edx, 36(%3)\n"
35507 - "12: movl 40(%4), %%eax\n"
35508 - "71: movl 44(%4), %%edx\n"
35509 + "12: "__copyuser_seg" movl 40(%4), %%eax\n"
35510 + "71: "__copyuser_seg" movl 44(%4), %%edx\n"
35511 " movnti %%eax, 40(%3)\n"
35512 " movnti %%edx, 44(%3)\n"
35513 - "13: movl 48(%4), %%eax\n"
35514 - "81: movl 52(%4), %%edx\n"
35515 + "13: "__copyuser_seg" movl 48(%4), %%eax\n"
35516 + "81: "__copyuser_seg" movl 52(%4), %%edx\n"
35517 " movnti %%eax, 48(%3)\n"
35518 " movnti %%edx, 52(%3)\n"
35519 - "14: movl 56(%4), %%eax\n"
35520 - "91: movl 60(%4), %%edx\n"
35521 + "14: "__copyuser_seg" movl 56(%4), %%eax\n"
35522 + "91: "__copyuser_seg" movl 60(%4), %%edx\n"
35523 " movnti %%eax, 56(%3)\n"
35524 " movnti %%edx, 60(%3)\n"
35525 " addl $-64, %0\n"
35526 @@ -352,9 +460,9 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to,
35527 " shrl $2, %0\n"
35528 " andl $3, %%eax\n"
35529 " cld\n"
35530 - "6: rep; movsl\n"
35531 + "6: rep; "__copyuser_seg" movsl\n"
35532 " movl %%eax,%0\n"
35533 - "7: rep; movsb\n"
35534 + "7: rep; "__copyuser_seg" movsb\n"
35535 "8:\n"
35536 ".section .fixup,\"ax\"\n"
35537 "9: lea 0(%%eax,%0,4),%0\n"
35538 @@ -399,41 +507,41 @@ static unsigned long __copy_user_intel_nocache(void *to,
35539
35540 __asm__ __volatile__(
35541 " .align 2,0x90\n"
35542 - "0: movl 32(%4), %%eax\n"
35543 + "0: "__copyuser_seg" movl 32(%4), %%eax\n"
35544 " cmpl $67, %0\n"
35545 " jbe 2f\n"
35546 - "1: movl 64(%4), %%eax\n"
35547 + "1: "__copyuser_seg" movl 64(%4), %%eax\n"
35548 " .align 2,0x90\n"
35549 - "2: movl 0(%4), %%eax\n"
35550 - "21: movl 4(%4), %%edx\n"
35551 + "2: "__copyuser_seg" movl 0(%4), %%eax\n"
35552 + "21: "__copyuser_seg" movl 4(%4), %%edx\n"
35553 " movnti %%eax, 0(%3)\n"
35554 " movnti %%edx, 4(%3)\n"
35555 - "3: movl 8(%4), %%eax\n"
35556 - "31: movl 12(%4),%%edx\n"
35557 + "3: "__copyuser_seg" movl 8(%4), %%eax\n"
35558 + "31: "__copyuser_seg" movl 12(%4),%%edx\n"
35559 " movnti %%eax, 8(%3)\n"
35560 " movnti %%edx, 12(%3)\n"
35561 - "4: movl 16(%4), %%eax\n"
35562 - "41: movl 20(%4), %%edx\n"
35563 + "4: "__copyuser_seg" movl 16(%4), %%eax\n"
35564 + "41: "__copyuser_seg" movl 20(%4), %%edx\n"
35565 " movnti %%eax, 16(%3)\n"
35566 " movnti %%edx, 20(%3)\n"
35567 - "10: movl 24(%4), %%eax\n"
35568 - "51: movl 28(%4), %%edx\n"
35569 + "10: "__copyuser_seg" movl 24(%4), %%eax\n"
35570 + "51: "__copyuser_seg" movl 28(%4), %%edx\n"
35571 " movnti %%eax, 24(%3)\n"
35572 " movnti %%edx, 28(%3)\n"
35573 - "11: movl 32(%4), %%eax\n"
35574 - "61: movl 36(%4), %%edx\n"
35575 + "11: "__copyuser_seg" movl 32(%4), %%eax\n"
35576 + "61: "__copyuser_seg" movl 36(%4), %%edx\n"
35577 " movnti %%eax, 32(%3)\n"
35578 " movnti %%edx, 36(%3)\n"
35579 - "12: movl 40(%4), %%eax\n"
35580 - "71: movl 44(%4), %%edx\n"
35581 + "12: "__copyuser_seg" movl 40(%4), %%eax\n"
35582 + "71: "__copyuser_seg" movl 44(%4), %%edx\n"
35583 " movnti %%eax, 40(%3)\n"
35584 " movnti %%edx, 44(%3)\n"
35585 - "13: movl 48(%4), %%eax\n"
35586 - "81: movl 52(%4), %%edx\n"
35587 + "13: "__copyuser_seg" movl 48(%4), %%eax\n"
35588 + "81: "__copyuser_seg" movl 52(%4), %%edx\n"
35589 " movnti %%eax, 48(%3)\n"
35590 " movnti %%edx, 52(%3)\n"
35591 - "14: movl 56(%4), %%eax\n"
35592 - "91: movl 60(%4), %%edx\n"
35593 + "14: "__copyuser_seg" movl 56(%4), %%eax\n"
35594 + "91: "__copyuser_seg" movl 60(%4), %%edx\n"
35595 " movnti %%eax, 56(%3)\n"
35596 " movnti %%edx, 60(%3)\n"
35597 " addl $-64, %0\n"
35598 @@ -446,9 +554,9 @@ static unsigned long __copy_user_intel_nocache(void *to,
35599 " shrl $2, %0\n"
35600 " andl $3, %%eax\n"
35601 " cld\n"
35602 - "6: rep; movsl\n"
35603 + "6: rep; "__copyuser_seg" movsl\n"
35604 " movl %%eax,%0\n"
35605 - "7: rep; movsb\n"
35606 + "7: rep; "__copyuser_seg" movsb\n"
35607 "8:\n"
35608 ".section .fixup,\"ax\"\n"
35609 "9: lea 0(%%eax,%0,4),%0\n"
35610 @@ -488,32 +596,36 @@ static unsigned long __copy_user_intel_nocache(void *to,
35611 */
35612 unsigned long __copy_user_zeroing_intel(void *to, const void __user *from,
35613 unsigned long size);
35614 -unsigned long __copy_user_intel(void __user *to, const void *from,
35615 +unsigned long __generic_copy_to_user_intel(void __user *to, const void *from,
35616 + unsigned long size);
35617 +unsigned long __generic_copy_from_user_intel(void *to, const void __user *from,
35618 unsigned long size);
35619 unsigned long __copy_user_zeroing_intel_nocache(void *to,
35620 const void __user *from, unsigned long size);
35621 #endif /* CONFIG_X86_INTEL_USERCOPY */
35622
35623 /* Generic arbitrary sized copy. */
35624 -#define __copy_user(to, from, size) \
35625 +#define __copy_user(to, from, size, prefix, set, restore) \
35626 do { \
35627 int __d0, __d1, __d2; \
35628 __asm__ __volatile__( \
35629 + set \
35630 " cmp $7,%0\n" \
35631 " jbe 1f\n" \
35632 " movl %1,%0\n" \
35633 " negl %0\n" \
35634 " andl $7,%0\n" \
35635 " subl %0,%3\n" \
35636 - "4: rep; movsb\n" \
35637 + "4: rep; "prefix"movsb\n" \
35638 " movl %3,%0\n" \
35639 " shrl $2,%0\n" \
35640 " andl $3,%3\n" \
35641 " .align 2,0x90\n" \
35642 - "0: rep; movsl\n" \
35643 + "0: rep; "prefix"movsl\n" \
35644 " movl %3,%0\n" \
35645 - "1: rep; movsb\n" \
35646 + "1: rep; "prefix"movsb\n" \
35647 "2:\n" \
35648 + restore \
35649 ".section .fixup,\"ax\"\n" \
35650 "5: addl %3,%0\n" \
35651 " jmp 2b\n" \
35652 @@ -538,14 +650,14 @@ do { \
35653 " negl %0\n" \
35654 " andl $7,%0\n" \
35655 " subl %0,%3\n" \
35656 - "4: rep; movsb\n" \
35657 + "4: rep; "__copyuser_seg"movsb\n" \
35658 " movl %3,%0\n" \
35659 " shrl $2,%0\n" \
35660 " andl $3,%3\n" \
35661 " .align 2,0x90\n" \
35662 - "0: rep; movsl\n" \
35663 + "0: rep; "__copyuser_seg"movsl\n" \
35664 " movl %3,%0\n" \
35665 - "1: rep; movsb\n" \
35666 + "1: rep; "__copyuser_seg"movsb\n" \
35667 "2:\n" \
35668 ".section .fixup,\"ax\"\n" \
35669 "5: addl %3,%0\n" \
35670 @@ -572,9 +684,9 @@ unsigned long __copy_to_user_ll(void __user *to, const void *from,
35671 {
35672 stac();
35673 if (movsl_is_ok(to, from, n))
35674 - __copy_user(to, from, n);
35675 + __copy_user(to, from, n, "", __COPYUSER_SET_ES, __COPYUSER_RESTORE_ES);
35676 else
35677 - n = __copy_user_intel(to, from, n);
35678 + n = __generic_copy_to_user_intel(to, from, n);
35679 clac();
35680 return n;
35681 }
35682 @@ -598,10 +710,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from,
35683 {
35684 stac();
35685 if (movsl_is_ok(to, from, n))
35686 - __copy_user(to, from, n);
35687 + __copy_user(to, from, n, __copyuser_seg, "", "");
35688 else
35689 - n = __copy_user_intel((void __user *)to,
35690 - (const void *)from, n);
35691 + n = __generic_copy_from_user_intel(to, from, n);
35692 clac();
35693 return n;
35694 }
35695 @@ -632,60 +743,38 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr
35696 if (n > 64 && static_cpu_has(X86_FEATURE_XMM2))
35697 n = __copy_user_intel_nocache(to, from, n);
35698 else
35699 - __copy_user(to, from, n);
35700 + __copy_user(to, from, n, __copyuser_seg, "", "");
35701 #else
35702 - __copy_user(to, from, n);
35703 + __copy_user(to, from, n, __copyuser_seg, "", "");
35704 #endif
35705 clac();
35706 return n;
35707 }
35708 EXPORT_SYMBOL(__copy_from_user_ll_nocache_nozero);
35709
35710 -/**
35711 - * copy_to_user: - Copy a block of data into user space.
35712 - * @to: Destination address, in user space.
35713 - * @from: Source address, in kernel space.
35714 - * @n: Number of bytes to copy.
35715 - *
35716 - * Context: User context only. This function may sleep if pagefaults are
35717 - * enabled.
35718 - *
35719 - * Copy data from kernel space to user space.
35720 - *
35721 - * Returns number of bytes that could not be copied.
35722 - * On success, this will be zero.
35723 - */
35724 -unsigned long _copy_to_user(void __user *to, const void *from, unsigned n)
35725 +#ifdef CONFIG_PAX_MEMORY_UDEREF
35726 +void __set_fs(mm_segment_t x)
35727 {
35728 - if (access_ok(VERIFY_WRITE, to, n))
35729 - n = __copy_to_user(to, from, n);
35730 - return n;
35731 + switch (x.seg) {
35732 + case 0:
35733 + loadsegment(gs, 0);
35734 + break;
35735 + case TASK_SIZE_MAX:
35736 + loadsegment(gs, __USER_DS);
35737 + break;
35738 + case -1UL:
35739 + loadsegment(gs, __KERNEL_DS);
35740 + break;
35741 + default:
35742 + BUG();
35743 + }
35744 }
35745 -EXPORT_SYMBOL(_copy_to_user);
35746 +EXPORT_SYMBOL(__set_fs);
35747
35748 -/**
35749 - * copy_from_user: - Copy a block of data from user space.
35750 - * @to: Destination address, in kernel space.
35751 - * @from: Source address, in user space.
35752 - * @n: Number of bytes to copy.
35753 - *
35754 - * Context: User context only. This function may sleep if pagefaults are
35755 - * enabled.
35756 - *
35757 - * Copy data from user space to kernel space.
35758 - *
35759 - * Returns number of bytes that could not be copied.
35760 - * On success, this will be zero.
35761 - *
35762 - * If some data could not be copied, this function will pad the copied
35763 - * data to the requested size using zero bytes.
35764 - */
35765 -unsigned long _copy_from_user(void *to, const void __user *from, unsigned n)
35766 +void set_fs(mm_segment_t x)
35767 {
35768 - if (access_ok(VERIFY_READ, from, n))
35769 - n = __copy_from_user(to, from, n);
35770 - else
35771 - memset(to, 0, n);
35772 - return n;
35773 + current_thread_info()->addr_limit = x;
35774 + __set_fs(x);
35775 }
35776 -EXPORT_SYMBOL(_copy_from_user);
35777 +EXPORT_SYMBOL(set_fs);
35778 +#endif
35779 diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c
35780 index 6987358..adaea41 100644
35781 --- a/arch/x86/lib/usercopy_64.c
35782 +++ b/arch/x86/lib/usercopy_64.c
35783 @@ -18,7 +18,7 @@ unsigned long __clear_user(void __user *addr, unsigned long size)
35784 might_fault();
35785 /* no memory constraint because it doesn't change any memory gcc knows
35786 about */
35787 - stac();
35788 + user_access_begin();
35789 asm volatile(
35790 " testq %[size8],%[size8]\n"
35791 " jz 4f\n"
35792 @@ -39,9 +39,9 @@ unsigned long __clear_user(void __user *addr, unsigned long size)
35793 _ASM_EXTABLE(0b,3b)
35794 _ASM_EXTABLE(1b,2b)
35795 : [size8] "=&c"(size), [dst] "=&D" (__d0)
35796 - : [size1] "r"(size & 7), "[size8]" (size / 8), "[dst]"(addr),
35797 + : [size1] "r"(size & 7), "[size8]" (size / 8), "[dst]"(____m(addr)),
35798 [zero] "r" (0UL), [eight] "r" (8UL));
35799 - clac();
35800 + user_access_end();
35801 return size;
35802 }
35803 EXPORT_SYMBOL(__clear_user);
35804 @@ -54,12 +54,11 @@ unsigned long clear_user(void __user *to, unsigned long n)
35805 }
35806 EXPORT_SYMBOL(clear_user);
35807
35808 -unsigned long copy_in_user(void __user *to, const void __user *from, unsigned len)
35809 +unsigned long copy_in_user(void __user *to, const void __user *from, unsigned long len)
35810 {
35811 - if (access_ok(VERIFY_WRITE, to, len) && access_ok(VERIFY_READ, from, len)) {
35812 - return copy_user_generic((__force void *)to, (__force void *)from, len);
35813 - }
35814 - return len;
35815 + if (access_ok(VERIFY_WRITE, to, len) && access_ok(VERIFY_READ, from, len))
35816 + return copy_user_generic((void __force_kernel *)____m(to), (void __force_kernel *)____m(from), len);
35817 + return len;
35818 }
35819 EXPORT_SYMBOL(copy_in_user);
35820
35821 @@ -69,8 +68,9 @@ EXPORT_SYMBOL(copy_in_user);
35822 * it is not necessary to optimize tail handling.
35823 */
35824 __visible unsigned long
35825 -copy_user_handle_tail(char *to, char *from, unsigned len)
35826 +copy_user_handle_tail(char __user *to, char __user *from, unsigned long len)
35827 {
35828 + user_access_end();
35829 for (; len; --len, to++) {
35830 char c;
35831
35832 @@ -79,10 +79,9 @@ copy_user_handle_tail(char *to, char *from, unsigned len)
35833 if (__put_user_nocheck(c, to, sizeof(char)))
35834 break;
35835 }
35836 - clac();
35837
35838 /* If the destination is a kernel buffer, we always clear the end */
35839 - if (!__addr_ok(to))
35840 - memset(to, 0, len);
35841 + if (!__addr_ok(to) && (unsigned long)to >= TASK_SIZE_MAX + pax_user_shadow_base)
35842 + memset((void __force_kernel *)to, 0, len);
35843 return len;
35844 }
35845 diff --git a/arch/x86/math-emu/fpu_aux.c b/arch/x86/math-emu/fpu_aux.c
35846 index 024f6e9..308f1b0 100644
35847 --- a/arch/x86/math-emu/fpu_aux.c
35848 +++ b/arch/x86/math-emu/fpu_aux.c
35849 @@ -52,7 +52,7 @@ void fpstate_init_soft(struct swregs_state *soft)
35850
35851 void finit(void)
35852 {
35853 - fpstate_init_soft(&current->thread.fpu.state.soft);
35854 + fpstate_init_soft(&current->thread.fpu.state->soft);
35855 }
35856
35857 /*
35858 diff --git a/arch/x86/math-emu/fpu_entry.c b/arch/x86/math-emu/fpu_entry.c
35859 index e945fed..bffe686 100644
35860 --- a/arch/x86/math-emu/fpu_entry.c
35861 +++ b/arch/x86/math-emu/fpu_entry.c
35862 @@ -643,7 +643,7 @@ int fpregs_soft_set(struct task_struct *target,
35863 unsigned int pos, unsigned int count,
35864 const void *kbuf, const void __user *ubuf)
35865 {
35866 - struct swregs_state *s387 = &target->thread.fpu.state.soft;
35867 + struct swregs_state *s387 = &target->thread.fpu.state->soft;
35868 void *space = s387->st_space;
35869 int ret;
35870 int offset, other, i, tags, regnr, tag, newtop;
35871 @@ -695,7 +695,7 @@ int fpregs_soft_get(struct task_struct *target,
35872 unsigned int pos, unsigned int count,
35873 void *kbuf, void __user *ubuf)
35874 {
35875 - struct swregs_state *s387 = &target->thread.fpu.state.soft;
35876 + struct swregs_state *s387 = &target->thread.fpu.state->soft;
35877 const void *space = s387->st_space;
35878 int ret;
35879 int offset = (S387->ftop & 7) * 10, other = 80 - offset;
35880 diff --git a/arch/x86/math-emu/fpu_etc.c b/arch/x86/math-emu/fpu_etc.c
35881 index 233e5af5..dd82ff0 100644
35882 --- a/arch/x86/math-emu/fpu_etc.c
35883 +++ b/arch/x86/math-emu/fpu_etc.c
35884 @@ -119,9 +119,14 @@ static void fxam(FPU_REG *st0_ptr, u_char st0tag)
35885 setcc(c);
35886 }
35887
35888 +static void FPU_ST0_illegal(FPU_REG *st0_ptr, u_char st0_tag)
35889 +{
35890 + FPU_illegal();
35891 +}
35892 +
35893 static FUNC_ST0 const fp_etc_table[] = {
35894 - fchs, fabs, (FUNC_ST0) FPU_illegal, (FUNC_ST0) FPU_illegal,
35895 - ftst_, fxam, (FUNC_ST0) FPU_illegal, (FUNC_ST0) FPU_illegal
35896 + fchs, fabs, FPU_ST0_illegal, FPU_ST0_illegal,
35897 + ftst_, fxam, FPU_ST0_illegal, FPU_ST0_illegal
35898 };
35899
35900 void FPU_etc(void)
35901 diff --git a/arch/x86/math-emu/fpu_system.h b/arch/x86/math-emu/fpu_system.h
35902 index 5e044d5..d342fce 100644
35903 --- a/arch/x86/math-emu/fpu_system.h
35904 +++ b/arch/x86/math-emu/fpu_system.h
35905 @@ -46,7 +46,7 @@ static inline struct desc_struct FPU_get_ldt_descriptor(unsigned seg)
35906 #define SEG_EXPAND_DOWN(s) (((s).b & ((1 << 11) | (1 << 10))) \
35907 == (1 << 10))
35908
35909 -#define I387 (&current->thread.fpu.state)
35910 +#define I387 (current->thread.fpu.state)
35911 #define FPU_info (I387->soft.info)
35912
35913 #define FPU_CS (*(unsigned short *) &(FPU_info->regs->cs))
35914 diff --git a/arch/x86/math-emu/fpu_trig.c b/arch/x86/math-emu/fpu_trig.c
35915 index ecd0668..4b4c664 100644
35916 --- a/arch/x86/math-emu/fpu_trig.c
35917 +++ b/arch/x86/math-emu/fpu_trig.c
35918 @@ -432,13 +432,13 @@ static void fxtract(FPU_REG *st0_ptr, u_char st0_tag)
35919 #endif /* PARANOID */
35920 }
35921
35922 -static void fdecstp(void)
35923 +static void fdecstp(FPU_REG *st0_ptr, u_char st0_tag)
35924 {
35925 clear_C1();
35926 top--;
35927 }
35928
35929 -static void fincstp(void)
35930 +static void fincstp(FPU_REG *st0_ptr, u_char st0_tag)
35931 {
35932 clear_C1();
35933 top++;
35934 @@ -607,6 +607,11 @@ static int fsin(FPU_REG *st0_ptr, u_char tag)
35935 }
35936 }
35937
35938 +static void _fsin(FPU_REG *st0_ptr, u_char tag)
35939 +{
35940 + fsin(st0_ptr, tag);
35941 +}
35942 +
35943 static int f_cos(FPU_REG *st0_ptr, u_char tag)
35944 {
35945 u_char st0_sign;
35946 @@ -1625,7 +1630,7 @@ static void fscale(FPU_REG *st0_ptr, u_char st0_tag)
35947
35948 static FUNC_ST0 const trig_table_a[] = {
35949 f2xm1, fyl2x, fptan, fpatan,
35950 - fxtract, fprem1, (FUNC_ST0) fdecstp, (FUNC_ST0) fincstp
35951 + fxtract, fprem1, fdecstp, fincstp
35952 };
35953
35954 void FPU_triga(void)
35955 @@ -1634,7 +1639,7 @@ void FPU_triga(void)
35956 }
35957
35958 static FUNC_ST0 const trig_table_b[] = {
35959 - fprem, fyl2xp1, fsqrt_, fsincos, frndint_, fscale, (FUNC_ST0) fsin, fcos
35960 + fprem, fyl2xp1, fsqrt_, fsincos, frndint_, fscale, _fsin, fcos
35961 };
35962
35963 void FPU_trigb(void)
35964 diff --git a/arch/x86/math-emu/reg_constant.c b/arch/x86/math-emu/reg_constant.c
35965 index 0054835..a3bd671 100644
35966 --- a/arch/x86/math-emu/reg_constant.c
35967 +++ b/arch/x86/math-emu/reg_constant.c
35968 @@ -107,8 +107,13 @@ static void fldz(int rc)
35969
35970 typedef void (*FUNC_RC) (int);
35971
35972 +static void FPU_RC_illegal(int rc)
35973 +{
35974 + FPU_illegal();
35975 +}
35976 +
35977 static FUNC_RC constants_table[] = {
35978 - fld1, fldl2t, fldl2e, fldpi, fldlg2, fldln2, fldz, (FUNC_RC) FPU_illegal
35979 + fld1, fldl2t, fldl2e, fldpi, fldlg2, fldln2, fldz, FPU_RC_illegal
35980 };
35981
35982 void fconst(void)
35983 diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile
35984 index 96d2b84..b3db380 100644
35985 --- a/arch/x86/mm/Makefile
35986 +++ b/arch/x86/mm/Makefile
35987 @@ -39,3 +39,7 @@ obj-$(CONFIG_X86_INTEL_MPX) += mpx.o
35988 obj-$(CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS) += pkeys.o
35989 obj-$(CONFIG_RANDOMIZE_MEMORY) += kaslr.o
35990
35991 +quote:="
35992 +obj-$(CONFIG_X86_64) += uderef_64.o
35993 +CFLAGS_uderef_64.o := -fcall-saved-rax -fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11
35994 +
35995 diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c
35996 index ea9c49a..7ab033a 100644
35997 --- a/arch/x86/mm/dump_pagetables.c
35998 +++ b/arch/x86/mm/dump_pagetables.c
35999 @@ -27,6 +27,7 @@
36000 struct pg_state {
36001 int level;
36002 pgprot_t current_prot;
36003 + pgprot_t current_prots[5];
36004 unsigned long start_address;
36005 unsigned long current_address;
36006 const struct addr_marker *marker;
36007 @@ -184,6 +185,23 @@ static unsigned long normalize_addr(unsigned long u)
36008 #endif
36009 }
36010
36011 +static pgprot_t merge_prot(pgprot_t old_prot, pgprot_t new_prot)
36012 +{
36013 + if (!(pgprot_val(new_prot) & _PAGE_PRESENT))
36014 + return new_prot;
36015 +
36016 + if (!(pgprot_val(old_prot) & _PAGE_PRESENT))
36017 + return new_prot;
36018 +
36019 + if (pgprot_val(old_prot) & _PAGE_NX)
36020 + pgprot_val(new_prot) |= _PAGE_NX;
36021 +
36022 + if (!(pgprot_val(old_prot) & _PAGE_RW))
36023 + pgprot_val(new_prot) &= ~_PAGE_RW;
36024 +
36025 + return new_prot;
36026 +}
36027 +
36028 /*
36029 * This function gets called on a break in a continuous series
36030 * of PTE entries; the next one is different so we need to
36031 @@ -200,11 +218,13 @@ static void note_page(struct seq_file *m, struct pg_state *st,
36032 * we have now. "break" is either changing perms, levels or
36033 * address space marker.
36034 */
36035 + new_prot = merge_prot(st->current_prots[level - 1], new_prot);
36036 prot = pgprot_val(new_prot);
36037 cur = pgprot_val(st->current_prot);
36038
36039 if (!st->level) {
36040 /* First entry */
36041 + st->current_prots[0] = __pgprot(_PAGE_RW);
36042 st->current_prot = new_prot;
36043 st->level = level;
36044 st->marker = address_markers;
36045 @@ -216,9 +236,8 @@ static void note_page(struct seq_file *m, struct pg_state *st,
36046 const char *unit = units;
36047 unsigned long delta;
36048 int width = sizeof(unsigned long) * 2;
36049 - pgprotval_t pr = pgprot_val(st->current_prot);
36050
36051 - if (st->check_wx && (pr & _PAGE_RW) && !(pr & _PAGE_NX)) {
36052 + if (st->check_wx && (cur & _PAGE_RW) && !(cur & _PAGE_NX)) {
36053 WARN_ONCE(1,
36054 "x86/mm: Found insecure W+X mapping at address %p/%pS\n",
36055 (void *)st->start_address,
36056 @@ -304,9 +323,10 @@ static void walk_pmd_level(struct seq_file *m, struct pg_state *st, pud_t addr,
36057 start = (pmd_t *) pud_page_vaddr(addr);
36058 for (i = 0; i < PTRS_PER_PMD; i++) {
36059 st->current_address = normalize_addr(P + i * PMD_LEVEL_MULT);
36060 + prot = pmd_flags(*start);
36061 + st->current_prots[3] = merge_prot(st->current_prots[2], __pgprot(prot));
36062 if (!pmd_none(*start)) {
36063 if (pmd_large(*start) || !pmd_present(*start)) {
36064 - prot = pmd_flags(*start);
36065 note_page(m, st, __pgprot(prot), 3);
36066 } else {
36067 walk_pte_level(m, st, *start,
36068 @@ -337,9 +357,10 @@ static void walk_pud_level(struct seq_file *m, struct pg_state *st, pgd_t addr,
36069
36070 for (i = 0; i < PTRS_PER_PUD; i++) {
36071 st->current_address = normalize_addr(P + i * PUD_LEVEL_MULT);
36072 + prot = pud_flags(*start);
36073 + st->current_prots[2] = merge_prot(st->current_prots[1], __pgprot(start->pud));
36074 if (!pud_none(*start)) {
36075 if (pud_large(*start) || !pud_present(*start)) {
36076 - prot = pud_flags(*start);
36077 note_page(m, st, __pgprot(prot), 2);
36078 } else {
36079 walk_pmd_level(m, st, *start,
36080 @@ -395,9 +416,10 @@ static void ptdump_walk_pgd_level_core(struct seq_file *m, pgd_t *pgd,
36081
36082 for (i = 0; i < PTRS_PER_PGD; i++) {
36083 st.current_address = normalize_addr(i * PGD_LEVEL_MULT);
36084 + prot = pgd_flags(*start);
36085 + st.current_prots[1] = __pgprot(prot);
36086 if (!pgd_none(*start) && !is_hypervisor_range(i)) {
36087 if (pgd_large(*start) || !pgd_present(*start)) {
36088 - prot = pgd_flags(*start);
36089 note_page(m, &st, __pgprot(prot), 1);
36090 } else {
36091 walk_pud_level(m, &st, *start,
36092 diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c
36093 index 832b98f..f107868 100644
36094 --- a/arch/x86/mm/extable.c
36095 +++ b/arch/x86/mm/extable.c
36096 @@ -102,7 +102,7 @@ int fixup_exception(struct pt_regs *regs, int trapnr)
36097 ex_handler_t handler;
36098
36099 #ifdef CONFIG_PNPBIOS
36100 - if (unlikely(SEGMENT_IS_PNP_CODE(regs->cs))) {
36101 + if (unlikely(!v8086_mode(regs) && SEGMENT_IS_PNP_CODE(regs->cs))) {
36102 extern u32 pnp_bios_fault_eip, pnp_bios_fault_esp;
36103 extern u32 pnp_bios_is_utter_crap;
36104 pnp_bios_is_utter_crap = 1;
36105 diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
36106 index dc80230..d0ef276 100644
36107 --- a/arch/x86/mm/fault.c
36108 +++ b/arch/x86/mm/fault.c
36109 @@ -14,6 +14,8 @@
36110 #include <linux/prefetch.h> /* prefetchw */
36111 #include <linux/context_tracking.h> /* exception_enter(), ... */
36112 #include <linux/uaccess.h> /* faulthandler_disabled() */
36113 +#include <linux/unistd.h>
36114 +#include <linux/compiler.h>
36115
36116 #include <asm/cpufeature.h> /* boot_cpu_has, ... */
36117 #include <asm/traps.h> /* dotraplinkage, ... */
36118 @@ -23,6 +25,11 @@
36119 #include <asm/vsyscall.h> /* emulate_vsyscall */
36120 #include <asm/vm86.h> /* struct vm86 */
36121 #include <asm/mmu_context.h> /* vma_pkey() */
36122 +#include <asm/tlbflush.h>
36123 +
36124 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
36125 +#include <asm/stacktrace.h>
36126 +#endif
36127
36128 #define CREATE_TRACE_POINTS
36129 #include <asm/trace/exceptions.h>
36130 @@ -126,7 +133,10 @@ check_prefetch_opcode(struct pt_regs *regs, unsigned char *instr,
36131 return !instr_lo || (instr_lo>>1) == 1;
36132 case 0x00:
36133 /* Prefetch instruction is 0x0F0D or 0x0F18 */
36134 - if (probe_kernel_address(instr, opcode))
36135 + if (user_mode(regs)) {
36136 + if (__copy_from_user_inatomic(&opcode, (unsigned char __force_user *)(instr), 1))
36137 + return 0;
36138 + } else if (probe_kernel_address(instr, opcode))
36139 return 0;
36140
36141 *prefetch = (instr_lo == 0xF) &&
36142 @@ -160,7 +170,10 @@ is_prefetch(struct pt_regs *regs, unsigned long error_code, unsigned long addr)
36143 while (instr < max_instr) {
36144 unsigned char opcode;
36145
36146 - if (probe_kernel_address(instr, opcode))
36147 + if (user_mode(regs)) {
36148 + if (__copy_from_user_inatomic(&opcode, (unsigned char __force_user *)(instr), 1))
36149 + break;
36150 + } else if (probe_kernel_address(instr, opcode))
36151 break;
36152
36153 instr++;
36154 @@ -244,6 +257,34 @@ force_sig_info_fault(int si_signo, int si_code, unsigned long address,
36155 force_sig_info(si_signo, &info, tsk);
36156 }
36157
36158 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
36159 +static bool pax_is_fetch_fault(struct pt_regs *regs, unsigned long error_code, unsigned long address);
36160 +#endif
36161 +
36162 +#ifdef CONFIG_PAX_EMUTRAMP
36163 +static int pax_handle_fetch_fault(struct pt_regs *regs);
36164 +#endif
36165 +
36166 +#ifdef CONFIG_PAX_PAGEEXEC
36167 +static inline pmd_t * pax_get_pmd(struct mm_struct *mm, unsigned long address)
36168 +{
36169 + pgd_t *pgd;
36170 + pud_t *pud;
36171 + pmd_t *pmd;
36172 +
36173 + pgd = pgd_offset(mm, address);
36174 + if (!pgd_present(*pgd))
36175 + return NULL;
36176 + pud = pud_offset(pgd, address);
36177 + if (!pud_present(*pud))
36178 + return NULL;
36179 + pmd = pmd_offset(pud, address);
36180 + if (!pmd_present(*pmd))
36181 + return NULL;
36182 + return pmd;
36183 +}
36184 +#endif
36185 +
36186 DEFINE_SPINLOCK(pgd_lock);
36187 LIST_HEAD(pgd_list);
36188
36189 @@ -294,10 +335,27 @@ void vmalloc_sync_all(void)
36190 for (address = VMALLOC_START & PMD_MASK;
36191 address >= TASK_SIZE_MAX && address < FIXADDR_TOP;
36192 address += PMD_SIZE) {
36193 +
36194 +#ifdef CONFIG_PAX_PER_CPU_PGD
36195 + unsigned long cpu;
36196 +#else
36197 struct page *page;
36198 +#endif
36199
36200 spin_lock(&pgd_lock);
36201 +
36202 +#ifdef CONFIG_PAX_PER_CPU_PGD
36203 + for (cpu = 0; cpu < nr_cpu_ids; ++cpu) {
36204 + pgd_t *pgd = get_cpu_pgd(cpu, user);
36205 + pmd_t *ret;
36206 +
36207 + ret = vmalloc_sync_one(pgd, address);
36208 + if (!ret)
36209 + break;
36210 + pgd = get_cpu_pgd(cpu, kernel);
36211 +#else
36212 list_for_each_entry(page, &pgd_list, lru) {
36213 + pgd_t *pgd;
36214 spinlock_t *pgt_lock;
36215 pmd_t *ret;
36216
36217 @@ -305,8 +363,14 @@ void vmalloc_sync_all(void)
36218 pgt_lock = &pgd_page_get_mm(page)->page_table_lock;
36219
36220 spin_lock(pgt_lock);
36221 - ret = vmalloc_sync_one(page_address(page), address);
36222 + pgd = page_address(page);
36223 +#endif
36224 +
36225 + ret = vmalloc_sync_one(pgd, address);
36226 +
36227 +#ifndef CONFIG_PAX_PER_CPU_PGD
36228 spin_unlock(pgt_lock);
36229 +#endif
36230
36231 if (!ret)
36232 break;
36233 @@ -340,6 +404,12 @@ static noinline int vmalloc_fault(unsigned long address)
36234 * an interrupt in the middle of a task switch..
36235 */
36236 pgd_paddr = read_cr3();
36237 +
36238 +#ifdef CONFIG_PAX_PER_CPU_PGD
36239 + BUG_ON(__pa(get_cpu_pgd(smp_processor_id(), kernel)) != (pgd_paddr & __PHYSICAL_MASK));
36240 + vmalloc_sync_one(__va(pgd_paddr + PTRS_PER_PGD * sizeof(pgd_t)), address);
36241 +#endif
36242 +
36243 pmd_k = vmalloc_sync_one(__va(pgd_paddr), address);
36244 if (!pmd_k)
36245 return -1;
36246 @@ -439,11 +509,24 @@ static noinline int vmalloc_fault(unsigned long address)
36247 * happen within a race in page table update. In the later
36248 * case just flush:
36249 */
36250 - pgd = (pgd_t *)__va(read_cr3()) + pgd_index(address);
36251 pgd_ref = pgd_offset_k(address);
36252 if (pgd_none(*pgd_ref))
36253 return -1;
36254
36255 +#ifdef CONFIG_PAX_PER_CPU_PGD
36256 + BUG_ON(__pa(get_cpu_pgd(smp_processor_id(), kernel)) != (read_cr3() & __PHYSICAL_MASK));
36257 + pgd = pgd_offset_cpu(smp_processor_id(), user, address);
36258 + if (pgd_none(*pgd)) {
36259 + set_pgd(pgd, *pgd_ref);
36260 + arch_flush_lazy_mmu_mode();
36261 + } else {
36262 + BUG_ON(pgd_page_vaddr(*pgd) != pgd_page_vaddr(*pgd_ref));
36263 + }
36264 + pgd = pgd_offset_cpu(smp_processor_id(), kernel, address);
36265 +#else
36266 + pgd = (pgd_t *)__va(read_cr3()) + pgd_index(address);
36267 +#endif
36268 +
36269 if (pgd_none(*pgd)) {
36270 set_pgd(pgd, *pgd_ref);
36271 arch_flush_lazy_mmu_mode();
36272 @@ -616,7 +699,7 @@ static int is_errata93(struct pt_regs *regs, unsigned long address)
36273 static int is_errata100(struct pt_regs *regs, unsigned long address)
36274 {
36275 #ifdef CONFIG_X86_64
36276 - if ((regs->cs == __USER32_CS || (regs->cs & (1<<2))) && (address >> 32))
36277 + if ((regs->cs == __USER32_CS || (regs->cs & SEGMENT_LDT)) && (address >> 32))
36278 return 1;
36279 #endif
36280 return 0;
36281 @@ -643,9 +726,9 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address)
36282 }
36283
36284 static const char nx_warning[] = KERN_CRIT
36285 -"kernel tried to execute NX-protected page - exploit attempt? (uid: %d)\n";
36286 +"kernel tried to execute NX-protected page - exploit attempt? (uid: %d, task: %s, pid: %d)\n";
36287 static const char smep_warning[] = KERN_CRIT
36288 -"unable to execute userspace code (SMEP?) (uid: %d)\n";
36289 +"unable to execute userspace code (SMEP?) (uid: %d, task: %s, pid: %d)\n";
36290
36291 static void
36292 show_fault_oops(struct pt_regs *regs, unsigned long error_code,
36293 @@ -654,7 +737,7 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code,
36294 if (!oops_may_print())
36295 return;
36296
36297 - if (error_code & PF_INSTR) {
36298 + if ((__supported_pte_mask & _PAGE_NX) && (error_code & PF_INSTR)) {
36299 unsigned int level;
36300 pgd_t *pgd;
36301 pte_t *pte;
36302 @@ -665,13 +748,25 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code,
36303 pte = lookup_address_in_pgd(pgd, address, &level);
36304
36305 if (pte && pte_present(*pte) && !pte_exec(*pte))
36306 - printk(nx_warning, from_kuid(&init_user_ns, current_uid()));
36307 + printk(nx_warning, from_kuid_munged(&init_user_ns, current_uid()), current->comm, task_pid_nr(current));
36308 if (pte && pte_present(*pte) && pte_exec(*pte) &&
36309 (pgd_flags(*pgd) & _PAGE_USER) &&
36310 (__read_cr4() & X86_CR4_SMEP))
36311 - printk(smep_warning, from_kuid(&init_user_ns, current_uid()));
36312 + printk(smep_warning, from_kuid(&init_user_ns, current_uid()), current->comm, task_pid_nr(current));
36313 }
36314
36315 +#ifdef CONFIG_PAX_KERNEXEC
36316 + if (init_mm.start_code <= address && address < init_mm.end_code) {
36317 + if (current->signal->curr_ip)
36318 + printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
36319 + &current->signal->curr_ip, current->comm, task_pid_nr(current),
36320 + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
36321 + else
36322 + printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current),
36323 + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
36324 + }
36325 +#endif
36326 +
36327 printk(KERN_ALERT "BUG: unable to handle kernel ");
36328 if (address < PAGE_SIZE)
36329 printk(KERN_CONT "NULL pointer dereference");
36330 @@ -855,6 +950,21 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,
36331 }
36332 #endif
36333
36334 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
36335 + if (pax_is_fetch_fault(regs, error_code, address)) {
36336 +
36337 +#ifdef CONFIG_PAX_EMUTRAMP
36338 + switch (pax_handle_fetch_fault(regs)) {
36339 + case 2:
36340 + return;
36341 + }
36342 +#endif
36343 +
36344 + pax_report_fault(regs, (void *)regs->ip, (void *)regs->sp);
36345 + do_group_exit(SIGKILL);
36346 + }
36347 +#endif
36348 +
36349 /*
36350 * To avoid leaking information about the kernel page table
36351 * layout, pretend that user-mode accesses to kernel addresses
36352 @@ -966,7 +1076,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
36353 if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) {
36354 printk(KERN_ERR
36355 "MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n",
36356 - tsk->comm, tsk->pid, address);
36357 + tsk->comm, task_pid_nr(tsk), address);
36358 code = BUS_MCEERR_AR;
36359 }
36360 #endif
36361 @@ -1025,6 +1135,109 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
36362 return 1;
36363 }
36364
36365 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
36366 +static inline unsigned long get_limit(unsigned long segment)
36367 +{
36368 + unsigned long __limit;
36369 +
36370 + asm("lsll %1,%0" : "=r" (__limit) : "r" (segment));
36371 + return __limit + 1;
36372 +}
36373 +
36374 +static int pax_handle_pageexec_fault(struct pt_regs *regs, struct mm_struct *mm, unsigned long address, unsigned long error_code)
36375 +{
36376 + pte_t *pte;
36377 + pmd_t *pmd;
36378 + spinlock_t *ptl;
36379 + unsigned char pte_mask;
36380 +
36381 + if ((__supported_pte_mask & _PAGE_NX) || (error_code & (PF_PROT|PF_USER)) != (PF_PROT|PF_USER) || v8086_mode(regs) ||
36382 + !(mm->pax_flags & MF_PAX_PAGEEXEC))
36383 + return 0;
36384 +
36385 + /* PaX: it's our fault, let's handle it if we can */
36386 +
36387 + /* PaX: take a look at read faults before acquiring any locks */
36388 + if (unlikely(!(error_code & PF_WRITE) && (regs->ip == address))) {
36389 + /* instruction fetch attempt from a protected page in user mode */
36390 + up_read(&mm->mmap_sem);
36391 +
36392 +#ifdef CONFIG_PAX_EMUTRAMP
36393 + switch (pax_handle_fetch_fault(regs)) {
36394 + case 2:
36395 + return 1;
36396 + }
36397 +#endif
36398 +
36399 + pax_report_fault(regs, (void *)regs->ip, (void *)regs->sp);
36400 + do_group_exit(SIGKILL);
36401 + }
36402 +
36403 + pmd = pax_get_pmd(mm, address);
36404 + if (unlikely(!pmd))
36405 + return 0;
36406 +
36407 + pte = pte_offset_map_lock(mm, pmd, address, &ptl);
36408 + if (unlikely(!(pte_val(*pte) & _PAGE_PRESENT) || pte_user(*pte))) {
36409 + pte_unmap_unlock(pte, ptl);
36410 + return 0;
36411 + }
36412 +
36413 + if (unlikely((error_code & PF_WRITE) && !pte_write(*pte))) {
36414 + /* write attempt to a protected page in user mode */
36415 + pte_unmap_unlock(pte, ptl);
36416 + return 0;
36417 + }
36418 +
36419 +#ifdef CONFIG_SMP
36420 + if (likely(address > get_limit(regs->cs) && cpumask_test_cpu(smp_processor_id(), &mm->context.cpu_user_cs_mask)))
36421 +#else
36422 + if (likely(address > get_limit(regs->cs)))
36423 +#endif
36424 + {
36425 + set_pte(pte, pte_mkread(*pte));
36426 + __flush_tlb_one(address);
36427 + pte_unmap_unlock(pte, ptl);
36428 + up_read(&mm->mmap_sem);
36429 + return 1;
36430 + }
36431 +
36432 + pte_mask = _PAGE_ACCESSED | _PAGE_USER | ((error_code & PF_WRITE) << (_PAGE_BIT_DIRTY-1));
36433 +
36434 + /*
36435 + * PaX: fill DTLB with user rights and retry
36436 + */
36437 + __asm__ __volatile__ (
36438 + "orb %2,(%1)\n"
36439 +#if defined(CONFIG_M586) || defined(CONFIG_M586TSC)
36440 +/*
36441 + * PaX: let this uncommented 'invlpg' remind us on the behaviour of Intel's
36442 + * (and AMD's) TLBs. namely, they do not cache PTEs that would raise *any*
36443 + * page fault when examined during a TLB load attempt. this is true not only
36444 + * for PTEs holding a non-present entry but also present entries that will
36445 + * raise a page fault (such as those set up by PaX, or the copy-on-write
36446 + * mechanism). in effect it means that we do *not* need to flush the TLBs
36447 + * for our target pages since their PTEs are simply not in the TLBs at all.
36448 +
36449 + * the best thing in omitting it is that we gain around 15-20% speed in the
36450 + * fast path of the page fault handler and can get rid of tracing since we
36451 + * can no longer flush unintended entries.
36452 + */
36453 + "invlpg (%0)\n"
36454 +#endif
36455 + ASM_STAC "\n"
36456 + __copyuser_seg"testb $0,(%0)\n"
36457 + ASM_CLAC "\n"
36458 + "xorb %3,(%1)\n"
36459 + :
36460 + : "r" (address), "r" (pte), "q" (pte_mask), "i" (_PAGE_USER)
36461 + : "memory", "cc");
36462 + pte_unmap_unlock(pte, ptl);
36463 + up_read(&mm->mmap_sem);
36464 + return 1;
36465 +}
36466 +#endif
36467 +
36468 /*
36469 * Handle a spurious fault caused by a stale TLB entry.
36470 *
36471 @@ -1112,6 +1325,10 @@ access_error(unsigned long error_code, struct vm_area_struct *vma)
36472 {
36473 /* This is only called for the current mm, so: */
36474 bool foreign = false;
36475 +
36476 + if ((__supported_pte_mask & _PAGE_NX) && (error_code & PF_INSTR) && !(vma->vm_flags & VM_EXEC))
36477 + return 1;
36478 +
36479 /*
36480 * Make sure to check the VMA so that we do not perform
36481 * faults just to hit a PF_PK as soon as we fill in a
36482 @@ -1183,6 +1400,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
36483 tsk = current;
36484 mm = tsk->mm;
36485
36486 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
36487 + if (!user_mode(regs) && address < 2 * pax_user_shadow_base) {
36488 + if (!search_exception_tables(regs->ip)) {
36489 + printk(KERN_EMERG "PAX: please report this to pageexec@freemail.hu\n");
36490 + bad_area_nosemaphore(regs, error_code, address, NULL);
36491 + return;
36492 + }
36493 + if (address < pax_user_shadow_base) {
36494 + printk(KERN_EMERG "PAX: please report this to pageexec@freemail.hu\n");
36495 + printk(KERN_EMERG "PAX: faulting IP: %pS\n", (void *)regs->ip);
36496 + show_trace_log_lvl(NULL, NULL, (void *)regs->sp, regs->bp, KERN_EMERG);
36497 + } else
36498 + address -= pax_user_shadow_base;
36499 + }
36500 +#endif
36501 +
36502 /*
36503 * Detect and handle instructions that would cause a page fault for
36504 * both a tracked kernel page and a userspace page.
36505 @@ -1309,6 +1542,11 @@ retry:
36506 might_sleep();
36507 }
36508
36509 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
36510 + if (pax_handle_pageexec_fault(regs, mm, address, error_code))
36511 + return;
36512 +#endif
36513 +
36514 vma = find_vma(mm, address);
36515 if (unlikely(!vma)) {
36516 bad_area(regs, error_code, address);
36517 @@ -1320,18 +1558,24 @@ retry:
36518 bad_area(regs, error_code, address);
36519 return;
36520 }
36521 - if (error_code & PF_USER) {
36522 - /*
36523 - * Accessing the stack below %sp is always a bug.
36524 - * The large cushion allows instructions like enter
36525 - * and pusha to work. ("enter $65535, $31" pushes
36526 - * 32 pointers and then decrements %sp by 65535.)
36527 - */
36528 - if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < regs->sp)) {
36529 - bad_area(regs, error_code, address);
36530 - return;
36531 - }
36532 + /*
36533 + * Accessing the stack below %sp is always a bug.
36534 + * The large cushion allows instructions like enter
36535 + * and pusha to work. ("enter $65535, $31" pushes
36536 + * 32 pointers and then decrements %sp by 65535.)
36537 + */
36538 + if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < task_pt_regs(tsk)->sp)) {
36539 + bad_area(regs, error_code, address);
36540 + return;
36541 }
36542 +
36543 +#ifdef CONFIG_PAX_SEGMEXEC
36544 + if (unlikely((mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end - SEGMEXEC_TASK_SIZE - 1 < address - SEGMEXEC_TASK_SIZE - 1)) {
36545 + bad_area(regs, error_code, address);
36546 + return;
36547 + }
36548 +#endif
36549 +
36550 if (unlikely(expand_stack(vma, address))) {
36551 bad_area(regs, error_code, address);
36552 return;
36553 @@ -1451,3 +1695,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
36554 }
36555 NOKPROBE_SYMBOL(trace_do_page_fault);
36556 #endif /* CONFIG_TRACING */
36557 +
36558 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
36559 +static bool pax_is_fetch_fault(struct pt_regs *regs, unsigned long error_code, unsigned long address)
36560 +{
36561 + struct mm_struct *mm = current->mm;
36562 + unsigned long ip = regs->ip;
36563 +
36564 + if (v8086_mode(regs))
36565 + ip = ((regs->cs & 0xffff) << 4) + (ip & 0xffff);
36566 +
36567 +#ifdef CONFIG_PAX_PAGEEXEC
36568 + if (mm->pax_flags & MF_PAX_PAGEEXEC) {
36569 + if ((__supported_pte_mask & _PAGE_NX) && (error_code & PF_INSTR))
36570 + return true;
36571 + if (!(error_code & (PF_PROT | PF_WRITE)) && ip == address)
36572 + return true;
36573 + return false;
36574 + }
36575 +#endif
36576 +
36577 +#ifdef CONFIG_PAX_SEGMEXEC
36578 + if (mm->pax_flags & MF_PAX_SEGMEXEC) {
36579 + if (!(error_code & (PF_PROT | PF_WRITE)) && (ip + SEGMEXEC_TASK_SIZE == address))
36580 + return true;
36581 + return false;
36582 + }
36583 +#endif
36584 +
36585 + return false;
36586 +}
36587 +#endif
36588 +
36589 +#ifdef CONFIG_PAX_EMUTRAMP
36590 +static int pax_handle_fetch_fault_32(struct pt_regs *regs)
36591 +{
36592 + int err;
36593 +
36594 + do { /* PaX: libffi trampoline emulation */
36595 + unsigned char mov, jmp;
36596 + unsigned int addr1, addr2;
36597 +
36598 +#ifdef CONFIG_X86_64
36599 + if ((regs->ip + 9) >> 32)
36600 + break;
36601 +#endif
36602 +
36603 + err = get_user(mov, (unsigned char __user *)regs->ip);
36604 + err |= get_user(addr1, (unsigned int __user *)(regs->ip + 1));
36605 + err |= get_user(jmp, (unsigned char __user *)(regs->ip + 5));
36606 + err |= get_user(addr2, (unsigned int __user *)(regs->ip + 6));
36607 +
36608 + if (err)
36609 + break;
36610 +
36611 + if (mov == 0xB8 && jmp == 0xE9) {
36612 + regs->ax = addr1;
36613 + regs->ip = (unsigned int)(regs->ip + addr2 + 10);
36614 + return 2;
36615 + }
36616 + } while (0);
36617 +
36618 + do { /* PaX: gcc trampoline emulation #1 */
36619 + unsigned char mov1, mov2;
36620 + unsigned short jmp;
36621 + unsigned int addr1, addr2;
36622 +
36623 +#ifdef CONFIG_X86_64
36624 + if ((regs->ip + 11) >> 32)
36625 + break;
36626 +#endif
36627 +
36628 + err = get_user(mov1, (unsigned char __user *)regs->ip);
36629 + err |= get_user(addr1, (unsigned int __user *)(regs->ip + 1));
36630 + err |= get_user(mov2, (unsigned char __user *)(regs->ip + 5));
36631 + err |= get_user(addr2, (unsigned int __user *)(regs->ip + 6));
36632 + err |= get_user(jmp, (unsigned short __user *)(regs->ip + 10));
36633 +
36634 + if (err)
36635 + break;
36636 +
36637 + if (mov1 == 0xB9 && mov2 == 0xB8 && jmp == 0xE0FF) {
36638 + regs->cx = addr1;
36639 + regs->ax = addr2;
36640 + regs->ip = addr2;
36641 + return 2;
36642 + }
36643 + } while (0);
36644 +
36645 + do { /* PaX: gcc trampoline emulation #2 */
36646 + unsigned char mov, jmp;
36647 + unsigned int addr1, addr2;
36648 +
36649 +#ifdef CONFIG_X86_64
36650 + if ((regs->ip + 9) >> 32)
36651 + break;
36652 +#endif
36653 +
36654 + err = get_user(mov, (unsigned char __user *)regs->ip);
36655 + err |= get_user(addr1, (unsigned int __user *)(regs->ip + 1));
36656 + err |= get_user(jmp, (unsigned char __user *)(regs->ip + 5));
36657 + err |= get_user(addr2, (unsigned int __user *)(regs->ip + 6));
36658 +
36659 + if (err)
36660 + break;
36661 +
36662 + if (mov == 0xB9 && jmp == 0xE9) {
36663 + regs->cx = addr1;
36664 + regs->ip = (unsigned int)(regs->ip + addr2 + 10);
36665 + return 2;
36666 + }
36667 + } while (0);
36668 +
36669 + return 1; /* PaX in action */
36670 +}
36671 +
36672 +#ifdef CONFIG_X86_64
36673 +static int pax_handle_fetch_fault_64(struct pt_regs *regs)
36674 +{
36675 + int err;
36676 +
36677 + do { /* PaX: libffi trampoline emulation */
36678 + unsigned short mov1, mov2, jmp1;
36679 + unsigned char stcclc, jmp2;
36680 + unsigned long addr1, addr2;
36681 +
36682 + err = get_user(mov1, (unsigned short __user *)regs->ip);
36683 + err |= get_user(addr1, (unsigned long __user *)(regs->ip + 2));
36684 + err |= get_user(mov2, (unsigned short __user *)(regs->ip + 10));
36685 + err |= get_user(addr2, (unsigned long __user *)(regs->ip + 12));
36686 + err |= get_user(stcclc, (unsigned char __user *)(regs->ip + 20));
36687 + err |= get_user(jmp1, (unsigned short __user *)(regs->ip + 21));
36688 + err |= get_user(jmp2, (unsigned char __user *)(regs->ip + 23));
36689 +
36690 + if (err)
36691 + break;
36692 +
36693 + if (mov1 == 0xBB49 && mov2 == 0xBA49 && (stcclc == 0xF8 || stcclc == 0xF9) && jmp1 == 0xFF49 && jmp2 == 0xE3) {
36694 + regs->r11 = addr1;
36695 + regs->r10 = addr2;
36696 + if (stcclc == 0xF8)
36697 + regs->flags &= ~X86_EFLAGS_CF;
36698 + else
36699 + regs->flags |= X86_EFLAGS_CF;
36700 + regs->ip = addr1;
36701 + return 2;
36702 + }
36703 + } while (0);
36704 +
36705 + do { /* PaX: gcc trampoline emulation #1 */
36706 + unsigned short mov1, mov2, jmp1;
36707 + unsigned char jmp2;
36708 + unsigned int addr1;
36709 + unsigned long addr2;
36710 +
36711 + err = get_user(mov1, (unsigned short __user *)regs->ip);
36712 + err |= get_user(addr1, (unsigned int __user *)(regs->ip + 2));
36713 + err |= get_user(mov2, (unsigned short __user *)(regs->ip + 6));
36714 + err |= get_user(addr2, (unsigned long __user *)(regs->ip + 8));
36715 + err |= get_user(jmp1, (unsigned short __user *)(regs->ip + 16));
36716 + err |= get_user(jmp2, (unsigned char __user *)(regs->ip + 18));
36717 +
36718 + if (err)
36719 + break;
36720 +
36721 + if (mov1 == 0xBB41 && mov2 == 0xBA49 && jmp1 == 0xFF49 && jmp2 == 0xE3) {
36722 + regs->r11 = addr1;
36723 + regs->r10 = addr2;
36724 + regs->ip = addr1;
36725 + return 2;
36726 + }
36727 + } while (0);
36728 +
36729 + do { /* PaX: gcc trampoline emulation #2 */
36730 + unsigned short mov1, mov2, jmp1;
36731 + unsigned char jmp2;
36732 + unsigned long addr1, addr2;
36733 +
36734 + err = get_user(mov1, (unsigned short __user *)regs->ip);
36735 + err |= get_user(addr1, (unsigned long __user *)(regs->ip + 2));
36736 + err |= get_user(mov2, (unsigned short __user *)(regs->ip + 10));
36737 + err |= get_user(addr2, (unsigned long __user *)(regs->ip + 12));
36738 + err |= get_user(jmp1, (unsigned short __user *)(regs->ip + 20));
36739 + err |= get_user(jmp2, (unsigned char __user *)(regs->ip + 22));
36740 +
36741 + if (err)
36742 + break;
36743 +
36744 + if (mov1 == 0xBB49 && mov2 == 0xBA49 && jmp1 == 0xFF49 && jmp2 == 0xE3) {
36745 + regs->r11 = addr1;
36746 + regs->r10 = addr2;
36747 + regs->ip = addr1;
36748 + return 2;
36749 + }
36750 + } while (0);
36751 +
36752 + return 1; /* PaX in action */
36753 +}
36754 +#endif
36755 +
36756 +/*
36757 + * PaX: decide what to do with offenders (regs->ip = fault address)
36758 + *
36759 + * returns 1 when task should be killed
36760 + * 2 when gcc trampoline was detected
36761 + */
36762 +static int pax_handle_fetch_fault(struct pt_regs *regs)
36763 +{
36764 + if (v8086_mode(regs))
36765 + return 1;
36766 +
36767 + if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP))
36768 + return 1;
36769 +
36770 +#ifdef CONFIG_X86_32
36771 + return pax_handle_fetch_fault_32(regs);
36772 +#else
36773 + if (regs->cs == __USER32_CS || (regs->cs & SEGMENT_LDT))
36774 + return pax_handle_fetch_fault_32(regs);
36775 + else
36776 + return pax_handle_fetch_fault_64(regs);
36777 +#endif
36778 +}
36779 +#endif
36780 +
36781 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
36782 +void pax_report_insns(struct pt_regs *regs, void *pc, void *sp)
36783 +{
36784 + long i;
36785 +
36786 + printk(KERN_ERR "PAX: bytes at PC: ");
36787 + for (i = 0; i < 20; i++) {
36788 + unsigned char c;
36789 + if (get_user(c, (unsigned char __force_user *)pc+i))
36790 + printk(KERN_CONT "?? ");
36791 + else
36792 + printk(KERN_CONT "%02x ", c);
36793 + }
36794 + printk("\n");
36795 +
36796 + printk(KERN_ERR "PAX: bytes at SP-%lu: ", (unsigned long)sizeof(long));
36797 + for (i = -1; i < 80 / (long)sizeof(long); i++) {
36798 + unsigned long c;
36799 + if (get_user(c, (unsigned long __force_user *)sp+i)) {
36800 +#ifdef CONFIG_X86_32
36801 + printk(KERN_CONT "???????? ");
36802 +#else
36803 + if ((regs->cs == __USER32_CS || (regs->cs & SEGMENT_LDT)))
36804 + printk(KERN_CONT "???????? ???????? ");
36805 + else
36806 + printk(KERN_CONT "???????????????? ");
36807 +#endif
36808 + } else {
36809 +#ifdef CONFIG_X86_64
36810 + if ((regs->cs == __USER32_CS || (regs->cs & SEGMENT_LDT))) {
36811 + printk(KERN_CONT "%08x ", (unsigned int)c);
36812 + printk(KERN_CONT "%08x ", (unsigned int)(c >> 32));
36813 + } else
36814 +#endif
36815 + printk(KERN_CONT "%0*lx ", 2 * (int)sizeof(long), c);
36816 + }
36817 + }
36818 + printk("\n");
36819 +}
36820 +#endif
36821 +
36822 +/**
36823 + * probe_kernel_write(): safely attempt to write to a location
36824 + * @dst: address to write to
36825 + * @src: pointer to the data that shall be written
36826 + * @size: size of the data chunk
36827 + *
36828 + * Safely write to address @dst from the buffer at @src. If a kernel fault
36829 + * happens, handle that and return -EFAULT.
36830 + */
36831 +long notrace probe_kernel_write(void *dst, const void *src, size_t size)
36832 +{
36833 + long ret;
36834 + mm_segment_t old_fs = get_fs();
36835 +
36836 + set_fs(KERNEL_DS);
36837 + pagefault_disable();
36838 + pax_open_kernel();
36839 + ret = __copy_to_user_inatomic((void __force_user *)dst, src, size);
36840 + pax_close_kernel();
36841 + pagefault_enable();
36842 + set_fs(old_fs);
36843 +
36844 + return ret ? -EFAULT : 0;
36845 +}
36846 diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c
36847 index b8b6a60..9193b78 100644
36848 --- a/arch/x86/mm/gup.c
36849 +++ b/arch/x86/mm/gup.c
36850 @@ -313,7 +313,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
36851 addr = start;
36852 len = (unsigned long) nr_pages << PAGE_SHIFT;
36853 end = start + len;
36854 - if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ,
36855 + if (unlikely(!access_ok_noprefault(write ? VERIFY_WRITE : VERIFY_READ,
36856 (void __user *)start, len)))
36857 return 0;
36858
36859 @@ -389,6 +389,10 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write,
36860 goto slow_irqon;
36861 #endif
36862
36863 + if (unlikely(!access_ok_noprefault(write ? VERIFY_WRITE : VERIFY_READ,
36864 + (void __user *)start, len)))
36865 + return 0;
36866 +
36867 /*
36868 * XXX: batch / limit 'nr', to avoid large irq off latency
36869 * needs some instrumenting to determine the common sizes used by
36870 diff --git a/arch/x86/mm/highmem_32.c b/arch/x86/mm/highmem_32.c
36871 index 6d18b70..9dc249e 100644
36872 --- a/arch/x86/mm/highmem_32.c
36873 +++ b/arch/x86/mm/highmem_32.c
36874 @@ -35,6 +35,8 @@ void *kmap_atomic_prot(struct page *page, pgprot_t prot)
36875 unsigned long vaddr;
36876 int idx, type;
36877
36878 + BUG_ON(pgprot_val(prot) & _PAGE_USER);
36879 +
36880 preempt_disable();
36881 pagefault_disable();
36882
36883 @@ -45,7 +47,11 @@ void *kmap_atomic_prot(struct page *page, pgprot_t prot)
36884 idx = type + KM_TYPE_NR*smp_processor_id();
36885 vaddr = __fix_to_virt(FIX_KMAP_BEGIN + idx);
36886 BUG_ON(!pte_none(*(kmap_pte-idx)));
36887 +
36888 + pax_open_kernel();
36889 set_pte(kmap_pte-idx, mk_pte(page, prot));
36890 + pax_close_kernel();
36891 +
36892 arch_flush_lazy_mmu_mode();
36893
36894 return (void *)vaddr;
36895 diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c
36896 index 2ae8584..e8f8f29 100644
36897 --- a/arch/x86/mm/hugetlbpage.c
36898 +++ b/arch/x86/mm/hugetlbpage.c
36899 @@ -74,23 +74,24 @@ int pud_huge(pud_t pud)
36900 #ifdef CONFIG_HUGETLB_PAGE
36901 static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
36902 unsigned long addr, unsigned long len,
36903 - unsigned long pgoff, unsigned long flags)
36904 + unsigned long pgoff, unsigned long flags, unsigned long offset)
36905 {
36906 struct hstate *h = hstate_file(file);
36907 struct vm_unmapped_area_info info;
36908 -
36909 +
36910 info.flags = 0;
36911 info.length = len;
36912 info.low_limit = current->mm->mmap_legacy_base;
36913 info.high_limit = TASK_SIZE;
36914 info.align_mask = PAGE_MASK & ~huge_page_mask(h);
36915 info.align_offset = 0;
36916 + info.threadstack_offset = offset;
36917 return vm_unmapped_area(&info);
36918 }
36919
36920 static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
36921 unsigned long addr0, unsigned long len,
36922 - unsigned long pgoff, unsigned long flags)
36923 + unsigned long pgoff, unsigned long flags, unsigned long offset)
36924 {
36925 struct hstate *h = hstate_file(file);
36926 struct vm_unmapped_area_info info;
36927 @@ -102,6 +103,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
36928 info.high_limit = current->mm->mmap_base;
36929 info.align_mask = PAGE_MASK & ~huge_page_mask(h);
36930 info.align_offset = 0;
36931 + info.threadstack_offset = offset;
36932 addr = vm_unmapped_area(&info);
36933
36934 /*
36935 @@ -114,6 +116,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
36936 VM_BUG_ON(addr != -ENOMEM);
36937 info.flags = 0;
36938 info.low_limit = TASK_UNMAPPED_BASE;
36939 +
36940 +#ifdef CONFIG_PAX_RANDMMAP
36941 + if (current->mm->pax_flags & MF_PAX_RANDMMAP)
36942 + info.low_limit += current->mm->delta_mmap;
36943 +#endif
36944 +
36945 info.high_limit = TASK_SIZE;
36946 addr = vm_unmapped_area(&info);
36947 }
36948 @@ -128,10 +136,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
36949 struct hstate *h = hstate_file(file);
36950 struct mm_struct *mm = current->mm;
36951 struct vm_area_struct *vma;
36952 + unsigned long pax_task_size = TASK_SIZE;
36953 + unsigned long offset = gr_rand_threadstack_offset(mm, file, flags);
36954
36955 if (len & ~huge_page_mask(h))
36956 return -EINVAL;
36957 - if (len > TASK_SIZE)
36958 +
36959 +#ifdef CONFIG_PAX_SEGMEXEC
36960 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
36961 + pax_task_size = SEGMEXEC_TASK_SIZE;
36962 +#endif
36963 +
36964 + pax_task_size -= PAGE_SIZE;
36965 +
36966 + if (len > pax_task_size)
36967 return -ENOMEM;
36968
36969 if (flags & MAP_FIXED) {
36970 @@ -140,19 +158,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
36971 return addr;
36972 }
36973
36974 +#ifdef CONFIG_PAX_RANDMMAP
36975 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
36976 +#endif
36977 +
36978 if (addr) {
36979 addr = ALIGN(addr, huge_page_size(h));
36980 vma = find_vma(mm, addr);
36981 - if (TASK_SIZE - len >= addr &&
36982 - (!vma || addr + len <= vma->vm_start))
36983 + if (pax_task_size - len >= addr && check_heap_stack_gap(vma, addr, len, offset))
36984 return addr;
36985 }
36986 if (mm->get_unmapped_area == arch_get_unmapped_area)
36987 return hugetlb_get_unmapped_area_bottomup(file, addr, len,
36988 - pgoff, flags);
36989 + pgoff, flags, offset);
36990 else
36991 return hugetlb_get_unmapped_area_topdown(file, addr, len,
36992 - pgoff, flags);
36993 + pgoff, flags, offset);
36994 }
36995 #endif /* CONFIG_HUGETLB_PAGE */
36996
36997 diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
36998 index d28a2d7..3e6afa44 100644
36999 --- a/arch/x86/mm/init.c
37000 +++ b/arch/x86/mm/init.c
37001 @@ -4,6 +4,7 @@
37002 #include <linux/swap.h>
37003 #include <linux/memblock.h>
37004 #include <linux/bootmem.h> /* for max_low_pfn */
37005 +#include <linux/tboot.h>
37006
37007 #include <asm/cacheflush.h>
37008 #include <asm/e820.h>
37009 @@ -18,6 +19,7 @@
37010 #include <asm/dma.h> /* for MAX_DMA_PFN */
37011 #include <asm/microcode.h>
37012 #include <asm/kaslr.h>
37013 +#include <asm/bios_ebda.h>
37014
37015 /*
37016 * We need to define the tracepoints somewhere, and tlb.c
37017 @@ -633,7 +635,18 @@ void __init init_mem_mapping(void)
37018 early_ioremap_page_table_range_init();
37019 #endif
37020
37021 +#ifdef CONFIG_PAX_PER_CPU_PGD
37022 + clone_pgd_range(get_cpu_pgd(0, kernel) + KERNEL_PGD_BOUNDARY,
37023 + swapper_pg_dir + KERNEL_PGD_BOUNDARY,
37024 + KERNEL_PGD_PTRS);
37025 + clone_pgd_range(get_cpu_pgd(0, user) + KERNEL_PGD_BOUNDARY,
37026 + swapper_pg_dir + KERNEL_PGD_BOUNDARY,
37027 + KERNEL_PGD_PTRS);
37028 + load_cr3(get_cpu_pgd(0, kernel));
37029 +#else
37030 load_cr3(swapper_pg_dir);
37031 +#endif
37032 +
37033 __flush_tlb_all();
37034
37035 early_memtest(0, max_pfn_mapped << PAGE_SHIFT);
37036 @@ -649,10 +662,34 @@ void __init init_mem_mapping(void)
37037 * Access has to be given to non-kernel-ram areas as well, these contain the PCI
37038 * mmio resources as well as potential bios/acpi data regions.
37039 */
37040 +
37041 +#ifdef CONFIG_GRKERNSEC_KMEM
37042 +static unsigned int ebda_start __read_only;
37043 +static unsigned int ebda_end __read_only;
37044 +#endif
37045 +
37046 int devmem_is_allowed(unsigned long pagenr)
37047 {
37048 +#ifdef CONFIG_GRKERNSEC_KMEM
37049 + /* allow BDA */
37050 + if (!pagenr)
37051 + return 1;
37052 + /* allow EBDA */
37053 + if (pagenr >= ebda_start && pagenr < ebda_end)
37054 + return 1;
37055 + /* if tboot is in use, allow access to its hardcoded serial log range */
37056 + if (tboot_enabled() && ((0x60000 >> PAGE_SHIFT) <= pagenr) && (pagenr < (0x68000 >> PAGE_SHIFT)))
37057 + return 1;
37058 + if ((ISA_START_ADDRESS >> PAGE_SHIFT) <= pagenr && pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT))
37059 + return 1;
37060 + /* throw out everything else below 1MB */
37061 + if (pagenr <= 256)
37062 + return 0;
37063 +#else
37064 if (pagenr < 256)
37065 return 1;
37066 +#endif
37067 +
37068 if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
37069 return 0;
37070 if (!page_is_ram(pagenr))
37071 @@ -699,8 +736,33 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
37072 }
37073 }
37074
37075 +#ifdef CONFIG_GRKERNSEC_KMEM
37076 +static inline void gr_init_ebda(void)
37077 +{
37078 + unsigned int ebda_addr;
37079 + unsigned int ebda_size = 0;
37080 +
37081 + ebda_addr = get_bios_ebda();
37082 + if (ebda_addr) {
37083 + ebda_size = *(unsigned char *)phys_to_virt(ebda_addr);
37084 + ebda_size <<= 10;
37085 + }
37086 + if (ebda_addr && ebda_size) {
37087 + ebda_start = ebda_addr >> PAGE_SHIFT;
37088 + ebda_end = min((unsigned int)PAGE_ALIGN(ebda_addr + ebda_size), (unsigned int)0xa0000) >> PAGE_SHIFT;
37089 + } else {
37090 + ebda_start = 0x9f000 >> PAGE_SHIFT;
37091 + ebda_end = 0xa0000 >> PAGE_SHIFT;
37092 + }
37093 +}
37094 +#else
37095 +static inline void gr_init_ebda(void) { }
37096 +#endif
37097 +
37098 void free_initmem(void)
37099 {
37100 + gr_init_ebda();
37101 +
37102 free_init_pages("unused kernel",
37103 (unsigned long)(&__init_begin),
37104 (unsigned long)(&__init_end));
37105 diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
37106 index cf80590..90a1a8f 100644
37107 --- a/arch/x86/mm/init_32.c
37108 +++ b/arch/x86/mm/init_32.c
37109 @@ -51,6 +51,7 @@
37110 #include <asm/cacheflush.h>
37111 #include <asm/page_types.h>
37112 #include <asm/init.h>
37113 +#include <asm/desc.h>
37114
37115 #include "mm_internal.h"
37116
37117 @@ -61,33 +62,6 @@ static noinline int do_test_wp_bit(void);
37118 bool __read_mostly __vmalloc_start_set = false;
37119
37120 /*
37121 - * Creates a middle page table and puts a pointer to it in the
37122 - * given global directory entry. This only returns the gd entry
37123 - * in non-PAE compilation mode, since the middle layer is folded.
37124 - */
37125 -static pmd_t * __init one_md_table_init(pgd_t *pgd)
37126 -{
37127 - pud_t *pud;
37128 - pmd_t *pmd_table;
37129 -
37130 -#ifdef CONFIG_X86_PAE
37131 - if (!(pgd_val(*pgd) & _PAGE_PRESENT)) {
37132 - pmd_table = (pmd_t *)alloc_low_page();
37133 - paravirt_alloc_pmd(&init_mm, __pa(pmd_table) >> PAGE_SHIFT);
37134 - set_pgd(pgd, __pgd(__pa(pmd_table) | _PAGE_PRESENT));
37135 - pud = pud_offset(pgd, 0);
37136 - BUG_ON(pmd_table != pmd_offset(pud, 0));
37137 -
37138 - return pmd_table;
37139 - }
37140 -#endif
37141 - pud = pud_offset(pgd, 0);
37142 - pmd_table = pmd_offset(pud, 0);
37143 -
37144 - return pmd_table;
37145 -}
37146 -
37147 -/*
37148 * Create a page table and place a pointer to it in a middle page
37149 * directory entry:
37150 */
37151 @@ -97,13 +71,28 @@ static pte_t * __init one_page_table_init(pmd_t *pmd)
37152 pte_t *page_table = (pte_t *)alloc_low_page();
37153
37154 paravirt_alloc_pte(&init_mm, __pa(page_table) >> PAGE_SHIFT);
37155 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
37156 + set_pmd(pmd, __pmd(__pa(page_table) | _KERNPG_TABLE));
37157 +#else
37158 set_pmd(pmd, __pmd(__pa(page_table) | _PAGE_TABLE));
37159 +#endif
37160 BUG_ON(page_table != pte_offset_kernel(pmd, 0));
37161 }
37162
37163 return pte_offset_kernel(pmd, 0);
37164 }
37165
37166 +static pmd_t * __init one_md_table_init(pgd_t *pgd)
37167 +{
37168 + pud_t *pud;
37169 + pmd_t *pmd_table;
37170 +
37171 + pud = pud_offset(pgd, 0);
37172 + pmd_table = pmd_offset(pud, 0);
37173 +
37174 + return pmd_table;
37175 +}
37176 +
37177 pmd_t * __init populate_extra_pmd(unsigned long vaddr)
37178 {
37179 int pgd_idx = pgd_index(vaddr);
37180 @@ -208,6 +197,7 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base)
37181 int pgd_idx, pmd_idx;
37182 unsigned long vaddr;
37183 pgd_t *pgd;
37184 + pud_t *pud;
37185 pmd_t *pmd;
37186 pte_t *pte = NULL;
37187 unsigned long count = page_table_range_init_count(start, end);
37188 @@ -222,8 +212,13 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base)
37189 pgd = pgd_base + pgd_idx;
37190
37191 for ( ; (pgd_idx < PTRS_PER_PGD) && (vaddr != end); pgd++, pgd_idx++) {
37192 - pmd = one_md_table_init(pgd);
37193 - pmd = pmd + pmd_index(vaddr);
37194 + pud = pud_offset(pgd, vaddr);
37195 + pmd = pmd_offset(pud, vaddr);
37196 +
37197 +#ifdef CONFIG_X86_PAE
37198 + paravirt_alloc_pmd(&init_mm, __pa(pmd) >> PAGE_SHIFT);
37199 +#endif
37200 +
37201 for (; (pmd_idx < PTRS_PER_PMD) && (vaddr != end);
37202 pmd++, pmd_idx++) {
37203 pte = page_table_kmap_check(one_page_table_init(pmd),
37204 @@ -235,11 +230,20 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base)
37205 }
37206 }
37207
37208 -static inline int is_kernel_text(unsigned long addr)
37209 +static inline int is_kernel_text(unsigned long start, unsigned long end)
37210 {
37211 - if (addr >= (unsigned long)_text && addr <= (unsigned long)__init_end)
37212 - return 1;
37213 - return 0;
37214 + if ((start >= ktla_ktva((unsigned long)_etext) ||
37215 + end <= ktla_ktva((unsigned long)_stext)) &&
37216 + (start >= ktla_ktva((unsigned long)_einittext) ||
37217 + end <= ktla_ktva((unsigned long)_sinittext)) &&
37218 +
37219 +#ifdef CONFIG_ACPI_SLEEP
37220 + (start >= (unsigned long)__va(acpi_wakeup_address) + 0x4000 || end <= (unsigned long)__va(acpi_wakeup_address)) &&
37221 +#endif
37222 +
37223 + (start > (unsigned long)__va(0xfffff) || end <= (unsigned long)__va(0xc0000)))
37224 + return 0;
37225 + return 1;
37226 }
37227
37228 /*
37229 @@ -256,9 +260,10 @@ kernel_physical_mapping_init(unsigned long start,
37230 unsigned long last_map_addr = end;
37231 unsigned long start_pfn, end_pfn;
37232 pgd_t *pgd_base = swapper_pg_dir;
37233 - int pgd_idx, pmd_idx, pte_ofs;
37234 + unsigned int pgd_idx, pmd_idx, pte_ofs;
37235 unsigned long pfn;
37236 pgd_t *pgd;
37237 + pud_t *pud;
37238 pmd_t *pmd;
37239 pte_t *pte;
37240 unsigned pages_2m, pages_4k;
37241 @@ -291,8 +296,13 @@ repeat:
37242 pfn = start_pfn;
37243 pgd_idx = pgd_index((pfn<<PAGE_SHIFT) + PAGE_OFFSET);
37244 pgd = pgd_base + pgd_idx;
37245 - for (; pgd_idx < PTRS_PER_PGD; pgd++, pgd_idx++) {
37246 - pmd = one_md_table_init(pgd);
37247 + for (; pgd_idx < PTRS_PER_PGD && pfn < max_low_pfn; pgd++, pgd_idx++) {
37248 + pud = pud_offset(pgd, 0);
37249 + pmd = pmd_offset(pud, 0);
37250 +
37251 +#ifdef CONFIG_X86_PAE
37252 + paravirt_alloc_pmd(&init_mm, __pa(pmd) >> PAGE_SHIFT);
37253 +#endif
37254
37255 if (pfn >= end_pfn)
37256 continue;
37257 @@ -304,14 +314,13 @@ repeat:
37258 #endif
37259 for (; pmd_idx < PTRS_PER_PMD && pfn < end_pfn;
37260 pmd++, pmd_idx++) {
37261 - unsigned int addr = pfn * PAGE_SIZE + PAGE_OFFSET;
37262 + unsigned long address = pfn * PAGE_SIZE + PAGE_OFFSET;
37263
37264 /*
37265 * Map with big pages if possible, otherwise
37266 * create normal page tables:
37267 */
37268 if (use_pse) {
37269 - unsigned int addr2;
37270 pgprot_t prot = PAGE_KERNEL_LARGE;
37271 /*
37272 * first pass will use the same initial
37273 @@ -322,11 +331,7 @@ repeat:
37274 _PAGE_PSE);
37275
37276 pfn &= PMD_MASK >> PAGE_SHIFT;
37277 - addr2 = (pfn + PTRS_PER_PTE-1) * PAGE_SIZE +
37278 - PAGE_OFFSET + PAGE_SIZE-1;
37279 -
37280 - if (is_kernel_text(addr) ||
37281 - is_kernel_text(addr2))
37282 + if (is_kernel_text(address, address + PMD_SIZE))
37283 prot = PAGE_KERNEL_LARGE_EXEC;
37284
37285 pages_2m++;
37286 @@ -343,7 +348,7 @@ repeat:
37287 pte_ofs = pte_index((pfn<<PAGE_SHIFT) + PAGE_OFFSET);
37288 pte += pte_ofs;
37289 for (; pte_ofs < PTRS_PER_PTE && pfn < end_pfn;
37290 - pte++, pfn++, pte_ofs++, addr += PAGE_SIZE) {
37291 + pte++, pfn++, pte_ofs++, address += PAGE_SIZE) {
37292 pgprot_t prot = PAGE_KERNEL;
37293 /*
37294 * first pass will use the same initial
37295 @@ -351,7 +356,7 @@ repeat:
37296 */
37297 pgprot_t init_prot = __pgprot(PTE_IDENT_ATTR);
37298
37299 - if (is_kernel_text(addr))
37300 + if (is_kernel_text(address, address + PAGE_SIZE))
37301 prot = PAGE_KERNEL_EXEC;
37302
37303 pages_4k++;
37304 @@ -471,7 +476,7 @@ void __init native_pagetable_init(void)
37305
37306 pud = pud_offset(pgd, va);
37307 pmd = pmd_offset(pud, va);
37308 - if (!pmd_present(*pmd))
37309 + if (!pmd_present(*pmd)) // PAX TODO || pmd_large(*pmd))
37310 break;
37311
37312 /* should not be large page here */
37313 @@ -529,12 +534,10 @@ void __init early_ioremap_page_table_range_init(void)
37314
37315 static void __init pagetable_init(void)
37316 {
37317 - pgd_t *pgd_base = swapper_pg_dir;
37318 -
37319 - permanent_kmaps_init(pgd_base);
37320 + permanent_kmaps_init(swapper_pg_dir);
37321 }
37322
37323 -pteval_t __supported_pte_mask __read_mostly = ~(_PAGE_NX | _PAGE_GLOBAL);
37324 +pteval_t __supported_pte_mask __read_only = ~(_PAGE_NX | _PAGE_GLOBAL);
37325 EXPORT_SYMBOL_GPL(__supported_pte_mask);
37326
37327 /* user-defined highmem size */
37328 @@ -784,10 +787,10 @@ void __init mem_init(void)
37329 ((unsigned long)&__init_end -
37330 (unsigned long)&__init_begin) >> 10,
37331
37332 - (unsigned long)&_etext, (unsigned long)&_edata,
37333 - ((unsigned long)&_edata - (unsigned long)&_etext) >> 10,
37334 + (unsigned long)&_sdata, (unsigned long)&_edata,
37335 + ((unsigned long)&_edata - (unsigned long)&_sdata) >> 10,
37336
37337 - (unsigned long)&_text, (unsigned long)&_etext,
37338 + ktla_ktva((unsigned long)&_text), ktla_ktva((unsigned long)&_etext),
37339 ((unsigned long)&_etext - (unsigned long)&_text) >> 10);
37340
37341 /*
37342 @@ -867,7 +870,7 @@ static noinline int do_test_wp_bit(void)
37343 const int rodata_test_data = 0xC3;
37344 EXPORT_SYMBOL_GPL(rodata_test_data);
37345
37346 -int kernel_set_to_readonly __read_mostly;
37347 +int kernel_set_to_readonly __read_only;
37348
37349 void set_kernel_text_rw(void)
37350 {
37351 @@ -877,6 +880,7 @@ void set_kernel_text_rw(void)
37352 if (!kernel_set_to_readonly)
37353 return;
37354
37355 + start = ktla_ktva(start);
37356 pr_debug("Set kernel text: %lx - %lx for read write\n",
37357 start, start+size);
37358
37359 @@ -891,6 +895,7 @@ void set_kernel_text_ro(void)
37360 if (!kernel_set_to_readonly)
37361 return;
37362
37363 + start = ktla_ktva(start);
37364 pr_debug("Set kernel text: %lx - %lx for read only\n",
37365 start, start+size);
37366
37367 @@ -903,7 +908,7 @@ static void mark_nxdata_nx(void)
37368 * When this called, init has already been executed and released,
37369 * so everything past _etext should be NX.
37370 */
37371 - unsigned long start = PFN_ALIGN(_etext);
37372 + unsigned long start = ktla_ktva(PFN_ALIGN(_etext));
37373 /*
37374 * This comes from is_kernel_text upper limit. Also HPAGE where used:
37375 */
37376 @@ -919,26 +924,52 @@ void mark_rodata_ro(void)
37377 unsigned long start = PFN_ALIGN(_text);
37378 unsigned long size = PFN_ALIGN(_etext) - start;
37379
37380 - set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT);
37381 - printk(KERN_INFO "Write protecting the kernel text: %luk\n",
37382 - size >> 10);
37383 +#ifdef CONFIG_PAX_KERNEXEC
37384 + /* PaX: limit KERNEL_CS to actual size */
37385 + unsigned long limit;
37386 + struct desc_struct d;
37387 + int cpu;
37388
37389 + limit = get_kernel_rpl() ? ktva_ktla(0xffffffff) : (unsigned long)&_etext;
37390 + limit = (limit - 1UL) >> PAGE_SHIFT;
37391 +
37392 + memset(__LOAD_PHYSICAL_ADDR + PAGE_OFFSET, POISON_FREE_INITMEM, PAGE_SIZE);
37393 + for (cpu = 0; cpu < nr_cpu_ids; cpu++) {
37394 + pack_descriptor(&d, get_desc_base(&get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_CS]), limit, 0x9B, 0xC);
37395 + write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEL_CS, &d, DESCTYPE_S);
37396 + write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEXEC_KERNEL_CS, &d, DESCTYPE_S);
37397 + }
37398 +
37399 +#ifdef CONFIG_MODULES
37400 + set_memory_4k((unsigned long)MODULES_EXEC_VADDR, (MODULES_EXEC_END - MODULES_EXEC_VADDR) >> PAGE_SHIFT);
37401 +#endif
37402 +#endif
37403 +
37404 + start = ktla_ktva(start);
37405 +#ifdef CONFIG_PAX_KERNEXEC
37406 + /* PaX: make KERNEL_CS read-only */
37407 + if (!get_kernel_rpl()) {
37408 +#endif
37409 kernel_set_to_readonly = 1;
37410
37411 + set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT);
37412 + printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10);
37413 +
37414 #ifdef CONFIG_CPA_DEBUG
37415 - printk(KERN_INFO "Testing CPA: Reverting %lx-%lx\n",
37416 - start, start+size);
37417 + printk(KERN_INFO "Testing CPA: Reverting %lx-%lx\n", start, start+size);
37418 set_pages_rw(virt_to_page(start), size>>PAGE_SHIFT);
37419
37420 printk(KERN_INFO "Testing CPA: write protecting again\n");
37421 set_pages_ro(virt_to_page(start), size>>PAGE_SHIFT);
37422 #endif
37423 +#ifdef CONFIG_PAX_KERNEXEC
37424 + }
37425 +#endif
37426
37427 start += size;
37428 - size = (unsigned long)__end_rodata - start;
37429 + size = PFN_ALIGN(_sdata) - start;
37430 set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT);
37431 - printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n",
37432 - size >> 10);
37433 + printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n", size >> 10);
37434 rodata_test();
37435
37436 #ifdef CONFIG_CPA_DEBUG
37437 diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
37438 index 14b9dd7..774d517 100644
37439 --- a/arch/x86/mm/init_64.c
37440 +++ b/arch/x86/mm/init_64.c
37441 @@ -65,7 +65,7 @@
37442 * around without checking the pgd every time.
37443 */
37444
37445 -pteval_t __supported_pte_mask __read_mostly = ~0;
37446 +pteval_t __supported_pte_mask __read_only = ~_PAGE_NX;
37447 EXPORT_SYMBOL_GPL(__supported_pte_mask);
37448
37449 int force_personality32;
37450 @@ -98,7 +98,12 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
37451
37452 for (address = start; address <= end; address += PGDIR_SIZE) {
37453 const pgd_t *pgd_ref = pgd_offset_k(address);
37454 +
37455 +#ifdef CONFIG_PAX_PER_CPU_PGD
37456 + unsigned long cpu;
37457 +#else
37458 struct page *page;
37459 +#endif
37460
37461 /*
37462 * When it is called after memory hot remove, pgd_none()
37463 @@ -109,6 +114,25 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
37464 continue;
37465
37466 spin_lock(&pgd_lock);
37467 +
37468 +#ifdef CONFIG_PAX_PER_CPU_PGD
37469 + for (cpu = 0; cpu < nr_cpu_ids; ++cpu) {
37470 + pgd_t *pgd = pgd_offset_cpu(cpu, user, address);
37471 +
37472 + if (!pgd_none(*pgd_ref) && !pgd_none(*pgd))
37473 + BUG_ON(pgd_page_vaddr(*pgd)
37474 + != pgd_page_vaddr(*pgd_ref));
37475 +
37476 + if (removed) {
37477 + if (pgd_none(*pgd_ref) && !pgd_none(*pgd))
37478 + pgd_clear(pgd);
37479 + } else {
37480 + if (pgd_none(*pgd))
37481 + set_pgd(pgd, *pgd_ref);
37482 + }
37483 +
37484 + pgd = pgd_offset_cpu(cpu, kernel, address);
37485 +#else
37486 list_for_each_entry(page, &pgd_list, lru) {
37487 pgd_t *pgd;
37488 spinlock_t *pgt_lock;
37489 @@ -117,6 +141,7 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
37490 /* the pgt_lock only for Xen */
37491 pgt_lock = &pgd_page_get_mm(page)->page_table_lock;
37492 spin_lock(pgt_lock);
37493 +#endif
37494
37495 if (!pgd_none(*pgd_ref) && !pgd_none(*pgd))
37496 BUG_ON(pgd_page_vaddr(*pgd)
37497 @@ -130,7 +155,10 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
37498 set_pgd(pgd, *pgd_ref);
37499 }
37500
37501 +#ifndef CONFIG_PAX_PER_CPU_PGD
37502 spin_unlock(pgt_lock);
37503 +#endif
37504 +
37505 }
37506 spin_unlock(&pgd_lock);
37507 }
37508 @@ -163,7 +191,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr)
37509 {
37510 if (pgd_none(*pgd)) {
37511 pud_t *pud = (pud_t *)spp_getpage();
37512 - pgd_populate(&init_mm, pgd, pud);
37513 + pgd_populate_kernel(&init_mm, pgd, pud);
37514 if (pud != pud_offset(pgd, 0))
37515 printk(KERN_ERR "PAGETABLE BUG #00! %p <-> %p\n",
37516 pud, pud_offset(pgd, 0));
37517 @@ -175,7 +203,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr)
37518 {
37519 if (pud_none(*pud)) {
37520 pmd_t *pmd = (pmd_t *) spp_getpage();
37521 - pud_populate(&init_mm, pud, pmd);
37522 + pud_populate_kernel(&init_mm, pud, pmd);
37523 if (pmd != pmd_offset(pud, 0))
37524 printk(KERN_ERR "PAGETABLE BUG #01! %p <-> %p\n",
37525 pmd, pmd_offset(pud, 0));
37526 @@ -204,7 +232,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte)
37527 pmd = fill_pmd(pud, vaddr);
37528 pte = fill_pte(pmd, vaddr);
37529
37530 + pax_open_kernel();
37531 set_pte(pte, new_pte);
37532 + pax_close_kernel();
37533
37534 /*
37535 * It's enough to flush this one mapping.
37536 @@ -266,14 +296,12 @@ static void __init __init_extra_mapping(unsigned long phys, unsigned long size,
37537 pgd = pgd_offset_k((unsigned long)__va(phys));
37538 if (pgd_none(*pgd)) {
37539 pud = (pud_t *) spp_getpage();
37540 - set_pgd(pgd, __pgd(__pa(pud) | _KERNPG_TABLE |
37541 - _PAGE_USER));
37542 + set_pgd(pgd, __pgd(__pa(pud) | _PAGE_TABLE));
37543 }
37544 pud = pud_offset(pgd, (unsigned long)__va(phys));
37545 if (pud_none(*pud)) {
37546 pmd = (pmd_t *) spp_getpage();
37547 - set_pud(pud, __pud(__pa(pmd) | _KERNPG_TABLE |
37548 - _PAGE_USER));
37549 + set_pud(pud, __pud(__pa(pmd) | _PAGE_TABLE));
37550 }
37551 pmd = pmd_offset(pud, phys);
37552 BUG_ON(!pmd_none(*pmd));
37553 @@ -543,7 +571,7 @@ phys_pud_init(pud_t *pud_page, unsigned long paddr, unsigned long paddr_end,
37554 page_size_mask, prot);
37555
37556 spin_lock(&init_mm.page_table_lock);
37557 - pud_populate(&init_mm, pud, pmd);
37558 + pud_populate_kernel(&init_mm, pud, pmd);
37559 spin_unlock(&init_mm.page_table_lock);
37560 }
37561 __flush_tlb_all();
37562 @@ -590,7 +618,7 @@ kernel_physical_mapping_init(unsigned long paddr_start,
37563 page_size_mask);
37564
37565 spin_lock(&init_mm.page_table_lock);
37566 - pgd_populate(&init_mm, pgd, pud);
37567 + pgd_populate_kernel(&init_mm, pgd, pud);
37568 spin_unlock(&init_mm.page_table_lock);
37569 pgd_changed = true;
37570 }
37571 @@ -1013,7 +1041,7 @@ void __init mem_init(void)
37572 const int rodata_test_data = 0xC3;
37573 EXPORT_SYMBOL_GPL(rodata_test_data);
37574
37575 -int kernel_set_to_readonly;
37576 +int kernel_set_to_readonly __read_only;
37577
37578 void set_kernel_text_rw(void)
37579 {
37580 @@ -1042,8 +1070,7 @@ void set_kernel_text_ro(void)
37581 if (!kernel_set_to_readonly)
37582 return;
37583
37584 - pr_debug("Set kernel text: %lx - %lx for read only\n",
37585 - start, end);
37586 + pr_debug("Set kernel text: %lx - %lx for read only\n", start, end);
37587
37588 /*
37589 * Set the kernel identity mapping for text RO.
37590 @@ -1054,18 +1081,23 @@ void set_kernel_text_ro(void)
37591 void mark_rodata_ro(void)
37592 {
37593 unsigned long start = PFN_ALIGN(_text);
37594 +#ifdef CONFIG_PAX_KERNEXEC
37595 + unsigned long addr;
37596 + unsigned long end = PFN_ALIGN(_sdata);
37597 + unsigned long text_end = end;
37598 +#else
37599 unsigned long rodata_start = PFN_ALIGN(__start_rodata);
37600 unsigned long end = (unsigned long) &__end_rodata_hpage_align;
37601 unsigned long text_end = PFN_ALIGN(&__stop___ex_table);
37602 unsigned long rodata_end = PFN_ALIGN(&__end_rodata);
37603 +#endif
37604 unsigned long all_end;
37605
37606 - printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n",
37607 - (end - start) >> 10);
37608 - set_memory_ro(start, (end - start) >> PAGE_SHIFT);
37609 -
37610 kernel_set_to_readonly = 1;
37611
37612 + printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n", (end - start) >> 10);
37613 + set_memory_ro(start, (end - start) >> PAGE_SHIFT);
37614 +
37615 /*
37616 * The rodata/data/bss/brk section (but not the kernel text!)
37617 * should also be not-executable.
37618 @@ -1091,12 +1123,54 @@ void mark_rodata_ro(void)
37619 set_memory_ro(start, (end-start) >> PAGE_SHIFT);
37620 #endif
37621
37622 +#ifdef CONFIG_PAX_KERNEXEC
37623 + /* PaX: ensure that kernel code/rodata is read-only, the rest is non-executable */
37624 + for (addr = __START_KERNEL_map; addr < __START_KERNEL_map + KERNEL_IMAGE_SIZE; addr += PMD_SIZE) {
37625 + pgd_t *pgd;
37626 + pud_t *pud;
37627 + pmd_t *pmd;
37628 +
37629 + pgd = pgd_offset_k(addr);
37630 + pud = pud_offset(pgd, addr);
37631 + pmd = pmd_offset(pud, addr);
37632 + if (!pmd_present(*pmd))
37633 + continue;
37634 + if (addr >= (unsigned long)_text)
37635 + BUG_ON(!pmd_large(*pmd));
37636 + if ((unsigned long)_text <= addr && addr < (unsigned long)_sdata)
37637 + BUG_ON(pmd_write(*pmd));
37638 +// set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
37639 + else
37640 + BUG_ON(!(pmd_flags(*pmd) & _PAGE_NX));
37641 +// set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
37642 + }
37643 +
37644 + addr = (unsigned long)__va(__pa(__START_KERNEL_map));
37645 + end = addr + KERNEL_IMAGE_SIZE;
37646 + for (; addr < end; addr += PMD_SIZE) {
37647 + pgd_t *pgd;
37648 + pud_t *pud;
37649 + pmd_t *pmd;
37650 +
37651 + pgd = pgd_offset_k(addr);
37652 + pud = pud_offset(pgd, addr);
37653 + pmd = pmd_offset(pud, addr);
37654 + if (!pmd_present(*pmd))
37655 + continue;
37656 + if (addr >= (unsigned long)_text)
37657 + BUG_ON(!pmd_large(*pmd));
37658 + if ((unsigned long)__va(__pa(_text)) <= addr && addr < (unsigned long)__va(__pa(_sdata)))
37659 + BUG_ON(pmd_write(*pmd));
37660 +// set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
37661 + }
37662 +#else
37663 free_init_pages("unused kernel",
37664 (unsigned long) __va(__pa_symbol(text_end)),
37665 (unsigned long) __va(__pa_symbol(rodata_start)));
37666 free_init_pages("unused kernel",
37667 (unsigned long) __va(__pa_symbol(rodata_end)),
37668 (unsigned long) __va(__pa_symbol(_sdata)));
37669 +#endif
37670
37671 debug_checkwx();
37672 }
37673 diff --git a/arch/x86/mm/iomap_32.c b/arch/x86/mm/iomap_32.c
37674 index ada98b3..c812b62 100644
37675 --- a/arch/x86/mm/iomap_32.c
37676 +++ b/arch/x86/mm/iomap_32.c
37677 @@ -65,7 +65,11 @@ void *kmap_atomic_prot_pfn(unsigned long pfn, pgprot_t prot)
37678 type = kmap_atomic_idx_push();
37679 idx = type + KM_TYPE_NR * smp_processor_id();
37680 vaddr = __fix_to_virt(FIX_KMAP_BEGIN + idx);
37681 +
37682 + pax_open_kernel();
37683 set_pte(kmap_pte - idx, pfn_pte(pfn, prot));
37684 + pax_close_kernel();
37685 +
37686 arch_flush_lazy_mmu_mode();
37687
37688 return (void *)vaddr;
37689 diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
37690 index 7aaa263..e77438f 100644
37691 --- a/arch/x86/mm/ioremap.c
37692 +++ b/arch/x86/mm/ioremap.c
37693 @@ -58,8 +58,8 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages,
37694 unsigned long i;
37695
37696 for (i = 0; i < nr_pages; ++i)
37697 - if (pfn_valid(start_pfn + i) &&
37698 - !PageReserved(pfn_to_page(start_pfn + i)))
37699 + if (pfn_valid(start_pfn + i) && (start_pfn + i >= 0x100 ||
37700 + !PageReserved(pfn_to_page(start_pfn + i))))
37701 return 1;
37702
37703 return 0;
37704 @@ -80,7 +80,7 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages,
37705 * caller shouldn't need to know that small detail.
37706 */
37707 static void __iomem *__ioremap_caller(resource_size_t phys_addr,
37708 - unsigned long size, enum page_cache_mode pcm, void *caller)
37709 + resource_size_t size, enum page_cache_mode pcm, void *caller)
37710 {
37711 unsigned long offset, vaddr;
37712 resource_size_t pfn, last_pfn, last_addr;
37713 @@ -331,7 +331,7 @@ EXPORT_SYMBOL(ioremap_prot);
37714 *
37715 * Caller must ensure there is only one unmapping for the same pointer.
37716 */
37717 -void iounmap(volatile void __iomem *addr)
37718 +void iounmap(const volatile void __iomem *addr)
37719 {
37720 struct vm_struct *p, *o;
37721
37722 @@ -394,31 +394,37 @@ int __init arch_ioremap_pmd_supported(void)
37723 */
37724 void *xlate_dev_mem_ptr(phys_addr_t phys)
37725 {
37726 - unsigned long start = phys & PAGE_MASK;
37727 - unsigned long offset = phys & ~PAGE_MASK;
37728 - void *vaddr;
37729 + phys_addr_t pfn = phys >> PAGE_SHIFT;
37730
37731 - /* If page is RAM, we can use __va. Otherwise ioremap and unmap. */
37732 - if (page_is_ram(start >> PAGE_SHIFT))
37733 - return __va(phys);
37734 + if (page_is_ram(pfn)) {
37735 +#ifdef CONFIG_HIGHMEM
37736 + if (pfn >= max_low_pfn)
37737 + return kmap_high(pfn_to_page(pfn));
37738 + else
37739 +#endif
37740 + return __va(phys);
37741 + }
37742
37743 - vaddr = ioremap_cache(start, PAGE_SIZE);
37744 - /* Only add the offset on success and return NULL if the ioremap() failed: */
37745 - if (vaddr)
37746 - vaddr += offset;
37747 -
37748 - return vaddr;
37749 + return (void __force *)ioremap_cache(phys, 1);
37750 }
37751
37752 void unxlate_dev_mem_ptr(phys_addr_t phys, void *addr)
37753 {
37754 - if (page_is_ram(phys >> PAGE_SHIFT))
37755 + phys_addr_t pfn = phys >> PAGE_SHIFT;
37756 +
37757 + if (page_is_ram(pfn)) {
37758 +#ifdef CONFIG_HIGHMEM
37759 + if (pfn >= max_low_pfn)
37760 + kunmap_high(pfn_to_page(pfn));
37761 +#endif
37762 return;
37763 + }
37764
37765 - iounmap((void __iomem *)((unsigned long)addr & PAGE_MASK));
37766 + iounmap((void __iomem __force *)addr);
37767 }
37768
37769 -static pte_t bm_pte[PAGE_SIZE/sizeof(pte_t)] __page_aligned_bss;
37770 +static pte_t __bm_pte[PAGE_SIZE/sizeof(pte_t)] __page_aligned_rodata;
37771 +static pte_t *bm_pte __read_only = __bm_pte;
37772
37773 static inline pmd_t * __init early_ioremap_pmd(unsigned long addr)
37774 {
37775 @@ -454,8 +460,14 @@ void __init early_ioremap_init(void)
37776 early_ioremap_setup();
37777
37778 pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN));
37779 - memset(bm_pte, 0, sizeof(bm_pte));
37780 - pmd_populate_kernel(&init_mm, pmd, bm_pte);
37781 + if (pmd_none(*pmd))
37782 +#ifdef CONFIG_COMPAT_VDSO
37783 + pmd_populate_user(&init_mm, pmd, __bm_pte);
37784 +#else
37785 + pmd_populate_kernel(&init_mm, pmd, __bm_pte);
37786 +#endif
37787 + else
37788 + bm_pte = (pte_t *)pmd_page_vaddr(*pmd);
37789
37790 /*
37791 * The boot-ioremap range spans multiple pmds, for which
37792 diff --git a/arch/x86/mm/kmemcheck/kmemcheck.c b/arch/x86/mm/kmemcheck/kmemcheck.c
37793 index 4515bae..e162764 100644
37794 --- a/arch/x86/mm/kmemcheck/kmemcheck.c
37795 +++ b/arch/x86/mm/kmemcheck/kmemcheck.c
37796 @@ -627,9 +627,9 @@ bool kmemcheck_fault(struct pt_regs *regs, unsigned long address,
37797 * memory (e.g. tracked pages)? For now, we need this to avoid
37798 * invoking kmemcheck for PnP BIOS calls.
37799 */
37800 - if (regs->flags & X86_VM_MASK)
37801 + if (v8086_mode(regs))
37802 return false;
37803 - if (regs->cs != __KERNEL_CS)
37804 + if (regs->cs != __KERNEL_CS && regs->cs != __KERNEXEC_KERNEL_CS)
37805 return false;
37806
37807 pte = kmemcheck_pte_lookup(address);
37808 diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
37809 index d2dc043..41dfc2b 100644
37810 --- a/arch/x86/mm/mmap.c
37811 +++ b/arch/x86/mm/mmap.c
37812 @@ -52,7 +52,7 @@ static unsigned long stack_maxrandom_size(void)
37813 * Leave an at least ~128 MB hole with possible stack randomization.
37814 */
37815 #define MIN_GAP (128*1024*1024UL + stack_maxrandom_size())
37816 -#define MAX_GAP (TASK_SIZE/6*5)
37817 +#define MAX_GAP (pax_task_size/6*5)
37818
37819 static int mmap_is_legacy(void)
37820 {
37821 @@ -81,16 +81,31 @@ unsigned long arch_mmap_rnd(void)
37822 return rnd << PAGE_SHIFT;
37823 }
37824
37825 -static unsigned long mmap_base(unsigned long rnd)
37826 +static unsigned long mmap_base(struct mm_struct *mm, unsigned long rnd)
37827 {
37828 unsigned long gap = rlimit(RLIMIT_STACK);
37829 + unsigned long pax_task_size = TASK_SIZE;
37830 +
37831 +#ifdef CONFIG_PAX_SEGMEXEC
37832 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
37833 + pax_task_size = SEGMEXEC_TASK_SIZE;
37834 +#endif
37835
37836 if (gap < MIN_GAP)
37837 gap = MIN_GAP;
37838 else if (gap > MAX_GAP)
37839 gap = MAX_GAP;
37840
37841 - return PAGE_ALIGN(TASK_SIZE - gap - rnd);
37842 + return PAGE_ALIGN(pax_task_size - gap - rnd);
37843 +}
37844 +
37845 +static unsigned long mmap_legacy_base(struct mm_struct *mm, unsigned long rnd)
37846 +{
37847 +#ifdef CONFIG_PAX_SEGMEXEC
37848 + if (mmap_is_ia32() && (mm->pax_flags & MF_PAX_SEGMEXEC))
37849 + return SEGMEXEC_TASK_UNMAPPED_BASE + rnd;
37850 +#endif
37851 + return TASK_UNMAPPED_BASE + rnd;
37852 }
37853
37854 /*
37855 @@ -101,18 +116,29 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
37856 {
37857 unsigned long random_factor = 0UL;
37858
37859 +#ifdef CONFIG_PAX_RANDMMAP
37860 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
37861 +#endif
37862 if (current->flags & PF_RANDOMIZE)
37863 random_factor = arch_mmap_rnd();
37864
37865 - mm->mmap_legacy_base = TASK_UNMAPPED_BASE + random_factor;
37866 + mm->mmap_legacy_base = mmap_legacy_base(mm, random_factor);
37867
37868 if (mmap_is_legacy()) {
37869 mm->mmap_base = mm->mmap_legacy_base;
37870 mm->get_unmapped_area = arch_get_unmapped_area;
37871 } else {
37872 - mm->mmap_base = mmap_base(random_factor);
37873 + mm->mmap_base = mmap_base(mm, random_factor);
37874 mm->get_unmapped_area = arch_get_unmapped_area_topdown;
37875 }
37876 +
37877 +#ifdef CONFIG_PAX_RANDMMAP
37878 + if (mm->pax_flags & MF_PAX_RANDMMAP) {
37879 + mm->mmap_legacy_base += mm->delta_mmap;
37880 + mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
37881 + }
37882 +#endif
37883 +
37884 }
37885
37886 const char *arch_vma_name(struct vm_area_struct *vma)
37887 diff --git a/arch/x86/mm/mmio-mod.c b/arch/x86/mm/mmio-mod.c
37888 index bef3662..c5b2523 100644
37889 --- a/arch/x86/mm/mmio-mod.c
37890 +++ b/arch/x86/mm/mmio-mod.c
37891 @@ -194,7 +194,7 @@ static void pre(struct kmmio_probe *p, struct pt_regs *regs,
37892 break;
37893 default:
37894 {
37895 - unsigned char *ip = (unsigned char *)instptr;
37896 + unsigned char *ip = (unsigned char *)ktla_ktva(instptr);
37897 my_trace->opcode = MMIO_UNKNOWN_OP;
37898 my_trace->width = 0;
37899 my_trace->value = (*ip) << 16 | *(ip + 1) << 8 |
37900 @@ -234,7 +234,7 @@ static void post(struct kmmio_probe *p, unsigned long condition,
37901 static void ioremap_trace_core(resource_size_t offset, unsigned long size,
37902 void __iomem *addr)
37903 {
37904 - static atomic_t next_id;
37905 + static atomic_unchecked_t next_id;
37906 struct remap_trace *trace = kmalloc(sizeof(*trace), GFP_KERNEL);
37907 /* These are page-unaligned. */
37908 struct mmiotrace_map map = {
37909 @@ -258,7 +258,7 @@ static void ioremap_trace_core(resource_size_t offset, unsigned long size,
37910 .private = trace
37911 },
37912 .phys = offset,
37913 - .id = atomic_inc_return(&next_id)
37914 + .id = atomic_inc_return_unchecked(&next_id)
37915 };
37916 map.map_id = trace->id;
37917
37918 @@ -290,7 +290,7 @@ void mmiotrace_ioremap(resource_size_t offset, unsigned long size,
37919 ioremap_trace_core(offset, size, addr);
37920 }
37921
37922 -static void iounmap_trace_core(volatile void __iomem *addr)
37923 +static void iounmap_trace_core(const volatile void __iomem *addr)
37924 {
37925 struct mmiotrace_map map = {
37926 .phys = 0,
37927 @@ -328,7 +328,7 @@ not_enabled:
37928 }
37929 }
37930
37931 -void mmiotrace_iounmap(volatile void __iomem *addr)
37932 +void mmiotrace_iounmap(const volatile void __iomem *addr)
37933 {
37934 might_sleep();
37935 if (is_enabled()) /* recheck and proper locking in *_core() */
37936 diff --git a/arch/x86/mm/mpx.c b/arch/x86/mm/mpx.c
37937 index 8047687..6351be43 100644
37938 --- a/arch/x86/mm/mpx.c
37939 +++ b/arch/x86/mm/mpx.c
37940 @@ -193,7 +193,7 @@ static int mpx_insn_decode(struct insn *insn,
37941 */
37942 if (!nr_copied)
37943 return -EFAULT;
37944 - insn_init(insn, buf, nr_copied, x86_64);
37945 + insn_init(insn, (void *)ktva_ktla((unsigned long)buf), nr_copied, x86_64);
37946 insn_get_length(insn);
37947 /*
37948 * copy_from_user() tries to get as many bytes as we could see in
37949 @@ -293,11 +293,11 @@ siginfo_t *mpx_generate_siginfo(struct pt_regs *regs)
37950 * We were not able to extract an address from the instruction,
37951 * probably because there was something invalid in it.
37952 */
37953 - if (info->si_addr == (void *)-1) {
37954 + if (info->si_addr == (void __user *)-1) {
37955 err = -EINVAL;
37956 goto err_out;
37957 }
37958 - trace_mpx_bounds_register_exception(info->si_addr, bndreg);
37959 + trace_mpx_bounds_register_exception((void __force_kernel *)info->si_addr, bndreg);
37960 return info;
37961 err_out:
37962 /* info might be NULL, but kfree() handles that */
37963 diff --git a/arch/x86/mm/numa.c b/arch/x86/mm/numa.c
37964 index fb68210..591f415 100644
37965 --- a/arch/x86/mm/numa.c
37966 +++ b/arch/x86/mm/numa.c
37967 @@ -528,7 +528,7 @@ static void __init numa_clear_kernel_node_hotplug(void)
37968 }
37969 }
37970
37971 -static int __init numa_register_memblks(struct numa_meminfo *mi)
37972 +static int __init __intentional_overflow(-1) numa_register_memblks(struct numa_meminfo *mi)
37973 {
37974 unsigned long uninitialized_var(pfn_align);
37975 int i, nid;
37976 diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
37977 index e3353c9..2a8fbe5 100644
37978 --- a/arch/x86/mm/pageattr.c
37979 +++ b/arch/x86/mm/pageattr.c
37980 @@ -265,7 +265,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
37981 */
37982 #ifdef CONFIG_PCI_BIOS
37983 if (pcibios_enabled && within(pfn, BIOS_BEGIN >> PAGE_SHIFT, BIOS_END >> PAGE_SHIFT))
37984 - pgprot_val(forbidden) |= _PAGE_NX;
37985 + pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask;
37986 #endif
37987
37988 /*
37989 @@ -273,14 +273,14 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
37990 * Does not cover __inittext since that is gone later on. On
37991 * 64bit we do not enforce !NX on the low mapping
37992 */
37993 - if (within(address, (unsigned long)_text, (unsigned long)_etext))
37994 - pgprot_val(forbidden) |= _PAGE_NX;
37995 + if (within(address, ktla_ktva((unsigned long)_text), ktla_ktva((unsigned long)_etext)))
37996 + pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask;
37997
37998 /*
37999 * The .rodata section needs to be read-only. Using the pfn
38000 * catches all aliases.
38001 */
38002 - if (within(pfn, __pa_symbol(__start_rodata) >> PAGE_SHIFT,
38003 + if (kernel_set_to_readonly && within(pfn, __pa_symbol(__start_rodata) >> PAGE_SHIFT,
38004 __pa_symbol(__end_rodata) >> PAGE_SHIFT))
38005 pgprot_val(forbidden) |= _PAGE_RW;
38006
38007 @@ -321,6 +321,13 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
38008 }
38009 #endif
38010
38011 +#ifdef CONFIG_PAX_KERNEXEC
38012 + if (within(pfn, __pa(ktla_ktva((unsigned long)&_text)) >> PAGE_SHIFT, __pa((unsigned long)&_sdata) >> PAGE_SHIFT)) {
38013 + pgprot_val(forbidden) |= _PAGE_RW;
38014 + pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask;
38015 + }
38016 +#endif
38017 +
38018 prot = __pgprot(pgprot_val(prot) & ~pgprot_val(forbidden));
38019
38020 return prot;
38021 @@ -457,23 +464,37 @@ EXPORT_SYMBOL_GPL(slow_virt_to_phys);
38022 static void __set_pmd_pte(pte_t *kpte, unsigned long address, pte_t pte)
38023 {
38024 /* change init_mm */
38025 + pax_open_kernel();
38026 set_pte_atomic(kpte, pte);
38027 +
38028 #ifdef CONFIG_X86_32
38029 if (!SHARED_KERNEL_PMD) {
38030 +
38031 +#ifdef CONFIG_PAX_PER_CPU_PGD
38032 + unsigned long cpu;
38033 +#else
38034 struct page *page;
38035 +#endif
38036
38037 +#ifdef CONFIG_PAX_PER_CPU_PGD
38038 + for (cpu = 0; cpu < nr_cpu_ids; ++cpu) {
38039 + pgd_t *pgd = get_cpu_pgd(cpu, kernel);
38040 +#else
38041 list_for_each_entry(page, &pgd_list, lru) {
38042 - pgd_t *pgd;
38043 + pgd_t *pgd = (pgd_t *)page_address(page);
38044 +#endif
38045 +
38046 pud_t *pud;
38047 pmd_t *pmd;
38048
38049 - pgd = (pgd_t *)page_address(page) + pgd_index(address);
38050 + pgd += pgd_index(address);
38051 pud = pud_offset(pgd, address);
38052 pmd = pmd_offset(pud, address);
38053 set_pte_atomic((pte_t *)pmd, pte);
38054 }
38055 }
38056 #endif
38057 + pax_close_kernel();
38058 }
38059
38060 static int
38061 @@ -711,6 +732,8 @@ __split_large_page(struct cpa_data *cpa, pte_t *kpte, unsigned long address,
38062 }
38063
38064 static int split_large_page(struct cpa_data *cpa, pte_t *kpte,
38065 + unsigned long address) __must_hold(&cpa_lock);
38066 +static int split_large_page(struct cpa_data *cpa, pte_t *kpte,
38067 unsigned long address)
38068 {
38069 struct page *base;
38070 @@ -1153,6 +1176,7 @@ static int __cpa_process_fault(struct cpa_data *cpa, unsigned long vaddr,
38071 }
38072 }
38073
38074 +static int __change_page_attr(struct cpa_data *cpa, int primary) __must_hold(&cpa_lock);
38075 static int __change_page_attr(struct cpa_data *cpa, int primary)
38076 {
38077 unsigned long address;
38078 @@ -1211,7 +1235,9 @@ repeat:
38079 * Do we really change anything ?
38080 */
38081 if (pte_val(old_pte) != pte_val(new_pte)) {
38082 + pax_open_kernel();
38083 set_pte_atomic(kpte, new_pte);
38084 + pax_close_kernel();
38085 cpa->flags |= CPA_FLUSHTLB;
38086 }
38087 cpa->numpages = 1;
38088 diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
38089 index 170cc4f..33d1874 100644
38090 --- a/arch/x86/mm/pat.c
38091 +++ b/arch/x86/mm/pat.c
38092 @@ -632,7 +632,7 @@ int free_memtype(u64 start, u64 end)
38093
38094 if (IS_ERR(entry)) {
38095 pr_info("x86/PAT: %s:%d freeing invalid memtype [mem %#010Lx-%#010Lx]\n",
38096 - current->comm, current->pid, start, end - 1);
38097 + current->comm, task_pid_nr(current), start, end - 1);
38098 return -EINVAL;
38099 }
38100
38101 @@ -804,7 +804,7 @@ int kernel_map_sync_memtype(u64 base, unsigned long size,
38102
38103 if (ioremap_change_attr((unsigned long)__va(base), id_sz, pcm) < 0) {
38104 pr_info("x86/PAT: %s:%d ioremap_change_attr failed %s for [mem %#010Lx-%#010Lx]\n",
38105 - current->comm, current->pid,
38106 + current->comm, task_pid_nr(current),
38107 cattr_name(pcm),
38108 base, (unsigned long long)(base + size-1));
38109 return -EINVAL;
38110 @@ -839,7 +839,7 @@ static int reserve_pfn_range(u64 paddr, unsigned long size, pgprot_t *vma_prot,
38111 pcm = lookup_memtype(paddr);
38112 if (want_pcm != pcm) {
38113 pr_warn("x86/PAT: %s:%d map pfn RAM range req %s for [mem %#010Lx-%#010Lx], got %s\n",
38114 - current->comm, current->pid,
38115 + current->comm, task_pid_nr(current),
38116 cattr_name(want_pcm),
38117 (unsigned long long)paddr,
38118 (unsigned long long)(paddr + size - 1),
38119 @@ -860,7 +860,7 @@ static int reserve_pfn_range(u64 paddr, unsigned long size, pgprot_t *vma_prot,
38120 !is_new_memtype_allowed(paddr, size, want_pcm, pcm)) {
38121 free_memtype(paddr, paddr + size);
38122 pr_err("x86/PAT: %s:%d map pfn expected mapping type %s for [mem %#010Lx-%#010Lx], got %s\n",
38123 - current->comm, current->pid,
38124 + current->comm, task_pid_nr(current),
38125 cattr_name(want_pcm),
38126 (unsigned long long)paddr,
38127 (unsigned long long)(paddr + size - 1),
38128 diff --git a/arch/x86/mm/pat_rbtree.c b/arch/x86/mm/pat_rbtree.c
38129 index de391b7..532da7a 100644
38130 --- a/arch/x86/mm/pat_rbtree.c
38131 +++ b/arch/x86/mm/pat_rbtree.c
38132 @@ -170,7 +170,7 @@ success:
38133
38134 failure:
38135 pr_info("x86/PAT: %s:%d conflicting memory types %Lx-%Lx %s<->%s\n",
38136 - current->comm, current->pid, start, end,
38137 + current->comm, task_pid_nr(current), start, end,
38138 cattr_name(found_type), cattr_name(match->type));
38139 return -EBUSY;
38140 }
38141 diff --git a/arch/x86/mm/pf_in.c b/arch/x86/mm/pf_in.c
38142 index a235869..3aa7bdd 100644
38143 --- a/arch/x86/mm/pf_in.c
38144 +++ b/arch/x86/mm/pf_in.c
38145 @@ -147,7 +147,7 @@ enum reason_type get_ins_type(unsigned long ins_addr)
38146 int i;
38147 enum reason_type rv = OTHERS;
38148
38149 - p = (unsigned char *)ins_addr;
38150 + p = (unsigned char *)ktla_ktva(ins_addr);
38151 p += skip_prefix(p, &prf);
38152 p += get_opcode(p, &opcode);
38153
38154 @@ -167,7 +167,7 @@ static unsigned int get_ins_reg_width(unsigned long ins_addr)
38155 struct prefix_bits prf;
38156 int i;
38157
38158 - p = (unsigned char *)ins_addr;
38159 + p = (unsigned char *)ktla_ktva(ins_addr);
38160 p += skip_prefix(p, &prf);
38161 p += get_opcode(p, &opcode);
38162
38163 @@ -190,7 +190,7 @@ unsigned int get_ins_mem_width(unsigned long ins_addr)
38164 struct prefix_bits prf;
38165 int i;
38166
38167 - p = (unsigned char *)ins_addr;
38168 + p = (unsigned char *)ktla_ktva(ins_addr);
38169 p += skip_prefix(p, &prf);
38170 p += get_opcode(p, &opcode);
38171
38172 @@ -414,7 +414,7 @@ unsigned long get_ins_reg_val(unsigned long ins_addr, struct pt_regs *regs)
38173 struct prefix_bits prf;
38174 int i;
38175
38176 - p = (unsigned char *)ins_addr;
38177 + p = (unsigned char *)ktla_ktva(ins_addr);
38178 p += skip_prefix(p, &prf);
38179 p += get_opcode(p, &opcode);
38180 for (i = 0; i < ARRAY_SIZE(reg_rop); i++)
38181 @@ -469,7 +469,7 @@ unsigned long get_ins_imm_val(unsigned long ins_addr)
38182 struct prefix_bits prf;
38183 int i;
38184
38185 - p = (unsigned char *)ins_addr;
38186 + p = (unsigned char *)ktla_ktva(ins_addr);
38187 p += skip_prefix(p, &prf);
38188 p += get_opcode(p, &opcode);
38189 for (i = 0; i < ARRAY_SIZE(imm_wop); i++)
38190 diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c
38191 index 3feec5a..0f77f72 100644
38192 --- a/arch/x86/mm/pgtable.c
38193 +++ b/arch/x86/mm/pgtable.c
38194 @@ -98,10 +98,75 @@ static inline void pgd_list_del(pgd_t *pgd)
38195 list_del(&page->lru);
38196 }
38197
38198 -#define UNSHARED_PTRS_PER_PGD \
38199 - (SHARED_KERNEL_PMD ? KERNEL_PGD_BOUNDARY : PTRS_PER_PGD)
38200 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
38201 +pgdval_t clone_pgd_mask __read_only = ~_PAGE_PRESENT;
38202
38203 +void __shadow_user_pgds(pgd_t *dst, const pgd_t *src)
38204 +{
38205 + unsigned int count = USER_PGD_PTRS;
38206
38207 + if (!pax_user_shadow_base)
38208 + return;
38209 +
38210 + while (count--)
38211 + *dst++ = __pgd((pgd_val(*src++) | (_PAGE_NX & __supported_pte_mask)) & ~_PAGE_USER);
38212 +}
38213 +#endif
38214 +
38215 +#ifdef CONFIG_PAX_PER_CPU_PGD
38216 +void __clone_user_pgds(pgd_t *dst, const pgd_t *src)
38217 +{
38218 + unsigned int count = USER_PGD_PTRS;
38219 +
38220 + while (count--) {
38221 + pgd_t pgd;
38222 +
38223 +#ifdef CONFIG_X86_64
38224 + pgd = __pgd(pgd_val(*src++) | _PAGE_USER);
38225 +#else
38226 + pgd = *src++;
38227 +#endif
38228 +
38229 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
38230 + pgd = __pgd(pgd_val(pgd) & clone_pgd_mask);
38231 +#endif
38232 +
38233 + *dst++ = pgd;
38234 + }
38235 +
38236 +}
38237 +#endif
38238 +
38239 +#ifdef CONFIG_X86_64
38240 +#define pxd_t pud_t
38241 +#define pyd_t pgd_t
38242 +#define paravirt_release_pxd(pfn) paravirt_release_pud(pfn)
38243 +#define pgtable_pxd_page_ctor(page) true
38244 +#define pgtable_pxd_page_dtor(page) do {} while (0)
38245 +#define pxd_free(mm, pud) pud_free((mm), (pud))
38246 +#define pyd_populate(mm, pgd, pud) pgd_populate((mm), (pgd), (pud))
38247 +#define pyd_offset(mm, address) pgd_offset((mm), (address))
38248 +#define PYD_SIZE PGDIR_SIZE
38249 +#define mm_inc_nr_pxds(mm) do {} while (0)
38250 +#define mm_dec_nr_pxds(mm) do {} while (0)
38251 +#else
38252 +#define pxd_t pmd_t
38253 +#define pyd_t pud_t
38254 +#define paravirt_release_pxd(pfn) paravirt_release_pmd(pfn)
38255 +#define pgtable_pxd_page_ctor(page) pgtable_pmd_page_ctor(page)
38256 +#define pgtable_pxd_page_dtor(page) pgtable_pmd_page_dtor(page)
38257 +#define pxd_free(mm, pud) pmd_free((mm), (pud))
38258 +#define pyd_populate(mm, pgd, pud) pud_populate((mm), (pgd), (pud))
38259 +#define pyd_offset(mm, address) pud_offset((mm), (address))
38260 +#define PYD_SIZE PUD_SIZE
38261 +#define mm_inc_nr_pxds(mm) mm_inc_nr_pmds(mm)
38262 +#define mm_dec_nr_pxds(mm) mm_dec_nr_pmds(mm)
38263 +#endif
38264 +
38265 +#ifdef CONFIG_PAX_PER_CPU_PGD
38266 +static inline void pgd_ctor(struct mm_struct *mm, pgd_t *pgd) {}
38267 +static inline void pgd_dtor(pgd_t *pgd) {}
38268 +#else
38269 static void pgd_set_mm(pgd_t *pgd, struct mm_struct *mm)
38270 {
38271 BUILD_BUG_ON(sizeof(virt_to_page(pgd)->index) < sizeof(mm));
38272 @@ -142,6 +207,7 @@ static void pgd_dtor(pgd_t *pgd)
38273 pgd_list_del(pgd);
38274 spin_unlock(&pgd_lock);
38275 }
38276 +#endif
38277
38278 /*
38279 * List of all pgd's needed for non-PAE so it can invalidate entries
38280 @@ -154,7 +220,7 @@ static void pgd_dtor(pgd_t *pgd)
38281 * -- nyc
38282 */
38283
38284 -#ifdef CONFIG_X86_PAE
38285 +#if defined(CONFIG_X86_32) && defined(CONFIG_X86_PAE)
38286 /*
38287 * In PAE mode, we need to do a cr3 reload (=tlb flush) when
38288 * updating the top-level pagetable entries to guarantee the
38289 @@ -166,7 +232,7 @@ static void pgd_dtor(pgd_t *pgd)
38290 * not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate
38291 * and initialize the kernel pmds here.
38292 */
38293 -#define PREALLOCATED_PMDS UNSHARED_PTRS_PER_PGD
38294 +#define PREALLOCATED_PXDS (SHARED_KERNEL_PMD ? KERNEL_PGD_BOUNDARY : PTRS_PER_PGD)
38295
38296 void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd)
38297 {
38298 @@ -184,26 +250,28 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd)
38299 */
38300 flush_tlb_mm(mm);
38301 }
38302 +#elif defined(CONFIG_X86_64) && defined(CONFIG_PAX_PER_CPU_PGD)
38303 +#define PREALLOCATED_PXDS USER_PGD_PTRS
38304 #else /* !CONFIG_X86_PAE */
38305
38306 /* No need to prepopulate any pagetable entries in non-PAE modes. */
38307 -#define PREALLOCATED_PMDS 0
38308 +#define PREALLOCATED_PXDS 0
38309
38310 #endif /* CONFIG_X86_PAE */
38311
38312 -static void free_pmds(struct mm_struct *mm, pmd_t *pmds[])
38313 +static void free_pxds(struct mm_struct *mm, pxd_t *pxds[])
38314 {
38315 int i;
38316
38317 - for(i = 0; i < PREALLOCATED_PMDS; i++)
38318 - if (pmds[i]) {
38319 - pgtable_pmd_page_dtor(virt_to_page(pmds[i]));
38320 - free_page((unsigned long)pmds[i]);
38321 - mm_dec_nr_pmds(mm);
38322 + for(i = 0; i < PREALLOCATED_PXDS; i++)
38323 + if (pxds[i]) {
38324 + pgtable_pxd_page_dtor(virt_to_page(pxds[i]));
38325 + free_page((unsigned long)pxds[i]);
38326 + mm_dec_nr_pxds(mm);
38327 }
38328 }
38329
38330 -static int preallocate_pmds(struct mm_struct *mm, pmd_t *pmds[])
38331 +static int preallocate_pxds(struct mm_struct *mm, pxd_t *pxds[])
38332 {
38333 int i;
38334 bool failed = false;
38335 @@ -212,22 +280,22 @@ static int preallocate_pmds(struct mm_struct *mm, pmd_t *pmds[])
38336 if (mm == &init_mm)
38337 gfp &= ~__GFP_ACCOUNT;
38338
38339 - for(i = 0; i < PREALLOCATED_PMDS; i++) {
38340 - pmd_t *pmd = (pmd_t *)__get_free_page(gfp);
38341 - if (!pmd)
38342 + for(i = 0; i < PREALLOCATED_PXDS; i++) {
38343 + pxd_t *pxd = (pxd_t *)__get_free_page(gfp);
38344 + if (!pxd)
38345 failed = true;
38346 - if (pmd && !pgtable_pmd_page_ctor(virt_to_page(pmd))) {
38347 - free_page((unsigned long)pmd);
38348 - pmd = NULL;
38349 + if (pxd && !pgtable_pxd_page_ctor(virt_to_page(pxd))) {
38350 + free_page((unsigned long)pxd);
38351 + pxd = NULL;
38352 failed = true;
38353 }
38354 - if (pmd)
38355 - mm_inc_nr_pmds(mm);
38356 - pmds[i] = pmd;
38357 + if (pxd)
38358 + mm_inc_nr_pxds(mm);
38359 + pxds[i] = pxd;
38360 }
38361
38362 if (failed) {
38363 - free_pmds(mm, pmds);
38364 + free_pxds(mm, pxds);
38365 return -ENOMEM;
38366 }
38367
38368 @@ -240,43 +308,47 @@ static int preallocate_pmds(struct mm_struct *mm, pmd_t *pmds[])
38369 * preallocate which never got a corresponding vma will need to be
38370 * freed manually.
38371 */
38372 -static void pgd_mop_up_pmds(struct mm_struct *mm, pgd_t *pgdp)
38373 +static void pgd_mop_up_pxds(struct mm_struct *mm, pgd_t *pgdp)
38374 {
38375 int i;
38376
38377 - for(i = 0; i < PREALLOCATED_PMDS; i++) {
38378 + for(i = 0; i < PREALLOCATED_PXDS; i++) {
38379 pgd_t pgd = pgdp[i];
38380
38381 if (pgd_val(pgd) != 0) {
38382 - pmd_t *pmd = (pmd_t *)pgd_page_vaddr(pgd);
38383 + pxd_t *pxd = (pxd_t *)pgd_page_vaddr(pgd);
38384
38385 - pgdp[i] = native_make_pgd(0);
38386 + set_pgd(pgdp + i, native_make_pgd(0));
38387
38388 - paravirt_release_pmd(pgd_val(pgd) >> PAGE_SHIFT);
38389 - pmd_free(mm, pmd);
38390 - mm_dec_nr_pmds(mm);
38391 + paravirt_release_pxd(pgd_val(pgd) >> PAGE_SHIFT);
38392 + pxd_free(mm, pxd);
38393 + mm_dec_nr_pxds(mm);
38394 }
38395 }
38396 }
38397
38398 -static void pgd_prepopulate_pmd(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmds[])
38399 +static void pgd_prepopulate_pxd(struct mm_struct *mm, pgd_t *pgd, pxd_t *pxds[])
38400 {
38401 - pud_t *pud;
38402 + pyd_t *pyd;
38403 int i;
38404
38405 - if (PREALLOCATED_PMDS == 0) /* Work around gcc-3.4.x bug */
38406 + if (PREALLOCATED_PXDS == 0) /* Work around gcc-3.4.x bug */
38407 return;
38408
38409 - pud = pud_offset(pgd, 0);
38410 +#ifdef CONFIG_X86_64
38411 + pyd = pyd_offset(mm, 0L);
38412 +#else
38413 + pyd = pyd_offset(pgd, 0L);
38414 +#endif
38415
38416 - for (i = 0; i < PREALLOCATED_PMDS; i++, pud++) {
38417 - pmd_t *pmd = pmds[i];
38418 + for (i = 0; i < PREALLOCATED_PXDS; i++, pyd++) {
38419 + pxd_t *pxd = pxds[i];
38420
38421 if (i >= KERNEL_PGD_BOUNDARY)
38422 - memcpy(pmd, (pmd_t *)pgd_page_vaddr(swapper_pg_dir[i]),
38423 - sizeof(pmd_t) * PTRS_PER_PMD);
38424 + memcpy(pxd, (pxd_t *)pgd_page_vaddr(swapper_pg_dir[i]),
38425 + sizeof(pxd_t) * PTRS_PER_PMD);
38426
38427 - pud_populate(mm, pud, pmd);
38428 + pyd_populate(mm, pyd, pxd);
38429 }
38430 }
38431
38432 @@ -358,7 +430,7 @@ static inline void _pgd_free(pgd_t *pgd)
38433 pgd_t *pgd_alloc(struct mm_struct *mm)
38434 {
38435 pgd_t *pgd;
38436 - pmd_t *pmds[PREALLOCATED_PMDS];
38437 + pxd_t *pxds[PREALLOCATED_PXDS];
38438
38439 pgd = _pgd_alloc();
38440
38441 @@ -367,11 +439,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
38442
38443 mm->pgd = pgd;
38444
38445 - if (preallocate_pmds(mm, pmds) != 0)
38446 + if (preallocate_pxds(mm, pxds) != 0)
38447 goto out_free_pgd;
38448
38449 if (paravirt_pgd_alloc(mm) != 0)
38450 - goto out_free_pmds;
38451 + goto out_free_pxds;
38452
38453 /*
38454 * Make sure that pre-populating the pmds is atomic with
38455 @@ -381,14 +453,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
38456 spin_lock(&pgd_lock);
38457
38458 pgd_ctor(mm, pgd);
38459 - pgd_prepopulate_pmd(mm, pgd, pmds);
38460 + pgd_prepopulate_pxd(mm, pgd, pxds);
38461
38462 spin_unlock(&pgd_lock);
38463
38464 return pgd;
38465
38466 -out_free_pmds:
38467 - free_pmds(mm, pmds);
38468 +out_free_pxds:
38469 + free_pxds(mm, pxds);
38470 out_free_pgd:
38471 _pgd_free(pgd);
38472 out:
38473 @@ -397,7 +469,7 @@ out:
38474
38475 void pgd_free(struct mm_struct *mm, pgd_t *pgd)
38476 {
38477 - pgd_mop_up_pmds(mm, pgd);
38478 + pgd_mop_up_pxds(mm, pgd);
38479 pgd_dtor(pgd);
38480 paravirt_pgd_free(mm, pgd);
38481 _pgd_free(pgd);
38482 @@ -530,6 +602,50 @@ void __init reserve_top_address(unsigned long reserve)
38483
38484 int fixmaps_set;
38485
38486 +static void fix_user_fixmap(enum fixed_addresses idx, unsigned long address)
38487 +{
38488 +#ifdef CONFIG_X86_64
38489 + pgd_t *pgd;
38490 + pud_t *pud;
38491 + pmd_t *pmd;
38492 +
38493 + switch (idx) {
38494 + default:
38495 + return;
38496 +
38497 +#ifdef CONFIG_X86_VSYSCALL_EMULATION
38498 + case VSYSCALL_PAGE:
38499 + break;
38500 +#endif
38501 + }
38502 +
38503 + pgd = pgd_offset_k(address);
38504 + if (!(pgd_val(*pgd) & _PAGE_USER)) {
38505 +#ifdef CONFIG_PAX_PER_CPU_PGD
38506 + unsigned int cpu;
38507 + pgd_t *pgd_cpu;
38508 +
38509 + for_each_possible_cpu(cpu) {
38510 + pgd_cpu = pgd_offset_cpu(cpu, kernel, address);
38511 + set_pgd(pgd_cpu, __pgd(pgd_val(*pgd_cpu) | _PAGE_USER));
38512 +
38513 + pgd_cpu = pgd_offset_cpu(cpu, user, address);
38514 + set_pgd(pgd_cpu, __pgd(pgd_val(*pgd_cpu) | _PAGE_USER));
38515 + }
38516 +#endif
38517 + set_pgd(pgd, __pgd(pgd_val(*pgd) | _PAGE_USER));
38518 + }
38519 +
38520 + pud = pud_offset(pgd, address);
38521 + if (!(pud_val(*pud) & _PAGE_USER))
38522 + set_pud(pud, __pud(pud_val(*pud) | _PAGE_USER));
38523 +
38524 + pmd = pmd_offset(pud, address);
38525 + if (!(pmd_val(*pmd) & _PAGE_USER))
38526 + set_pmd(pmd, __pmd(pmd_val(*pmd) | _PAGE_USER));
38527 +#endif
38528 +}
38529 +
38530 void __native_set_fixmap(enum fixed_addresses idx, pte_t pte)
38531 {
38532 unsigned long address = __fix_to_virt(idx);
38533 @@ -540,9 +656,10 @@ void __native_set_fixmap(enum fixed_addresses idx, pte_t pte)
38534 }
38535 set_pte_vaddr(address, pte);
38536 fixmaps_set++;
38537 + fix_user_fixmap(idx, address);
38538 }
38539
38540 -void native_set_fixmap(enum fixed_addresses idx, phys_addr_t phys,
38541 +void native_set_fixmap(unsigned int idx, phys_addr_t phys,
38542 pgprot_t flags)
38543 {
38544 __native_set_fixmap(idx, pfn_pte(phys >> PAGE_SHIFT, flags));
38545 @@ -606,9 +723,11 @@ int pmd_set_huge(pmd_t *pmd, phys_addr_t addr, pgprot_t prot)
38546
38547 prot = pgprot_4k_2_large(prot);
38548
38549 + pax_open_kernel();
38550 set_pte((pte_t *)pmd, pfn_pte(
38551 (u64)addr >> PAGE_SHIFT,
38552 __pgprot(pgprot_val(prot) | _PAGE_PSE)));
38553 + pax_close_kernel();
38554
38555 return 1;
38556 }
38557 diff --git a/arch/x86/mm/pgtable_32.c b/arch/x86/mm/pgtable_32.c
38558 index 9adce77..b698e8be 100644
38559 --- a/arch/x86/mm/pgtable_32.c
38560 +++ b/arch/x86/mm/pgtable_32.c
38561 @@ -46,10 +46,13 @@ void set_pte_vaddr(unsigned long vaddr, pte_t pteval)
38562 return;
38563 }
38564 pte = pte_offset_kernel(pmd, vaddr);
38565 +
38566 + pax_open_kernel();
38567 if (!pte_none(pteval))
38568 set_pte_at(&init_mm, vaddr, pte, pteval);
38569 else
38570 pte_clear(&init_mm, vaddr, pte);
38571 + pax_close_kernel();
38572
38573 /*
38574 * It's enough to flush this one mapping.
38575 diff --git a/arch/x86/mm/setup_nx.c b/arch/x86/mm/setup_nx.c
38576 index f65a33f..f408a99 100644
38577 --- a/arch/x86/mm/setup_nx.c
38578 +++ b/arch/x86/mm/setup_nx.c
38579 @@ -6,8 +6,10 @@
38580 #include <asm/proto.h>
38581 #include <asm/cpufeature.h>
38582
38583 +#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
38584 static int disable_nx;
38585
38586 +#ifndef CONFIG_PAX_PAGEEXEC
38587 /*
38588 * noexec = on|off
38589 *
38590 @@ -29,12 +31,17 @@ static int __init noexec_setup(char *str)
38591 return 0;
38592 }
38593 early_param("noexec", noexec_setup);
38594 +#endif
38595 +
38596 +#endif
38597
38598 void x86_configure_nx(void)
38599 {
38600 +#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
38601 if (boot_cpu_has(X86_FEATURE_NX) && !disable_nx)
38602 __supported_pte_mask |= _PAGE_NX;
38603 else
38604 +#endif
38605 __supported_pte_mask &= ~_PAGE_NX;
38606 }
38607
38608 diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
38609 index 4dbe656..b298320 100644
38610 --- a/arch/x86/mm/tlb.c
38611 +++ b/arch/x86/mm/tlb.c
38612 @@ -47,7 +47,11 @@ void leave_mm(int cpu)
38613 BUG();
38614 if (cpumask_test_cpu(cpu, mm_cpumask(active_mm))) {
38615 cpumask_clear_cpu(cpu, mm_cpumask(active_mm));
38616 +
38617 +#ifndef CONFIG_PAX_PER_CPU_PGD
38618 load_cr3(swapper_pg_dir);
38619 +#endif
38620 +
38621 /*
38622 * This gets called in the idle path where RCU
38623 * functions differently. Tracing normally
38624 @@ -61,6 +65,51 @@ EXPORT_SYMBOL_GPL(leave_mm);
38625
38626 #endif /* CONFIG_SMP */
38627
38628 +static void pax_switch_mm(struct mm_struct *next, unsigned int cpu)
38629 +{
38630 +
38631 +#ifdef CONFIG_PAX_PER_CPU_PGD
38632 + pax_open_kernel();
38633 +
38634 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
38635 + if (static_cpu_has(X86_FEATURE_PCIDUDEREF))
38636 + __clone_user_pgds(get_cpu_pgd(cpu, user), next->pgd);
38637 + else
38638 +#endif
38639 +
38640 + __clone_user_pgds(get_cpu_pgd(cpu, kernel), next->pgd);
38641 +
38642 + __shadow_user_pgds(get_cpu_pgd(cpu, kernel) + USER_PGD_PTRS, next->pgd);
38643 +
38644 + pax_close_kernel();
38645 +
38646 + BUG_ON((__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL) != (read_cr3() & __PHYSICAL_MASK) && (__pa(get_cpu_pgd(cpu, user)) | PCID_USER) != (read_cr3() & __PHYSICAL_MASK));
38647 +
38648 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
38649 + if (static_cpu_has(X86_FEATURE_PCIDUDEREF)) {
38650 + if (static_cpu_has(X86_FEATURE_INVPCID)) {
38651 + u64 descriptor[2];
38652 + descriptor[0] = PCID_USER;
38653 + asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_CONTEXT) : "memory");
38654 + if (!static_cpu_has(X86_FEATURE_STRONGUDEREF)) {
38655 + descriptor[0] = PCID_KERNEL;
38656 + asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_CONTEXT) : "memory");
38657 + }
38658 + } else {
38659 + write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER);
38660 + if (static_cpu_has(X86_FEATURE_STRONGUDEREF))
38661 + write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH);
38662 + else
38663 + write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL);
38664 + }
38665 + } else
38666 +#endif
38667 +
38668 + load_cr3(get_cpu_pgd(cpu, kernel));
38669 +#endif
38670 +
38671 +}
38672 +
38673 void switch_mm(struct mm_struct *prev, struct mm_struct *next,
38674 struct task_struct *tsk)
38675 {
38676 @@ -75,9 +124,15 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
38677 struct task_struct *tsk)
38678 {
38679 unsigned cpu = smp_processor_id();
38680 +#if defined(CONFIG_X86_32) && defined(CONFIG_SMP) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
38681 + int tlbstate = TLBSTATE_OK;
38682 +#endif
38683
38684 if (likely(prev != next)) {
38685 #ifdef CONFIG_SMP
38686 +#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
38687 + tlbstate = this_cpu_read(cpu_tlbstate.state);
38688 +#endif
38689 this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK);
38690 this_cpu_write(cpu_tlbstate.active_mm, next);
38691 #endif
38692 @@ -96,7 +151,7 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
38693 * We need to prevent an outcome in which CPU 1 observes
38694 * the new PTE value and CPU 0 observes bit 1 clear in
38695 * mm_cpumask. (If that occurs, then the IPI will never
38696 - * be sent, and CPU 0's TLB will contain a stale entry.)
38697 + * be sent, and CPU 1's TLB will contain a stale entry.)
38698 *
38699 * The bad outcome can occur if either CPU's load is
38700 * reordered before that CPU's store, so both CPUs must
38701 @@ -111,7 +166,11 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
38702 * ordering guarantee we need.
38703 *
38704 */
38705 +#ifdef CONFIG_PAX_PER_CPU_PGD
38706 + pax_switch_mm(next, cpu);
38707 +#else
38708 load_cr3(next->pgd);
38709 +#endif
38710
38711 trace_tlb_flush(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL);
38712
38713 @@ -137,9 +196,31 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
38714 if (unlikely(prev->context.ldt != next->context.ldt))
38715 load_mm_ldt(next);
38716 #endif
38717 +
38718 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
38719 + if (!(__supported_pte_mask & _PAGE_NX)) {
38720 + smp_mb__before_atomic();
38721 + cpumask_clear_cpu(cpu, &prev->context.cpu_user_cs_mask);
38722 + smp_mb__after_atomic();
38723 + cpumask_set_cpu(cpu, &next->context.cpu_user_cs_mask);
38724 + }
38725 +#endif
38726 +
38727 +#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
38728 + if (unlikely(prev->context.user_cs_base != next->context.user_cs_base ||
38729 + prev->context.user_cs_limit != next->context.user_cs_limit))
38730 + set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
38731 +#ifdef CONFIG_SMP
38732 + else if (unlikely(tlbstate != TLBSTATE_OK))
38733 + set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
38734 +#endif
38735 +#endif
38736 +
38737 }
38738 + else {
38739 + pax_switch_mm(next, cpu);
38740 +
38741 #ifdef CONFIG_SMP
38742 - else {
38743 this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK);
38744 BUG_ON(this_cpu_read(cpu_tlbstate.active_mm) != next);
38745
38746 @@ -160,13 +241,30 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
38747 * As above, load_cr3() is serializing and orders TLB
38748 * fills with respect to the mm_cpumask write.
38749 */
38750 +
38751 +#ifndef CONFIG_PAX_PER_CPU_PGD
38752 load_cr3(next->pgd);
38753 trace_tlb_flush(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL);
38754 +#endif
38755 +
38756 load_mm_cr4(next);
38757 load_mm_ldt(next);
38758 +
38759 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
38760 + if (!(__supported_pte_mask & _PAGE_NX))
38761 + cpumask_set_cpu(cpu, &next->context.cpu_user_cs_mask);
38762 +#endif
38763 +
38764 +#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
38765 +#ifdef CONFIG_PAX_PAGEEXEC
38766 + if (!((next->pax_flags & MF_PAX_PAGEEXEC) && (__supported_pte_mask & _PAGE_NX)))
38767 +#endif
38768 + set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
38769 +#endif
38770 +
38771 }
38772 +#endif
38773 }
38774 -#endif
38775 }
38776
38777 #ifdef CONFIG_SMP
38778 diff --git a/arch/x86/mm/uderef_64.c b/arch/x86/mm/uderef_64.c
38779 new file mode 100644
38780 index 0000000..3fda3f3
38781 --- /dev/null
38782 +++ b/arch/x86/mm/uderef_64.c
38783 @@ -0,0 +1,37 @@
38784 +#include <linux/mm.h>
38785 +#include <asm/pgtable.h>
38786 +#include <asm/uaccess.h>
38787 +
38788 +#ifdef CONFIG_PAX_MEMORY_UDEREF
38789 +/* PaX: due to the special call convention these functions must
38790 + * - remain leaf functions under all configurations,
38791 + * - never be called directly, only dereferenced from the wrappers.
38792 + */
38793 +void __used __pax_open_userland(void)
38794 +{
38795 + unsigned int cpu;
38796 +
38797 + if (unlikely(!segment_eq(get_fs(), USER_DS)))
38798 + return;
38799 +
38800 + cpu = raw_get_cpu();
38801 + BUG_ON((read_cr3() & ~PAGE_MASK) != PCID_KERNEL);
38802 + write_cr3(__pa_nodebug(get_cpu_pgd(cpu, user)) | PCID_USER | PCID_NOFLUSH);
38803 + raw_put_cpu_no_resched();
38804 +}
38805 +EXPORT_SYMBOL(__pax_open_userland);
38806 +
38807 +void __used __pax_close_userland(void)
38808 +{
38809 + unsigned int cpu;
38810 +
38811 + if (unlikely(!segment_eq(get_fs(), USER_DS)))
38812 + return;
38813 +
38814 + cpu = raw_get_cpu();
38815 + BUG_ON((read_cr3() & ~PAGE_MASK) != PCID_USER);
38816 + write_cr3(__pa_nodebug(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH);
38817 + raw_put_cpu_no_resched();
38818 +}
38819 +EXPORT_SYMBOL(__pax_close_userland);
38820 +#endif
38821 diff --git a/arch/x86/net/bpf_jit.S b/arch/x86/net/bpf_jit.S
38822 index f2a7faf..b77bb6c 100644
38823 --- a/arch/x86/net/bpf_jit.S
38824 +++ b/arch/x86/net/bpf_jit.S
38825 @@ -9,6 +9,7 @@
38826 */
38827 #include <linux/linkage.h>
38828 #include <asm/frame.h>
38829 +#include <asm/alternative-asm.h>
38830
38831 /*
38832 * Calling convention :
38833 @@ -39,6 +40,7 @@ FUNC(sk_load_word_positive_offset)
38834 jle bpf_slow_path_word
38835 mov (SKBDATA,%rsi),%eax
38836 bswap %eax /* ntohl() */
38837 + pax_force_retaddr
38838 ret
38839
38840 FUNC(sk_load_half)
38841 @@ -52,6 +54,7 @@ FUNC(sk_load_half_positive_offset)
38842 jle bpf_slow_path_half
38843 movzwl (SKBDATA,%rsi),%eax
38844 rol $8,%ax # ntohs()
38845 + pax_force_retaddr
38846 ret
38847
38848 FUNC(sk_load_byte)
38849 @@ -62,6 +65,7 @@ FUNC(sk_load_byte_positive_offset)
38850 cmp %esi,%r9d /* if (offset >= hlen) goto bpf_slow_path_byte */
38851 jle bpf_slow_path_byte
38852 movzbl (SKBDATA,%rsi),%eax
38853 + pax_force_retaddr
38854 ret
38855
38856 /* rsi contains offset and can be scratched */
38857 @@ -85,6 +89,7 @@ bpf_slow_path_word:
38858 js bpf_error
38859 mov - MAX_BPF_STACK + 32(%rbp),%eax
38860 bswap %eax
38861 + pax_force_retaddr
38862 ret
38863
38864 bpf_slow_path_half:
38865 @@ -93,12 +98,14 @@ bpf_slow_path_half:
38866 mov - MAX_BPF_STACK + 32(%rbp),%ax
38867 rol $8,%ax
38868 movzwl %ax,%eax
38869 + pax_force_retaddr
38870 ret
38871
38872 bpf_slow_path_byte:
38873 bpf_slow_path_common(1)
38874 js bpf_error
38875 movzbl - MAX_BPF_STACK + 32(%rbp),%eax
38876 + pax_force_retaddr
38877 ret
38878
38879 #define sk_negative_common(SIZE) \
38880 @@ -123,6 +130,7 @@ FUNC(sk_load_word_negative_offset)
38881 sk_negative_common(4)
38882 mov (%rax), %eax
38883 bswap %eax
38884 + pax_force_retaddr
38885 ret
38886
38887 bpf_slow_path_half_neg:
38888 @@ -134,6 +142,7 @@ FUNC(sk_load_half_negative_offset)
38889 mov (%rax),%ax
38890 rol $8,%ax
38891 movzwl %ax,%eax
38892 + pax_force_retaddr
38893 ret
38894
38895 bpf_slow_path_byte_neg:
38896 @@ -143,6 +152,7 @@ bpf_slow_path_byte_neg:
38897 FUNC(sk_load_byte_negative_offset)
38898 sk_negative_common(1)
38899 movzbl (%rax), %eax
38900 + pax_force_retaddr
38901 ret
38902
38903 bpf_error:
38904 @@ -153,4 +163,5 @@ bpf_error:
38905 mov - MAX_BPF_STACK + 16(%rbp),%r14
38906 mov - MAX_BPF_STACK + 24(%rbp),%r15
38907 leaveq
38908 + pax_force_retaddr
38909 ret
38910 diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
38911 index fe04a04..99be1fa 100644
38912 --- a/arch/x86/net/bpf_jit_comp.c
38913 +++ b/arch/x86/net/bpf_jit_comp.c
38914 @@ -14,7 +14,11 @@
38915 #include <asm/cacheflush.h>
38916 #include <linux/bpf.h>
38917
38918 +#ifdef CONFIG_GRKERNSEC_BPF_HARDEN
38919 +int bpf_jit_enable __read_only;
38920 +#else
38921 int bpf_jit_enable __read_mostly;
38922 +#endif
38923
38924 /*
38925 * assembly code in arch/x86/net/bpf_jit.S
38926 @@ -183,7 +187,9 @@ static u8 add_2reg(u8 byte, u32 dst_reg, u32 src_reg)
38927 static void jit_fill_hole(void *area, unsigned int size)
38928 {
38929 /* fill whole space with int3 instructions */
38930 + pax_open_kernel();
38931 memset(area, 0xcc, size);
38932 + pax_close_kernel();
38933 }
38934
38935 struct jit_context {
38936 @@ -1076,7 +1082,9 @@ common_load:
38937 pr_err("bpf_jit_compile fatal error\n");
38938 return -EFAULT;
38939 }
38940 + pax_open_kernel();
38941 memcpy(image + proglen, temp, ilen);
38942 + pax_close_kernel();
38943 }
38944 proglen += ilen;
38945 addrs[i] = proglen;
38946 @@ -1169,7 +1177,6 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
38947
38948 if (image) {
38949 bpf_flush_icache(header, image + proglen);
38950 - set_memory_ro((unsigned long)header, header->pages);
38951 prog->bpf_func = (void *)image;
38952 prog->jited = 1;
38953 }
38954 @@ -1188,12 +1195,8 @@ void bpf_jit_free(struct bpf_prog *fp)
38955 unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK;
38956 struct bpf_binary_header *header = (void *)addr;
38957
38958 - if (!fp->jited)
38959 - goto free_filter;
38960 + if (fp->jited)
38961 + bpf_jit_binary_free(header);
38962
38963 - set_memory_rw(addr, header->pages);
38964 - bpf_jit_binary_free(header);
38965 -
38966 -free_filter:
38967 bpf_prog_unlock_free(fp);
38968 }
38969 diff --git a/arch/x86/oprofile/backtrace.c b/arch/x86/oprofile/backtrace.c
38970 index cb31a44..b942435 100644
38971 --- a/arch/x86/oprofile/backtrace.c
38972 +++ b/arch/x86/oprofile/backtrace.c
38973 @@ -47,11 +47,11 @@ dump_user_backtrace_32(struct stack_frame_ia32 *head)
38974 struct stack_frame_ia32 *fp;
38975 unsigned long bytes;
38976
38977 - bytes = copy_from_user_nmi(bufhead, head, sizeof(bufhead));
38978 + bytes = copy_from_user_nmi(bufhead, (const char __force_user *)head, sizeof(bufhead));
38979 if (bytes != 0)
38980 return NULL;
38981
38982 - fp = (struct stack_frame_ia32 *) compat_ptr(bufhead[0].next_frame);
38983 + fp = (struct stack_frame_ia32 __force_kernel *) compat_ptr(bufhead[0].next_frame);
38984
38985 oprofile_add_trace(bufhead[0].return_address);
38986
38987 @@ -93,7 +93,7 @@ static struct stack_frame *dump_user_backtrace(struct stack_frame *head)
38988 struct stack_frame bufhead[2];
38989 unsigned long bytes;
38990
38991 - bytes = copy_from_user_nmi(bufhead, head, sizeof(bufhead));
38992 + bytes = copy_from_user_nmi(bufhead, (const char __force_user *)head, sizeof(bufhead));
38993 if (bytes != 0)
38994 return NULL;
38995
38996 diff --git a/arch/x86/oprofile/nmi_int.c b/arch/x86/oprofile/nmi_int.c
38997 index 28c0412..568d0a4 100644
38998 --- a/arch/x86/oprofile/nmi_int.c
38999 +++ b/arch/x86/oprofile/nmi_int.c
39000 @@ -23,6 +23,7 @@
39001 #include <asm/nmi.h>
39002 #include <asm/msr.h>
39003 #include <asm/apic.h>
39004 +#include <asm/pgtable.h>
39005
39006 #include "op_counter.h"
39007 #include "op_x86_model.h"
39008 @@ -615,7 +616,7 @@ enum __force_cpu_type {
39009
39010 static int force_cpu_type;
39011
39012 -static int set_cpu_type(const char *str, struct kernel_param *kp)
39013 +static int set_cpu_type(const char *str, const struct kernel_param *kp)
39014 {
39015 if (!strcmp(str, "timer")) {
39016 force_cpu_type = timer;
39017 @@ -786,8 +787,11 @@ int __init op_nmi_init(struct oprofile_operations *ops)
39018 if (ret)
39019 return ret;
39020
39021 - if (!model->num_virt_counters)
39022 - model->num_virt_counters = model->num_counters;
39023 + if (!model->num_virt_counters) {
39024 + pax_open_kernel();
39025 + const_cast(model->num_virt_counters) = model->num_counters;
39026 + pax_close_kernel();
39027 + }
39028
39029 mux_init(ops);
39030
39031 diff --git a/arch/x86/oprofile/op_model_amd.c b/arch/x86/oprofile/op_model_amd.c
39032 index 660a83c..6ff762b 100644
39033 --- a/arch/x86/oprofile/op_model_amd.c
39034 +++ b/arch/x86/oprofile/op_model_amd.c
39035 @@ -518,9 +518,11 @@ static int op_amd_init(struct oprofile_operations *ops)
39036 num_counters = AMD64_NUM_COUNTERS;
39037 }
39038
39039 - op_amd_spec.num_counters = num_counters;
39040 - op_amd_spec.num_controls = num_counters;
39041 - op_amd_spec.num_virt_counters = max(num_counters, NUM_VIRT_COUNTERS);
39042 + pax_open_kernel();
39043 + const_cast(op_amd_spec.num_counters) = num_counters;
39044 + const_cast(op_amd_spec.num_controls) = num_counters;
39045 + const_cast(op_amd_spec.num_virt_counters) = max(num_counters, NUM_VIRT_COUNTERS);
39046 + pax_close_kernel();
39047
39048 return 0;
39049 }
39050 diff --git a/arch/x86/oprofile/op_model_ppro.c b/arch/x86/oprofile/op_model_ppro.c
39051 index 350f709..77882e0 100644
39052 --- a/arch/x86/oprofile/op_model_ppro.c
39053 +++ b/arch/x86/oprofile/op_model_ppro.c
39054 @@ -19,6 +19,7 @@
39055 #include <asm/msr.h>
39056 #include <asm/apic.h>
39057 #include <asm/nmi.h>
39058 +#include <asm/pgtable.h>
39059
39060 #include "op_x86_model.h"
39061 #include "op_counter.h"
39062 @@ -221,8 +222,10 @@ static void arch_perfmon_setup_counters(void)
39063
39064 num_counters = min((int)eax.split.num_counters, OP_MAX_COUNTER);
39065
39066 - op_arch_perfmon_spec.num_counters = num_counters;
39067 - op_arch_perfmon_spec.num_controls = num_counters;
39068 + pax_open_kernel();
39069 + const_cast(op_arch_perfmon_spec.num_counters) = num_counters;
39070 + const_cast(op_arch_perfmon_spec.num_controls) = num_counters;
39071 + pax_close_kernel();
39072 }
39073
39074 static int arch_perfmon_init(struct oprofile_operations *ignore)
39075 diff --git a/arch/x86/oprofile/op_x86_model.h b/arch/x86/oprofile/op_x86_model.h
39076 index 71e8a67..6a313bb 100644
39077 --- a/arch/x86/oprofile/op_x86_model.h
39078 +++ b/arch/x86/oprofile/op_x86_model.h
39079 @@ -52,7 +52,7 @@ struct op_x86_model_spec {
39080 void (*switch_ctrl)(struct op_x86_model_spec const *model,
39081 struct op_msrs const * const msrs);
39082 #endif
39083 -};
39084 +} __do_const;
39085
39086 struct op_counter_config;
39087
39088 diff --git a/arch/x86/pci/intel_mid_pci.c b/arch/x86/pci/intel_mid_pci.c
39089 index 5a18aed..22eac20 100644
39090 --- a/arch/x86/pci/intel_mid_pci.c
39091 +++ b/arch/x86/pci/intel_mid_pci.c
39092 @@ -288,7 +288,7 @@ int __init intel_mid_pci_init(void)
39093 pci_mmcfg_late_init();
39094 pcibios_enable_irq = intel_mid_pci_irq_enable;
39095 pcibios_disable_irq = intel_mid_pci_irq_disable;
39096 - pci_root_ops = intel_mid_pci_ops;
39097 + memcpy((void *)&pci_root_ops, &intel_mid_pci_ops, sizeof pci_root_ops);
39098 pci_soc_mode = 1;
39099 /* Continue with standard init */
39100 return 1;
39101 diff --git a/arch/x86/pci/irq.c b/arch/x86/pci/irq.c
39102 index 9bd1154..e9d4656 100644
39103 --- a/arch/x86/pci/irq.c
39104 +++ b/arch/x86/pci/irq.c
39105 @@ -51,7 +51,7 @@ struct irq_router {
39106 struct irq_router_handler {
39107 u16 vendor;
39108 int (*probe)(struct irq_router *r, struct pci_dev *router, u16 device);
39109 -};
39110 +} __do_const;
39111
39112 int (*pcibios_enable_irq)(struct pci_dev *dev) = pirq_enable_irq;
39113 void (*pcibios_disable_irq)(struct pci_dev *dev) = pirq_disable_irq;
39114 @@ -792,7 +792,7 @@ static __init int pico_router_probe(struct irq_router *r, struct pci_dev *router
39115 return 0;
39116 }
39117
39118 -static __initdata struct irq_router_handler pirq_routers[] = {
39119 +static __initconst const struct irq_router_handler pirq_routers[] = {
39120 { PCI_VENDOR_ID_INTEL, intel_router_probe },
39121 { PCI_VENDOR_ID_AL, ali_router_probe },
39122 { PCI_VENDOR_ID_ITE, ite_router_probe },
39123 @@ -819,7 +819,7 @@ static struct pci_dev *pirq_router_dev;
39124 static void __init pirq_find_router(struct irq_router *r)
39125 {
39126 struct irq_routing_table *rt = pirq_table;
39127 - struct irq_router_handler *h;
39128 + const struct irq_router_handler *h;
39129
39130 #ifdef CONFIG_PCI_BIOS
39131 if (!rt->signature) {
39132 @@ -1092,7 +1092,7 @@ static int __init fix_acer_tm360_irqrouting(const struct dmi_system_id *d)
39133 return 0;
39134 }
39135
39136 -static struct dmi_system_id __initdata pciirq_dmi_table[] = {
39137 +static const struct dmi_system_id __initconst pciirq_dmi_table[] = {
39138 {
39139 .callback = fix_broken_hp_bios_irq9,
39140 .ident = "HP Pavilion N5400 Series Laptop",
39141 diff --git a/arch/x86/pci/pcbios.c b/arch/x86/pci/pcbios.c
39142 index 9770e55..76067ec 100644
39143 --- a/arch/x86/pci/pcbios.c
39144 +++ b/arch/x86/pci/pcbios.c
39145 @@ -79,7 +79,7 @@ union bios32 {
39146 static struct {
39147 unsigned long address;
39148 unsigned short segment;
39149 -} bios32_indirect __initdata = { 0, __KERNEL_CS };
39150 +} bios32_indirect __initdata = { 0, __PCIBIOS_CS };
39151
39152 /*
39153 * Returns the entry point for the given service, NULL on error
39154 @@ -92,37 +92,80 @@ static unsigned long __init bios32_service(unsigned long service)
39155 unsigned long length; /* %ecx */
39156 unsigned long entry; /* %edx */
39157 unsigned long flags;
39158 + struct desc_struct d, *gdt;
39159
39160 local_irq_save(flags);
39161 - __asm__("lcall *(%%edi); cld"
39162 +
39163 + gdt = get_cpu_gdt_table(smp_processor_id());
39164 +
39165 + pack_descriptor(&d, 0UL, 0xFFFFFUL, 0x9B, 0xC);
39166 + write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_CS, &d, DESCTYPE_S);
39167 + pack_descriptor(&d, 0UL, 0xFFFFFUL, 0x93, 0xC);
39168 + write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_DS, &d, DESCTYPE_S);
39169 +
39170 + __asm__("movw %w7, %%ds; lcall *(%%edi); push %%ss; pop %%ds; cld"
39171 : "=a" (return_code),
39172 "=b" (address),
39173 "=c" (length),
39174 "=d" (entry)
39175 : "0" (service),
39176 "1" (0),
39177 - "D" (&bios32_indirect));
39178 + "D" (&bios32_indirect),
39179 + "r"(__PCIBIOS_DS)
39180 + : "memory");
39181 +
39182 + pax_open_kernel();
39183 + gdt[GDT_ENTRY_PCIBIOS_CS].a = 0;
39184 + gdt[GDT_ENTRY_PCIBIOS_CS].b = 0;
39185 + gdt[GDT_ENTRY_PCIBIOS_DS].a = 0;
39186 + gdt[GDT_ENTRY_PCIBIOS_DS].b = 0;
39187 + pax_close_kernel();
39188 +
39189 local_irq_restore(flags);
39190
39191 switch (return_code) {
39192 - case 0:
39193 - return address + entry;
39194 - case 0x80: /* Not present */
39195 - printk(KERN_WARNING "bios32_service(0x%lx): not present\n", service);
39196 - return 0;
39197 - default: /* Shouldn't happen */
39198 - printk(KERN_WARNING "bios32_service(0x%lx): returned 0x%x -- BIOS bug!\n",
39199 - service, return_code);
39200 + case 0: {
39201 + int cpu;
39202 + unsigned char flags;
39203 +
39204 + printk(KERN_INFO "bios32_service: base:%08lx length:%08lx entry:%08lx\n", address, length, entry);
39205 + if (address >= 0xFFFF0 || length > 0x100000 - address || length <= entry) {
39206 + printk(KERN_WARNING "bios32_service: not valid\n");
39207 return 0;
39208 + }
39209 + address = address + PAGE_OFFSET;
39210 + length += 16UL; /* some BIOSs underreport this... */
39211 + flags = 4;
39212 + if (length >= 64*1024*1024) {
39213 + length >>= PAGE_SHIFT;
39214 + flags |= 8;
39215 + }
39216 +
39217 + for (cpu = 0; cpu < nr_cpu_ids; cpu++) {
39218 + gdt = get_cpu_gdt_table(cpu);
39219 + pack_descriptor(&d, address, length, 0x9b, flags);
39220 + write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_CS, &d, DESCTYPE_S);
39221 + pack_descriptor(&d, address, length, 0x93, flags);
39222 + write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_DS, &d, DESCTYPE_S);
39223 + }
39224 + return entry;
39225 + }
39226 + case 0x80: /* Not present */
39227 + printk(KERN_WARNING "bios32_service(0x%lx): not present\n", service);
39228 + return 0;
39229 + default: /* Shouldn't happen */
39230 + printk(KERN_WARNING "bios32_service(0x%lx): returned 0x%x -- BIOS bug!\n",
39231 + service, return_code);
39232 + return 0;
39233 }
39234 }
39235
39236 static struct {
39237 unsigned long address;
39238 unsigned short segment;
39239 -} pci_indirect = { 0, __KERNEL_CS };
39240 +} pci_indirect __read_only = { 0, __PCIBIOS_CS };
39241
39242 -static int pci_bios_present;
39243 +static int pci_bios_present __read_only;
39244
39245 static int __init check_pcibios(void)
39246 {
39247 @@ -131,11 +174,13 @@ static int __init check_pcibios(void)
39248 unsigned long flags, pcibios_entry;
39249
39250 if ((pcibios_entry = bios32_service(PCI_SERVICE))) {
39251 - pci_indirect.address = pcibios_entry + PAGE_OFFSET;
39252 + pci_indirect.address = pcibios_entry;
39253
39254 local_irq_save(flags);
39255 - __asm__(
39256 - "lcall *(%%edi); cld\n\t"
39257 + __asm__("movw %w6, %%ds\n\t"
39258 + "lcall *%%ss:(%%edi); cld\n\t"
39259 + "push %%ss\n\t"
39260 + "pop %%ds\n\t"
39261 "jc 1f\n\t"
39262 "xor %%ah, %%ah\n"
39263 "1:"
39264 @@ -144,7 +189,8 @@ static int __init check_pcibios(void)
39265 "=b" (ebx),
39266 "=c" (ecx)
39267 : "1" (PCIBIOS_PCI_BIOS_PRESENT),
39268 - "D" (&pci_indirect)
39269 + "D" (&pci_indirect),
39270 + "r" (__PCIBIOS_DS)
39271 : "memory");
39272 local_irq_restore(flags);
39273
39274 @@ -202,7 +248,10 @@ static int pci_bios_read(unsigned int seg, unsigned int bus,
39275 break;
39276 }
39277
39278 - __asm__("lcall *(%%esi); cld\n\t"
39279 + __asm__("movw %w6, %%ds\n\t"
39280 + "lcall *%%ss:(%%esi); cld\n\t"
39281 + "push %%ss\n\t"
39282 + "pop %%ds\n\t"
39283 "jc 1f\n\t"
39284 "xor %%ah, %%ah\n"
39285 "1:"
39286 @@ -211,7 +260,8 @@ static int pci_bios_read(unsigned int seg, unsigned int bus,
39287 : "1" (number),
39288 "b" (bx),
39289 "D" ((long)reg),
39290 - "S" (&pci_indirect));
39291 + "S" (&pci_indirect),
39292 + "r" (__PCIBIOS_DS));
39293 /*
39294 * Zero-extend the result beyond 8 or 16 bits, do not trust the
39295 * BIOS having done it:
39296 @@ -250,7 +300,10 @@ static int pci_bios_write(unsigned int seg, unsigned int bus,
39297 break;
39298 }
39299
39300 - __asm__("lcall *(%%esi); cld\n\t"
39301 + __asm__("movw %w6, %%ds\n\t"
39302 + "lcall *%%ss:(%%esi); cld\n\t"
39303 + "push %%ss\n\t"
39304 + "pop %%ds\n\t"
39305 "jc 1f\n\t"
39306 "xor %%ah, %%ah\n"
39307 "1:"
39308 @@ -259,7 +312,8 @@ static int pci_bios_write(unsigned int seg, unsigned int bus,
39309 "c" (value),
39310 "b" (bx),
39311 "D" ((long)reg),
39312 - "S" (&pci_indirect));
39313 + "S" (&pci_indirect),
39314 + "r" (__PCIBIOS_DS));
39315
39316 raw_spin_unlock_irqrestore(&pci_config_lock, flags);
39317
39318 @@ -362,10 +416,13 @@ struct irq_routing_table * pcibios_get_irq_routing_table(void)
39319
39320 DBG("PCI: Fetching IRQ routing table... ");
39321 __asm__("push %%es\n\t"
39322 + "movw %w8, %%ds\n\t"
39323 "push %%ds\n\t"
39324 "pop %%es\n\t"
39325 - "lcall *(%%esi); cld\n\t"
39326 + "lcall *%%ss:(%%esi); cld\n\t"
39327 "pop %%es\n\t"
39328 + "push %%ss\n\t"
39329 + "pop %%ds\n"
39330 "jc 1f\n\t"
39331 "xor %%ah, %%ah\n"
39332 "1:"
39333 @@ -376,7 +433,8 @@ struct irq_routing_table * pcibios_get_irq_routing_table(void)
39334 "1" (0),
39335 "D" ((long) &opt),
39336 "S" (&pci_indirect),
39337 - "m" (opt)
39338 + "m" (opt),
39339 + "r" (__PCIBIOS_DS)
39340 : "memory");
39341 DBG("OK ret=%d, size=%d, map=%x\n", ret, opt.size, map);
39342 if (ret & 0xff00)
39343 @@ -400,7 +458,10 @@ int pcibios_set_irq_routing(struct pci_dev *dev, int pin, int irq)
39344 {
39345 int ret;
39346
39347 - __asm__("lcall *(%%esi); cld\n\t"
39348 + __asm__("movw %w5, %%ds\n\t"
39349 + "lcall *%%ss:(%%esi); cld\n\t"
39350 + "push %%ss\n\t"
39351 + "pop %%ds\n"
39352 "jc 1f\n\t"
39353 "xor %%ah, %%ah\n"
39354 "1:"
39355 @@ -408,7 +469,8 @@ int pcibios_set_irq_routing(struct pci_dev *dev, int pin, int irq)
39356 : "0" (PCIBIOS_SET_PCI_HW_INT),
39357 "b" ((dev->bus->number << 8) | dev->devfn),
39358 "c" ((irq << 8) | (pin + 10)),
39359 - "S" (&pci_indirect));
39360 + "S" (&pci_indirect),
39361 + "r" (__PCIBIOS_DS));
39362 return !(ret & 0xff00);
39363 }
39364 EXPORT_SYMBOL(pcibios_set_irq_routing);
39365 diff --git a/arch/x86/pci/vmd.c b/arch/x86/pci/vmd.c
39366 index 7948be3..73a1aaa 100644
39367 --- a/arch/x86/pci/vmd.c
39368 +++ b/arch/x86/pci/vmd.c
39369 @@ -389,7 +389,7 @@ static void vmd_teardown_dma_ops(struct vmd_dev *vmd)
39370 #define ASSIGN_VMD_DMA_OPS(source, dest, fn) \
39371 do { \
39372 if (source->fn) \
39373 - dest->fn = vmd_##fn; \
39374 + const_cast(dest->fn) = vmd_##fn; \
39375 } while (0)
39376
39377 static void vmd_setup_dma_ops(struct vmd_dev *vmd)
39378 @@ -403,6 +403,7 @@ static void vmd_setup_dma_ops(struct vmd_dev *vmd)
39379
39380 if (!source)
39381 return;
39382 + pax_open_kernel();
39383 ASSIGN_VMD_DMA_OPS(source, dest, alloc);
39384 ASSIGN_VMD_DMA_OPS(source, dest, free);
39385 ASSIGN_VMD_DMA_OPS(source, dest, mmap);
39386 @@ -420,6 +421,7 @@ static void vmd_setup_dma_ops(struct vmd_dev *vmd)
39387 #ifdef ARCH_HAS_DMA_GET_REQUIRED_MASK
39388 ASSIGN_VMD_DMA_OPS(source, dest, get_required_mask);
39389 #endif
39390 + pax_close_kernel();
39391 add_dma_domain(domain);
39392 }
39393 #undef ASSIGN_VMD_DMA_OPS
39394 diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c
39395 index cef39b0..0e5aebe 100644
39396 --- a/arch/x86/platform/efi/efi_32.c
39397 +++ b/arch/x86/platform/efi/efi_32.c
39398 @@ -63,11 +63,27 @@ pgd_t * __init efi_call_phys_prolog(void)
39399 struct desc_ptr gdt_descr;
39400 pgd_t *save_pgd;
39401
39402 +#ifdef CONFIG_PAX_KERNEXEC
39403 + struct desc_struct d;
39404 +#endif
39405 +
39406 /* Current pgd is swapper_pg_dir, we'll restore it later: */
39407 +#ifdef CONFIG_PAX_PER_CPU_PGD
39408 + save_pgd = get_cpu_pgd(smp_processor_id(), kernel);
39409 +#else
39410 save_pgd = swapper_pg_dir;
39411 +#endif
39412 +
39413 load_cr3(initial_page_table);
39414 __flush_tlb_all();
39415
39416 +#ifdef CONFIG_PAX_KERNEXEC
39417 + pack_descriptor(&d, 0, 0xFFFFF, 0x9B, 0xC);
39418 + write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_KERNEXEC_EFI_CS, &d, DESCTYPE_S);
39419 + pack_descriptor(&d, 0, 0xFFFFF, 0x93, 0xC);
39420 + write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_KERNEXEC_EFI_DS, &d, DESCTYPE_S);
39421 +#endif
39422 +
39423 gdt_descr.address = __pa(get_cpu_gdt_table(0));
39424 gdt_descr.size = GDT_SIZE - 1;
39425 load_gdt(&gdt_descr);
39426 @@ -79,6 +95,14 @@ void __init efi_call_phys_epilog(pgd_t *save_pgd)
39427 {
39428 struct desc_ptr gdt_descr;
39429
39430 +#ifdef CONFIG_PAX_KERNEXEC
39431 + struct desc_struct d;
39432 +
39433 + memset(&d, 0, sizeof d);
39434 + write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_KERNEXEC_EFI_CS, &d, DESCTYPE_S);
39435 + write_gdt_entry(get_cpu_gdt_table(0), GDT_ENTRY_KERNEXEC_EFI_DS, &d, DESCTYPE_S);
39436 +#endif
39437 +
39438 gdt_descr.address = (unsigned long)get_cpu_gdt_table(0);
39439 gdt_descr.size = GDT_SIZE - 1;
39440 load_gdt(&gdt_descr);
39441 diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c
39442 index 8dd3784..9846546 100644
39443 --- a/arch/x86/platform/efi/efi_64.c
39444 +++ b/arch/x86/platform/efi/efi_64.c
39445 @@ -92,6 +92,11 @@ pgd_t * __init efi_call_phys_prolog(void)
39446 vaddress = (unsigned long)__va(pgd * PGDIR_SIZE);
39447 set_pgd(pgd_offset_k(pgd * PGDIR_SIZE), *pgd_offset_k(vaddress));
39448 }
39449 +
39450 +#ifdef CONFIG_PAX_PER_CPU_PGD
39451 + load_cr3(swapper_pg_dir);
39452 +#endif
39453 +
39454 out:
39455 __flush_tlb_all();
39456
39457 @@ -119,6 +124,10 @@ void __init efi_call_phys_epilog(pgd_t *save_pgd)
39458
39459 kfree(save_pgd);
39460
39461 +#ifdef CONFIG_PAX_PER_CPU_PGD
39462 + load_cr3(get_cpu_pgd(smp_processor_id(), kernel));
39463 +#endif
39464 +
39465 __flush_tlb_all();
39466 early_code_mapping_set_exec(0);
39467 }
39468 @@ -219,8 +228,23 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
39469 unsigned npages;
39470 pgd_t *pgd;
39471
39472 - if (efi_enabled(EFI_OLD_MEMMAP))
39473 + if (efi_enabled(EFI_OLD_MEMMAP)) {
39474 + /* PaX: We need to disable the NX bit in the PGD, otherwise we won't be
39475 + * able to execute the EFI services.
39476 + */
39477 + if (__supported_pte_mask & _PAGE_NX) {
39478 + unsigned long addr = (unsigned long) __va(0);
39479 + pgd_t pe = __pgd(pgd_val(*pgd_offset_k(addr)) & ~_PAGE_NX);
39480 +
39481 + pr_alert("PAX: Disabling NX protection for low memory map. Try booting without \"efi=old_map\"\n");
39482 +#ifdef CONFIG_PAX_PER_CPU_PGD
39483 + set_pgd(pgd_offset_cpu(0, kernel, addr), pe);
39484 +#endif
39485 + set_pgd(pgd_offset_k(addr), pe);
39486 + }
39487 +
39488 return 0;
39489 + }
39490
39491 efi_scratch.efi_pgt = (pgd_t *)__pa(efi_pgd);
39492 pgd = efi_pgd;
39493 diff --git a/arch/x86/platform/efi/efi_stub_32.S b/arch/x86/platform/efi/efi_stub_32.S
39494 index 040192b..7d3300f 100644
39495 --- a/arch/x86/platform/efi/efi_stub_32.S
39496 +++ b/arch/x86/platform/efi/efi_stub_32.S
39497 @@ -6,7 +6,9 @@
39498 */
39499
39500 #include <linux/linkage.h>
39501 +#include <linux/init.h>
39502 #include <asm/page_types.h>
39503 +#include <asm/segment.h>
39504
39505 /*
39506 * efi_call_phys(void *, ...) is a function with variable parameters.
39507 @@ -20,7 +22,7 @@
39508 * service functions will comply with gcc calling convention, too.
39509 */
39510
39511 -.text
39512 +__INIT
39513 ENTRY(efi_call_phys)
39514 /*
39515 * 0. The function can only be called in Linux kernel. So CS has been
39516 @@ -36,10 +38,24 @@ ENTRY(efi_call_phys)
39517 * The mapping of lower virtual memory has been created in prolog and
39518 * epilog.
39519 */
39520 - movl $1f, %edx
39521 - subl $__PAGE_OFFSET, %edx
39522 - jmp *%edx
39523 +#ifdef CONFIG_PAX_KERNEXEC
39524 + movl $(__KERNEXEC_EFI_DS), %edx
39525 + mov %edx, %ds
39526 + mov %edx, %es
39527 + mov %edx, %ss
39528 + addl $2f,(1f)
39529 + ljmp *(1f)
39530 +
39531 +__INITDATA
39532 +1: .long __LOAD_PHYSICAL_ADDR, __KERNEXEC_EFI_CS
39533 +.previous
39534 +
39535 +2:
39536 + subl $2b,(1b)
39537 +#else
39538 + jmp 1f-__PAGE_OFFSET
39539 1:
39540 +#endif
39541
39542 /*
39543 * 2. Now on the top of stack is the return
39544 @@ -47,14 +63,8 @@ ENTRY(efi_call_phys)
39545 * parameter 2, ..., param n. To make things easy, we save the return
39546 * address of efi_call_phys in a global variable.
39547 */
39548 - popl %edx
39549 - movl %edx, saved_return_addr
39550 - /* get the function pointer into ECX*/
39551 - popl %ecx
39552 - movl %ecx, efi_rt_function_ptr
39553 - movl $2f, %edx
39554 - subl $__PAGE_OFFSET, %edx
39555 - pushl %edx
39556 + popl (saved_return_addr)
39557 + popl (efi_rt_function_ptr)
39558
39559 /*
39560 * 3. Clear PG bit in %CR0.
39561 @@ -73,9 +83,8 @@ ENTRY(efi_call_phys)
39562 /*
39563 * 5. Call the physical function.
39564 */
39565 - jmp *%ecx
39566 + call *(efi_rt_function_ptr-__PAGE_OFFSET)
39567
39568 -2:
39569 /*
39570 * 6. After EFI runtime service returns, control will return to
39571 * following instruction. We'd better readjust stack pointer first.
39572 @@ -88,35 +97,36 @@ ENTRY(efi_call_phys)
39573 movl %cr0, %edx
39574 orl $0x80000000, %edx
39575 movl %edx, %cr0
39576 - jmp 1f
39577 -1:
39578 +
39579 /*
39580 * 8. Now restore the virtual mode from flat mode by
39581 * adding EIP with PAGE_OFFSET.
39582 */
39583 - movl $1f, %edx
39584 - jmp *%edx
39585 +#ifdef CONFIG_PAX_KERNEXEC
39586 + movl $(__KERNEL_DS), %edx
39587 + mov %edx, %ds
39588 + mov %edx, %es
39589 + mov %edx, %ss
39590 + ljmp $(__KERNEL_CS),$1f
39591 +#else
39592 + jmp 1f+__PAGE_OFFSET
39593 +#endif
39594 1:
39595
39596 /*
39597 * 9. Balance the stack. And because EAX contain the return value,
39598 * we'd better not clobber it.
39599 */
39600 - leal efi_rt_function_ptr, %edx
39601 - movl (%edx), %ecx
39602 - pushl %ecx
39603 + pushl (efi_rt_function_ptr)
39604
39605 /*
39606 - * 10. Push the saved return address onto the stack and return.
39607 + * 10. Return to the saved return address.
39608 */
39609 - leal saved_return_addr, %edx
39610 - movl (%edx), %ecx
39611 - pushl %ecx
39612 - ret
39613 + jmpl *(saved_return_addr)
39614 ENDPROC(efi_call_phys)
39615 .previous
39616
39617 -.data
39618 +__INITDATA
39619 saved_return_addr:
39620 .long 0
39621 efi_rt_function_ptr:
39622 diff --git a/arch/x86/platform/efi/efi_stub_64.S b/arch/x86/platform/efi/efi_stub_64.S
39623 index cd95075..a7b6d47 100644
39624 --- a/arch/x86/platform/efi/efi_stub_64.S
39625 +++ b/arch/x86/platform/efi/efi_stub_64.S
39626 @@ -11,6 +11,7 @@
39627 #include <asm/msr.h>
39628 #include <asm/processor-flags.h>
39629 #include <asm/page_types.h>
39630 +#include <asm/alternative-asm.h>
39631
39632 #define SAVE_XMM \
39633 mov %rsp, %rax; \
39634 @@ -53,5 +54,6 @@ ENTRY(efi_call)
39635 addq $48, %rsp
39636 RESTORE_XMM
39637 popq %rbp
39638 + pax_force_retaddr 0, 1
39639 ret
39640 ENDPROC(efi_call)
39641 diff --git a/arch/x86/platform/intel-mid/intel-mid.c b/arch/x86/platform/intel-mid/intel-mid.c
39642 index ce119d2..42159d9 100644
39643 --- a/arch/x86/platform/intel-mid/intel-mid.c
39644 +++ b/arch/x86/platform/intel-mid/intel-mid.c
39645 @@ -62,9 +62,9 @@
39646 enum intel_mid_timer_options intel_mid_timer_options;
39647
39648 /* intel_mid_ops to store sub arch ops */
39649 -static struct intel_mid_ops *intel_mid_ops;
39650 +static const struct intel_mid_ops *intel_mid_ops;
39651 /* getter function for sub arch ops*/
39652 -static void *(*get_intel_mid_ops[])(void) = INTEL_MID_OPS_INIT;
39653 +static const void *(*get_intel_mid_ops[])(void) = INTEL_MID_OPS_INIT;
39654 enum intel_mid_cpu_type __intel_mid_cpu_chip;
39655 EXPORT_SYMBOL_GPL(__intel_mid_cpu_chip);
39656
39657 @@ -72,9 +72,10 @@ static void intel_mid_power_off(void)
39658 {
39659 };
39660
39661 -static void intel_mid_reboot(void)
39662 +static void __noreturn intel_mid_reboot(void)
39663 {
39664 intel_scu_ipc_simple_command(IPCMSG_COLD_BOOT, 0);
39665 + BUG();
39666 }
39667
39668 static unsigned long __init intel_mid_calibrate_tsc(void)
39669 diff --git a/arch/x86/platform/intel-mid/intel_mid_weak_decls.h b/arch/x86/platform/intel-mid/intel_mid_weak_decls.h
39670 index 3c1c386..59a68ed 100644
39671 --- a/arch/x86/platform/intel-mid/intel_mid_weak_decls.h
39672 +++ b/arch/x86/platform/intel-mid/intel_mid_weak_decls.h
39673 @@ -13,6 +13,6 @@
39674 /* For every CPU addition a new get_<cpuname>_ops interface needs
39675 * to be added.
39676 */
39677 -extern void *get_penwell_ops(void);
39678 -extern void *get_cloverview_ops(void);
39679 -extern void *get_tangier_ops(void);
39680 +extern const void *get_penwell_ops(void);
39681 +extern const void *get_cloverview_ops(void);
39682 +extern const void *get_tangier_ops(void);
39683 diff --git a/arch/x86/platform/intel-mid/mfld.c b/arch/x86/platform/intel-mid/mfld.c
39684 index 1eb47b6..dadfb57 100644
39685 --- a/arch/x86/platform/intel-mid/mfld.c
39686 +++ b/arch/x86/platform/intel-mid/mfld.c
39687 @@ -61,12 +61,12 @@ static void __init penwell_arch_setup(void)
39688 pm_power_off = mfld_power_off;
39689 }
39690
39691 -void *get_penwell_ops(void)
39692 +const void *get_penwell_ops(void)
39693 {
39694 return &penwell_ops;
39695 }
39696
39697 -void *get_cloverview_ops(void)
39698 +const void *get_cloverview_ops(void)
39699 {
39700 return &penwell_ops;
39701 }
39702 diff --git a/arch/x86/platform/intel-mid/mrfld.c b/arch/x86/platform/intel-mid/mrfld.c
39703 index 59253db..81bb534 100644
39704 --- a/arch/x86/platform/intel-mid/mrfld.c
39705 +++ b/arch/x86/platform/intel-mid/mrfld.c
39706 @@ -94,7 +94,7 @@ static struct intel_mid_ops tangier_ops = {
39707 .arch_setup = tangier_arch_setup,
39708 };
39709
39710 -void *get_tangier_ops(void)
39711 +const void *get_tangier_ops(void)
39712 {
39713 return &tangier_ops;
39714 }
39715 diff --git a/arch/x86/platform/intel-quark/imr_selftest.c b/arch/x86/platform/intel-quark/imr_selftest.c
39716 index f5bad40..da1428a 100644
39717 --- a/arch/x86/platform/intel-quark/imr_selftest.c
39718 +++ b/arch/x86/platform/intel-quark/imr_selftest.c
39719 @@ -54,7 +54,7 @@ static void __init imr_self_test_result(int res, const char *fmt, ...)
39720 */
39721 static void __init imr_self_test(void)
39722 {
39723 - phys_addr_t base = virt_to_phys(&_text);
39724 + phys_addr_t base = virt_to_phys((void *)ktla_ktva((unsigned long)_text));
39725 size_t size = virt_to_phys(&__end_rodata) - base;
39726 const char *fmt_over = "overlapped IMR @ (0x%08lx - 0x%08lx)\n";
39727 int ret;
39728 diff --git a/arch/x86/platform/olpc/olpc_dt.c b/arch/x86/platform/olpc/olpc_dt.c
39729 index d6ee929..0454327 100644
39730 --- a/arch/x86/platform/olpc/olpc_dt.c
39731 +++ b/arch/x86/platform/olpc/olpc_dt.c
39732 @@ -156,7 +156,7 @@ void * __init prom_early_alloc(unsigned long size)
39733 return res;
39734 }
39735
39736 -static struct of_pdt_ops prom_olpc_ops __initdata = {
39737 +static const struct of_pdt_ops prom_olpc_ops __initconst = {
39738 .nextprop = olpc_dt_nextprop,
39739 .getproplen = olpc_dt_getproplen,
39740 .getproperty = olpc_dt_getproperty,
39741 diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c
39742 index b12c26e..089a429 100644
39743 --- a/arch/x86/power/cpu.c
39744 +++ b/arch/x86/power/cpu.c
39745 @@ -160,11 +160,8 @@ static void do_fpu_end(void)
39746 static void fix_processor_context(void)
39747 {
39748 int cpu = smp_processor_id();
39749 - struct tss_struct *t = &per_cpu(cpu_tss, cpu);
39750 -#ifdef CONFIG_X86_64
39751 - struct desc_struct *desc = get_cpu_gdt_table(cpu);
39752 - tss_desc tss;
39753 -#endif
39754 + struct tss_struct *t = cpu_tss + cpu;
39755 +
39756 set_tss_desc(cpu, t); /*
39757 * This just modifies memory; should not be
39758 * necessary. But... This is necessary, because
39759 @@ -173,10 +170,6 @@ static void fix_processor_context(void)
39760 */
39761
39762 #ifdef CONFIG_X86_64
39763 - memcpy(&tss, &desc[GDT_ENTRY_TSS], sizeof(tss_desc));
39764 - tss.type = 0x9; /* The available 64-bit TSS (see AMD vol 2, pg 91 */
39765 - write_gdt_entry(desc, GDT_ENTRY_TSS, &tss, DESC_TSS);
39766 -
39767 syscall_init(); /* This sets MSR_*STAR and related */
39768 #endif
39769 load_TR_desc(); /* This does ltr */
39770 diff --git a/arch/x86/power/hibernate_asm_32.S b/arch/x86/power/hibernate_asm_32.S
39771 index 1d0fa0e..5003de0 100644
39772 --- a/arch/x86/power/hibernate_asm_32.S
39773 +++ b/arch/x86/power/hibernate_asm_32.S
39774 @@ -11,6 +11,7 @@
39775 #include <asm/page_types.h>
39776 #include <asm/asm-offsets.h>
39777 #include <asm/processor-flags.h>
39778 +#include <asm/smap.h>
39779
39780 .text
39781
39782 @@ -74,6 +75,7 @@ done:
39783
39784 pushl saved_context_eflags
39785 popfl
39786 + ASM_CLAC
39787
39788 /* Saved in save_processor_state. */
39789 movl $saved_context, %eax
39790 diff --git a/arch/x86/power/hibernate_asm_64.S b/arch/x86/power/hibernate_asm_64.S
39791 index ce8da3a..c3c8b8c 100644
39792 --- a/arch/x86/power/hibernate_asm_64.S
39793 +++ b/arch/x86/power/hibernate_asm_64.S
39794 @@ -22,6 +22,7 @@
39795 #include <asm/asm-offsets.h>
39796 #include <asm/processor-flags.h>
39797 #include <asm/frame.h>
39798 +#include <asm/smap.h>
39799
39800 ENTRY(swsusp_arch_suspend)
39801 movq $saved_context, %rax
39802 @@ -133,6 +134,7 @@ ENTRY(restore_registers)
39803 movq pt_regs_r15(%rax), %r15
39804 pushq pt_regs_flags(%rax)
39805 popfq
39806 + ASM_CLAC
39807
39808 /* Saved in save_processor_state. */
39809 lgdt saved_context_gdt_desc(%rax)
39810 diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c
39811 index 5db706f1..267f907 100644
39812 --- a/arch/x86/realmode/init.c
39813 +++ b/arch/x86/realmode/init.c
39814 @@ -85,7 +85,13 @@ static void __init setup_real_mode(void)
39815 __va(real_mode_header->trampoline_header);
39816
39817 #ifdef CONFIG_X86_32
39818 - trampoline_header->start = __pa_symbol(startup_32_smp);
39819 + trampoline_header->start = __pa_symbol(ktla_ktva((unsigned long)startup_32_smp));
39820 +
39821 +#ifdef CONFIG_PAX_KERNEXEC
39822 + trampoline_header->start -= LOAD_PHYSICAL_ADDR;
39823 +#endif
39824 +
39825 + trampoline_header->boot_cs = __BOOT_CS;
39826 trampoline_header->gdt_limit = __BOOT_DS + 7;
39827 trampoline_header->gdt_base = __pa_symbol(boot_gdt);
39828 #else
39829 @@ -101,7 +107,7 @@ static void __init setup_real_mode(void)
39830 *trampoline_cr4_features = mmu_cr4_features;
39831
39832 trampoline_pgd = (u64 *) __va(real_mode_header->trampoline_pgd);
39833 - trampoline_pgd[0] = trampoline_pgd_entry.pgd;
39834 + trampoline_pgd[0] = trampoline_pgd_entry.pgd & ~_PAGE_NX;
39835 trampoline_pgd[511] = init_level4_pgt[511].pgd;
39836 #endif
39837 }
39838 diff --git a/arch/x86/realmode/rm/header.S b/arch/x86/realmode/rm/header.S
39839 index a28221d..93c40f1 100644
39840 --- a/arch/x86/realmode/rm/header.S
39841 +++ b/arch/x86/realmode/rm/header.S
39842 @@ -30,7 +30,9 @@ GLOBAL(real_mode_header)
39843 #endif
39844 /* APM/BIOS reboot */
39845 .long pa_machine_real_restart_asm
39846 -#ifdef CONFIG_X86_64
39847 +#ifdef CONFIG_X86_32
39848 + .long __KERNEL_CS
39849 +#else
39850 .long __KERNEL32_CS
39851 #endif
39852 END(real_mode_header)
39853 diff --git a/arch/x86/realmode/rm/reboot.S b/arch/x86/realmode/rm/reboot.S
39854 index d66c607..3def845 100644
39855 --- a/arch/x86/realmode/rm/reboot.S
39856 +++ b/arch/x86/realmode/rm/reboot.S
39857 @@ -27,6 +27,10 @@ ENTRY(machine_real_restart_asm)
39858 lgdtl pa_tr_gdt
39859
39860 /* Disable paging to drop us out of long mode */
39861 + movl %cr4, %eax
39862 + andl $~X86_CR4_PCIDE, %eax
39863 + movl %eax, %cr4
39864 +
39865 movl %cr0, %eax
39866 andl $~X86_CR0_PG, %eax
39867 movl %eax, %cr0
39868 diff --git a/arch/x86/realmode/rm/trampoline_32.S b/arch/x86/realmode/rm/trampoline_32.S
39869 index 48ddd76..c26749f 100644
39870 --- a/arch/x86/realmode/rm/trampoline_32.S
39871 +++ b/arch/x86/realmode/rm/trampoline_32.S
39872 @@ -24,6 +24,12 @@
39873 #include <asm/page_types.h>
39874 #include "realmode.h"
39875
39876 +#ifdef CONFIG_PAX_KERNEXEC
39877 +#define ta(X) (X)
39878 +#else
39879 +#define ta(X) (pa_ ## X)
39880 +#endif
39881 +
39882 .text
39883 .code16
39884
39885 @@ -38,8 +44,6 @@ ENTRY(trampoline_start)
39886
39887 cli # We should be safe anyway
39888
39889 - movl tr_start, %eax # where we need to go
39890 -
39891 movl $0xA5A5A5A5, trampoline_status
39892 # write marker for master knows we're running
39893
39894 @@ -55,7 +59,7 @@ ENTRY(trampoline_start)
39895 movw $1, %dx # protected mode (PE) bit
39896 lmsw %dx # into protected mode
39897
39898 - ljmpl $__BOOT_CS, $pa_startup_32
39899 + ljmpl *(trampoline_header)
39900
39901 .section ".text32","ax"
39902 .code32
39903 @@ -66,7 +70,7 @@ ENTRY(startup_32) # note: also used from wakeup_asm.S
39904 .balign 8
39905 GLOBAL(trampoline_header)
39906 tr_start: .space 4
39907 - tr_gdt_pad: .space 2
39908 + tr_boot_cs: .space 2
39909 tr_gdt: .space 6
39910 END(trampoline_header)
39911
39912 diff --git a/arch/x86/realmode/rm/trampoline_64.S b/arch/x86/realmode/rm/trampoline_64.S
39913 index dac7b20..72dbaca 100644
39914 --- a/arch/x86/realmode/rm/trampoline_64.S
39915 +++ b/arch/x86/realmode/rm/trampoline_64.S
39916 @@ -93,6 +93,7 @@ ENTRY(startup_32)
39917 movl %edx, %gs
39918
39919 movl pa_tr_cr4, %eax
39920 + andl $~X86_CR4_PCIDE, %eax
39921 movl %eax, %cr4 # Enable PAE mode
39922
39923 # Setup trampoline 4 level pagetables
39924 @@ -106,7 +107,7 @@ ENTRY(startup_32)
39925 wrmsr
39926
39927 # Enable paging and in turn activate Long Mode
39928 - movl $(X86_CR0_PG | X86_CR0_WP | X86_CR0_PE), %eax
39929 + movl $(X86_CR0_PG | X86_CR0_PE), %eax
39930 movl %eax, %cr0
39931
39932 /*
39933 diff --git a/arch/x86/realmode/rm/wakeup_asm.S b/arch/x86/realmode/rm/wakeup_asm.S
39934 index 9e7e147..25a4158 100644
39935 --- a/arch/x86/realmode/rm/wakeup_asm.S
39936 +++ b/arch/x86/realmode/rm/wakeup_asm.S
39937 @@ -126,11 +126,10 @@ ENTRY(wakeup_start)
39938 lgdtl pmode_gdt
39939
39940 /* This really couldn't... */
39941 - movl pmode_entry, %eax
39942 movl pmode_cr0, %ecx
39943 movl %ecx, %cr0
39944 - ljmpl $__KERNEL_CS, $pa_startup_32
39945 - /* -> jmp *%eax in trampoline_32.S */
39946 +
39947 + ljmpl *pmode_entry
39948 #else
39949 jmp trampoline_start
39950 #endif
39951 diff --git a/arch/x86/tools/Makefile b/arch/x86/tools/Makefile
39952 index 604a37e..e49702a 100644
39953 --- a/arch/x86/tools/Makefile
39954 +++ b/arch/x86/tools/Makefile
39955 @@ -37,7 +37,7 @@ $(obj)/test_get_len.o: $(srctree)/arch/x86/lib/insn.c $(srctree)/arch/x86/lib/in
39956
39957 $(obj)/insn_sanity.o: $(srctree)/arch/x86/lib/insn.c $(srctree)/arch/x86/lib/inat.c $(srctree)/arch/x86/include/asm/inat_types.h $(srctree)/arch/x86/include/asm/inat.h $(srctree)/arch/x86/include/asm/insn.h $(objtree)/arch/x86/lib/inat-tables.c
39958
39959 -HOST_EXTRACFLAGS += -I$(srctree)/tools/include
39960 +HOST_EXTRACFLAGS += -I$(srctree)/tools/include -ggdb
39961 hostprogs-y += relocs
39962 relocs-objs := relocs_32.o relocs_64.o relocs_common.o
39963 PHONY += relocs
39964 diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c
39965 index 0c2fae8..1d2a079 100644
39966 --- a/arch/x86/tools/relocs.c
39967 +++ b/arch/x86/tools/relocs.c
39968 @@ -1,5 +1,7 @@
39969 /* This is included from relocs_32/64.c */
39970
39971 +#include "../../../include/generated/autoconf.h"
39972 +
39973 #define ElfW(type) _ElfW(ELF_BITS, type)
39974 #define _ElfW(bits, type) __ElfW(bits, type)
39975 #define __ElfW(bits, type) Elf##bits##_##type
39976 @@ -11,6 +13,7 @@
39977 #define Elf_Sym ElfW(Sym)
39978
39979 static Elf_Ehdr ehdr;
39980 +static Elf_Phdr *phdr;
39981
39982 struct relocs {
39983 uint32_t *offset;
39984 @@ -45,6 +48,7 @@ static const char * const sym_regex_kernel[S_NSYMTYPES] = {
39985 "^(xen_irq_disable_direct_reloc$|"
39986 "xen_save_fl_direct_reloc$|"
39987 "VDSO|"
39988 + "__rap_hash_|"
39989 "__crc_)",
39990
39991 /*
39992 @@ -386,9 +390,39 @@ static void read_ehdr(FILE *fp)
39993 }
39994 }
39995
39996 +static void read_phdrs(FILE *fp)
39997 +{
39998 + unsigned int i;
39999 +
40000 + phdr = calloc(ehdr.e_phnum, sizeof(Elf_Phdr));
40001 + if (!phdr) {
40002 + die("Unable to allocate %d program headers\n",
40003 + ehdr.e_phnum);
40004 + }
40005 + if (fseek(fp, ehdr.e_phoff, SEEK_SET) < 0) {
40006 + die("Seek to %d failed: %s\n",
40007 + ehdr.e_phoff, strerror(errno));
40008 + }
40009 + if (fread(phdr, sizeof(*phdr), ehdr.e_phnum, fp) != ehdr.e_phnum) {
40010 + die("Cannot read ELF program headers: %s\n",
40011 + strerror(errno));
40012 + }
40013 + for(i = 0; i < ehdr.e_phnum; i++) {
40014 + phdr[i].p_type = elf_word_to_cpu(phdr[i].p_type);
40015 + phdr[i].p_offset = elf_off_to_cpu(phdr[i].p_offset);
40016 + phdr[i].p_vaddr = elf_addr_to_cpu(phdr[i].p_vaddr);
40017 + phdr[i].p_paddr = elf_addr_to_cpu(phdr[i].p_paddr);
40018 + phdr[i].p_filesz = elf_word_to_cpu(phdr[i].p_filesz);
40019 + phdr[i].p_memsz = elf_word_to_cpu(phdr[i].p_memsz);
40020 + phdr[i].p_flags = elf_word_to_cpu(phdr[i].p_flags);
40021 + phdr[i].p_align = elf_word_to_cpu(phdr[i].p_align);
40022 + }
40023 +
40024 +}
40025 +
40026 static void read_shdrs(FILE *fp)
40027 {
40028 - int i;
40029 + unsigned int i;
40030 Elf_Shdr shdr;
40031
40032 secs = calloc(ehdr.e_shnum, sizeof(struct section));
40033 @@ -423,7 +457,7 @@ static void read_shdrs(FILE *fp)
40034
40035 static void read_strtabs(FILE *fp)
40036 {
40037 - int i;
40038 + unsigned int i;
40039 for (i = 0; i < ehdr.e_shnum; i++) {
40040 struct section *sec = &secs[i];
40041 if (sec->shdr.sh_type != SHT_STRTAB) {
40042 @@ -448,7 +482,7 @@ static void read_strtabs(FILE *fp)
40043
40044 static void read_symtabs(FILE *fp)
40045 {
40046 - int i,j;
40047 + unsigned int i,j;
40048 for (i = 0; i < ehdr.e_shnum; i++) {
40049 struct section *sec = &secs[i];
40050 if (sec->shdr.sh_type != SHT_SYMTAB) {
40051 @@ -479,9 +513,11 @@ static void read_symtabs(FILE *fp)
40052 }
40053
40054
40055 -static void read_relocs(FILE *fp)
40056 +static void read_relocs(FILE *fp, int use_real_mode)
40057 {
40058 - int i,j;
40059 + unsigned int i,j;
40060 + uint32_t base;
40061 +
40062 for (i = 0; i < ehdr.e_shnum; i++) {
40063 struct section *sec = &secs[i];
40064 if (sec->shdr.sh_type != SHT_REL_TYPE) {
40065 @@ -501,9 +537,22 @@ static void read_relocs(FILE *fp)
40066 die("Cannot read symbol table: %s\n",
40067 strerror(errno));
40068 }
40069 + base = 0;
40070 +
40071 +#ifdef CONFIG_X86_32
40072 + for (j = 0; !use_real_mode && j < ehdr.e_phnum; j++) {
40073 + if (phdr[j].p_type != PT_LOAD )
40074 + continue;
40075 + if (secs[sec->shdr.sh_info].shdr.sh_offset < phdr[j].p_offset || secs[sec->shdr.sh_info].shdr.sh_offset >= phdr[j].p_offset + phdr[j].p_filesz)
40076 + continue;
40077 + base = CONFIG_PAGE_OFFSET + phdr[j].p_paddr - phdr[j].p_vaddr;
40078 + break;
40079 + }
40080 +#endif
40081 +
40082 for (j = 0; j < sec->shdr.sh_size/sizeof(Elf_Rel); j++) {
40083 Elf_Rel *rel = &sec->reltab[j];
40084 - rel->r_offset = elf_addr_to_cpu(rel->r_offset);
40085 + rel->r_offset = elf_addr_to_cpu(rel->r_offset) + base;
40086 rel->r_info = elf_xword_to_cpu(rel->r_info);
40087 #if (SHT_REL_TYPE == SHT_RELA)
40088 rel->r_addend = elf_xword_to_cpu(rel->r_addend);
40089 @@ -515,7 +564,7 @@ static void read_relocs(FILE *fp)
40090
40091 static void print_absolute_symbols(void)
40092 {
40093 - int i;
40094 + unsigned int i;
40095 const char *format;
40096
40097 if (ELF_BITS == 64)
40098 @@ -528,7 +577,7 @@ static void print_absolute_symbols(void)
40099 for (i = 0; i < ehdr.e_shnum; i++) {
40100 struct section *sec = &secs[i];
40101 char *sym_strtab;
40102 - int j;
40103 + unsigned int j;
40104
40105 if (sec->shdr.sh_type != SHT_SYMTAB) {
40106 continue;
40107 @@ -555,7 +604,7 @@ static void print_absolute_symbols(void)
40108
40109 static void print_absolute_relocs(void)
40110 {
40111 - int i, printed = 0;
40112 + unsigned int i, printed = 0;
40113 const char *format;
40114
40115 if (ELF_BITS == 64)
40116 @@ -568,7 +617,7 @@ static void print_absolute_relocs(void)
40117 struct section *sec_applies, *sec_symtab;
40118 char *sym_strtab;
40119 Elf_Sym *sh_symtab;
40120 - int j;
40121 + unsigned int j;
40122 if (sec->shdr.sh_type != SHT_REL_TYPE) {
40123 continue;
40124 }
40125 @@ -645,13 +694,13 @@ static void add_reloc(struct relocs *r, uint32_t offset)
40126 static void walk_relocs(int (*process)(struct section *sec, Elf_Rel *rel,
40127 Elf_Sym *sym, const char *symname))
40128 {
40129 - int i;
40130 + unsigned int i;
40131 /* Walk through the relocations */
40132 for (i = 0; i < ehdr.e_shnum; i++) {
40133 char *sym_strtab;
40134 Elf_Sym *sh_symtab;
40135 struct section *sec_applies, *sec_symtab;
40136 - int j;
40137 + unsigned int j;
40138 struct section *sec = &secs[i];
40139
40140 if (sec->shdr.sh_type != SHT_REL_TYPE) {
40141 @@ -697,7 +746,7 @@ static void walk_relocs(int (*process)(struct section *sec, Elf_Rel *rel,
40142 * kernel data and does not require special treatment.
40143 *
40144 */
40145 -static int per_cpu_shndx = -1;
40146 +static unsigned int per_cpu_shndx = ~0;
40147 static Elf_Addr per_cpu_load_addr;
40148
40149 static void percpu_init(void)
40150 @@ -830,6 +879,23 @@ static int do_reloc32(struct section *sec, Elf_Rel *rel, Elf_Sym *sym,
40151 {
40152 unsigned r_type = ELF32_R_TYPE(rel->r_info);
40153 int shn_abs = (sym->st_shndx == SHN_ABS) && !is_reloc(S_REL, symname);
40154 + char *sym_strtab = sec->link->link->strtab;
40155 +
40156 + /* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */
40157 + if (!strcmp(sec_name(sym->st_shndx), ".data..percpu") && strcmp(sym_name(sym_strtab, sym), "__per_cpu_load"))
40158 + return 0;
40159 +
40160 +#ifdef CONFIG_PAX_KERNEXEC
40161 + /* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */
40162 + if (!strcmp(sec_name(sym->st_shndx), ".text.end") && !strcmp(sym_name(sym_strtab, sym), "_etext"))
40163 + return 0;
40164 + if (!strcmp(sec_name(sym->st_shndx), ".init.text"))
40165 + return 0;
40166 + if (!strcmp(sec_name(sym->st_shndx), ".exit.text"))
40167 + return 0;
40168 + if (!strcmp(sec_name(sym->st_shndx), ".text") && strcmp(sym_name(sym_strtab, sym), "__LOAD_PHYSICAL_ADDR"))
40169 + return 0;
40170 +#endif
40171
40172 switch (r_type) {
40173 case R_386_NONE:
40174 @@ -968,7 +1034,7 @@ static int write32_as_text(uint32_t v, FILE *f)
40175
40176 static void emit_relocs(int as_text, int use_real_mode)
40177 {
40178 - int i;
40179 + unsigned int i;
40180 int (*write_reloc)(uint32_t, FILE *) = write32;
40181 int (*do_reloc)(struct section *sec, Elf_Rel *rel, Elf_Sym *sym,
40182 const char *symname);
40183 @@ -1078,10 +1144,11 @@ void process(FILE *fp, int use_real_mode, int as_text,
40184 {
40185 regex_init(use_real_mode);
40186 read_ehdr(fp);
40187 + read_phdrs(fp);
40188 read_shdrs(fp);
40189 read_strtabs(fp);
40190 read_symtabs(fp);
40191 - read_relocs(fp);
40192 + read_relocs(fp, use_real_mode);
40193 if (ELF_BITS == 64)
40194 percpu_init();
40195 if (show_absolute_syms) {
40196 diff --git a/arch/x86/um/mem_32.c b/arch/x86/um/mem_32.c
40197 index 744afdc..a0b8a0d 100644
40198 --- a/arch/x86/um/mem_32.c
40199 +++ b/arch/x86/um/mem_32.c
40200 @@ -20,7 +20,7 @@ static int __init gate_vma_init(void)
40201 gate_vma.vm_start = FIXADDR_USER_START;
40202 gate_vma.vm_end = FIXADDR_USER_END;
40203 gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
40204 - gate_vma.vm_page_prot = __P101;
40205 + gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags);
40206
40207 return 0;
40208 }
40209 diff --git a/arch/x86/um/tls_32.c b/arch/x86/um/tls_32.c
40210 index 48e3858..ab4458c 100644
40211 --- a/arch/x86/um/tls_32.c
40212 +++ b/arch/x86/um/tls_32.c
40213 @@ -261,7 +261,7 @@ out:
40214 if (unlikely(task == current &&
40215 !t->arch.tls_array[idx - GDT_ENTRY_TLS_MIN].flushed)) {
40216 printk(KERN_ERR "get_tls_entry: task with pid %d got here "
40217 - "without flushed TLS.", current->pid);
40218 + "without flushed TLS.", task_pid_nr(current));
40219 }
40220
40221 return 0;
40222 diff --git a/arch/x86/xen/Kconfig b/arch/x86/xen/Kconfig
40223 index c7b15f3..cc09a65 100644
40224 --- a/arch/x86/xen/Kconfig
40225 +++ b/arch/x86/xen/Kconfig
40226 @@ -10,6 +10,7 @@ config XEN
40227 select XEN_HAVE_VPMU
40228 depends on X86_64 || (X86_32 && X86_PAE)
40229 depends on X86_LOCAL_APIC && X86_TSC
40230 + depends on !GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_VIRT_XEN
40231 help
40232 This is the Linux Xen port. Enabling this will allow the
40233 kernel to boot in a paravirtualized environment under the
40234 diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
40235 index b86ebb1..e8a6e63 100644
40236 --- a/arch/x86/xen/enlighten.c
40237 +++ b/arch/x86/xen/enlighten.c
40238 @@ -134,8 +134,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
40239
40240 struct shared_info xen_dummy_shared_info;
40241
40242 -void *xen_initial_gdt;
40243 -
40244 RESERVE_BRK(shared_info_page_brk, PAGE_SIZE);
40245 __read_mostly int xen_have_vector_callback;
40246 EXPORT_SYMBOL_GPL(xen_have_vector_callback);
40247 @@ -594,8 +592,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr)
40248 {
40249 unsigned long va = dtr->address;
40250 unsigned int size = dtr->size + 1;
40251 - unsigned pages = DIV_ROUND_UP(size, PAGE_SIZE);
40252 - unsigned long frames[pages];
40253 + unsigned long frames[65536 / PAGE_SIZE];
40254 int f;
40255
40256 /*
40257 @@ -643,8 +640,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
40258 {
40259 unsigned long va = dtr->address;
40260 unsigned int size = dtr->size + 1;
40261 - unsigned pages = DIV_ROUND_UP(size, PAGE_SIZE);
40262 - unsigned long frames[pages];
40263 + unsigned long frames[(GDT_SIZE + PAGE_SIZE - 1) / PAGE_SIZE];
40264 int f;
40265
40266 /*
40267 @@ -652,7 +648,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
40268 * 8-byte entries, or 16 4k pages..
40269 */
40270
40271 - BUG_ON(size > 65536);
40272 + BUG_ON(size > GDT_SIZE);
40273 BUG_ON(va & ~PAGE_MASK);
40274
40275 for (f = 0; va < dtr->address + size; va += PAGE_SIZE, f++) {
40276 @@ -781,7 +777,7 @@ static int cvt_gate_to_trap(int vector, const gate_desc *val,
40277 * so we should never see them. Warn if
40278 * there's an unexpected IST-using fault handler.
40279 */
40280 - if (addr == (unsigned long)debug)
40281 + if (addr == (unsigned long)int1)
40282 addr = (unsigned long)xen_debug;
40283 else if (addr == (unsigned long)int3)
40284 addr = (unsigned long)xen_int3;
40285 @@ -1290,7 +1286,7 @@ static const struct pv_cpu_ops xen_cpu_ops __initconst = {
40286 .end_context_switch = xen_end_context_switch,
40287 };
40288
40289 -static void xen_reboot(int reason)
40290 +static __noreturn void xen_reboot(int reason)
40291 {
40292 struct sched_shutdown r = { .reason = reason };
40293 int cpu;
40294 @@ -1298,26 +1294,26 @@ static void xen_reboot(int reason)
40295 for_each_online_cpu(cpu)
40296 xen_pmu_finish(cpu);
40297
40298 - if (HYPERVISOR_sched_op(SCHEDOP_shutdown, &r))
40299 - BUG();
40300 + HYPERVISOR_sched_op(SCHEDOP_shutdown, &r);
40301 + BUG();
40302 }
40303
40304 -static void xen_restart(char *msg)
40305 +static __noreturn void xen_restart(char *msg)
40306 {
40307 xen_reboot(SHUTDOWN_reboot);
40308 }
40309
40310 -static void xen_emergency_restart(void)
40311 +static __noreturn void xen_emergency_restart(void)
40312 {
40313 xen_reboot(SHUTDOWN_reboot);
40314 }
40315
40316 -static void xen_machine_halt(void)
40317 +static __noreturn void xen_machine_halt(void)
40318 {
40319 xen_reboot(SHUTDOWN_poweroff);
40320 }
40321
40322 -static void xen_machine_power_off(void)
40323 +static __noreturn void xen_machine_power_off(void)
40324 {
40325 if (pm_power_off)
40326 pm_power_off();
40327 @@ -1471,8 +1467,11 @@ static void __ref xen_setup_gdt(int cpu)
40328 pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry_boot;
40329 pv_cpu_ops.load_gdt = xen_load_gdt_boot;
40330
40331 - setup_stack_canary_segment(0);
40332 - switch_to_new_gdt(0);
40333 + setup_stack_canary_segment(cpu);
40334 +#ifdef CONFIG_X86_64
40335 + load_percpu_segment(cpu);
40336 +#endif
40337 + switch_to_new_gdt(cpu);
40338
40339 pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry;
40340 pv_cpu_ops.load_gdt = xen_load_gdt;
40341 @@ -1590,9 +1589,6 @@ asmlinkage __visible void __init xen_start_kernel(void)
40342 */
40343 __userpte_alloc_gfp &= ~__GFP_HIGHMEM;
40344
40345 - /* Work out if we support NX */
40346 - x86_configure_nx();
40347 -
40348 /* Get mfn list */
40349 xen_build_dynamic_phys_to_machine();
40350
40351 @@ -1602,6 +1598,19 @@ asmlinkage __visible void __init xen_start_kernel(void)
40352 */
40353 xen_setup_gdt(0);
40354
40355 + /* Work out if we support NX */
40356 +#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
40357 + if ((cpuid_eax(0x80000000) & 0xffff0000) == 0x80000000 &&
40358 + (cpuid_edx(0x80000001) & (1U << (X86_FEATURE_NX & 31)))) {
40359 + unsigned l, h;
40360 +
40361 + __supported_pte_mask |= _PAGE_NX;
40362 + rdmsr(MSR_EFER, l, h);
40363 + l |= EFER_NX;
40364 + wrmsr(MSR_EFER, l, h);
40365 + }
40366 +#endif
40367 +
40368 xen_init_irq_ops();
40369 xen_init_cpuid_mask();
40370
40371 @@ -1619,13 +1628,6 @@ asmlinkage __visible void __init xen_start_kernel(void)
40372
40373 machine_ops = xen_machine_ops;
40374
40375 - /*
40376 - * The only reliable way to retain the initial address of the
40377 - * percpu gdt_page is to remember it here, so we can go and
40378 - * mark it RW later, when the initial percpu area is freed.
40379 - */
40380 - xen_initial_gdt = &per_cpu(gdt_page, 0);
40381 -
40382 xen_smp_init();
40383
40384 #ifdef CONFIG_ACPI_NUMA
40385 diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
40386 index 7d5afdb..c89588c 100644
40387 --- a/arch/x86/xen/mmu.c
40388 +++ b/arch/x86/xen/mmu.c
40389 @@ -1940,7 +1940,14 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
40390 * L3_k[511] -> level2_fixmap_pgt */
40391 convert_pfn_mfn(level3_kernel_pgt);
40392
40393 + convert_pfn_mfn(level3_vmalloc_start_pgt[0]);
40394 + convert_pfn_mfn(level3_vmalloc_start_pgt[1]);
40395 + convert_pfn_mfn(level3_vmalloc_start_pgt[2]);
40396 + convert_pfn_mfn(level3_vmalloc_start_pgt[3]);
40397 + convert_pfn_mfn(level3_vmalloc_end_pgt);
40398 + convert_pfn_mfn(level3_vmemmap_pgt);
40399 /* L3_k[511][506] -> level1_fixmap_pgt */
40400 + /* L3_k[511][507] -> level1_vsyscall_pgt */
40401 convert_pfn_mfn(level2_fixmap_pgt);
40402 }
40403 /* We get [511][511] and have Xen's version of level2_kernel_pgt */
40404 @@ -1970,11 +1977,25 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
40405 set_page_prot(init_level4_pgt, PAGE_KERNEL_RO);
40406 set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO);
40407 set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO);
40408 + set_page_prot(level3_vmalloc_start_pgt[0], PAGE_KERNEL_RO);
40409 + set_page_prot(level3_vmalloc_start_pgt[1], PAGE_KERNEL_RO);
40410 + set_page_prot(level3_vmalloc_start_pgt[2], PAGE_KERNEL_RO);
40411 + set_page_prot(level3_vmalloc_start_pgt[3], PAGE_KERNEL_RO);
40412 + set_page_prot(level3_vmalloc_end_pgt, PAGE_KERNEL_RO);
40413 + set_page_prot(level3_vmemmap_pgt, PAGE_KERNEL_RO);
40414 set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO);
40415 set_page_prot(level2_ident_pgt, PAGE_KERNEL_RO);
40416 + set_page_prot(level2_vmemmap_pgt, PAGE_KERNEL_RO);
40417 set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO);
40418 set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO);
40419 - set_page_prot(level1_fixmap_pgt, PAGE_KERNEL_RO);
40420 + set_page_prot(level1_modules_pgt[0], PAGE_KERNEL_RO);
40421 + set_page_prot(level1_modules_pgt[1], PAGE_KERNEL_RO);
40422 + set_page_prot(level1_modules_pgt[2], PAGE_KERNEL_RO);
40423 + set_page_prot(level1_modules_pgt[3], PAGE_KERNEL_RO);
40424 + set_page_prot(level1_fixmap_pgt[0], PAGE_KERNEL_RO);
40425 + set_page_prot(level1_fixmap_pgt[1], PAGE_KERNEL_RO);
40426 + set_page_prot(level1_fixmap_pgt[2], PAGE_KERNEL_RO);
40427 + set_page_prot(level1_vsyscall_pgt, PAGE_KERNEL_RO);
40428
40429 /* Pin down new L4 */
40430 pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE,
40431 @@ -2385,6 +2406,7 @@ static void __init xen_post_allocator_init(void)
40432 pv_mmu_ops.set_pud = xen_set_pud;
40433 #if CONFIG_PGTABLE_LEVELS == 4
40434 pv_mmu_ops.set_pgd = xen_set_pgd;
40435 + pv_mmu_ops.set_pgd_batched = xen_set_pgd;
40436 #endif
40437
40438 /* This will work as long as patching hasn't happened yet
40439 @@ -2414,6 +2436,10 @@ static void xen_leave_lazy_mmu(void)
40440 preempt_enable();
40441 }
40442
40443 +static void xen_pte_update(struct mm_struct *mm, unsigned long addr, pte_t *ptep)
40444 +{
40445 +}
40446 +
40447 static const struct pv_mmu_ops xen_mmu_ops __initconst = {
40448 .read_cr2 = xen_read_cr2,
40449 .write_cr2 = xen_write_cr2,
40450 @@ -2426,7 +2452,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
40451 .flush_tlb_single = xen_flush_tlb_single,
40452 .flush_tlb_others = xen_flush_tlb_others,
40453
40454 - .pte_update = paravirt_nop,
40455 + .pte_update = xen_pte_update,
40456
40457 .pgd_alloc = xen_pgd_alloc,
40458 .pgd_free = xen_pgd_free,
40459 @@ -2463,6 +2489,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
40460 .pud_val = PV_CALLEE_SAVE(xen_pud_val),
40461 .make_pud = PV_CALLEE_SAVE(xen_make_pud),
40462 .set_pgd = xen_set_pgd_hyper,
40463 + .set_pgd_batched = xen_set_pgd_hyper,
40464
40465 .alloc_pud = xen_alloc_pmd_init,
40466 .release_pud = xen_release_pmd_init,
40467 diff --git a/arch/x86/xen/pmu.c b/arch/x86/xen/pmu.c
40468 index 32bdc2c..073b8a5 100644
40469 --- a/arch/x86/xen/pmu.c
40470 +++ b/arch/x86/xen/pmu.c
40471 @@ -444,6 +444,7 @@ static unsigned long xen_get_guest_ip(void)
40472 return 0;
40473 }
40474
40475 + // TODO: adjust with the segment base
40476 return xenpmu_data->pmu.r.regs.ip;
40477 }
40478
40479 diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
40480 index 6228403..2354210 100644
40481 --- a/arch/x86/xen/smp.c
40482 +++ b/arch/x86/xen/smp.c
40483 @@ -312,17 +312,13 @@ static void __init xen_smp_prepare_boot_cpu(void)
40484
40485 if (xen_pv_domain()) {
40486 if (!xen_feature(XENFEAT_writable_page_tables))
40487 - /* We've switched to the "real" per-cpu gdt, so make
40488 - * sure the old memory can be recycled. */
40489 - make_lowmem_page_readwrite(xen_initial_gdt);
40490 -
40491 #ifdef CONFIG_X86_32
40492 /*
40493 * Xen starts us with XEN_FLAT_RING1_DS, but linux code
40494 * expects __USER_DS
40495 */
40496 - loadsegment(ds, __USER_DS);
40497 - loadsegment(es, __USER_DS);
40498 + loadsegment(ds, __KERNEL_DS);
40499 + loadsegment(es, __KERNEL_DS);
40500 #endif
40501
40502 xen_filter_cpu_maps();
40503 @@ -412,7 +408,7 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle)
40504 #ifdef CONFIG_X86_32
40505 /* Note: PVH is not yet supported on x86_32. */
40506 ctxt->user_regs.fs = __KERNEL_PERCPU;
40507 - ctxt->user_regs.gs = __KERNEL_STACK_CANARY;
40508 + savesegment(gs, ctxt->user_regs.gs);
40509 #endif
40510 memset(&ctxt->fpu_ctxt, 0, sizeof(ctxt->fpu_ctxt));
40511
40512 @@ -420,8 +416,8 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle)
40513 ctxt->user_regs.eip = (unsigned long)cpu_bringup_and_idle;
40514 ctxt->flags = VGCF_IN_KERNEL;
40515 ctxt->user_regs.eflags = 0x1000; /* IOPL_RING1 */
40516 - ctxt->user_regs.ds = __USER_DS;
40517 - ctxt->user_regs.es = __USER_DS;
40518 + ctxt->user_regs.ds = __KERNEL_DS;
40519 + ctxt->user_regs.es = __KERNEL_DS;
40520 ctxt->user_regs.ss = __KERNEL_DS;
40521
40522 xen_copy_trap_info(ctxt->trap_ctxt);
40523 @@ -763,7 +759,7 @@ static const struct smp_ops xen_smp_ops __initconst = {
40524
40525 void __init xen_smp_init(void)
40526 {
40527 - smp_ops = xen_smp_ops;
40528 + memcpy((void *)&smp_ops, &xen_smp_ops, sizeof smp_ops);
40529 xen_fill_possible_map();
40530 }
40531
40532 diff --git a/arch/x86/xen/xen-asm_32.S b/arch/x86/xen/xen-asm_32.S
40533 index feb6d40..e59382c 100644
40534 --- a/arch/x86/xen/xen-asm_32.S
40535 +++ b/arch/x86/xen/xen-asm_32.S
40536 @@ -85,7 +85,7 @@ ENTRY(xen_iret)
40537 pushw %fs
40538 movl $(__KERNEL_PERCPU), %eax
40539 movl %eax, %fs
40540 - movl %fs:xen_vcpu, %eax
40541 + mov PER_CPU_VAR(xen_vcpu), %eax
40542 POP_FS
40543 #else
40544 movl %ss:xen_vcpu, %eax
40545 diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S
40546 index 7f8d8ab..8ecf53e 100644
40547 --- a/arch/x86/xen/xen-head.S
40548 +++ b/arch/x86/xen/xen-head.S
40549 @@ -50,6 +50,18 @@ ENTRY(startup_xen)
40550 mov %_ASM_SI, xen_start_info
40551 mov $init_thread_union+THREAD_SIZE, %_ASM_SP
40552
40553 +#if defined(CONFIG_X86_32) && defined(CONFIG_SMP)
40554 + movl $cpu_gdt_table,%edi
40555 + movl $__per_cpu_load,%eax
40556 + movw %ax,__KERNEL_PERCPU + 2(%edi)
40557 + rorl $16,%eax
40558 + movb %al,__KERNEL_PERCPU + 4(%edi)
40559 + movb %ah,__KERNEL_PERCPU + 7(%edi)
40560 + movl $__per_cpu_end - 1,%eax
40561 + subl $__per_cpu_start,%eax
40562 + movw %ax,__KERNEL_PERCPU + 0(%edi)
40563 +#endif
40564 +
40565 jmp xen_start_kernel
40566
40567 __FINIT
40568 diff --git a/arch/x86/xen/xen-ops.h b/arch/x86/xen/xen-ops.h
40569 index 3cbce3b..f1221bc 100644
40570 --- a/arch/x86/xen/xen-ops.h
40571 +++ b/arch/x86/xen/xen-ops.h
40572 @@ -16,8 +16,6 @@ void xen_syscall_target(void);
40573 void xen_syscall32_target(void);
40574 #endif
40575
40576 -extern void *xen_initial_gdt;
40577 -
40578 struct trap_info;
40579 void xen_copy_trap_info(struct trap_info *traps);
40580
40581 diff --git a/arch/xtensa/variants/dc232b/include/variant/core.h b/arch/xtensa/variants/dc232b/include/variant/core.h
40582 index 525bd3d..ef888b1 100644
40583 --- a/arch/xtensa/variants/dc232b/include/variant/core.h
40584 +++ b/arch/xtensa/variants/dc232b/include/variant/core.h
40585 @@ -119,9 +119,9 @@
40586 ----------------------------------------------------------------------*/
40587
40588 #define XCHAL_ICACHE_LINESIZE 32 /* I-cache line size in bytes */
40589 -#define XCHAL_DCACHE_LINESIZE 32 /* D-cache line size in bytes */
40590 #define XCHAL_ICACHE_LINEWIDTH 5 /* log2(I line size in bytes) */
40591 #define XCHAL_DCACHE_LINEWIDTH 5 /* log2(D line size in bytes) */
40592 +#define XCHAL_DCACHE_LINESIZE (_AC(1,UL) << XCHAL_DCACHE_LINEWIDTH) /* D-cache line size in bytes */
40593
40594 #define XCHAL_ICACHE_SIZE 16384 /* I-cache size in bytes or 0 */
40595 #define XCHAL_DCACHE_SIZE 16384 /* D-cache size in bytes or 0 */
40596 diff --git a/arch/xtensa/variants/fsf/include/variant/core.h b/arch/xtensa/variants/fsf/include/variant/core.h
40597 index 2f33760..835e50a 100644
40598 --- a/arch/xtensa/variants/fsf/include/variant/core.h
40599 +++ b/arch/xtensa/variants/fsf/include/variant/core.h
40600 @@ -11,6 +11,7 @@
40601 #ifndef _XTENSA_CORE_H
40602 #define _XTENSA_CORE_H
40603
40604 +#include <linux/const.h>
40605
40606 /****************************************************************************
40607 Parameters Useful for Any Code, USER or PRIVILEGED
40608 @@ -112,9 +113,9 @@
40609 ----------------------------------------------------------------------*/
40610
40611 #define XCHAL_ICACHE_LINESIZE 16 /* I-cache line size in bytes */
40612 -#define XCHAL_DCACHE_LINESIZE 16 /* D-cache line size in bytes */
40613 #define XCHAL_ICACHE_LINEWIDTH 4 /* log2(I line size in bytes) */
40614 #define XCHAL_DCACHE_LINEWIDTH 4 /* log2(D line size in bytes) */
40615 +#define XCHAL_DCACHE_LINESIZE (_AC(1,UL) << XCHAL_DCACHE_LINEWIDTH) /* D-cache line size in bytes */
40616
40617 #define XCHAL_ICACHE_SIZE 8192 /* I-cache size in bytes or 0 */
40618 #define XCHAL_DCACHE_SIZE 8192 /* D-cache size in bytes or 0 */
40619 diff --git a/block/bio.c b/block/bio.c
40620 index aa73540..ced15ee 100644
40621 --- a/block/bio.c
40622 +++ b/block/bio.c
40623 @@ -1144,7 +1144,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q,
40624 /*
40625 * Overflow, abort
40626 */
40627 - if (end < start)
40628 + if (end < start || end - start > INT_MAX - nr_pages)
40629 return ERR_PTR(-EINVAL);
40630
40631 nr_pages += end - start;
40632 @@ -1269,7 +1269,7 @@ struct bio *bio_map_user_iov(struct request_queue *q,
40633 /*
40634 * Overflow, abort
40635 */
40636 - if (end < start)
40637 + if (end < start || end - start > INT_MAX - nr_pages)
40638 return ERR_PTR(-EINVAL);
40639
40640 nr_pages += end - start;
40641 @@ -1777,7 +1777,7 @@ EXPORT_SYMBOL(bio_endio);
40642 * to @bio's bi_io_vec; it is the caller's responsibility to ensure that
40643 * @bio is not freed before the split.
40644 */
40645 -struct bio *bio_split(struct bio *bio, int sectors,
40646 +struct bio *bio_split(struct bio *bio, unsigned int sectors,
40647 gfp_t gfp, struct bio_set *bs)
40648 {
40649 struct bio *split = NULL;
40650 diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c
40651 index b08ccbb..87fe492 100644
40652 --- a/block/blk-cgroup.c
40653 +++ b/block/blk-cgroup.c
40654 @@ -561,10 +561,10 @@ u64 __blkg_prfill_rwstat(struct seq_file *sf, struct blkg_policy_data *pd,
40655
40656 for (i = 0; i < BLKG_RWSTAT_NR; i++)
40657 seq_printf(sf, "%s %s %llu\n", dname, rwstr[i],
40658 - (unsigned long long)atomic64_read(&rwstat->aux_cnt[i]));
40659 + (unsigned long long)atomic64_read_unchecked(&rwstat->aux_cnt[i]));
40660
40661 - v = atomic64_read(&rwstat->aux_cnt[BLKG_RWSTAT_READ]) +
40662 - atomic64_read(&rwstat->aux_cnt[BLKG_RWSTAT_WRITE]);
40663 + v = atomic64_read_unchecked(&rwstat->aux_cnt[BLKG_RWSTAT_READ]) +
40664 + atomic64_read_unchecked(&rwstat->aux_cnt[BLKG_RWSTAT_WRITE]);
40665 seq_printf(sf, "%s Total %llu\n", dname, (unsigned long long)v);
40666 return v;
40667 }
40668 @@ -716,7 +716,7 @@ u64 blkg_stat_recursive_sum(struct blkcg_gq *blkg,
40669 else
40670 stat = (void *)blkg + off;
40671
40672 - sum += blkg_stat_read(stat) + atomic64_read(&stat->aux_cnt);
40673 + sum += blkg_stat_read(stat) + atomic64_read_unchecked(&stat->aux_cnt);
40674 }
40675 rcu_read_unlock();
40676
40677 @@ -760,7 +760,7 @@ struct blkg_rwstat blkg_rwstat_recursive_sum(struct blkcg_gq *blkg,
40678 rwstat = (void *)pos_blkg + off;
40679
40680 for (i = 0; i < BLKG_RWSTAT_NR; i++)
40681 - atomic64_add(atomic64_read(&rwstat->aux_cnt[i]) +
40682 + atomic64_add_unchecked(atomic64_read_unchecked(&rwstat->aux_cnt[i]) +
40683 percpu_counter_sum_positive(&rwstat->cpu_cnt[i]),
40684 &sum.aux_cnt[i]);
40685 }
40686 @@ -886,13 +886,13 @@ static int blkcg_print_stat(struct seq_file *sf, void *v)
40687
40688 rwstat = blkg_rwstat_recursive_sum(blkg, NULL,
40689 offsetof(struct blkcg_gq, stat_bytes));
40690 - rbytes = atomic64_read(&rwstat.aux_cnt[BLKG_RWSTAT_READ]);
40691 - wbytes = atomic64_read(&rwstat.aux_cnt[BLKG_RWSTAT_WRITE]);
40692 + rbytes = atomic64_read_unchecked(&rwstat.aux_cnt[BLKG_RWSTAT_READ]);
40693 + wbytes = atomic64_read_unchecked(&rwstat.aux_cnt[BLKG_RWSTAT_WRITE]);
40694
40695 rwstat = blkg_rwstat_recursive_sum(blkg, NULL,
40696 offsetof(struct blkcg_gq, stat_ios));
40697 - rios = atomic64_read(&rwstat.aux_cnt[BLKG_RWSTAT_READ]);
40698 - wios = atomic64_read(&rwstat.aux_cnt[BLKG_RWSTAT_WRITE]);
40699 + rios = atomic64_read_unchecked(&rwstat.aux_cnt[BLKG_RWSTAT_READ]);
40700 + wios = atomic64_read_unchecked(&rwstat.aux_cnt[BLKG_RWSTAT_WRITE]);
40701
40702 spin_unlock_irq(blkg->q->queue_lock);
40703
40704 diff --git a/block/blk-core.c b/block/blk-core.c
40705 index 36c7ac3..ba1f2fd 100644
40706 --- a/block/blk-core.c
40707 +++ b/block/blk-core.c
40708 @@ -3529,8 +3529,11 @@ int __init blk_dev_init(void)
40709 if (!kblockd_workqueue)
40710 panic("Failed to create kblockd\n");
40711
40712 - request_cachep = kmem_cache_create("blkdev_requests",
40713 - sizeof(struct request), 0, SLAB_PANIC, NULL);
40714 + request_cachep = kmem_cache_create_usercopy("blkdev_requests",
40715 + sizeof(struct request), 0, SLAB_PANIC,
40716 + offsetof(struct request, __cmd),
40717 + sizeof(((struct request *)0)->__cmd),
40718 + NULL);
40719
40720 blk_requestq_cachep = kmem_cache_create("request_queue",
40721 sizeof(struct request_queue), 0, SLAB_PANIC, NULL);
40722 diff --git a/block/blk-map.c b/block/blk-map.c
40723 index b8657fa..dad7c1e 100644
40724 --- a/block/blk-map.c
40725 +++ b/block/blk-map.c
40726 @@ -219,7 +219,7 @@ int blk_rq_map_kern(struct request_queue *q, struct request *rq, void *kbuf,
40727 if (!len || !kbuf)
40728 return -EINVAL;
40729
40730 - do_copy = !blk_rq_aligned(q, addr, len) || object_is_on_stack(kbuf);
40731 + do_copy = !blk_rq_aligned(q, addr, len) || object_starts_on_stack(kbuf);
40732 if (do_copy)
40733 bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading);
40734 else
40735 diff --git a/block/blk-softirq.c b/block/blk-softirq.c
40736 index 53b1737..08177d2e 100644
40737 --- a/block/blk-softirq.c
40738 +++ b/block/blk-softirq.c
40739 @@ -18,7 +18,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done);
40740 * Softirq action handler - move entries to local list and loop over them
40741 * while passing them to the queue registered handler.
40742 */
40743 -static void blk_done_softirq(struct softirq_action *h)
40744 +static __latent_entropy void blk_done_softirq(void)
40745 {
40746 struct list_head *cpu_list, local_list;
40747
40748 diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c
40749 index 5e24d88..c345d62 100644
40750 --- a/block/cfq-iosched.c
40751 +++ b/block/cfq-iosched.c
40752 @@ -1965,8 +1965,8 @@ static u64 cfqg_prfill_sectors_recursive(struct seq_file *sf,
40753 {
40754 struct blkg_rwstat tmp = blkg_rwstat_recursive_sum(pd->blkg, NULL,
40755 offsetof(struct blkcg_gq, stat_bytes));
40756 - u64 sum = atomic64_read(&tmp.aux_cnt[BLKG_RWSTAT_READ]) +
40757 - atomic64_read(&tmp.aux_cnt[BLKG_RWSTAT_WRITE]);
40758 + u64 sum = atomic64_read_unchecked(&tmp.aux_cnt[BLKG_RWSTAT_READ]) +
40759 + atomic64_read_unchecked(&tmp.aux_cnt[BLKG_RWSTAT_WRITE]);
40760
40761 return __blkg_prfill_u64(sf, pd, sum >> 9);
40762 }
40763 diff --git a/block/compat_ioctl.c b/block/compat_ioctl.c
40764 index 556826a..4e7c5fd 100644
40765 --- a/block/compat_ioctl.c
40766 +++ b/block/compat_ioctl.c
40767 @@ -156,7 +156,7 @@ static int compat_cdrom_generic_command(struct block_device *bdev, fmode_t mode,
40768 cgc = compat_alloc_user_space(sizeof(*cgc));
40769 cgc32 = compat_ptr(arg);
40770
40771 - if (copy_in_user(&cgc->cmd, &cgc32->cmd, sizeof(cgc->cmd)) ||
40772 + if (copy_in_user(cgc->cmd, cgc32->cmd, sizeof(cgc->cmd)) ||
40773 get_user(data, &cgc32->buffer) ||
40774 put_user(compat_ptr(data), &cgc->buffer) ||
40775 copy_in_user(&cgc->buflen, &cgc32->buflen,
40776 @@ -341,7 +341,7 @@ static int compat_fd_ioctl(struct block_device *bdev, fmode_t mode,
40777 err |= __get_user(f->spec1, &uf->spec1);
40778 err |= __get_user(f->fmt_gap, &uf->fmt_gap);
40779 err |= __get_user(name, &uf->name);
40780 - f->name = compat_ptr(name);
40781 + f->name = (void __force_kernel *)compat_ptr(name);
40782 if (err) {
40783 err = -EFAULT;
40784 goto out;
40785 diff --git a/block/genhd.c b/block/genhd.c
40786 index fcd6d4f..96e433b 100644
40787 --- a/block/genhd.c
40788 +++ b/block/genhd.c
40789 @@ -471,21 +471,24 @@ static char *bdevt_str(dev_t devt, char *buf)
40790
40791 /*
40792 * Register device numbers dev..(dev+range-1)
40793 - * range must be nonzero
40794 + * Noop if @range is zero.
40795 * The hash chain is sorted on range, so that subranges can override.
40796 */
40797 void blk_register_region(dev_t devt, unsigned long range, struct module *module,
40798 struct kobject *(*probe)(dev_t, int *, void *),
40799 int (*lock)(dev_t, void *), void *data)
40800 {
40801 - kobj_map(bdev_map, devt, range, module, probe, lock, data);
40802 + if (range)
40803 + kobj_map(bdev_map, devt, range, module, probe, lock, data);
40804 }
40805
40806 EXPORT_SYMBOL(blk_register_region);
40807
40808 +/* undo blk_register_region(), noop if @range is zero */
40809 void blk_unregister_region(dev_t devt, unsigned long range)
40810 {
40811 - kobj_unmap(bdev_map, devt, range);
40812 + if (range)
40813 + kobj_unmap(bdev_map, devt, range);
40814 }
40815
40816 EXPORT_SYMBOL(blk_unregister_region);
40817 diff --git a/block/partitions/efi.c b/block/partitions/efi.c
40818 index bcd86e5..fe457ef 100644
40819 --- a/block/partitions/efi.c
40820 +++ b/block/partitions/efi.c
40821 @@ -293,14 +293,14 @@ static gpt_entry *alloc_read_gpt_entries(struct parsed_partitions *state,
40822 if (!gpt)
40823 return NULL;
40824
40825 + if (!le32_to_cpu(gpt->num_partition_entries))
40826 + return NULL;
40827 + pte = kcalloc(le32_to_cpu(gpt->num_partition_entries), le32_to_cpu(gpt->sizeof_partition_entry), GFP_KERNEL);
40828 + if (!pte)
40829 + return NULL;
40830 +
40831 count = le32_to_cpu(gpt->num_partition_entries) *
40832 le32_to_cpu(gpt->sizeof_partition_entry);
40833 - if (!count)
40834 - return NULL;
40835 - pte = kmalloc(count, GFP_KERNEL);
40836 - if (!pte)
40837 - return NULL;
40838 -
40839 if (read_lba(state, le64_to_cpu(gpt->partition_entry_lba),
40840 (u8 *) pte, count) < count) {
40841 kfree(pte);
40842 diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
40843 index 0774799..a0012ea 100644
40844 --- a/block/scsi_ioctl.c
40845 +++ b/block/scsi_ioctl.c
40846 @@ -67,7 +67,7 @@ static int scsi_get_bus(struct request_queue *q, int __user *p)
40847 return put_user(0, p);
40848 }
40849
40850 -static int sg_get_timeout(struct request_queue *q)
40851 +static int __intentional_overflow(-1) sg_get_timeout(struct request_queue *q)
40852 {
40853 return jiffies_to_clock_t(q->sg_timeout);
40854 }
40855 diff --git a/crypto/cast6_generic.c b/crypto/cast6_generic.c
40856 index 058c8d7..55229dd 100644
40857 --- a/crypto/cast6_generic.c
40858 +++ b/crypto/cast6_generic.c
40859 @@ -181,8 +181,9 @@ static inline void QBAR(u32 *block, u8 *Kr, u32 *Km)
40860 block[2] ^= F1(block[3], Kr[0], Km[0]);
40861 }
40862
40863 -void __cast6_encrypt(struct cast6_ctx *c, u8 *outbuf, const u8 *inbuf)
40864 +void __cast6_encrypt(void *_c, u8 *outbuf, const u8 *inbuf)
40865 {
40866 + struct cast6_ctx *c = _c;
40867 const __be32 *src = (const __be32 *)inbuf;
40868 __be32 *dst = (__be32 *)outbuf;
40869 u32 block[4];
40870 @@ -219,8 +220,9 @@ static void cast6_encrypt(struct crypto_tfm *tfm, u8 *outbuf, const u8 *inbuf)
40871 __cast6_encrypt(crypto_tfm_ctx(tfm), outbuf, inbuf);
40872 }
40873
40874 -void __cast6_decrypt(struct cast6_ctx *c, u8 *outbuf, const u8 *inbuf)
40875 +void __cast6_decrypt(void *_c, u8 *outbuf, const u8 *inbuf)
40876 {
40877 + struct cast6_ctx *c = _c;
40878 const __be32 *src = (const __be32 *)inbuf;
40879 __be32 *dst = (__be32 *)outbuf;
40880 u32 block[4];
40881 diff --git a/crypto/cryptd.c b/crypto/cryptd.c
40882 index 0c654e5..cf01e3e 100644
40883 --- a/crypto/cryptd.c
40884 +++ b/crypto/cryptd.c
40885 @@ -65,7 +65,7 @@ struct cryptd_blkcipher_ctx {
40886
40887 struct cryptd_blkcipher_request_ctx {
40888 crypto_completion_t complete;
40889 -};
40890 +} __no_const;
40891
40892 struct cryptd_hash_ctx {
40893 atomic_t refcnt;
40894 @@ -84,7 +84,7 @@ struct cryptd_aead_ctx {
40895
40896 struct cryptd_aead_request_ctx {
40897 crypto_completion_t complete;
40898 -};
40899 +} __no_const;
40900
40901 static void cryptd_queue_worker(struct work_struct *work);
40902
40903 diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
40904 index 1c57054..e029935 100644
40905 --- a/crypto/crypto_user.c
40906 +++ b/crypto/crypto_user.c
40907 @@ -490,7 +490,7 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
40908 dump_alloc += CRYPTO_REPORT_MAXSIZE;
40909
40910 {
40911 - struct netlink_dump_control c = {
40912 + netlink_dump_control_no_const c = {
40913 .dump = link->dump,
40914 .done = link->done,
40915 .min_dump_alloc = dump_alloc,
40916 diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
40917 index ee9cfb9..30b36ed 100644
40918 --- a/crypto/pcrypt.c
40919 +++ b/crypto/pcrypt.c
40920 @@ -392,7 +392,7 @@ static int pcrypt_sysfs_add(struct padata_instance *pinst, const char *name)
40921 int ret;
40922
40923 pinst->kobj.kset = pcrypt_kset;
40924 - ret = kobject_add(&pinst->kobj, NULL, name);
40925 + ret = kobject_add(&pinst->kobj, NULL, "%s", name);
40926 if (!ret)
40927 kobject_uevent(&pinst->kobj, KOBJ_ADD);
40928
40929 diff --git a/crypto/salsa20_generic.c b/crypto/salsa20_generic.c
40930 index f550b5d..8488beb 100644
40931 --- a/crypto/salsa20_generic.c
40932 +++ b/crypto/salsa20_generic.c
40933 @@ -104,7 +104,7 @@ static void salsa20_wordtobyte(u8 output[64], const u32 input[16])
40934 static const char sigma[16] = "expand 32-byte k";
40935 static const char tau[16] = "expand 16-byte k";
40936
40937 -static void salsa20_keysetup(struct salsa20_ctx *ctx, const u8 *k, u32 kbytes)
40938 +static void __salsa20_keysetup(struct salsa20_ctx *ctx, const u8 *k, u32 kbytes)
40939 {
40940 const char *constants;
40941
40942 @@ -128,7 +128,7 @@ static void salsa20_keysetup(struct salsa20_ctx *ctx, const u8 *k, u32 kbytes)
40943 ctx->input[15] = U8TO32_LITTLE(constants + 12);
40944 }
40945
40946 -static void salsa20_ivsetup(struct salsa20_ctx *ctx, const u8 *iv)
40947 +static void __salsa20_ivsetup(struct salsa20_ctx *ctx, const u8 *iv)
40948 {
40949 ctx->input[6] = U8TO32_LITTLE(iv + 0);
40950 ctx->input[7] = U8TO32_LITTLE(iv + 4);
40951 @@ -136,7 +136,7 @@ static void salsa20_ivsetup(struct salsa20_ctx *ctx, const u8 *iv)
40952 ctx->input[9] = 0;
40953 }
40954
40955 -static void salsa20_encrypt_bytes(struct salsa20_ctx *ctx, u8 *dst,
40956 +static void __salsa20_encrypt_bytes(struct salsa20_ctx *ctx, u8 *dst,
40957 const u8 *src, unsigned int bytes)
40958 {
40959 u8 buf[64];
40960 @@ -170,7 +170,7 @@ static int setkey(struct crypto_tfm *tfm, const u8 *key,
40961 unsigned int keysize)
40962 {
40963 struct salsa20_ctx *ctx = crypto_tfm_ctx(tfm);
40964 - salsa20_keysetup(ctx, key, keysize);
40965 + __salsa20_keysetup(ctx, key, keysize);
40966 return 0;
40967 }
40968
40969 @@ -186,24 +186,24 @@ static int encrypt(struct blkcipher_desc *desc,
40970 blkcipher_walk_init(&walk, dst, src, nbytes);
40971 err = blkcipher_walk_virt_block(desc, &walk, 64);
40972
40973 - salsa20_ivsetup(ctx, walk.iv);
40974 + __salsa20_ivsetup(ctx, walk.iv);
40975
40976 if (likely(walk.nbytes == nbytes))
40977 {
40978 - salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,
40979 + __salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,
40980 walk.src.virt.addr, nbytes);
40981 return blkcipher_walk_done(desc, &walk, 0);
40982 }
40983
40984 while (walk.nbytes >= 64) {
40985 - salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,
40986 + __salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,
40987 walk.src.virt.addr,
40988 walk.nbytes - (walk.nbytes % 64));
40989 err = blkcipher_walk_done(desc, &walk, walk.nbytes % 64);
40990 }
40991
40992 if (walk.nbytes) {
40993 - salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,
40994 + __salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,
40995 walk.src.virt.addr, walk.nbytes);
40996 err = blkcipher_walk_done(desc, &walk, 0);
40997 }
40998 diff --git a/crypto/scatterwalk.c b/crypto/scatterwalk.c
40999 index 52ce17a..fc10b38 100644
41000 --- a/crypto/scatterwalk.c
41001 +++ b/crypto/scatterwalk.c
41002 @@ -62,14 +62,20 @@ void scatterwalk_map_and_copy(void *buf, struct scatterlist *sg,
41003 {
41004 struct scatter_walk walk;
41005 struct scatterlist tmp[2];
41006 + void *realbuf = buf;
41007
41008 if (!nbytes)
41009 return;
41010
41011 sg = scatterwalk_ffwd(tmp, sg, start);
41012
41013 - if (sg_page(sg) == virt_to_page(buf) &&
41014 - sg->offset == offset_in_page(buf))
41015 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
41016 + if (object_starts_on_stack(buf))
41017 + realbuf = buf - current->stack + current->lowmem_stack;
41018 +#endif
41019 +
41020 + if (sg_page(sg) == virt_to_page(realbuf) &&
41021 + sg->offset == offset_in_page(realbuf))
41022 return;
41023
41024 scatterwalk_start(&walk, sg);
41025 diff --git a/crypto/serpent_generic.c b/crypto/serpent_generic.c
41026 index 94970a7..f0c8d26 100644
41027 --- a/crypto/serpent_generic.c
41028 +++ b/crypto/serpent_generic.c
41029 @@ -442,8 +442,9 @@ int serpent_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
41030 }
41031 EXPORT_SYMBOL_GPL(serpent_setkey);
41032
41033 -void __serpent_encrypt(struct serpent_ctx *ctx, u8 *dst, const u8 *src)
41034 +void __serpent_encrypt(void *_ctx, u8 *dst, const u8 *src)
41035 {
41036 + struct serpent_ctx *ctx = _ctx;
41037 const u32 *k = ctx->expkey;
41038 const __le32 *s = (const __le32 *)src;
41039 __le32 *d = (__le32 *)dst;
41040 @@ -507,8 +508,9 @@ static void serpent_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
41041 __serpent_encrypt(ctx, dst, src);
41042 }
41043
41044 -void __serpent_decrypt(struct serpent_ctx *ctx, u8 *dst, const u8 *src)
41045 +void __serpent_decrypt(void *_ctx, u8 *dst, const u8 *src)
41046 {
41047 + struct serpent_ctx *ctx = _ctx;
41048 const u32 *k = ctx->expkey;
41049 const __le32 *s = (const __le32 *)src;
41050 __le32 *d = (__le32 *)dst;
41051 diff --git a/drivers/acpi/ac.c b/drivers/acpi/ac.c
41052 index f71b756..b96847c 100644
41053 --- a/drivers/acpi/ac.c
41054 +++ b/drivers/acpi/ac.c
41055 @@ -70,7 +70,7 @@ static SIMPLE_DEV_PM_OPS(acpi_ac_pm, NULL, acpi_ac_resume);
41056
41057 #ifdef CONFIG_ACPI_PROCFS_POWER
41058 extern struct proc_dir_entry *acpi_lock_ac_dir(void);
41059 -extern void *acpi_unlock_ac_dir(struct proc_dir_entry *acpi_ac_dir);
41060 +extern void acpi_unlock_ac_dir(struct proc_dir_entry *acpi_ac_dir);
41061 static int acpi_ac_open_fs(struct inode *inode, struct file *file);
41062 #endif
41063
41064 diff --git a/drivers/acpi/acpi_video.c b/drivers/acpi/acpi_video.c
41065 index c5557d0..8ece624 100644
41066 --- a/drivers/acpi/acpi_video.c
41067 +++ b/drivers/acpi/acpi_video.c
41068 @@ -406,7 +406,7 @@ static int video_set_report_key_events(const struct dmi_system_id *id)
41069 return 0;
41070 }
41071
41072 -static struct dmi_system_id video_dmi_table[] = {
41073 +static const struct dmi_system_id video_dmi_table[] = {
41074 /*
41075 * Broken _BQC workaround http://bugzilla.kernel.org/show_bug.cgi?id=13121
41076 */
41077 diff --git a/drivers/acpi/acpica/acutils.h b/drivers/acpi/acpica/acutils.h
41078 index a7dbb2b..93e986e 100644
41079 --- a/drivers/acpi/acpica/acutils.h
41080 +++ b/drivers/acpi/acpica/acutils.h
41081 @@ -274,7 +274,7 @@ void acpi_ut_init_stack_ptr_trace(void);
41082
41083 void acpi_ut_track_stack_ptr(void);
41084
41085 -void
41086 +__nocapture(2) void
41087 acpi_ut_trace(u32 line_number,
41088 const char *function_name,
41089 const char *module_name, u32 component_id);
41090 diff --git a/drivers/acpi/acpica/dbhistry.c b/drivers/acpi/acpica/dbhistry.c
41091 index 46bd65d..ec9da48 100644
41092 --- a/drivers/acpi/acpica/dbhistry.c
41093 +++ b/drivers/acpi/acpica/dbhistry.c
41094 @@ -155,7 +155,7 @@ void acpi_db_display_history(void)
41095
41096 for (i = 0; i < acpi_gbl_num_history; i++) {
41097 if (acpi_gbl_history_buffer[history_index].command) {
41098 - acpi_os_printf("%3ld %s\n",
41099 + acpi_os_printf("%3u %s\n",
41100 acpi_gbl_history_buffer[history_index].
41101 cmd_num,
41102 acpi_gbl_history_buffer[history_index].
41103 diff --git a/drivers/acpi/acpica/dbinput.c b/drivers/acpi/acpica/dbinput.c
41104 index 7cd5d2e..a837ce6 100644
41105 --- a/drivers/acpi/acpica/dbinput.c
41106 +++ b/drivers/acpi/acpica/dbinput.c
41107 @@ -606,7 +606,7 @@ static u32 acpi_db_get_line(char *input_buffer)
41108 (acpi_gbl_db_parsed_buf, sizeof(acpi_gbl_db_parsed_buf),
41109 input_buffer)) {
41110 acpi_os_printf
41111 - ("Buffer overflow while parsing input line (max %u characters)\n",
41112 + ("Buffer overflow while parsing input line (max %lu characters)\n",
41113 sizeof(acpi_gbl_db_parsed_buf));
41114 return (0);
41115 }
41116 @@ -862,24 +862,24 @@ acpi_db_command_dispatch(char *input_buffer,
41117
41118 if (param_count == 0) {
41119 acpi_os_printf
41120 - ("Current debug level for file output is: %8.8lX\n",
41121 + ("Current debug level for file output is: %8.8X\n",
41122 acpi_gbl_db_debug_level);
41123 acpi_os_printf
41124 - ("Current debug level for console output is: %8.8lX\n",
41125 + ("Current debug level for console output is: %8.8X\n",
41126 acpi_gbl_db_console_debug_level);
41127 } else if (param_count == 2) {
41128 temp = acpi_gbl_db_console_debug_level;
41129 acpi_gbl_db_console_debug_level =
41130 strtoul(acpi_gbl_db_args[1], NULL, 16);
41131 acpi_os_printf
41132 - ("Debug Level for console output was %8.8lX, now %8.8lX\n",
41133 + ("Debug Level for console output was %8.8X, now %8.8X\n",
41134 temp, acpi_gbl_db_console_debug_level);
41135 } else {
41136 temp = acpi_gbl_db_debug_level;
41137 acpi_gbl_db_debug_level =
41138 strtoul(acpi_gbl_db_args[1], NULL, 16);
41139 acpi_os_printf
41140 - ("Debug Level for file output was %8.8lX, now %8.8lX\n",
41141 + ("Debug Level for file output was %8.8X, now %8.8X\n",
41142 temp, acpi_gbl_db_debug_level);
41143 }
41144 break;
41145 diff --git a/drivers/acpi/acpica/dbstats.c b/drivers/acpi/acpica/dbstats.c
41146 index a414e1f..de70230 100644
41147 --- a/drivers/acpi/acpica/dbstats.c
41148 +++ b/drivers/acpi/acpica/dbstats.c
41149 @@ -377,17 +377,17 @@ acpi_status acpi_db_display_statistics(char *type_arg)
41150 "ACPI_TYPE", "NODES", "OBJECTS");
41151
41152 for (i = 0; i < ACPI_TYPE_NS_NODE_MAX; i++) {
41153 - acpi_os_printf("%16.16s % 10ld% 10ld\n",
41154 + acpi_os_printf("%16.16s % 10d% 10d\n",
41155 acpi_ut_get_type_name(i),
41156 acpi_gbl_node_type_count[i],
41157 acpi_gbl_obj_type_count[i]);
41158 }
41159
41160 - acpi_os_printf("%16.16s % 10ld% 10ld\n", "Misc/Unknown",
41161 + acpi_os_printf("%16.16s % 10d% 10d\n", "Misc/Unknown",
41162 acpi_gbl_node_type_count_misc,
41163 acpi_gbl_obj_type_count_misc);
41164
41165 - acpi_os_printf("%16.16s % 10ld% 10ld\n", "TOTALS:",
41166 + acpi_os_printf("%16.16s % 10d% 10d\n", "TOTALS:",
41167 acpi_gbl_num_nodes, acpi_gbl_num_objects);
41168 break;
41169
41170 @@ -415,16 +415,16 @@ acpi_status acpi_db_display_statistics(char *type_arg)
41171 case CMD_STAT_MISC:
41172
41173 acpi_os_printf("\nMiscellaneous Statistics:\n\n");
41174 - acpi_os_printf("Calls to AcpiPsFind:.. ........% 7ld\n",
41175 + acpi_os_printf("Calls to AcpiPsFind:.. ........% 7u\n",
41176 acpi_gbl_ps_find_count);
41177 - acpi_os_printf("Calls to AcpiNsLookup:..........% 7ld\n",
41178 + acpi_os_printf("Calls to AcpiNsLookup:..........% 7u\n",
41179 acpi_gbl_ns_lookup_count);
41180
41181 acpi_os_printf("\n");
41182
41183 acpi_os_printf("Mutex usage:\n\n");
41184 for (i = 0; i < ACPI_NUM_MUTEX; i++) {
41185 - acpi_os_printf("%-28s: % 7ld\n",
41186 + acpi_os_printf("%-28s: % 7u\n",
41187 acpi_ut_get_mutex_name(i),
41188 acpi_gbl_mutex_info[i].use_count);
41189 }
41190 @@ -434,87 +434,87 @@ acpi_status acpi_db_display_statistics(char *type_arg)
41191
41192 acpi_os_printf("\nInternal object sizes:\n\n");
41193
41194 - acpi_os_printf("Common %3d\n",
41195 + acpi_os_printf("Common %3lu\n",
41196 sizeof(struct acpi_object_common));
41197 - acpi_os_printf("Number %3d\n",
41198 + acpi_os_printf("Number %3lu\n",
41199 sizeof(struct acpi_object_integer));
41200 - acpi_os_printf("String %3d\n",
41201 + acpi_os_printf("String %3lu\n",
41202 sizeof(struct acpi_object_string));
41203 - acpi_os_printf("Buffer %3d\n",
41204 + acpi_os_printf("Buffer %3lu\n",
41205 sizeof(struct acpi_object_buffer));
41206 - acpi_os_printf("Package %3d\n",
41207 + acpi_os_printf("Package %3lu\n",
41208 sizeof(struct acpi_object_package));
41209 - acpi_os_printf("BufferField %3d\n",
41210 + acpi_os_printf("BufferField %3lu\n",
41211 sizeof(struct acpi_object_buffer_field));
41212 - acpi_os_printf("Device %3d\n",
41213 + acpi_os_printf("Device %3lu\n",
41214 sizeof(struct acpi_object_device));
41215 - acpi_os_printf("Event %3d\n",
41216 + acpi_os_printf("Event %3lu\n",
41217 sizeof(struct acpi_object_event));
41218 - acpi_os_printf("Method %3d\n",
41219 + acpi_os_printf("Method %3lu\n",
41220 sizeof(struct acpi_object_method));
41221 - acpi_os_printf("Mutex %3d\n",
41222 + acpi_os_printf("Mutex %3lu\n",
41223 sizeof(struct acpi_object_mutex));
41224 - acpi_os_printf("Region %3d\n",
41225 + acpi_os_printf("Region %3lu\n",
41226 sizeof(struct acpi_object_region));
41227 - acpi_os_printf("PowerResource %3d\n",
41228 + acpi_os_printf("PowerResource %3lu\n",
41229 sizeof(struct acpi_object_power_resource));
41230 - acpi_os_printf("Processor %3d\n",
41231 + acpi_os_printf("Processor %3lu\n",
41232 sizeof(struct acpi_object_processor));
41233 - acpi_os_printf("ThermalZone %3d\n",
41234 + acpi_os_printf("ThermalZone %3lu\n",
41235 sizeof(struct acpi_object_thermal_zone));
41236 - acpi_os_printf("RegionField %3d\n",
41237 + acpi_os_printf("RegionField %3lu\n",
41238 sizeof(struct acpi_object_region_field));
41239 - acpi_os_printf("BankField %3d\n",
41240 + acpi_os_printf("BankField %3lu\n",
41241 sizeof(struct acpi_object_bank_field));
41242 - acpi_os_printf("IndexField %3d\n",
41243 + acpi_os_printf("IndexField %3lu\n",
41244 sizeof(struct acpi_object_index_field));
41245 - acpi_os_printf("Reference %3d\n",
41246 + acpi_os_printf("Reference %3lu\n",
41247 sizeof(struct acpi_object_reference));
41248 - acpi_os_printf("Notify %3d\n",
41249 + acpi_os_printf("Notify %3lu\n",
41250 sizeof(struct acpi_object_notify_handler));
41251 - acpi_os_printf("AddressSpace %3d\n",
41252 + acpi_os_printf("AddressSpace %3lu\n",
41253 sizeof(struct acpi_object_addr_handler));
41254 - acpi_os_printf("Extra %3d\n",
41255 + acpi_os_printf("Extra %3lu\n",
41256 sizeof(struct acpi_object_extra));
41257 - acpi_os_printf("Data %3d\n",
41258 + acpi_os_printf("Data %3lu\n",
41259 sizeof(struct acpi_object_data));
41260
41261 acpi_os_printf("\n");
41262
41263 - acpi_os_printf("ParseObject %3d\n",
41264 + acpi_os_printf("ParseObject %3lu\n",
41265 sizeof(struct acpi_parse_obj_common));
41266 - acpi_os_printf("ParseObjectNamed %3d\n",
41267 + acpi_os_printf("ParseObjectNamed %3lu\n",
41268 sizeof(struct acpi_parse_obj_named));
41269 - acpi_os_printf("ParseObjectAsl %3d\n",
41270 + acpi_os_printf("ParseObjectAsl %3lu\n",
41271 sizeof(struct acpi_parse_obj_asl));
41272 - acpi_os_printf("OperandObject %3d\n",
41273 + acpi_os_printf("OperandObject %3lu\n",
41274 sizeof(union acpi_operand_object));
41275 - acpi_os_printf("NamespaceNode %3d\n",
41276 + acpi_os_printf("NamespaceNode %3lu\n",
41277 sizeof(struct acpi_namespace_node));
41278 - acpi_os_printf("AcpiObject %3d\n",
41279 + acpi_os_printf("AcpiObject %3lu\n",
41280 sizeof(union acpi_object));
41281
41282 acpi_os_printf("\n");
41283
41284 - acpi_os_printf("Generic State %3d\n",
41285 + acpi_os_printf("Generic State %3lu\n",
41286 sizeof(union acpi_generic_state));
41287 - acpi_os_printf("Common State %3d\n",
41288 + acpi_os_printf("Common State %3lu\n",
41289 sizeof(struct acpi_common_state));
41290 - acpi_os_printf("Control State %3d\n",
41291 + acpi_os_printf("Control State %3lu\n",
41292 sizeof(struct acpi_control_state));
41293 - acpi_os_printf("Update State %3d\n",
41294 + acpi_os_printf("Update State %3lu\n",
41295 sizeof(struct acpi_update_state));
41296 - acpi_os_printf("Scope State %3d\n",
41297 + acpi_os_printf("Scope State %3lu\n",
41298 sizeof(struct acpi_scope_state));
41299 - acpi_os_printf("Parse Scope %3d\n",
41300 + acpi_os_printf("Parse Scope %3lu\n",
41301 sizeof(struct acpi_pscope_state));
41302 - acpi_os_printf("Package State %3d\n",
41303 + acpi_os_printf("Package State %3lu\n",
41304 sizeof(struct acpi_pkg_state));
41305 - acpi_os_printf("Thread State %3d\n",
41306 + acpi_os_printf("Thread State %3lu\n",
41307 sizeof(struct acpi_thread_state));
41308 - acpi_os_printf("Result Values %3d\n",
41309 + acpi_os_printf("Result Values %3lu\n",
41310 sizeof(struct acpi_result_values));
41311 - acpi_os_printf("Notify Info %3d\n",
41312 + acpi_os_printf("Notify Info %3lu\n",
41313 sizeof(struct acpi_notify_info));
41314 break;
41315
41316 diff --git a/drivers/acpi/acpica/hwxfsleep.c b/drivers/acpi/acpica/hwxfsleep.c
41317 index f76e0ea..4b83315 100644
41318 --- a/drivers/acpi/acpica/hwxfsleep.c
41319 +++ b/drivers/acpi/acpica/hwxfsleep.c
41320 @@ -70,11 +70,12 @@ static acpi_status acpi_hw_sleep_dispatch(u8 sleep_state, u32 function_id);
41321 /* Legacy functions are optional, based upon ACPI_REDUCED_HARDWARE */
41322
41323 static struct acpi_sleep_functions acpi_sleep_dispatch[] = {
41324 - {ACPI_HW_OPTIONAL_FUNCTION(acpi_hw_legacy_sleep),
41325 - acpi_hw_extended_sleep},
41326 - {ACPI_HW_OPTIONAL_FUNCTION(acpi_hw_legacy_wake_prep),
41327 - acpi_hw_extended_wake_prep},
41328 - {ACPI_HW_OPTIONAL_FUNCTION(acpi_hw_legacy_wake), acpi_hw_extended_wake}
41329 + {.legacy_function = ACPI_HW_OPTIONAL_FUNCTION(acpi_hw_legacy_sleep),
41330 + .extended_function = acpi_hw_extended_sleep},
41331 + {.legacy_function = ACPI_HW_OPTIONAL_FUNCTION(acpi_hw_legacy_wake_prep),
41332 + .extended_function = acpi_hw_extended_wake_prep},
41333 + {.legacy_function = ACPI_HW_OPTIONAL_FUNCTION(acpi_hw_legacy_wake),
41334 + .extended_function = acpi_hw_extended_wake}
41335 };
41336
41337 /*
41338 diff --git a/drivers/acpi/acpica/utdebug.c b/drivers/acpi/acpica/utdebug.c
41339 index 5744222..4ac231a 100644
41340 --- a/drivers/acpi/acpica/utdebug.c
41341 +++ b/drivers/acpi/acpica/utdebug.c
41342 @@ -189,7 +189,7 @@ acpi_debug_print(u32 requested_debug_level,
41343 * Display the module name, current line number, thread ID (if requested),
41344 * current procedure nesting level, and the current procedure name
41345 */
41346 - acpi_os_printf("%9s-%04ld ", module_name, line_number);
41347 + acpi_os_printf("%9s-%04u ", module_name, line_number);
41348
41349 #ifdef ACPI_APPLICATION
41350 /*
41351 diff --git a/drivers/acpi/apei/apei-internal.h b/drivers/acpi/apei/apei-internal.h
41352 index 6e9f14c..7f9a99d 100644
41353 --- a/drivers/acpi/apei/apei-internal.h
41354 +++ b/drivers/acpi/apei/apei-internal.h
41355 @@ -19,7 +19,7 @@ typedef int (*apei_exec_ins_func_t)(struct apei_exec_context *ctx,
41356 struct apei_exec_ins_type {
41357 u32 flags;
41358 apei_exec_ins_func_t run;
41359 -};
41360 +} __do_const;
41361
41362 struct apei_exec_context {
41363 u32 ip;
41364 diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c
41365 index 60746ef..02a1ddc 100644
41366 --- a/drivers/acpi/apei/ghes.c
41367 +++ b/drivers/acpi/apei/ghes.c
41368 @@ -483,7 +483,7 @@ static void __ghes_print_estatus(const char *pfx,
41369 const struct acpi_hest_generic *generic,
41370 const struct acpi_hest_generic_status *estatus)
41371 {
41372 - static atomic_t seqno;
41373 + static atomic_unchecked_t seqno;
41374 unsigned int curr_seqno;
41375 char pfx_seq[64];
41376
41377 @@ -494,7 +494,7 @@ static void __ghes_print_estatus(const char *pfx,
41378 else
41379 pfx = KERN_ERR;
41380 }
41381 - curr_seqno = atomic_inc_return(&seqno);
41382 + curr_seqno = atomic_inc_return_unchecked(&seqno);
41383 snprintf(pfx_seq, sizeof(pfx_seq), "%s{%u}" HW_ERR, pfx, curr_seqno);
41384 printk("%s""Hardware error from APEI Generic Hardware Error Source: %d\n",
41385 pfx_seq, generic->header.source_id);
41386 @@ -544,7 +544,7 @@ static int ghes_estatus_cached(struct acpi_hest_generic_status *estatus)
41387 cache_estatus = GHES_ESTATUS_FROM_CACHE(cache);
41388 if (memcmp(estatus, cache_estatus, len))
41389 continue;
41390 - atomic_inc(&cache->count);
41391 + atomic_inc_unchecked(&cache->count);
41392 now = sched_clock();
41393 if (now - cache->time_in < GHES_ESTATUS_IN_CACHE_MAX_NSEC)
41394 cached = 1;
41395 @@ -578,7 +578,7 @@ static struct ghes_estatus_cache *ghes_estatus_cache_alloc(
41396 cache_estatus = GHES_ESTATUS_FROM_CACHE(cache);
41397 memcpy(cache_estatus, estatus, len);
41398 cache->estatus_len = len;
41399 - atomic_set(&cache->count, 0);
41400 + atomic_set_unchecked(&cache->count, 0);
41401 cache->generic = generic;
41402 cache->time_in = sched_clock();
41403 return cache;
41404 @@ -628,7 +628,7 @@ static void ghes_estatus_cache_add(
41405 slot_cache = cache;
41406 break;
41407 }
41408 - count = atomic_read(&cache->count);
41409 + count = atomic_read_unchecked(&cache->count);
41410 period = duration;
41411 do_div(period, (count + 1));
41412 if (period > max_period) {
41413 diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c
41414 index ab23479..9aa32bf 100644
41415 --- a/drivers/acpi/battery.c
41416 +++ b/drivers/acpi/battery.c
41417 @@ -75,7 +75,7 @@ MODULE_PARM_DESC(cache_time, "cache time in milliseconds");
41418
41419 #ifdef CONFIG_ACPI_PROCFS_POWER
41420 extern struct proc_dir_entry *acpi_lock_battery_dir(void);
41421 -extern void *acpi_unlock_battery_dir(struct proc_dir_entry *acpi_battery_dir);
41422 +extern void acpi_unlock_battery_dir(struct proc_dir_entry *acpi_battery_dir);
41423
41424 enum acpi_battery_files {
41425 info_tag = 0,
41426 diff --git a/drivers/acpi/bgrt.c b/drivers/acpi/bgrt.c
41427 index 75f128e..0fbae68 100644
41428 --- a/drivers/acpi/bgrt.c
41429 +++ b/drivers/acpi/bgrt.c
41430 @@ -17,40 +17,40 @@
41431
41432 static struct kobject *bgrt_kobj;
41433
41434 -static ssize_t show_version(struct device *dev,
41435 - struct device_attribute *attr, char *buf)
41436 +static ssize_t show_version(struct kobject *kobj,
41437 + struct kobj_attribute *attr, char *buf)
41438 {
41439 return snprintf(buf, PAGE_SIZE, "%d\n", bgrt_tab->version);
41440 }
41441 -static DEVICE_ATTR(version, S_IRUGO, show_version, NULL);
41442 +static KOBJECT_ATTR(version, S_IRUGO, show_version, NULL);
41443
41444 -static ssize_t show_status(struct device *dev,
41445 - struct device_attribute *attr, char *buf)
41446 +static ssize_t show_status(struct kobject *kobj,
41447 + struct kobj_attribute *attr, char *buf)
41448 {
41449 return snprintf(buf, PAGE_SIZE, "%d\n", bgrt_tab->status);
41450 }
41451 -static DEVICE_ATTR(status, S_IRUGO, show_status, NULL);
41452 +static KOBJECT_ATTR(status, S_IRUGO, show_status, NULL);
41453
41454 -static ssize_t show_type(struct device *dev,
41455 - struct device_attribute *attr, char *buf)
41456 +static ssize_t show_type(struct kobject *kobj,
41457 + struct kobj_attribute *attr, char *buf)
41458 {
41459 return snprintf(buf, PAGE_SIZE, "%d\n", bgrt_tab->image_type);
41460 }
41461 -static DEVICE_ATTR(type, S_IRUGO, show_type, NULL);
41462 +static KOBJECT_ATTR(type, S_IRUGO, show_type, NULL);
41463
41464 -static ssize_t show_xoffset(struct device *dev,
41465 - struct device_attribute *attr, char *buf)
41466 +static ssize_t show_xoffset(struct kobject *kobj,
41467 + struct kobj_attribute *attr, char *buf)
41468 {
41469 return snprintf(buf, PAGE_SIZE, "%d\n", bgrt_tab->image_offset_x);
41470 }
41471 -static DEVICE_ATTR(xoffset, S_IRUGO, show_xoffset, NULL);
41472 +static KOBJECT_ATTR(xoffset, S_IRUGO, show_xoffset, NULL);
41473
41474 -static ssize_t show_yoffset(struct device *dev,
41475 - struct device_attribute *attr, char *buf)
41476 +static ssize_t show_yoffset(struct kobject *kobj,
41477 + struct kobj_attribute *attr, char *buf)
41478 {
41479 return snprintf(buf, PAGE_SIZE, "%d\n", bgrt_tab->image_offset_y);
41480 }
41481 -static DEVICE_ATTR(yoffset, S_IRUGO, show_yoffset, NULL);
41482 +static KOBJECT_ATTR(yoffset, S_IRUGO, show_yoffset, NULL);
41483
41484 static ssize_t image_read(struct file *file, struct kobject *kobj,
41485 struct bin_attribute *attr, char *buf, loff_t off, size_t count)
41486 @@ -87,8 +87,10 @@ static int __init bgrt_init(void)
41487 if (!bgrt_image)
41488 return -ENODEV;
41489
41490 - bin_attr_image.private = bgrt_image;
41491 - bin_attr_image.size = bgrt_image_size;
41492 + pax_open_kernel();
41493 + const_cast(bin_attr_image.private) = bgrt_image;
41494 + const_cast(bin_attr_image.size) = bgrt_image_size;
41495 + pax_close_kernel();
41496
41497 bgrt_kobj = kobject_create_and_add("bgrt", acpi_kobj);
41498 if (!bgrt_kobj)
41499 diff --git a/drivers/acpi/blacklist.c b/drivers/acpi/blacklist.c
41500 index bdc67ba..a82756b 100644
41501 --- a/drivers/acpi/blacklist.c
41502 +++ b/drivers/acpi/blacklist.c
41503 @@ -47,13 +47,13 @@ struct acpi_blacklist_item {
41504 u32 is_critical_error;
41505 };
41506
41507 -static struct dmi_system_id acpi_rev_dmi_table[] __initdata;
41508 +static const struct dmi_system_id acpi_rev_dmi_table[] __initconst;
41509
41510 /*
41511 * POLICY: If *anything* doesn't work, put it on the blacklist.
41512 * If they are critical errors, mark it critical, and abort driver load.
41513 */
41514 -static struct acpi_blacklist_item acpi_blacklist[] __initdata = {
41515 +static const struct acpi_blacklist_item acpi_blacklist[] __initconst = {
41516 /* Compaq Presario 1700 */
41517 {"PTLTD ", " DSDT ", 0x06040000, ACPI_SIG_DSDT, less_than_or_equal,
41518 "Multiple problems", 1},
41519 @@ -144,7 +144,7 @@ static int __init dmi_enable_rev_override(const struct dmi_system_id *d)
41520 }
41521 #endif
41522
41523 -static struct dmi_system_id acpi_rev_dmi_table[] __initdata = {
41524 +static const struct dmi_system_id acpi_rev_dmi_table[] __initconst = {
41525 #ifdef CONFIG_ACPI_REV_OVERRIDE_POSSIBLE
41526 /*
41527 * DELL XPS 13 (2015) switches sound between HDA and I2S
41528 diff --git a/drivers/acpi/bus.c b/drivers/acpi/bus.c
41529 index 85b7d07..cfc2a30 100644
41530 --- a/drivers/acpi/bus.c
41531 +++ b/drivers/acpi/bus.c
41532 @@ -66,7 +66,7 @@ static int set_copy_dsdt(const struct dmi_system_id *id)
41533 }
41534 #endif
41535
41536 -static struct dmi_system_id dsdt_dmi_table[] __initdata = {
41537 +static const struct dmi_system_id dsdt_dmi_table[] __initconst = {
41538 /*
41539 * Invoke DSDT corruption work-around on all Toshiba Satellite.
41540 * https://bugzilla.kernel.org/show_bug.cgi?id=14679
41541 @@ -82,7 +82,7 @@ static struct dmi_system_id dsdt_dmi_table[] __initdata = {
41542 {}
41543 };
41544 #else
41545 -static struct dmi_system_id dsdt_dmi_table[] __initdata = {
41546 +static const struct dmi_system_id dsdt_dmi_table[] __initconst = {
41547 {}
41548 };
41549 #endif
41550 diff --git a/drivers/acpi/button.c b/drivers/acpi/button.c
41551 index 31abb0b..462db58 100644
41552 --- a/drivers/acpi/button.c
41553 +++ b/drivers/acpi/button.c
41554 @@ -477,7 +477,7 @@ static int acpi_button_remove(struct acpi_device *device)
41555 return 0;
41556 }
41557
41558 -static int param_set_lid_init_state(const char *val, struct kernel_param *kp)
41559 +static int param_set_lid_init_state(const char *val, const struct kernel_param *kp)
41560 {
41561 int result = 0;
41562
41563 @@ -495,7 +495,7 @@ static int param_set_lid_init_state(const char *val, struct kernel_param *kp)
41564 return result;
41565 }
41566
41567 -static int param_get_lid_init_state(char *buffer, struct kernel_param *kp)
41568 +static int param_get_lid_init_state(char *buffer, const struct kernel_param *kp)
41569 {
41570 switch (lid_init_state) {
41571 case ACPI_BUTTON_LID_INIT_OPEN:
41572 diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
41573 index c68e724..e863008 100644
41574 --- a/drivers/acpi/custom_method.c
41575 +++ b/drivers/acpi/custom_method.c
41576 @@ -29,6 +29,10 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
41577 struct acpi_table_header table;
41578 acpi_status status;
41579
41580 +#ifdef CONFIG_GRKERNSEC_KMEM
41581 + return -EPERM;
41582 +#endif
41583 +
41584 if (!(*ppos)) {
41585 /* parse the table header to get the table length */
41586 if (count <= sizeof(struct acpi_table_header))
41587 diff --git a/drivers/acpi/device_pm.c b/drivers/acpi/device_pm.c
41588 index 993fd31..cc15d14 100644
41589 --- a/drivers/acpi/device_pm.c
41590 +++ b/drivers/acpi/device_pm.c
41591 @@ -1026,6 +1026,8 @@ EXPORT_SYMBOL_GPL(acpi_subsys_freeze);
41592
41593 #endif /* CONFIG_PM_SLEEP */
41594
41595 +static void acpi_dev_pm_detach(struct device *dev, bool power_off);
41596 +
41597 static struct dev_pm_domain acpi_general_pm_domain = {
41598 .ops = {
41599 .runtime_suspend = acpi_subsys_runtime_suspend,
41600 @@ -1042,6 +1044,7 @@ static struct dev_pm_domain acpi_general_pm_domain = {
41601 .restore_early = acpi_subsys_resume_early,
41602 #endif
41603 },
41604 + .detach = acpi_dev_pm_detach
41605 };
41606
41607 /**
41608 @@ -1119,7 +1122,6 @@ int acpi_dev_pm_attach(struct device *dev, bool power_on)
41609 acpi_device_wakeup(adev, ACPI_STATE_S0, false);
41610 }
41611
41612 - dev->pm_domain->detach = acpi_dev_pm_detach;
41613 return 0;
41614 }
41615 EXPORT_SYMBOL_GPL(acpi_dev_pm_attach);
41616 diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c
41617 index e7bd57c..e26a064 100644
41618 --- a/drivers/acpi/ec.c
41619 +++ b/drivers/acpi/ec.c
41620 @@ -1559,7 +1559,7 @@ static int ec_correct_ecdt(const struct dmi_system_id *id)
41621 return 0;
41622 }
41623
41624 -static struct dmi_system_id ec_dmi_table[] __initdata = {
41625 +static const struct dmi_system_id ec_dmi_table[] __initconst = {
41626 {
41627 ec_correct_ecdt, "MSI MS-171F", {
41628 DMI_MATCH(DMI_SYS_VENDOR, "Micro-Star"),
41629 @@ -1619,7 +1619,7 @@ error:
41630 return ret;
41631 }
41632
41633 -static int param_set_event_clearing(const char *val, struct kernel_param *kp)
41634 +static int param_set_event_clearing(const char *val, const struct kernel_param *kp)
41635 {
41636 int result = 0;
41637
41638 @@ -1637,7 +1637,7 @@ static int param_set_event_clearing(const char *val, struct kernel_param *kp)
41639 return result;
41640 }
41641
41642 -static int param_get_event_clearing(char *buffer, struct kernel_param *kp)
41643 +static int param_get_event_clearing(char *buffer, const struct kernel_param *kp)
41644 {
41645 switch (ec_event_clearing) {
41646 case ACPI_EC_EVT_TIMING_STATUS:
41647 diff --git a/drivers/acpi/osi.c b/drivers/acpi/osi.c
41648 index 849f9d2..c97dd81 100644
41649 --- a/drivers/acpi/osi.c
41650 +++ b/drivers/acpi/osi.c
41651 @@ -318,7 +318,7 @@ static int __init dmi_disable_osi_win8(const struct dmi_system_id *d)
41652 * Note that _OSI("Linux")/_OSI("Darwin") determined here can be overridden
41653 * by acpi_osi=!Linux/acpi_osi=!Darwin command line options.
41654 */
41655 -static struct dmi_system_id acpi_osi_dmi_table[] __initdata = {
41656 +static const struct dmi_system_id acpi_osi_dmi_table[] __initconst = {
41657 {
41658 .callback = dmi_disable_osi_vista,
41659 .ident = "Fujitsu Siemens",
41660 diff --git a/drivers/acpi/pci_slot.c b/drivers/acpi/pci_slot.c
41661 index f62c68e..e90b61f 100644
41662 --- a/drivers/acpi/pci_slot.c
41663 +++ b/drivers/acpi/pci_slot.c
41664 @@ -174,7 +174,7 @@ static int do_sta_before_sun(const struct dmi_system_id *d)
41665 return 0;
41666 }
41667
41668 -static struct dmi_system_id acpi_pci_slot_dmi_table[] __initdata = {
41669 +static const struct dmi_system_id acpi_pci_slot_dmi_table[] __initconst = {
41670 /*
41671 * Fujitsu Primequest machines will return 1023 to indicate an
41672 * error if the _SUN method is evaluated on SxFy objects that
41673 diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c
41674 index cea5252..c688abf 100644
41675 --- a/drivers/acpi/processor_idle.c
41676 +++ b/drivers/acpi/processor_idle.c
41677 @@ -841,7 +841,7 @@ static int acpi_processor_setup_cstates(struct acpi_processor *pr)
41678 {
41679 int i, count = CPUIDLE_DRIVER_STATE_START;
41680 struct acpi_processor_cx *cx;
41681 - struct cpuidle_state *state;
41682 + cpuidle_state_no_const *state;
41683 struct cpuidle_driver *drv = &acpi_idle_driver;
41684
41685 if (max_cstate == 0)
41686 @@ -1250,7 +1250,7 @@ static int acpi_processor_setup_lpi_states(struct acpi_processor *pr)
41687 {
41688 int i;
41689 struct acpi_lpi_state *lpi;
41690 - struct cpuidle_state *state;
41691 + cpuidle_state_no_const *state;
41692 struct cpuidle_driver *drv = &acpi_idle_driver;
41693
41694 if (!pr->flags.has_lpi)
41695 diff --git a/drivers/acpi/processor_pdc.c b/drivers/acpi/processor_pdc.c
41696 index 7cfbda4..74f738c 100644
41697 --- a/drivers/acpi/processor_pdc.c
41698 +++ b/drivers/acpi/processor_pdc.c
41699 @@ -173,7 +173,7 @@ static int __init set_no_mwait(const struct dmi_system_id *id)
41700 return 0;
41701 }
41702
41703 -static struct dmi_system_id processor_idle_dmi_table[] __initdata = {
41704 +static const struct dmi_system_id processor_idle_dmi_table[] __initconst = {
41705 {
41706 set_no_mwait, "Extensa 5220", {
41707 DMI_MATCH(DMI_BIOS_VENDOR, "Phoenix Technologies LTD"),
41708 diff --git a/drivers/acpi/sleep.c b/drivers/acpi/sleep.c
41709 index 2b38c1b..61fcc2b 100644
41710 --- a/drivers/acpi/sleep.c
41711 +++ b/drivers/acpi/sleep.c
41712 @@ -171,7 +171,7 @@ static int __init init_nvs_nosave(const struct dmi_system_id *d)
41713 return 0;
41714 }
41715
41716 -static struct dmi_system_id acpisleep_dmi_table[] __initdata = {
41717 +static const struct dmi_system_id acpisleep_dmi_table[] __initconst = {
41718 {
41719 .callback = init_old_suspend_ordering,
41720 .ident = "Abit KN9 (nForce4 variant)",
41721 diff --git a/drivers/acpi/sysfs.c b/drivers/acpi/sysfs.c
41722 index 358165e..5e37640 100644
41723 --- a/drivers/acpi/sysfs.c
41724 +++ b/drivers/acpi/sysfs.c
41725 @@ -227,7 +227,7 @@ module_param_cb(trace_method_name, &param_ops_trace_method, &trace_method_name,
41726 module_param_cb(trace_debug_layer, &param_ops_trace_attrib, &acpi_gbl_trace_dbg_layer, 0644);
41727 module_param_cb(trace_debug_level, &param_ops_trace_attrib, &acpi_gbl_trace_dbg_level, 0644);
41728
41729 -static int param_set_trace_state(const char *val, struct kernel_param *kp)
41730 +static int param_set_trace_state(const char *val, const struct kernel_param *kp)
41731 {
41732 acpi_status status;
41733 const char *method = trace_method_name;
41734 @@ -263,7 +263,7 @@ static int param_set_trace_state(const char *val, struct kernel_param *kp)
41735 return 0;
41736 }
41737
41738 -static int param_get_trace_state(char *buffer, struct kernel_param *kp)
41739 +static int param_get_trace_state(char *buffer, const struct kernel_param *kp)
41740 {
41741 if (!(acpi_gbl_trace_flags & ACPI_TRACE_ENABLED))
41742 return sprintf(buffer, "disable");
41743 @@ -292,7 +292,7 @@ MODULE_PARM_DESC(aml_debug_output,
41744 "To enable/disable the ACPI Debug Object output.");
41745
41746 /* /sys/module/acpi/parameters/acpica_version */
41747 -static int param_get_acpica_version(char *buffer, struct kernel_param *kp)
41748 +static int param_get_acpica_version(char *buffer, const struct kernel_param *kp)
41749 {
41750 int result;
41751
41752 @@ -484,11 +484,11 @@ static u32 num_counters;
41753 static struct attribute **all_attrs;
41754 static u32 acpi_gpe_count;
41755
41756 -static struct attribute_group interrupt_stats_attr_group = {
41757 +static attribute_group_no_const interrupt_stats_attr_group = {
41758 .name = "interrupts",
41759 };
41760
41761 -static struct kobj_attribute *counter_attrs;
41762 +static kobj_attribute_no_const *counter_attrs;
41763
41764 static void delete_gpe_attr_array(void)
41765 {
41766 @@ -774,13 +774,13 @@ static void __exit interrupt_stats_exit(void)
41767 }
41768
41769 static ssize_t
41770 -acpi_show_profile(struct device *dev, struct device_attribute *attr,
41771 +acpi_show_profile(struct kobject *kobj, struct kobj_attribute *attr,
41772 char *buf)
41773 {
41774 return sprintf(buf, "%d\n", acpi_gbl_FADT.preferred_profile);
41775 }
41776
41777 -static const struct device_attribute pm_profile_attr =
41778 +static const struct kobj_attribute pm_profile_attr =
41779 __ATTR(pm_profile, S_IRUGO, acpi_show_profile, NULL);
41780
41781 static ssize_t hotplug_enabled_show(struct kobject *kobj,
41782 diff --git a/drivers/acpi/thermal.c b/drivers/acpi/thermal.c
41783 index f4ebe39..f937534 100644
41784 --- a/drivers/acpi/thermal.c
41785 +++ b/drivers/acpi/thermal.c
41786 @@ -1208,7 +1208,7 @@ static int thermal_psv(const struct dmi_system_id *d) {
41787 return 0;
41788 }
41789
41790 -static struct dmi_system_id thermal_dmi_table[] __initdata = {
41791 +static const struct dmi_system_id thermal_dmi_table[] __initconst = {
41792 /*
41793 * Award BIOS on this AOpen makes thermal control almost worthless.
41794 * http://bugzilla.kernel.org/show_bug.cgi?id=8842
41795 diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c
41796 index a6b36fc53..dc320a6 100644
41797 --- a/drivers/acpi/video_detect.c
41798 +++ b/drivers/acpi/video_detect.c
41799 @@ -41,7 +41,6 @@ ACPI_MODULE_NAME("video");
41800 void acpi_video_unregister_backlight(void);
41801
41802 static bool backlight_notifier_registered;
41803 -static struct notifier_block backlight_nb;
41804 static struct work_struct backlight_notify_work;
41805
41806 static enum acpi_backlight_type acpi_backlight_cmdline = acpi_backlight_undef;
41807 @@ -319,6 +318,10 @@ static int acpi_video_backlight_notify(struct notifier_block *nb,
41808 return NOTIFY_OK;
41809 }
41810
41811 +static struct notifier_block backlight_nb = {
41812 + .notifier_call = acpi_video_backlight_notify,
41813 +};
41814 +
41815 /*
41816 * Determine which type of backlight interface to use on this system,
41817 * First check cmdline, then dmi quirks, then do autodetect.
41818 @@ -349,8 +352,6 @@ enum acpi_backlight_type acpi_video_get_backlight_type(void)
41819 &video_caps, NULL);
41820 INIT_WORK(&backlight_notify_work,
41821 acpi_video_backlight_notify_work);
41822 - backlight_nb.notifier_call = acpi_video_backlight_notify;
41823 - backlight_nb.priority = 0;
41824 if (backlight_register_notifier(&backlight_nb) == 0)
41825 backlight_notifier_registered = true;
41826 init_done = true;
41827 diff --git a/drivers/android/binder.c b/drivers/android/binder.c
41828 index 16288e7..91ab5f3 100644
41829 --- a/drivers/android/binder.c
41830 +++ b/drivers/android/binder.c
41831 @@ -120,7 +120,7 @@ static DECLARE_WAIT_QUEUE_HEAD(binder_user_error_wait);
41832 static int binder_stop_on_user_error;
41833
41834 static int binder_set_stop_on_user_error(const char *val,
41835 - struct kernel_param *kp)
41836 + const struct kernel_param *kp)
41837 {
41838 int ret;
41839
41840 diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
41841 index 223a770..295a507 100644
41842 --- a/drivers/ata/libata-core.c
41843 +++ b/drivers/ata/libata-core.c
41844 @@ -105,7 +105,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev);
41845 static void ata_dev_xfermask(struct ata_device *dev);
41846 static unsigned long ata_dev_blacklisted(const struct ata_device *dev);
41847
41848 -atomic_t ata_print_id = ATOMIC_INIT(0);
41849 +atomic_unchecked_t ata_print_id = ATOMIC_INIT(0);
41850
41851 struct ata_force_param {
41852 const char *name;
41853 @@ -4988,7 +4988,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
41854 struct ata_port *ap;
41855 unsigned int tag;
41856
41857 - WARN_ON_ONCE(qc == NULL); /* ata_qc_from_tag _might_ return NULL */
41858 + BUG_ON(qc == NULL); /* ata_qc_from_tag _might_ return NULL */
41859 ap = qc->ap;
41860
41861 qc->flags = 0;
41862 @@ -5005,7 +5005,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
41863 struct ata_port *ap;
41864 struct ata_link *link;
41865
41866 - WARN_ON_ONCE(qc == NULL); /* ata_qc_from_tag _might_ return NULL */
41867 + BUG_ON(qc == NULL); /* ata_qc_from_tag _might_ return NULL */
41868 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
41869 ap = qc->ap;
41870 link = qc->dev->link;
41871 @@ -6117,6 +6117,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
41872 return;
41873
41874 spin_lock(&lock);
41875 + pax_open_kernel();
41876
41877 for (cur = ops->inherits; cur; cur = cur->inherits) {
41878 void **inherit = (void **)cur;
41879 @@ -6130,8 +6131,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
41880 if (IS_ERR(*pp))
41881 *pp = NULL;
41882
41883 - ops->inherits = NULL;
41884 + const_cast(ops->inherits) = NULL;
41885
41886 + pax_close_kernel();
41887 spin_unlock(&lock);
41888 }
41889
41890 @@ -6327,7 +6329,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht)
41891
41892 /* give ports names and add SCSI hosts */
41893 for (i = 0; i < host->n_ports; i++) {
41894 - host->ports[i]->print_id = atomic_inc_return(&ata_print_id);
41895 + host->ports[i]->print_id = atomic_inc_return_unchecked(&ata_print_id);
41896 host->ports[i]->local_port_no = i + 1;
41897 }
41898
41899 diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
41900 index e207b33..145ebf0 100644
41901 --- a/drivers/ata/libata-scsi.c
41902 +++ b/drivers/ata/libata-scsi.c
41903 @@ -4689,7 +4689,7 @@ int ata_sas_port_init(struct ata_port *ap)
41904
41905 if (rc)
41906 return rc;
41907 - ap->print_id = atomic_inc_return(&ata_print_id);
41908 + ap->print_id = atomic_inc_return_unchecked(&ata_print_id);
41909 return 0;
41910 }
41911 EXPORT_SYMBOL_GPL(ata_sas_port_init);
41912 diff --git a/drivers/ata/libata.h b/drivers/ata/libata.h
41913 index 3b301a4..ff15676 100644
41914 --- a/drivers/ata/libata.h
41915 +++ b/drivers/ata/libata.h
41916 @@ -53,7 +53,7 @@ enum {
41917 ATA_DNXFER_QUIET = (1 << 31),
41918 };
41919
41920 -extern atomic_t ata_print_id;
41921 +extern atomic_unchecked_t ata_print_id;
41922 extern int atapi_passthru16;
41923 extern int libata_fua;
41924 extern int libata_noacpi;
41925 diff --git a/drivers/ata/pata_arasan_cf.c b/drivers/ata/pata_arasan_cf.c
41926 index b4d5477..9ec8e0b 100644
41927 --- a/drivers/ata/pata_arasan_cf.c
41928 +++ b/drivers/ata/pata_arasan_cf.c
41929 @@ -864,7 +864,9 @@ static int arasan_cf_probe(struct platform_device *pdev)
41930 /* Handle platform specific quirks */
41931 if (quirk) {
41932 if (quirk & CF_BROKEN_PIO) {
41933 - ap->ops->set_piomode = NULL;
41934 + pax_open_kernel();
41935 + const_cast(ap->ops->set_piomode) = NULL;
41936 + pax_close_kernel();
41937 ap->pio_mask = 0;
41938 }
41939 if (quirk & CF_BROKEN_MWDMA)
41940 diff --git a/drivers/atm/adummy.c b/drivers/atm/adummy.c
41941 index f9b983a..887b9d8 100644
41942 --- a/drivers/atm/adummy.c
41943 +++ b/drivers/atm/adummy.c
41944 @@ -114,7 +114,7 @@ adummy_send(struct atm_vcc *vcc, struct sk_buff *skb)
41945 vcc->pop(vcc, skb);
41946 else
41947 dev_kfree_skb_any(skb);
41948 - atomic_inc(&vcc->stats->tx);
41949 + atomic_inc_unchecked(&vcc->stats->tx);
41950
41951 return 0;
41952 }
41953 diff --git a/drivers/atm/ambassador.c b/drivers/atm/ambassador.c
41954 index f1a9198..f466a4a 100644
41955 --- a/drivers/atm/ambassador.c
41956 +++ b/drivers/atm/ambassador.c
41957 @@ -454,7 +454,7 @@ static void tx_complete (amb_dev * dev, tx_out * tx) {
41958 PRINTD (DBG_FLOW|DBG_TX, "tx_complete %p %p", dev, tx);
41959
41960 // VC layer stats
41961 - atomic_inc(&ATM_SKB(skb)->vcc->stats->tx);
41962 + atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx);
41963
41964 // free the descriptor
41965 kfree (tx_descr);
41966 @@ -495,7 +495,7 @@ static void rx_complete (amb_dev * dev, rx_out * rx) {
41967 dump_skb ("<<<", vc, skb);
41968
41969 // VC layer stats
41970 - atomic_inc(&atm_vcc->stats->rx);
41971 + atomic_inc_unchecked(&atm_vcc->stats->rx);
41972 __net_timestamp(skb);
41973 // end of our responsibility
41974 atm_vcc->push (atm_vcc, skb);
41975 @@ -510,7 +510,7 @@ static void rx_complete (amb_dev * dev, rx_out * rx) {
41976 } else {
41977 PRINTK (KERN_INFO, "dropped over-size frame");
41978 // should we count this?
41979 - atomic_inc(&atm_vcc->stats->rx_drop);
41980 + atomic_inc_unchecked(&atm_vcc->stats->rx_drop);
41981 }
41982
41983 } else {
41984 @@ -1338,7 +1338,7 @@ static int amb_send (struct atm_vcc * atm_vcc, struct sk_buff * skb) {
41985 }
41986
41987 if (check_area (skb->data, skb->len)) {
41988 - atomic_inc(&atm_vcc->stats->tx_err);
41989 + atomic_inc_unchecked(&atm_vcc->stats->tx_err);
41990 return -ENOMEM; // ?
41991 }
41992
41993 diff --git a/drivers/atm/atmtcp.c b/drivers/atm/atmtcp.c
41994 index 480fa6f..947067c 100644
41995 --- a/drivers/atm/atmtcp.c
41996 +++ b/drivers/atm/atmtcp.c
41997 @@ -206,7 +206,7 @@ static int atmtcp_v_send(struct atm_vcc *vcc,struct sk_buff *skb)
41998 if (vcc->pop) vcc->pop(vcc,skb);
41999 else dev_kfree_skb(skb);
42000 if (dev_data) return 0;
42001 - atomic_inc(&vcc->stats->tx_err);
42002 + atomic_inc_unchecked(&vcc->stats->tx_err);
42003 return -ENOLINK;
42004 }
42005 size = skb->len+sizeof(struct atmtcp_hdr);
42006 @@ -214,7 +214,7 @@ static int atmtcp_v_send(struct atm_vcc *vcc,struct sk_buff *skb)
42007 if (!new_skb) {
42008 if (vcc->pop) vcc->pop(vcc,skb);
42009 else dev_kfree_skb(skb);
42010 - atomic_inc(&vcc->stats->tx_err);
42011 + atomic_inc_unchecked(&vcc->stats->tx_err);
42012 return -ENOBUFS;
42013 }
42014 hdr = (void *) skb_put(new_skb,sizeof(struct atmtcp_hdr));
42015 @@ -225,8 +225,8 @@ static int atmtcp_v_send(struct atm_vcc *vcc,struct sk_buff *skb)
42016 if (vcc->pop) vcc->pop(vcc,skb);
42017 else dev_kfree_skb(skb);
42018 out_vcc->push(out_vcc,new_skb);
42019 - atomic_inc(&vcc->stats->tx);
42020 - atomic_inc(&out_vcc->stats->rx);
42021 + atomic_inc_unchecked(&vcc->stats->tx);
42022 + atomic_inc_unchecked(&out_vcc->stats->rx);
42023 return 0;
42024 }
42025
42026 @@ -300,7 +300,7 @@ static int atmtcp_c_send(struct atm_vcc *vcc,struct sk_buff *skb)
42027 read_unlock(&vcc_sklist_lock);
42028 if (!out_vcc) {
42029 result = -EUNATCH;
42030 - atomic_inc(&vcc->stats->tx_err);
42031 + atomic_inc_unchecked(&vcc->stats->tx_err);
42032 goto done;
42033 }
42034 skb_pull(skb,sizeof(struct atmtcp_hdr));
42035 @@ -312,8 +312,8 @@ static int atmtcp_c_send(struct atm_vcc *vcc,struct sk_buff *skb)
42036 __net_timestamp(new_skb);
42037 skb_copy_from_linear_data(skb, skb_put(new_skb, skb->len), skb->len);
42038 out_vcc->push(out_vcc,new_skb);
42039 - atomic_inc(&vcc->stats->tx);
42040 - atomic_inc(&out_vcc->stats->rx);
42041 + atomic_inc_unchecked(&vcc->stats->tx);
42042 + atomic_inc_unchecked(&out_vcc->stats->rx);
42043 done:
42044 if (vcc->pop) vcc->pop(vcc,skb);
42045 else dev_kfree_skb(skb);
42046 diff --git a/drivers/atm/eni.c b/drivers/atm/eni.c
42047 index 6339efd..2b441d5 100644
42048 --- a/drivers/atm/eni.c
42049 +++ b/drivers/atm/eni.c
42050 @@ -525,7 +525,7 @@ static int rx_aal0(struct atm_vcc *vcc)
42051 DPRINTK(DEV_LABEL "(itf %d): trashing empty cell\n",
42052 vcc->dev->number);
42053 length = 0;
42054 - atomic_inc(&vcc->stats->rx_err);
42055 + atomic_inc_unchecked(&vcc->stats->rx_err);
42056 }
42057 else {
42058 length = ATM_CELL_SIZE-1; /* no HEC */
42059 @@ -580,7 +580,7 @@ static int rx_aal5(struct atm_vcc *vcc)
42060 size);
42061 }
42062 eff = length = 0;
42063 - atomic_inc(&vcc->stats->rx_err);
42064 + atomic_inc_unchecked(&vcc->stats->rx_err);
42065 }
42066 else {
42067 size = (descr & MID_RED_COUNT)*(ATM_CELL_PAYLOAD >> 2);
42068 @@ -597,7 +597,7 @@ static int rx_aal5(struct atm_vcc *vcc)
42069 "(VCI=%d,length=%ld,size=%ld (descr 0x%lx))\n",
42070 vcc->dev->number,vcc->vci,length,size << 2,descr);
42071 length = eff = 0;
42072 - atomic_inc(&vcc->stats->rx_err);
42073 + atomic_inc_unchecked(&vcc->stats->rx_err);
42074 }
42075 }
42076 skb = eff ? atm_alloc_charge(vcc,eff << 2,GFP_ATOMIC) : NULL;
42077 @@ -770,7 +770,7 @@ rx_dequeued++;
42078 vcc->push(vcc,skb);
42079 pushed++;
42080 }
42081 - atomic_inc(&vcc->stats->rx);
42082 + atomic_inc_unchecked(&vcc->stats->rx);
42083 }
42084 wake_up(&eni_dev->rx_wait);
42085 }
42086 @@ -1230,7 +1230,7 @@ static void dequeue_tx(struct atm_dev *dev)
42087 DMA_TO_DEVICE);
42088 if (vcc->pop) vcc->pop(vcc,skb);
42089 else dev_kfree_skb_irq(skb);
42090 - atomic_inc(&vcc->stats->tx);
42091 + atomic_inc_unchecked(&vcc->stats->tx);
42092 wake_up(&eni_dev->tx_wait);
42093 dma_complete++;
42094 }
42095 diff --git a/drivers/atm/firestream.c b/drivers/atm/firestream.c
42096 index 85aaf22..8730d15 100644
42097 --- a/drivers/atm/firestream.c
42098 +++ b/drivers/atm/firestream.c
42099 @@ -753,7 +753,7 @@ static void process_txdone_queue (struct fs_dev *dev, struct queue *q)
42100 }
42101 }
42102
42103 - atomic_inc(&ATM_SKB(skb)->vcc->stats->tx);
42104 + atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx);
42105
42106 fs_dprintk (FS_DEBUG_TXMEM, "i");
42107 fs_dprintk (FS_DEBUG_ALLOC, "Free t-skb: %p\n", skb);
42108 @@ -820,7 +820,7 @@ static void process_incoming (struct fs_dev *dev, struct queue *q)
42109 #endif
42110 skb_put (skb, qe->p1 & 0xffff);
42111 ATM_SKB(skb)->vcc = atm_vcc;
42112 - atomic_inc(&atm_vcc->stats->rx);
42113 + atomic_inc_unchecked(&atm_vcc->stats->rx);
42114 __net_timestamp(skb);
42115 fs_dprintk (FS_DEBUG_ALLOC, "Free rec-skb: %p (pushed)\n", skb);
42116 atm_vcc->push (atm_vcc, skb);
42117 @@ -841,12 +841,12 @@ static void process_incoming (struct fs_dev *dev, struct queue *q)
42118 kfree (pe);
42119 }
42120 if (atm_vcc)
42121 - atomic_inc(&atm_vcc->stats->rx_drop);
42122 + atomic_inc_unchecked(&atm_vcc->stats->rx_drop);
42123 break;
42124 case 0x1f: /* Reassembly abort: no buffers. */
42125 /* Silently increment error counter. */
42126 if (atm_vcc)
42127 - atomic_inc(&atm_vcc->stats->rx_drop);
42128 + atomic_inc_unchecked(&atm_vcc->stats->rx_drop);
42129 break;
42130 default: /* Hmm. Haven't written the code to handle the others yet... -- REW */
42131 printk (KERN_WARNING "Don't know what to do with RX status %x: %s.\n",
42132 diff --git a/drivers/atm/fore200e.c b/drivers/atm/fore200e.c
42133 index 75dde90..4309ead 100644
42134 --- a/drivers/atm/fore200e.c
42135 +++ b/drivers/atm/fore200e.c
42136 @@ -932,9 +932,9 @@ fore200e_tx_irq(struct fore200e* fore200e)
42137 #endif
42138 /* check error condition */
42139 if (*entry->status & STATUS_ERROR)
42140 - atomic_inc(&vcc->stats->tx_err);
42141 + atomic_inc_unchecked(&vcc->stats->tx_err);
42142 else
42143 - atomic_inc(&vcc->stats->tx);
42144 + atomic_inc_unchecked(&vcc->stats->tx);
42145 }
42146 }
42147
42148 @@ -1083,7 +1083,7 @@ fore200e_push_rpd(struct fore200e* fore200e, struct atm_vcc* vcc, struct rpd* rp
42149 if (skb == NULL) {
42150 DPRINTK(2, "unable to alloc new skb, rx PDU length = %d\n", pdu_len);
42151
42152 - atomic_inc(&vcc->stats->rx_drop);
42153 + atomic_inc_unchecked(&vcc->stats->rx_drop);
42154 return -ENOMEM;
42155 }
42156
42157 @@ -1126,14 +1126,14 @@ fore200e_push_rpd(struct fore200e* fore200e, struct atm_vcc* vcc, struct rpd* rp
42158
42159 dev_kfree_skb_any(skb);
42160
42161 - atomic_inc(&vcc->stats->rx_drop);
42162 + atomic_inc_unchecked(&vcc->stats->rx_drop);
42163 return -ENOMEM;
42164 }
42165
42166 ASSERT(atomic_read(&sk_atm(vcc)->sk_wmem_alloc) >= 0);
42167
42168 vcc->push(vcc, skb);
42169 - atomic_inc(&vcc->stats->rx);
42170 + atomic_inc_unchecked(&vcc->stats->rx);
42171
42172 ASSERT(atomic_read(&sk_atm(vcc)->sk_wmem_alloc) >= 0);
42173
42174 @@ -1211,7 +1211,7 @@ fore200e_rx_irq(struct fore200e* fore200e)
42175 DPRINTK(2, "damaged PDU on %d.%d.%d\n",
42176 fore200e->atm_dev->number,
42177 entry->rpd->atm_header.vpi, entry->rpd->atm_header.vci);
42178 - atomic_inc(&vcc->stats->rx_err);
42179 + atomic_inc_unchecked(&vcc->stats->rx_err);
42180 }
42181 }
42182
42183 @@ -1656,7 +1656,7 @@ fore200e_send(struct atm_vcc *vcc, struct sk_buff *skb)
42184 goto retry_here;
42185 }
42186
42187 - atomic_inc(&vcc->stats->tx_err);
42188 + atomic_inc_unchecked(&vcc->stats->tx_err);
42189
42190 fore200e->tx_sat++;
42191 DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - heartbeat is %08x\n",
42192 diff --git a/drivers/atm/he.c b/drivers/atm/he.c
42193 index 0f5cb37..c8bcdef 100644
42194 --- a/drivers/atm/he.c
42195 +++ b/drivers/atm/he.c
42196 @@ -1689,7 +1689,7 @@ he_service_rbrq(struct he_dev *he_dev, int group)
42197
42198 if (RBRQ_HBUF_ERR(he_dev->rbrq_head)) {
42199 hprintk("HBUF_ERR! (cid 0x%x)\n", cid);
42200 - atomic_inc(&vcc->stats->rx_drop);
42201 + atomic_inc_unchecked(&vcc->stats->rx_drop);
42202 goto return_host_buffers;
42203 }
42204
42205 @@ -1716,7 +1716,7 @@ he_service_rbrq(struct he_dev *he_dev, int group)
42206 RBRQ_LEN_ERR(he_dev->rbrq_head)
42207 ? "LEN_ERR" : "",
42208 vcc->vpi, vcc->vci);
42209 - atomic_inc(&vcc->stats->rx_err);
42210 + atomic_inc_unchecked(&vcc->stats->rx_err);
42211 goto return_host_buffers;
42212 }
42213
42214 @@ -1768,7 +1768,7 @@ he_service_rbrq(struct he_dev *he_dev, int group)
42215 vcc->push(vcc, skb);
42216 spin_lock(&he_dev->global_lock);
42217
42218 - atomic_inc(&vcc->stats->rx);
42219 + atomic_inc_unchecked(&vcc->stats->rx);
42220
42221 return_host_buffers:
42222 ++pdus_assembled;
42223 @@ -2094,7 +2094,7 @@ __enqueue_tpd(struct he_dev *he_dev, struct he_tpd *tpd, unsigned cid)
42224 tpd->vcc->pop(tpd->vcc, tpd->skb);
42225 else
42226 dev_kfree_skb_any(tpd->skb);
42227 - atomic_inc(&tpd->vcc->stats->tx_err);
42228 + atomic_inc_unchecked(&tpd->vcc->stats->tx_err);
42229 }
42230 dma_pool_free(he_dev->tpd_pool, tpd, TPD_ADDR(tpd->status));
42231 return;
42232 @@ -2506,7 +2506,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
42233 vcc->pop(vcc, skb);
42234 else
42235 dev_kfree_skb_any(skb);
42236 - atomic_inc(&vcc->stats->tx_err);
42237 + atomic_inc_unchecked(&vcc->stats->tx_err);
42238 return -EINVAL;
42239 }
42240
42241 @@ -2517,7 +2517,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
42242 vcc->pop(vcc, skb);
42243 else
42244 dev_kfree_skb_any(skb);
42245 - atomic_inc(&vcc->stats->tx_err);
42246 + atomic_inc_unchecked(&vcc->stats->tx_err);
42247 return -EINVAL;
42248 }
42249 #endif
42250 @@ -2529,7 +2529,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
42251 vcc->pop(vcc, skb);
42252 else
42253 dev_kfree_skb_any(skb);
42254 - atomic_inc(&vcc->stats->tx_err);
42255 + atomic_inc_unchecked(&vcc->stats->tx_err);
42256 spin_unlock_irqrestore(&he_dev->global_lock, flags);
42257 return -ENOMEM;
42258 }
42259 @@ -2571,7 +2571,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
42260 vcc->pop(vcc, skb);
42261 else
42262 dev_kfree_skb_any(skb);
42263 - atomic_inc(&vcc->stats->tx_err);
42264 + atomic_inc_unchecked(&vcc->stats->tx_err);
42265 spin_unlock_irqrestore(&he_dev->global_lock, flags);
42266 return -ENOMEM;
42267 }
42268 @@ -2602,7 +2602,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
42269 __enqueue_tpd(he_dev, tpd, cid);
42270 spin_unlock_irqrestore(&he_dev->global_lock, flags);
42271
42272 - atomic_inc(&vcc->stats->tx);
42273 + atomic_inc_unchecked(&vcc->stats->tx);
42274
42275 return 0;
42276 }
42277 diff --git a/drivers/atm/horizon.c b/drivers/atm/horizon.c
42278 index 5fc81e2..42907ae 100644
42279 --- a/drivers/atm/horizon.c
42280 +++ b/drivers/atm/horizon.c
42281 @@ -1018,7 +1018,7 @@ static void rx_schedule (hrz_dev * dev, int irq) {
42282 {
42283 struct atm_vcc * vcc = ATM_SKB(skb)->vcc;
42284 // VC layer stats
42285 - atomic_inc(&vcc->stats->rx);
42286 + atomic_inc_unchecked(&vcc->stats->rx);
42287 __net_timestamp(skb);
42288 // end of our responsibility
42289 vcc->push (vcc, skb);
42290 @@ -1170,7 +1170,7 @@ static void tx_schedule (hrz_dev * const dev, int irq) {
42291 dev->tx_iovec = NULL;
42292
42293 // VC layer stats
42294 - atomic_inc(&ATM_SKB(skb)->vcc->stats->tx);
42295 + atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx);
42296
42297 // free the skb
42298 hrz_kfree_skb (skb);
42299 diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c
42300 index 074616b..d6b3d5f 100644
42301 --- a/drivers/atm/idt77252.c
42302 +++ b/drivers/atm/idt77252.c
42303 @@ -811,7 +811,7 @@ drain_scq(struct idt77252_dev *card, struct vc_map *vc)
42304 else
42305 dev_kfree_skb(skb);
42306
42307 - atomic_inc(&vcc->stats->tx);
42308 + atomic_inc_unchecked(&vcc->stats->tx);
42309 }
42310
42311 atomic_dec(&scq->used);
42312 @@ -1073,13 +1073,13 @@ dequeue_rx(struct idt77252_dev *card, struct rsq_entry *rsqe)
42313 if ((sb = dev_alloc_skb(64)) == NULL) {
42314 printk("%s: Can't allocate buffers for aal0.\n",
42315 card->name);
42316 - atomic_add(i, &vcc->stats->rx_drop);
42317 + atomic_add_unchecked(i, &vcc->stats->rx_drop);
42318 break;
42319 }
42320 if (!atm_charge(vcc, sb->truesize)) {
42321 RXPRINTK("%s: atm_charge() dropped aal0 packets.\n",
42322 card->name);
42323 - atomic_add(i - 1, &vcc->stats->rx_drop);
42324 + atomic_add_unchecked(i - 1, &vcc->stats->rx_drop);
42325 dev_kfree_skb(sb);
42326 break;
42327 }
42328 @@ -1096,7 +1096,7 @@ dequeue_rx(struct idt77252_dev *card, struct rsq_entry *rsqe)
42329 ATM_SKB(sb)->vcc = vcc;
42330 __net_timestamp(sb);
42331 vcc->push(vcc, sb);
42332 - atomic_inc(&vcc->stats->rx);
42333 + atomic_inc_unchecked(&vcc->stats->rx);
42334
42335 cell += ATM_CELL_PAYLOAD;
42336 }
42337 @@ -1133,13 +1133,13 @@ dequeue_rx(struct idt77252_dev *card, struct rsq_entry *rsqe)
42338 "(CDC: %08x)\n",
42339 card->name, len, rpp->len, readl(SAR_REG_CDC));
42340 recycle_rx_pool_skb(card, rpp);
42341 - atomic_inc(&vcc->stats->rx_err);
42342 + atomic_inc_unchecked(&vcc->stats->rx_err);
42343 return;
42344 }
42345 if (stat & SAR_RSQE_CRC) {
42346 RXPRINTK("%s: AAL5 CRC error.\n", card->name);
42347 recycle_rx_pool_skb(card, rpp);
42348 - atomic_inc(&vcc->stats->rx_err);
42349 + atomic_inc_unchecked(&vcc->stats->rx_err);
42350 return;
42351 }
42352 if (skb_queue_len(&rpp->queue) > 1) {
42353 @@ -1150,7 +1150,7 @@ dequeue_rx(struct idt77252_dev *card, struct rsq_entry *rsqe)
42354 RXPRINTK("%s: Can't alloc RX skb.\n",
42355 card->name);
42356 recycle_rx_pool_skb(card, rpp);
42357 - atomic_inc(&vcc->stats->rx_err);
42358 + atomic_inc_unchecked(&vcc->stats->rx_err);
42359 return;
42360 }
42361 if (!atm_charge(vcc, skb->truesize)) {
42362 @@ -1169,7 +1169,7 @@ dequeue_rx(struct idt77252_dev *card, struct rsq_entry *rsqe)
42363 __net_timestamp(skb);
42364
42365 vcc->push(vcc, skb);
42366 - atomic_inc(&vcc->stats->rx);
42367 + atomic_inc_unchecked(&vcc->stats->rx);
42368
42369 return;
42370 }
42371 @@ -1191,7 +1191,7 @@ dequeue_rx(struct idt77252_dev *card, struct rsq_entry *rsqe)
42372 __net_timestamp(skb);
42373
42374 vcc->push(vcc, skb);
42375 - atomic_inc(&vcc->stats->rx);
42376 + atomic_inc_unchecked(&vcc->stats->rx);
42377
42378 if (skb->truesize > SAR_FB_SIZE_3)
42379 add_rx_skb(card, 3, SAR_FB_SIZE_3, 1);
42380 @@ -1302,14 +1302,14 @@ idt77252_rx_raw(struct idt77252_dev *card)
42381 if (vcc->qos.aal != ATM_AAL0) {
42382 RPRINTK("%s: raw cell for non AAL0 vc %u.%u\n",
42383 card->name, vpi, vci);
42384 - atomic_inc(&vcc->stats->rx_drop);
42385 + atomic_inc_unchecked(&vcc->stats->rx_drop);
42386 goto drop;
42387 }
42388
42389 if ((sb = dev_alloc_skb(64)) == NULL) {
42390 printk("%s: Can't allocate buffers for AAL0.\n",
42391 card->name);
42392 - atomic_inc(&vcc->stats->rx_err);
42393 + atomic_inc_unchecked(&vcc->stats->rx_err);
42394 goto drop;
42395 }
42396
42397 @@ -1328,7 +1328,7 @@ idt77252_rx_raw(struct idt77252_dev *card)
42398 ATM_SKB(sb)->vcc = vcc;
42399 __net_timestamp(sb);
42400 vcc->push(vcc, sb);
42401 - atomic_inc(&vcc->stats->rx);
42402 + atomic_inc_unchecked(&vcc->stats->rx);
42403
42404 drop:
42405 skb_pull(queue, 64);
42406 @@ -1953,13 +1953,13 @@ idt77252_send_skb(struct atm_vcc *vcc, struct sk_buff *skb, int oam)
42407
42408 if (vc == NULL) {
42409 printk("%s: NULL connection in send().\n", card->name);
42410 - atomic_inc(&vcc->stats->tx_err);
42411 + atomic_inc_unchecked(&vcc->stats->tx_err);
42412 dev_kfree_skb(skb);
42413 return -EINVAL;
42414 }
42415 if (!test_bit(VCF_TX, &vc->flags)) {
42416 printk("%s: Trying to transmit on a non-tx VC.\n", card->name);
42417 - atomic_inc(&vcc->stats->tx_err);
42418 + atomic_inc_unchecked(&vcc->stats->tx_err);
42419 dev_kfree_skb(skb);
42420 return -EINVAL;
42421 }
42422 @@ -1971,14 +1971,14 @@ idt77252_send_skb(struct atm_vcc *vcc, struct sk_buff *skb, int oam)
42423 break;
42424 default:
42425 printk("%s: Unsupported AAL: %d\n", card->name, vcc->qos.aal);
42426 - atomic_inc(&vcc->stats->tx_err);
42427 + atomic_inc_unchecked(&vcc->stats->tx_err);
42428 dev_kfree_skb(skb);
42429 return -EINVAL;
42430 }
42431
42432 if (skb_shinfo(skb)->nr_frags != 0) {
42433 printk("%s: No scatter-gather yet.\n", card->name);
42434 - atomic_inc(&vcc->stats->tx_err);
42435 + atomic_inc_unchecked(&vcc->stats->tx_err);
42436 dev_kfree_skb(skb);
42437 return -EINVAL;
42438 }
42439 @@ -1986,7 +1986,7 @@ idt77252_send_skb(struct atm_vcc *vcc, struct sk_buff *skb, int oam)
42440
42441 err = queue_skb(card, vc, skb, oam);
42442 if (err) {
42443 - atomic_inc(&vcc->stats->tx_err);
42444 + atomic_inc_unchecked(&vcc->stats->tx_err);
42445 dev_kfree_skb(skb);
42446 return err;
42447 }
42448 @@ -2009,7 +2009,7 @@ idt77252_send_oam(struct atm_vcc *vcc, void *cell, int flags)
42449 skb = dev_alloc_skb(64);
42450 if (!skb) {
42451 printk("%s: Out of memory in send_oam().\n", card->name);
42452 - atomic_inc(&vcc->stats->tx_err);
42453 + atomic_inc_unchecked(&vcc->stats->tx_err);
42454 return -ENOMEM;
42455 }
42456 atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc);
42457 diff --git a/drivers/atm/iphase.c b/drivers/atm/iphase.c
42458 index 809dd1e..ee10755 100644
42459 --- a/drivers/atm/iphase.c
42460 +++ b/drivers/atm/iphase.c
42461 @@ -1146,7 +1146,7 @@ static int rx_pkt(struct atm_dev *dev)
42462 status = (u_short) (buf_desc_ptr->desc_mode);
42463 if (status & (RX_CER | RX_PTE | RX_OFL))
42464 {
42465 - atomic_inc(&vcc->stats->rx_err);
42466 + atomic_inc_unchecked(&vcc->stats->rx_err);
42467 IF_ERR(printk("IA: bad packet, dropping it");)
42468 if (status & RX_CER) {
42469 IF_ERR(printk(" cause: packet CRC error\n");)
42470 @@ -1169,7 +1169,7 @@ static int rx_pkt(struct atm_dev *dev)
42471 len = dma_addr - buf_addr;
42472 if (len > iadev->rx_buf_sz) {
42473 printk("Over %d bytes sdu received, dropped!!!\n", iadev->rx_buf_sz);
42474 - atomic_inc(&vcc->stats->rx_err);
42475 + atomic_inc_unchecked(&vcc->stats->rx_err);
42476 goto out_free_desc;
42477 }
42478
42479 @@ -1319,7 +1319,7 @@ static void rx_dle_intr(struct atm_dev *dev)
42480 ia_vcc = INPH_IA_VCC(vcc);
42481 if (ia_vcc == NULL)
42482 {
42483 - atomic_inc(&vcc->stats->rx_err);
42484 + atomic_inc_unchecked(&vcc->stats->rx_err);
42485 atm_return(vcc, skb->truesize);
42486 dev_kfree_skb_any(skb);
42487 goto INCR_DLE;
42488 @@ -1331,7 +1331,7 @@ static void rx_dle_intr(struct atm_dev *dev)
42489 if ((length > iadev->rx_buf_sz) || (length >
42490 (skb->len - sizeof(struct cpcs_trailer))))
42491 {
42492 - atomic_inc(&vcc->stats->rx_err);
42493 + atomic_inc_unchecked(&vcc->stats->rx_err);
42494 IF_ERR(printk("rx_dle_intr: Bad AAL5 trailer %d (skb len %d)",
42495 length, skb->len);)
42496 atm_return(vcc, skb->truesize);
42497 @@ -1347,7 +1347,7 @@ static void rx_dle_intr(struct atm_dev *dev)
42498
42499 IF_RX(printk("rx_dle_intr: skb push");)
42500 vcc->push(vcc,skb);
42501 - atomic_inc(&vcc->stats->rx);
42502 + atomic_inc_unchecked(&vcc->stats->rx);
42503 iadev->rx_pkt_cnt++;
42504 }
42505 INCR_DLE:
42506 @@ -2829,15 +2829,15 @@ static int ia_ioctl(struct atm_dev *dev, unsigned int cmd, void __user *arg)
42507 {
42508 struct k_sonet_stats *stats;
42509 stats = &PRIV(_ia_dev[board])->sonet_stats;
42510 - printk("section_bip: %d\n", atomic_read(&stats->section_bip));
42511 - printk("line_bip : %d\n", atomic_read(&stats->line_bip));
42512 - printk("path_bip : %d\n", atomic_read(&stats->path_bip));
42513 - printk("line_febe : %d\n", atomic_read(&stats->line_febe));
42514 - printk("path_febe : %d\n", atomic_read(&stats->path_febe));
42515 - printk("corr_hcs : %d\n", atomic_read(&stats->corr_hcs));
42516 - printk("uncorr_hcs : %d\n", atomic_read(&stats->uncorr_hcs));
42517 - printk("tx_cells : %d\n", atomic_read(&stats->tx_cells));
42518 - printk("rx_cells : %d\n", atomic_read(&stats->rx_cells));
42519 + printk("section_bip: %d\n", atomic_read_unchecked(&stats->section_bip));
42520 + printk("line_bip : %d\n", atomic_read_unchecked(&stats->line_bip));
42521 + printk("path_bip : %d\n", atomic_read_unchecked(&stats->path_bip));
42522 + printk("line_febe : %d\n", atomic_read_unchecked(&stats->line_febe));
42523 + printk("path_febe : %d\n", atomic_read_unchecked(&stats->path_febe));
42524 + printk("corr_hcs : %d\n", atomic_read_unchecked(&stats->corr_hcs));
42525 + printk("uncorr_hcs : %d\n", atomic_read_unchecked(&stats->uncorr_hcs));
42526 + printk("tx_cells : %d\n", atomic_read_unchecked(&stats->tx_cells));
42527 + printk("rx_cells : %d\n", atomic_read_unchecked(&stats->rx_cells));
42528 }
42529 ia_cmds.status = 0;
42530 break;
42531 @@ -2942,7 +2942,7 @@ static int ia_pkt_tx (struct atm_vcc *vcc, struct sk_buff *skb) {
42532 if ((desc == 0) || (desc > iadev->num_tx_desc))
42533 {
42534 IF_ERR(printk(DEV_LABEL "invalid desc for send: %d\n", desc);)
42535 - atomic_inc(&vcc->stats->tx);
42536 + atomic_inc_unchecked(&vcc->stats->tx);
42537 if (vcc->pop)
42538 vcc->pop(vcc, skb);
42539 else
42540 @@ -3047,14 +3047,14 @@ static int ia_pkt_tx (struct atm_vcc *vcc, struct sk_buff *skb) {
42541 ATM_DESC(skb) = vcc->vci;
42542 skb_queue_tail(&iadev->tx_dma_q, skb);
42543
42544 - atomic_inc(&vcc->stats->tx);
42545 + atomic_inc_unchecked(&vcc->stats->tx);
42546 iadev->tx_pkt_cnt++;
42547 /* Increment transaction counter */
42548 writel(2, iadev->dma+IPHASE5575_TX_COUNTER);
42549
42550 #if 0
42551 /* add flow control logic */
42552 - if (atomic_read(&vcc->stats->tx) % 20 == 0) {
42553 + if (atomic_read_unchecked(&vcc->stats->tx) % 20 == 0) {
42554 if (iavcc->vc_desc_cnt > 10) {
42555 vcc->tx_quota = vcc->tx_quota * 3 / 4;
42556 printk("Tx1: vcc->tx_quota = %d \n", (u32)vcc->tx_quota );
42557 diff --git a/drivers/atm/lanai.c b/drivers/atm/lanai.c
42558 index ce43ae3..969de38 100644
42559 --- a/drivers/atm/lanai.c
42560 +++ b/drivers/atm/lanai.c
42561 @@ -1295,7 +1295,7 @@ static void lanai_send_one_aal5(struct lanai_dev *lanai,
42562 vcc_tx_add_aal5_trailer(lvcc, skb->len, 0, 0);
42563 lanai_endtx(lanai, lvcc);
42564 lanai_free_skb(lvcc->tx.atmvcc, skb);
42565 - atomic_inc(&lvcc->tx.atmvcc->stats->tx);
42566 + atomic_inc_unchecked(&lvcc->tx.atmvcc->stats->tx);
42567 }
42568
42569 /* Try to fill the buffer - don't call unless there is backlog */
42570 @@ -1418,7 +1418,7 @@ static void vcc_rx_aal5(struct lanai_vcc *lvcc, int endptr)
42571 ATM_SKB(skb)->vcc = lvcc->rx.atmvcc;
42572 __net_timestamp(skb);
42573 lvcc->rx.atmvcc->push(lvcc->rx.atmvcc, skb);
42574 - atomic_inc(&lvcc->rx.atmvcc->stats->rx);
42575 + atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx);
42576 out:
42577 lvcc->rx.buf.ptr = end;
42578 cardvcc_write(lvcc, endptr, vcc_rxreadptr);
42579 @@ -1659,7 +1659,7 @@ static int handle_service(struct lanai_dev *lanai, u32 s)
42580 DPRINTK("(itf %d) got RX service entry 0x%X for non-AAL5 "
42581 "vcc %d\n", lanai->number, (unsigned int) s, vci);
42582 lanai->stats.service_rxnotaal5++;
42583 - atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
42584 + atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
42585 return 0;
42586 }
42587 if (likely(!(s & (SERVICE_TRASH | SERVICE_STREAM | SERVICE_CRCERR)))) {
42588 @@ -1671,7 +1671,7 @@ static int handle_service(struct lanai_dev *lanai, u32 s)
42589 int bytes;
42590 read_unlock(&vcc_sklist_lock);
42591 DPRINTK("got trashed rx pdu on vci %d\n", vci);
42592 - atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
42593 + atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
42594 lvcc->stats.x.aal5.service_trash++;
42595 bytes = (SERVICE_GET_END(s) * 16) -
42596 (((unsigned long) lvcc->rx.buf.ptr) -
42597 @@ -1683,7 +1683,7 @@ static int handle_service(struct lanai_dev *lanai, u32 s)
42598 }
42599 if (s & SERVICE_STREAM) {
42600 read_unlock(&vcc_sklist_lock);
42601 - atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
42602 + atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
42603 lvcc->stats.x.aal5.service_stream++;
42604 printk(KERN_ERR DEV_LABEL "(itf %d): Got AAL5 stream "
42605 "PDU on VCI %d!\n", lanai->number, vci);
42606 @@ -1691,7 +1691,7 @@ static int handle_service(struct lanai_dev *lanai, u32 s)
42607 return 0;
42608 }
42609 DPRINTK("got rx crc error on vci %d\n", vci);
42610 - atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
42611 + atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
42612 lvcc->stats.x.aal5.service_rxcrc++;
42613 lvcc->rx.buf.ptr = &lvcc->rx.buf.start[SERVICE_GET_END(s) * 4];
42614 cardvcc_write(lvcc, SERVICE_GET_END(s), vcc_rxreadptr);
42615 diff --git a/drivers/atm/nicstar.c b/drivers/atm/nicstar.c
42616 index 700ed15..a3a8a73 100644
42617 --- a/drivers/atm/nicstar.c
42618 +++ b/drivers/atm/nicstar.c
42619 @@ -1633,7 +1633,7 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb)
42620 if ((vc = (vc_map *) vcc->dev_data) == NULL) {
42621 printk("nicstar%d: vcc->dev_data == NULL on ns_send().\n",
42622 card->index);
42623 - atomic_inc(&vcc->stats->tx_err);
42624 + atomic_inc_unchecked(&vcc->stats->tx_err);
42625 dev_kfree_skb_any(skb);
42626 return -EINVAL;
42627 }
42628 @@ -1641,7 +1641,7 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb)
42629 if (!vc->tx) {
42630 printk("nicstar%d: Trying to transmit on a non-tx VC.\n",
42631 card->index);
42632 - atomic_inc(&vcc->stats->tx_err);
42633 + atomic_inc_unchecked(&vcc->stats->tx_err);
42634 dev_kfree_skb_any(skb);
42635 return -EINVAL;
42636 }
42637 @@ -1649,14 +1649,14 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb)
42638 if (vcc->qos.aal != ATM_AAL5 && vcc->qos.aal != ATM_AAL0) {
42639 printk("nicstar%d: Only AAL0 and AAL5 are supported.\n",
42640 card->index);
42641 - atomic_inc(&vcc->stats->tx_err);
42642 + atomic_inc_unchecked(&vcc->stats->tx_err);
42643 dev_kfree_skb_any(skb);
42644 return -EINVAL;
42645 }
42646
42647 if (skb_shinfo(skb)->nr_frags != 0) {
42648 printk("nicstar%d: No scatter-gather yet.\n", card->index);
42649 - atomic_inc(&vcc->stats->tx_err);
42650 + atomic_inc_unchecked(&vcc->stats->tx_err);
42651 dev_kfree_skb_any(skb);
42652 return -EINVAL;
42653 }
42654 @@ -1704,11 +1704,11 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb)
42655 }
42656
42657 if (push_scqe(card, vc, scq, &scqe, skb) != 0) {
42658 - atomic_inc(&vcc->stats->tx_err);
42659 + atomic_inc_unchecked(&vcc->stats->tx_err);
42660 dev_kfree_skb_any(skb);
42661 return -EIO;
42662 }
42663 - atomic_inc(&vcc->stats->tx);
42664 + atomic_inc_unchecked(&vcc->stats->tx);
42665
42666 return 0;
42667 }
42668 @@ -2025,14 +2025,14 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
42669 printk
42670 ("nicstar%d: Can't allocate buffers for aal0.\n",
42671 card->index);
42672 - atomic_add(i, &vcc->stats->rx_drop);
42673 + atomic_add_unchecked(i, &vcc->stats->rx_drop);
42674 break;
42675 }
42676 if (!atm_charge(vcc, sb->truesize)) {
42677 RXPRINTK
42678 ("nicstar%d: atm_charge() dropped aal0 packets.\n",
42679 card->index);
42680 - atomic_add(i - 1, &vcc->stats->rx_drop); /* already increased by 1 */
42681 + atomic_add_unchecked(i - 1, &vcc->stats->rx_drop); /* already increased by 1 */
42682 dev_kfree_skb_any(sb);
42683 break;
42684 }
42685 @@ -2047,7 +2047,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
42686 ATM_SKB(sb)->vcc = vcc;
42687 __net_timestamp(sb);
42688 vcc->push(vcc, sb);
42689 - atomic_inc(&vcc->stats->rx);
42690 + atomic_inc_unchecked(&vcc->stats->rx);
42691 cell += ATM_CELL_PAYLOAD;
42692 }
42693
42694 @@ -2064,7 +2064,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
42695 if (iovb == NULL) {
42696 printk("nicstar%d: Out of iovec buffers.\n",
42697 card->index);
42698 - atomic_inc(&vcc->stats->rx_drop);
42699 + atomic_inc_unchecked(&vcc->stats->rx_drop);
42700 recycle_rx_buf(card, skb);
42701 return;
42702 }
42703 @@ -2088,7 +2088,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
42704 small or large buffer itself. */
42705 } else if (NS_PRV_IOVCNT(iovb) >= NS_MAX_IOVECS) {
42706 printk("nicstar%d: received too big AAL5 SDU.\n", card->index);
42707 - atomic_inc(&vcc->stats->rx_err);
42708 + atomic_inc_unchecked(&vcc->stats->rx_err);
42709 recycle_iovec_rx_bufs(card, (struct iovec *)iovb->data,
42710 NS_MAX_IOVECS);
42711 NS_PRV_IOVCNT(iovb) = 0;
42712 @@ -2108,7 +2108,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
42713 ("nicstar%d: Expected a small buffer, and this is not one.\n",
42714 card->index);
42715 which_list(card, skb);
42716 - atomic_inc(&vcc->stats->rx_err);
42717 + atomic_inc_unchecked(&vcc->stats->rx_err);
42718 recycle_rx_buf(card, skb);
42719 vc->rx_iov = NULL;
42720 recycle_iov_buf(card, iovb);
42721 @@ -2121,7 +2121,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
42722 ("nicstar%d: Expected a large buffer, and this is not one.\n",
42723 card->index);
42724 which_list(card, skb);
42725 - atomic_inc(&vcc->stats->rx_err);
42726 + atomic_inc_unchecked(&vcc->stats->rx_err);
42727 recycle_iovec_rx_bufs(card, (struct iovec *)iovb->data,
42728 NS_PRV_IOVCNT(iovb));
42729 vc->rx_iov = NULL;
42730 @@ -2144,7 +2144,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
42731 printk(" - PDU size mismatch.\n");
42732 else
42733 printk(".\n");
42734 - atomic_inc(&vcc->stats->rx_err);
42735 + atomic_inc_unchecked(&vcc->stats->rx_err);
42736 recycle_iovec_rx_bufs(card, (struct iovec *)iovb->data,
42737 NS_PRV_IOVCNT(iovb));
42738 vc->rx_iov = NULL;
42739 @@ -2158,14 +2158,14 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
42740 /* skb points to a small buffer */
42741 if (!atm_charge(vcc, skb->truesize)) {
42742 push_rxbufs(card, skb);
42743 - atomic_inc(&vcc->stats->rx_drop);
42744 + atomic_inc_unchecked(&vcc->stats->rx_drop);
42745 } else {
42746 skb_put(skb, len);
42747 dequeue_sm_buf(card, skb);
42748 ATM_SKB(skb)->vcc = vcc;
42749 __net_timestamp(skb);
42750 vcc->push(vcc, skb);
42751 - atomic_inc(&vcc->stats->rx);
42752 + atomic_inc_unchecked(&vcc->stats->rx);
42753 }
42754 } else if (NS_PRV_IOVCNT(iovb) == 2) { /* One small plus one large buffer */
42755 struct sk_buff *sb;
42756 @@ -2176,14 +2176,14 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
42757 if (len <= NS_SMBUFSIZE) {
42758 if (!atm_charge(vcc, sb->truesize)) {
42759 push_rxbufs(card, sb);
42760 - atomic_inc(&vcc->stats->rx_drop);
42761 + atomic_inc_unchecked(&vcc->stats->rx_drop);
42762 } else {
42763 skb_put(sb, len);
42764 dequeue_sm_buf(card, sb);
42765 ATM_SKB(sb)->vcc = vcc;
42766 __net_timestamp(sb);
42767 vcc->push(vcc, sb);
42768 - atomic_inc(&vcc->stats->rx);
42769 + atomic_inc_unchecked(&vcc->stats->rx);
42770 }
42771
42772 push_rxbufs(card, skb);
42773 @@ -2192,7 +2192,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
42774
42775 if (!atm_charge(vcc, skb->truesize)) {
42776 push_rxbufs(card, skb);
42777 - atomic_inc(&vcc->stats->rx_drop);
42778 + atomic_inc_unchecked(&vcc->stats->rx_drop);
42779 } else {
42780 dequeue_lg_buf(card, skb);
42781 skb_push(skb, NS_SMBUFSIZE);
42782 @@ -2202,7 +2202,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
42783 ATM_SKB(skb)->vcc = vcc;
42784 __net_timestamp(skb);
42785 vcc->push(vcc, skb);
42786 - atomic_inc(&vcc->stats->rx);
42787 + atomic_inc_unchecked(&vcc->stats->rx);
42788 }
42789
42790 push_rxbufs(card, sb);
42791 @@ -2223,7 +2223,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
42792 printk
42793 ("nicstar%d: Out of huge buffers.\n",
42794 card->index);
42795 - atomic_inc(&vcc->stats->rx_drop);
42796 + atomic_inc_unchecked(&vcc->stats->rx_drop);
42797 recycle_iovec_rx_bufs(card,
42798 (struct iovec *)
42799 iovb->data,
42800 @@ -2274,7 +2274,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
42801 card->hbpool.count++;
42802 } else
42803 dev_kfree_skb_any(hb);
42804 - atomic_inc(&vcc->stats->rx_drop);
42805 + atomic_inc_unchecked(&vcc->stats->rx_drop);
42806 } else {
42807 /* Copy the small buffer to the huge buffer */
42808 sb = (struct sk_buff *)iov->iov_base;
42809 @@ -2308,7 +2308,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
42810 ATM_SKB(hb)->vcc = vcc;
42811 __net_timestamp(hb);
42812 vcc->push(vcc, hb);
42813 - atomic_inc(&vcc->stats->rx);
42814 + atomic_inc_unchecked(&vcc->stats->rx);
42815 }
42816 }
42817
42818 diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c
42819 index 6ac2b2b..6373ebdc 100644
42820 --- a/drivers/atm/solos-pci.c
42821 +++ b/drivers/atm/solos-pci.c
42822 @@ -849,7 +849,7 @@ static void solos_bh(unsigned long card_arg)
42823 }
42824 atm_charge(vcc, skb->truesize);
42825 vcc->push(vcc, skb);
42826 - atomic_inc(&vcc->stats->rx);
42827 + atomic_inc_unchecked(&vcc->stats->rx);
42828 break;
42829
42830 case PKT_STATUS:
42831 @@ -1130,7 +1130,7 @@ static uint32_t fpga_tx(struct solos_card *card)
42832 vcc = SKB_CB(oldskb)->vcc;
42833
42834 if (vcc) {
42835 - atomic_inc(&vcc->stats->tx);
42836 + atomic_inc_unchecked(&vcc->stats->tx);
42837 solos_pop(vcc, oldskb);
42838 } else {
42839 dev_kfree_skb_irq(oldskb);
42840 diff --git a/drivers/atm/suni.c b/drivers/atm/suni.c
42841 index 0215934..ce9f5b1 100644
42842 --- a/drivers/atm/suni.c
42843 +++ b/drivers/atm/suni.c
42844 @@ -49,8 +49,8 @@ static DEFINE_SPINLOCK(sunis_lock);
42845
42846
42847 #define ADD_LIMITED(s,v) \
42848 - atomic_add((v),&stats->s); \
42849 - if (atomic_read(&stats->s) < 0) atomic_set(&stats->s,INT_MAX);
42850 + atomic_add_unchecked((v),&stats->s); \
42851 + if (atomic_read_unchecked(&stats->s) < 0) atomic_set_unchecked(&stats->s,INT_MAX);
42852
42853
42854 static void suni_hz(unsigned long from_timer)
42855 diff --git a/drivers/atm/uPD98402.c b/drivers/atm/uPD98402.c
42856 index 5120a96..e2572bd 100644
42857 --- a/drivers/atm/uPD98402.c
42858 +++ b/drivers/atm/uPD98402.c
42859 @@ -42,7 +42,7 @@ static int fetch_stats(struct atm_dev *dev,struct sonet_stats __user *arg,int ze
42860 struct sonet_stats tmp;
42861 int error = 0;
42862
42863 - atomic_add(GET(HECCT),&PRIV(dev)->sonet_stats.uncorr_hcs);
42864 + atomic_add_unchecked(GET(HECCT),&PRIV(dev)->sonet_stats.uncorr_hcs);
42865 sonet_copy_stats(&PRIV(dev)->sonet_stats,&tmp);
42866 if (arg) error = copy_to_user(arg,&tmp,sizeof(tmp));
42867 if (zero && !error) {
42868 @@ -161,9 +161,9 @@ static int uPD98402_ioctl(struct atm_dev *dev,unsigned int cmd,void __user *arg)
42869
42870
42871 #define ADD_LIMITED(s,v) \
42872 - { atomic_add(GET(v),&PRIV(dev)->sonet_stats.s); \
42873 - if (atomic_read(&PRIV(dev)->sonet_stats.s) < 0) \
42874 - atomic_set(&PRIV(dev)->sonet_stats.s,INT_MAX); }
42875 + { atomic_add_unchecked(GET(v),&PRIV(dev)->sonet_stats.s); \
42876 + if (atomic_read_unchecked(&PRIV(dev)->sonet_stats.s) < 0) \
42877 + atomic_set_unchecked(&PRIV(dev)->sonet_stats.s,INT_MAX); }
42878
42879
42880 static void stat_event(struct atm_dev *dev)
42881 @@ -194,7 +194,7 @@ static void uPD98402_int(struct atm_dev *dev)
42882 if (reason & uPD98402_INT_PFM) stat_event(dev);
42883 if (reason & uPD98402_INT_PCO) {
42884 (void) GET(PCOCR); /* clear interrupt cause */
42885 - atomic_add(GET(HECCT),
42886 + atomic_add_unchecked(GET(HECCT),
42887 &PRIV(dev)->sonet_stats.uncorr_hcs);
42888 }
42889 if ((reason & uPD98402_INT_RFO) &&
42890 @@ -222,9 +222,9 @@ static int uPD98402_start(struct atm_dev *dev)
42891 PUT(~(uPD98402_INT_PFM | uPD98402_INT_ALM | uPD98402_INT_RFO |
42892 uPD98402_INT_LOS),PIMR); /* enable them */
42893 (void) fetch_stats(dev,NULL,1); /* clear kernel counters */
42894 - atomic_set(&PRIV(dev)->sonet_stats.corr_hcs,-1);
42895 - atomic_set(&PRIV(dev)->sonet_stats.tx_cells,-1);
42896 - atomic_set(&PRIV(dev)->sonet_stats.rx_cells,-1);
42897 + atomic_set_unchecked(&PRIV(dev)->sonet_stats.corr_hcs,-1);
42898 + atomic_set_unchecked(&PRIV(dev)->sonet_stats.tx_cells,-1);
42899 + atomic_set_unchecked(&PRIV(dev)->sonet_stats.rx_cells,-1);
42900 return 0;
42901 }
42902
42903 diff --git a/drivers/atm/zatm.c b/drivers/atm/zatm.c
42904 index cecfb94..87009ec 100644
42905 --- a/drivers/atm/zatm.c
42906 +++ b/drivers/atm/zatm.c
42907 @@ -459,7 +459,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy[0],dummy[1]);
42908 }
42909 if (!size) {
42910 dev_kfree_skb_irq(skb);
42911 - if (vcc) atomic_inc(&vcc->stats->rx_err);
42912 + if (vcc) atomic_inc_unchecked(&vcc->stats->rx_err);
42913 continue;
42914 }
42915 if (!atm_charge(vcc,skb->truesize)) {
42916 @@ -469,7 +469,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy[0],dummy[1]);
42917 skb->len = size;
42918 ATM_SKB(skb)->vcc = vcc;
42919 vcc->push(vcc,skb);
42920 - atomic_inc(&vcc->stats->rx);
42921 + atomic_inc_unchecked(&vcc->stats->rx);
42922 }
42923 zout(pos & 0xffff,MTA(mbx));
42924 #if 0 /* probably a stupid idea */
42925 @@ -733,7 +733,7 @@ if (*ZATM_PRV_DSC(skb) != (uPD98401_TXPD_V | uPD98401_TXPD_DP |
42926 skb_queue_head(&zatm_vcc->backlog,skb);
42927 break;
42928 }
42929 - atomic_inc(&vcc->stats->tx);
42930 + atomic_inc_unchecked(&vcc->stats->tx);
42931 wake_up(&zatm_vcc->tx_wait);
42932 }
42933
42934 diff --git a/drivers/base/bus.c b/drivers/base/bus.c
42935 index 6470eb8..3a7d92b 100644
42936 --- a/drivers/base/bus.c
42937 +++ b/drivers/base/bus.c
42938 @@ -1136,7 +1136,7 @@ int subsys_interface_register(struct subsys_interface *sif)
42939 return -EINVAL;
42940
42941 mutex_lock(&subsys->p->mutex);
42942 - list_add_tail(&sif->node, &subsys->p->interfaces);
42943 + pax_list_add_tail((struct list_head *)&sif->node, &subsys->p->interfaces);
42944 if (sif->add_dev) {
42945 subsys_dev_iter_init(&iter, subsys, NULL, NULL);
42946 while ((dev = subsys_dev_iter_next(&iter)))
42947 @@ -1161,7 +1161,7 @@ void subsys_interface_unregister(struct subsys_interface *sif)
42948 subsys = sif->subsys;
42949
42950 mutex_lock(&subsys->p->mutex);
42951 - list_del_init(&sif->node);
42952 + pax_list_del_init((struct list_head *)&sif->node);
42953 if (sif->remove_dev) {
42954 subsys_dev_iter_init(&iter, subsys, NULL, NULL);
42955 while ((dev = subsys_dev_iter_next(&iter)))
42956 diff --git a/drivers/base/devres.c b/drivers/base/devres.c
42957 index 8fc654f..36e28e9 100644
42958 --- a/drivers/base/devres.c
42959 +++ b/drivers/base/devres.c
42960 @@ -476,7 +476,9 @@ static int remove_nodes(struct device *dev,
42961
42962 static int release_nodes(struct device *dev, struct list_head *first,
42963 struct list_head *end, unsigned long flags)
42964 - __releases(&dev->devres_lock)
42965 + __releases(&dev->devres_lock);
42966 +static int release_nodes(struct device *dev, struct list_head *first,
42967 + struct list_head *end, unsigned long flags)
42968 {
42969 LIST_HEAD(todo);
42970 int cnt;
42971 diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c
42972 index 44a74cf..a5dd826 100644
42973 --- a/drivers/base/devtmpfs.c
42974 +++ b/drivers/base/devtmpfs.c
42975 @@ -354,7 +354,7 @@ int devtmpfs_mount(const char *mntdir)
42976 if (!thread)
42977 return 0;
42978
42979 - err = sys_mount("devtmpfs", (char *)mntdir, "devtmpfs", MS_SILENT, NULL);
42980 + err = sys_mount((char __force_user *)"devtmpfs", (char __force_user *)mntdir, (char __force_user *)"devtmpfs", MS_SILENT, NULL);
42981 if (err)
42982 printk(KERN_INFO "devtmpfs: error mounting %i\n", err);
42983 else
42984 @@ -380,11 +380,11 @@ static int devtmpfsd(void *p)
42985 *err = sys_unshare(CLONE_NEWNS);
42986 if (*err)
42987 goto out;
42988 - *err = sys_mount("devtmpfs", "/", "devtmpfs", MS_SILENT, options);
42989 + *err = sys_mount((char __force_user *)"devtmpfs", (char __force_user *)"/", (char __force_user *)"devtmpfs", MS_SILENT, (char __force_user *)options);
42990 if (*err)
42991 goto out;
42992 - sys_chdir("/.."); /* will traverse into overmounted root */
42993 - sys_chroot(".");
42994 + sys_chdir((char __force_user *)"/.."); /* will traverse into overmounted root */
42995 + sys_chroot((char __force_user *)".");
42996 complete(&setup_done);
42997 while (1) {
42998 spin_lock(&req_lock);
42999 diff --git a/drivers/base/node.c b/drivers/base/node.c
43000 index 5548f96..3cbdfc1 100644
43001 --- a/drivers/base/node.c
43002 +++ b/drivers/base/node.c
43003 @@ -638,7 +638,7 @@ static ssize_t print_nodes_state(enum node_states state, char *buf)
43004 struct node_attr {
43005 struct device_attribute attr;
43006 enum node_states state;
43007 -};
43008 +} __do_const;
43009
43010 static ssize_t show_node_state(struct device *dev,
43011 struct device_attribute *attr, char *buf)
43012 diff --git a/drivers/base/platform-msi.c b/drivers/base/platform-msi.c
43013 index 279e539..4c9d7fb 100644
43014 --- a/drivers/base/platform-msi.c
43015 +++ b/drivers/base/platform-msi.c
43016 @@ -24,6 +24,8 @@
43017 #include <linux/msi.h>
43018 #include <linux/slab.h>
43019
43020 +#include <asm/pgtable.h>
43021 +
43022 #define DEV_ID_SHIFT 21
43023 #define MAX_DEV_MSIS (1 << (32 - DEV_ID_SHIFT))
43024
43025 @@ -81,10 +83,12 @@ static void platform_msi_update_dom_ops(struct msi_domain_info *info)
43026
43027 BUG_ON(!ops);
43028
43029 + pax_open_kernel();
43030 if (ops->msi_init == NULL)
43031 - ops->msi_init = platform_msi_init;
43032 + const_cast(ops->msi_init) = platform_msi_init;
43033 if (ops->set_desc == NULL)
43034 - ops->set_desc = platform_msi_set_desc;
43035 + const_cast(ops->set_desc) = platform_msi_set_desc;
43036 + pax_close_kernel();
43037 }
43038
43039 static void platform_msi_write_msg(struct irq_data *data, struct msi_msg *msg)
43040 @@ -102,16 +106,18 @@ static void platform_msi_update_chip_ops(struct msi_domain_info *info)
43041 struct irq_chip *chip = info->chip;
43042
43043 BUG_ON(!chip);
43044 + pax_open_kernel();
43045 if (!chip->irq_mask)
43046 - chip->irq_mask = irq_chip_mask_parent;
43047 + const_cast(chip->irq_mask) = irq_chip_mask_parent;
43048 if (!chip->irq_unmask)
43049 - chip->irq_unmask = irq_chip_unmask_parent;
43050 + const_cast(chip->irq_unmask) = irq_chip_unmask_parent;
43051 if (!chip->irq_eoi)
43052 - chip->irq_eoi = irq_chip_eoi_parent;
43053 + const_cast(chip->irq_eoi) = irq_chip_eoi_parent;
43054 if (!chip->irq_set_affinity)
43055 - chip->irq_set_affinity = msi_domain_set_affinity;
43056 + const_cast(chip->irq_set_affinity) = msi_domain_set_affinity;
43057 if (!chip->irq_write_msi_msg)
43058 - chip->irq_write_msi_msg = platform_msi_write_msg;
43059 + const_cast(chip->irq_write_msi_msg) = platform_msi_write_msg;
43060 + pax_close_kernel();
43061 }
43062
43063 static void platform_msi_free_descs(struct device *dev, int base, int nvec)
43064 diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
43065 index a1f2aff..58bf1bc 100644
43066 --- a/drivers/base/power/domain.c
43067 +++ b/drivers/base/power/domain.c
43068 @@ -1621,8 +1621,10 @@ int genpd_dev_pm_attach(struct device *dev)
43069 goto out;
43070 }
43071
43072 - dev->pm_domain->detach = genpd_dev_pm_detach;
43073 - dev->pm_domain->sync = genpd_dev_pm_sync;
43074 + pax_open_kernel();
43075 + const_cast(dev->pm_domain->detach) = genpd_dev_pm_detach;
43076 + const_cast(dev->pm_domain->sync) = genpd_dev_pm_sync;
43077 + pax_close_kernel();
43078
43079 mutex_lock(&pd->lock);
43080 ret = genpd_poweron(pd, 0);
43081 diff --git a/drivers/base/power/runtime.c b/drivers/base/power/runtime.c
43082 index 82a081e..b13ec3b 100644
43083 --- a/drivers/base/power/runtime.c
43084 +++ b/drivers/base/power/runtime.c
43085 @@ -16,35 +16,32 @@
43086
43087 typedef int (*pm_callback_t)(struct device *);
43088
43089 -static pm_callback_t __rpm_get_callback(struct device *dev, size_t cb_offset)
43090 -{
43091 - pm_callback_t cb;
43092 - const struct dev_pm_ops *ops;
43093 -
43094 - if (dev->pm_domain)
43095 - ops = &dev->pm_domain->ops;
43096 - else if (dev->type && dev->type->pm)
43097 - ops = dev->type->pm;
43098 - else if (dev->class && dev->class->pm)
43099 - ops = dev->class->pm;
43100 - else if (dev->bus && dev->bus->pm)
43101 - ops = dev->bus->pm;
43102 - else
43103 - ops = NULL;
43104 -
43105 - if (ops)
43106 - cb = *(pm_callback_t *)((void *)ops + cb_offset);
43107 - else
43108 - cb = NULL;
43109 -
43110 - if (!cb && dev->driver && dev->driver->pm)
43111 - cb = *(pm_callback_t *)((void *)dev->driver->pm + cb_offset);
43112 -
43113 - return cb;
43114 -}
43115 -
43116 -#define RPM_GET_CALLBACK(dev, callback) \
43117 - __rpm_get_callback(dev, offsetof(struct dev_pm_ops, callback))
43118 +#define RPM_GET_CALLBACK(dev, callback) \
43119 +({ \
43120 + pm_callback_t cb; \
43121 + const struct dev_pm_ops *ops; \
43122 + \
43123 + if (dev->pm_domain) \
43124 + ops = &dev->pm_domain->ops; \
43125 + else if (dev->type && dev->type->pm) \
43126 + ops = dev->type->pm; \
43127 + else if (dev->class && dev->class->pm) \
43128 + ops = dev->class->pm; \
43129 + else if (dev->bus && dev->bus->pm) \
43130 + ops = dev->bus->pm; \
43131 + else \
43132 + ops = NULL; \
43133 + \
43134 + if (ops) \
43135 + cb = ops->callback; \
43136 + else \
43137 + cb = NULL; \
43138 + \
43139 + if (!cb && dev->driver && dev->driver->pm) \
43140 + cb = dev->driver->pm->callback; \
43141 + \
43142 + cb; \
43143 +})
43144
43145 static int rpm_resume(struct device *dev, int rpmflags);
43146 static int rpm_suspend(struct device *dev, int rpmflags);
43147 @@ -263,8 +260,8 @@ static int rpm_check_suspend_allowed(struct device *dev)
43148 * @cb: Runtime PM callback to run.
43149 * @dev: Device to run the callback for.
43150 */
43151 +static int __rpm_callback(int (*cb)(struct device *), struct device *dev) __must_hold(&dev->power.lock);
43152 static int __rpm_callback(int (*cb)(struct device *), struct device *dev)
43153 - __releases(&dev->power.lock) __acquires(&dev->power.lock)
43154 {
43155 int retval;
43156
43157 @@ -412,8 +409,8 @@ static int rpm_callback(int (*cb)(struct device *), struct device *dev)
43158 *
43159 * This function must be called under dev->power.lock with interrupts disabled.
43160 */
43161 +static int rpm_suspend(struct device *dev, int rpmflags) __must_hold(&dev->power.lock);
43162 static int rpm_suspend(struct device *dev, int rpmflags)
43163 - __releases(&dev->power.lock) __acquires(&dev->power.lock)
43164 {
43165 int (*callback)(struct device *);
43166 struct device *parent = NULL;
43167 @@ -594,8 +591,8 @@ static int rpm_suspend(struct device *dev, int rpmflags)
43168 *
43169 * This function must be called under dev->power.lock with interrupts disabled.
43170 */
43171 +static int rpm_resume(struct device *dev, int rpmflags) __must_hold(&dev->power.lock);
43172 static int rpm_resume(struct device *dev, int rpmflags)
43173 - __releases(&dev->power.lock) __acquires(&dev->power.lock)
43174 {
43175 int (*callback)(struct device *);
43176 struct device *parent = NULL;
43177 diff --git a/drivers/base/power/sysfs.c b/drivers/base/power/sysfs.c
43178 index a7b4679..d302490 100644
43179 --- a/drivers/base/power/sysfs.c
43180 +++ b/drivers/base/power/sysfs.c
43181 @@ -181,7 +181,7 @@ static ssize_t rtpm_status_show(struct device *dev,
43182 return -EIO;
43183 }
43184 }
43185 - return sprintf(buf, p);
43186 + return sprintf(buf, "%s", p);
43187 }
43188
43189 static DEVICE_ATTR(runtime_status, 0444, rtpm_status_show, NULL);
43190 diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c
43191 index 62e4de2..38961cd 100644
43192 --- a/drivers/base/power/wakeup.c
43193 +++ b/drivers/base/power/wakeup.c
43194 @@ -36,14 +36,14 @@ static bool pm_abort_suspend __read_mostly;
43195 * They need to be modified together atomically, so it's better to use one
43196 * atomic variable to hold them both.
43197 */
43198 -static atomic_t combined_event_count = ATOMIC_INIT(0);
43199 +static atomic_unchecked_t combined_event_count = ATOMIC_INIT(0);
43200
43201 #define IN_PROGRESS_BITS (sizeof(int) * 4)
43202 #define MAX_IN_PROGRESS ((1 << IN_PROGRESS_BITS) - 1)
43203
43204 static void split_counters(unsigned int *cnt, unsigned int *inpr)
43205 {
43206 - unsigned int comb = atomic_read(&combined_event_count);
43207 + unsigned int comb = atomic_read_unchecked(&combined_event_count);
43208
43209 *cnt = (comb >> IN_PROGRESS_BITS);
43210 *inpr = comb & MAX_IN_PROGRESS;
43211 @@ -538,7 +538,7 @@ static void wakeup_source_activate(struct wakeup_source *ws)
43212 ws->start_prevent_time = ws->last_time;
43213
43214 /* Increment the counter of events in progress. */
43215 - cec = atomic_inc_return(&combined_event_count);
43216 + cec = atomic_inc_return_unchecked(&combined_event_count);
43217
43218 trace_wakeup_source_activate(ws->name, cec);
43219 }
43220 @@ -664,7 +664,7 @@ static void wakeup_source_deactivate(struct wakeup_source *ws)
43221 * Increment the counter of registered wakeup events and decrement the
43222 * couter of wakeup events in progress simultaneously.
43223 */
43224 - cec = atomic_add_return(MAX_IN_PROGRESS, &combined_event_count);
43225 + cec = atomic_add_return_unchecked(MAX_IN_PROGRESS, &combined_event_count);
43226 trace_wakeup_source_deactivate(ws->name, cec);
43227
43228 split_counters(&cnt, &inpr);
43229 diff --git a/drivers/base/regmap/regmap-debugfs.c b/drivers/base/regmap/regmap-debugfs.c
43230 index 1ee3d40..a41544a 100644
43231 --- a/drivers/base/regmap/regmap-debugfs.c
43232 +++ b/drivers/base/regmap/regmap-debugfs.c
43233 @@ -400,7 +400,7 @@ static const struct file_operations regmap_reg_ranges_fops = {
43234 static int regmap_access_show(struct seq_file *s, void *ignored)
43235 {
43236 struct regmap *map = s->private;
43237 - int i, reg_len;
43238 + unsigned int i, reg_len;
43239
43240 reg_len = regmap_calc_reg_len(map->max_register);
43241
43242 diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c
43243 index e964d06..633487f 100644
43244 --- a/drivers/base/regmap/regmap.c
43245 +++ b/drivers/base/regmap/regmap.c
43246 @@ -402,8 +402,8 @@ static void regmap_unlock_mutex(void *__map)
43247 mutex_unlock(&map->mutex);
43248 }
43249
43250 +static void regmap_lock_spinlock(void *__map) __acquires(&map->spinlock);
43251 static void regmap_lock_spinlock(void *__map)
43252 -__acquires(&map->spinlock)
43253 {
43254 struct regmap *map = __map;
43255 unsigned long flags;
43256 @@ -412,8 +412,8 @@ __acquires(&map->spinlock)
43257 map->spinlock_flags = flags;
43258 }
43259
43260 +static void regmap_unlock_spinlock(void *__map) __releases(&map->spinlock);
43261 static void regmap_unlock_spinlock(void *__map)
43262 -__releases(&map->spinlock)
43263 {
43264 struct regmap *map = __map;
43265 spin_unlock_irqrestore(&map->spinlock, map->spinlock_flags);
43266 diff --git a/drivers/base/syscore.c b/drivers/base/syscore.c
43267 index 8d98a32..61d3165 100644
43268 --- a/drivers/base/syscore.c
43269 +++ b/drivers/base/syscore.c
43270 @@ -22,7 +22,7 @@ static DEFINE_MUTEX(syscore_ops_lock);
43271 void register_syscore_ops(struct syscore_ops *ops)
43272 {
43273 mutex_lock(&syscore_ops_lock);
43274 - list_add_tail(&ops->node, &syscore_ops_list);
43275 + pax_list_add_tail((struct list_head *)&ops->node, &syscore_ops_list);
43276 mutex_unlock(&syscore_ops_lock);
43277 }
43278 EXPORT_SYMBOL_GPL(register_syscore_ops);
43279 @@ -34,7 +34,7 @@ EXPORT_SYMBOL_GPL(register_syscore_ops);
43280 void unregister_syscore_ops(struct syscore_ops *ops)
43281 {
43282 mutex_lock(&syscore_ops_lock);
43283 - list_del(&ops->node);
43284 + pax_list_del((struct list_head *)&ops->node);
43285 mutex_unlock(&syscore_ops_lock);
43286 }
43287 EXPORT_SYMBOL_GPL(unregister_syscore_ops);
43288 diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
43289 index db9d6bb..9c5dc78 100644
43290 --- a/drivers/block/cciss.c
43291 +++ b/drivers/block/cciss.c
43292 @@ -3017,7 +3017,7 @@ static void start_io(ctlr_info_t *h)
43293 while (!list_empty(&h->reqQ)) {
43294 c = list_entry(h->reqQ.next, CommandList_struct, list);
43295 /* can't do anything if fifo is full */
43296 - if ((h->access.fifo_full(h))) {
43297 + if ((h->access->fifo_full(h))) {
43298 dev_warn(&h->pdev->dev, "fifo full\n");
43299 break;
43300 }
43301 @@ -3027,7 +3027,7 @@ static void start_io(ctlr_info_t *h)
43302 h->Qdepth--;
43303
43304 /* Tell the controller execute command */
43305 - h->access.submit_command(h, c);
43306 + h->access->submit_command(h, c);
43307
43308 /* Put job onto the completed Q */
43309 addQ(&h->cmpQ, c);
43310 @@ -3453,17 +3453,17 @@ startio:
43311
43312 static inline unsigned long get_next_completion(ctlr_info_t *h)
43313 {
43314 - return h->access.command_completed(h);
43315 + return h->access->command_completed(h);
43316 }
43317
43318 static inline int interrupt_pending(ctlr_info_t *h)
43319 {
43320 - return h->access.intr_pending(h);
43321 + return h->access->intr_pending(h);
43322 }
43323
43324 static inline long interrupt_not_for_us(ctlr_info_t *h)
43325 {
43326 - return ((h->access.intr_pending(h) == 0) ||
43327 + return ((h->access->intr_pending(h) == 0) ||
43328 (h->interrupts_enabled == 0));
43329 }
43330
43331 @@ -3496,7 +3496,7 @@ static inline u32 next_command(ctlr_info_t *h)
43332 u32 a;
43333
43334 if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant)))
43335 - return h->access.command_completed(h);
43336 + return h->access->command_completed(h);
43337
43338 if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) {
43339 a = *(h->reply_pool_head); /* Next cmd in ring buffer */
43340 @@ -4053,7 +4053,7 @@ static void cciss_put_controller_into_performant_mode(ctlr_info_t *h)
43341 trans_support & CFGTBL_Trans_use_short_tags);
43342
43343 /* Change the access methods to the performant access methods */
43344 - h->access = SA5_performant_access;
43345 + h->access = &SA5_performant_access;
43346 h->transMethod = CFGTBL_Trans_Performant;
43347
43348 return;
43349 @@ -4327,7 +4327,7 @@ static int cciss_pci_init(ctlr_info_t *h)
43350 if (prod_index < 0)
43351 return -ENODEV;
43352 h->product_name = products[prod_index].product_name;
43353 - h->access = *(products[prod_index].access);
43354 + h->access = products[prod_index].access;
43355
43356 if (cciss_board_disabled(h)) {
43357 dev_warn(&h->pdev->dev, "controller appears to be disabled\n");
43358 @@ -5058,7 +5058,7 @@ reinit_after_soft_reset:
43359 }
43360
43361 /* make sure the board interrupts are off */
43362 - h->access.set_intr_mask(h, CCISS_INTR_OFF);
43363 + h->access->set_intr_mask(h, CCISS_INTR_OFF);
43364 rc = cciss_request_irq(h, do_cciss_msix_intr, do_cciss_intx);
43365 if (rc)
43366 goto clean2;
43367 @@ -5108,7 +5108,7 @@ reinit_after_soft_reset:
43368 * fake ones to scoop up any residual completions.
43369 */
43370 spin_lock_irqsave(&h->lock, flags);
43371 - h->access.set_intr_mask(h, CCISS_INTR_OFF);
43372 + h->access->set_intr_mask(h, CCISS_INTR_OFF);
43373 spin_unlock_irqrestore(&h->lock, flags);
43374 free_irq(h->intr[h->intr_mode], h);
43375 rc = cciss_request_irq(h, cciss_msix_discard_completions,
43376 @@ -5128,9 +5128,9 @@ reinit_after_soft_reset:
43377 dev_info(&h->pdev->dev, "Board READY.\n");
43378 dev_info(&h->pdev->dev,
43379 "Waiting for stale completions to drain.\n");
43380 - h->access.set_intr_mask(h, CCISS_INTR_ON);
43381 + h->access->set_intr_mask(h, CCISS_INTR_ON);
43382 msleep(10000);
43383 - h->access.set_intr_mask(h, CCISS_INTR_OFF);
43384 + h->access->set_intr_mask(h, CCISS_INTR_OFF);
43385
43386 rc = controller_reset_failed(h->cfgtable);
43387 if (rc)
43388 @@ -5153,7 +5153,7 @@ reinit_after_soft_reset:
43389 cciss_scsi_setup(h);
43390
43391 /* Turn the interrupts on so we can service requests */
43392 - h->access.set_intr_mask(h, CCISS_INTR_ON);
43393 + h->access->set_intr_mask(h, CCISS_INTR_ON);
43394
43395 /* Get the firmware version */
43396 inq_buff = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL);
43397 @@ -5225,7 +5225,7 @@ static void cciss_shutdown(struct pci_dev *pdev)
43398 kfree(flush_buf);
43399 if (return_code != IO_OK)
43400 dev_warn(&h->pdev->dev, "Error flushing cache\n");
43401 - h->access.set_intr_mask(h, CCISS_INTR_OFF);
43402 + h->access->set_intr_mask(h, CCISS_INTR_OFF);
43403 free_irq(h->intr[h->intr_mode], h);
43404 }
43405
43406 diff --git a/drivers/block/cciss.h b/drivers/block/cciss.h
43407 index 7fda30e..2f27946 100644
43408 --- a/drivers/block/cciss.h
43409 +++ b/drivers/block/cciss.h
43410 @@ -101,7 +101,7 @@ struct ctlr_info
43411 /* information about each logical volume */
43412 drive_info_struct *drv[CISS_MAX_LUN];
43413
43414 - struct access_method access;
43415 + struct access_method *access;
43416
43417 /* queue and queue Info */
43418 struct list_head reqQ;
43419 @@ -402,27 +402,27 @@ static bool SA5_performant_intr_pending(ctlr_info_t *h)
43420 }
43421
43422 static struct access_method SA5_access = {
43423 - SA5_submit_command,
43424 - SA5_intr_mask,
43425 - SA5_fifo_full,
43426 - SA5_intr_pending,
43427 - SA5_completed,
43428 + .submit_command = SA5_submit_command,
43429 + .set_intr_mask = SA5_intr_mask,
43430 + .fifo_full = SA5_fifo_full,
43431 + .intr_pending = SA5_intr_pending,
43432 + .command_completed = SA5_completed,
43433 };
43434
43435 static struct access_method SA5B_access = {
43436 - SA5_submit_command,
43437 - SA5B_intr_mask,
43438 - SA5_fifo_full,
43439 - SA5B_intr_pending,
43440 - SA5_completed,
43441 + .submit_command = SA5_submit_command,
43442 + .set_intr_mask = SA5B_intr_mask,
43443 + .fifo_full = SA5_fifo_full,
43444 + .intr_pending = SA5B_intr_pending,
43445 + .command_completed = SA5_completed,
43446 };
43447
43448 static struct access_method SA5_performant_access = {
43449 - SA5_submit_command,
43450 - SA5_performant_intr_mask,
43451 - SA5_fifo_full,
43452 - SA5_performant_intr_pending,
43453 - SA5_performant_completed,
43454 + .submit_command = SA5_submit_command,
43455 + .set_intr_mask = SA5_performant_intr_mask,
43456 + .fifo_full = SA5_fifo_full,
43457 + .intr_pending = SA5_performant_intr_pending,
43458 + .command_completed = SA5_performant_completed,
43459 };
43460
43461 struct board_type {
43462 diff --git a/drivers/block/drbd/drbd_bitmap.c b/drivers/block/drbd/drbd_bitmap.c
43463 index ab62b81..8f38450 100644
43464 --- a/drivers/block/drbd/drbd_bitmap.c
43465 +++ b/drivers/block/drbd/drbd_bitmap.c
43466 @@ -1034,7 +1034,7 @@ static void bm_page_io_async(struct drbd_bm_aio_ctx *ctx, int page_nr) __must_ho
43467 submit_bio(bio);
43468 /* this should not count as user activity and cause the
43469 * resync to throttle -- see drbd_rs_should_slow_down(). */
43470 - atomic_add(len >> 9, &device->rs_sect_ev);
43471 + atomic_add_unchecked(len >> 9, &device->rs_sect_ev);
43472 }
43473 }
43474
43475 diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h
43476 index 4cb8f21..fc2c3e2 100644
43477 --- a/drivers/block/drbd/drbd_int.h
43478 +++ b/drivers/block/drbd/drbd_int.h
43479 @@ -383,7 +383,7 @@ struct drbd_epoch {
43480 struct drbd_connection *connection;
43481 struct list_head list;
43482 unsigned int barrier_nr;
43483 - atomic_t epoch_size; /* increased on every request added. */
43484 + atomic_unchecked_t epoch_size; /* increased on every request added. */
43485 atomic_t active; /* increased on every req. added, and dec on every finished. */
43486 unsigned long flags;
43487 };
43488 @@ -595,8 +595,8 @@ struct drbd_md {
43489 u32 flags;
43490 u32 md_size_sect;
43491
43492 - s32 al_offset; /* signed relative sector offset to activity log */
43493 - s32 bm_offset; /* signed relative sector offset to bitmap */
43494 + s32 al_offset __intentional_overflow(0); /* signed relative sector offset to activity log */
43495 + s32 bm_offset __intentional_overflow(0); /* signed relative sector offset to bitmap */
43496
43497 /* cached value of bdev->disk_conf->meta_dev_idx (see below) */
43498 s32 meta_dev_idx;
43499 @@ -960,7 +960,7 @@ struct drbd_device {
43500 unsigned int al_tr_number;
43501 int al_tr_cycle;
43502 wait_queue_head_t seq_wait;
43503 - atomic_t packet_seq;
43504 + atomic_unchecked_t packet_seq;
43505 unsigned int peer_seq;
43506 spinlock_t peer_seq_lock;
43507 unsigned long comm_bm_set; /* communicated number of set bits. */
43508 @@ -969,8 +969,8 @@ struct drbd_device {
43509 struct mutex own_state_mutex;
43510 struct mutex *state_mutex; /* either own_state_mutex or first_peer_device(device)->connection->cstate_mutex */
43511 char congestion_reason; /* Why we where congested... */
43512 - atomic_t rs_sect_in; /* for incoming resync data rate, SyncTarget */
43513 - atomic_t rs_sect_ev; /* for submitted resync data rate, both */
43514 + atomic_unchecked_t rs_sect_in; /* for incoming resync data rate, SyncTarget */
43515 + atomic_unchecked_t rs_sect_ev; /* for submitted resync data rate, both */
43516 int rs_last_sect_ev; /* counter to compare with */
43517 int rs_last_events; /* counter of read or write "events" (unit sectors)
43518 * on the lower level device when we last looked. */
43519 diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
43520 index 100be55..eead333 100644
43521 --- a/drivers/block/drbd/drbd_main.c
43522 +++ b/drivers/block/drbd/drbd_main.c
43523 @@ -1363,7 +1363,7 @@ static int _drbd_send_ack(struct drbd_peer_device *peer_device, enum drbd_packet
43524 p->sector = sector;
43525 p->block_id = block_id;
43526 p->blksize = blksize;
43527 - p->seq_num = cpu_to_be32(atomic_inc_return(&peer_device->device->packet_seq));
43528 + p->seq_num = cpu_to_be32(atomic_inc_return_unchecked(&peer_device->device->packet_seq));
43529 return drbd_send_command(peer_device, sock, cmd, sizeof(*p), NULL, 0);
43530 }
43531
43532 @@ -1695,7 +1695,7 @@ int drbd_send_dblock(struct drbd_peer_device *peer_device, struct drbd_request *
43533 return -EIO;
43534 p->sector = cpu_to_be64(req->i.sector);
43535 p->block_id = (unsigned long)req;
43536 - p->seq_num = cpu_to_be32(atomic_inc_return(&device->packet_seq));
43537 + p->seq_num = cpu_to_be32(atomic_inc_return_unchecked(&device->packet_seq));
43538 dp_flags = bio_flags_to_wire(peer_device->connection, req->master_bio);
43539 if (device->state.conn >= C_SYNC_SOURCE &&
43540 device->state.conn <= C_PAUSED_SYNC_T)
43541 @@ -1984,8 +1984,8 @@ void drbd_init_set_defaults(struct drbd_device *device)
43542 atomic_set(&device->unacked_cnt, 0);
43543 atomic_set(&device->local_cnt, 0);
43544 atomic_set(&device->pp_in_use_by_net, 0);
43545 - atomic_set(&device->rs_sect_in, 0);
43546 - atomic_set(&device->rs_sect_ev, 0);
43547 + atomic_set_unchecked(&device->rs_sect_in, 0);
43548 + atomic_set_unchecked(&device->rs_sect_ev, 0);
43549 atomic_set(&device->ap_in_flight, 0);
43550 atomic_set(&device->md_io.in_use, 0);
43551
43552 @@ -2752,8 +2752,8 @@ void drbd_destroy_connection(struct kref *kref)
43553 struct drbd_connection *connection = container_of(kref, struct drbd_connection, kref);
43554 struct drbd_resource *resource = connection->resource;
43555
43556 - if (atomic_read(&connection->current_epoch->epoch_size) != 0)
43557 - drbd_err(connection, "epoch_size:%d\n", atomic_read(&connection->current_epoch->epoch_size));
43558 + if (atomic_read_unchecked(&connection->current_epoch->epoch_size) != 0)
43559 + drbd_err(connection, "epoch_size:%d\n", atomic_read_unchecked(&connection->current_epoch->epoch_size));
43560 kfree(connection->current_epoch);
43561
43562 idr_destroy(&connection->peer_devices);
43563 diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c
43564 index f35db29..ac6c472 100644
43565 --- a/drivers/block/drbd/drbd_nl.c
43566 +++ b/drivers/block/drbd/drbd_nl.c
43567 @@ -89,8 +89,8 @@ int drbd_adm_get_initial_state(struct sk_buff *skb, struct netlink_callback *cb)
43568 #include "drbd_nla.h"
43569 #include <linux/genl_magic_func.h>
43570
43571 -static atomic_t drbd_genl_seq = ATOMIC_INIT(2); /* two. */
43572 -static atomic_t notify_genl_seq = ATOMIC_INIT(2); /* two. */
43573 +static atomic_unchecked_t drbd_genl_seq = ATOMIC_INIT(2); /* two. */
43574 +static atomic_unchecked_t notify_genl_seq = ATOMIC_INIT(2); /* two. */
43575
43576 DEFINE_MUTEX(notification_mutex);
43577
43578 @@ -4549,7 +4549,7 @@ void drbd_bcast_event(struct drbd_device *device, const struct sib_info *sib)
43579 unsigned seq;
43580 int err = -ENOMEM;
43581
43582 - seq = atomic_inc_return(&drbd_genl_seq);
43583 + seq = atomic_inc_return_unchecked(&drbd_genl_seq);
43584 msg = genlmsg_new(NLMSG_GOODSIZE, GFP_NOIO);
43585 if (!msg)
43586 goto failed;
43587 @@ -4601,7 +4601,7 @@ void notify_resource_state(struct sk_buff *skb,
43588 int err;
43589
43590 if (!skb) {
43591 - seq = atomic_inc_return(&notify_genl_seq);
43592 + seq = atomic_inc_return_unchecked(&notify_genl_seq);
43593 skb = genlmsg_new(NLMSG_GOODSIZE, GFP_NOIO);
43594 err = -ENOMEM;
43595 if (!skb)
43596 @@ -4652,7 +4652,7 @@ void notify_device_state(struct sk_buff *skb,
43597 int err;
43598
43599 if (!skb) {
43600 - seq = atomic_inc_return(&notify_genl_seq);
43601 + seq = atomic_inc_return_unchecked(&notify_genl_seq);
43602 skb = genlmsg_new(NLMSG_GOODSIZE, GFP_NOIO);
43603 err = -ENOMEM;
43604 if (!skb)
43605 @@ -4701,7 +4701,7 @@ void notify_connection_state(struct sk_buff *skb,
43606 int err;
43607
43608 if (!skb) {
43609 - seq = atomic_inc_return(&notify_genl_seq);
43610 + seq = atomic_inc_return_unchecked(&notify_genl_seq);
43611 skb = genlmsg_new(NLMSG_GOODSIZE, GFP_NOIO);
43612 err = -ENOMEM;
43613 if (!skb)
43614 @@ -4751,7 +4751,7 @@ void notify_peer_device_state(struct sk_buff *skb,
43615 int err;
43616
43617 if (!skb) {
43618 - seq = atomic_inc_return(&notify_genl_seq);
43619 + seq = atomic_inc_return_unchecked(&notify_genl_seq);
43620 skb = genlmsg_new(NLMSG_GOODSIZE, GFP_NOIO);
43621 err = -ENOMEM;
43622 if (!skb)
43623 @@ -4794,7 +4794,7 @@ void notify_helper(enum drbd_notification_type type,
43624 {
43625 struct drbd_resource *resource = device ? device->resource : connection->resource;
43626 struct drbd_helper_info helper_info;
43627 - unsigned int seq = atomic_inc_return(&notify_genl_seq);
43628 + unsigned int seq = atomic_inc_return_unchecked(&notify_genl_seq);
43629 struct sk_buff *skb = NULL;
43630 struct drbd_genlmsghdr *dh;
43631 int err;
43632 diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c
43633 index 942384f..2a20af4 100644
43634 --- a/drivers/block/drbd/drbd_receiver.c
43635 +++ b/drivers/block/drbd/drbd_receiver.c
43636 @@ -898,7 +898,7 @@ int drbd_connected(struct drbd_peer_device *peer_device)
43637 struct drbd_device *device = peer_device->device;
43638 int err;
43639
43640 - atomic_set(&device->packet_seq, 0);
43641 + atomic_set_unchecked(&device->packet_seq, 0);
43642 device->peer_seq = 0;
43643
43644 device->state_mutex = peer_device->connection->agreed_pro_version < 100 ?
43645 @@ -1333,7 +1333,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_connection *connectio
43646 do {
43647 next_epoch = NULL;
43648
43649 - epoch_size = atomic_read(&epoch->epoch_size);
43650 + epoch_size = atomic_read_unchecked(&epoch->epoch_size);
43651
43652 switch (ev & ~EV_CLEANUP) {
43653 case EV_PUT:
43654 @@ -1373,7 +1373,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_connection *connectio
43655 rv = FE_DESTROYED;
43656 } else {
43657 epoch->flags = 0;
43658 - atomic_set(&epoch->epoch_size, 0);
43659 + atomic_set_unchecked(&epoch->epoch_size, 0);
43660 /* atomic_set(&epoch->active, 0); is already zero */
43661 if (rv == FE_STILL_LIVE)
43662 rv = FE_RECYCLED;
43663 @@ -1759,7 +1759,7 @@ static int receive_Barrier(struct drbd_connection *connection, struct packet_inf
43664 conn_wait_active_ee_empty(connection);
43665 drbd_flush(connection);
43666
43667 - if (atomic_read(&connection->current_epoch->epoch_size)) {
43668 + if (atomic_read_unchecked(&connection->current_epoch->epoch_size)) {
43669 epoch = kmalloc(sizeof(struct drbd_epoch), GFP_NOIO);
43670 if (epoch)
43671 break;
43672 @@ -1773,11 +1773,11 @@ static int receive_Barrier(struct drbd_connection *connection, struct packet_inf
43673 }
43674
43675 epoch->flags = 0;
43676 - atomic_set(&epoch->epoch_size, 0);
43677 + atomic_set_unchecked(&epoch->epoch_size, 0);
43678 atomic_set(&epoch->active, 0);
43679
43680 spin_lock(&connection->epoch_lock);
43681 - if (atomic_read(&connection->current_epoch->epoch_size)) {
43682 + if (atomic_read_unchecked(&connection->current_epoch->epoch_size)) {
43683 list_add(&epoch->list, &connection->current_epoch->list);
43684 connection->current_epoch = epoch;
43685 connection->epochs++;
43686 @@ -2030,7 +2030,9 @@ static int e_end_resync_block(struct drbd_work *w, int unused)
43687 }
43688
43689 static int recv_resync_read(struct drbd_peer_device *peer_device, sector_t sector,
43690 - struct packet_info *pi) __releases(local)
43691 + struct packet_info *pi) __releases(local);
43692 +static int recv_resync_read(struct drbd_peer_device *peer_device, sector_t sector,
43693 + struct packet_info *pi)
43694 {
43695 struct drbd_device *device = peer_device->device;
43696 struct drbd_peer_request *peer_req;
43697 @@ -2052,7 +2054,7 @@ static int recv_resync_read(struct drbd_peer_device *peer_device, sector_t secto
43698 list_add_tail(&peer_req->w.list, &device->sync_ee);
43699 spin_unlock_irq(&device->resource->req_lock);
43700
43701 - atomic_add(pi->size >> 9, &device->rs_sect_ev);
43702 + atomic_add_unchecked(pi->size >> 9, &device->rs_sect_ev);
43703 if (drbd_submit_peer_request(device, peer_req, REQ_OP_WRITE, 0,
43704 DRBD_FAULT_RS_WR) == 0)
43705 return 0;
43706 @@ -2151,7 +2153,7 @@ static int receive_RSDataReply(struct drbd_connection *connection, struct packet
43707 drbd_send_ack_dp(peer_device, P_NEG_ACK, p, pi->size);
43708 }
43709
43710 - atomic_add(pi->size >> 9, &device->rs_sect_in);
43711 + atomic_add_unchecked(pi->size >> 9, &device->rs_sect_in);
43712
43713 return err;
43714 }
43715 @@ -2548,7 +2550,7 @@ static int receive_Data(struct drbd_connection *connection, struct packet_info *
43716
43717 err = wait_for_and_update_peer_seq(peer_device, peer_seq);
43718 drbd_send_ack_dp(peer_device, P_NEG_ACK, p, pi->size);
43719 - atomic_inc(&connection->current_epoch->epoch_size);
43720 + atomic_inc_unchecked(&connection->current_epoch->epoch_size);
43721 err2 = drbd_drain_block(peer_device, pi->size);
43722 if (!err)
43723 err = err2;
43724 @@ -2589,7 +2591,7 @@ static int receive_Data(struct drbd_connection *connection, struct packet_info *
43725
43726 spin_lock(&connection->epoch_lock);
43727 peer_req->epoch = connection->current_epoch;
43728 - atomic_inc(&peer_req->epoch->epoch_size);
43729 + atomic_inc_unchecked(&peer_req->epoch->epoch_size);
43730 atomic_inc(&peer_req->epoch->active);
43731 spin_unlock(&connection->epoch_lock);
43732
43733 @@ -2735,7 +2737,7 @@ bool drbd_rs_c_min_rate_throttle(struct drbd_device *device)
43734
43735 curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
43736 (int)part_stat_read(&disk->part0, sectors[1]) -
43737 - atomic_read(&device->rs_sect_ev);
43738 + atomic_read_unchecked(&device->rs_sect_ev);
43739
43740 if (atomic_read(&device->ap_actlog_cnt)
43741 || curr_events - device->rs_last_events > 64) {
43742 @@ -2881,7 +2883,7 @@ static int receive_DataRequest(struct drbd_connection *connection, struct packet
43743 device->use_csums = true;
43744 } else if (pi->cmd == P_OV_REPLY) {
43745 /* track progress, we may need to throttle */
43746 - atomic_add(size >> 9, &device->rs_sect_in);
43747 + atomic_add_unchecked(size >> 9, &device->rs_sect_in);
43748 peer_req->w.cb = w_e_end_ov_reply;
43749 dec_rs_pending(device);
43750 /* drbd_rs_begin_io done when we sent this request,
43751 @@ -2954,7 +2956,7 @@ static int receive_DataRequest(struct drbd_connection *connection, struct packet
43752 goto out_free_e;
43753
43754 submit_for_resync:
43755 - atomic_add(size >> 9, &device->rs_sect_ev);
43756 + atomic_add_unchecked(size >> 9, &device->rs_sect_ev);
43757
43758 submit:
43759 update_receiver_timing_details(connection, drbd_submit_peer_request);
43760 @@ -4907,7 +4909,7 @@ static int receive_rs_deallocated(struct drbd_connection *connection, struct pac
43761 list_add_tail(&peer_req->w.list, &device->sync_ee);
43762 spin_unlock_irq(&device->resource->req_lock);
43763
43764 - atomic_add(pi->size >> 9, &device->rs_sect_ev);
43765 + atomic_add_unchecked(pi->size >> 9, &device->rs_sect_ev);
43766 err = drbd_submit_peer_request(device, peer_req, op, 0, DRBD_FAULT_RS_WR);
43767
43768 if (err) {
43769 @@ -4931,7 +4933,7 @@ static int receive_rs_deallocated(struct drbd_connection *connection, struct pac
43770 drbd_send_ack_ex(peer_device, P_NEG_ACK, sector, size, ID_SYNCER);
43771 }
43772
43773 - atomic_add(size >> 9, &device->rs_sect_in);
43774 + atomic_add_unchecked(size >> 9, &device->rs_sect_in);
43775
43776 return err;
43777 }
43778 @@ -4940,7 +4942,7 @@ struct data_cmd {
43779 int expect_payload;
43780 unsigned int pkt_size;
43781 int (*fn)(struct drbd_connection *, struct packet_info *);
43782 -};
43783 +} __do_const;
43784
43785 static struct data_cmd drbd_cmd_handler[] = {
43786 [P_DATA] = { 1, sizeof(struct p_data), receive_Data },
43787 @@ -5068,7 +5070,7 @@ static void conn_disconnect(struct drbd_connection *connection)
43788 if (!list_empty(&connection->current_epoch->list))
43789 drbd_err(connection, "ASSERTION FAILED: connection->current_epoch->list not empty\n");
43790 /* ok, no more ee's on the fly, it is safe to reset the epoch_size */
43791 - atomic_set(&connection->current_epoch->epoch_size, 0);
43792 + atomic_set_unchecked(&connection->current_epoch->epoch_size, 0);
43793 connection->send.seen_any_write_yet = false;
43794
43795 drbd_info(connection, "Connection closed\n");
43796 @@ -5574,7 +5576,7 @@ static int got_IsInSync(struct drbd_connection *connection, struct packet_info *
43797 put_ldev(device);
43798 }
43799 dec_rs_pending(device);
43800 - atomic_add(blksize >> 9, &device->rs_sect_in);
43801 + atomic_add_unchecked(blksize >> 9, &device->rs_sect_in);
43802
43803 return 0;
43804 }
43805 @@ -5825,7 +5827,7 @@ static int got_skip(struct drbd_connection *connection, struct packet_info *pi)
43806 struct meta_sock_cmd {
43807 size_t pkt_size;
43808 int (*fn)(struct drbd_connection *connection, struct packet_info *);
43809 -};
43810 +} __do_const;
43811
43812 static void set_rcvtimeo(struct drbd_connection *connection, bool ping_timeout)
43813 {
43814 diff --git a/drivers/block/drbd/drbd_state.c b/drivers/block/drbd/drbd_state.c
43815 index eea0c4a..4eba9a8 100644
43816 --- a/drivers/block/drbd/drbd_state.c
43817 +++ b/drivers/block/drbd/drbd_state.c
43818 @@ -1507,9 +1507,10 @@ int drbd_bitmap_io_from_worker(struct drbd_device *device,
43819
43820 void notify_resource_state_change(struct sk_buff *skb,
43821 unsigned int seq,
43822 - struct drbd_resource_state_change *resource_state_change,
43823 + void *_resource_state_change,
43824 enum drbd_notification_type type)
43825 {
43826 + struct drbd_resource_state_change *resource_state_change = _resource_state_change;
43827 struct drbd_resource *resource = resource_state_change->resource;
43828 struct resource_info resource_info = {
43829 .res_role = resource_state_change->role[NEW],
43830 @@ -1523,9 +1524,10 @@ void notify_resource_state_change(struct sk_buff *skb,
43831
43832 void notify_connection_state_change(struct sk_buff *skb,
43833 unsigned int seq,
43834 - struct drbd_connection_state_change *connection_state_change,
43835 + void *_connection_state_change,
43836 enum drbd_notification_type type)
43837 {
43838 + struct drbd_connection_state_change *connection_state_change = _connection_state_change;
43839 struct drbd_connection *connection = connection_state_change->connection;
43840 struct connection_info connection_info = {
43841 .conn_connection_state = connection_state_change->cstate[NEW],
43842 @@ -1537,9 +1539,10 @@ void notify_connection_state_change(struct sk_buff *skb,
43843
43844 void notify_device_state_change(struct sk_buff *skb,
43845 unsigned int seq,
43846 - struct drbd_device_state_change *device_state_change,
43847 + void *_device_state_change,
43848 enum drbd_notification_type type)
43849 {
43850 + struct drbd_device_state_change *device_state_change = _device_state_change;
43851 struct drbd_device *device = device_state_change->device;
43852 struct device_info device_info = {
43853 .dev_disk_state = device_state_change->disk_state[NEW],
43854 @@ -1550,9 +1553,10 @@ void notify_device_state_change(struct sk_buff *skb,
43855
43856 void notify_peer_device_state_change(struct sk_buff *skb,
43857 unsigned int seq,
43858 - struct drbd_peer_device_state_change *p,
43859 + void *_p,
43860 enum drbd_notification_type type)
43861 {
43862 + struct drbd_peer_device_state_change *p = _p;
43863 struct drbd_peer_device *peer_device = p->peer_device;
43864 struct peer_device_info peer_device_info = {
43865 .peer_repl_state = p->repl_state[NEW],
43866 diff --git a/drivers/block/drbd/drbd_state.h b/drivers/block/drbd/drbd_state.h
43867 index 6c9d5d4..110f64d 100644
43868 --- a/drivers/block/drbd/drbd_state.h
43869 +++ b/drivers/block/drbd/drbd_state.h
43870 @@ -126,7 +126,7 @@ extern enum drbd_state_rv _drbd_set_state(struct drbd_device *, union drbd_state
43871 enum chg_state_flags,
43872 struct completion *done);
43873 extern void print_st_err(struct drbd_device *, union drbd_state,
43874 - union drbd_state, int);
43875 + union drbd_state, enum drbd_state_rv);
43876
43877 enum drbd_state_rv
43878 _conn_request_state(struct drbd_connection *connection, union drbd_state mask, union drbd_state val,
43879 diff --git a/drivers/block/drbd/drbd_state_change.h b/drivers/block/drbd/drbd_state_change.h
43880 index 9e503a1..ac60262 100644
43881 --- a/drivers/block/drbd/drbd_state_change.h
43882 +++ b/drivers/block/drbd/drbd_state_change.h
43883 @@ -45,19 +45,19 @@ extern void forget_state_change(struct drbd_state_change *);
43884
43885 extern void notify_resource_state_change(struct sk_buff *,
43886 unsigned int,
43887 - struct drbd_resource_state_change *,
43888 + void *,
43889 enum drbd_notification_type type);
43890 extern void notify_connection_state_change(struct sk_buff *,
43891 unsigned int,
43892 - struct drbd_connection_state_change *,
43893 + void *,
43894 enum drbd_notification_type type);
43895 extern void notify_device_state_change(struct sk_buff *,
43896 unsigned int,
43897 - struct drbd_device_state_change *,
43898 + void *,
43899 enum drbd_notification_type type);
43900 extern void notify_peer_device_state_change(struct sk_buff *,
43901 unsigned int,
43902 - struct drbd_peer_device_state_change *,
43903 + void *,
43904 enum drbd_notification_type type);
43905
43906 #endif /* DRBD_STATE_CHANGE_H */
43907 diff --git a/drivers/block/drbd/drbd_worker.c b/drivers/block/drbd/drbd_worker.c
43908 index c6755c9..2586293 100644
43909 --- a/drivers/block/drbd/drbd_worker.c
43910 +++ b/drivers/block/drbd/drbd_worker.c
43911 @@ -87,7 +87,8 @@ void drbd_md_endio(struct bio *bio)
43912 /* reads on behalf of the partner,
43913 * "submitted" by the receiver
43914 */
43915 -static void drbd_endio_read_sec_final(struct drbd_peer_request *peer_req) __releases(local)
43916 +static void drbd_endio_read_sec_final(struct drbd_peer_request *peer_req) __releases(local);
43917 +static void drbd_endio_read_sec_final(struct drbd_peer_request *peer_req)
43918 {
43919 unsigned long flags = 0;
43920 struct drbd_peer_device *peer_device = peer_req->peer_device;
43921 @@ -108,7 +109,8 @@ static void drbd_endio_read_sec_final(struct drbd_peer_request *peer_req) __rele
43922
43923 /* writes on behalf of the partner, or resync writes,
43924 * "submitted" by the receiver, final stage. */
43925 -void drbd_endio_write_sec_final(struct drbd_peer_request *peer_req) __releases(local)
43926 +void drbd_endio_write_sec_final(struct drbd_peer_request *peer_req) __releases(local);
43927 +void drbd_endio_write_sec_final(struct drbd_peer_request *peer_req)
43928 {
43929 unsigned long flags = 0;
43930 struct drbd_peer_device *peer_device = peer_req->peer_device;
43931 @@ -408,7 +410,7 @@ static int read_for_csum(struct drbd_peer_device *peer_device, sector_t sector,
43932 list_add_tail(&peer_req->w.list, &device->read_ee);
43933 spin_unlock_irq(&device->resource->req_lock);
43934
43935 - atomic_add(size >> 9, &device->rs_sect_ev);
43936 + atomic_add_unchecked(size >> 9, &device->rs_sect_ev);
43937 if (drbd_submit_peer_request(device, peer_req, REQ_OP_READ, 0,
43938 DRBD_FAULT_RS_RD) == 0)
43939 return 0;
43940 @@ -554,7 +556,7 @@ static int drbd_rs_number_requests(struct drbd_device *device)
43941 unsigned int sect_in; /* Number of sectors that came in since the last turn */
43942 int number, mxb;
43943
43944 - sect_in = atomic_xchg(&device->rs_sect_in, 0);
43945 + sect_in = atomic_xchg_unchecked(&device->rs_sect_in, 0);
43946 device->rs_in_flight -= sect_in;
43947
43948 rcu_read_lock();
43949 @@ -1662,8 +1664,8 @@ void drbd_rs_controller_reset(struct drbd_device *device)
43950 struct gendisk *disk = device->ldev->backing_bdev->bd_contains->bd_disk;
43951 struct fifo_buffer *plan;
43952
43953 - atomic_set(&device->rs_sect_in, 0);
43954 - atomic_set(&device->rs_sect_ev, 0);
43955 + atomic_set_unchecked(&device->rs_sect_in, 0);
43956 + atomic_set_unchecked(&device->rs_sect_ev, 0);
43957 device->rs_in_flight = 0;
43958 device->rs_last_events =
43959 (int)part_stat_read(&disk->part0, sectors[0]) +
43960 diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
43961 index e3d8e4c..4198ed8 100644
43962 --- a/drivers/block/floppy.c
43963 +++ b/drivers/block/floppy.c
43964 @@ -961,6 +961,10 @@ static void empty(void)
43965 {
43966 }
43967
43968 +static void empty2(int i)
43969 +{
43970 +}
43971 +
43972 static void (*floppy_work_fn)(void);
43973
43974 static void floppy_work_workfn(struct work_struct *work)
43975 @@ -1953,14 +1957,14 @@ static const struct cont_t wakeup_cont = {
43976 .interrupt = empty,
43977 .redo = do_wakeup,
43978 .error = empty,
43979 - .done = (done_f)empty
43980 + .done = empty2
43981 };
43982
43983 static const struct cont_t intr_cont = {
43984 .interrupt = empty,
43985 .redo = process_fd_request,
43986 .error = empty,
43987 - .done = (done_f)empty
43988 + .done = empty2
43989 };
43990
43991 static int wait_til_done(void (*handler)(void), bool interruptible)
43992 diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c
43993 index 90fa4ac..8328db6 100644
43994 --- a/drivers/block/pktcdvd.c
43995 +++ b/drivers/block/pktcdvd.c
43996 @@ -109,7 +109,7 @@ static int pkt_seq_show(struct seq_file *m, void *p);
43997
43998 static sector_t get_zone(sector_t sector, struct pktcdvd_device *pd)
43999 {
44000 - return (sector + pd->offset) & ~(sector_t)(pd->settings.size - 1);
44001 + return (sector + pd->offset) & ~(sector_t)(pd->settings.size - 1UL);
44002 }
44003
44004 /*
44005 @@ -1890,7 +1890,7 @@ static noinline_for_stack int pkt_probe_settings(struct pktcdvd_device *pd)
44006 return -EROFS;
44007 }
44008 pd->settings.fp = ti.fp;
44009 - pd->offset = (be32_to_cpu(ti.track_start) << 2) & (pd->settings.size - 1);
44010 + pd->offset = (be32_to_cpu(ti.track_start) << 2) & (pd->settings.size - 1UL);
44011
44012 if (ti.nwa_v) {
44013 pd->nwa = be32_to_cpu(ti.next_writable);
44014 diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
44015 index 6c6519f..f5fff92 100644
44016 --- a/drivers/block/rbd.c
44017 +++ b/drivers/block/rbd.c
44018 @@ -64,7 +64,7 @@
44019 * If the counter is already at its maximum value returns
44020 * -EINVAL without updating it.
44021 */
44022 -static int atomic_inc_return_safe(atomic_t *v)
44023 +static int __intentional_overflow(-1) atomic_inc_return_safe(atomic_t *v)
44024 {
44025 unsigned int counter;
44026
44027 diff --git a/drivers/block/smart1,2.h b/drivers/block/smart1,2.h
44028 index e5565fb..71be10b4 100644
44029 --- a/drivers/block/smart1,2.h
44030 +++ b/drivers/block/smart1,2.h
44031 @@ -108,11 +108,11 @@ static unsigned long smart4_intr_pending(ctlr_info_t *h)
44032 }
44033
44034 static struct access_method smart4_access = {
44035 - smart4_submit_command,
44036 - smart4_intr_mask,
44037 - smart4_fifo_full,
44038 - smart4_intr_pending,
44039 - smart4_completed,
44040 + .submit_command = smart4_submit_command,
44041 + .set_intr_mask = smart4_intr_mask,
44042 + .fifo_full = smart4_fifo_full,
44043 + .intr_pending = smart4_intr_pending,
44044 + .command_completed = smart4_completed,
44045 };
44046
44047 /*
44048 @@ -144,11 +144,11 @@ static unsigned long smart2_intr_pending(ctlr_info_t *h)
44049 }
44050
44051 static struct access_method smart2_access = {
44052 - smart2_submit_command,
44053 - smart2_intr_mask,
44054 - smart2_fifo_full,
44055 - smart2_intr_pending,
44056 - smart2_completed,
44057 + .submit_command = smart2_submit_command,
44058 + .set_intr_mask = smart2_intr_mask,
44059 + .fifo_full = smart2_fifo_full,
44060 + .intr_pending = smart2_intr_pending,
44061 + .command_completed = smart2_completed,
44062 };
44063
44064 /*
44065 @@ -180,11 +180,11 @@ static unsigned long smart2e_intr_pending(ctlr_info_t *h)
44066 }
44067
44068 static struct access_method smart2e_access = {
44069 - smart2e_submit_command,
44070 - smart2e_intr_mask,
44071 - smart2e_fifo_full,
44072 - smart2e_intr_pending,
44073 - smart2e_completed,
44074 + .submit_command = smart2e_submit_command,
44075 + .set_intr_mask = smart2e_intr_mask,
44076 + .fifo_full = smart2e_fifo_full,
44077 + .intr_pending = smart2e_intr_pending,
44078 + .command_completed = smart2e_completed,
44079 };
44080
44081 /*
44082 @@ -270,9 +270,9 @@ static unsigned long smart1_intr_pending(ctlr_info_t *h)
44083 }
44084
44085 static struct access_method smart1_access = {
44086 - smart1_submit_command,
44087 - smart1_intr_mask,
44088 - smart1_fifo_full,
44089 - smart1_intr_pending,
44090 - smart1_completed,
44091 + .submit_command = smart1_submit_command,
44092 + .set_intr_mask = smart1_intr_mask,
44093 + .fifo_full = smart1_fifo_full,
44094 + .intr_pending = smart1_intr_pending,
44095 + .command_completed = smart1_completed,
44096 };
44097 diff --git a/drivers/bluetooth/btwilink.c b/drivers/bluetooth/btwilink.c
44098 index 485281b..ab20198 100644
44099 --- a/drivers/bluetooth/btwilink.c
44100 +++ b/drivers/bluetooth/btwilink.c
44101 @@ -275,7 +275,7 @@ static int ti_st_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
44102
44103 static int bt_ti_probe(struct platform_device *pdev)
44104 {
44105 - static struct ti_st *hst;
44106 + struct ti_st *hst;
44107 struct hci_dev *hdev;
44108 int err;
44109
44110 diff --git a/drivers/bus/arm-cci.c b/drivers/bus/arm-cci.c
44111 index ffa7c9d..a68b53e 100644
44112 --- a/drivers/bus/arm-cci.c
44113 +++ b/drivers/bus/arm-cci.c
44114 @@ -1475,8 +1475,10 @@ static int cci_pmu_init(struct cci_pmu *cci_pmu, struct platform_device *pdev)
44115 char *name = model->name;
44116 u32 num_cntrs;
44117
44118 - pmu_event_attr_group.attrs = model->event_attrs;
44119 - pmu_format_attr_group.attrs = model->format_attrs;
44120 + pax_open_kernel();
44121 + const_cast(pmu_event_attr_group.attrs) = model->event_attrs;
44122 + const_cast(pmu_format_attr_group.attrs) = model->format_attrs;
44123 + pax_close_kernel();
44124
44125 cci_pmu->pmu = (struct pmu) {
44126 .name = cci_pmu->model->name,
44127 diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
44128 index 5d475b3..e9076c0 100644
44129 --- a/drivers/cdrom/cdrom.c
44130 +++ b/drivers/cdrom/cdrom.c
44131 @@ -610,7 +610,6 @@ int register_cdrom(struct cdrom_device_info *cdi)
44132 ENSURE(reset, CDC_RESET);
44133 ENSURE(generic_packet, CDC_GENERIC_PACKET);
44134 cdi->mc_flags = 0;
44135 - cdo->n_minors = 0;
44136 cdi->options = CDO_USE_FFLAGS;
44137
44138 if (autoclose == 1 && CDROM_CAN(CDC_CLOSE_TRAY))
44139 @@ -630,8 +629,11 @@ int register_cdrom(struct cdrom_device_info *cdi)
44140 else
44141 cdi->cdda_method = CDDA_OLD;
44142
44143 - if (!cdo->generic_packet)
44144 - cdo->generic_packet = cdrom_dummy_generic_packet;
44145 + if (!cdo->generic_packet) {
44146 + pax_open_kernel();
44147 + const_cast(cdo->generic_packet) = cdrom_dummy_generic_packet;
44148 + pax_close_kernel();
44149 + }
44150
44151 cd_dbg(CD_REG_UNREG, "drive \"/dev/%s\" registered\n", cdi->name);
44152 mutex_lock(&cdrom_mutex);
44153 @@ -652,7 +654,6 @@ void unregister_cdrom(struct cdrom_device_info *cdi)
44154 if (cdi->exit)
44155 cdi->exit(cdi);
44156
44157 - cdi->ops->n_minors--;
44158 cd_dbg(CD_REG_UNREG, "drive \"/dev/%s\" unregistered\n", cdi->name);
44159 }
44160
44161 @@ -2137,7 +2138,7 @@ static int cdrom_read_cdda_old(struct cdrom_device_info *cdi, __u8 __user *ubuf,
44162 */
44163 nr = nframes;
44164 do {
44165 - cgc.buffer = kmalloc(CD_FRAMESIZE_RAW * nr, GFP_KERNEL);
44166 + cgc.buffer = kcalloc(nr, CD_FRAMESIZE_RAW, GFP_KERNEL);
44167 if (cgc.buffer)
44168 break;
44169
44170 @@ -3441,7 +3442,7 @@ static int cdrom_print_info(const char *header, int val, char *info,
44171 struct cdrom_device_info *cdi;
44172 int ret;
44173
44174 - ret = scnprintf(info + *pos, max_size - *pos, header);
44175 + ret = scnprintf(info + *pos, max_size - *pos, "%s", header);
44176 if (!ret)
44177 return 1;
44178
44179 diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c
44180 index 584bc31..e64a12c 100644
44181 --- a/drivers/cdrom/gdrom.c
44182 +++ b/drivers/cdrom/gdrom.c
44183 @@ -491,7 +491,6 @@ static struct cdrom_device_ops gdrom_ops = {
44184 .audio_ioctl = gdrom_audio_ioctl,
44185 .capability = CDC_MULTI_SESSION | CDC_MEDIA_CHANGED |
44186 CDC_RESET | CDC_DRIVE_STATUS | CDC_CD_R,
44187 - .n_minors = 1,
44188 };
44189
44190 static int gdrom_bdops_open(struct block_device *bdev, fmode_t mode)
44191 diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
44192 index dcc0973..8d34c88 100644
44193 --- a/drivers/char/Kconfig
44194 +++ b/drivers/char/Kconfig
44195 @@ -17,7 +17,8 @@ config DEVMEM
44196
44197 config DEVKMEM
44198 bool "/dev/kmem virtual device support"
44199 - default y
44200 + default n
44201 + depends on !GRKERNSEC_KMEM
44202 help
44203 Say Y here if you want to support the /dev/kmem device. The
44204 /dev/kmem device is rarely used, but can be used for certain
44205 @@ -573,6 +574,7 @@ config TELCLOCK
44206 config DEVPORT
44207 bool
44208 depends on ISA || PCI
44209 + depends on !GRKERNSEC_KMEM
44210 default y
44211
44212 source "drivers/s390/char/Kconfig"
44213 diff --git a/drivers/char/agp/compat_ioctl.c b/drivers/char/agp/compat_ioctl.c
44214 index a48e05b..6bac831 100644
44215 --- a/drivers/char/agp/compat_ioctl.c
44216 +++ b/drivers/char/agp/compat_ioctl.c
44217 @@ -108,7 +108,7 @@ static int compat_agpioc_reserve_wrap(struct agp_file_private *priv, void __user
44218 return -ENOMEM;
44219 }
44220
44221 - if (copy_from_user(usegment, (void __user *) ureserve.seg_list,
44222 + if (copy_from_user(usegment, (void __force_user *) ureserve.seg_list,
44223 sizeof(*usegment) * ureserve.seg_count)) {
44224 kfree(usegment);
44225 kfree(ksegment);
44226 diff --git a/drivers/char/agp/frontend.c b/drivers/char/agp/frontend.c
44227 index 0f64d14..4cf4d6b 100644
44228 --- a/drivers/char/agp/frontend.c
44229 +++ b/drivers/char/agp/frontend.c
44230 @@ -806,7 +806,7 @@ static int agpioc_reserve_wrap(struct agp_file_private *priv, void __user *arg)
44231 if (copy_from_user(&reserve, arg, sizeof(struct agp_region)))
44232 return -EFAULT;
44233
44234 - if ((unsigned) reserve.seg_count >= ~0U/sizeof(struct agp_segment))
44235 + if ((unsigned) reserve.seg_count >= ~0U/sizeof(struct agp_segment_priv))
44236 return -EFAULT;
44237
44238 client = agp_find_client_by_pid(reserve.pid);
44239 @@ -836,7 +836,7 @@ static int agpioc_reserve_wrap(struct agp_file_private *priv, void __user *arg)
44240 if (segment == NULL)
44241 return -ENOMEM;
44242
44243 - if (copy_from_user(segment, (void __user *) reserve.seg_list,
44244 + if (copy_from_user(segment, (void __force_user *) reserve.seg_list,
44245 sizeof(struct agp_segment) * reserve.seg_count)) {
44246 kfree(segment);
44247 return -EFAULT;
44248 diff --git a/drivers/char/agp/intel-gtt.c b/drivers/char/agp/intel-gtt.c
44249 index 4431129..3983729 100644
44250 --- a/drivers/char/agp/intel-gtt.c
44251 +++ b/drivers/char/agp/intel-gtt.c
44252 @@ -1418,8 +1418,8 @@ int intel_gmch_probe(struct pci_dev *bridge_pdev, struct pci_dev *gpu_pdev,
44253 }
44254 EXPORT_SYMBOL(intel_gmch_probe);
44255
44256 -void intel_gtt_get(u64 *gtt_total, size_t *stolen_size,
44257 - phys_addr_t *mappable_base, u64 *mappable_end)
44258 +void intel_gtt_get(u64 *gtt_total, u64 *stolen_size,
44259 + u64 *mappable_base, u64 *mappable_end)
44260 {
44261 *gtt_total = intel_private.gtt_total_entries << PAGE_SHIFT;
44262 *stolen_size = intel_private.stolen_size;
44263 diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c
44264 index be54e53..50272fe 100644
44265 --- a/drivers/char/hpet.c
44266 +++ b/drivers/char/hpet.c
44267 @@ -574,7 +574,7 @@ static inline unsigned long hpet_time_div(struct hpets *hpets,
44268 }
44269
44270 static int
44271 -hpet_ioctl_common(struct hpet_dev *devp, int cmd, unsigned long arg,
44272 +hpet_ioctl_common(struct hpet_dev *devp, unsigned int cmd, unsigned long arg,
44273 struct hpet_info *info)
44274 {
44275 struct hpet_timer __iomem *timer;
44276 diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
44277 index d8619998..445da20 100644
44278 --- a/drivers/char/ipmi/ipmi_msghandler.c
44279 +++ b/drivers/char/ipmi/ipmi_msghandler.c
44280 @@ -436,7 +436,7 @@ struct ipmi_smi {
44281 struct proc_dir_entry *proc_dir;
44282 char proc_dir_name[10];
44283
44284 - atomic_t stats[IPMI_NUM_STATS];
44285 + atomic_unchecked_t stats[IPMI_NUM_STATS];
44286
44287 /*
44288 * run_to_completion duplicate of smb_info, smi_info
44289 @@ -468,9 +468,9 @@ static LIST_HEAD(smi_watchers);
44290 static DEFINE_MUTEX(smi_watchers_mutex);
44291
44292 #define ipmi_inc_stat(intf, stat) \
44293 - atomic_inc(&(intf)->stats[IPMI_STAT_ ## stat])
44294 + atomic_inc_unchecked(&(intf)->stats[IPMI_STAT_ ## stat])
44295 #define ipmi_get_stat(intf, stat) \
44296 - ((unsigned int) atomic_read(&(intf)->stats[IPMI_STAT_ ## stat]))
44297 + ((unsigned int) atomic_read_unchecked(&(intf)->stats[IPMI_STAT_ ## stat]))
44298
44299 static const char * const addr_src_to_str[] = {
44300 "invalid", "hotmod", "hardcoded", "SPMI", "ACPI", "SMBIOS", "PCI",
44301 @@ -2835,7 +2835,7 @@ int ipmi_register_smi(const struct ipmi_smi_handlers *handlers,
44302 INIT_LIST_HEAD(&intf->cmd_rcvrs);
44303 init_waitqueue_head(&intf->waitq);
44304 for (i = 0; i < IPMI_NUM_STATS; i++)
44305 - atomic_set(&intf->stats[i], 0);
44306 + atomic_set_unchecked(&intf->stats[i], 0);
44307
44308 intf->proc_dir = NULL;
44309
44310 diff --git a/drivers/char/ipmi/ipmi_poweroff.c b/drivers/char/ipmi/ipmi_poweroff.c
44311 index 9f2e3be..676c910 100644
44312 --- a/drivers/char/ipmi/ipmi_poweroff.c
44313 +++ b/drivers/char/ipmi/ipmi_poweroff.c
44314 @@ -66,7 +66,7 @@ static void (*specific_poweroff_func)(ipmi_user_t user);
44315 /* Holds the old poweroff function so we can restore it on removal. */
44316 static void (*old_poweroff_func)(void);
44317
44318 -static int set_param_ifnum(const char *val, struct kernel_param *kp)
44319 +static int set_param_ifnum(const char *val, const struct kernel_param *kp)
44320 {
44321 int rv = param_set_int(val, kp);
44322 if (rv)
44323 diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
44324 index a112c01..5bd9d25 100644
44325 --- a/drivers/char/ipmi/ipmi_si_intf.c
44326 +++ b/drivers/char/ipmi/ipmi_si_intf.c
44327 @@ -302,7 +302,7 @@ struct smi_info {
44328 unsigned char slave_addr;
44329
44330 /* Counters and things for the proc filesystem. */
44331 - atomic_t stats[SI_NUM_STATS];
44332 + atomic_unchecked_t stats[SI_NUM_STATS];
44333
44334 struct task_struct *thread;
44335
44336 @@ -311,9 +311,9 @@ struct smi_info {
44337 };
44338
44339 #define smi_inc_stat(smi, stat) \
44340 - atomic_inc(&(smi)->stats[SI_STAT_ ## stat])
44341 + atomic_inc_unchecked(&(smi)->stats[SI_STAT_ ## stat])
44342 #define smi_get_stat(smi, stat) \
44343 - ((unsigned int) atomic_read(&(smi)->stats[SI_STAT_ ## stat]))
44344 + ((unsigned int) atomic_read_unchecked(&(smi)->stats[SI_STAT_ ## stat]))
44345
44346 #define SI_MAX_PARMS 4
44347
44348 @@ -1344,7 +1344,7 @@ static unsigned int num_slave_addrs;
44349 #define IPMI_MEM_ADDR_SPACE 1
44350 static const char * const addr_space_to_str[] = { "i/o", "mem" };
44351
44352 -static int hotmod_handler(const char *val, struct kernel_param *kp);
44353 +static int hotmod_handler(const char *val, const struct kernel_param *kp);
44354
44355 module_param_call(hotmod, hotmod_handler, NULL, NULL, 0200);
44356 MODULE_PARM_DESC(hotmod, "Add and remove interfaces. See"
44357 @@ -1814,7 +1814,7 @@ static struct smi_info *smi_info_alloc(void)
44358 return info;
44359 }
44360
44361 -static int hotmod_handler(const char *val, struct kernel_param *kp)
44362 +static int hotmod_handler(const char *val, const struct kernel_param *kp)
44363 {
44364 char *str = kstrdup(val, GFP_KERNEL);
44365 int rv;
44366 @@ -3578,7 +3578,7 @@ static int try_smi_init(struct smi_info *new_smi)
44367 atomic_set(&new_smi->req_events, 0);
44368 new_smi->run_to_completion = false;
44369 for (i = 0; i < SI_NUM_STATS; i++)
44370 - atomic_set(&new_smi->stats[i], 0);
44371 + atomic_set_unchecked(&new_smi->stats[i], 0);
44372
44373 new_smi->interrupt_disabled = true;
44374 atomic_set(&new_smi->need_watch, 0);
44375 diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c
44376 index 5673fff..3ab2908 100644
44377 --- a/drivers/char/ipmi/ipmi_ssif.c
44378 +++ b/drivers/char/ipmi/ipmi_ssif.c
44379 @@ -284,17 +284,17 @@ struct ssif_info {
44380 unsigned int multi_len;
44381 unsigned int multi_pos;
44382
44383 - atomic_t stats[SSIF_NUM_STATS];
44384 + atomic_unchecked_t stats[SSIF_NUM_STATS];
44385 };
44386
44387 #define ssif_inc_stat(ssif, stat) \
44388 - atomic_inc(&(ssif)->stats[SSIF_STAT_ ## stat])
44389 + atomic_inc_unchecked(&(ssif)->stats[SSIF_STAT_ ## stat])
44390 #define ssif_get_stat(ssif, stat) \
44391 - ((unsigned int) atomic_read(&(ssif)->stats[SSIF_STAT_ ## stat]))
44392 + ((unsigned int) atomic_read_unchecked(&(ssif)->stats[SSIF_STAT_ ## stat]))
44393
44394 static bool initialized;
44395
44396 -static atomic_t next_intf = ATOMIC_INIT(0);
44397 +static atomic_unchecked_t next_intf = ATOMIC_INIT(0);
44398
44399 static void return_hosed_msg(struct ssif_info *ssif_info,
44400 struct ipmi_smi_msg *msg);
44401 @@ -1608,7 +1608,7 @@ static int ssif_probe(struct i2c_client *client, const struct i2c_device_id *id)
44402 }
44403
44404 found:
44405 - ssif_info->intf_num = atomic_inc_return(&next_intf);
44406 + ssif_info->intf_num = atomic_inc_return_unchecked(&next_intf);
44407
44408 if (ssif_dbg_probe) {
44409 pr_info("ssif_probe: i2c_probe found device at i2c address %x\n",
44410 @@ -1622,7 +1622,7 @@ static int ssif_probe(struct i2c_client *client, const struct i2c_device_id *id)
44411 ssif_info->retry_timer.function = retry_timeout;
44412
44413 for (i = 0; i < SSIF_NUM_STATS; i++)
44414 - atomic_set(&ssif_info->stats[i], 0);
44415 + atomic_set_unchecked(&ssif_info->stats[i], 0);
44416
44417 if (ssif_info->supports_pec)
44418 ssif_info->client->flags |= I2C_CLIENT_PEC;
44419 diff --git a/drivers/char/mem.c b/drivers/char/mem.c
44420 index a33163d..43c1578 100644
44421 --- a/drivers/char/mem.c
44422 +++ b/drivers/char/mem.c
44423 @@ -18,6 +18,7 @@
44424 #include <linux/raw.h>
44425 #include <linux/tty.h>
44426 #include <linux/capability.h>
44427 +#include <linux/security.h>
44428 #include <linux/ptrace.h>
44429 #include <linux/device.h>
44430 #include <linux/highmem.h>
44431 @@ -37,6 +38,10 @@
44432
44433 #define DEVPORT_MINOR 4
44434
44435 +#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC)
44436 +extern const struct file_operations grsec_fops;
44437 +#endif
44438 +
44439 static inline unsigned long size_inside_page(unsigned long start,
44440 unsigned long size)
44441 {
44442 @@ -67,13 +72,22 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size)
44443 u64 cursor = from;
44444
44445 while (cursor < to) {
44446 - if (!devmem_is_allowed(pfn))
44447 + if (!devmem_is_allowed(pfn)) {
44448 +#ifdef CONFIG_GRKERNSEC_KMEM
44449 + gr_handle_mem_readwrite(from, to);
44450 +#endif
44451 return 0;
44452 + }
44453 cursor += PAGE_SIZE;
44454 pfn++;
44455 }
44456 return 1;
44457 }
44458 +#elif defined(CONFIG_GRKERNSEC_KMEM)
44459 +static inline int range_is_allowed(unsigned long pfn, unsigned long size)
44460 +{
44461 + return 0;
44462 +}
44463 #else
44464 static inline int range_is_allowed(unsigned long pfn, unsigned long size)
44465 {
44466 @@ -98,6 +112,7 @@ static ssize_t read_mem(struct file *file, char __user *buf,
44467 phys_addr_t p = *ppos;
44468 ssize_t read, sz;
44469 void *ptr;
44470 + char *temp;
44471
44472 if (p != *ppos)
44473 return 0;
44474 @@ -120,13 +135,19 @@ static ssize_t read_mem(struct file *file, char __user *buf,
44475 }
44476 #endif
44477
44478 + temp = kmalloc(PAGE_SIZE, GFP_KERNEL|GFP_USERCOPY);
44479 + if (!temp)
44480 + return -ENOMEM;
44481 +
44482 while (count > 0) {
44483 unsigned long remaining;
44484
44485 sz = size_inside_page(p, count);
44486
44487 - if (!range_is_allowed(p >> PAGE_SHIFT, count))
44488 + if (!range_is_allowed(p >> PAGE_SHIFT, count)) {
44489 + kfree(temp);
44490 return -EPERM;
44491 + }
44492
44493 /*
44494 * On ia64 if a page has been mapped somewhere as uncached, then
44495 @@ -134,13 +155,17 @@ static ssize_t read_mem(struct file *file, char __user *buf,
44496 * corruption may occur.
44497 */
44498 ptr = xlate_dev_mem_ptr(p);
44499 - if (!ptr)
44500 + if (!ptr || probe_kernel_read(temp, ptr, sz)) {
44501 + kfree(temp);
44502 return -EFAULT;
44503 + }
44504
44505 - remaining = copy_to_user(buf, ptr, sz);
44506 + remaining = copy_to_user(buf, temp, sz);
44507 unxlate_dev_mem_ptr(p, ptr);
44508 - if (remaining)
44509 + if (remaining) {
44510 + kfree(temp);
44511 return -EFAULT;
44512 + }
44513
44514 buf += sz;
44515 p += sz;
44516 @@ -148,6 +173,8 @@ static ssize_t read_mem(struct file *file, char __user *buf,
44517 read += sz;
44518 }
44519
44520 + kfree(temp);
44521 +
44522 *ppos += read;
44523 return read;
44524 }
44525 @@ -383,6 +410,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
44526
44527 read = 0;
44528 if (p < (unsigned long) high_memory) {
44529 + char *temp;
44530 +
44531 low_count = count;
44532 if (count > (unsigned long)high_memory - p)
44533 low_count = (unsigned long)high_memory - p;
44534 @@ -400,6 +429,11 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
44535 count -= sz;
44536 }
44537 #endif
44538 +
44539 + temp = kmalloc(PAGE_SIZE, GFP_KERNEL|GFP_USERCOPY);
44540 + if (!temp)
44541 + return -ENOMEM;
44542 +
44543 while (low_count > 0) {
44544 sz = size_inside_page(p, low_count);
44545
44546 @@ -410,14 +444,18 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
44547 */
44548 kbuf = xlate_dev_kmem_ptr((void *)p);
44549
44550 - if (copy_to_user(buf, kbuf, sz))
44551 + if (probe_kernel_read(temp, kbuf, sz) || copy_to_user(buf, temp, sz)) {
44552 + kfree(temp);
44553 return -EFAULT;
44554 + }
44555 buf += sz;
44556 p += sz;
44557 read += sz;
44558 low_count -= sz;
44559 count -= sz;
44560 }
44561 +
44562 + kfree(temp);
44563 }
44564
44565 if (count > 0) {
44566 @@ -822,6 +860,9 @@ static const struct memdev {
44567 #ifdef CONFIG_PRINTK
44568 [11] = { "kmsg", 0644, &kmsg_fops, 0 },
44569 #endif
44570 +#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC)
44571 + [13] = { "grsec",S_IRUSR | S_IWUGO, &grsec_fops, 0 },
44572 +#endif
44573 };
44574
44575 static int memory_open(struct inode *inode, struct file *filp)
44576 @@ -883,7 +924,7 @@ static int __init chr_dev_init(void)
44577 continue;
44578
44579 device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor),
44580 - NULL, devlist[minor].name);
44581 + NULL, "%s", devlist[minor].name);
44582 }
44583
44584 return tty_init();
44585 diff --git a/drivers/char/nvram.c b/drivers/char/nvram.c
44586 index 678fa97..5598cef 100644
44587 --- a/drivers/char/nvram.c
44588 +++ b/drivers/char/nvram.c
44589 @@ -235,7 +235,7 @@ static ssize_t nvram_read(struct file *file, char __user *buf,
44590
44591 spin_unlock_irq(&rtc_lock);
44592
44593 - if (copy_to_user(buf, contents, tmp - contents))
44594 + if (tmp - contents > sizeof(contents) || copy_to_user(buf, contents, tmp - contents))
44595 return -EFAULT;
44596
44597 *ppos = i;
44598 diff --git a/drivers/char/pcmcia/synclink_cs.c b/drivers/char/pcmcia/synclink_cs.c
44599 index d28922d..3c343d6 100644
44600 --- a/drivers/char/pcmcia/synclink_cs.c
44601 +++ b/drivers/char/pcmcia/synclink_cs.c
44602 @@ -2333,7 +2333,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp)
44603
44604 if (debug_level >= DEBUG_LEVEL_INFO)
44605 printk("%s(%d):mgslpc_close(%s) entry, count=%d\n",
44606 - __FILE__, __LINE__, info->device_name, port->count);
44607 + __FILE__, __LINE__, info->device_name, atomic_read(&port->count));
44608
44609 if (tty_port_close_start(port, tty, filp) == 0)
44610 goto cleanup;
44611 @@ -2351,7 +2351,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp)
44612 cleanup:
44613 if (debug_level >= DEBUG_LEVEL_INFO)
44614 printk("%s(%d):mgslpc_close(%s) exit, count=%d\n", __FILE__, __LINE__,
44615 - tty->driver->name, port->count);
44616 + tty->driver->name, atomic_read(&port->count));
44617 }
44618
44619 /* Wait until the transmitter is empty.
44620 @@ -2493,7 +2493,7 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp)
44621
44622 if (debug_level >= DEBUG_LEVEL_INFO)
44623 printk("%s(%d):mgslpc_open(%s), old ref count = %d\n",
44624 - __FILE__, __LINE__, tty->driver->name, port->count);
44625 + __FILE__, __LINE__, tty->driver->name, atomic_read(&port->count));
44626
44627 port->low_latency = (port->flags & ASYNC_LOW_LATENCY) ? 1 : 0;
44628
44629 @@ -2504,11 +2504,11 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp)
44630 goto cleanup;
44631 }
44632 spin_lock(&port->lock);
44633 - port->count++;
44634 + atomic_inc(&port->count);
44635 spin_unlock(&port->lock);
44636 spin_unlock_irqrestore(&info->netlock, flags);
44637
44638 - if (port->count == 1) {
44639 + if (atomic_read(&port->count) == 1) {
44640 /* 1st open on this device, init hardware */
44641 retval = startup(info, tty);
44642 if (retval < 0)
44643 @@ -3897,7 +3897,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
44644 unsigned short new_crctype;
44645
44646 /* return error if TTY interface open */
44647 - if (info->port.count)
44648 + if (atomic_read(&info->port.count))
44649 return -EBUSY;
44650
44651 switch (encoding)
44652 @@ -4001,7 +4001,7 @@ static int hdlcdev_open(struct net_device *dev)
44653
44654 /* arbitrate between network and tty opens */
44655 spin_lock_irqsave(&info->netlock, flags);
44656 - if (info->port.count != 0 || info->netcount != 0) {
44657 + if (atomic_read(&info->port.count) != 0 || info->netcount != 0) {
44658 printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name);
44659 spin_unlock_irqrestore(&info->netlock, flags);
44660 return -EBUSY;
44661 @@ -4091,7 +4091,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
44662 printk("%s:hdlcdev_ioctl(%s)\n", __FILE__, dev->name);
44663
44664 /* return error if TTY interface open */
44665 - if (info->port.count)
44666 + if (atomic_read(&info->port.count))
44667 return -EBUSY;
44668
44669 if (cmd != SIOCWANDEV)
44670 diff --git a/drivers/char/random.c b/drivers/char/random.c
44671 index 3efb3bf0..2541398 100644
44672 --- a/drivers/char/random.c
44673 +++ b/drivers/char/random.c
44674 @@ -292,9 +292,6 @@
44675 /*
44676 * To allow fractional bits to be tracked, the entropy_count field is
44677 * denominated in units of 1/8th bits.
44678 - *
44679 - * 2*(ENTROPY_SHIFT + log2(poolbits)) must <= 31, or the multiply in
44680 - * credit_entropy_bits() needs to be 64 bits wide.
44681 */
44682 #define ENTROPY_SHIFT 3
44683 #define ENTROPY_BITS(r) ((r)->entropy_count >> ENTROPY_SHIFT)
44684 @@ -479,8 +476,8 @@ static ssize_t _extract_entropy(struct entropy_store *r, void *buf,
44685
44686 static void crng_reseed(struct crng_state *crng, struct entropy_store *r);
44687 static void push_to_pool(struct work_struct *work);
44688 -static __u32 input_pool_data[INPUT_POOL_WORDS];
44689 -static __u32 blocking_pool_data[OUTPUT_POOL_WORDS];
44690 +static __u32 input_pool_data[INPUT_POOL_WORDS] __latent_entropy;
44691 +static __u32 blocking_pool_data[OUTPUT_POOL_WORDS] __latent_entropy;
44692
44693 static struct entropy_store input_pool = {
44694 .poolinfo = &poolinfo_table[0],
44695 @@ -680,7 +677,7 @@ retry:
44696 /* The +2 corresponds to the /4 in the denominator */
44697
44698 do {
44699 - unsigned int anfrac = min(pnfrac, pool_size/2);
44700 + u64 anfrac = min(pnfrac, pool_size/2);
44701 unsigned int add =
44702 ((pool_size - entropy_count)*anfrac*3) >> s;
44703
44704 @@ -1476,7 +1473,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
44705
44706 extract_buf(r, tmp);
44707 i = min_t(int, nbytes, EXTRACT_SIZE);
44708 - if (copy_to_user(buf, tmp, i)) {
44709 + if (i > sizeof(tmp) || copy_to_user(buf, tmp, i)) {
44710 ret = -EFAULT;
44711 break;
44712 }
44713 @@ -1926,7 +1923,7 @@ static char sysctl_bootid[16];
44714 static int proc_do_uuid(struct ctl_table *table, int write,
44715 void __user *buffer, size_t *lenp, loff_t *ppos)
44716 {
44717 - struct ctl_table fake_table;
44718 + ctl_table_no_const fake_table;
44719 unsigned char buf[64], tmp_uuid[16], *uuid;
44720
44721 uuid = table->data;
44722 @@ -1956,7 +1953,7 @@ static int proc_do_uuid(struct ctl_table *table, int write,
44723 static int proc_do_entropy(struct ctl_table *table, int write,
44724 void __user *buffer, size_t *lenp, loff_t *ppos)
44725 {
44726 - struct ctl_table fake_table;
44727 + ctl_table_no_const fake_table;
44728 int entropy_count;
44729
44730 entropy_count = *(int *)table->data >> ENTROPY_SHIFT;
44731 diff --git a/drivers/char/sonypi.c b/drivers/char/sonypi.c
44732 index e496dae..3db53b6 100644
44733 --- a/drivers/char/sonypi.c
44734 +++ b/drivers/char/sonypi.c
44735 @@ -54,6 +54,7 @@
44736
44737 #include <asm/uaccess.h>
44738 #include <asm/io.h>
44739 +#include <asm/local.h>
44740
44741 #include <linux/sonypi.h>
44742
44743 @@ -490,7 +491,7 @@ static struct sonypi_device {
44744 spinlock_t fifo_lock;
44745 wait_queue_head_t fifo_proc_list;
44746 struct fasync_struct *fifo_async;
44747 - int open_count;
44748 + local_t open_count;
44749 int model;
44750 struct input_dev *input_jog_dev;
44751 struct input_dev *input_key_dev;
44752 @@ -892,7 +893,7 @@ static int sonypi_misc_fasync(int fd, struct file *filp, int on)
44753 static int sonypi_misc_release(struct inode *inode, struct file *file)
44754 {
44755 mutex_lock(&sonypi_device.lock);
44756 - sonypi_device.open_count--;
44757 + local_dec(&sonypi_device.open_count);
44758 mutex_unlock(&sonypi_device.lock);
44759 return 0;
44760 }
44761 @@ -901,9 +902,9 @@ static int sonypi_misc_open(struct inode *inode, struct file *file)
44762 {
44763 mutex_lock(&sonypi_device.lock);
44764 /* Flush input queue on first open */
44765 - if (!sonypi_device.open_count)
44766 + if (!local_read(&sonypi_device.open_count))
44767 kfifo_reset(&sonypi_device.fifo);
44768 - sonypi_device.open_count++;
44769 + local_inc(&sonypi_device.open_count);
44770 mutex_unlock(&sonypi_device.lock);
44771
44772 return 0;
44773 @@ -1491,7 +1492,7 @@ static struct platform_driver sonypi_driver = {
44774
44775 static struct platform_device *sonypi_platform_device;
44776
44777 -static struct dmi_system_id __initdata sonypi_dmi_table[] = {
44778 +static const struct dmi_system_id __initconst sonypi_dmi_table[] = {
44779 {
44780 .ident = "Sony Vaio",
44781 .matches = {
44782 diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
44783 index e595013..9653af2 100644
44784 --- a/drivers/char/tpm/tpm-chip.c
44785 +++ b/drivers/char/tpm/tpm-chip.c
44786 @@ -196,6 +196,11 @@ out:
44787 }
44788 EXPORT_SYMBOL_GPL(tpm_chip_alloc);
44789
44790 +static void tpm_put_device(void *dev)
44791 +{
44792 + put_device(dev);
44793 +}
44794 +
44795 /**
44796 * tpmm_chip_alloc() - allocate a new struct tpm_chip instance
44797 * @pdev: parent device to which the chip is associated
44798 @@ -213,9 +218,7 @@ struct tpm_chip *tpmm_chip_alloc(struct device *pdev,
44799 if (IS_ERR(chip))
44800 return chip;
44801
44802 - rc = devm_add_action_or_reset(pdev,
44803 - (void (*)(void *)) put_device,
44804 - &chip->dev);
44805 + rc = devm_add_action_or_reset(pdev, tpm_put_device, &chip->dev);
44806 if (rc)
44807 return ERR_PTR(rc);
44808
44809 diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
44810 index 565a947..dcdc06e 100644
44811 --- a/drivers/char/tpm/tpm_acpi.c
44812 +++ b/drivers/char/tpm/tpm_acpi.c
44813 @@ -98,11 +98,12 @@ int read_log(struct tpm_bios_log *log)
44814 virt = acpi_os_map_iomem(start, len);
44815 if (!virt) {
44816 kfree(log->bios_event_log);
44817 + log->bios_event_log = NULL;
44818 printk("%s: ERROR - Unable to map memory\n", __func__);
44819 return -EIO;
44820 }
44821
44822 - memcpy_fromio(log->bios_event_log, virt, len);
44823 + memcpy_fromio(log->bios_event_log, (const char __force_kernel *)virt, len);
44824
44825 acpi_os_unmap_iomem(virt, len);
44826 return 0;
44827 diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
44828 index e722886..78a48b9 100644
44829 --- a/drivers/char/tpm/tpm_eventlog.c
44830 +++ b/drivers/char/tpm/tpm_eventlog.c
44831 @@ -108,8 +108,7 @@ static void *tpm_bios_measurements_start(struct seq_file *m, loff_t *pos)
44832 converted_event_type = do_endian_conversion(event->event_type);
44833
44834 if (((converted_event_type == 0) && (converted_event_size == 0))
44835 - || ((addr + sizeof(struct tcpa_event) + converted_event_size)
44836 - >= limit))
44837 + || (converted_event_size >= limit - addr - sizeof(struct tcpa_event)))
44838 return NULL;
44839
44840 return addr;
44841 @@ -138,7 +137,7 @@ static void *tpm_bios_measurements_next(struct seq_file *m, void *v,
44842 converted_event_type = do_endian_conversion(event->event_type);
44843
44844 if (((converted_event_type == 0) && (converted_event_size == 0)) ||
44845 - ((v + sizeof(struct tcpa_event) + converted_event_size) >= limit))
44846 + (converted_event_size >= limit - v - sizeof(struct tcpa_event)))
44847 return NULL;
44848
44849 (*pos)++;
44850 diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
44851 index 5da47e26..fbfa419 100644
44852 --- a/drivers/char/virtio_console.c
44853 +++ b/drivers/char/virtio_console.c
44854 @@ -692,11 +692,11 @@ static ssize_t fill_readbuf(struct port *port, char __user *out_buf,
44855 if (to_user) {
44856 ssize_t ret;
44857
44858 - ret = copy_to_user(out_buf, buf->buf + buf->offset, out_count);
44859 + ret = copy_to_user((char __force_user *)out_buf, buf->buf + buf->offset, out_count);
44860 if (ret)
44861 return -EFAULT;
44862 } else {
44863 - memcpy((__force char *)out_buf, buf->buf + buf->offset,
44864 + memcpy((__force_kernel char *)out_buf, buf->buf + buf->offset,
44865 out_count);
44866 }
44867
44868 @@ -1171,7 +1171,7 @@ static int get_chars(u32 vtermno, char *buf, int count)
44869 /* If we don't have an input queue yet, we can't get input. */
44870 BUG_ON(!port->in_vq);
44871
44872 - return fill_readbuf(port, (__force char __user *)buf, count, false);
44873 + return fill_readbuf(port, (char __force_user *)buf, count, false);
44874 }
44875
44876 static void resize_console(struct port *port)
44877 diff --git a/drivers/clk/bcm/clk-bcm2835.c b/drivers/clk/bcm/clk-bcm2835.c
44878 index 0fc71cb..225b0c0 100644
44879 --- a/drivers/clk/bcm/clk-bcm2835.c
44880 +++ b/drivers/clk/bcm/clk-bcm2835.c
44881 @@ -1145,8 +1145,9 @@ static const struct clk_ops bcm2835_vpu_clock_clk_ops = {
44882 };
44883
44884 static struct clk *bcm2835_register_pll(struct bcm2835_cprman *cprman,
44885 - const struct bcm2835_pll_data *data)
44886 + const void *_data)
44887 {
44888 + const struct bcm2835_pll_data *data = _data;
44889 struct bcm2835_pll *pll;
44890 struct clk_init_data init;
44891
44892 @@ -1172,8 +1173,9 @@ static struct clk *bcm2835_register_pll(struct bcm2835_cprman *cprman,
44893
44894 static struct clk *
44895 bcm2835_register_pll_divider(struct bcm2835_cprman *cprman,
44896 - const struct bcm2835_pll_divider_data *data)
44897 + const void *_data)
44898 {
44899 + const struct bcm2835_pll_divider_data *data = _data;
44900 struct bcm2835_pll_divider *divider;
44901 struct clk_init_data init;
44902 struct clk *clk;
44903 @@ -1231,8 +1233,9 @@ bcm2835_register_pll_divider(struct bcm2835_cprman *cprman,
44904 }
44905
44906 static struct clk *bcm2835_register_clock(struct bcm2835_cprman *cprman,
44907 - const struct bcm2835_clock_data *data)
44908 + const void *_data)
44909 {
44910 + const struct bcm2835_clock_data *data = _data;
44911 struct bcm2835_clock *clock;
44912 struct clk_init_data init;
44913 const char *parents[1 << CM_SRC_BITS];
44914 @@ -1274,8 +1277,10 @@ static struct clk *bcm2835_register_clock(struct bcm2835_cprman *cprman,
44915 }
44916
44917 static struct clk *bcm2835_register_gate(struct bcm2835_cprman *cprman,
44918 - const struct bcm2835_gate_data *data)
44919 + const void *_data)
44920 {
44921 + const struct bcm2835_gate_data *data = _data;
44922 +
44923 return clk_register_gate(cprman->dev, data->name, data->parent,
44924 CLK_IGNORE_UNUSED | CLK_SET_RATE_GATE,
44925 cprman->regs + data->ctl_reg,
44926 @@ -1290,8 +1295,7 @@ struct bcm2835_clk_desc {
44927 };
44928
44929 /* assignment helper macros for different clock types */
44930 -#define _REGISTER(f, ...) { .clk_register = (bcm2835_clk_register)f, \
44931 - .data = __VA_ARGS__ }
44932 +#define _REGISTER(f, ...) { .clk_register = f, .data = __VA_ARGS__ }
44933 #define REGISTER_PLL(...) _REGISTER(&bcm2835_register_pll, \
44934 &(struct bcm2835_pll_data) \
44935 {__VA_ARGS__})
44936 diff --git a/drivers/clk/clk-composite.c b/drivers/clk/clk-composite.c
44937 index 00269de..3e17e60 100644
44938 --- a/drivers/clk/clk-composite.c
44939 +++ b/drivers/clk/clk-composite.c
44940 @@ -221,7 +221,7 @@ struct clk_hw *clk_hw_register_composite(struct device *dev, const char *name,
44941 struct clk_hw *hw;
44942 struct clk_init_data init;
44943 struct clk_composite *composite;
44944 - struct clk_ops *clk_composite_ops;
44945 + clk_ops_no_const *clk_composite_ops;
44946 int ret;
44947
44948 composite = kzalloc(sizeof(*composite), GFP_KERNEL);
44949 diff --git a/drivers/clk/socfpga/clk-gate-a10.c b/drivers/clk/socfpga/clk-gate-a10.c
44950 index c2d5727..1a305db 100644
44951 --- a/drivers/clk/socfpga/clk-gate-a10.c
44952 +++ b/drivers/clk/socfpga/clk-gate-a10.c
44953 @@ -19,6 +19,7 @@
44954 #include <linux/mfd/syscon.h>
44955 #include <linux/of.h>
44956 #include <linux/regmap.h>
44957 +#include <asm/pgtable.h>
44958
44959 #include "clk.h"
44960
44961 @@ -97,7 +98,7 @@ static int socfpga_clk_prepare(struct clk_hw *hwclk)
44962 return 0;
44963 }
44964
44965 -static struct clk_ops gateclk_ops = {
44966 +static clk_ops_no_const gateclk_ops __read_only = {
44967 .prepare = socfpga_clk_prepare,
44968 .recalc_rate = socfpga_gate_clk_recalc_rate,
44969 };
44970 @@ -128,8 +129,10 @@ static void __init __socfpga_gate_init(struct device_node *node,
44971 socfpga_clk->hw.reg = clk_mgr_a10_base_addr + clk_gate[0];
44972 socfpga_clk->hw.bit_idx = clk_gate[1];
44973
44974 - gateclk_ops.enable = clk_gate_ops.enable;
44975 - gateclk_ops.disable = clk_gate_ops.disable;
44976 + pax_open_kernel();
44977 + const_cast(gateclk_ops.enable) = clk_gate_ops.enable;
44978 + const_cast(gateclk_ops.disable) = clk_gate_ops.disable;
44979 + pax_close_kernel();
44980 }
44981
44982 rc = of_property_read_u32(node, "fixed-divider", &fixed_div);
44983 diff --git a/drivers/clk/socfpga/clk-gate.c b/drivers/clk/socfpga/clk-gate.c
44984 index aa7a6e6..1e9b426 100644
44985 --- a/drivers/clk/socfpga/clk-gate.c
44986 +++ b/drivers/clk/socfpga/clk-gate.c
44987 @@ -21,6 +21,7 @@
44988 #include <linux/mfd/syscon.h>
44989 #include <linux/of.h>
44990 #include <linux/regmap.h>
44991 +#include <asm/pgtable.h>
44992
44993 #include "clk.h"
44994
44995 @@ -169,7 +170,7 @@ static int socfpga_clk_prepare(struct clk_hw *hwclk)
44996 return 0;
44997 }
44998
44999 -static struct clk_ops gateclk_ops = {
45000 +static clk_ops_no_const gateclk_ops __read_only = {
45001 .prepare = socfpga_clk_prepare,
45002 .recalc_rate = socfpga_clk_recalc_rate,
45003 .get_parent = socfpga_clk_get_parent,
45004 @@ -202,8 +203,10 @@ static void __init __socfpga_gate_init(struct device_node *node,
45005 socfpga_clk->hw.reg = clk_mgr_base_addr + clk_gate[0];
45006 socfpga_clk->hw.bit_idx = clk_gate[1];
45007
45008 - gateclk_ops.enable = clk_gate_ops.enable;
45009 - gateclk_ops.disable = clk_gate_ops.disable;
45010 + pax_open_kernel();
45011 + const_cast(gateclk_ops.enable) = clk_gate_ops.enable;
45012 + const_cast(gateclk_ops.disable) = clk_gate_ops.disable;
45013 + pax_close_kernel();
45014 }
45015
45016 rc = of_property_read_u32(node, "fixed-divider", &fixed_div);
45017 diff --git a/drivers/clk/socfpga/clk-pll-a10.c b/drivers/clk/socfpga/clk-pll-a10.c
45018 index 35fabe1..d847c53 100644
45019 --- a/drivers/clk/socfpga/clk-pll-a10.c
45020 +++ b/drivers/clk/socfpga/clk-pll-a10.c
45021 @@ -18,6 +18,7 @@
45022 #include <linux/io.h>
45023 #include <linux/of.h>
45024 #include <linux/of_address.h>
45025 +#include <asm/pgtable.h>
45026
45027 #include "clk.h"
45028
45029 @@ -69,7 +70,7 @@ static u8 clk_pll_get_parent(struct clk_hw *hwclk)
45030 CLK_MGR_PLL_CLK_SRC_MASK;
45031 }
45032
45033 -static struct clk_ops clk_pll_ops = {
45034 +static clk_ops_no_const clk_pll_ops __read_only = {
45035 .recalc_rate = clk_pll_recalc_rate,
45036 .get_parent = clk_pll_get_parent,
45037 };
45038 @@ -112,8 +113,10 @@ static struct clk * __init __socfpga_pll_init(struct device_node *node,
45039 pll_clk->hw.hw.init = &init;
45040
45041 pll_clk->hw.bit_idx = SOCFPGA_PLL_EXT_ENA;
45042 - clk_pll_ops.enable = clk_gate_ops.enable;
45043 - clk_pll_ops.disable = clk_gate_ops.disable;
45044 + pax_open_kernel();
45045 + const_cast(clk_pll_ops.enable) = clk_gate_ops.enable;
45046 + const_cast(clk_pll_ops.disable) = clk_gate_ops.disable;
45047 + pax_close_kernel();
45048
45049 clk = clk_register(NULL, &pll_clk->hw.hw);
45050 if (WARN_ON(IS_ERR(clk))) {
45051 diff --git a/drivers/clk/socfpga/clk-pll.c b/drivers/clk/socfpga/clk-pll.c
45052 index c7f4631..8d1b7d0 100644
45053 --- a/drivers/clk/socfpga/clk-pll.c
45054 +++ b/drivers/clk/socfpga/clk-pll.c
45055 @@ -20,6 +20,7 @@
45056 #include <linux/io.h>
45057 #include <linux/of.h>
45058 #include <linux/of_address.h>
45059 +#include <asm/pgtable.h>
45060
45061 #include "clk.h"
45062
45063 @@ -75,7 +76,7 @@ static u8 clk_pll_get_parent(struct clk_hw *hwclk)
45064 CLK_MGR_PLL_CLK_SRC_MASK;
45065 }
45066
45067 -static struct clk_ops clk_pll_ops = {
45068 +static clk_ops_no_const clk_pll_ops __read_only = {
45069 .recalc_rate = clk_pll_recalc_rate,
45070 .get_parent = clk_pll_get_parent,
45071 };
45072 @@ -114,8 +115,10 @@ static __init struct clk *__socfpga_pll_init(struct device_node *node,
45073 pll_clk->hw.hw.init = &init;
45074
45075 pll_clk->hw.bit_idx = SOCFPGA_PLL_EXT_ENA;
45076 - clk_pll_ops.enable = clk_gate_ops.enable;
45077 - clk_pll_ops.disable = clk_gate_ops.disable;
45078 + pax_open_kernel();
45079 + const_cast(clk_pll_ops.enable) = clk_gate_ops.enable;
45080 + const_cast(clk_pll_ops.disable) = clk_gate_ops.disable;
45081 + pax_close_kernel();
45082
45083 clk = clk_register(NULL, &pll_clk->hw.hw);
45084 if (WARN_ON(IS_ERR(clk))) {
45085 diff --git a/drivers/clk/ti/adpll.c b/drivers/clk/ti/adpll.c
45086 index 255cafb..7b41c3b 100644
45087 --- a/drivers/clk/ti/adpll.c
45088 +++ b/drivers/clk/ti/adpll.c
45089 @@ -589,7 +589,7 @@ static int ti_adpll_init_clkout(struct ti_adpll_data *d,
45090 {
45091 struct ti_adpll_clkout_data *co;
45092 struct clk_init_data init;
45093 - struct clk_ops *ops;
45094 + clk_ops_no_const *ops;
45095 const char *parent_names[2];
45096 const char *child_name;
45097 struct clk *clock;
45098 diff --git a/drivers/clk/ti/clk.c b/drivers/clk/ti/clk.c
45099 index 5fcf247..446780a 100644
45100 --- a/drivers/clk/ti/clk.c
45101 +++ b/drivers/clk/ti/clk.c
45102 @@ -25,6 +25,8 @@
45103 #include <linux/regmap.h>
45104 #include <linux/bootmem.h>
45105
45106 +#include <asm/pgtable.h>
45107 +
45108 #include "clock.h"
45109
45110 #undef pr_fmt
45111 @@ -84,8 +86,10 @@ int ti_clk_setup_ll_ops(struct ti_clk_ll_ops *ops)
45112 }
45113
45114 ti_clk_ll_ops = ops;
45115 - ops->clk_readl = clk_memmap_readl;
45116 - ops->clk_writel = clk_memmap_writel;
45117 + pax_open_kernel();
45118 + const_cast(ops->clk_readl) = clk_memmap_readl;
45119 + const_cast(ops->clk_writel) = clk_memmap_writel;
45120 + pax_close_kernel();
45121
45122 return 0;
45123 }
45124 diff --git a/drivers/cpufreq/acpi-cpufreq.c b/drivers/cpufreq/acpi-cpufreq.c
45125 index 297e912..d5661fb 100644
45126 --- a/drivers/cpufreq/acpi-cpufreq.c
45127 +++ b/drivers/cpufreq/acpi-cpufreq.c
45128 @@ -694,8 +694,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
45129 data->acpi_perf_cpu = cpu;
45130 policy->driver_data = data;
45131
45132 - if (cpu_has(c, X86_FEATURE_CONSTANT_TSC))
45133 - acpi_cpufreq_driver.flags |= CPUFREQ_CONST_LOOPS;
45134 + if (cpu_has(c, X86_FEATURE_CONSTANT_TSC)) {
45135 + pax_open_kernel();
45136 + const_cast(acpi_cpufreq_driver.flags) |= CPUFREQ_CONST_LOOPS;
45137 + pax_close_kernel();
45138 + }
45139
45140 result = acpi_processor_register_performance(perf, cpu);
45141 if (result)
45142 @@ -833,7 +836,9 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
45143 policy->cur = acpi_cpufreq_guess_freq(data, policy->cpu);
45144 break;
45145 case ACPI_ADR_SPACE_FIXED_HARDWARE:
45146 - acpi_cpufreq_driver.get = get_cur_freq_on_cpu;
45147 + pax_open_kernel();
45148 + const_cast(acpi_cpufreq_driver.get) = get_cur_freq_on_cpu;
45149 + pax_close_kernel();
45150 break;
45151 default:
45152 break;
45153 @@ -930,8 +935,10 @@ static void __init acpi_cpufreq_boost_init(void)
45154 if (!msrs)
45155 return;
45156
45157 - acpi_cpufreq_driver.set_boost = set_boost;
45158 - acpi_cpufreq_driver.boost_enabled = boost_state(0);
45159 + pax_open_kernel();
45160 + const_cast(acpi_cpufreq_driver.set_boost) = set_boost;
45161 + const_cast(acpi_cpufreq_driver.boost_enabled) = boost_state(0);
45162 + pax_close_kernel();
45163
45164 cpu_notifier_register_begin();
45165
45166 diff --git a/drivers/cpufreq/cpufreq-dt.c b/drivers/cpufreq/cpufreq-dt.c
45167 index 3957de8..fe991bb 100644
45168 --- a/drivers/cpufreq/cpufreq-dt.c
45169 +++ b/drivers/cpufreq/cpufreq-dt.c
45170 @@ -366,7 +366,9 @@ static int dt_cpufreq_probe(struct platform_device *pdev)
45171 if (ret)
45172 return ret;
45173
45174 - dt_cpufreq_driver.driver_data = dev_get_platdata(&pdev->dev);
45175 + pax_open_kernel();
45176 + const_cast(dt_cpufreq_driver.driver_data) = dev_get_platdata(&pdev->dev);
45177 + pax_close_kernel();
45178
45179 ret = cpufreq_register_driver(&dt_cpufreq_driver);
45180 if (ret)
45181 diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
45182 index 3dd4884..6249a29 100644
45183 --- a/drivers/cpufreq/cpufreq.c
45184 +++ b/drivers/cpufreq/cpufreq.c
45185 @@ -528,12 +528,12 @@ EXPORT_SYMBOL_GPL(cpufreq_driver_resolve_freq);
45186 * SYSFS INTERFACE *
45187 *********************************************************************/
45188 static ssize_t show_boost(struct kobject *kobj,
45189 - struct attribute *attr, char *buf)
45190 + struct kobj_attribute *attr, char *buf)
45191 {
45192 return sprintf(buf, "%d\n", cpufreq_driver->boost_enabled);
45193 }
45194
45195 -static ssize_t store_boost(struct kobject *kobj, struct attribute *attr,
45196 +static ssize_t store_boost(struct kobject *kobj, struct kobj_attribute *attr,
45197 const char *buf, size_t count)
45198 {
45199 int ret, enable;
45200 @@ -2150,7 +2150,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)
45201 read_unlock_irqrestore(&cpufreq_driver_lock, flags);
45202
45203 mutex_lock(&cpufreq_governor_mutex);
45204 - list_del(&governor->governor_list);
45205 + pax_list_del(&governor->governor_list);
45206 mutex_unlock(&cpufreq_governor_mutex);
45207 return;
45208 }
45209 @@ -2350,7 +2350,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,
45210 return NOTIFY_OK;
45211 }
45212
45213 -static struct notifier_block __refdata cpufreq_cpu_notifier = {
45214 +static struct notifier_block cpufreq_cpu_notifier = {
45215 .notifier_call = cpufreq_cpu_callback,
45216 };
45217
45218 @@ -2392,13 +2392,17 @@ int cpufreq_boost_trigger_state(int state)
45219 return 0;
45220
45221 write_lock_irqsave(&cpufreq_driver_lock, flags);
45222 - cpufreq_driver->boost_enabled = state;
45223 + pax_open_kernel();
45224 + const_cast(cpufreq_driver->boost_enabled) = state;
45225 + pax_close_kernel();
45226 write_unlock_irqrestore(&cpufreq_driver_lock, flags);
45227
45228 ret = cpufreq_driver->set_boost(state);
45229 if (ret) {
45230 write_lock_irqsave(&cpufreq_driver_lock, flags);
45231 - cpufreq_driver->boost_enabled = !state;
45232 + pax_open_kernel();
45233 + const_cast(cpufreq_driver->boost_enabled) = !state;
45234 + pax_close_kernel();
45235 write_unlock_irqrestore(&cpufreq_driver_lock, flags);
45236
45237 pr_err("%s: Cannot %s BOOST\n",
45238 @@ -2439,7 +2443,9 @@ int cpufreq_enable_boost_support(void)
45239 if (cpufreq_boost_supported())
45240 return 0;
45241
45242 - cpufreq_driver->set_boost = cpufreq_boost_set_sw;
45243 + pax_open_kernel();
45244 + const_cast(cpufreq_driver->set_boost) = cpufreq_boost_set_sw;
45245 + pax_close_kernel();
45246
45247 /* This will get removed on driver unregister */
45248 return create_boost_sysfs_file();
45249 @@ -2496,8 +2502,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
45250 cpufreq_driver = driver_data;
45251 write_unlock_irqrestore(&cpufreq_driver_lock, flags);
45252
45253 - if (driver_data->setpolicy)
45254 - driver_data->flags |= CPUFREQ_CONST_LOOPS;
45255 + if (driver_data->setpolicy) {
45256 + pax_open_kernel();
45257 + const_cast(driver_data->flags) |= CPUFREQ_CONST_LOOPS;
45258 + pax_close_kernel();
45259 + }
45260
45261 if (cpufreq_boost_supported()) {
45262 ret = create_boost_sysfs_file();
45263 diff --git a/drivers/cpufreq/cpufreq_governor.h b/drivers/cpufreq/cpufreq_governor.h
45264 index ef1037e..c832d36 100644
45265 --- a/drivers/cpufreq/cpufreq_governor.h
45266 +++ b/drivers/cpufreq/cpufreq_governor.h
45267 @@ -171,7 +171,7 @@ void cpufreq_dbs_governor_limits(struct cpufreq_policy *policy);
45268 struct od_ops {
45269 unsigned int (*powersave_bias_target)(struct cpufreq_policy *policy,
45270 unsigned int freq_next, unsigned int relation);
45271 -};
45272 +} __no_const;
45273
45274 unsigned int dbs_update(struct cpufreq_policy *policy);
45275 void od_register_powersave_bias_handler(unsigned int (*f)
45276 diff --git a/drivers/cpufreq/cpufreq_ondemand.c b/drivers/cpufreq/cpufreq_ondemand.c
45277 index 3a1f49f..42a478e 100644
45278 --- a/drivers/cpufreq/cpufreq_ondemand.c
45279 +++ b/drivers/cpufreq/cpufreq_ondemand.c
45280 @@ -408,7 +408,7 @@ static void od_start(struct cpufreq_policy *policy)
45281 ondemand_powersave_bias_init(policy);
45282 }
45283
45284 -static struct od_ops od_ops = {
45285 +static struct od_ops od_ops __read_only = {
45286 .powersave_bias_target = generic_powersave_bias_target,
45287 };
45288
45289 @@ -464,14 +464,18 @@ void od_register_powersave_bias_handler(unsigned int (*f)
45290 (struct cpufreq_policy *, unsigned int, unsigned int),
45291 unsigned int powersave_bias)
45292 {
45293 - od_ops.powersave_bias_target = f;
45294 + pax_open_kernel();
45295 + const_cast(od_ops.powersave_bias_target) = f;
45296 + pax_close_kernel();
45297 od_set_powersave_bias(powersave_bias);
45298 }
45299 EXPORT_SYMBOL_GPL(od_register_powersave_bias_handler);
45300
45301 void od_unregister_powersave_bias_handler(void)
45302 {
45303 - od_ops.powersave_bias_target = generic_powersave_bias_target;
45304 + pax_open_kernel();
45305 + const_cast(od_ops.powersave_bias_target) = generic_powersave_bias_target;
45306 + pax_close_kernel();
45307 od_set_powersave_bias(0);
45308 }
45309 EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler);
45310 diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
45311 index b46547e..79b533d 100644
45312 --- a/drivers/cpufreq/intel_pstate.c
45313 +++ b/drivers/cpufreq/intel_pstate.c
45314 @@ -275,13 +275,13 @@ struct pstate_funcs {
45315 struct cpu_defaults {
45316 struct pstate_adjust_policy pid_policy;
45317 struct pstate_funcs funcs;
45318 -};
45319 +} __do_const;
45320
45321 static inline int32_t get_target_pstate_use_performance(struct cpudata *cpu);
45322 static inline int32_t get_target_pstate_use_cpu_load(struct cpudata *cpu);
45323
45324 static struct pstate_adjust_policy pid_params __read_mostly;
45325 -static struct pstate_funcs pstate_funcs __read_mostly;
45326 +static struct pstate_funcs *pstate_funcs __read_mostly;
45327 static int hwp_active __read_mostly;
45328
45329 #ifdef CONFIG_ACPI
45330 @@ -650,13 +650,13 @@ static void __init intel_pstate_debug_expose_params(void)
45331 /************************** sysfs begin ************************/
45332 #define show_one(file_name, object) \
45333 static ssize_t show_##file_name \
45334 - (struct kobject *kobj, struct attribute *attr, char *buf) \
45335 + (struct kobject *kobj, struct kobj_attribute *attr, char *buf) \
45336 { \
45337 return sprintf(buf, "%u\n", limits->object); \
45338 }
45339
45340 static ssize_t show_turbo_pct(struct kobject *kobj,
45341 - struct attribute *attr, char *buf)
45342 + struct kobj_attribute *attr, char *buf)
45343 {
45344 struct cpudata *cpu;
45345 int total, no_turbo, turbo_pct;
45346 @@ -672,7 +672,7 @@ static ssize_t show_turbo_pct(struct kobject *kobj,
45347 }
45348
45349 static ssize_t show_num_pstates(struct kobject *kobj,
45350 - struct attribute *attr, char *buf)
45351 + struct kobj_attribute *attr, char *buf)
45352 {
45353 struct cpudata *cpu;
45354 int total;
45355 @@ -683,7 +683,7 @@ static ssize_t show_num_pstates(struct kobject *kobj,
45356 }
45357
45358 static ssize_t show_no_turbo(struct kobject *kobj,
45359 - struct attribute *attr, char *buf)
45360 + struct kobj_attribute *attr, char *buf)
45361 {
45362 ssize_t ret;
45363
45364 @@ -696,7 +696,7 @@ static ssize_t show_no_turbo(struct kobject *kobj,
45365 return ret;
45366 }
45367
45368 -static ssize_t store_no_turbo(struct kobject *a, struct attribute *b,
45369 +static ssize_t store_no_turbo(struct kobject *a, struct kobj_attribute *b,
45370 const char *buf, size_t count)
45371 {
45372 unsigned int input;
45373 @@ -720,7 +720,7 @@ static ssize_t store_no_turbo(struct kobject *a, struct attribute *b,
45374 return count;
45375 }
45376
45377 -static ssize_t store_max_perf_pct(struct kobject *a, struct attribute *b,
45378 +static ssize_t store_max_perf_pct(struct kobject *a, struct kobj_attribute *b,
45379 const char *buf, size_t count)
45380 {
45381 unsigned int input;
45382 @@ -744,7 +744,7 @@ static ssize_t store_max_perf_pct(struct kobject *a, struct attribute *b,
45383 return count;
45384 }
45385
45386 -static ssize_t store_min_perf_pct(struct kobject *a, struct attribute *b,
45387 +static ssize_t store_min_perf_pct(struct kobject *a, struct kobj_attribute *b,
45388 const char *buf, size_t count)
45389 {
45390 unsigned int input;
45391 @@ -1145,19 +1145,19 @@ static void intel_pstate_set_min_pstate(struct cpudata *cpu)
45392 * right CPU.
45393 */
45394 wrmsrl_on_cpu(cpu->cpu, MSR_IA32_PERF_CTL,
45395 - pstate_funcs.get_val(cpu, pstate));
45396 + pstate_funcs->get_val(cpu, pstate));
45397 }
45398
45399 static void intel_pstate_get_cpu_pstates(struct cpudata *cpu)
45400 {
45401 - cpu->pstate.min_pstate = pstate_funcs.get_min();
45402 - cpu->pstate.max_pstate = pstate_funcs.get_max();
45403 - cpu->pstate.max_pstate_physical = pstate_funcs.get_max_physical();
45404 - cpu->pstate.turbo_pstate = pstate_funcs.get_turbo();
45405 - cpu->pstate.scaling = pstate_funcs.get_scaling();
45406 + cpu->pstate.min_pstate = pstate_funcs->get_min();
45407 + cpu->pstate.max_pstate = pstate_funcs->get_max();
45408 + cpu->pstate.max_pstate_physical = pstate_funcs->get_max_physical();
45409 + cpu->pstate.turbo_pstate = pstate_funcs->get_turbo();
45410 + cpu->pstate.scaling = pstate_funcs->get_scaling();
45411
45412 - if (pstate_funcs.get_vid)
45413 - pstate_funcs.get_vid(cpu);
45414 + if (pstate_funcs->get_vid)
45415 + pstate_funcs->get_vid(cpu);
45416
45417 intel_pstate_set_min_pstate(cpu);
45418 }
45419 @@ -1303,7 +1303,7 @@ static inline void intel_pstate_update_pstate(struct cpudata *cpu, int pstate)
45420 return;
45421
45422 cpu->pstate.current_pstate = pstate;
45423 - wrmsrl(MSR_IA32_PERF_CTL, pstate_funcs.get_val(cpu, pstate));
45424 + wrmsrl(MSR_IA32_PERF_CTL, pstate_funcs->get_val(cpu, pstate));
45425 }
45426
45427 static inline void intel_pstate_adjust_busy_pstate(struct cpudata *cpu)
45428 @@ -1313,7 +1313,7 @@ static inline void intel_pstate_adjust_busy_pstate(struct cpudata *cpu)
45429
45430 from = cpu->pstate.current_pstate;
45431
45432 - target_pstate = pstate_funcs.get_target_pstate(cpu);
45433 + target_pstate = pstate_funcs->get_target_pstate(cpu);
45434
45435 intel_pstate_update_pstate(cpu, target_pstate);
45436
45437 @@ -1601,15 +1601,15 @@ static unsigned int force_load __initdata;
45438
45439 static int __init intel_pstate_msrs_not_valid(void)
45440 {
45441 - if (!pstate_funcs.get_max() ||
45442 - !pstate_funcs.get_min() ||
45443 - !pstate_funcs.get_turbo())
45444 + if (!pstate_funcs->get_max() ||
45445 + !pstate_funcs->get_min() ||
45446 + !pstate_funcs->get_turbo())
45447 return -ENODEV;
45448
45449 return 0;
45450 }
45451
45452 -static void __init copy_pid_params(struct pstate_adjust_policy *policy)
45453 +static void __init copy_pid_params(const struct pstate_adjust_policy *policy)
45454 {
45455 pid_params.sample_rate_ms = policy->sample_rate_ms;
45456 pid_params.sample_rate_ns = pid_params.sample_rate_ms * NSEC_PER_MSEC;
45457 @@ -1622,15 +1622,7 @@ static void __init copy_pid_params(struct pstate_adjust_policy *policy)
45458
45459 static void __init copy_cpu_funcs(struct pstate_funcs *funcs)
45460 {
45461 - pstate_funcs.get_max = funcs->get_max;
45462 - pstate_funcs.get_max_physical = funcs->get_max_physical;
45463 - pstate_funcs.get_min = funcs->get_min;
45464 - pstate_funcs.get_turbo = funcs->get_turbo;
45465 - pstate_funcs.get_scaling = funcs->get_scaling;
45466 - pstate_funcs.get_val = funcs->get_val;
45467 - pstate_funcs.get_vid = funcs->get_vid;
45468 - pstate_funcs.get_target_pstate = funcs->get_target_pstate;
45469 -
45470 + pstate_funcs = funcs;
45471 }
45472
45473 #ifdef CONFIG_ACPI
45474 diff --git a/drivers/cpufreq/p4-clockmod.c b/drivers/cpufreq/p4-clockmod.c
45475 index fd77812..97e3efe 100644
45476 --- a/drivers/cpufreq/p4-clockmod.c
45477 +++ b/drivers/cpufreq/p4-clockmod.c
45478 @@ -130,10 +130,14 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c)
45479 case 0x0F: /* Core Duo */
45480 case 0x16: /* Celeron Core */
45481 case 0x1C: /* Atom */
45482 - p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS;
45483 + pax_open_kernel();
45484 + const_cast(p4clockmod_driver.flags) |= CPUFREQ_CONST_LOOPS;
45485 + pax_close_kernel();
45486 return speedstep_get_frequency(SPEEDSTEP_CPU_PCORE);
45487 case 0x0D: /* Pentium M (Dothan) */
45488 - p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS;
45489 + pax_open_kernel();
45490 + const_cast(p4clockmod_driver.flags) |= CPUFREQ_CONST_LOOPS;
45491 + pax_close_kernel();
45492 /* fall through */
45493 case 0x09: /* Pentium M (Banias) */
45494 return speedstep_get_frequency(SPEEDSTEP_CPU_PM);
45495 @@ -145,7 +149,9 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c)
45496
45497 /* on P-4s, the TSC runs with constant frequency independent whether
45498 * throttling is active or not. */
45499 - p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS;
45500 + pax_open_kernel();
45501 + const_cast(p4clockmod_driver.flags) |= CPUFREQ_CONST_LOOPS;
45502 + pax_close_kernel();
45503
45504 if (speedstep_detect_processor() == SPEEDSTEP_CPU_P4M) {
45505 pr_warn("Warning: Pentium 4-M detected. The speedstep-ich or acpi cpufreq modules offer voltage scaling in addition of frequency scaling. You should use either one instead of p4-clockmod, if possible.\n");
45506 diff --git a/drivers/cpufreq/sparc-us3-cpufreq.c b/drivers/cpufreq/sparc-us3-cpufreq.c
45507 index 9bb42ba..b01b4a2 100644
45508 --- a/drivers/cpufreq/sparc-us3-cpufreq.c
45509 +++ b/drivers/cpufreq/sparc-us3-cpufreq.c
45510 @@ -18,14 +18,12 @@
45511 #include <asm/head.h>
45512 #include <asm/timer.h>
45513
45514 -static struct cpufreq_driver *cpufreq_us3_driver;
45515 -
45516 struct us3_freq_percpu_info {
45517 struct cpufreq_frequency_table table[4];
45518 };
45519
45520 /* Indexed by cpu number. */
45521 -static struct us3_freq_percpu_info *us3_freq_table;
45522 +static struct us3_freq_percpu_info us3_freq_table[NR_CPUS];
45523
45524 /* UltraSPARC-III has three dividers: 1, 2, and 32. These are controlled
45525 * in the Safari config register.
45526 @@ -156,16 +154,27 @@ static int __init us3_freq_cpu_init(struct cpufreq_policy *policy)
45527
45528 static int us3_freq_cpu_exit(struct cpufreq_policy *policy)
45529 {
45530 - if (cpufreq_us3_driver)
45531 - us3_freq_target(policy, 0);
45532 + us3_freq_target(policy, 0);
45533
45534 return 0;
45535 }
45536
45537 +static int __init us3_freq_init(void);
45538 +static void __exit us3_freq_exit(void);
45539 +
45540 +static struct cpufreq_driver cpufreq_us3_driver = {
45541 + .init = us3_freq_cpu_init,
45542 + .verify = cpufreq_generic_frequency_table_verify,
45543 + .target_index = us3_freq_target,
45544 + .get = us3_freq_get,
45545 + .exit = us3_freq_cpu_exit,
45546 + .name = "UltraSPARC-III",
45547 +
45548 +};
45549 +
45550 static int __init us3_freq_init(void)
45551 {
45552 unsigned long manuf, impl, ver;
45553 - int ret;
45554
45555 if (tlb_type != cheetah && tlb_type != cheetah_plus)
45556 return -ENODEV;
45557 @@ -178,55 +187,15 @@ static int __init us3_freq_init(void)
45558 (impl == CHEETAH_IMPL ||
45559 impl == CHEETAH_PLUS_IMPL ||
45560 impl == JAGUAR_IMPL ||
45561 - impl == PANTHER_IMPL)) {
45562 - struct cpufreq_driver *driver;
45563 -
45564 - ret = -ENOMEM;
45565 - driver = kzalloc(sizeof(*driver), GFP_KERNEL);
45566 - if (!driver)
45567 - goto err_out;
45568 -
45569 - us3_freq_table = kzalloc((NR_CPUS * sizeof(*us3_freq_table)),
45570 - GFP_KERNEL);
45571 - if (!us3_freq_table)
45572 - goto err_out;
45573 -
45574 - driver->init = us3_freq_cpu_init;
45575 - driver->verify = cpufreq_generic_frequency_table_verify;
45576 - driver->target_index = us3_freq_target;
45577 - driver->get = us3_freq_get;
45578 - driver->exit = us3_freq_cpu_exit;
45579 - strcpy(driver->name, "UltraSPARC-III");
45580 -
45581 - cpufreq_us3_driver = driver;
45582 - ret = cpufreq_register_driver(driver);
45583 - if (ret)
45584 - goto err_out;
45585 -
45586 - return 0;
45587 -
45588 -err_out:
45589 - if (driver) {
45590 - kfree(driver);
45591 - cpufreq_us3_driver = NULL;
45592 - }
45593 - kfree(us3_freq_table);
45594 - us3_freq_table = NULL;
45595 - return ret;
45596 - }
45597 + impl == PANTHER_IMPL))
45598 + return cpufreq_register_driver(&cpufreq_us3_driver);
45599
45600 return -ENODEV;
45601 }
45602
45603 static void __exit us3_freq_exit(void)
45604 {
45605 - if (cpufreq_us3_driver) {
45606 - cpufreq_unregister_driver(cpufreq_us3_driver);
45607 - kfree(cpufreq_us3_driver);
45608 - cpufreq_us3_driver = NULL;
45609 - kfree(us3_freq_table);
45610 - us3_freq_table = NULL;
45611 - }
45612 + cpufreq_unregister_driver(&cpufreq_us3_driver);
45613 }
45614
45615 MODULE_AUTHOR("David S. Miller <davem@redhat.com>");
45616 diff --git a/drivers/cpufreq/speedstep-centrino.c b/drivers/cpufreq/speedstep-centrino.c
45617 index 41bc539..e46a74d 100644
45618 --- a/drivers/cpufreq/speedstep-centrino.c
45619 +++ b/drivers/cpufreq/speedstep-centrino.c
45620 @@ -352,8 +352,11 @@ static int centrino_cpu_init(struct cpufreq_policy *policy)
45621 !cpu_has(cpu, X86_FEATURE_EST))
45622 return -ENODEV;
45623
45624 - if (cpu_has(cpu, X86_FEATURE_CONSTANT_TSC))
45625 - centrino_driver.flags |= CPUFREQ_CONST_LOOPS;
45626 + if (cpu_has(cpu, X86_FEATURE_CONSTANT_TSC)) {
45627 + pax_open_kernel();
45628 + const_cast(centrino_driver.flags) |= CPUFREQ_CONST_LOOPS;
45629 + pax_close_kernel();
45630 + }
45631
45632 if (policy->cpu != 0)
45633 return -ENODEV;
45634 diff --git a/drivers/cpuidle/driver.c b/drivers/cpuidle/driver.c
45635 index 389ade4..e328b5ce 100644
45636 --- a/drivers/cpuidle/driver.c
45637 +++ b/drivers/cpuidle/driver.c
45638 @@ -193,7 +193,7 @@ static int poll_idle(struct cpuidle_device *dev,
45639
45640 static void poll_idle_init(struct cpuidle_driver *drv)
45641 {
45642 - struct cpuidle_state *state = &drv->states[0];
45643 + cpuidle_state_no_const *state = &drv->states[0];
45644
45645 snprintf(state->name, CPUIDLE_NAME_LEN, "POLL");
45646 snprintf(state->desc, CPUIDLE_DESC_LEN, "CPUIDLE CORE POLL IDLE");
45647 diff --git a/drivers/cpuidle/dt_idle_states.c b/drivers/cpuidle/dt_idle_states.c
45648 index a5c111b..1113002 100644
45649 --- a/drivers/cpuidle/dt_idle_states.c
45650 +++ b/drivers/cpuidle/dt_idle_states.c
45651 @@ -21,7 +21,7 @@
45652
45653 #include "dt_idle_states.h"
45654
45655 -static int init_state_node(struct cpuidle_state *idle_state,
45656 +static int init_state_node(cpuidle_state_no_const *idle_state,
45657 const struct of_device_id *matches,
45658 struct device_node *state_node)
45659 {
45660 diff --git a/drivers/cpuidle/governor.c b/drivers/cpuidle/governor.c
45661 index fb9f511..213e6cc 100644
45662 --- a/drivers/cpuidle/governor.c
45663 +++ b/drivers/cpuidle/governor.c
45664 @@ -87,7 +87,7 @@ int cpuidle_register_governor(struct cpuidle_governor *gov)
45665 mutex_lock(&cpuidle_lock);
45666 if (__cpuidle_find_governor(gov->name) == NULL) {
45667 ret = 0;
45668 - list_add_tail(&gov->governor_list, &cpuidle_governors);
45669 + pax_list_add_tail((struct list_head *)&gov->governor_list, &cpuidle_governors);
45670 if (!cpuidle_curr_governor ||
45671 cpuidle_curr_governor->rating < gov->rating)
45672 cpuidle_switch_governor(gov);
45673 diff --git a/drivers/cpuidle/governors/ladder.c b/drivers/cpuidle/governors/ladder.c
45674 index 63bd5a4..eea2dff 100644
45675 --- a/drivers/cpuidle/governors/ladder.c
45676 +++ b/drivers/cpuidle/governors/ladder.c
45677 @@ -173,6 +173,15 @@ static void ladder_reflect(struct cpuidle_device *dev, int index)
45678
45679 static struct cpuidle_governor ladder_governor = {
45680 .name = "ladder",
45681 + .rating = 25,
45682 + .enable = ladder_enable_device,
45683 + .select = ladder_select_state,
45684 + .reflect = ladder_reflect,
45685 + .owner = THIS_MODULE,
45686 +};
45687 +
45688 +static struct cpuidle_governor ladder_governor_nohz = {
45689 + .name = "ladder",
45690 .rating = 10,
45691 .enable = ladder_enable_device,
45692 .select = ladder_select_state,
45693 @@ -190,10 +199,8 @@ static int __init init_ladder(void)
45694 * governor is better so give it a higher rating than the menu
45695 * governor.
45696 */
45697 - if (!tick_nohz_enabled)
45698 - ladder_governor.rating = 25;
45699
45700 - return cpuidle_register_governor(&ladder_governor);
45701 + return cpuidle_register_governor(tick_nohz_enabled ? &ladder_governor_nohz : &ladder_governor);
45702 }
45703
45704 postcore_initcall(init_ladder);
45705 diff --git a/drivers/cpuidle/sysfs.c b/drivers/cpuidle/sysfs.c
45706 index 832a2c3..1794080 100644
45707 --- a/drivers/cpuidle/sysfs.c
45708 +++ b/drivers/cpuidle/sysfs.c
45709 @@ -135,7 +135,7 @@ static struct attribute *cpuidle_switch_attrs[] = {
45710 NULL
45711 };
45712
45713 -static struct attribute_group cpuidle_attr_group = {
45714 +static attribute_group_no_const cpuidle_attr_group = {
45715 .attrs = cpuidle_default_attrs,
45716 .name = "cpuidle",
45717 };
45718 diff --git a/drivers/crypto/hifn_795x.c b/drivers/crypto/hifn_795x.c
45719 index eee2c7e..268aa3e 100644
45720 --- a/drivers/crypto/hifn_795x.c
45721 +++ b/drivers/crypto/hifn_795x.c
45722 @@ -37,7 +37,7 @@ module_param_string(hifn_pll_ref, hifn_pll_ref, sizeof(hifn_pll_ref), 0444);
45723 MODULE_PARM_DESC(hifn_pll_ref,
45724 "PLL reference clock (pci[freq] or ext[freq], default ext)");
45725
45726 -static atomic_t hifn_dev_number;
45727 +static atomic_unchecked_t hifn_dev_number;
45728
45729 #define ACRYPTO_OP_DECRYPT 0
45730 #define ACRYPTO_OP_ENCRYPT 1
45731 @@ -2483,7 +2483,7 @@ static int hifn_probe(struct pci_dev *pdev, const struct pci_device_id *id)
45732 goto err_out_disable_pci_device;
45733
45734 snprintf(name, sizeof(name), "hifn%d",
45735 - atomic_inc_return(&hifn_dev_number) - 1);
45736 + atomic_inc_return_unchecked(&hifn_dev_number) - 1);
45737
45738 err = pci_request_regions(pdev, name);
45739 if (err)
45740 diff --git a/drivers/crypto/qat/qat_common/adf_aer.c b/drivers/crypto/qat/qat_common/adf_aer.c
45741 index 2839fcc..b40595a 100644
45742 --- a/drivers/crypto/qat/qat_common/adf_aer.c
45743 +++ b/drivers/crypto/qat/qat_common/adf_aer.c
45744 @@ -56,7 +56,7 @@
45745 static struct workqueue_struct *device_reset_wq;
45746
45747 static pci_ers_result_t adf_error_detected(struct pci_dev *pdev,
45748 - pci_channel_state_t state)
45749 + enum pci_channel_state state)
45750 {
45751 struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev);
45752
45753 diff --git a/drivers/crypto/qat/qat_common/adf_sriov.c b/drivers/crypto/qat/qat_common/adf_sriov.c
45754 index 9320ae1..4bf8e7e 100644
45755 --- a/drivers/crypto/qat/qat_common/adf_sriov.c
45756 +++ b/drivers/crypto/qat/qat_common/adf_sriov.c
45757 @@ -93,7 +93,7 @@ static void adf_iov_send_resp(struct work_struct *work)
45758 kfree(pf2vf_resp);
45759 }
45760
45761 -static void adf_vf2pf_bh_handler(void *data)
45762 +static void adf_vf2pf_bh_handler(unsigned long data)
45763 {
45764 struct adf_accel_vf_info *vf_info = (struct adf_accel_vf_info *)data;
45765 struct adf_pf2vf_resp *pf2vf_resp;
45766 @@ -126,7 +126,7 @@ static int adf_enable_sriov(struct adf_accel_dev *accel_dev)
45767 vf_info->vf_nr = i;
45768
45769 tasklet_init(&vf_info->vf2pf_bh_tasklet,
45770 - (void *)adf_vf2pf_bh_handler,
45771 + adf_vf2pf_bh_handler,
45772 (unsigned long)vf_info);
45773 mutex_init(&vf_info->pf2vf_lock);
45774 ratelimit_state_init(&vf_info->vf2pf_ratelimit,
45775 diff --git a/drivers/crypto/qat/qat_common/adf_vf_isr.c b/drivers/crypto/qat/qat_common/adf_vf_isr.c
45776 index bf99e11..a44361c 100644
45777 --- a/drivers/crypto/qat/qat_common/adf_vf_isr.c
45778 +++ b/drivers/crypto/qat/qat_common/adf_vf_isr.c
45779 @@ -112,9 +112,9 @@ static void adf_dev_stop_async(struct work_struct *work)
45780 kfree(stop_data);
45781 }
45782
45783 -static void adf_pf2vf_bh_handler(void *data)
45784 +static void adf_pf2vf_bh_handler(unsigned long data)
45785 {
45786 - struct adf_accel_dev *accel_dev = data;
45787 + struct adf_accel_dev *accel_dev = (struct adf_accel_dev *)data;
45788 struct adf_hw_device_data *hw_data = accel_dev->hw_device;
45789 struct adf_bar *pmisc =
45790 &GET_BARS(accel_dev)[hw_data->get_misc_bar_id(hw_data)];
45791 @@ -183,7 +183,7 @@ err:
45792 static int adf_setup_pf2vf_bh(struct adf_accel_dev *accel_dev)
45793 {
45794 tasklet_init(&accel_dev->vf.pf2vf_bh_tasklet,
45795 - (void *)adf_pf2vf_bh_handler, (unsigned long)accel_dev);
45796 + adf_pf2vf_bh_handler, (unsigned long)accel_dev);
45797
45798 mutex_init(&accel_dev->vf.vf2pf_lock);
45799 return 0;
45800 diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c
45801 index 478006b..fd0efda 100644
45802 --- a/drivers/devfreq/devfreq.c
45803 +++ b/drivers/devfreq/devfreq.c
45804 @@ -802,7 +802,7 @@ int devfreq_add_governor(struct devfreq_governor *governor)
45805 goto err_out;
45806 }
45807
45808 - list_add(&governor->node, &devfreq_governor_list);
45809 + pax_list_add((struct list_head *)&governor->node, &devfreq_governor_list);
45810
45811 list_for_each_entry(devfreq, &devfreq_list, node) {
45812 int ret = 0;
45813 @@ -890,7 +890,7 @@ int devfreq_remove_governor(struct devfreq_governor *governor)
45814 }
45815 }
45816
45817 - list_del(&governor->node);
45818 + pax_list_del((struct list_head *)&governor->node);
45819 err_out:
45820 mutex_unlock(&devfreq_list_lock);
45821
45822 diff --git a/drivers/devfreq/governor_passive.c b/drivers/devfreq/governor_passive.c
45823 index 9ef46e2..775fc75 100644
45824 --- a/drivers/devfreq/governor_passive.c
45825 +++ b/drivers/devfreq/governor_passive.c
45826 @@ -151,7 +151,7 @@ static int devfreq_passive_event_handler(struct devfreq *devfreq,
45827 struct devfreq_passive_data *p_data
45828 = (struct devfreq_passive_data *)devfreq->data;
45829 struct devfreq *parent = (struct devfreq *)p_data->parent;
45830 - struct notifier_block *nb = &p_data->nb;
45831 + notifier_block_no_const *nb = &p_data->nb;
45832 int ret = 0;
45833
45834 if (!parent)
45835 diff --git a/drivers/dma/qcom/hidma.c b/drivers/dma/qcom/hidma.c
45836 index b2374cd..4f1e32c 100644
45837 --- a/drivers/dma/qcom/hidma.c
45838 +++ b/drivers/dma/qcom/hidma.c
45839 @@ -547,7 +547,7 @@ static ssize_t hidma_show_values(struct device *dev,
45840 static int hidma_create_sysfs_entry(struct hidma_dev *dev, char *name,
45841 int mode)
45842 {
45843 - struct device_attribute *attrs;
45844 + device_attribute_no_const *attrs;
45845 char *name_copy;
45846
45847 attrs = devm_kmalloc(dev->ddev.dev, sizeof(struct device_attribute),
45848 diff --git a/drivers/dma/qcom/hidma_mgmt_sys.c b/drivers/dma/qcom/hidma_mgmt_sys.c
45849 index d61f106..a23baa3 100644
45850 --- a/drivers/dma/qcom/hidma_mgmt_sys.c
45851 +++ b/drivers/dma/qcom/hidma_mgmt_sys.c
45852 @@ -194,7 +194,7 @@ static ssize_t set_values_channel(struct kobject *kobj,
45853
45854 static int create_sysfs_entry(struct hidma_mgmt_dev *dev, char *name, int mode)
45855 {
45856 - struct device_attribute *attrs;
45857 + device_attribute_no_const *attrs;
45858 char *name_copy;
45859
45860 attrs = devm_kmalloc(&dev->pdev->dev,
45861 diff --git a/drivers/dma/sh/shdma-base.c b/drivers/dma/sh/shdma-base.c
45862 index 10fcaba..326f709 100644
45863 --- a/drivers/dma/sh/shdma-base.c
45864 +++ b/drivers/dma/sh/shdma-base.c
45865 @@ -227,8 +227,8 @@ static int shdma_alloc_chan_resources(struct dma_chan *chan)
45866 schan->slave_id = -EINVAL;
45867 }
45868
45869 - schan->desc = kcalloc(NR_DESCS_PER_CHANNEL,
45870 - sdev->desc_size, GFP_KERNEL);
45871 + schan->desc = kcalloc(sdev->desc_size,
45872 + NR_DESCS_PER_CHANNEL, GFP_KERNEL);
45873 if (!schan->desc) {
45874 ret = -ENOMEM;
45875 goto edescalloc;
45876 diff --git a/drivers/dma/sh/shdmac.c b/drivers/dma/sh/shdmac.c
45877 index c94ffab..82c11f0 100644
45878 --- a/drivers/dma/sh/shdmac.c
45879 +++ b/drivers/dma/sh/shdmac.c
45880 @@ -513,7 +513,7 @@ static int sh_dmae_nmi_handler(struct notifier_block *self,
45881 return ret;
45882 }
45883
45884 -static struct notifier_block sh_dmae_nmi_notifier __read_mostly = {
45885 +static struct notifier_block sh_dmae_nmi_notifier = {
45886 .notifier_call = sh_dmae_nmi_handler,
45887
45888 /* Run before NMI debug handler and KGDB */
45889 diff --git a/drivers/edac/edac_device.c b/drivers/edac/edac_device.c
45890 index a979003..773b7f0 100644
45891 --- a/drivers/edac/edac_device.c
45892 +++ b/drivers/edac/edac_device.c
45893 @@ -468,9 +468,9 @@ void edac_device_reset_delay_period(struct edac_device_ctl_info *edac_dev,
45894 */
45895 int edac_device_alloc_index(void)
45896 {
45897 - static atomic_t device_indexes = ATOMIC_INIT(0);
45898 + static atomic_unchecked_t device_indexes = ATOMIC_INIT(0);
45899
45900 - return atomic_inc_return(&device_indexes) - 1;
45901 + return atomic_inc_return_unchecked(&device_indexes) - 1;
45902 }
45903 EXPORT_SYMBOL_GPL(edac_device_alloc_index);
45904
45905 diff --git a/drivers/edac/edac_device_sysfs.c b/drivers/edac/edac_device_sysfs.c
45906 index 93da1a4..5e2c149 100644
45907 --- a/drivers/edac/edac_device_sysfs.c
45908 +++ b/drivers/edac/edac_device_sysfs.c
45909 @@ -749,7 +749,7 @@ static int edac_device_add_main_sysfs_attributes(
45910 */
45911 while (sysfs_attrib->attr.name != NULL) {
45912 err = sysfs_create_file(&edac_dev->kobj,
45913 - (struct attribute*) sysfs_attrib);
45914 + &sysfs_attrib->attr);
45915 if (err)
45916 goto err_out;
45917
45918 diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c
45919 index 4e0f8e7..0eb9499 100644
45920 --- a/drivers/edac/edac_mc_sysfs.c
45921 +++ b/drivers/edac/edac_mc_sysfs.c
45922 @@ -50,7 +50,7 @@ int edac_mc_get_poll_msec(void)
45923 return edac_mc_poll_msec;
45924 }
45925
45926 -static int edac_set_poll_msec(const char *val, struct kernel_param *kp)
45927 +static int edac_set_poll_msec(const char *val, const struct kernel_param *kp)
45928 {
45929 unsigned long l;
45930 int ret;
45931 @@ -154,7 +154,7 @@ static const char * const edac_caps[] = {
45932 struct dev_ch_attribute {
45933 struct device_attribute attr;
45934 int channel;
45935 -};
45936 +} __do_const;
45937
45938 #define DEVICE_CHANNEL(_name, _mode, _show, _store, _var) \
45939 static struct dev_ch_attribute dev_attr_legacy_##_name = \
45940 diff --git a/drivers/edac/edac_module.c b/drivers/edac/edac_module.c
45941 index 5f8543b..46aa017 100644
45942 --- a/drivers/edac/edac_module.c
45943 +++ b/drivers/edac/edac_module.c
45944 @@ -19,7 +19,7 @@
45945
45946 #ifdef CONFIG_EDAC_DEBUG
45947
45948 -static int edac_set_debug_level(const char *buf, struct kernel_param *kp)
45949 +static int edac_set_debug_level(const char *buf, const struct kernel_param *kp)
45950 {
45951 unsigned long val;
45952 int ret;
45953 diff --git a/drivers/edac/edac_pci.c b/drivers/edac/edac_pci.c
45954 index 8f2f289..cbb0d7c 100644
45955 --- a/drivers/edac/edac_pci.c
45956 +++ b/drivers/edac/edac_pci.c
45957 @@ -29,7 +29,7 @@
45958
45959 static DEFINE_MUTEX(edac_pci_ctls_mutex);
45960 static LIST_HEAD(edac_pci_list);
45961 -static atomic_t pci_indexes = ATOMIC_INIT(0);
45962 +static atomic_unchecked_t pci_indexes = ATOMIC_INIT(0);
45963
45964 /*
45965 * edac_pci_alloc_ctl_info
45966 @@ -224,7 +224,7 @@ static void edac_pci_workq_function(struct work_struct *work_req)
45967 */
45968 int edac_pci_alloc_index(void)
45969 {
45970 - return atomic_inc_return(&pci_indexes) - 1;
45971 + return atomic_inc_return_unchecked(&pci_indexes) - 1;
45972 }
45973 EXPORT_SYMBOL_GPL(edac_pci_alloc_index);
45974
45975 diff --git a/drivers/edac/edac_pci_sysfs.c b/drivers/edac/edac_pci_sysfs.c
45976 index 6e3428b..9bdb207 100644
45977 --- a/drivers/edac/edac_pci_sysfs.c
45978 +++ b/drivers/edac/edac_pci_sysfs.c
45979 @@ -23,8 +23,8 @@ static int edac_pci_log_pe = 1; /* log PCI parity errors */
45980 static int edac_pci_log_npe = 1; /* log PCI non-parity error errors */
45981 static int edac_pci_poll_msec = 1000; /* one second workq period */
45982
45983 -static atomic_t pci_parity_count = ATOMIC_INIT(0);
45984 -static atomic_t pci_nonparity_count = ATOMIC_INIT(0);
45985 +static atomic_unchecked_t pci_parity_count = ATOMIC_INIT(0);
45986 +static atomic_unchecked_t pci_nonparity_count = ATOMIC_INIT(0);
45987
45988 static struct kobject *edac_pci_top_main_kobj;
45989 static atomic_t edac_pci_sysfs_refcount = ATOMIC_INIT(0);
45990 @@ -232,7 +232,7 @@ struct edac_pci_dev_attribute {
45991 void *value;
45992 ssize_t(*show) (void *, char *);
45993 ssize_t(*store) (void *, const char *, size_t);
45994 -};
45995 +} __do_const;
45996
45997 /* Set of show/store abstract level functions for PCI Parity object */
45998 static ssize_t edac_pci_dev_show(struct kobject *kobj, struct attribute *attr,
45999 @@ -564,7 +564,7 @@ static void edac_pci_dev_parity_test(struct pci_dev *dev)
46000 edac_printk(KERN_CRIT, EDAC_PCI,
46001 "Signaled System Error on %s\n",
46002 pci_name(dev));
46003 - atomic_inc(&pci_nonparity_count);
46004 + atomic_inc_unchecked(&pci_nonparity_count);
46005 }
46006
46007 if (status & (PCI_STATUS_PARITY)) {
46008 @@ -572,7 +572,7 @@ static void edac_pci_dev_parity_test(struct pci_dev *dev)
46009 "Master Data Parity Error on %s\n",
46010 pci_name(dev));
46011
46012 - atomic_inc(&pci_parity_count);
46013 + atomic_inc_unchecked(&pci_parity_count);
46014 }
46015
46016 if (status & (PCI_STATUS_DETECTED_PARITY)) {
46017 @@ -580,7 +580,7 @@ static void edac_pci_dev_parity_test(struct pci_dev *dev)
46018 "Detected Parity Error on %s\n",
46019 pci_name(dev));
46020
46021 - atomic_inc(&pci_parity_count);
46022 + atomic_inc_unchecked(&pci_parity_count);
46023 }
46024 }
46025
46026 @@ -603,7 +603,7 @@ static void edac_pci_dev_parity_test(struct pci_dev *dev)
46027 edac_printk(KERN_CRIT, EDAC_PCI, "Bridge "
46028 "Signaled System Error on %s\n",
46029 pci_name(dev));
46030 - atomic_inc(&pci_nonparity_count);
46031 + atomic_inc_unchecked(&pci_nonparity_count);
46032 }
46033
46034 if (status & (PCI_STATUS_PARITY)) {
46035 @@ -611,7 +611,7 @@ static void edac_pci_dev_parity_test(struct pci_dev *dev)
46036 "Master Data Parity Error on "
46037 "%s\n", pci_name(dev));
46038
46039 - atomic_inc(&pci_parity_count);
46040 + atomic_inc_unchecked(&pci_parity_count);
46041 }
46042
46043 if (status & (PCI_STATUS_DETECTED_PARITY)) {
46044 @@ -619,7 +619,7 @@ static void edac_pci_dev_parity_test(struct pci_dev *dev)
46045 "Detected Parity Error on %s\n",
46046 pci_name(dev));
46047
46048 - atomic_inc(&pci_parity_count);
46049 + atomic_inc_unchecked(&pci_parity_count);
46050 }
46051 }
46052 }
46053 @@ -657,7 +657,7 @@ void edac_pci_do_parity_check(void)
46054 if (!check_pci_errors)
46055 return;
46056
46057 - before_count = atomic_read(&pci_parity_count);
46058 + before_count = atomic_read_unchecked(&pci_parity_count);
46059
46060 /* scan all PCI devices looking for a Parity Error on devices and
46061 * bridges.
46062 @@ -669,7 +669,7 @@ void edac_pci_do_parity_check(void)
46063 /* Only if operator has selected panic on PCI Error */
46064 if (edac_pci_get_panic_on_pe()) {
46065 /* If the count is different 'after' from 'before' */
46066 - if (before_count != atomic_read(&pci_parity_count))
46067 + if (before_count != atomic_read_unchecked(&pci_parity_count))
46068 panic("EDAC: PCI Parity Error");
46069 }
46070 }
46071 diff --git a/drivers/edac/mce_amd.h b/drivers/edac/mce_amd.h
46072 index c2359a1..8bd119d 100644
46073 --- a/drivers/edac/mce_amd.h
46074 +++ b/drivers/edac/mce_amd.h
46075 @@ -74,7 +74,7 @@ struct amd_decoder_ops {
46076 bool (*mc0_mce)(u16, u8);
46077 bool (*mc1_mce)(u16, u8);
46078 bool (*mc2_mce)(u16, u8);
46079 -};
46080 +} __no_const;
46081
46082 void amd_report_gart_errors(bool);
46083 void amd_register_ecc_decoder(void (*f)(int, struct mce *));
46084 diff --git a/drivers/firewire/core-card.c b/drivers/firewire/core-card.c
46085 index 57ea7f4..af06b76 100644
46086 --- a/drivers/firewire/core-card.c
46087 +++ b/drivers/firewire/core-card.c
46088 @@ -528,9 +528,9 @@ void fw_card_initialize(struct fw_card *card,
46089 const struct fw_card_driver *driver,
46090 struct device *device)
46091 {
46092 - static atomic_t index = ATOMIC_INIT(-1);
46093 + static atomic_unchecked_t index = ATOMIC_INIT(-1);
46094
46095 - card->index = atomic_inc_return(&index);
46096 + card->index = atomic_inc_return_unchecked(&index);
46097 card->driver = driver;
46098 card->device = device;
46099 card->current_tlabel = 0;
46100 @@ -680,7 +680,7 @@ EXPORT_SYMBOL_GPL(fw_card_release);
46101
46102 void fw_core_remove_card(struct fw_card *card)
46103 {
46104 - struct fw_card_driver dummy_driver = dummy_driver_template;
46105 + fw_card_driver_no_const dummy_driver = dummy_driver_template;
46106
46107 card->driver->update_phy_reg(card, 4,
46108 PHY_LINK_ACTIVE | PHY_CONTENDER, 0);
46109 diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
46110 index aee149b..2a18960 100644
46111 --- a/drivers/firewire/core-cdev.c
46112 +++ b/drivers/firewire/core-cdev.c
46113 @@ -970,7 +970,7 @@ static int ioctl_create_iso_context(struct client *client, union ioctl_arg *arg)
46114 {
46115 struct fw_cdev_create_iso_context *a = &arg->create_iso_context;
46116 struct fw_iso_context *context;
46117 - fw_iso_callback_t cb;
46118 + void *cb;
46119 int ret;
46120
46121 BUILD_BUG_ON(FW_CDEV_ISO_CONTEXT_TRANSMIT != FW_ISO_CONTEXT_TRANSMIT ||
46122 @@ -995,7 +995,7 @@ static int ioctl_create_iso_context(struct client *client, union ioctl_arg *arg)
46123 break;
46124
46125 case FW_ISO_CONTEXT_RECEIVE_MULTICHANNEL:
46126 - cb = (fw_iso_callback_t)iso_mc_callback;
46127 + cb = iso_mc_callback;
46128 break;
46129
46130 default:
46131 diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c
46132 index f9e3aee..269dbdb 100644
46133 --- a/drivers/firewire/core-device.c
46134 +++ b/drivers/firewire/core-device.c
46135 @@ -256,7 +256,7 @@ EXPORT_SYMBOL(fw_device_enable_phys_dma);
46136 struct config_rom_attribute {
46137 struct device_attribute attr;
46138 u32 key;
46139 -};
46140 +} __do_const;
46141
46142 static ssize_t show_immediate(struct device *dev,
46143 struct device_attribute *dattr, char *buf)
46144 diff --git a/drivers/firewire/core-iso.c b/drivers/firewire/core-iso.c
46145 index 38c0aa6..95466e4 100644
46146 --- a/drivers/firewire/core-iso.c
46147 +++ b/drivers/firewire/core-iso.c
46148 @@ -162,7 +162,7 @@ size_t fw_iso_buffer_lookup(struct fw_iso_buffer *buffer, dma_addr_t completed)
46149
46150 struct fw_iso_context *fw_iso_context_create(struct fw_card *card,
46151 int type, int channel, int speed, size_t header_size,
46152 - fw_iso_callback_t callback, void *callback_data)
46153 + void *callback, void *callback_data)
46154 {
46155 struct fw_iso_context *ctx;
46156
46157 diff --git a/drivers/firewire/core-transaction.c b/drivers/firewire/core-transaction.c
46158 index d6a09b9..18e90dd 100644
46159 --- a/drivers/firewire/core-transaction.c
46160 +++ b/drivers/firewire/core-transaction.c
46161 @@ -38,6 +38,7 @@
46162 #include <linux/timer.h>
46163 #include <linux/types.h>
46164 #include <linux/workqueue.h>
46165 +#include <linux/sched.h>
46166
46167 #include <asm/byteorder.h>
46168
46169 diff --git a/drivers/firewire/core.h b/drivers/firewire/core.h
46170 index e1480ff6..1a429bd 100644
46171 --- a/drivers/firewire/core.h
46172 +++ b/drivers/firewire/core.h
46173 @@ -111,6 +111,7 @@ struct fw_card_driver {
46174
46175 int (*stop_iso)(struct fw_iso_context *ctx);
46176 };
46177 +typedef struct fw_card_driver __no_const fw_card_driver_no_const;
46178
46179 void fw_card_initialize(struct fw_card *card,
46180 const struct fw_card_driver *driver, struct device *device);
46181 diff --git a/drivers/firewire/ohci.c b/drivers/firewire/ohci.c
46182 index 8bf8926..55a4930 100644
46183 --- a/drivers/firewire/ohci.c
46184 +++ b/drivers/firewire/ohci.c
46185 @@ -2049,10 +2049,12 @@ static void bus_reset_work(struct work_struct *work)
46186 be32_to_cpu(ohci->next_header));
46187 }
46188
46189 +#ifndef CONFIG_GRKERNSEC
46190 if (param_remote_dma) {
46191 reg_write(ohci, OHCI1394_PhyReqFilterHiSet, ~0);
46192 reg_write(ohci, OHCI1394_PhyReqFilterLoSet, ~0);
46193 }
46194 +#endif
46195
46196 spin_unlock_irq(&ohci->lock);
46197
46198 @@ -2585,8 +2587,10 @@ static int ohci_enable_phys_dma(struct fw_card *card,
46199 unsigned long flags;
46200 int n, ret = 0;
46201
46202 +#ifndef CONFIG_GRKERNSEC
46203 if (param_remote_dma)
46204 return 0;
46205 +#endif
46206
46207 /*
46208 * FIXME: Make sure this bitmask is cleared when we clear the busReset
46209 diff --git a/drivers/firmware/dmi-id.c b/drivers/firmware/dmi-id.c
46210 index 44c0139..5252697 100644
46211 --- a/drivers/firmware/dmi-id.c
46212 +++ b/drivers/firmware/dmi-id.c
46213 @@ -16,7 +16,7 @@
46214 struct dmi_device_attribute{
46215 struct device_attribute dev_attr;
46216 int field;
46217 -};
46218 +} __do_const;
46219 #define to_dmi_dev_attr(_dev_attr) \
46220 container_of(_dev_attr, struct dmi_device_attribute, dev_attr)
46221
46222 @@ -159,9 +159,14 @@ static int dmi_dev_uevent(struct device *dev, struct kobj_uevent_env *env)
46223 return 0;
46224 }
46225
46226 +static void dmi_dev_release(struct device *dev)
46227 +{
46228 + kfree(dev);
46229 +}
46230 +
46231 static struct class dmi_class = {
46232 .name = "dmi",
46233 - .dev_release = (void(*)(struct device *)) kfree,
46234 + .dev_release = dmi_dev_release,
46235 .dev_uevent = dmi_dev_uevent,
46236 };
46237
46238 diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c
46239 index 88bebe1..e599fad 100644
46240 --- a/drivers/firmware/dmi_scan.c
46241 +++ b/drivers/firmware/dmi_scan.c
46242 @@ -712,14 +712,18 @@ static int __init dmi_init(void)
46243 if (!dmi_table)
46244 goto err_tables;
46245
46246 - bin_attr_smbios_entry_point.size = smbios_entry_point_size;
46247 - bin_attr_smbios_entry_point.private = smbios_entry_point;
46248 + pax_open_kernel();
46249 + const_cast(bin_attr_smbios_entry_point.size) = smbios_entry_point_size;
46250 + const_cast(bin_attr_smbios_entry_point.private) = smbios_entry_point;
46251 + pax_close_kernel();
46252 ret = sysfs_create_bin_file(tables_kobj, &bin_attr_smbios_entry_point);
46253 if (ret)
46254 goto err_unmap;
46255
46256 - bin_attr_DMI.size = dmi_len;
46257 - bin_attr_DMI.private = dmi_table;
46258 + pax_open_kernel();
46259 + const_cast(bin_attr_DMI.size) = dmi_len;
46260 + const_cast(bin_attr_DMI.private) = dmi_table;
46261 + pax_close_kernel();
46262 ret = sysfs_create_bin_file(tables_kobj, &bin_attr_DMI);
46263 if (!ret)
46264 return 0;
46265 diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c
46266 index d425374..1da1716 100644
46267 --- a/drivers/firmware/efi/cper.c
46268 +++ b/drivers/firmware/efi/cper.c
46269 @@ -44,12 +44,12 @@ static char rcd_decode_str[CPER_REC_LEN];
46270 */
46271 u64 cper_next_record_id(void)
46272 {
46273 - static atomic64_t seq;
46274 + static atomic64_unchecked_t seq;
46275
46276 - if (!atomic64_read(&seq))
46277 - atomic64_set(&seq, ((u64)get_seconds()) << 32);
46278 + if (!atomic64_read_unchecked(&seq))
46279 + atomic64_set_unchecked(&seq, ((u64)get_seconds()) << 32);
46280
46281 - return atomic64_inc_return(&seq);
46282 + return atomic64_inc_return_unchecked(&seq);
46283 }
46284 EXPORT_SYMBOL_GPL(cper_next_record_id);
46285
46286 diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
46287 index 7dd2e2d..15990ac 100644
46288 --- a/drivers/firmware/efi/efi.c
46289 +++ b/drivers/firmware/efi/efi.c
46290 @@ -180,15 +180,17 @@ static struct attribute_group efi_subsys_attr_group = {
46291 };
46292
46293 static struct efivars generic_efivars;
46294 -static struct efivar_operations generic_ops;
46295 +static efivar_operations_no_const generic_ops __read_only;
46296
46297 static int generic_ops_register(void)
46298 {
46299 - generic_ops.get_variable = efi.get_variable;
46300 - generic_ops.set_variable = efi.set_variable;
46301 - generic_ops.set_variable_nonblocking = efi.set_variable_nonblocking;
46302 - generic_ops.get_next_variable = efi.get_next_variable;
46303 - generic_ops.query_variable_store = efi_query_variable_store;
46304 + pax_open_kernel();
46305 + const_cast(generic_ops.get_variable) = efi.get_variable;
46306 + const_cast(generic_ops.set_variable) = efi.set_variable;
46307 + const_cast(generic_ops.set_variable_nonblocking) = efi.set_variable_nonblocking;
46308 + const_cast(generic_ops.get_next_variable) = efi.get_next_variable;
46309 + const_cast(generic_ops.query_variable_store) = efi_query_variable_store;
46310 + pax_close_kernel();
46311
46312 return efivars_register(&generic_efivars, &generic_ops, efi_kobj);
46313 }
46314 diff --git a/drivers/firmware/efi/efivars.c b/drivers/firmware/efi/efivars.c
46315 index 116b244..b16d9f2 100644
46316 --- a/drivers/firmware/efi/efivars.c
46317 +++ b/drivers/firmware/efi/efivars.c
46318 @@ -583,7 +583,7 @@ efivar_create_sysfs_entry(struct efivar_entry *new_var)
46319 static int
46320 create_efivars_bin_attributes(void)
46321 {
46322 - struct bin_attribute *attr;
46323 + bin_attribute_no_const *attr;
46324 int error;
46325
46326 /* new_var */
46327 diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
46328 index c069451..fca41b6 100644
46329 --- a/drivers/firmware/efi/libstub/Makefile
46330 +++ b/drivers/firmware/efi/libstub/Makefile
46331 @@ -20,6 +20,8 @@ KBUILD_CFLAGS := $(cflags-y) -DDISABLE_BRANCH_PROFILING \
46332 $(call cc-option,-ffreestanding) \
46333 $(call cc-option,-fno-stack-protector)
46334
46335 +KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS))
46336 +
46337 GCOV_PROFILE := n
46338 KASAN_SANITIZE := n
46339 UBSAN_SANITIZE := n
46340 diff --git a/drivers/firmware/efi/runtime-map.c b/drivers/firmware/efi/runtime-map.c
46341 index 5c55227..97f4978 100644
46342 --- a/drivers/firmware/efi/runtime-map.c
46343 +++ b/drivers/firmware/efi/runtime-map.c
46344 @@ -97,7 +97,7 @@ static void map_release(struct kobject *kobj)
46345 kfree(entry);
46346 }
46347
46348 -static struct kobj_type __refdata map_ktype = {
46349 +static const struct kobj_type __refconst map_ktype = {
46350 .sysfs_ops = &map_attr_ops,
46351 .default_attrs = def_attrs,
46352 .release = map_release,
46353 diff --git a/drivers/firmware/google/gsmi.c b/drivers/firmware/google/gsmi.c
46354 index f1ab05e..ab51228 100644
46355 --- a/drivers/firmware/google/gsmi.c
46356 +++ b/drivers/firmware/google/gsmi.c
46357 @@ -709,7 +709,7 @@ static u32 __init hash_oem_table_id(char s[8])
46358 return local_hash_64(input, 32);
46359 }
46360
46361 -static struct dmi_system_id gsmi_dmi_table[] __initdata = {
46362 +static const struct dmi_system_id gsmi_dmi_table[] __initconst = {
46363 {
46364 .ident = "Google Board",
46365 .matches = {
46366 diff --git a/drivers/firmware/google/memconsole.c b/drivers/firmware/google/memconsole.c
46367 index 2f569aa..3af5497 100644
46368 --- a/drivers/firmware/google/memconsole.c
46369 +++ b/drivers/firmware/google/memconsole.c
46370 @@ -136,7 +136,7 @@ static bool __init found_memconsole(void)
46371 return false;
46372 }
46373
46374 -static struct dmi_system_id memconsole_dmi_table[] __initdata = {
46375 +static const struct dmi_system_id memconsole_dmi_table[] __initconst = {
46376 {
46377 .ident = "Google Board",
46378 .matches = {
46379 @@ -155,7 +155,10 @@ static int __init memconsole_init(void)
46380 if (!found_memconsole())
46381 return -ENODEV;
46382
46383 - memconsole_bin_attr.size = memconsole_length;
46384 + pax_open_kernel();
46385 + const_cast(memconsole_bin_attr.size) = memconsole_length;
46386 + pax_close_kernel();
46387 +
46388 return sysfs_create_bin_file(firmware_kobj, &memconsole_bin_attr);
46389 }
46390
46391 diff --git a/drivers/firmware/memmap.c b/drivers/firmware/memmap.c
46392 index 5de3ed2..d839c56 100644
46393 --- a/drivers/firmware/memmap.c
46394 +++ b/drivers/firmware/memmap.c
46395 @@ -124,7 +124,7 @@ static void __meminit release_firmware_map_entry(struct kobject *kobj)
46396 kfree(entry);
46397 }
46398
46399 -static struct kobj_type __refdata memmap_ktype = {
46400 +static const struct kobj_type __refconst memmap_ktype = {
46401 .release = release_firmware_map_entry,
46402 .sysfs_ops = &memmap_attr_ops,
46403 .default_attrs = def_attrs,
46404 diff --git a/drivers/firmware/psci.c b/drivers/firmware/psci.c
46405 index 8263429..d0ef61f 100644
46406 --- a/drivers/firmware/psci.c
46407 +++ b/drivers/firmware/psci.c
46408 @@ -59,7 +59,7 @@ bool psci_tos_resident_on(int cpu)
46409 return cpu == resident_cpu;
46410 }
46411
46412 -struct psci_operations psci_ops;
46413 +struct psci_operations psci_ops __read_only;
46414
46415 typedef unsigned long (psci_fn)(unsigned long, unsigned long,
46416 unsigned long, unsigned long);
46417 diff --git a/drivers/gpio/gpio-davinci.c b/drivers/gpio/gpio-davinci.c
46418 index dd262f0..2834a84 100644
46419 --- a/drivers/gpio/gpio-davinci.c
46420 +++ b/drivers/gpio/gpio-davinci.c
46421 @@ -440,9 +440,9 @@ static struct irq_chip *davinci_gpio_get_irq_chip(unsigned int irq)
46422 return &gpio_unbanked.chip;
46423 };
46424
46425 -static struct irq_chip *keystone_gpio_get_irq_chip(unsigned int irq)
46426 +static irq_chip_no_const *keystone_gpio_get_irq_chip(unsigned int irq)
46427 {
46428 - static struct irq_chip gpio_unbanked;
46429 + static irq_chip_no_const gpio_unbanked;
46430
46431 gpio_unbanked = *irq_get_chip(irq);
46432 return &gpio_unbanked;
46433 @@ -472,7 +472,7 @@ static int davinci_gpio_irq_setup(struct platform_device *pdev)
46434 struct davinci_gpio_regs __iomem *g;
46435 struct irq_domain *irq_domain = NULL;
46436 const struct of_device_id *match;
46437 - struct irq_chip *irq_chip;
46438 + irq_chip_no_const *irq_chip;
46439 gpio_get_irq_chip_cb_t gpio_get_irq_chip;
46440
46441 /*
46442 diff --git a/drivers/gpio/gpio-em.c b/drivers/gpio/gpio-em.c
46443 index 8d32ccc..2d2ca61 100644
46444 --- a/drivers/gpio/gpio-em.c
46445 +++ b/drivers/gpio/gpio-em.c
46446 @@ -274,7 +274,7 @@ static int em_gio_probe(struct platform_device *pdev)
46447 struct em_gio_priv *p;
46448 struct resource *io[2], *irq[2];
46449 struct gpio_chip *gpio_chip;
46450 - struct irq_chip *irq_chip;
46451 + irq_chip_no_const *irq_chip;
46452 const char *name = dev_name(&pdev->dev);
46453 unsigned int ngpios;
46454 int ret;
46455 diff --git a/drivers/gpio/gpio-ich.c b/drivers/gpio/gpio-ich.c
46456 index 4f6d643..eb4655c 100644
46457 --- a/drivers/gpio/gpio-ich.c
46458 +++ b/drivers/gpio/gpio-ich.c
46459 @@ -95,7 +95,7 @@ struct ichx_desc {
46460 * this option allows driver caching written output values
46461 */
46462 bool use_outlvl_cache;
46463 -};
46464 +} __do_const;
46465
46466 static struct {
46467 spinlock_t lock;
46468 diff --git a/drivers/gpio/gpio-mpc8xxx.c b/drivers/gpio/gpio-mpc8xxx.c
46469 index 793518a..80ebce3 100644
46470 --- a/drivers/gpio/gpio-mpc8xxx.c
46471 +++ b/drivers/gpio/gpio-mpc8xxx.c
46472 @@ -226,7 +226,7 @@ static int mpc512x_irq_set_type(struct irq_data *d, unsigned int flow_type)
46473 return 0;
46474 }
46475
46476 -static struct irq_chip mpc8xxx_irq_chip = {
46477 +static irq_chip_no_const mpc8xxx_irq_chip __read_only = {
46478 .name = "mpc8xxx-gpio",
46479 .irq_unmask = mpc8xxx_irq_unmask,
46480 .irq_mask = mpc8xxx_irq_mask,
46481 @@ -337,7 +337,9 @@ static int mpc8xxx_probe(struct platform_device *pdev)
46482 * It's assumed that only a single type of gpio controller is available
46483 * on the current machine, so overwriting global data is fine.
46484 */
46485 - mpc8xxx_irq_chip.irq_set_type = devtype->irq_set_type;
46486 + pax_open_kernel();
46487 + const_cast(mpc8xxx_irq_chip.irq_set_type) = devtype->irq_set_type;
46488 + pax_close_kernel();
46489
46490 if (devtype->gpio_dir_out)
46491 gc->direction_output = devtype->gpio_dir_out;
46492 diff --git a/drivers/gpio/gpio-omap.c b/drivers/gpio/gpio-omap.c
46493 index b98ede7..c83e860 100644
46494 --- a/drivers/gpio/gpio-omap.c
46495 +++ b/drivers/gpio/gpio-omap.c
46496 @@ -1029,7 +1029,7 @@ static void omap_gpio_mod_init(struct gpio_bank *bank)
46497 writel_relaxed(0, base + bank->regs->ctrl);
46498 }
46499
46500 -static int omap_gpio_chip_init(struct gpio_bank *bank, struct irq_chip *irqc)
46501 +static int omap_gpio_chip_init(struct gpio_bank *bank, irq_chip_no_const *irqc)
46502 {
46503 static int gpio;
46504 int irq_base = 0;
46505 @@ -1119,7 +1119,7 @@ static int omap_gpio_probe(struct platform_device *pdev)
46506 const struct omap_gpio_platform_data *pdata;
46507 struct resource *res;
46508 struct gpio_bank *bank;
46509 - struct irq_chip *irqc;
46510 + irq_chip_no_const *irqc;
46511 int ret;
46512
46513 match = of_match_device(of_match_ptr(omap_gpio_match), dev);
46514 diff --git a/drivers/gpio/gpio-rcar.c b/drivers/gpio/gpio-rcar.c
46515 index b96e0b4..c1e1b16 100644
46516 --- a/drivers/gpio/gpio-rcar.c
46517 +++ b/drivers/gpio/gpio-rcar.c
46518 @@ -391,7 +391,7 @@ static int gpio_rcar_probe(struct platform_device *pdev)
46519 struct gpio_rcar_priv *p;
46520 struct resource *io, *irq;
46521 struct gpio_chip *gpio_chip;
46522 - struct irq_chip *irq_chip;
46523 + irq_chip_no_const *irq_chip;
46524 struct device *dev = &pdev->dev;
46525 const char *name = dev_name(dev);
46526 unsigned int npins;
46527 diff --git a/drivers/gpio/gpio-vr41xx.c b/drivers/gpio/gpio-vr41xx.c
46528 index ac8deb0..f3caa10 100644
46529 --- a/drivers/gpio/gpio-vr41xx.c
46530 +++ b/drivers/gpio/gpio-vr41xx.c
46531 @@ -224,7 +224,7 @@ static int giu_get_irq(unsigned int irq)
46532 printk(KERN_ERR "spurious GIU interrupt: %04x(%04x),%04x(%04x)\n",
46533 maskl, pendl, maskh, pendh);
46534
46535 - atomic_inc(&irq_err_count);
46536 + atomic_inc_unchecked(&irq_err_count);
46537
46538 return -EINVAL;
46539 }
46540 diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
46541 index 53ff25a..6f88b8f 100644
46542 --- a/drivers/gpio/gpiolib.c
46543 +++ b/drivers/gpio/gpiolib.c
46544 @@ -1558,8 +1558,10 @@ static void gpiochip_irqchip_remove(struct gpio_chip *gpiochip)
46545 }
46546
46547 if (gpiochip->irqchip) {
46548 - gpiochip->irqchip->irq_request_resources = NULL;
46549 - gpiochip->irqchip->irq_release_resources = NULL;
46550 + pax_open_kernel();
46551 + const_cast(gpiochip->irqchip->irq_request_resources) = NULL;
46552 + const_cast(gpiochip->irqchip->irq_release_resources) = NULL;
46553 + pax_close_kernel();
46554 gpiochip->irqchip = NULL;
46555 }
46556 }
46557 @@ -1636,8 +1638,10 @@ int _gpiochip_irqchip_add(struct gpio_chip *gpiochip,
46558 */
46559 if (!irqchip->irq_request_resources &&
46560 !irqchip->irq_release_resources) {
46561 - irqchip->irq_request_resources = gpiochip_irq_reqres;
46562 - irqchip->irq_release_resources = gpiochip_irq_relres;
46563 + pax_open_kernel();
46564 + const_cast(irqchip->irq_request_resources) = gpiochip_irq_reqres;
46565 + const_cast(irqchip->irq_release_resources) = gpiochip_irq_relres;
46566 + pax_close_kernel();
46567 }
46568
46569 /*
46570 diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu.h b/drivers/gpu/drm/amd/amdgpu/amdgpu.h
46571 index 700c56b..267fde4 100644
46572 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h
46573 +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h
46574 @@ -1796,7 +1796,7 @@ int amdgpu_debugfs_firmware_init(struct amdgpu_device *adev);
46575 * amdgpu smumgr functions
46576 */
46577 struct amdgpu_smumgr_funcs {
46578 - int (*check_fw_load_finish)(struct amdgpu_device *adev, uint32_t fwtype);
46579 + int (*check_fw_load_finish)(struct amdgpu_device *adev, enum AMDGPU_UCODE_ID fwtype);
46580 int (*request_smu_load_fw)(struct amdgpu_device *adev);
46581 int (*request_smu_specific_fw)(struct amdgpu_device *adev, uint32_t fwtype);
46582 };
46583 diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c
46584 index 10b5ddf..ed2f78d 100644
46585 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c
46586 +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c
46587 @@ -519,7 +519,7 @@ static int amdgpu_atpx_init(void)
46588 * look up whether we are the integrated or discrete GPU (all asics).
46589 * Returns the client id.
46590 */
46591 -static int amdgpu_atpx_get_client_id(struct pci_dev *pdev)
46592 +static enum vga_switcheroo_client_id amdgpu_atpx_get_client_id(struct pci_dev *pdev)
46593 {
46594 if (amdgpu_atpx_priv.dhandle == ACPI_HANDLE(&pdev->dev))
46595 return VGA_SWITCHEROO_IGD;
46596 diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c
46597 index bc0440f..ab93c5e 100644
46598 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c
46599 +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c
46600 @@ -1118,50 +1118,50 @@ static int amdgpu_cgs_call_acpi_method(struct cgs_device *cgs_device,
46601 }
46602
46603 static const struct cgs_ops amdgpu_cgs_ops = {
46604 - amdgpu_cgs_gpu_mem_info,
46605 - amdgpu_cgs_gmap_kmem,
46606 - amdgpu_cgs_gunmap_kmem,
46607 - amdgpu_cgs_alloc_gpu_mem,
46608 - amdgpu_cgs_free_gpu_mem,
46609 - amdgpu_cgs_gmap_gpu_mem,
46610 - amdgpu_cgs_gunmap_gpu_mem,
46611 - amdgpu_cgs_kmap_gpu_mem,
46612 - amdgpu_cgs_kunmap_gpu_mem,
46613 - amdgpu_cgs_read_register,
46614 - amdgpu_cgs_write_register,
46615 - amdgpu_cgs_read_ind_register,
46616 - amdgpu_cgs_write_ind_register,
46617 - amdgpu_cgs_read_pci_config_byte,
46618 - amdgpu_cgs_read_pci_config_word,
46619 - amdgpu_cgs_read_pci_config_dword,
46620 - amdgpu_cgs_write_pci_config_byte,
46621 - amdgpu_cgs_write_pci_config_word,
46622 - amdgpu_cgs_write_pci_config_dword,
46623 - amdgpu_cgs_get_pci_resource,
46624 - amdgpu_cgs_atom_get_data_table,
46625 - amdgpu_cgs_atom_get_cmd_table_revs,
46626 - amdgpu_cgs_atom_exec_cmd_table,
46627 - amdgpu_cgs_create_pm_request,
46628 - amdgpu_cgs_destroy_pm_request,
46629 - amdgpu_cgs_set_pm_request,
46630 - amdgpu_cgs_pm_request_clock,
46631 - amdgpu_cgs_pm_request_engine,
46632 - amdgpu_cgs_pm_query_clock_limits,
46633 - amdgpu_cgs_set_camera_voltages,
46634 - amdgpu_cgs_get_firmware_info,
46635 - amdgpu_cgs_rel_firmware,
46636 - amdgpu_cgs_set_powergating_state,
46637 - amdgpu_cgs_set_clockgating_state,
46638 - amdgpu_cgs_get_active_displays_info,
46639 - amdgpu_cgs_notify_dpm_enabled,
46640 - amdgpu_cgs_call_acpi_method,
46641 - amdgpu_cgs_query_system_info,
46642 + .gpu_mem_info = amdgpu_cgs_gpu_mem_info,
46643 + .gmap_kmem = amdgpu_cgs_gmap_kmem,
46644 + .gunmap_kmem = amdgpu_cgs_gunmap_kmem,
46645 + .alloc_gpu_mem = amdgpu_cgs_alloc_gpu_mem,
46646 + .free_gpu_mem = amdgpu_cgs_free_gpu_mem,
46647 + .gmap_gpu_mem = amdgpu_cgs_gmap_gpu_mem,
46648 + .gunmap_gpu_mem = amdgpu_cgs_gunmap_gpu_mem,
46649 + .kmap_gpu_mem = amdgpu_cgs_kmap_gpu_mem,
46650 + .kunmap_gpu_mem = amdgpu_cgs_kunmap_gpu_mem,
46651 + .read_register = amdgpu_cgs_read_register,
46652 + .write_register = amdgpu_cgs_write_register,
46653 + .read_ind_register = amdgpu_cgs_read_ind_register,
46654 + .write_ind_register = amdgpu_cgs_write_ind_register,
46655 + .read_pci_config_byte = amdgpu_cgs_read_pci_config_byte,
46656 + .read_pci_config_word = amdgpu_cgs_read_pci_config_word,
46657 + .read_pci_config_dword = amdgpu_cgs_read_pci_config_dword,
46658 + .write_pci_config_byte = amdgpu_cgs_write_pci_config_byte,
46659 + .write_pci_config_word = amdgpu_cgs_write_pci_config_word,
46660 + .write_pci_config_dword = amdgpu_cgs_write_pci_config_dword,
46661 + .get_pci_resource = amdgpu_cgs_get_pci_resource,
46662 + .atom_get_data_table = amdgpu_cgs_atom_get_data_table,
46663 + .atom_get_cmd_table_revs = amdgpu_cgs_atom_get_cmd_table_revs,
46664 + .atom_exec_cmd_table = amdgpu_cgs_atom_exec_cmd_table,
46665 + .create_pm_request = amdgpu_cgs_create_pm_request,
46666 + .destroy_pm_request = amdgpu_cgs_destroy_pm_request,
46667 + .set_pm_request = amdgpu_cgs_set_pm_request,
46668 + .pm_request_clock = amdgpu_cgs_pm_request_clock,
46669 + .pm_request_engine = amdgpu_cgs_pm_request_engine,
46670 + .pm_query_clock_limits = amdgpu_cgs_pm_query_clock_limits,
46671 + .set_camera_voltages = amdgpu_cgs_set_camera_voltages,
46672 + .get_firmware_info = amdgpu_cgs_get_firmware_info,
46673 + .rel_firmware = amdgpu_cgs_rel_firmware,
46674 + .set_powergating_state = amdgpu_cgs_set_powergating_state,
46675 + .set_clockgating_state = amdgpu_cgs_set_clockgating_state,
46676 + .get_active_displays_info = amdgpu_cgs_get_active_displays_info,
46677 + .notify_dpm_enabled = amdgpu_cgs_notify_dpm_enabled,
46678 + .call_acpi_method = amdgpu_cgs_call_acpi_method,
46679 + .query_system_info = amdgpu_cgs_query_system_info
46680 };
46681
46682 static const struct cgs_os_ops amdgpu_cgs_os_ops = {
46683 - amdgpu_cgs_add_irq_source,
46684 - amdgpu_cgs_irq_get,
46685 - amdgpu_cgs_irq_put
46686 + .add_irq_source = amdgpu_cgs_add_irq_source,
46687 + .irq_get = amdgpu_cgs_irq_get,
46688 + .irq_put = amdgpu_cgs_irq_put
46689 };
46690
46691 struct cgs_device *amdgpu_cgs_create_device(struct amdgpu_device *adev)
46692 diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
46693 index ff0b55a..c58880e 100644
46694 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
46695 +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
46696 @@ -701,7 +701,7 @@ static int amdgpu_connector_lvds_get_modes(struct drm_connector *connector)
46697 return ret;
46698 }
46699
46700 -static int amdgpu_connector_lvds_mode_valid(struct drm_connector *connector,
46701 +static enum drm_mode_status amdgpu_connector_lvds_mode_valid(struct drm_connector *connector,
46702 struct drm_display_mode *mode)
46703 {
46704 struct drm_encoder *encoder = amdgpu_connector_best_single_encoder(connector);
46705 @@ -838,7 +838,7 @@ static int amdgpu_connector_vga_get_modes(struct drm_connector *connector)
46706 return ret;
46707 }
46708
46709 -static int amdgpu_connector_vga_mode_valid(struct drm_connector *connector,
46710 +static enum drm_mode_status amdgpu_connector_vga_mode_valid(struct drm_connector *connector,
46711 struct drm_display_mode *mode)
46712 {
46713 struct drm_device *dev = connector->dev;
46714 @@ -1158,7 +1158,7 @@ static void amdgpu_connector_dvi_force(struct drm_connector *connector)
46715 amdgpu_connector->use_digital = true;
46716 }
46717
46718 -static int amdgpu_connector_dvi_mode_valid(struct drm_connector *connector,
46719 +static enum drm_mode_status amdgpu_connector_dvi_mode_valid(struct drm_connector *connector,
46720 struct drm_display_mode *mode)
46721 {
46722 struct drm_device *dev = connector->dev;
46723 @@ -1427,7 +1427,7 @@ out:
46724 return ret;
46725 }
46726
46727 -static int amdgpu_connector_dp_mode_valid(struct drm_connector *connector,
46728 +static enum drm_mode_status amdgpu_connector_dp_mode_valid(struct drm_connector *connector,
46729 struct drm_display_mode *mode)
46730 {
46731 struct amdgpu_connector *amdgpu_connector = to_amdgpu_connector(connector);
46732 diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
46733 index 39c01b9..ced138c 100644
46734 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
46735 +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
46736 @@ -1059,7 +1059,7 @@ static bool amdgpu_switcheroo_can_switch(struct pci_dev *pdev)
46737 * locking inversion with the driver load path. And the access here is
46738 * completely racy anyway. So don't bother with locking for now.
46739 */
46740 - return dev->open_count == 0;
46741 + return local_read(&dev->open_count) == 0;
46742 }
46743
46744 static const struct vga_switcheroo_client_ops amdgpu_switcheroo_ops = {
46745 diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
46746 index 9aa533c..2f39e50 100644
46747 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
46748 +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
46749 @@ -588,9 +588,6 @@ static struct drm_driver kms_driver = {
46750 .patchlevel = KMS_DRIVER_PATCHLEVEL,
46751 };
46752
46753 -static struct drm_driver *driver;
46754 -static struct pci_driver *pdriver;
46755 -
46756 static struct pci_driver amdgpu_kms_pci_driver = {
46757 .name = DRIVER_NAME,
46758 .id_table = pciidlist,
46759 @@ -610,18 +607,20 @@ static int __init amdgpu_init(void)
46760 return -EINVAL;
46761 }
46762 DRM_INFO("amdgpu kernel modesetting enabled.\n");
46763 - driver = &kms_driver;
46764 - pdriver = &amdgpu_kms_pci_driver;
46765 - driver->num_ioctls = amdgpu_max_kms_ioctl;
46766 +
46767 + pax_open_kernel();
46768 + const_cast(kms_driver.num_ioctls) = amdgpu_max_kms_ioctl;
46769 + pax_close_kernel();
46770 +
46771 amdgpu_register_atpx_handler();
46772 /* let modprobe override vga console setting */
46773 - return drm_pci_init(driver, pdriver);
46774 + return drm_pci_init(&kms_driver, &amdgpu_kms_pci_driver);
46775 }
46776
46777 static void __exit amdgpu_exit(void)
46778 {
46779 amdgpu_amdkfd_fini();
46780 - drm_pci_exit(driver, pdriver);
46781 + drm_pci_exit(&kms_driver, &amdgpu_kms_pci_driver);
46782 amdgpu_unregister_atpx_handler();
46783 amdgpu_sync_fini();
46784 amdgpu_fence_slab_fini();
46785 diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.h
46786 index 51321e1..3c80c0b 100644
46787 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.h
46788 +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.h
46789 @@ -27,6 +27,6 @@
46790 int amdgpu_gfx_scratch_get(struct amdgpu_device *adev, uint32_t *reg);
46791 void amdgpu_gfx_scratch_free(struct amdgpu_device *adev, uint32_t reg);
46792
46793 -unsigned amdgpu_gfx_parse_disable_cu(unsigned *mask, unsigned max_se, unsigned max_sh);
46794 +void amdgpu_gfx_parse_disable_cu(unsigned *mask, unsigned max_se, unsigned max_sh);
46795
46796 #endif
46797 diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
46798 index 80120fa..20c5411 100644
46799 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
46800 +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
46801 @@ -202,7 +202,7 @@ int amdgpu_vm_grab_id(struct amdgpu_vm *vm, struct amdgpu_ring *ring,
46802 unsigned i;
46803 int r = 0;
46804
46805 - fences = kmalloc_array(sizeof(void *), adev->vm_manager.num_ids,
46806 + fences = kmalloc_array(adev->vm_manager.num_ids, sizeof(void *),
46807 GFP_KERNEL);
46808 if (!fences)
46809 return -ENOMEM;
46810 diff --git a/drivers/gpu/drm/amd/amdgpu/fiji_smc.c b/drivers/gpu/drm/amd/amdgpu/fiji_smc.c
46811 index b3e19ba..28942db 100644
46812 --- a/drivers/gpu/drm/amd/amdgpu/fiji_smc.c
46813 +++ b/drivers/gpu/drm/amd/amdgpu/fiji_smc.c
46814 @@ -519,7 +519,7 @@ static int fiji_smu_request_load_fw(struct amdgpu_device *adev)
46815 return 0;
46816 }
46817
46818 -static uint32_t fiji_smu_get_mask_for_fw_type(uint32_t fw_type)
46819 +static uint32_t fiji_smu_get_mask_for_fw_type(enum AMDGPU_UCODE_ID fw_type)
46820 {
46821 switch (fw_type) {
46822 case AMDGPU_UCODE_ID_SDMA0:
46823 @@ -545,7 +545,7 @@ static uint32_t fiji_smu_get_mask_for_fw_type(uint32_t fw_type)
46824 }
46825
46826 static int fiji_smu_check_fw_load_finish(struct amdgpu_device *adev,
46827 - uint32_t fw_type)
46828 + enum AMDGPU_UCODE_ID fw_type)
46829 {
46830 uint32_t fw_mask = fiji_smu_get_mask_for_fw_type(fw_type);
46831 int i;
46832 diff --git a/drivers/gpu/drm/amd/amdgpu/iceland_smc.c b/drivers/gpu/drm/amd/amdgpu/iceland_smc.c
46833 index 2118399..8f80ddc 100644
46834 --- a/drivers/gpu/drm/amd/amdgpu/iceland_smc.c
46835 +++ b/drivers/gpu/drm/amd/amdgpu/iceland_smc.c
46836 @@ -424,7 +424,7 @@ static enum AMDGPU_UCODE_ID iceland_convert_fw_type(uint32_t fw_type)
46837 }
46838 }
46839
46840 -static uint32_t iceland_smu_get_mask_for_fw_type(uint32_t fw_type)
46841 +static uint32_t iceland_smu_get_mask_for_fw_type(enum AMDGPU_UCODE_ID fw_type)
46842 {
46843 switch (fw_type) {
46844 case AMDGPU_UCODE_ID_SDMA0:
46845 @@ -562,7 +562,7 @@ static int iceland_smu_request_load_fw(struct amdgpu_device *adev)
46846 }
46847
46848 static int iceland_smu_check_fw_load_finish(struct amdgpu_device *adev,
46849 - uint32_t fw_type)
46850 + enum AMDGPU_UCODE_ID fw_type)
46851 {
46852 uint32_t fw_mask = iceland_smu_get_mask_for_fw_type(fw_type);
46853 int i;
46854 diff --git a/drivers/gpu/drm/amd/amdgpu/tonga_smc.c b/drivers/gpu/drm/amd/amdgpu/tonga_smc.c
46855 index 940de18..9ef25f7 100644
46856 --- a/drivers/gpu/drm/amd/amdgpu/tonga_smc.c
46857 +++ b/drivers/gpu/drm/amd/amdgpu/tonga_smc.c
46858 @@ -521,7 +521,7 @@ static int tonga_smu_request_load_fw(struct amdgpu_device *adev)
46859 return 0;
46860 }
46861
46862 -static uint32_t tonga_smu_get_mask_for_fw_type(uint32_t fw_type)
46863 +static uint32_t tonga_smu_get_mask_for_fw_type(enum AMDGPU_UCODE_ID fw_type)
46864 {
46865 switch (fw_type) {
46866 case AMDGPU_UCODE_ID_SDMA0:
46867 @@ -547,7 +547,7 @@ static uint32_t tonga_smu_get_mask_for_fw_type(uint32_t fw_type)
46868 }
46869
46870 static int tonga_smu_check_fw_load_finish(struct amdgpu_device *adev,
46871 - uint32_t fw_type)
46872 + enum AMDGPU_UCODE_ID fw_type)
46873 {
46874 uint32_t fw_mask = tonga_smu_get_mask_for_fw_type(fw_type);
46875 int i;
46876 diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
46877 index ee3e04e..65f7436 100644
46878 --- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
46879 +++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
46880 @@ -418,7 +418,7 @@ static int kfd_ioctl_set_memory_policy(struct file *filep,
46881 (args->alternate_policy == KFD_IOC_CACHE_POLICY_COHERENT)
46882 ? cache_policy_coherent : cache_policy_noncoherent;
46883
46884 - if (!dev->dqm->ops.set_cache_memory_policy(dev->dqm,
46885 + if (!dev->dqm->ops->set_cache_memory_policy(dev->dqm,
46886 &pdd->qpd,
46887 default_policy,
46888 alternate_policy,
46889 diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_device.c b/drivers/gpu/drm/amd/amdkfd/kfd_device.c
46890 index 3f95f7c..0a62dad 100644
46891 --- a/drivers/gpu/drm/amd/amdkfd/kfd_device.c
46892 +++ b/drivers/gpu/drm/amd/amdkfd/kfd_device.c
46893 @@ -298,7 +298,7 @@ bool kgd2kfd_device_init(struct kfd_dev *kfd,
46894 goto device_queue_manager_error;
46895 }
46896
46897 - if (kfd->dqm->ops.start(kfd->dqm) != 0) {
46898 + if (kfd->dqm->ops->start(kfd->dqm) != 0) {
46899 dev_err(kfd_device,
46900 "Error starting queuen manager for device (%x:%x)\n",
46901 kfd->pdev->vendor, kfd->pdev->device);
46902 @@ -354,7 +354,7 @@ void kgd2kfd_suspend(struct kfd_dev *kfd)
46903 BUG_ON(kfd == NULL);
46904
46905 if (kfd->init_complete) {
46906 - kfd->dqm->ops.stop(kfd->dqm);
46907 + kfd->dqm->ops->stop(kfd->dqm);
46908 amd_iommu_set_invalidate_ctx_cb(kfd->pdev, NULL);
46909 amd_iommu_set_invalid_ppr_cb(kfd->pdev, NULL);
46910 amd_iommu_free_device(kfd->pdev);
46911 @@ -377,7 +377,7 @@ int kgd2kfd_resume(struct kfd_dev *kfd)
46912 amd_iommu_set_invalidate_ctx_cb(kfd->pdev,
46913 iommu_pasid_shutdown_callback);
46914 amd_iommu_set_invalid_ppr_cb(kfd->pdev, iommu_invalid_ppr_cb);
46915 - kfd->dqm->ops.start(kfd->dqm);
46916 + kfd->dqm->ops->start(kfd->dqm);
46917 }
46918
46919 return 0;
46920 diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c b/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c
46921 index f49c551..ad74c7e 100644
46922 --- a/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c
46923 +++ b/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c
46924 @@ -242,7 +242,7 @@ static int create_compute_queue_nocpsch(struct device_queue_manager *dqm,
46925
46926 BUG_ON(!dqm || !q || !qpd);
46927
46928 - mqd = dqm->ops.get_mqd_manager(dqm, KFD_MQD_TYPE_COMPUTE);
46929 + mqd = dqm->ops->get_mqd_manager(dqm, KFD_MQD_TYPE_COMPUTE);
46930 if (mqd == NULL)
46931 return -ENOMEM;
46932
46933 @@ -288,14 +288,14 @@ static int destroy_queue_nocpsch(struct device_queue_manager *dqm,
46934 mutex_lock(&dqm->lock);
46935
46936 if (q->properties.type == KFD_QUEUE_TYPE_COMPUTE) {
46937 - mqd = dqm->ops.get_mqd_manager(dqm, KFD_MQD_TYPE_COMPUTE);
46938 + mqd = dqm->ops->get_mqd_manager(dqm, KFD_MQD_TYPE_COMPUTE);
46939 if (mqd == NULL) {
46940 retval = -ENOMEM;
46941 goto out;
46942 }
46943 deallocate_hqd(dqm, q);
46944 } else if (q->properties.type == KFD_QUEUE_TYPE_SDMA) {
46945 - mqd = dqm->ops.get_mqd_manager(dqm, KFD_MQD_TYPE_SDMA);
46946 + mqd = dqm->ops->get_mqd_manager(dqm, KFD_MQD_TYPE_SDMA);
46947 if (mqd == NULL) {
46948 retval = -ENOMEM;
46949 goto out;
46950 @@ -347,7 +347,7 @@ static int update_queue(struct device_queue_manager *dqm, struct queue *q)
46951 BUG_ON(!dqm || !q || !q->mqd);
46952
46953 mutex_lock(&dqm->lock);
46954 - mqd = dqm->ops.get_mqd_manager(dqm,
46955 + mqd = dqm->ops->get_mqd_manager(dqm,
46956 get_mqd_type_from_queue_type(q->properties.type));
46957 if (mqd == NULL) {
46958 mutex_unlock(&dqm->lock);
46959 @@ -414,7 +414,7 @@ static int register_process_nocpsch(struct device_queue_manager *dqm,
46960 mutex_lock(&dqm->lock);
46961 list_add(&n->list, &dqm->queues);
46962
46963 - retval = dqm->ops_asic_specific.register_process(dqm, qpd);
46964 + retval = dqm->ops_asic_specific->register_process(dqm, qpd);
46965
46966 dqm->processes_count++;
46967
46968 @@ -502,7 +502,7 @@ int init_pipelines(struct device_queue_manager *dqm,
46969
46970 memset(hpdptr, 0, CIK_HPD_EOP_BYTES * pipes_num);
46971
46972 - mqd = dqm->ops.get_mqd_manager(dqm, KFD_MQD_TYPE_COMPUTE);
46973 + mqd = dqm->ops->get_mqd_manager(dqm, KFD_MQD_TYPE_COMPUTE);
46974 if (mqd == NULL) {
46975 kfd_gtt_sa_free(dqm->dev, dqm->pipeline_mem);
46976 return -ENOMEM;
46977 @@ -635,7 +635,7 @@ static int create_sdma_queue_nocpsch(struct device_queue_manager *dqm,
46978 struct mqd_manager *mqd;
46979 int retval;
46980
46981 - mqd = dqm->ops.get_mqd_manager(dqm, KFD_MQD_TYPE_SDMA);
46982 + mqd = dqm->ops->get_mqd_manager(dqm, KFD_MQD_TYPE_SDMA);
46983 if (!mqd)
46984 return -ENOMEM;
46985
46986 @@ -650,7 +650,7 @@ static int create_sdma_queue_nocpsch(struct device_queue_manager *dqm,
46987 pr_debug(" sdma queue id: %d\n", q->properties.sdma_queue_id);
46988 pr_debug(" sdma engine id: %d\n", q->properties.sdma_engine_id);
46989
46990 - dqm->ops_asic_specific.init_sdma_vm(dqm, q, qpd);
46991 + dqm->ops_asic_specific->init_sdma_vm(dqm, q, qpd);
46992 retval = mqd->init_mqd(mqd, &q->mqd, &q->mqd_mem_obj,
46993 &q->gart_mqd_addr, &q->properties);
46994 if (retval != 0) {
46995 @@ -712,7 +712,7 @@ static int initialize_cpsch(struct device_queue_manager *dqm)
46996 dqm->queue_count = dqm->processes_count = 0;
46997 dqm->sdma_queue_count = 0;
46998 dqm->active_runlist = false;
46999 - retval = dqm->ops_asic_specific.initialize(dqm);
47000 + retval = dqm->ops_asic_specific->initialize(dqm);
47001 if (retval != 0)
47002 goto fail_init_pipelines;
47003
47004 @@ -879,7 +879,7 @@ static int create_queue_cpsch(struct device_queue_manager *dqm, struct queue *q,
47005 if (q->properties.type == KFD_QUEUE_TYPE_SDMA)
47006 select_sdma_engine_id(q);
47007
47008 - mqd = dqm->ops.get_mqd_manager(dqm,
47009 + mqd = dqm->ops->get_mqd_manager(dqm,
47010 get_mqd_type_from_queue_type(q->properties.type));
47011
47012 if (mqd == NULL) {
47013 @@ -887,7 +887,7 @@ static int create_queue_cpsch(struct device_queue_manager *dqm, struct queue *q,
47014 return -ENOMEM;
47015 }
47016
47017 - dqm->ops_asic_specific.init_sdma_vm(dqm, q, qpd);
47018 + dqm->ops_asic_specific->init_sdma_vm(dqm, q, qpd);
47019 retval = mqd->init_mqd(mqd, &q->mqd, &q->mqd_mem_obj,
47020 &q->gart_mqd_addr, &q->properties);
47021 if (retval != 0)
47022 @@ -1060,7 +1060,7 @@ static int destroy_queue_cpsch(struct device_queue_manager *dqm,
47023
47024 }
47025
47026 - mqd = dqm->ops.get_mqd_manager(dqm,
47027 + mqd = dqm->ops->get_mqd_manager(dqm,
47028 get_mqd_type_from_queue_type(q->properties.type));
47029 if (!mqd) {
47030 retval = -ENOMEM;
47031 @@ -1149,7 +1149,7 @@ static bool set_cache_memory_policy(struct device_queue_manager *dqm,
47032 qpd->sh_mem_ape1_limit = limit >> 16;
47033 }
47034
47035 - retval = dqm->ops_asic_specific.set_cache_memory_policy(
47036 + retval = dqm->ops_asic_specific->set_cache_memory_policy(
47037 dqm,
47038 qpd,
47039 default_policy,
47040 @@ -1172,6 +1172,36 @@ out:
47041 return false;
47042 }
47043
47044 +static const struct device_queue_manager_ops cp_dqm_ops = {
47045 + .create_queue = create_queue_cpsch,
47046 + .initialize = initialize_cpsch,
47047 + .start = start_cpsch,
47048 + .stop = stop_cpsch,
47049 + .destroy_queue = destroy_queue_cpsch,
47050 + .update_queue = update_queue,
47051 + .get_mqd_manager = get_mqd_manager_nocpsch,
47052 + .register_process = register_process_nocpsch,
47053 + .unregister_process = unregister_process_nocpsch,
47054 + .uninitialize = uninitialize_nocpsch,
47055 + .create_kernel_queue = create_kernel_queue_cpsch,
47056 + .destroy_kernel_queue = destroy_kernel_queue_cpsch,
47057 + .set_cache_memory_policy = set_cache_memory_policy,
47058 +};
47059 +
47060 +static const struct device_queue_manager_ops no_cp_dqm_ops = {
47061 + .start = start_nocpsch,
47062 + .stop = stop_nocpsch,
47063 + .create_queue = create_queue_nocpsch,
47064 + .destroy_queue = destroy_queue_nocpsch,
47065 + .update_queue = update_queue,
47066 + .get_mqd_manager = get_mqd_manager_nocpsch,
47067 + .register_process = register_process_nocpsch,
47068 + .unregister_process = unregister_process_nocpsch,
47069 + .initialize = initialize_nocpsch,
47070 + .uninitialize = uninitialize_nocpsch,
47071 + .set_cache_memory_policy = set_cache_memory_policy,
47072 +};
47073 +
47074 struct device_queue_manager *device_queue_manager_init(struct kfd_dev *dev)
47075 {
47076 struct device_queue_manager *dqm;
47077 @@ -1189,33 +1219,11 @@ struct device_queue_manager *device_queue_manager_init(struct kfd_dev *dev)
47078 case KFD_SCHED_POLICY_HWS:
47079 case KFD_SCHED_POLICY_HWS_NO_OVERSUBSCRIPTION:
47080 /* initialize dqm for cp scheduling */
47081 - dqm->ops.create_queue = create_queue_cpsch;
47082 - dqm->ops.initialize = initialize_cpsch;
47083 - dqm->ops.start = start_cpsch;
47084 - dqm->ops.stop = stop_cpsch;
47085 - dqm->ops.destroy_queue = destroy_queue_cpsch;
47086 - dqm->ops.update_queue = update_queue;
47087 - dqm->ops.get_mqd_manager = get_mqd_manager_nocpsch;
47088 - dqm->ops.register_process = register_process_nocpsch;
47089 - dqm->ops.unregister_process = unregister_process_nocpsch;
47090 - dqm->ops.uninitialize = uninitialize_nocpsch;
47091 - dqm->ops.create_kernel_queue = create_kernel_queue_cpsch;
47092 - dqm->ops.destroy_kernel_queue = destroy_kernel_queue_cpsch;
47093 - dqm->ops.set_cache_memory_policy = set_cache_memory_policy;
47094 + dqm->ops = &cp_dqm_ops;
47095 break;
47096 case KFD_SCHED_POLICY_NO_HWS:
47097 /* initialize dqm for no cp scheduling */
47098 - dqm->ops.start = start_nocpsch;
47099 - dqm->ops.stop = stop_nocpsch;
47100 - dqm->ops.create_queue = create_queue_nocpsch;
47101 - dqm->ops.destroy_queue = destroy_queue_nocpsch;
47102 - dqm->ops.update_queue = update_queue;
47103 - dqm->ops.get_mqd_manager = get_mqd_manager_nocpsch;
47104 - dqm->ops.register_process = register_process_nocpsch;
47105 - dqm->ops.unregister_process = unregister_process_nocpsch;
47106 - dqm->ops.initialize = initialize_nocpsch;
47107 - dqm->ops.uninitialize = uninitialize_nocpsch;
47108 - dqm->ops.set_cache_memory_policy = set_cache_memory_policy;
47109 + dqm->ops = &no_cp_dqm_ops;
47110 break;
47111 default:
47112 BUG();
47113 @@ -1224,15 +1232,15 @@ struct device_queue_manager *device_queue_manager_init(struct kfd_dev *dev)
47114
47115 switch (dev->device_info->asic_family) {
47116 case CHIP_CARRIZO:
47117 - device_queue_manager_init_vi(&dqm->ops_asic_specific);
47118 + device_queue_manager_init_vi(dqm);
47119 break;
47120
47121 case CHIP_KAVERI:
47122 - device_queue_manager_init_cik(&dqm->ops_asic_specific);
47123 + device_queue_manager_init_cik(dqm);
47124 break;
47125 }
47126
47127 - if (dqm->ops.initialize(dqm) != 0) {
47128 + if (dqm->ops->initialize(dqm) != 0) {
47129 kfree(dqm);
47130 return NULL;
47131 }
47132 @@ -1244,6 +1252,6 @@ void device_queue_manager_uninit(struct device_queue_manager *dqm)
47133 {
47134 BUG_ON(!dqm);
47135
47136 - dqm->ops.uninitialize(dqm);
47137 + dqm->ops->uninitialize(dqm);
47138 kfree(dqm);
47139 }
47140 diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.h b/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.h
47141 index a625b91..411e7d1 100644
47142 --- a/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.h
47143 +++ b/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.h
47144 @@ -154,8 +154,8 @@ struct device_queue_manager_asic_ops {
47145 */
47146
47147 struct device_queue_manager {
47148 - struct device_queue_manager_ops ops;
47149 - struct device_queue_manager_asic_ops ops_asic_specific;
47150 + const struct device_queue_manager_ops *ops;
47151 + const struct device_queue_manager_asic_ops *ops_asic_specific;
47152
47153 struct mqd_manager *mqds[KFD_MQD_TYPE_MAX];
47154 struct packet_manager packets;
47155 @@ -178,8 +178,8 @@ struct device_queue_manager {
47156 bool active_runlist;
47157 };
47158
47159 -void device_queue_manager_init_cik(struct device_queue_manager_asic_ops *ops);
47160 -void device_queue_manager_init_vi(struct device_queue_manager_asic_ops *ops);
47161 +void device_queue_manager_init_cik(struct device_queue_manager *dqm);
47162 +void device_queue_manager_init_vi(struct device_queue_manager *dqm);
47163 void program_sh_mem_settings(struct device_queue_manager *dqm,
47164 struct qcm_process_device *qpd);
47165 int init_pipelines(struct device_queue_manager *dqm,
47166 diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager_cik.c b/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager_cik.c
47167 index c6f435a..34fb247 100644
47168 --- a/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager_cik.c
47169 +++ b/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager_cik.c
47170 @@ -37,12 +37,16 @@ static int initialize_cpsch_cik(struct device_queue_manager *dqm);
47171 static void init_sdma_vm(struct device_queue_manager *dqm, struct queue *q,
47172 struct qcm_process_device *qpd);
47173
47174 -void device_queue_manager_init_cik(struct device_queue_manager_asic_ops *ops)
47175 +static const struct device_queue_manager_asic_ops cik_dqm_asic_ops = {
47176 + .set_cache_memory_policy = set_cache_memory_policy_cik,
47177 + .register_process = register_process_cik,
47178 + .initialize = initialize_cpsch_cik,
47179 + .init_sdma_vm = init_sdma_vm,
47180 +};
47181 +
47182 +void device_queue_manager_init_cik(struct device_queue_manager *dqm)
47183 {
47184 - ops->set_cache_memory_policy = set_cache_memory_policy_cik;
47185 - ops->register_process = register_process_cik;
47186 - ops->initialize = initialize_cpsch_cik;
47187 - ops->init_sdma_vm = init_sdma_vm;
47188 + dqm->ops_asic_specific = &cik_dqm_asic_ops;
47189 }
47190
47191 static uint32_t compute_sh_mem_bases_64bit(unsigned int top_address_nybble)
47192 diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager_vi.c b/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager_vi.c
47193 index 7e9cae9..fbe7ba5 100644
47194 --- a/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager_vi.c
47195 +++ b/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager_vi.c
47196 @@ -39,12 +39,16 @@ static int initialize_cpsch_vi(struct device_queue_manager *dqm);
47197 static void init_sdma_vm(struct device_queue_manager *dqm, struct queue *q,
47198 struct qcm_process_device *qpd);
47199
47200 -void device_queue_manager_init_vi(struct device_queue_manager_asic_ops *ops)
47201 +static const struct device_queue_manager_asic_ops vi_dqm_asic_ops = {
47202 + .set_cache_memory_policy = set_cache_memory_policy_vi,
47203 + .register_process = register_process_vi,
47204 + .initialize = initialize_cpsch_vi,
47205 + .init_sdma_vm = init_sdma_vm,
47206 +};
47207 +
47208 +void device_queue_manager_init_vi(struct device_queue_manager *dqm)
47209 {
47210 - ops->set_cache_memory_policy = set_cache_memory_policy_vi;
47211 - ops->register_process = register_process_vi;
47212 - ops->initialize = initialize_cpsch_vi;
47213 - ops->init_sdma_vm = init_sdma_vm;
47214 + dqm->ops_asic_specific = &vi_dqm_asic_ops;
47215 }
47216
47217 static uint32_t compute_sh_mem_bases_64bit(unsigned int top_address_nybble)
47218 diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c b/drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c
47219 index 7f134aa..cd34d4a 100644
47220 --- a/drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c
47221 +++ b/drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c
47222 @@ -50,8 +50,8 @@ static void interrupt_wq(struct work_struct *);
47223
47224 int kfd_interrupt_init(struct kfd_dev *kfd)
47225 {
47226 - void *interrupt_ring = kmalloc_array(KFD_INTERRUPT_RING_SIZE,
47227 - kfd->device_info->ih_ring_entry_size,
47228 + void *interrupt_ring = kmalloc_array(kfd->device_info->ih_ring_entry_size,
47229 + KFD_INTERRUPT_RING_SIZE,
47230 GFP_KERNEL);
47231 if (!interrupt_ring)
47232 return -ENOMEM;
47233 diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.c b/drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.c
47234 index 9beae87..1fe9326 100644
47235 --- a/drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.c
47236 +++ b/drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.c
47237 @@ -56,7 +56,7 @@ static bool initialize(struct kernel_queue *kq, struct kfd_dev *dev,
47238 switch (type) {
47239 case KFD_QUEUE_TYPE_DIQ:
47240 case KFD_QUEUE_TYPE_HIQ:
47241 - kq->mqd = dev->dqm->ops.get_mqd_manager(dev->dqm,
47242 + kq->mqd = dev->dqm->ops->get_mqd_manager(dev->dqm,
47243 KFD_MQD_TYPE_HIQ);
47244 break;
47245 default:
47246 diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.h b/drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.h
47247 index 5940531..a75b0e5 100644
47248 --- a/drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.h
47249 +++ b/drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.h
47250 @@ -62,7 +62,7 @@ struct kernel_queue_ops {
47251
47252 void (*submit_packet)(struct kernel_queue *kq);
47253 void (*rollback_packet)(struct kernel_queue *kq);
47254 -};
47255 +} __no_const;
47256
47257 struct kernel_queue {
47258 struct kernel_queue_ops ops;
47259 diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c b/drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c
47260 index 7b69070..d7bd78b 100644
47261 --- a/drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c
47262 +++ b/drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c
47263 @@ -194,7 +194,7 @@ int pqm_create_queue(struct process_queue_manager *pqm,
47264
47265 if (list_empty(&pqm->queues)) {
47266 pdd->qpd.pqm = pqm;
47267 - dev->dqm->ops.register_process(dev->dqm, &pdd->qpd);
47268 + dev->dqm->ops->register_process(dev->dqm, &pdd->qpd);
47269 }
47270
47271 pqn = kzalloc(sizeof(struct process_queue_node), GFP_KERNEL);
47272 @@ -220,7 +220,7 @@ int pqm_create_queue(struct process_queue_manager *pqm,
47273 goto err_create_queue;
47274 pqn->q = q;
47275 pqn->kq = NULL;
47276 - retval = dev->dqm->ops.create_queue(dev->dqm, q, &pdd->qpd,
47277 + retval = dev->dqm->ops->create_queue(dev->dqm, q, &pdd->qpd,
47278 &q->properties.vmid);
47279 pr_debug("DQM returned %d for create_queue\n", retval);
47280 print_queue(q);
47281 @@ -234,7 +234,7 @@ int pqm_create_queue(struct process_queue_manager *pqm,
47282 kq->queue->properties.queue_id = *qid;
47283 pqn->kq = kq;
47284 pqn->q = NULL;
47285 - retval = dev->dqm->ops.create_kernel_queue(dev->dqm,
47286 + retval = dev->dqm->ops->create_kernel_queue(dev->dqm,
47287 kq, &pdd->qpd);
47288 break;
47289 default:
47290 @@ -265,7 +265,7 @@ err_allocate_pqn:
47291 /* check if queues list is empty unregister process from device */
47292 clear_bit(*qid, pqm->queue_slot_bitmap);
47293 if (list_empty(&pqm->queues))
47294 - dev->dqm->ops.unregister_process(dev->dqm, &pdd->qpd);
47295 + dev->dqm->ops->unregister_process(dev->dqm, &pdd->qpd);
47296 return retval;
47297 }
47298
47299 @@ -306,13 +306,13 @@ int pqm_destroy_queue(struct process_queue_manager *pqm, unsigned int qid)
47300 if (pqn->kq) {
47301 /* destroy kernel queue (DIQ) */
47302 dqm = pqn->kq->dev->dqm;
47303 - dqm->ops.destroy_kernel_queue(dqm, pqn->kq, &pdd->qpd);
47304 + dqm->ops->destroy_kernel_queue(dqm, pqn->kq, &pdd->qpd);
47305 kernel_queue_uninit(pqn->kq);
47306 }
47307
47308 if (pqn->q) {
47309 dqm = pqn->q->device->dqm;
47310 - retval = dqm->ops.destroy_queue(dqm, &pdd->qpd, pqn->q);
47311 + retval = dqm->ops->destroy_queue(dqm, &pdd->qpd, pqn->q);
47312 if (retval != 0)
47313 return retval;
47314
47315 @@ -324,7 +324,7 @@ int pqm_destroy_queue(struct process_queue_manager *pqm, unsigned int qid)
47316 clear_bit(qid, pqm->queue_slot_bitmap);
47317
47318 if (list_empty(&pqm->queues))
47319 - dqm->ops.unregister_process(dqm, &pdd->qpd);
47320 + dqm->ops->unregister_process(dqm, &pdd->qpd);
47321
47322 return retval;
47323 }
47324 @@ -349,7 +349,7 @@ int pqm_update_queue(struct process_queue_manager *pqm, unsigned int qid,
47325 pqn->q->properties.queue_percent = p->queue_percent;
47326 pqn->q->properties.priority = p->priority;
47327
47328 - retval = pqn->q->device->dqm->ops.update_queue(pqn->q->device->dqm,
47329 + retval = pqn->q->device->dqm->ops->update_queue(pqn->q->device->dqm,
47330 pqn->q);
47331 if (retval != 0)
47332 return retval;
47333 diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c
47334 index 2028980..484984b 100644
47335 --- a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c
47336 +++ b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c
47337 @@ -240,10 +240,16 @@ int cz_dpm_powergate_vce(struct pp_hwmgr *hwmgr, bool bgate)
47338
47339 static const struct phm_master_table_item cz_enable_clock_power_gatings_list[] = {
47340 /*we don't need an exit table here, because there is only D3 cold on Kv*/
47341 - { phm_cf_want_uvd_power_gating, cz_tf_uvd_power_gating_initialize },
47342 - { phm_cf_want_vce_power_gating, cz_tf_vce_power_gating_initialize },
47343 + {
47344 + .isFunctionNeededInRuntimeTable = phm_cf_want_uvd_power_gating,
47345 + .tableFunction = cz_tf_uvd_power_gating_initialize
47346 + },
47347 + {
47348 + .isFunctionNeededInRuntimeTable = phm_cf_want_vce_power_gating,
47349 + .tableFunction = cz_tf_vce_power_gating_initialize
47350 + },
47351 /* to do { NULL, cz_tf_xdma_power_gating_enable }, */
47352 - { NULL, NULL }
47353 + { }
47354 };
47355
47356 const struct phm_master_table_header cz_phm_enable_clock_power_gatings_master = {
47357 diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c
47358 index 8cc0df9..365a42c 100644
47359 --- a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c
47360 +++ b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c
47361 @@ -916,13 +916,13 @@ static int cz_tf_update_low_mem_pstate(struct pp_hwmgr *hwmgr,
47362 }
47363
47364 static const struct phm_master_table_item cz_set_power_state_list[] = {
47365 - {NULL, cz_tf_update_sclk_limit},
47366 - {NULL, cz_tf_set_deep_sleep_sclk_threshold},
47367 - {NULL, cz_tf_set_watermark_threshold},
47368 - {NULL, cz_tf_set_enabled_levels},
47369 - {NULL, cz_tf_enable_nb_dpm},
47370 - {NULL, cz_tf_update_low_mem_pstate},
47371 - {NULL, NULL}
47372 + { .tableFunction = cz_tf_update_sclk_limit },
47373 + { .tableFunction = cz_tf_set_deep_sleep_sclk_threshold },
47374 + { .tableFunction = cz_tf_set_watermark_threshold },
47375 + { .tableFunction = cz_tf_set_enabled_levels },
47376 + { .tableFunction = cz_tf_enable_nb_dpm },
47377 + { .tableFunction = cz_tf_update_low_mem_pstate },
47378 + { }
47379 };
47380
47381 static const struct phm_master_table_header cz_set_power_state_master = {
47382 @@ -932,15 +932,15 @@ static const struct phm_master_table_header cz_set_power_state_master = {
47383 };
47384
47385 static const struct phm_master_table_item cz_setup_asic_list[] = {
47386 - {NULL, cz_tf_reset_active_process_mask},
47387 - {NULL, cz_tf_upload_pptable_to_smu},
47388 - {NULL, cz_tf_init_sclk_limit},
47389 - {NULL, cz_tf_init_uvd_limit},
47390 - {NULL, cz_tf_init_vce_limit},
47391 - {NULL, cz_tf_init_acp_limit},
47392 - {NULL, cz_tf_init_power_gate_state},
47393 - {NULL, cz_tf_init_sclk_threshold},
47394 - {NULL, NULL}
47395 + { .tableFunction = cz_tf_reset_active_process_mask },
47396 + { .tableFunction = cz_tf_upload_pptable_to_smu },
47397 + { .tableFunction = cz_tf_init_sclk_limit },
47398 + { .tableFunction = cz_tf_init_uvd_limit },
47399 + { .tableFunction = cz_tf_init_vce_limit },
47400 + { .tableFunction = cz_tf_init_acp_limit },
47401 + { .tableFunction = cz_tf_init_power_gate_state },
47402 + { .tableFunction = cz_tf_init_sclk_threshold },
47403 + { }
47404 };
47405
47406 static const struct phm_master_table_header cz_setup_asic_master = {
47407 @@ -985,10 +985,10 @@ static int cz_tf_reset_cc6_data(struct pp_hwmgr *hwmgr,
47408 }
47409
47410 static const struct phm_master_table_item cz_power_down_asic_list[] = {
47411 - {NULL, cz_tf_power_up_display_clock_sys_pll},
47412 - {NULL, cz_tf_clear_nb_dpm_flag},
47413 - {NULL, cz_tf_reset_cc6_data},
47414 - {NULL, NULL}
47415 + { .tableFunction = cz_tf_power_up_display_clock_sys_pll },
47416 + { .tableFunction = cz_tf_clear_nb_dpm_flag },
47417 + { .tableFunction = cz_tf_reset_cc6_data },
47418 + { }
47419 };
47420
47421 static const struct phm_master_table_header cz_power_down_asic_master = {
47422 @@ -1096,8 +1096,8 @@ static int cz_tf_check_for_dpm_enabled(struct pp_hwmgr *hwmgr,
47423 }
47424
47425 static const struct phm_master_table_item cz_disable_dpm_list[] = {
47426 - { NULL, cz_tf_check_for_dpm_enabled},
47427 - {NULL, NULL},
47428 + { .tableFunction = cz_tf_check_for_dpm_enabled },
47429 + { },
47430 };
47431
47432
47433 @@ -1108,13 +1108,13 @@ static const struct phm_master_table_header cz_disable_dpm_master = {
47434 };
47435
47436 static const struct phm_master_table_item cz_enable_dpm_list[] = {
47437 - { NULL, cz_tf_check_for_dpm_disabled },
47438 - { NULL, cz_tf_program_voting_clients },
47439 - { NULL, cz_tf_start_dpm},
47440 - { NULL, cz_tf_program_bootup_state},
47441 - { NULL, cz_tf_enable_didt },
47442 - { NULL, cz_tf_reset_acp_boot_level },
47443 - {NULL, NULL},
47444 + { .tableFunction = cz_tf_check_for_dpm_disabled },
47445 + { .tableFunction = cz_tf_program_voting_clients },
47446 + { .tableFunction = cz_tf_start_dpm },
47447 + { .tableFunction = cz_tf_program_bootup_state },
47448 + { .tableFunction = cz_tf_enable_didt },
47449 + { .tableFunction = cz_tf_reset_acp_boot_level },
47450 + { },
47451 };
47452
47453 static const struct phm_master_table_header cz_enable_dpm_master = {
47454 diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/fiji_thermal.c b/drivers/gpu/drm/amd/powerplay/hwmgr/fiji_thermal.c
47455 index 92976b6..7d1f7f6 100644
47456 --- a/drivers/gpu/drm/amd/powerplay/hwmgr/fiji_thermal.c
47457 +++ b/drivers/gpu/drm/amd/powerplay/hwmgr/fiji_thermal.c
47458 @@ -617,17 +617,17 @@ static int tf_fiji_thermal_disable_alert(struct pp_hwmgr *hwmgr,
47459
47460 static const struct phm_master_table_item
47461 fiji_thermal_start_thermal_controller_master_list[] = {
47462 - {NULL, tf_fiji_thermal_initialize},
47463 - {NULL, tf_fiji_thermal_set_temperature_range},
47464 - {NULL, tf_fiji_thermal_enable_alert},
47465 + { .tableFunction = tf_fiji_thermal_initialize},
47466 + { .tableFunction = tf_fiji_thermal_set_temperature_range},
47467 + { .tableFunction = tf_fiji_thermal_enable_alert},
47468 /* We should restrict performance levels to low before we halt the SMC.
47469 * On the other hand we are still in boot state when we do this
47470 * so it would be pointless.
47471 * If this assumption changes we have to revisit this table.
47472 */
47473 - {NULL, tf_fiji_thermal_setup_fan_table},
47474 - {NULL, tf_fiji_thermal_start_smc_fan_control},
47475 - {NULL, NULL}
47476 + { .tableFunction = tf_fiji_thermal_setup_fan_table},
47477 + { .tableFunction = tf_fiji_thermal_start_smc_fan_control},
47478 + { }
47479 };
47480
47481 static const struct phm_master_table_header
47482 @@ -639,10 +639,10 @@ fiji_thermal_start_thermal_controller_master = {
47483
47484 static const struct phm_master_table_item
47485 fiji_thermal_set_temperature_range_master_list[] = {
47486 - {NULL, tf_fiji_thermal_disable_alert},
47487 - {NULL, tf_fiji_thermal_set_temperature_range},
47488 - {NULL, tf_fiji_thermal_enable_alert},
47489 - {NULL, NULL}
47490 + { .tableFunction = tf_fiji_thermal_disable_alert},
47491 + { .tableFunction = tf_fiji_thermal_set_temperature_range},
47492 + { .tableFunction = tf_fiji_thermal_enable_alert},
47493 + { }
47494 };
47495
47496 static const struct phm_master_table_header
47497 diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/polaris10_thermal.c b/drivers/gpu/drm/amd/powerplay/hwmgr/polaris10_thermal.c
47498 index b206632..eeb4724 100644
47499 --- a/drivers/gpu/drm/amd/powerplay/hwmgr/polaris10_thermal.c
47500 +++ b/drivers/gpu/drm/amd/powerplay/hwmgr/polaris10_thermal.c
47501 @@ -645,18 +645,18 @@ static int tf_polaris10_thermal_avfs_enable(struct pp_hwmgr *hwmgr,
47502
47503 static const struct phm_master_table_item
47504 polaris10_thermal_start_thermal_controller_master_list[] = {
47505 - {NULL, tf_polaris10_thermal_initialize},
47506 - {NULL, tf_polaris10_thermal_set_temperature_range},
47507 - {NULL, tf_polaris10_thermal_enable_alert},
47508 - {NULL, tf_polaris10_thermal_avfs_enable},
47509 + { .tableFunction = tf_polaris10_thermal_initialize },
47510 + { .tableFunction = tf_polaris10_thermal_set_temperature_range },
47511 + { .tableFunction = tf_polaris10_thermal_enable_alert },
47512 + { .tableFunction = tf_polaris10_thermal_avfs_enable },
47513 /* We should restrict performance levels to low before we halt the SMC.
47514 * On the other hand we are still in boot state when we do this
47515 * so it would be pointless.
47516 * If this assumption changes we have to revisit this table.
47517 */
47518 - {NULL, tf_polaris10_thermal_setup_fan_table},
47519 - {NULL, tf_polaris10_thermal_start_smc_fan_control},
47520 - {NULL, NULL}
47521 + { .tableFunction = tf_polaris10_thermal_setup_fan_table },
47522 + { .tableFunction = tf_polaris10_thermal_start_smc_fan_control },
47523 + { }
47524 };
47525
47526 static const struct phm_master_table_header
47527 @@ -668,10 +668,10 @@ polaris10_thermal_start_thermal_controller_master = {
47528
47529 static const struct phm_master_table_item
47530 polaris10_thermal_set_temperature_range_master_list[] = {
47531 - {NULL, tf_polaris10_thermal_disable_alert},
47532 - {NULL, tf_polaris10_thermal_set_temperature_range},
47533 - {NULL, tf_polaris10_thermal_enable_alert},
47534 - {NULL, NULL}
47535 + { .tableFunction = tf_polaris10_thermal_disable_alert },
47536 + { .tableFunction = tf_polaris10_thermal_set_temperature_range },
47537 + { .tableFunction = tf_polaris10_thermal_enable_alert },
47538 + { }
47539 };
47540
47541 static const struct phm_master_table_header
47542 diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_thermal.c b/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_thermal.c
47543 index 47ef1ca..d352d38 100644
47544 --- a/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_thermal.c
47545 +++ b/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_thermal.c
47546 @@ -526,16 +526,16 @@ static int tf_tonga_thermal_disable_alert(struct pp_hwmgr *hwmgr, void *input, v
47547 }
47548
47549 static const struct phm_master_table_item tonga_thermal_start_thermal_controller_master_list[] = {
47550 - { NULL, tf_tonga_thermal_initialize },
47551 - { NULL, tf_tonga_thermal_set_temperature_range },
47552 - { NULL, tf_tonga_thermal_enable_alert },
47553 + { .tableFunction = tf_tonga_thermal_initialize },
47554 + { .tableFunction = tf_tonga_thermal_set_temperature_range },
47555 + { .tableFunction = tf_tonga_thermal_enable_alert },
47556 /* We should restrict performance levels to low before we halt the SMC.
47557 * On the other hand we are still in boot state when we do this so it would be pointless.
47558 * If this assumption changes we have to revisit this table.
47559 */
47560 - { NULL, tf_tonga_thermal_setup_fan_table},
47561 - { NULL, tf_tonga_thermal_start_smc_fan_control},
47562 - { NULL, NULL }
47563 + { .tableFunction = tf_tonga_thermal_setup_fan_table},
47564 + { .tableFunction = tf_tonga_thermal_start_smc_fan_control},
47565 + { }
47566 };
47567
47568 static const struct phm_master_table_header tonga_thermal_start_thermal_controller_master = {
47569 @@ -545,10 +545,10 @@ static const struct phm_master_table_header tonga_thermal_start_thermal_controll
47570 };
47571
47572 static const struct phm_master_table_item tonga_thermal_set_temperature_range_master_list[] = {
47573 - { NULL, tf_tonga_thermal_disable_alert},
47574 - { NULL, tf_tonga_thermal_set_temperature_range},
47575 - { NULL, tf_tonga_thermal_enable_alert},
47576 - { NULL, NULL }
47577 + { .tableFunction = tf_tonga_thermal_disable_alert},
47578 + { .tableFunction = tf_tonga_thermal_set_temperature_range},
47579 + { .tableFunction = tf_tonga_thermal_enable_alert},
47580 + { }
47581 };
47582
47583 static const struct phm_master_table_header tonga_thermal_set_temperature_range_master = {
47584 diff --git a/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c b/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c
47585 index 963a24d..e5d0a91 100644
47586 --- a/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c
47587 +++ b/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c
47588 @@ -140,7 +140,7 @@ int amd_sched_entity_init(struct amd_gpu_scheduler *sched,
47589 if (r)
47590 return r;
47591
47592 - atomic_set(&entity->fence_seq, 0);
47593 + atomic_set_unchecked(&entity->fence_seq, 0);
47594 entity->fence_context = fence_context_alloc(2);
47595
47596 return 0;
47597 diff --git a/drivers/gpu/drm/amd/scheduler/gpu_scheduler.h b/drivers/gpu/drm/amd/scheduler/gpu_scheduler.h
47598 index 7cbbbfb..a1e3949 100644
47599 --- a/drivers/gpu/drm/amd/scheduler/gpu_scheduler.h
47600 +++ b/drivers/gpu/drm/amd/scheduler/gpu_scheduler.h
47601 @@ -47,7 +47,7 @@ struct amd_sched_entity {
47602 spinlock_t queue_lock;
47603 struct kfifo job_queue;
47604
47605 - atomic_t fence_seq;
47606 + atomic_unchecked_t fence_seq;
47607 uint64_t fence_context;
47608
47609 struct fence *dependency;
47610 diff --git a/drivers/gpu/drm/amd/scheduler/sched_fence.c b/drivers/gpu/drm/amd/scheduler/sched_fence.c
47611 index 6b63bea..d7aa8a9 100644
47612 --- a/drivers/gpu/drm/amd/scheduler/sched_fence.c
47613 +++ b/drivers/gpu/drm/amd/scheduler/sched_fence.c
47614 @@ -41,7 +41,7 @@ struct amd_sched_fence *amd_sched_fence_create(struct amd_sched_entity *entity,
47615 fence->sched = entity->sched;
47616 spin_lock_init(&fence->lock);
47617
47618 - seq = atomic_inc_return(&entity->fence_seq);
47619 + seq = atomic_inc_return_unchecked(&entity->fence_seq);
47620 fence_init(&fence->scheduled, &amd_sched_fence_ops_scheduled,
47621 &fence->lock, entity->fence_context, seq);
47622 fence_init(&fence->finished, &amd_sched_fence_ops_finished,
47623 diff --git a/drivers/gpu/drm/armada/armada_drv.c b/drivers/gpu/drm/armada/armada_drv.c
47624 index f5ebdd6..135c95c 100644
47625 --- a/drivers/gpu/drm/armada/armada_drv.c
47626 +++ b/drivers/gpu/drm/armada/armada_drv.c
47627 @@ -213,6 +213,7 @@ static struct drm_driver armada_drm_driver = {
47628 .driver_features = DRIVER_GEM | DRIVER_MODESET |
47629 DRIVER_HAVE_IRQ | DRIVER_PRIME,
47630 .ioctls = armada_ioctls,
47631 + .num_ioctls = ARRAY_SIZE(armada_ioctls),
47632 .fops = &armada_drm_fops,
47633 };
47634
47635 @@ -333,8 +334,6 @@ static int __init armada_drm_init(void)
47636 {
47637 int ret;
47638
47639 - armada_drm_driver.num_ioctls = ARRAY_SIZE(armada_ioctls);
47640 -
47641 ret = platform_driver_register(&armada_lcd_platform_driver);
47642 if (ret)
47643 return ret;
47644 diff --git a/drivers/gpu/drm/ast/ast_mode.c b/drivers/gpu/drm/ast/ast_mode.c
47645 index 5957c3e..970039e 100644
47646 --- a/drivers/gpu/drm/ast/ast_mode.c
47647 +++ b/drivers/gpu/drm/ast/ast_mode.c
47648 @@ -775,7 +775,7 @@ static int ast_get_modes(struct drm_connector *connector)
47649 return 0;
47650 }
47651
47652 -static int ast_mode_valid(struct drm_connector *connector,
47653 +static enum drm_mode_status ast_mode_valid(struct drm_connector *connector,
47654 struct drm_display_mode *mode)
47655 {
47656 struct ast_private *ast = connector->dev->dev_private;
47657 diff --git a/drivers/gpu/drm/bochs/bochs_kms.c b/drivers/gpu/drm/bochs/bochs_kms.c
47658 index 207a2cb..666b75a 100644
47659 --- a/drivers/gpu/drm/bochs/bochs_kms.c
47660 +++ b/drivers/gpu/drm/bochs/bochs_kms.c
47661 @@ -187,7 +187,7 @@ int bochs_connector_get_modes(struct drm_connector *connector)
47662 return count;
47663 }
47664
47665 -static int bochs_connector_mode_valid(struct drm_connector *connector,
47666 +static enum drm_mode_status bochs_connector_mode_valid(struct drm_connector *connector,
47667 struct drm_display_mode *mode)
47668 {
47669 struct bochs_device *bochs =
47670 diff --git a/drivers/gpu/drm/bridge/tc358767.c b/drivers/gpu/drm/bridge/tc358767.c
47671 index a09825d..6faa4d7 100644
47672 --- a/drivers/gpu/drm/bridge/tc358767.c
47673 +++ b/drivers/gpu/drm/bridge/tc358767.c
47674 @@ -1102,7 +1102,7 @@ static bool tc_bridge_mode_fixup(struct drm_bridge *bridge,
47675 return true;
47676 }
47677
47678 -static int tc_connector_mode_valid(struct drm_connector *connector,
47679 +static enum drm_mode_status tc_connector_mode_valid(struct drm_connector *connector,
47680 struct drm_display_mode *mode)
47681 {
47682 /* Accept any mode */
47683 diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c
47684 index ddebe54..68a674d 100644
47685 --- a/drivers/gpu/drm/drm_crtc.c
47686 +++ b/drivers/gpu/drm/drm_crtc.c
47687 @@ -4364,7 +4364,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev,
47688 goto done;
47689 }
47690
47691 - if (copy_to_user(&enum_ptr[copied].name,
47692 + if (copy_to_user(enum_ptr[copied].name,
47693 &prop_enum->name, DRM_PROP_NAME_LEN)) {
47694 ret = -EFAULT;
47695 goto done;
47696 diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
47697 index be27ed3..72aa552 100644
47698 --- a/drivers/gpu/drm/drm_drv.c
47699 +++ b/drivers/gpu/drm/drm_drv.c
47700 @@ -368,7 +368,7 @@ void drm_unplug_dev(struct drm_device *dev)
47701
47702 drm_device_set_unplugged(dev);
47703
47704 - if (dev->open_count == 0) {
47705 + if (local_read(&dev->open_count) == 0) {
47706 drm_put_dev(dev);
47707 }
47708 mutex_unlock(&drm_global_mutex);
47709 diff --git a/drivers/gpu/drm/drm_fb_cma_helper.c b/drivers/gpu/drm/drm_fb_cma_helper.c
47710 index 1fd6eac..e4206c9 100644
47711 --- a/drivers/gpu/drm/drm_fb_cma_helper.c
47712 +++ b/drivers/gpu/drm/drm_fb_cma_helper.c
47713 @@ -335,7 +335,7 @@ static int drm_fbdev_cma_defio_init(struct fb_info *fbi,
47714 struct drm_gem_cma_object *cma_obj)
47715 {
47716 struct fb_deferred_io *fbdefio;
47717 - struct fb_ops *fbops;
47718 + fb_ops_no_const *fbops;
47719
47720 /*
47721 * Per device structures are needed because:
47722 @@ -362,7 +362,7 @@ static int drm_fbdev_cma_defio_init(struct fb_info *fbi,
47723 fbdefio->deferred_io = drm_fb_helper_deferred_io;
47724 fbi->fbdefio = fbdefio;
47725 fb_deferred_io_init(fbi);
47726 - fbi->fbops->fb_mmap = drm_fbdev_cma_deferred_io_mmap;
47727 + fbops->fb_mmap = drm_fbdev_cma_deferred_io_mmap;
47728
47729 return 0;
47730 }
47731 diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
47732 index 323c238..0eaad21 100644
47733 --- a/drivers/gpu/drm/drm_fops.c
47734 +++ b/drivers/gpu/drm/drm_fops.c
47735 @@ -132,7 +132,7 @@ int drm_open(struct inode *inode, struct file *filp)
47736 return PTR_ERR(minor);
47737
47738 dev = minor->dev;
47739 - if (!dev->open_count++)
47740 + if (local_inc_return(&dev->open_count) == 1)
47741 need_setup = 1;
47742
47743 /* share address_space across all char-devs of a single device */
47744 @@ -149,7 +149,7 @@ int drm_open(struct inode *inode, struct file *filp)
47745 return 0;
47746
47747 err_undo:
47748 - dev->open_count--;
47749 + local_dec(&dev->open_count);
47750 drm_minor_release(minor);
47751 return retcode;
47752 }
47753 @@ -371,7 +371,7 @@ int drm_release(struct inode *inode, struct file *filp)
47754
47755 mutex_lock(&drm_global_mutex);
47756
47757 - DRM_DEBUG("open_count = %d\n", dev->open_count);
47758 + DRM_DEBUG("open_count = %ld\n", local_read(&dev->open_count));
47759
47760 mutex_lock(&dev->filelist_mutex);
47761 list_del(&file_priv->lhead);
47762 @@ -384,10 +384,10 @@ int drm_release(struct inode *inode, struct file *filp)
47763 * Begin inline drm_release
47764 */
47765
47766 - DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %d\n",
47767 + DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %ld\n",
47768 task_pid_nr(current),
47769 (long)old_encode_dev(file_priv->minor->kdev->devt),
47770 - dev->open_count);
47771 + local_read(&dev->open_count));
47772
47773 if (!drm_core_check_feature(dev, DRIVER_MODESET))
47774 drm_legacy_lock_release(dev, filp);
47775 @@ -425,7 +425,7 @@ int drm_release(struct inode *inode, struct file *filp)
47776 * End inline drm_release
47777 */
47778
47779 - if (!--dev->open_count) {
47780 + if (local_dec_and_test(&dev->open_count)) {
47781 drm_lastclose(dev);
47782 if (drm_device_is_unplugged(dev))
47783 drm_put_dev(dev);
47784 @@ -564,6 +564,11 @@ unsigned int drm_poll(struct file *filp, struct poll_table_struct *wait)
47785 }
47786 EXPORT_SYMBOL(drm_poll);
47787
47788 +static void drm_pending_event_destroy(struct drm_pending_event *event)
47789 +{
47790 + kfree(event);
47791 +}
47792 +
47793 /**
47794 * drm_event_reserve_init_locked - init a DRM event and reserve space for it
47795 * @dev: DRM device
47796 diff --git a/drivers/gpu/drm/drm_global.c b/drivers/gpu/drm/drm_global.c
47797 index 3d2e91c..d31c4c9 100644
47798 --- a/drivers/gpu/drm/drm_global.c
47799 +++ b/drivers/gpu/drm/drm_global.c
47800 @@ -36,7 +36,7 @@
47801 struct drm_global_item {
47802 struct mutex mutex;
47803 void *object;
47804 - int refcount;
47805 + atomic_t refcount;
47806 };
47807
47808 static struct drm_global_item glob[DRM_GLOBAL_NUM];
47809 @@ -49,7 +49,7 @@ void drm_global_init(void)
47810 struct drm_global_item *item = &glob[i];
47811 mutex_init(&item->mutex);
47812 item->object = NULL;
47813 - item->refcount = 0;
47814 + atomic_set(&item->refcount, 0);
47815 }
47816 }
47817
47818 @@ -59,7 +59,7 @@ void drm_global_release(void)
47819 for (i = 0; i < DRM_GLOBAL_NUM; ++i) {
47820 struct drm_global_item *item = &glob[i];
47821 BUG_ON(item->object != NULL);
47822 - BUG_ON(item->refcount != 0);
47823 + BUG_ON(atomic_read(&item->refcount) != 0);
47824 }
47825 }
47826
47827 @@ -69,7 +69,7 @@ int drm_global_item_ref(struct drm_global_reference *ref)
47828 struct drm_global_item *item = &glob[ref->global_type];
47829
47830 mutex_lock(&item->mutex);
47831 - if (item->refcount == 0) {
47832 + if (atomic_read(&item->refcount) == 0) {
47833 item->object = kzalloc(ref->size, GFP_KERNEL);
47834 if (unlikely(item->object == NULL)) {
47835 ret = -ENOMEM;
47836 @@ -82,7 +82,7 @@ int drm_global_item_ref(struct drm_global_reference *ref)
47837 goto out_err;
47838
47839 }
47840 - ++item->refcount;
47841 + atomic_inc(&item->refcount);
47842 ref->object = item->object;
47843 mutex_unlock(&item->mutex);
47844 return 0;
47845 @@ -98,9 +98,9 @@ void drm_global_item_unref(struct drm_global_reference *ref)
47846 struct drm_global_item *item = &glob[ref->global_type];
47847
47848 mutex_lock(&item->mutex);
47849 - BUG_ON(item->refcount == 0);
47850 + BUG_ON(atomic_read(&item->refcount) == 0);
47851 BUG_ON(ref->object != item->object);
47852 - if (--item->refcount == 0) {
47853 + if (atomic_dec_and_test(&item->refcount)) {
47854 ref->release(ref);
47855 item->object = NULL;
47856 }
47857 diff --git a/drivers/gpu/drm/drm_ioc32.c b/drivers/gpu/drm/drm_ioc32.c
47858 index a628975..98c84f7 100644
47859 --- a/drivers/gpu/drm/drm_ioc32.c
47860 +++ b/drivers/gpu/drm/drm_ioc32.c
47861 @@ -458,7 +458,7 @@ static int compat_drm_infobufs(struct file *file, unsigned int cmd,
47862 request = compat_alloc_user_space(nbytes);
47863 if (!request)
47864 return -EFAULT;
47865 - list = (struct drm_buf_desc *) (request + 1);
47866 + list = (struct drm_buf_desc __user *) (request + 1);
47867
47868 if (__put_user(count, &request->count)
47869 || __put_user(list, &request->list))
47870 @@ -519,7 +519,7 @@ static int compat_drm_mapbufs(struct file *file, unsigned int cmd,
47871 request = compat_alloc_user_space(nbytes);
47872 if (!request)
47873 return -EFAULT;
47874 - list = (struct drm_buf_pub *) (request + 1);
47875 + list = (struct drm_buf_pub __user *) (request + 1);
47876
47877 if (__put_user(count, &request->count)
47878 || __put_user(list, &request->list))
47879 @@ -1074,7 +1074,7 @@ static int compat_drm_mode_addfb2(struct file *file, unsigned int cmd,
47880 }
47881 #endif
47882
47883 -static drm_ioctl_compat_t *drm_compat_ioctls[] = {
47884 +static drm_ioctl_compat_t drm_compat_ioctls[] = {
47885 [DRM_IOCTL_NR(DRM_IOCTL_VERSION32)] = compat_drm_version,
47886 [DRM_IOCTL_NR(DRM_IOCTL_GET_UNIQUE32)] = compat_drm_getunique,
47887 [DRM_IOCTL_NR(DRM_IOCTL_GET_MAP32)] = compat_drm_getmap,
47888 @@ -1123,7 +1123,6 @@ static drm_ioctl_compat_t *drm_compat_ioctls[] = {
47889 long drm_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
47890 {
47891 unsigned int nr = DRM_IOCTL_NR(cmd);
47892 - drm_ioctl_compat_t *fn;
47893 int ret;
47894
47895 /* Assume that ioctls without an explicit compat routine will just
47896 @@ -1133,10 +1132,8 @@ long drm_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
47897 if (nr >= ARRAY_SIZE(drm_compat_ioctls))
47898 return drm_ioctl(filp, cmd, arg);
47899
47900 - fn = drm_compat_ioctls[nr];
47901 -
47902 - if (fn != NULL)
47903 - ret = (*fn) (filp, cmd, arg);
47904 + if (drm_compat_ioctls[nr] != NULL)
47905 + ret = (*drm_compat_ioctls[nr]) (filp, cmd, arg);
47906 else
47907 ret = drm_ioctl(filp, cmd, arg);
47908
47909 diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c
47910 index 33af4a5..ceb09f2 100644
47911 --- a/drivers/gpu/drm/drm_ioctl.c
47912 +++ b/drivers/gpu/drm/drm_ioctl.c
47913 @@ -643,7 +643,7 @@ long drm_ioctl(struct file *filp,
47914 struct drm_file *file_priv = filp->private_data;
47915 struct drm_device *dev;
47916 const struct drm_ioctl_desc *ioctl = NULL;
47917 - drm_ioctl_t *func;
47918 + drm_ioctl_no_const_t func;
47919 unsigned int nr = DRM_IOCTL_NR(cmd);
47920 int retcode = -EINVAL;
47921 char stack_kdata[128];
47922 diff --git a/drivers/gpu/drm/drm_pci.c b/drivers/gpu/drm/drm_pci.c
47923 index b2f8f10..39eb872 100644
47924 --- a/drivers/gpu/drm/drm_pci.c
47925 +++ b/drivers/gpu/drm/drm_pci.c
47926 @@ -264,7 +264,7 @@ int drm_get_pci_dev(struct pci_dev *pdev, const struct pci_device_id *ent,
47927 /* No locking needed since shadow-attach is single-threaded since it may
47928 * only be called from the per-driver module init hook. */
47929 if (!drm_core_check_feature(dev, DRIVER_MODESET))
47930 - list_add_tail(&dev->legacy_dev_list, &driver->legacy_dev_list);
47931 + pax_list_add_tail(&dev->legacy_dev_list, (struct list_head *)&driver->legacy_dev_list);
47932
47933 return 0;
47934
47935 @@ -303,7 +303,10 @@ int drm_pci_init(struct drm_driver *driver, struct pci_driver *pdriver)
47936 return pci_register_driver(pdriver);
47937
47938 /* If not using KMS, fall back to stealth mode manual scanning. */
47939 - INIT_LIST_HEAD(&driver->legacy_dev_list);
47940 + pax_open_kernel();
47941 + INIT_LIST_HEAD((struct list_head *)&driver->legacy_dev_list);
47942 + pax_close_kernel();
47943 +
47944 for (i = 0; pdriver->id_table[i].vendor != 0; i++) {
47945 pid = &pdriver->id_table[i];
47946
47947 @@ -426,7 +429,7 @@ void drm_pci_exit(struct drm_driver *driver, struct pci_driver *pdriver)
47948 } else {
47949 list_for_each_entry_safe(dev, tmp, &driver->legacy_dev_list,
47950 legacy_dev_list) {
47951 - list_del(&dev->legacy_dev_list);
47952 + pax_list_del(&dev->legacy_dev_list);
47953 drm_put_dev(dev);
47954 }
47955 }
47956 diff --git a/drivers/gpu/drm/exynos/exynos_drm_drv.c b/drivers/gpu/drm/exynos/exynos_drm_drv.c
47957 index 877d2ef..7b2d94d 100644
47958 --- a/drivers/gpu/drm/exynos/exynos_drm_drv.c
47959 +++ b/drivers/gpu/drm/exynos/exynos_drm_drv.c
47960 @@ -548,6 +548,11 @@ static int compare_dev(struct device *dev, void *data)
47961 return dev == (struct device *)data;
47962 }
47963
47964 +static int platform_bus_type_match(struct device *dev, void *data)
47965 +{
47966 + return platform_bus_type.match(dev, data);
47967 +}
47968 +
47969 static struct component_match *exynos_drm_match_add(struct device *dev)
47970 {
47971 struct component_match *match = NULL;
47972 @@ -562,7 +567,7 @@ static struct component_match *exynos_drm_match_add(struct device *dev)
47973
47974 while ((d = bus_find_device(&platform_bus_type, p,
47975 &info->driver->driver,
47976 - (void *)platform_bus_type.match))) {
47977 + platform_bus_type_match))) {
47978 put_device(p);
47979 component_match_add(dev, &match, compare_dev, d);
47980 p = d;
47981 @@ -593,7 +598,6 @@ static int exynos_drm_platform_probe(struct platform_device *pdev)
47982 struct component_match *match;
47983
47984 pdev->dev.coherent_dma_mask = DMA_BIT_MASK(32);
47985 - exynos_drm_driver.num_ioctls = ARRAY_SIZE(exynos_ioctls);
47986
47987 match = exynos_drm_match_add(&pdev->dev);
47988 if (IS_ERR(match))
47989 @@ -631,7 +635,7 @@ static struct device *exynos_drm_get_dma_device(void)
47990
47991 while ((dev = bus_find_device(&platform_bus_type, NULL,
47992 &info->driver->driver,
47993 - (void *)platform_bus_type.match))) {
47994 + platform_bus_type_match))) {
47995 put_device(dev);
47996 return dev;
47997 }
47998 @@ -652,7 +656,7 @@ static void exynos_drm_unregister_devices(void)
47999
48000 while ((dev = bus_find_device(&platform_bus_type, NULL,
48001 &info->driver->driver,
48002 - (void *)platform_bus_type.match))) {
48003 + platform_bus_type_match))) {
48004 put_device(dev);
48005 platform_device_unregister(to_platform_device(dev));
48006 }
48007 diff --git a/drivers/gpu/drm/exynos/exynos_drm_g2d.c b/drivers/gpu/drm/exynos/exynos_drm_g2d.c
48008 index 6eca8bb..d607c01 100644
48009 --- a/drivers/gpu/drm/exynos/exynos_drm_g2d.c
48010 +++ b/drivers/gpu/drm/exynos/exynos_drm_g2d.c
48011 @@ -1055,6 +1055,11 @@ int exynos_g2d_get_ver_ioctl(struct drm_device *drm_dev, void *data,
48012 return 0;
48013 }
48014
48015 +static void exynos_g2d_dmabuf_destroy(struct drm_pending_event *event)
48016 +{
48017 + kfree(event);
48018 +}
48019 +
48020 int exynos_g2d_set_cmdlist_ioctl(struct drm_device *drm_dev, void *data,
48021 struct drm_file *file)
48022 {
48023 diff --git a/drivers/gpu/drm/exynos/exynos_hdmi.c b/drivers/gpu/drm/exynos/exynos_hdmi.c
48024 index 2275efe..c91e144 100644
48025 --- a/drivers/gpu/drm/exynos/exynos_hdmi.c
48026 +++ b/drivers/gpu/drm/exynos/exynos_hdmi.c
48027 @@ -919,7 +919,7 @@ static int hdmi_find_phy_conf(struct hdmi_context *hdata, u32 pixel_clock)
48028 return -EINVAL;
48029 }
48030
48031 -static int hdmi_mode_valid(struct drm_connector *connector,
48032 +static enum drm_mode_status hdmi_mode_valid(struct drm_connector *connector,
48033 struct drm_display_mode *mode)
48034 {
48035 struct hdmi_context *hdata = connector_to_hdmi(connector);
48036 diff --git a/drivers/gpu/drm/gma500/cdv_intel_crt.c b/drivers/gpu/drm/gma500/cdv_intel_crt.c
48037 index b837e7a..cb5a14b 100644
48038 --- a/drivers/gpu/drm/gma500/cdv_intel_crt.c
48039 +++ b/drivers/gpu/drm/gma500/cdv_intel_crt.c
48040 @@ -64,7 +64,7 @@ static void cdv_intel_crt_dpms(struct drm_encoder *encoder, int mode)
48041 REG_WRITE(reg, temp);
48042 }
48043
48044 -static int cdv_intel_crt_mode_valid(struct drm_connector *connector,
48045 +static enum drm_mode_status cdv_intel_crt_mode_valid(struct drm_connector *connector,
48046 struct drm_display_mode *mode)
48047 {
48048 if (mode->flags & DRM_MODE_FLAG_DBLSCAN)
48049 diff --git a/drivers/gpu/drm/gma500/cdv_intel_dp.c b/drivers/gpu/drm/gma500/cdv_intel_dp.c
48050 index c52f9ad..486d203 100644
48051 --- a/drivers/gpu/drm/gma500/cdv_intel_dp.c
48052 +++ b/drivers/gpu/drm/gma500/cdv_intel_dp.c
48053 @@ -505,7 +505,7 @@ static void cdv_intel_edp_backlight_off (struct gma_encoder *intel_encoder)
48054 msleep(intel_dp->backlight_off_delay);
48055 }
48056
48057 -static int
48058 +static enum drm_mode_status
48059 cdv_intel_dp_mode_valid(struct drm_connector *connector,
48060 struct drm_display_mode *mode)
48061 {
48062 diff --git a/drivers/gpu/drm/gma500/cdv_intel_hdmi.c b/drivers/gpu/drm/gma500/cdv_intel_hdmi.c
48063 index 563f193..f087899 100644
48064 --- a/drivers/gpu/drm/gma500/cdv_intel_hdmi.c
48065 +++ b/drivers/gpu/drm/gma500/cdv_intel_hdmi.c
48066 @@ -223,7 +223,7 @@ static int cdv_hdmi_get_modes(struct drm_connector *connector)
48067 return ret;
48068 }
48069
48070 -static int cdv_hdmi_mode_valid(struct drm_connector *connector,
48071 +static enum drm_mode_status cdv_hdmi_mode_valid(struct drm_connector *connector,
48072 struct drm_display_mode *mode)
48073 {
48074 if (mode->clock > 165000)
48075 diff --git a/drivers/gpu/drm/gma500/cdv_intel_lvds.c b/drivers/gpu/drm/gma500/cdv_intel_lvds.c
48076 index 38dc890..c87ef7b 100644
48077 --- a/drivers/gpu/drm/gma500/cdv_intel_lvds.c
48078 +++ b/drivers/gpu/drm/gma500/cdv_intel_lvds.c
48079 @@ -244,7 +244,7 @@ static void cdv_intel_lvds_restore(struct drm_connector *connector)
48080 {
48081 }
48082
48083 -static int cdv_intel_lvds_mode_valid(struct drm_connector *connector,
48084 +static enum drm_mode_status cdv_intel_lvds_mode_valid(struct drm_connector *connector,
48085 struct drm_display_mode *mode)
48086 {
48087 struct drm_device *dev = connector->dev;
48088 diff --git a/drivers/gpu/drm/gma500/mdfld_dsi_dpi.c b/drivers/gpu/drm/gma500/mdfld_dsi_dpi.c
48089 index a05c0206..01bfdad 100644
48090 --- a/drivers/gpu/drm/gma500/mdfld_dsi_dpi.c
48091 +++ b/drivers/gpu/drm/gma500/mdfld_dsi_dpi.c
48092 @@ -120,9 +120,14 @@ static void dsi_set_pipe_plane_enable_state(struct drm_device *dev,
48093 u32 pipeconf_reg = PIPEACONF;
48094 u32 dspcntr_reg = DSPACNTR;
48095
48096 - u32 dspcntr = dev_priv->dspcntr[pipe];
48097 + u32 dspcntr;
48098 u32 mipi = MIPI_PORT_EN | PASS_FROM_SPHY_TO_AFE | SEL_FLOPPED_HSTX;
48099
48100 + if (pipe == -1)
48101 + return;
48102 +
48103 + dspcntr = dev_priv->dspcntr[pipe];
48104 +
48105 if (pipe) {
48106 pipeconf_reg = PIPECCONF;
48107 dspcntr_reg = DSPCCNTR;
48108 @@ -645,6 +650,9 @@ static void mdfld_dsi_dpi_set_power(struct drm_encoder *encoder, bool on)
48109 if (!gma_power_begin(dev, true))
48110 return;
48111
48112 + if (pipe == -1)
48113 + return;
48114 +
48115 if (on) {
48116 if (mdfld_get_panel_type(dev, pipe) == TMD_VID)
48117 mdfld_dsi_dpi_turn_on(dpi_output, pipe);
48118 diff --git a/drivers/gpu/drm/gma500/mdfld_dsi_output.c b/drivers/gpu/drm/gma500/mdfld_dsi_output.c
48119 index 907cb51..ae6f60c 100644
48120 --- a/drivers/gpu/drm/gma500/mdfld_dsi_output.c
48121 +++ b/drivers/gpu/drm/gma500/mdfld_dsi_output.c
48122 @@ -351,7 +351,7 @@ static int mdfld_dsi_connector_get_modes(struct drm_connector *connector)
48123 return 0;
48124 }
48125
48126 -static int mdfld_dsi_connector_mode_valid(struct drm_connector *connector,
48127 +static enum drm_mode_status mdfld_dsi_connector_mode_valid(struct drm_connector *connector,
48128 struct drm_display_mode *mode)
48129 {
48130 struct mdfld_dsi_connector *dsi_connector =
48131 diff --git a/drivers/gpu/drm/gma500/oaktrail_hdmi.c b/drivers/gpu/drm/gma500/oaktrail_hdmi.c
48132 index 8b2eb32..78566a8 100644
48133 --- a/drivers/gpu/drm/gma500/oaktrail_hdmi.c
48134 +++ b/drivers/gpu/drm/gma500/oaktrail_hdmi.c
48135 @@ -509,7 +509,7 @@ static void oaktrail_hdmi_dpms(struct drm_encoder *encoder, int mode)
48136 HDMI_WRITE(HDMI_VIDEO_REG, temp);
48137 }
48138
48139 -static int oaktrail_hdmi_mode_valid(struct drm_connector *connector,
48140 +static enum drm_mode_status oaktrail_hdmi_mode_valid(struct drm_connector *connector,
48141 struct drm_display_mode *mode)
48142 {
48143 if (mode->clock > 165000)
48144 diff --git a/drivers/gpu/drm/gma500/psb_drv.c b/drivers/gpu/drm/gma500/psb_drv.c
48145 index 50eb944f..93904f6 100644
48146 --- a/drivers/gpu/drm/gma500/psb_drv.c
48147 +++ b/drivers/gpu/drm/gma500/psb_drv.c
48148 @@ -373,7 +373,6 @@ static int psb_driver_load(struct drm_device *dev, unsigned long flags)
48149 drm_irq_install(dev, dev->pdev->irq);
48150
48151 dev->max_vblank_count = 0xffffff; /* only 24 bits of frame count */
48152 - dev->driver->get_vblank_counter = psb_get_vblank_counter;
48153
48154 psb_modeset_init(dev);
48155 psb_fbdev_init(dev);
48156 diff --git a/drivers/gpu/drm/gma500/psb_intel_drv.h b/drivers/gpu/drm/gma500/psb_intel_drv.h
48157 index 2a3b7c6..fbd3fa3 100644
48158 --- a/drivers/gpu/drm/gma500/psb_intel_drv.h
48159 +++ b/drivers/gpu/drm/gma500/psb_intel_drv.h
48160 @@ -255,7 +255,7 @@ extern int intelfb_remove(struct drm_device *dev,
48161 extern bool psb_intel_lvds_mode_fixup(struct drm_encoder *encoder,
48162 const struct drm_display_mode *mode,
48163 struct drm_display_mode *adjusted_mode);
48164 -extern int psb_intel_lvds_mode_valid(struct drm_connector *connector,
48165 +extern enum drm_mode_status psb_intel_lvds_mode_valid(struct drm_connector *connector,
48166 struct drm_display_mode *mode);
48167 extern int psb_intel_lvds_set_property(struct drm_connector *connector,
48168 struct drm_property *property,
48169 diff --git a/drivers/gpu/drm/gma500/psb_intel_lvds.c b/drivers/gpu/drm/gma500/psb_intel_lvds.c
48170 index e55733c..524a9fd 100644
48171 --- a/drivers/gpu/drm/gma500/psb_intel_lvds.c
48172 +++ b/drivers/gpu/drm/gma500/psb_intel_lvds.c
48173 @@ -343,7 +343,7 @@ static void psb_intel_lvds_restore(struct drm_connector *connector)
48174 }
48175 }
48176
48177 -int psb_intel_lvds_mode_valid(struct drm_connector *connector,
48178 +enum drm_mode_status psb_intel_lvds_mode_valid(struct drm_connector *connector,
48179 struct drm_display_mode *mode)
48180 {
48181 struct drm_psb_private *dev_priv = connector->dev->dev_private;
48182 diff --git a/drivers/gpu/drm/gma500/psb_intel_sdvo.c b/drivers/gpu/drm/gma500/psb_intel_sdvo.c
48183 index e787d37..91622fd 100644
48184 --- a/drivers/gpu/drm/gma500/psb_intel_sdvo.c
48185 +++ b/drivers/gpu/drm/gma500/psb_intel_sdvo.c
48186 @@ -1158,7 +1158,7 @@ static void psb_intel_sdvo_dpms(struct drm_encoder *encoder, int mode)
48187 return;
48188 }
48189
48190 -static int psb_intel_sdvo_mode_valid(struct drm_connector *connector,
48191 +static enum drm_mode_status psb_intel_sdvo_mode_valid(struct drm_connector *connector,
48192 struct drm_display_mode *mode)
48193 {
48194 struct psb_intel_sdvo *psb_intel_sdvo = intel_attached_sdvo(connector);
48195 diff --git a/drivers/gpu/drm/i2c/tda998x_drv.c b/drivers/gpu/drm/i2c/tda998x_drv.c
48196 index f4315bc..2048cc2 100644
48197 --- a/drivers/gpu/drm/i2c/tda998x_drv.c
48198 +++ b/drivers/gpu/drm/i2c/tda998x_drv.c
48199 @@ -856,7 +856,7 @@ static void tda998x_encoder_dpms(struct drm_encoder *encoder, int mode)
48200 priv->dpms = mode;
48201 }
48202
48203 -static int tda998x_connector_mode_valid(struct drm_connector *connector,
48204 +static enum drm_mode_status tda998x_connector_mode_valid(struct drm_connector *connector,
48205 struct drm_display_mode *mode)
48206 {
48207 /* TDA19988 dotclock can go up to 165MHz */
48208 diff --git a/drivers/gpu/drm/i810/i810_dma.c b/drivers/gpu/drm/i810/i810_dma.c
48209 index d918567..6cfd904 100644
48210 --- a/drivers/gpu/drm/i810/i810_dma.c
48211 +++ b/drivers/gpu/drm/i810/i810_dma.c
48212 @@ -1250,7 +1250,7 @@ const struct drm_ioctl_desc i810_ioctls[] = {
48213 DRM_IOCTL_DEF_DRV(I810_FLIP, i810_flip_bufs, DRM_AUTH|DRM_UNLOCKED),
48214 };
48215
48216 -int i810_max_ioctl = ARRAY_SIZE(i810_ioctls);
48217 +const int i810_max_ioctl = ARRAY_SIZE(i810_ioctls);
48218
48219 /**
48220 * Determine if the device really is AGP or not.
48221 diff --git a/drivers/gpu/drm/i810/i810_drv.c b/drivers/gpu/drm/i810/i810_drv.c
48222 index 44f4a13..af9f6f5 100644
48223 --- a/drivers/gpu/drm/i810/i810_drv.c
48224 +++ b/drivers/gpu/drm/i810/i810_drv.c
48225 @@ -87,7 +87,11 @@ static int __init i810_init(void)
48226 pr_err("drm/i810 does not support SMP\n");
48227 return -EINVAL;
48228 }
48229 - driver.num_ioctls = i810_max_ioctl;
48230 +
48231 + pax_open_kernel();
48232 + const_cast(driver.num_ioctls) = i810_max_ioctl;
48233 + pax_close_kernel();
48234 +
48235 return drm_pci_init(&driver, &i810_pci_driver);
48236 }
48237
48238 diff --git a/drivers/gpu/drm/i810/i810_drv.h b/drivers/gpu/drm/i810/i810_drv.h
48239 index 93ec5dc..204ec92 100644
48240 --- a/drivers/gpu/drm/i810/i810_drv.h
48241 +++ b/drivers/gpu/drm/i810/i810_drv.h
48242 @@ -110,8 +110,8 @@ typedef struct drm_i810_private {
48243 int page_flipping;
48244
48245 wait_queue_head_t irq_queue;
48246 - atomic_t irq_received;
48247 - atomic_t irq_emitted;
48248 + atomic_unchecked_t irq_received;
48249 + atomic_unchecked_t irq_emitted;
48250
48251 int front_offset;
48252 } drm_i810_private_t;
48253 @@ -128,7 +128,7 @@ extern int i810_driver_device_is_agp(struct drm_device *dev);
48254
48255 extern long i810_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
48256 extern const struct drm_ioctl_desc i810_ioctls[];
48257 -extern int i810_max_ioctl;
48258 +extern const int i810_max_ioctl;
48259
48260 #define I810_BASE(reg) ((unsigned long) \
48261 dev_priv->mmio_map->handle)
48262 diff --git a/drivers/gpu/drm/i915/dvo.h b/drivers/gpu/drm/i915/dvo.h
48263 index 5e6a301..b6e143e 100644
48264 --- a/drivers/gpu/drm/i915/dvo.h
48265 +++ b/drivers/gpu/drm/i915/dvo.h
48266 @@ -74,7 +74,7 @@ struct intel_dvo_dev_ops {
48267 *
48268 * \return MODE_OK if the mode is valid, or another MODE_* otherwise.
48269 */
48270 - int (*mode_valid)(struct intel_dvo_device *dvo,
48271 + enum drm_mode_status (*mode_valid)(struct intel_dvo_device *dvo,
48272 struct drm_display_mode *mode);
48273
48274 /*
48275 diff --git a/drivers/gpu/drm/i915/i915_drv.c b/drivers/gpu/drm/i915/i915_drv.c
48276 index 5de36d8..7d7899c 100644
48277 --- a/drivers/gpu/drm/i915/i915_drv.c
48278 +++ b/drivers/gpu/drm/i915/i915_drv.c
48279 @@ -50,7 +50,7 @@
48280 #include "i915_vgpu.h"
48281 #include "intel_drv.h"
48282
48283 -static struct drm_driver driver;
48284 +static drm_driver_no_const driver;
48285
48286 static unsigned int i915_load_fail_count;
48287
48288 @@ -557,7 +557,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev)
48289 * locking inversion with the driver load path. And the access here is
48290 * completely racy anyway. So don't bother with locking for now.
48291 */
48292 - return dev->open_count == 0;
48293 + return local_read(&dev->open_count) == 0;
48294 }
48295
48296 static const struct vga_switcheroo_client_ops i915_switcheroo_ops = {
48297 @@ -1224,8 +1224,11 @@ int i915_driver_load(struct pci_dev *pdev, const struct pci_device_id *ent)
48298 struct drm_i915_private *dev_priv;
48299 int ret;
48300
48301 - if (i915.nuclear_pageflip)
48302 + if (i915.nuclear_pageflip) {
48303 + pax_open_kernel();
48304 driver.driver_features |= DRIVER_ATOMIC;
48305 + pax_close_kernel();
48306 + }
48307
48308 ret = -ENOMEM;
48309 dev_priv = kzalloc(sizeof(*dev_priv), GFP_KERNEL);
48310 @@ -2610,7 +2613,7 @@ static const struct drm_ioctl_desc i915_ioctls[] = {
48311 DRM_IOCTL_DEF_DRV(I915_GEM_CONTEXT_SETPARAM, i915_gem_context_setparam_ioctl, DRM_RENDER_ALLOW),
48312 };
48313
48314 -static struct drm_driver driver = {
48315 +static drm_driver_no_const driver __read_only = {
48316 /* Don't use MTRRs here; the Xserver or userspace app should
48317 * deal with them for Intel hardware.
48318 */
48319 diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
48320 index b35e5b6..998ddfc 100644
48321 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
48322 +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
48323 @@ -993,12 +993,12 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
48324 static int
48325 validate_exec_list(struct drm_device *dev,
48326 struct drm_i915_gem_exec_object2 *exec,
48327 - int count)
48328 + unsigned int count)
48329 {
48330 unsigned relocs_total = 0;
48331 unsigned relocs_max = UINT_MAX / sizeof(struct drm_i915_gem_relocation_entry);
48332 unsigned invalid_flags;
48333 - int i;
48334 + unsigned int i;
48335
48336 invalid_flags = __EXEC_OBJECT_UNKNOWN_FLAGS;
48337 if (USES_FULL_PPGTT(dev))
48338 diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
48339 index f38ceff..3f18728 100644
48340 --- a/drivers/gpu/drm/i915/i915_gem_gtt.c
48341 +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
48342 @@ -3268,8 +3268,8 @@ int i915_ggtt_init_hw(struct drm_device *dev)
48343 /* GMADR is the PCI mmio aperture into the global GTT. */
48344 DRM_INFO("Memory usable by graphics device = %lluM\n",
48345 ggtt->base.total >> 20);
48346 - DRM_DEBUG_DRIVER("GMADR size = %lldM\n", ggtt->mappable_end >> 20);
48347 - DRM_DEBUG_DRIVER("GTT stolen size = %zdM\n", ggtt->stolen_size >> 20);
48348 + DRM_DEBUG_DRIVER("GMADR size = %lluM\n", ggtt->mappable_end >> 20);
48349 + DRM_DEBUG_DRIVER("GTT stolen size = %lluM\n", ggtt->stolen_size >> 20);
48350 #ifdef CONFIG_INTEL_IOMMU
48351 if (intel_iommu_gfx_mapped)
48352 DRM_INFO("VT-d active for gfx access\n");
48353 diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.h b/drivers/gpu/drm/i915/i915_gem_gtt.h
48354 index aa5f31d..9df8e4d 100644
48355 --- a/drivers/gpu/drm/i915/i915_gem_gtt.h
48356 +++ b/drivers/gpu/drm/i915/i915_gem_gtt.h
48357 @@ -350,14 +350,14 @@ struct i915_address_space {
48358 struct i915_ggtt {
48359 struct i915_address_space base;
48360
48361 - size_t stolen_size; /* Total size of stolen memory */
48362 + u64 stolen_size; /* Total size of stolen memory */
48363 size_t stolen_usable_size; /* Total size minus BIOS reserved */
48364 size_t stolen_reserved_base;
48365 size_t stolen_reserved_size;
48366 size_t size; /* Total size of Global GTT */
48367 u64 mappable_end; /* End offset that we can CPU map */
48368 struct io_mapping *mappable; /* Mapping to our CPU mappable region */
48369 - phys_addr_t mappable_base; /* PA of our GMADR */
48370 + u64 mappable_base; /* PA of our GMADR */
48371
48372 /** "Graphics Stolen Memory" holds the global PTEs */
48373 void __iomem *gsm;
48374 diff --git a/drivers/gpu/drm/i915/i915_ioc32.c b/drivers/gpu/drm/i915/i915_ioc32.c
48375 index 97f3a56..32c712e 100644
48376 --- a/drivers/gpu/drm/i915/i915_ioc32.c
48377 +++ b/drivers/gpu/drm/i915/i915_ioc32.c
48378 @@ -65,7 +65,7 @@ static int compat_i915_getparam(struct file *file, unsigned int cmd,
48379 (unsigned long)request);
48380 }
48381
48382 -static drm_ioctl_compat_t *i915_compat_ioctls[] = {
48383 +static drm_ioctl_compat_t i915_compat_ioctls[] = {
48384 [DRM_I915_GETPARAM] = compat_i915_getparam,
48385 };
48386
48387 @@ -81,17 +81,13 @@ static drm_ioctl_compat_t *i915_compat_ioctls[] = {
48388 long i915_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
48389 {
48390 unsigned int nr = DRM_IOCTL_NR(cmd);
48391 - drm_ioctl_compat_t *fn = NULL;
48392 int ret;
48393
48394 if (nr < DRM_COMMAND_BASE || nr >= DRM_COMMAND_END)
48395 return drm_compat_ioctl(filp, cmd, arg);
48396
48397 - if (nr < DRM_COMMAND_BASE + ARRAY_SIZE(i915_compat_ioctls))
48398 - fn = i915_compat_ioctls[nr - DRM_COMMAND_BASE];
48399 -
48400 - if (fn != NULL)
48401 - ret = (*fn) (filp, cmd, arg);
48402 + if (nr < DRM_COMMAND_BASE + ARRAY_SIZE(i915_compat_ioctls) && i915_compat_ioctls[nr - DRM_COMMAND_BASE])
48403 + ret = (*i915_compat_ioctls[nr - DRM_COMMAND_BASE])(filp, cmd, arg);
48404 else
48405 ret = drm_ioctl(filp, cmd, arg);
48406
48407 diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c
48408 index 1c2aec3..f807515 100644
48409 --- a/drivers/gpu/drm/i915/i915_irq.c
48410 +++ b/drivers/gpu/drm/i915/i915_irq.c
48411 @@ -4541,14 +4541,15 @@ void intel_irq_init(struct drm_i915_private *dev_priv)
48412 INIT_DELAYED_WORK(&dev_priv->gpu_error.hangcheck_work,
48413 i915_hangcheck_elapsed);
48414
48415 + pax_open_kernel();
48416 if (IS_GEN2(dev_priv)) {
48417 dev->max_vblank_count = 0;
48418 - dev->driver->get_vblank_counter = i8xx_get_vblank_counter;
48419 + const_cast(dev->driver->get_vblank_counter) = i8xx_get_vblank_counter;
48420 } else if (IS_G4X(dev_priv) || INTEL_INFO(dev_priv)->gen >= 5) {
48421 dev->max_vblank_count = 0xffffffff; /* full 32 bit counter */
48422 - dev->driver->get_vblank_counter = g4x_get_vblank_counter;
48423 + const_cast(dev->driver->get_vblank_counter) = g4x_get_vblank_counter;
48424 } else {
48425 - dev->driver->get_vblank_counter = i915_get_vblank_counter;
48426 + const_cast(dev->driver->get_vblank_counter) = i915_get_vblank_counter;
48427 dev->max_vblank_count = 0xffffff; /* only 24 bits of frame count */
48428 }
48429
48430 @@ -4560,32 +4561,32 @@ void intel_irq_init(struct drm_i915_private *dev_priv)
48431 if (!IS_GEN2(dev_priv))
48432 dev->vblank_disable_immediate = true;
48433
48434 - dev->driver->get_vblank_timestamp = i915_get_vblank_timestamp;
48435 - dev->driver->get_scanout_position = i915_get_crtc_scanoutpos;
48436 + const_cast(dev->driver->get_vblank_timestamp) = i915_get_vblank_timestamp;
48437 + const_cast(dev->driver->get_scanout_position) = i915_get_crtc_scanoutpos;
48438
48439 if (IS_CHERRYVIEW(dev_priv)) {
48440 - dev->driver->irq_handler = cherryview_irq_handler;
48441 - dev->driver->irq_preinstall = cherryview_irq_preinstall;
48442 - dev->driver->irq_postinstall = cherryview_irq_postinstall;
48443 - dev->driver->irq_uninstall = cherryview_irq_uninstall;
48444 - dev->driver->enable_vblank = valleyview_enable_vblank;
48445 - dev->driver->disable_vblank = valleyview_disable_vblank;
48446 + const_cast(dev->driver->irq_handler) = cherryview_irq_handler;
48447 + const_cast(dev->driver->irq_preinstall) = cherryview_irq_preinstall;
48448 + const_cast(dev->driver->irq_postinstall) = cherryview_irq_postinstall;
48449 + const_cast(dev->driver->irq_uninstall) = cherryview_irq_uninstall;
48450 + const_cast(dev->driver->enable_vblank) = valleyview_enable_vblank;
48451 + const_cast(dev->driver->disable_vblank) = valleyview_disable_vblank;
48452 dev_priv->display.hpd_irq_setup = i915_hpd_irq_setup;
48453 } else if (IS_VALLEYVIEW(dev_priv)) {
48454 - dev->driver->irq_handler = valleyview_irq_handler;
48455 - dev->driver->irq_preinstall = valleyview_irq_preinstall;
48456 - dev->driver->irq_postinstall = valleyview_irq_postinstall;
48457 - dev->driver->irq_uninstall = valleyview_irq_uninstall;
48458 - dev->driver->enable_vblank = valleyview_enable_vblank;
48459 - dev->driver->disable_vblank = valleyview_disable_vblank;
48460 + const_cast(dev->driver->irq_handler) = valleyview_irq_handler;
48461 + const_cast(dev->driver->irq_preinstall) = valleyview_irq_preinstall;
48462 + const_cast(dev->driver->irq_postinstall) = valleyview_irq_postinstall;
48463 + const_cast(dev->driver->irq_uninstall) = valleyview_irq_uninstall;
48464 + const_cast(dev->driver->enable_vblank) = valleyview_enable_vblank;
48465 + const_cast(dev->driver->disable_vblank) = valleyview_disable_vblank;
48466 dev_priv->display.hpd_irq_setup = i915_hpd_irq_setup;
48467 } else if (INTEL_INFO(dev_priv)->gen >= 8) {
48468 - dev->driver->irq_handler = gen8_irq_handler;
48469 - dev->driver->irq_preinstall = gen8_irq_reset;
48470 - dev->driver->irq_postinstall = gen8_irq_postinstall;
48471 - dev->driver->irq_uninstall = gen8_irq_uninstall;
48472 - dev->driver->enable_vblank = gen8_enable_vblank;
48473 - dev->driver->disable_vblank = gen8_disable_vblank;
48474 + const_cast(dev->driver->irq_handler) = gen8_irq_handler;
48475 + const_cast(dev->driver->irq_preinstall) = gen8_irq_reset;
48476 + const_cast(dev->driver->irq_postinstall) = gen8_irq_postinstall;
48477 + const_cast(dev->driver->irq_uninstall) = gen8_irq_uninstall;
48478 + const_cast(dev->driver->enable_vblank) = gen8_enable_vblank;
48479 + const_cast(dev->driver->disable_vblank) = gen8_disable_vblank;
48480 if (IS_BROXTON(dev))
48481 dev_priv->display.hpd_irq_setup = bxt_hpd_irq_setup;
48482 else if (HAS_PCH_SPT(dev) || HAS_PCH_KBP(dev))
48483 @@ -4593,35 +4594,36 @@ void intel_irq_init(struct drm_i915_private *dev_priv)
48484 else
48485 dev_priv->display.hpd_irq_setup = ilk_hpd_irq_setup;
48486 } else if (HAS_PCH_SPLIT(dev)) {
48487 - dev->driver->irq_handler = ironlake_irq_handler;
48488 - dev->driver->irq_preinstall = ironlake_irq_reset;
48489 - dev->driver->irq_postinstall = ironlake_irq_postinstall;
48490 - dev->driver->irq_uninstall = ironlake_irq_uninstall;
48491 - dev->driver->enable_vblank = ironlake_enable_vblank;
48492 - dev->driver->disable_vblank = ironlake_disable_vblank;
48493 + const_cast(dev->driver->irq_handler) = ironlake_irq_handler;
48494 + const_cast(dev->driver->irq_preinstall) = ironlake_irq_reset;
48495 + const_cast(dev->driver->irq_postinstall) = ironlake_irq_postinstall;
48496 + const_cast(dev->driver->irq_uninstall) = ironlake_irq_uninstall;
48497 + const_cast(dev->driver->enable_vblank) = ironlake_enable_vblank;
48498 + const_cast(dev->driver->disable_vblank) = ironlake_disable_vblank;
48499 dev_priv->display.hpd_irq_setup = ilk_hpd_irq_setup;
48500 } else {
48501 if (IS_GEN2(dev_priv)) {
48502 - dev->driver->irq_preinstall = i8xx_irq_preinstall;
48503 - dev->driver->irq_postinstall = i8xx_irq_postinstall;
48504 - dev->driver->irq_handler = i8xx_irq_handler;
48505 - dev->driver->irq_uninstall = i8xx_irq_uninstall;
48506 + const_cast(dev->driver->irq_preinstall) = i8xx_irq_preinstall;
48507 + const_cast(dev->driver->irq_postinstall) = i8xx_irq_postinstall;
48508 + const_cast(dev->driver->irq_handler) = i8xx_irq_handler;
48509 + const_cast(dev->driver->irq_uninstall) = i8xx_irq_uninstall;
48510 } else if (IS_GEN3(dev_priv)) {
48511 - dev->driver->irq_preinstall = i915_irq_preinstall;
48512 - dev->driver->irq_postinstall = i915_irq_postinstall;
48513 - dev->driver->irq_uninstall = i915_irq_uninstall;
48514 - dev->driver->irq_handler = i915_irq_handler;
48515 + const_cast(dev->driver->irq_preinstall) = i915_irq_preinstall;
48516 + const_cast(dev->driver->irq_postinstall) = i915_irq_postinstall;
48517 + const_cast(dev->driver->irq_uninstall) = i915_irq_uninstall;
48518 + const_cast(dev->driver->irq_handler) = i915_irq_handler;
48519 } else {
48520 - dev->driver->irq_preinstall = i965_irq_preinstall;
48521 - dev->driver->irq_postinstall = i965_irq_postinstall;
48522 - dev->driver->irq_uninstall = i965_irq_uninstall;
48523 - dev->driver->irq_handler = i965_irq_handler;
48524 + const_cast(dev->driver->irq_preinstall) = i965_irq_preinstall;
48525 + const_cast(dev->driver->irq_postinstall) = i965_irq_postinstall;
48526 + const_cast(dev->driver->irq_uninstall) = i965_irq_uninstall;
48527 + const_cast(dev->driver->irq_handler) = i965_irq_handler;
48528 }
48529 if (I915_HAS_HOTPLUG(dev_priv))
48530 dev_priv->display.hpd_irq_setup = i915_hpd_irq_setup;
48531 - dev->driver->enable_vblank = i915_enable_vblank;
48532 - dev->driver->disable_vblank = i915_disable_vblank;
48533 + const_cast(dev->driver->enable_vblank) = i915_enable_vblank;
48534 + const_cast(dev->driver->disable_vblank) = i915_disable_vblank;
48535 }
48536 + pax_close_kernel();
48537 }
48538
48539 /**
48540 diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
48541 index e9a64fb..54a2344 100644
48542 --- a/drivers/gpu/drm/i915/intel_display.c
48543 +++ b/drivers/gpu/drm/i915/intel_display.c
48544 @@ -15569,13 +15569,13 @@ struct intel_quirk {
48545 int subsystem_vendor;
48546 int subsystem_device;
48547 void (*hook)(struct drm_device *dev);
48548 -};
48549 +} __do_const;
48550
48551 /* For systems that don't have a meaningful PCI subdevice/subvendor ID */
48552 struct intel_dmi_quirk {
48553 void (*hook)(struct drm_device *dev);
48554 - const struct dmi_system_id (*dmi_id_list)[];
48555 -};
48556 + const struct dmi_system_id *dmi_id_list;
48557 +} __do_const;
48558
48559 static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
48560 {
48561 @@ -15583,18 +15583,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
48562 return 1;
48563 }
48564
48565 -static const struct intel_dmi_quirk intel_dmi_quirks[] = {
48566 +static const struct dmi_system_id intel_dmi_quirks_table[] = {
48567 {
48568 - .dmi_id_list = &(const struct dmi_system_id[]) {
48569 - {
48570 - .callback = intel_dmi_reverse_brightness,
48571 - .ident = "NCR Corporation",
48572 - .matches = {DMI_MATCH(DMI_SYS_VENDOR, "NCR Corporation"),
48573 - DMI_MATCH(DMI_PRODUCT_NAME, ""),
48574 - },
48575 - },
48576 - { } /* terminating entry */
48577 + .callback = intel_dmi_reverse_brightness,
48578 + .ident = "NCR Corporation",
48579 + .matches = {DMI_MATCH(DMI_SYS_VENDOR, "NCR Corporation"),
48580 + DMI_MATCH(DMI_PRODUCT_NAME, ""),
48581 },
48582 + },
48583 + { } /* terminating entry */
48584 +};
48585 +
48586 +static const struct intel_dmi_quirk intel_dmi_quirks[] = {
48587 + {
48588 + .dmi_id_list = intel_dmi_quirks_table,
48589 .hook = quirk_invert_brightness,
48590 },
48591 };
48592 @@ -15677,7 +15679,7 @@ static void intel_init_quirks(struct drm_device *dev)
48593 q->hook(dev);
48594 }
48595 for (i = 0; i < ARRAY_SIZE(intel_dmi_quirks); i++) {
48596 - if (dmi_check_system(*intel_dmi_quirks[i].dmi_id_list) != 0)
48597 + if (dmi_check_system(intel_dmi_quirks[i].dmi_id_list) != 0)
48598 intel_dmi_quirks[i].hook(dev);
48599 }
48600 }
48601 diff --git a/drivers/gpu/drm/imx/imx-drm-core.c b/drivers/gpu/drm/imx/imx-drm-core.c
48602 index 7bf90e9..30711b9 100644
48603 --- a/drivers/gpu/drm/imx/imx-drm-core.c
48604 +++ b/drivers/gpu/drm/imx/imx-drm-core.c
48605 @@ -380,7 +380,7 @@ int imx_drm_add_crtc(struct drm_device *drm, struct drm_crtc *crtc,
48606 if (imxdrm->pipes >= MAX_CRTC)
48607 return -EINVAL;
48608
48609 - if (imxdrm->drm->open_count)
48610 + if (local_read(&imxdrm->drm->open_count))
48611 return -EBUSY;
48612
48613 imx_drm_crtc = kzalloc(sizeof(*imx_drm_crtc), GFP_KERNEL);
48614 diff --git a/drivers/gpu/drm/imx/imx-tve.c b/drivers/gpu/drm/imx/imx-tve.c
48615 index 5e87594..98a690c 100644
48616 --- a/drivers/gpu/drm/imx/imx-tve.c
48617 +++ b/drivers/gpu/drm/imx/imx-tve.c
48618 @@ -252,7 +252,7 @@ static int imx_tve_connector_get_modes(struct drm_connector *connector)
48619 return ret;
48620 }
48621
48622 -static int imx_tve_connector_mode_valid(struct drm_connector *connector,
48623 +static enum drm_mode_status imx_tve_connector_mode_valid(struct drm_connector *connector,
48624 struct drm_display_mode *mode)
48625 {
48626 struct imx_tve *tve = con_to_tve(connector);
48627 diff --git a/drivers/gpu/drm/mediatek/mtk_hdmi.c b/drivers/gpu/drm/mediatek/mtk_hdmi.c
48628 index 334562d..90fa448 100644
48629 --- a/drivers/gpu/drm/mediatek/mtk_hdmi.c
48630 +++ b/drivers/gpu/drm/mediatek/mtk_hdmi.c
48631 @@ -1232,7 +1232,7 @@ static int mtk_hdmi_conn_get_modes(struct drm_connector *conn)
48632 return ret;
48633 }
48634
48635 -static int mtk_hdmi_conn_mode_valid(struct drm_connector *conn,
48636 +static enum drm_mode_status mtk_hdmi_conn_mode_valid(struct drm_connector *conn,
48637 struct drm_display_mode *mode)
48638 {
48639 struct mtk_hdmi *hdmi = hdmi_ctx_from_conn(conn);
48640 diff --git a/drivers/gpu/drm/mga/mga_drv.c b/drivers/gpu/drm/mga/mga_drv.c
48641 index 5e2f131..c134c7c 100644
48642 --- a/drivers/gpu/drm/mga/mga_drv.c
48643 +++ b/drivers/gpu/drm/mga/mga_drv.c
48644 @@ -92,7 +92,10 @@ static struct pci_driver mga_pci_driver = {
48645
48646 static int __init mga_init(void)
48647 {
48648 - driver.num_ioctls = mga_max_ioctl;
48649 + pax_open_kernel();
48650 + const_cast(driver.num_ioctls) = mga_max_ioctl;
48651 + pax_close_kernel();
48652 +
48653 return drm_pci_init(&driver, &mga_pci_driver);
48654 }
48655
48656 diff --git a/drivers/gpu/drm/mga/mga_drv.h b/drivers/gpu/drm/mga/mga_drv.h
48657 index bb31233..75b39f0 100644
48658 --- a/drivers/gpu/drm/mga/mga_drv.h
48659 +++ b/drivers/gpu/drm/mga/mga_drv.h
48660 @@ -122,9 +122,9 @@ typedef struct drm_mga_private {
48661 u32 clear_cmd;
48662 u32 maccess;
48663
48664 - atomic_t vbl_received; /**< Number of vblanks received. */
48665 + atomic_unchecked_t vbl_received; /**< Number of vblanks received. */
48666 wait_queue_head_t fence_queue;
48667 - atomic_t last_fence_retired;
48668 + atomic_unchecked_t last_fence_retired;
48669 u32 next_fence_to_post;
48670
48671 unsigned int fb_cpp;
48672 @@ -152,7 +152,7 @@ typedef struct drm_mga_private {
48673 } drm_mga_private_t;
48674
48675 extern const struct drm_ioctl_desc mga_ioctls[];
48676 -extern int mga_max_ioctl;
48677 +extern const int mga_max_ioctl;
48678
48679 /* mga_dma.c */
48680 extern int mga_dma_bootstrap(struct drm_device *dev, void *data,
48681 diff --git a/drivers/gpu/drm/mga/mga_ioc32.c b/drivers/gpu/drm/mga/mga_ioc32.c
48682 index 729bfd5..14bae78 100644
48683 --- a/drivers/gpu/drm/mga/mga_ioc32.c
48684 +++ b/drivers/gpu/drm/mga/mga_ioc32.c
48685 @@ -190,7 +190,7 @@ static int compat_mga_dma_bootstrap(struct file *file, unsigned int cmd,
48686 return 0;
48687 }
48688
48689 -drm_ioctl_compat_t *mga_compat_ioctls[] = {
48690 +drm_ioctl_compat_t mga_compat_ioctls[] = {
48691 [DRM_MGA_INIT] = compat_mga_init,
48692 [DRM_MGA_GETPARAM] = compat_mga_getparam,
48693 [DRM_MGA_DMA_BOOTSTRAP] = compat_mga_dma_bootstrap,
48694 @@ -208,17 +208,13 @@ drm_ioctl_compat_t *mga_compat_ioctls[] = {
48695 long mga_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
48696 {
48697 unsigned int nr = DRM_IOCTL_NR(cmd);
48698 - drm_ioctl_compat_t *fn = NULL;
48699 int ret;
48700
48701 if (nr < DRM_COMMAND_BASE)
48702 return drm_compat_ioctl(filp, cmd, arg);
48703
48704 - if (nr < DRM_COMMAND_BASE + ARRAY_SIZE(mga_compat_ioctls))
48705 - fn = mga_compat_ioctls[nr - DRM_COMMAND_BASE];
48706 -
48707 - if (fn != NULL)
48708 - ret = (*fn) (filp, cmd, arg);
48709 + if (nr < DRM_COMMAND_BASE + ARRAY_SIZE(mga_compat_ioctls) && mga_compat_ioctls[nr - DRM_COMMAND_BASE])
48710 + ret = (*mga_compat_ioctls[nr - DRM_COMMAND_BASE]) (filp, cmd, arg);
48711 else
48712 ret = drm_ioctl(filp, cmd, arg);
48713
48714 diff --git a/drivers/gpu/drm/mga/mga_irq.c b/drivers/gpu/drm/mga/mga_irq.c
48715 index 693ba70..465bcfc 100644
48716 --- a/drivers/gpu/drm/mga/mga_irq.c
48717 +++ b/drivers/gpu/drm/mga/mga_irq.c
48718 @@ -43,7 +43,7 @@ u32 mga_get_vblank_counter(struct drm_device *dev, unsigned int pipe)
48719 if (pipe != 0)
48720 return 0;
48721
48722 - return atomic_read(&dev_priv->vbl_received);
48723 + return atomic_read_unchecked(&dev_priv->vbl_received);
48724 }
48725
48726
48727 @@ -59,7 +59,7 @@ irqreturn_t mga_driver_irq_handler(int irq, void *arg)
48728 /* VBLANK interrupt */
48729 if (status & MGA_VLINEPEN) {
48730 MGA_WRITE(MGA_ICLEAR, MGA_VLINEICLR);
48731 - atomic_inc(&dev_priv->vbl_received);
48732 + atomic_inc_unchecked(&dev_priv->vbl_received);
48733 drm_handle_vblank(dev, 0);
48734 handled = 1;
48735 }
48736 @@ -78,7 +78,7 @@ irqreturn_t mga_driver_irq_handler(int irq, void *arg)
48737 if ((prim_start & ~0x03) != (prim_end & ~0x03))
48738 MGA_WRITE(MGA_PRIMEND, prim_end);
48739
48740 - atomic_inc(&dev_priv->last_fence_retired);
48741 + atomic_inc_unchecked(&dev_priv->last_fence_retired);
48742 wake_up(&dev_priv->fence_queue);
48743 handled = 1;
48744 }
48745 @@ -129,7 +129,7 @@ int mga_driver_fence_wait(struct drm_device *dev, unsigned int *sequence)
48746 * using fences.
48747 */
48748 DRM_WAIT_ON(ret, dev_priv->fence_queue, 3 * HZ,
48749 - (((cur_fence = atomic_read(&dev_priv->last_fence_retired))
48750 + (((cur_fence = atomic_read_unchecked(&dev_priv->last_fence_retired))
48751 - *sequence) <= (1 << 23)));
48752
48753 *sequence = cur_fence;
48754 diff --git a/drivers/gpu/drm/mga/mga_state.c b/drivers/gpu/drm/mga/mga_state.c
48755 index 792f924..aeb1334 100644
48756 --- a/drivers/gpu/drm/mga/mga_state.c
48757 +++ b/drivers/gpu/drm/mga/mga_state.c
48758 @@ -1099,4 +1099,4 @@ const struct drm_ioctl_desc mga_ioctls[] = {
48759 DRM_IOCTL_DEF_DRV(MGA_DMA_BOOTSTRAP, mga_dma_bootstrap, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY),
48760 };
48761
48762 -int mga_max_ioctl = ARRAY_SIZE(mga_ioctls);
48763 +const int mga_max_ioctl = ARRAY_SIZE(mga_ioctls);
48764 diff --git a/drivers/gpu/drm/mgag200/mgag200_mode.c b/drivers/gpu/drm/mgag200/mgag200_mode.c
48765 index 6b21cb2..90c2876 100644
48766 --- a/drivers/gpu/drm/mgag200/mgag200_mode.c
48767 +++ b/drivers/gpu/drm/mgag200/mgag200_mode.c
48768 @@ -1574,7 +1574,7 @@ static uint32_t mga_vga_calculate_mode_bandwidth(struct drm_display_mode *mode,
48769
48770 #define MODE_BANDWIDTH MODE_BAD
48771
48772 -static int mga_vga_mode_valid(struct drm_connector *connector,
48773 +static enum drm_mode_status mga_vga_mode_valid(struct drm_connector *connector,
48774 struct drm_display_mode *mode)
48775 {
48776 struct drm_device *dev = connector->dev;
48777 diff --git a/drivers/gpu/drm/msm/dsi/dsi_manager.c b/drivers/gpu/drm/msm/dsi/dsi_manager.c
48778 index c8d1f19..10d49d4 100644
48779 --- a/drivers/gpu/drm/msm/dsi/dsi_manager.c
48780 +++ b/drivers/gpu/drm/msm/dsi/dsi_manager.c
48781 @@ -306,7 +306,7 @@ static int dsi_mgr_connector_get_modes(struct drm_connector *connector)
48782 return num;
48783 }
48784
48785 -static int dsi_mgr_connector_mode_valid(struct drm_connector *connector,
48786 +static enum drm_mode_status dsi_mgr_connector_mode_valid(struct drm_connector *connector,
48787 struct drm_display_mode *mode)
48788 {
48789 int id = dsi_mgr_connector_get_id(connector);
48790 diff --git a/drivers/gpu/drm/msm/edp/edp_connector.c b/drivers/gpu/drm/msm/edp/edp_connector.c
48791 index 5960628..fe2e4de 100644
48792 --- a/drivers/gpu/drm/msm/edp/edp_connector.c
48793 +++ b/drivers/gpu/drm/msm/edp/edp_connector.c
48794 @@ -63,7 +63,7 @@ static int edp_connector_get_modes(struct drm_connector *connector)
48795 return ret;
48796 }
48797
48798 -static int edp_connector_mode_valid(struct drm_connector *connector,
48799 +static enum drm_mode_status edp_connector_mode_valid(struct drm_connector *connector,
48800 struct drm_display_mode *mode)
48801 {
48802 struct edp_connector *edp_connector = to_edp_connector(connector);
48803 diff --git a/drivers/gpu/drm/msm/hdmi/hdmi_connector.c b/drivers/gpu/drm/msm/hdmi/hdmi_connector.c
48804 index a2515b4..cec0906 100644
48805 --- a/drivers/gpu/drm/msm/hdmi/hdmi_connector.c
48806 +++ b/drivers/gpu/drm/msm/hdmi/hdmi_connector.c
48807 @@ -377,7 +377,7 @@ static int msm_hdmi_connector_get_modes(struct drm_connector *connector)
48808 return ret;
48809 }
48810
48811 -static int msm_hdmi_connector_mode_valid(struct drm_connector *connector,
48812 +static enum drm_mode_status msm_hdmi_connector_mode_valid(struct drm_connector *connector,
48813 struct drm_display_mode *mode)
48814 {
48815 struct hdmi_connector *hdmi_connector = to_hdmi_connector(connector);
48816 diff --git a/drivers/gpu/drm/msm/mdp/mdp5/mdp5_kms.c b/drivers/gpu/drm/msm/mdp/mdp5/mdp5_kms.c
48817 index ed7143d..527b26a 100644
48818 --- a/drivers/gpu/drm/msm/mdp/mdp5/mdp5_kms.c
48819 +++ b/drivers/gpu/drm/msm/mdp/mdp5/mdp5_kms.c
48820 @@ -647,9 +647,12 @@ struct msm_kms *mdp5_kms_init(struct drm_device *dev)
48821 dev->mode_config.max_width = config->hw->lm.max_width;
48822 dev->mode_config.max_height = config->hw->lm.max_height;
48823
48824 - dev->driver->get_vblank_timestamp = mdp5_get_vblank_timestamp;
48825 - dev->driver->get_scanout_position = mdp5_get_scanoutpos;
48826 - dev->driver->get_vblank_counter = mdp5_get_vblank_counter;
48827 + pax_open_kernel();
48828 + const_cast(dev->driver->get_vblank_timestamp) = mdp5_get_vblank_timestamp;
48829 + const_cast(dev->driver->get_scanout_position) = mdp5_get_scanoutpos;
48830 + const_cast(dev->driver->get_vblank_counter) = mdp5_get_vblank_counter;
48831 + pax_close_kernel();
48832 +
48833 dev->max_vblank_count = 0xffffffff;
48834 dev->vblank_disable_immediate = true;
48835
48836 diff --git a/drivers/gpu/drm/nouveau/nouveau_acpi.c b/drivers/gpu/drm/nouveau/nouveau_acpi.c
48837 index dc57b62..8f2a3d8 100644
48838 --- a/drivers/gpu/drm/nouveau/nouveau_acpi.c
48839 +++ b/drivers/gpu/drm/nouveau/nouveau_acpi.c
48840 @@ -194,7 +194,7 @@ static int nouveau_dsm_power_state(enum vga_switcheroo_client_id id,
48841 return nouveau_dsm_set_discrete_state(nouveau_dsm_priv.dhandle, state);
48842 }
48843
48844 -static int nouveau_dsm_get_client_id(struct pci_dev *pdev)
48845 +static enum vga_switcheroo_client_id nouveau_dsm_get_client_id(struct pci_dev *pdev)
48846 {
48847 /* easy option one - intel vendor ID means Integrated */
48848 if (pdev->vendor == PCI_VENDOR_ID_INTEL)
48849 diff --git a/drivers/gpu/drm/nouveau/nouveau_bios.c b/drivers/gpu/drm/nouveau/nouveau_bios.c
48850 index a1570b1..0e3c08c 100644
48851 --- a/drivers/gpu/drm/nouveau/nouveau_bios.c
48852 +++ b/drivers/gpu/drm/nouveau/nouveau_bios.c
48853 @@ -964,7 +964,7 @@ static int parse_bit_tmds_tbl_entry(struct drm_device *dev, struct nvbios *bios,
48854 struct bit_table {
48855 const char id;
48856 int (* const parse_fn)(struct drm_device *, struct nvbios *, struct bit_entry *);
48857 -};
48858 +} __no_const;
48859
48860 #define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry })
48861
48862 diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c
48863 index c108408..575750a 100644
48864 --- a/drivers/gpu/drm/nouveau/nouveau_connector.c
48865 +++ b/drivers/gpu/drm/nouveau/nouveau_connector.c
48866 @@ -862,7 +862,7 @@ get_tmds_link_bandwidth(struct drm_connector *connector, bool hdmi)
48867 return 112000;
48868 }
48869
48870 -static int
48871 +static enum drm_mode_status
48872 nouveau_connector_mode_valid(struct drm_connector *connector,
48873 struct drm_display_mode *mode)
48874 {
48875 diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c
48876 index 66c1280..580abef 100644
48877 --- a/drivers/gpu/drm/nouveau/nouveau_drm.c
48878 +++ b/drivers/gpu/drm/nouveau/nouveau_drm.c
48879 @@ -80,9 +80,8 @@ MODULE_PARM_DESC(runpm, "disable (0), force enable (1), optimus only default (-1
48880 int nouveau_runtime_pm = -1;
48881 module_param_named(runpm, nouveau_runtime_pm, int, 0400);
48882
48883 -static struct drm_driver driver_stub;
48884 static struct drm_driver driver_pci;
48885 -static struct drm_driver driver_platform;
48886 +static drm_driver_no_const driver_platform __read_only;
48887
48888 static u64
48889 nouveau_pci_name(struct pci_dev *pdev)
48890 @@ -942,7 +941,7 @@ nouveau_driver_fops = {
48891 };
48892
48893 static struct drm_driver
48894 -driver_stub = {
48895 +driver_pci = {
48896 .driver_features =
48897 DRIVER_GEM | DRIVER_MODESET | DRIVER_PRIME | DRIVER_RENDER |
48898 DRIVER_KMS_LEGACY_CONTEXT,
48899 @@ -954,6 +953,8 @@ driver_stub = {
48900 .postclose = nouveau_drm_postclose,
48901 .lastclose = nouveau_vga_lastclose,
48902
48903 + .set_busid = drm_pci_set_busid,
48904 +
48905 #if defined(CONFIG_DEBUG_FS)
48906 .debugfs_init = nouveau_drm_debugfs_init,
48907 .debugfs_cleanup = nouveau_drm_debugfs_cleanup,
48908 @@ -1086,9 +1087,10 @@ err_free:
48909 static int __init
48910 nouveau_drm_init(void)
48911 {
48912 - driver_pci = driver_stub;
48913 - driver_pci.set_busid = drm_pci_set_busid;
48914 - driver_platform = driver_stub;
48915 + pax_open_kernel();
48916 + driver_platform = driver_pci;
48917 + driver_platform.set_busid = NULL;
48918 + pax_close_kernel();
48919
48920 nouveau_display_options();
48921
48922 diff --git a/drivers/gpu/drm/nouveau/nouveau_drv.h b/drivers/gpu/drm/nouveau/nouveau_drv.h
48923 index 822a021..a131e66 100644
48924 --- a/drivers/gpu/drm/nouveau/nouveau_drv.h
48925 +++ b/drivers/gpu/drm/nouveau/nouveau_drv.h
48926 @@ -124,7 +124,6 @@ struct nouveau_drm {
48927 struct drm_global_reference mem_global_ref;
48928 struct ttm_bo_global_ref bo_global_ref;
48929 struct ttm_bo_device bdev;
48930 - atomic_t validate_sequence;
48931 int (*move)(struct nouveau_channel *,
48932 struct ttm_buffer_object *,
48933 struct ttm_mem_reg *, struct ttm_mem_reg *);
48934 diff --git a/drivers/gpu/drm/nouveau/nouveau_ioc32.c b/drivers/gpu/drm/nouveau/nouveau_ioc32.c
48935 index 462679a..88e32a7 100644
48936 --- a/drivers/gpu/drm/nouveau/nouveau_ioc32.c
48937 +++ b/drivers/gpu/drm/nouveau/nouveau_ioc32.c
48938 @@ -50,7 +50,7 @@ long nouveau_compat_ioctl(struct file *filp, unsigned int cmd,
48939 unsigned long arg)
48940 {
48941 unsigned int nr = DRM_IOCTL_NR(cmd);
48942 - drm_ioctl_compat_t *fn = NULL;
48943 + drm_ioctl_compat_t fn = NULL;
48944 int ret;
48945
48946 if (nr < DRM_COMMAND_BASE)
48947 diff --git a/drivers/gpu/drm/nouveau/nouveau_ttm.c b/drivers/gpu/drm/nouveau/nouveau_ttm.c
48948 index 1825dbc..c1ec287 100644
48949 --- a/drivers/gpu/drm/nouveau/nouveau_ttm.c
48950 +++ b/drivers/gpu/drm/nouveau/nouveau_ttm.c
48951 @@ -107,10 +107,10 @@ nouveau_vram_manager_new(struct ttm_mem_type_manager *man,
48952 }
48953
48954 const struct ttm_mem_type_manager_func nouveau_vram_manager = {
48955 - nouveau_vram_manager_init,
48956 - nouveau_vram_manager_fini,
48957 - nouveau_vram_manager_new,
48958 - nouveau_vram_manager_del,
48959 + .init = nouveau_vram_manager_init,
48960 + .takedown = nouveau_vram_manager_fini,
48961 + .get_node = nouveau_vram_manager_new,
48962 + .put_node = nouveau_vram_manager_del,
48963 };
48964
48965 static int
48966 @@ -184,11 +184,11 @@ nouveau_gart_manager_debug(struct ttm_mem_type_manager *man, const char *prefix)
48967 }
48968
48969 const struct ttm_mem_type_manager_func nouveau_gart_manager = {
48970 - nouveau_gart_manager_init,
48971 - nouveau_gart_manager_fini,
48972 - nouveau_gart_manager_new,
48973 - nouveau_gart_manager_del,
48974 - nouveau_gart_manager_debug
48975 + .init = nouveau_gart_manager_init,
48976 + .takedown = nouveau_gart_manager_fini,
48977 + .get_node = nouveau_gart_manager_new,
48978 + .put_node = nouveau_gart_manager_del,
48979 + .debug = nouveau_gart_manager_debug
48980 };
48981
48982 /*XXX*/
48983 @@ -257,11 +257,11 @@ nv04_gart_manager_debug(struct ttm_mem_type_manager *man, const char *prefix)
48984 }
48985
48986 const struct ttm_mem_type_manager_func nv04_gart_manager = {
48987 - nv04_gart_manager_init,
48988 - nv04_gart_manager_fini,
48989 - nv04_gart_manager_new,
48990 - nv04_gart_manager_del,
48991 - nv04_gart_manager_debug
48992 + .init = nv04_gart_manager_init,
48993 + .takedown = nv04_gart_manager_fini,
48994 + .get_node = nv04_gart_manager_new,
48995 + .put_node = nv04_gart_manager_del,
48996 + .debug = nv04_gart_manager_debug
48997 };
48998
48999 int
49000 diff --git a/drivers/gpu/drm/nouveau/nouveau_vga.c b/drivers/gpu/drm/nouveau/nouveau_vga.c
49001 index c6a180a..c5c7855 100644
49002 --- a/drivers/gpu/drm/nouveau/nouveau_vga.c
49003 +++ b/drivers/gpu/drm/nouveau/nouveau_vga.c
49004 @@ -73,7 +73,7 @@ nouveau_switcheroo_can_switch(struct pci_dev *pdev)
49005 * locking inversion with the driver load path. And the access here is
49006 * completely racy anyway. So don't bother with locking for now.
49007 */
49008 - return dev->open_count == 0;
49009 + return local_read(&dev->open_count) == 0;
49010 }
49011
49012 static const struct vga_switcheroo_client_ops
49013 diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c
49014 index b2557e8..2d4f9f4 100644
49015 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c
49016 +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c
49017 @@ -151,11 +151,16 @@ shadow_fw_init(struct nvkm_bios *bios, const char *name)
49018 return (void *)fw;
49019 }
49020
49021 +static void shadow_fw_fini(void *fw)
49022 +{
49023 + release_firmware(fw);
49024 +}
49025 +
49026 static const struct nvbios_source
49027 shadow_fw = {
49028 .name = "firmware",
49029 .init = shadow_fw_init,
49030 - .fini = (void(*)(void *))release_firmware,
49031 + .fini = shadow_fw_fini,
49032 .read = shadow_fw_read,
49033 .rw = false,
49034 };
49035 diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadowpci.c b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadowpci.c
49036 index 9b91da0..b3fa90d 100644
49037 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadowpci.c
49038 +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadowpci.c
49039 @@ -111,11 +111,16 @@ platform_init(struct nvkm_bios *bios, const char *name)
49040 return ERR_PTR(ret);
49041 }
49042
49043 +static void platform_fini(void *data)
49044 +{
49045 + kfree(data);
49046 +}
49047 +
49048 const struct nvbios_source
49049 nvbios_platform = {
49050 .name = "PLATFORM",
49051 .init = platform_init,
49052 - .fini = (void(*)(void *))kfree,
49053 + .fini = platform_fini,
49054 .read = pcirom_read,
49055 .rw = true,
49056 };
49057 diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/secboot/priv.h b/drivers/gpu/drm/nouveau/nvkm/subdev/secboot/priv.h
49058 index a9a8a0e..2ad6d62 100644
49059 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/secboot/priv.h
49060 +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/secboot/priv.h
49061 @@ -226,8 +226,8 @@ struct gm200_secboot_func {
49062
49063 int gm200_secboot_init(struct nvkm_secboot *);
49064 void *gm200_secboot_dtor(struct nvkm_secboot *);
49065 -int gm200_secboot_reset(struct nvkm_secboot *, u32);
49066 -int gm200_secboot_start(struct nvkm_secboot *, u32);
49067 +int gm200_secboot_reset(struct nvkm_secboot *, enum nvkm_secboot_falcon);
49068 +int gm200_secboot_start(struct nvkm_secboot *, enum nvkm_secboot_falcon);
49069
49070 int gm20x_secboot_prepare_blobs(struct gm200_secboot *);
49071
49072 diff --git a/drivers/gpu/drm/omapdrm/dss/display.c b/drivers/gpu/drm/omapdrm/dss/display.c
49073 index 8dcdd7c..0e37527 100644
49074 --- a/drivers/gpu/drm/omapdrm/dss/display.c
49075 +++ b/drivers/gpu/drm/omapdrm/dss/display.c
49076 @@ -112,12 +112,14 @@ int omapdss_register_display(struct omap_dss_device *dssdev)
49077 if (dssdev->name == NULL)
49078 dssdev->name = dssdev->alias;
49079
49080 + pax_open_kernel();
49081 if (drv && drv->get_resolution == NULL)
49082 - drv->get_resolution = omapdss_default_get_resolution;
49083 + const_cast(drv->get_resolution) = omapdss_default_get_resolution;
49084 if (drv && drv->get_recommended_bpp == NULL)
49085 - drv->get_recommended_bpp = omapdss_default_get_recommended_bpp;
49086 + const_cast(drv->get_recommended_bpp) = omapdss_default_get_recommended_bpp;
49087 if (drv && drv->get_timings == NULL)
49088 - drv->get_timings = omapdss_default_get_timings;
49089 + const_cast(drv->get_timings) = omapdss_default_get_timings;
49090 + pax_close_kernel();
49091
49092 mutex_lock(&panel_list_mutex);
49093 list_add_tail(&dssdev->panel_list, &panel_list);
49094 diff --git a/drivers/gpu/drm/omapdrm/omap_connector.c b/drivers/gpu/drm/omapdrm/omap_connector.c
49095 index 137fe69..bbfc18c 100644
49096 --- a/drivers/gpu/drm/omapdrm/omap_connector.c
49097 +++ b/drivers/gpu/drm/omapdrm/omap_connector.c
49098 @@ -201,7 +201,7 @@ static int omap_connector_get_modes(struct drm_connector *connector)
49099 return n;
49100 }
49101
49102 -static int omap_connector_mode_valid(struct drm_connector *connector,
49103 +static enum drm_mode_status omap_connector_mode_valid(struct drm_connector *connector,
49104 struct drm_display_mode *mode)
49105 {
49106 struct omap_connector *omap_connector = to_omap_connector(connector);
49107 diff --git a/drivers/gpu/drm/qxl/qxl_cmd.c b/drivers/gpu/drm/qxl/qxl_cmd.c
49108 index 04270f5..7688e90 100644
49109 --- a/drivers/gpu/drm/qxl/qxl_cmd.c
49110 +++ b/drivers/gpu/drm/qxl/qxl_cmd.c
49111 @@ -285,27 +285,27 @@ static int wait_for_io_cmd_user(struct qxl_device *qdev, uint8_t val, long port,
49112 int ret;
49113
49114 mutex_lock(&qdev->async_io_mutex);
49115 - irq_num = atomic_read(&qdev->irq_received_io_cmd);
49116 + irq_num = atomic_read_unchecked(&qdev->irq_received_io_cmd);
49117 if (qdev->last_sent_io_cmd > irq_num) {
49118 if (intr)
49119 ret = wait_event_interruptible_timeout(qdev->io_cmd_event,
49120 - atomic_read(&qdev->irq_received_io_cmd) > irq_num, 5*HZ);
49121 + atomic_read_unchecked(&qdev->irq_received_io_cmd) > irq_num, 5*HZ);
49122 else
49123 ret = wait_event_timeout(qdev->io_cmd_event,
49124 - atomic_read(&qdev->irq_received_io_cmd) > irq_num, 5*HZ);
49125 + atomic_read_unchecked(&qdev->irq_received_io_cmd) > irq_num, 5*HZ);
49126 /* 0 is timeout, just bail the "hw" has gone away */
49127 if (ret <= 0)
49128 goto out;
49129 - irq_num = atomic_read(&qdev->irq_received_io_cmd);
49130 + irq_num = atomic_read_unchecked(&qdev->irq_received_io_cmd);
49131 }
49132 outb(val, addr);
49133 qdev->last_sent_io_cmd = irq_num + 1;
49134 if (intr)
49135 ret = wait_event_interruptible_timeout(qdev->io_cmd_event,
49136 - atomic_read(&qdev->irq_received_io_cmd) > irq_num, 5*HZ);
49137 + atomic_read_unchecked(&qdev->irq_received_io_cmd) > irq_num, 5*HZ);
49138 else
49139 ret = wait_event_timeout(qdev->io_cmd_event,
49140 - atomic_read(&qdev->irq_received_io_cmd) > irq_num, 5*HZ);
49141 + atomic_read_unchecked(&qdev->irq_received_io_cmd) > irq_num, 5*HZ);
49142 out:
49143 if (ret > 0)
49144 ret = 0;
49145 diff --git a/drivers/gpu/drm/qxl/qxl_debugfs.c b/drivers/gpu/drm/qxl/qxl_debugfs.c
49146 index 6911b8c..89d6867 100644
49147 --- a/drivers/gpu/drm/qxl/qxl_debugfs.c
49148 +++ b/drivers/gpu/drm/qxl/qxl_debugfs.c
49149 @@ -42,10 +42,10 @@ qxl_debugfs_irq_received(struct seq_file *m, void *data)
49150 struct drm_info_node *node = (struct drm_info_node *) m->private;
49151 struct qxl_device *qdev = node->minor->dev->dev_private;
49152
49153 - seq_printf(m, "%d\n", atomic_read(&qdev->irq_received));
49154 - seq_printf(m, "%d\n", atomic_read(&qdev->irq_received_display));
49155 - seq_printf(m, "%d\n", atomic_read(&qdev->irq_received_cursor));
49156 - seq_printf(m, "%d\n", atomic_read(&qdev->irq_received_io_cmd));
49157 + seq_printf(m, "%d\n", atomic_read_unchecked(&qdev->irq_received));
49158 + seq_printf(m, "%d\n", atomic_read_unchecked(&qdev->irq_received_display));
49159 + seq_printf(m, "%d\n", atomic_read_unchecked(&qdev->irq_received_cursor));
49160 + seq_printf(m, "%d\n", atomic_read_unchecked(&qdev->irq_received_io_cmd));
49161 seq_printf(m, "%d\n", qdev->irq_received_error);
49162 return 0;
49163 }
49164 diff --git a/drivers/gpu/drm/qxl/qxl_display.c b/drivers/gpu/drm/qxl/qxl_display.c
49165 index 3aef127..9ea7666 100644
49166 --- a/drivers/gpu/drm/qxl/qxl_display.c
49167 +++ b/drivers/gpu/drm/qxl/qxl_display.c
49168 @@ -826,7 +826,7 @@ static int qxl_conn_get_modes(struct drm_connector *connector)
49169 return ret;
49170 }
49171
49172 -static int qxl_conn_mode_valid(struct drm_connector *connector,
49173 +static enum drm_mode_status qxl_conn_mode_valid(struct drm_connector *connector,
49174 struct drm_display_mode *mode)
49175 {
49176 struct drm_device *ddev = connector->dev;
49177 diff --git a/drivers/gpu/drm/qxl/qxl_drv.c b/drivers/gpu/drm/qxl/qxl_drv.c
49178 index 460bbce..abeb896 100644
49179 --- a/drivers/gpu/drm/qxl/qxl_drv.c
49180 +++ b/drivers/gpu/drm/qxl/qxl_drv.c
49181 @@ -37,7 +37,7 @@
49182 #include "qxl_drv.h"
49183 #include "qxl_object.h"
49184
49185 -extern int qxl_max_ioctls;
49186 +extern const int qxl_max_ioctls;
49187 static const struct pci_device_id pciidlist[] = {
49188 { 0x1b36, 0x100, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8,
49189 0xffff00, 0 },
49190 @@ -277,7 +277,11 @@ static int __init qxl_init(void)
49191
49192 if (qxl_modeset == 0)
49193 return -EINVAL;
49194 - qxl_driver.num_ioctls = qxl_max_ioctls;
49195 +
49196 + pax_open_kernel();
49197 + const_cast(qxl_driver.num_ioctls) = qxl_max_ioctls;
49198 + pax_close_kernel();
49199 +
49200 return drm_pci_init(&qxl_driver, &qxl_pci_driver);
49201 }
49202
49203 diff --git a/drivers/gpu/drm/qxl/qxl_drv.h b/drivers/gpu/drm/qxl/qxl_drv.h
49204 index 8e633ca..64debeb 100644
49205 --- a/drivers/gpu/drm/qxl/qxl_drv.h
49206 +++ b/drivers/gpu/drm/qxl/qxl_drv.h
49207 @@ -292,10 +292,10 @@ struct qxl_device {
49208 unsigned int last_sent_io_cmd;
49209
49210 /* interrupt handling */
49211 - atomic_t irq_received;
49212 - atomic_t irq_received_display;
49213 - atomic_t irq_received_cursor;
49214 - atomic_t irq_received_io_cmd;
49215 + atomic_unchecked_t irq_received;
49216 + atomic_unchecked_t irq_received_display;
49217 + atomic_unchecked_t irq_received_cursor;
49218 + atomic_unchecked_t irq_received_io_cmd;
49219 unsigned irq_received_error;
49220 wait_queue_head_t display_event;
49221 wait_queue_head_t cursor_event;
49222 diff --git a/drivers/gpu/drm/qxl/qxl_ioctl.c b/drivers/gpu/drm/qxl/qxl_ioctl.c
49223 index 5a4c8c4..faf4c73 100644
49224 --- a/drivers/gpu/drm/qxl/qxl_ioctl.c
49225 +++ b/drivers/gpu/drm/qxl/qxl_ioctl.c
49226 @@ -183,7 +183,7 @@ static int qxl_process_single_command(struct qxl_device *qdev,
49227
49228 /* TODO copy slow path code from i915 */
49229 fb_cmd = qxl_bo_kmap_atomic_page(qdev, cmd_bo, (release->release_offset & PAGE_SIZE));
49230 - unwritten = __copy_from_user_inatomic_nocache(fb_cmd + sizeof(union qxl_release_info) + (release->release_offset & ~PAGE_SIZE), (void *)(unsigned long)cmd->command, cmd->command_size);
49231 + unwritten = __copy_from_user_inatomic_nocache(fb_cmd + sizeof(union qxl_release_info) + (release->release_offset & ~PAGE_SIZE), (void __force_user *)(unsigned long)cmd->command, cmd->command_size);
49232
49233 {
49234 struct qxl_drawable *draw = fb_cmd;
49235 @@ -203,7 +203,7 @@ static int qxl_process_single_command(struct qxl_device *qdev,
49236 struct drm_qxl_reloc reloc;
49237
49238 if (copy_from_user(&reloc,
49239 - &((struct drm_qxl_reloc *)(uintptr_t)cmd->relocs)[i],
49240 + &((struct drm_qxl_reloc __force_user *)(uintptr_t)cmd->relocs)[i],
49241 sizeof(reloc))) {
49242 ret = -EFAULT;
49243 goto out_free_bos;
49244 @@ -282,10 +282,10 @@ static int qxl_execbuffer_ioctl(struct drm_device *dev, void *data,
49245
49246 for (cmd_num = 0; cmd_num < execbuffer->commands_num; ++cmd_num) {
49247
49248 - struct drm_qxl_command *commands =
49249 - (struct drm_qxl_command *)(uintptr_t)execbuffer->commands;
49250 + struct drm_qxl_command __user *commands =
49251 + (struct drm_qxl_command __user *)(uintptr_t)execbuffer->commands;
49252
49253 - if (copy_from_user(&user_cmd, &commands[cmd_num],
49254 + if (copy_from_user(&user_cmd, (struct drm_qxl_command __force_user *)&commands[cmd_num],
49255 sizeof(user_cmd)))
49256 return -EFAULT;
49257
49258 @@ -439,4 +439,4 @@ const struct drm_ioctl_desc qxl_ioctls[] = {
49259 DRM_AUTH),
49260 };
49261
49262 -int qxl_max_ioctls = ARRAY_SIZE(qxl_ioctls);
49263 +const int qxl_max_ioctls = ARRAY_SIZE(qxl_ioctls);
49264 diff --git a/drivers/gpu/drm/qxl/qxl_irq.c b/drivers/gpu/drm/qxl/qxl_irq.c
49265 index 0bf1e20..42a7310 100644
49266 --- a/drivers/gpu/drm/qxl/qxl_irq.c
49267 +++ b/drivers/gpu/drm/qxl/qxl_irq.c
49268 @@ -36,19 +36,19 @@ irqreturn_t qxl_irq_handler(int irq, void *arg)
49269 if (!pending)
49270 return IRQ_NONE;
49271
49272 - atomic_inc(&qdev->irq_received);
49273 + atomic_inc_unchecked(&qdev->irq_received);
49274
49275 if (pending & QXL_INTERRUPT_DISPLAY) {
49276 - atomic_inc(&qdev->irq_received_display);
49277 + atomic_inc_unchecked(&qdev->irq_received_display);
49278 wake_up_all(&qdev->display_event);
49279 qxl_queue_garbage_collect(qdev, false);
49280 }
49281 if (pending & QXL_INTERRUPT_CURSOR) {
49282 - atomic_inc(&qdev->irq_received_cursor);
49283 + atomic_inc_unchecked(&qdev->irq_received_cursor);
49284 wake_up_all(&qdev->cursor_event);
49285 }
49286 if (pending & QXL_INTERRUPT_IO_CMD) {
49287 - atomic_inc(&qdev->irq_received_io_cmd);
49288 + atomic_inc_unchecked(&qdev->irq_received_io_cmd);
49289 wake_up_all(&qdev->io_cmd_event);
49290 }
49291 if (pending & QXL_INTERRUPT_ERROR) {
49292 @@ -85,10 +85,10 @@ int qxl_irq_init(struct qxl_device *qdev)
49293 init_waitqueue_head(&qdev->io_cmd_event);
49294 INIT_WORK(&qdev->client_monitors_config_work,
49295 qxl_client_monitors_config_work_func);
49296 - atomic_set(&qdev->irq_received, 0);
49297 - atomic_set(&qdev->irq_received_display, 0);
49298 - atomic_set(&qdev->irq_received_cursor, 0);
49299 - atomic_set(&qdev->irq_received_io_cmd, 0);
49300 + atomic_set_unchecked(&qdev->irq_received, 0);
49301 + atomic_set_unchecked(&qdev->irq_received_display, 0);
49302 + atomic_set_unchecked(&qdev->irq_received_cursor, 0);
49303 + atomic_set_unchecked(&qdev->irq_received_io_cmd, 0);
49304 qdev->irq_received_error = 0;
49305 ret = drm_irq_install(qdev->ddev, qdev->ddev->pdev->irq);
49306 qdev->ram_header->int_mask = QXL_INTERRUPT_MASK;
49307 diff --git a/drivers/gpu/drm/qxl/qxl_ttm.c b/drivers/gpu/drm/qxl/qxl_ttm.c
49308 index d50c967..f96d908 100644
49309 --- a/drivers/gpu/drm/qxl/qxl_ttm.c
49310 +++ b/drivers/gpu/drm/qxl/qxl_ttm.c
49311 @@ -103,7 +103,7 @@ static void qxl_ttm_global_fini(struct qxl_device *qdev)
49312 }
49313 }
49314
49315 -static struct vm_operations_struct qxl_ttm_vm_ops;
49316 +static vm_operations_struct_no_const qxl_ttm_vm_ops __read_only;
49317 static const struct vm_operations_struct *ttm_vm_ops;
49318
49319 static int qxl_ttm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
49320 @@ -145,8 +145,10 @@ int qxl_mmap(struct file *filp, struct vm_area_struct *vma)
49321 return r;
49322 if (unlikely(ttm_vm_ops == NULL)) {
49323 ttm_vm_ops = vma->vm_ops;
49324 + pax_open_kernel();
49325 qxl_ttm_vm_ops = *ttm_vm_ops;
49326 qxl_ttm_vm_ops.fault = &qxl_ttm_fault;
49327 + pax_close_kernel();
49328 }
49329 vma->vm_ops = &qxl_ttm_vm_ops;
49330 return 0;
49331 @@ -474,25 +476,23 @@ static int qxl_mm_dump_table(struct seq_file *m, void *data)
49332 static int qxl_ttm_debugfs_init(struct qxl_device *qdev)
49333 {
49334 #if defined(CONFIG_DEBUG_FS)
49335 - static struct drm_info_list qxl_mem_types_list[QXL_DEBUGFS_MEM_TYPES];
49336 - static char qxl_mem_types_names[QXL_DEBUGFS_MEM_TYPES][32];
49337 - unsigned i;
49338 + static struct drm_info_list qxl_mem_types_list[QXL_DEBUGFS_MEM_TYPES] = {
49339 + {
49340 + .name = "qxl_mem_mm",
49341 + .show = &qxl_mm_dump_table,
49342 + },
49343 + {
49344 + .name = "qxl_surf_mm",
49345 + .show = &qxl_mm_dump_table,
49346 + }
49347 + };
49348
49349 - for (i = 0; i < QXL_DEBUGFS_MEM_TYPES; i++) {
49350 - if (i == 0)
49351 - sprintf(qxl_mem_types_names[i], "qxl_mem_mm");
49352 - else
49353 - sprintf(qxl_mem_types_names[i], "qxl_surf_mm");
49354 - qxl_mem_types_list[i].name = qxl_mem_types_names[i];
49355 - qxl_mem_types_list[i].show = &qxl_mm_dump_table;
49356 - qxl_mem_types_list[i].driver_features = 0;
49357 - if (i == 0)
49358 - qxl_mem_types_list[i].data = qdev->mman.bdev.man[TTM_PL_VRAM].priv;
49359 - else
49360 - qxl_mem_types_list[i].data = qdev->mman.bdev.man[TTM_PL_PRIV0].priv;
49361 + pax_open_kernel();
49362 + const_cast(qxl_mem_types_list[0].data) = qdev->mman.bdev.man[TTM_PL_VRAM].priv;
49363 + const_cast(qxl_mem_types_list[1].data) = qdev->mman.bdev.man[TTM_PL_PRIV0].priv;
49364 + pax_close_kernel();
49365
49366 - }
49367 - return qxl_debugfs_add_files(qdev, qxl_mem_types_list, i);
49368 + return qxl_debugfs_add_files(qdev, qxl_mem_types_list, QXL_DEBUGFS_MEM_TYPES);
49369 #else
49370 return 0;
49371 #endif
49372 diff --git a/drivers/gpu/drm/r128/r128_cce.c b/drivers/gpu/drm/r128/r128_cce.c
49373 index 14fd83b5f..b2acbd19 100644
49374 --- a/drivers/gpu/drm/r128/r128_cce.c
49375 +++ b/drivers/gpu/drm/r128/r128_cce.c
49376 @@ -377,7 +377,7 @@ static int r128_do_init_cce(struct drm_device *dev, drm_r128_init_t *init)
49377
49378 /* GH: Simple idle check.
49379 */
49380 - atomic_set(&dev_priv->idle_count, 0);
49381 + atomic_set_unchecked(&dev_priv->idle_count, 0);
49382
49383 /* We don't support anything other than bus-mastering ring mode,
49384 * but the ring can be in either AGP or PCI space for the ring
49385 diff --git a/drivers/gpu/drm/r128/r128_drv.c b/drivers/gpu/drm/r128/r128_drv.c
49386 index c57b4de..1a875fb 100644
49387 --- a/drivers/gpu/drm/r128/r128_drv.c
49388 +++ b/drivers/gpu/drm/r128/r128_drv.c
49389 @@ -94,7 +94,9 @@ static struct pci_driver r128_pci_driver = {
49390
49391 static int __init r128_init(void)
49392 {
49393 - driver.num_ioctls = r128_max_ioctl;
49394 + pax_open_kernel();
49395 + const_cast(driver.num_ioctls) = r128_max_ioctl;
49396 + pax_close_kernel();
49397
49398 return drm_pci_init(&driver, &r128_pci_driver);
49399 }
49400 diff --git a/drivers/gpu/drm/r128/r128_drv.h b/drivers/gpu/drm/r128/r128_drv.h
49401 index 09143b8..86c8394 100644
49402 --- a/drivers/gpu/drm/r128/r128_drv.h
49403 +++ b/drivers/gpu/drm/r128/r128_drv.h
49404 @@ -93,14 +93,14 @@ typedef struct drm_r128_private {
49405 int is_pci;
49406 unsigned long cce_buffers_offset;
49407
49408 - atomic_t idle_count;
49409 + atomic_unchecked_t idle_count;
49410
49411 int page_flipping;
49412 int current_page;
49413 u32 crtc_offset;
49414 u32 crtc_offset_cntl;
49415
49416 - atomic_t vbl_received;
49417 + atomic_unchecked_t vbl_received;
49418
49419 u32 color_fmt;
49420 unsigned int front_offset;
49421 @@ -135,7 +135,7 @@ typedef struct drm_r128_buf_priv {
49422 } drm_r128_buf_priv_t;
49423
49424 extern const struct drm_ioctl_desc r128_ioctls[];
49425 -extern int r128_max_ioctl;
49426 +extern const int r128_max_ioctl;
49427
49428 /* r128_cce.c */
49429 extern int r128_cce_init(struct drm_device *dev, void *data, struct drm_file *file_priv);
49430 diff --git a/drivers/gpu/drm/r128/r128_ioc32.c b/drivers/gpu/drm/r128/r128_ioc32.c
49431 index 663f38c..ec159a1 100644
49432 --- a/drivers/gpu/drm/r128/r128_ioc32.c
49433 +++ b/drivers/gpu/drm/r128/r128_ioc32.c
49434 @@ -178,7 +178,7 @@ static int compat_r128_getparam(struct file *file, unsigned int cmd,
49435 return drm_ioctl(file, DRM_IOCTL_R128_GETPARAM, (unsigned long)getparam);
49436 }
49437
49438 -drm_ioctl_compat_t *r128_compat_ioctls[] = {
49439 +drm_ioctl_compat_t r128_compat_ioctls[] = {
49440 [DRM_R128_INIT] = compat_r128_init,
49441 [DRM_R128_DEPTH] = compat_r128_depth,
49442 [DRM_R128_STIPPLE] = compat_r128_stipple,
49443 @@ -197,17 +197,13 @@ drm_ioctl_compat_t *r128_compat_ioctls[] = {
49444 long r128_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
49445 {
49446 unsigned int nr = DRM_IOCTL_NR(cmd);
49447 - drm_ioctl_compat_t *fn = NULL;
49448 int ret;
49449
49450 if (nr < DRM_COMMAND_BASE)
49451 return drm_compat_ioctl(filp, cmd, arg);
49452
49453 - if (nr < DRM_COMMAND_BASE + ARRAY_SIZE(r128_compat_ioctls))
49454 - fn = r128_compat_ioctls[nr - DRM_COMMAND_BASE];
49455 -
49456 - if (fn != NULL)
49457 - ret = (*fn) (filp, cmd, arg);
49458 + if (nr < DRM_COMMAND_BASE + ARRAY_SIZE(r128_compat_ioctls) && r128_compat_ioctls[nr - DRM_COMMAND_BASE])
49459 + ret = (*r128_compat_ioctls[nr - DRM_COMMAND_BASE]) (filp, cmd, arg);
49460 else
49461 ret = drm_ioctl(filp, cmd, arg);
49462
49463 diff --git a/drivers/gpu/drm/r128/r128_irq.c b/drivers/gpu/drm/r128/r128_irq.c
49464 index 9730f49..920e9bf 100644
49465 --- a/drivers/gpu/drm/r128/r128_irq.c
49466 +++ b/drivers/gpu/drm/r128/r128_irq.c
49467 @@ -41,7 +41,7 @@ u32 r128_get_vblank_counter(struct drm_device *dev, unsigned int pipe)
49468 if (pipe != 0)
49469 return 0;
49470
49471 - return atomic_read(&dev_priv->vbl_received);
49472 + return atomic_read_unchecked(&dev_priv->vbl_received);
49473 }
49474
49475 irqreturn_t r128_driver_irq_handler(int irq, void *arg)
49476 @@ -55,7 +55,7 @@ irqreturn_t r128_driver_irq_handler(int irq, void *arg)
49477 /* VBLANK interrupt */
49478 if (status & R128_CRTC_VBLANK_INT) {
49479 R128_WRITE(R128_GEN_INT_STATUS, R128_CRTC_VBLANK_INT_AK);
49480 - atomic_inc(&dev_priv->vbl_received);
49481 + atomic_inc_unchecked(&dev_priv->vbl_received);
49482 drm_handle_vblank(dev, 0);
49483 return IRQ_HANDLED;
49484 }
49485 diff --git a/drivers/gpu/drm/r128/r128_state.c b/drivers/gpu/drm/r128/r128_state.c
49486 index 8fd2d9f..4e99166 100644
49487 --- a/drivers/gpu/drm/r128/r128_state.c
49488 +++ b/drivers/gpu/drm/r128/r128_state.c
49489 @@ -320,10 +320,10 @@ static void r128_clear_box(drm_r128_private_t *dev_priv,
49490
49491 static void r128_cce_performance_boxes(drm_r128_private_t *dev_priv)
49492 {
49493 - if (atomic_read(&dev_priv->idle_count) == 0)
49494 + if (atomic_read_unchecked(&dev_priv->idle_count) == 0)
49495 r128_clear_box(dev_priv, 64, 4, 8, 8, 0, 255, 0);
49496 else
49497 - atomic_set(&dev_priv->idle_count, 0);
49498 + atomic_set_unchecked(&dev_priv->idle_count, 0);
49499 }
49500
49501 #endif
49502 @@ -1641,4 +1641,4 @@ const struct drm_ioctl_desc r128_ioctls[] = {
49503 DRM_IOCTL_DEF_DRV(R128_GETPARAM, r128_getparam, DRM_AUTH),
49504 };
49505
49506 -int r128_max_ioctl = ARRAY_SIZE(r128_ioctls);
49507 +const int r128_max_ioctl = ARRAY_SIZE(r128_ioctls);
49508 diff --git a/drivers/gpu/drm/radeon/mkregtable.c b/drivers/gpu/drm/radeon/mkregtable.c
49509 index b928c17..e5d9400 100644
49510 --- a/drivers/gpu/drm/radeon/mkregtable.c
49511 +++ b/drivers/gpu/drm/radeon/mkregtable.c
49512 @@ -624,14 +624,14 @@ static int parser_auth(struct table *t, const char *filename)
49513 regex_t mask_rex;
49514 regmatch_t match[4];
49515 char buf[1024];
49516 - size_t end;
49517 + long end;
49518 int len;
49519 int done = 0;
49520 int r;
49521 unsigned o;
49522 struct offset *offset;
49523 char last_reg_s[10];
49524 - int last_reg;
49525 + unsigned long last_reg;
49526
49527 if (regcomp
49528 (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
49529 diff --git a/drivers/gpu/drm/radeon/radeon_atpx_handler.c b/drivers/gpu/drm/radeon/radeon_atpx_handler.c
49530 index ddef0d4..c4f3351 100644
49531 --- a/drivers/gpu/drm/radeon/radeon_atpx_handler.c
49532 +++ b/drivers/gpu/drm/radeon/radeon_atpx_handler.c
49533 @@ -516,7 +516,7 @@ static int radeon_atpx_init(void)
49534 * look up whether we are the integrated or discrete GPU (all asics).
49535 * Returns the client id.
49536 */
49537 -static int radeon_atpx_get_client_id(struct pci_dev *pdev)
49538 +static enum vga_switcheroo_client_id radeon_atpx_get_client_id(struct pci_dev *pdev)
49539 {
49540 if (radeon_atpx_priv.dhandle == ACPI_HANDLE(&pdev->dev))
49541 return VGA_SWITCHEROO_IGD;
49542 diff --git a/drivers/gpu/drm/radeon/radeon_connectors.c b/drivers/gpu/drm/radeon/radeon_connectors.c
49543 index b79f3b0..a1fd177 100644
49544 --- a/drivers/gpu/drm/radeon/radeon_connectors.c
49545 +++ b/drivers/gpu/drm/radeon/radeon_connectors.c
49546 @@ -857,7 +857,7 @@ static int radeon_lvds_get_modes(struct drm_connector *connector)
49547 return ret;
49548 }
49549
49550 -static int radeon_lvds_mode_valid(struct drm_connector *connector,
49551 +static enum drm_mode_status radeon_lvds_mode_valid(struct drm_connector *connector,
49552 struct drm_display_mode *mode)
49553 {
49554 struct drm_encoder *encoder = radeon_best_single_encoder(connector);
49555 @@ -1000,7 +1000,7 @@ static int radeon_vga_get_modes(struct drm_connector *connector)
49556 return ret;
49557 }
49558
49559 -static int radeon_vga_mode_valid(struct drm_connector *connector,
49560 +static enum drm_mode_status radeon_vga_mode_valid(struct drm_connector *connector,
49561 struct drm_display_mode *mode)
49562 {
49563 struct drm_device *dev = connector->dev;
49564 @@ -1139,7 +1139,7 @@ static int radeon_tv_get_modes(struct drm_connector *connector)
49565 return 1;
49566 }
49567
49568 -static int radeon_tv_mode_valid(struct drm_connector *connector,
49569 +static enum drm_mode_status radeon_tv_mode_valid(struct drm_connector *connector,
49570 struct drm_display_mode *mode)
49571 {
49572 if ((mode->hdisplay > 1024) || (mode->vdisplay > 768))
49573 @@ -1470,7 +1470,7 @@ static void radeon_dvi_force(struct drm_connector *connector)
49574 radeon_connector->use_digital = true;
49575 }
49576
49577 -static int radeon_dvi_mode_valid(struct drm_connector *connector,
49578 +static enum drm_mode_status radeon_dvi_mode_valid(struct drm_connector *connector,
49579 struct drm_display_mode *mode)
49580 {
49581 struct drm_device *dev = connector->dev;
49582 @@ -1767,7 +1767,7 @@ out:
49583 return ret;
49584 }
49585
49586 -static int radeon_dp_mode_valid(struct drm_connector *connector,
49587 +static enum drm_mode_status radeon_dp_mode_valid(struct drm_connector *connector,
49588 struct drm_display_mode *mode)
49589 {
49590 struct drm_device *dev = connector->dev;
49591 diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
49592 index 554ca71..e573a41 100644
49593 --- a/drivers/gpu/drm/radeon/radeon_device.c
49594 +++ b/drivers/gpu/drm/radeon/radeon_device.c
49595 @@ -1276,7 +1276,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
49596 * locking inversion with the driver load path. And the access here is
49597 * completely racy anyway. So don't bother with locking for now.
49598 */
49599 - return dev->open_count == 0;
49600 + return local_read(&dev->open_count) == 0;
49601 }
49602
49603 static const struct vga_switcheroo_client_ops radeon_switcheroo_ops = {
49604 diff --git a/drivers/gpu/drm/radeon/radeon_drv.c b/drivers/gpu/drm/radeon/radeon_drv.c
49605 index c01a7c6..fd62ace 100644
49606 --- a/drivers/gpu/drm/radeon/radeon_drv.c
49607 +++ b/drivers/gpu/drm/radeon/radeon_drv.c
49608 @@ -134,7 +134,7 @@ extern int radeon_get_crtc_scanoutpos(struct drm_device *dev, unsigned int crtc,
49609 const struct drm_display_mode *mode);
49610 extern bool radeon_is_px(struct drm_device *dev);
49611 extern const struct drm_ioctl_desc radeon_ioctls_kms[];
49612 -extern int radeon_max_kms_ioctl;
49613 +extern const int radeon_max_kms_ioctl;
49614 int radeon_mmap(struct file *filp, struct vm_area_struct *vma);
49615 int radeon_mode_dumb_mmap(struct drm_file *filp,
49616 struct drm_device *dev,
49617 @@ -516,7 +516,7 @@ static struct drm_driver kms_driver = {
49618 .driver_features =
49619 DRIVER_USE_AGP |
49620 DRIVER_HAVE_IRQ | DRIVER_IRQ_SHARED | DRIVER_GEM |
49621 - DRIVER_PRIME | DRIVER_RENDER,
49622 + DRIVER_PRIME | DRIVER_RENDER | DRIVER_MODESET,
49623 .load = radeon_driver_load_kms,
49624 .open = radeon_driver_open_kms,
49625 .preclose = radeon_driver_preclose_kms,
49626 @@ -591,8 +591,11 @@ static int __init radeon_init(void)
49627 DRM_INFO("radeon kernel modesetting enabled.\n");
49628 driver = &kms_driver;
49629 pdriver = &radeon_kms_pci_driver;
49630 - driver->driver_features |= DRIVER_MODESET;
49631 - driver->num_ioctls = radeon_max_kms_ioctl;
49632 +
49633 + pax_open_kernel();
49634 + const_cast(driver->num_ioctls) = radeon_max_kms_ioctl;
49635 + pax_close_kernel();
49636 +
49637 radeon_register_atpx_handler();
49638
49639 } else {
49640 diff --git a/drivers/gpu/drm/radeon/radeon_ioc32.c b/drivers/gpu/drm/radeon/radeon_ioc32.c
49641 index 0b98ea1..a3c770f 100644
49642 --- a/drivers/gpu/drm/radeon/radeon_ioc32.c
49643 +++ b/drivers/gpu/drm/radeon/radeon_ioc32.c
49644 @@ -358,7 +358,7 @@ static int compat_radeon_cp_setparam(struct file *file, unsigned int cmd,
49645 request = compat_alloc_user_space(sizeof(*request));
49646 if (!access_ok(VERIFY_WRITE, request, sizeof(*request))
49647 || __put_user(req32.param, &request->param)
49648 - || __put_user((void __user *)(unsigned long)req32.value,
49649 + || __put_user((unsigned long)req32.value,
49650 &request->value))
49651 return -EFAULT;
49652
49653 @@ -368,7 +368,7 @@ static int compat_radeon_cp_setparam(struct file *file, unsigned int cmd,
49654 #define compat_radeon_cp_setparam NULL
49655 #endif /* X86_64 || IA64 */
49656
49657 -static drm_ioctl_compat_t *radeon_compat_ioctls[] = {
49658 +static drm_ioctl_compat_t radeon_compat_ioctls[] = {
49659 [DRM_RADEON_CP_INIT] = compat_radeon_cp_init,
49660 [DRM_RADEON_CLEAR] = compat_radeon_cp_clear,
49661 [DRM_RADEON_STIPPLE] = compat_radeon_cp_stipple,
49662 @@ -393,17 +393,13 @@ static drm_ioctl_compat_t *radeon_compat_ioctls[] = {
49663 long radeon_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
49664 {
49665 unsigned int nr = DRM_IOCTL_NR(cmd);
49666 - drm_ioctl_compat_t *fn = NULL;
49667 int ret;
49668
49669 if (nr < DRM_COMMAND_BASE)
49670 return drm_compat_ioctl(filp, cmd, arg);
49671
49672 - if (nr < DRM_COMMAND_BASE + ARRAY_SIZE(radeon_compat_ioctls))
49673 - fn = radeon_compat_ioctls[nr - DRM_COMMAND_BASE];
49674 -
49675 - if (fn != NULL)
49676 - ret = (*fn) (filp, cmd, arg);
49677 + if (nr < DRM_COMMAND_BASE + ARRAY_SIZE(radeon_compat_ioctls) && radeon_compat_ioctls[nr - DRM_COMMAND_BASE])
49678 + ret = (*radeon_compat_ioctls[nr - DRM_COMMAND_BASE]) (filp, cmd, arg);
49679 else
49680 ret = drm_ioctl(filp, cmd, arg);
49681
49682 diff --git a/drivers/gpu/drm/radeon/radeon_kms.c b/drivers/gpu/drm/radeon/radeon_kms.c
49683 index 835563c..85913cc 100644
49684 --- a/drivers/gpu/drm/radeon/radeon_kms.c
49685 +++ b/drivers/gpu/drm/radeon/radeon_kms.c
49686 @@ -825,7 +825,7 @@ u32 radeon_get_vblank_counter_kms(struct drm_device *dev, unsigned int pipe)
49687 * Enable the interrupt on the requested crtc (all asics).
49688 * Returns 0 on success, -EINVAL on failure.
49689 */
49690 -int radeon_enable_vblank_kms(struct drm_device *dev, int crtc)
49691 +int radeon_enable_vblank_kms(struct drm_device *dev, unsigned int crtc)
49692 {
49693 struct radeon_device *rdev = dev->dev_private;
49694 unsigned long irqflags;
49695 @@ -851,7 +851,7 @@ int radeon_enable_vblank_kms(struct drm_device *dev, int crtc)
49696 *
49697 * Disable the interrupt on the requested crtc (all asics).
49698 */
49699 -void radeon_disable_vblank_kms(struct drm_device *dev, int crtc)
49700 +void radeon_disable_vblank_kms(struct drm_device *dev, unsigned int crtc)
49701 {
49702 struct radeon_device *rdev = dev->dev_private;
49703 unsigned long irqflags;
49704 @@ -880,7 +880,7 @@ void radeon_disable_vblank_kms(struct drm_device *dev, int crtc)
49705 * scanout position. (all asics).
49706 * Returns postive status flags on success, negative error on failure.
49707 */
49708 -int radeon_get_vblank_timestamp_kms(struct drm_device *dev, int crtc,
49709 +int radeon_get_vblank_timestamp_kms(struct drm_device *dev, unsigned int crtc,
49710 int *max_error,
49711 struct timeval *vblank_time,
49712 unsigned flags)
49713 @@ -949,4 +949,4 @@ const struct drm_ioctl_desc radeon_ioctls_kms[] = {
49714 DRM_IOCTL_DEF_DRV(RADEON_GEM_OP, radeon_gem_op_ioctl, DRM_AUTH|DRM_RENDER_ALLOW),
49715 DRM_IOCTL_DEF_DRV(RADEON_GEM_USERPTR, radeon_gem_userptr_ioctl, DRM_AUTH|DRM_RENDER_ALLOW),
49716 };
49717 -int radeon_max_kms_ioctl = ARRAY_SIZE(radeon_ioctls_kms);
49718 +const int radeon_max_kms_ioctl = ARRAY_SIZE(radeon_ioctls_kms);
49719 diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c
49720 index c2e0a1c..6270bca 100644
49721 --- a/drivers/gpu/drm/radeon/radeon_ttm.c
49722 +++ b/drivers/gpu/drm/radeon/radeon_ttm.c
49723 @@ -974,7 +974,7 @@ void radeon_ttm_set_active_vram_size(struct radeon_device *rdev, u64 size)
49724 man->size = size >> PAGE_SHIFT;
49725 }
49726
49727 -static struct vm_operations_struct radeon_ttm_vm_ops;
49728 +static vm_operations_struct_no_const radeon_ttm_vm_ops __read_only;
49729 static const struct vm_operations_struct *ttm_vm_ops = NULL;
49730
49731 static int radeon_ttm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
49732 @@ -1015,8 +1015,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma)
49733 }
49734 if (unlikely(ttm_vm_ops == NULL)) {
49735 ttm_vm_ops = vma->vm_ops;
49736 + pax_open_kernel();
49737 radeon_ttm_vm_ops = *ttm_vm_ops;
49738 radeon_ttm_vm_ops.fault = &radeon_ttm_fault;
49739 + pax_close_kernel();
49740 }
49741 vma->vm_ops = &radeon_ttm_vm_ops;
49742 return 0;
49743 diff --git a/drivers/gpu/drm/savage/savage_bci.c b/drivers/gpu/drm/savage/savage_bci.c
49744 index d47dff9..0752202 100644
49745 --- a/drivers/gpu/drm/savage/savage_bci.c
49746 +++ b/drivers/gpu/drm/savage/savage_bci.c
49747 @@ -1080,4 +1080,4 @@ const struct drm_ioctl_desc savage_ioctls[] = {
49748 DRM_IOCTL_DEF_DRV(SAVAGE_BCI_EVENT_WAIT, savage_bci_event_wait, DRM_AUTH),
49749 };
49750
49751 -int savage_max_ioctl = ARRAY_SIZE(savage_ioctls);
49752 +const int savage_max_ioctl = ARRAY_SIZE(savage_ioctls);
49753 diff --git a/drivers/gpu/drm/savage/savage_drv.c b/drivers/gpu/drm/savage/savage_drv.c
49754 index 21aed1f..85d23a0 100644
49755 --- a/drivers/gpu/drm/savage/savage_drv.c
49756 +++ b/drivers/gpu/drm/savage/savage_drv.c
49757 @@ -76,7 +76,10 @@ static struct pci_driver savage_pci_driver = {
49758
49759 static int __init savage_init(void)
49760 {
49761 - driver.num_ioctls = savage_max_ioctl;
49762 + pax_open_kernel();
49763 + const_cast(driver.num_ioctls) = savage_max_ioctl;
49764 + pax_close_kernel();
49765 +
49766 return drm_pci_init(&driver, &savage_pci_driver);
49767 }
49768
49769 diff --git a/drivers/gpu/drm/savage/savage_drv.h b/drivers/gpu/drm/savage/savage_drv.h
49770 index 37b6995..9b31aaf 100644
49771 --- a/drivers/gpu/drm/savage/savage_drv.h
49772 +++ b/drivers/gpu/drm/savage/savage_drv.h
49773 @@ -107,7 +107,7 @@ enum savage_family {
49774 };
49775
49776 extern const struct drm_ioctl_desc savage_ioctls[];
49777 -extern int savage_max_ioctl;
49778 +extern const int savage_max_ioctl;
49779
49780 #define S3_SAVAGE3D_SERIES(chip) ((chip>=S3_SAVAGE3D) && (chip<=S3_SAVAGE_MX))
49781
49782 diff --git a/drivers/gpu/drm/sis/sis_drv.c b/drivers/gpu/drm/sis/sis_drv.c
49783 index 79bce76..6c02219 100644
49784 --- a/drivers/gpu/drm/sis/sis_drv.c
49785 +++ b/drivers/gpu/drm/sis/sis_drv.c
49786 @@ -128,7 +128,10 @@ static struct pci_driver sis_pci_driver = {
49787
49788 static int __init sis_init(void)
49789 {
49790 - driver.num_ioctls = sis_max_ioctl;
49791 + pax_open_kernel();
49792 + const_cast(driver.num_ioctls) = sis_max_ioctl;
49793 + pax_close_kernel();
49794 +
49795 return drm_pci_init(&driver, &sis_pci_driver);
49796 }
49797
49798 diff --git a/drivers/gpu/drm/sis/sis_drv.h b/drivers/gpu/drm/sis/sis_drv.h
49799 index 328f8a7..0cfcf55 100644
49800 --- a/drivers/gpu/drm/sis/sis_drv.h
49801 +++ b/drivers/gpu/drm/sis/sis_drv.h
49802 @@ -77,6 +77,6 @@ extern void sis_reclaim_buffers_locked(struct drm_device *dev,
49803 extern void sis_lastclose(struct drm_device *dev);
49804
49805 extern const struct drm_ioctl_desc sis_ioctls[];
49806 -extern int sis_max_ioctl;
49807 +extern const int sis_max_ioctl;
49808
49809 #endif
49810 diff --git a/drivers/gpu/drm/sis/sis_mm.c b/drivers/gpu/drm/sis/sis_mm.c
49811 index 03defda..6f56b68 100644
49812 --- a/drivers/gpu/drm/sis/sis_mm.c
49813 +++ b/drivers/gpu/drm/sis/sis_mm.c
49814 @@ -359,4 +359,4 @@ const struct drm_ioctl_desc sis_ioctls[] = {
49815 DRM_IOCTL_DEF_DRV(SIS_FB_INIT, sis_fb_init, DRM_AUTH | DRM_MASTER | DRM_ROOT_ONLY),
49816 };
49817
49818 -int sis_max_ioctl = ARRAY_SIZE(sis_ioctls);
49819 +const int sis_max_ioctl = ARRAY_SIZE(sis_ioctls);
49820 diff --git a/drivers/gpu/drm/sti/sti_cursor.c b/drivers/gpu/drm/sti/sti_cursor.c
49821 index 3b53f7f..b0576c2 100644
49822 --- a/drivers/gpu/drm/sti/sti_cursor.c
49823 +++ b/drivers/gpu/drm/sti/sti_cursor.c
49824 @@ -126,7 +126,7 @@ static int cursor_dbg_show(struct seq_file *s, void *data)
49825 return 0;
49826 }
49827
49828 -static struct drm_info_list cursor_debugfs_files[] = {
49829 +static drm_info_list_no_const cursor_debugfs_files[] __read_only = {
49830 { "cursor", cursor_dbg_show, 0, NULL },
49831 };
49832
49833 @@ -135,8 +135,10 @@ static int cursor_debugfs_init(struct sti_cursor *cursor,
49834 {
49835 unsigned int i;
49836
49837 + pax_open_kernel();
49838 for (i = 0; i < ARRAY_SIZE(cursor_debugfs_files); i++)
49839 cursor_debugfs_files[i].data = cursor;
49840 + pax_close_kernel();
49841
49842 return drm_debugfs_create_files(cursor_debugfs_files,
49843 ARRAY_SIZE(cursor_debugfs_files),
49844 diff --git a/drivers/gpu/drm/sti/sti_dvo.c b/drivers/gpu/drm/sti/sti_dvo.c
49845 index 00881eb..3863e51 100644
49846 --- a/drivers/gpu/drm/sti/sti_dvo.c
49847 +++ b/drivers/gpu/drm/sti/sti_dvo.c
49848 @@ -190,7 +190,7 @@ static int dvo_dbg_show(struct seq_file *s, void *data)
49849 return 0;
49850 }
49851
49852 -static struct drm_info_list dvo_debugfs_files[] = {
49853 +static drm_info_list_no_const dvo_debugfs_files[] __read_only = {
49854 { "dvo", dvo_dbg_show, 0, NULL },
49855 };
49856
49857 @@ -205,8 +205,10 @@ static int dvo_debugfs_init(struct sti_dvo *dvo, struct drm_minor *minor)
49858 {
49859 unsigned int i;
49860
49861 + pax_open_kernel();
49862 for (i = 0; i < ARRAY_SIZE(dvo_debugfs_files); i++)
49863 dvo_debugfs_files[i].data = dvo;
49864 + pax_close_kernel();
49865
49866 return drm_debugfs_create_files(dvo_debugfs_files,
49867 ARRAY_SIZE(dvo_debugfs_files),
49868 diff --git a/drivers/gpu/drm/sti/sti_gdp.c b/drivers/gpu/drm/sti/sti_gdp.c
49869 index b8d942c..476893d 100644
49870 --- a/drivers/gpu/drm/sti/sti_gdp.c
49871 +++ b/drivers/gpu/drm/sti/sti_gdp.c
49872 @@ -284,22 +284,22 @@ static int gdp_node_dbg_show(struct seq_file *s, void *arg)
49873 return 0;
49874 }
49875
49876 -static struct drm_info_list gdp0_debugfs_files[] = {
49877 +static drm_info_list_no_const gdp0_debugfs_files[] __read_only = {
49878 { "gdp0", gdp_dbg_show, 0, NULL },
49879 { "gdp0_node", gdp_node_dbg_show, 0, NULL },
49880 };
49881
49882 -static struct drm_info_list gdp1_debugfs_files[] = {
49883 +static drm_info_list_no_const gdp1_debugfs_files[] __read_only = {
49884 { "gdp1", gdp_dbg_show, 0, NULL },
49885 { "gdp1_node", gdp_node_dbg_show, 0, NULL },
49886 };
49887
49888 -static struct drm_info_list gdp2_debugfs_files[] = {
49889 +static drm_info_list_no_const gdp2_debugfs_files[] __read_only = {
49890 { "gdp2", gdp_dbg_show, 0, NULL },
49891 { "gdp2_node", gdp_node_dbg_show, 0, NULL },
49892 };
49893
49894 -static struct drm_info_list gdp3_debugfs_files[] = {
49895 +static drm_info_list_no_const gdp3_debugfs_files[] __read_only = {
49896 { "gdp3", gdp_dbg_show, 0, NULL },
49897 { "gdp3_node", gdp_node_dbg_show, 0, NULL },
49898 };
49899 @@ -307,7 +307,7 @@ static struct drm_info_list gdp3_debugfs_files[] = {
49900 static int gdp_debugfs_init(struct sti_gdp *gdp, struct drm_minor *minor)
49901 {
49902 unsigned int i;
49903 - struct drm_info_list *gdp_debugfs_files;
49904 + drm_info_list_no_const *gdp_debugfs_files;
49905 int nb_files;
49906
49907 switch (gdp->plane.desc) {
49908 @@ -331,8 +331,10 @@ static int gdp_debugfs_init(struct sti_gdp *gdp, struct drm_minor *minor)
49909 return -EINVAL;
49910 }
49911
49912 + pax_open_kernel();
49913 for (i = 0; i < nb_files; i++)
49914 gdp_debugfs_files[i].data = gdp;
49915 + pax_close_kernel();
49916
49917 return drm_debugfs_create_files(gdp_debugfs_files,
49918 nb_files,
49919 diff --git a/drivers/gpu/drm/sti/sti_hda.c b/drivers/gpu/drm/sti/sti_hda.c
49920 index 8505569..aae4422 100644
49921 --- a/drivers/gpu/drm/sti/sti_hda.c
49922 +++ b/drivers/gpu/drm/sti/sti_hda.c
49923 @@ -394,7 +394,7 @@ static int hda_dbg_show(struct seq_file *s, void *data)
49924 return 0;
49925 }
49926
49927 -static struct drm_info_list hda_debugfs_files[] = {
49928 +static drm_info_list_no_const hda_debugfs_files[] __read_only = {
49929 { "hda", hda_dbg_show, 0, NULL },
49930 };
49931
49932 @@ -409,8 +409,10 @@ static int hda_debugfs_init(struct sti_hda *hda, struct drm_minor *minor)
49933 {
49934 unsigned int i;
49935
49936 + pax_open_kernel();
49937 for (i = 0; i < ARRAY_SIZE(hda_debugfs_files); i++)
49938 hda_debugfs_files[i].data = hda;
49939 + pax_close_kernel();
49940
49941 return drm_debugfs_create_files(hda_debugfs_files,
49942 ARRAY_SIZE(hda_debugfs_files),
49943 diff --git a/drivers/gpu/drm/sti/sti_hdmi.c b/drivers/gpu/drm/sti/sti_hdmi.c
49944 index fedc17f..d43c181 100644
49945 --- a/drivers/gpu/drm/sti/sti_hdmi.c
49946 +++ b/drivers/gpu/drm/sti/sti_hdmi.c
49947 @@ -728,7 +728,7 @@ static int hdmi_dbg_show(struct seq_file *s, void *data)
49948 return 0;
49949 }
49950
49951 -static struct drm_info_list hdmi_debugfs_files[] = {
49952 +static drm_info_list_no_const hdmi_debugfs_files[] __read_only = {
49953 { "hdmi", hdmi_dbg_show, 0, NULL },
49954 };
49955
49956 @@ -743,8 +743,10 @@ static int hdmi_debugfs_init(struct sti_hdmi *hdmi, struct drm_minor *minor)
49957 {
49958 unsigned int i;
49959
49960 + pax_open_kernel();
49961 for (i = 0; i < ARRAY_SIZE(hdmi_debugfs_files); i++)
49962 hdmi_debugfs_files[i].data = hdmi;
49963 + pax_close_kernel();
49964
49965 return drm_debugfs_create_files(hdmi_debugfs_files,
49966 ARRAY_SIZE(hdmi_debugfs_files),
49967 diff --git a/drivers/gpu/drm/sti/sti_hqvdp.c b/drivers/gpu/drm/sti/sti_hqvdp.c
49968 index b5ee783..6d45c45 100644
49969 --- a/drivers/gpu/drm/sti/sti_hqvdp.c
49970 +++ b/drivers/gpu/drm/sti/sti_hqvdp.c
49971 @@ -627,7 +627,7 @@ static int hqvdp_dbg_show(struct seq_file *s, void *data)
49972 return 0;
49973 }
49974
49975 -static struct drm_info_list hqvdp_debugfs_files[] = {
49976 +static drm_info_list_no_const hqvdp_debugfs_files[] __read_only = {
49977 { "hqvdp", hqvdp_dbg_show, 0, NULL },
49978 };
49979
49980 @@ -635,8 +635,10 @@ static int hqvdp_debugfs_init(struct sti_hqvdp *hqvdp, struct drm_minor *minor)
49981 {
49982 unsigned int i;
49983
49984 + pax_open_kernel();
49985 for (i = 0; i < ARRAY_SIZE(hqvdp_debugfs_files); i++)
49986 hqvdp_debugfs_files[i].data = hqvdp;
49987 + pax_close_kernel();
49988
49989 return drm_debugfs_create_files(hqvdp_debugfs_files,
49990 ARRAY_SIZE(hqvdp_debugfs_files),
49991 diff --git a/drivers/gpu/drm/sti/sti_mixer.c b/drivers/gpu/drm/sti/sti_mixer.c
49992 index 7d9aea8..e0542f6 100644
49993 --- a/drivers/gpu/drm/sti/sti_mixer.c
49994 +++ b/drivers/gpu/drm/sti/sti_mixer.c
49995 @@ -173,18 +173,18 @@ static int mixer_dbg_show(struct seq_file *s, void *arg)
49996 return 0;
49997 }
49998
49999 -static struct drm_info_list mixer0_debugfs_files[] = {
50000 +static drm_info_list_no_const mixer0_debugfs_files[] __read_only = {
50001 { "mixer_main", mixer_dbg_show, 0, NULL },
50002 };
50003
50004 -static struct drm_info_list mixer1_debugfs_files[] = {
50005 +static drm_info_list_no_const mixer1_debugfs_files[] __read_only = {
50006 { "mixer_aux", mixer_dbg_show, 0, NULL },
50007 };
50008
50009 int sti_mixer_debugfs_init(struct sti_mixer *mixer, struct drm_minor *minor)
50010 {
50011 unsigned int i;
50012 - struct drm_info_list *mixer_debugfs_files;
50013 + drm_info_list_no_const *mixer_debugfs_files;
50014 int nb_files;
50015
50016 switch (mixer->id) {
50017 @@ -200,8 +200,10 @@ int sti_mixer_debugfs_init(struct sti_mixer *mixer, struct drm_minor *minor)
50018 return -EINVAL;
50019 }
50020
50021 + pax_open_kernel();
50022 for (i = 0; i < nb_files; i++)
50023 mixer_debugfs_files[i].data = mixer;
50024 + pax_close_kernel();
50025
50026 return drm_debugfs_create_files(mixer_debugfs_files,
50027 nb_files,
50028 diff --git a/drivers/gpu/drm/sti/sti_tvout.c b/drivers/gpu/drm/sti/sti_tvout.c
50029 index e25995b..8f2b12f 100644
50030 --- a/drivers/gpu/drm/sti/sti_tvout.c
50031 +++ b/drivers/gpu/drm/sti/sti_tvout.c
50032 @@ -585,7 +585,7 @@ static int tvout_dbg_show(struct seq_file *s, void *data)
50033 return 0;
50034 }
50035
50036 -static struct drm_info_list tvout_debugfs_files[] = {
50037 +static drm_info_list_no_const tvout_debugfs_files[] __read_only = {
50038 { "tvout", tvout_dbg_show, 0, NULL },
50039 };
50040
50041 @@ -600,8 +600,10 @@ static int tvout_debugfs_init(struct sti_tvout *tvout, struct drm_minor *minor)
50042 {
50043 unsigned int i;
50044
50045 + pax_open_kernel();
50046 for (i = 0; i < ARRAY_SIZE(tvout_debugfs_files); i++)
50047 tvout_debugfs_files[i].data = tvout;
50048 + pax_close_kernel();
50049
50050 return drm_debugfs_create_files(tvout_debugfs_files,
50051 ARRAY_SIZE(tvout_debugfs_files),
50052 diff --git a/drivers/gpu/drm/sti/sti_vid.c b/drivers/gpu/drm/sti/sti_vid.c
50053 index 47634a0..7a9b19f5 100644
50054 --- a/drivers/gpu/drm/sti/sti_vid.c
50055 +++ b/drivers/gpu/drm/sti/sti_vid.c
50056 @@ -119,7 +119,7 @@ static int vid_dbg_show(struct seq_file *s, void *arg)
50057 return 0;
50058 }
50059
50060 -static struct drm_info_list vid_debugfs_files[] = {
50061 +static drm_info_list_no_const vid_debugfs_files[] __read_only = {
50062 { "vid", vid_dbg_show, 0, NULL },
50063 };
50064
50065 @@ -127,8 +127,10 @@ int vid_debugfs_init(struct sti_vid *vid, struct drm_minor *minor)
50066 {
50067 unsigned int i;
50068
50069 + pax_open_kernel();
50070 for (i = 0; i < ARRAY_SIZE(vid_debugfs_files); i++)
50071 vid_debugfs_files[i].data = vid;
50072 + pax_close_kernel();
50073
50074 return drm_debugfs_create_files(vid_debugfs_files,
50075 ARRAY_SIZE(vid_debugfs_files),
50076 diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c
50077 index 8495bd0..21a9725 100644
50078 --- a/drivers/gpu/drm/tegra/dc.c
50079 +++ b/drivers/gpu/drm/tegra/dc.c
50080 @@ -1685,7 +1685,7 @@ static int tegra_dc_debugfs_init(struct tegra_dc *dc, struct drm_minor *minor)
50081 }
50082
50083 for (i = 0; i < ARRAY_SIZE(debugfs_files); i++)
50084 - dc->debugfs_files[i].data = dc;
50085 + const_cast(dc->debugfs_files[i].data) = dc;
50086
50087 err = drm_debugfs_create_files(dc->debugfs_files,
50088 ARRAY_SIZE(debugfs_files),
50089 diff --git a/drivers/gpu/drm/tegra/dsi.c b/drivers/gpu/drm/tegra/dsi.c
50090 index 3dea121..c2b888e 100644
50091 --- a/drivers/gpu/drm/tegra/dsi.c
50092 +++ b/drivers/gpu/drm/tegra/dsi.c
50093 @@ -63,7 +63,7 @@ struct tegra_dsi {
50094 struct clk *clk_lp;
50095 struct clk *clk;
50096
50097 - struct drm_info_list *debugfs_files;
50098 + drm_info_list_no_const *debugfs_files;
50099 struct drm_minor *minor;
50100 struct dentry *debugfs;
50101
50102 diff --git a/drivers/gpu/drm/tegra/hdmi.c b/drivers/gpu/drm/tegra/hdmi.c
50103 index cda0491..869916e 100644
50104 --- a/drivers/gpu/drm/tegra/hdmi.c
50105 +++ b/drivers/gpu/drm/tegra/hdmi.c
50106 @@ -74,7 +74,7 @@ struct tegra_hdmi {
50107 bool stereo;
50108 bool dvi;
50109
50110 - struct drm_info_list *debugfs_files;
50111 + drm_info_list_no_const *debugfs_files;
50112 struct drm_minor *minor;
50113 struct dentry *debugfs;
50114 };
50115 diff --git a/drivers/gpu/drm/tegra/sor.c b/drivers/gpu/drm/tegra/sor.c
50116 index 74d0540..f5277db 100644
50117 --- a/drivers/gpu/drm/tegra/sor.c
50118 +++ b/drivers/gpu/drm/tegra/sor.c
50119 @@ -1263,8 +1263,11 @@ static int tegra_sor_debugfs_init(struct tegra_sor *sor,
50120 goto remove;
50121 }
50122
50123 - for (i = 0; i < ARRAY_SIZE(debugfs_files); i++)
50124 - sor->debugfs_files[i].data = sor;
50125 + for (i = 0; i < ARRAY_SIZE(debugfs_files); i++) {
50126 + pax_open_kernel();
50127 + const_cast(sor->debugfs_files[i].data) = sor;
50128 + pax_close_kernel();
50129 + }
50130
50131 err = drm_debugfs_create_files(sor->debugfs_files,
50132 ARRAY_SIZE(debugfs_files),
50133 diff --git a/drivers/gpu/drm/tilcdc/Makefile b/drivers/gpu/drm/tilcdc/Makefile
50134 index deeca48..54e1b6c 100644
50135 --- a/drivers/gpu/drm/tilcdc/Makefile
50136 +++ b/drivers/gpu/drm/tilcdc/Makefile
50137 @@ -1,7 +1,7 @@
50138 ccflags-y := -Iinclude/drm
50139 -ifeq (, $(findstring -W,$(EXTRA_CFLAGS)))
50140 - ccflags-y += -Werror
50141 -endif
50142 +#ifeq (, $(findstring -W,$(EXTRA_CFLAGS)))
50143 +# ccflags-y += -Werror
50144 +#endif
50145
50146 obj-$(CONFIG_DRM_TILCDC_SLAVE_COMPAT) += tilcdc_slave_compat.o \
50147 tilcdc_slave_compat.dtb.o
50148 diff --git a/drivers/gpu/drm/tilcdc/tilcdc_external.c b/drivers/gpu/drm/tilcdc/tilcdc_external.c
50149 index 03acb4f..8d4328e 100644
50150 --- a/drivers/gpu/drm/tilcdc/tilcdc_external.c
50151 +++ b/drivers/gpu/drm/tilcdc/tilcdc_external.c
50152 @@ -27,7 +27,7 @@ static const struct tilcdc_panel_info panel_info_tda998x = {
50153 .raster_order = 0,
50154 };
50155
50156 -static int tilcdc_external_mode_valid(struct drm_connector *connector,
50157 +static enum drm_mode_status tilcdc_external_mode_valid(struct drm_connector *connector,
50158 struct drm_display_mode *mode)
50159 {
50160 struct tilcdc_drm_private *priv = connector->dev->dev_private;
50161 @@ -56,7 +56,7 @@ static int tilcdc_add_external_encoder(struct drm_device *dev, int *bpp,
50162 struct drm_connector *connector)
50163 {
50164 struct tilcdc_drm_private *priv = dev->dev_private;
50165 - struct drm_connector_helper_funcs *connector_funcs;
50166 + drm_connector_helper_funcs_no_const *connector_funcs;
50167
50168 priv->connectors[priv->num_connectors] = connector;
50169 priv->encoders[priv->num_encoders++] = connector->encoder;
50170 diff --git a/drivers/gpu/drm/tilcdc/tilcdc_panel.c b/drivers/gpu/drm/tilcdc/tilcdc_panel.c
50171 index ff7774c..697a5fc 100644
50172 --- a/drivers/gpu/drm/tilcdc/tilcdc_panel.c
50173 +++ b/drivers/gpu/drm/tilcdc/tilcdc_panel.c
50174 @@ -179,7 +179,7 @@ static int panel_connector_get_modes(struct drm_connector *connector)
50175 return i;
50176 }
50177
50178 -static int panel_connector_mode_valid(struct drm_connector *connector,
50179 +static enum drm_mode_status panel_connector_mode_valid(struct drm_connector *connector,
50180 struct drm_display_mode *mode)
50181 {
50182 struct tilcdc_drm_private *priv = connector->dev->dev_private;
50183 diff --git a/drivers/gpu/drm/tilcdc/tilcdc_tfp410.c b/drivers/gpu/drm/tilcdc/tilcdc_tfp410.c
50184 index 6b8c5b3..0899e85 100644
50185 --- a/drivers/gpu/drm/tilcdc/tilcdc_tfp410.c
50186 +++ b/drivers/gpu/drm/tilcdc/tilcdc_tfp410.c
50187 @@ -184,7 +184,7 @@ static int tfp410_connector_get_modes(struct drm_connector *connector)
50188 return ret;
50189 }
50190
50191 -static int tfp410_connector_mode_valid(struct drm_connector *connector,
50192 +static enum drm_mode_status tfp410_connector_mode_valid(struct drm_connector *connector,
50193 struct drm_display_mode *mode)
50194 {
50195 struct tilcdc_drm_private *priv = connector->dev->dev_private;
50196 diff --git a/drivers/gpu/drm/ttm/ttm_bo_manager.c b/drivers/gpu/drm/ttm/ttm_bo_manager.c
50197 index aa0bd054..aea6a01 100644
50198 --- a/drivers/gpu/drm/ttm/ttm_bo_manager.c
50199 +++ b/drivers/gpu/drm/ttm/ttm_bo_manager.c
50200 @@ -148,10 +148,10 @@ static void ttm_bo_man_debug(struct ttm_mem_type_manager *man,
50201 }
50202
50203 const struct ttm_mem_type_manager_func ttm_bo_manager_func = {
50204 - ttm_bo_man_init,
50205 - ttm_bo_man_takedown,
50206 - ttm_bo_man_get_node,
50207 - ttm_bo_man_put_node,
50208 - ttm_bo_man_debug
50209 + .init = ttm_bo_man_init,
50210 + .takedown = ttm_bo_man_takedown,
50211 + .get_node = ttm_bo_man_get_node,
50212 + .put_node = ttm_bo_man_put_node,
50213 + .debug = ttm_bo_man_debug
50214 };
50215 EXPORT_SYMBOL(ttm_bo_manager_func);
50216 diff --git a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c
50217 index a1803fb..c53f6b0 100644
50218 --- a/drivers/gpu/drm/ttm/ttm_memory.c
50219 +++ b/drivers/gpu/drm/ttm/ttm_memory.c
50220 @@ -264,7 +264,7 @@ static int ttm_mem_init_kernel_zone(struct ttm_mem_global *glob,
50221 zone->glob = glob;
50222 glob->zone_kernel = zone;
50223 ret = kobject_init_and_add(
50224 - &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, zone->name);
50225 + &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, "%s", zone->name);
50226 if (unlikely(ret != 0)) {
50227 kobject_put(&zone->kobj);
50228 return ret;
50229 @@ -348,7 +348,7 @@ static int ttm_mem_init_dma32_zone(struct ttm_mem_global *glob,
50230 zone->glob = glob;
50231 glob->zone_dma32 = zone;
50232 ret = kobject_init_and_add(
50233 - &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, zone->name);
50234 + &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, "%s", zone->name);
50235 if (unlikely(ret != 0)) {
50236 kobject_put(&zone->kobj);
50237 return ret;
50238 diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c
50239 index a37de5d..4a0db00 100644
50240 --- a/drivers/gpu/drm/ttm/ttm_page_alloc.c
50241 +++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c
50242 @@ -54,7 +54,7 @@
50243
50244 #define NUM_PAGES_TO_ALLOC (PAGE_SIZE/sizeof(struct page *))
50245 #define SMALL_ALLOCATION 16
50246 -#define FREE_ALL_PAGES (~0U)
50247 +#define FREE_ALL_PAGES (~0UL)
50248 /* times are in msecs */
50249 #define PAGE_FREE_INTERVAL 1000
50250
50251 @@ -299,15 +299,14 @@ static void ttm_pool_update_free_locked(struct ttm_page_pool *pool,
50252 * @free_all: If set to true will free all pages in pool
50253 * @use_static: Safe to use static buffer
50254 **/
50255 -static int ttm_page_pool_free(struct ttm_page_pool *pool, unsigned nr_free,
50256 +static unsigned long ttm_page_pool_free(struct ttm_page_pool *pool, unsigned long nr_free,
50257 bool use_static)
50258 {
50259 static struct page *static_buf[NUM_PAGES_TO_ALLOC];
50260 unsigned long irq_flags;
50261 struct page *p;
50262 struct page **pages_to_free;
50263 - unsigned freed_pages = 0,
50264 - npages_to_free = nr_free;
50265 + unsigned long freed_pages = 0, npages_to_free = nr_free;
50266
50267 if (NUM_PAGES_TO_ALLOC < nr_free)
50268 npages_to_free = NUM_PAGES_TO_ALLOC;
50269 @@ -371,7 +370,8 @@ restart:
50270 __list_del(&p->lru, &pool->list);
50271
50272 ttm_pool_update_free_locked(pool, freed_pages);
50273 - nr_free -= freed_pages;
50274 + if (likely(nr_free != FREE_ALL_PAGES))
50275 + nr_free -= freed_pages;
50276 }
50277
50278 spin_unlock_irqrestore(&pool->lock, irq_flags);
50279 @@ -399,7 +399,7 @@ ttm_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
50280 unsigned i;
50281 unsigned pool_offset;
50282 struct ttm_page_pool *pool;
50283 - int shrink_pages = sc->nr_to_scan;
50284 + unsigned long shrink_pages = sc->nr_to_scan;
50285 unsigned long freed = 0;
50286
50287 if (!mutex_trylock(&lock))
50288 @@ -407,7 +407,7 @@ ttm_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
50289 pool_offset = ++start_pool % NUM_POOLS;
50290 /* select start pool in round robin fashion */
50291 for (i = 0; i < NUM_POOLS; ++i) {
50292 - unsigned nr_free = shrink_pages;
50293 + unsigned long nr_free = shrink_pages;
50294 if (shrink_pages == 0)
50295 break;
50296 pool = &_manager->pools[(i + pool_offset)%NUM_POOLS];
50297 @@ -673,7 +673,7 @@ out:
50298 }
50299
50300 /* Put all pages in pages list to correct pool to wait for reuse */
50301 -static void ttm_put_pages(struct page **pages, unsigned npages, int flags,
50302 +static void ttm_put_pages(struct page **pages, unsigned long npages, int flags,
50303 enum ttm_caching_state cstate)
50304 {
50305 unsigned long irq_flags;
50306 @@ -728,7 +728,7 @@ static int ttm_get_pages(struct page **pages, unsigned npages, int flags,
50307 struct list_head plist;
50308 struct page *p = NULL;
50309 gfp_t gfp_flags = GFP_USER;
50310 - unsigned count;
50311 + unsigned long count;
50312 int r;
50313
50314 /* set zero flag for page allocation if required */
50315 diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
50316 index bef9f6f..ca48e17 100644
50317 --- a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
50318 +++ b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
50319 @@ -56,7 +56,7 @@
50320
50321 #define NUM_PAGES_TO_ALLOC (PAGE_SIZE/sizeof(struct page *))
50322 #define SMALL_ALLOCATION 4
50323 -#define FREE_ALL_PAGES (~0U)
50324 +#define FREE_ALL_PAGES (~0UL)
50325 /* times are in msecs */
50326 #define IS_UNDEFINED (0)
50327 #define IS_WC (1<<1)
50328 @@ -416,7 +416,7 @@ static void ttm_dma_page_put(struct dma_pool *pool, struct dma_page *d_page)
50329 * @nr_free: If set to true will free all pages in pool
50330 * @use_static: Safe to use static buffer
50331 **/
50332 -static unsigned ttm_dma_page_pool_free(struct dma_pool *pool, unsigned nr_free,
50333 +static unsigned long ttm_dma_page_pool_free(struct dma_pool *pool, unsigned long nr_free,
50334 bool use_static)
50335 {
50336 static struct page *static_buf[NUM_PAGES_TO_ALLOC];
50337 @@ -424,8 +424,7 @@ static unsigned ttm_dma_page_pool_free(struct dma_pool *pool, unsigned nr_free,
50338 struct dma_page *dma_p, *tmp;
50339 struct page **pages_to_free;
50340 struct list_head d_pages;
50341 - unsigned freed_pages = 0,
50342 - npages_to_free = nr_free;
50343 + unsigned long freed_pages = 0, npages_to_free = nr_free;
50344
50345 if (NUM_PAGES_TO_ALLOC < nr_free)
50346 npages_to_free = NUM_PAGES_TO_ALLOC;
50347 @@ -502,7 +501,8 @@ restart:
50348 /* remove range of pages from the pool */
50349 if (freed_pages) {
50350 ttm_pool_update_free_locked(pool, freed_pages);
50351 - nr_free -= freed_pages;
50352 + if (likely(nr_free != FREE_ALL_PAGES))
50353 + nr_free -= freed_pages;
50354 }
50355
50356 spin_unlock_irqrestore(&pool->lock, irq_flags);
50357 @@ -939,7 +939,7 @@ void ttm_dma_unpopulate(struct ttm_dma_tt *ttm_dma, struct device *dev)
50358 struct dma_page *d_page, *next;
50359 enum pool_type type;
50360 bool is_cached = false;
50361 - unsigned count = 0, i, npages = 0;
50362 + unsigned long count = 0, i, npages = 0;
50363 unsigned long irq_flags;
50364
50365 type = ttm_to_type(ttm->page_flags, ttm->caching_state);
50366 @@ -1014,7 +1014,7 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
50367 static unsigned start_pool;
50368 unsigned idx = 0;
50369 unsigned pool_offset;
50370 - unsigned shrink_pages = sc->nr_to_scan;
50371 + unsigned long shrink_pages = sc->nr_to_scan;
50372 struct device_pools *p;
50373 unsigned long freed = 0;
50374
50375 @@ -1027,7 +1027,7 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
50376 goto out;
50377 pool_offset = ++start_pool % _manager->npools;
50378 list_for_each_entry(p, &_manager->pools, pools) {
50379 - unsigned nr_free;
50380 + unsigned long nr_free;
50381
50382 if (!p->dev)
50383 continue;
50384 @@ -1041,7 +1041,7 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
50385 shrink_pages = ttm_dma_page_pool_free(p->pool, nr_free, true);
50386 freed += nr_free - shrink_pages;
50387
50388 - pr_debug("%s: (%s:%d) Asked to shrink %d, have %d more to go\n",
50389 + pr_debug("%s: (%s:%d) Asked to shrink %lu, have %lu more to go\n",
50390 p->pool->dev_name, p->pool->name, current->pid,
50391 nr_free, shrink_pages);
50392 }
50393 diff --git a/drivers/gpu/drm/udl/udl_connector.c b/drivers/gpu/drm/udl/udl_connector.c
50394 index 4709b54..beb015d 100644
50395 --- a/drivers/gpu/drm/udl/udl_connector.c
50396 +++ b/drivers/gpu/drm/udl/udl_connector.c
50397 @@ -80,7 +80,7 @@ static int udl_get_modes(struct drm_connector *connector)
50398 return ret;
50399 }
50400
50401 -static int udl_mode_valid(struct drm_connector *connector,
50402 +static enum drm_mode_status udl_mode_valid(struct drm_connector *connector,
50403 struct drm_display_mode *mode)
50404 {
50405 struct udl_device *udl = connector->dev->dev_private;
50406 diff --git a/drivers/gpu/drm/udl/udl_fb.c b/drivers/gpu/drm/udl/udl_fb.c
50407 index 611b6b9..e0faec1 100644
50408 --- a/drivers/gpu/drm/udl/udl_fb.c
50409 +++ b/drivers/gpu/drm/udl/udl_fb.c
50410 @@ -242,7 +242,6 @@ static int udl_fb_release(struct fb_info *info, int user)
50411 fb_deferred_io_cleanup(info);
50412 kfree(info->fbdefio);
50413 info->fbdefio = NULL;
50414 - info->fbops->fb_mmap = udl_fb_mmap;
50415 }
50416 #endif
50417
50418 diff --git a/drivers/gpu/drm/vc4/vc4_drv.c b/drivers/gpu/drm/vc4/vc4_drv.c
50419 index 9ecef93..d388af0 100644
50420 --- a/drivers/gpu/drm/vc4/vc4_drv.c
50421 +++ b/drivers/gpu/drm/vc4/vc4_drv.c
50422 @@ -179,6 +179,11 @@ static int compare_dev(struct device *dev, void *data)
50423 return dev == data;
50424 }
50425
50426 +static int vc4_match(struct device *dev, void *drv)
50427 +{
50428 + return platform_bus_type.match(dev, drv);
50429 +}
50430 +
50431 static void vc4_match_add_drivers(struct device *dev,
50432 struct component_match **match,
50433 struct platform_driver *const *drivers,
50434 @@ -190,8 +195,7 @@ static void vc4_match_add_drivers(struct device *dev,
50435 struct device_driver *drv = &drivers[i]->driver;
50436 struct device *p = NULL, *d;
50437
50438 - while ((d = bus_find_device(&platform_bus_type, p, drv,
50439 - (void *)platform_bus_type.match))) {
50440 + while ((d = bus_find_device(&platform_bus_type, p, drv, vc4_match))) {
50441 put_device(p);
50442 component_match_add(dev, match, compare_dev, d);
50443 p = d;
50444 diff --git a/drivers/gpu/drm/via/via_dma.c b/drivers/gpu/drm/via/via_dma.c
50445 index d17d8f2..67e8e48b 100644
50446 --- a/drivers/gpu/drm/via/via_dma.c
50447 +++ b/drivers/gpu/drm/via/via_dma.c
50448 @@ -737,4 +737,4 @@ const struct drm_ioctl_desc via_ioctls[] = {
50449 DRM_IOCTL_DEF_DRV(VIA_BLIT_SYNC, via_dma_blit_sync, DRM_AUTH)
50450 };
50451
50452 -int via_max_ioctl = ARRAY_SIZE(via_ioctls);
50453 +const int via_max_ioctl = ARRAY_SIZE(via_ioctls);
50454 diff --git a/drivers/gpu/drm/via/via_drv.c b/drivers/gpu/drm/via/via_drv.c
50455 index ed8aa8f..114cc8d 100644
50456 --- a/drivers/gpu/drm/via/via_drv.c
50457 +++ b/drivers/gpu/drm/via/via_drv.c
50458 @@ -107,7 +107,10 @@ static struct pci_driver via_pci_driver = {
50459
50460 static int __init via_init(void)
50461 {
50462 - driver.num_ioctls = via_max_ioctl;
50463 + pax_open_kernel();
50464 + const_cast(driver.num_ioctls) = via_max_ioctl;
50465 + pax_close_kernel();
50466 +
50467 via_init_command_verifier();
50468 return drm_pci_init(&driver, &via_pci_driver);
50469 }
50470 diff --git a/drivers/gpu/drm/via/via_drv.h b/drivers/gpu/drm/via/via_drv.h
50471 index 286a785..c0182616 100644
50472 --- a/drivers/gpu/drm/via/via_drv.h
50473 +++ b/drivers/gpu/drm/via/via_drv.h
50474 @@ -53,7 +53,7 @@ typedef struct drm_via_ring_buffer {
50475 typedef uint32_t maskarray_t[5];
50476
50477 typedef struct drm_via_irq {
50478 - atomic_t irq_received;
50479 + atomic_unchecked_t irq_received;
50480 uint32_t pending_mask;
50481 uint32_t enable_mask;
50482 wait_queue_head_t irq_queue;
50483 @@ -77,7 +77,7 @@ typedef struct drm_via_private {
50484 struct timeval last_vblank;
50485 int last_vblank_valid;
50486 unsigned usec_per_vblank;
50487 - atomic_t vbl_received;
50488 + atomic_unchecked_t vbl_received;
50489 drm_via_state_t hc_state;
50490 char pci_buf[VIA_PCI_BUF_SIZE];
50491 const uint32_t *fire_offsets[VIA_FIRE_BUF_SIZE];
50492 @@ -121,7 +121,7 @@ enum via_family {
50493 #define VIA_WRITE8(reg, val) DRM_WRITE8(VIA_BASE, reg, val)
50494
50495 extern const struct drm_ioctl_desc via_ioctls[];
50496 -extern int via_max_ioctl;
50497 +extern const int via_max_ioctl;
50498
50499 extern int via_fb_init(struct drm_device *dev, void *data, struct drm_file *file_priv);
50500 extern int via_mem_alloc(struct drm_device *dev, void *data, struct drm_file *file_priv);
50501 diff --git a/drivers/gpu/drm/via/via_irq.c b/drivers/gpu/drm/via/via_irq.c
50502 index ea8172c..6ceff63 100644
50503 --- a/drivers/gpu/drm/via/via_irq.c
50504 +++ b/drivers/gpu/drm/via/via_irq.c
50505 @@ -102,7 +102,7 @@ u32 via_get_vblank_counter(struct drm_device *dev, unsigned int pipe)
50506 if (pipe != 0)
50507 return 0;
50508
50509 - return atomic_read(&dev_priv->vbl_received);
50510 + return atomic_read_unchecked(&dev_priv->vbl_received);
50511 }
50512
50513 irqreturn_t via_driver_irq_handler(int irq, void *arg)
50514 @@ -117,8 +117,8 @@ irqreturn_t via_driver_irq_handler(int irq, void *arg)
50515
50516 status = VIA_READ(VIA_REG_INTERRUPT);
50517 if (status & VIA_IRQ_VBLANK_PENDING) {
50518 - atomic_inc(&dev_priv->vbl_received);
50519 - if (!(atomic_read(&dev_priv->vbl_received) & 0x0F)) {
50520 + atomic_inc_unchecked(&dev_priv->vbl_received);
50521 + if (!(atomic_read_unchecked(&dev_priv->vbl_received) & 0x0F)) {
50522 do_gettimeofday(&cur_vblank);
50523 if (dev_priv->last_vblank_valid) {
50524 dev_priv->usec_per_vblank =
50525 @@ -128,7 +128,7 @@ irqreturn_t via_driver_irq_handler(int irq, void *arg)
50526 dev_priv->last_vblank = cur_vblank;
50527 dev_priv->last_vblank_valid = 1;
50528 }
50529 - if (!(atomic_read(&dev_priv->vbl_received) & 0xFF)) {
50530 + if (!(atomic_read_unchecked(&dev_priv->vbl_received) & 0xFF)) {
50531 DRM_DEBUG("US per vblank is: %u\n",
50532 dev_priv->usec_per_vblank);
50533 }
50534 @@ -138,7 +138,7 @@ irqreturn_t via_driver_irq_handler(int irq, void *arg)
50535
50536 for (i = 0; i < dev_priv->num_irqs; ++i) {
50537 if (status & cur_irq->pending_mask) {
50538 - atomic_inc(&cur_irq->irq_received);
50539 + atomic_inc_unchecked(&cur_irq->irq_received);
50540 wake_up(&cur_irq->irq_queue);
50541 handled = 1;
50542 if (dev_priv->irq_map[drm_via_irq_dma0_td] == i)
50543 @@ -243,11 +243,11 @@ via_driver_irq_wait(struct drm_device *dev, unsigned int irq, int force_sequence
50544 DRM_WAIT_ON(ret, cur_irq->irq_queue, 3 * HZ,
50545 ((VIA_READ(masks[irq][2]) & masks[irq][3]) ==
50546 masks[irq][4]));
50547 - cur_irq_sequence = atomic_read(&cur_irq->irq_received);
50548 + cur_irq_sequence = atomic_read_unchecked(&cur_irq->irq_received);
50549 } else {
50550 DRM_WAIT_ON(ret, cur_irq->irq_queue, 3 * HZ,
50551 (((cur_irq_sequence =
50552 - atomic_read(&cur_irq->irq_received)) -
50553 + atomic_read_unchecked(&cur_irq->irq_received)) -
50554 *sequence) <= (1 << 23)));
50555 }
50556 *sequence = cur_irq_sequence;
50557 @@ -285,7 +285,7 @@ void via_driver_irq_preinstall(struct drm_device *dev)
50558 }
50559
50560 for (i = 0; i < dev_priv->num_irqs; ++i) {
50561 - atomic_set(&cur_irq->irq_received, 0);
50562 + atomic_set_unchecked(&cur_irq->irq_received, 0);
50563 cur_irq->enable_mask = dev_priv->irq_masks[i][0];
50564 cur_irq->pending_mask = dev_priv->irq_masks[i][1];
50565 init_waitqueue_head(&cur_irq->irq_queue);
50566 @@ -367,7 +367,7 @@ int via_wait_irq(struct drm_device *dev, void *data, struct drm_file *file_priv)
50567 switch (irqwait->request.type & ~VIA_IRQ_FLAGS_MASK) {
50568 case VIA_IRQ_RELATIVE:
50569 irqwait->request.sequence +=
50570 - atomic_read(&cur_irq->irq_received);
50571 + atomic_read_unchecked(&cur_irq->irq_received);
50572 irqwait->request.type &= ~_DRM_VBLANK_RELATIVE;
50573 case VIA_IRQ_ABSOLUTE:
50574 break;
50575 diff --git a/drivers/gpu/drm/virtio/virtgpu_display.c b/drivers/gpu/drm/virtio/virtgpu_display.c
50576 index 4e192aa..15665db 100644
50577 --- a/drivers/gpu/drm/virtio/virtgpu_display.c
50578 +++ b/drivers/gpu/drm/virtio/virtgpu_display.c
50579 @@ -192,7 +192,7 @@ static int virtio_gpu_conn_get_modes(struct drm_connector *connector)
50580 return count;
50581 }
50582
50583 -static int virtio_gpu_conn_mode_valid(struct drm_connector *connector,
50584 +static enum drm_mode_status virtio_gpu_conn_mode_valid(struct drm_connector *connector,
50585 struct drm_display_mode *mode)
50586 {
50587 struct virtio_gpu_output *output =
50588 diff --git a/drivers/gpu/drm/virtio/virtgpu_ttm.c b/drivers/gpu/drm/virtio/virtgpu_ttm.c
50589 index 80482ac..bf693e5 100644
50590 --- a/drivers/gpu/drm/virtio/virtgpu_ttm.c
50591 +++ b/drivers/gpu/drm/virtio/virtgpu_ttm.c
50592 @@ -198,11 +198,11 @@ static void ttm_bo_man_debug(struct ttm_mem_type_manager *man,
50593 }
50594
50595 static const struct ttm_mem_type_manager_func virtio_gpu_bo_manager_func = {
50596 - ttm_bo_man_init,
50597 - ttm_bo_man_takedown,
50598 - ttm_bo_man_get_node,
50599 - ttm_bo_man_put_node,
50600 - ttm_bo_man_debug
50601 + .init = &ttm_bo_man_init,
50602 + .takedown = &ttm_bo_man_takedown,
50603 + .get_node = &ttm_bo_man_get_node,
50604 + .put_node = &ttm_bo_man_put_node,
50605 + .debug = &ttm_bo_man_debug
50606 };
50607
50608 static int virtio_gpu_init_mem_type(struct ttm_bo_device *bdev, uint32_t type,
50609 diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h
50610 index 74304b0..d453794 100644
50611 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h
50612 +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h
50613 @@ -439,7 +439,7 @@ struct vmw_private {
50614 * Fencing and IRQs.
50615 */
50616
50617 - atomic_t marker_seq;
50618 + atomic_unchecked_t marker_seq;
50619 wait_queue_head_t fence_queue;
50620 wait_queue_head_t fifo_queue;
50621 spinlock_t waiter_lock;
50622 diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c
50623 index b6a0806..9fb5479 100644
50624 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c
50625 +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c
50626 @@ -156,7 +156,7 @@ int vmw_fifo_init(struct vmw_private *dev_priv, struct vmw_fifo_state *fifo)
50627 (unsigned int) min,
50628 (unsigned int) fifo->capabilities);
50629
50630 - atomic_set(&dev_priv->marker_seq, dev_priv->last_read_seqno);
50631 + atomic_set_unchecked(&dev_priv->marker_seq, dev_priv->last_read_seqno);
50632 vmw_mmio_write(dev_priv->last_read_seqno, fifo_mem + SVGA_FIFO_FENCE);
50633 vmw_marker_queue_init(&fifo->marker_queue);
50634
50635 @@ -355,7 +355,7 @@ static void *vmw_local_fifo_reserve(struct vmw_private *dev_priv,
50636 if (reserveable)
50637 vmw_mmio_write(bytes, fifo_mem +
50638 SVGA_FIFO_RESERVED);
50639 - return (void __force *) (fifo_mem +
50640 + return (void __force_kernel *) (fifo_mem +
50641 (next_cmd >> 2));
50642 } else {
50643 need_bounce = true;
50644 @@ -544,7 +544,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *seqno)
50645
50646 fm = vmw_fifo_reserve(dev_priv, bytes);
50647 if (unlikely(fm == NULL)) {
50648 - *seqno = atomic_read(&dev_priv->marker_seq);
50649 + *seqno = atomic_read_unchecked(&dev_priv->marker_seq);
50650 ret = -ENOMEM;
50651 (void)vmw_fallback_wait(dev_priv, false, true, *seqno,
50652 false, 3*HZ);
50653 @@ -552,7 +552,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *seqno)
50654 }
50655
50656 do {
50657 - *seqno = atomic_add_return(1, &dev_priv->marker_seq);
50658 + *seqno = atomic_add_return_unchecked(1, &dev_priv->marker_seq);
50659 } while (*seqno == 0);
50660
50661 if (!(fifo_state->capabilities & SVGA_FIFO_CAP_FENCE)) {
50662 diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c b/drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c
50663 index 170b61b..fec7348 100644
50664 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c
50665 +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c
50666 @@ -164,9 +164,9 @@ static void vmw_gmrid_man_debug(struct ttm_mem_type_manager *man,
50667 }
50668
50669 const struct ttm_mem_type_manager_func vmw_gmrid_manager_func = {
50670 - vmw_gmrid_man_init,
50671 - vmw_gmrid_man_takedown,
50672 - vmw_gmrid_man_get_node,
50673 - vmw_gmrid_man_put_node,
50674 - vmw_gmrid_man_debug
50675 + .init = vmw_gmrid_man_init,
50676 + .takedown = vmw_gmrid_man_takedown,
50677 + .get_node = vmw_gmrid_man_get_node,
50678 + .put_node = vmw_gmrid_man_put_node,
50679 + .debug = vmw_gmrid_man_debug
50680 };
50681 diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c b/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c
50682 index 0c7e172..ead94fc 100644
50683 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c
50684 +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c
50685 @@ -103,7 +103,7 @@ bool vmw_seqno_passed(struct vmw_private *dev_priv,
50686 * emitted. Then the fence is stale and signaled.
50687 */
50688
50689 - ret = ((atomic_read(&dev_priv->marker_seq) - seqno)
50690 + ret = ((atomic_read_unchecked(&dev_priv->marker_seq) - seqno)
50691 > VMW_FENCE_WRAP);
50692
50693 return ret;
50694 @@ -142,7 +142,7 @@ int vmw_fallback_wait(struct vmw_private *dev_priv,
50695 }
50696 }
50697
50698 - signal_seq = atomic_read(&dev_priv->marker_seq);
50699 + signal_seq = atomic_read_unchecked(&dev_priv->marker_seq);
50700 ret = 0;
50701
50702 for (;;) {
50703 diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_marker.c b/drivers/gpu/drm/vmwgfx/vmwgfx_marker.c
50704 index efd1ffd..0ae13ca 100644
50705 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_marker.c
50706 +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_marker.c
50707 @@ -135,7 +135,7 @@ int vmw_wait_lag(struct vmw_private *dev_priv,
50708 while (!vmw_lag_lt(queue, us)) {
50709 spin_lock(&queue->lock);
50710 if (list_empty(&queue->head))
50711 - seqno = atomic_read(&dev_priv->marker_seq);
50712 + seqno = atomic_read_unchecked(&dev_priv->marker_seq);
50713 else {
50714 marker = list_first_entry(&queue->head,
50715 struct vmw_marker, head);
50716 diff --git a/drivers/gpu/vga/vga_switcheroo.c b/drivers/gpu/vga/vga_switcheroo.c
50717 index 5f962bf..b095fc5 100644
50718 --- a/drivers/gpu/vga/vga_switcheroo.c
50719 +++ b/drivers/gpu/vga/vga_switcheroo.c
50720 @@ -1054,7 +1054,7 @@ static int vga_switcheroo_runtime_resume(struct device *dev)
50721 * where the power switch is separate to the device being powered down.
50722 */
50723 int vga_switcheroo_init_domain_pm_ops(struct device *dev,
50724 - struct dev_pm_domain *domain)
50725 + dev_pm_domain_no_const *domain)
50726 {
50727 /* copy over all the bus versions */
50728 if (dev->bus && dev->bus->pm) {
50729 @@ -1125,7 +1125,7 @@ static int vga_switcheroo_runtime_resume_hdmi_audio(struct device *dev)
50730 */
50731 int
50732 vga_switcheroo_init_domain_pm_optimus_hdmi_audio(struct device *dev,
50733 - struct dev_pm_domain *domain)
50734 + dev_pm_domain_no_const *domain)
50735 {
50736 /* copy over all the bus versions */
50737 if (dev->bus && dev->bus->pm) {
50738 diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
50739 index 08f53c7..8f2d6a3 100644
50740 --- a/drivers/hid/hid-core.c
50741 +++ b/drivers/hid/hid-core.c
50742 @@ -2637,7 +2637,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
50743
50744 int hid_add_device(struct hid_device *hdev)
50745 {
50746 - static atomic_t id = ATOMIC_INIT(0);
50747 + static atomic_unchecked_t id = ATOMIC_INIT(0);
50748 int ret;
50749
50750 if (WARN_ON(hdev->status & HID_STAT_ADDED))
50751 @@ -2681,7 +2681,7 @@ int hid_add_device(struct hid_device *hdev)
50752 /* XXX hack, any other cleaner solution after the driver core
50753 * is converted to allow more than 20 bytes as the device name? */
50754 dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
50755 - hdev->vendor, hdev->product, atomic_inc_return(&id));
50756 + hdev->vendor, hdev->product, atomic_inc_return_unchecked(&id));
50757
50758 hid_debug_register(hdev, dev_name(&hdev->dev));
50759 ret = device_add(&hdev->dev);
50760 diff --git a/drivers/hid/hid-magicmouse.c b/drivers/hid/hid-magicmouse.c
50761 index d6fa496..dde31aa 100644
50762 --- a/drivers/hid/hid-magicmouse.c
50763 +++ b/drivers/hid/hid-magicmouse.c
50764 @@ -34,7 +34,7 @@ module_param(emulate_scroll_wheel, bool, 0644);
50765 MODULE_PARM_DESC(emulate_scroll_wheel, "Emulate a scroll wheel");
50766
50767 static unsigned int scroll_speed = 32;
50768 -static int param_set_scroll_speed(const char *val, struct kernel_param *kp) {
50769 +static int param_set_scroll_speed(const char *val, const struct kernel_param *kp) {
50770 unsigned long speed;
50771 if (!val || kstrtoul(val, 0, &speed) || speed > 63)
50772 return -EINVAL;
50773 diff --git a/drivers/hid/hid-sensor-custom.c b/drivers/hid/hid-sensor-custom.c
50774 index 5614fee..8a6f5f6 100644
50775 --- a/drivers/hid/hid-sensor-custom.c
50776 +++ b/drivers/hid/hid-sensor-custom.c
50777 @@ -590,7 +590,7 @@ static int hid_sensor_custom_add_attributes(struct hid_sensor_custom
50778 j = 0;
50779 while (j < HID_CUSTOM_TOTAL_ATTRS &&
50780 hid_custom_attrs[j].name) {
50781 - struct device_attribute *device_attr;
50782 + device_attribute_no_const *device_attr;
50783
50784 device_attr = &sensor_inst->fields[i].sd_attrs[j];
50785
50786 diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c
50787 index c13fb5b..55a3802 100644
50788 --- a/drivers/hid/hid-wiimote-debug.c
50789 +++ b/drivers/hid/hid-wiimote-debug.c
50790 @@ -66,7 +66,7 @@ static ssize_t wiidebug_eeprom_read(struct file *f, char __user *u, size_t s,
50791 else if (size == 0)
50792 return -EIO;
50793
50794 - if (copy_to_user(u, buf, size))
50795 + if (size > sizeof(buf) || copy_to_user(u, buf, size))
50796 return -EFAULT;
50797
50798 *off += size;
50799 diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
50800 index 56dd261..493d7e0 100644
50801 --- a/drivers/hv/channel.c
50802 +++ b/drivers/hv/channel.c
50803 @@ -398,7 +398,7 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer,
50804 int ret = 0;
50805
50806 next_gpadl_handle =
50807 - (atomic_inc_return(&vmbus_connection.next_gpadl_handle) - 1);
50808 + (atomic_inc_return_unchecked(&vmbus_connection.next_gpadl_handle) - 1);
50809
50810 ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount);
50811 if (ret)
50812 @@ -749,9 +749,7 @@ int vmbus_sendpacket_pagebuffer_ctl(struct vmbus_channel *channel,
50813 * Adjust the size down since vmbus_channel_packet_page_buffer is the
50814 * largest size we support
50815 */
50816 - descsize = sizeof(struct vmbus_channel_packet_page_buffer) -
50817 - ((MAX_PAGE_BUFFER_COUNT - pagecount) *
50818 - sizeof(struct hv_page_buffer));
50819 + descsize = offsetof(struct vmbus_channel_packet_page_buffer, range[pagecount]);
50820 packetlen = descsize + bufferlen;
50821 packetlen_aligned = ALIGN(packetlen, sizeof(u64));
50822
50823 diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
50824 index a1c086b..b45a999 100644
50825 --- a/drivers/hv/hv.c
50826 +++ b/drivers/hv/hv.c
50827 @@ -183,6 +183,7 @@ static struct clocksource hyperv_cs_tsc = {
50828 };
50829 #endif
50830
50831 +static char hv_hypercall_page[PAGE_SIZE] __aligned(PAGE_SIZE) __used __section(".text");
50832
50833 /*
50834 * hv_init - Main initialization routine.
50835 @@ -193,7 +194,6 @@ int hv_init(void)
50836 {
50837 int max_leaf;
50838 union hv_x64_msr_hypercall_contents hypercall_msr;
50839 - void *virtaddr = NULL;
50840
50841 memset(hv_context.synic_event_page, 0, sizeof(void *) * NR_CPUS);
50842 memset(hv_context.synic_message_page, 0,
50843 @@ -220,14 +220,9 @@ int hv_init(void)
50844 /* See if the hypercall page is already set */
50845 rdmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
50846
50847 - virtaddr = __vmalloc(PAGE_SIZE, GFP_KERNEL, PAGE_KERNEL_EXEC);
50848 -
50849 - if (!virtaddr)
50850 - goto cleanup;
50851 -
50852 hypercall_msr.enable = 1;
50853
50854 - hypercall_msr.guest_physical_address = vmalloc_to_pfn(virtaddr);
50855 + hypercall_msr.guest_physical_address = __phys_to_pfn(__pa(ktla_ktva((unsigned long)hv_hypercall_page)));
50856 wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
50857
50858 /* Confirm that hypercall page did get setup. */
50859 @@ -237,7 +232,7 @@ int hv_init(void)
50860 if (!hypercall_msr.enable)
50861 goto cleanup;
50862
50863 - hv_context.hypercall_page = virtaddr;
50864 + hv_context.hypercall_page = hv_hypercall_page;
50865
50866 #ifdef CONFIG_X86_64
50867 if (ms_hyperv.features & HV_X64_MSR_REFERENCE_TSC_AVAILABLE) {
50868 @@ -261,13 +256,9 @@ int hv_init(void)
50869 return 0;
50870
50871 cleanup:
50872 - if (virtaddr) {
50873 - if (hypercall_msr.enable) {
50874 - hypercall_msr.as_uint64 = 0;
50875 - wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
50876 - }
50877 -
50878 - vfree(virtaddr);
50879 + if (hypercall_msr.enable) {
50880 + hypercall_msr.as_uint64 = 0;
50881 + wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
50882 }
50883
50884 return -ENOTSUPP;
50885 @@ -288,7 +279,6 @@ void hv_cleanup(void)
50886 if (hv_context.hypercall_page) {
50887 hypercall_msr.as_uint64 = 0;
50888 wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
50889 - vfree(hv_context.hypercall_page);
50890 hv_context.hypercall_page = NULL;
50891 }
50892
50893 diff --git a/drivers/hv/hv_balloon.c b/drivers/hv/hv_balloon.c
50894 index df35fb7..fff7e4e 100644
50895 --- a/drivers/hv/hv_balloon.c
50896 +++ b/drivers/hv/hv_balloon.c
50897 @@ -471,7 +471,7 @@ MODULE_PARM_DESC(hot_add, "If set attempt memory hot_add");
50898
50899 module_param(pressure_report_delay, uint, (S_IRUGO | S_IWUSR));
50900 MODULE_PARM_DESC(pressure_report_delay, "Delay in secs in reporting pressure");
50901 -static atomic_t trans_id = ATOMIC_INIT(0);
50902 +static atomic_unchecked_t trans_id = ATOMIC_INIT(0);
50903
50904 static int dm_ring_size = (5 * PAGE_SIZE);
50905
50906 @@ -945,7 +945,7 @@ static void hot_add_req(struct work_struct *dummy)
50907 pr_info("Memory hot add failed\n");
50908
50909 dm->state = DM_INITIALIZED;
50910 - resp.hdr.trans_id = atomic_inc_return(&trans_id);
50911 + resp.hdr.trans_id = atomic_inc_return_unchecked(&trans_id);
50912 vmbus_sendpacket(dm->dev->channel, &resp,
50913 sizeof(struct dm_hot_add_response),
50914 (unsigned long)NULL,
50915 @@ -1026,7 +1026,7 @@ static void post_status(struct hv_dynmem_device *dm)
50916 memset(&status, 0, sizeof(struct dm_status));
50917 status.hdr.type = DM_STATUS_REPORT;
50918 status.hdr.size = sizeof(struct dm_status);
50919 - status.hdr.trans_id = atomic_inc_return(&trans_id);
50920 + status.hdr.trans_id = atomic_inc_return_unchecked(&trans_id);
50921
50922 /*
50923 * The host expects the guest to report free and committed memory.
50924 @@ -1050,7 +1050,7 @@ static void post_status(struct hv_dynmem_device *dm)
50925 * send the status. This can happen if we were interrupted
50926 * after we picked our transaction ID.
50927 */
50928 - if (status.hdr.trans_id != atomic_read(&trans_id))
50929 + if (status.hdr.trans_id != atomic_read_unchecked(&trans_id))
50930 return;
50931
50932 /*
50933 @@ -1195,7 +1195,7 @@ static void balloon_up(struct work_struct *dummy)
50934 */
50935
50936 do {
50937 - bl_resp->hdr.trans_id = atomic_inc_return(&trans_id);
50938 + bl_resp->hdr.trans_id = atomic_inc_return_unchecked(&trans_id);
50939 ret = vmbus_sendpacket(dm_device.dev->channel,
50940 bl_resp,
50941 bl_resp->hdr.size,
50942 @@ -1241,7 +1241,7 @@ static void balloon_down(struct hv_dynmem_device *dm,
50943
50944 memset(&resp, 0, sizeof(struct dm_unballoon_response));
50945 resp.hdr.type = DM_UNBALLOON_RESPONSE;
50946 - resp.hdr.trans_id = atomic_inc_return(&trans_id);
50947 + resp.hdr.trans_id = atomic_inc_return_unchecked(&trans_id);
50948 resp.hdr.size = sizeof(struct dm_unballoon_response);
50949
50950 vmbus_sendpacket(dm_device.dev->channel, &resp,
50951 @@ -1301,7 +1301,7 @@ static void version_resp(struct hv_dynmem_device *dm,
50952 memset(&version_req, 0, sizeof(struct dm_version_request));
50953 version_req.hdr.type = DM_VERSION_REQUEST;
50954 version_req.hdr.size = sizeof(struct dm_version_request);
50955 - version_req.hdr.trans_id = atomic_inc_return(&trans_id);
50956 + version_req.hdr.trans_id = atomic_inc_return_unchecked(&trans_id);
50957 version_req.version.version = dm->next_version;
50958
50959 /*
50960 @@ -1488,7 +1488,7 @@ static int balloon_probe(struct hv_device *dev,
50961 memset(&version_req, 0, sizeof(struct dm_version_request));
50962 version_req.hdr.type = DM_VERSION_REQUEST;
50963 version_req.hdr.size = sizeof(struct dm_version_request);
50964 - version_req.hdr.trans_id = atomic_inc_return(&trans_id);
50965 + version_req.hdr.trans_id = atomic_inc_return_unchecked(&trans_id);
50966 version_req.version.version = DYNMEM_PROTOCOL_VERSION_WIN10;
50967 version_req.is_last_attempt = 0;
50968
50969 @@ -1519,7 +1519,7 @@ static int balloon_probe(struct hv_device *dev,
50970 memset(&cap_msg, 0, sizeof(struct dm_capabilities));
50971 cap_msg.hdr.type = DM_CAPABILITIES_REPORT;
50972 cap_msg.hdr.size = sizeof(struct dm_capabilities);
50973 - cap_msg.hdr.trans_id = atomic_inc_return(&trans_id);
50974 + cap_msg.hdr.trans_id = atomic_inc_return_unchecked(&trans_id);
50975
50976 cap_msg.caps.cap_bits.balloon = 1;
50977 cap_msg.caps.cap_bits.hot_add = 1;
50978 diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h
50979 index 718b5c7..c1bf203 100644
50980 --- a/drivers/hv/hyperv_vmbus.h
50981 +++ b/drivers/hv/hyperv_vmbus.h
50982 @@ -566,7 +566,7 @@ enum vmbus_connect_state {
50983 struct vmbus_connection {
50984 enum vmbus_connect_state conn_state;
50985
50986 - atomic_t next_gpadl_handle;
50987 + atomic_unchecked_t next_gpadl_handle;
50988
50989 struct completion unload_event;
50990 /*
50991 diff --git a/drivers/hwmon/acpi_power_meter.c b/drivers/hwmon/acpi_power_meter.c
50992 index 579bdf9..0dac21d5 100644
50993 --- a/drivers/hwmon/acpi_power_meter.c
50994 +++ b/drivers/hwmon/acpi_power_meter.c
50995 @@ -116,7 +116,7 @@ struct sensor_template {
50996 struct device_attribute *devattr,
50997 const char *buf, size_t count);
50998 int index;
50999 -};
51000 +} __do_const;
51001
51002 /* Averaging interval */
51003 static int update_avg_interval(struct acpi_power_meter_resource *resource)
51004 @@ -631,7 +631,7 @@ static int register_attrs(struct acpi_power_meter_resource *resource,
51005 struct sensor_template *attrs)
51006 {
51007 struct device *dev = &resource->acpi_dev->dev;
51008 - struct sensor_device_attribute *sensors =
51009 + sensor_device_attribute_no_const *sensors =
51010 &resource->sensors[resource->num_sensors];
51011 int res = 0;
51012
51013 @@ -973,7 +973,7 @@ static int __init enable_cap_knobs(const struct dmi_system_id *d)
51014 return 0;
51015 }
51016
51017 -static struct dmi_system_id __initdata pm_dmi_table[] = {
51018 +static const struct dmi_system_id __initconst pm_dmi_table[] = {
51019 {
51020 enable_cap_knobs, "IBM Active Energy Manager",
51021 {
51022 diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c
51023 index 0af7fd3..1fc50d4 100644
51024 --- a/drivers/hwmon/applesmc.c
51025 +++ b/drivers/hwmon/applesmc.c
51026 @@ -1105,7 +1105,7 @@ static int applesmc_create_nodes(struct applesmc_node_group *groups, int num)
51027 {
51028 struct applesmc_node_group *grp;
51029 struct applesmc_dev_attr *node;
51030 - struct attribute *attr;
51031 + attribute_no_const *attr;
51032 int ret, i;
51033
51034 for (grp = groups; grp->format; grp++) {
51035 @@ -1242,7 +1242,7 @@ static int applesmc_dmi_match(const struct dmi_system_id *id)
51036 * Note that DMI_MATCH(...,"MacBook") will match "MacBookPro1,1".
51037 * So we need to put "Apple MacBook Pro" before "Apple MacBook".
51038 */
51039 -static __initdata struct dmi_system_id applesmc_whitelist[] = {
51040 +static const __initconst struct dmi_system_id applesmc_whitelist[] = {
51041 { applesmc_dmi_match, "Apple MacBook Air", {
51042 DMI_MATCH(DMI_BOARD_VENDOR, "Apple"),
51043 DMI_MATCH(DMI_PRODUCT_NAME, "MacBookAir") },
51044 diff --git a/drivers/hwmon/asus_atk0110.c b/drivers/hwmon/asus_atk0110.c
51045 index cccef87..06ce8ec 100644
51046 --- a/drivers/hwmon/asus_atk0110.c
51047 +++ b/drivers/hwmon/asus_atk0110.c
51048 @@ -147,10 +147,10 @@ MODULE_DEVICE_TABLE(acpi, atk_ids);
51049 struct atk_sensor_data {
51050 struct list_head list;
51051 struct atk_data *data;
51052 - struct device_attribute label_attr;
51053 - struct device_attribute input_attr;
51054 - struct device_attribute limit1_attr;
51055 - struct device_attribute limit2_attr;
51056 + device_attribute_no_const label_attr;
51057 + device_attribute_no_const input_attr;
51058 + device_attribute_no_const limit1_attr;
51059 + device_attribute_no_const limit2_attr;
51060 char label_attr_name[ATTR_NAME_SIZE];
51061 char input_attr_name[ATTR_NAME_SIZE];
51062 char limit1_attr_name[ATTR_NAME_SIZE];
51063 @@ -270,7 +270,7 @@ static ssize_t atk_name_show(struct device *dev,
51064 static struct device_attribute atk_name_attr =
51065 __ATTR(name, 0444, atk_name_show, NULL);
51066
51067 -static void atk_init_attribute(struct device_attribute *attr, char *name,
51068 +static void atk_init_attribute(device_attribute_no_const *attr, char *name,
51069 sysfs_show_func show)
51070 {
51071 sysfs_attr_init(&attr->attr);
51072 diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c
51073 index 6a27eb2..349ed23 100644
51074 --- a/drivers/hwmon/coretemp.c
51075 +++ b/drivers/hwmon/coretemp.c
51076 @@ -783,7 +783,7 @@ static int coretemp_cpu_callback(struct notifier_block *nfb,
51077 return NOTIFY_OK;
51078 }
51079
51080 -static struct notifier_block coretemp_cpu_notifier __refdata = {
51081 +static struct notifier_block coretemp_cpu_notifier = {
51082 .notifier_call = coretemp_cpu_callback,
51083 };
51084
51085 diff --git a/drivers/hwmon/dell-smm-hwmon.c b/drivers/hwmon/dell-smm-hwmon.c
51086 index acf9c03..1424826 100644
51087 --- a/drivers/hwmon/dell-smm-hwmon.c
51088 +++ b/drivers/hwmon/dell-smm-hwmon.c
51089 @@ -886,7 +886,7 @@ static const struct i8k_config_data i8k_config_data[] = {
51090 },
51091 };
51092
51093 -static struct dmi_system_id i8k_dmi_table[] __initdata = {
51094 +static const struct dmi_system_id i8k_dmi_table[] __initconst = {
51095 {
51096 .ident = "Dell Inspiron",
51097 .matches = {
51098 @@ -1002,7 +1002,7 @@ MODULE_DEVICE_TABLE(dmi, i8k_dmi_table);
51099 * of affected Dell machines for which we disallow I8K_SMM_GET_FAN_TYPE call.
51100 * See bug: https://bugzilla.kernel.org/show_bug.cgi?id=100121
51101 */
51102 -static struct dmi_system_id i8k_blacklist_fan_type_dmi_table[] __initdata = {
51103 +static const struct dmi_system_id i8k_blacklist_fan_type_dmi_table[] __initconst = {
51104 {
51105 .ident = "Dell Studio XPS 8000",
51106 .matches = {
51107 diff --git a/drivers/hwmon/ibmaem.c b/drivers/hwmon/ibmaem.c
51108 index 1f64378..2b6e615 100644
51109 --- a/drivers/hwmon/ibmaem.c
51110 +++ b/drivers/hwmon/ibmaem.c
51111 @@ -924,7 +924,7 @@ static int aem_register_sensors(struct aem_data *data,
51112 const struct aem_rw_sensor_template *rw)
51113 {
51114 struct device *dev = &data->pdev->dev;
51115 - struct sensor_device_attribute *sensors = data->sensors;
51116 + sensor_device_attribute_no_const *sensors = data->sensors;
51117 int err;
51118
51119 /* Set up read-only sensors */
51120 diff --git a/drivers/hwmon/iio_hwmon.c b/drivers/hwmon/iio_hwmon.c
51121 index 8944987..839863d 100644
51122 --- a/drivers/hwmon/iio_hwmon.c
51123 +++ b/drivers/hwmon/iio_hwmon.c
51124 @@ -61,7 +61,7 @@ static int iio_hwmon_probe(struct platform_device *pdev)
51125 {
51126 struct device *dev = &pdev->dev;
51127 struct iio_hwmon_state *st;
51128 - struct sensor_device_attribute *a;
51129 + sensor_device_attribute_no_const *a;
51130 int ret, i;
51131 int in_i = 1, temp_i = 1, curr_i = 1, humidity_i = 1;
51132 enum iio_chan_type type;
51133 diff --git a/drivers/hwmon/nct6683.c b/drivers/hwmon/nct6683.c
51134 index 559c596..3de1a96 100644
51135 --- a/drivers/hwmon/nct6683.c
51136 +++ b/drivers/hwmon/nct6683.c
51137 @@ -404,11 +404,11 @@ nct6683_create_attr_group(struct device *dev,
51138 const struct sensor_template_group *tg,
51139 int repeat)
51140 {
51141 - struct sensor_device_attribute_2 *a2;
51142 - struct sensor_device_attribute *a;
51143 + sensor_device_attribute_2_no_const *a2;
51144 + sensor_device_attribute_no_const *a;
51145 struct sensor_device_template **t;
51146 struct sensor_device_attr_u *su;
51147 - struct attribute_group *group;
51148 + attribute_group_no_const *group;
51149 struct attribute **attrs;
51150 int i, j, count;
51151
51152 diff --git a/drivers/hwmon/nct6775.c b/drivers/hwmon/nct6775.c
51153 index d087a8e..54e963a 100644
51154 --- a/drivers/hwmon/nct6775.c
51155 +++ b/drivers/hwmon/nct6775.c
51156 @@ -1049,10 +1049,10 @@ nct6775_create_attr_group(struct device *dev,
51157 const struct sensor_template_group *tg,
51158 int repeat)
51159 {
51160 - struct attribute_group *group;
51161 + attribute_group_no_const *group;
51162 struct sensor_device_attr_u *su;
51163 - struct sensor_device_attribute *a;
51164 - struct sensor_device_attribute_2 *a2;
51165 + sensor_device_attribute_no_const *a;
51166 + sensor_device_attribute_2_no_const *a2;
51167 struct attribute **attrs;
51168 struct sensor_device_template **t;
51169 int i, count;
51170 diff --git a/drivers/hwmon/pmbus/pmbus_core.c b/drivers/hwmon/pmbus/pmbus_core.c
51171 index ba59eae..dbf694c 100644
51172 --- a/drivers/hwmon/pmbus/pmbus_core.c
51173 +++ b/drivers/hwmon/pmbus/pmbus_core.c
51174 @@ -824,7 +824,7 @@ static int pmbus_add_attribute(struct pmbus_data *data, struct attribute *attr)
51175 return 0;
51176 }
51177
51178 -static void pmbus_dev_attr_init(struct device_attribute *dev_attr,
51179 +static void pmbus_dev_attr_init(device_attribute_no_const *dev_attr,
51180 const char *name,
51181 umode_t mode,
51182 ssize_t (*show)(struct device *dev,
51183 @@ -841,7 +841,7 @@ static void pmbus_dev_attr_init(struct device_attribute *dev_attr,
51184 dev_attr->store = store;
51185 }
51186
51187 -static void pmbus_attr_init(struct sensor_device_attribute *a,
51188 +static void pmbus_attr_init(sensor_device_attribute_no_const *a,
51189 const char *name,
51190 umode_t mode,
51191 ssize_t (*show)(struct device *dev,
51192 @@ -863,7 +863,7 @@ static int pmbus_add_boolean(struct pmbus_data *data,
51193 u16 reg, u8 mask)
51194 {
51195 struct pmbus_boolean *boolean;
51196 - struct sensor_device_attribute *a;
51197 + sensor_device_attribute_no_const *a;
51198
51199 boolean = devm_kzalloc(data->dev, sizeof(*boolean), GFP_KERNEL);
51200 if (!boolean)
51201 @@ -888,7 +888,7 @@ static struct pmbus_sensor *pmbus_add_sensor(struct pmbus_data *data,
51202 bool update, bool readonly)
51203 {
51204 struct pmbus_sensor *sensor;
51205 - struct device_attribute *a;
51206 + device_attribute_no_const *a;
51207
51208 sensor = devm_kzalloc(data->dev, sizeof(*sensor), GFP_KERNEL);
51209 if (!sensor)
51210 @@ -919,7 +919,7 @@ static int pmbus_add_label(struct pmbus_data *data,
51211 const char *lstring, int index)
51212 {
51213 struct pmbus_label *label;
51214 - struct device_attribute *a;
51215 + device_attribute_no_const *a;
51216
51217 label = devm_kzalloc(data->dev, sizeof(*label), GFP_KERNEL);
51218 if (!label)
51219 diff --git a/drivers/hwmon/sht15.c b/drivers/hwmon/sht15.c
51220 index a2fdbb7..e749a3c 100644
51221 --- a/drivers/hwmon/sht15.c
51222 +++ b/drivers/hwmon/sht15.c
51223 @@ -170,7 +170,7 @@ struct sht15_data {
51224 int supply_uv;
51225 bool supply_uv_valid;
51226 struct work_struct update_supply_work;
51227 - atomic_t interrupt_handled;
51228 + atomic_unchecked_t interrupt_handled;
51229 };
51230
51231 /**
51232 @@ -530,13 +530,13 @@ static int sht15_measurement(struct sht15_data *data,
51233 ret = gpio_direction_input(data->pdata->gpio_data);
51234 if (ret)
51235 return ret;
51236 - atomic_set(&data->interrupt_handled, 0);
51237 + atomic_set_unchecked(&data->interrupt_handled, 0);
51238
51239 enable_irq(gpio_to_irq(data->pdata->gpio_data));
51240 if (gpio_get_value(data->pdata->gpio_data) == 0) {
51241 disable_irq_nosync(gpio_to_irq(data->pdata->gpio_data));
51242 /* Only relevant if the interrupt hasn't occurred. */
51243 - if (!atomic_read(&data->interrupt_handled))
51244 + if (!atomic_read_unchecked(&data->interrupt_handled))
51245 schedule_work(&data->read_work);
51246 }
51247 ret = wait_event_timeout(data->wait_queue,
51248 @@ -808,7 +808,7 @@ static irqreturn_t sht15_interrupt_fired(int irq, void *d)
51249
51250 /* First disable the interrupt */
51251 disable_irq_nosync(irq);
51252 - atomic_inc(&data->interrupt_handled);
51253 + atomic_inc_unchecked(&data->interrupt_handled);
51254 /* Then schedule a reading work struct */
51255 if (data->state != SHT15_READING_NOTHING)
51256 schedule_work(&data->read_work);
51257 @@ -830,11 +830,11 @@ static void sht15_bh_read_data(struct work_struct *work_s)
51258 * If not, then start the interrupt again - care here as could
51259 * have gone low in meantime so verify it hasn't!
51260 */
51261 - atomic_set(&data->interrupt_handled, 0);
51262 + atomic_set_unchecked(&data->interrupt_handled, 0);
51263 enable_irq(gpio_to_irq(data->pdata->gpio_data));
51264 /* If still not occurred or another handler was scheduled */
51265 if (gpio_get_value(data->pdata->gpio_data)
51266 - || atomic_read(&data->interrupt_handled))
51267 + || atomic_read_unchecked(&data->interrupt_handled))
51268 return;
51269 }
51270
51271 diff --git a/drivers/hwmon/via-cputemp.c b/drivers/hwmon/via-cputemp.c
51272 index ac91c07..8e69663 100644
51273 --- a/drivers/hwmon/via-cputemp.c
51274 +++ b/drivers/hwmon/via-cputemp.c
51275 @@ -295,7 +295,7 @@ static int via_cputemp_cpu_callback(struct notifier_block *nfb,
51276 return NOTIFY_OK;
51277 }
51278
51279 -static struct notifier_block via_cputemp_cpu_notifier __refdata = {
51280 +static struct notifier_block via_cputemp_cpu_notifier = {
51281 .notifier_call = via_cputemp_cpu_callback,
51282 };
51283
51284 diff --git a/drivers/i2c/busses/i2c-amd756-s4882.c b/drivers/i2c/busses/i2c-amd756-s4882.c
51285 index 65e3240..e6c511d 100644
51286 --- a/drivers/i2c/busses/i2c-amd756-s4882.c
51287 +++ b/drivers/i2c/busses/i2c-amd756-s4882.c
51288 @@ -39,7 +39,7 @@
51289 extern struct i2c_adapter amd756_smbus;
51290
51291 static struct i2c_adapter *s4882_adapter;
51292 -static struct i2c_algorithm *s4882_algo;
51293 +static i2c_algorithm_no_const *s4882_algo;
51294
51295 /* Wrapper access functions for multiplexed SMBus */
51296 static DEFINE_MUTEX(amd756_lock);
51297 diff --git a/drivers/i2c/busses/i2c-designware-pcidrv.c b/drivers/i2c/busses/i2c-designware-pcidrv.c
51298 index 96f8230..73d7616 100644
51299 --- a/drivers/i2c/busses/i2c-designware-pcidrv.c
51300 +++ b/drivers/i2c/busses/i2c-designware-pcidrv.c
51301 @@ -57,7 +57,7 @@ struct dw_scl_sda_cfg {
51302 };
51303
51304 struct dw_pci_controller {
51305 - u32 bus_num;
51306 + int bus_num;
51307 u32 bus_cfg;
51308 u32 tx_fifo_depth;
51309 u32 rx_fifo_depth;
51310 diff --git a/drivers/i2c/busses/i2c-nforce2-s4985.c b/drivers/i2c/busses/i2c-nforce2-s4985.c
51311 index 88eda09..cf40434 100644
51312 --- a/drivers/i2c/busses/i2c-nforce2-s4985.c
51313 +++ b/drivers/i2c/busses/i2c-nforce2-s4985.c
51314 @@ -37,7 +37,7 @@
51315 extern struct i2c_adapter *nforce2_smbus;
51316
51317 static struct i2c_adapter *s4985_adapter;
51318 -static struct i2c_algorithm *s4985_algo;
51319 +static i2c_algorithm_no_const *s4985_algo;
51320
51321 /* Wrapper access functions for multiplexed SMBus */
51322 static DEFINE_MUTEX(nforce2_lock);
51323 diff --git a/drivers/i2c/i2c-dev.c b/drivers/i2c/i2c-dev.c
51324 index 66f323f..af5b573 100644
51325 --- a/drivers/i2c/i2c-dev.c
51326 +++ b/drivers/i2c/i2c-dev.c
51327 @@ -274,7 +274,7 @@ static noinline int i2cdev_ioctl_rdwr(struct i2c_client *client,
51328 break;
51329 }
51330
51331 - data_ptrs[i] = (u8 __user *)rdwr_pa[i].buf;
51332 + data_ptrs[i] = (u8 __force_user *)rdwr_pa[i].buf;
51333 rdwr_pa[i].buf = memdup_user(data_ptrs[i], rdwr_pa[i].len);
51334 if (IS_ERR(rdwr_pa[i].buf)) {
51335 res = PTR_ERR(rdwr_pa[i].buf);
51336 diff --git a/drivers/ide/ide-cd.c b/drivers/ide/ide-cd.c
51337 index bf9a2ad..a54b1c4 100644
51338 --- a/drivers/ide/ide-cd.c
51339 +++ b/drivers/ide/ide-cd.c
51340 @@ -768,7 +768,7 @@ static void cdrom_do_block_pc(ide_drive_t *drive, struct request *rq)
51341 alignment = queue_dma_alignment(q) | q->dma_pad_mask;
51342 if ((unsigned long)buf & alignment
51343 || blk_rq_bytes(rq) & q->dma_pad_mask
51344 - || object_is_on_stack(buf))
51345 + || object_starts_on_stack(buf))
51346 drive->dma = 0;
51347 }
51348 }
51349 diff --git a/drivers/ide/ide-disk.c b/drivers/ide/ide-disk.c
51350 index 83679da..6e67e4f 100644
51351 --- a/drivers/ide/ide-disk.c
51352 +++ b/drivers/ide/ide-disk.c
51353 @@ -178,7 +178,7 @@ static ide_startstop_t __ide_do_rw_disk(ide_drive_t *drive, struct request *rq,
51354 * 1073741822 == 549756 MB or 48bit addressing fake drive
51355 */
51356
51357 -static ide_startstop_t ide_do_rw_disk(ide_drive_t *drive, struct request *rq,
51358 +static ide_startstop_t __intentional_overflow(-1) ide_do_rw_disk(ide_drive_t *drive, struct request *rq,
51359 sector_t block)
51360 {
51361 ide_hwif_t *hwif = drive->hwif;
51362 diff --git a/drivers/ide/ide.c b/drivers/ide/ide.c
51363 index d127ace..6ee866f 100644
51364 --- a/drivers/ide/ide.c
51365 +++ b/drivers/ide/ide.c
51366 @@ -244,7 +244,7 @@ struct chs_geom {
51367 static unsigned int ide_disks;
51368 static struct chs_geom ide_disks_chs[MAX_HWIFS * MAX_DRIVES];
51369
51370 -static int ide_set_disk_chs(const char *str, struct kernel_param *kp)
51371 +static int ide_set_disk_chs(const char *str, const struct kernel_param *kp)
51372 {
51373 unsigned int a, b, c = 0, h = 0, s = 0, i, j = 1;
51374
51375 @@ -328,7 +328,7 @@ static void ide_dev_apply_params(ide_drive_t *drive, u8 unit)
51376
51377 static unsigned int ide_ignore_cable;
51378
51379 -static int ide_set_ignore_cable(const char *s, struct kernel_param *kp)
51380 +static int ide_set_ignore_cable(const char *s, const struct kernel_param *kp)
51381 {
51382 int i, j = 1;
51383
51384 diff --git a/drivers/idle/intel_idle.c b/drivers/idle/intel_idle.c
51385 index 67ec58f..0a78c78 100644
51386 --- a/drivers/idle/intel_idle.c
51387 +++ b/drivers/idle/intel_idle.c
51388 @@ -1208,36 +1208,46 @@ static void bxt_idle_state_table_update(void)
51389 rdmsrl(MSR_PKGC6_IRTL, msr);
51390 usec = irtl_2_usec(msr);
51391 if (usec) {
51392 - bxt_cstates[2].exit_latency = usec;
51393 - bxt_cstates[2].target_residency = usec;
51394 + pax_open_kernel();
51395 + const_cast(bxt_cstates[2].exit_latency) = usec;
51396 + const_cast(bxt_cstates[2].target_residency) = usec;
51397 + pax_close_kernel();
51398 }
51399
51400 rdmsrl(MSR_PKGC7_IRTL, msr);
51401 usec = irtl_2_usec(msr);
51402 if (usec) {
51403 - bxt_cstates[3].exit_latency = usec;
51404 - bxt_cstates[3].target_residency = usec;
51405 + pax_open_kernel();
51406 + const_cast(bxt_cstates[3].exit_latency) = usec;
51407 + const_cast(bxt_cstates[3].target_residency) = usec;
51408 + pax_close_kernel();
51409 }
51410
51411 rdmsrl(MSR_PKGC8_IRTL, msr);
51412 usec = irtl_2_usec(msr);
51413 if (usec) {
51414 - bxt_cstates[4].exit_latency = usec;
51415 - bxt_cstates[4].target_residency = usec;
51416 + pax_open_kernel();
51417 + const_cast(bxt_cstates[4].exit_latency) = usec;
51418 + const_cast(bxt_cstates[4].target_residency) = usec;
51419 + pax_close_kernel();
51420 }
51421
51422 rdmsrl(MSR_PKGC9_IRTL, msr);
51423 usec = irtl_2_usec(msr);
51424 if (usec) {
51425 - bxt_cstates[5].exit_latency = usec;
51426 - bxt_cstates[5].target_residency = usec;
51427 + pax_open_kernel();
51428 + const_cast(bxt_cstates[5].exit_latency) = usec;
51429 + const_cast(bxt_cstates[5].target_residency) = usec;
51430 + pax_close_kernel();
51431 }
51432
51433 rdmsrl(MSR_PKGC10_IRTL, msr);
51434 usec = irtl_2_usec(msr);
51435 if (usec) {
51436 - bxt_cstates[6].exit_latency = usec;
51437 - bxt_cstates[6].target_residency = usec;
51438 + pax_open_kernel();
51439 + const_cast(bxt_cstates[6].exit_latency) = usec;
51440 + const_cast(bxt_cstates[6].target_residency) = usec;
51441 + pax_close_kernel();
51442 }
51443
51444 }
51445 @@ -1280,8 +1290,10 @@ static void sklh_idle_state_table_update(void)
51446 return;
51447 }
51448
51449 - skl_cstates[5].disabled = 1; /* C8-SKL */
51450 - skl_cstates[6].disabled = 1; /* C9-SKL */
51451 + pax_open_kernel();
51452 + const_cast(skl_cstates[5].disabled) = 1; /* C8-SKL */
51453 + const_cast(skl_cstates[6].disabled) = 1; /* C9-SKL */
51454 + pax_close_kernel();
51455 }
51456 /*
51457 * intel_idle_state_table_update()
51458 diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c
51459 index d2b8899..5b0e8f5 100644
51460 --- a/drivers/iio/industrialio-core.c
51461 +++ b/drivers/iio/industrialio-core.c
51462 @@ -769,7 +769,7 @@ static ssize_t iio_write_channel_info(struct device *dev,
51463 }
51464
51465 static
51466 -int __iio_device_attr_init(struct device_attribute *dev_attr,
51467 +int __iio_device_attr_init(device_attribute_no_const *dev_attr,
51468 const char *postfix,
51469 struct iio_chan_spec const *chan,
51470 ssize_t (*readfunc)(struct device *dev,
51471 diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c
51472 index c995255..7de0b49 100644
51473 --- a/drivers/infiniband/core/cm.c
51474 +++ b/drivers/infiniband/core/cm.c
51475 @@ -115,7 +115,7 @@ static char const counter_group_names[CM_COUNTER_GROUPS]
51476
51477 struct cm_counter_group {
51478 struct kobject obj;
51479 - atomic_long_t counter[CM_ATTR_COUNT];
51480 + atomic_long_unchecked_t counter[CM_ATTR_COUNT];
51481 };
51482
51483 struct cm_counter_attribute {
51484 @@ -1432,7 +1432,7 @@ static void cm_format_mra(struct cm_mra_msg *mra_msg,
51485 static void cm_format_rej(struct cm_rej_msg *rej_msg,
51486 struct cm_id_private *cm_id_priv,
51487 enum ib_cm_rej_reason reason,
51488 - void *ari,
51489 + const void *ari,
51490 u8 ari_length,
51491 const void *private_data,
51492 u8 private_data_len)
51493 @@ -1476,7 +1476,7 @@ static void cm_dup_req_handler(struct cm_work *work,
51494 struct ib_mad_send_buf *msg = NULL;
51495 int ret;
51496
51497 - atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
51498 + atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
51499 counter[CM_REQ_COUNTER]);
51500
51501 /* Quick state check to discard duplicate REQs. */
51502 @@ -1884,7 +1884,7 @@ static void cm_dup_rep_handler(struct cm_work *work)
51503 if (!cm_id_priv)
51504 return;
51505
51506 - atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
51507 + atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
51508 counter[CM_REP_COUNTER]);
51509 ret = cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg);
51510 if (ret)
51511 @@ -2051,7 +2051,7 @@ static int cm_rtu_handler(struct cm_work *work)
51512 if (cm_id_priv->id.state != IB_CM_REP_SENT &&
51513 cm_id_priv->id.state != IB_CM_MRA_REP_RCVD) {
51514 spin_unlock_irq(&cm_id_priv->lock);
51515 - atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
51516 + atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
51517 counter[CM_RTU_COUNTER]);
51518 goto out;
51519 }
51520 @@ -2234,7 +2234,7 @@ static int cm_dreq_handler(struct cm_work *work)
51521 cm_id_priv = cm_acquire_id(dreq_msg->remote_comm_id,
51522 dreq_msg->local_comm_id);
51523 if (!cm_id_priv) {
51524 - atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
51525 + atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
51526 counter[CM_DREQ_COUNTER]);
51527 cm_issue_drep(work->port, work->mad_recv_wc);
51528 return -EINVAL;
51529 @@ -2259,7 +2259,7 @@ static int cm_dreq_handler(struct cm_work *work)
51530 case IB_CM_MRA_REP_RCVD:
51531 break;
51532 case IB_CM_TIMEWAIT:
51533 - atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
51534 + atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
51535 counter[CM_DREQ_COUNTER]);
51536 if (cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg))
51537 goto unlock;
51538 @@ -2273,7 +2273,7 @@ static int cm_dreq_handler(struct cm_work *work)
51539 cm_free_msg(msg);
51540 goto deref;
51541 case IB_CM_DREQ_RCVD:
51542 - atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
51543 + atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
51544 counter[CM_DREQ_COUNTER]);
51545 goto unlock;
51546 default:
51547 @@ -2336,12 +2336,13 @@ out:
51548 }
51549
51550 int ib_send_cm_rej(struct ib_cm_id *cm_id,
51551 - enum ib_cm_rej_reason reason,
51552 - void *ari,
51553 + int _reason,
51554 + const void *ari,
51555 u8 ari_length,
51556 const void *private_data,
51557 u8 private_data_len)
51558 {
51559 + enum ib_cm_rej_reason reason = _reason;
51560 struct cm_id_private *cm_id_priv;
51561 struct ib_mad_send_buf *msg;
51562 unsigned long flags;
51563 @@ -2640,7 +2641,7 @@ static int cm_mra_handler(struct cm_work *work)
51564 ib_modify_mad(cm_id_priv->av.port->mad_agent,
51565 cm_id_priv->msg, timeout)) {
51566 if (cm_id_priv->id.lap_state == IB_CM_MRA_LAP_RCVD)
51567 - atomic_long_inc(&work->port->
51568 + atomic_long_inc_unchecked(&work->port->
51569 counter_group[CM_RECV_DUPLICATES].
51570 counter[CM_MRA_COUNTER]);
51571 goto out;
51572 @@ -2649,7 +2650,7 @@ static int cm_mra_handler(struct cm_work *work)
51573 break;
51574 case IB_CM_MRA_REQ_RCVD:
51575 case IB_CM_MRA_REP_RCVD:
51576 - atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
51577 + atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
51578 counter[CM_MRA_COUNTER]);
51579 /* fall through */
51580 default:
51581 @@ -2811,7 +2812,7 @@ static int cm_lap_handler(struct cm_work *work)
51582 case IB_CM_LAP_IDLE:
51583 break;
51584 case IB_CM_MRA_LAP_SENT:
51585 - atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
51586 + atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
51587 counter[CM_LAP_COUNTER]);
51588 if (cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg))
51589 goto unlock;
51590 @@ -2827,7 +2828,7 @@ static int cm_lap_handler(struct cm_work *work)
51591 cm_free_msg(msg);
51592 goto deref;
51593 case IB_CM_LAP_RCVD:
51594 - atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
51595 + atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
51596 counter[CM_LAP_COUNTER]);
51597 goto unlock;
51598 default:
51599 @@ -2859,7 +2860,7 @@ deref: cm_deref_id(cm_id_priv);
51600 static void cm_format_apr(struct cm_apr_msg *apr_msg,
51601 struct cm_id_private *cm_id_priv,
51602 enum ib_cm_apr_status status,
51603 - void *info,
51604 + const void *info,
51605 u8 info_length,
51606 const void *private_data,
51607 u8 private_data_len)
51608 @@ -2879,12 +2880,13 @@ static void cm_format_apr(struct cm_apr_msg *apr_msg,
51609 }
51610
51611 int ib_send_cm_apr(struct ib_cm_id *cm_id,
51612 - enum ib_cm_apr_status status,
51613 - void *info,
51614 + int _status,
51615 + const void *info,
51616 u8 info_length,
51617 const void *private_data,
51618 u8 private_data_len)
51619 {
51620 + enum ib_cm_apr_status status = _status;
51621 struct cm_id_private *cm_id_priv;
51622 struct ib_mad_send_buf *msg;
51623 unsigned long flags;
51624 @@ -3113,7 +3115,7 @@ static int cm_sidr_req_handler(struct cm_work *work)
51625 cur_cm_id_priv = cm_insert_remote_sidr(cm_id_priv);
51626 if (cur_cm_id_priv) {
51627 spin_unlock_irq(&cm.lock);
51628 - atomic_long_inc(&work->port->counter_group[CM_RECV_DUPLICATES].
51629 + atomic_long_inc_unchecked(&work->port->counter_group[CM_RECV_DUPLICATES].
51630 counter[CM_SIDR_REQ_COUNTER]);
51631 goto out; /* Duplicate message. */
51632 }
51633 @@ -3327,10 +3329,10 @@ static void cm_send_handler(struct ib_mad_agent *mad_agent,
51634 if (!msg->context[0] && (attr_index != CM_REJ_COUNTER))
51635 msg->retries = 1;
51636
51637 - atomic_long_add(1 + msg->retries,
51638 + atomic_long_add_unchecked(1 + msg->retries,
51639 &port->counter_group[CM_XMIT].counter[attr_index]);
51640 if (msg->retries)
51641 - atomic_long_add(msg->retries,
51642 + atomic_long_add_unchecked(msg->retries,
51643 &port->counter_group[CM_XMIT_RETRIES].
51644 counter[attr_index]);
51645
51646 @@ -3557,7 +3559,7 @@ static void cm_recv_handler(struct ib_mad_agent *mad_agent,
51647 }
51648
51649 attr_id = be16_to_cpu(mad_recv_wc->recv_buf.mad->mad_hdr.attr_id);
51650 - atomic_long_inc(&port->counter_group[CM_RECV].
51651 + atomic_long_inc_unchecked(&port->counter_group[CM_RECV].
51652 counter[attr_id - CM_ATTR_ID_OFFSET]);
51653
51654 work = kmalloc(sizeof *work + sizeof(struct ib_sa_path_rec) * paths,
51655 @@ -3764,7 +3766,7 @@ static ssize_t cm_show_counter(struct kobject *obj, struct attribute *attr,
51656 cm_attr = container_of(attr, struct cm_counter_attribute, attr);
51657
51658 return sprintf(buf, "%ld\n",
51659 - atomic_long_read(&group->counter[cm_attr->index]));
51660 + atomic_long_read_unchecked(&group->counter[cm_attr->index]));
51661 }
51662
51663 static const struct sysfs_ops cm_counter_ops = {
51664 diff --git a/drivers/infiniband/core/fmr_pool.c b/drivers/infiniband/core/fmr_pool.c
51665 index cdbb1f1..7ed4277 100644
51666 --- a/drivers/infiniband/core/fmr_pool.c
51667 +++ b/drivers/infiniband/core/fmr_pool.c
51668 @@ -98,8 +98,8 @@ struct ib_fmr_pool {
51669
51670 struct task_struct *thread;
51671
51672 - atomic_t req_ser;
51673 - atomic_t flush_ser;
51674 + atomic_unchecked_t req_ser;
51675 + atomic_unchecked_t flush_ser;
51676
51677 wait_queue_head_t force_wait;
51678 };
51679 @@ -179,10 +179,10 @@ static int ib_fmr_cleanup_thread(void *pool_ptr)
51680 struct ib_fmr_pool *pool = pool_ptr;
51681
51682 do {
51683 - if (atomic_read(&pool->flush_ser) - atomic_read(&pool->req_ser) < 0) {
51684 + if (atomic_read_unchecked(&pool->flush_ser) - atomic_read_unchecked(&pool->req_ser) < 0) {
51685 ib_fmr_batch_release(pool);
51686
51687 - atomic_inc(&pool->flush_ser);
51688 + atomic_inc_unchecked(&pool->flush_ser);
51689 wake_up_interruptible(&pool->force_wait);
51690
51691 if (pool->flush_function)
51692 @@ -190,7 +190,7 @@ static int ib_fmr_cleanup_thread(void *pool_ptr)
51693 }
51694
51695 set_current_state(TASK_INTERRUPTIBLE);
51696 - if (atomic_read(&pool->flush_ser) - atomic_read(&pool->req_ser) >= 0 &&
51697 + if (atomic_read_unchecked(&pool->flush_ser) - atomic_read_unchecked(&pool->req_ser) >= 0 &&
51698 !kthread_should_stop())
51699 schedule();
51700 __set_current_state(TASK_RUNNING);
51701 @@ -262,8 +262,8 @@ struct ib_fmr_pool *ib_create_fmr_pool(struct ib_pd *pd,
51702 pool->dirty_watermark = params->dirty_watermark;
51703 pool->dirty_len = 0;
51704 spin_lock_init(&pool->pool_lock);
51705 - atomic_set(&pool->req_ser, 0);
51706 - atomic_set(&pool->flush_ser, 0);
51707 + atomic_set_unchecked(&pool->req_ser, 0);
51708 + atomic_set_unchecked(&pool->flush_ser, 0);
51709 init_waitqueue_head(&pool->force_wait);
51710
51711 pool->thread = kthread_run(ib_fmr_cleanup_thread,
51712 @@ -388,11 +388,11 @@ int ib_flush_fmr_pool(struct ib_fmr_pool *pool)
51713 }
51714 spin_unlock_irq(&pool->pool_lock);
51715
51716 - serial = atomic_inc_return(&pool->req_ser);
51717 + serial = atomic_inc_return_unchecked(&pool->req_ser);
51718 wake_up_process(pool->thread);
51719
51720 if (wait_event_interruptible(pool->force_wait,
51721 - atomic_read(&pool->flush_ser) - serial >= 0))
51722 + atomic_read_unchecked(&pool->flush_ser) - serial >= 0))
51723 return -EINTR;
51724
51725 return 0;
51726 @@ -502,7 +502,7 @@ int ib_fmr_pool_unmap(struct ib_pool_fmr *fmr)
51727 } else {
51728 list_add_tail(&fmr->list, &pool->dirty_list);
51729 if (++pool->dirty_len >= pool->dirty_watermark) {
51730 - atomic_inc(&pool->req_ser);
51731 + atomic_inc_unchecked(&pool->req_ser);
51732 wake_up_process(pool->thread);
51733 }
51734 }
51735 diff --git a/drivers/infiniband/core/netlink.c b/drivers/infiniband/core/netlink.c
51736 index 10469b0..e8b45f3 100644
51737 --- a/drivers/infiniband/core/netlink.c
51738 +++ b/drivers/infiniband/core/netlink.c
51739 @@ -176,11 +176,10 @@ static int ibnl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
51740 }
51741
51742 {
51743 - struct netlink_dump_control c = {
51744 + netlink_dump_control_no_const c = {
51745 .dump = client->cb_table[op].dump,
51746 - .module = client->cb_table[op].module,
51747 };
51748 - return netlink_dump_start(nls, skb, nlh, &c);
51749 + return __netlink_dump_start(nls, skb, nlh, &c, NULL, client->cb_table[op].module);
51750 }
51751 }
51752 }
51753 diff --git a/drivers/infiniband/core/sysfs.c b/drivers/infiniband/core/sysfs.c
51754 index 15defef..9cd7c28 100644
51755 --- a/drivers/infiniband/core/sysfs.c
51756 +++ b/drivers/infiniband/core/sysfs.c
51757 @@ -894,7 +894,7 @@ static struct attribute *alloc_hsa_lifespan(char *name, u8 port_num)
51758 static void setup_hw_stats(struct ib_device *device, struct ib_port *port,
51759 u8 port_num)
51760 {
51761 - struct attribute_group *hsag;
51762 + attribute_group_no_const *hsag;
51763 struct rdma_hw_stats *stats;
51764 int i, ret;
51765
51766 diff --git a/drivers/infiniband/core/ucm.c b/drivers/infiniband/core/ucm.c
51767 index 7713ef0..0bb2981 100644
51768 --- a/drivers/infiniband/core/ucm.c
51769 +++ b/drivers/infiniband/core/ucm.c
51770 @@ -920,14 +920,14 @@ static ssize_t ib_ucm_send_rej(struct ib_ucm_file *file,
51771 const char __user *inbuf,
51772 int in_len, int out_len)
51773 {
51774 - return ib_ucm_send_info(file, inbuf, in_len, (void *)ib_send_cm_rej);
51775 + return ib_ucm_send_info(file, inbuf, in_len, ib_send_cm_rej);
51776 }
51777
51778 static ssize_t ib_ucm_send_apr(struct ib_ucm_file *file,
51779 const char __user *inbuf,
51780 int in_len, int out_len)
51781 {
51782 - return ib_ucm_send_info(file, inbuf, in_len, (void *)ib_send_cm_apr);
51783 + return ib_ucm_send_info(file, inbuf, in_len, ib_send_cm_apr);
51784 }
51785
51786 static ssize_t ib_ucm_send_mra(struct ib_ucm_file *file,
51787 diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c
51788 index f664731..b46744f 100644
51789 --- a/drivers/infiniband/core/uverbs_cmd.c
51790 +++ b/drivers/infiniband/core/uverbs_cmd.c
51791 @@ -974,6 +974,9 @@ ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file,
51792 if (copy_from_user(&cmd, buf, sizeof cmd))
51793 return -EFAULT;
51794
51795 + if (!access_ok_noprefault(VERIFY_READ, cmd.start, cmd.length))
51796 + return -EFAULT;
51797 +
51798 INIT_UDATA(&udata, buf + sizeof cmd,
51799 (unsigned long) cmd.response + sizeof resp,
51800 in_len - sizeof cmd, out_len - sizeof resp);
51801 diff --git a/drivers/infiniband/hw/cxgb4/device.c b/drivers/infiniband/hw/cxgb4/device.c
51802 index 3c4b212..bf4f82b 100644
51803 --- a/drivers/infiniband/hw/cxgb4/device.c
51804 +++ b/drivers/infiniband/hw/cxgb4/device.c
51805 @@ -111,7 +111,7 @@ void c4iw_log_wr_stats(struct t4_wq *wq, struct t4_cqe *cqe)
51806 if (!wq->rdev->wr_log)
51807 return;
51808
51809 - idx = (atomic_inc_return(&wq->rdev->wr_log_idx) - 1) &
51810 + idx = (atomic_inc_return_unchecked(&wq->rdev->wr_log_idx) - 1) &
51811 (wq->rdev->wr_log_size - 1);
51812 le.poll_sge_ts = cxgb4_read_sge_timestamp(wq->rdev->lldi.ports[0]);
51813 getnstimeofday(&le.poll_host_ts);
51814 @@ -143,7 +143,7 @@ static int wr_log_show(struct seq_file *seq, void *v)
51815
51816 #define ts2ns(ts) div64_u64((ts) * dev->rdev.lldi.cclk_ps, 1000)
51817
51818 - idx = atomic_read(&dev->rdev.wr_log_idx) &
51819 + idx = atomic_read_unchecked(&dev->rdev.wr_log_idx) &
51820 (dev->rdev.wr_log_size - 1);
51821 end = idx - 1;
51822 if (end < 0)
51823 @@ -840,7 +840,7 @@ static int c4iw_rdev_open(struct c4iw_rdev *rdev)
51824 sizeof(*rdev->wr_log), GFP_KERNEL);
51825 if (rdev->wr_log) {
51826 rdev->wr_log_size = 1 << c4iw_wr_log_size_order;
51827 - atomic_set(&rdev->wr_log_idx, 0);
51828 + atomic_set_unchecked(&rdev->wr_log_idx, 0);
51829 } else {
51830 pr_err(MOD "error allocating wr_log. Logging disabled\n");
51831 }
51832 diff --git a/drivers/infiniband/hw/cxgb4/iw_cxgb4.h b/drivers/infiniband/hw/cxgb4/iw_cxgb4.h
51833 index 4b83b84..7d402e0 100644
51834 --- a/drivers/infiniband/hw/cxgb4/iw_cxgb4.h
51835 +++ b/drivers/infiniband/hw/cxgb4/iw_cxgb4.h
51836 @@ -180,7 +180,7 @@ struct c4iw_rdev {
51837 struct c4iw_stats stats;
51838 struct c4iw_hw_queue hw_queue;
51839 struct t4_dev_status_page *status_page;
51840 - atomic_t wr_log_idx;
51841 + atomic_unchecked_t wr_log_idx;
51842 struct wr_log_entry *wr_log;
51843 int wr_log_size;
51844 };
51845 diff --git a/drivers/infiniband/hw/cxgb4/mem.c b/drivers/infiniband/hw/cxgb4/mem.c
51846 index 0b91b0f..866b3b9 100644
51847 --- a/drivers/infiniband/hw/cxgb4/mem.c
51848 +++ b/drivers/infiniband/hw/cxgb4/mem.c
51849 @@ -266,7 +266,7 @@ static int write_tpt_entry(struct c4iw_rdev *rdev, u32 reset_tpt_entry,
51850 int err;
51851 struct fw_ri_tpte tpt;
51852 u32 stag_idx;
51853 - static atomic_t key;
51854 + static atomic_unchecked_t key;
51855
51856 if (c4iw_fatal_error(rdev))
51857 return -EIO;
51858 @@ -287,7 +287,7 @@ static int write_tpt_entry(struct c4iw_rdev *rdev, u32 reset_tpt_entry,
51859 if (rdev->stats.stag.cur > rdev->stats.stag.max)
51860 rdev->stats.stag.max = rdev->stats.stag.cur;
51861 mutex_unlock(&rdev->stats.lock);
51862 - *stag = (stag_idx << 8) | (atomic_inc_return(&key) & 0xff);
51863 + *stag = (stag_idx << 8) | (atomic_inc_return_unchecked(&key) & 0xff);
51864 }
51865 PDBG("%s stag_state 0x%0x type 0x%0x pdid 0x%0x, stag_idx 0x%x\n",
51866 __func__, stag_state, type, pdid, stag_idx);
51867 diff --git a/drivers/infiniband/hw/hfi1/pcie.c b/drivers/infiniband/hw/hfi1/pcie.c
51868 index 89c68da..addb2ad 100644
51869 --- a/drivers/infiniband/hw/hfi1/pcie.c
51870 +++ b/drivers/infiniband/hw/hfi1/pcie.c
51871 @@ -537,7 +537,7 @@ static void tune_pcie_caps(struct hfi1_devdata *dd)
51872 * PCI error infrastructure, registered via pci
51873 */
51874 static pci_ers_result_t
51875 -pci_error_detected(struct pci_dev *pdev, pci_channel_state_t state)
51876 +pci_error_detected(struct pci_dev *pdev, enum pci_channel_state state)
51877 {
51878 struct hfi1_devdata *dd = pci_get_drvdata(pdev);
51879 pci_ers_result_t ret = PCI_ERS_RESULT_RECOVERED;
51880 diff --git a/drivers/infiniband/hw/i40iw/i40iw_ctrl.c b/drivers/infiniband/hw/i40iw/i40iw_ctrl.c
51881 index 2c4b4d0..b45e806 100644
51882 --- a/drivers/infiniband/hw/i40iw/i40iw_ctrl.c
51883 +++ b/drivers/infiniband/hw/i40iw/i40iw_ctrl.c
51884 @@ -4604,46 +4604,46 @@ static void i40iw_hw_stat_refresh_all(struct i40iw_dev_pestat *devstat)
51885 }
51886
51887 static struct i40iw_cqp_ops iw_cqp_ops = {
51888 - i40iw_sc_cqp_init,
51889 - i40iw_sc_cqp_create,
51890 - i40iw_sc_cqp_post_sq,
51891 - i40iw_sc_cqp_get_next_send_wqe,
51892 - i40iw_sc_cqp_destroy,
51893 - i40iw_sc_poll_for_cqp_op_done
51894 + .cqp_init = i40iw_sc_cqp_init,
51895 + .cqp_create = i40iw_sc_cqp_create,
51896 + .cqp_post_sq = i40iw_sc_cqp_post_sq,
51897 + .cqp_get_next_send_wqe = i40iw_sc_cqp_get_next_send_wqe,
51898 + .cqp_destroy = i40iw_sc_cqp_destroy,
51899 + .poll_for_cqp_op_done = i40iw_sc_poll_for_cqp_op_done
51900 };
51901
51902 static struct i40iw_ccq_ops iw_ccq_ops = {
51903 - i40iw_sc_ccq_init,
51904 - i40iw_sc_ccq_create,
51905 - i40iw_sc_ccq_destroy,
51906 - i40iw_sc_ccq_create_done,
51907 - i40iw_sc_ccq_get_cqe_info,
51908 - i40iw_sc_ccq_arm
51909 + .ccq_init = i40iw_sc_ccq_init,
51910 + .ccq_create = i40iw_sc_ccq_create,
51911 + .ccq_destroy = i40iw_sc_ccq_destroy,
51912 + .ccq_create_done = i40iw_sc_ccq_create_done,
51913 + .ccq_get_cqe_info = i40iw_sc_ccq_get_cqe_info,
51914 + .ccq_arm = i40iw_sc_ccq_arm
51915 };
51916
51917 static struct i40iw_ceq_ops iw_ceq_ops = {
51918 - i40iw_sc_ceq_init,
51919 - i40iw_sc_ceq_create,
51920 - i40iw_sc_cceq_create_done,
51921 - i40iw_sc_cceq_destroy_done,
51922 - i40iw_sc_cceq_create,
51923 - i40iw_sc_ceq_destroy,
51924 - i40iw_sc_process_ceq
51925 + .ceq_init = i40iw_sc_ceq_init,
51926 + .ceq_create = i40iw_sc_ceq_create,
51927 + .cceq_create_done = i40iw_sc_cceq_create_done,
51928 + .cceq_destroy_done = i40iw_sc_cceq_destroy_done,
51929 + .cceq_create = i40iw_sc_cceq_create,
51930 + .ceq_destroy = i40iw_sc_ceq_destroy,
51931 + .process_ceq = i40iw_sc_process_ceq
51932 };
51933
51934 static struct i40iw_aeq_ops iw_aeq_ops = {
51935 - i40iw_sc_aeq_init,
51936 - i40iw_sc_aeq_create,
51937 - i40iw_sc_aeq_destroy,
51938 - i40iw_sc_get_next_aeqe,
51939 - i40iw_sc_repost_aeq_entries,
51940 - i40iw_sc_aeq_create_done,
51941 - i40iw_sc_aeq_destroy_done
51942 + .aeq_init = i40iw_sc_aeq_init,
51943 + .aeq_create = i40iw_sc_aeq_create,
51944 + .aeq_destroy = i40iw_sc_aeq_destroy,
51945 + .get_next_aeqe = i40iw_sc_get_next_aeqe,
51946 + .repost_aeq_entries = i40iw_sc_repost_aeq_entries,
51947 + .aeq_create_done = i40iw_sc_aeq_create_done,
51948 + .aeq_destroy_done = i40iw_sc_aeq_destroy_done
51949 };
51950
51951 /* iwarp pd ops */
51952 static struct i40iw_pd_ops iw_pd_ops = {
51953 - i40iw_sc_pd_init,
51954 + .pd_init = i40iw_sc_pd_init,
51955 };
51956
51957 static struct i40iw_priv_qp_ops iw_priv_qp_ops = {
51958 @@ -4662,61 +4662,59 @@ static struct i40iw_priv_qp_ops iw_priv_qp_ops = {
51959 };
51960
51961 static struct i40iw_priv_cq_ops iw_priv_cq_ops = {
51962 - i40iw_sc_cq_init,
51963 - i40iw_sc_cq_create,
51964 - i40iw_sc_cq_destroy,
51965 - i40iw_sc_cq_modify,
51966 + .cq_init = i40iw_sc_cq_init,
51967 + .cq_create = i40iw_sc_cq_create,
51968 + .cq_destroy = i40iw_sc_cq_destroy,
51969 + .cq_modify = i40iw_sc_cq_modify,
51970 };
51971
51972 static struct i40iw_mr_ops iw_mr_ops = {
51973 - i40iw_sc_alloc_stag,
51974 - i40iw_sc_mr_reg_non_shared,
51975 - i40iw_sc_mr_reg_shared,
51976 - i40iw_sc_dealloc_stag,
51977 - i40iw_sc_query_stag,
51978 - i40iw_sc_mw_alloc
51979 + .alloc_stag = i40iw_sc_alloc_stag,
51980 + .mr_reg_non_shared = i40iw_sc_mr_reg_non_shared,
51981 + .mr_reg_shared = i40iw_sc_mr_reg_shared,
51982 + .dealloc_stag = i40iw_sc_dealloc_stag,
51983 + .query_stag = i40iw_sc_query_stag,
51984 + .mw_alloc = i40iw_sc_mw_alloc
51985 };
51986
51987 static struct i40iw_cqp_misc_ops iw_cqp_misc_ops = {
51988 - i40iw_sc_manage_push_page,
51989 - i40iw_sc_manage_hmc_pm_func_table,
51990 - i40iw_sc_set_hmc_resource_profile,
51991 - i40iw_sc_commit_fpm_values,
51992 - i40iw_sc_query_fpm_values,
51993 - i40iw_sc_static_hmc_pages_allocated,
51994 - i40iw_sc_add_arp_cache_entry,
51995 - i40iw_sc_del_arp_cache_entry,
51996 - i40iw_sc_query_arp_cache_entry,
51997 - i40iw_sc_manage_apbvt_entry,
51998 - i40iw_sc_manage_qhash_table_entry,
51999 - i40iw_sc_alloc_local_mac_ipaddr_entry,
52000 - i40iw_sc_add_local_mac_ipaddr_entry,
52001 - i40iw_sc_del_local_mac_ipaddr_entry,
52002 - i40iw_sc_cqp_nop,
52003 - i40iw_sc_commit_fpm_values_done,
52004 - i40iw_sc_query_fpm_values_done,
52005 - i40iw_sc_manage_hmc_pm_func_table_done,
52006 - i40iw_sc_suspend_qp,
52007 - i40iw_sc_resume_qp
52008 + .manage_push_page = i40iw_sc_manage_push_page,
52009 + .manage_hmc_pm_func_table = i40iw_sc_manage_hmc_pm_func_table,
52010 + .set_hmc_resource_profile = i40iw_sc_set_hmc_resource_profile,
52011 + .commit_fpm_values = i40iw_sc_commit_fpm_values,
52012 + .query_fpm_values = i40iw_sc_query_fpm_values,
52013 + .static_hmc_pages_allocated = i40iw_sc_static_hmc_pages_allocated,
52014 + .add_arp_cache_entry = i40iw_sc_add_arp_cache_entry,
52015 + .del_arp_cache_entry = i40iw_sc_del_arp_cache_entry,
52016 + .query_arp_cache_entry = i40iw_sc_query_arp_cache_entry,
52017 + .manage_apbvt_entry = i40iw_sc_manage_apbvt_entry,
52018 + .manage_qhash_table_entry = i40iw_sc_manage_qhash_table_entry,
52019 + .alloc_local_mac_ipaddr_table_entry = i40iw_sc_alloc_local_mac_ipaddr_entry,
52020 + .add_local_mac_ipaddr_entry = i40iw_sc_add_local_mac_ipaddr_entry,
52021 + .del_local_mac_ipaddr_entry = i40iw_sc_del_local_mac_ipaddr_entry,
52022 + .cqp_nop = i40iw_sc_cqp_nop,
52023 + .commit_fpm_values_done = i40iw_sc_commit_fpm_values_done,
52024 + .query_fpm_values_done = i40iw_sc_query_fpm_values_done,
52025 + .manage_hmc_pm_func_table_done = i40iw_sc_manage_hmc_pm_func_table_done,
52026 + .update_suspend_qp = i40iw_sc_suspend_qp,
52027 + .update_resume_qp = i40iw_sc_resume_qp
52028 };
52029
52030 static struct i40iw_hmc_ops iw_hmc_ops = {
52031 - i40iw_sc_init_iw_hmc,
52032 - i40iw_sc_parse_fpm_query_buf,
52033 - i40iw_sc_configure_iw_fpm,
52034 - i40iw_sc_parse_fpm_commit_buf,
52035 - i40iw_sc_create_hmc_obj,
52036 - i40iw_sc_del_hmc_obj,
52037 - NULL,
52038 - NULL
52039 + .init_iw_hmc = i40iw_sc_init_iw_hmc,
52040 + .parse_fpm_query_buf = i40iw_sc_parse_fpm_query_buf,
52041 + .configure_iw_fpm = i40iw_sc_configure_iw_fpm,
52042 + .parse_fpm_commit_buf = i40iw_sc_parse_fpm_commit_buf,
52043 + .create_hmc_object = i40iw_sc_create_hmc_obj,
52044 + .del_hmc_object = i40iw_sc_del_hmc_obj
52045 };
52046
52047 static const struct i40iw_device_pestat_ops iw_device_pestat_ops = {
52048 - i40iw_hw_stat_init,
52049 - i40iw_hw_stat_read_32,
52050 - i40iw_hw_stat_read_64,
52051 - i40iw_hw_stat_read_all,
52052 - i40iw_hw_stat_refresh_all
52053 + .iw_hw_stat_init = i40iw_hw_stat_init,
52054 + .iw_hw_stat_read_32 = i40iw_hw_stat_read_32,
52055 + .iw_hw_stat_read_64 = i40iw_hw_stat_read_64,
52056 + .iw_hw_stat_read_all = i40iw_hw_stat_read_all,
52057 + .iw_hw_stat_refresh_all = i40iw_hw_stat_refresh_all
52058 };
52059
52060 /**
52061 diff --git a/drivers/infiniband/hw/i40iw/i40iw_uk.c b/drivers/infiniband/hw/i40iw/i40iw_uk.c
52062 index 4d28c3c..ec6b0b7 100644
52063 --- a/drivers/infiniband/hw/i40iw/i40iw_uk.c
52064 +++ b/drivers/infiniband/hw/i40iw/i40iw_uk.c
52065 @@ -919,29 +919,29 @@ enum i40iw_status_code i40iw_get_wqe_shift(u32 wqdepth, u32 sge, u32 inline_data
52066 }
52067
52068 static struct i40iw_qp_uk_ops iw_qp_uk_ops = {
52069 - i40iw_qp_post_wr,
52070 - i40iw_qp_ring_push_db,
52071 - i40iw_rdma_write,
52072 - i40iw_rdma_read,
52073 - i40iw_send,
52074 - i40iw_inline_rdma_write,
52075 - i40iw_inline_send,
52076 - i40iw_stag_local_invalidate,
52077 - i40iw_mw_bind,
52078 - i40iw_post_receive,
52079 - i40iw_nop
52080 + .iw_qp_post_wr = i40iw_qp_post_wr,
52081 + .iw_qp_ring_push_db = i40iw_qp_ring_push_db,
52082 + .iw_rdma_write = i40iw_rdma_write,
52083 + .iw_rdma_read = i40iw_rdma_read,
52084 + .iw_send = i40iw_send,
52085 + .iw_inline_rdma_write = i40iw_inline_rdma_write,
52086 + .iw_inline_send = i40iw_inline_send,
52087 + .iw_stag_local_invalidate = i40iw_stag_local_invalidate,
52088 + .iw_mw_bind = i40iw_mw_bind,
52089 + .iw_post_receive = i40iw_post_receive,
52090 + .iw_post_nop = i40iw_nop
52091 };
52092
52093 static struct i40iw_cq_ops iw_cq_ops = {
52094 - i40iw_cq_request_notification,
52095 - i40iw_cq_poll_completion,
52096 - i40iw_cq_post_entries,
52097 - i40iw_clean_cq
52098 + .iw_cq_request_notification = i40iw_cq_request_notification,
52099 + .iw_cq_poll_completion = i40iw_cq_poll_completion,
52100 + .iw_cq_post_entries = i40iw_cq_post_entries,
52101 + .iw_cq_clean = i40iw_clean_cq
52102 };
52103
52104 static struct i40iw_device_uk_ops iw_device_uk_ops = {
52105 - i40iw_cq_uk_init,
52106 - i40iw_qp_uk_init,
52107 + .iwarp_cq_uk_init = i40iw_cq_uk_init,
52108 + .iwarp_qp_uk_init = i40iw_qp_uk_init,
52109 };
52110
52111 /**
52112 diff --git a/drivers/infiniband/hw/i40iw/i40iw_user.h b/drivers/infiniband/hw/i40iw/i40iw_user.h
52113 index 276bcef..b2e3684 100644
52114 --- a/drivers/infiniband/hw/i40iw/i40iw_user.h
52115 +++ b/drivers/infiniband/hw/i40iw/i40iw_user.h
52116 @@ -343,7 +343,7 @@ struct i40iw_device_uk_ops {
52117
52118 struct i40iw_dev_uk {
52119 struct i40iw_device_uk_ops ops_uk;
52120 -};
52121 +} __no_const;
52122
52123 struct i40iw_sq_uk_wr_trk_info {
52124 u64 wrid;
52125 diff --git a/drivers/infiniband/hw/mlx4/mad.c b/drivers/infiniband/hw/mlx4/mad.c
52126 index 0f21c3a..257e0a7 100644
52127 --- a/drivers/infiniband/hw/mlx4/mad.c
52128 +++ b/drivers/infiniband/hw/mlx4/mad.c
52129 @@ -99,7 +99,7 @@ __be64 mlx4_ib_gen_node_guid(void)
52130
52131 __be64 mlx4_ib_get_new_demux_tid(struct mlx4_ib_demux_ctx *ctx)
52132 {
52133 - return cpu_to_be64(atomic_inc_return(&ctx->tid)) |
52134 + return cpu_to_be64(atomic_inc_return_unchecked(&ctx->tid)) |
52135 cpu_to_be64(0xff00000000000000LL);
52136 }
52137
52138 diff --git a/drivers/infiniband/hw/mlx4/mcg.c b/drivers/infiniband/hw/mlx4/mcg.c
52139 index 097bfcc..06fe83a 100644
52140 --- a/drivers/infiniband/hw/mlx4/mcg.c
52141 +++ b/drivers/infiniband/hw/mlx4/mcg.c
52142 @@ -1043,7 +1043,7 @@ int mlx4_ib_mcg_port_init(struct mlx4_ib_demux_ctx *ctx)
52143 {
52144 char name[20];
52145
52146 - atomic_set(&ctx->tid, 0);
52147 + atomic_set_unchecked(&ctx->tid, 0);
52148 sprintf(name, "mlx4_ib_mcg%d", ctx->port);
52149 ctx->mcg_wq = create_singlethread_workqueue(name);
52150 if (!ctx->mcg_wq)
52151 diff --git a/drivers/infiniband/hw/mlx4/mlx4_ib.h b/drivers/infiniband/hw/mlx4/mlx4_ib.h
52152 index 686ab48..736a1d7 100644
52153 --- a/drivers/infiniband/hw/mlx4/mlx4_ib.h
52154 +++ b/drivers/infiniband/hw/mlx4/mlx4_ib.h
52155 @@ -457,7 +457,7 @@ struct mlx4_ib_demux_ctx {
52156 struct list_head mcg_mgid0_list;
52157 struct workqueue_struct *mcg_wq;
52158 struct mlx4_ib_demux_pv_ctx **tun;
52159 - atomic_t tid;
52160 + atomic_unchecked_t tid;
52161 int flushing; /* flushing the work queue */
52162 };
52163
52164 diff --git a/drivers/infiniband/hw/mthca/mthca_cmd.c b/drivers/infiniband/hw/mthca/mthca_cmd.c
52165 index c7f49bb..6a021bb 100644
52166 --- a/drivers/infiniband/hw/mthca/mthca_cmd.c
52167 +++ b/drivers/infiniband/hw/mthca/mthca_cmd.c
52168 @@ -772,7 +772,7 @@ static void mthca_setup_cmd_doorbells(struct mthca_dev *dev, u64 base)
52169 mthca_dbg(dev, "Mapped doorbell page for posting FW commands\n");
52170 }
52171
52172 -int mthca_QUERY_FW(struct mthca_dev *dev)
52173 +int __intentional_overflow(-1) mthca_QUERY_FW(struct mthca_dev *dev)
52174 {
52175 struct mthca_mailbox *mailbox;
52176 u32 *outbox;
52177 @@ -1612,7 +1612,7 @@ int mthca_HW2SW_MPT(struct mthca_dev *dev, struct mthca_mailbox *mailbox,
52178 CMD_TIME_CLASS_B);
52179 }
52180
52181 -int mthca_WRITE_MTT(struct mthca_dev *dev, struct mthca_mailbox *mailbox,
52182 +int __intentional_overflow(-1) mthca_WRITE_MTT(struct mthca_dev *dev, struct mthca_mailbox *mailbox,
52183 int num_mtt)
52184 {
52185 return mthca_cmd(dev, mailbox->dma, num_mtt, 0, CMD_WRITE_MTT,
52186 @@ -1634,7 +1634,7 @@ int mthca_MAP_EQ(struct mthca_dev *dev, u64 event_mask, int unmap,
52187 0, CMD_MAP_EQ, CMD_TIME_CLASS_B);
52188 }
52189
52190 -int mthca_SW2HW_EQ(struct mthca_dev *dev, struct mthca_mailbox *mailbox,
52191 +int __intentional_overflow(-1) mthca_SW2HW_EQ(struct mthca_dev *dev, struct mthca_mailbox *mailbox,
52192 int eq_num)
52193 {
52194 return mthca_cmd(dev, mailbox->dma, eq_num, 0, CMD_SW2HW_EQ,
52195 @@ -1857,7 +1857,7 @@ int mthca_CONF_SPECIAL_QP(struct mthca_dev *dev, int type, u32 qpn)
52196 CMD_TIME_CLASS_B);
52197 }
52198
52199 -int mthca_MAD_IFC(struct mthca_dev *dev, int ignore_mkey, int ignore_bkey,
52200 +int __intentional_overflow(-1) mthca_MAD_IFC(struct mthca_dev *dev, int ignore_mkey, int ignore_bkey,
52201 int port, const struct ib_wc *in_wc, const struct ib_grh *in_grh,
52202 const void *in_mad, void *response_mad)
52203 {
52204 diff --git a/drivers/infiniband/hw/mthca/mthca_main.c b/drivers/infiniband/hw/mthca/mthca_main.c
52205 index ded76c1..0cf0a08 100644
52206 --- a/drivers/infiniband/hw/mthca/mthca_main.c
52207 +++ b/drivers/infiniband/hw/mthca/mthca_main.c
52208 @@ -692,7 +692,7 @@ err_close:
52209 return err;
52210 }
52211
52212 -static int mthca_setup_hca(struct mthca_dev *dev)
52213 +static int __intentional_overflow(-1) mthca_setup_hca(struct mthca_dev *dev)
52214 {
52215 int err;
52216
52217 diff --git a/drivers/infiniband/hw/mthca/mthca_mr.c b/drivers/infiniband/hw/mthca/mthca_mr.c
52218 index ed9a989..6aa5dc2 100644
52219 --- a/drivers/infiniband/hw/mthca/mthca_mr.c
52220 +++ b/drivers/infiniband/hw/mthca/mthca_mr.c
52221 @@ -81,7 +81,7 @@ struct mthca_mpt_entry {
52222 * through the bitmaps)
52223 */
52224
52225 -static u32 mthca_buddy_alloc(struct mthca_buddy *buddy, int order)
52226 +static u32 __intentional_overflow(-1) mthca_buddy_alloc(struct mthca_buddy *buddy, int order)
52227 {
52228 int o;
52229 int m;
52230 @@ -426,7 +426,7 @@ static inline u32 adjust_key(struct mthca_dev *dev, u32 key)
52231 return key;
52232 }
52233
52234 -int mthca_mr_alloc(struct mthca_dev *dev, u32 pd, int buffer_size_shift,
52235 +int __intentional_overflow(-1) mthca_mr_alloc(struct mthca_dev *dev, u32 pd, int buffer_size_shift,
52236 u64 iova, u64 total_size, u32 access, struct mthca_mr *mr)
52237 {
52238 struct mthca_mailbox *mailbox;
52239 @@ -516,7 +516,7 @@ int mthca_mr_alloc_notrans(struct mthca_dev *dev, u32 pd,
52240 return mthca_mr_alloc(dev, pd, 12, 0, ~0ULL, access, mr);
52241 }
52242
52243 -int mthca_mr_alloc_phys(struct mthca_dev *dev, u32 pd,
52244 +int __intentional_overflow(-1) mthca_mr_alloc_phys(struct mthca_dev *dev, u32 pd,
52245 u64 *buffer_list, int buffer_size_shift,
52246 int list_len, u64 iova, u64 total_size,
52247 u32 access, struct mthca_mr *mr)
52248 diff --git a/drivers/infiniband/hw/mthca/mthca_provider.c b/drivers/infiniband/hw/mthca/mthca_provider.c
52249 index da2335f..d6f4677 100644
52250 --- a/drivers/infiniband/hw/mthca/mthca_provider.c
52251 +++ b/drivers/infiniband/hw/mthca/mthca_provider.c
52252 @@ -772,7 +772,7 @@ unlock:
52253 return 0;
52254 }
52255
52256 -static int mthca_resize_cq(struct ib_cq *ibcq, int entries, struct ib_udata *udata)
52257 +static int __intentional_overflow(-1) mthca_resize_cq(struct ib_cq *ibcq, int entries, struct ib_udata *udata)
52258 {
52259 struct mthca_dev *dev = to_mdev(ibcq->device);
52260 struct mthca_cq *cq = to_mcq(ibcq);
52261 diff --git a/drivers/infiniband/hw/nes/nes.c b/drivers/infiniband/hw/nes/nes.c
52262 index 35cbb17..d336a68 100644
52263 --- a/drivers/infiniband/hw/nes/nes.c
52264 +++ b/drivers/infiniband/hw/nes/nes.c
52265 @@ -97,7 +97,7 @@ MODULE_PARM_DESC(limit_maxrdreqsz, "Limit max read request size to 256 Bytes");
52266 LIST_HEAD(nes_adapter_list);
52267 static LIST_HEAD(nes_dev_list);
52268
52269 -atomic_t qps_destroyed;
52270 +atomic_unchecked_t qps_destroyed;
52271
52272 static unsigned int ee_flsh_adapter;
52273 static unsigned int sysfs_nonidx_addr;
52274 @@ -268,7 +268,7 @@ static void nes_cqp_rem_ref_callback(struct nes_device *nesdev, struct nes_cqp_r
52275 struct nes_qp *nesqp = cqp_request->cqp_callback_pointer;
52276 struct nes_adapter *nesadapter = nesdev->nesadapter;
52277
52278 - atomic_inc(&qps_destroyed);
52279 + atomic_inc_unchecked(&qps_destroyed);
52280
52281 /* Free the control structures */
52282
52283 diff --git a/drivers/infiniband/hw/nes/nes.h b/drivers/infiniband/hw/nes/nes.h
52284 index bd9d132..70d84f4 100644
52285 --- a/drivers/infiniband/hw/nes/nes.h
52286 +++ b/drivers/infiniband/hw/nes/nes.h
52287 @@ -180,17 +180,17 @@ extern unsigned int nes_debug_level;
52288 extern unsigned int wqm_quanta;
52289 extern struct list_head nes_adapter_list;
52290
52291 -extern atomic_t cm_connects;
52292 -extern atomic_t cm_accepts;
52293 -extern atomic_t cm_disconnects;
52294 -extern atomic_t cm_closes;
52295 -extern atomic_t cm_connecteds;
52296 -extern atomic_t cm_connect_reqs;
52297 -extern atomic_t cm_rejects;
52298 -extern atomic_t mod_qp_timouts;
52299 -extern atomic_t qps_created;
52300 -extern atomic_t qps_destroyed;
52301 -extern atomic_t sw_qps_destroyed;
52302 +extern atomic_unchecked_t cm_connects;
52303 +extern atomic_unchecked_t cm_accepts;
52304 +extern atomic_unchecked_t cm_disconnects;
52305 +extern atomic_unchecked_t cm_closes;
52306 +extern atomic_unchecked_t cm_connecteds;
52307 +extern atomic_unchecked_t cm_connect_reqs;
52308 +extern atomic_unchecked_t cm_rejects;
52309 +extern atomic_unchecked_t mod_qp_timouts;
52310 +extern atomic_unchecked_t qps_created;
52311 +extern atomic_unchecked_t qps_destroyed;
52312 +extern atomic_unchecked_t sw_qps_destroyed;
52313 extern u32 mh_detected;
52314 extern u32 mh_pauses_sent;
52315 extern u32 cm_packets_sent;
52316 @@ -199,16 +199,16 @@ extern u32 cm_packets_created;
52317 extern u32 cm_packets_received;
52318 extern u32 cm_packets_dropped;
52319 extern u32 cm_packets_retrans;
52320 -extern atomic_t cm_listens_created;
52321 -extern atomic_t cm_listens_destroyed;
52322 +extern atomic_unchecked_t cm_listens_created;
52323 +extern atomic_unchecked_t cm_listens_destroyed;
52324 extern u32 cm_backlog_drops;
52325 -extern atomic_t cm_loopbacks;
52326 -extern atomic_t cm_nodes_created;
52327 -extern atomic_t cm_nodes_destroyed;
52328 -extern atomic_t cm_accel_dropped_pkts;
52329 -extern atomic_t cm_resets_recvd;
52330 -extern atomic_t pau_qps_created;
52331 -extern atomic_t pau_qps_destroyed;
52332 +extern atomic_unchecked_t cm_loopbacks;
52333 +extern atomic_unchecked_t cm_nodes_created;
52334 +extern atomic_unchecked_t cm_nodes_destroyed;
52335 +extern atomic_unchecked_t cm_accel_dropped_pkts;
52336 +extern atomic_unchecked_t cm_resets_recvd;
52337 +extern atomic_unchecked_t pau_qps_created;
52338 +extern atomic_unchecked_t pau_qps_destroyed;
52339
52340 extern u32 int_mod_timer_init;
52341 extern u32 int_mod_cq_depth_256;
52342 diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/nes/nes_cm.c
52343 index 7f0aa23..3c20939 100644
52344 --- a/drivers/infiniband/hw/nes/nes_cm.c
52345 +++ b/drivers/infiniband/hw/nes/nes_cm.c
52346 @@ -69,14 +69,14 @@ u32 cm_packets_dropped;
52347 u32 cm_packets_retrans;
52348 u32 cm_packets_created;
52349 u32 cm_packets_received;
52350 -atomic_t cm_listens_created;
52351 -atomic_t cm_listens_destroyed;
52352 +atomic_unchecked_t cm_listens_created;
52353 +atomic_unchecked_t cm_listens_destroyed;
52354 u32 cm_backlog_drops;
52355 -atomic_t cm_loopbacks;
52356 -atomic_t cm_nodes_created;
52357 -atomic_t cm_nodes_destroyed;
52358 -atomic_t cm_accel_dropped_pkts;
52359 -atomic_t cm_resets_recvd;
52360 +atomic_unchecked_t cm_loopbacks;
52361 +atomic_unchecked_t cm_nodes_created;
52362 +atomic_unchecked_t cm_nodes_destroyed;
52363 +atomic_unchecked_t cm_accel_dropped_pkts;
52364 +atomic_unchecked_t cm_resets_recvd;
52365
52366 static inline int mini_cm_accelerated(struct nes_cm_core *, struct nes_cm_node *);
52367 static struct nes_cm_listener *mini_cm_listen(struct nes_cm_core *, struct nes_vnic *, struct nes_cm_info *);
52368 @@ -135,28 +135,28 @@ static void record_ird_ord(struct nes_cm_node *, u16, u16);
52369 /* instance of function pointers for client API */
52370 /* set address of this instance to cm_core->cm_ops at cm_core alloc */
52371 static const struct nes_cm_ops nes_cm_api = {
52372 - mini_cm_accelerated,
52373 - mini_cm_listen,
52374 - mini_cm_del_listen,
52375 - mini_cm_connect,
52376 - mini_cm_close,
52377 - mini_cm_accept,
52378 - mini_cm_reject,
52379 - mini_cm_recv_pkt,
52380 - mini_cm_dealloc_core,
52381 - mini_cm_get,
52382 - mini_cm_set
52383 + .accelerated = mini_cm_accelerated,
52384 + .listen = mini_cm_listen,
52385 + .stop_listener = mini_cm_del_listen,
52386 + .connect = mini_cm_connect,
52387 + .close = mini_cm_close,
52388 + .accept = mini_cm_accept,
52389 + .reject = mini_cm_reject,
52390 + .recv_pkt = mini_cm_recv_pkt,
52391 + .destroy_cm_core = mini_cm_dealloc_core,
52392 + .get = mini_cm_get,
52393 + .set = mini_cm_set
52394 };
52395
52396 static struct nes_cm_core *g_cm_core;
52397
52398 -atomic_t cm_connects;
52399 -atomic_t cm_accepts;
52400 -atomic_t cm_disconnects;
52401 -atomic_t cm_closes;
52402 -atomic_t cm_connecteds;
52403 -atomic_t cm_connect_reqs;
52404 -atomic_t cm_rejects;
52405 +atomic_unchecked_t cm_connects;
52406 +atomic_unchecked_t cm_accepts;
52407 +atomic_unchecked_t cm_disconnects;
52408 +atomic_unchecked_t cm_closes;
52409 +atomic_unchecked_t cm_connecteds;
52410 +atomic_unchecked_t cm_connect_reqs;
52411 +atomic_unchecked_t cm_rejects;
52412
52413 int nes_add_ref_cm_node(struct nes_cm_node *cm_node)
52414 {
52415 @@ -1333,7 +1333,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core,
52416 kfree(listener);
52417 listener = NULL;
52418 ret = 0;
52419 - atomic_inc(&cm_listens_destroyed);
52420 + atomic_inc_unchecked(&cm_listens_destroyed);
52421 } else {
52422 spin_unlock_irqrestore(&cm_core->listen_list_lock, flags);
52423 }
52424 @@ -1537,7 +1537,7 @@ static struct nes_cm_node *make_cm_node(struct nes_cm_core *cm_core,
52425 cm_node->rem_mac);
52426
52427 add_hte_node(cm_core, cm_node);
52428 - atomic_inc(&cm_nodes_created);
52429 + atomic_inc_unchecked(&cm_nodes_created);
52430
52431 return cm_node;
52432 }
52433 @@ -1596,7 +1596,7 @@ static int rem_ref_cm_node(struct nes_cm_core *cm_core,
52434 }
52435
52436 atomic_dec(&cm_core->node_cnt);
52437 - atomic_inc(&cm_nodes_destroyed);
52438 + atomic_inc_unchecked(&cm_nodes_destroyed);
52439 nesqp = cm_node->nesqp;
52440 if (nesqp) {
52441 nesqp->cm_node = NULL;
52442 @@ -1660,7 +1660,7 @@ static int process_options(struct nes_cm_node *cm_node, u8 *optionsloc,
52443
52444 static void drop_packet(struct sk_buff *skb)
52445 {
52446 - atomic_inc(&cm_accel_dropped_pkts);
52447 + atomic_inc_unchecked(&cm_accel_dropped_pkts);
52448 dev_kfree_skb_any(skb);
52449 }
52450
52451 @@ -1723,7 +1723,7 @@ static void handle_rst_pkt(struct nes_cm_node *cm_node, struct sk_buff *skb,
52452 {
52453
52454 int reset = 0; /* whether to send reset in case of err.. */
52455 - atomic_inc(&cm_resets_recvd);
52456 + atomic_inc_unchecked(&cm_resets_recvd);
52457 nes_debug(NES_DBG_CM, "Received Reset, cm_node = %p, state = %u."
52458 " refcnt=%d\n", cm_node, cm_node->state,
52459 atomic_read(&cm_node->ref_count));
52460 @@ -2369,7 +2369,7 @@ static struct nes_cm_node *mini_cm_connect(struct nes_cm_core *cm_core,
52461 rem_ref_cm_node(cm_node->cm_core, cm_node);
52462 return NULL;
52463 }
52464 - atomic_inc(&cm_loopbacks);
52465 + atomic_inc_unchecked(&cm_loopbacks);
52466 loopbackremotenode->loopbackpartner = cm_node;
52467 loopbackremotenode->tcp_cntxt.rcv_wscale =
52468 NES_CM_DEFAULT_RCV_WND_SCALE;
52469 @@ -2644,7 +2644,7 @@ static int mini_cm_recv_pkt(struct nes_cm_core *cm_core,
52470 nes_queue_mgt_skbs(skb, nesvnic, cm_node->nesqp);
52471 else {
52472 rem_ref_cm_node(cm_core, cm_node);
52473 - atomic_inc(&cm_accel_dropped_pkts);
52474 + atomic_inc_unchecked(&cm_accel_dropped_pkts);
52475 dev_kfree_skb_any(skb);
52476 }
52477 break;
52478 @@ -2965,7 +2965,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp)
52479
52480 if ((cm_id) && (cm_id->event_handler)) {
52481 if (issue_disconn) {
52482 - atomic_inc(&cm_disconnects);
52483 + atomic_inc_unchecked(&cm_disconnects);
52484 cm_event.event = IW_CM_EVENT_DISCONNECT;
52485 cm_event.status = disconn_status;
52486 cm_event.local_addr = cm_id->m_local_addr;
52487 @@ -2987,7 +2987,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp)
52488 }
52489
52490 if (issue_close) {
52491 - atomic_inc(&cm_closes);
52492 + atomic_inc_unchecked(&cm_closes);
52493 nes_disconnect(nesqp, 1);
52494
52495 cm_id->provider_data = nesqp;
52496 @@ -3124,7 +3124,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
52497
52498 nes_debug(NES_DBG_CM, "QP%u, cm_node=%p, jiffies = %lu listener = %p\n",
52499 nesqp->hwqp.qp_id, cm_node, jiffies, cm_node->listener);
52500 - atomic_inc(&cm_accepts);
52501 + atomic_inc_unchecked(&cm_accepts);
52502
52503 nes_debug(NES_DBG_CM, "netdev refcnt = %u.\n",
52504 netdev_refcnt_read(nesvnic->netdev));
52505 @@ -3320,7 +3320,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len)
52506 struct nes_cm_core *cm_core;
52507 u8 *start_buff;
52508
52509 - atomic_inc(&cm_rejects);
52510 + atomic_inc_unchecked(&cm_rejects);
52511 cm_node = (struct nes_cm_node *)cm_id->provider_data;
52512 loopback = cm_node->loopbackpartner;
52513 cm_core = cm_node->cm_core;
52514 @@ -3382,7 +3382,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
52515 ntohs(raddr->sin_port), ntohl(laddr->sin_addr.s_addr),
52516 ntohs(laddr->sin_port));
52517
52518 - atomic_inc(&cm_connects);
52519 + atomic_inc_unchecked(&cm_connects);
52520 nesqp->active_conn = 1;
52521
52522 /* cache the cm_id in the qp */
52523 @@ -3496,7 +3496,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog)
52524 g_cm_core->api->stop_listener(g_cm_core, (void *)cm_node);
52525 return err;
52526 }
52527 - atomic_inc(&cm_listens_created);
52528 + atomic_inc_unchecked(&cm_listens_created);
52529 }
52530
52531 cm_id->add_ref(cm_id);
52532 @@ -3603,7 +3603,7 @@ static void cm_event_connected(struct nes_cm_event *event)
52533
52534 if (nesqp->destroyed)
52535 return;
52536 - atomic_inc(&cm_connecteds);
52537 + atomic_inc_unchecked(&cm_connecteds);
52538 nes_debug(NES_DBG_CM, "QP%u attempting to connect to 0x%08X:0x%04X on"
52539 " local port 0x%04X. jiffies = %lu.\n",
52540 nesqp->hwqp.qp_id, ntohl(raddr->sin_addr.s_addr),
52541 @@ -3788,7 +3788,7 @@ static void cm_event_reset(struct nes_cm_event *event)
52542
52543 cm_id->add_ref(cm_id);
52544 ret = cm_id->event_handler(cm_id, &cm_event);
52545 - atomic_inc(&cm_closes);
52546 + atomic_inc_unchecked(&cm_closes);
52547 cm_event.event = IW_CM_EVENT_CLOSE;
52548 cm_event.status = 0;
52549 cm_event.provider_data = cm_id->provider_data;
52550 @@ -3828,7 +3828,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event)
52551 return;
52552 cm_id = cm_node->cm_id;
52553
52554 - atomic_inc(&cm_connect_reqs);
52555 + atomic_inc_unchecked(&cm_connect_reqs);
52556 nes_debug(NES_DBG_CM, "cm_node = %p - cm_id = %p, jiffies = %lu\n",
52557 cm_node, cm_id, jiffies);
52558
52559 @@ -3877,7 +3877,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event)
52560 return;
52561 cm_id = cm_node->cm_id;
52562
52563 - atomic_inc(&cm_connect_reqs);
52564 + atomic_inc_unchecked(&cm_connect_reqs);
52565 nes_debug(NES_DBG_CM, "cm_node = %p - cm_id = %p, jiffies = %lu\n",
52566 cm_node, cm_id, jiffies);
52567
52568 diff --git a/drivers/infiniband/hw/nes/nes_mgt.c b/drivers/infiniband/hw/nes/nes_mgt.c
52569 index 4166452..fc952c3 100644
52570 --- a/drivers/infiniband/hw/nes/nes_mgt.c
52571 +++ b/drivers/infiniband/hw/nes/nes_mgt.c
52572 @@ -40,8 +40,8 @@
52573 #include "nes.h"
52574 #include "nes_mgt.h"
52575
52576 -atomic_t pau_qps_created;
52577 -atomic_t pau_qps_destroyed;
52578 +atomic_unchecked_t pau_qps_created;
52579 +atomic_unchecked_t pau_qps_destroyed;
52580
52581 static void nes_replenish_mgt_rq(struct nes_vnic_mgt *mgtvnic)
52582 {
52583 @@ -621,7 +621,7 @@ void nes_destroy_pau_qp(struct nes_device *nesdev, struct nes_qp *nesqp)
52584 {
52585 struct sk_buff *skb;
52586 unsigned long flags;
52587 - atomic_inc(&pau_qps_destroyed);
52588 + atomic_inc_unchecked(&pau_qps_destroyed);
52589
52590 /* Free packets that have not yet been forwarded */
52591 /* Lock is acquired by skb_dequeue when removing the skb */
52592 @@ -810,7 +810,7 @@ static void nes_mgt_ce_handler(struct nes_device *nesdev, struct nes_hw_nic_cq *
52593 cq->cq_vbase[head].cqe_words[NES_NIC_CQE_HASH_RCVNXT]);
52594 skb_queue_head_init(&nesqp->pau_list);
52595 spin_lock_init(&nesqp->pau_lock);
52596 - atomic_inc(&pau_qps_created);
52597 + atomic_inc_unchecked(&pau_qps_created);
52598 nes_change_quad_hash(nesdev, mgtvnic->nesvnic, nesqp);
52599 }
52600
52601 diff --git a/drivers/infiniband/hw/nes/nes_nic.c b/drivers/infiniband/hw/nes/nes_nic.c
52602 index 2b27d13..8f9d46c 100644
52603 --- a/drivers/infiniband/hw/nes/nes_nic.c
52604 +++ b/drivers/infiniband/hw/nes/nes_nic.c
52605 @@ -461,7 +461,7 @@ static bool nes_nic_send(struct sk_buff *skb, struct net_device *netdev)
52606 /**
52607 * nes_netdev_start_xmit
52608 */
52609 -static int nes_netdev_start_xmit(struct sk_buff *skb, struct net_device *netdev)
52610 +static netdev_tx_t nes_netdev_start_xmit(struct sk_buff *skb, struct net_device *netdev)
52611 {
52612 struct nes_vnic *nesvnic = netdev_priv(netdev);
52613 struct nes_device *nesdev = nesvnic->nesdev;
52614 @@ -1264,36 +1264,36 @@ static void nes_netdev_get_ethtool_stats(struct net_device *netdev,
52615 target_stat_values[++index] = mh_detected;
52616 target_stat_values[++index] = mh_pauses_sent;
52617 target_stat_values[++index] = nesvnic->endnode_ipv4_tcp_retransmits;
52618 - target_stat_values[++index] = atomic_read(&cm_connects);
52619 - target_stat_values[++index] = atomic_read(&cm_accepts);
52620 - target_stat_values[++index] = atomic_read(&cm_disconnects);
52621 - target_stat_values[++index] = atomic_read(&cm_connecteds);
52622 - target_stat_values[++index] = atomic_read(&cm_connect_reqs);
52623 - target_stat_values[++index] = atomic_read(&cm_rejects);
52624 - target_stat_values[++index] = atomic_read(&mod_qp_timouts);
52625 - target_stat_values[++index] = atomic_read(&qps_created);
52626 - target_stat_values[++index] = atomic_read(&sw_qps_destroyed);
52627 - target_stat_values[++index] = atomic_read(&qps_destroyed);
52628 - target_stat_values[++index] = atomic_read(&cm_closes);
52629 + target_stat_values[++index] = atomic_read_unchecked(&cm_connects);
52630 + target_stat_values[++index] = atomic_read_unchecked(&cm_accepts);
52631 + target_stat_values[++index] = atomic_read_unchecked(&cm_disconnects);
52632 + target_stat_values[++index] = atomic_read_unchecked(&cm_connecteds);
52633 + target_stat_values[++index] = atomic_read_unchecked(&cm_connect_reqs);
52634 + target_stat_values[++index] = atomic_read_unchecked(&cm_rejects);
52635 + target_stat_values[++index] = atomic_read_unchecked(&mod_qp_timouts);
52636 + target_stat_values[++index] = atomic_read_unchecked(&qps_created);
52637 + target_stat_values[++index] = atomic_read_unchecked(&sw_qps_destroyed);
52638 + target_stat_values[++index] = atomic_read_unchecked(&qps_destroyed);
52639 + target_stat_values[++index] = atomic_read_unchecked(&cm_closes);
52640 target_stat_values[++index] = cm_packets_sent;
52641 target_stat_values[++index] = cm_packets_bounced;
52642 target_stat_values[++index] = cm_packets_created;
52643 target_stat_values[++index] = cm_packets_received;
52644 target_stat_values[++index] = cm_packets_dropped;
52645 target_stat_values[++index] = cm_packets_retrans;
52646 - target_stat_values[++index] = atomic_read(&cm_listens_created);
52647 - target_stat_values[++index] = atomic_read(&cm_listens_destroyed);
52648 + target_stat_values[++index] = atomic_read_unchecked(&cm_listens_created);
52649 + target_stat_values[++index] = atomic_read_unchecked(&cm_listens_destroyed);
52650 target_stat_values[++index] = cm_backlog_drops;
52651 - target_stat_values[++index] = atomic_read(&cm_loopbacks);
52652 - target_stat_values[++index] = atomic_read(&cm_nodes_created);
52653 - target_stat_values[++index] = atomic_read(&cm_nodes_destroyed);
52654 - target_stat_values[++index] = atomic_read(&cm_accel_dropped_pkts);
52655 - target_stat_values[++index] = atomic_read(&cm_resets_recvd);
52656 + target_stat_values[++index] = atomic_read_unchecked(&cm_loopbacks);
52657 + target_stat_values[++index] = atomic_read_unchecked(&cm_nodes_created);
52658 + target_stat_values[++index] = atomic_read_unchecked(&cm_nodes_destroyed);
52659 + target_stat_values[++index] = atomic_read_unchecked(&cm_accel_dropped_pkts);
52660 + target_stat_values[++index] = atomic_read_unchecked(&cm_resets_recvd);
52661 target_stat_values[++index] = nesadapter->free_4kpbl;
52662 target_stat_values[++index] = nesadapter->free_256pbl;
52663 target_stat_values[++index] = int_mod_timer_init;
52664 - target_stat_values[++index] = atomic_read(&pau_qps_created);
52665 - target_stat_values[++index] = atomic_read(&pau_qps_destroyed);
52666 + target_stat_values[++index] = atomic_read_unchecked(&pau_qps_created);
52667 + target_stat_values[++index] = atomic_read_unchecked(&pau_qps_destroyed);
52668 }
52669
52670 /**
52671 diff --git a/drivers/infiniband/hw/nes/nes_verbs.c b/drivers/infiniband/hw/nes/nes_verbs.c
52672 index bd69125..10e85d5 100644
52673 --- a/drivers/infiniband/hw/nes/nes_verbs.c
52674 +++ b/drivers/infiniband/hw/nes/nes_verbs.c
52675 @@ -46,9 +46,9 @@
52676
52677 #include <rdma/ib_umem.h>
52678
52679 -atomic_t mod_qp_timouts;
52680 -atomic_t qps_created;
52681 -atomic_t sw_qps_destroyed;
52682 +atomic_unchecked_t mod_qp_timouts;
52683 +atomic_unchecked_t qps_created;
52684 +atomic_unchecked_t sw_qps_destroyed;
52685
52686 static void nes_unregister_ofa_device(struct nes_ib_device *nesibdev);
52687 static int nes_dereg_mr(struct ib_mr *ib_mr);
52688 @@ -1040,7 +1040,7 @@ static struct ib_qp *nes_create_qp(struct ib_pd *ibpd,
52689 if (init_attr->create_flags)
52690 return ERR_PTR(-EINVAL);
52691
52692 - atomic_inc(&qps_created);
52693 + atomic_inc_unchecked(&qps_created);
52694 switch (init_attr->qp_type) {
52695 case IB_QPT_RC:
52696 if (nes_drv_opt & NES_DRV_OPT_NO_INLINE_DATA) {
52697 @@ -1376,7 +1376,7 @@ static int nes_destroy_qp(struct ib_qp *ibqp)
52698 struct iw_cm_event cm_event;
52699 int ret = 0;
52700
52701 - atomic_inc(&sw_qps_destroyed);
52702 + atomic_inc_unchecked(&sw_qps_destroyed);
52703 nesqp->destroyed = 1;
52704
52705 /* Blow away the connection if it exists. */
52706 diff --git a/drivers/infiniband/hw/qib/qib_iba7322.c b/drivers/infiniband/hw/qib/qib_iba7322.c
52707 index ce40340..b211076 100644
52708 --- a/drivers/infiniband/hw/qib/qib_iba7322.c
52709 +++ b/drivers/infiniband/hw/qib/qib_iba7322.c
52710 @@ -150,7 +150,7 @@ static struct kparam_string kp_txselect = {
52711 .string = txselect_list,
52712 .maxlen = MAX_ATTEN_LEN
52713 };
52714 -static int setup_txselect(const char *, struct kernel_param *);
52715 +static int setup_txselect(const char *, const struct kernel_param *);
52716 module_param_call(txselect, setup_txselect, param_get_string,
52717 &kp_txselect, S_IWUSR | S_IRUGO);
52718 MODULE_PARM_DESC(txselect,
52719 @@ -6177,7 +6177,7 @@ static void set_no_qsfp_atten(struct qib_devdata *dd, int change)
52720 }
52721
52722 /* handle the txselect parameter changing */
52723 -static int setup_txselect(const char *str, struct kernel_param *kp)
52724 +static int setup_txselect(const char *str, const struct kernel_param *kp)
52725 {
52726 struct qib_devdata *dd;
52727 unsigned long val;
52728 diff --git a/drivers/infiniband/hw/qib/qib_pcie.c b/drivers/infiniband/hw/qib/qib_pcie.c
52729 index 6abe1c6..f866a31 100644
52730 --- a/drivers/infiniband/hw/qib/qib_pcie.c
52731 +++ b/drivers/infiniband/hw/qib/qib_pcie.c
52732 @@ -622,7 +622,7 @@ static void qib_tune_pcie_caps(struct qib_devdata *dd)
52733 * PCI error infrastructure, registered via pci
52734 */
52735 static pci_ers_result_t
52736 -qib_pci_error_detected(struct pci_dev *pdev, pci_channel_state_t state)
52737 +qib_pci_error_detected(struct pci_dev *pdev, enum pci_channel_state state)
52738 {
52739 struct qib_devdata *dd = pci_get_drvdata(pdev);
52740 pci_ers_result_t ret = PCI_ERS_RESULT_RECOVERED;
52741 diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c
52742 index 22ba24f..194cc2b 100644
52743 --- a/drivers/infiniband/sw/rxe/rxe_qp.c
52744 +++ b/drivers/infiniband/sw/rxe/rxe_qp.c
52745 @@ -219,7 +219,7 @@ static void rxe_qp_init_misc(struct rxe_dev *rxe, struct rxe_qp *qp,
52746 spin_lock_init(&qp->grp_lock);
52747 spin_lock_init(&qp->state_lock);
52748
52749 - atomic_set(&qp->ssn, 0);
52750 + atomic_set_unchecked(&qp->ssn, 0);
52751 atomic_set(&qp->skb_out, 0);
52752 }
52753
52754 @@ -525,7 +525,7 @@ static void rxe_qp_reset(struct rxe_qp *qp)
52755 }
52756
52757 /* cleanup attributes */
52758 - atomic_set(&qp->ssn, 0);
52759 + atomic_set_unchecked(&qp->ssn, 0);
52760 qp->req.opcode = -1;
52761 qp->req.need_retry = 0;
52762 qp->req.noack_pkts = 0;
52763 diff --git a/drivers/infiniband/sw/rxe/rxe_verbs.c b/drivers/infiniband/sw/rxe/rxe_verbs.c
52764 index 4552be9..0c68125 100644
52765 --- a/drivers/infiniband/sw/rxe/rxe_verbs.c
52766 +++ b/drivers/infiniband/sw/rxe/rxe_verbs.c
52767 @@ -755,7 +755,7 @@ static int init_send_wqe(struct rxe_qp *qp, struct ib_send_wr *ibwr,
52768 wqe->dma.cur_sge = 0;
52769 wqe->dma.sge_offset = 0;
52770 wqe->state = wqe_state_posted;
52771 - wqe->ssn = atomic_add_return(1, &qp->ssn);
52772 + wqe->ssn = atomic_add_return_unchecked(1, &qp->ssn);
52773
52774 return 0;
52775 }
52776 diff --git a/drivers/infiniband/sw/rxe/rxe_verbs.h b/drivers/infiniband/sw/rxe/rxe_verbs.h
52777 index cac1d52..29bb903 100644
52778 --- a/drivers/infiniband/sw/rxe/rxe_verbs.h
52779 +++ b/drivers/infiniband/sw/rxe/rxe_verbs.h
52780 @@ -262,7 +262,7 @@ struct rxe_qp {
52781 struct rxe_comp_info comp;
52782 struct rxe_resp_info resp;
52783
52784 - atomic_t ssn;
52785 + atomic_unchecked_t ssn;
52786 atomic_t skb_out;
52787 int need_req_skb;
52788
52789 diff --git a/drivers/infiniband/ulp/ipoib/ipoib_main.c b/drivers/infiniband/ulp/ipoib/ipoib_main.c
52790 index cc1c1b0..fa712b0 100644
52791 --- a/drivers/infiniband/ulp/ipoib/ipoib_main.c
52792 +++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c
52793 @@ -1022,7 +1022,7 @@ static void unicast_arp_send(struct sk_buff *skb, struct net_device *dev,
52794 spin_unlock_irqrestore(&priv->lock, flags);
52795 }
52796
52797 -static int ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev)
52798 +static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev)
52799 {
52800 struct ipoib_dev_priv *priv = netdev_priv(dev);
52801 struct ipoib_neigh *neigh;
52802 diff --git a/drivers/infiniband/ulp/ipoib/ipoib_netlink.c b/drivers/infiniband/ulp/ipoib/ipoib_netlink.c
52803 index cdc7df4..a2fdfdb 100644
52804 --- a/drivers/infiniband/ulp/ipoib/ipoib_netlink.c
52805 +++ b/drivers/infiniband/ulp/ipoib/ipoib_netlink.c
52806 @@ -156,7 +156,7 @@ static size_t ipoib_get_size(const struct net_device *dev)
52807 nla_total_size(2); /* IFLA_IPOIB_UMCAST */
52808 }
52809
52810 -static struct rtnl_link_ops ipoib_link_ops __read_mostly = {
52811 +static struct rtnl_link_ops ipoib_link_ops = {
52812 .kind = "ipoib",
52813 .maxtype = IFLA_IPOIB_MAX,
52814 .policy = ipoib_policy,
52815 diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.c b/drivers/infiniband/ulp/srpt/ib_srpt.c
52816 index 883bbfe..91c32be 100644
52817 --- a/drivers/infiniband/ulp/srpt/ib_srpt.c
52818 +++ b/drivers/infiniband/ulp/srpt/ib_srpt.c
52819 @@ -80,7 +80,7 @@ module_param(srpt_srq_size, int, 0444);
52820 MODULE_PARM_DESC(srpt_srq_size,
52821 "Shared receive queue (SRQ) size.");
52822
52823 -static int srpt_get_u64_x(char *buffer, struct kernel_param *kp)
52824 +static int srpt_get_u64_x(char *buffer, const struct kernel_param *kp)
52825 {
52826 return sprintf(buffer, "0x%016llx", *(u64 *)kp->arg);
52827 }
52828 @@ -196,8 +196,9 @@ static const char *get_ch_state_name(enum rdma_ch_state s)
52829 /**
52830 * srpt_qp_event() - QP event callback function.
52831 */
52832 -static void srpt_qp_event(struct ib_event *event, struct srpt_rdma_ch *ch)
52833 +static void srpt_qp_event(struct ib_event *event, void *_ch)
52834 {
52835 + struct srpt_rdma_ch *ch = _ch;
52836 pr_debug("QP event %d on cm_id=%p sess_name=%s state=%d\n",
52837 event->event, ch->cm_id, ch->sess_name, ch->state);
52838
52839 @@ -1628,8 +1629,7 @@ retry:
52840 }
52841
52842 qp_init->qp_context = (void *)ch;
52843 - qp_init->event_handler
52844 - = (void(*)(struct ib_event *, void*))srpt_qp_event;
52845 + qp_init->event_handler = srpt_qp_event;
52846 qp_init->send_cq = ch->cq;
52847 qp_init->recv_cq = ch->cq;
52848 qp_init->srq = sdev->srq;
52849 diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c
52850 index e9ae3d5..96e4940 100644
52851 --- a/drivers/input/evdev.c
52852 +++ b/drivers/input/evdev.c
52853 @@ -997,7 +997,7 @@ static int evdev_set_mask(struct evdev_client *client,
52854 if (!cnt)
52855 return 0;
52856
52857 - mask = kcalloc(sizeof(unsigned long), BITS_TO_LONGS(cnt), GFP_KERNEL);
52858 + mask = kcalloc(BITS_TO_LONGS(cnt), sizeof(unsigned long), GFP_KERNEL);
52859 if (!mask)
52860 return -ENOMEM;
52861
52862 diff --git a/drivers/input/gameport/gameport.c b/drivers/input/gameport/gameport.c
52863 index 4a2a9e3..b9261a7 100644
52864 --- a/drivers/input/gameport/gameport.c
52865 +++ b/drivers/input/gameport/gameport.c
52866 @@ -527,14 +527,14 @@ EXPORT_SYMBOL(gameport_set_phys);
52867 */
52868 static void gameport_init_port(struct gameport *gameport)
52869 {
52870 - static atomic_t gameport_no = ATOMIC_INIT(-1);
52871 + static atomic_unchecked_t gameport_no = ATOMIC_INIT(-1);
52872
52873 __module_get(THIS_MODULE);
52874
52875 mutex_init(&gameport->drv_mutex);
52876 device_initialize(&gameport->dev);
52877 dev_set_name(&gameport->dev, "gameport%lu",
52878 - (unsigned long)atomic_inc_return(&gameport_no));
52879 + (unsigned long)atomic_inc_return_unchecked(&gameport_no));
52880 gameport->dev.bus = &gameport_bus;
52881 gameport->dev.release = gameport_release_port;
52882 if (gameport->parent)
52883 diff --git a/drivers/input/input.c b/drivers/input/input.c
52884 index d95c34e..2a6da5f 100644
52885 --- a/drivers/input/input.c
52886 +++ b/drivers/input/input.c
52887 @@ -1780,7 +1780,7 @@ EXPORT_SYMBOL_GPL(input_class);
52888 */
52889 struct input_dev *input_allocate_device(void)
52890 {
52891 - static atomic_t input_no = ATOMIC_INIT(-1);
52892 + static atomic_unchecked_t input_no = ATOMIC_INIT(-1);
52893 struct input_dev *dev;
52894
52895 dev = kzalloc(sizeof(struct input_dev), GFP_KERNEL);
52896 @@ -1795,7 +1795,7 @@ struct input_dev *input_allocate_device(void)
52897 INIT_LIST_HEAD(&dev->node);
52898
52899 dev_set_name(&dev->dev, "input%lu",
52900 - (unsigned long)atomic_inc_return(&input_no));
52901 + (unsigned long)atomic_inc_return_unchecked(&input_no));
52902
52903 __module_get(THIS_MODULE);
52904 }
52905 diff --git a/drivers/input/joystick/sidewinder.c b/drivers/input/joystick/sidewinder.c
52906 index 4a95b22..874c182 100644
52907 --- a/drivers/input/joystick/sidewinder.c
52908 +++ b/drivers/input/joystick/sidewinder.c
52909 @@ -30,6 +30,7 @@
52910 #include <linux/kernel.h>
52911 #include <linux/module.h>
52912 #include <linux/slab.h>
52913 +#include <linux/sched.h>
52914 #include <linux/input.h>
52915 #include <linux/gameport.h>
52916 #include <linux/jiffies.h>
52917 diff --git a/drivers/input/misc/ims-pcu.c b/drivers/input/misc/ims-pcu.c
52918 index 9c0ea36..1e1a411 100644
52919 --- a/drivers/input/misc/ims-pcu.c
52920 +++ b/drivers/input/misc/ims-pcu.c
52921 @@ -1855,7 +1855,7 @@ static int ims_pcu_identify_type(struct ims_pcu *pcu, u8 *device_id)
52922
52923 static int ims_pcu_init_application_mode(struct ims_pcu *pcu)
52924 {
52925 - static atomic_t device_no = ATOMIC_INIT(-1);
52926 + static atomic_unchecked_t device_no = ATOMIC_INIT(-1);
52927
52928 const struct ims_pcu_device_info *info;
52929 int error;
52930 @@ -1886,7 +1886,7 @@ static int ims_pcu_init_application_mode(struct ims_pcu *pcu)
52931 }
52932
52933 /* Device appears to be operable, complete initialization */
52934 - pcu->device_no = atomic_inc_return(&device_no);
52935 + pcu->device_no = atomic_inc_return_unchecked(&device_no);
52936
52937 /*
52938 * PCU-B devices, both GEN_1 and GEN_2 do not have OFN sensor
52939 diff --git a/drivers/input/mouse/psmouse.h b/drivers/input/mouse/psmouse.h
52940 index e0ca6cd..b5a2681 100644
52941 --- a/drivers/input/mouse/psmouse.h
52942 +++ b/drivers/input/mouse/psmouse.h
52943 @@ -126,7 +126,7 @@ struct psmouse_attribute {
52944 ssize_t (*set)(struct psmouse *psmouse, void *data,
52945 const char *buf, size_t count);
52946 bool protect;
52947 -};
52948 +} __do_const;
52949 #define to_psmouse_attr(a) container_of((a), struct psmouse_attribute, dattr)
52950
52951 ssize_t psmouse_attr_show_helper(struct device *dev, struct device_attribute *attr,
52952 diff --git a/drivers/input/mousedev.c b/drivers/input/mousedev.c
52953 index b604564..3f14ae4 100644
52954 --- a/drivers/input/mousedev.c
52955 +++ b/drivers/input/mousedev.c
52956 @@ -744,7 +744,7 @@ static ssize_t mousedev_read(struct file *file, char __user *buffer,
52957
52958 spin_unlock_irq(&client->packet_lock);
52959
52960 - if (copy_to_user(buffer, data, count))
52961 + if (count > sizeof(data) || copy_to_user(buffer, data, count))
52962 return -EFAULT;
52963
52964 return count;
52965 diff --git a/drivers/input/serio/serio.c b/drivers/input/serio/serio.c
52966 index 1ca7f55..2562607 100644
52967 --- a/drivers/input/serio/serio.c
52968 +++ b/drivers/input/serio/serio.c
52969 @@ -512,7 +512,7 @@ static void serio_release_port(struct device *dev)
52970 */
52971 static void serio_init_port(struct serio *serio)
52972 {
52973 - static atomic_t serio_no = ATOMIC_INIT(-1);
52974 + static atomic_unchecked_t serio_no = ATOMIC_INIT(-1);
52975
52976 __module_get(THIS_MODULE);
52977
52978 @@ -523,7 +523,7 @@ static void serio_init_port(struct serio *serio)
52979 mutex_init(&serio->drv_mutex);
52980 device_initialize(&serio->dev);
52981 dev_set_name(&serio->dev, "serio%lu",
52982 - (unsigned long)atomic_inc_return(&serio_no));
52983 + (unsigned long)atomic_inc_return_unchecked(&serio_no));
52984 serio->dev.bus = &serio_bus;
52985 serio->dev.release = serio_release_port;
52986 serio->dev.groups = serio_device_attr_groups;
52987 diff --git a/drivers/input/serio/serio_raw.c b/drivers/input/serio/serio_raw.c
52988 index 71ef5d6..93380a9 100644
52989 --- a/drivers/input/serio/serio_raw.c
52990 +++ b/drivers/input/serio/serio_raw.c
52991 @@ -292,7 +292,7 @@ static irqreturn_t serio_raw_interrupt(struct serio *serio, unsigned char data,
52992
52993 static int serio_raw_connect(struct serio *serio, struct serio_driver *drv)
52994 {
52995 - static atomic_t serio_raw_no = ATOMIC_INIT(-1);
52996 + static atomic_unchecked_t serio_raw_no = ATOMIC_INIT(-1);
52997 struct serio_raw *serio_raw;
52998 int err;
52999
53000 @@ -303,7 +303,7 @@ static int serio_raw_connect(struct serio *serio, struct serio_driver *drv)
53001 }
53002
53003 snprintf(serio_raw->name, sizeof(serio_raw->name),
53004 - "serio_raw%ld", (long)atomic_inc_return(&serio_raw_no));
53005 + "serio_raw%ld", (long)atomic_inc_return_unchecked(&serio_raw_no));
53006 kref_init(&serio_raw->kref);
53007 INIT_LIST_HEAD(&serio_raw->client_list);
53008 init_waitqueue_head(&serio_raw->wait);
53009 diff --git a/drivers/input/touchscreen/htcpen.c b/drivers/input/touchscreen/htcpen.c
53010 index 92e2243..8fd9092 100644
53011 --- a/drivers/input/touchscreen/htcpen.c
53012 +++ b/drivers/input/touchscreen/htcpen.c
53013 @@ -219,7 +219,7 @@ static struct isa_driver htcpen_isa_driver = {
53014 }
53015 };
53016
53017 -static struct dmi_system_id htcshift_dmi_table[] __initdata = {
53018 +static const struct dmi_system_id htcshift_dmi_table[] __initconst = {
53019 {
53020 .ident = "Shift",
53021 .matches = {
53022 diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
53023 index 96de97a..04eaea7 100644
53024 --- a/drivers/iommu/amd_iommu.c
53025 +++ b/drivers/iommu/amd_iommu.c
53026 @@ -791,11 +791,21 @@ static void copy_cmd_to_buffer(struct amd_iommu *iommu,
53027
53028 static void build_completion_wait(struct iommu_cmd *cmd, u64 address)
53029 {
53030 + phys_addr_t physaddr;
53031 WARN_ON(address & 0x7ULL);
53032
53033 memset(cmd, 0, sizeof(*cmd));
53034 - cmd->data[0] = lower_32_bits(__pa(address)) | CMD_COMPL_WAIT_STORE_MASK;
53035 - cmd->data[1] = upper_32_bits(__pa(address));
53036 +
53037 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
53038 + if (object_starts_on_stack((void *)address)) {
53039 + void *adjbuf = (void *)address - current->stack + current->lowmem_stack;
53040 + physaddr = __pa((u64)adjbuf);
53041 + } else
53042 +#endif
53043 + physaddr = __pa(address);
53044 +
53045 + cmd->data[0] = lower_32_bits(physaddr) | CMD_COMPL_WAIT_STORE_MASK;
53046 + cmd->data[1] = upper_32_bits(physaddr);
53047 cmd->data[2] = 1;
53048 CMD_SET_TYPE(cmd, CMD_COMPL_WAIT);
53049 }
53050 diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c
53051 index 641e887..df73c18 100644
53052 --- a/drivers/iommu/arm-smmu-v3.c
53053 +++ b/drivers/iommu/arm-smmu-v3.c
53054 @@ -626,7 +626,7 @@ struct arm_smmu_domain {
53055 struct arm_smmu_device *smmu;
53056 struct mutex init_mutex; /* Protects smmu pointer */
53057
53058 - struct io_pgtable_ops *pgtbl_ops;
53059 + struct io_pgtable *pgtbl;
53060 spinlock_t pgtbl_lock;
53061
53062 enum arm_smmu_domain_stage stage;
53063 @@ -1448,7 +1448,7 @@ static void arm_smmu_domain_free(struct iommu_domain *domain)
53064 struct arm_smmu_device *smmu = smmu_domain->smmu;
53065
53066 iommu_put_dma_cookie(domain);
53067 - free_io_pgtable_ops(smmu_domain->pgtbl_ops);
53068 + free_io_pgtable(smmu_domain->pgtbl);
53069
53070 /* Free the CD and ASID, if we allocated them */
53071 if (smmu_domain->stage == ARM_SMMU_DOMAIN_S1) {
53072 @@ -1526,7 +1526,7 @@ static int arm_smmu_domain_finalise(struct iommu_domain *domain)
53073 unsigned long ias, oas;
53074 enum io_pgtable_fmt fmt;
53075 struct io_pgtable_cfg pgtbl_cfg;
53076 - struct io_pgtable_ops *pgtbl_ops;
53077 + struct io_pgtable *iop;
53078 int (*finalise_stage_fn)(struct arm_smmu_domain *,
53079 struct io_pgtable_cfg *);
53080 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
53081 @@ -1564,16 +1564,16 @@ static int arm_smmu_domain_finalise(struct iommu_domain *domain)
53082 .iommu_dev = smmu->dev,
53083 };
53084
53085 - pgtbl_ops = alloc_io_pgtable_ops(fmt, &pgtbl_cfg, smmu_domain);
53086 - if (!pgtbl_ops)
53087 + iop = alloc_io_pgtable(fmt, &pgtbl_cfg, smmu_domain);
53088 + if (!iop)
53089 return -ENOMEM;
53090
53091 domain->pgsize_bitmap = pgtbl_cfg.pgsize_bitmap;
53092 - smmu_domain->pgtbl_ops = pgtbl_ops;
53093 + smmu_domain->pgtbl = iop;
53094
53095 ret = finalise_stage_fn(smmu_domain, &pgtbl_cfg);
53096 if (ret < 0)
53097 - free_io_pgtable_ops(pgtbl_ops);
53098 + free_io_pgtable(iop);
53099
53100 return ret;
53101 }
53102 @@ -1711,13 +1711,13 @@ static int arm_smmu_map(struct iommu_domain *domain, unsigned long iova,
53103 int ret;
53104 unsigned long flags;
53105 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
53106 - struct io_pgtable_ops *ops = smmu_domain->pgtbl_ops;
53107 + struct io_pgtable *iop = smmu_domain->pgtbl;
53108
53109 - if (!ops)
53110 + if (!iop)
53111 return -ENODEV;
53112
53113 spin_lock_irqsave(&smmu_domain->pgtbl_lock, flags);
53114 - ret = ops->map(ops, iova, paddr, size, prot);
53115 + ret = iop->ops->map(iop, iova, paddr, size, prot);
53116 spin_unlock_irqrestore(&smmu_domain->pgtbl_lock, flags);
53117 return ret;
53118 }
53119 @@ -1728,13 +1728,13 @@ arm_smmu_unmap(struct iommu_domain *domain, unsigned long iova, size_t size)
53120 size_t ret;
53121 unsigned long flags;
53122 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
53123 - struct io_pgtable_ops *ops = smmu_domain->pgtbl_ops;
53124 + struct io_pgtable *iop = smmu_domain->pgtbl;
53125
53126 - if (!ops)
53127 + if (!iop)
53128 return 0;
53129
53130 spin_lock_irqsave(&smmu_domain->pgtbl_lock, flags);
53131 - ret = ops->unmap(ops, iova, size);
53132 + ret = iop->ops->unmap(iop, iova, size);
53133 spin_unlock_irqrestore(&smmu_domain->pgtbl_lock, flags);
53134 return ret;
53135 }
53136 @@ -1745,13 +1745,13 @@ arm_smmu_iova_to_phys(struct iommu_domain *domain, dma_addr_t iova)
53137 phys_addr_t ret;
53138 unsigned long flags;
53139 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
53140 - struct io_pgtable_ops *ops = smmu_domain->pgtbl_ops;
53141 + struct io_pgtable *iop = smmu_domain->pgtbl;
53142
53143 - if (!ops)
53144 + if (!iop)
53145 return 0;
53146
53147 spin_lock_irqsave(&smmu_domain->pgtbl_lock, flags);
53148 - ret = ops->iova_to_phys(ops, iova);
53149 + ret = iop->ops->iova_to_phys(iop, iova);
53150 spin_unlock_irqrestore(&smmu_domain->pgtbl_lock, flags);
53151
53152 return ret;
53153 diff --git a/drivers/iommu/arm-smmu.c b/drivers/iommu/arm-smmu.c
53154 index 2db74eb..4bbcf9d 100644
53155 --- a/drivers/iommu/arm-smmu.c
53156 +++ b/drivers/iommu/arm-smmu.c
53157 @@ -389,7 +389,7 @@ enum arm_smmu_domain_stage {
53158
53159 struct arm_smmu_domain {
53160 struct arm_smmu_device *smmu;
53161 - struct io_pgtable_ops *pgtbl_ops;
53162 + struct io_pgtable *pgtbl;
53163 spinlock_t pgtbl_lock;
53164 struct arm_smmu_cfg cfg;
53165 enum arm_smmu_domain_stage stage;
53166 @@ -831,7 +831,7 @@ static int arm_smmu_init_domain_context(struct iommu_domain *domain,
53167 {
53168 int irq, start, ret = 0;
53169 unsigned long ias, oas;
53170 - struct io_pgtable_ops *pgtbl_ops;
53171 + struct io_pgtable *pgtbl;
53172 struct io_pgtable_cfg pgtbl_cfg;
53173 enum io_pgtable_fmt fmt;
53174 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
53175 @@ -950,8 +950,8 @@ static int arm_smmu_init_domain_context(struct iommu_domain *domain,
53176 };
53177
53178 smmu_domain->smmu = smmu;
53179 - pgtbl_ops = alloc_io_pgtable_ops(fmt, &pgtbl_cfg, smmu_domain);
53180 - if (!pgtbl_ops) {
53181 + pgtbl = alloc_io_pgtable(fmt, &pgtbl_cfg, smmu_domain);
53182 + if (!pgtbl) {
53183 ret = -ENOMEM;
53184 goto out_clear_smmu;
53185 }
53186 @@ -978,7 +978,7 @@ static int arm_smmu_init_domain_context(struct iommu_domain *domain,
53187 mutex_unlock(&smmu_domain->init_mutex);
53188
53189 /* Publish page table ops for map/unmap */
53190 - smmu_domain->pgtbl_ops = pgtbl_ops;
53191 + smmu_domain->pgtbl = pgtbl;
53192 return 0;
53193
53194 out_clear_smmu:
53195 @@ -1011,7 +1011,7 @@ static void arm_smmu_destroy_domain_context(struct iommu_domain *domain)
53196 devm_free_irq(smmu->dev, irq, domain);
53197 }
53198
53199 - free_io_pgtable_ops(smmu_domain->pgtbl_ops);
53200 + free_io_pgtable(smmu_domain->pgtbl);
53201 __arm_smmu_free_bitmap(smmu->context_map, cfg->cbndx);
53202 }
53203
53204 @@ -1248,13 +1248,13 @@ static int arm_smmu_map(struct iommu_domain *domain, unsigned long iova,
53205 int ret;
53206 unsigned long flags;
53207 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
53208 - struct io_pgtable_ops *ops= smmu_domain->pgtbl_ops;
53209 + struct io_pgtable *iop = smmu_domain->pgtbl;
53210
53211 - if (!ops)
53212 + if (!iop)
53213 return -ENODEV;
53214
53215 spin_lock_irqsave(&smmu_domain->pgtbl_lock, flags);
53216 - ret = ops->map(ops, iova, paddr, size, prot);
53217 + ret = iop->ops->map(iop, iova, paddr, size, prot);
53218 spin_unlock_irqrestore(&smmu_domain->pgtbl_lock, flags);
53219 return ret;
53220 }
53221 @@ -1265,13 +1265,13 @@ static size_t arm_smmu_unmap(struct iommu_domain *domain, unsigned long iova,
53222 size_t ret;
53223 unsigned long flags;
53224 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
53225 - struct io_pgtable_ops *ops= smmu_domain->pgtbl_ops;
53226 + struct io_pgtable *iop = smmu_domain->pgtbl;
53227
53228 - if (!ops)
53229 + if (!iop)
53230 return 0;
53231
53232 spin_lock_irqsave(&smmu_domain->pgtbl_lock, flags);
53233 - ret = ops->unmap(ops, iova, size);
53234 + ret = iop->ops->unmap(iop, iova, size);
53235 spin_unlock_irqrestore(&smmu_domain->pgtbl_lock, flags);
53236 return ret;
53237 }
53238 @@ -1282,7 +1282,7 @@ static phys_addr_t arm_smmu_iova_to_phys_hard(struct iommu_domain *domain,
53239 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
53240 struct arm_smmu_device *smmu = smmu_domain->smmu;
53241 struct arm_smmu_cfg *cfg = &smmu_domain->cfg;
53242 - struct io_pgtable_ops *ops= smmu_domain->pgtbl_ops;
53243 + struct io_pgtable *iop = smmu_domain->pgtbl;
53244 struct device *dev = smmu->dev;
53245 void __iomem *cb_base;
53246 u32 tmp;
53247 @@ -1303,7 +1303,7 @@ static phys_addr_t arm_smmu_iova_to_phys_hard(struct iommu_domain *domain,
53248 dev_err(dev,
53249 "iova to phys timed out on %pad. Falling back to software table walk.\n",
53250 &iova);
53251 - return ops->iova_to_phys(ops, iova);
53252 + return iop->ops->iova_to_phys(iop, iova);
53253 }
53254
53255 phys = readq_relaxed(cb_base + ARM_SMMU_CB_PAR);
53256 @@ -1322,9 +1322,9 @@ static phys_addr_t arm_smmu_iova_to_phys(struct iommu_domain *domain,
53257 phys_addr_t ret;
53258 unsigned long flags;
53259 struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
53260 - struct io_pgtable_ops *ops= smmu_domain->pgtbl_ops;
53261 + struct io_pgtable *iop = smmu_domain->pgtbl;
53262
53263 - if (!ops)
53264 + if (!iop)
53265 return 0;
53266
53267 spin_lock_irqsave(&smmu_domain->pgtbl_lock, flags);
53268 @@ -1332,7 +1332,7 @@ static phys_addr_t arm_smmu_iova_to_phys(struct iommu_domain *domain,
53269 smmu_domain->stage == ARM_SMMU_DOMAIN_S1) {
53270 ret = arm_smmu_iova_to_phys_hard(domain, iova);
53271 } else {
53272 - ret = ops->iova_to_phys(ops, iova);
53273 + ret = iop->ops->iova_to_phys(iop, iova);
53274 }
53275
53276 spin_unlock_irqrestore(&smmu_domain->pgtbl_lock, flags);
53277 @@ -1809,10 +1809,12 @@ static int arm_smmu_device_cfg_probe(struct arm_smmu_device *smmu)
53278 if (smmu->features & ARM_SMMU_FEAT_FMT_AARCH64_64K)
53279 smmu->pgsize_bitmap |= SZ_64K | SZ_512M;
53280
53281 + pax_open_kernel();
53282 if (arm_smmu_ops.pgsize_bitmap == -1UL)
53283 - arm_smmu_ops.pgsize_bitmap = smmu->pgsize_bitmap;
53284 + const_cast(arm_smmu_ops.pgsize_bitmap) = smmu->pgsize_bitmap;
53285 else
53286 - arm_smmu_ops.pgsize_bitmap |= smmu->pgsize_bitmap;
53287 + const_cast(arm_smmu_ops.pgsize_bitmap) |= smmu->pgsize_bitmap;
53288 + pax_close_kernel();
53289 dev_notice(smmu->dev, "\tSupported page sizes: 0x%08lx\n",
53290 smmu->pgsize_bitmap);
53291
53292 diff --git a/drivers/iommu/io-pgtable-arm-v7s.c b/drivers/iommu/io-pgtable-arm-v7s.c
53293 index def8ca1..039660d 100644
53294 --- a/drivers/iommu/io-pgtable-arm-v7s.c
53295 +++ b/drivers/iommu/io-pgtable-arm-v7s.c
53296 @@ -49,9 +49,6 @@
53297 #define io_pgtable_to_data(x) \
53298 container_of((x), struct arm_v7s_io_pgtable, iop)
53299
53300 -#define io_pgtable_ops_to_data(x) \
53301 - io_pgtable_to_data(io_pgtable_ops_to_pgtable(x))
53302 -
53303 /*
53304 * We have 32 bits total; 12 bits resolved at level 1, 8 bits at level 2,
53305 * and 12 bits in a page. With some carefully-chosen coefficients we can
53306 @@ -426,11 +423,10 @@ static int __arm_v7s_map(struct arm_v7s_io_pgtable *data, unsigned long iova,
53307 return __arm_v7s_map(data, iova, paddr, size, prot, lvl + 1, cptep);
53308 }
53309
53310 -static int arm_v7s_map(struct io_pgtable_ops *ops, unsigned long iova,
53311 +static int arm_v7s_map(struct io_pgtable *iop, unsigned long iova,
53312 phys_addr_t paddr, size_t size, int prot)
53313 {
53314 - struct arm_v7s_io_pgtable *data = io_pgtable_ops_to_data(ops);
53315 - struct io_pgtable *iop = &data->iop;
53316 + struct arm_v7s_io_pgtable *data = io_pgtable_to_data(iop);
53317 int ret;
53318
53319 /* If no access, then nothing to do */
53320 @@ -593,10 +589,10 @@ static int __arm_v7s_unmap(struct arm_v7s_io_pgtable *data,
53321 return __arm_v7s_unmap(data, iova, size, lvl + 1, ptep);
53322 }
53323
53324 -static int arm_v7s_unmap(struct io_pgtable_ops *ops, unsigned long iova,
53325 +static int arm_v7s_unmap(struct io_pgtable *iop, unsigned long iova,
53326 size_t size)
53327 {
53328 - struct arm_v7s_io_pgtable *data = io_pgtable_ops_to_data(ops);
53329 + struct arm_v7s_io_pgtable *data = io_pgtable_to_data(iop);
53330 size_t unmapped;
53331
53332 unmapped = __arm_v7s_unmap(data, iova, size, 1, data->pgd);
53333 @@ -606,10 +602,10 @@ static int arm_v7s_unmap(struct io_pgtable_ops *ops, unsigned long iova,
53334 return unmapped;
53335 }
53336
53337 -static phys_addr_t arm_v7s_iova_to_phys(struct io_pgtable_ops *ops,
53338 +static phys_addr_t arm_v7s_iova_to_phys(struct io_pgtable *iop,
53339 unsigned long iova)
53340 {
53341 - struct arm_v7s_io_pgtable *data = io_pgtable_ops_to_data(ops);
53342 + struct arm_v7s_io_pgtable *data = io_pgtable_to_data(iop);
53343 arm_v7s_iopte *ptep = data->pgd, pte;
53344 int lvl = 0;
53345 u32 mask;
53346 @@ -628,6 +624,12 @@ static phys_addr_t arm_v7s_iova_to_phys(struct io_pgtable_ops *ops,
53347 return (pte & mask) | (iova & ~mask);
53348 }
53349
53350 +static struct io_pgtable_ops arm_v7s_io_pgtable_ops = {
53351 + .map = arm_v7s_map,
53352 + .unmap = arm_v7s_unmap,
53353 + .iova_to_phys = arm_v7s_iova_to_phys,
53354 +};
53355 +
53356 static struct io_pgtable *arm_v7s_alloc_pgtable(struct io_pgtable_cfg *cfg,
53357 void *cookie)
53358 {
53359 @@ -658,11 +660,7 @@ static struct io_pgtable *arm_v7s_alloc_pgtable(struct io_pgtable_cfg *cfg,
53360 if (!data->l2_tables)
53361 goto out_free_data;
53362
53363 - data->iop.ops = (struct io_pgtable_ops) {
53364 - .map = arm_v7s_map,
53365 - .unmap = arm_v7s_unmap,
53366 - .iova_to_phys = arm_v7s_iova_to_phys,
53367 - };
53368 + data->iop.ops = &arm_v7s_io_pgtable_ops;
53369
53370 /* We have to do this early for __arm_v7s_alloc_table to work... */
53371 data->iop.cfg = *cfg;
53372 @@ -751,7 +749,7 @@ static struct iommu_gather_ops dummy_tlb_ops = {
53373
53374 static int __init arm_v7s_do_selftests(void)
53375 {
53376 - struct io_pgtable_ops *ops;
53377 + struct io_pgtable *pgtbl;
53378 struct io_pgtable_cfg cfg = {
53379 .tlb = &dummy_tlb_ops,
53380 .oas = 32,
53381 @@ -766,8 +764,8 @@ static int __init arm_v7s_do_selftests(void)
53382
53383 cfg_cookie = &cfg;
53384
53385 - ops = alloc_io_pgtable_ops(ARM_V7S, &cfg, &cfg);
53386 - if (!ops) {
53387 + pgtbl = alloc_io_pgtable(ARM_V7S, &cfg, &cfg);
53388 + if (!pgtbl) {
53389 pr_err("selftest: failed to allocate io pgtable ops\n");
53390 return -EINVAL;
53391 }
53392 @@ -776,13 +774,13 @@ static int __init arm_v7s_do_selftests(void)
53393 * Initial sanity checks.
53394 * Empty page tables shouldn't provide any translations.
53395 */
53396 - if (ops->iova_to_phys(ops, 42))
53397 + if (pgtbl->ops->iova_to_phys(pgtbl, 42))
53398 return __FAIL(ops);
53399
53400 - if (ops->iova_to_phys(ops, SZ_1G + 42))
53401 + if (pgtbl->ops->iova_to_phys(pgtbl, SZ_1G + 42))
53402 return __FAIL(ops);
53403
53404 - if (ops->iova_to_phys(ops, SZ_2G + 42))
53405 + if (pgtbl->ops->iova_to_phys(pgtbl, SZ_2G + 42))
53406 return __FAIL(ops);
53407
53408 /*
53409 @@ -792,18 +790,18 @@ static int __init arm_v7s_do_selftests(void)
53410 i = find_first_bit(&cfg.pgsize_bitmap, BITS_PER_LONG);
53411 while (i != BITS_PER_LONG) {
53412 size = 1UL << i;
53413 - if (ops->map(ops, iova, iova, size, IOMMU_READ |
53414 + if (pgtbl->ops->map(pgtbl, iova, iova, size, IOMMU_READ |
53415 IOMMU_WRITE |
53416 IOMMU_NOEXEC |
53417 IOMMU_CACHE))
53418 return __FAIL(ops);
53419
53420 /* Overlapping mappings */
53421 - if (!ops->map(ops, iova, iova + size, size,
53422 + if (!pgtbl->ops->map(pgtbl, iova, iova + size, size,
53423 IOMMU_READ | IOMMU_NOEXEC))
53424 return __FAIL(ops);
53425
53426 - if (ops->iova_to_phys(ops, iova + 42) != (iova + 42))
53427 + if (pgtbl->ops->iova_to_phys(pgtbl, iova + 42) != (iova + 42))
53428 return __FAIL(ops);
53429
53430 iova += SZ_16M;
53431 @@ -817,14 +815,14 @@ static int __init arm_v7s_do_selftests(void)
53432 size = 1UL << __ffs(cfg.pgsize_bitmap);
53433 while (i < loopnr) {
53434 iova_start = i * SZ_16M;
53435 - if (ops->unmap(ops, iova_start + size, size) != size)
53436 + if (pgtbl->ops->unmap(pgtbl, iova_start + size, size) != size)
53437 return __FAIL(ops);
53438
53439 /* Remap of partial unmap */
53440 - if (ops->map(ops, iova_start + size, size, size, IOMMU_READ))
53441 + if (pgtbl->ops->map(pgtbl, iova_start + size, size, size, IOMMU_READ))
53442 return __FAIL(ops);
53443
53444 - if (ops->iova_to_phys(ops, iova_start + size + 42)
53445 + if (pgtbl->ops->iova_to_phys(pgtbl, iova_start + size + 42)
53446 != (size + 42))
53447 return __FAIL(ops);
53448 i++;
53449 @@ -836,17 +834,17 @@ static int __init arm_v7s_do_selftests(void)
53450 while (i != BITS_PER_LONG) {
53451 size = 1UL << i;
53452
53453 - if (ops->unmap(ops, iova, size) != size)
53454 + if (pgtbl->ops->unmap(pgtbl, iova, size) != size)
53455 return __FAIL(ops);
53456
53457 - if (ops->iova_to_phys(ops, iova + 42))
53458 + if (pgtbl->ops->iova_to_phys(pgtbl, iova + 42))
53459 return __FAIL(ops);
53460
53461 /* Remap full block */
53462 - if (ops->map(ops, iova, iova, size, IOMMU_WRITE))
53463 + if (pgtbl->ops->map(pgtbl, iova, iova, size, IOMMU_WRITE))
53464 return __FAIL(ops);
53465
53466 - if (ops->iova_to_phys(ops, iova + 42) != (iova + 42))
53467 + if (pgtbl->ops->iova_to_phys(pgtbl, iova + 42) != (iova + 42))
53468 return __FAIL(ops);
53469
53470 iova += SZ_16M;
53471 @@ -854,7 +852,7 @@ static int __init arm_v7s_do_selftests(void)
53472 i = find_next_bit(&cfg.pgsize_bitmap, BITS_PER_LONG, i);
53473 }
53474
53475 - free_io_pgtable_ops(ops);
53476 + free_io_pgtable(pgtbl);
53477
53478 selftest_running = false;
53479
53480 diff --git a/drivers/iommu/io-pgtable-arm.c b/drivers/iommu/io-pgtable-arm.c
53481 index f5c90e1..90a737c 100644
53482 --- a/drivers/iommu/io-pgtable-arm.c
53483 +++ b/drivers/iommu/io-pgtable-arm.c
53484 @@ -39,9 +39,6 @@
53485 #define io_pgtable_to_data(x) \
53486 container_of((x), struct arm_lpae_io_pgtable, iop)
53487
53488 -#define io_pgtable_ops_to_data(x) \
53489 - io_pgtable_to_data(io_pgtable_ops_to_pgtable(x))
53490 -
53491 /*
53492 * For consistency with the architecture, we always consider
53493 * ARM_LPAE_MAX_LEVELS levels, with the walk starting at level n >=0
53494 @@ -381,10 +378,10 @@ static arm_lpae_iopte arm_lpae_prot_to_pte(struct arm_lpae_io_pgtable *data,
53495 return pte;
53496 }
53497
53498 -static int arm_lpae_map(struct io_pgtable_ops *ops, unsigned long iova,
53499 +static int arm_lpae_map(struct io_pgtable *iop, unsigned long iova,
53500 phys_addr_t paddr, size_t size, int iommu_prot)
53501 {
53502 - struct arm_lpae_io_pgtable *data = io_pgtable_ops_to_data(ops);
53503 + struct arm_lpae_io_pgtable *data = io_pgtable_to_data(iop);
53504 arm_lpae_iopte *ptep = data->pgd;
53505 int ret, lvl = ARM_LPAE_START_LVL(data);
53506 arm_lpae_iopte prot;
53507 @@ -530,11 +527,11 @@ static int __arm_lpae_unmap(struct arm_lpae_io_pgtable *data,
53508 return __arm_lpae_unmap(data, iova, size, lvl + 1, ptep);
53509 }
53510
53511 -static int arm_lpae_unmap(struct io_pgtable_ops *ops, unsigned long iova,
53512 +static int arm_lpae_unmap(struct io_pgtable *iop, unsigned long iova,
53513 size_t size)
53514 {
53515 size_t unmapped;
53516 - struct arm_lpae_io_pgtable *data = io_pgtable_ops_to_data(ops);
53517 + struct arm_lpae_io_pgtable *data = io_pgtable_to_data(iop);
53518 arm_lpae_iopte *ptep = data->pgd;
53519 int lvl = ARM_LPAE_START_LVL(data);
53520
53521 @@ -545,10 +542,10 @@ static int arm_lpae_unmap(struct io_pgtable_ops *ops, unsigned long iova,
53522 return unmapped;
53523 }
53524
53525 -static phys_addr_t arm_lpae_iova_to_phys(struct io_pgtable_ops *ops,
53526 +static phys_addr_t arm_lpae_iova_to_phys(struct io_pgtable *iop,
53527 unsigned long iova)
53528 {
53529 - struct arm_lpae_io_pgtable *data = io_pgtable_ops_to_data(ops);
53530 + struct arm_lpae_io_pgtable *data = io_pgtable_to_data(iop);
53531 arm_lpae_iopte pte, *ptep = data->pgd;
53532 int lvl = ARM_LPAE_START_LVL(data);
53533
53534 @@ -615,6 +612,12 @@ static void arm_lpae_restrict_pgsizes(struct io_pgtable_cfg *cfg)
53535 }
53536 }
53537
53538 +static struct io_pgtable_ops arm_lpae_io_pgtable_ops = {
53539 + .map = arm_lpae_map,
53540 + .unmap = arm_lpae_unmap,
53541 + .iova_to_phys = arm_lpae_iova_to_phys,
53542 +};
53543 +
53544 static struct arm_lpae_io_pgtable *
53545 arm_lpae_alloc_pgtable(struct io_pgtable_cfg *cfg)
53546 {
53547 @@ -651,11 +654,7 @@ arm_lpae_alloc_pgtable(struct io_pgtable_cfg *cfg)
53548 pgd_bits = va_bits - (data->bits_per_level * (data->levels - 1));
53549 data->pgd_size = 1UL << (pgd_bits + ilog2(sizeof(arm_lpae_iopte)));
53550
53551 - data->iop.ops = (struct io_pgtable_ops) {
53552 - .map = arm_lpae_map,
53553 - .unmap = arm_lpae_unmap,
53554 - .iova_to_phys = arm_lpae_iova_to_phys,
53555 - };
53556 + data->iop.ops = &arm_lpae_io_pgtable_ops;
53557
53558 return data;
53559 }
53560 @@ -916,15 +915,15 @@ static void dummy_tlb_sync(void *cookie)
53561 WARN_ON(cookie != cfg_cookie);
53562 }
53563
53564 -static struct iommu_gather_ops dummy_tlb_ops __initdata = {
53565 +static const struct iommu_gather_ops dummy_tlb_ops __initconst = {
53566 .tlb_flush_all = dummy_tlb_flush_all,
53567 .tlb_add_flush = dummy_tlb_add_flush,
53568 .tlb_sync = dummy_tlb_sync,
53569 };
53570
53571 -static void __init arm_lpae_dump_ops(struct io_pgtable_ops *ops)
53572 +static void __init arm_lpae_dump_ops(struct io_pgtable *iop)
53573 {
53574 - struct arm_lpae_io_pgtable *data = io_pgtable_ops_to_data(ops);
53575 + struct arm_lpae_io_pgtable *data = io_pgtable_to_data(iop);
53576 struct io_pgtable_cfg *cfg = &data->iop.cfg;
53577
53578 pr_err("cfg: pgsize_bitmap 0x%lx, ias %u-bit\n",
53579 @@ -934,9 +933,9 @@ static void __init arm_lpae_dump_ops(struct io_pgtable_ops *ops)
53580 data->bits_per_level, data->pgd);
53581 }
53582
53583 -#define __FAIL(ops, i) ({ \
53584 +#define __FAIL(iop, i) ({ \
53585 WARN(1, "selftest: test failed for fmt idx %d\n", (i)); \
53586 - arm_lpae_dump_ops(ops); \
53587 + arm_lpae_dump_ops(iop); \
53588 selftest_running = false; \
53589 -EFAULT; \
53590 })
53591 @@ -951,30 +950,32 @@ static int __init arm_lpae_run_tests(struct io_pgtable_cfg *cfg)
53592 int i, j;
53593 unsigned long iova;
53594 size_t size;
53595 - struct io_pgtable_ops *ops;
53596 + struct io_pgtable *iop;
53597 + const struct io_pgtable_ops *ops;
53598
53599 selftest_running = true;
53600
53601 for (i = 0; i < ARRAY_SIZE(fmts); ++i) {
53602 cfg_cookie = cfg;
53603 - ops = alloc_io_pgtable_ops(fmts[i], cfg, cfg);
53604 - if (!ops) {
53605 + iop = alloc_io_pgtable(fmts[i], cfg, cfg);
53606 + if (!iop) {
53607 pr_err("selftest: failed to allocate io pgtable ops\n");
53608 return -ENOMEM;
53609 }
53610 + ops = iop->ops;
53611
53612 /*
53613 * Initial sanity checks.
53614 * Empty page tables shouldn't provide any translations.
53615 */
53616 - if (ops->iova_to_phys(ops, 42))
53617 - return __FAIL(ops, i);
53618 + if (ops->iova_to_phys(iop, 42))
53619 + return __FAIL(iop, i);
53620
53621 - if (ops->iova_to_phys(ops, SZ_1G + 42))
53622 - return __FAIL(ops, i);
53623 + if (ops->iova_to_phys(iop, SZ_1G + 42))
53624 + return __FAIL(iop, i);
53625
53626 - if (ops->iova_to_phys(ops, SZ_2G + 42))
53627 - return __FAIL(ops, i);
53628 + if (ops->iova_to_phys(iop, SZ_2G + 42))
53629 + return __FAIL(iop, i);
53630
53631 /*
53632 * Distinct mappings of different granule sizes.
53633 @@ -984,19 +985,19 @@ static int __init arm_lpae_run_tests(struct io_pgtable_cfg *cfg)
53634 while (j != BITS_PER_LONG) {
53635 size = 1UL << j;
53636
53637 - if (ops->map(ops, iova, iova, size, IOMMU_READ |
53638 + if (ops->map(iop, iova, iova, size, IOMMU_READ |
53639 IOMMU_WRITE |
53640 IOMMU_NOEXEC |
53641 IOMMU_CACHE))
53642 - return __FAIL(ops, i);
53643 + return __FAIL(iop, i);
53644
53645 /* Overlapping mappings */
53646 - if (!ops->map(ops, iova, iova + size, size,
53647 + if (!ops->map(iop, iova, iova + size, size,
53648 IOMMU_READ | IOMMU_NOEXEC))
53649 - return __FAIL(ops, i);
53650 + return __FAIL(iop, i);
53651
53652 - if (ops->iova_to_phys(ops, iova + 42) != (iova + 42))
53653 - return __FAIL(ops, i);
53654 + if (ops->iova_to_phys(iop, iova + 42) != (iova + 42))
53655 + return __FAIL(iop, i);
53656
53657 iova += SZ_1G;
53658 j++;
53659 @@ -1005,15 +1006,15 @@ static int __init arm_lpae_run_tests(struct io_pgtable_cfg *cfg)
53660
53661 /* Partial unmap */
53662 size = 1UL << __ffs(cfg->pgsize_bitmap);
53663 - if (ops->unmap(ops, SZ_1G + size, size) != size)
53664 - return __FAIL(ops, i);
53665 + if (ops->unmap(iop, SZ_1G + size, size) != size)
53666 + return __FAIL(iop, i);
53667
53668 /* Remap of partial unmap */
53669 - if (ops->map(ops, SZ_1G + size, size, size, IOMMU_READ))
53670 - return __FAIL(ops, i);
53671 + if (ops->map(iop, SZ_1G + size, size, size, IOMMU_READ))
53672 + return __FAIL(iop, i);
53673
53674 - if (ops->iova_to_phys(ops, SZ_1G + size + 42) != (size + 42))
53675 - return __FAIL(ops, i);
53676 + if (ops->iova_to_phys(iop, SZ_1G + size + 42) != (size + 42))
53677 + return __FAIL(iop, i);
53678
53679 /* Full unmap */
53680 iova = 0;
53681 @@ -1021,25 +1022,25 @@ static int __init arm_lpae_run_tests(struct io_pgtable_cfg *cfg)
53682 while (j != BITS_PER_LONG) {
53683 size = 1UL << j;
53684
53685 - if (ops->unmap(ops, iova, size) != size)
53686 - return __FAIL(ops, i);
53687 + if (ops->unmap(iop, iova, size) != size)
53688 + return __FAIL(iop, i);
53689
53690 - if (ops->iova_to_phys(ops, iova + 42))
53691 - return __FAIL(ops, i);
53692 + if (ops->iova_to_phys(iop, iova + 42))
53693 + return __FAIL(iop, i);
53694
53695 /* Remap full block */
53696 - if (ops->map(ops, iova, iova, size, IOMMU_WRITE))
53697 - return __FAIL(ops, i);
53698 + if (ops->map(iop, iova, iova, size, IOMMU_WRITE))
53699 + return __FAIL(iop, i);
53700
53701 - if (ops->iova_to_phys(ops, iova + 42) != (iova + 42))
53702 - return __FAIL(ops, i);
53703 + if (ops->iova_to_phys(iop, iova + 42) != (iova + 42))
53704 + return __FAIL(iop, i);
53705
53706 iova += SZ_1G;
53707 j++;
53708 j = find_next_bit(&cfg->pgsize_bitmap, BITS_PER_LONG, j);
53709 }
53710
53711 - free_io_pgtable_ops(ops);
53712 + free_io_pgtable(iop);
53713 }
53714
53715 selftest_running = false;
53716 diff --git a/drivers/iommu/io-pgtable.c b/drivers/iommu/io-pgtable.c
53717 index 127558d..bc60b81 100644
53718 --- a/drivers/iommu/io-pgtable.c
53719 +++ b/drivers/iommu/io-pgtable.c
53720 @@ -37,7 +37,7 @@ io_pgtable_init_table[IO_PGTABLE_NUM_FMTS] = {
53721 #endif
53722 };
53723
53724 -struct io_pgtable_ops *alloc_io_pgtable_ops(enum io_pgtable_fmt fmt,
53725 +struct io_pgtable *alloc_io_pgtable(enum io_pgtable_fmt fmt,
53726 struct io_pgtable_cfg *cfg,
53727 void *cookie)
53728 {
53729 @@ -59,21 +59,18 @@ struct io_pgtable_ops *alloc_io_pgtable_ops(enum io_pgtable_fmt fmt,
53730 iop->cookie = cookie;
53731 iop->cfg = *cfg;
53732
53733 - return &iop->ops;
53734 + return iop;
53735 }
53736
53737 /*
53738 * It is the IOMMU driver's responsibility to ensure that the page table
53739 * is no longer accessible to the walker by this point.
53740 */
53741 -void free_io_pgtable_ops(struct io_pgtable_ops *ops)
53742 +void free_io_pgtable(struct io_pgtable *iop)
53743 {
53744 - struct io_pgtable *iop;
53745 -
53746 - if (!ops)
53747 + if (!iop)
53748 return;
53749
53750 - iop = container_of(ops, struct io_pgtable, ops);
53751 io_pgtable_tlb_flush_all(iop);
53752 io_pgtable_init_table[iop->fmt]->free(iop);
53753 }
53754 diff --git a/drivers/iommu/io-pgtable.h b/drivers/iommu/io-pgtable.h
53755 index 969d82c..1ba9b6e 100644
53756 --- a/drivers/iommu/io-pgtable.h
53757 +++ b/drivers/iommu/io-pgtable.h
53758 @@ -109,17 +109,18 @@ struct io_pgtable_cfg {
53759 * These functions map directly onto the iommu_ops member functions with
53760 * the same names.
53761 */
53762 +struct io_pgtable;
53763 struct io_pgtable_ops {
53764 - int (*map)(struct io_pgtable_ops *ops, unsigned long iova,
53765 + int (*map)(struct io_pgtable *iop, unsigned long iova,
53766 phys_addr_t paddr, size_t size, int prot);
53767 - int (*unmap)(struct io_pgtable_ops *ops, unsigned long iova,
53768 + int (*unmap)(struct io_pgtable *iop, unsigned long iova,
53769 size_t size);
53770 - phys_addr_t (*iova_to_phys)(struct io_pgtable_ops *ops,
53771 + phys_addr_t (*iova_to_phys)(struct io_pgtable *iop,
53772 unsigned long iova);
53773 };
53774
53775 /**
53776 - * alloc_io_pgtable_ops() - Allocate a page table allocator for use by an IOMMU.
53777 + * alloc_io_pgtable() - Allocate a page table allocator for use by an IOMMU.
53778 *
53779 * @fmt: The page table format.
53780 * @cfg: The page table configuration. This will be modified to represent
53781 @@ -128,9 +129,9 @@ struct io_pgtable_ops {
53782 * @cookie: An opaque token provided by the IOMMU driver and passed back to
53783 * the callback routines in cfg->tlb.
53784 */
53785 -struct io_pgtable_ops *alloc_io_pgtable_ops(enum io_pgtable_fmt fmt,
53786 - struct io_pgtable_cfg *cfg,
53787 - void *cookie);
53788 +struct io_pgtable *alloc_io_pgtable(enum io_pgtable_fmt fmt,
53789 + struct io_pgtable_cfg *cfg,
53790 + void *cookie);
53791
53792 /**
53793 * free_io_pgtable_ops() - Free an io_pgtable_ops structure. The caller
53794 @@ -139,7 +140,7 @@ struct io_pgtable_ops *alloc_io_pgtable_ops(enum io_pgtable_fmt fmt,
53795 *
53796 * @ops: The ops returned from alloc_io_pgtable_ops.
53797 */
53798 -void free_io_pgtable_ops(struct io_pgtable_ops *ops);
53799 +void free_io_pgtable(struct io_pgtable *iop);
53800
53801
53802 /*
53803 @@ -161,11 +162,9 @@ struct io_pgtable {
53804 void *cookie;
53805 bool tlb_sync_pending;
53806 struct io_pgtable_cfg cfg;
53807 - struct io_pgtable_ops ops;
53808 + const struct io_pgtable_ops *ops;
53809 };
53810
53811 -#define io_pgtable_ops_to_pgtable(x) container_of((x), struct io_pgtable, ops)
53812 -
53813 static inline void io_pgtable_tlb_flush_all(struct io_pgtable *iop)
53814 {
53815 iop->cfg.tlb->tlb_flush_all(iop->cookie);
53816 diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
53817 index b06d935..59bad56 100644
53818 --- a/drivers/iommu/iommu.c
53819 +++ b/drivers/iommu/iommu.c
53820 @@ -944,7 +944,7 @@ static int iommu_bus_notifier(struct notifier_block *nb,
53821 static int iommu_bus_init(struct bus_type *bus, const struct iommu_ops *ops)
53822 {
53823 int err;
53824 - struct notifier_block *nb;
53825 + notifier_block_no_const *nb;
53826 struct iommu_callback_data cb = {
53827 .ops = ops,
53828 };
53829 diff --git a/drivers/iommu/ipmmu-vmsa.c b/drivers/iommu/ipmmu-vmsa.c
53830 index 2fdbac6..7095311 100644
53831 --- a/drivers/iommu/ipmmu-vmsa.c
53832 +++ b/drivers/iommu/ipmmu-vmsa.c
53833 @@ -41,7 +41,7 @@ struct ipmmu_vmsa_domain {
53834 struct iommu_domain io_domain;
53835
53836 struct io_pgtable_cfg cfg;
53837 - struct io_pgtable_ops *iop;
53838 + struct io_pgtable *iop;
53839
53840 unsigned int context_id;
53841 spinlock_t lock; /* Protects mappings */
53842 @@ -319,8 +319,7 @@ static int ipmmu_domain_init_context(struct ipmmu_vmsa_domain *domain)
53843 */
53844 domain->cfg.iommu_dev = domain->mmu->dev;
53845
53846 - domain->iop = alloc_io_pgtable_ops(ARM_32_LPAE_S1, &domain->cfg,
53847 - domain);
53848 + domain->iop = alloc_io_pgtable(ARM_32_LPAE_S1, &domain->cfg, domain);
53849 if (!domain->iop)
53850 return -EINVAL;
53851
53852 @@ -478,7 +477,7 @@ static void ipmmu_domain_free(struct iommu_domain *io_domain)
53853 * been detached.
53854 */
53855 ipmmu_domain_destroy_context(domain);
53856 - free_io_pgtable_ops(domain->iop);
53857 + free_io_pgtable(domain->iop);
53858 kfree(domain);
53859 }
53860
53861 @@ -547,7 +546,7 @@ static int ipmmu_map(struct iommu_domain *io_domain, unsigned long iova,
53862 if (!domain)
53863 return -ENODEV;
53864
53865 - return domain->iop->map(domain->iop, iova, paddr, size, prot);
53866 + return domain->iop->ops->map(domain->iop, iova, paddr, size, prot);
53867 }
53868
53869 static size_t ipmmu_unmap(struct iommu_domain *io_domain, unsigned long iova,
53870 @@ -555,7 +554,7 @@ static size_t ipmmu_unmap(struct iommu_domain *io_domain, unsigned long iova,
53871 {
53872 struct ipmmu_vmsa_domain *domain = to_vmsa_domain(io_domain);
53873
53874 - return domain->iop->unmap(domain->iop, iova, size);
53875 + return domain->iop->ops->unmap(domain->iop, iova, size);
53876 }
53877
53878 static phys_addr_t ipmmu_iova_to_phys(struct iommu_domain *io_domain,
53879 @@ -565,7 +564,7 @@ static phys_addr_t ipmmu_iova_to_phys(struct iommu_domain *io_domain,
53880
53881 /* TODO: Is locking needed ? */
53882
53883 - return domain->iop->iova_to_phys(domain->iop, iova);
53884 + return domain->iop->ops->iova_to_phys(domain->iop, iova);
53885 }
53886
53887 static int ipmmu_find_utlbs(struct ipmmu_vmsa_device *mmu, struct device *dev,
53888 diff --git a/drivers/iommu/irq_remapping.c b/drivers/iommu/irq_remapping.c
53889 index 49721b4..62874d3 100644
53890 --- a/drivers/iommu/irq_remapping.c
53891 +++ b/drivers/iommu/irq_remapping.c
53892 @@ -153,7 +153,7 @@ int __init irq_remap_enable_fault_handling(void)
53893 void panic_if_irq_remap(const char *msg)
53894 {
53895 if (irq_remapping_enabled)
53896 - panic(msg);
53897 + panic("%s", msg);
53898 }
53899
53900 void ir_ack_apic_edge(struct irq_data *data)
53901 diff --git a/drivers/iommu/msm_iommu.c b/drivers/iommu/msm_iommu.c
53902 index b09692b..aa64d59 100644
53903 --- a/drivers/iommu/msm_iommu.c
53904 +++ b/drivers/iommu/msm_iommu.c
53905 @@ -53,7 +53,7 @@ struct msm_priv {
53906 struct list_head list_attached;
53907 struct iommu_domain domain;
53908 struct io_pgtable_cfg cfg;
53909 - struct io_pgtable_ops *iop;
53910 + struct io_pgtable *iop;
53911 struct device *dev;
53912 spinlock_t pgtlock; /* pagetable lock */
53913 };
53914 @@ -360,13 +360,15 @@ static int msm_iommu_domain_config(struct msm_priv *priv)
53915 .iommu_dev = priv->dev,
53916 };
53917
53918 - priv->iop = alloc_io_pgtable_ops(ARM_V7S, &priv->cfg, priv);
53919 + priv->iop = alloc_io_pgtable(ARM_V7S, &priv->cfg, priv);
53920 if (!priv->iop) {
53921 dev_err(priv->dev, "Failed to allocate pgtable\n");
53922 return -EINVAL;
53923 }
53924
53925 - msm_iommu_ops.pgsize_bitmap = priv->cfg.pgsize_bitmap;
53926 + pax_open_kernel();
53927 + const_cast(msm_iommu_ops.pgsize_bitmap) = priv->cfg.pgsize_bitmap;
53928 + pax_close_kernel();
53929
53930 return 0;
53931 }
53932 @@ -429,7 +431,7 @@ static void msm_iommu_detach_dev(struct iommu_domain *domain,
53933 struct msm_iommu_ctx_dev *master;
53934 int ret;
53935
53936 - free_io_pgtable_ops(priv->iop);
53937 + free_io_pgtable(priv->iop);
53938
53939 spin_lock_irqsave(&msm_iommu_lock, flags);
53940 list_for_each_entry(iommu, &priv->list_attached, dom_node) {
53941 @@ -455,7 +457,7 @@ static int msm_iommu_map(struct iommu_domain *domain, unsigned long iova,
53942 int ret;
53943
53944 spin_lock_irqsave(&priv->pgtlock, flags);
53945 - ret = priv->iop->map(priv->iop, iova, pa, len, prot);
53946 + ret = priv->iop->ops->map(priv->iop, iova, pa, len, prot);
53947 spin_unlock_irqrestore(&priv->pgtlock, flags);
53948
53949 return ret;
53950 @@ -468,7 +470,7 @@ static size_t msm_iommu_unmap(struct iommu_domain *domain, unsigned long iova,
53951 unsigned long flags;
53952
53953 spin_lock_irqsave(&priv->pgtlock, flags);
53954 - len = priv->iop->unmap(priv->iop, iova, len);
53955 + len = priv->iop->ops->unmap(priv->iop, iova, len);
53956 spin_unlock_irqrestore(&priv->pgtlock, flags);
53957
53958 return len;
53959 diff --git a/drivers/iommu/mtk_iommu.c b/drivers/iommu/mtk_iommu.c
53960 index b12c12d..27bf745 100644
53961 --- a/drivers/iommu/mtk_iommu.c
53962 +++ b/drivers/iommu/mtk_iommu.c
53963 @@ -97,7 +97,7 @@ struct mtk_iommu_domain {
53964 spinlock_t pgtlock; /* lock for page table */
53965
53966 struct io_pgtable_cfg cfg;
53967 - struct io_pgtable_ops *iop;
53968 + struct io_pgtable *iop;
53969
53970 struct iommu_domain domain;
53971 };
53972 @@ -235,7 +235,7 @@ static int mtk_iommu_domain_finalise(struct mtk_iommu_data *data)
53973 if (data->enable_4GB)
53974 dom->cfg.quirks |= IO_PGTABLE_QUIRK_ARM_MTK_4GB;
53975
53976 - dom->iop = alloc_io_pgtable_ops(ARM_V7S, &dom->cfg, data);
53977 + dom->iop = alloc_io_pgtable(ARM_V7S, &dom->cfg, data);
53978 if (!dom->iop) {
53979 dev_err(data->dev, "Failed to alloc io pgtable\n");
53980 return -EINVAL;
53981 @@ -328,7 +328,7 @@ static int mtk_iommu_map(struct iommu_domain *domain, unsigned long iova,
53982 int ret;
53983
53984 spin_lock_irqsave(&dom->pgtlock, flags);
53985 - ret = dom->iop->map(dom->iop, iova, paddr, size, prot);
53986 + ret = dom->iop->ops->map(dom->iop, iova, paddr, size, prot);
53987 spin_unlock_irqrestore(&dom->pgtlock, flags);
53988
53989 return ret;
53990 @@ -342,7 +342,7 @@ static size_t mtk_iommu_unmap(struct iommu_domain *domain,
53991 size_t unmapsz;
53992
53993 spin_lock_irqsave(&dom->pgtlock, flags);
53994 - unmapsz = dom->iop->unmap(dom->iop, iova, size);
53995 + unmapsz = dom->iop->ops->unmap(dom->iop, iova, size);
53996 spin_unlock_irqrestore(&dom->pgtlock, flags);
53997
53998 return unmapsz;
53999 @@ -356,7 +356,7 @@ static phys_addr_t mtk_iommu_iova_to_phys(struct iommu_domain *domain,
54000 phys_addr_t pa;
54001
54002 spin_lock_irqsave(&dom->pgtlock, flags);
54003 - pa = dom->iop->iova_to_phys(dom->iop, iova);
54004 + pa = dom->iop->ops->iova_to_phys(dom->iop, iova);
54005 spin_unlock_irqrestore(&dom->pgtlock, flags);
54006
54007 return pa;
54008 @@ -615,7 +615,7 @@ static int mtk_iommu_remove(struct platform_device *pdev)
54009 if (iommu_present(&platform_bus_type))
54010 bus_set_iommu(&platform_bus_type, NULL);
54011
54012 - free_io_pgtable_ops(data->m4u_dom->iop);
54013 + free_io_pgtable(data->m4u_dom->iop);
54014 clk_disable_unprepare(data->bclk);
54015 devm_free_irq(&pdev->dev, data->irq, data);
54016 component_master_del(&pdev->dev, &mtk_iommu_com_ops);
54017 diff --git a/drivers/irqchip/irq-gic.c b/drivers/irqchip/irq-gic.c
54018 index 390fac5..74fed85 100644
54019 --- a/drivers/irqchip/irq-gic.c
54020 +++ b/drivers/irqchip/irq-gic.c
54021 @@ -392,7 +392,7 @@ static void gic_handle_cascade_irq(struct irq_desc *desc)
54022 chained_irq_exit(chip, desc);
54023 }
54024
54025 -static struct irq_chip gic_chip = {
54026 +static irq_chip_no_const gic_chip __read_only = {
54027 .irq_mask = gic_mask_irq,
54028 .irq_unmask = gic_unmask_irq,
54029 .irq_eoi = gic_eoi_irq,
54030 diff --git a/drivers/irqchip/irq-i8259.c b/drivers/irqchip/irq-i8259.c
54031 index 6b304eb..6e3a1413 100644
54032 --- a/drivers/irqchip/irq-i8259.c
54033 +++ b/drivers/irqchip/irq-i8259.c
54034 @@ -204,7 +204,7 @@ spurious_8259A_irq:
54035 printk(KERN_DEBUG "spurious 8259A interrupt: IRQ%d.\n", irq);
54036 spurious_irq_mask |= irqmask;
54037 }
54038 - atomic_inc(&irq_err_count);
54039 + atomic_inc_unchecked(&irq_err_count);
54040 /*
54041 * Theoretically we do not have to handle this IRQ,
54042 * but in Linux this does not cause problems and is
54043 diff --git a/drivers/irqchip/irq-mmp.c b/drivers/irqchip/irq-mmp.c
54044 index 013fc96..36a9a97 100644
54045 --- a/drivers/irqchip/irq-mmp.c
54046 +++ b/drivers/irqchip/irq-mmp.c
54047 @@ -122,7 +122,7 @@ static void icu_unmask_irq(struct irq_data *d)
54048 }
54049 }
54050
54051 -struct irq_chip icu_irq_chip = {
54052 +irq_chip_no_const icu_irq_chip __read_only = {
54053 .name = "icu_irq",
54054 .irq_mask = icu_mask_irq,
54055 .irq_mask_ack = icu_mask_ack_irq,
54056 diff --git a/drivers/irqchip/irq-renesas-intc-irqpin.c b/drivers/irqchip/irq-renesas-intc-irqpin.c
54057 index 713177d..3849ddd 100644
54058 --- a/drivers/irqchip/irq-renesas-intc-irqpin.c
54059 +++ b/drivers/irqchip/irq-renesas-intc-irqpin.c
54060 @@ -396,7 +396,7 @@ static int intc_irqpin_probe(struct platform_device *pdev)
54061 struct intc_irqpin_iomem *i;
54062 struct resource *io[INTC_IRQPIN_REG_NR];
54063 struct resource *irq;
54064 - struct irq_chip *irq_chip;
54065 + irq_chip_no_const *irq_chip;
54066 void (*enable_fn)(struct irq_data *d);
54067 void (*disable_fn)(struct irq_data *d);
54068 const char *name = dev_name(dev);
54069 diff --git a/drivers/irqchip/irq-ts4800.c b/drivers/irqchip/irq-ts4800.c
54070 index 2325fb3..fca7529 100644
54071 --- a/drivers/irqchip/irq-ts4800.c
54072 +++ b/drivers/irqchip/irq-ts4800.c
54073 @@ -93,7 +93,7 @@ static int ts4800_ic_probe(struct platform_device *pdev)
54074 {
54075 struct device_node *node = pdev->dev.of_node;
54076 struct ts4800_irq_data *data;
54077 - struct irq_chip *irq_chip;
54078 + irq_chip_no_const *irq_chip;
54079 struct resource *res;
54080 int parent_irq;
54081
54082 diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c
54083 index 6a2df32..dc962f1 100644
54084 --- a/drivers/isdn/capi/capi.c
54085 +++ b/drivers/isdn/capi/capi.c
54086 @@ -81,8 +81,8 @@ struct capiminor {
54087
54088 struct capi20_appl *ap;
54089 u32 ncci;
54090 - atomic_t datahandle;
54091 - atomic_t msgid;
54092 + atomic_unchecked_t datahandle;
54093 + atomic_unchecked_t msgid;
54094
54095 struct tty_port port;
54096 int ttyinstop;
54097 @@ -391,7 +391,7 @@ gen_data_b3_resp_for(struct capiminor *mp, struct sk_buff *skb)
54098 capimsg_setu16(s, 2, mp->ap->applid);
54099 capimsg_setu8 (s, 4, CAPI_DATA_B3);
54100 capimsg_setu8 (s, 5, CAPI_RESP);
54101 - capimsg_setu16(s, 6, atomic_inc_return(&mp->msgid));
54102 + capimsg_setu16(s, 6, atomic_inc_return_unchecked(&mp->msgid));
54103 capimsg_setu32(s, 8, mp->ncci);
54104 capimsg_setu16(s, 12, datahandle);
54105 }
54106 @@ -512,14 +512,14 @@ static void handle_minor_send(struct capiminor *mp)
54107 mp->outbytes -= len;
54108 spin_unlock_bh(&mp->outlock);
54109
54110 - datahandle = atomic_inc_return(&mp->datahandle);
54111 + datahandle = atomic_inc_return_unchecked(&mp->datahandle);
54112 skb_push(skb, CAPI_DATA_B3_REQ_LEN);
54113 memset(skb->data, 0, CAPI_DATA_B3_REQ_LEN);
54114 capimsg_setu16(skb->data, 0, CAPI_DATA_B3_REQ_LEN);
54115 capimsg_setu16(skb->data, 2, mp->ap->applid);
54116 capimsg_setu8 (skb->data, 4, CAPI_DATA_B3);
54117 capimsg_setu8 (skb->data, 5, CAPI_REQ);
54118 - capimsg_setu16(skb->data, 6, atomic_inc_return(&mp->msgid));
54119 + capimsg_setu16(skb->data, 6, atomic_inc_return_unchecked(&mp->msgid));
54120 capimsg_setu32(skb->data, 8, mp->ncci); /* NCCI */
54121 capimsg_setu32(skb->data, 12, (u32)(long)skb->data);/* Data32 */
54122 capimsg_setu16(skb->data, 16, len); /* Data length */
54123 diff --git a/drivers/isdn/gigaset/bas-gigaset.c b/drivers/isdn/gigaset/bas-gigaset.c
54124 index aecec6d..11e13c5 100644
54125 --- a/drivers/isdn/gigaset/bas-gigaset.c
54126 +++ b/drivers/isdn/gigaset/bas-gigaset.c
54127 @@ -2565,22 +2565,22 @@ static int gigaset_post_reset(struct usb_interface *intf)
54128
54129
54130 static const struct gigaset_ops gigops = {
54131 - gigaset_write_cmd,
54132 - gigaset_write_room,
54133 - gigaset_chars_in_buffer,
54134 - gigaset_brkchars,
54135 - gigaset_init_bchannel,
54136 - gigaset_close_bchannel,
54137 - gigaset_initbcshw,
54138 - gigaset_freebcshw,
54139 - gigaset_reinitbcshw,
54140 - gigaset_initcshw,
54141 - gigaset_freecshw,
54142 - gigaset_set_modem_ctrl,
54143 - gigaset_baud_rate,
54144 - gigaset_set_line_ctrl,
54145 - gigaset_isoc_send_skb,
54146 - gigaset_isoc_input,
54147 + .write_cmd = gigaset_write_cmd,
54148 + .write_room = gigaset_write_room,
54149 + .chars_in_buffer = gigaset_chars_in_buffer,
54150 + .brkchars = gigaset_brkchars,
54151 + .init_bchannel = gigaset_init_bchannel,
54152 + .close_bchannel = gigaset_close_bchannel,
54153 + .initbcshw = gigaset_initbcshw,
54154 + .freebcshw = gigaset_freebcshw,
54155 + .reinitbcshw = gigaset_reinitbcshw,
54156 + .initcshw = gigaset_initcshw,
54157 + .freecshw = gigaset_freecshw,
54158 + .set_modem_ctrl = gigaset_set_modem_ctrl,
54159 + .baud_rate = gigaset_baud_rate,
54160 + .set_line_ctrl = gigaset_set_line_ctrl,
54161 + .send_skb = gigaset_isoc_send_skb,
54162 + .handle_input = gigaset_isoc_input,
54163 };
54164
54165 /* bas_gigaset_init
54166 diff --git a/drivers/isdn/gigaset/interface.c b/drivers/isdn/gigaset/interface.c
54167 index 600c79b..3752bab 100644
54168 --- a/drivers/isdn/gigaset/interface.c
54169 +++ b/drivers/isdn/gigaset/interface.c
54170 @@ -130,9 +130,9 @@ static int if_open(struct tty_struct *tty, struct file *filp)
54171 }
54172 tty->driver_data = cs;
54173
54174 - ++cs->port.count;
54175 + atomic_inc(&cs->port.count);
54176
54177 - if (cs->port.count == 1) {
54178 + if (atomic_read(&cs->port.count) == 1) {
54179 tty_port_tty_set(&cs->port, tty);
54180 cs->port.low_latency = 1;
54181 }
54182 @@ -156,9 +156,9 @@ static void if_close(struct tty_struct *tty, struct file *filp)
54183
54184 if (!cs->connected)
54185 gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */
54186 - else if (!cs->port.count)
54187 + else if (!atomic_read(&cs->port.count))
54188 dev_warn(cs->dev, "%s: device not opened\n", __func__);
54189 - else if (!--cs->port.count)
54190 + else if (!atomic_dec_return(&cs->port.count))
54191 tty_port_tty_set(&cs->port, NULL);
54192
54193 mutex_unlock(&cs->mutex);
54194 diff --git a/drivers/isdn/gigaset/ser-gigaset.c b/drivers/isdn/gigaset/ser-gigaset.c
54195 index d1f8ab9..c0412f2 100644
54196 --- a/drivers/isdn/gigaset/ser-gigaset.c
54197 +++ b/drivers/isdn/gigaset/ser-gigaset.c
54198 @@ -445,22 +445,22 @@ static int gigaset_set_line_ctrl(struct cardstate *cs, unsigned cflag)
54199 }
54200
54201 static const struct gigaset_ops ops = {
54202 - gigaset_write_cmd,
54203 - gigaset_write_room,
54204 - gigaset_chars_in_buffer,
54205 - gigaset_brkchars,
54206 - gigaset_init_bchannel,
54207 - gigaset_close_bchannel,
54208 - gigaset_initbcshw,
54209 - gigaset_freebcshw,
54210 - gigaset_reinitbcshw,
54211 - gigaset_initcshw,
54212 - gigaset_freecshw,
54213 - gigaset_set_modem_ctrl,
54214 - gigaset_baud_rate,
54215 - gigaset_set_line_ctrl,
54216 - gigaset_m10x_send_skb, /* asyncdata.c */
54217 - gigaset_m10x_input, /* asyncdata.c */
54218 + .write_cmd = gigaset_write_cmd,
54219 + .write_room = gigaset_write_room,
54220 + .chars_in_buffer = gigaset_chars_in_buffer,
54221 + .brkchars = gigaset_brkchars,
54222 + .init_bchannel = gigaset_init_bchannel,
54223 + .close_bchannel = gigaset_close_bchannel,
54224 + .initbcshw = gigaset_initbcshw,
54225 + .freebcshw = gigaset_freebcshw,
54226 + .reinitbcshw = gigaset_reinitbcshw,
54227 + .initcshw = gigaset_initcshw,
54228 + .freecshw = gigaset_freecshw,
54229 + .set_modem_ctrl = gigaset_set_modem_ctrl,
54230 + .baud_rate = gigaset_baud_rate,
54231 + .set_line_ctrl = gigaset_set_line_ctrl,
54232 + .send_skb = gigaset_m10x_send_skb, /* asyncdata.c */
54233 + .handle_input = gigaset_m10x_input, /* asyncdata.c */
54234 };
54235
54236
54237 diff --git a/drivers/isdn/gigaset/usb-gigaset.c b/drivers/isdn/gigaset/usb-gigaset.c
54238 index 5f306e2..ff14829 100644
54239 --- a/drivers/isdn/gigaset/usb-gigaset.c
54240 +++ b/drivers/isdn/gigaset/usb-gigaset.c
54241 @@ -543,7 +543,7 @@ static int gigaset_brkchars(struct cardstate *cs, const unsigned char buf[6])
54242 gigaset_dbg_buffer(DEBUG_USBREQ, "brkchars", 6, buf);
54243 memcpy(cs->hw.usb->bchars, buf, 6);
54244 return usb_control_msg(udev, usb_sndctrlpipe(udev, 0), 0x19, 0x41,
54245 - 0, 0, &buf, 6, 2000);
54246 + 0, 0, cs->hw.usb->bchars, 6, 2000);
54247 }
54248
54249 static void gigaset_freebcshw(struct bc_state *bcs)
54250 @@ -862,22 +862,22 @@ static int gigaset_pre_reset(struct usb_interface *intf)
54251 }
54252
54253 static const struct gigaset_ops ops = {
54254 - gigaset_write_cmd,
54255 - gigaset_write_room,
54256 - gigaset_chars_in_buffer,
54257 - gigaset_brkchars,
54258 - gigaset_init_bchannel,
54259 - gigaset_close_bchannel,
54260 - gigaset_initbcshw,
54261 - gigaset_freebcshw,
54262 - gigaset_reinitbcshw,
54263 - gigaset_initcshw,
54264 - gigaset_freecshw,
54265 - gigaset_set_modem_ctrl,
54266 - gigaset_baud_rate,
54267 - gigaset_set_line_ctrl,
54268 - gigaset_m10x_send_skb,
54269 - gigaset_m10x_input,
54270 + .write_cmd = gigaset_write_cmd,
54271 + .write_room = gigaset_write_room,
54272 + .chars_in_buffer = gigaset_chars_in_buffer,
54273 + .brkchars = gigaset_brkchars,
54274 + .init_bchannel = gigaset_init_bchannel,
54275 + .close_bchannel = gigaset_close_bchannel,
54276 + .initbcshw = gigaset_initbcshw,
54277 + .freebcshw = gigaset_freebcshw,
54278 + .reinitbcshw = gigaset_reinitbcshw,
54279 + .initcshw = gigaset_initcshw,
54280 + .freecshw = gigaset_freecshw,
54281 + .set_modem_ctrl = gigaset_set_modem_ctrl,
54282 + .baud_rate = gigaset_baud_rate,
54283 + .set_line_ctrl = gigaset_set_line_ctrl,
54284 + .send_skb = gigaset_m10x_send_skb,
54285 + .handle_input = gigaset_m10x_input,
54286 };
54287
54288 /*
54289 diff --git a/drivers/isdn/hardware/avm/b1.c b/drivers/isdn/hardware/avm/b1.c
54290 index 4d9b195..455075c 100644
54291 --- a/drivers/isdn/hardware/avm/b1.c
54292 +++ b/drivers/isdn/hardware/avm/b1.c
54293 @@ -176,7 +176,7 @@ int b1_load_t4file(avmcard *card, capiloaddatapart *t4file)
54294 }
54295 if (left) {
54296 if (t4file->user) {
54297 - if (copy_from_user(buf, dp, left))
54298 + if (left > sizeof buf || copy_from_user(buf, dp, left))
54299 return -EFAULT;
54300 } else {
54301 memcpy(buf, dp, left);
54302 @@ -224,7 +224,7 @@ int b1_load_config(avmcard *card, capiloaddatapart *config)
54303 }
54304 if (left) {
54305 if (config->user) {
54306 - if (copy_from_user(buf, dp, left))
54307 + if (left > sizeof buf || copy_from_user(buf, dp, left))
54308 return -EFAULT;
54309 } else {
54310 memcpy(buf, dp, left);
54311 diff --git a/drivers/isdn/hardware/eicon/capifunc.c b/drivers/isdn/hardware/eicon/capifunc.c
54312 index 7a0bdbd..0a7b7db 100644
54313 --- a/drivers/isdn/hardware/eicon/capifunc.c
54314 +++ b/drivers/isdn/hardware/eicon/capifunc.c
54315 @@ -57,7 +57,7 @@ static u16 diva_send_message(struct capi_ctr *,
54316 diva_os_message_buffer_s *);
54317 extern void diva_os_set_controller_struct(struct capi_ctr *);
54318
54319 -extern void DIVA_DIDD_Read(DESCRIPTOR *, int);
54320 +extern void DIVA_DIDD_Read(void *, int);
54321
54322 /*
54323 * debug
54324 @@ -1032,7 +1032,6 @@ static void didd_callback(void *context, DESCRIPTOR *adapter, int removal)
54325 stop_dbg();
54326 } else {
54327 memcpy(&MAdapter, adapter, sizeof(MAdapter));
54328 - dprintf = (DIVA_DI_PRINTF) MAdapter.request;
54329 DbgRegister("CAPI20", DRIVERRELEASE_CAPI, DBG_DEFAULT);
54330 }
54331 } else if ((adapter->type > 0) && (adapter->type < 16)) { /* IDI Adapter */
54332 @@ -1060,7 +1059,6 @@ static int divacapi_connect_didd(void)
54333 for (x = 0; x < MAX_DESCRIPTORS; x++) {
54334 if (DIDD_Table[x].type == IDI_DIMAINT) { /* MAINT found */
54335 memcpy(&MAdapter, &DIDD_Table[x], sizeof(DAdapter));
54336 - dprintf = (DIVA_DI_PRINTF) MAdapter.request;
54337 DbgRegister("CAPI20", DRIVERRELEASE_CAPI, DBG_DEFAULT);
54338 break;
54339 }
54340 @@ -1072,7 +1070,7 @@ static int divacapi_connect_didd(void)
54341 req.didd_notify.e.Req = 0;
54342 req.didd_notify.e.Rc =
54343 IDI_SYNC_REQ_DIDD_REGISTER_ADAPTER_NOTIFY;
54344 - req.didd_notify.info.callback = (void *)didd_callback;
54345 + req.didd_notify.info.callback = didd_callback;
54346 req.didd_notify.info.context = NULL;
54347 DAdapter.request((ENTITY *)&req);
54348 if (req.didd_notify.e.Rc != 0xff) {
54349 diff --git a/drivers/isdn/hardware/eicon/dadapter.c b/drivers/isdn/hardware/eicon/dadapter.c
54350 index 5142099..642b7de 100644
54351 --- a/drivers/isdn/hardware/eicon/dadapter.c
54352 +++ b/drivers/isdn/hardware/eicon/dadapter.c
54353 @@ -63,10 +63,14 @@ static void no_printf(unsigned char *format, ...)
54354 ------------------------------------------------------------------------- */
54355 #include "debuglib.c"
54356
54357 +static void IDI_CALL_LINK_T no_request(ENTITY IDI_CALL_ENTITY_T *i)
54358 +{
54359 +}
54360 +
54361 static DESCRIPTOR MAdapter = {IDI_DIMAINT, /* Adapter Type */
54362 0x00, /* Channels */
54363 0x0000, /* Features */
54364 - (IDI_CALL)no_printf};
54365 + no_request};
54366 /* --------------------------------------------------------------------------
54367 DAdapter. Only IDI clients with buffer, that is huge enough to
54368 get all descriptors will receive information about DAdapter
54369 @@ -100,6 +104,11 @@ void diva_didd_load_time_init(void) {
54370 void diva_didd_load_time_finit(void) {
54371 diva_os_destroy_spin_lock(&didd_spin, "didd");
54372 }
54373 +
54374 +static void diva_didd_no_request(ENTITY *e)
54375 +{
54376 +}
54377 +
54378 /* --------------------------------------------------------------------------
54379 Called in order to register new adapter in adapter array
54380 return adapter handle (> 0) on success
54381 @@ -111,13 +120,12 @@ static int diva_didd_add_descriptor(DESCRIPTOR *d) {
54382 if (d->type == IDI_DIMAINT) {
54383 if (d->request) {
54384 MAdapter.request = d->request;
54385 - dprintf = (DIVA_DI_PRINTF)d->request;
54386 diva_notify_adapter_change(&MAdapter, 0); /* Inserted */
54387 DBG_TRC(("DIMAINT registered, dprintf=%08x", d->request))
54388 } else {
54389 DBG_TRC(("DIMAINT removed"))
54390 diva_notify_adapter_change(&MAdapter, 1); /* About to remove */
54391 - MAdapter.request = (IDI_CALL)no_printf;
54392 + MAdapter.request = diva_didd_no_request;
54393 dprintf = no_printf;
54394 }
54395 return (NEW_MAX_DESCRIPTORS);
54396 @@ -149,7 +157,7 @@ static int diva_didd_remove_descriptor(IDI_CALL request) {
54397 DBG_TRC(("DIMAINT removed"))
54398 dprintf = no_printf;
54399 diva_notify_adapter_change(&MAdapter, 1); /* About to remove */
54400 - MAdapter.request = (IDI_CALL)no_printf;
54401 + MAdapter.request = diva_didd_no_request;
54402 return (0);
54403 }
54404 for (i = 0; (Adapters && (i < NEW_MAX_DESCRIPTORS)); i++) {
54405 @@ -222,7 +230,7 @@ static void IDI_CALL_LINK_T diva_dadapter_request( \
54406 case IDI_SYNC_REQ_DIDD_REGISTER_ADAPTER_NOTIFY: {
54407 diva_didd_adapter_notify_t *pinfo = &syncReq->didd_notify.info;
54408 pinfo->handle = diva_register_adapter_callback( \
54409 - (didd_adapter_change_callback_t)pinfo->callback,
54410 + pinfo->callback,
54411 (void IDI_CALL_ENTITY_T *)pinfo->context);
54412 e->Rc = 0xff;
54413 } break;
54414 diff --git a/drivers/isdn/hardware/eicon/diddfunc.c b/drivers/isdn/hardware/eicon/diddfunc.c
54415 index b0b23ed..e3d4e18 100644
54416 --- a/drivers/isdn/hardware/eicon/diddfunc.c
54417 +++ b/drivers/isdn/hardware/eicon/diddfunc.c
54418 @@ -28,12 +28,12 @@ static DESCRIPTOR _DAdapter;
54419 /*
54420 * didd callback function
54421 */
54422 -static void *didd_callback(void *context, DESCRIPTOR *adapter,
54423 +static void didd_callback(void *context, DESCRIPTOR *adapter,
54424 int removal)
54425 {
54426 if (adapter->type == IDI_DADAPTER) {
54427 DBG_ERR(("Notification about IDI_DADAPTER change ! Oops."))
54428 - return (NULL);
54429 + return;
54430 } else if (adapter->type == IDI_DIMAINT) {
54431 if (removal) {
54432 DbgDeregister();
54433 @@ -41,7 +41,6 @@ static void *didd_callback(void *context, DESCRIPTOR *adapter,
54434 DbgRegister("DIDD", DRIVERRELEASE_DIDD, DBG_DEFAULT);
54435 }
54436 }
54437 - return (NULL);
54438 }
54439
54440 /*
54441 @@ -63,7 +62,7 @@ static int __init connect_didd(void)
54442 req.didd_notify.e.Req = 0;
54443 req.didd_notify.e.Rc =
54444 IDI_SYNC_REQ_DIDD_REGISTER_ADAPTER_NOTIFY;
54445 - req.didd_notify.info.callback = (void *)didd_callback;
54446 + req.didd_notify.info.callback = didd_callback;
54447 req.didd_notify.info.context = NULL;
54448 _DAdapter.request((ENTITY *)&req);
54449 if (req.didd_notify.e.Rc != 0xff)
54450 diff --git a/drivers/isdn/hardware/eicon/divasfunc.c b/drivers/isdn/hardware/eicon/divasfunc.c
54451 index 4be5f88..1dbd479 100644
54452 --- a/drivers/isdn/hardware/eicon/divasfunc.c
54453 +++ b/drivers/isdn/hardware/eicon/divasfunc.c
54454 @@ -130,12 +130,12 @@ static void stop_dbg(void)
54455 /*
54456 * didd callback function
54457 */
54458 -static void *didd_callback(void *context, DESCRIPTOR *adapter,
54459 +static void didd_callback(void *context, DESCRIPTOR *adapter,
54460 int removal)
54461 {
54462 if (adapter->type == IDI_DADAPTER) {
54463 DBG_ERR(("Notification about IDI_DADAPTER change ! Oops."));
54464 - return (NULL);
54465 + return;
54466 }
54467
54468 if (adapter->type == IDI_DIMAINT) {
54469 @@ -143,11 +143,9 @@ static void *didd_callback(void *context, DESCRIPTOR *adapter,
54470 stop_dbg();
54471 } else {
54472 memcpy(&MAdapter, adapter, sizeof(MAdapter));
54473 - dprintf = (DIVA_DI_PRINTF) MAdapter.request;
54474 start_dbg();
54475 }
54476 }
54477 - return (NULL);
54478 }
54479
54480 /*
54481 @@ -169,7 +167,7 @@ static int __init connect_didd(void)
54482 req.didd_notify.e.Req = 0;
54483 req.didd_notify.e.Rc =
54484 IDI_SYNC_REQ_DIDD_REGISTER_ADAPTER_NOTIFY;
54485 - req.didd_notify.info.callback = (void *)didd_callback;
54486 + req.didd_notify.info.callback = didd_callback;
54487 req.didd_notify.info.context = NULL;
54488 DAdapter.request((ENTITY *)&req);
54489 if (req.didd_notify.e.Rc != 0xff) {
54490 @@ -179,7 +177,6 @@ static int __init connect_didd(void)
54491 notify_handle = req.didd_notify.info.handle;
54492 } else if (DIDD_Table[x].type == IDI_DIMAINT) { /* MAINT found */
54493 memcpy(&MAdapter, &DIDD_Table[x], sizeof(DAdapter));
54494 - dprintf = (DIVA_DI_PRINTF) MAdapter.request;
54495 start_dbg();
54496 }
54497 }
54498 diff --git a/drivers/isdn/hardware/eicon/divasync.h b/drivers/isdn/hardware/eicon/divasync.h
54499 index dd6b53a..42661f6 100644
54500 --- a/drivers/isdn/hardware/eicon/divasync.h
54501 +++ b/drivers/isdn/hardware/eicon/divasync.h
54502 @@ -138,7 +138,7 @@ typedef struct _diva_xdi_dma_descriptor_operation {
54503 #define IDI_SYNC_REQ_DIDD_GET_CFG_LIB_IFC 0x10
54504 typedef struct _diva_didd_adapter_notify {
54505 dword handle; /* Notification handle */
54506 - void *callback;
54507 + didd_adapter_change_callback_t callback;
54508 void *context;
54509 } diva_didd_adapter_notify_t;
54510 typedef struct _diva_didd_add_adapter {
54511 diff --git a/drivers/isdn/hardware/eicon/idifunc.c b/drivers/isdn/hardware/eicon/idifunc.c
54512 index fef6586..22353ff 100644
54513 --- a/drivers/isdn/hardware/eicon/idifunc.c
54514 +++ b/drivers/isdn/hardware/eicon/idifunc.c
54515 @@ -154,18 +154,17 @@ rescan:
54516 /*
54517 * DIDD notify callback
54518 */
54519 -static void *didd_callback(void *context, DESCRIPTOR *adapter,
54520 +static void didd_callback(void *context, DESCRIPTOR *adapter,
54521 int removal)
54522 {
54523 if (adapter->type == IDI_DADAPTER) {
54524 DBG_ERR(("Notification about IDI_DADAPTER change ! Oops."));
54525 - return (NULL);
54526 + return;
54527 } else if (adapter->type == IDI_DIMAINT) {
54528 if (removal) {
54529 stop_dbg();
54530 } else {
54531 memcpy(&MAdapter, adapter, sizeof(MAdapter));
54532 - dprintf = (DIVA_DI_PRINTF) MAdapter.request;
54533 DbgRegister("User IDI", DRIVERRELEASE_IDI, DBG_DEFAULT);
54534 }
54535 } else if ((adapter->type > 0) && (adapter->type < 16)) { /* IDI Adapter */
54536 @@ -175,7 +174,6 @@ static void *didd_callback(void *context, DESCRIPTOR *adapter,
54537 um_new_card(adapter);
54538 }
54539 }
54540 - return (NULL);
54541 }
54542
54543 /*
54544 @@ -197,7 +195,7 @@ static int __init connect_didd(void)
54545 req.didd_notify.e.Req = 0;
54546 req.didd_notify.e.Rc =
54547 IDI_SYNC_REQ_DIDD_REGISTER_ADAPTER_NOTIFY;
54548 - req.didd_notify.info.callback = (void *)didd_callback;
54549 + req.didd_notify.info.callback = didd_callback;
54550 req.didd_notify.info.context = NULL;
54551 DAdapter.request((ENTITY *)&req);
54552 if (req.didd_notify.e.Rc != 0xff) {
54553 @@ -207,7 +205,6 @@ static int __init connect_didd(void)
54554 notify_handle = req.didd_notify.info.handle;
54555 } else if (DIDD_Table[x].type == IDI_DIMAINT) { /* MAINT found */
54556 memcpy(&MAdapter, &DIDD_Table[x], sizeof(DAdapter));
54557 - dprintf = (DIVA_DI_PRINTF) MAdapter.request;
54558 DbgRegister("User IDI", DRIVERRELEASE_IDI, DBG_DEFAULT);
54559 } else if ((DIDD_Table[x].type > 0)
54560 && (DIDD_Table[x].type < 16)) { /* IDI Adapter found */
54561 diff --git a/drivers/isdn/hardware/eicon/mntfunc.c b/drivers/isdn/hardware/eicon/mntfunc.c
54562 index 1cd9aff..3775d52 100644
54563 --- a/drivers/isdn/hardware/eicon/mntfunc.c
54564 +++ b/drivers/isdn/hardware/eicon/mntfunc.c
54565 @@ -26,8 +26,13 @@ extern void DIVA_DIDD_Read(void *, int);
54566 static dword notify_handle;
54567 static DESCRIPTOR DAdapter;
54568 static DESCRIPTOR MAdapter;
54569 +
54570 +static void didd_nothing(ENTITY IDI_CALL_ENTITY_T *e)
54571 +{
54572 + diva_maint_prtComp((char *)e);
54573 +}
54574 static DESCRIPTOR MaintDescriptor =
54575 -{ IDI_DIMAINT, 0, 0, (IDI_CALL) diva_maint_prtComp };
54576 +{ IDI_DIMAINT, 0, 0, didd_nothing };
54577
54578 extern int diva_os_copy_to_user(void *os_handle, void __user *dst,
54579 const void *src, int length);
54580 @@ -44,7 +49,7 @@ static void no_printf(unsigned char *x, ...)
54581 /*
54582 * DIDD callback function
54583 */
54584 -static void *didd_callback(void *context, DESCRIPTOR *adapter,
54585 +static void didd_callback(void *context, DESCRIPTOR *adapter,
54586 int removal)
54587 {
54588 if (adapter->type == IDI_DADAPTER) {
54589 @@ -56,7 +61,6 @@ static void *didd_callback(void *context, DESCRIPTOR *adapter,
54590 dprintf = no_printf;
54591 } else {
54592 memcpy(&MAdapter, adapter, sizeof(MAdapter));
54593 - dprintf = (DIVA_DI_PRINTF) MAdapter.request;
54594 DbgRegister("MAINT", DRIVERRELEASE_MNT, DBG_DEFAULT);
54595 }
54596 } else if ((adapter->type > 0) && (adapter->type < 16)) {
54597 @@ -66,7 +70,6 @@ static void *didd_callback(void *context, DESCRIPTOR *adapter,
54598 diva_mnt_add_xdi_adapter(adapter);
54599 }
54600 }
54601 - return (NULL);
54602 }
54603
54604 /*
54605 @@ -88,7 +91,7 @@ static int __init connect_didd(void)
54606 req.didd_notify.e.Req = 0;
54607 req.didd_notify.e.Rc =
54608 IDI_SYNC_REQ_DIDD_REGISTER_ADAPTER_NOTIFY;
54609 - req.didd_notify.info.callback = (void *)didd_callback;
54610 + req.didd_notify.info.callback = didd_callback;
54611 req.didd_notify.info.context = NULL;
54612 DAdapter.request((ENTITY *)&req);
54613 if (req.didd_notify.e.Rc != 0xff)
54614 diff --git a/drivers/isdn/hardware/mISDN/avmfritz.c b/drivers/isdn/hardware/mISDN/avmfritz.c
54615 index 292991c..f36f4cb 100644
54616 --- a/drivers/isdn/hardware/mISDN/avmfritz.c
54617 +++ b/drivers/isdn/hardware/mISDN/avmfritz.c
54618 @@ -156,7 +156,7 @@ _set_debug(struct fritzcard *card)
54619 }
54620
54621 static int
54622 -set_debug(const char *val, struct kernel_param *kp)
54623 +set_debug(const char *val, const struct kernel_param *kp)
54624 {
54625 int ret;
54626 struct fritzcard *card;
54627 diff --git a/drivers/isdn/hardware/mISDN/hfcmulti.c b/drivers/isdn/hardware/mISDN/hfcmulti.c
54628 index 28543d7..bd8cf91 100644
54629 --- a/drivers/isdn/hardware/mISDN/hfcmulti.c
54630 +++ b/drivers/isdn/hardware/mISDN/hfcmulti.c
54631 @@ -2856,8 +2856,9 @@ irq_notforus:
54632 */
54633
54634 static void
54635 -hfcmulti_dbusy_timer(struct hfc_multi *hc)
54636 +hfcmulti_dbusy_timer(unsigned long _hc)
54637 {
54638 + //struct hfc_multi *hc = (struct hfc_multi *)_hc;
54639 }
54640
54641
54642 @@ -3878,7 +3879,7 @@ hfcmulti_initmode(struct dchannel *dch)
54643 if (hc->dnum[pt]) {
54644 mode_hfcmulti(hc, dch->slot, dch->dev.D.protocol,
54645 -1, 0, -1, 0);
54646 - dch->timer.function = (void *) hfcmulti_dbusy_timer;
54647 + dch->timer.function = hfcmulti_dbusy_timer;
54648 dch->timer.data = (long) dch;
54649 init_timer(&dch->timer);
54650 }
54651 @@ -3986,7 +3987,7 @@ hfcmulti_initmode(struct dchannel *dch)
54652 hc->chan[i].slot_rx = -1;
54653 hc->chan[i].conf = -1;
54654 mode_hfcmulti(hc, i, dch->dev.D.protocol, -1, 0, -1, 0);
54655 - dch->timer.function = (void *) hfcmulti_dbusy_timer;
54656 + dch->timer.function = hfcmulti_dbusy_timer;
54657 dch->timer.data = (long) dch;
54658 init_timer(&dch->timer);
54659 hc->chan[i - 2].slot_tx = -1;
54660 diff --git a/drivers/isdn/hardware/mISDN/hfcpci.c b/drivers/isdn/hardware/mISDN/hfcpci.c
54661 index ff48da6..497fb7b 100644
54662 --- a/drivers/isdn/hardware/mISDN/hfcpci.c
54663 +++ b/drivers/isdn/hardware/mISDN/hfcpci.c
54664 @@ -301,8 +301,9 @@ reset_hfcpci(struct hfc_pci *hc)
54665 * Timer function called when kernel timer expires
54666 */
54667 static void
54668 -hfcpci_Timer(struct hfc_pci *hc)
54669 +hfcpci_Timer(unsigned long _hc)
54670 {
54671 + struct hfc_pci *hc = (struct hfc_pci *)_hc;
54672 hc->hw.timer.expires = jiffies + 75;
54673 /* WD RESET */
54674 /*
54675 @@ -1241,8 +1242,9 @@ hfcpci_int(int intno, void *dev_id)
54676 * timer callback for D-chan busy resolution. Currently no function
54677 */
54678 static void
54679 -hfcpci_dbusy_timer(struct hfc_pci *hc)
54680 +hfcpci_dbusy_timer(unsigned long _hc)
54681 {
54682 +// struct hfc_pci *hc = (struct hfc_pci *)_hc;
54683 }
54684
54685 /*
54686 @@ -1717,7 +1719,7 @@ static void
54687 inithfcpci(struct hfc_pci *hc)
54688 {
54689 printk(KERN_DEBUG "inithfcpci: entered\n");
54690 - hc->dch.timer.function = (void *) hfcpci_dbusy_timer;
54691 + hc->dch.timer.function = hfcpci_dbusy_timer;
54692 hc->dch.timer.data = (long) &hc->dch;
54693 init_timer(&hc->dch.timer);
54694 hc->chanlimit = 2;
54695 @@ -2044,7 +2046,7 @@ setup_hw(struct hfc_pci *hc)
54696 Write_hfc(hc, HFCPCI_INT_M1, hc->hw.int_m1);
54697 /* At this point the needed PCI config is done */
54698 /* fifos are still not enabled */
54699 - hc->hw.timer.function = (void *) hfcpci_Timer;
54700 + hc->hw.timer.function = hfcpci_Timer;
54701 hc->hw.timer.data = (long) hc;
54702 init_timer(&hc->hw.timer);
54703 /* default PCM master */
54704 @@ -2293,9 +2295,9 @@ _hfcpci_softirq(struct device *dev, void *arg)
54705 }
54706
54707 static void
54708 -hfcpci_softirq(void *arg)
54709 +hfcpci_softirq(unsigned long arg)
54710 {
54711 - WARN_ON_ONCE(driver_for_each_device(&hfc_driver.driver, NULL, arg,
54712 + WARN_ON_ONCE(driver_for_each_device(&hfc_driver.driver, NULL, (void *)arg,
54713 _hfcpci_softirq) != 0);
54714
54715 /* if next event would be in the past ... */
54716 @@ -2330,7 +2332,7 @@ HFC_init(void)
54717 if (poll != HFCPCI_BTRANS_THRESHOLD) {
54718 printk(KERN_INFO "%s: Using alternative poll value of %d\n",
54719 __func__, poll);
54720 - hfc_tl.function = (void *)hfcpci_softirq;
54721 + hfc_tl.function = hfcpci_softirq;
54722 hfc_tl.data = 0;
54723 init_timer(&hfc_tl);
54724 hfc_tl.expires = jiffies + tics;
54725 diff --git a/drivers/isdn/hardware/mISDN/mISDNinfineon.c b/drivers/isdn/hardware/mISDN/mISDNinfineon.c
54726 index d5bdbaf..a7cdc61 100644
54727 --- a/drivers/isdn/hardware/mISDN/mISDNinfineon.c
54728 +++ b/drivers/isdn/hardware/mISDN/mISDNinfineon.c
54729 @@ -244,7 +244,7 @@ _set_debug(struct inf_hw *card)
54730 }
54731
54732 static int
54733 -set_debug(const char *val, struct kernel_param *kp)
54734 +set_debug(const char *val, const struct kernel_param *kp)
54735 {
54736 int ret;
54737 struct inf_hw *card;
54738 @@ -586,9 +586,10 @@ reset_inf(struct inf_hw *hw)
54739 }
54740
54741 static int
54742 -inf_ctrl(struct inf_hw *hw, u32 cmd, u_long arg)
54743 +inf_ctrl(struct ipac_hw *_hw, u32 cmd, u_long arg)
54744 {
54745 int ret = 0;
54746 + struct inf_hw *hw = container_of(_hw, struct inf_hw, ipac);
54747
54748 switch (cmd) {
54749 case HW_RESET_REQ:
54750 @@ -915,7 +916,7 @@ setup_instance(struct inf_hw *card)
54751 spin_lock_init(&card->lock);
54752 card->ipac.isac.hwlock = &card->lock;
54753 card->ipac.hwlock = &card->lock;
54754 - card->ipac.ctrl = (void *)&inf_ctrl;
54755 + card->ipac.ctrl = &inf_ctrl;
54756
54757 err = setup_io(card);
54758 if (err)
54759 diff --git a/drivers/isdn/hardware/mISDN/mISDNipac.c b/drivers/isdn/hardware/mISDN/mISDNipac.c
54760 index aa9b6c3..ffd3257 100644
54761 --- a/drivers/isdn/hardware/mISDN/mISDNipac.c
54762 +++ b/drivers/isdn/hardware/mISDN/mISDNipac.c
54763 @@ -727,8 +727,9 @@ isac_release(struct isac_hw *isac)
54764 }
54765
54766 static void
54767 -dbusy_timer_handler(struct isac_hw *isac)
54768 +dbusy_timer_handler(unsigned long _isac)
54769 {
54770 + struct isac_hw *isac = (struct isac_hw *)_isac;
54771 int rbch, star;
54772 u_long flags;
54773
54774 @@ -796,7 +797,7 @@ isac_init(struct isac_hw *isac)
54775 }
54776 isac->mon_tx = NULL;
54777 isac->mon_rx = NULL;
54778 - isac->dch.timer.function = (void *) dbusy_timer_handler;
54779 + isac->dch.timer.function = dbusy_timer_handler;
54780 isac->dch.timer.data = (long)isac;
54781 init_timer(&isac->dch.timer);
54782 isac->mocr = 0xaa;
54783 diff --git a/drivers/isdn/hardware/mISDN/netjet.c b/drivers/isdn/hardware/mISDN/netjet.c
54784 index afde4ed..e9fcae4 100644
54785 --- a/drivers/isdn/hardware/mISDN/netjet.c
54786 +++ b/drivers/isdn/hardware/mISDN/netjet.c
54787 @@ -111,7 +111,7 @@ _set_debug(struct tiger_hw *card)
54788 }
54789
54790 static int
54791 -set_debug(const char *val, struct kernel_param *kp)
54792 +set_debug(const char *val, const struct kernel_param *kp)
54793 {
54794 int ret;
54795 struct tiger_hw *card;
54796 diff --git a/drivers/isdn/hardware/mISDN/speedfax.c b/drivers/isdn/hardware/mISDN/speedfax.c
54797 index 9815bb4..3d6181e 100644
54798 --- a/drivers/isdn/hardware/mISDN/speedfax.c
54799 +++ b/drivers/isdn/hardware/mISDN/speedfax.c
54800 @@ -94,7 +94,7 @@ _set_debug(struct sfax_hw *card)
54801 }
54802
54803 static int
54804 -set_debug(const char *val, struct kernel_param *kp)
54805 +set_debug(const char *val, const struct kernel_param *kp)
54806 {
54807 int ret;
54808 struct sfax_hw *card;
54809 @@ -186,9 +186,10 @@ reset_speedfax(struct sfax_hw *sf)
54810 }
54811
54812 static int
54813 -sfax_ctrl(struct sfax_hw *sf, u32 cmd, u_long arg)
54814 +sfax_ctrl(void *_sf, u32 cmd, u_long arg)
54815 {
54816 int ret = 0;
54817 + struct sfax_hw *sf = (struct sfax_hw *)_sf;
54818
54819 switch (cmd) {
54820 case HW_RESET_REQ:
54821 @@ -386,7 +387,7 @@ setup_instance(struct sfax_hw *card)
54822 spin_lock_init(&card->lock);
54823 card->isac.hwlock = &card->lock;
54824 card->isar.hwlock = &card->lock;
54825 - card->isar.ctrl = (void *)&sfax_ctrl;
54826 + card->isar.ctrl = &sfax_ctrl;
54827 card->isac.name = card->name;
54828 card->isar.name = card->name;
54829 card->isar.owner = THIS_MODULE;
54830 diff --git a/drivers/isdn/hardware/mISDN/w6692.c b/drivers/isdn/hardware/mISDN/w6692.c
54831 index 7416755..2914e7c 100644
54832 --- a/drivers/isdn/hardware/mISDN/w6692.c
54833 +++ b/drivers/isdn/hardware/mISDN/w6692.c
54834 @@ -101,7 +101,7 @@ _set_debug(struct w6692_hw *card)
54835 }
54836
54837 static int
54838 -set_debug(const char *val, struct kernel_param *kp)
54839 +set_debug(const char *val, const struct kernel_param *kp)
54840 {
54841 int ret;
54842 struct w6692_hw *card;
54843 @@ -819,8 +819,9 @@ w6692_irq(int intno, void *dev_id)
54844 }
54845
54846 static void
54847 -dbusy_timer_handler(struct dchannel *dch)
54848 +dbusy_timer_handler(unsigned long _dch)
54849 {
54850 + struct dchannel *dch = (struct dchannel *)_dch;
54851 struct w6692_hw *card = dch->hw;
54852 int rbch, star;
54853 u_long flags;
54854 @@ -852,7 +853,7 @@ void initW6692(struct w6692_hw *card)
54855 {
54856 u8 val;
54857
54858 - card->dch.timer.function = (void *)dbusy_timer_handler;
54859 + card->dch.timer.function = dbusy_timer_handler;
54860 card->dch.timer.data = (u_long)&card->dch;
54861 init_timer(&card->dch.timer);
54862 w6692_mode(&card->bc[0], ISDN_P_NONE);
54863 diff --git a/drivers/isdn/hisax/amd7930_fn.c b/drivers/isdn/hisax/amd7930_fn.c
54864 index 36817e0..b02bb98 100644
54865 --- a/drivers/isdn/hisax/amd7930_fn.c
54866 +++ b/drivers/isdn/hisax/amd7930_fn.c
54867 @@ -685,8 +685,9 @@ DC_Close_Amd7930(struct IsdnCardState *cs) {
54868
54869
54870 static void
54871 -dbusy_timer_handler(struct IsdnCardState *cs)
54872 +dbusy_timer_handler(unsigned long _cs)
54873 {
54874 + struct IsdnCardState *cs = (struct IsdnCardState *)_cs;
54875 u_long flags;
54876 struct PStack *stptr;
54877 WORD dtcr, der;
54878 @@ -789,7 +790,7 @@ void Amd7930_init(struct IsdnCardState *cs)
54879 void setup_Amd7930(struct IsdnCardState *cs)
54880 {
54881 INIT_WORK(&cs->tqueue, Amd7930_bh);
54882 - cs->dbusytimer.function = (void *) dbusy_timer_handler;
54883 + cs->dbusytimer.function = dbusy_timer_handler;
54884 cs->dbusytimer.data = (long) cs;
54885 init_timer(&cs->dbusytimer);
54886 }
54887 diff --git a/drivers/isdn/hisax/arcofi.c b/drivers/isdn/hisax/arcofi.c
54888 index 29ec2df..9c7123c 100644
54889 --- a/drivers/isdn/hisax/arcofi.c
54890 +++ b/drivers/isdn/hisax/arcofi.c
54891 @@ -112,7 +112,8 @@ arcofi_fsm(struct IsdnCardState *cs, int event, void *data) {
54892 }
54893
54894 static void
54895 -arcofi_timer(struct IsdnCardState *cs) {
54896 +arcofi_timer(unsigned long _cs) {
54897 + struct IsdnCardState *cs = (struct IsdnCardState *)_cs;
54898 arcofi_fsm(cs, ARCOFI_TIMEOUT, NULL);
54899 }
54900
54901 @@ -125,7 +126,7 @@ clear_arcofi(struct IsdnCardState *cs) {
54902
54903 void
54904 init_arcofi(struct IsdnCardState *cs) {
54905 - cs->dc.isac.arcofitimer.function = (void *) arcofi_timer;
54906 + cs->dc.isac.arcofitimer.function = arcofi_timer;
54907 cs->dc.isac.arcofitimer.data = (long) cs;
54908 init_timer(&cs->dc.isac.arcofitimer);
54909 init_waitqueue_head(&cs->dc.isac.arcofi_wait);
54910 diff --git a/drivers/isdn/hisax/config.c b/drivers/isdn/hisax/config.c
54911 index bf04d2a..a7d53c9 100644
54912 --- a/drivers/isdn/hisax/config.c
54913 +++ b/drivers/isdn/hisax/config.c
54914 @@ -659,7 +659,7 @@ int jiftime(char *s, long mark)
54915
54916 static u_char tmpbuf[HISAX_STATUS_BUFSIZE];
54917
54918 -void VHiSax_putstatus(struct IsdnCardState *cs, char *head, char *fmt,
54919 +void VHiSax_putstatus(struct IsdnCardState *cs, char *head, const char *fmt,
54920 va_list args)
54921 {
54922 /* if head == NULL the fmt contains the full info */
54923 @@ -729,7 +729,7 @@ void VHiSax_putstatus(struct IsdnCardState *cs, char *head, char *fmt,
54924 }
54925 }
54926
54927 -void HiSax_putstatus(struct IsdnCardState *cs, char *head, char *fmt, ...)
54928 +void HiSax_putstatus(struct IsdnCardState *cs, char *head, const char *fmt, ...)
54929 {
54930 va_list args;
54931
54932 diff --git a/drivers/isdn/hisax/diva.c b/drivers/isdn/hisax/diva.c
54933 index 4fc90de..fda68cd 100644
54934 --- a/drivers/isdn/hisax/diva.c
54935 +++ b/drivers/isdn/hisax/diva.c
54936 @@ -796,8 +796,9 @@ reset_diva(struct IsdnCardState *cs)
54937 #define DIVA_ASSIGN 1
54938
54939 static void
54940 -diva_led_handler(struct IsdnCardState *cs)
54941 +diva_led_handler(unsigned long _cs)
54942 {
54943 + struct IsdnCardState *cs = (struct IsdnCardState *)_cs;
54944 int blink = 0;
54945
54946 if ((cs->subtyp == DIVA_IPAC_ISA) ||
54947 @@ -898,7 +899,7 @@ Diva_card_msg(struct IsdnCardState *cs, int mt, void *arg)
54948 (cs->subtyp != DIVA_IPAC_PCI) &&
54949 (cs->subtyp != DIVA_IPACX_PCI)) {
54950 spin_lock_irqsave(&cs->lock, flags);
54951 - diva_led_handler(cs);
54952 + diva_led_handler((unsigned long)cs);
54953 spin_unlock_irqrestore(&cs->lock, flags);
54954 }
54955 return (0);
54956 @@ -976,7 +977,7 @@ static int setup_diva_common(struct IsdnCardState *cs)
54957 printk(KERN_INFO "Diva: IPACX Design Id: %x\n",
54958 MemReadISAC_IPACX(cs, IPACX_ID) & 0x3F);
54959 } else { /* DIVA 2.0 */
54960 - cs->hw.diva.tl.function = (void *) diva_led_handler;
54961 + cs->hw.diva.tl.function = diva_led_handler;
54962 cs->hw.diva.tl.data = (long) cs;
54963 init_timer(&cs->hw.diva.tl);
54964 cs->readisac = &ReadISAC;
54965 diff --git a/drivers/isdn/hisax/elsa.c b/drivers/isdn/hisax/elsa.c
54966 index d8ef64d..9c50267 100644
54967 --- a/drivers/isdn/hisax/elsa.c
54968 +++ b/drivers/isdn/hisax/elsa.c
54969 @@ -606,8 +606,9 @@ check_arcofi(struct IsdnCardState *cs)
54970 #endif /* ARCOFI_USE */
54971
54972 static void
54973 -elsa_led_handler(struct IsdnCardState *cs)
54974 +elsa_led_handler(unsigned long _cs)
54975 {
54976 + struct IsdnCardState *cs = (struct IsdnCardState *)_cs;
54977 int blink = 0;
54978
54979 if (cs->subtyp == ELSA_PCMCIA || cs->subtyp == ELSA_PCMCIA_IPAC)
54980 @@ -715,7 +716,7 @@ Elsa_card_msg(struct IsdnCardState *cs, int mt, void *arg)
54981 init_modem(cs);
54982 }
54983 #endif
54984 - elsa_led_handler(cs);
54985 + elsa_led_handler((unsigned long)cs);
54986 return (ret);
54987 case (MDL_REMOVE | REQUEST):
54988 cs->hw.elsa.status &= 0;
54989 @@ -767,7 +768,7 @@ Elsa_card_msg(struct IsdnCardState *cs, int mt, void *arg)
54990 else
54991 cs->hw.elsa.status &= ~ELSA_BAD_PWR;
54992 }
54993 - elsa_led_handler(cs);
54994 + elsa_led_handler((unsigned long)cs);
54995 return (ret);
54996 }
54997
54998 @@ -1147,7 +1148,7 @@ static int setup_elsa_common(struct IsdnCard *card)
54999 init_arcofi(cs);
55000 #endif
55001 setup_isac(cs);
55002 - cs->hw.elsa.tl.function = (void *) elsa_led_handler;
55003 + cs->hw.elsa.tl.function = elsa_led_handler;
55004 cs->hw.elsa.tl.data = (long) cs;
55005 init_timer(&cs->hw.elsa.tl);
55006 /* Teste Timer */
55007 diff --git a/drivers/isdn/hisax/fsm.c b/drivers/isdn/hisax/fsm.c
55008 index c7a9471..5409bd3 100644
55009 --- a/drivers/isdn/hisax/fsm.c
55010 +++ b/drivers/isdn/hisax/fsm.c
55011 @@ -85,8 +85,9 @@ FsmChangeState(struct FsmInst *fi, int newstate)
55012 }
55013
55014 static void
55015 -FsmExpireTimer(struct FsmTimer *ft)
55016 +FsmExpireTimer(unsigned long _ft)
55017 {
55018 + struct FsmTimer *ft = (struct FsmTimer *)_ft;
55019 #if FSM_TIMER_DEBUG
55020 if (ft->fi->debug)
55021 ft->fi->printdebug(ft->fi, "FsmExpireTimer %lx", (long) ft);
55022 @@ -98,7 +99,7 @@ void
55023 FsmInitTimer(struct FsmInst *fi, struct FsmTimer *ft)
55024 {
55025 ft->fi = fi;
55026 - ft->tl.function = (void *) FsmExpireTimer;
55027 + ft->tl.function = FsmExpireTimer;
55028 ft->tl.data = (long) ft;
55029 #if FSM_TIMER_DEBUG
55030 if (ft->fi->debug)
55031 diff --git a/drivers/isdn/hisax/hfc4s8s_l1.c b/drivers/isdn/hisax/hfc4s8s_l1.c
55032 index 9600cd7..86ca5a3 100644
55033 --- a/drivers/isdn/hisax/hfc4s8s_l1.c
55034 +++ b/drivers/isdn/hisax/hfc4s8s_l1.c
55035 @@ -299,8 +299,9 @@ Read_hfc16_stable(hfc4s8s_hw *hw, int reg)
55036 /* D-channel call from HiSax */
55037 /*****************************/
55038 static void
55039 -dch_l2l1(struct hisax_d_if *iface, int pr, void *arg)
55040 +dch_l2l1(struct hisax_if *_iface, int pr, void *arg)
55041 {
55042 + struct hisax_d_if *iface = container_of(_iface, struct hisax_d_if, ifc);
55043 struct hfc4s8s_l1 *l1 = iface->ifc.priv;
55044 struct sk_buff *skb = (struct sk_buff *) arg;
55045 u_long flags;
55046 @@ -591,8 +592,9 @@ bch_l2l1(struct hisax_if *ifc, int pr, void *arg)
55047 /* layer 1 timer function */
55048 /**************************/
55049 static void
55050 -hfc_l1_timer(struct hfc4s8s_l1 *l1)
55051 +hfc_l1_timer(unsigned long _l1)
55052 {
55053 + struct hfc4s8s_l1 *l1 = (struct hfc4s8s_l1 *)_l1;
55054 u_long flags;
55055
55056 if (!l1->enabled)
55057 @@ -1396,16 +1398,16 @@ setup_instance(hfc4s8s_hw *hw)
55058 l1p = hw->l1 + i;
55059 spin_lock_init(&l1p->lock);
55060 l1p->hw = hw;
55061 - l1p->l1_timer.function = (void *) hfc_l1_timer;
55062 + l1p->l1_timer.function = hfc_l1_timer;
55063 l1p->l1_timer.data = (long) (l1p);
55064 init_timer(&l1p->l1_timer);
55065 l1p->st_num = i;
55066 skb_queue_head_init(&l1p->d_tx_queue);
55067 l1p->d_if.ifc.priv = hw->l1 + i;
55068 - l1p->d_if.ifc.l2l1 = (void *) dch_l2l1;
55069 + l1p->d_if.ifc.l2l1 = dch_l2l1;
55070
55071 spin_lock_init(&l1p->b_ch[0].lock);
55072 - l1p->b_ch[0].b_if.ifc.l2l1 = (void *) bch_l2l1;
55073 + l1p->b_ch[0].b_if.ifc.l2l1 = bch_l2l1;
55074 l1p->b_ch[0].b_if.ifc.priv = (void *) &l1p->b_ch[0];
55075 l1p->b_ch[0].l1p = hw->l1 + i;
55076 l1p->b_ch[0].bchan = 1;
55077 @@ -1413,7 +1415,7 @@ setup_instance(hfc4s8s_hw *hw)
55078 skb_queue_head_init(&l1p->b_ch[0].tx_queue);
55079
55080 spin_lock_init(&l1p->b_ch[1].lock);
55081 - l1p->b_ch[1].b_if.ifc.l2l1 = (void *) bch_l2l1;
55082 + l1p->b_ch[1].b_if.ifc.l2l1 = bch_l2l1;
55083 l1p->b_ch[1].b_if.ifc.priv = (void *) &l1p->b_ch[1];
55084 l1p->b_ch[1].l1p = hw->l1 + i;
55085 l1p->b_ch[1].bchan = 2;
55086 diff --git a/drivers/isdn/hisax/hfc_2bds0.c b/drivers/isdn/hisax/hfc_2bds0.c
55087 index a756e5c..e4789ba 100644
55088 --- a/drivers/isdn/hisax/hfc_2bds0.c
55089 +++ b/drivers/isdn/hisax/hfc_2bds0.c
55090 @@ -1014,7 +1014,7 @@ setstack_hfcd(struct PStack *st, struct IsdnCardState *cs)
55091 }
55092
55093 static void
55094 -hfc_dbusy_timer(struct IsdnCardState *cs)
55095 +hfc_dbusy_timer(unsigned long _cs)
55096 {
55097 }
55098
55099 @@ -1073,7 +1073,7 @@ set_cs_func(struct IsdnCardState *cs)
55100 cs->writeisacfifo = &dummyf;
55101 cs->BC_Read_Reg = &ReadReg;
55102 cs->BC_Write_Reg = &WriteReg;
55103 - cs->dbusytimer.function = (void *) hfc_dbusy_timer;
55104 + cs->dbusytimer.function = hfc_dbusy_timer;
55105 cs->dbusytimer.data = (long) cs;
55106 init_timer(&cs->dbusytimer);
55107 INIT_WORK(&cs->tqueue, hfcd_bh);
55108 diff --git a/drivers/isdn/hisax/hfc_pci.c b/drivers/isdn/hisax/hfc_pci.c
55109 index 90449e1..9a5394c 100644
55110 --- a/drivers/isdn/hisax/hfc_pci.c
55111 +++ b/drivers/isdn/hisax/hfc_pci.c
55112 @@ -165,8 +165,9 @@ reset_hfcpci(struct IsdnCardState *cs)
55113 /* Timer function called when kernel timer expires */
55114 /***************************************************/
55115 static void
55116 -hfcpci_Timer(struct IsdnCardState *cs)
55117 +hfcpci_Timer(unsigned long _cs)
55118 {
55119 + struct IsdnCardState *cs = (struct IsdnCardState *)_cs;
55120 cs->hw.hfcpci.timer.expires = jiffies + 75;
55121 /* WD RESET */
55122 /* WriteReg(cs, HFCD_DATA, HFCD_CTMT, cs->hw.hfcpci.ctmt | 0x80);
55123 @@ -1095,8 +1096,9 @@ hfcpci_interrupt(int intno, void *dev_id)
55124 /* timer callback for D-chan busy resolution. Currently no function */
55125 /********************************************************************/
55126 static void
55127 -hfcpci_dbusy_timer(struct IsdnCardState *cs)
55128 +hfcpci_dbusy_timer(unsigned long _cs)
55129 {
55130 + //struct IsdnCardState *cs = (struct IsdnCardState *)_cs;
55131 }
55132
55133 /*************************************/
55134 @@ -1582,7 +1584,7 @@ inithfcpci(struct IsdnCardState *cs)
55135 cs->bcs[1].BC_SetStack = setstack_2b;
55136 cs->bcs[0].BC_Close = close_hfcpci;
55137 cs->bcs[1].BC_Close = close_hfcpci;
55138 - cs->dbusytimer.function = (void *) hfcpci_dbusy_timer;
55139 + cs->dbusytimer.function = hfcpci_dbusy_timer;
55140 cs->dbusytimer.data = (long) cs;
55141 init_timer(&cs->dbusytimer);
55142 mode_hfcpci(cs->bcs, 0, 0);
55143 @@ -1746,7 +1748,7 @@ setup_hfcpci(struct IsdnCard *card)
55144 cs->BC_Write_Reg = NULL;
55145 cs->irq_func = &hfcpci_interrupt;
55146 cs->irq_flags |= IRQF_SHARED;
55147 - cs->hw.hfcpci.timer.function = (void *) hfcpci_Timer;
55148 + cs->hw.hfcpci.timer.function = hfcpci_Timer;
55149 cs->hw.hfcpci.timer.data = (long) cs;
55150 init_timer(&cs->hw.hfcpci.timer);
55151 cs->cardmsg = &hfcpci_card_msg;
55152 diff --git a/drivers/isdn/hisax/hfc_sx.c b/drivers/isdn/hisax/hfc_sx.c
55153 index 13b2151..d3e0732 100644
55154 --- a/drivers/isdn/hisax/hfc_sx.c
55155 +++ b/drivers/isdn/hisax/hfc_sx.c
55156 @@ -418,8 +418,9 @@ reset_hfcsx(struct IsdnCardState *cs)
55157 /* Timer function called when kernel timer expires */
55158 /***************************************************/
55159 static void
55160 -hfcsx_Timer(struct IsdnCardState *cs)
55161 +hfcsx_Timer(unsigned long _cs)
55162 {
55163 + struct IsdnCardState *cs = (struct IsdnCardState *)_cs;
55164 cs->hw.hfcsx.timer.expires = jiffies + 75;
55165 /* WD RESET */
55166 /* WriteReg(cs, HFCD_DATA, HFCD_CTMT, cs->hw.hfcsx.ctmt | 0x80);
55167 @@ -860,8 +861,9 @@ hfcsx_interrupt(int intno, void *dev_id)
55168 /* timer callback for D-chan busy resolution. Currently no function */
55169 /********************************************************************/
55170 static void
55171 -hfcsx_dbusy_timer(struct IsdnCardState *cs)
55172 +hfcsx_dbusy_timer(unsigned long _cs)
55173 {
55174 + //struct IsdnCardState *cs = (struct IsdnCardState *)_cs;
55175 }
55176
55177 /*************************************/
55178 @@ -1495,7 +1497,7 @@ int setup_hfcsx(struct IsdnCard *card)
55179 } else
55180 return (0); /* no valid card type */
55181
55182 - cs->dbusytimer.function = (void *) hfcsx_dbusy_timer;
55183 + cs->dbusytimer.function = hfcsx_dbusy_timer;
55184 cs->dbusytimer.data = (long) cs;
55185 init_timer(&cs->dbusytimer);
55186 INIT_WORK(&cs->tqueue, hfcsx_bh);
55187 @@ -1507,7 +1509,7 @@ int setup_hfcsx(struct IsdnCard *card)
55188 cs->BC_Write_Reg = NULL;
55189 cs->irq_func = &hfcsx_interrupt;
55190
55191 - cs->hw.hfcsx.timer.function = (void *) hfcsx_Timer;
55192 + cs->hw.hfcsx.timer.function = hfcsx_Timer;
55193 cs->hw.hfcsx.timer.data = (long) cs;
55194 cs->hw.hfcsx.b_fifo_size = 0; /* fifo size still unknown */
55195 cs->hw.hfcsx.cirm = ccd_sp_irqtab[cs->irq & 0xF]; /* RAM not evaluated */
55196 diff --git a/drivers/isdn/hisax/hfc_usb.c b/drivers/isdn/hisax/hfc_usb.c
55197 index 678bd52..1c4f12a 100644
55198 --- a/drivers/isdn/hisax/hfc_usb.c
55199 +++ b/drivers/isdn/hisax/hfc_usb.c
55200 @@ -343,8 +343,10 @@ handle_led(hfcusb_data *hfc, int event)
55201
55202 /* ISDN l1 timer T3 expires */
55203 static void
55204 -l1_timer_expire_t3(hfcusb_data *hfc)
55205 +l1_timer_expire_t3(unsigned long _hfc)
55206 {
55207 + hfcusb_data *hfc = (hfcusb_data *)_hfc;
55208 +
55209 hfc->d_if.ifc.l1l2(&hfc->d_if.ifc, PH_DEACTIVATE | INDICATION,
55210 NULL);
55211
55212 @@ -360,8 +362,10 @@ l1_timer_expire_t3(hfcusb_data *hfc)
55213
55214 /* ISDN l1 timer T4 expires */
55215 static void
55216 -l1_timer_expire_t4(hfcusb_data *hfc)
55217 +l1_timer_expire_t4(unsigned long _hfc)
55218 {
55219 + hfcusb_data *hfc = (hfcusb_data *)_hfc;
55220 +
55221 hfc->d_if.ifc.l1l2(&hfc->d_if.ifc, PH_DEACTIVATE | INDICATION,
55222 NULL);
55223
55224 @@ -1167,12 +1171,12 @@ hfc_usb_init(hfcusb_data *hfc)
55225 /* init the t3 timer */
55226 init_timer(&hfc->t3_timer);
55227 hfc->t3_timer.data = (long) hfc;
55228 - hfc->t3_timer.function = (void *) l1_timer_expire_t3;
55229 + hfc->t3_timer.function = l1_timer_expire_t3;
55230
55231 /* init the t4 timer */
55232 init_timer(&hfc->t4_timer);
55233 hfc->t4_timer.data = (long) hfc;
55234 - hfc->t4_timer.function = (void *) l1_timer_expire_t4;
55235 + hfc->t4_timer.function = l1_timer_expire_t4;
55236
55237 /* init the background machinery for control requests */
55238 hfc->ctrl_read.bRequestType = 0xc0;
55239 diff --git a/drivers/isdn/hisax/hfcscard.c b/drivers/isdn/hisax/hfcscard.c
55240 index 394da64..85f5f63 100644
55241 --- a/drivers/isdn/hisax/hfcscard.c
55242 +++ b/drivers/isdn/hisax/hfcscard.c
55243 @@ -41,8 +41,10 @@ hfcs_interrupt(int intno, void *dev_id)
55244 }
55245
55246 static void
55247 -hfcs_Timer(struct IsdnCardState *cs)
55248 +hfcs_Timer(unsigned long _cs)
55249 {
55250 + struct IsdnCardState *cs = (struct IsdnCardState *)_cs;
55251 +
55252 cs->hw.hfcD.timer.expires = jiffies + 75;
55253 /* WD RESET */
55254 /* WriteReg(cs, HFCD_DATA, HFCD_CTMT, cs->hw.hfcD.ctmt | 0x80);
55255 @@ -253,7 +255,7 @@ int setup_hfcs(struct IsdnCard *card)
55256 outb(0x57, cs->hw.hfcD.addr | 1);
55257 }
55258 set_cs_func(cs);
55259 - cs->hw.hfcD.timer.function = (void *) hfcs_Timer;
55260 + cs->hw.hfcD.timer.function = hfcs_Timer;
55261 cs->hw.hfcD.timer.data = (long) cs;
55262 init_timer(&cs->hw.hfcD.timer);
55263 cs->cardmsg = &hfcs_card_msg;
55264 diff --git a/drivers/isdn/hisax/hisax.h b/drivers/isdn/hisax/hisax.h
55265 index 6ead6314..338d040 100644
55266 --- a/drivers/isdn/hisax/hisax.h
55267 +++ b/drivers/isdn/hisax/hisax.h
55268 @@ -1288,9 +1288,9 @@ int jiftime(char *s, long mark);
55269 int HiSax_command(isdn_ctrl *ic);
55270 int HiSax_writebuf_skb(int id, int chan, int ack, struct sk_buff *skb);
55271 __printf(3, 4)
55272 -void HiSax_putstatus(struct IsdnCardState *cs, char *head, char *fmt, ...);
55273 +void HiSax_putstatus(struct IsdnCardState *cs, char *head, const char *fmt, ...);
55274 __printf(3, 0)
55275 -void VHiSax_putstatus(struct IsdnCardState *cs, char *head, char *fmt, va_list args);
55276 +void VHiSax_putstatus(struct IsdnCardState *cs, char *head, const char *fmt, va_list args);
55277 void HiSax_reportcard(int cardnr, int sel);
55278 int QuickHex(char *txt, u_char *p, int cnt);
55279 void LogFrame(struct IsdnCardState *cs, u_char *p, int size);
55280 diff --git a/drivers/isdn/hisax/icc.c b/drivers/isdn/hisax/icc.c
55281 index 96d1df0..77a05ee 100644
55282 --- a/drivers/isdn/hisax/icc.c
55283 +++ b/drivers/isdn/hisax/icc.c
55284 @@ -580,8 +580,9 @@ DC_Close_icc(struct IsdnCardState *cs) {
55285 }
55286
55287 static void
55288 -dbusy_timer_handler(struct IsdnCardState *cs)
55289 +dbusy_timer_handler(unsigned long _cs)
55290 {
55291 + struct IsdnCardState *cs = (struct IsdnCardState *)_cs;
55292 struct PStack *stptr;
55293 int rbch, star;
55294
55295 @@ -676,7 +677,7 @@ clear_pending_icc_ints(struct IsdnCardState *cs)
55296 void setup_icc(struct IsdnCardState *cs)
55297 {
55298 INIT_WORK(&cs->tqueue, icc_bh);
55299 - cs->dbusytimer.function = (void *) dbusy_timer_handler;
55300 + cs->dbusytimer.function = dbusy_timer_handler;
55301 cs->dbusytimer.data = (long) cs;
55302 init_timer(&cs->dbusytimer);
55303 }
55304 diff --git a/drivers/isdn/hisax/ipacx.c b/drivers/isdn/hisax/ipacx.c
55305 index 9cc26b4..d7fa044 100644
55306 --- a/drivers/isdn/hisax/ipacx.c
55307 +++ b/drivers/isdn/hisax/ipacx.c
55308 @@ -35,7 +35,7 @@
55309 static void ph_command(struct IsdnCardState *cs, unsigned int command);
55310 static inline void cic_int(struct IsdnCardState *cs);
55311 static void dch_l2l1(struct PStack *st, int pr, void *arg);
55312 -static void dbusy_timer_handler(struct IsdnCardState *cs);
55313 +static void dbusy_timer_handler(unsigned long _cs);
55314 static void dch_empty_fifo(struct IsdnCardState *cs, int count);
55315 static void dch_fill_fifo(struct IsdnCardState *cs);
55316 static inline void dch_int(struct IsdnCardState *cs);
55317 @@ -198,8 +198,9 @@ dch_l2l1(struct PStack *st, int pr, void *arg)
55318 //----------------------------------------------------------
55319 //----------------------------------------------------------
55320 static void
55321 -dbusy_timer_handler(struct IsdnCardState *cs)
55322 +dbusy_timer_handler(unsigned long _cs)
55323 {
55324 + struct IsdnCardState *cs = (struct IsdnCardState *)_cs;
55325 struct PStack *st;
55326 int rbchd, stard;
55327
55328 @@ -424,7 +425,7 @@ dch_init(struct IsdnCardState *cs)
55329
55330 cs->setstack_d = dch_setstack;
55331
55332 - cs->dbusytimer.function = (void *) dbusy_timer_handler;
55333 + cs->dbusytimer.function = dbusy_timer_handler;
55334 cs->dbusytimer.data = (long) cs;
55335 init_timer(&cs->dbusytimer);
55336
55337 diff --git a/drivers/isdn/hisax/isac.c b/drivers/isdn/hisax/isac.c
55338 index df7e05c..0f7dca1 100644
55339 --- a/drivers/isdn/hisax/isac.c
55340 +++ b/drivers/isdn/hisax/isac.c
55341 @@ -584,8 +584,9 @@ DC_Close_isac(struct IsdnCardState *cs)
55342 }
55343
55344 static void
55345 -dbusy_timer_handler(struct IsdnCardState *cs)
55346 +dbusy_timer_handler(unsigned long _cs)
55347 {
55348 + struct IsdnCardState *cs = (struct IsdnCardState *)_cs;
55349 struct PStack *stptr;
55350 int rbch, star;
55351
55352 @@ -677,7 +678,7 @@ void clear_pending_isac_ints(struct IsdnCardState *cs)
55353 void setup_isac(struct IsdnCardState *cs)
55354 {
55355 INIT_WORK(&cs->tqueue, isac_bh);
55356 - cs->dbusytimer.function = (void *) dbusy_timer_handler;
55357 + cs->dbusytimer.function = dbusy_timer_handler;
55358 cs->dbusytimer.data = (long) cs;
55359 init_timer(&cs->dbusytimer);
55360 }
55361 diff --git a/drivers/isdn/hisax/isar.c b/drivers/isdn/hisax/isar.c
55362 index f4956c7..122d249 100644
55363 --- a/drivers/isdn/hisax/isar.c
55364 +++ b/drivers/isdn/hisax/isar.c
55365 @@ -1267,7 +1267,8 @@ isar_int_main(struct IsdnCardState *cs)
55366 }
55367
55368 static void
55369 -ftimer_handler(struct BCState *bcs) {
55370 +ftimer_handler(unsigned long _bcs) {
55371 + struct BCState *bcs = (struct BCState *)_bcs;
55372 if (bcs->cs->debug)
55373 debugl1(bcs->cs, "ftimer flags %04lx",
55374 bcs->Flag);
55375 @@ -1902,7 +1903,7 @@ void initisar(struct IsdnCardState *cs)
55376 cs->bcs[1].BC_SetStack = setstack_isar;
55377 cs->bcs[0].BC_Close = close_isarstate;
55378 cs->bcs[1].BC_Close = close_isarstate;
55379 - cs->bcs[0].hw.isar.ftimer.function = (void *) ftimer_handler;
55380 + cs->bcs[0].hw.isar.ftimer.function = ftimer_handler;
55381 cs->bcs[0].hw.isar.ftimer.data = (long) &cs->bcs[0];
55382 init_timer(&cs->bcs[0].hw.isar.ftimer);
55383 cs->bcs[1].hw.isar.ftimer.function = (void *) ftimer_handler;
55384 diff --git a/drivers/isdn/hisax/isdnl3.c b/drivers/isdn/hisax/isdnl3.c
55385 index c754706..8b1ffd5 100644
55386 --- a/drivers/isdn/hisax/isdnl3.c
55387 +++ b/drivers/isdn/hisax/isdnl3.c
55388 @@ -160,8 +160,9 @@ newl3state(struct l3_process *pc, int state)
55389 }
55390
55391 static void
55392 -L3ExpireTimer(struct L3Timer *t)
55393 +L3ExpireTimer(unsigned long _t)
55394 {
55395 + struct L3Timer *t = (struct L3Timer *)_t;
55396 t->pc->st->lli.l4l3(t->pc->st, t->event, t->pc);
55397 }
55398
55399 @@ -169,7 +170,7 @@ void
55400 L3InitTimer(struct l3_process *pc, struct L3Timer *t)
55401 {
55402 t->pc = pc;
55403 - t->tl.function = (void *) L3ExpireTimer;
55404 + t->tl.function = L3ExpireTimer;
55405 t->tl.data = (long) t;
55406 init_timer(&t->tl);
55407 }
55408 diff --git a/drivers/isdn/hisax/saphir.c b/drivers/isdn/hisax/saphir.c
55409 index 6b2d0ec..4bf5a9e 100644
55410 --- a/drivers/isdn/hisax/saphir.c
55411 +++ b/drivers/isdn/hisax/saphir.c
55412 @@ -159,8 +159,9 @@ Start_ISAC:
55413 }
55414
55415 static void
55416 -SaphirWatchDog(struct IsdnCardState *cs)
55417 +SaphirWatchDog(unsigned long _cs)
55418 {
55419 + struct IsdnCardState *cs = (struct IsdnCardState *)_cs;
55420 u_long flags;
55421
55422 spin_lock_irqsave(&cs->lock, flags);
55423 @@ -268,7 +269,7 @@ int setup_saphir(struct IsdnCard *card)
55424 cs->irq, cs->hw.saphir.cfg_reg);
55425
55426 setup_isac(cs);
55427 - cs->hw.saphir.timer.function = (void *) SaphirWatchDog;
55428 + cs->hw.saphir.timer.function = SaphirWatchDog;
55429 cs->hw.saphir.timer.data = (long) cs;
55430 init_timer(&cs->hw.saphir.timer);
55431 cs->hw.saphir.timer.expires = jiffies + 4 * HZ;
55432 diff --git a/drivers/isdn/hisax/teleint.c b/drivers/isdn/hisax/teleint.c
55433 index bf64754..e2a3709 100644
55434 --- a/drivers/isdn/hisax/teleint.c
55435 +++ b/drivers/isdn/hisax/teleint.c
55436 @@ -179,8 +179,9 @@ Start_ISAC:
55437 }
55438
55439 static void
55440 -TeleInt_Timer(struct IsdnCardState *cs)
55441 +TeleInt_Timer(unsigned long _cs)
55442 {
55443 + struct IsdnCardState *cs = (struct IsdnCardState *)_cs;
55444 int stat = 0;
55445 u_long flags;
55446
55447 @@ -278,7 +279,7 @@ int setup_TeleInt(struct IsdnCard *card)
55448 cs->bcs[0].hw.hfc.send = NULL;
55449 cs->bcs[1].hw.hfc.send = NULL;
55450 cs->hw.hfc.fifosize = 7 * 1024 + 512;
55451 - cs->hw.hfc.timer.function = (void *) TeleInt_Timer;
55452 + cs->hw.hfc.timer.function = TeleInt_Timer;
55453 cs->hw.hfc.timer.data = (long) cs;
55454 init_timer(&cs->hw.hfc.timer);
55455 if (!request_region(cs->hw.hfc.addr, 2, "TeleInt isdn")) {
55456 diff --git a/drivers/isdn/hisax/w6692.c b/drivers/isdn/hisax/w6692.c
55457 index a858955..908285b 100644
55458 --- a/drivers/isdn/hisax/w6692.c
55459 +++ b/drivers/isdn/hisax/w6692.c
55460 @@ -681,8 +681,9 @@ DC_Close_W6692(struct IsdnCardState *cs)
55461 }
55462
55463 static void
55464 -dbusy_timer_handler(struct IsdnCardState *cs)
55465 +dbusy_timer_handler(unsigned long _cs)
55466 {
55467 + struct IsdnCardState *cs = (struct IsdnCardState *)_cs;
55468 struct PStack *stptr;
55469 int rbch, star;
55470 u_long flags;
55471 @@ -901,7 +902,7 @@ static void initW6692(struct IsdnCardState *cs, int part)
55472 if (part & 1) {
55473 cs->setstack_d = setstack_W6692;
55474 cs->DC_Close = DC_Close_W6692;
55475 - cs->dbusytimer.function = (void *) dbusy_timer_handler;
55476 + cs->dbusytimer.function = dbusy_timer_handler;
55477 cs->dbusytimer.data = (long) cs;
55478 init_timer(&cs->dbusytimer);
55479 resetW6692(cs);
55480 diff --git a/drivers/isdn/i4l/isdn_common.c b/drivers/isdn/i4l/isdn_common.c
55481 index 9b856e1..fa03c92 100644
55482 --- a/drivers/isdn/i4l/isdn_common.c
55483 +++ b/drivers/isdn/i4l/isdn_common.c
55484 @@ -1654,6 +1654,8 @@ isdn_ioctl(struct file *file, uint cmd, ulong arg)
55485 } else
55486 return -EINVAL;
55487 case IIOCDBGVAR:
55488 + if (!capable(CAP_SYS_RAWIO))
55489 + return -EPERM;
55490 if (arg) {
55491 if (copy_to_user(argp, &dev, sizeof(ulong)))
55492 return -EFAULT;
55493 diff --git a/drivers/isdn/i4l/isdn_concap.c b/drivers/isdn/i4l/isdn_concap.c
55494 index 91d5730..336523e 100644
55495 --- a/drivers/isdn/i4l/isdn_concap.c
55496 +++ b/drivers/isdn/i4l/isdn_concap.c
55497 @@ -80,9 +80,9 @@ static int isdn_concap_dl_disconn_req(struct concap_proto *concap)
55498 }
55499
55500 struct concap_device_ops isdn_concap_reliable_dl_dops = {
55501 - &isdn_concap_dl_data_req,
55502 - &isdn_concap_dl_connect_req,
55503 - &isdn_concap_dl_disconn_req
55504 + .data_req = &isdn_concap_dl_data_req,
55505 + .connect_req = &isdn_concap_dl_connect_req,
55506 + .disconn_req = &isdn_concap_dl_disconn_req
55507 };
55508
55509 /* The following should better go into a dedicated source file such that
55510 diff --git a/drivers/isdn/i4l/isdn_tty.c b/drivers/isdn/i4l/isdn_tty.c
55511 index 63eaa0a..00a663c 100644
55512 --- a/drivers/isdn/i4l/isdn_tty.c
55513 +++ b/drivers/isdn/i4l/isdn_tty.c
55514 @@ -1499,9 +1499,9 @@ isdn_tty_open(struct tty_struct *tty, struct file *filp)
55515
55516 #ifdef ISDN_DEBUG_MODEM_OPEN
55517 printk(KERN_DEBUG "isdn_tty_open %s, count = %d\n", tty->name,
55518 - port->count);
55519 + atomic_read(&port->count));
55520 #endif
55521 - port->count++;
55522 + atomic_inc(&port->count);
55523 port->tty = tty;
55524 /*
55525 * Start up serial port
55526 @@ -1545,7 +1545,7 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp)
55527 #endif
55528 return;
55529 }
55530 - if ((tty->count == 1) && (port->count != 1)) {
55531 + if ((tty->count == 1) && (atomic_read(&port->count) != 1)) {
55532 /*
55533 * Uh, oh. tty->count is 1, which means that the tty
55534 * structure will be freed. Info->count should always
55535 @@ -1554,15 +1554,15 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp)
55536 * serial port won't be shutdown.
55537 */
55538 printk(KERN_ERR "isdn_tty_close: bad port count; tty->count is 1, "
55539 - "info->count is %d\n", port->count);
55540 - port->count = 1;
55541 + "info->count is %d\n", atomic_read(&port->count));
55542 + atomic_set(&port->count, 1);
55543 }
55544 - if (--port->count < 0) {
55545 + if (atomic_dec_return(&port->count) < 0) {
55546 printk(KERN_ERR "isdn_tty_close: bad port count for ttyi%d: %d\n",
55547 - info->line, port->count);
55548 - port->count = 0;
55549 + info->line, atomic_read(&port->count));
55550 + atomic_set(&port->count, 0);
55551 }
55552 - if (port->count) {
55553 + if (atomic_read(&port->count)) {
55554 #ifdef ISDN_DEBUG_MODEM_OPEN
55555 printk(KERN_DEBUG "isdn_tty_close after info->count != 0\n");
55556 #endif
55557 @@ -1617,7 +1617,7 @@ isdn_tty_hangup(struct tty_struct *tty)
55558 if (isdn_tty_paranoia_check(info, tty->name, "isdn_tty_hangup"))
55559 return;
55560 isdn_tty_shutdown(info);
55561 - port->count = 0;
55562 + atomic_set(&port->count, 0);
55563 tty_port_set_active(port, 0);
55564 port->tty = NULL;
55565 wake_up_interruptible(&port->open_wait);
55566 @@ -1962,7 +1962,7 @@ isdn_tty_find_icall(int di, int ch, setup_parm *setup)
55567 for (i = 0; i < ISDN_MAX_CHANNELS; i++) {
55568 modem_info *info = &dev->mdm.info[i];
55569
55570 - if (info->port.count == 0)
55571 + if (atomic_read(&info->port.count) == 0)
55572 continue;
55573 if ((info->emu.mdmreg[REG_SI1] & si2bit[si1]) && /* SI1 is matching */
55574 (info->emu.mdmreg[REG_SI2] == si2)) { /* SI2 is matching */
55575 diff --git a/drivers/isdn/i4l/isdn_x25iface.c b/drivers/isdn/i4l/isdn_x25iface.c
55576 index 0c5d8de..ba60076 100644
55577 --- a/drivers/isdn/i4l/isdn_x25iface.c
55578 +++ b/drivers/isdn/i4l/isdn_x25iface.c
55579 @@ -53,14 +53,14 @@ static int isdn_x25iface_disconn_ind(struct concap_proto *);
55580
55581
55582 static struct concap_proto_ops ix25_pops = {
55583 - &isdn_x25iface_proto_new,
55584 - &isdn_x25iface_proto_del,
55585 - &isdn_x25iface_proto_restart,
55586 - &isdn_x25iface_proto_close,
55587 - &isdn_x25iface_xmit,
55588 - &isdn_x25iface_receive,
55589 - &isdn_x25iface_connect_ind,
55590 - &isdn_x25iface_disconn_ind
55591 + .proto_new = &isdn_x25iface_proto_new,
55592 + .proto_del = &isdn_x25iface_proto_del,
55593 + .restart = &isdn_x25iface_proto_restart,
55594 + .close = &isdn_x25iface_proto_close,
55595 + .encap_and_xmit = &isdn_x25iface_xmit,
55596 + .data_ind = &isdn_x25iface_receive,
55597 + .connect_ind = &isdn_x25iface_connect_ind,
55598 + .disconn_ind = &isdn_x25iface_disconn_ind
55599 };
55600
55601 /* error message helper function */
55602 diff --git a/drivers/isdn/mISDN/dsp.h b/drivers/isdn/mISDN/dsp.h
55603 index fc1733a..27bf261 100644
55604 --- a/drivers/isdn/mISDN/dsp.h
55605 +++ b/drivers/isdn/mISDN/dsp.h
55606 @@ -247,7 +247,7 @@ extern void dsp_cmx_hardware(struct dsp_conf *conf, struct dsp *dsp);
55607 extern int dsp_cmx_conf(struct dsp *dsp, u32 conf_id);
55608 extern void dsp_cmx_receive(struct dsp *dsp, struct sk_buff *skb);
55609 extern void dsp_cmx_hdlc(struct dsp *dsp, struct sk_buff *skb);
55610 -extern void dsp_cmx_send(void *arg);
55611 +extern void dsp_cmx_send(unsigned long arg);
55612 extern void dsp_cmx_transmit(struct dsp *dsp, struct sk_buff *skb);
55613 extern int dsp_cmx_del_conf_member(struct dsp *dsp);
55614 extern int dsp_cmx_del_conf(struct dsp_conf *conf);
55615 @@ -259,7 +259,7 @@ extern u8 *dsp_dtmf_goertzel_decode(struct dsp *dsp, u8 *data, int len,
55616
55617 extern int dsp_tone(struct dsp *dsp, int tone);
55618 extern void dsp_tone_copy(struct dsp *dsp, u8 *data, int len);
55619 -extern void dsp_tone_timeout(void *arg);
55620 +extern void dsp_tone_timeout(unsigned long arg);
55621
55622 extern void dsp_bf_encrypt(struct dsp *dsp, u8 *data, int len);
55623 extern void dsp_bf_decrypt(struct dsp *dsp, u8 *data, int len);
55624 diff --git a/drivers/isdn/mISDN/dsp_cmx.c b/drivers/isdn/mISDN/dsp_cmx.c
55625 index 8e3aa00..723faf8 100644
55626 --- a/drivers/isdn/mISDN/dsp_cmx.c
55627 +++ b/drivers/isdn/mISDN/dsp_cmx.c
55628 @@ -1625,8 +1625,8 @@ unsigned long dsp_spl_jiffies; /* calculate the next time to fire */
55629 static u16 dsp_count; /* last sample count */
55630 static int dsp_count_valid; /* if we have last sample count */
55631
55632 -void
55633 -dsp_cmx_send(void *arg)
55634 +void __intentional_overflow(-1)
55635 +dsp_cmx_send(unsigned long arg)
55636 {
55637 struct dsp_conf *conf;
55638 struct dsp_conf_member *member;
55639 diff --git a/drivers/isdn/mISDN/dsp_core.c b/drivers/isdn/mISDN/dsp_core.c
55640 index 0222b1a..67fb76a 100644
55641 --- a/drivers/isdn/mISDN/dsp_core.c
55642 +++ b/drivers/isdn/mISDN/dsp_core.c
55643 @@ -1092,7 +1092,7 @@ dspcreate(struct channel_req *crq)
55644 ndsp->pcm_bank_tx = -1;
55645 ndsp->hfc_conf = -1; /* current conference number */
55646 /* set tone timer */
55647 - ndsp->tone.tl.function = (void *)dsp_tone_timeout;
55648 + ndsp->tone.tl.function = dsp_tone_timeout;
55649 ndsp->tone.tl.data = (long) ndsp;
55650 init_timer(&ndsp->tone.tl);
55651
55652 @@ -1204,7 +1204,7 @@ static int __init dsp_init(void)
55653 }
55654
55655 /* set sample timer */
55656 - dsp_spl_tl.function = (void *)dsp_cmx_send;
55657 + dsp_spl_tl.function = dsp_cmx_send;
55658 dsp_spl_tl.data = 0;
55659 init_timer(&dsp_spl_tl);
55660 dsp_spl_tl.expires = jiffies + dsp_tics;
55661 diff --git a/drivers/isdn/mISDN/dsp_tones.c b/drivers/isdn/mISDN/dsp_tones.c
55662 index 057e0d6..ed229b5 100644
55663 --- a/drivers/isdn/mISDN/dsp_tones.c
55664 +++ b/drivers/isdn/mISDN/dsp_tones.c
55665 @@ -457,9 +457,9 @@ dsp_tone_hw_message(struct dsp *dsp, u8 *sample, int len)
55666 * timer expires *
55667 *****************/
55668 void
55669 -dsp_tone_timeout(void *arg)
55670 +dsp_tone_timeout(unsigned long arg)
55671 {
55672 - struct dsp *dsp = arg;
55673 + struct dsp *dsp = (struct dsp *)arg;
55674 struct dsp_tone *tone = &dsp->tone;
55675 struct pattern *pat = (struct pattern *)tone->pattern;
55676 int index = tone->index;
55677 diff --git a/drivers/isdn/mISDN/fsm.c b/drivers/isdn/mISDN/fsm.c
55678 index 26477d4..4fa3876 100644
55679 --- a/drivers/isdn/mISDN/fsm.c
55680 +++ b/drivers/isdn/mISDN/fsm.c
55681 @@ -97,8 +97,9 @@ mISDN_FsmChangeState(struct FsmInst *fi, int newstate)
55682 EXPORT_SYMBOL(mISDN_FsmChangeState);
55683
55684 static void
55685 -FsmExpireTimer(struct FsmTimer *ft)
55686 +FsmExpireTimer(unsigned long _ft)
55687 {
55688 + struct FsmTimer *ft = (struct FsmTimer *)_ft;
55689 #if FSM_TIMER_DEBUG
55690 if (ft->fi->debug)
55691 ft->fi->printdebug(ft->fi, "FsmExpireTimer %lx", (long) ft);
55692 @@ -110,7 +111,7 @@ void
55693 mISDN_FsmInitTimer(struct FsmInst *fi, struct FsmTimer *ft)
55694 {
55695 ft->fi = fi;
55696 - ft->tl.function = (void *) FsmExpireTimer;
55697 + ft->tl.function = FsmExpireTimer;
55698 ft->tl.data = (long) ft;
55699 #if FSM_TIMER_DEBUG
55700 if (ft->fi->debug)
55701 diff --git a/drivers/isdn/mISDN/l1oip_core.c b/drivers/isdn/mISDN/l1oip_core.c
55702 index 67c2187..fc71e33 100644
55703 --- a/drivers/isdn/mISDN/l1oip_core.c
55704 +++ b/drivers/isdn/mISDN/l1oip_core.c
55705 @@ -840,7 +840,7 @@ l1oip_send_bh(struct work_struct *work)
55706 * timer stuff
55707 */
55708 static void
55709 -l1oip_keepalive(void *data)
55710 +l1oip_keepalive(unsigned long data)
55711 {
55712 struct l1oip *hc = (struct l1oip *)data;
55713
55714 @@ -848,7 +848,7 @@ l1oip_keepalive(void *data)
55715 }
55716
55717 static void
55718 -l1oip_timeout(void *data)
55719 +l1oip_timeout(unsigned long data)
55720 {
55721 struct l1oip *hc = (struct l1oip *)data;
55722 struct dchannel *dch = hc->chan[hc->d_idx].dch;
55723 @@ -1435,13 +1435,13 @@ init_card(struct l1oip *hc, int pri, int bundle)
55724 if (ret)
55725 return ret;
55726
55727 - hc->keep_tl.function = (void *)l1oip_keepalive;
55728 + hc->keep_tl.function = l1oip_keepalive;
55729 hc->keep_tl.data = (ulong)hc;
55730 init_timer(&hc->keep_tl);
55731 hc->keep_tl.expires = jiffies + 2 * HZ; /* two seconds first time */
55732 add_timer(&hc->keep_tl);
55733
55734 - hc->timeout_tl.function = (void *)l1oip_timeout;
55735 + hc->timeout_tl.function = l1oip_timeout;
55736 hc->timeout_tl.data = (ulong)hc;
55737 init_timer(&hc->timeout_tl);
55738 hc->timeout_on = 0; /* state that we have timer off */
55739 diff --git a/drivers/leds/leds-clevo-mail.c b/drivers/leds/leds-clevo-mail.c
55740 index 0f9ed1e..492789f 100644
55741 --- a/drivers/leds/leds-clevo-mail.c
55742 +++ b/drivers/leds/leds-clevo-mail.c
55743 @@ -40,7 +40,7 @@ static int __init clevo_mail_led_dmi_callback(const struct dmi_system_id *id)
55744 * detected as working, but in reality it is not) as low as
55745 * possible.
55746 */
55747 -static struct dmi_system_id clevo_mail_led_dmi_table[] __initdata = {
55748 +static const struct dmi_system_id clevo_mail_led_dmi_table[] __initconst = {
55749 {
55750 .callback = clevo_mail_led_dmi_callback,
55751 .ident = "Clevo D410J",
55752 diff --git a/drivers/leds/leds-ss4200.c b/drivers/leds/leds-ss4200.c
55753 index 732eb86..a9db867 100644
55754 --- a/drivers/leds/leds-ss4200.c
55755 +++ b/drivers/leds/leds-ss4200.c
55756 @@ -91,7 +91,7 @@ MODULE_PARM_DESC(nodetect, "Skip DMI-based hardware detection");
55757 * detected as working, but in reality it is not) as low as
55758 * possible.
55759 */
55760 -static struct dmi_system_id nas_led_whitelist[] __initdata = {
55761 +static const struct dmi_system_id nas_led_whitelist[] __initconst = {
55762 {
55763 .callback = ss4200_led_dmi_callback,
55764 .ident = "Intel SS4200-E",
55765 diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c
55766 index 9e385b3..7077882 100644
55767 --- a/drivers/lguest/core.c
55768 +++ b/drivers/lguest/core.c
55769 @@ -87,7 +87,7 @@ static __init int map_switcher(void)
55770 * Copy in the compiled-in Switcher code (from x86/switcher_32.S).
55771 * It goes in the first page, which we map in momentarily.
55772 */
55773 - memcpy(kmap(lg_switcher_pages[0]), start_switcher_text,
55774 + memcpy(kmap(lg_switcher_pages[0]), (void *)ktla_ktva((unsigned long)start_switcher_text),
55775 end_switcher_text - start_switcher_text);
55776 kunmap(lg_switcher_pages[0]);
55777
55778 @@ -106,9 +106,16 @@ static __init int map_switcher(void)
55779 * We want the switcher text to be read-only and executable, and
55780 * the stacks to be read-write and non-executable.
55781 */
55782 +
55783 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
55784 + switcher_text_vma = __get_vm_area(PAGE_SIZE, VM_ALLOC|VM_NO_GUARD|VM_KERNEXEC,
55785 + switcher_addr,
55786 + switcher_addr + PAGE_SIZE);
55787 +#else
55788 switcher_text_vma = __get_vm_area(PAGE_SIZE, VM_ALLOC|VM_NO_GUARD,
55789 switcher_addr,
55790 switcher_addr + PAGE_SIZE);
55791 +#endif
55792
55793 if (!switcher_text_vma) {
55794 err = -ENOMEM;
55795 diff --git a/drivers/lguest/page_tables.c b/drivers/lguest/page_tables.c
55796 index e3abebc9..6a35328 100644
55797 --- a/drivers/lguest/page_tables.c
55798 +++ b/drivers/lguest/page_tables.c
55799 @@ -585,7 +585,7 @@ void pin_page(struct lg_cpu *cpu, unsigned long vaddr)
55800 /*:*/
55801
55802 #ifdef CONFIG_X86_PAE
55803 -static void release_pmd(pmd_t *spmd)
55804 +static void __intentional_overflow(-1) release_pmd(pmd_t *spmd)
55805 {
55806 /* If the entry's not present, there's nothing to release. */
55807 if (pmd_flags(*spmd) & _PAGE_PRESENT) {
55808 diff --git a/drivers/lguest/x86/core.c b/drivers/lguest/x86/core.c
55809 index 6e9042e..befd030 100644
55810 --- a/drivers/lguest/x86/core.c
55811 +++ b/drivers/lguest/x86/core.c
55812 @@ -60,7 +60,7 @@ static struct {
55813 /* Offset from where switcher.S was compiled to where we've copied it */
55814 static unsigned long switcher_offset(void)
55815 {
55816 - return switcher_addr - (unsigned long)start_switcher_text;
55817 + return switcher_addr - ktla_ktva((unsigned long)start_switcher_text);
55818 }
55819
55820 /* This cpu's struct lguest_pages (after the Switcher text page) */
55821 @@ -100,7 +100,13 @@ static void copy_in_guest_info(struct lg_cpu *cpu, struct lguest_pages *pages)
55822 * These copies are pretty cheap, so we do them unconditionally: */
55823 /* Save the current Host top-level page directory.
55824 */
55825 +
55826 +#ifdef CONFIG_PAX_PER_CPU_PGD
55827 + pages->state.host_cr3 = read_cr3();
55828 +#else
55829 pages->state.host_cr3 = __pa(current->mm->pgd);
55830 +#endif
55831 +
55832 /*
55833 * Set up the Guest's page tables to see this CPU's pages (and no
55834 * other CPU's pages).
55835 @@ -498,7 +504,7 @@ void __init lguest_arch_host_init(void)
55836 * compiled-in switcher code and the high-mapped copy we just made.
55837 */
55838 for (i = 0; i < IDT_ENTRIES; i++)
55839 - default_idt_entries[i] += switcher_offset();
55840 + default_idt_entries[i] = ktla_ktva(default_idt_entries[i]) + switcher_offset();
55841
55842 /*
55843 * Set up the Switcher's per-cpu areas.
55844 @@ -581,7 +587,7 @@ void __init lguest_arch_host_init(void)
55845 * it will be undisturbed when we switch. To change %cs and jump we
55846 * need this structure to feed to Intel's "lcall" instruction.
55847 */
55848 - lguest_entry.offset = (long)switch_to_guest + switcher_offset();
55849 + lguest_entry.offset = ktla_ktva((unsigned long)switch_to_guest) + switcher_offset();
55850 lguest_entry.segment = LGUEST_CS;
55851
55852 /*
55853 diff --git a/drivers/lguest/x86/switcher_32.S b/drivers/lguest/x86/switcher_32.S
55854 index 40634b0..4f5855e 100644
55855 --- a/drivers/lguest/x86/switcher_32.S
55856 +++ b/drivers/lguest/x86/switcher_32.S
55857 @@ -87,6 +87,7 @@
55858 #include <asm/page.h>
55859 #include <asm/segment.h>
55860 #include <asm/lguest.h>
55861 +#include <asm/processor-flags.h>
55862
55863 // We mark the start of the code to copy
55864 // It's placed in .text tho it's never run here
55865 @@ -149,6 +150,13 @@ ENTRY(switch_to_guest)
55866 // Changes type when we load it: damn Intel!
55867 // For after we switch over our page tables
55868 // That entry will be read-only: we'd crash.
55869 +
55870 +#ifdef CONFIG_PAX_KERNEXEC
55871 + mov %cr0, %edx
55872 + xor $X86_CR0_WP, %edx
55873 + mov %edx, %cr0
55874 +#endif
55875 +
55876 movl $(GDT_ENTRY_TSS*8), %edx
55877 ltr %dx
55878
55879 @@ -157,9 +165,15 @@ ENTRY(switch_to_guest)
55880 // Let's clear it again for our return.
55881 // The GDT descriptor of the Host
55882 // Points to the table after two "size" bytes
55883 - movl (LGUEST_PAGES_host_gdt_desc+2)(%eax), %edx
55884 + movl (LGUEST_PAGES_host_gdt_desc+2)(%eax), %eax
55885 // Clear "used" from type field (byte 5, bit 2)
55886 - andb $0xFD, (GDT_ENTRY_TSS*8 + 5)(%edx)
55887 + andb $0xFD, (GDT_ENTRY_TSS*8 + 5)(%eax)
55888 +
55889 +#ifdef CONFIG_PAX_KERNEXEC
55890 + mov %cr0, %eax
55891 + xor $X86_CR0_WP, %eax
55892 + mov %eax, %cr0
55893 +#endif
55894
55895 // Once our page table's switched, the Guest is live!
55896 // The Host fades as we run this final step.
55897 @@ -295,13 +309,12 @@ deliver_to_host:
55898 // I consulted gcc, and it gave
55899 // These instructions, which I gladly credit:
55900 leal (%edx,%ebx,8), %eax
55901 - movzwl (%eax),%edx
55902 - movl 4(%eax), %eax
55903 - xorw %ax, %ax
55904 - orl %eax, %edx
55905 + movl 4(%eax), %edx
55906 + movw (%eax), %dx
55907 // Now the address of the handler's in %edx
55908 // We call it now: its "iret" drops us home.
55909 - jmp *%edx
55910 + ljmp $__KERNEL_CS, $1f
55911 +1: jmp *%edx
55912
55913 // Every interrupt can come to us here
55914 // But we must truly tell each apart.
55915 diff --git a/drivers/lightnvm/rrpc.c b/drivers/lightnvm/rrpc.c
55916 index 37fcaad..e2be8ad 100644
55917 --- a/drivers/lightnvm/rrpc.c
55918 +++ b/drivers/lightnvm/rrpc.c
55919 @@ -231,7 +231,7 @@ static void rrpc_put_blks(struct rrpc *rrpc)
55920
55921 static struct rrpc_lun *get_next_lun(struct rrpc *rrpc)
55922 {
55923 - int next = atomic_inc_return(&rrpc->next_lun);
55924 + int next = atomic_inc_return_unchecked(&rrpc->next_lun);
55925
55926 return &rrpc->luns[next % rrpc->nr_luns];
55927 }
55928 @@ -1389,7 +1389,7 @@ static void *rrpc_init(struct nvm_dev *dev, struct gendisk *tdisk,
55929 rrpc->nr_sects = (unsigned long long)dev->sec_per_lun * rrpc->nr_luns;
55930
55931 /* simple round-robin strategy */
55932 - atomic_set(&rrpc->next_lun, -1);
55933 + atomic_set_unchecked(&rrpc->next_lun, -1);
55934
55935 ret = rrpc_area_init(rrpc, &soffset);
55936 if (ret < 0) {
55937 diff --git a/drivers/lightnvm/rrpc.h b/drivers/lightnvm/rrpc.h
55938 index 5e87d52..2666040 100644
55939 --- a/drivers/lightnvm/rrpc.h
55940 +++ b/drivers/lightnvm/rrpc.h
55941 @@ -104,7 +104,7 @@ struct rrpc {
55942 /* Write strategy variables. Move these into each for structure for each
55943 * strategy
55944 */
55945 - atomic_t next_lun; /* Whenever a page is written, this is updated
55946 + atomic_unchecked_t next_lun; /* Whenever a page is written, this is updated
55947 * to point to the next write lun
55948 */
55949
55950 diff --git a/drivers/md/bcache/Kconfig b/drivers/md/bcache/Kconfig
55951 index 4d20088..de60cb2 100644
55952 --- a/drivers/md/bcache/Kconfig
55953 +++ b/drivers/md/bcache/Kconfig
55954 @@ -20,6 +20,7 @@ config BCACHE_CLOSURES_DEBUG
55955 bool "Debug closures"
55956 depends on BCACHE
55957 select DEBUG_FS
55958 + depends on !GRKERNSEC_KMEM
55959 ---help---
55960 Keeps all active closures in a linked list and provides a debugfs
55961 interface to list them, which makes it possible to see asynchronous
55962 diff --git a/drivers/md/bcache/alloc.c b/drivers/md/bcache/alloc.c
55963 index ca4abe1..0b029ef 100644
55964 --- a/drivers/md/bcache/alloc.c
55965 +++ b/drivers/md/bcache/alloc.c
55966 @@ -631,7 +631,7 @@ bool bch_alloc_sectors(struct cache_set *c, struct bkey *k, unsigned sectors,
55967 for (i = 0; i < KEY_PTRS(&b->key); i++) {
55968 SET_PTR_OFFSET(&b->key, i, PTR_OFFSET(&b->key, i) + sectors);
55969
55970 - atomic_long_add(sectors,
55971 + atomic_long_add_unchecked(sectors,
55972 &PTR_CACHE(c, &b->key, i)->sectors_written);
55973 }
55974
55975 diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h
55976 index 6b420a5..d5acb8f 100644
55977 --- a/drivers/md/bcache/bcache.h
55978 +++ b/drivers/md/bcache/bcache.h
55979 @@ -433,12 +433,12 @@ struct cache {
55980
55981 /* The rest of this all shows up in sysfs */
55982 #define IO_ERROR_SHIFT 20
55983 - atomic_t io_errors;
55984 - atomic_t io_count;
55985 + atomic_unchecked_t io_errors;
55986 + atomic_unchecked_t io_count;
55987
55988 - atomic_long_t meta_sectors_written;
55989 - atomic_long_t btree_sectors_written;
55990 - atomic_long_t sectors_written;
55991 + atomic_long_unchecked_t meta_sectors_written;
55992 + atomic_long_unchecked_t btree_sectors_written;
55993 + atomic_long_unchecked_t sectors_written;
55994 };
55995
55996 struct gc_stat {
55997 diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c
55998 index 76f7534..f5ad9e6 100644
55999 --- a/drivers/md/bcache/btree.c
56000 +++ b/drivers/md/bcache/btree.c
56001 @@ -336,15 +336,17 @@ static void btree_complete_write(struct btree *b, struct btree_write *w)
56002 w->journal = NULL;
56003 }
56004
56005 -static void btree_node_write_unlock(struct closure *cl)
56006 +static void btree_node_write_unlock(struct work_struct *work)
56007 {
56008 + struct closure *cl = container_of(work, struct closure, work);
56009 struct btree *b = container_of(cl, struct btree, io);
56010
56011 up(&b->io_mutex);
56012 }
56013
56014 -static void __btree_node_write_done(struct closure *cl)
56015 +static void __btree_node_write_done(struct work_struct *work)
56016 {
56017 + struct closure *cl = container_of(work, struct closure, work);
56018 struct btree *b = container_of(cl, struct btree, io);
56019 struct btree_write *w = btree_prev_write(b);
56020
56021 @@ -358,8 +360,9 @@ static void __btree_node_write_done(struct closure *cl)
56022 closure_return_with_destructor(cl, btree_node_write_unlock);
56023 }
56024
56025 -static void btree_node_write_done(struct closure *cl)
56026 +static void btree_node_write_done(struct work_struct *work)
56027 {
56028 + struct closure *cl = container_of(work, struct closure, work);
56029 struct btree *b = container_of(cl, struct btree, io);
56030 struct bio_vec *bv;
56031 int n;
56032 @@ -367,7 +370,7 @@ static void btree_node_write_done(struct closure *cl)
56033 bio_for_each_segment_all(bv, b->bio, n)
56034 __free_page(bv->bv_page);
56035
56036 - __btree_node_write_done(cl);
56037 + __btree_node_write_done(&cl->work);
56038 }
56039
56040 static void btree_node_write_endio(struct bio *bio)
56041 @@ -467,7 +470,7 @@ void __bch_btree_node_write(struct btree *b, struct closure *parent)
56042
56043 do_btree_node_write(b);
56044
56045 - atomic_long_add(set_blocks(i, block_bytes(b->c)) * b->c->sb.block_size,
56046 + atomic_long_add_unchecked(set_blocks(i, block_bytes(b->c)) * b->c->sb.block_size,
56047 &PTR_CACHE(b->c, &b->key, 0)->btree_sectors_written);
56048
56049 b->written += set_blocks(i, block_bytes(b->c));
56050 diff --git a/drivers/md/bcache/closure.c b/drivers/md/bcache/closure.c
56051 index 864e673..9c022d1 100644
56052 --- a/drivers/md/bcache/closure.c
56053 +++ b/drivers/md/bcache/closure.c
56054 @@ -29,12 +29,12 @@ static inline void closure_put_after_sub(struct closure *cl, int flags)
56055 closure_queue(cl);
56056 } else {
56057 struct closure *parent = cl->parent;
56058 - closure_fn *destructor = cl->fn;
56059 + work_func_t destructor = cl->fn;
56060
56061 closure_debug_destroy(cl);
56062
56063 if (destructor)
56064 - destructor(cl);
56065 + destructor(&cl->work);
56066
56067 if (parent)
56068 closure_put(parent);
56069 diff --git a/drivers/md/bcache/closure.h b/drivers/md/bcache/closure.h
56070 index 9b2fe2d..be17fd2 100644
56071 --- a/drivers/md/bcache/closure.h
56072 +++ b/drivers/md/bcache/closure.h
56073 @@ -152,7 +152,7 @@ struct closure {
56074 struct workqueue_struct *wq;
56075 struct task_struct *task;
56076 struct llist_node list;
56077 - closure_fn *fn;
56078 + work_func_t fn;
56079 };
56080 struct work_struct work;
56081 };
56082 @@ -236,10 +236,10 @@ static inline void closure_set_stopped(struct closure *cl)
56083 atomic_sub(CLOSURE_RUNNING, &cl->remaining);
56084 }
56085
56086 -static inline void set_closure_fn(struct closure *cl, closure_fn *fn,
56087 +static inline void set_closure_fn(struct closure *cl, work_func_t fn,
56088 struct workqueue_struct *wq)
56089 {
56090 - BUG_ON(object_is_on_stack(cl));
56091 + BUG_ON(object_starts_on_stack(cl));
56092 closure_set_ip(cl);
56093 cl->fn = fn;
56094 cl->wq = wq;
56095 @@ -254,7 +254,7 @@ static inline void closure_queue(struct closure *cl)
56096 INIT_WORK(&cl->work, cl->work.func);
56097 BUG_ON(!queue_work(wq, &cl->work));
56098 } else
56099 - cl->fn(cl);
56100 + cl->fn(&cl->work);
56101 }
56102
56103 /**
56104 @@ -373,7 +373,7 @@ do { \
56105 * asynchronously out of a new closure - @parent will then wait for @cl to
56106 * finish.
56107 */
56108 -static inline void closure_call(struct closure *cl, closure_fn fn,
56109 +static inline void closure_call(struct closure *cl, work_func_t fn,
56110 struct workqueue_struct *wq,
56111 struct closure *parent)
56112 {
56113 diff --git a/drivers/md/bcache/io.c b/drivers/md/bcache/io.c
56114 index e97b0ac..5aff0fa 100644
56115 --- a/drivers/md/bcache/io.c
56116 +++ b/drivers/md/bcache/io.c
56117 @@ -60,7 +60,7 @@ void bch_count_io_errors(struct cache *ca, int error, const char *m)
56118 */
56119
56120 if (ca->set->error_decay) {
56121 - unsigned count = atomic_inc_return(&ca->io_count);
56122 + unsigned count = atomic_inc_return_unchecked(&ca->io_count);
56123
56124 while (count > ca->set->error_decay) {
56125 unsigned errors;
56126 @@ -72,16 +72,16 @@ void bch_count_io_errors(struct cache *ca, int error, const char *m)
56127 * succesfully do so, we rescale the errors once:
56128 */
56129
56130 - count = atomic_cmpxchg(&ca->io_count, old, new);
56131 + count = atomic_cmpxchg_unchecked(&ca->io_count, old, new);
56132
56133 if (count == old) {
56134 count = new;
56135
56136 - errors = atomic_read(&ca->io_errors);
56137 + errors = atomic_read_unchecked(&ca->io_errors);
56138 do {
56139 old = errors;
56140 new = ((uint64_t) errors * 127) / 128;
56141 - errors = atomic_cmpxchg(&ca->io_errors,
56142 + errors = atomic_cmpxchg_unchecked(&ca->io_errors,
56143 old, new);
56144 } while (old != errors);
56145 }
56146 @@ -90,7 +90,7 @@ void bch_count_io_errors(struct cache *ca, int error, const char *m)
56147
56148 if (error) {
56149 char buf[BDEVNAME_SIZE];
56150 - unsigned errors = atomic_add_return(1 << IO_ERROR_SHIFT,
56151 + unsigned errors = atomic_add_return_unchecked(1 << IO_ERROR_SHIFT,
56152 &ca->io_errors);
56153 errors >>= IO_ERROR_SHIFT;
56154
56155 diff --git a/drivers/md/bcache/journal.c b/drivers/md/bcache/journal.c
56156 index 6925023..bff91f0 100644
56157 --- a/drivers/md/bcache/journal.c
56158 +++ b/drivers/md/bcache/journal.c
56159 @@ -555,10 +555,11 @@ static void journal_write_endio(struct bio *bio)
56160 closure_put(&w->c->journal.io);
56161 }
56162
56163 -static void journal_write(struct closure *);
56164 +static void journal_write(struct work_struct *);
56165
56166 -static void journal_write_done(struct closure *cl)
56167 +static void journal_write_done(struct work_struct *work)
56168 {
56169 + struct closure *cl = container_of(work, struct closure, work);
56170 struct journal *j = container_of(cl, struct journal, io);
56171 struct journal_write *w = (j->cur == j->w)
56172 ? &j->w[1]
56173 @@ -568,17 +569,19 @@ static void journal_write_done(struct closure *cl)
56174 continue_at_nobarrier(cl, journal_write, system_wq);
56175 }
56176
56177 -static void journal_write_unlock(struct closure *cl)
56178 +static void journal_write_unlock(struct work_struct *work)
56179 {
56180 + struct closure *cl = container_of(work, struct closure, work);
56181 struct cache_set *c = container_of(cl, struct cache_set, journal.io);
56182
56183 c->journal.io_in_flight = 0;
56184 spin_unlock(&c->journal.lock);
56185 }
56186
56187 -static void journal_write_unlocked(struct closure *cl)
56188 +static void journal_write_unlocked(struct work_struct *work)
56189 __releases(c->journal.lock)
56190 {
56191 + struct closure *cl = container_of(work, struct closure, work);
56192 struct cache_set *c = container_of(cl, struct cache_set, journal.io);
56193 struct cache *ca;
56194 struct journal_write *w = c->journal.cur;
56195 @@ -621,7 +624,7 @@ static void journal_write_unlocked(struct closure *cl)
56196 ca = PTR_CACHE(c, k, i);
56197 bio = &ca->journal.bio;
56198
56199 - atomic_long_add(sectors, &ca->meta_sectors_written);
56200 + atomic_long_add_unchecked(sectors, &ca->meta_sectors_written);
56201
56202 bio_reset(bio);
56203 bio->bi_iter.bi_sector = PTR_OFFSET(k, i);
56204 @@ -654,12 +657,13 @@ static void journal_write_unlocked(struct closure *cl)
56205 continue_at(cl, journal_write_done, NULL);
56206 }
56207
56208 -static void journal_write(struct closure *cl)
56209 +static void journal_write(struct work_struct *work)
56210 {
56211 + struct closure *cl = container_of(work, struct closure, work);
56212 struct cache_set *c = container_of(cl, struct cache_set, journal.io);
56213
56214 spin_lock(&c->journal.lock);
56215 - journal_write_unlocked(cl);
56216 + journal_write_unlocked(&cl->work);
56217 }
56218
56219 static void journal_try_write(struct cache_set *c)
56220 diff --git a/drivers/md/bcache/movinggc.c b/drivers/md/bcache/movinggc.c
56221 index 1881319..bec4997 100644
56222 --- a/drivers/md/bcache/movinggc.c
56223 +++ b/drivers/md/bcache/movinggc.c
56224 @@ -34,14 +34,16 @@ static bool moving_pred(struct keybuf *buf, struct bkey *k)
56225
56226 /* Moving GC - IO loop */
56227
56228 -static void moving_io_destructor(struct closure *cl)
56229 +static void moving_io_destructor(struct work_struct *work)
56230 {
56231 + struct closure *cl = container_of(work, struct closure, work);
56232 struct moving_io *io = container_of(cl, struct moving_io, cl);
56233 kfree(io);
56234 }
56235
56236 -static void write_moving_finish(struct closure *cl)
56237 +static void write_moving_finish(struct work_struct *work)
56238 {
56239 + struct closure *cl = container_of(work, struct closure, work);
56240 struct moving_io *io = container_of(cl, struct moving_io, cl);
56241 struct bio *bio = &io->bio.bio;
56242 struct bio_vec *bv;
56243 @@ -92,8 +94,9 @@ static void moving_init(struct moving_io *io)
56244 bch_bio_map(bio, NULL);
56245 }
56246
56247 -static void write_moving(struct closure *cl)
56248 +static void write_moving(struct work_struct *work)
56249 {
56250 + struct closure *cl = container_of(work, struct closure, work);
56251 struct moving_io *io = container_of(cl, struct moving_io, cl);
56252 struct data_insert_op *op = &io->op;
56253
56254 @@ -116,8 +119,9 @@ static void write_moving(struct closure *cl)
56255 continue_at(cl, write_moving_finish, op->wq);
56256 }
56257
56258 -static void read_moving_submit(struct closure *cl)
56259 +static void read_moving_submit(struct work_struct *work)
56260 {
56261 + struct closure *cl = container_of(work, struct closure, work);
56262 struct moving_io *io = container_of(cl, struct moving_io, cl);
56263 struct bio *bio = &io->bio.bio;
56264
56265 diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c
56266 index 4b177fe..be3cbd4 100644
56267 --- a/drivers/md/bcache/request.c
56268 +++ b/drivers/md/bcache/request.c
56269 @@ -24,7 +24,7 @@
56270
56271 struct kmem_cache *bch_search_cache;
56272
56273 -static void bch_data_insert_start(struct closure *);
56274 +static void bch_data_insert_start(struct work_struct *);
56275
56276 static unsigned cache_mode(struct cached_dev *dc, struct bio *bio)
56277 {
56278 @@ -53,8 +53,9 @@ static void bio_csum(struct bio *bio, struct bkey *k)
56279
56280 /* Insert data into cache */
56281
56282 -static void bch_data_insert_keys(struct closure *cl)
56283 +static void bch_data_insert_keys(struct work_struct *work)
56284 {
56285 + struct closure *cl = container_of(work, struct closure, work);
56286 struct data_insert_op *op = container_of(cl, struct data_insert_op, cl);
56287 atomic_t *journal_ref = NULL;
56288 struct bkey *replace_key = op->replace ? &op->replace_key : NULL;
56289 @@ -143,8 +144,9 @@ out:
56290 continue_at(cl, bch_data_insert_keys, op->wq);
56291 }
56292
56293 -static void bch_data_insert_error(struct closure *cl)
56294 +static void bch_data_insert_error(struct work_struct *work)
56295 {
56296 + struct closure *cl = container_of(work, struct closure, work);
56297 struct data_insert_op *op = container_of(cl, struct data_insert_op, cl);
56298
56299 /*
56300 @@ -170,7 +172,7 @@ static void bch_data_insert_error(struct closure *cl)
56301
56302 op->insert_keys.top = dst;
56303
56304 - bch_data_insert_keys(cl);
56305 + bch_data_insert_keys(&cl->work);
56306 }
56307
56308 static void bch_data_insert_endio(struct bio *bio)
56309 @@ -191,8 +193,9 @@ static void bch_data_insert_endio(struct bio *bio)
56310 bch_bbio_endio(op->c, bio, bio->bi_error, "writing data to cache");
56311 }
56312
56313 -static void bch_data_insert_start(struct closure *cl)
56314 +static void bch_data_insert_start(struct work_struct *work)
56315 {
56316 + struct closure *cl = container_of(work, struct closure, work);
56317 struct data_insert_op *op = container_of(cl, struct data_insert_op, cl);
56318 struct bio *bio = op->bio, *n;
56319
56320 @@ -313,8 +316,9 @@ err:
56321 * If s->bypass is true, instead of inserting the data it invalidates the
56322 * region of the cache represented by s->cache_bio and op->inode.
56323 */
56324 -void bch_data_insert(struct closure *cl)
56325 +void bch_data_insert(struct work_struct *work)
56326 {
56327 + struct closure *cl = container_of(work, struct closure, work);
56328 struct data_insert_op *op = container_of(cl, struct data_insert_op, cl);
56329
56330 trace_bcache_write(op->c, op->inode, op->bio,
56331 @@ -322,7 +326,7 @@ void bch_data_insert(struct closure *cl)
56332
56333 bch_keylist_init(&op->insert_keys);
56334 bio_get(op->bio);
56335 - bch_data_insert_start(cl);
56336 + bch_data_insert_start(&cl->work);
56337 }
56338
56339 /* Congested? */
56340 @@ -570,8 +574,9 @@ static int cache_lookup_fn(struct btree_op *op, struct btree *b, struct bkey *k)
56341 return n == bio ? MAP_DONE : MAP_CONTINUE;
56342 }
56343
56344 -static void cache_lookup(struct closure *cl)
56345 +static void cache_lookup(struct work_struct *work)
56346 {
56347 + struct closure *cl = container_of(work, struct closure, work);
56348 struct search *s = container_of(cl, struct search, iop.cl);
56349 struct bio *bio = &s->bio.bio;
56350 int ret;
56351 @@ -631,8 +636,9 @@ static void do_bio_hook(struct search *s, struct bio *orig_bio)
56352 bio_cnt_set(bio, 3);
56353 }
56354
56355 -static void search_free(struct closure *cl)
56356 +static void search_free(struct work_struct *work)
56357 {
56358 + struct closure *cl = container_of(work, struct closure, work);
56359 struct search *s = container_of(cl, struct search, cl);
56360 bio_complete(s);
56361
56362 @@ -676,19 +682,21 @@ static inline struct search *search_alloc(struct bio *bio,
56363
56364 /* Cached devices */
56365
56366 -static void cached_dev_bio_complete(struct closure *cl)
56367 +static void cached_dev_bio_complete(struct work_struct *work)
56368 {
56369 + struct closure *cl = container_of(work, struct closure, work);
56370 struct search *s = container_of(cl, struct search, cl);
56371 struct cached_dev *dc = container_of(s->d, struct cached_dev, disk);
56372
56373 - search_free(cl);
56374 + search_free(&cl->work);
56375 cached_dev_put(dc);
56376 }
56377
56378 /* Process reads */
56379
56380 -static void cached_dev_cache_miss_done(struct closure *cl)
56381 +static void cached_dev_cache_miss_done(struct work_struct *work)
56382 {
56383 + struct closure *cl = container_of(work, struct closure, work);
56384 struct search *s = container_of(cl, struct search, cl);
56385
56386 if (s->iop.replace_collision)
56387 @@ -702,11 +710,12 @@ static void cached_dev_cache_miss_done(struct closure *cl)
56388 __free_page(bv->bv_page);
56389 }
56390
56391 - cached_dev_bio_complete(cl);
56392 + cached_dev_bio_complete(&cl->work);
56393 }
56394
56395 -static void cached_dev_read_error(struct closure *cl)
56396 +static void cached_dev_read_error(struct work_struct *work)
56397 {
56398 + struct closure *cl = container_of(work, struct closure, work);
56399 struct search *s = container_of(cl, struct search, cl);
56400 struct bio *bio = &s->bio.bio;
56401
56402 @@ -725,8 +734,9 @@ static void cached_dev_read_error(struct closure *cl)
56403 continue_at(cl, cached_dev_cache_miss_done, NULL);
56404 }
56405
56406 -static void cached_dev_read_done(struct closure *cl)
56407 +static void cached_dev_read_done(struct work_struct *work)
56408 {
56409 + struct closure *cl = container_of(work, struct closure, work);
56410 struct search *s = container_of(cl, struct search, cl);
56411 struct cached_dev *dc = container_of(s->d, struct cached_dev, disk);
56412
56413 @@ -765,8 +775,9 @@ static void cached_dev_read_done(struct closure *cl)
56414 continue_at(cl, cached_dev_cache_miss_done, NULL);
56415 }
56416
56417 -static void cached_dev_read_done_bh(struct closure *cl)
56418 +static void cached_dev_read_done_bh(struct work_struct *work)
56419 {
56420 + struct closure *cl = container_of(work, struct closure, work);
56421 struct search *s = container_of(cl, struct search, cl);
56422 struct cached_dev *dc = container_of(s->d, struct cached_dev, disk);
56423
56424 @@ -864,13 +875,14 @@ static void cached_dev_read(struct cached_dev *dc, struct search *s)
56425
56426 /* Process writes */
56427
56428 -static void cached_dev_write_complete(struct closure *cl)
56429 +static void cached_dev_write_complete(struct work_struct *work)
56430 {
56431 + struct closure *cl = container_of(work, struct closure, work);
56432 struct search *s = container_of(cl, struct search, cl);
56433 struct cached_dev *dc = container_of(s->d, struct cached_dev, disk);
56434
56435 up_read_non_owner(&dc->writeback_lock);
56436 - cached_dev_bio_complete(cl);
56437 + cached_dev_bio_complete(&cl->work);
56438 }
56439
56440 static void cached_dev_write(struct cached_dev *dc, struct search *s)
56441 @@ -942,8 +954,9 @@ static void cached_dev_write(struct cached_dev *dc, struct search *s)
56442 continue_at(cl, cached_dev_write_complete, NULL);
56443 }
56444
56445 -static void cached_dev_nodata(struct closure *cl)
56446 +static void cached_dev_nodata(struct work_struct *work)
56447 {
56448 + struct closure *cl = container_of(work, struct closure, work);
56449 struct search *s = container_of(cl, struct search, cl);
56450 struct bio *bio = &s->bio.bio;
56451
56452 @@ -1063,8 +1076,9 @@ static int flash_dev_cache_miss(struct btree *b, struct search *s,
56453 return MAP_CONTINUE;
56454 }
56455
56456 -static void flash_dev_nodata(struct closure *cl)
56457 +static void flash_dev_nodata(struct work_struct *work)
56458 {
56459 + struct closure *cl = container_of(work, struct closure, work);
56460 struct search *s = container_of(cl, struct search, cl);
56461
56462 if (s->iop.flush_journal)
56463 diff --git a/drivers/md/bcache/request.h b/drivers/md/bcache/request.h
56464 index 1ff3687..b8f4a05 100644
56465 --- a/drivers/md/bcache/request.h
56466 +++ b/drivers/md/bcache/request.h
56467 @@ -33,7 +33,7 @@ struct data_insert_op {
56468 };
56469
56470 unsigned bch_get_congested(struct cache_set *);
56471 -void bch_data_insert(struct closure *cl);
56472 +void bch_data_insert(struct work_struct *work);
56473
56474 void bch_cached_dev_request_init(struct cached_dev *dc);
56475 void bch_flash_dev_request_init(struct bcache_device *d);
56476 diff --git a/drivers/md/bcache/stats.c b/drivers/md/bcache/stats.c
56477 index 0ca072c..5e6e5c3 100644
56478 --- a/drivers/md/bcache/stats.c
56479 +++ b/drivers/md/bcache/stats.c
56480 @@ -120,7 +120,7 @@ void bch_cache_accounting_destroy(struct cache_accounting *acc)
56481 kobject_put(&acc->hour.kobj);
56482 kobject_put(&acc->day.kobj);
56483
56484 - atomic_set(&acc->closing, 1);
56485 + atomic_set_unchecked(&acc->closing, 1);
56486 if (del_timer_sync(&acc->timer))
56487 closure_return(&acc->cl);
56488 }
56489 @@ -151,7 +151,7 @@ static void scale_accounting(unsigned long data)
56490 struct cache_accounting *acc = (struct cache_accounting *) data;
56491
56492 #define move_stat(name) do { \
56493 - unsigned t = atomic_xchg(&acc->collector.name, 0); \
56494 + unsigned t = atomic_xchg_unchecked(&acc->collector.name, 0); \
56495 t <<= 16; \
56496 acc->five_minute.name += t; \
56497 acc->hour.name += t; \
56498 @@ -174,7 +174,7 @@ static void scale_accounting(unsigned long data)
56499
56500 acc->timer.expires += accounting_delay;
56501
56502 - if (!atomic_read(&acc->closing))
56503 + if (!atomic_read_unchecked(&acc->closing))
56504 add_timer(&acc->timer);
56505 else
56506 closure_return(&acc->cl);
56507 @@ -185,14 +185,14 @@ static void mark_cache_stats(struct cache_stat_collector *stats,
56508 {
56509 if (!bypass)
56510 if (hit)
56511 - atomic_inc(&stats->cache_hits);
56512 + atomic_inc_unchecked(&stats->cache_hits);
56513 else
56514 - atomic_inc(&stats->cache_misses);
56515 + atomic_inc_unchecked(&stats->cache_misses);
56516 else
56517 if (hit)
56518 - atomic_inc(&stats->cache_bypass_hits);
56519 + atomic_inc_unchecked(&stats->cache_bypass_hits);
56520 else
56521 - atomic_inc(&stats->cache_bypass_misses);
56522 + atomic_inc_unchecked(&stats->cache_bypass_misses);
56523 }
56524
56525 void bch_mark_cache_accounting(struct cache_set *c, struct bcache_device *d,
56526 @@ -206,22 +206,22 @@ void bch_mark_cache_accounting(struct cache_set *c, struct bcache_device *d,
56527 void bch_mark_cache_readahead(struct cache_set *c, struct bcache_device *d)
56528 {
56529 struct cached_dev *dc = container_of(d, struct cached_dev, disk);
56530 - atomic_inc(&dc->accounting.collector.cache_readaheads);
56531 - atomic_inc(&c->accounting.collector.cache_readaheads);
56532 + atomic_inc_unchecked(&dc->accounting.collector.cache_readaheads);
56533 + atomic_inc_unchecked(&c->accounting.collector.cache_readaheads);
56534 }
56535
56536 void bch_mark_cache_miss_collision(struct cache_set *c, struct bcache_device *d)
56537 {
56538 struct cached_dev *dc = container_of(d, struct cached_dev, disk);
56539 - atomic_inc(&dc->accounting.collector.cache_miss_collisions);
56540 - atomic_inc(&c->accounting.collector.cache_miss_collisions);
56541 + atomic_inc_unchecked(&dc->accounting.collector.cache_miss_collisions);
56542 + atomic_inc_unchecked(&c->accounting.collector.cache_miss_collisions);
56543 }
56544
56545 void bch_mark_sectors_bypassed(struct cache_set *c, struct cached_dev *dc,
56546 int sectors)
56547 {
56548 - atomic_add(sectors, &dc->accounting.collector.sectors_bypassed);
56549 - atomic_add(sectors, &c->accounting.collector.sectors_bypassed);
56550 + atomic_add_unchecked(sectors, &dc->accounting.collector.sectors_bypassed);
56551 + atomic_add_unchecked(sectors, &c->accounting.collector.sectors_bypassed);
56552 }
56553
56554 void bch_cache_accounting_init(struct cache_accounting *acc,
56555 diff --git a/drivers/md/bcache/stats.h b/drivers/md/bcache/stats.h
56556 index adbff14..018c2d2 100644
56557 --- a/drivers/md/bcache/stats.h
56558 +++ b/drivers/md/bcache/stats.h
56559 @@ -2,13 +2,13 @@
56560 #define _BCACHE_STATS_H_
56561
56562 struct cache_stat_collector {
56563 - atomic_t cache_hits;
56564 - atomic_t cache_misses;
56565 - atomic_t cache_bypass_hits;
56566 - atomic_t cache_bypass_misses;
56567 - atomic_t cache_readaheads;
56568 - atomic_t cache_miss_collisions;
56569 - atomic_t sectors_bypassed;
56570 + atomic_unchecked_t cache_hits;
56571 + atomic_unchecked_t cache_misses;
56572 + atomic_unchecked_t cache_bypass_hits;
56573 + atomic_unchecked_t cache_bypass_misses;
56574 + atomic_unchecked_t cache_readaheads;
56575 + atomic_unchecked_t cache_miss_collisions;
56576 + atomic_unchecked_t sectors_bypassed;
56577 };
56578
56579 struct cache_stats {
56580 @@ -28,7 +28,7 @@ struct cache_stats {
56581 struct cache_accounting {
56582 struct closure cl;
56583 struct timer_list timer;
56584 - atomic_t closing;
56585 + atomic_unchecked_t closing;
56586
56587 struct cache_stat_collector collector;
56588
56589 diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c
56590 index 849ad44..a9e695e 100644
56591 --- a/drivers/md/bcache/super.c
56592 +++ b/drivers/md/bcache/super.c
56593 @@ -240,8 +240,9 @@ static void __write_super(struct cache_sb *sb, struct bio *bio)
56594 submit_bio(bio);
56595 }
56596
56597 -static void bch_write_bdev_super_unlock(struct closure *cl)
56598 +static void bch_write_bdev_super_unlock(struct work_struct *work)
56599 {
56600 + struct closure *cl = container_of(work, struct closure, work);
56601 struct cached_dev *dc = container_of(cl, struct cached_dev, sb_write);
56602
56603 up(&dc->sb_write_mutex);
56604 @@ -274,8 +275,9 @@ static void write_super_endio(struct bio *bio)
56605 closure_put(&ca->set->sb_write);
56606 }
56607
56608 -static void bcache_write_super_unlock(struct closure *cl)
56609 +static void bcache_write_super_unlock(struct work_struct *work)
56610 {
56611 + struct closure *cl = container_of(work, struct closure, work);
56612 struct cache_set *c = container_of(cl, struct cache_set, sb_write);
56613
56614 up(&c->sb_write_mutex);
56615 @@ -325,8 +327,9 @@ static void uuid_endio(struct bio *bio)
56616 closure_put(cl);
56617 }
56618
56619 -static void uuid_io_unlock(struct closure *cl)
56620 +static void uuid_io_unlock(struct work_struct *work)
56621 {
56622 + struct closure *cl = container_of(work, struct closure, work);
56623 struct cache_set *c = container_of(cl, struct cache_set, uuid_write);
56624
56625 up(&c->uuid_write_mutex);
56626 @@ -531,7 +534,7 @@ void bch_prio_write(struct cache *ca)
56627
56628 ca->disk_buckets->seq++;
56629
56630 - atomic_long_add(ca->sb.bucket_size * prio_buckets(ca),
56631 + atomic_long_add_unchecked(ca->sb.bucket_size * prio_buckets(ca),
56632 &ca->meta_sectors_written);
56633
56634 //pr_debug("free %zu, free_inc %zu, unused %zu", fifo_used(&ca->free),
56635 @@ -1051,8 +1054,9 @@ void bch_cached_dev_release(struct kobject *kobj)
56636 module_put(THIS_MODULE);
56637 }
56638
56639 -static void cached_dev_free(struct closure *cl)
56640 +static void cached_dev_free(struct work_struct *work)
56641 {
56642 + struct closure *cl = container_of(work, struct closure, work);
56643 struct cached_dev *dc = container_of(cl, struct cached_dev, disk.cl);
56644
56645 cancel_delayed_work_sync(&dc->writeback_rate_update);
56646 @@ -1076,8 +1080,9 @@ static void cached_dev_free(struct closure *cl)
56647 kobject_put(&dc->disk.kobj);
56648 }
56649
56650 -static void cached_dev_flush(struct closure *cl)
56651 +static void cached_dev_flush(struct work_struct *work)
56652 {
56653 + struct closure *cl = container_of(work, struct closure, work);
56654 struct cached_dev *dc = container_of(cl, struct cached_dev, disk.cl);
56655 struct bcache_device *d = &dc->disk;
56656
56657 @@ -1193,8 +1198,9 @@ void bch_flash_dev_release(struct kobject *kobj)
56658 kfree(d);
56659 }
56660
56661 -static void flash_dev_free(struct closure *cl)
56662 +static void flash_dev_free(struct work_struct *work)
56663 {
56664 + struct closure *cl = container_of(work, struct closure, work);
56665 struct bcache_device *d = container_of(cl, struct bcache_device, cl);
56666 mutex_lock(&bch_register_lock);
56667 bcache_device_free(d);
56668 @@ -1202,8 +1208,9 @@ static void flash_dev_free(struct closure *cl)
56669 kobject_put(&d->kobj);
56670 }
56671
56672 -static void flash_dev_flush(struct closure *cl)
56673 +static void flash_dev_flush(struct work_struct *work)
56674 {
56675 + struct closure *cl = container_of(work, struct closure, work);
56676 struct bcache_device *d = container_of(cl, struct bcache_device, cl);
56677
56678 mutex_lock(&bch_register_lock);
56679 @@ -1322,8 +1329,9 @@ void bch_cache_set_release(struct kobject *kobj)
56680 module_put(THIS_MODULE);
56681 }
56682
56683 -static void cache_set_free(struct closure *cl)
56684 +static void cache_set_free(struct work_struct *work)
56685 {
56686 + struct closure *cl = container_of(work, struct closure, work);
56687 struct cache_set *c = container_of(cl, struct cache_set, cl);
56688 struct cache *ca;
56689 unsigned i;
56690 @@ -1368,8 +1376,9 @@ static void cache_set_free(struct closure *cl)
56691 kobject_put(&c->kobj);
56692 }
56693
56694 -static void cache_set_flush(struct closure *cl)
56695 +static void cache_set_flush(struct work_struct *work)
56696 {
56697 + struct closure *cl = container_of(work, struct closure, work);
56698 struct cache_set *c = container_of(cl, struct cache_set, caching);
56699 struct cache *ca;
56700 struct btree *b;
56701 @@ -1410,8 +1419,9 @@ static void cache_set_flush(struct closure *cl)
56702 closure_return(cl);
56703 }
56704
56705 -static void __cache_set_unregister(struct closure *cl)
56706 +static void __cache_set_unregister(struct work_struct *work)
56707 {
56708 + struct closure *cl = container_of(work, struct closure, work);
56709 struct cache_set *c = container_of(cl, struct cache_set, caching);
56710 struct cached_dev *dc;
56711 size_t i;
56712 diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c
56713 index b3ff57d..b2e30fb 100644
56714 --- a/drivers/md/bcache/sysfs.c
56715 +++ b/drivers/md/bcache/sysfs.c
56716 @@ -739,15 +739,15 @@ SHOW(__bch_cache)
56717 sysfs_hprint(block_size, block_bytes(ca));
56718 sysfs_print(nbuckets, ca->sb.nbuckets);
56719 sysfs_print(discard, ca->discard);
56720 - sysfs_hprint(written, atomic_long_read(&ca->sectors_written) << 9);
56721 + sysfs_hprint(written, atomic_long_read_unchecked(&ca->sectors_written) << 9);
56722 sysfs_hprint(btree_written,
56723 - atomic_long_read(&ca->btree_sectors_written) << 9);
56724 + atomic_long_read_unchecked(&ca->btree_sectors_written) << 9);
56725 sysfs_hprint(metadata_written,
56726 - (atomic_long_read(&ca->meta_sectors_written) +
56727 - atomic_long_read(&ca->btree_sectors_written)) << 9);
56728 + (atomic_long_read_unchecked(&ca->meta_sectors_written) +
56729 + atomic_long_read_unchecked(&ca->btree_sectors_written)) << 9);
56730
56731 sysfs_print(io_errors,
56732 - atomic_read(&ca->io_errors) >> IO_ERROR_SHIFT);
56733 + atomic_read_unchecked(&ca->io_errors) >> IO_ERROR_SHIFT);
56734
56735 if (attr == &sysfs_cache_replacement_policy)
56736 return bch_snprint_string_list(buf, PAGE_SIZE,
56737 @@ -870,11 +870,11 @@ STORE(__bch_cache)
56738 }
56739
56740 if (attr == &sysfs_clear_stats) {
56741 - atomic_long_set(&ca->sectors_written, 0);
56742 - atomic_long_set(&ca->btree_sectors_written, 0);
56743 - atomic_long_set(&ca->meta_sectors_written, 0);
56744 - atomic_set(&ca->io_count, 0);
56745 - atomic_set(&ca->io_errors, 0);
56746 + atomic_long_set_unchecked(&ca->sectors_written, 0);
56747 + atomic_long_set_unchecked(&ca->btree_sectors_written, 0);
56748 + atomic_long_set_unchecked(&ca->meta_sectors_written, 0);
56749 + atomic_set_unchecked(&ca->io_count, 0);
56750 + atomic_set_unchecked(&ca->io_errors, 0);
56751 }
56752
56753 return size;
56754 diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c
56755 index d9fd2a6..749b6c6 100644
56756 --- a/drivers/md/bcache/writeback.c
56757 +++ b/drivers/md/bcache/writeback.c
56758 @@ -117,14 +117,16 @@ static void dirty_init(struct keybuf_key *w)
56759 bch_bio_map(bio, NULL);
56760 }
56761
56762 -static void dirty_io_destructor(struct closure *cl)
56763 +static void dirty_io_destructor(struct work_struct *work)
56764 {
56765 + struct closure *cl = container_of(work, struct closure, work);
56766 struct dirty_io *io = container_of(cl, struct dirty_io, cl);
56767 kfree(io);
56768 }
56769
56770 -static void write_dirty_finish(struct closure *cl)
56771 +static void write_dirty_finish(struct work_struct *work)
56772 {
56773 + struct closure *cl = container_of(work, struct closure, work);
56774 struct dirty_io *io = container_of(cl, struct dirty_io, cl);
56775 struct keybuf_key *w = io->bio.bi_private;
56776 struct cached_dev *dc = io->dc;
56777 @@ -176,8 +178,9 @@ static void dirty_endio(struct bio *bio)
56778 closure_put(&io->cl);
56779 }
56780
56781 -static void write_dirty(struct closure *cl)
56782 +static void write_dirty(struct work_struct *work)
56783 {
56784 + struct closure *cl = container_of(work, struct closure, work);
56785 struct dirty_io *io = container_of(cl, struct dirty_io, cl);
56786 struct keybuf_key *w = io->bio.bi_private;
56787
56788 @@ -203,8 +206,9 @@ static void read_dirty_endio(struct bio *bio)
56789 dirty_endio(bio);
56790 }
56791
56792 -static void read_dirty_submit(struct closure *cl)
56793 +static void read_dirty_submit(struct work_struct *work)
56794 {
56795 + struct closure *cl = container_of(work, struct closure, work);
56796 struct dirty_io *io = container_of(cl, struct dirty_io, cl);
56797
56798 closure_bio_submit(&io->bio, cl);
56799 diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c
56800 index 13041ee..2d1c184 100644
56801 --- a/drivers/md/bitmap.c
56802 +++ b/drivers/md/bitmap.c
56803 @@ -1965,7 +1965,7 @@ void bitmap_status(struct seq_file *seq, struct bitmap *bitmap)
56804 chunk_kb ? "KB" : "B");
56805 if (bitmap->storage.file) {
56806 seq_printf(seq, ", file: ");
56807 - seq_file_path(seq, bitmap->storage.file, " \t\n");
56808 + seq_file_path(seq, bitmap->storage.file, " \t\n\\");
56809 }
56810
56811 seq_printf(seq, "\n");
56812 diff --git a/drivers/md/dm-cache-target.c b/drivers/md/dm-cache-target.c
56813 index 59b2c50..60bca53 100644
56814 --- a/drivers/md/dm-cache-target.c
56815 +++ b/drivers/md/dm-cache-target.c
56816 @@ -118,7 +118,7 @@ static void iot_io_end(struct io_tracker *iot, sector_t len)
56817 */
56818 struct dm_hook_info {
56819 bio_end_io_t *bi_end_io;
56820 -};
56821 +} __no_const;
56822
56823 static void dm_hook_bio(struct dm_hook_info *h, struct bio *bio,
56824 bio_end_io_t *bi_end_io, void *bi_private)
56825 @@ -182,16 +182,16 @@ struct cache_features {
56826 };
56827
56828 struct cache_stats {
56829 - atomic_t read_hit;
56830 - atomic_t read_miss;
56831 - atomic_t write_hit;
56832 - atomic_t write_miss;
56833 - atomic_t demotion;
56834 - atomic_t promotion;
56835 - atomic_t copies_avoided;
56836 - atomic_t cache_cell_clash;
56837 - atomic_t commit_count;
56838 - atomic_t discard_count;
56839 + atomic_unchecked_t read_hit;
56840 + atomic_unchecked_t read_miss;
56841 + atomic_unchecked_t write_hit;
56842 + atomic_unchecked_t write_miss;
56843 + atomic_unchecked_t demotion;
56844 + atomic_unchecked_t promotion;
56845 + atomic_unchecked_t copies_avoided;
56846 + atomic_unchecked_t cache_cell_clash;
56847 + atomic_unchecked_t commit_count;
56848 + atomic_unchecked_t discard_count;
56849 };
56850
56851 /*
56852 @@ -270,8 +270,8 @@ struct cache {
56853 atomic_t nr_io_migrations;
56854
56855 wait_queue_head_t quiescing_wait;
56856 - atomic_t quiescing;
56857 - atomic_t quiescing_ack;
56858 + atomic_unchecked_t quiescing;
56859 + atomic_unchecked_t quiescing_ack;
56860
56861 /*
56862 * cache_size entries, dirty if set
56863 @@ -395,8 +395,10 @@ static struct dm_bio_prison_cell *alloc_prison_cell(struct cache *cache)
56864 return dm_bio_prison_alloc_cell(cache->prison, GFP_NOWAIT);
56865 }
56866
56867 -static void free_prison_cell(struct cache *cache, struct dm_bio_prison_cell *cell)
56868 +static void free_prison_cell(void *_cache, struct dm_bio_prison_cell *cell)
56869 {
56870 + struct cache *cache = _cache;
56871 +
56872 dm_bio_prison_free_cell(cache->prison, cell);
56873 }
56874
56875 @@ -493,8 +495,10 @@ static struct dm_bio_prison_cell *prealloc_get_cell(struct prealloc *p)
56876 * You can't have more than two cells in a prealloc struct. BUG() will be
56877 * called if you try and overfill.
56878 */
56879 -static void prealloc_put_cell(struct prealloc *p, struct dm_bio_prison_cell *cell)
56880 +static void prealloc_put_cell(void *_p, struct dm_bio_prison_cell *cell)
56881 {
56882 + struct prealloc *p = _p;
56883 +
56884 if (!p->cell2)
56885 p->cell2 = cell;
56886
56887 @@ -637,7 +641,7 @@ static void set_discard(struct cache *cache, dm_dblock_t b)
56888 unsigned long flags;
56889
56890 BUG_ON(from_dblock(b) >= from_dblock(cache->discard_nr_blocks));
56891 - atomic_inc(&cache->stats.discard_count);
56892 + atomic_inc_unchecked(&cache->stats.discard_count);
56893
56894 spin_lock_irqsave(&cache->lock, flags);
56895 set_bit(from_dblock(b), cache->discard_bitset);
56896 @@ -685,10 +689,10 @@ static void load_stats(struct cache *cache)
56897 struct dm_cache_statistics stats;
56898
56899 dm_cache_metadata_get_stats(cache->cmd, &stats);
56900 - atomic_set(&cache->stats.read_hit, stats.read_hits);
56901 - atomic_set(&cache->stats.read_miss, stats.read_misses);
56902 - atomic_set(&cache->stats.write_hit, stats.write_hits);
56903 - atomic_set(&cache->stats.write_miss, stats.write_misses);
56904 + atomic_set_unchecked(&cache->stats.read_hit, stats.read_hits);
56905 + atomic_set_unchecked(&cache->stats.read_miss, stats.read_misses);
56906 + atomic_set_unchecked(&cache->stats.write_hit, stats.write_hits);
56907 + atomic_set_unchecked(&cache->stats.write_miss, stats.write_misses);
56908 }
56909
56910 static void save_stats(struct cache *cache)
56911 @@ -698,10 +702,10 @@ static void save_stats(struct cache *cache)
56912 if (get_cache_mode(cache) >= CM_READ_ONLY)
56913 return;
56914
56915 - stats.read_hits = atomic_read(&cache->stats.read_hit);
56916 - stats.read_misses = atomic_read(&cache->stats.read_miss);
56917 - stats.write_hits = atomic_read(&cache->stats.write_hit);
56918 - stats.write_misses = atomic_read(&cache->stats.write_miss);
56919 + stats.read_hits = atomic_read_unchecked(&cache->stats.read_hit);
56920 + stats.read_misses = atomic_read_unchecked(&cache->stats.read_miss);
56921 + stats.write_hits = atomic_read_unchecked(&cache->stats.write_hit);
56922 + stats.write_misses = atomic_read_unchecked(&cache->stats.write_miss);
56923
56924 dm_cache_metadata_set_stats(cache->cmd, &stats);
56925 }
56926 @@ -1326,7 +1330,7 @@ static bool bio_writes_complete_block(struct cache *cache, struct bio *bio)
56927
56928 static void avoid_copy(struct dm_cache_migration *mg)
56929 {
56930 - atomic_inc(&mg->cache->stats.copies_avoided);
56931 + atomic_inc_unchecked(&mg->cache->stats.copies_avoided);
56932 migration_success_pre_commit(mg);
56933 }
56934
56935 @@ -1636,7 +1640,7 @@ static void process_discard_bio(struct cache *cache, struct prealloc *structs,
56936
56937 cell_prealloc = prealloc_get_cell(structs);
56938 r = bio_detain_range(cache, dblock_to_oblock(cache, b), dblock_to_oblock(cache, e), bio, cell_prealloc,
56939 - (cell_free_fn) prealloc_put_cell,
56940 + prealloc_put_cell,
56941 structs, &new_ocell);
56942 if (r > 0)
56943 return;
56944 @@ -1653,13 +1657,13 @@ static bool spare_migration_bandwidth(struct cache *cache)
56945
56946 static void inc_hit_counter(struct cache *cache, struct bio *bio)
56947 {
56948 - atomic_inc(bio_data_dir(bio) == READ ?
56949 + atomic_inc_unchecked(bio_data_dir(bio) == READ ?
56950 &cache->stats.read_hit : &cache->stats.write_hit);
56951 }
56952
56953 static void inc_miss_counter(struct cache *cache, struct bio *bio)
56954 {
56955 - atomic_inc(bio_data_dir(bio) == READ ?
56956 + atomic_inc_unchecked(bio_data_dir(bio) == READ ?
56957 &cache->stats.read_miss : &cache->stats.write_miss);
56958 }
56959
56960 @@ -1790,7 +1794,7 @@ static int cell_locker(struct policy_locker *locker, dm_oblock_t b)
56961 struct dm_bio_prison_cell *cell_prealloc = prealloc_get_cell(l->structs);
56962
56963 return bio_detain(l->cache, b, NULL, cell_prealloc,
56964 - (cell_free_fn) prealloc_put_cell,
56965 + prealloc_put_cell,
56966 l->structs, &l->cell);
56967 }
56968
56969 @@ -1832,7 +1836,7 @@ static void process_cell(struct cache *cache, struct prealloc *structs,
56970 */
56971
56972 if (bio_data_dir(bio) == WRITE) {
56973 - atomic_inc(&cache->stats.demotion);
56974 + atomic_inc_unchecked(&cache->stats.demotion);
56975 invalidate(cache, structs, block, lookup_result.cblock, new_ocell);
56976 release_cell = false;
56977
56978 @@ -1865,14 +1869,14 @@ static void process_cell(struct cache *cache, struct prealloc *structs,
56979 break;
56980
56981 case POLICY_NEW:
56982 - atomic_inc(&cache->stats.promotion);
56983 + atomic_inc_unchecked(&cache->stats.promotion);
56984 promote(cache, structs, block, lookup_result.cblock, new_ocell);
56985 release_cell = false;
56986 break;
56987
56988 case POLICY_REPLACE:
56989 - atomic_inc(&cache->stats.demotion);
56990 - atomic_inc(&cache->stats.promotion);
56991 + atomic_inc_unchecked(&cache->stats.demotion);
56992 + atomic_inc_unchecked(&cache->stats.promotion);
56993 demote_then_promote(cache, structs, lookup_result.old_oblock,
56994 block, lookup_result.cblock,
56995 ool.cell, new_ocell);
56996 @@ -1902,7 +1906,7 @@ static void process_bio(struct cache *cache, struct prealloc *structs,
56997 */
56998 cell_prealloc = prealloc_get_cell(structs);
56999 r = bio_detain(cache, block, bio, cell_prealloc,
57000 - (cell_free_fn) prealloc_put_cell,
57001 + prealloc_put_cell,
57002 structs, &new_ocell);
57003 if (r > 0)
57004 return;
57005 @@ -1926,7 +1930,7 @@ static int commit(struct cache *cache, bool clean_shutdown)
57006 if (get_cache_mode(cache) >= CM_READ_ONLY)
57007 return -EINVAL;
57008
57009 - atomic_inc(&cache->stats.commit_count);
57010 + atomic_inc_unchecked(&cache->stats.commit_count);
57011 r = dm_cache_commit(cache->cmd, clean_shutdown);
57012 if (r)
57013 metadata_operation_failed(cache, "dm_cache_commit", r);
57014 @@ -2157,32 +2161,32 @@ static void process_invalidation_requests(struct cache *cache)
57015 *--------------------------------------------------------------*/
57016 static bool is_quiescing(struct cache *cache)
57017 {
57018 - return atomic_read(&cache->quiescing);
57019 + return atomic_read_unchecked(&cache->quiescing);
57020 }
57021
57022 static void ack_quiescing(struct cache *cache)
57023 {
57024 if (is_quiescing(cache)) {
57025 - atomic_inc(&cache->quiescing_ack);
57026 + atomic_inc_unchecked(&cache->quiescing_ack);
57027 wake_up(&cache->quiescing_wait);
57028 }
57029 }
57030
57031 static void wait_for_quiescing_ack(struct cache *cache)
57032 {
57033 - wait_event(cache->quiescing_wait, atomic_read(&cache->quiescing_ack));
57034 + wait_event(cache->quiescing_wait, atomic_read_unchecked(&cache->quiescing_ack));
57035 }
57036
57037 static void start_quiescing(struct cache *cache)
57038 {
57039 - atomic_inc(&cache->quiescing);
57040 + atomic_inc_unchecked(&cache->quiescing);
57041 wait_for_quiescing_ack(cache);
57042 }
57043
57044 static void stop_quiescing(struct cache *cache)
57045 {
57046 - atomic_set(&cache->quiescing, 0);
57047 - atomic_set(&cache->quiescing_ack, 0);
57048 + atomic_set_unchecked(&cache->quiescing, 0);
57049 + atomic_set_unchecked(&cache->quiescing_ack, 0);
57050 }
57051
57052 static void wait_for_migrations(struct cache *cache)
57053 @@ -2869,8 +2873,8 @@ static int cache_create(struct cache_args *ca, struct cache **result)
57054 init_waitqueue_head(&cache->migration_wait);
57055
57056 init_waitqueue_head(&cache->quiescing_wait);
57057 - atomic_set(&cache->quiescing, 0);
57058 - atomic_set(&cache->quiescing_ack, 0);
57059 + atomic_set_unchecked(&cache->quiescing, 0);
57060 + atomic_set_unchecked(&cache->quiescing_ack, 0);
57061
57062 r = -ENOMEM;
57063 atomic_set(&cache->nr_dirty, 0);
57064 @@ -2937,12 +2941,12 @@ static int cache_create(struct cache_args *ca, struct cache **result)
57065
57066 load_stats(cache);
57067
57068 - atomic_set(&cache->stats.demotion, 0);
57069 - atomic_set(&cache->stats.promotion, 0);
57070 - atomic_set(&cache->stats.copies_avoided, 0);
57071 - atomic_set(&cache->stats.cache_cell_clash, 0);
57072 - atomic_set(&cache->stats.commit_count, 0);
57073 - atomic_set(&cache->stats.discard_count, 0);
57074 + atomic_set_unchecked(&cache->stats.demotion, 0);
57075 + atomic_set_unchecked(&cache->stats.promotion, 0);
57076 + atomic_set_unchecked(&cache->stats.copies_avoided, 0);
57077 + atomic_set_unchecked(&cache->stats.cache_cell_clash, 0);
57078 + atomic_set_unchecked(&cache->stats.commit_count, 0);
57079 + atomic_set_unchecked(&cache->stats.discard_count, 0);
57080
57081 spin_lock_init(&cache->invalidation_lock);
57082 INIT_LIST_HEAD(&cache->invalidation_requests);
57083 @@ -3059,7 +3063,7 @@ static int cache_map(struct dm_target *ti, struct bio *bio)
57084 }
57085
57086 r = bio_detain(cache, block, bio, cell,
57087 - (cell_free_fn) free_prison_cell,
57088 + free_prison_cell,
57089 cache, &cell);
57090 if (r) {
57091 if (r < 0)
57092 @@ -3553,12 +3557,12 @@ static void cache_status(struct dm_target *ti, status_type_t type,
57093 cache->sectors_per_block,
57094 (unsigned long long) from_cblock(residency),
57095 (unsigned long long) from_cblock(cache->cache_size),
57096 - (unsigned) atomic_read(&cache->stats.read_hit),
57097 - (unsigned) atomic_read(&cache->stats.read_miss),
57098 - (unsigned) atomic_read(&cache->stats.write_hit),
57099 - (unsigned) atomic_read(&cache->stats.write_miss),
57100 - (unsigned) atomic_read(&cache->stats.demotion),
57101 - (unsigned) atomic_read(&cache->stats.promotion),
57102 + (unsigned) atomic_read_unchecked(&cache->stats.read_hit),
57103 + (unsigned) atomic_read_unchecked(&cache->stats.read_miss),
57104 + (unsigned) atomic_read_unchecked(&cache->stats.write_hit),
57105 + (unsigned) atomic_read_unchecked(&cache->stats.write_miss),
57106 + (unsigned) atomic_read_unchecked(&cache->stats.demotion),
57107 + (unsigned) atomic_read_unchecked(&cache->stats.promotion),
57108 (unsigned long) atomic_read(&cache->nr_dirty));
57109
57110 if (writethrough_mode(&cache->features))
57111 diff --git a/drivers/md/dm-core.h b/drivers/md/dm-core.h
57112 index 40ceba1..4141e1e 100644
57113 --- a/drivers/md/dm-core.h
57114 +++ b/drivers/md/dm-core.h
57115 @@ -75,8 +75,8 @@ struct mapped_device {
57116 * Event handling.
57117 */
57118 wait_queue_head_t eventq;
57119 - atomic_t event_nr;
57120 - atomic_t uevent_seq;
57121 + atomic_unchecked_t event_nr;
57122 + atomic_unchecked_t uevent_seq;
57123 struct list_head uevent_list;
57124 spinlock_t uevent_lock; /* Protect access to uevent_list */
57125
57126 diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
57127 index 966eb4b..aca05a3 100644
57128 --- a/drivers/md/dm-ioctl.c
57129 +++ b/drivers/md/dm-ioctl.c
57130 @@ -1777,7 +1777,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param)
57131 cmd == DM_LIST_VERSIONS_CMD)
57132 return 0;
57133
57134 - if ((cmd == DM_DEV_CREATE_CMD)) {
57135 + if (cmd == DM_DEV_CREATE_CMD) {
57136 if (!*param->name) {
57137 DMWARN("name not supplied when creating device");
57138 return -EINVAL;
57139 diff --git a/drivers/md/dm-mpath.c b/drivers/md/dm-mpath.c
57140 index 15db5e9..16fc91b 100644
57141 --- a/drivers/md/dm-mpath.c
57142 +++ b/drivers/md/dm-mpath.c
57143 @@ -88,7 +88,7 @@ struct multipath {
57144
57145 atomic_t nr_valid_paths; /* Total number of usable paths */
57146 atomic_t pg_init_in_progress; /* Only one pg_init allowed at once */
57147 - atomic_t pg_init_count; /* Number of times pg_init called */
57148 + atomic_unchecked_t pg_init_count;/* Number of times pg_init called */
57149
57150 unsigned queue_mode;
57151
57152 @@ -203,7 +203,7 @@ static struct multipath *alloc_multipath(struct dm_target *ti)
57153 set_bit(MPATHF_QUEUE_IO, &m->flags);
57154 atomic_set(&m->nr_valid_paths, 0);
57155 atomic_set(&m->pg_init_in_progress, 0);
57156 - atomic_set(&m->pg_init_count, 0);
57157 + atomic_set_unchecked(&m->pg_init_count, 0);
57158 m->pg_init_delay_msecs = DM_PG_INIT_DELAY_DEFAULT;
57159 INIT_WORK(&m->trigger_event, trigger_event);
57160 init_waitqueue_head(&m->pg_init_wait);
57161 @@ -351,7 +351,7 @@ static int __pg_init_all_paths(struct multipath *m)
57162 if (atomic_read(&m->pg_init_in_progress) || test_bit(MPATHF_PG_INIT_DISABLED, &m->flags))
57163 return 0;
57164
57165 - atomic_inc(&m->pg_init_count);
57166 + atomic_inc_unchecked(&m->pg_init_count);
57167 clear_bit(MPATHF_PG_INIT_REQUIRED, &m->flags);
57168
57169 /* Check here to reset pg_init_required */
57170 @@ -397,7 +397,7 @@ static void __switch_pg(struct multipath *m, struct priority_group *pg)
57171 clear_bit(MPATHF_QUEUE_IO, &m->flags);
57172 }
57173
57174 - atomic_set(&m->pg_init_count, 0);
57175 + atomic_set_unchecked(&m->pg_init_count, 0);
57176 }
57177
57178 static struct pgpath *choose_path_in_pg(struct multipath *m,
57179 @@ -1420,7 +1420,7 @@ static bool pg_init_limit_reached(struct multipath *m, struct pgpath *pgpath)
57180
57181 spin_lock_irqsave(&m->lock, flags);
57182
57183 - if (atomic_read(&m->pg_init_count) <= m->pg_init_retries &&
57184 + if (atomic_read_unchecked(&m->pg_init_count) <= m->pg_init_retries &&
57185 !test_bit(MPATHF_PG_INIT_DISABLED, &m->flags))
57186 set_bit(MPATHF_PG_INIT_REQUIRED, &m->flags);
57187 else
57188 @@ -1736,7 +1736,7 @@ static void multipath_status(struct dm_target *ti, status_type_t type,
57189 /* Features */
57190 if (type == STATUSTYPE_INFO)
57191 DMEMIT("2 %u %u ", test_bit(MPATHF_QUEUE_IO, &m->flags),
57192 - atomic_read(&m->pg_init_count));
57193 + atomic_read_unchecked(&m->pg_init_count));
57194 else {
57195 DMEMIT("%u ", test_bit(MPATHF_QUEUE_IF_NO_PATH, &m->flags) +
57196 (m->pg_init_retries > 0) * 2 +
57197 diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c
57198 index 8abde6b..b9cdbef 100644
57199 --- a/drivers/md/dm-raid.c
57200 +++ b/drivers/md/dm-raid.c
57201 @@ -3190,7 +3190,7 @@ static void raid_status(struct dm_target *ti, status_type_t type,
57202 mddev->resync_max_sectors : mddev->dev_sectors;
57203 progress = rs_get_progress(rs, resync_max_sectors, &array_in_sync);
57204 resync_mismatches = (mddev->last_sync_action && !strcasecmp(mddev->last_sync_action, "check")) ?
57205 - atomic64_read(&mddev->resync_mismatches) : 0;
57206 + atomic64_read_unchecked(&mddev->resync_mismatches) : 0;
57207 sync_action = decipher_sync_action(&rs->md);
57208
57209 /* HM FIXME: do we want another state char for raid0? It shows 'D' or 'A' now */
57210 diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c
57211 index bdf1606..443a023 100644
57212 --- a/drivers/md/dm-raid1.c
57213 +++ b/drivers/md/dm-raid1.c
57214 @@ -42,7 +42,7 @@ enum dm_raid1_error {
57215
57216 struct mirror {
57217 struct mirror_set *ms;
57218 - atomic_t error_count;
57219 + atomic_unchecked_t error_count;
57220 unsigned long error_type;
57221 struct dm_dev *dev;
57222 sector_t offset;
57223 @@ -188,7 +188,7 @@ static struct mirror *get_valid_mirror(struct mirror_set *ms)
57224 struct mirror *m;
57225
57226 for (m = ms->mirror; m < ms->mirror + ms->nr_mirrors; m++)
57227 - if (!atomic_read(&m->error_count))
57228 + if (!atomic_read_unchecked(&m->error_count))
57229 return m;
57230
57231 return NULL;
57232 @@ -220,7 +220,7 @@ static void fail_mirror(struct mirror *m, enum dm_raid1_error error_type)
57233 * simple way to tell if a device has encountered
57234 * errors.
57235 */
57236 - atomic_inc(&m->error_count);
57237 + atomic_inc_unchecked(&m->error_count);
57238
57239 if (test_and_set_bit(error_type, &m->error_type))
57240 return;
57241 @@ -379,7 +379,7 @@ static void reset_ms_flags(struct mirror_set *ms)
57242
57243 ms->leg_failure = 0;
57244 for (m = 0; m < ms->nr_mirrors; m++) {
57245 - atomic_set(&(ms->mirror[m].error_count), 0);
57246 + atomic_set_unchecked(&(ms->mirror[m].error_count), 0);
57247 ms->mirror[m].error_type = 0;
57248 }
57249 }
57250 @@ -424,7 +424,7 @@ static struct mirror *choose_mirror(struct mirror_set *ms, sector_t sector)
57251 struct mirror *m = get_default_mirror(ms);
57252
57253 do {
57254 - if (likely(!atomic_read(&m->error_count)))
57255 + if (likely(!atomic_read_unchecked(&m->error_count)))
57256 return m;
57257
57258 if (m-- == ms->mirror)
57259 @@ -438,7 +438,7 @@ static int default_ok(struct mirror *m)
57260 {
57261 struct mirror *default_mirror = get_default_mirror(m->ms);
57262
57263 - return !atomic_read(&default_mirror->error_count);
57264 + return !atomic_read_unchecked(&default_mirror->error_count);
57265 }
57266
57267 static int mirror_available(struct mirror_set *ms, struct bio *bio)
57268 @@ -578,7 +578,7 @@ static void do_reads(struct mirror_set *ms, struct bio_list *reads)
57269 */
57270 if (likely(region_in_sync(ms, region, 1)))
57271 m = choose_mirror(ms, bio->bi_iter.bi_sector);
57272 - else if (m && atomic_read(&m->error_count))
57273 + else if (m && atomic_read_unchecked(&m->error_count))
57274 m = NULL;
57275
57276 if (likely(m))
57277 @@ -963,7 +963,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti,
57278 }
57279
57280 ms->mirror[mirror].ms = ms;
57281 - atomic_set(&(ms->mirror[mirror].error_count), 0);
57282 + atomic_set_unchecked(&(ms->mirror[mirror].error_count), 0);
57283 ms->mirror[mirror].error_type = 0;
57284 ms->mirror[mirror].offset = offset;
57285
57286 @@ -1388,7 +1388,7 @@ static void mirror_resume(struct dm_target *ti)
57287 */
57288 static char device_status_char(struct mirror *m)
57289 {
57290 - if (!atomic_read(&(m->error_count)))
57291 + if (!atomic_read_unchecked(&(m->error_count)))
57292 return 'A';
57293
57294 return (test_bit(DM_RAID1_FLUSH_ERROR, &(m->error_type))) ? 'F' :
57295 diff --git a/drivers/md/dm-stats.c b/drivers/md/dm-stats.c
57296 index 38b05f2..4f99595 100644
57297 --- a/drivers/md/dm-stats.c
57298 +++ b/drivers/md/dm-stats.c
57299 @@ -435,7 +435,7 @@ do_sync_free:
57300 synchronize_rcu_expedited();
57301 dm_stat_free(&s->rcu_head);
57302 } else {
57303 - ACCESS_ONCE(dm_stat_need_rcu_barrier) = 1;
57304 + ACCESS_ONCE_RW(dm_stat_need_rcu_barrier) = 1;
57305 call_rcu(&s->rcu_head, dm_stat_free);
57306 }
57307 return 0;
57308 @@ -647,8 +647,8 @@ void dm_stats_account_io(struct dm_stats *stats, unsigned long bi_rw,
57309 ((bi_rw == WRITE) ==
57310 (ACCESS_ONCE(last->last_rw) == WRITE))
57311 ));
57312 - ACCESS_ONCE(last->last_sector) = end_sector;
57313 - ACCESS_ONCE(last->last_rw) = bi_rw;
57314 + ACCESS_ONCE_RW(last->last_sector) = end_sector;
57315 + ACCESS_ONCE_RW(last->last_rw) = bi_rw;
57316 }
57317
57318 rcu_read_lock();
57319 diff --git a/drivers/md/dm-stripe.c b/drivers/md/dm-stripe.c
57320 index 28193a5..0543cc9 100644
57321 --- a/drivers/md/dm-stripe.c
57322 +++ b/drivers/md/dm-stripe.c
57323 @@ -21,7 +21,7 @@ struct stripe {
57324 struct dm_dev *dev;
57325 sector_t physical_start;
57326
57327 - atomic_t error_count;
57328 + atomic_unchecked_t error_count;
57329 };
57330
57331 struct stripe_c {
57332 @@ -190,7 +190,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv)
57333 kfree(sc);
57334 return r;
57335 }
57336 - atomic_set(&(sc->stripe[i].error_count), 0);
57337 + atomic_set_unchecked(&(sc->stripe[i].error_count), 0);
57338 }
57339
57340 ti->private = sc;
57341 @@ -357,7 +357,7 @@ static void stripe_status(struct dm_target *ti, status_type_t type,
57342 DMEMIT("%d ", sc->stripes);
57343 for (i = 0; i < sc->stripes; i++) {
57344 DMEMIT("%s ", sc->stripe[i].dev->name);
57345 - buffer[i] = atomic_read(&(sc->stripe[i].error_count)) ?
57346 + buffer[i] = atomic_read_unchecked(&(sc->stripe[i].error_count)) ?
57347 'D' : 'A';
57348 }
57349 buffer[i] = '\0';
57350 @@ -402,8 +402,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio, int error)
57351 */
57352 for (i = 0; i < sc->stripes; i++)
57353 if (!strcmp(sc->stripe[i].dev->name, major_minor)) {
57354 - atomic_inc(&(sc->stripe[i].error_count));
57355 - if (atomic_read(&(sc->stripe[i].error_count)) <
57356 + atomic_inc_unchecked(&(sc->stripe[i].error_count));
57357 + if (atomic_read_unchecked(&(sc->stripe[i].error_count)) <
57358 DM_IO_ERROR_THRESHOLD)
57359 schedule_work(&sc->trigger_event);
57360 }
57361 diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c
57362 index 3e407a9c..5c5cbdb 100644
57363 --- a/drivers/md/dm-table.c
57364 +++ b/drivers/md/dm-table.c
57365 @@ -308,7 +308,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev,
57366 if (!dev_size)
57367 return 0;
57368
57369 - if ((start >= dev_size) || (start + len > dev_size)) {
57370 + if ((start >= dev_size) || (len > dev_size - start)) {
57371 DMWARN("%s: %s too small for target: "
57372 "start=%llu, len=%llu, dev_size=%llu",
57373 dm_device_name(ti->table->md), bdevname(bdev, b),
57374 diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c
57375 index a15091a..2d20208 100644
57376 --- a/drivers/md/dm-thin-metadata.c
57377 +++ b/drivers/md/dm-thin-metadata.c
57378 @@ -405,7 +405,7 @@ static void __setup_btree_details(struct dm_pool_metadata *pmd)
57379 {
57380 pmd->info.tm = pmd->tm;
57381 pmd->info.levels = 2;
57382 - pmd->info.value_type.context = pmd->data_sm;
57383 + pmd->info.value_type.context = (dm_space_map_no_const *)pmd->data_sm;
57384 pmd->info.value_type.size = sizeof(__le64);
57385 pmd->info.value_type.inc = data_block_inc;
57386 pmd->info.value_type.dec = data_block_dec;
57387 @@ -424,7 +424,7 @@ static void __setup_btree_details(struct dm_pool_metadata *pmd)
57388
57389 pmd->bl_info.tm = pmd->tm;
57390 pmd->bl_info.levels = 1;
57391 - pmd->bl_info.value_type.context = pmd->data_sm;
57392 + pmd->bl_info.value_type.context = (dm_space_map_no_const *)pmd->data_sm;
57393 pmd->bl_info.value_type.size = sizeof(__le64);
57394 pmd->bl_info.value_type.inc = data_block_inc;
57395 pmd->bl_info.value_type.dec = data_block_dec;
57396 diff --git a/drivers/md/dm.c b/drivers/md/dm.c
57397 index 0f2928b..f9c3589 100644
57398 --- a/drivers/md/dm.c
57399 +++ b/drivers/md/dm.c
57400 @@ -569,14 +569,16 @@ static void queue_io(struct mapped_device *md, struct bio *bio)
57401 * function to access the md->map field, and make sure they call
57402 * dm_put_live_table() when finished.
57403 */
57404 -struct dm_table *dm_get_live_table(struct mapped_device *md, int *srcu_idx) __acquires(md->io_barrier)
57405 +struct dm_table *dm_get_live_table(struct mapped_device *md, int *srcu_idx) __acquires(&md->io_barrier);
57406 +struct dm_table *dm_get_live_table(struct mapped_device *md, int *srcu_idx)
57407 {
57408 *srcu_idx = srcu_read_lock(&md->io_barrier);
57409
57410 return srcu_dereference(md->map, &md->io_barrier);
57411 }
57412
57413 -void dm_put_live_table(struct mapped_device *md, int srcu_idx) __releases(md->io_barrier)
57414 +void dm_put_live_table(struct mapped_device *md, int srcu_idx) __releases(&md->io_barrier);
57415 +void dm_put_live_table(struct mapped_device *md, int srcu_idx)
57416 {
57417 srcu_read_unlock(&md->io_barrier, srcu_idx);
57418 }
57419 @@ -591,13 +593,15 @@ void dm_sync_table(struct mapped_device *md)
57420 * A fast alternative to dm_get_live_table/dm_put_live_table.
57421 * The caller must not block between these two functions.
57422 */
57423 -static struct dm_table *dm_get_live_table_fast(struct mapped_device *md) __acquires(RCU)
57424 +static struct dm_table *dm_get_live_table_fast(struct mapped_device *md) __acquires(RCU);
57425 +static struct dm_table *dm_get_live_table_fast(struct mapped_device *md)
57426 {
57427 rcu_read_lock();
57428 return rcu_dereference(md->map);
57429 }
57430
57431 -static void dm_put_live_table_fast(struct mapped_device *md) __releases(RCU)
57432 +static void dm_put_live_table_fast(struct mapped_device *md) __releases(RCU);
57433 +static void dm_put_live_table_fast(struct mapped_device *md)
57434 {
57435 rcu_read_unlock();
57436 }
57437 @@ -1484,8 +1488,8 @@ static struct mapped_device *alloc_dev(int minor)
57438 spin_lock_init(&md->deferred_lock);
57439 atomic_set(&md->holders, 1);
57440 atomic_set(&md->open_count, 0);
57441 - atomic_set(&md->event_nr, 0);
57442 - atomic_set(&md->uevent_seq, 0);
57443 + atomic_set_unchecked(&md->event_nr, 0);
57444 + atomic_set_unchecked(&md->uevent_seq, 0);
57445 INIT_LIST_HEAD(&md->uevent_list);
57446 INIT_LIST_HEAD(&md->table_devices);
57447 spin_lock_init(&md->uevent_lock);
57448 @@ -1624,7 +1628,7 @@ static void event_callback(void *context)
57449
57450 dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj);
57451
57452 - atomic_inc(&md->event_nr);
57453 + atomic_inc_unchecked(&md->event_nr);
57454 wake_up(&md->eventq);
57455 }
57456
57457 @@ -2409,18 +2413,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
57458
57459 uint32_t dm_next_uevent_seq(struct mapped_device *md)
57460 {
57461 - return atomic_add_return(1, &md->uevent_seq);
57462 + return atomic_add_return_unchecked(1, &md->uevent_seq);
57463 }
57464
57465 uint32_t dm_get_event_nr(struct mapped_device *md)
57466 {
57467 - return atomic_read(&md->event_nr);
57468 + return atomic_read_unchecked(&md->event_nr);
57469 }
57470
57471 int dm_wait_event(struct mapped_device *md, int event_nr)
57472 {
57473 return wait_event_interruptible(md->eventq,
57474 - (event_nr != atomic_read(&md->event_nr)));
57475 + (event_nr != atomic_read_unchecked(&md->event_nr)));
57476 }
57477
57478 void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
57479 diff --git a/drivers/md/md.c b/drivers/md/md.c
57480 index 915e84d..5155da8 100644
57481 --- a/drivers/md/md.c
57482 +++ b/drivers/md/md.c
57483 @@ -198,10 +198,10 @@ EXPORT_SYMBOL_GPL(bio_clone_mddev);
57484 * start build, activate spare
57485 */
57486 static DECLARE_WAIT_QUEUE_HEAD(md_event_waiters);
57487 -static atomic_t md_event_count;
57488 +static atomic_unchecked_t md_event_count;
57489 void md_new_event(struct mddev *mddev)
57490 {
57491 - atomic_inc(&md_event_count);
57492 + atomic_inc_unchecked(&md_event_count);
57493 wake_up(&md_event_waiters);
57494 }
57495 EXPORT_SYMBOL_GPL(md_new_event);
57496 @@ -1434,7 +1434,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_
57497 if ((le32_to_cpu(sb->feature_map) & MD_FEATURE_RESHAPE_ACTIVE) &&
57498 (le32_to_cpu(sb->feature_map) & MD_FEATURE_NEW_OFFSET))
57499 rdev->new_data_offset += (s32)le32_to_cpu(sb->new_offset);
57500 - atomic_set(&rdev->corrected_errors, le32_to_cpu(sb->cnt_corrected_read));
57501 + atomic_set_unchecked(&rdev->corrected_errors, le32_to_cpu(sb->cnt_corrected_read));
57502
57503 rdev->sb_size = le32_to_cpu(sb->max_dev) * 2 + 256;
57504 bmask = queue_logical_block_size(rdev->bdev->bd_disk->queue)-1;
57505 @@ -1700,7 +1700,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev)
57506 else
57507 sb->resync_offset = cpu_to_le64(0);
57508
57509 - sb->cnt_corrected_read = cpu_to_le32(atomic_read(&rdev->corrected_errors));
57510 + sb->cnt_corrected_read = cpu_to_le32(atomic_read_unchecked(&rdev->corrected_errors));
57511
57512 sb->raid_disks = cpu_to_le32(mddev->raid_disks);
57513 sb->size = cpu_to_le64(mddev->dev_sectors);
57514 @@ -2719,7 +2719,7 @@ __ATTR_PREALLOC(state, S_IRUGO|S_IWUSR, state_show, state_store);
57515 static ssize_t
57516 errors_show(struct md_rdev *rdev, char *page)
57517 {
57518 - return sprintf(page, "%d\n", atomic_read(&rdev->corrected_errors));
57519 + return sprintf(page, "%d\n", atomic_read_unchecked(&rdev->corrected_errors));
57520 }
57521
57522 static ssize_t
57523 @@ -2731,7 +2731,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len)
57524 rv = kstrtouint(buf, 10, &n);
57525 if (rv < 0)
57526 return rv;
57527 - atomic_set(&rdev->corrected_errors, n);
57528 + atomic_set_unchecked(&rdev->corrected_errors, n);
57529 return len;
57530 }
57531 static struct rdev_sysfs_entry rdev_errors =
57532 @@ -3180,8 +3180,8 @@ int md_rdev_init(struct md_rdev *rdev)
57533 rdev->sb_loaded = 0;
57534 rdev->bb_page = NULL;
57535 atomic_set(&rdev->nr_pending, 0);
57536 - atomic_set(&rdev->read_errors, 0);
57537 - atomic_set(&rdev->corrected_errors, 0);
57538 + atomic_set_unchecked(&rdev->read_errors, 0);
57539 + atomic_set_unchecked(&rdev->corrected_errors, 0);
57540
57541 INIT_LIST_HEAD(&rdev->same_set);
57542 init_waitqueue_head(&rdev->blocked_wait);
57543 @@ -4403,7 +4403,7 @@ mismatch_cnt_show(struct mddev *mddev, char *page)
57544 {
57545 return sprintf(page, "%llu\n",
57546 (unsigned long long)
57547 - atomic64_read(&mddev->resync_mismatches));
57548 + atomic64_read_unchecked(&mddev->resync_mismatches));
57549 }
57550
57551 static struct md_sysfs_entry md_mismatches = __ATTR_RO(mismatch_cnt);
57552 @@ -5095,7 +5095,7 @@ static struct kobject *md_probe(dev_t dev, int *part, void *data)
57553 return NULL;
57554 }
57555
57556 -static int add_named_array(const char *val, struct kernel_param *kp)
57557 +static int add_named_array(const char *val, const struct kernel_param *kp)
57558 {
57559 /* val must be "md_*" where * is not all digits.
57560 * We allocate an array with a large free minor number, and
57561 @@ -5445,7 +5445,7 @@ static void md_clean(struct mddev *mddev)
57562 mddev->new_layout = 0;
57563 mddev->new_chunk_sectors = 0;
57564 mddev->curr_resync = 0;
57565 - atomic64_set(&mddev->resync_mismatches, 0);
57566 + atomic64_set_unchecked(&mddev->resync_mismatches, 0);
57567 mddev->suspend_lo = mddev->suspend_hi = 0;
57568 mddev->sync_speed_min = mddev->sync_speed_max = 0;
57569 mddev->recovery = 0;
57570 @@ -5862,9 +5862,10 @@ static int get_array_info(struct mddev *mddev, void __user *arg)
57571 info.patch_version = MD_PATCHLEVEL_VERSION;
57572 info.ctime = clamp_t(time64_t, mddev->ctime, 0, U32_MAX);
57573 info.level = mddev->level;
57574 - info.size = mddev->dev_sectors / 2;
57575 - if (info.size != mddev->dev_sectors / 2) /* overflow */
57576 + if (2 * (sector_t)INT_MAX < mddev->dev_sectors) /* overflow */
57577 info.size = -1;
57578 + else
57579 + info.size = mddev->dev_sectors / 2;
57580 info.nr_disks = nr;
57581 info.raid_disks = mddev->raid_disks;
57582 info.md_minor = mddev->md_minor;
57583 @@ -7431,7 +7432,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
57584
57585 spin_unlock(&pers_lock);
57586 seq_printf(seq, "\n");
57587 - seq->poll_event = atomic_read(&md_event_count);
57588 + seq->poll_event = atomic_read_unchecked(&md_event_count);
57589 return 0;
57590 }
57591 if (v == (void*)2) {
57592 @@ -7531,7 +7532,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
57593 return error;
57594
57595 seq = file->private_data;
57596 - seq->poll_event = atomic_read(&md_event_count);
57597 + seq->poll_event = atomic_read_unchecked(&md_event_count);
57598 return error;
57599 }
57600
57601 @@ -7548,7 +7549,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
57602 /* always allow read */
57603 mask = POLLIN | POLLRDNORM;
57604
57605 - if (seq->poll_event != atomic_read(&md_event_count))
57606 + if (seq->poll_event != atomic_read_unchecked(&md_event_count))
57607 mask |= POLLERR | POLLPRI;
57608 return mask;
57609 }
57610 @@ -7644,7 +7645,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
57611 struct gendisk *disk = rdev->bdev->bd_contains->bd_disk;
57612 curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
57613 (int)part_stat_read(&disk->part0, sectors[1]) -
57614 - atomic_read(&disk->sync_io);
57615 + atomic_read_unchecked(&disk->sync_io);
57616 /* sync IO will cause sync_io to increase before the disk_stats
57617 * as sync_io is counted when a request starts, and
57618 * disk_stats is counted when it completes.
57619 @@ -7914,7 +7915,7 @@ void md_do_sync(struct md_thread *thread)
57620 * which defaults to physical size, but can be virtual size
57621 */
57622 max_sectors = mddev->resync_max_sectors;
57623 - atomic64_set(&mddev->resync_mismatches, 0);
57624 + atomic64_set_unchecked(&mddev->resync_mismatches, 0);
57625 /* we don't use the checkpoint if there's a bitmap */
57626 if (test_bit(MD_RECOVERY_REQUESTED, &mddev->recovery))
57627 j = mddev->resync_min;
57628 @@ -8931,11 +8932,11 @@ static __exit void md_exit(void)
57629 subsys_initcall(md_init);
57630 module_exit(md_exit)
57631
57632 -static int get_ro(char *buffer, struct kernel_param *kp)
57633 +static int get_ro(char *buffer, const struct kernel_param *kp)
57634 {
57635 return sprintf(buffer, "%d", start_readonly);
57636 }
57637 -static int set_ro(const char *val, struct kernel_param *kp)
57638 +static int set_ro(const char *val, const struct kernel_param *kp)
57639 {
57640 return kstrtouint(val, 10, (unsigned int *)&start_readonly);
57641 }
57642 diff --git a/drivers/md/md.h b/drivers/md/md.h
57643 index 20c6675..871764e 100644
57644 --- a/drivers/md/md.h
57645 +++ b/drivers/md/md.h
57646 @@ -96,13 +96,13 @@ struct md_rdev {
57647 * only maintained for arrays that
57648 * support hot removal
57649 */
57650 - atomic_t read_errors; /* number of consecutive read errors that
57651 + atomic_unchecked_t read_errors; /* number of consecutive read errors that
57652 * we have tried to ignore.
57653 */
57654 time64_t last_read_error; /* monotonic time since our
57655 * last read error
57656 */
57657 - atomic_t corrected_errors; /* number of corrected read errors,
57658 + atomic_unchecked_t corrected_errors; /* number of corrected read errors,
57659 * for reporting to userspace and storing
57660 * in superblock.
57661 */
57662 @@ -290,7 +290,7 @@ struct mddev {
57663
57664 sector_t resync_max_sectors; /* may be set by personality */
57665
57666 - atomic64_t resync_mismatches; /* count of sectors where
57667 + atomic64_unchecked_t resync_mismatches; /* count of sectors where
57668 * parity/replica mismatch found
57669 */
57670
57671 @@ -469,7 +469,7 @@ extern void mddev_unlock(struct mddev *mddev);
57672
57673 static inline void md_sync_acct(struct block_device *bdev, unsigned long nr_sectors)
57674 {
57675 - atomic_add(nr_sectors, &bdev->bd_contains->bd_disk->sync_io);
57676 + atomic_add_unchecked(nr_sectors, &bdev->bd_contains->bd_disk->sync_io);
57677 }
57678
57679 struct md_personality
57680 diff --git a/drivers/md/persistent-data/dm-space-map-metadata.c b/drivers/md/persistent-data/dm-space-map-metadata.c
57681 index 7e44005..20e035a 100644
57682 --- a/drivers/md/persistent-data/dm-space-map-metadata.c
57683 +++ b/drivers/md/persistent-data/dm-space-map-metadata.c
57684 @@ -700,7 +700,7 @@ static int sm_metadata_extend(struct dm_space_map *sm, dm_block_t extra_blocks)
57685 * Flick into a mode where all blocks get allocated in the new area.
57686 */
57687 smm->begin = old_len;
57688 - memcpy(sm, &bootstrap_ops, sizeof(*sm));
57689 + memcpy((void *)sm, &bootstrap_ops, sizeof(*sm));
57690
57691 /*
57692 * Extend.
57693 @@ -738,7 +738,7 @@ out:
57694 /*
57695 * Switch back to normal behaviour.
57696 */
57697 - memcpy(sm, &ops, sizeof(*sm));
57698 + memcpy((void *)sm, &ops, sizeof(*sm));
57699 return r;
57700 }
57701
57702 diff --git a/drivers/md/persistent-data/dm-space-map.h b/drivers/md/persistent-data/dm-space-map.h
57703 index 3e6d115..ffecdeb 100644
57704 --- a/drivers/md/persistent-data/dm-space-map.h
57705 +++ b/drivers/md/persistent-data/dm-space-map.h
57706 @@ -71,6 +71,7 @@ struct dm_space_map {
57707 dm_sm_threshold_fn fn,
57708 void *context);
57709 };
57710 +typedef struct dm_space_map __no_const dm_space_map_no_const;
57711
57712 /*----------------------------------------------------------------*/
57713
57714 diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
57715 index 21dc00e..14b01ea 100644
57716 --- a/drivers/md/raid1.c
57717 +++ b/drivers/md/raid1.c
57718 @@ -1050,7 +1050,7 @@ static void raid1_make_request(struct mddev *mddev, struct bio * bio)
57719 struct blk_plug_cb *cb;
57720 struct raid1_plug_cb *plug = NULL;
57721 int first_clone;
57722 - int sectors_handled;
57723 + sector_t sectors_handled;
57724 int max_sectors;
57725 sector_t start_next_window;
57726
57727 @@ -1880,7 +1880,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
57728 if (r1_sync_page_io(rdev, sect, s,
57729 bio->bi_io_vec[idx].bv_page,
57730 READ) != 0)
57731 - atomic_add(s, &rdev->corrected_errors);
57732 + atomic_add_unchecked(s, &rdev->corrected_errors);
57733 }
57734 sectors -= s;
57735 sect += s;
57736 @@ -1971,7 +1971,7 @@ static void process_checks(struct r1bio *r1_bio)
57737 } else
57738 j = 0;
57739 if (j >= 0)
57740 - atomic64_add(r1_bio->sectors, &mddev->resync_mismatches);
57741 + atomic64_add_unchecked(r1_bio->sectors, &mddev->resync_mismatches);
57742 if (j < 0 || (test_bit(MD_RECOVERY_CHECK, &mddev->recovery)
57743 && !error)) {
57744 /* No need to write to this device. */
57745 @@ -2122,7 +2122,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
57746 rcu_read_unlock();
57747 if (r1_sync_page_io(rdev, sect, s,
57748 conf->tmppage, READ)) {
57749 - atomic_add(s, &rdev->corrected_errors);
57750 + atomic_add_unchecked(s, &rdev->corrected_errors);
57751 printk(KERN_INFO
57752 "md/raid1:%s: read error corrected "
57753 "(%d sectors at %llu on %s)\n",
57754 diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
57755 index be1a9fc..6694394 100644
57756 --- a/drivers/md/raid10.c
57757 +++ b/drivers/md/raid10.c
57758 @@ -1060,7 +1060,7 @@ static void __make_request(struct mddev *mddev, struct bio *bio)
57759 struct md_rdev *blocked_rdev;
57760 struct blk_plug_cb *cb;
57761 struct raid10_plug_cb *plug = NULL;
57762 - int sectors_handled;
57763 + sector_t sectors_handled;
57764 int max_sectors;
57765 int sectors;
57766
57767 @@ -1438,7 +1438,7 @@ static void raid10_make_request(struct mddev *mddev, struct bio *bio)
57768 {
57769 struct r10conf *conf = mddev->private;
57770 sector_t chunk_mask = (conf->geo.chunk_mask & conf->prev.chunk_mask);
57771 - int chunk_sects = chunk_mask + 1;
57772 + sector_t chunk_sects = chunk_mask + 1;
57773
57774 struct bio *split;
57775
57776 @@ -1826,7 +1826,7 @@ static void end_sync_read(struct bio *bio)
57777 /* The write handler will notice the lack of
57778 * R10BIO_Uptodate and record any errors etc
57779 */
57780 - atomic_add(r10_bio->sectors,
57781 + atomic_add_unchecked(r10_bio->sectors,
57782 &conf->mirrors[d].rdev->corrected_errors);
57783
57784 /* for reconstruct, we always reschedule after a read.
57785 @@ -1975,7 +1975,7 @@ static void sync_request_write(struct mddev *mddev, struct r10bio *r10_bio)
57786 }
57787 if (j == vcnt)
57788 continue;
57789 - atomic64_add(r10_bio->sectors, &mddev->resync_mismatches);
57790 + atomic64_add_unchecked(r10_bio->sectors, &mddev->resync_mismatches);
57791 if (test_bit(MD_RECOVERY_CHECK, &mddev->recovery))
57792 /* Don't fix anything. */
57793 continue;
57794 @@ -2174,7 +2174,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
57795 {
57796 long cur_time_mon;
57797 unsigned long hours_since_last;
57798 - unsigned int read_errors = atomic_read(&rdev->read_errors);
57799 + unsigned int read_errors = atomic_read_unchecked(&rdev->read_errors);
57800
57801 cur_time_mon = ktime_get_seconds();
57802
57803 @@ -2195,9 +2195,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
57804 * overflowing the shift of read_errors by hours_since_last.
57805 */
57806 if (hours_since_last >= 8 * sizeof(read_errors))
57807 - atomic_set(&rdev->read_errors, 0);
57808 + atomic_set_unchecked(&rdev->read_errors, 0);
57809 else
57810 - atomic_set(&rdev->read_errors, read_errors >> hours_since_last);
57811 + atomic_set_unchecked(&rdev->read_errors, read_errors >> hours_since_last);
57812 }
57813
57814 static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector,
57815 @@ -2251,8 +2251,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
57816 return;
57817
57818 check_decay_read_errors(mddev, rdev);
57819 - atomic_inc(&rdev->read_errors);
57820 - if (atomic_read(&rdev->read_errors) > max_read_errors) {
57821 + atomic_inc_unchecked(&rdev->read_errors);
57822 + if (atomic_read_unchecked(&rdev->read_errors) > max_read_errors) {
57823 char b[BDEVNAME_SIZE];
57824 bdevname(rdev->bdev, b);
57825
57826 @@ -2260,7 +2260,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
57827 "md/raid10:%s: %s: Raid device exceeded "
57828 "read_error threshold [cur %d:max %d]\n",
57829 mdname(mddev), b,
57830 - atomic_read(&rdev->read_errors), max_read_errors);
57831 + atomic_read_unchecked(&rdev->read_errors), max_read_errors);
57832 printk(KERN_NOTICE
57833 "md/raid10:%s: %s: Failing raid device\n",
57834 mdname(mddev), b);
57835 @@ -2417,7 +2417,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
57836 sect +
57837 choose_data_offset(r10_bio, rdev)),
57838 bdevname(rdev->bdev, b));
57839 - atomic_add(s, &rdev->corrected_errors);
57840 + atomic_add_unchecked(s, &rdev->corrected_errors);
57841 }
57842
57843 rdev_dec_pending(rdev, mddev);
57844 @@ -3188,6 +3188,7 @@ static sector_t raid10_sync_request(struct mddev *mddev, sector_t sector_nr,
57845 } else {
57846 /* resync. Schedule a read for every block at this virt offset */
57847 int count = 0;
57848 + sector_t sectors;
57849
57850 bitmap_cond_end_sync(mddev->bitmap, sector_nr, 0);
57851
57852 @@ -3213,7 +3214,8 @@ static sector_t raid10_sync_request(struct mddev *mddev, sector_t sector_nr,
57853 r10_bio->sector = sector_nr;
57854 set_bit(R10BIO_IsSync, &r10_bio->state);
57855 raid10_find_phys(conf, r10_bio);
57856 - r10_bio->sectors = (sector_nr | chunk_mask) - sector_nr + 1;
57857 + sectors = (sector_nr | chunk_mask) - sector_nr + 1;
57858 + r10_bio->sectors = sectors;
57859
57860 for (i = 0; i < conf->copies; i++) {
57861 int d = r10_bio->devs[i].devnum;
57862 diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
57863 index ee7fc37..d7efe3d 100644
57864 --- a/drivers/md/raid5.c
57865 +++ b/drivers/md/raid5.c
57866 @@ -1120,23 +1120,23 @@ async_copy_data(int frombio, struct bio *bio, struct page **page,
57867 struct bio_vec bvl;
57868 struct bvec_iter iter;
57869 struct page *bio_page;
57870 - int page_offset;
57871 + s64 page_offset;
57872 struct async_submit_ctl submit;
57873 enum async_tx_flags flags = 0;
57874
57875 if (bio->bi_iter.bi_sector >= sector)
57876 - page_offset = (signed)(bio->bi_iter.bi_sector - sector) * 512;
57877 + page_offset = (s64)(bio->bi_iter.bi_sector - sector) * 512;
57878 else
57879 - page_offset = (signed)(sector - bio->bi_iter.bi_sector) * -512;
57880 + page_offset = (s64)(sector - bio->bi_iter.bi_sector) * -512;
57881
57882 if (frombio)
57883 flags |= ASYNC_TX_FENCE;
57884 init_async_submit(&submit, flags, tx, NULL, NULL, NULL);
57885
57886 bio_for_each_segment(bvl, bio, iter) {
57887 - int len = bvl.bv_len;
57888 - int clen;
57889 - int b_offset = 0;
57890 + s64 len = bvl.bv_len;
57891 + s64 clen;
57892 + s64 b_offset = 0;
57893
57894 if (page_offset < 0) {
57895 b_offset = -page_offset;
57896 @@ -2040,6 +2040,10 @@ static int grow_one_stripe(struct r5conf *conf, gfp_t gfp)
57897 return 1;
57898 }
57899
57900 +#ifdef CONFIG_GRKERNSEC_HIDESYM
57901 +static atomic_unchecked_t raid5_cache_id = ATOMIC_INIT(0);
57902 +#endif
57903 +
57904 static int grow_stripes(struct r5conf *conf, int num)
57905 {
57906 struct kmem_cache *sc;
57907 @@ -2050,7 +2054,11 @@ static int grow_stripes(struct r5conf *conf, int num)
57908 "raid%d-%s", conf->level, mdname(conf->mddev));
57909 else
57910 sprintf(conf->cache_name[0],
57911 +#ifdef CONFIG_GRKERNSEC_HIDESYM
57912 + "raid%d-%08lx", conf->level, atomic_inc_return_unchecked(&raid5_cache_id));
57913 +#else
57914 "raid%d-%p", conf->level, conf->mddev);
57915 +#endif
57916 sprintf(conf->cache_name[1], "%s-alt", conf->cache_name[0]);
57917
57918 conf->active_name = 0;
57919 @@ -2354,21 +2362,21 @@ static void raid5_end_read_request(struct bio * bi)
57920 mdname(conf->mddev), STRIPE_SECTORS,
57921 (unsigned long long)s,
57922 bdevname(rdev->bdev, b));
57923 - atomic_add(STRIPE_SECTORS, &rdev->corrected_errors);
57924 + atomic_add_unchecked(STRIPE_SECTORS, &rdev->corrected_errors);
57925 clear_bit(R5_ReadError, &sh->dev[i].flags);
57926 clear_bit(R5_ReWrite, &sh->dev[i].flags);
57927 } else if (test_bit(R5_ReadNoMerge, &sh->dev[i].flags))
57928 clear_bit(R5_ReadNoMerge, &sh->dev[i].flags);
57929
57930 - if (atomic_read(&rdev->read_errors))
57931 - atomic_set(&rdev->read_errors, 0);
57932 + if (atomic_read_unchecked(&rdev->read_errors))
57933 + atomic_set_unchecked(&rdev->read_errors, 0);
57934 } else {
57935 const char *bdn = bdevname(rdev->bdev, b);
57936 int retry = 0;
57937 int set_bad = 0;
57938
57939 clear_bit(R5_UPTODATE, &sh->dev[i].flags);
57940 - atomic_inc(&rdev->read_errors);
57941 + atomic_inc_unchecked(&rdev->read_errors);
57942 if (test_bit(R5_ReadRepl, &sh->dev[i].flags))
57943 printk_ratelimited(
57944 KERN_WARNING
57945 @@ -2396,7 +2404,7 @@ static void raid5_end_read_request(struct bio * bi)
57946 mdname(conf->mddev),
57947 (unsigned long long)s,
57948 bdn);
57949 - } else if (atomic_read(&rdev->read_errors)
57950 + } else if (atomic_read_unchecked(&rdev->read_errors)
57951 > conf->max_nr_stripes)
57952 printk(KERN_WARNING
57953 "md/raid:%s: Too many read errors, failing device %s.\n",
57954 @@ -3763,7 +3771,7 @@ static void handle_parity_checks5(struct r5conf *conf, struct stripe_head *sh,
57955 */
57956 set_bit(STRIPE_INSYNC, &sh->state);
57957 else {
57958 - atomic64_add(STRIPE_SECTORS, &conf->mddev->resync_mismatches);
57959 + atomic64_add_unchecked(STRIPE_SECTORS, &conf->mddev->resync_mismatches);
57960 if (test_bit(MD_RECOVERY_CHECK, &conf->mddev->recovery))
57961 /* don't try to repair!! */
57962 set_bit(STRIPE_INSYNC, &sh->state);
57963 @@ -3915,7 +3923,7 @@ static void handle_parity_checks6(struct r5conf *conf, struct stripe_head *sh,
57964 */
57965 }
57966 } else {
57967 - atomic64_add(STRIPE_SECTORS, &conf->mddev->resync_mismatches);
57968 + atomic64_add_unchecked(STRIPE_SECTORS, &conf->mddev->resync_mismatches);
57969 if (test_bit(MD_RECOVERY_CHECK, &conf->mddev->recovery))
57970 /* don't try to repair!! */
57971 set_bit(STRIPE_INSYNC, &sh->state);
57972 diff --git a/drivers/media/dvb-core/dvb_net.c b/drivers/media/dvb-core/dvb_net.c
57973 index 9914f69..177e48b 100644
57974 --- a/drivers/media/dvb-core/dvb_net.c
57975 +++ b/drivers/media/dvb-core/dvb_net.c
57976 @@ -882,7 +882,7 @@ static int dvb_net_sec_callback(const u8 *buffer1, size_t buffer1_len,
57977 return 0;
57978 }
57979
57980 -static int dvb_net_tx(struct sk_buff *skb, struct net_device *dev)
57981 +static netdev_tx_t dvb_net_tx(struct sk_buff *skb, struct net_device *dev)
57982 {
57983 dev_kfree_skb(skb);
57984 return NETDEV_TX_OK;
57985 diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c
57986 index 75a3f4b..06b70a3 100644
57987 --- a/drivers/media/dvb-core/dvbdev.c
57988 +++ b/drivers/media/dvb-core/dvbdev.c
57989 @@ -428,7 +428,7 @@ int dvb_register_device(struct dvb_adapter *adap, struct dvb_device **pdvbdev,
57990 int demux_sink_pads)
57991 {
57992 struct dvb_device *dvbdev;
57993 - struct file_operations *dvbdevfops;
57994 + file_operations_no_const *dvbdevfops;
57995 struct device *clsdev;
57996 int minor;
57997 int id, ret;
57998 diff --git a/drivers/media/dvb-frontends/af9033.h b/drivers/media/dvb-frontends/af9033.h
57999 index 6ad22b6..6e90e2a 100644
58000 --- a/drivers/media/dvb-frontends/af9033.h
58001 +++ b/drivers/media/dvb-frontends/af9033.h
58002 @@ -96,6 +96,6 @@ struct af9033_ops {
58003 int (*pid_filter_ctrl)(struct dvb_frontend *fe, int onoff);
58004 int (*pid_filter)(struct dvb_frontend *fe, int index, u16 pid,
58005 int onoff);
58006 -};
58007 +} __no_const;
58008
58009 #endif /* AF9033_H */
58010 diff --git a/drivers/media/dvb-frontends/cx24116.c b/drivers/media/dvb-frontends/cx24116.c
58011 index 8814f36..2adf845 100644
58012 --- a/drivers/media/dvb-frontends/cx24116.c
58013 +++ b/drivers/media/dvb-frontends/cx24116.c
58014 @@ -1462,7 +1462,7 @@ static int cx24116_tune(struct dvb_frontend *fe, bool re_tune,
58015 return cx24116_read_status(fe, status);
58016 }
58017
58018 -static int cx24116_get_algo(struct dvb_frontend *fe)
58019 +static enum dvbfe_algo cx24116_get_algo(struct dvb_frontend *fe)
58020 {
58021 return DVBFE_ALGO_HW;
58022 }
58023 diff --git a/drivers/media/dvb-frontends/cx24117.c b/drivers/media/dvb-frontends/cx24117.c
58024 index a3f7eb4..6103a23 100644
58025 --- a/drivers/media/dvb-frontends/cx24117.c
58026 +++ b/drivers/media/dvb-frontends/cx24117.c
58027 @@ -1555,7 +1555,7 @@ static int cx24117_tune(struct dvb_frontend *fe, bool re_tune,
58028 return cx24117_read_status(fe, status);
58029 }
58030
58031 -static int cx24117_get_algo(struct dvb_frontend *fe)
58032 +static enum dvbfe_algo cx24117_get_algo(struct dvb_frontend *fe)
58033 {
58034 return DVBFE_ALGO_HW;
58035 }
58036 diff --git a/drivers/media/dvb-frontends/cx24120.c b/drivers/media/dvb-frontends/cx24120.c
58037 index 066ee38..193d707 100644
58038 --- a/drivers/media/dvb-frontends/cx24120.c
58039 +++ b/drivers/media/dvb-frontends/cx24120.c
58040 @@ -1492,7 +1492,7 @@ static int cx24120_tune(struct dvb_frontend *fe, bool re_tune,
58041 return cx24120_read_status(fe, status);
58042 }
58043
58044 -static int cx24120_get_algo(struct dvb_frontend *fe)
58045 +static enum dvbfe_algo cx24120_get_algo(struct dvb_frontend *fe)
58046 {
58047 return DVBFE_ALGO_HW;
58048 }
58049 diff --git a/drivers/media/dvb-frontends/cx24123.c b/drivers/media/dvb-frontends/cx24123.c
58050 index 113b094..c9424e6 100644
58051 --- a/drivers/media/dvb-frontends/cx24123.c
58052 +++ b/drivers/media/dvb-frontends/cx24123.c
58053 @@ -1009,7 +1009,7 @@ static int cx24123_tune(struct dvb_frontend *fe,
58054 return retval;
58055 }
58056
58057 -static int cx24123_get_algo(struct dvb_frontend *fe)
58058 +static enum dvbfe_algo cx24123_get_algo(struct dvb_frontend *fe)
58059 {
58060 return DVBFE_ALGO_HW;
58061 }
58062 diff --git a/drivers/media/dvb-frontends/cxd2820r_core.c b/drivers/media/dvb-frontends/cxd2820r_core.c
58063 index 314d3b8..e2257bd 100644
58064 --- a/drivers/media/dvb-frontends/cxd2820r_core.c
58065 +++ b/drivers/media/dvb-frontends/cxd2820r_core.c
58066 @@ -572,7 +572,7 @@ error:
58067 return DVBFE_ALGO_SEARCH_ERROR;
58068 }
58069
58070 -static int cxd2820r_get_frontend_algo(struct dvb_frontend *fe)
58071 +static enum dvbfe_algo cxd2820r_get_frontend_algo(struct dvb_frontend *fe)
58072 {
58073 return DVBFE_ALGO_CUSTOM;
58074 }
58075 diff --git a/drivers/media/dvb-frontends/dib3000.h b/drivers/media/dvb-frontends/dib3000.h
58076 index d5dfafb..b7ed9d9 100644
58077 --- a/drivers/media/dvb-frontends/dib3000.h
58078 +++ b/drivers/media/dvb-frontends/dib3000.h
58079 @@ -39,7 +39,7 @@ struct dib_fe_xfer_ops
58080 int (*fifo_ctrl)(struct dvb_frontend *fe, int onoff);
58081 int (*pid_ctrl)(struct dvb_frontend *fe, int index, int pid, int onoff);
58082 int (*tuner_pass_ctrl)(struct dvb_frontend *fe, int onoff, u8 pll_ctrl);
58083 -};
58084 +} __no_const;
58085
58086 #if IS_REACHABLE(CONFIG_DVB_DIB3000MB)
58087 extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config,
58088 diff --git a/drivers/media/dvb-frontends/dib7000p.h b/drivers/media/dvb-frontends/dib7000p.h
58089 index baa2789..c8de7fe 100644
58090 --- a/drivers/media/dvb-frontends/dib7000p.h
58091 +++ b/drivers/media/dvb-frontends/dib7000p.h
58092 @@ -64,7 +64,7 @@ struct dib7000p_ops {
58093 int (*get_adc_power)(struct dvb_frontend *fe);
58094 int (*slave_reset)(struct dvb_frontend *fe);
58095 struct dvb_frontend *(*init)(struct i2c_adapter *i2c_adap, u8 i2c_addr, struct dib7000p_config *cfg);
58096 -};
58097 +} __no_const;
58098
58099 #if IS_REACHABLE(CONFIG_DVB_DIB7000P)
58100 void *dib7000p_attach(struct dib7000p_ops *ops);
58101 diff --git a/drivers/media/dvb-frontends/dib8000.h b/drivers/media/dvb-frontends/dib8000.h
58102 index 2b8b4b1..8cef451 100644
58103 --- a/drivers/media/dvb-frontends/dib8000.h
58104 +++ b/drivers/media/dvb-frontends/dib8000.h
58105 @@ -61,7 +61,7 @@ struct dib8000_ops {
58106 int (*pid_filter_ctrl)(struct dvb_frontend *fe, u8 onoff);
58107 int (*pid_filter)(struct dvb_frontend *fe, u8 id, u16 pid, u8 onoff);
58108 struct dvb_frontend *(*init)(struct i2c_adapter *i2c_adap, u8 i2c_addr, struct dib8000_config *cfg);
58109 -};
58110 +} __no_const;
58111
58112 #if IS_REACHABLE(CONFIG_DVB_DIB8000)
58113 void *dib8000_attach(struct dib8000_ops *ops);
58114 diff --git a/drivers/media/dvb-frontends/hd29l2.c b/drivers/media/dvb-frontends/hd29l2.c
58115 index 1c7eb47..c1cd6b8 100644
58116 --- a/drivers/media/dvb-frontends/hd29l2.c
58117 +++ b/drivers/media/dvb-frontends/hd29l2.c
58118 @@ -555,7 +555,7 @@ err:
58119 return DVBFE_ALGO_SEARCH_ERROR;
58120 }
58121
58122 -static int hd29l2_get_frontend_algo(struct dvb_frontend *fe)
58123 +static enum dvbfe_algo hd29l2_get_frontend_algo(struct dvb_frontend *fe)
58124 {
58125 return DVBFE_ALGO_CUSTOM;
58126 }
58127 diff --git a/drivers/media/dvb-frontends/lgdt3306a.c b/drivers/media/dvb-frontends/lgdt3306a.c
58128 index 179c26e..af482fe 100644
58129 --- a/drivers/media/dvb-frontends/lgdt3306a.c
58130 +++ b/drivers/media/dvb-frontends/lgdt3306a.c
58131 @@ -1734,7 +1734,7 @@ static int lgdt3306a_get_tune_settings(struct dvb_frontend *fe,
58132 return 0;
58133 }
58134
58135 -static int lgdt3306a_search(struct dvb_frontend *fe)
58136 +static enum dvbfe_search lgdt3306a_search(struct dvb_frontend *fe)
58137 {
58138 enum fe_status status = 0;
58139 int i, ret;
58140 diff --git a/drivers/media/dvb-frontends/mb86a20s.c b/drivers/media/dvb-frontends/mb86a20s.c
58141 index fe79358..6b9c499 100644
58142 --- a/drivers/media/dvb-frontends/mb86a20s.c
58143 +++ b/drivers/media/dvb-frontends/mb86a20s.c
58144 @@ -2054,7 +2054,7 @@ static void mb86a20s_release(struct dvb_frontend *fe)
58145 kfree(state);
58146 }
58147
58148 -static int mb86a20s_get_frontend_algo(struct dvb_frontend *fe)
58149 +static enum dvbfe_algo mb86a20s_get_frontend_algo(struct dvb_frontend *fe)
58150 {
58151 return DVBFE_ALGO_HW;
58152 }
58153 diff --git a/drivers/media/dvb-frontends/mt312.c b/drivers/media/dvb-frontends/mt312.c
58154 index fc08429..c816697 100644
58155 --- a/drivers/media/dvb-frontends/mt312.c
58156 +++ b/drivers/media/dvb-frontends/mt312.c
58157 @@ -381,7 +381,7 @@ static int mt312_send_master_cmd(struct dvb_frontend *fe,
58158 }
58159
58160 static int mt312_send_burst(struct dvb_frontend *fe,
58161 - const enum fe_sec_mini_cmd c)
58162 + enum fe_sec_mini_cmd c)
58163 {
58164 struct mt312_state *state = fe->demodulator_priv;
58165 const u8 mini_tab[2] = { 0x02, 0x03 };
58166 @@ -405,7 +405,7 @@ static int mt312_send_burst(struct dvb_frontend *fe,
58167 }
58168
58169 static int mt312_set_tone(struct dvb_frontend *fe,
58170 - const enum fe_sec_tone_mode t)
58171 + enum fe_sec_tone_mode t)
58172 {
58173 struct mt312_state *state = fe->demodulator_priv;
58174 const u8 tone_tab[2] = { 0x01, 0x00 };
58175 @@ -429,7 +429,7 @@ static int mt312_set_tone(struct dvb_frontend *fe,
58176 }
58177
58178 static int mt312_set_voltage(struct dvb_frontend *fe,
58179 - const enum fe_sec_voltage v)
58180 + enum fe_sec_voltage v)
58181 {
58182 struct mt312_state *state = fe->demodulator_priv;
58183 const u8 volt_tab[3] = { 0x00, 0x40, 0x00 };
58184 diff --git a/drivers/media/dvb-frontends/s921.c b/drivers/media/dvb-frontends/s921.c
58185 index b5e3d90..bd00dc6 100644
58186 --- a/drivers/media/dvb-frontends/s921.c
58187 +++ b/drivers/media/dvb-frontends/s921.c
58188 @@ -464,7 +464,7 @@ static int s921_tune(struct dvb_frontend *fe,
58189 return rc;
58190 }
58191
58192 -static int s921_get_algo(struct dvb_frontend *fe)
58193 +static enum dvbfe_algo s921_get_algo(struct dvb_frontend *fe)
58194 {
58195 return DVBFE_ALGO_HW;
58196 }
58197 diff --git a/drivers/media/pci/bt8xx/dst.c b/drivers/media/pci/bt8xx/dst.c
58198 index 35bc9b2..d5072b1 100644
58199 --- a/drivers/media/pci/bt8xx/dst.c
58200 +++ b/drivers/media/pci/bt8xx/dst.c
58201 @@ -1683,7 +1683,7 @@ static int dst_tune_frontend(struct dvb_frontend* fe,
58202 return 0;
58203 }
58204
58205 -static int dst_get_tuning_algo(struct dvb_frontend *fe)
58206 +static enum dvbfe_algo dst_get_tuning_algo(struct dvb_frontend *fe)
58207 {
58208 return dst_algo ? DVBFE_ALGO_HW : DVBFE_ALGO_SW;
58209 }
58210 diff --git a/drivers/media/pci/cx88/cx88-video.c b/drivers/media/pci/cx88/cx88-video.c
58211 index 5dc1e3f..ed6db07 100644
58212 --- a/drivers/media/pci/cx88/cx88-video.c
58213 +++ b/drivers/media/pci/cx88/cx88-video.c
58214 @@ -50,9 +50,9 @@ MODULE_VERSION(CX88_VERSION);
58215
58216 /* ------------------------------------------------------------------ */
58217
58218 -static unsigned int video_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
58219 -static unsigned int vbi_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
58220 -static unsigned int radio_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
58221 +static int video_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
58222 +static int vbi_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
58223 +static int radio_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
58224
58225 module_param_array(video_nr, int, NULL, 0444);
58226 module_param_array(vbi_nr, int, NULL, 0444);
58227 diff --git a/drivers/media/pci/ivtv/ivtv-driver.c b/drivers/media/pci/ivtv/ivtv-driver.c
58228 index 374033a..461c38c 100644
58229 --- a/drivers/media/pci/ivtv/ivtv-driver.c
58230 +++ b/drivers/media/pci/ivtv/ivtv-driver.c
58231 @@ -83,7 +83,7 @@ static struct pci_device_id ivtv_pci_tbl[] = {
58232 MODULE_DEVICE_TABLE(pci,ivtv_pci_tbl);
58233
58234 /* ivtv instance counter */
58235 -static atomic_t ivtv_instance = ATOMIC_INIT(0);
58236 +static atomic_unchecked_t ivtv_instance = ATOMIC_INIT(0);
58237
58238 /* Parameter declarations */
58239 static int cardtype[IVTV_MAX_CARDS];
58240 diff --git a/drivers/media/pci/pt1/va1j5jf8007s.c b/drivers/media/pci/pt1/va1j5jf8007s.c
58241 index d0e70dc0..e4fee68 100644
58242 --- a/drivers/media/pci/pt1/va1j5jf8007s.c
58243 +++ b/drivers/media/pci/pt1/va1j5jf8007s.c
58244 @@ -102,7 +102,7 @@ static int va1j5jf8007s_read_snr(struct dvb_frontend *fe, u16 *snr)
58245 return 0;
58246 }
58247
58248 -static int va1j5jf8007s_get_frontend_algo(struct dvb_frontend *fe)
58249 +static enum dvbfe_algo va1j5jf8007s_get_frontend_algo(struct dvb_frontend *fe)
58250 {
58251 return DVBFE_ALGO_HW;
58252 }
58253 diff --git a/drivers/media/pci/pt1/va1j5jf8007t.c b/drivers/media/pci/pt1/va1j5jf8007t.c
58254 index 0268f20..de9dff7 100644
58255 --- a/drivers/media/pci/pt1/va1j5jf8007t.c
58256 +++ b/drivers/media/pci/pt1/va1j5jf8007t.c
58257 @@ -92,7 +92,7 @@ static int va1j5jf8007t_read_snr(struct dvb_frontend *fe, u16 *snr)
58258 return 0;
58259 }
58260
58261 -static int va1j5jf8007t_get_frontend_algo(struct dvb_frontend *fe)
58262 +static enum dvbfe_algo va1j5jf8007t_get_frontend_algo(struct dvb_frontend *fe)
58263 {
58264 return DVBFE_ALGO_HW;
58265 }
58266 diff --git a/drivers/media/pci/solo6x10/solo6x10-core.c b/drivers/media/pci/solo6x10/solo6x10-core.c
58267 index f50d072..0214f25 100644
58268 --- a/drivers/media/pci/solo6x10/solo6x10-core.c
58269 +++ b/drivers/media/pci/solo6x10/solo6x10-core.c
58270 @@ -411,7 +411,7 @@ static void solo_device_release(struct device *dev)
58271
58272 static int solo_sysfs_init(struct solo_dev *solo_dev)
58273 {
58274 - struct bin_attribute *sdram_attr = &solo_dev->sdram_attr;
58275 + bin_attribute_no_const *sdram_attr = &solo_dev->sdram_attr;
58276 struct device *dev = &solo_dev->dev;
58277 const char *driver;
58278 int i;
58279 diff --git a/drivers/media/pci/solo6x10/solo6x10-g723.c b/drivers/media/pci/solo6x10/solo6x10-g723.c
58280 index 4a37a1c..7e82dfd 100644
58281 --- a/drivers/media/pci/solo6x10/solo6x10-g723.c
58282 +++ b/drivers/media/pci/solo6x10/solo6x10-g723.c
58283 @@ -350,7 +350,7 @@ static int solo_snd_pcm_init(struct solo_dev *solo_dev)
58284
58285 int solo_g723_init(struct solo_dev *solo_dev)
58286 {
58287 - static struct snd_device_ops ops = { NULL };
58288 + static struct snd_device_ops ops = { };
58289 struct snd_card *card;
58290 struct snd_kcontrol_new kctl;
58291 char name[32];
58292 diff --git a/drivers/media/pci/solo6x10/solo6x10-p2m.c b/drivers/media/pci/solo6x10/solo6x10-p2m.c
58293 index 8c84846..27b4f83 100644
58294 --- a/drivers/media/pci/solo6x10/solo6x10-p2m.c
58295 +++ b/drivers/media/pci/solo6x10/solo6x10-p2m.c
58296 @@ -73,7 +73,7 @@ int solo_p2m_dma_desc(struct solo_dev *solo_dev,
58297
58298 /* Get next ID. According to Softlogic, 6110 has problems on !=0 P2M */
58299 if (solo_dev->type != SOLO_DEV_6110 && multi_p2m) {
58300 - p2m_id = atomic_inc_return(&solo_dev->p2m_count) % SOLO_NR_P2M;
58301 + p2m_id = atomic_inc_return_unchecked(&solo_dev->p2m_count) % SOLO_NR_P2M;
58302 if (p2m_id < 0)
58303 p2m_id = -p2m_id;
58304 }
58305 diff --git a/drivers/media/pci/solo6x10/solo6x10.h b/drivers/media/pci/solo6x10/solo6x10.h
58306 index 5bd4987..bfcdd17 100644
58307 --- a/drivers/media/pci/solo6x10/solo6x10.h
58308 +++ b/drivers/media/pci/solo6x10/solo6x10.h
58309 @@ -216,7 +216,7 @@ struct solo_dev {
58310
58311 /* P2M DMA Engine */
58312 struct solo_p2m_dev p2m_dev[SOLO_NR_P2M];
58313 - atomic_t p2m_count;
58314 + atomic_unchecked_t p2m_count;
58315 int p2m_jiffies;
58316 unsigned int p2m_timeouts;
58317
58318 diff --git a/drivers/media/pci/sta2x11/sta2x11_vip.c b/drivers/media/pci/sta2x11/sta2x11_vip.c
58319 index aeb2b4e..53420d1 100644
58320 --- a/drivers/media/pci/sta2x11/sta2x11_vip.c
58321 +++ b/drivers/media/pci/sta2x11/sta2x11_vip.c
58322 @@ -775,8 +775,9 @@ static struct video_device video_dev_template = {
58323 *
58324 * IRQ_HANDLED, interrupt done.
58325 */
58326 -static irqreturn_t vip_irq(int irq, struct sta2x11_vip *vip)
58327 +static irqreturn_t vip_irq(int irq, void *_vip)
58328 {
58329 + struct sta2x11_vip *vip = _vip;
58330 unsigned int status;
58331
58332 status = reg_read(vip, DVP_ITS);
58333 @@ -1058,7 +1059,7 @@ static int sta2x11_vip_init_one(struct pci_dev *pdev,
58334 spin_lock_init(&vip->slock);
58335
58336 ret = request_irq(pdev->irq,
58337 - (irq_handler_t) vip_irq,
58338 + vip_irq,
58339 IRQF_SHARED, KBUILD_MODNAME, vip);
58340 if (ret) {
58341 dev_err(&pdev->dev, "request_irq failed\n");
58342 diff --git a/drivers/media/pci/tw68/tw68-core.c b/drivers/media/pci/tw68/tw68-core.c
58343 index 8474528..6c4e442 100644
58344 --- a/drivers/media/pci/tw68/tw68-core.c
58345 +++ b/drivers/media/pci/tw68/tw68-core.c
58346 @@ -61,7 +61,7 @@ static unsigned int card[] = {[0 ... (TW68_MAXBOARDS - 1)] = UNSET };
58347 module_param_array(card, int, NULL, 0444);
58348 MODULE_PARM_DESC(card, "card type");
58349
58350 -static atomic_t tw68_instance = ATOMIC_INIT(0);
58351 +static atomic_unchecked_t tw68_instance = ATOMIC_INIT(0);
58352
58353 /* ------------------------------------------------------------------ */
58354
58355 diff --git a/drivers/media/pci/tw686x/tw686x-core.c b/drivers/media/pci/tw686x/tw686x-core.c
58356 index 71a0453..279d447 100644
58357 --- a/drivers/media/pci/tw686x/tw686x-core.c
58358 +++ b/drivers/media/pci/tw686x/tw686x-core.c
58359 @@ -72,12 +72,12 @@ static const char *dma_mode_name(unsigned int mode)
58360 }
58361 }
58362
58363 -static int tw686x_dma_mode_get(char *buffer, struct kernel_param *kp)
58364 +static int tw686x_dma_mode_get(char *buffer, const struct kernel_param *kp)
58365 {
58366 return sprintf(buffer, dma_mode_name(dma_mode));
58367 }
58368
58369 -static int tw686x_dma_mode_set(const char *val, struct kernel_param *kp)
58370 +static int tw686x_dma_mode_set(const char *val, const struct kernel_param *kp)
58371 {
58372 if (!strcasecmp(val, dma_mode_name(TW686X_DMA_MODE_MEMCPY)))
58373 dma_mode = TW686X_DMA_MODE_MEMCPY;
58374 diff --git a/drivers/media/pci/zoran/zoran.h b/drivers/media/pci/zoran/zoran.h
58375 index 4e7db89..bd7ef95 100644
58376 --- a/drivers/media/pci/zoran/zoran.h
58377 +++ b/drivers/media/pci/zoran/zoran.h
58378 @@ -178,7 +178,6 @@ struct zoran_fh;
58379
58380 struct zoran_mapping {
58381 struct zoran_fh *fh;
58382 - atomic_t count;
58383 };
58384
58385 struct zoran_buffer {
58386 diff --git a/drivers/media/pci/zoran/zoran_card.c b/drivers/media/pci/zoran/zoran_card.c
58387 index 9d2697f..65fb18f 100644
58388 --- a/drivers/media/pci/zoran/zoran_card.c
58389 +++ b/drivers/media/pci/zoran/zoran_card.c
58390 @@ -1356,7 +1356,7 @@ static int zoran_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
58391 if (zr->card.video_codec) {
58392 codec_name = codecid_to_modulename(zr->card.video_codec);
58393 if (codec_name) {
58394 - result = request_module(codec_name);
58395 + result = request_module("%s", codec_name);
58396 if (result) {
58397 dprintk(1,
58398 KERN_ERR
58399 @@ -1368,7 +1368,7 @@ static int zoran_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
58400 if (zr->card.video_vfe) {
58401 vfe_name = codecid_to_modulename(zr->card.video_vfe);
58402 if (vfe_name) {
58403 - result = request_module(vfe_name);
58404 + result = request_module("%s", vfe_name);
58405 if (result < 0) {
58406 dprintk(1,
58407 KERN_ERR
58408 diff --git a/drivers/media/pci/zoran/zoran_driver.c b/drivers/media/pci/zoran/zoran_driver.c
58409 index 80caa70..d076ecf 100644
58410 --- a/drivers/media/pci/zoran/zoran_driver.c
58411 +++ b/drivers/media/pci/zoran/zoran_driver.c
58412 @@ -2607,8 +2607,6 @@ zoran_poll (struct file *file,
58413 static void
58414 zoran_vm_open (struct vm_area_struct *vma)
58415 {
58416 - struct zoran_mapping *map = vma->vm_private_data;
58417 - atomic_inc(&map->count);
58418 }
58419
58420 static void
58421 @@ -2736,7 +2734,6 @@ zoran_mmap (struct file *file,
58422 return res;
58423 }
58424 map->fh = fh;
58425 - atomic_set(&map->count, 1);
58426
58427 vma->vm_ops = &zoran_vm_ops;
58428 vma->vm_flags |= VM_DONTEXPAND;
58429 diff --git a/drivers/media/platform/mtk-vcodec/venc/venc_h264_if.c b/drivers/media/platform/mtk-vcodec/venc/venc_h264_if.c
58430 index 63d4be4..451b8e1 100644
58431 --- a/drivers/media/platform/mtk-vcodec/venc/venc_h264_if.c
58432 +++ b/drivers/media/platform/mtk-vcodec/venc/venc_h264_if.c
58433 @@ -665,10 +665,10 @@ static int h264_enc_deinit(unsigned long handle)
58434 }
58435
58436 static struct venc_common_if venc_h264_if = {
58437 - h264_enc_init,
58438 - h264_enc_encode,
58439 - h264_enc_set_param,
58440 - h264_enc_deinit,
58441 + .init = h264_enc_init,
58442 + .encode = h264_enc_encode,
58443 + .set_param = h264_enc_set_param,
58444 + .deinit = h264_enc_deinit,
58445 };
58446
58447 struct venc_common_if *get_h264_enc_comm_if(void);
58448 diff --git a/drivers/media/platform/mtk-vcodec/venc/venc_vp8_if.c b/drivers/media/platform/mtk-vcodec/venc/venc_vp8_if.c
58449 index 6d97584..8539e9b 100644
58450 --- a/drivers/media/platform/mtk-vcodec/venc/venc_vp8_if.c
58451 +++ b/drivers/media/platform/mtk-vcodec/venc/venc_vp8_if.c
58452 @@ -470,10 +470,10 @@ static int vp8_enc_deinit(unsigned long handle)
58453 }
58454
58455 static struct venc_common_if venc_vp8_if = {
58456 - vp8_enc_init,
58457 - vp8_enc_encode,
58458 - vp8_enc_set_param,
58459 - vp8_enc_deinit,
58460 + .init = vp8_enc_init,
58461 + .encode = vp8_enc_encode,
58462 + .set_param = vp8_enc_set_param,
58463 + .deinit = vp8_enc_deinit,
58464 };
58465
58466 struct venc_common_if *get_vp8_enc_comm_if(void);
58467 diff --git a/drivers/media/platform/omap/omap_vout.c b/drivers/media/platform/omap/omap_vout.c
58468 index 6b01e12..0f35c56 100644
58469 --- a/drivers/media/platform/omap/omap_vout.c
58470 +++ b/drivers/media/platform/omap/omap_vout.c
58471 @@ -63,7 +63,6 @@ enum omap_vout_channels {
58472 OMAP_VIDEO2,
58473 };
58474
58475 -static struct videobuf_queue_ops video_vbq_ops;
58476 /* Variables configurable through module params*/
58477 static u32 video1_numbuffers = 3;
58478 static u32 video2_numbuffers = 3;
58479 @@ -1001,6 +1000,12 @@ static int omap_vout_open(struct file *file)
58480 {
58481 struct videobuf_queue *q;
58482 struct omap_vout_device *vout = NULL;
58483 + static struct videobuf_queue_ops video_vbq_ops = {
58484 + .buf_setup = omap_vout_buffer_setup,
58485 + .buf_prepare = omap_vout_buffer_prepare,
58486 + .buf_release = omap_vout_buffer_release,
58487 + .buf_queue = omap_vout_buffer_queue,
58488 + };
58489
58490 vout = video_drvdata(file);
58491 v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, "Entering %s\n", __func__);
58492 @@ -1018,10 +1023,6 @@ static int omap_vout_open(struct file *file)
58493 vout->type = V4L2_BUF_TYPE_VIDEO_OUTPUT;
58494
58495 q = &vout->vbq;
58496 - video_vbq_ops.buf_setup = omap_vout_buffer_setup;
58497 - video_vbq_ops.buf_prepare = omap_vout_buffer_prepare;
58498 - video_vbq_ops.buf_release = omap_vout_buffer_release;
58499 - video_vbq_ops.buf_queue = omap_vout_buffer_queue;
58500 spin_lock_init(&vout->vbq_lock);
58501
58502 videobuf_queue_dma_contig_init(q, &video_vbq_ops, q->dev,
58503 diff --git a/drivers/media/platform/s5p-tv/mixer.h b/drivers/media/platform/s5p-tv/mixer.h
58504 index 869f0ce..c9c6e9e 100644
58505 --- a/drivers/media/platform/s5p-tv/mixer.h
58506 +++ b/drivers/media/platform/s5p-tv/mixer.h
58507 @@ -156,7 +156,7 @@ struct mxr_layer {
58508 /** layer index (unique identifier) */
58509 int idx;
58510 /** callbacks for layer methods */
58511 - struct mxr_layer_ops ops;
58512 + struct mxr_layer_ops *ops;
58513 /** format array */
58514 const struct mxr_format **fmt_array;
58515 /** size of format array */
58516 diff --git a/drivers/media/platform/s5p-tv/mixer_grp_layer.c b/drivers/media/platform/s5p-tv/mixer_grp_layer.c
58517 index d4d2564..f4570ea 100644
58518 --- a/drivers/media/platform/s5p-tv/mixer_grp_layer.c
58519 +++ b/drivers/media/platform/s5p-tv/mixer_grp_layer.c
58520 @@ -235,7 +235,7 @@ struct mxr_layer *mxr_graph_layer_create(struct mxr_device *mdev, int idx)
58521 {
58522 struct mxr_layer *layer;
58523 int ret;
58524 - const struct mxr_layer_ops ops = {
58525 + static const struct mxr_layer_ops ops = {
58526 .release = mxr_graph_layer_release,
58527 .buffer_set = mxr_graph_buffer_set,
58528 .stream_set = mxr_graph_stream_set,
58529 diff --git a/drivers/media/platform/s5p-tv/mixer_reg.c b/drivers/media/platform/s5p-tv/mixer_reg.c
58530 index a0ec14a..225f4ac 100644
58531 --- a/drivers/media/platform/s5p-tv/mixer_reg.c
58532 +++ b/drivers/media/platform/s5p-tv/mixer_reg.c
58533 @@ -276,7 +276,7 @@ static void mxr_irq_layer_handle(struct mxr_layer *layer)
58534 layer->update_buf = next;
58535 }
58536
58537 - layer->ops.buffer_set(layer, layer->update_buf);
58538 + layer->ops->buffer_set(layer, layer->update_buf);
58539
58540 if (done && done != layer->shadow_buf)
58541 vb2_buffer_done(&done->vb.vb2_buf, VB2_BUF_STATE_DONE);
58542 diff --git a/drivers/media/platform/s5p-tv/mixer_video.c b/drivers/media/platform/s5p-tv/mixer_video.c
58543 index ee74e2b..9d2dae9 100644
58544 --- a/drivers/media/platform/s5p-tv/mixer_video.c
58545 +++ b/drivers/media/platform/s5p-tv/mixer_video.c
58546 @@ -201,7 +201,7 @@ static void mxr_layer_default_geo(struct mxr_layer *layer)
58547 layer->geo.src.height = layer->geo.src.full_height;
58548
58549 mxr_geometry_dump(mdev, &layer->geo);
58550 - layer->ops.fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
58551 + layer->ops->fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
58552 mxr_geometry_dump(mdev, &layer->geo);
58553 }
58554
58555 @@ -219,7 +219,7 @@ static void mxr_layer_update_output(struct mxr_layer *layer)
58556 layer->geo.dst.full_width = mbus_fmt.width;
58557 layer->geo.dst.full_height = mbus_fmt.height;
58558 layer->geo.dst.field = mbus_fmt.field;
58559 - layer->ops.fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
58560 + layer->ops->fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
58561
58562 mxr_geometry_dump(mdev, &layer->geo);
58563 }
58564 @@ -325,7 +325,7 @@ static int mxr_s_fmt(struct file *file, void *priv,
58565 /* set source size to highest accepted value */
58566 geo->src.full_width = max(geo->dst.full_width, pix->width);
58567 geo->src.full_height = max(geo->dst.full_height, pix->height);
58568 - layer->ops.fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
58569 + layer->ops->fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
58570 mxr_geometry_dump(mdev, &layer->geo);
58571 /* set cropping to total visible screen */
58572 geo->src.width = pix->width;
58573 @@ -333,12 +333,12 @@ static int mxr_s_fmt(struct file *file, void *priv,
58574 geo->src.x_offset = 0;
58575 geo->src.y_offset = 0;
58576 /* assure consistency of geometry */
58577 - layer->ops.fix_geometry(layer, MXR_GEOMETRY_CROP, MXR_NO_OFFSET);
58578 + layer->ops->fix_geometry(layer, MXR_GEOMETRY_CROP, MXR_NO_OFFSET);
58579 mxr_geometry_dump(mdev, &layer->geo);
58580 /* set full size to lowest possible value */
58581 geo->src.full_width = 0;
58582 geo->src.full_height = 0;
58583 - layer->ops.fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
58584 + layer->ops->fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
58585 mxr_geometry_dump(mdev, &layer->geo);
58586
58587 /* returning results */
58588 @@ -465,7 +465,7 @@ static int mxr_s_selection(struct file *file, void *fh,
58589 target->width = s->r.width;
58590 target->height = s->r.height;
58591
58592 - layer->ops.fix_geometry(layer, stage, s->flags);
58593 + layer->ops->fix_geometry(layer, stage, s->flags);
58594
58595 /* retrieve update selection rectangle */
58596 res.left = target->x_offset;
58597 @@ -929,13 +929,13 @@ static int start_streaming(struct vb2_queue *vq, unsigned int count)
58598 mxr_output_get(mdev);
58599
58600 mxr_layer_update_output(layer);
58601 - layer->ops.format_set(layer);
58602 + layer->ops->format_set(layer);
58603 /* enabling layer in hardware */
58604 spin_lock_irqsave(&layer->enq_slock, flags);
58605 layer->state = MXR_LAYER_STREAMING;
58606 spin_unlock_irqrestore(&layer->enq_slock, flags);
58607
58608 - layer->ops.stream_set(layer, MXR_ENABLE);
58609 + layer->ops->stream_set(layer, MXR_ENABLE);
58610 mxr_streamer_get(mdev);
58611
58612 return 0;
58613 @@ -1007,7 +1007,7 @@ static void stop_streaming(struct vb2_queue *vq)
58614 spin_unlock_irqrestore(&layer->enq_slock, flags);
58615
58616 /* disabling layer in hardware */
58617 - layer->ops.stream_set(layer, MXR_DISABLE);
58618 + layer->ops->stream_set(layer, MXR_DISABLE);
58619 /* remove one streamer */
58620 mxr_streamer_put(mdev);
58621 /* allow changes in output configuration */
58622 @@ -1045,8 +1045,8 @@ void mxr_base_layer_unregister(struct mxr_layer *layer)
58623
58624 void mxr_layer_release(struct mxr_layer *layer)
58625 {
58626 - if (layer->ops.release)
58627 - layer->ops.release(layer);
58628 + if (layer->ops->release)
58629 + layer->ops->release(layer);
58630 }
58631
58632 void mxr_base_layer_release(struct mxr_layer *layer)
58633 @@ -1072,7 +1072,7 @@ struct mxr_layer *mxr_base_layer_create(struct mxr_device *mdev,
58634
58635 layer->mdev = mdev;
58636 layer->idx = idx;
58637 - layer->ops = *ops;
58638 + layer->ops = ops;
58639
58640 spin_lock_init(&layer->enq_slock);
58641 INIT_LIST_HEAD(&layer->enq_list);
58642 diff --git a/drivers/media/platform/s5p-tv/mixer_vp_layer.c b/drivers/media/platform/s5p-tv/mixer_vp_layer.c
58643 index 6fa6f67..04b574b 100644
58644 --- a/drivers/media/platform/s5p-tv/mixer_vp_layer.c
58645 +++ b/drivers/media/platform/s5p-tv/mixer_vp_layer.c
58646 @@ -207,7 +207,7 @@ struct mxr_layer *mxr_vp_layer_create(struct mxr_device *mdev, int idx)
58647 {
58648 struct mxr_layer *layer;
58649 int ret;
58650 - const struct mxr_layer_ops ops = {
58651 + static const struct mxr_layer_ops ops = {
58652 .release = mxr_vp_layer_release,
58653 .buffer_set = mxr_vp_buffer_set,
58654 .stream_set = mxr_vp_stream_set,
58655 diff --git a/drivers/media/platform/soc_camera/soc_camera.c b/drivers/media/platform/soc_camera/soc_camera.c
58656 index 46c7186..47130c8 100644
58657 --- a/drivers/media/platform/soc_camera/soc_camera.c
58658 +++ b/drivers/media/platform/soc_camera/soc_camera.c
58659 @@ -1791,7 +1791,7 @@ static int soc_camera_probe(struct soc_camera_host *ici,
58660 goto eadd;
58661
58662 if (shd->module_name)
58663 - ret = request_module(shd->module_name);
58664 + ret = request_module("%s", shd->module_name);
58665
58666 ret = shd->add_device(icd);
58667 if (ret < 0)
58668 diff --git a/drivers/media/platform/sti/c8sectpfe/Kconfig b/drivers/media/platform/sti/c8sectpfe/Kconfig
58669 index 7420a50..e6f31a0 100644
58670 --- a/drivers/media/platform/sti/c8sectpfe/Kconfig
58671 +++ b/drivers/media/platform/sti/c8sectpfe/Kconfig
58672 @@ -4,6 +4,7 @@ config DVB_C8SECTPFE
58673 depends on ARCH_STI || ARCH_MULTIPLATFORM || COMPILE_TEST
58674 select FW_LOADER
58675 select DEBUG_FS
58676 + depends on !GRKERNSEC_KMEM
58677 select DVB_LNBP21 if MEDIA_SUBDRV_AUTOSELECT
58678 select DVB_STV090x if MEDIA_SUBDRV_AUTOSELECT
58679 select DVB_STB6100 if MEDIA_SUBDRV_AUTOSELECT
58680 diff --git a/drivers/media/radio/radio-cadet.c b/drivers/media/radio/radio-cadet.c
58681 index 82affae..42833ec 100644
58682 --- a/drivers/media/radio/radio-cadet.c
58683 +++ b/drivers/media/radio/radio-cadet.c
58684 @@ -333,6 +333,8 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo
58685 unsigned char readbuf[RDS_BUFFER];
58686 int i = 0;
58687
58688 + if (count > RDS_BUFFER)
58689 + return -EFAULT;
58690 mutex_lock(&dev->lock);
58691 if (dev->rdsstat == 0)
58692 cadet_start_rds(dev);
58693 @@ -349,8 +351,9 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo
58694 readbuf[i++] = dev->rdsbuf[dev->rdsout++];
58695 mutex_unlock(&dev->lock);
58696
58697 - if (i && copy_to_user(data, readbuf, i))
58698 - return -EFAULT;
58699 + if (i > sizeof(readbuf) || (i && copy_to_user(data, readbuf, i)))
58700 + i = -EFAULT;
58701 +
58702 return i;
58703 }
58704
58705 diff --git a/drivers/media/radio/radio-maxiradio.c b/drivers/media/radio/radio-maxiradio.c
58706 index 8253f79..ca5f579 100644
58707 --- a/drivers/media/radio/radio-maxiradio.c
58708 +++ b/drivers/media/radio/radio-maxiradio.c
58709 @@ -61,7 +61,7 @@ MODULE_PARM_DESC(radio_nr, "Radio device number");
58710 /* TEA5757 pin mappings */
58711 static const int clk = 1, data = 2, wren = 4, mo_st = 8, power = 16;
58712
58713 -static atomic_t maxiradio_instance = ATOMIC_INIT(0);
58714 +static atomic_unchecked_t maxiradio_instance = ATOMIC_INIT(0);
58715
58716 #define PCI_VENDOR_ID_GUILLEMOT 0x5046
58717 #define PCI_DEVICE_ID_GUILLEMOT_MAXIRADIO 0x1001
58718 diff --git a/drivers/media/radio/radio-shark.c b/drivers/media/radio/radio-shark.c
58719 index 85667a9..ec4dc0a 100644
58720 --- a/drivers/media/radio/radio-shark.c
58721 +++ b/drivers/media/radio/radio-shark.c
58722 @@ -79,7 +79,7 @@ struct shark_device {
58723 u32 last_val;
58724 };
58725
58726 -static atomic_t shark_instance = ATOMIC_INIT(0);
58727 +static atomic_unchecked_t shark_instance = ATOMIC_INIT(0);
58728
58729 static void shark_write_val(struct snd_tea575x *tea, u32 val)
58730 {
58731 diff --git a/drivers/media/radio/radio-shark2.c b/drivers/media/radio/radio-shark2.c
58732 index 0e65a85..3fa6f5c 100644
58733 --- a/drivers/media/radio/radio-shark2.c
58734 +++ b/drivers/media/radio/radio-shark2.c
58735 @@ -74,7 +74,7 @@ struct shark_device {
58736 u8 *transfer_buffer;
58737 };
58738
58739 -static atomic_t shark_instance = ATOMIC_INIT(0);
58740 +static atomic_unchecked_t shark_instance = ATOMIC_INIT(0);
58741
58742 static int shark_write_reg(struct radio_tea5777 *tea, u64 reg)
58743 {
58744 diff --git a/drivers/media/radio/radio-si476x.c b/drivers/media/radio/radio-si476x.c
58745 index 271f725..35e8c8f 100644
58746 --- a/drivers/media/radio/radio-si476x.c
58747 +++ b/drivers/media/radio/radio-si476x.c
58748 @@ -1445,7 +1445,7 @@ static int si476x_radio_probe(struct platform_device *pdev)
58749 struct si476x_radio *radio;
58750 struct v4l2_ctrl *ctrl;
58751
58752 - static atomic_t instance = ATOMIC_INIT(0);
58753 + static atomic_unchecked_t instance = ATOMIC_INIT(0);
58754
58755 radio = devm_kzalloc(&pdev->dev, sizeof(*radio), GFP_KERNEL);
58756 if (!radio)
58757 diff --git a/drivers/media/radio/wl128x/fmdrv_common.c b/drivers/media/radio/wl128x/fmdrv_common.c
58758 index 642b89c..5e92dc3 100644
58759 --- a/drivers/media/radio/wl128x/fmdrv_common.c
58760 +++ b/drivers/media/radio/wl128x/fmdrv_common.c
58761 @@ -71,7 +71,7 @@ module_param(default_rds_buf, uint, 0444);
58762 MODULE_PARM_DESC(default_rds_buf, "RDS buffer entries");
58763
58764 /* Radio Nr */
58765 -static u32 radio_nr = -1;
58766 +static int radio_nr = -1;
58767 module_param(radio_nr, int, 0444);
58768 MODULE_PARM_DESC(radio_nr, "Radio Nr");
58769
58770 diff --git a/drivers/media/usb/dvb-usb/cinergyT2-core.c b/drivers/media/usb/dvb-usb/cinergyT2-core.c
58771 index 9fd1527..8927230 100644
58772 --- a/drivers/media/usb/dvb-usb/cinergyT2-core.c
58773 +++ b/drivers/media/usb/dvb-usb/cinergyT2-core.c
58774 @@ -50,29 +50,73 @@ static struct dvb_usb_device_properties cinergyt2_properties;
58775
58776 static int cinergyt2_streaming_ctrl(struct dvb_usb_adapter *adap, int enable)
58777 {
58778 - char buf[] = { CINERGYT2_EP1_CONTROL_STREAM_TRANSFER, enable ? 1 : 0 };
58779 - char result[64];
58780 - return dvb_usb_generic_rw(adap->dev, buf, sizeof(buf), result,
58781 - sizeof(result), 0);
58782 + char *buf;
58783 + char *result;
58784 + int retval;
58785 +
58786 + buf = kmalloc(2, GFP_KERNEL);
58787 + if (buf == NULL)
58788 + return -ENOMEM;
58789 + result = kmalloc(64, GFP_KERNEL);
58790 + if (result == NULL) {
58791 + kfree(buf);
58792 + return -ENOMEM;
58793 + }
58794 +
58795 + buf[0] = CINERGYT2_EP1_CONTROL_STREAM_TRANSFER;
58796 + buf[1] = enable ? 1 : 0;
58797 +
58798 + retval = dvb_usb_generic_rw(adap->dev, buf, 2, result, 64, 0);
58799 +
58800 + kfree(buf);
58801 + kfree(result);
58802 + return retval;
58803 }
58804
58805 static int cinergyt2_power_ctrl(struct dvb_usb_device *d, int enable)
58806 {
58807 - char buf[] = { CINERGYT2_EP1_SLEEP_MODE, enable ? 0 : 1 };
58808 - char state[3];
58809 - return dvb_usb_generic_rw(d, buf, sizeof(buf), state, sizeof(state), 0);
58810 + char *buf;
58811 + char *state;
58812 + int retval;
58813 +
58814 + buf = kmalloc(2, GFP_KERNEL);
58815 + if (buf == NULL)
58816 + return -ENOMEM;
58817 + state = kmalloc(3, GFP_KERNEL);
58818 + if (state == NULL) {
58819 + kfree(buf);
58820 + return -ENOMEM;
58821 + }
58822 +
58823 + buf[0] = CINERGYT2_EP1_SLEEP_MODE;
58824 + buf[1] = enable ? 1 : 0;
58825 +
58826 + retval = dvb_usb_generic_rw(d, buf, 2, state, 3, 0);
58827 +
58828 + kfree(buf);
58829 + kfree(state);
58830 + return retval;
58831 }
58832
58833 static int cinergyt2_frontend_attach(struct dvb_usb_adapter *adap)
58834 {
58835 - char query[] = { CINERGYT2_EP1_GET_FIRMWARE_VERSION };
58836 - char state[3];
58837 + char *query;
58838 + char *state;
58839 int ret;
58840 + query = kmalloc(1, GFP_KERNEL);
58841 + if (query == NULL)
58842 + return -ENOMEM;
58843 + state = kmalloc(3, GFP_KERNEL);
58844 + if (state == NULL) {
58845 + kfree(query);
58846 + return -ENOMEM;
58847 + }
58848 +
58849 + query[0] = CINERGYT2_EP1_GET_FIRMWARE_VERSION;
58850
58851 adap->fe_adap[0].fe = cinergyt2_fe_attach(adap->dev);
58852
58853 - ret = dvb_usb_generic_rw(adap->dev, query, sizeof(query), state,
58854 - sizeof(state), 0);
58855 + ret = dvb_usb_generic_rw(adap->dev, query, 1, state, 3, 0);
58856 if (ret < 0) {
58857 deb_rc("cinergyt2_power_ctrl() Failed to retrieve sleep "
58858 "state info\n");
58859 @@ -80,7 +124,8 @@ static int cinergyt2_frontend_attach(struct dvb_usb_adapter *adap)
58860
58861 /* Copy this pointer as we are gonna need it in the release phase */
58862 cinergyt2_usb_device = adap->dev;
58863 -
58864 + kfree(query);
58865 + kfree(state);
58866 return 0;
58867 }
58868
58869 @@ -141,12 +186,23 @@ static int repeatable_keys[] = {
58870 static int cinergyt2_rc_query(struct dvb_usb_device *d, u32 *event, int *state)
58871 {
58872 struct cinergyt2_state *st = d->priv;
58873 - u8 key[5] = {0, 0, 0, 0, 0}, cmd = CINERGYT2_EP1_GET_RC_EVENTS;
58874 + u8 *key, *cmd;
58875 int i;
58876
58877 + cmd = kmalloc(1, GFP_KERNEL);
58878 + if (cmd == NULL)
58879 + return -EINVAL;
58880 + key = kzalloc(5, GFP_KERNEL);
58881 + if (key == NULL) {
58882 + kfree(cmd);
58883 + return -EINVAL;
58884 + }
58885 +
58886 + cmd[0] = CINERGYT2_EP1_GET_RC_EVENTS;
58887 +
58888 *state = REMOTE_NO_KEY_PRESSED;
58889
58890 - dvb_usb_generic_rw(d, &cmd, 1, key, sizeof(key), 0);
58891 + dvb_usb_generic_rw(d, cmd, 1, key, 5, 0);
58892 if (key[4] == 0xff) {
58893 /* key repeat */
58894 st->rc_counter++;
58895 @@ -157,12 +213,12 @@ static int cinergyt2_rc_query(struct dvb_usb_device *d, u32 *event, int *state)
58896 *event = d->last_event;
58897 deb_rc("repeat key, event %x\n",
58898 *event);
58899 - return 0;
58900 + goto out;
58901 }
58902 }
58903 deb_rc("repeated key (non repeatable)\n");
58904 }
58905 - return 0;
58906 + goto out;
58907 }
58908
58909 /* hack to pass checksum on the custom field */
58910 @@ -174,6 +230,9 @@ static int cinergyt2_rc_query(struct dvb_usb_device *d, u32 *event, int *state)
58911
58912 deb_rc("key: %*ph\n", 5, key);
58913 }
58914 +out:
58915 + kfree(cmd);
58916 + kfree(key);
58917 return 0;
58918 }
58919
58920 diff --git a/drivers/media/usb/dvb-usb/cinergyT2-fe.c b/drivers/media/usb/dvb-usb/cinergyT2-fe.c
58921 index b3ec743..9c0e418 100644
58922 --- a/drivers/media/usb/dvb-usb/cinergyT2-fe.c
58923 +++ b/drivers/media/usb/dvb-usb/cinergyT2-fe.c
58924 @@ -145,103 +145,176 @@ static int cinergyt2_fe_read_status(struct dvb_frontend *fe,
58925 enum fe_status *status)
58926 {
58927 struct cinergyt2_fe_state *state = fe->demodulator_priv;
58928 - struct dvbt_get_status_msg result;
58929 - u8 cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
58930 + struct dvbt_get_status_msg *result;
58931 + u8 *cmd;
58932 int ret;
58933
58934 - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (u8 *)&result,
58935 - sizeof(result), 0);
58936 + cmd = kmalloc(1, GFP_KERNEL);
58937 + if (cmd == NULL)
58938 + return -ENOMEM;
58939 + result = kmalloc(sizeof(*result), GFP_KERNEL);
58940 + if (result == NULL) {
58941 + kfree(cmd);
58942 + return -ENOMEM;
58943 + }
58944 +
58945 + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
58946 +
58947 + ret = dvb_usb_generic_rw(state->d, cmd, 1, (u8 *)result,
58948 + sizeof(*result), 0);
58949 if (ret < 0)
58950 - return ret;
58951 + goto out;
58952
58953 *status = 0;
58954
58955 - if (0xffff - le16_to_cpu(result.gain) > 30)
58956 + if (0xffff - le16_to_cpu(result->gain) > 30)
58957 *status |= FE_HAS_SIGNAL;
58958 - if (result.lock_bits & (1 << 6))
58959 + if (result->lock_bits & (1 << 6))
58960 *status |= FE_HAS_LOCK;
58961 - if (result.lock_bits & (1 << 5))
58962 + if (result->lock_bits & (1 << 5))
58963 *status |= FE_HAS_SYNC;
58964 - if (result.lock_bits & (1 << 4))
58965 + if (result->lock_bits & (1 << 4))
58966 *status |= FE_HAS_CARRIER;
58967 - if (result.lock_bits & (1 << 1))
58968 + if (result->lock_bits & (1 << 1))
58969 *status |= FE_HAS_VITERBI;
58970
58971 if ((*status & (FE_HAS_CARRIER | FE_HAS_VITERBI | FE_HAS_SYNC)) !=
58972 (FE_HAS_CARRIER | FE_HAS_VITERBI | FE_HAS_SYNC))
58973 *status &= ~FE_HAS_LOCK;
58974
58975 - return 0;
58976 +out:
58977 + kfree(cmd);
58978 + kfree(result);
58979 + return ret;
58980 }
58981
58982 static int cinergyt2_fe_read_ber(struct dvb_frontend *fe, u32 *ber)
58983 {
58984 struct cinergyt2_fe_state *state = fe->demodulator_priv;
58985 - struct dvbt_get_status_msg status;
58986 - char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
58987 + struct dvbt_get_status_msg *status;
58988 + char *cmd;
58989 int ret;
58990
58991 - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status,
58992 - sizeof(status), 0);
58993 + cmd = kmalloc(1, GFP_KERNEL);
58994 + if (cmd == NULL)
58995 + return -ENOMEM;
58996 + status = kmalloc(sizeof(*status), GFP_KERNEL);
58997 + if (status == NULL) {
58998 + kfree(cmd);
58999 + return -ENOMEM;
59000 + }
59001 +
59002 + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
59003 +
59004 + ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status,
59005 + sizeof(*status), 0);
59006 if (ret < 0)
59007 - return ret;
59008 + goto out;
59009
59010 - *ber = le32_to_cpu(status.viterbi_error_rate);
59011 + *ber = le32_to_cpu(status->viterbi_error_rate);
59012 +out:
59013 + kfree(cmd);
59014 + kfree(status);
59015 return 0;
59016 }
59017
59018 static int cinergyt2_fe_read_unc_blocks(struct dvb_frontend *fe, u32 *unc)
59019 {
59020 struct cinergyt2_fe_state *state = fe->demodulator_priv;
59021 - struct dvbt_get_status_msg status;
59022 - u8 cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
59023 + struct dvbt_get_status_msg *status;
59024 + u8 *cmd;
59025 int ret;
59026
59027 - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (u8 *)&status,
59028 - sizeof(status), 0);
59029 + cmd = kmalloc(1, GFP_KERNEL);
59030 + if (cmd == NULL)
59031 + return -ENOMEM;
59032 + status = kmalloc(sizeof(*status), GFP_KERNEL);
59033 + if (status == NULL) {
59034 + kfree(cmd);
59035 + return -ENOMEM;
59036 + }
59037 +
59038 + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
59039 +
59040 + ret = dvb_usb_generic_rw(state->d, cmd, 1, (u8 *)status,
59041 + sizeof(*status), 0);
59042 if (ret < 0) {
59043 err("cinergyt2_fe_read_unc_blocks() Failed! (Error=%d)\n",
59044 ret);
59045 - return ret;
59046 + goto out;
59047 }
59048 - *unc = le32_to_cpu(status.uncorrected_block_count);
59049 - return 0;
59050 + *unc = le32_to_cpu(status->uncorrected_block_count);
59051 +
59052 +out:
59053 + kfree(cmd);
59054 + kfree(status);
59055 + return ret;
59056 }
59057
59058 static int cinergyt2_fe_read_signal_strength(struct dvb_frontend *fe,
59059 u16 *strength)
59060 {
59061 struct cinergyt2_fe_state *state = fe->demodulator_priv;
59062 - struct dvbt_get_status_msg status;
59063 - char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
59064 + struct dvbt_get_status_msg *status;
59065 + char *cmd;
59066 int ret;
59067
59068 - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status,
59069 - sizeof(status), 0);
59070 + cmd = kmalloc(1, GFP_KERNEL);
59071 + if (cmd == NULL)
59072 + return -ENOMEM;
59073 + status = kmalloc(sizeof(*status), GFP_KERNEL);
59074 + if (status == NULL) {
59075 + kfree(cmd);
59076 + return -ENOMEM;
59077 + }
59078 +
59079 + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
59080 +
59081 + ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status,
59082 + sizeof(*status), 0);
59083 if (ret < 0) {
59084 err("cinergyt2_fe_read_signal_strength() Failed!"
59085 " (Error=%d)\n", ret);
59086 - return ret;
59087 + goto out;
59088 }
59089 - *strength = (0xffff - le16_to_cpu(status.gain));
59090 + *strength = (0xffff - le16_to_cpu(status->gain));
59091 +
59092 +out:
59093 + kfree(cmd);
59094 + kfree(status);
59095 return 0;
59096 }
59097
59098 static int cinergyt2_fe_read_snr(struct dvb_frontend *fe, u16 *snr)
59099 {
59100 struct cinergyt2_fe_state *state = fe->demodulator_priv;
59101 - struct dvbt_get_status_msg status;
59102 - char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
59103 + struct dvbt_get_status_msg *status;
59104 + char *cmd;
59105 int ret;
59106
59107 - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status,
59108 - sizeof(status), 0);
59109 + cmd = kmalloc(1, GFP_KERNEL);
59110 + if (cmd == NULL)
59111 + return -ENOMEM;
59112 + status = kmalloc(sizeof(*status), GFP_KERNEL);
59113 + if (status == NULL) {
59114 + kfree(cmd);
59115 + return -ENOMEM;
59116 + }
59117 +
59118 + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
59119 +
59120 + ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status,
59121 + sizeof(*status), 0);
59122 if (ret < 0) {
59123 err("cinergyt2_fe_read_snr() Failed! (Error=%d)\n", ret);
59124 - return ret;
59125 + goto out;
59126 }
59127 - *snr = (status.snr << 8) | status.snr;
59128 - return 0;
59129 + *snr = (status->snr << 8) | status->snr;
59130 +
59131 +out:
59132 + kfree(cmd);
59133 + kfree(status);
59134 + return ret;
59135 }
59136
59137 static int cinergyt2_fe_init(struct dvb_frontend *fe)
59138 @@ -266,35 +339,46 @@ static int cinergyt2_fe_set_frontend(struct dvb_frontend *fe)
59139 {
59140 struct dtv_frontend_properties *fep = &fe->dtv_property_cache;
59141 struct cinergyt2_fe_state *state = fe->demodulator_priv;
59142 - struct dvbt_set_parameters_msg param;
59143 - char result[2];
59144 + struct dvbt_set_parameters_msg *param;
59145 + char *result;
59146 int err;
59147
59148 - param.cmd = CINERGYT2_EP1_SET_TUNER_PARAMETERS;
59149 - param.tps = cpu_to_le16(compute_tps(fep));
59150 - param.freq = cpu_to_le32(fep->frequency / 1000);
59151 - param.flags = 0;
59152 + result = kmalloc(2, GFP_KERNEL);
59153 + if (result == NULL)
59154 + return -ENOMEM;
59155 + param = kmalloc(sizeof(*param), GFP_KERNEL);
59156 + if (param == NULL) {
59157 + kfree(result);
59158 + return -ENOMEM;
59159 + }
59160 +
59161 + param->cmd = CINERGYT2_EP1_SET_TUNER_PARAMETERS;
59162 + param->tps = cpu_to_le16(compute_tps(fep));
59163 + param->freq = cpu_to_le32(fep->frequency / 1000);
59164 + param->flags = 0;
59165
59166 switch (fep->bandwidth_hz) {
59167 default:
59168 case 8000000:
59169 - param.bandwidth = 8;
59170 + param->bandwidth = 8;
59171 break;
59172 case 7000000:
59173 - param.bandwidth = 7;
59174 + param->bandwidth = 7;
59175 break;
59176 case 6000000:
59177 - param.bandwidth = 6;
59178 + param->bandwidth = 6;
59179 break;
59180 }
59181
59182 err = dvb_usb_generic_rw(state->d,
59183 - (char *)&param, sizeof(param),
59184 - result, sizeof(result), 0);
59185 + (char *)param, sizeof(*param),
59186 + result, 2, 0);
59187 if (err < 0)
59188 err("cinergyt2_fe_set_frontend() Failed! err=%d\n", err);
59189
59190 - return (err < 0) ? err : 0;
59191 + kfree(result);
59192 + kfree(param);
59193 + return err;
59194 }
59195
59196 static void cinergyt2_fe_release(struct dvb_frontend *fe)
59197 diff --git a/drivers/media/usb/dvb-usb/dvb-usb-firmware.c b/drivers/media/usb/dvb-usb/dvb-usb-firmware.c
59198 index dd048a7..717a7b2 100644
59199 --- a/drivers/media/usb/dvb-usb/dvb-usb-firmware.c
59200 +++ b/drivers/media/usb/dvb-usb/dvb-usb-firmware.c
59201 @@ -35,42 +35,57 @@ static int usb_cypress_writemem(struct usb_device *udev,u16 addr,u8 *data, u8 le
59202
59203 int usb_cypress_load_firmware(struct usb_device *udev, const struct firmware *fw, int type)
59204 {
59205 - struct hexline hx;
59206 - u8 reset;
59207 + struct hexline *hx;
59208 + u8 *reset;
59209 int ret,pos=0;
59210
59211 + reset = kmalloc(1, GFP_KERNEL);
59212 + if (reset == NULL)
59213 + return -ENOMEM;
59214 +
59215 + hx = kmalloc(sizeof(struct hexline), GFP_KERNEL);
59216 + if (hx == NULL) {
59217 + kfree(reset);
59218 + return -ENOMEM;
59219 + }
59220 +
59221 /* stop the CPU */
59222 - reset = 1;
59223 - if ((ret = usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1)) != 1)
59224 + reset[0] = 1;
59225 + if ((ret = usb_cypress_writemem(udev,cypress[type].cpu_cs_register,reset,1)) != 1)
59226 err("could not stop the USB controller CPU.");
59227
59228 - while ((ret = dvb_usb_get_hexline(fw,&hx,&pos)) > 0) {
59229 - deb_fw("writing to address 0x%04x (buffer: 0x%02x %02x)\n",hx.addr,hx.len,hx.chk);
59230 - ret = usb_cypress_writemem(udev,hx.addr,hx.data,hx.len);
59231 + while ((ret = dvb_usb_get_hexline(fw,hx,&pos)) > 0) {
59232 + deb_fw("writing to address 0x%04x (buffer: 0x%02x %02x)\n",hx->addr,hx->len,hx->chk);
59233 + ret = usb_cypress_writemem(udev,hx->addr,hx->data,hx->len);
59234
59235 - if (ret != hx.len) {
59236 + if (ret != hx->len) {
59237 err("error while transferring firmware "
59238 "(transferred size: %d, block size: %d)",
59239 - ret,hx.len);
59240 + ret,hx->len);
59241 ret = -EINVAL;
59242 break;
59243 }
59244 }
59245 if (ret < 0) {
59246 err("firmware download failed at %d with %d",pos,ret);
59247 + kfree(reset);
59248 + kfree(hx);
59249 return ret;
59250 }
59251
59252 if (ret == 0) {
59253 /* restart the CPU */
59254 - reset = 0;
59255 - if (ret || usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1) != 1) {
59256 + reset[0] = 0;
59257 + if (ret || usb_cypress_writemem(udev,cypress[type].cpu_cs_register,reset,1) != 1) {
59258 err("could not restart the USB controller CPU.");
59259 ret = -EINVAL;
59260 }
59261 } else
59262 ret = -EIO;
59263
59264 + kfree(reset);
59265 + kfree(hx);
59266 +
59267 return ret;
59268 }
59269 EXPORT_SYMBOL(usb_cypress_load_firmware);
59270 diff --git a/drivers/media/usb/dvb-usb/technisat-usb2.c b/drivers/media/usb/dvb-usb/technisat-usb2.c
59271 index d9f3262..4370dbd 100644
59272 --- a/drivers/media/usb/dvb-usb/technisat-usb2.c
59273 +++ b/drivers/media/usb/dvb-usb/technisat-usb2.c
59274 @@ -89,8 +89,11 @@ struct technisat_usb2_state {
59275 static int technisat_usb2_i2c_access(struct usb_device *udev,
59276 u8 device_addr, u8 *tx, u8 txlen, u8 *rx, u8 rxlen)
59277 {
59278 - u8 b[64];
59279 - int ret, actual_length;
59280 + u8 *b = kmalloc(64, GFP_KERNEL);
59281 + int ret, actual_length, error = 0;
59282 +
59283 + if (b == NULL)
59284 + return -ENOMEM;
59285
59286 deb_i2c("i2c-access: %02x, tx: ", device_addr);
59287 debug_dump(tx, txlen, deb_i2c);
59288 @@ -123,7 +126,8 @@ static int technisat_usb2_i2c_access(struct usb_device *udev,
59289
59290 if (ret < 0) {
59291 err("i2c-error: out failed %02x = %d", device_addr, ret);
59292 - return -ENODEV;
59293 + error = -ENODEV;
59294 + goto out;
59295 }
59296
59297 ret = usb_bulk_msg(udev,
59298 @@ -131,7 +135,8 @@ static int technisat_usb2_i2c_access(struct usb_device *udev,
59299 b, 64, &actual_length, 1000);
59300 if (ret < 0) {
59301 err("i2c-error: in failed %02x = %d", device_addr, ret);
59302 - return -ENODEV;
59303 + error = -ENODEV;
59304 + goto out;
59305 }
59306
59307 if (b[0] != I2C_STATUS_OK) {
59308 @@ -139,8 +144,10 @@ static int technisat_usb2_i2c_access(struct usb_device *udev,
59309 /* handle tuner-i2c-nak */
59310 if (!(b[0] == I2C_STATUS_NAK &&
59311 device_addr == 0x60
59312 - /* && device_is_technisat_usb2 */))
59313 - return -ENODEV;
59314 + /* && device_is_technisat_usb2 */)) {
59315 + error = -ENODEV;
59316 + goto out;
59317 + }
59318 }
59319
59320 deb_i2c("status: %d, ", b[0]);
59321 @@ -154,7 +161,9 @@ static int technisat_usb2_i2c_access(struct usb_device *udev,
59322
59323 deb_i2c("\n");
59324
59325 - return 0;
59326 +out:
59327 + kfree(b);
59328 + return error;
59329 }
59330
59331 static int technisat_usb2_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msg,
59332 diff --git a/drivers/media/usb/pvrusb2/pvrusb2-context.c b/drivers/media/usb/pvrusb2/pvrusb2-context.c
59333 index c45f307..7d79261 100644
59334 --- a/drivers/media/usb/pvrusb2/pvrusb2-context.c
59335 +++ b/drivers/media/usb/pvrusb2/pvrusb2-context.c
59336 @@ -103,8 +103,10 @@ static void pvr2_context_destroy(struct pvr2_context *mp)
59337 }
59338
59339
59340 -static void pvr2_context_notify(struct pvr2_context *mp)
59341 +static void pvr2_context_notify(void *_mp)
59342 {
59343 + struct pvr2_context *mp = _mp;
59344 +
59345 pvr2_context_set_notify(mp,!0);
59346 }
59347
59348 @@ -119,9 +121,7 @@ static void pvr2_context_check(struct pvr2_context *mp)
59349 pvr2_trace(PVR2_TRACE_CTXT,
59350 "pvr2_context %p (initialize)", mp);
59351 /* Finish hardware initialization */
59352 - if (pvr2_hdw_initialize(mp->hdw,
59353 - (void (*)(void *))pvr2_context_notify,
59354 - mp)) {
59355 + if (pvr2_hdw_initialize(mp->hdw, pvr2_context_notify, mp)) {
59356 mp->video_stream.stream =
59357 pvr2_hdw_get_video_stream(mp->hdw);
59358 /* Trigger interface initialization. By doing this
59359 diff --git a/drivers/media/usb/pvrusb2/pvrusb2-dvb.c b/drivers/media/usb/pvrusb2/pvrusb2-dvb.c
59360 index 8c95793..2309b9e 100644
59361 --- a/drivers/media/usb/pvrusb2/pvrusb2-dvb.c
59362 +++ b/drivers/media/usb/pvrusb2/pvrusb2-dvb.c
59363 @@ -101,8 +101,10 @@ static int pvr2_dvb_feed_thread(void *data)
59364 return stat;
59365 }
59366
59367 -static void pvr2_dvb_notify(struct pvr2_dvb_adapter *adap)
59368 +static void pvr2_dvb_notify(void *_adap)
59369 {
59370 + struct pvr2_dvb_adapter *adap = _adap;
59371 +
59372 wake_up(&adap->buffer_wait_data);
59373 }
59374
59375 @@ -161,8 +163,7 @@ static int pvr2_dvb_stream_do_start(struct pvr2_dvb_adapter *adap)
59376 if (!(adap->buffer_storage[idx])) return -ENOMEM;
59377 }
59378
59379 - pvr2_stream_set_callback(pvr->video_stream.stream,
59380 - (pvr2_stream_callback) pvr2_dvb_notify, adap);
59381 + pvr2_stream_set_callback(pvr->video_stream.stream, pvr2_dvb_notify, adap);
59382
59383 ret = pvr2_stream_set_buffer_count(stream, PVR2_DVB_BUFFER_COUNT);
59384 if (ret < 0) return ret;
59385 diff --git a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
59386 index fe20fe4..a199a6d 100644
59387 --- a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
59388 +++ b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
59389 @@ -2097,7 +2097,7 @@ static void pvr2_hdw_load_modules(struct pvr2_hdw *hdw)
59390
59391 cm = &hdw->hdw_desc->client_modules;
59392 for (idx = 0; idx < cm->cnt; idx++) {
59393 - request_module(cm->lst[idx]);
59394 + request_module("%s", cm->lst[idx]);
59395 }
59396
59397 ct = &hdw->hdw_desc->client_table;
59398 diff --git a/drivers/media/usb/pvrusb2/pvrusb2-std.c b/drivers/media/usb/pvrusb2/pvrusb2-std.c
59399 index 9a596a3..38de071 100644
59400 --- a/drivers/media/usb/pvrusb2/pvrusb2-std.c
59401 +++ b/drivers/media/usb/pvrusb2/pvrusb2-std.c
59402 @@ -216,7 +216,7 @@ unsigned int pvr2_std_id_to_str(char *bufPtr, unsigned int bufSize,
59403 bufSize -= c2;
59404 bufPtr += c2;
59405 c2 = scnprintf(bufPtr,bufSize,
59406 - ip->name);
59407 + "%s", ip->name);
59408 c1 += c2;
59409 bufSize -= c2;
59410 bufPtr += c2;
59411 diff --git a/drivers/media/usb/pvrusb2/pvrusb2-v4l2.c b/drivers/media/usb/pvrusb2/pvrusb2-v4l2.c
59412 index 81f788b..9619f47 100644
59413 --- a/drivers/media/usb/pvrusb2/pvrusb2-v4l2.c
59414 +++ b/drivers/media/usb/pvrusb2/pvrusb2-v4l2.c
59415 @@ -1069,8 +1069,10 @@ static int pvr2_v4l2_open(struct file *file)
59416 }
59417
59418
59419 -static void pvr2_v4l2_notify(struct pvr2_v4l2_fh *fhp)
59420 +static void pvr2_v4l2_notify(void *_fhp)
59421 {
59422 + struct pvr2_v4l2_fh *fhp = _fhp;
59423 +
59424 wake_up(&fhp->wait_data);
59425 }
59426
59427 @@ -1103,7 +1105,7 @@ static int pvr2_v4l2_iosetup(struct pvr2_v4l2_fh *fh)
59428
59429 hdw = fh->channel.mc_head->hdw;
59430 sp = fh->pdi->stream->stream;
59431 - pvr2_stream_set_callback(sp,(pvr2_stream_callback)pvr2_v4l2_notify,fh);
59432 + pvr2_stream_set_callback(sp,pvr2_v4l2_notify,fh);
59433 pvr2_hdw_set_stream_type(hdw,fh->pdi->config);
59434 if ((ret = pvr2_hdw_set_streaming(hdw,!0)) < 0) return ret;
59435 return pvr2_ioread_set_enabled(fh->rhp,!0);
59436 diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c
59437 index 302e284..93781d6 100644
59438 --- a/drivers/media/usb/uvc/uvc_driver.c
59439 +++ b/drivers/media/usb/uvc/uvc_driver.c
59440 @@ -2078,7 +2078,7 @@ static int uvc_reset_resume(struct usb_interface *intf)
59441 * Module parameters
59442 */
59443
59444 -static int uvc_clock_param_get(char *buffer, struct kernel_param *kp)
59445 +static int uvc_clock_param_get(char *buffer, const struct kernel_param *kp)
59446 {
59447 if (uvc_clock_param == CLOCK_MONOTONIC)
59448 return sprintf(buffer, "CLOCK_MONOTONIC");
59449 @@ -2086,7 +2086,7 @@ static int uvc_clock_param_get(char *buffer, struct kernel_param *kp)
59450 return sprintf(buffer, "CLOCK_REALTIME");
59451 }
59452
59453 -static int uvc_clock_param_set(const char *val, struct kernel_param *kp)
59454 +static int uvc_clock_param_set(const char *val, const struct kernel_param *kp)
59455 {
59456 if (strncasecmp(val, "clock_", strlen("clock_")) == 0)
59457 val += strlen("clock_");
59458 diff --git a/drivers/media/v4l2-core/v4l2-common.c b/drivers/media/v4l2-core/v4l2-common.c
59459 index 5b80850..97b8443 100644
59460 --- a/drivers/media/v4l2-core/v4l2-common.c
59461 +++ b/drivers/media/v4l2-core/v4l2-common.c
59462 @@ -268,7 +268,7 @@ struct v4l2_subdev *v4l2_spi_new_subdev(struct v4l2_device *v4l2_dev,
59463 BUG_ON(!v4l2_dev);
59464
59465 if (info->modalias[0])
59466 - request_module(info->modalias);
59467 + request_module("%s", info->modalias);
59468
59469 spi = spi_new_device(master, info);
59470
59471 diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
59472 index bacecbd..277d1f8 100644
59473 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
59474 +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
59475 @@ -449,7 +449,7 @@ static int get_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user
59476 * by passing a very big num_planes value */
59477 uplane = compat_alloc_user_space(num_planes *
59478 sizeof(struct v4l2_plane));
59479 - kp->m.planes = (__force struct v4l2_plane *)uplane;
59480 + kp->m.planes = (__force_kernel struct v4l2_plane *)uplane;
59481
59482 while (--num_planes >= 0) {
59483 ret = get_v4l2_plane32(uplane, uplane32, kp->memory);
59484 @@ -519,7 +519,7 @@ static int put_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user
59485 if (num_planes == 0)
59486 return 0;
59487
59488 - uplane = (__force struct v4l2_plane __user *)kp->m.planes;
59489 + uplane = (struct v4l2_plane __force_user *)kp->m.planes;
59490 if (get_user(p, &up->m.planes))
59491 return -EFAULT;
59492 uplane32 = compat_ptr(p);
59493 @@ -581,7 +581,7 @@ static int get_v4l2_framebuffer32(struct v4l2_framebuffer *kp, struct v4l2_frame
59494 get_user(kp->flags, &up->flags) ||
59495 copy_from_user(&kp->fmt, &up->fmt, sizeof(up->fmt)))
59496 return -EFAULT;
59497 - kp->base = (__force void *)compat_ptr(tmp);
59498 + kp->base = (__force_kernel void *)compat_ptr(tmp);
59499 return 0;
59500 }
59501
59502 @@ -687,7 +687,7 @@ static int get_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext
59503 n * sizeof(struct v4l2_ext_control32)))
59504 return -EFAULT;
59505 kcontrols = compat_alloc_user_space(n * sizeof(struct v4l2_ext_control));
59506 - kp->controls = (__force struct v4l2_ext_control *)kcontrols;
59507 + kp->controls = (__force_kernel struct v4l2_ext_control *)kcontrols;
59508 while (--n >= 0) {
59509 u32 id;
59510
59511 @@ -714,7 +714,7 @@ static int put_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext
59512 {
59513 struct v4l2_ext_control32 __user *ucontrols;
59514 struct v4l2_ext_control __user *kcontrols =
59515 - (__force struct v4l2_ext_control __user *)kp->controls;
59516 + (struct v4l2_ext_control __force_user *)kp->controls;
59517 int n = kp->count;
59518 compat_caddr_t p;
59519
59520 @@ -799,7 +799,7 @@ static int get_v4l2_edid32(struct v4l2_edid *kp, struct v4l2_edid32 __user *up)
59521 get_user(tmp, &up->edid) ||
59522 copy_from_user(kp->reserved, up->reserved, sizeof(kp->reserved)))
59523 return -EFAULT;
59524 - kp->edid = (__force u8 *)compat_ptr(tmp);
59525 + kp->edid = (__force_kernel u8 *)compat_ptr(tmp);
59526 return 0;
59527 }
59528
59529 diff --git a/drivers/media/v4l2-core/v4l2-device.c b/drivers/media/v4l2-core/v4l2-device.c
59530 index 06fa5f1..2231dda 100644
59531 --- a/drivers/media/v4l2-core/v4l2-device.c
59532 +++ b/drivers/media/v4l2-core/v4l2-device.c
59533 @@ -74,9 +74,9 @@ int v4l2_device_put(struct v4l2_device *v4l2_dev)
59534 EXPORT_SYMBOL_GPL(v4l2_device_put);
59535
59536 int v4l2_device_set_name(struct v4l2_device *v4l2_dev, const char *basename,
59537 - atomic_t *instance)
59538 + atomic_unchecked_t *instance)
59539 {
59540 - int num = atomic_inc_return(instance) - 1;
59541 + int num = atomic_inc_return_unchecked(instance) - 1;
59542 int len = strlen(basename);
59543
59544 if (basename[len - 1] >= '0' && basename[len - 1] <= '9')
59545 diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c
59546 index 51a0fa1..5ae0546 100644
59547 --- a/drivers/media/v4l2-core/v4l2-ioctl.c
59548 +++ b/drivers/media/v4l2-core/v4l2-ioctl.c
59549 @@ -2425,49 +2425,216 @@ static int v4l_enum_freq_bands(const struct v4l2_ioctl_ops *ops,
59550 return -ENOTTY;
59551 }
59552
59553 +static int v4l_vidioc_g_fbuf(const struct v4l2_ioctl_ops *ops,
59554 + struct file *file, void *fh, void *arg)
59555 +{
59556 + return ops->vidioc_g_fbuf(file, fh, arg);
59557 +}
59558 +
59559 +static int v4l_vidioc_s_fbuf(const struct v4l2_ioctl_ops *ops,
59560 + struct file *file, void *fh, void *arg)
59561 +{
59562 + return ops->vidioc_s_fbuf(file, fh, arg);
59563 +}
59564 +
59565 +static int v4l_vidioc_expbuf(const struct v4l2_ioctl_ops *ops,
59566 + struct file *file, void *fh, void *arg)
59567 +{
59568 + return ops->vidioc_expbuf(file, fh, arg);
59569 +}
59570 +
59571 +static int v4l_vidioc_g_std(const struct v4l2_ioctl_ops *ops,
59572 + struct file *file, void *fh, void *arg)
59573 +{
59574 + return ops->vidioc_g_std(file, fh, arg);
59575 +}
59576 +
59577 +static int v4l_vidioc_g_audio(const struct v4l2_ioctl_ops *ops,
59578 + struct file *file, void *fh, void *arg)
59579 +{
59580 + return ops->vidioc_g_audio(file, fh, arg);
59581 +}
59582 +
59583 +static int v4l_vidioc_s_audio(const struct v4l2_ioctl_ops *ops,
59584 + struct file *file, void *fh, void *arg)
59585 +{
59586 + return ops->vidioc_s_audio(file, fh, arg);
59587 +}
59588 +
59589 +static int v4l_vidioc_g_input(const struct v4l2_ioctl_ops *ops,
59590 + struct file *file, void *fh, void *arg)
59591 +{
59592 + return ops->vidioc_g_input(file, fh, arg);
59593 +}
59594 +
59595 +static int v4l_vidioc_g_edid(const struct v4l2_ioctl_ops *ops,
59596 + struct file *file, void *fh, void *arg)
59597 +{
59598 + return ops->vidioc_g_edid(file, fh, arg);
59599 +}
59600 +
59601 +static int v4l_vidioc_s_edid(const struct v4l2_ioctl_ops *ops,
59602 + struct file *file, void *fh, void *arg)
59603 +{
59604 + return ops->vidioc_s_edid(file, fh, arg);
59605 +}
59606 +
59607 +static int v4l_vidioc_g_output(const struct v4l2_ioctl_ops *ops,
59608 + struct file *file, void *fh, void *arg)
59609 +{
59610 + return ops->vidioc_g_output(file, fh, arg);
59611 +}
59612 +
59613 +static int v4l_vidioc_g_audout(const struct v4l2_ioctl_ops *ops,
59614 + struct file *file, void *fh, void *arg)
59615 +{
59616 + return ops->vidioc_g_audout(file, fh, arg);
59617 +}
59618 +
59619 +static int v4l_vidioc_s_audout(const struct v4l2_ioctl_ops *ops,
59620 + struct file *file, void *fh, void *arg)
59621 +{
59622 + return ops->vidioc_s_audout(file, fh, arg);
59623 +}
59624 +
59625 +static int v4l_vidioc_g_selection(const struct v4l2_ioctl_ops *ops,
59626 + struct file *file, void *fh, void *arg)
59627 +{
59628 + return ops->vidioc_g_selection(file, fh, arg);
59629 +}
59630 +
59631 +static int v4l_vidioc_s_selection(const struct v4l2_ioctl_ops *ops,
59632 + struct file *file, void *fh, void *arg)
59633 +{
59634 + return ops->vidioc_s_selection(file, fh, arg);
59635 +}
59636 +
59637 +static int v4l_vidioc_g_jpegcomp(const struct v4l2_ioctl_ops *ops,
59638 + struct file *file, void *fh, void *arg)
59639 +{
59640 + return ops->vidioc_g_jpegcomp(file, fh, arg);
59641 +}
59642 +
59643 +static int v4l_vidioc_s_jpegcomp(const struct v4l2_ioctl_ops *ops,
59644 + struct file *file, void *fh, void *arg)
59645 +{
59646 + return ops->vidioc_s_jpegcomp(file, fh, arg);
59647 +}
59648 +
59649 +static int v4l_vidioc_enumaudio(const struct v4l2_ioctl_ops *ops,
59650 + struct file *file, void *fh, void *arg)
59651 +{
59652 + return ops->vidioc_enumaudio(file, fh, arg);
59653 +}
59654 +
59655 +static int v4l_vidioc_enumaudout(const struct v4l2_ioctl_ops *ops,
59656 + struct file *file, void *fh, void *arg)
59657 +{
59658 + return ops->vidioc_enumaudout(file, fh, arg);
59659 +}
59660 +
59661 +static int v4l_vidioc_enum_framesizes(const struct v4l2_ioctl_ops *ops,
59662 + struct file *file, void *fh, void *arg)
59663 +{
59664 + return ops->vidioc_enum_framesizes(file, fh, arg);
59665 +}
59666 +
59667 +static int v4l_vidioc_enum_frameintervals(const struct v4l2_ioctl_ops *ops,
59668 + struct file *file, void *fh, void *arg)
59669 +{
59670 + return ops->vidioc_enum_frameintervals(file, fh, arg);
59671 +}
59672 +
59673 +static int v4l_vidioc_g_enc_index(const struct v4l2_ioctl_ops *ops,
59674 + struct file *file, void *fh, void *arg)
59675 +{
59676 + return ops->vidioc_g_enc_index(file, fh, arg);
59677 +}
59678 +
59679 +static int v4l_vidioc_encoder_cmd(const struct v4l2_ioctl_ops *ops,
59680 + struct file *file, void *fh, void *arg)
59681 +{
59682 + return ops->vidioc_encoder_cmd(file, fh, arg);
59683 +}
59684 +
59685 +static int v4l_vidioc_try_encoder_cmd(const struct v4l2_ioctl_ops *ops,
59686 + struct file *file, void *fh, void *arg)
59687 +{
59688 + return ops->vidioc_try_encoder_cmd(file, fh, arg);
59689 +}
59690 +
59691 +static int v4l_vidioc_decoder_cmd(const struct v4l2_ioctl_ops *ops,
59692 + struct file *file, void *fh, void *arg)
59693 +{
59694 + return ops->vidioc_decoder_cmd(file, fh, arg);
59695 +}
59696 +
59697 +static int v4l_vidioc_try_decoder_cmd(const struct v4l2_ioctl_ops *ops,
59698 + struct file *file, void *fh, void *arg)
59699 +{
59700 + return ops->vidioc_try_decoder_cmd(file, fh, arg);
59701 +}
59702 +
59703 +static int v4l_vidioc_s_dv_timings(const struct v4l2_ioctl_ops *ops,
59704 + struct file *file, void *fh, void *arg)
59705 +{
59706 + return ops->vidioc_s_dv_timings(file, fh, arg);
59707 +}
59708 +
59709 +static int v4l_vidioc_g_dv_timings(const struct v4l2_ioctl_ops *ops,
59710 + struct file *file, void *fh, void *arg)
59711 +{
59712 + return ops->vidioc_g_dv_timings(file, fh, arg);
59713 +}
59714 +
59715 +static int v4l_vidioc_enum_dv_timings(const struct v4l2_ioctl_ops *ops,
59716 + struct file *file, void *fh, void *arg)
59717 +{
59718 + return ops->vidioc_enum_dv_timings(file, fh, arg);
59719 +}
59720 +
59721 +static int v4l_vidioc_query_dv_timings(const struct v4l2_ioctl_ops *ops,
59722 + struct file *file, void *fh, void *arg)
59723 +{
59724 + return ops->vidioc_query_dv_timings(file, fh, arg);
59725 +}
59726 +
59727 +static int v4l_vidioc_dv_timings_cap(const struct v4l2_ioctl_ops *ops,
59728 + struct file *file, void *fh, void *arg)
59729 +{
59730 + return ops->vidioc_dv_timings_cap(file, fh, arg);
59731 +}
59732 +
59733 struct v4l2_ioctl_info {
59734 unsigned int ioctl;
59735 u32 flags;
59736 const char * const name;
59737 - union {
59738 - u32 offset;
59739 - int (*func)(const struct v4l2_ioctl_ops *ops,
59740 - struct file *file, void *fh, void *p);
59741 - } u;
59742 + int (*func)(const struct v4l2_ioctl_ops *ops,
59743 + struct file *file, void *fh, void *p);
59744 void (*debug)(const void *arg, bool write_only);
59745 -};
59746 +} __do_const;
59747 +typedef struct v4l2_ioctl_info __no_const v4l2_ioctl_info_no_const;
59748
59749 /* This control needs a priority check */
59750 #define INFO_FL_PRIO (1 << 0)
59751 /* This control can be valid if the filehandle passes a control handler. */
59752 #define INFO_FL_CTRL (1 << 1)
59753 -/* This is a standard ioctl, no need for special code */
59754 -#define INFO_FL_STD (1 << 2)
59755 /* This is ioctl has its own function */
59756 -#define INFO_FL_FUNC (1 << 3)
59757 +#define INFO_FL_FUNC (1 << 2)
59758 /* Queuing ioctl */
59759 -#define INFO_FL_QUEUE (1 << 4)
59760 +#define INFO_FL_QUEUE (1 << 3)
59761 /* Zero struct from after the field to the end */
59762 #define INFO_FL_CLEAR(v4l2_struct, field) \
59763 ((offsetof(struct v4l2_struct, field) + \
59764 sizeof(((struct v4l2_struct *)0)->field)) << 16)
59765 #define INFO_FL_CLEAR_MASK (_IOC_SIZEMASK << 16)
59766
59767 -#define IOCTL_INFO_STD(_ioctl, _vidioc, _debug, _flags) \
59768 - [_IOC_NR(_ioctl)] = { \
59769 - .ioctl = _ioctl, \
59770 - .flags = _flags | INFO_FL_STD, \
59771 - .name = #_ioctl, \
59772 - .u.offset = offsetof(struct v4l2_ioctl_ops, _vidioc), \
59773 - .debug = _debug, \
59774 - }
59775 -
59776 #define IOCTL_INFO_FNC(_ioctl, _func, _debug, _flags) \
59777 [_IOC_NR(_ioctl)] = { \
59778 .ioctl = _ioctl, \
59779 .flags = _flags | INFO_FL_FUNC, \
59780 .name = #_ioctl, \
59781 - .u.func = _func, \
59782 + .func = _func, \
59783 .debug = _debug, \
59784 }
59785
59786 @@ -2478,17 +2645,17 @@ static struct v4l2_ioctl_info v4l2_ioctls[] = {
59787 IOCTL_INFO_FNC(VIDIOC_S_FMT, v4l_s_fmt, v4l_print_format, INFO_FL_PRIO),
59788 IOCTL_INFO_FNC(VIDIOC_REQBUFS, v4l_reqbufs, v4l_print_requestbuffers, INFO_FL_PRIO | INFO_FL_QUEUE),
59789 IOCTL_INFO_FNC(VIDIOC_QUERYBUF, v4l_querybuf, v4l_print_buffer, INFO_FL_QUEUE | INFO_FL_CLEAR(v4l2_buffer, length)),
59790 - IOCTL_INFO_STD(VIDIOC_G_FBUF, vidioc_g_fbuf, v4l_print_framebuffer, 0),
59791 - IOCTL_INFO_STD(VIDIOC_S_FBUF, vidioc_s_fbuf, v4l_print_framebuffer, INFO_FL_PRIO),
59792 + IOCTL_INFO_FNC(VIDIOC_G_FBUF, v4l_vidioc_g_fbuf, v4l_print_framebuffer, 0),
59793 + IOCTL_INFO_FNC(VIDIOC_S_FBUF, v4l_vidioc_s_fbuf, v4l_print_framebuffer, INFO_FL_PRIO),
59794 IOCTL_INFO_FNC(VIDIOC_OVERLAY, v4l_overlay, v4l_print_u32, INFO_FL_PRIO),
59795 IOCTL_INFO_FNC(VIDIOC_QBUF, v4l_qbuf, v4l_print_buffer, INFO_FL_QUEUE),
59796 - IOCTL_INFO_STD(VIDIOC_EXPBUF, vidioc_expbuf, v4l_print_exportbuffer, INFO_FL_QUEUE | INFO_FL_CLEAR(v4l2_exportbuffer, flags)),
59797 + IOCTL_INFO_FNC(VIDIOC_EXPBUF, v4l_vidioc_expbuf, v4l_print_exportbuffer, INFO_FL_QUEUE | INFO_FL_CLEAR(v4l2_exportbuffer, flags)),
59798 IOCTL_INFO_FNC(VIDIOC_DQBUF, v4l_dqbuf, v4l_print_buffer, INFO_FL_QUEUE),
59799 IOCTL_INFO_FNC(VIDIOC_STREAMON, v4l_streamon, v4l_print_buftype, INFO_FL_PRIO | INFO_FL_QUEUE),
59800 IOCTL_INFO_FNC(VIDIOC_STREAMOFF, v4l_streamoff, v4l_print_buftype, INFO_FL_PRIO | INFO_FL_QUEUE),
59801 IOCTL_INFO_FNC(VIDIOC_G_PARM, v4l_g_parm, v4l_print_streamparm, INFO_FL_CLEAR(v4l2_streamparm, type)),
59802 IOCTL_INFO_FNC(VIDIOC_S_PARM, v4l_s_parm, v4l_print_streamparm, INFO_FL_PRIO),
59803 - IOCTL_INFO_STD(VIDIOC_G_STD, vidioc_g_std, v4l_print_std, 0),
59804 + IOCTL_INFO_FNC(VIDIOC_G_STD, v4l_vidioc_g_std, v4l_print_std, 0),
59805 IOCTL_INFO_FNC(VIDIOC_S_STD, v4l_s_std, v4l_print_std, INFO_FL_PRIO),
59806 IOCTL_INFO_FNC(VIDIOC_ENUMSTD, v4l_enumstd, v4l_print_standard, INFO_FL_CLEAR(v4l2_standard, index)),
59807 IOCTL_INFO_FNC(VIDIOC_ENUMINPUT, v4l_enuminput, v4l_print_enuminput, INFO_FL_CLEAR(v4l2_input, index)),
59808 @@ -2496,19 +2663,19 @@ static struct v4l2_ioctl_info v4l2_ioctls[] = {
59809 IOCTL_INFO_FNC(VIDIOC_S_CTRL, v4l_s_ctrl, v4l_print_control, INFO_FL_PRIO | INFO_FL_CTRL),
59810 IOCTL_INFO_FNC(VIDIOC_G_TUNER, v4l_g_tuner, v4l_print_tuner, INFO_FL_CLEAR(v4l2_tuner, index)),
59811 IOCTL_INFO_FNC(VIDIOC_S_TUNER, v4l_s_tuner, v4l_print_tuner, INFO_FL_PRIO),
59812 - IOCTL_INFO_STD(VIDIOC_G_AUDIO, vidioc_g_audio, v4l_print_audio, 0),
59813 - IOCTL_INFO_STD(VIDIOC_S_AUDIO, vidioc_s_audio, v4l_print_audio, INFO_FL_PRIO),
59814 + IOCTL_INFO_FNC(VIDIOC_G_AUDIO, v4l_vidioc_g_audio, v4l_print_audio, 0),
59815 + IOCTL_INFO_FNC(VIDIOC_S_AUDIO, v4l_vidioc_s_audio, v4l_print_audio, INFO_FL_PRIO),
59816 IOCTL_INFO_FNC(VIDIOC_QUERYCTRL, v4l_queryctrl, v4l_print_queryctrl, INFO_FL_CTRL | INFO_FL_CLEAR(v4l2_queryctrl, id)),
59817 IOCTL_INFO_FNC(VIDIOC_QUERYMENU, v4l_querymenu, v4l_print_querymenu, INFO_FL_CTRL | INFO_FL_CLEAR(v4l2_querymenu, index)),
59818 - IOCTL_INFO_STD(VIDIOC_G_INPUT, vidioc_g_input, v4l_print_u32, 0),
59819 + IOCTL_INFO_FNC(VIDIOC_G_INPUT, v4l_vidioc_g_input, v4l_print_u32, 0),
59820 IOCTL_INFO_FNC(VIDIOC_S_INPUT, v4l_s_input, v4l_print_u32, INFO_FL_PRIO),
59821 - IOCTL_INFO_STD(VIDIOC_G_EDID, vidioc_g_edid, v4l_print_edid, 0),
59822 - IOCTL_INFO_STD(VIDIOC_S_EDID, vidioc_s_edid, v4l_print_edid, INFO_FL_PRIO),
59823 - IOCTL_INFO_STD(VIDIOC_G_OUTPUT, vidioc_g_output, v4l_print_u32, 0),
59824 + IOCTL_INFO_FNC(VIDIOC_G_EDID, v4l_vidioc_g_edid, v4l_print_edid, 0),
59825 + IOCTL_INFO_FNC(VIDIOC_S_EDID, v4l_vidioc_s_edid, v4l_print_edid, INFO_FL_PRIO),
59826 + IOCTL_INFO_FNC(VIDIOC_G_OUTPUT, v4l_vidioc_g_output, v4l_print_u32, 0),
59827 IOCTL_INFO_FNC(VIDIOC_S_OUTPUT, v4l_s_output, v4l_print_u32, INFO_FL_PRIO),
59828 IOCTL_INFO_FNC(VIDIOC_ENUMOUTPUT, v4l_enumoutput, v4l_print_enumoutput, INFO_FL_CLEAR(v4l2_output, index)),
59829 - IOCTL_INFO_STD(VIDIOC_G_AUDOUT, vidioc_g_audout, v4l_print_audioout, 0),
59830 - IOCTL_INFO_STD(VIDIOC_S_AUDOUT, vidioc_s_audout, v4l_print_audioout, INFO_FL_PRIO),
59831 + IOCTL_INFO_FNC(VIDIOC_G_AUDOUT, v4l_vidioc_g_audout, v4l_print_audioout, 0),
59832 + IOCTL_INFO_FNC(VIDIOC_S_AUDOUT, v4l_vidioc_s_audout, v4l_print_audioout, INFO_FL_PRIO),
59833 IOCTL_INFO_FNC(VIDIOC_G_MODULATOR, v4l_g_modulator, v4l_print_modulator, INFO_FL_CLEAR(v4l2_modulator, index)),
59834 IOCTL_INFO_FNC(VIDIOC_S_MODULATOR, v4l_s_modulator, v4l_print_modulator, INFO_FL_PRIO),
59835 IOCTL_INFO_FNC(VIDIOC_G_FREQUENCY, v4l_g_frequency, v4l_print_frequency, INFO_FL_CLEAR(v4l2_frequency, tuner)),
59836 @@ -2516,14 +2683,14 @@ static struct v4l2_ioctl_info v4l2_ioctls[] = {
59837 IOCTL_INFO_FNC(VIDIOC_CROPCAP, v4l_cropcap, v4l_print_cropcap, INFO_FL_CLEAR(v4l2_cropcap, type)),
59838 IOCTL_INFO_FNC(VIDIOC_G_CROP, v4l_g_crop, v4l_print_crop, INFO_FL_CLEAR(v4l2_crop, type)),
59839 IOCTL_INFO_FNC(VIDIOC_S_CROP, v4l_s_crop, v4l_print_crop, INFO_FL_PRIO),
59840 - IOCTL_INFO_STD(VIDIOC_G_SELECTION, vidioc_g_selection, v4l_print_selection, INFO_FL_CLEAR(v4l2_selection, r)),
59841 - IOCTL_INFO_STD(VIDIOC_S_SELECTION, vidioc_s_selection, v4l_print_selection, INFO_FL_PRIO | INFO_FL_CLEAR(v4l2_selection, r)),
59842 - IOCTL_INFO_STD(VIDIOC_G_JPEGCOMP, vidioc_g_jpegcomp, v4l_print_jpegcompression, 0),
59843 - IOCTL_INFO_STD(VIDIOC_S_JPEGCOMP, vidioc_s_jpegcomp, v4l_print_jpegcompression, INFO_FL_PRIO),
59844 + IOCTL_INFO_FNC(VIDIOC_G_SELECTION, v4l_vidioc_g_selection, v4l_print_selection, INFO_FL_CLEAR(v4l2_selection, r)),
59845 + IOCTL_INFO_FNC(VIDIOC_S_SELECTION, v4l_vidioc_s_selection, v4l_print_selection, INFO_FL_PRIO | INFO_FL_CLEAR(v4l2_selection, r)),
59846 + IOCTL_INFO_FNC(VIDIOC_G_JPEGCOMP, v4l_vidioc_g_jpegcomp, v4l_print_jpegcompression, 0),
59847 + IOCTL_INFO_FNC(VIDIOC_S_JPEGCOMP, v4l_vidioc_s_jpegcomp, v4l_print_jpegcompression, INFO_FL_PRIO),
59848 IOCTL_INFO_FNC(VIDIOC_QUERYSTD, v4l_querystd, v4l_print_std, 0),
59849 IOCTL_INFO_FNC(VIDIOC_TRY_FMT, v4l_try_fmt, v4l_print_format, 0),
59850 - IOCTL_INFO_STD(VIDIOC_ENUMAUDIO, vidioc_enumaudio, v4l_print_audio, INFO_FL_CLEAR(v4l2_audio, index)),
59851 - IOCTL_INFO_STD(VIDIOC_ENUMAUDOUT, vidioc_enumaudout, v4l_print_audioout, INFO_FL_CLEAR(v4l2_audioout, index)),
59852 + IOCTL_INFO_FNC(VIDIOC_ENUMAUDIO, v4l_vidioc_enumaudio, v4l_print_audio, INFO_FL_CLEAR(v4l2_audio, index)),
59853 + IOCTL_INFO_FNC(VIDIOC_ENUMAUDOUT, v4l_vidioc_enumaudout, v4l_print_audioout, INFO_FL_CLEAR(v4l2_audioout, index)),
59854 IOCTL_INFO_FNC(VIDIOC_G_PRIORITY, v4l_g_priority, v4l_print_u32, 0),
59855 IOCTL_INFO_FNC(VIDIOC_S_PRIORITY, v4l_s_priority, v4l_print_u32, INFO_FL_PRIO),
59856 IOCTL_INFO_FNC(VIDIOC_G_SLICED_VBI_CAP, v4l_g_sliced_vbi_cap, v4l_print_sliced_vbi_cap, INFO_FL_CLEAR(v4l2_sliced_vbi_cap, type)),
59857 @@ -2531,26 +2698,26 @@ static struct v4l2_ioctl_info v4l2_ioctls[] = {
59858 IOCTL_INFO_FNC(VIDIOC_G_EXT_CTRLS, v4l_g_ext_ctrls, v4l_print_ext_controls, INFO_FL_CTRL),
59859 IOCTL_INFO_FNC(VIDIOC_S_EXT_CTRLS, v4l_s_ext_ctrls, v4l_print_ext_controls, INFO_FL_PRIO | INFO_FL_CTRL),
59860 IOCTL_INFO_FNC(VIDIOC_TRY_EXT_CTRLS, v4l_try_ext_ctrls, v4l_print_ext_controls, INFO_FL_CTRL),
59861 - IOCTL_INFO_STD(VIDIOC_ENUM_FRAMESIZES, vidioc_enum_framesizes, v4l_print_frmsizeenum, INFO_FL_CLEAR(v4l2_frmsizeenum, pixel_format)),
59862 - IOCTL_INFO_STD(VIDIOC_ENUM_FRAMEINTERVALS, vidioc_enum_frameintervals, v4l_print_frmivalenum, INFO_FL_CLEAR(v4l2_frmivalenum, height)),
59863 - IOCTL_INFO_STD(VIDIOC_G_ENC_INDEX, vidioc_g_enc_index, v4l_print_enc_idx, 0),
59864 - IOCTL_INFO_STD(VIDIOC_ENCODER_CMD, vidioc_encoder_cmd, v4l_print_encoder_cmd, INFO_FL_PRIO | INFO_FL_CLEAR(v4l2_encoder_cmd, flags)),
59865 - IOCTL_INFO_STD(VIDIOC_TRY_ENCODER_CMD, vidioc_try_encoder_cmd, v4l_print_encoder_cmd, INFO_FL_CLEAR(v4l2_encoder_cmd, flags)),
59866 - IOCTL_INFO_STD(VIDIOC_DECODER_CMD, vidioc_decoder_cmd, v4l_print_decoder_cmd, INFO_FL_PRIO),
59867 - IOCTL_INFO_STD(VIDIOC_TRY_DECODER_CMD, vidioc_try_decoder_cmd, v4l_print_decoder_cmd, 0),
59868 + IOCTL_INFO_FNC(VIDIOC_ENUM_FRAMESIZES, v4l_vidioc_enum_framesizes, v4l_print_frmsizeenum, INFO_FL_CLEAR(v4l2_frmsizeenum, pixel_format)),
59869 + IOCTL_INFO_FNC(VIDIOC_ENUM_FRAMEINTERVALS, v4l_vidioc_enum_frameintervals, v4l_print_frmivalenum, INFO_FL_CLEAR(v4l2_frmivalenum, height)),
59870 + IOCTL_INFO_FNC(VIDIOC_G_ENC_INDEX, v4l_vidioc_g_enc_index, v4l_print_enc_idx, 0),
59871 + IOCTL_INFO_FNC(VIDIOC_ENCODER_CMD, v4l_vidioc_encoder_cmd, v4l_print_encoder_cmd, INFO_FL_PRIO | INFO_FL_CLEAR(v4l2_encoder_cmd, flags)),
59872 + IOCTL_INFO_FNC(VIDIOC_TRY_ENCODER_CMD, v4l_vidioc_try_encoder_cmd, v4l_print_encoder_cmd, INFO_FL_CLEAR(v4l2_encoder_cmd, flags)),
59873 + IOCTL_INFO_FNC(VIDIOC_DECODER_CMD, v4l_vidioc_decoder_cmd, v4l_print_decoder_cmd, INFO_FL_PRIO),
59874 + IOCTL_INFO_FNC(VIDIOC_TRY_DECODER_CMD, v4l_vidioc_try_decoder_cmd, v4l_print_decoder_cmd, 0),
59875 IOCTL_INFO_FNC(VIDIOC_DBG_S_REGISTER, v4l_dbg_s_register, v4l_print_dbg_register, 0),
59876 IOCTL_INFO_FNC(VIDIOC_DBG_G_REGISTER, v4l_dbg_g_register, v4l_print_dbg_register, 0),
59877 IOCTL_INFO_FNC(VIDIOC_S_HW_FREQ_SEEK, v4l_s_hw_freq_seek, v4l_print_hw_freq_seek, INFO_FL_PRIO),
59878 - IOCTL_INFO_STD(VIDIOC_S_DV_TIMINGS, vidioc_s_dv_timings, v4l_print_dv_timings, INFO_FL_PRIO | INFO_FL_CLEAR(v4l2_dv_timings, bt.flags)),
59879 - IOCTL_INFO_STD(VIDIOC_G_DV_TIMINGS, vidioc_g_dv_timings, v4l_print_dv_timings, 0),
59880 + IOCTL_INFO_FNC(VIDIOC_S_DV_TIMINGS, v4l_vidioc_s_dv_timings, v4l_print_dv_timings, INFO_FL_PRIO | INFO_FL_CLEAR(v4l2_dv_timings, bt.flags)),
59881 + IOCTL_INFO_FNC(VIDIOC_G_DV_TIMINGS, v4l_vidioc_g_dv_timings, v4l_print_dv_timings, 0),
59882 IOCTL_INFO_FNC(VIDIOC_DQEVENT, v4l_dqevent, v4l_print_event, 0),
59883 IOCTL_INFO_FNC(VIDIOC_SUBSCRIBE_EVENT, v4l_subscribe_event, v4l_print_event_subscription, 0),
59884 IOCTL_INFO_FNC(VIDIOC_UNSUBSCRIBE_EVENT, v4l_unsubscribe_event, v4l_print_event_subscription, 0),
59885 IOCTL_INFO_FNC(VIDIOC_CREATE_BUFS, v4l_create_bufs, v4l_print_create_buffers, INFO_FL_PRIO | INFO_FL_QUEUE),
59886 IOCTL_INFO_FNC(VIDIOC_PREPARE_BUF, v4l_prepare_buf, v4l_print_buffer, INFO_FL_QUEUE),
59887 - IOCTL_INFO_STD(VIDIOC_ENUM_DV_TIMINGS, vidioc_enum_dv_timings, v4l_print_enum_dv_timings, INFO_FL_CLEAR(v4l2_enum_dv_timings, pad)),
59888 - IOCTL_INFO_STD(VIDIOC_QUERY_DV_TIMINGS, vidioc_query_dv_timings, v4l_print_dv_timings, 0),
59889 - IOCTL_INFO_STD(VIDIOC_DV_TIMINGS_CAP, vidioc_dv_timings_cap, v4l_print_dv_timings_cap, INFO_FL_CLEAR(v4l2_dv_timings_cap, type)),
59890 + IOCTL_INFO_FNC(VIDIOC_ENUM_DV_TIMINGS, v4l_vidioc_enum_dv_timings, v4l_print_enum_dv_timings, INFO_FL_CLEAR(v4l2_enum_dv_timings, pad)),
59891 + IOCTL_INFO_FNC(VIDIOC_QUERY_DV_TIMINGS, v4l_vidioc_query_dv_timings, v4l_print_dv_timings, 0),
59892 + IOCTL_INFO_FNC(VIDIOC_DV_TIMINGS_CAP, v4l_vidioc_dv_timings_cap, v4l_print_dv_timings_cap, INFO_FL_CLEAR(v4l2_dv_timings_cap, type)),
59893 IOCTL_INFO_FNC(VIDIOC_ENUM_FREQ_BANDS, v4l_enum_freq_bands, v4l_print_freq_band, 0),
59894 IOCTL_INFO_FNC(VIDIOC_DBG_G_CHIP_INFO, v4l_dbg_g_chip_info, v4l_print_dbg_chip_info, INFO_FL_CLEAR(v4l2_dbg_chip_info, match)),
59895 IOCTL_INFO_FNC(VIDIOC_QUERY_EXT_CTRL, v4l_query_ext_ctrl, v4l_print_query_ext_ctrl, INFO_FL_CTRL | INFO_FL_CLEAR(v4l2_query_ext_ctrl, id)),
59896 @@ -2619,7 +2786,7 @@ static long __video_do_ioctl(struct file *file,
59897 struct video_device *vfd = video_devdata(file);
59898 const struct v4l2_ioctl_ops *ops = vfd->ioctl_ops;
59899 bool write_only = false;
59900 - struct v4l2_ioctl_info default_info;
59901 + v4l2_ioctl_info_no_const default_info;
59902 const struct v4l2_ioctl_info *info;
59903 void *fh = file->private_data;
59904 struct v4l2_fh *vfh = NULL;
59905 @@ -2655,14 +2822,8 @@ static long __video_do_ioctl(struct file *file,
59906 }
59907
59908 write_only = _IOC_DIR(cmd) == _IOC_WRITE;
59909 - if (info->flags & INFO_FL_STD) {
59910 - typedef int (*vidioc_op)(struct file *file, void *fh, void *p);
59911 - const void *p = vfd->ioctl_ops;
59912 - const vidioc_op *vidioc = p + info->u.offset;
59913 -
59914 - ret = (*vidioc)(file, fh, arg);
59915 - } else if (info->flags & INFO_FL_FUNC) {
59916 - ret = info->u.func(ops, file, fh, arg);
59917 + if (info->flags & INFO_FL_FUNC) {
59918 + ret = info->func(ops, file, fh, arg);
59919 } else if (!ops->vidioc_default) {
59920 ret = -ENOTTY;
59921 } else {
59922 @@ -2710,7 +2871,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size,
59923 ret = -EINVAL;
59924 break;
59925 }
59926 - *user_ptr = (void __user *)buf->m.planes;
59927 + *user_ptr = (void __force_user *)buf->m.planes;
59928 *kernel_ptr = (void **)&buf->m.planes;
59929 *array_size = sizeof(struct v4l2_plane) * buf->length;
59930 ret = 1;
59931 @@ -2727,7 +2888,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size,
59932 ret = -EINVAL;
59933 break;
59934 }
59935 - *user_ptr = (void __user *)edid->edid;
59936 + *user_ptr = (void __force_user *)edid->edid;
59937 *kernel_ptr = (void **)&edid->edid;
59938 *array_size = edid->blocks * 128;
59939 ret = 1;
59940 @@ -2745,7 +2906,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size,
59941 ret = -EINVAL;
59942 break;
59943 }
59944 - *user_ptr = (void __user *)ctrls->controls;
59945 + *user_ptr = (void __force_user *)ctrls->controls;
59946 *kernel_ptr = (void **)&ctrls->controls;
59947 *array_size = sizeof(struct v4l2_ext_control)
59948 * ctrls->count;
59949 @@ -2846,7 +3007,7 @@ video_usercopy(struct file *file, unsigned int cmd, unsigned long arg,
59950 }
59951
59952 if (has_array_args) {
59953 - *kernel_ptr = (void __force *)user_ptr;
59954 + *kernel_ptr = (void __force_kernel *)user_ptr;
59955 if (copy_to_user(user_ptr, mbuf, array_size))
59956 err = -EFAULT;
59957 goto out_array_args;
59958 diff --git a/drivers/memory/omap-gpmc.c b/drivers/memory/omap-gpmc.c
59959 index f00f3e7..9138f66 100644
59960 --- a/drivers/memory/omap-gpmc.c
59961 +++ b/drivers/memory/omap-gpmc.c
59962 @@ -233,7 +233,7 @@ struct omap3_gpmc_regs {
59963 struct gpmc_device {
59964 struct device *dev;
59965 int irq;
59966 - struct irq_chip irq_chip;
59967 + struct irq_chip *irq_chip;
59968 struct gpio_chip gpio_chip;
59969 int nirqs;
59970 };
59971 @@ -1254,10 +1254,10 @@ static int gpmc_irq_map(struct irq_domain *d, unsigned int virq,
59972 irq_set_chip_data(virq, gpmc);
59973 if (hw < GPMC_NR_NAND_IRQS) {
59974 irq_modify_status(virq, IRQ_NOREQUEST, IRQ_NOAUTOEN);
59975 - irq_set_chip_and_handler(virq, &gpmc->irq_chip,
59976 + irq_set_chip_and_handler(virq, gpmc->irq_chip,
59977 handle_simple_irq);
59978 } else {
59979 - irq_set_chip_and_handler(virq, &gpmc->irq_chip,
59980 + irq_set_chip_and_handler(virq, gpmc->irq_chip,
59981 handle_edge_irq);
59982 }
59983
59984 @@ -1303,6 +1303,16 @@ static irqreturn_t gpmc_handle_irq(int irq, void *data)
59985 return IRQ_HANDLED;
59986 }
59987
59988 +static struct irq_chip gpmc_irq_chip = {
59989 + .name = "gpmc",
59990 + .irq_enable = gpmc_irq_enable,
59991 + .irq_disable = gpmc_irq_disable,
59992 + .irq_ack = gpmc_irq_ack,
59993 + .irq_mask = gpmc_irq_mask,
59994 + .irq_unmask = gpmc_irq_unmask,
59995 + .irq_set_type = gpmc_irq_set_type,
59996 +};
59997 +
59998 static int gpmc_setup_irq(struct gpmc_device *gpmc)
59999 {
60000 u32 regval;
60001 @@ -1315,13 +1325,7 @@ static int gpmc_setup_irq(struct gpmc_device *gpmc)
60002 regval = gpmc_read_reg(GPMC_IRQSTATUS);
60003 gpmc_write_reg(GPMC_IRQSTATUS, regval);
60004
60005 - gpmc->irq_chip.name = "gpmc";
60006 - gpmc->irq_chip.irq_enable = gpmc_irq_enable;
60007 - gpmc->irq_chip.irq_disable = gpmc_irq_disable;
60008 - gpmc->irq_chip.irq_ack = gpmc_irq_ack;
60009 - gpmc->irq_chip.irq_mask = gpmc_irq_mask;
60010 - gpmc->irq_chip.irq_unmask = gpmc_irq_unmask;
60011 - gpmc->irq_chip.irq_set_type = gpmc_irq_set_type;
60012 + gpmc->irq_chip = &gpmc_irq_chip;
60013
60014 gpmc_irq_domain = irq_domain_add_linear(gpmc->dev->of_node,
60015 gpmc->nirqs,
60016 diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c
60017 index 5537f8d..f990a1d 100644
60018 --- a/drivers/message/fusion/mptbase.c
60019 +++ b/drivers/message/fusion/mptbase.c
60020 @@ -99,7 +99,7 @@ module_param(mpt_channel_mapping, int, 0);
60021 MODULE_PARM_DESC(mpt_channel_mapping, " Mapping id's to channels (default=0)");
60022
60023 static int mpt_debug_level;
60024 -static int mpt_set_debug_level(const char *val, struct kernel_param *kp);
60025 +static int mpt_set_debug_level(const char *val, const struct kernel_param *kp);
60026 module_param_call(mpt_debug_level, mpt_set_debug_level, param_get_int,
60027 &mpt_debug_level, 0600);
60028 MODULE_PARM_DESC(mpt_debug_level,
60029 @@ -242,7 +242,7 @@ pci_enable_io_access(struct pci_dev *pdev)
60030 pci_write_config_word(pdev, PCI_COMMAND, command_reg);
60031 }
60032
60033 -static int mpt_set_debug_level(const char *val, struct kernel_param *kp)
60034 +static int mpt_set_debug_level(const char *val, const struct kernel_param *kp)
60035 {
60036 int ret = param_set_int(val, kp);
60037 MPT_ADAPTER *ioc;
60038 @@ -6748,8 +6748,13 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v)
60039 seq_printf(m, " MaxChainDepth = 0x%02x frames\n", ioc->facts.MaxChainDepth);
60040 seq_printf(m, " MinBlockSize = 0x%02x bytes\n", 4*ioc->facts.BlockSize);
60041
60042 +#ifdef CONFIG_GRKERNSEC_HIDESYM
60043 + seq_printf(m, " RequestFrames @ 0x%p (Dma @ 0x%p)\n", NULL, NULL);
60044 +#else
60045 seq_printf(m, " RequestFrames @ 0x%p (Dma @ 0x%p)\n",
60046 (void *)ioc->req_frames, (void *)(ulong)ioc->req_frames_dma);
60047 +#endif
60048 +
60049 /*
60050 * Rounding UP to nearest 4-kB boundary here...
60051 */
60052 @@ -6762,7 +6767,11 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v)
60053 ioc->facts.GlobalCredits);
60054
60055 seq_printf(m, " Frames @ 0x%p (Dma @ 0x%p)\n",
60056 +#ifdef CONFIG_GRKERNSEC_HIDESYM
60057 + NULL, NULL);
60058 +#else
60059 (void *)ioc->alloc, (void *)(ulong)ioc->alloc_dma);
60060 +#endif
60061 sz = (ioc->reply_sz * ioc->reply_depth) + 128;
60062 seq_printf(m, " {CurRepSz=%d} x {CurRepDepth=%d} = %d bytes ^= 0x%x\n",
60063 ioc->reply_sz, ioc->reply_depth, ioc->reply_sz*ioc->reply_depth, sz);
60064 diff --git a/drivers/message/fusion/mptlan.c b/drivers/message/fusion/mptlan.c
60065 index 6955c9e..03bc466 100644
60066 --- a/drivers/message/fusion/mptlan.c
60067 +++ b/drivers/message/fusion/mptlan.c
60068 @@ -680,7 +680,7 @@ out:
60069 }
60070
60071 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
60072 -static int
60073 +static netdev_tx_t
60074 mpt_lan_sdu_send (struct sk_buff *skb, struct net_device *dev)
60075 {
60076 struct mpt_lan_priv *priv = netdev_priv(dev);
60077 diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c
60078 index 7ee1667..c36740d 100644
60079 --- a/drivers/message/fusion/mptsas.c
60080 +++ b/drivers/message/fusion/mptsas.c
60081 @@ -446,6 +446,23 @@ mptsas_is_end_device(struct mptsas_devinfo * attached)
60082 return 0;
60083 }
60084
60085 +static inline void
60086 +mptsas_set_rphy(MPT_ADAPTER *ioc, struct mptsas_phyinfo *phy_info, struct sas_rphy *rphy)
60087 +{
60088 + if (phy_info->port_details) {
60089 + phy_info->port_details->rphy = rphy;
60090 + dsaswideprintk(ioc, printk(MYIOC_s_DEBUG_FMT "sas_rphy_add: rphy=%p\n",
60091 + ioc->name, rphy));
60092 + }
60093 +
60094 + if (rphy) {
60095 + dsaswideprintk(ioc, dev_printk(KERN_DEBUG,
60096 + &rphy->dev, MYIOC_s_FMT "add:", ioc->name));
60097 + dsaswideprintk(ioc, printk(MYIOC_s_DEBUG_FMT "rphy=%p release=%p\n",
60098 + ioc->name, rphy, rphy->dev.release));
60099 + }
60100 +}
60101 +
60102 /* no mutex */
60103 static void
60104 mptsas_port_delete(MPT_ADAPTER *ioc, struct mptsas_portinfo_details * port_details)
60105 @@ -484,23 +501,6 @@ mptsas_get_rphy(struct mptsas_phyinfo *phy_info)
60106 return NULL;
60107 }
60108
60109 -static inline void
60110 -mptsas_set_rphy(MPT_ADAPTER *ioc, struct mptsas_phyinfo *phy_info, struct sas_rphy *rphy)
60111 -{
60112 - if (phy_info->port_details) {
60113 - phy_info->port_details->rphy = rphy;
60114 - dsaswideprintk(ioc, printk(MYIOC_s_DEBUG_FMT "sas_rphy_add: rphy=%p\n",
60115 - ioc->name, rphy));
60116 - }
60117 -
60118 - if (rphy) {
60119 - dsaswideprintk(ioc, dev_printk(KERN_DEBUG,
60120 - &rphy->dev, MYIOC_s_FMT "add:", ioc->name));
60121 - dsaswideprintk(ioc, printk(MYIOC_s_DEBUG_FMT "rphy=%p release=%p\n",
60122 - ioc->name, rphy, rphy->dev.release));
60123 - }
60124 -}
60125 -
60126 static inline struct sas_port *
60127 mptsas_get_port(struct mptsas_phyinfo *phy_info)
60128 {
60129 diff --git a/drivers/mfd/ab8500-debugfs.c b/drivers/mfd/ab8500-debugfs.c
60130 index 0aecd7b..41bf9bf 100644
60131 --- a/drivers/mfd/ab8500-debugfs.c
60132 +++ b/drivers/mfd/ab8500-debugfs.c
60133 @@ -100,7 +100,7 @@ static int irq_last;
60134 static u32 *irq_count;
60135 static int num_irqs;
60136
60137 -static struct device_attribute **dev_attr;
60138 +static device_attribute_no_const **dev_attr;
60139 static char **event_name;
60140
60141 static u8 avg_sample = SAMPLE_16;
60142 diff --git a/drivers/mfd/kempld-core.c b/drivers/mfd/kempld-core.c
60143 index da5722d..d405030 100644
60144 --- a/drivers/mfd/kempld-core.c
60145 +++ b/drivers/mfd/kempld-core.c
60146 @@ -494,7 +494,7 @@ static struct platform_driver kempld_driver = {
60147 .remove = kempld_remove,
60148 };
60149
60150 -static struct dmi_system_id kempld_dmi_table[] __initdata = {
60151 +static const struct dmi_system_id kempld_dmi_table[] __initconst = {
60152 {
60153 .ident = "BBL6",
60154 .matches = {
60155 diff --git a/drivers/mfd/max8925-i2c.c b/drivers/mfd/max8925-i2c.c
60156 index 5c80aea..1006323 100644
60157 --- a/drivers/mfd/max8925-i2c.c
60158 +++ b/drivers/mfd/max8925-i2c.c
60159 @@ -151,7 +151,7 @@ static int max8925_probe(struct i2c_client *client,
60160 const struct i2c_device_id *id)
60161 {
60162 struct max8925_platform_data *pdata = dev_get_platdata(&client->dev);
60163 - static struct max8925_chip *chip;
60164 + struct max8925_chip *chip;
60165 struct device_node *node = client->dev.of_node;
60166
60167 if (node && !pdata) {
60168 diff --git a/drivers/mfd/rn5t618.c b/drivers/mfd/rn5t618.c
60169 index ee94080..e2a4a3d 100644
60170 --- a/drivers/mfd/rn5t618.c
60171 +++ b/drivers/mfd/rn5t618.c
60172 @@ -52,7 +52,6 @@ static const struct regmap_config rn5t618_regmap_config = {
60173 };
60174
60175 static struct rn5t618 *rn5t618_pm_power_off;
60176 -static struct notifier_block rn5t618_restart_handler;
60177
60178 static void rn5t618_trigger_poweroff_sequence(bool repower)
60179 {
60180 @@ -84,6 +83,12 @@ static int rn5t618_restart(struct notifier_block *this,
60181 return NOTIFY_DONE;
60182 }
60183
60184 +static struct notifier_block rn5t618_restart_handler = {
60185 + .notifier_call = rn5t618_restart,
60186 + .priority = 192,
60187 +
60188 +};
60189 +
60190 static const struct of_device_id rn5t618_of_match[] = {
60191 { .compatible = "ricoh,rn5t567", .data = (void *)RN5T567 },
60192 { .compatible = "ricoh,rn5t618", .data = (void *)RN5T618 },
60193 @@ -133,9 +138,6 @@ static int rn5t618_i2c_probe(struct i2c_client *i2c,
60194 dev_warn(&i2c->dev, "Poweroff callback already assigned\n");
60195 }
60196
60197 - rn5t618_restart_handler.notifier_call = rn5t618_restart;
60198 - rn5t618_restart_handler.priority = 192;
60199 -
60200 ret = register_restart_handler(&rn5t618_restart_handler);
60201 if (ret) {
60202 dev_err(&i2c->dev, "cannot register restart handler, %d\n", ret);
60203 diff --git a/drivers/mfd/tps65910.c b/drivers/mfd/tps65910.c
60204 index 11cab15..d144bd9 100644
60205 --- a/drivers/mfd/tps65910.c
60206 +++ b/drivers/mfd/tps65910.c
60207 @@ -230,7 +230,7 @@ static int tps65910_irq_init(struct tps65910 *tps65910, int irq,
60208 struct tps65910_platform_data *pdata)
60209 {
60210 int ret = 0;
60211 - static struct regmap_irq_chip *tps6591x_irqs_chip;
60212 + struct regmap_irq_chip *tps6591x_irqs_chip;
60213
60214 if (!irq) {
60215 dev_warn(tps65910->dev, "No interrupt support, no core IRQ\n");
60216 diff --git a/drivers/mfd/twl4030-irq.c b/drivers/mfd/twl4030-irq.c
60217 index b46c0cf..89e322b 100644
60218 --- a/drivers/mfd/twl4030-irq.c
60219 +++ b/drivers/mfd/twl4030-irq.c
60220 @@ -34,6 +34,7 @@
60221 #include <linux/of.h>
60222 #include <linux/irqdomain.h>
60223 #include <linux/i2c/twl.h>
60224 +#include <asm/pgtable.h>
60225
60226 #include "twl-core.h"
60227
60228 @@ -720,10 +721,12 @@ int twl4030_init_irq(struct device *dev, int irq_num)
60229 * Install an irq handler for each of the SIH modules;
60230 * clone dummy irq_chip since PIH can't *do* anything
60231 */
60232 - twl4030_irq_chip = dummy_irq_chip;
60233 - twl4030_irq_chip.name = "twl4030";
60234 + pax_open_kernel();
60235 + memcpy((void *)&twl4030_irq_chip, &dummy_irq_chip, sizeof twl4030_irq_chip);
60236 + const_cast(twl4030_irq_chip.name) = "twl4030";
60237
60238 - twl4030_sih_irq_chip.irq_ack = dummy_irq_chip.irq_ack;
60239 + const_cast(twl4030_sih_irq_chip.irq_ack) = dummy_irq_chip.irq_ack;
60240 + pax_close_kernel();
60241
60242 for (i = irq_base; i < irq_end; i++) {
60243 irq_set_chip_and_handler(i, &twl4030_irq_chip,
60244 diff --git a/drivers/misc/c2port/core.c b/drivers/misc/c2port/core.c
60245 index 1922cb8..e14fb42 100644
60246 --- a/drivers/misc/c2port/core.c
60247 +++ b/drivers/misc/c2port/core.c
60248 @@ -918,7 +918,9 @@ struct c2port_device *c2port_device_register(char *name,
60249 goto error_idr_alloc;
60250 c2dev->id = ret;
60251
60252 - bin_attr_flash_data.size = ops->blocks_num * ops->block_size;
60253 + pax_open_kernel();
60254 + const_cast(bin_attr_flash_data.size) = ops->blocks_num * ops->block_size;
60255 + pax_close_kernel();
60256
60257 c2dev->dev = device_create(c2port_class, NULL, 0, c2dev,
60258 "c2port%d", c2dev->id);
60259 diff --git a/drivers/misc/kgdbts.c b/drivers/misc/kgdbts.c
60260 index 99635dd..255bd78 100644
60261 --- a/drivers/misc/kgdbts.c
60262 +++ b/drivers/misc/kgdbts.c
60263 @@ -834,7 +834,7 @@ static void run_plant_and_detach_test(int is_early)
60264 char before[BREAK_INSTR_SIZE];
60265 char after[BREAK_INSTR_SIZE];
60266
60267 - probe_kernel_read(before, (char *)kgdbts_break_test,
60268 + probe_kernel_read(before, (void *)ktla_ktva((unsigned long)kgdbts_break_test),
60269 BREAK_INSTR_SIZE);
60270 init_simple_test();
60271 ts.tst = plant_and_detach_test;
60272 @@ -842,7 +842,7 @@ static void run_plant_and_detach_test(int is_early)
60273 /* Activate test with initial breakpoint */
60274 if (!is_early)
60275 kgdb_breakpoint();
60276 - probe_kernel_read(after, (char *)kgdbts_break_test,
60277 + probe_kernel_read(after, (void *)ktla_ktva((unsigned long)kgdbts_break_test),
60278 BREAK_INSTR_SIZE);
60279 if (memcmp(before, after, BREAK_INSTR_SIZE)) {
60280 printk(KERN_CRIT "kgdbts: ERROR kgdb corrupted memory\n");
60281 @@ -1130,7 +1130,7 @@ static void kgdbts_put_char(u8 chr)
60282 ts.run_test(0, chr);
60283 }
60284
60285 -static int param_set_kgdbts_var(const char *kmessage, struct kernel_param *kp)
60286 +static int param_set_kgdbts_var(const char *kmessage, const struct kernel_param *kp)
60287 {
60288 int len = strlen(kmessage);
60289
60290 diff --git a/drivers/misc/lis3lv02d/lis3lv02d.c b/drivers/misc/lis3lv02d/lis3lv02d.c
60291 index fb8705f..dc2f679 100644
60292 --- a/drivers/misc/lis3lv02d/lis3lv02d.c
60293 +++ b/drivers/misc/lis3lv02d/lis3lv02d.c
60294 @@ -497,7 +497,7 @@ static irqreturn_t lis302dl_interrupt(int irq, void *data)
60295 * the lid is closed. This leads to interrupts as soon as a little move
60296 * is done.
60297 */
60298 - atomic_inc(&lis3->count);
60299 + atomic_inc_unchecked(&lis3->count);
60300
60301 wake_up_interruptible(&lis3->misc_wait);
60302 kill_fasync(&lis3->async_queue, SIGIO, POLL_IN);
60303 @@ -583,7 +583,7 @@ static int lis3lv02d_misc_open(struct inode *inode, struct file *file)
60304 if (lis3->pm_dev)
60305 pm_runtime_get_sync(lis3->pm_dev);
60306
60307 - atomic_set(&lis3->count, 0);
60308 + atomic_set_unchecked(&lis3->count, 0);
60309 return 0;
60310 }
60311
60312 @@ -615,7 +615,7 @@ static ssize_t lis3lv02d_misc_read(struct file *file, char __user *buf,
60313 add_wait_queue(&lis3->misc_wait, &wait);
60314 while (true) {
60315 set_current_state(TASK_INTERRUPTIBLE);
60316 - data = atomic_xchg(&lis3->count, 0);
60317 + data = atomic_xchg_unchecked(&lis3->count, 0);
60318 if (data)
60319 break;
60320
60321 @@ -656,7 +656,7 @@ static unsigned int lis3lv02d_misc_poll(struct file *file, poll_table *wait)
60322 struct lis3lv02d, miscdev);
60323
60324 poll_wait(file, &lis3->misc_wait, wait);
60325 - if (atomic_read(&lis3->count))
60326 + if (atomic_read_unchecked(&lis3->count))
60327 return POLLIN | POLLRDNORM;
60328 return 0;
60329 }
60330 diff --git a/drivers/misc/lis3lv02d/lis3lv02d.h b/drivers/misc/lis3lv02d/lis3lv02d.h
60331 index c439c82..1f20f57 100644
60332 --- a/drivers/misc/lis3lv02d/lis3lv02d.h
60333 +++ b/drivers/misc/lis3lv02d/lis3lv02d.h
60334 @@ -297,7 +297,7 @@ struct lis3lv02d {
60335 struct input_polled_dev *idev; /* input device */
60336 struct platform_device *pdev; /* platform device */
60337 struct regulator_bulk_data regulators[2];
60338 - atomic_t count; /* interrupt count after last read */
60339 + atomic_unchecked_t count; /* interrupt count after last read */
60340 union axis_conversion ac; /* hw -> logical axis */
60341 int mapped_btns[3];
60342
60343 diff --git a/drivers/misc/mic/scif/scif_api.c b/drivers/misc/mic/scif/scif_api.c
60344 index ddc9e4b..9e27f41 100644
60345 --- a/drivers/misc/mic/scif/scif_api.c
60346 +++ b/drivers/misc/mic/scif/scif_api.c
60347 @@ -1486,10 +1486,12 @@ int scif_client_register(struct scif_client *client)
60348 {
60349 struct subsys_interface *si = &client->si;
60350
60351 - si->name = client->name;
60352 - si->subsys = &scif_peer_bus;
60353 - si->add_dev = scif_add_client_dev;
60354 - si->remove_dev = scif_remove_client_dev;
60355 + pax_open_kernel();
60356 + const_cast(si->name) = client->name;
60357 + const_cast(si->subsys) = &scif_peer_bus;
60358 + const_cast(si->add_dev) = scif_add_client_dev;
60359 + const_cast(si->remove_dev) = scif_remove_client_dev;
60360 + pax_close_kernel();
60361
60362 return subsys_interface_register(&client->si);
60363 }
60364 diff --git a/drivers/misc/mic/scif/scif_rb.c b/drivers/misc/mic/scif/scif_rb.c
60365 index 637cc46..4fb1267 100644
60366 --- a/drivers/misc/mic/scif/scif_rb.c
60367 +++ b/drivers/misc/mic/scif/scif_rb.c
60368 @@ -138,7 +138,7 @@ void scif_rb_commit(struct scif_rb *rb)
60369 * the read barrier in scif_rb_count(..)
60370 */
60371 wmb();
60372 - ACCESS_ONCE(*rb->write_ptr) = rb->current_write_offset;
60373 + ACCESS_ONCE_RW(*rb->write_ptr) = rb->current_write_offset;
60374 #ifdef CONFIG_INTEL_MIC_CARD
60375 /*
60376 * X100 Si bug: For the case where a Core is performing an EXT_WR
60377 @@ -147,7 +147,7 @@ void scif_rb_commit(struct scif_rb *rb)
60378 * This way, if ordering is violated for the Interrupt Message, it will
60379 * fall just behind the first Posted associated with the first EXT_WR.
60380 */
60381 - ACCESS_ONCE(*rb->write_ptr) = rb->current_write_offset;
60382 + ACCESS_ONCE_RW(*rb->write_ptr) = rb->current_write_offset;
60383 #endif
60384 }
60385
60386 @@ -210,7 +210,7 @@ void scif_rb_update_read_ptr(struct scif_rb *rb)
60387 * scif_rb_space(..)
60388 */
60389 mb();
60390 - ACCESS_ONCE(*rb->read_ptr) = new_offset;
60391 + ACCESS_ONCE_RW(*rb->read_ptr) = new_offset;
60392 #ifdef CONFIG_INTEL_MIC_CARD
60393 /*
60394 * X100 Si Bug: For the case where a Core is performing an EXT_WR
60395 @@ -219,7 +219,7 @@ void scif_rb_update_read_ptr(struct scif_rb *rb)
60396 * This way, if ordering is violated for the Interrupt Message, it will
60397 * fall just behind the first Posted associated with the first EXT_WR.
60398 */
60399 - ACCESS_ONCE(*rb->read_ptr) = new_offset;
60400 + ACCESS_ONCE_RW(*rb->read_ptr) = new_offset;
60401 #endif
60402 }
60403
60404 diff --git a/drivers/misc/panel.c b/drivers/misc/panel.c
60405 index 6030ac5..e498727 100644
60406 --- a/drivers/misc/panel.c
60407 +++ b/drivers/misc/panel.c
60408 @@ -1983,7 +1983,7 @@ static void panel_process_inputs(void)
60409 }
60410 }
60411
60412 -static void panel_scan_timer(void)
60413 +static void panel_scan_timer(unsigned long data)
60414 {
60415 if (keypad.enabled && keypad_initialized) {
60416 if (spin_trylock_irq(&pprt_lock)) {
60417 @@ -2019,7 +2019,7 @@ static void init_scan_timer(void)
60418 if (scan_timer.function)
60419 return; /* already started */
60420
60421 - setup_timer(&scan_timer, (void *)&panel_scan_timer, 0);
60422 + setup_timer(&scan_timer, &panel_scan_timer, 0);
60423 scan_timer.expires = jiffies + INPUT_POLL_TIME;
60424 add_timer(&scan_timer);
60425 }
60426 diff --git a/drivers/misc/sgi-gru/gruhandles.c b/drivers/misc/sgi-gru/gruhandles.c
60427 index 1ee8e82..785f528 100644
60428 --- a/drivers/misc/sgi-gru/gruhandles.c
60429 +++ b/drivers/misc/sgi-gru/gruhandles.c
60430 @@ -44,8 +44,8 @@ static void update_mcs_stats(enum mcs_op op, unsigned long clks)
60431 unsigned long nsec;
60432
60433 nsec = CLKS2NSEC(clks);
60434 - atomic_long_inc(&mcs_op_statistics[op].count);
60435 - atomic_long_add(nsec, &mcs_op_statistics[op].total);
60436 + atomic_long_inc_unchecked(&mcs_op_statistics[op].count);
60437 + atomic_long_add_unchecked(nsec, &mcs_op_statistics[op].total);
60438 if (mcs_op_statistics[op].max < nsec)
60439 mcs_op_statistics[op].max = nsec;
60440 }
60441 diff --git a/drivers/misc/sgi-gru/gruprocfs.c b/drivers/misc/sgi-gru/gruprocfs.c
60442 index 4f76359..cdfcb2e 100644
60443 --- a/drivers/misc/sgi-gru/gruprocfs.c
60444 +++ b/drivers/misc/sgi-gru/gruprocfs.c
60445 @@ -32,9 +32,9 @@
60446
60447 #define printstat(s, f) printstat_val(s, &gru_stats.f, #f)
60448
60449 -static void printstat_val(struct seq_file *s, atomic_long_t *v, char *id)
60450 +static void printstat_val(struct seq_file *s, atomic_long_unchecked_t *v, char *id)
60451 {
60452 - unsigned long val = atomic_long_read(v);
60453 + unsigned long val = atomic_long_read_unchecked(v);
60454
60455 seq_printf(s, "%16lu %s\n", val, id);
60456 }
60457 @@ -134,8 +134,8 @@ static int mcs_statistics_show(struct seq_file *s, void *p)
60458
60459 seq_printf(s, "%-20s%12s%12s%12s\n", "#id", "count", "aver-clks", "max-clks");
60460 for (op = 0; op < mcsop_last; op++) {
60461 - count = atomic_long_read(&mcs_op_statistics[op].count);
60462 - total = atomic_long_read(&mcs_op_statistics[op].total);
60463 + count = atomic_long_read_unchecked(&mcs_op_statistics[op].count);
60464 + total = atomic_long_read_unchecked(&mcs_op_statistics[op].total);
60465 max = mcs_op_statistics[op].max;
60466 seq_printf(s, "%-20s%12ld%12ld%12ld\n", id[op], count,
60467 count ? total / count : 0, max);
60468 diff --git a/drivers/misc/sgi-gru/grutables.h b/drivers/misc/sgi-gru/grutables.h
60469 index 5c3ce24..4915ccb 100644
60470 --- a/drivers/misc/sgi-gru/grutables.h
60471 +++ b/drivers/misc/sgi-gru/grutables.h
60472 @@ -167,82 +167,82 @@ extern unsigned int gru_max_gids;
60473 * GRU statistics.
60474 */
60475 struct gru_stats_s {
60476 - atomic_long_t vdata_alloc;
60477 - atomic_long_t vdata_free;
60478 - atomic_long_t gts_alloc;
60479 - atomic_long_t gts_free;
60480 - atomic_long_t gms_alloc;
60481 - atomic_long_t gms_free;
60482 - atomic_long_t gts_double_allocate;
60483 - atomic_long_t assign_context;
60484 - atomic_long_t assign_context_failed;
60485 - atomic_long_t free_context;
60486 - atomic_long_t load_user_context;
60487 - atomic_long_t load_kernel_context;
60488 - atomic_long_t lock_kernel_context;
60489 - atomic_long_t unlock_kernel_context;
60490 - atomic_long_t steal_user_context;
60491 - atomic_long_t steal_kernel_context;
60492 - atomic_long_t steal_context_failed;
60493 - atomic_long_t nopfn;
60494 - atomic_long_t asid_new;
60495 - atomic_long_t asid_next;
60496 - atomic_long_t asid_wrap;
60497 - atomic_long_t asid_reuse;
60498 - atomic_long_t intr;
60499 - atomic_long_t intr_cbr;
60500 - atomic_long_t intr_tfh;
60501 - atomic_long_t intr_spurious;
60502 - atomic_long_t intr_mm_lock_failed;
60503 - atomic_long_t call_os;
60504 - atomic_long_t call_os_wait_queue;
60505 - atomic_long_t user_flush_tlb;
60506 - atomic_long_t user_unload_context;
60507 - atomic_long_t user_exception;
60508 - atomic_long_t set_context_option;
60509 - atomic_long_t check_context_retarget_intr;
60510 - atomic_long_t check_context_unload;
60511 - atomic_long_t tlb_dropin;
60512 - atomic_long_t tlb_preload_page;
60513 - atomic_long_t tlb_dropin_fail_no_asid;
60514 - atomic_long_t tlb_dropin_fail_upm;
60515 - atomic_long_t tlb_dropin_fail_invalid;
60516 - atomic_long_t tlb_dropin_fail_range_active;
60517 - atomic_long_t tlb_dropin_fail_idle;
60518 - atomic_long_t tlb_dropin_fail_fmm;
60519 - atomic_long_t tlb_dropin_fail_no_exception;
60520 - atomic_long_t tfh_stale_on_fault;
60521 - atomic_long_t mmu_invalidate_range;
60522 - atomic_long_t mmu_invalidate_page;
60523 - atomic_long_t flush_tlb;
60524 - atomic_long_t flush_tlb_gru;
60525 - atomic_long_t flush_tlb_gru_tgh;
60526 - atomic_long_t flush_tlb_gru_zero_asid;
60527 + atomic_long_unchecked_t vdata_alloc;
60528 + atomic_long_unchecked_t vdata_free;
60529 + atomic_long_unchecked_t gts_alloc;
60530 + atomic_long_unchecked_t gts_free;
60531 + atomic_long_unchecked_t gms_alloc;
60532 + atomic_long_unchecked_t gms_free;
60533 + atomic_long_unchecked_t gts_double_allocate;
60534 + atomic_long_unchecked_t assign_context;
60535 + atomic_long_unchecked_t assign_context_failed;
60536 + atomic_long_unchecked_t free_context;
60537 + atomic_long_unchecked_t load_user_context;
60538 + atomic_long_unchecked_t load_kernel_context;
60539 + atomic_long_unchecked_t lock_kernel_context;
60540 + atomic_long_unchecked_t unlock_kernel_context;
60541 + atomic_long_unchecked_t steal_user_context;
60542 + atomic_long_unchecked_t steal_kernel_context;
60543 + atomic_long_unchecked_t steal_context_failed;
60544 + atomic_long_unchecked_t nopfn;
60545 + atomic_long_unchecked_t asid_new;
60546 + atomic_long_unchecked_t asid_next;
60547 + atomic_long_unchecked_t asid_wrap;
60548 + atomic_long_unchecked_t asid_reuse;
60549 + atomic_long_unchecked_t intr;
60550 + atomic_long_unchecked_t intr_cbr;
60551 + atomic_long_unchecked_t intr_tfh;
60552 + atomic_long_unchecked_t intr_spurious;
60553 + atomic_long_unchecked_t intr_mm_lock_failed;
60554 + atomic_long_unchecked_t call_os;
60555 + atomic_long_unchecked_t call_os_wait_queue;
60556 + atomic_long_unchecked_t user_flush_tlb;
60557 + atomic_long_unchecked_t user_unload_context;
60558 + atomic_long_unchecked_t user_exception;
60559 + atomic_long_unchecked_t set_context_option;
60560 + atomic_long_unchecked_t check_context_retarget_intr;
60561 + atomic_long_unchecked_t check_context_unload;
60562 + atomic_long_unchecked_t tlb_dropin;
60563 + atomic_long_unchecked_t tlb_preload_page;
60564 + atomic_long_unchecked_t tlb_dropin_fail_no_asid;
60565 + atomic_long_unchecked_t tlb_dropin_fail_upm;
60566 + atomic_long_unchecked_t tlb_dropin_fail_invalid;
60567 + atomic_long_unchecked_t tlb_dropin_fail_range_active;
60568 + atomic_long_unchecked_t tlb_dropin_fail_idle;
60569 + atomic_long_unchecked_t tlb_dropin_fail_fmm;
60570 + atomic_long_unchecked_t tlb_dropin_fail_no_exception;
60571 + atomic_long_unchecked_t tfh_stale_on_fault;
60572 + atomic_long_unchecked_t mmu_invalidate_range;
60573 + atomic_long_unchecked_t mmu_invalidate_page;
60574 + atomic_long_unchecked_t flush_tlb;
60575 + atomic_long_unchecked_t flush_tlb_gru;
60576 + atomic_long_unchecked_t flush_tlb_gru_tgh;
60577 + atomic_long_unchecked_t flush_tlb_gru_zero_asid;
60578
60579 - atomic_long_t copy_gpa;
60580 - atomic_long_t read_gpa;
60581 + atomic_long_unchecked_t copy_gpa;
60582 + atomic_long_unchecked_t read_gpa;
60583
60584 - atomic_long_t mesq_receive;
60585 - atomic_long_t mesq_receive_none;
60586 - atomic_long_t mesq_send;
60587 - atomic_long_t mesq_send_failed;
60588 - atomic_long_t mesq_noop;
60589 - atomic_long_t mesq_send_unexpected_error;
60590 - atomic_long_t mesq_send_lb_overflow;
60591 - atomic_long_t mesq_send_qlimit_reached;
60592 - atomic_long_t mesq_send_amo_nacked;
60593 - atomic_long_t mesq_send_put_nacked;
60594 - atomic_long_t mesq_page_overflow;
60595 - atomic_long_t mesq_qf_locked;
60596 - atomic_long_t mesq_qf_noop_not_full;
60597 - atomic_long_t mesq_qf_switch_head_failed;
60598 - atomic_long_t mesq_qf_unexpected_error;
60599 - atomic_long_t mesq_noop_unexpected_error;
60600 - atomic_long_t mesq_noop_lb_overflow;
60601 - atomic_long_t mesq_noop_qlimit_reached;
60602 - atomic_long_t mesq_noop_amo_nacked;
60603 - atomic_long_t mesq_noop_put_nacked;
60604 - atomic_long_t mesq_noop_page_overflow;
60605 + atomic_long_unchecked_t mesq_receive;
60606 + atomic_long_unchecked_t mesq_receive_none;
60607 + atomic_long_unchecked_t mesq_send;
60608 + atomic_long_unchecked_t mesq_send_failed;
60609 + atomic_long_unchecked_t mesq_noop;
60610 + atomic_long_unchecked_t mesq_send_unexpected_error;
60611 + atomic_long_unchecked_t mesq_send_lb_overflow;
60612 + atomic_long_unchecked_t mesq_send_qlimit_reached;
60613 + atomic_long_unchecked_t mesq_send_amo_nacked;
60614 + atomic_long_unchecked_t mesq_send_put_nacked;
60615 + atomic_long_unchecked_t mesq_page_overflow;
60616 + atomic_long_unchecked_t mesq_qf_locked;
60617 + atomic_long_unchecked_t mesq_qf_noop_not_full;
60618 + atomic_long_unchecked_t mesq_qf_switch_head_failed;
60619 + atomic_long_unchecked_t mesq_qf_unexpected_error;
60620 + atomic_long_unchecked_t mesq_noop_unexpected_error;
60621 + atomic_long_unchecked_t mesq_noop_lb_overflow;
60622 + atomic_long_unchecked_t mesq_noop_qlimit_reached;
60623 + atomic_long_unchecked_t mesq_noop_amo_nacked;
60624 + atomic_long_unchecked_t mesq_noop_put_nacked;
60625 + atomic_long_unchecked_t mesq_noop_page_overflow;
60626
60627 };
60628
60629 @@ -251,8 +251,8 @@ enum mcs_op {cchop_allocate, cchop_start, cchop_interrupt, cchop_interrupt_sync,
60630 tghop_invalidate, mcsop_last};
60631
60632 struct mcs_op_statistic {
60633 - atomic_long_t count;
60634 - atomic_long_t total;
60635 + atomic_long_unchecked_t count;
60636 + atomic_long_unchecked_t total;
60637 unsigned long max;
60638 };
60639
60640 @@ -275,7 +275,7 @@ extern struct mcs_op_statistic mcs_op_statistics[mcsop_last];
60641
60642 #define STAT(id) do { \
60643 if (gru_options & OPT_STATS) \
60644 - atomic_long_inc(&gru_stats.id); \
60645 + atomic_long_inc_unchecked(&gru_stats.id); \
60646 } while (0)
60647
60648 #ifdef CONFIG_SGI_GRU_DEBUG
60649 diff --git a/drivers/misc/sgi-xp/xp.h b/drivers/misc/sgi-xp/xp.h
60650 index c862cd4..0d176fe 100644
60651 --- a/drivers/misc/sgi-xp/xp.h
60652 +++ b/drivers/misc/sgi-xp/xp.h
60653 @@ -288,7 +288,7 @@ struct xpc_interface {
60654 xpc_notify_func, void *);
60655 void (*received) (short, int, void *);
60656 enum xp_retval (*partid_to_nasids) (short, void *);
60657 -};
60658 +} __no_const;
60659
60660 extern struct xpc_interface xpc_interface;
60661
60662 diff --git a/drivers/misc/sgi-xp/xp_main.c b/drivers/misc/sgi-xp/xp_main.c
60663 index 01be66d..4a305b4 100644
60664 --- a/drivers/misc/sgi-xp/xp_main.c
60665 +++ b/drivers/misc/sgi-xp/xp_main.c
60666 @@ -71,20 +71,42 @@ EXPORT_SYMBOL_GPL(xpc_registrations);
60667 /*
60668 * Initialize the XPC interface to indicate that XPC isn't loaded.
60669 */
60670 -static enum xp_retval
60671 -xpc_notloaded(void)
60672 +static void xpc_notloaded_connect(int ch_number)
60673 +{
60674 +}
60675 +
60676 +static void xpc_notloaded_disconnect(int ch_number)
60677 +{
60678 +}
60679 +
60680 +static enum xp_retval xpc_notloaded_send(short partid, int ch_number, u32 flags, void *payload,
60681 + u16 payload_size)
60682 +{
60683 + return xpNotLoaded;
60684 +}
60685 +
60686 +static enum xp_retval xpc_notloaded_send_notify(short partid, int ch_number, u32 flags, void *payload,
60687 + u16 payload_size, xpc_notify_func func, void *key)
60688 +{
60689 + return xpNotLoaded;
60690 +}
60691 +
60692 +static void xpc_notloaded_received(short partid, int ch_number, void *payload)
60693 +{
60694 +}
60695 +
60696 +static enum xp_retval xpc_notloaded_partid_to_nasids(short partid, void *nasid_mask)
60697 {
60698 return xpNotLoaded;
60699 }
60700
60701 struct xpc_interface xpc_interface = {
60702 - (void (*)(int))xpc_notloaded,
60703 - (void (*)(int))xpc_notloaded,
60704 - (enum xp_retval(*)(short, int, u32, void *, u16))xpc_notloaded,
60705 - (enum xp_retval(*)(short, int, u32, void *, u16, xpc_notify_func,
60706 - void *))xpc_notloaded,
60707 - (void (*)(short, int, void *))xpc_notloaded,
60708 - (enum xp_retval(*)(short, void *))xpc_notloaded
60709 + .connect = xpc_notloaded_connect,
60710 + .disconnect = xpc_notloaded_disconnect,
60711 + .send = xpc_notloaded_send,
60712 + .send_notify = xpc_notloaded_send_notify,
60713 + .received = xpc_notloaded_received,
60714 + .partid_to_nasids = xpc_notloaded_partid_to_nasids
60715 };
60716 EXPORT_SYMBOL_GPL(xpc_interface);
60717
60718 @@ -115,17 +137,12 @@ EXPORT_SYMBOL_GPL(xpc_set_interface);
60719 void
60720 xpc_clear_interface(void)
60721 {
60722 - xpc_interface.connect = (void (*)(int))xpc_notloaded;
60723 - xpc_interface.disconnect = (void (*)(int))xpc_notloaded;
60724 - xpc_interface.send = (enum xp_retval(*)(short, int, u32, void *, u16))
60725 - xpc_notloaded;
60726 - xpc_interface.send_notify = (enum xp_retval(*)(short, int, u32, void *,
60727 - u16, xpc_notify_func,
60728 - void *))xpc_notloaded;
60729 - xpc_interface.received = (void (*)(short, int, void *))
60730 - xpc_notloaded;
60731 - xpc_interface.partid_to_nasids = (enum xp_retval(*)(short, void *))
60732 - xpc_notloaded;
60733 + xpc_interface.connect = xpc_notloaded_connect;
60734 + xpc_interface.disconnect = xpc_notloaded_disconnect;
60735 + xpc_interface.send = xpc_notloaded_send;
60736 + xpc_interface.send_notify = xpc_notloaded_send_notify;
60737 + xpc_interface.received = xpc_notloaded_received;
60738 + xpc_interface.partid_to_nasids = xpc_notloaded_partid_to_nasids;
60739 }
60740 EXPORT_SYMBOL_GPL(xpc_clear_interface);
60741
60742 diff --git a/drivers/misc/sgi-xp/xpc.h b/drivers/misc/sgi-xp/xpc.h
60743 index b94d5f7..7f494c5 100644
60744 --- a/drivers/misc/sgi-xp/xpc.h
60745 +++ b/drivers/misc/sgi-xp/xpc.h
60746 @@ -835,6 +835,7 @@ struct xpc_arch_operations {
60747 void (*received_payload) (struct xpc_channel *, void *);
60748 void (*notify_senders_of_disconnect) (struct xpc_channel *);
60749 };
60750 +typedef struct xpc_arch_operations __no_const xpc_arch_operations_no_const;
60751
60752 /* struct xpc_partition act_state values (for XPC HB) */
60753
60754 @@ -876,7 +877,7 @@ extern struct xpc_registration xpc_registrations[];
60755 /* found in xpc_main.c */
60756 extern struct device *xpc_part;
60757 extern struct device *xpc_chan;
60758 -extern struct xpc_arch_operations xpc_arch_ops;
60759 +extern xpc_arch_operations_no_const xpc_arch_ops;
60760 extern int xpc_disengage_timelimit;
60761 extern int xpc_disengage_timedout;
60762 extern int xpc_activate_IRQ_rcvd;
60763 diff --git a/drivers/misc/sgi-xp/xpc_main.c b/drivers/misc/sgi-xp/xpc_main.c
60764 index 7f32712..8539ab2 100644
60765 --- a/drivers/misc/sgi-xp/xpc_main.c
60766 +++ b/drivers/misc/sgi-xp/xpc_main.c
60767 @@ -166,7 +166,7 @@ static struct notifier_block xpc_die_notifier = {
60768 .notifier_call = xpc_system_die,
60769 };
60770
60771 -struct xpc_arch_operations xpc_arch_ops;
60772 +xpc_arch_operations_no_const xpc_arch_ops;
60773
60774 /*
60775 * Timer function to enforce the timelimit on the partition disengage.
60776 diff --git a/drivers/misc/sgi-xp/xpnet.c b/drivers/misc/sgi-xp/xpnet.c
60777 index 557f978..c8ce9fb 100644
60778 --- a/drivers/misc/sgi-xp/xpnet.c
60779 +++ b/drivers/misc/sgi-xp/xpnet.c
60780 @@ -421,7 +421,7 @@ xpnet_send(struct sk_buff *skb, struct xpnet_pending_msg *queued_msg,
60781 * destination partid. If the destination partid octets are 0xffff,
60782 * this packet is to be broadcast to all connected partitions.
60783 */
60784 -static int
60785 +static netdev_tx_t
60786 xpnet_dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
60787 {
60788 struct xpnet_pending_msg *queued_msg;
60789 diff --git a/drivers/misc/ti-st/st_kim.c b/drivers/misc/ti-st/st_kim.c
60790 index bf0d770..9b331b0d 100644
60791 --- a/drivers/misc/ti-st/st_kim.c
60792 +++ b/drivers/misc/ti-st/st_kim.c
60793 @@ -581,9 +581,10 @@ static int show_list(struct seq_file *s, void *unused)
60794 return 0;
60795 }
60796
60797 -static ssize_t show_install(struct device *dev,
60798 - struct device_attribute *attr, char *buf)
60799 +static ssize_t show_install(struct kobject *_dev,
60800 + struct kobj_attribute *attr, char *buf)
60801 {
60802 + struct device *dev = (struct device *)_dev;
60803 struct kim_data_s *kim_data = dev_get_drvdata(dev);
60804 return sprintf(buf, "%d\n", kim_data->ldisc_install);
60805 }
60806 @@ -610,47 +611,50 @@ static ssize_t store_baud_rate(struct device *dev,
60807 }
60808 #endif /* if DEBUG */
60809
60810 -static ssize_t show_dev_name(struct device *dev,
60811 - struct device_attribute *attr, char *buf)
60812 +static ssize_t show_dev_name(struct kobject *_dev,
60813 + struct kobj_attribute *attr, char *buf)
60814 {
60815 + struct device *dev = (struct device *)_dev;
60816 struct kim_data_s *kim_data = dev_get_drvdata(dev);
60817 return sprintf(buf, "%s\n", kim_data->dev_name);
60818 }
60819
60820 -static ssize_t show_baud_rate(struct device *dev,
60821 - struct device_attribute *attr, char *buf)
60822 +static ssize_t show_baud_rate(struct kobject *_dev,
60823 + struct kobj_attribute *attr, char *buf)
60824 {
60825 + struct device *dev = (struct device *)_dev;
60826 struct kim_data_s *kim_data = dev_get_drvdata(dev);
60827 return sprintf(buf, "%d\n", kim_data->baud_rate);
60828 }
60829
60830 -static ssize_t show_flow_cntrl(struct device *dev,
60831 - struct device_attribute *attr, char *buf)
60832 +static ssize_t show_flow_cntrl(struct kobject *_dev,
60833 + struct kobj_attribute *attr, char *buf)
60834 {
60835 + struct device *dev = (struct device *)_dev;
60836 struct kim_data_s *kim_data = dev_get_drvdata(dev);
60837 return sprintf(buf, "%d\n", kim_data->flow_cntrl);
60838 }
60839
60840 /* structures specific for sysfs entries */
60841 static struct kobj_attribute ldisc_install =
60842 -__ATTR(install, 0444, (void *)show_install, NULL);
60843 +__ATTR(install, 0444, show_install, NULL);
60844
60845 static struct kobj_attribute uart_dev_name =
60846 #ifdef DEBUG /* TODO: move this to debug-fs if possible */
60847 -__ATTR(dev_name, 0644, (void *)show_dev_name, (void *)store_dev_name);
60848 +__ATTR(dev_name, 0644, show_dev_name, store_dev_name);
60849 #else
60850 -__ATTR(dev_name, 0444, (void *)show_dev_name, NULL);
60851 +__ATTR(dev_name, 0444, show_dev_name, NULL);
60852 #endif
60853
60854 static struct kobj_attribute uart_baud_rate =
60855 #ifdef DEBUG /* TODO: move to debugfs */
60856 -__ATTR(baud_rate, 0644, (void *)show_baud_rate, (void *)store_baud_rate);
60857 +__ATTR(baud_rate, 0644, show_baud_rate, store_baud_rate);
60858 #else
60859 -__ATTR(baud_rate, 0444, (void *)show_baud_rate, NULL);
60860 +__ATTR(baud_rate, 0444, show_baud_rate, NULL);
60861 #endif
60862
60863 static struct kobj_attribute uart_flow_cntrl =
60864 -__ATTR(flow_cntrl, 0444, (void *)show_flow_cntrl, NULL);
60865 +__ATTR(flow_cntrl, 0444, show_flow_cntrl, NULL);
60866
60867 static struct attribute *uim_attrs[] = {
60868 &ldisc_install.attr,
60869 diff --git a/drivers/mmc/card/mmc_test.c b/drivers/mmc/card/mmc_test.c
60870 index c032eef..16a2a74 100644
60871 --- a/drivers/mmc/card/mmc_test.c
60872 +++ b/drivers/mmc/card/mmc_test.c
60873 @@ -2076,8 +2076,8 @@ static int mmc_test_rw_multiple_size(struct mmc_test_card *test,
60874 {
60875 int ret = 0;
60876 int i;
60877 - void *pre_req = test->card->host->ops->pre_req;
60878 - void *post_req = test->card->host->ops->post_req;
60879 + void (*pre_req)(struct mmc_host *, struct mmc_request *, bool) = test->card->host->ops->pre_req;
60880 + void (*post_req)(struct mmc_host *, struct mmc_request *, int) = test->card->host->ops->post_req;
60881
60882 if (rw->do_nonblock_req &&
60883 ((!pre_req && post_req) || (pre_req && !post_req))) {
60884 diff --git a/drivers/mmc/host/dw_mmc.h b/drivers/mmc/host/dw_mmc.h
60885 index e8cd2de..c1640f6 100644
60886 --- a/drivers/mmc/host/dw_mmc.h
60887 +++ b/drivers/mmc/host/dw_mmc.h
60888 @@ -298,5 +298,5 @@ struct dw_mci_drv_data {
60889 struct mmc_ios *ios);
60890 int (*switch_voltage)(struct mmc_host *mmc,
60891 struct mmc_ios *ios);
60892 -};
60893 +} __do_const;
60894 #endif /* _DW_MMC_H_ */
60895 diff --git a/drivers/mmc/host/mmci.c b/drivers/mmc/host/mmci.c
60896 index df990bb..e647253 100644
60897 --- a/drivers/mmc/host/mmci.c
60898 +++ b/drivers/mmc/host/mmci.c
60899 @@ -1613,7 +1613,9 @@ static int mmci_probe(struct amba_device *dev,
60900 mmc->caps |= MMC_CAP_CMD23;
60901
60902 if (variant->busy_detect) {
60903 - mmci_ops.card_busy = mmci_card_busy;
60904 + pax_open_kernel();
60905 + const_cast(mmci_ops.card_busy) = mmci_card_busy;
60906 + pax_close_kernel();
60907 mmci_write_datactrlreg(host, MCI_ST_DPSM_BUSYMODE);
60908 mmc->caps |= MMC_CAP_WAIT_WHILE_BUSY;
60909 mmc->max_busy_timeout = 0;
60910 diff --git a/drivers/mmc/host/omap_hsmmc.c b/drivers/mmc/host/omap_hsmmc.c
60911 index 5f2f24a..e80f6f3 100644
60912 --- a/drivers/mmc/host/omap_hsmmc.c
60913 +++ b/drivers/mmc/host/omap_hsmmc.c
60914 @@ -2076,7 +2076,9 @@ static int omap_hsmmc_probe(struct platform_device *pdev)
60915
60916 if (host->pdata->controller_flags & OMAP_HSMMC_BROKEN_MULTIBLOCK_READ) {
60917 dev_info(&pdev->dev, "multiblock reads disabled due to 35xx erratum 2.1.1.128; MMC read performance may suffer\n");
60918 - omap_hsmmc_ops.multi_io_quirk = omap_hsmmc_multi_io_quirk;
60919 + pax_open_kernel();
60920 + const_cast(omap_hsmmc_ops.multi_io_quirk) = omap_hsmmc_multi_io_quirk;
60921 + pax_close_kernel();
60922 }
60923
60924 device_init_wakeup(&pdev->dev, true);
60925 diff --git a/drivers/mmc/host/sdhci-esdhc-imx.c b/drivers/mmc/host/sdhci-esdhc-imx.c
60926 index 99e0b33..107a2cc 100644
60927 --- a/drivers/mmc/host/sdhci-esdhc-imx.c
60928 +++ b/drivers/mmc/host/sdhci-esdhc-imx.c
60929 @@ -1231,9 +1231,12 @@ static int sdhci_esdhc_imx_probe(struct platform_device *pdev)
60930 writel(0x0, host->ioaddr + ESDHC_TUNE_CTRL_STATUS);
60931 }
60932
60933 - if (imx_data->socdata->flags & ESDHC_FLAG_MAN_TUNING)
60934 - sdhci_esdhc_ops.platform_execute_tuning =
60935 + if (imx_data->socdata->flags & ESDHC_FLAG_MAN_TUNING) {
60936 + pax_open_kernel();
60937 + const_cast(sdhci_esdhc_ops.platform_execute_tuning) =
60938 esdhc_executing_tuning;
60939 + pax_close_kernel();
60940 + }
60941
60942 if (imx_data->socdata->flags & ESDHC_FLAG_ERR004536)
60943 host->quirks |= SDHCI_QUIRK_BROKEN_ADMA;
60944 diff --git a/drivers/mmc/host/sdhci-s3c.c b/drivers/mmc/host/sdhci-s3c.c
60945 index 784c5a8..3567328 100644
60946 --- a/drivers/mmc/host/sdhci-s3c.c
60947 +++ b/drivers/mmc/host/sdhci-s3c.c
60948 @@ -598,9 +598,11 @@ static int sdhci_s3c_probe(struct platform_device *pdev)
60949 * we can use overriding functions instead of default.
60950 */
60951 if (sc->no_divider) {
60952 - sdhci_s3c_ops.set_clock = sdhci_cmu_set_clock;
60953 - sdhci_s3c_ops.get_min_clock = sdhci_cmu_get_min_clock;
60954 - sdhci_s3c_ops.get_max_clock = sdhci_cmu_get_max_clock;
60955 + pax_open_kernel();
60956 + const_cast(sdhci_s3c_ops.set_clock) = sdhci_cmu_set_clock;
60957 + const_cast(sdhci_s3c_ops.get_min_clock) = sdhci_cmu_get_min_clock;
60958 + const_cast(sdhci_s3c_ops.get_max_clock) = sdhci_cmu_get_max_clock;
60959 + pax_close_kernel();
60960 }
60961
60962 /* It supports additional host capabilities if needed */
60963 diff --git a/drivers/mmc/host/tmio_mmc_pio.c b/drivers/mmc/host/tmio_mmc_pio.c
60964 index 92467ef..cb90505 100644
60965 --- a/drivers/mmc/host/tmio_mmc_pio.c
60966 +++ b/drivers/mmc/host/tmio_mmc_pio.c
60967 @@ -1072,7 +1072,9 @@ int tmio_mmc_host_probe(struct tmio_mmc_host *_host,
60968 goto host_free;
60969 }
60970
60971 - tmio_mmc_ops.start_signal_voltage_switch = _host->start_signal_voltage_switch;
60972 + pax_open_kernel();
60973 + const_cast(tmio_mmc_ops.start_signal_voltage_switch) = _host->start_signal_voltage_switch;
60974 + pax_close_kernel();
60975 mmc->ops = &tmio_mmc_ops;
60976
60977 mmc->caps |= MMC_CAP_4_BIT_DATA | pdata->capabilities;
60978 diff --git a/drivers/mtd/chips/cfi_cmdset_0020.c b/drivers/mtd/chips/cfi_cmdset_0020.c
60979 index 94d3eb4..7d34296 100644
60980 --- a/drivers/mtd/chips/cfi_cmdset_0020.c
60981 +++ b/drivers/mtd/chips/cfi_cmdset_0020.c
60982 @@ -666,7 +666,7 @@ cfi_staa_writev(struct mtd_info *mtd, const struct kvec *vecs,
60983 size_t totlen = 0, thislen;
60984 int ret = 0;
60985 size_t buflen = 0;
60986 - static char *buffer;
60987 + char *buffer;
60988
60989 if (!ECCBUF_SIZE) {
60990 /* We should fall back to a general writev implementation.
60991 diff --git a/drivers/mtd/devices/block2mtd.c b/drivers/mtd/devices/block2mtd.c
60992 index 7c887f1..62fd690 100644
60993 --- a/drivers/mtd/devices/block2mtd.c
60994 +++ b/drivers/mtd/devices/block2mtd.c
60995 @@ -431,7 +431,7 @@ static int block2mtd_setup2(const char *val)
60996 }
60997
60998
60999 -static int block2mtd_setup(const char *val, struct kernel_param *kp)
61000 +static int block2mtd_setup(const char *val, const struct kernel_param *kp)
61001 {
61002 #ifdef MODULE
61003 return block2mtd_setup2(val);
61004 diff --git a/drivers/mtd/devices/phram.c b/drivers/mtd/devices/phram.c
61005 index 8b66e52..7287696 100644
61006 --- a/drivers/mtd/devices/phram.c
61007 +++ b/drivers/mtd/devices/phram.c
61008 @@ -266,7 +266,7 @@ static int phram_setup(const char *val)
61009 return ret;
61010 }
61011
61012 -static int phram_param_call(const char *val, struct kernel_param *kp)
61013 +static int phram_param_call(const char *val, const struct kernel_param *kp)
61014 {
61015 #ifdef MODULE
61016 return phram_setup(val);
61017 diff --git a/drivers/mtd/maps/gpio-addr-flash.c b/drivers/mtd/maps/gpio-addr-flash.c
61018 index 385305e..8051e87 100644
61019 --- a/drivers/mtd/maps/gpio-addr-flash.c
61020 +++ b/drivers/mtd/maps/gpio-addr-flash.c
61021 @@ -128,7 +128,7 @@ static void gf_copy_from(struct map_info *map, void *to, unsigned long from, ssi
61022 * @map: MTD map state
61023 * @ofs: desired offset to write
61024 */
61025 -static void gf_write(struct map_info *map, map_word d1, unsigned long ofs)
61026 +static void gf_write(struct map_info *map, const map_word d1, unsigned long ofs)
61027 {
61028 struct async_state *state = gf_map_info_to_state(map);
61029 uint16_t d;
61030 diff --git a/drivers/mtd/maps/latch-addr-flash.c b/drivers/mtd/maps/latch-addr-flash.c
61031 index 6dc97aa..c251b90 100644
61032 --- a/drivers/mtd/maps/latch-addr-flash.c
61033 +++ b/drivers/mtd/maps/latch-addr-flash.c
61034 @@ -52,7 +52,7 @@ static map_word lf_read(struct map_info *map, unsigned long ofs)
61035 return datum;
61036 }
61037
61038 -static void lf_write(struct map_info *map, map_word datum, unsigned long ofs)
61039 +static void lf_write(struct map_info *map, const map_word datum, unsigned long ofs)
61040 {
61041 struct latch_addr_flash_info *info;
61042
61043 diff --git a/drivers/mtd/maps/pci.c b/drivers/mtd/maps/pci.c
61044 index eb0242e..1a4c5b9 100644
61045 --- a/drivers/mtd/maps/pci.c
61046 +++ b/drivers/mtd/maps/pci.c
61047 @@ -59,13 +59,13 @@ static void mtd_pci_copyfrom(struct map_info *_map, void *to, unsigned long from
61048 memcpy_fromio(to, map->base + map->translate(map, from), len);
61049 }
61050
61051 -static void mtd_pci_write8(struct map_info *_map, map_word val, unsigned long ofs)
61052 +static void mtd_pci_write8(struct map_info *_map, const map_word val, unsigned long ofs)
61053 {
61054 struct map_pci_info *map = (struct map_pci_info *)_map;
61055 writeb(val.x[0], map->base + map->translate(map, ofs));
61056 }
61057
61058 -static void mtd_pci_write32(struct map_info *_map, map_word val, unsigned long ofs)
61059 +static void mtd_pci_write32(struct map_info *_map, const map_word val, unsigned long ofs)
61060 {
61061 struct map_pci_info *map = (struct map_pci_info *)_map;
61062 writel(val.x[0], map->base + map->translate(map, ofs));
61063 diff --git a/drivers/mtd/maps/pcmciamtd.c b/drivers/mtd/maps/pcmciamtd.c
61064 index 70bb403..3ae94c6 100644
61065 --- a/drivers/mtd/maps/pcmciamtd.c
61066 +++ b/drivers/mtd/maps/pcmciamtd.c
61067 @@ -161,7 +161,7 @@ static void pcmcia_copy_from_remap(struct map_info *map, void *to, unsigned long
61068 }
61069
61070
61071 -static void pcmcia_write8_remap(struct map_info *map, map_word d, unsigned long adr)
61072 +static void pcmcia_write8_remap(struct map_info *map, const map_word d, unsigned long adr)
61073 {
61074 void __iomem *addr = remap_window(map, adr);
61075
61076 @@ -173,7 +173,7 @@ static void pcmcia_write8_remap(struct map_info *map, map_word d, unsigned long
61077 }
61078
61079
61080 -static void pcmcia_write16_remap(struct map_info *map, map_word d, unsigned long adr)
61081 +static void pcmcia_write16_remap(struct map_info *map, const map_word d, unsigned long adr)
61082 {
61083 void __iomem *addr = remap_window(map, adr);
61084 if(!addr)
61085 @@ -256,7 +256,7 @@ static void pcmcia_copy_from(struct map_info *map, void *to, unsigned long from,
61086 }
61087
61088
61089 -static void pcmcia_write8(struct map_info *map, map_word d, unsigned long adr)
61090 +static void pcmcia_write8(struct map_info *map, const map_word d, unsigned long adr)
61091 {
61092 void __iomem *win_base = (void __iomem *)map->map_priv_2;
61093
61094 @@ -269,7 +269,7 @@ static void pcmcia_write8(struct map_info *map, map_word d, unsigned long adr)
61095 }
61096
61097
61098 -static void pcmcia_write16(struct map_info *map, map_word d, unsigned long adr)
61099 +static void pcmcia_write16(struct map_info *map, const map_word d, unsigned long adr)
61100 {
61101 void __iomem *win_base = (void __iomem *)map->map_priv_2;
61102
61103 diff --git a/drivers/mtd/maps/sbc_gxx.c b/drivers/mtd/maps/sbc_gxx.c
61104 index 556a2df..e771329 100644
61105 --- a/drivers/mtd/maps/sbc_gxx.c
61106 +++ b/drivers/mtd/maps/sbc_gxx.c
61107 @@ -138,7 +138,7 @@ static void sbc_gxx_copy_from(struct map_info *map, void *to, unsigned long from
61108 }
61109 }
61110
61111 -static void sbc_gxx_write8(struct map_info *map, map_word d, unsigned long adr)
61112 +static void sbc_gxx_write8(struct map_info *map, const map_word d, unsigned long adr)
61113 {
61114 spin_lock(&sbc_gxx_spin);
61115 sbc_gxx_page(map, adr);
61116 diff --git a/drivers/mtd/nand/brcmnand/bcm63138_nand.c b/drivers/mtd/nand/brcmnand/bcm63138_nand.c
61117 index 59444b3..b8fd6d5 100644
61118 --- a/drivers/mtd/nand/brcmnand/bcm63138_nand.c
61119 +++ b/drivers/mtd/nand/brcmnand/bcm63138_nand.c
61120 @@ -81,8 +81,10 @@ static int bcm63138_nand_probe(struct platform_device *pdev)
61121 if (IS_ERR(priv->base))
61122 return PTR_ERR(priv->base);
61123
61124 + pax_open_kernel();
61125 soc->ctlrdy_ack = bcm63138_nand_intc_ack;
61126 soc->ctlrdy_set_enabled = bcm63138_nand_intc_set;
61127 + pax_close_kernel();
61128
61129 return brcmnand_probe(pdev, soc);
61130 }
61131 diff --git a/drivers/mtd/nand/brcmnand/brcmnand.h b/drivers/mtd/nand/brcmnand/brcmnand.h
61132 index ef5eabb..2b61d03 100644
61133 --- a/drivers/mtd/nand/brcmnand/brcmnand.h
61134 +++ b/drivers/mtd/nand/brcmnand/brcmnand.h
61135 @@ -24,7 +24,7 @@ struct brcmnand_soc {
61136 bool (*ctlrdy_ack)(struct brcmnand_soc *soc);
61137 void (*ctlrdy_set_enabled)(struct brcmnand_soc *soc, bool en);
61138 void (*prepare_data_bus)(struct brcmnand_soc *soc, bool prepare);
61139 -};
61140 +} __no_const;
61141
61142 static inline void brcmnand_soc_data_bus_prepare(struct brcmnand_soc *soc)
61143 {
61144 diff --git a/drivers/mtd/nand/brcmnand/iproc_nand.c b/drivers/mtd/nand/brcmnand/iproc_nand.c
61145 index 585596c..da877c2 100644
61146 --- a/drivers/mtd/nand/brcmnand/iproc_nand.c
61147 +++ b/drivers/mtd/nand/brcmnand/iproc_nand.c
61148 @@ -120,9 +120,11 @@ static int iproc_nand_probe(struct platform_device *pdev)
61149 if (IS_ERR(priv->ext_base))
61150 return PTR_ERR(priv->ext_base);
61151
61152 + pax_open_kernel();
61153 soc->ctlrdy_ack = iproc_nand_intc_ack;
61154 soc->ctlrdy_set_enabled = iproc_nand_intc_set;
61155 soc->prepare_data_bus = iproc_nand_apb_access;
61156 + pax_close_kernel();
61157
61158 return brcmnand_probe(pdev, soc);
61159 }
61160 diff --git a/drivers/mtd/nand/cafe_nand.c b/drivers/mtd/nand/cafe_nand.c
61161 index 0b0c937..e3a9cca 100644
61162 --- a/drivers/mtd/nand/cafe_nand.c
61163 +++ b/drivers/mtd/nand/cafe_nand.c
61164 @@ -345,7 +345,17 @@ static irqreturn_t cafe_nand_interrupt(int irq, void *id)
61165 return IRQ_HANDLED;
61166 }
61167
61168 -static void cafe_nand_bug(struct mtd_info *mtd)
61169 +static void cafe_nand_bug_hwctl(struct mtd_info *mtd, int mode)
61170 +{
61171 + BUG();
61172 +}
61173 +
61174 +static int cafe_nand_bug_calculate(struct mtd_info *mtd, const uint8_t *dat, uint8_t *ecc_code)
61175 +{
61176 + BUG();
61177 +}
61178 +
61179 +static int cafe_nand_bug_correct(struct mtd_info *mtd, uint8_t *dat, uint8_t *read_ecc, uint8_t *calc_ecc)
61180 {
61181 BUG();
61182 }
61183 @@ -780,9 +790,9 @@ static int cafe_nand_probe(struct pci_dev *pdev,
61184 cafe->nand.ecc.size = mtd->writesize;
61185 cafe->nand.ecc.bytes = 14;
61186 cafe->nand.ecc.strength = 4;
61187 - cafe->nand.ecc.hwctl = (void *)cafe_nand_bug;
61188 - cafe->nand.ecc.calculate = (void *)cafe_nand_bug;
61189 - cafe->nand.ecc.correct = (void *)cafe_nand_bug;
61190 + cafe->nand.ecc.hwctl = cafe_nand_bug_hwctl;
61191 + cafe->nand.ecc.calculate = cafe_nand_bug_calculate;
61192 + cafe->nand.ecc.correct = cafe_nand_bug_correct;
61193 cafe->nand.ecc.write_page = cafe_nand_write_page_lowlevel;
61194 cafe->nand.ecc.write_oob = cafe_nand_write_oob;
61195 cafe->nand.ecc.read_page = cafe_nand_read_page;
61196 diff --git a/drivers/mtd/nand/denali.c b/drivers/mtd/nand/denali.c
61197 index 0476ae8..8d320ef 100644
61198 --- a/drivers/mtd/nand/denali.c
61199 +++ b/drivers/mtd/nand/denali.c
61200 @@ -24,6 +24,7 @@
61201 #include <linux/slab.h>
61202 #include <linux/mtd/mtd.h>
61203 #include <linux/module.h>
61204 +#include <linux/slab.h>
61205
61206 #include "denali.h"
61207
61208 diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
61209 index 6e46156..923c436 100644
61210 --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
61211 +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
61212 @@ -414,7 +414,7 @@ void prepare_data_dma(struct gpmi_nand_data *this, enum dma_data_direction dr)
61213
61214 /* first try to map the upper buffer directly */
61215 if (virt_addr_valid(this->upper_buf) &&
61216 - !object_is_on_stack(this->upper_buf)) {
61217 + !object_starts_on_stack(this->upper_buf)) {
61218 sg_init_one(sgl, this->upper_buf, this->upper_len);
61219 ret = dma_map_sg(this->dev, sgl, 1, dr);
61220 if (ret == 0)
61221 diff --git a/drivers/mtd/nftlmount.c b/drivers/mtd/nftlmount.c
61222 index a5dfbfb..8042ab4 100644
61223 --- a/drivers/mtd/nftlmount.c
61224 +++ b/drivers/mtd/nftlmount.c
61225 @@ -24,6 +24,7 @@
61226 #include <asm/errno.h>
61227 #include <linux/delay.h>
61228 #include <linux/slab.h>
61229 +#include <linux/sched.h>
61230 #include <linux/mtd/mtd.h>
61231 #include <linux/mtd/nand.h>
61232 #include <linux/mtd/nftl.h>
61233 diff --git a/drivers/mtd/sm_ftl.c b/drivers/mtd/sm_ftl.c
61234 index 3692dd5..b731a9b 100644
61235 --- a/drivers/mtd/sm_ftl.c
61236 +++ b/drivers/mtd/sm_ftl.c
61237 @@ -56,7 +56,7 @@ static ssize_t sm_attr_show(struct device *dev, struct device_attribute *attr,
61238 #define SM_CIS_VENDOR_OFFSET 0x59
61239 static struct attribute_group *sm_create_sysfs_attributes(struct sm_ftl *ftl)
61240 {
61241 - struct attribute_group *attr_group;
61242 + attribute_group_no_const *attr_group;
61243 struct attribute **attributes;
61244 struct sm_sysfs_attribute *vendor_attribute;
61245 char *vendor;
61246 diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c
61247 index 0680516..eb890f3 100644
61248 --- a/drivers/mtd/ubi/build.c
61249 +++ b/drivers/mtd/ubi/build.c
61250 @@ -1389,7 +1389,7 @@ static int __init bytes_str_to_int(const char *str)
61251 * This function returns zero in case of success and a negative error code in
61252 * case of error.
61253 */
61254 -static int __init ubi_mtd_param_parse(const char *val, struct kernel_param *kp)
61255 +static int __init ubi_mtd_param_parse(const char *val, const struct kernel_param *kp)
61256 {
61257 int i, len;
61258 struct mtd_dev_param *p;
61259 diff --git a/drivers/net/bonding/bond_netlink.c b/drivers/net/bonding/bond_netlink.c
61260 index b8df0f5..0d64b6e 100644
61261 --- a/drivers/net/bonding/bond_netlink.c
61262 +++ b/drivers/net/bonding/bond_netlink.c
61263 @@ -666,7 +666,7 @@ nla_put_failure:
61264 return -EMSGSIZE;
61265 }
61266
61267 -struct rtnl_link_ops bond_link_ops __read_mostly = {
61268 +struct rtnl_link_ops bond_link_ops = {
61269 .kind = "bond",
61270 .priv_size = sizeof(struct bonding),
61271 .setup = bond_setup,
61272 diff --git a/drivers/net/caif/caif_hsi.c b/drivers/net/caif/caif_hsi.c
61273 index ddabce7..6583c29 100644
61274 --- a/drivers/net/caif/caif_hsi.c
61275 +++ b/drivers/net/caif/caif_hsi.c
61276 @@ -1011,7 +1011,7 @@ static void cfhsi_aggregation_tout(unsigned long arg)
61277 cfhsi_start_tx(cfhsi);
61278 }
61279
61280 -static int cfhsi_xmit(struct sk_buff *skb, struct net_device *dev)
61281 +static netdev_tx_t cfhsi_xmit(struct sk_buff *skb, struct net_device *dev)
61282 {
61283 struct cfhsi *cfhsi = NULL;
61284 int start_xfer = 0;
61285 @@ -1441,7 +1441,7 @@ err:
61286 return -ENODEV;
61287 }
61288
61289 -static struct rtnl_link_ops caif_hsi_link_ops __read_mostly = {
61290 +static struct rtnl_link_ops caif_hsi_link_ops = {
61291 .kind = "cfhsi",
61292 .priv_size = sizeof(struct cfhsi),
61293 .setup = cfhsi_setup,
61294 diff --git a/drivers/net/caif/caif_serial.c b/drivers/net/caif/caif_serial.c
61295 index c2dea49..4bf83b5 100644
61296 --- a/drivers/net/caif/caif_serial.c
61297 +++ b/drivers/net/caif/caif_serial.c
61298 @@ -277,7 +277,7 @@ error:
61299 return tty_wr;
61300 }
61301
61302 -static int caif_xmit(struct sk_buff *skb, struct net_device *dev)
61303 +static netdev_tx_t caif_xmit(struct sk_buff *skb, struct net_device *dev)
61304 {
61305 struct ser_device *ser;
61306
61307 diff --git a/drivers/net/caif/caif_spi.c b/drivers/net/caif/caif_spi.c
61308 index 3a529fb..c55ad5e 100644
61309 --- a/drivers/net/caif/caif_spi.c
61310 +++ b/drivers/net/caif/caif_spi.c
61311 @@ -486,7 +486,7 @@ static void cfspi_xfer_done_cb(struct cfspi_ifc *ifc)
61312 complete(&cfspi->comp);
61313 }
61314
61315 -static int cfspi_xmit(struct sk_buff *skb, struct net_device *dev)
61316 +static netdev_tx_t cfspi_xmit(struct sk_buff *skb, struct net_device *dev)
61317 {
61318 struct cfspi *cfspi = NULL;
61319 unsigned long flags;
61320 diff --git a/drivers/net/caif/caif_virtio.c b/drivers/net/caif/caif_virtio.c
61321 index b306210..c5345de 100644
61322 --- a/drivers/net/caif/caif_virtio.c
61323 +++ b/drivers/net/caif/caif_virtio.c
61324 @@ -519,7 +519,7 @@ err:
61325 }
61326
61327 /* Put the CAIF packet on the virtio ring and kick the receiver */
61328 -static int cfv_netdev_tx(struct sk_buff *skb, struct net_device *netdev)
61329 +static netdev_tx_t cfv_netdev_tx(struct sk_buff *skb, struct net_device *netdev)
61330 {
61331 struct cfv_info *cfv = netdev_priv(netdev);
61332 struct buf_info *buf_info;
61333 diff --git a/drivers/net/can/Kconfig b/drivers/net/can/Kconfig
61334 index 22570ea..c462375 100644
61335 --- a/drivers/net/can/Kconfig
61336 +++ b/drivers/net/can/Kconfig
61337 @@ -81,7 +81,7 @@ config CAN_BFIN
61338
61339 config CAN_FLEXCAN
61340 tristate "Support for Freescale FLEXCAN based chips"
61341 - depends on ARM || PPC
61342 + depends on (ARM && CPU_LITTLE_ENDIAN) || PPC
61343 ---help---
61344 Say Y here if you want to support for Freescale FlexCAN.
61345
61346 diff --git a/drivers/net/can/bfin_can.c b/drivers/net/can/bfin_can.c
61347 index 1deb8ff..4e2b0c1 100644
61348 --- a/drivers/net/can/bfin_can.c
61349 +++ b/drivers/net/can/bfin_can.c
61350 @@ -338,7 +338,7 @@ static int bfin_can_get_berr_counter(const struct net_device *dev,
61351 return 0;
61352 }
61353
61354 -static int bfin_can_start_xmit(struct sk_buff *skb, struct net_device *dev)
61355 +static netdev_tx_t bfin_can_start_xmit(struct sk_buff *skb, struct net_device *dev)
61356 {
61357 struct bfin_can_priv *priv = netdev_priv(dev);
61358 struct bfin_can_regs __iomem *reg = priv->membase;
61359 diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c
61360 index 8d6208c..7731e3c 100644
61361 --- a/drivers/net/can/dev.c
61362 +++ b/drivers/net/can/dev.c
61363 @@ -1053,7 +1053,7 @@ static void can_dellink(struct net_device *dev, struct list_head *head)
61364 return;
61365 }
61366
61367 -static struct rtnl_link_ops can_link_ops __read_mostly = {
61368 +static struct rtnl_link_ops can_link_ops = {
61369 .kind = "can",
61370 .maxtype = IFLA_CAN_MAX,
61371 .policy = can_policy,
61372 diff --git a/drivers/net/can/flexcan.c b/drivers/net/can/flexcan.c
61373 index 16f7cad..e643cf4 100644
61374 --- a/drivers/net/can/flexcan.c
61375 +++ b/drivers/net/can/flexcan.c
61376 @@ -465,7 +465,7 @@ static int flexcan_get_berr_counter(const struct net_device *dev,
61377 return err;
61378 }
61379
61380 -static int flexcan_start_xmit(struct sk_buff *skb, struct net_device *dev)
61381 +static netdev_tx_t flexcan_start_xmit(struct sk_buff *skb, struct net_device *dev)
61382 {
61383 const struct flexcan_priv *priv = netdev_priv(dev);
61384 struct flexcan_regs __iomem *regs = priv->regs;
61385 diff --git a/drivers/net/can/janz-ican3.c b/drivers/net/can/janz-ican3.c
61386 index f13bb8d..26e4a44 100644
61387 --- a/drivers/net/can/janz-ican3.c
61388 +++ b/drivers/net/can/janz-ican3.c
61389 @@ -1684,7 +1684,7 @@ static int ican3_stop(struct net_device *ndev)
61390 return 0;
61391 }
61392
61393 -static int ican3_xmit(struct sk_buff *skb, struct net_device *ndev)
61394 +static netdev_tx_t ican3_xmit(struct sk_buff *skb, struct net_device *ndev)
61395 {
61396 struct ican3_dev *mod = netdev_priv(ndev);
61397 struct can_frame *cf = (struct can_frame *)skb->data;
61398 diff --git a/drivers/net/can/led.c b/drivers/net/can/led.c
61399 index c1b6676..50a8a51 100644
61400 --- a/drivers/net/can/led.c
61401 +++ b/drivers/net/can/led.c
61402 @@ -128,7 +128,7 @@ static int can_led_notifier(struct notifier_block *nb, unsigned long msg,
61403 }
61404
61405 /* notifier block for netdevice event */
61406 -static struct notifier_block can_netdev_notifier __read_mostly = {
61407 +static struct notifier_block can_netdev_notifier = {
61408 .notifier_call = can_led_notifier,
61409 };
61410
61411 diff --git a/drivers/net/can/sun4i_can.c b/drivers/net/can/sun4i_can.c
61412 index 68ef0a4..9e4938b 100644
61413 --- a/drivers/net/can/sun4i_can.c
61414 +++ b/drivers/net/can/sun4i_can.c
61415 @@ -409,7 +409,7 @@ static int sun4ican_set_mode(struct net_device *dev, enum can_mode mode)
61416 * xx xx xx xx ff ll 00 11 22 33 44 55 66 77
61417 * [ can_id ] [flags] [len] [can data (up to 8 bytes]
61418 */
61419 -static int sun4ican_start_xmit(struct sk_buff *skb, struct net_device *dev)
61420 +static netdev_tx_t sun4ican_start_xmit(struct sk_buff *skb, struct net_device *dev)
61421 {
61422 struct sun4ican_priv *priv = netdev_priv(dev);
61423 struct can_frame *cf = (struct can_frame *)skb->data;
61424 diff --git a/drivers/net/can/vcan.c b/drivers/net/can/vcan.c
61425 index 674f367..ec3a31f 100644
61426 --- a/drivers/net/can/vcan.c
61427 +++ b/drivers/net/can/vcan.c
61428 @@ -163,7 +163,7 @@ static void vcan_setup(struct net_device *dev)
61429 dev->destructor = free_netdev;
61430 }
61431
61432 -static struct rtnl_link_ops vcan_link_ops __read_mostly = {
61433 +static struct rtnl_link_ops vcan_link_ops = {
61434 .kind = "vcan",
61435 .setup = vcan_setup,
61436 };
61437 diff --git a/drivers/net/can/xilinx_can.c b/drivers/net/can/xilinx_can.c
61438 index c71a035..08768ce 100644
61439 --- a/drivers/net/can/xilinx_can.c
61440 +++ b/drivers/net/can/xilinx_can.c
61441 @@ -386,7 +386,7 @@ static int xcan_do_set_mode(struct net_device *ndev, enum can_mode mode)
61442 *
61443 * Return: 0 on success and failure value on error
61444 */
61445 -static int xcan_start_xmit(struct sk_buff *skb, struct net_device *ndev)
61446 +static netdev_tx_t xcan_start_xmit(struct sk_buff *skb, struct net_device *ndev)
61447 {
61448 struct xcan_priv *priv = netdev_priv(ndev);
61449 struct net_device_stats *stats = &ndev->stats;
61450 diff --git a/drivers/net/dummy.c b/drivers/net/dummy.c
61451 index 69fc840..77a32fc 100644
61452 --- a/drivers/net/dummy.c
61453 +++ b/drivers/net/dummy.c
61454 @@ -167,7 +167,7 @@ static int dummy_validate(struct nlattr *tb[], struct nlattr *data[])
61455 return 0;
61456 }
61457
61458 -static struct rtnl_link_ops dummy_link_ops __read_mostly = {
61459 +static struct rtnl_link_ops dummy_link_ops = {
61460 .kind = DRV_NAME,
61461 .setup = dummy_setup,
61462 .validate = dummy_validate,
61463 diff --git a/drivers/net/ethernet/8390/ax88796.c b/drivers/net/ethernet/8390/ax88796.c
61464 index 39ca935..bd14a10 100644
61465 --- a/drivers/net/ethernet/8390/ax88796.c
61466 +++ b/drivers/net/ethernet/8390/ax88796.c
61467 @@ -808,7 +808,7 @@ static int ax_probe(struct platform_device *pdev)
61468 struct ei_device *ei_local;
61469 struct ax_device *ax;
61470 struct resource *irq, *mem, *mem2;
61471 - unsigned long mem_size, mem2_size = 0;
61472 + resource_size_t mem_size, mem2_size = 0;
61473 int ret = 0;
61474
61475 dev = ax__alloc_ei_netdev(sizeof(struct ax_device));
61476 @@ -852,9 +852,11 @@ static int ax_probe(struct platform_device *pdev)
61477 if (ax->plat->reg_offsets)
61478 ei_local->reg_offset = ax->plat->reg_offsets;
61479 else {
61480 + resource_size_t _mem_size = mem_size;
61481 + _mem_size /= 0x18;
61482 ei_local->reg_offset = ax->reg_offsets;
61483 for (ret = 0; ret < 0x18; ret++)
61484 - ax->reg_offsets[ret] = (mem_size / 0x18) * ret;
61485 + ax->reg_offsets[ret] = _mem_size * ret;
61486 }
61487
61488 if (!request_mem_region(mem->start, mem_size, pdev->name)) {
61489 diff --git a/drivers/net/ethernet/8390/axnet_cs.c b/drivers/net/ethernet/8390/axnet_cs.c
61490 index 4ea717d..549ae69 100644
61491 --- a/drivers/net/ethernet/8390/axnet_cs.c
61492 +++ b/drivers/net/ethernet/8390/axnet_cs.c
61493 @@ -96,7 +96,7 @@ static void get_8390_hdr(struct net_device *,
61494 static void block_input(struct net_device *dev, int count,
61495 struct sk_buff *skb, int ring_offset);
61496 static void block_output(struct net_device *dev, int count,
61497 - const u_char *buf, const int start_page);
61498 + const u_char *buf, int start_page);
61499
61500 static void axnet_detach(struct pcmcia_device *p_dev);
61501
61502 @@ -667,7 +667,7 @@ static void block_input(struct net_device *dev, int count,
61503 /*====================================================================*/
61504
61505 static void block_output(struct net_device *dev, int count,
61506 - const u_char *buf, const int start_page)
61507 + const u_char *buf, int start_page)
61508 {
61509 unsigned int nic_base = dev->base_addr;
61510
61511 diff --git a/drivers/net/ethernet/8390/ne2k-pci.c b/drivers/net/ethernet/8390/ne2k-pci.c
61512 index 57e9791..c93b6a0 100644
61513 --- a/drivers/net/ethernet/8390/ne2k-pci.c
61514 +++ b/drivers/net/ethernet/8390/ne2k-pci.c
61515 @@ -172,8 +172,8 @@ static void ne2k_pci_get_8390_hdr(struct net_device *dev, struct e8390_pkt_hdr *
61516 int ring_page);
61517 static void ne2k_pci_block_input(struct net_device *dev, int count,
61518 struct sk_buff *skb, int ring_offset);
61519 -static void ne2k_pci_block_output(struct net_device *dev, const int count,
61520 - const unsigned char *buf, const int start_page);
61521 +static void ne2k_pci_block_output(struct net_device *dev, int count,
61522 + const unsigned char *buf, int start_page);
61523 static const struct ethtool_ops ne2k_pci_ethtool_ops;
61524
61525
61526 @@ -563,7 +563,7 @@ static void ne2k_pci_block_input(struct net_device *dev, int count,
61527 }
61528
61529 static void ne2k_pci_block_output(struct net_device *dev, int count,
61530 - const unsigned char *buf, const int start_page)
61531 + const unsigned char *buf, int start_page)
61532 {
61533 long nic_base = NE_BASE;
61534 unsigned long dma_start;
61535 diff --git a/drivers/net/ethernet/8390/pcnet_cs.c b/drivers/net/ethernet/8390/pcnet_cs.c
61536 index 2f79d29..ed5a64e 100644
61537 --- a/drivers/net/ethernet/8390/pcnet_cs.c
61538 +++ b/drivers/net/ethernet/8390/pcnet_cs.c
61539 @@ -1208,7 +1208,7 @@ static void dma_block_input(struct net_device *dev, int count,
61540 /*====================================================================*/
61541
61542 static void dma_block_output(struct net_device *dev, int count,
61543 - const u_char *buf, const int start_page)
61544 + const u_char *buf, int start_page)
61545 {
61546 unsigned int nic_base = dev->base_addr;
61547 struct pcnet_dev *info = PRIV(dev);
61548 @@ -1387,7 +1387,7 @@ static void shmem_block_input(struct net_device *dev, int count,
61549 /*====================================================================*/
61550
61551 static void shmem_block_output(struct net_device *dev, int count,
61552 - const u_char *buf, const int start_page)
61553 + const u_char *buf, int start_page)
61554 {
61555 void __iomem *shmem = ei_status.mem + (start_page << 8);
61556 shmem -= ei_status.tx_start_page << 8;
61557 diff --git a/drivers/net/ethernet/adi/bfin_mac.c b/drivers/net/ethernet/adi/bfin_mac.c
61558 index 38eaea1..49e5aaa 100644
61559 --- a/drivers/net/ethernet/adi/bfin_mac.c
61560 +++ b/drivers/net/ethernet/adi/bfin_mac.c
61561 @@ -1097,7 +1097,7 @@ static void tx_reclaim_skb_timeout(unsigned long lp)
61562 tx_reclaim_skb((struct bfin_mac_local *)lp);
61563 }
61564
61565 -static int bfin_mac_hard_start_xmit(struct sk_buff *skb,
61566 +static netdev_tx_t bfin_mac_hard_start_xmit(struct sk_buff *skb,
61567 struct net_device *dev)
61568 {
61569 struct bfin_mac_local *lp = netdev_priv(dev);
61570 diff --git a/drivers/net/ethernet/allwinner/sun4i-emac.c b/drivers/net/ethernet/allwinner/sun4i-emac.c
61571 index 6ffdff6..8b96f60 100644
61572 --- a/drivers/net/ethernet/allwinner/sun4i-emac.c
61573 +++ b/drivers/net/ethernet/allwinner/sun4i-emac.c
61574 @@ -412,7 +412,7 @@ static void emac_timeout(struct net_device *dev)
61575 /* Hardware start transmission.
61576 * Send a packet to media from the upper layer.
61577 */
61578 -static int emac_start_xmit(struct sk_buff *skb, struct net_device *dev)
61579 +static netdev_tx_t emac_start_xmit(struct sk_buff *skb, struct net_device *dev)
61580 {
61581 struct emac_board_info *db = netdev_priv(dev);
61582 unsigned long channel;
61583 diff --git a/drivers/net/ethernet/altera/altera_tse_main.c b/drivers/net/ethernet/altera/altera_tse_main.c
61584 index bda31f3..55cfc6e 100644
61585 --- a/drivers/net/ethernet/altera/altera_tse_main.c
61586 +++ b/drivers/net/ethernet/altera/altera_tse_main.c
61587 @@ -551,7 +551,7 @@ static irqreturn_t altera_isr(int irq, void *dev_id)
61588 * physically contiguous fragment starting at
61589 * skb->data, for length of skb_headlen(skb).
61590 */
61591 -static int tse_start_xmit(struct sk_buff *skb, struct net_device *dev)
61592 +static netdev_tx_t tse_start_xmit(struct sk_buff *skb, struct net_device *dev)
61593 {
61594 struct altera_tse_private *priv = netdev_priv(dev);
61595 unsigned int txsize = priv->tx_ring_size;
61596 @@ -1243,7 +1243,7 @@ static int tse_shutdown(struct net_device *dev)
61597 return 0;
61598 }
61599
61600 -static struct net_device_ops altera_tse_netdev_ops = {
61601 +static net_device_ops_no_const altera_tse_netdev_ops __read_only = {
61602 .ndo_open = tse_open,
61603 .ndo_stop = tse_shutdown,
61604 .ndo_start_xmit = tse_start_xmit,
61605 @@ -1480,11 +1480,13 @@ static int altera_tse_probe(struct platform_device *pdev)
61606 ndev->netdev_ops = &altera_tse_netdev_ops;
61607 altera_tse_set_ethtool_ops(ndev);
61608
61609 + pax_open_kernel();
61610 altera_tse_netdev_ops.ndo_set_rx_mode = tse_set_rx_mode;
61611
61612 if (priv->hash_filter)
61613 altera_tse_netdev_ops.ndo_set_rx_mode =
61614 tse_set_rx_mode_hashfilter;
61615 + pax_close_kernel();
61616
61617 /* Scatter/gather IO is not supported,
61618 * so it is turned off
61619 diff --git a/drivers/net/ethernet/amd/7990.c b/drivers/net/ethernet/amd/7990.c
61620 index dcf2a1f..ec0c782 100644
61621 --- a/drivers/net/ethernet/amd/7990.c
61622 +++ b/drivers/net/ethernet/amd/7990.c
61623 @@ -535,7 +535,7 @@ void lance_tx_timeout(struct net_device *dev)
61624 }
61625 EXPORT_SYMBOL_GPL(lance_tx_timeout);
61626
61627 -int lance_start_xmit(struct sk_buff *skb, struct net_device *dev)
61628 +netdev_tx_t lance_start_xmit(struct sk_buff *skb, struct net_device *dev)
61629 {
61630 struct lance_private *lp = netdev_priv(dev);
61631 volatile struct lance_init_block *ib = lp->init_block;
61632 diff --git a/drivers/net/ethernet/amd/7990.h b/drivers/net/ethernet/amd/7990.h
61633 index e9e0be3..1b8e3af 100644
61634 --- a/drivers/net/ethernet/amd/7990.h
61635 +++ b/drivers/net/ethernet/amd/7990.h
61636 @@ -240,7 +240,7 @@ struct lance_private {
61637 /* Now the prototypes we export */
61638 int lance_open(struct net_device *dev);
61639 int lance_close(struct net_device *dev);
61640 -int lance_start_xmit(struct sk_buff *skb, struct net_device *dev);
61641 +netdev_tx_t lance_start_xmit(struct sk_buff *skb, struct net_device *dev);
61642 void lance_set_multicast(struct net_device *dev);
61643 void lance_tx_timeout(struct net_device *dev);
61644 #ifdef CONFIG_NET_POLL_CONTROLLER
61645 diff --git a/drivers/net/ethernet/amd/amd8111e.c b/drivers/net/ethernet/amd/amd8111e.c
61646 index 9496005..1fb7ac2 100644
61647 --- a/drivers/net/ethernet/amd/amd8111e.c
61648 +++ b/drivers/net/ethernet/amd/amd8111e.c
61649 @@ -1690,8 +1690,9 @@ static int amd8111e_resume(struct pci_dev *pci_dev)
61650 return 0;
61651 }
61652
61653 -static void amd8111e_config_ipg(struct net_device *dev)
61654 +static void amd8111e_config_ipg(unsigned long _dev)
61655 {
61656 + struct net_device *dev = (struct net_device *)_dev;
61657 struct amd8111e_priv *lp = netdev_priv(dev);
61658 struct ipg_info *ipg_data = &lp->ipg_data;
61659 void __iomem *mmio = lp->mmio;
61660 @@ -1904,7 +1905,7 @@ static int amd8111e_probe_one(struct pci_dev *pdev,
61661 if(lp->options & OPTION_DYN_IPG_ENABLE){
61662 init_timer(&lp->ipg_data.ipg_timer);
61663 lp->ipg_data.ipg_timer.data = (unsigned long) dev;
61664 - lp->ipg_data.ipg_timer.function = (void *)&amd8111e_config_ipg;
61665 + lp->ipg_data.ipg_timer.function = &amd8111e_config_ipg;
61666 lp->ipg_data.ipg_timer.expires = jiffies +
61667 IPG_CONVERGE_JIFFIES;
61668 lp->ipg_data.ipg = DEFAULT_IPG;
61669 diff --git a/drivers/net/ethernet/amd/atarilance.c b/drivers/net/ethernet/amd/atarilance.c
61670 index d2bc8e5..2285a75 100644
61671 --- a/drivers/net/ethernet/amd/atarilance.c
61672 +++ b/drivers/net/ethernet/amd/atarilance.c
61673 @@ -339,7 +339,7 @@ static unsigned long lance_probe1( struct net_device *dev, struct lance_addr
61674 *init_rec );
61675 static int lance_open( struct net_device *dev );
61676 static void lance_init_ring( struct net_device *dev );
61677 -static int lance_start_xmit( struct sk_buff *skb, struct net_device *dev );
61678 +static netdev_tx_t lance_start_xmit( struct sk_buff *skb, struct net_device *dev );
61679 static irqreturn_t lance_interrupt( int irq, void *dev_id );
61680 static int lance_rx( struct net_device *dev );
61681 static int lance_close( struct net_device *dev );
61682 @@ -770,7 +770,7 @@ static void lance_tx_timeout (struct net_device *dev)
61683
61684 /* XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX */
61685
61686 -static int lance_start_xmit( struct sk_buff *skb, struct net_device *dev )
61687 +static netdev_tx_t lance_start_xmit( struct sk_buff *skb, struct net_device *dev )
61688 {
61689 struct lance_private *lp = netdev_priv(dev);
61690 struct lance_ioreg *IO = lp->iobase;
61691 diff --git a/drivers/net/ethernet/amd/declance.c b/drivers/net/ethernet/amd/declance.c
61692 index b799c7a..58bd5b3 100644
61693 --- a/drivers/net/ethernet/amd/declance.c
61694 +++ b/drivers/net/ethernet/amd/declance.c
61695 @@ -893,7 +893,7 @@ static void lance_tx_timeout(struct net_device *dev)
61696 netif_wake_queue(dev);
61697 }
61698
61699 -static int lance_start_xmit(struct sk_buff *skb, struct net_device *dev)
61700 +static netdev_tx_t lance_start_xmit(struct sk_buff *skb, struct net_device *dev)
61701 {
61702 struct lance_private *lp = netdev_priv(dev);
61703 volatile struct lance_regs *ll = lp->ll;
61704 diff --git a/drivers/net/ethernet/amd/pcnet32.c b/drivers/net/ethernet/amd/pcnet32.c
61705 index c22bf52..a83f5f6 100644
61706 --- a/drivers/net/ethernet/amd/pcnet32.c
61707 +++ b/drivers/net/ethernet/amd/pcnet32.c
61708 @@ -318,7 +318,7 @@ static struct net_device_stats *pcnet32_get_stats(struct net_device *);
61709 static void pcnet32_load_multicast(struct net_device *dev);
61710 static void pcnet32_set_multicast_list(struct net_device *);
61711 static int pcnet32_ioctl(struct net_device *, struct ifreq *, int);
61712 -static void pcnet32_watchdog(struct net_device *);
61713 +static void pcnet32_watchdog(unsigned long);
61714 static int mdio_read(struct net_device *dev, int phy_id, int reg_num);
61715 static void mdio_write(struct net_device *dev, int phy_id, int reg_num,
61716 int val);
61717 @@ -1915,7 +1915,7 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct pci_dev *pdev)
61718
61719 init_timer(&lp->watchdog_timer);
61720 lp->watchdog_timer.data = (unsigned long)dev;
61721 - lp->watchdog_timer.function = (void *)&pcnet32_watchdog;
61722 + lp->watchdog_timer.function = &pcnet32_watchdog;
61723
61724 /* The PCNET32-specific entries in the device structure. */
61725 dev->netdev_ops = &pcnet32_netdev_ops;
61726 @@ -2837,8 +2837,9 @@ static void pcnet32_check_media(struct net_device *dev, int verbose)
61727 * Could possibly be changed to use mii_check_media instead.
61728 */
61729
61730 -static void pcnet32_watchdog(struct net_device *dev)
61731 +static void pcnet32_watchdog(unsigned long _dev)
61732 {
61733 + struct net_device *dev = (struct net_device *)_dev;
61734 struct pcnet32_private *lp = netdev_priv(dev);
61735 unsigned long flags;
61736
61737 diff --git a/drivers/net/ethernet/amd/sun3lance.c b/drivers/net/ethernet/amd/sun3lance.c
61738 index 3d8c6b2..35160ad 100644
61739 --- a/drivers/net/ethernet/amd/sun3lance.c
61740 +++ b/drivers/net/ethernet/amd/sun3lance.c
61741 @@ -235,7 +235,7 @@ struct lance_private {
61742 static int lance_probe( struct net_device *dev);
61743 static int lance_open( struct net_device *dev );
61744 static void lance_init_ring( struct net_device *dev );
61745 -static int lance_start_xmit( struct sk_buff *skb, struct net_device *dev );
61746 +static netdev_tx_t lance_start_xmit( struct sk_buff *skb, struct net_device *dev );
61747 static irqreturn_t lance_interrupt( int irq, void *dev_id);
61748 static int lance_rx( struct net_device *dev );
61749 static int lance_close( struct net_device *dev );
61750 @@ -511,7 +511,7 @@ static void lance_init_ring( struct net_device *dev )
61751 }
61752
61753
61754 -static int lance_start_xmit( struct sk_buff *skb, struct net_device *dev )
61755 +static netdev_tx_t lance_start_xmit( struct sk_buff *skb, struct net_device *dev )
61756 {
61757 struct lance_private *lp = netdev_priv(dev);
61758 int entry, len;
61759 diff --git a/drivers/net/ethernet/amd/sunlance.c b/drivers/net/ethernet/amd/sunlance.c
61760 index 9b56b40..f183a4d 100644
61761 --- a/drivers/net/ethernet/amd/sunlance.c
61762 +++ b/drivers/net/ethernet/amd/sunlance.c
61763 @@ -1106,7 +1106,7 @@ static void lance_tx_timeout(struct net_device *dev)
61764 netif_wake_queue(dev);
61765 }
61766
61767 -static int lance_start_xmit(struct sk_buff *skb, struct net_device *dev)
61768 +static netdev_tx_t lance_start_xmit(struct sk_buff *skb, struct net_device *dev)
61769 {
61770 struct lance_private *lp = netdev_priv(dev);
61771 int entry, skblen, len;
61772 diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-common.h b/drivers/net/ethernet/amd/xgbe/xgbe-common.h
61773 index bbef959..999ab1d 100644
61774 --- a/drivers/net/ethernet/amd/xgbe/xgbe-common.h
61775 +++ b/drivers/net/ethernet/amd/xgbe/xgbe-common.h
61776 @@ -1283,14 +1283,14 @@ do { \
61777 * operations, everything works on mask values.
61778 */
61779 #define XMDIO_READ(_pdata, _mmd, _reg) \
61780 - ((_pdata)->hw_if.read_mmd_regs((_pdata), 0, \
61781 + ((_pdata)->hw_if->read_mmd_regs((_pdata), 0, \
61782 MII_ADDR_C45 | (_mmd << 16) | ((_reg) & 0xffff)))
61783
61784 #define XMDIO_READ_BITS(_pdata, _mmd, _reg, _mask) \
61785 (XMDIO_READ((_pdata), _mmd, _reg) & _mask)
61786
61787 #define XMDIO_WRITE(_pdata, _mmd, _reg, _val) \
61788 - ((_pdata)->hw_if.write_mmd_regs((_pdata), 0, \
61789 + ((_pdata)->hw_if->write_mmd_regs((_pdata), 0, \
61790 MII_ADDR_C45 | (_mmd << 16) | ((_reg) & 0xffff), (_val)))
61791
61792 #define XMDIO_WRITE_BITS(_pdata, _mmd, _reg, _mask, _val) \
61793 diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-dcb.c b/drivers/net/ethernet/amd/xgbe/xgbe-dcb.c
61794 index 895d356..b1c866e 100644
61795 --- a/drivers/net/ethernet/amd/xgbe/xgbe-dcb.c
61796 +++ b/drivers/net/ethernet/amd/xgbe/xgbe-dcb.c
61797 @@ -202,7 +202,7 @@ static int xgbe_dcb_ieee_setets(struct net_device *netdev,
61798 pdata->num_tcs = max_tc + 1;
61799 memcpy(pdata->ets, ets, sizeof(*pdata->ets));
61800
61801 - pdata->hw_if.config_dcb_tc(pdata);
61802 + pdata->hw_if->config_dcb_tc(pdata);
61803
61804 return 0;
61805 }
61806 @@ -249,7 +249,7 @@ static int xgbe_dcb_ieee_setpfc(struct net_device *netdev,
61807
61808 memcpy(pdata->pfc, pfc, sizeof(*pdata->pfc));
61809
61810 - pdata->hw_if.config_dcb_pfc(pdata);
61811 + pdata->hw_if->config_dcb_pfc(pdata);
61812
61813 return 0;
61814 }
61815 diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-desc.c b/drivers/net/ethernet/amd/xgbe/xgbe-desc.c
61816 index b3bc87f..5bdfdd3 100644
61817 --- a/drivers/net/ethernet/amd/xgbe/xgbe-desc.c
61818 +++ b/drivers/net/ethernet/amd/xgbe/xgbe-desc.c
61819 @@ -353,7 +353,7 @@ static int xgbe_map_rx_buffer(struct xgbe_prv_data *pdata,
61820
61821 static void xgbe_wrapper_tx_descriptor_init(struct xgbe_prv_data *pdata)
61822 {
61823 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
61824 + struct xgbe_hw_if *hw_if = pdata->hw_if;
61825 struct xgbe_channel *channel;
61826 struct xgbe_ring *ring;
61827 struct xgbe_ring_data *rdata;
61828 @@ -394,7 +394,7 @@ static void xgbe_wrapper_tx_descriptor_init(struct xgbe_prv_data *pdata)
61829
61830 static void xgbe_wrapper_rx_descriptor_init(struct xgbe_prv_data *pdata)
61831 {
61832 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
61833 + struct xgbe_hw_if *hw_if = pdata->hw_if;
61834 struct xgbe_channel *channel;
61835 struct xgbe_ring *ring;
61836 struct xgbe_ring_desc *rdesc;
61837 @@ -628,17 +628,12 @@ err_out:
61838 return 0;
61839 }
61840
61841 -void xgbe_init_function_ptrs_desc(struct xgbe_desc_if *desc_if)
61842 -{
61843 - DBGPR("-->xgbe_init_function_ptrs_desc\n");
61844 -
61845 - desc_if->alloc_ring_resources = xgbe_alloc_ring_resources;
61846 - desc_if->free_ring_resources = xgbe_free_ring_resources;
61847 - desc_if->map_tx_skb = xgbe_map_tx_skb;
61848 - desc_if->map_rx_buffer = xgbe_map_rx_buffer;
61849 - desc_if->unmap_rdata = xgbe_unmap_rdata;
61850 - desc_if->wrapper_tx_desc_init = xgbe_wrapper_tx_descriptor_init;
61851 - desc_if->wrapper_rx_desc_init = xgbe_wrapper_rx_descriptor_init;
61852 -
61853 - DBGPR("<--xgbe_init_function_ptrs_desc\n");
61854 -}
61855 +const struct xgbe_desc_if default_xgbe_desc_if = {
61856 + .alloc_ring_resources = xgbe_alloc_ring_resources,
61857 + .free_ring_resources = xgbe_free_ring_resources,
61858 + .map_tx_skb = xgbe_map_tx_skb,
61859 + .map_rx_buffer = xgbe_map_rx_buffer,
61860 + .unmap_rdata = xgbe_unmap_rdata,
61861 + .wrapper_tx_desc_init = xgbe_wrapper_tx_descriptor_init,
61862 + .wrapper_rx_desc_init = xgbe_wrapper_rx_descriptor_init,
61863 +};
61864 diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
61865 index 1babcc1..aa7f8f4e 100644
61866 --- a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
61867 +++ b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
61868 @@ -2816,7 +2816,7 @@ static void xgbe_powerdown_rx(struct xgbe_prv_data *pdata)
61869
61870 static int xgbe_init(struct xgbe_prv_data *pdata)
61871 {
61872 - struct xgbe_desc_if *desc_if = &pdata->desc_if;
61873 + struct xgbe_desc_if *desc_if = pdata->desc_if;
61874 int ret;
61875
61876 DBGPR("-->xgbe_init\n");
61877 @@ -2882,107 +2882,102 @@ static int xgbe_init(struct xgbe_prv_data *pdata)
61878 return 0;
61879 }
61880
61881 -void xgbe_init_function_ptrs_dev(struct xgbe_hw_if *hw_if)
61882 -{
61883 - DBGPR("-->xgbe_init_function_ptrs\n");
61884 -
61885 - hw_if->tx_complete = xgbe_tx_complete;
61886 -
61887 - hw_if->set_mac_address = xgbe_set_mac_address;
61888 - hw_if->config_rx_mode = xgbe_config_rx_mode;
61889 -
61890 - hw_if->enable_rx_csum = xgbe_enable_rx_csum;
61891 - hw_if->disable_rx_csum = xgbe_disable_rx_csum;
61892 -
61893 - hw_if->enable_rx_vlan_stripping = xgbe_enable_rx_vlan_stripping;
61894 - hw_if->disable_rx_vlan_stripping = xgbe_disable_rx_vlan_stripping;
61895 - hw_if->enable_rx_vlan_filtering = xgbe_enable_rx_vlan_filtering;
61896 - hw_if->disable_rx_vlan_filtering = xgbe_disable_rx_vlan_filtering;
61897 - hw_if->update_vlan_hash_table = xgbe_update_vlan_hash_table;
61898 -
61899 - hw_if->read_mmd_regs = xgbe_read_mmd_regs;
61900 - hw_if->write_mmd_regs = xgbe_write_mmd_regs;
61901 -
61902 - hw_if->set_gmii_speed = xgbe_set_gmii_speed;
61903 - hw_if->set_gmii_2500_speed = xgbe_set_gmii_2500_speed;
61904 - hw_if->set_xgmii_speed = xgbe_set_xgmii_speed;
61905 -
61906 - hw_if->enable_tx = xgbe_enable_tx;
61907 - hw_if->disable_tx = xgbe_disable_tx;
61908 - hw_if->enable_rx = xgbe_enable_rx;
61909 - hw_if->disable_rx = xgbe_disable_rx;
61910 -
61911 - hw_if->powerup_tx = xgbe_powerup_tx;
61912 - hw_if->powerdown_tx = xgbe_powerdown_tx;
61913 - hw_if->powerup_rx = xgbe_powerup_rx;
61914 - hw_if->powerdown_rx = xgbe_powerdown_rx;
61915 -
61916 - hw_if->dev_xmit = xgbe_dev_xmit;
61917 - hw_if->dev_read = xgbe_dev_read;
61918 - hw_if->enable_int = xgbe_enable_int;
61919 - hw_if->disable_int = xgbe_disable_int;
61920 - hw_if->init = xgbe_init;
61921 - hw_if->exit = xgbe_exit;
61922 +const struct xgbe_hw_if default_xgbe_hw_if = {
61923 + .tx_complete = xgbe_tx_complete,
61924 +
61925 + .set_mac_address = xgbe_set_mac_address,
61926 + .config_rx_mode = xgbe_config_rx_mode,
61927 +
61928 + .enable_rx_csum = xgbe_enable_rx_csum,
61929 + .disable_rx_csum = xgbe_disable_rx_csum,
61930 +
61931 + .enable_rx_vlan_stripping = xgbe_enable_rx_vlan_stripping,
61932 + .disable_rx_vlan_stripping = xgbe_disable_rx_vlan_stripping,
61933 + .enable_rx_vlan_filtering = xgbe_enable_rx_vlan_filtering,
61934 + .disable_rx_vlan_filtering = xgbe_disable_rx_vlan_filtering,
61935 + .update_vlan_hash_table = xgbe_update_vlan_hash_table,
61936 +
61937 + .read_mmd_regs = xgbe_read_mmd_regs,
61938 + .write_mmd_regs = xgbe_write_mmd_regs,
61939 +
61940 + .set_gmii_speed = xgbe_set_gmii_speed,
61941 + .set_gmii_2500_speed = xgbe_set_gmii_2500_speed,
61942 + .set_xgmii_speed = xgbe_set_xgmii_speed,
61943 +
61944 + .enable_tx = xgbe_enable_tx,
61945 + .disable_tx = xgbe_disable_tx,
61946 + .enable_rx = xgbe_enable_rx,
61947 + .disable_rx = xgbe_disable_rx,
61948 +
61949 + .powerup_tx = xgbe_powerup_tx,
61950 + .powerdown_tx = xgbe_powerdown_tx,
61951 + .powerup_rx = xgbe_powerup_rx,
61952 + .powerdown_rx = xgbe_powerdown_rx,
61953 +
61954 + .dev_xmit = xgbe_dev_xmit,
61955 + .dev_read = xgbe_dev_read,
61956 + .enable_int = xgbe_enable_int,
61957 + .disable_int = xgbe_disable_int,
61958 + .init = xgbe_init,
61959 + .exit = xgbe_exit,
61960
61961 /* Descriptor related Sequences have to be initialized here */
61962 - hw_if->tx_desc_init = xgbe_tx_desc_init;
61963 - hw_if->rx_desc_init = xgbe_rx_desc_init;
61964 - hw_if->tx_desc_reset = xgbe_tx_desc_reset;
61965 - hw_if->rx_desc_reset = xgbe_rx_desc_reset;
61966 - hw_if->is_last_desc = xgbe_is_last_desc;
61967 - hw_if->is_context_desc = xgbe_is_context_desc;
61968 - hw_if->tx_start_xmit = xgbe_tx_start_xmit;
61969 + .tx_desc_init = xgbe_tx_desc_init,
61970 + .rx_desc_init = xgbe_rx_desc_init,
61971 + .tx_desc_reset = xgbe_tx_desc_reset,
61972 + .rx_desc_reset = xgbe_rx_desc_reset,
61973 + .is_last_desc = xgbe_is_last_desc,
61974 + .is_context_desc = xgbe_is_context_desc,
61975 + .tx_start_xmit = xgbe_tx_start_xmit,
61976
61977 /* For FLOW ctrl */
61978 - hw_if->config_tx_flow_control = xgbe_config_tx_flow_control;
61979 - hw_if->config_rx_flow_control = xgbe_config_rx_flow_control;
61980 + .config_tx_flow_control = xgbe_config_tx_flow_control,
61981 + .config_rx_flow_control = xgbe_config_rx_flow_control,
61982
61983 /* For RX coalescing */
61984 - hw_if->config_rx_coalesce = xgbe_config_rx_coalesce;
61985 - hw_if->config_tx_coalesce = xgbe_config_tx_coalesce;
61986 - hw_if->usec_to_riwt = xgbe_usec_to_riwt;
61987 - hw_if->riwt_to_usec = xgbe_riwt_to_usec;
61988 + .config_rx_coalesce = xgbe_config_rx_coalesce,
61989 + .config_tx_coalesce = xgbe_config_tx_coalesce,
61990 + .usec_to_riwt = xgbe_usec_to_riwt,
61991 + .riwt_to_usec = xgbe_riwt_to_usec,
61992
61993 /* For RX and TX threshold config */
61994 - hw_if->config_rx_threshold = xgbe_config_rx_threshold;
61995 - hw_if->config_tx_threshold = xgbe_config_tx_threshold;
61996 + .config_rx_threshold = xgbe_config_rx_threshold,
61997 + .config_tx_threshold = xgbe_config_tx_threshold,
61998
61999 /* For RX and TX Store and Forward Mode config */
62000 - hw_if->config_rsf_mode = xgbe_config_rsf_mode;
62001 - hw_if->config_tsf_mode = xgbe_config_tsf_mode;
62002 + .config_rsf_mode = xgbe_config_rsf_mode,
62003 + .config_tsf_mode = xgbe_config_tsf_mode,
62004
62005 /* For TX DMA Operating on Second Frame config */
62006 - hw_if->config_osp_mode = xgbe_config_osp_mode;
62007 + .config_osp_mode = xgbe_config_osp_mode,
62008
62009 /* For RX and TX PBL config */
62010 - hw_if->config_rx_pbl_val = xgbe_config_rx_pbl_val;
62011 - hw_if->get_rx_pbl_val = xgbe_get_rx_pbl_val;
62012 - hw_if->config_tx_pbl_val = xgbe_config_tx_pbl_val;
62013 - hw_if->get_tx_pbl_val = xgbe_get_tx_pbl_val;
62014 - hw_if->config_pblx8 = xgbe_config_pblx8;
62015 + .config_rx_pbl_val = xgbe_config_rx_pbl_val,
62016 + .get_rx_pbl_val = xgbe_get_rx_pbl_val,
62017 + .config_tx_pbl_val = xgbe_config_tx_pbl_val,
62018 + .get_tx_pbl_val = xgbe_get_tx_pbl_val,
62019 + .config_pblx8 = xgbe_config_pblx8,
62020
62021 /* For MMC statistics support */
62022 - hw_if->tx_mmc_int = xgbe_tx_mmc_int;
62023 - hw_if->rx_mmc_int = xgbe_rx_mmc_int;
62024 - hw_if->read_mmc_stats = xgbe_read_mmc_stats;
62025 + .tx_mmc_int = xgbe_tx_mmc_int,
62026 + .rx_mmc_int = xgbe_rx_mmc_int,
62027 + .read_mmc_stats = xgbe_read_mmc_stats,
62028
62029 /* For PTP config */
62030 - hw_if->config_tstamp = xgbe_config_tstamp;
62031 - hw_if->update_tstamp_addend = xgbe_update_tstamp_addend;
62032 - hw_if->set_tstamp_time = xgbe_set_tstamp_time;
62033 - hw_if->get_tstamp_time = xgbe_get_tstamp_time;
62034 - hw_if->get_tx_tstamp = xgbe_get_tx_tstamp;
62035 + .config_tstamp = xgbe_config_tstamp,
62036 + .update_tstamp_addend = xgbe_update_tstamp_addend,
62037 + .set_tstamp_time = xgbe_set_tstamp_time,
62038 + .get_tstamp_time = xgbe_get_tstamp_time,
62039 + .get_tx_tstamp = xgbe_get_tx_tstamp,
62040
62041 /* For Data Center Bridging config */
62042 - hw_if->config_tc = xgbe_config_tc;
62043 - hw_if->config_dcb_tc = xgbe_config_dcb_tc;
62044 - hw_if->config_dcb_pfc = xgbe_config_dcb_pfc;
62045 + .config_tc = xgbe_config_tc,
62046 + .config_dcb_tc = xgbe_config_dcb_tc,
62047 + .config_dcb_pfc = xgbe_config_dcb_pfc,
62048
62049 /* For Receive Side Scaling */
62050 - hw_if->enable_rss = xgbe_enable_rss;
62051 - hw_if->disable_rss = xgbe_disable_rss;
62052 - hw_if->set_rss_hash_key = xgbe_set_rss_hash_key;
62053 - hw_if->set_rss_lookup_table = xgbe_set_rss_lookup_table;
62054 -
62055 - DBGPR("<--xgbe_init_function_ptrs\n");
62056 -}
62057 + .enable_rss = xgbe_enable_rss,
62058 + .disable_rss = xgbe_disable_rss,
62059 + .set_rss_hash_key = xgbe_set_rss_hash_key,
62060 + .set_rss_lookup_table = xgbe_set_rss_lookup_table,
62061 +};
62062 diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
62063 index a9b2709..8cf92f1 100644
62064 --- a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
62065 +++ b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
62066 @@ -245,7 +245,7 @@ static int xgbe_maybe_stop_tx_queue(struct xgbe_channel *channel,
62067 * support, tell it now
62068 */
62069 if (ring->tx.xmit_more)
62070 - pdata->hw_if.tx_start_xmit(channel, ring);
62071 + pdata->hw_if->tx_start_xmit(channel, ring);
62072
62073 return NETDEV_TX_BUSY;
62074 }
62075 @@ -273,7 +273,7 @@ static int xgbe_calc_rx_buf_size(struct net_device *netdev, unsigned int mtu)
62076
62077 static void xgbe_enable_rx_tx_ints(struct xgbe_prv_data *pdata)
62078 {
62079 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
62080 + struct xgbe_hw_if *hw_if = pdata->hw_if;
62081 struct xgbe_channel *channel;
62082 enum xgbe_int int_id;
62083 unsigned int i;
62084 @@ -295,7 +295,7 @@ static void xgbe_enable_rx_tx_ints(struct xgbe_prv_data *pdata)
62085
62086 static void xgbe_disable_rx_tx_ints(struct xgbe_prv_data *pdata)
62087 {
62088 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
62089 + struct xgbe_hw_if *hw_if = pdata->hw_if;
62090 struct xgbe_channel *channel;
62091 enum xgbe_int int_id;
62092 unsigned int i;
62093 @@ -318,7 +318,7 @@ static void xgbe_disable_rx_tx_ints(struct xgbe_prv_data *pdata)
62094 static irqreturn_t xgbe_isr(int irq, void *data)
62095 {
62096 struct xgbe_prv_data *pdata = data;
62097 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
62098 + struct xgbe_hw_if *hw_if = pdata->hw_if;
62099 struct xgbe_channel *channel;
62100 unsigned int dma_isr, dma_ch_isr;
62101 unsigned int mac_isr, mac_tssr;
62102 @@ -447,7 +447,7 @@ static void xgbe_service(struct work_struct *work)
62103 struct xgbe_prv_data,
62104 service_work);
62105
62106 - pdata->phy_if.phy_status(pdata);
62107 + pdata->phy_if->phy_status(pdata);
62108 }
62109
62110 static void xgbe_service_timer(unsigned long data)
62111 @@ -706,7 +706,7 @@ static void xgbe_free_irqs(struct xgbe_prv_data *pdata)
62112
62113 void xgbe_init_tx_coalesce(struct xgbe_prv_data *pdata)
62114 {
62115 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
62116 + struct xgbe_hw_if *hw_if = pdata->hw_if;
62117
62118 DBGPR("-->xgbe_init_tx_coalesce\n");
62119
62120 @@ -720,7 +720,7 @@ void xgbe_init_tx_coalesce(struct xgbe_prv_data *pdata)
62121
62122 void xgbe_init_rx_coalesce(struct xgbe_prv_data *pdata)
62123 {
62124 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
62125 + struct xgbe_hw_if *hw_if = pdata->hw_if;
62126
62127 DBGPR("-->xgbe_init_rx_coalesce\n");
62128
62129 @@ -735,7 +735,7 @@ void xgbe_init_rx_coalesce(struct xgbe_prv_data *pdata)
62130
62131 static void xgbe_free_tx_data(struct xgbe_prv_data *pdata)
62132 {
62133 - struct xgbe_desc_if *desc_if = &pdata->desc_if;
62134 + struct xgbe_desc_if *desc_if = pdata->desc_if;
62135 struct xgbe_channel *channel;
62136 struct xgbe_ring *ring;
62137 struct xgbe_ring_data *rdata;
62138 @@ -760,7 +760,7 @@ static void xgbe_free_tx_data(struct xgbe_prv_data *pdata)
62139
62140 static void xgbe_free_rx_data(struct xgbe_prv_data *pdata)
62141 {
62142 - struct xgbe_desc_if *desc_if = &pdata->desc_if;
62143 + struct xgbe_desc_if *desc_if = pdata->desc_if;
62144 struct xgbe_channel *channel;
62145 struct xgbe_ring *ring;
62146 struct xgbe_ring_data *rdata;
62147 @@ -788,13 +788,13 @@ static int xgbe_phy_init(struct xgbe_prv_data *pdata)
62148 pdata->phy_link = -1;
62149 pdata->phy_speed = SPEED_UNKNOWN;
62150
62151 - return pdata->phy_if.phy_reset(pdata);
62152 + return pdata->phy_if->phy_reset(pdata);
62153 }
62154
62155 int xgbe_powerdown(struct net_device *netdev, unsigned int caller)
62156 {
62157 struct xgbe_prv_data *pdata = netdev_priv(netdev);
62158 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
62159 + struct xgbe_hw_if *hw_if = pdata->hw_if;
62160 unsigned long flags;
62161
62162 DBGPR("-->xgbe_powerdown\n");
62163 @@ -833,7 +833,7 @@ int xgbe_powerdown(struct net_device *netdev, unsigned int caller)
62164 int xgbe_powerup(struct net_device *netdev, unsigned int caller)
62165 {
62166 struct xgbe_prv_data *pdata = netdev_priv(netdev);
62167 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
62168 + struct xgbe_hw_if *hw_if = pdata->hw_if;
62169 unsigned long flags;
62170
62171 DBGPR("-->xgbe_powerup\n");
62172 @@ -870,8 +870,8 @@ int xgbe_powerup(struct net_device *netdev, unsigned int caller)
62173
62174 static int xgbe_start(struct xgbe_prv_data *pdata)
62175 {
62176 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
62177 - struct xgbe_phy_if *phy_if = &pdata->phy_if;
62178 + struct xgbe_hw_if *hw_if = pdata->hw_if;
62179 + struct xgbe_phy_if *phy_if = pdata->phy_if;
62180 struct net_device *netdev = pdata->netdev;
62181 int ret;
62182
62183 @@ -914,8 +914,8 @@ err_phy:
62184
62185 static void xgbe_stop(struct xgbe_prv_data *pdata)
62186 {
62187 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
62188 - struct xgbe_phy_if *phy_if = &pdata->phy_if;
62189 + struct xgbe_hw_if *hw_if = pdata->hw_if;
62190 + struct xgbe_phy_if *phy_if = pdata->phy_if;
62191 struct xgbe_channel *channel;
62192 struct net_device *netdev = pdata->netdev;
62193 struct netdev_queue *txq;
62194 @@ -1143,7 +1143,7 @@ static int xgbe_set_hwtstamp_settings(struct xgbe_prv_data *pdata,
62195 return -ERANGE;
62196 }
62197
62198 - pdata->hw_if.config_tstamp(pdata, mac_tscr);
62199 + pdata->hw_if->config_tstamp(pdata, mac_tscr);
62200
62201 memcpy(&pdata->tstamp_config, &config, sizeof(config));
62202
62203 @@ -1292,7 +1292,7 @@ static void xgbe_packet_info(struct xgbe_prv_data *pdata,
62204 static int xgbe_open(struct net_device *netdev)
62205 {
62206 struct xgbe_prv_data *pdata = netdev_priv(netdev);
62207 - struct xgbe_desc_if *desc_if = &pdata->desc_if;
62208 + struct xgbe_desc_if *desc_if = pdata->desc_if;
62209 int ret;
62210
62211 DBGPR("-->xgbe_open\n");
62212 @@ -1364,7 +1364,7 @@ err_sysclk:
62213 static int xgbe_close(struct net_device *netdev)
62214 {
62215 struct xgbe_prv_data *pdata = netdev_priv(netdev);
62216 - struct xgbe_desc_if *desc_if = &pdata->desc_if;
62217 + struct xgbe_desc_if *desc_if = pdata->desc_if;
62218
62219 DBGPR("-->xgbe_close\n");
62220
62221 @@ -1388,11 +1388,11 @@ static int xgbe_close(struct net_device *netdev)
62222 return 0;
62223 }
62224
62225 -static int xgbe_xmit(struct sk_buff *skb, struct net_device *netdev)
62226 +static netdev_tx_t xgbe_xmit(struct sk_buff *skb, struct net_device *netdev)
62227 {
62228 struct xgbe_prv_data *pdata = netdev_priv(netdev);
62229 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
62230 - struct xgbe_desc_if *desc_if = &pdata->desc_if;
62231 + struct xgbe_hw_if *hw_if = pdata->hw_if;
62232 + struct xgbe_desc_if *desc_if = pdata->desc_if;
62233 struct xgbe_channel *channel;
62234 struct xgbe_ring *ring;
62235 struct xgbe_packet_data *packet;
62236 @@ -1461,7 +1461,7 @@ tx_netdev_return:
62237 static void xgbe_set_rx_mode(struct net_device *netdev)
62238 {
62239 struct xgbe_prv_data *pdata = netdev_priv(netdev);
62240 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
62241 + struct xgbe_hw_if *hw_if = pdata->hw_if;
62242
62243 DBGPR("-->xgbe_set_rx_mode\n");
62244
62245 @@ -1473,7 +1473,7 @@ static void xgbe_set_rx_mode(struct net_device *netdev)
62246 static int xgbe_set_mac_address(struct net_device *netdev, void *addr)
62247 {
62248 struct xgbe_prv_data *pdata = netdev_priv(netdev);
62249 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
62250 + struct xgbe_hw_if *hw_if = pdata->hw_if;
62251 struct sockaddr *saddr = addr;
62252
62253 DBGPR("-->xgbe_set_mac_address\n");
62254 @@ -1548,7 +1548,7 @@ static struct rtnl_link_stats64 *xgbe_get_stats64(struct net_device *netdev,
62255
62256 DBGPR("-->%s\n", __func__);
62257
62258 - pdata->hw_if.read_mmc_stats(pdata);
62259 + pdata->hw_if->read_mmc_stats(pdata);
62260
62261 s->rx_packets = pstats->rxframecount_gb;
62262 s->rx_bytes = pstats->rxoctetcount_gb;
62263 @@ -1575,7 +1575,7 @@ static int xgbe_vlan_rx_add_vid(struct net_device *netdev, __be16 proto,
62264 u16 vid)
62265 {
62266 struct xgbe_prv_data *pdata = netdev_priv(netdev);
62267 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
62268 + struct xgbe_hw_if *hw_if = pdata->hw_if;
62269
62270 DBGPR("-->%s\n", __func__);
62271
62272 @@ -1591,7 +1591,7 @@ static int xgbe_vlan_rx_kill_vid(struct net_device *netdev, __be16 proto,
62273 u16 vid)
62274 {
62275 struct xgbe_prv_data *pdata = netdev_priv(netdev);
62276 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
62277 + struct xgbe_hw_if *hw_if = pdata->hw_if;
62278
62279 DBGPR("-->%s\n", __func__);
62280
62281 @@ -1641,7 +1641,7 @@ static int xgbe_setup_tc(struct net_device *netdev, u32 handle, __be16 proto,
62282 return -EINVAL;
62283
62284 pdata->num_tcs = tc;
62285 - pdata->hw_if.config_tc(pdata);
62286 + pdata->hw_if->config_tc(pdata);
62287
62288 return 0;
62289 }
62290 @@ -1650,7 +1650,7 @@ static int xgbe_set_features(struct net_device *netdev,
62291 netdev_features_t features)
62292 {
62293 struct xgbe_prv_data *pdata = netdev_priv(netdev);
62294 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
62295 + struct xgbe_hw_if *hw_if = pdata->hw_if;
62296 netdev_features_t rxhash, rxcsum, rxvlan, rxvlan_filter;
62297 int ret = 0;
62298
62299 @@ -1716,8 +1716,8 @@ struct net_device_ops *xgbe_get_netdev_ops(void)
62300 static void xgbe_rx_refresh(struct xgbe_channel *channel)
62301 {
62302 struct xgbe_prv_data *pdata = channel->pdata;
62303 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
62304 - struct xgbe_desc_if *desc_if = &pdata->desc_if;
62305 + struct xgbe_hw_if *hw_if = pdata->hw_if;
62306 + struct xgbe_desc_if *desc_if = pdata->desc_if;
62307 struct xgbe_ring *ring = channel->rx_ring;
62308 struct xgbe_ring_data *rdata;
62309
62310 @@ -1794,8 +1794,8 @@ static struct sk_buff *xgbe_create_skb(struct xgbe_prv_data *pdata,
62311 static int xgbe_tx_poll(struct xgbe_channel *channel)
62312 {
62313 struct xgbe_prv_data *pdata = channel->pdata;
62314 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
62315 - struct xgbe_desc_if *desc_if = &pdata->desc_if;
62316 + struct xgbe_hw_if *hw_if = pdata->hw_if;
62317 + struct xgbe_desc_if *desc_if = pdata->desc_if;
62318 struct xgbe_ring *ring = channel->tx_ring;
62319 struct xgbe_ring_data *rdata;
62320 struct xgbe_ring_desc *rdesc;
62321 @@ -1865,7 +1865,7 @@ static int xgbe_tx_poll(struct xgbe_channel *channel)
62322 static int xgbe_rx_poll(struct xgbe_channel *channel, int budget)
62323 {
62324 struct xgbe_prv_data *pdata = channel->pdata;
62325 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
62326 + struct xgbe_hw_if *hw_if = pdata->hw_if;
62327 struct xgbe_ring *ring = channel->rx_ring;
62328 struct xgbe_ring_data *rdata;
62329 struct xgbe_packet_data *packet;
62330 diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-ethtool.c b/drivers/net/ethernet/amd/xgbe/xgbe-ethtool.c
62331 index 11d9f0c..78767ab 100644
62332 --- a/drivers/net/ethernet/amd/xgbe/xgbe-ethtool.c
62333 +++ b/drivers/net/ethernet/amd/xgbe/xgbe-ethtool.c
62334 @@ -206,7 +206,7 @@ static void xgbe_get_ethtool_stats(struct net_device *netdev,
62335 u8 *stat;
62336 int i;
62337
62338 - pdata->hw_if.read_mmc_stats(pdata);
62339 + pdata->hw_if->read_mmc_stats(pdata);
62340 for (i = 0; i < XGBE_STATS_COUNT; i++) {
62341 stat = (u8 *)pdata + xgbe_gstring_stats[i].stat_offset;
62342 *data++ = *(u64 *)stat;
62343 @@ -267,7 +267,7 @@ static int xgbe_set_pauseparam(struct net_device *netdev,
62344 pdata->phy.advertising ^= ADVERTISED_Asym_Pause;
62345
62346 if (netif_running(netdev))
62347 - ret = pdata->phy_if.phy_config_aneg(pdata);
62348 + ret = pdata->phy_if->phy_config_aneg(pdata);
62349
62350 return ret;
62351 }
62352 @@ -368,7 +368,7 @@ static int xgbe_set_settings(struct net_device *netdev,
62353 pdata->phy.advertising &= ~ADVERTISED_Autoneg;
62354
62355 if (netif_running(netdev))
62356 - ret = pdata->phy_if.phy_config_aneg(pdata);
62357 + ret = pdata->phy_if->phy_config_aneg(pdata);
62358
62359 return ret;
62360 }
62361 @@ -422,7 +422,7 @@ static int xgbe_set_coalesce(struct net_device *netdev,
62362 struct ethtool_coalesce *ec)
62363 {
62364 struct xgbe_prv_data *pdata = netdev_priv(netdev);
62365 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
62366 + struct xgbe_hw_if *hw_if = pdata->hw_if;
62367 unsigned int rx_frames, rx_riwt, rx_usecs;
62368 unsigned int tx_frames;
62369
62370 @@ -545,7 +545,7 @@ static int xgbe_set_rxfh(struct net_device *netdev, const u32 *indir,
62371 const u8 *key, const u8 hfunc)
62372 {
62373 struct xgbe_prv_data *pdata = netdev_priv(netdev);
62374 - struct xgbe_hw_if *hw_if = &pdata->hw_if;
62375 + struct xgbe_hw_if *hw_if = pdata->hw_if;
62376 unsigned int ret;
62377
62378 if (hfunc != ETH_RSS_HASH_NO_CHANGE && hfunc != ETH_RSS_HASH_TOP) {
62379 diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-main.c b/drivers/net/ethernet/amd/xgbe/xgbe-main.c
62380 index 3eee320..4188681 100644
62381 --- a/drivers/net/ethernet/amd/xgbe/xgbe-main.c
62382 +++ b/drivers/net/ethernet/amd/xgbe/xgbe-main.c
62383 @@ -202,13 +202,6 @@ static void xgbe_default_config(struct xgbe_prv_data *pdata)
62384 DBGPR("<--xgbe_default_config\n");
62385 }
62386
62387 -static void xgbe_init_all_fptrs(struct xgbe_prv_data *pdata)
62388 -{
62389 - xgbe_init_function_ptrs_dev(&pdata->hw_if);
62390 - xgbe_init_function_ptrs_phy(&pdata->phy_if);
62391 - xgbe_init_function_ptrs_desc(&pdata->desc_if);
62392 -}
62393 -
62394 #ifdef CONFIG_ACPI
62395 static int xgbe_acpi_support(struct xgbe_prv_data *pdata)
62396 {
62397 @@ -647,10 +640,12 @@ static int xgbe_probe(struct platform_device *pdev)
62398 memcpy(netdev->dev_addr, pdata->mac_addr, netdev->addr_len);
62399
62400 /* Set all the function pointers */
62401 - xgbe_init_all_fptrs(pdata);
62402 + pdata->hw_if = &default_xgbe_hw_if;
62403 + pdata->phy_if = &default_xgbe_phy_if;
62404 + pdata->desc_if = &default_xgbe_desc_if;
62405
62406 /* Issue software reset to device */
62407 - pdata->hw_if.exit(pdata);
62408 + pdata->hw_if->exit(pdata);
62409
62410 /* Populate the hardware features */
62411 xgbe_get_all_hw_features(pdata);
62412 @@ -704,7 +699,7 @@ static int xgbe_probe(struct platform_device *pdev)
62413 XGMAC_SET_BITS(pdata->rss_options, MAC_RSSCR, UDP4TE, 1);
62414
62415 /* Call MDIO/PHY initialization routine */
62416 - pdata->phy_if.phy_init(pdata);
62417 + pdata->phy_if->phy_init(pdata);
62418
62419 /* Set device operations */
62420 netdev->netdev_ops = xgbe_get_netdev_ops();
62421 diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c b/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c
62422 index 84c5d29..697b4f2 100644
62423 --- a/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c
62424 +++ b/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c
62425 @@ -202,7 +202,7 @@ static void xgbe_xgmii_mode(struct xgbe_prv_data *pdata)
62426 xgbe_an_enable_kr_training(pdata);
62427
62428 /* Set MAC to 10G speed */
62429 - pdata->hw_if.set_xgmii_speed(pdata);
62430 + pdata->hw_if->set_xgmii_speed(pdata);
62431
62432 /* Set PCS to KR/10G speed */
62433 reg = XMDIO_READ(pdata, MDIO_MMD_PCS, MDIO_CTRL2);
62434 @@ -250,7 +250,7 @@ static void xgbe_gmii_2500_mode(struct xgbe_prv_data *pdata)
62435 xgbe_an_disable_kr_training(pdata);
62436
62437 /* Set MAC to 2.5G speed */
62438 - pdata->hw_if.set_gmii_2500_speed(pdata);
62439 + pdata->hw_if->set_gmii_2500_speed(pdata);
62440
62441 /* Set PCS to KX/1G speed */
62442 reg = XMDIO_READ(pdata, MDIO_MMD_PCS, MDIO_CTRL2);
62443 @@ -298,7 +298,7 @@ static void xgbe_gmii_mode(struct xgbe_prv_data *pdata)
62444 xgbe_an_disable_kr_training(pdata);
62445
62446 /* Set MAC to 1G speed */
62447 - pdata->hw_if.set_gmii_speed(pdata);
62448 + pdata->hw_if->set_gmii_speed(pdata);
62449
62450 /* Set PCS to KX/1G speed */
62451 reg = XMDIO_READ(pdata, MDIO_MMD_PCS, MDIO_CTRL2);
62452 @@ -877,13 +877,13 @@ static void xgbe_phy_adjust_link(struct xgbe_prv_data *pdata)
62453
62454 if (pdata->tx_pause != pdata->phy.tx_pause) {
62455 new_state = 1;
62456 - pdata->hw_if.config_tx_flow_control(pdata);
62457 + pdata->hw_if->config_tx_flow_control(pdata);
62458 pdata->tx_pause = pdata->phy.tx_pause;
62459 }
62460
62461 if (pdata->rx_pause != pdata->phy.rx_pause) {
62462 new_state = 1;
62463 - pdata->hw_if.config_rx_flow_control(pdata);
62464 + pdata->hw_if->config_rx_flow_control(pdata);
62465 pdata->rx_pause = pdata->phy.rx_pause;
62466 }
62467
62468 @@ -1348,14 +1348,13 @@ static void xgbe_phy_init(struct xgbe_prv_data *pdata)
62469 xgbe_dump_phy_registers(pdata);
62470 }
62471
62472 -void xgbe_init_function_ptrs_phy(struct xgbe_phy_if *phy_if)
62473 -{
62474 - phy_if->phy_init = xgbe_phy_init;
62475 +const struct xgbe_phy_if default_xgbe_phy_if = {
62476 + .phy_init = xgbe_phy_init,
62477
62478 - phy_if->phy_reset = xgbe_phy_reset;
62479 - phy_if->phy_start = xgbe_phy_start;
62480 - phy_if->phy_stop = xgbe_phy_stop;
62481 + .phy_reset = xgbe_phy_reset,
62482 + .phy_start = xgbe_phy_start,
62483 + .phy_stop = xgbe_phy_stop,
62484
62485 - phy_if->phy_status = xgbe_phy_status;
62486 - phy_if->phy_config_aneg = xgbe_phy_config_aneg;
62487 -}
62488 + .phy_status = xgbe_phy_status,
62489 + .phy_config_aneg = xgbe_phy_config_aneg,
62490 +};
62491 diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-ptp.c b/drivers/net/ethernet/amd/xgbe/xgbe-ptp.c
62492 index b03e4f5..78e4cc4 100644
62493 --- a/drivers/net/ethernet/amd/xgbe/xgbe-ptp.c
62494 +++ b/drivers/net/ethernet/amd/xgbe/xgbe-ptp.c
62495 @@ -129,7 +129,7 @@ static cycle_t xgbe_cc_read(const struct cyclecounter *cc)
62496 tstamp_cc);
62497 u64 nsec;
62498
62499 - nsec = pdata->hw_if.get_tstamp_time(pdata);
62500 + nsec = pdata->hw_if->get_tstamp_time(pdata);
62501
62502 return nsec;
62503 }
62504 @@ -158,7 +158,7 @@ static int xgbe_adjfreq(struct ptp_clock_info *info, s32 delta)
62505
62506 spin_lock_irqsave(&pdata->tstamp_lock, flags);
62507
62508 - pdata->hw_if.update_tstamp_addend(pdata, addend);
62509 + pdata->hw_if->update_tstamp_addend(pdata, addend);
62510
62511 spin_unlock_irqrestore(&pdata->tstamp_lock, flags);
62512
62513 diff --git a/drivers/net/ethernet/amd/xgbe/xgbe.h b/drivers/net/ethernet/amd/xgbe/xgbe.h
62514 index 98d9d63..3825a58 100644
62515 --- a/drivers/net/ethernet/amd/xgbe/xgbe.h
62516 +++ b/drivers/net/ethernet/amd/xgbe/xgbe.h
62517 @@ -786,9 +786,9 @@ struct xgbe_prv_data {
62518 int dev_irq;
62519 unsigned int per_channel_irq;
62520
62521 - struct xgbe_hw_if hw_if;
62522 - struct xgbe_phy_if phy_if;
62523 - struct xgbe_desc_if desc_if;
62524 + struct xgbe_hw_if *hw_if;
62525 + struct xgbe_phy_if *phy_if;
62526 + struct xgbe_desc_if *desc_if;
62527
62528 /* AXI DMA settings */
62529 unsigned int coherent;
62530 @@ -951,6 +951,10 @@ struct xgbe_prv_data {
62531 #endif
62532 };
62533
62534 +extern const struct xgbe_hw_if default_xgbe_hw_if;
62535 +extern const struct xgbe_phy_if default_xgbe_phy_if;
62536 +extern const struct xgbe_desc_if default_xgbe_desc_if;
62537 +
62538 /* Function prototypes*/
62539
62540 void xgbe_init_function_ptrs_dev(struct xgbe_hw_if *);
62541 diff --git a/drivers/net/ethernet/apm/xgene/xgene_enet_main.c b/drivers/net/ethernet/apm/xgene/xgene_enet_main.c
62542 index d1d6b5e..19d6062 100644
62543 --- a/drivers/net/ethernet/apm/xgene/xgene_enet_main.c
62544 +++ b/drivers/net/ethernet/apm/xgene/xgene_enet_main.c
62545 @@ -111,7 +111,7 @@ static void xgene_enet_delete_bufpool(struct xgene_enet_desc_ring *buf_pool)
62546 }
62547 }
62548
62549 -static irqreturn_t xgene_enet_rx_irq(const int irq, void *data)
62550 +static irqreturn_t xgene_enet_rx_irq(int irq, void *data)
62551 {
62552 struct xgene_enet_desc_ring *rx_ring = data;
62553
62554 @@ -577,7 +577,7 @@ static int xgene_enet_process_ring(struct xgene_enet_desc_ring *ring,
62555 return processed;
62556 }
62557
62558 -static int xgene_enet_napi(struct napi_struct *napi, const int budget)
62559 +static int xgene_enet_napi(struct napi_struct *napi, int budget)
62560 {
62561 struct xgene_enet_desc_ring *ring;
62562 int processed;
62563 diff --git a/drivers/net/ethernet/arc/emac_main.c b/drivers/net/ethernet/arc/emac_main.c
62564 index b0da969..1688f6b 100644
62565 --- a/drivers/net/ethernet/arc/emac_main.c
62566 +++ b/drivers/net/ethernet/arc/emac_main.c
62567 @@ -608,7 +608,7 @@ static struct net_device_stats *arc_emac_stats(struct net_device *ndev)
62568 *
62569 * This function is invoked from upper layers to initiate transmission.
62570 */
62571 -static int arc_emac_tx(struct sk_buff *skb, struct net_device *ndev)
62572 +static netdev_tx_t arc_emac_tx(struct sk_buff *skb, struct net_device *ndev)
62573 {
62574 struct arc_emac_priv *priv = netdev_priv(ndev);
62575 unsigned int len, *txbd_curr = &priv->txbd_curr;
62576 diff --git a/drivers/net/ethernet/atheros/alx/main.c b/drivers/net/ethernet/atheros/alx/main.c
62577 index 4eb17da..5262e50 100644
62578 --- a/drivers/net/ethernet/atheros/alx/main.c
62579 +++ b/drivers/net/ethernet/atheros/alx/main.c
62580 @@ -1462,7 +1462,7 @@ static SIMPLE_DEV_PM_OPS(alx_pm_ops, alx_suspend, alx_resume);
62581
62582
62583 static pci_ers_result_t alx_pci_error_detected(struct pci_dev *pdev,
62584 - pci_channel_state_t state)
62585 + enum pci_channel_state state)
62586 {
62587 struct alx_priv *alx = pci_get_drvdata(pdev);
62588 struct net_device *netdev = alx->dev;
62589 diff --git a/drivers/net/ethernet/atheros/atl1c/atl1c_main.c b/drivers/net/ethernet/atheros/atl1c/atl1c_main.c
62590 index a3200ea..d02b523 100644
62591 --- a/drivers/net/ethernet/atheros/atl1c/atl1c_main.c
62592 +++ b/drivers/net/ethernet/atheros/atl1c/atl1c_main.c
62593 @@ -2704,7 +2704,7 @@ static void atl1c_remove(struct pci_dev *pdev)
62594 * this device has been detected.
62595 */
62596 static pci_ers_result_t atl1c_io_error_detected(struct pci_dev *pdev,
62597 - pci_channel_state_t state)
62598 + enum pci_channel_state state)
62599 {
62600 struct net_device *netdev = pci_get_drvdata(pdev);
62601 struct atl1c_adapter *adapter = netdev_priv(netdev);
62602 diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
62603 index 974713b..5e0112b 100644
62604 --- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
62605 +++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
62606 @@ -2475,7 +2475,7 @@ static void atl1e_remove(struct pci_dev *pdev)
62607 * this device has been detected.
62608 */
62609 static pci_ers_result_t
62610 -atl1e_io_error_detected(struct pci_dev *pdev, pci_channel_state_t state)
62611 +atl1e_io_error_detected(struct pci_dev *pdev, enum pci_channel_state state)
62612 {
62613 struct net_device *netdev = pci_get_drvdata(pdev);
62614 struct atl1e_adapter *adapter = netdev_priv(netdev);
62615 diff --git a/drivers/net/ethernet/aurora/nb8800.c b/drivers/net/ethernet/aurora/nb8800.c
62616 index b047fd6..d115fcb 100644
62617 --- a/drivers/net/ethernet/aurora/nb8800.c
62618 +++ b/drivers/net/ethernet/aurora/nb8800.c
62619 @@ -396,7 +396,7 @@ static void nb8800_tx_dma_start_irq(struct net_device *dev)
62620 spin_unlock(&priv->tx_lock);
62621 }
62622
62623 -static int nb8800_xmit(struct sk_buff *skb, struct net_device *dev)
62624 +static netdev_tx_t nb8800_xmit(struct sk_buff *skb, struct net_device *dev)
62625 {
62626 struct nb8800_priv *priv = netdev_priv(dev);
62627 struct nb8800_tx_desc *txd;
62628 diff --git a/drivers/net/ethernet/broadcom/bcm63xx_enet.c b/drivers/net/ethernet/broadcom/bcm63xx_enet.c
62629 index 6c8bc5f..58c4f8c 100644
62630 --- a/drivers/net/ethernet/broadcom/bcm63xx_enet.c
62631 +++ b/drivers/net/ethernet/broadcom/bcm63xx_enet.c
62632 @@ -571,7 +571,7 @@ static irqreturn_t bcm_enet_isr_dma(int irq, void *dev_id)
62633 /*
62634 * tx request callback
62635 */
62636 -static int bcm_enet_start_xmit(struct sk_buff *skb, struct net_device *dev)
62637 +static netdev_tx_t bcm_enet_start_xmit(struct sk_buff *skb, struct net_device *dev)
62638 {
62639 struct bcm_enet_priv *priv;
62640 struct bcm_enet_desc *desc;
62641 diff --git a/drivers/net/ethernet/broadcom/bnx2.c b/drivers/net/ethernet/broadcom/bnx2.c
62642 index 505ceaf..c88cfa9 100644
62643 --- a/drivers/net/ethernet/broadcom/bnx2.c
62644 +++ b/drivers/net/ethernet/broadcom/bnx2.c
62645 @@ -8703,7 +8703,7 @@ static SIMPLE_DEV_PM_OPS(bnx2_pm_ops, bnx2_suspend, bnx2_resume);
62646 * this device has been detected.
62647 */
62648 static pci_ers_result_t bnx2_io_error_detected(struct pci_dev *pdev,
62649 - pci_channel_state_t state)
62650 + enum pci_channel_state state)
62651 {
62652 struct net_device *dev = pci_get_drvdata(pdev);
62653 struct bnx2 *bp = netdev_priv(dev);
62654 diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h
62655 index 0e68fad..3546d87 100644
62656 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h
62657 +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h
62658 @@ -1124,7 +1124,7 @@ static inline u8 bnx2x_get_path_func_num(struct bnx2x *bp)
62659 static inline void bnx2x_init_bp_objs(struct bnx2x *bp)
62660 {
62661 /* RX_MODE controlling object */
62662 - bnx2x_init_rx_mode_obj(bp, &bp->rx_mode_obj);
62663 + bnx2x_init_rx_mode_obj(bp);
62664
62665 /* multicast configuration controlling object */
62666 bnx2x_init_mcast_obj(bp, &bp->mcast_obj, bp->fp->cl_id, bp->fp->cid,
62667 diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c
62668 index 1fb8010..0a8dc20 100644
62669 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c
62670 +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c
62671 @@ -5621,7 +5621,7 @@ static int bnx2x_get_link_speed_duplex(struct bnx2x_phy *phy,
62672 return 0;
62673 }
62674
62675 -static int bnx2x_link_settings_status(struct bnx2x_phy *phy,
62676 +static u8 bnx2x_link_settings_status(struct bnx2x_phy *phy,
62677 struct link_params *params,
62678 struct link_vars *vars)
62679 {
62680 @@ -5695,7 +5695,7 @@ static int bnx2x_link_settings_status(struct bnx2x_phy *phy,
62681 return rc;
62682 }
62683
62684 -static int bnx2x_warpcore_read_status(struct bnx2x_phy *phy,
62685 +static u8 bnx2x_warpcore_read_status(struct bnx2x_phy *phy,
62686 struct link_params *params,
62687 struct link_vars *vars)
62688 {
62689 @@ -7436,7 +7436,7 @@ static void bnx2x_8073_specific_func(struct bnx2x_phy *phy,
62690 }
62691 }
62692
62693 -static int bnx2x_8073_config_init(struct bnx2x_phy *phy,
62694 +static void bnx2x_8073_config_init(struct bnx2x_phy *phy,
62695 struct link_params *params,
62696 struct link_vars *vars)
62697 {
62698 @@ -7499,7 +7499,7 @@ static int bnx2x_8073_config_init(struct bnx2x_phy *phy,
62699 if (params->loopback_mode == LOOPBACK_EXT) {
62700 bnx2x_807x_force_10G(bp, phy);
62701 DP(NETIF_MSG_LINK, "Forced speed 10G on 807X\n");
62702 - return 0;
62703 + return;
62704 } else {
62705 bnx2x_cl45_write(bp, phy,
62706 MDIO_PMA_DEVAD, MDIO_PMA_REG_BCM_CTRL, 0x0002);
62707 @@ -7581,7 +7581,6 @@ static int bnx2x_8073_config_init(struct bnx2x_phy *phy,
62708 bnx2x_cl45_write(bp, phy, MDIO_AN_DEVAD, MDIO_AN_REG_CTRL, 0x1200);
62709 DP(NETIF_MSG_LINK, "807x Autoneg Restart: Advertise 1G=%x, 10G=%x\n",
62710 ((val & (1<<5)) > 0), ((val & (1<<7)) > 0));
62711 - return 0;
62712 }
62713
62714 static u8 bnx2x_8073_read_status(struct bnx2x_phy *phy,
62715 @@ -7748,7 +7747,7 @@ static void bnx2x_8073_link_reset(struct bnx2x_phy *phy,
62716 /******************************************************************/
62717 /* BCM8705 PHY SECTION */
62718 /******************************************************************/
62719 -static int bnx2x_8705_config_init(struct bnx2x_phy *phy,
62720 +static void bnx2x_8705_config_init(struct bnx2x_phy *phy,
62721 struct link_params *params,
62722 struct link_vars *vars)
62723 {
62724 @@ -7772,7 +7771,6 @@ static int bnx2x_8705_config_init(struct bnx2x_phy *phy,
62725 MDIO_WIS_DEVAD, MDIO_WIS_REG_LASI_CNTL, 0x1);
62726 /* BCM8705 doesn't have microcode, hence the 0 */
62727 bnx2x_save_spirom_version(bp, params->port, params->shmem_base, 0);
62728 - return 0;
62729 }
62730
62731 static u8 bnx2x_8705_read_status(struct bnx2x_phy *phy,
62732 @@ -8959,7 +8957,7 @@ static u8 bnx2x_8706_8726_read_status(struct bnx2x_phy *phy,
62733 /******************************************************************/
62734 /* BCM8706 PHY SECTION */
62735 /******************************************************************/
62736 -static u8 bnx2x_8706_config_init(struct bnx2x_phy *phy,
62737 +static void bnx2x_8706_config_init(struct bnx2x_phy *phy,
62738 struct link_params *params,
62739 struct link_vars *vars)
62740 {
62741 @@ -9061,11 +9059,9 @@ static u8 bnx2x_8706_config_init(struct bnx2x_phy *phy,
62742 bnx2x_cl45_write(bp, phy,
62743 MDIO_PMA_DEVAD, MDIO_PMA_REG_DIGITAL_CTRL, tmp1);
62744 }
62745 -
62746 - return 0;
62747 }
62748
62749 -static int bnx2x_8706_read_status(struct bnx2x_phy *phy,
62750 +static u8 bnx2x_8706_read_status(struct bnx2x_phy *phy,
62751 struct link_params *params,
62752 struct link_vars *vars)
62753 {
62754 @@ -9142,7 +9138,7 @@ static u8 bnx2x_8726_read_status(struct bnx2x_phy *phy,
62755 }
62756
62757
62758 -static int bnx2x_8726_config_init(struct bnx2x_phy *phy,
62759 +static void bnx2x_8726_config_init(struct bnx2x_phy *phy,
62760 struct link_params *params,
62761 struct link_vars *vars)
62762 {
62763 @@ -9223,8 +9219,6 @@ static int bnx2x_8726_config_init(struct bnx2x_phy *phy,
62764 phy->tx_preemphasis[1]);
62765 }
62766
62767 - return 0;
62768 -
62769 }
62770
62771 static void bnx2x_8726_link_reset(struct bnx2x_phy *phy,
62772 @@ -9360,7 +9354,7 @@ static void bnx2x_8727_config_speed(struct bnx2x_phy *phy,
62773 }
62774 }
62775
62776 -static int bnx2x_8727_config_init(struct bnx2x_phy *phy,
62777 +static void bnx2x_8727_config_init(struct bnx2x_phy *phy,
62778 struct link_params *params,
62779 struct link_vars *vars)
62780 {
62781 @@ -9442,8 +9436,6 @@ static int bnx2x_8727_config_init(struct bnx2x_phy *phy,
62782 MDIO_PMA_DEVAD, MDIO_PMA_REG_PHY_IDENTIFIER,
62783 (tmp2 & 0x7fff));
62784 }
62785 -
62786 - return 0;
62787 }
62788
62789 static void bnx2x_8727_handle_mod_abs(struct bnx2x_phy *phy,
62790 @@ -10018,7 +10010,7 @@ static int bnx2x_848xx_cmn_config_init(struct bnx2x_phy *phy,
62791 return 0;
62792 }
62793
62794 -static int bnx2x_8481_config_init(struct bnx2x_phy *phy,
62795 +static void bnx2x_8481_config_init(struct bnx2x_phy *phy,
62796 struct link_params *params,
62797 struct link_vars *vars)
62798 {
62799 @@ -10032,7 +10024,7 @@ static int bnx2x_8481_config_init(struct bnx2x_phy *phy,
62800 bnx2x_wait_reset_complete(bp, phy, params);
62801
62802 bnx2x_cl45_write(bp, phy, MDIO_PMA_DEVAD, MDIO_PMA_REG_CTRL, 1<<15);
62803 - return bnx2x_848xx_cmn_config_init(phy, params, vars);
62804 + bnx2x_848xx_cmn_config_init(phy, params, vars);
62805 }
62806
62807 #define PHY848xx_CMDHDLR_WAIT 300
62808 @@ -10282,7 +10274,7 @@ static u8 bnx2x_84833_get_reset_gpios(struct bnx2x *bp,
62809 return reset_gpios;
62810 }
62811
62812 -static int bnx2x_84833_hw_reset_phy(struct bnx2x_phy *phy,
62813 +static void bnx2x_84833_hw_reset_phy(struct bnx2x_phy *phy,
62814 struct link_params *params)
62815 {
62816 struct bnx2x *bp = params->bp;
62817 @@ -10311,8 +10303,6 @@ static int bnx2x_84833_hw_reset_phy(struct bnx2x_phy *phy,
62818 udelay(10);
62819 DP(NETIF_MSG_LINK, "84833 hw reset on pin values 0x%x\n",
62820 reset_gpios);
62821 -
62822 - return 0;
62823 }
62824
62825 static int bnx2x_8483x_disable_eee(struct bnx2x_phy *phy,
62826 @@ -10355,7 +10345,7 @@ static int bnx2x_8483x_enable_eee(struct bnx2x_phy *phy,
62827 }
62828
62829 #define PHY84833_CONSTANT_LATENCY 1193
62830 -static int bnx2x_848x3_config_init(struct bnx2x_phy *phy,
62831 +static void bnx2x_848x3_config_init(struct bnx2x_phy *phy,
62832 struct link_params *params,
62833 struct link_vars *vars)
62834 {
62835 @@ -10502,7 +10492,7 @@ static int bnx2x_848x3_config_init(struct bnx2x_phy *phy,
62836 if (rc) {
62837 DP(NETIF_MSG_LINK, "Failed to configure EEE timers\n");
62838 bnx2x_8483x_disable_eee(phy, params, vars);
62839 - return rc;
62840 + return;
62841 }
62842
62843 if ((phy->req_duplex == DUPLEX_FULL) &&
62844 @@ -10514,7 +10504,7 @@ static int bnx2x_848x3_config_init(struct bnx2x_phy *phy,
62845 rc = bnx2x_8483x_disable_eee(phy, params, vars);
62846 if (rc) {
62847 DP(NETIF_MSG_LINK, "Failed to set EEE advertisement\n");
62848 - return rc;
62849 + return;
62850 }
62851 } else {
62852 vars->eee_status &= ~SHMEM_EEE_SUPPORTED_MASK;
62853 @@ -10553,7 +10543,6 @@ static int bnx2x_848x3_config_init(struct bnx2x_phy *phy,
62854 MDIO_84833_TOP_CFG_XGPHY_STRAP1,
62855 (u16)~MDIO_84833_SUPER_ISOLATE);
62856 }
62857 - return rc;
62858 }
62859
62860 static u8 bnx2x_848xx_read_status(struct bnx2x_phy *phy,
62861 @@ -11113,7 +11102,7 @@ static void bnx2x_54618se_specific_func(struct bnx2x_phy *phy,
62862 }
62863 }
62864
62865 -static int bnx2x_54618se_config_init(struct bnx2x_phy *phy,
62866 +static void bnx2x_54618se_config_init(struct bnx2x_phy *phy,
62867 struct link_params *params,
62868 struct link_vars *vars)
62869 {
62870 @@ -11315,8 +11304,6 @@ static int bnx2x_54618se_config_init(struct bnx2x_phy *phy,
62871
62872 bnx2x_cl22_write(bp, phy,
62873 MDIO_PMA_REG_CTRL, autoneg_val);
62874 -
62875 - return 0;
62876 }
62877
62878
62879 @@ -11540,7 +11527,7 @@ static void bnx2x_7101_config_loopback(struct bnx2x_phy *phy,
62880 MDIO_XS_DEVAD, MDIO_XS_SFX7101_XGXS_TEST1, 0x100);
62881 }
62882
62883 -static int bnx2x_7101_config_init(struct bnx2x_phy *phy,
62884 +static void bnx2x_7101_config_init(struct bnx2x_phy *phy,
62885 struct link_params *params,
62886 struct link_vars *vars)
62887 {
62888 @@ -11577,7 +11564,6 @@ static int bnx2x_7101_config_init(struct bnx2x_phy *phy,
62889 MDIO_PMA_DEVAD, MDIO_PMA_REG_7101_VER2, &fw_ver2);
62890 bnx2x_save_spirom_version(bp, params->port,
62891 (u32)(fw_ver1<<16 | fw_ver2), phy->ver_addr);
62892 - return 0;
62893 }
62894
62895 static u8 bnx2x_7101_read_status(struct bnx2x_phy *phy,
62896 @@ -11746,9 +11732,9 @@ static const struct bnx2x_phy phy_serdes = {
62897 .speed_cap_mask = 0,
62898 .req_duplex = 0,
62899 .rsrv = 0,
62900 - .config_init = (config_init_t)bnx2x_xgxs_config_init,
62901 - .read_status = (read_status_t)bnx2x_link_settings_status,
62902 - .link_reset = (link_reset_t)bnx2x_int_link_reset,
62903 + .config_init = bnx2x_xgxs_config_init,
62904 + .read_status = bnx2x_link_settings_status,
62905 + .link_reset = bnx2x_int_link_reset,
62906 .config_loopback = (config_loopback_t)NULL,
62907 .format_fw_ver = (format_fw_ver_t)NULL,
62908 .hw_reset = (hw_reset_t)NULL,
62909 @@ -11782,14 +11768,14 @@ static const struct bnx2x_phy phy_xgxs = {
62910 .speed_cap_mask = 0,
62911 .req_duplex = 0,
62912 .rsrv = 0,
62913 - .config_init = (config_init_t)bnx2x_xgxs_config_init,
62914 - .read_status = (read_status_t)bnx2x_link_settings_status,
62915 - .link_reset = (link_reset_t)bnx2x_int_link_reset,
62916 - .config_loopback = (config_loopback_t)bnx2x_set_xgxs_loopback,
62917 + .config_init = bnx2x_xgxs_config_init,
62918 + .read_status = bnx2x_link_settings_status,
62919 + .link_reset = bnx2x_int_link_reset,
62920 + .config_loopback = bnx2x_set_xgxs_loopback,
62921 .format_fw_ver = (format_fw_ver_t)NULL,
62922 .hw_reset = (hw_reset_t)NULL,
62923 .set_link_led = (set_link_led_t)NULL,
62924 - .phy_specific_func = (phy_specific_func_t)bnx2x_xgxs_specific_func
62925 + .phy_specific_func = bnx2x_xgxs_specific_func
62926 };
62927 static const struct bnx2x_phy phy_warpcore = {
62928 .type = PORT_HW_CFG_XGXS_EXT_PHY_TYPE_DIRECT,
62929 @@ -11820,12 +11806,12 @@ static const struct bnx2x_phy phy_warpcore = {
62930 .speed_cap_mask = 0,
62931 /* req_duplex = */0,
62932 /* rsrv = */0,
62933 - .config_init = (config_init_t)bnx2x_warpcore_config_init,
62934 - .read_status = (read_status_t)bnx2x_warpcore_read_status,
62935 - .link_reset = (link_reset_t)bnx2x_warpcore_link_reset,
62936 - .config_loopback = (config_loopback_t)bnx2x_set_warpcore_loopback,
62937 + .config_init = bnx2x_warpcore_config_init,
62938 + .read_status = bnx2x_warpcore_read_status,
62939 + .link_reset = bnx2x_warpcore_link_reset,
62940 + .config_loopback = bnx2x_set_warpcore_loopback,
62941 .format_fw_ver = (format_fw_ver_t)NULL,
62942 - .hw_reset = (hw_reset_t)bnx2x_warpcore_hw_reset,
62943 + .hw_reset = bnx2x_warpcore_hw_reset,
62944 .set_link_led = (set_link_led_t)NULL,
62945 .phy_specific_func = (phy_specific_func_t)NULL
62946 };
62947 @@ -11851,13 +11837,13 @@ static const struct bnx2x_phy phy_7101 = {
62948 .speed_cap_mask = 0,
62949 .req_duplex = 0,
62950 .rsrv = 0,
62951 - .config_init = (config_init_t)bnx2x_7101_config_init,
62952 - .read_status = (read_status_t)bnx2x_7101_read_status,
62953 - .link_reset = (link_reset_t)bnx2x_common_ext_link_reset,
62954 - .config_loopback = (config_loopback_t)bnx2x_7101_config_loopback,
62955 - .format_fw_ver = (format_fw_ver_t)bnx2x_7101_format_ver,
62956 - .hw_reset = (hw_reset_t)bnx2x_7101_hw_reset,
62957 - .set_link_led = (set_link_led_t)bnx2x_7101_set_link_led,
62958 + .config_init = bnx2x_7101_config_init,
62959 + .read_status = bnx2x_7101_read_status,
62960 + .link_reset = bnx2x_common_ext_link_reset,
62961 + .config_loopback = bnx2x_7101_config_loopback,
62962 + .format_fw_ver = bnx2x_7101_format_ver,
62963 + .hw_reset = bnx2x_7101_hw_reset,
62964 + .set_link_led = bnx2x_7101_set_link_led,
62965 .phy_specific_func = (phy_specific_func_t)NULL
62966 };
62967 static const struct bnx2x_phy phy_8073 = {
62968 @@ -11882,14 +11868,14 @@ static const struct bnx2x_phy phy_8073 = {
62969 .speed_cap_mask = 0,
62970 .req_duplex = 0,
62971 .rsrv = 0,
62972 - .config_init = (config_init_t)bnx2x_8073_config_init,
62973 - .read_status = (read_status_t)bnx2x_8073_read_status,
62974 - .link_reset = (link_reset_t)bnx2x_8073_link_reset,
62975 + .config_init = bnx2x_8073_config_init,
62976 + .read_status = bnx2x_8073_read_status,
62977 + .link_reset = bnx2x_8073_link_reset,
62978 .config_loopback = (config_loopback_t)NULL,
62979 - .format_fw_ver = (format_fw_ver_t)bnx2x_format_ver,
62980 + .format_fw_ver = bnx2x_format_ver,
62981 .hw_reset = (hw_reset_t)NULL,
62982 .set_link_led = (set_link_led_t)NULL,
62983 - .phy_specific_func = (phy_specific_func_t)bnx2x_8073_specific_func
62984 + .phy_specific_func = bnx2x_8073_specific_func
62985 };
62986 static const struct bnx2x_phy phy_8705 = {
62987 .type = PORT_HW_CFG_XGXS_EXT_PHY_TYPE_BCM8705,
62988 @@ -11910,11 +11896,11 @@ static const struct bnx2x_phy phy_8705 = {
62989 .speed_cap_mask = 0,
62990 .req_duplex = 0,
62991 .rsrv = 0,
62992 - .config_init = (config_init_t)bnx2x_8705_config_init,
62993 - .read_status = (read_status_t)bnx2x_8705_read_status,
62994 - .link_reset = (link_reset_t)bnx2x_common_ext_link_reset,
62995 + .config_init = bnx2x_8705_config_init,
62996 + .read_status = bnx2x_8705_read_status,
62997 + .link_reset = bnx2x_common_ext_link_reset,
62998 .config_loopback = (config_loopback_t)NULL,
62999 - .format_fw_ver = (format_fw_ver_t)bnx2x_null_format_ver,
63000 + .format_fw_ver = bnx2x_null_format_ver,
63001 .hw_reset = (hw_reset_t)NULL,
63002 .set_link_led = (set_link_led_t)NULL,
63003 .phy_specific_func = (phy_specific_func_t)NULL
63004 @@ -11939,11 +11925,11 @@ static const struct bnx2x_phy phy_8706 = {
63005 .speed_cap_mask = 0,
63006 .req_duplex = 0,
63007 .rsrv = 0,
63008 - .config_init = (config_init_t)bnx2x_8706_config_init,
63009 - .read_status = (read_status_t)bnx2x_8706_read_status,
63010 - .link_reset = (link_reset_t)bnx2x_common_ext_link_reset,
63011 + .config_init = bnx2x_8706_config_init,
63012 + .read_status = bnx2x_8706_read_status,
63013 + .link_reset = bnx2x_common_ext_link_reset,
63014 .config_loopback = (config_loopback_t)NULL,
63015 - .format_fw_ver = (format_fw_ver_t)bnx2x_format_ver,
63016 + .format_fw_ver = bnx2x_format_ver,
63017 .hw_reset = (hw_reset_t)NULL,
63018 .set_link_led = (set_link_led_t)NULL,
63019 .phy_specific_func = (phy_specific_func_t)NULL
63020 @@ -11971,11 +11957,11 @@ static const struct bnx2x_phy phy_8726 = {
63021 .speed_cap_mask = 0,
63022 .req_duplex = 0,
63023 .rsrv = 0,
63024 - .config_init = (config_init_t)bnx2x_8726_config_init,
63025 - .read_status = (read_status_t)bnx2x_8726_read_status,
63026 - .link_reset = (link_reset_t)bnx2x_8726_link_reset,
63027 - .config_loopback = (config_loopback_t)bnx2x_8726_config_loopback,
63028 - .format_fw_ver = (format_fw_ver_t)bnx2x_format_ver,
63029 + .config_init = bnx2x_8726_config_init,
63030 + .read_status = bnx2x_8726_read_status,
63031 + .link_reset = bnx2x_8726_link_reset,
63032 + .config_loopback = bnx2x_8726_config_loopback,
63033 + .format_fw_ver = bnx2x_format_ver,
63034 .hw_reset = (hw_reset_t)NULL,
63035 .set_link_led = (set_link_led_t)NULL,
63036 .phy_specific_func = (phy_specific_func_t)NULL
63037 @@ -12002,14 +11988,14 @@ static const struct bnx2x_phy phy_8727 = {
63038 .speed_cap_mask = 0,
63039 .req_duplex = 0,
63040 .rsrv = 0,
63041 - .config_init = (config_init_t)bnx2x_8727_config_init,
63042 - .read_status = (read_status_t)bnx2x_8727_read_status,
63043 - .link_reset = (link_reset_t)bnx2x_8727_link_reset,
63044 + .config_init = bnx2x_8727_config_init,
63045 + .read_status = bnx2x_8727_read_status,
63046 + .link_reset = bnx2x_8727_link_reset,
63047 .config_loopback = (config_loopback_t)NULL,
63048 - .format_fw_ver = (format_fw_ver_t)bnx2x_format_ver,
63049 - .hw_reset = (hw_reset_t)bnx2x_8727_hw_reset,
63050 - .set_link_led = (set_link_led_t)bnx2x_8727_set_link_led,
63051 - .phy_specific_func = (phy_specific_func_t)bnx2x_8727_specific_func
63052 + .format_fw_ver = bnx2x_format_ver,
63053 + .hw_reset = bnx2x_8727_hw_reset,
63054 + .set_link_led = bnx2x_8727_set_link_led,
63055 + .phy_specific_func = bnx2x_8727_specific_func
63056 };
63057 static const struct bnx2x_phy phy_8481 = {
63058 .type = PORT_HW_CFG_XGXS_EXT_PHY_TYPE_BCM8481,
63059 @@ -12037,13 +12023,13 @@ static const struct bnx2x_phy phy_8481 = {
63060 .speed_cap_mask = 0,
63061 .req_duplex = 0,
63062 .rsrv = 0,
63063 - .config_init = (config_init_t)bnx2x_8481_config_init,
63064 - .read_status = (read_status_t)bnx2x_848xx_read_status,
63065 - .link_reset = (link_reset_t)bnx2x_8481_link_reset,
63066 + .config_init = bnx2x_8481_config_init,
63067 + .read_status = bnx2x_848xx_read_status,
63068 + .link_reset = bnx2x_8481_link_reset,
63069 .config_loopback = (config_loopback_t)NULL,
63070 - .format_fw_ver = (format_fw_ver_t)bnx2x_848xx_format_ver,
63071 - .hw_reset = (hw_reset_t)bnx2x_8481_hw_reset,
63072 - .set_link_led = (set_link_led_t)bnx2x_848xx_set_link_led,
63073 + .format_fw_ver = bnx2x_848xx_format_ver,
63074 + .hw_reset = bnx2x_8481_hw_reset,
63075 + .set_link_led = bnx2x_848xx_set_link_led,
63076 .phy_specific_func = (phy_specific_func_t)NULL
63077 };
63078
63079 @@ -12074,14 +12060,14 @@ static const struct bnx2x_phy phy_84823 = {
63080 .speed_cap_mask = 0,
63081 .req_duplex = 0,
63082 .rsrv = 0,
63083 - .config_init = (config_init_t)bnx2x_848x3_config_init,
63084 - .read_status = (read_status_t)bnx2x_848xx_read_status,
63085 - .link_reset = (link_reset_t)bnx2x_848x3_link_reset,
63086 + .config_init = bnx2x_848x3_config_init,
63087 + .read_status = bnx2x_848xx_read_status,
63088 + .link_reset = bnx2x_848x3_link_reset,
63089 .config_loopback = (config_loopback_t)NULL,
63090 - .format_fw_ver = (format_fw_ver_t)bnx2x_848xx_format_ver,
63091 + .format_fw_ver = bnx2x_848xx_format_ver,
63092 .hw_reset = (hw_reset_t)NULL,
63093 - .set_link_led = (set_link_led_t)bnx2x_848xx_set_link_led,
63094 - .phy_specific_func = (phy_specific_func_t)bnx2x_848xx_specific_func
63095 + .set_link_led = bnx2x_848xx_set_link_led,
63096 + .phy_specific_func = bnx2x_848xx_specific_func
63097 };
63098
63099 static const struct bnx2x_phy phy_84833 = {
63100 @@ -12109,14 +12095,14 @@ static const struct bnx2x_phy phy_84833 = {
63101 .speed_cap_mask = 0,
63102 .req_duplex = 0,
63103 .rsrv = 0,
63104 - .config_init = (config_init_t)bnx2x_848x3_config_init,
63105 - .read_status = (read_status_t)bnx2x_848xx_read_status,
63106 - .link_reset = (link_reset_t)bnx2x_848x3_link_reset,
63107 + .config_init = bnx2x_848x3_config_init,
63108 + .read_status = bnx2x_848xx_read_status,
63109 + .link_reset = bnx2x_848x3_link_reset,
63110 .config_loopback = (config_loopback_t)NULL,
63111 - .format_fw_ver = (format_fw_ver_t)bnx2x_848xx_format_ver,
63112 - .hw_reset = (hw_reset_t)bnx2x_84833_hw_reset_phy,
63113 - .set_link_led = (set_link_led_t)bnx2x_848xx_set_link_led,
63114 - .phy_specific_func = (phy_specific_func_t)bnx2x_848xx_specific_func
63115 + .format_fw_ver = bnx2x_848xx_format_ver,
63116 + .hw_reset = bnx2x_84833_hw_reset_phy,
63117 + .set_link_led = bnx2x_848xx_set_link_led,
63118 + .phy_specific_func = bnx2x_848xx_specific_func
63119 };
63120
63121 static const struct bnx2x_phy phy_84834 = {
63122 @@ -12143,14 +12129,14 @@ static const struct bnx2x_phy phy_84834 = {
63123 .speed_cap_mask = 0,
63124 .req_duplex = 0,
63125 .rsrv = 0,
63126 - .config_init = (config_init_t)bnx2x_848x3_config_init,
63127 - .read_status = (read_status_t)bnx2x_848xx_read_status,
63128 - .link_reset = (link_reset_t)bnx2x_848x3_link_reset,
63129 + .config_init = bnx2x_848x3_config_init,
63130 + .read_status = bnx2x_848xx_read_status,
63131 + .link_reset = bnx2x_848x3_link_reset,
63132 .config_loopback = (config_loopback_t)NULL,
63133 - .format_fw_ver = (format_fw_ver_t)bnx2x_848xx_format_ver,
63134 - .hw_reset = (hw_reset_t)bnx2x_84833_hw_reset_phy,
63135 - .set_link_led = (set_link_led_t)bnx2x_848xx_set_link_led,
63136 - .phy_specific_func = (phy_specific_func_t)bnx2x_848xx_specific_func
63137 + .format_fw_ver = bnx2x_848xx_format_ver,
63138 + .hw_reset = bnx2x_84833_hw_reset_phy,
63139 + .set_link_led = bnx2x_848xx_set_link_led,
63140 + .phy_specific_func = bnx2x_848xx_specific_func
63141 };
63142
63143 static const struct bnx2x_phy phy_84858 = {
63144 @@ -12177,14 +12163,14 @@ static const struct bnx2x_phy phy_84858 = {
63145 .speed_cap_mask = 0,
63146 .req_duplex = 0,
63147 .rsrv = 0,
63148 - .config_init = (config_init_t)bnx2x_848x3_config_init,
63149 - .read_status = (read_status_t)bnx2x_848xx_read_status,
63150 - .link_reset = (link_reset_t)bnx2x_848x3_link_reset,
63151 + .config_init = bnx2x_848x3_config_init,
63152 + .read_status = bnx2x_848xx_read_status,
63153 + .link_reset = bnx2x_848x3_link_reset,
63154 .config_loopback = (config_loopback_t)NULL,
63155 - .format_fw_ver = (format_fw_ver_t)bnx2x_8485x_format_ver,
63156 - .hw_reset = (hw_reset_t)bnx2x_84833_hw_reset_phy,
63157 - .set_link_led = (set_link_led_t)bnx2x_848xx_set_link_led,
63158 - .phy_specific_func = (phy_specific_func_t)bnx2x_848xx_specific_func
63159 + .format_fw_ver = bnx2x_8485x_format_ver,
63160 + .hw_reset = bnx2x_84833_hw_reset_phy,
63161 + .set_link_led = bnx2x_848xx_set_link_led,
63162 + .phy_specific_func = bnx2x_848xx_specific_func
63163 };
63164
63165 static const struct bnx2x_phy phy_54618se = {
63166 @@ -12211,14 +12197,14 @@ static const struct bnx2x_phy phy_54618se = {
63167 .speed_cap_mask = 0,
63168 /* req_duplex = */0,
63169 /* rsrv = */0,
63170 - .config_init = (config_init_t)bnx2x_54618se_config_init,
63171 - .read_status = (read_status_t)bnx2x_54618se_read_status,
63172 - .link_reset = (link_reset_t)bnx2x_54618se_link_reset,
63173 - .config_loopback = (config_loopback_t)bnx2x_54618se_config_loopback,
63174 + .config_init = bnx2x_54618se_config_init,
63175 + .read_status = bnx2x_54618se_read_status,
63176 + .link_reset = bnx2x_54618se_link_reset,
63177 + .config_loopback = bnx2x_54618se_config_loopback,
63178 .format_fw_ver = (format_fw_ver_t)NULL,
63179 .hw_reset = (hw_reset_t)NULL,
63180 - .set_link_led = (set_link_led_t)bnx2x_5461x_set_link_led,
63181 - .phy_specific_func = (phy_specific_func_t)bnx2x_54618se_specific_func
63182 + .set_link_led = bnx2x_5461x_set_link_led,
63183 + .phy_specific_func = bnx2x_54618se_specific_func
63184 };
63185 /*****************************************************************/
63186 /* */
63187 diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.h
63188 index b7d2511..a625bae 100644
63189 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.h
63190 +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.h
63191 @@ -126,7 +126,7 @@ struct link_vars;
63192 struct link_params;
63193 struct bnx2x_phy;
63194
63195 -typedef u8 (*config_init_t)(struct bnx2x_phy *phy, struct link_params *params,
63196 +typedef void (*config_init_t)(struct bnx2x_phy *phy, struct link_params *params,
63197 struct link_vars *vars);
63198 typedef u8 (*read_status_t)(struct bnx2x_phy *phy, struct link_params *params,
63199 struct link_vars *vars);
63200 @@ -134,7 +134,7 @@ typedef void (*link_reset_t)(struct bnx2x_phy *phy,
63201 struct link_params *params);
63202 typedef void (*config_loopback_t)(struct bnx2x_phy *phy,
63203 struct link_params *params);
63204 -typedef u8 (*format_fw_ver_t)(u32 raw, u8 *str, u16 *len);
63205 +typedef int (*format_fw_ver_t)(u32 raw, u8 *str, u16 *len);
63206 typedef void (*hw_reset_t)(struct bnx2x_phy *phy, struct link_params *params);
63207 typedef void (*set_link_led_t)(struct bnx2x_phy *phy,
63208 struct link_params *params, u8 mode);
63209 diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
63210 index fa3386b..ea5074c 100644
63211 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
63212 +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
63213 @@ -14159,7 +14159,7 @@ static int bnx2x_eeh_nic_unload(struct bnx2x *bp)
63214 * this device has been detected.
63215 */
63216 static pci_ers_result_t bnx2x_io_error_detected(struct pci_dev *pdev,
63217 - pci_channel_state_t state)
63218 + enum pci_channel_state state)
63219 {
63220 struct net_device *dev = pci_get_drvdata(pdev);
63221 struct bnx2x *bp = netdev_priv(dev);
63222 diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c
63223 index ff702a7..cb3ae16 100644
63224 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c
63225 +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c
63226 @@ -2576,15 +2576,14 @@ int bnx2x_config_rx_mode(struct bnx2x *bp,
63227 return rc;
63228 }
63229
63230 -void bnx2x_init_rx_mode_obj(struct bnx2x *bp,
63231 - struct bnx2x_rx_mode_obj *o)
63232 +void bnx2x_init_rx_mode_obj(struct bnx2x *bp)
63233 {
63234 if (CHIP_IS_E1x(bp)) {
63235 - o->wait_comp = bnx2x_empty_rx_mode_wait;
63236 - o->config_rx_mode = bnx2x_set_rx_mode_e1x;
63237 + bp->rx_mode_obj.wait_comp = bnx2x_empty_rx_mode_wait;
63238 + bp->rx_mode_obj.config_rx_mode = bnx2x_set_rx_mode_e1x;
63239 } else {
63240 - o->wait_comp = bnx2x_wait_rx_mode_comp_e2;
63241 - o->config_rx_mode = bnx2x_set_rx_mode_e2;
63242 + bp->rx_mode_obj.wait_comp = bnx2x_wait_rx_mode_comp_e2;
63243 + bp->rx_mode_obj.config_rx_mode = bnx2x_set_rx_mode_e2;
63244 }
63245 }
63246
63247 diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h
63248 index 4048fc5..333809f 100644
63249 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h
63250 +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h
63251 @@ -1436,8 +1436,7 @@ int bnx2x_vlan_mac_move(struct bnx2x *bp,
63252
63253 /********************* RX MODE ****************/
63254
63255 -void bnx2x_init_rx_mode_obj(struct bnx2x *bp,
63256 - struct bnx2x_rx_mode_obj *o);
63257 +void bnx2x_init_rx_mode_obj(struct bnx2x *bp);
63258
63259 /**
63260 * bnx2x_config_rx_mode - Send and RX_MODE ramrod according to the provided parameters.
63261 diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
63262 index 228c964..7bbb29da 100644
63263 --- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
63264 +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
63265 @@ -6915,7 +6915,7 @@ init_err_free:
63266 * this device has been detected.
63267 */
63268 static pci_ers_result_t bnxt_io_error_detected(struct pci_dev *pdev,
63269 - pci_channel_state_t state)
63270 + enum pci_channel_state state)
63271 {
63272 struct net_device *netdev = pci_get_drvdata(pdev);
63273 struct bnxt *bp = netdev_priv(netdev);
63274 diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c
63275 index ea967df..bf073dc 100644
63276 --- a/drivers/net/ethernet/broadcom/tg3.c
63277 +++ b/drivers/net/ethernet/broadcom/tg3.c
63278 @@ -18112,7 +18112,7 @@ static void tg3_shutdown(struct pci_dev *pdev)
63279 * this device has been detected.
63280 */
63281 static pci_ers_result_t tg3_io_error_detected(struct pci_dev *pdev,
63282 - pci_channel_state_t state)
63283 + enum pci_channel_state state)
63284 {
63285 struct net_device *netdev = pci_get_drvdata(pdev);
63286 struct tg3 *tp = netdev_priv(netdev);
63287 diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h
63288 index 3b5e98e..52b3916 100644
63289 --- a/drivers/net/ethernet/broadcom/tg3.h
63290 +++ b/drivers/net/ethernet/broadcom/tg3.h
63291 @@ -150,6 +150,7 @@
63292 #define CHIPREV_ID_5750_A0 0x4000
63293 #define CHIPREV_ID_5750_A1 0x4001
63294 #define CHIPREV_ID_5750_A3 0x4003
63295 +#define CHIPREV_ID_5750_C1 0x4201
63296 #define CHIPREV_ID_5750_C2 0x4202
63297 #define CHIPREV_ID_5752_A0_HW 0x5000
63298 #define CHIPREV_ID_5752_A0 0x6000
63299 diff --git a/drivers/net/ethernet/brocade/bna/bfa_cs.h b/drivers/net/ethernet/brocade/bna/bfa_cs.h
63300 index 1d11d66..8f7a3cb 100644
63301 --- a/drivers/net/ethernet/brocade/bna/bfa_cs.h
63302 +++ b/drivers/net/ethernet/brocade/bna/bfa_cs.h
63303 @@ -34,10 +34,19 @@ struct bfa_sm_table {
63304 int state; /*!< state machine encoding */
63305 char *name; /*!< state name for display */
63306 };
63307 -#define BFA_SM(_sm) ((bfa_sm_t)(_sm))
63308 +#define BFA_SM(_sm) (_sm)
63309 +
63310 +#define bfa_sm_set_state(_sm, _state) ((_sm)->sm = (_state))
63311 +#define bfa_sm_cmp_state(_sm, _state) ((_sm)->sm == (_state))
63312
63313 /* State machine with entry actions. */
63314 -typedef void (*bfa_fsm_t)(void *fsm, int event);
63315 +struct bfa_ioc;
63316 +enum ioc_event;
63317 +struct bfa_iocpf;
63318 +enum iocpf_event;
63319 +
63320 +typedef void (*bfa_fsm_ioc_t)(struct bfa_ioc *fsm, enum ioc_event event);
63321 +typedef void (*bfa_fsm_iocpf_t)(struct bfa_iocpf *fsm, enum iocpf_event event);
63322
63323 /* oc - object class eg. bfa_ioc
63324 * st - state, eg. reset
63325 @@ -49,16 +58,37 @@ typedef void (*bfa_fsm_t)(void *fsm, int event);
63326 static void oc ## _sm_ ## st ## _entry(otype * fsm)
63327
63328 #define bfa_fsm_set_state(_fsm, _state) do { \
63329 - (_fsm)->fsm = (bfa_fsm_t)(_state); \
63330 + (_fsm)->fsm = (_state); \
63331 _state ## _entry(_fsm); \
63332 } while (0)
63333
63334 #define bfa_fsm_send_event(_fsm, _event) ((_fsm)->fsm((_fsm), (_event)))
63335 -#define bfa_fsm_cmp_state(_fsm, _state) \
63336 - ((_fsm)->fsm == (bfa_fsm_t)(_state))
63337 +#define bfa_fsm_cmp_state(_fsm, _state) ((_fsm)->fsm == (_state))
63338 +
63339 +/* For converting from state machine function to state encoding. */
63340 +struct iocpf_sm_table {
63341 + bfa_fsm_iocpf_t sm; /*!< state machine function */
63342 + int state; /*!< state machine encoding */
63343 + char *name; /*!< state name for display */
63344 +};
63345 +struct ioc_sm_table {
63346 + bfa_fsm_ioc_t sm; /*!< state machine function */
63347 + int state; /*!< state machine encoding */
63348 + char *name; /*!< state name for display */
63349 +};
63350 +
63351 +static inline int
63352 +iocpf_sm_to_state(const struct iocpf_sm_table *smt, bfa_fsm_iocpf_t sm)
63353 +{
63354 + int i = 0;
63355 +
63356 + while (smt[i].sm && smt[i].sm != sm)
63357 + i++;
63358 + return smt[i].state;
63359 +}
63360
63361 static inline int
63362 -bfa_sm_to_state(const struct bfa_sm_table *smt, bfa_sm_t sm)
63363 +ioc_sm_to_state(const struct ioc_sm_table *smt, bfa_fsm_ioc_t sm)
63364 {
63365 int i = 0;
63366
63367 diff --git a/drivers/net/ethernet/brocade/bna/bfa_ioc.c b/drivers/net/ethernet/brocade/bna/bfa_ioc.c
63368 index 9e59663..3564807 100644
63369 --- a/drivers/net/ethernet/brocade/bna/bfa_ioc.c
63370 +++ b/drivers/net/ethernet/brocade/bna/bfa_ioc.c
63371 @@ -122,7 +122,7 @@ bfa_fsm_state_decl(bfa_ioc, disabling, struct bfa_ioc, enum ioc_event);
63372 bfa_fsm_state_decl(bfa_ioc, disabled, struct bfa_ioc, enum ioc_event);
63373 bfa_fsm_state_decl(bfa_ioc, hwfail, struct bfa_ioc, enum ioc_event);
63374
63375 -static struct bfa_sm_table ioc_sm_table[] = {
63376 +static struct ioc_sm_table ioc_sm_table[] = {
63377 {BFA_SM(bfa_ioc_sm_uninit), BFA_IOC_UNINIT},
63378 {BFA_SM(bfa_ioc_sm_reset), BFA_IOC_RESET},
63379 {BFA_SM(bfa_ioc_sm_enabling), BFA_IOC_ENABLING},
63380 @@ -191,7 +191,7 @@ bfa_fsm_state_decl(bfa_iocpf, disabling_sync, struct bfa_iocpf,
63381 enum iocpf_event);
63382 bfa_fsm_state_decl(bfa_iocpf, disabled, struct bfa_iocpf, enum iocpf_event);
63383
63384 -static struct bfa_sm_table iocpf_sm_table[] = {
63385 +static struct iocpf_sm_table iocpf_sm_table[] = {
63386 {BFA_SM(bfa_iocpf_sm_reset), BFA_IOCPF_RESET},
63387 {BFA_SM(bfa_iocpf_sm_fwcheck), BFA_IOCPF_FWMISMATCH},
63388 {BFA_SM(bfa_iocpf_sm_mismatch), BFA_IOCPF_FWMISMATCH},
63389 @@ -2862,12 +2862,12 @@ static enum bfa_ioc_state
63390 bfa_ioc_get_state(struct bfa_ioc *ioc)
63391 {
63392 enum bfa_iocpf_state iocpf_st;
63393 - enum bfa_ioc_state ioc_st = bfa_sm_to_state(ioc_sm_table, ioc->fsm);
63394 + enum bfa_ioc_state ioc_st = ioc_sm_to_state(ioc_sm_table, ioc->fsm);
63395
63396 if (ioc_st == BFA_IOC_ENABLING ||
63397 ioc_st == BFA_IOC_FAIL || ioc_st == BFA_IOC_INITFAIL) {
63398
63399 - iocpf_st = bfa_sm_to_state(iocpf_sm_table, ioc->iocpf.fsm);
63400 + iocpf_st = iocpf_sm_to_state(iocpf_sm_table, ioc->iocpf.fsm);
63401
63402 switch (iocpf_st) {
63403 case BFA_IOCPF_SEMWAIT:
63404 @@ -2985,7 +2985,7 @@ bfa_nw_iocpf_timeout(struct bfa_ioc *ioc)
63405 {
63406 enum bfa_iocpf_state iocpf_st;
63407
63408 - iocpf_st = bfa_sm_to_state(iocpf_sm_table, ioc->iocpf.fsm);
63409 + iocpf_st = iocpf_sm_to_state(iocpf_sm_table, ioc->iocpf.fsm);
63410
63411 if (iocpf_st == BFA_IOCPF_HWINIT)
63412 bfa_ioc_poll_fwinit(ioc);
63413 diff --git a/drivers/net/ethernet/brocade/bna/bfa_ioc.h b/drivers/net/ethernet/brocade/bna/bfa_ioc.h
63414 index 2c0b4c0..97873eb 100644
63415 --- a/drivers/net/ethernet/brocade/bna/bfa_ioc.h
63416 +++ b/drivers/net/ethernet/brocade/bna/bfa_ioc.h
63417 @@ -156,7 +156,7 @@ struct bfa_ioc_notify {
63418 } while (0)
63419
63420 struct bfa_iocpf {
63421 - bfa_fsm_t fsm;
63422 + bfa_fsm_iocpf_t fsm;
63423 struct bfa_ioc *ioc;
63424 bool fw_mismatch_notified;
63425 bool auto_recover;
63426 @@ -164,7 +164,7 @@ struct bfa_iocpf {
63427 };
63428
63429 struct bfa_ioc {
63430 - bfa_fsm_t fsm;
63431 + bfa_fsm_ioc_t fsm;
63432 struct bfa *bfa;
63433 struct bfa_pcidev pcidev;
63434 struct timer_list ioc_timer;
63435 diff --git a/drivers/net/ethernet/brocade/bna/bfa_msgq.h b/drivers/net/ethernet/brocade/bna/bfa_msgq.h
63436 index 66bc8b5..bf64466 100644
63437 --- a/drivers/net/ethernet/brocade/bna/bfa_msgq.h
63438 +++ b/drivers/net/ethernet/brocade/bna/bfa_msgq.h
63439 @@ -63,8 +63,10 @@ enum bfa_msgq_cmdq_flags {
63440 BFA_MSGQ_CMDQ_F_DB_UPDATE = 1,
63441 };
63442
63443 +enum cmdq_event;
63444 +
63445 struct bfa_msgq_cmdq {
63446 - bfa_fsm_t fsm;
63447 + void (*fsm)(struct bfa_msgq_cmdq *, enum cmdq_event);
63448 enum bfa_msgq_cmdq_flags flags;
63449
63450 u16 producer_index;
63451 @@ -89,8 +91,10 @@ enum bfa_msgq_rspq_flags {
63452
63453 typedef void (*bfa_msgq_mcfunc_t)(void *cbarg, struct bfi_msgq_mhdr *mhdr);
63454
63455 +enum rspq_event;
63456 +
63457 struct bfa_msgq_rspq {
63458 - bfa_fsm_t fsm;
63459 + void (*fsm)(struct bfa_msgq_rspq *, enum rspq_event);
63460 enum bfa_msgq_rspq_flags flags;
63461
63462 u16 producer_index;
63463 diff --git a/drivers/net/ethernet/brocade/bna/bna_enet.c b/drivers/net/ethernet/brocade/bna/bna_enet.c
63464 index 4e5c387..0791dab 100644
63465 --- a/drivers/net/ethernet/brocade/bna/bna_enet.c
63466 +++ b/drivers/net/ethernet/brocade/bna/bna_enet.c
63467 @@ -1265,7 +1265,7 @@ bna_enet_mtu_get(struct bna_enet *enet)
63468 void
63469 bna_enet_enable(struct bna_enet *enet)
63470 {
63471 - if (enet->fsm != (bfa_sm_t)bna_enet_sm_stopped)
63472 + if (enet->fsm != bna_enet_sm_stopped)
63473 return;
63474
63475 enet->flags |= BNA_ENET_F_ENABLED;
63476 @@ -1676,10 +1676,10 @@ bna_cb_ioceth_reset(void *arg)
63477 }
63478
63479 static struct bfa_ioc_cbfn bna_ioceth_cbfn = {
63480 - bna_cb_ioceth_enable,
63481 - bna_cb_ioceth_disable,
63482 - bna_cb_ioceth_hbfail,
63483 - bna_cb_ioceth_reset
63484 + .enable_cbfn = bna_cb_ioceth_enable,
63485 + .disable_cbfn = bna_cb_ioceth_disable,
63486 + .hbfail_cbfn = bna_cb_ioceth_hbfail,
63487 + .reset_cbfn = bna_cb_ioceth_reset
63488 };
63489
63490 static void bna_attr_init(struct bna_ioceth *ioceth)
63491 @@ -1759,12 +1759,12 @@ bna_ioceth_uninit(struct bna_ioceth *ioceth)
63492 void
63493 bna_ioceth_enable(struct bna_ioceth *ioceth)
63494 {
63495 - if (ioceth->fsm == (bfa_fsm_t)bna_ioceth_sm_ready) {
63496 + if (ioceth->fsm == bna_ioceth_sm_ready) {
63497 bnad_cb_ioceth_ready(ioceth->bna->bnad);
63498 return;
63499 }
63500
63501 - if (ioceth->fsm == (bfa_fsm_t)bna_ioceth_sm_stopped)
63502 + if (ioceth->fsm == bna_ioceth_sm_stopped)
63503 bfa_fsm_send_event(ioceth, IOCETH_E_ENABLE);
63504 }
63505
63506 diff --git a/drivers/net/ethernet/brocade/bna/bna_tx_rx.c b/drivers/net/ethernet/brocade/bna/bna_tx_rx.c
63507 index 95bc470..c12be9f 100644
63508 --- a/drivers/net/ethernet/brocade/bna/bna_tx_rx.c
63509 +++ b/drivers/net/ethernet/brocade/bna/bna_tx_rx.c
63510 @@ -1964,7 +1964,7 @@ static void
63511 bna_rx_stop(struct bna_rx *rx)
63512 {
63513 rx->rx_flags &= ~BNA_RX_F_ENET_STARTED;
63514 - if (rx->fsm == (bfa_fsm_t) bna_rx_sm_stopped)
63515 + if (rx->fsm == bna_rx_sm_stopped)
63516 bna_rx_mod_cb_rx_stopped(&rx->bna->rx_mod, rx);
63517 else {
63518 rx->stop_cbfn = bna_rx_mod_cb_rx_stopped;
63519 @@ -2543,7 +2543,7 @@ bna_rx_destroy(struct bna_rx *rx)
63520 void
63521 bna_rx_enable(struct bna_rx *rx)
63522 {
63523 - if (rx->fsm != (bfa_sm_t)bna_rx_sm_stopped)
63524 + if (rx->fsm != bna_rx_sm_stopped)
63525 return;
63526
63527 rx->rx_flags |= BNA_RX_F_ENABLED;
63528 @@ -3531,7 +3531,7 @@ bna_tx_destroy(struct bna_tx *tx)
63529 void
63530 bna_tx_enable(struct bna_tx *tx)
63531 {
63532 - if (tx->fsm != (bfa_sm_t)bna_tx_sm_stopped)
63533 + if (tx->fsm != bna_tx_sm_stopped)
63534 return;
63535
63536 tx->flags |= BNA_TX_F_ENABLED;
63537 diff --git a/drivers/net/ethernet/brocade/bna/bna_types.h b/drivers/net/ethernet/brocade/bna/bna_types.h
63538 index c438d03..4653f43 100644
63539 --- a/drivers/net/ethernet/brocade/bna/bna_types.h
63540 +++ b/drivers/net/ethernet/brocade/bna/bna_types.h
63541 @@ -320,8 +320,10 @@ struct bna_attr {
63542
63543 /* IOCEth */
63544
63545 +enum bna_ioceth_event;
63546 +
63547 struct bna_ioceth {
63548 - bfa_fsm_t fsm;
63549 + void (*fsm)(struct bna_ioceth *, enum bna_ioceth_event);
63550 struct bfa_ioc ioc;
63551
63552 struct bna_attr attr;
63553 @@ -342,8 +344,10 @@ struct bna_pause_config {
63554 enum bna_status rx_pause;
63555 };
63556
63557 +enum bna_enet_event;
63558 +
63559 struct bna_enet {
63560 - bfa_fsm_t fsm;
63561 + void (*fsm)(struct bna_enet *, enum bna_enet_event);
63562 enum bna_enet_flags flags;
63563
63564 enum bna_enet_type type;
63565 @@ -368,8 +372,10 @@ struct bna_enet {
63566
63567 /* Ethport */
63568
63569 +enum bna_ethport_event;
63570 +
63571 struct bna_ethport {
63572 - bfa_fsm_t fsm;
63573 + void (*fsm)(struct bna_ethport *, enum bna_ethport_event);
63574 enum bna_ethport_flags flags;
63575
63576 enum bna_link_status link_status;
63577 @@ -462,13 +468,15 @@ struct bna_txq {
63578 };
63579
63580 /* Tx object */
63581 +enum bna_tx_event;
63582 +
63583 struct bna_tx {
63584 /* This should be the first one */
63585 struct list_head qe;
63586 int rid;
63587 int hw_id;
63588
63589 - bfa_fsm_t fsm;
63590 + void (*fsm)(struct bna_tx *, enum bna_tx_event);
63591 enum bna_tx_flags flags;
63592
63593 enum bna_tx_type type;
63594 @@ -706,8 +714,10 @@ struct bna_rxp {
63595 };
63596
63597 /* RxF structure (hardware Rx Function) */
63598 +enum bna_rxf_event;
63599 +
63600 struct bna_rxf {
63601 - bfa_fsm_t fsm;
63602 + void (*fsm)(struct bna_rxf *, enum bna_rxf_event);
63603
63604 struct bfa_msgq_cmd_entry msgq_cmd;
63605 union {
63606 @@ -777,13 +787,15 @@ struct bna_rxf {
63607 };
63608
63609 /* Rx object */
63610 +enum bna_rx_event;
63611 +
63612 struct bna_rx {
63613 /* This should be the first one */
63614 struct list_head qe;
63615 int rid;
63616 int hw_id;
63617
63618 - bfa_fsm_t fsm;
63619 + void (*fsm)(struct bna_rx *, enum bna_rx_event);
63620
63621 enum bna_rx_type type;
63622
63623 diff --git a/drivers/net/ethernet/brocade/bna/bnad.c b/drivers/net/ethernet/brocade/bna/bnad.c
63624 index 771cc26..c681a90 100644
63625 --- a/drivers/net/ethernet/brocade/bna/bnad.c
63626 +++ b/drivers/net/ethernet/brocade/bna/bnad.c
63627 @@ -1118,8 +1118,9 @@ bnad_cb_tx_resume(struct bnad *bnad, struct bna_tx *tx)
63628 * Free all TxQs buffers and then notify TX_E_CLEANUP_DONE to Tx fsm.
63629 */
63630 static void
63631 -bnad_tx_cleanup(struct delayed_work *work)
63632 +bnad_tx_cleanup(struct work_struct *_work)
63633 {
63634 + struct delayed_work *work = (struct delayed_work *)_work;
63635 struct bnad_tx_info *tx_info =
63636 container_of(work, struct bnad_tx_info, tx_cleanup_work);
63637 struct bnad *bnad = NULL;
63638 @@ -1197,7 +1198,7 @@ bnad_cb_rx_stall(struct bnad *bnad, struct bna_rx *rx)
63639 * Free all RxQs buffers and then notify RX_E_CLEANUP_DONE to Rx fsm.
63640 */
63641 static void
63642 -bnad_rx_cleanup(void *work)
63643 +bnad_rx_cleanup(struct work_struct *work)
63644 {
63645 struct bnad_rx_info *rx_info =
63646 container_of(work, struct bnad_rx_info, rx_cleanup_work);
63647 @@ -2021,8 +2022,7 @@ bnad_setup_tx(struct bnad *bnad, u32 tx_id)
63648 }
63649 tx_info->tx = tx;
63650
63651 - INIT_DELAYED_WORK(&tx_info->tx_cleanup_work,
63652 - (work_func_t)bnad_tx_cleanup);
63653 + INIT_DELAYED_WORK(&tx_info->tx_cleanup_work, bnad_tx_cleanup);
63654
63655 /* Register ISR for the Tx object */
63656 if (intr_info->intr_type == BNA_INTR_T_MSIX) {
63657 @@ -2278,8 +2278,7 @@ bnad_setup_rx(struct bnad *bnad, u32 rx_id)
63658 rx_info->rx = rx;
63659 spin_unlock_irqrestore(&bnad->bna_lock, flags);
63660
63661 - INIT_WORK(&rx_info->rx_cleanup_work,
63662 - (work_func_t)(bnad_rx_cleanup));
63663 + INIT_WORK(&rx_info->rx_cleanup_work, bnad_rx_cleanup);
63664
63665 /*
63666 * Init NAPI, so that state is set to NAPI_STATE_SCHED,
63667 diff --git a/drivers/net/ethernet/cadence/macb.c b/drivers/net/ethernet/cadence/macb.c
63668 index d954a97..2a1c33a 100644
63669 --- a/drivers/net/ethernet/cadence/macb.c
63670 +++ b/drivers/net/ethernet/cadence/macb.c
63671 @@ -1341,7 +1341,7 @@ static inline int macb_clear_csum(struct sk_buff *skb)
63672 return 0;
63673 }
63674
63675 -static int macb_start_xmit(struct sk_buff *skb, struct net_device *dev)
63676 +static netdev_tx_t macb_start_xmit(struct sk_buff *skb, struct net_device *dev)
63677 {
63678 u16 queue_index = skb_get_queue_mapping(skb);
63679 struct macb *bp = netdev_priv(dev);
63680 @@ -2612,7 +2612,7 @@ static int at91ether_close(struct net_device *dev)
63681 }
63682
63683 /* Transmit packet */
63684 -static int at91ether_start_xmit(struct sk_buff *skb, struct net_device *dev)
63685 +static netdev_tx_t at91ether_start_xmit(struct sk_buff *skb, struct net_device *dev)
63686 {
63687 struct macb *lp = netdev_priv(dev);
63688
63689 diff --git a/drivers/net/ethernet/cavium/liquidio/lio_main.c b/drivers/net/ethernet/cavium/liquidio/lio_main.c
63690 index 20d6942..30f86d5 100644
63691 --- a/drivers/net/ethernet/cavium/liquidio/lio_main.c
63692 +++ b/drivers/net/ethernet/cavium/liquidio/lio_main.c
63693 @@ -468,7 +468,7 @@ static void stop_pci_io(struct octeon_device *oct)
63694 * this device has been detected.
63695 */
63696 static pci_ers_result_t liquidio_pcie_error_detected(struct pci_dev *pdev,
63697 - pci_channel_state_t state)
63698 + enum pci_channel_state state)
63699 {
63700 struct octeon_device *oct = pci_get_drvdata(pdev);
63701
63702 @@ -2869,7 +2869,7 @@ static inline int send_nic_timestamp_pkt(struct octeon_device *oct,
63703 * @returns whether the packet was transmitted to the device okay or not
63704 * (NETDEV_TX_OK or NETDEV_TX_BUSY)
63705 */
63706 -static int liquidio_xmit(struct sk_buff *skb, struct net_device *netdev)
63707 +static netdev_tx_t liquidio_xmit(struct sk_buff *skb, struct net_device *netdev)
63708 {
63709 struct lio *lio;
63710 struct octnet_buf_free_info *finfo;
63711 @@ -3371,7 +3371,7 @@ static void liquidio_del_vxlan_port(struct net_device *netdev,
63712 OCTNET_CMD_VXLAN_PORT_DEL);
63713 }
63714
63715 -static struct net_device_ops lionetdevops = {
63716 +static net_device_ops_no_const lionetdevops __read_only = {
63717 .ndo_open = liquidio_open,
63718 .ndo_stop = liquidio_stop,
63719 .ndo_start_xmit = liquidio_xmit,
63720 @@ -3599,8 +3599,11 @@ static int setup_nic_devices(struct octeon_device *octeon_dev)
63721
63722 SET_NETDEV_DEV(netdev, &octeon_dev->pci_dev->dev);
63723
63724 - if (num_iqueues > 1)
63725 + if (num_iqueues > 1) {
63726 + pax_open_kernel();
63727 lionetdevops.ndo_select_queue = select_q;
63728 + pax_close_kernel();
63729 + }
63730
63731 /* Associate the routines that will handle different
63732 * netdev tasks.
63733 diff --git a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c
63734 index 43da891..8fbfb54 100644
63735 --- a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c
63736 +++ b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c
63737 @@ -2997,7 +2997,7 @@ void t3_fatal_err(struct adapter *adapter)
63738 * this device has been detected.
63739 */
63740 static pci_ers_result_t t3_io_error_detected(struct pci_dev *pdev,
63741 - pci_channel_state_t state)
63742 + enum pci_channel_state state)
63743 {
63744 struct adapter *adapter = pci_get_drvdata(pdev);
63745
63746 diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h
63747 index 8cffcdf..aadf043 100644
63748 --- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h
63749 +++ b/drivers/net/ethernet/chelsio/cxgb3/l2t.h
63750 @@ -87,7 +87,7 @@ typedef void (*arp_failure_handler_func)(struct t3cdev * dev,
63751 */
63752 struct l2t_skb_cb {
63753 arp_failure_handler_func arp_failure_handler;
63754 -};
63755 +} __no_const;
63756
63757 #define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb)
63758
63759 diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
63760 index 3ceafb55..c62b970 100644
63761 --- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
63762 +++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
63763 @@ -4194,7 +4194,7 @@ bye:
63764 /* EEH callbacks */
63765
63766 static pci_ers_result_t eeh_err_detected(struct pci_dev *pdev,
63767 - pci_channel_state_t state)
63768 + enum pci_channel_state state)
63769 {
63770 int i;
63771 struct adapter *adap = pci_get_drvdata(pdev);
63772 diff --git a/drivers/net/ethernet/chelsio/cxgb4vf/adapter.h b/drivers/net/ethernet/chelsio/cxgb4vf/adapter.h
63773 index 109bc63..646ff4d 100644
63774 --- a/drivers/net/ethernet/chelsio/cxgb4vf/adapter.h
63775 +++ b/drivers/net/ethernet/chelsio/cxgb4vf/adapter.h
63776 @@ -558,7 +558,7 @@ int t4vf_sge_alloc_eth_txq(struct adapter *, struct sge_eth_txq *,
63777 unsigned int);
63778 void t4vf_free_sge_resources(struct adapter *);
63779
63780 -int t4vf_eth_xmit(struct sk_buff *, struct net_device *);
63781 +netdev_tx_t t4vf_eth_xmit(struct sk_buff *, struct net_device *);
63782 int t4vf_ethrx_handler(struct sge_rspq *, const __be64 *,
63783 const struct pkt_gl *);
63784
63785 diff --git a/drivers/net/ethernet/chelsio/cxgb4vf/sge.c b/drivers/net/ethernet/chelsio/cxgb4vf/sge.c
63786 index c8fd4f8..af708fc 100644
63787 --- a/drivers/net/ethernet/chelsio/cxgb4vf/sge.c
63788 +++ b/drivers/net/ethernet/chelsio/cxgb4vf/sge.c
63789 @@ -1159,7 +1159,7 @@ static inline void txq_advance(struct sge_txq *tq, unsigned int n)
63790 *
63791 * Add a packet to an SGE Ethernet TX queue. Runs with softirqs disabled.
63792 */
63793 -int t4vf_eth_xmit(struct sk_buff *skb, struct net_device *dev)
63794 +netdev_tx_t t4vf_eth_xmit(struct sk_buff *skb, struct net_device *dev)
63795 {
63796 u32 wr_mid;
63797 u64 cntrl, *end;
63798 diff --git a/drivers/net/ethernet/davicom/dm9000.c b/drivers/net/ethernet/davicom/dm9000.c
63799 index f45385f..24f6c11e 100644
63800 --- a/drivers/net/ethernet/davicom/dm9000.c
63801 +++ b/drivers/net/ethernet/davicom/dm9000.c
63802 @@ -1021,7 +1021,7 @@ static void dm9000_send_packet(struct net_device *dev,
63803 * Hardware start transmission.
63804 * Send a packet to media from the upper layer.
63805 */
63806 -static int
63807 +static netdev_tx_t
63808 dm9000_start_xmit(struct sk_buff *skb, struct net_device *dev)
63809 {
63810 unsigned long flags;
63811 diff --git a/drivers/net/ethernet/dec/tulip/de4x5.c b/drivers/net/ethernet/dec/tulip/de4x5.c
63812 index f0e9e2e..442241e 100644
63813 --- a/drivers/net/ethernet/dec/tulip/de4x5.c
63814 +++ b/drivers/net/ethernet/dec/tulip/de4x5.c
63815 @@ -912,7 +912,7 @@ static int de4x5_init(struct net_device *dev);
63816 static int de4x5_sw_reset(struct net_device *dev);
63817 static int de4x5_rx(struct net_device *dev);
63818 static int de4x5_tx(struct net_device *dev);
63819 -static void de4x5_ast(struct net_device *dev);
63820 +static void de4x5_ast(unsigned long _dev);
63821 static int de4x5_txur(struct net_device *dev);
63822 static int de4x5_rx_ovfc(struct net_device *dev);
63823
63824 @@ -1149,7 +1149,7 @@ de4x5_hw_init(struct net_device *dev, u_long iobase, struct device *gendev)
63825 lp->gendev = gendev;
63826 spin_lock_init(&lp->lock);
63827 init_timer(&lp->timer);
63828 - lp->timer.function = (void (*)(unsigned long))de4x5_ast;
63829 + lp->timer.function = de4x5_ast;
63830 lp->timer.data = (unsigned long)dev;
63831 de4x5_parse_params(dev);
63832
63833 @@ -1743,8 +1743,9 @@ de4x5_tx(struct net_device *dev)
63834 }
63835
63836 static void
63837 -de4x5_ast(struct net_device *dev)
63838 +de4x5_ast(unsigned long _dev)
63839 {
63840 + struct net_device *dev = (struct net_device *)_dev;
63841 struct de4x5_private *lp = netdev_priv(dev);
63842 int next_tick = DE4X5_AUTOSENSE_MS;
63843 int dt;
63844 @@ -2371,7 +2372,7 @@ autoconf_media(struct net_device *dev)
63845 lp->media = INIT;
63846 lp->tcount = 0;
63847
63848 - de4x5_ast(dev);
63849 + de4x5_ast((unsigned long)dev);
63850
63851 return lp->media;
63852 }
63853 @@ -5376,7 +5377,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
63854 for (i=0; i<ETH_ALEN; i++) {
63855 tmp.addr[i] = dev->dev_addr[i];
63856 }
63857 - if (copy_to_user(ioc->data, tmp.addr, ioc->len)) return -EFAULT;
63858 + if (ioc->len > sizeof tmp.addr || copy_to_user(ioc->data, tmp.addr, ioc->len)) return -EFAULT;
63859 break;
63860
63861 case DE4X5_SET_HWADDR: /* Set the hardware address */
63862 @@ -5416,7 +5417,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
63863 spin_lock_irqsave(&lp->lock, flags);
63864 memcpy(&statbuf, &lp->pktStats, ioc->len);
63865 spin_unlock_irqrestore(&lp->lock, flags);
63866 - if (copy_to_user(ioc->data, &statbuf, ioc->len))
63867 + if (ioc->len > sizeof statbuf || copy_to_user(ioc->data, &statbuf, ioc->len))
63868 return -EFAULT;
63869 break;
63870 }
63871 diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c
63872 index 874c753..e161da1 100644
63873 --- a/drivers/net/ethernet/emulex/benet/be_main.c
63874 +++ b/drivers/net/ethernet/emulex/benet/be_main.c
63875 @@ -556,7 +556,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val)
63876
63877 if (wrapped)
63878 newacc += 65536;
63879 - ACCESS_ONCE(*acc) = newacc;
63880 + ACCESS_ONCE_RW(*acc) = newacc;
63881 }
63882
63883 static void populate_erx_stats(struct be_adapter *adapter,
63884 @@ -5544,7 +5544,7 @@ static void be_shutdown(struct pci_dev *pdev)
63885 }
63886
63887 static pci_ers_result_t be_eeh_err_detected(struct pci_dev *pdev,
63888 - pci_channel_state_t state)
63889 + enum pci_channel_state state)
63890 {
63891 struct be_adapter *adapter = pci_get_drvdata(pdev);
63892
63893 diff --git a/drivers/net/ethernet/faraday/ftgmac100.c b/drivers/net/ethernet/faraday/ftgmac100.c
63894 index 36361f8..b3b5f9f 100644
63895 --- a/drivers/net/ethernet/faraday/ftgmac100.c
63896 +++ b/drivers/net/ethernet/faraday/ftgmac100.c
63897 @@ -26,6 +26,7 @@
63898 #include <linux/ethtool.h>
63899 #include <linux/interrupt.h>
63900 #include <linux/io.h>
63901 +#include <linux/irqreturn.h>
63902 #include <linux/module.h>
63903 #include <linux/netdevice.h>
63904 #include <linux/phy.h>
63905 @@ -1174,7 +1175,7 @@ static int ftgmac100_stop(struct net_device *netdev)
63906 return 0;
63907 }
63908
63909 -static int ftgmac100_hard_start_xmit(struct sk_buff *skb,
63910 +static netdev_tx_t ftgmac100_hard_start_xmit(struct sk_buff *skb,
63911 struct net_device *netdev)
63912 {
63913 struct ftgmac100 *priv = netdev_priv(netdev);
63914 diff --git a/drivers/net/ethernet/faraday/ftmac100.c b/drivers/net/ethernet/faraday/ftmac100.c
63915 index dce5f7b..222e709 100644
63916 --- a/drivers/net/ethernet/faraday/ftmac100.c
63917 +++ b/drivers/net/ethernet/faraday/ftmac100.c
63918 @@ -31,6 +31,8 @@
63919 #include <linux/module.h>
63920 #include <linux/netdevice.h>
63921 #include <linux/platform_device.h>
63922 +#include <linux/interrupt.h>
63923 +#include <linux/irqreturn.h>
63924
63925 #include "ftmac100.h"
63926
63927 @@ -1009,7 +1011,7 @@ static int ftmac100_stop(struct net_device *netdev)
63928 return 0;
63929 }
63930
63931 -static int ftmac100_hard_start_xmit(struct sk_buff *skb, struct net_device *netdev)
63932 +static netdev_tx_t ftmac100_hard_start_xmit(struct sk_buff *skb, struct net_device *netdev)
63933 {
63934 struct ftmac100 *priv = netdev_priv(netdev);
63935 dma_addr_t map;
63936 diff --git a/drivers/net/ethernet/freescale/fec_mpc52xx.c b/drivers/net/ethernet/freescale/fec_mpc52xx.c
63937 index 446ae9d..79d1d75 100644
63938 --- a/drivers/net/ethernet/freescale/fec_mpc52xx.c
63939 +++ b/drivers/net/ethernet/freescale/fec_mpc52xx.c
63940 @@ -305,7 +305,7 @@ static int mpc52xx_fec_close(struct net_device *dev)
63941 * invariant will hold if you make sure that the netif_*_queue()
63942 * calls are done at the proper times.
63943 */
63944 -static int mpc52xx_fec_start_xmit(struct sk_buff *skb, struct net_device *dev)
63945 +static netdev_tx_t mpc52xx_fec_start_xmit(struct sk_buff *skb, struct net_device *dev)
63946 {
63947 struct mpc52xx_fec_priv *priv = netdev_priv(dev);
63948 struct bcom_fec_bd *bd;
63949 diff --git a/drivers/net/ethernet/freescale/fs_enet/fs_enet-main.c b/drivers/net/ethernet/freescale/fs_enet/fs_enet-main.c
63950 index 61fd486..06047eb 100644
63951 --- a/drivers/net/ethernet/freescale/fs_enet/fs_enet-main.c
63952 +++ b/drivers/net/ethernet/freescale/fs_enet/fs_enet-main.c
63953 @@ -509,7 +509,7 @@ static struct sk_buff *tx_skb_align_workaround(struct net_device *dev,
63954 }
63955 #endif
63956
63957 -static int fs_enet_start_xmit(struct sk_buff *skb, struct net_device *dev)
63958 +static netdev_tx_t fs_enet_start_xmit(struct sk_buff *skb, struct net_device *dev)
63959 {
63960 struct fs_enet_private *fep = netdev_priv(dev);
63961 cbd_t __iomem *bdp;
63962 diff --git a/drivers/net/ethernet/freescale/gianfar.c b/drivers/net/ethernet/freescale/gianfar.c
63963 index 4b4f5bc..23b3b00 100644
63964 --- a/drivers/net/ethernet/freescale/gianfar.c
63965 +++ b/drivers/net/ethernet/freescale/gianfar.c
63966 @@ -112,7 +112,7 @@
63967 const char gfar_driver_version[] = "2.0";
63968
63969 static int gfar_enet_open(struct net_device *dev);
63970 -static int gfar_start_xmit(struct sk_buff *skb, struct net_device *dev);
63971 +static netdev_tx_t gfar_start_xmit(struct sk_buff *skb, struct net_device *dev);
63972 static void gfar_reset_task(struct work_struct *work);
63973 static void gfar_timeout(struct net_device *dev);
63974 static int gfar_close(struct net_device *dev);
63975 @@ -2316,7 +2316,7 @@ static inline bool gfar_csum_errata_76(struct gfar_private *priv,
63976 /* This is called by the kernel when a frame is ready for transmission.
63977 * It is pointed to by the dev->hard_start_xmit function pointer
63978 */
63979 -static int gfar_start_xmit(struct sk_buff *skb, struct net_device *dev)
63980 +static netdev_tx_t gfar_start_xmit(struct sk_buff *skb, struct net_device *dev)
63981 {
63982 struct gfar_private *priv = netdev_priv(dev);
63983 struct gfar_priv_tx_q *tx_queue = NULL;
63984 diff --git a/drivers/net/ethernet/freescale/ucc_geth.c b/drivers/net/ethernet/freescale/ucc_geth.c
63985 index 5bf1ade..4e74666 100644
63986 --- a/drivers/net/ethernet/freescale/ucc_geth.c
63987 +++ b/drivers/net/ethernet/freescale/ucc_geth.c
63988 @@ -3085,7 +3085,7 @@ static int ucc_geth_startup(struct ucc_geth_private *ugeth)
63989
63990 /* This is called by the kernel when a frame is ready for transmission. */
63991 /* It is pointed to by the dev->hard_start_xmit function pointer */
63992 -static int ucc_geth_start_xmit(struct sk_buff *skb, struct net_device *dev)
63993 +static netdev_tx_t ucc_geth_start_xmit(struct sk_buff *skb, struct net_device *dev)
63994 {
63995 struct ucc_geth_private *ugeth = netdev_priv(dev);
63996 #ifdef CONFIG_UGETH_TX_ON_DEMAND
63997 diff --git a/drivers/net/ethernet/hisilicon/hip04_eth.c b/drivers/net/ethernet/hisilicon/hip04_eth.c
63998 index 0c4afe9..d888314 100644
63999 --- a/drivers/net/ethernet/hisilicon/hip04_eth.c
64000 +++ b/drivers/net/ethernet/hisilicon/hip04_eth.c
64001 @@ -422,7 +422,7 @@ static void hip04_start_tx_timer(struct hip04_priv *priv)
64002 ns, HRTIMER_MODE_REL);
64003 }
64004
64005 -static int hip04_mac_start_xmit(struct sk_buff *skb, struct net_device *ndev)
64006 +static netdev_tx_t hip04_mac_start_xmit(struct sk_buff *skb, struct net_device *ndev)
64007 {
64008 struct hip04_priv *priv = netdev_priv(ndev);
64009 struct net_device_stats *stats = &ndev->stats;
64010 diff --git a/drivers/net/ethernet/hisilicon/hix5hd2_gmac.c b/drivers/net/ethernet/hisilicon/hix5hd2_gmac.c
64011 index 275618b..abd1703 100644
64012 --- a/drivers/net/ethernet/hisilicon/hix5hd2_gmac.c
64013 +++ b/drivers/net/ethernet/hisilicon/hix5hd2_gmac.c
64014 @@ -600,7 +600,7 @@ static irqreturn_t hix5hd2_interrupt(int irq, void *dev_id)
64015 return IRQ_HANDLED;
64016 }
64017
64018 -static int hix5hd2_net_xmit(struct sk_buff *skb, struct net_device *dev)
64019 +static netdev_tx_t hix5hd2_net_xmit(struct sk_buff *skb, struct net_device *dev)
64020 {
64021 struct hix5hd2_priv *priv = netdev_priv(dev);
64022 struct hix5hd2_desc *desc;
64023 diff --git a/drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c b/drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c
64024 index e28d960..6168a00 100644
64025 --- a/drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c
64026 +++ b/drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c
64027 @@ -844,16 +844,18 @@ int hns_dsaf_ae_init(struct dsaf_device *dsaf_dev)
64028 struct hnae_ae_dev *ae_dev = &dsaf_dev->ae_dev;
64029 static atomic_t id = ATOMIC_INIT(-1);
64030
64031 + pax_open_kernel();
64032 switch (dsaf_dev->dsaf_ver) {
64033 case AE_VERSION_1:
64034 - hns_dsaf_ops.toggle_ring_irq = hns_ae_toggle_ring_irq;
64035 + const_cast(hns_dsaf_ops.toggle_ring_irq) = hns_ae_toggle_ring_irq;
64036 break;
64037 case AE_VERSION_2:
64038 - hns_dsaf_ops.toggle_ring_irq = hns_aev2_toggle_ring_irq;
64039 + const_cast(hns_dsaf_ops.toggle_ring_irq) = hns_aev2_toggle_ring_irq;
64040 break;
64041 default:
64042 break;
64043 }
64044 + pax_close_kernel();
64045
64046 snprintf(ae_dev->name, AE_NAME_SIZE, "%s%d", DSAF_DEVICE_NAME,
64047 (int)atomic_inc_return(&id));
64048 diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h
64049 index 1daf018..2548233 100644
64050 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h
64051 +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.h
64052 @@ -318,7 +318,7 @@ struct dsaf_device {
64053 struct ppe_common_cb *ppe_common[DSAF_COMM_DEV_NUM];
64054 struct rcb_common_cb *rcb_common[DSAF_COMM_DEV_NUM];
64055 struct hns_mac_cb *mac_cb[DSAF_MAX_PORT_NUM];
64056 - struct dsaf_misc_op *misc_op;
64057 + const struct dsaf_misc_op *misc_op;
64058
64059 struct dsaf_hw_stats hw_stats[DSAF_NODE_NUM];
64060 struct dsaf_int_stat int_stat;
64061 diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_misc.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_misc.c
64062 index 611b67b..63ecdd4 100644
64063 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_misc.c
64064 +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_misc.c
64065 @@ -522,48 +522,46 @@ hns_mac_config_sds_loopback_acpi(struct hns_mac_cb *mac_cb, bool en)
64066
64067 struct dsaf_misc_op *hns_misc_op_get(struct dsaf_device *dsaf_dev)
64068 {
64069 - struct dsaf_misc_op *misc_op;
64070 -
64071 - misc_op = devm_kzalloc(dsaf_dev->dev, sizeof(*misc_op), GFP_KERNEL);
64072 - if (!misc_op)
64073 - return NULL;
64074 -
64075 - if (dev_of_node(dsaf_dev->dev)) {
64076 - misc_op->cpld_set_led = hns_cpld_set_led;
64077 - misc_op->cpld_reset_led = cpld_led_reset;
64078 - misc_op->cpld_set_led_id = cpld_set_led_id;
64079 -
64080 - misc_op->dsaf_reset = hns_dsaf_rst;
64081 - misc_op->xge_srst = hns_dsaf_xge_srst_by_port;
64082 - misc_op->xge_core_srst = hns_dsaf_xge_core_srst_by_port;
64083 - misc_op->ge_srst = hns_dsaf_ge_srst_by_port;
64084 - misc_op->ppe_srst = hns_ppe_srst_by_port;
64085 - misc_op->ppe_comm_srst = hns_ppe_com_srst;
64086 -
64087 - misc_op->get_phy_if = hns_mac_get_phy_if;
64088 - misc_op->get_sfp_prsnt = hns_mac_get_sfp_prsnt;
64089 -
64090 - misc_op->cfg_serdes_loopback = hns_mac_config_sds_loopback;
64091 - } else if (is_acpi_node(dsaf_dev->dev->fwnode)) {
64092 - misc_op->cpld_set_led = hns_cpld_set_led;
64093 - misc_op->cpld_reset_led = cpld_led_reset;
64094 - misc_op->cpld_set_led_id = cpld_set_led_id;
64095 -
64096 - misc_op->dsaf_reset = hns_dsaf_rst_acpi;
64097 - misc_op->xge_srst = hns_dsaf_xge_srst_by_port_acpi;
64098 - misc_op->xge_core_srst = hns_dsaf_xge_core_srst_by_port_acpi;
64099 - misc_op->ge_srst = hns_dsaf_ge_srst_by_port_acpi;
64100 - misc_op->ppe_srst = hns_ppe_srst_by_port_acpi;
64101 - misc_op->ppe_comm_srst = hns_ppe_com_srst;
64102 -
64103 - misc_op->get_phy_if = hns_mac_get_phy_if_acpi;
64104 - misc_op->get_sfp_prsnt = hns_mac_get_sfp_prsnt;
64105 -
64106 - misc_op->cfg_serdes_loopback = hns_mac_config_sds_loopback_acpi;
64107 - } else {
64108 - devm_kfree(dsaf_dev->dev, (void *)misc_op);
64109 - misc_op = NULL;
64110 - }
64111 -
64112 - return (void *)misc_op;
64113 + static const struct dsaf_misc_op dsaf_misc_ops = {
64114 + .cpld_set_led = hns_cpld_set_led,
64115 + .cpld_reset_led = cpld_led_reset,
64116 + .cpld_set_led_id = cpld_set_led_id,
64117 +
64118 + .dsaf_reset = hns_dsaf_rst,
64119 + .xge_srst = hns_dsaf_xge_srst_by_port,
64120 + .xge_core_srst = hns_dsaf_xge_core_srst_by_port,
64121 + .ge_srst = hns_dsaf_ge_srst_by_port,
64122 + .ppe_srst = hns_ppe_srst_by_port,
64123 + .ppe_comm_srst = hns_ppe_com_srst,
64124 +
64125 + .get_phy_if = hns_mac_get_phy_if,
64126 + .get_sfp_prsnt = hns_mac_get_sfp_prsnt,
64127 +
64128 + .cfg_serdes_loopback = hns_mac_config_sds_loopback,
64129 + };
64130 +
64131 + static const struct dsaf_misc_op dsaf_misc_ops_acpi = {
64132 + .cpld_set_led = hns_cpld_set_led,
64133 + .cpld_reset_led = cpld_led_reset,
64134 + .cpld_set_led_id = cpld_set_led_id,
64135 +
64136 + .dsaf_reset = hns_dsaf_rst_acpi,
64137 + .xge_srst = hns_dsaf_xge_srst_by_port_acpi,
64138 + .xge_core_srst = hns_dsaf_xge_core_srst_by_port_acpi,
64139 + .ge_srst = hns_dsaf_ge_srst_by_port_acpi,
64140 + .ppe_srst = hns_ppe_srst_by_port_acpi,
64141 + .ppe_comm_srst = hns_ppe_com_srst,
64142 +
64143 + .get_phy_if = hns_mac_get_phy_if_acpi,
64144 + .get_sfp_prsnt = hns_mac_get_sfp_prsnt,
64145 +
64146 + .cfg_serdes_loopback = hns_mac_config_sds_loopback_acpi,
64147 + };
64148 +
64149 + if (dev_of_node(dsaf_dev->dev))
64150 + return &dsaf_misc_ops;
64151 + else if (is_acpi_node(dsaf_dev->dev->fwnode))
64152 + return &dsaf_misc_ops_acpi;
64153 +
64154 + return NULL;
64155 }
64156 diff --git a/drivers/net/ethernet/i825xx/lib82596.c b/drivers/net/ethernet/i825xx/lib82596.c
64157 index 3dbc53c2..fa08fb8 100644
64158 --- a/drivers/net/ethernet/i825xx/lib82596.c
64159 +++ b/drivers/net/ethernet/i825xx/lib82596.c
64160 @@ -347,7 +347,7 @@ static const char init_setup[] =
64161 0x7f /* *multi IA */ };
64162
64163 static int i596_open(struct net_device *dev);
64164 -static int i596_start_xmit(struct sk_buff *skb, struct net_device *dev);
64165 +static netdev_tx_t i596_start_xmit(struct sk_buff *skb, struct net_device *dev);
64166 static irqreturn_t i596_interrupt(int irq, void *dev_id);
64167 static int i596_close(struct net_device *dev);
64168 static void i596_add_cmd(struct net_device *dev, struct i596_cmd *cmd);
64169 @@ -965,7 +965,7 @@ static void i596_tx_timeout (struct net_device *dev)
64170 }
64171
64172
64173 -static int i596_start_xmit(struct sk_buff *skb, struct net_device *dev)
64174 +static netdev_tx_t i596_start_xmit(struct sk_buff *skb, struct net_device *dev)
64175 {
64176 struct i596_private *lp = netdev_priv(dev);
64177 struct tx_cmd *tx_cmd;
64178 diff --git a/drivers/net/ethernet/ibm/ehea/ehea_main.c b/drivers/net/ethernet/ibm/ehea/ehea_main.c
64179 index 54efa9a..0d297bd 100644
64180 --- a/drivers/net/ethernet/ibm/ehea/ehea_main.c
64181 +++ b/drivers/net/ethernet/ibm/ehea/ehea_main.c
64182 @@ -2047,7 +2047,7 @@ static void ehea_xmit3(struct sk_buff *skb, struct net_device *dev,
64183 dev_consume_skb_any(skb);
64184 }
64185
64186 -static int ehea_start_xmit(struct sk_buff *skb, struct net_device *dev)
64187 +static netdev_tx_t ehea_start_xmit(struct sk_buff *skb, struct net_device *dev)
64188 {
64189 struct ehea_port *port = netdev_priv(dev);
64190 struct ehea_swqe *swqe;
64191 diff --git a/drivers/net/ethernet/ibm/emac/core.c b/drivers/net/ethernet/ibm/emac/core.c
64192 index 7af09cb..010411a 100644
64193 --- a/drivers/net/ethernet/ibm/emac/core.c
64194 +++ b/drivers/net/ethernet/ibm/emac/core.c
64195 @@ -1415,7 +1415,7 @@ static inline int emac_xmit_finish(struct emac_instance *dev, int len)
64196 }
64197
64198 /* Tx lock BH */
64199 -static int emac_start_xmit(struct sk_buff *skb, struct net_device *ndev)
64200 +static netdev_tx_t emac_start_xmit(struct sk_buff *skb, struct net_device *ndev)
64201 {
64202 struct emac_instance *dev = netdev_priv(ndev);
64203 unsigned int len = skb->len;
64204 @@ -1473,7 +1473,7 @@ static inline int emac_xmit_split(struct emac_instance *dev, int slot,
64205 }
64206
64207 /* Tx lock BH disabled (SG version for TAH equipped EMACs) */
64208 -static int emac_start_xmit_sg(struct sk_buff *skb, struct net_device *ndev)
64209 +static netdev_tx_t emac_start_xmit_sg(struct sk_buff *skb, struct net_device *ndev)
64210 {
64211 struct emac_instance *dev = netdev_priv(ndev);
64212 int nr_frags = skb_shinfo(skb)->nr_frags;
64213 diff --git a/drivers/net/ethernet/intel/e100.c b/drivers/net/ethernet/intel/e100.c
64214 index 068789e..f4928f0 100644
64215 --- a/drivers/net/ethernet/intel/e100.c
64216 +++ b/drivers/net/ethernet/intel/e100.c
64217 @@ -3106,7 +3106,7 @@ static void e100_shutdown(struct pci_dev *pdev)
64218 * @pdev: Pointer to PCI device
64219 * @state: The current pci connection state
64220 */
64221 -static pci_ers_result_t e100_io_error_detected(struct pci_dev *pdev, pci_channel_state_t state)
64222 +static pci_ers_result_t e100_io_error_detected(struct pci_dev *pdev, enum pci_channel_state state)
64223 {
64224 struct net_device *netdev = pci_get_drvdata(pdev);
64225 struct nic *nic = netdev_priv(netdev);
64226 diff --git a/drivers/net/ethernet/intel/e1000/e1000_main.c b/drivers/net/ethernet/intel/e1000/e1000_main.c
64227 index f42129d..d2e3932 100644
64228 --- a/drivers/net/ethernet/intel/e1000/e1000_main.c
64229 +++ b/drivers/net/ethernet/intel/e1000/e1000_main.c
64230 @@ -5272,7 +5272,7 @@ static void e1000_netpoll(struct net_device *netdev)
64231 * this device has been detected.
64232 */
64233 static pci_ers_result_t e1000_io_error_detected(struct pci_dev *pdev,
64234 - pci_channel_state_t state)
64235 + enum pci_channel_state state)
64236 {
64237 struct net_device *netdev = pci_get_drvdata(pdev);
64238 struct e1000_adapter *adapter = netdev_priv(netdev);
64239 diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c
64240 index 7017281..6bbf47e 100644
64241 --- a/drivers/net/ethernet/intel/e1000e/netdev.c
64242 +++ b/drivers/net/ethernet/intel/e1000e/netdev.c
64243 @@ -6784,7 +6784,7 @@ static void e1000_netpoll(struct net_device *netdev)
64244 * this device has been detected.
64245 */
64246 static pci_ers_result_t e1000_io_error_detected(struct pci_dev *pdev,
64247 - pci_channel_state_t state)
64248 + enum pci_channel_state state)
64249 {
64250 struct net_device *netdev = pci_get_drvdata(pdev);
64251 struct e1000_adapter *adapter = netdev_priv(netdev);
64252 diff --git a/drivers/net/ethernet/intel/fm10k/fm10k_pci.c b/drivers/net/ethernet/intel/fm10k/fm10k_pci.c
64253 index 774a565..38b03e2 100644
64254 --- a/drivers/net/ethernet/intel/fm10k/fm10k_pci.c
64255 +++ b/drivers/net/ethernet/intel/fm10k/fm10k_pci.c
64256 @@ -2249,7 +2249,7 @@ static int fm10k_suspend(struct pci_dev *pdev,
64257 * this device has been detected.
64258 */
64259 static pci_ers_result_t fm10k_io_error_detected(struct pci_dev *pdev,
64260 - pci_channel_state_t state)
64261 + enum pci_channel_state state)
64262 {
64263 struct fm10k_intfc *interface = pci_get_drvdata(pdev);
64264 struct net_device *netdev = interface->netdev;
64265 diff --git a/drivers/net/ethernet/intel/i40e/i40e_ptp.c b/drivers/net/ethernet/intel/i40e/i40e_ptp.c
64266 index ed39cba..76569b9 100644
64267 --- a/drivers/net/ethernet/intel/i40e/i40e_ptp.c
64268 +++ b/drivers/net/ethernet/intel/i40e/i40e_ptp.c
64269 @@ -417,7 +417,7 @@ void i40e_ptp_set_increment(struct i40e_pf *pf)
64270 wr32(hw, I40E_PRTTSYN_INC_H, incval >> 32);
64271
64272 /* Update the base adjustement value. */
64273 - ACCESS_ONCE(pf->ptp_base_adj) = incval;
64274 + ACCESS_ONCE_RW(pf->ptp_base_adj) = incval;
64275 smp_mb(); /* Force the above update. */
64276 }
64277
64278 diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
64279 index 942a89f..5ca83a9 100644
64280 --- a/drivers/net/ethernet/intel/igb/igb_main.c
64281 +++ b/drivers/net/ethernet/intel/igb/igb_main.c
64282 @@ -7809,7 +7809,7 @@ static void igb_netpoll(struct net_device *netdev)
64283 * this device has been detected.
64284 **/
64285 static pci_ers_result_t igb_io_error_detected(struct pci_dev *pdev,
64286 - pci_channel_state_t state)
64287 + enum pci_channel_state state)
64288 {
64289 struct net_device *netdev = pci_get_drvdata(pdev);
64290 struct igb_adapter *adapter = netdev_priv(netdev);
64291 diff --git a/drivers/net/ethernet/intel/igbvf/netdev.c b/drivers/net/ethernet/intel/igbvf/netdev.c
64292 index b0778ba..ed4357a 100644
64293 --- a/drivers/net/ethernet/intel/igbvf/netdev.c
64294 +++ b/drivers/net/ethernet/intel/igbvf/netdev.c
64295 @@ -2511,7 +2511,7 @@ static void igbvf_netpoll(struct net_device *netdev)
64296 * this device has been detected.
64297 */
64298 static pci_ers_result_t igbvf_io_error_detected(struct pci_dev *pdev,
64299 - pci_channel_state_t state)
64300 + enum pci_channel_state state)
64301 {
64302 struct net_device *netdev = pci_get_drvdata(pdev);
64303 struct igbvf_adapter *adapter = netdev_priv(netdev);
64304 diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
64305 index b4f0374..e174bd7 100644
64306 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
64307 +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
64308 @@ -9846,7 +9846,7 @@ static void ixgbe_remove(struct pci_dev *pdev)
64309 * this device has been detected.
64310 */
64311 static pci_ers_result_t ixgbe_io_error_detected(struct pci_dev *pdev,
64312 - pci_channel_state_t state)
64313 + enum pci_channel_state state)
64314 {
64315 struct ixgbe_adapter *adapter = pci_get_drvdata(pdev);
64316 struct net_device *netdev = adapter->netdev;
64317 diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c
64318 index e5431bf..1db690e 100644
64319 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c
64320 +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c
64321 @@ -1122,7 +1122,7 @@ void ixgbe_ptp_start_cyclecounter(struct ixgbe_adapter *adapter)
64322 }
64323
64324 /* update the base incval used to calculate frequency adjustment */
64325 - ACCESS_ONCE(adapter->base_incval) = incval;
64326 + ACCESS_ONCE_RW(adapter->base_incval) = incval;
64327 smp_mb();
64328
64329 /* need lock to prevent incorrect read while modifying cyclecounter */
64330 diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
64331 index d9d6616..3331f28 100644
64332 --- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
64333 +++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
64334 @@ -3622,7 +3622,7 @@ static int ixgbevf_maybe_stop_tx(struct ixgbevf_ring *tx_ring, int size)
64335 return __ixgbevf_maybe_stop_tx(tx_ring, size);
64336 }
64337
64338 -static int ixgbevf_xmit_frame(struct sk_buff *skb, struct net_device *netdev)
64339 +static netdev_tx_t ixgbevf_xmit_frame(struct sk_buff *skb, struct net_device *netdev)
64340 {
64341 struct ixgbevf_adapter *adapter = netdev_priv(netdev);
64342 struct ixgbevf_tx_buffer *first;
64343 @@ -4212,7 +4212,7 @@ static void ixgbevf_remove(struct pci_dev *pdev)
64344 * this device has been detected.
64345 **/
64346 static pci_ers_result_t ixgbevf_io_error_detected(struct pci_dev *pdev,
64347 - pci_channel_state_t state)
64348 + enum pci_channel_state state)
64349 {
64350 struct net_device *netdev = pci_get_drvdata(pdev);
64351 struct ixgbevf_adapter *adapter = netdev_priv(netdev);
64352 diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c
64353 index d41c28d..ef80211 100644
64354 --- a/drivers/net/ethernet/marvell/mvneta.c
64355 +++ b/drivers/net/ethernet/marvell/mvneta.c
64356 @@ -2290,7 +2290,7 @@ error:
64357 }
64358
64359 /* Main tx processing */
64360 -static int mvneta_tx(struct sk_buff *skb, struct net_device *dev)
64361 +static netdev_tx_t mvneta_tx(struct sk_buff *skb, struct net_device *dev)
64362 {
64363 struct mvneta_port *pp = netdev_priv(dev);
64364 u16 txq_id = skb_get_queue_mapping(skb);
64365 diff --git a/drivers/net/ethernet/marvell/mvpp2.c b/drivers/net/ethernet/marvell/mvpp2.c
64366 index 60227a3..160ba02 100644
64367 --- a/drivers/net/ethernet/marvell/mvpp2.c
64368 +++ b/drivers/net/ethernet/marvell/mvpp2.c
64369 @@ -5236,7 +5236,7 @@ error:
64370 }
64371
64372 /* Main tx processing */
64373 -static int mvpp2_tx(struct sk_buff *skb, struct net_device *dev)
64374 +static netdev_tx_t mvpp2_tx(struct sk_buff *skb, struct net_device *dev)
64375 {
64376 struct mvpp2_port *port = netdev_priv(dev);
64377 struct mvpp2_tx_queue *txq, *aggr_txq;
64378 diff --git a/drivers/net/ethernet/marvell/pxa168_eth.c b/drivers/net/ethernet/marvell/pxa168_eth.c
64379 index 5d5000c..7437949f 100644
64380 --- a/drivers/net/ethernet/marvell/pxa168_eth.c
64381 +++ b/drivers/net/ethernet/marvell/pxa168_eth.c
64382 @@ -1271,7 +1271,7 @@ static int pxa168_rx_poll(struct napi_struct *napi, int budget)
64383 return work_done;
64384 }
64385
64386 -static int pxa168_eth_start_xmit(struct sk_buff *skb, struct net_device *dev)
64387 +static netdev_tx_t pxa168_eth_start_xmit(struct sk_buff *skb, struct net_device *dev)
64388 {
64389 struct pxa168_eth_private *pep = netdev_priv(dev);
64390 struct net_device_stats *stats = &dev->stats;
64391 diff --git a/drivers/net/ethernet/mellanox/mlx4/en_tx.c b/drivers/net/ethernet/mellanox/mlx4/en_tx.c
64392 index e2509bb..8357fef 100644
64393 --- a/drivers/net/ethernet/mellanox/mlx4/en_tx.c
64394 +++ b/drivers/net/ethernet/mellanox/mlx4/en_tx.c
64395 @@ -495,8 +495,8 @@ static bool mlx4_en_process_tx_cq(struct net_device *dev,
64396 wmb();
64397
64398 /* we want to dirty this cache line once */
64399 - ACCESS_ONCE(ring->last_nr_txbb) = last_nr_txbb;
64400 - ACCESS_ONCE(ring->cons) = ring_cons + txbbs_skipped;
64401 + ACCESS_ONCE_RW(ring->last_nr_txbb) = last_nr_txbb;
64402 + ACCESS_ONCE_RW(ring->cons) = ring_cons + txbbs_skipped;
64403
64404 if (ring->free_tx_desc == mlx4_en_recycle_tx_desc)
64405 return done < budget;
64406 diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c
64407 index 7183ac4..691c517 100644
64408 --- a/drivers/net/ethernet/mellanox/mlx4/main.c
64409 +++ b/drivers/net/ethernet/mellanox/mlx4/main.c
64410 @@ -4061,7 +4061,7 @@ static const struct pci_device_id mlx4_pci_table[] = {
64411 MODULE_DEVICE_TABLE(pci, mlx4_pci_table);
64412
64413 static pci_ers_result_t mlx4_pci_err_detected(struct pci_dev *pdev,
64414 - pci_channel_state_t state)
64415 + enum pci_channel_state state)
64416 {
64417 struct mlx4_dev_persistent *persist = pci_get_drvdata(pdev);
64418
64419 diff --git a/drivers/net/ethernet/mellanox/mlx5/core/main.c b/drivers/net/ethernet/mellanox/mlx5/core/main.c
64420 index 2385bae..5413c50 100644
64421 --- a/drivers/net/ethernet/mellanox/mlx5/core/main.c
64422 +++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c
64423 @@ -1412,7 +1412,7 @@ static void remove_one(struct pci_dev *pdev)
64424 }
64425
64426 static pci_ers_result_t mlx5_pci_err_detected(struct pci_dev *pdev,
64427 - pci_channel_state_t state)
64428 + enum pci_channel_state state)
64429 {
64430 struct mlx5_core_dev *dev = pci_get_drvdata(pdev);
64431 struct mlx5_priv *priv = &dev->priv;
64432 diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c
64433 index d48873b..426f12e 100644
64434 --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c
64435 +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c
64436 @@ -4533,16 +4533,16 @@ static int mlxsw_sp_netdevice_event(struct notifier_block *unused,
64437 return notifier_from_errno(err);
64438 }
64439
64440 -static struct notifier_block mlxsw_sp_netdevice_nb __read_mostly = {
64441 +static struct notifier_block mlxsw_sp_netdevice_nb = {
64442 .notifier_call = mlxsw_sp_netdevice_event,
64443 };
64444
64445 -static struct notifier_block mlxsw_sp_inetaddr_nb __read_mostly = {
64446 +static struct notifier_block mlxsw_sp_inetaddr_nb = {
64447 .notifier_call = mlxsw_sp_inetaddr_event,
64448 .priority = 10, /* Must be called before FIB notifier block */
64449 };
64450
64451 -static struct notifier_block mlxsw_sp_router_netevent_nb __read_mostly = {
64452 +static struct notifier_block mlxsw_sp_router_netevent_nb = {
64453 .notifier_call = mlxsw_sp_router_netevent_event,
64454 };
64455
64456 diff --git a/drivers/net/ethernet/micrel/ks8695net.c b/drivers/net/ethernet/micrel/ks8695net.c
64457 index 20cb85b..6135d90 100644
64458 --- a/drivers/net/ethernet/micrel/ks8695net.c
64459 +++ b/drivers/net/ethernet/micrel/ks8695net.c
64460 @@ -1156,7 +1156,7 @@ ks8695_timeout(struct net_device *ndev)
64461 * sk_buff and adds it to the TX ring. It then kicks the TX DMA
64462 * engine to ensure transmission begins.
64463 */
64464 -static int
64465 +static netdev_tx_t
64466 ks8695_start_xmit(struct sk_buff *skb, struct net_device *ndev)
64467 {
64468 struct ks8695_priv *ksp = netdev_priv(ndev);
64469 diff --git a/drivers/net/ethernet/micrel/ks8851_mll.c b/drivers/net/ethernet/micrel/ks8851_mll.c
64470 index 2fc5cd5..6c6108a 100644
64471 --- a/drivers/net/ethernet/micrel/ks8851_mll.c
64472 +++ b/drivers/net/ethernet/micrel/ks8851_mll.c
64473 @@ -1020,7 +1020,7 @@ static void ks_write_qmu(struct ks_net *ks, u8 *pdata, u16 len)
64474 * spin_lock_irqsave is required because tx and rx should be mutual exclusive.
64475 * So while tx is in-progress, prevent IRQ interrupt from happenning.
64476 */
64477 -static int ks_start_xmit(struct sk_buff *skb, struct net_device *netdev)
64478 +static netdev_tx_t ks_start_xmit(struct sk_buff *skb, struct net_device *netdev)
64479 {
64480 int retv = NETDEV_TX_OK;
64481 struct ks_net *ks = netdev_priv(netdev);
64482 diff --git a/drivers/net/ethernet/moxa/moxart_ether.c b/drivers/net/ethernet/moxa/moxart_ether.c
64483 index 4367dd6..c32f151 100644
64484 --- a/drivers/net/ethernet/moxa/moxart_ether.c
64485 +++ b/drivers/net/ethernet/moxa/moxart_ether.c
64486 @@ -319,7 +319,7 @@ static irqreturn_t moxart_mac_interrupt(int irq, void *dev_id)
64487 return IRQ_HANDLED;
64488 }
64489
64490 -static int moxart_mac_start_xmit(struct sk_buff *skb, struct net_device *ndev)
64491 +static netdev_tx_t moxart_mac_start_xmit(struct sk_buff *skb, struct net_device *ndev)
64492 {
64493 struct moxart_mac_priv_t *priv = netdev_priv(ndev);
64494 void *desc;
64495 diff --git a/drivers/net/ethernet/neterion/s2io.c b/drivers/net/ethernet/neterion/s2io.c
64496 index eaa37c0..8295b08 100644
64497 --- a/drivers/net/ethernet/neterion/s2io.c
64498 +++ b/drivers/net/ethernet/neterion/s2io.c
64499 @@ -8556,7 +8556,7 @@ static void lro_append_pkt(struct s2io_nic *sp, struct lro *lro,
64500 * this device has been detected.
64501 */
64502 static pci_ers_result_t s2io_io_error_detected(struct pci_dev *pdev,
64503 - pci_channel_state_t state)
64504 + enum pci_channel_state state)
64505 {
64506 struct net_device *netdev = pci_get_drvdata(pdev);
64507 struct s2io_nic *sp = netdev_priv(netdev);
64508 diff --git a/drivers/net/ethernet/neterion/vxge/vxge-config.c b/drivers/net/ethernet/neterion/vxge/vxge-config.c
64509 index 6223930..975033d 100644
64510 --- a/drivers/net/ethernet/neterion/vxge/vxge-config.c
64511 +++ b/drivers/net/ethernet/neterion/vxge/vxge-config.c
64512 @@ -3457,7 +3457,10 @@ __vxge_hw_fifo_create(struct __vxge_hw_vpath_handle *vp,
64513 struct __vxge_hw_fifo *fifo;
64514 struct vxge_hw_fifo_config *config;
64515 u32 txdl_size, txdl_per_memblock;
64516 - struct vxge_hw_mempool_cbs fifo_mp_callback;
64517 + static struct vxge_hw_mempool_cbs fifo_mp_callback = {
64518 + .item_func_alloc = __vxge_hw_fifo_mempool_item_alloc,
64519 + };
64520 +
64521 struct __vxge_hw_virtualpath *vpath;
64522
64523 if ((vp == NULL) || (attr == NULL)) {
64524 @@ -3540,8 +3543,6 @@ __vxge_hw_fifo_create(struct __vxge_hw_vpath_handle *vp,
64525 goto exit;
64526 }
64527
64528 - fifo_mp_callback.item_func_alloc = __vxge_hw_fifo_mempool_item_alloc;
64529 -
64530 fifo->mempool =
64531 __vxge_hw_mempool_create(vpath->hldev,
64532 fifo->config->memblock_size,
64533 diff --git a/drivers/net/ethernet/neterion/vxge/vxge-main.c b/drivers/net/ethernet/neterion/vxge/vxge-main.c
64534 index e0993eb..d8d7f50 100644
64535 --- a/drivers/net/ethernet/neterion/vxge/vxge-main.c
64536 +++ b/drivers/net/ethernet/neterion/vxge/vxge-main.c
64537 @@ -4043,7 +4043,7 @@ static int vxge_pm_resume(struct pci_dev *pdev)
64538 * this device has been detected.
64539 */
64540 static pci_ers_result_t vxge_io_error_detected(struct pci_dev *pdev,
64541 - pci_channel_state_t state)
64542 + enum pci_channel_state state)
64543 {
64544 struct __vxge_hw_device *hldev = pci_get_drvdata(pdev);
64545 struct net_device *netdev = hldev->ndev;
64546 diff --git a/drivers/net/ethernet/netronome/nfp/nfp_net_common.c b/drivers/net/ethernet/netronome/nfp/nfp_net_common.c
64547 index 39dadfc..2f40f84 100644
64548 --- a/drivers/net/ethernet/netronome/nfp/nfp_net_common.c
64549 +++ b/drivers/net/ethernet/netronome/nfp/nfp_net_common.c
64550 @@ -751,7 +751,7 @@ static void nfp_net_tx_csum(struct nfp_net *nn, struct nfp_net_r_vector *r_vec,
64551 *
64552 * Return: NETDEV_TX_OK on success.
64553 */
64554 -static int nfp_net_tx(struct sk_buff *skb, struct net_device *netdev)
64555 +static netdev_tx_t nfp_net_tx(struct sk_buff *skb, struct net_device *netdev)
64556 {
64557 struct nfp_net *nn = netdev_priv(netdev);
64558 const struct skb_frag_struct *frag;
64559 diff --git a/drivers/net/ethernet/netx-eth.c b/drivers/net/ethernet/netx-eth.c
64560 index adbc47f..d072612 100644
64561 --- a/drivers/net/ethernet/netx-eth.c
64562 +++ b/drivers/net/ethernet/netx-eth.c
64563 @@ -107,7 +107,7 @@ static void netx_eth_set_multicast_list(struct net_device *ndev)
64564 /* implement me */
64565 }
64566
64567 -static int
64568 +static netdev_tx_t
64569 netx_eth_hard_start_xmit(struct sk_buff *skb, struct net_device *ndev)
64570 {
64571 struct netx_eth_priv *priv = netdev_priv(ndev);
64572 diff --git a/drivers/net/ethernet/nuvoton/w90p910_ether.c b/drivers/net/ethernet/nuvoton/w90p910_ether.c
64573 index 87b7b81..b352c4b 100644
64574 --- a/drivers/net/ethernet/nuvoton/w90p910_ether.c
64575 +++ b/drivers/net/ethernet/nuvoton/w90p910_ether.c
64576 @@ -633,7 +633,7 @@ static int w90p910_send_frame(struct net_device *dev,
64577 return 0;
64578 }
64579
64580 -static int w90p910_ether_start_xmit(struct sk_buff *skb, struct net_device *dev)
64581 +static netdev_tx_t w90p910_ether_start_xmit(struct sk_buff *skb, struct net_device *dev)
64582 {
64583 struct w90p910_ether *ether = netdev_priv(dev);
64584
64585 diff --git a/drivers/net/ethernet/nvidia/forcedeth.c b/drivers/net/ethernet/nvidia/forcedeth.c
64586 index 9b0d7f4..c29155f 100644
64587 --- a/drivers/net/ethernet/nvidia/forcedeth.c
64588 +++ b/drivers/net/ethernet/nvidia/forcedeth.c
64589 @@ -357,8 +357,8 @@ struct ring_desc {
64590 };
64591
64592 struct ring_desc_ex {
64593 - __le32 bufhigh;
64594 - __le32 buflow;
64595 + __le32 bufhigh __intentional_overflow(0);
64596 + __le32 buflow __intentional_overflow(0);
64597 __le32 txvlan;
64598 __le32 flaglen;
64599 };
64600 diff --git a/drivers/net/ethernet/nxp/lpc_eth.c b/drivers/net/ethernet/nxp/lpc_eth.c
64601 index 8e13ec8..b654ea0 100644
64602 --- a/drivers/net/ethernet/nxp/lpc_eth.c
64603 +++ b/drivers/net/ethernet/nxp/lpc_eth.c
64604 @@ -1053,7 +1053,7 @@ static int lpc_eth_close(struct net_device *ndev)
64605 return 0;
64606 }
64607
64608 -static int lpc_eth_hard_start_xmit(struct sk_buff *skb, struct net_device *ndev)
64609 +static netdev_tx_t lpc_eth_hard_start_xmit(struct sk_buff *skb, struct net_device *ndev)
64610 {
64611 struct netdata_local *pldat = netdev_priv(ndev);
64612 u32 len, txidx;
64613 diff --git a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c
64614 index 3cd87a4..3eb33e7 100644
64615 --- a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c
64616 +++ b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c
64617 @@ -2130,7 +2130,7 @@ static int pch_gbe_stop(struct net_device *netdev)
64618 * - NETDEV_TX_OK: Normal end
64619 * - NETDEV_TX_BUSY: Error end
64620 */
64621 -static int pch_gbe_xmit_frame(struct sk_buff *skb, struct net_device *netdev)
64622 +static netdev_tx_t pch_gbe_xmit_frame(struct sk_buff *skb, struct net_device *netdev)
64623 {
64624 struct pch_gbe_adapter *adapter = netdev_priv(netdev);
64625 struct pch_gbe_tx_ring *tx_ring = adapter->tx_ring;
64626 @@ -2439,7 +2439,7 @@ static const struct net_device_ops pch_gbe_netdev_ops = {
64627 };
64628
64629 static pci_ers_result_t pch_gbe_io_error_detected(struct pci_dev *pdev,
64630 - pci_channel_state_t state)
64631 + enum pci_channel_state state)
64632 {
64633 struct net_device *netdev = pci_get_drvdata(pdev);
64634 struct pch_gbe_adapter *adapter = netdev_priv(netdev);
64635 diff --git a/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c b/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
64636 index 7a0281a..ff425351 100644
64637 --- a/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
64638 +++ b/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c
64639 @@ -1757,7 +1757,7 @@ err_out:
64640 }
64641
64642 static pci_ers_result_t netxen_io_error_detected(struct pci_dev *pdev,
64643 - pci_channel_state_t state)
64644 + enum pci_channel_state state)
64645 {
64646 struct netxen_adapter *adapter = pci_get_drvdata(pdev);
64647
64648 diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c
64649 index a496390..eaa03ae 100644
64650 --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c
64651 +++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c
64652 @@ -2320,7 +2320,9 @@ int qlcnic_83xx_configure_opmode(struct qlcnic_adapter *adapter)
64653 max_tx_rings = QLCNIC_MAX_VNIC_TX_RINGS;
64654 } else if (ret == QLC_83XX_DEFAULT_OPMODE) {
64655 ahw->nic_mode = QLCNIC_DEFAULT_MODE;
64656 - adapter->nic_ops->init_driver = qlcnic_83xx_init_default_driver;
64657 + pax_open_kernel();
64658 + const_cast(adapter->nic_ops->init_driver) = qlcnic_83xx_init_default_driver;
64659 + pax_close_kernel();
64660 ahw->idc.state_entry = qlcnic_83xx_idc_ready_state_entry;
64661 max_sds_rings = QLCNIC_MAX_SDS_RINGS;
64662 max_tx_rings = QLCNIC_MAX_TX_RINGS;
64663 diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c
64664 index 3490675..cf148ea 100644
64665 --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c
64666 +++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c
64667 @@ -207,17 +207,23 @@ int qlcnic_83xx_config_vnic_opmode(struct qlcnic_adapter *adapter)
64668 case QLCNIC_NON_PRIV_FUNC:
64669 ahw->op_mode = QLCNIC_NON_PRIV_FUNC;
64670 ahw->idc.state_entry = qlcnic_83xx_idc_ready_state_entry;
64671 - nic_ops->init_driver = qlcnic_83xx_init_non_privileged_vnic;
64672 + pax_open_kernel();
64673 + const_cast(nic_ops->init_driver) = qlcnic_83xx_init_non_privileged_vnic;
64674 + pax_close_kernel();
64675 break;
64676 case QLCNIC_PRIV_FUNC:
64677 ahw->op_mode = QLCNIC_PRIV_FUNC;
64678 ahw->idc.state_entry = qlcnic_83xx_idc_vnic_pf_entry;
64679 - nic_ops->init_driver = qlcnic_83xx_init_privileged_vnic;
64680 + pax_open_kernel();
64681 + const_cast(nic_ops->init_driver) = qlcnic_83xx_init_privileged_vnic;
64682 + pax_close_kernel();
64683 break;
64684 case QLCNIC_MGMT_FUNC:
64685 ahw->op_mode = QLCNIC_MGMT_FUNC;
64686 ahw->idc.state_entry = qlcnic_83xx_idc_ready_state_entry;
64687 - nic_ops->init_driver = qlcnic_83xx_init_mgmt_vnic;
64688 + pax_open_kernel();
64689 + const_cast(nic_ops->init_driver) = qlcnic_83xx_init_mgmt_vnic;
64690 + pax_close_kernel();
64691 break;
64692 default:
64693 dev_err(&adapter->pdev->dev, "Invalid Virtual NIC opmode\n");
64694 diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c
64695 index 3ebef27..988b2b6 100644
64696 --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c
64697 +++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c
64698 @@ -3974,7 +3974,7 @@ static void qlcnic_82xx_io_resume(struct pci_dev *pdev)
64699 }
64700
64701 static pci_ers_result_t qlcnic_io_error_detected(struct pci_dev *pdev,
64702 - pci_channel_state_t state)
64703 + enum pci_channel_state state)
64704 {
64705 struct qlcnic_adapter *adapter = pci_get_drvdata(pdev);
64706 struct qlcnic_hardware_ops *hw_ops = adapter->ahw->hw_ops;
64707 diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c
64708 index 0844b7c..afa10a1 100644
64709 --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c
64710 +++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c
64711 @@ -1285,7 +1285,7 @@ flash_temp:
64712 int qlcnic_dump_fw(struct qlcnic_adapter *adapter)
64713 {
64714 struct qlcnic_fw_dump *fw_dump = &adapter->ahw->fw_dump;
64715 - static const struct qlcnic_dump_operations *fw_dump_ops;
64716 + const struct qlcnic_dump_operations *fw_dump_ops;
64717 struct qlcnic_83xx_dump_template_hdr *hdr_83xx;
64718 u32 entry_offset, dump, no_entries, buf_offset = 0;
64719 int i, k, ops_cnt, ops_index, dump_size = 0;
64720 diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
64721 index e55638c..5fe3a62 100644
64722 --- a/drivers/net/ethernet/realtek/r8169.c
64723 +++ b/drivers/net/ethernet/realtek/r8169.c
64724 @@ -798,22 +798,22 @@ struct rtl8169_private {
64725 struct mdio_ops {
64726 void (*write)(struct rtl8169_private *, int, int);
64727 int (*read)(struct rtl8169_private *, int);
64728 - } mdio_ops;
64729 + } __no_const mdio_ops;
64730
64731 struct pll_power_ops {
64732 void (*down)(struct rtl8169_private *);
64733 void (*up)(struct rtl8169_private *);
64734 - } pll_power_ops;
64735 + } __no_const pll_power_ops;
64736
64737 struct jumbo_ops {
64738 void (*enable)(struct rtl8169_private *);
64739 void (*disable)(struct rtl8169_private *);
64740 - } jumbo_ops;
64741 + } __no_const jumbo_ops;
64742
64743 struct csi_ops {
64744 void (*write)(struct rtl8169_private *, int, int);
64745 u32 (*read)(struct rtl8169_private *, int);
64746 - } csi_ops;
64747 + } __no_const csi_ops;
64748
64749 int (*set_speed)(struct net_device *, u8 aneg, u16 sp, u8 dpx, u32 adv);
64750 int (*get_settings)(struct net_device *, struct ethtool_cmd *);
64751 diff --git a/drivers/net/ethernet/renesas/sh_eth.c b/drivers/net/ethernet/renesas/sh_eth.c
64752 index 054e795..5180c73 100644
64753 --- a/drivers/net/ethernet/renesas/sh_eth.c
64754 +++ b/drivers/net/ethernet/renesas/sh_eth.c
64755 @@ -2300,7 +2300,7 @@ static void sh_eth_tx_timeout(struct net_device *ndev)
64756 }
64757
64758 /* Packet transmit function */
64759 -static int sh_eth_start_xmit(struct sk_buff *skb, struct net_device *ndev)
64760 +static netdev_tx_t sh_eth_start_xmit(struct sk_buff *skb, struct net_device *ndev)
64761 {
64762 struct sh_eth_private *mdp = netdev_priv(ndev);
64763 struct sh_eth_txdesc *txdesc;
64764 diff --git a/drivers/net/ethernet/rocker/rocker_main.c b/drivers/net/ethernet/rocker/rocker_main.c
64765 index f0b09b0..35869b1 100644
64766 --- a/drivers/net/ethernet/rocker/rocker_main.c
64767 +++ b/drivers/net/ethernet/rocker/rocker_main.c
64768 @@ -2834,7 +2834,7 @@ out:
64769 return NOTIFY_DONE;
64770 }
64771
64772 -static struct notifier_block rocker_netdevice_nb __read_mostly = {
64773 +static struct notifier_block rocker_netdevice_nb = {
64774 .notifier_call = rocker_netdevice_event,
64775 };
64776
64777 @@ -2868,7 +2868,7 @@ static int rocker_netevent_event(struct notifier_block *unused,
64778 return NOTIFY_DONE;
64779 }
64780
64781 -static struct notifier_block rocker_netevent_nb __read_mostly = {
64782 +static struct notifier_block rocker_netevent_nb = {
64783 .notifier_call = rocker_netevent_event,
64784 };
64785
64786 diff --git a/drivers/net/ethernet/seeq/sgiseeq.c b/drivers/net/ethernet/seeq/sgiseeq.c
64787 index c2bd537..540a981 100644
64788 --- a/drivers/net/ethernet/seeq/sgiseeq.c
64789 +++ b/drivers/net/ethernet/seeq/sgiseeq.c
64790 @@ -578,7 +578,7 @@ static inline int sgiseeq_reset(struct net_device *dev)
64791 return 0;
64792 }
64793
64794 -static int sgiseeq_start_xmit(struct sk_buff *skb, struct net_device *dev)
64795 +static netdev_tx_t sgiseeq_start_xmit(struct sk_buff *skb, struct net_device *dev)
64796 {
64797 struct sgiseeq_private *sp = netdev_priv(dev);
64798 struct hpc3_ethregs *hregs = sp->hregs;
64799 diff --git a/drivers/net/ethernet/sfc/ptp.c b/drivers/net/ethernet/sfc/ptp.c
64800 index c771e0a..bbb368d 100644
64801 --- a/drivers/net/ethernet/sfc/ptp.c
64802 +++ b/drivers/net/ethernet/sfc/ptp.c
64803 @@ -832,7 +832,7 @@ static int efx_ptp_synchronize(struct efx_nic *efx, unsigned int num_readings)
64804 ptp->start.dma_addr);
64805
64806 /* Clear flag that signals MC ready */
64807 - ACCESS_ONCE(*start) = 0;
64808 + ACCESS_ONCE_RW(*start) = 0;
64809 rc = efx_mcdi_rpc_start(efx, MC_CMD_PTP, synch_buf,
64810 MC_CMD_PTP_IN_SYNCHRONIZE_LEN);
64811 EFX_BUG_ON_PARANOID(rc);
64812 diff --git a/drivers/net/ethernet/sfc/selftest.c b/drivers/net/ethernet/sfc/selftest.c
64813 index 9d78830..74fc649 100644
64814 --- a/drivers/net/ethernet/sfc/selftest.c
64815 +++ b/drivers/net/ethernet/sfc/selftest.c
64816 @@ -82,8 +82,8 @@ struct efx_loopback_state {
64817 int packet_count;
64818 struct sk_buff **skbs;
64819 bool offload_csum;
64820 - atomic_t rx_good;
64821 - atomic_t rx_bad;
64822 + atomic_unchecked_t rx_good;
64823 + atomic_unchecked_t rx_bad;
64824 struct efx_loopback_payload payload;
64825 };
64826
64827 @@ -349,12 +349,12 @@ void efx_loopback_rx_packet(struct efx_nic *efx,
64828 netif_vdbg(efx, drv, efx->net_dev,
64829 "got loopback RX in %s loopback test\n", LOOPBACK_MODE(efx));
64830
64831 - atomic_inc(&state->rx_good);
64832 + atomic_inc_unchecked(&state->rx_good);
64833 return;
64834
64835 err:
64836 #ifdef DEBUG
64837 - if (atomic_read(&state->rx_bad) == 0) {
64838 + if (atomic_read_unchecked(&state->rx_bad) == 0) {
64839 netif_err(efx, drv, efx->net_dev, "received packet:\n");
64840 print_hex_dump(KERN_ERR, "", DUMP_PREFIX_OFFSET, 0x10, 1,
64841 buf_ptr, pkt_len, 0);
64842 @@ -363,7 +363,7 @@ void efx_loopback_rx_packet(struct efx_nic *efx,
64843 &state->payload, sizeof(state->payload), 0);
64844 }
64845 #endif
64846 - atomic_inc(&state->rx_bad);
64847 + atomic_inc_unchecked(&state->rx_bad);
64848 }
64849
64850 /* Initialise an efx_selftest_state for a new iteration */
64851 @@ -397,8 +397,8 @@ static void efx_iterate_state(struct efx_nic *efx)
64852 memcpy(&payload->msg, payload_msg, sizeof(payload_msg));
64853
64854 /* Fill out remaining state members */
64855 - atomic_set(&state->rx_good, 0);
64856 - atomic_set(&state->rx_bad, 0);
64857 + atomic_set_unchecked(&state->rx_good, 0);
64858 + atomic_set_unchecked(&state->rx_bad, 0);
64859 smp_wmb();
64860 }
64861
64862 @@ -456,7 +456,7 @@ static int efx_poll_loopback(struct efx_nic *efx)
64863 {
64864 struct efx_loopback_state *state = efx->loopback_selftest;
64865
64866 - return atomic_read(&state->rx_good) == state->packet_count;
64867 + return atomic_read_unchecked(&state->rx_good) == state->packet_count;
64868 }
64869
64870 static int efx_end_loopback(struct efx_tx_queue *tx_queue,
64871 @@ -482,8 +482,8 @@ static int efx_end_loopback(struct efx_tx_queue *tx_queue,
64872 netif_tx_unlock_bh(efx->net_dev);
64873
64874 /* Check TX completion and received packet counts */
64875 - rx_good = atomic_read(&state->rx_good);
64876 - rx_bad = atomic_read(&state->rx_bad);
64877 + rx_good = atomic_read_unchecked(&state->rx_good);
64878 + rx_bad = atomic_read_unchecked(&state->rx_bad);
64879 if (tx_done != state->packet_count) {
64880 /* Don't free the skbs; they will be picked up on TX
64881 * overflow or channel teardown.
64882 diff --git a/drivers/net/ethernet/sgi/ioc3-eth.c b/drivers/net/ethernet/sgi/ioc3-eth.c
64883 index 7a254da..0693a2b4 100644
64884 --- a/drivers/net/ethernet/sgi/ioc3-eth.c
64885 +++ b/drivers/net/ethernet/sgi/ioc3-eth.c
64886 @@ -103,7 +103,7 @@ static inline struct net_device *priv_netdev(struct ioc3_private *dev)
64887
64888 static int ioc3_ioctl(struct net_device *dev, struct ifreq *rq, int cmd);
64889 static void ioc3_set_multicast_list(struct net_device *dev);
64890 -static int ioc3_start_xmit(struct sk_buff *skb, struct net_device *dev);
64891 +static netdev_tx_t ioc3_start_xmit(struct sk_buff *skb, struct net_device *dev);
64892 static void ioc3_timeout(struct net_device *dev);
64893 static inline unsigned int ioc3_hash(const unsigned char *addr);
64894 static inline void ioc3_stop(struct ioc3_private *ip);
64895 @@ -1397,7 +1397,7 @@ static struct pci_driver ioc3_driver = {
64896 .remove = ioc3_remove_one,
64897 };
64898
64899 -static int ioc3_start_xmit(struct sk_buff *skb, struct net_device *dev)
64900 +static netdev_tx_t ioc3_start_xmit(struct sk_buff *skb, struct net_device *dev)
64901 {
64902 unsigned long data;
64903 struct ioc3_private *ip = netdev_priv(dev);
64904 diff --git a/drivers/net/ethernet/smsc/smc911x.c b/drivers/net/ethernet/smsc/smc911x.c
64905 index cb49c96..c1498cc 100644
64906 --- a/drivers/net/ethernet/smsc/smc911x.c
64907 +++ b/drivers/net/ethernet/smsc/smc911x.c
64908 @@ -514,7 +514,7 @@ static void smc911x_hardware_send_pkt(struct net_device *dev)
64909 * now, or set the card to generates an interrupt when ready
64910 * for the packet.
64911 */
64912 -static int smc911x_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
64913 +static netdev_tx_t smc911x_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
64914 {
64915 struct smc911x_local *lp = netdev_priv(dev);
64916 unsigned int free;
64917 diff --git a/drivers/net/ethernet/smsc/smc91x.c b/drivers/net/ethernet/smsc/smc91x.c
64918 index 503a3b6..28d35c9 100644
64919 --- a/drivers/net/ethernet/smsc/smc91x.c
64920 +++ b/drivers/net/ethernet/smsc/smc91x.c
64921 @@ -637,7 +637,7 @@ done: if (!THROTTLE_TX_PKTS)
64922 * now, or set the card to generates an interrupt when ready
64923 * for the packet.
64924 */
64925 -static int smc_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
64926 +static netdev_tx_t smc_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
64927 {
64928 struct smc_local *lp = netdev_priv(dev);
64929 void __iomem *ioaddr = lp->base;
64930 diff --git a/drivers/net/ethernet/smsc/smsc911x.c b/drivers/net/ethernet/smsc/smsc911x.c
64931 index 4f8910b..50636e8 100644
64932 --- a/drivers/net/ethernet/smsc/smsc911x.c
64933 +++ b/drivers/net/ethernet/smsc/smsc911x.c
64934 @@ -1760,7 +1760,7 @@ static int smsc911x_stop(struct net_device *dev)
64935 }
64936
64937 /* Entry point for transmitting a packet */
64938 -static int smsc911x_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
64939 +static netdev_tx_t smsc911x_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
64940 {
64941 struct smsc911x_data *pdata = netdev_priv(dev);
64942 unsigned int freespace;
64943 diff --git a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c
64944 index ce9aa79..ad1831f 100644
64945 --- a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c
64946 +++ b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c
64947 @@ -140,8 +140,8 @@ void dwmac_mmc_ctrl(void __iomem *mmcaddr, unsigned int mode)
64948
64949 writel(value, mmcaddr + MMC_CNTRL);
64950
64951 - pr_debug("stmmac: MMC ctrl register (offset 0x%x): 0x%08x\n",
64952 - MMC_CNTRL, value);
64953 +// pr_debug("stmmac: MMC ctrl register (offset 0x%x): 0x%08x\n",
64954 +// MMC_CNTRL, value);
64955 }
64956
64957 /* To mask all all interrupts.*/
64958 diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
64959 index 4c8c60a..c29928c 100644
64960 --- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
64961 +++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
64962 @@ -1164,8 +1164,8 @@ static int alloc_dma_desc_resources(struct stmmac_priv *priv)
64963 if (!priv->rx_skbuff)
64964 goto err_rx_skbuff;
64965
64966 - priv->tx_skbuff_dma = kmalloc_array(DMA_TX_SIZE,
64967 - sizeof(*priv->tx_skbuff_dma),
64968 + priv->tx_skbuff_dma = kmalloc_array(sizeof(*priv->tx_skbuff_dma),
64969 + DMA_TX_SIZE,
64970 GFP_KERNEL);
64971 if (!priv->tx_skbuff_dma)
64972 goto err_tx_skbuff_dma;
64973 diff --git a/drivers/net/ethernet/sun/sunbmac.c b/drivers/net/ethernet/sun/sunbmac.c
64974 index aa4f9d2..d9ffff3 100644
64975 --- a/drivers/net/ethernet/sun/sunbmac.c
64976 +++ b/drivers/net/ethernet/sun/sunbmac.c
64977 @@ -950,7 +950,7 @@ static void bigmac_tx_timeout(struct net_device *dev)
64978 }
64979
64980 /* Put a packet on the wire. */
64981 -static int bigmac_start_xmit(struct sk_buff *skb, struct net_device *dev)
64982 +static netdev_tx_t bigmac_start_xmit(struct sk_buff *skb, struct net_device *dev)
64983 {
64984 struct bigmac *bp = netdev_priv(dev);
64985 int len, entry;
64986 diff --git a/drivers/net/ethernet/sun/sunqe.c b/drivers/net/ethernet/sun/sunqe.c
64987 index 9b825780..71a2b34 100644
64988 --- a/drivers/net/ethernet/sun/sunqe.c
64989 +++ b/drivers/net/ethernet/sun/sunqe.c
64990 @@ -568,7 +568,7 @@ out:
64991 }
64992
64993 /* Get a packet queued to go onto the wire. */
64994 -static int qe_start_xmit(struct sk_buff *skb, struct net_device *dev)
64995 +static netdev_tx_t qe_start_xmit(struct sk_buff *skb, struct net_device *dev)
64996 {
64997 struct sunqe *qep = netdev_priv(dev);
64998 struct sunqe_buffers *qbufs = qep->buffers;
64999 diff --git a/drivers/net/ethernet/sun/sunvnet.c b/drivers/net/ethernet/sun/sunvnet.c
65000 index a2f9b47..05a9147 100644
65001 --- a/drivers/net/ethernet/sun/sunvnet.c
65002 +++ b/drivers/net/ethernet/sun/sunvnet.c
65003 @@ -131,7 +131,7 @@ static u16 vnet_select_queue(struct net_device *dev, struct sk_buff *skb,
65004 }
65005
65006 /* Wrappers to common functions */
65007 -static int vnet_start_xmit(struct sk_buff *skb, struct net_device *dev)
65008 +static netdev_tx_t vnet_start_xmit(struct sk_buff *skb, struct net_device *dev)
65009 {
65010 return sunvnet_start_xmit_common(skb, dev, vnet_tx_port_find);
65011 }
65012 diff --git a/drivers/net/ethernet/sun/sunvnet_common.c b/drivers/net/ethernet/sun/sunvnet_common.c
65013 index 904a5a1..6ef5cff 100644
65014 --- a/drivers/net/ethernet/sun/sunvnet_common.c
65015 +++ b/drivers/net/ethernet/sun/sunvnet_common.c
65016 @@ -1126,7 +1126,7 @@ static inline struct sk_buff *vnet_skb_shape(struct sk_buff *skb, int ncookies)
65017 return skb;
65018 }
65019
65020 -static int vnet_handle_offloads(struct vnet_port *port, struct sk_buff *skb,
65021 +static netdev_tx_t vnet_handle_offloads(struct vnet_port *port, struct sk_buff *skb,
65022 struct vnet_port *(*vnet_tx_port)
65023 (struct sk_buff *, struct net_device *))
65024 {
65025 @@ -1134,7 +1134,7 @@ static int vnet_handle_offloads(struct vnet_port *port, struct sk_buff *skb,
65026 struct vio_dring_state *dr = &port->vio.drings[VIO_DRIVER_TX_RING];
65027 struct sk_buff *segs;
65028 int maclen, datalen;
65029 - int status;
65030 + netdev_tx_t status;
65031 int gso_size, gso_type, gso_segs;
65032 int hlen = skb_transport_header(skb) - skb_mac_header(skb);
65033 int proto = IPPROTO_IP;
65034 @@ -1190,7 +1190,7 @@ static int vnet_handle_offloads(struct vnet_port *port, struct sk_buff *skb,
65035 skb_push(skb, maclen);
65036 skb_reset_mac_header(skb);
65037
65038 - status = 0;
65039 + status = NETDEV_TX_OK;
65040 while (segs) {
65041 struct sk_buff *curr = segs;
65042
65043 diff --git a/drivers/net/ethernet/synopsys/dwc_eth_qos.c b/drivers/net/ethernet/synopsys/dwc_eth_qos.c
65044 index 4490eba..cbd62ea 100644
65045 --- a/drivers/net/ethernet/synopsys/dwc_eth_qos.c
65046 +++ b/drivers/net/ethernet/synopsys/dwc_eth_qos.c
65047 @@ -2176,7 +2176,7 @@ static void dwceqos_tx_rollback(struct net_local *lp, struct dwceqos_tx *tx)
65048 lp->gso_size = tx->prev_gso_size;
65049 }
65050
65051 -static int dwceqos_start_xmit(struct sk_buff *skb, struct net_device *ndev)
65052 +static netdev_tx_t dwceqos_start_xmit(struct sk_buff *skb, struct net_device *ndev)
65053 {
65054 struct net_local *lp = netdev_priv(ndev);
65055 struct dwceqos_tx trans;
65056 diff --git a/drivers/net/ethernet/ti/cpmac.c b/drivers/net/ethernet/ti/cpmac.c
65057 index d300d53..31adc932 100644
65058 --- a/drivers/net/ethernet/ti/cpmac.c
65059 +++ b/drivers/net/ethernet/ti/cpmac.c
65060 @@ -544,7 +544,7 @@ fatal_error:
65061
65062 }
65063
65064 -static int cpmac_start_xmit(struct sk_buff *skb, struct net_device *dev)
65065 +static netdev_tx_t cpmac_start_xmit(struct sk_buff *skb, struct net_device *dev)
65066 {
65067 int queue, len;
65068 struct cpmac_desc *desc;
65069 diff --git a/drivers/net/ethernet/ti/davinci_emac.c b/drivers/net/ethernet/ti/davinci_emac.c
65070 index 727a79f..38ef419 100644
65071 --- a/drivers/net/ethernet/ti/davinci_emac.c
65072 +++ b/drivers/net/ethernet/ti/davinci_emac.c
65073 @@ -943,7 +943,7 @@ static void emac_tx_handler(void *token, int len, int status)
65074 *
65075 * Returns success(NETDEV_TX_OK) or error code (typically out of desc's)
65076 */
65077 -static int emac_dev_xmit(struct sk_buff *skb, struct net_device *ndev)
65078 +static netdev_tx_t emac_dev_xmit(struct sk_buff *skb, struct net_device *ndev)
65079 {
65080 struct device *emac_dev = &ndev->dev;
65081 int ret_code;
65082 diff --git a/drivers/net/ethernet/ti/netcp_core.c b/drivers/net/ethernet/ti/netcp_core.c
65083 index 3251666..6eb86ae 100644
65084 --- a/drivers/net/ethernet/ti/netcp_core.c
65085 +++ b/drivers/net/ethernet/ti/netcp_core.c
65086 @@ -1237,7 +1237,7 @@ out:
65087 }
65088
65089 /* Submit the packet */
65090 -static int netcp_ndo_start_xmit(struct sk_buff *skb, struct net_device *ndev)
65091 +static netdev_tx_t netcp_ndo_start_xmit(struct sk_buff *skb, struct net_device *ndev)
65092 {
65093 struct netcp_intf *netcp = netdev_priv(ndev);
65094 int subqueue = skb_get_queue_mapping(skb);
65095 diff --git a/drivers/net/ethernet/via/via-rhine.c b/drivers/net/ethernet/via/via-rhine.c
65096 index 9d14731..7d6ad91 100644
65097 --- a/drivers/net/ethernet/via/via-rhine.c
65098 +++ b/drivers/net/ethernet/via/via-rhine.c
65099 @@ -2600,7 +2600,7 @@ static struct platform_driver rhine_driver_platform = {
65100 }
65101 };
65102
65103 -static struct dmi_system_id rhine_dmi_table[] __initdata = {
65104 +static const struct dmi_system_id rhine_dmi_table[] __initconst = {
65105 {
65106 .ident = "EPIA-M",
65107 .matches = {
65108 diff --git a/drivers/net/ethernet/wiznet/w5100.c b/drivers/net/ethernet/wiznet/w5100.c
65109 index 37ab46c..2875480 100644
65110 --- a/drivers/net/ethernet/wiznet/w5100.c
65111 +++ b/drivers/net/ethernet/wiznet/w5100.c
65112 @@ -836,7 +836,7 @@ static void w5100_tx_work(struct work_struct *work)
65113 w5100_tx_skb(priv->ndev, skb);
65114 }
65115
65116 -static int w5100_start_tx(struct sk_buff *skb, struct net_device *ndev)
65117 +static netdev_tx_t w5100_start_tx(struct sk_buff *skb, struct net_device *ndev)
65118 {
65119 struct w5100_priv *priv = netdev_priv(ndev);
65120
65121 diff --git a/drivers/net/ethernet/wiznet/w5300.c b/drivers/net/ethernet/wiznet/w5300.c
65122 index 0b37ce9..4ec594b 100644
65123 --- a/drivers/net/ethernet/wiznet/w5300.c
65124 +++ b/drivers/net/ethernet/wiznet/w5300.c
65125 @@ -366,7 +366,7 @@ static void w5300_tx_timeout(struct net_device *ndev)
65126 netif_wake_queue(ndev);
65127 }
65128
65129 -static int w5300_start_tx(struct sk_buff *skb, struct net_device *ndev)
65130 +static netdev_tx_t w5300_start_tx(struct sk_buff *skb, struct net_device *ndev)
65131 {
65132 struct w5300_priv *priv = netdev_priv(ndev);
65133
65134 diff --git a/drivers/net/ethernet/xilinx/ll_temac_main.c b/drivers/net/ethernet/xilinx/ll_temac_main.c
65135 index a9bd665..2fc2924 100644
65136 --- a/drivers/net/ethernet/xilinx/ll_temac_main.c
65137 +++ b/drivers/net/ethernet/xilinx/ll_temac_main.c
65138 @@ -673,7 +673,7 @@ static inline int temac_check_tx_bd_space(struct temac_local *lp, int num_frag)
65139 return 0;
65140 }
65141
65142 -static int temac_start_xmit(struct sk_buff *skb, struct net_device *ndev)
65143 +static netdev_tx_t temac_start_xmit(struct sk_buff *skb, struct net_device *ndev)
65144 {
65145 struct temac_local *lp = netdev_priv(ndev);
65146 struct cdmac_bd *cur_p;
65147 diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
65148 index 36ee7ab..7a76e3f 100644
65149 --- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
65150 +++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
65151 @@ -652,7 +652,7 @@ static inline int axienet_check_tx_bd_space(struct axienet_local *lp,
65152 * start the transmission. Additionally if checksum offloading is supported,
65153 * it populates AXI Stream Control fields with appropriate values.
65154 */
65155 -static int axienet_start_xmit(struct sk_buff *skb, struct net_device *ndev)
65156 +static netdev_tx_t axienet_start_xmit(struct sk_buff *skb, struct net_device *ndev)
65157 {
65158 u32 ii;
65159 u32 num_frag;
65160 diff --git a/drivers/net/ethernet/xilinx/xilinx_emaclite.c b/drivers/net/ethernet/xilinx/xilinx_emaclite.c
65161 index 93dc10b..6598671 100644
65162 --- a/drivers/net/ethernet/xilinx/xilinx_emaclite.c
65163 +++ b/drivers/net/ethernet/xilinx/xilinx_emaclite.c
65164 @@ -995,7 +995,7 @@ static int xemaclite_close(struct net_device *dev)
65165 *
65166 * Return: 0, always.
65167 */
65168 -static int xemaclite_send(struct sk_buff *orig_skb, struct net_device *dev)
65169 +static netdev_tx_t xemaclite_send(struct sk_buff *orig_skb, struct net_device *dev)
65170 {
65171 struct net_local *lp = netdev_priv(dev);
65172 struct sk_buff *new_skb;
65173 diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c
65174 index 3c20e87..5696f6f 100644
65175 --- a/drivers/net/geneve.c
65176 +++ b/drivers/net/geneve.c
65177 @@ -1450,7 +1450,7 @@ nla_put_failure:
65178 return -EMSGSIZE;
65179 }
65180
65181 -static struct rtnl_link_ops geneve_link_ops __read_mostly = {
65182 +static struct rtnl_link_ops geneve_link_ops = {
65183 .kind = "geneve",
65184 .maxtype = IFLA_GENEVE_MAX,
65185 .policy = geneve_policy,
65186 @@ -1516,7 +1516,7 @@ static int geneve_netdevice_event(struct notifier_block *unused,
65187 return NOTIFY_DONE;
65188 }
65189
65190 -static struct notifier_block geneve_notifier_block __read_mostly = {
65191 +static struct notifier_block geneve_notifier_block = {
65192 .notifier_call = geneve_netdevice_event,
65193 };
65194
65195 diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c
65196 index 97e0cbc..3aec9e5 100644
65197 --- a/drivers/net/gtp.c
65198 +++ b/drivers/net/gtp.c
65199 @@ -58,7 +58,7 @@ struct pdp_ctx {
65200 struct in_addr ms_addr_ip4;
65201 struct in_addr sgsn_addr_ip4;
65202
65203 - atomic_t tx_seq;
65204 + atomic_unchecked_t tx_seq;
65205 struct rcu_head rcu_head;
65206 };
65207
65208 @@ -407,7 +407,7 @@ static inline void gtp0_push_header(struct sk_buff *skb, struct pdp_ctx *pctx)
65209 gtp0->flags = 0x1e; /* v0, GTP-non-prime. */
65210 gtp0->type = GTP_TPDU;
65211 gtp0->length = htons(payload_len);
65212 - gtp0->seq = htons((atomic_inc_return(&pctx->tx_seq) - 1) % 0xffff);
65213 + gtp0->seq = htons((atomic_inc_return_unchecked(&pctx->tx_seq) - 1) % 0xffff);
65214 gtp0->flow = htons(pctx->u.v0.flow);
65215 gtp0->number = 0xff;
65216 gtp0->spare[0] = gtp0->spare[1] = gtp0->spare[2] = 0xff;
65217 @@ -751,7 +751,7 @@ nla_put_failure:
65218 return -EMSGSIZE;
65219 }
65220
65221 -static struct rtnl_link_ops gtp_link_ops __read_mostly = {
65222 +static struct rtnl_link_ops gtp_link_ops = {
65223 .kind = "gtp",
65224 .maxtype = IFLA_GTP_MAX,
65225 .policy = gtp_policy,
65226 @@ -959,7 +959,7 @@ static int ipv4_pdp_add(struct net_device *dev, struct genl_info *info)
65227 return -ENOMEM;
65228
65229 ipv4_pdp_fill(pctx, info);
65230 - atomic_set(&pctx->tx_seq, 0);
65231 + atomic_set_unchecked(&pctx->tx_seq, 0);
65232
65233 switch (pctx->gtp_version) {
65234 case GTP_V0:
65235 diff --git a/drivers/net/hamradio/baycom_epp.c b/drivers/net/hamradio/baycom_epp.c
65236 index 78dbc44..b7831d0 100644
65237 --- a/drivers/net/hamradio/baycom_epp.c
65238 +++ b/drivers/net/hamradio/baycom_epp.c
65239 @@ -768,7 +768,7 @@ static void epp_bh(struct work_struct *work)
65240 * ===================== network driver interface =========================
65241 */
65242
65243 -static int baycom_send_packet(struct sk_buff *skb, struct net_device *dev)
65244 +static netdev_tx_t baycom_send_packet(struct sk_buff *skb, struct net_device *dev)
65245 {
65246 struct baycom_state *bc = netdev_priv(dev);
65247
65248 diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h
65249 index 591af71..a5bbc7a 100644
65250 --- a/drivers/net/hyperv/hyperv_net.h
65251 +++ b/drivers/net/hyperv/hyperv_net.h
65252 @@ -162,7 +162,7 @@ struct rndis_device {
65253
65254 enum rndis_device_state state;
65255 bool link_state;
65256 - atomic_t new_req_id;
65257 + atomic_unchecked_t new_req_id;
65258
65259 spinlock_t request_lock;
65260 struct list_head req_list;
65261 diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c
65262 index 3ba29fc..793bdcf 100644
65263 --- a/drivers/net/hyperv/netvsc_drv.c
65264 +++ b/drivers/net/hyperv/netvsc_drv.c
65265 @@ -349,7 +349,7 @@ not_ip:
65266 return ret_val;
65267 }
65268
65269 -static int netvsc_start_xmit(struct sk_buff *skb, struct net_device *net)
65270 +static netdev_tx_t netvsc_start_xmit(struct sk_buff *skb, struct net_device *net)
65271 {
65272 struct net_device_context *net_device_ctx = netdev_priv(net);
65273 struct hv_netvsc_packet *packet = NULL;
65274 diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c
65275 index 8e830f7..37da185 100644
65276 --- a/drivers/net/hyperv/rndis_filter.c
65277 +++ b/drivers/net/hyperv/rndis_filter.c
65278 @@ -101,7 +101,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev,
65279 * template
65280 */
65281 set = &rndis_msg->msg.set_req;
65282 - set->req_id = atomic_inc_return(&dev->new_req_id);
65283 + set->req_id = atomic_inc_return_unchecked(&dev->new_req_id);
65284
65285 /* Add to the request list */
65286 spin_lock_irqsave(&dev->request_lock, flags);
65287 @@ -861,7 +861,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev)
65288
65289 /* Setup the rndis set */
65290 halt = &request->request_msg.msg.halt_req;
65291 - halt->req_id = atomic_inc_return(&dev->new_req_id);
65292 + halt->req_id = atomic_inc_return_unchecked(&dev->new_req_id);
65293
65294 /* Ignore return since this msg is optional. */
65295 rndis_filter_send_request(dev, request);
65296 @@ -1075,8 +1075,7 @@ int rndis_filter_device_add(struct hv_device *dev,
65297 if (net_device->num_chn == 1)
65298 goto out;
65299
65300 - net_device->sub_cb_buf = vzalloc((net_device->num_chn - 1) *
65301 - NETVSC_PACKET_SIZE);
65302 + net_device->sub_cb_buf = vzalloc(net_device->num_sc_offered * NETVSC_PACKET_SIZE);
65303 if (!net_device->sub_cb_buf) {
65304 net_device->num_chn = 1;
65305 dev_info(&dev->device, "No memory for subchannels.\n");
65306 diff --git a/drivers/net/ifb.c b/drivers/net/ifb.c
65307 index 66c0eea..27486de 100644
65308 --- a/drivers/net/ifb.c
65309 +++ b/drivers/net/ifb.c
65310 @@ -290,7 +290,7 @@ static int ifb_validate(struct nlattr *tb[], struct nlattr *data[])
65311 return 0;
65312 }
65313
65314 -static struct rtnl_link_ops ifb_link_ops __read_mostly = {
65315 +static struct rtnl_link_ops ifb_link_ops = {
65316 .kind = "ifb",
65317 .priv_size = sizeof(struct ifb_dev_private),
65318 .setup = ifb_setup,
65319 diff --git a/drivers/net/ipvlan/ipvlan_core.c b/drivers/net/ipvlan/ipvlan_core.c
65320 index b5f9511..c883583 100644
65321 --- a/drivers/net/ipvlan/ipvlan_core.c
65322 +++ b/drivers/net/ipvlan/ipvlan_core.c
65323 @@ -484,7 +484,7 @@ static void ipvlan_multicast_enqueue(struct ipvl_port *port,
65324 schedule_work(&port->wq);
65325 } else {
65326 spin_unlock(&port->backlog.lock);
65327 - atomic_long_inc(&skb->dev->rx_dropped);
65328 + atomic_long_inc_unchecked(&skb->dev->rx_dropped);
65329 kfree_skb(skb);
65330 }
65331 }
65332 diff --git a/drivers/net/ipvlan/ipvlan_main.c b/drivers/net/ipvlan/ipvlan_main.c
65333 index 18b4e8c..65f5386 100644
65334 --- a/drivers/net/ipvlan/ipvlan_main.c
65335 +++ b/drivers/net/ipvlan/ipvlan_main.c
65336 @@ -734,15 +734,15 @@ static int ipvlan_addr4_event(struct notifier_block *unused,
65337 return NOTIFY_OK;
65338 }
65339
65340 -static struct notifier_block ipvlan_addr4_notifier_block __read_mostly = {
65341 +static struct notifier_block ipvlan_addr4_notifier_block = {
65342 .notifier_call = ipvlan_addr4_event,
65343 };
65344
65345 -static struct notifier_block ipvlan_notifier_block __read_mostly = {
65346 +static struct notifier_block ipvlan_notifier_block = {
65347 .notifier_call = ipvlan_device_event,
65348 };
65349
65350 -static struct notifier_block ipvlan_addr6_notifier_block __read_mostly = {
65351 +static struct notifier_block ipvlan_addr6_notifier_block = {
65352 .notifier_call = ipvlan_addr6_event,
65353 };
65354
65355 diff --git a/drivers/net/irda/vlsi_ir.c b/drivers/net/irda/vlsi_ir.c
65356 index a0849f4..147a4a6 100644
65357 --- a/drivers/net/irda/vlsi_ir.c
65358 +++ b/drivers/net/irda/vlsi_ir.c
65359 @@ -142,7 +142,7 @@ static void vlsi_ring_debug(struct vlsi_ring *r)
65360 printk(KERN_DEBUG "%s - ring %p / size %u / mask 0x%04x / len %u / dir %d / hw %p\n",
65361 __func__, r, r->size, r->mask, r->len, r->dir, r->rd[0].hw);
65362 printk(KERN_DEBUG "%s - head = %d / tail = %d\n", __func__,
65363 - atomic_read(&r->head) & r->mask, atomic_read(&r->tail) & r->mask);
65364 + atomic_read_unchecked(&r->head) & r->mask, atomic_read_unchecked(&r->tail) & r->mask);
65365 for (i = 0; i < r->size; i++) {
65366 rd = &r->rd[i];
65367 printk(KERN_DEBUG "%s - ring descr %u: ", __func__, i);
65368 @@ -301,8 +301,8 @@ static void vlsi_proc_ring(struct seq_file *seq, struct vlsi_ring *r)
65369
65370 seq_printf(seq, "size %u / mask 0x%04x / len %u / dir %d / hw %p\n",
65371 r->size, r->mask, r->len, r->dir, r->rd[0].hw);
65372 - h = atomic_read(&r->head) & r->mask;
65373 - t = atomic_read(&r->tail) & r->mask;
65374 + h = atomic_read_unchecked(&r->head) & r->mask;
65375 + t = atomic_read_unchecked(&r->tail) & r->mask;
65376 seq_printf(seq, "head = %d / tail = %d ", h, t);
65377 if (h == t)
65378 seq_printf(seq, "(empty)\n");
65379 @@ -410,8 +410,8 @@ static struct vlsi_ring *vlsi_alloc_ring(struct pci_dev *pdev, struct ring_descr
65380 r->rd = (struct ring_descr *)(r+1);
65381 r->mask = size - 1;
65382 r->size = size;
65383 - atomic_set(&r->head, 0);
65384 - atomic_set(&r->tail, 0);
65385 + atomic_set_unchecked(&r->head, 0);
65386 + atomic_set_unchecked(&r->tail, 0);
65387
65388 for (i = 0; i < size; i++) {
65389 rd = r->rd + i;
65390 @@ -1268,10 +1268,10 @@ static int vlsi_init_chip(struct pci_dev *pdev)
65391 iobase+VLSI_PIO_RINGSIZE);
65392
65393 ptr = inw(iobase+VLSI_PIO_RINGPTR);
65394 - atomic_set(&idev->rx_ring->head, RINGPTR_GET_RX(ptr));
65395 - atomic_set(&idev->rx_ring->tail, RINGPTR_GET_RX(ptr));
65396 - atomic_set(&idev->tx_ring->head, RINGPTR_GET_TX(ptr));
65397 - atomic_set(&idev->tx_ring->tail, RINGPTR_GET_TX(ptr));
65398 + atomic_set_unchecked(&idev->rx_ring->head, RINGPTR_GET_RX(ptr));
65399 + atomic_set_unchecked(&idev->rx_ring->tail, RINGPTR_GET_RX(ptr));
65400 + atomic_set_unchecked(&idev->tx_ring->head, RINGPTR_GET_TX(ptr));
65401 + atomic_set_unchecked(&idev->tx_ring->tail, RINGPTR_GET_TX(ptr));
65402
65403 vlsi_set_baud(idev, iobase); /* idev->new_baud used as provided by caller */
65404
65405 diff --git a/drivers/net/irda/vlsi_ir.h b/drivers/net/irda/vlsi_ir.h
65406 index f9db2ce..6cd460c 100644
65407 --- a/drivers/net/irda/vlsi_ir.h
65408 +++ b/drivers/net/irda/vlsi_ir.h
65409 @@ -671,7 +671,7 @@ struct vlsi_ring {
65410 unsigned len;
65411 unsigned size;
65412 unsigned mask;
65413 - atomic_t head, tail;
65414 + atomic_unchecked_t head, tail;
65415 struct ring_descr *rd;
65416 };
65417
65418 @@ -681,13 +681,13 @@ static inline struct ring_descr *ring_last(struct vlsi_ring *r)
65419 {
65420 int t;
65421
65422 - t = atomic_read(&r->tail) & r->mask;
65423 - return (((t+1) & r->mask) == (atomic_read(&r->head) & r->mask)) ? NULL : &r->rd[t];
65424 + t = atomic_read_unchecked(&r->tail) & r->mask;
65425 + return (((t+1) & r->mask) == (atomic_read_unchecked(&r->head) & r->mask)) ? NULL : &r->rd[t];
65426 }
65427
65428 static inline struct ring_descr *ring_put(struct vlsi_ring *r)
65429 {
65430 - atomic_inc(&r->tail);
65431 + atomic_inc_unchecked(&r->tail);
65432 return ring_last(r);
65433 }
65434
65435 @@ -695,13 +695,13 @@ static inline struct ring_descr *ring_first(struct vlsi_ring *r)
65436 {
65437 int h;
65438
65439 - h = atomic_read(&r->head) & r->mask;
65440 - return (h == (atomic_read(&r->tail) & r->mask)) ? NULL : &r->rd[h];
65441 + h = atomic_read_unchecked(&r->head) & r->mask;
65442 + return (h == (atomic_read_unchecked(&r->tail) & r->mask)) ? NULL : &r->rd[h];
65443 }
65444
65445 static inline struct ring_descr *ring_get(struct vlsi_ring *r)
65446 {
65447 - atomic_inc(&r->head);
65448 + atomic_inc_unchecked(&r->head);
65449 return ring_first(r);
65450 }
65451
65452 diff --git a/drivers/net/loopback.c b/drivers/net/loopback.c
65453 index 6255973..7ae59f5 100644
65454 --- a/drivers/net/loopback.c
65455 +++ b/drivers/net/loopback.c
65456 @@ -216,6 +216,6 @@ out:
65457 }
65458
65459 /* Registered in net/core/dev.c */
65460 -struct pernet_operations __net_initdata loopback_net_ops = {
65461 +struct pernet_operations __net_initconst loopback_net_ops = {
65462 .init = loopback_net_init,
65463 };
65464 diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
65465 index 351e701..8b7039d 100644
65466 --- a/drivers/net/macsec.c
65467 +++ b/drivers/net/macsec.c
65468 @@ -3378,7 +3378,7 @@ nla_put_failure:
65469 return -EMSGSIZE;
65470 }
65471
65472 -static struct rtnl_link_ops macsec_link_ops __read_mostly = {
65473 +static struct rtnl_link_ops macsec_link_ops = {
65474 .kind = "macsec",
65475 .priv_size = sizeof(struct macsec_dev),
65476 .maxtype = IFLA_MACSEC_MAX,
65477 diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
65478 index 3234fcd..954fb39 100644
65479 --- a/drivers/net/macvlan.c
65480 +++ b/drivers/net/macvlan.c
65481 @@ -343,7 +343,7 @@ static void macvlan_broadcast_enqueue(struct macvlan_port *port,
65482 free_nskb:
65483 kfree_skb(nskb);
65484 err:
65485 - atomic_long_inc(&skb->dev->rx_dropped);
65486 + atomic_long_inc_unchecked(&skb->dev->rx_dropped);
65487 }
65488
65489 static void macvlan_flush_sources(struct macvlan_port *port,
65490 @@ -1508,13 +1508,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = {
65491 int macvlan_link_register(struct rtnl_link_ops *ops)
65492 {
65493 /* common fields */
65494 - ops->priv_size = sizeof(struct macvlan_dev);
65495 - ops->validate = macvlan_validate;
65496 - ops->maxtype = IFLA_MACVLAN_MAX;
65497 - ops->policy = macvlan_policy;
65498 - ops->changelink = macvlan_changelink;
65499 - ops->get_size = macvlan_get_size;
65500 - ops->fill_info = macvlan_fill_info;
65501 + pax_open_kernel();
65502 + const_cast(ops->priv_size) = sizeof(struct macvlan_dev);
65503 + const_cast(ops->validate) = macvlan_validate;
65504 + const_cast(ops->maxtype) = IFLA_MACVLAN_MAX;
65505 + const_cast(ops->policy) = macvlan_policy;
65506 + const_cast(ops->changelink) = macvlan_changelink;
65507 + const_cast(ops->get_size) = macvlan_get_size;
65508 + const_cast(ops->fill_info) = macvlan_fill_info;
65509 + pax_close_kernel();
65510
65511 return rtnl_link_register(ops);
65512 };
65513 @@ -1602,7 +1604,7 @@ static int macvlan_device_event(struct notifier_block *unused,
65514 return NOTIFY_DONE;
65515 }
65516
65517 -static struct notifier_block macvlan_notifier_block __read_mostly = {
65518 +static struct notifier_block macvlan_notifier_block = {
65519 .notifier_call = macvlan_device_event,
65520 };
65521
65522 diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
65523 index 070e329..b829217 100644
65524 --- a/drivers/net/macvtap.c
65525 +++ b/drivers/net/macvtap.c
65526 @@ -508,7 +508,7 @@ static void macvtap_setup(struct net_device *dev)
65527 dev->tx_queue_len = TUN_READQ_SIZE;
65528 }
65529
65530 -static struct rtnl_link_ops macvtap_link_ops __read_mostly = {
65531 +static struct rtnl_link_ops macvtap_link_ops = {
65532 .kind = "macvtap",
65533 .setup = macvtap_setup,
65534 .newlink = macvtap_newlink,
65535 @@ -1049,7 +1049,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,
65536
65537 ret = 0;
65538 u = q->flags;
65539 - if (copy_to_user(&ifr->ifr_name, vlan->dev->name, IFNAMSIZ) ||
65540 + if (copy_to_user(ifr->ifr_name, vlan->dev->name, IFNAMSIZ) ||
65541 put_user(u, &ifr->ifr_flags))
65542 ret = -EFAULT;
65543 macvtap_put_vlan(vlan);
65544 @@ -1132,8 +1132,8 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,
65545 }
65546 ret = 0;
65547 u = vlan->dev->type;
65548 - if (copy_to_user(&ifr->ifr_name, vlan->dev->name, IFNAMSIZ) ||
65549 - copy_to_user(&ifr->ifr_hwaddr.sa_data, vlan->dev->dev_addr, ETH_ALEN) ||
65550 + if (copy_to_user(ifr->ifr_name, vlan->dev->name, IFNAMSIZ) ||
65551 + copy_to_user(ifr->ifr_hwaddr.sa_data, vlan->dev->dev_addr, ETH_ALEN) ||
65552 put_user(u, &ifr->ifr_hwaddr.sa_family))
65553 ret = -EFAULT;
65554 macvtap_put_vlan(vlan);
65555 @@ -1311,7 +1311,7 @@ static int macvtap_device_event(struct notifier_block *unused,
65556 return NOTIFY_DONE;
65557 }
65558
65559 -static struct notifier_block macvtap_notifier_block __read_mostly = {
65560 +static struct notifier_block macvtap_notifier_block = {
65561 .notifier_call = macvtap_device_event,
65562 };
65563
65564 diff --git a/drivers/net/nlmon.c b/drivers/net/nlmon.c
65565 index 7b7c70e..a92dc83 100644
65566 --- a/drivers/net/nlmon.c
65567 +++ b/drivers/net/nlmon.c
65568 @@ -154,7 +154,7 @@ static int nlmon_validate(struct nlattr *tb[], struct nlattr *data[])
65569 return 0;
65570 }
65571
65572 -static struct rtnl_link_ops nlmon_link_ops __read_mostly = {
65573 +static struct rtnl_link_ops nlmon_link_ops = {
65574 .kind = "nlmon",
65575 .priv_size = sizeof(struct nlmon),
65576 .setup = nlmon_setup,
65577 diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c
65578 index e977ba9..e3df8dcd8 100644
65579 --- a/drivers/net/phy/phy_device.c
65580 +++ b/drivers/net/phy/phy_device.c
65581 @@ -411,7 +411,7 @@ static int get_phy_c45_devs_in_pkg(struct mii_bus *bus, int addr, int dev_addr,
65582 * zero on success.
65583 *
65584 */
65585 -static int get_phy_c45_ids(struct mii_bus *bus, int addr, u32 *phy_id,
65586 +static int get_phy_c45_ids(struct mii_bus *bus, int addr, int *phy_id,
65587 struct phy_c45_device_ids *c45_ids) {
65588 int phy_reg;
65589 int i, reg_addr;
65590 @@ -482,7 +482,7 @@ static int get_phy_c45_ids(struct mii_bus *bus, int addr, u32 *phy_id,
65591 * its return value is in turn returned.
65592 *
65593 */
65594 -static int get_phy_id(struct mii_bus *bus, int addr, u32 *phy_id,
65595 +static int get_phy_id(struct mii_bus *bus, int addr, int *phy_id,
65596 bool is_c45, struct phy_c45_device_ids *c45_ids)
65597 {
65598 int phy_reg;
65599 @@ -520,7 +520,7 @@ static int get_phy_id(struct mii_bus *bus, int addr, u32 *phy_id,
65600 struct phy_device *get_phy_device(struct mii_bus *bus, int addr, bool is_c45)
65601 {
65602 struct phy_c45_device_ids c45_ids = {0};
65603 - u32 phy_id = 0;
65604 + int phy_id = 0;
65605 int r;
65606
65607 r = get_phy_id(bus, addr, &phy_id, is_c45, &c45_ids);
65608 diff --git a/drivers/net/plip/plip.c b/drivers/net/plip/plip.c
65609 index 9c4b41a..03da80b 100644
65610 --- a/drivers/net/plip/plip.c
65611 +++ b/drivers/net/plip/plip.c
65612 @@ -950,7 +950,7 @@ plip_interrupt(void *dev_id)
65613 spin_unlock_irqrestore(&nl->lock, flags);
65614 }
65615
65616 -static int
65617 +static netdev_tx_t
65618 plip_tx_packet(struct sk_buff *skb, struct net_device *dev)
65619 {
65620 struct net_local *nl = netdev_priv(dev);
65621 diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
65622 index f226db4..6d75edc 100644
65623 --- a/drivers/net/ppp/ppp_generic.c
65624 +++ b/drivers/net/ppp/ppp_generic.c
65625 @@ -1135,7 +1135,7 @@ static struct net *ppp_nl_get_link_net(const struct net_device *dev)
65626 return ppp->ppp_net;
65627 }
65628
65629 -static struct rtnl_link_ops ppp_link_ops __read_mostly = {
65630 +static struct rtnl_link_ops ppp_link_ops = {
65631 .kind = "ppp",
65632 .maxtype = IFLA_PPP_MAX,
65633 .policy = ppp_nl_policy,
65634 @@ -1253,7 +1253,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
65635 void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data;
65636 struct ppp_stats stats;
65637 struct ppp_comp_stats cstats;
65638 - char *vers;
65639
65640 switch (cmd) {
65641 case SIOCGPPPSTATS:
65642 @@ -1275,8 +1274,7 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
65643 break;
65644
65645 case SIOCGPPPVER:
65646 - vers = PPP_VERSION;
65647 - if (copy_to_user(addr, vers, strlen(vers) + 1))
65648 + if (copy_to_user(addr, PPP_VERSION, sizeof(PPP_VERSION)))
65649 break;
65650 err = 0;
65651 break;
65652 diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c
65653 index ae0905e..f22c8e9d 100644
65654 --- a/drivers/net/ppp/pptp.c
65655 +++ b/drivers/net/ppp/pptp.c
65656 @@ -368,7 +368,7 @@ allow_packet:
65657 }
65658
65659 skb->ip_summed = CHECKSUM_NONE;
65660 - skb_set_network_header(skb, skb->head-skb->data);
65661 + skb->network_header = 0;
65662 ppp_input(&po->chan, skb);
65663
65664 return NET_RX_SUCCESS;
65665 diff --git a/drivers/net/rionet.c b/drivers/net/rionet.c
65666 index a31f461..949a77a 100644
65667 --- a/drivers/net/rionet.c
65668 +++ b/drivers/net/rionet.c
65669 @@ -170,7 +170,7 @@ static int rionet_queue_tx_msg(struct sk_buff *skb, struct net_device *ndev,
65670 return 0;
65671 }
65672
65673 -static int rionet_start_xmit(struct sk_buff *skb, struct net_device *ndev)
65674 +static netdev_tx_t rionet_start_xmit(struct sk_buff *skb, struct net_device *ndev)
65675 {
65676 int i;
65677 struct rionet_private *rnet = netdev_priv(ndev);
65678 diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c
65679 index 27ed252..80cffde 100644
65680 --- a/drivers/net/slip/slhc.c
65681 +++ b/drivers/net/slip/slhc.c
65682 @@ -491,7 +491,7 @@ slhc_uncompress(struct slcompress *comp, unsigned char *icp, int isize)
65683 register struct tcphdr *thp;
65684 register struct iphdr *ip;
65685 register struct cstate *cs;
65686 - int len, hdrlen;
65687 + long len, hdrlen;
65688 unsigned char *cp = icp;
65689
65690 /* We've got a compressed packet; read the change byte */
65691 diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
65692 index a380649..fd8fe79c 100644
65693 --- a/drivers/net/team/team.c
65694 +++ b/drivers/net/team/team.c
65695 @@ -2135,7 +2135,7 @@ static unsigned int team_get_num_rx_queues(void)
65696 return TEAM_DEFAULT_NUM_RX_QUEUES;
65697 }
65698
65699 -static struct rtnl_link_ops team_link_ops __read_mostly = {
65700 +static struct rtnl_link_ops team_link_ops = {
65701 .kind = DRV_NAME,
65702 .priv_size = sizeof(struct team),
65703 .setup = team_setup,
65704 @@ -2930,7 +2930,7 @@ static int team_device_event(struct notifier_block *unused,
65705 return NOTIFY_DONE;
65706 }
65707
65708 -static struct notifier_block team_notifier_block __read_mostly = {
65709 +static struct notifier_block team_notifier_block = {
65710 .notifier_call = team_device_event,
65711 };
65712
65713 diff --git a/drivers/net/tun.c b/drivers/net/tun.c
65714 index 6f9df37..3c37ed5 100644
65715 --- a/drivers/net/tun.c
65716 +++ b/drivers/net/tun.c
65717 @@ -972,7 +972,7 @@ static void tun_set_headroom(struct net_device *dev, int new_hr)
65718 {
65719 struct tun_struct *tun = netdev_priv(dev);
65720
65721 - if (new_hr < NET_SKB_PAD)
65722 + if (new_hr < 0 || new_hr < NET_SKB_PAD)
65723 new_hr = NET_SKB_PAD;
65724
65725 tun->align = new_hr;
65726 @@ -1556,7 +1556,7 @@ static int tun_validate(struct nlattr *tb[], struct nlattr *data[])
65727 return -EINVAL;
65728 }
65729
65730 -static struct rtnl_link_ops tun_link_ops __read_mostly = {
65731 +static struct rtnl_link_ops tun_link_ops = {
65732 .kind = DRV_NAME,
65733 .priv_size = sizeof(struct tun_struct),
65734 .setup = tun_setup,
65735 @@ -1985,7 +1985,7 @@ unlock:
65736 }
65737
65738 static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
65739 - unsigned long arg, int ifreq_len)
65740 + unsigned long arg, size_t ifreq_len)
65741 {
65742 struct tun_file *tfile = file->private_data;
65743 struct tun_struct *tun;
65744 @@ -1999,6 +1999,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
65745 int le;
65746 int ret;
65747
65748 + if (ifreq_len > sizeof ifr)
65749 + return -EFAULT;
65750 +
65751 if (cmd == TUNSETIFF || cmd == TUNSETQUEUE || _IOC_TYPE(cmd) == 0x89) {
65752 if (copy_from_user(&ifr, argp, ifreq_len))
65753 return -EFAULT;
65754 @@ -2514,7 +2517,7 @@ static int tun_device_event(struct notifier_block *unused,
65755 return NOTIFY_DONE;
65756 }
65757
65758 -static struct notifier_block tun_notifier_block __read_mostly = {
65759 +static struct notifier_block tun_notifier_block = {
65760 .notifier_call = tun_device_event,
65761 };
65762
65763 diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c
65764 index 4b44586..ae19659 100644
65765 --- a/drivers/net/usb/hso.c
65766 +++ b/drivers/net/usb/hso.c
65767 @@ -70,7 +70,7 @@
65768 #include <asm/byteorder.h>
65769 #include <linux/serial_core.h>
65770 #include <linux/serial.h>
65771 -
65772 +#include <asm/local.h>
65773
65774 #define MOD_AUTHOR "Option Wireless"
65775 #define MOD_DESCRIPTION "USB High Speed Option driver"
65776 @@ -1183,7 +1183,7 @@ static void put_rxbuf_data_and_resubmit_ctrl_urb(struct hso_serial *serial)
65777 struct urb *urb;
65778
65779 urb = serial->rx_urb[0];
65780 - if (serial->port.count > 0) {
65781 + if (atomic_read(&serial->port.count) > 0) {
65782 count = put_rxbuf_data(urb, serial);
65783 if (count == -1)
65784 return;
65785 @@ -1221,7 +1221,7 @@ static void hso_std_serial_read_bulk_callback(struct urb *urb)
65786 DUMP1(urb->transfer_buffer, urb->actual_length);
65787
65788 /* Anyone listening? */
65789 - if (serial->port.count == 0)
65790 + if (atomic_read(&serial->port.count) == 0)
65791 return;
65792
65793 if (serial->parent->port_spec & HSO_INFO_CRC_BUG)
65794 @@ -1237,8 +1237,9 @@ static void hso_std_serial_read_bulk_callback(struct urb *urb)
65795 * This needs to be a tasklet otherwise we will
65796 * end up recursively calling this function.
65797 */
65798 -static void hso_unthrottle_tasklet(struct hso_serial *serial)
65799 +static void hso_unthrottle_tasklet(unsigned long _serial)
65800 {
65801 + struct hso_serial *serial = (struct hso_serial *)_serial;
65802 unsigned long flags;
65803
65804 spin_lock_irqsave(&serial->serial_lock, flags);
65805 @@ -1282,18 +1283,17 @@ static int hso_serial_open(struct tty_struct *tty, struct file *filp)
65806 tty_port_tty_set(&serial->port, tty);
65807
65808 /* check for port already opened, if not set the termios */
65809 - serial->port.count++;
65810 - if (serial->port.count == 1) {
65811 + if (atomic_inc_return(&serial->port.count) == 1) {
65812 serial->rx_state = RX_IDLE;
65813 /* Force default termio settings */
65814 _hso_serial_set_termios(tty, NULL);
65815 tasklet_init(&serial->unthrottle_tasklet,
65816 - (void (*)(unsigned long))hso_unthrottle_tasklet,
65817 + hso_unthrottle_tasklet,
65818 (unsigned long)serial);
65819 result = hso_start_serial_device(serial->parent, GFP_KERNEL);
65820 if (result) {
65821 hso_stop_serial_device(serial->parent);
65822 - serial->port.count--;
65823 + atomic_dec(&serial->port.count);
65824 } else {
65825 kref_get(&serial->parent->ref);
65826 }
65827 @@ -1331,10 +1331,10 @@ static void hso_serial_close(struct tty_struct *tty, struct file *filp)
65828
65829 /* reset the rts and dtr */
65830 /* do the actual close */
65831 - serial->port.count--;
65832 + atomic_dec(&serial->port.count);
65833
65834 - if (serial->port.count <= 0) {
65835 - serial->port.count = 0;
65836 + if (atomic_read(&serial->port.count) <= 0) {
65837 + atomic_set(&serial->port.count, 0);
65838 tty_port_tty_set(&serial->port, NULL);
65839 if (!usb_gone)
65840 hso_stop_serial_device(serial->parent);
65841 @@ -1417,7 +1417,7 @@ static void hso_serial_set_termios(struct tty_struct *tty, struct ktermios *old)
65842
65843 /* the actual setup */
65844 spin_lock_irqsave(&serial->serial_lock, flags);
65845 - if (serial->port.count)
65846 + if (atomic_read(&serial->port.count))
65847 _hso_serial_set_termios(tty, old);
65848 else
65849 tty->termios = *old;
65850 @@ -1891,7 +1891,7 @@ static void intr_callback(struct urb *urb)
65851 D1("Pending read interrupt on port %d\n", i);
65852 spin_lock(&serial->serial_lock);
65853 if (serial->rx_state == RX_IDLE &&
65854 - serial->port.count > 0) {
65855 + atomic_read(&serial->port.count) > 0) {
65856 /* Setup and send a ctrl req read on
65857 * port i */
65858 if (!serial->rx_urb_filled[0]) {
65859 @@ -3058,7 +3058,7 @@ static int hso_resume(struct usb_interface *iface)
65860 /* Start all serial ports */
65861 for (i = 0; i < HSO_SERIAL_TTY_MINORS; i++) {
65862 if (serial_table[i] && (serial_table[i]->interface == iface)) {
65863 - if (dev2ser(serial_table[i])->port.count) {
65864 + if (atomic_read(&dev2ser(serial_table[i])->port.count)) {
65865 result =
65866 hso_start_serial_device(serial_table[i], GFP_NOIO);
65867 hso_kick_transmit(dev2ser(serial_table[i]));
65868 diff --git a/drivers/net/usb/ipheth.c b/drivers/net/usb/ipheth.c
65869 index 76465b1..2d72355 100644
65870 --- a/drivers/net/usb/ipheth.c
65871 +++ b/drivers/net/usb/ipheth.c
65872 @@ -400,7 +400,7 @@ static int ipheth_close(struct net_device *net)
65873 return 0;
65874 }
65875
65876 -static int ipheth_tx(struct sk_buff *skb, struct net_device *net)
65877 +static netdev_tx_t ipheth_tx(struct sk_buff *skb, struct net_device *net)
65878 {
65879 struct ipheth_device *dev = netdev_priv(net);
65880 struct usb_device *udev = dev->udev;
65881 diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c
65882 index c254248..e4a52dc 100644
65883 --- a/drivers/net/usb/r8152.c
65884 +++ b/drivers/net/usb/r8152.c
65885 @@ -632,7 +632,7 @@ struct r8152 {
65886 bool (*in_nway)(struct r8152 *);
65887 void (*hw_phy_cfg)(struct r8152 *);
65888 void (*autosuspend_en)(struct r8152 *tp, bool enable);
65889 - } rtl_ops;
65890 + } __no_const rtl_ops;
65891
65892 int intr_interval;
65893 u32 saved_wolopts;
65894 diff --git a/drivers/net/usb/sierra_net.c b/drivers/net/usb/sierra_net.c
65895 index a2515887..6d13233 100644
65896 --- a/drivers/net/usb/sierra_net.c
65897 +++ b/drivers/net/usb/sierra_net.c
65898 @@ -51,7 +51,7 @@ static const char driver_name[] = "sierra_net";
65899 /* atomic counter partially included in MAC address to make sure 2 devices
65900 * do not end up with the same MAC - concept breaks in case of > 255 ifaces
65901 */
65902 -static atomic_t iface_counter = ATOMIC_INIT(0);
65903 +static atomic_unchecked_t iface_counter = ATOMIC_INIT(0);
65904
65905 /*
65906 * SYNC Timer Delay definition used to set the expiry time
65907 @@ -697,7 +697,7 @@ static int sierra_net_bind(struct usbnet *dev, struct usb_interface *intf)
65908 dev->net->netdev_ops = &sierra_net_device_ops;
65909
65910 /* change MAC addr to include, ifacenum, and to be unique */
65911 - dev->net->dev_addr[ETH_ALEN-2] = atomic_inc_return(&iface_counter);
65912 + dev->net->dev_addr[ETH_ALEN-2] = atomic_inc_return_unchecked(&iface_counter);
65913 dev->net->dev_addr[ETH_ALEN-1] = ifacenum;
65914
65915 /* we will have to manufacture ethernet headers, prepare template */
65916 diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
65917 index 1b5f531..3c16c42 100644
65918 --- a/drivers/net/virtio_net.c
65919 +++ b/drivers/net/virtio_net.c
65920 @@ -48,7 +48,7 @@ module_param(gso, bool, 0444);
65921 DECLARE_EWMA(pkt_len, 1, 64)
65922
65923 /* Minimum alignment for mergeable packet buffers. */
65924 -#define MERGEABLE_BUFFER_ALIGN max(L1_CACHE_BYTES, 256)
65925 +#define MERGEABLE_BUFFER_ALIGN max(L1_CACHE_BYTES, 256UL)
65926
65927 #define VIRTNET_DRIVER_VERSION "1.0.0"
65928
65929 diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
65930 index 1ce7420..8bef471 100644
65931 --- a/drivers/net/vrf.c
65932 +++ b/drivers/net/vrf.c
65933 @@ -1287,7 +1287,7 @@ static const struct nla_policy vrf_nl_policy[IFLA_VRF_MAX + 1] = {
65934 [IFLA_VRF_TABLE] = { .type = NLA_U32 },
65935 };
65936
65937 -static struct rtnl_link_ops vrf_link_ops __read_mostly = {
65938 +static struct rtnl_link_ops vrf_link_ops = {
65939 .kind = DRV_NAME,
65940 .priv_size = sizeof(struct net_vrf),
65941
65942 @@ -1324,7 +1324,7 @@ out:
65943 return NOTIFY_DONE;
65944 }
65945
65946 -static struct notifier_block vrf_notifier_block __read_mostly = {
65947 +static struct notifier_block vrf_notifier_block = {
65948 .notifier_call = vrf_device_event,
65949 };
65950
65951 diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
65952 index 6e65832..def968c 100644
65953 --- a/drivers/net/vxlan.c
65954 +++ b/drivers/net/vxlan.c
65955 @@ -3169,7 +3169,7 @@ static struct net *vxlan_get_link_net(const struct net_device *dev)
65956 return vxlan->net;
65957 }
65958
65959 -static struct rtnl_link_ops vxlan_link_ops __read_mostly = {
65960 +static struct rtnl_link_ops vxlan_link_ops = {
65961 .kind = "vxlan",
65962 .maxtype = IFLA_VXLAN_MAX,
65963 .policy = vxlan_policy,
65964 @@ -3253,7 +3253,7 @@ static int vxlan_netdevice_event(struct notifier_block *unused,
65965 return NOTIFY_DONE;
65966 }
65967
65968 -static struct notifier_block vxlan_notifier_block __read_mostly = {
65969 +static struct notifier_block vxlan_notifier_block = {
65970 .notifier_call = vxlan_netdevice_event,
65971 };
65972
65973 diff --git a/drivers/net/wan/lmc/lmc_media.c b/drivers/net/wan/lmc/lmc_media.c
65974 index 5920c99..ff2e4a5 100644
65975 --- a/drivers/net/wan/lmc/lmc_media.c
65976 +++ b/drivers/net/wan/lmc/lmc_media.c
65977 @@ -95,62 +95,63 @@ static inline void write_av9110_bit (lmc_softc_t *, int);
65978 static void write_av9110(lmc_softc_t *, u32, u32, u32, u32, u32);
65979
65980 lmc_media_t lmc_ds3_media = {
65981 - lmc_ds3_init, /* special media init stuff */
65982 - lmc_ds3_default, /* reset to default state */
65983 - lmc_ds3_set_status, /* reset status to state provided */
65984 - lmc_dummy_set_1, /* set clock source */
65985 - lmc_dummy_set2_1, /* set line speed */
65986 - lmc_ds3_set_100ft, /* set cable length */
65987 - lmc_ds3_set_scram, /* set scrambler */
65988 - lmc_ds3_get_link_status, /* get link status */
65989 - lmc_dummy_set_1, /* set link status */
65990 - lmc_ds3_set_crc_length, /* set CRC length */
65991 - lmc_dummy_set_1, /* set T1 or E1 circuit type */
65992 - lmc_ds3_watchdog
65993 + .init = lmc_ds3_init, /* special media init stuff */
65994 + .defaults = lmc_ds3_default, /* reset to default state */
65995 + .set_status = lmc_ds3_set_status, /* reset status to state provided */
65996 + .set_clock_source = lmc_dummy_set_1, /* set clock source */
65997 + .set_speed = lmc_dummy_set2_1, /* set line speed */
65998 + .set_cable_length = lmc_ds3_set_100ft, /* set cable length */
65999 + .set_scrambler = lmc_ds3_set_scram, /* set scrambler */
66000 + .get_link_status = lmc_ds3_get_link_status, /* get link status */
66001 + .set_link_status = lmc_dummy_set_1, /* set link status */
66002 + .set_crc_length = lmc_ds3_set_crc_length, /* set CRC length */
66003 + .set_circuit_type = lmc_dummy_set_1, /* set T1 or E1 circuit type */
66004 + .watchdog = lmc_ds3_watchdog
66005 };
66006
66007 lmc_media_t lmc_hssi_media = {
66008 - lmc_hssi_init, /* special media init stuff */
66009 - lmc_hssi_default, /* reset to default state */
66010 - lmc_hssi_set_status, /* reset status to state provided */
66011 - lmc_hssi_set_clock, /* set clock source */
66012 - lmc_dummy_set2_1, /* set line speed */
66013 - lmc_dummy_set_1, /* set cable length */
66014 - lmc_dummy_set_1, /* set scrambler */
66015 - lmc_hssi_get_link_status, /* get link status */
66016 - lmc_hssi_set_link_status, /* set link status */
66017 - lmc_hssi_set_crc_length, /* set CRC length */
66018 - lmc_dummy_set_1, /* set T1 or E1 circuit type */
66019 - lmc_hssi_watchdog
66020 + .init = lmc_hssi_init, /* special media init stuff */
66021 + .defaults = lmc_hssi_default, /* reset to default state */
66022 + .set_status = lmc_hssi_set_status, /* reset status to state provided */
66023 + .set_clock_source = lmc_hssi_set_clock, /* set clock source */
66024 + .set_speed = lmc_dummy_set2_1, /* set line speed */
66025 + .set_cable_length = lmc_dummy_set_1, /* set cable length */
66026 + .set_scrambler = lmc_dummy_set_1, /* set scrambler */
66027 + .get_link_status = lmc_hssi_get_link_status, /* get link status */
66028 + .set_link_status = lmc_hssi_set_link_status, /* set link status */
66029 + .set_crc_length = lmc_hssi_set_crc_length, /* set CRC length */
66030 + .set_circuit_type = lmc_dummy_set_1, /* set T1 or E1 circuit type */
66031 + .watchdog = lmc_hssi_watchdog
66032 };
66033
66034 -lmc_media_t lmc_ssi_media = { lmc_ssi_init, /* special media init stuff */
66035 - lmc_ssi_default, /* reset to default state */
66036 - lmc_ssi_set_status, /* reset status to state provided */
66037 - lmc_ssi_set_clock, /* set clock source */
66038 - lmc_ssi_set_speed, /* set line speed */
66039 - lmc_dummy_set_1, /* set cable length */
66040 - lmc_dummy_set_1, /* set scrambler */
66041 - lmc_ssi_get_link_status, /* get link status */
66042 - lmc_ssi_set_link_status, /* set link status */
66043 - lmc_ssi_set_crc_length, /* set CRC length */
66044 - lmc_dummy_set_1, /* set T1 or E1 circuit type */
66045 - lmc_ssi_watchdog
66046 +lmc_media_t lmc_ssi_media = {
66047 + .init = lmc_ssi_init, /* special media init stuff */
66048 + .defaults = lmc_ssi_default, /* reset to default state */
66049 + .set_status = lmc_ssi_set_status, /* reset status to state provided */
66050 + .set_clock_source = lmc_ssi_set_clock, /* set clock source */
66051 + .set_speed = lmc_ssi_set_speed, /* set line speed */
66052 + .set_cable_length = lmc_dummy_set_1, /* set cable length */
66053 + .set_scrambler = lmc_dummy_set_1, /* set scrambler */
66054 + .get_link_status = lmc_ssi_get_link_status, /* get link status */
66055 + .set_link_status = lmc_ssi_set_link_status, /* set link status */
66056 + .set_crc_length = lmc_ssi_set_crc_length, /* set CRC length */
66057 + .set_circuit_type = lmc_dummy_set_1, /* set T1 or E1 circuit type */
66058 + .watchdog = lmc_ssi_watchdog
66059 };
66060
66061 lmc_media_t lmc_t1_media = {
66062 - lmc_t1_init, /* special media init stuff */
66063 - lmc_t1_default, /* reset to default state */
66064 - lmc_t1_set_status, /* reset status to state provided */
66065 - lmc_t1_set_clock, /* set clock source */
66066 - lmc_dummy_set2_1, /* set line speed */
66067 - lmc_dummy_set_1, /* set cable length */
66068 - lmc_dummy_set_1, /* set scrambler */
66069 - lmc_t1_get_link_status, /* get link status */
66070 - lmc_dummy_set_1, /* set link status */
66071 - lmc_t1_set_crc_length, /* set CRC length */
66072 - lmc_t1_set_circuit_type, /* set T1 or E1 circuit type */
66073 - lmc_t1_watchdog
66074 + .init = lmc_t1_init, /* special media init stuff */
66075 + .defaults = lmc_t1_default, /* reset to default state */
66076 + .set_status = lmc_t1_set_status, /* reset status to state provided */
66077 + .set_clock_source = lmc_t1_set_clock, /* set clock source */
66078 + .set_speed = lmc_dummy_set2_1, /* set line speed */
66079 + .set_cable_length = lmc_dummy_set_1, /* set cable length */
66080 + .set_scrambler = lmc_dummy_set_1, /* set scrambler */
66081 + .get_link_status = lmc_t1_get_link_status, /* get link status */
66082 + .set_link_status = lmc_dummy_set_1, /* set link status */
66083 + .set_crc_length = lmc_t1_set_crc_length, /* set CRC length */
66084 + .set_circuit_type = lmc_t1_set_circuit_type, /* set T1 or E1 circuit type */
66085 + .watchdog = lmc_t1_watchdog
66086 };
66087
66088 static void
66089 diff --git a/drivers/net/wan/z85230.c b/drivers/net/wan/z85230.c
66090 index 2f0bd69..e46ed7b 100644
66091 --- a/drivers/net/wan/z85230.c
66092 +++ b/drivers/net/wan/z85230.c
66093 @@ -485,9 +485,9 @@ static void z8530_status(struct z8530_channel *chan)
66094
66095 struct z8530_irqhandler z8530_sync =
66096 {
66097 - z8530_rx,
66098 - z8530_tx,
66099 - z8530_status
66100 + .rx = z8530_rx,
66101 + .tx = z8530_tx,
66102 + .status = z8530_status
66103 };
66104
66105 EXPORT_SYMBOL(z8530_sync);
66106 @@ -605,15 +605,15 @@ static void z8530_dma_status(struct z8530_channel *chan)
66107 }
66108
66109 static struct z8530_irqhandler z8530_dma_sync = {
66110 - z8530_dma_rx,
66111 - z8530_dma_tx,
66112 - z8530_dma_status
66113 + .rx = z8530_dma_rx,
66114 + .tx = z8530_dma_tx,
66115 + .status = z8530_dma_status
66116 };
66117
66118 static struct z8530_irqhandler z8530_txdma_sync = {
66119 - z8530_rx,
66120 - z8530_dma_tx,
66121 - z8530_dma_status
66122 + .rx = z8530_rx,
66123 + .tx = z8530_dma_tx,
66124 + .status = z8530_dma_status
66125 };
66126
66127 /**
66128 @@ -680,9 +680,9 @@ static void z8530_status_clear(struct z8530_channel *chan)
66129
66130 struct z8530_irqhandler z8530_nop=
66131 {
66132 - z8530_rx_clear,
66133 - z8530_tx_clear,
66134 - z8530_status_clear
66135 + .rx = z8530_rx_clear,
66136 + .tx = z8530_tx_clear,
66137 + .status = z8530_status_clear
66138 };
66139
66140
66141 diff --git a/drivers/net/wimax/i2400m/rx.c b/drivers/net/wimax/i2400m/rx.c
66142 index 0b60295..b8bfa5b 100644
66143 --- a/drivers/net/wimax/i2400m/rx.c
66144 +++ b/drivers/net/wimax/i2400m/rx.c
66145 @@ -1359,7 +1359,7 @@ int i2400m_rx_setup(struct i2400m *i2400m)
66146 if (i2400m->rx_roq == NULL)
66147 goto error_roq_alloc;
66148
66149 - rd = kcalloc(I2400M_RO_CIN + 1, sizeof(*i2400m->rx_roq[0].log),
66150 + rd = kcalloc(sizeof(*i2400m->rx_roq[0].log), I2400M_RO_CIN + 1,
66151 GFP_KERNEL);
66152 if (rd == NULL) {
66153 result = -ENOMEM;
66154 diff --git a/drivers/net/wireless/ath/ath10k/ce.c b/drivers/net/wireless/ath/ath10k/ce.c
66155 index da9998e..5ef101a 100644
66156 --- a/drivers/net/wireless/ath/ath10k/ce.c
66157 +++ b/drivers/net/wireless/ath/ath10k/ce.c
66158 @@ -887,12 +887,12 @@ static int ath10k_ce_init_dest_ring(struct ath10k *ar,
66159 return 0;
66160 }
66161
66162 -static struct ath10k_ce_ring *
66163 +static struct ath10k_ce_ring * __intentional_overflow(-1)
66164 ath10k_ce_alloc_src_ring(struct ath10k *ar, unsigned int ce_id,
66165 const struct ce_attr *attr)
66166 {
66167 struct ath10k_ce_ring *src_ring;
66168 - u32 nentries = attr->src_nentries;
66169 + unsigned long nentries = attr->src_nentries;
66170 dma_addr_t base_addr;
66171
66172 nentries = roundup_pow_of_two(nentries);
66173 @@ -938,7 +938,7 @@ ath10k_ce_alloc_dest_ring(struct ath10k *ar, unsigned int ce_id,
66174 const struct ce_attr *attr)
66175 {
66176 struct ath10k_ce_ring *dest_ring;
66177 - u32 nentries;
66178 + unsigned long nentries;
66179 dma_addr_t base_addr;
66180
66181 nentries = roundup_pow_of_two(attr->dest_nentries);
66182 diff --git a/drivers/net/wireless/ath/ath10k/htc.h b/drivers/net/wireless/ath/ath10k/htc.h
66183 index 0c55cd9..7fc013b 100644
66184 --- a/drivers/net/wireless/ath/ath10k/htc.h
66185 +++ b/drivers/net/wireless/ath/ath10k/htc.h
66186 @@ -269,13 +269,13 @@ enum ath10k_htc_ep_id {
66187
66188 struct ath10k_htc_ops {
66189 void (*target_send_suspend_complete)(struct ath10k *ar);
66190 -};
66191 +} __no_const;
66192
66193 struct ath10k_htc_ep_ops {
66194 void (*ep_tx_complete)(struct ath10k *, struct sk_buff *);
66195 void (*ep_rx_complete)(struct ath10k *, struct sk_buff *);
66196 void (*ep_tx_credits)(struct ath10k *);
66197 -};
66198 +} __no_const;
66199
66200 /* service connection information */
66201 struct ath10k_htc_svc_conn_req {
66202 diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c
66203 index 146365b..b0aef36 100644
66204 --- a/drivers/net/wireless/ath/ath10k/mac.c
66205 +++ b/drivers/net/wireless/ath/ath10k/mac.c
66206 @@ -7991,8 +7991,11 @@ int ath10k_mac_register(struct ath10k *ar)
66207 * supports the pull-push mechanism.
66208 */
66209 if (!test_bit(ATH10K_FW_FEATURE_PEER_FLOW_CONTROL,
66210 - ar->running_fw->fw_file.fw_features))
66211 - ar->ops->wake_tx_queue = NULL;
66212 + ar->running_fw->fw_file.fw_features)) {
66213 + pax_open_kernel();
66214 + const_cast(ar->ops->wake_tx_queue) = NULL;
66215 + pax_close_kernel();
66216 + }
66217
66218 ret = ath_regd_init(&ar->ath_common.regulatory, ar->hw->wiphy,
66219 ath10k_reg_notifier);
66220 diff --git a/drivers/net/wireless/ath/ath6kl/core.h b/drivers/net/wireless/ath/ath6kl/core.h
66221 index ac25f17..2cb440b 100644
66222 --- a/drivers/net/wireless/ath/ath6kl/core.h
66223 +++ b/drivers/net/wireless/ath/ath6kl/core.h
66224 @@ -915,7 +915,7 @@ void ath6kl_tx_data_cleanup(struct ath6kl *ar);
66225
66226 struct ath6kl_cookie *ath6kl_alloc_cookie(struct ath6kl *ar);
66227 void ath6kl_free_cookie(struct ath6kl *ar, struct ath6kl_cookie *cookie);
66228 -int ath6kl_data_tx(struct sk_buff *skb, struct net_device *dev);
66229 +netdev_tx_t ath6kl_data_tx(struct sk_buff *skb, struct net_device *dev);
66230
66231 struct aggr_info *aggr_init(struct ath6kl_vif *vif);
66232 void aggr_conn_init(struct ath6kl_vif *vif, struct aggr_info *aggr_info,
66233 diff --git a/drivers/net/wireless/ath/ath6kl/txrx.c b/drivers/net/wireless/ath/ath6kl/txrx.c
66234 index 9df41d5..fb12f17 100644
66235 --- a/drivers/net/wireless/ath/ath6kl/txrx.c
66236 +++ b/drivers/net/wireless/ath/ath6kl/txrx.c
66237 @@ -353,7 +353,7 @@ fail_ctrl_tx:
66238 return status;
66239 }
66240
66241 -int ath6kl_data_tx(struct sk_buff *skb, struct net_device *dev)
66242 +netdev_tx_t ath6kl_data_tx(struct sk_buff *skb, struct net_device *dev)
66243 {
66244 struct ath6kl *ar = ath6kl_priv(dev);
66245 struct ath6kl_cookie *cookie = NULL;
66246 diff --git a/drivers/net/wireless/ath/ath9k/Kconfig b/drivers/net/wireless/ath/ath9k/Kconfig
66247 index f68cb00..7e16ed6 100644
66248 --- a/drivers/net/wireless/ath/ath9k/Kconfig
66249 +++ b/drivers/net/wireless/ath/ath9k/Kconfig
66250 @@ -3,7 +3,6 @@ config ATH9K_HW
66251 config ATH9K_COMMON
66252 tristate
66253 select ATH_COMMON
66254 - select DEBUG_FS
66255 select RELAY
66256 config ATH9K_DFS_DEBUGFS
66257 def_bool y
66258 diff --git a/drivers/net/wireless/ath/ath9k/ar9002_mac.c b/drivers/net/wireless/ath/ath9k/ar9002_mac.c
66259 index f816909..e56cd8b 100644
66260 --- a/drivers/net/wireless/ath/ath9k/ar9002_mac.c
66261 +++ b/drivers/net/wireless/ath/ath9k/ar9002_mac.c
66262 @@ -220,8 +220,8 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
66263 ads->ds_txstatus6 = ads->ds_txstatus7 = 0;
66264 ads->ds_txstatus8 = ads->ds_txstatus9 = 0;
66265
66266 - ACCESS_ONCE(ads->ds_link) = i->link;
66267 - ACCESS_ONCE(ads->ds_data) = i->buf_addr[0];
66268 + ACCESS_ONCE_RW(ads->ds_link) = i->link;
66269 + ACCESS_ONCE_RW(ads->ds_data) = i->buf_addr[0];
66270
66271 ctl1 = i->buf_len[0] | (i->is_last ? 0 : AR_TxMore);
66272 ctl6 = SM(i->keytype, AR_EncrType);
66273 @@ -235,26 +235,26 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
66274
66275 if ((i->is_first || i->is_last) &&
66276 i->aggr != AGGR_BUF_MIDDLE && i->aggr != AGGR_BUF_LAST) {
66277 - ACCESS_ONCE(ads->ds_ctl2) = set11nTries(i->rates, 0)
66278 + ACCESS_ONCE_RW(ads->ds_ctl2) = set11nTries(i->rates, 0)
66279 | set11nTries(i->rates, 1)
66280 | set11nTries(i->rates, 2)
66281 | set11nTries(i->rates, 3)
66282 | (i->dur_update ? AR_DurUpdateEna : 0)
66283 | SM(0, AR_BurstDur);
66284
66285 - ACCESS_ONCE(ads->ds_ctl3) = set11nRate(i->rates, 0)
66286 + ACCESS_ONCE_RW(ads->ds_ctl3) = set11nRate(i->rates, 0)
66287 | set11nRate(i->rates, 1)
66288 | set11nRate(i->rates, 2)
66289 | set11nRate(i->rates, 3);
66290 } else {
66291 - ACCESS_ONCE(ads->ds_ctl2) = 0;
66292 - ACCESS_ONCE(ads->ds_ctl3) = 0;
66293 + ACCESS_ONCE_RW(ads->ds_ctl2) = 0;
66294 + ACCESS_ONCE_RW(ads->ds_ctl3) = 0;
66295 }
66296
66297 if (!i->is_first) {
66298 - ACCESS_ONCE(ads->ds_ctl0) = 0;
66299 - ACCESS_ONCE(ads->ds_ctl1) = ctl1;
66300 - ACCESS_ONCE(ads->ds_ctl6) = ctl6;
66301 + ACCESS_ONCE_RW(ads->ds_ctl0) = 0;
66302 + ACCESS_ONCE_RW(ads->ds_ctl1) = ctl1;
66303 + ACCESS_ONCE_RW(ads->ds_ctl6) = ctl6;
66304 return;
66305 }
66306
66307 @@ -279,7 +279,7 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
66308 break;
66309 }
66310
66311 - ACCESS_ONCE(ads->ds_ctl0) = (i->pkt_len & AR_FrameLen)
66312 + ACCESS_ONCE_RW(ads->ds_ctl0) = (i->pkt_len & AR_FrameLen)
66313 | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0)
66314 | SM(i->txpower[0], AR_XmitPower0)
66315 | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0)
66316 @@ -289,27 +289,27 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
66317 | (i->flags & ATH9K_TXDESC_RTSENA ? AR_RTSEnable :
66318 (i->flags & ATH9K_TXDESC_CTSENA ? AR_CTSEnable : 0));
66319
66320 - ACCESS_ONCE(ads->ds_ctl1) = ctl1;
66321 - ACCESS_ONCE(ads->ds_ctl6) = ctl6;
66322 + ACCESS_ONCE_RW(ads->ds_ctl1) = ctl1;
66323 + ACCESS_ONCE_RW(ads->ds_ctl6) = ctl6;
66324
66325 if (i->aggr == AGGR_BUF_MIDDLE || i->aggr == AGGR_BUF_LAST)
66326 return;
66327
66328 - ACCESS_ONCE(ads->ds_ctl4) = set11nPktDurRTSCTS(i->rates, 0)
66329 + ACCESS_ONCE_RW(ads->ds_ctl4) = set11nPktDurRTSCTS(i->rates, 0)
66330 | set11nPktDurRTSCTS(i->rates, 1);
66331
66332 - ACCESS_ONCE(ads->ds_ctl5) = set11nPktDurRTSCTS(i->rates, 2)
66333 + ACCESS_ONCE_RW(ads->ds_ctl5) = set11nPktDurRTSCTS(i->rates, 2)
66334 | set11nPktDurRTSCTS(i->rates, 3);
66335
66336 - ACCESS_ONCE(ads->ds_ctl7) = set11nRateFlags(i->rates, 0)
66337 + ACCESS_ONCE_RW(ads->ds_ctl7) = set11nRateFlags(i->rates, 0)
66338 | set11nRateFlags(i->rates, 1)
66339 | set11nRateFlags(i->rates, 2)
66340 | set11nRateFlags(i->rates, 3)
66341 | SM(i->rtscts_rate, AR_RTSCTSRate);
66342
66343 - ACCESS_ONCE(ads->ds_ctl9) = SM(i->txpower[1], AR_XmitPower1);
66344 - ACCESS_ONCE(ads->ds_ctl10) = SM(i->txpower[2], AR_XmitPower2);
66345 - ACCESS_ONCE(ads->ds_ctl11) = SM(i->txpower[3], AR_XmitPower3);
66346 + ACCESS_ONCE_RW(ads->ds_ctl9) = SM(i->txpower[1], AR_XmitPower1);
66347 + ACCESS_ONCE_RW(ads->ds_ctl10) = SM(i->txpower[2], AR_XmitPower2);
66348 + ACCESS_ONCE_RW(ads->ds_ctl11) = SM(i->txpower[3], AR_XmitPower3);
66349 }
66350
66351 static int ar9002_hw_proc_txdesc(struct ath_hw *ah, void *ds,
66352 diff --git a/drivers/net/wireless/ath/ath9k/ar9003_mac.c b/drivers/net/wireless/ath/ath9k/ar9003_mac.c
66353 index da84b70..83e4978 100644
66354 --- a/drivers/net/wireless/ath/ath9k/ar9003_mac.c
66355 +++ b/drivers/net/wireless/ath/ath9k/ar9003_mac.c
66356 @@ -39,47 +39,47 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
66357 (i->qcu << AR_TxQcuNum_S) | desc_len;
66358
66359 checksum += val;
66360 - ACCESS_ONCE(ads->info) = val;
66361 + ACCESS_ONCE_RW(ads->info) = val;
66362
66363 checksum += i->link;
66364 - ACCESS_ONCE(ads->link) = i->link;
66365 + ACCESS_ONCE_RW(ads->link) = i->link;
66366
66367 checksum += i->buf_addr[0];
66368 - ACCESS_ONCE(ads->data0) = i->buf_addr[0];
66369 + ACCESS_ONCE_RW(ads->data0) = i->buf_addr[0];
66370 checksum += i->buf_addr[1];
66371 - ACCESS_ONCE(ads->data1) = i->buf_addr[1];
66372 + ACCESS_ONCE_RW(ads->data1) = i->buf_addr[1];
66373 checksum += i->buf_addr[2];
66374 - ACCESS_ONCE(ads->data2) = i->buf_addr[2];
66375 + ACCESS_ONCE_RW(ads->data2) = i->buf_addr[2];
66376 checksum += i->buf_addr[3];
66377 - ACCESS_ONCE(ads->data3) = i->buf_addr[3];
66378 + ACCESS_ONCE_RW(ads->data3) = i->buf_addr[3];
66379
66380 checksum += (val = (i->buf_len[0] << AR_BufLen_S) & AR_BufLen);
66381 - ACCESS_ONCE(ads->ctl3) = val;
66382 + ACCESS_ONCE_RW(ads->ctl3) = val;
66383 checksum += (val = (i->buf_len[1] << AR_BufLen_S) & AR_BufLen);
66384 - ACCESS_ONCE(ads->ctl5) = val;
66385 + ACCESS_ONCE_RW(ads->ctl5) = val;
66386 checksum += (val = (i->buf_len[2] << AR_BufLen_S) & AR_BufLen);
66387 - ACCESS_ONCE(ads->ctl7) = val;
66388 + ACCESS_ONCE_RW(ads->ctl7) = val;
66389 checksum += (val = (i->buf_len[3] << AR_BufLen_S) & AR_BufLen);
66390 - ACCESS_ONCE(ads->ctl9) = val;
66391 + ACCESS_ONCE_RW(ads->ctl9) = val;
66392
66393 checksum = (u16) (((checksum & 0xffff) + (checksum >> 16)) & 0xffff);
66394 - ACCESS_ONCE(ads->ctl10) = checksum;
66395 + ACCESS_ONCE_RW(ads->ctl10) = checksum;
66396
66397 if (i->is_first || i->is_last) {
66398 - ACCESS_ONCE(ads->ctl13) = set11nTries(i->rates, 0)
66399 + ACCESS_ONCE_RW(ads->ctl13) = set11nTries(i->rates, 0)
66400 | set11nTries(i->rates, 1)
66401 | set11nTries(i->rates, 2)
66402 | set11nTries(i->rates, 3)
66403 | (i->dur_update ? AR_DurUpdateEna : 0)
66404 | SM(0, AR_BurstDur);
66405
66406 - ACCESS_ONCE(ads->ctl14) = set11nRate(i->rates, 0)
66407 + ACCESS_ONCE_RW(ads->ctl14) = set11nRate(i->rates, 0)
66408 | set11nRate(i->rates, 1)
66409 | set11nRate(i->rates, 2)
66410 | set11nRate(i->rates, 3);
66411 } else {
66412 - ACCESS_ONCE(ads->ctl13) = 0;
66413 - ACCESS_ONCE(ads->ctl14) = 0;
66414 + ACCESS_ONCE_RW(ads->ctl13) = 0;
66415 + ACCESS_ONCE_RW(ads->ctl14) = 0;
66416 }
66417
66418 ads->ctl20 = 0;
66419 @@ -89,17 +89,17 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
66420
66421 ctl17 = SM(i->keytype, AR_EncrType);
66422 if (!i->is_first) {
66423 - ACCESS_ONCE(ads->ctl11) = 0;
66424 - ACCESS_ONCE(ads->ctl12) = i->is_last ? 0 : AR_TxMore;
66425 - ACCESS_ONCE(ads->ctl15) = 0;
66426 - ACCESS_ONCE(ads->ctl16) = 0;
66427 - ACCESS_ONCE(ads->ctl17) = ctl17;
66428 - ACCESS_ONCE(ads->ctl18) = 0;
66429 - ACCESS_ONCE(ads->ctl19) = 0;
66430 + ACCESS_ONCE_RW(ads->ctl11) = 0;
66431 + ACCESS_ONCE_RW(ads->ctl12) = i->is_last ? 0 : AR_TxMore;
66432 + ACCESS_ONCE_RW(ads->ctl15) = 0;
66433 + ACCESS_ONCE_RW(ads->ctl16) = 0;
66434 + ACCESS_ONCE_RW(ads->ctl17) = ctl17;
66435 + ACCESS_ONCE_RW(ads->ctl18) = 0;
66436 + ACCESS_ONCE_RW(ads->ctl19) = 0;
66437 return;
66438 }
66439
66440 - ACCESS_ONCE(ads->ctl11) = (i->pkt_len & AR_FrameLen)
66441 + ACCESS_ONCE_RW(ads->ctl11) = (i->pkt_len & AR_FrameLen)
66442 | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0)
66443 | SM(i->txpower[0], AR_XmitPower0)
66444 | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0)
66445 @@ -135,26 +135,26 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
66446 val = (i->flags & ATH9K_TXDESC_PAPRD) >> ATH9K_TXDESC_PAPRD_S;
66447 ctl12 |= SM(val, AR_PAPRDChainMask);
66448
66449 - ACCESS_ONCE(ads->ctl12) = ctl12;
66450 - ACCESS_ONCE(ads->ctl17) = ctl17;
66451 + ACCESS_ONCE_RW(ads->ctl12) = ctl12;
66452 + ACCESS_ONCE_RW(ads->ctl17) = ctl17;
66453
66454 - ACCESS_ONCE(ads->ctl15) = set11nPktDurRTSCTS(i->rates, 0)
66455 + ACCESS_ONCE_RW(ads->ctl15) = set11nPktDurRTSCTS(i->rates, 0)
66456 | set11nPktDurRTSCTS(i->rates, 1);
66457
66458 - ACCESS_ONCE(ads->ctl16) = set11nPktDurRTSCTS(i->rates, 2)
66459 + ACCESS_ONCE_RW(ads->ctl16) = set11nPktDurRTSCTS(i->rates, 2)
66460 | set11nPktDurRTSCTS(i->rates, 3);
66461
66462 - ACCESS_ONCE(ads->ctl18) = set11nRateFlags(i->rates, 0)
66463 + ACCESS_ONCE_RW(ads->ctl18) = set11nRateFlags(i->rates, 0)
66464 | set11nRateFlags(i->rates, 1)
66465 | set11nRateFlags(i->rates, 2)
66466 | set11nRateFlags(i->rates, 3)
66467 | SM(i->rtscts_rate, AR_RTSCTSRate);
66468
66469 - ACCESS_ONCE(ads->ctl19) = AR_Not_Sounding;
66470 + ACCESS_ONCE_RW(ads->ctl19) = AR_Not_Sounding;
66471
66472 - ACCESS_ONCE(ads->ctl20) = SM(i->txpower[1], AR_XmitPower1);
66473 - ACCESS_ONCE(ads->ctl21) = SM(i->txpower[2], AR_XmitPower2);
66474 - ACCESS_ONCE(ads->ctl22) = SM(i->txpower[3], AR_XmitPower3);
66475 + ACCESS_ONCE_RW(ads->ctl20) = SM(i->txpower[1], AR_XmitPower1);
66476 + ACCESS_ONCE_RW(ads->ctl21) = SM(i->txpower[2], AR_XmitPower2);
66477 + ACCESS_ONCE_RW(ads->ctl22) = SM(i->txpower[3], AR_XmitPower3);
66478 }
66479
66480 static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads)
66481 diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h
66482 index 2a5d3ad..59d9ad3 100644
66483 --- a/drivers/net/wireless/ath/ath9k/hw.h
66484 +++ b/drivers/net/wireless/ath/ath9k/hw.h
66485 @@ -672,7 +672,7 @@ struct ath_hw_private_ops {
66486 #ifdef CONFIG_ATH9K_BTCOEX_SUPPORT
66487 bool (*is_aic_enabled)(struct ath_hw *ah);
66488 #endif /* CONFIG_ATH9K_BTCOEX_SUPPORT */
66489 -};
66490 +} __no_const;
66491
66492 /**
66493 * struct ath_spec_scan - parameters for Atheros spectral scan
66494 @@ -748,7 +748,7 @@ struct ath_hw_ops {
66495 #ifdef CONFIG_ATH9K_BTCOEX_SUPPORT
66496 void (*set_bt_ant_diversity)(struct ath_hw *hw, bool enable);
66497 #endif
66498 -};
66499 +} __no_const;
66500
66501 struct ath_nf_limits {
66502 s16 max;
66503 diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c
66504 index 7cb65c3..d213e2a 100644
66505 --- a/drivers/net/wireless/ath/ath9k/main.c
66506 +++ b/drivers/net/wireless/ath/ath9k/main.c
66507 @@ -2622,16 +2622,18 @@ void ath9k_fill_chanctx_ops(void)
66508 if (!ath9k_is_chanctx_enabled())
66509 return;
66510
66511 - ath9k_ops.hw_scan = ath9k_hw_scan;
66512 - ath9k_ops.cancel_hw_scan = ath9k_cancel_hw_scan;
66513 - ath9k_ops.remain_on_channel = ath9k_remain_on_channel;
66514 - ath9k_ops.cancel_remain_on_channel = ath9k_cancel_remain_on_channel;
66515 - ath9k_ops.add_chanctx = ath9k_add_chanctx;
66516 - ath9k_ops.remove_chanctx = ath9k_remove_chanctx;
66517 - ath9k_ops.change_chanctx = ath9k_change_chanctx;
66518 - ath9k_ops.assign_vif_chanctx = ath9k_assign_vif_chanctx;
66519 - ath9k_ops.unassign_vif_chanctx = ath9k_unassign_vif_chanctx;
66520 - ath9k_ops.mgd_prepare_tx = ath9k_mgd_prepare_tx;
66521 + pax_open_kernel();
66522 + const_cast(ath9k_ops.hw_scan) = ath9k_hw_scan;
66523 + const_cast(ath9k_ops.cancel_hw_scan) = ath9k_cancel_hw_scan;
66524 + const_cast(ath9k_ops.remain_on_channel) = ath9k_remain_on_channel;
66525 + const_cast(ath9k_ops.cancel_remain_on_channel) = ath9k_cancel_remain_on_channel;
66526 + const_cast(ath9k_ops.add_chanctx) = ath9k_add_chanctx;
66527 + const_cast(ath9k_ops.remove_chanctx) = ath9k_remove_chanctx;
66528 + const_cast(ath9k_ops.change_chanctx) = ath9k_change_chanctx;
66529 + const_cast(ath9k_ops.assign_vif_chanctx) = ath9k_assign_vif_chanctx;
66530 + const_cast(ath9k_ops.unassign_vif_chanctx) = ath9k_unassign_vif_chanctx;
66531 + const_cast(ath9k_ops.mgd_prepare_tx) = ath9k_mgd_prepare_tx;
66532 + pax_close_kernel();
66533 }
66534
66535 #endif
66536 diff --git a/drivers/net/wireless/ath/carl9170/carl9170.h b/drivers/net/wireless/ath/carl9170/carl9170.h
66537 index 237d0cd..6c094fd 100644
66538 --- a/drivers/net/wireless/ath/carl9170/carl9170.h
66539 +++ b/drivers/net/wireless/ath/carl9170/carl9170.h
66540 @@ -297,7 +297,7 @@ struct ar9170 {
66541 unsigned long max_queue_stop_timeout[__AR9170_NUM_TXQ];
66542 bool needs_full_reset;
66543 bool force_usb_reset;
66544 - atomic_t pending_restarts;
66545 + atomic_unchecked_t pending_restarts;
66546
66547 /* interface mode settings */
66548 struct list_head vif_list;
66549 @@ -400,7 +400,7 @@ struct ar9170 {
66550 struct carl9170_sta_tid __rcu *tx_ampdu_iter;
66551 struct list_head tx_ampdu_list;
66552 atomic_t tx_ampdu_upload;
66553 - atomic_t tx_ampdu_scheduler;
66554 + atomic_unchecked_t tx_ampdu_scheduler;
66555 atomic_t tx_total_pending;
66556 atomic_t tx_total_queued;
66557 unsigned int tx_ampdu_list_len;
66558 @@ -412,7 +412,7 @@ struct ar9170 {
66559 spinlock_t mem_lock;
66560 unsigned long *mem_bitmap;
66561 atomic_t mem_free_blocks;
66562 - atomic_t mem_allocs;
66563 + atomic_unchecked_t mem_allocs;
66564
66565 /* rxstream mpdu merge */
66566 struct ar9170_rx_head rx_plcp;
66567 diff --git a/drivers/net/wireless/ath/carl9170/debug.c b/drivers/net/wireless/ath/carl9170/debug.c
66568 index ec3a64e..4d4a4e2 100644
66569 --- a/drivers/net/wireless/ath/carl9170/debug.c
66570 +++ b/drivers/net/wireless/ath/carl9170/debug.c
66571 @@ -223,7 +223,7 @@ static char *carl9170_debugfs_mem_usage_read(struct ar9170 *ar, char *buf,
66572
66573 ADD(buf, *len, bufsize, "cookies: used:%3d / total:%3d, allocs:%d\n",
66574 bitmap_weight(ar->mem_bitmap, ar->fw.mem_blocks),
66575 - ar->fw.mem_blocks, atomic_read(&ar->mem_allocs));
66576 + ar->fw.mem_blocks, atomic_read_unchecked(&ar->mem_allocs));
66577
66578 ADD(buf, *len, bufsize, "memory: free:%3d (%3d KiB) / total:%3d KiB)\n",
66579 atomic_read(&ar->mem_free_blocks),
66580 @@ -674,7 +674,7 @@ static char *carl9170_debugfs_bug_read(struct ar9170 *ar, char *buf,
66581 ADD(buf, *ret, bufsize, "reported firmware BUGs:%d\n",
66582 ar->fw.bug_counter);
66583 ADD(buf, *ret, bufsize, "pending restart requests:%d\n",
66584 - atomic_read(&ar->pending_restarts));
66585 + atomic_read_unchecked(&ar->pending_restarts));
66586 return buf;
66587 }
66588 __DEBUGFS_DECLARE_RW_FILE(bug, 400, CARL9170_STOPPED);
66589 @@ -781,7 +781,7 @@ DEBUGFS_READONLY_FILE(usb_rx_pool_urbs, 20, "%d",
66590 DEBUGFS_READONLY_FILE(tx_total_queued, 20, "%d",
66591 atomic_read(&ar->tx_total_queued));
66592 DEBUGFS_READONLY_FILE(tx_ampdu_scheduler, 20, "%d",
66593 - atomic_read(&ar->tx_ampdu_scheduler));
66594 + atomic_read_unchecked(&ar->tx_ampdu_scheduler));
66595
66596 DEBUGFS_READONLY_FILE(tx_total_pending, 20, "%d",
66597 atomic_read(&ar->tx_total_pending));
66598 diff --git a/drivers/net/wireless/ath/carl9170/main.c b/drivers/net/wireless/ath/carl9170/main.c
66599 index ffb22a0..231c7bc 100644
66600 --- a/drivers/net/wireless/ath/carl9170/main.c
66601 +++ b/drivers/net/wireless/ath/carl9170/main.c
66602 @@ -320,7 +320,7 @@ static void carl9170_zap_queues(struct ar9170 *ar)
66603 rcu_read_unlock();
66604
66605 atomic_set(&ar->tx_ampdu_upload, 0);
66606 - atomic_set(&ar->tx_ampdu_scheduler, 0);
66607 + atomic_set_unchecked(&ar->tx_ampdu_scheduler, 0);
66608 atomic_set(&ar->tx_total_pending, 0);
66609 atomic_set(&ar->tx_total_queued, 0);
66610 atomic_set(&ar->mem_free_blocks, ar->fw.mem_blocks);
66611 @@ -370,7 +370,7 @@ static int carl9170_op_start(struct ieee80211_hw *hw)
66612 ar->max_queue_stop_timeout[i] = 0;
66613 }
66614
66615 - atomic_set(&ar->mem_allocs, 0);
66616 + atomic_set_unchecked(&ar->mem_allocs, 0);
66617
66618 err = carl9170_usb_open(ar);
66619 if (err)
66620 @@ -490,7 +490,7 @@ static void carl9170_restart_work(struct work_struct *work)
66621
66622 if (!err && !ar->force_usb_reset) {
66623 ar->restart_counter++;
66624 - atomic_set(&ar->pending_restarts, 0);
66625 + atomic_set_unchecked(&ar->pending_restarts, 0);
66626
66627 ieee80211_restart_hw(ar->hw);
66628 } else {
66629 @@ -513,7 +513,7 @@ void carl9170_restart(struct ar9170 *ar, const enum carl9170_restart_reasons r)
66630 * By ignoring these *surplus* reset events, the device won't be
66631 * killed again, right after it has recovered.
66632 */
66633 - if (atomic_inc_return(&ar->pending_restarts) > 1) {
66634 + if (atomic_inc_return_unchecked(&ar->pending_restarts) > 1) {
66635 dev_dbg(&ar->udev->dev, "ignoring restart (%d)\n", r);
66636 return;
66637 }
66638 @@ -1820,7 +1820,7 @@ void *carl9170_alloc(size_t priv_size)
66639 spin_lock_init(&ar->tx_ampdu_list_lock);
66640 spin_lock_init(&ar->mem_lock);
66641 spin_lock_init(&ar->state_lock);
66642 - atomic_set(&ar->pending_restarts, 0);
66643 + atomic_set_unchecked(&ar->pending_restarts, 0);
66644 ar->vifs = 0;
66645 for (i = 0; i < ar->hw->queues; i++) {
66646 skb_queue_head_init(&ar->tx_status[i]);
66647 diff --git a/drivers/net/wireless/ath/carl9170/tx.c b/drivers/net/wireless/ath/carl9170/tx.c
66648 index 2bf04c9..ae05957 100644
66649 --- a/drivers/net/wireless/ath/carl9170/tx.c
66650 +++ b/drivers/net/wireless/ath/carl9170/tx.c
66651 @@ -193,7 +193,7 @@ static int carl9170_alloc_dev_space(struct ar9170 *ar, struct sk_buff *skb)
66652 unsigned int chunks;
66653 int cookie = -1;
66654
66655 - atomic_inc(&ar->mem_allocs);
66656 + atomic_inc_unchecked(&ar->mem_allocs);
66657
66658 chunks = DIV_ROUND_UP(skb->len, ar->fw.mem_block_size);
66659 if (unlikely(atomic_sub_return(chunks, &ar->mem_free_blocks) < 0)) {
66660 @@ -1130,7 +1130,7 @@ static void carl9170_tx_ampdu(struct ar9170 *ar)
66661 unsigned int i = 0, done_ampdus = 0;
66662 u16 seq, queue, tmpssn;
66663
66664 - atomic_inc(&ar->tx_ampdu_scheduler);
66665 + atomic_inc_unchecked(&ar->tx_ampdu_scheduler);
66666 ar->tx_ampdu_schedule = false;
66667
66668 if (atomic_read(&ar->tx_ampdu_upload))
66669 diff --git a/drivers/net/wireless/ath/wil6210/pcie_bus.c b/drivers/net/wireless/ath/wil6210/pcie_bus.c
66670 index 7b5c422..caa69fa 100644
66671 --- a/drivers/net/wireless/ath/wil6210/pcie_bus.c
66672 +++ b/drivers/net/wireless/ath/wil6210/pcie_bus.c
66673 @@ -159,7 +159,7 @@ static int wil_pcie_probe(struct pci_dev *pdev, const struct pci_device_id *id)
66674 struct wil6210_priv *wil;
66675 struct device *dev = &pdev->dev;
66676 int rc;
66677 - const struct wil_platform_rops rops = {
66678 + static const struct wil_platform_rops rops = {
66679 .ramdump = wil_platform_rop_ramdump,
66680 .fw_recovery = wil_platform_rop_fw_recovery,
66681 };
66682 diff --git a/drivers/net/wireless/ath/wil6210/wil_platform.h b/drivers/net/wireless/ath/wil6210/wil_platform.h
66683 index f8c4117..72c917e 100644
66684 --- a/drivers/net/wireless/ath/wil6210/wil_platform.h
66685 +++ b/drivers/net/wireless/ath/wil6210/wil_platform.h
66686 @@ -37,7 +37,7 @@ struct wil_platform_ops {
66687 int (*resume)(void *handle);
66688 void (*uninit)(void *handle);
66689 int (*notify)(void *handle, enum wil_platform_event evt);
66690 -};
66691 +} __no_const;
66692
66693 /**
66694 * struct wil_platform_rops - wil platform module callbacks from
66695 diff --git a/drivers/net/wireless/atmel/at76c50x-usb.c b/drivers/net/wireless/atmel/at76c50x-usb.c
66696 index 0e18067..1f7f9a2 100644
66697 --- a/drivers/net/wireless/atmel/at76c50x-usb.c
66698 +++ b/drivers/net/wireless/atmel/at76c50x-usb.c
66699 @@ -353,7 +353,7 @@ static int at76_dfu_get_state(struct usb_device *udev, u8 *state)
66700 }
66701
66702 /* Convert timeout from the DFU status to jiffies */
66703 -static inline unsigned long at76_get_timeout(struct dfu_status *s)
66704 +static inline unsigned long __intentional_overflow(-1) at76_get_timeout(struct dfu_status *s)
66705 {
66706 return msecs_to_jiffies((s->poll_timeout[2] << 16)
66707 | (s->poll_timeout[1] << 8)
66708 diff --git a/drivers/net/wireless/atmel/atmel.c b/drivers/net/wireless/atmel/atmel.c
66709 index bf2e9a0..b55366e 100644
66710 --- a/drivers/net/wireless/atmel/atmel.c
66711 +++ b/drivers/net/wireless/atmel/atmel.c
66712 @@ -1663,9 +1663,10 @@ EXPORT_SYMBOL(stop_atmel_card);
66713
66714 static int atmel_set_essid(struct net_device *dev,
66715 struct iw_request_info *info,
66716 - struct iw_point *dwrq,
66717 + union iwreq_data *wrqu,
66718 char *extra)
66719 {
66720 + struct iw_point *dwrq = &wrqu->essid;
66721 struct atmel_private *priv = netdev_priv(dev);
66722
66723 /* Check if we asked for `any' */
66724 @@ -1691,9 +1692,10 @@ static int atmel_set_essid(struct net_device *dev,
66725
66726 static int atmel_get_essid(struct net_device *dev,
66727 struct iw_request_info *info,
66728 - struct iw_point *dwrq,
66729 + union iwreq_data *wrqu,
66730 char *extra)
66731 {
66732 + struct iw_point *dwrq = &wrqu->essid;
66733 struct atmel_private *priv = netdev_priv(dev);
66734
66735 /* Get the current SSID */
66736 @@ -1712,9 +1714,10 @@ static int atmel_get_essid(struct net_device *dev,
66737
66738 static int atmel_get_wap(struct net_device *dev,
66739 struct iw_request_info *info,
66740 - struct sockaddr *awrq,
66741 + union iwreq_data *wrqu,
66742 char *extra)
66743 {
66744 + struct sockaddr *awrq = &wrqu->ap_addr;
66745 struct atmel_private *priv = netdev_priv(dev);
66746 memcpy(awrq->sa_data, priv->CurrentBSSID, ETH_ALEN);
66747 awrq->sa_family = ARPHRD_ETHER;
66748 @@ -1724,9 +1727,10 @@ static int atmel_get_wap(struct net_device *dev,
66749
66750 static int atmel_set_encode(struct net_device *dev,
66751 struct iw_request_info *info,
66752 - struct iw_point *dwrq,
66753 + union iwreq_data *wrqu,
66754 char *extra)
66755 {
66756 + struct iw_point *dwrq = &wrqu->encoding;
66757 struct atmel_private *priv = netdev_priv(dev);
66758
66759 /* Basic checking: do we have a key to set ?
66760 @@ -1813,9 +1817,10 @@ static int atmel_set_encode(struct net_device *dev,
66761
66762 static int atmel_get_encode(struct net_device *dev,
66763 struct iw_request_info *info,
66764 - struct iw_point *dwrq,
66765 + union iwreq_data *wrqu,
66766 char *extra)
66767 {
66768 + struct iw_point *dwrq = &wrqu->encoding;
66769 struct atmel_private *priv = netdev_priv(dev);
66770 int index = (dwrq->flags & IW_ENCODE_INDEX) - 1;
66771
66772 @@ -2023,18 +2028,20 @@ static int atmel_get_auth(struct net_device *dev,
66773
66774 static int atmel_get_name(struct net_device *dev,
66775 struct iw_request_info *info,
66776 - char *cwrq,
66777 + union iwreq_data *wrqu,
66778 char *extra)
66779 {
66780 + char *cwrq = wrqu->name;
66781 strcpy(cwrq, "IEEE 802.11-DS");
66782 return 0;
66783 }
66784
66785 static int atmel_set_rate(struct net_device *dev,
66786 struct iw_request_info *info,
66787 - struct iw_param *vwrq,
66788 + union iwreq_data *wrqu,
66789 char *extra)
66790 {
66791 + struct iw_param *vwrq = &wrqu->bitrate;
66792 struct atmel_private *priv = netdev_priv(dev);
66793
66794 if (vwrq->fixed == 0) {
66795 @@ -2073,9 +2080,10 @@ static int atmel_set_rate(struct net_device *dev,
66796
66797 static int atmel_set_mode(struct net_device *dev,
66798 struct iw_request_info *info,
66799 - __u32 *uwrq,
66800 + union iwreq_data *wrqu,
66801 char *extra)
66802 {
66803 + __u32 *uwrq = &wrqu->mode;
66804 struct atmel_private *priv = netdev_priv(dev);
66805
66806 if (*uwrq != IW_MODE_ADHOC && *uwrq != IW_MODE_INFRA)
66807 @@ -2087,9 +2095,10 @@ static int atmel_set_mode(struct net_device *dev,
66808
66809 static int atmel_get_mode(struct net_device *dev,
66810 struct iw_request_info *info,
66811 - __u32 *uwrq,
66812 + union iwreq_data *wrqu,
66813 char *extra)
66814 {
66815 + __u32 *uwrq = &wrqu->mode;
66816 struct atmel_private *priv = netdev_priv(dev);
66817
66818 *uwrq = priv->operating_mode;
66819 @@ -2098,9 +2107,10 @@ static int atmel_get_mode(struct net_device *dev,
66820
66821 static int atmel_get_rate(struct net_device *dev,
66822 struct iw_request_info *info,
66823 - struct iw_param *vwrq,
66824 + union iwreq_data *wrqu,
66825 char *extra)
66826 {
66827 + struct iw_param *vwrq = &wrqu->bitrate;
66828 struct atmel_private *priv = netdev_priv(dev);
66829
66830 if (priv->auto_tx_rate) {
66831 @@ -2128,9 +2138,10 @@ static int atmel_get_rate(struct net_device *dev,
66832
66833 static int atmel_set_power(struct net_device *dev,
66834 struct iw_request_info *info,
66835 - struct iw_param *vwrq,
66836 + union iwreq_data *wrqu,
66837 char *extra)
66838 {
66839 + struct iw_param *vwrq = &wrqu->power;
66840 struct atmel_private *priv = netdev_priv(dev);
66841 priv->power_mode = vwrq->disabled ? 0 : 1;
66842 return -EINPROGRESS;
66843 @@ -2138,9 +2149,10 @@ static int atmel_set_power(struct net_device *dev,
66844
66845 static int atmel_get_power(struct net_device *dev,
66846 struct iw_request_info *info,
66847 - struct iw_param *vwrq,
66848 + union iwreq_data *wrqu,
66849 char *extra)
66850 {
66851 + struct iw_param *vwrq = &wrqu->power;
66852 struct atmel_private *priv = netdev_priv(dev);
66853 vwrq->disabled = priv->power_mode ? 0 : 1;
66854 vwrq->flags = IW_POWER_ON;
66855 @@ -2149,9 +2161,10 @@ static int atmel_get_power(struct net_device *dev,
66856
66857 static int atmel_set_retry(struct net_device *dev,
66858 struct iw_request_info *info,
66859 - struct iw_param *vwrq,
66860 + union iwreq_data *wrqu,
66861 char *extra)
66862 {
66863 + struct iw_param *vwrq = &wrqu->retry;
66864 struct atmel_private *priv = netdev_priv(dev);
66865
66866 if (!vwrq->disabled && (vwrq->flags & IW_RETRY_LIMIT)) {
66867 @@ -2172,9 +2185,10 @@ static int atmel_set_retry(struct net_device *dev,
66868
66869 static int atmel_get_retry(struct net_device *dev,
66870 struct iw_request_info *info,
66871 - struct iw_param *vwrq,
66872 + union iwreq_data *wrqu,
66873 char *extra)
66874 {
66875 + struct iw_param *vwrq = &wrqu->retry;
66876 struct atmel_private *priv = netdev_priv(dev);
66877
66878 vwrq->disabled = 0; /* Can't be disabled */
66879 @@ -2195,9 +2209,10 @@ static int atmel_get_retry(struct net_device *dev,
66880
66881 static int atmel_set_rts(struct net_device *dev,
66882 struct iw_request_info *info,
66883 - struct iw_param *vwrq,
66884 + union iwreq_data *wrqu,
66885 char *extra)
66886 {
66887 + struct iw_param *vwrq = &wrqu->rts;
66888 struct atmel_private *priv = netdev_priv(dev);
66889 int rthr = vwrq->value;
66890
66891 @@ -2213,9 +2228,10 @@ static int atmel_set_rts(struct net_device *dev,
66892
66893 static int atmel_get_rts(struct net_device *dev,
66894 struct iw_request_info *info,
66895 - struct iw_param *vwrq,
66896 + union iwreq_data *wrqu,
66897 char *extra)
66898 {
66899 + struct iw_param *vwrq = &wrqu->rts;
66900 struct atmel_private *priv = netdev_priv(dev);
66901
66902 vwrq->value = priv->rts_threshold;
66903 @@ -2227,9 +2243,10 @@ static int atmel_get_rts(struct net_device *dev,
66904
66905 static int atmel_set_frag(struct net_device *dev,
66906 struct iw_request_info *info,
66907 - struct iw_param *vwrq,
66908 + union iwreq_data *wrqu,
66909 char *extra)
66910 {
66911 + struct iw_param *vwrq = &wrqu->frag;
66912 struct atmel_private *priv = netdev_priv(dev);
66913 int fthr = vwrq->value;
66914
66915 @@ -2246,9 +2263,10 @@ static int atmel_set_frag(struct net_device *dev,
66916
66917 static int atmel_get_frag(struct net_device *dev,
66918 struct iw_request_info *info,
66919 - struct iw_param *vwrq,
66920 + union iwreq_data *wrqu,
66921 char *extra)
66922 {
66923 + struct iw_param *vwrq = &wrqu->frag;
66924 struct atmel_private *priv = netdev_priv(dev);
66925
66926 vwrq->value = priv->frag_threshold;
66927 @@ -2260,9 +2278,10 @@ static int atmel_get_frag(struct net_device *dev,
66928
66929 static int atmel_set_freq(struct net_device *dev,
66930 struct iw_request_info *info,
66931 - struct iw_freq *fwrq,
66932 + union iwreq_data *wrqu,
66933 char *extra)
66934 {
66935 + struct iw_freq *fwrq = &wrqu->freq;
66936 struct atmel_private *priv = netdev_priv(dev);
66937 int rc = -EINPROGRESS; /* Call commit handler */
66938
66939 @@ -2290,9 +2309,10 @@ static int atmel_set_freq(struct net_device *dev,
66940
66941 static int atmel_get_freq(struct net_device *dev,
66942 struct iw_request_info *info,
66943 - struct iw_freq *fwrq,
66944 + union iwreq_data *wrqu,
66945 char *extra)
66946 {
66947 + struct iw_freq *fwrq = &wrqu->freq;
66948 struct atmel_private *priv = netdev_priv(dev);
66949
66950 fwrq->m = priv->channel;
66951 @@ -2302,7 +2322,7 @@ static int atmel_get_freq(struct net_device *dev,
66952
66953 static int atmel_set_scan(struct net_device *dev,
66954 struct iw_request_info *info,
66955 - struct iw_point *dwrq,
66956 + union iwreq_data *dwrq,
66957 char *extra)
66958 {
66959 struct atmel_private *priv = netdev_priv(dev);
66960 @@ -2340,9 +2360,10 @@ static int atmel_set_scan(struct net_device *dev,
66961
66962 static int atmel_get_scan(struct net_device *dev,
66963 struct iw_request_info *info,
66964 - struct iw_point *dwrq,
66965 + union iwreq_data *wrqu,
66966 char *extra)
66967 {
66968 + struct iw_point *dwrq = &wrqu->data;
66969 struct atmel_private *priv = netdev_priv(dev);
66970 int i;
66971 char *current_ev = extra;
66972 @@ -2411,9 +2432,10 @@ static int atmel_get_scan(struct net_device *dev,
66973
66974 static int atmel_get_range(struct net_device *dev,
66975 struct iw_request_info *info,
66976 - struct iw_point *dwrq,
66977 + union iwreq_data *wrqu,
66978 char *extra)
66979 {
66980 + struct iw_point *dwrq = &wrqu->data;
66981 struct atmel_private *priv = netdev_priv(dev);
66982 struct iw_range *range = (struct iw_range *) extra;
66983 int k, i, j;
66984 @@ -2485,9 +2507,10 @@ static int atmel_get_range(struct net_device *dev,
66985
66986 static int atmel_set_wap(struct net_device *dev,
66987 struct iw_request_info *info,
66988 - struct sockaddr *awrq,
66989 + union iwreq_data *wrqu,
66990 char *extra)
66991 {
66992 + struct sockaddr *awrq = &wrqu->ap_addr;
66993 struct atmel_private *priv = netdev_priv(dev);
66994 int i;
66995 static const u8 any[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
66996 @@ -2527,7 +2550,7 @@ static int atmel_set_wap(struct net_device *dev,
66997
66998 static int atmel_config_commit(struct net_device *dev,
66999 struct iw_request_info *info, /* NULL */
67000 - void *zwrq, /* NULL */
67001 + union iwreq_data *zwrq, /* NULL */
67002 char *extra) /* NULL */
67003 {
67004 return atmel_open(dev);
67005 @@ -2535,61 +2558,61 @@ static int atmel_config_commit(struct net_device *dev,
67006
67007 static const iw_handler atmel_handler[] =
67008 {
67009 - (iw_handler) atmel_config_commit, /* SIOCSIWCOMMIT */
67010 - (iw_handler) atmel_get_name, /* SIOCGIWNAME */
67011 - (iw_handler) NULL, /* SIOCSIWNWID */
67012 - (iw_handler) NULL, /* SIOCGIWNWID */
67013 - (iw_handler) atmel_set_freq, /* SIOCSIWFREQ */
67014 - (iw_handler) atmel_get_freq, /* SIOCGIWFREQ */
67015 - (iw_handler) atmel_set_mode, /* SIOCSIWMODE */
67016 - (iw_handler) atmel_get_mode, /* SIOCGIWMODE */
67017 - (iw_handler) NULL, /* SIOCSIWSENS */
67018 - (iw_handler) NULL, /* SIOCGIWSENS */
67019 - (iw_handler) NULL, /* SIOCSIWRANGE */
67020 - (iw_handler) atmel_get_range, /* SIOCGIWRANGE */
67021 - (iw_handler) NULL, /* SIOCSIWPRIV */
67022 - (iw_handler) NULL, /* SIOCGIWPRIV */
67023 - (iw_handler) NULL, /* SIOCSIWSTATS */
67024 - (iw_handler) NULL, /* SIOCGIWSTATS */
67025 - (iw_handler) NULL, /* SIOCSIWSPY */
67026 - (iw_handler) NULL, /* SIOCGIWSPY */
67027 - (iw_handler) NULL, /* -- hole -- */
67028 - (iw_handler) NULL, /* -- hole -- */
67029 - (iw_handler) atmel_set_wap, /* SIOCSIWAP */
67030 - (iw_handler) atmel_get_wap, /* SIOCGIWAP */
67031 - (iw_handler) NULL, /* -- hole -- */
67032 - (iw_handler) NULL, /* SIOCGIWAPLIST */
67033 - (iw_handler) atmel_set_scan, /* SIOCSIWSCAN */
67034 - (iw_handler) atmel_get_scan, /* SIOCGIWSCAN */
67035 - (iw_handler) atmel_set_essid, /* SIOCSIWESSID */
67036 - (iw_handler) atmel_get_essid, /* SIOCGIWESSID */
67037 - (iw_handler) NULL, /* SIOCSIWNICKN */
67038 - (iw_handler) NULL, /* SIOCGIWNICKN */
67039 - (iw_handler) NULL, /* -- hole -- */
67040 - (iw_handler) NULL, /* -- hole -- */
67041 - (iw_handler) atmel_set_rate, /* SIOCSIWRATE */
67042 - (iw_handler) atmel_get_rate, /* SIOCGIWRATE */
67043 - (iw_handler) atmel_set_rts, /* SIOCSIWRTS */
67044 - (iw_handler) atmel_get_rts, /* SIOCGIWRTS */
67045 - (iw_handler) atmel_set_frag, /* SIOCSIWFRAG */
67046 - (iw_handler) atmel_get_frag, /* SIOCGIWFRAG */
67047 - (iw_handler) NULL, /* SIOCSIWTXPOW */
67048 - (iw_handler) NULL, /* SIOCGIWTXPOW */
67049 - (iw_handler) atmel_set_retry, /* SIOCSIWRETRY */
67050 - (iw_handler) atmel_get_retry, /* SIOCGIWRETRY */
67051 - (iw_handler) atmel_set_encode, /* SIOCSIWENCODE */
67052 - (iw_handler) atmel_get_encode, /* SIOCGIWENCODE */
67053 - (iw_handler) atmel_set_power, /* SIOCSIWPOWER */
67054 - (iw_handler) atmel_get_power, /* SIOCGIWPOWER */
67055 - (iw_handler) NULL, /* -- hole -- */
67056 - (iw_handler) NULL, /* -- hole -- */
67057 - (iw_handler) NULL, /* SIOCSIWGENIE */
67058 - (iw_handler) NULL, /* SIOCGIWGENIE */
67059 - (iw_handler) atmel_set_auth, /* SIOCSIWAUTH */
67060 - (iw_handler) atmel_get_auth, /* SIOCGIWAUTH */
67061 - (iw_handler) atmel_set_encodeext, /* SIOCSIWENCODEEXT */
67062 - (iw_handler) atmel_get_encodeext, /* SIOCGIWENCODEEXT */
67063 - (iw_handler) NULL, /* SIOCSIWPMKSA */
67064 + atmel_config_commit, /* SIOCSIWCOMMIT */
67065 + atmel_get_name, /* SIOCGIWNAME */
67066 + NULL, /* SIOCSIWNWID */
67067 + NULL, /* SIOCGIWNWID */
67068 + atmel_set_freq, /* SIOCSIWFREQ */
67069 + atmel_get_freq, /* SIOCGIWFREQ */
67070 + atmel_set_mode, /* SIOCSIWMODE */
67071 + atmel_get_mode, /* SIOCGIWMODE */
67072 + NULL, /* SIOCSIWSENS */
67073 + NULL, /* SIOCGIWSENS */
67074 + NULL, /* SIOCSIWRANGE */
67075 + atmel_get_range, /* SIOCGIWRANGE */
67076 + NULL, /* SIOCSIWPRIV */
67077 + NULL, /* SIOCGIWPRIV */
67078 + NULL, /* SIOCSIWSTATS */
67079 + NULL, /* SIOCGIWSTATS */
67080 + NULL, /* SIOCSIWSPY */
67081 + NULL, /* SIOCGIWSPY */
67082 + NULL, /* -- hole -- */
67083 + NULL, /* -- hole -- */
67084 + atmel_set_wap, /* SIOCSIWAP */
67085 + atmel_get_wap, /* SIOCGIWAP */
67086 + NULL, /* -- hole -- */
67087 + NULL, /* SIOCGIWAPLIST */
67088 + atmel_set_scan, /* SIOCSIWSCAN */
67089 + atmel_get_scan, /* SIOCGIWSCAN */
67090 + atmel_set_essid, /* SIOCSIWESSID */
67091 + atmel_get_essid, /* SIOCGIWESSID */
67092 + NULL, /* SIOCSIWNICKN */
67093 + NULL, /* SIOCGIWNICKN */
67094 + NULL, /* -- hole -- */
67095 + NULL, /* -- hole -- */
67096 + atmel_set_rate, /* SIOCSIWRATE */
67097 + atmel_get_rate, /* SIOCGIWRATE */
67098 + atmel_set_rts, /* SIOCSIWRTS */
67099 + atmel_get_rts, /* SIOCGIWRTS */
67100 + atmel_set_frag, /* SIOCSIWFRAG */
67101 + atmel_get_frag, /* SIOCGIWFRAG */
67102 + NULL, /* SIOCSIWTXPOW */
67103 + NULL, /* SIOCGIWTXPOW */
67104 + atmel_set_retry, /* SIOCSIWRETRY */
67105 + atmel_get_retry, /* SIOCGIWRETRY */
67106 + atmel_set_encode, /* SIOCSIWENCODE */
67107 + atmel_get_encode, /* SIOCGIWENCODE */
67108 + atmel_set_power, /* SIOCSIWPOWER */
67109 + atmel_get_power, /* SIOCGIWPOWER */
67110 + NULL, /* -- hole -- */
67111 + NULL, /* -- hole -- */
67112 + NULL, /* SIOCSIWGENIE */
67113 + NULL, /* SIOCGIWGENIE */
67114 + atmel_set_auth, /* SIOCSIWAUTH */
67115 + atmel_get_auth, /* SIOCGIWAUTH */
67116 + atmel_set_encodeext, /* SIOCSIWENCODEEXT */
67117 + atmel_get_encodeext, /* SIOCGIWENCODEEXT */
67118 + NULL, /* SIOCSIWPMKSA */
67119 };
67120
67121 static const iw_handler atmel_private_handler[] =
67122 diff --git a/drivers/net/wireless/broadcom/b43/phy_lp.c b/drivers/net/wireless/broadcom/b43/phy_lp.c
67123 index 6922cbb..c45026c 100644
67124 --- a/drivers/net/wireless/broadcom/b43/phy_lp.c
67125 +++ b/drivers/net/wireless/broadcom/b43/phy_lp.c
67126 @@ -2502,7 +2502,7 @@ static int lpphy_b2063_tune(struct b43_wldev *dev,
67127 {
67128 struct ssb_bus *bus = dev->dev->sdev->bus;
67129
67130 - static const struct b206x_channel *chandata = NULL;
67131 + const struct b206x_channel *chandata = NULL;
67132 u32 crystal_freq = bus->chipco.pmu.crystalfreq * 1000;
67133 u32 freqref, vco_freq, val1, val2, val3, timeout, timeoutref, count;
67134 u16 old_comm15, scale;
67135 diff --git a/drivers/net/wireless/broadcom/b43legacy/main.c b/drivers/net/wireless/broadcom/b43legacy/main.c
67136 index 83770d2..3ec8a40 100644
67137 --- a/drivers/net/wireless/broadcom/b43legacy/main.c
67138 +++ b/drivers/net/wireless/broadcom/b43legacy/main.c
67139 @@ -1304,8 +1304,9 @@ static void handle_irq_ucode_debug(struct b43legacy_wldev *dev)
67140 }
67141
67142 /* Interrupt handler bottom-half */
67143 -static void b43legacy_interrupt_tasklet(struct b43legacy_wldev *dev)
67144 +static void b43legacy_interrupt_tasklet(unsigned long _dev)
67145 {
67146 + struct b43legacy_wldev *dev = (struct b43legacy_wldev *)_dev;
67147 u32 reason;
67148 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
67149 u32 merged_dma_reason = 0;
67150 @@ -3775,7 +3776,7 @@ static int b43legacy_one_core_attach(struct ssb_device *dev,
67151 b43legacy_set_status(wldev, B43legacy_STAT_UNINIT);
67152 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
67153 tasklet_init(&wldev->isr_tasklet,
67154 - (void (*)(unsigned long))b43legacy_interrupt_tasklet,
67155 + b43legacy_interrupt_tasklet,
67156 (unsigned long)wldev);
67157 if (modparam_pio)
67158 wldev->__using_pio = true;
67159 diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
67160 index abaf003..7c0fe5d 100644
67161 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
67162 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
67163 @@ -5230,6 +5230,50 @@ static struct cfg80211_ops brcmf_cfg80211_ops = {
67164 .tdls_oper = brcmf_cfg80211_tdls_oper,
67165 };
67166
67167 +static struct cfg80211_ops brcmf_cfg80211_ops2 = {
67168 + .add_virtual_intf = brcmf_cfg80211_add_iface,
67169 + .del_virtual_intf = brcmf_cfg80211_del_iface,
67170 + .change_virtual_intf = brcmf_cfg80211_change_iface,
67171 + .scan = brcmf_cfg80211_scan,
67172 + .set_wiphy_params = brcmf_cfg80211_set_wiphy_params,
67173 + .join_ibss = brcmf_cfg80211_join_ibss,
67174 + .leave_ibss = brcmf_cfg80211_leave_ibss,
67175 + .get_station = brcmf_cfg80211_get_station,
67176 + .dump_station = brcmf_cfg80211_dump_station,
67177 + .set_tx_power = brcmf_cfg80211_set_tx_power,
67178 + .get_tx_power = brcmf_cfg80211_get_tx_power,
67179 + .add_key = brcmf_cfg80211_add_key,
67180 + .del_key = brcmf_cfg80211_del_key,
67181 + .get_key = brcmf_cfg80211_get_key,
67182 + .set_default_key = brcmf_cfg80211_config_default_key,
67183 + .set_default_mgmt_key = brcmf_cfg80211_config_default_mgmt_key,
67184 + .set_power_mgmt = brcmf_cfg80211_set_power_mgmt,
67185 + .connect = brcmf_cfg80211_connect,
67186 + .disconnect = brcmf_cfg80211_disconnect,
67187 + .suspend = brcmf_cfg80211_suspend,
67188 + .resume = brcmf_cfg80211_resume,
67189 + .set_pmksa = brcmf_cfg80211_set_pmksa,
67190 + .del_pmksa = brcmf_cfg80211_del_pmksa,
67191 + .flush_pmksa = brcmf_cfg80211_flush_pmksa,
67192 + .start_ap = brcmf_cfg80211_start_ap,
67193 + .stop_ap = brcmf_cfg80211_stop_ap,
67194 + .change_beacon = brcmf_cfg80211_change_beacon,
67195 + .del_station = brcmf_cfg80211_del_station,
67196 + .change_station = brcmf_cfg80211_change_station,
67197 + .sched_scan_start = brcmf_cfg80211_sched_scan_start,
67198 + .sched_scan_stop = brcmf_cfg80211_sched_scan_stop,
67199 + .mgmt_frame_register = brcmf_cfg80211_mgmt_frame_register,
67200 + .mgmt_tx = brcmf_cfg80211_mgmt_tx,
67201 + .remain_on_channel = brcmf_p2p_remain_on_channel,
67202 + .cancel_remain_on_channel = brcmf_cfg80211_cancel_remain_on_channel,
67203 + .start_p2p_device = brcmf_p2p_start_device,
67204 + .stop_p2p_device = brcmf_p2p_stop_device,
67205 + .crit_proto_start = brcmf_cfg80211_crit_proto_start,
67206 + .crit_proto_stop = brcmf_cfg80211_crit_proto_stop,
67207 + .tdls_oper = brcmf_cfg80211_tdls_oper,
67208 + .set_rekey_data = brcmf_cfg80211_set_rekey_data,
67209 +};
67210 +
67211 struct brcmf_cfg80211_vif *brcmf_alloc_vif(struct brcmf_cfg80211_info *cfg,
67212 enum nl80211_iftype type)
67213 {
67214 @@ -6846,7 +6890,7 @@ struct brcmf_cfg80211_info *brcmf_cfg80211_attach(struct brcmf_pub *drvr,
67215 struct net_device *ndev = brcmf_get_ifp(drvr, 0)->ndev;
67216 struct brcmf_cfg80211_info *cfg;
67217 struct wiphy *wiphy;
67218 - struct cfg80211_ops *ops;
67219 + struct cfg80211_ops *ops = &brcmf_cfg80211_ops;
67220 struct brcmf_cfg80211_vif *vif;
67221 struct brcmf_if *ifp;
67222 s32 err = 0;
67223 @@ -6858,14 +6902,10 @@ struct brcmf_cfg80211_info *brcmf_cfg80211_attach(struct brcmf_pub *drvr,
67224 return NULL;
67225 }
67226
67227 - ops = kmemdup(&brcmf_cfg80211_ops, sizeof(*ops), GFP_KERNEL);
67228 - if (!ops)
67229 - return NULL;
67230 -
67231 ifp = netdev_priv(ndev);
67232 #ifdef CONFIG_PM
67233 if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_GTK))
67234 - ops->set_rekey_data = brcmf_cfg80211_set_rekey_data;
67235 + ops = &brcmf_cfg80211_ops2;
67236 #endif
67237 wiphy = wiphy_new(ops, sizeof(struct brcmf_cfg80211_info));
67238 if (!wiphy) {
67239 @@ -7004,7 +7044,6 @@ priv_out:
67240 ifp->vif = NULL;
67241 wiphy_out:
67242 brcmf_free_wiphy(wiphy);
67243 - kfree(ops);
67244 return NULL;
67245 }
67246
67247 @@ -7015,7 +7054,6 @@ void brcmf_cfg80211_detach(struct brcmf_cfg80211_info *cfg)
67248
67249 brcmf_btcoex_detach(cfg);
67250 wiphy_unregister(cfg->wiphy);
67251 - kfree(cfg->ops);
67252 wl_deinit_priv(cfg);
67253 brcmf_free_wiphy(cfg->wiphy);
67254 }
67255 diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_cmn.c b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_cmn.c
67256 index 1c4e9dd..a6388e7 100644
67257 --- a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_cmn.c
67258 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_cmn.c
67259 @@ -394,8 +394,9 @@ struct shared_phy *wlc_phy_shared_attach(struct shared_phy_params *shp)
67260 return sh;
67261 }
67262
67263 -static void wlc_phy_timercb_phycal(struct brcms_phy *pi)
67264 +static void wlc_phy_timercb_phycal(void *_pi)
67265 {
67266 + struct brcms_phy *pi = _pi;
67267 uint delay = 5;
67268
67269 if (PHY_PERICAL_MPHASE_PENDING(pi)) {
67270 diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy_shim.c b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy_shim.c
67271 index a0de5db..b723817 100644
67272 --- a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy_shim.c
67273 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy_shim.c
67274 @@ -57,12 +57,11 @@ void wlc_phy_shim_detach(struct phy_shim_info *physhim)
67275 }
67276
67277 struct wlapi_timer *wlapi_init_timer(struct phy_shim_info *physhim,
67278 - void (*fn)(struct brcms_phy *pi),
67279 + void (*fn)(void *pi),
67280 void *arg, const char *name)
67281 {
67282 return (struct wlapi_timer *)
67283 - brcms_init_timer(physhim->wl, (void (*)(void *))fn,
67284 - arg, name);
67285 + brcms_init_timer(physhim->wl, fn, arg, name);
67286 }
67287
67288 void wlapi_free_timer(struct wlapi_timer *t)
67289 diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy_shim.h b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy_shim.h
67290 index dd87747..27d0934 100644
67291 --- a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy_shim.h
67292 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy_shim.h
67293 @@ -131,7 +131,7 @@ void wlc_phy_shim_detach(struct phy_shim_info *physhim);
67294
67295 /* PHY to WL utility functions */
67296 struct wlapi_timer *wlapi_init_timer(struct phy_shim_info *physhim,
67297 - void (*fn)(struct brcms_phy *pi),
67298 + void (*fn)(void *pi),
67299 void *arg, const char *name);
67300 void wlapi_free_timer(struct wlapi_timer *t);
67301 void wlapi_add_timer(struct wlapi_timer *t, uint ms, int periodic);
67302 diff --git a/drivers/net/wireless/cisco/airo.c b/drivers/net/wireless/cisco/airo.c
67303 index 69b826d..669a1e0 100644
67304 --- a/drivers/net/wireless/cisco/airo.c
67305 +++ b/drivers/net/wireless/cisco/airo.c
67306 @@ -4779,7 +4779,7 @@ static int get_dec_u16( char *buffer, int *start, int limit ) {
67307 }
67308
67309 static int airo_config_commit(struct net_device *dev,
67310 - struct iw_request_info *info, void *zwrq,
67311 + struct iw_request_info *info, union iwreq_data *zwrq,
67312 char *extra);
67313
67314 static inline int sniffing_mode(struct airo_info *ai)
67315 @@ -5766,9 +5766,11 @@ static int airo_get_quality (StatusRid *status_rid, CapabilityRid *cap_rid)
67316 */
67317 static int airo_get_name(struct net_device *dev,
67318 struct iw_request_info *info,
67319 - char *cwrq,
67320 + union iwreq_data *wrqu,
67321 char *extra)
67322 {
67323 + char *cwrq = wrqu->name;
67324 +
67325 strcpy(cwrq, "IEEE 802.11-DS");
67326 return 0;
67327 }
67328 @@ -5779,9 +5781,10 @@ static int airo_get_name(struct net_device *dev,
67329 */
67330 static int airo_set_freq(struct net_device *dev,
67331 struct iw_request_info *info,
67332 - struct iw_freq *fwrq,
67333 + union iwreq_data *wrqu,
67334 char *extra)
67335 {
67336 + struct iw_freq *fwrq = &wrqu->freq;
67337 struct airo_info *local = dev->ml_priv;
67338 int rc = -EINPROGRESS; /* Call commit handler */
67339
67340 @@ -5820,9 +5823,10 @@ static int airo_set_freq(struct net_device *dev,
67341 */
67342 static int airo_get_freq(struct net_device *dev,
67343 struct iw_request_info *info,
67344 - struct iw_freq *fwrq,
67345 + union iwreq_data *wrqu,
67346 char *extra)
67347 {
67348 + struct iw_freq *fwrq = &wrqu->freq;
67349 struct airo_info *local = dev->ml_priv;
67350 StatusRid status_rid; /* Card status info */
67351 int ch;
67352 @@ -5852,9 +5856,10 @@ static int airo_get_freq(struct net_device *dev,
67353 */
67354 static int airo_set_essid(struct net_device *dev,
67355 struct iw_request_info *info,
67356 - struct iw_point *dwrq,
67357 + union iwreq_data *wrqu,
67358 char *extra)
67359 {
67360 + struct iw_point *dwrq = &wrqu->essid;
67361 struct airo_info *local = dev->ml_priv;
67362 SsidRid SSID_rid; /* SSIDs */
67363
67364 @@ -5897,9 +5902,10 @@ static int airo_set_essid(struct net_device *dev,
67365 */
67366 static int airo_get_essid(struct net_device *dev,
67367 struct iw_request_info *info,
67368 - struct iw_point *dwrq,
67369 + union iwreq_data *wrqu,
67370 char *extra)
67371 {
67372 + struct iw_point *dwrq = &wrqu->essid;
67373 struct airo_info *local = dev->ml_priv;
67374 StatusRid status_rid; /* Card status info */
67375
67376 @@ -5925,9 +5931,10 @@ static int airo_get_essid(struct net_device *dev,
67377 */
67378 static int airo_set_wap(struct net_device *dev,
67379 struct iw_request_info *info,
67380 - struct sockaddr *awrq,
67381 + union iwreq_data *wrqu,
67382 char *extra)
67383 {
67384 + struct sockaddr *awrq = &wrqu->ap_addr;
67385 struct airo_info *local = dev->ml_priv;
67386 Cmd cmd;
67387 Resp rsp;
67388 @@ -5960,9 +5967,10 @@ static int airo_set_wap(struct net_device *dev,
67389 */
67390 static int airo_get_wap(struct net_device *dev,
67391 struct iw_request_info *info,
67392 - struct sockaddr *awrq,
67393 + union iwreq_data *wrqu,
67394 char *extra)
67395 {
67396 + struct sockaddr *awrq = &wrqu->ap_addr;
67397 struct airo_info *local = dev->ml_priv;
67398 StatusRid status_rid; /* Card status info */
67399
67400 @@ -5981,9 +5989,10 @@ static int airo_get_wap(struct net_device *dev,
67401 */
67402 static int airo_set_nick(struct net_device *dev,
67403 struct iw_request_info *info,
67404 - struct iw_point *dwrq,
67405 + union iwreq_data *wrqu,
67406 char *extra)
67407 {
67408 + struct iw_point *dwrq = &wrqu->data;
67409 struct airo_info *local = dev->ml_priv;
67410
67411 /* Check the size of the string */
67412 @@ -6004,9 +6013,10 @@ static int airo_set_nick(struct net_device *dev,
67413 */
67414 static int airo_get_nick(struct net_device *dev,
67415 struct iw_request_info *info,
67416 - struct iw_point *dwrq,
67417 + union iwreq_data *wrqu,
67418 char *extra)
67419 {
67420 + struct iw_point *dwrq = &wrqu->data;
67421 struct airo_info *local = dev->ml_priv;
67422
67423 readConfigRid(local, 1);
67424 @@ -6023,9 +6033,10 @@ static int airo_get_nick(struct net_device *dev,
67425 */
67426 static int airo_set_rate(struct net_device *dev,
67427 struct iw_request_info *info,
67428 - struct iw_param *vwrq,
67429 + union iwreq_data *wrqu,
67430 char *extra)
67431 {
67432 + struct iw_param *vwrq = &wrqu->bitrate;
67433 struct airo_info *local = dev->ml_priv;
67434 CapabilityRid cap_rid; /* Card capability info */
67435 u8 brate = 0;
67436 @@ -6093,9 +6104,10 @@ static int airo_set_rate(struct net_device *dev,
67437 */
67438 static int airo_get_rate(struct net_device *dev,
67439 struct iw_request_info *info,
67440 - struct iw_param *vwrq,
67441 + union iwreq_data *wrqu,
67442 char *extra)
67443 {
67444 + struct iw_param *vwrq = &wrqu->bitrate;
67445 struct airo_info *local = dev->ml_priv;
67446 StatusRid status_rid; /* Card status info */
67447
67448 @@ -6115,9 +6127,10 @@ static int airo_get_rate(struct net_device *dev,
67449 */
67450 static int airo_set_rts(struct net_device *dev,
67451 struct iw_request_info *info,
67452 - struct iw_param *vwrq,
67453 + union iwreq_data *wrqu,
67454 char *extra)
67455 {
67456 + struct iw_param *vwrq = &wrqu->rts;
67457 struct airo_info *local = dev->ml_priv;
67458 int rthr = vwrq->value;
67459
67460 @@ -6139,9 +6152,10 @@ static int airo_set_rts(struct net_device *dev,
67461 */
67462 static int airo_get_rts(struct net_device *dev,
67463 struct iw_request_info *info,
67464 - struct iw_param *vwrq,
67465 + union iwreq_data *wrqu,
67466 char *extra)
67467 {
67468 + struct iw_param *vwrq = &wrqu->rts;
67469 struct airo_info *local = dev->ml_priv;
67470
67471 readConfigRid(local, 1);
67472 @@ -6158,9 +6172,10 @@ static int airo_get_rts(struct net_device *dev,
67473 */
67474 static int airo_set_frag(struct net_device *dev,
67475 struct iw_request_info *info,
67476 - struct iw_param *vwrq,
67477 + union iwreq_data *wrqu,
67478 char *extra)
67479 {
67480 + struct iw_param *vwrq = &wrqu->frag;
67481 struct airo_info *local = dev->ml_priv;
67482 int fthr = vwrq->value;
67483
67484 @@ -6183,9 +6198,10 @@ static int airo_set_frag(struct net_device *dev,
67485 */
67486 static int airo_get_frag(struct net_device *dev,
67487 struct iw_request_info *info,
67488 - struct iw_param *vwrq,
67489 + union iwreq_data *wrqu,
67490 char *extra)
67491 {
67492 + struct iw_param *vwrq = &wrqu->frag;
67493 struct airo_info *local = dev->ml_priv;
67494
67495 readConfigRid(local, 1);
67496 @@ -6202,9 +6218,10 @@ static int airo_get_frag(struct net_device *dev,
67497 */
67498 static int airo_set_mode(struct net_device *dev,
67499 struct iw_request_info *info,
67500 - __u32 *uwrq,
67501 + union iwreq_data *wrqu,
67502 char *extra)
67503 {
67504 + __u32 *uwrq = &wrqu->mode;
67505 struct airo_info *local = dev->ml_priv;
67506 int reset = 0;
67507
67508 @@ -6265,9 +6282,10 @@ static int airo_set_mode(struct net_device *dev,
67509 */
67510 static int airo_get_mode(struct net_device *dev,
67511 struct iw_request_info *info,
67512 - __u32 *uwrq,
67513 + union iwreq_data *wrqu,
67514 char *extra)
67515 {
67516 + __u32 *uwrq = &wrqu->mode;
67517 struct airo_info *local = dev->ml_priv;
67518
67519 readConfigRid(local, 1);
67520 @@ -6300,9 +6318,10 @@ static inline int valid_index(struct airo_info *ai, int index)
67521 */
67522 static int airo_set_encode(struct net_device *dev,
67523 struct iw_request_info *info,
67524 - struct iw_point *dwrq,
67525 + union iwreq_data *wrqu,
67526 char *extra)
67527 {
67528 + struct iw_point *dwrq = &wrqu->encoding;
67529 struct airo_info *local = dev->ml_priv;
67530 int perm = (dwrq->flags & IW_ENCODE_TEMP ? 0 : 1);
67531 __le16 currentAuthType = local->config.authType;
67532 @@ -6399,9 +6418,10 @@ static int airo_set_encode(struct net_device *dev,
67533 */
67534 static int airo_get_encode(struct net_device *dev,
67535 struct iw_request_info *info,
67536 - struct iw_point *dwrq,
67537 + union iwreq_data *wrqu,
67538 char *extra)
67539 {
67540 + struct iw_point *dwrq = &wrqu->encoding;
67541 struct airo_info *local = dev->ml_priv;
67542 int index = (dwrq->flags & IW_ENCODE_INDEX) - 1;
67543 int wep_key_len;
67544 @@ -6746,9 +6766,10 @@ static int airo_get_auth(struct net_device *dev,
67545 */
67546 static int airo_set_txpow(struct net_device *dev,
67547 struct iw_request_info *info,
67548 - struct iw_param *vwrq,
67549 + union iwreq_data *wrqu,
67550 char *extra)
67551 {
67552 + struct iw_param *vwrq = &wrqu->txpower;
67553 struct airo_info *local = dev->ml_priv;
67554 CapabilityRid cap_rid; /* Card capability info */
67555 int i;
67556 @@ -6783,9 +6804,10 @@ static int airo_set_txpow(struct net_device *dev,
67557 */
67558 static int airo_get_txpow(struct net_device *dev,
67559 struct iw_request_info *info,
67560 - struct iw_param *vwrq,
67561 + union iwreq_data *wrqu,
67562 char *extra)
67563 {
67564 + struct iw_param *vwrq = &wrqu->txpower;
67565 struct airo_info *local = dev->ml_priv;
67566
67567 readConfigRid(local, 1);
67568 @@ -6803,9 +6825,10 @@ static int airo_get_txpow(struct net_device *dev,
67569 */
67570 static int airo_set_retry(struct net_device *dev,
67571 struct iw_request_info *info,
67572 - struct iw_param *vwrq,
67573 + union iwreq_data *wrqu,
67574 char *extra)
67575 {
67576 + struct iw_param *vwrq = &wrqu->retry;
67577 struct airo_info *local = dev->ml_priv;
67578 int rc = -EINVAL;
67579
67580 @@ -6841,9 +6864,10 @@ static int airo_set_retry(struct net_device *dev,
67581 */
67582 static int airo_get_retry(struct net_device *dev,
67583 struct iw_request_info *info,
67584 - struct iw_param *vwrq,
67585 + union iwreq_data *wrqu,
67586 char *extra)
67587 {
67588 + struct iw_param *vwrq = &wrqu->retry;
67589 struct airo_info *local = dev->ml_priv;
67590
67591 vwrq->disabled = 0; /* Can't be disabled */
67592 @@ -6872,9 +6896,10 @@ static int airo_get_retry(struct net_device *dev,
67593 */
67594 static int airo_get_range(struct net_device *dev,
67595 struct iw_request_info *info,
67596 - struct iw_point *dwrq,
67597 + union iwreq_data *wrqu,
67598 char *extra)
67599 {
67600 + struct iw_point *dwrq = &wrqu->data;
67601 struct airo_info *local = dev->ml_priv;
67602 struct iw_range *range = (struct iw_range *) extra;
67603 CapabilityRid cap_rid; /* Card capability info */
67604 @@ -6998,9 +7023,10 @@ static int airo_get_range(struct net_device *dev,
67605 */
67606 static int airo_set_power(struct net_device *dev,
67607 struct iw_request_info *info,
67608 - struct iw_param *vwrq,
67609 + union iwreq_data *wrqu,
67610 char *extra)
67611 {
67612 + struct iw_param *vwrq = &wrqu->power;
67613 struct airo_info *local = dev->ml_priv;
67614
67615 readConfigRid(local, 1);
67616 @@ -7055,9 +7081,10 @@ static int airo_set_power(struct net_device *dev,
67617 */
67618 static int airo_get_power(struct net_device *dev,
67619 struct iw_request_info *info,
67620 - struct iw_param *vwrq,
67621 + union iwreq_data *wrqu,
67622 char *extra)
67623 {
67624 + struct iw_param *vwrq = &wrqu->power;
67625 struct airo_info *local = dev->ml_priv;
67626 __le16 mode;
67627
67628 @@ -7086,9 +7113,10 @@ static int airo_get_power(struct net_device *dev,
67629 */
67630 static int airo_set_sens(struct net_device *dev,
67631 struct iw_request_info *info,
67632 - struct iw_param *vwrq,
67633 + union iwreq_data *wrqu,
67634 char *extra)
67635 {
67636 + struct iw_param *vwrq = &wrqu->sens;
67637 struct airo_info *local = dev->ml_priv;
67638
67639 readConfigRid(local, 1);
67640 @@ -7105,9 +7133,10 @@ static int airo_set_sens(struct net_device *dev,
67641 */
67642 static int airo_get_sens(struct net_device *dev,
67643 struct iw_request_info *info,
67644 - struct iw_param *vwrq,
67645 + union iwreq_data *wrqu,
67646 char *extra)
67647 {
67648 + struct iw_param *vwrq = &wrqu->sens;
67649 struct airo_info *local = dev->ml_priv;
67650
67651 readConfigRid(local, 1);
67652 @@ -7125,9 +7154,10 @@ static int airo_get_sens(struct net_device *dev,
67653 */
67654 static int airo_get_aplist(struct net_device *dev,
67655 struct iw_request_info *info,
67656 - struct iw_point *dwrq,
67657 + union iwreq_data *wrqu,
67658 char *extra)
67659 {
67660 + struct iw_point *dwrq = &wrqu->data;
67661 struct airo_info *local = dev->ml_priv;
67662 struct sockaddr *address = (struct sockaddr *) extra;
67663 struct iw_quality *qual;
67664 @@ -7203,7 +7233,7 @@ static int airo_get_aplist(struct net_device *dev,
67665 */
67666 static int airo_set_scan(struct net_device *dev,
67667 struct iw_request_info *info,
67668 - struct iw_point *dwrq,
67669 + union iwreq_data *dwrq,
67670 char *extra)
67671 {
67672 struct airo_info *ai = dev->ml_priv;
67673 @@ -7434,9 +7464,10 @@ static inline char *airo_translate_scan(struct net_device *dev,
67674 */
67675 static int airo_get_scan(struct net_device *dev,
67676 struct iw_request_info *info,
67677 - struct iw_point *dwrq,
67678 + union iwreq_data *wrqu,
67679 char *extra)
67680 {
67681 + struct iw_point *dwrq = &wrqu->data;
67682 struct airo_info *ai = dev->ml_priv;
67683 BSSListElement *net;
67684 int err = 0;
67685 @@ -7478,7 +7509,7 @@ out:
67686 */
67687 static int airo_config_commit(struct net_device *dev,
67688 struct iw_request_info *info, /* NULL */
67689 - void *zwrq, /* NULL */
67690 + union iwreq_data *zwrq, /* NULL */
67691 char *extra) /* NULL */
67692 {
67693 struct airo_info *local = dev->ml_priv;
67694 @@ -7528,61 +7559,61 @@ static const struct iw_priv_args airo_private_args[] = {
67695
67696 static const iw_handler airo_handler[] =
67697 {
67698 - (iw_handler) airo_config_commit, /* SIOCSIWCOMMIT */
67699 - (iw_handler) airo_get_name, /* SIOCGIWNAME */
67700 - (iw_handler) NULL, /* SIOCSIWNWID */
67701 - (iw_handler) NULL, /* SIOCGIWNWID */
67702 - (iw_handler) airo_set_freq, /* SIOCSIWFREQ */
67703 - (iw_handler) airo_get_freq, /* SIOCGIWFREQ */
67704 - (iw_handler) airo_set_mode, /* SIOCSIWMODE */
67705 - (iw_handler) airo_get_mode, /* SIOCGIWMODE */
67706 - (iw_handler) airo_set_sens, /* SIOCSIWSENS */
67707 - (iw_handler) airo_get_sens, /* SIOCGIWSENS */
67708 - (iw_handler) NULL, /* SIOCSIWRANGE */
67709 - (iw_handler) airo_get_range, /* SIOCGIWRANGE */
67710 - (iw_handler) NULL, /* SIOCSIWPRIV */
67711 - (iw_handler) NULL, /* SIOCGIWPRIV */
67712 - (iw_handler) NULL, /* SIOCSIWSTATS */
67713 - (iw_handler) NULL, /* SIOCGIWSTATS */
67714 + airo_config_commit, /* SIOCSIWCOMMIT */
67715 + airo_get_name, /* SIOCGIWNAME */
67716 + NULL, /* SIOCSIWNWID */
67717 + NULL, /* SIOCGIWNWID */
67718 + airo_set_freq, /* SIOCSIWFREQ */
67719 + airo_get_freq, /* SIOCGIWFREQ */
67720 + airo_set_mode, /* SIOCSIWMODE */
67721 + airo_get_mode, /* SIOCGIWMODE */
67722 + airo_set_sens, /* SIOCSIWSENS */
67723 + airo_get_sens, /* SIOCGIWSENS */
67724 + NULL, /* SIOCSIWRANGE */
67725 + airo_get_range, /* SIOCGIWRANGE */
67726 + NULL, /* SIOCSIWPRIV */
67727 + NULL, /* SIOCGIWPRIV */
67728 + NULL, /* SIOCSIWSTATS */
67729 + NULL, /* SIOCGIWSTATS */
67730 iw_handler_set_spy, /* SIOCSIWSPY */
67731 iw_handler_get_spy, /* SIOCGIWSPY */
67732 iw_handler_set_thrspy, /* SIOCSIWTHRSPY */
67733 iw_handler_get_thrspy, /* SIOCGIWTHRSPY */
67734 - (iw_handler) airo_set_wap, /* SIOCSIWAP */
67735 - (iw_handler) airo_get_wap, /* SIOCGIWAP */
67736 - (iw_handler) NULL, /* -- hole -- */
67737 - (iw_handler) airo_get_aplist, /* SIOCGIWAPLIST */
67738 - (iw_handler) airo_set_scan, /* SIOCSIWSCAN */
67739 - (iw_handler) airo_get_scan, /* SIOCGIWSCAN */
67740 - (iw_handler) airo_set_essid, /* SIOCSIWESSID */
67741 - (iw_handler) airo_get_essid, /* SIOCGIWESSID */
67742 - (iw_handler) airo_set_nick, /* SIOCSIWNICKN */
67743 - (iw_handler) airo_get_nick, /* SIOCGIWNICKN */
67744 - (iw_handler) NULL, /* -- hole -- */
67745 - (iw_handler) NULL, /* -- hole -- */
67746 - (iw_handler) airo_set_rate, /* SIOCSIWRATE */
67747 - (iw_handler) airo_get_rate, /* SIOCGIWRATE */
67748 - (iw_handler) airo_set_rts, /* SIOCSIWRTS */
67749 - (iw_handler) airo_get_rts, /* SIOCGIWRTS */
67750 - (iw_handler) airo_set_frag, /* SIOCSIWFRAG */
67751 - (iw_handler) airo_get_frag, /* SIOCGIWFRAG */
67752 - (iw_handler) airo_set_txpow, /* SIOCSIWTXPOW */
67753 - (iw_handler) airo_get_txpow, /* SIOCGIWTXPOW */
67754 - (iw_handler) airo_set_retry, /* SIOCSIWRETRY */
67755 - (iw_handler) airo_get_retry, /* SIOCGIWRETRY */
67756 - (iw_handler) airo_set_encode, /* SIOCSIWENCODE */
67757 - (iw_handler) airo_get_encode, /* SIOCGIWENCODE */
67758 - (iw_handler) airo_set_power, /* SIOCSIWPOWER */
67759 - (iw_handler) airo_get_power, /* SIOCGIWPOWER */
67760 - (iw_handler) NULL, /* -- hole -- */
67761 - (iw_handler) NULL, /* -- hole -- */
67762 - (iw_handler) NULL, /* SIOCSIWGENIE */
67763 - (iw_handler) NULL, /* SIOCGIWGENIE */
67764 - (iw_handler) airo_set_auth, /* SIOCSIWAUTH */
67765 - (iw_handler) airo_get_auth, /* SIOCGIWAUTH */
67766 - (iw_handler) airo_set_encodeext, /* SIOCSIWENCODEEXT */
67767 - (iw_handler) airo_get_encodeext, /* SIOCGIWENCODEEXT */
67768 - (iw_handler) NULL, /* SIOCSIWPMKSA */
67769 + airo_set_wap, /* SIOCSIWAP */
67770 + airo_get_wap, /* SIOCGIWAP */
67771 + NULL, /* -- hole -- */
67772 + airo_get_aplist, /* SIOCGIWAPLIST */
67773 + airo_set_scan, /* SIOCSIWSCAN */
67774 + airo_get_scan, /* SIOCGIWSCAN */
67775 + airo_set_essid, /* SIOCSIWESSID */
67776 + airo_get_essid, /* SIOCGIWESSID */
67777 + airo_set_nick, /* SIOCSIWNICKN */
67778 + airo_get_nick, /* SIOCGIWNICKN */
67779 + NULL, /* -- hole -- */
67780 + NULL, /* -- hole -- */
67781 + airo_set_rate, /* SIOCSIWRATE */
67782 + airo_get_rate, /* SIOCGIWRATE */
67783 + airo_set_rts, /* SIOCSIWRTS */
67784 + airo_get_rts, /* SIOCGIWRTS */
67785 + airo_set_frag, /* SIOCSIWFRAG */
67786 + airo_get_frag, /* SIOCGIWFRAG */
67787 + airo_set_txpow, /* SIOCSIWTXPOW */
67788 + airo_get_txpow, /* SIOCGIWTXPOW */
67789 + airo_set_retry, /* SIOCSIWRETRY */
67790 + airo_get_retry, /* SIOCGIWRETRY */
67791 + airo_set_encode, /* SIOCSIWENCODE */
67792 + airo_get_encode, /* SIOCGIWENCODE */
67793 + airo_set_power, /* SIOCSIWPOWER */
67794 + airo_get_power, /* SIOCGIWPOWER */
67795 + NULL, /* -- hole -- */
67796 + NULL, /* -- hole -- */
67797 + NULL, /* SIOCSIWGENIE */
67798 + NULL, /* SIOCGIWGENIE */
67799 + airo_set_auth, /* SIOCSIWAUTH */
67800 + airo_get_auth, /* SIOCGIWAUTH */
67801 + airo_set_encodeext, /* SIOCSIWENCODEEXT */
67802 + airo_get_encodeext, /* SIOCGIWENCODEEXT */
67803 + NULL, /* SIOCSIWPMKSA */
67804 };
67805
67806 /* Note : don't describe AIROIDIFC and AIROOLDIDIFC in here.
67807 @@ -7845,7 +7876,7 @@ static int writerids(struct net_device *dev, aironet_ioctl *comp) {
67808 struct airo_info *ai = dev->ml_priv;
67809 int ridcode;
67810 int enabled;
67811 - static int (* writer)(struct airo_info *, u16 rid, const void *, int, int);
67812 + int (* writer)(struct airo_info *, u16 rid, const void *, int, int);
67813 unsigned char *iobuf;
67814
67815 /* Only super-user can write RIDs */
67816 diff --git a/drivers/net/wireless/intel/ipw2x00/ipw2100.c b/drivers/net/wireless/intel/ipw2x00/ipw2100.c
67817 index bfa542c..c2488f7 100644
67818 --- a/drivers/net/wireless/intel/ipw2x00/ipw2100.c
67819 +++ b/drivers/net/wireless/intel/ipw2x00/ipw2100.c
67820 @@ -3220,8 +3220,9 @@ static void ipw2100_tx_send_data(struct ipw2100_priv *priv)
67821 }
67822 }
67823
67824 -static void ipw2100_irq_tasklet(struct ipw2100_priv *priv)
67825 +static void ipw2100_irq_tasklet(unsigned long _priv)
67826 {
67827 + struct ipw2100_priv *priv = (struct ipw2100_priv *)_priv;
67828 struct net_device *dev = priv->net_dev;
67829 unsigned long flags;
67830 u32 inta, tmp;
67831 @@ -6029,7 +6030,7 @@ static void ipw2100_rf_kill(struct work_struct *work)
67832 spin_unlock_irqrestore(&priv->low_lock, flags);
67833 }
67834
67835 -static void ipw2100_irq_tasklet(struct ipw2100_priv *priv);
67836 +static void ipw2100_irq_tasklet(unsigned long _priv);
67837
67838 static const struct net_device_ops ipw2100_netdev_ops = {
67839 .ndo_open = ipw2100_open,
67840 @@ -6158,8 +6159,7 @@ static struct net_device *ipw2100_alloc_device(struct pci_dev *pci_dev,
67841 INIT_DELAYED_WORK(&priv->rf_kill, ipw2100_rf_kill);
67842 INIT_DELAYED_WORK(&priv->scan_event, ipw2100_scan_event);
67843
67844 - tasklet_init(&priv->irq_tasklet, (void (*)(unsigned long))
67845 - ipw2100_irq_tasklet, (unsigned long)priv);
67846 + tasklet_init(&priv->irq_tasklet, ipw2100_irq_tasklet, (unsigned long)priv);
67847
67848 /* NOTE: We do not start the deferred work for status checks yet */
67849 priv->stop_rf_kill = 1;
67850 diff --git a/drivers/net/wireless/intel/ipw2x00/ipw2200.c b/drivers/net/wireless/intel/ipw2x00/ipw2200.c
67851 index bfd6861..d09fb09 100644
67852 --- a/drivers/net/wireless/intel/ipw2x00/ipw2200.c
67853 +++ b/drivers/net/wireless/intel/ipw2x00/ipw2200.c
67854 @@ -1968,8 +1968,9 @@ static void notify_wx_assoc_event(struct ipw_priv *priv)
67855 wireless_send_event(priv->net_dev, SIOCGIWAP, &wrqu, NULL);
67856 }
67857
67858 -static void ipw_irq_tasklet(struct ipw_priv *priv)
67859 +static void ipw_irq_tasklet(unsigned long _priv)
67860 {
67861 + struct ipw_priv *priv = (struct ipw_priv *)_priv;
67862 u32 inta, inta_mask, handled = 0;
67863 unsigned long flags;
67864 int rc = 0;
67865 @@ -10705,8 +10706,7 @@ static int ipw_setup_deferred_work(struct ipw_priv *priv)
67866 INIT_WORK(&priv->qos_activate, ipw_bg_qos_activate);
67867 #endif /* CONFIG_IPW2200_QOS */
67868
67869 - tasklet_init(&priv->irq_tasklet, (void (*)(unsigned long))
67870 - ipw_irq_tasklet, (unsigned long)priv);
67871 + tasklet_init(&priv->irq_tasklet, ipw_irq_tasklet, (unsigned long)priv);
67872
67873 return ret;
67874 }
67875 diff --git a/drivers/net/wireless/intel/iwlegacy/3945-mac.c b/drivers/net/wireless/intel/iwlegacy/3945-mac.c
67876 index 466912e..a59ae61 100644
67877 --- a/drivers/net/wireless/intel/iwlegacy/3945-mac.c
67878 +++ b/drivers/net/wireless/intel/iwlegacy/3945-mac.c
67879 @@ -1399,8 +1399,9 @@ il3945_dump_nic_error_log(struct il_priv *il)
67880 }
67881
67882 static void
67883 -il3945_irq_tasklet(struct il_priv *il)
67884 +il3945_irq_tasklet(unsigned long _il)
67885 {
67886 + struct il_priv *il = (struct il_priv *)_il;
67887 u32 inta, handled = 0;
67888 u32 inta_fh;
67889 unsigned long flags;
67890 @@ -3432,7 +3433,7 @@ il3945_setup_deferred_work(struct il_priv *il)
67891 setup_timer(&il->watchdog, il_bg_watchdog, (unsigned long)il);
67892
67893 tasklet_init(&il->irq_tasklet,
67894 - (void (*)(unsigned long))il3945_irq_tasklet,
67895 + il3945_irq_tasklet,
67896 (unsigned long)il);
67897 }
67898
67899 @@ -3469,7 +3470,7 @@ static struct attribute_group il3945_attribute_group = {
67900 .attrs = il3945_sysfs_entries,
67901 };
67902
67903 -static struct ieee80211_ops il3945_mac_ops __read_mostly = {
67904 +static struct ieee80211_ops il3945_mac_ops = {
67905 .tx = il3945_mac_tx,
67906 .start = il3945_mac_start,
67907 .stop = il3945_mac_stop,
67908 @@ -3633,7 +3634,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
67909 */
67910 if (il3945_mod_params.disable_hw_scan) {
67911 D_INFO("Disabling hw_scan\n");
67912 - il3945_mac_ops.hw_scan = NULL;
67913 + pax_open_kernel();
67914 + const_cast(il3945_mac_ops.hw_scan) = NULL;
67915 + pax_close_kernel();
67916 }
67917
67918 D_INFO("*** LOAD DRIVER ***\n");
67919 diff --git a/drivers/net/wireless/intel/iwlegacy/4965-mac.c b/drivers/net/wireless/intel/iwlegacy/4965-mac.c
67920 index a91d170..4b3876a 100644
67921 --- a/drivers/net/wireless/intel/iwlegacy/4965-mac.c
67922 +++ b/drivers/net/wireless/intel/iwlegacy/4965-mac.c
67923 @@ -4361,8 +4361,9 @@ il4965_synchronize_irq(struct il_priv *il)
67924 }
67925
67926 static void
67927 -il4965_irq_tasklet(struct il_priv *il)
67928 +il4965_irq_tasklet(unsigned long _il)
67929 {
67930 + struct il_priv *il = (struct il_priv *)_il;
67931 u32 inta, handled = 0;
67932 u32 inta_fh;
67933 unsigned long flags;
67934 @@ -6259,9 +6260,7 @@ il4965_setup_deferred_work(struct il_priv *il)
67935
67936 setup_timer(&il->watchdog, il_bg_watchdog, (unsigned long)il);
67937
67938 - tasklet_init(&il->irq_tasklet,
67939 - (void (*)(unsigned long))il4965_irq_tasklet,
67940 - (unsigned long)il);
67941 + tasklet_init(&il->irq_tasklet, il4965_irq_tasklet, (unsigned long)il);
67942 }
67943
67944 static void
67945 diff --git a/drivers/net/wireless/intel/iwlwifi/dvm/debugfs.c b/drivers/net/wireless/intel/iwlwifi/dvm/debugfs.c
67946 index f6591c8..363b5b3 100644
67947 --- a/drivers/net/wireless/intel/iwlwifi/dvm/debugfs.c
67948 +++ b/drivers/net/wireless/intel/iwlwifi/dvm/debugfs.c
67949 @@ -190,7 +190,7 @@ static ssize_t iwl_dbgfs_sram_write(struct file *file,
67950 {
67951 struct iwl_priv *priv = file->private_data;
67952 char buf[64];
67953 - int buf_size;
67954 + size_t buf_size;
67955 u32 offset, len;
67956
67957 memset(buf, 0, sizeof(buf));
67958 @@ -456,7 +456,7 @@ static ssize_t iwl_dbgfs_rx_handlers_write(struct file *file,
67959 struct iwl_priv *priv = file->private_data;
67960
67961 char buf[8];
67962 - int buf_size;
67963 + size_t buf_size;
67964 u32 reset_flag;
67965
67966 memset(buf, 0, sizeof(buf));
67967 @@ -537,7 +537,7 @@ static ssize_t iwl_dbgfs_disable_ht40_write(struct file *file,
67968 {
67969 struct iwl_priv *priv = file->private_data;
67970 char buf[8];
67971 - int buf_size;
67972 + size_t buf_size;
67973 int ht40;
67974
67975 memset(buf, 0, sizeof(buf));
67976 @@ -589,7 +589,7 @@ static ssize_t iwl_dbgfs_sleep_level_override_write(struct file *file,
67977 {
67978 struct iwl_priv *priv = file->private_data;
67979 char buf[8];
67980 - int buf_size;
67981 + size_t buf_size;
67982 int value;
67983
67984 memset(buf, 0, sizeof(buf));
67985 @@ -681,10 +681,10 @@ DEBUGFS_READ_FILE_OPS(temperature);
67986 DEBUGFS_READ_WRITE_FILE_OPS(sleep_level_override);
67987 DEBUGFS_READ_FILE_OPS(current_sleep_command);
67988
67989 -static const char *fmt_value = " %-30s %10u\n";
67990 -static const char *fmt_hex = " %-30s 0x%02X\n";
67991 -static const char *fmt_table = " %-30s %10u %10u %10u %10u\n";
67992 -static const char *fmt_header =
67993 +static const char fmt_value[] = " %-30s %10u\n";
67994 +static const char fmt_hex[] = " %-30s 0x%02X\n";
67995 +static const char fmt_table[] = " %-30s %10u %10u %10u %10u\n";
67996 +static const char fmt_header[] =
67997 "%-32s current cumulative delta max\n";
67998
67999 static int iwl_statistics_flag(struct iwl_priv *priv, char *buf, int bufsz)
68000 @@ -1854,7 +1854,7 @@ static ssize_t iwl_dbgfs_clear_ucode_statistics_write(struct file *file,
68001 {
68002 struct iwl_priv *priv = file->private_data;
68003 char buf[8];
68004 - int buf_size;
68005 + size_t buf_size;
68006 int clear;
68007
68008 memset(buf, 0, sizeof(buf));
68009 @@ -1899,7 +1899,7 @@ static ssize_t iwl_dbgfs_ucode_tracing_write(struct file *file,
68010 {
68011 struct iwl_priv *priv = file->private_data;
68012 char buf[8];
68013 - int buf_size;
68014 + size_t buf_size;
68015 int trace;
68016
68017 memset(buf, 0, sizeof(buf));
68018 @@ -1970,7 +1970,7 @@ static ssize_t iwl_dbgfs_missed_beacon_write(struct file *file,
68019 {
68020 struct iwl_priv *priv = file->private_data;
68021 char buf[8];
68022 - int buf_size;
68023 + size_t buf_size;
68024 int missed;
68025
68026 memset(buf, 0, sizeof(buf));
68027 @@ -2011,7 +2011,7 @@ static ssize_t iwl_dbgfs_plcp_delta_write(struct file *file,
68028
68029 struct iwl_priv *priv = file->private_data;
68030 char buf[8];
68031 - int buf_size;
68032 + size_t buf_size;
68033 int plcp;
68034
68035 memset(buf, 0, sizeof(buf));
68036 @@ -2071,7 +2071,7 @@ static ssize_t iwl_dbgfs_txfifo_flush_write(struct file *file,
68037
68038 struct iwl_priv *priv = file->private_data;
68039 char buf[8];
68040 - int buf_size;
68041 + size_t buf_size;
68042 int flush;
68043
68044 memset(buf, 0, sizeof(buf));
68045 @@ -2161,7 +2161,7 @@ static ssize_t iwl_dbgfs_protection_mode_write(struct file *file,
68046
68047 struct iwl_priv *priv = file->private_data;
68048 char buf[8];
68049 - int buf_size;
68050 + size_t buf_size;
68051 int rts;
68052
68053 if (!priv->cfg->ht_params)
68054 @@ -2202,7 +2202,7 @@ static ssize_t iwl_dbgfs_echo_test_write(struct file *file,
68055 {
68056 struct iwl_priv *priv = file->private_data;
68057 char buf[8];
68058 - int buf_size;
68059 + size_t buf_size;
68060
68061 memset(buf, 0, sizeof(buf));
68062 buf_size = min(count, sizeof(buf) - 1);
68063 @@ -2236,7 +2236,7 @@ static ssize_t iwl_dbgfs_log_event_write(struct file *file,
68064 struct iwl_priv *priv = file->private_data;
68065 u32 event_log_flag;
68066 char buf[8];
68067 - int buf_size;
68068 + size_t buf_size;
68069
68070 /* check that the interface is up */
68071 if (!iwl_is_ready(priv))
68072 @@ -2290,7 +2290,7 @@ static ssize_t iwl_dbgfs_calib_disabled_write(struct file *file,
68073 struct iwl_priv *priv = file->private_data;
68074 char buf[8];
68075 u32 calib_disabled;
68076 - int buf_size;
68077 + size_t buf_size;
68078
68079 memset(buf, 0, sizeof(buf));
68080 buf_size = min(count, sizeof(buf) - 1);
68081 diff --git a/drivers/net/wireless/intel/iwlwifi/dvm/lib.c b/drivers/net/wireless/intel/iwlwifi/dvm/lib.c
68082 index 6c2d6da..4660f39 100644
68083 --- a/drivers/net/wireless/intel/iwlwifi/dvm/lib.c
68084 +++ b/drivers/net/wireless/intel/iwlwifi/dvm/lib.c
68085 @@ -933,7 +933,7 @@ static void iwlagn_wowlan_program_keys(struct ieee80211_hw *hw,
68086
68087 rx_p1ks = data->tkip->rx_uni;
68088
68089 - pn64 = atomic64_read(&key->tx_pn);
68090 + pn64 = atomic64_read_unchecked(&key->tx_pn);
68091 tkip_tx_sc->iv16 = cpu_to_le16(TKIP_PN_TO_IV16(pn64));
68092 tkip_tx_sc->iv32 = cpu_to_le32(TKIP_PN_TO_IV32(pn64));
68093
68094 @@ -986,7 +986,7 @@ static void iwlagn_wowlan_program_keys(struct ieee80211_hw *hw,
68095 aes_sc = data->rsc_tsc->all_tsc_rsc.aes.unicast_rsc;
68096 aes_tx_sc = &data->rsc_tsc->all_tsc_rsc.aes.tsc;
68097
68098 - pn64 = atomic64_read(&key->tx_pn);
68099 + pn64 = atomic64_read_unchecked(&key->tx_pn);
68100 aes_tx_sc->pn = cpu_to_le64(pn64);
68101 } else
68102 aes_sc = data->rsc_tsc->all_tsc_rsc.aes.multicast_rsc;
68103 diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
68104 index 4fdc3da..4f63dd9 100644
68105 --- a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
68106 +++ b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
68107 @@ -258,7 +258,7 @@ static void iwl_mvm_wowlan_program_keys(struct ieee80211_hw *hw,
68108
68109 rx_p1ks = data->tkip->rx_uni;
68110
68111 - pn64 = atomic64_read(&key->tx_pn);
68112 + pn64 = atomic64_read_unchecked(&key->tx_pn);
68113 tkip_tx_sc->iv16 = cpu_to_le16(TKIP_PN_TO_IV16(pn64));
68114 tkip_tx_sc->iv32 = cpu_to_le32(TKIP_PN_TO_IV32(pn64));
68115
68116 @@ -313,7 +313,7 @@ static void iwl_mvm_wowlan_program_keys(struct ieee80211_hw *hw,
68117 aes_sc = data->rsc_tsc->all_tsc_rsc.aes.unicast_rsc;
68118 aes_tx_sc = &data->rsc_tsc->all_tsc_rsc.aes.tsc;
68119
68120 - pn64 = atomic64_read(&key->tx_pn);
68121 + pn64 = atomic64_read_unchecked(&key->tx_pn);
68122 aes_tx_sc->pn = cpu_to_le64(pn64);
68123 } else {
68124 aes_sc = data->rsc_tsc->all_tsc_rsc.aes.multicast_rsc;
68125 @@ -1610,12 +1610,12 @@ static void iwl_mvm_d3_update_keys(struct ieee80211_hw *hw,
68126 case WLAN_CIPHER_SUITE_CCMP:
68127 iwl_mvm_set_aes_rx_seq(data->mvm, sc->aes.unicast_rsc,
68128 sta, key);
68129 - atomic64_set(&key->tx_pn, le64_to_cpu(sc->aes.tsc.pn));
68130 + atomic64_set_unchecked(&key->tx_pn, le64_to_cpu(sc->aes.tsc.pn));
68131 break;
68132 case WLAN_CIPHER_SUITE_TKIP:
68133 iwl_mvm_tkip_sc_to_seq(&sc->tkip.tsc, &seq);
68134 iwl_mvm_set_tkip_rx_seq(sc->tkip.unicast_rsc, key);
68135 - atomic64_set(&key->tx_pn,
68136 + atomic64_set_unchecked(&key->tx_pn,
68137 (u64)seq.tkip.iv16 |
68138 ((u64)seq.tkip.iv32 << 16));
68139 break;
68140 diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
68141 index a0c1e3d..a3c2b98 100644
68142 --- a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
68143 +++ b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
68144 @@ -385,7 +385,7 @@ static inline void iwl_mvm_set_tx_cmd_pn(struct ieee80211_tx_info *info,
68145 struct ieee80211_key_conf *keyconf = info->control.hw_key;
68146 u64 pn;
68147
68148 - pn = atomic64_inc_return(&keyconf->tx_pn);
68149 + pn = atomic64_inc_return_unchecked(&keyconf->tx_pn);
68150 crypto_hdr[0] = pn;
68151 crypto_hdr[2] = 0;
68152 crypto_hdr[3] = 0x20 | (keyconf->keyidx << 6);
68153 @@ -418,7 +418,7 @@ static void iwl_mvm_set_tx_cmd_crypto(struct iwl_mvm *mvm,
68154
68155 case WLAN_CIPHER_SUITE_TKIP:
68156 tx_cmd->sec_ctl = TX_CMD_SEC_TKIP;
68157 - pn = atomic64_inc_return(&keyconf->tx_pn);
68158 + pn = atomic64_inc_return_unchecked(&keyconf->tx_pn);
68159 ieee80211_tkip_add_iv(crypto_hdr, keyconf, pn);
68160 ieee80211_get_tkip_p2k(keyconf, skb_frag, tx_cmd->key);
68161 break;
68162 diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/trans.c b/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
68163 index 74f2f03..8436ddc 100644
68164 --- a/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
68165 +++ b/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
68166 @@ -2346,7 +2346,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
68167 struct isr_statistics *isr_stats = &trans_pcie->isr_stats;
68168
68169 char buf[8];
68170 - int buf_size;
68171 + size_t buf_size;
68172 u32 reset_flag;
68173
68174 memset(buf, 0, sizeof(buf));
68175 @@ -2367,7 +2367,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
68176 {
68177 struct iwl_trans *trans = file->private_data;
68178 char buf[8];
68179 - int buf_size;
68180 + size_t buf_size;
68181 int csr;
68182
68183 memset(buf, 0, sizeof(buf));
68184 diff --git a/drivers/net/wireless/intersil/hostap/hostap_ioctl.c b/drivers/net/wireless/intersil/hostap/hostap_ioctl.c
68185 index 3e5fa78..6d26beb 100644
68186 --- a/drivers/net/wireless/intersil/hostap/hostap_ioctl.c
68187 +++ b/drivers/net/wireless/intersil/hostap/hostap_ioctl.c
68188 @@ -101,8 +101,9 @@ static int prism2_get_datarates(struct net_device *dev, u8 *rates)
68189
68190 static int prism2_get_name(struct net_device *dev,
68191 struct iw_request_info *info,
68192 - char *name, char *extra)
68193 + union iwreq_data *wrqu, char *extra)
68194 {
68195 + char *name = wrqu->name;
68196 u8 rates[10];
68197 int len, i, over2 = 0;
68198
68199 @@ -123,8 +124,9 @@ static int prism2_get_name(struct net_device *dev,
68200
68201 static int prism2_ioctl_siwencode(struct net_device *dev,
68202 struct iw_request_info *info,
68203 - struct iw_point *erq, char *keybuf)
68204 + union iwreq_data *wrqu, char *keybuf)
68205 {
68206 + struct iw_point *erq = &wrqu->encoding;
68207 struct hostap_interface *iface;
68208 local_info_t *local;
68209 int i;
68210 @@ -225,8 +227,9 @@ static int prism2_ioctl_siwencode(struct net_device *dev,
68211
68212 static int prism2_ioctl_giwencode(struct net_device *dev,
68213 struct iw_request_info *info,
68214 - struct iw_point *erq, char *key)
68215 + union iwreq_data *wrqu, char *key)
68216 {
68217 + struct iw_point *erq = &wrqu->encoding;
68218 struct hostap_interface *iface;
68219 local_info_t *local;
68220 int i, len;
68221 @@ -331,8 +334,9 @@ static int hostap_set_rate(struct net_device *dev)
68222
68223 static int prism2_ioctl_siwrate(struct net_device *dev,
68224 struct iw_request_info *info,
68225 - struct iw_param *rrq, char *extra)
68226 + union iwreq_data *wrqu, char *extra)
68227 {
68228 + struct iw_param *rrq = &wrqu->bitrate;
68229 struct hostap_interface *iface;
68230 local_info_t *local;
68231
68232 @@ -391,8 +395,9 @@ static int prism2_ioctl_siwrate(struct net_device *dev,
68233
68234 static int prism2_ioctl_giwrate(struct net_device *dev,
68235 struct iw_request_info *info,
68236 - struct iw_param *rrq, char *extra)
68237 + union iwreq_data *wrqu, char *extra)
68238 {
68239 + struct iw_param *rrq = &wrqu->bitrate;
68240 u16 val;
68241 struct hostap_interface *iface;
68242 local_info_t *local;
68243 @@ -450,8 +455,9 @@ static int prism2_ioctl_giwrate(struct net_device *dev,
68244
68245 static int prism2_ioctl_siwsens(struct net_device *dev,
68246 struct iw_request_info *info,
68247 - struct iw_param *sens, char *extra)
68248 + union iwreq_data *wrqu, char *extra)
68249 {
68250 + struct iw_param *sens = &wrqu->sens;
68251 struct hostap_interface *iface;
68252 local_info_t *local;
68253
68254 @@ -471,8 +477,9 @@ static int prism2_ioctl_siwsens(struct net_device *dev,
68255
68256 static int prism2_ioctl_giwsens(struct net_device *dev,
68257 struct iw_request_info *info,
68258 - struct iw_param *sens, char *extra)
68259 + union iwreq_data *wrqu, char *extra)
68260 {
68261 + struct iw_param *sens = &wrqu->sens;
68262 struct hostap_interface *iface;
68263 local_info_t *local;
68264 __le16 val;
68265 @@ -495,8 +502,9 @@ static int prism2_ioctl_giwsens(struct net_device *dev,
68266 /* Deprecated in new wireless extension API */
68267 static int prism2_ioctl_giwaplist(struct net_device *dev,
68268 struct iw_request_info *info,
68269 - struct iw_point *data, char *extra)
68270 + union iwreq_data *wrqu, char *extra)
68271 {
68272 + struct iw_point *data = &wrqu->data;
68273 struct hostap_interface *iface;
68274 local_info_t *local;
68275 struct sockaddr *addr;
68276 @@ -536,8 +544,9 @@ static int prism2_ioctl_giwaplist(struct net_device *dev,
68277
68278 static int prism2_ioctl_siwrts(struct net_device *dev,
68279 struct iw_request_info *info,
68280 - struct iw_param *rts, char *extra)
68281 + union iwreq_data *wrqu, char *extra)
68282 {
68283 + struct iw_param *rts = &wrqu->rts;
68284 struct hostap_interface *iface;
68285 local_info_t *local;
68286 __le16 val;
68287 @@ -563,8 +572,9 @@ static int prism2_ioctl_siwrts(struct net_device *dev,
68288
68289 static int prism2_ioctl_giwrts(struct net_device *dev,
68290 struct iw_request_info *info,
68291 - struct iw_param *rts, char *extra)
68292 + union iwreq_data *wrqu, char *extra)
68293 {
68294 + struct iw_param *rts = &wrqu->rts;
68295 struct hostap_interface *iface;
68296 local_info_t *local;
68297 __le16 val;
68298 @@ -586,8 +596,9 @@ static int prism2_ioctl_giwrts(struct net_device *dev,
68299
68300 static int prism2_ioctl_siwfrag(struct net_device *dev,
68301 struct iw_request_info *info,
68302 - struct iw_param *rts, char *extra)
68303 + union iwreq_data *wrqu, char *extra)
68304 {
68305 + struct iw_param *rts = &wrqu->rts;
68306 struct hostap_interface *iface;
68307 local_info_t *local;
68308 __le16 val;
68309 @@ -613,8 +624,9 @@ static int prism2_ioctl_siwfrag(struct net_device *dev,
68310
68311 static int prism2_ioctl_giwfrag(struct net_device *dev,
68312 struct iw_request_info *info,
68313 - struct iw_param *rts, char *extra)
68314 + union iwreq_data *wrqu, char *extra)
68315 {
68316 + struct iw_param *rts = &wrqu->rts;
68317 struct hostap_interface *iface;
68318 local_info_t *local;
68319 __le16 val;
68320 @@ -679,11 +691,12 @@ static int hostap_join_ap(struct net_device *dev)
68321
68322 static int prism2_ioctl_siwap(struct net_device *dev,
68323 struct iw_request_info *info,
68324 - struct sockaddr *ap_addr, char *extra)
68325 + union iwreq_data *wrqu, char *extra)
68326 {
68327 #ifdef PRISM2_NO_STATION_MODES
68328 return -EOPNOTSUPP;
68329 #else /* PRISM2_NO_STATION_MODES */
68330 + struct sockaddr *ap_addr = &wrqu->ap_addr;
68331 struct hostap_interface *iface;
68332 local_info_t *local;
68333
68334 @@ -719,8 +732,9 @@ static int prism2_ioctl_siwap(struct net_device *dev,
68335
68336 static int prism2_ioctl_giwap(struct net_device *dev,
68337 struct iw_request_info *info,
68338 - struct sockaddr *ap_addr, char *extra)
68339 + union iwreq_data *wrqu, char *extra)
68340 {
68341 + struct sockaddr *ap_addr = &wrqu->ap_addr;
68342 struct hostap_interface *iface;
68343 local_info_t *local;
68344
68345 @@ -755,8 +769,9 @@ static int prism2_ioctl_giwap(struct net_device *dev,
68346
68347 static int prism2_ioctl_siwnickn(struct net_device *dev,
68348 struct iw_request_info *info,
68349 - struct iw_point *data, char *nickname)
68350 + union iwreq_data *wrqu, char *nickname)
68351 {
68352 + struct iw_point *data = &wrqu->data;
68353 struct hostap_interface *iface;
68354 local_info_t *local;
68355
68356 @@ -776,8 +791,9 @@ static int prism2_ioctl_siwnickn(struct net_device *dev,
68357
68358 static int prism2_ioctl_giwnickn(struct net_device *dev,
68359 struct iw_request_info *info,
68360 - struct iw_point *data, char *nickname)
68361 + union iwreq_data *wrqu, char *nickname)
68362 {
68363 + struct iw_point *data = &wrqu->data;
68364 struct hostap_interface *iface;
68365 local_info_t *local;
68366 int len;
68367 @@ -803,8 +819,9 @@ static int prism2_ioctl_giwnickn(struct net_device *dev,
68368
68369 static int prism2_ioctl_siwfreq(struct net_device *dev,
68370 struct iw_request_info *info,
68371 - struct iw_freq *freq, char *extra)
68372 + union iwreq_data *wrqu, char *extra)
68373 {
68374 + struct iw_freq *freq = &wrqu->freq;
68375 struct hostap_interface *iface;
68376 local_info_t *local;
68377
68378 @@ -840,8 +857,9 @@ static int prism2_ioctl_siwfreq(struct net_device *dev,
68379
68380 static int prism2_ioctl_giwfreq(struct net_device *dev,
68381 struct iw_request_info *info,
68382 - struct iw_freq *freq, char *extra)
68383 + union iwreq_data *wrqu, char *extra)
68384 {
68385 + struct iw_freq *freq = &wrqu->freq;
68386 struct hostap_interface *iface;
68387 local_info_t *local;
68388 u16 val;
68389 @@ -884,8 +902,9 @@ static void hostap_monitor_set_type(local_info_t *local)
68390
68391 static int prism2_ioctl_siwessid(struct net_device *dev,
68392 struct iw_request_info *info,
68393 - struct iw_point *data, char *ssid)
68394 + union iwreq_data *wrqu, char *ssid)
68395 {
68396 + struct iw_point *data = &wrqu->data;
68397 struct hostap_interface *iface;
68398 local_info_t *local;
68399
68400 @@ -920,8 +939,9 @@ static int prism2_ioctl_siwessid(struct net_device *dev,
68401
68402 static int prism2_ioctl_giwessid(struct net_device *dev,
68403 struct iw_request_info *info,
68404 - struct iw_point *data, char *essid)
68405 + union iwreq_data *wrqu, char *essid)
68406 {
68407 + struct iw_point *data = &wrqu->data;
68408 struct hostap_interface *iface;
68409 local_info_t *local;
68410 u16 val;
68411 @@ -956,8 +976,9 @@ static int prism2_ioctl_giwessid(struct net_device *dev,
68412
68413 static int prism2_ioctl_giwrange(struct net_device *dev,
68414 struct iw_request_info *info,
68415 - struct iw_point *data, char *extra)
68416 + union iwreq_data *wrqu, char *extra)
68417 {
68418 + struct iw_point *data = &wrqu->data;
68419 struct hostap_interface *iface;
68420 local_info_t *local;
68421 struct iw_range *range = (struct iw_range *) extra;
68422 @@ -1131,8 +1152,9 @@ static int hostap_monitor_mode_disable(local_info_t *local)
68423
68424 static int prism2_ioctl_siwmode(struct net_device *dev,
68425 struct iw_request_info *info,
68426 - __u32 *mode, char *extra)
68427 + union iwreq_data *wrqu, char *extra)
68428 {
68429 + __u32 *mode = &wrqu->mode;
68430 struct hostap_interface *iface;
68431 local_info_t *local;
68432 int double_reset = 0;
68433 @@ -1207,8 +1229,9 @@ static int prism2_ioctl_siwmode(struct net_device *dev,
68434
68435 static int prism2_ioctl_giwmode(struct net_device *dev,
68436 struct iw_request_info *info,
68437 - __u32 *mode, char *extra)
68438 + union iwreq_data *wrqu, char *extra)
68439 {
68440 + __u32 *mode = &wrqu->mode;
68441 struct hostap_interface *iface;
68442 local_info_t *local;
68443
68444 @@ -1232,11 +1255,12 @@ static int prism2_ioctl_giwmode(struct net_device *dev,
68445
68446 static int prism2_ioctl_siwpower(struct net_device *dev,
68447 struct iw_request_info *info,
68448 - struct iw_param *wrq, char *extra)
68449 + union iwreq_data *wrqu, char *extra)
68450 {
68451 #ifdef PRISM2_NO_STATION_MODES
68452 return -EOPNOTSUPP;
68453 #else /* PRISM2_NO_STATION_MODES */
68454 + struct iw_param *wrq = &wrqu->power;
68455 int ret = 0;
68456
68457 if (wrq->disabled)
68458 @@ -1291,11 +1315,12 @@ static int prism2_ioctl_siwpower(struct net_device *dev,
68459
68460 static int prism2_ioctl_giwpower(struct net_device *dev,
68461 struct iw_request_info *info,
68462 - struct iw_param *rrq, char *extra)
68463 + union iwreq_data *wrqu, char *extra)
68464 {
68465 #ifdef PRISM2_NO_STATION_MODES
68466 return -EOPNOTSUPP;
68467 #else /* PRISM2_NO_STATION_MODES */
68468 + struct iw_param *rrq = &wrqu->power;
68469 struct hostap_interface *iface;
68470 local_info_t *local;
68471 __le16 enable, mcast;
68472 @@ -1349,8 +1374,9 @@ static int prism2_ioctl_giwpower(struct net_device *dev,
68473
68474 static int prism2_ioctl_siwretry(struct net_device *dev,
68475 struct iw_request_info *info,
68476 - struct iw_param *rrq, char *extra)
68477 + union iwreq_data *wrqu, char *extra)
68478 {
68479 + struct iw_param *rrq = &wrqu->bitrate;
68480 struct hostap_interface *iface;
68481 local_info_t *local;
68482
68483 @@ -1410,8 +1436,9 @@ static int prism2_ioctl_siwretry(struct net_device *dev,
68484
68485 static int prism2_ioctl_giwretry(struct net_device *dev,
68486 struct iw_request_info *info,
68487 - struct iw_param *rrq, char *extra)
68488 + union iwreq_data *wrqu, char *extra)
68489 {
68490 + struct iw_param *rrq = &wrqu->bitrate;
68491 struct hostap_interface *iface;
68492 local_info_t *local;
68493 __le16 shortretry, longretry, lifetime, altretry;
68494 @@ -1504,8 +1531,9 @@ static u16 prism2_txpower_dBm_to_hfa386x(int val)
68495
68496 static int prism2_ioctl_siwtxpow(struct net_device *dev,
68497 struct iw_request_info *info,
68498 - struct iw_param *rrq, char *extra)
68499 + union iwreq_data *wrqu, char *extra)
68500 {
68501 + struct iw_param *rrq = &wrqu->bitrate;
68502 struct hostap_interface *iface;
68503 local_info_t *local;
68504 #ifdef RAW_TXPOWER_SETTING
68505 @@ -1585,9 +1613,10 @@ static int prism2_ioctl_siwtxpow(struct net_device *dev,
68506
68507 static int prism2_ioctl_giwtxpow(struct net_device *dev,
68508 struct iw_request_info *info,
68509 - struct iw_param *rrq, char *extra)
68510 + union iwreq_data *wrqu, char *extra)
68511 {
68512 #ifdef RAW_TXPOWER_SETTING
68513 + struct iw_param *rrq = &wrqu->bitrate;
68514 struct hostap_interface *iface;
68515 local_info_t *local;
68516 u16 resp0;
68517 @@ -1720,8 +1749,9 @@ static inline int prism2_request_scan(struct net_device *dev)
68518
68519 static int prism2_ioctl_siwscan(struct net_device *dev,
68520 struct iw_request_info *info,
68521 - struct iw_point *data, char *extra)
68522 + union iwreq_data *wrqu, char *extra)
68523 {
68524 + struct iw_point *data = &wrqu->data;
68525 struct hostap_interface *iface;
68526 local_info_t *local;
68527 int ret;
68528 @@ -2068,8 +2098,9 @@ static inline int prism2_ioctl_giwscan_sta(struct net_device *dev,
68529
68530 static int prism2_ioctl_giwscan(struct net_device *dev,
68531 struct iw_request_info *info,
68532 - struct iw_point *data, char *extra)
68533 + union iwreq_data *wrqu, char *extra)
68534 {
68535 + struct iw_point *data = &wrqu->data;
68536 struct hostap_interface *iface;
68537 local_info_t *local;
68538 int res;
68539 @@ -2314,7 +2345,7 @@ static int prism2_ioctl_priv_inquire(struct net_device *dev, int *i)
68540
68541 static int prism2_ioctl_priv_prism2_param(struct net_device *dev,
68542 struct iw_request_info *info,
68543 - void *wrqu, char *extra)
68544 + union iwreq_data *wrqu, char *extra)
68545 {
68546 struct hostap_interface *iface;
68547 local_info_t *local;
68548 @@ -2665,7 +2696,7 @@ static int prism2_ioctl_priv_prism2_param(struct net_device *dev,
68549
68550 static int prism2_ioctl_priv_get_prism2_param(struct net_device *dev,
68551 struct iw_request_info *info,
68552 - void *wrqu, char *extra)
68553 + union iwreq_data *wrqu, char *extra)
68554 {
68555 struct hostap_interface *iface;
68556 local_info_t *local;
68557 @@ -2852,7 +2883,7 @@ static int prism2_ioctl_priv_get_prism2_param(struct net_device *dev,
68558
68559 static int prism2_ioctl_priv_readmif(struct net_device *dev,
68560 struct iw_request_info *info,
68561 - void *wrqu, char *extra)
68562 + union iwreq_data *wrqu, char *extra)
68563 {
68564 struct hostap_interface *iface;
68565 local_info_t *local;
68566 @@ -2873,7 +2904,7 @@ static int prism2_ioctl_priv_readmif(struct net_device *dev,
68567
68568 static int prism2_ioctl_priv_writemif(struct net_device *dev,
68569 struct iw_request_info *info,
68570 - void *wrqu, char *extra)
68571 + union iwreq_data *wrqu, char *extra)
68572 {
68573 struct hostap_interface *iface;
68574 local_info_t *local;
68575 @@ -2911,7 +2942,7 @@ static int prism2_ioctl_priv_monitor(struct net_device *dev, int *i)
68576 /* Disable monitor mode - old mode was not saved, so go to
68577 * Master mode */
68578 mode = IW_MODE_MASTER;
68579 - ret = prism2_ioctl_siwmode(dev, NULL, &mode, NULL);
68580 + ret = prism2_ioctl_siwmode(dev, NULL, (union iwreq_data *)&mode, NULL);
68581 } else if (*i == 1) {
68582 /* netlink socket mode is not supported anymore since it did
68583 * not separate different devices from each other and was not
68584 @@ -2928,7 +2959,7 @@ static int prism2_ioctl_priv_monitor(struct net_device *dev, int *i)
68585 break;
68586 }
68587 mode = IW_MODE_MONITOR;
68588 - ret = prism2_ioctl_siwmode(dev, NULL, &mode, NULL);
68589 + ret = prism2_ioctl_siwmode(dev, NULL, (union iwreq_data *)&mode, NULL);
68590 hostap_monitor_mode_enable(local);
68591 } else
68592 ret = -EINVAL;
68593 @@ -3094,8 +3125,9 @@ static int prism2_set_genericelement(struct net_device *dev, u8 *elem,
68594
68595 static int prism2_ioctl_siwauth(struct net_device *dev,
68596 struct iw_request_info *info,
68597 - struct iw_param *data, char *extra)
68598 + union iwreq_data *wrqu, char *extra)
68599 {
68600 + struct iw_param *data = &wrqu->param;
68601 struct hostap_interface *iface = netdev_priv(dev);
68602 local_info_t *local = iface->local;
68603
68604 @@ -3160,8 +3192,9 @@ static int prism2_ioctl_siwauth(struct net_device *dev,
68605
68606 static int prism2_ioctl_giwauth(struct net_device *dev,
68607 struct iw_request_info *info,
68608 - struct iw_param *data, char *extra)
68609 + union iwreq_data *wrqu, char *extra)
68610 {
68611 + struct iw_param *data = &wrqu->param;
68612 struct hostap_interface *iface = netdev_priv(dev);
68613 local_info_t *local = iface->local;
68614
68615 @@ -3199,8 +3232,9 @@ static int prism2_ioctl_giwauth(struct net_device *dev,
68616
68617 static int prism2_ioctl_siwencodeext(struct net_device *dev,
68618 struct iw_request_info *info,
68619 - struct iw_point *erq, char *extra)
68620 + union iwreq_data *wrqu, char *extra)
68621 {
68622 + struct iw_point *erq = &wrqu->encoding;
68623 struct hostap_interface *iface = netdev_priv(dev);
68624 local_info_t *local = iface->local;
68625 struct iw_encode_ext *ext = (struct iw_encode_ext *) extra;
68626 @@ -3373,8 +3407,9 @@ static int prism2_ioctl_siwencodeext(struct net_device *dev,
68627
68628 static int prism2_ioctl_giwencodeext(struct net_device *dev,
68629 struct iw_request_info *info,
68630 - struct iw_point *erq, char *extra)
68631 + union iwreq_data *wrqu, char *extra)
68632 {
68633 + struct iw_point *erq = &wrqu->encoding;
68634 struct hostap_interface *iface = netdev_priv(dev);
68635 local_info_t *local = iface->local;
68636 struct lib80211_crypt_data **crypt;
68637 @@ -3681,16 +3716,19 @@ static int prism2_ioctl_set_assoc_ap_addr(local_info_t *local,
68638
68639 static int prism2_ioctl_siwgenie(struct net_device *dev,
68640 struct iw_request_info *info,
68641 - struct iw_point *data, char *extra)
68642 + union iwreq_data *wrqu, char *extra)
68643 {
68644 + struct iw_point *data = &wrqu->data;
68645 +
68646 return prism2_set_genericelement(dev, extra, data->length);
68647 }
68648
68649
68650 static int prism2_ioctl_giwgenie(struct net_device *dev,
68651 struct iw_request_info *info,
68652 - struct iw_point *data, char *extra)
68653 + union iwreq_data *wrqu, char *extra)
68654 {
68655 + struct iw_point *data = &wrqu->data;
68656 struct hostap_interface *iface = netdev_priv(dev);
68657 local_info_t *local = iface->local;
68658 int len = local->generic_elem_len - 2;
68659 @@ -3728,7 +3766,7 @@ static int prism2_ioctl_set_generic_element(local_info_t *local,
68660
68661 static int prism2_ioctl_siwmlme(struct net_device *dev,
68662 struct iw_request_info *info,
68663 - struct iw_point *data, char *extra)
68664 + union iwreq_data *data, char *extra)
68665 {
68666 struct hostap_interface *iface = netdev_priv(dev);
68667 local_info_t *local = iface->local;
68668 @@ -3883,70 +3921,70 @@ const struct ethtool_ops prism2_ethtool_ops = {
68669
68670 static const iw_handler prism2_handler[] =
68671 {
68672 - (iw_handler) NULL, /* SIOCSIWCOMMIT */
68673 - (iw_handler) prism2_get_name, /* SIOCGIWNAME */
68674 - (iw_handler) NULL, /* SIOCSIWNWID */
68675 - (iw_handler) NULL, /* SIOCGIWNWID */
68676 - (iw_handler) prism2_ioctl_siwfreq, /* SIOCSIWFREQ */
68677 - (iw_handler) prism2_ioctl_giwfreq, /* SIOCGIWFREQ */
68678 - (iw_handler) prism2_ioctl_siwmode, /* SIOCSIWMODE */
68679 - (iw_handler) prism2_ioctl_giwmode, /* SIOCGIWMODE */
68680 - (iw_handler) prism2_ioctl_siwsens, /* SIOCSIWSENS */
68681 - (iw_handler) prism2_ioctl_giwsens, /* SIOCGIWSENS */
68682 - (iw_handler) NULL /* not used */, /* SIOCSIWRANGE */
68683 - (iw_handler) prism2_ioctl_giwrange, /* SIOCGIWRANGE */
68684 - (iw_handler) NULL /* not used */, /* SIOCSIWPRIV */
68685 - (iw_handler) NULL /* kernel code */, /* SIOCGIWPRIV */
68686 - (iw_handler) NULL /* not used */, /* SIOCSIWSTATS */
68687 - (iw_handler) NULL /* kernel code */, /* SIOCGIWSTATS */
68688 - iw_handler_set_spy, /* SIOCSIWSPY */
68689 - iw_handler_get_spy, /* SIOCGIWSPY */
68690 - iw_handler_set_thrspy, /* SIOCSIWTHRSPY */
68691 - iw_handler_get_thrspy, /* SIOCGIWTHRSPY */
68692 - (iw_handler) prism2_ioctl_siwap, /* SIOCSIWAP */
68693 - (iw_handler) prism2_ioctl_giwap, /* SIOCGIWAP */
68694 - (iw_handler) prism2_ioctl_siwmlme, /* SIOCSIWMLME */
68695 - (iw_handler) prism2_ioctl_giwaplist, /* SIOCGIWAPLIST */
68696 - (iw_handler) prism2_ioctl_siwscan, /* SIOCSIWSCAN */
68697 - (iw_handler) prism2_ioctl_giwscan, /* SIOCGIWSCAN */
68698 - (iw_handler) prism2_ioctl_siwessid, /* SIOCSIWESSID */
68699 - (iw_handler) prism2_ioctl_giwessid, /* SIOCGIWESSID */
68700 - (iw_handler) prism2_ioctl_siwnickn, /* SIOCSIWNICKN */
68701 - (iw_handler) prism2_ioctl_giwnickn, /* SIOCGIWNICKN */
68702 - (iw_handler) NULL, /* -- hole -- */
68703 - (iw_handler) NULL, /* -- hole -- */
68704 - (iw_handler) prism2_ioctl_siwrate, /* SIOCSIWRATE */
68705 - (iw_handler) prism2_ioctl_giwrate, /* SIOCGIWRATE */
68706 - (iw_handler) prism2_ioctl_siwrts, /* SIOCSIWRTS */
68707 - (iw_handler) prism2_ioctl_giwrts, /* SIOCGIWRTS */
68708 - (iw_handler) prism2_ioctl_siwfrag, /* SIOCSIWFRAG */
68709 - (iw_handler) prism2_ioctl_giwfrag, /* SIOCGIWFRAG */
68710 - (iw_handler) prism2_ioctl_siwtxpow, /* SIOCSIWTXPOW */
68711 - (iw_handler) prism2_ioctl_giwtxpow, /* SIOCGIWTXPOW */
68712 - (iw_handler) prism2_ioctl_siwretry, /* SIOCSIWRETRY */
68713 - (iw_handler) prism2_ioctl_giwretry, /* SIOCGIWRETRY */
68714 - (iw_handler) prism2_ioctl_siwencode, /* SIOCSIWENCODE */
68715 - (iw_handler) prism2_ioctl_giwencode, /* SIOCGIWENCODE */
68716 - (iw_handler) prism2_ioctl_siwpower, /* SIOCSIWPOWER */
68717 - (iw_handler) prism2_ioctl_giwpower, /* SIOCGIWPOWER */
68718 - (iw_handler) NULL, /* -- hole -- */
68719 - (iw_handler) NULL, /* -- hole -- */
68720 - (iw_handler) prism2_ioctl_siwgenie, /* SIOCSIWGENIE */
68721 - (iw_handler) prism2_ioctl_giwgenie, /* SIOCGIWGENIE */
68722 - (iw_handler) prism2_ioctl_siwauth, /* SIOCSIWAUTH */
68723 - (iw_handler) prism2_ioctl_giwauth, /* SIOCGIWAUTH */
68724 - (iw_handler) prism2_ioctl_siwencodeext, /* SIOCSIWENCODEEXT */
68725 - (iw_handler) prism2_ioctl_giwencodeext, /* SIOCGIWENCODEEXT */
68726 - (iw_handler) NULL, /* SIOCSIWPMKSA */
68727 - (iw_handler) NULL, /* -- hole -- */
68728 + NULL, /* SIOCSIWCOMMIT */
68729 + prism2_get_name, /* SIOCGIWNAME */
68730 + NULL, /* SIOCSIWNWID */
68731 + NULL, /* SIOCGIWNWID */
68732 + prism2_ioctl_siwfreq, /* SIOCSIWFREQ */
68733 + prism2_ioctl_giwfreq, /* SIOCGIWFREQ */
68734 + prism2_ioctl_siwmode, /* SIOCSIWMODE */
68735 + prism2_ioctl_giwmode, /* SIOCGIWMODE */
68736 + prism2_ioctl_siwsens, /* SIOCSIWSENS */
68737 + prism2_ioctl_giwsens, /* SIOCGIWSENS */
68738 + NULL /* not used */, /* SIOCSIWRANGE */
68739 + prism2_ioctl_giwrange, /* SIOCGIWRANGE */
68740 + NULL /* not used */, /* SIOCSIWPRIV */
68741 + NULL /* kernel code */, /* SIOCGIWPRIV */
68742 + NULL /* not used */, /* SIOCSIWSTATS */
68743 + NULL /* kernel code */, /* SIOCGIWSTATS */
68744 + iw_handler_set_spy, /* SIOCSIWSPY */
68745 + iw_handler_get_spy, /* SIOCGIWSPY */
68746 + iw_handler_set_thrspy, /* SIOCSIWTHRSPY */
68747 + iw_handler_get_thrspy, /* SIOCGIWTHRSPY */
68748 + prism2_ioctl_siwap, /* SIOCSIWAP */
68749 + prism2_ioctl_giwap, /* SIOCGIWAP */
68750 + prism2_ioctl_siwmlme, /* SIOCSIWMLME */
68751 + prism2_ioctl_giwaplist, /* SIOCGIWAPLIST */
68752 + prism2_ioctl_siwscan, /* SIOCSIWSCAN */
68753 + prism2_ioctl_giwscan, /* SIOCGIWSCAN */
68754 + prism2_ioctl_siwessid, /* SIOCSIWESSID */
68755 + prism2_ioctl_giwessid, /* SIOCGIWESSID */
68756 + prism2_ioctl_siwnickn, /* SIOCSIWNICKN */
68757 + prism2_ioctl_giwnickn, /* SIOCGIWNICKN */
68758 + NULL, /* -- hole -- */
68759 + NULL, /* -- hole -- */
68760 + prism2_ioctl_siwrate, /* SIOCSIWRATE */
68761 + prism2_ioctl_giwrate, /* SIOCGIWRATE */
68762 + prism2_ioctl_siwrts, /* SIOCSIWRTS */
68763 + prism2_ioctl_giwrts, /* SIOCGIWRTS */
68764 + prism2_ioctl_siwfrag, /* SIOCSIWFRAG */
68765 + prism2_ioctl_giwfrag, /* SIOCGIWFRAG */
68766 + prism2_ioctl_siwtxpow, /* SIOCSIWTXPOW */
68767 + prism2_ioctl_giwtxpow, /* SIOCGIWTXPOW */
68768 + prism2_ioctl_siwretry, /* SIOCSIWRETRY */
68769 + prism2_ioctl_giwretry, /* SIOCGIWRETRY */
68770 + prism2_ioctl_siwencode, /* SIOCSIWENCODE */
68771 + prism2_ioctl_giwencode, /* SIOCGIWENCODE */
68772 + prism2_ioctl_siwpower, /* SIOCSIWPOWER */
68773 + prism2_ioctl_giwpower, /* SIOCGIWPOWER */
68774 + NULL, /* -- hole -- */
68775 + NULL, /* -- hole -- */
68776 + prism2_ioctl_siwgenie, /* SIOCSIWGENIE */
68777 + prism2_ioctl_giwgenie, /* SIOCGIWGENIE */
68778 + prism2_ioctl_siwauth, /* SIOCSIWAUTH */
68779 + prism2_ioctl_giwauth, /* SIOCGIWAUTH */
68780 + prism2_ioctl_siwencodeext, /* SIOCSIWENCODEEXT */
68781 + prism2_ioctl_giwencodeext, /* SIOCGIWENCODEEXT */
68782 + NULL, /* SIOCSIWPMKSA */
68783 + NULL, /* -- hole -- */
68784 };
68785
68786 static const iw_handler prism2_private_handler[] =
68787 { /* SIOCIWFIRSTPRIV + */
68788 - (iw_handler) prism2_ioctl_priv_prism2_param, /* 0 */
68789 - (iw_handler) prism2_ioctl_priv_get_prism2_param, /* 1 */
68790 - (iw_handler) prism2_ioctl_priv_writemif, /* 2 */
68791 - (iw_handler) prism2_ioctl_priv_readmif, /* 3 */
68792 + prism2_ioctl_priv_prism2_param, /* 0 */
68793 + prism2_ioctl_priv_get_prism2_param, /* 1 */
68794 + prism2_ioctl_priv_writemif, /* 2 */
68795 + prism2_ioctl_priv_readmif, /* 3 */
68796 };
68797
68798 const struct iw_handler_def hostap_iw_handler_def =
68799 @@ -3954,8 +3992,8 @@ const struct iw_handler_def hostap_iw_handler_def =
68800 .num_standard = ARRAY_SIZE(prism2_handler),
68801 .num_private = ARRAY_SIZE(prism2_private_handler),
68802 .num_private_args = ARRAY_SIZE(prism2_priv),
68803 - .standard = (iw_handler *) prism2_handler,
68804 - .private = (iw_handler *) prism2_private_handler,
68805 + .standard = prism2_handler,
68806 + .private = prism2_private_handler,
68807 .private_args = (struct iw_priv_args *) prism2_priv,
68808 .get_wireless_stats = hostap_get_wireless_stats,
68809 };
68810 diff --git a/drivers/net/wireless/intersil/orinoco/wext.c b/drivers/net/wireless/intersil/orinoco/wext.c
68811 index 1d4dae4..0508fc1 100644
68812 --- a/drivers/net/wireless/intersil/orinoco/wext.c
68813 +++ b/drivers/net/wireless/intersil/orinoco/wext.c
68814 @@ -154,9 +154,10 @@ static struct iw_statistics *orinoco_get_wireless_stats(struct net_device *dev)
68815
68816 static int orinoco_ioctl_setwap(struct net_device *dev,
68817 struct iw_request_info *info,
68818 - struct sockaddr *ap_addr,
68819 + union iwreq_data *wrqu,
68820 char *extra)
68821 {
68822 + struct sockaddr *ap_addr = &wrqu->ap_addr;
68823 struct orinoco_private *priv = ndev_priv(dev);
68824 int err = -EINPROGRESS; /* Call commit handler */
68825 unsigned long flags;
68826 @@ -213,9 +214,10 @@ static int orinoco_ioctl_setwap(struct net_device *dev,
68827
68828 static int orinoco_ioctl_getwap(struct net_device *dev,
68829 struct iw_request_info *info,
68830 - struct sockaddr *ap_addr,
68831 + union iwreq_data *wrqu,
68832 char *extra)
68833 {
68834 + struct sockaddr *ap_addr = &wrqu->ap_addr;
68835 struct orinoco_private *priv = ndev_priv(dev);
68836
68837 int err = 0;
68838 @@ -234,9 +236,10 @@ static int orinoco_ioctl_getwap(struct net_device *dev,
68839
68840 static int orinoco_ioctl_setiwencode(struct net_device *dev,
68841 struct iw_request_info *info,
68842 - struct iw_point *erq,
68843 + union iwreq_data *wrqu,
68844 char *keybuf)
68845 {
68846 + struct iw_point *erq = &wrqu->encoding;
68847 struct orinoco_private *priv = ndev_priv(dev);
68848 int index = (erq->flags & IW_ENCODE_INDEX) - 1;
68849 int setindex = priv->tx_key;
68850 @@ -325,9 +328,10 @@ static int orinoco_ioctl_setiwencode(struct net_device *dev,
68851
68852 static int orinoco_ioctl_getiwencode(struct net_device *dev,
68853 struct iw_request_info *info,
68854 - struct iw_point *erq,
68855 + union iwreq_data *wrqu,
68856 char *keybuf)
68857 {
68858 + struct iw_point *erq = &wrqu->encoding;
68859 struct orinoco_private *priv = ndev_priv(dev);
68860 int index = (erq->flags & IW_ENCODE_INDEX) - 1;
68861 unsigned long flags;
68862 @@ -361,9 +365,10 @@ static int orinoco_ioctl_getiwencode(struct net_device *dev,
68863
68864 static int orinoco_ioctl_setessid(struct net_device *dev,
68865 struct iw_request_info *info,
68866 - struct iw_point *erq,
68867 + union iwreq_data *wrqu,
68868 char *essidbuf)
68869 {
68870 + struct iw_point *erq = &wrqu->essid;
68871 struct orinoco_private *priv = ndev_priv(dev);
68872 unsigned long flags;
68873
68874 @@ -392,9 +397,10 @@ static int orinoco_ioctl_setessid(struct net_device *dev,
68875
68876 static int orinoco_ioctl_getessid(struct net_device *dev,
68877 struct iw_request_info *info,
68878 - struct iw_point *erq,
68879 + union iwreq_data *wrqu,
68880 char *essidbuf)
68881 {
68882 + struct iw_point *erq = &wrqu->essid;
68883 struct orinoco_private *priv = ndev_priv(dev);
68884 int active;
68885 int err = 0;
68886 @@ -420,9 +426,10 @@ static int orinoco_ioctl_getessid(struct net_device *dev,
68887
68888 static int orinoco_ioctl_setfreq(struct net_device *dev,
68889 struct iw_request_info *info,
68890 - struct iw_freq *frq,
68891 + union iwreq_data *wrqu,
68892 char *extra)
68893 {
68894 + struct iw_freq *frq = &wrqu->freq;
68895 struct orinoco_private *priv = ndev_priv(dev);
68896 int chan = -1;
68897 unsigned long flags;
68898 @@ -469,9 +476,10 @@ static int orinoco_ioctl_setfreq(struct net_device *dev,
68899
68900 static int orinoco_ioctl_getfreq(struct net_device *dev,
68901 struct iw_request_info *info,
68902 - struct iw_freq *frq,
68903 + union iwreq_data *wrqu,
68904 char *extra)
68905 {
68906 + struct iw_freq *frq = &wrqu->freq;
68907 struct orinoco_private *priv = ndev_priv(dev);
68908 int tmp;
68909
68910 @@ -488,9 +496,10 @@ static int orinoco_ioctl_getfreq(struct net_device *dev,
68911
68912 static int orinoco_ioctl_getsens(struct net_device *dev,
68913 struct iw_request_info *info,
68914 - struct iw_param *srq,
68915 + union iwreq_data *wrqu,
68916 char *extra)
68917 {
68918 + struct iw_param *srq = &wrqu->sens;
68919 struct orinoco_private *priv = ndev_priv(dev);
68920 struct hermes *hw = &priv->hw;
68921 u16 val;
68922 @@ -517,9 +526,10 @@ static int orinoco_ioctl_getsens(struct net_device *dev,
68923
68924 static int orinoco_ioctl_setsens(struct net_device *dev,
68925 struct iw_request_info *info,
68926 - struct iw_param *srq,
68927 + union iwreq_data *wrqu,
68928 char *extra)
68929 {
68930 + struct iw_param *srq = &wrqu->sens;
68931 struct orinoco_private *priv = ndev_priv(dev);
68932 int val = srq->value;
68933 unsigned long flags;
68934 @@ -540,9 +550,10 @@ static int orinoco_ioctl_setsens(struct net_device *dev,
68935
68936 static int orinoco_ioctl_setrate(struct net_device *dev,
68937 struct iw_request_info *info,
68938 - struct iw_param *rrq,
68939 + union iwreq_data *wrqu,
68940 char *extra)
68941 {
68942 + struct iw_param *rrq = &wrqu->bitrate;
68943 struct orinoco_private *priv = ndev_priv(dev);
68944 int ratemode;
68945 int bitrate; /* 100s of kilobits */
68946 @@ -574,9 +585,10 @@ static int orinoco_ioctl_setrate(struct net_device *dev,
68947
68948 static int orinoco_ioctl_getrate(struct net_device *dev,
68949 struct iw_request_info *info,
68950 - struct iw_param *rrq,
68951 + union iwreq_data *wrqu,
68952 char *extra)
68953 {
68954 + struct iw_param *rrq = &wrqu->bitrate;
68955 struct orinoco_private *priv = ndev_priv(dev);
68956 int err = 0;
68957 int bitrate, automatic;
68958 @@ -610,9 +622,10 @@ static int orinoco_ioctl_getrate(struct net_device *dev,
68959
68960 static int orinoco_ioctl_setpower(struct net_device *dev,
68961 struct iw_request_info *info,
68962 - struct iw_param *prq,
68963 + union iwreq_data *wrqu,
68964 char *extra)
68965 {
68966 + struct iw_param *prq = &wrqu->power;
68967 struct orinoco_private *priv = ndev_priv(dev);
68968 int err = -EINPROGRESS; /* Call commit handler */
68969 unsigned long flags;
68970 @@ -664,9 +677,10 @@ static int orinoco_ioctl_setpower(struct net_device *dev,
68971
68972 static int orinoco_ioctl_getpower(struct net_device *dev,
68973 struct iw_request_info *info,
68974 - struct iw_param *prq,
68975 + union iwreq_data *wrqu,
68976 char *extra)
68977 {
68978 + struct iw_param *prq = &wrqu->power;
68979 struct orinoco_private *priv = ndev_priv(dev);
68980 struct hermes *hw = &priv->hw;
68981 int err = 0;
68982 @@ -1097,7 +1111,7 @@ static int orinoco_ioctl_set_mlme(struct net_device *dev,
68983
68984 static int orinoco_ioctl_reset(struct net_device *dev,
68985 struct iw_request_info *info,
68986 - void *wrqu,
68987 + union iwreq_data *wrqu,
68988 char *extra)
68989 {
68990 struct orinoco_private *priv = ndev_priv(dev);
68991 @@ -1121,7 +1135,7 @@ static int orinoco_ioctl_reset(struct net_device *dev,
68992
68993 static int orinoco_ioctl_setibssport(struct net_device *dev,
68994 struct iw_request_info *info,
68995 - void *wrqu,
68996 + union iwreq_data *wrqu,
68997 char *extra)
68998
68999 {
69000 @@ -1143,7 +1157,7 @@ static int orinoco_ioctl_setibssport(struct net_device *dev,
69001
69002 static int orinoco_ioctl_getibssport(struct net_device *dev,
69003 struct iw_request_info *info,
69004 - void *wrqu,
69005 + union iwreq_data *wrqu,
69006 char *extra)
69007 {
69008 struct orinoco_private *priv = ndev_priv(dev);
69009 @@ -1155,7 +1169,7 @@ static int orinoco_ioctl_getibssport(struct net_device *dev,
69010
69011 static int orinoco_ioctl_setport3(struct net_device *dev,
69012 struct iw_request_info *info,
69013 - void *wrqu,
69014 + union iwreq_data *wrqu,
69015 char *extra)
69016 {
69017 struct orinoco_private *priv = ndev_priv(dev);
69018 @@ -1201,7 +1215,7 @@ static int orinoco_ioctl_setport3(struct net_device *dev,
69019
69020 static int orinoco_ioctl_getport3(struct net_device *dev,
69021 struct iw_request_info *info,
69022 - void *wrqu,
69023 + union iwreq_data *wrqu,
69024 char *extra)
69025 {
69026 struct orinoco_private *priv = ndev_priv(dev);
69027 @@ -1213,7 +1227,7 @@ static int orinoco_ioctl_getport3(struct net_device *dev,
69028
69029 static int orinoco_ioctl_setpreamble(struct net_device *dev,
69030 struct iw_request_info *info,
69031 - void *wrqu,
69032 + union iwreq_data *wrqu,
69033 char *extra)
69034 {
69035 struct orinoco_private *priv = ndev_priv(dev);
69036 @@ -1245,7 +1259,7 @@ static int orinoco_ioctl_setpreamble(struct net_device *dev,
69037
69038 static int orinoco_ioctl_getpreamble(struct net_device *dev,
69039 struct iw_request_info *info,
69040 - void *wrqu,
69041 + union iwreq_data *wrqu,
69042 char *extra)
69043 {
69044 struct orinoco_private *priv = ndev_priv(dev);
69045 @@ -1265,9 +1279,10 @@ static int orinoco_ioctl_getpreamble(struct net_device *dev,
69046 * For Wireless Tools 25 and 26 append "dummy" are the end. */
69047 static int orinoco_ioctl_getrid(struct net_device *dev,
69048 struct iw_request_info *info,
69049 - struct iw_point *data,
69050 + union iwreq_data *wrqu,
69051 char *extra)
69052 {
69053 + struct iw_point *data = &wrqu->data;
69054 struct orinoco_private *priv = ndev_priv(dev);
69055 struct hermes *hw = &priv->hw;
69056 int rid = data->flags;
69057 @@ -1303,7 +1318,7 @@ static int orinoco_ioctl_getrid(struct net_device *dev,
69058 /* Commit handler, called after set operations */
69059 static int orinoco_ioctl_commit(struct net_device *dev,
69060 struct iw_request_info *info,
69061 - void *wrqu,
69062 + union iwreq_data *wrqu,
69063 char *extra)
69064 {
69065 struct orinoco_private *priv = ndev_priv(dev);
69066 @@ -1347,36 +1362,36 @@ static const struct iw_priv_args orinoco_privtab[] = {
69067 */
69068
69069 static const iw_handler orinoco_handler[] = {
69070 - IW_HANDLER(SIOCSIWCOMMIT, (iw_handler)orinoco_ioctl_commit),
69071 - IW_HANDLER(SIOCGIWNAME, (iw_handler)cfg80211_wext_giwname),
69072 - IW_HANDLER(SIOCSIWFREQ, (iw_handler)orinoco_ioctl_setfreq),
69073 - IW_HANDLER(SIOCGIWFREQ, (iw_handler)orinoco_ioctl_getfreq),
69074 - IW_HANDLER(SIOCSIWMODE, (iw_handler)cfg80211_wext_siwmode),
69075 - IW_HANDLER(SIOCGIWMODE, (iw_handler)cfg80211_wext_giwmode),
69076 - IW_HANDLER(SIOCSIWSENS, (iw_handler)orinoco_ioctl_setsens),
69077 - IW_HANDLER(SIOCGIWSENS, (iw_handler)orinoco_ioctl_getsens),
69078 - IW_HANDLER(SIOCGIWRANGE, (iw_handler)cfg80211_wext_giwrange),
69079 + IW_HANDLER(SIOCSIWCOMMIT, orinoco_ioctl_commit),
69080 + IW_HANDLER(SIOCGIWNAME, cfg80211_wext_giwname),
69081 + IW_HANDLER(SIOCSIWFREQ, orinoco_ioctl_setfreq),
69082 + IW_HANDLER(SIOCGIWFREQ, orinoco_ioctl_getfreq),
69083 + IW_HANDLER(SIOCSIWMODE, cfg80211_wext_siwmode),
69084 + IW_HANDLER(SIOCGIWMODE, cfg80211_wext_giwmode),
69085 + IW_HANDLER(SIOCSIWSENS, orinoco_ioctl_setsens),
69086 + IW_HANDLER(SIOCGIWSENS, orinoco_ioctl_getsens),
69087 + IW_HANDLER(SIOCGIWRANGE, cfg80211_wext_giwrange),
69088 IW_HANDLER(SIOCSIWSPY, iw_handler_set_spy),
69089 IW_HANDLER(SIOCGIWSPY, iw_handler_get_spy),
69090 IW_HANDLER(SIOCSIWTHRSPY, iw_handler_set_thrspy),
69091 IW_HANDLER(SIOCGIWTHRSPY, iw_handler_get_thrspy),
69092 - IW_HANDLER(SIOCSIWAP, (iw_handler)orinoco_ioctl_setwap),
69093 - IW_HANDLER(SIOCGIWAP, (iw_handler)orinoco_ioctl_getwap),
69094 - IW_HANDLER(SIOCSIWSCAN, (iw_handler)cfg80211_wext_siwscan),
69095 - IW_HANDLER(SIOCGIWSCAN, (iw_handler)cfg80211_wext_giwscan),
69096 - IW_HANDLER(SIOCSIWESSID, (iw_handler)orinoco_ioctl_setessid),
69097 - IW_HANDLER(SIOCGIWESSID, (iw_handler)orinoco_ioctl_getessid),
69098 - IW_HANDLER(SIOCSIWRATE, (iw_handler)orinoco_ioctl_setrate),
69099 - IW_HANDLER(SIOCGIWRATE, (iw_handler)orinoco_ioctl_getrate),
69100 - IW_HANDLER(SIOCSIWRTS, (iw_handler)cfg80211_wext_siwrts),
69101 - IW_HANDLER(SIOCGIWRTS, (iw_handler)cfg80211_wext_giwrts),
69102 - IW_HANDLER(SIOCSIWFRAG, (iw_handler)cfg80211_wext_siwfrag),
69103 - IW_HANDLER(SIOCGIWFRAG, (iw_handler)cfg80211_wext_giwfrag),
69104 - IW_HANDLER(SIOCGIWRETRY, (iw_handler)cfg80211_wext_giwretry),
69105 - IW_HANDLER(SIOCSIWENCODE, (iw_handler)orinoco_ioctl_setiwencode),
69106 - IW_HANDLER(SIOCGIWENCODE, (iw_handler)orinoco_ioctl_getiwencode),
69107 - IW_HANDLER(SIOCSIWPOWER, (iw_handler)orinoco_ioctl_setpower),
69108 - IW_HANDLER(SIOCGIWPOWER, (iw_handler)orinoco_ioctl_getpower),
69109 + IW_HANDLER(SIOCSIWAP, orinoco_ioctl_setwap),
69110 + IW_HANDLER(SIOCGIWAP, orinoco_ioctl_getwap),
69111 + IW_HANDLER(SIOCSIWSCAN, cfg80211_wext_siwscan),
69112 + IW_HANDLER(SIOCGIWSCAN, cfg80211_wext_giwscan),
69113 + IW_HANDLER(SIOCSIWESSID, orinoco_ioctl_setessid),
69114 + IW_HANDLER(SIOCGIWESSID, orinoco_ioctl_getessid),
69115 + IW_HANDLER(SIOCSIWRATE, orinoco_ioctl_setrate),
69116 + IW_HANDLER(SIOCGIWRATE, orinoco_ioctl_getrate),
69117 + IW_HANDLER(SIOCSIWRTS, cfg80211_wext_siwrts),
69118 + IW_HANDLER(SIOCGIWRTS, cfg80211_wext_giwrts),
69119 + IW_HANDLER(SIOCSIWFRAG, cfg80211_wext_siwfrag),
69120 + IW_HANDLER(SIOCGIWFRAG, cfg80211_wext_giwfrag),
69121 + IW_HANDLER(SIOCGIWRETRY, cfg80211_wext_giwretry),
69122 + IW_HANDLER(SIOCSIWENCODE, orinoco_ioctl_setiwencode),
69123 + IW_HANDLER(SIOCGIWENCODE, orinoco_ioctl_getiwencode),
69124 + IW_HANDLER(SIOCSIWPOWER, orinoco_ioctl_setpower),
69125 + IW_HANDLER(SIOCGIWPOWER, orinoco_ioctl_getpower),
69126 IW_HANDLER(SIOCSIWGENIE, orinoco_ioctl_set_genie),
69127 IW_HANDLER(SIOCGIWGENIE, orinoco_ioctl_get_genie),
69128 IW_HANDLER(SIOCSIWMLME, orinoco_ioctl_set_mlme),
69129 @@ -1391,15 +1406,15 @@ static const iw_handler orinoco_handler[] = {
69130 Added typecasting since we no longer use iwreq_data -- Moustafa
69131 */
69132 static const iw_handler orinoco_private_handler[] = {
69133 - [0] = (iw_handler)orinoco_ioctl_reset,
69134 - [1] = (iw_handler)orinoco_ioctl_reset,
69135 - [2] = (iw_handler)orinoco_ioctl_setport3,
69136 - [3] = (iw_handler)orinoco_ioctl_getport3,
69137 - [4] = (iw_handler)orinoco_ioctl_setpreamble,
69138 - [5] = (iw_handler)orinoco_ioctl_getpreamble,
69139 - [6] = (iw_handler)orinoco_ioctl_setibssport,
69140 - [7] = (iw_handler)orinoco_ioctl_getibssport,
69141 - [9] = (iw_handler)orinoco_ioctl_getrid,
69142 + [0] = orinoco_ioctl_reset,
69143 + [1] = orinoco_ioctl_reset,
69144 + [2] = orinoco_ioctl_setport3,
69145 + [3] = orinoco_ioctl_getport3,
69146 + [4] = orinoco_ioctl_setpreamble,
69147 + [5] = orinoco_ioctl_getpreamble,
69148 + [6] = orinoco_ioctl_setibssport,
69149 + [7] = orinoco_ioctl_getibssport,
69150 + [9] = orinoco_ioctl_getrid,
69151 };
69152
69153 const struct iw_handler_def orinoco_handler_def = {
69154 diff --git a/drivers/net/wireless/intersil/prism54/isl_ioctl.c b/drivers/net/wireless/intersil/prism54/isl_ioctl.c
69155 index 48e8a97..3499ec8 100644
69156 --- a/drivers/net/wireless/intersil/prism54/isl_ioctl.c
69157 +++ b/drivers/net/wireless/intersil/prism54/isl_ioctl.c
69158 @@ -45,7 +45,7 @@ static void prism54_wpa_bss_ie_add(islpci_private *priv, u8 *bssid,
69159 u8 *wpa_ie, size_t wpa_ie_len);
69160 static size_t prism54_wpa_bss_ie_get(islpci_private *priv, u8 *bssid, u8 *wpa_ie);
69161 static int prism54_set_wpa(struct net_device *, struct iw_request_info *,
69162 - __u32 *, char *);
69163 + union iwreq_data *, char *);
69164
69165 /* In 500 kbps */
69166 static const unsigned char scan_rate_list[] = { 2, 4, 11, 22,
69167 @@ -240,7 +240,7 @@ prism54_get_wireless_stats(struct net_device *ndev)
69168
69169 static int
69170 prism54_commit(struct net_device *ndev, struct iw_request_info *info,
69171 - char *cwrq, char *extra)
69172 + union iwreq_data *cwrq, char *extra)
69173 {
69174 islpci_private *priv = netdev_priv(ndev);
69175
69176 @@ -256,8 +256,9 @@ prism54_commit(struct net_device *ndev, struct iw_request_info *info,
69177
69178 static int
69179 prism54_get_name(struct net_device *ndev, struct iw_request_info *info,
69180 - char *cwrq, char *extra)
69181 + union iwreq_data *wrqu, char *extra)
69182 {
69183 + char *cwrq = wrqu->name;
69184 islpci_private *priv = netdev_priv(ndev);
69185 char *capabilities;
69186 union oid_res_t r;
69187 @@ -287,8 +288,9 @@ prism54_get_name(struct net_device *ndev, struct iw_request_info *info,
69188
69189 static int
69190 prism54_set_freq(struct net_device *ndev, struct iw_request_info *info,
69191 - struct iw_freq *fwrq, char *extra)
69192 + union iwreq_data *wrqu, char *extra)
69193 {
69194 + struct iw_freq *fwrq = &wrqu->freq;
69195 islpci_private *priv = netdev_priv(ndev);
69196 int rvalue;
69197 u32 c;
69198 @@ -307,8 +309,9 @@ prism54_set_freq(struct net_device *ndev, struct iw_request_info *info,
69199
69200 static int
69201 prism54_get_freq(struct net_device *ndev, struct iw_request_info *info,
69202 - struct iw_freq *fwrq, char *extra)
69203 + union iwreq_data *wrqu, char *extra)
69204 {
69205 + struct iw_freq *fwrq = &wrqu->freq;
69206 islpci_private *priv = netdev_priv(ndev);
69207 union oid_res_t r;
69208 int rvalue;
69209 @@ -324,8 +327,9 @@ prism54_get_freq(struct net_device *ndev, struct iw_request_info *info,
69210
69211 static int
69212 prism54_set_mode(struct net_device *ndev, struct iw_request_info *info,
69213 - __u32 * uwrq, char *extra)
69214 + union iwreq_data *wrqu, char *extra)
69215 {
69216 + __u32 *uwrq = &wrqu->mode;
69217 islpci_private *priv = netdev_priv(ndev);
69218 u32 mlmeautolevel = CARD_DEFAULT_MLME_MODE;
69219
69220 @@ -368,8 +372,9 @@ prism54_set_mode(struct net_device *ndev, struct iw_request_info *info,
69221 /* Use mib cache */
69222 static int
69223 prism54_get_mode(struct net_device *ndev, struct iw_request_info *info,
69224 - __u32 * uwrq, char *extra)
69225 + union iwreq_data *wrqu, char *extra)
69226 {
69227 + __u32 *uwrq = &wrqu->mode;
69228 islpci_private *priv = netdev_priv(ndev);
69229
69230 BUG_ON((priv->iw_mode < IW_MODE_AUTO) || (priv->iw_mode >
69231 @@ -386,8 +391,9 @@ prism54_get_mode(struct net_device *ndev, struct iw_request_info *info,
69232
69233 static int
69234 prism54_set_sens(struct net_device *ndev, struct iw_request_info *info,
69235 - struct iw_param *vwrq, char *extra)
69236 + union iwreq_data *wrqu, char *extra)
69237 {
69238 + struct iw_param *vwrq = &wrqu->sens;
69239 islpci_private *priv = netdev_priv(ndev);
69240 u32 sens;
69241
69242 @@ -399,8 +405,9 @@ prism54_set_sens(struct net_device *ndev, struct iw_request_info *info,
69243
69244 static int
69245 prism54_get_sens(struct net_device *ndev, struct iw_request_info *info,
69246 - struct iw_param *vwrq, char *extra)
69247 + union iwreq_data *wrqu, char *extra)
69248 {
69249 + struct iw_param *vwrq = &wrqu->sens;
69250 islpci_private *priv = netdev_priv(ndev);
69251 union oid_res_t r;
69252 int rvalue;
69253 @@ -416,8 +423,9 @@ prism54_get_sens(struct net_device *ndev, struct iw_request_info *info,
69254
69255 static int
69256 prism54_get_range(struct net_device *ndev, struct iw_request_info *info,
69257 - struct iw_point *dwrq, char *extra)
69258 + union iwreq_data *wrqu, char *extra)
69259 {
69260 + struct iw_point *dwrq = &wrqu->data;
69261 struct iw_range *range = (struct iw_range *) extra;
69262 islpci_private *priv = netdev_priv(ndev);
69263 u8 *data;
69264 @@ -521,8 +529,9 @@ prism54_get_range(struct net_device *ndev, struct iw_request_info *info,
69265
69266 static int
69267 prism54_set_wap(struct net_device *ndev, struct iw_request_info *info,
69268 - struct sockaddr *awrq, char *extra)
69269 + union iwreq_data *wrqu, char *extra)
69270 {
69271 + struct sockaddr *awrq = &wrqu->ap_addr;
69272 islpci_private *priv = netdev_priv(ndev);
69273 char bssid[6];
69274 int rvalue;
69275 @@ -543,8 +552,9 @@ prism54_set_wap(struct net_device *ndev, struct iw_request_info *info,
69276
69277 static int
69278 prism54_get_wap(struct net_device *ndev, struct iw_request_info *info,
69279 - struct sockaddr *awrq, char *extra)
69280 + union iwreq_data *wrqu, char *extra)
69281 {
69282 + struct sockaddr *awrq = &wrqu->ap_addr;
69283 islpci_private *priv = netdev_priv(ndev);
69284 union oid_res_t r;
69285 int rvalue;
69286 @@ -559,7 +569,7 @@ prism54_get_wap(struct net_device *ndev, struct iw_request_info *info,
69287
69288 static int
69289 prism54_set_scan(struct net_device *dev, struct iw_request_info *info,
69290 - struct iw_param *vwrq, char *extra)
69291 + union iwreq_data *vwrq, char *extra)
69292 {
69293 /* hehe the device does this automagicaly */
69294 return 0;
69295 @@ -679,8 +689,9 @@ prism54_translate_bss(struct net_device *ndev, struct iw_request_info *info,
69296
69297 static int
69298 prism54_get_scan(struct net_device *ndev, struct iw_request_info *info,
69299 - struct iw_point *dwrq, char *extra)
69300 + union iwreq_data *wrqu, char *extra)
69301 {
69302 + struct iw_point *dwrq = &wrqu->data;
69303 islpci_private *priv = netdev_priv(ndev);
69304 int i, rvalue;
69305 struct obj_bsslist *bsslist;
69306 @@ -733,8 +744,9 @@ prism54_get_scan(struct net_device *ndev, struct iw_request_info *info,
69307
69308 static int
69309 prism54_set_essid(struct net_device *ndev, struct iw_request_info *info,
69310 - struct iw_point *dwrq, char *extra)
69311 + union iwreq_data *wrqu, char *extra)
69312 {
69313 + struct iw_point *dwrq = &wrqu->data;
69314 islpci_private *priv = netdev_priv(ndev);
69315 struct obj_ssid essid;
69316
69317 @@ -760,8 +772,9 @@ prism54_set_essid(struct net_device *ndev, struct iw_request_info *info,
69318
69319 static int
69320 prism54_get_essid(struct net_device *ndev, struct iw_request_info *info,
69321 - struct iw_point *dwrq, char *extra)
69322 + union iwreq_data *wrqu, char *extra)
69323 {
69324 + struct iw_point *dwrq = &wrqu->data;
69325 islpci_private *priv = netdev_priv(ndev);
69326 struct obj_ssid *essid;
69327 union oid_res_t r;
69328 @@ -790,8 +803,9 @@ prism54_get_essid(struct net_device *ndev, struct iw_request_info *info,
69329 */
69330 static int
69331 prism54_set_nick(struct net_device *ndev, struct iw_request_info *info,
69332 - struct iw_point *dwrq, char *extra)
69333 + union iwreq_data *wrqu, char *extra)
69334 {
69335 + struct iw_point *dwrq = &wrqu->data;
69336 islpci_private *priv = netdev_priv(ndev);
69337
69338 if (dwrq->length > IW_ESSID_MAX_SIZE)
69339 @@ -807,8 +821,9 @@ prism54_set_nick(struct net_device *ndev, struct iw_request_info *info,
69340
69341 static int
69342 prism54_get_nick(struct net_device *ndev, struct iw_request_info *info,
69343 - struct iw_point *dwrq, char *extra)
69344 + union iwreq_data *wrqu, char *extra)
69345 {
69346 + struct iw_point *dwrq = &wrqu->data;
69347 islpci_private *priv = netdev_priv(ndev);
69348
69349 dwrq->length = 0;
69350 @@ -826,9 +841,9 @@ prism54_get_nick(struct net_device *ndev, struct iw_request_info *info,
69351 static int
69352 prism54_set_rate(struct net_device *ndev,
69353 struct iw_request_info *info,
69354 - struct iw_param *vwrq, char *extra)
69355 + union iwreq_data *wrqu, char *extra)
69356 {
69357 -
69358 + struct iw_param *vwrq = &wrqu->bitrate;
69359 islpci_private *priv = netdev_priv(ndev);
69360 u32 rate, profile;
69361 char *data;
69362 @@ -899,8 +914,9 @@ prism54_set_rate(struct net_device *ndev,
69363 static int
69364 prism54_get_rate(struct net_device *ndev,
69365 struct iw_request_info *info,
69366 - struct iw_param *vwrq, char *extra)
69367 + union iwreq_data *wrqu, char *extra)
69368 {
69369 + struct iw_param *vwrq = &wrqu->bitrate;
69370 islpci_private *priv = netdev_priv(ndev);
69371 int rvalue;
69372 char *data;
69373 @@ -926,8 +942,9 @@ prism54_get_rate(struct net_device *ndev,
69374
69375 static int
69376 prism54_set_rts(struct net_device *ndev, struct iw_request_info *info,
69377 - struct iw_param *vwrq, char *extra)
69378 + union iwreq_data *wrqu, char *extra)
69379 {
69380 + struct iw_param *vwrq = &wrqu->rts;
69381 islpci_private *priv = netdev_priv(ndev);
69382
69383 return mgt_set_request(priv, DOT11_OID_RTSTHRESH, 0, &vwrq->value);
69384 @@ -935,8 +952,9 @@ prism54_set_rts(struct net_device *ndev, struct iw_request_info *info,
69385
69386 static int
69387 prism54_get_rts(struct net_device *ndev, struct iw_request_info *info,
69388 - struct iw_param *vwrq, char *extra)
69389 + union iwreq_data *wrqu, char *extra)
69390 {
69391 + struct iw_param *vwrq = &wrqu->rts;
69392 islpci_private *priv = netdev_priv(ndev);
69393 union oid_res_t r;
69394 int rvalue;
69395 @@ -950,8 +968,9 @@ prism54_get_rts(struct net_device *ndev, struct iw_request_info *info,
69396
69397 static int
69398 prism54_set_frag(struct net_device *ndev, struct iw_request_info *info,
69399 - struct iw_param *vwrq, char *extra)
69400 + union iwreq_data *wrqu, char *extra)
69401 {
69402 + struct iw_param *vwrq = &wrqu->frag;
69403 islpci_private *priv = netdev_priv(ndev);
69404
69405 return mgt_set_request(priv, DOT11_OID_FRAGTHRESH, 0, &vwrq->value);
69406 @@ -959,8 +978,9 @@ prism54_set_frag(struct net_device *ndev, struct iw_request_info *info,
69407
69408 static int
69409 prism54_get_frag(struct net_device *ndev, struct iw_request_info *info,
69410 - struct iw_param *vwrq, char *extra)
69411 + union iwreq_data *wrqu, char *extra)
69412 {
69413 + struct iw_param *vwrq = &wrqu->frag;
69414 islpci_private *priv = netdev_priv(ndev);
69415 union oid_res_t r;
69416 int rvalue;
69417 @@ -980,8 +1000,9 @@ prism54_get_frag(struct net_device *ndev, struct iw_request_info *info,
69418
69419 static int
69420 prism54_set_retry(struct net_device *ndev, struct iw_request_info *info,
69421 - struct iw_param *vwrq, char *extra)
69422 + union iwreq_data *wrqu, char *extra)
69423 {
69424 + struct iw_param *vwrq = &wrqu->retry;
69425 islpci_private *priv = netdev_priv(ndev);
69426 u32 slimit = 0, llimit = 0; /* short and long limit */
69427 u32 lifetime = 0;
69428 @@ -1022,8 +1043,9 @@ prism54_set_retry(struct net_device *ndev, struct iw_request_info *info,
69429
69430 static int
69431 prism54_get_retry(struct net_device *ndev, struct iw_request_info *info,
69432 - struct iw_param *vwrq, char *extra)
69433 + union iwreq_data *wrqu, char *extra)
69434 {
69435 + struct iw_param *vwrq = &wrqu->retry;
69436 islpci_private *priv = netdev_priv(ndev);
69437 union oid_res_t r;
69438 int rvalue = 0;
69439 @@ -1054,8 +1076,9 @@ prism54_get_retry(struct net_device *ndev, struct iw_request_info *info,
69440
69441 static int
69442 prism54_set_encode(struct net_device *ndev, struct iw_request_info *info,
69443 - struct iw_point *dwrq, char *extra)
69444 + union iwreq_data *wrqu, char *extra)
69445 {
69446 + struct iw_point *dwrq = &wrqu->data;
69447 islpci_private *priv = netdev_priv(ndev);
69448 int rvalue = 0, force = 0;
69449 int authen = DOT11_AUTH_OS, invoke = 0, exunencrypt = 0;
69450 @@ -1155,8 +1178,9 @@ prism54_set_encode(struct net_device *ndev, struct iw_request_info *info,
69451
69452 static int
69453 prism54_get_encode(struct net_device *ndev, struct iw_request_info *info,
69454 - struct iw_point *dwrq, char *extra)
69455 + union iwreq_data *wrqu, char *extra)
69456 {
69457 + struct iw_point *dwrq = &wrqu->data;
69458 islpci_private *priv = netdev_priv(ndev);
69459 struct obj_key *key;
69460 u32 devindex, index = (dwrq->flags & IW_ENCODE_INDEX) - 1;
69461 @@ -1203,8 +1227,9 @@ prism54_get_encode(struct net_device *ndev, struct iw_request_info *info,
69462
69463 static int
69464 prism54_get_txpower(struct net_device *ndev, struct iw_request_info *info,
69465 - struct iw_param *vwrq, char *extra)
69466 + union iwreq_data *wrqu, char *extra)
69467 {
69468 + struct iw_param *vwrq = &wrqu->txpower;
69469 islpci_private *priv = netdev_priv(ndev);
69470 union oid_res_t r;
69471 int rvalue;
69472 @@ -1223,8 +1248,9 @@ prism54_get_txpower(struct net_device *ndev, struct iw_request_info *info,
69473
69474 static int
69475 prism54_set_txpower(struct net_device *ndev, struct iw_request_info *info,
69476 - struct iw_param *vwrq, char *extra)
69477 + union iwreq_data *wrqu, char *extra)
69478 {
69479 + struct iw_param *vwrq = &wrqu->txpower;
69480 islpci_private *priv = netdev_priv(ndev);
69481 s32 u = vwrq->value;
69482
69483 @@ -1249,8 +1275,9 @@ prism54_set_txpower(struct net_device *ndev, struct iw_request_info *info,
69484
69485 static int prism54_set_genie(struct net_device *ndev,
69486 struct iw_request_info *info,
69487 - struct iw_point *data, char *extra)
69488 + union iwreq_data *wrqu, char *extra)
69489 {
69490 + struct iw_point *data = &wrqu->data;
69491 islpci_private *priv = netdev_priv(ndev);
69492 int alen, ret = 0;
69493 struct obj_attachment *attach;
69494 @@ -1298,8 +1325,9 @@ static int prism54_set_genie(struct net_device *ndev,
69495
69496 static int prism54_get_genie(struct net_device *ndev,
69497 struct iw_request_info *info,
69498 - struct iw_point *data, char *extra)
69499 + union iwreq_data *wrqu, char *extra)
69500 {
69501 + struct iw_point *data = &wrqu->data;
69502 islpci_private *priv = netdev_priv(ndev);
69503 int len = priv->wpa_ie_len;
69504
69505 @@ -1739,7 +1767,7 @@ out:
69506
69507 static int
69508 prism54_reset(struct net_device *ndev, struct iw_request_info *info,
69509 - __u32 * uwrq, char *extra)
69510 + union iwreq_data * uwrq, char *extra)
69511 {
69512 islpci_reset(netdev_priv(ndev), 0);
69513
69514 @@ -1748,8 +1776,9 @@ prism54_reset(struct net_device *ndev, struct iw_request_info *info,
69515
69516 static int
69517 prism54_get_oid(struct net_device *ndev, struct iw_request_info *info,
69518 - struct iw_point *dwrq, char *extra)
69519 + union iwreq_data *wrqu, char *extra)
69520 {
69521 + struct iw_point *dwrq = &wrqu->data;
69522 union oid_res_t r;
69523 int rvalue;
69524 enum oid_num_t n = dwrq->flags;
69525 @@ -1763,8 +1792,9 @@ prism54_get_oid(struct net_device *ndev, struct iw_request_info *info,
69526
69527 static int
69528 prism54_set_u32(struct net_device *ndev, struct iw_request_info *info,
69529 - __u32 * uwrq, char *extra)
69530 + union iwreq_data *wrqu, char *extra)
69531 {
69532 + __u32 * uwrq = &wrqu->mode;
69533 u32 oid = uwrq[0], u = uwrq[1];
69534
69535 return mgt_set_request(netdev_priv(ndev), oid, 0, &u);
69536 @@ -1772,8 +1802,9 @@ prism54_set_u32(struct net_device *ndev, struct iw_request_info *info,
69537
69538 static int
69539 prism54_set_raw(struct net_device *ndev, struct iw_request_info *info,
69540 - struct iw_point *dwrq, char *extra)
69541 + union iwreq_data *wrqu, char *extra)
69542 {
69543 + struct iw_point *dwrq = &wrqu->data;
69544 u32 oid = dwrq->flags;
69545
69546 return mgt_set_request(netdev_priv(ndev), oid, 0, extra);
69547 @@ -1819,7 +1850,7 @@ prism54_acl_clean(struct islpci_acl *acl)
69548
69549 static int
69550 prism54_add_mac(struct net_device *ndev, struct iw_request_info *info,
69551 - struct sockaddr *awrq, char *extra)
69552 + union iwreq_data *awrq, char *extra)
69553 {
69554 islpci_private *priv = netdev_priv(ndev);
69555 struct islpci_acl *acl = &priv->acl;
69556 @@ -1848,7 +1879,7 @@ prism54_add_mac(struct net_device *ndev, struct iw_request_info *info,
69557
69558 static int
69559 prism54_del_mac(struct net_device *ndev, struct iw_request_info *info,
69560 - struct sockaddr *awrq, char *extra)
69561 + union iwreq_data *awrq, char *extra)
69562 {
69563 islpci_private *priv = netdev_priv(ndev);
69564 struct islpci_acl *acl = &priv->acl;
69565 @@ -1875,8 +1906,9 @@ prism54_del_mac(struct net_device *ndev, struct iw_request_info *info,
69566
69567 static int
69568 prism54_get_mac(struct net_device *ndev, struct iw_request_info *info,
69569 - struct iw_point *dwrq, char *extra)
69570 + union iwreq_data *wrqu, char *extra)
69571 {
69572 + struct iw_point *dwrq = &wrqu->data;
69573 islpci_private *priv = netdev_priv(ndev);
69574 struct islpci_acl *acl = &priv->acl;
69575 struct mac_entry *entry;
69576 @@ -1903,8 +1935,9 @@ prism54_get_mac(struct net_device *ndev, struct iw_request_info *info,
69577
69578 static int
69579 prism54_set_policy(struct net_device *ndev, struct iw_request_info *info,
69580 - __u32 * uwrq, char *extra)
69581 + union iwreq_data *wrqu, char *extra)
69582 {
69583 + __u32 * uwrq = &wrqu->mode;
69584 islpci_private *priv = netdev_priv(ndev);
69585 struct islpci_acl *acl = &priv->acl;
69586 u32 mlmeautolevel;
69587 @@ -1939,8 +1972,9 @@ prism54_set_policy(struct net_device *ndev, struct iw_request_info *info,
69588
69589 static int
69590 prism54_get_policy(struct net_device *ndev, struct iw_request_info *info,
69591 - __u32 * uwrq, char *extra)
69592 + union iwreq_data *wrqu, char *extra)
69593 {
69594 + __u32 * uwrq = &wrqu->mode;
69595 islpci_private *priv = netdev_priv(ndev);
69596 struct islpci_acl *acl = &priv->acl;
69597
69598 @@ -1979,7 +2013,7 @@ prism54_mac_accept(struct islpci_acl *acl, char *mac)
69599
69600 static int
69601 prism54_kick_all(struct net_device *ndev, struct iw_request_info *info,
69602 - struct iw_point *dwrq, char *extra)
69603 + union iwreq_data *dwrq, char *extra)
69604 {
69605 struct obj_mlme *mlme;
69606 int rvalue;
69607 @@ -1999,7 +2033,7 @@ prism54_kick_all(struct net_device *ndev, struct iw_request_info *info,
69608
69609 static int
69610 prism54_kick_mac(struct net_device *ndev, struct iw_request_info *info,
69611 - struct sockaddr *awrq, char *extra)
69612 + union iwreq_data *awrq, char *extra)
69613 {
69614 struct obj_mlme *mlme;
69615 struct sockaddr *addr = (struct sockaddr *) extra;
69616 @@ -2085,8 +2119,7 @@ link_changed(struct net_device *ndev, u32 bitrate)
69617 netif_carrier_on(ndev);
69618 if (priv->iw_mode == IW_MODE_INFRA) {
69619 union iwreq_data uwrq;
69620 - prism54_get_wap(ndev, NULL, (struct sockaddr *) &uwrq,
69621 - NULL);
69622 + prism54_get_wap(ndev, NULL, &uwrq, NULL);
69623 wireless_send_event(ndev, SIOCGIWAP, &uwrq, NULL);
69624 } else
69625 send_simple_event(netdev_priv(ndev),
69626 @@ -2498,8 +2531,9 @@ prism54_set_mac_address(struct net_device *ndev, void *addr)
69627
69628 static int
69629 prism54_set_wpa(struct net_device *ndev, struct iw_request_info *info,
69630 - __u32 * uwrq, char *extra)
69631 + union iwreq_data *wrqu, char *extra)
69632 {
69633 + __u32 * uwrq = &wrqu->mode;
69634 islpci_private *priv = netdev_priv(ndev);
69635 u32 mlme, authen, dot1x, filter, wep;
69636
69637 @@ -2542,8 +2576,9 @@ prism54_set_wpa(struct net_device *ndev, struct iw_request_info *info,
69638
69639 static int
69640 prism54_get_wpa(struct net_device *ndev, struct iw_request_info *info,
69641 - __u32 * uwrq, char *extra)
69642 + union iwreq_data *wrqu, char *extra)
69643 {
69644 + __u32 * uwrq = &wrqu->mode;
69645 islpci_private *priv = netdev_priv(ndev);
69646 *uwrq = priv->wpa;
69647 return 0;
69648 @@ -2551,8 +2586,9 @@ prism54_get_wpa(struct net_device *ndev, struct iw_request_info *info,
69649
69650 static int
69651 prism54_set_prismhdr(struct net_device *ndev, struct iw_request_info *info,
69652 - __u32 * uwrq, char *extra)
69653 + union iwreq_data *wrqu, char *extra)
69654 {
69655 + __u32 * uwrq = &wrqu->mode;
69656 islpci_private *priv = netdev_priv(ndev);
69657 priv->monitor_type =
69658 (*uwrq ? ARPHRD_IEEE80211_PRISM : ARPHRD_IEEE80211);
69659 @@ -2564,8 +2600,9 @@ prism54_set_prismhdr(struct net_device *ndev, struct iw_request_info *info,
69660
69661 static int
69662 prism54_get_prismhdr(struct net_device *ndev, struct iw_request_info *info,
69663 - __u32 * uwrq, char *extra)
69664 + union iwreq_data *wrqu, char *extra)
69665 {
69666 + __u32 * uwrq = &wrqu->mode;
69667 islpci_private *priv = netdev_priv(ndev);
69668 *uwrq = (priv->monitor_type == ARPHRD_IEEE80211_PRISM);
69669 return 0;
69670 @@ -2573,8 +2610,9 @@ prism54_get_prismhdr(struct net_device *ndev, struct iw_request_info *info,
69671
69672 static int
69673 prism54_debug_oid(struct net_device *ndev, struct iw_request_info *info,
69674 - __u32 * uwrq, char *extra)
69675 + union iwreq_data *wrqu, char *extra)
69676 {
69677 + __u32 * uwrq = &wrqu->mode;
69678 islpci_private *priv = netdev_priv(ndev);
69679
69680 priv->priv_oid = *uwrq;
69681 @@ -2585,8 +2623,9 @@ prism54_debug_oid(struct net_device *ndev, struct iw_request_info *info,
69682
69683 static int
69684 prism54_debug_get_oid(struct net_device *ndev, struct iw_request_info *info,
69685 - struct iw_point *data, char *extra)
69686 + union iwreq_data *wrqu, char *extra)
69687 {
69688 + struct iw_point *data = &wrqu->data;
69689 islpci_private *priv = netdev_priv(ndev);
69690 struct islpci_mgmtframe *response;
69691 int ret = -EIO;
69692 @@ -2621,8 +2660,9 @@ prism54_debug_get_oid(struct net_device *ndev, struct iw_request_info *info,
69693
69694 static int
69695 prism54_debug_set_oid(struct net_device *ndev, struct iw_request_info *info,
69696 - struct iw_point *data, char *extra)
69697 + union iwreq_data *wrqu, char *extra)
69698 {
69699 + struct iw_point *data = &wrqu->data;
69700 islpci_private *priv = netdev_priv(ndev);
69701 struct islpci_mgmtframe *response;
69702 int ret = 0, response_op = PIMFOR_OP_ERROR;
69703 @@ -2682,60 +2722,60 @@ prism54_set_spy(struct net_device *ndev,
69704 }
69705
69706 static const iw_handler prism54_handler[] = {
69707 - (iw_handler) prism54_commit, /* SIOCSIWCOMMIT */
69708 - (iw_handler) prism54_get_name, /* SIOCGIWNAME */
69709 - (iw_handler) NULL, /* SIOCSIWNWID */
69710 - (iw_handler) NULL, /* SIOCGIWNWID */
69711 - (iw_handler) prism54_set_freq, /* SIOCSIWFREQ */
69712 - (iw_handler) prism54_get_freq, /* SIOCGIWFREQ */
69713 - (iw_handler) prism54_set_mode, /* SIOCSIWMODE */
69714 - (iw_handler) prism54_get_mode, /* SIOCGIWMODE */
69715 - (iw_handler) prism54_set_sens, /* SIOCSIWSENS */
69716 - (iw_handler) prism54_get_sens, /* SIOCGIWSENS */
69717 - (iw_handler) NULL, /* SIOCSIWRANGE */
69718 - (iw_handler) prism54_get_range, /* SIOCGIWRANGE */
69719 - (iw_handler) NULL, /* SIOCSIWPRIV */
69720 - (iw_handler) NULL, /* SIOCGIWPRIV */
69721 - (iw_handler) NULL, /* SIOCSIWSTATS */
69722 - (iw_handler) NULL, /* SIOCGIWSTATS */
69723 + prism54_commit, /* SIOCSIWCOMMIT */
69724 + prism54_get_name, /* SIOCGIWNAME */
69725 + NULL, /* SIOCSIWNWID */
69726 + NULL, /* SIOCGIWNWID */
69727 + prism54_set_freq, /* SIOCSIWFREQ */
69728 + prism54_get_freq, /* SIOCGIWFREQ */
69729 + prism54_set_mode, /* SIOCSIWMODE */
69730 + prism54_get_mode, /* SIOCGIWMODE */
69731 + prism54_set_sens, /* SIOCSIWSENS */
69732 + prism54_get_sens, /* SIOCGIWSENS */
69733 + NULL, /* SIOCSIWRANGE */
69734 + prism54_get_range, /* SIOCGIWRANGE */
69735 + NULL, /* SIOCSIWPRIV */
69736 + NULL, /* SIOCGIWPRIV */
69737 + NULL, /* SIOCSIWSTATS */
69738 + NULL, /* SIOCGIWSTATS */
69739 prism54_set_spy, /* SIOCSIWSPY */
69740 iw_handler_get_spy, /* SIOCGIWSPY */
69741 iw_handler_set_thrspy, /* SIOCSIWTHRSPY */
69742 iw_handler_get_thrspy, /* SIOCGIWTHRSPY */
69743 - (iw_handler) prism54_set_wap, /* SIOCSIWAP */
69744 - (iw_handler) prism54_get_wap, /* SIOCGIWAP */
69745 - (iw_handler) NULL, /* -- hole -- */
69746 - (iw_handler) NULL, /* SIOCGIWAPLIST deprecated */
69747 - (iw_handler) prism54_set_scan, /* SIOCSIWSCAN */
69748 - (iw_handler) prism54_get_scan, /* SIOCGIWSCAN */
69749 - (iw_handler) prism54_set_essid, /* SIOCSIWESSID */
69750 - (iw_handler) prism54_get_essid, /* SIOCGIWESSID */
69751 - (iw_handler) prism54_set_nick, /* SIOCSIWNICKN */
69752 - (iw_handler) prism54_get_nick, /* SIOCGIWNICKN */
69753 - (iw_handler) NULL, /* -- hole -- */
69754 - (iw_handler) NULL, /* -- hole -- */
69755 - (iw_handler) prism54_set_rate, /* SIOCSIWRATE */
69756 - (iw_handler) prism54_get_rate, /* SIOCGIWRATE */
69757 - (iw_handler) prism54_set_rts, /* SIOCSIWRTS */
69758 - (iw_handler) prism54_get_rts, /* SIOCGIWRTS */
69759 - (iw_handler) prism54_set_frag, /* SIOCSIWFRAG */
69760 - (iw_handler) prism54_get_frag, /* SIOCGIWFRAG */
69761 - (iw_handler) prism54_set_txpower, /* SIOCSIWTXPOW */
69762 - (iw_handler) prism54_get_txpower, /* SIOCGIWTXPOW */
69763 - (iw_handler) prism54_set_retry, /* SIOCSIWRETRY */
69764 - (iw_handler) prism54_get_retry, /* SIOCGIWRETRY */
69765 - (iw_handler) prism54_set_encode, /* SIOCSIWENCODE */
69766 - (iw_handler) prism54_get_encode, /* SIOCGIWENCODE */
69767 - (iw_handler) NULL, /* SIOCSIWPOWER */
69768 - (iw_handler) NULL, /* SIOCGIWPOWER */
69769 + prism54_set_wap, /* SIOCSIWAP */
69770 + prism54_get_wap, /* SIOCGIWAP */
69771 + NULL, /* -- hole -- */
69772 + NULL, /* SIOCGIWAPLIST deprecated */
69773 + prism54_set_scan, /* SIOCSIWSCAN */
69774 + prism54_get_scan, /* SIOCGIWSCAN */
69775 + prism54_set_essid, /* SIOCSIWESSID */
69776 + prism54_get_essid, /* SIOCGIWESSID */
69777 + prism54_set_nick, /* SIOCSIWNICKN */
69778 + prism54_get_nick, /* SIOCGIWNICKN */
69779 + NULL, /* -- hole -- */
69780 + NULL, /* -- hole -- */
69781 + prism54_set_rate, /* SIOCSIWRATE */
69782 + prism54_get_rate, /* SIOCGIWRATE */
69783 + prism54_set_rts, /* SIOCSIWRTS */
69784 + prism54_get_rts, /* SIOCGIWRTS */
69785 + prism54_set_frag, /* SIOCSIWFRAG */
69786 + prism54_get_frag, /* SIOCGIWFRAG */
69787 + prism54_set_txpower, /* SIOCSIWTXPOW */
69788 + prism54_get_txpower, /* SIOCGIWTXPOW */
69789 + prism54_set_retry, /* SIOCSIWRETRY */
69790 + prism54_get_retry, /* SIOCGIWRETRY */
69791 + prism54_set_encode, /* SIOCSIWENCODE */
69792 + prism54_get_encode, /* SIOCGIWENCODE */
69793 + NULL, /* SIOCSIWPOWER */
69794 + NULL, /* SIOCGIWPOWER */
69795 NULL, /* -- hole -- */
69796 NULL, /* -- hole -- */
69797 - (iw_handler) prism54_set_genie, /* SIOCSIWGENIE */
69798 - (iw_handler) prism54_get_genie, /* SIOCGIWGENIE */
69799 - (iw_handler) prism54_set_auth, /* SIOCSIWAUTH */
69800 - (iw_handler) prism54_get_auth, /* SIOCGIWAUTH */
69801 - (iw_handler) prism54_set_encodeext, /* SIOCSIWENCODEEXT */
69802 - (iw_handler) prism54_get_encodeext, /* SIOCGIWENCODEEXT */
69803 + prism54_set_genie, /* SIOCSIWGENIE */
69804 + prism54_get_genie, /* SIOCGIWGENIE */
69805 + prism54_set_auth, /* SIOCSIWAUTH */
69806 + prism54_get_auth, /* SIOCGIWAUTH */
69807 + prism54_set_encodeext, /* SIOCSIWENCODEEXT */
69808 + prism54_get_encodeext, /* SIOCGIWENCODEEXT */
69809 NULL, /* SIOCSIWPMKSA */
69810 };
69811
69812 @@ -2872,31 +2912,31 @@ static const struct iw_priv_args prism54_private_args[] = {
69813 };
69814
69815 static const iw_handler prism54_private_handler[] = {
69816 - (iw_handler) prism54_reset,
69817 - (iw_handler) prism54_get_policy,
69818 - (iw_handler) prism54_set_policy,
69819 - (iw_handler) prism54_get_mac,
69820 - (iw_handler) prism54_add_mac,
69821 - (iw_handler) NULL,
69822 - (iw_handler) prism54_del_mac,
69823 - (iw_handler) NULL,
69824 - (iw_handler) prism54_kick_mac,
69825 - (iw_handler) NULL,
69826 - (iw_handler) prism54_kick_all,
69827 - (iw_handler) prism54_get_wpa,
69828 - (iw_handler) prism54_set_wpa,
69829 - (iw_handler) NULL,
69830 - (iw_handler) prism54_debug_oid,
69831 - (iw_handler) prism54_debug_get_oid,
69832 - (iw_handler) prism54_debug_set_oid,
69833 - (iw_handler) prism54_get_oid,
69834 - (iw_handler) prism54_set_u32,
69835 - (iw_handler) NULL,
69836 - (iw_handler) prism54_set_raw,
69837 - (iw_handler) NULL,
69838 - (iw_handler) prism54_set_raw,
69839 - (iw_handler) prism54_get_prismhdr,
69840 - (iw_handler) prism54_set_prismhdr,
69841 + prism54_reset,
69842 + prism54_get_policy,
69843 + prism54_set_policy,
69844 + prism54_get_mac,
69845 + prism54_add_mac,
69846 + NULL,
69847 + prism54_del_mac,
69848 + NULL,
69849 + prism54_kick_mac,
69850 + NULL,
69851 + prism54_kick_all,
69852 + prism54_get_wpa,
69853 + prism54_set_wpa,
69854 + NULL,
69855 + prism54_debug_oid,
69856 + prism54_debug_get_oid,
69857 + prism54_debug_set_oid,
69858 + prism54_get_oid,
69859 + prism54_set_u32,
69860 + NULL,
69861 + prism54_set_raw,
69862 + NULL,
69863 + prism54_set_raw,
69864 + prism54_get_prismhdr,
69865 + prism54_set_prismhdr,
69866 };
69867
69868 const struct iw_handler_def prism54_handler_def = {
69869 diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
69870 index 8c35ac8..42033c1 100644
69871 --- a/drivers/net/wireless/mac80211_hwsim.c
69872 +++ b/drivers/net/wireless/mac80211_hwsim.c
69873 @@ -3360,20 +3360,20 @@ static int __init init_mac80211_hwsim(void)
69874 if (channels < 1)
69875 return -EINVAL;
69876
69877 - mac80211_hwsim_mchan_ops = mac80211_hwsim_ops;
69878 - mac80211_hwsim_mchan_ops.hw_scan = mac80211_hwsim_hw_scan;
69879 - mac80211_hwsim_mchan_ops.cancel_hw_scan = mac80211_hwsim_cancel_hw_scan;
69880 - mac80211_hwsim_mchan_ops.sw_scan_start = NULL;
69881 - mac80211_hwsim_mchan_ops.sw_scan_complete = NULL;
69882 - mac80211_hwsim_mchan_ops.remain_on_channel = mac80211_hwsim_roc;
69883 - mac80211_hwsim_mchan_ops.cancel_remain_on_channel = mac80211_hwsim_croc;
69884 - mac80211_hwsim_mchan_ops.add_chanctx = mac80211_hwsim_add_chanctx;
69885 - mac80211_hwsim_mchan_ops.remove_chanctx = mac80211_hwsim_remove_chanctx;
69886 - mac80211_hwsim_mchan_ops.change_chanctx = mac80211_hwsim_change_chanctx;
69887 - mac80211_hwsim_mchan_ops.assign_vif_chanctx =
69888 - mac80211_hwsim_assign_vif_chanctx;
69889 - mac80211_hwsim_mchan_ops.unassign_vif_chanctx =
69890 - mac80211_hwsim_unassign_vif_chanctx;
69891 + pax_open_kernel();
69892 + memcpy((void *)&mac80211_hwsim_mchan_ops, &mac80211_hwsim_ops, sizeof mac80211_hwsim_mchan_ops);
69893 + const_cast(mac80211_hwsim_mchan_ops.hw_scan) = mac80211_hwsim_hw_scan;
69894 + const_cast(mac80211_hwsim_mchan_ops.cancel_hw_scan) = mac80211_hwsim_cancel_hw_scan;
69895 + const_cast(mac80211_hwsim_mchan_ops.sw_scan_start) = NULL;
69896 + const_cast(mac80211_hwsim_mchan_ops.sw_scan_complete) = NULL;
69897 + const_cast(mac80211_hwsim_mchan_ops.remain_on_channel) = mac80211_hwsim_roc;
69898 + const_cast(mac80211_hwsim_mchan_ops.cancel_remain_on_channel) = mac80211_hwsim_croc;
69899 + const_cast(mac80211_hwsim_mchan_ops.add_chanctx) = mac80211_hwsim_add_chanctx;
69900 + const_cast(mac80211_hwsim_mchan_ops.remove_chanctx) = mac80211_hwsim_remove_chanctx;
69901 + const_cast(mac80211_hwsim_mchan_ops.change_chanctx) = mac80211_hwsim_change_chanctx;
69902 + const_cast(mac80211_hwsim_mchan_ops.assign_vif_chanctx) = mac80211_hwsim_assign_vif_chanctx;
69903 + const_cast(mac80211_hwsim_mchan_ops.unassign_vif_chanctx) = mac80211_hwsim_unassign_vif_chanctx;
69904 + pax_close_kernel();
69905
69906 spin_lock_init(&hwsim_radio_lock);
69907 INIT_LIST_HEAD(&hwsim_radios);
69908 diff --git a/drivers/net/wireless/marvell/mwifiex/main.c b/drivers/net/wireless/marvell/mwifiex/main.c
69909 index db4925d..91c12fa 100644
69910 --- a/drivers/net/wireless/marvell/mwifiex/main.c
69911 +++ b/drivers/net/wireless/marvell/mwifiex/main.c
69912 @@ -814,7 +814,7 @@ mwifiex_clone_skb_for_tx_status(struct mwifiex_private *priv,
69913 /*
69914 * CFG802.11 network device handler for data transmission.
69915 */
69916 -static int
69917 +static netdev_tx_t
69918 mwifiex_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
69919 {
69920 struct mwifiex_private *priv = mwifiex_netdev_get_priv(dev);
69921 diff --git a/drivers/net/wireless/ralink/rt2x00/rt2400pci.c b/drivers/net/wireless/ralink/rt2x00/rt2400pci.c
69922 index 155f343..5db43e7 100644
69923 --- a/drivers/net/wireless/ralink/rt2x00/rt2400pci.c
69924 +++ b/drivers/net/wireless/ralink/rt2x00/rt2400pci.c
69925 @@ -54,7 +54,7 @@
69926 rt2x00mmio_regbusy_read((__dev), RFCSR, RFCSR_BUSY, (__reg))
69927
69928 static void rt2400pci_bbp_write(struct rt2x00_dev *rt2x00dev,
69929 - const unsigned int word, const u8 value)
69930 + const unsigned int word, u8 value)
69931 {
69932 u32 reg;
69933
69934 @@ -109,7 +109,7 @@ static void rt2400pci_bbp_read(struct rt2x00_dev *rt2x00dev,
69935 }
69936
69937 static void rt2400pci_rf_write(struct rt2x00_dev *rt2x00dev,
69938 - const unsigned int word, const u32 value)
69939 + const unsigned int word, u32 value)
69940 {
69941 u32 reg;
69942
69943 diff --git a/drivers/net/wireless/ralink/rt2x00/rt2500pci.c b/drivers/net/wireless/ralink/rt2x00/rt2500pci.c
69944 index 2553cdd..6a60ef9 100644
69945 --- a/drivers/net/wireless/ralink/rt2x00/rt2500pci.c
69946 +++ b/drivers/net/wireless/ralink/rt2x00/rt2500pci.c
69947 @@ -54,7 +54,7 @@
69948 rt2x00mmio_regbusy_read((__dev), RFCSR, RFCSR_BUSY, (__reg))
69949
69950 static void rt2500pci_bbp_write(struct rt2x00_dev *rt2x00dev,
69951 - const unsigned int word, const u8 value)
69952 + const unsigned int word, u8 value)
69953 {
69954 u32 reg;
69955
69956 @@ -109,7 +109,7 @@ static void rt2500pci_bbp_read(struct rt2x00_dev *rt2x00dev,
69957 }
69958
69959 static void rt2500pci_rf_write(struct rt2x00_dev *rt2x00dev,
69960 - const unsigned int word, const u32 value)
69961 + const unsigned int word, u32 value)
69962 {
69963 u32 reg;
69964
69965 diff --git a/drivers/net/wireless/ralink/rt2x00/rt2500usb.c b/drivers/net/wireless/ralink/rt2x00/rt2500usb.c
69966 index 2d64611..66754f4 100644
69967 --- a/drivers/net/wireless/ralink/rt2x00/rt2500usb.c
69968 +++ b/drivers/net/wireless/ralink/rt2x00/rt2500usb.c
69969 @@ -142,7 +142,7 @@ static int rt2500usb_regbusy_read(struct rt2x00_dev *rt2x00dev,
69970 rt2500usb_regbusy_read((__dev), PHY_CSR10, PHY_CSR10_RF_BUSY, (__reg))
69971
69972 static void rt2500usb_bbp_write(struct rt2x00_dev *rt2x00dev,
69973 - const unsigned int word, const u8 value)
69974 + const unsigned int word, u8 value)
69975 {
69976 u16 reg;
69977
69978 @@ -196,7 +196,7 @@ static void rt2500usb_bbp_read(struct rt2x00_dev *rt2x00dev,
69979 }
69980
69981 static void rt2500usb_rf_write(struct rt2x00_dev *rt2x00dev,
69982 - const unsigned int word, const u32 value)
69983 + const unsigned int word, u32 value)
69984 {
69985 u16 reg;
69986
69987 diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
69988 index bf3f0a3..9d2a6d0 100644
69989 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
69990 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
69991 @@ -83,7 +83,7 @@ static inline bool rt2800_is_305x_soc(struct rt2x00_dev *rt2x00dev)
69992 }
69993
69994 static void rt2800_bbp_write(struct rt2x00_dev *rt2x00dev,
69995 - const unsigned int word, const u8 value)
69996 + const unsigned int word, u8 value)
69997 {
69998 u32 reg;
69999
70000 @@ -140,7 +140,7 @@ static void rt2800_bbp_read(struct rt2x00_dev *rt2x00dev,
70001 }
70002
70003 static void rt2800_rfcsr_write(struct rt2x00_dev *rt2x00dev,
70004 - const unsigned int word, const u8 value)
70005 + const unsigned int word, u8 value)
70006 {
70007 u32 reg;
70008
70009 @@ -195,7 +195,7 @@ static void rt2800_rfcsr_read(struct rt2x00_dev *rt2x00dev,
70010 }
70011
70012 static void rt2800_rf_write(struct rt2x00_dev *rt2x00dev,
70013 - const unsigned int word, const u32 value)
70014 + const unsigned int word, u32 value)
70015 {
70016 u32 reg;
70017
70018 diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00.h b/drivers/net/wireless/ralink/rt2x00/rt2x00.h
70019 index f68d492..38ba52d 100644
70020 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00.h
70021 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00.h
70022 @@ -378,7 +378,7 @@ struct rt2x00_intf {
70023 * for hardware which doesn't support hardware
70024 * sequence counting.
70025 */
70026 - atomic_t seqno;
70027 + atomic_unchecked_t seqno;
70028 };
70029
70030 static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif)
70031 diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c b/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
70032 index 68b620b..92ecd9e 100644
70033 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
70034 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
70035 @@ -224,9 +224,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev,
70036 * sequence counter given by mac80211.
70037 */
70038 if (test_bit(ENTRY_TXD_FIRST_FRAGMENT, &txdesc->flags))
70039 - seqno = atomic_add_return(0x10, &intf->seqno);
70040 + seqno = atomic_add_return_unchecked(0x10, &intf->seqno);
70041 else
70042 - seqno = atomic_read(&intf->seqno);
70043 + seqno = atomic_read_unchecked(&intf->seqno);
70044
70045 hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG);
70046 hdr->seq_ctrl |= cpu_to_le16(seqno);
70047 diff --git a/drivers/net/wireless/ralink/rt2x00/rt61pci.c b/drivers/net/wireless/ralink/rt2x00/rt61pci.c
70048 index 03013eb..ade7027 100644
70049 --- a/drivers/net/wireless/ralink/rt2x00/rt61pci.c
70050 +++ b/drivers/net/wireless/ralink/rt2x00/rt61pci.c
70051 @@ -63,7 +63,7 @@ MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
70052 H2M_MAILBOX_CSR_OWNER, (__reg))
70053
70054 static void rt61pci_bbp_write(struct rt2x00_dev *rt2x00dev,
70055 - const unsigned int word, const u8 value)
70056 + const unsigned int word, u8 value)
70057 {
70058 u32 reg;
70059
70060 @@ -118,7 +118,7 @@ static void rt61pci_bbp_read(struct rt2x00_dev *rt2x00dev,
70061 }
70062
70063 static void rt61pci_rf_write(struct rt2x00_dev *rt2x00dev,
70064 - const unsigned int word, const u32 value)
70065 + const unsigned int word, u32 value)
70066 {
70067 u32 reg;
70068
70069 diff --git a/drivers/net/wireless/ralink/rt2x00/rt73usb.c b/drivers/net/wireless/ralink/rt2x00/rt73usb.c
70070 index c1397a6..82c223d 100644
70071 --- a/drivers/net/wireless/ralink/rt2x00/rt73usb.c
70072 +++ b/drivers/net/wireless/ralink/rt2x00/rt73usb.c
70073 @@ -61,7 +61,7 @@ MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
70074 rt2x00usb_regbusy_read((__dev), PHY_CSR4, PHY_CSR4_BUSY, (__reg))
70075
70076 static void rt73usb_bbp_write(struct rt2x00_dev *rt2x00dev,
70077 - const unsigned int word, const u8 value)
70078 + const unsigned int word, u8 value)
70079 {
70080 u32 reg;
70081
70082 @@ -116,7 +116,7 @@ static void rt73usb_bbp_read(struct rt2x00_dev *rt2x00dev,
70083 }
70084
70085 static void rt73usb_rf_write(struct rt2x00_dev *rt2x00dev,
70086 - const unsigned int word, const u32 value)
70087 + const unsigned int word, u32 value)
70088 {
70089 u32 reg;
70090
70091 diff --git a/drivers/net/wireless/realtek/rtlwifi/base.c b/drivers/net/wireless/realtek/rtlwifi/base.c
70092 index 264466f..ab69236 100644
70093 --- a/drivers/net/wireless/realtek/rtlwifi/base.c
70094 +++ b/drivers/net/wireless/realtek/rtlwifi/base.c
70095 @@ -467,15 +467,15 @@ static void _rtl_init_deferred_work(struct ieee80211_hw *hw)
70096 rtlpriv->works.hw = hw;
70097 rtlpriv->works.rtl_wq = alloc_workqueue("%s", 0, 0, rtlpriv->cfg->name);
70098 INIT_DELAYED_WORK(&rtlpriv->works.watchdog_wq,
70099 - (void *)rtl_watchdog_wq_callback);
70100 + rtl_watchdog_wq_callback);
70101 INIT_DELAYED_WORK(&rtlpriv->works.ips_nic_off_wq,
70102 - (void *)rtl_ips_nic_off_wq_callback);
70103 + rtl_ips_nic_off_wq_callback);
70104 INIT_DELAYED_WORK(&rtlpriv->works.ps_work,
70105 - (void *)rtl_swlps_wq_callback);
70106 + rtl_swlps_wq_callback);
70107 INIT_DELAYED_WORK(&rtlpriv->works.ps_rfon_wq,
70108 - (void *)rtl_swlps_rfon_wq_callback);
70109 + rtl_swlps_rfon_wq_callback);
70110 INIT_DELAYED_WORK(&rtlpriv->works.fwevt_wq,
70111 - (void *)rtl_fwevt_wq_callback);
70112 + rtl_fwevt_wq_callback);
70113
70114 }
70115
70116 @@ -1559,7 +1559,7 @@ void rtl_beacon_statistic(struct ieee80211_hw *hw, struct sk_buff *skb)
70117 }
70118 EXPORT_SYMBOL_GPL(rtl_beacon_statistic);
70119
70120 -void rtl_watchdog_wq_callback(void *data)
70121 +void rtl_watchdog_wq_callback(struct work_struct *data)
70122 {
70123 struct rtl_works *rtlworks = container_of_dwork_rtl(data,
70124 struct rtl_works,
70125 @@ -1722,7 +1722,7 @@ void rtl_watch_dog_timer_callback(unsigned long data)
70126 mod_timer(&rtlpriv->works.watchdog_timer,
70127 jiffies + MSECS(RTL_WATCH_DOG_TIME));
70128 }
70129 -void rtl_fwevt_wq_callback(void *data)
70130 +void rtl_fwevt_wq_callback(struct work_struct *data)
70131 {
70132 struct rtl_works *rtlworks =
70133 container_of_dwork_rtl(data, struct rtl_works, fwevt_wq);
70134 diff --git a/drivers/net/wireless/realtek/rtlwifi/base.h b/drivers/net/wireless/realtek/rtlwifi/base.h
70135 index 74233d6..482e495 100644
70136 --- a/drivers/net/wireless/realtek/rtlwifi/base.h
70137 +++ b/drivers/net/wireless/realtek/rtlwifi/base.h
70138 @@ -134,8 +134,8 @@ int rtl_rx_agg_start(struct ieee80211_hw *hw,
70139 struct ieee80211_sta *sta, u16 tid);
70140 int rtl_rx_agg_stop(struct ieee80211_hw *hw,
70141 struct ieee80211_sta *sta, u16 tid);
70142 -void rtl_watchdog_wq_callback(void *data);
70143 -void rtl_fwevt_wq_callback(void *data);
70144 +void rtl_watchdog_wq_callback(struct work_struct *data);
70145 +void rtl_fwevt_wq_callback(struct work_struct *data);
70146
70147 void rtl_get_tcb_desc(struct ieee80211_hw *hw,
70148 struct ieee80211_tx_info *info,
70149 diff --git a/drivers/net/wireless/realtek/rtlwifi/pci.c b/drivers/net/wireless/realtek/rtlwifi/pci.c
70150 index d12586d..d6f3388 100644
70151 --- a/drivers/net/wireless/realtek/rtlwifi/pci.c
70152 +++ b/drivers/net/wireless/realtek/rtlwifi/pci.c
70153 @@ -1098,13 +1098,16 @@ done:
70154 return ret;
70155 }
70156
70157 -static void _rtl_pci_irq_tasklet(struct ieee80211_hw *hw)
70158 +static void _rtl_pci_irq_tasklet(unsigned long _hw)
70159 {
70160 + struct ieee80211_hw *hw = (struct ieee80211_hw *)_hw;
70161 +
70162 _rtl_pci_tx_chk_waitq(hw);
70163 }
70164
70165 -static void _rtl_pci_prepare_bcn_tasklet(struct ieee80211_hw *hw)
70166 +static void _rtl_pci_prepare_bcn_tasklet(unsigned long _hw)
70167 {
70168 + struct ieee80211_hw *hw = (struct ieee80211_hw *)_hw;
70169 struct rtl_priv *rtlpriv = rtl_priv(hw);
70170 struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw));
70171 struct rtl_mac *mac = rtl_mac(rtl_priv(hw));
70172 @@ -1225,12 +1228,8 @@ static void _rtl_pci_init_struct(struct ieee80211_hw *hw,
70173 rtlpci->acm_method = EACMWAY2_SW;
70174
70175 /*task */
70176 - tasklet_init(&rtlpriv->works.irq_tasklet,
70177 - (void (*)(unsigned long))_rtl_pci_irq_tasklet,
70178 - (unsigned long)hw);
70179 - tasklet_init(&rtlpriv->works.irq_prepare_bcn_tasklet,
70180 - (void (*)(unsigned long))_rtl_pci_prepare_bcn_tasklet,
70181 - (unsigned long)hw);
70182 + tasklet_init(&rtlpriv->works.irq_tasklet, _rtl_pci_irq_tasklet, (unsigned long)hw);
70183 + tasklet_init(&rtlpriv->works.irq_prepare_bcn_tasklet, _rtl_pci_prepare_bcn_tasklet, (unsigned long)hw);
70184 INIT_WORK(&rtlpriv->works.lps_change_work,
70185 rtl_lps_change_work_callback);
70186 }
70187 diff --git a/drivers/net/wireless/realtek/rtlwifi/ps.c b/drivers/net/wireless/realtek/rtlwifi/ps.c
70188 index 9a64f9b..a7728e9 100644
70189 --- a/drivers/net/wireless/realtek/rtlwifi/ps.c
70190 +++ b/drivers/net/wireless/realtek/rtlwifi/ps.c
70191 @@ -198,7 +198,7 @@ static void _rtl_ps_inactive_ps(struct ieee80211_hw *hw)
70192 ppsc->swrf_processing = false;
70193 }
70194
70195 -void rtl_ips_nic_off_wq_callback(void *data)
70196 +void rtl_ips_nic_off_wq_callback(struct work_struct *data)
70197 {
70198 struct rtl_works *rtlworks =
70199 container_of_dwork_rtl(data, struct rtl_works, ips_nic_off_wq);
70200 @@ -584,7 +584,7 @@ void rtl_swlps_rf_awake(struct ieee80211_hw *hw)
70201 spin_unlock_irqrestore(&rtlpriv->locks.lps_lock, flag);
70202 }
70203
70204 -void rtl_swlps_rfon_wq_callback(void *data)
70205 +void rtl_swlps_rfon_wq_callback(struct work_struct *data)
70206 {
70207 struct rtl_works *rtlworks =
70208 container_of_dwork_rtl(data, struct rtl_works, ps_rfon_wq);
70209 @@ -676,7 +676,7 @@ void rtl_lps_change_work_callback(struct work_struct *work)
70210 }
70211 EXPORT_SYMBOL_GPL(rtl_lps_change_work_callback);
70212
70213 -void rtl_swlps_wq_callback(void *data)
70214 +void rtl_swlps_wq_callback(struct work_struct *data)
70215 {
70216 struct rtl_works *rtlworks = container_of_dwork_rtl(data,
70217 struct rtl_works,
70218 diff --git a/drivers/net/wireless/realtek/rtlwifi/ps.h b/drivers/net/wireless/realtek/rtlwifi/ps.h
70219 index 0df2b52..0607d33 100644
70220 --- a/drivers/net/wireless/realtek/rtlwifi/ps.h
70221 +++ b/drivers/net/wireless/realtek/rtlwifi/ps.h
70222 @@ -32,15 +32,15 @@ bool rtl_ps_enable_nic(struct ieee80211_hw *hw);
70223 bool rtl_ps_disable_nic(struct ieee80211_hw *hw);
70224 void rtl_ips_nic_off(struct ieee80211_hw *hw);
70225 void rtl_ips_nic_on(struct ieee80211_hw *hw);
70226 -void rtl_ips_nic_off_wq_callback(void *data);
70227 +void rtl_ips_nic_off_wq_callback(struct work_struct *data);
70228 void rtl_lps_enter(struct ieee80211_hw *hw);
70229 void rtl_lps_leave(struct ieee80211_hw *hw);
70230
70231 void rtl_lps_set_psmode(struct ieee80211_hw *hw, u8 rt_psmode);
70232
70233 void rtl_swlps_beacon(struct ieee80211_hw *hw, void *data, unsigned int len);
70234 -void rtl_swlps_wq_callback(void *data);
70235 -void rtl_swlps_rfon_wq_callback(void *data);
70236 +void rtl_swlps_wq_callback(struct work_struct *data);
70237 +void rtl_swlps_rfon_wq_callback(struct work_struct *data);
70238 void rtl_swlps_rf_awake(struct ieee80211_hw *hw);
70239 void rtl_swlps_rf_sleep(struct ieee80211_hw *hw);
70240 void rtl_p2p_ps_cmd(struct ieee80211_hw *hw , u8 p2p_ps_state);
70241 diff --git a/drivers/net/wireless/ti/wl1251/sdio.c b/drivers/net/wireless/ti/wl1251/sdio.c
70242 index b661f896..ebea675 100644
70243 --- a/drivers/net/wireless/ti/wl1251/sdio.c
70244 +++ b/drivers/net/wireless/ti/wl1251/sdio.c
70245 @@ -282,13 +282,17 @@ static int wl1251_sdio_probe(struct sdio_func *func,
70246
70247 irq_set_irq_type(wl->irq, IRQ_TYPE_EDGE_RISING);
70248
70249 - wl1251_sdio_ops.enable_irq = wl1251_enable_line_irq;
70250 - wl1251_sdio_ops.disable_irq = wl1251_disable_line_irq;
70251 + pax_open_kernel();
70252 + const_cast(wl1251_sdio_ops.enable_irq) = wl1251_enable_line_irq;
70253 + const_cast(wl1251_sdio_ops.disable_irq) = wl1251_disable_line_irq;
70254 + pax_close_kernel();
70255
70256 wl1251_info("using dedicated interrupt line");
70257 } else {
70258 - wl1251_sdio_ops.enable_irq = wl1251_sdio_enable_irq;
70259 - wl1251_sdio_ops.disable_irq = wl1251_sdio_disable_irq;
70260 + pax_open_kernel();
70261 + const_cast(wl1251_sdio_ops.enable_irq) = wl1251_sdio_enable_irq;
70262 + const_cast(wl1251_sdio_ops.disable_irq) = wl1251_sdio_disable_irq;
70263 + pax_close_kernel();
70264
70265 wl1251_info("using SDIO interrupt");
70266 }
70267 diff --git a/drivers/net/wireless/ti/wl12xx/main.c b/drivers/net/wireless/ti/wl12xx/main.c
70268 index 22009e1..2e5e0c1 100644
70269 --- a/drivers/net/wireless/ti/wl12xx/main.c
70270 +++ b/drivers/net/wireless/ti/wl12xx/main.c
70271 @@ -656,7 +656,9 @@ static int wl12xx_identify_chip(struct wl1271 *wl)
70272 sizeof(wl->conf.mem));
70273
70274 /* read data preparation is only needed by wl127x */
70275 - wl->ops->prepare_read = wl127x_prepare_read;
70276 + pax_open_kernel();
70277 + const_cast(wl->ops->prepare_read) = wl127x_prepare_read;
70278 + pax_close_kernel();
70279
70280 wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER,
70281 WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER,
70282 @@ -681,7 +683,9 @@ static int wl12xx_identify_chip(struct wl1271 *wl)
70283 sizeof(wl->conf.mem));
70284
70285 /* read data preparation is only needed by wl127x */
70286 - wl->ops->prepare_read = wl127x_prepare_read;
70287 + pax_open_kernel();
70288 + const_cast(wl->ops->prepare_read) = wl127x_prepare_read;
70289 + pax_close_kernel();
70290
70291 wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER,
70292 WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER,
70293 diff --git a/drivers/net/wireless/ti/wl18xx/main.c b/drivers/net/wireless/ti/wl18xx/main.c
70294 index 00a04df..859b311 100644
70295 --- a/drivers/net/wireless/ti/wl18xx/main.c
70296 +++ b/drivers/net/wireless/ti/wl18xx/main.c
70297 @@ -2031,8 +2031,10 @@ static int wl18xx_setup(struct wl1271 *wl)
70298 }
70299
70300 if (!checksum_param) {
70301 - wl18xx_ops.set_rx_csum = NULL;
70302 - wl18xx_ops.init_vif = NULL;
70303 + pax_open_kernel();
70304 + const_cast(wl18xx_ops.set_rx_csum) = NULL;
70305 + const_cast(wl18xx_ops.init_vif) = NULL;
70306 + pax_close_kernel();
70307 }
70308
70309 /* Enable 11a Band only if we have 5G antennas */
70310 diff --git a/drivers/net/wireless/zydas/zd1201.c b/drivers/net/wireless/zydas/zd1201.c
70311 index dea049b..ef3bcdd 100644
70312 --- a/drivers/net/wireless/zydas/zd1201.c
70313 +++ b/drivers/net/wireless/zydas/zd1201.c
70314 @@ -891,7 +891,7 @@ static void zd1201_set_multicast(struct net_device *dev)
70315 }
70316
70317 static int zd1201_config_commit(struct net_device *dev,
70318 - struct iw_request_info *info, struct iw_point *data, char *essid)
70319 + struct iw_request_info *info, union iwreq_data *data, char *essid)
70320 {
70321 struct zd1201 *zd = netdev_priv(dev);
70322
70323 @@ -899,15 +899,18 @@ static int zd1201_config_commit(struct net_device *dev,
70324 }
70325
70326 static int zd1201_get_name(struct net_device *dev,
70327 - struct iw_request_info *info, char *name, char *extra)
70328 + struct iw_request_info *info, union iwreq_data *wrqu, char *extra)
70329 {
70330 + char *name = wrqu->name;
70331 +
70332 strcpy(name, "IEEE 802.11b");
70333 return 0;
70334 }
70335
70336 static int zd1201_set_freq(struct net_device *dev,
70337 - struct iw_request_info *info, struct iw_freq *freq, char *extra)
70338 + struct iw_request_info *info, union iwreq_data *wrqu, char *extra)
70339 {
70340 + struct iw_freq *freq = &wrqu->freq;
70341 struct zd1201 *zd = netdev_priv(dev);
70342 short channel = 0;
70343 int err;
70344 @@ -927,8 +930,9 @@ static int zd1201_set_freq(struct net_device *dev,
70345 }
70346
70347 static int zd1201_get_freq(struct net_device *dev,
70348 - struct iw_request_info *info, struct iw_freq *freq, char *extra)
70349 + struct iw_request_info *info, union iwreq_data *wrqu, char *extra)
70350 {
70351 + struct iw_freq *freq = &wrqu->freq;
70352 struct zd1201 *zd = netdev_priv(dev);
70353 short channel;
70354 int err;
70355 @@ -943,8 +947,9 @@ static int zd1201_get_freq(struct net_device *dev,
70356 }
70357
70358 static int zd1201_set_mode(struct net_device *dev,
70359 - struct iw_request_info *info, __u32 *mode, char *extra)
70360 + struct iw_request_info *info, union iwreq_data *wrqu, char *extra)
70361 {
70362 + __u32 *mode = &wrqu->mode;
70363 struct zd1201 *zd = netdev_priv(dev);
70364 short porttype, monitor = 0;
70365 unsigned char buffer[IW_ESSID_MAX_SIZE+2];
70366 @@ -1005,8 +1010,9 @@ static int zd1201_set_mode(struct net_device *dev,
70367 }
70368
70369 static int zd1201_get_mode(struct net_device *dev,
70370 - struct iw_request_info *info, __u32 *mode, char *extra)
70371 + struct iw_request_info *info, union iwreq_data *wrqu, char *extra)
70372 {
70373 + __u32 *mode = &wrqu->mode;
70374 struct zd1201 *zd = netdev_priv(dev);
70375 short porttype;
70376 int err;
70377 @@ -1042,8 +1048,9 @@ static int zd1201_get_mode(struct net_device *dev,
70378 }
70379
70380 static int zd1201_get_range(struct net_device *dev,
70381 - struct iw_request_info *info, struct iw_point *wrq, char *extra)
70382 + struct iw_request_info *info, union iwreq_data *wrqu, char *extra)
70383 {
70384 + struct iw_point *wrq = &wrqu->data;
70385 struct iw_range *range = (struct iw_range *)extra;
70386
70387 wrq->length = sizeof(struct iw_range);
70388 @@ -1081,8 +1088,9 @@ static int zd1201_get_range(struct net_device *dev,
70389 * the stats after asking the bssid.
70390 */
70391 static int zd1201_get_wap(struct net_device *dev,
70392 - struct iw_request_info *info, struct sockaddr *ap_addr, char *extra)
70393 + struct iw_request_info *info, union iwreq_data *wrqu, char *extra)
70394 {
70395 + struct sockaddr *ap_addr = &wrqu->ap_addr;
70396 struct zd1201 *zd = netdev_priv(dev);
70397 unsigned char buffer[6];
70398
70399 @@ -1102,15 +1110,16 @@ static int zd1201_get_wap(struct net_device *dev,
70400 }
70401
70402 static int zd1201_set_scan(struct net_device *dev,
70403 - struct iw_request_info *info, struct iw_point *srq, char *extra)
70404 + struct iw_request_info *info, union iwreq_data *srq, char *extra)
70405 {
70406 /* We do everything in get_scan */
70407 return 0;
70408 }
70409
70410 static int zd1201_get_scan(struct net_device *dev,
70411 - struct iw_request_info *info, struct iw_point *srq, char *extra)
70412 + struct iw_request_info *info, union iwreq_data *wrqu, char *extra)
70413 {
70414 + struct iw_point *srq = &wrqu->data;
70415 struct zd1201 *zd = netdev_priv(dev);
70416 int err, i, j, enabled_save;
70417 struct iw_event iwe;
70418 @@ -1201,8 +1210,9 @@ static int zd1201_get_scan(struct net_device *dev,
70419 }
70420
70421 static int zd1201_set_essid(struct net_device *dev,
70422 - struct iw_request_info *info, struct iw_point *data, char *essid)
70423 + struct iw_request_info *info, union iwreq_data *wrqu, char *essid)
70424 {
70425 + struct iw_point *data = &wrqu->essid;
70426 struct zd1201 *zd = netdev_priv(dev);
70427
70428 if (data->length > IW_ESSID_MAX_SIZE)
70429 @@ -1216,8 +1226,9 @@ static int zd1201_set_essid(struct net_device *dev,
70430 }
70431
70432 static int zd1201_get_essid(struct net_device *dev,
70433 - struct iw_request_info *info, struct iw_point *data, char *essid)
70434 + struct iw_request_info *info, union iwreq_data *wrqu, char *essid)
70435 {
70436 + struct iw_point *data = &wrqu->essid;
70437 struct zd1201 *zd = netdev_priv(dev);
70438
70439 memcpy(essid, zd->essid, zd->essidlen);
70440 @@ -1228,8 +1239,10 @@ static int zd1201_get_essid(struct net_device *dev,
70441 }
70442
70443 static int zd1201_get_nick(struct net_device *dev, struct iw_request_info *info,
70444 - struct iw_point *data, char *nick)
70445 + union iwreq_data *wrqu, char *nick)
70446 {
70447 + struct iw_point *data = &wrqu->data;
70448 +
70449 strcpy(nick, "zd1201");
70450 data->flags = 1;
70451 data->length = strlen(nick);
70452 @@ -1237,8 +1250,9 @@ static int zd1201_get_nick(struct net_device *dev, struct iw_request_info *info,
70453 }
70454
70455 static int zd1201_set_rate(struct net_device *dev,
70456 - struct iw_request_info *info, struct iw_param *rrq, char *extra)
70457 + struct iw_request_info *info, union iwreq_data *wrqu, char *extra)
70458 {
70459 + struct iw_param *rrq = &wrqu->bitrate;
70460 struct zd1201 *zd = netdev_priv(dev);
70461 short rate;
70462 int err;
70463 @@ -1270,8 +1284,9 @@ static int zd1201_set_rate(struct net_device *dev,
70464 }
70465
70466 static int zd1201_get_rate(struct net_device *dev,
70467 - struct iw_request_info *info, struct iw_param *rrq, char *extra)
70468 + struct iw_request_info *info, union iwreq_data *wrqu, char *extra)
70469 {
70470 + struct iw_param *rrq = &wrqu->bitrate;
70471 struct zd1201 *zd = netdev_priv(dev);
70472 short rate;
70473 int err;
70474 @@ -1303,8 +1318,9 @@ static int zd1201_get_rate(struct net_device *dev,
70475 }
70476
70477 static int zd1201_set_rts(struct net_device *dev, struct iw_request_info *info,
70478 - struct iw_param *rts, char *extra)
70479 + union iwreq_data *wrqu, char *extra)
70480 {
70481 + struct iw_param *rts = &wrqu->rts;
70482 struct zd1201 *zd = netdev_priv(dev);
70483 int err;
70484 short val = rts->value;
70485 @@ -1323,8 +1339,9 @@ static int zd1201_set_rts(struct net_device *dev, struct iw_request_info *info,
70486 }
70487
70488 static int zd1201_get_rts(struct net_device *dev, struct iw_request_info *info,
70489 - struct iw_param *rts, char *extra)
70490 + union iwreq_data *wrqu, char *extra)
70491 {
70492 + struct iw_param *rts = &wrqu->rts;
70493 struct zd1201 *zd = netdev_priv(dev);
70494 short rtst;
70495 int err;
70496 @@ -1340,8 +1357,9 @@ static int zd1201_get_rts(struct net_device *dev, struct iw_request_info *info,
70497 }
70498
70499 static int zd1201_set_frag(struct net_device *dev, struct iw_request_info *info,
70500 - struct iw_param *frag, char *extra)
70501 + union iwreq_data *wrqu, char *extra)
70502 {
70503 + struct iw_param *frag = &wrqu->frag;
70504 struct zd1201 *zd = netdev_priv(dev);
70505 int err;
70506 short val = frag->value;
70507 @@ -1361,8 +1379,9 @@ static int zd1201_set_frag(struct net_device *dev, struct iw_request_info *info,
70508 }
70509
70510 static int zd1201_get_frag(struct net_device *dev, struct iw_request_info *info,
70511 - struct iw_param *frag, char *extra)
70512 + union iwreq_data *wrqu, char *extra)
70513 {
70514 + struct iw_param *frag = &wrqu->frag;
70515 struct zd1201 *zd = netdev_priv(dev);
70516 short fragt;
70517 int err;
70518 @@ -1378,20 +1397,21 @@ static int zd1201_get_frag(struct net_device *dev, struct iw_request_info *info,
70519 }
70520
70521 static int zd1201_set_retry(struct net_device *dev,
70522 - struct iw_request_info *info, struct iw_param *rrq, char *extra)
70523 + struct iw_request_info *info, union iwreq_data *rrq, char *extra)
70524 {
70525 return 0;
70526 }
70527
70528 static int zd1201_get_retry(struct net_device *dev,
70529 - struct iw_request_info *info, struct iw_param *rrq, char *extra)
70530 + struct iw_request_info *info, union iwreq_data *rrq, char *extra)
70531 {
70532 return 0;
70533 }
70534
70535 static int zd1201_set_encode(struct net_device *dev,
70536 - struct iw_request_info *info, struct iw_point *erq, char *key)
70537 + struct iw_request_info *info, union iwreq_data *wrqu, char *key)
70538 {
70539 + struct iw_point *erq = &wrqu->encoding;
70540 struct zd1201 *zd = netdev_priv(dev);
70541 short i;
70542 int err, rid;
70543 @@ -1447,8 +1467,9 @@ static int zd1201_set_encode(struct net_device *dev,
70544 }
70545
70546 static int zd1201_get_encode(struct net_device *dev,
70547 - struct iw_request_info *info, struct iw_point *erq, char *key)
70548 + struct iw_request_info *info, union iwreq_data *wrqu, char *key)
70549 {
70550 + struct iw_point *erq = &wrqu->encoding;
70551 struct zd1201 *zd = netdev_priv(dev);
70552 short i;
70553 int err;
70554 @@ -1480,8 +1501,9 @@ static int zd1201_get_encode(struct net_device *dev,
70555 }
70556
70557 static int zd1201_set_power(struct net_device *dev,
70558 - struct iw_request_info *info, struct iw_param *vwrq, char *extra)
70559 + struct iw_request_info *info, union iwreq_data *wrqu, char *extra)
70560 {
70561 + struct iw_param *vwrq = &wrqu->power;
70562 struct zd1201 *zd = netdev_priv(dev);
70563 short enabled, duration, level;
70564 int err;
70565 @@ -1519,8 +1541,9 @@ out:
70566 }
70567
70568 static int zd1201_get_power(struct net_device *dev,
70569 - struct iw_request_info *info, struct iw_param *vwrq, char *extra)
70570 + struct iw_request_info *info, union iwreq_data *wrqu, char *extra)
70571 {
70572 + struct iw_param *vwrq = &wrqu->power;
70573 struct zd1201 *zd = netdev_priv(dev);
70574 short enabled, level, duration;
70575 int err;
70576 @@ -1557,57 +1580,58 @@ static int zd1201_get_power(struct net_device *dev,
70577
70578 static const iw_handler zd1201_iw_handler[] =
70579 {
70580 - (iw_handler) zd1201_config_commit, /* SIOCSIWCOMMIT */
70581 - (iw_handler) zd1201_get_name, /* SIOCGIWNAME */
70582 - (iw_handler) NULL, /* SIOCSIWNWID */
70583 - (iw_handler) NULL, /* SIOCGIWNWID */
70584 - (iw_handler) zd1201_set_freq, /* SIOCSIWFREQ */
70585 - (iw_handler) zd1201_get_freq, /* SIOCGIWFREQ */
70586 - (iw_handler) zd1201_set_mode, /* SIOCSIWMODE */
70587 - (iw_handler) zd1201_get_mode, /* SIOCGIWMODE */
70588 - (iw_handler) NULL, /* SIOCSIWSENS */
70589 - (iw_handler) NULL, /* SIOCGIWSENS */
70590 - (iw_handler) NULL, /* SIOCSIWRANGE */
70591 - (iw_handler) zd1201_get_range, /* SIOCGIWRANGE */
70592 - (iw_handler) NULL, /* SIOCSIWPRIV */
70593 - (iw_handler) NULL, /* SIOCGIWPRIV */
70594 - (iw_handler) NULL, /* SIOCSIWSTATS */
70595 - (iw_handler) NULL, /* SIOCGIWSTATS */
70596 - (iw_handler) NULL, /* SIOCSIWSPY */
70597 - (iw_handler) NULL, /* SIOCGIWSPY */
70598 - (iw_handler) NULL, /* -- hole -- */
70599 - (iw_handler) NULL, /* -- hole -- */
70600 - (iw_handler) NULL/*zd1201_set_wap*/, /* SIOCSIWAP */
70601 - (iw_handler) zd1201_get_wap, /* SIOCGIWAP */
70602 - (iw_handler) NULL, /* -- hole -- */
70603 - (iw_handler) NULL, /* SIOCGIWAPLIST */
70604 - (iw_handler) zd1201_set_scan, /* SIOCSIWSCAN */
70605 - (iw_handler) zd1201_get_scan, /* SIOCGIWSCAN */
70606 - (iw_handler) zd1201_set_essid, /* SIOCSIWESSID */
70607 - (iw_handler) zd1201_get_essid, /* SIOCGIWESSID */
70608 - (iw_handler) NULL, /* SIOCSIWNICKN */
70609 - (iw_handler) zd1201_get_nick, /* SIOCGIWNICKN */
70610 - (iw_handler) NULL, /* -- hole -- */
70611 - (iw_handler) NULL, /* -- hole -- */
70612 - (iw_handler) zd1201_set_rate, /* SIOCSIWRATE */
70613 - (iw_handler) zd1201_get_rate, /* SIOCGIWRATE */
70614 - (iw_handler) zd1201_set_rts, /* SIOCSIWRTS */
70615 - (iw_handler) zd1201_get_rts, /* SIOCGIWRTS */
70616 - (iw_handler) zd1201_set_frag, /* SIOCSIWFRAG */
70617 - (iw_handler) zd1201_get_frag, /* SIOCGIWFRAG */
70618 - (iw_handler) NULL, /* SIOCSIWTXPOW */
70619 - (iw_handler) NULL, /* SIOCGIWTXPOW */
70620 - (iw_handler) zd1201_set_retry, /* SIOCSIWRETRY */
70621 - (iw_handler) zd1201_get_retry, /* SIOCGIWRETRY */
70622 - (iw_handler) zd1201_set_encode, /* SIOCSIWENCODE */
70623 - (iw_handler) zd1201_get_encode, /* SIOCGIWENCODE */
70624 - (iw_handler) zd1201_set_power, /* SIOCSIWPOWER */
70625 - (iw_handler) zd1201_get_power, /* SIOCGIWPOWER */
70626 + zd1201_config_commit, /* SIOCSIWCOMMIT */
70627 + zd1201_get_name, /* SIOCGIWNAME */
70628 + NULL, /* SIOCSIWNWID */
70629 + NULL, /* SIOCGIWNWID */
70630 + zd1201_set_freq, /* SIOCSIWFREQ */
70631 + zd1201_get_freq, /* SIOCGIWFREQ */
70632 + zd1201_set_mode, /* SIOCSIWMODE */
70633 + zd1201_get_mode, /* SIOCGIWMODE */
70634 + NULL, /* SIOCSIWSENS */
70635 + NULL, /* SIOCGIWSENS */
70636 + NULL, /* SIOCSIWRANGE */
70637 + zd1201_get_range, /* SIOCGIWRANGE */
70638 + NULL, /* SIOCSIWPRIV */
70639 + NULL, /* SIOCGIWPRIV */
70640 + NULL, /* SIOCSIWSTATS */
70641 + NULL, /* SIOCGIWSTATS */
70642 + NULL, /* SIOCSIWSPY */
70643 + NULL, /* SIOCGIWSPY */
70644 + NULL, /* -- hole -- */
70645 + NULL, /* -- hole -- */
70646 + NULL/*zd1201_set_wap*/, /* SIOCSIWAP */
70647 + zd1201_get_wap, /* SIOCGIWAP */
70648 + NULL, /* -- hole -- */
70649 + NULL, /* SIOCGIWAPLIST */
70650 + zd1201_set_scan, /* SIOCSIWSCAN */
70651 + zd1201_get_scan, /* SIOCGIWSCAN */
70652 + zd1201_set_essid, /* SIOCSIWESSID */
70653 + zd1201_get_essid, /* SIOCGIWESSID */
70654 + NULL, /* SIOCSIWNICKN */
70655 + zd1201_get_nick, /* SIOCGIWNICKN */
70656 + NULL, /* -- hole -- */
70657 + NULL, /* -- hole -- */
70658 + zd1201_set_rate, /* SIOCSIWRATE */
70659 + zd1201_get_rate, /* SIOCGIWRATE */
70660 + zd1201_set_rts, /* SIOCSIWRTS */
70661 + zd1201_get_rts, /* SIOCGIWRTS */
70662 + zd1201_set_frag, /* SIOCSIWFRAG */
70663 + zd1201_get_frag, /* SIOCGIWFRAG */
70664 + NULL, /* SIOCSIWTXPOW */
70665 + NULL, /* SIOCGIWTXPOW */
70666 + zd1201_set_retry, /* SIOCSIWRETRY */
70667 + zd1201_get_retry, /* SIOCGIWRETRY */
70668 + zd1201_set_encode, /* SIOCSIWENCODE */
70669 + zd1201_get_encode, /* SIOCGIWENCODE */
70670 + zd1201_set_power, /* SIOCSIWPOWER */
70671 + zd1201_get_power, /* SIOCGIWPOWER */
70672 };
70673
70674 static int zd1201_set_hostauth(struct net_device *dev,
70675 - struct iw_request_info *info, struct iw_param *rrq, char *extra)
70676 + struct iw_request_info *info, union iwreq_data *wrqu, char *extra)
70677 {
70678 + struct iw_param *rrq = &wrqu->param;
70679 struct zd1201 *zd = netdev_priv(dev);
70680
70681 if (!zd->ap)
70682 @@ -1617,8 +1641,9 @@ static int zd1201_set_hostauth(struct net_device *dev,
70683 }
70684
70685 static int zd1201_get_hostauth(struct net_device *dev,
70686 - struct iw_request_info *info, struct iw_param *rrq, char *extra)
70687 + struct iw_request_info *info, union iwreq_data *wrqu, char *extra)
70688 {
70689 + struct iw_param *rrq = &wrqu->param;
70690 struct zd1201 *zd = netdev_priv(dev);
70691 short hostauth;
70692 int err;
70693 @@ -1636,8 +1661,9 @@ static int zd1201_get_hostauth(struct net_device *dev,
70694 }
70695
70696 static int zd1201_auth_sta(struct net_device *dev,
70697 - struct iw_request_info *info, struct sockaddr *sta, char *extra)
70698 + struct iw_request_info *info, union iwreq_data *wrqu, char *extra)
70699 {
70700 + struct sockaddr *sta = &wrqu->addr;
70701 struct zd1201 *zd = netdev_priv(dev);
70702 unsigned char buffer[10];
70703
70704 @@ -1652,8 +1678,9 @@ static int zd1201_auth_sta(struct net_device *dev,
70705 }
70706
70707 static int zd1201_set_maxassoc(struct net_device *dev,
70708 - struct iw_request_info *info, struct iw_param *rrq, char *extra)
70709 + struct iw_request_info *info, union iwreq_data *wrqu, char *extra)
70710 {
70711 + struct iw_param *rrq = &wrqu->param;
70712 struct zd1201 *zd = netdev_priv(dev);
70713 int err;
70714
70715 @@ -1667,8 +1694,9 @@ static int zd1201_set_maxassoc(struct net_device *dev,
70716 }
70717
70718 static int zd1201_get_maxassoc(struct net_device *dev,
70719 - struct iw_request_info *info, struct iw_param *rrq, char *extra)
70720 + struct iw_request_info *info, union iwreq_data *wrqu, char *extra)
70721 {
70722 + struct iw_param *rrq = &wrqu->param;
70723 struct zd1201 *zd = netdev_priv(dev);
70724 short maxassoc;
70725 int err;
70726 @@ -1686,12 +1714,12 @@ static int zd1201_get_maxassoc(struct net_device *dev,
70727 }
70728
70729 static const iw_handler zd1201_private_handler[] = {
70730 - (iw_handler) zd1201_set_hostauth, /* ZD1201SIWHOSTAUTH */
70731 - (iw_handler) zd1201_get_hostauth, /* ZD1201GIWHOSTAUTH */
70732 - (iw_handler) zd1201_auth_sta, /* ZD1201SIWAUTHSTA */
70733 - (iw_handler) NULL, /* nothing to get */
70734 - (iw_handler) zd1201_set_maxassoc, /* ZD1201SIMAXASSOC */
70735 - (iw_handler) zd1201_get_maxassoc, /* ZD1201GIMAXASSOC */
70736 + zd1201_set_hostauth, /* ZD1201SIWHOSTAUTH */
70737 + zd1201_get_hostauth, /* ZD1201GIWHOSTAUTH */
70738 + zd1201_auth_sta, /* ZD1201SIWAUTHSTA */
70739 + NULL, /* nothing to get */
70740 + zd1201_set_maxassoc, /* ZD1201SIMAXASSOC */
70741 + zd1201_get_maxassoc, /* ZD1201GIMAXASSOC */
70742 };
70743
70744 static const struct iw_priv_args zd1201_private_args[] = {
70745 diff --git a/drivers/net/wireless/zydas/zd1211rw/zd_usb.c b/drivers/net/wireless/zydas/zd1211rw/zd_usb.c
70746 index a912dc0..a8225ba 100644
70747 --- a/drivers/net/wireless/zydas/zd1211rw/zd_usb.c
70748 +++ b/drivers/net/wireless/zydas/zd1211rw/zd_usb.c
70749 @@ -385,7 +385,7 @@ static inline void handle_regs_int(struct urb *urb)
70750 {
70751 struct zd_usb *usb = urb->context;
70752 struct zd_usb_interrupt *intr = &usb->intr;
70753 - int len;
70754 + unsigned int len;
70755 u16 int_num;
70756
70757 ZD_ASSERT(in_interrupt());
70758 diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c
70759 index 83deeeb..bbc8855 100644
70760 --- a/drivers/net/xen-netback/interface.c
70761 +++ b/drivers/net/xen-netback/interface.c
70762 @@ -178,7 +178,7 @@ static u16 xenvif_select_queue(struct net_device *dev, struct sk_buff *skb,
70763 return vif->hash.mapping[skb_get_hash_raw(skb) % size];
70764 }
70765
70766 -static int xenvif_start_xmit(struct sk_buff *skb, struct net_device *dev)
70767 +static netdev_tx_t xenvif_start_xmit(struct sk_buff *skb, struct net_device *dev)
70768 {
70769 struct xenvif *vif = netdev_priv(dev);
70770 struct xenvif_queue *queue = NULL;
70771 diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
70772 index 96ccd4e..8e1c6b7 100644
70773 --- a/drivers/net/xen-netfront.c
70774 +++ b/drivers/net/xen-netfront.c
70775 @@ -550,7 +550,7 @@ static u16 xennet_select_queue(struct net_device *dev, struct sk_buff *skb,
70776
70777 #define MAX_XEN_SKB_FRAGS (65536 / XEN_PAGE_SIZE + 1)
70778
70779 -static int xennet_start_xmit(struct sk_buff *skb, struct net_device *dev)
70780 +static netdev_tx_t xennet_start_xmit(struct sk_buff *skb, struct net_device *dev)
70781 {
70782 struct netfront_info *np = netdev_priv(dev);
70783 struct netfront_stats *tx_stats = this_cpu_ptr(np->tx_stats);
70784 diff --git a/drivers/ntb/test/ntb_pingpong.c b/drivers/ntb/test/ntb_pingpong.c
70785 index 7d31179..a188713 100644
70786 --- a/drivers/ntb/test/ntb_pingpong.c
70787 +++ b/drivers/ntb/test/ntb_pingpong.c
70788 @@ -99,7 +99,7 @@ struct pp_ctx {
70789 unsigned long db_delay;
70790 struct dentry *debugfs_node_dir;
70791 struct dentry *debugfs_count;
70792 - atomic_t count;
70793 + atomic_unchecked_t count;
70794 };
70795
70796 static struct dentry *pp_debugfs_dir;
70797 @@ -177,7 +177,7 @@ static void pp_db_event(void *ctx, int vec)
70798 dev_dbg(&pp->ntb->dev,
70799 "Pong vec %d bits %#llx\n",
70800 vec, db_bits);
70801 - atomic_inc(&pp->count);
70802 + atomic_inc_unchecked(&pp->count);
70803 }
70804 spin_unlock_irqrestore(&pp->db_lock, irqflags);
70805 }
70806 @@ -194,7 +194,7 @@ static int pp_debugfs_setup(struct pp_ctx *pp)
70807 if (!pp->debugfs_node_dir)
70808 return -ENODEV;
70809
70810 - pp->debugfs_count = debugfs_create_atomic_t("count", S_IRUSR | S_IWUSR,
70811 + pp->debugfs_count = debugfs_create_atomic_unchecked_t("count", S_IRUSR | S_IWUSR,
70812 pp->debugfs_node_dir,
70813 &pp->count);
70814 if (!pp->debugfs_count)
70815 @@ -238,7 +238,7 @@ static int pp_probe(struct ntb_client *client,
70816
70817 pp->ntb = ntb;
70818 pp->db_bits = 0;
70819 - atomic_set(&pp->count, 0);
70820 + atomic_set_unchecked(&pp->count, 0);
70821 spin_lock_init(&pp->db_lock);
70822 setup_timer(&pp->db_timer, pp_ping, (unsigned long)pp);
70823 pp->db_delay = msecs_to_jiffies(delay_ms);
70824 diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
70825 index 60f7eab..1e905da 100644
70826 --- a/drivers/nvme/host/pci.c
70827 +++ b/drivers/nvme/host/pci.c
70828 @@ -2053,7 +2053,7 @@ static int nvme_resume(struct device *dev)
70829 static SIMPLE_DEV_PM_OPS(nvme_dev_pm_ops, nvme_suspend, nvme_resume);
70830
70831 static pci_ers_result_t nvme_error_detected(struct pci_dev *pdev,
70832 - pci_channel_state_t state)
70833 + enum pci_channel_state state)
70834 {
70835 struct nvme_dev *dev = pci_get_drvdata(pdev);
70836
70837 diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
70838 index 085c638..1819bbe 100644
70839 --- a/drivers/of/fdt.c
70840 +++ b/drivers/of/fdt.c
70841 @@ -1304,7 +1304,9 @@ static int __init of_fdt_raw_init(void)
70842 pr_warn("not creating '/sys/firmware/fdt': CRC check failed\n");
70843 return 0;
70844 }
70845 - of_fdt_raw_attr.size = fdt_totalsize(initial_boot_params);
70846 + pax_open_kernel();
70847 + const_cast(of_fdt_raw_attr.size) = fdt_totalsize(initial_boot_params);
70848 + pax_close_kernel();
70849 return sysfs_create_bin_file(firmware_kobj, &of_fdt_raw_attr);
70850 }
70851 late_initcall(of_fdt_raw_init);
70852 diff --git a/drivers/oprofile/buffer_sync.c b/drivers/oprofile/buffer_sync.c
70853 index 82f7000..d6d0447 100644
70854 --- a/drivers/oprofile/buffer_sync.c
70855 +++ b/drivers/oprofile/buffer_sync.c
70856 @@ -345,7 +345,7 @@ static void add_data(struct op_entry *entry, struct mm_struct *mm)
70857 if (cookie == NO_COOKIE)
70858 offset = pc;
70859 if (cookie == INVALID_COOKIE) {
70860 - atomic_inc(&oprofile_stats.sample_lost_no_mapping);
70861 + atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mapping);
70862 offset = pc;
70863 }
70864 if (cookie != last_cookie) {
70865 @@ -389,14 +389,14 @@ add_sample(struct mm_struct *mm, struct op_sample *s, int in_kernel)
70866 /* add userspace sample */
70867
70868 if (!mm) {
70869 - atomic_inc(&oprofile_stats.sample_lost_no_mm);
70870 + atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mm);
70871 return 0;
70872 }
70873
70874 cookie = lookup_dcookie(mm, s->eip, &offset);
70875
70876 if (cookie == INVALID_COOKIE) {
70877 - atomic_inc(&oprofile_stats.sample_lost_no_mapping);
70878 + atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mapping);
70879 return 0;
70880 }
70881
70882 @@ -554,7 +554,7 @@ void sync_buffer(int cpu)
70883 /* ignore backtraces if failed to add a sample */
70884 if (state == sb_bt_start) {
70885 state = sb_bt_ignore;
70886 - atomic_inc(&oprofile_stats.bt_lost_no_mapping);
70887 + atomic_inc_unchecked(&oprofile_stats.bt_lost_no_mapping);
70888 }
70889 }
70890 release_mm(mm);
70891 diff --git a/drivers/oprofile/event_buffer.c b/drivers/oprofile/event_buffer.c
70892 index c0cc4e7..44d4e54 100644
70893 --- a/drivers/oprofile/event_buffer.c
70894 +++ b/drivers/oprofile/event_buffer.c
70895 @@ -53,7 +53,7 @@ void add_event_entry(unsigned long value)
70896 }
70897
70898 if (buffer_pos == buffer_size) {
70899 - atomic_inc(&oprofile_stats.event_lost_overflow);
70900 + atomic_inc_unchecked(&oprofile_stats.event_lost_overflow);
70901 return;
70902 }
70903
70904 diff --git a/drivers/oprofile/oprof.c b/drivers/oprofile/oprof.c
70905 index ed2c3ec..deda85a 100644
70906 --- a/drivers/oprofile/oprof.c
70907 +++ b/drivers/oprofile/oprof.c
70908 @@ -110,7 +110,7 @@ static void switch_worker(struct work_struct *work)
70909 if (oprofile_ops.switch_events())
70910 return;
70911
70912 - atomic_inc(&oprofile_stats.multiplex_counter);
70913 + atomic_inc_unchecked(&oprofile_stats.multiplex_counter);
70914 start_switch_worker();
70915 }
70916
70917 diff --git a/drivers/oprofile/oprofile_stats.c b/drivers/oprofile/oprofile_stats.c
70918 index 59659ce..6c860a0 100644
70919 --- a/drivers/oprofile/oprofile_stats.c
70920 +++ b/drivers/oprofile/oprofile_stats.c
70921 @@ -30,11 +30,11 @@ void oprofile_reset_stats(void)
70922 cpu_buf->sample_invalid_eip = 0;
70923 }
70924
70925 - atomic_set(&oprofile_stats.sample_lost_no_mm, 0);
70926 - atomic_set(&oprofile_stats.sample_lost_no_mapping, 0);
70927 - atomic_set(&oprofile_stats.event_lost_overflow, 0);
70928 - atomic_set(&oprofile_stats.bt_lost_no_mapping, 0);
70929 - atomic_set(&oprofile_stats.multiplex_counter, 0);
70930 + atomic_set_unchecked(&oprofile_stats.sample_lost_no_mm, 0);
70931 + atomic_set_unchecked(&oprofile_stats.sample_lost_no_mapping, 0);
70932 + atomic_set_unchecked(&oprofile_stats.event_lost_overflow, 0);
70933 + atomic_set_unchecked(&oprofile_stats.bt_lost_no_mapping, 0);
70934 + atomic_set_unchecked(&oprofile_stats.multiplex_counter, 0);
70935 }
70936
70937
70938 diff --git a/drivers/oprofile/oprofile_stats.h b/drivers/oprofile/oprofile_stats.h
70939 index 1fc622b..8c48fc3 100644
70940 --- a/drivers/oprofile/oprofile_stats.h
70941 +++ b/drivers/oprofile/oprofile_stats.h
70942 @@ -13,11 +13,11 @@
70943 #include <linux/atomic.h>
70944
70945 struct oprofile_stat_struct {
70946 - atomic_t sample_lost_no_mm;
70947 - atomic_t sample_lost_no_mapping;
70948 - atomic_t bt_lost_no_mapping;
70949 - atomic_t event_lost_overflow;
70950 - atomic_t multiplex_counter;
70951 + atomic_unchecked_t sample_lost_no_mm;
70952 + atomic_unchecked_t sample_lost_no_mapping;
70953 + atomic_unchecked_t bt_lost_no_mapping;
70954 + atomic_unchecked_t event_lost_overflow;
70955 + atomic_unchecked_t multiplex_counter;
70956 };
70957
70958 extern struct oprofile_stat_struct oprofile_stats;
70959 diff --git a/drivers/oprofile/oprofilefs.c b/drivers/oprofile/oprofilefs.c
70960 index a0e5260..a6d7637 100644
70961 --- a/drivers/oprofile/oprofilefs.c
70962 +++ b/drivers/oprofile/oprofilefs.c
70963 @@ -176,8 +176,8 @@ int oprofilefs_create_ro_ulong(struct dentry *root,
70964
70965 static ssize_t atomic_read_file(struct file *file, char __user *buf, size_t count, loff_t *offset)
70966 {
70967 - atomic_t *val = file->private_data;
70968 - return oprofilefs_ulong_to_user(atomic_read(val), buf, count, offset);
70969 + atomic_unchecked_t *val = file->private_data;
70970 + return oprofilefs_ulong_to_user(atomic_read_unchecked(val), buf, count, offset);
70971 }
70972
70973
70974 @@ -189,7 +189,7 @@ static const struct file_operations atomic_ro_fops = {
70975
70976
70977 int oprofilefs_create_ro_atomic(struct dentry *root,
70978 - char const *name, atomic_t *val)
70979 + char const *name, atomic_unchecked_t *val)
70980 {
70981 return __oprofilefs_create_file(root, name,
70982 &atomic_ro_fops, 0444, val);
70983 diff --git a/drivers/oprofile/timer_int.c b/drivers/oprofile/timer_int.c
70984 index bdef916..88c7dee 100644
70985 --- a/drivers/oprofile/timer_int.c
70986 +++ b/drivers/oprofile/timer_int.c
70987 @@ -93,7 +93,7 @@ static int oprofile_cpu_notify(struct notifier_block *self,
70988 return NOTIFY_OK;
70989 }
70990
70991 -static struct notifier_block __refdata oprofile_cpu_notifier = {
70992 +static struct notifier_block oprofile_cpu_notifier = {
70993 .notifier_call = oprofile_cpu_notify,
70994 };
70995
70996 diff --git a/drivers/parport/procfs.c b/drivers/parport/procfs.c
70997 index 74ed3e4..3e74a1c 100644
70998 --- a/drivers/parport/procfs.c
70999 +++ b/drivers/parport/procfs.c
71000 @@ -65,7 +65,7 @@ static int do_active_device(struct ctl_table *table, int write,
71001
71002 *ppos += len;
71003
71004 - return copy_to_user(result, buffer, len) ? -EFAULT : 0;
71005 + return (len > sizeof buffer || copy_to_user(result, buffer, len)) ? -EFAULT : 0;
71006 }
71007
71008 #ifdef CONFIG_PARPORT_1284
71009 @@ -107,7 +107,7 @@ static int do_autoprobe(struct ctl_table *table, int write,
71010
71011 *ppos += len;
71012
71013 - return copy_to_user (result, buffer, len) ? -EFAULT : 0;
71014 + return (len > sizeof buffer || copy_to_user (result, buffer, len)) ? -EFAULT : 0;
71015 }
71016 #endif /* IEEE1284.3 support. */
71017
71018 diff --git a/drivers/pci/hotplug/acpiphp_ibm.c b/drivers/pci/hotplug/acpiphp_ibm.c
71019 index f6221d7..80121ae 100644
71020 --- a/drivers/pci/hotplug/acpiphp_ibm.c
71021 +++ b/drivers/pci/hotplug/acpiphp_ibm.c
71022 @@ -465,7 +465,9 @@ static int __init ibm_acpiphp_init(void)
71023 goto init_cleanup;
71024 }
71025
71026 - ibm_apci_table_attr.size = ibm_get_table_from_acpi(NULL);
71027 + pax_open_kernel();
71028 + const_cast(ibm_apci_table_attr.size) = ibm_get_table_from_acpi(NULL);
71029 + pax_close_kernel();
71030 retval = sysfs_create_bin_file(sysdir, &ibm_apci_table_attr);
71031
71032 return retval;
71033 diff --git a/drivers/pci/hotplug/cpcihp_generic.c b/drivers/pci/hotplug/cpcihp_generic.c
71034 index 88a44a7..de358ce 100644
71035 --- a/drivers/pci/hotplug/cpcihp_generic.c
71036 +++ b/drivers/pci/hotplug/cpcihp_generic.c
71037 @@ -73,7 +73,6 @@ static u16 port;
71038 static unsigned int enum_bit;
71039 static u8 enum_mask;
71040
71041 -static struct cpci_hp_controller_ops generic_hpc_ops;
71042 static struct cpci_hp_controller generic_hpc;
71043
71044 static int __init validate_parameters(void)
71045 @@ -139,6 +138,10 @@ static int query_enum(void)
71046 return ((value & enum_mask) == enum_mask);
71047 }
71048
71049 +static struct cpci_hp_controller_ops generic_hpc_ops = {
71050 + .query_enum = query_enum,
71051 +};
71052 +
71053 static int __init cpcihp_generic_init(void)
71054 {
71055 int status;
71056 @@ -165,7 +168,6 @@ static int __init cpcihp_generic_init(void)
71057 pci_dev_put(dev);
71058
71059 memset(&generic_hpc, 0, sizeof(struct cpci_hp_controller));
71060 - generic_hpc_ops.query_enum = query_enum;
71061 generic_hpc.ops = &generic_hpc_ops;
71062
71063 status = cpci_hp_register_controller(&generic_hpc);
71064 diff --git a/drivers/pci/hotplug/cpcihp_zt5550.c b/drivers/pci/hotplug/cpcihp_zt5550.c
71065 index 5f49c3f..438f019 100644
71066 --- a/drivers/pci/hotplug/cpcihp_zt5550.c
71067 +++ b/drivers/pci/hotplug/cpcihp_zt5550.c
71068 @@ -59,7 +59,6 @@
71069 /* local variables */
71070 static bool debug;
71071 static bool poll;
71072 -static struct cpci_hp_controller_ops zt5550_hpc_ops;
71073 static struct cpci_hp_controller zt5550_hpc;
71074
71075 /* Primary cPCI bus bridge device */
71076 @@ -204,6 +203,10 @@ static int zt5550_hc_disable_irq(void)
71077 return 0;
71078 }
71079
71080 +static struct cpci_hp_controller_ops zt5550_hpc_ops = {
71081 + .query_enum = zt5550_hc_query_enum,
71082 +};
71083 +
71084 static int zt5550_hc_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
71085 {
71086 int status;
71087 @@ -215,16 +218,17 @@ static int zt5550_hc_init_one(struct pci_dev *pdev, const struct pci_device_id *
71088 dbg("returned from zt5550_hc_config");
71089
71090 memset(&zt5550_hpc, 0, sizeof(struct cpci_hp_controller));
71091 - zt5550_hpc_ops.query_enum = zt5550_hc_query_enum;
71092 zt5550_hpc.ops = &zt5550_hpc_ops;
71093 if (!poll) {
71094 zt5550_hpc.irq = hc_dev->irq;
71095 zt5550_hpc.irq_flags = IRQF_SHARED;
71096 zt5550_hpc.dev_id = hc_dev;
71097
71098 - zt5550_hpc_ops.enable_irq = zt5550_hc_enable_irq;
71099 - zt5550_hpc_ops.disable_irq = zt5550_hc_disable_irq;
71100 - zt5550_hpc_ops.check_irq = zt5550_hc_check_irq;
71101 + pax_open_kernel();
71102 + const_cast(zt5550_hpc_ops.enable_irq) = zt5550_hc_enable_irq;
71103 + const_cast(zt5550_hpc_ops.disable_irq) = zt5550_hc_disable_irq;
71104 + const_cast(zt5550_hpc_ops.check_irq) = zt5550_hc_check_irq;
71105 + pax_open_kernel();
71106 } else {
71107 info("using ENUM# polling mode");
71108 }
71109 diff --git a/drivers/pci/hotplug/cpqphp_nvram.c b/drivers/pci/hotplug/cpqphp_nvram.c
71110 index c25fc90..b054774 100644
71111 --- a/drivers/pci/hotplug/cpqphp_nvram.c
71112 +++ b/drivers/pci/hotplug/cpqphp_nvram.c
71113 @@ -425,8 +425,10 @@ static u32 store_HRT(void __iomem *rom_start)
71114
71115 void compaq_nvram_init(void __iomem *rom_start)
71116 {
71117 +#ifndef CONFIG_PAX_KERNEXEC
71118 if (rom_start)
71119 compaq_int15_entry_point = (rom_start + ROM_INT15_PHY_ADDR - ROM_PHY_ADDR);
71120 +#endif
71121
71122 dbg("int15 entry = %p\n", compaq_int15_entry_point);
71123
71124 diff --git a/drivers/pci/hotplug/pci_hotplug_core.c b/drivers/pci/hotplug/pci_hotplug_core.c
71125 index 9acd199..1b19f5b 100644
71126 --- a/drivers/pci/hotplug/pci_hotplug_core.c
71127 +++ b/drivers/pci/hotplug/pci_hotplug_core.c
71128 @@ -434,8 +434,10 @@ int __pci_hp_register(struct hotplug_slot *slot, struct pci_bus *bus,
71129 return -EINVAL;
71130 }
71131
71132 - slot->ops->owner = owner;
71133 - slot->ops->mod_name = mod_name;
71134 + pax_open_kernel();
71135 + const_cast(slot->ops->owner) = owner;
71136 + const_cast(slot->ops->mod_name) = mod_name;
71137 + pax_close_kernel();
71138
71139 mutex_lock(&pci_hp_mutex);
71140 /*
71141 diff --git a/drivers/pci/hotplug/pciehp_core.c b/drivers/pci/hotplug/pciehp_core.c
71142 index ac531e6..716d058 100644
71143 --- a/drivers/pci/hotplug/pciehp_core.c
71144 +++ b/drivers/pci/hotplug/pciehp_core.c
71145 @@ -87,7 +87,7 @@ static int init_slot(struct controller *ctrl)
71146 struct slot *slot = ctrl->slot;
71147 struct hotplug_slot *hotplug = NULL;
71148 struct hotplug_slot_info *info = NULL;
71149 - struct hotplug_slot_ops *ops = NULL;
71150 + hotplug_slot_ops_no_const *ops = NULL;
71151 char name[SLOT_NAME_SIZE];
71152 int retval = -ENOMEM;
71153
71154 diff --git a/drivers/pci/msi.c b/drivers/pci/msi.c
71155 index 98f1222..d57e451 100644
71156 --- a/drivers/pci/msi.c
71157 +++ b/drivers/pci/msi.c
71158 @@ -476,8 +476,8 @@ static int populate_msi_sysfs(struct pci_dev *pdev)
71159 {
71160 struct attribute **msi_attrs;
71161 struct attribute *msi_attr;
71162 - struct device_attribute *msi_dev_attr;
71163 - struct attribute_group *msi_irq_group;
71164 + device_attribute_no_const *msi_dev_attr;
71165 + attribute_group_no_const *msi_irq_group;
71166 const struct attribute_group **msi_irq_groups;
71167 struct msi_desc *entry;
71168 int ret = -ENOMEM;
71169 @@ -539,7 +539,7 @@ error_attrs:
71170 count = 0;
71171 msi_attr = msi_attrs[count];
71172 while (msi_attr) {
71173 - msi_dev_attr = container_of(msi_attr, struct device_attribute, attr);
71174 + msi_dev_attr = container_of(msi_attr, device_attribute_no_const, attr);
71175 kfree(msi_attr->name);
71176 kfree(msi_dev_attr);
71177 ++count;
71178 @@ -1369,12 +1369,14 @@ static void pci_msi_domain_update_dom_ops(struct msi_domain_info *info)
71179 if (ops == NULL) {
71180 info->ops = &pci_msi_domain_ops_default;
71181 } else {
71182 + pax_open_kernel();
71183 if (ops->set_desc == NULL)
71184 - ops->set_desc = pci_msi_domain_set_desc;
71185 + const_cast(ops->set_desc) = pci_msi_domain_set_desc;
71186 if (ops->msi_check == NULL)
71187 - ops->msi_check = pci_msi_domain_check_cap;
71188 + const_cast(ops->msi_check) = pci_msi_domain_check_cap;
71189 if (ops->handle_error == NULL)
71190 - ops->handle_error = pci_msi_domain_handle_error;
71191 + const_cast(ops->handle_error) = pci_msi_domain_handle_error;
71192 + pax_close_kernel();
71193 }
71194 }
71195
71196 @@ -1383,12 +1385,14 @@ static void pci_msi_domain_update_chip_ops(struct msi_domain_info *info)
71197 struct irq_chip *chip = info->chip;
71198
71199 BUG_ON(!chip);
71200 + pax_open_kernel();
71201 if (!chip->irq_write_msi_msg)
71202 - chip->irq_write_msi_msg = pci_msi_domain_write_msg;
71203 + const_cast(chip->irq_write_msi_msg) = pci_msi_domain_write_msg;
71204 if (!chip->irq_mask)
71205 - chip->irq_mask = pci_msi_mask_irq;
71206 + const_cast(chip->irq_mask) = pci_msi_mask_irq;
71207 if (!chip->irq_unmask)
71208 - chip->irq_unmask = pci_msi_unmask_irq;
71209 + const_cast(chip->irq_unmask) = pci_msi_unmask_irq;
71210 + pax_close_kernel();
71211 }
71212
71213 /**
71214 diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
71215 index bcd10c7..c7c18bc 100644
71216 --- a/drivers/pci/pci-sysfs.c
71217 +++ b/drivers/pci/pci-sysfs.c
71218 @@ -1141,7 +1141,7 @@ static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine)
71219 {
71220 /* allocate attribute structure, piggyback attribute name */
71221 int name_len = write_combine ? 13 : 10;
71222 - struct bin_attribute *res_attr;
71223 + bin_attribute_no_const *res_attr;
71224 char *res_attr_name;
71225 int retval;
71226
71227 @@ -1321,7 +1321,7 @@ static struct device_attribute reset_attr = __ATTR(reset, 0200, NULL, reset_stor
71228 static int pci_create_capabilities_sysfs(struct pci_dev *dev)
71229 {
71230 int retval;
71231 - struct bin_attribute *attr;
71232 + bin_attribute_no_const *attr;
71233
71234 /* If the device has VPD, try to expose it in sysfs. */
71235 if (dev->vpd) {
71236 @@ -1368,7 +1368,7 @@ int __must_check pci_create_sysfs_dev_files(struct pci_dev *pdev)
71237 {
71238 int retval;
71239 int rom_size;
71240 - struct bin_attribute *attr;
71241 + bin_attribute_no_const *attr;
71242
71243 if (!sysfs_initialized)
71244 return -EACCES;
71245 diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h
71246 index 9730c47..773a322 100644
71247 --- a/drivers/pci/pci.h
71248 +++ b/drivers/pci/pci.h
71249 @@ -113,7 +113,7 @@ struct pci_vpd_ops {
71250
71251 struct pci_vpd {
71252 const struct pci_vpd_ops *ops;
71253 - struct bin_attribute *attr; /* descriptor for sysfs VPD entry */
71254 + bin_attribute_no_const *attr; /* descriptor for sysfs VPD entry */
71255 struct mutex lock;
71256 unsigned int len;
71257 u16 flag;
71258 @@ -314,7 +314,7 @@ static inline int pci_iov_bus_range(struct pci_bus *bus)
71259
71260 #endif /* CONFIG_PCI_IOV */
71261
71262 -unsigned long pci_cardbus_resource_alignment(struct resource *);
71263 +unsigned long pci_cardbus_resource_alignment(const struct resource *);
71264
71265 static inline resource_size_t pci_resource_alignment(struct pci_dev *dev,
71266 struct resource *res)
71267 diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c
71268 index 0ec649d..f93be68 100644
71269 --- a/drivers/pci/pcie/aspm.c
71270 +++ b/drivers/pci/pcie/aspm.c
71271 @@ -27,9 +27,9 @@
71272 #define MODULE_PARAM_PREFIX "pcie_aspm."
71273
71274 /* Note: those are not register definitions */
71275 -#define ASPM_STATE_L0S_UP (1) /* Upstream direction L0s state */
71276 -#define ASPM_STATE_L0S_DW (2) /* Downstream direction L0s state */
71277 -#define ASPM_STATE_L1 (4) /* L1 state */
71278 +#define ASPM_STATE_L0S_UP (1U) /* Upstream direction L0s state */
71279 +#define ASPM_STATE_L0S_DW (2U) /* Downstream direction L0s state */
71280 +#define ASPM_STATE_L1 (4U) /* L1 state */
71281 #define ASPM_STATE_L0S (ASPM_STATE_L0S_UP | ASPM_STATE_L0S_DW)
71282 #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1)
71283
71284 @@ -775,7 +775,7 @@ void pci_disable_link_state(struct pci_dev *pdev, int state)
71285 }
71286 EXPORT_SYMBOL(pci_disable_link_state);
71287
71288 -static int pcie_aspm_set_policy(const char *val, struct kernel_param *kp)
71289 +static int pcie_aspm_set_policy(const char *val, const struct kernel_param *kp)
71290 {
71291 int i;
71292 struct pcie_link_state *link;
71293 @@ -802,7 +802,7 @@ static int pcie_aspm_set_policy(const char *val, struct kernel_param *kp)
71294 return 0;
71295 }
71296
71297 -static int pcie_aspm_get_policy(char *buffer, struct kernel_param *kp)
71298 +static int pcie_aspm_get_policy(char *buffer, const struct kernel_param *kp)
71299 {
71300 int i, cnt = 0;
71301 for (i = 0; i < ARRAY_SIZE(policy_str); i++)
71302 diff --git a/drivers/pci/pcie/portdrv_pci.c b/drivers/pci/pcie/portdrv_pci.c
71303 index 70d7ad8..66f87d6 100644
71304 --- a/drivers/pci/pcie/portdrv_pci.c
71305 +++ b/drivers/pci/pcie/portdrv_pci.c
71306 @@ -370,7 +370,7 @@ static int __init dmi_pcie_pme_disable_msi(const struct dmi_system_id *d)
71307 return 0;
71308 }
71309
71310 -static struct dmi_system_id __initdata pcie_portdrv_dmi_table[] = {
71311 +static const struct dmi_system_id __initconst pcie_portdrv_dmi_table[] = {
71312 /*
71313 * Boxes that should not use MSI for PCIe PME signaling.
71314 */
71315 diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
71316 index 93f280d..a349035 100644
71317 --- a/drivers/pci/probe.c
71318 +++ b/drivers/pci/probe.c
71319 @@ -180,7 +180,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type,
71320 u16 orig_cmd;
71321 struct pci_bus_region region, inverted_region;
71322
71323 - mask = type ? PCI_ROM_ADDRESS_MASK : ~0;
71324 + mask = type ? (u32)PCI_ROM_ADDRESS_MASK : ~0;
71325
71326 /* No printks while decoding is disabled! */
71327 if (!dev->mmio_always_on) {
71328 diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
71329 index 2408abe..455d4d4 100644
71330 --- a/drivers/pci/proc.c
71331 +++ b/drivers/pci/proc.c
71332 @@ -437,7 +437,16 @@ static const struct file_operations proc_bus_pci_dev_operations = {
71333 static int __init pci_proc_init(void)
71334 {
71335 struct pci_dev *dev = NULL;
71336 +
71337 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
71338 +#ifdef CONFIG_GRKERNSEC_PROC_USER
71339 + proc_bus_pci_dir = proc_mkdir_mode("bus/pci", S_IRUSR | S_IXUSR, NULL);
71340 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
71341 + proc_bus_pci_dir = proc_mkdir_mode("bus/pci", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL);
71342 +#endif
71343 +#else
71344 proc_bus_pci_dir = proc_mkdir("bus/pci", NULL);
71345 +#endif
71346 proc_create("devices", 0, proc_bus_pci_dir,
71347 &proc_bus_pci_dev_operations);
71348 proc_initialized = 1;
71349 diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c
71350 index c74059e..95cd7bc 100644
71351 --- a/drivers/pci/setup-bus.c
71352 +++ b/drivers/pci/setup-bus.c
71353 @@ -405,8 +405,12 @@ static void __assign_resources_sorted(struct list_head *head,
71354
71355 /* Update res in head list with add_size in realloc_head list */
71356 list_for_each_entry_safe(dev_res, tmp_res, head, list) {
71357 - dev_res->res->end += get_res_add_size(realloc_head,
71358 - dev_res->res);
71359 + resource_size_t add_size = get_res_add_size(realloc_head, dev_res->res);
71360 +
71361 + if (dev_res->res->start == 0 && dev_res->res->end == RESOURCE_SIZE_MAX)
71362 + dev_res->res->end = add_size - 1;
71363 + else
71364 + dev_res->res->end += get_res_add_size(realloc_head, dev_res->res);
71365
71366 /*
71367 * There are two kinds of additional resources in the list:
71368 @@ -1119,7 +1123,7 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask,
71369 return 0;
71370 }
71371
71372 -unsigned long pci_cardbus_resource_alignment(struct resource *res)
71373 +unsigned long pci_cardbus_resource_alignment(const struct resource *res)
71374 {
71375 if (res->flags & IORESOURCE_IO)
71376 return pci_cardbus_io_size;
71377 diff --git a/drivers/pinctrl/nomadik/pinctrl-nomadik.c b/drivers/pinctrl/nomadik/pinctrl-nomadik.c
71378 index 35f6218..481d098 100644
71379 --- a/drivers/pinctrl/nomadik/pinctrl-nomadik.c
71380 +++ b/drivers/pinctrl/nomadik/pinctrl-nomadik.c
71381 @@ -1098,7 +1098,7 @@ static int nmk_gpio_probe(struct platform_device *dev)
71382 struct device_node *np = dev->dev.of_node;
71383 struct nmk_gpio_chip *nmk_chip;
71384 struct gpio_chip *chip;
71385 - struct irq_chip *irqchip;
71386 + irq_chip_no_const *irqchip;
71387 int latent_irq;
71388 bool supports_sleepmode;
71389 int irq;
71390 diff --git a/drivers/pinctrl/pinctrl-at91.c b/drivers/pinctrl/pinctrl-at91.c
71391 index 80daead..388a2c6 100644
71392 --- a/drivers/pinctrl/pinctrl-at91.c
71393 +++ b/drivers/pinctrl/pinctrl-at91.c
71394 @@ -23,6 +23,7 @@
71395 #include <linux/pinctrl/pinmux.h>
71396 /* Since we request GPIOs from ourself */
71397 #include <linux/pinctrl/consumer.h>
71398 +#include <asm/pgtable.h>
71399
71400 #include "pinctrl-at91.h"
71401 #include "core.h"
71402 @@ -1600,7 +1601,9 @@ static int at91_gpio_of_irq_setup(struct platform_device *pdev,
71403 at91_gpio->pioc_hwirq = irqd_to_hwirq(d);
71404
71405 /* Setup proper .irq_set_type function */
71406 - gpio_irqchip.irq_set_type = at91_gpio->ops->irq_type;
71407 + pax_open_kernel();
71408 + const_cast(gpio_irqchip.irq_set_type) = at91_gpio->ops->irq_type;
71409 + pax_close_kernel();
71410
71411 /* Disable irqs of this PIO controller */
71412 writel_relaxed(~0, at91_gpio->regbase + PIO_IDR);
71413 diff --git a/drivers/platform/chrome/chromeos_laptop.c b/drivers/platform/chrome/chromeos_laptop.c
71414 index e8a44a9..d859973 100644
71415 --- a/drivers/platform/chrome/chromeos_laptop.c
71416 +++ b/drivers/platform/chrome/chromeos_laptop.c
71417 @@ -518,7 +518,7 @@ static struct chromeos_laptop cr48 = {
71418 .callback = chromeos_laptop_dmi_matched, \
71419 .driver_data = (void *)&board_
71420
71421 -static struct dmi_system_id chromeos_laptop_dmi_table[] __initdata = {
71422 +static const struct dmi_system_id chromeos_laptop_dmi_table[] __initconst = {
71423 {
71424 .ident = "Samsung Series 5 550",
71425 .matches = {
71426 diff --git a/drivers/platform/chrome/chromeos_pstore.c b/drivers/platform/chrome/chromeos_pstore.c
71427 index 308a853..b0693fd 100644
71428 --- a/drivers/platform/chrome/chromeos_pstore.c
71429 +++ b/drivers/platform/chrome/chromeos_pstore.c
71430 @@ -14,7 +14,7 @@
71431 #include <linux/platform_device.h>
71432 #include <linux/pstore_ram.h>
71433
71434 -static struct dmi_system_id chromeos_pstore_dmi_table[] __initdata = {
71435 +static const struct dmi_system_id chromeos_pstore_dmi_table[] __initconst = {
71436 {
71437 /*
71438 * Today all Chromebooks/boxes ship with Google_* as version and
71439 diff --git a/drivers/platform/chrome/cros_ec_lpc.c b/drivers/platform/chrome/cros_ec_lpc.c
71440 index f9a2454..2759664 100644
71441 --- a/drivers/platform/chrome/cros_ec_lpc.c
71442 +++ b/drivers/platform/chrome/cros_ec_lpc.c
71443 @@ -300,7 +300,7 @@ static int cros_ec_lpc_remove(struct platform_device *pdev)
71444 return 0;
71445 }
71446
71447 -static struct dmi_system_id cros_ec_lpc_dmi_table[] __initdata = {
71448 +static const struct dmi_system_id cros_ec_lpc_dmi_table[] __initconst = {
71449 {
71450 /*
71451 * Today all Chromebooks/boxes ship with Google_* as version and
71452 diff --git a/drivers/platform/x86/alienware-wmi.c b/drivers/platform/x86/alienware-wmi.c
71453 index 0056294..8f8c2d5 100644
71454 --- a/drivers/platform/x86/alienware-wmi.c
71455 +++ b/drivers/platform/x86/alienware-wmi.c
71456 @@ -209,7 +209,7 @@ struct wmax_led_args {
71457 } __packed;
71458
71459 static struct platform_device *platform_device;
71460 -static struct device_attribute *zone_dev_attrs;
71461 +static device_attribute_no_const *zone_dev_attrs;
71462 static struct attribute **zone_attrs;
71463 static struct platform_zone *zone_data;
71464
71465 @@ -219,7 +219,7 @@ static struct platform_driver platform_driver = {
71466 }
71467 };
71468
71469 -static struct attribute_group zone_attribute_group = {
71470 +static attribute_group_no_const zone_attribute_group = {
71471 .name = "rgb_zones",
71472 };
71473
71474 diff --git a/drivers/platform/x86/apple-gmux.c b/drivers/platform/x86/apple-gmux.c
71475 index a66be13..124be13 100644
71476 --- a/drivers/platform/x86/apple-gmux.c
71477 +++ b/drivers/platform/x86/apple-gmux.c
71478 @@ -482,7 +482,7 @@ static int gmux_set_power_state(enum vga_switcheroo_client_id id,
71479 return gmux_set_discrete_state(apple_gmux_data, state);
71480 }
71481
71482 -static int gmux_get_client_id(struct pci_dev *pdev)
71483 +static enum vga_switcheroo_client_id gmux_get_client_id(struct pci_dev *pdev)
71484 {
71485 /*
71486 * Early Macbook Pros with switchable graphics use nvidia
71487 diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
71488 index 7c093a0..f2fb59f 100644
71489 --- a/drivers/platform/x86/asus-wmi.c
71490 +++ b/drivers/platform/x86/asus-wmi.c
71491 @@ -1872,6 +1872,10 @@ static int show_dsts(struct seq_file *m, void *data)
71492 int err;
71493 u32 retval = -1;
71494
71495 +#ifdef CONFIG_GRKERNSEC_KMEM
71496 + return -EPERM;
71497 +#endif
71498 +
71499 err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
71500
71501 if (err < 0)
71502 @@ -1888,6 +1892,10 @@ static int show_devs(struct seq_file *m, void *data)
71503 int err;
71504 u32 retval = -1;
71505
71506 +#ifdef CONFIG_GRKERNSEC_KMEM
71507 + return -EPERM;
71508 +#endif
71509 +
71510 err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
71511 &retval);
71512
71513 @@ -1912,6 +1920,10 @@ static int show_call(struct seq_file *m, void *data)
71514 union acpi_object *obj;
71515 acpi_status status;
71516
71517 +#ifdef CONFIG_GRKERNSEC_KMEM
71518 + return -EPERM;
71519 +#endif
71520 +
71521 status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
71522 1, asus->debug.method_id,
71523 &input, &output);
71524 diff --git a/drivers/platform/x86/compal-laptop.c b/drivers/platform/x86/compal-laptop.c
71525 index e1c2b6d..8f25439 100644
71526 --- a/drivers/platform/x86/compal-laptop.c
71527 +++ b/drivers/platform/x86/compal-laptop.c
71528 @@ -805,7 +805,7 @@ static int dmi_check_cb_extra(const struct dmi_system_id *id)
71529 return 1;
71530 }
71531
71532 -static struct dmi_system_id __initdata compal_dmi_table[] = {
71533 +static const struct dmi_system_id __initconst compal_dmi_table[] = {
71534 {
71535 .ident = "FL90/IFL90",
71536 .matches = {
71537 diff --git a/drivers/platform/x86/hdaps.c b/drivers/platform/x86/hdaps.c
71538 index 458e6c9..089aee7 100644
71539 --- a/drivers/platform/x86/hdaps.c
71540 +++ b/drivers/platform/x86/hdaps.c
71541 @@ -514,7 +514,7 @@ static int __init hdaps_dmi_match_invert(const struct dmi_system_id *id)
71542 "ThinkPad T42p", so the order of the entries matters.
71543 If your ThinkPad is not recognized, please update to latest
71544 BIOS. This is especially the case for some R52 ThinkPads. */
71545 -static struct dmi_system_id __initdata hdaps_whitelist[] = {
71546 +static const struct dmi_system_id __initconst hdaps_whitelist[] = {
71547 HDAPS_DMI_MATCH_INVERT("IBM", "ThinkPad R50p", HDAPS_BOTH_AXES),
71548 HDAPS_DMI_MATCH_NORMAL("IBM", "ThinkPad R50"),
71549 HDAPS_DMI_MATCH_NORMAL("IBM", "ThinkPad R51"),
71550 diff --git a/drivers/platform/x86/ibm_rtl.c b/drivers/platform/x86/ibm_rtl.c
71551 index c62e5e1..854b418 100644
71552 --- a/drivers/platform/x86/ibm_rtl.c
71553 +++ b/drivers/platform/x86/ibm_rtl.c
71554 @@ -227,7 +227,7 @@ static void rtl_teardown_sysfs(void) {
71555 }
71556
71557
71558 -static struct dmi_system_id __initdata ibm_rtl_dmi_table[] = {
71559 +static const struct dmi_system_id __initconst ibm_rtl_dmi_table[] = {
71560 { \
71561 .matches = { \
71562 DMI_MATCH(DMI_SYS_VENDOR, "IBM"), \
71563 diff --git a/drivers/platform/x86/intel_oaktrail.c b/drivers/platform/x86/intel_oaktrail.c
71564 index 6aa33c4..cfb5425 100644
71565 --- a/drivers/platform/x86/intel_oaktrail.c
71566 +++ b/drivers/platform/x86/intel_oaktrail.c
71567 @@ -299,7 +299,7 @@ static int dmi_check_cb(const struct dmi_system_id *id)
71568 return 0;
71569 }
71570
71571 -static struct dmi_system_id __initdata oaktrail_dmi_table[] = {
71572 +static const struct dmi_system_id __initconst oaktrail_dmi_table[] = {
71573 {
71574 .ident = "OakTrail platform",
71575 .matches = {
71576 diff --git a/drivers/platform/x86/msi-laptop.c b/drivers/platform/x86/msi-laptop.c
71577 index 4231770..cbf93a6 100644
71578 --- a/drivers/platform/x86/msi-laptop.c
71579 +++ b/drivers/platform/x86/msi-laptop.c
71580 @@ -605,7 +605,7 @@ static int dmi_check_cb(const struct dmi_system_id *dmi)
71581 return 1;
71582 }
71583
71584 -static struct dmi_system_id __initdata msi_dmi_table[] = {
71585 +static const struct dmi_system_id __initconst msi_dmi_table[] = {
71586 {
71587 .ident = "MSI S270",
71588 .matches = {
71589 @@ -1000,12 +1000,14 @@ static int __init load_scm_model_init(struct platform_device *sdev)
71590
71591 if (!quirks->ec_read_only) {
71592 /* allow userland write sysfs file */
71593 - dev_attr_bluetooth.store = store_bluetooth;
71594 - dev_attr_wlan.store = store_wlan;
71595 - dev_attr_threeg.store = store_threeg;
71596 - dev_attr_bluetooth.attr.mode |= S_IWUSR;
71597 - dev_attr_wlan.attr.mode |= S_IWUSR;
71598 - dev_attr_threeg.attr.mode |= S_IWUSR;
71599 + pax_open_kernel();
71600 + const_cast(dev_attr_bluetooth.store) = store_bluetooth;
71601 + const_cast(dev_attr_wlan.store) = store_wlan;
71602 + const_cast(dev_attr_threeg.store) = store_threeg;
71603 + const_cast(dev_attr_bluetooth.attr.mode) |= S_IWUSR;
71604 + const_cast(dev_attr_wlan.attr.mode) |= S_IWUSR;
71605 + const_cast(dev_attr_threeg.attr.mode) |= S_IWUSR;
71606 + pax_close_kernel();
71607 }
71608
71609 /* disable hardware control by fn key */
71610 diff --git a/drivers/platform/x86/msi-wmi.c b/drivers/platform/x86/msi-wmi.c
71611 index 978e6d6..1f0b37d 100644
71612 --- a/drivers/platform/x86/msi-wmi.c
71613 +++ b/drivers/platform/x86/msi-wmi.c
71614 @@ -184,7 +184,7 @@ static const struct backlight_ops msi_backlight_ops = {
71615 static void msi_wmi_notify(u32 value, void *context)
71616 {
71617 struct acpi_buffer response = { ACPI_ALLOCATE_BUFFER, NULL };
71618 - static struct key_entry *key;
71619 + struct key_entry *key;
71620 union acpi_object *obj;
71621 acpi_status status;
71622
71623 diff --git a/drivers/platform/x86/samsung-laptop.c b/drivers/platform/x86/samsung-laptop.c
71624 index 8c146e2..356c62e 100644
71625 --- a/drivers/platform/x86/samsung-laptop.c
71626 +++ b/drivers/platform/x86/samsung-laptop.c
71627 @@ -1567,7 +1567,7 @@ static int __init samsung_dmi_matched(const struct dmi_system_id *d)
71628 return 0;
71629 }
71630
71631 -static struct dmi_system_id __initdata samsung_dmi_table[] = {
71632 +static const struct dmi_system_id __initconst samsung_dmi_table[] = {
71633 {
71634 .matches = {
71635 DMI_MATCH(DMI_SYS_VENDOR,
71636 diff --git a/drivers/platform/x86/samsung-q10.c b/drivers/platform/x86/samsung-q10.c
71637 index e6aac72..e11ff24 100644
71638 --- a/drivers/platform/x86/samsung-q10.c
71639 +++ b/drivers/platform/x86/samsung-q10.c
71640 @@ -95,7 +95,7 @@ static int __init dmi_check_callback(const struct dmi_system_id *id)
71641 return 1;
71642 }
71643
71644 -static struct dmi_system_id __initdata samsungq10_dmi_table[] = {
71645 +static const struct dmi_system_id __initconst samsungq10_dmi_table[] = {
71646 {
71647 .ident = "Samsung Q10",
71648 .matches = {
71649 diff --git a/drivers/platform/x86/sony-laptop.c b/drivers/platform/x86/sony-laptop.c
71650 index 1dba359..2850ab9 100644
71651 --- a/drivers/platform/x86/sony-laptop.c
71652 +++ b/drivers/platform/x86/sony-laptop.c
71653 @@ -2556,7 +2556,7 @@ static void sony_nc_gfx_switch_cleanup(struct platform_device *pd)
71654 }
71655
71656 /* High speed charging function */
71657 -static struct device_attribute *hsc_handle;
71658 +static device_attribute_no_const *hsc_handle;
71659
71660 static ssize_t sony_nc_highspeed_charging_store(struct device *dev,
71661 struct device_attribute *attr,
71662 @@ -2630,7 +2630,7 @@ static void sony_nc_highspeed_charging_cleanup(struct platform_device *pd)
71663 }
71664
71665 /* low battery function */
71666 -static struct device_attribute *lowbatt_handle;
71667 +static device_attribute_no_const *lowbatt_handle;
71668
71669 static ssize_t sony_nc_lowbatt_store(struct device *dev,
71670 struct device_attribute *attr,
71671 @@ -2696,7 +2696,7 @@ static void sony_nc_lowbatt_cleanup(struct platform_device *pd)
71672 }
71673
71674 /* fan speed function */
71675 -static struct device_attribute *fan_handle, *hsf_handle;
71676 +static device_attribute_no_const *fan_handle, *hsf_handle;
71677
71678 static ssize_t sony_nc_hsfan_store(struct device *dev,
71679 struct device_attribute *attr,
71680 @@ -2803,7 +2803,7 @@ static void sony_nc_fanspeed_cleanup(struct platform_device *pd)
71681 }
71682
71683 /* USB charge function */
71684 -static struct device_attribute *uc_handle;
71685 +static device_attribute_no_const *uc_handle;
71686
71687 static ssize_t sony_nc_usb_charge_store(struct device *dev,
71688 struct device_attribute *attr,
71689 @@ -2877,7 +2877,7 @@ static void sony_nc_usb_charge_cleanup(struct platform_device *pd)
71690 }
71691
71692 /* Panel ID function */
71693 -static struct device_attribute *panel_handle;
71694 +static device_attribute_no_const *panel_handle;
71695
71696 static ssize_t sony_nc_panelid_show(struct device *dev,
71697 struct device_attribute *attr, char *buffer)
71698 @@ -2924,7 +2924,7 @@ static void sony_nc_panelid_cleanup(struct platform_device *pd)
71699 }
71700
71701 /* smart connect function */
71702 -static struct device_attribute *sc_handle;
71703 +static device_attribute_no_const *sc_handle;
71704
71705 static ssize_t sony_nc_smart_conn_store(struct device *dev,
71706 struct device_attribute *attr,
71707 @@ -4880,7 +4880,7 @@ static struct acpi_driver sony_pic_driver = {
71708 .drv.pm = &sony_pic_pm,
71709 };
71710
71711 -static struct dmi_system_id __initdata sonypi_dmi_table[] = {
71712 +static const struct dmi_system_id __initconst sonypi_dmi_table[] = {
71713 {
71714 .ident = "Sony Vaio",
71715 .matches = {
71716 diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c
71717 index b65ce75..d92001e 100644
71718 --- a/drivers/platform/x86/thinkpad_acpi.c
71719 +++ b/drivers/platform/x86/thinkpad_acpi.c
71720 @@ -2462,10 +2462,10 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn,
71721 && !tp_features.bright_unkfw)
71722 TPACPI_MAY_SEND_KEY(TP_ACPI_HOTKEYSCAN_FNHOME);
71723 }
71724 +}
71725
71726 #undef TPACPI_COMPARE_KEY
71727 #undef TPACPI_MAY_SEND_KEY
71728 -}
71729
71730 /*
71731 * Polling driver
71732 @@ -4203,7 +4203,7 @@ static int bluetooth_get_status(void)
71733 TPACPI_RFK_RADIO_ON : TPACPI_RFK_RADIO_OFF;
71734 }
71735
71736 -static int bluetooth_set_status(enum tpacpi_rfkill_state state)
71737 +static int bluetooth_set_status(const enum tpacpi_rfkill_state state)
71738 {
71739 int status;
71740
71741 @@ -4391,7 +4391,7 @@ static int wan_get_status(void)
71742 TPACPI_RFK_RADIO_ON : TPACPI_RFK_RADIO_OFF;
71743 }
71744
71745 -static int wan_set_status(enum tpacpi_rfkill_state state)
71746 +static int wan_set_status(const enum tpacpi_rfkill_state state)
71747 {
71748 int status;
71749
71750 @@ -4577,7 +4577,7 @@ static int uwb_get_status(void)
71751 TPACPI_RFK_RADIO_ON : TPACPI_RFK_RADIO_OFF;
71752 }
71753
71754 -static int uwb_set_status(enum tpacpi_rfkill_state state)
71755 +static int uwb_set_status(const enum tpacpi_rfkill_state state)
71756 {
71757 int status;
71758
71759 @@ -9526,7 +9526,7 @@ static struct ibm_init_struct ibms_init[] __initdata = {
71760 },
71761 };
71762
71763 -static int __init set_ibm_param(const char *val, struct kernel_param *kp)
71764 +static int __init set_ibm_param(const char *val, const struct kernel_param *kp)
71765 {
71766 unsigned int i;
71767 struct ibm_struct *ibm;
71768 diff --git a/drivers/pnp/base.h b/drivers/pnp/base.h
71769 index 3151fd1..12c5b20 100644
71770 --- a/drivers/pnp/base.h
71771 +++ b/drivers/pnp/base.h
71772 @@ -163,7 +163,7 @@ struct pnp_resource *pnp_add_resource(struct pnp_dev *dev,
71773 struct resource *res);
71774 struct pnp_resource *pnp_add_irq_resource(struct pnp_dev *dev, int irq,
71775 int flags);
71776 -struct pnp_resource *pnp_add_dma_resource(struct pnp_dev *dev, int dma,
71777 +struct pnp_resource *pnp_add_dma_resource(struct pnp_dev *dev, resource_size_t dma,
71778 int flags);
71779 struct pnp_resource *pnp_add_io_resource(struct pnp_dev *dev,
71780 resource_size_t start,
71781 diff --git a/drivers/pnp/pnpbios/bioscalls.c b/drivers/pnp/pnpbios/bioscalls.c
71782 index 438d4c7..ca8a2fb 100644
71783 --- a/drivers/pnp/pnpbios/bioscalls.c
71784 +++ b/drivers/pnp/pnpbios/bioscalls.c
71785 @@ -59,7 +59,7 @@ do { \
71786 set_desc_limit(&gdt[(selname) >> 3], (size) - 1); \
71787 } while(0)
71788
71789 -static struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4092,
71790 +static const struct desc_struct bad_bios_desc = GDT_ENTRY_INIT(0x4093,
71791 (unsigned long)__va(0x400UL), PAGE_SIZE - 0x400 - 1);
71792
71793 /*
71794 @@ -96,7 +96,10 @@ static inline u16 call_pnp_bios(u16 func, u16 arg1, u16 arg2, u16 arg3,
71795
71796 cpu = get_cpu();
71797 save_desc_40 = get_cpu_gdt_table(cpu)[0x40 / 8];
71798 +
71799 + pax_open_kernel();
71800 get_cpu_gdt_table(cpu)[0x40 / 8] = bad_bios_desc;
71801 + pax_close_kernel();
71802
71803 /* On some boxes IRQ's during PnP BIOS calls are deadly. */
71804 spin_lock_irqsave(&pnp_bios_lock, flags);
71805 @@ -134,7 +137,10 @@ static inline u16 call_pnp_bios(u16 func, u16 arg1, u16 arg2, u16 arg3,
71806 :"memory");
71807 spin_unlock_irqrestore(&pnp_bios_lock, flags);
71808
71809 + pax_open_kernel();
71810 get_cpu_gdt_table(cpu)[0x40 / 8] = save_desc_40;
71811 + pax_close_kernel();
71812 +
71813 put_cpu();
71814
71815 /* If we get here and this is set then the PnP BIOS faulted on us. */
71816 @@ -468,7 +474,7 @@ int pnp_bios_read_escd(char *data, u32 nvram_base)
71817 return status;
71818 }
71819
71820 -void pnpbios_calls_init(union pnp_bios_install_struct *header)
71821 +void __init pnpbios_calls_init(union pnp_bios_install_struct *header)
71822 {
71823 int i;
71824
71825 @@ -476,6 +482,8 @@ void pnpbios_calls_init(union pnp_bios_install_struct *header)
71826 pnp_bios_callpoint.offset = header->fields.pm16offset;
71827 pnp_bios_callpoint.segment = PNP_CS16;
71828
71829 + pax_open_kernel();
71830 +
71831 for_each_possible_cpu(i) {
71832 struct desc_struct *gdt = get_cpu_gdt_table(i);
71833 if (!gdt)
71834 @@ -487,4 +495,6 @@ void pnpbios_calls_init(union pnp_bios_install_struct *header)
71835 set_desc_base(&gdt[GDT_ENTRY_PNPBIOS_DS],
71836 (unsigned long)__va(header->fields.pm16dseg));
71837 }
71838 +
71839 + pax_close_kernel();
71840 }
71841 diff --git a/drivers/pnp/pnpbios/core.c b/drivers/pnp/pnpbios/core.c
71842 index c38a5b9..6b3284c 100644
71843 --- a/drivers/pnp/pnpbios/core.c
71844 +++ b/drivers/pnp/pnpbios/core.c
71845 @@ -494,7 +494,7 @@ static int __init exploding_pnp_bios(const struct dmi_system_id *d)
71846 return 0;
71847 }
71848
71849 -static struct dmi_system_id pnpbios_dmi_table[] __initdata = {
71850 +static const struct dmi_system_id pnpbios_dmi_table[] __initconst = {
71851 { /* PnPBIOS GPF on boot */
71852 .callback = exploding_pnp_bios,
71853 .ident = "Higraded P14H",
71854 diff --git a/drivers/pnp/resource.c b/drivers/pnp/resource.c
71855 index f980ff7..77121c4 100644
71856 --- a/drivers/pnp/resource.c
71857 +++ b/drivers/pnp/resource.c
71858 @@ -543,7 +543,7 @@ struct pnp_resource *pnp_add_irq_resource(struct pnp_dev *dev, int irq,
71859 return pnp_res;
71860 }
71861
71862 -struct pnp_resource *pnp_add_dma_resource(struct pnp_dev *dev, int dma,
71863 +struct pnp_resource *pnp_add_dma_resource(struct pnp_dev *dev, resource_size_t dma,
71864 int flags)
71865 {
71866 struct pnp_resource *pnp_res;
71867 @@ -551,7 +551,7 @@ struct pnp_resource *pnp_add_dma_resource(struct pnp_dev *dev, int dma,
71868
71869 pnp_res = pnp_new_resource(dev);
71870 if (!pnp_res) {
71871 - dev_err(&dev->dev, "can't add resource for DMA %d\n", dma);
71872 + dev_err(&dev->dev, "can't add resource for DMA %lld\n", dma);
71873 return NULL;
71874 }
71875
71876 diff --git a/drivers/power/pda_power.c b/drivers/power/pda_power.c
71877 index dfe1ee8..67e820c 100644
71878 --- a/drivers/power/pda_power.c
71879 +++ b/drivers/power/pda_power.c
71880 @@ -38,7 +38,11 @@ static struct power_supply *pda_psy_ac, *pda_psy_usb;
71881
71882 #if IS_ENABLED(CONFIG_USB_PHY)
71883 static struct usb_phy *transceiver;
71884 -static struct notifier_block otg_nb;
71885 +static int otg_handle_notification(struct notifier_block *nb,
71886 + unsigned long event, void *unused);
71887 +static struct notifier_block otg_nb = {
71888 + .notifier_call = otg_handle_notification
71889 +};
71890 #endif
71891
71892 static struct regulator *ac_draw;
71893 @@ -373,7 +377,6 @@ static int pda_power_probe(struct platform_device *pdev)
71894
71895 #if IS_ENABLED(CONFIG_USB_PHY)
71896 if (!IS_ERR_OR_NULL(transceiver) && pdata->use_otg_notifier) {
71897 - otg_nb.notifier_call = otg_handle_notification;
71898 ret = usb_register_notifier(transceiver, &otg_nb);
71899 if (ret) {
71900 dev_err(dev, "failure to register otg notifier\n");
71901 diff --git a/drivers/power/power_supply.h b/drivers/power/power_supply.h
71902 index cc439fd..8fa30df 100644
71903 --- a/drivers/power/power_supply.h
71904 +++ b/drivers/power/power_supply.h
71905 @@ -16,12 +16,12 @@ struct power_supply;
71906
71907 #ifdef CONFIG_SYSFS
71908
71909 -extern void power_supply_init_attrs(struct device_type *dev_type);
71910 +extern void power_supply_init_attrs(void);
71911 extern int power_supply_uevent(struct device *dev, struct kobj_uevent_env *env);
71912
71913 #else
71914
71915 -static inline void power_supply_init_attrs(struct device_type *dev_type) {}
71916 +static inline void power_supply_init_attrs(void) {}
71917 #define power_supply_uevent NULL
71918
71919 #endif /* CONFIG_SYSFS */
71920 diff --git a/drivers/power/power_supply_core.c b/drivers/power/power_supply_core.c
71921 index a74d8ca..c98d745 100644
71922 --- a/drivers/power/power_supply_core.c
71923 +++ b/drivers/power/power_supply_core.c
71924 @@ -28,7 +28,10 @@ EXPORT_SYMBOL_GPL(power_supply_class);
71925 ATOMIC_NOTIFIER_HEAD(power_supply_notifier);
71926 EXPORT_SYMBOL_GPL(power_supply_notifier);
71927
71928 -static struct device_type power_supply_dev_type;
71929 +extern const struct attribute_group *power_supply_attr_groups[];
71930 +static struct device_type power_supply_dev_type = {
71931 + .groups = power_supply_attr_groups,
71932 +};
71933
71934 #define POWER_SUPPLY_DEFERRED_REGISTER_TIME msecs_to_jiffies(10)
71935
71936 @@ -969,7 +972,7 @@ static int __init power_supply_class_init(void)
71937 return PTR_ERR(power_supply_class);
71938
71939 power_supply_class->dev_uevent = power_supply_uevent;
71940 - power_supply_init_attrs(&power_supply_dev_type);
71941 + power_supply_init_attrs();
71942
71943 return 0;
71944 }
71945 diff --git a/drivers/power/power_supply_sysfs.c b/drivers/power/power_supply_sysfs.c
71946 index bcde8d1..0406331 100644
71947 --- a/drivers/power/power_supply_sysfs.c
71948 +++ b/drivers/power/power_supply_sysfs.c
71949 @@ -239,17 +239,15 @@ static struct attribute_group power_supply_attr_group = {
71950 .is_visible = power_supply_attr_is_visible,
71951 };
71952
71953 -static const struct attribute_group *power_supply_attr_groups[] = {
71954 +const struct attribute_group *power_supply_attr_groups[] = {
71955 &power_supply_attr_group,
71956 NULL,
71957 };
71958
71959 -void power_supply_init_attrs(struct device_type *dev_type)
71960 +void power_supply_init_attrs(void)
71961 {
71962 int i;
71963
71964 - dev_type->groups = power_supply_attr_groups;
71965 -
71966 for (i = 0; i < ARRAY_SIZE(power_supply_attrs); i++)
71967 __power_supply_attrs[i] = &power_supply_attrs[i].attr;
71968 }
71969 diff --git a/drivers/power/reset/at91-reset.c b/drivers/power/reset/at91-reset.c
71970 index 1b5d450..b6042f8 100644
71971 --- a/drivers/power/reset/at91-reset.c
71972 +++ b/drivers/power/reset/at91-reset.c
71973 @@ -17,6 +17,7 @@
71974 #include <linux/of_address.h>
71975 #include <linux/platform_device.h>
71976 #include <linux/reboot.h>
71977 +#include <asm/pgtable.h>
71978
71979 #include <soc/at91/at91sam9_ddrsdr.h>
71980 #include <soc/at91/at91sam9_sdramc.h>
71981 @@ -206,7 +207,9 @@ static int __init at91_reset_probe(struct platform_device *pdev)
71982 }
71983
71984 match = of_match_node(at91_reset_of_match, pdev->dev.of_node);
71985 - at91_restart_nb.notifier_call = match->data;
71986 + pax_open_kernel();
71987 + const_cast(at91_restart_nb.notifier_call) = match->data;
71988 + pax_close_kernel();
71989
71990 sclk = devm_clk_get(&pdev->dev, NULL);
71991 if (IS_ERR(sclk))
71992 diff --git a/drivers/powercap/powercap_sys.c b/drivers/powercap/powercap_sys.c
71993 index 14bde0d..9391277 100644
71994 --- a/drivers/powercap/powercap_sys.c
71995 +++ b/drivers/powercap/powercap_sys.c
71996 @@ -154,8 +154,77 @@ struct powercap_constraint_attr {
71997 struct device_attribute name_attr;
71998 };
71999
72000 +static ssize_t show_constraint_name(struct device *dev,
72001 + struct device_attribute *dev_attr,
72002 + char *buf);
72003 +
72004 static struct powercap_constraint_attr
72005 - constraint_attrs[MAX_CONSTRAINTS_PER_ZONE];
72006 + constraint_attrs[MAX_CONSTRAINTS_PER_ZONE] = {
72007 + [0 ... MAX_CONSTRAINTS_PER_ZONE - 1] = {
72008 + .power_limit_attr = {
72009 + .attr = {
72010 + .name = NULL,
72011 + .mode = S_IWUSR | S_IRUGO
72012 + },
72013 + .show = show_constraint_power_limit_uw,
72014 + .store = store_constraint_power_limit_uw
72015 + },
72016 +
72017 + .time_window_attr = {
72018 + .attr = {
72019 + .name = NULL,
72020 + .mode = S_IWUSR | S_IRUGO
72021 + },
72022 + .show = show_constraint_time_window_us,
72023 + .store = store_constraint_time_window_us
72024 + },
72025 +
72026 + .max_power_attr = {
72027 + .attr = {
72028 + .name = NULL,
72029 + .mode = S_IRUGO
72030 + },
72031 + .show = show_constraint_max_power_uw,
72032 + .store = NULL
72033 + },
72034 +
72035 + .min_power_attr = {
72036 + .attr = {
72037 + .name = NULL,
72038 + .mode = S_IRUGO
72039 + },
72040 + .show = show_constraint_min_power_uw,
72041 + .store = NULL
72042 + },
72043 +
72044 + .max_time_window_attr = {
72045 + .attr = {
72046 + .name = NULL,
72047 + .mode = S_IRUGO
72048 + },
72049 + .show = show_constraint_max_time_window_us,
72050 + .store = NULL
72051 + },
72052 +
72053 + .min_time_window_attr = {
72054 + .attr = {
72055 + .name = NULL,
72056 + .mode = S_IRUGO
72057 + },
72058 + .show = show_constraint_min_time_window_us,
72059 + .store = NULL
72060 + },
72061 +
72062 + .name_attr = {
72063 + .attr = {
72064 + .name = NULL,
72065 + .mode = S_IRUGO
72066 + },
72067 + .show = show_constraint_name,
72068 + .store = NULL
72069 + }
72070 + }
72071 +};
72072
72073 /* A list of powercap control_types */
72074 static LIST_HEAD(powercap_cntrl_list);
72075 @@ -193,23 +262,16 @@ static ssize_t show_constraint_name(struct device *dev,
72076 }
72077
72078 static int create_constraint_attribute(int id, const char *name,
72079 - int mode,
72080 - struct device_attribute *dev_attr,
72081 - ssize_t (*show)(struct device *,
72082 - struct device_attribute *, char *),
72083 - ssize_t (*store)(struct device *,
72084 - struct device_attribute *,
72085 - const char *, size_t)
72086 - )
72087 + struct device_attribute *dev_attr)
72088 {
72089 + name = kasprintf(GFP_KERNEL, "constraint_%d_%s", id, name);
72090
72091 - dev_attr->attr.name = kasprintf(GFP_KERNEL, "constraint_%d_%s",
72092 - id, name);
72093 - if (!dev_attr->attr.name)
72094 + if (!name)
72095 return -ENOMEM;
72096 - dev_attr->attr.mode = mode;
72097 - dev_attr->show = show;
72098 - dev_attr->store = store;
72099 +
72100 + pax_open_kernel();
72101 + const_cast(dev_attr->attr.name) = name;
72102 + pax_close_kernel();
72103
72104 return 0;
72105 }
72106 @@ -236,49 +298,31 @@ static int seed_constraint_attributes(void)
72107
72108 for (i = 0; i < MAX_CONSTRAINTS_PER_ZONE; ++i) {
72109 ret = create_constraint_attribute(i, "power_limit_uw",
72110 - S_IWUSR | S_IRUGO,
72111 - &constraint_attrs[i].power_limit_attr,
72112 - show_constraint_power_limit_uw,
72113 - store_constraint_power_limit_uw);
72114 + &constraint_attrs[i].power_limit_attr);
72115 if (ret)
72116 goto err_alloc;
72117 ret = create_constraint_attribute(i, "time_window_us",
72118 - S_IWUSR | S_IRUGO,
72119 - &constraint_attrs[i].time_window_attr,
72120 - show_constraint_time_window_us,
72121 - store_constraint_time_window_us);
72122 + &constraint_attrs[i].time_window_attr);
72123 if (ret)
72124 goto err_alloc;
72125 - ret = create_constraint_attribute(i, "name", S_IRUGO,
72126 - &constraint_attrs[i].name_attr,
72127 - show_constraint_name,
72128 - NULL);
72129 + ret = create_constraint_attribute(i, "name",
72130 + &constraint_attrs[i].name_attr);
72131 if (ret)
72132 goto err_alloc;
72133 - ret = create_constraint_attribute(i, "max_power_uw", S_IRUGO,
72134 - &constraint_attrs[i].max_power_attr,
72135 - show_constraint_max_power_uw,
72136 - NULL);
72137 + ret = create_constraint_attribute(i, "max_power_uw",
72138 + &constraint_attrs[i].max_power_attr);
72139 if (ret)
72140 goto err_alloc;
72141 - ret = create_constraint_attribute(i, "min_power_uw", S_IRUGO,
72142 - &constraint_attrs[i].min_power_attr,
72143 - show_constraint_min_power_uw,
72144 - NULL);
72145 + ret = create_constraint_attribute(i, "min_power_uw",
72146 + &constraint_attrs[i].min_power_attr);
72147 if (ret)
72148 goto err_alloc;
72149 ret = create_constraint_attribute(i, "max_time_window_us",
72150 - S_IRUGO,
72151 - &constraint_attrs[i].max_time_window_attr,
72152 - show_constraint_max_time_window_us,
72153 - NULL);
72154 + &constraint_attrs[i].max_time_window_attr);
72155 if (ret)
72156 goto err_alloc;
72157 ret = create_constraint_attribute(i, "min_time_window_us",
72158 - S_IRUGO,
72159 - &constraint_attrs[i].min_time_window_attr,
72160 - show_constraint_min_time_window_us,
72161 - NULL);
72162 + &constraint_attrs[i].min_time_window_attr);
72163 if (ret)
72164 goto err_alloc;
72165
72166 @@ -378,10 +422,12 @@ static void create_power_zone_common_attributes(
72167 power_zone->zone_dev_attrs[count++] =
72168 &dev_attr_max_energy_range_uj.attr;
72169 if (power_zone->ops->get_energy_uj) {
72170 + pax_open_kernel();
72171 if (power_zone->ops->reset_energy_uj)
72172 - dev_attr_energy_uj.attr.mode = S_IWUSR | S_IRUGO;
72173 + const_cast(dev_attr_energy_uj.attr.mode) = S_IWUSR | S_IRUGO;
72174 else
72175 - dev_attr_energy_uj.attr.mode = S_IRUGO;
72176 + const_cast(dev_attr_energy_uj.attr.mode) = S_IRUGO;
72177 + pax_close_kernel();
72178 power_zone->zone_dev_attrs[count++] =
72179 &dev_attr_energy_uj.attr;
72180 }
72181 diff --git a/drivers/ptp/ptp_private.h b/drivers/ptp/ptp_private.h
72182 index 9c5d414..c7900ce 100644
72183 --- a/drivers/ptp/ptp_private.h
72184 +++ b/drivers/ptp/ptp_private.h
72185 @@ -51,7 +51,7 @@ struct ptp_clock {
72186 struct mutex pincfg_mux; /* protect concurrent info->pin_config access */
72187 wait_queue_head_t tsev_wq;
72188 int defunct; /* tells readers to go away when clock is being removed */
72189 - struct device_attribute *pin_dev_attr;
72190 + device_attribute_no_const *pin_dev_attr;
72191 struct attribute **pin_attr;
72192 struct attribute_group pin_attr_group;
72193 };
72194 diff --git a/drivers/ptp/ptp_sysfs.c b/drivers/ptp/ptp_sysfs.c
72195 index 302e626..12579af 100644
72196 --- a/drivers/ptp/ptp_sysfs.c
72197 +++ b/drivers/ptp/ptp_sysfs.c
72198 @@ -280,7 +280,7 @@ static int ptp_populate_pins(struct ptp_clock *ptp)
72199 goto no_pin_attr;
72200
72201 for (i = 0; i < n_pins; i++) {
72202 - struct device_attribute *da = &ptp->pin_dev_attr[i];
72203 + device_attribute_no_const *da = &ptp->pin_dev_attr[i];
72204 sysfs_attr_init(&da->attr);
72205 da->attr.name = info->pin_config[i].name;
72206 da->attr.mode = 0644;
72207 diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
72208 index db320e8..bbd864d 100644
72209 --- a/drivers/regulator/core.c
72210 +++ b/drivers/regulator/core.c
72211 @@ -3886,7 +3886,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
72212 const struct regulation_constraints *constraints = NULL;
72213 const struct regulator_init_data *init_data;
72214 struct regulator_config *config = NULL;
72215 - static atomic_t regulator_no = ATOMIC_INIT(-1);
72216 + static atomic_unchecked_t regulator_no = ATOMIC_INIT(-1);
72217 struct regulator_dev *rdev;
72218 struct device *dev;
72219 int ret, i;
72220 @@ -3979,7 +3979,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
72221 rdev->dev.class = &regulator_class;
72222 rdev->dev.parent = dev;
72223 dev_set_name(&rdev->dev, "regulator.%lu",
72224 - (unsigned long) atomic_inc_return(&regulator_no));
72225 + (unsigned long) atomic_inc_return_unchecked(&regulator_no));
72226
72227 /* set regulator constraints */
72228 if (init_data)
72229 diff --git a/drivers/regulator/max8660.c b/drivers/regulator/max8660.c
72230 index b87f62d..34f1cdf 100644
72231 --- a/drivers/regulator/max8660.c
72232 +++ b/drivers/regulator/max8660.c
72233 @@ -423,8 +423,10 @@ static int max8660_probe(struct i2c_client *client,
72234 max8660->shadow_regs[MAX8660_OVER1] = 5;
72235 } else {
72236 /* Otherwise devices can be toggled via software */
72237 - max8660_dcdc_ops.enable = max8660_dcdc_enable;
72238 - max8660_dcdc_ops.disable = max8660_dcdc_disable;
72239 + pax_open_kernel();
72240 + const_cast(max8660_dcdc_ops.enable) = max8660_dcdc_enable;
72241 + const_cast(max8660_dcdc_ops.disable) = max8660_dcdc_disable;
72242 + pax_close_kernel();
72243 }
72244
72245 /*
72246 diff --git a/drivers/regulator/max8973-regulator.c b/drivers/regulator/max8973-regulator.c
72247 index 3958f50..8139dc1 100644
72248 --- a/drivers/regulator/max8973-regulator.c
72249 +++ b/drivers/regulator/max8973-regulator.c
72250 @@ -750,9 +750,11 @@ static int max8973_probe(struct i2c_client *client,
72251 if (!pdata->enable_ext_control) {
72252 max->desc.enable_reg = MAX8973_VOUT;
72253 max->desc.enable_mask = MAX8973_VOUT_ENABLE;
72254 - max->ops.enable = regulator_enable_regmap;
72255 - max->ops.disable = regulator_disable_regmap;
72256 - max->ops.is_enabled = regulator_is_enabled_regmap;
72257 + pax_open_kernel();
72258 + const_cast(max->ops.enable) = regulator_enable_regmap;
72259 + const_cast(max->ops.disable) = regulator_disable_regmap;
72260 + const_cast(max->ops.is_enabled) = regulator_is_enabled_regmap;
72261 + pax_close_kernel();
72262 break;
72263 }
72264
72265 @@ -780,9 +782,11 @@ static int max8973_probe(struct i2c_client *client,
72266
72267 max->desc.enable_reg = MAX8973_VOUT;
72268 max->desc.enable_mask = MAX8973_VOUT_ENABLE;
72269 - max->ops.enable = regulator_enable_regmap;
72270 - max->ops.disable = regulator_disable_regmap;
72271 - max->ops.is_enabled = regulator_is_enabled_regmap;
72272 + pax_open_kernel();
72273 + const_cast(max->ops.enable) = regulator_enable_regmap;
72274 + const_cast(max->ops.disable) = regulator_disable_regmap;
72275 + const_cast(max->ops.is_enabled) = regulator_is_enabled_regmap;
72276 + pax_close_kernel();
72277 max->ops.set_current_limit = max8973_set_current_limit;
72278 max->ops.get_current_limit = max8973_get_current_limit;
72279 break;
72280 diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c
72281 index 0d17c92..ce5897e 100644
72282 --- a/drivers/regulator/mc13892-regulator.c
72283 +++ b/drivers/regulator/mc13892-regulator.c
72284 @@ -584,10 +584,12 @@ static int mc13892_regulator_probe(struct platform_device *pdev)
72285 mc13xxx_unlock(mc13892);
72286
72287 /* update mc13892_vcam ops */
72288 - memcpy(&mc13892_vcam_ops, mc13892_regulators[MC13892_VCAM].desc.ops,
72289 + pax_open_kernel();
72290 + memcpy((void *)&mc13892_vcam_ops, mc13892_regulators[MC13892_VCAM].desc.ops,
72291 sizeof(struct regulator_ops));
72292 - mc13892_vcam_ops.set_mode = mc13892_vcam_set_mode,
72293 - mc13892_vcam_ops.get_mode = mc13892_vcam_get_mode,
72294 + const_cast(mc13892_vcam_ops.set_mode) = mc13892_vcam_set_mode,
72295 + const_cast(mc13892_vcam_ops.get_mode) = mc13892_vcam_get_mode,
72296 + pax_close_kernel();
72297 mc13892_regulators[MC13892_VCAM].desc.ops = &mc13892_vcam_ops;
72298
72299 mc13xxx_data = mc13xxx_parse_regulators_dt(pdev, mc13892_regulators,
72300 diff --git a/drivers/remoteproc/remoteproc_core.c b/drivers/remoteproc/remoteproc_core.c
72301 index fe0539e..247590f 100644
72302 --- a/drivers/remoteproc/remoteproc_core.c
72303 +++ b/drivers/remoteproc/remoteproc_core.c
72304 @@ -329,9 +329,10 @@ void rproc_free_vring(struct rproc_vring *rvring)
72305 *
72306 * Returns 0 on success, or an appropriate error code otherwise
72307 */
72308 -static int rproc_handle_vdev(struct rproc *rproc, struct fw_rsc_vdev *rsc,
72309 +static int rproc_handle_vdev(struct rproc *rproc, void *_rsc,
72310 int offset, int avail)
72311 {
72312 + struct fw_rsc_vdev *rsc = _rsc;
72313 struct device *dev = &rproc->dev;
72314 struct rproc_vdev *rvdev;
72315 int i, ret;
72316 @@ -406,9 +407,10 @@ free_rvdev:
72317 *
72318 * Returns 0 on success, or an appropriate error code otherwise
72319 */
72320 -static int rproc_handle_trace(struct rproc *rproc, struct fw_rsc_trace *rsc,
72321 +static int rproc_handle_trace(struct rproc *rproc, void *_rsc,
72322 int offset, int avail)
72323 {
72324 + struct fw_rsc_trace *rsc = _rsc;
72325 struct rproc_mem_entry *trace;
72326 struct device *dev = &rproc->dev;
72327 void *ptr;
72328 @@ -486,9 +488,10 @@ static int rproc_handle_trace(struct rproc *rproc, struct fw_rsc_trace *rsc,
72329 * and not allow firmwares to request access to physical addresses that
72330 * are outside those ranges.
72331 */
72332 -static int rproc_handle_devmem(struct rproc *rproc, struct fw_rsc_devmem *rsc,
72333 +static int rproc_handle_devmem(struct rproc *rproc, void *_rsc,
72334 int offset, int avail)
72335 {
72336 + struct fw_rsc_devmem *rsc = _rsc;
72337 struct rproc_mem_entry *mapping;
72338 struct device *dev = &rproc->dev;
72339 int ret;
72340 @@ -558,10 +561,11 @@ out:
72341 * pressure is important; it may have a substantial impact on performance.
72342 */
72343 static int rproc_handle_carveout(struct rproc *rproc,
72344 - struct fw_rsc_carveout *rsc,
72345 + void *_rsc,
72346 int offset, int avail)
72347
72348 {
72349 + struct fw_rsc_carveout *rsc = _rsc;
72350 struct rproc_mem_entry *carveout, *mapping;
72351 struct device *dev = &rproc->dev;
72352 dma_addr_t dma;
72353 @@ -680,9 +684,11 @@ free_carv:
72354 return ret;
72355 }
72356
72357 -static int rproc_count_vrings(struct rproc *rproc, struct fw_rsc_vdev *rsc,
72358 +static int rproc_count_vrings(struct rproc *rproc, void *_rsc,
72359 int offset, int avail)
72360 {
72361 + struct fw_rsc_vdev *rsc = _rsc;
72362 +
72363 /* Summarize the number of notification IDs */
72364 rproc->max_notifyid += rsc->num_of_vrings;
72365
72366 @@ -694,18 +700,18 @@ static int rproc_count_vrings(struct rproc *rproc, struct fw_rsc_vdev *rsc,
72367 * enum fw_resource_type.
72368 */
72369 static rproc_handle_resource_t rproc_loading_handlers[RSC_LAST] = {
72370 - [RSC_CARVEOUT] = (rproc_handle_resource_t)rproc_handle_carveout,
72371 - [RSC_DEVMEM] = (rproc_handle_resource_t)rproc_handle_devmem,
72372 - [RSC_TRACE] = (rproc_handle_resource_t)rproc_handle_trace,
72373 + [RSC_CARVEOUT] = rproc_handle_carveout,
72374 + [RSC_DEVMEM] = rproc_handle_devmem,
72375 + [RSC_TRACE] = rproc_handle_trace,
72376 [RSC_VDEV] = NULL, /* VDEVs were handled upon registrarion */
72377 };
72378
72379 static rproc_handle_resource_t rproc_vdev_handler[RSC_LAST] = {
72380 - [RSC_VDEV] = (rproc_handle_resource_t)rproc_handle_vdev,
72381 + [RSC_VDEV] = rproc_handle_vdev,
72382 };
72383
72384 static rproc_handle_resource_t rproc_count_vrings_handler[RSC_LAST] = {
72385 - [RSC_VDEV] = (rproc_handle_resource_t)rproc_count_vrings,
72386 + [RSC_VDEV] = rproc_count_vrings,
72387 };
72388
72389 /* handle firmware resource entries before booting the remote processor */
72390 diff --git a/drivers/rtc/rtc-armada38x.c b/drivers/rtc/rtc-armada38x.c
72391 index 9a3f2a6..c19b00a 100644
72392 --- a/drivers/rtc/rtc-armada38x.c
72393 +++ b/drivers/rtc/rtc-armada38x.c
72394 @@ -18,6 +18,7 @@
72395 #include <linux/of.h>
72396 #include <linux/platform_device.h>
72397 #include <linux/rtc.h>
72398 +#include <asm/pgtable.h>
72399
72400 #define RTC_STATUS 0x0
72401 #define RTC_STATUS_ALARM1 BIT(0)
72402 @@ -246,8 +247,10 @@ static __init int armada38x_rtc_probe(struct platform_device *pdev)
72403 * If there is no interrupt available then we can't
72404 * use the alarm
72405 */
72406 - armada38x_rtc_ops.set_alarm = NULL;
72407 - armada38x_rtc_ops.alarm_irq_enable = NULL;
72408 + pax_open_kernel();
72409 + const_cast(armada38x_rtc_ops.set_alarm) = NULL;
72410 + const_cast(armada38x_rtc_ops.alarm_irq_enable) = NULL;
72411 + pax_close_kernel();
72412 }
72413 platform_set_drvdata(pdev, rtc);
72414 if (rtc->irq != -1)
72415 diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
72416 index 43745ca..9eb24ff 100644
72417 --- a/drivers/rtc/rtc-cmos.c
72418 +++ b/drivers/rtc/rtc-cmos.c
72419 @@ -732,7 +732,9 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq)
72420 hpet_rtc_timer_init();
72421
72422 /* export at least the first block of NVRAM */
72423 - nvram.size = address_space - NVRAM_OFFSET;
72424 + pax_open_kernel();
72425 + const_cast(nvram.size) = address_space - NVRAM_OFFSET;
72426 + pax_close_kernel();
72427 retval = sysfs_create_bin_file(&dev->kobj, &nvram);
72428 if (retval < 0) {
72429 dev_dbg(dev, "can't create nvram file? %d\n", retval);
72430 diff --git a/drivers/rtc/rtc-dev.c b/drivers/rtc/rtc-dev.c
72431 index a6d9434..dc26b71 100644
72432 --- a/drivers/rtc/rtc-dev.c
72433 +++ b/drivers/rtc/rtc-dev.c
72434 @@ -16,6 +16,7 @@
72435 #include <linux/module.h>
72436 #include <linux/rtc.h>
72437 #include <linux/sched.h>
72438 +#include <linux/grsecurity.h>
72439 #include "rtc-core.h"
72440
72441 static dev_t rtc_devt;
72442 @@ -347,6 +348,8 @@ static long rtc_dev_ioctl(struct file *file,
72443 if (copy_from_user(&tm, uarg, sizeof(tm)))
72444 return -EFAULT;
72445
72446 + gr_log_timechange();
72447 +
72448 return rtc_set_time(rtc, &tm);
72449
72450 case RTC_PIE_ON:
72451 diff --git a/drivers/rtc/rtc-ds1307.c b/drivers/rtc/rtc-ds1307.c
72452 index 8e1c5cb..6fe95b9 100644
72453 --- a/drivers/rtc/rtc-ds1307.c
72454 +++ b/drivers/rtc/rtc-ds1307.c
72455 @@ -111,7 +111,7 @@ struct ds1307 {
72456 u8 offset; /* register's offset */
72457 u8 regs[11];
72458 u16 nvram_offset;
72459 - struct bin_attribute *nvram;
72460 + bin_attribute_no_const *nvram;
72461 enum ds_type type;
72462 unsigned long flags;
72463 #define HAS_NVRAM 0 /* bit 0 == sysfs file active */
72464 diff --git a/drivers/rtc/rtc-m41t80.c b/drivers/rtc/rtc-m41t80.c
72465 index 58698d2..8560ebf 100644
72466 --- a/drivers/rtc/rtc-m41t80.c
72467 +++ b/drivers/rtc/rtc-m41t80.c
72468 @@ -798,9 +798,11 @@ static int m41t80_probe(struct i2c_client *client,
72469 dev_warn(&client->dev, "unable to request IRQ, alarms disabled\n");
72470 client->irq = 0;
72471 } else {
72472 - m41t80_rtc_ops.read_alarm = m41t80_read_alarm;
72473 - m41t80_rtc_ops.set_alarm = m41t80_set_alarm;
72474 - m41t80_rtc_ops.alarm_irq_enable = m41t80_alarm_irq_enable;
72475 + pax_open_kernel();
72476 + const_cast(m41t80_rtc_ops.read_alarm) = m41t80_read_alarm;
72477 + const_cast(m41t80_rtc_ops.set_alarm) = m41t80_set_alarm;
72478 + const_cast(m41t80_rtc_ops.alarm_irq_enable) = m41t80_alarm_irq_enable;
72479 + pax_close_kernel();
72480 /* Enable the wakealarm */
72481 device_init_wakeup(&client->dev, true);
72482 }
72483 diff --git a/drivers/rtc/rtc-m48t59.c b/drivers/rtc/rtc-m48t59.c
72484 index d99a705..99654e7 100644
72485 --- a/drivers/rtc/rtc-m48t59.c
72486 +++ b/drivers/rtc/rtc-m48t59.c
72487 @@ -485,7 +485,9 @@ static int m48t59_rtc_probe(struct platform_device *pdev)
72488 if (IS_ERR(m48t59->rtc))
72489 return PTR_ERR(m48t59->rtc);
72490
72491 - m48t59_nvram_attr.size = pdata->offset;
72492 + pax_open_kernel();
72493 + const_cast(m48t59_nvram_attr.size) = pdata->offset;
72494 + pax_close_kernel();
72495
72496 ret = sysfs_create_bin_file(&pdev->dev.kobj, &m48t59_nvram_attr);
72497 if (ret)
72498 diff --git a/drivers/rtc/rtc-rv3029c2.c b/drivers/rtc/rtc-rv3029c2.c
72499 index 1f9f7b4..6f87883 100644
72500 --- a/drivers/rtc/rtc-rv3029c2.c
72501 +++ b/drivers/rtc/rtc-rv3029c2.c
72502 @@ -832,9 +832,11 @@ static int rv3029_probe(struct device *dev, struct regmap *regmap, int irq,
72503 dev_warn(dev, "unable to request IRQ, alarms disabled\n");
72504 rv3029->irq = 0;
72505 } else {
72506 - rv3029_rtc_ops.read_alarm = rv3029_read_alarm;
72507 - rv3029_rtc_ops.set_alarm = rv3029_set_alarm;
72508 - rv3029_rtc_ops.alarm_irq_enable = rv3029_alarm_irq_enable;
72509 + pax_open_kernel();
72510 + const_cast(rv3029_rtc_ops.read_alarm) = rv3029_read_alarm;
72511 + const_cast(rv3029_rtc_ops.set_alarm) = rv3029_set_alarm;
72512 + const_cast(rv3029_rtc_ops.alarm_irq_enable) = rv3029_alarm_irq_enable;
72513 + pax_close_kernel();
72514 }
72515 }
72516
72517 diff --git a/drivers/rtc/rtc-rv8803.c b/drivers/rtc/rtc-rv8803.c
72518 index 9a2f6a9..da6bfcb 100644
72519 --- a/drivers/rtc/rtc-rv8803.c
72520 +++ b/drivers/rtc/rtc-rv8803.c
72521 @@ -497,6 +497,15 @@ static struct rtc_class_ops rv8803_rtc_ops = {
72522 .ioctl = rv8803_ioctl,
72523 };
72524
72525 +static struct rtc_class_ops rv8803_rtc_alarm_ops = {
72526 + .read_time = rv8803_get_time,
72527 + .set_time = rv8803_set_time,
72528 + .ioctl = rv8803_ioctl,
72529 + .read_alarm = rv8803_get_alarm,
72530 + .set_alarm = rv8803_set_alarm,
72531 + .alarm_irq_enable = rv8803_alarm_irq_enable,
72532 +};
72533 +
72534 static int rv8803_probe(struct i2c_client *client,
72535 const struct i2c_device_id *id)
72536 {
72537 @@ -540,15 +549,11 @@ static int rv8803_probe(struct i2c_client *client,
72538 if (err) {
72539 dev_warn(&client->dev, "unable to request IRQ, alarms disabled\n");
72540 client->irq = 0;
72541 - } else {
72542 - rv8803_rtc_ops.read_alarm = rv8803_get_alarm;
72543 - rv8803_rtc_ops.set_alarm = rv8803_set_alarm;
72544 - rv8803_rtc_ops.alarm_irq_enable = rv8803_alarm_irq_enable;
72545 }
72546 }
72547
72548 rv8803->rtc = devm_rtc_device_register(&client->dev, client->name,
72549 - &rv8803_rtc_ops, THIS_MODULE);
72550 + client->irq > 0 ? &rv8803_rtc_alarm_ops : &rv8803_rtc_ops, THIS_MODULE);
72551 if (IS_ERR(rv8803->rtc)) {
72552 dev_err(&client->dev, "unable to register the class device\n");
72553 return PTR_ERR(rv8803->rtc);
72554 diff --git a/drivers/rtc/rtc-rx8010.c b/drivers/rtc/rtc-rx8010.c
72555 index 7163b91..d7a2c31 100644
72556 --- a/drivers/rtc/rtc-rx8010.c
72557 +++ b/drivers/rtc/rtc-rx8010.c
72558 @@ -483,9 +483,11 @@ static int rx8010_probe(struct i2c_client *client,
72559 dev_err(&client->dev, "unable to request IRQ\n");
72560 client->irq = 0;
72561 } else {
72562 - rx8010_rtc_ops.read_alarm = rx8010_read_alarm;
72563 - rx8010_rtc_ops.set_alarm = rx8010_set_alarm;
72564 - rx8010_rtc_ops.alarm_irq_enable = rx8010_alarm_irq_enable;
72565 + pax_open_kernel();
72566 + const_cast(rx8010_rtc_ops.read_alarm) = rx8010_read_alarm;
72567 + const_cast(rx8010_rtc_ops.set_alarm) = rx8010_set_alarm;
72568 + const_cast(rx8010_rtc_ops.alarm_irq_enable) = rx8010_alarm_irq_enable;
72569 + pax_close_kernel();
72570 }
72571 }
72572
72573 diff --git a/drivers/rtc/rtc-test.c b/drivers/rtc/rtc-test.c
72574 index 3a2da4c..1d1d4b1 100644
72575 --- a/drivers/rtc/rtc-test.c
72576 +++ b/drivers/rtc/rtc-test.c
72577 @@ -112,8 +112,10 @@ static int test_probe(struct platform_device *plat_dev)
72578 struct rtc_device *rtc;
72579
72580 if (test_mmss64) {
72581 - test_rtc_ops.set_mmss64 = test_rtc_set_mmss64;
72582 - test_rtc_ops.set_mmss = NULL;
72583 + pax_open_kernel();
72584 + const_cast(test_rtc_ops.set_mmss64) = test_rtc_set_mmss64;
72585 + const_cast(test_rtc_ops.set_mmss) = NULL;
72586 + pax_close_kernel();
72587 }
72588
72589 rtc = devm_rtc_device_register(&plat_dev->dev, "test",
72590 diff --git a/drivers/scsi/aacraid/aachba.c b/drivers/scsi/aacraid/aachba.c
72591 index 6678d1f..0293b70 100644
72592 --- a/drivers/scsi/aacraid/aachba.c
72593 +++ b/drivers/scsi/aacraid/aachba.c
72594 @@ -770,6 +770,11 @@ static int aac_probe_container_callback1(struct scsi_cmnd * scsicmd)
72595 return 0;
72596 }
72597
72598 +static void aac_probe_container_scsi_done(struct scsi_cmnd * scsicmd)
72599 +{
72600 + scsicmd->device = NULL;
72601 +}
72602 +
72603 int aac_probe_container(struct aac_dev *dev, int cid)
72604 {
72605 struct scsi_cmnd *scsicmd = kmalloc(sizeof(*scsicmd), GFP_KERNEL);
72606 @@ -782,7 +787,7 @@ int aac_probe_container(struct aac_dev *dev, int cid)
72607 return -ENOMEM;
72608 }
72609 scsicmd->list.next = NULL;
72610 - scsicmd->scsi_done = (void (*)(struct scsi_cmnd*))aac_probe_container_callback1;
72611 + scsicmd->scsi_done = aac_probe_container_scsi_done;
72612
72613 scsicmd->device = scsidev;
72614 scsidev->sdev_state = 0;
72615 diff --git a/drivers/scsi/aic7xxx/aic79xx.h b/drivers/scsi/aic7xxx/aic79xx.h
72616 index d47b527..f2c4a89 100644
72617 --- a/drivers/scsi/aic7xxx/aic79xx.h
72618 +++ b/drivers/scsi/aic7xxx/aic79xx.h
72619 @@ -1046,7 +1046,7 @@ typedef enum {
72620
72621 typedef uint8_t ahd_mode_state;
72622
72623 -typedef void ahd_callback_t (void *);
72624 +typedef void ahd_linux_callback_t (u_long);
72625
72626 struct ahd_completion
72627 {
72628 diff --git a/drivers/scsi/aic7xxx/aic79xx_core.c b/drivers/scsi/aic7xxx/aic79xx_core.c
72629 index 109e2c9..7d3c9b5 100644
72630 --- a/drivers/scsi/aic7xxx/aic79xx_core.c
72631 +++ b/drivers/scsi/aic7xxx/aic79xx_core.c
72632 @@ -207,7 +207,7 @@ static void ahd_add_scb_to_free_list(struct ahd_softc *ahd,
72633 static u_int ahd_rem_wscb(struct ahd_softc *ahd, u_int scbid,
72634 u_int prev, u_int next, u_int tid);
72635 static void ahd_reset_current_bus(struct ahd_softc *ahd);
72636 -static ahd_callback_t ahd_stat_timer;
72637 +static ahd_linux_callback_t ahd_stat_timer;
72638 #ifdef AHD_DUMP_SEQ
72639 static void ahd_dumpseq(struct ahd_softc *ahd);
72640 #endif
72641 @@ -7041,10 +7041,9 @@ static const char *termstat_strings[] = {
72642 /***************************** Timer Facilities *******************************/
72643 #define ahd_timer_init init_timer
72644 #define ahd_timer_stop del_timer_sync
72645 -typedef void ahd_linux_callback_t (u_long);
72646
72647 static void
72648 -ahd_timer_reset(ahd_timer_t *timer, int usec, ahd_callback_t *func, void *arg)
72649 +ahd_timer_reset(ahd_timer_t *timer, int usec, ahd_linux_callback_t *func, void *arg)
72650 {
72651 struct ahd_softc *ahd;
72652
72653 @@ -7052,7 +7051,7 @@ ahd_timer_reset(ahd_timer_t *timer, int usec, ahd_callback_t *func, void *arg)
72654 del_timer(timer);
72655 timer->data = (u_long)arg;
72656 timer->expires = jiffies + (usec * HZ)/1000000;
72657 - timer->function = (ahd_linux_callback_t*)func;
72658 + timer->function = func;
72659 add_timer(timer);
72660 }
72661
72662 @@ -8878,9 +8877,9 @@ ahd_reset_channel(struct ahd_softc *ahd, char channel, int initiate_reset)
72663
72664 /**************************** Statistics Processing ***************************/
72665 static void
72666 -ahd_stat_timer(void *arg)
72667 +ahd_stat_timer(unsigned long arg)
72668 {
72669 - struct ahd_softc *ahd = arg;
72670 + struct ahd_softc *ahd = (struct ahd_softc *)arg;
72671 u_long s;
72672 int enint_coal;
72673
72674 diff --git a/drivers/scsi/be2iscsi/be_main.c b/drivers/scsi/be2iscsi/be_main.c
72675 index f05e773..b48c418 100644
72676 --- a/drivers/scsi/be2iscsi/be_main.c
72677 +++ b/drivers/scsi/be2iscsi/be_main.c
72678 @@ -5465,7 +5465,7 @@ beiscsi_hw_health_check(struct work_struct *work)
72679
72680
72681 static pci_ers_result_t beiscsi_eeh_err_detected(struct pci_dev *pdev,
72682 - pci_channel_state_t state)
72683 + enum pci_channel_state state)
72684 {
72685 struct beiscsi_hba *phba = NULL;
72686
72687 diff --git a/drivers/scsi/bfa/bfa.h b/drivers/scsi/bfa/bfa.h
72688 index 0e119d8..1bf8a49 100644
72689 --- a/drivers/scsi/bfa/bfa.h
72690 +++ b/drivers/scsi/bfa/bfa.h
72691 @@ -225,8 +225,10 @@ struct bfa_faa_args_s {
72692 bfa_boolean_t busy;
72693 };
72694
72695 +enum iocfc_event;
72696 +
72697 struct bfa_iocfc_s {
72698 - bfa_fsm_t fsm;
72699 + void (*fsm)(struct bfa_iocfc_s *, enum iocfc_event);
72700 struct bfa_s *bfa;
72701 struct bfa_iocfc_cfg_s cfg;
72702 u32 req_cq_pi[BFI_IOC_MAX_CQS];
72703 diff --git a/drivers/scsi/bfa/bfa_core.c b/drivers/scsi/bfa/bfa_core.c
72704 index 7209afa..2450c125 100644
72705 --- a/drivers/scsi/bfa/bfa_core.c
72706 +++ b/drivers/scsi/bfa/bfa_core.c
72707 @@ -1919,15 +1919,13 @@ bfa_comp_process(struct bfa_s *bfa, struct list_head *comp_q)
72708 struct list_head *qe;
72709 struct list_head *qen;
72710 struct bfa_cb_qe_s *hcb_qe;
72711 - bfa_cb_cbfn_status_t cbfn;
72712
72713 list_for_each_safe(qe, qen, comp_q) {
72714 hcb_qe = (struct bfa_cb_qe_s *) qe;
72715 if (hcb_qe->pre_rmv) {
72716 /* qe is invalid after return, dequeue before cbfn() */
72717 list_del(qe);
72718 - cbfn = (bfa_cb_cbfn_status_t)(hcb_qe->cbfn);
72719 - cbfn(hcb_qe->cbarg, hcb_qe->fw_status);
72720 + hcb_qe->cbfn(hcb_qe->cbarg, hcb_qe->fw_status);
72721 } else
72722 hcb_qe->cbfn(hcb_qe->cbarg, BFA_TRUE);
72723 }
72724 diff --git a/drivers/scsi/bfa/bfa_cs.h b/drivers/scsi/bfa/bfa_cs.h
72725 index df6760c..3b22f4d 100644
72726 --- a/drivers/scsi/bfa/bfa_cs.h
72727 +++ b/drivers/scsi/bfa/bfa_cs.h
72728 @@ -184,8 +184,6 @@ bfa_q_is_on_q_func(struct list_head *q, struct list_head *qe)
72729 * @ BFA state machine interfaces
72730 */
72731
72732 -typedef void (*bfa_sm_t)(void *sm, int event);
72733 -
72734 /*
72735 * oc - object class eg. bfa_ioc
72736 * st - state, eg. reset
72737 @@ -195,20 +193,75 @@ typedef void (*bfa_sm_t)(void *sm, int event);
72738 #define bfa_sm_state_decl(oc, st, otype, etype) \
72739 static void oc ## _sm_ ## st(otype * fsm, etype event)
72740
72741 -#define bfa_sm_set_state(_sm, _state) ((_sm)->sm = (bfa_sm_t)(_state))
72742 +#define bfa_sm_set_state(_sm, _state) ((_sm)->sm = (_state))
72743 #define bfa_sm_send_event(_sm, _event) ((_sm)->sm((_sm), (_event)))
72744 #define bfa_sm_get_state(_sm) ((_sm)->sm)
72745 -#define bfa_sm_cmp_state(_sm, _state) ((_sm)->sm == (bfa_sm_t)(_state))
72746 +#define bfa_sm_cmp_state(_sm, _state) ((_sm)->sm == (_state))
72747
72748 /*
72749 * For converting from state machine function to state encoding.
72750 */
72751 -struct bfa_sm_table_s {
72752 - bfa_sm_t sm; /* state machine function */
72753 +struct bfa_iocpf_s;
72754 +enum iocpf_event;
72755 +typedef void (*bfa_fsm_iocpf_t)(struct bfa_iocpf_s *, enum iocpf_event);
72756 +
72757 +struct iocpf_sm_table_s {
72758 + bfa_fsm_iocpf_t sm; /* state machine function */
72759 int state; /* state machine encoding */
72760 char *name; /* state name for display */
72761 };
72762 -#define BFA_SM(_sm) ((bfa_sm_t)(_sm))
72763 +
72764 +struct bfa_ioc_s;
72765 +enum ioc_event;
72766 +typedef void (*bfa_fsm_ioc_t)(struct bfa_ioc_s *, enum ioc_event);
72767 +
72768 +struct ioc_sm_table_s {
72769 + bfa_fsm_ioc_t sm; /* state machine function */
72770 + int state; /* state machine encoding */
72771 + char *name; /* state name for display */
72772 +};
72773 +
72774 +struct bfa_fcs_rport_s;
72775 +enum rport_event;
72776 +typedef void(*bfa_fcs_rport_t)(struct bfa_fcs_rport_s *, enum rport_event);
72777 +
72778 +struct rport_sm_table_s {
72779 + bfa_fcs_rport_t sm; /* state machine function */
72780 + int state; /* state machine encoding */
72781 + char *name; /* state name for display */
72782 +};
72783 +
72784 +struct bfa_fcs_vport_s;
72785 +enum bfa_fcs_vport_event;
72786 +typedef void(*bfa_fcs_vport_t)(struct bfa_fcs_vport_s *, enum bfa_fcs_vport_event);
72787 +
72788 +struct vport_sm_table_s {
72789 + bfa_fcs_vport_t sm; /* state machine function */
72790 + int state; /* state machine encoding */
72791 + char *name; /* state name for display */
72792 +};
72793 +
72794 +struct bfa_fcs_itnim_s;
72795 +enum bfa_fcs_itnim_event;
72796 +typedef void(*bfa_fcs_itnim_t)(struct bfa_fcs_itnim_s *, enum bfa_fcs_itnim_event);
72797 +
72798 +struct itnim_sm_table_s {
72799 + bfa_fcs_itnim_t sm; /* state machine function */
72800 + int state; /* state machine encoding */
72801 + char *name; /* state name for display */
72802 +};
72803 +
72804 +struct bfa_fcport_s;
72805 +enum bfa_fcport_sm_event;
72806 +typedef void(*bfa_fcport_t)(struct bfa_fcport_s *, enum bfa_fcport_sm_event);
72807 +
72808 +struct fcport_sm_table_s {
72809 + bfa_fcport_t sm; /* state machine function */
72810 + int state; /* state machine encoding */
72811 + char *name; /* state name for display */
72812 +};
72813 +
72814 +#define BFA_SM(_sm) (_sm)
72815
72816 /*
72817 * State machine with entry actions.
72818 @@ -226,17 +279,66 @@ typedef void (*bfa_fsm_t)(void *fsm, int event);
72819 static void oc ## _sm_ ## st ## _entry(otype * fsm)
72820
72821 #define bfa_fsm_set_state(_fsm, _state) do { \
72822 - (_fsm)->fsm = (bfa_fsm_t)(_state); \
72823 + (_fsm)->fsm = (_state); \
72824 _state ## _entry(_fsm); \
72825 } while (0)
72826
72827 #define bfa_fsm_send_event(_fsm, _event) ((_fsm)->fsm((_fsm), (_event)))
72828 #define bfa_fsm_get_state(_fsm) ((_fsm)->fsm)
72829 -#define bfa_fsm_cmp_state(_fsm, _state) \
72830 - ((_fsm)->fsm == (bfa_fsm_t)(_state))
72831 +#define bfa_fsm_cmp_state(_fsm, _state) ((_fsm)->fsm == (_state))
72832
72833 static inline int
72834 -bfa_sm_to_state(struct bfa_sm_table_s *smt, bfa_sm_t sm)
72835 +iocpf_sm_to_state(struct iocpf_sm_table_s *smt, bfa_fsm_iocpf_t sm)
72836 +{
72837 + int i = 0;
72838 +
72839 + while (smt[i].sm && smt[i].sm != sm)
72840 + i++;
72841 + return smt[i].state;
72842 +}
72843 +
72844 +static inline int
72845 +ioc_sm_to_state(struct ioc_sm_table_s *smt, bfa_fsm_ioc_t sm)
72846 +{
72847 + int i = 0;
72848 +
72849 + while (smt[i].sm && smt[i].sm != sm)
72850 + i++;
72851 + return smt[i].state;
72852 +}
72853 +
72854 +static inline int
72855 +rport_sm_to_state(struct rport_sm_table_s *smt, bfa_fcs_rport_t sm)
72856 +{
72857 + int i = 0;
72858 +
72859 + while (smt[i].sm && smt[i].sm != sm)
72860 + i++;
72861 + return smt[i].state;
72862 +}
72863 +
72864 +static inline int
72865 +vport_sm_to_state(struct vport_sm_table_s *smt, bfa_fcs_vport_t sm)
72866 +{
72867 + int i = 0;
72868 +
72869 + while (smt[i].sm && smt[i].sm != sm)
72870 + i++;
72871 + return smt[i].state;
72872 +}
72873 +
72874 +static inline int
72875 +itnim_sm_to_state(struct itnim_sm_table_s *smt, bfa_fcs_itnim_t sm)
72876 +{
72877 + int i = 0;
72878 +
72879 + while (smt[i].sm && smt[i].sm != sm)
72880 + i++;
72881 + return smt[i].state;
72882 +}
72883 +
72884 +static inline int
72885 +fcport_sm_to_state(struct fcport_sm_table_s *smt, bfa_fcport_t sm)
72886 {
72887 int i = 0;
72888
72889 diff --git a/drivers/scsi/bfa/bfa_fcpim.h b/drivers/scsi/bfa/bfa_fcpim.h
72890 index e93921d..ee6b4c0 100644
72891 --- a/drivers/scsi/bfa/bfa_fcpim.h
72892 +++ b/drivers/scsi/bfa/bfa_fcpim.h
72893 @@ -37,7 +37,7 @@ struct bfa_iotag_s {
72894
72895 struct bfa_itn_s {
72896 bfa_isr_func_t isr;
72897 -};
72898 +} __no_const;
72899
72900 void bfa_itn_create(struct bfa_s *bfa, struct bfa_rport_s *rport,
72901 void (*isr)(struct bfa_s *bfa, struct bfi_msg_s *m));
72902 @@ -165,9 +165,11 @@ struct bfa_fcp_mod_s {
72903 /*
72904 * BFA IO (initiator mode)
72905 */
72906 +enum bfa_ioim_event;
72907 +
72908 struct bfa_ioim_s {
72909 struct list_head qe; /* queue elememt */
72910 - bfa_sm_t sm; /* BFA ioim state machine */
72911 + void (*sm)(struct bfa_ioim_s *, enum bfa_ioim_event);/* BFA ioim state machine */
72912 struct bfa_s *bfa; /* BFA module */
72913 struct bfa_fcpim_s *fcpim; /* parent fcpim module */
72914 struct bfa_itnim_s *itnim; /* i-t-n nexus for this IO */
72915 @@ -197,9 +199,11 @@ struct bfa_ioim_sp_s {
72916 /*
72917 * BFA Task management command (initiator mode)
72918 */
72919 +enum bfa_tskim_event;
72920 +
72921 struct bfa_tskim_s {
72922 struct list_head qe;
72923 - bfa_sm_t sm;
72924 + void (*sm)(struct bfa_tskim_s *, enum bfa_tskim_event);
72925 struct bfa_s *bfa; /* BFA module */
72926 struct bfa_fcpim_s *fcpim; /* parent fcpim module */
72927 struct bfa_itnim_s *itnim; /* i-t-n nexus for this IO */
72928 @@ -219,9 +223,11 @@ struct bfa_tskim_s {
72929 /*
72930 * BFA i-t-n (initiator mode)
72931 */
72932 +enum bfa_itnim_event;
72933 +
72934 struct bfa_itnim_s {
72935 struct list_head qe; /* queue element */
72936 - bfa_sm_t sm; /* i-t-n im BFA state machine */
72937 + void (*sm)(struct bfa_itnim_s *, enum bfa_itnim_event);/* i-t-n im BFA state machine */
72938 struct bfa_s *bfa; /* bfa instance */
72939 struct bfa_rport_s *rport; /* bfa rport */
72940 void *ditn; /* driver i-t-n structure */
72941 diff --git a/drivers/scsi/bfa/bfa_fcs.c b/drivers/scsi/bfa/bfa_fcs.c
72942 index 1e7e139..c2031dd 100644
72943 --- a/drivers/scsi/bfa/bfa_fcs.c
72944 +++ b/drivers/scsi/bfa/bfa_fcs.c
72945 @@ -39,10 +39,21 @@ struct bfa_fcs_mod_s {
72946 #define BFA_FCS_MODULE(_mod) { _mod ## _modinit, _mod ## _modexit }
72947
72948 static struct bfa_fcs_mod_s fcs_modules[] = {
72949 - { bfa_fcs_port_attach, NULL, NULL },
72950 - { bfa_fcs_uf_attach, NULL, NULL },
72951 - { bfa_fcs_fabric_attach, bfa_fcs_fabric_modinit,
72952 - bfa_fcs_fabric_modexit },
72953 + {
72954 + .attach = bfa_fcs_port_attach,
72955 + .modinit = NULL,
72956 + .modexit = NULL
72957 + },
72958 + {
72959 + .attach = bfa_fcs_uf_attach,
72960 + .modinit = NULL,
72961 + .modexit = NULL
72962 + },
72963 + {
72964 + .attach = bfa_fcs_fabric_attach,
72965 + .modinit = bfa_fcs_fabric_modinit,
72966 + .modexit = bfa_fcs_fabric_modexit
72967 + },
72968 };
72969
72970 /*
72971 diff --git a/drivers/scsi/bfa/bfa_fcs.h b/drivers/scsi/bfa/bfa_fcs.h
72972 index 0f797a5..73b170a 100644
72973 --- a/drivers/scsi/bfa/bfa_fcs.h
72974 +++ b/drivers/scsi/bfa/bfa_fcs.h
72975 @@ -67,8 +67,10 @@ struct bfa_fcs_s;
72976 #define BFA_FCS_PID_IS_WKA(pid) ((bfa_ntoh3b(pid) > 0xFFF000) ? 1 : 0)
72977 #define BFA_FCS_MAX_RPORT_LOGINS 1024
72978
72979 +enum vport_ns_event;
72980 +
72981 struct bfa_fcs_lport_ns_s {
72982 - bfa_sm_t sm; /* state machine */
72983 + void (*sm)(struct bfa_fcs_lport_ns_s *, enum vport_ns_event);/* state machine */
72984 struct bfa_timer_s timer;
72985 struct bfa_fcs_lport_s *port; /* parent port */
72986 struct bfa_fcxp_s *fcxp;
72987 @@ -77,18 +79,20 @@ struct bfa_fcs_lport_ns_s {
72988 u8 num_rsnn_nn_retries;
72989 };
72990
72991 +enum port_scn_event;
72992
72993 struct bfa_fcs_lport_scn_s {
72994 - bfa_sm_t sm; /* state machine */
72995 + void (*sm)(struct bfa_fcs_lport_scn_s *, enum port_scn_event);/* state machine */
72996 struct bfa_timer_s timer;
72997 struct bfa_fcs_lport_s *port; /* parent port */
72998 struct bfa_fcxp_s *fcxp;
72999 struct bfa_fcxp_wqe_s fcxp_wqe;
73000 };
73001
73002 +enum port_fdmi_event;
73003
73004 struct bfa_fcs_lport_fdmi_s {
73005 - bfa_sm_t sm; /* state machine */
73006 + void (*sm)(struct bfa_fcs_lport_fdmi_s *, enum port_fdmi_event);/* state machine */
73007 struct bfa_timer_s timer;
73008 struct bfa_fcs_lport_ms_s *ms; /* parent ms */
73009 struct bfa_fcxp_s *fcxp;
73010 @@ -97,9 +101,10 @@ struct bfa_fcs_lport_fdmi_s {
73011 u8 rsvd[3];
73012 };
73013
73014 +enum port_ms_event;
73015
73016 struct bfa_fcs_lport_ms_s {
73017 - bfa_sm_t sm; /* state machine */
73018 + void (*sm)(struct bfa_fcs_lport_ms_s *, enum port_ms_event);/* state machine */
73019 struct bfa_timer_s timer;
73020 struct bfa_fcs_lport_s *port; /* parent port */
73021 struct bfa_fcxp_s *fcxp;
73022 @@ -139,10 +144,11 @@ union bfa_fcs_lport_topo_u {
73023 struct bfa_fcs_lport_n2n_s pn2n;
73024 };
73025
73026 +enum bfa_fcs_lport_event;
73027
73028 struct bfa_fcs_lport_s {
73029 struct list_head qe; /* used by port/vport */
73030 - bfa_sm_t sm; /* state machine */
73031 + void (*sm)(struct bfa_fcs_lport_s *, enum bfa_fcs_lport_event); /* state machine */
73032 struct bfa_fcs_fabric_s *fabric; /* parent fabric */
73033 struct bfa_lport_cfg_s port_cfg; /* port configuration */
73034 struct bfa_timer_s link_timer; /* timer for link offline */
73035 @@ -179,10 +185,11 @@ enum bfa_fcs_fabric_type {
73036 BFA_FCS_FABRIC_LOOP = 3,
73037 };
73038
73039 +enum bfa_fcs_fabric_event;
73040
73041 struct bfa_fcs_fabric_s {
73042 struct list_head qe; /* queue element */
73043 - bfa_sm_t sm; /* state machine */
73044 + void (*sm)(struct bfa_fcs_fabric_s *, enum bfa_fcs_fabric_event); /* state machine */
73045 struct bfa_fcs_s *fcs; /* FCS instance */
73046 struct bfa_fcs_lport_s bport; /* base logical port */
73047 enum bfa_fcs_fabric_type fab_type; /* fabric type */
73048 @@ -355,9 +362,11 @@ void bfa_fcs_lport_scn_process_rscn(struct bfa_fcs_lport_s *port,
73049 struct fchs_s *rx_frame, u32 len);
73050 void bfa_fcs_lport_lip_scn_online(bfa_fcs_lport_t *port);
73051
73052 +enum bfa_fcs_vport_event;
73053 +
73054 struct bfa_fcs_vport_s {
73055 struct list_head qe; /* queue elem */
73056 - bfa_sm_t sm; /* state machine */
73057 + void (*sm)(struct bfa_fcs_vport_s *, enum bfa_fcs_vport_event);/* state machine */
73058 bfa_fcs_lport_t lport; /* logical port */
73059 struct bfa_timer_s timer;
73060 struct bfad_vport_s *vport_drv; /* Driver private */
73061 @@ -409,8 +418,10 @@ struct bfa_fcs_tin_s;
73062 struct bfa_fcs_iprp_s;
73063
73064 /* Rport Features (RPF) */
73065 +enum rpf_event;
73066 +
73067 struct bfa_fcs_rpf_s {
73068 - bfa_sm_t sm; /* state machine */
73069 + void (*sm)(struct bfa_fcs_rpf_s *, enum rpf_event); /* state machine */
73070 struct bfa_fcs_rport_s *rport; /* parent rport */
73071 struct bfa_timer_s timer; /* general purpose timer */
73072 struct bfa_fcxp_s *fcxp; /* FCXP needed for discarding */
73073 @@ -425,6 +436,8 @@ struct bfa_fcs_rpf_s {
73074 */
73075 };
73076
73077 +enum rport_event;
73078 +
73079 struct bfa_fcs_rport_s {
73080 struct list_head qe; /* used by port/vport */
73081 struct bfa_fcs_lport_s *port; /* parent FCS port */
73082 @@ -441,7 +454,7 @@ struct bfa_fcs_rport_s {
73083 wwn_t pwwn; /* port wwn of rport */
73084 wwn_t nwwn; /* node wwn of rport */
73085 struct bfa_rport_symname_s psym_name; /* port symbolic name */
73086 - bfa_sm_t sm; /* state machine */
73087 + void (*sm)(struct bfa_fcs_rport_s *, enum rport_event); /* state machine */
73088 struct bfa_timer_s timer; /* general purpose timer */
73089 struct bfa_fcs_itnim_s *itnim; /* ITN initiator mode role */
73090 struct bfa_fcs_tin_s *tin; /* ITN initiator mode role */
73091 @@ -502,9 +515,10 @@ void bfa_fcs_rpf_rport_offline(struct bfa_fcs_rport_s *rport);
73092 * forward declarations
73093 */
73094 struct bfad_itnim_s;
73095 +enum bfa_fcs_itnim_event;
73096
73097 struct bfa_fcs_itnim_s {
73098 - bfa_sm_t sm; /* state machine */
73099 + void (*sm)(struct bfa_fcs_itnim_s *, enum bfa_fcs_itnim_event);/* state machine */
73100 struct bfa_fcs_rport_s *rport; /* parent remote rport */
73101 struct bfad_itnim_s *itnim_drv; /* driver peer instance */
73102 struct bfa_fcs_s *fcs; /* fcs instance */
73103 diff --git a/drivers/scsi/bfa/bfa_fcs_fcpim.c b/drivers/scsi/bfa/bfa_fcs_fcpim.c
73104 index 2e3b19e..7a9b729 100644
73105 --- a/drivers/scsi/bfa/bfa_fcs_fcpim.c
73106 +++ b/drivers/scsi/bfa/bfa_fcs_fcpim.c
73107 @@ -60,7 +60,7 @@ static void bfa_fcs_itnim_sm_hcb_offline(struct bfa_fcs_itnim_s *itnim,
73108 static void bfa_fcs_itnim_sm_initiator(struct bfa_fcs_itnim_s *itnim,
73109 enum bfa_fcs_itnim_event event);
73110
73111 -static struct bfa_sm_table_s itnim_sm_table[] = {
73112 +static struct itnim_sm_table_s itnim_sm_table[] = {
73113 {BFA_SM(bfa_fcs_itnim_sm_offline), BFA_ITNIM_OFFLINE},
73114 {BFA_SM(bfa_fcs_itnim_sm_prli_send), BFA_ITNIM_PRLI_SEND},
73115 {BFA_SM(bfa_fcs_itnim_sm_prli), BFA_ITNIM_PRLI_SENT},
73116 @@ -673,7 +673,7 @@ bfa_status_t
73117 bfa_fcs_itnim_get_online_state(struct bfa_fcs_itnim_s *itnim)
73118 {
73119 bfa_trc(itnim->fcs, itnim->rport->pid);
73120 - switch (bfa_sm_to_state(itnim_sm_table, itnim->sm)) {
73121 + switch (itnim_sm_to_state(itnim_sm_table, itnim->sm)) {
73122 case BFA_ITNIM_ONLINE:
73123 case BFA_ITNIM_INITIATIOR:
73124 return BFA_STATUS_OK;
73125 @@ -773,7 +773,7 @@ bfa_fcs_itnim_attr_get(struct bfa_fcs_lport_s *port, wwn_t rpwwn,
73126 if (itnim == NULL)
73127 return BFA_STATUS_NO_FCPIM_NEXUS;
73128
73129 - attr->state = bfa_sm_to_state(itnim_sm_table, itnim->sm);
73130 + attr->state = itnim_sm_to_state(itnim_sm_table, itnim->sm);
73131 attr->retry = itnim->seq_rec;
73132 attr->rec_support = itnim->rec_support;
73133 attr->conf_comp = itnim->conf_comp;
73134 diff --git a/drivers/scsi/bfa/bfa_fcs_lport.c b/drivers/scsi/bfa/bfa_fcs_lport.c
73135 index 7733ad5..11f32d1 100644
73136 --- a/drivers/scsi/bfa/bfa_fcs_lport.c
73137 +++ b/drivers/scsi/bfa/bfa_fcs_lport.c
73138 @@ -90,15 +90,26 @@ static struct {
73139 void (*offline) (struct bfa_fcs_lport_s *port);
73140 } __port_action[] = {
73141 {
73142 - bfa_fcs_lport_unknown_init, bfa_fcs_lport_unknown_online,
73143 - bfa_fcs_lport_unknown_offline}, {
73144 - bfa_fcs_lport_fab_init, bfa_fcs_lport_fab_online,
73145 - bfa_fcs_lport_fab_offline}, {
73146 - bfa_fcs_lport_n2n_init, bfa_fcs_lport_n2n_online,
73147 - bfa_fcs_lport_n2n_offline}, {
73148 - bfa_fcs_lport_loop_init, bfa_fcs_lport_loop_online,
73149 - bfa_fcs_lport_loop_offline},
73150 - };
73151 + .init = bfa_fcs_lport_unknown_init,
73152 + .online = bfa_fcs_lport_unknown_online,
73153 + .offline = bfa_fcs_lport_unknown_offline
73154 + },
73155 + {
73156 + .init = bfa_fcs_lport_fab_init,
73157 + .online = bfa_fcs_lport_fab_online,
73158 + .offline = bfa_fcs_lport_fab_offline
73159 + },
73160 + {
73161 + .init = bfa_fcs_lport_n2n_init,
73162 + .online = bfa_fcs_lport_n2n_online,
73163 + .offline = bfa_fcs_lport_n2n_offline
73164 + },
73165 + {
73166 + .init = bfa_fcs_lport_loop_init,
73167 + .online = bfa_fcs_lport_loop_online,
73168 + .offline = bfa_fcs_lport_loop_offline
73169 + },
73170 +};
73171
73172 /*
73173 * fcs_port_sm FCS logical port state machine
73174 @@ -6040,7 +6051,7 @@ static void bfa_fcs_vport_sm_stopping(struct bfa_fcs_vport_s *vport,
73175 static void bfa_fcs_vport_sm_logo_for_stop(struct bfa_fcs_vport_s *vport,
73176 enum bfa_fcs_vport_event event);
73177
73178 -static struct bfa_sm_table_s vport_sm_table[] = {
73179 +static struct vport_sm_table_s vport_sm_table[] = {
73180 {BFA_SM(bfa_fcs_vport_sm_uninit), BFA_FCS_VPORT_UNINIT},
73181 {BFA_SM(bfa_fcs_vport_sm_created), BFA_FCS_VPORT_CREATED},
73182 {BFA_SM(bfa_fcs_vport_sm_offline), BFA_FCS_VPORT_OFFLINE},
73183 @@ -6871,7 +6882,7 @@ bfa_fcs_vport_get_attr(struct bfa_fcs_vport_s *vport,
73184 memset(attr, 0, sizeof(struct bfa_vport_attr_s));
73185
73186 bfa_fcs_lport_get_attr(&vport->lport, &attr->port_attr);
73187 - attr->vport_state = bfa_sm_to_state(vport_sm_table, vport->sm);
73188 + attr->vport_state = vport_sm_to_state(vport_sm_table, vport->sm);
73189 }
73190
73191
73192 diff --git a/drivers/scsi/bfa/bfa_fcs_rport.c b/drivers/scsi/bfa/bfa_fcs_rport.c
73193 index de50349..6d676be 100644
73194 --- a/drivers/scsi/bfa/bfa_fcs_rport.c
73195 +++ b/drivers/scsi/bfa/bfa_fcs_rport.c
73196 @@ -144,7 +144,7 @@ static void bfa_fcs_rport_sm_fc4_off_delete(struct bfa_fcs_rport_s *rport,
73197 static void bfa_fcs_rport_sm_delete_pending(struct bfa_fcs_rport_s *rport,
73198 enum rport_event event);
73199
73200 -static struct bfa_sm_table_s rport_sm_table[] = {
73201 +static struct rport_sm_table_s rport_sm_table[] = {
73202 {BFA_SM(bfa_fcs_rport_sm_uninit), BFA_RPORT_UNINIT},
73203 {BFA_SM(bfa_fcs_rport_sm_plogi_sending), BFA_RPORT_PLOGI},
73204 {BFA_SM(bfa_fcs_rport_sm_plogiacc_sending), BFA_RPORT_ONLINE},
73205 @@ -2980,7 +2980,7 @@ bfa_fcs_rport_send_ls_rjt(struct bfa_fcs_rport_s *rport, struct fchs_s *rx_fchs,
73206 int
73207 bfa_fcs_rport_get_state(struct bfa_fcs_rport_s *rport)
73208 {
73209 - return bfa_sm_to_state(rport_sm_table, rport->sm);
73210 + return rport_sm_to_state(rport_sm_table, rport->sm);
73211 }
73212
73213
73214 diff --git a/drivers/scsi/bfa/bfa_ioc.c b/drivers/scsi/bfa/bfa_ioc.c
73215 index a1ada4a..6ed9ba2 100644
73216 --- a/drivers/scsi/bfa/bfa_ioc.c
73217 +++ b/drivers/scsi/bfa/bfa_ioc.c
73218 @@ -148,7 +148,7 @@ bfa_fsm_state_decl(bfa_ioc, disabling, struct bfa_ioc_s, enum ioc_event);
73219 bfa_fsm_state_decl(bfa_ioc, disabled, struct bfa_ioc_s, enum ioc_event);
73220 bfa_fsm_state_decl(bfa_ioc, hwfail, struct bfa_ioc_s, enum ioc_event);
73221
73222 -static struct bfa_sm_table_s ioc_sm_table[] = {
73223 +static struct ioc_sm_table_s ioc_sm_table[] = {
73224 {BFA_SM(bfa_ioc_sm_uninit), BFA_IOC_UNINIT},
73225 {BFA_SM(bfa_ioc_sm_reset), BFA_IOC_RESET},
73226 {BFA_SM(bfa_ioc_sm_enabling), BFA_IOC_ENABLING},
73227 @@ -236,7 +236,7 @@ bfa_fsm_state_decl(bfa_iocpf, disabling_sync, struct bfa_iocpf_s,
73228 enum iocpf_event);
73229 bfa_fsm_state_decl(bfa_iocpf, disabled, struct bfa_iocpf_s, enum iocpf_event);
73230
73231 -static struct bfa_sm_table_s iocpf_sm_table[] = {
73232 +static struct iocpf_sm_table_s iocpf_sm_table[] = {
73233 {BFA_SM(bfa_iocpf_sm_reset), BFA_IOCPF_RESET},
73234 {BFA_SM(bfa_iocpf_sm_fwcheck), BFA_IOCPF_FWMISMATCH},
73235 {BFA_SM(bfa_iocpf_sm_mismatch), BFA_IOCPF_FWMISMATCH},
73236 @@ -2830,12 +2830,12 @@ enum bfa_ioc_state
73237 bfa_ioc_get_state(struct bfa_ioc_s *ioc)
73238 {
73239 enum bfa_iocpf_state iocpf_st;
73240 - enum bfa_ioc_state ioc_st = bfa_sm_to_state(ioc_sm_table, ioc->fsm);
73241 + enum bfa_ioc_state ioc_st = ioc_sm_to_state(ioc_sm_table, ioc->fsm);
73242
73243 if (ioc_st == BFA_IOC_ENABLING ||
73244 ioc_st == BFA_IOC_FAIL || ioc_st == BFA_IOC_INITFAIL) {
73245
73246 - iocpf_st = bfa_sm_to_state(iocpf_sm_table, ioc->iocpf.fsm);
73247 + iocpf_st = iocpf_sm_to_state(iocpf_sm_table, ioc->iocpf.fsm);
73248
73249 switch (iocpf_st) {
73250 case BFA_IOCPF_SEMWAIT:
73251 diff --git a/drivers/scsi/bfa/bfa_ioc.h b/drivers/scsi/bfa/bfa_ioc.h
73252 index 713745d..78b9671 100644
73253 --- a/drivers/scsi/bfa/bfa_ioc.h
73254 +++ b/drivers/scsi/bfa/bfa_ioc.h
73255 @@ -259,7 +259,7 @@ struct bfa_ioc_cbfn_s {
73256 bfa_ioc_disable_cbfn_t disable_cbfn;
73257 bfa_ioc_hbfail_cbfn_t hbfail_cbfn;
73258 bfa_ioc_reset_cbfn_t reset_cbfn;
73259 -};
73260 +} __no_const;
73261
73262 /*
73263 * IOC event notification mechanism.
73264 @@ -286,16 +286,20 @@ struct bfa_ioc_notify_s {
73265 (__notify)->cbarg = (__cbarg); \
73266 } while (0)
73267
73268 +enum iocpf_event;
73269 +
73270 struct bfa_iocpf_s {
73271 - bfa_fsm_t fsm;
73272 + void (*fsm)(struct bfa_iocpf_s *, enum iocpf_event);
73273 struct bfa_ioc_s *ioc;
73274 bfa_boolean_t fw_mismatch_notified;
73275 bfa_boolean_t auto_recover;
73276 u32 poll_time;
73277 };
73278
73279 +enum ioc_event;
73280 +
73281 struct bfa_ioc_s {
73282 - bfa_fsm_t fsm;
73283 + void (*fsm)(struct bfa_ioc_s *, enum ioc_event);
73284 struct bfa_s *bfa;
73285 struct bfa_pcidev_s pcidev;
73286 struct bfa_timer_mod_s *timer_mod;
73287 @@ -353,7 +357,7 @@ struct bfa_ioc_hwif_s {
73288 void (*ioc_set_alt_fwstate) (struct bfa_ioc_s *ioc,
73289 enum bfi_ioc_state fwstate);
73290 enum bfi_ioc_state (*ioc_get_alt_fwstate) (struct bfa_ioc_s *ioc);
73291 -};
73292 +} __no_const;
73293
73294 /*
73295 * Queue element to wait for room in request queue. FIFO order is
73296 @@ -779,8 +783,10 @@ struct bfa_dconf_s {
73297 };
73298 #pragma pack()
73299
73300 +enum bfa_dconf_event;
73301 +
73302 struct bfa_dconf_mod_s {
73303 - bfa_sm_t sm;
73304 + void (*sm)(struct bfa_dconf_mod_s *, enum bfa_dconf_event);
73305 u8 instance;
73306 bfa_boolean_t read_data_valid;
73307 bfa_boolean_t min_cfg;
73308 diff --git a/drivers/scsi/bfa/bfa_modules.h b/drivers/scsi/bfa/bfa_modules.h
73309 index 53135f2..640621b 100644
73310 --- a/drivers/scsi/bfa/bfa_modules.h
73311 +++ b/drivers/scsi/bfa/bfa_modules.h
73312 @@ -79,12 +79,12 @@ enum {
73313 \
73314 extern struct bfa_module_s hal_mod_ ## __mod; \
73315 struct bfa_module_s hal_mod_ ## __mod = { \
73316 - bfa_ ## __mod ## _meminfo, \
73317 - bfa_ ## __mod ## _attach, \
73318 - bfa_ ## __mod ## _detach, \
73319 - bfa_ ## __mod ## _start, \
73320 - bfa_ ## __mod ## _stop, \
73321 - bfa_ ## __mod ## _iocdisable, \
73322 + .meminfo = bfa_ ## __mod ## _meminfo, \
73323 + .attach = bfa_ ## __mod ## _attach, \
73324 + .detach = bfa_ ## __mod ## _detach, \
73325 + .start = bfa_ ## __mod ## _start, \
73326 + .stop = bfa_ ## __mod ## _stop, \
73327 + .iocdisable = bfa_ ## __mod ## _iocdisable, \
73328 }
73329
73330 #define BFA_CACHELINE_SZ (256)
73331 diff --git a/drivers/scsi/bfa/bfa_svc.c b/drivers/scsi/bfa/bfa_svc.c
73332 index 12de292..ec9f0ab 100644
73333 --- a/drivers/scsi/bfa/bfa_svc.c
73334 +++ b/drivers/scsi/bfa/bfa_svc.c
73335 @@ -225,7 +225,7 @@ static void bfa_fcport_ln_sm_up_dn_nf(struct bfa_fcport_ln_s *ln,
73336 static void bfa_fcport_ln_sm_up_dn_up_nf(struct bfa_fcport_ln_s *ln,
73337 enum bfa_fcport_ln_sm_event event);
73338
73339 -static struct bfa_sm_table_s hal_port_sm_table[] = {
73340 +static struct fcport_sm_table_s hal_port_sm_table[] = {
73341 {BFA_SM(bfa_fcport_sm_uninit), BFA_PORT_ST_UNINIT},
73342 {BFA_SM(bfa_fcport_sm_enabling_qwait), BFA_PORT_ST_ENABLING_QWAIT},
73343 {BFA_SM(bfa_fcport_sm_enabling), BFA_PORT_ST_ENABLING},
73344 @@ -3642,7 +3642,7 @@ bfa_fcport_isr(struct bfa_s *bfa, struct bfi_msg_s *msg)
73345 fcport->event_arg.i2hmsg = i2hmsg;
73346
73347 bfa_trc(bfa, msg->mhdr.msg_id);
73348 - bfa_trc(bfa, bfa_sm_to_state(hal_port_sm_table, fcport->sm));
73349 + bfa_trc(bfa, fcport_sm_to_state(hal_port_sm_table, fcport->sm));
73350
73351 switch (msg->mhdr.msg_id) {
73352 case BFI_FCPORT_I2H_ENABLE_RSP:
73353 @@ -4077,7 +4077,7 @@ bfa_fcport_get_attr(struct bfa_s *bfa, struct bfa_port_attr_s *attr)
73354
73355 attr->pport_cfg.path_tov = bfa_fcpim_path_tov_get(bfa);
73356 attr->pport_cfg.q_depth = bfa_fcpim_qdepth_get(bfa);
73357 - attr->port_state = bfa_sm_to_state(hal_port_sm_table, fcport->sm);
73358 + attr->port_state = fcport_sm_to_state(hal_port_sm_table, fcport->sm);
73359
73360 attr->fec_state = fcport->fec_state;
73361
73362 @@ -4159,7 +4159,7 @@ bfa_fcport_is_disabled(struct bfa_s *bfa)
73363 {
73364 struct bfa_fcport_s *fcport = BFA_FCPORT_MOD(bfa);
73365
73366 - return bfa_sm_to_state(hal_port_sm_table, fcport->sm) ==
73367 + return fcport_sm_to_state(hal_port_sm_table, fcport->sm) ==
73368 BFA_PORT_ST_DISABLED;
73369
73370 }
73371 @@ -4169,7 +4169,7 @@ bfa_fcport_is_dport(struct bfa_s *bfa)
73372 {
73373 struct bfa_fcport_s *fcport = BFA_FCPORT_MOD(bfa);
73374
73375 - return (bfa_sm_to_state(hal_port_sm_table, fcport->sm) ==
73376 + return (fcport_sm_to_state(hal_port_sm_table, fcport->sm) ==
73377 BFA_PORT_ST_DPORT);
73378 }
73379
73380 @@ -4178,7 +4178,7 @@ bfa_fcport_is_ddport(struct bfa_s *bfa)
73381 {
73382 struct bfa_fcport_s *fcport = BFA_FCPORT_MOD(bfa);
73383
73384 - return (bfa_sm_to_state(hal_port_sm_table, fcport->sm) ==
73385 + return (fcport_sm_to_state(hal_port_sm_table, fcport->sm) ==
73386 BFA_PORT_ST_DDPORT);
73387 }
73388
73389 diff --git a/drivers/scsi/bfa/bfa_svc.h b/drivers/scsi/bfa/bfa_svc.h
73390 index ea2278b..6f51a73 100644
73391 --- a/drivers/scsi/bfa/bfa_svc.h
73392 +++ b/drivers/scsi/bfa/bfa_svc.h
73393 @@ -160,6 +160,8 @@ struct bfa_fcxp_rsp_info_s {
73394 u32 rsp_maxlen; /* max response length expected */
73395 };
73396
73397 +typedef void (*bfa_sm_t)(void *sm, int event);
73398 +
73399 struct bfa_fcxp_s {
73400 struct list_head qe; /* fcxp queue element */
73401 bfa_sm_t sm; /* state machine */
73402 @@ -295,9 +297,11 @@ struct bfa_rport_info_s {
73403 /*
73404 * BFA rport data structure
73405 */
73406 +enum bfa_rport_event;
73407 +
73408 struct bfa_rport_s {
73409 struct list_head qe; /* queue element */
73410 - bfa_sm_t sm; /* state machine */
73411 + void (*sm)(struct bfa_rport_s *, enum bfa_rport_event);/* state machine */
73412 struct bfa_s *bfa; /* backpointer to BFA */
73413 void *rport_drv; /* fcs/driver rport object */
73414 u16 fw_handle; /* firmware rport handle */
73415 @@ -388,10 +392,12 @@ void bfa_uf_res_recfg(struct bfa_s *bfa, u16 num_uf_fw);
73416 /*
73417 * LPS - bfa lport login/logout service interface
73418 */
73419 +enum bfa_lps_event;
73420 +
73421 struct bfa_lps_s {
73422 struct list_head qe; /* queue element */
73423 struct bfa_s *bfa; /* parent bfa instance */
73424 - bfa_sm_t sm; /* finite state machine */
73425 + void (*sm)(struct bfa_lps_s *, enum bfa_lps_event);/* finite state machine */
73426 u8 bfa_tag; /* lport tag */
73427 u8 fw_tag; /* lport fw tag */
73428 u8 reqq; /* lport request queue */
73429 @@ -450,9 +456,11 @@ void bfa_lps_isr(struct bfa_s *bfa, struct bfi_msg_s *msg);
73430 /*
73431 * Link notification data structure
73432 */
73433 +enum bfa_fcport_ln_sm_event;
73434 +
73435 struct bfa_fcport_ln_s {
73436 struct bfa_fcport_s *fcport;
73437 - bfa_sm_t sm;
73438 + void (*sm)(struct bfa_fcport_ln_s *, enum bfa_fcport_ln_sm_event);
73439 struct bfa_cb_qe_s ln_qe; /* BFA callback queue elem for ln */
73440 enum bfa_port_linkstate ln_event; /* ln event for callback */
73441 };
73442 @@ -466,7 +474,7 @@ struct bfa_fcport_trunk_s {
73443 */
73444 struct bfa_fcport_s {
73445 struct bfa_s *bfa; /* parent BFA instance */
73446 - bfa_sm_t sm; /* port state machine */
73447 + void (*sm)(struct bfa_fcport_s *, enum bfa_fcport_sm_event); /* port state machine */
73448 wwn_t nwwn; /* node wwn of physical port */
73449 wwn_t pwwn; /* port wwn of physical oprt */
73450 enum bfa_port_speed speed_sup;
73451 @@ -714,9 +722,11 @@ struct bfa_fcdiag_lb_s {
73452 u32 status;
73453 };
73454
73455 +enum bfa_dport_sm_event;
73456 +
73457 struct bfa_dport_s {
73458 struct bfa_s *bfa; /* Back pointer to BFA */
73459 - bfa_sm_t sm; /* finite state machine */
73460 + void (*sm)(struct bfa_dport_s *, enum bfa_dport_sm_event);/* finite state machine */
73461 struct bfa_reqq_wait_s reqq_wait;
73462 bfa_cb_diag_t cbfn;
73463 void *cbarg;
73464 diff --git a/drivers/scsi/bfa/bfad.c b/drivers/scsi/bfa/bfad.c
73465 index 9d253cb..bb533ea 100644
73466 --- a/drivers/scsi/bfa/bfad.c
73467 +++ b/drivers/scsi/bfa/bfad.c
73468 @@ -408,6 +408,16 @@ bfad_hcb_comp(void *arg, bfa_status_t status)
73469 complete(&fcomp->comp);
73470 }
73471
73472 +void
73473 +bfad_stats_comp(void *arg, bfa_boolean_t _status)
73474 +{
73475 + struct bfad_hal_comp *fcomp = (struct bfad_hal_comp *)arg;
73476 + bfa_status_t status = (bfa_status_t)_status;
73477 +
73478 + fcomp->status = status;
73479 + complete(&fcomp->comp);
73480 +}
73481 +
73482 /*
73483 * bfa_init callback
73484 */
73485 @@ -1442,7 +1452,7 @@ bfad_pci_remove(struct pci_dev *pdev)
73486 * PCI Error Recovery entry, error detected.
73487 */
73488 static pci_ers_result_t
73489 -bfad_pci_error_detected(struct pci_dev *pdev, pci_channel_state_t state)
73490 +bfad_pci_error_detected(struct pci_dev *pdev, enum pci_channel_state state)
73491 {
73492 struct bfad_s *bfad = pci_get_drvdata(pdev);
73493 unsigned long flags;
73494 diff --git a/drivers/scsi/bfa/bfad_bsg.c b/drivers/scsi/bfa/bfad_bsg.c
73495 index d1ad020..661c0f9 100644
73496 --- a/drivers/scsi/bfa/bfad_bsg.c
73497 +++ b/drivers/scsi/bfa/bfad_bsg.c
73498 @@ -2145,7 +2145,7 @@ bfad_iocmd_fcport_get_stats(struct bfad_s *bfad, void *cmd)
73499 struct bfa_cb_pending_q_s cb_qe;
73500
73501 init_completion(&fcomp.comp);
73502 - bfa_pending_q_init(&cb_qe, (bfa_cb_cbfn_t)bfad_hcb_comp,
73503 + bfa_pending_q_init(&cb_qe, bfad_stats_comp,
73504 &fcomp, &iocmd->stats);
73505 spin_lock_irqsave(&bfad->bfad_lock, flags);
73506 iocmd->status = bfa_fcport_get_stats(&bfad->bfa, &cb_qe);
73507 @@ -2169,7 +2169,7 @@ bfad_iocmd_fcport_reset_stats(struct bfad_s *bfad, void *cmd)
73508 struct bfa_cb_pending_q_s cb_qe;
73509
73510 init_completion(&fcomp.comp);
73511 - bfa_pending_q_init(&cb_qe, (bfa_cb_cbfn_t)bfad_hcb_comp, &fcomp, NULL);
73512 + bfa_pending_q_init(&cb_qe, bfad_stats_comp, &fcomp, NULL);
73513
73514 spin_lock_irqsave(&bfad->bfad_lock, flags);
73515 iocmd->status = bfa_fcport_clear_stats(&bfad->bfa, &cb_qe);
73516 @@ -2453,7 +2453,7 @@ bfad_iocmd_qos_get_stats(struct bfad_s *bfad, void *cmd)
73517 struct bfa_fcport_s *fcport = BFA_FCPORT_MOD(&bfad->bfa);
73518
73519 init_completion(&fcomp.comp);
73520 - bfa_pending_q_init(&cb_qe, (bfa_cb_cbfn_t)bfad_hcb_comp,
73521 + bfa_pending_q_init(&cb_qe, bfad_stats_comp,
73522 &fcomp, &iocmd->stats);
73523
73524 spin_lock_irqsave(&bfad->bfad_lock, flags);
73525 @@ -2484,7 +2484,7 @@ bfad_iocmd_qos_reset_stats(struct bfad_s *bfad, void *cmd)
73526 struct bfa_fcport_s *fcport = BFA_FCPORT_MOD(&bfad->bfa);
73527
73528 init_completion(&fcomp.comp);
73529 - bfa_pending_q_init(&cb_qe, (bfa_cb_cbfn_t)bfad_hcb_comp,
73530 + bfa_pending_q_init(&cb_qe, bfad_stats_comp,
73531 &fcomp, NULL);
73532
73533 spin_lock_irqsave(&bfad->bfad_lock, flags);
73534 diff --git a/drivers/scsi/bfa/bfad_drv.h b/drivers/scsi/bfa/bfad_drv.h
73535 index f9e8620..807a983 100644
73536 --- a/drivers/scsi/bfa/bfad_drv.h
73537 +++ b/drivers/scsi/bfa/bfad_drv.h
73538 @@ -187,8 +187,10 @@ union bfad_tmp_buf {
73539 /*
73540 * BFAD (PCI function) data structure
73541 */
73542 +enum bfad_sm_event;
73543 +
73544 struct bfad_s {
73545 - bfa_sm_t sm; /* state machine */
73546 + void (*sm)(struct bfad_s *, enum bfad_sm_event); /* state machine */
73547 struct list_head list_entry;
73548 struct bfa_s bfa;
73549 struct bfa_fcs_s bfa_fcs;
73550 @@ -309,6 +311,7 @@ void bfad_fcs_stop(struct bfad_s *bfad);
73551 void bfad_remove_intr(struct bfad_s *bfad);
73552 void bfad_hal_mem_release(struct bfad_s *bfad);
73553 void bfad_hcb_comp(void *arg, bfa_status_t status);
73554 +void bfad_stats_comp(void *arg, bfa_boolean_t _status);
73555
73556 int bfad_setup_intr(struct bfad_s *bfad);
73557 void bfad_remove_intr(struct bfad_s *bfad);
73558 diff --git a/drivers/scsi/csiostor/csio_defs.h b/drivers/scsi/csiostor/csio_defs.h
73559 index c38017b..3268e62 100644
73560 --- a/drivers/scsi/csiostor/csio_defs.h
73561 +++ b/drivers/scsi/csiostor/csio_defs.h
73562 @@ -73,7 +73,8 @@ csio_list_deleted(struct list_head *list)
73563 #define csio_list_prev(elem) (((struct list_head *)(elem))->prev)
73564
73565 /* State machine */
73566 -typedef void (*csio_sm_state_t)(void *, uint32_t);
73567 +struct csio_sm;
73568 +typedef void (*csio_sm_state_t)(struct csio_sm *, uint32_t);
73569
73570 struct csio_sm {
73571 struct list_head sm_list;
73572 @@ -81,9 +82,9 @@ struct csio_sm {
73573 };
73574
73575 static inline void
73576 -csio_set_state(void *smp, void *state)
73577 +csio_set_state(struct csio_sm *smp, csio_sm_state_t state)
73578 {
73579 - ((struct csio_sm *)smp)->sm_state = (csio_sm_state_t)state;
73580 + smp->sm_state = state;
73581 }
73582
73583 static inline void
73584 @@ -93,21 +94,21 @@ csio_init_state(struct csio_sm *smp, void *state)
73585 }
73586
73587 static inline void
73588 -csio_post_event(void *smp, uint32_t evt)
73589 +csio_post_event(struct csio_sm *smp, uint32_t evt)
73590 {
73591 - ((struct csio_sm *)smp)->sm_state(smp, evt);
73592 + smp->sm_state(smp, evt);
73593 }
73594
73595 static inline csio_sm_state_t
73596 -csio_get_state(void *smp)
73597 +csio_get_state(struct csio_sm *smp)
73598 {
73599 - return ((struct csio_sm *)smp)->sm_state;
73600 + return smp->sm_state;
73601 }
73602
73603 static inline bool
73604 -csio_match_state(void *smp, void *state)
73605 +csio_match_state(struct csio_sm *smp, csio_sm_state_t state)
73606 {
73607 - return (csio_get_state(smp) == (csio_sm_state_t)state);
73608 + return (csio_get_state(smp) == state);
73609 }
73610
73611 #define CSIO_ASSERT(cond) BUG_ON(!(cond))
73612 diff --git a/drivers/scsi/csiostor/csio_hw.c b/drivers/scsi/csiostor/csio_hw.c
73613 index 622bdab..1a31d41 100644
73614 --- a/drivers/scsi/csiostor/csio_hw.c
73615 +++ b/drivers/scsi/csiostor/csio_hw.c
73616 @@ -89,15 +89,15 @@ static void csio_mgmtm_cleanup(struct csio_mgmtm *);
73617 static void csio_hw_mbm_cleanup(struct csio_hw *);
73618
73619 /* State machine forward declarations */
73620 -static void csio_hws_uninit(struct csio_hw *, enum csio_hw_ev);
73621 -static void csio_hws_configuring(struct csio_hw *, enum csio_hw_ev);
73622 -static void csio_hws_initializing(struct csio_hw *, enum csio_hw_ev);
73623 -static void csio_hws_ready(struct csio_hw *, enum csio_hw_ev);
73624 -static void csio_hws_quiescing(struct csio_hw *, enum csio_hw_ev);
73625 -static void csio_hws_quiesced(struct csio_hw *, enum csio_hw_ev);
73626 -static void csio_hws_resetting(struct csio_hw *, enum csio_hw_ev);
73627 -static void csio_hws_removing(struct csio_hw *, enum csio_hw_ev);
73628 -static void csio_hws_pcierr(struct csio_hw *, enum csio_hw_ev);
73629 +static void csio_hws_uninit(struct csio_sm *, uint32_t);
73630 +static void csio_hws_configuring(struct csio_sm *, uint32_t);
73631 +static void csio_hws_initializing(struct csio_sm *, uint32_t);
73632 +static void csio_hws_ready(struct csio_sm *, uint32_t);
73633 +static void csio_hws_quiescing(struct csio_sm *, uint32_t);
73634 +static void csio_hws_quiesced(struct csio_sm *, uint32_t);
73635 +static void csio_hws_resetting(struct csio_sm *, uint32_t);
73636 +static void csio_hws_removing(struct csio_sm *, uint32_t);
73637 +static void csio_hws_pcierr(struct csio_sm *, uint32_t);
73638
73639 static void csio_hw_initialize(struct csio_hw *hw);
73640 static void csio_evtq_stop(struct csio_hw *hw);
73641 @@ -105,12 +105,12 @@ static void csio_evtq_start(struct csio_hw *hw);
73642
73643 int csio_is_hw_ready(struct csio_hw *hw)
73644 {
73645 - return csio_match_state(hw, csio_hws_ready);
73646 + return csio_match_state(&hw->sm, csio_hws_ready);
73647 }
73648
73649 int csio_is_hw_removing(struct csio_hw *hw)
73650 {
73651 - return csio_match_state(hw, csio_hws_removing);
73652 + return csio_match_state(&hw->sm, csio_hws_removing);
73653 }
73654
73655
73656 @@ -2326,8 +2326,11 @@ csio_hw_fatal_err(struct csio_hw *hw)
73657 *
73658 */
73659 static void
73660 -csio_hws_uninit(struct csio_hw *hw, enum csio_hw_ev evt)
73661 +csio_hws_uninit(struct csio_sm *_hw, uint32_t _evt)
73662 {
73663 + struct csio_hw *hw = container_of(_hw, struct csio_hw, sm);
73664 + enum csio_hw_ev evt = _evt;
73665 +
73666 hw->prev_evt = hw->cur_evt;
73667 hw->cur_evt = evt;
73668 CSIO_INC_STATS(hw, n_evt_sm[evt]);
73669 @@ -2351,8 +2354,11 @@ csio_hws_uninit(struct csio_hw *hw, enum csio_hw_ev evt)
73670 *
73671 */
73672 static void
73673 -csio_hws_configuring(struct csio_hw *hw, enum csio_hw_ev evt)
73674 +csio_hws_configuring(struct csio_sm *_hw, uint32_t _evt)
73675 {
73676 + struct csio_hw *hw = container_of(_hw, struct csio_hw, sm);
73677 + enum csio_hw_ev evt = _evt;
73678 +
73679 hw->prev_evt = hw->cur_evt;
73680 hw->cur_evt = evt;
73681 CSIO_INC_STATS(hw, n_evt_sm[evt]);
73682 @@ -2389,8 +2395,11 @@ csio_hws_configuring(struct csio_hw *hw, enum csio_hw_ev evt)
73683 *
73684 */
73685 static void
73686 -csio_hws_initializing(struct csio_hw *hw, enum csio_hw_ev evt)
73687 +csio_hws_initializing(struct csio_sm *_hw, uint32_t _evt)
73688 {
73689 + struct csio_hw *hw = container_of(_hw, struct csio_hw, sm);
73690 + enum csio_hw_ev evt = _evt;
73691 +
73692 hw->prev_evt = hw->cur_evt;
73693 hw->cur_evt = evt;
73694 CSIO_INC_STATS(hw, n_evt_sm[evt]);
73695 @@ -2427,8 +2436,11 @@ csio_hws_initializing(struct csio_hw *hw, enum csio_hw_ev evt)
73696 *
73697 */
73698 static void
73699 -csio_hws_ready(struct csio_hw *hw, enum csio_hw_ev evt)
73700 +csio_hws_ready(struct csio_sm *_hw, uint32_t _evt)
73701 {
73702 + struct csio_hw *hw = container_of(_hw, struct csio_hw, sm);
73703 + enum csio_hw_ev evt = _evt;
73704 +
73705 /* Remember the event */
73706 hw->evtflag = evt;
73707
73708 @@ -2476,8 +2488,11 @@ csio_hws_ready(struct csio_hw *hw, enum csio_hw_ev evt)
73709 *
73710 */
73711 static void
73712 -csio_hws_quiescing(struct csio_hw *hw, enum csio_hw_ev evt)
73713 +csio_hws_quiescing(struct csio_sm *_hw, uint32_t _evt)
73714 {
73715 + struct csio_hw *hw = container_of(_hw, struct csio_hw, sm);
73716 + enum csio_hw_ev evt = _evt;
73717 +
73718 hw->prev_evt = hw->cur_evt;
73719 hw->cur_evt = evt;
73720 CSIO_INC_STATS(hw, n_evt_sm[evt]);
73721 @@ -2536,8 +2551,11 @@ csio_hws_quiescing(struct csio_hw *hw, enum csio_hw_ev evt)
73722 *
73723 */
73724 static void
73725 -csio_hws_quiesced(struct csio_hw *hw, enum csio_hw_ev evt)
73726 +csio_hws_quiesced(struct csio_sm *_hw, uint32_t _evt)
73727 {
73728 + struct csio_hw *hw = container_of(_hw, struct csio_hw, sm);
73729 + enum csio_hw_ev evt = _evt;
73730 +
73731 hw->prev_evt = hw->cur_evt;
73732 hw->cur_evt = evt;
73733 CSIO_INC_STATS(hw, n_evt_sm[evt]);
73734 @@ -2561,8 +2579,11 @@ csio_hws_quiesced(struct csio_hw *hw, enum csio_hw_ev evt)
73735 *
73736 */
73737 static void
73738 -csio_hws_resetting(struct csio_hw *hw, enum csio_hw_ev evt)
73739 +csio_hws_resetting(struct csio_sm *_hw, uint32_t _evt)
73740 {
73741 + struct csio_hw *hw = container_of(_hw, struct csio_hw, sm);
73742 + enum csio_hw_ev evt = _evt;
73743 +
73744 hw->prev_evt = hw->cur_evt;
73745 hw->cur_evt = evt;
73746 CSIO_INC_STATS(hw, n_evt_sm[evt]);
73747 @@ -2587,8 +2608,11 @@ csio_hws_resetting(struct csio_hw *hw, enum csio_hw_ev evt)
73748 *
73749 */
73750 static void
73751 -csio_hws_removing(struct csio_hw *hw, enum csio_hw_ev evt)
73752 +csio_hws_removing(struct csio_sm *_hw, uint32_t _evt)
73753 {
73754 + struct csio_hw *hw = container_of(_hw, struct csio_hw, sm);
73755 + enum csio_hw_ev evt = _evt;
73756 +
73757 hw->prev_evt = hw->cur_evt;
73758 hw->cur_evt = evt;
73759 CSIO_INC_STATS(hw, n_evt_sm[evt]);
73760 @@ -2622,8 +2646,11 @@ csio_hws_removing(struct csio_hw *hw, enum csio_hw_ev evt)
73761 *
73762 */
73763 static void
73764 -csio_hws_pcierr(struct csio_hw *hw, enum csio_hw_ev evt)
73765 +csio_hws_pcierr(struct csio_sm *_hw, uint32_t _evt)
73766 {
73767 + struct csio_hw *hw = container_of(_hw, struct csio_hw, sm);
73768 + enum csio_hw_ev evt = _evt;
73769 +
73770 hw->prev_evt = hw->cur_evt;
73771 hw->cur_evt = evt;
73772 CSIO_INC_STATS(hw, n_evt_sm[evt]);
73773 diff --git a/drivers/scsi/csiostor/csio_init.c b/drivers/scsi/csiostor/csio_init.c
73774 index dbe416f..25a9a5b 100644
73775 --- a/drivers/scsi/csiostor/csio_init.c
73776 +++ b/drivers/scsi/csiostor/csio_init.c
73777 @@ -1053,7 +1053,7 @@ static void csio_remove_one(struct pci_dev *pdev)
73778 *
73779 */
73780 static pci_ers_result_t
73781 -csio_pci_error_detected(struct pci_dev *pdev, pci_channel_state_t state)
73782 +csio_pci_error_detected(struct pci_dev *pdev, enum pci_channel_state state)
73783 {
73784 struct csio_hw *hw = pci_get_drvdata(pdev);
73785
73786 diff --git a/drivers/scsi/csiostor/csio_lnode.c b/drivers/scsi/csiostor/csio_lnode.c
73787 index c00b2ff..da72dbc 100644
73788 --- a/drivers/scsi/csiostor/csio_lnode.c
73789 +++ b/drivers/scsi/csiostor/csio_lnode.c
73790 @@ -55,10 +55,10 @@ int csio_fdmi_enable = 1;
73791 #define PORT_ID_PTR(_x) ((uint8_t *)(&_x) + 1)
73792
73793 /* Lnode SM declarations */
73794 -static void csio_lns_uninit(struct csio_lnode *, enum csio_ln_ev);
73795 -static void csio_lns_online(struct csio_lnode *, enum csio_ln_ev);
73796 -static void csio_lns_ready(struct csio_lnode *, enum csio_ln_ev);
73797 -static void csio_lns_offline(struct csio_lnode *, enum csio_ln_ev);
73798 +static void csio_lns_uninit(struct csio_sm *, uint32_t);
73799 +static void csio_lns_online(struct csio_sm *, uint32_t);
73800 +static void csio_lns_ready(struct csio_sm *, uint32_t);
73801 +static void csio_lns_offline(struct csio_sm *, uint32_t);
73802
73803 static int csio_ln_mgmt_submit_req(struct csio_ioreq *,
73804 void (*io_cbfn) (struct csio_hw *, struct csio_ioreq *),
73805 @@ -1077,7 +1077,7 @@ csio_handle_link_down(struct csio_hw *hw, uint8_t portid, uint32_t fcfi,
73806 int
73807 csio_is_lnode_ready(struct csio_lnode *ln)
73808 {
73809 - return (csio_get_state(ln) == ((csio_sm_state_t)csio_lns_ready));
73810 + return (csio_get_state(&ln->sm) == csio_lns_ready);
73811 }
73812
73813 /*****************************************************************************/
73814 @@ -1093,8 +1093,10 @@ csio_is_lnode_ready(struct csio_lnode *ln)
73815 * Return - none.
73816 */
73817 static void
73818 -csio_lns_uninit(struct csio_lnode *ln, enum csio_ln_ev evt)
73819 +csio_lns_uninit(struct csio_sm *_ln, uint32_t _evt)
73820 {
73821 + struct csio_lnode *ln = container_of(_ln, struct csio_lnode, sm);
73822 + enum csio_ln_ev evt = _evt;
73823 struct csio_hw *hw = csio_lnode_to_hw(ln);
73824 struct csio_lnode *rln = hw->rln;
73825 int rv;
73826 @@ -1146,8 +1148,10 @@ csio_lns_uninit(struct csio_lnode *ln, enum csio_ln_ev evt)
73827 * Return - none.
73828 */
73829 static void
73830 -csio_lns_online(struct csio_lnode *ln, enum csio_ln_ev evt)
73831 +csio_lns_online(struct csio_sm *_ln, uint32_t _evt)
73832 {
73833 + struct csio_lnode *ln = container_of(_ln, struct csio_lnode, sm);
73834 + enum csio_ln_ev evt = _evt;
73835 struct csio_hw *hw = csio_lnode_to_hw(ln);
73836
73837 CSIO_INC_STATS(ln, n_evt_sm[evt]);
73838 @@ -1198,8 +1202,10 @@ csio_lns_online(struct csio_lnode *ln, enum csio_ln_ev evt)
73839 * Return - none.
73840 */
73841 static void
73842 -csio_lns_ready(struct csio_lnode *ln, enum csio_ln_ev evt)
73843 +csio_lns_ready(struct csio_sm *_ln, uint32_t _evt)
73844 {
73845 + struct csio_lnode *ln = container_of(_ln, struct csio_lnode, sm);
73846 + enum csio_ln_ev evt = _evt;
73847 struct csio_hw *hw = csio_lnode_to_hw(ln);
73848
73849 CSIO_INC_STATS(ln, n_evt_sm[evt]);
73850 @@ -1272,8 +1278,10 @@ csio_lns_ready(struct csio_lnode *ln, enum csio_ln_ev evt)
73851 * Return - none.
73852 */
73853 static void
73854 -csio_lns_offline(struct csio_lnode *ln, enum csio_ln_ev evt)
73855 +csio_lns_offline(struct csio_sm *_ln, uint32_t _evt)
73856 {
73857 + struct csio_lnode *ln = container_of(_ln, struct csio_lnode, sm);
73858 + enum csio_ln_ev evt = _evt;
73859 struct csio_hw *hw = csio_lnode_to_hw(ln);
73860 struct csio_lnode *rln = hw->rln;
73861 int rv;
73862 @@ -1349,15 +1357,15 @@ csio_free_fcfinfo(struct kref *kref)
73863 void
73864 csio_lnode_state_to_str(struct csio_lnode *ln, int8_t *str)
73865 {
73866 - if (csio_get_state(ln) == ((csio_sm_state_t)csio_lns_uninit)) {
73867 + if (csio_get_state(&ln->sm) == csio_lns_uninit) {
73868 strcpy(str, "UNINIT");
73869 return;
73870 }
73871 - if (csio_get_state(ln) == ((csio_sm_state_t)csio_lns_ready)) {
73872 + if (csio_get_state(&ln->sm) == csio_lns_ready) {
73873 strcpy(str, "READY");
73874 return;
73875 }
73876 - if (csio_get_state(ln) == ((csio_sm_state_t)csio_lns_offline)) {
73877 + if (csio_get_state(&ln->sm) == csio_lns_offline) {
73878 strcpy(str, "OFFLINE");
73879 return;
73880 }
73881 diff --git a/drivers/scsi/csiostor/csio_rnode.c b/drivers/scsi/csiostor/csio_rnode.c
73882 index e9c3b04..4ba3a59 100644
73883 --- a/drivers/scsi/csiostor/csio_rnode.c
73884 +++ b/drivers/scsi/csiostor/csio_rnode.c
73885 @@ -46,10 +46,10 @@ static int csio_rnode_init(struct csio_rnode *, struct csio_lnode *);
73886 static void csio_rnode_exit(struct csio_rnode *);
73887
73888 /* Static machine forward declarations */
73889 -static void csio_rns_uninit(struct csio_rnode *, enum csio_rn_ev);
73890 -static void csio_rns_ready(struct csio_rnode *, enum csio_rn_ev);
73891 -static void csio_rns_offline(struct csio_rnode *, enum csio_rn_ev);
73892 -static void csio_rns_disappeared(struct csio_rnode *, enum csio_rn_ev);
73893 +static void csio_rns_uninit(struct csio_sm *, uint32_t);
73894 +static void csio_rns_ready(struct csio_sm *, uint32_t);
73895 +static void csio_rns_offline(struct csio_sm *, uint32_t);
73896 +static void csio_rns_disappeared(struct csio_sm *, uint32_t);
73897
73898 /* RNF event mapping */
73899 static enum csio_rn_ev fwevt_to_rnevt[] = {
73900 @@ -88,13 +88,13 @@ static enum csio_rn_ev fwevt_to_rnevt[] = {
73901 int
73902 csio_is_rnode_ready(struct csio_rnode *rn)
73903 {
73904 - return csio_match_state(rn, csio_rns_ready);
73905 + return csio_match_state(&rn->sm, csio_rns_ready);
73906 }
73907
73908 static int
73909 csio_is_rnode_uninit(struct csio_rnode *rn)
73910 {
73911 - return csio_match_state(rn, csio_rns_uninit);
73912 + return csio_match_state(&rn->sm, csio_rns_uninit);
73913 }
73914
73915 static int
73916 @@ -601,8 +601,10 @@ __csio_unreg_rnode(struct csio_rnode *rn)
73917 *
73918 */
73919 static void
73920 -csio_rns_uninit(struct csio_rnode *rn, enum csio_rn_ev evt)
73921 +csio_rns_uninit(struct csio_sm *_rn, uint32_t _evt)
73922 {
73923 + struct csio_rnode *rn = container_of(_rn, struct csio_rnode, sm);
73924 + enum csio_rn_ev evt = _evt;
73925 struct csio_lnode *ln = csio_rnode_to_lnode(rn);
73926 int ret = 0;
73927
73928 @@ -641,8 +643,10 @@ csio_rns_uninit(struct csio_rnode *rn, enum csio_rn_ev evt)
73929 *
73930 */
73931 static void
73932 -csio_rns_ready(struct csio_rnode *rn, enum csio_rn_ev evt)
73933 +csio_rns_ready(struct csio_sm *_rn, uint32_t _evt)
73934 {
73935 + struct csio_rnode *rn = container_of(_rn, struct csio_rnode, sm);
73936 + enum csio_rn_ev evt = _evt;
73937 struct csio_lnode *ln = csio_rnode_to_lnode(rn);
73938 int ret = 0;
73939
73940 @@ -726,8 +730,10 @@ csio_rns_ready(struct csio_rnode *rn, enum csio_rn_ev evt)
73941 *
73942 */
73943 static void
73944 -csio_rns_offline(struct csio_rnode *rn, enum csio_rn_ev evt)
73945 +csio_rns_offline(struct csio_sm *_rn, uint32_t _evt)
73946 {
73947 + struct csio_rnode *rn = container_of(_rn, struct csio_rnode, sm);
73948 + enum csio_rn_ev evt = _evt;
73949 struct csio_lnode *ln = csio_rnode_to_lnode(rn);
73950 int ret = 0;
73951
73952 @@ -785,8 +791,10 @@ csio_rns_offline(struct csio_rnode *rn, enum csio_rn_ev evt)
73953 *
73954 */
73955 static void
73956 -csio_rns_disappeared(struct csio_rnode *rn, enum csio_rn_ev evt)
73957 +csio_rns_disappeared(struct csio_sm *_rn, uint32_t _evt)
73958 {
73959 + struct csio_rnode *rn = container_of(_rn, struct csio_rnode, sm);
73960 + enum csio_rn_ev evt = _evt;
73961 struct csio_lnode *ln = csio_rnode_to_lnode(rn);
73962 int ret = 0;
73963
73964 diff --git a/drivers/scsi/csiostor/csio_scsi.c b/drivers/scsi/csiostor/csio_scsi.c
73965 index c2a6f9f..5a37cc4 100644
73966 --- a/drivers/scsi/csiostor/csio_scsi.c
73967 +++ b/drivers/scsi/csiostor/csio_scsi.c
73968 @@ -65,12 +65,12 @@ static int csio_ddp_descs = 128;
73969 static int csio_do_abrt_cls(struct csio_hw *,
73970 struct csio_ioreq *, bool);
73971
73972 -static void csio_scsis_uninit(struct csio_ioreq *, enum csio_scsi_ev);
73973 -static void csio_scsis_io_active(struct csio_ioreq *, enum csio_scsi_ev);
73974 -static void csio_scsis_tm_active(struct csio_ioreq *, enum csio_scsi_ev);
73975 -static void csio_scsis_aborting(struct csio_ioreq *, enum csio_scsi_ev);
73976 -static void csio_scsis_closing(struct csio_ioreq *, enum csio_scsi_ev);
73977 -static void csio_scsis_shost_cmpl_await(struct csio_ioreq *, enum csio_scsi_ev);
73978 +static void csio_scsis_uninit(struct csio_sm *, uint32_t);
73979 +static void csio_scsis_io_active(struct csio_sm *, uint32_t);
73980 +static void csio_scsis_tm_active(struct csio_sm *, uint32_t);
73981 +static void csio_scsis_aborting(struct csio_sm *, uint32_t);
73982 +static void csio_scsis_closing(struct csio_sm *, uint32_t);
73983 +static void csio_scsis_shost_cmpl_await(struct csio_sm *, uint32_t);
73984
73985 /*
73986 * csio_scsi_match_io - Match an ioreq with the given SCSI level data.
73987 @@ -700,8 +700,10 @@ csio_scsi_abrt_cls(struct csio_ioreq *req, bool abort)
73988 /* START: SCSI SM */
73989 /*****************************************************************************/
73990 static void
73991 -csio_scsis_uninit(struct csio_ioreq *req, enum csio_scsi_ev evt)
73992 +csio_scsis_uninit(struct csio_sm *_req, uint32_t _evt)
73993 {
73994 + struct csio_ioreq *req = container_of(_req, struct csio_ioreq, sm);
73995 + enum csio_scsi_ev evt = _evt;
73996 struct csio_hw *hw = req->lnode->hwp;
73997 struct csio_scsim *scsim = csio_hw_to_scsim(hw);
73998
73999 @@ -770,8 +772,10 @@ csio_scsis_uninit(struct csio_ioreq *req, enum csio_scsi_ev evt)
74000 }
74001
74002 static void
74003 -csio_scsis_io_active(struct csio_ioreq *req, enum csio_scsi_ev evt)
74004 +csio_scsis_io_active(struct csio_sm *_req, uint32_t _evt)
74005 {
74006 + struct csio_ioreq *req = container_of(_req, struct csio_ioreq, sm);
74007 + enum csio_scsi_ev evt = _evt;
74008 struct csio_hw *hw = req->lnode->hwp;
74009 struct csio_scsim *scm = csio_hw_to_scsim(hw);
74010 struct csio_rnode *rn;
74011 @@ -842,8 +846,10 @@ csio_scsis_io_active(struct csio_ioreq *req, enum csio_scsi_ev evt)
74012 }
74013
74014 static void
74015 -csio_scsis_tm_active(struct csio_ioreq *req, enum csio_scsi_ev evt)
74016 +csio_scsis_tm_active(struct csio_sm *_req, uint32_t _evt)
74017 {
74018 + struct csio_ioreq *req = container_of(_req, struct csio_ioreq, sm);
74019 + enum csio_scsi_ev evt = _evt;
74020 struct csio_hw *hw = req->lnode->hwp;
74021 struct csio_scsim *scm = csio_hw_to_scsim(hw);
74022
74023 @@ -885,8 +891,10 @@ csio_scsis_tm_active(struct csio_ioreq *req, enum csio_scsi_ev evt)
74024 }
74025
74026 static void
74027 -csio_scsis_aborting(struct csio_ioreq *req, enum csio_scsi_ev evt)
74028 +csio_scsis_aborting(struct csio_sm *_req, uint32_t _evt)
74029 {
74030 + struct csio_ioreq *req = container_of(_req, struct csio_ioreq, sm);
74031 + enum csio_scsi_ev evt = _evt;
74032 struct csio_hw *hw = req->lnode->hwp;
74033 struct csio_scsim *scm = csio_hw_to_scsim(hw);
74034
74035 @@ -982,8 +990,10 @@ csio_scsis_aborting(struct csio_ioreq *req, enum csio_scsi_ev evt)
74036 }
74037
74038 static void
74039 -csio_scsis_closing(struct csio_ioreq *req, enum csio_scsi_ev evt)
74040 +csio_scsis_closing(struct csio_sm *_req, uint32_t _evt)
74041 {
74042 + struct csio_ioreq *req = container_of(_req, struct csio_ioreq, sm);
74043 + enum csio_scsi_ev evt = _evt;
74044 struct csio_hw *hw = req->lnode->hwp;
74045 struct csio_scsim *scm = csio_hw_to_scsim(hw);
74046
74047 @@ -1046,8 +1056,11 @@ csio_scsis_closing(struct csio_ioreq *req, enum csio_scsi_ev evt)
74048 }
74049
74050 static void
74051 -csio_scsis_shost_cmpl_await(struct csio_ioreq *req, enum csio_scsi_ev evt)
74052 +csio_scsis_shost_cmpl_await(struct csio_sm *_req, uint32_t _evt)
74053 {
74054 + struct csio_ioreq *req = container_of(_req, struct csio_ioreq, sm);
74055 + enum csio_scsi_ev evt = _evt;
74056 +
74057 switch (evt) {
74058 case CSIO_SCSIE_ABORT:
74059 case CSIO_SCSIE_CLOSE:
74060 diff --git a/drivers/scsi/esas2r/esas2r_init.c b/drivers/scsi/esas2r/esas2r_init.c
74061 index 78ce4d61..b3f6ff60b 100644
74062 --- a/drivers/scsi/esas2r/esas2r_init.c
74063 +++ b/drivers/scsi/esas2r/esas2r_init.c
74064 @@ -237,7 +237,7 @@ static void esas2r_claim_interrupts(struct esas2r_adapter *a)
74065 flags |= IRQF_SHARED;
74066
74067 esas2r_log(ESAS2R_LOG_INFO,
74068 - "esas2r_claim_interrupts irq=%d (%p, %s, %x)",
74069 + "esas2r_claim_interrupts irq=%d (%p, %s, %lx)",
74070 a->pcid->irq, a, a->name, flags);
74071
74072 if (request_irq(a->pcid->irq,
74073 diff --git a/drivers/scsi/esas2r/esas2r_ioctl.c b/drivers/scsi/esas2r/esas2r_ioctl.c
74074 index 3e84834..34976f9 100644
74075 --- a/drivers/scsi/esas2r/esas2r_ioctl.c
74076 +++ b/drivers/scsi/esas2r/esas2r_ioctl.c
74077 @@ -1301,7 +1301,7 @@ int esas2r_ioctl_handler(void *hostdata, int cmd, void __user *arg)
74078 ioctl = kzalloc(sizeof(struct atto_express_ioctl), GFP_KERNEL);
74079 if (ioctl == NULL) {
74080 esas2r_log(ESAS2R_LOG_WARN,
74081 - "ioctl_handler kzalloc failed for %d bytes",
74082 + "ioctl_handler kzalloc failed for %lu bytes",
74083 sizeof(struct atto_express_ioctl));
74084 return -ENOMEM;
74085 }
74086 diff --git a/drivers/scsi/esas2r/esas2r_log.h b/drivers/scsi/esas2r/esas2r_log.h
74087 index 7b6397b..75b9d23 100644
74088 --- a/drivers/scsi/esas2r/esas2r_log.h
74089 +++ b/drivers/scsi/esas2r/esas2r_log.h
74090 @@ -61,8 +61,8 @@ enum {
74091 #endif
74092 };
74093
74094 -int esas2r_log(const long level, const char *format, ...);
74095 -int esas2r_log_dev(const long level,
74096 +__printf(2, 3) int esas2r_log(const long level, const char *format, ...);
74097 +__printf(3, 4) int esas2r_log_dev(const long level,
74098 const struct device *dev,
74099 const char *format,
74100 ...);
74101 diff --git a/drivers/scsi/esas2r/esas2r_main.c b/drivers/scsi/esas2r/esas2r_main.c
74102 index 2aca4d1..cdee863 100644
74103 --- a/drivers/scsi/esas2r/esas2r_main.c
74104 +++ b/drivers/scsi/esas2r/esas2r_main.c
74105 @@ -198,7 +198,7 @@ static ssize_t write_hw(struct file *file, struct kobject *kobj,
74106 GFP_KERNEL);
74107 if (a->local_atto_ioctl == NULL) {
74108 esas2r_log(ESAS2R_LOG_WARN,
74109 - "write_hw kzalloc failed for %d bytes",
74110 + "write_hw kzalloc failed for %lu bytes",
74111 sizeof(struct atto_ioctl));
74112 return -ENOMEM;
74113 }
74114 @@ -1186,7 +1186,7 @@ retry:
74115 } else {
74116 esas2r_log(ESAS2R_LOG_CRIT,
74117 "unable to allocate a request for a "
74118 - "device reset (%d:%d)!",
74119 + "device reset (%d:%llu)!",
74120 cmd->device->id,
74121 cmd->device->lun);
74122 }
74123 diff --git a/drivers/scsi/fcoe/fcoe_sysfs.c b/drivers/scsi/fcoe/fcoe_sysfs.c
74124 index 0675fd1..bbebe90 100644
74125 --- a/drivers/scsi/fcoe/fcoe_sysfs.c
74126 +++ b/drivers/scsi/fcoe/fcoe_sysfs.c
74127 @@ -33,8 +33,8 @@
74128 */
74129 #include "libfcoe.h"
74130
74131 -static atomic_t ctlr_num;
74132 -static atomic_t fcf_num;
74133 +static atomic_unchecked_t ctlr_num;
74134 +static atomic_unchecked_t fcf_num;
74135
74136 /*
74137 * fcoe_fcf_dev_loss_tmo: the default number of seconds that fcoe sysfs
74138 @@ -724,7 +724,7 @@ struct fcoe_ctlr_device *fcoe_ctlr_device_add(struct device *parent,
74139 if (!ctlr)
74140 goto out;
74141
74142 - ctlr->id = atomic_inc_return(&ctlr_num) - 1;
74143 + ctlr->id = atomic_inc_return_unchecked(&ctlr_num) - 1;
74144 ctlr->f = f;
74145 ctlr->mode = FIP_CONN_TYPE_FABRIC;
74146 INIT_LIST_HEAD(&ctlr->fcfs);
74147 @@ -941,7 +941,7 @@ struct fcoe_fcf_device *fcoe_fcf_device_add(struct fcoe_ctlr_device *ctlr,
74148 fcf->dev.parent = &ctlr->dev;
74149 fcf->dev.bus = &fcoe_bus_type;
74150 fcf->dev.type = &fcoe_fcf_device_type;
74151 - fcf->id = atomic_inc_return(&fcf_num) - 1;
74152 + fcf->id = atomic_inc_return_unchecked(&fcf_num) - 1;
74153 fcf->state = FCOE_FCF_STATE_UNKNOWN;
74154
74155 fcf->dev_loss_tmo = ctlr->fcf_dev_loss_tmo;
74156 @@ -977,8 +977,8 @@ int __init fcoe_sysfs_setup(void)
74157 {
74158 int error;
74159
74160 - atomic_set(&ctlr_num, 0);
74161 - atomic_set(&fcf_num, 0);
74162 + atomic_set_unchecked(&ctlr_num, 0);
74163 + atomic_set_unchecked(&fcf_num, 0);
74164
74165 error = bus_register(&fcoe_bus_type);
74166 if (error)
74167 diff --git a/drivers/scsi/fcoe/fcoe_transport.c b/drivers/scsi/fcoe/fcoe_transport.c
74168 index 7028dd3..7392dc6 100644
74169 --- a/drivers/scsi/fcoe/fcoe_transport.c
74170 +++ b/drivers/scsi/fcoe/fcoe_transport.c
74171 @@ -32,13 +32,13 @@ MODULE_AUTHOR("Open-FCoE.org");
74172 MODULE_DESCRIPTION("FIP discovery protocol and FCoE transport for FCoE HBAs");
74173 MODULE_LICENSE("GPL v2");
74174
74175 -static int fcoe_transport_create(const char *, struct kernel_param *);
74176 -static int fcoe_transport_destroy(const char *, struct kernel_param *);
74177 +static int fcoe_transport_create(const char *, const struct kernel_param *);
74178 +static int fcoe_transport_destroy(const char *, const struct kernel_param *);
74179 static int fcoe_transport_show(char *buffer, const struct kernel_param *kp);
74180 static struct fcoe_transport *fcoe_transport_lookup(struct net_device *device);
74181 static struct fcoe_transport *fcoe_netdev_map_lookup(struct net_device *device);
74182 -static int fcoe_transport_enable(const char *, struct kernel_param *);
74183 -static int fcoe_transport_disable(const char *, struct kernel_param *);
74184 +static int fcoe_transport_enable(const char *, const struct kernel_param *);
74185 +static int fcoe_transport_disable(const char *, const struct kernel_param *);
74186 static int libfcoe_device_notification(struct notifier_block *notifier,
74187 ulong event, void *ptr);
74188
74189 @@ -846,7 +846,7 @@ EXPORT_SYMBOL(fcoe_ctlr_destroy_store);
74190 *
74191 * Returns: 0 for success
74192 */
74193 -static int fcoe_transport_create(const char *buffer, struct kernel_param *kp)
74194 +static int fcoe_transport_create(const char *buffer, const struct kernel_param *kp)
74195 {
74196 int rc = -ENODEV;
74197 struct net_device *netdev = NULL;
74198 @@ -911,7 +911,7 @@ out_nodev:
74199 *
74200 * Returns: 0 for success
74201 */
74202 -static int fcoe_transport_destroy(const char *buffer, struct kernel_param *kp)
74203 +static int fcoe_transport_destroy(const char *buffer, const struct kernel_param *kp)
74204 {
74205 int rc = -ENODEV;
74206 struct net_device *netdev = NULL;
74207 @@ -955,7 +955,7 @@ out_nodev:
74208 *
74209 * Returns: 0 for success
74210 */
74211 -static int fcoe_transport_disable(const char *buffer, struct kernel_param *kp)
74212 +static int fcoe_transport_disable(const char *buffer, const struct kernel_param *kp)
74213 {
74214 int rc = -ENODEV;
74215 struct net_device *netdev = NULL;
74216 @@ -989,7 +989,7 @@ out_nodev:
74217 *
74218 * Returns: 0 for success
74219 */
74220 -static int fcoe_transport_enable(const char *buffer, struct kernel_param *kp)
74221 +static int fcoe_transport_enable(const char *buffer, const struct kernel_param *kp)
74222 {
74223 int rc = -ENODEV;
74224 struct net_device *netdev = NULL;
74225 diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
74226 index 030d002..cbf90d1 100644
74227 --- a/drivers/scsi/hpsa.c
74228 +++ b/drivers/scsi/hpsa.c
74229 @@ -942,10 +942,10 @@ static inline u32 next_command(struct ctlr_info *h, u8 q)
74230 struct reply_queue_buffer *rq = &h->reply_queue[q];
74231
74232 if (h->transMethod & CFGTBL_Trans_io_accel1)
74233 - return h->access.command_completed(h, q);
74234 + return h->access->command_completed(h, q);
74235
74236 if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant)))
74237 - return h->access.command_completed(h, q);
74238 + return h->access->command_completed(h, q);
74239
74240 if ((rq->head[rq->current_entry] & 1) == rq->wraparound) {
74241 a = rq->head[rq->current_entry];
74242 @@ -1127,7 +1127,7 @@ static void __enqueue_cmd_and_start_io(struct ctlr_info *h,
74243 break;
74244 default:
74245 set_performant_mode(h, c, reply_queue);
74246 - h->access.submit_command(h, c);
74247 + h->access->submit_command(h, c);
74248 }
74249 }
74250
74251 @@ -7020,17 +7020,17 @@ static void __iomem *remap_pci_mem(ulong base, ulong size)
74252
74253 static inline unsigned long get_next_completion(struct ctlr_info *h, u8 q)
74254 {
74255 - return h->access.command_completed(h, q);
74256 + return h->access->command_completed(h, q);
74257 }
74258
74259 static inline bool interrupt_pending(struct ctlr_info *h)
74260 {
74261 - return h->access.intr_pending(h);
74262 + return h->access->intr_pending(h);
74263 }
74264
74265 static inline long interrupt_not_for_us(struct ctlr_info *h)
74266 {
74267 - return (h->access.intr_pending(h) == 0) ||
74268 + return (h->access->intr_pending(h) == 0) ||
74269 (h->interrupts_enabled == 0);
74270 }
74271
74272 @@ -7958,7 +7958,7 @@ static int hpsa_pci_init(struct ctlr_info *h)
74273 if (prod_index < 0)
74274 return prod_index;
74275 h->product_name = products[prod_index].product_name;
74276 - h->access = *(products[prod_index].access);
74277 + h->access = products[prod_index].access;
74278
74279 h->needs_abort_tags_swizzled =
74280 ctlr_needs_abort_tags_swizzled(h->board_id);
74281 @@ -8357,7 +8357,7 @@ static void controller_lockup_detected(struct ctlr_info *h)
74282 unsigned long flags;
74283 u32 lockup_detected;
74284
74285 - h->access.set_intr_mask(h, HPSA_INTR_OFF);
74286 + h->access->set_intr_mask(h, HPSA_INTR_OFF);
74287 spin_lock_irqsave(&h->lock, flags);
74288 lockup_detected = readl(h->vaddr + SA5_SCRATCHPAD_OFFSET);
74289 if (!lockup_detected) {
74290 @@ -8695,7 +8695,7 @@ reinit_after_soft_reset:
74291 }
74292
74293 /* make sure the board interrupts are off */
74294 - h->access.set_intr_mask(h, HPSA_INTR_OFF);
74295 + h->access->set_intr_mask(h, HPSA_INTR_OFF);
74296
74297 rc = hpsa_request_irqs(h, do_hpsa_intr_msi, do_hpsa_intr_intx);
74298 if (rc)
74299 @@ -8748,7 +8748,7 @@ reinit_after_soft_reset:
74300 * fake ones to scoop up any residual completions.
74301 */
74302 spin_lock_irqsave(&h->lock, flags);
74303 - h->access.set_intr_mask(h, HPSA_INTR_OFF);
74304 + h->access->set_intr_mask(h, HPSA_INTR_OFF);
74305 spin_unlock_irqrestore(&h->lock, flags);
74306 hpsa_free_irqs(h);
74307 rc = hpsa_request_irqs(h, hpsa_msix_discard_completions,
74308 @@ -8778,9 +8778,9 @@ reinit_after_soft_reset:
74309 dev_info(&h->pdev->dev, "Board READY.\n");
74310 dev_info(&h->pdev->dev,
74311 "Waiting for stale completions to drain.\n");
74312 - h->access.set_intr_mask(h, HPSA_INTR_ON);
74313 + h->access->set_intr_mask(h, HPSA_INTR_ON);
74314 msleep(10000);
74315 - h->access.set_intr_mask(h, HPSA_INTR_OFF);
74316 + h->access->set_intr_mask(h, HPSA_INTR_OFF);
74317
74318 rc = controller_reset_failed(h->cfgtable);
74319 if (rc)
74320 @@ -8807,7 +8807,7 @@ reinit_after_soft_reset:
74321
74322
74323 /* Turn the interrupts on so we can service requests */
74324 - h->access.set_intr_mask(h, HPSA_INTR_ON);
74325 + h->access->set_intr_mask(h, HPSA_INTR_ON);
74326
74327 hpsa_hba_inquiry(h);
74328
74329 @@ -8833,7 +8833,7 @@ reinit_after_soft_reset:
74330
74331 clean7: /* perf, sg, cmd, irq, shost, pci, lu, aer/h */
74332 hpsa_free_performant_mode(h);
74333 - h->access.set_intr_mask(h, HPSA_INTR_OFF);
74334 + h->access->set_intr_mask(h, HPSA_INTR_OFF);
74335 clean6: /* sg, cmd, irq, pci, lockup, wq/aer/h */
74336 hpsa_free_sg_chain_blocks(h);
74337 clean5: /* cmd, irq, shost, pci, lu, aer/h */
74338 @@ -8968,7 +8968,7 @@ static void hpsa_shutdown(struct pci_dev *pdev)
74339 * To write all data in the battery backed cache to disks
74340 */
74341 hpsa_flush_cache(h);
74342 - h->access.set_intr_mask(h, HPSA_INTR_OFF);
74343 + h->access->set_intr_mask(h, HPSA_INTR_OFF);
74344 hpsa_free_irqs(h); /* init_one 4 */
74345 hpsa_disable_interrupt_mode(h); /* pci_init 2 */
74346 }
74347 @@ -9110,7 +9110,7 @@ static int hpsa_enter_performant_mode(struct ctlr_info *h, u32 trans_support)
74348 CFGTBL_Trans_enable_directed_msix |
74349 (trans_support & (CFGTBL_Trans_io_accel1 |
74350 CFGTBL_Trans_io_accel2));
74351 - struct access_method access = SA5_performant_access;
74352 + struct access_method *access = &SA5_performant_access;
74353
74354 /* This is a bit complicated. There are 8 registers on
74355 * the controller which we write to to tell it 8 different
74356 @@ -9152,7 +9152,7 @@ static int hpsa_enter_performant_mode(struct ctlr_info *h, u32 trans_support)
74357 * perform the superfluous readl() after each command submission.
74358 */
74359 if (trans_support & (CFGTBL_Trans_io_accel1 | CFGTBL_Trans_io_accel2))
74360 - access = SA5_performant_access_no_read;
74361 + access = &SA5_performant_access_no_read;
74362
74363 /* Controller spec: zero out this buffer. */
74364 for (i = 0; i < h->nreply_queues; i++)
74365 @@ -9182,12 +9182,12 @@ static int hpsa_enter_performant_mode(struct ctlr_info *h, u32 trans_support)
74366 * enable outbound interrupt coalescing in accelerator mode;
74367 */
74368 if (trans_support & CFGTBL_Trans_io_accel1) {
74369 - access = SA5_ioaccel_mode1_access;
74370 + access = &SA5_ioaccel_mode1_access;
74371 writel(10, &h->cfgtable->HostWrite.CoalIntDelay);
74372 writel(4, &h->cfgtable->HostWrite.CoalIntCount);
74373 } else {
74374 if (trans_support & CFGTBL_Trans_io_accel2) {
74375 - access = SA5_ioaccel_mode2_access;
74376 + access = &SA5_ioaccel_mode2_access;
74377 writel(10, &h->cfgtable->HostWrite.CoalIntDelay);
74378 writel(4, &h->cfgtable->HostWrite.CoalIntCount);
74379 }
74380 diff --git a/drivers/scsi/hpsa.h b/drivers/scsi/hpsa.h
74381 index a1487e6..53a2c5d 100644
74382 --- a/drivers/scsi/hpsa.h
74383 +++ b/drivers/scsi/hpsa.h
74384 @@ -179,7 +179,7 @@ struct ctlr_info {
74385 unsigned int msix_vector;
74386 unsigned int msi_vector;
74387 int intr_mode; /* either PERF_MODE_INT or SIMPLE_MODE_INT */
74388 - struct access_method access;
74389 + struct access_method *access;
74390
74391 /* queue and queue Info */
74392 unsigned int Qdepth;
74393 @@ -579,38 +579,38 @@ static unsigned long SA5_ioaccel_mode1_completed(struct ctlr_info *h, u8 q)
74394 }
74395
74396 static struct access_method SA5_access = {
74397 - SA5_submit_command,
74398 - SA5_intr_mask,
74399 - SA5_intr_pending,
74400 - SA5_completed,
74401 + .submit_command = SA5_submit_command,
74402 + .set_intr_mask = SA5_intr_mask,
74403 + .intr_pending = SA5_intr_pending,
74404 + .command_completed = SA5_completed,
74405 };
74406
74407 static struct access_method SA5_ioaccel_mode1_access = {
74408 - SA5_submit_command,
74409 - SA5_performant_intr_mask,
74410 - SA5_ioaccel_mode1_intr_pending,
74411 - SA5_ioaccel_mode1_completed,
74412 + .submit_command = SA5_submit_command,
74413 + .set_intr_mask = SA5_performant_intr_mask,
74414 + .intr_pending = SA5_ioaccel_mode1_intr_pending,
74415 + .command_completed = SA5_ioaccel_mode1_completed,
74416 };
74417
74418 static struct access_method SA5_ioaccel_mode2_access = {
74419 - SA5_submit_command_ioaccel2,
74420 - SA5_performant_intr_mask,
74421 - SA5_performant_intr_pending,
74422 - SA5_performant_completed,
74423 + .submit_command = SA5_submit_command_ioaccel2,
74424 + .set_intr_mask = SA5_performant_intr_mask,
74425 + .intr_pending = SA5_performant_intr_pending,
74426 + .command_completed = SA5_performant_completed,
74427 };
74428
74429 static struct access_method SA5_performant_access = {
74430 - SA5_submit_command,
74431 - SA5_performant_intr_mask,
74432 - SA5_performant_intr_pending,
74433 - SA5_performant_completed,
74434 + .submit_command = SA5_submit_command,
74435 + .set_intr_mask = SA5_performant_intr_mask,
74436 + .intr_pending = SA5_performant_intr_pending,
74437 + .command_completed = SA5_performant_completed,
74438 };
74439
74440 static struct access_method SA5_performant_access_no_read = {
74441 - SA5_submit_command_no_read,
74442 - SA5_performant_intr_mask,
74443 - SA5_performant_intr_pending,
74444 - SA5_performant_completed,
74445 + .submit_command = SA5_submit_command_no_read,
74446 + .set_intr_mask = SA5_performant_intr_mask,
74447 + .intr_pending = SA5_performant_intr_pending,
74448 + .command_completed = SA5_performant_completed,
74449 };
74450
74451 struct board_type {
74452 diff --git a/drivers/scsi/hptiop.c b/drivers/scsi/hptiop.c
74453 index a83f705..b40c5e6 100644
74454 --- a/drivers/scsi/hptiop.c
74455 +++ b/drivers/scsi/hptiop.c
74456 @@ -1082,7 +1082,6 @@ static const char *hptiop_info(struct Scsi_Host *host)
74457 static int hptiop_reset_hba(struct hptiop_hba *hba)
74458 {
74459 if (atomic_xchg(&hba->resetting, 1) == 0) {
74460 - atomic_inc(&hba->reset_count);
74461 hba->ops->post_msg(hba, IOPMU_INBOUND_MSG0_RESET);
74462 }
74463
74464 @@ -1340,7 +1339,6 @@ static int hptiop_probe(struct pci_dev *pcidev, const struct pci_device_id *id)
74465 hba->iopintf_v2 = 0;
74466
74467 atomic_set(&hba->resetting, 0);
74468 - atomic_set(&hba->reset_count, 0);
74469
74470 init_waitqueue_head(&hba->reset_wq);
74471 init_waitqueue_head(&hba->ioctl_wq);
74472 diff --git a/drivers/scsi/hptiop.h b/drivers/scsi/hptiop.h
74473 index 4d1c511..d5744cb 100644
74474 --- a/drivers/scsi/hptiop.h
74475 +++ b/drivers/scsi/hptiop.h
74476 @@ -330,7 +330,6 @@ struct hptiop_hba {
74477 void *dma_coherent[HPTIOP_MAX_REQUESTS];
74478 dma_addr_t dma_coherent_handle[HPTIOP_MAX_REQUESTS];
74479
74480 - atomic_t reset_count;
74481 atomic_t resetting;
74482
74483 wait_queue_head_t reset_wq;
74484 diff --git a/drivers/scsi/ipr.c b/drivers/scsi/ipr.c
74485 index 17d04c7..17a2948 100644
74486 --- a/drivers/scsi/ipr.c
74487 +++ b/drivers/scsi/ipr.c
74488 @@ -948,7 +948,7 @@ static void ipr_send_command(struct ipr_cmnd *ipr_cmd)
74489 **/
74490 static void ipr_do_req(struct ipr_cmnd *ipr_cmd,
74491 void (*done) (struct ipr_cmnd *),
74492 - void (*timeout_func) (struct ipr_cmnd *), u32 timeout)
74493 + void (*timeout_func) (unsigned long), u32 timeout)
74494 {
74495 list_add_tail(&ipr_cmd->queue, &ipr_cmd->hrrq->hrrq_pending_q);
74496
74497 @@ -956,7 +956,7 @@ static void ipr_do_req(struct ipr_cmnd *ipr_cmd,
74498
74499 ipr_cmd->timer.data = (unsigned long) ipr_cmd;
74500 ipr_cmd->timer.expires = jiffies + timeout;
74501 - ipr_cmd->timer.function = (void (*)(unsigned long))timeout_func;
74502 + ipr_cmd->timer.function = timeout_func;
74503
74504 add_timer(&ipr_cmd->timer);
74505
74506 @@ -1038,7 +1038,7 @@ static void ipr_init_ioadl(struct ipr_cmnd *ipr_cmd, dma_addr_t dma_addr,
74507 * none
74508 **/
74509 static void ipr_send_blocking_cmd(struct ipr_cmnd *ipr_cmd,
74510 - void (*timeout_func) (struct ipr_cmnd *ipr_cmd),
74511 + void (*timeout_func) (unsigned long ipr_cmd),
74512 u32 timeout)
74513 {
74514 struct ipr_ioa_cfg *ioa_cfg = ipr_cmd->ioa_cfg;
74515 @@ -1058,7 +1058,7 @@ static int ipr_get_hrrq_index(struct ipr_ioa_cfg *ioa_cfg)
74516 if (ioa_cfg->hrrq_num == 1)
74517 hrrq = 0;
74518 else {
74519 - hrrq = atomic_add_return(1, &ioa_cfg->hrrq_index);
74520 + hrrq = atomic_add_return_unchecked(1, &ioa_cfg->hrrq_index);
74521 hrrq = (hrrq % (ioa_cfg->hrrq_num - 1)) + 1;
74522 }
74523 return hrrq;
74524 @@ -2601,8 +2601,9 @@ static void ipr_process_error(struct ipr_cmnd *ipr_cmd)
74525 * Return value:
74526 * none
74527 **/
74528 -static void ipr_timeout(struct ipr_cmnd *ipr_cmd)
74529 +static void ipr_timeout(unsigned long _ipr_cmd)
74530 {
74531 + struct ipr_cmnd *ipr_cmd = (struct ipr_cmnd *)_ipr_cmd;
74532 unsigned long lock_flags = 0;
74533 struct ipr_ioa_cfg *ioa_cfg = ipr_cmd->ioa_cfg;
74534
74535 @@ -2633,8 +2634,9 @@ static void ipr_timeout(struct ipr_cmnd *ipr_cmd)
74536 * Return value:
74537 * none
74538 **/
74539 -static void ipr_oper_timeout(struct ipr_cmnd *ipr_cmd)
74540 +static void ipr_oper_timeout(unsigned long _ipr_cmd)
74541 {
74542 + struct ipr_cmnd *ipr_cmd = (struct ipr_cmnd *)_ipr_cmd;
74543 unsigned long lock_flags = 0;
74544 struct ipr_ioa_cfg *ioa_cfg = ipr_cmd->ioa_cfg;
74545
74546 @@ -5269,8 +5271,9 @@ static void ipr_bus_reset_done(struct ipr_cmnd *ipr_cmd)
74547 * Return value:
74548 * none
74549 **/
74550 -static void ipr_abort_timeout(struct ipr_cmnd *ipr_cmd)
74551 +static void ipr_abort_timeout(unsigned long _ipr_cmd)
74552 {
74553 + struct ipr_cmnd *ipr_cmd = (struct ipr_cmnd *)_ipr_cmd;
74554 struct ipr_cmnd *reset_cmd;
74555 struct ipr_ioa_cfg *ioa_cfg = ipr_cmd->ioa_cfg;
74556 struct ipr_cmd_pkt *cmd_pkt;
74557 @@ -8042,8 +8045,9 @@ static int ipr_ioafp_identify_hrrq(struct ipr_cmnd *ipr_cmd)
74558 * Return value:
74559 * none
74560 **/
74561 -static void ipr_reset_timer_done(struct ipr_cmnd *ipr_cmd)
74562 +static void ipr_reset_timer_done(unsigned long _ipr_cmd)
74563 {
74564 + struct ipr_cmnd *ipr_cmd = (struct ipr_cmnd *)_ipr_cmd;
74565 struct ipr_ioa_cfg *ioa_cfg = ipr_cmd->ioa_cfg;
74566 unsigned long lock_flags = 0;
74567
74568 @@ -8081,7 +8085,7 @@ static void ipr_reset_start_timer(struct ipr_cmnd *ipr_cmd,
74569
74570 ipr_cmd->timer.data = (unsigned long) ipr_cmd;
74571 ipr_cmd->timer.expires = jiffies + timeout;
74572 - ipr_cmd->timer.function = (void (*)(unsigned long))ipr_reset_timer_done;
74573 + ipr_cmd->timer.function = ipr_reset_timer_done;
74574 add_timer(&ipr_cmd->timer);
74575 }
74576
74577 @@ -8111,9 +8115,9 @@ static void ipr_init_ioa_mem(struct ipr_ioa_cfg *ioa_cfg)
74578
74579 ioa_cfg->identify_hrrq_index = 0;
74580 if (ioa_cfg->hrrq_num == 1)
74581 - atomic_set(&ioa_cfg->hrrq_index, 0);
74582 + atomic_set_unchecked(&ioa_cfg->hrrq_index, 0);
74583 else
74584 - atomic_set(&ioa_cfg->hrrq_index, 1);
74585 + atomic_set_unchecked(&ioa_cfg->hrrq_index, 1);
74586
74587 /* Zero out config table */
74588 memset(ioa_cfg->u.cfg_table, 0, ioa_cfg->cfg_table_size);
74589 @@ -8167,7 +8171,7 @@ static int ipr_reset_next_stage(struct ipr_cmnd *ipr_cmd)
74590
74591 ipr_cmd->timer.data = (unsigned long) ipr_cmd;
74592 ipr_cmd->timer.expires = jiffies + stage_time * HZ;
74593 - ipr_cmd->timer.function = (void (*)(unsigned long))ipr_oper_timeout;
74594 + ipr_cmd->timer.function = ipr_oper_timeout;
74595 ipr_cmd->done = ipr_reset_ioa_job;
74596 add_timer(&ipr_cmd->timer);
74597
74598 @@ -8239,7 +8243,7 @@ static int ipr_reset_enable_ioa(struct ipr_cmnd *ipr_cmd)
74599
74600 ipr_cmd->timer.data = (unsigned long) ipr_cmd;
74601 ipr_cmd->timer.expires = jiffies + (ioa_cfg->transop_timeout * HZ);
74602 - ipr_cmd->timer.function = (void (*)(unsigned long))ipr_oper_timeout;
74603 + ipr_cmd->timer.function = ipr_oper_timeout;
74604 ipr_cmd->done = ipr_reset_ioa_job;
74605 add_timer(&ipr_cmd->timer);
74606 list_add_tail(&ipr_cmd->queue, &ipr_cmd->hrrq->hrrq_pending_q);
74607 @@ -9227,7 +9231,7 @@ static void ipr_pci_perm_failure(struct pci_dev *pdev)
74608 * PCI_ERS_RESULT_NEED_RESET or PCI_ERS_RESULT_DISCONNECT
74609 */
74610 static pci_ers_result_t ipr_pci_error_detected(struct pci_dev *pdev,
74611 - pci_channel_state_t state)
74612 + enum pci_channel_state state)
74613 {
74614 switch (state) {
74615 case pci_channel_io_frozen:
74616 diff --git a/drivers/scsi/ipr.h b/drivers/scsi/ipr.h
74617 index cdb5196..f7e8eff 100644
74618 --- a/drivers/scsi/ipr.h
74619 +++ b/drivers/scsi/ipr.h
74620 @@ -1539,7 +1539,7 @@ struct ipr_ioa_cfg {
74621
74622 struct ipr_hrr_queue hrrq[IPR_MAX_HRRQ_NUM];
74623 u32 hrrq_num;
74624 - atomic_t hrrq_index;
74625 + atomic_unchecked_t hrrq_index;
74626 u16 identify_hrrq_index;
74627
74628 struct ipr_bus_attributes bus_attr[IPR_MAX_NUM_BUSES];
74629 diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c
74630 index e72673b..977ed14 100644
74631 --- a/drivers/scsi/libfc/fc_exch.c
74632 +++ b/drivers/scsi/libfc/fc_exch.c
74633 @@ -101,12 +101,12 @@ struct fc_exch_mgr {
74634 u16 pool_max_index;
74635
74636 struct {
74637 - atomic_t no_free_exch;
74638 - atomic_t no_free_exch_xid;
74639 - atomic_t xid_not_found;
74640 - atomic_t xid_busy;
74641 - atomic_t seq_not_found;
74642 - atomic_t non_bls_resp;
74643 + atomic_unchecked_t no_free_exch;
74644 + atomic_unchecked_t no_free_exch_xid;
74645 + atomic_unchecked_t xid_not_found;
74646 + atomic_unchecked_t xid_busy;
74647 + atomic_unchecked_t seq_not_found;
74648 + atomic_unchecked_t non_bls_resp;
74649 } stats;
74650 };
74651
74652 @@ -809,7 +809,7 @@ static struct fc_exch *fc_exch_em_alloc(struct fc_lport *lport,
74653 /* allocate memory for exchange */
74654 ep = mempool_alloc(mp->ep_pool, GFP_ATOMIC);
74655 if (!ep) {
74656 - atomic_inc(&mp->stats.no_free_exch);
74657 + atomic_inc_unchecked(&mp->stats.no_free_exch);
74658 goto out;
74659 }
74660 memset(ep, 0, sizeof(*ep));
74661 @@ -872,7 +872,7 @@ out:
74662 return ep;
74663 err:
74664 spin_unlock_bh(&pool->lock);
74665 - atomic_inc(&mp->stats.no_free_exch_xid);
74666 + atomic_inc_unchecked(&mp->stats.no_free_exch_xid);
74667 mempool_free(ep, mp->ep_pool);
74668 return NULL;
74669 }
74670 @@ -1029,7 +1029,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
74671 xid = ntohs(fh->fh_ox_id); /* we originated exch */
74672 ep = fc_exch_find(mp, xid);
74673 if (!ep) {
74674 - atomic_inc(&mp->stats.xid_not_found);
74675 + atomic_inc_unchecked(&mp->stats.xid_not_found);
74676 reject = FC_RJT_OX_ID;
74677 goto out;
74678 }
74679 @@ -1059,7 +1059,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
74680 ep = fc_exch_find(mp, xid);
74681 if ((f_ctl & FC_FC_FIRST_SEQ) && fc_sof_is_init(fr_sof(fp))) {
74682 if (ep) {
74683 - atomic_inc(&mp->stats.xid_busy);
74684 + atomic_inc_unchecked(&mp->stats.xid_busy);
74685 reject = FC_RJT_RX_ID;
74686 goto rel;
74687 }
74688 @@ -1070,7 +1070,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
74689 }
74690 xid = ep->xid; /* get our XID */
74691 } else if (!ep) {
74692 - atomic_inc(&mp->stats.xid_not_found);
74693 + atomic_inc_unchecked(&mp->stats.xid_not_found);
74694 reject = FC_RJT_RX_ID; /* XID not found */
74695 goto out;
74696 }
74697 @@ -1088,7 +1088,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
74698 } else {
74699 sp = &ep->seq;
74700 if (sp->id != fh->fh_seq_id) {
74701 - atomic_inc(&mp->stats.seq_not_found);
74702 + atomic_inc_unchecked(&mp->stats.seq_not_found);
74703 if (f_ctl & FC_FC_END_SEQ) {
74704 /*
74705 * Update sequence_id based on incoming last
74706 @@ -1539,22 +1539,22 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
74707
74708 ep = fc_exch_find(mp, ntohs(fh->fh_ox_id));
74709 if (!ep) {
74710 - atomic_inc(&mp->stats.xid_not_found);
74711 + atomic_inc_unchecked(&mp->stats.xid_not_found);
74712 goto out;
74713 }
74714 if (ep->esb_stat & ESB_ST_COMPLETE) {
74715 - atomic_inc(&mp->stats.xid_not_found);
74716 + atomic_inc_unchecked(&mp->stats.xid_not_found);
74717 goto rel;
74718 }
74719 if (ep->rxid == FC_XID_UNKNOWN)
74720 ep->rxid = ntohs(fh->fh_rx_id);
74721 if (ep->sid != 0 && ep->sid != ntoh24(fh->fh_d_id)) {
74722 - atomic_inc(&mp->stats.xid_not_found);
74723 + atomic_inc_unchecked(&mp->stats.xid_not_found);
74724 goto rel;
74725 }
74726 if (ep->did != ntoh24(fh->fh_s_id) &&
74727 ep->did != FC_FID_FLOGI) {
74728 - atomic_inc(&mp->stats.xid_not_found);
74729 + atomic_inc_unchecked(&mp->stats.xid_not_found);
74730 goto rel;
74731 }
74732 sof = fr_sof(fp);
74733 @@ -1563,7 +1563,7 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
74734 sp->ssb_stat |= SSB_ST_RESP;
74735 sp->id = fh->fh_seq_id;
74736 } else if (sp->id != fh->fh_seq_id) {
74737 - atomic_inc(&mp->stats.seq_not_found);
74738 + atomic_inc_unchecked(&mp->stats.seq_not_found);
74739 goto rel;
74740 }
74741
74742 @@ -1626,9 +1626,9 @@ static void fc_exch_recv_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
74743 sp = fc_seq_lookup_orig(mp, fp); /* doesn't hold sequence */
74744
74745 if (!sp)
74746 - atomic_inc(&mp->stats.xid_not_found);
74747 + atomic_inc_unchecked(&mp->stats.xid_not_found);
74748 else
74749 - atomic_inc(&mp->stats.non_bls_resp);
74750 + atomic_inc_unchecked(&mp->stats.non_bls_resp);
74751
74752 fc_frame_free(fp);
74753 }
74754 @@ -2269,13 +2269,13 @@ void fc_exch_update_stats(struct fc_lport *lport)
74755
74756 list_for_each_entry(ema, &lport->ema_list, ema_list) {
74757 mp = ema->mp;
74758 - st->fc_no_free_exch += atomic_read(&mp->stats.no_free_exch);
74759 + st->fc_no_free_exch += atomic_read_unchecked(&mp->stats.no_free_exch);
74760 st->fc_no_free_exch_xid +=
74761 - atomic_read(&mp->stats.no_free_exch_xid);
74762 - st->fc_xid_not_found += atomic_read(&mp->stats.xid_not_found);
74763 - st->fc_xid_busy += atomic_read(&mp->stats.xid_busy);
74764 - st->fc_seq_not_found += atomic_read(&mp->stats.seq_not_found);
74765 - st->fc_non_bls_resp += atomic_read(&mp->stats.non_bls_resp);
74766 + atomic_read_unchecked(&mp->stats.no_free_exch_xid);
74767 + st->fc_xid_not_found += atomic_read_unchecked(&mp->stats.xid_not_found);
74768 + st->fc_xid_busy += atomic_read_unchecked(&mp->stats.xid_busy);
74769 + st->fc_seq_not_found += atomic_read_unchecked(&mp->stats.seq_not_found);
74770 + st->fc_non_bls_resp += atomic_read_unchecked(&mp->stats.non_bls_resp);
74771 }
74772 }
74773 EXPORT_SYMBOL(fc_exch_update_stats);
74774 diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c
74775 index 763f012..641a55a 100644
74776 --- a/drivers/scsi/libsas/sas_ata.c
74777 +++ b/drivers/scsi/libsas/sas_ata.c
74778 @@ -532,7 +532,7 @@ static struct ata_port_operations sas_sata_ops = {
74779 .postreset = ata_std_postreset,
74780 .error_handler = ata_std_error_handler,
74781 .post_internal_cmd = sas_ata_post_internal,
74782 - .qc_defer = ata_std_qc_defer,
74783 + .qc_defer = ata_std_qc_defer,
74784 .qc_prep = ata_noop_qc_prep,
74785 .qc_issue = sas_ata_qc_issue,
74786 .qc_fill_rtf = sas_ata_qc_fill_rtf,
74787 diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h
74788 index b484859..1ea4db4 100644
74789 --- a/drivers/scsi/lpfc/lpfc.h
74790 +++ b/drivers/scsi/lpfc/lpfc.h
74791 @@ -430,7 +430,7 @@ struct lpfc_vport {
74792 struct dentry *debug_nodelist;
74793 struct dentry *vport_debugfs_root;
74794 struct lpfc_debugfs_trc *disc_trc;
74795 - atomic_t disc_trc_cnt;
74796 + atomic_unchecked_t disc_trc_cnt;
74797 #endif
74798 uint8_t stat_data_enabled;
74799 uint8_t stat_data_blocked;
74800 @@ -898,8 +898,8 @@ struct lpfc_hba {
74801 struct timer_list fabric_block_timer;
74802 unsigned long bit_flags;
74803 #define FABRIC_COMANDS_BLOCKED 0
74804 - atomic_t num_rsrc_err;
74805 - atomic_t num_cmd_success;
74806 + atomic_unchecked_t num_rsrc_err;
74807 + atomic_unchecked_t num_cmd_success;
74808 unsigned long last_rsrc_error_time;
74809 unsigned long last_ramp_down_time;
74810 #ifdef CONFIG_SCSI_LPFC_DEBUG_FS
74811 @@ -934,7 +934,7 @@ struct lpfc_hba {
74812
74813 struct dentry *debug_slow_ring_trc;
74814 struct lpfc_debugfs_trc *slow_ring_trc;
74815 - atomic_t slow_ring_trc_cnt;
74816 + atomic_unchecked_t slow_ring_trc_cnt;
74817 /* iDiag debugfs sub-directory */
74818 struct dentry *idiag_root;
74819 struct dentry *idiag_pci_cfg;
74820 diff --git a/drivers/scsi/lpfc/lpfc_debugfs.c b/drivers/scsi/lpfc/lpfc_debugfs.c
74821 index a63542b..80692ee 100644
74822 --- a/drivers/scsi/lpfc/lpfc_debugfs.c
74823 +++ b/drivers/scsi/lpfc/lpfc_debugfs.c
74824 @@ -106,7 +106,7 @@ MODULE_PARM_DESC(lpfc_debugfs_mask_disc_trc,
74825
74826 #include <linux/debugfs.h>
74827
74828 -static atomic_t lpfc_debugfs_seq_trc_cnt = ATOMIC_INIT(0);
74829 +static atomic_unchecked_t lpfc_debugfs_seq_trc_cnt = ATOMIC_INIT(0);
74830 static unsigned long lpfc_debugfs_start_time = 0L;
74831
74832 /* iDiag */
74833 @@ -147,7 +147,7 @@ lpfc_debugfs_disc_trc_data(struct lpfc_vport *vport, char *buf, int size)
74834 lpfc_debugfs_enable = 0;
74835
74836 len = 0;
74837 - index = (atomic_read(&vport->disc_trc_cnt) + 1) &
74838 + index = (atomic_read_unchecked(&vport->disc_trc_cnt) + 1) &
74839 (lpfc_debugfs_max_disc_trc - 1);
74840 for (i = index; i < lpfc_debugfs_max_disc_trc; i++) {
74841 dtp = vport->disc_trc + i;
74842 @@ -213,7 +213,7 @@ lpfc_debugfs_slow_ring_trc_data(struct lpfc_hba *phba, char *buf, int size)
74843 lpfc_debugfs_enable = 0;
74844
74845 len = 0;
74846 - index = (atomic_read(&phba->slow_ring_trc_cnt) + 1) &
74847 + index = (atomic_read_unchecked(&phba->slow_ring_trc_cnt) + 1) &
74848 (lpfc_debugfs_max_slow_ring_trc - 1);
74849 for (i = index; i < lpfc_debugfs_max_slow_ring_trc; i++) {
74850 dtp = phba->slow_ring_trc + i;
74851 @@ -646,14 +646,14 @@ lpfc_debugfs_disc_trc(struct lpfc_vport *vport, int mask, char *fmt,
74852 !vport || !vport->disc_trc)
74853 return;
74854
74855 - index = atomic_inc_return(&vport->disc_trc_cnt) &
74856 + index = atomic_inc_return_unchecked(&vport->disc_trc_cnt) &
74857 (lpfc_debugfs_max_disc_trc - 1);
74858 dtp = vport->disc_trc + index;
74859 dtp->fmt = fmt;
74860 dtp->data1 = data1;
74861 dtp->data2 = data2;
74862 dtp->data3 = data3;
74863 - dtp->seq_cnt = atomic_inc_return(&lpfc_debugfs_seq_trc_cnt);
74864 + dtp->seq_cnt = atomic_inc_return_unchecked(&lpfc_debugfs_seq_trc_cnt);
74865 dtp->jif = jiffies;
74866 #endif
74867 return;
74868 @@ -684,14 +684,14 @@ lpfc_debugfs_slow_ring_trc(struct lpfc_hba *phba, char *fmt,
74869 !phba || !phba->slow_ring_trc)
74870 return;
74871
74872 - index = atomic_inc_return(&phba->slow_ring_trc_cnt) &
74873 + index = atomic_inc_return_unchecked(&phba->slow_ring_trc_cnt) &
74874 (lpfc_debugfs_max_slow_ring_trc - 1);
74875 dtp = phba->slow_ring_trc + index;
74876 dtp->fmt = fmt;
74877 dtp->data1 = data1;
74878 dtp->data2 = data2;
74879 dtp->data3 = data3;
74880 - dtp->seq_cnt = atomic_inc_return(&lpfc_debugfs_seq_trc_cnt);
74881 + dtp->seq_cnt = atomic_inc_return_unchecked(&lpfc_debugfs_seq_trc_cnt);
74882 dtp->jif = jiffies;
74883 #endif
74884 return;
74885 @@ -4268,7 +4268,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport)
74886 "slow_ring buffer\n");
74887 goto debug_failed;
74888 }
74889 - atomic_set(&phba->slow_ring_trc_cnt, 0);
74890 + atomic_set_unchecked(&phba->slow_ring_trc_cnt, 0);
74891 memset(phba->slow_ring_trc, 0,
74892 (sizeof(struct lpfc_debugfs_trc) *
74893 lpfc_debugfs_max_slow_ring_trc));
74894 @@ -4314,7 +4314,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport)
74895 "buffer\n");
74896 goto debug_failed;
74897 }
74898 - atomic_set(&vport->disc_trc_cnt, 0);
74899 + atomic_set_unchecked(&vport->disc_trc_cnt, 0);
74900
74901 snprintf(name, sizeof(name), "discovery_trace");
74902 vport->debug_disc_trc =
74903 diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
74904 index 734a042..5f4c380 100644
74905 --- a/drivers/scsi/lpfc/lpfc_init.c
74906 +++ b/drivers/scsi/lpfc/lpfc_init.c
74907 @@ -11127,7 +11127,7 @@ lpfc_pci_resume_one(struct pci_dev *pdev)
74908 * PCI_ERS_RESULT_DISCONNECT - device could not be recovered
74909 **/
74910 static pci_ers_result_t
74911 -lpfc_io_error_detected(struct pci_dev *pdev, pci_channel_state_t state)
74912 +lpfc_io_error_detected(struct pci_dev *pdev, enum pci_channel_state state)
74913 {
74914 struct Scsi_Host *shost = pci_get_drvdata(pdev);
74915 struct lpfc_hba *phba = ((struct lpfc_vport *)shost->hostdata)->phba;
74916 @@ -11434,8 +11434,10 @@ lpfc_init(void)
74917 printk(KERN_ERR "Could not register lpfcmgmt device, "
74918 "misc_register returned with status %d", error);
74919
74920 - lpfc_transport_functions.vport_create = lpfc_vport_create;
74921 - lpfc_transport_functions.vport_delete = lpfc_vport_delete;
74922 + pax_open_kernel();
74923 + const_cast(lpfc_transport_functions.vport_create) = lpfc_vport_create;
74924 + const_cast(lpfc_transport_functions.vport_delete) = lpfc_vport_delete;
74925 + pax_close_kernel();
74926 lpfc_transport_template =
74927 fc_attach_transport(&lpfc_transport_functions);
74928 if (lpfc_transport_template == NULL)
74929 diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c
74930 index d197aa1..c1178a6 100644
74931 --- a/drivers/scsi/lpfc/lpfc_scsi.c
74932 +++ b/drivers/scsi/lpfc/lpfc_scsi.c
74933 @@ -261,7 +261,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba)
74934 unsigned long expires;
74935
74936 spin_lock_irqsave(&phba->hbalock, flags);
74937 - atomic_inc(&phba->num_rsrc_err);
74938 + atomic_inc_unchecked(&phba->num_rsrc_err);
74939 phba->last_rsrc_error_time = jiffies;
74940
74941 expires = phba->last_ramp_down_time + QUEUE_RAMP_DOWN_INTERVAL;
74942 @@ -303,8 +303,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba)
74943 unsigned long num_rsrc_err, num_cmd_success;
74944 int i;
74945
74946 - num_rsrc_err = atomic_read(&phba->num_rsrc_err);
74947 - num_cmd_success = atomic_read(&phba->num_cmd_success);
74948 + num_rsrc_err = atomic_read_unchecked(&phba->num_rsrc_err);
74949 + num_cmd_success = atomic_read_unchecked(&phba->num_cmd_success);
74950
74951 /*
74952 * The error and success command counters are global per
74953 @@ -331,8 +331,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba)
74954 }
74955 }
74956 lpfc_destroy_vport_work_array(phba, vports);
74957 - atomic_set(&phba->num_rsrc_err, 0);
74958 - atomic_set(&phba->num_cmd_success, 0);
74959 + atomic_set_unchecked(&phba->num_rsrc_err, 0);
74960 + atomic_set_unchecked(&phba->num_cmd_success, 0);
74961 }
74962
74963 /**
74964 diff --git a/drivers/scsi/megaraid/megaraid_sas.h b/drivers/scsi/megaraid/megaraid_sas.h
74965 index ca86c88..175be62 100644
74966 --- a/drivers/scsi/megaraid/megaraid_sas.h
74967 +++ b/drivers/scsi/megaraid/megaraid_sas.h
74968 @@ -2048,7 +2048,7 @@ struct megasas_instance {
74969 s8 init_id;
74970
74971 u16 max_num_sge;
74972 - u16 max_fw_cmds;
74973 + u16 max_fw_cmds __intentional_overflow(-1);
74974 u16 max_mfi_cmds;
74975 u16 max_scsi_cmds;
74976 u16 ldio_threshold;
74977 diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c
74978 index 750f82c..956cdf0 100644
74979 --- a/drivers/scsi/mpt3sas/mpt3sas_base.c
74980 +++ b/drivers/scsi/mpt3sas/mpt3sas_base.c
74981 @@ -105,7 +105,7 @@ _base_get_ioc_facts(struct MPT3SAS_ADAPTER *ioc, int sleep_flag);
74982 *
74983 */
74984 static int
74985 -_scsih_set_fwfault_debug(const char *val, struct kernel_param *kp)
74986 +_scsih_set_fwfault_debug(const char *val, const struct kernel_param *kp)
74987 {
74988 int ret = param_set_int(val, kp);
74989 struct MPT3SAS_ADAPTER *ioc;
74990 diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
74991 index 4cb7990..66bfb63 100644
74992 --- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c
74993 +++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
74994 @@ -280,7 +280,7 @@ struct _scsi_io_transfer {
74995 * Note: The logging levels are defined in mpt3sas_debug.h.
74996 */
74997 static int
74998 -_scsih_set_debug_level(const char *val, struct kernel_param *kp)
74999 +_scsih_set_debug_level(const char *val, const struct kernel_param *kp)
75000 {
75001 int ret = param_set_int(val, kp);
75002 struct MPT3SAS_ADAPTER *ioc;
75003 @@ -8934,7 +8934,7 @@ scsih_resume(struct pci_dev *pdev)
75004 * PCI_ERS_RESULT_NEED_RESET or PCI_ERS_RESULT_DISCONNECT
75005 */
75006 pci_ers_result_t
75007 -scsih_pci_error_detected(struct pci_dev *pdev, pci_channel_state_t state)
75008 +scsih_pci_error_detected(struct pci_dev *pdev, enum pci_channel_state state)
75009 {
75010 struct Scsi_Host *shost = pci_get_drvdata(pdev);
75011 struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
75012 diff --git a/drivers/scsi/pmcraid.c b/drivers/scsi/pmcraid.c
75013 index b2a88200..d66f0cc 100644
75014 --- a/drivers/scsi/pmcraid.c
75015 +++ b/drivers/scsi/pmcraid.c
75016 @@ -201,8 +201,8 @@ static int pmcraid_slave_alloc(struct scsi_device *scsi_dev)
75017 res->scsi_dev = scsi_dev;
75018 scsi_dev->hostdata = res;
75019 res->change_detected = 0;
75020 - atomic_set(&res->read_failures, 0);
75021 - atomic_set(&res->write_failures, 0);
75022 + atomic_set_unchecked(&res->read_failures, 0);
75023 + atomic_set_unchecked(&res->write_failures, 0);
75024 rc = 0;
75025 }
75026 spin_unlock_irqrestore(&pinstance->resource_lock, lock_flags);
75027 @@ -557,8 +557,9 @@ static void pmcraid_reset_type(struct pmcraid_instance *pinstance)
75028
75029 static void pmcraid_ioa_reset(struct pmcraid_cmd *);
75030
75031 -static void pmcraid_bist_done(struct pmcraid_cmd *cmd)
75032 +static void pmcraid_bist_done(unsigned long _cmd)
75033 {
75034 + struct pmcraid_cmd *cmd = (struct pmcraid_cmd *)_cmd;
75035 struct pmcraid_instance *pinstance = cmd->drv_inst;
75036 unsigned long lock_flags;
75037 int rc;
75038 @@ -573,8 +574,7 @@ static void pmcraid_bist_done(struct pmcraid_cmd *cmd)
75039 cmd->timer.expires = jiffies + cmd->time_left;
75040 cmd->time_left = 0;
75041 cmd->timer.data = (unsigned long)cmd;
75042 - cmd->timer.function =
75043 - (void (*)(unsigned long))pmcraid_bist_done;
75044 + cmd->timer.function = pmcraid_bist_done;
75045 add_timer(&cmd->timer);
75046 } else {
75047 cmd->time_left = 0;
75048 @@ -607,7 +607,7 @@ static void pmcraid_start_bist(struct pmcraid_cmd *cmd)
75049 cmd->time_left = msecs_to_jiffies(PMCRAID_BIST_TIMEOUT);
75050 cmd->timer.data = (unsigned long)cmd;
75051 cmd->timer.expires = jiffies + msecs_to_jiffies(PMCRAID_BIST_TIMEOUT);
75052 - cmd->timer.function = (void (*)(unsigned long))pmcraid_bist_done;
75053 + cmd->timer.function = pmcraid_bist_done;
75054 add_timer(&cmd->timer);
75055 }
75056
75057 @@ -617,8 +617,9 @@ static void pmcraid_start_bist(struct pmcraid_cmd *cmd)
75058 * Return value
75059 * None
75060 */
75061 -static void pmcraid_reset_alert_done(struct pmcraid_cmd *cmd)
75062 +static void pmcraid_reset_alert_done(unsigned long _cmd)
75063 {
75064 + struct pmcraid_cmd *cmd = (struct pmcraid_cmd *)_cmd;
75065 struct pmcraid_instance *pinstance = cmd->drv_inst;
75066 u32 status = ioread32(pinstance->ioa_status);
75067 unsigned long lock_flags;
75068 @@ -639,8 +640,7 @@ static void pmcraid_reset_alert_done(struct pmcraid_cmd *cmd)
75069 cmd->time_left -= PMCRAID_CHECK_FOR_RESET_TIMEOUT;
75070 cmd->timer.data = (unsigned long)cmd;
75071 cmd->timer.expires = jiffies + PMCRAID_CHECK_FOR_RESET_TIMEOUT;
75072 - cmd->timer.function =
75073 - (void (*)(unsigned long))pmcraid_reset_alert_done;
75074 + cmd->timer.function = pmcraid_reset_alert_done;
75075 add_timer(&cmd->timer);
75076 }
75077 }
75078 @@ -678,8 +678,7 @@ static void pmcraid_reset_alert(struct pmcraid_cmd *cmd)
75079 cmd->time_left = PMCRAID_RESET_TIMEOUT;
75080 cmd->timer.data = (unsigned long)cmd;
75081 cmd->timer.expires = jiffies + PMCRAID_CHECK_FOR_RESET_TIMEOUT;
75082 - cmd->timer.function =
75083 - (void (*)(unsigned long))pmcraid_reset_alert_done;
75084 + cmd->timer.function = pmcraid_reset_alert_done;
75085 add_timer(&cmd->timer);
75086
75087 iowrite32(DOORBELL_IOA_RESET_ALERT,
75088 @@ -704,8 +703,9 @@ static void pmcraid_reset_alert(struct pmcraid_cmd *cmd)
75089 * Return value:
75090 * None
75091 */
75092 -static void pmcraid_timeout_handler(struct pmcraid_cmd *cmd)
75093 +static void pmcraid_timeout_handler(unsigned long _cmd)
75094 {
75095 + struct pmcraid_cmd *cmd = (struct pmcraid_cmd *)_cmd;
75096 struct pmcraid_instance *pinstance = cmd->drv_inst;
75097 unsigned long lock_flags;
75098
75099 @@ -920,7 +920,7 @@ static void pmcraid_send_cmd(
75100 struct pmcraid_cmd *cmd,
75101 void (*cmd_done) (struct pmcraid_cmd *),
75102 unsigned long timeout,
75103 - void (*timeout_func) (struct pmcraid_cmd *)
75104 + void (*timeout_func) (unsigned long)
75105 )
75106 {
75107 /* initialize done function */
75108 @@ -930,7 +930,7 @@ static void pmcraid_send_cmd(
75109 /* setup timeout handler */
75110 cmd->timer.data = (unsigned long)cmd;
75111 cmd->timer.expires = jiffies + timeout;
75112 - cmd->timer.function = (void (*)(unsigned long))timeout_func;
75113 + cmd->timer.function = timeout_func;
75114 add_timer(&cmd->timer);
75115 }
75116
75117 @@ -1968,7 +1968,7 @@ static void pmcraid_soft_reset(struct pmcraid_cmd *cmd)
75118 cmd->timer.data = (unsigned long)cmd;
75119 cmd->timer.expires = jiffies +
75120 msecs_to_jiffies(PMCRAID_TRANSOP_TIMEOUT);
75121 - cmd->timer.function = (void (*)(unsigned long))pmcraid_timeout_handler;
75122 + cmd->timer.function = pmcraid_timeout_handler;
75123
75124 if (!timer_pending(&cmd->timer))
75125 add_timer(&cmd->timer);
75126 @@ -2641,9 +2641,9 @@ static int pmcraid_error_handler(struct pmcraid_cmd *cmd)
75127
75128 /* If this was a SCSI read/write command keep count of errors */
75129 if (SCSI_CMD_TYPE(scsi_cmd->cmnd[0]) == SCSI_READ_CMD)
75130 - atomic_inc(&res->read_failures);
75131 + atomic_inc_unchecked(&res->read_failures);
75132 else if (SCSI_CMD_TYPE(scsi_cmd->cmnd[0]) == SCSI_WRITE_CMD)
75133 - atomic_inc(&res->write_failures);
75134 + atomic_inc_unchecked(&res->write_failures);
75135
75136 if (!RES_IS_GSCSI(res->cfg_entry) &&
75137 masked_ioasc != PMCRAID_IOASC_HW_DEVICE_BUS_STATUS_ERROR) {
75138 @@ -3469,7 +3469,7 @@ static int pmcraid_queuecommand_lck(
75139 * block of scsi_cmd which is re-used (e.g. cancel/abort), which uses
75140 * hrrq_id assigned here in queuecommand
75141 */
75142 - ioarcb->hrrq_id = atomic_add_return(1, &(pinstance->last_message_id)) %
75143 + ioarcb->hrrq_id = atomic_add_return_unchecked(1, &(pinstance->last_message_id)) %
75144 pinstance->num_hrrq;
75145 cmd->cmd_done = pmcraid_io_done;
75146
75147 @@ -3783,7 +3783,7 @@ static long pmcraid_ioctl_passthrough(
75148 * block of scsi_cmd which is re-used (e.g. cancel/abort), which uses
75149 * hrrq_id assigned here in queuecommand
75150 */
75151 - ioarcb->hrrq_id = atomic_add_return(1, &(pinstance->last_message_id)) %
75152 + ioarcb->hrrq_id = atomic_add_return_unchecked(1, &(pinstance->last_message_id)) %
75153 pinstance->num_hrrq;
75154
75155 if (request_size) {
75156 @@ -4420,7 +4420,7 @@ static void pmcraid_worker_function(struct work_struct *workp)
75157
75158 pinstance = container_of(workp, struct pmcraid_instance, worker_q);
75159 /* add resources only after host is added into system */
75160 - if (!atomic_read(&pinstance->expose_resources))
75161 + if (!atomic_read_unchecked(&pinstance->expose_resources))
75162 return;
75163
75164 fw_version = be16_to_cpu(pinstance->inq_data->fw_version);
75165 @@ -5237,8 +5237,8 @@ static int pmcraid_init_instance(struct pci_dev *pdev, struct Scsi_Host *host,
75166 init_waitqueue_head(&pinstance->reset_wait_q);
75167
75168 atomic_set(&pinstance->outstanding_cmds, 0);
75169 - atomic_set(&pinstance->last_message_id, 0);
75170 - atomic_set(&pinstance->expose_resources, 0);
75171 + atomic_set_unchecked(&pinstance->last_message_id, 0);
75172 + atomic_set_unchecked(&pinstance->expose_resources, 0);
75173
75174 INIT_LIST_HEAD(&pinstance->free_res_q);
75175 INIT_LIST_HEAD(&pinstance->used_res_q);
75176 @@ -5949,7 +5949,7 @@ static int pmcraid_probe(struct pci_dev *pdev,
75177 /* Schedule worker thread to handle CCN and take care of adding and
75178 * removing devices to OS
75179 */
75180 - atomic_set(&pinstance->expose_resources, 1);
75181 + atomic_set_unchecked(&pinstance->expose_resources, 1);
75182 schedule_work(&pinstance->worker_q);
75183 return rc;
75184
75185 diff --git a/drivers/scsi/pmcraid.h b/drivers/scsi/pmcraid.h
75186 index e1d150f..6c6df44 100644
75187 --- a/drivers/scsi/pmcraid.h
75188 +++ b/drivers/scsi/pmcraid.h
75189 @@ -748,7 +748,7 @@ struct pmcraid_instance {
75190 struct pmcraid_isr_param hrrq_vector[PMCRAID_NUM_MSIX_VECTORS];
75191
75192 /* Message id as filled in last fired IOARCB, used to identify HRRQ */
75193 - atomic_t last_message_id;
75194 + atomic_unchecked_t last_message_id;
75195
75196 /* configuration table */
75197 struct pmcraid_config_table *cfg_table;
75198 @@ -777,7 +777,7 @@ struct pmcraid_instance {
75199 atomic_t outstanding_cmds;
75200
75201 /* should add/delete resources to mid-layer now ?*/
75202 - atomic_t expose_resources;
75203 + atomic_unchecked_t expose_resources;
75204
75205
75206
75207 @@ -813,8 +813,8 @@ struct pmcraid_resource_entry {
75208 struct pmcraid_config_table_entry_ext cfg_entry_ext;
75209 };
75210 struct scsi_device *scsi_dev; /* Link scsi_device structure */
75211 - atomic_t read_failures; /* count of failed READ commands */
75212 - atomic_t write_failures; /* count of failed WRITE commands */
75213 + atomic_unchecked_t read_failures; /* count of failed READ commands */
75214 + atomic_unchecked_t write_failures; /* count of failed WRITE commands */
75215
75216 /* To indicate add/delete/modify during CCN */
75217 u8 change_detected;
75218 diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c
75219 index fe7469c..91e0c0b 100644
75220 --- a/drivers/scsi/qla2xxx/qla_attr.c
75221 +++ b/drivers/scsi/qla2xxx/qla_attr.c
75222 @@ -2186,7 +2186,7 @@ qla24xx_vport_disable(struct fc_vport *fc_vport, bool disable)
75223 return 0;
75224 }
75225
75226 -struct fc_function_template qla2xxx_transport_functions = {
75227 +fc_function_template_no_const qla2xxx_transport_functions = {
75228
75229 .show_host_node_name = 1,
75230 .show_host_port_name = 1,
75231 @@ -2234,7 +2234,7 @@ struct fc_function_template qla2xxx_transport_functions = {
75232 .bsg_timeout = qla24xx_bsg_timeout,
75233 };
75234
75235 -struct fc_function_template qla2xxx_transport_vport_functions = {
75236 +fc_function_template_no_const qla2xxx_transport_vport_functions = {
75237
75238 .show_host_node_name = 1,
75239 .show_host_port_name = 1,
75240 diff --git a/drivers/scsi/qla2xxx/qla_gbl.h b/drivers/scsi/qla2xxx/qla_gbl.h
75241 index 6ca0081..fbb9efd 100644
75242 --- a/drivers/scsi/qla2xxx/qla_gbl.h
75243 +++ b/drivers/scsi/qla2xxx/qla_gbl.h
75244 @@ -178,8 +178,8 @@ extern void qla2x00_disable_board_on_pci_error(struct work_struct *);
75245 */
75246 extern struct scsi_host_template qla2xxx_driver_template;
75247 extern struct scsi_transport_template *qla2xxx_transport_vport_template;
75248 -extern void qla2x00_timer(scsi_qla_host_t *);
75249 -extern void qla2x00_start_timer(scsi_qla_host_t *, void *, unsigned long);
75250 +extern void qla2x00_timer(unsigned long);
75251 +extern void qla2x00_start_timer(scsi_qla_host_t *, void (*)(unsigned long), unsigned long);
75252 extern void qla24xx_deallocate_vp_id(scsi_qla_host_t *);
75253 extern int qla24xx_disable_vp (scsi_qla_host_t *);
75254 extern int qla24xx_enable_vp (scsi_qla_host_t *);
75255 @@ -583,8 +583,8 @@ extern void qla2x00_get_sym_node_name(scsi_qla_host_t *, uint8_t *, size_t);
75256 struct device_attribute;
75257 extern struct device_attribute *qla2x00_host_attrs[];
75258 struct fc_function_template;
75259 -extern struct fc_function_template qla2xxx_transport_functions;
75260 -extern struct fc_function_template qla2xxx_transport_vport_functions;
75261 +extern fc_function_template_no_const qla2xxx_transport_functions;
75262 +extern fc_function_template_no_const qla2xxx_transport_vport_functions;
75263 extern void qla2x00_alloc_sysfs_attr(scsi_qla_host_t *);
75264 extern void qla2x00_free_sysfs_attr(scsi_qla_host_t *, bool);
75265 extern void qla2x00_init_host_attr(scsi_qla_host_t *);
75266 diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
75267 index 2674f4c..1e15020 100644
75268 --- a/drivers/scsi/qla2xxx/qla_os.c
75269 +++ b/drivers/scsi/qla2xxx/qla_os.c
75270 @@ -301,12 +301,12 @@ struct scsi_transport_template *qla2xxx_transport_vport_template = NULL;
75271 */
75272
75273 __inline__ void
75274 -qla2x00_start_timer(scsi_qla_host_t *vha, void *func, unsigned long interval)
75275 +qla2x00_start_timer(scsi_qla_host_t *vha, void (*func)(unsigned long), unsigned long interval)
75276 {
75277 init_timer(&vha->timer);
75278 vha->timer.expires = jiffies + interval * HZ;
75279 vha->timer.data = (unsigned long)vha;
75280 - vha->timer.function = (void (*)(unsigned long))func;
75281 + vha->timer.function = func;
75282 add_timer(&vha->timer);
75283 vha->timer_active = 1;
75284 }
75285 @@ -1510,8 +1510,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha)
75286 !pci_set_consistent_dma_mask(ha->pdev, DMA_BIT_MASK(64))) {
75287 /* Ok, a 64bit DMA mask is applicable. */
75288 ha->flags.enable_64bit_addressing = 1;
75289 - ha->isp_ops->calc_req_entries = qla2x00_calc_iocbs_64;
75290 - ha->isp_ops->build_iocbs = qla2x00_build_scsi_iocbs_64;
75291 + pax_open_kernel();
75292 + const_cast(ha->isp_ops->calc_req_entries) = qla2x00_calc_iocbs_64;
75293 + const_cast(ha->isp_ops->build_iocbs) = qla2x00_build_scsi_iocbs_64;
75294 + pax_close_kernel();
75295 return;
75296 }
75297 }
75298 @@ -5381,8 +5383,9 @@ qla2x00_rst_aen(scsi_qla_host_t *vha)
75299 * Context: Interrupt
75300 ***************************************************************************/
75301 void
75302 -qla2x00_timer(scsi_qla_host_t *vha)
75303 +qla2x00_timer(unsigned long _vha)
75304 {
75305 + scsi_qla_host_t *vha = (scsi_qla_host_t *)_vha;
75306 unsigned long cpu_flags = 0;
75307 int start_dpc = 0;
75308 int index;
75309 @@ -5644,7 +5647,7 @@ qla2x00_release_firmware(void)
75310 }
75311
75312 static pci_ers_result_t
75313 -qla2xxx_pci_error_detected(struct pci_dev *pdev, pci_channel_state_t state)
75314 +qla2xxx_pci_error_detected(struct pci_dev *pdev, enum pci_channel_state state)
75315 {
75316 scsi_qla_host_t *vha = pci_get_drvdata(pdev);
75317 struct qla_hw_data *ha = vha->hw;
75318 diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c
75319 index bff9689..8caa187 100644
75320 --- a/drivers/scsi/qla2xxx/qla_target.c
75321 +++ b/drivers/scsi/qla2xxx/qla_target.c
75322 @@ -678,7 +678,7 @@ static int qlt_reset(struct scsi_qla_host *vha, void *iocb, int mcmd)
75323 loop_id = le16_to_cpu(n->u.isp24.nport_handle);
75324 if (loop_id == 0xFFFF) {
75325 /* Global event */
75326 - atomic_inc(&vha->vha_tgt.qla_tgt->tgt_global_resets_count);
75327 + atomic_inc_unchecked(&vha->vha_tgt.qla_tgt->tgt_global_resets_count);
75328 spin_lock_irqsave(&ha->tgt.sess_lock, flags);
75329 qlt_clear_tgt_db(vha->vha_tgt.qla_tgt);
75330 spin_unlock_irqrestore(&ha->tgt.sess_lock, flags);
75331 @@ -845,8 +845,9 @@ static void qlt_undelete_sess(struct qla_tgt_sess *sess)
75332 sess->deleted = 0;
75333 }
75334
75335 -static void qlt_del_sess_work_fn(struct delayed_work *work)
75336 +static void qlt_del_sess_work_fn(struct work_struct *_work)
75337 {
75338 + struct delayed_work *work = container_of(_work, struct delayed_work, work);
75339 struct qla_tgt *tgt = container_of(work, struct qla_tgt,
75340 sess_del_work);
75341 struct scsi_qla_host *vha = tgt->vha;
75342 @@ -5825,7 +5826,7 @@ static struct qla_tgt_sess *qlt_make_local_sess(struct scsi_qla_host *vha,
75343
75344 retry:
75345 global_resets =
75346 - atomic_read(&vha->vha_tgt.qla_tgt->tgt_global_resets_count);
75347 + atomic_read_unchecked(&vha->vha_tgt.qla_tgt->tgt_global_resets_count);
75348
75349 rc = qla24xx_get_loop_id(vha, s_id, &loop_id);
75350 if (rc != 0) {
75351 @@ -5864,12 +5865,12 @@ retry:
75352 }
75353
75354 if (global_resets !=
75355 - atomic_read(&vha->vha_tgt.qla_tgt->tgt_global_resets_count)) {
75356 + atomic_read_unchecked(&vha->vha_tgt.qla_tgt->tgt_global_resets_count)) {
75357 ql_dbg(ql_dbg_tgt_mgt, vha, 0xf043,
75358 "qla_target(%d): global reset during session discovery "
75359 "(counter was %d, new %d), retrying", vha->vp_idx,
75360 global_resets,
75361 - atomic_read(&vha->vha_tgt.
75362 + atomic_read_unchecked(&vha->vha_tgt.
75363 qla_tgt->tgt_global_resets_count));
75364 goto retry;
75365 }
75366 @@ -6080,8 +6081,7 @@ int qlt_add_target(struct qla_hw_data *ha, struct scsi_qla_host *base_vha)
75367 init_waitqueue_head(&tgt->waitQ);
75368 INIT_LIST_HEAD(&tgt->sess_list);
75369 INIT_LIST_HEAD(&tgt->del_sess_list);
75370 - INIT_DELAYED_WORK(&tgt->sess_del_work,
75371 - (void (*)(struct work_struct *))qlt_del_sess_work_fn);
75372 + INIT_DELAYED_WORK(&tgt->sess_del_work, qlt_del_sess_work_fn);
75373 spin_lock_init(&tgt->sess_work_lock);
75374 INIT_WORK(&tgt->sess_work, qlt_sess_work_fn);
75375 INIT_LIST_HEAD(&tgt->sess_works_list);
75376 @@ -6089,7 +6089,7 @@ int qlt_add_target(struct qla_hw_data *ha, struct scsi_qla_host *base_vha)
75377 INIT_LIST_HEAD(&tgt->srr_ctio_list);
75378 INIT_LIST_HEAD(&tgt->srr_imm_list);
75379 INIT_WORK(&tgt->srr_work, qlt_handle_srr_work);
75380 - atomic_set(&tgt->tgt_global_resets_count, 0);
75381 + atomic_set_unchecked(&tgt->tgt_global_resets_count, 0);
75382
75383 base_vha->vha_tgt.qla_tgt = tgt;
75384
75385 diff --git a/drivers/scsi/qla2xxx/qla_target.h b/drivers/scsi/qla2xxx/qla_target.h
75386 index f26c5f6..e88e9c5 100644
75387 --- a/drivers/scsi/qla2xxx/qla_target.h
75388 +++ b/drivers/scsi/qla2xxx/qla_target.h
75389 @@ -876,7 +876,7 @@ struct qla_tgt {
75390 struct list_head srr_imm_list;
75391 struct work_struct srr_work;
75392
75393 - atomic_t tgt_global_resets_count;
75394 + atomic_unchecked_t tgt_global_resets_count;
75395
75396 struct list_head tgt_list_entry;
75397 };
75398 diff --git a/drivers/scsi/qla4xxx/ql4_def.h b/drivers/scsi/qla4xxx/ql4_def.h
75399 index a7cfc27..151f483 100644
75400 --- a/drivers/scsi/qla4xxx/ql4_def.h
75401 +++ b/drivers/scsi/qla4xxx/ql4_def.h
75402 @@ -306,7 +306,7 @@ struct ddb_entry {
75403 * (4000 only) */
75404 atomic_t relogin_timer; /* Max Time to wait for
75405 * relogin to complete */
75406 - atomic_t relogin_retry_count; /* Num of times relogin has been
75407 + atomic_unchecked_t relogin_retry_count; /* Num of times relogin has been
75408 * retried */
75409 uint32_t default_time2wait; /* Default Min time between
75410 * relogins (+aens) */
75411 diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
75412 index 01c3610..f287da9 100644
75413 --- a/drivers/scsi/qla4xxx/ql4_os.c
75414 +++ b/drivers/scsi/qla4xxx/ql4_os.c
75415 @@ -3956,7 +3956,7 @@ exit_session_conn_param:
75416 * Timer routines
75417 */
75418
75419 -static void qla4xxx_start_timer(struct scsi_qla_host *ha, void *func,
75420 +static void qla4xxx_start_timer(struct scsi_qla_host *ha, void (*func)(unsigned long),
75421 unsigned long interval)
75422 {
75423 DEBUG(printk("scsi: %s: Starting timer thread for adapter %d\n",
75424 @@ -3964,7 +3964,7 @@ static void qla4xxx_start_timer(struct scsi_qla_host *ha, void *func,
75425 init_timer(&ha->timer);
75426 ha->timer.expires = jiffies + interval * HZ;
75427 ha->timer.data = (unsigned long)ha;
75428 - ha->timer.function = (void (*)(unsigned long))func;
75429 + ha->timer.function = func;
75430 add_timer(&ha->timer);
75431 ha->timer_active = 1;
75432 }
75433 @@ -4490,12 +4490,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess)
75434 */
75435 if (!iscsi_is_session_online(cls_sess)) {
75436 /* Reset retry relogin timer */
75437 - atomic_inc(&ddb_entry->relogin_retry_count);
75438 + atomic_inc_unchecked(&ddb_entry->relogin_retry_count);
75439 DEBUG2(ql4_printk(KERN_INFO, ha,
75440 "%s: index[%d] relogin timed out-retrying"
75441 " relogin (%d), retry (%d)\n", __func__,
75442 ddb_entry->fw_ddb_index,
75443 - atomic_read(&ddb_entry->relogin_retry_count),
75444 + atomic_read_unchecked(&ddb_entry->relogin_retry_count),
75445 ddb_entry->default_time2wait + 4));
75446 set_bit(DPC_RELOGIN_DEVICE, &ha->dpc_flags);
75447 atomic_set(&ddb_entry->retry_relogin_timer,
75448 @@ -4508,8 +4508,9 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess)
75449 * qla4xxx_timer - checks every second for work to do.
75450 * @ha: Pointer to host adapter structure.
75451 **/
75452 -static void qla4xxx_timer(struct scsi_qla_host *ha)
75453 +static void qla4xxx_timer(unsigned long _ha)
75454 {
75455 + struct scsi_qla_host *ha = (struct scsi_qla_host *)_ha;
75456 int start_dpc = 0;
75457 uint16_t w;
75458
75459 @@ -6603,7 +6604,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha,
75460
75461 atomic_set(&ddb_entry->retry_relogin_timer, INVALID_ENTRY);
75462 atomic_set(&ddb_entry->relogin_timer, 0);
75463 - atomic_set(&ddb_entry->relogin_retry_count, 0);
75464 + atomic_set_unchecked(&ddb_entry->relogin_retry_count, 0);
75465 def_timeout = le16_to_cpu(ddb_entry->fw_ddb_entry.def_timeout);
75466 ddb_entry->default_relogin_timeout =
75467 (def_timeout > LOGIN_TOV) && (def_timeout < LOGIN_TOV * 10) ?
75468 @@ -9557,7 +9558,7 @@ exit_host_reset:
75469 * RECOVERED - driver's pci_resume()
75470 */
75471 static pci_ers_result_t
75472 -qla4xxx_pci_error_detected(struct pci_dev *pdev, pci_channel_state_t state)
75473 +qla4xxx_pci_error_detected(struct pci_dev *pdev, enum pci_channel_state state)
75474 {
75475 struct scsi_qla_host *ha = pci_get_drvdata(pdev);
75476
75477 diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c
75478 index 1deb6ad..3057db5 100644
75479 --- a/drivers/scsi/scsi.c
75480 +++ b/drivers/scsi/scsi.c
75481 @@ -591,7 +591,7 @@ void scsi_finish_command(struct scsi_cmnd *cmd)
75482
75483 good_bytes = scsi_bufflen(cmd);
75484 if (cmd->request->cmd_type != REQ_TYPE_BLOCK_PC) {
75485 - int old_good_bytes = good_bytes;
75486 + unsigned int old_good_bytes = good_bytes;
75487 drv = scsi_cmd_to_driver(cmd);
75488 if (drv->done)
75489 good_bytes = drv->done(cmd);
75490 diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
75491 index 6a219a0..fd669fd 100644
75492 --- a/drivers/scsi/scsi_debug.c
75493 +++ b/drivers/scsi/scsi_debug.c
75494 @@ -289,10 +289,10 @@ struct sdebug_queue {
75495 atomic_t blocked; /* to temporarily stop more being queued */
75496 };
75497
75498 -static atomic_t sdebug_cmnd_count; /* number of incoming commands */
75499 -static atomic_t sdebug_completions; /* count of deferred completions */
75500 -static atomic_t sdebug_miss_cpus; /* submission + completion cpus differ */
75501 -static atomic_t sdebug_a_tsf; /* 'almost task set full' counter */
75502 +static atomic_unchecked_t sdebug_cmnd_count; /* number of incoming commands */
75503 +static atomic_unchecked_t sdebug_completions; /* count of deferred completions */
75504 +static atomic_unchecked_t sdebug_miss_cpus; /* submission + completion cpus differ */
75505 +static atomic_unchecked_t sdebug_a_tsf; /* 'almost task set full' counter */
75506
75507 struct opcode_info_t {
75508 u8 num_attached; /* 0 if this is it (i.e. a leaf); use 0xff */
75509 @@ -3492,9 +3492,9 @@ static void sdebug_q_cmd_complete(struct sdebug_defer *sd_dp)
75510 qc_idx = sd_dp->qc_idx;
75511 sqp = sdebug_q_arr + sd_dp->sqa_idx;
75512 if (sdebug_statistics) {
75513 - atomic_inc(&sdebug_completions);
75514 + atomic_inc_unchecked(&sdebug_completions);
75515 if (raw_smp_processor_id() != sd_dp->issuing_cpu)
75516 - atomic_inc(&sdebug_miss_cpus);
75517 + atomic_inc_unchecked(&sdebug_miss_cpus);
75518 }
75519 if (unlikely((qc_idx < 0) || (qc_idx >= SDEBUG_CANQUEUE))) {
75520 pr_err("wild qc_idx=%d\n", qc_idx);
75521 @@ -3966,23 +3966,23 @@ static void tweak_cmnd_count(void)
75522 if (modulo < 2)
75523 return;
75524 block_unblock_all_queues(true);
75525 - count = atomic_read(&sdebug_cmnd_count);
75526 - atomic_set(&sdebug_cmnd_count, (count / modulo) * modulo);
75527 + count = atomic_read_unchecked(&sdebug_cmnd_count);
75528 + atomic_set_unchecked(&sdebug_cmnd_count, (count / modulo) * modulo);
75529 block_unblock_all_queues(false);
75530 }
75531
75532 static void clear_queue_stats(void)
75533 {
75534 - atomic_set(&sdebug_cmnd_count, 0);
75535 - atomic_set(&sdebug_completions, 0);
75536 - atomic_set(&sdebug_miss_cpus, 0);
75537 - atomic_set(&sdebug_a_tsf, 0);
75538 + atomic_set_unchecked(&sdebug_cmnd_count, 0);
75539 + atomic_set_unchecked(&sdebug_completions, 0);
75540 + atomic_set_unchecked(&sdebug_miss_cpus, 0);
75541 + atomic_set_unchecked(&sdebug_a_tsf, 0);
75542 }
75543
75544 static void setup_inject(struct sdebug_queue *sqp,
75545 struct sdebug_queued_cmd *sqcp)
75546 {
75547 - if ((atomic_read(&sdebug_cmnd_count) % abs(sdebug_every_nth)) > 0)
75548 + if ((atomic_read_unchecked(&sdebug_cmnd_count) % abs(sdebug_every_nth)) > 0)
75549 return;
75550 sqcp->inj_recovered = !!(SDEBUG_OPT_RECOVERED_ERR & sdebug_opts);
75551 sqcp->inj_transport = !!(SDEBUG_OPT_TRANSPORT_ERR & sdebug_opts);
75552 @@ -4039,9 +4039,9 @@ static int schedule_resp(struct scsi_cmnd *cmnd, struct sdebug_dev_info *devip,
75553 (SDEBUG_OPT_RARE_TSF & sdebug_opts) &&
75554 (scsi_result == 0))) {
75555 if ((num_in_q == (qdepth - 1)) &&
75556 - (atomic_inc_return(&sdebug_a_tsf) >=
75557 + (atomic_inc_return_unchecked(&sdebug_a_tsf) >=
75558 abs(sdebug_every_nth))) {
75559 - atomic_set(&sdebug_a_tsf, 0);
75560 + atomic_set_unchecked(&sdebug_a_tsf, 0);
75561 inject = 1;
75562 scsi_result = device_qfull_result;
75563 }
75564 @@ -4296,10 +4296,10 @@ static int scsi_debug_show_info(struct seq_file *m, struct Scsi_Host *host)
75565 TICK_NSEC / 1000, "statistics", sdebug_statistics,
75566 sdebug_mq_active);
75567 seq_printf(m, "cmnd_count=%d, completions=%d, %s=%d, a_tsf=%d\n",
75568 - atomic_read(&sdebug_cmnd_count),
75569 - atomic_read(&sdebug_completions),
75570 - "miss_cpus", atomic_read(&sdebug_miss_cpus),
75571 - atomic_read(&sdebug_a_tsf));
75572 + atomic_read_unchecked(&sdebug_cmnd_count),
75573 + atomic_read_unchecked(&sdebug_completions),
75574 + "miss_cpus", atomic_read_unchecked(&sdebug_miss_cpus),
75575 + atomic_read_unchecked(&sdebug_a_tsf));
75576
75577 seq_printf(m, "submit_queues=%d\n", submit_queues);
75578 for (j = 0, sqp = sdebug_q_arr; j < submit_queues; ++j, ++sqp) {
75579 @@ -5252,7 +5252,7 @@ static int sdebug_change_qdepth(struct scsi_device *sdev, int qdepth)
75580
75581 static bool fake_timeout(struct scsi_cmnd *scp)
75582 {
75583 - if (0 == (atomic_read(&sdebug_cmnd_count) % abs(sdebug_every_nth))) {
75584 + if (0 == (atomic_read_unchecked(&sdebug_cmnd_count) % abs(sdebug_every_nth))) {
75585 if (sdebug_every_nth < -1)
75586 sdebug_every_nth = -1;
75587 if (SDEBUG_OPT_TIMEOUT & sdebug_opts)
75588 @@ -5283,7 +5283,7 @@ static int scsi_debug_queuecommand(struct Scsi_Host *shost,
75589
75590 scsi_set_resid(scp, 0);
75591 if (sdebug_statistics)
75592 - atomic_inc(&sdebug_cmnd_count);
75593 + atomic_inc_unchecked(&sdebug_cmnd_count);
75594 if (unlikely(sdebug_verbose &&
75595 !(SDEBUG_OPT_NO_CDB_NOISE & sdebug_opts))) {
75596 char b[120];
75597 diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
75598 index c71344a..94f1f9e 100644
75599 --- a/drivers/scsi/scsi_lib.c
75600 +++ b/drivers/scsi/scsi_lib.c
75601 @@ -1513,7 +1513,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
75602 shost = sdev->host;
75603 scsi_init_cmd_errh(cmd);
75604 cmd->result = DID_NO_CONNECT << 16;
75605 - atomic_inc(&cmd->device->iorequest_cnt);
75606 + atomic_inc_unchecked(&cmd->device->iorequest_cnt);
75607
75608 /*
75609 * SCSI request completion path will do scsi_device_unbusy(),
75610 @@ -1536,9 +1536,9 @@ static void scsi_softirq_done(struct request *rq)
75611
75612 INIT_LIST_HEAD(&cmd->eh_entry);
75613
75614 - atomic_inc(&cmd->device->iodone_cnt);
75615 + atomic_inc_unchecked(&cmd->device->iodone_cnt);
75616 if (cmd->result)
75617 - atomic_inc(&cmd->device->ioerr_cnt);
75618 + atomic_inc_unchecked(&cmd->device->ioerr_cnt);
75619
75620 disposition = scsi_decide_disposition(cmd);
75621 if (disposition != SUCCESS &&
75622 @@ -1579,7 +1579,7 @@ static int scsi_dispatch_cmd(struct scsi_cmnd *cmd)
75623 struct Scsi_Host *host = cmd->device->host;
75624 int rtn = 0;
75625
75626 - atomic_inc(&cmd->device->iorequest_cnt);
75627 + atomic_inc_unchecked(&cmd->device->iorequest_cnt);
75628
75629 /* check if the device is still usable */
75630 if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
75631 diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
75632 index 0734927..427833a 100644
75633 --- a/drivers/scsi/scsi_sysfs.c
75634 +++ b/drivers/scsi/scsi_sysfs.c
75635 @@ -848,7 +848,7 @@ show_iostat_##field(struct device *dev, struct device_attribute *attr, \
75636 char *buf) \
75637 { \
75638 struct scsi_device *sdev = to_scsi_device(dev); \
75639 - unsigned long long count = atomic_read(&sdev->field); \
75640 + unsigned long long count = atomic_read_unchecked(&sdev->field); \
75641 return snprintf(buf, 20, "0x%llx\n", count); \
75642 } \
75643 static DEVICE_ATTR(field, S_IRUGO, show_iostat_##field, NULL)
75644 diff --git a/drivers/scsi/scsi_transport_fc.c b/drivers/scsi/scsi_transport_fc.c
75645 index 0f3a386..1616cee 100644
75646 --- a/drivers/scsi/scsi_transport_fc.c
75647 +++ b/drivers/scsi/scsi_transport_fc.c
75648 @@ -502,7 +502,7 @@ static DECLARE_TRANSPORT_CLASS(fc_vport_class,
75649 * Netlink Infrastructure
75650 */
75651
75652 -static atomic_t fc_event_seq;
75653 +static atomic_unchecked_t fc_event_seq;
75654
75655 /**
75656 * fc_get_event_number - Obtain the next sequential FC event number
75657 @@ -515,7 +515,7 @@ static atomic_t fc_event_seq;
75658 u32
75659 fc_get_event_number(void)
75660 {
75661 - return atomic_add_return(1, &fc_event_seq);
75662 + return atomic_add_return_unchecked(1, &fc_event_seq);
75663 }
75664 EXPORT_SYMBOL(fc_get_event_number);
75665
75666 @@ -659,7 +659,7 @@ static __init int fc_transport_init(void)
75667 {
75668 int error;
75669
75670 - atomic_set(&fc_event_seq, 0);
75671 + atomic_set_unchecked(&fc_event_seq, 0);
75672
75673 error = transport_class_register(&fc_host_class);
75674 if (error)
75675 @@ -849,7 +849,7 @@ static int fc_str_to_dev_loss(const char *buf, unsigned long *val)
75676 char *cp;
75677
75678 *val = simple_strtoul(buf, &cp, 0);
75679 - if ((*cp && (*cp != '\n')) || (*val < 0))
75680 + if (*cp && (*cp != '\n'))
75681 return -EINVAL;
75682 /*
75683 * Check for overflow; dev_loss_tmo is u32
75684 diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c
75685 index 42bca61..ceceb5d 100644
75686 --- a/drivers/scsi/scsi_transport_iscsi.c
75687 +++ b/drivers/scsi/scsi_transport_iscsi.c
75688 @@ -79,7 +79,7 @@ struct iscsi_internal {
75689 struct transport_container session_cont;
75690 };
75691
75692 -static atomic_t iscsi_session_nr; /* sysfs session id for next new session */
75693 +static atomic_unchecked_t iscsi_session_nr; /* sysfs session id for next new session */
75694 static struct workqueue_struct *iscsi_eh_timer_workq;
75695
75696 static DEFINE_IDA(iscsi_sess_ida);
75697 @@ -2073,7 +2073,7 @@ int iscsi_add_session(struct iscsi_cls_session *session, unsigned int target_id)
75698 int id = 0;
75699 int err;
75700
75701 - session->sid = atomic_add_return(1, &iscsi_session_nr);
75702 + session->sid = atomic_add_return_unchecked(1, &iscsi_session_nr);
75703
75704 if (target_id == ISCSI_MAX_TARGET) {
75705 id = ida_simple_get(&iscsi_sess_ida, 0, 0, GFP_KERNEL);
75706 @@ -4523,7 +4523,7 @@ static __init int iscsi_transport_init(void)
75707 printk(KERN_INFO "Loading iSCSI transport class v%s.\n",
75708 ISCSI_TRANSPORT_VERSION);
75709
75710 - atomic_set(&iscsi_session_nr, 0);
75711 + atomic_set_unchecked(&iscsi_session_nr, 0);
75712
75713 err = class_register(&iscsi_transport_class);
75714 if (err)
75715 diff --git a/drivers/scsi/scsi_transport_spi.c b/drivers/scsi/scsi_transport_spi.c
75716 index 319868f..a00cda5 100644
75717 --- a/drivers/scsi/scsi_transport_spi.c
75718 +++ b/drivers/scsi/scsi_transport_spi.c
75719 @@ -758,7 +758,7 @@ spi_dv_device_compare_inquiry(struct scsi_device *sdev, u8 *buffer,
75720 static enum spi_compare_returns
75721 spi_dv_retrain(struct scsi_device *sdev, u8 *buffer, u8 *ptr,
75722 enum spi_compare_returns
75723 - (*compare_fn)(struct scsi_device *, u8 *, u8 *, int))
75724 + (*compare_fn)(struct scsi_device *, u8 *, u8 *, const int))
75725 {
75726 struct spi_internal *i = to_spi_internal(sdev->host->transportt);
75727 struct scsi_target *starget = sdev->sdev_target;
75728 diff --git a/drivers/scsi/scsi_transport_srp.c b/drivers/scsi/scsi_transport_srp.c
75729 index e3cd3ec..97ab643 100644
75730 --- a/drivers/scsi/scsi_transport_srp.c
75731 +++ b/drivers/scsi/scsi_transport_srp.c
75732 @@ -35,7 +35,7 @@
75733 #include "scsi_priv.h"
75734
75735 struct srp_host_attrs {
75736 - atomic_t next_port_id;
75737 + atomic_unchecked_t next_port_id;
75738 };
75739 #define to_srp_host_attrs(host) ((struct srp_host_attrs *)(host)->shost_data)
75740
75741 @@ -105,7 +105,7 @@ static int srp_host_setup(struct transport_container *tc, struct device *dev,
75742 struct Scsi_Host *shost = dev_to_shost(dev);
75743 struct srp_host_attrs *srp_host = to_srp_host_attrs(shost);
75744
75745 - atomic_set(&srp_host->next_port_id, 0);
75746 + atomic_set_unchecked(&srp_host->next_port_id, 0);
75747 return 0;
75748 }
75749
75750 @@ -226,7 +226,7 @@ static ssize_t show_reconnect_delay(struct device *dev,
75751
75752 static ssize_t store_reconnect_delay(struct device *dev,
75753 struct device_attribute *attr,
75754 - const char *buf, const size_t count)
75755 + const char *buf, size_t count)
75756 {
75757 struct srp_rport *rport = transport_class_to_srp_rport(dev);
75758 int res, delay;
75759 @@ -752,7 +752,7 @@ struct srp_rport *srp_rport_add(struct Scsi_Host *shost,
75760 rport_fast_io_fail_timedout);
75761 INIT_DELAYED_WORK(&rport->dev_loss_work, rport_dev_loss_timedout);
75762
75763 - id = atomic_inc_return(&to_srp_host_attrs(shost)->next_port_id);
75764 + id = atomic_inc_return_unchecked(&to_srp_host_attrs(shost)->next_port_id);
75765 dev_set_name(&rport->dev, "port-%d:%d", shost->host_no, id);
75766
75767 transport_setup_device(&rport->dev);
75768 diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
75769 index d3e852a..5a04bed 100644
75770 --- a/drivers/scsi/sd.c
75771 +++ b/drivers/scsi/sd.c
75772 @@ -112,7 +112,7 @@ static int sd_resume(struct device *);
75773 static void sd_rescan(struct device *);
75774 static int sd_init_command(struct scsi_cmnd *SCpnt);
75775 static void sd_uninit_command(struct scsi_cmnd *SCpnt);
75776 -static int sd_done(struct scsi_cmnd *);
75777 +static unsigned int sd_done(struct scsi_cmnd *);
75778 static int sd_eh_action(struct scsi_cmnd *, int);
75779 static void sd_read_capacity(struct scsi_disk *sdkp, unsigned char *buffer);
75780 static void scsi_disk_release(struct device *cdev);
75781 @@ -1767,7 +1767,7 @@ static unsigned int sd_completed_bytes(struct scsi_cmnd *scmd)
75782 *
75783 * Note: potentially run from within an ISR. Must not block.
75784 **/
75785 -static int sd_done(struct scsi_cmnd *SCpnt)
75786 +static unsigned int sd_done(struct scsi_cmnd *SCpnt)
75787 {
75788 int result = SCpnt->result;
75789 unsigned int good_bytes = result ? 0 : scsi_bufflen(SCpnt);
75790 @@ -3080,7 +3080,7 @@ static int sd_probe(struct device *dev)
75791 sdkp->disk = gd;
75792 sdkp->index = index;
75793 atomic_set(&sdkp->openers, 0);
75794 - atomic_set(&sdkp->device->ioerr_cnt, 0);
75795 + atomic_set_unchecked(&sdkp->device->ioerr_cnt, 0);
75796
75797 if (!sdp->request_queue->rq_timeout) {
75798 if (sdp->type != TYPE_MOD)
75799 diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
75800 index ae7d9bd..77e1f04 100644
75801 --- a/drivers/scsi/sg.c
75802 +++ b/drivers/scsi/sg.c
75803 @@ -1090,7 +1090,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
75804 sdp->disk->disk_name,
75805 MKDEV(SCSI_GENERIC_MAJOR, sdp->index),
75806 NULL,
75807 - (char *)arg);
75808 + (char __user *)arg);
75809 case BLKTRACESTART:
75810 return blk_trace_startstop(sdp->device->request_queue, 1);
75811 case BLKTRACESTOP:
75812 diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
75813 index ed17934..108678b 100644
75814 --- a/drivers/scsi/sr.c
75815 +++ b/drivers/scsi/sr.c
75816 @@ -80,7 +80,7 @@ static DEFINE_MUTEX(sr_mutex);
75817 static int sr_probe(struct device *);
75818 static int sr_remove(struct device *);
75819 static int sr_init_command(struct scsi_cmnd *SCpnt);
75820 -static int sr_done(struct scsi_cmnd *);
75821 +static unsigned int sr_done(struct scsi_cmnd *);
75822 static int sr_runtime_suspend(struct device *dev);
75823
75824 static struct dev_pm_ops sr_pm_ops = {
75825 @@ -315,13 +315,13 @@ do_tur:
75826 * It will be notified on the end of a SCSI read / write, and will take one
75827 * of several actions based on success or failure.
75828 */
75829 -static int sr_done(struct scsi_cmnd *SCpnt)
75830 +static unsigned int sr_done(struct scsi_cmnd *SCpnt)
75831 {
75832 int result = SCpnt->result;
75833 - int this_count = scsi_bufflen(SCpnt);
75834 - int good_bytes = (result == 0 ? this_count : 0);
75835 - int block_sectors = 0;
75836 - long error_sector;
75837 + unsigned int this_count = scsi_bufflen(SCpnt);
75838 + unsigned int good_bytes = (result == 0 ? this_count : 0);
75839 + unsigned int block_sectors = 0;
75840 + sector_t error_sector;
75841 struct scsi_cd *cd = scsi_cd(SCpnt->request->rq_disk);
75842
75843 #ifdef DEBUG
75844 @@ -354,9 +354,12 @@ static int sr_done(struct scsi_cmnd *SCpnt)
75845 if (cd->device->sector_size == 2048)
75846 error_sector <<= 2;
75847 error_sector &= ~(block_sectors - 1);
75848 - good_bytes = (error_sector -
75849 - blk_rq_pos(SCpnt->request)) << 9;
75850 - if (good_bytes < 0 || good_bytes >= this_count)
75851 + if (error_sector >= blk_rq_pos(SCpnt->request)) {
75852 + good_bytes = (error_sector -
75853 + blk_rq_pos(SCpnt->request)) << 9;
75854 + if (good_bytes >= this_count)
75855 + good_bytes = 0;
75856 + } else
75857 good_bytes = 0;
75858 /*
75859 * The SCSI specification allows for the value
75860 diff --git a/drivers/soc/tegra/fuse/fuse-tegra.c b/drivers/soc/tegra/fuse/fuse-tegra.c
75861 index de2c1bf..60b8563 100644
75862 --- a/drivers/soc/tegra/fuse/fuse-tegra.c
75863 +++ b/drivers/soc/tegra/fuse/fuse-tegra.c
75864 @@ -72,7 +72,7 @@ static ssize_t fuse_read(struct file *fd, struct kobject *kobj,
75865 return i;
75866 }
75867
75868 -static struct bin_attribute fuse_bin_attr = {
75869 +static bin_attribute_no_const fuse_bin_attr = {
75870 .attr = { .name = "fuse", .mode = S_IRUGO, },
75871 .read = fuse_read,
75872 };
75873 diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
75874 index 200ca22..170ab80 100644
75875 --- a/drivers/spi/spi.c
75876 +++ b/drivers/spi/spi.c
75877 @@ -2982,7 +2982,7 @@ int spi_bus_unlock(struct spi_master *master)
75878 EXPORT_SYMBOL_GPL(spi_bus_unlock);
75879
75880 /* portable code must never pass more than 32 bytes */
75881 -#define SPI_BUFSIZ max(32, SMP_CACHE_BYTES)
75882 +#define SPI_BUFSIZ max(32UL, SMP_CACHE_BYTES)
75883
75884 static u8 *buf;
75885
75886 diff --git a/drivers/staging/fbtft/fbtft-core.c b/drivers/staging/fbtft/fbtft-core.c
75887 index 4c281df..1960930 100644
75888 --- a/drivers/staging/fbtft/fbtft-core.c
75889 +++ b/drivers/staging/fbtft/fbtft-core.c
75890 @@ -649,7 +649,7 @@ struct fb_info *fbtft_framebuffer_alloc(struct fbtft_display *display,
75891 {
75892 struct fb_info *info;
75893 struct fbtft_par *par;
75894 - struct fb_ops *fbops = NULL;
75895 + fb_ops_no_const *fbops = NULL;
75896 struct fb_deferred_io *fbdefio = NULL;
75897 u8 *vmem = NULL;
75898 void *txbuf = NULL;
75899 diff --git a/drivers/staging/fbtft/fbtft.h b/drivers/staging/fbtft/fbtft.h
75900 index d3bc394..7fa336d 100644
75901 --- a/drivers/staging/fbtft/fbtft.h
75902 +++ b/drivers/staging/fbtft/fbtft.h
75903 @@ -93,7 +93,7 @@ struct fbtft_ops {
75904
75905 int (*set_var)(struct fbtft_par *par);
75906 int (*set_gamma)(struct fbtft_par *par, unsigned long *curves);
75907 -};
75908 +} __no_const;
75909
75910 /**
75911 * struct fbtft_display - Describes the display properties
75912 diff --git a/drivers/staging/gdm724x/gdm_lte.c b/drivers/staging/gdm724x/gdm_lte.c
75913 index bb55219..789b758 100644
75914 --- a/drivers/staging/gdm724x/gdm_lte.c
75915 +++ b/drivers/staging/gdm724x/gdm_lte.c
75916 @@ -410,7 +410,7 @@ static s32 gdm_lte_tx_nic_type(struct net_device *dev, struct sk_buff *skb)
75917 return nic_type;
75918 }
75919
75920 -static int gdm_lte_tx(struct sk_buff *skb, struct net_device *dev)
75921 +static netdev_tx_t gdm_lte_tx(struct sk_buff *skb, struct net_device *dev)
75922 {
75923 struct nic *nic = netdev_priv(dev);
75924 u32 nic_type;
75925 diff --git a/drivers/staging/gdm724x/gdm_tty.c b/drivers/staging/gdm724x/gdm_tty.c
75926 index eb7e252..b7bd5e5 100644
75927 --- a/drivers/staging/gdm724x/gdm_tty.c
75928 +++ b/drivers/staging/gdm724x/gdm_tty.c
75929 @@ -44,7 +44,7 @@
75930 #define gdm_tty_send_control(n, r, v, d, l) (\
75931 n->tty_dev->send_control(n->tty_dev->priv_dev, r, v, d, l))
75932
75933 -#define GDM_TTY_READY(gdm) (gdm && gdm->tty_dev && gdm->port.count)
75934 +#define GDM_TTY_READY(gdm) (gdm && gdm->tty_dev && atomic_read(&gdm->port.count))
75935
75936 static struct tty_driver *gdm_driver[TTY_MAX_COUNT];
75937 static struct gdm *gdm_table[TTY_MAX_COUNT][GDM_TTY_MINOR];
75938 diff --git a/drivers/staging/i4l/icn/icn.c b/drivers/staging/i4l/icn/icn.c
75939 index 46d957c..d590c95 100644
75940 --- a/drivers/staging/i4l/icn/icn.c
75941 +++ b/drivers/staging/i4l/icn/icn.c
75942 @@ -1045,7 +1045,7 @@ icn_writecmd(const u_char *buf, int len, int user, icn_card *card)
75943 if (count > len)
75944 count = len;
75945 if (user) {
75946 - if (copy_from_user(msg, buf, count))
75947 + if (count > sizeof msg || copy_from_user(msg, buf, count))
75948 return -EFAULT;
75949 } else
75950 memcpy(msg, buf, count);
75951 diff --git a/drivers/staging/iio/adc/ad7280a.c b/drivers/staging/iio/adc/ad7280a.c
75952 index 2177f1d..f226336 100644
75953 --- a/drivers/staging/iio/adc/ad7280a.c
75954 +++ b/drivers/staging/iio/adc/ad7280a.c
75955 @@ -547,8 +547,8 @@ static int ad7280_attr_init(struct ad7280_state *st)
75956 {
75957 int dev, ch, cnt;
75958
75959 - st->iio_attr = kcalloc(2, sizeof(*st->iio_attr) *
75960 - (st->slave_num + 1) * AD7280A_CELLS_PER_DEV,
75961 + st->iio_attr = kcalloc(sizeof(*st->iio_attr) *
75962 + (st->slave_num + 1) * AD7280A_CELLS_PER_DEV, 2,
75963 GFP_KERNEL);
75964 if (!st->iio_attr)
75965 return -ENOMEM;
75966 diff --git a/drivers/staging/ks7010/ks_wlan_net.c b/drivers/staging/ks7010/ks_wlan_net.c
75967 index 1e21eb1..d3f9dd7 100644
75968 --- a/drivers/staging/ks7010/ks_wlan_net.c
75969 +++ b/drivers/staging/ks7010/ks_wlan_net.c
75970 @@ -181,9 +181,10 @@ int ks_wlan_setup_parameter(struct ks_wlan_private *priv,
75971 /*------------------------------------------------------------------*/
75972 /* Wireless Handler : get protocol name */
75973 static int ks_wlan_get_name(struct net_device *dev,
75974 - struct iw_request_info *info, char *cwrq,
75975 + struct iw_request_info *info, union iwreq_data *_cwrq,
75976 char *extra)
75977 {
75978 + char *cwrq = _cwrq->name;
75979 struct ks_wlan_private *priv =
75980 (struct ks_wlan_private *)netdev_priv(dev);
75981
75982 @@ -207,9 +208,10 @@ static int ks_wlan_get_name(struct net_device *dev,
75983 /*------------------------------------------------------------------*/
75984 /* Wireless Handler : set frequency */
75985 static int ks_wlan_set_freq(struct net_device *dev,
75986 - struct iw_request_info *info, struct iw_freq *fwrq,
75987 + struct iw_request_info *info, union iwreq_data *_fwrq,
75988 char *extra)
75989 {
75990 + struct iw_freq *fwrq = &_fwrq->freq;
75991 struct ks_wlan_private *priv =
75992 (struct ks_wlan_private *)netdev_priv(dev);
75993 int rc = -EINPROGRESS; /* Call commit handler */
75994 @@ -255,9 +257,10 @@ static int ks_wlan_set_freq(struct net_device *dev,
75995 /*------------------------------------------------------------------*/
75996 /* Wireless Handler : get frequency */
75997 static int ks_wlan_get_freq(struct net_device *dev,
75998 - struct iw_request_info *info, struct iw_freq *fwrq,
75999 + struct iw_request_info *info, union iwreq_data *_fwrq,
76000 char *extra)
76001 {
76002 + struct iw_freq *fwrq = &_fwrq->freq;
76003 struct ks_wlan_private *priv =
76004 (struct ks_wlan_private *)netdev_priv(dev);
76005 int f;
76006 @@ -280,8 +283,9 @@ static int ks_wlan_get_freq(struct net_device *dev,
76007 /* Wireless Handler : set ESSID */
76008 static int ks_wlan_set_essid(struct net_device *dev,
76009 struct iw_request_info *info,
76010 - struct iw_point *dwrq, char *extra)
76011 + union iwreq_data *_dwrq, char *extra)
76012 {
76013 + struct iw_point *dwrq = &_dwrq->essid;
76014 struct ks_wlan_private *priv =
76015 (struct ks_wlan_private *)netdev_priv(dev);
76016 size_t len;
76017 @@ -340,8 +344,9 @@ static int ks_wlan_set_essid(struct net_device *dev,
76018 /* Wireless Handler : get ESSID */
76019 static int ks_wlan_get_essid(struct net_device *dev,
76020 struct iw_request_info *info,
76021 - struct iw_point *dwrq, char *extra)
76022 + union iwreq_data *_dwrq, char *extra)
76023 {
76024 + struct iw_point *dwrq = &_dwrq->essid;
76025 struct ks_wlan_private *priv =
76026 (struct ks_wlan_private *)netdev_priv(dev);
76027
76028 @@ -383,8 +388,9 @@ static int ks_wlan_get_essid(struct net_device *dev,
76029 /*------------------------------------------------------------------*/
76030 /* Wireless Handler : set AP address */
76031 static int ks_wlan_set_wap(struct net_device *dev, struct iw_request_info *info,
76032 - struct sockaddr *ap_addr, char *extra)
76033 + union iwreq_data *_ap_addr, char *extra)
76034 {
76035 + struct sockaddr *ap_addr = &_ap_addr->ap_addr;
76036 struct ks_wlan_private *priv =
76037 (struct ks_wlan_private *)netdev_priv(dev);
76038
76039 @@ -421,8 +427,9 @@ static int ks_wlan_set_wap(struct net_device *dev, struct iw_request_info *info,
76040 /*------------------------------------------------------------------*/
76041 /* Wireless Handler : get AP address */
76042 static int ks_wlan_get_wap(struct net_device *dev, struct iw_request_info *info,
76043 - struct sockaddr *awrq, char *extra)
76044 + union iwreq_data *_awrq, char *extra)
76045 {
76046 + struct sockaddr *awrq = &_awrq->ap_addr;
76047 struct ks_wlan_private *priv =
76048 (struct ks_wlan_private *)netdev_priv(dev);
76049
76050 @@ -444,9 +451,10 @@ static int ks_wlan_get_wap(struct net_device *dev, struct iw_request_info *info,
76051 /*------------------------------------------------------------------*/
76052 /* Wireless Handler : set Nickname */
76053 static int ks_wlan_set_nick(struct net_device *dev,
76054 - struct iw_request_info *info, struct iw_point *dwrq,
76055 + struct iw_request_info *info, union iwreq_data *_dwrq,
76056 char *extra)
76057 {
76058 + struct iw_point *dwrq = &_dwrq->data;
76059 struct ks_wlan_private *priv =
76060 (struct ks_wlan_private *)netdev_priv(dev);
76061
76062 @@ -468,9 +476,10 @@ static int ks_wlan_set_nick(struct net_device *dev,
76063 /*------------------------------------------------------------------*/
76064 /* Wireless Handler : get Nickname */
76065 static int ks_wlan_get_nick(struct net_device *dev,
76066 - struct iw_request_info *info, struct iw_point *dwrq,
76067 + struct iw_request_info *info, union iwreq_data *_dwrq,
76068 char *extra)
76069 {
76070 + struct iw_point *dwrq = &_dwrq->data;
76071 struct ks_wlan_private *priv =
76072 (struct ks_wlan_private *)netdev_priv(dev);
76073
76074 @@ -488,9 +497,10 @@ static int ks_wlan_get_nick(struct net_device *dev,
76075 /*------------------------------------------------------------------*/
76076 /* Wireless Handler : set Bit-Rate */
76077 static int ks_wlan_set_rate(struct net_device *dev,
76078 - struct iw_request_info *info, struct iw_param *vwrq,
76079 + struct iw_request_info *info, union iwreq_data *_vwrq,
76080 char *extra)
76081 {
76082 + struct iw_param *vwrq = &_vwrq->bitrate;
76083 struct ks_wlan_private *priv =
76084 (struct ks_wlan_private *)netdev_priv(dev);
76085 int i = 0;
76086 @@ -723,9 +733,10 @@ static int ks_wlan_set_rate(struct net_device *dev,
76087 /*------------------------------------------------------------------*/
76088 /* Wireless Handler : get Bit-Rate */
76089 static int ks_wlan_get_rate(struct net_device *dev,
76090 - struct iw_request_info *info, struct iw_param *vwrq,
76091 + struct iw_request_info *info, union iwreq_data *_vwrq,
76092 char *extra)
76093 {
76094 + struct iw_param *vwrq = &_vwrq->bitrate;
76095 struct ks_wlan_private *priv =
76096 (struct ks_wlan_private *)netdev_priv(dev);
76097
76098 @@ -751,8 +762,9 @@ static int ks_wlan_get_rate(struct net_device *dev,
76099 /*------------------------------------------------------------------*/
76100 /* Wireless Handler : set RTS threshold */
76101 static int ks_wlan_set_rts(struct net_device *dev, struct iw_request_info *info,
76102 - struct iw_param *vwrq, char *extra)
76103 + union iwreq_data *_vwrq, char *extra)
76104 {
76105 + struct iw_param *vwrq = &_vwrq->rts;
76106 struct ks_wlan_private *priv =
76107 (struct ks_wlan_private *)netdev_priv(dev);
76108 int rthr = vwrq->value;
76109 @@ -775,8 +787,9 @@ static int ks_wlan_set_rts(struct net_device *dev, struct iw_request_info *info,
76110 /*------------------------------------------------------------------*/
76111 /* Wireless Handler : get RTS threshold */
76112 static int ks_wlan_get_rts(struct net_device *dev, struct iw_request_info *info,
76113 - struct iw_param *vwrq, char *extra)
76114 + union iwreq_data *_vwrq, char *extra)
76115 {
76116 + struct iw_param *vwrq = &_vwrq->rts;
76117 struct ks_wlan_private *priv =
76118 (struct ks_wlan_private *)netdev_priv(dev);
76119
76120 @@ -794,9 +807,10 @@ static int ks_wlan_get_rts(struct net_device *dev, struct iw_request_info *info,
76121 /*------------------------------------------------------------------*/
76122 /* Wireless Handler : set Fragmentation threshold */
76123 static int ks_wlan_set_frag(struct net_device *dev,
76124 - struct iw_request_info *info, struct iw_param *vwrq,
76125 + struct iw_request_info *info, union iwreq_data *_vwrq,
76126 char *extra)
76127 {
76128 + struct iw_param *vwrq =&_vwrq->frag;
76129 struct ks_wlan_private *priv =
76130 (struct ks_wlan_private *)netdev_priv(dev);
76131 int fthr = vwrq->value;
76132 @@ -820,9 +834,10 @@ static int ks_wlan_set_frag(struct net_device *dev,
76133 /*------------------------------------------------------------------*/
76134 /* Wireless Handler : get Fragmentation threshold */
76135 static int ks_wlan_get_frag(struct net_device *dev,
76136 - struct iw_request_info *info, struct iw_param *vwrq,
76137 + struct iw_request_info *info, union iwreq_data *_vwrq,
76138 char *extra)
76139 {
76140 + struct iw_param *vwrq =&_vwrq->frag;
76141 struct ks_wlan_private *priv =
76142 (struct ks_wlan_private *)netdev_priv(dev);
76143
76144 @@ -840,9 +855,10 @@ static int ks_wlan_get_frag(struct net_device *dev,
76145 /*------------------------------------------------------------------*/
76146 /* Wireless Handler : set Mode of Operation */
76147 static int ks_wlan_set_mode(struct net_device *dev,
76148 - struct iw_request_info *info, __u32 * uwrq,
76149 + struct iw_request_info *info, union iwreq_data *_uwrq,
76150 char *extra)
76151 {
76152 + __u32 *uwrq = &_uwrq->mode;
76153 struct ks_wlan_private *priv =
76154 (struct ks_wlan_private *)netdev_priv(dev);
76155
76156 @@ -876,9 +892,10 @@ static int ks_wlan_set_mode(struct net_device *dev,
76157 /*------------------------------------------------------------------*/
76158 /* Wireless Handler : get Mode of Operation */
76159 static int ks_wlan_get_mode(struct net_device *dev,
76160 - struct iw_request_info *info, __u32 * uwrq,
76161 + struct iw_request_info *info, union iwreq_data *_uwrq,
76162 char *extra)
76163 {
76164 + __u32 *uwrq = &_uwrq->mode;
76165 struct ks_wlan_private *priv =
76166 (struct ks_wlan_private *)netdev_priv(dev);
76167
76168 @@ -906,8 +923,9 @@ static int ks_wlan_get_mode(struct net_device *dev,
76169 /* Wireless Handler : set Encryption Key */
76170 static int ks_wlan_set_encode(struct net_device *dev,
76171 struct iw_request_info *info,
76172 - struct iw_point *dwrq, char *extra)
76173 + union iwreq_data *_dwrq, char *extra)
76174 {
76175 + struct iw_point *dwrq = &_dwrq->encoding;
76176 struct ks_wlan_private *priv =
76177 (struct ks_wlan_private *)netdev_priv(dev);
76178
76179 @@ -1024,8 +1042,9 @@ static int ks_wlan_set_encode(struct net_device *dev,
76180 /* Wireless Handler : get Encryption Key */
76181 static int ks_wlan_get_encode(struct net_device *dev,
76182 struct iw_request_info *info,
76183 - struct iw_point *dwrq, char *extra)
76184 + union iwreq_data *_dwrq, char *extra)
76185 {
76186 + struct iw_point *dwrq = &_dwrq->encoding;
76187 struct ks_wlan_private *priv =
76188 (struct ks_wlan_private *)netdev_priv(dev);
76189 char zeros[16];
76190 @@ -1080,7 +1099,7 @@ static int ks_wlan_get_encode(struct net_device *dev,
76191 /* Wireless Handler : set Tx-Power */
76192 static int ks_wlan_set_txpow(struct net_device *dev,
76193 struct iw_request_info *info,
76194 - struct iw_param *vwrq, char *extra)
76195 + union iwreq_data *vwrq, char *extra)
76196 {
76197 return -EOPNOTSUPP; /* Not Support */
76198 }
76199 @@ -1089,8 +1108,10 @@ static int ks_wlan_set_txpow(struct net_device *dev,
76200 /* Wireless Handler : get Tx-Power */
76201 static int ks_wlan_get_txpow(struct net_device *dev,
76202 struct iw_request_info *info,
76203 - struct iw_param *vwrq, char *extra)
76204 + union iwreq_data *_vwrq, char *extra)
76205 {
76206 + struct iw_param *vwrq = &_vwrq->txpower;
76207 +
76208 if (priv->sleep_mode == SLP_SLEEP) {
76209 return -EPERM;
76210 }
76211 @@ -1107,7 +1128,7 @@ static int ks_wlan_get_txpow(struct net_device *dev,
76212 /* Wireless Handler : set Retry limits */
76213 static int ks_wlan_set_retry(struct net_device *dev,
76214 struct iw_request_info *info,
76215 - struct iw_param *vwrq, char *extra)
76216 + union iwreq_data *vwrq, char *extra)
76217 {
76218 return -EOPNOTSUPP; /* Not Support */
76219 }
76220 @@ -1116,8 +1137,10 @@ static int ks_wlan_set_retry(struct net_device *dev,
76221 /* Wireless Handler : get Retry limits */
76222 static int ks_wlan_get_retry(struct net_device *dev,
76223 struct iw_request_info *info,
76224 - struct iw_param *vwrq, char *extra)
76225 + union iwreq_data *_vwrq, char *extra)
76226 {
76227 + struct iw_param *vwrq =&_vwrq->retry;
76228 +
76229 if (priv->sleep_mode == SLP_SLEEP) {
76230 return -EPERM;
76231 }
76232 @@ -1135,8 +1158,9 @@ static int ks_wlan_get_retry(struct net_device *dev,
76233 /* Wireless Handler : get range info */
76234 static int ks_wlan_get_range(struct net_device *dev,
76235 struct iw_request_info *info,
76236 - struct iw_point *dwrq, char *extra)
76237 + union iwreq_data *_dwrq, char *extra)
76238 {
76239 + struct iw_point *dwrq = &_dwrq->data;
76240 struct ks_wlan_private *priv =
76241 (struct ks_wlan_private *)netdev_priv(dev);
76242 struct iw_range *range = (struct iw_range *)extra;
76243 @@ -1266,8 +1290,9 @@ static int ks_wlan_get_range(struct net_device *dev,
76244 /* Wireless Handler : set Power Management */
76245 static int ks_wlan_set_power(struct net_device *dev,
76246 struct iw_request_info *info,
76247 - struct iw_param *vwrq, char *extra)
76248 + union iwreq_data *_vwrq, char *extra)
76249 {
76250 + struct iw_param *vwrq =&_vwrq->power;
76251 struct ks_wlan_private *priv =
76252 (struct ks_wlan_private *)netdev_priv(dev);
76253 short enabled;
76254 @@ -1301,8 +1326,9 @@ static int ks_wlan_set_power(struct net_device *dev,
76255 /* Wireless Handler : get Power Management */
76256 static int ks_wlan_get_power(struct net_device *dev,
76257 struct iw_request_info *info,
76258 - struct iw_param *vwrq, char *extra)
76259 + union iwreq_data *_vwrq, char *extra)
76260 {
76261 + struct iw_param *vwrq =&_vwrq->power;
76262 struct ks_wlan_private *priv =
76263 (struct ks_wlan_private *)netdev_priv(dev);
76264
76265 @@ -1322,8 +1348,9 @@ static int ks_wlan_get_power(struct net_device *dev,
76266 /* Wireless Handler : get wirless statistics */
76267 static int ks_wlan_get_iwstats(struct net_device *dev,
76268 struct iw_request_info *info,
76269 - struct iw_quality *vwrq, char *extra)
76270 + union iwreq_data *_vwrq, char *extra)
76271 {
76272 + struct iw_quality *vwrq = &_vwrq->qual;
76273 struct ks_wlan_private *priv =
76274 (struct ks_wlan_private *)netdev_priv(dev);
76275
76276 @@ -1343,7 +1370,7 @@ static int ks_wlan_get_iwstats(struct net_device *dev,
76277 /*------------------------------------------------------------------*/
76278 /* Wireless Handler : set Sensitivity */
76279 static int ks_wlan_set_sens(struct net_device *dev,
76280 - struct iw_request_info *info, struct iw_param *vwrq,
76281 + struct iw_request_info *info, union iwreq_data *vwrq,
76282 char *extra)
76283 {
76284 return -EOPNOTSUPP; /* Not Support */
76285 @@ -1352,9 +1379,11 @@ static int ks_wlan_set_sens(struct net_device *dev,
76286 /*------------------------------------------------------------------*/
76287 /* Wireless Handler : get Sensitivity */
76288 static int ks_wlan_get_sens(struct net_device *dev,
76289 - struct iw_request_info *info, struct iw_param *vwrq,
76290 + struct iw_request_info *info, union iwreq_data *_vwrq,
76291 char *extra)
76292 {
76293 + struct iw_param *vwrq = &_vwrq->sens;
76294 +
76295 /* Not Support */
76296 vwrq->value = 0;
76297 vwrq->disabled = (vwrq->value == 0);
76298 @@ -1368,8 +1397,9 @@ static int ks_wlan_get_sens(struct net_device *dev,
76299 /* Note : this is deprecated in favor of IWSCAN */
76300 static int ks_wlan_get_aplist(struct net_device *dev,
76301 struct iw_request_info *info,
76302 - struct iw_point *dwrq, char *extra)
76303 + union iwreq_data *_dwrq, char *extra)
76304 {
76305 + struct iw_point *dwrq = &_dwrq->data;
76306 struct ks_wlan_private *priv =
76307 (struct ks_wlan_private *)netdev_priv(dev);
76308 struct sockaddr *address = (struct sockaddr *)extra;
76309 @@ -1596,9 +1626,10 @@ static inline char *ks_wlan_translate_scan(struct net_device *dev,
76310 /*------------------------------------------------------------------*/
76311 /* Wireless Handler : Read Scan Results */
76312 static int ks_wlan_get_scan(struct net_device *dev,
76313 - struct iw_request_info *info, struct iw_point *dwrq,
76314 + struct iw_request_info *info, union iwreq_data *_dwrq,
76315 char *extra)
76316 {
76317 + struct iw_point *dwrq = &_dwrq->data;
76318 struct ks_wlan_private *priv =
76319 (struct ks_wlan_private *)netdev_priv(dev);
76320 int i;
76321 @@ -1655,7 +1686,7 @@ static int ks_wlan_get_scan(struct net_device *dev,
76322 /*------------------------------------------------------------------*/
76323 /* Commit handler : called after a bunch of SET operations */
76324 static int ks_wlan_config_commit(struct net_device *dev,
76325 - struct iw_request_info *info, void *zwrq,
76326 + struct iw_request_info *info, union iwreq_data *zwrq,
76327 char *extra)
76328 {
76329 struct ks_wlan_private *priv =
76330 @@ -1673,8 +1704,9 @@ static int ks_wlan_config_commit(struct net_device *dev,
76331 /* Wireless handler : set association ie params */
76332 static int ks_wlan_set_genie(struct net_device *dev,
76333 struct iw_request_info *info,
76334 - struct iw_point *dwrq, char *extra)
76335 + union iwreq_data *_dwrq, char *extra)
76336 {
76337 + struct iw_point *dwrq =&_dwrq->data;
76338 struct ks_wlan_private *priv =
76339 (struct ks_wlan_private *)netdev_priv(dev);
76340
76341 @@ -1692,8 +1724,9 @@ static int ks_wlan_set_genie(struct net_device *dev,
76342 /* Wireless handler : set authentication mode params */
76343 static int ks_wlan_set_auth_mode(struct net_device *dev,
76344 struct iw_request_info *info,
76345 - struct iw_param *vwrq, char *extra)
76346 + union iwreq_data *_vwrq, char *extra)
76347 {
76348 + struct iw_param *vwrq = &_vwrq->param;
76349 struct ks_wlan_private *priv =
76350 (struct ks_wlan_private *)netdev_priv(dev);
76351 int index = (vwrq->flags & IW_AUTH_INDEX);
76352 @@ -1832,8 +1865,9 @@ static int ks_wlan_set_auth_mode(struct net_device *dev,
76353 /* Wireless handler : get authentication mode params */
76354 static int ks_wlan_get_auth_mode(struct net_device *dev,
76355 struct iw_request_info *info,
76356 - struct iw_param *vwrq, char *extra)
76357 + union iwreq_data *_vwrq, char *extra)
76358 {
76359 + struct iw_param *vwrq = &_vwrq->param;
76360 struct ks_wlan_private *priv =
76361 (struct ks_wlan_private *)netdev_priv(dev);
76362 int index = (vwrq->flags & IW_AUTH_INDEX);
76363 @@ -1878,8 +1912,9 @@ static int ks_wlan_get_auth_mode(struct net_device *dev,
76364 /* Wireless Handler : set encoding token & mode (WPA)*/
76365 static int ks_wlan_set_encode_ext(struct net_device *dev,
76366 struct iw_request_info *info,
76367 - struct iw_point *dwrq, char *extra)
76368 + union iwreq_data *_dwrq, char *extra)
76369 {
76370 + struct iw_point *dwrq = &_dwrq->encoding;
76371 struct ks_wlan_private *priv =
76372 (struct ks_wlan_private *)netdev_priv(dev);
76373 struct iw_encode_ext *enc;
76374 @@ -1986,8 +2021,9 @@ static int ks_wlan_set_encode_ext(struct net_device *dev,
76375 /* Wireless Handler : get encoding token & mode (WPA)*/
76376 static int ks_wlan_get_encode_ext(struct net_device *dev,
76377 struct iw_request_info *info,
76378 - struct iw_point *dwrq, char *extra)
76379 + union iwreq_data *_dwrq, char *extra)
76380 {
76381 + struct iw_point *dwrq = &_dwrq->encoding;
76382 struct ks_wlan_private *priv =
76383 (struct ks_wlan_private *)netdev_priv(dev);
76384
76385 @@ -2009,8 +2045,9 @@ static int ks_wlan_get_encode_ext(struct net_device *dev,
76386 /* Wireless Handler : PMKSA cache operation (WPA2) */
76387 static int ks_wlan_set_pmksa(struct net_device *dev,
76388 struct iw_request_info *info,
76389 - struct iw_point *dwrq, char *extra)
76390 + union iwreq_data *_dwrq, char *extra)
76391 {
76392 + struct iw_point *dwrq = &_dwrq->data;
76393 struct ks_wlan_private *priv =
76394 (struct ks_wlan_private *)netdev_priv(dev);
76395 struct iw_pmksa *pmksa;
76396 @@ -2168,9 +2205,10 @@ static int ks_wlan_set_stop_request(struct net_device *dev,
76397 /* Wireless Handler : set MLME */
76398 #include <linux/ieee80211.h>
76399 static int ks_wlan_set_mlme(struct net_device *dev,
76400 - struct iw_request_info *info, struct iw_point *dwrq,
76401 + struct iw_request_info *info, union iwreq_data *_dwrq,
76402 char *extra)
76403 {
76404 + struct iw_point *dwrq = &_dwrq->data;
76405 struct ks_wlan_private *priv =
76406 (struct ks_wlan_private *)netdev_priv(dev);
76407 struct iw_mlme *mlme = (struct iw_mlme *)extra;
76408 @@ -2199,8 +2237,9 @@ static int ks_wlan_set_mlme(struct net_device *dev,
76409 /* Private handler : get firemware version */
76410 static int ks_wlan_get_firmware_version(struct net_device *dev,
76411 struct iw_request_info *info,
76412 - struct iw_point *dwrq, char *extra)
76413 + union iwreq_data *_dwrq, char *extra)
76414 {
76415 + struct iw_point *dwrq = &_dwrq->data;
76416 struct ks_wlan_private *priv =
76417 (struct ks_wlan_private *)netdev_priv(dev);
76418 strcpy(extra, &(priv->firmware_version[0]));
76419 @@ -2270,9 +2309,10 @@ static int ks_wlan_get_connect(struct net_device *dev,
76420 /*------------------------------------------------------------------*/
76421 /* Private handler : set preamble */
76422 static int ks_wlan_set_preamble(struct net_device *dev,
76423 - struct iw_request_info *info, __u32 * uwrq,
76424 + struct iw_request_info *info, union iwreq_data *_uwrq,
76425 char *extra)
76426 {
76427 + __u32 *uwrq = &_uwrq->mode;
76428 struct ks_wlan_private *priv =
76429 (struct ks_wlan_private *)netdev_priv(dev);
76430
76431 @@ -2295,9 +2335,10 @@ static int ks_wlan_set_preamble(struct net_device *dev,
76432 /*------------------------------------------------------------------*/
76433 /* Private handler : get preamble */
76434 static int ks_wlan_get_preamble(struct net_device *dev,
76435 - struct iw_request_info *info, __u32 * uwrq,
76436 + struct iw_request_info *info, union iwreq_data *_uwrq,
76437 char *extra)
76438 {
76439 + __u32 *uwrq = &_uwrq->mode;
76440 struct ks_wlan_private *priv =
76441 (struct ks_wlan_private *)netdev_priv(dev);
76442
76443 @@ -2312,9 +2353,10 @@ static int ks_wlan_get_preamble(struct net_device *dev,
76444 /*------------------------------------------------------------------*/
76445 /* Private handler : set power save mode */
76446 static int ks_wlan_set_powermgt(struct net_device *dev,
76447 - struct iw_request_info *info, __u32 * uwrq,
76448 + struct iw_request_info *info, union iwreq_data *_uwrq,
76449 char *extra)
76450 {
76451 + __u32 *uwrq = &_uwrq->mode;
76452 struct ks_wlan_private *priv =
76453 (struct ks_wlan_private *)netdev_priv(dev);
76454
76455 @@ -2345,9 +2387,10 @@ static int ks_wlan_set_powermgt(struct net_device *dev,
76456 /*------------------------------------------------------------------*/
76457 /* Private handler : get power save made */
76458 static int ks_wlan_get_powermgt(struct net_device *dev,
76459 - struct iw_request_info *info, __u32 * uwrq,
76460 + struct iw_request_info *info, union iwreq_data *_uwrq,
76461 char *extra)
76462 {
76463 + __u32 *uwrq = &_uwrq->mode;
76464 struct ks_wlan_private *priv =
76465 (struct ks_wlan_private *)netdev_priv(dev);
76466
76467 @@ -2362,9 +2405,10 @@ static int ks_wlan_get_powermgt(struct net_device *dev,
76468 /*------------------------------------------------------------------*/
76469 /* Private handler : set scan type */
76470 static int ks_wlan_set_scan_type(struct net_device *dev,
76471 - struct iw_request_info *info, __u32 * uwrq,
76472 + struct iw_request_info *info, union iwreq_data *_uwrq,
76473 char *extra)
76474 {
76475 + __u32 *uwrq = &_uwrq->mode;
76476 struct ks_wlan_private *priv =
76477 (struct ks_wlan_private *)netdev_priv(dev);
76478
76479 @@ -2385,9 +2429,10 @@ static int ks_wlan_set_scan_type(struct net_device *dev,
76480 /*------------------------------------------------------------------*/
76481 /* Private handler : get scan type */
76482 static int ks_wlan_get_scan_type(struct net_device *dev,
76483 - struct iw_request_info *info, __u32 * uwrq,
76484 + struct iw_request_info *info, union iwreq_data *_uwrq,
76485 char *extra)
76486 {
76487 + __u32 *uwrq = &_uwrq->mode;
76488 struct ks_wlan_private *priv =
76489 (struct ks_wlan_private *)netdev_priv(dev);
76490
76491 @@ -2536,9 +2581,10 @@ static int ks_wlan_get_wep_ascii(struct net_device *dev,
76492 /*------------------------------------------------------------------*/
76493 /* Private handler : set beacon lost count */
76494 static int ks_wlan_set_beacon_lost(struct net_device *dev,
76495 - struct iw_request_info *info, __u32 * uwrq,
76496 + struct iw_request_info *info, union iwreq_data *_uwrq,
76497 char *extra)
76498 {
76499 + __u32 *uwrq = &_uwrq->mode;
76500 struct ks_wlan_private *priv =
76501 (struct ks_wlan_private *)netdev_priv(dev);
76502
76503 @@ -2561,9 +2607,10 @@ static int ks_wlan_set_beacon_lost(struct net_device *dev,
76504 /*------------------------------------------------------------------*/
76505 /* Private handler : get beacon lost count */
76506 static int ks_wlan_get_beacon_lost(struct net_device *dev,
76507 - struct iw_request_info *info, __u32 * uwrq,
76508 + struct iw_request_info *info, union iwreq_data *_uwrq,
76509 char *extra)
76510 {
76511 + __u32 *uwrq = &_uwrq->mode;
76512 struct ks_wlan_private *priv =
76513 (struct ks_wlan_private *)netdev_priv(dev);
76514
76515 @@ -2578,9 +2625,10 @@ static int ks_wlan_get_beacon_lost(struct net_device *dev,
76516 /*------------------------------------------------------------------*/
76517 /* Private handler : set phy type */
76518 static int ks_wlan_set_phy_type(struct net_device *dev,
76519 - struct iw_request_info *info, __u32 * uwrq,
76520 + struct iw_request_info *info, union iwreq_data *_uwrq,
76521 char *extra)
76522 {
76523 + __u32 *uwrq = &_uwrq->mode;
76524 struct ks_wlan_private *priv =
76525 (struct ks_wlan_private *)netdev_priv(dev);
76526
76527 @@ -2604,9 +2652,10 @@ static int ks_wlan_set_phy_type(struct net_device *dev,
76528 /*------------------------------------------------------------------*/
76529 /* Private handler : get phy type */
76530 static int ks_wlan_get_phy_type(struct net_device *dev,
76531 - struct iw_request_info *info, __u32 * uwrq,
76532 + struct iw_request_info *info, union iwreq_data *_uwrq,
76533 char *extra)
76534 {
76535 + __u32 *uwrq = &_uwrq->mode;
76536 struct ks_wlan_private *priv =
76537 (struct ks_wlan_private *)netdev_priv(dev);
76538
76539 @@ -2621,9 +2670,10 @@ static int ks_wlan_get_phy_type(struct net_device *dev,
76540 /*------------------------------------------------------------------*/
76541 /* Private handler : set cts mode */
76542 static int ks_wlan_set_cts_mode(struct net_device *dev,
76543 - struct iw_request_info *info, __u32 * uwrq,
76544 + struct iw_request_info *info, union iwreq_data *_uwrq,
76545 char *extra)
76546 {
76547 + __u32 *uwrq = &_uwrq->mode;
76548 struct ks_wlan_private *priv =
76549 (struct ks_wlan_private *)netdev_priv(dev);
76550
76551 @@ -2649,9 +2699,10 @@ static int ks_wlan_set_cts_mode(struct net_device *dev,
76552 /*------------------------------------------------------------------*/
76553 /* Private handler : get cts mode */
76554 static int ks_wlan_get_cts_mode(struct net_device *dev,
76555 - struct iw_request_info *info, __u32 * uwrq,
76556 + struct iw_request_info *info, union iwreq_data *_uwrq,
76557 char *extra)
76558 {
76559 + __u32 *uwrq = &_uwrq->mode;
76560 struct ks_wlan_private *priv =
76561 (struct ks_wlan_private *)netdev_priv(dev);
76562
76563 @@ -2667,8 +2718,9 @@ static int ks_wlan_get_cts_mode(struct net_device *dev,
76564 /* Private handler : set sleep mode */
76565 static int ks_wlan_set_sleep_mode(struct net_device *dev,
76566 struct iw_request_info *info,
76567 - __u32 * uwrq, char *extra)
76568 + union iwreq_data *_uwrq, char *extra)
76569 {
76570 + __u32 *uwrq = &_uwrq->mode;
76571 struct ks_wlan_private *priv =
76572 (struct ks_wlan_private *)netdev_priv(dev);
76573
76574 @@ -2697,8 +2749,9 @@ static int ks_wlan_set_sleep_mode(struct net_device *dev,
76575 /* Private handler : get sleep mode */
76576 static int ks_wlan_get_sleep_mode(struct net_device *dev,
76577 struct iw_request_info *info,
76578 - __u32 * uwrq, char *extra)
76579 + union iwreq_data *_uwrq, char *extra)
76580 {
76581 + __u32 *uwrq = &_uwrq->mode;
76582 struct ks_wlan_private *priv =
76583 (struct ks_wlan_private *)netdev_priv(dev);
76584
76585 @@ -2752,9 +2805,10 @@ static int ks_wlan_get_phy_information_timer(struct net_device *dev,
76586 /*------------------------------------------------------------------*/
76587 /* Private handler : set WPS enable */
76588 static int ks_wlan_set_wps_enable(struct net_device *dev,
76589 - struct iw_request_info *info, __u32 * uwrq,
76590 + struct iw_request_info *info, union iwreq_data *_uwrq,
76591 char *extra)
76592 {
76593 + __u32 *uwrq = &_uwrq->mode;
76594 struct ks_wlan_private *priv =
76595 (struct ks_wlan_private *)netdev_priv(dev);
76596 DPRINTK(2, "\n");
76597 @@ -2776,9 +2830,10 @@ static int ks_wlan_set_wps_enable(struct net_device *dev,
76598 /*------------------------------------------------------------------*/
76599 /* Private handler : get WPS enable */
76600 static int ks_wlan_get_wps_enable(struct net_device *dev,
76601 - struct iw_request_info *info, __u32 * uwrq,
76602 + struct iw_request_info *info, union iwreq_data *_uwrq,
76603 char *extra)
76604 {
76605 + __u32 *uwrq = &_uwrq->mode;
76606 struct ks_wlan_private *priv =
76607 (struct ks_wlan_private *)netdev_priv(dev);
76608 DPRINTK(2, "\n");
76609 @@ -2797,8 +2852,9 @@ static int ks_wlan_get_wps_enable(struct net_device *dev,
76610 /* Private handler : set WPS probe req */
76611 static int ks_wlan_set_wps_probe_req(struct net_device *dev,
76612 struct iw_request_info *info,
76613 - struct iw_point *dwrq, char *extra)
76614 + union iwreq_data *_dwrq, char *extra)
76615 {
76616 + struct iw_point *dwrq = &_dwrq->data;
76617 uint8_t *p = extra;
76618 unsigned char len;
76619 struct ks_wlan_private *priv =
76620 @@ -2855,9 +2911,10 @@ static int ks_wlan_get_wps_probe_req(struct net_device *dev,
76621 /*------------------------------------------------------------------*/
76622 /* Private handler : set tx gain control value */
76623 static int ks_wlan_set_tx_gain(struct net_device *dev,
76624 - struct iw_request_info *info, __u32 * uwrq,
76625 + struct iw_request_info *info, union iwreq_data *_uwrq,
76626 char *extra)
76627 {
76628 + __u32 *uwrq = &_uwrq->mode;
76629 struct ks_wlan_private *priv =
76630 (struct ks_wlan_private *)netdev_priv(dev);
76631
76632 @@ -2882,9 +2939,10 @@ static int ks_wlan_set_tx_gain(struct net_device *dev,
76633 /*------------------------------------------------------------------*/
76634 /* Private handler : get tx gain control value */
76635 static int ks_wlan_get_tx_gain(struct net_device *dev,
76636 - struct iw_request_info *info, __u32 * uwrq,
76637 + struct iw_request_info *info, union iwreq_data *_uwrq,
76638 char *extra)
76639 {
76640 + __u32 *uwrq = &_uwrq->mode;
76641 struct ks_wlan_private *priv =
76642 (struct ks_wlan_private *)netdev_priv(dev);
76643
76644 @@ -2900,9 +2958,10 @@ static int ks_wlan_get_tx_gain(struct net_device *dev,
76645 /*------------------------------------------------------------------*/
76646 /* Private handler : set rx gain control value */
76647 static int ks_wlan_set_rx_gain(struct net_device *dev,
76648 - struct iw_request_info *info, __u32 * uwrq,
76649 + struct iw_request_info *info, union iwreq_data *_uwrq,
76650 char *extra)
76651 {
76652 + __u32 *uwrq = &_uwrq->mode;
76653 struct ks_wlan_private *priv =
76654 (struct ks_wlan_private *)netdev_priv(dev);
76655
76656 @@ -2927,9 +2986,10 @@ static int ks_wlan_set_rx_gain(struct net_device *dev,
76657 /*------------------------------------------------------------------*/
76658 /* Private handler : get rx gain control value */
76659 static int ks_wlan_get_rx_gain(struct net_device *dev,
76660 - struct iw_request_info *info, __u32 * uwrq,
76661 + struct iw_request_info *info, union iwreq_data *_uwrq,
76662 char *extra)
76663 {
76664 + __u32 *uwrq = &_uwrq->mode;
76665 struct ks_wlan_private *priv =
76666 (struct ks_wlan_private *)netdev_priv(dev);
76667
76668 @@ -2968,9 +3028,10 @@ static int ks_wlan_set_region(struct net_device *dev,
76669 /*------------------------------------------------------------------*/
76670 /* Private handler : get eeprom checksum result */
76671 static int ks_wlan_get_eeprom_cksum(struct net_device *dev,
76672 - struct iw_request_info *info, __u32 * uwrq,
76673 + struct iw_request_info *info, union iwreq_data *_uwrq,
76674 char *extra)
76675 {
76676 + __u32 *uwrq = &_uwrq->mode;
76677 struct ks_wlan_private *priv =
76678 (struct ks_wlan_private *)netdev_priv(dev);
76679
76680 @@ -3095,8 +3156,9 @@ static void print_hif_event(int event)
76681 /*------------------------------------------------------------------*/
76682 /* Private handler : get host command history */
76683 static int ks_wlan_hostt(struct net_device *dev, struct iw_request_info *info,
76684 - __u32 * uwrq, char *extra)
76685 + union iwreq_data *_uwrq, char *extra)
76686 {
76687 + __u32 *uwrq = &_uwrq->mode;
76688 int i, event;
76689 struct ks_wlan_private *priv =
76690 (struct ks_wlan_private *)netdev_priv(dev);
76691 @@ -3167,119 +3229,119 @@ static const struct iw_priv_args ks_wlan_private_args[] = {
76692 };
76693
76694 static const iw_handler ks_wlan_handler[] = {
76695 - (iw_handler) ks_wlan_config_commit, /* SIOCSIWCOMMIT */
76696 - (iw_handler) ks_wlan_get_name, /* SIOCGIWNAME */
76697 - (iw_handler) NULL, /* SIOCSIWNWID */
76698 - (iw_handler) NULL, /* SIOCGIWNWID */
76699 - (iw_handler) ks_wlan_set_freq, /* SIOCSIWFREQ */
76700 - (iw_handler) ks_wlan_get_freq, /* SIOCGIWFREQ */
76701 - (iw_handler) ks_wlan_set_mode, /* SIOCSIWMODE */
76702 - (iw_handler) ks_wlan_get_mode, /* SIOCGIWMODE */
76703 + ks_wlan_config_commit, /* SIOCSIWCOMMIT */
76704 + ks_wlan_get_name, /* SIOCGIWNAME */
76705 + NULL, /* SIOCSIWNWID */
76706 + NULL, /* SIOCGIWNWID */
76707 + ks_wlan_set_freq, /* SIOCSIWFREQ */
76708 + ks_wlan_get_freq, /* SIOCGIWFREQ */
76709 + ks_wlan_set_mode, /* SIOCSIWMODE */
76710 + ks_wlan_get_mode, /* SIOCGIWMODE */
76711 #ifndef KSC_OPNOTSUPP
76712 - (iw_handler) ks_wlan_set_sens, /* SIOCSIWSENS */
76713 - (iw_handler) ks_wlan_get_sens, /* SIOCGIWSENS */
76714 + ks_wlan_set_sens, /* SIOCSIWSENS */
76715 + ks_wlan_get_sens, /* SIOCGIWSENS */
76716 #else /* KSC_OPNOTSUPP */
76717 - (iw_handler) NULL, /* SIOCSIWSENS */
76718 - (iw_handler) NULL, /* SIOCGIWSENS */
76719 + NULL, /* SIOCSIWSENS */
76720 + NULL, /* SIOCGIWSENS */
76721 #endif /* KSC_OPNOTSUPP */
76722 - (iw_handler) NULL, /* SIOCSIWRANGE */
76723 - (iw_handler) ks_wlan_get_range, /* SIOCGIWRANGE */
76724 - (iw_handler) NULL, /* SIOCSIWPRIV */
76725 - (iw_handler) NULL, /* SIOCGIWPRIV */
76726 - (iw_handler) NULL, /* SIOCSIWSTATS */
76727 - (iw_handler) ks_wlan_get_iwstats, /* SIOCGIWSTATS */
76728 - (iw_handler) NULL, /* SIOCSIWSPY */
76729 - (iw_handler) NULL, /* SIOCGIWSPY */
76730 - (iw_handler) NULL, /* SIOCSIWTHRSPY */
76731 - (iw_handler) NULL, /* SIOCGIWTHRSPY */
76732 - (iw_handler) ks_wlan_set_wap, /* SIOCSIWAP */
76733 - (iw_handler) ks_wlan_get_wap, /* SIOCGIWAP */
76734 -// (iw_handler) NULL, /* SIOCSIWMLME */
76735 - (iw_handler) ks_wlan_set_mlme, /* SIOCSIWMLME */
76736 - (iw_handler) ks_wlan_get_aplist, /* SIOCGIWAPLIST */
76737 - (iw_handler) ks_wlan_set_scan, /* SIOCSIWSCAN */
76738 - (iw_handler) ks_wlan_get_scan, /* SIOCGIWSCAN */
76739 - (iw_handler) ks_wlan_set_essid, /* SIOCSIWESSID */
76740 - (iw_handler) ks_wlan_get_essid, /* SIOCGIWESSID */
76741 - (iw_handler) ks_wlan_set_nick, /* SIOCSIWNICKN */
76742 - (iw_handler) ks_wlan_get_nick, /* SIOCGIWNICKN */
76743 - (iw_handler) NULL, /* -- hole -- */
76744 - (iw_handler) NULL, /* -- hole -- */
76745 - (iw_handler) ks_wlan_set_rate, /* SIOCSIWRATE */
76746 - (iw_handler) ks_wlan_get_rate, /* SIOCGIWRATE */
76747 - (iw_handler) ks_wlan_set_rts, /* SIOCSIWRTS */
76748 - (iw_handler) ks_wlan_get_rts, /* SIOCGIWRTS */
76749 - (iw_handler) ks_wlan_set_frag, /* SIOCSIWFRAG */
76750 - (iw_handler) ks_wlan_get_frag, /* SIOCGIWFRAG */
76751 + NULL, /* SIOCSIWRANGE */
76752 + ks_wlan_get_range, /* SIOCGIWRANGE */
76753 + NULL, /* SIOCSIWPRIV */
76754 + NULL, /* SIOCGIWPRIV */
76755 + NULL, /* SIOCSIWSTATS */
76756 + ks_wlan_get_iwstats, /* SIOCGIWSTATS */
76757 + NULL, /* SIOCSIWSPY */
76758 + NULL, /* SIOCGIWSPY */
76759 + NULL, /* SIOCSIWTHRSPY */
76760 + NULL, /* SIOCGIWTHRSPY */
76761 + ks_wlan_set_wap, /* SIOCSIWAP */
76762 + ks_wlan_get_wap, /* SIOCGIWAP */
76763 +// NULL, /* SIOCSIWMLME */
76764 + ks_wlan_set_mlme, /* SIOCSIWMLME */
76765 + ks_wlan_get_aplist, /* SIOCGIWAPLIST */
76766 + ks_wlan_set_scan, /* SIOCSIWSCAN */
76767 + ks_wlan_get_scan, /* SIOCGIWSCAN */
76768 + ks_wlan_set_essid, /* SIOCSIWESSID */
76769 + ks_wlan_get_essid, /* SIOCGIWESSID */
76770 + ks_wlan_set_nick, /* SIOCSIWNICKN */
76771 + ks_wlan_get_nick, /* SIOCGIWNICKN */
76772 + NULL, /* -- hole -- */
76773 + NULL, /* -- hole -- */
76774 + ks_wlan_set_rate, /* SIOCSIWRATE */
76775 + ks_wlan_get_rate, /* SIOCGIWRATE */
76776 + ks_wlan_set_rts, /* SIOCSIWRTS */
76777 + ks_wlan_get_rts, /* SIOCGIWRTS */
76778 + ks_wlan_set_frag, /* SIOCSIWFRAG */
76779 + ks_wlan_get_frag, /* SIOCGIWFRAG */
76780 #ifndef KSC_OPNOTSUPP
76781 - (iw_handler) ks_wlan_set_txpow, /* SIOCSIWTXPOW */
76782 - (iw_handler) ks_wlan_get_txpow, /* SIOCGIWTXPOW */
76783 - (iw_handler) ks_wlan_set_retry, /* SIOCSIWRETRY */
76784 - (iw_handler) ks_wlan_get_retry, /* SIOCGIWRETRY */
76785 + ks_wlan_set_txpow, /* SIOCSIWTXPOW */
76786 + ks_wlan_get_txpow, /* SIOCGIWTXPOW */
76787 + ks_wlan_set_retry, /* SIOCSIWRETRY */
76788 + ks_wlan_get_retry, /* SIOCGIWRETRY */
76789 #else /* KSC_OPNOTSUPP */
76790 - (iw_handler) NULL, /* SIOCSIWTXPOW */
76791 - (iw_handler) NULL, /* SIOCGIWTXPOW */
76792 - (iw_handler) NULL, /* SIOCSIWRETRY */
76793 - (iw_handler) NULL, /* SIOCGIWRETRY */
76794 + NULL, /* SIOCSIWTXPOW */
76795 + NULL, /* SIOCGIWTXPOW */
76796 + NULL, /* SIOCSIWRETRY */
76797 + NULL, /* SIOCGIWRETRY */
76798 #endif /* KSC_OPNOTSUPP */
76799 - (iw_handler) ks_wlan_set_encode, /* SIOCSIWENCODE */
76800 - (iw_handler) ks_wlan_get_encode, /* SIOCGIWENCODE */
76801 - (iw_handler) ks_wlan_set_power, /* SIOCSIWPOWER */
76802 - (iw_handler) ks_wlan_get_power, /* SIOCGIWPOWER */
76803 - (iw_handler) NULL, /* -- hole -- */
76804 - (iw_handler) NULL, /* -- hole -- */
76805 -// (iw_handler) NULL, /* SIOCSIWGENIE */
76806 - (iw_handler) ks_wlan_set_genie, /* SIOCSIWGENIE */
76807 - (iw_handler) NULL, /* SIOCGIWGENIE */
76808 - (iw_handler) ks_wlan_set_auth_mode, /* SIOCSIWAUTH */
76809 - (iw_handler) ks_wlan_get_auth_mode, /* SIOCGIWAUTH */
76810 - (iw_handler) ks_wlan_set_encode_ext, /* SIOCSIWENCODEEXT */
76811 - (iw_handler) ks_wlan_get_encode_ext, /* SIOCGIWENCODEEXT */
76812 - (iw_handler) ks_wlan_set_pmksa, /* SIOCSIWPMKSA */
76813 - (iw_handler) NULL, /* -- hole -- */
76814 + ks_wlan_set_encode, /* SIOCSIWENCODE */
76815 + ks_wlan_get_encode, /* SIOCGIWENCODE */
76816 + ks_wlan_set_power, /* SIOCSIWPOWER */
76817 + ks_wlan_get_power, /* SIOCGIWPOWER */
76818 + NULL, /* -- hole -- */
76819 + NULL, /* -- hole -- */
76820 +// NULL, /* SIOCSIWGENIE */
76821 + ks_wlan_set_genie, /* SIOCSIWGENIE */
76822 + NULL, /* SIOCGIWGENIE */
76823 + ks_wlan_set_auth_mode, /* SIOCSIWAUTH */
76824 + ks_wlan_get_auth_mode, /* SIOCGIWAUTH */
76825 + ks_wlan_set_encode_ext, /* SIOCSIWENCODEEXT */
76826 + ks_wlan_get_encode_ext, /* SIOCGIWENCODEEXT */
76827 + ks_wlan_set_pmksa, /* SIOCSIWPMKSA */
76828 + NULL, /* -- hole -- */
76829 };
76830
76831 /* private_handler */
76832 static const iw_handler ks_wlan_private_handler[] = {
76833 - (iw_handler) NULL, /* 0 */
76834 - (iw_handler) NULL, /* 1, used to be: KS_WLAN_GET_DRIVER_VERSION */
76835 - (iw_handler) NULL, /* 2 */
76836 - (iw_handler) ks_wlan_get_firmware_version, /* 3 KS_WLAN_GET_FIRM_VERSION */
76837 + NULL, /* 0 */
76838 + NULL, /* 1, used to be: KS_WLAN_GET_DRIVER_VERSION */
76839 + NULL, /* 2 */
76840 + ks_wlan_get_firmware_version, /* 3 KS_WLAN_GET_FIRM_VERSION */
76841 #ifdef WPS
76842 - (iw_handler) ks_wlan_set_wps_enable, /* 4 KS_WLAN_SET_WPS_ENABLE */
76843 - (iw_handler) ks_wlan_get_wps_enable, /* 5 KS_WLAN_GET_WPS_ENABLE */
76844 - (iw_handler) ks_wlan_set_wps_probe_req, /* 6 KS_WLAN_SET_WPS_PROBE_REQ */
76845 + ks_wlan_set_wps_enable, /* 4 KS_WLAN_SET_WPS_ENABLE */
76846 + ks_wlan_get_wps_enable, /* 5 KS_WLAN_GET_WPS_ENABLE */
76847 + ks_wlan_set_wps_probe_req, /* 6 KS_WLAN_SET_WPS_PROBE_REQ */
76848 #else
76849 - (iw_handler) NULL, /* 4 */
76850 - (iw_handler) NULL, /* 5 */
76851 - (iw_handler) NULL, /* 6 */
76852 + NULL, /* 4 */
76853 + NULL, /* 5 */
76854 + NULL, /* 6 */
76855 #endif /* WPS */
76856
76857 - (iw_handler) ks_wlan_get_eeprom_cksum, /* 7 KS_WLAN_GET_CONNECT */
76858 - (iw_handler) ks_wlan_set_preamble, /* 8 KS_WLAN_SET_PREAMBLE */
76859 - (iw_handler) ks_wlan_get_preamble, /* 9 KS_WLAN_GET_PREAMBLE */
76860 - (iw_handler) ks_wlan_set_powermgt, /* 10 KS_WLAN_SET_POWER_SAVE */
76861 - (iw_handler) ks_wlan_get_powermgt, /* 11 KS_WLAN_GET_POWER_SAVE */
76862 - (iw_handler) ks_wlan_set_scan_type, /* 12 KS_WLAN_SET_SCAN_TYPE */
76863 - (iw_handler) ks_wlan_get_scan_type, /* 13 KS_WLAN_GET_SCAN_TYPE */
76864 - (iw_handler) ks_wlan_set_rx_gain, /* 14 KS_WLAN_SET_RX_GAIN */
76865 - (iw_handler) ks_wlan_get_rx_gain, /* 15 KS_WLAN_GET_RX_GAIN */
76866 - (iw_handler) ks_wlan_hostt, /* 16 KS_WLAN_HOSTT */
76867 - (iw_handler) NULL, /* 17 */
76868 - (iw_handler) ks_wlan_set_beacon_lost, /* 18 KS_WLAN_SET_BECAN_LOST */
76869 - (iw_handler) ks_wlan_get_beacon_lost, /* 19 KS_WLAN_GET_BECAN_LOST */
76870 - (iw_handler) ks_wlan_set_tx_gain, /* 20 KS_WLAN_SET_TX_GAIN */
76871 - (iw_handler) ks_wlan_get_tx_gain, /* 21 KS_WLAN_GET_TX_GAIN */
76872 - (iw_handler) ks_wlan_set_phy_type, /* 22 KS_WLAN_SET_PHY_TYPE */
76873 - (iw_handler) ks_wlan_get_phy_type, /* 23 KS_WLAN_GET_PHY_TYPE */
76874 - (iw_handler) ks_wlan_set_cts_mode, /* 24 KS_WLAN_SET_CTS_MODE */
76875 - (iw_handler) ks_wlan_get_cts_mode, /* 25 KS_WLAN_GET_CTS_MODE */
76876 - (iw_handler) NULL, /* 26 */
76877 - (iw_handler) NULL, /* 27 */
76878 - (iw_handler) ks_wlan_set_sleep_mode, /* 28 KS_WLAN_SET_SLEEP_MODE */
76879 - (iw_handler) ks_wlan_get_sleep_mode, /* 29 KS_WLAN_GET_SLEEP_MODE */
76880 - (iw_handler) NULL, /* 30 */
76881 - (iw_handler) NULL, /* 31 */
76882 + ks_wlan_get_eeprom_cksum, /* 7 KS_WLAN_GET_CONNECT */
76883 + ks_wlan_set_preamble, /* 8 KS_WLAN_SET_PREAMBLE */
76884 + ks_wlan_get_preamble, /* 9 KS_WLAN_GET_PREAMBLE */
76885 + ks_wlan_set_powermgt, /* 10 KS_WLAN_SET_POWER_SAVE */
76886 + ks_wlan_get_powermgt, /* 11 KS_WLAN_GET_POWER_SAVE */
76887 + ks_wlan_set_scan_type, /* 12 KS_WLAN_SET_SCAN_TYPE */
76888 + ks_wlan_get_scan_type, /* 13 KS_WLAN_GET_SCAN_TYPE */
76889 + ks_wlan_set_rx_gain, /* 14 KS_WLAN_SET_RX_GAIN */
76890 + ks_wlan_get_rx_gain, /* 15 KS_WLAN_GET_RX_GAIN */
76891 + ks_wlan_hostt, /* 16 KS_WLAN_HOSTT */
76892 + NULL, /* 17 */
76893 + ks_wlan_set_beacon_lost, /* 18 KS_WLAN_SET_BECAN_LOST */
76894 + ks_wlan_get_beacon_lost, /* 19 KS_WLAN_GET_BECAN_LOST */
76895 + ks_wlan_set_tx_gain, /* 20 KS_WLAN_SET_TX_GAIN */
76896 + ks_wlan_get_tx_gain, /* 21 KS_WLAN_GET_TX_GAIN */
76897 + ks_wlan_set_phy_type, /* 22 KS_WLAN_SET_PHY_TYPE */
76898 + ks_wlan_get_phy_type, /* 23 KS_WLAN_GET_PHY_TYPE */
76899 + ks_wlan_set_cts_mode, /* 24 KS_WLAN_SET_CTS_MODE */
76900 + ks_wlan_get_cts_mode, /* 25 KS_WLAN_GET_CTS_MODE */
76901 + NULL, /* 26 */
76902 + NULL, /* 27 */
76903 + ks_wlan_set_sleep_mode, /* 28 KS_WLAN_SET_SLEEP_MODE */
76904 + ks_wlan_get_sleep_mode, /* 29 KS_WLAN_GET_SLEEP_MODE */
76905 + NULL, /* 30 */
76906 + NULL, /* 31 */
76907 };
76908
76909 static const struct iw_handler_def ks_wlan_handler_def = {
76910 @@ -3287,8 +3349,8 @@ static const struct iw_handler_def ks_wlan_handler_def = {
76911 .num_private = sizeof(ks_wlan_private_handler) / sizeof(iw_handler),
76912 .num_private_args =
76913 sizeof(ks_wlan_private_args) / sizeof(struct iw_priv_args),
76914 - .standard = (iw_handler *) ks_wlan_handler,
76915 - .private = (iw_handler *) ks_wlan_private_handler,
76916 + .standard = ks_wlan_handler,
76917 + .private = ks_wlan_private_handler,
76918 .private_args = (struct iw_priv_args *)ks_wlan_private_args,
76919 .get_wireless_stats = ks_get_wireless_stats,
76920 };
76921 @@ -3359,7 +3421,7 @@ void ks_wlan_tx_timeout(struct net_device *dev)
76922 }
76923
76924 static
76925 -int ks_wlan_start_xmit(struct sk_buff *skb, struct net_device *dev)
76926 +netdev_tx_t ks_wlan_start_xmit(struct sk_buff *skb, struct net_device *dev)
76927 {
76928 struct ks_wlan_private *priv = netdev_priv(dev);
76929 int rc = 0;
76930 diff --git a/drivers/staging/lustre/lnet/klnds/socklnd/socklnd.h b/drivers/staging/lustre/lnet/klnds/socklnd/socklnd.h
76931 index a56632b..5d236d8 100644
76932 --- a/drivers/staging/lustre/lnet/klnds/socklnd/socklnd.h
76933 +++ b/drivers/staging/lustre/lnet/klnds/socklnd/socklnd.h
76934 @@ -305,10 +305,8 @@ struct ksock_conn {
76935 struct ksock_route *ksnc_route; /* owning route */
76936 struct list_head ksnc_list; /* stash on peer's conn list */
76937 struct socket *ksnc_sock; /* actual socket */
76938 - void *ksnc_saved_data_ready; /* socket's original
76939 - * data_ready() callback */
76940 - void *ksnc_saved_write_space; /* socket's original
76941 - * write_space() callback */
76942 + void (*ksnc_saved_data_ready)(struct sock *sk); /* socket's original data_ready() callback */
76943 + void (*ksnc_saved_write_space)(struct sock *sk); /* socket's original write_space() callback */
76944 atomic_t ksnc_conn_refcount;/* conn refcount */
76945 atomic_t ksnc_sock_refcount;/* sock refcount */
76946 struct ksock_sched *ksnc_scheduler; /* who schedules this connection
76947 diff --git a/drivers/staging/lustre/lnet/selftest/brw_test.c b/drivers/staging/lustre/lnet/selftest/brw_test.c
76948 index 13d0454..f18459d 100644
76949 --- a/drivers/staging/lustre/lnet/selftest/brw_test.c
76950 +++ b/drivers/staging/lustre/lnet/selftest/brw_test.c
76951 @@ -324,7 +324,7 @@ brw_client_done_rpc(struct sfw_test_unit *tsu, struct srpc_client_rpc *rpc)
76952 CERROR("BRW RPC to %s failed with %d\n",
76953 libcfs_id2str(rpc->crpc_dest), rpc->crpc_status);
76954 if (!tsi->tsi_stopping) /* rpc could have been aborted */
76955 - atomic_inc(&sn->sn_brw_errors);
76956 + atomic_inc_unchecked(&sn->sn_brw_errors);
76957 return;
76958 }
76959
76960 @@ -338,7 +338,7 @@ brw_client_done_rpc(struct sfw_test_unit *tsu, struct srpc_client_rpc *rpc)
76961 libcfs_id2str(rpc->crpc_dest), reply->brw_status);
76962
76963 if (reply->brw_status) {
76964 - atomic_inc(&sn->sn_brw_errors);
76965 + atomic_inc_unchecked(&sn->sn_brw_errors);
76966 rpc->crpc_status = -(int)reply->brw_status;
76967 return;
76968 }
76969 @@ -349,7 +349,7 @@ brw_client_done_rpc(struct sfw_test_unit *tsu, struct srpc_client_rpc *rpc)
76970 if (brw_check_bulk(&rpc->crpc_bulk, reqst->brw_flags, magic)) {
76971 CERROR("Bulk data from %s is corrupted!\n",
76972 libcfs_id2str(rpc->crpc_dest));
76973 - atomic_inc(&sn->sn_brw_errors);
76974 + atomic_inc_unchecked(&sn->sn_brw_errors);
76975 rpc->crpc_status = -EBADMSG;
76976 }
76977 }
76978 @@ -484,14 +484,11 @@ brw_server_handle(struct srpc_server_rpc *rpc)
76979 return 0;
76980 }
76981
76982 -struct sfw_test_client_ops brw_test_client;
76983 -
76984 -void brw_init_test_client(void)
76985 -{
76986 - brw_test_client.tso_init = brw_client_init;
76987 - brw_test_client.tso_fini = brw_client_fini;
76988 - brw_test_client.tso_prep_rpc = brw_client_prep_rpc;
76989 - brw_test_client.tso_done_rpc = brw_client_done_rpc;
76990 +struct sfw_test_client_ops brw_test_client = {
76991 + .tso_init = brw_client_init,
76992 + .tso_fini = brw_client_fini,
76993 + .tso_prep_rpc = brw_client_prep_rpc,
76994 + .tso_done_rpc = brw_client_done_rpc,
76995 };
76996
76997 struct srpc_service brw_test_service;
76998 diff --git a/drivers/staging/lustre/lnet/selftest/framework.c b/drivers/staging/lustre/lnet/selftest/framework.c
76999 index c2f121f..c315572 100644
77000 --- a/drivers/staging/lustre/lnet/selftest/framework.c
77001 +++ b/drivers/staging/lustre/lnet/selftest/framework.c
77002 @@ -262,8 +262,8 @@ sfw_init_session(struct sfw_session *sn, lst_sid_t sid,
77003 INIT_LIST_HEAD(&sn->sn_list);
77004 INIT_LIST_HEAD(&sn->sn_batches);
77005 atomic_set(&sn->sn_refcount, 1); /* +1 for caller */
77006 - atomic_set(&sn->sn_brw_errors, 0);
77007 - atomic_set(&sn->sn_ping_errors, 0);
77008 + atomic_set_unchecked(&sn->sn_brw_errors, 0);
77009 + atomic_set_unchecked(&sn->sn_ping_errors, 0);
77010 strlcpy(&sn->sn_name[0], name, sizeof(sn->sn_name));
77011
77012 sn->sn_timer_active = 0;
77013 @@ -383,8 +383,8 @@ sfw_get_stats(struct srpc_stat_reqst *request, struct srpc_stat_reply *reply)
77014 * with 32 bits to send, this is ~49 days
77015 */
77016 cnt->running_ms = jiffies_to_msecs(jiffies - sn->sn_started);
77017 - cnt->brw_errors = atomic_read(&sn->sn_brw_errors);
77018 - cnt->ping_errors = atomic_read(&sn->sn_ping_errors);
77019 + cnt->brw_errors = atomic_read_unchecked(&sn->sn_brw_errors);
77020 + cnt->ping_errors = atomic_read_unchecked(&sn->sn_ping_errors);
77021 cnt->zombie_sessions = atomic_read(&sfw_data.fw_nzombies);
77022
77023 cnt->active_batches = 0;
77024 @@ -1655,12 +1655,10 @@ sfw_startup(void)
77025 INIT_LIST_HEAD(&sfw_data.fw_zombie_rpcs);
77026 INIT_LIST_HEAD(&sfw_data.fw_zombie_sessions);
77027
77028 - brw_init_test_client();
77029 brw_init_test_service();
77030 rc = sfw_register_test(&brw_test_service, &brw_test_client);
77031 LASSERT(!rc);
77032
77033 - ping_init_test_client();
77034 ping_init_test_service();
77035 rc = sfw_register_test(&ping_test_service, &ping_test_client);
77036 LASSERT(!rc);
77037 diff --git a/drivers/staging/lustre/lnet/selftest/ping_test.c b/drivers/staging/lustre/lnet/selftest/ping_test.c
77038 index 9331ca4..23511db 100644
77039 --- a/drivers/staging/lustre/lnet/selftest/ping_test.c
77040 +++ b/drivers/staging/lustre/lnet/selftest/ping_test.c
77041 @@ -74,7 +74,7 @@ ping_client_fini(struct sfw_test_instance *tsi)
77042 LASSERT(sn);
77043 LASSERT(tsi->tsi_is_client);
77044
77045 - errors = atomic_read(&sn->sn_ping_errors);
77046 + errors = atomic_read_unchecked(&sn->sn_ping_errors);
77047 if (errors)
77048 CWARN("%d pings have failed.\n", errors);
77049 else
77050 @@ -126,7 +126,7 @@ ping_client_done_rpc(struct sfw_test_unit *tsu, struct srpc_client_rpc *rpc)
77051
77052 if (rpc->crpc_status) {
77053 if (!tsi->tsi_stopping) /* rpc could have been aborted */
77054 - atomic_inc(&sn->sn_ping_errors);
77055 + atomic_inc_unchecked(&sn->sn_ping_errors);
77056 CERROR("Unable to ping %s (%d): %d\n",
77057 libcfs_id2str(rpc->crpc_dest),
77058 reqst->pnr_seq, rpc->crpc_status);
77059 @@ -141,7 +141,7 @@ ping_client_done_rpc(struct sfw_test_unit *tsu, struct srpc_client_rpc *rpc)
77060
77061 if (reply->pnr_magic != LST_PING_TEST_MAGIC) {
77062 rpc->crpc_status = -EBADMSG;
77063 - atomic_inc(&sn->sn_ping_errors);
77064 + atomic_inc_unchecked(&sn->sn_ping_errors);
77065 CERROR("Bad magic %u from %s, %u expected.\n",
77066 reply->pnr_magic, libcfs_id2str(rpc->crpc_dest),
77067 LST_PING_TEST_MAGIC);
77068 @@ -150,7 +150,7 @@ ping_client_done_rpc(struct sfw_test_unit *tsu, struct srpc_client_rpc *rpc)
77069
77070 if (reply->pnr_seq != reqst->pnr_seq) {
77071 rpc->crpc_status = -EBADMSG;
77072 - atomic_inc(&sn->sn_ping_errors);
77073 + atomic_inc_unchecked(&sn->sn_ping_errors);
77074 CERROR("Bad seq %u from %s, %u expected.\n",
77075 reply->pnr_seq, libcfs_id2str(rpc->crpc_dest),
77076 reqst->pnr_seq);
77077 @@ -206,15 +206,12 @@ ping_server_handle(struct srpc_server_rpc *rpc)
77078 return 0;
77079 }
77080
77081 -struct sfw_test_client_ops ping_test_client;
77082 -
77083 -void ping_init_test_client(void)
77084 -{
77085 - ping_test_client.tso_init = ping_client_init;
77086 - ping_test_client.tso_fini = ping_client_fini;
77087 - ping_test_client.tso_prep_rpc = ping_client_prep_rpc;
77088 - ping_test_client.tso_done_rpc = ping_client_done_rpc;
77089 -}
77090 +struct sfw_test_client_ops ping_test_client = {
77091 + .tso_init = ping_client_init,
77092 + .tso_fini = ping_client_fini,
77093 + .tso_prep_rpc = ping_client_prep_rpc,
77094 + .tso_done_rpc = ping_client_done_rpc,
77095 +};
77096
77097 struct srpc_service ping_test_service;
77098
77099 diff --git a/drivers/staging/lustre/lnet/selftest/selftest.h b/drivers/staging/lustre/lnet/selftest/selftest.h
77100 index d033ac0..528a102 100644
77101 --- a/drivers/staging/lustre/lnet/selftest/selftest.h
77102 +++ b/drivers/staging/lustre/lnet/selftest/selftest.h
77103 @@ -328,8 +328,8 @@ struct sfw_session {
77104 struct list_head sn_batches; /* list of batches */
77105 char sn_name[LST_NAME_SIZE];
77106 atomic_t sn_refcount;
77107 - atomic_t sn_brw_errors;
77108 - atomic_t sn_ping_errors;
77109 + atomic_unchecked_t sn_brw_errors;
77110 + atomic_unchecked_t sn_ping_errors;
77111 unsigned long sn_started;
77112 };
77113
77114 @@ -607,13 +607,11 @@ srpc_wait_service_shutdown(struct srpc_service *sv)
77115 }
77116
77117 extern struct sfw_test_client_ops brw_test_client;
77118 -void brw_init_test_client(void);
77119
77120 extern struct srpc_service brw_test_service;
77121 void brw_init_test_service(void);
77122
77123 extern struct sfw_test_client_ops ping_test_client;
77124 -void ping_init_test_client(void);
77125
77126 extern struct srpc_service ping_test_service;
77127 void ping_init_test_service(void);
77128 diff --git a/drivers/staging/lustre/lustre/include/lustre/lustre_idl.h b/drivers/staging/lustre/lustre/include/lustre/lustre_idl.h
77129 index 051864c..72aca9b 100644
77130 --- a/drivers/staging/lustre/lustre/include/lustre/lustre_idl.h
77131 +++ b/drivers/staging/lustre/lustre/include/lustre/lustre_idl.h
77132 @@ -784,7 +784,7 @@ static inline ino_t lu_igif_ino(const struct lu_fid *fid)
77133 return fid_seq(fid);
77134 }
77135
77136 -void lustre_swab_ost_id(struct ost_id *oid);
77137 +void lustre_swab_ost_id(void *oid);
77138
77139 /**
77140 * Get inode generation from a igif.
77141 @@ -851,8 +851,8 @@ static inline int fid_is_zero(const struct lu_fid *fid)
77142 return fid_seq(fid) == 0 && fid_oid(fid) == 0;
77143 }
77144
77145 -void lustre_swab_lu_fid(struct lu_fid *fid);
77146 -void lustre_swab_lu_seq_range(struct lu_seq_range *range);
77147 +void lustre_swab_lu_fid(void *fid);
77148 +void lustre_swab_lu_seq_range(void *range);
77149
77150 static inline int lu_fid_eq(const struct lu_fid *f0, const struct lu_fid *f1)
77151 {
77152 @@ -1157,7 +1157,7 @@ struct ptlrpc_body_v2 {
77153 __u64 pb_padding[4];
77154 };
77155
77156 -void lustre_swab_ptlrpc_body(struct ptlrpc_body *pb);
77157 +void lustre_swab_ptlrpc_body(void *pb);
77158
77159 /* message body offset for lustre_msg_v2 */
77160 /* ptlrpc body offset in all request/reply messages */
77161 @@ -1398,7 +1398,7 @@ struct obd_connect_data {
77162 * reserve the flag for future use.
77163 */
77164
77165 -void lustre_swab_connect(struct obd_connect_data *ocd);
77166 +void lustre_swab_connect(void *ocd);
77167
77168 /*
77169 * Supported checksum algorithms. Up to 32 checksum types are supported.
77170 @@ -1752,10 +1752,10 @@ struct hsm_state_set {
77171 __u64 hss_clearmask;
77172 };
77173
77174 -void lustre_swab_hsm_user_state(struct hsm_user_state *hus);
77175 -void lustre_swab_hsm_state_set(struct hsm_state_set *hss);
77176 +void lustre_swab_hsm_user_state(void *hus);
77177 +void lustre_swab_hsm_state_set(void *hss);
77178
77179 -void lustre_swab_obd_statfs(struct obd_statfs *os);
77180 +void lustre_swab_obd_statfs(void *os);
77181
77182 /* ost_body.data values for OST_BRW */
77183
77184 @@ -1802,7 +1802,7 @@ struct obd_ioobj {
77185 #define ioobj_max_brw_set(ioo, num) \
77186 do { (ioo)->ioo_max_brw = ((num) - 1) << IOOBJ_MAX_BRW_BITS; } while (0)
77187
77188 -void lustre_swab_obd_ioobj(struct obd_ioobj *ioo);
77189 +void lustre_swab_obd_ioobj(void *ioo);
77190
77191 /* multiple of 8 bytes => can array */
77192 struct niobuf_remote {
77193 @@ -1811,7 +1811,7 @@ struct niobuf_remote {
77194 __u32 flags;
77195 };
77196
77197 -void lustre_swab_niobuf_remote(struct niobuf_remote *nbr);
77198 +void lustre_swab_niobuf_remote(void *nbr);
77199
77200 /* lock value block communicated between the filter and llite */
77201
77202 @@ -1876,7 +1876,7 @@ struct obd_quotactl {
77203 struct obd_dqblk qc_dqblk;
77204 };
77205
77206 -void lustre_swab_obd_quotactl(struct obd_quotactl *q);
77207 +void lustre_swab_obd_quotactl(void *q);
77208
77209 #define Q_QUOTACHECK 0x800100 /* deprecated as of 2.4 */
77210 #define Q_INITQUOTA 0x800101 /* deprecated as of 2.4 */
77211 @@ -1988,7 +1988,7 @@ enum mdt_reint_cmd {
77212 REINT_MAX
77213 };
77214
77215 -void lustre_swab_generic_32s(__u32 *val);
77216 +void lustre_swab_generic_32s(void *val);
77217
77218 /* the disposition of the intent outlines what was executed */
77219 #define DISP_IT_EXECD 0x00000001
77220 @@ -2147,7 +2147,7 @@ struct mdt_body {
77221 __u64 padding_10;
77222 }; /* 216 */
77223
77224 -void lustre_swab_mdt_body(struct mdt_body *b);
77225 +void lustre_swab_mdt_body(void *b);
77226
77227 struct mdt_ioepoch {
77228 struct lustre_handle handle;
77229 @@ -2156,7 +2156,7 @@ struct mdt_ioepoch {
77230 __u32 padding;
77231 };
77232
77233 -void lustre_swab_mdt_ioepoch(struct mdt_ioepoch *b);
77234 +void lustre_swab_mdt_ioepoch(void *b);
77235
77236 /* permissions for md_perm.mp_perm */
77237 enum {
77238 @@ -2465,7 +2465,7 @@ struct mdt_rec_reint {
77239 __u32 rr_padding_4; /* also fix lustre_swab_mdt_rec_reint */
77240 };
77241
77242 -void lustre_swab_mdt_rec_reint(struct mdt_rec_reint *rr);
77243 +void lustre_swab_mdt_rec_reint(void *rr);
77244
77245 /* lmv structures */
77246 struct lmv_desc {
77247 @@ -2664,13 +2664,13 @@ union ldlm_gl_desc {
77248 struct ldlm_gl_lquota_desc lquota_desc;
77249 };
77250
77251 -void lustre_swab_gl_desc(union ldlm_gl_desc *);
77252 +void lustre_swab_gl_desc(void *);
77253
77254 struct ldlm_intent {
77255 __u64 opc;
77256 };
77257
77258 -void lustre_swab_ldlm_intent(struct ldlm_intent *i);
77259 +void lustre_swab_ldlm_intent(void *i);
77260
77261 struct ldlm_resource_desc {
77262 enum ldlm_type lr_type;
77263 @@ -2695,7 +2695,7 @@ struct ldlm_request {
77264 struct lustre_handle lock_handle[LDLM_LOCKREQ_HANDLES];
77265 };
77266
77267 -void lustre_swab_ldlm_request(struct ldlm_request *rq);
77268 +void lustre_swab_ldlm_request(void *rq);
77269
77270 /* If LDLM_ENQUEUE, 1 slot is already occupied, 1 is available.
77271 * Otherwise, 2 are available.
77272 @@ -2718,7 +2718,7 @@ struct ldlm_reply {
77273 __u64 lock_policy_res2;
77274 };
77275
77276 -void lustre_swab_ldlm_reply(struct ldlm_reply *r);
77277 +void lustre_swab_ldlm_reply(void *r);
77278
77279 #define ldlm_flags_to_wire(flags) ((__u32)(flags))
77280 #define ldlm_flags_from_wire(flags) ((__u64)(flags))
77281 @@ -2763,7 +2763,7 @@ struct mgs_target_info {
77282 char mti_params[MTI_PARAM_MAXLEN];
77283 };
77284
77285 -void lustre_swab_mgs_target_info(struct mgs_target_info *oinfo);
77286 +void lustre_swab_mgs_target_info(void *oinfo);
77287
77288 struct mgs_nidtbl_entry {
77289 __u64 mne_version; /* table version of this entry */
77290 @@ -2790,14 +2790,14 @@ struct mgs_config_body {
77291 __u32 mcb_units; /* # of units for bulk transfer */
77292 };
77293
77294 -void lustre_swab_mgs_config_body(struct mgs_config_body *body);
77295 +void lustre_swab_mgs_config_body(void *body);
77296
77297 struct mgs_config_res {
77298 __u64 mcr_offset; /* index of last config log */
77299 __u64 mcr_size; /* size of the log */
77300 };
77301
77302 -void lustre_swab_mgs_config_res(struct mgs_config_res *body);
77303 +void lustre_swab_mgs_config_res(void *body);
77304
77305 /* Config marker flags (in config log) */
77306 #define CM_START 0x01
77307 @@ -3224,9 +3224,9 @@ struct ll_fiemap_info_key {
77308 struct ll_user_fiemap fiemap;
77309 };
77310
77311 -void lustre_swab_ost_body(struct ost_body *b);
77312 -void lustre_swab_ost_last_id(__u64 *id);
77313 -void lustre_swab_fiemap(struct ll_user_fiemap *fiemap);
77314 +void lustre_swab_ost_body(void *b);
77315 +void lustre_swab_ost_last_id(void *id);
77316 +void lustre_swab_fiemap(void *fiemap);
77317
77318 void lustre_swab_lov_user_md_v1(struct lov_user_md_v1 *lum);
77319 void lustre_swab_lov_user_md_v3(struct lov_user_md_v3 *lum);
77320 @@ -3235,19 +3235,19 @@ void lustre_swab_lov_user_md_objects(struct lov_user_ost_data *lod,
77321 void lustre_swab_lov_mds_md(struct lov_mds_md *lmm);
77322
77323 /* llog_swab.c */
77324 -void lustre_swab_llogd_body(struct llogd_body *d);
77325 -void lustre_swab_llog_hdr(struct llog_log_hdr *h);
77326 -void lustre_swab_llogd_conn_body(struct llogd_conn_body *d);
77327 +void lustre_swab_llogd_body(void *d);
77328 +void lustre_swab_llog_hdr(void *h);
77329 +void lustre_swab_llogd_conn_body(void *d);
77330 void lustre_swab_llog_rec(struct llog_rec_hdr *rec);
77331
77332 struct lustre_cfg;
77333 void lustre_swab_lustre_cfg(struct lustre_cfg *lcfg);
77334
77335 /* Functions for dumping PTLRPC fields */
77336 -void dump_rniobuf(struct niobuf_remote *rnb);
77337 -void dump_ioo(struct obd_ioobj *nb);
77338 -void dump_ost_body(struct ost_body *ob);
77339 -void dump_rcs(__u32 *rc);
77340 +void dump_rniobuf(void *rnb);
77341 +void dump_ioo(void *nb);
77342 +void dump_ost_body(void *ob);
77343 +void dump_rcs(void *rc);
77344
77345 /* security opcodes */
77346 enum sec_cmd {
77347 @@ -3280,7 +3280,7 @@ struct lustre_capa {
77348 __u8 lc_hmac[CAPA_HMAC_MAX_LEN]; /** HMAC */
77349 } __packed;
77350
77351 -void lustre_swab_lustre_capa(struct lustre_capa *c);
77352 +void lustre_swab_lustre_capa(void *c);
77353
77354 /** lustre_capa::lc_opc */
77355 enum {
77356 @@ -3364,7 +3364,7 @@ struct layout_intent {
77357 __u64 li_end;
77358 };
77359
77360 -void lustre_swab_layout_intent(struct layout_intent *li);
77361 +void lustre_swab_layout_intent(void *li);
77362
77363 /**
77364 * On the wire version of hsm_progress structure.
77365 @@ -3384,12 +3384,10 @@ struct hsm_progress_kernel {
77366 __u64 hpk_padding2;
77367 } __packed;
77368
77369 -void lustre_swab_hsm_user_state(struct hsm_user_state *hus);
77370 -void lustre_swab_hsm_current_action(struct hsm_current_action *action);
77371 -void lustre_swab_hsm_progress_kernel(struct hsm_progress_kernel *hpk);
77372 -void lustre_swab_hsm_user_state(struct hsm_user_state *hus);
77373 -void lustre_swab_hsm_user_item(struct hsm_user_item *hui);
77374 -void lustre_swab_hsm_request(struct hsm_request *hr);
77375 +void lustre_swab_hsm_current_action(void *action);
77376 +void lustre_swab_hsm_progress_kernel(void *hpk);
77377 +void lustre_swab_hsm_user_item(void *hui);
77378 +void lustre_swab_hsm_request(void *hr);
77379
77380 /** layout swap request structure
77381 * fid1 and fid2 are in mdt_body
77382 @@ -3398,7 +3396,7 @@ struct mdc_swap_layouts {
77383 __u64 msl_flags;
77384 } __packed;
77385
77386 -void lustre_swab_swap_layouts(struct mdc_swap_layouts *msl);
77387 +void lustre_swab_swap_layouts(void *msl);
77388
77389 struct close_data {
77390 struct lustre_handle cd_handle;
77391 @@ -3407,7 +3405,7 @@ struct close_data {
77392 __u64 cd_reserved[8];
77393 };
77394
77395 -void lustre_swab_close_data(struct close_data *data);
77396 +void lustre_swab_close_data(void *data);
77397
77398 #endif
77399 /** @} lustreidl */
77400 diff --git a/drivers/staging/lustre/lustre/include/lustre_dlm.h b/drivers/staging/lustre/lustre/include/lustre_dlm.h
77401 index 60051a5..76ac7a7 100644
77402 --- a/drivers/staging/lustre/lustre/include/lustre_dlm.h
77403 +++ b/drivers/staging/lustre/lustre/include/lustre_dlm.h
77404 @@ -964,9 +964,9 @@ struct ldlm_ast_work {
77405 struct ldlm_enqueue_info {
77406 __u32 ei_type; /** Type of the lock being enqueued. */
77407 __u32 ei_mode; /** Mode of the lock being enqueued. */
77408 - void *ei_cb_bl; /** blocking lock callback */
77409 - void *ei_cb_cp; /** lock completion callback */
77410 - void *ei_cb_gl; /** lock glimpse callback */
77411 + ldlm_blocking_callback ei_cb_bl; /** blocking lock callback */
77412 + ldlm_completion_callback ei_cb_cp; /** lock completion callback */
77413 + ldlm_glimpse_callback ei_cb_gl; /** lock glimpse callback */
77414 void *ei_cbdata; /** Data to be passed into callbacks. */
77415 };
77416
77417 @@ -1060,7 +1060,7 @@ struct ldlm_callback_suite {
77418 ldlm_completion_callback lcs_completion;
77419 ldlm_blocking_callback lcs_blocking;
77420 ldlm_glimpse_callback lcs_glimpse;
77421 -};
77422 +} __no_const;
77423
77424 /* ldlm_lockd.c */
77425 int ldlm_get_ref(void);
77426 diff --git a/drivers/staging/lustre/lustre/include/lustre_net.h b/drivers/staging/lustre/lustre/include/lustre_net.h
77427 index d5debd6..ea5c42e 100644
77428 --- a/drivers/staging/lustre/lustre/include/lustre_net.h
77429 +++ b/drivers/staging/lustre/lustre/include/lustre_net.h
77430 @@ -2641,7 +2641,7 @@ void *lustre_msg_buf_v2(struct lustre_msg_v2 *m, int n, int min_size);
77431 void *lustre_msg_buf(struct lustre_msg *m, int n, int minlen);
77432 int lustre_msg_buflen(struct lustre_msg *m, int n);
77433 int lustre_msg_bufcount(struct lustre_msg *m);
77434 -char *lustre_msg_string(struct lustre_msg *m, int n, int max_len);
77435 +void *lustre_msg_string(struct lustre_msg *m, int n, int max_len);
77436 __u32 lustre_msghdr_get_flags(struct lustre_msg *msg);
77437 void lustre_msghdr_set_flags(struct lustre_msg *msg, __u32 flags);
77438 __u32 lustre_msg_get_flags(struct lustre_msg *msg);
77439 diff --git a/drivers/staging/lustre/lustre/include/obd.h b/drivers/staging/lustre/lustre/include/obd.h
77440 index a1bc2c4..6cd1797 100644
77441 --- a/drivers/staging/lustre/lustre/include/obd.h
77442 +++ b/drivers/staging/lustre/lustre/include/obd.h
77443 @@ -1133,7 +1133,7 @@ struct md_ops {
77444 * lprocfs_alloc_md_stats() in obdclass/lprocfs_status.c. Also, add a
77445 * wrapper function in include/linux/obd_class.h.
77446 */
77447 -};
77448 +} __no_const;
77449
77450 struct lsm_operations {
77451 void (*lsm_free)(struct lov_stripe_md *);
77452 diff --git a/drivers/staging/lustre/lustre/ldlm/ldlm_flock.c b/drivers/staging/lustre/lustre/ldlm/ldlm_flock.c
77453 index d6b61bc..3e4f655 100644
77454 --- a/drivers/staging/lustre/lustre/ldlm/ldlm_flock.c
77455 +++ b/drivers/staging/lustre/lustre/ldlm/ldlm_flock.c
77456 @@ -143,7 +143,7 @@ static int ldlm_process_flock_lock(struct ldlm_lock *req, __u64 *flags,
77457 int added = (mode == LCK_NL);
77458 int overlaps = 0;
77459 int splitted = 0;
77460 - const struct ldlm_callback_suite null_cbs = { NULL };
77461 + const struct ldlm_callback_suite null_cbs = { };
77462
77463 CDEBUG(D_DLMTRACE,
77464 "flags %#llx owner %llu pid %u mode %u start %llu end %llu\n",
77465 diff --git a/drivers/staging/lustre/lustre/ldlm/ldlm_request.c b/drivers/staging/lustre/lustre/ldlm/ldlm_request.c
77466 index af487f9..533b121 100644
77467 --- a/drivers/staging/lustre/lustre/ldlm/ldlm_request.c
77468 +++ b/drivers/staging/lustre/lustre/ldlm/ldlm_request.c
77469 @@ -1853,8 +1853,9 @@ static int ldlm_chain_lock_for_replay(struct ldlm_lock *lock, void *closure)
77470
77471 static int replay_lock_interpret(const struct lu_env *env,
77472 struct ptlrpc_request *req,
77473 - struct ldlm_async_args *aa, int rc)
77474 + void *_aa, int rc)
77475 {
77476 + struct ldlm_async_args *aa = _aa;
77477 struct ldlm_lock *lock;
77478 struct ldlm_reply *reply;
77479 struct obd_export *exp;
77480 @@ -1981,7 +1982,7 @@ static int replay_one_lock(struct obd_import *imp, struct ldlm_lock *lock)
77481 CLASSERT(sizeof(*aa) <= sizeof(req->rq_async_args));
77482 aa = ptlrpc_req_async_args(req);
77483 aa->lock_handle = body->lock_handle[0];
77484 - req->rq_interpret_reply = (ptlrpc_interpterer_t)replay_lock_interpret;
77485 + req->rq_interpret_reply = replay_lock_interpret;
77486 ptlrpcd_add_req(req);
77487
77488 return 0;
77489 diff --git a/drivers/staging/lustre/lustre/llite/dir.c b/drivers/staging/lustre/lustre/llite/dir.c
77490 index 5b38177..929e628 100644
77491 --- a/drivers/staging/lustre/lustre/llite/dir.c
77492 +++ b/drivers/staging/lustre/lustre/llite/dir.c
77493 @@ -136,7 +136,7 @@
77494 */
77495
77496 /* returns the page unlocked, but with a reference */
77497 -static int ll_dir_filler(void *_hash, struct page *page0)
77498 +static int ll_dir_filler(struct file *_hash, struct page *page0)
77499 {
77500 struct inode *inode = page0->mapping->host;
77501 int hash64 = ll_i2sbi(inode)->ll_flags & LL_SBI_64BIT_HASH;
77502 diff --git a/drivers/staging/lustre/lustre/llite/llite_internal.h b/drivers/staging/lustre/lustre/llite/llite_internal.h
77503 index 4d6d589..f0268e9 100644
77504 --- a/drivers/staging/lustre/lustre/llite/llite_internal.h
77505 +++ b/drivers/staging/lustre/lustre/llite/llite_internal.h
77506 @@ -478,13 +478,13 @@ struct ll_sb_info {
77507
77508 /* metadata stat-ahead */
77509 unsigned int ll_sa_max; /* max statahead RPCs */
77510 - atomic_t ll_sa_total; /* statahead thread started
77511 + atomic_unchecked_t ll_sa_total; /* statahead thread started
77512 * count
77513 */
77514 - atomic_t ll_sa_wrong; /* statahead thread stopped for
77515 + atomic_unchecked_t ll_sa_wrong; /* statahead thread stopped for
77516 * low hit ratio
77517 */
77518 - atomic_t ll_agl_total; /* AGL thread started count */
77519 + atomic_unchecked_t ll_agl_total; /* AGL thread started count */
77520
77521 dev_t ll_sdev_orig; /* save s_dev before assign for
77522 * clustered nfs
77523 diff --git a/drivers/staging/lustre/lustre/llite/llite_lib.c b/drivers/staging/lustre/lustre/llite/llite_lib.c
77524 index 546063e..5955697 100644
77525 --- a/drivers/staging/lustre/lustre/llite/llite_lib.c
77526 +++ b/drivers/staging/lustre/lustre/llite/llite_lib.c
77527 @@ -113,9 +113,9 @@ static struct ll_sb_info *ll_init_sbi(struct super_block *sb)
77528
77529 /* metadata statahead is enabled by default */
77530 sbi->ll_sa_max = LL_SA_RPC_DEF;
77531 - atomic_set(&sbi->ll_sa_total, 0);
77532 - atomic_set(&sbi->ll_sa_wrong, 0);
77533 - atomic_set(&sbi->ll_agl_total, 0);
77534 + atomic_set_unchecked(&sbi->ll_sa_total, 0);
77535 + atomic_set_unchecked(&sbi->ll_sa_wrong, 0);
77536 + atomic_set_unchecked(&sbi->ll_agl_total, 0);
77537 sbi->ll_flags |= LL_SBI_AGL_ENABLED;
77538
77539 sbi->ll_sb = sb;
77540 diff --git a/drivers/staging/lustre/lustre/llite/lproc_llite.c b/drivers/staging/lustre/lustre/llite/lproc_llite.c
77541 index e86bf3c..c2a3f39 100644
77542 --- a/drivers/staging/lustre/lustre/llite/lproc_llite.c
77543 +++ b/drivers/staging/lustre/lustre/llite/lproc_llite.c
77544 @@ -680,9 +680,9 @@ static int ll_statahead_stats_seq_show(struct seq_file *m, void *v)
77545 "statahead total: %u\n"
77546 "statahead wrong: %u\n"
77547 "agl total: %u\n",
77548 - atomic_read(&sbi->ll_sa_total),
77549 - atomic_read(&sbi->ll_sa_wrong),
77550 - atomic_read(&sbi->ll_agl_total));
77551 + atomic_read_unchecked(&sbi->ll_sa_total),
77552 + atomic_read_unchecked(&sbi->ll_sa_wrong),
77553 + atomic_read_unchecked(&sbi->ll_agl_total));
77554 return 0;
77555 }
77556
77557 diff --git a/drivers/staging/lustre/lustre/llite/statahead.c b/drivers/staging/lustre/lustre/llite/statahead.c
77558 index c1cb6b1..62f954b 100644
77559 --- a/drivers/staging/lustre/lustre/llite/statahead.c
77560 +++ b/drivers/staging/lustre/lustre/llite/statahead.c
77561 @@ -945,7 +945,7 @@ static int ll_agl_thread(void *arg)
77562 CDEBUG(D_READA, "agl thread started: sai %p, parent %pd\n",
77563 sai, parent);
77564
77565 - atomic_inc(&sbi->ll_agl_total);
77566 + atomic_inc_unchecked(&sbi->ll_agl_total);
77567 spin_lock(&plli->lli_agl_lock);
77568 sai->sai_agl_valid = 1;
77569 if (thread_is_init(thread))
77570 @@ -1049,7 +1049,7 @@ static int ll_statahead_thread(void *arg)
77571 if (sbi->ll_flags & LL_SBI_AGL_ENABLED)
77572 ll_start_agl(parent, sai);
77573
77574 - atomic_inc(&sbi->ll_sa_total);
77575 + atomic_inc_unchecked(&sbi->ll_sa_total);
77576 spin_lock(&plli->lli_sa_lock);
77577 if (thread_is_init(thread))
77578 /* If someone else has changed the thread state
77579 @@ -1472,7 +1472,7 @@ ll_sai_unplug(struct ll_statahead_info *sai, struct ll_sa_entry *entry)
77580 sai->sai_miss++;
77581 sai->sai_consecutive_miss++;
77582 if (sa_low_hit(sai) && thread_is_running(thread)) {
77583 - atomic_inc(&sbi->ll_sa_wrong);
77584 + atomic_inc_unchecked(&sbi->ll_sa_wrong);
77585 CDEBUG(D_READA, "Statahead for dir " DFID " hit ratio too low: hit/miss %llu/%llu, sent/replied %llu/%llu, stopping statahead thread\n",
77586 PFID(&lli->lli_fid), sai->sai_hit,
77587 sai->sai_miss, sai->sai_sent,
77588 diff --git a/drivers/staging/lustre/lustre/lov/lov_internal.h b/drivers/staging/lustre/lustre/lov/lov_internal.h
77589 index 12bd511..45e526d 100644
77590 --- a/drivers/staging/lustre/lustre/lov/lov_internal.h
77591 +++ b/drivers/staging/lustre/lustre/lov/lov_internal.h
77592 @@ -107,9 +107,9 @@ struct lov_request_set {
77593 */
77594 struct obd_device *set_obd;
77595 int set_count;
77596 - atomic_t set_completes;
77597 - atomic_t set_success;
77598 - atomic_t set_finish_checked;
77599 + atomic_unchecked_t set_completes;
77600 + atomic_unchecked_t set_success;
77601 + atomic_unchecked_t set_finish_checked;
77602 struct llog_cookie *set_cookies;
77603 int set_cookie_sent;
77604 struct list_head set_list;
77605 diff --git a/drivers/staging/lustre/lustre/lov/lov_io.c b/drivers/staging/lustre/lustre/lov/lov_io.c
77606 index 84032a5..8aa6085 100644
77607 --- a/drivers/staging/lustre/lustre/lov/lov_io.c
77608 +++ b/drivers/staging/lustre/lustre/lov/lov_io.c
77609 @@ -810,12 +810,32 @@ static void lov_empty_io_fini(const struct lu_env *env,
77610 }
77611
77612 static void lov_empty_impossible(const struct lu_env *env,
77613 - struct cl_io_slice *ios)
77614 + const struct cl_io_slice *ios)
77615 {
77616 LBUG();
77617 }
77618
77619 -#define LOV_EMPTY_IMPOSSIBLE ((void *)lov_empty_impossible)
77620 +static int lov_empty_impossible2(const struct lu_env *env,
77621 + const struct cl_io_slice *ios)
77622 +{
77623 + LBUG();
77624 +}
77625 +
77626 +static int lov_empty_impossible3(const struct lu_env *env,
77627 + const struct cl_io_slice *slice,
77628 + enum cl_req_type crt,
77629 + struct cl_2queue *queue)
77630 +{
77631 + LBUG();
77632 +}
77633 +
77634 +static int lov_empty_impossible4(const struct lu_env *env,
77635 + const struct cl_io_slice *slice,
77636 + struct cl_page_list *queue, int from, int to,
77637 + cl_commit_cbt cb)
77638 +{
77639 + LBUG();
77640 +}
77641
77642 /**
77643 * An io operation vector for files without stripes.
77644 @@ -825,32 +845,32 @@ static const struct cl_io_operations lov_empty_io_ops = {
77645 [CIT_READ] = {
77646 .cio_fini = lov_empty_io_fini,
77647 #if 0
77648 - .cio_iter_init = LOV_EMPTY_IMPOSSIBLE,
77649 - .cio_lock = LOV_EMPTY_IMPOSSIBLE,
77650 - .cio_start = LOV_EMPTY_IMPOSSIBLE,
77651 - .cio_end = LOV_EMPTY_IMPOSSIBLE
77652 + .cio_iter_init = lov_empty_impossible2,
77653 + .cio_lock = lov_empty_impossible2,
77654 + .cio_start = lov_empty_impossible2,
77655 + .cio_end = lov_empty_impossible
77656 #endif
77657 },
77658 [CIT_WRITE] = {
77659 .cio_fini = lov_empty_io_fini,
77660 - .cio_iter_init = LOV_EMPTY_IMPOSSIBLE,
77661 - .cio_lock = LOV_EMPTY_IMPOSSIBLE,
77662 - .cio_start = LOV_EMPTY_IMPOSSIBLE,
77663 - .cio_end = LOV_EMPTY_IMPOSSIBLE
77664 + .cio_iter_init = lov_empty_impossible2,
77665 + .cio_lock = lov_empty_impossible2,
77666 + .cio_start = lov_empty_impossible2,
77667 + .cio_end = lov_empty_impossible
77668 },
77669 [CIT_SETATTR] = {
77670 .cio_fini = lov_empty_io_fini,
77671 - .cio_iter_init = LOV_EMPTY_IMPOSSIBLE,
77672 - .cio_lock = LOV_EMPTY_IMPOSSIBLE,
77673 - .cio_start = LOV_EMPTY_IMPOSSIBLE,
77674 - .cio_end = LOV_EMPTY_IMPOSSIBLE
77675 + .cio_iter_init = lov_empty_impossible2,
77676 + .cio_lock = lov_empty_impossible2,
77677 + .cio_start = lov_empty_impossible2,
77678 + .cio_end = lov_empty_impossible
77679 },
77680 [CIT_FAULT] = {
77681 .cio_fini = lov_empty_io_fini,
77682 - .cio_iter_init = LOV_EMPTY_IMPOSSIBLE,
77683 - .cio_lock = LOV_EMPTY_IMPOSSIBLE,
77684 - .cio_start = LOV_EMPTY_IMPOSSIBLE,
77685 - .cio_end = LOV_EMPTY_IMPOSSIBLE
77686 + .cio_iter_init = lov_empty_impossible2,
77687 + .cio_lock = lov_empty_impossible2,
77688 + .cio_start = lov_empty_impossible2,
77689 + .cio_end = lov_empty_impossible
77690 },
77691 [CIT_FSYNC] = {
77692 .cio_fini = lov_empty_io_fini
77693 @@ -859,8 +879,8 @@ static const struct cl_io_operations lov_empty_io_ops = {
77694 .cio_fini = lov_empty_io_fini
77695 }
77696 },
77697 - .cio_submit = LOV_EMPTY_IMPOSSIBLE,
77698 - .cio_commit_async = LOV_EMPTY_IMPOSSIBLE
77699 + .cio_submit = lov_empty_impossible3,
77700 + .cio_commit_async = lov_empty_impossible4
77701 };
77702
77703 int lov_io_init_raid0(const struct lu_env *env, struct cl_object *obj,
77704 diff --git a/drivers/staging/lustre/lustre/lov/lov_obd.c b/drivers/staging/lustre/lustre/lov/lov_obd.c
77705 index 9b92d55..0d56df1 100644
77706 --- a/drivers/staging/lustre/lustre/lov/lov_obd.c
77707 +++ b/drivers/staging/lustre/lustre/lov/lov_obd.c
77708 @@ -1126,7 +1126,7 @@ static int lov_getattr_interpret(struct ptlrpc_request_set *rqset,
77709
77710 /* don't do attribute merge if this async op failed */
77711 if (rc)
77712 - atomic_set(&lovset->set_completes, 0);
77713 + atomic_set_unchecked(&lovset->set_completes, 0);
77714 err = lov_fini_getattr_set(lovset);
77715 return rc ? rc : err;
77716 }
77717 @@ -1181,7 +1181,7 @@ static int lov_getattr_async(struct obd_export *exp, struct obd_info *oinfo,
77718 }
77719 out:
77720 if (rc)
77721 - atomic_set(&lovset->set_completes, 0);
77722 + atomic_set_unchecked(&lovset->set_completes, 0);
77723 err = lov_fini_getattr_set(lovset);
77724 return rc ? rc : err;
77725 }
77726 @@ -1193,7 +1193,7 @@ static int lov_setattr_interpret(struct ptlrpc_request_set *rqset,
77727 int err;
77728
77729 if (rc)
77730 - atomic_set(&lovset->set_completes, 0);
77731 + atomic_set_unchecked(&lovset->set_completes, 0);
77732 err = lov_fini_setattr_set(lovset);
77733 return rc ? rc : err;
77734 }
77735 @@ -1255,7 +1255,7 @@ static int lov_setattr_async(struct obd_export *exp, struct obd_info *oinfo,
77736 int err;
77737
77738 if (rc)
77739 - atomic_set(&set->set_completes, 0);
77740 + atomic_set_unchecked(&set->set_completes, 0);
77741 err = lov_fini_setattr_set(set);
77742 return rc ? rc : err;
77743 }
77744 @@ -1313,7 +1313,7 @@ int lov_statfs_interpret(struct ptlrpc_request_set *rqset, void *data, int rc)
77745 int err;
77746
77747 if (rc)
77748 - atomic_set(&lovset->set_completes, 0);
77749 + atomic_set_unchecked(&lovset->set_completes, 0);
77750
77751 err = lov_fini_statfs_set(lovset);
77752 return rc ? rc : err;
77753 @@ -1346,7 +1346,7 @@ static int lov_statfs_async(struct obd_export *exp, struct obd_info *oinfo,
77754 int err;
77755
77756 if (rc)
77757 - atomic_set(&set->set_completes, 0);
77758 + atomic_set_unchecked(&set->set_completes, 0);
77759 err = lov_fini_statfs_set(set);
77760 return rc ? rc : err;
77761 }
77762 diff --git a/drivers/staging/lustre/lustre/lov/lov_request.c b/drivers/staging/lustre/lustre/lov/lov_request.c
77763 index 4099b51..bb809b2 100644
77764 --- a/drivers/staging/lustre/lustre/lov/lov_request.c
77765 +++ b/drivers/staging/lustre/lustre/lov/lov_request.c
77766 @@ -41,9 +41,9 @@
77767 static void lov_init_set(struct lov_request_set *set)
77768 {
77769 set->set_count = 0;
77770 - atomic_set(&set->set_completes, 0);
77771 - atomic_set(&set->set_success, 0);
77772 - atomic_set(&set->set_finish_checked, 0);
77773 + atomic_set_unchecked(&set->set_completes, 0);
77774 + atomic_set_unchecked(&set->set_success, 0);
77775 + atomic_set_unchecked(&set->set_finish_checked, 0);
77776 set->set_cookies = NULL;
77777 INIT_LIST_HEAD(&set->set_list);
77778 atomic_set(&set->set_refcount, 1);
77779 @@ -71,14 +71,14 @@ void lov_finish_set(struct lov_request_set *set)
77780
77781 static int lov_set_finished(struct lov_request_set *set, int idempotent)
77782 {
77783 - int completes = atomic_read(&set->set_completes);
77784 + int completes = atomic_read_unchecked(&set->set_completes);
77785
77786 CDEBUG(D_INFO, "check set %d/%d\n", completes, set->set_count);
77787
77788 if (completes == set->set_count) {
77789 if (idempotent)
77790 return 1;
77791 - if (atomic_inc_return(&set->set_finish_checked) == 1)
77792 + if (atomic_inc_return_unchecked(&set->set_finish_checked) == 1)
77793 return 1;
77794 }
77795 return 0;
77796 @@ -90,9 +90,9 @@ static void lov_update_set(struct lov_request_set *set,
77797 req->rq_complete = 1;
77798 req->rq_rc = rc;
77799
77800 - atomic_inc(&set->set_completes);
77801 + atomic_inc_unchecked(&set->set_completes);
77802 if (rc == 0)
77803 - atomic_inc(&set->set_success);
77804 + atomic_inc_unchecked(&set->set_success);
77805
77806 wake_up(&set->set_waitq);
77807 }
77808 @@ -192,7 +192,7 @@ static int common_attr_done(struct lov_request_set *set)
77809 if (!set->set_oi->oi_oa)
77810 return 0;
77811
77812 - if (!atomic_read(&set->set_success))
77813 + if (!atomic_read_unchecked(&set->set_success))
77814 return -EIO;
77815
77816 tmp_oa = kmem_cache_zalloc(obdo_cachep, GFP_NOFS);
77817 @@ -239,7 +239,7 @@ int lov_fini_getattr_set(struct lov_request_set *set)
77818 if (!set)
77819 return 0;
77820 LASSERT(set->set_exp);
77821 - if (atomic_read(&set->set_completes))
77822 + if (atomic_read_unchecked(&set->set_completes))
77823 rc = common_attr_done(set);
77824
77825 lov_put_reqset(set);
77826 @@ -330,7 +330,7 @@ int lov_fini_destroy_set(struct lov_request_set *set)
77827 if (!set)
77828 return 0;
77829 LASSERT(set->set_exp);
77830 - if (atomic_read(&set->set_completes)) {
77831 + if (atomic_read_unchecked(&set->set_completes)) {
77832 /* FIXME update qos data here */
77833 }
77834
77835 @@ -410,7 +410,7 @@ int lov_fini_setattr_set(struct lov_request_set *set)
77836 if (!set)
77837 return 0;
77838 LASSERT(set->set_exp);
77839 - if (atomic_read(&set->set_completes)) {
77840 + if (atomic_read_unchecked(&set->set_completes)) {
77841 rc = common_attr_done(set);
77842 /* FIXME update qos data here */
77843 }
77844 @@ -571,9 +571,9 @@ int lov_fini_statfs_set(struct lov_request_set *set)
77845 if (!set)
77846 return 0;
77847
77848 - if (atomic_read(&set->set_completes)) {
77849 + if (atomic_read_unchecked(&set->set_completes)) {
77850 rc = lov_fini_statfs(set->set_obd, set->set_oi->oi_osfs,
77851 - atomic_read(&set->set_success));
77852 + atomic_read_unchecked(&set->set_success));
77853 }
77854 lov_put_reqset(set);
77855 return rc;
77856 @@ -654,7 +654,7 @@ static int cb_statfs_update(void *cookie, int rc)
77857 lov = &lovobd->u.lov;
77858 osfs = set->set_oi->oi_osfs;
77859 lov_sfs = oinfo->oi_osfs;
77860 - success = atomic_read(&set->set_success);
77861 + success = atomic_read_unchecked(&set->set_success);
77862 /* XXX: the same is done in lov_update_common_set, however
77863 * lovset->set_exp is not initialized.
77864 */
77865 @@ -682,7 +682,7 @@ out:
77866 if (set->set_oi->oi_flags & OBD_STATFS_PTLRPCD &&
77867 lov_set_finished(set, 0)) {
77868 lov_statfs_interpret(NULL, set, set->set_count !=
77869 - atomic_read(&set->set_success));
77870 + atomic_read_unchecked(&set->set_success));
77871 }
77872
77873 return 0;
77874 diff --git a/drivers/staging/lustre/lustre/obdclass/llog_swab.c b/drivers/staging/lustre/lustre/obdclass/llog_swab.c
77875 index f7b9b19..cb58105 100644
77876 --- a/drivers/staging/lustre/lustre/obdclass/llog_swab.c
77877 +++ b/drivers/staging/lustre/lustre/obdclass/llog_swab.c
77878 @@ -54,16 +54,20 @@ static void print_llogd_body(struct llogd_body *d)
77879 CDEBUG(D_OTHER, "\tlgd_cur_offset: %#llx\n", d->lgd_cur_offset);
77880 }
77881
77882 -void lustre_swab_lu_fid(struct lu_fid *fid)
77883 +void lustre_swab_lu_fid(void *_fid)
77884 {
77885 + struct lu_fid *fid = _fid;
77886 +
77887 __swab64s(&fid->f_seq);
77888 __swab32s(&fid->f_oid);
77889 __swab32s(&fid->f_ver);
77890 }
77891 EXPORT_SYMBOL(lustre_swab_lu_fid);
77892
77893 -void lustre_swab_ost_id(struct ost_id *oid)
77894 +void lustre_swab_ost_id(void *_oid)
77895 {
77896 + struct ost_id *oid = _oid;
77897 +
77898 if (fid_seq_is_mdt0(oid->oi.oi_seq)) {
77899 __swab64s(&oid->oi.oi_id);
77900 __swab64s(&oid->oi.oi_seq);
77901 @@ -80,8 +84,10 @@ static void lustre_swab_llog_id(struct llog_logid *log_id)
77902 __swab32s(&log_id->lgl_ogen);
77903 }
77904
77905 -void lustre_swab_llogd_body(struct llogd_body *d)
77906 +void lustre_swab_llogd_body(void *_d)
77907 {
77908 + struct llogd_body *d = _d;
77909 +
77910 print_llogd_body(d);
77911 lustre_swab_llog_id(&d->lgd_logid);
77912 __swab32s(&d->lgd_ctxt_idx);
77913 @@ -94,8 +100,10 @@ void lustre_swab_llogd_body(struct llogd_body *d)
77914 }
77915 EXPORT_SYMBOL(lustre_swab_llogd_body);
77916
77917 -void lustre_swab_llogd_conn_body(struct llogd_conn_body *d)
77918 +void lustre_swab_llogd_conn_body(void *_d)
77919 {
77920 + struct llogd_conn_body *d = _d;
77921 +
77922 __swab64s(&d->lgdc_gen.mnt_cnt);
77923 __swab64s(&d->lgdc_gen.conn_cnt);
77924 lustre_swab_llog_id(&d->lgdc_logid);
77925 @@ -110,8 +118,10 @@ static void lustre_swab_ll_fid(struct ll_fid *fid)
77926 __swab32s(&fid->f_type);
77927 }
77928
77929 -void lustre_swab_lu_seq_range(struct lu_seq_range *range)
77930 +void lustre_swab_lu_seq_range(void *_range)
77931 {
77932 + struct lu_seq_range *range = _range;
77933 +
77934 __swab64s(&range->lsr_start);
77935 __swab64s(&range->lsr_end);
77936 __swab32s(&range->lsr_index);
77937 @@ -290,8 +300,10 @@ static void print_llog_hdr(struct llog_log_hdr *h)
77938 CDEBUG(D_OTHER, "\tllh_tail.lrt_len: %#x\n", h->llh_tail.lrt_len);
77939 }
77940
77941 -void lustre_swab_llog_hdr(struct llog_log_hdr *h)
77942 +void lustre_swab_llog_hdr(void *_h)
77943 {
77944 + struct llog_log_hdr *h = _h;
77945 +
77946 print_llog_hdr(h);
77947
77948 lustre_swab_llog_rec(&h->llh_hdr);
77949 diff --git a/drivers/staging/lustre/lustre/osc/osc_request.c b/drivers/staging/lustre/lustre/osc/osc_request.c
77950 index 536b868..6aeaeae 100644
77951 --- a/drivers/staging/lustre/lustre/osc/osc_request.c
77952 +++ b/drivers/staging/lustre/lustre/osc/osc_request.c
77953 @@ -208,8 +208,9 @@ static inline void osc_pack_req_body(struct ptlrpc_request *req,
77954
77955 static int osc_getattr_interpret(const struct lu_env *env,
77956 struct ptlrpc_request *req,
77957 - struct osc_async_args *aa, int rc)
77958 + void *_aa, int rc)
77959 {
77960 + struct osc_async_args *aa = _aa;
77961 struct ost_body *body;
77962
77963 if (rc != 0)
77964 @@ -254,7 +255,7 @@ static int osc_getattr_async(struct obd_export *exp, struct obd_info *oinfo,
77965 osc_pack_req_body(req, oinfo);
77966
77967 ptlrpc_request_set_replen(req);
77968 - req->rq_interpret_reply = (ptlrpc_interpterer_t)osc_getattr_interpret;
77969 + req->rq_interpret_reply = osc_getattr_interpret;
77970
77971 CLASSERT(sizeof(*aa) <= sizeof(req->rq_async_args));
77972 aa = ptlrpc_req_async_args(req);
77973 @@ -350,8 +351,9 @@ out:
77974
77975 static int osc_setattr_interpret(const struct lu_env *env,
77976 struct ptlrpc_request *req,
77977 - struct osc_setattr_args *sa, int rc)
77978 + void *_sa, int rc)
77979 {
77980 + struct osc_setattr_args *sa = _sa;
77981 struct ost_body *body;
77982
77983 if (rc != 0)
77984 @@ -401,8 +403,7 @@ int osc_setattr_async_base(struct obd_export *exp, struct obd_info *oinfo,
77985 /* Do not wait for response. */
77986 ptlrpcd_add_req(req);
77987 } else {
77988 - req->rq_interpret_reply =
77989 - (ptlrpc_interpterer_t)osc_setattr_interpret;
77990 + req->rq_interpret_reply = osc_setattr_interpret;
77991
77992 CLASSERT(sizeof(*sa) <= sizeof(req->rq_async_args));
77993 sa = ptlrpc_req_async_args(req);
77994 @@ -545,7 +546,7 @@ int osc_punch_base(struct obd_export *exp, struct obd_info *oinfo,
77995
77996 ptlrpc_request_set_replen(req);
77997
77998 - req->rq_interpret_reply = (ptlrpc_interpterer_t)osc_setattr_interpret;
77999 + req->rq_interpret_reply = osc_setattr_interpret;
78000 CLASSERT(sizeof(*sa) <= sizeof(req->rq_async_args));
78001 sa = ptlrpc_req_async_args(req);
78002 sa->sa_oa = oinfo->oi_oa;
78003 @@ -2174,8 +2175,9 @@ static int osc_enqueue_fini(struct ptlrpc_request *req,
78004
78005 static int osc_enqueue_interpret(const struct lu_env *env,
78006 struct ptlrpc_request *req,
78007 - struct osc_enqueue_args *aa, int rc)
78008 + void *_aa, int rc)
78009 {
78010 + struct osc_enqueue_args *aa = _aa;
78011 struct ldlm_lock *lock;
78012 struct lustre_handle *lockh = &aa->oa_lockh;
78013 enum ldlm_mode mode = aa->oa_mode;
78014 @@ -2366,8 +2368,7 @@ no_match:
78015 aa->oa_flags = NULL;
78016 }
78017
78018 - req->rq_interpret_reply =
78019 - (ptlrpc_interpterer_t)osc_enqueue_interpret;
78020 + req->rq_interpret_reply = osc_enqueue_interpret;
78021 if (rqset == PTLRPCD_SET)
78022 ptlrpcd_add_req(req);
78023 else
78024 @@ -2443,8 +2444,9 @@ int osc_cancel_base(struct lustre_handle *lockh, __u32 mode)
78025
78026 static int osc_statfs_interpret(const struct lu_env *env,
78027 struct ptlrpc_request *req,
78028 - struct osc_async_args *aa, int rc)
78029 + void *_aa, int rc)
78030 {
78031 + struct osc_async_args *aa = _aa;
78032 struct obd_statfs *msfs;
78033
78034 if (rc == -EBADR)
78035 @@ -2512,7 +2514,7 @@ static int osc_statfs_async(struct obd_export *exp,
78036 req->rq_no_delay = 1;
78037 }
78038
78039 - req->rq_interpret_reply = (ptlrpc_interpterer_t)osc_statfs_interpret;
78040 + req->rq_interpret_reply = osc_statfs_interpret;
78041 CLASSERT(sizeof(*aa) <= sizeof(req->rq_async_args));
78042 aa = ptlrpc_req_async_args(req);
78043 aa->aa_oi = oinfo;
78044 diff --git a/drivers/staging/lustre/lustre/ptlrpc/layout.c b/drivers/staging/lustre/lustre/ptlrpc/layout.c
78045 index ab5d851..12e23dd 100644
78046 --- a/drivers/staging/lustre/lustre/ptlrpc/layout.c
78047 +++ b/drivers/staging/lustre/lustre/ptlrpc/layout.c
78048 @@ -781,8 +781,8 @@ struct req_capsule;
78049 .rmf_name = (name), \
78050 .rmf_flags = (flags), \
78051 .rmf_size = (size), \
78052 - .rmf_swabber = (void (*)(void *))(swabber), \
78053 - .rmf_dumper = (void (*)(void *))(dumper) \
78054 + .rmf_swabber = (swabber), \
78055 + .rmf_dumper = (dumper) \
78056 }
78057
78058 struct req_msg_field RMF_GENERIC_DATA =
78059 @@ -1889,8 +1889,7 @@ static void *__req_capsule_get(struct req_capsule *pill,
78060 msg = __req_msg(pill, loc);
78061 LASSERT(msg);
78062
78063 - getter = (field->rmf_flags & RMF_F_STRING) ?
78064 - (typeof(getter))lustre_msg_string : lustre_msg_buf;
78065 + getter = (field->rmf_flags & RMF_F_STRING) ? lustre_msg_string : lustre_msg_buf;
78066
78067 if (field->rmf_flags & RMF_F_STRUCT_ARRAY) {
78068 /*
78069 diff --git a/drivers/staging/lustre/lustre/ptlrpc/pack_generic.c b/drivers/staging/lustre/lustre/ptlrpc/pack_generic.c
78070 index b514f18..dd4b44f 100644
78071 --- a/drivers/staging/lustre/lustre/ptlrpc/pack_generic.c
78072 +++ b/drivers/staging/lustre/lustre/ptlrpc/pack_generic.c
78073 @@ -689,7 +689,7 @@ int lustre_msg_bufcount(struct lustre_msg *m)
78074 }
78075 EXPORT_SYMBOL(lustre_msg_bufcount);
78076
78077 -char *lustre_msg_string(struct lustre_msg *m, int index, int max_len)
78078 +void *lustre_msg_string(struct lustre_msg *m, int index, int max_len)
78079 {
78080 /* max_len == 0 means the string should fill the buffer */
78081 char *str;
78082 @@ -1461,8 +1461,10 @@ EXPORT_SYMBOL(do_set_info_async);
78083 /* byte flipping routines for all wire types declared in
78084 * lustre_idl.h implemented here.
78085 */
78086 -void lustre_swab_ptlrpc_body(struct ptlrpc_body *b)
78087 +void lustre_swab_ptlrpc_body(void *_b)
78088 {
78089 + struct ptlrpc_body *b = _b;
78090 +
78091 __swab32s(&b->pb_type);
78092 __swab32s(&b->pb_version);
78093 __swab32s(&b->pb_opc);
78094 @@ -1493,8 +1495,10 @@ void lustre_swab_ptlrpc_body(struct ptlrpc_body *b)
78095 }
78096 EXPORT_SYMBOL(lustre_swab_ptlrpc_body);
78097
78098 -void lustre_swab_connect(struct obd_connect_data *ocd)
78099 +void lustre_swab_connect(void *_ocd)
78100 {
78101 + struct obd_connect_data *ocd = _ocd;
78102 +
78103 __swab64s(&ocd->ocd_connect_flags);
78104 __swab32s(&ocd->ocd_version);
78105 __swab32s(&ocd->ocd_grant);
78106 @@ -1568,8 +1572,10 @@ static void lustre_swab_obdo(struct obdo *o)
78107 CLASSERT(offsetof(typeof(*o), o_padding_6) != 0);
78108 }
78109
78110 -void lustre_swab_obd_statfs(struct obd_statfs *os)
78111 +void lustre_swab_obd_statfs(void *_os)
78112 {
78113 + struct obd_statfs *os = _os;
78114 +
78115 __swab64s(&os->os_type);
78116 __swab64s(&os->os_blocks);
78117 __swab64s(&os->os_bfree);
78118 @@ -1593,42 +1599,54 @@ void lustre_swab_obd_statfs(struct obd_statfs *os)
78119 }
78120 EXPORT_SYMBOL(lustre_swab_obd_statfs);
78121
78122 -void lustre_swab_obd_ioobj(struct obd_ioobj *ioo)
78123 +void lustre_swab_obd_ioobj(void *_ioo)
78124 {
78125 + struct obd_ioobj *ioo = _ioo;
78126 +
78127 lustre_swab_ost_id(&ioo->ioo_oid);
78128 __swab32s(&ioo->ioo_max_brw);
78129 __swab32s(&ioo->ioo_bufcnt);
78130 }
78131 EXPORT_SYMBOL(lustre_swab_obd_ioobj);
78132
78133 -void lustre_swab_niobuf_remote(struct niobuf_remote *nbr)
78134 +void lustre_swab_niobuf_remote(void *_nbr)
78135 {
78136 + struct niobuf_remote *nbr = _nbr;
78137 +
78138 __swab64s(&nbr->offset);
78139 __swab32s(&nbr->len);
78140 __swab32s(&nbr->flags);
78141 }
78142 EXPORT_SYMBOL(lustre_swab_niobuf_remote);
78143
78144 -void lustre_swab_ost_body(struct ost_body *b)
78145 +void lustre_swab_ost_body(void *_b)
78146 {
78147 + struct ost_body *b = _b;
78148 +
78149 lustre_swab_obdo(&b->oa);
78150 }
78151 EXPORT_SYMBOL(lustre_swab_ost_body);
78152
78153 -void lustre_swab_ost_last_id(u64 *id)
78154 +void lustre_swab_ost_last_id(void *_id)
78155 {
78156 + u64 *id = _id;
78157 +
78158 __swab64s(id);
78159 }
78160 EXPORT_SYMBOL(lustre_swab_ost_last_id);
78161
78162 -void lustre_swab_generic_32s(__u32 *val)
78163 +void lustre_swab_generic_32s(void *_val)
78164 {
78165 + __u32 *val = _val;
78166 +
78167 __swab32s(val);
78168 }
78169 EXPORT_SYMBOL(lustre_swab_generic_32s);
78170
78171 -void lustre_swab_gl_desc(union ldlm_gl_desc *desc)
78172 +void lustre_swab_gl_desc(void *_desc)
78173 {
78174 + union ldlm_gl_desc *desc = _desc;
78175 +
78176 lustre_swab_lu_fid(&desc->lquota_desc.gl_id.qid_fid);
78177 __swab64s(&desc->lquota_desc.gl_flags);
78178 __swab64s(&desc->lquota_desc.gl_ver);
78179 @@ -1672,8 +1690,10 @@ void lustre_swab_lquota_lvb(struct lquota_lvb *lvb)
78180 }
78181 EXPORT_SYMBOL(lustre_swab_lquota_lvb);
78182
78183 -void lustre_swab_mdt_body(struct mdt_body *b)
78184 +void lustre_swab_mdt_body(void *_b)
78185 {
78186 + struct mdt_body *b = _b;
78187 +
78188 lustre_swab_lu_fid(&b->fid1);
78189 lustre_swab_lu_fid(&b->fid2);
78190 /* handle is opaque */
78191 @@ -1706,8 +1726,10 @@ void lustre_swab_mdt_body(struct mdt_body *b)
78192 }
78193 EXPORT_SYMBOL(lustre_swab_mdt_body);
78194
78195 -void lustre_swab_mdt_ioepoch(struct mdt_ioepoch *b)
78196 +void lustre_swab_mdt_ioepoch(void *_b)
78197 {
78198 + struct mdt_ioepoch *b = _b;
78199 +
78200 /* handle is opaque */
78201 __swab64s(&b->ioepoch);
78202 __swab32s(&b->flags);
78203 @@ -1715,8 +1737,9 @@ void lustre_swab_mdt_ioepoch(struct mdt_ioepoch *b)
78204 }
78205 EXPORT_SYMBOL(lustre_swab_mdt_ioepoch);
78206
78207 -void lustre_swab_mgs_target_info(struct mgs_target_info *mti)
78208 +void lustre_swab_mgs_target_info(void *_mti)
78209 {
78210 + struct mgs_target_info *mti = _mti;
78211 int i;
78212
78213 __swab32s(&mti->mti_lustre_ver);
78214 @@ -1754,16 +1777,20 @@ void lustre_swab_mgs_nidtbl_entry(struct mgs_nidtbl_entry *entry)
78215 }
78216 EXPORT_SYMBOL(lustre_swab_mgs_nidtbl_entry);
78217
78218 -void lustre_swab_mgs_config_body(struct mgs_config_body *body)
78219 +void lustre_swab_mgs_config_body(void *_body)
78220 {
78221 + struct mgs_config_body *body = _body;
78222 +
78223 __swab64s(&body->mcb_offset);
78224 __swab32s(&body->mcb_units);
78225 __swab16s(&body->mcb_type);
78226 }
78227 EXPORT_SYMBOL(lustre_swab_mgs_config_body);
78228
78229 -void lustre_swab_mgs_config_res(struct mgs_config_res *body)
78230 +void lustre_swab_mgs_config_res(void *_body)
78231 {
78232 + struct mgs_config_res *body = _body;
78233 +
78234 __swab64s(&body->mcr_offset);
78235 __swab64s(&body->mcr_size);
78236 }
78237 @@ -1791,8 +1818,10 @@ static void lustre_swab_obd_dqblk(struct obd_dqblk *b)
78238 CLASSERT(offsetof(typeof(*b), dqb_padding) != 0);
78239 }
78240
78241 -void lustre_swab_obd_quotactl(struct obd_quotactl *q)
78242 +void lustre_swab_obd_quotactl(void *_q)
78243 {
78244 + struct obd_quotactl *q = _q;
78245 +
78246 __swab32s(&q->qc_cmd);
78247 __swab32s(&q->qc_type);
78248 __swab32s(&q->qc_id);
78249 @@ -1820,8 +1849,9 @@ static void lustre_swab_fiemap_extent(struct ll_fiemap_extent *fm_extent)
78250 __swab32s(&fm_extent->fe_device);
78251 }
78252
78253 -void lustre_swab_fiemap(struct ll_user_fiemap *fiemap)
78254 +void lustre_swab_fiemap(void *_fiemap)
78255 {
78256 + struct ll_user_fiemap *fiemap = _fiemap;
78257 int i;
78258
78259 __swab64s(&fiemap->fm_start);
78260 @@ -1836,8 +1866,10 @@ void lustre_swab_fiemap(struct ll_user_fiemap *fiemap)
78261 }
78262 EXPORT_SYMBOL(lustre_swab_fiemap);
78263
78264 -void lustre_swab_mdt_rec_reint (struct mdt_rec_reint *rr)
78265 +void lustre_swab_mdt_rec_reint (void *_rr)
78266 {
78267 + struct mdt_rec_reint *rr = _rr;
78268 +
78269 __swab32s(&rr->rr_opcode);
78270 __swab32s(&rr->rr_cap);
78271 __swab32s(&rr->rr_fsuid);
78272 @@ -1969,8 +2001,10 @@ static void lustre_swab_ldlm_policy_data(ldlm_wire_policy_data_t *d)
78273 __swab32s(&d->l_flock.lfw_pid);
78274 }
78275
78276 -void lustre_swab_ldlm_intent(struct ldlm_intent *i)
78277 +void lustre_swab_ldlm_intent(void *_i)
78278 {
78279 + struct ldlm_intent *i = _i;
78280 +
78281 __swab64s(&i->opc);
78282 }
78283 EXPORT_SYMBOL(lustre_swab_ldlm_intent);
78284 @@ -1990,8 +2024,10 @@ static void lustre_swab_ldlm_lock_desc(struct ldlm_lock_desc *l)
78285 lustre_swab_ldlm_policy_data(&l->l_policy_data);
78286 }
78287
78288 -void lustre_swab_ldlm_request(struct ldlm_request *rq)
78289 +void lustre_swab_ldlm_request(void *_rq)
78290 {
78291 + struct ldlm_request *rq = _rq;
78292 +
78293 __swab32s(&rq->lock_flags);
78294 lustre_swab_ldlm_lock_desc(&rq->lock_desc);
78295 __swab32s(&rq->lock_count);
78296 @@ -1999,8 +2035,10 @@ void lustre_swab_ldlm_request(struct ldlm_request *rq)
78297 }
78298 EXPORT_SYMBOL(lustre_swab_ldlm_request);
78299
78300 -void lustre_swab_ldlm_reply(struct ldlm_reply *r)
78301 +void lustre_swab_ldlm_reply(void *_r)
78302 {
78303 + struct ldlm_reply *r = _r;
78304 +
78305 __swab32s(&r->lock_flags);
78306 CLASSERT(offsetof(typeof(*r), lock_padding) != 0);
78307 lustre_swab_ldlm_lock_desc(&r->lock_desc);
78308 @@ -2011,8 +2049,10 @@ void lustre_swab_ldlm_reply(struct ldlm_reply *r)
78309 EXPORT_SYMBOL(lustre_swab_ldlm_reply);
78310
78311 /* Dump functions */
78312 -void dump_ioo(struct obd_ioobj *ioo)
78313 +void dump_ioo(void *_ioo)
78314 {
78315 + struct obd_ioobj *ioo = _ioo;
78316 +
78317 CDEBUG(D_RPCTRACE,
78318 "obd_ioobj: ioo_oid=" DOSTID ", ioo_max_brw=%#x, ioo_bufct=%d\n",
78319 POSTID(&ioo->ioo_oid), ioo->ioo_max_brw,
78320 @@ -2020,8 +2060,10 @@ void dump_ioo(struct obd_ioobj *ioo)
78321 }
78322 EXPORT_SYMBOL(dump_ioo);
78323
78324 -void dump_rniobuf(struct niobuf_remote *nb)
78325 +void dump_rniobuf(void *_nb)
78326 {
78327 + struct niobuf_remote *nb = _nb;
78328 +
78329 CDEBUG(D_RPCTRACE, "niobuf_remote: offset=%llu, len=%d, flags=%x\n",
78330 nb->offset, nb->len, nb->flags);
78331 }
78332 @@ -2089,14 +2131,18 @@ static void dump_obdo(struct obdo *oa)
78333 CDEBUG(D_RPCTRACE, "obdo: o_lcookie = (llog_cookie dumping not yet implemented)\n");
78334 }
78335
78336 -void dump_ost_body(struct ost_body *ob)
78337 +void dump_ost_body(void *_ob)
78338 {
78339 + struct ost_body *ob = _ob;
78340 +
78341 dump_obdo(&ob->oa);
78342 }
78343 EXPORT_SYMBOL(dump_ost_body);
78344
78345 -void dump_rcs(__u32 *rc)
78346 +void dump_rcs(void *_rc)
78347 {
78348 + __u32 *rc = _rc;
78349 +
78350 CDEBUG(D_RPCTRACE, "rmf_rcs: %d\n", *rc);
78351 }
78352 EXPORT_SYMBOL(dump_rcs);
78353 @@ -2173,8 +2219,10 @@ void _debug_req(struct ptlrpc_request *req,
78354 }
78355 EXPORT_SYMBOL(_debug_req);
78356
78357 -void lustre_swab_lustre_capa(struct lustre_capa *c)
78358 +void lustre_swab_lustre_capa(void *_c)
78359 {
78360 + struct lustre_capa *c = _c;
78361 +
78362 lustre_swab_lu_fid(&c->lc_fid);
78363 __swab64s(&c->lc_opc);
78364 __swab64s(&c->lc_uid);
78365 @@ -2186,15 +2234,19 @@ void lustre_swab_lustre_capa(struct lustre_capa *c)
78366 }
78367 EXPORT_SYMBOL(lustre_swab_lustre_capa);
78368
78369 -void lustre_swab_hsm_user_state(struct hsm_user_state *state)
78370 +void lustre_swab_hsm_user_state(void *_state)
78371 {
78372 + struct hsm_user_state *state = _state;
78373 +
78374 __swab32s(&state->hus_states);
78375 __swab32s(&state->hus_archive_id);
78376 }
78377 EXPORT_SYMBOL(lustre_swab_hsm_user_state);
78378
78379 -void lustre_swab_hsm_state_set(struct hsm_state_set *hss)
78380 +void lustre_swab_hsm_state_set(void *_hss)
78381 {
78382 + struct hsm_state_set *hss = _hss;
78383 +
78384 __swab32s(&hss->hss_valid);
78385 __swab64s(&hss->hss_setmask);
78386 __swab64s(&hss->hss_clearmask);
78387 @@ -2208,23 +2260,29 @@ static void lustre_swab_hsm_extent(struct hsm_extent *extent)
78388 __swab64s(&extent->length);
78389 }
78390
78391 -void lustre_swab_hsm_current_action(struct hsm_current_action *action)
78392 +void lustre_swab_hsm_current_action(void *_action)
78393 {
78394 + struct hsm_current_action *action = _action;
78395 +
78396 __swab32s(&action->hca_state);
78397 __swab32s(&action->hca_action);
78398 lustre_swab_hsm_extent(&action->hca_location);
78399 }
78400 EXPORT_SYMBOL(lustre_swab_hsm_current_action);
78401
78402 -void lustre_swab_hsm_user_item(struct hsm_user_item *hui)
78403 +void lustre_swab_hsm_user_item(void *_hui)
78404 {
78405 + struct hsm_user_item *hui = _hui;
78406 +
78407 lustre_swab_lu_fid(&hui->hui_fid);
78408 lustre_swab_hsm_extent(&hui->hui_extent);
78409 }
78410 EXPORT_SYMBOL(lustre_swab_hsm_user_item);
78411
78412 -void lustre_swab_layout_intent(struct layout_intent *li)
78413 +void lustre_swab_layout_intent(void *_li)
78414 {
78415 + struct layout_intent *li = _li;
78416 +
78417 __swab32s(&li->li_opc);
78418 __swab32s(&li->li_flags);
78419 __swab64s(&li->li_start);
78420 @@ -2232,8 +2290,10 @@ void lustre_swab_layout_intent(struct layout_intent *li)
78421 }
78422 EXPORT_SYMBOL(lustre_swab_layout_intent);
78423
78424 -void lustre_swab_hsm_progress_kernel(struct hsm_progress_kernel *hpk)
78425 +void lustre_swab_hsm_progress_kernel(void *_hpk)
78426 {
78427 + struct hsm_progress_kernel *hpk = _hpk;
78428 +
78429 lustre_swab_lu_fid(&hpk->hpk_fid);
78430 __swab64s(&hpk->hpk_cookie);
78431 __swab64s(&hpk->hpk_extent.offset);
78432 @@ -2243,8 +2303,10 @@ void lustre_swab_hsm_progress_kernel(struct hsm_progress_kernel *hpk)
78433 }
78434 EXPORT_SYMBOL(lustre_swab_hsm_progress_kernel);
78435
78436 -void lustre_swab_hsm_request(struct hsm_request *hr)
78437 +void lustre_swab_hsm_request(void *_hr)
78438 {
78439 + struct hsm_request *hr = _hr;
78440 +
78441 __swab32s(&hr->hr_action);
78442 __swab32s(&hr->hr_archive_id);
78443 __swab64s(&hr->hr_flags);
78444 @@ -2253,14 +2315,18 @@ void lustre_swab_hsm_request(struct hsm_request *hr)
78445 }
78446 EXPORT_SYMBOL(lustre_swab_hsm_request);
78447
78448 -void lustre_swab_swap_layouts(struct mdc_swap_layouts *msl)
78449 +void lustre_swab_swap_layouts(void *_msl)
78450 {
78451 + struct mdc_swap_layouts *msl = _msl;
78452 +
78453 __swab64s(&msl->msl_flags);
78454 }
78455 EXPORT_SYMBOL(lustre_swab_swap_layouts);
78456
78457 -void lustre_swab_close_data(struct close_data *cd)
78458 +void lustre_swab_close_data(void *_cd)
78459 {
78460 + struct close_data *cd = _cd;
78461 +
78462 lustre_swab_lu_fid(&cd->cd_fid);
78463 __swab64s(&cd->cd_data_version);
78464 }
78465 diff --git a/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c b/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c
78466 index 7f32b39..e24cff3 100644
78467 --- a/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c
78468 +++ b/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c
78469 @@ -3978,7 +3978,7 @@ static void init_mlme_ext_priv_value(struct adapter *padapter)
78470 _12M_RATE_, _24M_RATE_, 0xff,
78471 };
78472
78473 - atomic_set(&pmlmeext->event_seq, 0);
78474 + atomic_set_unchecked(&pmlmeext->event_seq, 0);
78475 pmlmeext->mgnt_seq = 0;/* reset to zero when disconnect at client mode */
78476
78477 pmlmeext->cur_channel = padapter->registrypriv.channel;
78478 @@ -4171,7 +4171,7 @@ void free_mlme_ext_priv(struct mlme_ext_priv *pmlmeext)
78479
78480 static void _mgt_dispatcher(struct adapter *padapter, struct mlme_handler *ptable, struct recv_frame *precv_frame)
78481 {
78482 - u8 bc_addr[ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
78483 + static const u8 bc_addr[ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
78484 u8 *pframe = precv_frame->rx_data;
78485
78486 if (ptable->func) {
78487 @@ -4190,7 +4190,7 @@ void mgt_dispatcher(struct adapter *padapter, struct recv_frame *precv_frame)
78488 #ifdef CONFIG_88EU_AP_MODE
78489 struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
78490 #endif /* CONFIG_88EU_AP_MODE */
78491 - u8 bc_addr[ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
78492 + static const u8 bc_addr[ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
78493 u8 *pframe = precv_frame->rx_data;
78494 struct sta_info *psta = rtw_get_stainfo(&padapter->stapriv, GetAddr2Ptr(pframe));
78495
78496 @@ -4215,7 +4215,7 @@ void mgt_dispatcher(struct adapter *padapter, struct recv_frame *precv_frame)
78497
78498 index = GetFrameSubType(pframe) >> 4;
78499
78500 - if (index > 13) {
78501 + if (index > ARRAY_SIZE(mlme_sta_tbl)) {
78502 RT_TRACE(_module_rtl871x_mlme_c_, _drv_err_, ("Currently we do not support reserved sub-fr-type=%d\n", index));
78503 return;
78504 }
78505 @@ -4305,7 +4305,7 @@ void report_survey_event(struct adapter *padapter,
78506 pc2h_evt_hdr = (struct C2HEvent_Header *)(pevtcmd);
78507 pc2h_evt_hdr->len = sizeof(struct survey_event);
78508 pc2h_evt_hdr->ID = GEN_EVT_CODE(_Survey);
78509 - pc2h_evt_hdr->seq = atomic_inc_return(&pmlmeext->event_seq);
78510 + pc2h_evt_hdr->seq = atomic_inc_return_unchecked(&pmlmeext->event_seq);
78511
78512 psurvey_evt = (struct survey_event *)(pevtcmd + sizeof(struct C2HEvent_Header));
78513
78514 @@ -4355,7 +4355,7 @@ void report_surveydone_event(struct adapter *padapter)
78515 pc2h_evt_hdr = (struct C2HEvent_Header *)(pevtcmd);
78516 pc2h_evt_hdr->len = sizeof(struct surveydone_event);
78517 pc2h_evt_hdr->ID = GEN_EVT_CODE(_SurveyDone);
78518 - pc2h_evt_hdr->seq = atomic_inc_return(&pmlmeext->event_seq);
78519 + pc2h_evt_hdr->seq = atomic_inc_return_unchecked(&pmlmeext->event_seq);
78520
78521 psurveydone_evt = (struct surveydone_event *)(pevtcmd + sizeof(struct C2HEvent_Header));
78522 psurveydone_evt->bss_cnt = pmlmeext->sitesurvey_res.bss_cnt;
78523 @@ -4399,7 +4399,7 @@ void report_join_res(struct adapter *padapter, int res)
78524 pc2h_evt_hdr = (struct C2HEvent_Header *)(pevtcmd);
78525 pc2h_evt_hdr->len = sizeof(struct joinbss_event);
78526 pc2h_evt_hdr->ID = GEN_EVT_CODE(_JoinBss);
78527 - pc2h_evt_hdr->seq = atomic_inc_return(&pmlmeext->event_seq);
78528 + pc2h_evt_hdr->seq = atomic_inc_return_unchecked(&pmlmeext->event_seq);
78529
78530 pjoinbss_evt = (struct joinbss_event *)(pevtcmd + sizeof(struct C2HEvent_Header));
78531 memcpy((unsigned char *)(&(pjoinbss_evt->network.network)), &(pmlmeinfo->network), sizeof(struct wlan_bssid_ex));
78532 @@ -4450,7 +4450,7 @@ void report_del_sta_event(struct adapter *padapter, unsigned char *MacAddr, unsi
78533 pc2h_evt_hdr = (struct C2HEvent_Header *)(pevtcmd);
78534 pc2h_evt_hdr->len = sizeof(struct stadel_event);
78535 pc2h_evt_hdr->ID = GEN_EVT_CODE(_DelSTA);
78536 - pc2h_evt_hdr->seq = atomic_inc_return(&pmlmeext->event_seq);
78537 + pc2h_evt_hdr->seq = atomic_inc_return_unchecked(&pmlmeext->event_seq);
78538
78539 pdel_sta_evt = (struct stadel_event *)(pevtcmd + sizeof(struct C2HEvent_Header));
78540 memcpy((unsigned char *)(&(pdel_sta_evt->macaddr)), MacAddr, ETH_ALEN);
78541 @@ -4503,7 +4503,7 @@ void report_add_sta_event(struct adapter *padapter, unsigned char *MacAddr, int
78542 pc2h_evt_hdr = (struct C2HEvent_Header *)(pevtcmd);
78543 pc2h_evt_hdr->len = sizeof(struct stassoc_event);
78544 pc2h_evt_hdr->ID = GEN_EVT_CODE(_AddSTA);
78545 - pc2h_evt_hdr->seq = atomic_inc_return(&pmlmeext->event_seq);
78546 + pc2h_evt_hdr->seq = atomic_inc_return_unchecked(&pmlmeext->event_seq);
78547
78548 padd_sta_evt = (struct stassoc_event *)(pevtcmd + sizeof(struct C2HEvent_Header));
78549 memcpy((unsigned char *)(&(padd_sta_evt->macaddr)), MacAddr, ETH_ALEN);
78550 diff --git a/drivers/staging/rtl8188eu/hal/rtl8188eu_recv.c b/drivers/staging/rtl8188eu/hal/rtl8188eu_recv.c
78551 index 255d6f2..52553d3 100644
78552 --- a/drivers/staging/rtl8188eu/hal/rtl8188eu_recv.c
78553 +++ b/drivers/staging/rtl8188eu/hal/rtl8188eu_recv.c
78554 @@ -30,7 +30,7 @@ int rtl8188eu_init_recv_priv(struct adapter *padapter)
78555 struct recv_buf *precvbuf;
78556
78557 tasklet_init(&precvpriv->recv_tasklet,
78558 - (void(*)(unsigned long))rtl8188eu_recv_tasklet,
78559 + rtl8188eu_recv_tasklet,
78560 (unsigned long)padapter);
78561
78562 /* init recv_buf */
78563 diff --git a/drivers/staging/rtl8188eu/hal/rtl8188eu_xmit.c b/drivers/staging/rtl8188eu/hal/rtl8188eu_xmit.c
78564 index ec21d8c..1c2e09c 100644
78565 --- a/drivers/staging/rtl8188eu/hal/rtl8188eu_xmit.c
78566 +++ b/drivers/staging/rtl8188eu/hal/rtl8188eu_xmit.c
78567 @@ -26,7 +26,7 @@ s32 rtl8188eu_init_xmit_priv(struct adapter *adapt)
78568 struct xmit_priv *pxmitpriv = &adapt->xmitpriv;
78569
78570 tasklet_init(&pxmitpriv->xmit_tasklet,
78571 - (void(*)(unsigned long))rtl8188eu_xmit_tasklet,
78572 + rtl8188eu_xmit_tasklet,
78573 (unsigned long)adapt);
78574 return _SUCCESS;
78575 }
78576 diff --git a/drivers/staging/rtl8188eu/include/Hal8188EPhyCfg.h b/drivers/staging/rtl8188eu/include/Hal8188EPhyCfg.h
78577 index 8990748..7727f804 100644
78578 --- a/drivers/staging/rtl8188eu/include/Hal8188EPhyCfg.h
78579 +++ b/drivers/staging/rtl8188eu/include/Hal8188EPhyCfg.h
78580 @@ -200,17 +200,9 @@ void PHY_GetTxPowerLevel8188E(struct adapter *adapter, u32 *powerlevel);
78581
78582 void PHY_ScanOperationBackup8188E(struct adapter *Adapter, u8 Operation);
78583
78584 -/* Call after initialization */
78585 -void ChkFwCmdIoDone(struct adapter *adapter);
78586 -
78587 /* BB/MAC/RF other monitor API */
78588 void PHY_SetRFPathSwitch_8188E(struct adapter *adapter, bool main);
78589
78590 -void PHY_SwitchEphyParameter(struct adapter *adapter);
78591 -
78592 -void PHY_EnableHostClkReq(struct adapter *adapter);
78593 -
78594 -bool SetAntennaConfig92C(struct adapter *adapter, u8 defaultant);
78595
78596 /*--------------------------Exported Function prototype---------------------*/
78597
78598 diff --git a/drivers/staging/rtl8188eu/include/hal_intf.h b/drivers/staging/rtl8188eu/include/hal_intf.h
78599 index eaf939b..356437b 100644
78600 --- a/drivers/staging/rtl8188eu/include/hal_intf.h
78601 +++ b/drivers/staging/rtl8188eu/include/hal_intf.h
78602 @@ -212,7 +212,7 @@ struct hal_ops {
78603
78604 void (*hal_notch_filter)(struct adapter *adapter, bool enable);
78605 void (*hal_reset_security_engine)(struct adapter *adapter);
78606 -};
78607 +} __no_const;
78608
78609 enum rt_eeprom_type {
78610 EEPROM_93C46,
78611 @@ -246,7 +246,6 @@ void rtw_hal_sw_led_deinit(struct adapter *padapter);
78612 u32 rtw_hal_power_on(struct adapter *padapter);
78613 uint rtw_hal_init(struct adapter *padapter);
78614 uint rtw_hal_deinit(struct adapter *padapter);
78615 -void rtw_hal_stop(struct adapter *padapter);
78616 void rtw_hal_set_hwreg(struct adapter *padapter, u8 variable, u8 *val);
78617 void rtw_hal_get_hwreg(struct adapter *padapter, u8 variable, u8 *val);
78618
78619 @@ -275,8 +274,6 @@ void rtw_hal_free_recv_priv(struct adapter *padapter);
78620
78621 void rtw_hal_update_ra_mask(struct adapter *padapter, u32 mac_id, u8 level);
78622 void rtw_hal_add_ra_tid(struct adapter *adapt, u32 bitmap, u8 arg, u8 level);
78623 -void rtw_hal_clone_data(struct adapter *dst_adapt,
78624 - struct adapter *src_adapt);
78625
78626 void rtw_hal_bcn_related_reg_setting(struct adapter *padapter);
78627
78628 diff --git a/drivers/staging/rtl8188eu/include/odm_precomp.h b/drivers/staging/rtl8188eu/include/odm_precomp.h
78629 index 9e5fe17..bdb77bb 100644
78630 --- a/drivers/staging/rtl8188eu/include/odm_precomp.h
78631 +++ b/drivers/staging/rtl8188eu/include/odm_precomp.h
78632 @@ -70,7 +70,7 @@ void odm_RSSIMonitorCheckCE(struct odm_dm_struct *pDM_Odm);
78633 void odm_TXPowerTrackingThermalMeterInit(struct odm_dm_struct *pDM_Odm);
78634 void odm_EdcaTurboCheckCE(struct odm_dm_struct *pDM_Odm);
78635 void odm_TXPowerTrackingCheckCE(struct odm_dm_struct *pDM_Odm);
78636 -void odm_SwAntDivChkAntSwitchCallback(void *FunctionContext);
78637 +void odm_SwAntDivChkAntSwitchCallback(unsigned long FunctionContext);
78638 void odm_InitHybridAntDiv(struct odm_dm_struct *pDM_Odm);
78639 void odm_HwAntDiv(struct odm_dm_struct *pDM_Odm);
78640
78641 diff --git a/drivers/staging/rtl8188eu/include/recv_osdep.h b/drivers/staging/rtl8188eu/include/recv_osdep.h
78642 index cad3158..a1ca486 100644
78643 --- a/drivers/staging/rtl8188eu/include/recv_osdep.h
78644 +++ b/drivers/staging/rtl8188eu/include/recv_osdep.h
78645 @@ -30,7 +30,6 @@ void rtw_recv_returnpacket(struct net_device *cnxt, struct sk_buff *retpkt);
78646
78647 void rtw_handle_tkip_mic_err(struct adapter *padapter, u8 bgroup);
78648
78649 -int rtw_init_recv_priv(struct recv_priv *precvpriv, struct adapter *padapter);
78650 void rtw_free_recv_priv(struct recv_priv *precvpriv);
78651
78652 void rtw_os_recv_resource_alloc(struct recv_frame *recvfr);
78653 diff --git a/drivers/staging/rtl8188eu/include/rtl8188e_recv.h b/drivers/staging/rtl8188eu/include/rtl8188e_recv.h
78654 index 54048bc..e86fdf4 100644
78655 --- a/drivers/staging/rtl8188eu/include/rtl8188e_recv.h
78656 +++ b/drivers/staging/rtl8188eu/include/rtl8188e_recv.h
78657 @@ -54,7 +54,7 @@ enum rx_packet_type {
78658 s32 rtl8188eu_init_recv_priv(struct adapter *padapter);
78659 void rtl8188eu_free_recv_priv(struct adapter *padapter);
78660 void rtl8188eu_recv_hdl(struct adapter *padapter, struct recv_buf *precvbuf);
78661 -void rtl8188eu_recv_tasklet(void *priv);
78662 +void rtl8188eu_recv_tasklet(unsigned long _priv);
78663 void rtl8188e_query_rx_phy_status(struct recv_frame *fr, struct phy_stat *phy);
78664 void rtl8188e_process_phy_info(struct adapter *padapter, void *prframe);
78665 void update_recvframe_phyinfo_88e(struct recv_frame *fra, struct phy_stat *phy);
78666 diff --git a/drivers/staging/rtl8188eu/include/rtl8188e_xmit.h b/drivers/staging/rtl8188eu/include/rtl8188e_xmit.h
78667 index 65a63df..171cfed 100644
78668 --- a/drivers/staging/rtl8188eu/include/rtl8188e_xmit.h
78669 +++ b/drivers/staging/rtl8188eu/include/rtl8188e_xmit.h
78670 @@ -158,7 +158,7 @@ s32 rtl8188eu_hal_xmit(struct adapter *padapter, struct xmit_frame *frame);
78671 s32 rtl8188eu_mgnt_xmit(struct adapter *padapter, struct xmit_frame *frame);
78672 s32 rtl8188eu_xmit_buf_handler(struct adapter *padapter);
78673 #define hal_xmit_handler rtl8188eu_xmit_buf_handler
78674 -void rtl8188eu_xmit_tasklet(void *priv);
78675 +void rtl8188eu_xmit_tasklet(unsigned long _priv);
78676 s32 rtl8188eu_xmitframe_complete(struct adapter *padapter,
78677 struct xmit_priv *pxmitpriv,
78678 struct xmit_buf *pxmitbuf);
78679 diff --git a/drivers/staging/rtl8188eu/include/rtw_cmd.h b/drivers/staging/rtl8188eu/include/rtw_cmd.h
78680 index 08ca592..0eeed5d 100644
78681 --- a/drivers/staging/rtl8188eu/include/rtw_cmd.h
78682 +++ b/drivers/staging/rtl8188eu/include/rtw_cmd.h
78683 @@ -368,7 +368,6 @@ void rtw_readtssi_cmdrsp_callback(struct adapter *adapt, struct cmd_obj *cmd);
78684
78685 void rtw_setstaKey_cmdrsp_callback(struct adapter *adapt, struct cmd_obj *cmd);
78686 void rtw_setassocsta_cmdrsp_callback(struct adapter *adapt, struct cmd_obj *cm);
78687 -void rtw_getrttbl_cmdrsp_callback(struct adapter *adapt, struct cmd_obj *cmd);
78688
78689 struct _cmd_callback {
78690 u32 cmd_code;
78691 diff --git a/drivers/staging/rtl8188eu/include/rtw_eeprom.h b/drivers/staging/rtl8188eu/include/rtw_eeprom.h
78692 index 5dd7384..337cc49 100644
78693 --- a/drivers/staging/rtl8188eu/include/rtw_eeprom.h
78694 +++ b/drivers/staging/rtl8188eu/include/rtw_eeprom.h
78695 @@ -116,10 +116,4 @@ struct eeprom_priv {
78696 u8 efuse_eeprom_data[HWSET_MAX_SIZE_512];
78697 };
78698
78699 -void eeprom_write16(struct adapter *padapter, u16 reg, u16 data);
78700 -u16 eeprom_read16(struct adapter *padapter, u16 reg);
78701 -void read_eeprom_content(struct adapter *padapter);
78702 -void eeprom_read_sz(struct adapter *adapt, u16 reg, u8 *data, u32 sz);
78703 -void read_eeprom_content_by_attrib(struct adapter *padapter);
78704 -
78705 #endif /* __RTL871X_EEPROM_H__ */
78706 diff --git a/drivers/staging/rtl8188eu/include/rtw_ioctl.h b/drivers/staging/rtl8188eu/include/rtw_ioctl.h
78707 index 3a652df..4b3ac6b 100644
78708 --- a/drivers/staging/rtl8188eu/include/rtw_ioctl.h
78709 +++ b/drivers/staging/rtl8188eu/include/rtw_ioctl.h
78710 @@ -103,13 +103,4 @@ static int oid_null_function(struct oid_par_priv *poid_par_priv) {
78711
78712 extern struct iw_handler_def rtw_handlers_def;
78713
78714 -int drv_query_info(struct net_device *miniportadaptercontext, NDIS_OID oid,
78715 - void *informationbuffer, u32 informationbufferlength,
78716 - u32 *byteswritten, u32 *bytesneeded);
78717 -
78718 -int drv_set_info(struct net_device *MiniportAdapterContext,
78719 - NDIS_OID oid, void *informationbuffer,
78720 - u32 informationbufferlength, u32 *bytesread,
78721 - u32 *bytesneeded);
78722 -
78723 #endif /* #ifndef __INC_CEINFO_ */
78724 diff --git a/drivers/staging/rtl8188eu/include/rtw_mlme_ext.h b/drivers/staging/rtl8188eu/include/rtw_mlme_ext.h
78725 index 27382ff..851aeb0 100644
78726 --- a/drivers/staging/rtl8188eu/include/rtw_mlme_ext.h
78727 +++ b/drivers/staging/rtl8188eu/include/rtw_mlme_ext.h
78728 @@ -404,7 +404,7 @@ struct p2p_oper_class_map {
78729 struct mlme_ext_priv {
78730 struct adapter *padapter;
78731 u8 mlmeext_init;
78732 - atomic_t event_seq;
78733 + atomic_unchecked_t event_seq;
78734 u16 mgnt_seq;
78735
78736 unsigned char cur_channel;
78737 @@ -550,8 +550,6 @@ void report_add_sta_event(struct adapter *padapter, unsigned char *addr,
78738
78739 void beacon_timing_control(struct adapter *padapter);
78740 u8 set_tx_beacon_cmd(struct adapter *padapter);
78741 -unsigned int setup_beacon_frame(struct adapter *padapter,
78742 - unsigned char *beacon_frame);
78743 void update_mgnt_tx_rate(struct adapter *padapter, u8 rate);
78744 void update_mgntframe_attrib(struct adapter *padapter,
78745 struct pkt_attrib *pattrib);
78746 @@ -599,12 +597,6 @@ struct cmd_hdl {
78747 u8 (*h2cfuns)(struct adapter *padapter, u8 *pbuf);
78748 };
78749
78750 -u8 read_macreg_hdl(struct adapter *padapter, u8 *pbuf);
78751 -u8 write_macreg_hdl(struct adapter *padapter, u8 *pbuf);
78752 -u8 read_bbreg_hdl(struct adapter *padapter, u8 *pbuf);
78753 -u8 write_bbreg_hdl(struct adapter *padapter, u8 *pbuf);
78754 -u8 read_rfreg_hdl(struct adapter *padapter, u8 *pbuf);
78755 -u8 write_rfreg_hdl(struct adapter *padapter, u8 *pbuf);
78756 u8 join_cmd_hdl(struct adapter *padapter, u8 *pbuf);
78757 u8 disconnect_hdl(struct adapter *padapter, u8 *pbuf);
78758 u8 createbss_hdl(struct adapter *padapter, u8 *pbuf);
78759 @@ -613,8 +605,6 @@ u8 sitesurvey_cmd_hdl(struct adapter *padapter, u8 *pbuf);
78760 u8 setauth_hdl(struct adapter *padapter, u8 *pbuf);
78761 u8 setkey_hdl(struct adapter *padapter, u8 *pbuf);
78762 u8 set_stakey_hdl(struct adapter *padapter, u8 *pbuf);
78763 -u8 set_assocsta_hdl(struct adapter *padapter, u8 *pbuf);
78764 -u8 del_assocsta_hdl(struct adapter *padapter, u8 *pbuf);
78765 u8 add_ba_hdl(struct adapter *padapter, unsigned char *pbuf);
78766
78767 u8 mlme_evt_hdl(struct adapter *padapter, unsigned char *pbuf);
78768 diff --git a/drivers/staging/rtl8188eu/include/xmit_osdep.h b/drivers/staging/rtl8188eu/include/xmit_osdep.h
78769 index f96ca6a..104d496 100644
78770 --- a/drivers/staging/rtl8188eu/include/xmit_osdep.h
78771 +++ b/drivers/staging/rtl8188eu/include/xmit_osdep.h
78772 @@ -35,7 +35,7 @@ struct sta_xmit_priv;
78773 struct xmit_frame;
78774 struct xmit_buf;
78775
78776 -int rtw_xmit_entry(struct sk_buff *pkt, struct net_device *pnetdev);
78777 +netdev_tx_t rtw_xmit_entry(struct sk_buff *pkt, struct net_device *pnetdev);
78778
78779 void rtw_os_xmit_schedule(struct adapter *padapter);
78780
78781 diff --git a/drivers/staging/rtl8188eu/os_dep/usb_ops_linux.c b/drivers/staging/rtl8188eu/os_dep/usb_ops_linux.c
78782 index ce1e1a1..315c3e1 100644
78783 --- a/drivers/staging/rtl8188eu/os_dep/usb_ops_linux.c
78784 +++ b/drivers/staging/rtl8188eu/os_dep/usb_ops_linux.c
78785 @@ -810,10 +810,10 @@ void usb_write_port_cancel(struct adapter *padapter)
78786 }
78787 }
78788
78789 -void rtl8188eu_recv_tasklet(void *priv)
78790 +void rtl8188eu_recv_tasklet(unsigned long priv)
78791 {
78792 struct sk_buff *pskb;
78793 - struct adapter *adapt = priv;
78794 + struct adapter *adapt = (struct adapter *)priv;
78795 struct recv_priv *precvpriv = &adapt->recvpriv;
78796
78797 while (NULL != (pskb = skb_dequeue(&precvpriv->rx_skb_queue))) {
78798 @@ -829,10 +829,10 @@ void rtl8188eu_recv_tasklet(void *priv)
78799 }
78800 }
78801
78802 -void rtl8188eu_xmit_tasklet(void *priv)
78803 +void rtl8188eu_xmit_tasklet(unsigned long priv)
78804 {
78805 int ret = false;
78806 - struct adapter *adapt = priv;
78807 + struct adapter *adapt = (struct adapter *)priv;
78808 struct xmit_priv *pxmitpriv = &adapt->xmitpriv;
78809
78810 if (check_fwstate(&adapt->mlmepriv, _FW_UNDER_SURVEY))
78811 diff --git a/drivers/staging/rtl8188eu/os_dep/xmit_linux.c b/drivers/staging/rtl8188eu/os_dep/xmit_linux.c
78812 index 221e275..bc552c9 100644
78813 --- a/drivers/staging/rtl8188eu/os_dep/xmit_linux.c
78814 +++ b/drivers/staging/rtl8188eu/os_dep/xmit_linux.c
78815 @@ -208,7 +208,7 @@ static int rtw_mlcst2unicst(struct adapter *padapter, struct sk_buff *skb)
78816 }
78817
78818
78819 -int rtw_xmit_entry(struct sk_buff *pkt, struct net_device *pnetdev)
78820 +netdev_tx_t rtw_xmit_entry(struct sk_buff *pkt, struct net_device *pnetdev)
78821 {
78822 struct adapter *padapter = (struct adapter *)rtw_netdev_priv(pnetdev);
78823 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
78824 diff --git a/drivers/staging/rtl8192e/rtl8192e/rtl_core.c b/drivers/staging/rtl8192e/rtl8192e/rtl_core.c
78825 index 13a5ddc..8a876d9 100644
78826 --- a/drivers/staging/rtl8192e/rtl8192e/rtl_core.c
78827 +++ b/drivers/staging/rtl8192e/rtl8192e/rtl_core.c
78828 @@ -84,7 +84,7 @@ static struct pci_driver rtl8192_pci_driver = {
78829 };
78830
78831 static short _rtl92e_is_tx_queue_empty(struct net_device *dev);
78832 -static void _rtl92e_watchdog_wq_cb(void *data);
78833 +static void _rtl92e_watchdog_wq_cb(struct work_struct *data);
78834 static void _rtl92e_watchdog_timer_cb(unsigned long data);
78835 static void _rtl92e_hard_data_xmit(struct sk_buff *skb, struct net_device *dev,
78836 int rate);
78837 @@ -92,13 +92,13 @@ static int _rtl92e_hard_start_xmit(struct sk_buff *skb, struct net_device *dev);
78838 static void _rtl92e_tx_cmd(struct net_device *dev, struct sk_buff *skb);
78839 static short _rtl92e_tx(struct net_device *dev, struct sk_buff *skb);
78840 static short _rtl92e_pci_initdescring(struct net_device *dev);
78841 -static void _rtl92e_irq_tx_tasklet(struct r8192_priv *priv);
78842 -static void _rtl92e_irq_rx_tasklet(struct r8192_priv *priv);
78843 +static void _rtl92e_irq_tx_tasklet(unsigned long priv);
78844 +static void _rtl92e_irq_rx_tasklet(unsigned long priv);
78845 static void _rtl92e_cancel_deferred_work(struct r8192_priv *priv);
78846 static int _rtl92e_up(struct net_device *dev, bool is_silent_reset);
78847 static int _rtl92e_try_up(struct net_device *dev);
78848 static int _rtl92e_down(struct net_device *dev, bool shutdownrf);
78849 -static void _rtl92e_restart(void *data);
78850 +static void _rtl92e_restart(struct work_struct *data);
78851
78852 /****************************************************************************
78853 -----------------------------IO STUFF-------------------------
78854 @@ -375,7 +375,7 @@ static struct rtllib_qos_parameters def_qos_parameters = {
78855 {0, 0, 0, 0}
78856 };
78857
78858 -static void _rtl92e_update_beacon(void *data)
78859 +static void _rtl92e_update_beacon(struct work_struct *data)
78860 {
78861 struct r8192_priv *priv = container_of_work_rsl(data, struct r8192_priv,
78862 update_beacon_wq.work);
78863 @@ -391,7 +391,7 @@ static void _rtl92e_update_beacon(void *data)
78864 _rtl92e_update_cap(dev, net->capability);
78865 }
78866
78867 -static void _rtl92e_qos_activate(void *data)
78868 +static void _rtl92e_qos_activate(struct work_struct *data)
78869 {
78870 struct r8192_priv *priv = container_of_work_rsl(data, struct r8192_priv,
78871 qos_activate);
78872 @@ -527,8 +527,9 @@ static int _rtl92e_handle_assoc_response(struct net_device *dev,
78873 return 0;
78874 }
78875
78876 -static void _rtl92e_prepare_beacon(struct r8192_priv *priv)
78877 +static void _rtl92e_prepare_beacon(unsigned long _priv)
78878 {
78879 + struct r8192_priv *priv = (struct r8192_priv *)_priv;
78880 struct net_device *dev = priv->rtllib->dev;
78881 struct sk_buff *pskb = NULL, *pnewskb = NULL;
78882 struct cb_desc *tcb_desc = NULL;
78883 @@ -1002,30 +1003,30 @@ static void _rtl92e_init_priv_task(struct net_device *dev)
78884 {
78885 struct r8192_priv *priv = rtllib_priv(dev);
78886
78887 - INIT_WORK_RSL(&priv->reset_wq, (void *)_rtl92e_restart, dev);
78888 - INIT_WORK_RSL(&priv->rtllib->ips_leave_wq, (void *)rtl92e_ips_leave_wq,
78889 + INIT_WORK_RSL(&priv->reset_wq, _rtl92e_restart, dev);
78890 + INIT_WORK_RSL(&priv->rtllib->ips_leave_wq, rtl92e_ips_leave_wq,
78891 dev);
78892 INIT_DELAYED_WORK_RSL(&priv->watch_dog_wq,
78893 - (void *)_rtl92e_watchdog_wq_cb, dev);
78894 + _rtl92e_watchdog_wq_cb, dev);
78895 INIT_DELAYED_WORK_RSL(&priv->txpower_tracking_wq,
78896 - (void *)rtl92e_dm_txpower_tracking_wq, dev);
78897 + rtl92e_dm_txpower_tracking_wq, dev);
78898 INIT_DELAYED_WORK_RSL(&priv->rfpath_check_wq,
78899 - (void *)rtl92e_dm_rf_pathcheck_wq, dev);
78900 + rtl92e_dm_rf_pathcheck_wq, dev);
78901 INIT_DELAYED_WORK_RSL(&priv->update_beacon_wq,
78902 - (void *)_rtl92e_update_beacon, dev);
78903 - INIT_WORK_RSL(&priv->qos_activate, (void *)_rtl92e_qos_activate, dev);
78904 + _rtl92e_update_beacon, dev);
78905 + INIT_WORK_RSL(&priv->qos_activate, _rtl92e_qos_activate, dev);
78906 INIT_DELAYED_WORK_RSL(&priv->rtllib->hw_wakeup_wq,
78907 - (void *) rtl92e_hw_wakeup_wq, dev);
78908 + rtl92e_hw_wakeup_wq, dev);
78909 INIT_DELAYED_WORK_RSL(&priv->rtllib->hw_sleep_wq,
78910 - (void *) rtl92e_hw_sleep_wq, dev);
78911 + rtl92e_hw_sleep_wq, dev);
78912 tasklet_init(&priv->irq_rx_tasklet,
78913 - (void(*)(unsigned long))_rtl92e_irq_rx_tasklet,
78914 + _rtl92e_irq_rx_tasklet,
78915 (unsigned long)priv);
78916 tasklet_init(&priv->irq_tx_tasklet,
78917 - (void(*)(unsigned long))_rtl92e_irq_tx_tasklet,
78918 + _rtl92e_irq_tx_tasklet,
78919 (unsigned long)priv);
78920 tasklet_init(&priv->irq_prepare_beacon_tasklet,
78921 - (void(*)(unsigned long))_rtl92e_prepare_beacon,
78922 + _rtl92e_prepare_beacon,
78923 (unsigned long)priv);
78924 }
78925
78926 @@ -1377,7 +1378,7 @@ static void _rtl92e_update_rxcounts(struct r8192_priv *priv, u32 *TotalRxBcnNum,
78927 }
78928 }
78929
78930 -static void _rtl92e_watchdog_wq_cb(void *data)
78931 +static void _rtl92e_watchdog_wq_cb(struct work_struct *data)
78932 {
78933 struct r8192_priv *priv = container_of_dwork_rsl(data,
78934 struct r8192_priv, watch_dog_wq);
78935 @@ -2142,13 +2143,15 @@ static void _rtl92e_tx_resume(struct net_device *dev)
78936 }
78937 }
78938
78939 -static void _rtl92e_irq_tx_tasklet(struct r8192_priv *priv)
78940 +static void _rtl92e_irq_tx_tasklet(unsigned long _priv)
78941 {
78942 + struct r8192_priv *priv = (struct r8192_priv *)_priv;
78943 _rtl92e_tx_resume(priv->rtllib->dev);
78944 }
78945
78946 -static void _rtl92e_irq_rx_tasklet(struct r8192_priv *priv)
78947 +static void _rtl92e_irq_rx_tasklet(unsigned long _priv)
78948 {
78949 + struct r8192_priv *priv= (struct r8192_priv *)_priv;
78950 _rtl92e_rx_normal(priv->rtllib->dev);
78951
78952 rtl92e_writel(priv->rtllib->dev, INTA_MASK,
78953 @@ -2236,7 +2239,7 @@ void rtl92e_commit(struct net_device *dev)
78954 _rtl92e_up(dev, false);
78955 }
78956
78957 -static void _rtl92e_restart(void *data)
78958 +static void _rtl92e_restart(struct work_struct *data)
78959 {
78960 struct r8192_priv *priv = container_of_work_rsl(data, struct r8192_priv,
78961 reset_wq);
78962 diff --git a/drivers/staging/rtl8192e/rtl8192e/rtl_core.h b/drivers/staging/rtl8192e/rtl8192e/rtl_core.h
78963 index f627fdc..3ad70fb 100644
78964 --- a/drivers/staging/rtl8192e/rtl8192e/rtl_core.h
78965 +++ b/drivers/staging/rtl8192e/rtl8192e/rtl_core.h
78966 @@ -586,12 +586,12 @@ void force_pci_posting(struct net_device *dev);
78967 void rtl92e_rx_enable(struct net_device *);
78968 void rtl92e_tx_enable(struct net_device *);
78969
78970 -void rtl92e_hw_sleep_wq(void *data);
78971 +void rtl92e_hw_sleep_wq(struct work_struct *data);
78972 void rtl92e_commit(struct net_device *dev);
78973
78974 void rtl92e_check_rfctrl_gpio_timer(unsigned long data);
78975
78976 -void rtl92e_hw_wakeup_wq(void *data);
78977 +void rtl92e_hw_wakeup_wq(struct work_struct *data);
78978
78979 void rtl92e_reset_desc_ring(struct net_device *dev);
78980 void rtl92e_set_wireless_mode(struct net_device *dev, u8 wireless_mode);
78981 diff --git a/drivers/staging/rtl8192e/rtl8192e/rtl_dm.c b/drivers/staging/rtl8192e/rtl8192e/rtl_dm.c
78982 index 9bc2848..17ccbf7 100644
78983 --- a/drivers/staging/rtl8192e/rtl8192e/rtl_dm.c
78984 +++ b/drivers/staging/rtl8192e/rtl8192e/rtl_dm.c
78985 @@ -195,7 +195,7 @@ static void _rtl92e_dm_deinit_fsync(struct net_device *dev);
78986 static void _rtl92e_dm_check_txrateandretrycount(struct net_device *dev);
78987 static void _rtl92e_dm_check_ac_dc_power(struct net_device *dev);
78988 static void _rtl92e_dm_check_fsync(struct net_device *dev);
78989 -static void _rtl92e_dm_check_rf_ctrl_gpio(void *data);
78990 +static void _rtl92e_dm_check_rf_ctrl_gpio(struct work_struct *data);
78991 static void _rtl92e_dm_fsync_timer_callback(unsigned long data);
78992
78993 /*---------------------Define local function prototype-----------------------*/
78994 @@ -229,7 +229,7 @@ void rtl92e_dm_init(struct net_device *dev)
78995 _rtl92e_dm_init_wa_broadcom_iot(dev);
78996
78997 INIT_DELAYED_WORK_RSL(&priv->gpio_change_rf_wq,
78998 - (void *)_rtl92e_dm_check_rf_ctrl_gpio, dev);
78999 + _rtl92e_dm_check_rf_ctrl_gpio, dev);
79000 }
79001
79002 void rtl92e_dm_deinit(struct net_device *dev)
79003 @@ -932,7 +932,7 @@ static void _rtl92e_dm_tx_power_tracking_cb_thermal(struct net_device *dev)
79004 priv->txpower_count = 0;
79005 }
79006
79007 -void rtl92e_dm_txpower_tracking_wq(void *data)
79008 +void rtl92e_dm_txpower_tracking_wq(struct work_struct *data)
79009 {
79010 struct r8192_priv *priv = container_of_dwork_rsl(data,
79011 struct r8192_priv, txpower_tracking_wq);
79012 @@ -1814,7 +1814,7 @@ static void _rtl92e_dm_init_wa_broadcom_iot(struct net_device *dev)
79013 pHTInfo->WAIotTH = WAIotTHVal;
79014 }
79015
79016 -static void _rtl92e_dm_check_rf_ctrl_gpio(void *data)
79017 +static void _rtl92e_dm_check_rf_ctrl_gpio(struct work_struct *data)
79018 {
79019 struct r8192_priv *priv = container_of_dwork_rsl(data,
79020 struct r8192_priv, gpio_change_rf_wq);
79021 @@ -1868,7 +1868,7 @@ static void _rtl92e_dm_check_rf_ctrl_gpio(void *data)
79022 }
79023 }
79024
79025 -void rtl92e_dm_rf_pathcheck_wq(void *data)
79026 +void rtl92e_dm_rf_pathcheck_wq(struct work_struct *data)
79027 {
79028 struct r8192_priv *priv = container_of_dwork_rsl(data,
79029 struct r8192_priv,
79030 diff --git a/drivers/staging/rtl8192e/rtl8192e/rtl_dm.h b/drivers/staging/rtl8192e/rtl8192e/rtl_dm.h
79031 index 756a0dd..d2de5e8 100644
79032 --- a/drivers/staging/rtl8192e/rtl8192e/rtl_dm.h
79033 +++ b/drivers/staging/rtl8192e/rtl8192e/rtl_dm.h
79034 @@ -191,13 +191,13 @@ void rtl92e_dm_watchdog(struct net_device *dev);
79035
79036
79037 void rtl92e_init_adaptive_rate(struct net_device *dev);
79038 -void rtl92e_dm_txpower_tracking_wq(void *data);
79039 +void rtl92e_dm_txpower_tracking_wq(struct work_struct *data);
79040
79041 void rtl92e_dm_cck_txpower_adjust(struct net_device *dev, bool binch14);
79042
79043 void rtl92e_dm_restore_state(struct net_device *dev);
79044 void rtl92e_dm_backup_state(struct net_device *dev);
79045 void rtl92e_dm_init_edca_turbo(struct net_device *dev);
79046 -void rtl92e_dm_rf_pathcheck_wq(void *data);
79047 +void rtl92e_dm_rf_pathcheck_wq(struct work_struct *data);
79048 void rtl92e_dm_init_txpower_tracking(struct net_device *dev);
79049 #endif /*__R8192UDM_H__ */
79050 diff --git a/drivers/staging/rtl8192e/rtl8192e/rtl_ps.c b/drivers/staging/rtl8192e/rtl8192e/rtl_ps.c
79051 index 98e4d88..5216a5f 100644
79052 --- a/drivers/staging/rtl8192e/rtl8192e/rtl_ps.c
79053 +++ b/drivers/staging/rtl8192e/rtl8192e/rtl_ps.c
79054 @@ -44,7 +44,7 @@ static void _rtl92e_hw_sleep(struct net_device *dev)
79055 rtl92e_set_rf_state(dev, eRfSleep, RF_CHANGE_BY_PS);
79056 }
79057
79058 -void rtl92e_hw_sleep_wq(void *data)
79059 +void rtl92e_hw_sleep_wq(struct work_struct *data)
79060 {
79061 struct rtllib_device *ieee = container_of_dwork_rsl(data,
79062 struct rtllib_device, hw_sleep_wq);
79063 @@ -72,7 +72,7 @@ void rtl92e_hw_wakeup(struct net_device *dev)
79064 rtl92e_set_rf_state(dev, eRfOn, RF_CHANGE_BY_PS);
79065 }
79066
79067 -void rtl92e_hw_wakeup_wq(void *data)
79068 +void rtl92e_hw_wakeup_wq(struct work_struct *data)
79069 {
79070 struct rtllib_device *ieee = container_of_dwork_rsl(data,
79071 struct rtllib_device, hw_wakeup_wq);
79072 @@ -172,7 +172,7 @@ void rtl92e_ips_leave(struct net_device *dev)
79073 }
79074 }
79075
79076 -void rtl92e_ips_leave_wq(void *data)
79077 +void rtl92e_ips_leave_wq(struct work_struct *data)
79078 {
79079 struct rtllib_device *ieee = container_of_work_rsl(data,
79080 struct rtllib_device, ips_leave_wq);
79081 diff --git a/drivers/staging/rtl8192e/rtl8192e/rtl_ps.h b/drivers/staging/rtl8192e/rtl8192e/rtl_ps.h
79082 index a46f4cf..8f46fda 100644
79083 --- a/drivers/staging/rtl8192e/rtl8192e/rtl_ps.h
79084 +++ b/drivers/staging/rtl8192e/rtl8192e/rtl_ps.h
79085 @@ -24,6 +24,7 @@
79086 #include <linux/types.h>
79087
79088 struct net_device;
79089 +struct work_struct;
79090
79091 #define RT_CHECK_FOR_HANG_PERIOD 2
79092
79093 @@ -31,7 +32,7 @@ void rtl92e_hw_wakeup(struct net_device *dev);
79094 void rtl92e_enter_sleep(struct net_device *dev, u64 time);
79095 void rtl92e_rtllib_ips_leave_wq(struct net_device *dev);
79096 void rtl92e_rtllib_ips_leave(struct net_device *dev);
79097 -void rtl92e_ips_leave_wq(void *data);
79098 +void rtl92e_ips_leave_wq(struct work_struct *data);
79099
79100 void rtl92e_ips_enter(struct net_device *dev);
79101 void rtl92e_ips_leave(struct net_device *dev);
79102 diff --git a/drivers/staging/rtl8192e/rtl8192e/rtl_wx.c b/drivers/staging/rtl8192e/rtl8192e/rtl_wx.c
79103 index 70df6a1..21c9f2e 100644
79104 --- a/drivers/staging/rtl8192e/rtl8192e/rtl_wx.c
79105 +++ b/drivers/staging/rtl8192e/rtl8192e/rtl_wx.c
79106 @@ -1187,30 +1187,30 @@ static const struct iw_priv_args r8192_private_args[] = {
79107 };
79108
79109 static iw_handler r8192_private_handler[] = {
79110 - (iw_handler)_rtl92e_wx_set_debug, /*SIOCIWSECONDPRIV*/
79111 - (iw_handler)_rtl92e_wx_set_scan_type,
79112 - (iw_handler)_rtl92e_wx_set_rawtx,
79113 - (iw_handler)_rtl92e_wx_force_reset,
79114 - (iw_handler)NULL,
79115 - (iw_handler)NULL,
79116 - (iw_handler)_rtl92e_wx_adapter_power_status,
79117 - (iw_handler)NULL,
79118 - (iw_handler)NULL,
79119 - (iw_handler)NULL,
79120 - (iw_handler)_rtl92e_wx_set_lps_awake_interval,
79121 - (iw_handler)_rtl92e_wx_set_force_lps,
79122 - (iw_handler)NULL,
79123 - (iw_handler)NULL,
79124 - (iw_handler)NULL,
79125 - (iw_handler)NULL,
79126 - (iw_handler)NULL,
79127 - (iw_handler)NULL,
79128 - (iw_handler)NULL,
79129 - (iw_handler)NULL,
79130 - (iw_handler)NULL,
79131 - (iw_handler)NULL,
79132 - (iw_handler)_rtl92e_wx_set_promisc_mode,
79133 - (iw_handler)_rtl92e_wx_get_promisc_mode,
79134 + _rtl92e_wx_set_debug, /*SIOCIWSECONDPRIV*/
79135 + _rtl92e_wx_set_scan_type,
79136 + _rtl92e_wx_set_rawtx,
79137 + _rtl92e_wx_force_reset,
79138 + NULL,
79139 + NULL,
79140 + _rtl92e_wx_adapter_power_status,
79141 + NULL,
79142 + NULL,
79143 + NULL,
79144 + _rtl92e_wx_set_lps_awake_interval,
79145 + _rtl92e_wx_set_force_lps,
79146 + NULL,
79147 + NULL,
79148 + NULL,
79149 + NULL,
79150 + NULL,
79151 + NULL,
79152 + NULL,
79153 + NULL,
79154 + NULL,
79155 + NULL,
79156 + _rtl92e_wx_set_promisc_mode,
79157 + _rtl92e_wx_get_promisc_mode,
79158 };
79159
79160 static struct iw_statistics *_rtl92e_get_wireless_stats(struct net_device *dev)
79161 diff --git a/drivers/staging/rtl8192e/rtllib.h b/drivers/staging/rtl8192e/rtllib.h
79162 index 776e179..5a021e6 100644
79163 --- a/drivers/staging/rtl8192e/rtllib.h
79164 +++ b/drivers/staging/rtl8192e/rtllib.h
79165 @@ -1993,7 +1993,7 @@ int rtllib_encrypt_fragment(
79166 struct sk_buff *frag,
79167 int hdr_len);
79168
79169 -int rtllib_xmit(struct sk_buff *skb, struct net_device *dev);
79170 +netdev_tx_t rtllib_xmit(struct sk_buff *skb, struct net_device *dev);
79171 void rtllib_txb_free(struct rtllib_txb *);
79172
79173 /* rtllib_rx.c */
79174 @@ -2107,7 +2107,7 @@ int rtllib_wx_set_freq(struct rtllib_device *ieee, struct iw_request_info *a,
79175
79176 int rtllib_wx_get_freq(struct rtllib_device *ieee, struct iw_request_info *a,
79177 union iwreq_data *wrqu, char *b);
79178 -void rtllib_wx_sync_scan_wq(void *data);
79179 +void rtllib_wx_sync_scan_wq(struct work_struct *data);
79180
79181 int rtllib_wx_set_rawtx(struct rtllib_device *ieee,
79182 struct iw_request_info *info,
79183 diff --git a/drivers/staging/rtl8192e/rtllib_softmac.c b/drivers/staging/rtl8192e/rtllib_softmac.c
79184 index 62154e3..bf1e431 100644
79185 --- a/drivers/staging/rtl8192e/rtllib_softmac.c
79186 +++ b/drivers/staging/rtl8192e/rtllib_softmac.c
79187 @@ -574,7 +574,7 @@ out:
79188 wireless_send_event(ieee->dev, SIOCGIWSCAN, &wrqu, NULL);
79189 }
79190
79191 -static void rtllib_softmac_scan_wq(void *data)
79192 +static void rtllib_softmac_scan_wq(struct work_struct *data)
79193 {
79194 struct rtllib_device *ieee = container_of_dwork_rsl(data,
79195 struct rtllib_device, softmac_scan_wq);
79196 @@ -1513,7 +1513,7 @@ static void rtllib_associate_step2(struct rtllib_device *ieee)
79197 }
79198 }
79199
79200 -static void rtllib_associate_complete_wq(void *data)
79201 +static void rtllib_associate_complete_wq(struct work_struct *data)
79202 {
79203 struct rtllib_device *ieee = (struct rtllib_device *)
79204 container_of_work_rsl(data,
79205 @@ -1582,7 +1582,7 @@ static void rtllib_associate_complete(struct rtllib_device *ieee)
79206 schedule_work(&ieee->associate_complete_wq);
79207 }
79208
79209 -static void rtllib_associate_procedure_wq(void *data)
79210 +static void rtllib_associate_procedure_wq(struct work_struct *data)
79211 {
79212 struct rtllib_device *ieee = container_of_dwork_rsl(data,
79213 struct rtllib_device,
79214 @@ -2054,8 +2054,9 @@ static short rtllib_sta_ps_sleep(struct rtllib_device *ieee, u64 *time)
79215
79216 }
79217
79218 -static inline void rtllib_sta_ps(struct rtllib_device *ieee)
79219 +static inline void rtllib_sta_ps(unsigned long _ieee)
79220 {
79221 + struct rtllib_device *ieee = (struct rtllib_device *)_ieee;
79222 u64 time;
79223 short sleep;
79224 unsigned long flags, flags2;
79225 @@ -2576,7 +2577,7 @@ static void rtllib_start_monitor_mode(struct rtllib_device *ieee)
79226 }
79227 }
79228
79229 -static void rtllib_start_ibss_wq(void *data)
79230 +static void rtllib_start_ibss_wq(struct work_struct *data)
79231 {
79232 struct rtllib_device *ieee = container_of_dwork_rsl(data,
79233 struct rtllib_device, start_ibss_wq);
79234 @@ -2741,7 +2742,7 @@ static void rtllib_start_bss(struct rtllib_device *ieee)
79235 spin_unlock_irqrestore(&ieee->lock, flags);
79236 }
79237
79238 -static void rtllib_link_change_wq(void *data)
79239 +static void rtllib_link_change_wq(struct work_struct *data)
79240 {
79241 struct rtllib_device *ieee = container_of_dwork_rsl(data,
79242 struct rtllib_device, link_change_wq);
79243 @@ -2767,7 +2768,7 @@ void rtllib_disassociate(struct rtllib_device *ieee)
79244 notify_wx_assoc_event(ieee);
79245 }
79246
79247 -static void rtllib_associate_retry_wq(void *data)
79248 +static void rtllib_associate_retry_wq(struct work_struct *data)
79249 {
79250 struct rtllib_device *ieee = container_of_dwork_rsl(data,
79251 struct rtllib_device, associate_retry_wq);
79252 @@ -3020,19 +3021,18 @@ void rtllib_softmac_init(struct rtllib_device *ieee)
79253 (unsigned long) ieee);
79254
79255 INIT_DELAYED_WORK_RSL(&ieee->link_change_wq,
79256 - (void *)rtllib_link_change_wq, ieee);
79257 + rtllib_link_change_wq, ieee);
79258 INIT_DELAYED_WORK_RSL(&ieee->start_ibss_wq,
79259 - (void *)rtllib_start_ibss_wq, ieee);
79260 + rtllib_start_ibss_wq, ieee);
79261 INIT_WORK_RSL(&ieee->associate_complete_wq,
79262 - (void *)rtllib_associate_complete_wq, ieee);
79263 + rtllib_associate_complete_wq, ieee);
79264 INIT_DELAYED_WORK_RSL(&ieee->associate_procedure_wq,
79265 - (void *)rtllib_associate_procedure_wq, ieee);
79266 + rtllib_associate_procedure_wq, ieee);
79267 INIT_DELAYED_WORK_RSL(&ieee->softmac_scan_wq,
79268 - (void *)rtllib_softmac_scan_wq, ieee);
79269 + rtllib_softmac_scan_wq, ieee);
79270 INIT_DELAYED_WORK_RSL(&ieee->associate_retry_wq,
79271 - (void *)rtllib_associate_retry_wq, ieee);
79272 - INIT_WORK_RSL(&ieee->wx_sync_scan_wq, (void *)rtllib_wx_sync_scan_wq,
79273 - ieee);
79274 + rtllib_associate_retry_wq, ieee);
79275 + INIT_WORK_RSL(&ieee->wx_sync_scan_wq, rtllib_wx_sync_scan_wq, ieee);
79276
79277 sema_init(&ieee->wx_sem, 1);
79278 sema_init(&ieee->scan_sem, 1);
79279 @@ -3042,7 +3042,7 @@ void rtllib_softmac_init(struct rtllib_device *ieee)
79280 spin_lock_init(&ieee->beacon_lock);
79281
79282 tasklet_init(&ieee->ps_task,
79283 - (void(*)(unsigned long)) rtllib_sta_ps,
79284 + rtllib_sta_ps,
79285 (unsigned long)ieee);
79286
79287 }
79288 diff --git a/drivers/staging/rtl8192e/rtllib_softmac_wx.c b/drivers/staging/rtl8192e/rtllib_softmac_wx.c
79289 index 61ed8b0..a8b7d01 100644
79290 --- a/drivers/staging/rtl8192e/rtllib_softmac_wx.c
79291 +++ b/drivers/staging/rtl8192e/rtllib_softmac_wx.c
79292 @@ -327,7 +327,7 @@ out:
79293 }
79294 EXPORT_SYMBOL(rtllib_wx_set_mode);
79295
79296 -void rtllib_wx_sync_scan_wq(void *data)
79297 +void rtllib_wx_sync_scan_wq(struct work_struct *data)
79298 {
79299 struct rtllib_device *ieee = container_of_work_rsl(data,
79300 struct rtllib_device, wx_sync_scan_wq);
79301 diff --git a/drivers/staging/rtl8192e/rtllib_tx.c b/drivers/staging/rtl8192e/rtllib_tx.c
79302 index 58fc70e..3fe041e 100644
79303 --- a/drivers/staging/rtl8192e/rtllib_tx.c
79304 +++ b/drivers/staging/rtl8192e/rtllib_tx.c
79305 @@ -981,7 +981,7 @@ static int rtllib_xmit_inter(struct sk_buff *skb, struct net_device *dev)
79306 return 1;
79307
79308 }
79309 -int rtllib_xmit(struct sk_buff *skb, struct net_device *dev)
79310 +netdev_tx_t rtllib_xmit(struct sk_buff *skb, struct net_device *dev)
79311 {
79312 memset(skb->cb, 0, sizeof(skb->cb));
79313 return rtllib_xmit_inter(skb, dev);
79314 diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211.h b/drivers/staging/rtl8192u/ieee80211/ieee80211.h
79315 index 09e9499..dc65c79 100644
79316 --- a/drivers/staging/rtl8192u/ieee80211/ieee80211.h
79317 +++ b/drivers/staging/rtl8192u/ieee80211/ieee80211.h
79318 @@ -2174,7 +2174,7 @@ int ieee80211_set_encryption(struct ieee80211_device *ieee);
79319 int ieee80211_encrypt_fragment(struct ieee80211_device *ieee,
79320 struct sk_buff *frag, int hdr_len);
79321
79322 -int ieee80211_xmit(struct sk_buff *skb, struct net_device *dev);
79323 +netdev_tx_t ieee80211_xmit(struct sk_buff *skb, struct net_device *dev);
79324 void ieee80211_txb_free(struct ieee80211_txb *);
79325
79326
79327 diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c b/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c
79328 index 49db1b7..8e1b69a 100644
79329 --- a/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c
79330 +++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c
79331 @@ -1765,9 +1765,9 @@ static short ieee80211_sta_ps_sleep(struct ieee80211_device *ieee, u32 *time_h,
79332
79333 }
79334
79335 -static inline void ieee80211_sta_ps(struct ieee80211_device *ieee)
79336 +static inline void ieee80211_sta_ps(unsigned long _ieee)
79337 {
79338 -
79339 + struct ieee80211_device *ieee = (struct ieee80211_device *)_ieee;
79340 u32 th, tl;
79341 short sleep;
79342
79343 @@ -2735,7 +2735,7 @@ void ieee80211_softmac_init(struct ieee80211_device *ieee)
79344 spin_lock_init(&ieee->beacon_lock);
79345
79346 tasklet_init(&ieee->ps_task,
79347 - (void(*)(unsigned long)) ieee80211_sta_ps,
79348 + ieee80211_sta_ps,
79349 (unsigned long)ieee);
79350
79351 }
79352 diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_tx.c b/drivers/staging/rtl8192u/ieee80211/ieee80211_tx.c
79353 index 1ab0aea..41de55c 100644
79354 --- a/drivers/staging/rtl8192u/ieee80211/ieee80211_tx.c
79355 +++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_tx.c
79356 @@ -594,7 +594,7 @@ static void ieee80211_query_seqnum(struct ieee80211_device *ieee,
79357 }
79358 }
79359
79360 -int ieee80211_xmit(struct sk_buff *skb, struct net_device *dev)
79361 +netdev_tx_t ieee80211_xmit(struct sk_buff *skb, struct net_device *dev)
79362 {
79363 struct ieee80211_device *ieee = netdev_priv(dev);
79364 struct ieee80211_txb *txb = NULL;
79365 diff --git a/drivers/staging/rtl8192u/r8192U_core.c b/drivers/staging/rtl8192u/r8192U_core.c
79366 index dd0970f..7fa0bdf 100644
79367 --- a/drivers/staging/rtl8192u/r8192U_core.c
79368 +++ b/drivers/staging/rtl8192u/r8192U_core.c
79369 @@ -2382,7 +2382,7 @@ static void rtl8192_init_priv_lock(struct r8192_priv *priv)
79370
79371 static void rtl819x_watchdog_wqcallback(struct work_struct *work);
79372
79373 -static void rtl8192_irq_rx_tasklet(struct r8192_priv *priv);
79374 +static void rtl8192_irq_rx_tasklet(unsigned long priv);
79375 /* init tasklet and wait_queue here. only 2.6 above kernel is considered */
79376 #define DRV_NAME "wlan0"
79377 static void rtl8192_init_priv_task(struct net_device *dev)
79378 @@ -2405,7 +2405,7 @@ static void rtl8192_init_priv_task(struct net_device *dev)
79379 INIT_WORK(&priv->qos_activate, rtl8192_qos_activate);
79380
79381 tasklet_init(&priv->irq_rx_tasklet,
79382 - (void(*)(unsigned long))rtl8192_irq_rx_tasklet,
79383 + rtl8192_irq_rx_tasklet,
79384 (unsigned long)priv);
79385 }
79386
79387 @@ -4942,8 +4942,9 @@ static void rtl8192_rx_cmd(struct sk_buff *skb)
79388 }
79389 }
79390
79391 -static void rtl8192_irq_rx_tasklet(struct r8192_priv *priv)
79392 +static void rtl8192_irq_rx_tasklet(unsigned long _priv)
79393 {
79394 + struct r8192_priv *priv = (struct r8192_priv *)_priv;
79395 struct sk_buff *skb;
79396 struct rtl8192_rx_info *info;
79397
79398 diff --git a/drivers/staging/rtl8712/rtl8712_recv.c b/drivers/staging/rtl8712/rtl8712_recv.c
79399 index f25b34c..487a963 100644
79400 --- a/drivers/staging/rtl8712/rtl8712_recv.c
79401 +++ b/drivers/staging/rtl8712/rtl8712_recv.c
79402 @@ -45,7 +45,7 @@ static u8 bridge_tunnel_header[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8};
79403 /* Ethernet-II snap header (RFC1042 for most EtherTypes) */
79404 static u8 rfc1042_header[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00};
79405
79406 -static void recv_tasklet(void *priv);
79407 +static void recv_tasklet(unsigned long _priv);
79408
79409 int r8712_init_recv_priv(struct recv_priv *precvpriv, struct _adapter *padapter)
79410 {
79411 @@ -79,7 +79,7 @@ int r8712_init_recv_priv(struct recv_priv *precvpriv, struct _adapter *padapter)
79412 }
79413 precvpriv->free_recv_buf_queue_cnt = NR_RECVBUFF;
79414 tasklet_init(&precvpriv->recv_tasklet,
79415 - (void(*)(unsigned long))recv_tasklet,
79416 + recv_tasklet,
79417 (unsigned long)padapter);
79418 skb_queue_head_init(&precvpriv->rx_skb_queue);
79419
79420 @@ -1103,7 +1103,7 @@ _exit_recvbuf2recvframe:
79421 return _SUCCESS;
79422 }
79423
79424 -static void recv_tasklet(void *priv)
79425 +static void recv_tasklet(unsigned long priv)
79426 {
79427 struct sk_buff *pskb;
79428 struct _adapter *padapter = (struct _adapter *)priv;
79429 diff --git a/drivers/staging/rtl8712/rtl871x_io.h b/drivers/staging/rtl8712/rtl871x_io.h
79430 index 26dd24c..2eb37c9 100644
79431 --- a/drivers/staging/rtl8712/rtl871x_io.h
79432 +++ b/drivers/staging/rtl8712/rtl871x_io.h
79433 @@ -108,7 +108,7 @@ struct _io_ops {
79434 u8 *pmem);
79435 u32 (*_write_port)(struct intf_hdl *pintfhdl, u32 addr, u32 cnt,
79436 u8 *pmem);
79437 -};
79438 +} __no_const;
79439
79440 struct io_req {
79441 struct list_head list;
79442 diff --git a/drivers/staging/rtl8712/rtl871x_ioctl.h b/drivers/staging/rtl8712/rtl871x_ioctl.h
79443 index c9218be..ecda3f6 100644
79444 --- a/drivers/staging/rtl8712/rtl871x_ioctl.h
79445 +++ b/drivers/staging/rtl8712/rtl871x_ioctl.h
79446 @@ -76,18 +76,4 @@ uint oid_null_function(struct oid_par_priv *poid_par_priv);
79447
79448 extern struct iw_handler_def r871x_handlers_def;
79449
79450 -uint drv_query_info(struct net_device *MiniportAdapterContext,
79451 - uint Oid,
79452 - void *InformationBuffer,
79453 - u32 InformationBufferLength,
79454 - u32 *BytesWritten,
79455 - u32 *BytesNeeded);
79456 -
79457 -uint drv_set_info(struct net_device *MiniportAdapterContext,
79458 - uint Oid,
79459 - void *InformationBuffer,
79460 - u32 InformationBufferLength,
79461 - u32 *BytesRead,
79462 - u32 *BytesNeeded);
79463 -
79464 #endif
79465 diff --git a/drivers/staging/rtl8712/rtl871x_xmit.c b/drivers/staging/rtl8712/rtl871x_xmit.c
79466 index 99256ba..1b789b8 100644
79467 --- a/drivers/staging/rtl8712/rtl871x_xmit.c
79468 +++ b/drivers/staging/rtl8712/rtl871x_xmit.c
79469 @@ -152,7 +152,7 @@ sint _r8712_init_xmit_priv(struct xmit_priv *pxmitpriv,
79470 alloc_hwxmits(padapter);
79471 init_hwxmits(pxmitpriv->hwxmits, pxmitpriv->hwxmit_entry);
79472 tasklet_init(&pxmitpriv->xmit_tasklet,
79473 - (void(*)(unsigned long))r8712_xmit_bh,
79474 + r8712_xmit_bh,
79475 (unsigned long)padapter);
79476 return _SUCCESS;
79477 }
79478 diff --git a/drivers/staging/rtl8712/rtl871x_xmit.h b/drivers/staging/rtl8712/rtl871x_xmit.h
79479 index a9633c3..77b0c85 100644
79480 --- a/drivers/staging/rtl8712/rtl871x_xmit.h
79481 +++ b/drivers/staging/rtl8712/rtl871x_xmit.h
79482 @@ -291,7 +291,7 @@ int r8712_pre_xmit(struct _adapter *padapter, struct xmit_frame *pxmitframe);
79483 int r8712_xmit_enqueue(struct _adapter *padapter,
79484 struct xmit_frame *pxmitframe);
79485 int r8712_xmit_direct(struct _adapter *padapter, struct xmit_frame *pxmitframe);
79486 -void r8712_xmit_bh(void *priv);
79487 +void r8712_xmit_bh(unsigned long priv);
79488
79489 void xmitframe_xmitbuf_attach(struct xmit_frame *pxmitframe,
79490 struct xmit_buf *pxmitbuf);
79491 diff --git a/drivers/staging/rtl8712/usb_ops_linux.c b/drivers/staging/rtl8712/usb_ops_linux.c
79492 index 6f1234570..3c8fb5a 100644
79493 --- a/drivers/staging/rtl8712/usb_ops_linux.c
79494 +++ b/drivers/staging/rtl8712/usb_ops_linux.c
79495 @@ -331,10 +331,10 @@ void r8712_usb_read_port_cancel(struct _adapter *padapter)
79496 }
79497 }
79498
79499 -void r8712_xmit_bh(void *priv)
79500 +void r8712_xmit_bh(unsigned long priv)
79501 {
79502 int ret = false;
79503 - struct _adapter *padapter = priv;
79504 + struct _adapter *padapter = (struct _adapter *)priv;
79505 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
79506
79507 if (padapter->bDriverStopped ||
79508 diff --git a/drivers/staging/rtl8712/xmit_linux.c b/drivers/staging/rtl8712/xmit_linux.c
79509 index 695f9b9..5f8019a 100644
79510 --- a/drivers/staging/rtl8712/xmit_linux.c
79511 +++ b/drivers/staging/rtl8712/xmit_linux.c
79512 @@ -156,7 +156,7 @@ void r8712_xmit_complete(struct _adapter *padapter, struct xmit_frame *pxframe)
79513 pxframe->pkt = NULL;
79514 }
79515
79516 -int r8712_xmit_entry(_pkt *pkt, struct net_device *pnetdev)
79517 +netdev_tx_t r8712_xmit_entry(_pkt *pkt, struct net_device *pnetdev)
79518 {
79519 struct xmit_frame *pxmitframe = NULL;
79520 struct _adapter *padapter = netdev_priv(pnetdev);
79521 diff --git a/drivers/staging/rtl8712/xmit_osdep.h b/drivers/staging/rtl8712/xmit_osdep.h
79522 index 8eba7ca..6c4ce81 100644
79523 --- a/drivers/staging/rtl8712/xmit_osdep.h
79524 +++ b/drivers/staging/rtl8712/xmit_osdep.h
79525 @@ -46,7 +46,7 @@ struct sta_xmit_priv;
79526 struct xmit_frame;
79527 struct xmit_buf;
79528
79529 -int r8712_xmit_entry(_pkt *pkt, struct net_device *pnetdev);
79530 +netdev_tx_t r8712_xmit_entry(_pkt *pkt, struct net_device *pnetdev);
79531 void r8712_SetFilter(struct work_struct *work);
79532 int r8712_xmit_resource_alloc(struct _adapter *padapter,
79533 struct xmit_buf *pxmitbuf);
79534 diff --git a/drivers/staging/rtl8723au/core/rtw_mlme_ext.c b/drivers/staging/rtl8723au/core/rtw_mlme_ext.c
79535 index 7dd1540..52d1392 100644
79536 --- a/drivers/staging/rtl8723au/core/rtw_mlme_ext.c
79537 +++ b/drivers/staging/rtl8723au/core/rtw_mlme_ext.c
79538 @@ -368,7 +368,7 @@ static void init_mlme_ext_priv23a_value(struct rtw_adapter *padapter)
79539 _1M_RATE_, _2M_RATE_, _5M_RATE_, _11M_RATE_, _6M_RATE_,
79540 _12M_RATE_, _24M_RATE_, 0xff,};
79541
79542 - atomic_set(&pmlmeext->event_seq, 0);
79543 + atomic_set_unchecked(&pmlmeext->event_seq, 0);
79544 /* reset to zero when disconnect at client mode */
79545 pmlmeext->mgnt_seq = 0;
79546
79547 @@ -4734,7 +4734,7 @@ void report_survey_event23a(struct rtw_adapter *padapter,
79548 pc2h_evt_hdr = (struct C2HEvent_Header *)(pevtcmd);
79549 pc2h_evt_hdr->len = sizeof(struct survey_event);
79550 pc2h_evt_hdr->ID = GEN_EVT_CODE(_Survey);
79551 - pc2h_evt_hdr->seq = atomic_inc_return(&pmlmeext->event_seq);
79552 + pc2h_evt_hdr->seq = atomic_inc_return_unchecked(&pmlmeext->event_seq);
79553
79554 psurvey_evt = (struct survey_event*)(pevtcmd + sizeof(struct C2HEvent_Header));
79555
79556 @@ -4783,7 +4783,7 @@ void report_surveydone_event23a(struct rtw_adapter *padapter)
79557 pc2h_evt_hdr = (struct C2HEvent_Header *)(pevtcmd);
79558 pc2h_evt_hdr->len = sizeof(struct surveydone_event);
79559 pc2h_evt_hdr->ID = GEN_EVT_CODE(_SurveyDone);
79560 - pc2h_evt_hdr->seq = atomic_inc_return(&pmlmeext->event_seq);
79561 + pc2h_evt_hdr->seq = atomic_inc_return_unchecked(&pmlmeext->event_seq);
79562
79563 psurveydone_evt = (struct surveydone_event*)(pevtcmd + sizeof(struct C2HEvent_Header));
79564 psurveydone_evt->bss_cnt = pmlmeext->sitesurvey_res.bss_cnt;
79565 @@ -4825,7 +4825,7 @@ void report_join_res23a(struct rtw_adapter *padapter, int res)
79566 pc2h_evt_hdr = (struct C2HEvent_Header *)(pevtcmd);
79567 pc2h_evt_hdr->len = sizeof(struct joinbss_event);
79568 pc2h_evt_hdr->ID = GEN_EVT_CODE(_JoinBss);
79569 - pc2h_evt_hdr->seq = atomic_inc_return(&pmlmeext->event_seq);
79570 + pc2h_evt_hdr->seq = atomic_inc_return_unchecked(&pmlmeext->event_seq);
79571
79572 pjoinbss_evt = (struct joinbss_event*)(pevtcmd + sizeof(struct C2HEvent_Header));
79573 memcpy((unsigned char *)&pjoinbss_evt->network.network,
79574 @@ -4873,7 +4873,7 @@ void report_del_sta_event23a(struct rtw_adapter *padapter,
79575 pc2h_evt_hdr = (struct C2HEvent_Header *)(pevtcmd);
79576 pc2h_evt_hdr->len = sizeof(struct stadel_event);
79577 pc2h_evt_hdr->ID = GEN_EVT_CODE(_DelSTA);
79578 - pc2h_evt_hdr->seq = atomic_inc_return(&pmlmeext->event_seq);
79579 + pc2h_evt_hdr->seq = atomic_inc_return_unchecked(&pmlmeext->event_seq);
79580
79581 pdel_sta_evt = (struct stadel_event*)(pevtcmd + sizeof(struct C2HEvent_Header));
79582 ether_addr_copy((unsigned char *)&pdel_sta_evt->macaddr, MacAddr);
79583 @@ -4925,7 +4925,7 @@ void report_add_sta_event23a(struct rtw_adapter *padapter,
79584 pc2h_evt_hdr = (struct C2HEvent_Header *)(pevtcmd);
79585 pc2h_evt_hdr->len = sizeof(struct stassoc_event);
79586 pc2h_evt_hdr->ID = GEN_EVT_CODE(_AddSTA);
79587 - pc2h_evt_hdr->seq = atomic_inc_return(&pmlmeext->event_seq);
79588 + pc2h_evt_hdr->seq = atomic_inc_return_unchecked(&pmlmeext->event_seq);
79589
79590 padd_sta_evt = (struct stassoc_event*)(pevtcmd + sizeof(struct C2HEvent_Header));
79591 ether_addr_copy((unsigned char *)&padd_sta_evt->macaddr, MacAddr);
79592 diff --git a/drivers/staging/rtl8723au/core/rtw_xmit.c b/drivers/staging/rtl8723au/core/rtw_xmit.c
79593 index 3de40cf..8213068 100644
79594 --- a/drivers/staging/rtl8723au/core/rtw_xmit.c
79595 +++ b/drivers/staging/rtl8723au/core/rtw_xmit.c
79596 @@ -183,7 +183,7 @@ int _rtw_init_xmit_priv23a(struct xmit_priv *pxmitpriv,
79597 mutex_init(&pxmitpriv->ack_tx_mutex);
79598 rtw_sctx_init23a(&pxmitpriv->ack_tx_ops, 0);
79599 tasklet_init(&padapter->xmitpriv.xmit_tasklet,
79600 - (void(*)(unsigned long))rtl8723au_xmit_tasklet,
79601 + rtl8723au_xmit_tasklet,
79602 (unsigned long)padapter);
79603
79604 exit:
79605 diff --git a/drivers/staging/rtl8723au/hal/rtl8723au_recv.c b/drivers/staging/rtl8723au/hal/rtl8723au_recv.c
79606 index 0fec84b..298d283 100644
79607 --- a/drivers/staging/rtl8723au/hal/rtl8723au_recv.c
79608 +++ b/drivers/staging/rtl8723au/hal/rtl8723au_recv.c
79609 @@ -33,7 +33,7 @@ int rtl8723au_init_recv_priv(struct rtw_adapter *padapter)
79610 struct sk_buff *pskb;
79611
79612 tasklet_init(&precvpriv->recv_tasklet,
79613 - (void(*)(unsigned long))rtl8723au_recv_tasklet,
79614 + rtl8723au_recv_tasklet,
79615 (unsigned long)padapter);
79616
79617 precvpriv->int_in_urb = usb_alloc_urb(0, GFP_KERNEL);
79618 diff --git a/drivers/staging/rtl8723au/hal/usb_ops_linux.c b/drivers/staging/rtl8723au/hal/usb_ops_linux.c
79619 index 5c81ff4..b4c2601 100644
79620 --- a/drivers/staging/rtl8723au/hal/usb_ops_linux.c
79621 +++ b/drivers/staging/rtl8723au/hal/usb_ops_linux.c
79622 @@ -483,7 +483,7 @@ _exit_recvbuf2recvframe:
79623 return _SUCCESS;
79624 }
79625
79626 -void rtl8723au_recv_tasklet(void *priv)
79627 +void rtl8723au_recv_tasklet(unsigned long priv)
79628 {
79629 struct sk_buff *pskb;
79630 struct rtw_adapter *padapter = (struct rtw_adapter *)priv;
79631 @@ -658,7 +658,7 @@ int rtl8723au_read_port(struct rtw_adapter *adapter, u32 cnt,
79632 return ret;
79633 }
79634
79635 -void rtl8723au_xmit_tasklet(void *priv)
79636 +void rtl8723au_xmit_tasklet(unsigned long priv)
79637 {
79638 int ret;
79639 struct rtw_adapter *padapter = (struct rtw_adapter *)priv;
79640 diff --git a/drivers/staging/rtl8723au/include/Hal8723APhyCfg.h b/drivers/staging/rtl8723au/include/Hal8723APhyCfg.h
79641 index bcf3657..74d4742 100644
79642 --- a/drivers/staging/rtl8723au/include/Hal8723APhyCfg.h
79643 +++ b/drivers/staging/rtl8723au/include/Hal8723APhyCfg.h
79644 @@ -135,7 +135,6 @@ void PHY_SetBWMode23a8723A(struct rtw_adapter *pAdapter,
79645 /* */
79646 void PHY_SwChnl8723A(struct rtw_adapter *pAdapter, u8 channel);
79647 /* Call after initialization */
79648 -void ChkFwCmdIoDone(struct rtw_adapter *Adapter);
79649
79650 /* */
79651 /* Modify the value of the hw register when beacon interval be changed. */
79652 @@ -144,13 +143,6 @@ void
79653 rtl8192c_PHY_SetBeaconHwReg(struct rtw_adapter *Adapter, u16 BeaconInterval);
79654
79655
79656 -void PHY_SwitchEphyParameter(struct rtw_adapter *Adapter);
79657 -
79658 -void PHY_EnableHostClkReq(struct rtw_adapter *Adapter);
79659 -
79660 -bool
79661 -SetAntennaConfig92C(struct rtw_adapter *Adapter, u8 DefaultAnt);
79662 -
79663 /*--------------------------Exported Function prototype---------------------*/
79664
79665 #define PHY_SetMacReg PHY_SetBBReg
79666 diff --git a/drivers/staging/rtl8723au/include/drv_types.h b/drivers/staging/rtl8723au/include/drv_types.h
79667 index e83463a..84230f3 100644
79668 --- a/drivers/staging/rtl8723au/include/drv_types.h
79669 +++ b/drivers/staging/rtl8723au/include/drv_types.h
79670 @@ -185,7 +185,7 @@ struct dvobj_priv {
79671
79672 struct usb_interface *pusbintf;
79673 struct usb_device *pusbdev;
79674 - atomic_t continual_urb_error;
79675 + atomic_unchecked_t continual_urb_error;
79676
79677 /*-------- below is for PCIE INTERFACE --------*/
79678
79679 diff --git a/drivers/staging/rtl8723au/include/hal_intf.h b/drivers/staging/rtl8723au/include/hal_intf.h
79680 index b924d47..1e3e51c 100644
79681 --- a/drivers/staging/rtl8723au/include/hal_intf.h
79682 +++ b/drivers/staging/rtl8723au/include/hal_intf.h
79683 @@ -97,10 +97,8 @@ int pm_netdev_open23a(struct net_device *pnetdev, u8 bnormal);
79684
79685 int rtl8723au_hal_init(struct rtw_adapter *padapter);
79686 int rtl8723au_hal_deinit(struct rtw_adapter *padapter);
79687 -void rtw_hal_stop(struct rtw_adapter *padapter);
79688
79689 void rtw_hal_update_ra_mask23a(struct sta_info *psta, u8 rssi_level);
79690 -void rtw_hal_clone_data(struct rtw_adapter *dst_padapter, struct rtw_adapter *src_padapter);
79691
79692 void hw_var_set_correct_tsf(struct rtw_adapter *padapter);
79693 void hw_var_set_mlme_disconnect(struct rtw_adapter *padapter);
79694 diff --git a/drivers/staging/rtl8723au/include/recv_osdep.h b/drivers/staging/rtl8723au/include/recv_osdep.h
79695 index c2d3f1b..bb0dc02 100644
79696 --- a/drivers/staging/rtl8723au/include/recv_osdep.h
79697 +++ b/drivers/staging/rtl8723au/include/recv_osdep.h
79698 @@ -26,7 +26,6 @@ int rtw_recv_indicatepkt23a(struct rtw_adapter *adapter, struct recv_frame *prec
79699
79700 void rtw_handle_tkip_mic_err23a(struct rtw_adapter *padapter, u8 bgroup);
79701
79702 -int rtw_init_recv_priv(struct recv_priv *precvpriv, struct rtw_adapter *padapter);
79703 void rtw_free_recv_priv (struct recv_priv *precvpriv);
79704
79705 int rtw_os_recv_resource_init(struct recv_priv *precvpriv, struct rtw_adapter *padapter);
79706 diff --git a/drivers/staging/rtl8723au/include/rtw_ap.h b/drivers/staging/rtl8723au/include/rtw_ap.h
79707 index 55a708f..2f111af 100644
79708 --- a/drivers/staging/rtl8723au/include/rtw_ap.h
79709 +++ b/drivers/staging/rtl8723au/include/rtw_ap.h
79710 @@ -26,8 +26,6 @@
79711 void init_mlme_ap_info23a(struct rtw_adapter *padapter);
79712 void free_mlme_ap_info23a(struct rtw_adapter *padapter);
79713 /* void update_BCNTIM(struct rtw_adapter *padapter); */
79714 -void rtw_add_bcn_ie(struct rtw_adapter *padapter, struct wlan_bssid_ex *pnetwork, u8 index, u8 *data, u8 len);
79715 -void rtw_remove_bcn_ie(struct rtw_adapter *padapter, struct wlan_bssid_ex *pnetwork, u8 index);
79716 void update_beacon23a(struct rtw_adapter *padapter, u8 ie_id, u8 *oui, u8 tx);
79717 void add_RATid23a(struct rtw_adapter *padapter, struct sta_info *psta, u8 rssi_level);
79718 void expire_timeout_chk23a(struct rtw_adapter *padapter);
79719 diff --git a/drivers/staging/rtl8723au/include/rtw_cmd.h b/drivers/staging/rtl8723au/include/rtw_cmd.h
79720 index d1fa95d..338b933 100644
79721 --- a/drivers/staging/rtl8723au/include/rtw_cmd.h
79722 +++ b/drivers/staging/rtl8723au/include/rtw_cmd.h
79723 @@ -712,7 +712,6 @@ int rtw_ps_cmd23a(struct rtw_adapter*padapter);
79724 int rtw_chk_hi_queue_cmd23a(struct rtw_adapter*padapter);
79725 #endif
79726
79727 -int rtw_set_chplan_cmd(struct rtw_adapter*padapter, u8 chplan, u8 enqueue);
79728 int rtw_led_blink_cmd(struct rtw_adapter*padapter, struct led_8723a *pLed);
79729 int rtw_set_csa_cmd(struct rtw_adapter*padapter, u8 new_ch_no);
79730
79731 diff --git a/drivers/staging/rtl8723au/include/rtw_eeprom.h b/drivers/staging/rtl8723au/include/rtw_eeprom.h
79732 index a86f36e..8addfe7 100644
79733 --- a/drivers/staging/rtl8723au/include/rtw_eeprom.h
79734 +++ b/drivers/staging/rtl8723au/include/rtw_eeprom.h
79735 @@ -125,11 +125,4 @@ struct eeprom_priv {
79736 u8 efuse_eeprom_data[HWSET_MAX_SIZE_512]; /* 92C:256bytes, 88E:512bytes, we use union set (512bytes) */
79737 };
79738
79739 -void eeprom_write16(struct rtw_adapter *padapter, u16 reg, u16 data);
79740 -u16 eeprom_read16(struct rtw_adapter *padapter, u16 reg);
79741 -void read_eeprom_content(struct rtw_adapter *padapter);
79742 -void eeprom_read_sz(struct rtw_adapter *padapter, u16 reg, u8 *data, u32 sz);
79743 -
79744 -void read_eeprom_content_by_attrib(struct rtw_adapter *padapter);
79745 -
79746 #endif /* __RTL871X_EEPROM_H__ */
79747 diff --git a/drivers/staging/rtl8723au/include/rtw_mlme_ext.h b/drivers/staging/rtl8723au/include/rtw_mlme_ext.h
79748 index 0e7d3da..4a54c4fa3 100644
79749 --- a/drivers/staging/rtl8723au/include/rtw_mlme_ext.h
79750 +++ b/drivers/staging/rtl8723au/include/rtw_mlme_ext.h
79751 @@ -406,7 +406,7 @@ struct p2p_oper_class_map {
79752 struct mlme_ext_priv {
79753 struct rtw_adapter *padapter;
79754 u8 mlmeext_init;
79755 - atomic_t event_seq;
79756 + atomic_unchecked_t event_seq;
79757 u16 mgnt_seq;
79758
79759 /* struct fw_priv fwpriv; */
79760 @@ -541,8 +541,6 @@ void report_add_sta_event23a(struct rtw_adapter *padapter,
79761 unsigned char *MacAddr, int cam_idx);
79762
79763 int set_tx_beacon_cmd23a(struct rtw_adapter*padapter);
79764 -unsigned int setup_beacon_frame(struct rtw_adapter *padapter,
79765 - unsigned char *beacon_frame);
79766 void update_mgnt_tx_rate23a(struct rtw_adapter *padapter, u8 rate);
79767 void update_mgntframe_attrib23a(struct rtw_adapter *padapter,
79768 struct pkt_attrib *pattrib);
79769 @@ -595,14 +593,6 @@ struct cmd_hdl {
79770 };
79771
79772
79773 -int read_macreg_hdl(struct rtw_adapter *padapter, u8 *pbuf);
79774 -int write_macreg_hdl(struct rtw_adapter *padapter, u8 *pbuf);
79775 -int read_bbreg_hdl(struct rtw_adapter *padapter, u8 *pbuf);
79776 -int write_bbreg_hdl(struct rtw_adapter *padapter, u8 *pbuf);
79777 -int read_rfreg_hdl(struct rtw_adapter *padapter, u8 *pbuf);
79778 -int write_rfreg_hdl(struct rtw_adapter *padapter, u8 *pbuf);
79779 -
79780 -
79781 int NULL_hdl23a(struct rtw_adapter *padapter, const u8 *pbuf);
79782 int join_cmd_hdl23a(struct rtw_adapter *padapter, const u8 *pbuf);
79783 int disconnect_hdl23a(struct rtw_adapter *padapter, const u8 *pbuf);
79784 @@ -612,8 +602,6 @@ int sitesurvey_cmd_hdl23a(struct rtw_adapter *padapter, const u8 *pbuf);
79785 int setauth_hdl23a(struct rtw_adapter *padapter, const u8 *pbuf);
79786 int setkey_hdl23a(struct rtw_adapter *padapter, const u8 *pbuf);
79787 int set_stakey_hdl23a(struct rtw_adapter *padapter, const u8 *pbuf);
79788 -int set_assocsta_hdl(struct rtw_adapter *padapter, const u8 *pbuf);
79789 -int del_assocsta_hdl(struct rtw_adapter *padapter, const u8 *pbuf);
79790 int add_ba_hdl23a(struct rtw_adapter *padapter, const u8 *pbuf);
79791
79792 int mlme_evt_hdl23a(struct rtw_adapter *padapter, const u8 *pbuf);
79793 diff --git a/drivers/staging/rtl8723au/include/usb_ops.h b/drivers/staging/rtl8723au/include/usb_ops.h
79794 index ff11e13..22a13ac 100644
79795 --- a/drivers/staging/rtl8723au/include/usb_ops.h
79796 +++ b/drivers/staging/rtl8723au/include/usb_ops.h
79797 @@ -36,9 +36,9 @@ enum {
79798
79799 void rtl8723au_set_hw_type(struct rtw_adapter *padapter);
79800
79801 -void rtl8723au_recv_tasklet(void *priv);
79802 +void rtl8723au_recv_tasklet(unsigned long priv);
79803
79804 -void rtl8723au_xmit_tasklet(void *priv);
79805 +void rtl8723au_xmit_tasklet(unsigned long priv);
79806
79807 /* Increase and check if the continual_urb_error of this @param dvobjprive is
79808 * larger than MAX_CONTINUAL_URB_ERR. Return result
79809 @@ -48,7 +48,7 @@ static inline int rtw_inc_and_chk_continual_urb_error(struct dvobj_priv *dvobj)
79810 int ret = false;
79811 int value;
79812
79813 - value = atomic_inc_return(&dvobj->continual_urb_error);
79814 + value = atomic_inc_return_unchecked(&dvobj->continual_urb_error);
79815 if (value > MAX_CONTINUAL_URB_ERR) {
79816 DBG_8723A("[dvobj:%p][ERROR] continual_urb_error:%d > %d\n",
79817 dvobj, value, MAX_CONTINUAL_URB_ERR);
79818 @@ -60,7 +60,7 @@ static inline int rtw_inc_and_chk_continual_urb_error(struct dvobj_priv *dvobj)
79819 /* Set the continual_urb_error of this @param dvobjprive to 0 */
79820 static inline void rtw_reset_continual_urb_error(struct dvobj_priv *dvobj)
79821 {
79822 - atomic_set(&dvobj->continual_urb_error, 0);
79823 + atomic_set_unchecked(&dvobj->continual_urb_error, 0);
79824 }
79825
79826 bool rtl8723au_chip_configure(struct rtw_adapter *padapter);
79827 diff --git a/drivers/staging/rtl8723au/include/xmit_osdep.h b/drivers/staging/rtl8723au/include/xmit_osdep.h
79828 index 2be04c48..a494e09 100644
79829 --- a/drivers/staging/rtl8723au/include/xmit_osdep.h
79830 +++ b/drivers/staging/rtl8723au/include/xmit_osdep.h
79831 @@ -21,7 +21,7 @@
79832
79833 #define NR_XMITFRAME 256
79834
79835 -int rtw_xmit23a_entry23a(struct sk_buff *pkt, struct net_device *pnetdev);
79836 +netdev_tx_t rtw_xmit23a_entry23a(struct sk_buff *pkt, struct net_device *pnetdev);
79837
79838 void rtw_os_xmit_schedule23a(struct rtw_adapter *padapter);
79839
79840 diff --git a/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c b/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c
79841 index d0ba377..884c9d7 100644
79842 --- a/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c
79843 +++ b/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c
79844 @@ -2435,7 +2435,7 @@ static int rtw_cfg80211_monitor_if_close(struct net_device *ndev)
79845 return 0;
79846 }
79847
79848 -static int rtw_cfg80211_monitor_if_xmit_entry(struct sk_buff *skb,
79849 +static netdev_tx_t rtw_cfg80211_monitor_if_xmit_entry(struct sk_buff *skb,
79850 struct net_device *ndev)
79851 {
79852 int ret = 0;
79853 diff --git a/drivers/staging/rtl8723au/os_dep/xmit_linux.c b/drivers/staging/rtl8723au/os_dep/xmit_linux.c
79854 index 64be72a..d0d2f81 100644
79855 --- a/drivers/staging/rtl8723au/os_dep/xmit_linux.c
79856 +++ b/drivers/staging/rtl8723au/os_dep/xmit_linux.c
79857 @@ -117,7 +117,7 @@ static void rtw_check_xmit_resource(struct rtw_adapter *padapter,
79858 }
79859 }
79860
79861 -int rtw_xmit23a_entry23a(struct sk_buff *skb, struct net_device *pnetdev)
79862 +netdev_tx_t rtw_xmit23a_entry23a(struct sk_buff *skb, struct net_device *pnetdev)
79863 {
79864 struct rtw_adapter *padapter = netdev_priv(pnetdev);
79865 struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
79866 diff --git a/drivers/staging/sm750fb/sm750.c b/drivers/staging/sm750fb/sm750.c
79867 index 6ed004e..f8ebf08 100644
79868 --- a/drivers/staging/sm750fb/sm750.c
79869 +++ b/drivers/staging/sm750fb/sm750.c
79870 @@ -725,6 +725,7 @@ static struct fb_ops lynxfb_ops = {
79871 .fb_set_par = lynxfb_ops_set_par,
79872 .fb_setcolreg = lynxfb_ops_setcolreg,
79873 .fb_blank = lynxfb_ops_blank,
79874 + .fb_pan_display = lynxfb_ops_pan_display,
79875 .fb_fillrect = cfb_fillrect,
79876 .fb_imageblit = cfb_imageblit,
79877 .fb_copyarea = cfb_copyarea,
79878 @@ -770,7 +771,6 @@ static int lynxfb_set_fbinfo(struct fb_info *info, int index)
79879 par->index = index;
79880 output->channel = &crtc->channel;
79881 sm750fb_set_drv(par);
79882 - lynxfb_ops.fb_pan_display = lynxfb_ops_pan_display;
79883
79884 /*
79885 * set current cursor variable and proc pointer,
79886 @@ -787,16 +787,20 @@ static int lynxfb_set_fbinfo(struct fb_info *info, int index)
79887
79888 memset_io(crtc->cursor.vstart, 0, crtc->cursor.size);
79889 if (!g_hwcursor) {
79890 - lynxfb_ops.fb_cursor = NULL;
79891 + pax_open_kernel();
79892 + const_cast(lynxfb_ops.fb_cursor) = NULL;
79893 + pax_close_kernel();
79894 hw_cursor_disable(&crtc->cursor);
79895 }
79896
79897 /* set info->fbops, must be set before fb_find_mode */
79898 if (!sm750_dev->accel_off) {
79899 /* use 2d acceleration */
79900 - lynxfb_ops.fb_fillrect = lynxfb_ops_fillrect;
79901 - lynxfb_ops.fb_copyarea = lynxfb_ops_copyarea;
79902 - lynxfb_ops.fb_imageblit = lynxfb_ops_imageblit;
79903 + pax_open_kernel();
79904 + const_cast(lynxfb_ops.fb_fillrect) = lynxfb_ops_fillrect;
79905 + const_cast(lynxfb_ops.fb_copyarea) = lynxfb_ops_copyarea;
79906 + const_cast(lynxfb_ops.fb_imageblit) = lynxfb_ops_imageblit;
79907 + pax_close_kernel();
79908 }
79909 info->fbops = &lynxfb_ops;
79910
79911 diff --git a/drivers/staging/unisys/visorbus/visorbus_private.h b/drivers/staging/unisys/visorbus/visorbus_private.h
79912 index 39edd20..d860d0c 100644
79913 --- a/drivers/staging/unisys/visorbus/visorbus_private.h
79914 +++ b/drivers/staging/unisys/visorbus/visorbus_private.h
79915 @@ -34,7 +34,7 @@ struct visorchipset_busdev_notifiers {
79916 void (*device_destroy)(struct visor_device *bus_info);
79917 void (*device_pause)(struct visor_device *bus_info);
79918 void (*device_resume)(struct visor_device *bus_info);
79919 -};
79920 +} __no_const;
79921
79922 /* These functions live inside visorchipset, and will be called to indicate
79923 * responses to specific events (by code outside of visorchipset).
79924 @@ -49,7 +49,7 @@ struct visorchipset_busdev_responders {
79925 void (*device_destroy)(struct visor_device *p, int response);
79926 void (*device_pause)(struct visor_device *p, int response);
79927 void (*device_resume)(struct visor_device *p, int response);
79928 -};
79929 +} __no_const;
79930
79931 /** Register functions (in the bus driver) to get called by visorchipset
79932 * whenever a bus or device appears for which this guest is to be the
79933 diff --git a/drivers/staging/unisys/visornic/visornic_main.c b/drivers/staging/unisys/visornic/visornic_main.c
79934 index a28388d..6ae2929 100644
79935 --- a/drivers/staging/unisys/visornic/visornic_main.c
79936 +++ b/drivers/staging/unisys/visornic/visornic_main.c
79937 @@ -797,7 +797,7 @@ static inline bool vnic_hit_low_watermark(struct visornic_devdata *devdata,
79938 * can be called again.
79939 * Returns NETDEV_TX_OK.
79940 */
79941 -static int
79942 +static netdev_tx_t
79943 visornic_xmit(struct sk_buff *skb, struct net_device *netdev)
79944 {
79945 struct visornic_devdata *devdata;
79946 diff --git a/drivers/staging/vt6655/rxtx.c b/drivers/staging/vt6655/rxtx.c
79947 index e4c3165..d0c9eeb 100644
79948 --- a/drivers/staging/vt6655/rxtx.c
79949 +++ b/drivers/staging/vt6655/rxtx.c
79950 @@ -1243,7 +1243,7 @@ static void vnt_fill_txkey(struct ieee80211_hdr *hdr, u8 *key_buffer,
79951 mic_hdr->payload_len = cpu_to_be16(payload_len);
79952 ether_addr_copy(mic_hdr->mic_addr2, hdr->addr2);
79953
79954 - pn64 = atomic64_read(&tx_key->tx_pn);
79955 + pn64 = atomic64_read_unchecked(&tx_key->tx_pn);
79956 mic_hdr->ccmp_pn[5] = pn64;
79957 mic_hdr->ccmp_pn[4] = pn64 >> 8;
79958 mic_hdr->ccmp_pn[3] = pn64 >> 16;
79959 diff --git a/drivers/staging/vt6656/rxtx.c b/drivers/staging/vt6656/rxtx.c
79960 index aa59e7f..094dd59 100644
79961 --- a/drivers/staging/vt6656/rxtx.c
79962 +++ b/drivers/staging/vt6656/rxtx.c
79963 @@ -749,7 +749,7 @@ static void vnt_fill_txkey(struct vnt_usb_send_context *tx_context,
79964 mic_hdr->payload_len = cpu_to_be16(payload_len);
79965 ether_addr_copy(mic_hdr->mic_addr2, hdr->addr2);
79966
79967 - pn64 = atomic64_read(&tx_key->tx_pn);
79968 + pn64 = atomic64_read_unchecked(&tx_key->tx_pn);
79969 mic_hdr->ccmp_pn[5] = pn64;
79970 mic_hdr->ccmp_pn[4] = pn64 >> 8;
79971 mic_hdr->ccmp_pn[3] = pn64 >> 16;
79972 diff --git a/drivers/staging/wilc1000/host_interface.h b/drivers/staging/wilc1000/host_interface.h
79973 index ddfea29..5305b38 100644
79974 --- a/drivers/staging/wilc1000/host_interface.h
79975 +++ b/drivers/staging/wilc1000/host_interface.h
79976 @@ -1,6 +1,7 @@
79977 #ifndef HOST_INT_H
79978 #define HOST_INT_H
79979
79980 +#include <linux/netdevice.h>
79981 #include "coreconfigurator.h"
79982
79983 #define IP_ALEN 4
79984 diff --git a/drivers/staging/wilc1000/linux_wlan.c b/drivers/staging/wilc1000/linux_wlan.c
79985 index 3221511..6b6f9eb 100644
79986 --- a/drivers/staging/wilc1000/linux_wlan.c
79987 +++ b/drivers/staging/wilc1000/linux_wlan.c
79988 @@ -983,7 +983,7 @@ static void linux_wlan_tx_complete(void *priv, int status)
79989 kfree(pv_data);
79990 }
79991
79992 -int wilc_mac_xmit(struct sk_buff *skb, struct net_device *ndev)
79993 +netdev_tx_t wilc_mac_xmit(struct sk_buff *skb, struct net_device *ndev)
79994 {
79995 struct wilc_vif *vif;
79996 struct tx_complete_data *tx_data = NULL;
79997 diff --git a/drivers/staging/wilc1000/wilc_spi.c b/drivers/staging/wilc1000/wilc_spi.c
79998 index 22cf4b7..2684b57 100644
79999 --- a/drivers/staging/wilc1000/wilc_spi.c
80000 +++ b/drivers/staging/wilc1000/wilc_spi.c
80001 @@ -19,6 +19,7 @@
80002 #include <linux/of_gpio.h>
80003
80004 #include <linux/string.h>
80005 +#include <linux/netdevice.h>
80006 #include "wilc_wlan_if.h"
80007 #include "wilc_wlan.h"
80008 #include "wilc_wfi_netdevice.h"
80009 diff --git a/drivers/staging/wilc1000/wilc_wlan.h b/drivers/staging/wilc1000/wilc_wlan.h
80010 index 30e5312..1493a73 100644
80011 --- a/drivers/staging/wilc1000/wilc_wlan.h
80012 +++ b/drivers/staging/wilc1000/wilc_wlan.h
80013 @@ -295,7 +295,7 @@ void wilc_chip_sleep_manually(struct wilc *wilc);
80014
80015 void wilc_enable_tcp_ack_filter(bool value);
80016 int wilc_wlan_get_num_conn_ifcs(struct wilc *);
80017 -int wilc_mac_xmit(struct sk_buff *skb, struct net_device *dev);
80018 +netdev_tx_t wilc_mac_xmit(struct sk_buff *skb, struct net_device *dev);
80019
80020 int wilc_mac_open(struct net_device *ndev);
80021 int wilc_mac_close(struct net_device *ndev);
80022 diff --git a/drivers/staging/wlan-ng/p80211netdev.c b/drivers/staging/wlan-ng/p80211netdev.c
80023 index 90cc8cd..b98abd7 100644
80024 --- a/drivers/staging/wlan-ng/p80211netdev.c
80025 +++ b/drivers/staging/wlan-ng/p80211netdev.c
80026 @@ -317,7 +317,7 @@ static void p80211netdev_rx_bh(unsigned long arg)
80027 * Returns:
80028 * zero on success, non-zero on failure.
80029 ----------------------------------------------------------------*/
80030 -static int p80211knetdev_hard_start_xmit(struct sk_buff *skb,
80031 +static netdev_tx_t p80211knetdev_hard_start_xmit(struct sk_buff *skb,
80032 netdevice_t *netdev)
80033 {
80034 int result = 0;
80035 diff --git a/drivers/target/sbp/sbp_target.c b/drivers/target/sbp/sbp_target.c
80036 index 58bb6ed..d77a7e3 100644
80037 --- a/drivers/target/sbp/sbp_target.c
80038 +++ b/drivers/target/sbp/sbp_target.c
80039 @@ -56,7 +56,7 @@ static const u32 sbp_unit_directory_template[] = {
80040
80041 #define SESSION_MAINTENANCE_INTERVAL HZ
80042
80043 -static atomic_t login_id = ATOMIC_INIT(0);
80044 +static atomic_unchecked_t login_id = ATOMIC_INIT(0);
80045
80046 static void session_maintenance_work(struct work_struct *);
80047 static int sbp_run_transaction(struct fw_card *, int, int, int, int,
80048 @@ -422,7 +422,7 @@ static void sbp_management_request_login(
80049 login->login_lun = unpacked_lun;
80050 login->status_fifo_addr = sbp2_pointer_to_addr(&req->orb.status_fifo);
80051 login->exclusive = LOGIN_ORB_EXCLUSIVE(be32_to_cpu(req->orb.misc));
80052 - login->login_id = atomic_inc_return(&login_id);
80053 + login->login_id = atomic_inc_return_unchecked(&login_id);
80054
80055 login->tgt_agt = sbp_target_agent_register(login);
80056 if (IS_ERR(login->tgt_agt)) {
80057 diff --git a/drivers/thermal/devfreq_cooling.c b/drivers/thermal/devfreq_cooling.c
80058 index 01f0015..aa56551 100644
80059 --- a/drivers/thermal/devfreq_cooling.c
80060 +++ b/drivers/thermal/devfreq_cooling.c
80061 @@ -363,6 +363,15 @@ static struct thermal_cooling_device_ops devfreq_cooling_ops = {
80062 .set_cur_state = devfreq_cooling_set_cur_state,
80063 };
80064
80065 +static struct thermal_cooling_device_ops devfreq_cooling_power_ops = {
80066 + .get_max_state = devfreq_cooling_get_max_state,
80067 + .get_cur_state = devfreq_cooling_get_cur_state,
80068 + .set_cur_state = devfreq_cooling_set_cur_state,
80069 + .get_requested_power = devfreq_cooling_get_requested_power,
80070 + .state2power = devfreq_cooling_state2power,
80071 + .power2state = devfreq_cooling_power2state,
80072 +};
80073 +
80074 /**
80075 * devfreq_cooling_gen_tables() - Generate power and freq tables.
80076 * @dfc: Pointer to devfreq cooling device.
80077 @@ -482,15 +491,9 @@ of_devfreq_cooling_register_power(struct device_node *np, struct devfreq *df,
80078
80079 dfc->devfreq = df;
80080
80081 - if (dfc_power) {
80082 + if (dfc_power)
80083 dfc->power_ops = dfc_power;
80084
80085 - devfreq_cooling_ops.get_requested_power =
80086 - devfreq_cooling_get_requested_power;
80087 - devfreq_cooling_ops.state2power = devfreq_cooling_state2power;
80088 - devfreq_cooling_ops.power2state = devfreq_cooling_power2state;
80089 - }
80090 -
80091 err = devfreq_cooling_gen_tables(dfc);
80092 if (err)
80093 goto free_dfc;
80094 @@ -502,7 +505,7 @@ of_devfreq_cooling_register_power(struct device_node *np, struct devfreq *df,
80095 snprintf(dev_name, sizeof(dev_name), "thermal-devfreq-%d", dfc->id);
80096
80097 cdev = thermal_of_cooling_device_register(np, dev_name, dfc,
80098 - &devfreq_cooling_ops);
80099 + dfc_power ? &devfreq_cooling_power_ops : &devfreq_cooling_ops);
80100 if (IS_ERR(cdev)) {
80101 err = PTR_ERR(cdev);
80102 dev_err(df->dev.parent,
80103 diff --git a/drivers/thermal/int340x_thermal/int3400_thermal.c b/drivers/thermal/int340x_thermal/int3400_thermal.c
80104 index 5836e55..708bbd6 100644
80105 --- a/drivers/thermal/int340x_thermal/int3400_thermal.c
80106 +++ b/drivers/thermal/int340x_thermal/int3400_thermal.c
80107 @@ -272,8 +272,10 @@ static int int3400_thermal_probe(struct platform_device *pdev)
80108 platform_set_drvdata(pdev, priv);
80109
80110 if (priv->uuid_bitmap & 1 << INT3400_THERMAL_PASSIVE_1) {
80111 - int3400_thermal_ops.get_mode = int3400_thermal_get_mode;
80112 - int3400_thermal_ops.set_mode = int3400_thermal_set_mode;
80113 + pax_open_kernel();
80114 + const_cast(int3400_thermal_ops.get_mode) = int3400_thermal_get_mode;
80115 + const_cast(int3400_thermal_ops.set_mode) = int3400_thermal_set_mode;
80116 + pax_close_kernel();
80117 }
80118 priv->thermal = thermal_zone_device_register("INT3400 Thermal", 0, 0,
80119 priv, &int3400_thermal_ops,
80120 diff --git a/drivers/thermal/of-thermal.c b/drivers/thermal/of-thermal.c
80121 index b8e509c..f12be01 100644
80122 --- a/drivers/thermal/of-thermal.c
80123 +++ b/drivers/thermal/of-thermal.c
80124 @@ -31,6 +31,7 @@
80125 #include <linux/export.h>
80126 #include <linux/string.h>
80127 #include <linux/thermal.h>
80128 +#include <linux/mm.h>
80129
80130 #include "thermal_core.h"
80131
80132 @@ -425,9 +426,11 @@ thermal_zone_of_add_sensor(struct device_node *zone,
80133 tz->ops = ops;
80134 tz->sensor_data = data;
80135
80136 - tzd->ops->get_temp = of_thermal_get_temp;
80137 - tzd->ops->get_trend = of_thermal_get_trend;
80138 - tzd->ops->set_emul_temp = of_thermal_set_emul_temp;
80139 + pax_open_kernel();
80140 + const_cast(tzd->ops->get_temp) = of_thermal_get_temp;
80141 + const_cast(tzd->ops->get_trend) = of_thermal_get_trend;
80142 + const_cast(tzd->ops->set_emul_temp) = of_thermal_set_emul_temp;
80143 + pax_close_kernel();
80144 mutex_unlock(&tzd->lock);
80145
80146 return tzd;
80147 @@ -553,9 +556,11 @@ void thermal_zone_of_sensor_unregister(struct device *dev,
80148 return;
80149
80150 mutex_lock(&tzd->lock);
80151 - tzd->ops->get_temp = NULL;
80152 - tzd->ops->get_trend = NULL;
80153 - tzd->ops->set_emul_temp = NULL;
80154 + pax_open_kernel();
80155 + const_cast(tzd->ops->get_temp) = NULL;
80156 + const_cast(tzd->ops->get_trend) = NULL;
80157 + const_cast(tzd->ops->set_emul_temp) = NULL;
80158 + pax_close_kernel();
80159
80160 tz->ops = NULL;
80161 tz->sensor_data = NULL;
80162 diff --git a/drivers/thermal/x86_pkg_temp_thermal.c b/drivers/thermal/x86_pkg_temp_thermal.c
80163 index 97f0a2b..5fa3381 100644
80164 --- a/drivers/thermal/x86_pkg_temp_thermal.c
80165 +++ b/drivers/thermal/x86_pkg_temp_thermal.c
80166 @@ -567,7 +567,7 @@ static int pkg_temp_thermal_cpu_callback(struct notifier_block *nfb,
80167 return NOTIFY_OK;
80168 }
80169
80170 -static struct notifier_block pkg_temp_thermal_notifier __refdata = {
80171 +static struct notifier_block pkg_temp_thermal_notifier = {
80172 .notifier_call = pkg_temp_thermal_cpu_callback,
80173 };
80174
80175 diff --git a/drivers/tty/cyclades.c b/drivers/tty/cyclades.c
80176 index 5e4fa92..39fe3d2 100644
80177 --- a/drivers/tty/cyclades.c
80178 +++ b/drivers/tty/cyclades.c
80179 @@ -1568,10 +1568,10 @@ static int cy_open(struct tty_struct *tty, struct file *filp)
80180 printk(KERN_DEBUG "cyc:cy_open ttyC%d, count = %d\n", info->line,
80181 info->port.count);
80182 #endif
80183 - info->port.count++;
80184 + atomic_inc(&info->port.count);
80185 #ifdef CY_DEBUG_COUNT
80186 printk(KERN_DEBUG "cyc:cy_open (%d): incrementing count to %d\n",
80187 - current->pid, info->port.count);
80188 + current->pid, atomic_read(&info->port.count));
80189 #endif
80190
80191 /*
80192 @@ -3947,7 +3947,7 @@ static int cyclades_proc_show(struct seq_file *m, void *v)
80193 for (j = 0; j < cy_card[i].nports; j++) {
80194 info = &cy_card[i].ports[j];
80195
80196 - if (info->port.count) {
80197 + if (atomic_read(&info->port.count)) {
80198 /* XXX is the ldisc num worth this? */
80199 struct tty_struct *tty;
80200 struct tty_ldisc *ld;
80201 diff --git a/drivers/tty/hvc/hvc_console.c b/drivers/tty/hvc/hvc_console.c
80202 index ce86487..8ff3311 100644
80203 --- a/drivers/tty/hvc/hvc_console.c
80204 +++ b/drivers/tty/hvc/hvc_console.c
80205 @@ -343,7 +343,7 @@ static int hvc_open(struct tty_struct *tty, struct file * filp)
80206
80207 spin_lock_irqsave(&hp->port.lock, flags);
80208 /* Check and then increment for fast path open. */
80209 - if (hp->port.count++ > 0) {
80210 + if (atomic_inc_return(&hp->port.count) > 1) {
80211 spin_unlock_irqrestore(&hp->port.lock, flags);
80212 hvc_kick();
80213 return 0;
80214 @@ -398,7 +398,7 @@ static void hvc_close(struct tty_struct *tty, struct file * filp)
80215
80216 spin_lock_irqsave(&hp->port.lock, flags);
80217
80218 - if (--hp->port.count == 0) {
80219 + if (atomic_dec_return(&hp->port.count) == 0) {
80220 spin_unlock_irqrestore(&hp->port.lock, flags);
80221 /* We are done with the tty pointer now. */
80222 tty_port_tty_set(&hp->port, NULL);
80223 @@ -420,9 +420,9 @@ static void hvc_close(struct tty_struct *tty, struct file * filp)
80224 */
80225 tty_wait_until_sent(tty, HVC_CLOSE_WAIT);
80226 } else {
80227 - if (hp->port.count < 0)
80228 + if (atomic_read(&hp->port.count) < 0)
80229 printk(KERN_ERR "hvc_close %X: oops, count is %d\n",
80230 - hp->vtermno, hp->port.count);
80231 + hp->vtermno, atomic_read(&hp->port.count));
80232 spin_unlock_irqrestore(&hp->port.lock, flags);
80233 }
80234 }
80235 @@ -452,12 +452,12 @@ static void hvc_hangup(struct tty_struct *tty)
80236 * open->hangup case this can be called after the final close so prevent
80237 * that from happening for now.
80238 */
80239 - if (hp->port.count <= 0) {
80240 + if (atomic_read(&hp->port.count) <= 0) {
80241 spin_unlock_irqrestore(&hp->port.lock, flags);
80242 return;
80243 }
80244
80245 - hp->port.count = 0;
80246 + atomic_set(&hp->port.count, 0);
80247 spin_unlock_irqrestore(&hp->port.lock, flags);
80248 tty_port_tty_set(&hp->port, NULL);
80249
80250 @@ -505,7 +505,7 @@ static int hvc_write(struct tty_struct *tty, const unsigned char *buf, int count
80251 return -EPIPE;
80252
80253 /* FIXME what's this (unprotected) check for? */
80254 - if (hp->port.count <= 0)
80255 + if (atomic_read(&hp->port.count) <= 0)
80256 return -EIO;
80257
80258 spin_lock_irqsave(&hp->lock, flags);
80259 diff --git a/drivers/tty/hvc/hvcs.c b/drivers/tty/hvc/hvcs.c
80260 index 3c4d7c2..3410b86 100644
80261 --- a/drivers/tty/hvc/hvcs.c
80262 +++ b/drivers/tty/hvc/hvcs.c
80263 @@ -83,6 +83,7 @@
80264 #include <asm/hvcserver.h>
80265 #include <asm/uaccess.h>
80266 #include <asm/vio.h>
80267 +#include <asm/local.h>
80268
80269 /*
80270 * 1.3.0 -> 1.3.1 In hvcs_open memset(..,0x00,..) instead of memset(..,0x3F,00).
80271 @@ -416,7 +417,7 @@ static ssize_t hvcs_vterm_state_store(struct device *dev, struct device_attribut
80272
80273 spin_lock_irqsave(&hvcsd->lock, flags);
80274
80275 - if (hvcsd->port.count > 0) {
80276 + if (atomic_read(&hvcsd->port.count) > 0) {
80277 spin_unlock_irqrestore(&hvcsd->lock, flags);
80278 printk(KERN_INFO "HVCS: vterm state unchanged. "
80279 "The hvcs device node is still in use.\n");
80280 @@ -1127,7 +1128,7 @@ static int hvcs_install(struct tty_driver *driver, struct tty_struct *tty)
80281 }
80282 }
80283
80284 - hvcsd->port.count = 0;
80285 + atomic_set(&hvcsd->port.count, 0);
80286 hvcsd->port.tty = tty;
80287 tty->driver_data = hvcsd;
80288
80289 @@ -1180,7 +1181,7 @@ static int hvcs_open(struct tty_struct *tty, struct file *filp)
80290 unsigned long flags;
80291
80292 spin_lock_irqsave(&hvcsd->lock, flags);
80293 - hvcsd->port.count++;
80294 + atomic_inc(&hvcsd->port.count);
80295 hvcsd->todo_mask |= HVCS_SCHED_READ;
80296 spin_unlock_irqrestore(&hvcsd->lock, flags);
80297
80298 @@ -1216,7 +1217,7 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp)
80299 hvcsd = tty->driver_data;
80300
80301 spin_lock_irqsave(&hvcsd->lock, flags);
80302 - if (--hvcsd->port.count == 0) {
80303 + if (atomic_dec_and_test(&hvcsd->port.count)) {
80304
80305 vio_disable_interrupts(hvcsd->vdev);
80306
80307 @@ -1241,10 +1242,10 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp)
80308
80309 free_irq(irq, hvcsd);
80310 return;
80311 - } else if (hvcsd->port.count < 0) {
80312 + } else if (atomic_read(&hvcsd->port.count) < 0) {
80313 printk(KERN_ERR "HVCS: vty-server@%X open_count: %d"
80314 " is missmanaged.\n",
80315 - hvcsd->vdev->unit_address, hvcsd->port.count);
80316 + hvcsd->vdev->unit_address, atomic_read(&hvcsd->port.count));
80317 }
80318
80319 spin_unlock_irqrestore(&hvcsd->lock, flags);
80320 @@ -1266,7 +1267,7 @@ static void hvcs_hangup(struct tty_struct * tty)
80321
80322 spin_lock_irqsave(&hvcsd->lock, flags);
80323 /* Preserve this so that we know how many kref refs to put */
80324 - temp_open_count = hvcsd->port.count;
80325 + temp_open_count = atomic_read(&hvcsd->port.count);
80326
80327 /*
80328 * Don't kref put inside the spinlock because the destruction
80329 @@ -1281,7 +1282,7 @@ static void hvcs_hangup(struct tty_struct * tty)
80330 tty->driver_data = NULL;
80331 hvcsd->port.tty = NULL;
80332
80333 - hvcsd->port.count = 0;
80334 + atomic_set(&hvcsd->port.count, 0);
80335
80336 /* This will drop any buffered data on the floor which is OK in a hangup
80337 * scenario. */
80338 @@ -1352,7 +1353,7 @@ static int hvcs_write(struct tty_struct *tty,
80339 * the middle of a write operation? This is a crummy place to do this
80340 * but we want to keep it all in the spinlock.
80341 */
80342 - if (hvcsd->port.count <= 0) {
80343 + if (atomic_read(&hvcsd->port.count) <= 0) {
80344 spin_unlock_irqrestore(&hvcsd->lock, flags);
80345 return -ENODEV;
80346 }
80347 @@ -1426,7 +1427,7 @@ static int hvcs_write_room(struct tty_struct *tty)
80348 {
80349 struct hvcs_struct *hvcsd = tty->driver_data;
80350
80351 - if (!hvcsd || hvcsd->port.count <= 0)
80352 + if (!hvcsd || atomic_read(&hvcsd->port.count) <= 0)
80353 return 0;
80354
80355 return HVCS_BUFF_LEN - hvcsd->chars_in_buffer;
80356 diff --git a/drivers/tty/hvc/hvsi.c b/drivers/tty/hvc/hvsi.c
80357 index 96ce6bd..208f20a 100644
80358 --- a/drivers/tty/hvc/hvsi.c
80359 +++ b/drivers/tty/hvc/hvsi.c
80360 @@ -85,7 +85,7 @@ struct hvsi_struct {
80361 int n_outbuf;
80362 uint32_t vtermno;
80363 uint32_t virq;
80364 - atomic_t seqno; /* HVSI packet sequence number */
80365 + atomic_unchecked_t seqno; /* HVSI packet sequence number */
80366 uint16_t mctrl;
80367 uint8_t state; /* HVSI protocol state */
80368 uint8_t flags;
80369 @@ -297,7 +297,7 @@ static int hvsi_version_respond(struct hvsi_struct *hp, uint16_t query_seqno)
80370
80371 packet.hdr.type = VS_QUERY_RESPONSE_PACKET_HEADER;
80372 packet.hdr.len = sizeof(struct hvsi_query_response);
80373 - packet.hdr.seqno = cpu_to_be16(atomic_inc_return(&hp->seqno));
80374 + packet.hdr.seqno = cpu_to_be16(atomic_inc_return_unchecked(&hp->seqno));
80375 packet.verb = cpu_to_be16(VSV_SEND_VERSION_NUMBER);
80376 packet.u.version = HVSI_VERSION;
80377 packet.query_seqno = cpu_to_be16(query_seqno+1);
80378 @@ -557,7 +557,7 @@ static int hvsi_query(struct hvsi_struct *hp, uint16_t verb)
80379
80380 packet.hdr.type = VS_QUERY_PACKET_HEADER;
80381 packet.hdr.len = sizeof(struct hvsi_query);
80382 - packet.hdr.seqno = cpu_to_be16(atomic_inc_return(&hp->seqno));
80383 + packet.hdr.seqno = cpu_to_be16(atomic_inc_return_unchecked(&hp->seqno));
80384 packet.verb = cpu_to_be16(verb);
80385
80386 pr_debug("%s: sending %i bytes\n", __func__, packet.hdr.len);
80387 @@ -599,7 +599,7 @@ static int hvsi_set_mctrl(struct hvsi_struct *hp, uint16_t mctrl)
80388 int wrote;
80389
80390 packet.hdr.type = VS_CONTROL_PACKET_HEADER;
80391 - packet.hdr.seqno = cpu_to_be16(atomic_inc_return(&hp->seqno));
80392 + packet.hdr.seqno = cpu_to_be16(atomic_inc_return_unchecked(&hp->seqno));
80393 packet.hdr.len = sizeof(struct hvsi_control);
80394 packet.verb = cpu_to_be16(VSV_SET_MODEM_CTL);
80395 packet.mask = cpu_to_be32(HVSI_TSDTR);
80396 @@ -682,7 +682,7 @@ static int hvsi_put_chars(struct hvsi_struct *hp, const char *buf, int count)
80397 BUG_ON(count > HVSI_MAX_OUTGOING_DATA);
80398
80399 packet.hdr.type = VS_DATA_PACKET_HEADER;
80400 - packet.hdr.seqno = cpu_to_be16(atomic_inc_return(&hp->seqno));
80401 + packet.hdr.seqno = cpu_to_be16(atomic_inc_return_unchecked(&hp->seqno));
80402 packet.hdr.len = count + sizeof(struct hvsi_header);
80403 memcpy(&packet.data, buf, count);
80404
80405 @@ -699,7 +699,7 @@ static void hvsi_close_protocol(struct hvsi_struct *hp)
80406 struct hvsi_control packet __ALIGNED__;
80407
80408 packet.hdr.type = VS_CONTROL_PACKET_HEADER;
80409 - packet.hdr.seqno = cpu_to_be16(atomic_inc_return(&hp->seqno));
80410 + packet.hdr.seqno = cpu_to_be16(atomic_inc_return_unchecked(&hp->seqno));
80411 packet.hdr.len = 6;
80412 packet.verb = cpu_to_be16(VSV_CLOSE_PROTOCOL);
80413
80414 @@ -727,7 +727,7 @@ static int hvsi_open(struct tty_struct *tty, struct file *filp)
80415
80416 tty_port_tty_set(&hp->port, tty);
80417 spin_lock_irqsave(&hp->lock, flags);
80418 - hp->port.count++;
80419 + atomic_inc(&hp->port.count);
80420 atomic_set(&hp->seqno, 0);
80421 h_vio_signal(hp->vtermno, VIO_IRQ_ENABLE);
80422 spin_unlock_irqrestore(&hp->lock, flags);
80423 @@ -784,7 +784,7 @@ static void hvsi_close(struct tty_struct *tty, struct file *filp)
80424
80425 spin_lock_irqsave(&hp->lock, flags);
80426
80427 - if (--hp->port.count == 0) {
80428 + if (atomic_dec_return(&hp->port.count) == 0) {
80429 tty_port_tty_set(&hp->port, NULL);
80430 hp->inbuf_end = hp->inbuf; /* discard remaining partial packets */
80431
80432 @@ -817,9 +817,9 @@ static void hvsi_close(struct tty_struct *tty, struct file *filp)
80433
80434 spin_lock_irqsave(&hp->lock, flags);
80435 }
80436 - } else if (hp->port.count < 0)
80437 + } else if (atomic_read(&hp->port.count) < 0)
80438 printk(KERN_ERR "hvsi_close %lu: oops, count is %d\n",
80439 - hp - hvsi_ports, hp->port.count);
80440 + hp - hvsi_ports, atomic_read(&hp->port.count));
80441
80442 spin_unlock_irqrestore(&hp->lock, flags);
80443 }
80444 @@ -834,7 +834,7 @@ static void hvsi_hangup(struct tty_struct *tty)
80445 tty_port_tty_set(&hp->port, NULL);
80446
80447 spin_lock_irqsave(&hp->lock, flags);
80448 - hp->port.count = 0;
80449 + atomic_set(&hp->port.count, 0);
80450 hp->n_outbuf = 0;
80451 spin_unlock_irqrestore(&hp->lock, flags);
80452 }
80453 diff --git a/drivers/tty/hvc/hvsi_lib.c b/drivers/tty/hvc/hvsi_lib.c
80454 index a270f04..7c77b5d 100644
80455 --- a/drivers/tty/hvc/hvsi_lib.c
80456 +++ b/drivers/tty/hvc/hvsi_lib.c
80457 @@ -8,7 +8,7 @@
80458
80459 static int hvsi_send_packet(struct hvsi_priv *pv, struct hvsi_header *packet)
80460 {
80461 - packet->seqno = cpu_to_be16(atomic_inc_return(&pv->seqno));
80462 + packet->seqno = cpu_to_be16(atomic_inc_return_unchecked(&pv->seqno));
80463
80464 /* Assumes that always succeeds, works in practice */
80465 return pv->put_chars(pv->termno, (char *)packet, packet->len);
80466 @@ -20,7 +20,7 @@ static void hvsi_start_handshake(struct hvsi_priv *pv)
80467
80468 /* Reset state */
80469 pv->established = 0;
80470 - atomic_set(&pv->seqno, 0);
80471 + atomic_set_unchecked(&pv->seqno, 0);
80472
80473 pr_devel("HVSI@%x: Handshaking started\n", pv->termno);
80474
80475 diff --git a/drivers/tty/ipwireless/tty.c b/drivers/tty/ipwireless/tty.c
80476 index 2685d59..a63936a 100644
80477 --- a/drivers/tty/ipwireless/tty.c
80478 +++ b/drivers/tty/ipwireless/tty.c
80479 @@ -28,6 +28,7 @@
80480 #include <linux/tty_driver.h>
80481 #include <linux/tty_flip.h>
80482 #include <linux/uaccess.h>
80483 +#include <asm/local.h>
80484
80485 #include "tty.h"
80486 #include "network.h"
80487 @@ -93,10 +94,10 @@ static int ipw_open(struct tty_struct *linux_tty, struct file *filp)
80488 return -ENODEV;
80489
80490 mutex_lock(&tty->ipw_tty_mutex);
80491 - if (tty->port.count == 0)
80492 + if (atomic_read(&tty->port.count) == 0)
80493 tty->tx_bytes_queued = 0;
80494
80495 - tty->port.count++;
80496 + atomic_inc(&tty->port.count);
80497
80498 tty->port.tty = linux_tty;
80499 linux_tty->driver_data = tty;
80500 @@ -112,9 +113,7 @@ static int ipw_open(struct tty_struct *linux_tty, struct file *filp)
80501
80502 static void do_ipw_close(struct ipw_tty *tty)
80503 {
80504 - tty->port.count--;
80505 -
80506 - if (tty->port.count == 0) {
80507 + if (atomic_dec_return(&tty->port.count) == 0) {
80508 struct tty_struct *linux_tty = tty->port.tty;
80509
80510 if (linux_tty != NULL) {
80511 @@ -135,7 +134,7 @@ static void ipw_hangup(struct tty_struct *linux_tty)
80512 return;
80513
80514 mutex_lock(&tty->ipw_tty_mutex);
80515 - if (tty->port.count == 0) {
80516 + if (atomic_read(&tty->port.count) == 0) {
80517 mutex_unlock(&tty->ipw_tty_mutex);
80518 return;
80519 }
80520 @@ -158,7 +157,7 @@ void ipwireless_tty_received(struct ipw_tty *tty, unsigned char *data,
80521
80522 mutex_lock(&tty->ipw_tty_mutex);
80523
80524 - if (!tty->port.count) {
80525 + if (!atomic_read(&tty->port.count)) {
80526 mutex_unlock(&tty->ipw_tty_mutex);
80527 return;
80528 }
80529 @@ -197,7 +196,7 @@ static int ipw_write(struct tty_struct *linux_tty,
80530 return -ENODEV;
80531
80532 mutex_lock(&tty->ipw_tty_mutex);
80533 - if (!tty->port.count) {
80534 + if (!atomic_read(&tty->port.count)) {
80535 mutex_unlock(&tty->ipw_tty_mutex);
80536 return -EINVAL;
80537 }
80538 @@ -237,7 +236,7 @@ static int ipw_write_room(struct tty_struct *linux_tty)
80539 if (!tty)
80540 return -ENODEV;
80541
80542 - if (!tty->port.count)
80543 + if (!atomic_read(&tty->port.count))
80544 return -EINVAL;
80545
80546 room = IPWIRELESS_TX_QUEUE_SIZE - tty->tx_bytes_queued;
80547 @@ -270,7 +269,7 @@ static int ipw_chars_in_buffer(struct tty_struct *linux_tty)
80548 if (!tty)
80549 return 0;
80550
80551 - if (!tty->port.count)
80552 + if (!atomic_read(&tty->port.count))
80553 return 0;
80554
80555 return tty->tx_bytes_queued;
80556 @@ -351,7 +350,7 @@ static int ipw_tiocmget(struct tty_struct *linux_tty)
80557 if (!tty)
80558 return -ENODEV;
80559
80560 - if (!tty->port.count)
80561 + if (!atomic_read(&tty->port.count))
80562 return -EINVAL;
80563
80564 return get_control_lines(tty);
80565 @@ -367,7 +366,7 @@ ipw_tiocmset(struct tty_struct *linux_tty,
80566 if (!tty)
80567 return -ENODEV;
80568
80569 - if (!tty->port.count)
80570 + if (!atomic_read(&tty->port.count))
80571 return -EINVAL;
80572
80573 return set_control_lines(tty, set, clear);
80574 @@ -381,7 +380,7 @@ static int ipw_ioctl(struct tty_struct *linux_tty,
80575 if (!tty)
80576 return -ENODEV;
80577
80578 - if (!tty->port.count)
80579 + if (!atomic_read(&tty->port.count))
80580 return -EINVAL;
80581
80582 /* FIXME: Exactly how is the tty object locked here .. */
80583 @@ -537,7 +536,7 @@ void ipwireless_tty_free(struct ipw_tty *tty)
80584 * are gone */
80585 mutex_lock(&ttyj->ipw_tty_mutex);
80586 }
80587 - while (ttyj->port.count)
80588 + while (atomic_read(&ttyj->port.count))
80589 do_ipw_close(ttyj);
80590 ipwireless_disassociate_network_ttys(network,
80591 ttyj->channel_idx);
80592 diff --git a/drivers/tty/moxa.c b/drivers/tty/moxa.c
80593 index 60d37b2..3d222ca 100644
80594 --- a/drivers/tty/moxa.c
80595 +++ b/drivers/tty/moxa.c
80596 @@ -1188,7 +1188,7 @@ static int moxa_open(struct tty_struct *tty, struct file *filp)
80597 }
80598
80599 ch = &brd->ports[port % MAX_PORTS_PER_BOARD];
80600 - ch->port.count++;
80601 + atomic_inc(&ch->port.count);
80602 tty->driver_data = ch;
80603 tty_port_tty_set(&ch->port, tty);
80604 mutex_lock(&ch->port.mutex);
80605 diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
80606 index 54cab59..3c05ac4 100644
80607 --- a/drivers/tty/n_gsm.c
80608 +++ b/drivers/tty/n_gsm.c
80609 @@ -1644,7 +1644,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
80610 spin_lock_init(&dlci->lock);
80611 mutex_init(&dlci->mutex);
80612 dlci->fifo = &dlci->_fifo;
80613 - if (kfifo_alloc(&dlci->_fifo, 4096, GFP_KERNEL) < 0) {
80614 + if (kfifo_alloc(&dlci->_fifo, 4096, GFP_KERNEL)) {
80615 kfree(dlci);
80616 return NULL;
80617 }
80618 @@ -2652,7 +2652,7 @@ static inline void muxnet_put(struct gsm_mux_net *mux_net)
80619 kref_put(&mux_net->ref, net_free);
80620 }
80621
80622 -static int gsm_mux_net_start_xmit(struct sk_buff *skb,
80623 +static netdev_tx_t gsm_mux_net_start_xmit(struct sk_buff *skb,
80624 struct net_device *net)
80625 {
80626 struct gsm_mux_net *mux_net = netdev_priv(net);
80627 @@ -2943,7 +2943,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp)
80628 struct gsm_dlci *dlci = tty->driver_data;
80629 struct tty_port *port = &dlci->port;
80630
80631 - port->count++;
80632 + atomic_inc(&port->count);
80633 tty_port_tty_set(port, tty);
80634
80635 dlci->modem_rx = 0;
80636 diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
80637 index bdf0e6e..ea92f7e 100644
80638 --- a/drivers/tty/n_tty.c
80639 +++ b/drivers/tty/n_tty.c
80640 @@ -1478,7 +1478,7 @@ n_tty_receive_char_lnext(struct tty_struct *tty, unsigned char c, char flag)
80641
80642 static void
80643 n_tty_receive_buf_real_raw(struct tty_struct *tty, const unsigned char *cp,
80644 - char *fp, int count)
80645 + char *fp, size_t count)
80646 {
80647 struct n_tty_data *ldata = tty->disc_data;
80648 size_t n, head;
80649 @@ -1498,7 +1498,7 @@ n_tty_receive_buf_real_raw(struct tty_struct *tty, const unsigned char *cp,
80650
80651 static void
80652 n_tty_receive_buf_raw(struct tty_struct *tty, const unsigned char *cp,
80653 - char *fp, int count)
80654 + char *fp, size_t count)
80655 {
80656 struct n_tty_data *ldata = tty->disc_data;
80657 char flag = TTY_NORMAL;
80658 @@ -1515,7 +1515,7 @@ n_tty_receive_buf_raw(struct tty_struct *tty, const unsigned char *cp,
80659
80660 static void
80661 n_tty_receive_buf_closing(struct tty_struct *tty, const unsigned char *cp,
80662 - char *fp, int count)
80663 + char *fp, size_t count)
80664 {
80665 char flag = TTY_NORMAL;
80666
80667 @@ -1529,7 +1529,7 @@ n_tty_receive_buf_closing(struct tty_struct *tty, const unsigned char *cp,
80668
80669 static void
80670 n_tty_receive_buf_standard(struct tty_struct *tty, const unsigned char *cp,
80671 - char *fp, int count)
80672 + char *fp, size_t count)
80673 {
80674 struct n_tty_data *ldata = tty->disc_data;
80675 char flag = TTY_NORMAL;
80676 @@ -1563,7 +1563,7 @@ n_tty_receive_buf_standard(struct tty_struct *tty, const unsigned char *cp,
80677
80678 static void
80679 n_tty_receive_buf_fast(struct tty_struct *tty, const unsigned char *cp,
80680 - char *fp, int count)
80681 + char *fp, size_t count)
80682 {
80683 struct n_tty_data *ldata = tty->disc_data;
80684 char flag = TTY_NORMAL;
80685 @@ -1588,7 +1588,7 @@ n_tty_receive_buf_fast(struct tty_struct *tty, const unsigned char *cp,
80686 }
80687
80688 static void __receive_buf(struct tty_struct *tty, const unsigned char *cp,
80689 - char *fp, int count)
80690 + char *fp, size_t count)
80691 {
80692 struct n_tty_data *ldata = tty->disc_data;
80693 bool preops = I_ISTRIP(tty) || (I_IUCLC(tty) && L_IEXTEN(tty));
80694 @@ -1666,10 +1666,10 @@ static void __receive_buf(struct tty_struct *tty, const unsigned char *cp,
80695 */
80696 static int
80697 n_tty_receive_buf_common(struct tty_struct *tty, const unsigned char *cp,
80698 - char *fp, int count, int flow)
80699 + char *fp, size_t count, int flow)
80700 {
80701 struct n_tty_data *ldata = tty->disc_data;
80702 - int room, n, rcvd = 0, overflow;
80703 + size_t room, n, rcvd = 0, overflow;
80704
80705 down_read(&tty->termios_rwsem);
80706
80707 @@ -1692,15 +1692,16 @@ n_tty_receive_buf_common(struct tty_struct *tty, const unsigned char *cp,
80708 room = N_TTY_BUF_SIZE - (ldata->read_head - tail);
80709 if (I_PARMRK(tty))
80710 room = (room + 2) / 3;
80711 - room--;
80712 - if (room <= 0) {
80713 + if (room <= 1) {
80714 overflow = ldata->icanon && ldata->canon_head == tail;
80715 - if (overflow && room < 0)
80716 + if (overflow && room == 0)
80717 ldata->read_head--;
80718 room = overflow;
80719 ldata->no_room = flow && !room;
80720 - } else
80721 + } else {
80722 + room--;
80723 overflow = 0;
80724 + }
80725
80726 n = min(count, room);
80727 if (!n)
80728 @@ -2465,7 +2466,8 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
80729 {
80730 *ops = n_tty_ops;
80731 ops->owner = NULL;
80732 - ops->refcount = ops->flags = 0;
80733 + atomic_set(&ops->refcount, 0);
80734 + ops->flags = 0;
80735 }
80736 EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
80737
80738 diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
80739 index 51e0d32..d1ac13c 100644
80740 --- a/drivers/tty/pty.c
80741 +++ b/drivers/tty/pty.c
80742 @@ -856,8 +856,10 @@ static void __init unix98_pty_init(void)
80743 panic("Couldn't register Unix98 pts driver");
80744
80745 /* Now create the /dev/ptmx special device */
80746 + pax_open_kernel();
80747 tty_default_fops(&ptmx_fops);
80748 - ptmx_fops.open = ptmx_open;
80749 + const_cast(ptmx_fops.open) = ptmx_open;
80750 + pax_close_kernel();
80751
80752 cdev_init(&ptmx_cdev, &ptmx_fops);
80753 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
80754 diff --git a/drivers/tty/rocket.c b/drivers/tty/rocket.c
80755 index b0cc47c..58ea7a9 100644
80756 --- a/drivers/tty/rocket.c
80757 +++ b/drivers/tty/rocket.c
80758 @@ -906,7 +906,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp)
80759 tty->driver_data = info;
80760 tty_port_tty_set(port, tty);
80761
80762 - if (port->count++ == 0) {
80763 + if (atomic_inc_return(&port->count) == 1) {
80764 atomic_inc(&rp_num_ports_open);
80765
80766 #ifdef ROCKET_DEBUG_OPEN
80767 @@ -915,7 +915,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp)
80768 #endif
80769 }
80770 #ifdef ROCKET_DEBUG_OPEN
80771 - printk(KERN_INFO "rp_open ttyR%d, count=%d\n", info->line, info->port.count);
80772 + printk(KERN_INFO "rp_open ttyR%d, count=%d\n", info->line, atomic-read(&info->port.count));
80773 #endif
80774
80775 /*
80776 @@ -1500,7 +1500,7 @@ static void rp_hangup(struct tty_struct *tty)
80777 #endif
80778 rp_flush_buffer(tty);
80779 spin_lock_irqsave(&info->port.lock, flags);
80780 - if (info->port.count)
80781 + if (atomic_read(&info->port.count))
80782 atomic_dec(&rp_num_ports_open);
80783 clear_bit((info->aiop * 8) + info->chan, (void *) &xmit_flags[info->board]);
80784 spin_unlock_irqrestore(&info->port.lock, flags);
80785 diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c
80786 index dcf43f6..594793a 100644
80787 --- a/drivers/tty/serial/8250/8250_core.c
80788 +++ b/drivers/tty/serial/8250/8250_core.c
80789 @@ -488,9 +488,9 @@ static void univ8250_release_port(struct uart_port *port)
80790
80791 static void univ8250_rsa_support(struct uart_ops *ops)
80792 {
80793 - ops->config_port = univ8250_config_port;
80794 - ops->request_port = univ8250_request_port;
80795 - ops->release_port = univ8250_release_port;
80796 + const_cast(ops->config_port) = univ8250_config_port;
80797 + const_cast(ops->request_port) = univ8250_request_port;
80798 + const_cast(ops->release_port) = univ8250_release_port;
80799 }
80800
80801 #else
80802 @@ -533,8 +533,10 @@ static void __init serial8250_isa_init_ports(void)
80803 }
80804
80805 /* chain base port ops to support Remote Supervisor Adapter */
80806 - univ8250_port_ops = *base_ops;
80807 + pax_open_kernel();
80808 + memcpy((void *)&univ8250_port_ops, base_ops, sizeof univ8250_port_ops);
80809 univ8250_rsa_support(&univ8250_port_ops);
80810 + pax_close_kernel();
80811
80812 if (share_irqs)
80813 irqflag = IRQF_SHARED;
80814 diff --git a/drivers/tty/serial/8250/8250_pci.c b/drivers/tty/serial/8250/8250_pci.c
80815 index bc51b32..f947b5b 100644
80816 --- a/drivers/tty/serial/8250/8250_pci.c
80817 +++ b/drivers/tty/serial/8250/8250_pci.c
80818 @@ -5795,7 +5795,7 @@ static struct pci_device_id serial_pci_tbl[] = {
80819 };
80820
80821 static pci_ers_result_t serial8250_io_error_detected(struct pci_dev *dev,
80822 - pci_channel_state_t state)
80823 + enum pci_channel_state state)
80824 {
80825 struct serial_private *priv = pci_get_drvdata(dev);
80826
80827 diff --git a/drivers/tty/serial/ioc4_serial.c b/drivers/tty/serial/ioc4_serial.c
80828 index e5c42fe..f091b02 100644
80829 --- a/drivers/tty/serial/ioc4_serial.c
80830 +++ b/drivers/tty/serial/ioc4_serial.c
80831 @@ -437,7 +437,7 @@ struct ioc4_soft {
80832 } is_intr_info[MAX_IOC4_INTR_ENTS];
80833
80834 /* Number of entries active in the above array */
80835 - atomic_t is_num_intrs;
80836 + atomic_unchecked_t is_num_intrs;
80837 } is_intr_type[IOC4_NUM_INTR_TYPES];
80838
80839 /* is_ir_lock must be held while
80840 @@ -974,7 +974,7 @@ intr_connect(struct ioc4_soft *soft, int type,
80841 BUG_ON(!((type == IOC4_SIO_INTR_TYPE)
80842 || (type == IOC4_OTHER_INTR_TYPE)));
80843
80844 - i = atomic_inc_return(&soft-> is_intr_type[type].is_num_intrs) - 1;
80845 + i = atomic_inc_return_unchecked(&soft-> is_intr_type[type].is_num_intrs) - 1;
80846 BUG_ON(!(i < MAX_IOC4_INTR_ENTS || (printk("i %d\n", i), 0)));
80847
80848 /* Save off the lower level interrupt handler */
80849 @@ -1001,7 +1001,7 @@ static irqreturn_t ioc4_intr(int irq, void *arg)
80850
80851 soft = arg;
80852 for (intr_type = 0; intr_type < IOC4_NUM_INTR_TYPES; intr_type++) {
80853 - num_intrs = (int)atomic_read(
80854 + num_intrs = (int)atomic_read_unchecked(
80855 &soft->is_intr_type[intr_type].is_num_intrs);
80856
80857 this_mir = this_ir = pending_intrs(soft, intr_type);
80858 diff --git a/drivers/tty/serial/jsm/jsm_driver.c b/drivers/tty/serial/jsm/jsm_driver.c
80859 index a119f11..120444e 100644
80860 --- a/drivers/tty/serial/jsm/jsm_driver.c
80861 +++ b/drivers/tty/serial/jsm/jsm_driver.c
80862 @@ -336,7 +336,7 @@ static struct pci_driver jsm_driver = {
80863 };
80864
80865 static pci_ers_result_t jsm_io_error_detected(struct pci_dev *pdev,
80866 - pci_channel_state_t state)
80867 + enum pci_channel_state state)
80868 {
80869 struct jsm_board *brd = pci_get_drvdata(pdev);
80870
80871 diff --git a/drivers/tty/serial/kgdb_nmi.c b/drivers/tty/serial/kgdb_nmi.c
80872 index 117df15..8f7486f 100644
80873 --- a/drivers/tty/serial/kgdb_nmi.c
80874 +++ b/drivers/tty/serial/kgdb_nmi.c
80875 @@ -53,7 +53,9 @@ static int kgdb_nmi_console_setup(struct console *co, char *options)
80876 * I/O utilities that messages sent to the console will automatically
80877 * be displayed on the dbg_io.
80878 */
80879 - dbg_io_ops->is_console = true;
80880 + pax_open_kernel();
80881 + const_cast(dbg_io_ops->is_console) = true;
80882 + pax_close_kernel();
80883
80884 return 0;
80885 }
80886 diff --git a/drivers/tty/serial/kgdboc.c b/drivers/tty/serial/kgdboc.c
80887 index a260cde..604fce9 100644
80888 --- a/drivers/tty/serial/kgdboc.c
80889 +++ b/drivers/tty/serial/kgdboc.c
80890 @@ -24,8 +24,9 @@
80891 #define MAX_CONFIG_LEN 40
80892
80893 static struct kgdb_io kgdboc_io_ops;
80894 +static struct kgdb_io kgdboc_io_ops_console;
80895
80896 -/* -1 = init not run yet, 0 = unconfigured, 1 = configured. */
80897 +/* -1 = init not run yet, 0 = unconfigured, 1/2 = configured. */
80898 static int configured = -1;
80899
80900 static char config[MAX_CONFIG_LEN];
80901 @@ -151,6 +152,8 @@ static void cleanup_kgdboc(void)
80902 kgdboc_unregister_kbd();
80903 if (configured == 1)
80904 kgdb_unregister_io_module(&kgdboc_io_ops);
80905 + else if (configured == 2)
80906 + kgdb_unregister_io_module(&kgdboc_io_ops_console);
80907 }
80908
80909 static int configure_kgdboc(void)
80910 @@ -160,13 +163,13 @@ static int configure_kgdboc(void)
80911 int err;
80912 char *cptr = config;
80913 struct console *cons;
80914 + int is_console = 0;
80915
80916 err = kgdboc_option_setup(config);
80917 if (err || !strlen(config) || isspace(config[0]))
80918 goto noconfig;
80919
80920 err = -ENODEV;
80921 - kgdboc_io_ops.is_console = 0;
80922 kgdb_tty_driver = NULL;
80923
80924 kgdboc_use_kms = 0;
80925 @@ -187,7 +190,7 @@ static int configure_kgdboc(void)
80926 int idx;
80927 if (cons->device && cons->device(cons, &idx) == p &&
80928 idx == tty_line) {
80929 - kgdboc_io_ops.is_console = 1;
80930 + is_console = 1;
80931 break;
80932 }
80933 cons = cons->next;
80934 @@ -197,7 +200,13 @@ static int configure_kgdboc(void)
80935 kgdb_tty_line = tty_line;
80936
80937 do_register:
80938 - err = kgdb_register_io_module(&kgdboc_io_ops);
80939 + if (is_console) {
80940 + err = kgdb_register_io_module(&kgdboc_io_ops_console);
80941 + configured = 2;
80942 + } else {
80943 + err = kgdb_register_io_module(&kgdboc_io_ops);
80944 + configured = 1;
80945 + }
80946 if (err)
80947 goto noconfig;
80948
80949 @@ -205,8 +214,6 @@ do_register:
80950 if (err)
80951 goto nmi_con_failed;
80952
80953 - configured = 1;
80954 -
80955 return 0;
80956
80957 nmi_con_failed:
80958 @@ -223,7 +230,7 @@ noconfig:
80959 static int __init init_kgdboc(void)
80960 {
80961 /* Already configured? */
80962 - if (configured == 1)
80963 + if (configured >= 1)
80964 return 0;
80965
80966 return configure_kgdboc();
80967 @@ -245,7 +252,7 @@ static void kgdboc_put_char(u8 chr)
80968 kgdb_tty_line, chr);
80969 }
80970
80971 -static int param_set_kgdboc_var(const char *kmessage, struct kernel_param *kp)
80972 +static int param_set_kgdboc_var(const char *kmessage, const struct kernel_param *kp)
80973 {
80974 int len = strlen(kmessage);
80975
80976 @@ -272,7 +279,7 @@ static int param_set_kgdboc_var(const char *kmessage, struct kernel_param *kp)
80977 if (config[len - 1] == '\n')
80978 config[len - 1] = '\0';
80979
80980 - if (configured == 1)
80981 + if (configured >= 1)
80982 cleanup_kgdboc();
80983
80984 /* Go and configure with the new params. */
80985 @@ -312,6 +319,15 @@ static struct kgdb_io kgdboc_io_ops = {
80986 .post_exception = kgdboc_post_exp_handler,
80987 };
80988
80989 +static struct kgdb_io kgdboc_io_ops_console = {
80990 + .name = "kgdboc",
80991 + .read_char = kgdboc_get_char,
80992 + .write_char = kgdboc_put_char,
80993 + .pre_exception = kgdboc_pre_exp_handler,
80994 + .post_exception = kgdboc_post_exp_handler,
80995 + .is_console = 1
80996 +};
80997 +
80998 #ifdef CONFIG_KGDB_SERIAL_CONSOLE
80999 /* This is only available if kgdboc is a built in for early debugging */
81000 static int __init kgdboc_early_init(char *opt)
81001 diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c
81002 index 7312e7e..0a0f8b6 100644
81003 --- a/drivers/tty/serial/msm_serial.c
81004 +++ b/drivers/tty/serial/msm_serial.c
81005 @@ -1726,7 +1726,7 @@ static struct uart_driver msm_uart_driver = {
81006 .cons = MSM_CONSOLE,
81007 };
81008
81009 -static atomic_t msm_uart_next_id = ATOMIC_INIT(0);
81010 +static atomic_unchecked_t msm_uart_next_id = ATOMIC_INIT(0);
81011
81012 static const struct of_device_id msm_uartdm_table[] = {
81013 { .compatible = "qcom,msm-uartdm-v1.1", .data = (void *)UARTDM_1P1 },
81014 @@ -1750,7 +1750,7 @@ static int msm_serial_probe(struct platform_device *pdev)
81015 line = pdev->id;
81016
81017 if (line < 0)
81018 - line = atomic_inc_return(&msm_uart_next_id) - 1;
81019 + line = atomic_inc_return_unchecked(&msm_uart_next_id) - 1;
81020
81021 if (unlikely(line < 0 || line >= UART_NR))
81022 return -ENXIO;
81023 diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c
81024 index ae2095a..a3cec83 100644
81025 --- a/drivers/tty/serial/samsung.c
81026 +++ b/drivers/tty/serial/samsung.c
81027 @@ -976,11 +976,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port)
81028 ourport->tx_in_progress = 0;
81029 }
81030
81031 +static int s3c64xx_serial_startup(struct uart_port *port);
81032 static int s3c24xx_serial_startup(struct uart_port *port)
81033 {
81034 struct s3c24xx_uart_port *ourport = to_ourport(port);
81035 int ret;
81036
81037 + /* Startup sequence is different for s3c64xx and higher SoC's */
81038 + if (s3c24xx_serial_has_interrupt_mask(port))
81039 + return s3c64xx_serial_startup(port);
81040 +
81041 dbg("s3c24xx_serial_startup: port=%p (%08llx,%p)\n",
81042 port, (unsigned long long)port->mapbase, port->membase);
81043
81044 @@ -1687,10 +1692,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport,
81045 /* setup info for port */
81046 port->dev = &platdev->dev;
81047
81048 - /* Startup sequence is different for s3c64xx and higher SoC's */
81049 - if (s3c24xx_serial_has_interrupt_mask(port))
81050 - s3c24xx_serial_ops.startup = s3c64xx_serial_startup;
81051 -
81052 port->uartclk = 1;
81053
81054 if (cfg->uart_flags & UPF_CONS_FLOW) {
81055 diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
81056 index 9fc1533..01c5972 100644
81057 --- a/drivers/tty/serial/serial_core.c
81058 +++ b/drivers/tty/serial/serial_core.c
81059 @@ -1473,7 +1473,7 @@ static void uart_close(struct tty_struct *tty, struct file *filp)
81060 state = drv->state + tty->index;
81061 port = &state->port;
81062 spin_lock_irq(&port->lock);
81063 - --port->count;
81064 + atomic_dec(&port->count);
81065 spin_unlock_irq(&port->lock);
81066 return;
81067 }
81068 @@ -1614,7 +1614,7 @@ static void uart_hangup(struct tty_struct *tty)
81069 uart_flush_buffer(tty);
81070 uart_shutdown(tty, state);
81071 spin_lock_irqsave(&port->lock, flags);
81072 - port->count = 0;
81073 + atomic_set(&port->count, 0);
81074 spin_unlock_irqrestore(&port->lock, flags);
81075 tty_port_set_active(port, 0);
81076 tty_port_tty_set(port, NULL);
81077 @@ -1717,7 +1717,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp)
81078 pr_debug("uart_open(%d) called\n", line);
81079
81080 spin_lock_irq(&port->lock);
81081 - ++port->count;
81082 + atomic_inc(&port->count);
81083 spin_unlock_irq(&port->lock);
81084
81085 /*
81086 diff --git a/drivers/tty/synclink.c b/drivers/tty/synclink.c
81087 index c13e27e..335a512 100644
81088 --- a/drivers/tty/synclink.c
81089 +++ b/drivers/tty/synclink.c
81090 @@ -3075,7 +3075,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp)
81091
81092 if (debug_level >= DEBUG_LEVEL_INFO)
81093 printk("%s(%d):mgsl_close(%s) entry, count=%d\n",
81094 - __FILE__,__LINE__, info->device_name, info->port.count);
81095 + __FILE__,__LINE__, info->device_name, atomic_read(&info->port.count));
81096
81097 if (tty_port_close_start(&info->port, tty, filp) == 0)
81098 goto cleanup;
81099 @@ -3093,7 +3093,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp)
81100 cleanup:
81101 if (debug_level >= DEBUG_LEVEL_INFO)
81102 printk("%s(%d):mgsl_close(%s) exit, count=%d\n", __FILE__,__LINE__,
81103 - tty->driver->name, info->port.count);
81104 + tty->driver->name, atomic_read(&info->port.count));
81105
81106 } /* end of mgsl_close() */
81107
81108 @@ -3192,8 +3192,8 @@ static void mgsl_hangup(struct tty_struct *tty)
81109
81110 mgsl_flush_buffer(tty);
81111 shutdown(info);
81112 -
81113 - info->port.count = 0;
81114 +
81115 + atomic_set(&info->port.count, 0);
81116 tty_port_set_active(&info->port, 0);
81117 info->port.tty = NULL;
81118
81119 @@ -3281,10 +3281,10 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp,
81120
81121 if (debug_level >= DEBUG_LEVEL_INFO)
81122 printk("%s(%d):block_til_ready before block on %s count=%d\n",
81123 - __FILE__,__LINE__, tty->driver->name, port->count );
81124 + __FILE__,__LINE__, tty->driver->name, atomic_read(&port->count));
81125
81126 spin_lock_irqsave(&info->irq_spinlock, flags);
81127 - port->count--;
81128 + atomic_dec(&port->count);
81129 spin_unlock_irqrestore(&info->irq_spinlock, flags);
81130 port->blocked_open++;
81131
81132 @@ -3311,7 +3311,7 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp,
81133
81134 if (debug_level >= DEBUG_LEVEL_INFO)
81135 printk("%s(%d):block_til_ready blocking on %s count=%d\n",
81136 - __FILE__,__LINE__, tty->driver->name, port->count );
81137 + __FILE__,__LINE__, tty->driver->name, atomic_read(&port->count));
81138
81139 tty_unlock(tty);
81140 schedule();
81141 @@ -3323,12 +3323,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp,
81142
81143 /* FIXME: Racy on hangup during close wait */
81144 if (!tty_hung_up_p(filp))
81145 - port->count++;
81146 + atomic_inc(&port->count);
81147 port->blocked_open--;
81148
81149 if (debug_level >= DEBUG_LEVEL_INFO)
81150 printk("%s(%d):block_til_ready after blocking on %s count=%d\n",
81151 - __FILE__,__LINE__, tty->driver->name, port->count );
81152 + __FILE__,__LINE__, tty->driver->name, atomic_read(&port->count));
81153
81154 if (!retval)
81155 tty_port_set_active(port, 1);
81156 @@ -3380,7 +3380,7 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp)
81157
81158 if (debug_level >= DEBUG_LEVEL_INFO)
81159 printk("%s(%d):mgsl_open(%s), old ref count = %d\n",
81160 - __FILE__,__LINE__,tty->driver->name, info->port.count);
81161 + __FILE__,__LINE__,tty->driver->name, atomic_read(&info->port.count));
81162
81163 info->port.low_latency = (info->port.flags & ASYNC_LOW_LATENCY) ? 1 : 0;
81164
81165 @@ -3390,10 +3390,10 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp)
81166 spin_unlock_irqrestore(&info->netlock, flags);
81167 goto cleanup;
81168 }
81169 - info->port.count++;
81170 + atomic_inc(&info->port.count);
81171 spin_unlock_irqrestore(&info->netlock, flags);
81172
81173 - if (info->port.count == 1) {
81174 + if (atomic_read(&info->port.count) == 1) {
81175 /* 1st open on this device, init hardware */
81176 retval = startup(info);
81177 if (retval < 0)
81178 @@ -3417,8 +3417,8 @@ cleanup:
81179 if (retval) {
81180 if (tty->count == 1)
81181 info->port.tty = NULL; /* tty layer will release tty struct */
81182 - if(info->port.count)
81183 - info->port.count--;
81184 + if (atomic_read(&info->port.count))
81185 + atomic_dec(&info->port.count);
81186 }
81187
81188 return retval;
81189 @@ -7637,7 +7637,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
81190 unsigned short new_crctype;
81191
81192 /* return error if TTY interface open */
81193 - if (info->port.count)
81194 + if (atomic_read(&info->port.count))
81195 return -EBUSY;
81196
81197 switch (encoding)
81198 @@ -7733,7 +7733,7 @@ static int hdlcdev_open(struct net_device *dev)
81199
81200 /* arbitrate between network and tty opens */
81201 spin_lock_irqsave(&info->netlock, flags);
81202 - if (info->port.count != 0 || info->netcount != 0) {
81203 + if (atomic_read(&info->port.count) != 0 || info->netcount != 0) {
81204 printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name);
81205 spin_unlock_irqrestore(&info->netlock, flags);
81206 return -EBUSY;
81207 @@ -7819,7 +7819,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
81208 printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name);
81209
81210 /* return error if TTY interface open */
81211 - if (info->port.count)
81212 + if (atomic_read(&info->port.count))
81213 return -EBUSY;
81214
81215 if (cmd != SIOCWANDEV)
81216 diff --git a/drivers/tty/synclink_gt.c b/drivers/tty/synclink_gt.c
81217 index 7aca2d4..45a7121 100644
81218 --- a/drivers/tty/synclink_gt.c
81219 +++ b/drivers/tty/synclink_gt.c
81220 @@ -670,7 +670,7 @@ static int open(struct tty_struct *tty, struct file *filp)
81221 tty->driver_data = info;
81222 info->port.tty = tty;
81223
81224 - DBGINFO(("%s open, old ref count = %d\n", info->device_name, info->port.count));
81225 + DBGINFO(("%s open, old ref count = %d\n", info->device_name, atomic_read(&info->port.count)));
81226
81227 mutex_lock(&info->port.mutex);
81228 info->port.low_latency = (info->port.flags & ASYNC_LOW_LATENCY) ? 1 : 0;
81229 @@ -682,10 +682,10 @@ static int open(struct tty_struct *tty, struct file *filp)
81230 mutex_unlock(&info->port.mutex);
81231 goto cleanup;
81232 }
81233 - info->port.count++;
81234 + atomic_inc(&info->port.count);
81235 spin_unlock_irqrestore(&info->netlock, flags);
81236
81237 - if (info->port.count == 1) {
81238 + if (atomic_read(&info->port.count) == 1) {
81239 /* 1st open on this device, init hardware */
81240 retval = startup(info);
81241 if (retval < 0) {
81242 @@ -706,8 +706,8 @@ cleanup:
81243 if (retval) {
81244 if (tty->count == 1)
81245 info->port.tty = NULL; /* tty layer will release tty struct */
81246 - if(info->port.count)
81247 - info->port.count--;
81248 + if(atomic_read(&info->port.count))
81249 + atomic_dec(&info->port.count);
81250 }
81251
81252 DBGINFO(("%s open rc=%d\n", info->device_name, retval));
81253 @@ -720,7 +720,7 @@ static void close(struct tty_struct *tty, struct file *filp)
81254
81255 if (sanity_check(info, tty->name, "close"))
81256 return;
81257 - DBGINFO(("%s close entry, count=%d\n", info->device_name, info->port.count));
81258 + DBGINFO(("%s close entry, count=%d\n", info->device_name, atomic_read(&info->port.count)));
81259
81260 if (tty_port_close_start(&info->port, tty, filp) == 0)
81261 goto cleanup;
81262 @@ -737,7 +737,7 @@ static void close(struct tty_struct *tty, struct file *filp)
81263 tty_port_close_end(&info->port, tty);
81264 info->port.tty = NULL;
81265 cleanup:
81266 - DBGINFO(("%s close exit, count=%d\n", tty->driver->name, info->port.count));
81267 + DBGINFO(("%s close exit, count=%d\n", tty->driver->name, atomic_read(&info->port.count)));
81268 }
81269
81270 static void hangup(struct tty_struct *tty)
81271 @@ -755,7 +755,7 @@ static void hangup(struct tty_struct *tty)
81272 shutdown(info);
81273
81274 spin_lock_irqsave(&info->port.lock, flags);
81275 - info->port.count = 0;
81276 + atomic_set(&info->port.count, 0);
81277 info->port.tty = NULL;
81278 spin_unlock_irqrestore(&info->port.lock, flags);
81279 tty_port_set_active(&info->port, 0);
81280 @@ -1435,7 +1435,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
81281 unsigned short new_crctype;
81282
81283 /* return error if TTY interface open */
81284 - if (info->port.count)
81285 + if (atomic_read(&info->port.count))
81286 return -EBUSY;
81287
81288 DBGINFO(("%s hdlcdev_attach\n", info->device_name));
81289 @@ -1531,7 +1531,7 @@ static int hdlcdev_open(struct net_device *dev)
81290
81291 /* arbitrate between network and tty opens */
81292 spin_lock_irqsave(&info->netlock, flags);
81293 - if (info->port.count != 0 || info->netcount != 0) {
81294 + if (atomic_read(&info->port.count) != 0 || info->netcount != 0) {
81295 DBGINFO(("%s hdlc_open busy\n", dev->name));
81296 spin_unlock_irqrestore(&info->netlock, flags);
81297 return -EBUSY;
81298 @@ -1616,7 +1616,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
81299 DBGINFO(("%s hdlcdev_ioctl\n", dev->name));
81300
81301 /* return error if TTY interface open */
81302 - if (info->port.count)
81303 + if (atomic_read(&info->port.count))
81304 return -EBUSY;
81305
81306 if (cmd != SIOCWANDEV)
81307 @@ -2403,7 +2403,7 @@ static irqreturn_t slgt_interrupt(int dummy, void *dev_id)
81308 if (port == NULL)
81309 continue;
81310 spin_lock(&port->lock);
81311 - if ((port->port.count || port->netcount) &&
81312 + if ((atomic_read(&port->port.count) || port->netcount) &&
81313 port->pending_bh && !port->bh_running &&
81314 !port->bh_requested) {
81315 DBGISR(("%s bh queued\n", port->device_name));
81316 @@ -3282,7 +3282,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp,
81317 add_wait_queue(&port->open_wait, &wait);
81318
81319 spin_lock_irqsave(&info->lock, flags);
81320 - port->count--;
81321 + atomic_dec(&port->count);
81322 spin_unlock_irqrestore(&info->lock, flags);
81323 port->blocked_open++;
81324
81325 @@ -3317,7 +3317,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp,
81326 remove_wait_queue(&port->open_wait, &wait);
81327
81328 if (!tty_hung_up_p(filp))
81329 - port->count++;
81330 + atomic_inc(&port->count);
81331 port->blocked_open--;
81332
81333 if (!retval)
81334 diff --git a/drivers/tty/synclinkmp.c b/drivers/tty/synclinkmp.c
81335 index dec1565..bbf9fcc 100644
81336 --- a/drivers/tty/synclinkmp.c
81337 +++ b/drivers/tty/synclinkmp.c
81338 @@ -750,7 +750,7 @@ static int open(struct tty_struct *tty, struct file *filp)
81339
81340 if (debug_level >= DEBUG_LEVEL_INFO)
81341 printk("%s(%d):%s open(), old ref count = %d\n",
81342 - __FILE__,__LINE__,tty->driver->name, info->port.count);
81343 + __FILE__,__LINE__,tty->driver->name, atomic_read(&info->port.count));
81344
81345 info->port.low_latency = (info->port.flags & ASYNC_LOW_LATENCY) ? 1 : 0;
81346
81347 @@ -760,10 +760,10 @@ static int open(struct tty_struct *tty, struct file *filp)
81348 spin_unlock_irqrestore(&info->netlock, flags);
81349 goto cleanup;
81350 }
81351 - info->port.count++;
81352 + atomic_inc(&info->port.count);
81353 spin_unlock_irqrestore(&info->netlock, flags);
81354
81355 - if (info->port.count == 1) {
81356 + if (atomic_read(&info->port.count) == 1) {
81357 /* 1st open on this device, init hardware */
81358 retval = startup(info);
81359 if (retval < 0)
81360 @@ -787,8 +787,8 @@ cleanup:
81361 if (retval) {
81362 if (tty->count == 1)
81363 info->port.tty = NULL; /* tty layer will release tty struct */
81364 - if(info->port.count)
81365 - info->port.count--;
81366 + if(atomic_read(&info->port.count))
81367 + atomic_dec(&info->port.count);
81368 }
81369
81370 return retval;
81371 @@ -806,7 +806,7 @@ static void close(struct tty_struct *tty, struct file *filp)
81372
81373 if (debug_level >= DEBUG_LEVEL_INFO)
81374 printk("%s(%d):%s close() entry, count=%d\n",
81375 - __FILE__,__LINE__, info->device_name, info->port.count);
81376 + __FILE__,__LINE__, info->device_name, atomic_read(&info->port.count));
81377
81378 if (tty_port_close_start(&info->port, tty, filp) == 0)
81379 goto cleanup;
81380 @@ -825,7 +825,7 @@ static void close(struct tty_struct *tty, struct file *filp)
81381 cleanup:
81382 if (debug_level >= DEBUG_LEVEL_INFO)
81383 printk("%s(%d):%s close() exit, count=%d\n", __FILE__,__LINE__,
81384 - tty->driver->name, info->port.count);
81385 + tty->driver->name, atomic_read(&info->port.count));
81386 }
81387
81388 /* Called by tty_hangup() when a hangup is signaled.
81389 @@ -848,7 +848,7 @@ static void hangup(struct tty_struct *tty)
81390 shutdown(info);
81391
81392 spin_lock_irqsave(&info->port.lock, flags);
81393 - info->port.count = 0;
81394 + atomic_set(&info->port.count, 0);
81395 info->port.tty = NULL;
81396 spin_unlock_irqrestore(&info->port.lock, flags);
81397 tty_port_set_active(&info->port, 1);
81398 @@ -1551,7 +1551,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
81399 unsigned short new_crctype;
81400
81401 /* return error if TTY interface open */
81402 - if (info->port.count)
81403 + if (atomic_read(&info->port.count))
81404 return -EBUSY;
81405
81406 switch (encoding)
81407 @@ -1647,7 +1647,7 @@ static int hdlcdev_open(struct net_device *dev)
81408
81409 /* arbitrate between network and tty opens */
81410 spin_lock_irqsave(&info->netlock, flags);
81411 - if (info->port.count != 0 || info->netcount != 0) {
81412 + if (atomic_read(&info->port.count) != 0 || info->netcount != 0) {
81413 printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name);
81414 spin_unlock_irqrestore(&info->netlock, flags);
81415 return -EBUSY;
81416 @@ -1733,7 +1733,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
81417 printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name);
81418
81419 /* return error if TTY interface open */
81420 - if (info->port.count)
81421 + if (atomic_read(&info->port.count))
81422 return -EBUSY;
81423
81424 if (cmd != SIOCWANDEV)
81425 @@ -2610,7 +2610,7 @@ static irqreturn_t synclinkmp_interrupt(int dummy, void *dev_id)
81426 * do not request bottom half processing if the
81427 * device is not open in a normal mode.
81428 */
81429 - if ( port && (port->port.count || port->netcount) &&
81430 + if ( port && (atomic_read(&port->port.count) || port->netcount) &&
81431 port->pending_bh && !port->bh_running &&
81432 !port->bh_requested ) {
81433 if ( debug_level >= DEBUG_LEVEL_ISR )
81434 @@ -3300,10 +3300,10 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp,
81435
81436 if (debug_level >= DEBUG_LEVEL_INFO)
81437 printk("%s(%d):%s block_til_ready() before block, count=%d\n",
81438 - __FILE__,__LINE__, tty->driver->name, port->count );
81439 + __FILE__,__LINE__, tty->driver->name, atomic_read(&port->count));
81440
81441 spin_lock_irqsave(&info->lock, flags);
81442 - port->count--;
81443 + atomic_dec(&port->count);
81444 spin_unlock_irqrestore(&info->lock, flags);
81445 port->blocked_open++;
81446
81447 @@ -3330,7 +3330,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp,
81448
81449 if (debug_level >= DEBUG_LEVEL_INFO)
81450 printk("%s(%d):%s block_til_ready() count=%d\n",
81451 - __FILE__,__LINE__, tty->driver->name, port->count );
81452 + __FILE__,__LINE__, tty->driver->name, atomic_read(&port->count));
81453
81454 tty_unlock(tty);
81455 schedule();
81456 @@ -3340,12 +3340,12 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp,
81457 set_current_state(TASK_RUNNING);
81458 remove_wait_queue(&port->open_wait, &wait);
81459 if (!tty_hung_up_p(filp))
81460 - port->count++;
81461 + atomic_inc(&port->count);
81462 port->blocked_open--;
81463
81464 if (debug_level >= DEBUG_LEVEL_INFO)
81465 printk("%s(%d):%s block_til_ready() after, count=%d\n",
81466 - __FILE__,__LINE__, tty->driver->name, port->count );
81467 + __FILE__,__LINE__, tty->driver->name, atomic_read(&port->count));
81468
81469 if (!retval)
81470 tty_port_set_active(port, 1);
81471 diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
81472 index 52bbd27..7846d42 100644
81473 --- a/drivers/tty/sysrq.c
81474 +++ b/drivers/tty/sysrq.c
81475 @@ -1090,7 +1090,7 @@ EXPORT_SYMBOL(unregister_sysrq_key);
81476 static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
81477 size_t count, loff_t *ppos)
81478 {
81479 - if (count) {
81480 + if (count && capable(CAP_SYS_ADMIN)) {
81481 char c;
81482
81483 if (get_user(c, buf))
81484 diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
81485 index 734a635..0518bb7 100644
81486 --- a/drivers/tty/tty_io.c
81487 +++ b/drivers/tty/tty_io.c
81488 @@ -105,6 +105,8 @@
81489 #include <linux/kmod.h>
81490 #include <linux/nsproxy.h>
81491
81492 +#include <linux/grsecurity.h>
81493 +
81494 #undef TTY_DEBUG_HANGUP
81495 #ifdef TTY_DEBUG_HANGUP
81496 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
81497 @@ -2286,6 +2288,8 @@ static int tiocsti(struct tty_struct *tty, char __user *p)
81498 char ch, mbz = 0;
81499 struct tty_ldisc *ld;
81500
81501 + if (gr_handle_tiocsti(tty))
81502 + return -EPERM;
81503 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
81504 return -EPERM;
81505 if (get_user(ch, p))
81506 @@ -3560,7 +3564,7 @@ EXPORT_SYMBOL(tty_devnum);
81507
81508 void tty_default_fops(struct file_operations *fops)
81509 {
81510 - *fops = tty_fops;
81511 + memcpy((void *)fops, &tty_fops, sizeof(tty_fops));
81512 }
81513
81514 /*
81515 diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c
81516 index 68947f6..1f85fef2 100644
81517 --- a/drivers/tty/tty_ldisc.c
81518 +++ b/drivers/tty/tty_ldisc.c
81519 @@ -68,7 +68,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc)
81520 raw_spin_lock_irqsave(&tty_ldiscs_lock, flags);
81521 tty_ldiscs[disc] = new_ldisc;
81522 new_ldisc->num = disc;
81523 - new_ldisc->refcount = 0;
81524 + atomic_set(&new_ldisc->refcount, 0);
81525 raw_spin_unlock_irqrestore(&tty_ldiscs_lock, flags);
81526
81527 return ret;
81528 @@ -96,7 +96,7 @@ int tty_unregister_ldisc(int disc)
81529 return -EINVAL;
81530
81531 raw_spin_lock_irqsave(&tty_ldiscs_lock, flags);
81532 - if (tty_ldiscs[disc]->refcount)
81533 + if (atomic_read(&tty_ldiscs[disc]->refcount))
81534 ret = -EBUSY;
81535 else
81536 tty_ldiscs[disc] = NULL;
81537 @@ -117,7 +117,7 @@ static struct tty_ldisc_ops *get_ldops(int disc)
81538 if (ldops) {
81539 ret = ERR_PTR(-EAGAIN);
81540 if (try_module_get(ldops->owner)) {
81541 - ldops->refcount++;
81542 + atomic_inc(&ldops->refcount);
81543 ret = ldops;
81544 }
81545 }
81546 @@ -130,7 +130,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops)
81547 unsigned long flags;
81548
81549 raw_spin_lock_irqsave(&tty_ldiscs_lock, flags);
81550 - ldops->refcount--;
81551 + atomic_dec(&ldops->refcount);
81552 module_put(ldops->owner);
81553 raw_spin_unlock_irqrestore(&tty_ldiscs_lock, flags);
81554 }
81555 diff --git a/drivers/tty/tty_port.c b/drivers/tty/tty_port.c
81556 index c3f9d93..f81070c 100644
81557 --- a/drivers/tty/tty_port.c
81558 +++ b/drivers/tty/tty_port.c
81559 @@ -236,7 +236,7 @@ void tty_port_hangup(struct tty_port *port)
81560 unsigned long flags;
81561
81562 spin_lock_irqsave(&port->lock, flags);
81563 - port->count = 0;
81564 + atomic_set(&port->count, 0);
81565 tty = port->tty;
81566 if (tty)
81567 set_bit(TTY_IO_ERROR, &tty->flags);
81568 @@ -388,7 +388,7 @@ int tty_port_block_til_ready(struct tty_port *port,
81569
81570 /* The port lock protects the port counts */
81571 spin_lock_irqsave(&port->lock, flags);
81572 - port->count--;
81573 + atomic_dec(&port->count);
81574 port->blocked_open++;
81575 spin_unlock_irqrestore(&port->lock, flags);
81576
81577 @@ -429,7 +429,7 @@ int tty_port_block_til_ready(struct tty_port *port,
81578 we must not mess that up further */
81579 spin_lock_irqsave(&port->lock, flags);
81580 if (!tty_hung_up_p(filp))
81581 - port->count++;
81582 + atomic_inc(&port->count);
81583 port->blocked_open--;
81584 spin_unlock_irqrestore(&port->lock, flags);
81585 if (retval == 0)
81586 @@ -462,18 +462,18 @@ int tty_port_close_start(struct tty_port *port,
81587 return 0;
81588
81589 spin_lock_irqsave(&port->lock, flags);
81590 - if (tty->count == 1 && port->count != 1) {
81591 + if (tty->count == 1 && atomic_read(&port->count) != 1) {
81592 tty_warn(tty, "%s: tty->count = 1 port count = %d\n", __func__,
81593 - port->count);
81594 - port->count = 1;
81595 + atomic_read(&port->count));
81596 + atomic_set(&port->count, 1);
81597 }
81598 - if (--port->count < 0) {
81599 + if (atomic_dec_return(&port->count) < 0) {
81600 tty_warn(tty, "%s: bad port count (%d)\n", __func__,
81601 - port->count);
81602 - port->count = 0;
81603 + atomic_read(&port->count));
81604 + atomic_set(&port->count, 0);
81605 }
81606
81607 - if (port->count) {
81608 + if (atomic_read(&port->count)) {
81609 spin_unlock_irqrestore(&port->lock, flags);
81610 return 0;
81611 }
81612 @@ -567,7 +567,7 @@ int tty_port_open(struct tty_port *port, struct tty_struct *tty,
81613 struct file *filp)
81614 {
81615 spin_lock_irq(&port->lock);
81616 - ++port->count;
81617 + atomic_inc(&port->count);
81618 spin_unlock_irq(&port->lock);
81619 tty_port_tty_set(port, tty);
81620
81621 diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c
81622 index 0f8caae..07939b5 100644
81623 --- a/drivers/tty/vt/keyboard.c
81624 +++ b/drivers/tty/vt/keyboard.c
81625 @@ -630,6 +630,16 @@ static void k_spec(struct vc_data *vc, unsigned char value, char up_flag)
81626 kbd->kbdmode == VC_OFF) &&
81627 value != KVAL(K_SAK))
81628 return; /* SAK is allowed even in raw mode */
81629 +
81630 +#if defined(CONFIG_GRKERNSEC_PROC) || defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
81631 + {
81632 + void *func = fn_handler[value];
81633 + if (func == fn_show_state || func == fn_show_ptregs ||
81634 + func == fn_show_mem)
81635 + return;
81636 + }
81637 +#endif
81638 +
81639 fn_handler[value](vc);
81640 }
81641
81642 @@ -1858,9 +1868,6 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm,
81643 if (copy_from_user(&tmp, user_kbe, sizeof(struct kbentry)))
81644 return -EFAULT;
81645
81646 - if (!capable(CAP_SYS_TTY_CONFIG))
81647 - perm = 0;
81648 -
81649 switch (cmd) {
81650 case KDGKBENT:
81651 /* Ensure another thread doesn't free it under us */
81652 @@ -1875,6 +1882,9 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm,
81653 spin_unlock_irqrestore(&kbd_event_lock, flags);
81654 return put_user(val, &user_kbe->kb_value);
81655 case KDSKBENT:
81656 + if (!capable(CAP_SYS_TTY_CONFIG))
81657 + perm = 0;
81658 +
81659 if (!perm)
81660 return -EPERM;
81661 if (!i && v == K_NOSUCHMAP) {
81662 @@ -1965,9 +1975,6 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm)
81663 int i, j, k;
81664 int ret;
81665
81666 - if (!capable(CAP_SYS_TTY_CONFIG))
81667 - perm = 0;
81668 -
81669 kbs = kmalloc(sizeof(*kbs), GFP_KERNEL);
81670 if (!kbs) {
81671 ret = -ENOMEM;
81672 @@ -2001,6 +2008,9 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm)
81673 kfree(kbs);
81674 return ((p && *p) ? -EOVERFLOW : 0);
81675 case KDSKBSENT:
81676 + if (!capable(CAP_SYS_TTY_CONFIG))
81677 + perm = 0;
81678 +
81679 if (!perm) {
81680 ret = -EPERM;
81681 goto reterr;
81682 diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
81683 index fba021f..977a54e 100644
81684 --- a/drivers/uio/uio.c
81685 +++ b/drivers/uio/uio.c
81686 @@ -25,6 +25,7 @@
81687 #include <linux/kobject.h>
81688 #include <linux/cdev.h>
81689 #include <linux/uio_driver.h>
81690 +#include <asm/local.h>
81691
81692 #define UIO_MAX_DEVICES (1U << MINORBITS)
81693
81694 @@ -231,7 +232,7 @@ static ssize_t event_show(struct device *dev,
81695 struct device_attribute *attr, char *buf)
81696 {
81697 struct uio_device *idev = dev_get_drvdata(dev);
81698 - return sprintf(buf, "%u\n", (unsigned int)atomic_read(&idev->event));
81699 + return sprintf(buf, "%u\n", (unsigned int)atomic_read_unchecked(&idev->event));
81700 }
81701 static DEVICE_ATTR_RO(event);
81702
81703 @@ -401,7 +402,7 @@ void uio_event_notify(struct uio_info *info)
81704 {
81705 struct uio_device *idev = info->uio_dev;
81706
81707 - atomic_inc(&idev->event);
81708 + atomic_inc_unchecked(&idev->event);
81709 wake_up_interruptible(&idev->wait);
81710 kill_fasync(&idev->async_queue, SIGIO, POLL_IN);
81711 }
81712 @@ -454,7 +455,7 @@ static int uio_open(struct inode *inode, struct file *filep)
81713 }
81714
81715 listener->dev = idev;
81716 - listener->event_count = atomic_read(&idev->event);
81717 + listener->event_count = atomic_read_unchecked(&idev->event);
81718 filep->private_data = listener;
81719
81720 if (idev->info->open) {
81721 @@ -505,7 +506,7 @@ static unsigned int uio_poll(struct file *filep, poll_table *wait)
81722 return -EIO;
81723
81724 poll_wait(filep, &idev->wait, wait);
81725 - if (listener->event_count != atomic_read(&idev->event))
81726 + if (listener->event_count != atomic_read_unchecked(&idev->event))
81727 return POLLIN | POLLRDNORM;
81728 return 0;
81729 }
81730 @@ -530,7 +531,7 @@ static ssize_t uio_read(struct file *filep, char __user *buf,
81731 do {
81732 set_current_state(TASK_INTERRUPTIBLE);
81733
81734 - event_count = atomic_read(&idev->event);
81735 + event_count = atomic_read_unchecked(&idev->event);
81736 if (event_count != listener->event_count) {
81737 __set_current_state(TASK_RUNNING);
81738 if (copy_to_user(buf, &event_count, count))
81739 @@ -588,9 +589,13 @@ static ssize_t uio_write(struct file *filep, const char __user *buf,
81740 static int uio_find_mem_index(struct vm_area_struct *vma)
81741 {
81742 struct uio_device *idev = vma->vm_private_data;
81743 + unsigned long size;
81744
81745 if (vma->vm_pgoff < MAX_UIO_MAPS) {
81746 - if (idev->info->mem[vma->vm_pgoff].size == 0)
81747 + size = idev->info->mem[vma->vm_pgoff].size;
81748 + if (size == 0)
81749 + return -1;
81750 + if (vma->vm_end - vma->vm_start > size)
81751 return -1;
81752 return (int)vma->vm_pgoff;
81753 }
81754 @@ -822,7 +827,7 @@ int __uio_register_device(struct module *owner,
81755 idev->owner = owner;
81756 idev->info = info;
81757 init_waitqueue_head(&idev->wait);
81758 - atomic_set(&idev->event, 0);
81759 + atomic_set_unchecked(&idev->event, 0);
81760
81761 ret = uio_get_minor(idev);
81762 if (ret)
81763 diff --git a/drivers/usb/atm/cxacru.c b/drivers/usb/atm/cxacru.c
81764 index 0a866e9..e0c35aa 100644
81765 --- a/drivers/usb/atm/cxacru.c
81766 +++ b/drivers/usb/atm/cxacru.c
81767 @@ -474,7 +474,7 @@ static ssize_t cxacru_sysfs_store_adsl_config(struct device *dev,
81768 ret = sscanf(buf + pos, "%x=%x%n", &index, &value, &tmp);
81769 if (ret < 2)
81770 return -EINVAL;
81771 - if (index < 0 || index > 0x7f)
81772 + if (index > 0x7f)
81773 return -EINVAL;
81774 if (tmp < 0 || tmp > len - pos)
81775 return -EINVAL;
81776 diff --git a/drivers/usb/atm/usbatm.c b/drivers/usb/atm/usbatm.c
81777 index db322d9..f0f4bc1 100644
81778 --- a/drivers/usb/atm/usbatm.c
81779 +++ b/drivers/usb/atm/usbatm.c
81780 @@ -331,7 +331,7 @@ static void usbatm_extract_one_cell(struct usbatm_data *instance, unsigned char
81781 if (printk_ratelimit())
81782 atm_warn(instance, "%s: OAM not supported (vpi %d, vci %d)!\n",
81783 __func__, vpi, vci);
81784 - atomic_inc(&vcc->stats->rx_err);
81785 + atomic_inc_unchecked(&vcc->stats->rx_err);
81786 return;
81787 }
81788
81789 @@ -358,7 +358,7 @@ static void usbatm_extract_one_cell(struct usbatm_data *instance, unsigned char
81790 if (length > ATM_MAX_AAL5_PDU) {
81791 atm_rldbg(instance, "%s: bogus length %u (vcc: 0x%p)!\n",
81792 __func__, length, vcc);
81793 - atomic_inc(&vcc->stats->rx_err);
81794 + atomic_inc_unchecked(&vcc->stats->rx_err);
81795 goto out;
81796 }
81797
81798 @@ -367,14 +367,14 @@ static void usbatm_extract_one_cell(struct usbatm_data *instance, unsigned char
81799 if (sarb->len < pdu_length) {
81800 atm_rldbg(instance, "%s: bogus pdu_length %u (sarb->len: %u, vcc: 0x%p)!\n",
81801 __func__, pdu_length, sarb->len, vcc);
81802 - atomic_inc(&vcc->stats->rx_err);
81803 + atomic_inc_unchecked(&vcc->stats->rx_err);
81804 goto out;
81805 }
81806
81807 if (crc32_be(~0, skb_tail_pointer(sarb) - pdu_length, pdu_length) != 0xc704dd7b) {
81808 atm_rldbg(instance, "%s: packet failed crc check (vcc: 0x%p)!\n",
81809 __func__, vcc);
81810 - atomic_inc(&vcc->stats->rx_err);
81811 + atomic_inc_unchecked(&vcc->stats->rx_err);
81812 goto out;
81813 }
81814
81815 @@ -387,7 +387,7 @@ static void usbatm_extract_one_cell(struct usbatm_data *instance, unsigned char
81816 if (printk_ratelimit())
81817 atm_err(instance, "%s: no memory for skb (length: %u)!\n",
81818 __func__, length);
81819 - atomic_inc(&vcc->stats->rx_drop);
81820 + atomic_inc_unchecked(&vcc->stats->rx_drop);
81821 goto out;
81822 }
81823
81824 @@ -415,7 +415,7 @@ static void usbatm_extract_one_cell(struct usbatm_data *instance, unsigned char
81825
81826 vcc->push(vcc, skb);
81827
81828 - atomic_inc(&vcc->stats->rx);
81829 + atomic_inc_unchecked(&vcc->stats->rx);
81830 out:
81831 skb_trim(sarb, 0);
81832 }
81833 @@ -613,7 +613,7 @@ static void usbatm_tx_process(unsigned long data)
81834 struct atm_vcc *vcc = UDSL_SKB(skb)->atm.vcc;
81835
81836 usbatm_pop(vcc, skb);
81837 - atomic_inc(&vcc->stats->tx);
81838 + atomic_inc_unchecked(&vcc->stats->tx);
81839
81840 skb = skb_dequeue(&instance->sndqueue);
81841 }
81842 @@ -757,11 +757,11 @@ static int usbatm_atm_proc_read(struct atm_dev *atm_dev, loff_t *pos, char *page
81843 if (!left--)
81844 return sprintf(page,
81845 "AAL5: tx %d ( %d err ), rx %d ( %d err, %d drop )\n",
81846 - atomic_read(&atm_dev->stats.aal5.tx),
81847 - atomic_read(&atm_dev->stats.aal5.tx_err),
81848 - atomic_read(&atm_dev->stats.aal5.rx),
81849 - atomic_read(&atm_dev->stats.aal5.rx_err),
81850 - atomic_read(&atm_dev->stats.aal5.rx_drop));
81851 + atomic_read_unchecked(&atm_dev->stats.aal5.tx),
81852 + atomic_read_unchecked(&atm_dev->stats.aal5.tx_err),
81853 + atomic_read_unchecked(&atm_dev->stats.aal5.rx),
81854 + atomic_read_unchecked(&atm_dev->stats.aal5.rx_err),
81855 + atomic_read_unchecked(&atm_dev->stats.aal5.rx_drop));
81856
81857 if (!left--) {
81858 if (instance->disconnected)
81859 diff --git a/drivers/usb/core/devices.c b/drivers/usb/core/devices.c
81860 index ef04b50..7582d99 100644
81861 --- a/drivers/usb/core/devices.c
81862 +++ b/drivers/usb/core/devices.c
81863 @@ -119,7 +119,7 @@ static const char format_endpt[] =
81864 * time it gets called.
81865 */
81866 static struct device_connect_event {
81867 - atomic_t count;
81868 + atomic_unchecked_t count;
81869 wait_queue_head_t wait;
81870 } device_event = {
81871 .count = ATOMIC_INIT(1),
81872 @@ -157,7 +157,7 @@ static const struct class_info clas_info[] = {
81873
81874 void usbfs_conn_disc_event(void)
81875 {
81876 - atomic_add(2, &device_event.count);
81877 + atomic_add_unchecked(2, &device_event.count);
81878 wake_up(&device_event.wait);
81879 }
81880
81881 @@ -648,7 +648,7 @@ static unsigned int usb_device_poll(struct file *file,
81882
81883 poll_wait(file, &device_event.wait, wait);
81884
81885 - event_count = atomic_read(&device_event.count);
81886 + event_count = atomic_read_unchecked(&device_event.count);
81887 if (file->f_version != event_count) {
81888 file->f_version = event_count;
81889 return POLLIN | POLLRDNORM;
81890 diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
81891 index 09c8d9c..14ee687 100644
81892 --- a/drivers/usb/core/devio.c
81893 +++ b/drivers/usb/core/devio.c
81894 @@ -290,7 +290,7 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
81895 struct usb_dev_state *ps = file->private_data;
81896 struct usb_device *dev = ps->dev;
81897 ssize_t ret = 0;
81898 - unsigned len;
81899 + size_t len;
81900 loff_t pos;
81901 int i;
81902
81903 @@ -332,22 +332,22 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
81904 for (i = 0; nbytes && i < dev->descriptor.bNumConfigurations; i++) {
81905 struct usb_config_descriptor *config =
81906 (struct usb_config_descriptor *)dev->rawdescriptors[i];
81907 - unsigned int length = le16_to_cpu(config->wTotalLength);
81908 + size_t length = le16_to_cpu(config->wTotalLength);
81909
81910 if (*ppos < pos + length) {
81911
81912 /* The descriptor may claim to be longer than it
81913 * really is. Here is the actual allocated length. */
81914 - unsigned alloclen =
81915 + size_t alloclen =
81916 le16_to_cpu(dev->config[i].desc.wTotalLength);
81917
81918 - len = length - (*ppos - pos);
81919 + len = length + pos - *ppos;
81920 if (len > nbytes)
81921 len = nbytes;
81922
81923 /* Simply don't write (skip over) unallocated parts */
81924 if (alloclen > (*ppos - pos)) {
81925 - alloclen -= (*ppos - pos);
81926 + alloclen = alloclen + pos - *ppos;
81927 if (copy_to_user(buf,
81928 dev->rawdescriptors[i] + (*ppos - pos),
81929 min(len, alloclen))) {
81930 @@ -1682,7 +1682,7 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb
81931 }
81932 }
81933 as->urb->dev = ps->dev;
81934 - as->urb->pipe = (uurb->type << 30) |
81935 + as->urb->pipe = ((unsigned int)uurb->type << 30) |
81936 __create_pipe(ps->dev, uurb->endpoint & 0xf) |
81937 (uurb->endpoint & USB_DIR_IN);
81938
81939 diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
81940 index d2e3f65..e389998 100644
81941 --- a/drivers/usb/core/hcd.c
81942 +++ b/drivers/usb/core/hcd.c
81943 @@ -1630,7 +1630,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
81944 */
81945 usb_get_urb(urb);
81946 atomic_inc(&urb->use_count);
81947 - atomic_inc(&urb->dev->urbnum);
81948 + atomic_inc_unchecked(&urb->dev->urbnum);
81949 usbmon_urb_submit(&hcd->self, urb);
81950
81951 /* NOTE requirements on root-hub callers (usbfs and the hub
81952 @@ -1657,7 +1657,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
81953 urb->hcpriv = NULL;
81954 INIT_LIST_HEAD(&urb->urb_list);
81955 atomic_dec(&urb->use_count);
81956 - atomic_dec(&urb->dev->urbnum);
81957 + atomic_dec_unchecked(&urb->dev->urbnum);
81958 if (atomic_read(&urb->reject))
81959 wake_up(&usb_kill_urb_queue);
81960 usb_put_urb(urb);
81961 diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
81962 index 1d5fc32..7dc3bd4 100644
81963 --- a/drivers/usb/core/hub.c
81964 +++ b/drivers/usb/core/hub.c
81965 @@ -26,6 +26,7 @@
81966 #include <linux/mutex.h>
81967 #include <linux/random.h>
81968 #include <linux/pm_qos.h>
81969 +#include <linux/grsecurity.h>
81970
81971 #include <asm/uaccess.h>
81972 #include <asm/byteorder.h>
81973 @@ -4785,6 +4786,10 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
81974 goto done;
81975 return;
81976 }
81977 +
81978 + if (gr_handle_new_usb())
81979 + goto done;
81980 +
81981 if (hub_is_superspeed(hub->hdev))
81982 unit_load = 150;
81983 else
81984 diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c
81985 index c953a0f..54c64f4 100644
81986 --- a/drivers/usb/core/sysfs.c
81987 +++ b/drivers/usb/core/sysfs.c
81988 @@ -259,7 +259,7 @@ static ssize_t urbnum_show(struct device *dev, struct device_attribute *attr,
81989 struct usb_device *udev;
81990
81991 udev = to_usb_device(dev);
81992 - return sprintf(buf, "%d\n", atomic_read(&udev->urbnum));
81993 + return sprintf(buf, "%d\n", atomic_read_unchecked(&udev->urbnum));
81994 }
81995 static DEVICE_ATTR_RO(urbnum);
81996
81997 diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c
81998 index 5e80697..1e91073 100644
81999 --- a/drivers/usb/core/usb.c
82000 +++ b/drivers/usb/core/usb.c
82001 @@ -444,7 +444,7 @@ struct usb_device *usb_alloc_dev(struct usb_device *parent,
82002 set_dev_node(&dev->dev, dev_to_node(bus->controller));
82003 dev->state = USB_STATE_ATTACHED;
82004 dev->lpm_disable_count = 1;
82005 - atomic_set(&dev->urbnum, 0);
82006 + atomic_set_unchecked(&dev->urbnum, 0);
82007
82008 INIT_LIST_HEAD(&dev->ep0.urb_list);
82009 dev->ep0.desc.bLength = USB_DT_ENDPOINT_SIZE;
82010 diff --git a/drivers/usb/early/ehci-dbgp.c b/drivers/usb/early/ehci-dbgp.c
82011 index 12731e6..0391d02 100644
82012 --- a/drivers/usb/early/ehci-dbgp.c
82013 +++ b/drivers/usb/early/ehci-dbgp.c
82014 @@ -98,7 +98,8 @@ static inline u32 dbgp_len_update(u32 x, u32 len)
82015
82016 #ifdef CONFIG_KGDB
82017 static struct kgdb_io kgdbdbgp_io_ops;
82018 -#define dbgp_kgdb_mode (dbg_io_ops == &kgdbdbgp_io_ops)
82019 +static struct kgdb_io kgdbdbgp_io_ops_console;
82020 +#define dbgp_kgdb_mode (dbg_io_ops == &kgdbdbgp_io_ops || dbg_io_ops == &kgdbdbgp_io_ops_console)
82021 #else
82022 #define dbgp_kgdb_mode (0)
82023 #endif
82024 @@ -1043,6 +1044,13 @@ static struct kgdb_io kgdbdbgp_io_ops = {
82025 .write_char = kgdbdbgp_write_char,
82026 };
82027
82028 +static struct kgdb_io kgdbdbgp_io_ops_console = {
82029 + .name = "kgdbdbgp",
82030 + .read_char = kgdbdbgp_read_char,
82031 + .write_char = kgdbdbgp_write_char,
82032 + .is_console = 1
82033 +};
82034 +
82035 static int kgdbdbgp_wait_time;
82036
82037 static int __init kgdbdbgp_parse_config(char *str)
82038 @@ -1058,8 +1066,10 @@ static int __init kgdbdbgp_parse_config(char *str)
82039 ptr++;
82040 kgdbdbgp_wait_time = simple_strtoul(ptr, &ptr, 10);
82041 }
82042 - kgdb_register_io_module(&kgdbdbgp_io_ops);
82043 - kgdbdbgp_io_ops.is_console = early_dbgp_console.index != -1;
82044 + if (early_dbgp_console.index != -1)
82045 + kgdb_register_io_module(&kgdbdbgp_io_ops_console);
82046 + else
82047 + kgdb_register_io_module(&kgdbdbgp_io_ops);
82048
82049 return 0;
82050 }
82051 diff --git a/drivers/usb/gadget/function/f_phonet.c b/drivers/usb/gadget/function/f_phonet.c
82052 index 0473d61..5e9caa5 100644
82053 --- a/drivers/usb/gadget/function/f_phonet.c
82054 +++ b/drivers/usb/gadget/function/f_phonet.c
82055 @@ -223,7 +223,7 @@ static void pn_tx_complete(struct usb_ep *ep, struct usb_request *req)
82056 netif_wake_queue(dev);
82057 }
82058
82059 -static int pn_net_xmit(struct sk_buff *skb, struct net_device *dev)
82060 +static netdev_tx_t pn_net_xmit(struct sk_buff *skb, struct net_device *dev)
82061 {
82062 struct phonet_port *port = netdev_priv(dev);
82063 struct f_phonet *fp;
82064 diff --git a/drivers/usb/gadget/function/f_uac1.c b/drivers/usb/gadget/function/f_uac1.c
82065 index f2ac0cb..4038262 100644
82066 --- a/drivers/usb/gadget/function/f_uac1.c
82067 +++ b/drivers/usb/gadget/function/f_uac1.c
82068 @@ -14,6 +14,7 @@
82069 #include <linux/module.h>
82070 #include <linux/device.h>
82071 #include <linux/atomic.h>
82072 +#include <linux/module.h>
82073
82074 #include "u_uac1.h"
82075
82076 diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c
82077 index e0cd1e4..0a41c55 100644
82078 --- a/drivers/usb/gadget/function/u_serial.c
82079 +++ b/drivers/usb/gadget/function/u_serial.c
82080 @@ -752,9 +752,9 @@ static int gs_open(struct tty_struct *tty, struct file *file)
82081 spin_lock_irq(&port->port_lock);
82082
82083 /* already open? Great. */
82084 - if (port->port.count) {
82085 + if (atomic_read(&port->port.count)) {
82086 status = 0;
82087 - port->port.count++;
82088 + atomic_inc(&port->port.count);
82089
82090 /* currently opening/closing? wait ... */
82091 } else if (port->openclose) {
82092 @@ -813,7 +813,7 @@ static int gs_open(struct tty_struct *tty, struct file *file)
82093 tty->driver_data = port;
82094 port->port.tty = tty;
82095
82096 - port->port.count = 1;
82097 + atomic_set(&port->port.count, 1);
82098 port->openclose = false;
82099
82100 /* if connected, start the I/O stream */
82101 @@ -855,11 +855,11 @@ static void gs_close(struct tty_struct *tty, struct file *file)
82102
82103 spin_lock_irq(&port->port_lock);
82104
82105 - if (port->port.count != 1) {
82106 - if (port->port.count == 0)
82107 + if (atomic_read(&port->port.count) != 1) {
82108 + if (atomic_read(&port->port.count) == 0)
82109 WARN_ON(1);
82110 else
82111 - --port->port.count;
82112 + atomic_dec(&port->port.count);
82113 goto exit;
82114 }
82115
82116 @@ -869,7 +869,7 @@ static void gs_close(struct tty_struct *tty, struct file *file)
82117 * and sleep if necessary
82118 */
82119 port->openclose = true;
82120 - port->port.count = 0;
82121 + atomic_set(&port->port.count, 0);
82122
82123 gser = port->port_usb;
82124 if (gser && gser->disconnect)
82125 @@ -1324,7 +1324,7 @@ static int gs_closed(struct gs_port *port)
82126 int cond;
82127
82128 spin_lock_irq(&port->port_lock);
82129 - cond = (port->port.count == 0) && !port->openclose;
82130 + cond = (atomic_read(&port->port.count) == 0) && !port->openclose;
82131 spin_unlock_irq(&port->port_lock);
82132 return cond;
82133 }
82134 @@ -1469,7 +1469,7 @@ int gserial_connect(struct gserial *gser, u8 port_num)
82135 /* if it's already open, start I/O ... and notify the serial
82136 * protocol about open/close status (connect/disconnect).
82137 */
82138 - if (port->port.count) {
82139 + if (atomic_read(&port->port.count)) {
82140 pr_debug("gserial_connect: start ttyGS%d\n", port->port_num);
82141 gs_start_io(port);
82142 if (gser->connect)
82143 @@ -1516,7 +1516,7 @@ void gserial_disconnect(struct gserial *gser)
82144
82145 port->port_usb = NULL;
82146 gser->ioport = NULL;
82147 - if (port->port.count > 0 || port->openclose) {
82148 + if (atomic_read(&port->port.count) > 0 || port->openclose) {
82149 wake_up_interruptible(&port->drain_wait);
82150 if (port->port.tty)
82151 tty_hangup(port->port.tty);
82152 @@ -1529,7 +1529,7 @@ void gserial_disconnect(struct gserial *gser)
82153
82154 /* finally, free any unused/unusable I/O buffers */
82155 spin_lock_irqsave(&port->port_lock, flags);
82156 - if (port->port.count == 0 && !port->openclose)
82157 + if (atomic_read(&port->port.count) == 0 && !port->openclose)
82158 gs_buf_free(&port->port_write_buf);
82159 gs_free_requests(gser->out, &port->read_pool, NULL);
82160 gs_free_requests(gser->out, &port->read_queue, NULL);
82161 diff --git a/drivers/usb/gadget/function/u_uac1.c b/drivers/usb/gadget/function/u_uac1.c
82162 index c78c841..48fd281 100644
82163 --- a/drivers/usb/gadget/function/u_uac1.c
82164 +++ b/drivers/usb/gadget/function/u_uac1.c
82165 @@ -17,6 +17,7 @@
82166 #include <linux/ctype.h>
82167 #include <linux/random.h>
82168 #include <linux/syscalls.h>
82169 +#include <linux/module.h>
82170
82171 #include "u_uac1.h"
82172
82173 diff --git a/drivers/usb/gadget/udc/dummy_hcd.c b/drivers/usb/gadget/udc/dummy_hcd.c
82174 index 77d0790..d123802 100644
82175 --- a/drivers/usb/gadget/udc/dummy_hcd.c
82176 +++ b/drivers/usb/gadget/udc/dummy_hcd.c
82177 @@ -2458,7 +2458,7 @@ static int dummy_setup(struct usb_hcd *hcd)
82178 struct dummy *dum;
82179
82180 dum = *((void **)dev_get_platdata(hcd->self.controller));
82181 - hcd->self.sg_tablesize = ~0;
82182 + hcd->self.sg_tablesize = SG_ALL;
82183 if (usb_hcd_is_primary_hcd(hcd)) {
82184 dum->hs_hcd = hcd_to_dummy_hcd(hcd);
82185 dum->hs_hcd->dum = dum;
82186 diff --git a/drivers/usb/host/ehci-hcd.c b/drivers/usb/host/ehci-hcd.c
82187 index 1e5f529..5832376 100644
82188 --- a/drivers/usb/host/ehci-hcd.c
82189 +++ b/drivers/usb/host/ehci-hcd.c
82190 @@ -573,7 +573,7 @@ static int ehci_init(struct usb_hcd *hcd)
82191
82192 /* Accept arbitrarily long scatter-gather lists */
82193 if (!(hcd->driver->flags & HCD_LOCAL_MEM))
82194 - hcd->self.sg_tablesize = ~0;
82195 + hcd->self.sg_tablesize = SG_ALL;
82196
82197 /* Prepare for unlinking active QHs */
82198 ehci->old_current = ~0;
82199 diff --git a/drivers/usb/host/ehci-hub.c b/drivers/usb/host/ehci-hub.c
82200 index 74f62d6..459983a 100644
82201 --- a/drivers/usb/host/ehci-hub.c
82202 +++ b/drivers/usb/host/ehci-hub.c
82203 @@ -777,7 +777,7 @@ static struct urb *request_single_step_set_feature_urb(
82204 urb->transfer_flags = URB_DIR_IN;
82205 usb_get_urb(urb);
82206 atomic_inc(&urb->use_count);
82207 - atomic_inc(&urb->dev->urbnum);
82208 + atomic_inc_unchecked(&urb->dev->urbnum);
82209 urb->setup_dma = dma_map_single(
82210 hcd->self.controller,
82211 urb->setup_packet,
82212 @@ -844,7 +844,7 @@ static int ehset_single_step_set_feature(struct usb_hcd *hcd, int port)
82213 urb->status = -EINPROGRESS;
82214 usb_get_urb(urb);
82215 atomic_inc(&urb->use_count);
82216 - atomic_inc(&urb->dev->urbnum);
82217 + atomic_inc_unchecked(&urb->dev->urbnum);
82218 retval = submit_single_step_set_feature(hcd, urb, 0);
82219 if (!retval && !wait_for_completion_timeout(&done,
82220 msecs_to_jiffies(2000))) {
82221 diff --git a/drivers/usb/host/ehci-q.c b/drivers/usb/host/ehci-q.c
82222 index eca3710..eca7127 100644
82223 --- a/drivers/usb/host/ehci-q.c
82224 +++ b/drivers/usb/host/ehci-q.c
82225 @@ -44,9 +44,9 @@
82226
82227 static int
82228 qtd_fill(struct ehci_hcd *ehci, struct ehci_qtd *qtd, dma_addr_t buf,
82229 - size_t len, int token, int maxpacket)
82230 + size_t len, u32 token, int maxpacket)
82231 {
82232 - int i, count;
82233 + u32 i, count;
82234 u64 addr = buf;
82235
82236 /* one buffer entry per 4K ... first might be short or unaligned */
82237 diff --git a/drivers/usb/host/fotg210-hcd.c b/drivers/usb/host/fotg210-hcd.c
82238 index 66efa9a..50b719d 100644
82239 --- a/drivers/usb/host/fotg210-hcd.c
82240 +++ b/drivers/usb/host/fotg210-hcd.c
82241 @@ -5025,7 +5025,7 @@ static int hcd_fotg210_init(struct usb_hcd *hcd)
82242
82243 /* Accept arbitrarily long scatter-gather lists */
82244 if (!(hcd->driver->flags & HCD_LOCAL_MEM))
82245 - hcd->self.sg_tablesize = ~0;
82246 + hcd->self.sg_tablesize = SG_ALL;
82247 return 0;
82248 }
82249
82250 diff --git a/drivers/usb/host/hwa-hc.c b/drivers/usb/host/hwa-hc.c
82251 index 1db0626..2e9f5ea 100644
82252 --- a/drivers/usb/host/hwa-hc.c
82253 +++ b/drivers/usb/host/hwa-hc.c
82254 @@ -337,7 +337,10 @@ static int __hwahc_op_bwa_set(struct wusbhc *wusbhc, s8 stream_index,
82255 struct hwahc *hwahc = container_of(wusbhc, struct hwahc, wusbhc);
82256 struct wahc *wa = &hwahc->wa;
82257 struct device *dev = &wa->usb_iface->dev;
82258 - u8 mas_le[UWB_NUM_MAS/8];
82259 + u8 *mas_le = kmalloc(UWB_NUM_MAS/8, GFP_KERNEL);
82260 +
82261 + if (mas_le == NULL)
82262 + return -ENOMEM;
82263
82264 /* Set the stream index */
82265 result = usb_control_msg(wa->usb_dev, usb_sndctrlpipe(wa->usb_dev, 0),
82266 @@ -356,10 +359,12 @@ static int __hwahc_op_bwa_set(struct wusbhc *wusbhc, s8 stream_index,
82267 WUSB_REQ_SET_WUSB_MAS,
82268 USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
82269 0, wa->usb_iface->cur_altsetting->desc.bInterfaceNumber,
82270 - mas_le, 32, USB_CTRL_SET_TIMEOUT);
82271 + mas_le, UWB_NUM_MAS/8, USB_CTRL_SET_TIMEOUT);
82272 if (result < 0)
82273 dev_err(dev, "Cannot set WUSB MAS allocation: %d\n", result);
82274 out:
82275 + kfree(mas_le);
82276 +
82277 return result;
82278 }
82279
82280 @@ -812,7 +817,7 @@ static int hwahc_probe(struct usb_interface *usb_iface,
82281 goto error_alloc;
82282 }
82283 usb_hcd->wireless = 1;
82284 - usb_hcd->self.sg_tablesize = ~0;
82285 + usb_hcd->self.sg_tablesize = SG_ALL;
82286 wusbhc = usb_hcd_to_wusbhc(usb_hcd);
82287 hwahc = container_of(wusbhc, struct hwahc, wusbhc);
82288 hwahc_init(hwahc);
82289 diff --git a/drivers/usb/host/ohci-hcd.c b/drivers/usb/host/ohci-hcd.c
82290 index 1700908..3b49b2e 100644
82291 --- a/drivers/usb/host/ohci-hcd.c
82292 +++ b/drivers/usb/host/ohci-hcd.c
82293 @@ -444,7 +444,7 @@ static int ohci_init (struct ohci_hcd *ohci)
82294 struct usb_hcd *hcd = ohci_to_hcd(ohci);
82295
82296 /* Accept arbitrarily long scatter-gather lists */
82297 - hcd->self.sg_tablesize = ~0;
82298 + hcd->self.sg_tablesize = SG_ALL;
82299
82300 if (distrust_firmware)
82301 ohci->flags |= OHCI_QUIRK_HUB_POWER;
82302 diff --git a/drivers/usb/host/r8a66597.h b/drivers/usb/host/r8a66597.h
82303 index 672cea3..31a730db 100644
82304 --- a/drivers/usb/host/r8a66597.h
82305 +++ b/drivers/usb/host/r8a66597.h
82306 @@ -125,7 +125,7 @@ struct r8a66597 {
82307 unsigned short interval_map;
82308 unsigned char pipe_cnt[R8A66597_MAX_NUM_PIPE];
82309 unsigned char dma_map;
82310 - unsigned int max_root_hub;
82311 + unsigned char max_root_hub;
82312
82313 struct list_head child_device;
82314 unsigned long child_connect_map[4];
82315 diff --git a/drivers/usb/host/uhci-hcd.c b/drivers/usb/host/uhci-hcd.c
82316 index a7de8e8..e1ef134 100644
82317 --- a/drivers/usb/host/uhci-hcd.c
82318 +++ b/drivers/usb/host/uhci-hcd.c
82319 @@ -570,7 +570,7 @@ static int uhci_start(struct usb_hcd *hcd)
82320 hcd->uses_new_polling = 1;
82321 /* Accept arbitrarily long scatter-gather lists */
82322 if (!(hcd->driver->flags & HCD_LOCAL_MEM))
82323 - hcd->self.sg_tablesize = ~0;
82324 + hcd->self.sg_tablesize = SG_ALL;
82325
82326 spin_lock_init(&uhci->lock);
82327 setup_timer(&uhci->fsbr_timer, uhci_fsbr_timeout,
82328 diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c
82329 index d7b0f97..378d99d 100644
82330 --- a/drivers/usb/host/xhci-pci.c
82331 +++ b/drivers/usb/host/xhci-pci.c
82332 @@ -32,7 +32,7 @@
82333 #define SSIC_PORT_CFG2 0x880c
82334 #define SSIC_PORT_CFG2_OFFSET 0x30
82335 #define PROG_DONE (1 << 30)
82336 -#define SSIC_PORT_UNUSED (1 << 31)
82337 +#define SSIC_PORT_UNUSED (1U << 31)
82338
82339 /* Device for a quirk */
82340 #define PCI_VENDOR_ID_FRESCO_LOGIC 0x1b73
82341 diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
82342 index 797137e..b7be2b3 100644
82343 --- a/drivers/usb/host/xhci-ring.c
82344 +++ b/drivers/usb/host/xhci-ring.c
82345 @@ -1889,9 +1889,9 @@ td_cleanup:
82346 * unsigned). Play it safe and say we didn't transfer anything.
82347 */
82348 if (urb->actual_length > urb->transfer_buffer_length) {
82349 - xhci_warn(xhci, "URB transfer length is wrong, xHC issue? req. len = %u, act. len = %u\n",
82350 + xhci_warn(xhci, "URB transfer length is wrong, xHC issue? req. len = %u, trans. len = %u\n",
82351 urb->transfer_buffer_length,
82352 - urb->actual_length);
82353 + EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)));
82354 urb->actual_length = 0;
82355 if (td->urb->transfer_flags & URB_SHORT_NOT_OK)
82356 *status = -EREMOTEIO;
82357 @@ -1970,10 +1970,15 @@ static int process_ctrl_td(struct xhci_hcd *xhci, struct xhci_td *td,
82358 return finish_td(xhci, td, event_trb, event, ep, status, false);
82359 case COMP_STOP:
82360 /* Did we stop at data stage? */
82361 - if (event_trb != ep_ring->dequeue && event_trb != td->last_trb)
82362 - td->urb->actual_length =
82363 - td->urb->transfer_buffer_length -
82364 - EVENT_TRB_LEN(le32_to_cpu(event->transfer_len));
82365 + if (event_trb != ep_ring->dequeue && event_trb != td->last_trb) {
82366 + if (td->urb->transfer_buffer_length >= EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)))
82367 + td->urb->actual_length =
82368 + td->urb->transfer_buffer_length -
82369 + EVENT_TRB_LEN(le32_to_cpu(event->transfer_len));
82370 + else
82371 + td->urb->actual_length =
82372 + td->urb->transfer_buffer_length + 1;
82373 + }
82374 /* fall through */
82375 case COMP_STOP_INVAL:
82376 return finish_td(xhci, td, event_trb, event, ep, status, false);
82377 @@ -1987,12 +1992,15 @@ static int process_ctrl_td(struct xhci_hcd *xhci, struct xhci_td *td,
82378 /* else fall through */
82379 case COMP_STALL:
82380 /* Did we transfer part of the data (middle) phase? */
82381 - if (event_trb != ep_ring->dequeue &&
82382 - event_trb != td->last_trb)
82383 - td->urb->actual_length =
82384 - td->urb->transfer_buffer_length -
82385 - EVENT_TRB_LEN(le32_to_cpu(event->transfer_len));
82386 - else if (!td->urb_length_set)
82387 + if (event_trb != ep_ring->dequeue && event_trb != td->last_trb) {
82388 + if (td->urb->transfer_buffer_length >= EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)))
82389 + td->urb->actual_length =
82390 + td->urb->transfer_buffer_length -
82391 + EVENT_TRB_LEN(le32_to_cpu(event->transfer_len));
82392 + else
82393 + td->urb->actual_length =
82394 + td->urb->transfer_buffer_length + 1;
82395 + } else if (!td->urb_length_set)
82396 td->urb->actual_length = 0;
82397
82398 return finish_td(xhci, td, event_trb, event, ep, status, false);
82399 @@ -2025,9 +2033,12 @@ static int process_ctrl_td(struct xhci_hcd *xhci, struct xhci_td *td,
82400 * the last TRB.
82401 */
82402 td->urb_length_set = true;
82403 - td->urb->actual_length =
82404 - td->urb->transfer_buffer_length -
82405 - EVENT_TRB_LEN(le32_to_cpu(event->transfer_len));
82406 + if (td->urb->transfer_buffer_length >= EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)))
82407 + td->urb->actual_length =
82408 + td->urb->transfer_buffer_length -
82409 + EVENT_TRB_LEN(le32_to_cpu(event->transfer_len));
82410 + else
82411 + BUG();
82412 xhci_dbg(xhci, "Waiting for status "
82413 "stage event\n");
82414 return 0;
82415 @@ -2222,11 +2233,7 @@ static int process_bulk_intr_td(struct xhci_hcd *xhci, struct xhci_td *td,
82416 /* Fast path - was this the last TRB in the TD for this URB? */
82417 } else if (event_trb == td->last_trb) {
82418 if (EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)) != 0) {
82419 - td->urb->actual_length =
82420 - td->urb->transfer_buffer_length -
82421 - EVENT_TRB_LEN(le32_to_cpu(event->transfer_len));
82422 - if (td->urb->transfer_buffer_length <
82423 - td->urb->actual_length) {
82424 + if (td->urb->transfer_buffer_length < EVENT_TRB_LEN(le32_to_cpu(event->transfer_len))) {
82425 xhci_warn(xhci, "HC gave bad length "
82426 "of %d bytes left\n",
82427 EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)));
82428 @@ -2235,7 +2242,10 @@ static int process_bulk_intr_td(struct xhci_hcd *xhci, struct xhci_td *td,
82429 *status = -EREMOTEIO;
82430 else
82431 *status = 0;
82432 - }
82433 + } else
82434 + td->urb->actual_length =
82435 + td->urb->transfer_buffer_length -
82436 + EVENT_TRB_LEN(le32_to_cpu(event->transfer_len));
82437 /* Don't overwrite a previously set error code */
82438 if (*status == -EINPROGRESS) {
82439 if (td->urb->transfer_flags & URB_SHORT_NOT_OK)
82440 diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
82441 index 01d96c9..63270ff 100644
82442 --- a/drivers/usb/host/xhci.c
82443 +++ b/drivers/usb/host/xhci.c
82444 @@ -4838,7 +4838,7 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks)
82445 int retval;
82446
82447 /* Accept arbitrarily long scatter-gather lists */
82448 - hcd->self.sg_tablesize = ~0;
82449 + hcd->self.sg_tablesize = SG_ALL;
82450
82451 /* support to build packet from discontinuous buffers */
82452 hcd->self.no_sg_constraint = 1;
82453 diff --git a/drivers/usb/misc/appledisplay.c b/drivers/usb/misc/appledisplay.c
82454 index a0a3827..d7ec10b 100644
82455 --- a/drivers/usb/misc/appledisplay.c
82456 +++ b/drivers/usb/misc/appledisplay.c
82457 @@ -84,7 +84,7 @@ struct appledisplay {
82458 struct mutex sysfslock; /* concurrent read and write */
82459 };
82460
82461 -static atomic_t count_displays = ATOMIC_INIT(0);
82462 +static atomic_unchecked_t count_displays = ATOMIC_INIT(0);
82463 static struct workqueue_struct *wq;
82464
82465 static void appledisplay_complete(struct urb *urb)
82466 @@ -288,7 +288,7 @@ static int appledisplay_probe(struct usb_interface *iface,
82467
82468 /* Register backlight device */
82469 snprintf(bl_name, sizeof(bl_name), "appledisplay%d",
82470 - atomic_inc_return(&count_displays) - 1);
82471 + atomic_inc_return_unchecked(&count_displays) - 1);
82472 memset(&props, 0, sizeof(struct backlight_properties));
82473 props.type = BACKLIGHT_RAW;
82474 props.max_brightness = 0xff;
82475 diff --git a/drivers/usb/misc/sisusbvga/sisusb_con.c b/drivers/usb/misc/sisusbvga/sisusb_con.c
82476 index 460cebf..eb16bb4 100644
82477 --- a/drivers/usb/misc/sisusbvga/sisusb_con.c
82478 +++ b/drivers/usb/misc/sisusbvga/sisusb_con.c
82479 @@ -1368,29 +1368,77 @@ static void sisusbdummycon_init(struct vc_data *vc, int init)
82480 vc_resize(vc, 80, 25);
82481 }
82482
82483 -static int sisusbdummycon_dummy(void)
82484 +static void sisusb_con_deinit(struct vc_data *a)
82485 {
82486 - return 0;
82487 }
82488
82489 -#define SISUSBCONDUMMY (void *)sisusbdummycon_dummy
82490 +static void sisusb_con_clear(struct vc_data *a, int b, int c, int d, int e)
82491 +{
82492 +}
82493 +
82494 +static void sisusb_con_putc(struct vc_data *a, int b, int c, int d)
82495 +{
82496 +}
82497 +
82498 +static void sisusb_con_putcs(struct vc_data *a, const unsigned short *b, int c, int d, int e)
82499 +{
82500 +}
82501 +
82502 +static void sisusb_con_cursor(struct vc_data *a, int b)
82503 +{
82504 +}
82505 +
82506 +static int sisusb_con_scroll(struct vc_data *a, int b, int c, int d, int e)
82507 +{
82508 + return 0;
82509 +}
82510 +
82511 +static int sisusb_con_switch(struct vc_data *a)
82512 +{
82513 + return 0;
82514 +}
82515 +
82516 +static int sisusb_con_blank(struct vc_data *a, int b, int c)
82517 +{
82518 + return 0;
82519 +}
82520 +
82521 +static int sisusb_con_font_set(struct vc_data *a, struct console_font *b, unsigned c)
82522 +{
82523 + return 0;
82524 +}
82525 +
82526 +static int sisusb_con_font_get(struct vc_data *a, struct console_font *b)
82527 +{
82528 + return 0;
82529 +}
82530 +
82531 +static int sisusb_con_font_default(struct vc_data *a, struct console_font *b, char *c)
82532 +{
82533 + return 0;
82534 +}
82535 +
82536 +static int sisusb_con_font_copy(struct vc_data *a, int b)
82537 +{
82538 + return 0;
82539 +}
82540
82541 static const struct consw sisusb_dummy_con = {
82542 .owner = THIS_MODULE,
82543 .con_startup = sisusbdummycon_startup,
82544 .con_init = sisusbdummycon_init,
82545 - .con_deinit = SISUSBCONDUMMY,
82546 - .con_clear = SISUSBCONDUMMY,
82547 - .con_putc = SISUSBCONDUMMY,
82548 - .con_putcs = SISUSBCONDUMMY,
82549 - .con_cursor = SISUSBCONDUMMY,
82550 - .con_scroll = SISUSBCONDUMMY,
82551 - .con_switch = SISUSBCONDUMMY,
82552 - .con_blank = SISUSBCONDUMMY,
82553 - .con_font_set = SISUSBCONDUMMY,
82554 - .con_font_get = SISUSBCONDUMMY,
82555 - .con_font_default = SISUSBCONDUMMY,
82556 - .con_font_copy = SISUSBCONDUMMY,
82557 + .con_deinit = sisusb_con_deinit,
82558 + .con_clear = sisusb_con_clear,
82559 + .con_putc = sisusb_con_putc,
82560 + .con_putcs = sisusb_con_putcs,
82561 + .con_cursor = sisusb_con_cursor,
82562 + .con_scroll = sisusb_con_scroll,
82563 + .con_switch = sisusb_con_switch,
82564 + .con_blank = sisusb_con_blank,
82565 + .con_font_set = sisusb_con_font_set,
82566 + .con_font_get = sisusb_con_font_get,
82567 + .con_font_default = sisusb_con_font_default,
82568 + .con_font_copy = sisusb_con_font_copy,
82569 };
82570
82571 int
82572 diff --git a/drivers/usb/serial/console.c b/drivers/usb/serial/console.c
82573 index 8967715..4a3791b 100644
82574 --- a/drivers/usb/serial/console.c
82575 +++ b/drivers/usb/serial/console.c
82576 @@ -126,7 +126,7 @@ static int usb_console_setup(struct console *co, char *options)
82577
82578 info->port = port;
82579
82580 - ++port->port.count;
82581 + atomic_inc(&port->port.count);
82582 if (!tty_port_initialized(&port->port)) {
82583 if (serial->type->set_termios) {
82584 /*
82585 @@ -172,7 +172,7 @@ static int usb_console_setup(struct console *co, char *options)
82586 }
82587 /* Now that any required fake tty operations are completed restore
82588 * the tty port count */
82589 - --port->port.count;
82590 + atomic_dec(&port->port.count);
82591 /* The console is special in terms of closing the device so
82592 * indicate this port is now acting as a system console. */
82593 port->port.console = 1;
82594 @@ -184,7 +184,7 @@ static int usb_console_setup(struct console *co, char *options)
82595 tty_port_tty_set(&port->port, NULL);
82596 tty_kref_put(tty);
82597 reset_open_count:
82598 - port->port.count = 0;
82599 + atomic_set(&port->port.count, 0);
82600 usb_autopm_put_interface(serial->interface);
82601 error_get_interface:
82602 usb_serial_put(serial);
82603 @@ -195,7 +195,7 @@ static int usb_console_setup(struct console *co, char *options)
82604 static void usb_console_write(struct console *co,
82605 const char *buf, unsigned count)
82606 {
82607 - static struct usbcons_info *info = &usbcons_info;
82608 + struct usbcons_info *info = &usbcons_info;
82609 struct usb_serial_port *port = info->port;
82610 struct usb_serial *serial;
82611 int retval = -ENODEV;
82612 diff --git a/drivers/usb/storage/transport.c b/drivers/usb/storage/transport.c
82613 index ffd0867..eb28464 100644
82614 --- a/drivers/usb/storage/transport.c
82615 +++ b/drivers/usb/storage/transport.c
82616 @@ -709,7 +709,7 @@ void usb_stor_invoke_transport(struct scsi_cmnd *srb, struct us_data *us)
82617 if (need_auto_sense) {
82618 int temp_result;
82619 struct scsi_eh_save ses;
82620 - int sense_size = US_SENSE_SIZE;
82621 + unsigned int sense_size = US_SENSE_SIZE;
82622 struct scsi_sense_hdr sshdr;
82623 const u8 *scdd;
82624 u8 fm_ili;
82625 diff --git a/drivers/usb/storage/usb.c b/drivers/usb/storage/usb.c
82626 index 8c5f011..05e59a2 100644
82627 --- a/drivers/usb/storage/usb.c
82628 +++ b/drivers/usb/storage/usb.c
82629 @@ -942,7 +942,7 @@ static void usb_stor_scan_dwork(struct work_struct *work)
82630 clear_bit(US_FLIDX_SCAN_PENDING, &us->dflags);
82631 }
82632
82633 -static unsigned int usb_stor_sg_tablesize(struct usb_interface *intf)
82634 +static unsigned short usb_stor_sg_tablesize(struct usb_interface *intf)
82635 {
82636 struct usb_device *usb_dev = interface_to_usbdev(intf);
82637
82638 diff --git a/drivers/usb/storage/usb.h b/drivers/usb/storage/usb.h
82639 index 8fae28b..8b4bfec 100644
82640 --- a/drivers/usb/storage/usb.h
82641 +++ b/drivers/usb/storage/usb.h
82642 @@ -64,7 +64,7 @@ struct us_unusual_dev {
82643 __u8 useProtocol;
82644 __u8 useTransport;
82645 int (*initFunction)(struct us_data *);
82646 -};
82647 +} __do_const;
82648
82649
82650 /* Dynamic bitflag definitions (us->dflags): used in set_bit() etc. */
82651 diff --git a/drivers/usb/usbip/vhci.h b/drivers/usb/usbip/vhci.h
82652 index a863a98..d272795 100644
82653 --- a/drivers/usb/usbip/vhci.h
82654 +++ b/drivers/usb/usbip/vhci.h
82655 @@ -83,7 +83,7 @@ struct vhci_hcd {
82656 unsigned resuming:1;
82657 unsigned long re_timeout;
82658
82659 - atomic_t seqnum;
82660 + atomic_unchecked_t seqnum;
82661
82662 /*
82663 * NOTE:
82664 diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c
82665 index 2e0450b..6ebf0f6 100644
82666 --- a/drivers/usb/usbip/vhci_hcd.c
82667 +++ b/drivers/usb/usbip/vhci_hcd.c
82668 @@ -447,7 +447,7 @@ static void vhci_tx_urb(struct urb *urb)
82669
82670 spin_lock_irqsave(&vdev->priv_lock, flags);
82671
82672 - priv->seqnum = atomic_inc_return(&the_controller->seqnum);
82673 + priv->seqnum = atomic_inc_return_unchecked(&the_controller->seqnum);
82674 if (priv->seqnum == 0xffff)
82675 dev_info(&urb->dev->dev, "seqnum max\n");
82676
82677 @@ -696,7 +696,7 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status)
82678 return -ENOMEM;
82679 }
82680
82681 - unlink->seqnum = atomic_inc_return(&the_controller->seqnum);
82682 + unlink->seqnum = atomic_inc_return_unchecked(&the_controller->seqnum);
82683 if (unlink->seqnum == 0xffff)
82684 pr_info("seqnum max\n");
82685
82686 @@ -904,7 +904,7 @@ static int vhci_start(struct usb_hcd *hcd)
82687 vdev->rhport = rhport;
82688 }
82689
82690 - atomic_set(&vhci->seqnum, 0);
82691 + atomic_set_unchecked(&vhci->seqnum, 0);
82692 spin_lock_init(&vhci->lock);
82693
82694 hcd->power_budget = 0; /* no limit */
82695 diff --git a/drivers/usb/usbip/vhci_rx.c b/drivers/usb/usbip/vhci_rx.c
82696 index d656e0e..466853e 100644
82697 --- a/drivers/usb/usbip/vhci_rx.c
82698 +++ b/drivers/usb/usbip/vhci_rx.c
82699 @@ -81,7 +81,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev,
82700 if (!urb) {
82701 pr_err("cannot find a urb of seqnum %u\n", pdu->base.seqnum);
82702 pr_info("max seqnum %d\n",
82703 - atomic_read(&the_controller->seqnum));
82704 + atomic_read_unchecked(&the_controller->seqnum));
82705 usbip_event_add(ud, VDEV_EVENT_ERROR_TCP);
82706 return;
82707 }
82708 diff --git a/drivers/usb/usbip/vhci_sysfs.c b/drivers/usb/usbip/vhci_sysfs.c
82709 index 5b5462e..fac23a0 100644
82710 --- a/drivers/usb/usbip/vhci_sysfs.c
82711 +++ b/drivers/usb/usbip/vhci_sysfs.c
82712 @@ -60,7 +60,7 @@ static ssize_t status_show(struct device *dev, struct device_attribute *attr,
82713 if (vdev->ud.status == VDEV_ST_USED) {
82714 out += sprintf(out, "%03u %08x ",
82715 vdev->speed, vdev->devid);
82716 - out += sprintf(out, "%16p ", vdev->ud.tcp_socket);
82717 + out += sprintf(out, "%16pK ", vdev->ud.tcp_socket);
82718 out += sprintf(out, "%s", dev_name(&vdev->udev->dev));
82719
82720 } else {
82721 diff --git a/drivers/usb/usbip/vudc_rx.c b/drivers/usb/usbip/vudc_rx.c
82722 index e429b59..e0840c6 100644
82723 --- a/drivers/usb/usbip/vudc_rx.c
82724 +++ b/drivers/usb/usbip/vudc_rx.c
82725 @@ -142,7 +142,7 @@ static int v_recv_cmd_submit(struct vudc *udc,
82726 urb_p->urb->status = -EINPROGRESS;
82727
82728 /* FIXME: more pipe setup to please usbip_common */
82729 - urb_p->urb->pipe &= ~(3 << 30);
82730 + urb_p->urb->pipe &= ~(3U << 30);
82731 switch (urb_p->ep->type) {
82732 case USB_ENDPOINT_XFER_BULK:
82733 urb_p->urb->pipe |= (PIPE_BULK << 30);
82734 diff --git a/drivers/usb/wusbcore/wa-hc.h b/drivers/usb/wusbcore/wa-hc.h
82735 index edc7267..9f65ce2 100644
82736 --- a/drivers/usb/wusbcore/wa-hc.h
82737 +++ b/drivers/usb/wusbcore/wa-hc.h
82738 @@ -240,7 +240,7 @@ struct wahc {
82739 spinlock_t xfer_list_lock;
82740 struct work_struct xfer_enqueue_work;
82741 struct work_struct xfer_error_work;
82742 - atomic_t xfer_id_count;
82743 + atomic_unchecked_t xfer_id_count;
82744
82745 kernel_ulong_t quirks;
82746 };
82747 @@ -305,7 +305,7 @@ static inline void wa_init(struct wahc *wa)
82748 INIT_WORK(&wa->xfer_enqueue_work, wa_urb_enqueue_run);
82749 INIT_WORK(&wa->xfer_error_work, wa_process_errored_transfers_run);
82750 wa->dto_in_use = 0;
82751 - atomic_set(&wa->xfer_id_count, 1);
82752 + atomic_set_unchecked(&wa->xfer_id_count, 1);
82753 /* init the buf in URBs */
82754 for (index = 0; index < WA_MAX_BUF_IN_URBS; ++index)
82755 usb_init_urb(&(wa->buf_in_urbs[index]));
82756 diff --git a/drivers/usb/wusbcore/wa-xfer.c b/drivers/usb/wusbcore/wa-xfer.c
82757 index 69af4fd..da390d7 100644
82758 --- a/drivers/usb/wusbcore/wa-xfer.c
82759 +++ b/drivers/usb/wusbcore/wa-xfer.c
82760 @@ -314,7 +314,7 @@ static void wa_xfer_completion(struct wa_xfer *xfer)
82761 */
82762 static void wa_xfer_id_init(struct wa_xfer *xfer)
82763 {
82764 - xfer->id = atomic_add_return(1, &xfer->wa->xfer_id_count);
82765 + xfer->id = atomic_add_return_unchecked(1, &xfer->wa->xfer_id_count);
82766 }
82767
82768 /* Return the xfer's ID. */
82769 diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c
82770 index d624a52..7017191 100644
82771 --- a/drivers/vfio/pci/vfio_pci.c
82772 +++ b/drivers/vfio/pci/vfio_pci.c
82773 @@ -1283,7 +1283,7 @@ static void vfio_pci_remove(struct pci_dev *pdev)
82774 }
82775
82776 static pci_ers_result_t vfio_pci_aer_err_detected(struct pci_dev *pdev,
82777 - pci_channel_state_t state)
82778 + enum pci_channel_state state)
82779 {
82780 struct vfio_pci_device *vdev;
82781 struct vfio_device *device;
82782 diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
82783 index 3bb02c6..a01ff38 100644
82784 --- a/drivers/vhost/vringh.c
82785 +++ b/drivers/vhost/vringh.c
82786 @@ -551,7 +551,7 @@ static inline void __vringh_notify_disable(struct vringh *vrh,
82787 static inline int getu16_user(const struct vringh *vrh, u16 *val, const __virtio16 *p)
82788 {
82789 __virtio16 v = 0;
82790 - int rc = get_user(v, (__force __virtio16 __user *)p);
82791 + int rc = get_user(v, (__force_user __virtio16 *)p);
82792 *val = vringh16_to_cpu(vrh, v);
82793 return rc;
82794 }
82795 @@ -559,12 +559,12 @@ static inline int getu16_user(const struct vringh *vrh, u16 *val, const __virtio
82796 static inline int putu16_user(const struct vringh *vrh, __virtio16 *p, u16 val)
82797 {
82798 __virtio16 v = cpu_to_vringh16(vrh, val);
82799 - return put_user(v, (__force __virtio16 __user *)p);
82800 + return put_user(v, (__force_user __virtio16 *)p);
82801 }
82802
82803 static inline int copydesc_user(void *dst, const void *src, size_t len)
82804 {
82805 - return copy_from_user(dst, (__force void __user *)src, len) ?
82806 + return copy_from_user(dst, (void __force_user *)src, len) ?
82807 -EFAULT : 0;
82808 }
82809
82810 @@ -572,19 +572,19 @@ static inline int putused_user(struct vring_used_elem *dst,
82811 const struct vring_used_elem *src,
82812 unsigned int num)
82813 {
82814 - return copy_to_user((__force void __user *)dst, src,
82815 + return copy_to_user((void __force_user *)dst, src,
82816 sizeof(*dst) * num) ? -EFAULT : 0;
82817 }
82818
82819 static inline int xfer_from_user(void *src, void *dst, size_t len)
82820 {
82821 - return copy_from_user(dst, (__force void __user *)src, len) ?
82822 + return copy_from_user(dst, (void __force_user *)src, len) ?
82823 -EFAULT : 0;
82824 }
82825
82826 static inline int xfer_to_user(void *dst, void *src, size_t len)
82827 {
82828 - return copy_to_user((__force void __user *)dst, src, len) ?
82829 + return copy_to_user((void __force_user *)dst, src, len) ?
82830 -EFAULT : 0;
82831 }
82832
82833 @@ -621,9 +621,9 @@ int vringh_init_user(struct vringh *vrh, u64 features,
82834 vrh->last_used_idx = 0;
82835 vrh->vring.num = num;
82836 /* vring expects kernel addresses, but only used via accessors. */
82837 - vrh->vring.desc = (__force struct vring_desc *)desc;
82838 - vrh->vring.avail = (__force struct vring_avail *)avail;
82839 - vrh->vring.used = (__force struct vring_used *)used;
82840 + vrh->vring.desc = (__force_kernel struct vring_desc *)desc;
82841 + vrh->vring.avail = (__force_kernel struct vring_avail *)avail;
82842 + vrh->vring.used = (__force_kernel struct vring_used *)used;
82843 return 0;
82844 }
82845 EXPORT_SYMBOL(vringh_init_user);
82846 @@ -826,7 +826,7 @@ static inline int getu16_kern(const struct vringh *vrh,
82847
82848 static inline int putu16_kern(const struct vringh *vrh, __virtio16 *p, u16 val)
82849 {
82850 - ACCESS_ONCE(*p) = cpu_to_vringh16(vrh, val);
82851 + ACCESS_ONCE_RW(*p) = cpu_to_vringh16(vrh, val);
82852 return 0;
82853 }
82854
82855 diff --git a/drivers/video/backlight/kb3886_bl.c b/drivers/video/backlight/kb3886_bl.c
82856 index 84a110a..96312c3 100644
82857 --- a/drivers/video/backlight/kb3886_bl.c
82858 +++ b/drivers/video/backlight/kb3886_bl.c
82859 @@ -78,7 +78,7 @@ static struct kb3886bl_machinfo *bl_machinfo;
82860 static unsigned long kb3886bl_flags;
82861 #define KB3886BL_SUSPENDED 0x01
82862
82863 -static struct dmi_system_id kb3886bl_device_table[] __initdata = {
82864 +static const struct dmi_system_id kb3886bl_device_table[] __initconst = {
82865 {
82866 .ident = "Sahara Touch-iT",
82867 .matches = {
82868 diff --git a/drivers/video/console/dummycon.c b/drivers/video/console/dummycon.c
82869 index 9269d56..78d2a06 100644
82870 --- a/drivers/video/console/dummycon.c
82871 +++ b/drivers/video/console/dummycon.c
82872 @@ -41,12 +41,60 @@ static void dummycon_init(struct vc_data *vc, int init)
82873 vc_resize(vc, DUMMY_COLUMNS, DUMMY_ROWS);
82874 }
82875
82876 -static int dummycon_dummy(void)
82877 +static void dummycon_deinit(struct vc_data *a)
82878 +{
82879 +}
82880 +
82881 +static void dummycon_clear(struct vc_data *a, int b, int c, int d, int e)
82882 +{
82883 +}
82884 +
82885 +static void dummycon_putc(struct vc_data *a, int b, int c, int d)
82886 +{
82887 +}
82888 +
82889 +static void dummycon_putcs(struct vc_data *a, const unsigned short *b, int c, int d, int e)
82890 +{
82891 +}
82892 +
82893 +static void dummycon_cursor(struct vc_data *a, int b)
82894 +{
82895 +}
82896 +
82897 +static int dummycon_scroll(struct vc_data *a, int b, int c, int d, int e)
82898 +{
82899 + return 0;
82900 +}
82901 +
82902 +static int dummycon_switch(struct vc_data *a)
82903 {
82904 return 0;
82905 }
82906
82907 -#define DUMMY (void *)dummycon_dummy
82908 +static int dummycon_blank(struct vc_data *a, int b, int c)
82909 +{
82910 + return 0;
82911 +}
82912 +
82913 +static int dummycon_font_set(struct vc_data *a, struct console_font *b, unsigned c)
82914 +{
82915 + return 0;
82916 +}
82917 +
82918 +static int dummycon_font_get(struct vc_data *a, struct console_font *b)
82919 +{
82920 + return 0;
82921 +}
82922 +
82923 +static int dummycon_font_default(struct vc_data *a, struct console_font *b , char *c)
82924 +{
82925 + return 0;
82926 +}
82927 +
82928 +static int dummycon_font_copy(struct vc_data *a, int b)
82929 +{
82930 + return 0;
82931 +}
82932
82933 /*
82934 * The console `switch' structure for the dummy console
82935 @@ -58,17 +106,17 @@ const struct consw dummy_con = {
82936 .owner = THIS_MODULE,
82937 .con_startup = dummycon_startup,
82938 .con_init = dummycon_init,
82939 - .con_deinit = DUMMY,
82940 - .con_clear = DUMMY,
82941 - .con_putc = DUMMY,
82942 - .con_putcs = DUMMY,
82943 - .con_cursor = DUMMY,
82944 - .con_scroll = DUMMY,
82945 - .con_switch = DUMMY,
82946 - .con_blank = DUMMY,
82947 - .con_font_set = DUMMY,
82948 - .con_font_get = DUMMY,
82949 - .con_font_default = DUMMY,
82950 - .con_font_copy = DUMMY,
82951 + .con_deinit = dummycon_deinit,
82952 + .con_clear = dummycon_clear,
82953 + .con_putc = dummycon_putc,
82954 + .con_putcs = dummycon_putcs,
82955 + .con_cursor = dummycon_cursor,
82956 + .con_scroll = dummycon_scroll,
82957 + .con_switch = dummycon_switch,
82958 + .con_blank = dummycon_blank,
82959 + .con_font_set = dummycon_font_set,
82960 + .con_font_get = dummycon_font_get,
82961 + .con_font_default = dummycon_font_default,
82962 + .con_font_copy = dummycon_font_copy,
82963 };
82964 EXPORT_SYMBOL_GPL(dummy_con);
82965 diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c
82966 index b87f5cf..6aad4f8 100644
82967 --- a/drivers/video/console/fbcon.c
82968 +++ b/drivers/video/console/fbcon.c
82969 @@ -106,7 +106,7 @@ static int fbcon_softback_size = 32768;
82970 static unsigned long softback_buf, softback_curr;
82971 static unsigned long softback_in;
82972 static unsigned long softback_top, softback_end;
82973 -static int softback_lines;
82974 +static long softback_lines;
82975 /* console mappings */
82976 static int first_fb_vc;
82977 static int last_fb_vc = MAX_NR_CONSOLES - 1;
82978 diff --git a/drivers/video/console/vgacon.c b/drivers/video/console/vgacon.c
82979 index 1157661..453a373 100644
82980 --- a/drivers/video/console/vgacon.c
82981 +++ b/drivers/video/console/vgacon.c
82982 @@ -1404,21 +1404,26 @@ static int vgacon_scroll(struct vc_data *c, int t, int b, int dir,
82983 * The console `switch' structure for the VGA based console
82984 */
82985
82986 -static int vgacon_dummy(struct vc_data *c)
82987 +static void vgacon_clear(struct vc_data *vc, int a, int b, int c, int d)
82988 {
82989 - return 0;
82990 }
82991
82992 -#define DUMMY (void *) vgacon_dummy
82993 +static void vgacon_putc(struct vc_data *vc, int a, int b, int c)
82994 +{
82995 +}
82996 +
82997 +static void vgacon_putcs(struct vc_data *vc, const unsigned short *a, int b, int c, int d)
82998 +{
82999 +}
83000
83001 const struct consw vga_con = {
83002 .owner = THIS_MODULE,
83003 .con_startup = vgacon_startup,
83004 .con_init = vgacon_init,
83005 .con_deinit = vgacon_deinit,
83006 - .con_clear = DUMMY,
83007 - .con_putc = DUMMY,
83008 - .con_putcs = DUMMY,
83009 + .con_clear = vgacon_clear,
83010 + .con_putc = vgacon_putc,
83011 + .con_putcs = vgacon_putcs,
83012 .con_cursor = vgacon_cursor,
83013 .con_scroll = vgacon_scroll,
83014 .con_switch = vgacon_switch,
83015 diff --git a/drivers/video/fbdev/arcfb.c b/drivers/video/fbdev/arcfb.c
83016 index 1b0b233..6f34c2c 100644
83017 --- a/drivers/video/fbdev/arcfb.c
83018 +++ b/drivers/video/fbdev/arcfb.c
83019 @@ -458,7 +458,7 @@ static ssize_t arcfb_write(struct fb_info *info, const char __user *buf,
83020 return -ENOSPC;
83021
83022 err = 0;
83023 - if ((count + p) > fbmemlength) {
83024 + if (count > (fbmemlength - p)) {
83025 count = fbmemlength - p;
83026 err = -ENOSPC;
83027 }
83028 diff --git a/drivers/video/fbdev/aty/aty128fb.c b/drivers/video/fbdev/aty/aty128fb.c
83029 index 0a46268..e55dcb5 100644
83030 --- a/drivers/video/fbdev/aty/aty128fb.c
83031 +++ b/drivers/video/fbdev/aty/aty128fb.c
83032 @@ -144,7 +144,7 @@ enum {
83033 };
83034
83035 /* Must match above enum */
83036 -static char * const r128_family[] = {
83037 +static const char * const r128_family[] = {
83038 "AGP",
83039 "PCI",
83040 "PRO AGP",
83041 diff --git a/drivers/video/fbdev/aty/atyfb_base.c b/drivers/video/fbdev/aty/atyfb_base.c
83042 index f34ed47f..7283c9f 100644
83043 --- a/drivers/video/fbdev/aty/atyfb_base.c
83044 +++ b/drivers/video/fbdev/aty/atyfb_base.c
83045 @@ -1335,10 +1335,14 @@ static int atyfb_set_par(struct fb_info *info)
83046 par->accel_flags = var->accel_flags; /* hack */
83047
83048 if (var->accel_flags) {
83049 - info->fbops->fb_sync = atyfb_sync;
83050 + pax_open_kernel();
83051 + const_cast(info->fbops->fb_sync) = atyfb_sync;
83052 + pax_close_kernel();
83053 info->flags &= ~FBINFO_HWACCEL_DISABLED;
83054 } else {
83055 - info->fbops->fb_sync = NULL;
83056 + pax_open_kernel();
83057 + const_cast(info->fbops->fb_sync) = NULL;
83058 + pax_close_kernel();
83059 info->flags |= FBINFO_HWACCEL_DISABLED;
83060 }
83061
83062 diff --git a/drivers/video/fbdev/aty/mach64_ct.c b/drivers/video/fbdev/aty/mach64_ct.c
83063 index 51f29d6..2c15339 100644
83064 --- a/drivers/video/fbdev/aty/mach64_ct.c
83065 +++ b/drivers/video/fbdev/aty/mach64_ct.c
83066 @@ -630,13 +630,14 @@ static void aty_resume_pll_ct(const struct fb_info *info,
83067 aty_st_pll_ct(EXT_VPLL_CNTL, pll->ct.ext_vpll_cntl, par);
83068 }
83069
83070 -static int dummy(void)
83071 +static int aty_set_dac(const struct fb_info * info,
83072 + const union aty_pll * pll, u32 bpp, u32 accel)
83073 {
83074 return 0;
83075 }
83076
83077 const struct aty_dac_ops aty_dac_ct = {
83078 - .set_dac = (void *) dummy,
83079 + .set_dac = aty_set_dac
83080 };
83081
83082 const struct aty_pll_ops aty_pll_ct = {
83083 diff --git a/drivers/video/fbdev/aty/mach64_cursor.c b/drivers/video/fbdev/aty/mach64_cursor.c
83084 index 2fa0317..d687dab 100644
83085 --- a/drivers/video/fbdev/aty/mach64_cursor.c
83086 +++ b/drivers/video/fbdev/aty/mach64_cursor.c
83087 @@ -8,6 +8,7 @@
83088 #include "../core/fb_draw.h"
83089
83090 #include <asm/io.h>
83091 +#include <asm/pgtable.h>
83092
83093 #ifdef __sparc__
83094 #include <asm/fbio.h>
83095 @@ -218,7 +219,9 @@ int aty_init_cursor(struct fb_info *info)
83096 info->sprite.buf_align = 16; /* and 64 lines tall. */
83097 info->sprite.flags = FB_PIXMAP_IO;
83098
83099 - info->fbops->fb_cursor = atyfb_cursor;
83100 + pax_open_kernel();
83101 + const_cast(info->fbops->fb_cursor) = atyfb_cursor;
83102 + pax_close_kernel();
83103
83104 return 0;
83105 }
83106 diff --git a/drivers/video/fbdev/aty/mach64_gx.c b/drivers/video/fbdev/aty/mach64_gx.c
83107 index 10c988a..f7d9299 100644
83108 --- a/drivers/video/fbdev/aty/mach64_gx.c
83109 +++ b/drivers/video/fbdev/aty/mach64_gx.c
83110 @@ -894,17 +894,26 @@ static int aty_set_dac_unsupported(const struct fb_info *info,
83111 return 0;
83112 }
83113
83114 -static int dummy(void)
83115 +static int aty_var_to_pll(const struct fb_info * info, u32 vclk_per, u32 bpp, union aty_pll * pll)
83116 {
83117 return 0;
83118 }
83119
83120 +static u32 aty_pll_to_var(const struct fb_info * info, const union aty_pll * pll)
83121 +{
83122 + return 0;
83123 +}
83124 +
83125 +static void aty_set_pll(const struct fb_info * info, const union aty_pll * pll)
83126 +{
83127 +}
83128 +
83129 const struct aty_dac_ops aty_dac_unsupported = {
83130 .set_dac = aty_set_dac_unsupported,
83131 };
83132
83133 const struct aty_pll_ops aty_pll_unsupported = {
83134 - .var_to_pll = (void *) dummy,
83135 - .pll_to_var = (void *) dummy,
83136 - .set_pll = (void *) dummy,
83137 + .var_to_pll = aty_var_to_pll,
83138 + .pll_to_var = aty_pll_to_var,
83139 + .set_pll = aty_set_pll,
83140 };
83141 diff --git a/drivers/video/fbdev/core/fb_defio.c b/drivers/video/fbdev/core/fb_defio.c
83142 index 74b5bca..5bddbea 100644
83143 --- a/drivers/video/fbdev/core/fb_defio.c
83144 +++ b/drivers/video/fbdev/core/fb_defio.c
83145 @@ -208,7 +208,9 @@ void fb_deferred_io_init(struct fb_info *info)
83146
83147 BUG_ON(!fbdefio);
83148 mutex_init(&fbdefio->lock);
83149 - info->fbops->fb_mmap = fb_deferred_io_mmap;
83150 + pax_open_kernel();
83151 + const_cast(info->fbops->fb_mmap) = fb_deferred_io_mmap;
83152 + pax_close_kernel();
83153 INIT_DELAYED_WORK(&info->deferred_work, fb_deferred_io_work);
83154 INIT_LIST_HEAD(&fbdefio->pagelist);
83155 if (fbdefio->delay == 0) /* set a default of 1 s */
83156 @@ -239,7 +241,9 @@ void fb_deferred_io_cleanup(struct fb_info *info)
83157 page->mapping = NULL;
83158 }
83159
83160 - info->fbops->fb_mmap = NULL;
83161 + pax_open_kernel();
83162 + const_cast(info->fbops->fb_mmap) = NULL;
83163 + pax_close_kernel();
83164 mutex_destroy(&fbdefio->lock);
83165 }
83166 EXPORT_SYMBOL_GPL(fb_deferred_io_cleanup);
83167 diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c
83168 index 76c1ad9..6ec5e94 100644
83169 --- a/drivers/video/fbdev/core/fbmem.c
83170 +++ b/drivers/video/fbdev/core/fbmem.c
83171 @@ -1301,7 +1301,7 @@ static int do_fscreeninfo_to_user(struct fb_fix_screeninfo *fix,
83172 __u32 data;
83173 int err;
83174
83175 - err = copy_to_user(&fix32->id, &fix->id, sizeof(fix32->id));
83176 + err = copy_to_user(fix32->id, &fix->id, sizeof(fix32->id));
83177
83178 data = (__u32) (unsigned long) fix->smem_start;
83179 err |= put_user(data, &fix32->smem_start);
83180 @@ -1435,10 +1435,7 @@ fb_mmap(struct file *file, struct vm_area_struct * vma)
83181 return vm_iomap_memory(vma, start, len);
83182 }
83183
83184 -static int
83185 -fb_open(struct inode *inode, struct file *file)
83186 -__acquires(&info->lock)
83187 -__releases(&info->lock)
83188 +static int fb_open(struct inode *inode, struct file *file)
83189 {
83190 int fbidx = iminor(inode);
83191 struct fb_info *info;
83192 @@ -1476,10 +1473,7 @@ out:
83193 return res;
83194 }
83195
83196 -static int
83197 -fb_release(struct inode *inode, struct file *file)
83198 -__acquires(&info->lock)
83199 -__releases(&info->lock)
83200 +static int fb_release(struct inode *inode, struct file *file)
83201 {
83202 struct fb_info * const info = file->private_data;
83203
83204 diff --git a/drivers/video/fbdev/hyperv_fb.c b/drivers/video/fbdev/hyperv_fb.c
83205 index 2fd49b2..67e3d86 100644
83206 --- a/drivers/video/fbdev/hyperv_fb.c
83207 +++ b/drivers/video/fbdev/hyperv_fb.c
83208 @@ -240,7 +240,7 @@ static uint screen_fb_size;
83209 static inline int synthvid_send(struct hv_device *hdev,
83210 struct synthvid_msg *msg)
83211 {
83212 - static atomic64_t request_id = ATOMIC64_INIT(0);
83213 + static atomic64_unchecked_t request_id = ATOMIC64_INIT(0);
83214 int ret;
83215
83216 msg->pipe_hdr.type = PIPE_MSG_DATA;
83217 @@ -248,7 +248,7 @@ static inline int synthvid_send(struct hv_device *hdev,
83218
83219 ret = vmbus_sendpacket(hdev->channel, msg,
83220 msg->vid_hdr.size + sizeof(struct pipe_msg_hdr),
83221 - atomic64_inc_return(&request_id),
83222 + atomic64_inc_return_unchecked(&request_id),
83223 VM_PKT_DATA_INBAND, 0);
83224
83225 if (ret)
83226 diff --git a/drivers/video/fbdev/i810/i810_accel.c b/drivers/video/fbdev/i810/i810_accel.c
83227 index 7672d2e..b56437f 100644
83228 --- a/drivers/video/fbdev/i810/i810_accel.c
83229 +++ b/drivers/video/fbdev/i810/i810_accel.c
83230 @@ -73,6 +73,7 @@ static inline int wait_for_space(struct fb_info *info, u32 space)
83231 }
83232 }
83233 printk("ringbuffer lockup!!!\n");
83234 + printk("head:%u tail:%u iring.size:%u space:%u\n", head, tail, par->iring.size, space);
83235 i810_report_error(mmio);
83236 par->dev_flags |= LOCKUP;
83237 info->pixmap.scan_align = 1;
83238 diff --git a/drivers/video/fbdev/matrox/matroxfb_DAC1064.c b/drivers/video/fbdev/matrox/matroxfb_DAC1064.c
83239 index a01147f..5d896f8 100644
83240 --- a/drivers/video/fbdev/matrox/matroxfb_DAC1064.c
83241 +++ b/drivers/video/fbdev/matrox/matroxfb_DAC1064.c
83242 @@ -1088,14 +1088,20 @@ static void MGAG100_restore(struct matrox_fb_info *minfo)
83243
83244 #ifdef CONFIG_FB_MATROX_MYSTIQUE
83245 struct matrox_switch matrox_mystique = {
83246 - MGA1064_preinit, MGA1064_reset, MGA1064_init, MGA1064_restore,
83247 + .preinit = MGA1064_preinit,
83248 + .reset = MGA1064_reset,
83249 + .init = MGA1064_init,
83250 + .restore = MGA1064_restore,
83251 };
83252 EXPORT_SYMBOL(matrox_mystique);
83253 #endif
83254
83255 #ifdef CONFIG_FB_MATROX_G
83256 struct matrox_switch matrox_G100 = {
83257 - MGAG100_preinit, MGAG100_reset, MGAG100_init, MGAG100_restore,
83258 + .preinit = MGAG100_preinit,
83259 + .reset = MGAG100_reset,
83260 + .init = MGAG100_init,
83261 + .restore = MGAG100_restore,
83262 };
83263 EXPORT_SYMBOL(matrox_G100);
83264 #endif
83265 diff --git a/drivers/video/fbdev/matrox/matroxfb_Ti3026.c b/drivers/video/fbdev/matrox/matroxfb_Ti3026.c
83266 index 195ad7c..09743fc 100644
83267 --- a/drivers/video/fbdev/matrox/matroxfb_Ti3026.c
83268 +++ b/drivers/video/fbdev/matrox/matroxfb_Ti3026.c
83269 @@ -738,7 +738,10 @@ static int Ti3026_preinit(struct matrox_fb_info *minfo)
83270 }
83271
83272 struct matrox_switch matrox_millennium = {
83273 - Ti3026_preinit, Ti3026_reset, Ti3026_init, Ti3026_restore
83274 + .preinit = Ti3026_preinit,
83275 + .reset = Ti3026_reset,
83276 + .init = Ti3026_init,
83277 + .restore = Ti3026_restore
83278 };
83279 EXPORT_SYMBOL(matrox_millennium);
83280 #endif
83281 diff --git a/drivers/video/fbdev/matrox/matroxfb_base.c b/drivers/video/fbdev/matrox/matroxfb_base.c
83282 index 11eb094..622ee31 100644
83283 --- a/drivers/video/fbdev/matrox/matroxfb_base.c
83284 +++ b/drivers/video/fbdev/matrox/matroxfb_base.c
83285 @@ -2176,7 +2176,7 @@ static struct pci_driver matroxfb_driver = {
83286 #define RS1056x480 14 /* 132 x 60 text */
83287 #define RSNoxNo 15
83288 /* 10-FF */
83289 -static struct { int xres, yres, left, right, upper, lower, hslen, vslen, vfreq; } timmings[] __initdata = {
83290 +static struct { unsigned int xres, yres, left, right, upper, lower, hslen, vslen, vfreq; } timmings[] __initdata = {
83291 { 640, 400, 48, 16, 39, 8, 96, 2, 70 },
83292 { 640, 480, 48, 16, 33, 10, 96, 2, 60 },
83293 { 800, 600, 144, 24, 28, 8, 112, 6, 60 },
83294 diff --git a/drivers/video/fbdev/mb862xx/mb862xxfb_accel.c b/drivers/video/fbdev/mb862xx/mb862xxfb_accel.c
83295 index fe92eed..239e386 100644
83296 --- a/drivers/video/fbdev/mb862xx/mb862xxfb_accel.c
83297 +++ b/drivers/video/fbdev/mb862xx/mb862xxfb_accel.c
83298 @@ -312,14 +312,18 @@ void mb862xxfb_init_accel(struct fb_info *info, int xres)
83299 struct mb862xxfb_par *par = info->par;
83300
83301 if (info->var.bits_per_pixel == 32) {
83302 - info->fbops->fb_fillrect = cfb_fillrect;
83303 - info->fbops->fb_copyarea = cfb_copyarea;
83304 - info->fbops->fb_imageblit = cfb_imageblit;
83305 + pax_open_kernel();
83306 + const_cast(info->fbops->fb_fillrect) = cfb_fillrect;
83307 + const_cast(info->fbops->fb_copyarea) = cfb_copyarea;
83308 + const_cast(info->fbops->fb_imageblit) = cfb_imageblit;
83309 + pax_close_kernel();
83310 } else {
83311 outreg(disp, GC_L0EM, 3);
83312 - info->fbops->fb_fillrect = mb86290fb_fillrect;
83313 - info->fbops->fb_copyarea = mb86290fb_copyarea;
83314 - info->fbops->fb_imageblit = mb86290fb_imageblit;
83315 + pax_open_kernel();
83316 + const_cast(info->fbops->fb_fillrect) = mb86290fb_fillrect;
83317 + const_cast(info->fbops->fb_copyarea) = mb86290fb_copyarea;
83318 + const_cast(info->fbops->fb_imageblit) = mb86290fb_imageblit;
83319 + pax_close_kernel();
83320 }
83321 outreg(draw, GDC_REG_DRAW_BASE, 0);
83322 outreg(draw, GDC_REG_MODE_MISC, 0x8000);
83323 diff --git a/drivers/video/fbdev/nvidia/nvidia.c b/drivers/video/fbdev/nvidia/nvidia.c
83324 index ce7dab7..89d6521 100644
83325 --- a/drivers/video/fbdev/nvidia/nvidia.c
83326 +++ b/drivers/video/fbdev/nvidia/nvidia.c
83327 @@ -660,19 +660,23 @@ static int nvidiafb_set_par(struct fb_info *info)
83328 info->fix.line_length = (info->var.xres_virtual *
83329 info->var.bits_per_pixel) >> 3;
83330 if (info->var.accel_flags) {
83331 - info->fbops->fb_imageblit = nvidiafb_imageblit;
83332 - info->fbops->fb_fillrect = nvidiafb_fillrect;
83333 - info->fbops->fb_copyarea = nvidiafb_copyarea;
83334 - info->fbops->fb_sync = nvidiafb_sync;
83335 + pax_open_kernel();
83336 + const_cast(info->fbops->fb_imageblit) = nvidiafb_imageblit;
83337 + const_cast(info->fbops->fb_fillrect) = nvidiafb_fillrect;
83338 + const_cast(info->fbops->fb_copyarea) = nvidiafb_copyarea;
83339 + const_cast(info->fbops->fb_sync) = nvidiafb_sync;
83340 + pax_close_kernel();
83341 info->pixmap.scan_align = 4;
83342 info->flags &= ~FBINFO_HWACCEL_DISABLED;
83343 info->flags |= FBINFO_READS_FAST;
83344 NVResetGraphics(info);
83345 } else {
83346 - info->fbops->fb_imageblit = cfb_imageblit;
83347 - info->fbops->fb_fillrect = cfb_fillrect;
83348 - info->fbops->fb_copyarea = cfb_copyarea;
83349 - info->fbops->fb_sync = NULL;
83350 + pax_open_kernel();
83351 + const_cast(info->fbops->fb_imageblit) = cfb_imageblit;
83352 + const_cast(info->fbops->fb_fillrect) = cfb_fillrect;
83353 + const_cast(info->fbops->fb_copyarea) = cfb_copyarea;
83354 + const_cast(info->fbops->fb_sync) = NULL;
83355 + pax_close_kernel();
83356 info->pixmap.scan_align = 1;
83357 info->flags |= FBINFO_HWACCEL_DISABLED;
83358 info->flags &= ~FBINFO_READS_FAST;
83359 @@ -1164,8 +1168,11 @@ static int nvidia_set_fbinfo(struct fb_info *info)
83360 info->pixmap.size = 8 * 1024;
83361 info->pixmap.flags = FB_PIXMAP_SYSTEM;
83362
83363 - if (!hwcur)
83364 - info->fbops->fb_cursor = NULL;
83365 + if (!hwcur) {
83366 + pax_open_kernel();
83367 + const_cast(info->fbops->fb_cursor) = NULL;
83368 + pax_close_kernel();
83369 + }
83370
83371 info->var.accel_flags = (!noaccel);
83372
83373 diff --git a/drivers/video/fbdev/omap2/omapfb/dss/display.c b/drivers/video/fbdev/omap2/omapfb/dss/display.c
83374 index dd54686..6ef7ef6 100644
83375 --- a/drivers/video/fbdev/omap2/omapfb/dss/display.c
83376 +++ b/drivers/video/fbdev/omap2/omapfb/dss/display.c
83377 @@ -161,12 +161,14 @@ int omapdss_register_display(struct omap_dss_device *dssdev)
83378 if (dssdev->name == NULL)
83379 dssdev->name = dssdev->alias;
83380
83381 + pax_open_kernel();
83382 if (drv && drv->get_resolution == NULL)
83383 - drv->get_resolution = omapdss_default_get_resolution;
83384 + const_cast(drv->get_resolution) = omapdss_default_get_resolution;
83385 if (drv && drv->get_recommended_bpp == NULL)
83386 - drv->get_recommended_bpp = omapdss_default_get_recommended_bpp;
83387 + const_cast(drv->get_recommended_bpp) = omapdss_default_get_recommended_bpp;
83388 if (drv && drv->get_timings == NULL)
83389 - drv->get_timings = omapdss_default_get_timings;
83390 + const_cast(drv->get_timings) = omapdss_default_get_timings;
83391 + pax_close_kernel();
83392
83393 mutex_lock(&panel_list_mutex);
83394 list_add_tail(&dssdev->panel_list, &panel_list);
83395 diff --git a/drivers/video/fbdev/s1d13xxxfb.c b/drivers/video/fbdev/s1d13xxxfb.c
83396 index 96aa46d..65e2554 100644
83397 --- a/drivers/video/fbdev/s1d13xxxfb.c
83398 +++ b/drivers/video/fbdev/s1d13xxxfb.c
83399 @@ -880,8 +880,10 @@ static int s1d13xxxfb_probe(struct platform_device *pdev)
83400
83401 switch(prod_id) {
83402 case S1D13506_PROD_ID: /* activate acceleration */
83403 - s1d13xxxfb_fbops.fb_fillrect = s1d13xxxfb_bitblt_solidfill;
83404 - s1d13xxxfb_fbops.fb_copyarea = s1d13xxxfb_bitblt_copyarea;
83405 + pax_open_kernel();
83406 + const_cast(s1d13xxxfb_fbops.fb_fillrect) = s1d13xxxfb_bitblt_solidfill;
83407 + const_cast(s1d13xxxfb_fbops.fb_copyarea) = s1d13xxxfb_bitblt_copyarea;
83408 + pax_close_kernel();
83409 info->flags = FBINFO_DEFAULT | FBINFO_HWACCEL_YPAN |
83410 FBINFO_HWACCEL_FILLRECT | FBINFO_HWACCEL_COPYAREA;
83411 break;
83412 diff --git a/drivers/video/fbdev/sh_mobile_lcdcfb.c b/drivers/video/fbdev/sh_mobile_lcdcfb.c
83413 index 82c0a8c..42499a1 100644
83414 --- a/drivers/video/fbdev/sh_mobile_lcdcfb.c
83415 +++ b/drivers/video/fbdev/sh_mobile_lcdcfb.c
83416 @@ -439,9 +439,9 @@ static unsigned long lcdc_sys_read_data(void *handle)
83417 }
83418
83419 static struct sh_mobile_lcdc_sys_bus_ops sh_mobile_lcdc_sys_bus_ops = {
83420 - lcdc_sys_write_index,
83421 - lcdc_sys_write_data,
83422 - lcdc_sys_read_data,
83423 + .write_index = lcdc_sys_write_index,
83424 + .write_data = lcdc_sys_write_data,
83425 + .read_data = lcdc_sys_read_data,
83426 };
83427
83428 static int sh_mobile_lcdc_sginit(struct fb_info *info,
83429 diff --git a/drivers/video/fbdev/sis/sis_main.h b/drivers/video/fbdev/sis/sis_main.h
83430 index 32e23c2..7b73082 100644
83431 --- a/drivers/video/fbdev/sis/sis_main.h
83432 +++ b/drivers/video/fbdev/sis/sis_main.h
83433 @@ -763,7 +763,7 @@ extern void SiS_SetCH700x(struct SiS_Private *SiS_Pr, unsigned short reg, unsig
83434 extern unsigned short SiS_GetCH701x(struct SiS_Private *SiS_Pr, unsigned short reg);
83435 extern void SiS_SetCH701x(struct SiS_Private *SiS_Pr, unsigned short reg, unsigned char val);
83436 extern void SiS_SetCH70xxANDOR(struct SiS_Private *SiS_Pr, unsigned short reg,
83437 - unsigned char myor, unsigned char myand);
83438 + unsigned char myor, unsigned short myand);
83439 extern void SiS_DDC2Delay(struct SiS_Private *SiS_Pr, unsigned int delaytime);
83440 extern void SiS_SetChrontelGPIO(struct SiS_Private *SiS_Pr, unsigned short myvbinfo);
83441 extern unsigned short SiS_HandleDDC(struct SiS_Private *SiS_Pr, unsigned int VBFlags, int VGAEngine,
83442 diff --git a/drivers/video/fbdev/smscufx.c b/drivers/video/fbdev/smscufx.c
83443 index 9279e5f..d9fb0bd 100644
83444 --- a/drivers/video/fbdev/smscufx.c
83445 +++ b/drivers/video/fbdev/smscufx.c
83446 @@ -1174,7 +1174,9 @@ static int ufx_ops_release(struct fb_info *info, int user)
83447 fb_deferred_io_cleanup(info);
83448 kfree(info->fbdefio);
83449 info->fbdefio = NULL;
83450 - info->fbops->fb_mmap = ufx_ops_mmap;
83451 + pax_open_kernel();
83452 + const_cast(info->fbops->fb_mmap) = ufx_ops_mmap;
83453 + pax_close_kernel();
83454 }
83455
83456 pr_debug("released /dev/fb%d user=%d count=%d",
83457 diff --git a/drivers/video/fbdev/udlfb.c b/drivers/video/fbdev/udlfb.c
83458 index e9c2f7b..87506f4 100644
83459 --- a/drivers/video/fbdev/udlfb.c
83460 +++ b/drivers/video/fbdev/udlfb.c
83461 @@ -623,11 +623,11 @@ static int dlfb_handle_damage(struct dlfb_data *dev, int x, int y,
83462 dlfb_urb_completion(urb);
83463
83464 error:
83465 - atomic_add(bytes_sent, &dev->bytes_sent);
83466 - atomic_add(bytes_identical, &dev->bytes_identical);
83467 - atomic_add(width*height*2, &dev->bytes_rendered);
83468 + atomic_add_unchecked(bytes_sent, &dev->bytes_sent);
83469 + atomic_add_unchecked(bytes_identical, &dev->bytes_identical);
83470 + atomic_add_unchecked(width*height*2, &dev->bytes_rendered);
83471 end_cycles = get_cycles();
83472 - atomic_add(((unsigned int) ((end_cycles - start_cycles)
83473 + atomic_add_unchecked(((unsigned int) ((end_cycles - start_cycles)
83474 >> 10)), /* Kcycles */
83475 &dev->cpu_kcycles_used);
83476
83477 @@ -748,11 +748,11 @@ static void dlfb_dpy_deferred_io(struct fb_info *info,
83478 dlfb_urb_completion(urb);
83479
83480 error:
83481 - atomic_add(bytes_sent, &dev->bytes_sent);
83482 - atomic_add(bytes_identical, &dev->bytes_identical);
83483 - atomic_add(bytes_rendered, &dev->bytes_rendered);
83484 + atomic_add_unchecked(bytes_sent, &dev->bytes_sent);
83485 + atomic_add_unchecked(bytes_identical, &dev->bytes_identical);
83486 + atomic_add_unchecked(bytes_rendered, &dev->bytes_rendered);
83487 end_cycles = get_cycles();
83488 - atomic_add(((unsigned int) ((end_cycles - start_cycles)
83489 + atomic_add_unchecked(((unsigned int) ((end_cycles - start_cycles)
83490 >> 10)), /* Kcycles */
83491 &dev->cpu_kcycles_used);
83492 }
83493 @@ -991,7 +991,9 @@ static int dlfb_ops_release(struct fb_info *info, int user)
83494 fb_deferred_io_cleanup(info);
83495 kfree(info->fbdefio);
83496 info->fbdefio = NULL;
83497 - info->fbops->fb_mmap = dlfb_ops_mmap;
83498 + pax_open_kernel();
83499 + const_cast(info->fbops->fb_mmap) = dlfb_ops_mmap;
83500 + pax_close_kernel();
83501 }
83502
83503 pr_warn("released /dev/fb%d user=%d count=%d\n",
83504 @@ -1373,7 +1375,7 @@ static ssize_t metrics_bytes_rendered_show(struct device *fbdev,
83505 struct fb_info *fb_info = dev_get_drvdata(fbdev);
83506 struct dlfb_data *dev = fb_info->par;
83507 return snprintf(buf, PAGE_SIZE, "%u\n",
83508 - atomic_read(&dev->bytes_rendered));
83509 + atomic_read_unchecked(&dev->bytes_rendered));
83510 }
83511
83512 static ssize_t metrics_bytes_identical_show(struct device *fbdev,
83513 @@ -1381,7 +1383,7 @@ static ssize_t metrics_bytes_identical_show(struct device *fbdev,
83514 struct fb_info *fb_info = dev_get_drvdata(fbdev);
83515 struct dlfb_data *dev = fb_info->par;
83516 return snprintf(buf, PAGE_SIZE, "%u\n",
83517 - atomic_read(&dev->bytes_identical));
83518 + atomic_read_unchecked(&dev->bytes_identical));
83519 }
83520
83521 static ssize_t metrics_bytes_sent_show(struct device *fbdev,
83522 @@ -1389,7 +1391,7 @@ static ssize_t metrics_bytes_sent_show(struct device *fbdev,
83523 struct fb_info *fb_info = dev_get_drvdata(fbdev);
83524 struct dlfb_data *dev = fb_info->par;
83525 return snprintf(buf, PAGE_SIZE, "%u\n",
83526 - atomic_read(&dev->bytes_sent));
83527 + atomic_read_unchecked(&dev->bytes_sent));
83528 }
83529
83530 static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev,
83531 @@ -1397,7 +1399,7 @@ static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev,
83532 struct fb_info *fb_info = dev_get_drvdata(fbdev);
83533 struct dlfb_data *dev = fb_info->par;
83534 return snprintf(buf, PAGE_SIZE, "%u\n",
83535 - atomic_read(&dev->cpu_kcycles_used));
83536 + atomic_read_unchecked(&dev->cpu_kcycles_used));
83537 }
83538
83539 static ssize_t edid_show(
83540 @@ -1457,10 +1459,10 @@ static ssize_t metrics_reset_store(struct device *fbdev,
83541 struct fb_info *fb_info = dev_get_drvdata(fbdev);
83542 struct dlfb_data *dev = fb_info->par;
83543
83544 - atomic_set(&dev->bytes_rendered, 0);
83545 - atomic_set(&dev->bytes_identical, 0);
83546 - atomic_set(&dev->bytes_sent, 0);
83547 - atomic_set(&dev->cpu_kcycles_used, 0);
83548 + atomic_set_unchecked(&dev->bytes_rendered, 0);
83549 + atomic_set_unchecked(&dev->bytes_identical, 0);
83550 + atomic_set_unchecked(&dev->bytes_sent, 0);
83551 + atomic_set_unchecked(&dev->cpu_kcycles_used, 0);
83552
83553 return count;
83554 }
83555 diff --git a/drivers/video/fbdev/uvesafb.c b/drivers/video/fbdev/uvesafb.c
83556 index 178ae93..043ddca 100644
83557 --- a/drivers/video/fbdev/uvesafb.c
83558 +++ b/drivers/video/fbdev/uvesafb.c
83559 @@ -19,6 +19,7 @@
83560 #include <linux/io.h>
83561 #include <linux/mutex.h>
83562 #include <linux/slab.h>
83563 +#include <linux/moduleloader.h>
83564 #include <video/edid.h>
83565 #include <video/uvesafb.h>
83566 #ifdef CONFIG_X86
83567 @@ -565,10 +566,32 @@ static int uvesafb_vbe_getpmi(struct uvesafb_ktask *task,
83568 if ((task->t.regs.eax & 0xffff) != 0x4f || task->t.regs.es < 0xc000) {
83569 par->pmi_setpal = par->ypan = 0;
83570 } else {
83571 +
83572 +#ifdef CONFIG_PAX_KERNEXEC
83573 +#ifdef CONFIG_MODULES
83574 + par->pmi_code = module_alloc_exec((u16)task->t.regs.ecx);
83575 +#endif
83576 + if (!par->pmi_code) {
83577 + par->pmi_setpal = par->ypan = 0;
83578 + return 0;
83579 + }
83580 +#endif
83581 +
83582 par->pmi_base = (u16 *)phys_to_virt(((u32)task->t.regs.es << 4)
83583 + task->t.regs.edi);
83584 +
83585 +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
83586 + pax_open_kernel();
83587 + memcpy(par->pmi_code, par->pmi_base, (u16)task->t.regs.ecx);
83588 + pax_close_kernel();
83589 +
83590 + par->pmi_start = (void *)ktva_ktla((unsigned long)(par->pmi_code + par->pmi_base[1]));
83591 + par->pmi_pal = (void *)ktva_ktla((unsigned long)(par->pmi_code + par->pmi_base[2]));
83592 +#else
83593 par->pmi_start = (u8 *)par->pmi_base + par->pmi_base[1];
83594 par->pmi_pal = (u8 *)par->pmi_base + par->pmi_base[2];
83595 +#endif
83596 +
83597 printk(KERN_INFO "uvesafb: protected mode interface info at "
83598 "%04x:%04x\n",
83599 (u16)task->t.regs.es, (u16)task->t.regs.edi);
83600 @@ -813,13 +836,14 @@ static int uvesafb_vbe_init(struct fb_info *info)
83601 par->ypan = ypan;
83602
83603 if (par->pmi_setpal || par->ypan) {
83604 +#if !defined(CONFIG_MODULES) || !defined(CONFIG_PAX_KERNEXEC)
83605 if (__supported_pte_mask & _PAGE_NX) {
83606 par->pmi_setpal = par->ypan = 0;
83607 printk(KERN_WARNING "uvesafb: NX protection is active, "
83608 "better not use the PMI.\n");
83609 - } else {
83610 + } else
83611 +#endif
83612 uvesafb_vbe_getpmi(task, par);
83613 - }
83614 }
83615 #else
83616 /* The protected mode interface is not available on non-x86. */
83617 @@ -1452,8 +1476,11 @@ static void uvesafb_init_info(struct fb_info *info, struct vbe_mode_ib *mode)
83618 info->fix.ywrapstep = (par->ypan > 1) ? 1 : 0;
83619
83620 /* Disable blanking if the user requested so. */
83621 - if (!blank)
83622 - info->fbops->fb_blank = NULL;
83623 + if (!blank) {
83624 + pax_open_kernel();
83625 + const_cast(info->fbops->fb_blank) = NULL;
83626 + pax_close_kernel();
83627 + }
83628
83629 /*
83630 * Find out how much IO memory is required for the mode with
83631 @@ -1524,8 +1551,11 @@ static void uvesafb_init_info(struct fb_info *info, struct vbe_mode_ib *mode)
83632 info->flags = FBINFO_FLAG_DEFAULT |
83633 (par->ypan ? FBINFO_HWACCEL_YPAN : 0);
83634
83635 - if (!par->ypan)
83636 - info->fbops->fb_pan_display = NULL;
83637 + if (!par->ypan) {
83638 + pax_open_kernel();
83639 + const_cast(info->fbops->fb_pan_display) = NULL;
83640 + pax_close_kernel();
83641 + }
83642 }
83643
83644 static void uvesafb_init_mtrr(struct fb_info *info)
83645 @@ -1786,6 +1816,11 @@ out_mode:
83646 out:
83647 kfree(par->vbe_modes);
83648
83649 +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
83650 + if (par->pmi_code)
83651 + module_memfree_exec(par->pmi_code);
83652 +#endif
83653 +
83654 framebuffer_release(info);
83655 return err;
83656 }
83657 @@ -1810,6 +1845,11 @@ static int uvesafb_remove(struct platform_device *dev)
83658 kfree(par->vbe_state_orig);
83659 kfree(par->vbe_state_saved);
83660
83661 +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
83662 + if (par->pmi_code)
83663 + module_memfree_exec(par->pmi_code);
83664 +#endif
83665 +
83666 framebuffer_release(info);
83667 }
83668 return 0;
83669 diff --git a/drivers/video/fbdev/vesafb.c b/drivers/video/fbdev/vesafb.c
83670 index 528fe91..475d9e6 100644
83671 --- a/drivers/video/fbdev/vesafb.c
83672 +++ b/drivers/video/fbdev/vesafb.c
83673 @@ -9,6 +9,7 @@
83674 */
83675
83676 #include <linux/module.h>
83677 +#include <linux/moduleloader.h>
83678 #include <linux/kernel.h>
83679 #include <linux/errno.h>
83680 #include <linux/string.h>
83681 @@ -56,8 +57,8 @@ static int vram_remap; /* Set amount of memory to be used */
83682 static int vram_total; /* Set total amount of memory */
83683 static int pmi_setpal __read_mostly = 1; /* pmi for palette changes ??? */
83684 static int ypan __read_mostly; /* 0..nothing, 1..ypan, 2..ywrap */
83685 -static void (*pmi_start)(void) __read_mostly;
83686 -static void (*pmi_pal) (void) __read_mostly;
83687 +static void (*pmi_start)(void) __read_only;
83688 +static void (*pmi_pal) (void) __read_only;
83689 static int depth __read_mostly;
83690 static int vga_compat __read_mostly;
83691 /* --------------------------------------------------------------------- */
83692 @@ -241,6 +242,7 @@ static int vesafb_probe(struct platform_device *dev)
83693 unsigned int size_remap;
83694 unsigned int size_total;
83695 char *option = NULL;
83696 + void *pmi_code = NULL;
83697
83698 /* ignore error return of fb_get_options */
83699 fb_get_options("vesafb", &option);
83700 @@ -287,10 +289,6 @@ static int vesafb_probe(struct platform_device *dev)
83701 size_remap = size_total;
83702 vesafb_fix.smem_len = size_remap;
83703
83704 -#ifndef __i386__
83705 - screen_info.vesapm_seg = 0;
83706 -#endif
83707 -
83708 if (!request_mem_region(vesafb_fix.smem_start, size_total, "vesafb")) {
83709 printk(KERN_WARNING
83710 "vesafb: cannot reserve video memory at 0x%lx\n",
83711 @@ -320,9 +318,21 @@ static int vesafb_probe(struct platform_device *dev)
83712 printk(KERN_INFO "vesafb: mode is %dx%dx%d, linelength=%d, pages=%d\n",
83713 vesafb_defined.xres, vesafb_defined.yres, vesafb_defined.bits_per_pixel, vesafb_fix.line_length, screen_info.pages);
83714
83715 +#ifdef __i386__
83716 +
83717 +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
83718 + pmi_code = module_alloc_exec(screen_info.vesapm_size);
83719 + if (!pmi_code)
83720 +#elif !defined(CONFIG_PAX_KERNEXEC)
83721 + if (0)
83722 +#endif
83723 +
83724 +#endif
83725 + screen_info.vesapm_seg = 0;
83726 +
83727 if (screen_info.vesapm_seg) {
83728 - printk(KERN_INFO "vesafb: protected mode interface info at %04x:%04x\n",
83729 - screen_info.vesapm_seg,screen_info.vesapm_off);
83730 + printk(KERN_INFO "vesafb: protected mode interface info at %04x:%04x %04x bytes\n",
83731 + screen_info.vesapm_seg,screen_info.vesapm_off,screen_info.vesapm_size);
83732 }
83733
83734 if (screen_info.vesapm_seg < 0xc000)
83735 @@ -330,9 +340,25 @@ static int vesafb_probe(struct platform_device *dev)
83736
83737 if (ypan || pmi_setpal) {
83738 unsigned short *pmi_base;
83739 +
83740 pmi_base = (unsigned short*)phys_to_virt(((unsigned long)screen_info.vesapm_seg << 4) + screen_info.vesapm_off);
83741 - pmi_start = (void*)((char*)pmi_base + pmi_base[1]);
83742 - pmi_pal = (void*)((char*)pmi_base + pmi_base[2]);
83743 +
83744 +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
83745 + pax_open_kernel();
83746 + memcpy(pmi_code, pmi_base, screen_info.vesapm_size);
83747 +#else
83748 + pmi_code = pmi_base;
83749 +#endif
83750 +
83751 + pmi_start = (void*)((char*)pmi_code + pmi_base[1]);
83752 + pmi_pal = (void*)((char*)pmi_code + pmi_base[2]);
83753 +
83754 +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
83755 + pmi_start = (void *)ktva_ktla((unsigned long)pmi_start);
83756 + pmi_pal = (void *)ktva_ktla((unsigned long)pmi_pal);
83757 + pax_close_kernel();
83758 +#endif
83759 +
83760 printk(KERN_INFO "vesafb: pmi: set display start = %p, set palette = %p\n",pmi_start,pmi_pal);
83761 if (pmi_base[3]) {
83762 printk(KERN_INFO "vesafb: pmi: ports = ");
83763 @@ -452,8 +478,11 @@ static int vesafb_probe(struct platform_device *dev)
83764 info->flags = FBINFO_FLAG_DEFAULT | FBINFO_MISC_FIRMWARE |
83765 (ypan ? FBINFO_HWACCEL_YPAN : 0);
83766
83767 - if (!ypan)
83768 - info->fbops->fb_pan_display = NULL;
83769 + if (!ypan) {
83770 + pax_open_kernel();
83771 + const_cast(info->fbops->fb_pan_display) = NULL;
83772 + pax_close_kernel();
83773 + }
83774
83775 if (fb_alloc_cmap(&info->cmap, 256, 0) < 0) {
83776 err = -ENOMEM;
83777 @@ -467,6 +496,11 @@ static int vesafb_probe(struct platform_device *dev)
83778 fb_info(info, "%s frame buffer device\n", info->fix.id);
83779 return 0;
83780 err:
83781 +
83782 +#if defined(__i386__) && defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
83783 + module_memfree_exec(pmi_code);
83784 +#endif
83785 +
83786 arch_phys_wc_del(par->wc_cookie);
83787 if (info->screen_base)
83788 iounmap(info->screen_base);
83789 diff --git a/drivers/video/fbdev/via/via_clock.h b/drivers/video/fbdev/via/via_clock.h
83790 index 88714ae..16c2e11 100644
83791 --- a/drivers/video/fbdev/via/via_clock.h
83792 +++ b/drivers/video/fbdev/via/via_clock.h
83793 @@ -56,7 +56,7 @@ struct via_clock {
83794
83795 void (*set_engine_pll_state)(u8 state);
83796 void (*set_engine_pll)(struct via_pll_config config);
83797 -};
83798 +} __no_const;
83799
83800
83801 static inline u32 get_pll_internal_frequency(u32 ref_freq,
83802 diff --git a/drivers/video/logo/logo_linux_clut224.ppm b/drivers/video/logo/logo_linux_clut224.ppm
83803 index 3c14e43..2630570 100644
83804 --- a/drivers/video/logo/logo_linux_clut224.ppm
83805 +++ b/drivers/video/logo/logo_linux_clut224.ppm
83806 @@ -2,1603 +2,1123 @@ P3
83807 # Standard 224-color Linux logo
83808 80 80
83809 255
83810 - 0 0 0 0 0 0 0 0 0 0 0 0
83811 - 0 0 0 0 0 0 0 0 0 0 0 0
83812 - 0 0 0 0 0 0 0 0 0 0 0 0
83813 - 0 0 0 0 0 0 0 0 0 0 0 0
83814 - 0 0 0 0 0 0 0 0 0 0 0 0
83815 - 0 0 0 0 0 0 0 0 0 0 0 0
83816 - 0 0 0 0 0 0 0 0 0 0 0 0
83817 - 0 0 0 0 0 0 0 0 0 0 0 0
83818 - 0 0 0 0 0 0 0 0 0 0 0 0
83819 - 6 6 6 6 6 6 10 10 10 10 10 10
83820 - 10 10 10 6 6 6 6 6 6 6 6 6
83821 - 0 0 0 0 0 0 0 0 0 0 0 0
83822 - 0 0 0 0 0 0 0 0 0 0 0 0
83823 - 0 0 0 0 0 0 0 0 0 0 0 0
83824 - 0 0 0 0 0 0 0 0 0 0 0 0
83825 - 0 0 0 0 0 0 0 0 0 0 0 0
83826 - 0 0 0 0 0 0 0 0 0 0 0 0
83827 - 0 0 0 0 0 0 0 0 0 0 0 0
83828 - 0 0 0 0 0 0 0 0 0 0 0 0
83829 - 0 0 0 0 0 0 0 0 0 0 0 0
83830 - 0 0 0 0 0 0 0 0 0 0 0 0
83831 - 0 0 0 0 0 0 0 0 0 0 0 0
83832 - 0 0 0 0 0 0 0 0 0 0 0 0
83833 - 0 0 0 0 0 0 0 0 0 0 0 0
83834 - 0 0 0 0 0 0 0 0 0 0 0 0
83835 - 0 0 0 0 0 0 0 0 0 0 0 0
83836 - 0 0 0 0 0 0 0 0 0 0 0 0
83837 - 0 0 0 0 0 0 0 0 0 0 0 0
83838 - 0 0 0 6 6 6 10 10 10 14 14 14
83839 - 22 22 22 26 26 26 30 30 30 34 34 34
83840 - 30 30 30 30 30 30 26 26 26 18 18 18
83841 - 14 14 14 10 10 10 6 6 6 0 0 0
83842 - 0 0 0 0 0 0 0 0 0 0 0 0
83843 - 0 0 0 0 0 0 0 0 0 0 0 0
83844 - 0 0 0 0 0 0 0 0 0 0 0 0
83845 - 0 0 0 0 0 0 0 0 0 0 0 0
83846 - 0 0 0 0 0 0 0 0 0 0 0 0
83847 - 0 0 0 0 0 0 0 0 0 0 0 0
83848 - 0 0 0 0 0 0 0 0 0 0 0 0
83849 - 0 0 0 0 0 0 0 0 0 0 0 0
83850 - 0 0 0 0 0 0 0 0 0 0 0 0
83851 - 0 0 0 0 0 1 0 0 1 0 0 0
83852 - 0 0 0 0 0 0 0 0 0 0 0 0
83853 - 0 0 0 0 0 0 0 0 0 0 0 0
83854 - 0 0 0 0 0 0 0 0 0 0 0 0
83855 - 0 0 0 0 0 0 0 0 0 0 0 0
83856 - 0 0 0 0 0 0 0 0 0 0 0 0
83857 - 0 0 0 0 0 0 0 0 0 0 0 0
83858 - 6 6 6 14 14 14 26 26 26 42 42 42
83859 - 54 54 54 66 66 66 78 78 78 78 78 78
83860 - 78 78 78 74 74 74 66 66 66 54 54 54
83861 - 42 42 42 26 26 26 18 18 18 10 10 10
83862 - 6 6 6 0 0 0 0 0 0 0 0 0
83863 - 0 0 0 0 0 0 0 0 0 0 0 0
83864 - 0 0 0 0 0 0 0 0 0 0 0 0
83865 - 0 0 0 0 0 0 0 0 0 0 0 0
83866 - 0 0 0 0 0 0 0 0 0 0 0 0
83867 - 0 0 0 0 0 0 0 0 0 0 0 0
83868 - 0 0 0 0 0 0 0 0 0 0 0 0
83869 - 0 0 0 0 0 0 0 0 0 0 0 0
83870 - 0 0 0 0 0 0 0 0 0 0 0 0
83871 - 0 0 1 0 0 0 0 0 0 0 0 0
83872 - 0 0 0 0 0 0 0 0 0 0 0 0
83873 - 0 0 0 0 0 0 0 0 0 0 0 0
83874 - 0 0 0 0 0 0 0 0 0 0 0 0
83875 - 0 0 0 0 0 0 0 0 0 0 0 0
83876 - 0 0 0 0 0 0 0 0 0 0 0 0
83877 - 0 0 0 0 0 0 0 0 0 10 10 10
83878 - 22 22 22 42 42 42 66 66 66 86 86 86
83879 - 66 66 66 38 38 38 38 38 38 22 22 22
83880 - 26 26 26 34 34 34 54 54 54 66 66 66
83881 - 86 86 86 70 70 70 46 46 46 26 26 26
83882 - 14 14 14 6 6 6 0 0 0 0 0 0
83883 - 0 0 0 0 0 0 0 0 0 0 0 0
83884 - 0 0 0 0 0 0 0 0 0 0 0 0
83885 - 0 0 0 0 0 0 0 0 0 0 0 0
83886 - 0 0 0 0 0 0 0 0 0 0 0 0
83887 - 0 0 0 0 0 0 0 0 0 0 0 0
83888 - 0 0 0 0 0 0 0 0 0 0 0 0
83889 - 0 0 0 0 0 0 0 0 0 0 0 0
83890 - 0 0 0 0 0 0 0 0 0 0 0 0
83891 - 0 0 1 0 0 1 0 0 1 0 0 0
83892 - 0 0 0 0 0 0 0 0 0 0 0 0
83893 - 0 0 0 0 0 0 0 0 0 0 0 0
83894 - 0 0 0 0 0 0 0 0 0 0 0 0
83895 - 0 0 0 0 0 0 0 0 0 0 0 0
83896 - 0 0 0 0 0 0 0 0 0 0 0 0
83897 - 0 0 0 0 0 0 10 10 10 26 26 26
83898 - 50 50 50 82 82 82 58 58 58 6 6 6
83899 - 2 2 6 2 2 6 2 2 6 2 2 6
83900 - 2 2 6 2 2 6 2 2 6 2 2 6
83901 - 6 6 6 54 54 54 86 86 86 66 66 66
83902 - 38 38 38 18 18 18 6 6 6 0 0 0
83903 - 0 0 0 0 0 0 0 0 0 0 0 0
83904 - 0 0 0 0 0 0 0 0 0 0 0 0
83905 - 0 0 0 0 0 0 0 0 0 0 0 0
83906 - 0 0 0 0 0 0 0 0 0 0 0 0
83907 - 0 0 0 0 0 0 0 0 0 0 0 0
83908 - 0 0 0 0 0 0 0 0 0 0 0 0
83909 - 0 0 0 0 0 0 0 0 0 0 0 0
83910 - 0 0 0 0 0 0 0 0 0 0 0 0
83911 - 0 0 0 0 0 0 0 0 0 0 0 0
83912 - 0 0 0 0 0 0 0 0 0 0 0 0
83913 - 0 0 0 0 0 0 0 0 0 0 0 0
83914 - 0 0 0 0 0 0 0 0 0 0 0 0
83915 - 0 0 0 0 0 0 0 0 0 0 0 0
83916 - 0 0 0 0 0 0 0 0 0 0 0 0
83917 - 0 0 0 6 6 6 22 22 22 50 50 50
83918 - 78 78 78 34 34 34 2 2 6 2 2 6
83919 - 2 2 6 2 2 6 2 2 6 2 2 6
83920 - 2 2 6 2 2 6 2 2 6 2 2 6
83921 - 2 2 6 2 2 6 6 6 6 70 70 70
83922 - 78 78 78 46 46 46 22 22 22 6 6 6
83923 - 0 0 0 0 0 0 0 0 0 0 0 0
83924 - 0 0 0 0 0 0 0 0 0 0 0 0
83925 - 0 0 0 0 0 0 0 0 0 0 0 0
83926 - 0 0 0 0 0 0 0 0 0 0 0 0
83927 - 0 0 0 0 0 0 0 0 0 0 0 0
83928 - 0 0 0 0 0 0 0 0 0 0 0 0
83929 - 0 0 0 0 0 0 0 0 0 0 0 0
83930 - 0 0 0 0 0 0 0 0 0 0 0 0
83931 - 0 0 1 0 0 1 0 0 1 0 0 0
83932 - 0 0 0 0 0 0 0 0 0 0 0 0
83933 - 0 0 0 0 0 0 0 0 0 0 0 0
83934 - 0 0 0 0 0 0 0 0 0 0 0 0
83935 - 0 0 0 0 0 0 0 0 0 0 0 0
83936 - 0 0 0 0 0 0 0 0 0 0 0 0
83937 - 6 6 6 18 18 18 42 42 42 82 82 82
83938 - 26 26 26 2 2 6 2 2 6 2 2 6
83939 - 2 2 6 2 2 6 2 2 6 2 2 6
83940 - 2 2 6 2 2 6 2 2 6 14 14 14
83941 - 46 46 46 34 34 34 6 6 6 2 2 6
83942 - 42 42 42 78 78 78 42 42 42 18 18 18
83943 - 6 6 6 0 0 0 0 0 0 0 0 0
83944 - 0 0 0 0 0 0 0 0 0 0 0 0
83945 - 0 0 0 0 0 0 0 0 0 0 0 0
83946 - 0 0 0 0 0 0 0 0 0 0 0 0
83947 - 0 0 0 0 0 0 0 0 0 0 0 0
83948 - 0 0 0 0 0 0 0 0 0 0 0 0
83949 - 0 0 0 0 0 0 0 0 0 0 0 0
83950 - 0 0 0 0 0 0 0 0 0 0 0 0
83951 - 0 0 1 0 0 0 0 0 1 0 0 0
83952 - 0 0 0 0 0 0 0 0 0 0 0 0
83953 - 0 0 0 0 0 0 0 0 0 0 0 0
83954 - 0 0 0 0 0 0 0 0 0 0 0 0
83955 - 0 0 0 0 0 0 0 0 0 0 0 0
83956 - 0 0 0 0 0 0 0 0 0 0 0 0
83957 - 10 10 10 30 30 30 66 66 66 58 58 58
83958 - 2 2 6 2 2 6 2 2 6 2 2 6
83959 - 2 2 6 2 2 6 2 2 6 2 2 6
83960 - 2 2 6 2 2 6 2 2 6 26 26 26
83961 - 86 86 86 101 101 101 46 46 46 10 10 10
83962 - 2 2 6 58 58 58 70 70 70 34 34 34
83963 - 10 10 10 0 0 0 0 0 0 0 0 0
83964 - 0 0 0 0 0 0 0 0 0 0 0 0
83965 - 0 0 0 0 0 0 0 0 0 0 0 0
83966 - 0 0 0 0 0 0 0 0 0 0 0 0
83967 - 0 0 0 0 0 0 0 0 0 0 0 0
83968 - 0 0 0 0 0 0 0 0 0 0 0 0
83969 - 0 0 0 0 0 0 0 0 0 0 0 0
83970 - 0 0 0 0 0 0 0 0 0 0 0 0
83971 - 0 0 1 0 0 1 0 0 1 0 0 0
83972 - 0 0 0 0 0 0 0 0 0 0 0 0
83973 - 0 0 0 0 0 0 0 0 0 0 0 0
83974 - 0 0 0 0 0 0 0 0 0 0 0 0
83975 - 0 0 0 0 0 0 0 0 0 0 0 0
83976 - 0 0 0 0 0 0 0 0 0 0 0 0
83977 - 14 14 14 42 42 42 86 86 86 10 10 10
83978 - 2 2 6 2 2 6 2 2 6 2 2 6
83979 - 2 2 6 2 2 6 2 2 6 2 2 6
83980 - 2 2 6 2 2 6 2 2 6 30 30 30
83981 - 94 94 94 94 94 94 58 58 58 26 26 26
83982 - 2 2 6 6 6 6 78 78 78 54 54 54
83983 - 22 22 22 6 6 6 0 0 0 0 0 0
83984 - 0 0 0 0 0 0 0 0 0 0 0 0
83985 - 0 0 0 0 0 0 0 0 0 0 0 0
83986 - 0 0 0 0 0 0 0 0 0 0 0 0
83987 - 0 0 0 0 0 0 0 0 0 0 0 0
83988 - 0 0 0 0 0 0 0 0 0 0 0 0
83989 - 0 0 0 0 0 0 0 0 0 0 0 0
83990 - 0 0 0 0 0 0 0 0 0 0 0 0
83991 - 0 0 0 0 0 0 0 0 0 0 0 0
83992 - 0 0 0 0 0 0 0 0 0 0 0 0
83993 - 0 0 0 0 0 0 0 0 0 0 0 0
83994 - 0 0 0 0 0 0 0 0 0 0 0 0
83995 - 0 0 0 0 0 0 0 0 0 0 0 0
83996 - 0 0 0 0 0 0 0 0 0 6 6 6
83997 - 22 22 22 62 62 62 62 62 62 2 2 6
83998 - 2 2 6 2 2 6 2 2 6 2 2 6
83999 - 2 2 6 2 2 6 2 2 6 2 2 6
84000 - 2 2 6 2 2 6 2 2 6 26 26 26
84001 - 54 54 54 38 38 38 18 18 18 10 10 10
84002 - 2 2 6 2 2 6 34 34 34 82 82 82
84003 - 38 38 38 14 14 14 0 0 0 0 0 0
84004 - 0 0 0 0 0 0 0 0 0 0 0 0
84005 - 0 0 0 0 0 0 0 0 0 0 0 0
84006 - 0 0 0 0 0 0 0 0 0 0 0 0
84007 - 0 0 0 0 0 0 0 0 0 0 0 0
84008 - 0 0 0 0 0 0 0 0 0 0 0 0
84009 - 0 0 0 0 0 0 0 0 0 0 0 0
84010 - 0 0 0 0 0 0 0 0 0 0 0 0
84011 - 0 0 0 0 0 1 0 0 1 0 0 0
84012 - 0 0 0 0 0 0 0 0 0 0 0 0
84013 - 0 0 0 0 0 0 0 0 0 0 0 0
84014 - 0 0 0 0 0 0 0 0 0 0 0 0
84015 - 0 0 0 0 0 0 0 0 0 0 0 0
84016 - 0 0 0 0 0 0 0 0 0 6 6 6
84017 - 30 30 30 78 78 78 30 30 30 2 2 6
84018 - 2 2 6 2 2 6 2 2 6 2 2 6
84019 - 2 2 6 2 2 6 2 2 6 2 2 6
84020 - 2 2 6 2 2 6 2 2 6 10 10 10
84021 - 10 10 10 2 2 6 2 2 6 2 2 6
84022 - 2 2 6 2 2 6 2 2 6 78 78 78
84023 - 50 50 50 18 18 18 6 6 6 0 0 0
84024 - 0 0 0 0 0 0 0 0 0 0 0 0
84025 - 0 0 0 0 0 0 0 0 0 0 0 0
84026 - 0 0 0 0 0 0 0 0 0 0 0 0
84027 - 0 0 0 0 0 0 0 0 0 0 0 0
84028 - 0 0 0 0 0 0 0 0 0 0 0 0
84029 - 0 0 0 0 0 0 0 0 0 0 0 0
84030 - 0 0 0 0 0 0 0 0 0 0 0 0
84031 - 0 0 1 0 0 0 0 0 0 0 0 0
84032 - 0 0 0 0 0 0 0 0 0 0 0 0
84033 - 0 0 0 0 0 0 0 0 0 0 0 0
84034 - 0 0 0 0 0 0 0 0 0 0 0 0
84035 - 0 0 0 0 0 0 0 0 0 0 0 0
84036 - 0 0 0 0 0 0 0 0 0 10 10 10
84037 - 38 38 38 86 86 86 14 14 14 2 2 6
84038 - 2 2 6 2 2 6 2 2 6 2 2 6
84039 - 2 2 6 2 2 6 2 2 6 2 2 6
84040 - 2 2 6 2 2 6 2 2 6 2 2 6
84041 - 2 2 6 2 2 6 2 2 6 2 2 6
84042 - 2 2 6 2 2 6 2 2 6 54 54 54
84043 - 66 66 66 26 26 26 6 6 6 0 0 0
84044 - 0 0 0 0 0 0 0 0 0 0 0 0
84045 - 0 0 0 0 0 0 0 0 0 0 0 0
84046 - 0 0 0 0 0 0 0 0 0 0 0 0
84047 - 0 0 0 0 0 0 0 0 0 0 0 0
84048 - 0 0 0 0 0 0 0 0 0 0 0 0
84049 - 0 0 0 0 0 0 0 0 0 0 0 0
84050 - 0 0 0 0 0 0 0 0 0 0 0 0
84051 - 0 0 0 0 0 1 0 0 1 0 0 0
84052 - 0 0 0 0 0 0 0 0 0 0 0 0
84053 - 0 0 0 0 0 0 0 0 0 0 0 0
84054 - 0 0 0 0 0 0 0 0 0 0 0 0
84055 - 0 0 0 0 0 0 0 0 0 0 0 0
84056 - 0 0 0 0 0 0 0 0 0 14 14 14
84057 - 42 42 42 82 82 82 2 2 6 2 2 6
84058 - 2 2 6 6 6 6 10 10 10 2 2 6
84059 - 2 2 6 2 2 6 2 2 6 2 2 6
84060 - 2 2 6 2 2 6 2 2 6 6 6 6
84061 - 14 14 14 10 10 10 2 2 6 2 2 6
84062 - 2 2 6 2 2 6 2 2 6 18 18 18
84063 - 82 82 82 34 34 34 10 10 10 0 0 0
84064 - 0 0 0 0 0 0 0 0 0 0 0 0
84065 - 0 0 0 0 0 0 0 0 0 0 0 0
84066 - 0 0 0 0 0 0 0 0 0 0 0 0
84067 - 0 0 0 0 0 0 0 0 0 0 0 0
84068 - 0 0 0 0 0 0 0 0 0 0 0 0
84069 - 0 0 0 0 0 0 0 0 0 0 0 0
84070 - 0 0 0 0 0 0 0 0 0 0 0 0
84071 - 0 0 1 0 0 0 0 0 0 0 0 0
84072 - 0 0 0 0 0 0 0 0 0 0 0 0
84073 - 0 0 0 0 0 0 0 0 0 0 0 0
84074 - 0 0 0 0 0 0 0 0 0 0 0 0
84075 - 0 0 0 0 0 0 0 0 0 0 0 0
84076 - 0 0 0 0 0 0 0 0 0 14 14 14
84077 - 46 46 46 86 86 86 2 2 6 2 2 6
84078 - 6 6 6 6 6 6 22 22 22 34 34 34
84079 - 6 6 6 2 2 6 2 2 6 2 2 6
84080 - 2 2 6 2 2 6 18 18 18 34 34 34
84081 - 10 10 10 50 50 50 22 22 22 2 2 6
84082 - 2 2 6 2 2 6 2 2 6 10 10 10
84083 - 86 86 86 42 42 42 14 14 14 0 0 0
84084 - 0 0 0 0 0 0 0 0 0 0 0 0
84085 - 0 0 0 0 0 0 0 0 0 0 0 0
84086 - 0 0 0 0 0 0 0 0 0 0 0 0
84087 - 0 0 0 0 0 0 0 0 0 0 0 0
84088 - 0 0 0 0 0 0 0 0 0 0 0 0
84089 - 0 0 0 0 0 0 0 0 0 0 0 0
84090 - 0 0 0 0 0 0 0 0 0 0 0 0
84091 - 0 0 1 0 0 1 0 0 1 0 0 0
84092 - 0 0 0 0 0 0 0 0 0 0 0 0
84093 - 0 0 0 0 0 0 0 0 0 0 0 0
84094 - 0 0 0 0 0 0 0 0 0 0 0 0
84095 - 0 0 0 0 0 0 0 0 0 0 0 0
84096 - 0 0 0 0 0 0 0 0 0 14 14 14
84097 - 46 46 46 86 86 86 2 2 6 2 2 6
84098 - 38 38 38 116 116 116 94 94 94 22 22 22
84099 - 22 22 22 2 2 6 2 2 6 2 2 6
84100 - 14 14 14 86 86 86 138 138 138 162 162 162
84101 -154 154 154 38 38 38 26 26 26 6 6 6
84102 - 2 2 6 2 2 6 2 2 6 2 2 6
84103 - 86 86 86 46 46 46 14 14 14 0 0 0
84104 - 0 0 0 0 0 0 0 0 0 0 0 0
84105 - 0 0 0 0 0 0 0 0 0 0 0 0
84106 - 0 0 0 0 0 0 0 0 0 0 0 0
84107 - 0 0 0 0 0 0 0 0 0 0 0 0
84108 - 0 0 0 0 0 0 0 0 0 0 0 0
84109 - 0 0 0 0 0 0 0 0 0 0 0 0
84110 - 0 0 0 0 0 0 0 0 0 0 0 0
84111 - 0 0 0 0 0 0 0 0 0 0 0 0
84112 - 0 0 0 0 0 0 0 0 0 0 0 0
84113 - 0 0 0 0 0 0 0 0 0 0 0 0
84114 - 0 0 0 0 0 0 0 0 0 0 0 0
84115 - 0 0 0 0 0 0 0 0 0 0 0 0
84116 - 0 0 0 0 0 0 0 0 0 14 14 14
84117 - 46 46 46 86 86 86 2 2 6 14 14 14
84118 -134 134 134 198 198 198 195 195 195 116 116 116
84119 - 10 10 10 2 2 6 2 2 6 6 6 6
84120 -101 98 89 187 187 187 210 210 210 218 218 218
84121 -214 214 214 134 134 134 14 14 14 6 6 6
84122 - 2 2 6 2 2 6 2 2 6 2 2 6
84123 - 86 86 86 50 50 50 18 18 18 6 6 6
84124 - 0 0 0 0 0 0 0 0 0 0 0 0
84125 - 0 0 0 0 0 0 0 0 0 0 0 0
84126 - 0 0 0 0 0 0 0 0 0 0 0 0
84127 - 0 0 0 0 0 0 0 0 0 0 0 0
84128 - 0 0 0 0 0 0 0 0 0 0 0 0
84129 - 0 0 0 0 0 0 0 0 0 0 0 0
84130 - 0 0 0 0 0 0 0 0 1 0 0 0
84131 - 0 0 1 0 0 1 0 0 1 0 0 0
84132 - 0 0 0 0 0 0 0 0 0 0 0 0
84133 - 0 0 0 0 0 0 0 0 0 0 0 0
84134 - 0 0 0 0 0 0 0 0 0 0 0 0
84135 - 0 0 0 0 0 0 0 0 0 0 0 0
84136 - 0 0 0 0 0 0 0 0 0 14 14 14
84137 - 46 46 46 86 86 86 2 2 6 54 54 54
84138 -218 218 218 195 195 195 226 226 226 246 246 246
84139 - 58 58 58 2 2 6 2 2 6 30 30 30
84140 -210 210 210 253 253 253 174 174 174 123 123 123
84141 -221 221 221 234 234 234 74 74 74 2 2 6
84142 - 2 2 6 2 2 6 2 2 6 2 2 6
84143 - 70 70 70 58 58 58 22 22 22 6 6 6
84144 - 0 0 0 0 0 0 0 0 0 0 0 0
84145 - 0 0 0 0 0 0 0 0 0 0 0 0
84146 - 0 0 0 0 0 0 0 0 0 0 0 0
84147 - 0 0 0 0 0 0 0 0 0 0 0 0
84148 - 0 0 0 0 0 0 0 0 0 0 0 0
84149 - 0 0 0 0 0 0 0 0 0 0 0 0
84150 - 0 0 0 0 0 0 0 0 0 0 0 0
84151 - 0 0 0 0 0 0 0 0 0 0 0 0
84152 - 0 0 0 0 0 0 0 0 0 0 0 0
84153 - 0 0 0 0 0 0 0 0 0 0 0 0
84154 - 0 0 0 0 0 0 0 0 0 0 0 0
84155 - 0 0 0 0 0 0 0 0 0 0 0 0
84156 - 0 0 0 0 0 0 0 0 0 14 14 14
84157 - 46 46 46 82 82 82 2 2 6 106 106 106
84158 -170 170 170 26 26 26 86 86 86 226 226 226
84159 -123 123 123 10 10 10 14 14 14 46 46 46
84160 -231 231 231 190 190 190 6 6 6 70 70 70
84161 - 90 90 90 238 238 238 158 158 158 2 2 6
84162 - 2 2 6 2 2 6 2 2 6 2 2 6
84163 - 70 70 70 58 58 58 22 22 22 6 6 6
84164 - 0 0 0 0 0 0 0 0 0 0 0 0
84165 - 0 0 0 0 0 0 0 0 0 0 0 0
84166 - 0 0 0 0 0 0 0 0 0 0 0 0
84167 - 0 0 0 0 0 0 0 0 0 0 0 0
84168 - 0 0 0 0 0 0 0 0 0 0 0 0
84169 - 0 0 0 0 0 0 0 0 0 0 0 0
84170 - 0 0 0 0 0 0 0 0 1 0 0 0
84171 - 0 0 1 0 0 1 0 0 1 0 0 0
84172 - 0 0 0 0 0 0 0 0 0 0 0 0
84173 - 0 0 0 0 0 0 0 0 0 0 0 0
84174 - 0 0 0 0 0 0 0 0 0 0 0 0
84175 - 0 0 0 0 0 0 0 0 0 0 0 0
84176 - 0 0 0 0 0 0 0 0 0 14 14 14
84177 - 42 42 42 86 86 86 6 6 6 116 116 116
84178 -106 106 106 6 6 6 70 70 70 149 149 149
84179 -128 128 128 18 18 18 38 38 38 54 54 54
84180 -221 221 221 106 106 106 2 2 6 14 14 14
84181 - 46 46 46 190 190 190 198 198 198 2 2 6
84182 - 2 2 6 2 2 6 2 2 6 2 2 6
84183 - 74 74 74 62 62 62 22 22 22 6 6 6
84184 - 0 0 0 0 0 0 0 0 0 0 0 0
84185 - 0 0 0 0 0 0 0 0 0 0 0 0
84186 - 0 0 0 0 0 0 0 0 0 0 0 0
84187 - 0 0 0 0 0 0 0 0 0 0 0 0
84188 - 0 0 0 0 0 0 0 0 0 0 0 0
84189 - 0 0 0 0 0 0 0 0 0 0 0 0
84190 - 0 0 0 0 0 0 0 0 1 0 0 0
84191 - 0 0 1 0 0 0 0 0 1 0 0 0
84192 - 0 0 0 0 0 0 0 0 0 0 0 0
84193 - 0 0 0 0 0 0 0 0 0 0 0 0
84194 - 0 0 0 0 0 0 0 0 0 0 0 0
84195 - 0 0 0 0 0 0 0 0 0 0 0 0
84196 - 0 0 0 0 0 0 0 0 0 14 14 14
84197 - 42 42 42 94 94 94 14 14 14 101 101 101
84198 -128 128 128 2 2 6 18 18 18 116 116 116
84199 -118 98 46 121 92 8 121 92 8 98 78 10
84200 -162 162 162 106 106 106 2 2 6 2 2 6
84201 - 2 2 6 195 195 195 195 195 195 6 6 6
84202 - 2 2 6 2 2 6 2 2 6 2 2 6
84203 - 74 74 74 62 62 62 22 22 22 6 6 6
84204 - 0 0 0 0 0 0 0 0 0 0 0 0
84205 - 0 0 0 0 0 0 0 0 0 0 0 0
84206 - 0 0 0 0 0 0 0 0 0 0 0 0
84207 - 0 0 0 0 0 0 0 0 0 0 0 0
84208 - 0 0 0 0 0 0 0 0 0 0 0 0
84209 - 0 0 0 0 0 0 0 0 0 0 0 0
84210 - 0 0 0 0 0 0 0 0 1 0 0 1
84211 - 0 0 1 0 0 0 0 0 1 0 0 0
84212 - 0 0 0 0 0 0 0 0 0 0 0 0
84213 - 0 0 0 0 0 0 0 0 0 0 0 0
84214 - 0 0 0 0 0 0 0 0 0 0 0 0
84215 - 0 0 0 0 0 0 0 0 0 0 0 0
84216 - 0 0 0 0 0 0 0 0 0 10 10 10
84217 - 38 38 38 90 90 90 14 14 14 58 58 58
84218 -210 210 210 26 26 26 54 38 6 154 114 10
84219 -226 170 11 236 186 11 225 175 15 184 144 12
84220 -215 174 15 175 146 61 37 26 9 2 2 6
84221 - 70 70 70 246 246 246 138 138 138 2 2 6
84222 - 2 2 6 2 2 6 2 2 6 2 2 6
84223 - 70 70 70 66 66 66 26 26 26 6 6 6
84224 - 0 0 0 0 0 0 0 0 0 0 0 0
84225 - 0 0 0 0 0 0 0 0 0 0 0 0
84226 - 0 0 0 0 0 0 0 0 0 0 0 0
84227 - 0 0 0 0 0 0 0 0 0 0 0 0
84228 - 0 0 0 0 0 0 0 0 0 0 0 0
84229 - 0 0 0 0 0 0 0 0 0 0 0 0
84230 - 0 0 0 0 0 0 0 0 0 0 0 0
84231 - 0 0 0 0 0 0 0 0 0 0 0 0
84232 - 0 0 0 0 0 0 0 0 0 0 0 0
84233 - 0 0 0 0 0 0 0 0 0 0 0 0
84234 - 0 0 0 0 0 0 0 0 0 0 0 0
84235 - 0 0 0 0 0 0 0 0 0 0 0 0
84236 - 0 0 0 0 0 0 0 0 0 10 10 10
84237 - 38 38 38 86 86 86 14 14 14 10 10 10
84238 -195 195 195 188 164 115 192 133 9 225 175 15
84239 -239 182 13 234 190 10 232 195 16 232 200 30
84240 -245 207 45 241 208 19 232 195 16 184 144 12
84241 -218 194 134 211 206 186 42 42 42 2 2 6
84242 - 2 2 6 2 2 6 2 2 6 2 2 6
84243 - 50 50 50 74 74 74 30 30 30 6 6 6
84244 - 0 0 0 0 0 0 0 0 0 0 0 0
84245 - 0 0 0 0 0 0 0 0 0 0 0 0
84246 - 0 0 0 0 0 0 0 0 0 0 0 0
84247 - 0 0 0 0 0 0 0 0 0 0 0 0
84248 - 0 0 0 0 0 0 0 0 0 0 0 0
84249 - 0 0 0 0 0 0 0 0 0 0 0 0
84250 - 0 0 0 0 0 0 0 0 0 0 0 0
84251 - 0 0 0 0 0 0 0 0 0 0 0 0
84252 - 0 0 0 0 0 0 0 0 0 0 0 0
84253 - 0 0 0 0 0 0 0 0 0 0 0 0
84254 - 0 0 0 0 0 0 0 0 0 0 0 0
84255 - 0 0 0 0 0 0 0 0 0 0 0 0
84256 - 0 0 0 0 0 0 0 0 0 10 10 10
84257 - 34 34 34 86 86 86 14 14 14 2 2 6
84258 -121 87 25 192 133 9 219 162 10 239 182 13
84259 -236 186 11 232 195 16 241 208 19 244 214 54
84260 -246 218 60 246 218 38 246 215 20 241 208 19
84261 -241 208 19 226 184 13 121 87 25 2 2 6
84262 - 2 2 6 2 2 6 2 2 6 2 2 6
84263 - 50 50 50 82 82 82 34 34 34 10 10 10
84264 - 0 0 0 0 0 0 0 0 0 0 0 0
84265 - 0 0 0 0 0 0 0 0 0 0 0 0
84266 - 0 0 0 0 0 0 0 0 0 0 0 0
84267 - 0 0 0 0 0 0 0 0 0 0 0 0
84268 - 0 0 0 0 0 0 0 0 0 0 0 0
84269 - 0 0 0 0 0 0 0 0 0 0 0 0
84270 - 0 0 0 0 0 0 0 0 0 0 0 0
84271 - 0 0 0 0 0 0 0 0 0 0 0 0
84272 - 0 0 0 0 0 0 0 0 0 0 0 0
84273 - 0 0 0 0 0 0 0 0 0 0 0 0
84274 - 0 0 0 0 0 0 0 0 0 0 0 0
84275 - 0 0 0 0 0 0 0 0 0 0 0 0
84276 - 0 0 0 0 0 0 0 0 0 10 10 10
84277 - 34 34 34 82 82 82 30 30 30 61 42 6
84278 -180 123 7 206 145 10 230 174 11 239 182 13
84279 -234 190 10 238 202 15 241 208 19 246 218 74
84280 -246 218 38 246 215 20 246 215 20 246 215 20
84281 -226 184 13 215 174 15 184 144 12 6 6 6
84282 - 2 2 6 2 2 6 2 2 6 2 2 6
84283 - 26 26 26 94 94 94 42 42 42 14 14 14
84284 - 0 0 0 0 0 0 0 0 0 0 0 0
84285 - 0 0 0 0 0 0 0 0 0 0 0 0
84286 - 0 0 0 0 0 0 0 0 0 0 0 0
84287 - 0 0 0 0 0 0 0 0 0 0 0 0
84288 - 0 0 0 0 0 0 0 0 0 0 0 0
84289 - 0 0 0 0 0 0 0 0 0 0 0 0
84290 - 0 0 0 0 0 0 0 0 0 0 0 0
84291 - 0 0 0 0 0 0 0 0 0 0 0 0
84292 - 0 0 0 0 0 0 0 0 0 0 0 0
84293 - 0 0 0 0 0 0 0 0 0 0 0 0
84294 - 0 0 0 0 0 0 0 0 0 0 0 0
84295 - 0 0 0 0 0 0 0 0 0 0 0 0
84296 - 0 0 0 0 0 0 0 0 0 10 10 10
84297 - 30 30 30 78 78 78 50 50 50 104 69 6
84298 -192 133 9 216 158 10 236 178 12 236 186 11
84299 -232 195 16 241 208 19 244 214 54 245 215 43
84300 -246 215 20 246 215 20 241 208 19 198 155 10
84301 -200 144 11 216 158 10 156 118 10 2 2 6
84302 - 2 2 6 2 2 6 2 2 6 2 2 6
84303 - 6 6 6 90 90 90 54 54 54 18 18 18
84304 - 6 6 6 0 0 0 0 0 0 0 0 0
84305 - 0 0 0 0 0 0 0 0 0 0 0 0
84306 - 0 0 0 0 0 0 0 0 0 0 0 0
84307 - 0 0 0 0 0 0 0 0 0 0 0 0
84308 - 0 0 0 0 0 0 0 0 0 0 0 0
84309 - 0 0 0 0 0 0 0 0 0 0 0 0
84310 - 0 0 0 0 0 0 0 0 0 0 0 0
84311 - 0 0 0 0 0 0 0 0 0 0 0 0
84312 - 0 0 0 0 0 0 0 0 0 0 0 0
84313 - 0 0 0 0 0 0 0 0 0 0 0 0
84314 - 0 0 0 0 0 0 0 0 0 0 0 0
84315 - 0 0 0 0 0 0 0 0 0 0 0 0
84316 - 0 0 0 0 0 0 0 0 0 10 10 10
84317 - 30 30 30 78 78 78 46 46 46 22 22 22
84318 -137 92 6 210 162 10 239 182 13 238 190 10
84319 -238 202 15 241 208 19 246 215 20 246 215 20
84320 -241 208 19 203 166 17 185 133 11 210 150 10
84321 -216 158 10 210 150 10 102 78 10 2 2 6
84322 - 6 6 6 54 54 54 14 14 14 2 2 6
84323 - 2 2 6 62 62 62 74 74 74 30 30 30
84324 - 10 10 10 0 0 0 0 0 0 0 0 0
84325 - 0 0 0 0 0 0 0 0 0 0 0 0
84326 - 0 0 0 0 0 0 0 0 0 0 0 0
84327 - 0 0 0 0 0 0 0 0 0 0 0 0
84328 - 0 0 0 0 0 0 0 0 0 0 0 0
84329 - 0 0 0 0 0 0 0 0 0 0 0 0
84330 - 0 0 0 0 0 0 0 0 0 0 0 0
84331 - 0 0 0 0 0 0 0 0 0 0 0 0
84332 - 0 0 0 0 0 0 0 0 0 0 0 0
84333 - 0 0 0 0 0 0 0 0 0 0 0 0
84334 - 0 0 0 0 0 0 0 0 0 0 0 0
84335 - 0 0 0 0 0 0 0 0 0 0 0 0
84336 - 0 0 0 0 0 0 0 0 0 10 10 10
84337 - 34 34 34 78 78 78 50 50 50 6 6 6
84338 - 94 70 30 139 102 15 190 146 13 226 184 13
84339 -232 200 30 232 195 16 215 174 15 190 146 13
84340 -168 122 10 192 133 9 210 150 10 213 154 11
84341 -202 150 34 182 157 106 101 98 89 2 2 6
84342 - 2 2 6 78 78 78 116 116 116 58 58 58
84343 - 2 2 6 22 22 22 90 90 90 46 46 46
84344 - 18 18 18 6 6 6 0 0 0 0 0 0
84345 - 0 0 0 0 0 0 0 0 0 0 0 0
84346 - 0 0 0 0 0 0 0 0 0 0 0 0
84347 - 0 0 0 0 0 0 0 0 0 0 0 0
84348 - 0 0 0 0 0 0 0 0 0 0 0 0
84349 - 0 0 0 0 0 0 0 0 0 0 0 0
84350 - 0 0 0 0 0 0 0 0 0 0 0 0
84351 - 0 0 0 0 0 0 0 0 0 0 0 0
84352 - 0 0 0 0 0 0 0 0 0 0 0 0
84353 - 0 0 0 0 0 0 0 0 0 0 0 0
84354 - 0 0 0 0 0 0 0 0 0 0 0 0
84355 - 0 0 0 0 0 0 0 0 0 0 0 0
84356 - 0 0 0 0 0 0 0 0 0 10 10 10
84357 - 38 38 38 86 86 86 50 50 50 6 6 6
84358 -128 128 128 174 154 114 156 107 11 168 122 10
84359 -198 155 10 184 144 12 197 138 11 200 144 11
84360 -206 145 10 206 145 10 197 138 11 188 164 115
84361 -195 195 195 198 198 198 174 174 174 14 14 14
84362 - 2 2 6 22 22 22 116 116 116 116 116 116
84363 - 22 22 22 2 2 6 74 74 74 70 70 70
84364 - 30 30 30 10 10 10 0 0 0 0 0 0
84365 - 0 0 0 0 0 0 0 0 0 0 0 0
84366 - 0 0 0 0 0 0 0 0 0 0 0 0
84367 - 0 0 0 0 0 0 0 0 0 0 0 0
84368 - 0 0 0 0 0 0 0 0 0 0 0 0
84369 - 0 0 0 0 0 0 0 0 0 0 0 0
84370 - 0 0 0 0 0 0 0 0 0 0 0 0
84371 - 0 0 0 0 0 0 0 0 0 0 0 0
84372 - 0 0 0 0 0 0 0 0 0 0 0 0
84373 - 0 0 0 0 0 0 0 0 0 0 0 0
84374 - 0 0 0 0 0 0 0 0 0 0 0 0
84375 - 0 0 0 0 0 0 0 0 0 0 0 0
84376 - 0 0 0 0 0 0 6 6 6 18 18 18
84377 - 50 50 50 101 101 101 26 26 26 10 10 10
84378 -138 138 138 190 190 190 174 154 114 156 107 11
84379 -197 138 11 200 144 11 197 138 11 192 133 9
84380 -180 123 7 190 142 34 190 178 144 187 187 187
84381 -202 202 202 221 221 221 214 214 214 66 66 66
84382 - 2 2 6 2 2 6 50 50 50 62 62 62
84383 - 6 6 6 2 2 6 10 10 10 90 90 90
84384 - 50 50 50 18 18 18 6 6 6 0 0 0
84385 - 0 0 0 0 0 0 0 0 0 0 0 0
84386 - 0 0 0 0 0 0 0 0 0 0 0 0
84387 - 0 0 0 0 0 0 0 0 0 0 0 0
84388 - 0 0 0 0 0 0 0 0 0 0 0 0
84389 - 0 0 0 0 0 0 0 0 0 0 0 0
84390 - 0 0 0 0 0 0 0 0 0 0 0 0
84391 - 0 0 0 0 0 0 0 0 0 0 0 0
84392 - 0 0 0 0 0 0 0 0 0 0 0 0
84393 - 0 0 0 0 0 0 0 0 0 0 0 0
84394 - 0 0 0 0 0 0 0 0 0 0 0 0
84395 - 0 0 0 0 0 0 0 0 0 0 0 0
84396 - 0 0 0 0 0 0 10 10 10 34 34 34
84397 - 74 74 74 74 74 74 2 2 6 6 6 6
84398 -144 144 144 198 198 198 190 190 190 178 166 146
84399 -154 121 60 156 107 11 156 107 11 168 124 44
84400 -174 154 114 187 187 187 190 190 190 210 210 210
84401 -246 246 246 253 253 253 253 253 253 182 182 182
84402 - 6 6 6 2 2 6 2 2 6 2 2 6
84403 - 2 2 6 2 2 6 2 2 6 62 62 62
84404 - 74 74 74 34 34 34 14 14 14 0 0 0
84405 - 0 0 0 0 0 0 0 0 0 0 0 0
84406 - 0 0 0 0 0 0 0 0 0 0 0 0
84407 - 0 0 0 0 0 0 0 0 0 0 0 0
84408 - 0 0 0 0 0 0 0 0 0 0 0 0
84409 - 0 0 0 0 0 0 0 0 0 0 0 0
84410 - 0 0 0 0 0 0 0 0 0 0 0 0
84411 - 0 0 0 0 0 0 0 0 0 0 0 0
84412 - 0 0 0 0 0 0 0 0 0 0 0 0
84413 - 0 0 0 0 0 0 0 0 0 0 0 0
84414 - 0 0 0 0 0 0 0 0 0 0 0 0
84415 - 0 0 0 0 0 0 0 0 0 0 0 0
84416 - 0 0 0 10 10 10 22 22 22 54 54 54
84417 - 94 94 94 18 18 18 2 2 6 46 46 46
84418 -234 234 234 221 221 221 190 190 190 190 190 190
84419 -190 190 190 187 187 187 187 187 187 190 190 190
84420 -190 190 190 195 195 195 214 214 214 242 242 242
84421 -253 253 253 253 253 253 253 253 253 253 253 253
84422 - 82 82 82 2 2 6 2 2 6 2 2 6
84423 - 2 2 6 2 2 6 2 2 6 14 14 14
84424 - 86 86 86 54 54 54 22 22 22 6 6 6
84425 - 0 0 0 0 0 0 0 0 0 0 0 0
84426 - 0 0 0 0 0 0 0 0 0 0 0 0
84427 - 0 0 0 0 0 0 0 0 0 0 0 0
84428 - 0 0 0 0 0 0 0 0 0 0 0 0
84429 - 0 0 0 0 0 0 0 0 0 0 0 0
84430 - 0 0 0 0 0 0 0 0 0 0 0 0
84431 - 0 0 0 0 0 0 0 0 0 0 0 0
84432 - 0 0 0 0 0 0 0 0 0 0 0 0
84433 - 0 0 0 0 0 0 0 0 0 0 0 0
84434 - 0 0 0 0 0 0 0 0 0 0 0 0
84435 - 0 0 0 0 0 0 0 0 0 0 0 0
84436 - 6 6 6 18 18 18 46 46 46 90 90 90
84437 - 46 46 46 18 18 18 6 6 6 182 182 182
84438 -253 253 253 246 246 246 206 206 206 190 190 190
84439 -190 190 190 190 190 190 190 190 190 190 190 190
84440 -206 206 206 231 231 231 250 250 250 253 253 253
84441 -253 253 253 253 253 253 253 253 253 253 253 253
84442 -202 202 202 14 14 14 2 2 6 2 2 6
84443 - 2 2 6 2 2 6 2 2 6 2 2 6
84444 - 42 42 42 86 86 86 42 42 42 18 18 18
84445 - 6 6 6 0 0 0 0 0 0 0 0 0
84446 - 0 0 0 0 0 0 0 0 0 0 0 0
84447 - 0 0 0 0 0 0 0 0 0 0 0 0
84448 - 0 0 0 0 0 0 0 0 0 0 0 0
84449 - 0 0 0 0 0 0 0 0 0 0 0 0
84450 - 0 0 0 0 0 0 0 0 0 0 0 0
84451 - 0 0 0 0 0 0 0 0 0 0 0 0
84452 - 0 0 0 0 0 0 0 0 0 0 0 0
84453 - 0 0 0 0 0 0 0 0 0 0 0 0
84454 - 0 0 0 0 0 0 0 0 0 0 0 0
84455 - 0 0 0 0 0 0 0 0 0 6 6 6
84456 - 14 14 14 38 38 38 74 74 74 66 66 66
84457 - 2 2 6 6 6 6 90 90 90 250 250 250
84458 -253 253 253 253 253 253 238 238 238 198 198 198
84459 -190 190 190 190 190 190 195 195 195 221 221 221
84460 -246 246 246 253 253 253 253 253 253 253 253 253
84461 -253 253 253 253 253 253 253 253 253 253 253 253
84462 -253 253 253 82 82 82 2 2 6 2 2 6
84463 - 2 2 6 2 2 6 2 2 6 2 2 6
84464 - 2 2 6 78 78 78 70 70 70 34 34 34
84465 - 14 14 14 6 6 6 0 0 0 0 0 0
84466 - 0 0 0 0 0 0 0 0 0 0 0 0
84467 - 0 0 0 0 0 0 0 0 0 0 0 0
84468 - 0 0 0 0 0 0 0 0 0 0 0 0
84469 - 0 0 0 0 0 0 0 0 0 0 0 0
84470 - 0 0 0 0 0 0 0 0 0 0 0 0
84471 - 0 0 0 0 0 0 0 0 0 0 0 0
84472 - 0 0 0 0 0 0 0 0 0 0 0 0
84473 - 0 0 0 0 0 0 0 0 0 0 0 0
84474 - 0 0 0 0 0 0 0 0 0 0 0 0
84475 - 0 0 0 0 0 0 0 0 0 14 14 14
84476 - 34 34 34 66 66 66 78 78 78 6 6 6
84477 - 2 2 6 18 18 18 218 218 218 253 253 253
84478 -253 253 253 253 253 253 253 253 253 246 246 246
84479 -226 226 226 231 231 231 246 246 246 253 253 253
84480 -253 253 253 253 253 253 253 253 253 253 253 253
84481 -253 253 253 253 253 253 253 253 253 253 253 253
84482 -253 253 253 178 178 178 2 2 6 2 2 6
84483 - 2 2 6 2 2 6 2 2 6 2 2 6
84484 - 2 2 6 18 18 18 90 90 90 62 62 62
84485 - 30 30 30 10 10 10 0 0 0 0 0 0
84486 - 0 0 0 0 0 0 0 0 0 0 0 0
84487 - 0 0 0 0 0 0 0 0 0 0 0 0
84488 - 0 0 0 0 0 0 0 0 0 0 0 0
84489 - 0 0 0 0 0 0 0 0 0 0 0 0
84490 - 0 0 0 0 0 0 0 0 0 0 0 0
84491 - 0 0 0 0 0 0 0 0 0 0 0 0
84492 - 0 0 0 0 0 0 0 0 0 0 0 0
84493 - 0 0 0 0 0 0 0 0 0 0 0 0
84494 - 0 0 0 0 0 0 0 0 0 0 0 0
84495 - 0 0 0 0 0 0 10 10 10 26 26 26
84496 - 58 58 58 90 90 90 18 18 18 2 2 6
84497 - 2 2 6 110 110 110 253 253 253 253 253 253
84498 -253 253 253 253 253 253 253 253 253 253 253 253
84499 -250 250 250 253 253 253 253 253 253 253 253 253
84500 -253 253 253 253 253 253 253 253 253 253 253 253
84501 -253 253 253 253 253 253 253 253 253 253 253 253
84502 -253 253 253 231 231 231 18 18 18 2 2 6
84503 - 2 2 6 2 2 6 2 2 6 2 2 6
84504 - 2 2 6 2 2 6 18 18 18 94 94 94
84505 - 54 54 54 26 26 26 10 10 10 0 0 0
84506 - 0 0 0 0 0 0 0 0 0 0 0 0
84507 - 0 0 0 0 0 0 0 0 0 0 0 0
84508 - 0 0 0 0 0 0 0 0 0 0 0 0
84509 - 0 0 0 0 0 0 0 0 0 0 0 0
84510 - 0 0 0 0 0 0 0 0 0 0 0 0
84511 - 0 0 0 0 0 0 0 0 0 0 0 0
84512 - 0 0 0 0 0 0 0 0 0 0 0 0
84513 - 0 0 0 0 0 0 0 0 0 0 0 0
84514 - 0 0 0 0 0 0 0 0 0 0 0 0
84515 - 0 0 0 6 6 6 22 22 22 50 50 50
84516 - 90 90 90 26 26 26 2 2 6 2 2 6
84517 - 14 14 14 195 195 195 250 250 250 253 253 253
84518 -253 253 253 253 253 253 253 253 253 253 253 253
84519 -253 253 253 253 253 253 253 253 253 253 253 253
84520 -253 253 253 253 253 253 253 253 253 253 253 253
84521 -253 253 253 253 253 253 253 253 253 253 253 253
84522 -250 250 250 242 242 242 54 54 54 2 2 6
84523 - 2 2 6 2 2 6 2 2 6 2 2 6
84524 - 2 2 6 2 2 6 2 2 6 38 38 38
84525 - 86 86 86 50 50 50 22 22 22 6 6 6
84526 - 0 0 0 0 0 0 0 0 0 0 0 0
84527 - 0 0 0 0 0 0 0 0 0 0 0 0
84528 - 0 0 0 0 0 0 0 0 0 0 0 0
84529 - 0 0 0 0 0 0 0 0 0 0 0 0
84530 - 0 0 0 0 0 0 0 0 0 0 0 0
84531 - 0 0 0 0 0 0 0 0 0 0 0 0
84532 - 0 0 0 0 0 0 0 0 0 0 0 0
84533 - 0 0 0 0 0 0 0 0 0 0 0 0
84534 - 0 0 0 0 0 0 0 0 0 0 0 0
84535 - 6 6 6 14 14 14 38 38 38 82 82 82
84536 - 34 34 34 2 2 6 2 2 6 2 2 6
84537 - 42 42 42 195 195 195 246 246 246 253 253 253
84538 -253 253 253 253 253 253 253 253 253 250 250 250
84539 -242 242 242 242 242 242 250 250 250 253 253 253
84540 -253 253 253 253 253 253 253 253 253 253 253 253
84541 -253 253 253 250 250 250 246 246 246 238 238 238
84542 -226 226 226 231 231 231 101 101 101 6 6 6
84543 - 2 2 6 2 2 6 2 2 6 2 2 6
84544 - 2 2 6 2 2 6 2 2 6 2 2 6
84545 - 38 38 38 82 82 82 42 42 42 14 14 14
84546 - 6 6 6 0 0 0 0 0 0 0 0 0
84547 - 0 0 0 0 0 0 0 0 0 0 0 0
84548 - 0 0 0 0 0 0 0 0 0 0 0 0
84549 - 0 0 0 0 0 0 0 0 0 0 0 0
84550 - 0 0 0 0 0 0 0 0 0 0 0 0
84551 - 0 0 0 0 0 0 0 0 0 0 0 0
84552 - 0 0 0 0 0 0 0 0 0 0 0 0
84553 - 0 0 0 0 0 0 0 0 0 0 0 0
84554 - 0 0 0 0 0 0 0 0 0 0 0 0
84555 - 10 10 10 26 26 26 62 62 62 66 66 66
84556 - 2 2 6 2 2 6 2 2 6 6 6 6
84557 - 70 70 70 170 170 170 206 206 206 234 234 234
84558 -246 246 246 250 250 250 250 250 250 238 238 238
84559 -226 226 226 231 231 231 238 238 238 250 250 250
84560 -250 250 250 250 250 250 246 246 246 231 231 231
84561 -214 214 214 206 206 206 202 202 202 202 202 202
84562 -198 198 198 202 202 202 182 182 182 18 18 18
84563 - 2 2 6 2 2 6 2 2 6 2 2 6
84564 - 2 2 6 2 2 6 2 2 6 2 2 6
84565 - 2 2 6 62 62 62 66 66 66 30 30 30
84566 - 10 10 10 0 0 0 0 0 0 0 0 0
84567 - 0 0 0 0 0 0 0 0 0 0 0 0
84568 - 0 0 0 0 0 0 0 0 0 0 0 0
84569 - 0 0 0 0 0 0 0 0 0 0 0 0
84570 - 0 0 0 0 0 0 0 0 0 0 0 0
84571 - 0 0 0 0 0 0 0 0 0 0 0 0
84572 - 0 0 0 0 0 0 0 0 0 0 0 0
84573 - 0 0 0 0 0 0 0 0 0 0 0 0
84574 - 0 0 0 0 0 0 0 0 0 0 0 0
84575 - 14 14 14 42 42 42 82 82 82 18 18 18
84576 - 2 2 6 2 2 6 2 2 6 10 10 10
84577 - 94 94 94 182 182 182 218 218 218 242 242 242
84578 -250 250 250 253 253 253 253 253 253 250 250 250
84579 -234 234 234 253 253 253 253 253 253 253 253 253
84580 -253 253 253 253 253 253 253 253 253 246 246 246
84581 -238 238 238 226 226 226 210 210 210 202 202 202
84582 -195 195 195 195 195 195 210 210 210 158 158 158
84583 - 6 6 6 14 14 14 50 50 50 14 14 14
84584 - 2 2 6 2 2 6 2 2 6 2 2 6
84585 - 2 2 6 6 6 6 86 86 86 46 46 46
84586 - 18 18 18 6 6 6 0 0 0 0 0 0
84587 - 0 0 0 0 0 0 0 0 0 0 0 0
84588 - 0 0 0 0 0 0 0 0 0 0 0 0
84589 - 0 0 0 0 0 0 0 0 0 0 0 0
84590 - 0 0 0 0 0 0 0 0 0 0 0 0
84591 - 0 0 0 0 0 0 0 0 0 0 0 0
84592 - 0 0 0 0 0 0 0 0 0 0 0 0
84593 - 0 0 0 0 0 0 0 0 0 0 0 0
84594 - 0 0 0 0 0 0 0 0 0 6 6 6
84595 - 22 22 22 54 54 54 70 70 70 2 2 6
84596 - 2 2 6 10 10 10 2 2 6 22 22 22
84597 -166 166 166 231 231 231 250 250 250 253 253 253
84598 -253 253 253 253 253 253 253 253 253 250 250 250
84599 -242 242 242 253 253 253 253 253 253 253 253 253
84600 -253 253 253 253 253 253 253 253 253 253 253 253
84601 -253 253 253 253 253 253 253 253 253 246 246 246
84602 -231 231 231 206 206 206 198 198 198 226 226 226
84603 - 94 94 94 2 2 6 6 6 6 38 38 38
84604 - 30 30 30 2 2 6 2 2 6 2 2 6
84605 - 2 2 6 2 2 6 62 62 62 66 66 66
84606 - 26 26 26 10 10 10 0 0 0 0 0 0
84607 - 0 0 0 0 0 0 0 0 0 0 0 0
84608 - 0 0 0 0 0 0 0 0 0 0 0 0
84609 - 0 0 0 0 0 0 0 0 0 0 0 0
84610 - 0 0 0 0 0 0 0 0 0 0 0 0
84611 - 0 0 0 0 0 0 0 0 0 0 0 0
84612 - 0 0 0 0 0 0 0 0 0 0 0 0
84613 - 0 0 0 0 0 0 0 0 0 0 0 0
84614 - 0 0 0 0 0 0 0 0 0 10 10 10
84615 - 30 30 30 74 74 74 50 50 50 2 2 6
84616 - 26 26 26 26 26 26 2 2 6 106 106 106
84617 -238 238 238 253 253 253 253 253 253 253 253 253
84618 -253 253 253 253 253 253 253 253 253 253 253 253
84619 -253 253 253 253 253 253 253 253 253 253 253 253
84620 -253 253 253 253 253 253 253 253 253 253 253 253
84621 -253 253 253 253 253 253 253 253 253 253 253 253
84622 -253 253 253 246 246 246 218 218 218 202 202 202
84623 -210 210 210 14 14 14 2 2 6 2 2 6
84624 - 30 30 30 22 22 22 2 2 6 2 2 6
84625 - 2 2 6 2 2 6 18 18 18 86 86 86
84626 - 42 42 42 14 14 14 0 0 0 0 0 0
84627 - 0 0 0 0 0 0 0 0 0 0 0 0
84628 - 0 0 0 0 0 0 0 0 0 0 0 0
84629 - 0 0 0 0 0 0 0 0 0 0 0 0
84630 - 0 0 0 0 0 0 0 0 0 0 0 0
84631 - 0 0 0 0 0 0 0 0 0 0 0 0
84632 - 0 0 0 0 0 0 0 0 0 0 0 0
84633 - 0 0 0 0 0 0 0 0 0 0 0 0
84634 - 0 0 0 0 0 0 0 0 0 14 14 14
84635 - 42 42 42 90 90 90 22 22 22 2 2 6
84636 - 42 42 42 2 2 6 18 18 18 218 218 218
84637 -253 253 253 253 253 253 253 253 253 253 253 253
84638 -253 253 253 253 253 253 253 253 253 253 253 253
84639 -253 253 253 253 253 253 253 253 253 253 253 253
84640 -253 253 253 253 253 253 253 253 253 253 253 253
84641 -253 253 253 253 253 253 253 253 253 253 253 253
84642 -253 253 253 253 253 253 250 250 250 221 221 221
84643 -218 218 218 101 101 101 2 2 6 14 14 14
84644 - 18 18 18 38 38 38 10 10 10 2 2 6
84645 - 2 2 6 2 2 6 2 2 6 78 78 78
84646 - 58 58 58 22 22 22 6 6 6 0 0 0
84647 - 0 0 0 0 0 0 0 0 0 0 0 0
84648 - 0 0 0 0 0 0 0 0 0 0 0 0
84649 - 0 0 0 0 0 0 0 0 0 0 0 0
84650 - 0 0 0 0 0 0 0 0 0 0 0 0
84651 - 0 0 0 0 0 0 0 0 0 0 0 0
84652 - 0 0 0 0 0 0 0 0 0 0 0 0
84653 - 0 0 0 0 0 0 0 0 0 0 0 0
84654 - 0 0 0 0 0 0 6 6 6 18 18 18
84655 - 54 54 54 82 82 82 2 2 6 26 26 26
84656 - 22 22 22 2 2 6 123 123 123 253 253 253
84657 -253 253 253 253 253 253 253 253 253 253 253 253
84658 -253 253 253 253 253 253 253 253 253 253 253 253
84659 -253 253 253 253 253 253 253 253 253 253 253 253
84660 -253 253 253 253 253 253 253 253 253 253 253 253
84661 -253 253 253 253 253 253 253 253 253 253 253 253
84662 -253 253 253 253 253 253 253 253 253 250 250 250
84663 -238 238 238 198 198 198 6 6 6 38 38 38
84664 - 58 58 58 26 26 26 38 38 38 2 2 6
84665 - 2 2 6 2 2 6 2 2 6 46 46 46
84666 - 78 78 78 30 30 30 10 10 10 0 0 0
84667 - 0 0 0 0 0 0 0 0 0 0 0 0
84668 - 0 0 0 0 0 0 0 0 0 0 0 0
84669 - 0 0 0 0 0 0 0 0 0 0 0 0
84670 - 0 0 0 0 0 0 0 0 0 0 0 0
84671 - 0 0 0 0 0 0 0 0 0 0 0 0
84672 - 0 0 0 0 0 0 0 0 0 0 0 0
84673 - 0 0 0 0 0 0 0 0 0 0 0 0
84674 - 0 0 0 0 0 0 10 10 10 30 30 30
84675 - 74 74 74 58 58 58 2 2 6 42 42 42
84676 - 2 2 6 22 22 22 231 231 231 253 253 253
84677 -253 253 253 253 253 253 253 253 253 253 253 253
84678 -253 253 253 253 253 253 253 253 253 250 250 250
84679 -253 253 253 253 253 253 253 253 253 253 253 253
84680 -253 253 253 253 253 253 253 253 253 253 253 253
84681 -253 253 253 253 253 253 253 253 253 253 253 253
84682 -253 253 253 253 253 253 253 253 253 253 253 253
84683 -253 253 253 246 246 246 46 46 46 38 38 38
84684 - 42 42 42 14 14 14 38 38 38 14 14 14
84685 - 2 2 6 2 2 6 2 2 6 6 6 6
84686 - 86 86 86 46 46 46 14 14 14 0 0 0
84687 - 0 0 0 0 0 0 0 0 0 0 0 0
84688 - 0 0 0 0 0 0 0 0 0 0 0 0
84689 - 0 0 0 0 0 0 0 0 0 0 0 0
84690 - 0 0 0 0 0 0 0 0 0 0 0 0
84691 - 0 0 0 0 0 0 0 0 0 0 0 0
84692 - 0 0 0 0 0 0 0 0 0 0 0 0
84693 - 0 0 0 0 0 0 0 0 0 0 0 0
84694 - 0 0 0 6 6 6 14 14 14 42 42 42
84695 - 90 90 90 18 18 18 18 18 18 26 26 26
84696 - 2 2 6 116 116 116 253 253 253 253 253 253
84697 -253 253 253 253 253 253 253 253 253 253 253 253
84698 -253 253 253 253 253 253 250 250 250 238 238 238
84699 -253 253 253 253 253 253 253 253 253 253 253 253
84700 -253 253 253 253 253 253 253 253 253 253 253 253
84701 -253 253 253 253 253 253 253 253 253 253 253 253
84702 -253 253 253 253 253 253 253 253 253 253 253 253
84703 -253 253 253 253 253 253 94 94 94 6 6 6
84704 - 2 2 6 2 2 6 10 10 10 34 34 34
84705 - 2 2 6 2 2 6 2 2 6 2 2 6
84706 - 74 74 74 58 58 58 22 22 22 6 6 6
84707 - 0 0 0 0 0 0 0 0 0 0 0 0
84708 - 0 0 0 0 0 0 0 0 0 0 0 0
84709 - 0 0 0 0 0 0 0 0 0 0 0 0
84710 - 0 0 0 0 0 0 0 0 0 0 0 0
84711 - 0 0 0 0 0 0 0 0 0 0 0 0
84712 - 0 0 0 0 0 0 0 0 0 0 0 0
84713 - 0 0 0 0 0 0 0 0 0 0 0 0
84714 - 0 0 0 10 10 10 26 26 26 66 66 66
84715 - 82 82 82 2 2 6 38 38 38 6 6 6
84716 - 14 14 14 210 210 210 253 253 253 253 253 253
84717 -253 253 253 253 253 253 253 253 253 253 253 253
84718 -253 253 253 253 253 253 246 246 246 242 242 242
84719 -253 253 253 253 253 253 253 253 253 253 253 253
84720 -253 253 253 253 253 253 253 253 253 253 253 253
84721 -253 253 253 253 253 253 253 253 253 253 253 253
84722 -253 253 253 253 253 253 253 253 253 253 253 253
84723 -253 253 253 253 253 253 144 144 144 2 2 6
84724 - 2 2 6 2 2 6 2 2 6 46 46 46
84725 - 2 2 6 2 2 6 2 2 6 2 2 6
84726 - 42 42 42 74 74 74 30 30 30 10 10 10
84727 - 0 0 0 0 0 0 0 0 0 0 0 0
84728 - 0 0 0 0 0 0 0 0 0 0 0 0
84729 - 0 0 0 0 0 0 0 0 0 0 0 0
84730 - 0 0 0 0 0 0 0 0 0 0 0 0
84731 - 0 0 0 0 0 0 0 0 0 0 0 0
84732 - 0 0 0 0 0 0 0 0 0 0 0 0
84733 - 0 0 0 0 0 0 0 0 0 0 0 0
84734 - 6 6 6 14 14 14 42 42 42 90 90 90
84735 - 26 26 26 6 6 6 42 42 42 2 2 6
84736 - 74 74 74 250 250 250 253 253 253 253 253 253
84737 -253 253 253 253 253 253 253 253 253 253 253 253
84738 -253 253 253 253 253 253 242 242 242 242 242 242
84739 -253 253 253 253 253 253 253 253 253 253 253 253
84740 -253 253 253 253 253 253 253 253 253 253 253 253
84741 -253 253 253 253 253 253 253 253 253 253 253 253
84742 -253 253 253 253 253 253 253 253 253 253 253 253
84743 -253 253 253 253 253 253 182 182 182 2 2 6
84744 - 2 2 6 2 2 6 2 2 6 46 46 46
84745 - 2 2 6 2 2 6 2 2 6 2 2 6
84746 - 10 10 10 86 86 86 38 38 38 10 10 10
84747 - 0 0 0 0 0 0 0 0 0 0 0 0
84748 - 0 0 0 0 0 0 0 0 0 0 0 0
84749 - 0 0 0 0 0 0 0 0 0 0 0 0
84750 - 0 0 0 0 0 0 0 0 0 0 0 0
84751 - 0 0 0 0 0 0 0 0 0 0 0 0
84752 - 0 0 0 0 0 0 0 0 0 0 0 0
84753 - 0 0 0 0 0 0 0 0 0 0 0 0
84754 - 10 10 10 26 26 26 66 66 66 82 82 82
84755 - 2 2 6 22 22 22 18 18 18 2 2 6
84756 -149 149 149 253 253 253 253 253 253 253 253 253
84757 -253 253 253 253 253 253 253 253 253 253 253 253
84758 -253 253 253 253 253 253 234 234 234 242 242 242
84759 -253 253 253 253 253 253 253 253 253 253 253 253
84760 -253 253 253 253 253 253 253 253 253 253 253 253
84761 -253 253 253 253 253 253 253 253 253 253 253 253
84762 -253 253 253 253 253 253 253 253 253 253 253 253
84763 -253 253 253 253 253 253 206 206 206 2 2 6
84764 - 2 2 6 2 2 6 2 2 6 38 38 38
84765 - 2 2 6 2 2 6 2 2 6 2 2 6
84766 - 6 6 6 86 86 86 46 46 46 14 14 14
84767 - 0 0 0 0 0 0 0 0 0 0 0 0
84768 - 0 0 0 0 0 0 0 0 0 0 0 0
84769 - 0 0 0 0 0 0 0 0 0 0 0 0
84770 - 0 0 0 0 0 0 0 0 0 0 0 0
84771 - 0 0 0 0 0 0 0 0 0 0 0 0
84772 - 0 0 0 0 0 0 0 0 0 0 0 0
84773 - 0 0 0 0 0 0 0 0 0 6 6 6
84774 - 18 18 18 46 46 46 86 86 86 18 18 18
84775 - 2 2 6 34 34 34 10 10 10 6 6 6
84776 -210 210 210 253 253 253 253 253 253 253 253 253
84777 -253 253 253 253 253 253 253 253 253 253 253 253
84778 -253 253 253 253 253 253 234 234 234 242 242 242
84779 -253 253 253 253 253 253 253 253 253 253 253 253
84780 -253 253 253 253 253 253 253 253 253 253 253 253
84781 -253 253 253 253 253 253 253 253 253 253 253 253
84782 -253 253 253 253 253 253 253 253 253 253 253 253
84783 -253 253 253 253 253 253 221 221 221 6 6 6
84784 - 2 2 6 2 2 6 6 6 6 30 30 30
84785 - 2 2 6 2 2 6 2 2 6 2 2 6
84786 - 2 2 6 82 82 82 54 54 54 18 18 18
84787 - 6 6 6 0 0 0 0 0 0 0 0 0
84788 - 0 0 0 0 0 0 0 0 0 0 0 0
84789 - 0 0 0 0 0 0 0 0 0 0 0 0
84790 - 0 0 0 0 0 0 0 0 0 0 0 0
84791 - 0 0 0 0 0 0 0 0 0 0 0 0
84792 - 0 0 0 0 0 0 0 0 0 0 0 0
84793 - 0 0 0 0 0 0 0 0 0 10 10 10
84794 - 26 26 26 66 66 66 62 62 62 2 2 6
84795 - 2 2 6 38 38 38 10 10 10 26 26 26
84796 -238 238 238 253 253 253 253 253 253 253 253 253
84797 -253 253 253 253 253 253 253 253 253 253 253 253
84798 -253 253 253 253 253 253 231 231 231 238 238 238
84799 -253 253 253 253 253 253 253 253 253 253 253 253
84800 -253 253 253 253 253 253 253 253 253 253 253 253
84801 -253 253 253 253 253 253 253 253 253 253 253 253
84802 -253 253 253 253 253 253 253 253 253 253 253 253
84803 -253 253 253 253 253 253 231 231 231 6 6 6
84804 - 2 2 6 2 2 6 10 10 10 30 30 30
84805 - 2 2 6 2 2 6 2 2 6 2 2 6
84806 - 2 2 6 66 66 66 58 58 58 22 22 22
84807 - 6 6 6 0 0 0 0 0 0 0 0 0
84808 - 0 0 0 0 0 0 0 0 0 0 0 0
84809 - 0 0 0 0 0 0 0 0 0 0 0 0
84810 - 0 0 0 0 0 0 0 0 0 0 0 0
84811 - 0 0 0 0 0 0 0 0 0 0 0 0
84812 - 0 0 0 0 0 0 0 0 0 0 0 0
84813 - 0 0 0 0 0 0 0 0 0 10 10 10
84814 - 38 38 38 78 78 78 6 6 6 2 2 6
84815 - 2 2 6 46 46 46 14 14 14 42 42 42
84816 -246 246 246 253 253 253 253 253 253 253 253 253
84817 -253 253 253 253 253 253 253 253 253 253 253 253
84818 -253 253 253 253 253 253 231 231 231 242 242 242
84819 -253 253 253 253 253 253 253 253 253 253 253 253
84820 -253 253 253 253 253 253 253 253 253 253 253 253
84821 -253 253 253 253 253 253 253 253 253 253 253 253
84822 -253 253 253 253 253 253 253 253 253 253 253 253
84823 -253 253 253 253 253 253 234 234 234 10 10 10
84824 - 2 2 6 2 2 6 22 22 22 14 14 14
84825 - 2 2 6 2 2 6 2 2 6 2 2 6
84826 - 2 2 6 66 66 66 62 62 62 22 22 22
84827 - 6 6 6 0 0 0 0 0 0 0 0 0
84828 - 0 0 0 0 0 0 0 0 0 0 0 0
84829 - 0 0 0 0 0 0 0 0 0 0 0 0
84830 - 0 0 0 0 0 0 0 0 0 0 0 0
84831 - 0 0 0 0 0 0 0 0 0 0 0 0
84832 - 0 0 0 0 0 0 0 0 0 0 0 0
84833 - 0 0 0 0 0 0 6 6 6 18 18 18
84834 - 50 50 50 74 74 74 2 2 6 2 2 6
84835 - 14 14 14 70 70 70 34 34 34 62 62 62
84836 -250 250 250 253 253 253 253 253 253 253 253 253
84837 -253 253 253 253 253 253 253 253 253 253 253 253
84838 -253 253 253 253 253 253 231 231 231 246 246 246
84839 -253 253 253 253 253 253 253 253 253 253 253 253
84840 -253 253 253 253 253 253 253 253 253 253 253 253
84841 -253 253 253 253 253 253 253 253 253 253 253 253
84842 -253 253 253 253 253 253 253 253 253 253 253 253
84843 -253 253 253 253 253 253 234 234 234 14 14 14
84844 - 2 2 6 2 2 6 30 30 30 2 2 6
84845 - 2 2 6 2 2 6 2 2 6 2 2 6
84846 - 2 2 6 66 66 66 62 62 62 22 22 22
84847 - 6 6 6 0 0 0 0 0 0 0 0 0
84848 - 0 0 0 0 0 0 0 0 0 0 0 0
84849 - 0 0 0 0 0 0 0 0 0 0 0 0
84850 - 0 0 0 0 0 0 0 0 0 0 0 0
84851 - 0 0 0 0 0 0 0 0 0 0 0 0
84852 - 0 0 0 0 0 0 0 0 0 0 0 0
84853 - 0 0 0 0 0 0 6 6 6 18 18 18
84854 - 54 54 54 62 62 62 2 2 6 2 2 6
84855 - 2 2 6 30 30 30 46 46 46 70 70 70
84856 -250 250 250 253 253 253 253 253 253 253 253 253
84857 -253 253 253 253 253 253 253 253 253 253 253 253
84858 -253 253 253 253 253 253 231 231 231 246 246 246
84859 -253 253 253 253 253 253 253 253 253 253 253 253
84860 -253 253 253 253 253 253 253 253 253 253 253 253
84861 -253 253 253 253 253 253 253 253 253 253 253 253
84862 -253 253 253 253 253 253 253 253 253 253 253 253
84863 -253 253 253 253 253 253 226 226 226 10 10 10
84864 - 2 2 6 6 6 6 30 30 30 2 2 6
84865 - 2 2 6 2 2 6 2 2 6 2 2 6
84866 - 2 2 6 66 66 66 58 58 58 22 22 22
84867 - 6 6 6 0 0 0 0 0 0 0 0 0
84868 - 0 0 0 0 0 0 0 0 0 0 0 0
84869 - 0 0 0 0 0 0 0 0 0 0 0 0
84870 - 0 0 0 0 0 0 0 0 0 0 0 0
84871 - 0 0 0 0 0 0 0 0 0 0 0 0
84872 - 0 0 0 0 0 0 0 0 0 0 0 0
84873 - 0 0 0 0 0 0 6 6 6 22 22 22
84874 - 58 58 58 62 62 62 2 2 6 2 2 6
84875 - 2 2 6 2 2 6 30 30 30 78 78 78
84876 -250 250 250 253 253 253 253 253 253 253 253 253
84877 -253 253 253 253 253 253 253 253 253 253 253 253
84878 -253 253 253 253 253 253 231 231 231 246 246 246
84879 -253 253 253 253 253 253 253 253 253 253 253 253
84880 -253 253 253 253 253 253 253 253 253 253 253 253
84881 -253 253 253 253 253 253 253 253 253 253 253 253
84882 -253 253 253 253 253 253 253 253 253 253 253 253
84883 -253 253 253 253 253 253 206 206 206 2 2 6
84884 - 22 22 22 34 34 34 18 14 6 22 22 22
84885 - 26 26 26 18 18 18 6 6 6 2 2 6
84886 - 2 2 6 82 82 82 54 54 54 18 18 18
84887 - 6 6 6 0 0 0 0 0 0 0 0 0
84888 - 0 0 0 0 0 0 0 0 0 0 0 0
84889 - 0 0 0 0 0 0 0 0 0 0 0 0
84890 - 0 0 0 0 0 0 0 0 0 0 0 0
84891 - 0 0 0 0 0 0 0 0 0 0 0 0
84892 - 0 0 0 0 0 0 0 0 0 0 0 0
84893 - 0 0 0 0 0 0 6 6 6 26 26 26
84894 - 62 62 62 106 106 106 74 54 14 185 133 11
84895 -210 162 10 121 92 8 6 6 6 62 62 62
84896 -238 238 238 253 253 253 253 253 253 253 253 253
84897 -253 253 253 253 253 253 253 253 253 253 253 253
84898 -253 253 253 253 253 253 231 231 231 246 246 246
84899 -253 253 253 253 253 253 253 253 253 253 253 253
84900 -253 253 253 253 253 253 253 253 253 253 253 253
84901 -253 253 253 253 253 253 253 253 253 253 253 253
84902 -253 253 253 253 253 253 253 253 253 253 253 253
84903 -253 253 253 253 253 253 158 158 158 18 18 18
84904 - 14 14 14 2 2 6 2 2 6 2 2 6
84905 - 6 6 6 18 18 18 66 66 66 38 38 38
84906 - 6 6 6 94 94 94 50 50 50 18 18 18
84907 - 6 6 6 0 0 0 0 0 0 0 0 0
84908 - 0 0 0 0 0 0 0 0 0 0 0 0
84909 - 0 0 0 0 0 0 0 0 0 0 0 0
84910 - 0 0 0 0 0 0 0 0 0 0 0 0
84911 - 0 0 0 0 0 0 0 0 0 0 0 0
84912 - 0 0 0 0 0 0 0 0 0 6 6 6
84913 - 10 10 10 10 10 10 18 18 18 38 38 38
84914 - 78 78 78 142 134 106 216 158 10 242 186 14
84915 -246 190 14 246 190 14 156 118 10 10 10 10
84916 - 90 90 90 238 238 238 253 253 253 253 253 253
84917 -253 253 253 253 253 253 253 253 253 253 253 253
84918 -253 253 253 253 253 253 231 231 231 250 250 250
84919 -253 253 253 253 253 253 253 253 253 253 253 253
84920 -253 253 253 253 253 253 253 253 253 253 253 253
84921 -253 253 253 253 253 253 253 253 253 253 253 253
84922 -253 253 253 253 253 253 253 253 253 246 230 190
84923 -238 204 91 238 204 91 181 142 44 37 26 9
84924 - 2 2 6 2 2 6 2 2 6 2 2 6
84925 - 2 2 6 2 2 6 38 38 38 46 46 46
84926 - 26 26 26 106 106 106 54 54 54 18 18 18
84927 - 6 6 6 0 0 0 0 0 0 0 0 0
84928 - 0 0 0 0 0 0 0 0 0 0 0 0
84929 - 0 0 0 0 0 0 0 0 0 0 0 0
84930 - 0 0 0 0 0 0 0 0 0 0 0 0
84931 - 0 0 0 0 0 0 0 0 0 0 0 0
84932 - 0 0 0 6 6 6 14 14 14 22 22 22
84933 - 30 30 30 38 38 38 50 50 50 70 70 70
84934 -106 106 106 190 142 34 226 170 11 242 186 14
84935 -246 190 14 246 190 14 246 190 14 154 114 10
84936 - 6 6 6 74 74 74 226 226 226 253 253 253
84937 -253 253 253 253 253 253 253 253 253 253 253 253
84938 -253 253 253 253 253 253 231 231 231 250 250 250
84939 -253 253 253 253 253 253 253 253 253 253 253 253
84940 -253 253 253 253 253 253 253 253 253 253 253 253
84941 -253 253 253 253 253 253 253 253 253 253 253 253
84942 -253 253 253 253 253 253 253 253 253 228 184 62
84943 -241 196 14 241 208 19 232 195 16 38 30 10
84944 - 2 2 6 2 2 6 2 2 6 2 2 6
84945 - 2 2 6 6 6 6 30 30 30 26 26 26
84946 -203 166 17 154 142 90 66 66 66 26 26 26
84947 - 6 6 6 0 0 0 0 0 0 0 0 0
84948 - 0 0 0 0 0 0 0 0 0 0 0 0
84949 - 0 0 0 0 0 0 0 0 0 0 0 0
84950 - 0 0 0 0 0 0 0 0 0 0 0 0
84951 - 0 0 0 0 0 0 0 0 0 0 0 0
84952 - 6 6 6 18 18 18 38 38 38 58 58 58
84953 - 78 78 78 86 86 86 101 101 101 123 123 123
84954 -175 146 61 210 150 10 234 174 13 246 186 14
84955 -246 190 14 246 190 14 246 190 14 238 190 10
84956 -102 78 10 2 2 6 46 46 46 198 198 198
84957 -253 253 253 253 253 253 253 253 253 253 253 253
84958 -253 253 253 253 253 253 234 234 234 242 242 242
84959 -253 253 253 253 253 253 253 253 253 253 253 253
84960 -253 253 253 253 253 253 253 253 253 253 253 253
84961 -253 253 253 253 253 253 253 253 253 253 253 253
84962 -253 253 253 253 253 253 253 253 253 224 178 62
84963 -242 186 14 241 196 14 210 166 10 22 18 6
84964 - 2 2 6 2 2 6 2 2 6 2 2 6
84965 - 2 2 6 2 2 6 6 6 6 121 92 8
84966 -238 202 15 232 195 16 82 82 82 34 34 34
84967 - 10 10 10 0 0 0 0 0 0 0 0 0
84968 - 0 0 0 0 0 0 0 0 0 0 0 0
84969 - 0 0 0 0 0 0 0 0 0 0 0 0
84970 - 0 0 0 0 0 0 0 0 0 0 0 0
84971 - 0 0 0 0 0 0 0 0 0 0 0 0
84972 - 14 14 14 38 38 38 70 70 70 154 122 46
84973 -190 142 34 200 144 11 197 138 11 197 138 11
84974 -213 154 11 226 170 11 242 186 14 246 190 14
84975 -246 190 14 246 190 14 246 190 14 246 190 14
84976 -225 175 15 46 32 6 2 2 6 22 22 22
84977 -158 158 158 250 250 250 253 253 253 253 253 253
84978 -253 253 253 253 253 253 253 253 253 253 253 253
84979 -253 253 253 253 253 253 253 253 253 253 253 253
84980 -253 253 253 253 253 253 253 253 253 253 253 253
84981 -253 253 253 253 253 253 253 253 253 253 253 253
84982 -253 253 253 250 250 250 242 242 242 224 178 62
84983 -239 182 13 236 186 11 213 154 11 46 32 6
84984 - 2 2 6 2 2 6 2 2 6 2 2 6
84985 - 2 2 6 2 2 6 61 42 6 225 175 15
84986 -238 190 10 236 186 11 112 100 78 42 42 42
84987 - 14 14 14 0 0 0 0 0 0 0 0 0
84988 - 0 0 0 0 0 0 0 0 0 0 0 0
84989 - 0 0 0 0 0 0 0 0 0 0 0 0
84990 - 0 0 0 0 0 0 0 0 0 0 0 0
84991 - 0 0 0 0 0 0 0 0 0 6 6 6
84992 - 22 22 22 54 54 54 154 122 46 213 154 11
84993 -226 170 11 230 174 11 226 170 11 226 170 11
84994 -236 178 12 242 186 14 246 190 14 246 190 14
84995 -246 190 14 246 190 14 246 190 14 246 190 14
84996 -241 196 14 184 144 12 10 10 10 2 2 6
84997 - 6 6 6 116 116 116 242 242 242 253 253 253
84998 -253 253 253 253 253 253 253 253 253 253 253 253
84999 -253 253 253 253 253 253 253 253 253 253 253 253
85000 -253 253 253 253 253 253 253 253 253 253 253 253
85001 -253 253 253 253 253 253 253 253 253 253 253 253
85002 -253 253 253 231 231 231 198 198 198 214 170 54
85003 -236 178 12 236 178 12 210 150 10 137 92 6
85004 - 18 14 6 2 2 6 2 2 6 2 2 6
85005 - 6 6 6 70 47 6 200 144 11 236 178 12
85006 -239 182 13 239 182 13 124 112 88 58 58 58
85007 - 22 22 22 6 6 6 0 0 0 0 0 0
85008 - 0 0 0 0 0 0 0 0 0 0 0 0
85009 - 0 0 0 0 0 0 0 0 0 0 0 0
85010 - 0 0 0 0 0 0 0 0 0 0 0 0
85011 - 0 0 0 0 0 0 0 0 0 10 10 10
85012 - 30 30 30 70 70 70 180 133 36 226 170 11
85013 -239 182 13 242 186 14 242 186 14 246 186 14
85014 -246 190 14 246 190 14 246 190 14 246 190 14
85015 -246 190 14 246 190 14 246 190 14 246 190 14
85016 -246 190 14 232 195 16 98 70 6 2 2 6
85017 - 2 2 6 2 2 6 66 66 66 221 221 221
85018 -253 253 253 253 253 253 253 253 253 253 253 253
85019 -253 253 253 253 253 253 253 253 253 253 253 253
85020 -253 253 253 253 253 253 253 253 253 253 253 253
85021 -253 253 253 253 253 253 253 253 253 253 253 253
85022 -253 253 253 206 206 206 198 198 198 214 166 58
85023 -230 174 11 230 174 11 216 158 10 192 133 9
85024 -163 110 8 116 81 8 102 78 10 116 81 8
85025 -167 114 7 197 138 11 226 170 11 239 182 13
85026 -242 186 14 242 186 14 162 146 94 78 78 78
85027 - 34 34 34 14 14 14 6 6 6 0 0 0
85028 - 0 0 0 0 0 0 0 0 0 0 0 0
85029 - 0 0 0 0 0 0 0 0 0 0 0 0
85030 - 0 0 0 0 0 0 0 0 0 0 0 0
85031 - 0 0 0 0 0 0 0 0 0 6 6 6
85032 - 30 30 30 78 78 78 190 142 34 226 170 11
85033 -239 182 13 246 190 14 246 190 14 246 190 14
85034 -246 190 14 246 190 14 246 190 14 246 190 14
85035 -246 190 14 246 190 14 246 190 14 246 190 14
85036 -246 190 14 241 196 14 203 166 17 22 18 6
85037 - 2 2 6 2 2 6 2 2 6 38 38 38
85038 -218 218 218 253 253 253 253 253 253 253 253 253
85039 -253 253 253 253 253 253 253 253 253 253 253 253
85040 -253 253 253 253 253 253 253 253 253 253 253 253
85041 -253 253 253 253 253 253 253 253 253 253 253 253
85042 -250 250 250 206 206 206 198 198 198 202 162 69
85043 -226 170 11 236 178 12 224 166 10 210 150 10
85044 -200 144 11 197 138 11 192 133 9 197 138 11
85045 -210 150 10 226 170 11 242 186 14 246 190 14
85046 -246 190 14 246 186 14 225 175 15 124 112 88
85047 - 62 62 62 30 30 30 14 14 14 6 6 6
85048 - 0 0 0 0 0 0 0 0 0 0 0 0
85049 - 0 0 0 0 0 0 0 0 0 0 0 0
85050 - 0 0 0 0 0 0 0 0 0 0 0 0
85051 - 0 0 0 0 0 0 0 0 0 10 10 10
85052 - 30 30 30 78 78 78 174 135 50 224 166 10
85053 -239 182 13 246 190 14 246 190 14 246 190 14
85054 -246 190 14 246 190 14 246 190 14 246 190 14
85055 -246 190 14 246 190 14 246 190 14 246 190 14
85056 -246 190 14 246 190 14 241 196 14 139 102 15
85057 - 2 2 6 2 2 6 2 2 6 2 2 6
85058 - 78 78 78 250 250 250 253 253 253 253 253 253
85059 -253 253 253 253 253 253 253 253 253 253 253 253
85060 -253 253 253 253 253 253 253 253 253 253 253 253
85061 -253 253 253 253 253 253 253 253 253 253 253 253
85062 -250 250 250 214 214 214 198 198 198 190 150 46
85063 -219 162 10 236 178 12 234 174 13 224 166 10
85064 -216 158 10 213 154 11 213 154 11 216 158 10
85065 -226 170 11 239 182 13 246 190 14 246 190 14
85066 -246 190 14 246 190 14 242 186 14 206 162 42
85067 -101 101 101 58 58 58 30 30 30 14 14 14
85068 - 6 6 6 0 0 0 0 0 0 0 0 0
85069 - 0 0 0 0 0 0 0 0 0 0 0 0
85070 - 0 0 0 0 0 0 0 0 0 0 0 0
85071 - 0 0 0 0 0 0 0 0 0 10 10 10
85072 - 30 30 30 74 74 74 174 135 50 216 158 10
85073 -236 178 12 246 190 14 246 190 14 246 190 14
85074 -246 190 14 246 190 14 246 190 14 246 190 14
85075 -246 190 14 246 190 14 246 190 14 246 190 14
85076 -246 190 14 246 190 14 241 196 14 226 184 13
85077 - 61 42 6 2 2 6 2 2 6 2 2 6
85078 - 22 22 22 238 238 238 253 253 253 253 253 253
85079 -253 253 253 253 253 253 253 253 253 253 253 253
85080 -253 253 253 253 253 253 253 253 253 253 253 253
85081 -253 253 253 253 253 253 253 253 253 253 253 253
85082 -253 253 253 226 226 226 187 187 187 180 133 36
85083 -216 158 10 236 178 12 239 182 13 236 178 12
85084 -230 174 11 226 170 11 226 170 11 230 174 11
85085 -236 178 12 242 186 14 246 190 14 246 190 14
85086 -246 190 14 246 190 14 246 186 14 239 182 13
85087 -206 162 42 106 106 106 66 66 66 34 34 34
85088 - 14 14 14 6 6 6 0 0 0 0 0 0
85089 - 0 0 0 0 0 0 0 0 0 0 0 0
85090 - 0 0 0 0 0 0 0 0 0 0 0 0
85091 - 0 0 0 0 0 0 0 0 0 6 6 6
85092 - 26 26 26 70 70 70 163 133 67 213 154 11
85093 -236 178 12 246 190 14 246 190 14 246 190 14
85094 -246 190 14 246 190 14 246 190 14 246 190 14
85095 -246 190 14 246 190 14 246 190 14 246 190 14
85096 -246 190 14 246 190 14 246 190 14 241 196 14
85097 -190 146 13 18 14 6 2 2 6 2 2 6
85098 - 46 46 46 246 246 246 253 253 253 253 253 253
85099 -253 253 253 253 253 253 253 253 253 253 253 253
85100 -253 253 253 253 253 253 253 253 253 253 253 253
85101 -253 253 253 253 253 253 253 253 253 253 253 253
85102 -253 253 253 221 221 221 86 86 86 156 107 11
85103 -216 158 10 236 178 12 242 186 14 246 186 14
85104 -242 186 14 239 182 13 239 182 13 242 186 14
85105 -242 186 14 246 186 14 246 190 14 246 190 14
85106 -246 190 14 246 190 14 246 190 14 246 190 14
85107 -242 186 14 225 175 15 142 122 72 66 66 66
85108 - 30 30 30 10 10 10 0 0 0 0 0 0
85109 - 0 0 0 0 0 0 0 0 0 0 0 0
85110 - 0 0 0 0 0 0 0 0 0 0 0 0
85111 - 0 0 0 0 0 0 0 0 0 6 6 6
85112 - 26 26 26 70 70 70 163 133 67 210 150 10
85113 -236 178 12 246 190 14 246 190 14 246 190 14
85114 -246 190 14 246 190 14 246 190 14 246 190 14
85115 -246 190 14 246 190 14 246 190 14 246 190 14
85116 -246 190 14 246 190 14 246 190 14 246 190 14
85117 -232 195 16 121 92 8 34 34 34 106 106 106
85118 -221 221 221 253 253 253 253 253 253 253 253 253
85119 -253 253 253 253 253 253 253 253 253 253 253 253
85120 -253 253 253 253 253 253 253 253 253 253 253 253
85121 -253 253 253 253 253 253 253 253 253 253 253 253
85122 -242 242 242 82 82 82 18 14 6 163 110 8
85123 -216 158 10 236 178 12 242 186 14 246 190 14
85124 -246 190 14 246 190 14 246 190 14 246 190 14
85125 -246 190 14 246 190 14 246 190 14 246 190 14
85126 -246 190 14 246 190 14 246 190 14 246 190 14
85127 -246 190 14 246 190 14 242 186 14 163 133 67
85128 - 46 46 46 18 18 18 6 6 6 0 0 0
85129 - 0 0 0 0 0 0 0 0 0 0 0 0
85130 - 0 0 0 0 0 0 0 0 0 0 0 0
85131 - 0 0 0 0 0 0 0 0 0 10 10 10
85132 - 30 30 30 78 78 78 163 133 67 210 150 10
85133 -236 178 12 246 186 14 246 190 14 246 190 14
85134 -246 190 14 246 190 14 246 190 14 246 190 14
85135 -246 190 14 246 190 14 246 190 14 246 190 14
85136 -246 190 14 246 190 14 246 190 14 246 190 14
85137 -241 196 14 215 174 15 190 178 144 253 253 253
85138 -253 253 253 253 253 253 253 253 253 253 253 253
85139 -253 253 253 253 253 253 253 253 253 253 253 253
85140 -253 253 253 253 253 253 253 253 253 253 253 253
85141 -253 253 253 253 253 253 253 253 253 218 218 218
85142 - 58 58 58 2 2 6 22 18 6 167 114 7
85143 -216 158 10 236 178 12 246 186 14 246 190 14
85144 -246 190 14 246 190 14 246 190 14 246 190 14
85145 -246 190 14 246 190 14 246 190 14 246 190 14
85146 -246 190 14 246 190 14 246 190 14 246 190 14
85147 -246 190 14 246 186 14 242 186 14 190 150 46
85148 - 54 54 54 22 22 22 6 6 6 0 0 0
85149 - 0 0 0 0 0 0 0 0 0 0 0 0
85150 - 0 0 0 0 0 0 0 0 0 0 0 0
85151 - 0 0 0 0 0 0 0 0 0 14 14 14
85152 - 38 38 38 86 86 86 180 133 36 213 154 11
85153 -236 178 12 246 186 14 246 190 14 246 190 14
85154 -246 190 14 246 190 14 246 190 14 246 190 14
85155 -246 190 14 246 190 14 246 190 14 246 190 14
85156 -246 190 14 246 190 14 246 190 14 246 190 14
85157 -246 190 14 232 195 16 190 146 13 214 214 214
85158 -253 253 253 253 253 253 253 253 253 253 253 253
85159 -253 253 253 253 253 253 253 253 253 253 253 253
85160 -253 253 253 253 253 253 253 253 253 253 253 253
85161 -253 253 253 250 250 250 170 170 170 26 26 26
85162 - 2 2 6 2 2 6 37 26 9 163 110 8
85163 -219 162 10 239 182 13 246 186 14 246 190 14
85164 -246 190 14 246 190 14 246 190 14 246 190 14
85165 -246 190 14 246 190 14 246 190 14 246 190 14
85166 -246 190 14 246 190 14 246 190 14 246 190 14
85167 -246 186 14 236 178 12 224 166 10 142 122 72
85168 - 46 46 46 18 18 18 6 6 6 0 0 0
85169 - 0 0 0 0 0 0 0 0 0 0 0 0
85170 - 0 0 0 0 0 0 0 0 0 0 0 0
85171 - 0 0 0 0 0 0 6 6 6 18 18 18
85172 - 50 50 50 109 106 95 192 133 9 224 166 10
85173 -242 186 14 246 190 14 246 190 14 246 190 14
85174 -246 190 14 246 190 14 246 190 14 246 190 14
85175 -246 190 14 246 190 14 246 190 14 246 190 14
85176 -246 190 14 246 190 14 246 190 14 246 190 14
85177 -242 186 14 226 184 13 210 162 10 142 110 46
85178 -226 226 226 253 253 253 253 253 253 253 253 253
85179 -253 253 253 253 253 253 253 253 253 253 253 253
85180 -253 253 253 253 253 253 253 253 253 253 253 253
85181 -198 198 198 66 66 66 2 2 6 2 2 6
85182 - 2 2 6 2 2 6 50 34 6 156 107 11
85183 -219 162 10 239 182 13 246 186 14 246 190 14
85184 -246 190 14 246 190 14 246 190 14 246 190 14
85185 -246 190 14 246 190 14 246 190 14 246 190 14
85186 -246 190 14 246 190 14 246 190 14 242 186 14
85187 -234 174 13 213 154 11 154 122 46 66 66 66
85188 - 30 30 30 10 10 10 0 0 0 0 0 0
85189 - 0 0 0 0 0 0 0 0 0 0 0 0
85190 - 0 0 0 0 0 0 0 0 0 0 0 0
85191 - 0 0 0 0 0 0 6 6 6 22 22 22
85192 - 58 58 58 154 121 60 206 145 10 234 174 13
85193 -242 186 14 246 186 14 246 190 14 246 190 14
85194 -246 190 14 246 190 14 246 190 14 246 190 14
85195 -246 190 14 246 190 14 246 190 14 246 190 14
85196 -246 190 14 246 190 14 246 190 14 246 190 14
85197 -246 186 14 236 178 12 210 162 10 163 110 8
85198 - 61 42 6 138 138 138 218 218 218 250 250 250
85199 -253 253 253 253 253 253 253 253 253 250 250 250
85200 -242 242 242 210 210 210 144 144 144 66 66 66
85201 - 6 6 6 2 2 6 2 2 6 2 2 6
85202 - 2 2 6 2 2 6 61 42 6 163 110 8
85203 -216 158 10 236 178 12 246 190 14 246 190 14
85204 -246 190 14 246 190 14 246 190 14 246 190 14
85205 -246 190 14 246 190 14 246 190 14 246 190 14
85206 -246 190 14 239 182 13 230 174 11 216 158 10
85207 -190 142 34 124 112 88 70 70 70 38 38 38
85208 - 18 18 18 6 6 6 0 0 0 0 0 0
85209 - 0 0 0 0 0 0 0 0 0 0 0 0
85210 - 0 0 0 0 0 0 0 0 0 0 0 0
85211 - 0 0 0 0 0 0 6 6 6 22 22 22
85212 - 62 62 62 168 124 44 206 145 10 224 166 10
85213 -236 178 12 239 182 13 242 186 14 242 186 14
85214 -246 186 14 246 190 14 246 190 14 246 190 14
85215 -246 190 14 246 190 14 246 190 14 246 190 14
85216 -246 190 14 246 190 14 246 190 14 246 190 14
85217 -246 190 14 236 178 12 216 158 10 175 118 6
85218 - 80 54 7 2 2 6 6 6 6 30 30 30
85219 - 54 54 54 62 62 62 50 50 50 38 38 38
85220 - 14 14 14 2 2 6 2 2 6 2 2 6
85221 - 2 2 6 2 2 6 2 2 6 2 2 6
85222 - 2 2 6 6 6 6 80 54 7 167 114 7
85223 -213 154 11 236 178 12 246 190 14 246 190 14
85224 -246 190 14 246 190 14 246 190 14 246 190 14
85225 -246 190 14 242 186 14 239 182 13 239 182 13
85226 -230 174 11 210 150 10 174 135 50 124 112 88
85227 - 82 82 82 54 54 54 34 34 34 18 18 18
85228 - 6 6 6 0 0 0 0 0 0 0 0 0
85229 - 0 0 0 0 0 0 0 0 0 0 0 0
85230 - 0 0 0 0 0 0 0 0 0 0 0 0
85231 - 0 0 0 0 0 0 6 6 6 18 18 18
85232 - 50 50 50 158 118 36 192 133 9 200 144 11
85233 -216 158 10 219 162 10 224 166 10 226 170 11
85234 -230 174 11 236 178 12 239 182 13 239 182 13
85235 -242 186 14 246 186 14 246 190 14 246 190 14
85236 -246 190 14 246 190 14 246 190 14 246 190 14
85237 -246 186 14 230 174 11 210 150 10 163 110 8
85238 -104 69 6 10 10 10 2 2 6 2 2 6
85239 - 2 2 6 2 2 6 2 2 6 2 2 6
85240 - 2 2 6 2 2 6 2 2 6 2 2 6
85241 - 2 2 6 2 2 6 2 2 6 2 2 6
85242 - 2 2 6 6 6 6 91 60 6 167 114 7
85243 -206 145 10 230 174 11 242 186 14 246 190 14
85244 -246 190 14 246 190 14 246 186 14 242 186 14
85245 -239 182 13 230 174 11 224 166 10 213 154 11
85246 -180 133 36 124 112 88 86 86 86 58 58 58
85247 - 38 38 38 22 22 22 10 10 10 6 6 6
85248 - 0 0 0 0 0 0 0 0 0 0 0 0
85249 - 0 0 0 0 0 0 0 0 0 0 0 0
85250 - 0 0 0 0 0 0 0 0 0 0 0 0
85251 - 0 0 0 0 0 0 0 0 0 14 14 14
85252 - 34 34 34 70 70 70 138 110 50 158 118 36
85253 -167 114 7 180 123 7 192 133 9 197 138 11
85254 -200 144 11 206 145 10 213 154 11 219 162 10
85255 -224 166 10 230 174 11 239 182 13 242 186 14
85256 -246 186 14 246 186 14 246 186 14 246 186 14
85257 -239 182 13 216 158 10 185 133 11 152 99 6
85258 -104 69 6 18 14 6 2 2 6 2 2 6
85259 - 2 2 6 2 2 6 2 2 6 2 2 6
85260 - 2 2 6 2 2 6 2 2 6 2 2 6
85261 - 2 2 6 2 2 6 2 2 6 2 2 6
85262 - 2 2 6 6 6 6 80 54 7 152 99 6
85263 -192 133 9 219 162 10 236 178 12 239 182 13
85264 -246 186 14 242 186 14 239 182 13 236 178 12
85265 -224 166 10 206 145 10 192 133 9 154 121 60
85266 - 94 94 94 62 62 62 42 42 42 22 22 22
85267 - 14 14 14 6 6 6 0 0 0 0 0 0
85268 - 0 0 0 0 0 0 0 0 0 0 0 0
85269 - 0 0 0 0 0 0 0 0 0 0 0 0
85270 - 0 0 0 0 0 0 0 0 0 0 0 0
85271 - 0 0 0 0 0 0 0 0 0 6 6 6
85272 - 18 18 18 34 34 34 58 58 58 78 78 78
85273 -101 98 89 124 112 88 142 110 46 156 107 11
85274 -163 110 8 167 114 7 175 118 6 180 123 7
85275 -185 133 11 197 138 11 210 150 10 219 162 10
85276 -226 170 11 236 178 12 236 178 12 234 174 13
85277 -219 162 10 197 138 11 163 110 8 130 83 6
85278 - 91 60 6 10 10 10 2 2 6 2 2 6
85279 - 18 18 18 38 38 38 38 38 38 38 38 38
85280 - 38 38 38 38 38 38 38 38 38 38 38 38
85281 - 38 38 38 38 38 38 26 26 26 2 2 6
85282 - 2 2 6 6 6 6 70 47 6 137 92 6
85283 -175 118 6 200 144 11 219 162 10 230 174 11
85284 -234 174 13 230 174 11 219 162 10 210 150 10
85285 -192 133 9 163 110 8 124 112 88 82 82 82
85286 - 50 50 50 30 30 30 14 14 14 6 6 6
85287 - 0 0 0 0 0 0 0 0 0 0 0 0
85288 - 0 0 0 0 0 0 0 0 0 0 0 0
85289 - 0 0 0 0 0 0 0 0 0 0 0 0
85290 - 0 0 0 0 0 0 0 0 0 0 0 0
85291 - 0 0 0 0 0 0 0 0 0 0 0 0
85292 - 6 6 6 14 14 14 22 22 22 34 34 34
85293 - 42 42 42 58 58 58 74 74 74 86 86 86
85294 -101 98 89 122 102 70 130 98 46 121 87 25
85295 -137 92 6 152 99 6 163 110 8 180 123 7
85296 -185 133 11 197 138 11 206 145 10 200 144 11
85297 -180 123 7 156 107 11 130 83 6 104 69 6
85298 - 50 34 6 54 54 54 110 110 110 101 98 89
85299 - 86 86 86 82 82 82 78 78 78 78 78 78
85300 - 78 78 78 78 78 78 78 78 78 78 78 78
85301 - 78 78 78 82 82 82 86 86 86 94 94 94
85302 -106 106 106 101 101 101 86 66 34 124 80 6
85303 -156 107 11 180 123 7 192 133 9 200 144 11
85304 -206 145 10 200 144 11 192 133 9 175 118 6
85305 -139 102 15 109 106 95 70 70 70 42 42 42
85306 - 22 22 22 10 10 10 0 0 0 0 0 0
85307 - 0 0 0 0 0 0 0 0 0 0 0 0
85308 - 0 0 0 0 0 0 0 0 0 0 0 0
85309 - 0 0 0 0 0 0 0 0 0 0 0 0
85310 - 0 0 0 0 0 0 0 0 0 0 0 0
85311 - 0 0 0 0 0 0 0 0 0 0 0 0
85312 - 0 0 0 0 0 0 6 6 6 10 10 10
85313 - 14 14 14 22 22 22 30 30 30 38 38 38
85314 - 50 50 50 62 62 62 74 74 74 90 90 90
85315 -101 98 89 112 100 78 121 87 25 124 80 6
85316 -137 92 6 152 99 6 152 99 6 152 99 6
85317 -138 86 6 124 80 6 98 70 6 86 66 30
85318 -101 98 89 82 82 82 58 58 58 46 46 46
85319 - 38 38 38 34 34 34 34 34 34 34 34 34
85320 - 34 34 34 34 34 34 34 34 34 34 34 34
85321 - 34 34 34 34 34 34 38 38 38 42 42 42
85322 - 54 54 54 82 82 82 94 86 76 91 60 6
85323 -134 86 6 156 107 11 167 114 7 175 118 6
85324 -175 118 6 167 114 7 152 99 6 121 87 25
85325 -101 98 89 62 62 62 34 34 34 18 18 18
85326 - 6 6 6 0 0 0 0 0 0 0 0 0
85327 - 0 0 0 0 0 0 0 0 0 0 0 0
85328 - 0 0 0 0 0 0 0 0 0 0 0 0
85329 - 0 0 0 0 0 0 0 0 0 0 0 0
85330 - 0 0 0 0 0 0 0 0 0 0 0 0
85331 - 0 0 0 0 0 0 0 0 0 0 0 0
85332 - 0 0 0 0 0 0 0 0 0 0 0 0
85333 - 0 0 0 6 6 6 6 6 6 10 10 10
85334 - 18 18 18 22 22 22 30 30 30 42 42 42
85335 - 50 50 50 66 66 66 86 86 86 101 98 89
85336 -106 86 58 98 70 6 104 69 6 104 69 6
85337 -104 69 6 91 60 6 82 62 34 90 90 90
85338 - 62 62 62 38 38 38 22 22 22 14 14 14
85339 - 10 10 10 10 10 10 10 10 10 10 10 10
85340 - 10 10 10 10 10 10 6 6 6 10 10 10
85341 - 10 10 10 10 10 10 10 10 10 14 14 14
85342 - 22 22 22 42 42 42 70 70 70 89 81 66
85343 - 80 54 7 104 69 6 124 80 6 137 92 6
85344 -134 86 6 116 81 8 100 82 52 86 86 86
85345 - 58 58 58 30 30 30 14 14 14 6 6 6
85346 - 0 0 0 0 0 0 0 0 0 0 0 0
85347 - 0 0 0 0 0 0 0 0 0 0 0 0
85348 - 0 0 0 0 0 0 0 0 0 0 0 0
85349 - 0 0 0 0 0 0 0 0 0 0 0 0
85350 - 0 0 0 0 0 0 0 0 0 0 0 0
85351 - 0 0 0 0 0 0 0 0 0 0 0 0
85352 - 0 0 0 0 0 0 0 0 0 0 0 0
85353 - 0 0 0 0 0 0 0 0 0 0 0 0
85354 - 0 0 0 6 6 6 10 10 10 14 14 14
85355 - 18 18 18 26 26 26 38 38 38 54 54 54
85356 - 70 70 70 86 86 86 94 86 76 89 81 66
85357 - 89 81 66 86 86 86 74 74 74 50 50 50
85358 - 30 30 30 14 14 14 6 6 6 0 0 0
85359 - 0 0 0 0 0 0 0 0 0 0 0 0
85360 - 0 0 0 0 0 0 0 0 0 0 0 0
85361 - 0 0 0 0 0 0 0 0 0 0 0 0
85362 - 6 6 6 18 18 18 34 34 34 58 58 58
85363 - 82 82 82 89 81 66 89 81 66 89 81 66
85364 - 94 86 66 94 86 76 74 74 74 50 50 50
85365 - 26 26 26 14 14 14 6 6 6 0 0 0
85366 - 0 0 0 0 0 0 0 0 0 0 0 0
85367 - 0 0 0 0 0 0 0 0 0 0 0 0
85368 - 0 0 0 0 0 0 0 0 0 0 0 0
85369 - 0 0 0 0 0 0 0 0 0 0 0 0
85370 - 0 0 0 0 0 0 0 0 0 0 0 0
85371 - 0 0 0 0 0 0 0 0 0 0 0 0
85372 - 0 0 0 0 0 0 0 0 0 0 0 0
85373 - 0 0 0 0 0 0 0 0 0 0 0 0
85374 - 0 0 0 0 0 0 0 0 0 0 0 0
85375 - 6 6 6 6 6 6 14 14 14 18 18 18
85376 - 30 30 30 38 38 38 46 46 46 54 54 54
85377 - 50 50 50 42 42 42 30 30 30 18 18 18
85378 - 10 10 10 0 0 0 0 0 0 0 0 0
85379 - 0 0 0 0 0 0 0 0 0 0 0 0
85380 - 0 0 0 0 0 0 0 0 0 0 0 0
85381 - 0 0 0 0 0 0 0 0 0 0 0 0
85382 - 0 0 0 6 6 6 14 14 14 26 26 26
85383 - 38 38 38 50 50 50 58 58 58 58 58 58
85384 - 54 54 54 42 42 42 30 30 30 18 18 18
85385 - 10 10 10 0 0 0 0 0 0 0 0 0
85386 - 0 0 0 0 0 0 0 0 0 0 0 0
85387 - 0 0 0 0 0 0 0 0 0 0 0 0
85388 - 0 0 0 0 0 0 0 0 0 0 0 0
85389 - 0 0 0 0 0 0 0 0 0 0 0 0
85390 - 0 0 0 0 0 0 0 0 0 0 0 0
85391 - 0 0 0 0 0 0 0 0 0 0 0 0
85392 - 0 0 0 0 0 0 0 0 0 0 0 0
85393 - 0 0 0 0 0 0 0 0 0 0 0 0
85394 - 0 0 0 0 0 0 0 0 0 0 0 0
85395 - 0 0 0 0 0 0 0 0 0 6 6 6
85396 - 6 6 6 10 10 10 14 14 14 18 18 18
85397 - 18 18 18 14 14 14 10 10 10 6 6 6
85398 - 0 0 0 0 0 0 0 0 0 0 0 0
85399 - 0 0 0 0 0 0 0 0 0 0 0 0
85400 - 0 0 0 0 0 0 0 0 0 0 0 0
85401 - 0 0 0 0 0 0 0 0 0 0 0 0
85402 - 0 0 0 0 0 0 0 0 0 6 6 6
85403 - 14 14 14 18 18 18 22 22 22 22 22 22
85404 - 18 18 18 14 14 14 10 10 10 6 6 6
85405 - 0 0 0 0 0 0 0 0 0 0 0 0
85406 - 0 0 0 0 0 0 0 0 0 0 0 0
85407 - 0 0 0 0 0 0 0 0 0 0 0 0
85408 - 0 0 0 0 0 0 0 0 0 0 0 0
85409 - 0 0 0 0 0 0 0 0 0 0 0 0
85410 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85411 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85412 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85413 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85414 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85415 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85416 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85417 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85418 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85419 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85420 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85421 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85422 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85423 +4 4 4 4 4 4
85424 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85425 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85426 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85427 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85428 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85429 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85430 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85431 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85432 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85433 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85434 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85435 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85436 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85437 +4 4 4 4 4 4
85438 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85439 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85440 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85441 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85442 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85443 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85444 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85445 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85446 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85447 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85448 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85449 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85450 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85451 +4 4 4 4 4 4
85452 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85453 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85454 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85455 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85456 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85457 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85458 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85459 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85460 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85461 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85462 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85463 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85464 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85465 +4 4 4 4 4 4
85466 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85467 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85468 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85469 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85470 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85471 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85472 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85473 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85474 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85475 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85476 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85477 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85478 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85479 +4 4 4 4 4 4
85480 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85481 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85482 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85483 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85484 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85485 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85486 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85487 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85488 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85489 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85490 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85491 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85492 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85493 +4 4 4 4 4 4
85494 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85495 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85496 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85497 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85498 +4 4 4 4 4 4 4 4 4 3 3 3 0 0 0 0 0 0
85499 +0 0 0 0 0 0 0 0 0 0 0 0 3 3 3 4 4 4
85500 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85501 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85502 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85503 +4 4 4 4 4 4 4 4 4 4 4 4 1 1 1 0 0 0
85504 +0 0 0 3 3 3 4 4 4 4 4 4 4 4 4 4 4 4
85505 +4 4 4 4 4 4 4 4 4 2 1 0 2 1 0 3 2 2
85506 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85507 +4 4 4 4 4 4
85508 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85509 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85510 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85511 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85512 +4 4 4 4 4 4 2 2 2 0 0 0 3 4 3 26 28 28
85513 +37 38 37 37 38 37 14 17 19 2 2 2 0 0 0 2 2 2
85514 +5 5 5 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85515 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85516 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85517 +4 4 4 4 4 4 3 3 3 0 0 0 1 1 1 6 6 6
85518 +2 2 2 0 0 0 3 3 3 4 4 4 4 4 4 4 4 4
85519 +4 4 5 3 3 3 1 0 0 0 0 0 1 0 0 0 0 0
85520 +1 1 1 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85521 +4 4 4 4 4 4
85522 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85523 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85524 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85525 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85526 +2 2 2 0 0 0 0 0 0 14 17 19 60 74 84 137 136 137
85527 +153 152 153 137 136 137 125 124 125 60 73 81 6 6 6 3 1 0
85528 +0 0 0 3 3 3 4 4 4 4 4 4 4 4 4 4 4 4
85529 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85530 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85531 +4 4 4 4 4 4 0 0 0 4 4 4 41 54 63 125 124 125
85532 +60 73 81 6 6 6 4 0 0 3 3 3 4 4 4 4 4 4
85533 +4 4 4 0 0 0 6 9 11 41 54 63 41 65 82 22 30 35
85534 +2 2 2 2 1 0 4 4 4 4 4 4 4 4 4 4 4 4
85535 +4 4 4 4 4 4
85536 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85537 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85538 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85539 +4 4 4 4 4 4 5 5 5 5 5 5 2 2 2 0 0 0
85540 +4 0 0 6 6 6 41 54 63 137 136 137 174 174 174 167 166 167
85541 +165 164 165 165 164 165 163 162 163 163 162 163 125 124 125 41 54 63
85542 +1 1 1 0 0 0 0 0 0 3 3 3 5 5 5 4 4 4
85543 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85544 +4 4 4 4 4 4 4 4 4 4 4 4 5 5 5 5 5 5
85545 +3 3 3 2 0 0 4 0 0 60 73 81 156 155 156 167 166 167
85546 +163 162 163 85 115 134 5 7 8 0 0 0 4 4 4 5 5 5
85547 +0 0 0 2 5 5 55 98 126 90 154 193 90 154 193 72 125 159
85548 +37 51 59 2 0 0 1 1 1 4 5 5 4 4 4 4 4 4
85549 +4 4 4 4 4 4
85550 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85551 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85552 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85553 +4 4 4 5 5 5 4 4 4 1 1 1 0 0 0 3 3 3
85554 +37 38 37 125 124 125 163 162 163 174 174 174 158 157 158 158 157 158
85555 +156 155 156 156 155 156 158 157 158 165 164 165 174 174 174 166 165 166
85556 +125 124 125 16 19 21 1 0 0 0 0 0 0 0 0 4 4 4
85557 +5 5 5 5 5 5 4 4 4 4 4 4 4 4 4 4 4 4
85558 +4 4 4 4 4 4 4 4 4 5 5 5 5 5 5 1 1 1
85559 +0 0 0 0 0 0 37 38 37 153 152 153 174 174 174 158 157 158
85560 +174 174 174 163 162 163 37 38 37 4 3 3 4 0 0 1 1 1
85561 +0 0 0 22 40 52 101 161 196 101 161 196 90 154 193 101 161 196
85562 +64 123 161 14 17 19 0 0 0 4 4 4 4 4 4 4 4 4
85563 +4 4 4 4 4 4
85564 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85565 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85566 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 5 5 5
85567 +5 5 5 2 2 2 0 0 0 4 0 0 24 26 27 85 115 134
85568 +156 155 156 174 174 174 167 166 167 156 155 156 154 153 154 157 156 157
85569 +156 155 156 156 155 156 155 154 155 153 152 153 158 157 158 167 166 167
85570 +174 174 174 156 155 156 60 74 84 16 19 21 0 0 0 0 0 0
85571 +1 1 1 5 5 5 5 5 5 4 4 4 4 4 4 4 4 4
85572 +4 4 4 5 5 5 6 6 6 3 3 3 0 0 0 4 0 0
85573 +13 16 17 60 73 81 137 136 137 165 164 165 156 155 156 153 152 153
85574 +174 174 174 177 184 187 60 73 81 3 1 0 0 0 0 1 1 2
85575 +22 30 35 64 123 161 136 185 209 90 154 193 90 154 193 90 154 193
85576 +90 154 193 21 29 34 0 0 0 3 2 2 4 4 5 4 4 4
85577 +4 4 4 4 4 4
85578 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85579 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85580 +4 4 4 4 4 4 4 4 4 4 4 4 5 5 5 3 3 3
85581 +0 0 0 0 0 0 10 13 16 60 74 84 157 156 157 174 174 174
85582 +174 174 174 158 157 158 153 152 153 154 153 154 156 155 156 155 154 155
85583 +156 155 156 155 154 155 154 153 154 157 156 157 154 153 154 153 152 153
85584 +163 162 163 174 174 174 177 184 187 137 136 137 60 73 81 13 16 17
85585 +4 0 0 0 0 0 3 3 3 5 5 5 4 4 4 4 4 4
85586 +5 5 5 4 4 4 1 1 1 0 0 0 3 3 3 41 54 63
85587 +131 129 131 174 174 174 174 174 174 174 174 174 167 166 167 174 174 174
85588 +190 197 201 137 136 137 24 26 27 4 0 0 16 21 25 50 82 103
85589 +90 154 193 136 185 209 90 154 193 101 161 196 101 161 196 101 161 196
85590 +31 91 132 3 6 7 0 0 0 4 4 4 4 4 4 4 4 4
85591 +4 4 4 4 4 4
85592 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85593 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85594 +4 4 4 4 4 4 4 4 4 2 2 2 0 0 0 4 0 0
85595 +4 0 0 43 57 68 137 136 137 177 184 187 174 174 174 163 162 163
85596 +155 154 155 155 154 155 156 155 156 155 154 155 158 157 158 165 164 165
85597 +167 166 167 166 165 166 163 162 163 157 156 157 155 154 155 155 154 155
85598 +153 152 153 156 155 156 167 166 167 174 174 174 174 174 174 131 129 131
85599 +41 54 63 5 5 5 0 0 0 0 0 0 3 3 3 4 4 4
85600 +1 1 1 0 0 0 1 0 0 26 28 28 125 124 125 174 174 174
85601 +177 184 187 174 174 174 174 174 174 156 155 156 131 129 131 137 136 137
85602 +125 124 125 24 26 27 4 0 0 41 65 82 90 154 193 136 185 209
85603 +136 185 209 101 161 196 53 118 160 37 112 160 90 154 193 34 86 122
85604 +7 12 15 0 0 0 4 4 4 4 4 4 4 4 4 4 4 4
85605 +4 4 4 4 4 4
85606 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85607 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85608 +4 4 4 3 3 3 0 0 0 0 0 0 5 5 5 37 38 37
85609 +125 124 125 167 166 167 174 174 174 167 166 167 158 157 158 155 154 155
85610 +156 155 156 156 155 156 156 155 156 163 162 163 167 166 167 155 154 155
85611 +137 136 137 153 152 153 156 155 156 165 164 165 163 162 163 156 155 156
85612 +156 155 156 156 155 156 155 154 155 158 157 158 166 165 166 174 174 174
85613 +167 166 167 125 124 125 37 38 37 1 0 0 0 0 0 0 0 0
85614 +0 0 0 24 26 27 60 74 84 158 157 158 174 174 174 174 174 174
85615 +166 165 166 158 157 158 125 124 125 41 54 63 13 16 17 6 6 6
85616 +6 6 6 37 38 37 80 127 157 136 185 209 101 161 196 101 161 196
85617 +90 154 193 28 67 93 6 10 14 13 20 25 13 20 25 6 10 14
85618 +1 1 2 4 3 3 4 4 4 4 4 4 4 4 4 4 4 4
85619 +4 4 4 4 4 4
85620 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85621 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85622 +1 1 1 1 0 0 4 3 3 37 38 37 60 74 84 153 152 153
85623 +167 166 167 167 166 167 158 157 158 154 153 154 155 154 155 156 155 156
85624 +157 156 157 158 157 158 167 166 167 167 166 167 131 129 131 43 57 68
85625 +26 28 28 37 38 37 60 73 81 131 129 131 165 164 165 166 165 166
85626 +158 157 158 155 154 155 156 155 156 156 155 156 156 155 156 158 157 158
85627 +165 164 165 174 174 174 163 162 163 60 74 84 16 19 21 13 16 17
85628 +60 73 81 131 129 131 174 174 174 174 174 174 167 166 167 165 164 165
85629 +137 136 137 60 73 81 24 26 27 4 0 0 4 0 0 16 19 21
85630 +52 104 138 101 161 196 136 185 209 136 185 209 90 154 193 27 99 146
85631 +13 20 25 4 5 7 2 5 5 4 5 7 1 1 2 0 0 0
85632 +4 4 4 4 4 4 3 3 3 2 2 2 2 2 2 4 4 4
85633 +4 4 4 4 4 4
85634 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85635 +4 4 4 4 4 4 4 4 4 4 4 4 3 3 3 0 0 0
85636 +0 0 0 13 16 17 60 73 81 137 136 137 174 174 174 166 165 166
85637 +158 157 158 156 155 156 157 156 157 156 155 156 155 154 155 158 157 158
85638 +167 166 167 174 174 174 153 152 153 60 73 81 16 19 21 4 0 0
85639 +4 0 0 4 0 0 6 6 6 26 28 28 60 74 84 158 157 158
85640 +174 174 174 166 165 166 157 156 157 155 154 155 156 155 156 156 155 156
85641 +155 154 155 158 157 158 167 166 167 167 166 167 131 129 131 125 124 125
85642 +137 136 137 167 166 167 167 166 167 174 174 174 158 157 158 125 124 125
85643 +16 19 21 4 0 0 4 0 0 10 13 16 49 76 92 107 159 188
85644 +136 185 209 136 185 209 90 154 193 26 108 161 22 40 52 6 10 14
85645 +2 3 3 1 1 2 1 1 2 4 4 5 4 4 5 4 4 5
85646 +4 4 5 2 2 1 0 0 0 0 0 0 0 0 0 2 2 2
85647 +4 4 4 4 4 4
85648 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85649 +4 4 4 5 5 5 3 3 3 0 0 0 1 0 0 4 0 0
85650 +37 51 59 131 129 131 167 166 167 167 166 167 163 162 163 157 156 157
85651 +157 156 157 155 154 155 153 152 153 157 156 157 167 166 167 174 174 174
85652 +153 152 153 125 124 125 37 38 37 4 0 0 4 0 0 4 0 0
85653 +4 3 3 4 3 3 4 0 0 6 6 6 4 0 0 37 38 37
85654 +125 124 125 174 174 174 174 174 174 165 164 165 156 155 156 154 153 154
85655 +156 155 156 156 155 156 155 154 155 163 162 163 158 157 158 163 162 163
85656 +174 174 174 174 174 174 174 174 174 125 124 125 37 38 37 0 0 0
85657 +4 0 0 6 9 11 41 54 63 90 154 193 136 185 209 146 190 211
85658 +136 185 209 37 112 160 22 40 52 6 10 14 3 6 7 1 1 2
85659 +1 1 2 3 3 3 1 1 2 3 3 3 4 4 4 4 4 4
85660 +2 2 2 2 0 0 16 19 21 37 38 37 24 26 27 0 0 0
85661 +0 0 0 4 4 4
85662 +4 4 4 4 4 4 4 4 4 4 4 4 5 5 5 5 5 5
85663 +4 4 4 0 0 0 0 0 0 0 0 0 26 28 28 120 125 127
85664 +158 157 158 174 174 174 165 164 165 157 156 157 155 154 155 156 155 156
85665 +153 152 153 153 152 153 167 166 167 174 174 174 174 174 174 125 124 125
85666 +37 38 37 4 0 0 0 0 0 4 0 0 4 3 3 4 4 4
85667 +4 4 4 4 4 4 5 5 5 4 0 0 4 0 0 4 0 0
85668 +4 3 3 43 57 68 137 136 137 174 174 174 174 174 174 165 164 165
85669 +154 153 154 153 152 153 153 152 153 153 152 153 163 162 163 174 174 174
85670 +174 174 174 153 152 153 60 73 81 6 6 6 4 0 0 4 3 3
85671 +32 43 50 80 127 157 136 185 209 146 190 211 146 190 211 90 154 193
85672 +28 67 93 28 67 93 40 71 93 3 6 7 1 1 2 2 5 5
85673 +50 82 103 79 117 143 26 37 45 0 0 0 3 3 3 1 1 1
85674 +0 0 0 41 54 63 137 136 137 174 174 174 153 152 153 60 73 81
85675 +2 0 0 0 0 0
85676 +4 4 4 4 4 4 4 4 4 4 4 4 6 6 6 2 2 2
85677 +0 0 0 2 0 0 24 26 27 60 74 84 153 152 153 174 174 174
85678 +174 174 174 157 156 157 154 153 154 156 155 156 154 153 154 153 152 153
85679 +165 164 165 174 174 174 177 184 187 137 136 137 43 57 68 6 6 6
85680 +4 0 0 2 0 0 3 3 3 5 5 5 5 5 5 4 4 4
85681 +4 4 4 4 4 4 4 4 4 5 5 5 6 6 6 4 3 3
85682 +4 0 0 4 0 0 24 26 27 60 73 81 153 152 153 174 174 174
85683 +174 174 174 158 157 158 158 157 158 174 174 174 174 174 174 158 157 158
85684 +60 74 84 24 26 27 4 0 0 4 0 0 17 23 27 59 113 148
85685 +136 185 209 191 222 234 146 190 211 136 185 209 31 91 132 7 11 13
85686 +22 40 52 101 161 196 90 154 193 6 9 11 3 4 4 43 95 132
85687 +136 185 209 172 205 220 55 98 126 0 0 0 0 0 0 2 0 0
85688 +26 28 28 153 152 153 177 184 187 167 166 167 177 184 187 165 164 165
85689 +37 38 37 0 0 0
85690 +4 4 4 4 4 4 5 5 5 5 5 5 1 1 1 0 0 0
85691 +13 16 17 60 73 81 137 136 137 174 174 174 174 174 174 165 164 165
85692 +153 152 153 153 152 153 155 154 155 154 153 154 158 157 158 174 174 174
85693 +177 184 187 163 162 163 60 73 81 16 19 21 4 0 0 4 0 0
85694 +4 3 3 4 4 4 5 5 5 5 5 5 4 4 4 5 5 5
85695 +5 5 5 5 5 5 5 5 5 4 4 4 4 4 4 5 5 5
85696 +6 6 6 4 0 0 4 0 0 4 0 0 24 26 27 60 74 84
85697 +166 165 166 174 174 174 177 184 187 165 164 165 125 124 125 24 26 27
85698 +4 0 0 4 0 0 5 5 5 50 82 103 136 185 209 172 205 220
85699 +146 190 211 136 185 209 26 108 161 22 40 52 7 12 15 44 81 103
85700 +71 116 144 28 67 93 37 51 59 41 65 82 100 139 164 101 161 196
85701 +90 154 193 90 154 193 28 67 93 0 0 0 0 0 0 26 28 28
85702 +125 124 125 167 166 167 163 162 163 153 152 153 163 162 163 174 174 174
85703 +85 115 134 4 0 0
85704 +4 4 4 5 5 5 4 4 4 1 0 0 4 0 0 34 47 55
85705 +125 124 125 174 174 174 174 174 174 167 166 167 157 156 157 153 152 153
85706 +155 154 155 155 154 155 158 157 158 166 165 166 167 166 167 154 153 154
85707 +125 124 125 26 28 28 4 0 0 4 0 0 4 0 0 5 5 5
85708 +5 5 5 4 4 4 4 4 4 4 4 4 4 4 4 1 1 1
85709 +0 0 0 0 0 0 1 1 1 4 4 4 4 4 4 4 4 4
85710 +5 5 5 5 5 5 4 3 3 4 0 0 4 0 0 6 6 6
85711 +37 38 37 131 129 131 137 136 137 37 38 37 0 0 0 4 0 0
85712 +4 5 5 43 61 72 90 154 193 172 205 220 146 190 211 136 185 209
85713 +90 154 193 28 67 93 13 20 25 43 61 72 71 116 144 44 81 103
85714 +2 5 5 7 11 13 59 113 148 101 161 196 90 154 193 28 67 93
85715 +13 20 25 6 10 14 0 0 0 13 16 17 60 73 81 137 136 137
85716 +166 165 166 158 157 158 156 155 156 154 153 154 167 166 167 174 174 174
85717 +60 73 81 4 0 0
85718 +4 4 4 4 4 4 0 0 0 3 3 3 60 74 84 174 174 174
85719 +174 174 174 167 166 167 163 162 163 155 154 155 157 156 157 155 154 155
85720 +156 155 156 163 162 163 167 166 167 158 157 158 125 124 125 37 38 37
85721 +4 3 3 4 0 0 4 0 0 6 6 6 6 6 6 5 5 5
85722 +4 4 4 4 4 4 4 4 4 1 1 1 0 0 0 2 3 3
85723 +10 13 16 7 11 13 1 0 0 0 0 0 2 2 1 4 4 4
85724 +4 4 4 4 4 4 4 4 4 5 5 5 4 3 3 4 0 0
85725 +4 0 0 7 11 13 13 16 17 4 0 0 3 3 3 34 47 55
85726 +80 127 157 146 190 211 172 205 220 136 185 209 136 185 209 136 185 209
85727 +28 67 93 22 40 52 55 98 126 55 98 126 21 29 34 7 11 13
85728 +50 82 103 101 161 196 101 161 196 35 83 115 13 20 25 2 2 1
85729 +1 1 2 1 1 2 37 51 59 131 129 131 174 174 174 174 174 174
85730 +167 166 167 163 162 163 163 162 163 167 166 167 174 174 174 125 124 125
85731 +16 19 21 4 0 0
85732 +4 4 4 4 0 0 4 0 0 60 74 84 174 174 174 174 174 174
85733 +158 157 158 155 154 155 155 154 155 156 155 156 155 154 155 158 157 158
85734 +167 166 167 165 164 165 131 129 131 60 73 81 13 16 17 4 0 0
85735 +4 0 0 4 3 3 6 6 6 4 3 3 5 5 5 4 4 4
85736 +4 4 4 3 2 2 0 0 0 0 0 0 7 11 13 45 69 86
85737 +80 127 157 71 116 144 43 61 72 7 11 13 0 0 0 1 1 1
85738 +4 3 3 4 4 4 4 4 4 4 4 4 6 6 6 5 5 5
85739 +3 2 2 4 0 0 1 0 0 21 29 34 59 113 148 136 185 209
85740 +146 190 211 136 185 209 136 185 209 136 185 209 136 185 209 136 185 209
85741 +68 124 159 44 81 103 22 40 52 13 16 17 43 61 72 90 154 193
85742 +136 185 209 59 113 148 21 29 34 3 4 3 1 1 1 0 0 0
85743 +24 26 27 125 124 125 163 162 163 174 174 174 166 165 166 165 164 165
85744 +163 162 163 125 124 125 125 124 125 125 124 125 125 124 125 26 28 28
85745 +4 0 0 4 3 3
85746 +3 3 3 0 0 0 24 26 27 153 152 153 177 184 187 158 157 158
85747 +156 155 156 156 155 156 155 154 155 155 154 155 165 164 165 174 174 174
85748 +155 154 155 60 74 84 26 28 28 4 0 0 4 0 0 3 1 0
85749 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 3 3
85750 +2 0 0 0 0 0 0 0 0 32 43 50 72 125 159 101 161 196
85751 +136 185 209 101 161 196 101 161 196 79 117 143 32 43 50 0 0 0
85752 +0 0 0 2 2 2 4 4 4 4 4 4 3 3 3 1 0 0
85753 +0 0 0 4 5 5 49 76 92 101 161 196 146 190 211 146 190 211
85754 +136 185 209 136 185 209 136 185 209 136 185 209 136 185 209 90 154 193
85755 +28 67 93 13 16 17 37 51 59 80 127 157 136 185 209 90 154 193
85756 +22 40 52 6 9 11 3 4 3 2 2 1 16 19 21 60 73 81
85757 +137 136 137 163 162 163 158 157 158 166 165 166 167 166 167 153 152 153
85758 +60 74 84 37 38 37 6 6 6 13 16 17 4 0 0 1 0 0
85759 +3 2 2 4 4 4
85760 +3 2 2 4 0 0 37 38 37 137 136 137 167 166 167 158 157 158
85761 +157 156 157 154 153 154 157 156 157 167 166 167 174 174 174 125 124 125
85762 +37 38 37 4 0 0 4 0 0 4 0 0 4 3 3 4 4 4
85763 +4 4 4 4 4 4 5 5 5 5 5 5 1 1 1 0 0 0
85764 +0 0 0 16 21 25 55 98 126 90 154 193 136 185 209 101 161 196
85765 +101 161 196 101 161 196 136 185 209 136 185 209 101 161 196 55 98 126
85766 +14 17 19 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
85767 +22 40 52 90 154 193 146 190 211 146 190 211 136 185 209 136 185 209
85768 +136 185 209 136 185 209 136 185 209 101 161 196 35 83 115 7 11 13
85769 +17 23 27 59 113 148 136 185 209 101 161 196 34 86 122 7 12 15
85770 +2 5 5 3 4 3 6 6 6 60 73 81 131 129 131 163 162 163
85771 +166 165 166 174 174 174 174 174 174 163 162 163 125 124 125 41 54 63
85772 +13 16 17 4 0 0 4 0 0 4 0 0 1 0 0 2 2 2
85773 +4 4 4 4 4 4
85774 +1 1 1 2 1 0 43 57 68 137 136 137 153 152 153 153 152 153
85775 +163 162 163 156 155 156 165 164 165 167 166 167 60 74 84 6 6 6
85776 +4 0 0 4 0 0 5 5 5 4 4 4 4 4 4 4 4 4
85777 +4 5 5 6 6 6 4 3 3 0 0 0 0 0 0 11 15 18
85778 +40 71 93 100 139 164 101 161 196 101 161 196 101 161 196 101 161 196
85779 +101 161 196 101 161 196 101 161 196 101 161 196 136 185 209 136 185 209
85780 +101 161 196 45 69 86 6 6 6 0 0 0 17 23 27 55 98 126
85781 +136 185 209 146 190 211 136 185 209 136 185 209 136 185 209 136 185 209
85782 +136 185 209 136 185 209 90 154 193 22 40 52 7 11 13 50 82 103
85783 +136 185 209 136 185 209 53 118 160 22 40 52 7 11 13 2 5 5
85784 +3 4 3 37 38 37 125 124 125 157 156 157 166 165 166 167 166 167
85785 +174 174 174 174 174 174 137 136 137 60 73 81 4 0 0 4 0 0
85786 +4 0 0 4 0 0 5 5 5 3 3 3 3 3 3 4 4 4
85787 +4 4 4 4 4 4
85788 +4 0 0 4 0 0 41 54 63 137 136 137 125 124 125 131 129 131
85789 +155 154 155 167 166 167 174 174 174 60 74 84 6 6 6 4 0 0
85790 +4 3 3 6 6 6 4 4 4 4 4 4 4 4 4 5 5 5
85791 +4 4 4 1 1 1 0 0 0 3 6 7 41 65 82 72 125 159
85792 +101 161 196 101 161 196 101 161 196 90 154 193 90 154 193 101 161 196
85793 +101 161 196 101 161 196 101 161 196 101 161 196 101 161 196 136 185 209
85794 +136 185 209 136 185 209 80 127 157 55 98 126 101 161 196 146 190 211
85795 +136 185 209 136 185 209 136 185 209 101 161 196 136 185 209 101 161 196
85796 +136 185 209 101 161 196 35 83 115 22 30 35 101 161 196 172 205 220
85797 +90 154 193 28 67 93 7 11 13 2 5 5 3 4 3 13 16 17
85798 +85 115 134 167 166 167 174 174 174 174 174 174 174 174 174 174 174 174
85799 +167 166 167 60 74 84 13 16 17 4 0 0 4 0 0 4 3 3
85800 +6 6 6 5 5 5 4 4 4 5 5 5 4 4 4 5 5 5
85801 +5 5 5 5 5 5
85802 +1 1 1 4 0 0 41 54 63 137 136 137 137 136 137 125 124 125
85803 +131 129 131 167 166 167 157 156 157 37 38 37 6 6 6 4 0 0
85804 +6 6 6 5 5 5 4 4 4 4 4 4 4 5 5 2 2 1
85805 +0 0 0 0 0 0 26 37 45 58 111 146 101 161 196 101 161 196
85806 +101 161 196 90 154 193 90 154 193 90 154 193 101 161 196 101 161 196
85807 +101 161 196 101 161 196 101 161 196 101 161 196 101 161 196 101 161 196
85808 +101 161 196 136 185 209 136 185 209 136 185 209 146 190 211 136 185 209
85809 +136 185 209 101 161 196 136 185 209 136 185 209 101 161 196 136 185 209
85810 +101 161 196 136 185 209 136 185 209 136 185 209 136 185 209 16 89 141
85811 +7 11 13 2 5 5 2 5 5 13 16 17 60 73 81 154 154 154
85812 +174 174 174 174 174 174 174 174 174 174 174 174 163 162 163 125 124 125
85813 +24 26 27 4 0 0 4 0 0 4 0 0 5 5 5 5 5 5
85814 +4 4 4 4 4 4 4 4 4 5 5 5 5 5 5 5 5 5
85815 +5 5 5 4 4 4
85816 +4 0 0 6 6 6 37 38 37 137 136 137 137 136 137 131 129 131
85817 +131 129 131 153 152 153 131 129 131 26 28 28 4 0 0 4 3 3
85818 +6 6 6 4 4 4 4 4 4 4 4 4 0 0 0 0 0 0
85819 +13 20 25 51 88 114 90 154 193 101 161 196 101 161 196 90 154 193
85820 +90 154 193 90 154 193 90 154 193 90 154 193 90 154 193 101 161 196
85821 +101 161 196 101 161 196 101 161 196 101 161 196 136 185 209 101 161 196
85822 +101 161 196 136 185 209 101 161 196 136 185 209 136 185 209 101 161 196
85823 +136 185 209 101 161 196 136 185 209 101 161 196 101 161 196 101 161 196
85824 +136 185 209 136 185 209 136 185 209 37 112 160 21 29 34 5 7 8
85825 +2 5 5 13 16 17 43 57 68 131 129 131 174 174 174 174 174 174
85826 +174 174 174 167 166 167 157 156 157 125 124 125 37 38 37 4 0 0
85827 +4 0 0 4 0 0 5 5 5 5 5 5 4 4 4 4 4 4
85828 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85829 +4 4 4 4 4 4
85830 +1 1 1 4 0 0 41 54 63 153 152 153 137 136 137 137 136 137
85831 +137 136 137 153 152 153 125 124 125 24 26 27 4 0 0 3 2 2
85832 +4 4 4 4 4 4 4 3 3 4 0 0 3 6 7 43 61 72
85833 +64 123 161 101 161 196 90 154 193 90 154 193 90 154 193 90 154 193
85834 +90 154 193 90 154 193 90 154 193 90 154 193 101 161 196 90 154 193
85835 +101 161 196 101 161 196 101 161 196 101 161 196 101 161 196 101 161 196
85836 +101 161 196 101 161 196 101 161 196 101 161 196 101 161 196 101 161 196
85837 +136 185 209 101 161 196 101 161 196 136 185 209 136 185 209 101 161 196
85838 +101 161 196 90 154 193 28 67 93 13 16 17 7 11 13 3 6 7
85839 +37 51 59 125 124 125 163 162 163 174 174 174 167 166 167 166 165 166
85840 +167 166 167 131 129 131 60 73 81 4 0 0 4 0 0 4 0 0
85841 +3 3 3 5 5 5 6 6 6 4 4 4 4 4 4 4 4 4
85842 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85843 +4 4 4 4 4 4
85844 +4 0 0 4 0 0 41 54 63 137 136 137 153 152 153 137 136 137
85845 +153 152 153 157 156 157 125 124 125 24 26 27 0 0 0 2 2 2
85846 +4 4 4 4 4 4 2 0 0 0 0 0 28 67 93 90 154 193
85847 +90 154 193 90 154 193 90 154 193 90 154 193 64 123 161 90 154 193
85848 +90 154 193 90 154 193 90 154 193 90 154 193 90 154 193 101 161 196
85849 +90 154 193 101 161 196 101 161 196 101 161 196 90 154 193 136 185 209
85850 +101 161 196 101 161 196 136 185 209 101 161 196 136 185 209 101 161 196
85851 +101 161 196 101 161 196 136 185 209 101 161 196 101 161 196 90 154 193
85852 +35 83 115 13 16 17 3 6 7 2 5 5 13 16 17 60 74 84
85853 +154 154 154 166 165 166 165 164 165 158 157 158 163 162 163 157 156 157
85854 +60 74 84 13 16 17 4 0 0 4 0 0 3 2 2 4 4 4
85855 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85856 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85857 +4 4 4 4 4 4
85858 +1 1 1 4 0 0 41 54 63 157 156 157 155 154 155 137 136 137
85859 +153 152 153 158 157 158 137 136 137 26 28 28 2 0 0 2 2 2
85860 +4 4 4 4 4 4 1 0 0 6 10 14 34 86 122 90 154 193
85861 +64 123 161 90 154 193 64 123 161 90 154 193 90 154 193 90 154 193
85862 +64 123 161 90 154 193 90 154 193 90 154 193 90 154 193 90 154 193
85863 +101 161 196 101 161 196 101 161 196 101 161 196 101 161 196 101 161 196
85864 +101 161 196 101 161 196 101 161 196 101 161 196 101 161 196 101 161 196
85865 +136 185 209 101 161 196 136 185 209 90 154 193 26 108 161 22 40 52
85866 +13 16 17 5 7 8 2 5 5 2 5 5 37 38 37 165 164 165
85867 +174 174 174 163 162 163 154 154 154 165 164 165 167 166 167 60 73 81
85868 +6 6 6 4 0 0 4 0 0 4 4 4 4 4 4 4 4 4
85869 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85870 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85871 +4 4 4 4 4 4
85872 +4 0 0 6 6 6 41 54 63 156 155 156 158 157 158 153 152 153
85873 +156 155 156 165 164 165 137 136 137 26 28 28 0 0 0 2 2 2
85874 +4 4 5 4 4 4 2 0 0 7 12 15 31 96 139 64 123 161
85875 +90 154 193 64 123 161 90 154 193 90 154 193 64 123 161 90 154 193
85876 +90 154 193 90 154 193 90 154 193 90 154 193 90 154 193 90 154 193
85877 +90 154 193 90 154 193 90 154 193 101 161 196 101 161 196 101 161 196
85878 +101 161 196 101 161 196 101 161 196 101 161 196 101 161 196 136 185 209
85879 +101 161 196 136 185 209 26 108 161 22 40 52 7 11 13 5 7 8
85880 +2 5 5 2 5 5 2 5 5 2 2 1 37 38 37 158 157 158
85881 +174 174 174 154 154 154 156 155 156 167 166 167 165 164 165 37 38 37
85882 +4 0 0 4 3 3 5 5 5 4 4 4 4 4 4 4 4 4
85883 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85884 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85885 +4 4 4 4 4 4
85886 +3 1 0 4 0 0 60 73 81 157 156 157 163 162 163 153 152 153
85887 +158 157 158 167 166 167 137 136 137 26 28 28 2 0 0 2 2 2
85888 +4 5 5 4 4 4 4 0 0 7 12 15 24 86 132 26 108 161
85889 +37 112 160 64 123 161 90 154 193 64 123 161 90 154 193 90 154 193
85890 +90 154 193 90 154 193 90 154 193 90 154 193 90 154 193 90 154 193
85891 +90 154 193 101 161 196 90 154 193 101 161 196 101 161 196 101 161 196
85892 +101 161 196 101 161 196 101 161 196 136 185 209 101 161 196 136 185 209
85893 +90 154 193 35 83 115 13 16 17 13 16 17 7 11 13 3 6 7
85894 +5 7 8 6 6 6 3 4 3 2 2 1 30 32 34 154 154 154
85895 +167 166 167 154 154 154 154 154 154 174 174 174 165 164 165 37 38 37
85896 +6 6 6 4 0 0 6 6 6 4 4 4 4 4 4 4 4 4
85897 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85898 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85899 +4 4 4 4 4 4
85900 +4 0 0 4 0 0 41 54 63 163 162 163 166 165 166 154 154 154
85901 +163 162 163 174 174 174 137 136 137 26 28 28 0 0 0 2 2 2
85902 +4 5 5 4 4 5 1 1 2 6 10 14 28 67 93 18 97 151
85903 +18 97 151 18 97 151 26 108 161 37 112 160 37 112 160 90 154 193
85904 +64 123 161 90 154 193 90 154 193 90 154 193 90 154 193 101 161 196
85905 +90 154 193 101 161 196 101 161 196 90 154 193 101 161 196 101 161 196
85906 +101 161 196 101 161 196 101 161 196 136 185 209 90 154 193 16 89 141
85907 +13 20 25 7 11 13 5 7 8 5 7 8 2 5 5 4 5 5
85908 +3 4 3 4 5 5 3 4 3 0 0 0 37 38 37 158 157 158
85909 +174 174 174 158 157 158 158 157 158 167 166 167 174 174 174 41 54 63
85910 +4 0 0 3 2 2 5 5 5 4 4 4 4 4 4 4 4 4
85911 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85912 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85913 +4 4 4 4 4 4
85914 +1 1 1 4 0 0 60 73 81 165 164 165 174 174 174 158 157 158
85915 +167 166 167 174 174 174 153 152 153 26 28 28 2 0 0 2 2 2
85916 +4 5 5 4 4 4 4 0 0 7 12 15 10 87 144 10 87 144
85917 +18 97 151 18 97 151 18 97 151 26 108 161 26 108 161 26 108 161
85918 +26 108 161 37 112 160 53 118 160 90 154 193 90 154 193 90 154 193
85919 +90 154 193 90 154 193 101 161 196 101 161 196 101 161 196 101 161 196
85920 +101 161 196 136 185 209 90 154 193 26 108 161 22 40 52 13 16 17
85921 +7 11 13 3 6 7 5 7 8 5 7 8 2 5 5 4 5 5
85922 +4 5 5 6 6 6 3 4 3 0 0 0 30 32 34 158 157 158
85923 +174 174 174 156 155 156 155 154 155 165 164 165 154 153 154 37 38 37
85924 +4 0 0 4 3 3 5 5 5 4 4 4 4 4 4 4 4 4
85925 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85926 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85927 +4 4 4 4 4 4
85928 +4 0 0 4 0 0 60 73 81 167 166 167 174 174 174 163 162 163
85929 +174 174 174 174 174 174 153 152 153 26 28 28 0 0 0 3 3 3
85930 +5 5 5 4 4 4 1 1 2 7 12 15 28 67 93 18 97 151
85931 +18 97 151 18 97 151 18 97 151 18 97 151 18 97 151 26 108 161
85932 +26 108 161 26 108 161 26 108 161 26 108 161 26 108 161 26 108 161
85933 +90 154 193 26 108 161 90 154 193 90 154 193 90 154 193 101 161 196
85934 +101 161 196 26 108 161 22 40 52 13 16 17 7 11 13 2 5 5
85935 +2 5 5 6 6 6 2 5 5 4 5 5 4 5 5 4 5 5
85936 +3 4 3 5 5 5 3 4 3 2 0 0 30 32 34 137 136 137
85937 +153 152 153 137 136 137 131 129 131 137 136 137 131 129 131 37 38 37
85938 +4 0 0 4 3 3 5 5 5 4 4 4 4 4 4 4 4 4
85939 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85940 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85941 +4 4 4 4 4 4
85942 +1 1 1 4 0 0 60 73 81 167 166 167 174 174 174 166 165 166
85943 +174 174 174 177 184 187 153 152 153 30 32 34 1 0 0 3 3 3
85944 +5 5 5 4 3 3 4 0 0 7 12 15 10 87 144 10 87 144
85945 +18 97 151 18 97 151 18 97 151 26 108 161 26 108 161 26 108 161
85946 +26 108 161 26 108 161 26 108 161 26 108 161 26 108 161 26 108 161
85947 +26 108 161 26 108 161 26 108 161 90 154 193 90 154 193 26 108 161
85948 +35 83 115 13 16 17 7 11 13 5 7 8 3 6 7 5 7 8
85949 +2 5 5 6 6 6 4 5 5 4 5 5 3 4 3 4 5 5
85950 +3 4 3 6 6 6 3 4 3 0 0 0 26 28 28 125 124 125
85951 +131 129 131 125 124 125 125 124 125 131 129 131 131 129 131 37 38 37
85952 +4 0 0 3 3 3 5 5 5 4 4 4 4 4 4 4 4 4
85953 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85954 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85955 +4 4 4 4 4 4
85956 +3 1 0 4 0 0 60 73 81 174 174 174 177 184 187 167 166 167
85957 +174 174 174 177 184 187 153 152 153 30 32 34 0 0 0 3 3 3
85958 +5 5 5 4 4 4 1 1 2 6 10 14 28 67 93 18 97 151
85959 +18 97 151 18 97 151 18 97 151 18 97 151 18 97 151 26 108 161
85960 +26 108 161 26 108 161 26 108 161 26 108 161 26 108 161 26 108 161
85961 +26 108 161 90 154 193 26 108 161 26 108 161 24 86 132 13 20 25
85962 +7 11 13 13 20 25 22 40 52 5 7 8 3 4 3 3 4 3
85963 +4 5 5 3 4 3 4 5 5 3 4 3 4 5 5 3 4 3
85964 +4 4 4 5 5 5 3 3 3 2 0 0 26 28 28 125 124 125
85965 +137 136 137 125 124 125 125 124 125 137 136 137 131 129 131 37 38 37
85966 +0 0 0 3 3 3 5 5 5 4 4 4 4 4 4 4 4 4
85967 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85968 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85969 +4 4 4 4 4 4
85970 +1 1 1 4 0 0 60 73 81 174 174 174 177 184 187 174 174 174
85971 +174 174 174 190 197 201 157 156 157 30 32 34 1 0 0 3 3 3
85972 +5 5 5 4 3 3 4 0 0 7 12 15 10 87 144 10 87 144
85973 +18 97 151 19 95 150 19 95 150 18 97 151 18 97 151 26 108 161
85974 +18 97 151 26 108 161 26 108 161 26 108 161 26 108 161 90 154 193
85975 +26 108 161 26 108 161 26 108 161 22 40 52 2 5 5 3 4 3
85976 +28 67 93 37 112 160 34 86 122 2 5 5 3 4 3 3 4 3
85977 +3 4 3 3 4 3 3 4 3 2 2 1 3 4 3 4 4 4
85978 +4 5 5 5 5 5 3 3 3 0 0 0 26 28 28 131 129 131
85979 +137 136 137 125 124 125 125 124 125 137 136 137 131 129 131 37 38 37
85980 +0 0 0 3 3 3 5 5 5 4 4 4 4 4 4 4 4 4
85981 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85982 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85983 +4 4 4 4 4 4
85984 +4 0 0 4 0 0 60 73 81 174 174 174 177 184 187 174 174 174
85985 +174 174 174 190 197 201 158 157 158 30 32 34 0 0 0 2 2 2
85986 +5 5 5 4 4 4 1 1 2 6 10 14 28 67 93 18 97 151
85987 +10 87 144 19 95 150 19 95 150 18 97 151 18 97 151 18 97 151
85988 +26 108 161 26 108 161 26 108 161 26 108 161 26 108 161 26 108 161
85989 +18 97 151 22 40 52 2 5 5 2 2 1 22 40 52 26 108 161
85990 +90 154 193 37 112 160 22 40 52 3 4 3 13 20 25 22 30 35
85991 +3 6 7 1 1 1 2 2 2 6 9 11 5 5 5 4 3 3
85992 +4 4 4 5 5 5 3 3 3 2 0 0 26 28 28 131 129 131
85993 +137 136 137 125 124 125 125 124 125 137 136 137 131 129 131 37 38 37
85994 +0 0 0 3 3 3 5 5 5 4 4 4 4 4 4 4 4 4
85995 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85996 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
85997 +4 4 4 4 4 4
85998 +1 1 1 4 0 0 60 73 81 177 184 187 193 200 203 174 174 174
85999 +177 184 187 193 200 203 163 162 163 30 32 34 4 0 0 2 2 2
86000 +5 5 5 4 3 3 4 0 0 6 10 14 24 86 132 10 87 144
86001 +10 87 144 10 87 144 19 95 150 19 95 150 19 95 150 18 97 151
86002 +26 108 161 26 108 161 26 108 161 90 154 193 26 108 161 28 67 93
86003 +6 10 14 2 5 5 13 20 25 24 86 132 37 112 160 90 154 193
86004 +10 87 144 7 12 15 2 5 5 28 67 93 37 112 160 28 67 93
86005 +2 2 1 7 12 15 35 83 115 28 67 93 3 6 7 1 0 0
86006 +4 4 4 5 5 5 3 3 3 0 0 0 26 28 28 131 129 131
86007 +137 136 137 125 124 125 125 124 125 137 136 137 131 129 131 37 38 37
86008 +0 0 0 3 3 3 5 5 5 4 4 4 4 4 4 4 4 4
86009 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86010 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86011 +4 4 4 4 4 4
86012 +4 0 0 4 0 0 60 73 81 174 174 174 190 197 201 174 174 174
86013 +177 184 187 193 200 203 163 162 163 30 32 34 0 0 0 2 2 2
86014 +5 5 5 4 4 4 1 1 2 6 10 14 28 67 93 10 87 144
86015 +10 87 144 16 89 141 19 95 150 10 87 144 26 108 161 26 108 161
86016 +26 108 161 26 108 161 26 108 161 28 67 93 6 10 14 1 1 2
86017 +7 12 15 28 67 93 26 108 161 16 89 141 24 86 132 21 29 34
86018 +3 4 3 21 29 34 37 112 160 37 112 160 27 99 146 21 29 34
86019 +21 29 34 26 108 161 90 154 193 35 83 115 1 1 2 2 0 0
86020 +4 4 4 5 5 5 3 3 3 2 0 0 26 28 28 125 124 125
86021 +137 136 137 125 124 125 125 124 125 137 136 137 131 129 131 37 38 37
86022 +0 0 0 3 3 3 5 5 5 4 4 4 4 4 4 4 4 4
86023 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86024 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86025 +4 4 4 4 4 4
86026 +3 1 0 4 0 0 60 73 81 193 200 203 193 200 203 174 174 174
86027 +190 197 201 193 200 203 165 164 165 37 38 37 4 0 0 2 2 2
86028 +5 5 5 4 3 3 4 0 0 6 10 14 24 86 132 10 87 144
86029 +10 87 144 10 87 144 16 89 141 18 97 151 18 97 151 10 87 144
86030 +24 86 132 24 86 132 13 20 25 4 5 7 4 5 7 22 40 52
86031 +18 97 151 37 112 160 26 108 161 7 12 15 1 1 1 0 0 0
86032 +28 67 93 37 112 160 26 108 161 28 67 93 22 40 52 28 67 93
86033 +26 108 161 90 154 193 26 108 161 10 87 144 0 0 0 2 0 0
86034 +4 4 4 5 5 5 3 3 3 0 0 0 26 28 28 131 129 131
86035 +137 136 137 125 124 125 125 124 125 137 136 137 131 129 131 37 38 37
86036 +0 0 0 3 3 3 5 5 5 4 4 4 4 4 4 4 4 4
86037 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86038 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86039 +4 4 4 4 4 4
86040 +4 0 0 6 6 6 60 73 81 174 174 174 193 200 203 174 174 174
86041 +190 197 201 193 200 203 165 164 165 30 32 34 0 0 0 2 2 2
86042 +5 5 5 4 4 4 1 1 2 6 10 14 28 67 93 10 87 144
86043 +10 87 144 10 87 144 10 87 144 18 97 151 28 67 93 6 10 14
86044 +0 0 0 1 1 2 4 5 7 13 20 25 16 89 141 26 108 161
86045 +26 108 161 26 108 161 24 86 132 6 9 11 2 3 3 22 40 52
86046 +37 112 160 16 89 141 22 40 52 28 67 93 26 108 161 26 108 161
86047 +90 154 193 26 108 161 26 108 161 28 67 93 1 1 1 4 0 0
86048 +4 4 4 5 5 5 3 3 3 4 0 0 26 28 28 124 126 130
86049 +137 136 137 125 124 125 125 124 125 137 136 137 131 129 131 37 38 37
86050 +0 0 0 3 3 3 5 5 5 4 4 4 4 4 4 4 4 4
86051 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86052 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86053 +4 4 4 4 4 4
86054 +4 0 0 4 0 0 60 73 81 193 200 203 193 200 203 174 174 174
86055 +193 200 203 193 200 203 167 166 167 37 38 37 4 0 0 2 2 2
86056 +5 5 5 4 4 4 4 0 0 6 10 14 28 67 93 10 87 144
86057 +10 87 144 10 87 144 18 97 151 10 87 144 13 20 25 4 5 7
86058 +1 1 2 1 1 1 22 40 52 26 108 161 26 108 161 26 108 161
86059 +26 108 161 26 108 161 26 108 161 24 86 132 22 40 52 22 40 52
86060 +22 40 52 22 40 52 10 87 144 26 108 161 26 108 161 26 108 161
86061 +26 108 161 26 108 161 90 154 193 10 87 144 0 0 0 4 0 0
86062 +4 4 4 5 5 5 3 3 3 0 0 0 26 28 28 131 129 131
86063 +137 136 137 125 124 125 125 124 125 137 136 137 131 129 131 37 38 37
86064 +0 0 0 3 3 3 5 5 5 4 4 4 4 4 4 4 4 4
86065 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86066 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86067 +4 4 4 4 4 4
86068 +4 0 0 6 6 6 60 73 81 174 174 174 220 221 221 174 174 174
86069 +190 197 201 205 212 215 167 166 167 30 32 34 0 0 0 2 2 2
86070 +5 5 5 4 4 4 1 1 2 6 10 14 28 67 93 10 87 144
86071 +10 87 144 10 87 144 10 87 144 10 87 144 22 40 52 1 1 2
86072 +2 0 0 1 1 2 24 86 132 26 108 161 26 108 161 26 108 161
86073 +26 108 161 19 95 150 16 89 141 10 87 144 22 40 52 22 40 52
86074 +10 87 144 26 108 161 37 112 160 26 108 161 26 108 161 26 108 161
86075 +26 108 161 26 108 161 26 108 161 28 67 93 2 0 0 3 1 0
86076 +4 4 4 5 5 5 3 3 3 2 0 0 26 28 28 131 129 131
86077 +137 136 137 125 124 125 125 124 125 137 136 137 131 129 131 37 38 37
86078 +0 0 0 3 3 3 5 5 5 4 4 4 4 4 4 4 4 4
86079 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86080 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86081 +4 4 4 4 4 4
86082 +4 0 0 4 0 0 60 73 81 220 221 221 190 197 201 174 174 174
86083 +193 200 203 193 200 203 174 174 174 37 38 37 4 0 0 2 2 2
86084 +5 5 5 4 4 4 3 2 2 1 1 2 13 20 25 10 87 144
86085 +10 87 144 10 87 144 10 87 144 10 87 144 10 87 144 13 20 25
86086 +13 20 25 22 40 52 10 87 144 18 97 151 18 97 151 26 108 161
86087 +10 87 144 13 20 25 6 10 14 21 29 34 24 86 132 18 97 151
86088 +26 108 161 26 108 161 26 108 161 26 108 161 26 108 161 26 108 161
86089 +26 108 161 90 154 193 18 97 151 13 20 25 0 0 0 4 3 3
86090 +4 4 4 5 5 5 3 3 3 0 0 0 26 28 28 131 129 131
86091 +137 136 137 125 124 125 125 124 125 137 136 137 131 129 131 37 38 37
86092 +0 0 0 3 3 3 5 5 5 4 4 4 4 4 4 4 4 4
86093 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86094 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86095 +4 4 4 4 4 4
86096 +4 0 0 6 6 6 60 73 81 174 174 174 220 221 221 174 174 174
86097 +190 197 201 220 221 221 167 166 167 30 32 34 1 0 0 2 2 2
86098 +5 5 5 4 4 4 4 4 5 2 5 5 4 5 7 13 20 25
86099 +28 67 93 10 87 144 10 87 144 10 87 144 10 87 144 10 87 144
86100 +10 87 144 10 87 144 18 97 151 10 87 144 18 97 151 18 97 151
86101 +28 67 93 2 3 3 0 0 0 28 67 93 26 108 161 26 108 161
86102 +26 108 161 26 108 161 26 108 161 26 108 161 26 108 161 26 108 161
86103 +26 108 161 10 87 144 13 20 25 1 1 2 3 2 2 4 4 4
86104 +4 4 4 5 5 5 3 3 3 2 0 0 26 28 28 131 129 131
86105 +137 136 137 125 124 125 125 124 125 137 136 137 131 129 131 37 38 37
86106 +0 0 0 3 3 3 5 5 5 4 4 4 4 4 4 4 4 4
86107 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86108 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86109 +4 4 4 4 4 4
86110 +4 0 0 4 0 0 60 73 81 220 221 221 190 197 201 174 174 174
86111 +193 200 203 193 200 203 174 174 174 26 28 28 4 0 0 4 3 3
86112 +5 5 5 4 4 4 4 4 4 4 4 5 1 1 2 2 5 5
86113 +4 5 7 22 40 52 10 87 144 10 87 144 18 97 151 10 87 144
86114 +10 87 144 10 87 144 10 87 144 10 87 144 10 87 144 18 97 151
86115 +10 87 144 28 67 93 22 40 52 10 87 144 26 108 161 18 97 151
86116 +18 97 151 18 97 151 26 108 161 26 108 161 26 108 161 26 108 161
86117 +22 40 52 1 1 2 0 0 0 2 3 3 4 4 4 4 4 4
86118 +4 4 4 5 5 5 4 4 4 0 0 0 26 28 28 131 129 131
86119 +137 136 137 125 124 125 125 124 125 137 136 137 131 129 131 37 38 37
86120 +0 0 0 3 3 3 5 5 5 4 4 4 4 4 4 4 4 4
86121 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86122 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86123 +4 4 4 4 4 4
86124 +4 0 0 6 6 6 60 73 81 174 174 174 220 221 221 174 174 174
86125 +190 197 201 220 221 221 190 197 201 41 54 63 4 0 0 2 2 2
86126 +6 6 6 4 4 4 4 4 4 4 4 5 4 4 5 3 3 3
86127 +1 1 2 1 1 2 6 10 14 22 40 52 10 87 144 18 97 151
86128 +18 97 151 10 87 144 10 87 144 10 87 144 18 97 151 10 87 144
86129 +10 87 144 18 97 151 26 108 161 18 97 151 18 97 151 10 87 144
86130 +26 108 161 26 108 161 26 108 161 10 87 144 28 67 93 6 10 14
86131 +1 1 2 1 1 2 4 3 3 4 4 5 4 4 4 4 4 4
86132 +5 5 5 5 5 5 1 1 1 4 0 0 37 51 59 137 136 137
86133 +137 136 137 125 124 125 125 124 125 137 136 137 131 129 131 37 38 37
86134 +0 0 0 3 3 3 5 5 5 4 4 4 4 4 4 4 4 4
86135 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86136 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86137 +4 4 4 4 4 4
86138 +4 0 0 4 0 0 60 73 81 220 221 221 193 200 203 174 174 174
86139 +193 200 203 193 200 203 220 221 221 137 136 137 13 16 17 4 0 0
86140 +2 2 2 4 4 4 4 4 4 4 4 4 4 4 4 4 4 5
86141 +4 4 5 4 3 3 1 1 2 4 5 7 13 20 25 28 67 93
86142 +10 87 144 10 87 144 10 87 144 10 87 144 10 87 144 10 87 144
86143 +10 87 144 18 97 151 18 97 151 10 87 144 18 97 151 26 108 161
86144 +26 108 161 18 97 151 28 67 93 6 10 14 0 0 0 0 0 0
86145 +2 3 3 4 5 5 4 4 5 4 4 4 4 4 4 5 5 5
86146 +3 3 3 1 1 1 0 0 0 16 19 21 125 124 125 137 136 137
86147 +131 129 131 125 124 125 125 124 125 137 136 137 131 129 131 37 38 37
86148 +0 0 0 3 3 3 5 5 5 4 4 4 4 4 4 4 4 4
86149 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86150 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86151 +4 4 4 4 4 4
86152 +4 0 0 6 6 6 60 73 81 174 174 174 220 221 221 174 174 174
86153 +193 200 203 190 197 201 220 221 221 220 221 221 153 152 153 30 32 34
86154 +0 0 0 0 0 0 2 2 2 4 4 4 4 4 4 4 4 4
86155 +4 4 4 4 5 5 4 5 7 1 1 2 1 1 2 4 5 7
86156 +13 20 25 28 67 93 10 87 144 18 97 151 10 87 144 10 87 144
86157 +10 87 144 10 87 144 10 87 144 18 97 151 26 108 161 18 97 151
86158 +28 67 93 7 12 15 0 0 0 0 0 0 2 2 1 4 4 4
86159 +4 5 5 4 5 5 4 4 4 4 4 4 3 3 3 0 0 0
86160 +0 0 0 0 0 0 37 38 37 125 124 125 158 157 158 131 129 131
86161 +125 124 125 125 124 125 125 124 125 137 136 137 131 129 131 37 38 37
86162 +0 0 0 3 3 3 5 5 5 4 4 4 4 4 4 4 4 4
86163 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86164 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86165 +4 4 4 4 4 4
86166 +4 3 3 4 0 0 41 54 63 193 200 203 220 221 221 174 174 174
86167 +193 200 203 193 200 203 193 200 203 220 221 221 244 246 246 193 200 203
86168 +120 125 127 5 5 5 1 0 0 0 0 0 1 1 1 4 4 4
86169 +4 4 4 4 4 4 4 5 5 4 5 5 4 4 5 1 1 2
86170 +4 5 7 4 5 7 22 40 52 10 87 144 10 87 144 10 87 144
86171 +10 87 144 10 87 144 18 97 151 10 87 144 10 87 144 13 20 25
86172 +4 5 7 2 3 3 1 1 2 4 4 4 4 5 5 4 4 4
86173 +4 4 4 4 4 4 4 4 4 1 1 1 0 0 0 1 1 2
86174 +24 26 27 60 74 84 153 152 153 163 162 163 137 136 137 125 124 125
86175 +125 124 125 125 124 125 125 124 125 137 136 137 125 124 125 26 28 28
86176 +0 0 0 3 3 3 5 5 5 4 4 4 4 4 4 4 4 4
86177 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86178 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86179 +4 4 4 4 4 4
86180 +4 0 0 6 6 6 26 28 28 156 155 156 220 221 221 220 221 221
86181 +174 174 174 193 200 203 193 200 203 193 200 203 205 212 215 220 221 221
86182 +220 221 221 167 166 167 60 73 81 7 11 13 0 0 0 0 0 0
86183 +3 3 3 4 4 4 4 4 4 4 4 4 4 4 5 4 4 5
86184 +4 4 5 1 1 2 1 1 2 4 5 7 22 40 52 10 87 144
86185 +10 87 144 10 87 144 10 87 144 22 40 52 4 5 7 1 1 2
86186 +1 1 2 4 4 5 4 4 4 4 4 4 4 4 4 4 4 4
86187 +5 5 5 2 2 2 0 0 0 4 0 0 16 19 21 60 73 81
86188 +137 136 137 167 166 167 158 157 158 137 136 137 131 129 131 131 129 131
86189 +125 124 125 125 124 125 131 129 131 155 154 155 60 74 84 5 7 8
86190 +0 0 0 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86191 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86192 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86193 +4 4 4 4 4 4
86194 +5 5 5 4 0 0 4 0 0 60 73 81 193 200 203 220 221 221
86195 +193 200 203 193 200 203 193 200 203 193 200 203 205 212 215 220 221 221
86196 +220 221 221 220 221 221 220 221 221 137 136 137 43 57 68 6 6 6
86197 +4 0 0 1 1 1 4 4 4 4 4 4 4 4 4 4 4 4
86198 +4 4 5 4 4 5 3 2 2 1 1 2 2 5 5 13 20 25
86199 +22 40 52 22 40 52 13 20 25 2 3 3 1 1 2 3 3 3
86200 +4 5 7 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86201 +1 1 1 0 0 0 2 3 3 41 54 63 131 129 131 166 165 166
86202 +166 165 166 155 154 155 153 152 153 137 136 137 137 136 137 125 124 125
86203 +125 124 125 137 136 137 137 136 137 125 124 125 37 38 37 4 3 3
86204 +4 3 3 5 5 5 4 4 4 4 4 4 4 4 4 4 4 4
86205 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86206 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86207 +4 4 4 4 4 4
86208 +4 3 3 6 6 6 6 6 6 13 16 17 60 73 81 167 166 167
86209 +220 221 221 220 221 221 220 221 221 193 200 203 193 200 203 193 200 203
86210 +205 212 215 220 221 221 220 221 221 244 246 246 205 212 215 125 124 125
86211 +24 26 27 0 0 0 0 0 0 2 2 2 5 5 5 5 5 5
86212 +4 4 4 4 4 4 4 4 4 4 4 5 1 1 2 4 5 7
86213 +4 5 7 4 5 7 1 1 2 3 2 2 4 4 5 4 4 4
86214 +4 4 4 4 4 4 5 5 5 4 4 4 0 0 0 0 0 0
86215 +2 0 0 26 28 28 125 124 125 174 174 174 174 174 174 166 165 166
86216 +156 155 156 153 152 153 137 136 137 137 136 137 131 129 131 137 136 137
86217 +137 136 137 137 136 137 60 74 84 30 32 34 4 0 0 4 0 0
86218 +5 5 5 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86219 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86220 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86221 +4 4 4 4 4 4
86222 +5 5 5 6 6 6 4 0 0 4 0 0 6 6 6 26 28 28
86223 +125 124 125 174 174 174 220 221 221 220 221 221 220 221 221 193 200 203
86224 +205 212 215 220 221 221 205 212 215 220 221 221 220 221 221 244 246 246
86225 +193 200 203 60 74 84 13 16 17 4 0 0 0 0 0 3 3 3
86226 +5 5 5 5 5 5 4 4 4 4 4 4 4 4 5 3 3 3
86227 +1 1 2 3 3 3 4 4 5 4 4 5 4 4 4 4 4 4
86228 +5 5 5 5 5 5 2 2 2 0 0 0 0 0 0 13 16 17
86229 +60 74 84 174 174 174 193 200 203 174 174 174 167 166 167 163 162 163
86230 +153 152 153 153 152 153 137 136 137 137 136 137 153 152 153 137 136 137
86231 +125 124 125 41 54 63 24 26 27 4 0 0 4 0 0 5 5 5
86232 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86233 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86234 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86235 +4 4 4 4 4 4
86236 +4 3 3 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6
86237 +6 6 6 37 38 37 131 129 131 220 221 221 220 221 221 220 221 221
86238 +193 200 203 193 200 203 220 221 221 205 212 215 220 221 221 244 246 246
86239 +244 246 246 244 246 246 174 174 174 41 54 63 0 0 0 0 0 0
86240 +0 0 0 4 4 4 5 5 5 5 5 5 4 4 4 4 4 5
86241 +4 4 5 4 4 5 4 4 4 4 4 4 6 6 6 6 6 6
86242 +3 3 3 0 0 0 2 0 0 13 16 17 60 73 81 156 155 156
86243 +220 221 221 193 200 203 174 174 174 165 164 165 163 162 163 154 153 154
86244 +153 152 153 153 152 153 158 157 158 163 162 163 137 136 137 60 73 81
86245 +13 16 17 4 0 0 4 0 0 4 3 3 4 4 4 4 4 4
86246 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86247 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86248 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86249 +4 4 4 4 4 4
86250 +5 5 5 4 3 3 4 3 3 6 6 6 6 6 6 6 6 6
86251 +6 6 6 6 6 6 6 6 6 37 38 37 167 166 167 244 246 246
86252 +244 246 246 220 221 221 205 212 215 205 212 215 220 221 221 193 200 203
86253 +220 221 221 244 246 246 244 246 246 244 246 246 137 136 137 37 38 37
86254 +3 2 2 0 0 0 1 1 1 5 5 5 5 5 5 4 4 4
86255 +4 4 4 4 4 4 4 4 4 5 5 5 4 4 4 1 1 1
86256 +0 0 0 5 5 5 43 57 68 153 152 153 193 200 203 220 221 221
86257 +177 184 187 174 174 174 167 166 167 166 165 166 158 157 158 157 156 157
86258 +158 157 158 166 165 166 156 155 156 85 115 134 13 16 17 4 0 0
86259 +4 0 0 4 0 0 5 5 5 5 5 5 4 4 4 4 4 4
86260 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86261 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86262 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86263 +4 4 4 4 4 4
86264 +5 5 5 4 3 3 6 6 6 6 6 6 4 0 0 6 6 6
86265 +6 6 6 6 6 6 6 6 6 6 6 6 13 16 17 60 73 81
86266 +177 184 187 220 221 221 220 221 221 220 221 221 205 212 215 220 221 221
86267 +220 221 221 205 212 215 220 221 221 244 246 246 244 246 246 205 212 215
86268 +125 124 125 30 32 34 0 0 0 0 0 0 2 2 2 5 5 5
86269 +4 4 4 4 4 4 4 4 4 1 1 1 0 0 0 1 0 0
86270 +37 38 37 131 129 131 205 212 215 220 221 221 193 200 203 174 174 174
86271 +174 174 174 174 174 174 167 166 167 165 164 165 166 165 166 167 166 167
86272 +158 157 158 125 124 125 37 38 37 4 0 0 4 0 0 4 0 0
86273 +4 3 3 5 5 5 4 4 4 4 4 4 4 4 4 4 4 4
86274 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86275 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86276 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86277 +4 4 4 4 4 4
86278 +4 4 4 5 5 5 4 3 3 4 3 3 6 6 6 6 6 6
86279 +4 0 0 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6
86280 +26 28 28 125 124 125 205 212 215 220 221 221 220 221 221 220 221 221
86281 +205 212 215 220 221 221 205 212 215 220 221 221 220 221 221 244 246 246
86282 +244 246 246 190 197 201 60 74 84 16 19 21 4 0 0 0 0 0
86283 +0 0 0 0 0 0 0 0 0 0 0 0 16 19 21 120 125 127
86284 +177 184 187 220 221 221 205 212 215 177 184 187 174 174 174 177 184 187
86285 +174 174 174 174 174 174 167 166 167 174 174 174 166 165 166 137 136 137
86286 +60 73 81 13 16 17 4 0 0 4 0 0 4 3 3 6 6 6
86287 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86288 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86289 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86290 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86291 +4 4 4 4 4 4
86292 +5 5 5 4 3 3 5 5 5 4 3 3 6 6 6 4 0 0
86293 +6 6 6 6 6 6 4 0 0 6 6 6 4 0 0 6 6 6
86294 +6 6 6 6 6 6 37 38 37 137 136 137 193 200 203 220 221 221
86295 +220 221 221 205 212 215 220 221 221 205 212 215 205 212 215 220 221 221
86296 +220 221 221 220 221 221 244 246 246 166 165 166 43 57 68 2 2 2
86297 +0 0 0 4 0 0 16 19 21 60 73 81 157 156 157 202 210 214
86298 +220 221 221 193 200 203 177 184 187 177 184 187 177 184 187 174 174 174
86299 +174 174 174 174 174 174 174 174 174 157 156 157 60 74 84 24 26 27
86300 +4 0 0 4 0 0 4 0 0 6 6 6 4 4 4 4 4 4
86301 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86302 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86303 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86304 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86305 +4 4 4 4 4 4
86306 +4 4 4 4 4 4 5 5 5 4 3 3 5 5 5 6 6 6
86307 +6 6 6 4 0 0 6 6 6 6 6 6 6 6 6 4 0 0
86308 +4 0 0 4 0 0 6 6 6 24 26 27 60 73 81 167 166 167
86309 +220 221 221 220 221 221 220 221 221 205 212 215 205 212 215 205 212 215
86310 +205 212 215 220 221 221 220 221 221 220 221 221 205 212 215 137 136 137
86311 +60 74 84 125 124 125 137 136 137 190 197 201 220 221 221 193 200 203
86312 +177 184 187 177 184 187 177 184 187 174 174 174 174 174 174 177 184 187
86313 +190 197 201 174 174 174 125 124 125 37 38 37 6 6 6 4 0 0
86314 +4 0 0 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86315 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86316 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86317 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86318 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86319 +4 4 4 4 4 4
86320 +4 4 4 4 4 4 5 5 5 5 5 5 4 3 3 6 6 6
86321 +4 0 0 6 6 6 6 6 6 6 6 6 4 0 0 6 6 6
86322 +6 6 6 6 6 6 4 0 0 4 0 0 6 6 6 6 6 6
86323 +125 124 125 193 200 203 244 246 246 220 221 221 205 212 215 205 212 215
86324 +205 212 215 193 200 203 205 212 215 205 212 215 220 221 221 220 221 221
86325 +193 200 203 193 200 203 205 212 215 193 200 203 193 200 203 177 184 187
86326 +190 197 201 190 197 201 174 174 174 190 197 201 193 200 203 190 197 201
86327 +153 152 153 60 73 81 4 0 0 4 0 0 4 0 0 3 2 2
86328 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86329 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86330 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86331 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86332 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86333 +4 4 4 4 4 4
86334 +4 4 4 4 4 4 4 4 4 4 4 4 5 5 5 4 3 3
86335 +6 6 6 4 3 3 4 3 3 4 3 3 6 6 6 6 6 6
86336 +4 0 0 6 6 6 6 6 6 6 6 6 4 0 0 4 0 0
86337 +4 0 0 26 28 28 131 129 131 220 221 221 244 246 246 220 221 221
86338 +205 212 215 193 200 203 205 212 215 193 200 203 193 200 203 205 212 215
86339 +220 221 221 193 200 203 193 200 203 193 200 203 190 197 201 174 174 174
86340 +174 174 174 190 197 201 193 200 203 193 200 203 167 166 167 125 124 125
86341 +6 6 6 4 0 0 4 0 0 4 3 3 4 4 4 4 4 4
86342 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86343 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86344 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86345 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86346 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86347 +4 4 4 4 4 4
86348 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 5 5 5
86349 +5 5 5 4 3 3 5 5 5 6 6 6 4 3 3 5 5 5
86350 +6 6 6 6 6 6 4 0 0 6 6 6 6 6 6 6 6 6
86351 +4 0 0 4 0 0 6 6 6 41 54 63 158 157 158 220 221 221
86352 +220 221 221 220 221 221 193 200 203 193 200 203 193 200 203 190 197 201
86353 +190 197 201 190 197 201 190 197 201 190 197 201 174 174 174 193 200 203
86354 +193 200 203 220 221 221 174 174 174 125 124 125 37 38 37 4 0 0
86355 +4 0 0 4 3 3 6 6 6 4 4 4 4 4 4 4 4 4
86356 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86357 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86358 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86359 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86360 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86361 +4 4 4 4 4 4
86362 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86363 +4 4 4 5 5 5 4 3 3 4 3 3 4 3 3 5 5 5
86364 +4 3 3 6 6 6 5 5 5 4 3 3 6 6 6 6 6 6
86365 +6 6 6 6 6 6 4 0 0 4 0 0 13 16 17 60 73 81
86366 +174 174 174 220 221 221 220 221 221 205 212 215 190 197 201 174 174 174
86367 +193 200 203 174 174 174 190 197 201 174 174 174 193 200 203 220 221 221
86368 +193 200 203 131 129 131 37 38 37 6 6 6 4 0 0 4 0 0
86369 +6 6 6 6 6 6 4 3 3 5 5 5 4 4 4 4 4 4
86370 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86371 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86372 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86373 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86374 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86375 +4 4 4 4 4 4
86376 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86377 +4 4 4 4 4 4 4 4 4 5 5 5 5 5 5 5 5 5
86378 +5 5 5 4 3 3 4 3 3 5 5 5 4 3 3 4 3 3
86379 +5 5 5 6 6 6 6 6 6 4 0 0 6 6 6 6 6 6
86380 +6 6 6 125 124 125 174 174 174 220 221 221 220 221 221 193 200 203
86381 +193 200 203 193 200 203 193 200 203 193 200 203 220 221 221 158 157 158
86382 +60 73 81 6 6 6 4 0 0 4 0 0 5 5 5 6 6 6
86383 +5 5 5 5 5 5 4 4 4 4 4 4 4 4 4 4 4 4
86384 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86385 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86386 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86387 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86388 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86389 +4 4 4 4 4 4
86390 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86391 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86392 +4 4 4 5 5 5 5 5 5 4 3 3 5 5 5 4 3 3
86393 +5 5 5 5 5 5 6 6 6 6 6 6 4 0 0 4 0 0
86394 +4 0 0 4 0 0 26 28 28 125 124 125 174 174 174 193 200 203
86395 +193 200 203 174 174 174 193 200 203 167 166 167 125 124 125 6 6 6
86396 +6 6 6 6 6 6 4 0 0 6 6 6 6 6 6 5 5 5
86397 +4 3 3 5 5 5 4 4 4 4 4 4 4 4 4 4 4 4
86398 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86399 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86400 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86401 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86402 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86403 +4 4 4 4 4 4
86404 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86405 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86406 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 5 5 5
86407 +4 3 3 6 6 6 4 0 0 6 6 6 6 6 6 6 6 6
86408 +6 6 6 4 0 0 4 0 0 6 6 6 37 38 37 125 124 125
86409 +153 152 153 131 129 131 125 124 125 37 38 37 6 6 6 6 6 6
86410 +6 6 6 4 0 0 6 6 6 6 6 6 4 3 3 5 5 5
86411 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86412 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86413 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86414 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86415 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86416 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86417 +4 4 4 4 4 4
86418 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86419 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86420 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86421 +4 4 4 5 5 5 5 5 5 4 3 3 5 5 5 4 3 3
86422 +6 6 6 6 6 6 4 0 0 4 0 0 6 6 6 6 6 6
86423 +24 26 27 24 26 27 6 6 6 6 6 6 6 6 6 4 0 0
86424 +6 6 6 6 6 6 4 0 0 6 6 6 5 5 5 4 3 3
86425 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86426 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86427 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86428 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86429 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86430 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86431 +4 4 4 4 4 4
86432 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86433 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86434 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86435 +4 4 4 4 4 4 5 5 5 4 3 3 5 5 5 6 6 6
86436 +4 0 0 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6
86437 +6 6 6 6 6 6 6 6 6 4 0 0 6 6 6 6 6 6
86438 +4 0 0 6 6 6 6 6 6 4 3 3 5 5 5 4 4 4
86439 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86440 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86441 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86442 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86443 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86444 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86445 +4 4 4 4 4 4
86446 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86447 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86448 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86449 +4 4 4 4 4 4 4 4 4 5 5 5 4 3 3 5 5 5
86450 +5 5 5 5 5 5 4 0 0 6 6 6 4 0 0 6 6 6
86451 +6 6 6 6 6 6 6 6 6 4 0 0 6 6 6 4 0 0
86452 +6 6 6 4 3 3 5 5 5 4 3 3 5 5 5 4 4 4
86453 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86454 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86455 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86456 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86457 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86458 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86459 +4 4 4 4 4 4
86460 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86461 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86462 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86463 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 5 5 5
86464 +4 3 3 6 6 6 4 3 3 6 6 6 6 6 6 6 6 6
86465 +4 0 0 6 6 6 4 0 0 6 6 6 6 6 6 6 6 6
86466 +6 6 6 4 3 3 5 5 5 4 4 4 4 4 4 4 4 4
86467 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86468 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86469 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86470 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86471 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86472 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86473 +4 4 4 4 4 4
86474 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86475 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86476 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86477 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86478 +4 4 4 5 5 5 4 3 3 5 5 5 4 0 0 6 6 6
86479 +6 6 6 4 0 0 6 6 6 6 6 6 4 0 0 6 6 6
86480 +4 3 3 5 5 5 5 5 5 4 4 4 4 4 4 4 4 4
86481 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86482 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86483 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86484 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86485 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86486 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86487 +4 4 4 4 4 4
86488 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86489 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86490 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86491 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86492 +4 4 4 5 5 5 4 3 3 5 5 5 6 6 6 4 3 3
86493 +4 3 3 6 6 6 6 6 6 4 3 3 6 6 6 4 3 3
86494 +5 5 5 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86495 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86496 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86497 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86498 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86499 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86500 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86501 +4 4 4 4 4 4
86502 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86503 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86504 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86505 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86506 +4 4 4 4 4 4 4 4 4 5 5 5 4 3 3 6 6 6
86507 +5 5 5 4 3 3 4 3 3 4 3 3 5 5 5 5 5 5
86508 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86509 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86510 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86511 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86512 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86513 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86514 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86515 +4 4 4 4 4 4
86516 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86517 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86518 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86519 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86520 +4 4 4 4 4 4 4 4 4 4 4 4 5 5 5 4 3 3
86521 +5 5 5 4 3 3 5 5 5 5 5 5 4 4 4 4 4 4
86522 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86523 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86524 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86525 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86526 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86527 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86528 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
86529 +4 4 4 4 4 4
86530 diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c
86531 index d5dbdb9..8159bdd 100644
86532 --- a/drivers/xen/events/events_base.c
86533 +++ b/drivers/xen/events/events_base.c
86534 @@ -1588,7 +1588,7 @@ void xen_irq_resume(void)
86535 restore_pirqs();
86536 }
86537
86538 -static struct irq_chip xen_dynamic_chip __read_mostly = {
86539 +static struct irq_chip xen_dynamic_chip = {
86540 .name = "xen-dyn",
86541
86542 .irq_disable = disable_dynirq,
86543 @@ -1602,7 +1602,7 @@ static struct irq_chip xen_dynamic_chip __read_mostly = {
86544 .irq_retrigger = retrigger_dynirq,
86545 };
86546
86547 -static struct irq_chip xen_pirq_chip __read_mostly = {
86548 +static struct irq_chip xen_pirq_chip = {
86549 .name = "xen-pirq",
86550
86551 .irq_startup = startup_pirq,
86552 @@ -1622,7 +1622,7 @@ static struct irq_chip xen_pirq_chip __read_mostly = {
86553 .irq_retrigger = retrigger_dynirq,
86554 };
86555
86556 -static struct irq_chip xen_percpu_chip __read_mostly = {
86557 +static struct irq_chip xen_percpu_chip = {
86558 .name = "xen-percpu",
86559
86560 .irq_disable = disable_dynirq,
86561 diff --git a/drivers/xen/xen-pciback/pci_stub.c b/drivers/xen/xen-pciback/pci_stub.c
86562 index 258b7c3..6aad74a 100644
86563 --- a/drivers/xen/xen-pciback/pci_stub.c
86564 +++ b/drivers/xen/xen-pciback/pci_stub.c
86565 @@ -831,7 +831,7 @@ end:
86566 */
86567
86568 static pci_ers_result_t xen_pcibk_error_detected(struct pci_dev *dev,
86569 - pci_channel_state_t error)
86570 + enum pci_channel_state error)
86571 {
86572 struct pcistub_device *psdev;
86573 pci_ers_result_t result;
86574 diff --git a/drivers/xen/xenfs/xenstored.c b/drivers/xen/xenfs/xenstored.c
86575 index fef20db..d28b1ab 100644
86576 --- a/drivers/xen/xenfs/xenstored.c
86577 +++ b/drivers/xen/xenfs/xenstored.c
86578 @@ -24,7 +24,12 @@ static int xsd_release(struct inode *inode, struct file *file)
86579 static int xsd_kva_open(struct inode *inode, struct file *file)
86580 {
86581 file->private_data = (void *)kasprintf(GFP_KERNEL, "0x%p",
86582 +#ifdef CONFIG_GRKERNSEC_HIDESYM
86583 + NULL);
86584 +#else
86585 xen_store_interface);
86586 +#endif
86587 +
86588 if (!file->private_data)
86589 return -ENOMEM;
86590 return 0;
86591 diff --git a/firmware/Makefile b/firmware/Makefile
86592 index e297e1b..aeb0982 100644
86593 --- a/firmware/Makefile
86594 +++ b/firmware/Makefile
86595 @@ -35,9 +35,11 @@ fw-shipped-$(CONFIG_BNX2X) += bnx2x/bnx2x-e1-6.2.9.0.fw \
86596 bnx2x/bnx2x-e1h-6.2.9.0.fw \
86597 bnx2x/bnx2x-e2-6.2.9.0.fw
86598 fw-shipped-$(CONFIG_BNX2) += bnx2/bnx2-mips-09-6.2.1a.fw \
86599 + bnx2/bnx2-mips-09-6.2.1b.fw \
86600 bnx2/bnx2-rv2p-09-6.0.17.fw \
86601 bnx2/bnx2-rv2p-09ax-6.0.17.fw \
86602 bnx2/bnx2-mips-06-6.2.1.fw \
86603 + bnx2/bnx2-mips-06-6.2.3.fw \
86604 bnx2/bnx2-rv2p-06-6.0.15.fw
86605 fw-shipped-$(CONFIG_CASSINI) += sun/cassini.bin
86606 fw-shipped-$(CONFIG_CHELSIO_T3) += cxgb3/t3b_psram-1.1.0.bin \
86607 diff --git a/firmware/WHENCE b/firmware/WHENCE
86608 index de6f22e..51fbae7 100644
86609 --- a/firmware/WHENCE
86610 +++ b/firmware/WHENCE
86611 @@ -653,21 +653,23 @@ Found in hex form in kernel source.
86612 Driver: BNX2 - Broadcom NetXtremeII
86613
86614 File: bnx2/bnx2-mips-06-6.2.1.fw
86615 +File: bnx2/bnx2-mips-06-6.2.3.fw
86616 File: bnx2/bnx2-rv2p-06-6.0.15.fw
86617 File: bnx2/bnx2-mips-09-6.2.1a.fw
86618 +File: bnx2/bnx2-mips-09-6.2.1b.fw
86619 File: bnx2/bnx2-rv2p-09-6.0.17.fw
86620 File: bnx2/bnx2-rv2p-09ax-6.0.17.fw
86621
86622 Licence:
86623 -
86624 - This file contains firmware data derived from proprietary unpublished
86625 - source code, Copyright (c) 2004 - 2010 Broadcom Corporation.
86626 -
86627 - Permission is hereby granted for the distribution of this firmware data
86628 - in hexadecimal or equivalent format, provided this copyright notice is
86629 - accompanying it.
86630 -
86631 -Found in hex form in kernel source.
86632 +
86633 + This file contains firmware data derived from proprietary unpublished
86634 + source code, Copyright (c) 2004 - 2010 Broadcom Corporation.
86635 +
86636 + Permission is hereby granted for the distribution of this firmware data
86637 + in hexadecimal or equivalent format, provided this copyright notice is
86638 + accompanying it.
86639 +
86640 +Found in hex form in kernel source.
86641
86642 --------------------------------------------------------------------------
86643
86644 diff --git a/firmware/bnx2/bnx2-mips-06-6.2.3.fw.ihex b/firmware/bnx2/bnx2-mips-06-6.2.3.fw.ihex
86645 new file mode 100644
86646 index 0000000..da72bf1
86647 --- /dev/null
86648 +++ b/firmware/bnx2/bnx2-mips-06-6.2.3.fw.ihex
86649 @@ -0,0 +1,5804 @@
86650 +:10000000080001180800000000004A68000000C84D
86651 +:1000100000000000000000000000000008004A6826
86652 +:100020000000001400004B30080000A00800000091
86653 +:100030000000569400004B44080058200000008443
86654 +:100040000000A1D808005694000001580000A25CEE
86655 +:100050000800321008000000000072F00000A3B495
86656 +:10006000000000000000000000000000080072F026
86657 +:1000700000000024000116A40800049008000400F9
86658 +:10008000000017D4000116C80000000000000000A6
86659 +:100090000000000000000000000000000000000060
86660 +:1000A000080000A80800000000003BFC00012E9C96
86661 +:1000B0000000000000000000000000000000000040
86662 +:1000C00000000000000000000A00004600000000E0
86663 +:1000D000000000000000000D636F6D362E322E33DD
86664 +:1000E0000000000006020302000000000000000300
86665 +:1000F000000000C800000032000000030000000003
86666 +:1001000000000000000000000000000000000000EF
86667 +:1001100000000010000001360000EA600000000549
86668 +:1001200000000000000000000000000000000008C7
86669 +:1001300000000000000000000000000000000000BF
86670 +:1001400000000000000000000000000000000000AF
86671 +:10015000000000000000000000000000000000009F
86672 +:10016000000000020000000000000000000000008D
86673 +:10017000000000000000000000000000000000007F
86674 +:10018000000000000000000000000010000000005F
86675 +:10019000000000000000000000000000000000005F
86676 +:1001A000000000000000000000000000000000004F
86677 +:1001B000000000000000000000000000000000003F
86678 +:1001C000000000000000000000000000000000002F
86679 +:1001D000000000000000000000000000000000001F
86680 +:1001E0000000000010000003000000000000000DEF
86681 +:1001F0000000000D3C02080024424AA03C03080015
86682 +:1002000024634B9CAC4000000043202B1480FFFD76
86683 +:10021000244200043C1D080037BD7FFC03A0F021F0
86684 +:100220003C100800261001183C1C0800279C4AA01E
86685 +:100230000E000168000000000000000D27470100CB
86686 +:1002400090E3000B2402001A94E5000814620028D1
86687 +:10025000000020218CE200003C0308008C63004475
86688 +:1002600094E60014000211C20002104030A4000203
86689 +:10027000005A10212463000130A50004A446008028
86690 +:100280003C010800AC23004410A000190004202BFE
86691 +:100290008F4202B804410008240400013C02080017
86692 +:1002A0008C420060244200013C010800AC22006046
86693 +:1002B00003E00008008010218CE2002094E3001687
86694 +:1002C00000002021AF4202808CE20004A743028498
86695 +:1002D000AF4202883C021000AF4202B83C02080064
86696 +:1002E0008C42005C244200013C010800AC22005C0E
86697 +:1002F00003E00008008010212747010090E3000B75
86698 +:100300002402000394E50008146200280000202164
86699 +:100310008CE200003C0308008C63004494E6001467
86700 +:10032000000211C20002104030A40002005A102145
86701 +:100330002463000130A50004A44600803C010800AD
86702 +:10034000AC23004410A000190004202B8F4202B8F7
86703 +:1003500004410008240400013C0208008C420060B3
86704 +:10036000244200013C010800AC22006003E00008C8
86705 +:10037000008010218CE2002094E300160000202170
86706 +:10038000AF4202808CE20004A7430284AF4202889D
86707 +:100390003C021000AF4202B83C0208008C42005CF4
86708 +:1003A000244200013C010800AC22005C03E000088C
86709 +:1003B000008010218F4301002402010050620003DD
86710 +:1003C000000311C20000000D000311C20002104022
86711 +:1003D000005A1021A440008003E000080000102112
86712 +:1003E0009362000003E00008AF80000003E0000813
86713 +:1003F0000000102103E00008000010212402010089
86714 +:1004000014820008000000003C0208008C4200FC3E
86715 +:10041000244200013C010800AC2200FC0A0000DD7F
86716 +:1004200030A200203C0208008C42008424420001DB
86717 +:100430003C010800AC22008430A2002010400008DB
86718 +:1004400030A300103C0208008C4201082442000145
86719 +:100450003C010800AC22010803E000080000000095
86720 +:1004600010600008000000003C0208008C420104FB
86721 +:10047000244200013C010800AC22010403E0000812
86722 +:10048000000000003C0208008C42010024420001F0
86723 +:100490003C010800AC22010003E00008000000005D
86724 +:1004A00027BDFFE8AFBF0010274401009483000878
86725 +:1004B000306200041040001B306600028F4202B818
86726 +:1004C00004410008240500013C0208008C42006041
86727 +:1004D000244200013C010800AC2200600A0001290E
86728 +:1004E0008FBF00108C82002094830016000028210A
86729 +:1004F000AF4202808C820004A7430284AF4202888C
86730 +:100500003C021000AF4202B83C0208008C42005C82
86731 +:10051000244200013C010800AC22005C0A000129D1
86732 +:100520008FBF001010C00006006028218F4401001A
86733 +:100530000E0000CD000000000A0001282405000183
86734 +:100540008F8200088F4301045043000700002821D8
86735 +:100550008F4401000E0000CD000000008F42010416
86736 +:10056000AF820008000028218FBF001000A01021DA
86737 +:1005700003E0000827BD001827BDFFE8AFBF001447
86738 +:10058000AFB00010974201083043700024022000F1
86739 +:100590001062000B286220011440002F000010217F
86740 +:1005A00024024000106200250000000024026000C8
86741 +:1005B00010620026000010210A0001658FBF0014A0
86742 +:1005C00027500100920200091040001A2403000184
86743 +:1005D0003C0208008C420020104000160000182148
86744 +:1005E0000E00049300000000960300083C0608007B
86745 +:1005F00094C64B5E8E0400188F8200209605000C76
86746 +:1006000000031C0000661825AC440000AC45000443
86747 +:1006100024040001AC400008AC40000CAC400010C9
86748 +:10062000AC400014AC4000180E0004B8AC43001CF1
86749 +:10063000000018210A000164006010210E0003254B
86750 +:10064000000000000A000164000010210E000EE905
86751 +:1006500000000000000010218FBF00148FB00010B8
86752 +:1006600003E0000827BD001827BDFFE0AFB2001867
86753 +:100670003C036010AFBF001CAFB10014AFB000105E
86754 +:100680008C6450002402FF7F3C1A800000822024EA
86755 +:100690003484380C24020037AC6450003C1208004B
86756 +:1006A00026524AD8AF42000824020C80AF420024F0
86757 +:1006B0003C1B80083C06080024C60324024010218D
86758 +:1006C0002404001D2484FFFFAC4600000481FFFDCC
86759 +:1006D000244200043C020800244204B03C0108000B
86760 +:1006E000AC224AE03C020800244202303C010800EF
86761 +:1006F000AC224AE43C020800244201743C03080096
86762 +:100700002463032C3C040800248403D83C0508001F
86763 +:1007100024A538F03C010800AC224B403C02080004
86764 +:10072000244202EC3C010800AC264B243C010800AA
86765 +:10073000AC254B343C010800AC234B3C3C01080089
86766 +:10074000AC244B443C010800AC224B483C0108005F
86767 +:10075000AC234ADC3C010800AC204AE83C0108001C
86768 +:10076000AC204AEC3C010800AC204AF03C010800F7
86769 +:10077000AC204AF43C010800AC204AF83C010800D7
86770 +:10078000AC204AFC3C010800AC204B003C010800B6
86771 +:10079000AC244B043C010800AC204B083C01080091
86772 +:1007A000AC204B0C3C010800AC204B103C01080075
86773 +:1007B000AC204B143C010800AC204B183C01080055
86774 +:1007C000AC264B1C3C010800AC264B203C01080029
86775 +:1007D000AC254B303C010800AC234B380E000623FF
86776 +:1007E000000000003C028000344200708C42000097
86777 +:1007F000AF8200143C0308008C6300208F82000449
86778 +:10080000104300043C0280000E00045BAF83000430
86779 +:100810003C028000344600703C0308008C6300A05A
86780 +:100820003C0208008C4200A4104300048F84001492
86781 +:100830003C010800AC2300A4A743009E8CCA000022
86782 +:100840003C0308008C6300BC3C0208008C4200B8EA
86783 +:100850000144202300641821000040210064202B63
86784 +:1008600000481021004410213C010800AC2300BCCA
86785 +:100870003C010800AC2200B88F5100003222000772
86786 +:100880001040FFDCAF8A00148CC600003C05080055
86787 +:100890008CA500BC3C0408008C8400B800CA30233E
86788 +:1008A00000A628210000102100A6302B0082202164
86789 +:1008B00000862021322700013C010800AC2500BC45
86790 +:1008C0003C010800AC2400B810E0001F32220002F6
86791 +:1008D0008F420100AF4200208F420104AF4200A8C6
86792 +:1008E0009342010B0E0000C6305000FF2E02001E86
86793 +:1008F00054400004001010800E0000C90A000213CA
86794 +:1009000000000000005210218C4200000040F80955
86795 +:1009100000000000104000053C0240008F4301042D
86796 +:100920003C026020AC4300143C024000AF4201385E
86797 +:100930003C0208008C420034244200013C010800C3
86798 +:10094000AC220034322200021040000E3222000499
86799 +:100950008F4201400E0000C6AF4200200E000295FB
86800 +:10096000000000003C024000AF4201783C02080059
86801 +:100970008C420038244200013C010800AC220038BF
86802 +:10098000322200041040FF983C0280008F42018018
86803 +:100990000E0000C6AF4200208F43018024020F00EA
86804 +:1009A00014620005000000008F420188A742009CED
86805 +:1009B0000A0002483C0240009362000024030050F9
86806 +:1009C000304200FF144300083C0240000E00027B4E
86807 +:1009D00000000000544000043C0240000E000D7571
86808 +:1009E000000000003C024000AF4201B83C02080099
86809 +:1009F0008C42003C244200013C010800AC22003C37
86810 +:100A00000A0001C83C0280003C0290003442000110
86811 +:100A100000822025AF4400208F4200200440FFFECA
86812 +:100A20000000000003E00008000000003C0280001D
86813 +:100A3000344200010082202503E00008AF4400207A
86814 +:100A400027BDFFE0AFB10014AFB0001000808821D7
86815 +:100A5000AFBF00180E00025030B000FF9362007D5F
86816 +:100A60000220202102028025A370007D8F70007477
86817 +:100A70003C0280000E000259020280241600000988
86818 +:100A80008FBF00188F4201F80440FFFE24020002CD
86819 +:100A9000AF5101C0A34201C43C021000AF4201F8B3
86820 +:100AA0008FBF00188FB100148FB0001003E0000852
86821 +:100AB00027BD002027BDFFE8AFBF0010974201848B
86822 +:100AC0008F440188304202001040000500002821B8
86823 +:100AD0000E000FAA000000000A00028D240500018C
86824 +:100AE0003C02FF0004800005008218243C02040040
86825 +:100AF000506200019362003E240500018FBF001088
86826 +:100B000000A0102103E0000827BD0018A360002208
86827 +:100B10008F4401400A00025E2405000127BDFFE862
86828 +:100B2000AFBF0014AFB0001093620000304400FF6C
86829 +:100B300038830020388200300003182B0002102B6D
86830 +:100B40000062182410600003240200501482008008
86831 +:100B50008FBF001493620005304200011040007CFA
86832 +:100B60008FBF0014934201482443FFFF2C6200050D
86833 +:100B7000104000788FB00010000310803C03080084
86834 +:100B800024634A68004310218C42000000400008A2
86835 +:100B9000000000000E0002508F4401408F70000CD6
86836 +:100BA0008F4201441602000224020001AF62000CD1
86837 +:100BB0000E0002598F4401408F420144145000043A
86838 +:100BC0008FBF00148FB000100A000F2027BD00183F
86839 +:100BD0008F62000C0A0003040000000097620010FE
86840 +:100BE0008F4301443042FFFF1462001A00000000EE
86841 +:100BF00024020001A76200108F4202380443001053
86842 +:100C00008F4201403C02003F3446F0003C0560004A
86843 +:100C10003C04FFC08CA22BBC0044182400461024C6
86844 +:100C20000002130200031D82106200390000000060
86845 +:100C30008F4202380440FFF7000000008F4201405D
86846 +:100C4000AF4202003C021000AF4202380A00032209
86847 +:100C50008FBF0014976200100A0003040000000018
86848 +:100C60000E0002508F440140976200128F430144EE
86849 +:100C70003050FFFF1603000224020001A762001299
86850 +:100C80000E0002598F4401408F42014416020004B5
86851 +:100C90008FBF00148FB000100A00029127BD00180A
86852 +:100CA000976200120A00030400000000976200141B
86853 +:100CB0008F4301443042FFFF14620006240200010A
86854 +:100CC0008FBF00148FB00010A76200140A00124AF0
86855 +:100CD00027BD0018976200141440001D8FBF001438
86856 +:100CE0000A00031C00000000976200168F430144B5
86857 +:100CF0003042FFFF1462000B240200018FBF00147A
86858 +:100D00008FB00010A76200160A000B1227BD001852
86859 +:100D10009742007824420004A76200100A000322D0
86860 +:100D20008FBF001497620016240300013042FFFFBA
86861 +:100D3000144300078FBF00143C0208008C4200706F
86862 +:100D4000244200013C010800AC2200708FBF001457
86863 +:100D50008FB0001003E0000827BD001827BDFFE892
86864 +:100D6000AFBF0014AFB000108F50010093620000BD
86865 +:100D700093430109304400FF2402001F106200A5C4
86866 +:100D80002862002010400018240200382862000A5F
86867 +:100D90001040000C2402000B286200081040002CB8
86868 +:100DA00000000000046000E52862000214400028F2
86869 +:100DB00024020006106200268FBF00140A00041FE0
86870 +:100DC0008FB000101062005E2862000B144000DC3F
86871 +:100DD0008FBF00142402000E106200738FB0001049
86872 +:100DE0000A00041F00000000106200C028620039E1
86873 +:100DF0001040000A2402008024020036106200CA5B
86874 +:100E000028620037104000B424020035106200C18F
86875 +:100E10008FBF00140A00041F8FB000101062002B57
86876 +:100E20002862008110400006240200C82402003914
86877 +:100E3000106200B48FBF00140A00041F8FB00010AE
86878 +:100E4000106200998FBF00140A00041F8FB00010B9
86879 +:100E50003C0208008C420020104000B98FBF0014F3
86880 +:100E60000E000493000000008F4201008F830020D9
86881 +:100E70009745010C97460108AC6200008F420104BF
86882 +:100E80003C04080094844B5E00052C00AC62000416
86883 +:100E90008F4201180006340000C43025AC620008FF
86884 +:100EA0008F42011C24040001AC62000C9342010A31
86885 +:100EB00000A22825AC650010AC600014AC600018DE
86886 +:100EC000AC66001C0A0003F58FBF00143C0208004A
86887 +:100ED0008C4200201040009A8FBF00140E00049333
86888 +:100EE00000000000974401083C03080094634B5E37
86889 +:100EF0009745010C000422029746010E8F820020C4
86890 +:100F0000000426000083202500052C003C030080FF
86891 +:100F100000A6282500832025AC400000AC4000043A
86892 +:100F2000AC400008AC40000CAC450010AC400014D4
86893 +:100F3000AC400018AC44001C0A0003F42404000177
86894 +:100F40009742010C14400015000000009362000558
86895 +:100F50003042001014400011000000000E0002504A
86896 +:100F6000020020219362000502002021344200107B
86897 +:100F70000E000259A36200059362000024030020C2
86898 +:100F8000304200FF1043006D020020218FBF00148B
86899 +:100F90008FB000100A000FC027BD00180000000D20
86900 +:100FA0000A00041E8FBF00143C0208008C4200207F
86901 +:100FB000104000638FBF00140E0004930000000077
86902 +:100FC0008F4201048F8300209744010C3C050800E8
86903 +:100FD00094A54B5EAC6200009762002C00042400D4
86904 +:100FE0003042FFFF008220253C02400E00A228254F
86905 +:100FF000AC640004AC600008AC60000CAC60001095
86906 +:10100000AC600014AC600018AC65001C0A0003F46E
86907 +:10101000240400010E00025002002021A7600008F5
86908 +:101020000E00025902002021020020210E00025E63
86909 +:10103000240500013C0208008C42002010400040C2
86910 +:101040008FBF00140E000493000000009742010CB3
86911 +:101050008F8300203C05080094A54B5E000214001D
86912 +:10106000AC700000AC620004AC6000088F64004CFF
86913 +:101070003C02401F00A22825AC64000C8F62005087
86914 +:1010800024040001AC6200108F620054AC620014B2
86915 +:10109000AC600018AC65001C8FBF00148FB000104E
86916 +:1010A0000A0004B827BD0018240200205082002541
86917 +:1010B0008FB000100E000F0A020020211040002007
86918 +:1010C0008FBF0014020020218FB0001000002821E3
86919 +:1010D0000A00025E27BD0018020020218FBF001405
86920 +:1010E0008FB000100A00058027BD00189745010C3D
86921 +:1010F000020020218FBF00148FB000100A0005A04D
86922 +:1011000027BD0018020020218FB000100A0005C57D
86923 +:1011100027BD00189345010D020020218FB000105B
86924 +:101120000A00060F27BD0018020020218FBF0014FF
86925 +:101130008FB000100A0005EB27BD00188FBF001408
86926 +:101140008FB0001003E0000827BD00188F4202781E
86927 +:101150000440FFFE2402000234840080AF440240B9
86928 +:10116000A34202443C02100003E00008AF420278B0
86929 +:101170003C04080094844B6A3C0208008C424B7487
86930 +:101180003083FFFF000318C000431021AF42003C32
86931 +:101190003C0208008C424B70AF4200383C020050C9
86932 +:1011A00034420008AF4200300000000000000000A0
86933 +:1011B000000000008F420000304200201040FFFD80
86934 +:1011C000000000008F4204003C010800AC224B608C
86935 +:1011D0008F4204043C010800AC224B643C02002016
86936 +:1011E000AF420030000000003C02080094424B680F
86937 +:1011F0003C03080094634B6C3C05080094A54B6EBF
86938 +:1012000024840001004310213083FFFF3C010800CB
86939 +:10121000A4224B683C010800A4244B6A1465000317
86940 +:10122000000000003C010800A4204B6A03E0000815
86941 +:10123000000000003C05000A27BDFFE80345282107
86942 +:101240003C04080024844B50AFBF00100E00051D65
86943 +:101250002406000A3C02080094424B523C0308005A
86944 +:1012600094634B6E3042000F244200030043180485
86945 +:1012700024027FFF0043102B10400002AF83001CAC
86946 +:101280000000000D0E00042A000000003C020800CF
86947 +:1012900094424B5A8FBF001027BD001803E000088E
86948 +:1012A000A74200A23C02000A034210219443000618
86949 +:1012B0003C02080094424B5A3C010800A4234B56C0
86950 +:1012C000004310238F83001C00021400000214034B
86951 +:1012D0000043102B03E000083842000127BDFFE85F
86952 +:1012E000AFBF00103C02000A0342102194420006E6
86953 +:1012F0003C010800A4224B560E00047700000000B9
86954 +:101300005440FFF93C02000A8FBF001003E00008C0
86955 +:1013100027BD001827BDFFE8AFBF00100E000477FF
86956 +:101320000000000010400003000000000E000485D3
86957 +:10133000000000003C0208008C424B608FBF001090
86958 +:1013400027430400AF4200383C0208008C424B6443
86959 +:1013500027BD0018AF830020AF42003C3C020005CF
86960 +:10136000AF42003003E00008AF8000188F82001801
86961 +:101370003C0300060002114000431025AF4200303C
86962 +:101380000000000000000000000000008F4200008C
86963 +:10139000304200101040FFFD27420400AF820020C1
86964 +:1013A00003E00008AF8000183C0608008CC64B64C0
86965 +:1013B0008F8500188F8300203C02080094424B5A0E
86966 +:1013C00027BDFFE024A50001246300202442000182
86967 +:1013D00024C70020AFB10014AFB00010AFBF001899
86968 +:1013E000AF850018AF8300203C010800A4224B5AAF
86969 +:1013F000309000FF3C010800AC274B6404C100089A
86970 +:101400000000882104E00006000000003C02080003
86971 +:101410008C424B60244200013C010800AC224B602E
86972 +:101420003C02080094424B5A3C03080094634B680A
86973 +:101430000010202B004310262C42000100441025F0
86974 +:10144000144000048F830018240200101462000F5F
86975 +:10145000000000000E0004A9241100013C03080054
86976 +:1014600094634B5A3C02080094424B681462000398
86977 +:10147000000000000E00042A000000001600000317
86978 +:10148000000000000E000493000000003C03080070
86979 +:1014900094634B5E3C02080094424B5C2463000161
86980 +:1014A0003064FFFF3C010800A4234B5E148200035C
86981 +:1014B000000000003C010800A4204B5E1200000662
86982 +:1014C000000000003C02080094424B5AA74200A2D0
86983 +:1014D0000A00050B022010210E0004770000000016
86984 +:1014E00010400004022010210E00048500000000BE
86985 +:1014F000022010218FBF00188FB100148FB0001090
86986 +:1015000003E0000827BD00203084FFFF30A5FFFF67
86987 +:101510000000182110800007000000003082000148
86988 +:101520001040000200042042006518210A00051343
86989 +:101530000005284003E000080060102110C00006EC
86990 +:1015400024C6FFFF8CA2000024A50004AC8200008A
86991 +:101550000A00051D2484000403E0000800000000C8
86992 +:1015600010A0000824A3FFFFAC86000000000000CC
86993 +:10157000000000002402FFFF2463FFFF1462FFFA53
86994 +:101580002484000403E0000800000000240200019D
86995 +:10159000AF62000CA7620010A7620012A7620014DD
86996 +:1015A00003E00008A76200163082007F034210218A
86997 +:1015B0003C08000E004818213C0208008C42002024
86998 +:1015C00027BDFFD82407FF80AFB3001CAFB20018BF
86999 +:1015D000AFB10014AFB00010AFBF00200080802179
87000 +:1015E00030B100FF0087202430D200FF1040002FD0
87001 +:1015F00000009821AF44002C9062000024030050AA
87002 +:10160000304200FF1443000E000000003C020800BE
87003 +:101610008C4200E00202102100471024AF42002C4F
87004 +:101620003C0208008C4200E0020210213042007FA0
87005 +:101630000342102100481021944200D43053FFFF90
87006 +:101640000E000493000000003C02080094424B5E30
87007 +:101650008F8300200011340000C2302500122C00BE
87008 +:101660003C02400000C2302534A50001AC700000EF
87009 +:101670008FBF0020AC6000048FB20018AC7300086C
87010 +:101680008FB10014AC60000C8FB3001CAC6500106F
87011 +:101690008FB00010AC60001424040001AC6000188E
87012 +:1016A00027BD00280A0004B8AC66001C8FBF0020CC
87013 +:1016B0008FB3001C8FB200188FB100148FB00010D0
87014 +:1016C00003E0000827BD00289343010F2402001007
87015 +:1016D0001062000E2865001110A0000724020012FD
87016 +:1016E000240200082405003A1062000600003021A0
87017 +:1016F00003E0000800000000240500351462FFFC30
87018 +:10170000000030210A000538000000008F420074FC
87019 +:1017100024420FA003E00008AF62000C27BDFFE8E1
87020 +:10172000AFBF00100E00025E240500018FBF001045
87021 +:1017300024020001A762001227BD00182402000144
87022 +:1017400003E00008A360002227BDFFE0AFB1001452
87023 +:10175000AFB00010AFBF001830B1FFFF0E00025055
87024 +:10176000008080219362003F24030004304200FF88
87025 +:101770001443000C02002021122000082402000A59
87026 +:101780000E00053100000000936200052403FFFEF7
87027 +:1017900000431024A362000524020012A362003F4C
87028 +:1017A000020020210E000259A360008116200003D0
87029 +:1017B000020020210E0005950000000002002021FB
87030 +:1017C000322600FF8FBF00188FB100148FB00010B9
87031 +:1017D000240500380A00053827BD002027BDFFE09A
87032 +:1017E000AFBF001CAFB20018AFB10014AFB0001013
87033 +:1017F0000E000250008080210E0005310000000024
87034 +:101800009362003F24120018305100FF123200038F
87035 +:101810000200202124020012A362003F936200050F
87036 +:101820002403FFFE004310240E000259A3620005AA
87037 +:10183000020020212405002016320007000030217C
87038 +:101840008FBF001C8FB200188FB100148FB0001032
87039 +:101850000A00025E27BD00208FBF001C8FB2001857
87040 +:101860008FB100148FB00010240500390A0005382C
87041 +:1018700027BD002027BDFFE8AFB00010AFBF0014A8
87042 +:101880009742010C2405003600808021144000108E
87043 +:10189000304600FF0E00025000000000240200123B
87044 +:1018A000A362003F93620005344200100E00053130
87045 +:1018B000A36200050E00025902002021020020212F
87046 +:1018C0000E00025E240500200A000604000000004D
87047 +:1018D0000E000538000000000E000250020020211A
87048 +:1018E000936200232403FF9F020020210043102461
87049 +:1018F0008FBF00148FB00010A36200230A000259AA
87050 +:1019000027BD001827BDFFE0AFBF0018AFB100141E
87051 +:10191000AFB0001030B100FF0E00025000808021F7
87052 +:10192000240200120E000531A362003F0E0002598E
87053 +:101930000200202102002021022030218FBF001848
87054 +:101940008FB100148FB00010240500350A0005384F
87055 +:1019500027BD0020A380002C03E00008A380002DF9
87056 +:101960008F4202780440FFFE8F820034AF42024073
87057 +:1019700024020002A34202443C02100003E00008DB
87058 +:10198000AF4202783C0360008C6254003042000891
87059 +:101990001440FFFD000000008C625408AF82000C70
87060 +:1019A00024020052AC605408AC645430AC6254342D
87061 +:1019B0002402000803E00008AC6254003C0260000E
87062 +:1019C0008C42540030420008104000053C03600087
87063 +:1019D0008C625400304200081440FFFD00000000FB
87064 +:1019E0008F83000C3C02600003E00008AC43540805
87065 +:1019F00090A3000024020005008040213063003FD6
87066 +:101A000000004821146200050000502190A2001C33
87067 +:101A100094A3001E304900FF306AFFFFAD00000CA8
87068 +:101A2000AD000010AD000024950200148D05001CCF
87069 +:101A30008D0400183042FFFF0049102300021100FE
87070 +:101A4000000237C3004038210086202300A2102B5B
87071 +:101A50000082202300A72823AD05001CAD04001838
87072 +:101A6000A5090014A5090020A50A001603E0000836
87073 +:101A7000A50A00228F4201F80440FFFE2402000262
87074 +:101A8000AF4401C0A34201C43C02100003E00008BF
87075 +:101A9000AF4201F83C0208008C4200B427BDFFE8C9
87076 +:101AA000AFBF001424420001AFB000103C01080099
87077 +:101AB000AC2200B48F4300243C02001F30AA00FF78
87078 +:101AC0003442FF8030D800FF006280240080F8217B
87079 +:101AD00030EF00FF1158003B01405821240CFF80DB
87080 +:101AE0003C19000A3163007F000310C00003194055
87081 +:101AF000006218213C0208008C4200DC25680001CD
87082 +:101B0000310D007F03E21021004310213043007F9C
87083 +:101B100003431821004C102400794821AF420024CF
87084 +:101B20008D220024016C1824006C7026AD22000C5C
87085 +:101B30008D220024310800FFAD22001095220014F0
87086 +:101B4000952300208D27001C3042FFFF3063FFFFEC
87087 +:101B50008D2600180043102300021100000227C345
87088 +:101B60000040282100C4302300E2102B00C23023A3
87089 +:101B700000E53823AD27001CAD2600189522002073
87090 +:101B8000A522001495220022154B000AA52200165A
87091 +:101B90008D2300248D220008254600013145008058
87092 +:101BA0001462000430C4007F108F000238AA008045
87093 +:101BB00000C0502151AF000131C800FF1518FFC906
87094 +:101BC000010058218F8400343082007F03421821A5
87095 +:101BD0003C02000A006218212402FF8000822024B7
87096 +:101BE000AF440024A06A0079A06A00838C62005090
87097 +:101BF0008F840034AC6200708C6500743C027FFFFF
87098 +:101C00003442FFFF00A228240E00066BAC6500746E
87099 +:101C1000AF5000248FBF00148FB0001003E0000805
87100 +:101C200027BD001827BDFFC0AFBE0038AFB70034D6
87101 +:101C3000AFB5002CAFB20020AFB1001CAFB00018A0
87102 +:101C4000AFBF003CAFB60030AFB40028AFB3002444
87103 +:101C50008F4500248F4600288F43002C3C02001F34
87104 +:101C60003442FF800062182400C230240080A82182
87105 +:101C7000AFA3001400A2F0240E00062FAFA60010A0
87106 +:101C80003C0208008C4200E02410FF8003608821A1
87107 +:101C900002A2102100501024AF4200243C02080090
87108 +:101CA0008C4200E002A210213042007F0342182142
87109 +:101CB0003C02000A00629021924200D293630084A9
87110 +:101CC000305700FF306300FF24020001106200342F
87111 +:101CD000036020212402000214620036000000008C
87112 +:101CE0000E001216024028219223008392220083C4
87113 +:101CF0003063007F3042007F000210C000031940B3
87114 +:101D0000006218213C0208008C4200DC02A2102173
87115 +:101D10000043382100F01024AF42002892250078BB
87116 +:101D20009224008330E2007F034218213C02000C21
87117 +:101D300014850007006280212402FFFFA24200F107
87118 +:101D40002402FFFFA64200F20A0007272402FFFF39
87119 +:101D500096020020A24200F196020022A64200F262
87120 +:101D60008E020024AE4200F492220083A24200F0D0
87121 +:101D70008E4200C8AE4200FC8E4200C4AE4200F863
87122 +:101D80008E220050AE4201008E4200CCAE420104D1
87123 +:101D9000922200853042003F0A0007823442004010
87124 +:101DA0000E00123902402821922200850A00078283
87125 +:101DB0003042003F936200852403FFDF3042003F42
87126 +:101DC000A36200859362008500431024A36200850E
87127 +:101DD0009363008393620078307400FF304200FF09
87128 +:101DE00010540036240AFF803C0C000C3283007F24
87129 +:101DF000000310C000031940006218213C020800D3
87130 +:101E00008C4200DC268800013109007F02A21021EB
87131 +:101E10000043382130E2007F0342182100EA1024F9
87132 +:101E2000AF420028006C80218E020024028A182410
87133 +:101E3000006A5826AE02000C8E020024310800FF12
87134 +:101E4000AE02001096020014960300208E07001CBC
87135 +:101E50003042FFFF3063FFFF8E060018004310235F
87136 +:101E600000021100000227C30040282100C43023D3
87137 +:101E700000E2102B00C2302300E53823AE07001C1F
87138 +:101E8000AE06001896020020A60200149602002258
87139 +:101E9000A602001692220079304200FF105400077B
87140 +:101EA0000000000051370001316800FF92220078E5
87141 +:101EB000304200FF1448FFCD0100A0219222008390
87142 +:101EC000A22200798E2200500A0007E2AE220070A2
87143 +:101ED000A22200858E22004C2405FF80AE42010C18
87144 +:101EE0009222008534420020A2220085924200D135
87145 +:101EF0003C0308008C6300DC305400FF3C02080007
87146 +:101F00008C4200E400143140001420C002A31821C8
87147 +:101F100000C4202102A210210064382100461021B3
87148 +:101F20000045182400E52824AF450028AF43002CC5
87149 +:101F30003042007F924400D030E3007F03422821EA
87150 +:101F4000034318213C02000C006280213C02000E79
87151 +:101F5000309600FF00A298211296002A000000008F
87152 +:101F60008E02000C02002021026028211040002572
87153 +:101F7000261000280E00064A000000009262000DA4
87154 +:101F800026830001307400FF3042007FA262000D02
87155 +:101F90002404FF801697FFF0267300203C020800FF
87156 +:101FA0008C4200DC0000A02102A210210044102479
87157 +:101FB000AF4200283C0208008C4200E43C030800C9
87158 +:101FC0008C6300DC02A2102100441024AF42002CDC
87159 +:101FD0003C0208008C4200E402A318213063007F19
87160 +:101FE00002A210213042007F034220210343182126
87161 +:101FF0003C02000C006280213C02000E0A0007A493
87162 +:10200000008298218E4200D8AE2200508E4200D825
87163 +:10201000AE22007092250083924600D19223008365
87164 +:10202000924400D12402FF8000A228243063007F64
87165 +:10203000308400FF00A628250064182A10600002E2
87166 +:1020400030A500FF38A50080A2250083A2250079D5
87167 +:102050000E00063D000000009222007E02A020211A
87168 +:10206000A222007A8E2300743C027FFF3442FFFFDD
87169 +:10207000006218240E00066BAE2300748FA20010BD
87170 +:10208000AF5E00248FBF003CAF4200288FBE0038F7
87171 +:102090008FA200148FB700348FB600308FB5002C9C
87172 +:1020A0008FB400288FB300248FB200208FB1001CA2
87173 +:1020B0008FB0001827BD004003E00008AF42002C9D
87174 +:1020C00090A2000024420001A0A200003C030800EE
87175 +:1020D0008C6300F4304200FF1443000F0080302175
87176 +:1020E000A0A000003C0208008C4200E48F84003471
87177 +:1020F000008220213082007F034218213C02000C24
87178 +:10210000006218212402FF8000822024ACC300005A
87179 +:1021100003E00008AF4400288C8200002442002025
87180 +:1021200003E00008AC82000094C200003C080800F4
87181 +:10213000950800CA30E7FFFF008048210102102106
87182 +:10214000A4C2000094C200003042FFFF00E2102B46
87183 +:1021500054400001A4C7000094A200003C03080002
87184 +:102160008C6300CC24420001A4A2000094A20000D1
87185 +:102170003042FFFF544300078F8600280107102BD1
87186 +:10218000A4A000005440000101003821A4C70000B1
87187 +:102190008F8600288CC4001CAF44003C94A2000031
87188 +:1021A0008F43003C3042FFFF000210C00062182144
87189 +:1021B000AF43003C8F42003C008220231880000483
87190 +:1021C000000000008CC200180A00084324420001ED
87191 +:1021D0008CC20018AF4200383C020050344200105C
87192 +:1021E000AF420030000000000000000000000000CE
87193 +:1021F0008F420000304200201040FFFD0000000030
87194 +:102200008F420404AD2200048F420400AD2200007E
87195 +:102210003C020020AF42003003E000080000000054
87196 +:1022200027BDFFE0AFB20018AFB10014AFB000108F
87197 +:10223000AFBF001C94C2000000C080213C12080007
87198 +:10224000965200C624420001A60200009603000038
87199 +:1022500094E2000000E03021144300058FB100300B
87200 +:102260000E000818024038210A000875000000001E
87201 +:102270008C8300048C820004244200400461000727
87202 +:10228000AC8200048C8200040440000400000000C2
87203 +:102290008C82000024420001AC8200009602000003
87204 +:1022A0003042FFFF50520001A600000096220000BD
87205 +:1022B00024420001A62200008F82002896230000FD
87206 +:1022C00094420016144300048FBF001C2402000136
87207 +:1022D000A62200008FBF001C8FB200188FB100141F
87208 +:1022E0008FB0001003E0000827BD00208F89002870
87209 +:1022F00027BDFFE0AFBF00188D220028274804004B
87210 +:1023000030E700FFAF4200388D22002CAF8800304C
87211 +:10231000AF42003C3C020005AF420030000000002C
87212 +:1023200000000000000000000000000000000000AD
87213 +:10233000000000008C82000C8C82000CAD020000BA
87214 +:102340008C820010AD0200048C820018AD020008DF
87215 +:102350008C82001CAD02000C8CA20014AD02001097
87216 +:102360008C820020AD02001490820005304200FFF4
87217 +:1023700000021200AD0200188CA20018AD02001C71
87218 +:102380008CA2000CAD0200208CA20010AD02002433
87219 +:102390008CA2001CAD0200288CA20020AD02002CF3
87220 +:1023A000AD060030AD000034978300263402FFFFF5
87221 +:1023B00014620002006020213404FFFF10E00011CD
87222 +:1023C000AD04003895230036952400362402000120
87223 +:1023D0003063FFFF000318C20069182190650040B8
87224 +:1023E000308400070082100400451025A0620040E0
87225 +:1023F0008F820028944200563042FFFF0A0008DC1A
87226 +:10240000AD02003C952300369524003624020001DD
87227 +:102410003063FFFF000318C2006918219065004077
87228 +:1024200030840007008210040002102700451024A9
87229 +:10243000A0620040AD00003C000000000000000071
87230 +:10244000000000003C02000634420040AF42003071
87231 +:102450000000000000000000000000008F420000AB
87232 +:10246000304200101040FFFD8F860028AF880030FA
87233 +:1024700024C2005624C7003C24C4002824C50032CE
87234 +:1024800024C600360E000856AFA200108FBF0018F9
87235 +:1024900003E0000827BD00208F8300243C060800CD
87236 +:1024A0008CC600E88F82003430633FFF0003198040
87237 +:1024B00000461021004310212403FF803046007F96
87238 +:1024C00000431024AF420028034618213C02000CB0
87239 +:1024D0000062302190C2000D30A500FF00003821BD
87240 +:1024E00034420010A0C2000D8F8900288F8A00247A
87241 +:1024F00095230036000A13823048000324020001AD
87242 +:10250000A4C3000E1102000B2902000210400005B6
87243 +:10251000240200021100000C240300010A0009201B
87244 +:102520000000182111020006000000000A00092026
87245 +:10253000000018218CC2002C0A000920244300014D
87246 +:102540008CC20014244300018CC200180043102BDD
87247 +:1025500050400009240700012402002714A20003B0
87248 +:10256000000000000A00092C240700019522003E0B
87249 +:1025700024420001A522003E000A138230430003DA
87250 +:102580002C62000210400009008028211460000421
87251 +:102590000000000094C200360A00093C3046FFFFEC
87252 +:1025A0008CC600380A00093C008028210000302138
87253 +:1025B0003C04080024844B780A00088900000000CD
87254 +:1025C000274901008D22000C9523000601202021BF
87255 +:1025D000000216023046003F3063FFFF240200274E
87256 +:1025E00000C0282128C7002810C2000EAF83002495
87257 +:1025F00010E00008240200312402002110C200096A
87258 +:102600002402002510C200079382002D0A00095BF6
87259 +:102610000000000010C200059382002D0A00095B33
87260 +:10262000000000000A0008F4000000000A0006266E
87261 +:102630000000000095230006912400058D25000C64
87262 +:102640008D2600108D2700188D28001C8D29002054
87263 +:10265000244200013C010800A4234B7E3C010800F9
87264 +:10266000A0244B7D3C010800AC254B843C010800B4
87265 +:10267000AC264B883C010800AC274B903C0108007D
87266 +:10268000AC284B943C010800AC294B9803E00008AF
87267 +:10269000A382002D8F87002827BDFFC0AFB3003471
87268 +:1026A000AFB20030AFB1002CAFB00028AFBF0038E0
87269 +:1026B0003C0208008C4200D094E3003030B0FFFFB1
87270 +:1026C000005010073045FFFF3063FFFF00C0982126
87271 +:1026D000A7A200103C110800963100C614A3000602
87272 +:1026E0003092FFFF8CE2002424420030AF42003CD5
87273 +:1026F0000A0009948CE2002094E200323042FFFF8D
87274 +:1027000054A2000827A400188CE2002C24420030B8
87275 +:10271000AF42003C8CE20028AF4200380A0009A218
87276 +:102720008F84002827A5001027A60020022038212A
87277 +:102730000E000818A7A000208FA200182442003025
87278 +:10274000AF4200388FA2001CAF42003C8F840028AB
87279 +:102750003C020005AF42003094820034274304005D
87280 +:102760003042FFFF0202102B14400007AF830030FD
87281 +:1027700094820054948300340202102100431023F9
87282 +:102780000A0009B63043FFFF94830054948200345A
87283 +:102790000223182100501023006218233063FFFF2A
87284 +:1027A000948200163042FFFF144300030000000033
87285 +:1027B0000A0009C424030001948200163042FFFF7E
87286 +:1027C0000043102B104000058F82003094820016C9
87287 +:1027D000006210233043FFFF8F820030AC530000B3
87288 +:1027E000AC400004AC520008AC43000C3C020006B4
87289 +:1027F00034420010AF420030000000000000000032
87290 +:10280000000000008F420000304200101040FFFD29
87291 +:10281000001018C2006418219065004032040007BF
87292 +:10282000240200018FBF00388FB300348FB2003014
87293 +:102830008FB1002C8FB000280082100400451025B5
87294 +:1028400027BD004003E00008A062004027BDFFA8AC
87295 +:10285000AFB60050AFB5004CAFB40048AFB30044C2
87296 +:10286000AFB1003CAFBF0054AFB20040AFB00038D2
87297 +:102870008C9000003C0208008C4200E88F860034F7
87298 +:10288000960300022413FF8000C2302130633FFF13
87299 +:102890000003198000C3382100F3102490B2000017
87300 +:1028A000AF42002C9203000230E2007F034230214D
87301 +:1028B0003C02000E00C28821306300C024020040A8
87302 +:1028C0000080A82100A0B021146200260000A021F1
87303 +:1028D0008E3400388E2200181440000224020001B9
87304 +:1028E000AE2200189202000D304200201440001564
87305 +:1028F0008F8200343C0308008C6300DC001238C077
87306 +:10290000001231400043102100C730210046382119
87307 +:1029100030E300073C02008030E6007800C230253A
87308 +:102920000343182100F31024AF4208002463090078
87309 +:10293000AF4608108E2200188C6300080043102157
87310 +:10294000AE2200188E22002C8E2300182442000193
87311 +:102950000062182B1060003D000000000A000A7899
87312 +:1029600000000000920300022402FFC00043102474
87313 +:10297000304200FF1440000524020001AE2200187E
87314 +:10298000962200360A000A613054FFFF8E2200149E
87315 +:1029900024420001AE22001892020000000216003C
87316 +:1029A0000002160304410029000000009602000204
87317 +:1029B00027A4001000802821A7A20016960200027A
87318 +:1029C00024070001000030213042FFFFAF820024C5
87319 +:1029D0000E000889AFA0001C960300023C0408000A
87320 +:1029E0008C8400E88F82003430633FFF000319803D
87321 +:1029F00000441021004310213043007F3C05000CAF
87322 +:102A00000053102403431821AF4200280065182109
87323 +:102A10009062000D001221403042007FA062000D44
87324 +:102A20003C0308008C6300E48F82003400431021D3
87325 +:102A30000044382130E2007F03421021004510217C
87326 +:102A400000F31824AF430028AEA200009222000D2C
87327 +:102A5000304200101040001302A020218F83002874
87328 +:102A60008EA40000028030219462003E2442FFFFC9
87329 +:102A7000A462003E948400029625000E3084FFFF7D
87330 +:102A80000E00097330A5FFFF8F82002894430034A5
87331 +:102A90009622000E1443000302A02021240200010C
87332 +:102AA000A382002C02C028210E0007FE00000000B7
87333 +:102AB0008FBF00548FB600508FB5004C8FB40048C4
87334 +:102AC0008FB300448FB200408FB1003C8FB000380C
87335 +:102AD00003E0000827BD00588F82002827BDFFD0E3
87336 +:102AE000AFB40028AFB20020AFBF002CAFB30024BA
87337 +:102AF000AFB1001CAFB00018904400D0904300D19B
87338 +:102B00000000A021309200FFA3A30010306300FF5B
87339 +:102B10008C5100D88C5300DC1072002B2402000171
87340 +:102B20003C0308008C6300E493A400108F820034FF
87341 +:102B30002406FF800004214000431021004410219E
87342 +:102B40003043007F00461024AF4200280343182181
87343 +:102B50003C02000C006218218C62000427A40014BF
87344 +:102B600027A50010022280210270102304400015C6
87345 +:102B7000AFA300149062000D00C21024304200FF89
87346 +:102B800014400007020088219062000D344200408A
87347 +:102B90000E0007FEA062000D0A000ABD93A20010FD
87348 +:102BA0000E0009E1241400018F830028AC7000D8C6
87349 +:102BB00093A20010A06200D193A200101452FFD87B
87350 +:102BC0000000000024020001168200048FBF002CC8
87351 +:102BD0000E000626000000008FBF002C8FB40028D6
87352 +:102BE0008FB300248FB200208FB1001C8FB000186B
87353 +:102BF00003E0000827BD003027BDFFD8AFB3001C9D
87354 +:102C0000AFB20018AFB10014AFB00010AFBF0020DA
87355 +:102C10000080982100E0802130B1FFFF0E00049376
87356 +:102C200030D200FF000000000000000000000000A3
87357 +:102C30008F820020AC510000AC520004AC5300085D
87358 +:102C4000AC40000CAC400010AC400014AC4000188C
87359 +:102C50003C03080094634B5E02038025AC50001CCB
87360 +:102C6000000000000000000000000000240400013B
87361 +:102C70008FBF00208FB3001C8FB200188FB10014DB
87362 +:102C80008FB000100A0004B827BD002827BDFFE858
87363 +:102C9000AFB00010AFBF001430A5FFFF30C600FF7B
87364 +:102CA0000080802124020C80AF420024000000003C
87365 +:102CB0000000000000000000000000000000000014
87366 +:102CC0000E000ACC000000003C040800248400E050
87367 +:102CD0008C8200002403FF808FBF001402021021A9
87368 +:102CE00000431024AF4200248C8200003C03000A01
87369 +:102CF000020280213210007F035010218FB000109B
87370 +:102D00000043102127BD001803E00008AF8200280F
87371 +:102D100027BDFFE8AFBF00108F4401403C0308000F
87372 +:102D20008C6300E02402FF80AF840034008318210C
87373 +:102D300000621024AF4200243C02000803424021FC
87374 +:102D4000950500023063007F3C02000A034318210E
87375 +:102D50000062182130A5FFFF3402FFFF0000302180
87376 +:102D60003C07602010A20006AF8300282402FFFF6A
87377 +:102D7000A5020002946500D40E000AF130A5FFFF01
87378 +:102D80008FBF001024020C8027BD001803E000084C
87379 +:102D9000AF4200243C020008034240219502000299
87380 +:102DA0003C0A0800954A00C63046FFFF14C00007E1
87381 +:102DB0003402FFFF8F8200288F8400343C0760209C
87382 +:102DC000944500D40A000B5A30A5FFFF10C200241E
87383 +:102DD0008F87002894E2005494E400163045FFFFEA
87384 +:102DE00000A6102300A6182B3089FFFF10600004F6
87385 +:102DF0003044FFFF00C51023012210233044FFFFA1
87386 +:102E0000008A102B1040000C012A1023240200011C
87387 +:102E1000A50200162402FFFFA502000294E500D4DB
87388 +:102E20008F8400340000302130A5FFFF3C07602074
87389 +:102E30000A000AF1000000000044102A10400008B7
87390 +:102E4000000000009502001630420001104000040E
87391 +:102E5000000000009742007E24420014A5020016E4
87392 +:102E600003E00008000000008F84002827BDFFE079
87393 +:102E7000AFBF0018948200349483003E1060001AA3
87394 +:102E80003048FFFF9383002C2402000114620027C6
87395 +:102E90008FBF00188F820028000818C23108000771
87396 +:102EA000006218212447003A244900542444002099
87397 +:102EB000244500302446003490620040304200FF38
87398 +:102EC0000102100730420001104000168FBF0018A9
87399 +:102ED0000E000856AFA900108F82002894420034DB
87400 +:102EE0000A000B733048FFFF94830036948200344D
87401 +:102EF0001043000E8FBF001894820036A482003465
87402 +:102F000094820056A48200548C82002CAC8200244F
87403 +:102F100094820032A48200309482003CA482003A61
87404 +:102F20008FBF00180A000B3327BD002003E0000804
87405 +:102F300027BD002027BDFFE8AFBF00108F4A01006A
87406 +:102F40003C0508008CA500E03C02080090424B8440
87407 +:102F50003C0C0800958C4B7E01452821304B003FEE
87408 +:102F600030A2007F03424021396900323C02000A4E
87409 +:102F70003963003F2C630001010240212D2900012B
87410 +:102F80002402FF8000A2282401234825AF8A0034B0
87411 +:102F900000801821AF450024000030210080282146
87412 +:102FA00024070001AF8800283C04080024844B78E3
87413 +:102FB000AF8C002415200007A380002D24020020E0
87414 +:102FC0005562000F006020213402FFFF5582000C83
87415 +:102FD000006020212402002015620005000000008E
87416 +:102FE0008C6300142402FFFF106200070000000041
87417 +:102FF0000E000889000000000A000BD0000000004D
87418 +:103000000E0008F4016028210E000B68000000008B
87419 +:103010008FBF001024020C8027BD001803E00008B9
87420 +:10302000AF4200243C0208008C4200E027BDFFA014
87421 +:10303000AFB1003C008210212411FF80AFBE0058C8
87422 +:10304000AFB70054AFB20040AFB00038AFBF005CC4
87423 +:10305000AFB60050AFB5004CAFB40048AFB30044BA
87424 +:10306000005110248F4800248F4900288F470028E2
87425 +:10307000AF4200243C0208008C4200E00080902116
87426 +:1030800024060006008210213042007F03421821EE
87427 +:103090003C02000A006280213C02001F3442FF8093
87428 +:1030A00000E2382427A40010260500F00122F024B5
87429 +:1030B0000102B8240E00051DAFA700308FA2001832
87430 +:1030C000AE0200C48FA2001CAE0200C88FA2002472
87431 +:1030D000AE0200CC93A40010920300D12402FF8022
87432 +:1030E0000082102400431025304900FF3083007F08
87433 +:1030F0003122007F0062102A10400004000310C03B
87434 +:1031000001311026304900FF000310C000031940B0
87435 +:10311000006218213C0208008C4200DC920400D2BC
87436 +:10312000024210210043102100511024AF42002818
87437 +:1031300093A300103063007F000310C00003194008
87438 +:10314000006218213C0208008C4200DC024210217F
87439 +:10315000004310213042007F034218213C02000C42
87440 +:10316000006240218FA300142402FFFF1062003090
87441 +:10317000309500FF93A2001195030014304400FF26
87442 +:103180003063FFFF0064182B1060000D000000008A
87443 +:10319000950400148D07001C8D0600183084FFFF75
87444 +:1031A00000442023000421000000102100E4382105
87445 +:1031B00000E4202B00C230210A000C4A00C4302158
87446 +:1031C000950400148D07001C8D0600183084FFFF45
87447 +:1031D000008220230004210000001021008018211B
87448 +:1031E00000C2302300E4202B00C4302300E3382346
87449 +:1031F000AD07001CAD06001893A20011A502001433
87450 +:1032000097A20012A50200168FA20014AD020010B2
87451 +:103210008FA20014AD02000C93A20011A5020020A1
87452 +:1032200097A20012A50200228FA20014AD02002472
87453 +:103230002406FF80024610243256007FAF4200244D
87454 +:10324000035618213C02000A006280218E02004CC5
87455 +:103250008FA200203124007F000428C0AE0200505D
87456 +:103260008FA200200004214000852821AE020070BA
87457 +:1032700093A2001001208821A202008393A20010D3
87458 +:10328000A2020079920200853042003FA20200852E
87459 +:103290003C0208008C4200DC024210210045102153
87460 +:1032A00000461024AF42002C3C0208008C4200E48F
87461 +:1032B0003C0308008C6300DC024210210044102112
87462 +:1032C00000461024AF4200283C0208008C4200E473
87463 +:1032D00002431821006518210242102100441021E8
87464 +:1032E0003042007F3063007F93A50010034220210D
87465 +:1032F000034318213C02000E006240213C02000CF6
87466 +:1033000010B1008C008248213233007F1660001912
87467 +:103310002404FF803C0208008C4200DC02421021A1
87468 +:1033200000441024AF42002C3C0208008C4200E410
87469 +:103330003C0308008C6300DC02421021004410248E
87470 +:10334000AF4200283C0208008C4200E402431821EE
87471 +:103350003063007F024210213042007F034220216F
87472 +:10336000034318213C02000E006240213C02000C85
87473 +:10337000008248219124000D2414FF8000001021B8
87474 +:1033800000942025A124000D950400029505001449
87475 +:103390008D07001C3084FFFF30A5FFFF8D0600184D
87476 +:1033A000008520230004210000E4382100C23021E0
87477 +:1033B00000E4202B00C43021AD07001CAD0600182E
87478 +:1033C00095020002A5020014A50000168D02000857
87479 +:1033D000AD0200108D020008AD02000C9502000243
87480 +:1033E000A5020020A50000228D020008AD020024E5
87481 +:1033F0009122000D30420040104000422622000180
87482 +:103400003C0208008C4200E0A3B300283C10000AF4
87483 +:103410000242102100541024AF4200243C02080054
87484 +:103420008C4200E0A380002C27A4002C0242102133
87485 +:103430003042007F03421821007018218C6200D8AE
87486 +:103440008D26000427A50028AFA9002C00461021D6
87487 +:10345000AC6200D80E0009E1AF83002893A30028D6
87488 +:103460008F8200280E000626A04300D10E000B68B4
87489 +:103470000000000002541024AF4200243C02080067
87490 +:103480008C4200DC00132940001320C000A420213E
87491 +:10349000024210210044102100541024AF42002C9D
87492 +:1034A0003C0208008C4200E43C0308008C6300DC12
87493 +:1034B00003563021024210210045102100541024EF
87494 +:1034C000AF4200283C0208008C4200E4024318216D
87495 +:1034D0000064182102421021004510213042007F73
87496 +:1034E0003063007F03422021034318213C02000E79
87497 +:1034F000006240213C02000C00D080210082482163
87498 +:10350000262200013043007F14750005304400FF7F
87499 +:103510002403FF800223102400431026304400FFC0
87500 +:1035200093A2001000808821250800281444FF760B
87501 +:103530002529002093A400108FA300142402FFFF6C
87502 +:103540001062000A308900FF2482000124830001F8
87503 +:103550003042007F14550005306900FF2403FF80CE
87504 +:103560000083102400431026304900FF92020078A7
87505 +:10357000305300FF11330032012088213C02080043
87506 +:103580008C4200DC3225007F000520C00005294068
87507 +:1035900000A42021024210212406FF8000441021B3
87508 +:1035A00000461024AF42002C3C0308008C6300DC72
87509 +:1035B0003C0208008C4200E4024318210242102120
87510 +:1035C0000045102100641821004610243063007F5C
87511 +:1035D000AF420028034318213C02000E0062402144
87512 +:1035E0003C0208008C4200E48D06000C0100202102
87513 +:1035F00002421021004510213042007F0342182171
87514 +:103600003C02000C0062482110C0000D012028215E
87515 +:103610000E00064A000000002402FF800222182447
87516 +:1036200026240001006228263082007F1455000203
87517 +:10363000308300FF30A300FF1473FFD000608821A7
87518 +:103640008E0300743C027FFF3442FFFF00621824A7
87519 +:10365000AE0300740E00066B02402021AF57002419
87520 +:103660008FA20030AF5E00288FBF005C8FBE005875
87521 +:103670008FB700548FB600508FB5004C8FB4004800
87522 +:103680008FB300448FB200408FB1003C8FB0003840
87523 +:1036900027BD006003E00008AF42002C27BDFFD823
87524 +:1036A000AFB1001CAFBF0020AFB000182751018898
87525 +:1036B000922200032408FF803C03000A3047007F69
87526 +:1036C000A3A700108F4601803C0208008C4200E056
87527 +:1036D000AF86003400C2282100A81024AF42002485
87528 +:1036E0009224000030A2007F0342102100431021E9
87529 +:1036F000AF8200283084007F24020002148200255B
87530 +:10370000000719403C0208008C4200E400C210216E
87531 +:103710000043282130A2007F0342182100A8102472
87532 +:10372000AF4200283C02000C006218219062000D9C
87533 +:10373000AFA3001400481025A062000D8FA3001451
87534 +:103740009062000D304200405040006A8FBF002060
87535 +:103750008F860028A380002C27A400148CC200D8D8
87536 +:103760008C63000427A50010004310210E0009E11E
87537 +:10377000ACC200D893A300108F8200280E0006264A
87538 +:10378000A04300D10E000B68000000000A000E0BE1
87539 +:103790008FBF00200E00062F00C020210E00063D26
87540 +:1037A000000000003C020008034280219223000137
87541 +:1037B0009202007B1443004F8FBF00209222000032
87542 +:1037C0003044007F24020004108200172882000584
87543 +:1037D00010400006240200052402000310820007A6
87544 +:1037E0008FB1001C0A000E0C0000000010820012B5
87545 +:1037F0008FBF00200A000E0C8FB1001C92050083C1
87546 +:10380000920600788E0700748F84003430A500FF84
87547 +:1038100000073E0230C600FF0E00067330E7007F4F
87548 +:103820000A000E0B8FBF00200E000BD78F840034D0
87549 +:103830000A000E0B8FBF002024020C80AF42002430
87550 +:103840009202003E30420040104000200000000084
87551 +:103850009202003E00021600000216030441000618
87552 +:10386000000000008F8400340E0005A024050093A2
87553 +:103870000A000E0B8FBF00209202003F24030018A5
87554 +:10388000304200FF1443000C8F84003424050039BB
87555 +:103890000E000538000030210E0002508F840034E5
87556 +:1038A00024020012A202003F0E0002598F8400344D
87557 +:1038B0000A000E0B8FBF0020240500360E000538CD
87558 +:1038C000000030210A000E0B8FBF00200E000250B6
87559 +:1038D0008F8400349202000534420020A2020005C9
87560 +:1038E0000E0002598F8400340E000FC08F84003404
87561 +:1038F0008FBF00208FB1001C8FB0001824020C80F5
87562 +:1039000027BD002803E00008AF42002427BDFFE8E0
87563 +:10391000AFB00010AFBF001427430100946200084D
87564 +:103920000002140000021403044100020000802180
87565 +:103930002410000194620008304200801040001AF8
87566 +:10394000020010219462000830422000104000164E
87567 +:10395000020010218C6300183C021C2D344219ED2A
87568 +:10396000240600061062000F3C0760213C0208009C
87569 +:103970008C4200D4104000078F8200288F830028DB
87570 +:10398000906200623042000F34420040A062006248
87571 +:103990008F8200288F840034944500D40E000AF1F1
87572 +:1039A00030A5FFFF020010218FBF00148FB0001060
87573 +:1039B00003E0000827BD001827BDFFE0AFB10014E9
87574 +:1039C000AFB00010A380002CAFBF00188F450100DE
87575 +:1039D0003C0308008C6300E02402FF80AF850034C4
87576 +:1039E00000A318213064007F0344202100621824C2
87577 +:1039F0003C02000A00822021AF430024275001002E
87578 +:103A00008E0200148C8300DCAF8400280043102356
87579 +:103A100018400004000088218E0200140E000A8461
87580 +:103A2000AC8200DC9202000B24030002304200FF53
87581 +:103A30001443002F0000000096020008304300FFEE
87582 +:103A40002402008214620005240200840E00093E54
87583 +:103A5000000000000A000E97000000001462000938
87584 +:103A6000240200818F8200288F8400343C0760216B
87585 +:103A7000944500D49206000530A5FFFF0A000E868B
87586 +:103A800030C600FF14620027000000009202000A06
87587 +:103A9000304300FF306200201040000430620040DC
87588 +:103AA0008F8400340A000E82240600401040000477
87589 +:103AB000000316008F8400340A000E8224060041A1
87590 +:103AC00000021603044100178F84003424060042CC
87591 +:103AD0008F8200283C076019944500D430A5FFFF71
87592 +:103AE0000E000AF1000000000A000E97000000001E
87593 +:103AF0009202000B24030016304200FF1043000620
87594 +:103B0000000000009202000B24030017304200FF67
87595 +:103B100014430004000000000E000E11000000001D
87596 +:103B2000004088210E000B68000000009202000A8D
87597 +:103B3000304200081040000624020C808F850028C7
87598 +:103B40003C0400080E0011EE0344202124020C80E6
87599 +:103B5000AF4200248FBF0018022010218FB0001048
87600 +:103B60008FB1001403E0000827BD002027BDFFE847
87601 +:103B7000AFBF0014AFB000108F5000243C0308000A
87602 +:103B80008C6300E08F4501002402FF8000A3182110
87603 +:103B90003064007F03442021006218243C02000AA4
87604 +:103BA00000822021AF850034AF4300249082006260
87605 +:103BB000AF8400283042000F34420050A0820062DF
87606 +:103BC0003C02001F3442FF800E00062602028024C1
87607 +:103BD000AF5000248FBF00148FB0001003E0000826
87608 +:103BE00027BD00183C0208008C4200201040001D38
87609 +:103BF0002745010090A300093C0200080342202150
87610 +:103C000024020018546200033C0200080A000ED887
87611 +:103C10002402000803422021240200161462000539
87612 +:103C20002402001724020012A082003F0A000EE2C4
87613 +:103C300094A700085462000694A700089362000548
87614 +:103C40002403FFFE00431024A362000594A700088C
87615 +:103C500090A6001B8CA4000094A500060A000ACCC4
87616 +:103C600000073C0003E000080000000027440100BA
87617 +:103C700094820008304500FF38A3008238A20084F7
87618 +:103C80002C6300012C420001006218251060000620
87619 +:103C9000240200839382002D1040000D00000000DC
87620 +:103CA0000A000B9B0000000014A2000524A2FF8064
87621 +:103CB0008F4301043C02602003E00008AC43001481
87622 +:103CC000304200FF2C420002104000032402002278
87623 +:103CD0000A000E3C0000000014A2000300000000D7
87624 +:103CE0000A000EA9000000000A000EC70000000034
87625 +:103CF0009363007E9362007A144300090000202140
87626 +:103D00009362000024030050304200FF144300047B
87627 +:103D1000240400019362007E24420001A362007E1D
87628 +:103D200003E00008008010218F4201F80440FFFEEC
87629 +:103D300024020002AF4401C0A34201C43C021000AF
87630 +:103D400003E00008AF4201F827BDFFE8AFBF001055
87631 +:103D50009362003F2403000A304200FF14430046F0
87632 +:103D6000000000008F6300548F62004C1062007DE1
87633 +:103D7000036030219362000024030050304200FFB2
87634 +:103D80001443002F000000008F4401403C02080053
87635 +:103D90008C4200E02403FF800082102100431024A5
87636 +:103DA000AF4200243C0208008C4200E08F650054C2
87637 +:103DB0003C03000A008220213084007F034410214C
87638 +:103DC00000431021AC4501089762003C8F63004C12
87639 +:103DD0003042FFFF0002104000621821AF63005C18
87640 +:103DE0008F6300548F64004C9762003C006418237A
87641 +:103DF0003042FFFF00031843000210400043102A26
87642 +:103E000010400006000000008F6200548F63004CD9
87643 +:103E1000004310230A000F58000210439762003C31
87644 +:103E20003042FFFF00021040ACC2006424020001D7
87645 +:103E3000A0C0007CA0C2008424020C80AF420024F9
87646 +:103E40000E000F0A8F440140104000478FBF001042
87647 +:103E50008F4301408F4201F80440FFFE240200021C
87648 +:103E6000AF4301C0A34201C43C021000AF4201F8BD
87649 +:103E70000A000FA88FBF00109362003F24030010B8
87650 +:103E8000304200FF14430004000000008F44014052
87651 +:103E90000A000F94000028219362003F24030016BB
87652 +:103EA000304200FF1443000424020014A362003FC8
87653 +:103EB0000A000FA2000000008F62004C8F630050C8
87654 +:103EC00000431023044100288FBF0010936200813B
87655 +:103ED00024420001A3620081936200812C4200040D
87656 +:103EE00014400010000000009362003F240300040F
87657 +:103EF000304200FF14430006000000008F440140E0
87658 +:103F00008FBF0010240500930A0005A027BD0018EC
87659 +:103F10008F440140240500938FBF00100A00060F54
87660 +:103F200027BD00188F4401400E0002500000000021
87661 +:103F30008F6200542442FFFFAF6200548F62005032
87662 +:103F40002442FFFFAF6200500E0002598F4401402F
87663 +:103F50008F4401408FBF0010240500040A00025E58
87664 +:103F600027BD00188FBF001003E0000827BD001810
87665 +:103F70008F4201889363007E00021402304400FFE8
87666 +:103F8000306300FF1464000D0000000093620080A5
87667 +:103F9000304200FF1044000900000000A3640080CC
87668 +:103FA0009362000024030050304200FF14430004D9
87669 +:103FB000000000000A0006D78F440180A36400803F
87670 +:103FC00003E000080000000027BDFFE8AFB00010CC
87671 +:103FD000AFBF00149362000524030030304200306C
87672 +:103FE00014430089008080213C0208008C4200209C
87673 +:103FF00010400080020020210E0004930000000009
87674 +:104000008F850020ACB000009362003E9363003FB8
87675 +:10401000304200FF00021200306300FF0043102511
87676 +:10402000ACA2000493620082000216000002160394
87677 +:1040300004410005000000003C0308008C630048B8
87678 +:104040000A000FE6000000009362003E304200408C
87679 +:10405000144000030000182193620081304300FFE8
87680 +:104060009362008200031E00304200FF0002140031
87681 +:1040700000621825ACA300088F620040ACA2000CBF
87682 +:104080008F620048ACA200108F62004CACA20014FA
87683 +:104090008F6200508F63004C0043102304410003E3
87684 +:1040A000000000000A000FFA8F62004C8F6200507F
87685 +:1040B000ACA200183C02080094424B5E3C03C00BCB
87686 +:1040C00000002021004310250E0004B8ACA2001C03
87687 +:1040D0008F6200548F840020AC8200008F620058F1
87688 +:1040E000AC8200048F62005CAC8200088F620060CA
87689 +:1040F0008F43007400431021AC82000C8F62006477
87690 +:10410000AC820010976300689762006A00031C008D
87691 +:104110003042FFFF00621825AC83001493620082D6
87692 +:1041200024030080304200FF14430003000000001D
87693 +:104130000A00102EAC8000188F63000C24020001CE
87694 +:104140001062000E2402FFFF9362003E30420040E6
87695 +:104150001440000A2402FFFF8F63000C8F4200749A
87696 +:10416000006218233C020800006210241440000280
87697 +:10417000000028210060282100051043AC820018AF
87698 +:104180003C02080094424B5E3C03C00C000020211E
87699 +:10419000004310258F8300200E0004B8AC62001C81
87700 +:1041A0008F6200188F8300203C05080094A54B5EA9
87701 +:1041B00024040001AC620000AC6000048F66006C57
87702 +:1041C0003C02400D00A22825AC6600088F6200DC8E
87703 +:1041D000AC62000CAC600010936200050002160097
87704 +:1041E000AC620014AC6000180E0004B8AC65001C92
87705 +:1041F000020020218FBF00148FB00010A3600005C3
87706 +:104200000A00042127BD00188FBF00148FB00010D2
87707 +:1042100003E0000827BD00189742007C30C600FF6D
87708 +:10422000A08600843047FFFF2402000514C2000B63
87709 +:1042300024E3465090A201122C42000710400007D0
87710 +:1042400024E30A0090A30112240200140062100467
87711 +:1042500000E210210A0010663047FFFF3067FFFFC1
87712 +:1042600003E00008A4870014AC87004C8CA201086E
87713 +:104270000080402100A0482100E2102330C600FF4A
87714 +:104280001840000393AA001324E2FFFCACA201082B
87715 +:1042900030C2000110400008000000008D020050F4
87716 +:1042A00000E2102304410013240600058D0200548F
87717 +:1042B00010E20010000000008D02005414E2001A09
87718 +:1042C000000000003C0208008C4200D83042002070
87719 +:1042D0001040000A2402000191030078910200833B
87720 +:1042E000144300062402000101002021012028219E
87721 +:1042F000240600040A00105400000000A1000084FD
87722 +:1043000011400009A50200148F4301008F4201F8FB
87723 +:104310000440FFFE24020002AF4301C0A34201C4D7
87724 +:104320003C021000AF4201F803E00008000000006A
87725 +:1043300027BDFFE88FA90028AFBF001000804021F3
87726 +:1043400000E918231860007330C600FFA080007CCD
87727 +:10435000A08000818CA2010800E210230440004DDF
87728 +:10436000000000008C8200509483003C8C84006428
87729 +:10437000004748233063FFFF012318210083202BCF
87730 +:1043800010800004000000008D0200640A0010B7D5
87731 +:1043900000E210219502003C3042FFFF0122102173
87732 +:1043A00000E21021AD02005C9502003C8D03005C30
87733 +:1043B0003042FFFF0002104000E210210043102BAA
87734 +:1043C00010400003000000000A0010C68D02005CCF
87735 +:1043D0009502003C3042FFFF0002104000E2102135
87736 +:1043E000AD02005CA1000084AD07004C8CA2010866
87737 +:1043F00000E210231840000224E2FFFCACA20108F6
87738 +:1044000030C200011040000A000000008D02005080
87739 +:1044100000E2102304410004010020218D02005419
87740 +:1044200014E20003000000000A0010E82406000562
87741 +:104430008D02005414E200478FBF00103C020800B8
87742 +:104440008C4200D8304200201040000A24020001B3
87743 +:1044500091030078910200831443000624020001B6
87744 +:1044600001002021240600048FBF00100A00105410
87745 +:1044700027BD0018A1000084A50200148F4301008D
87746 +:104480008F4201F80440FFFE240200020A00110DD1
87747 +:10449000000000008C82005C004910230043102BB8
87748 +:1044A00054400001AC87005C9502003C3042FFFFA5
87749 +:1044B0000062102B14400007240200029502003C09
87750 +:1044C0008D03005C3042FFFF00621821AD03005CE9
87751 +:1044D00024020002AD07004CA10200840E000F0A66
87752 +:1044E0008F4401001040001B8FBF00108F4301005C
87753 +:1044F0008F4201F80440FFFE24020002AF4301C0D6
87754 +:10450000A34201C43C021000AF4201F80A0011238B
87755 +:104510008FBF001030C200101040000E8FBF00107F
87756 +:104520008C83005C9482003C006918233042FFFFBA
87757 +:10453000006218213C023FFF3444FFFF0083102B30
87758 +:10454000544000010080182101231021AD02005CBD
87759 +:104550008FBF001003E0000827BD001827BDFFE84B
87760 +:104560008FAA0028AFBF00100080402100EA482336
87761 +:104570001920002130C600FF8C83005C8C8200640F
87762 +:10458000006A18230043102B5040001000691821C6
87763 +:1045900094A2011001221021A4A2011094A20110E2
87764 +:1045A0003042FFFF0043102B1440000A3C023FFF43
87765 +:1045B00094A2011000431023A4A201109482003C95
87766 +:1045C0003042FFFF0A00114200621821A4A001102E
87767 +:1045D0003C023FFF3444FFFF0083102B5440000196
87768 +:1045E0000080182100671021AD02005CA100007C52
87769 +:1045F0000A00118AA100008130C200101040003C66
87770 +:10460000000000008C820050004A1023184000383F
87771 +:10461000000000009082007C24420001A082007C07
87772 +:104620009082007C3C0308008C630024304200FF31
87773 +:104630000043102B1440005C8FBF00108CA20108B7
87774 +:1046400000E2102318400058000000008C83005442
87775 +:104650009482003C006A18233042FFFF0003184395
87776 +:10466000000210400043102A104000050000000026
87777 +:104670008C820054004A10230A001171000210437A
87778 +:104680009482003C3042FFFF00021040AD02006403
87779 +:104690009502003C8D0400649503003C3042FFFF0E
87780 +:1046A00000021040008220213063FFFF00831821A8
87781 +:1046B00001431021AD02005C8D020054ACA2010840
87782 +:1046C00024020002A10200840E000F0A8F440100A0
87783 +:1046D000104000358FBF00108F4301008F4201F85A
87784 +:1046E0000440FFFE240200020A0011B30000000093
87785 +:1046F000AD07004C8CA2010800E210231840000214
87786 +:1047000024E2FFFCACA2010830C200011040000A04
87787 +:10471000000000008D02005000E21023044100045C
87788 +:10472000010020218D02005414E20003000000006B
87789 +:104730000A0011AA240600058D02005414E2001A92
87790 +:104740008FBF00103C0208008C4200D8304200208D
87791 +:104750001040000A240200019103007891020083B6
87792 +:104760001443000624020001010020212406000455
87793 +:104770008FBF00100A00105427BD0018A10000844C
87794 +:10478000A50200148F4301008F4201F80440FFFE90
87795 +:1047900024020002AF4301C0A34201C43C02100046
87796 +:1047A000AF4201F88FBF001003E0000827BD0018DA
87797 +:1047B0008FAA00108C8200500080402130C600FF7C
87798 +:1047C000004A102300A048211840000700E01821EB
87799 +:1047D00024020001A0800084A0A00112A482001481
87800 +:1047E0000A001125AFAA0010A0800081AD07004C7F
87801 +:1047F0008CA2010800E210231840000224E2FFFC12
87802 +:10480000ACA2010830C20001104000080000000006
87803 +:104810008D0200500062102304410013240600059D
87804 +:104820008D02005410620010000000008D02005440
87805 +:1048300014620011000000003C0208008C4200D805
87806 +:10484000304200201040000A240200019103007849
87807 +:10485000910200831443000624020001010020217C
87808 +:1048600001202821240600040A0010540000000042
87809 +:10487000A1000084A502001403E00008000000006D
87810 +:1048800027BDFFE0AFBF0018274201009046000A95
87811 +:104890008C4800148C8B004C9082008430C900FF3F
87812 +:1048A00001681823304A00FF1C60001A2D460006DC
87813 +:1048B000240200010142100410C00016304300031E
87814 +:1048C000012030210100382114600007304C000C19
87815 +:1048D00015800009304200301440000B8FBF0018D3
87816 +:1048E0000A001214000000000E001125AFAB0010EA
87817 +:1048F0000A0012148FBF00180E00109AAFAB001000
87818 +:104900000A0012148FBF0018AFAB00100E0011BACE
87819 +:10491000AFAA00148FBF001803E0000827BD0020D5
87820 +:1049200024020003A08200848C82005403E000086B
87821 +:10493000ACA201083C0200080342182190620081E9
87822 +:10494000240600433C07601924420001A062008154
87823 +:10495000906300813C0208008C4200C0306300FF7D
87824 +:10496000146200102403FF803C0208008C4200E027
87825 +:104970000082102100431024AF4200243C020800B2
87826 +:104980008C4200E03C03000A008210213042007F8C
87827 +:104990000342102100431021944500D40A000AF17B
87828 +:1049A00030A5FFFF03E000080000000027BDFFE086
87829 +:1049B000AFBF0018AFB10014AFB000108F4201803C
87830 +:1049C0000080802100A088210E00121B00402021C1
87831 +:1049D000A20000848E0200548FBF00188FB0001018
87832 +:1049E000AE2201088FB1001403E0000827BD0020AB
87833 +:1049F00027BDFFE03C020008AFB00010AFBF0018B9
87834 +:104A0000AFB10014034280218F5101409203008412
87835 +:104A10008E0400508E02004C14820040306600FF6D
87836 +:104A20003C0208008C4200E02403FF800222102197
87837 +:104A300000431024AF4200243C0208008C4200E0F6
87838 +:104A40009744007C92050081022210213042007FB1
87839 +:104A5000034218213C02000A0062182114A0000B36
87840 +:104A60003084FFFF2402000554C20014248205DCB8
87841 +:104A70009062011224420001A062011224020C8003
87842 +:104A8000AF4200240A00127324020005A060011244
87843 +:104A90002402000514C20009248205DC9202008170
87844 +:104AA0002C4200075040000524820A009203008136
87845 +:104AB0002402001400621004008210213044FFFF21
87846 +:104AC000A60400140E00121B022020219602003CB6
87847 +:104AD0008E03004C022020213042FFFF00021040D4
87848 +:104AE000006218210E000250AE03005C9202007DAD
87849 +:104AF00002202021344200400E000259A202007D13
87850 +:104B00008F4201F80440FFFE24020002AF5101C0B1
87851 +:104B1000A34201C43C021000AF4201F88FBF00184D
87852 +:104B20008FB100148FB0001003E0000827BD0020F3
87853 +:104B300008000ACC08000B1408000B9808000BE4CE
87854 +:104B400008000C200A0000280000000000000000FF
87855 +:104B50000000000D6370362E322E3300000000007E
87856 +:104B60000602030400000000000000000000000036
87857 +:104B70000000000000000000000000000000000035
87858 +:104B80000000000000000000000000000000002005
87859 +:104B90000000000000000000000000000000000015
87860 +:104BA0000000000000000000000000000000000005
87861 +:104BB00000000000000000000000000000000001F4
87862 +:104BC0000000002B000000000000000400030D4066
87863 +:104BD00000000000000000000000000000000000D5
87864 +:104BE00000000000000000001000000300000000B2
87865 +:104BF0000000000D0000000D3C020800244258A4F3
87866 +:104C00003C03080024635F70AC4000000043202B8D
87867 +:104C10001480FFFD244200043C1D080037BD7FFCCA
87868 +:104C200003A0F0213C100800261000A03C1C080046
87869 +:104C3000279C58A40E0001AC000000000000000DED
87870 +:104C400027BDFFE83C096018AFBF00108D2C500055
87871 +:104C5000240DFF7F24080031018D5824356A380C5B
87872 +:104C600024070C003C1A8000AD2A50003C04800A46
87873 +:104C7000AF4800083C1B8008AF4700240E00091510
87874 +:104C8000AF8400100E0008D8000000000E000825B8
87875 +:104C9000000000000E001252000000003C046016EC
87876 +:104CA0008C8500003C06FFFF3C02535300A61824ED
87877 +:104CB0001062004734867C0094C201F2A780002C69
87878 +:104CC00010400003A78000CC38581E1EA798002C67
87879 +:104CD00094C201F810400004978300CC38591E1E7E
87880 +:104CE000A79900CC978300CC2C7F006753E000018C
87881 +:104CF000240300669784002C2C82040114400002D7
87882 +:104D000000602821240404003C0760008CE904387A
87883 +:104D10002403103C3128FFFF1103001F30B9FFFFAF
87884 +:104D200057200010A38000CE24020050A38200CEA2
87885 +:104D3000939F00CE53E0000FA78500CCA78000CC46
87886 +:104D4000978500CC8FBF0010A780002CA78000346F
87887 +:104D5000A78000E63C010800AC25008003E00008C5
87888 +:104D600027BD0018939F00CE57E0FFF5A78000CC29
87889 +:104D7000A78500CC978500CC8FBF0010A784002C9E
87890 +:104D8000A7800034A78000E63C010800AC25008025
87891 +:104D900003E0000827BD0018A38000CE8CCB003CA8
87892 +:104DA000316A00011140000E0000000030A7FFFF33
87893 +:104DB00010E0FFDE240200508CCC00C831860001D8
87894 +:104DC00014C0FFDC939F00CE0A00007A2402005139
87895 +:104DD0008C8F00043C0E60000A00005D01EE302163
87896 +:104DE0008CEF0808240D5708000F740211CD000441
87897 +:104DF00030B8FFFF240500660A00007B240404008D
87898 +:104E00001700FFCC939F00CE0A00007A24020050C6
87899 +:104E10008F8600103089FFFF000939408CC30010D5
87900 +:104E20003C08005000E82025AF4300388CC5001432
87901 +:104E300027420400AF82001CAF45003CAF44003065
87902 +:104E40000000000000000000000000000000000062
87903 +:104E50000000000000000000000000000000000052
87904 +:104E60008F4B0000316A00201140FFFD0000000060
87905 +:104E700003E00008000000008F840010948A001AEC
87906 +:104E80008C8700243149FFFF000940C000E8302131
87907 +:104E9000AF46003C8C8500248F43003C00A31023C8
87908 +:104EA00018400029000000008C8B002025620001C2
87909 +:104EB0003C0D005035AC0008AF420038AF4C00301C
87910 +:104EC00000000000000000000000000000000000E2
87911 +:104ED00000000000000000000000000000000000D2
87912 +:104EE0008F4F000031EE002011C0FFFD00000000D8
87913 +:104EF0008F4A04003C080020AC8A00108F4904044B
87914 +:104F0000AC890014AF4800300000000094860018FF
87915 +:104F10009487001C00C71821A48300189485001AE8
87916 +:104F200024A20001A482001A9498001A9499001EE9
87917 +:104F3000133800030000000003E000080000000038
87918 +:104F400003E00008A480001A8C8200200A0000DC24
87919 +:104F50003C0D00500A0000CD000000003C0308009A
87920 +:104F60008C6300208F82001827BDFFE810620008C4
87921 +:104F7000AFBF00100E000104AF8300183C0308000F
87922 +:104F80008C63002024040001106400048F89001049
87923 +:104F90008FBF001003E0000827BD00188FBF00106E
87924 +:104FA0003C076012A520000A9528000A34E500108D
87925 +:104FB00027BD00183106FFFF03E00008ACA60090F3
87926 +:104FC0003C0208008C42002027BDFFC8AFBF003460
87927 +:104FD000AFBE0030AFB7002CAFB60028AFB500248D
87928 +:104FE000AFB40020AFB3001CAFB20018AFB10014D3
87929 +:104FF00010400050AFB000108F840010948600065F
87930 +:105000009483000A00C3282330B6FFFF12C0004A71
87931 +:105010008FBF003494890018948A000A012A402323
87932 +:105020003102FFFF02C2382B14E0000202C020212F
87933 +:10503000004020212C8C0005158000020080A0215A
87934 +:10504000241400040E0000B3028020218F8700107A
87935 +:1050500002809821AF80001494ED000A028088211C
87936 +:105060001280004E31B2FFFF3C1770003C1540002B
87937 +:105070003C1E60008F8F001C8DEE000001D71824AD
87938 +:10508000507500500220202102A3802B160000350D
87939 +:105090003C182000507800470220202124100001F5
87940 +:1050A0008F83001414600039029158230230F823D2
87941 +:1050B0000250C82133F1FFFF1620FFEE3332FFFF0D
87942 +:1050C0008F8700103C110020AF510030000000001D
87943 +:1050D00094E6000A3C1E601237D5001002662821B3
87944 +:1050E000A4E5000A94E2000A94F2000A94F400187D
87945 +:1050F0003057FFFF1292003BAEB700908CED0014CA
87946 +:105100008CE400100013714001AE4021000E5FC31B
87947 +:10511000010E502B008B4821012A1821ACE8001405
87948 +:10512000ACE3001002D3382330F6FFFF16C0FFB9FE
87949 +:105130008F8400108FBF00348FBE00308FB7002CDB
87950 +:105140008FB600288FB500248FB400208FB3001CC9
87951 +:105150008FB200188FB100148FB0001003E0000868
87952 +:1051600027BD0038107E001B000000001477FFCC24
87953 +:10517000241000010E00159B000000008F83001416
87954 +:105180001060FFCB0230F823029158238F87001064
87955 +:10519000017020210A0001973093FFFF8F830014D4
87956 +:1051A0001460FFCB3C110020AF5100300A000163B6
87957 +:1051B000000000000E00077D024028210A00015770
87958 +:1051C000004080210E00033A024028210A000157C6
87959 +:1051D000004080210E001463022020210A000157A4
87960 +:1051E000004080210E0000CD000000000A0001797F
87961 +:1051F00002D3382327BDFFE8AFB00010AFBF0014C3
87962 +:105200000E00003F000000003C028000345000709F
87963 +:105210000A0001BA8E0600008F4F000039EE00012F
87964 +:1052200031C20001104000248F8600A88E070000C4
87965 +:105230003C0C08008D8C003C3C0908008D2900388E
87966 +:1052400000E66823018D28210000502100AD302B9D
87967 +:10525000012A4021010620213C010800AC25003C28
87968 +:10526000AF8700A83C010800AC2400380E000106FE
87969 +:10527000000000003C0308008C6300701060FFE633
87970 +:10528000006020213C0508008CA500683C06080051
87971 +:105290008CC6006C0E00152A000000003C010800BE
87972 +:1052A000AC2000708F4F000039EE000131C20001C8
87973 +:1052B0001440FFDE8F8600A88E0A00008F8B00A8A6
87974 +:1052C0003C0508008CA5003C3C0408008C84003898
87975 +:1052D000014B482300A938210082182100E9402B06
87976 +:1052E000006810213C010800AC27003C3C0108008C
87977 +:1052F000AC2200388F5F01002419FF0024180C0035
87978 +:1053000003F9202410980012AF840000AF4400205D
87979 +:10531000936D0000240C002031A600FF10CC001279
87980 +:10532000240E005010CE00043C194000AF59013843
87981 +:105330000A0001B3000000000E0011C800000000C8
87982 +:105340003C194000AF5901380A0001B300000000C9
87983 +:105350000E00011F000000003C194000AF59013849
87984 +:105360000A0001B3000000008F58010000802821CE
87985 +:10537000330F00FF01E020210E0002F1AF8F000487
87986 +:105380003C194000AF5901380A0001B30000000089
87987 +:1053900000A4102B2403000110400009000030215C
87988 +:1053A0000005284000A4102B04A0000300031840AF
87989 +:1053B0005440FFFC000528405060000A0004182BF0
87990 +:1053C0000085382B54E000040003184200C3302548
87991 +:1053D00000852023000318421460FFF900052842CD
87992 +:1053E0000004182B03E0000800C310218F4201B80D
87993 +:1053F0000440FFFE00000000AF4401803C031000A9
87994 +:1054000024040040AF450184A3440188A3460189D8
87995 +:10541000A747018A03E00008AF4301B83084FFFFCB
87996 +:105420000080382130A5FFFF000020210A00022A59
87997 +:10543000240600803087FFFF8CA40000240600387B
87998 +:105440000A00022A000028218F8300388F8600304E
87999 +:105450001066000B008040213C07080024E75A1822
88000 +:10546000000328C000A710218C4400002463000121
88001 +:10547000108800053063000F5466FFFA000328C04F
88002 +:1054800003E00008000010213C07080024E75A1C34
88003 +:1054900000A7302103E000088CC200003C0390000C
88004 +:1054A0003462000100822025AF4400208F45002097
88005 +:1054B00004A0FFFE0000000003E000080000000060
88006 +:1054C0003C038000346200010082202503E00008D4
88007 +:1054D000AF44002027BDFFE0AFB100143091FFFFC3
88008 +:1054E000AFB00010AFBF00181220001300A0802141
88009 +:1054F0008CA2000024040002240601401040000F8A
88010 +:10550000004028210E000C5C00000000000010216B
88011 +:10551000AE000000022038218FBF00188FB10014A8
88012 +:105520008FB0001000402021000028210000302111
88013 +:105530000A00022A27BD00208CA200000220382188
88014 +:105540008FBF00188FB100148FB0001000402021D1
88015 +:1055500000002821000030210A00022A27BD002077
88016 +:1055600000A010213087FFFF8CA500048C440000B0
88017 +:105570000A00022A2406000627BDFFE0AFB0001093
88018 +:10558000AFBF0018AFB100149363003E00808021CC
88019 +:105590000080282130620040000020211040000FD0
88020 +:1055A0008E1100000E000851022020219367000098
88021 +:1055B0002404005030E500FF50A400128E0F0000BC
88022 +:1055C000022020218FBF00188FB100148FB000106F
88023 +:1055D000A762013C0A00091127BD00200E000287C6
88024 +:1055E000000000000E0008510220202193670000F7
88025 +:1055F0002404005030E500FF14A4FFF20220202113
88026 +:105600008E0F00003C1008008E1000503C0D000C66
88027 +:10561000240BFF8001F05021314E007F01DA602120
88028 +:10562000018D4021014B4824AF4900280220202150
88029 +:105630008FBF00188FB100148FB00010A50200D6E4
88030 +:1056400027BD00200A000911AF8800D027BDFFE068
88031 +:10565000AFBF0018AFB10014AFB0001093660001E7
88032 +:10566000008080210E00025630D1000493640005B2
88033 +:10567000001029C2A765000034830040A363000521
88034 +:105680000E00025F020020210E00091302002021FB
88035 +:1056900024020001AF62000C02002821A762001062
88036 +:1056A00024040002A762001224060140A76200142D
88037 +:1056B0000E000C5CA76200161620000F8FBF0018AA
88038 +:1056C000978C00343C0B08008D6B00782588FFFF19
88039 +:1056D0003109FFFF256A0001012A382B10E000067E
88040 +:1056E000A78800343C0F6006240E001635ED00102C
88041 +:1056F000ADAE00508FBF00188FB100148FB00010F6
88042 +:1057000003E0000827BD002027BDFFE0AFB1001473
88043 +:10571000AFBF0018AFB0001000A088211080000AB1
88044 +:105720003C03600024020080108200120000000090
88045 +:105730000000000D8FBF00188FB100148FB0001053
88046 +:1057400003E0000827BD00208C682BF80500FFFE51
88047 +:1057500000000000AC712BC08FBF00188FB1001487
88048 +:105760008FB000103C09100027BD002003E00008A6
88049 +:10577000AC692BF80E00025600A0202193650005AD
88050 +:10578000022020210E00025F30B000FF2403003E03
88051 +:105790001603FFE7000000008F4401780480FFFE3D
88052 +:1057A000240700073C061000AF51014002202021D1
88053 +:1057B000A34701448FBF00188FB100148FB00010B1
88054 +:1057C000AF4601780A0002C227BD002027BDFFE8CE
88055 +:1057D000AFBF0014AFB000108F50002000000000D9
88056 +:1057E0000E000913AF440020AF5000208FBF0014FB
88057 +:1057F0008FB0001003E0000827BD00183084FFFFC1
88058 +:10580000008038212406003500A020210A00022A49
88059 +:10581000000028213084FFFF008038212406003654
88060 +:1058200000A020210A00022A0000282127BDFFD065
88061 +:10583000AFB3001C3093FFFFAFB50024AFB2001828
88062 +:10584000AFBF0028AFB40020AFB10014AFB000105C
88063 +:1058500030B5FFFF12600027000090218F90001CE0
88064 +:105860008E0300003C0680002402004000033E023C
88065 +:1058700000032C0230E4007F006688241482001D9F
88066 +:1058800030A500FF8F8300282C68000A510000100B
88067 +:105890008F910014000358803C0C0800258C56940E
88068 +:1058A000016C50218D49000001200008000000001B
88069 +:1058B00002B210213045FFFF0E000236240400849E
88070 +:1058C000162000028F90001CAF8000288F910014DA
88071 +:1058D000260C002026430001018080213072FFFF4A
88072 +:1058E00016200004AF8C001C0253502B1540FFDC27
88073 +:1058F00000000000024010218FBF00288FB5002457
88074 +:105900008FB400208FB3001C8FB200188FB1001429
88075 +:105910008FB0001003E0000827BD0030240E0034D3
88076 +:1059200014AE00F9000000009203000E241F168040
88077 +:105930003C07000CA36300219202000D0347C8211D
88078 +:105940003C066000A3620020961100123C0A7FFF13
88079 +:10595000354CFFFFA771003C960B00102403000597
88080 +:105960003168FFFFAF6800848E05001CAF5F002820
88081 +:105970008F3800008CC4444803057826008F3021FE
88082 +:10598000AF66004C8F69004C24CE00013C057F00BF
88083 +:10599000AF6900508F740050AF740054AF66007050
88084 +:1059A000AF6E00588F6D005824140050AF6D005C2E
88085 +:1059B000A3600023AF6C0064A36300378E02001461
88086 +:1059C000AF6200488F710048AF7100248E0B001841
88087 +:1059D000AF6B006C9208000CA3680036937F003E0A
88088 +:1059E00037F90020A379003E8F78007403058024E6
88089 +:1059F000360F4000AF6F007493640000308900FFE1
88090 +:105A0000513402452404FF803C04080024845A9841
88091 +:105A10000E00028D000000003C1008008E105A9805
88092 +:105A20000E00025602002021240600042407000173
88093 +:105A3000A366007D020020210E00025FA36700051F
88094 +:105A40008F5F017807E0FFFE240B0002AF5001409A
88095 +:105A5000A34B01448F90001C3C081000AF48017814
88096 +:105A60000A000362AF8000282CAD003751A0FF98D8
88097 +:105A70008F9100140005A0803C180800271856BC20
88098 +:105A8000029878218DEE000001C00008000000009F
88099 +:105A90002418000614B80011000000003C0808009B
88100 +:105AA0008D085A9824040005AF4800208E1F001866
88101 +:105AB000AF7F00188F79004CAF79001C8F650050C4
88102 +:105AC000122000C0AF6500700A000362AF84002896
88103 +:105AD0002406000710A60083240300063C050800E6
88104 +:105AE00024A55A980E000264240400818F90001CA3
88105 +:105AF0000011102B0A000362AF8200282407000463
88106 +:105B000014A7FFF6240500503C1808008F185A9877
88107 +:105B1000AF5800208E0F0008AF6F00408E090008BC
88108 +:105B2000AF6900448E14000CAF7400488E0E001054
88109 +:105B3000AF6E004C8E0D0010AF6D00848E0A001405
88110 +:105B4000AF6A00508E0C0018AF6C00548E04001C1D
88111 +:105B5000AF64005893630000306B00FF116501D8FB
88112 +:105B6000000000008F7400488F6900400289702394
88113 +:105B700005C000042404008C1620FFDE240200036C
88114 +:105B8000240400823C05080024A55A980E000287D0
88115 +:105B9000000000008F90001C000010210A0003622A
88116 +:105BA000AF820028240F000514AFFFCC240520008D
88117 +:105BB0003C0708008CE75A98AF4700208E06000487
88118 +:105BC000AF66005C9208000824100008A36800215A
88119 +:105BD0008F9F001C93F90009A37900208F86001C79
88120 +:105BE00090D8000A330400FF10900011000000005C
88121 +:105BF0002885000914A0006924020002240A00205C
88122 +:105C0000108A000B34058000288D002115A00008A3
88123 +:105C100024054000240E0040108E00053C050001C4
88124 +:105C200024140080109400023C050002240540006A
88125 +:105C30008F7800743C19FF00031980240205782531
88126 +:105C4000AF6F007490C4000BA36400818F84001CAC
88127 +:105C50009489000C11200192000000009490000C27
88128 +:105C60002406FFBF24050004A770003C908F000E9F
88129 +:105C7000A36F003E8F84001C9089000FA369003F32
88130 +:105C80008F8B001C8D6E00108F54007401D468231C
88131 +:105C9000AF6D00608D6A0014AF6A0064956C0018E7
88132 +:105CA000A76C00689563001AA763006A8D62001CE8
88133 +:105CB000AF62006C9167000EA367003E9368003EE0
88134 +:105CC0000106F8241220014BA37F003E8F90001C98
88135 +:105CD0000A000362AF8500282407002214A7FF7F73
88136 +:105CE000240300073C0B08008D6B5A981220000C0F
88137 +:105CF000AF4B00200A000362AF830028240C00335E
88138 +:105D000010AC0014240A00283C05080024A55A9869
88139 +:105D10000E00023C240400810A0003EB8F90001C5B
88140 +:105D20003C04080024845A980E00028D00000000F4
88141 +:105D30009363000024110050306200FF10510135C0
88142 +:105D4000000000008F90001C000018210A00036270
88143 +:105D5000AF8300283C0D08008DAD5A9824040081C3
88144 +:105D6000AF4D00203C05080024A55A980E00023CC7
88145 +:105D7000A36A00348F90001C240200090A00036209
88146 +:105D8000AF82002802B288213225FFFF0E000236C2
88147 +:105D9000240400840A0003628F90001C1082FFA478
88148 +:105DA00024050400288B000311600170240C0004FA
88149 +:105DB000240300015483FF9E240540000A00043B95
88150 +:105DC000240501003C04080024845A988F62004C8A
88151 +:105DD0000E00028D8F6300508F90001C0000202168
88152 +:105DE0000A000362AF8400288E1000042404008A95
88153 +:105DF000AF50002093790005333800021700015F8F
88154 +:105E0000020028219368002302002821311F00206E
88155 +:105E100017E0015A2404008D9367003F2406001206
88156 +:105E200030E200FF10460155240400810E000256A6
88157 +:105E30000200202193630023240500040200202196
88158 +:105E4000346B0042A36B00230E00025FA365007D4C
88159 +:105E50008F4401780480FFFE240A0002AF50014005
88160 +:105E6000A34A01448F90001C3C0C1000AF4C0178F9
88161 +:105E70000A0003EC0011102B8E1000042404008A89
88162 +:105E8000AF500020936E000531CD000215A0001622
88163 +:105E900002002821936F003F2414000402002821EF
88164 +:105EA00031E900FF11340010240400810E00025675
88165 +:105EB000020020219362002324080012241FFFFE09
88166 +:105EC00034460020A3660023A368003F93790005B1
88167 +:105ED00002002021033FC0240E00025FA3780005CA
88168 +:105EE00002002821000020210E00033400000000E1
88169 +:105EF0000A0003EB8F90001C8E1000043C03000886
88170 +:105F00000343A021AF500020928B000024050050D5
88171 +:105F1000316400FF10850161240700880200202100
88172 +:105F2000000028210E00022A2406000E928D000097
88173 +:105F3000240EFF800200282101AE8025A2900000DF
88174 +:105F4000240400040E000C5C240600300A0003EB5D
88175 +:105F50008F90001C8E0800043C14080026945A9868
88176 +:105F60003C010800AC285A98AF480020921F00035B
88177 +:105F700033F9000413200002240200122402000658
88178 +:105F8000A362003F920B001B2404FFC03165003F59
88179 +:105F900000A43825A367003E9206000330C200012A
88180 +:105FA00014400132000000008E020008AE8200089A
88181 +:105FB0003C0208008C425AA010400131000249C244
88182 +:105FC000A76900088E14000C240C0001240300149F
88183 +:105FD000AF74002C8E0E0010AF6E0030960D0016C0
88184 +:105FE000A76D0038960A0014A76A003AAF6C000C3F
88185 +:105FF000A76C0010A76C0012A76C0014A76C001609
88186 +:1060000012200136A3630034920F000331F0000226
88187 +:106010002E1100018F90001C262200080A00036246
88188 +:10602000AF8200288E0400043C0E0008034E30218D
88189 +:10603000AF4400208E05000890CD0000240C0050D5
88190 +:1060400031AA00FF114C00862407008824060009AD
88191 +:106050000E00022A000000000A0003EB8F90001CD3
88192 +:106060008E04001C0E00024100000000104000F4ED
88193 +:10607000004050218F89001C240700890140202105
88194 +:106080008D25001C240600010E00022A00000000DD
88195 +:106090000A0003EB8F90001C960D00023C140800D0
88196 +:1060A00026945A9831AA0004514000B83C10600070
88197 +:1060B0008E0E001C3C010800AC2E5A98AF4E0020FA
88198 +:1060C000920700102408001430E200FF144800D6A4
88199 +:1060D00000000000960B00023163000114600165AE
88200 +:1060E000000000008E020004AE8200083C1408008C
88201 +:1060F0008E945AA01280015B000000008F7400741F
88202 +:106100003C0380002404000102835825AF6B007417
88203 +:10611000A3600005AF64000C3C0708008CE75AA0A0
88204 +:106120008F86001CA7640010000711C2A76400122C
88205 +:10613000A7640014A7640016A76200088CC80008B2
88206 +:1061400024040002AF68002C8CC5000CAF65003041
88207 +:1061500090DF0010A37F00348F99001C9330001152
88208 +:10616000A37000358F98001C930F0012A36F0036A8
88209 +:106170008F89001C912E0013A36E00378F90001C96
88210 +:10618000960D0014A76D0038960A0016A76A003A0B
88211 +:106190008E0C0018AF6C00245620FDCCAF84002874
88212 +:1061A0003C05080024A55A980E0002640000202136
88213 +:1061B0008F90001C0A0004A7000020218E1000040C
88214 +:1061C00024070081AF500020936900233134001070
88215 +:1061D000128000170000000002002021000028218A
88216 +:1061E0002406001F0E00022A000000000A0003EB34
88217 +:1061F0008F90001C3C05080024A55A980E000287C9
88218 +:10620000240400828F90001C000028210A000362F1
88219 +:10621000AF8500283C0408008C845A980E0014E8CE
88220 +:10622000000000008F90001C0A000482000018216A
88221 +:106230000E00025602002021937800230200202144
88222 +:10624000370F00100E00025FA36F002300003821FB
88223 +:1062500002002021000028210A0005A82406001FB2
88224 +:10626000920F000C31E90001112000030000000032
88225 +:106270009618000EA4D8002C921F000C33F90002CF
88226 +:1062800013200005000038218E0200149608001229
88227 +:10629000ACC2001CA4C8001A0A0005432406000969
88228 +:1062A0003C05080024A55A980E0002872404008BA0
88229 +:1062B0008F90001C0011282B0A000362AF85002874
88230 +:1062C000AF6000843C0A08008D4A5A983C0D0800D3
88231 +:1062D0008DAD0050240CFF803C02000C014D1821B4
88232 +:1062E000006C2024AF4400288E070014306B007F20
88233 +:1062F000017A282100A2C821AF2700D88E060014F9
88234 +:10630000AF9900D0AF2600DC8E080010251FFFFEDD
88235 +:106310000A000408AF3F01083C0508008CA55A9804
88236 +:106320003C1908008F39005024CCFFFE00B9C02171
88237 +:1063300003047824AF4F00283C1408008E945A9828
88238 +:106340003C0908008D2900500289702131CD007F61
88239 +:1063500001BA502101478021AE0600D8AF9000D08D
88240 +:10636000AE0000DC0A0003B1AE0C0108548CFE3014
88241 +:10637000240540000A00043B240510000E00032EF3
88242 +:10638000000000000A0003EB8F90001C8E0F442CCD
88243 +:106390003C186C62370979703C010800AC205A98AF
88244 +:1063A00015E9000824050140979F00349786002CCA
88245 +:1063B0000280282103E6C82B132000112404009238
88246 +:1063C000240501400E000C7A240400023C01080060
88247 +:1063D000AC225A98AF4200203C0508008CA55A9880
88248 +:1063E00010A00005240400830E00084500000000F2
88249 +:1063F00010400009240400833C05080024A55A9895
88250 +:106400000E000264000000008F90001C0011202B81
88251 +:106410000A000362AF8400280E0008490000000053
88252 +:106420000A00055F8F90001C0E00084D0000000060
88253 +:106430003C05080024A55A980A00062F2404008B66
88254 +:10644000240400040E000C7A240500301440002AB5
88255 +:10645000004050218F89001C240700830140202127
88256 +:106460008D25001C0A000551240600018E04000839
88257 +:106470000E000241000000000A00051BAE82000869
88258 +:106480003C05080024A55A980E00023C240400870D
88259 +:106490008F90001C0A0005360011102B8F830038E6
88260 +:1064A0008F8600301066FE9D000038213C070800F2
88261 +:1064B00024E75A1C000320C0008728218CAC000070
88262 +:1064C00011900061246A00013143000F5466FFFA05
88263 +:1064D000000320C00A0004F6000038213C05080033
88264 +:1064E00024A55A980E000287240400828F90001C75
88265 +:1064F0000A000536000010213C0B0008034B202148
88266 +:106500002403005024070001AF420020A0830000B4
88267 +:10651000A08700018F82001C90480004A08800180A
88268 +:106520008F85001C90A60005A08600198F9F001C77
88269 +:1065300093F90006A099001A8F90001C921800078A
88270 +:10654000A098001B8F94001C928F0008A08F001C45
88271 +:106550008F89001C912E0009A08E001D8F8D001CBC
88272 +:1065600091AC000AA08C001E8F8B001C3C0C080014
88273 +:10657000258C5A1C9163000B3C0B0800256B5A18A4
88274 +:10658000A083001F8F87001C90E8000CA0880020CB
88275 +:106590008F82001C9045000D24024646A0850021F4
88276 +:1065A0008F86001C90DF000EA09F00228F99001C98
88277 +:1065B0009330000FA09000238F98001C93140010BC
88278 +:1065C000A09400248F8F001C91E90011A089002560
88279 +:1065D0008F89001C8F8E00308F900038952D00140D
88280 +:1065E000000E18C025C80001A48D002895270016AC
88281 +:1065F000006C3021006BC821A487002A9525001863
88282 +:106600003108000FA485002CA482002E8D3F001CB1
88283 +:10661000ACCA0000AF88003011100006AF3F000088
88284 +:10662000000038218D25001C014020210A00055161
88285 +:1066300024060001250C00013184000F00003821E0
88286 +:106640000A0006B8AF8400383C07080024E75A184F
88287 +:106650000087302100003821ACA000000A0004F6B9
88288 +:10666000ACC000003C05080024A55A980A00062F7B
88289 +:10667000240400878E0400040E0002410000000084
88290 +:106680000A00056AAE8200083084FFFF30C600FFB2
88291 +:106690008F4201B80440FFFE00064400010430258B
88292 +:1066A0003C07200000C720253C031000AF400180BC
88293 +:1066B000AF450184AF44018803E00008AF4301B84F
88294 +:1066C00027BDFFE8AFB00010AFBF00143C0760006B
88295 +:1066D000240600021080000600A080210010102B6C
88296 +:1066E0008FBF00148FB0001003E0000827BD001812
88297 +:1066F0003C09600EAD2000348CE5201C8F82001C0C
88298 +:106700002408FFFC00A81824ACE3201C0E0006D1CE
88299 +:106710008C45000C0010102B8FBF00148FB00010A0
88300 +:1067200003E0000827BD00183C02600E344701005A
88301 +:1067300024090018274A040000000000000000009F
88302 +:10674000000000003C06005034C30200AF44003893
88303 +:10675000AF45003CAF430030014018218F4B000093
88304 +:10676000316800201100FFFD2406007F2408FFFF90
88305 +:106770008C6C000024C6FFFF24630004ACEC000016
88306 +:1067800014C8FFFB24E70004000000000000000024
88307 +:10679000000000003C0F0020AF4F00300000000060
88308 +:1067A00024AD020001A5702B2529FFFF008E2021BA
88309 +:1067B0001520FFE101A0282103E0000800000000EF
88310 +:1067C00027BDFFE0AFB10014AFBF0018AFB000109D
88311 +:1067D0003C05600E8CA20034008088211440000625
88312 +:1067E0003C0460008C87201C2408FFFC00E8302457
88313 +:1067F00034C30001AC83201C8F8B001C24090001D2
88314 +:10680000ACA90034956900028D6500148D70000CF0
88315 +:106810002D2400818D6700048D660008108000071C
88316 +:106820008D6A00102D2C00041580000E30CE00075C
88317 +:10683000312D000311A0000B000000002404008B88
88318 +:10684000020028210E0006D1240600030011102B9F
88319 +:106850008FBF00188FB100148FB0001003E0000844
88320 +:1068600027BD002015C0FFF62404008B3C03002048
88321 +:10687000AF4300300000000024020001AF8200148A
88322 +:106880000000000000000000000000003C1F01505C
88323 +:10689000013FC825253800033C0F600EAF47003884
88324 +:1068A00000181882AF46003C35E8003CAF59003074
88325 +:1068B000274704008F4400003086002010C0FFFDF1
88326 +:1068C00000000000106000082466FFFF2403FFFFA3
88327 +:1068D0008CEB000024C6FFFF24E70004AD0B000092
88328 +:1068E00014C3FFFB250800043C08600EAD09003806
88329 +:1068F0000000000000000000000000003C07002035
88330 +:10690000AF470030000000000E0006F901402021D2
88331 +:1069100002002821000020210E0006D124060003D9
88332 +:106920000011102B8FBF00188FB100148FB0001012
88333 +:1069300003E0000827BD002027BDFFE0AFB200182C
88334 +:106940003092FFFFAFB10014AFBF001CAFB000101A
88335 +:106950001640000D000088210A0007AA022010211D
88336 +:1069600024050001508500278CE5000C0000000D77
88337 +:10697000262300013071FFFF24E200200232382B71
88338 +:1069800010E00019AF82001C8F8200141440001622
88339 +:106990008F87001C3C0670003C0320008CE5000043
88340 +:1069A00000A62024148300108F84003C00054402BC
88341 +:1069B0003C09800000A980241480FFE9310600FF13
88342 +:1069C0002CCA00095140FFEB262300010006688015
88343 +:1069D0003C0E080025CE579801AE60218D8B00003B
88344 +:1069E0000160000800000000022010218FBF001C81
88345 +:1069F0008FB200188FB100148FB0001003E00008B0
88346 +:106A000027BD00200E0006D1240400841600FFD804
88347 +:106A10008F87001C0A00078BAF80003C90EF0002BC
88348 +:106A200000002021240600090E0006D1000F2E00D0
88349 +:106A30008F87001C0010102B0A00078BAF82003CD0
88350 +:106A4000020028210E0006DF240400018F87001CAD
88351 +:106A50000A00078BAF82003C020028210E0006DFEF
88352 +:106A6000000020210A0007C38F87001C0E00071FAB
88353 +:106A7000020020210A0007C38F87001C30B0FFFFEF
88354 +:106A8000001019C08F5801B80700FFFE3C1F2004FA
88355 +:106A90003C191000AF430180AF400184AF5F018813
88356 +:106AA000AF5901B80A00078C262300013082FFFF8E
88357 +:106AB00014400003000018210004240224030010E5
88358 +:106AC000308500FF14A000053087000F2466000801
88359 +:106AD0000004220230C300FF3087000F14E00005DD
88360 +:106AE000308900032468000400042102310300FF00
88361 +:106AF0003089000315200005388B0001246A00024C
88362 +:106B000000042082314300FF388B00013164000112
88363 +:106B100010800002246C0001318300FF03E00008B4
88364 +:106B200000601021308BFFFF000B394230E600FF80
88365 +:106B30003C09080025295998000640800109602178
88366 +:106B40008D8700003164001F240A0001008A1804A8
88367 +:106B500030A500FF00E3202514A000020003102749
88368 +:106B600000E22024240F000100CF700401096821F5
88369 +:106B7000000E282714800005ADA400008F86000CAD
88370 +:106B800000A6102403E00008AF82000C8F88000CE0
88371 +:106B900001C8102503E00008AF82000C3C06001F6E
88372 +:106BA0003C0360003084FFFF34C5FF8024020020D6
88373 +:106BB000AC602008AC60200CAC602010AC652014E8
88374 +:106BC000AC642018AC62200000000000000000004F
88375 +:106BD00003E000080000000027BDFFE82402FFFFDB
88376 +:106BE000AFBF0010AF82000C000020213C0608005F
88377 +:106BF00024C659982405FFFF248900010004408021
88378 +:106C00003124FFFF010618212C87002014E0FFFA31
88379 +:106C1000AC6500000E0008160000202124020001CF
88380 +:106C20003C04600024050020AC822018AC852000C4
88381 +:106C3000000000000000000000000000244A0001E5
88382 +:106C40003142FFFF2C46040014C0FFF78FBF001035
88383 +:106C500003E0000827BD00188F8300082C620400A1
88384 +:106C600003E00008384200018F830008246200011D
88385 +:106C700003E00008AF8200088F8300082462FFFF52
88386 +:106C800003E00008AF82000827BDFFE0AFB10014A9
88387 +:106C9000AFBF0018AFB000108F6B00303C06600033
88388 +:106CA00000808821ACCB20088F6A002C3C02800039
88389 +:106CB00024030008ACCA200C9769003A9768003892
88390 +:106CC00000092C003107FFFF00A72025ACC42010CD
88391 +:106CD000ACC22014ACC32000000000000000000083
88392 +:106CE000000000003C0360008C6D200031AC000807
88393 +:106CF0001580FFF9000000008C6E201405C00020F4
88394 +:106D0000000000000E0007DA8F84000C00024080B3
88395 +:106D10003C09080025295998010938218CE4000014
88396 +:106D20000E0007DA00028140020220213090FFFFAE
88397 +:106D3000020020210E0007F8000028213C0C8000F2
88398 +:106D4000022C58253210FFFF3C116000240A00205D
88399 +:106D5000AE2B2014AE302018AE2A20000000000018
88400 +:106D60000000000000000000020010218FBF00188A
88401 +:106D70008FB100148FB0001003E0000827BD002081
88402 +:106D80008C6620143C02001F3443FF803C1FFFE848
88403 +:106D900000C3C02437F9080003198021001079C20C
88404 +:106DA0003C0C8000022C582531F0FFFF3C116000A4
88405 +:106DB000240A0020AE2B2014AE302018AE2A20006A
88406 +:106DC0000000000000000000000000000200102190
88407 +:106DD0008FBF00188FB100148FB0001003E00008BF
88408 +:106DE00027BD002027BDFFE8AFB000103402FFFF31
88409 +:106DF0003090FFFFAFBF00141202000602002021F6
88410 +:106E00000E00081600000000020020210E0007F806
88411 +:106E1000240500018F8400088FBF00148FB000107C
88412 +:106E20002483FFFF27BD001803E00008AF8300089C
88413 +:106E3000000439C230E6003F00043B42000718401E
88414 +:106E4000240210002CC4002024C8FFE0AF42002C14
88415 +:106E5000246300011480000330A900FF00071840DC
88416 +:106E6000310600FF0003608024080001019A5821C8
88417 +:106E70003C0A000E00C82804016A382111200005D0
88418 +:106E8000000530278CE900000125302503E00008CB
88419 +:106E9000ACE600008CEE000001C6682403E00008A8
88420 +:106EA000ACED000027BDFFE8AFBF0014AFB000108D
88421 +:106EB0003C0460008C8508083403F00030A2F00028
88422 +:106EC00050430006240200018C8708083404E000C7
88423 +:106ED00030E6F00010C4001E24020002AF82004021
88424 +:106EE0003C1060003C0A0200AE0A0814240910009D
88425 +:106EF0003C08000E8E03440003482021AF49002CBB
88426 +:106F0000240501200E000CC0000030218F830040BA
88427 +:106F1000106000043C021691240B0001106B000E5F
88428 +:106F20003C023D2C344F0090AE0F44088FBF00143C
88429 +:106F30008FB000103C0C6000240E10003C0D0200CD
88430 +:106F400027BD0018AD8E442003E00008AD8D081069
88431 +:106F50000A0008E7AF8000403C0218DA344F009086
88432 +:106F6000AE0F44088FBF00148FB000103C0C6000BF
88433 +:106F7000240E10003C0D020027BD0018AD8E4420E9
88434 +:106F800003E00008AD8D08100A0008BB24050001CD
88435 +:106F90000A0008BB000028213C08080025085DA461
88436 +:106FA0002404FFFF010018212402001E2442FFFFD9
88437 +:106FB000AC6400000441FFFD246300043C070800AA
88438 +:106FC00024E75E208CE5FFFC2404001C240600015D
88439 +:106FD000308A001F0146480424840001000910275C
88440 +:106FE0002C8300201460FFFA00A22824ACE5FFFCEB
88441 +:106FF0003C05666634A4616E3C06080024C65EE06B
88442 +:10700000AF840058AF88009C2404FFFF00C0182103
88443 +:107010002402001F2442FFFFAC6400000441FFFD76
88444 +:10702000246300043C0766663C05080024A55EA0B6
88445 +:10703000AF86004834E6616EAF8600982404FFFFF7
88446 +:1070400000A018212402000F2442FFFFAC640000BE
88447 +:107050000441FFFD246300043C0B66663C06080007
88448 +:1070600024C65E203568616EAF8500A4AF880070CD
88449 +:107070002404FFFF00C018212402001F2442FFFF48
88450 +:10708000AC6400000441FFFD246300043C0D66660F
88451 +:107090003C0A0800254A5F6035AC616EAF860090FF
88452 +:1070A000AF8C005C2404FFFF014018212402000380
88453 +:1070B0002442FFFFAC6400000441FFFD2463000490
88454 +:1070C0003C09080025295F708D27FFFC2404000679
88455 +:1070D000240500013099001F0325C0042484000109
88456 +:1070E000001878272C8E002015C0FFFA00EF3824F6
88457 +:1070F000AD27FFFC3C09666624030400240403DC7E
88458 +:1071000024050200240600663522616E3C08080052
88459 +:1071100025085AA4AF820074AF830044AF83006C8B
88460 +:10712000AF830050AF830084AF8A008CAF840064CB
88461 +:10713000AF85004CAF860054AF840078AF85006007
88462 +:10714000AF86008001001821240200022442FFFFC4
88463 +:10715000AC6000000441FFFD24630004240400032C
88464 +:107160002403000C3C0A0800254A5AB0AF8A006884
88465 +:107170000A00098E2405FFFF000418802484000102
88466 +:10718000006858212C8700C014E0FFFBAD650000AB
88467 +:107190003C0E666635CD616E240C17A024081800DD
88468 +:1071A000AF8D0088AF8C009403E00008AF88007CAE
88469 +:1071B0002484007F000421C200004021000030210F
88470 +:1071C00000003821000028210A0009A5AF8400A092
88471 +:1071D0001060000624E7000100C4302124A500014E
88472 +:1071E0002CC20BF51440FFFA2CA300663C090800E2
88473 +:1071F00025295F6001201821240200032442FFFF9B
88474 +:10720000AC6000000441FFFD2463000410E0001A9C
88475 +:1072100024E3FFFF0003294210A0000A0000202100
88476 +:107220002406FFFF3C03080024635F602484000100
88477 +:107230000085502BAC660000250800011540FFFBBF
88478 +:107240002463000430E2001F10400008000868803A
88479 +:10725000240C0001004C38040008588001692821E2
88480 +:1072600024E6FFFF03E00008ACA6000001A94021CE
88481 +:107270002409FFFFAD09000003E000080000000042
88482 +:10728000AF4400283C04000C034420210005288260
88483 +:107290000A000CC000003021000421803C03600083
88484 +:1072A000AC6410080000000000052980AC65100CDB
88485 +:1072B0000000000003E000088C62100C27BDFFE80E
88486 +:1072C0000080282124040038AFBF00140E0009D527
88487 +:1072D000AFB0001024040E00AF4400283C10000C96
88488 +:1072E00003502021240500100E000CC000003021A6
88489 +:1072F00003501021AC400000AC40000424040038CE
88490 +:107300008FBF00148FB0001024053FFF27BD001869
88491 +:107310000A0009D58C430000000421803C03600072
88492 +:10732000AC641008000000008C62100C03E0000840
88493 +:107330000002118227BDFFC8AFB400208F940068FF
88494 +:10734000AFBE0030AFB7002CAFB600280000B821A8
88495 +:107350000080B021241E00C0AFBF0034AFB50024B0
88496 +:10736000AFB3001CAFB20018AFB10014AFB0001043
88497 +:107370000A000A12AFA5003C504000018F9400683B
88498 +:1073800027DEFFFF13C00028269400048E92000021
88499 +:107390003C03080024635DA01240FFF70283102B1A
88500 +:1073A0003C04080024845AA4028410230002A8C0CC
88501 +:1073B000000098210A000A212411000100118840D0
88502 +:1073C000122000260000000002B380210251282470
88503 +:1073D0000200202110A0FFF9267300010E0009DE33
88504 +:1073E000000000000016684032EC000101AC2021D2
88505 +:1073F0000E0009D5020028218F89009426F700018C
88506 +:107400008FA6003C3AEB0001316A00012528FFFFFE
88507 +:107410000011382702CAB021AF88009416E6FFE7B2
88508 +:1074200002479024AE92000002E010218FBF00348A
88509 +:107430008FBE00308FB7002C8FB600288FB5002488
88510 +:107440008FB400208FB3001C8FB200188FB10014CE
88511 +:107450008FB0001003E0000827BD00383C0E080084
88512 +:1074600025CE5DA0028E102B0A000A0DAE92000000
88513 +:1074700027BDFFD8AFB10014AFB00010AFBF0020E0
88514 +:10748000AFB3001CAFB2001800A0882110A0001FED
88515 +:10749000000480403C13080026735AA40A000A5ACC
88516 +:1074A0002412000112200019261000010E0009F517
88517 +:1074B00002002021000231422444FFA0000618806F
88518 +:1074C0003045001F2C8217A1007318212631FFFFC1
88519 +:1074D0001040FFF400B230048C690000020020214B
88520 +:1074E00024053FFF012640241500FFEE0126382524
88521 +:1074F0000E0009D5AC6700008F8A009426100001A9
88522 +:10750000254700011620FFE9AF8700948FBF0020B8
88523 +:107510008FB3001C8FB200188FB100148FB0001011
88524 +:1075200003E0000827BD00288F85009C00805821BB
88525 +:107530000000402100004821240A001F3C0C0800E4
88526 +:10754000258C5E1C3C0D080025AD5DA48CA60000BA
88527 +:1075500050C000140000402100AD1023000238C0CC
88528 +:10756000240300010A000A930000202115000003F3
88529 +:1075700000E410212448202400004821252900018E
88530 +:10758000512B00132506DFDC106000062484000167
88531 +:1075900000C3702415C0FFF5000318400A000A91CB
88532 +:1075A0000000402110AC002624A300040060282124
88533 +:1075B000254AFFFF1540FFE5AF85009C512B0004D5
88534 +:1075C0002506DFDC0000402103E000080100102157
88535 +:1075D0000006614230C5001F000C50803C070800C7
88536 +:1075E00024E75DA424040001014730211120000F8D
88537 +:1075F00000A420043C05080024A55E20148000059A
88538 +:107600002529FFFF24C6000410C50011000000005A
88539 +:10761000240400018CCF00000004C0270004204097
88540 +:1076200001F868241520FFF5ACCD00008F99007893
88541 +:1076300001001021032B482303E00008AF890078E4
88542 +:107640003C05080024A55DA40A000A9B0000402117
88543 +:107650003C06080024C65DA40A000AB42404000104
88544 +:10766000308800FF240200021102000A24030003F4
88545 +:107670001103005C8F8900A4240400041104005F3E
88546 +:1076800024050005110500670000182103E000082B
88547 +:10769000006010218F8900483C0C0800258C5EE0BA
88548 +:1076A0003C04080024845F60240300201060000F65
88549 +:1076B00000005821240D0002240E00033C0F080096
88550 +:1076C00025EF5EE08D27000014E0000B30F9FFFF8E
88551 +:1076D000252900040124C02B53000001018048210A
88552 +:1076E0002463FFFF5460FFF88D270000016018211C
88553 +:1076F00003E0000800601021132000323C0500FF69
88554 +:1077000030E200FF004030211040004200005021D4
88555 +:1077100024050001000020210005C84000A6C02467
88556 +:1077200017000003332500FF14A0FFFB2484000191
88557 +:10773000012CC023001828C000AA6021008C502111
88558 +:107740003144001F240C0001008C18040003102792
88559 +:1077500000E23024110D0041AD260000110E004C56
88560 +:10776000000A1840110D00368F87006C510E00562C
88561 +:107770008F8C0060240D0004110D005A8F8E008440
88562 +:10778000240E0005150EFFDA01601821240B1430B9
88563 +:1077900011400006000018218F8400A0246300011E
88564 +:1077A000006A402B1500FFFD016458218F8A00807C
88565 +:1077B000AF89008C016018212549FFFF0A000AEB00
88566 +:1077C000AF89008000E52024000736021080FFD03A
88567 +:1077D000240A001800075402314600FF0A000AF389
88568 +:1077E000240A00103C0C0800258C5EA03C04080014
88569 +:1077F00024845EE00A000ADA240300103C0C08002E
88570 +:10780000258C5E203C04080024845EA00A000AD96E
88571 +:107810008F89009000071A02306600FF0A000AF301
88572 +:10782000240A00088F89008C3C0C0800258C5F60BE
88573 +:107830003C04080024845F700A000ADA2403000470
88574 +:10784000000A4080250B003024E6FFFF016018216C
88575 +:10785000AF8900480A000AEBAF86006C000AC982B3
88576 +:10786000001978803C07080024E75EA001E720218A
88577 +:10787000000A18428C8F00003079001F032C380456
88578 +:107880000007C02701F860240A000B08AC8C000038
88579 +:10789000000331420006288000AF28213062001F1B
88580 +:1078A0008CB8000024630001004CC804000321428E
88581 +:1078B000001938270004108003073024004F2021CE
88582 +:1078C0000A000B4CACA60000000A68C025AB0032D1
88583 +:1078D000258AFFFF01601821AF8900A40A000AEB86
88584 +:1078E000AF8A0060254B1030AF89009001601821ED
88585 +:1078F00025C9FFFF0A000AEBAF8900843086000724
88586 +:107900002CC2000610400014000000000006408059
88587 +:107910003C030800246357BC010338218CE40000B9
88588 +:1079200000800008000000002409000310A9000ED8
88589 +:1079300000000000240A000510AA000B000000004F
88590 +:10794000240B000110AB0008000000008F8C00A089
88591 +:1079500010AC00050000000003E00008000010214A
88592 +:107960000A000A7900A020210A000AC700C02021CD
88593 +:1079700027BDFFE8308400FF240300021083000BC2
88594 +:10798000AFBF0010240600031086003A240800044C
88595 +:1079900010880068240E0005108E007F2CAF143074
88596 +:1079A0008FBF001003E0000827BD00182CA2003094
88597 +:1079B0001440FFFC8FBF001024A5FFD0000531C28A
88598 +:1079C000000668803C07080024E75EE001A730213C
88599 +:1079D0008CC900000005288230AC001F240B000178
88600 +:1079E000018B50048F840048012A4025ACC8000058
88601 +:1079F0008C83000050600001AF8600488F98006CB7
88602 +:107A000030AE000124A6FFFF270F000115C00002C1
88603 +:107A1000AF8F006C24A600010006414200082080C0
88604 +:107A2000008718218C79000030C2001F2406000155
88605 +:107A30000046F804033F382410E0FFDA8FBF00103F
88606 +:107A40000005C182001870803C0F080025EF5EA081
88607 +:107A500001CF48218D2B00000005684231A5001F91
88608 +:107A600000A66004016C502527BD001803E0000843
88609 +:107A7000AD2A00002CA7003014E0FFCA8FBF001011
88610 +:107A800030B900071723FFC724A8FFCE00086A02F9
88611 +:107A9000000D60803C0B0800256B5EA0018B30213F
88612 +:107AA0008CC40000000828C230AA001F240800016E
88613 +:107AB000014848048F8200A400891825ACC3000047
88614 +:107AC0008C5F000053E00001AF8600A40005704009
88615 +:107AD000000E7942000F28803C04080024845EE0F8
88616 +:107AE00000A418218C6B000025DF000131CD001FA0
88617 +:107AF000001F514201A86004016C4825000A108053
88618 +:107B0000AC690000004428218CA600008F9800601A
88619 +:107B100033F9001F8FBF00100328380400C77825F1
88620 +:107B2000270E000127BD0018ACAF000003E00008DD
88621 +:107B3000AF8E006024A5EFD02CB804001300FF998D
88622 +:107B40008FBF001000053142000658803C0A080033
88623 +:107B5000254A5E20016A30218CC4000030A3001F3A
88624 +:107B600024090001006910048F9900900082F82513
88625 +:107B7000ACDF00008F27000050E00001AF860090CE
88626 +:107B80008F8D00848FBF001027BD001825AC000129
88627 +:107B900003E00008AF8C008415E0FF828FBF001067
88628 +:107BA0008F8600A0000610400046F821001F21002B
88629 +:107BB00003E4C8210019384024F8143000B8402BE1
88630 +:107BC0001100FF788FBF001024A4EBD00E00021329
88631 +:107BD00000C0282100027942000F70803C0D08008F
88632 +:107BE00025AD5F6001CD20218C8B0000304C001F43
88633 +:107BF00024060001018618048F89008C016350253A
88634 +:107C0000AC8A00008D25000050A00001AF84008CDC
88635 +:107C10008F9800808FBF001027BD00182708000133
88636 +:107C200003E00008AF88008030A5000724030003AC
88637 +:107C300010A3001028A2000414400008240700022A
88638 +:107C40002403000410A300152408000510A8000F49
88639 +:107C50008F8500A003E000080000000014A7FFFDCE
88640 +:107C60000080282114C3FFFB240400020A000B8BB0
88641 +:107C700000000000240900050080282110C9FFFB36
88642 +:107C80002404000303E000080000000014C5FFF115
88643 +:107C9000008028210A000B8B24040005240A00011F
88644 +:107CA0000080282110CAFFF12404000403E000082A
88645 +:107CB0000000000027BDFFE0AFB00010000581C24A
88646 +:107CC0002603FFD024C5003F2C6223D024C6007FAA
88647 +:107CD000AFB20018AFB10014AFBF001C309100FF6D
88648 +:107CE000000691C2000529820200202110400008F0
88649 +:107CF0002403FFFF0E000A4B0000000002002021B9
88650 +:107D0000022028210E000C390240302100001821E9
88651 +:107D10008FBF001C8FB200188FB100148FB00010FD
88652 +:107D20000060102103E0000827BD002027BDFFD818
88653 +:107D300024A2007FAFB3001CAFB20018000299C2AA
88654 +:107D4000309200FF24A3003F02402021026028213E
88655 +:107D5000AFB10014AFB00010AFBF00200E000B6E2B
88656 +:107D60000003898200408021004020210220282138
88657 +:107D700014400009000018218FBF00208FB3001CA1
88658 +:107D80008FB200188FB100148FB000100060102166
88659 +:107D900003E0000827BD00280E0009FC00000000D9
88660 +:107DA00000402821020020211051FFF3001019C0CB
88661 +:107DB0000E000A4B00000000020020210240282192
88662 +:107DC0000E000C39026030218FBF00208FB3001CE1
88663 +:107DD0008FB200188FB100148FB00010000018216E
88664 +:107DE0000060102103E0000827BD00283084FFFF59
88665 +:107DF00030A5FFFF1080000700001821308200012D
88666 +:107E00001040000200042042006518211480FFFB8E
88667 +:107E10000005284003E000080060102110C00007A2
88668 +:107E2000000000008CA2000024C6FFFF24A500046F
88669 +:107E3000AC82000014C0FFFB2484000403E00008AF
88670 +:107E40000000000010A0000824A3FFFFAC86000083
88671 +:107E500000000000000000002402FFFF2463FFFF79
88672 +:107E60001462FFFA2484000403E00008000000000C
88673 +:107E700030A5FFFF8F4201B80440FFFE3C076015AC
88674 +:107E800000A730253C031000AF440180AF400184BF
88675 +:107E9000AF46018803E00008AF4301B88F8500D0EA
88676 +:107EA0002C864000008018218CA700840087102BAE
88677 +:107EB00014400010000000008CA800842D06400033
88678 +:107EC00050C0000F240340008CAA0084008A482B75
88679 +:107ED000512000018CA3008400035A42000B208033
88680 +:107EE0003C05080024A558200085182103E000085F
88681 +:107EF0008C62000014C0FFF4000000002403400066
88682 +:107F000000035A42000B20803C05080024A558209D
88683 +:107F10000085182103E000088C6200008F8300D0E8
88684 +:107F2000906600D024C50001A06500D08F8500D0E8
88685 +:107F3000906400D090A200D210440017000000000E
88686 +:107F4000936C00788F8B00BC318A00FFA16A000C13
88687 +:107F500025490001938700C4312200FF3048007F8B
88688 +:107F60001107000B00026827A36200788F4E01788A
88689 +:107F700005C0FFFE8F9900B0241800023C0F1000CE
88690 +:107F8000AF590140A358014403E00008AF4F017806
88691 +:107F90000A000D0931A20080A0A000D00A000CFF49
88692 +:107FA000000000008F8700D027BDFFC8AFBF0030A2
88693 +:107FB000AFB7002CAFB60028AFB50024AFB4002097
88694 +:107FC000AFB3001CAFB20018AFB10014AFB00010D7
88695 +:107FD00094E300E094E200E2104300D72405FFFFA1
88696 +:107FE0003C047FFF3497FFFF2415FF800A000DF04B
88697 +:107FF0003C16000E108A00D18FBF00308F9100B068
88698 +:108000003C1808008F18005C001230C0001291402C
88699 +:108010000311702101D57824AF4F002C94EC00E2BD
88700 +:1080200031CD007F01BA5821318A7FFF0176482186
88701 +:10803000000A804002091021945300003C08080007
88702 +:108040008D0800580246C02132733FFF001319808B
88703 +:10805000010320210224282130BF007F03FAC82118
88704 +:1080600000B5A024AF54002C0336A0218E87001049
88705 +:108070008E8F003003785821256D008800EF702323
88706 +:10808000240C0002AE8E0010AF8D00ACA16C0088F5
88707 +:10809000976A003C8E8400308F9100AC0E000CD6A5
88708 +:1080A0003150FFFF00024B80020940253C02420094
88709 +:1080B00001022025AE2400048E8300048F8D00ACC5
88710 +:1080C0008E860000240E0008ADA3001CADA600188B
88711 +:1080D000ADA0000CADA00010929F000A33F900FF84
88712 +:1080E000A5B90014968500083C1F000CA5A5001634
88713 +:1080F0009298000A331100FFA5B100209690000865
88714 +:1081000024180005A5B00022ADA00024928F000B1A
88715 +:108110002410C00031E700FFA5A70002A1AE0001B6
88716 +:108120008E8C00308F8B00AC8F8400B0AD6C00085B
88717 +:108130003C0A08008D4A005401444821013540247E
88718 +:10814000AF4800283C0208008C4200540044302113
88719 +:1081500030C3007F007AC821033F282102458821CF
88720 +:10816000AF9100BCAF8500C0A23800008F8A00BC70
88721 +:108170002403FFBF2418FFDF954F000201F03824CD
88722 +:1081800000F37025A54E0002914D000231AC003F76
88723 +:10819000358B0040A14B00028F8600BC8F8900D038
88724 +:1081A000ACC000048D28007C3C098000ACC80008ED
88725 +:1081B00090C4000D3082007FA0C2000D8F8500BCEE
88726 +:1081C00090BF000D03E3C824A0B9000D8F9100BC3F
88727 +:1081D0009233000D02789024A232000D8E9000346C
88728 +:1081E0008F8B00BCAD7000108E87002C8E8F0030FE
88729 +:1081F00000EF7023AD6E0014916D001831AC007F5C
88730 +:10820000A16C00188F9F00BC8E8A00308FE8001888
88731 +:10821000015720240109302400C41025AFE20018C2
88732 +:108220009283000AA3E3001C969900088F8500BC86
88733 +:108230008F9800D0A4B9001E8E9000308E8400303C
88734 +:108240000E0002138F0500848F8500D0000291403C
88735 +:108250000002990090AF00BC0253882100403021F9
88736 +:1082600031E7000210E0000302118021000290803B
88737 +:108270000212802190B900BC3327000410E00002F4
88738 +:108280000006F880021F80218E9800308F8B00BC82
88739 +:1082900024068000330F0003000F702331CD00034C
88740 +:1082A000020D6021AD6C000494A400E294AA00E2E7
88741 +:1082B00094B000E231497FFF2522000130537FFF57
88742 +:1082C0000206182400734025A4A800E294A400E24A
88743 +:1082D0003C1408008E94006030917FFF123400221D
88744 +:1082E000000000000E000CF6000000008F8700D098
88745 +:1082F0000000282194F300E094F000E21213000F34
88746 +:108300008FBF003090E900D090E800D1313200FFFB
88747 +:10831000310400FF0244302B14C0FF36264A00010E
88748 +:1083200090EE00D2264B000131CD00FF008D602180
88749 +:10833000158BFF338F9100B08FBF00308FB7002CAB
88750 +:108340008FB600288FB500248FB400208FB3001C97
88751 +:108350008FB200188FB100148FB0001000A0102150
88752 +:1083600003E0000827BD003894A300E20066402423
88753 +:10837000A4A800E290A400E290B900E2309100FFCE
88754 +:108380000011A1C20014F827001F39C03332007F4A
88755 +:10839000024730250A000DE8A0A600E23084FFFF66
88756 +:1083A00030A5FFFFAF440018AF45001C03E00008F4
88757 +:1083B0008F42001427BDFFB8AFB000208F9000D0CF
88758 +:1083C0003084FFFFAFA40010AFBF0044AFBE004039
88759 +:1083D000AFB7003CAFB60038AFB50034AFB4003033
88760 +:1083E000AFB3002CAFB20028AFB10024A7A0001893
88761 +:1083F000920600D1920500D030C400FF30A300FFE8
88762 +:108400000064102B10400122AFA00014920900D08C
88763 +:108410008FB50010312800FF0088382324F4FFFFB7
88764 +:108420000014882B0015982B02339024524001260B
88765 +:108430008FB40014961E0012961F00108FB7001004
88766 +:1084400003DFC823001714000019C400000224032E
88767 +:108450000018140302E2B02A52C00001004020219B
88768 +:108460000284282B10A0000200801821028018210D
88769 +:1084700000033C0000071C033064FFFF2C8600094A
88770 +:1084800014C000020060B821241700088E0A0008FA
88771 +:10849000001769808E09000C31ABFFFF3C0C001007
88772 +:1084A000016C402527520400AF4A0038AF9200B853
88773 +:1084B000AF49003CAF480030000000000000000061
88774 +:1084C00000000000000000000000000000000000AC
88775 +:1084D00000000000000000008F4F000031EE00207F
88776 +:1084E00011C0FFFD0017982A027110240A000E83A4
88777 +:1084F0000000B02155E001019258000131130080C5
88778 +:10850000126001CF012020219655001232A5FFFFF5
88779 +:108510000E000CCBA7B500188F9000D00291A023BD
88780 +:1085200026CD00018F9100B8000DB4000016B403F1
88781 +:108530002638004002D7582A0014882B2405000151
88782 +:108540000300902101711024AF9800B8AFA500146A
88783 +:10855000104001BC8F8900B03C0C08008D8C005489
88784 +:10856000240BFF80921E00D001895021014B28244A
88785 +:10857000921900D0AF4500288E4700103C08080033
88786 +:108580008D0800583C1808008F18005430E33FFF56
88787 +:108590000003218001043021012658212402FF809C
88788 +:1085A0000162F824920C00D0AF5F002C92480000CA
88789 +:1085B00033D100FF333500FF0309982100117140CA
88790 +:1085C000001578C0326D007F01CF382101BA282113
88791 +:1085D000318300FF3164007F3C0A000C00AA88212F
88792 +:1085E0000367F02100033140009A10213108003F59
88793 +:1085F0003C1F000E00D1C021005F982127D90088C0
88794 +:108600002D150008AF9100C0AF9900ACAF9800BC29
88795 +:10861000AF9300B412A0018A00008821240E00014B
88796 +:10862000010E4004310D005D11A0FFB2310F0002B8
88797 +:108630008E4A00283C0300803C04FFEFAE6A000035
88798 +:108640008E450024A260000A3488FFFFAE65000456
88799 +:108650009247002C3C1FFF9F37FEFFFFA267000CD4
88800 +:108660008E62000C3C180040A267000B00433025CE
88801 +:1086700000C8C824033E88240238A825AE75000C23
88802 +:108680008E490004AE6000183C0F00FFAE69001474
88803 +:108690008E4D002C35EEFFFF8F8B00B001AE6024B5
88804 +:1086A000AE6C00108E470008A660000896450012C8
88805 +:1086B000AE6700208E42000C30B03FFF00105180AA
88806 +:1086C000AE6200248E5E0014014B182130A400011C
88807 +:1086D000AE7E00288E590018000331C2000443808A
88808 +:1086E000AE79002C8E51001C00C8F821A67F001C1A
88809 +:1086F000AE710030965800028E550020A678001EFC
88810 +:10870000AE75003492490033313000045600000544
88811 +:10871000925000008F8C00D08D8B007CAE6B0030AF
88812 +:10872000925000008F8F00BCA1F00000924E0033E9
88813 +:1087300031CD000251A00007925E00018F8900BC7C
88814 +:108740002418FF80913100000311A825A1350000F5
88815 +:10875000925E00018F9900BC2409FFBF240BFFDF4C
88816 +:10876000A33E00018F9500BC92B8000D3311007F2D
88817 +:10877000A2B1000D8F8E00BC91D0000D02097824AB
88818 +:10878000A1CF000D8F8800BC8E6D0014910A000DE2
88819 +:108790002DAC0001000C2940014B382400E51825C0
88820 +:1087A000A103000D964200128F8800BC8F8700D075
88821 +:1087B000A50200028E45000490FF00BC30A4000317
88822 +:1087C0000004302330DE000300BE102133F9000224
88823 +:1087D00017200002244400342444003090E200BCFE
88824 +:1087E00000A2302430DF000417E0000224830004DC
88825 +:1087F000008018218F8F00AC24090002AD03000413
88826 +:10880000A1E90000924E003F8F8D00ACA1AE0001A7
88827 +:108810008F9500AC924C003F8E440004A6AC000241
88828 +:10882000976B003C0E000CD63170FFFF00025380A6
88829 +:10883000020A38253C05420000E51825AEA30004D5
88830 +:108840008F8600AC8E480038ACC800188E440034C7
88831 +:10885000ACC4001CACC0000CACC00010A4C0001420
88832 +:10886000A4C00016A4C00020A4C00022ACC00024F4
88833 +:108870008E6400145080000124040001ACC4000880
88834 +:108880000E000CF6241100010A000E768F9000D025
88835 +:10889000920F00D2920E00D08FB5001031EB00FF86
88836 +:1088A00031CD00FF008D6023016C50212554FFFF66
88837 +:1088B0000014882B0015982B023390241640FEDDFF
88838 +:1088C000000000008FB400148FBF00448FBE004032
88839 +:1088D0003A8200018FB7003C8FB600388FB5003464
88840 +:1088E0008FB400308FB3002C8FB200288FB10024DA
88841 +:1088F0008FB0002003E0000827BD0048331100209E
88842 +:10890000122000EF24150001921E00BC241F00015C
88843 +:108910000000A82133D900011320000DAFBF001CB7
88844 +:108920008E4400148E0800840088102B144000022E
88845 +:10893000008030218E0600848E03006400C3A82BC3
88846 +:1089400016A0000200C020218E0400640080A8212F
88847 +:108950008E4700148E05006400E5302B14C0000221
88848 +:1089600000E020218E0400640095F02313C0000471
88849 +:108970008FAC001C240A0002AFAA001C8FAC001CA4
88850 +:10898000028C582B156000A8000018218E4F00386B
88851 +:108990008E6D000C3C0E0080AE6F00008E4A0034DD
88852 +:1089A0003C10FF9F01AE5825AE6A00049246003F7E
88853 +:1089B000360CFFFF016C38243C0500203C03FFEF20
88854 +:1089C000A266000B00E510253468FFFF8F8700B812
88855 +:1089D0000048F8243C04000803E4C825AE79000CE4
88856 +:1089E0008CF80014AE60001802BE7821AE78001436
88857 +:1089F0008CF10018AE71001C8CE90008AE690024EF
88858 +:108A00008CEE000CAE6F002CAE600028AE6E002025
88859 +:108A1000A6600038A660003A8CED001401B58023F2
88860 +:108A2000021E902312400011AE72001090EA003D29
88861 +:108A30008E6500048E640000000A310000A6C82183
88862 +:108A4000000010210326402B0082F82103E8C021FA
88863 +:108A5000AE790004AE78000090F1003DA271000AEA
88864 +:108A60008F8900B895320006A67200088F9800AC76
88865 +:108A70002419000202A02021A31900009769003CDC
88866 +:108A80008F9200AC0E000CD63131FFFF00027B80CC
88867 +:108A90008F8500B8022F68253C0E420001AE80256C
88868 +:108AA000AE5000048F8400AC8CAC0038AC8C001845
88869 +:108AB0008CAB0034AC8B001CAC80000CAC80001084
88870 +:108AC000A4800014A4800016A4800020A4800022AA
88871 +:108AD000AC80002490A7003FA487000212A00135BB
88872 +:108AE0002403000153C0000290A2003D90A2003E6A
88873 +:108AF00024480001A08800018F9F00ACAFF500085A
88874 +:108B00008F8300D024070034906600BC30C500027B
88875 +:108B100050A00001240700308F9200B88F8A00BC5B
88876 +:108B2000906D00BC924B00002412C00032A50003DF
88877 +:108B3000A14B00008F8600B88F8800BC240200047F
88878 +:108B400090C400010045182330790003A1040001FE
88879 +:108B50008F8A00BC8F9F00B800F53821955800021D
88880 +:108B600097E9001200F9382103128824312F3FFFC2
88881 +:108B7000022F7025A54E00029150000231A800047A
88882 +:108B8000320C003F358B0040A14B000212A00002C6
88883 +:108B90008F8500BC00E838218F8E00D0ACA7000480
88884 +:108BA000240BFFBF8DCD007C2EA400012403FFDF2A
88885 +:108BB000ACAD000890B0000D00044140320C007FC5
88886 +:108BC000A0AC000D8F8600BC90CA000D014B102494
88887 +:108BD000A0C2000D8F8700BC90E5000D00A3F82413
88888 +:108BE00003E8C825A0F9000D8F9100B88F8D00BC57
88889 +:108BF0008E380020ADB800108E290024ADA90014D5
88890 +:108C00008E2F0028ADAF00188E2E002C0E000CF613
88891 +:108C1000ADAE001C8FB0001C240C0002120C00EE44
88892 +:108C20008F9000D08FA3001C006088211460000288
88893 +:108C30000060A8210000A02156A0FE390291A023C7
88894 +:108C40000014882B8FA90010960700103C1E0020EE
88895 +:108C50000136402302C750213112FFFFA60A00103F
88896 +:108C6000AFB20010AF5E0030000000009617001099
88897 +:108C7000961300121277008F000000008E05000C82
88898 +:108C80008E0B00080016698000AD7021000DC7C36F
88899 +:108C900001CDA82B0178782101F56021AE0E000CE2
88900 +:108CA000AE0C00088FB300100013B82B02378024DD
88901 +:108CB0001200FF048F9000D00A000E3C000000005C
88902 +:108CC0008E4D0038A6600008240B0003AE6D000036
88903 +:108CD0008E500034A260000A8F9800B8AE70000475
88904 +:108CE0003C0500809311003FA26B000C8E6F000CBE
88905 +:108CF0003C0EFF9FA271000B01E5102535CCFFFF54
88906 +:108D00003C03FFEF8F9200B8004C30243464FFFF27
88907 +:108D100000C4F824AE7F000C8E590014964800124F
88908 +:108D20008F8A00B0AE7900108E490014AE60001832
88909 +:108D3000AE600020AE690014AE6000248E470018BB
88910 +:108D400031093FFF0009F180AE6700288E4D000811
88911 +:108D500003CA802131180001AE6D00308E4F000C27
88912 +:108D60008F8C00AC001089C200185B80022B282178
88913 +:108D7000240E0002A665001CA6600036AE6F002C13
88914 +:108D8000A18E00009763003C8F8A00AC3C04420037
88915 +:108D90003062FFFF00443025AD4600048F9F00B8CD
88916 +:108DA000240700012411C0008FF30038240600348A
88917 +:108DB000AD5300188FF90034AD59001CAD40000CC4
88918 +:108DC000AD400010A5400014A5400016A5400020AD
88919 +:108DD000A5400022AD400024A5550002A147000196
88920 +:108DE0008F9E00AC8F8800B88F9200BCAFD5000872
88921 +:108DF000910D0000A24D00008F9000B88F8B00BC39
88922 +:108E000092180001A17800018F8400BC94850002B3
88923 +:108E100000B1782401E97025A48E0002908C000234
88924 +:108E20003183003FA08300028F8300D08F8400BC79
88925 +:108E3000906200BC305300025260000124060030F2
88926 +:108E4000AC8600048C6F007C2403FFBF02A0882145
88927 +:108E5000AC8F0008908E000D31CC007FA08C000DEF
88928 +:108E60008F8600BC90C2000D00432024A0C4000DDA
88929 +:108E70008F8900BC913F000D37F90020A139000D0A
88930 +:108E80008F8800B88F9300BC8D070020AE6700105C
88931 +:108E90008D0A0024AE6A00148D1E0028AE7E0018D4
88932 +:108EA0008D12002C0E000CF6AE72001C0A00103D54
88933 +:108EB0008F9000D0960E00148E03000431CCFFFF7B
88934 +:108EC000000C10C000622021AF44003C8E1F000443
88935 +:108ED0008F46003C03E6C8231B20003C0000000036
88936 +:108EE0008E0F000025E200013C05001034B500089B
88937 +:108EF000AF420038AF550030000000000000000015
88938 +:108F00000000000000000000000000000000000061
88939 +:108F100000000000000000008F580000330B00200C
88940 +:108F20001160FFFD000000008F5304003C0D002085
88941 +:108F3000AE1300088F570404AE17000CAF4D00307D
88942 +:108F4000000000003C0608008CC600442416000106
88943 +:108F500010D600BD00000000961F00123C0508005E
88944 +:108F60008CA5004000BFC821A61900129609001464
88945 +:108F700025270001A6070014960A00143144FFFFBC
88946 +:108F80005486FF498FB30010A60000140E000E1681
88947 +:108F900030A5FFFF3C0408008C84002496030012D7
88948 +:108FA0000044102300623023A60600120A00105964
88949 +:108FB0008FB30010A08300018F8200AC2404000155
88950 +:108FC000AC4400080A000FF08F8300D08E0200002E
88951 +:108FD0000A0010EA3C0500108F8200C08FA7001C19
88952 +:108FE000921800D0920B00D0920E00D0331100FFE7
88953 +:108FF000316900FF00117940000928C001E56021B6
88954 +:1090000031C300FF036C50210003314000C2C8216E
88955 +:10901000255F0088AF9F00ACAF9900BCA1470088D6
88956 +:109020009768003C03C020218F9100AC0E000CD645
88957 +:109030003110FFFF00026B80020DC0253C0442008E
88958 +:109040008F8D00B803045825AE2B00048DA900387D
88959 +:109050008F8B00AC0000882100118100AD690018E1
88960 +:109060008DAF00343C087FFF3504FFFFAD6F001C5F
88961 +:1090700091AC003E8D65001C8D660018000C190037
88962 +:10908000000C770200A33821020E102500E3F82B14
88963 +:1090900000C2C821033F5021AD67001CAD6A001813
88964 +:1090A000AD60000CAD60001091B8003E24050005D5
88965 +:1090B00003C45024A578001495A9000403C02021FE
88966 +:1090C000A569001691AF003EA56F002095B1000480
88967 +:1090D000A5710022AD60002491AE003FA56E000294
88968 +:1090E00091B0003E91AC003D01901023244300015B
88969 +:1090F000A16300018F8600AC8F9F00BCACDE00082E
88970 +:10910000A3E500008F9000BC8F9900B82405FFBF35
88971 +:1091100096070002973800120247782433093FFF70
88972 +:1091200001E98825A6110002921200022418FFDF2F
88973 +:10913000324E003F35CD0040A20D00028F8600BCAC
88974 +:109140008F8C00D02412FFFFACC000048D8B007CFC
88975 +:109150003C0C8000ACCB000890C2000D3043007F77
88976 +:10916000A0C3000D8F8700BC90FF000D03E5C8244D
88977 +:10917000A0F9000D8F9100BC9229000D01387824D0
88978 +:10918000A22F000D8F9000BCAE120010AE1500147F
88979 +:10919000920E00182415FF8002AE6825A20D00185B
88980 +:1091A0008F8500BC8F8300B88CAB0018016C102435
88981 +:1091B000004A3025ACA600189068003EA0A8001C0C
88982 +:1091C0008F9F00B88F8700BC8F9800D097F900045C
88983 +:1091D000A4F9001E0E0002138F0500848F8600D0B4
88984 +:1091E000000279400002490090D200BC01E98821C8
88985 +:1091F000004028213255000212A0000303D1202193
88986 +:109200000002A8800095202190CD00BC31B200045E
88987 +:109210001240000333DF0003000540800088202156
88988 +:10922000240600048F9E00BC00DFC8233327000300
88989 +:1092300000875021AFCA00040E000CF6A665003866
88990 +:109240000A0010388F9000D0961E00123C080800CB
88991 +:109250008D080024011E9021A61200120A00105948
88992 +:109260008FB3001027BDFFE03C1808008F18005096
88993 +:10927000AFB00010AFBF0018AFB10014AF8400B0A2
88994 +:1092800093710074030478212410FF8031EE007F75
88995 +:109290003225007F01F0582401DA68213C0C000AD5
88996 +:1092A000A38500C401AC2821AF4B002494A9001071
88997 +:1092B0009768000690A600620080382124020030E2
88998 +:1092C0000109202330C300F0AF8500D010620019DF
88999 +:1092D0003090FFFF90AE0062240DFFF0240A005092
89000 +:1092E00001AE6024318B00FF116A002F00000000E6
89001 +:1092F00016000007241F0C00AF5F00248FB100147C
89002 +:109300008FBF00188FB0001003E0000827BD0020B9
89003 +:109310000E000E1C02002021241F0C00AF5F002451
89004 +:109320008FB100148FBF00188FB0001003E0000849
89005 +:1093300027BD002094A200E094A400E290BF011396
89006 +:10934000008218263079FFFF33E700C014E00009DF
89007 +:109350002F31000116000038000000005620FFE603
89008 +:10936000241F0C000E000D18000000000A0011ED73
89009 +:10937000241F0C001620FFDE000000000E000D1858
89010 +:10938000000000001440FFDC241F0C001600002227
89011 +:109390008F8300D0906901133122003FA062011336
89012 +:1093A0000A0011ED241F0C0094AF00D48F8600D466
89013 +:1093B00000E02821240400050E000C5C31F0FFFFC2
89014 +:1093C0001440000524030003979100E600001821D3
89015 +:1093D0002625FFFFA78500E68F5801B80700FFFE8E
89016 +:1093E0003C196013AF400180241F0C00AF50018472
89017 +:1093F000007938253C101000AF4701888FB1001468
89018 +:10940000AF5001B8AF5F00248FB000108FBF0018BD
89019 +:1094100003E0000827BD00200E000E1C02002021E2
89020 +:109420005040FFB5241F0C008F8300D090690113BA
89021 +:109430000A0012163122003F0E000E1C02002021ED
89022 +:109440001440FFAD241F0C00122000078F8300D0B2
89023 +:10945000906801133106003F34C20040A06201133E
89024 +:109460000A0011ED241F0C000E000D180000000072
89025 +:109470005040FFA1241F0C008F8300D0906801137F
89026 +:109480003106003F0A00124634C20040AF9B00C8BC
89027 +:1094900003E00008AF8000EC3089FFFF0009404284
89028 +:1094A0002D020041000921801440000200095040B3
89029 +:1094B00024080040000830C0000811400046582130
89030 +:1094C000256701A800E2C821272F007F2418FF800C
89031 +:1094D00001F818240064302100CA702125CC00FF57
89032 +:1094E000240DFF00018D202425650088240A0088B2
89033 +:1094F0003C010800AC2A004C3C010800AC2500509F
89034 +:10950000AF8400D43C010800AC2900603C01080095
89035 +:10951000AC2800643C010800AC2700543C01080062
89036 +:10952000AC2300583C010800AC26005C03E00008B6
89037 +:1095300000000000308300FF30C6FFFF30E400FF72
89038 +:109540008F4201B80440FFFE00034C00012438257F
89039 +:109550003C08600000E820253C031000AF45018076
89040 +:10956000AF460184AF44018803E00008AF4301B86F
89041 +:109570008F86001C3C096012352700108CCB00043C
89042 +:109580003C0C600E35850010316A00062D48000144
89043 +:10959000ACE800C48CC40004ACA431808CC20008C8
89044 +:1095A00094C30002ACA2318403E00008A78300E466
89045 +:1095B0003C0308008C6300508F8400E88F86001CF9
89046 +:1095C0002402FF800064C0210302C824AF59002890
89047 +:1095D0008CCD00043305007F00BA78213C0E000CCE
89048 +:1095E00001EE2821ACAD00588CC80008AF8500D032
89049 +:1095F0003C076012ACA8005C8CCC001034E8001072
89050 +:10960000ACAC000C8CCB000CACAB000894AA0014E2
89051 +:109610003C0208008C42004425490001A4A9001422
89052 +:1096200094A400143083FFFF106200178F8400D0D1
89053 +:109630003C0A08008D4A0040A4AA00128CCE0018F3
89054 +:10964000AC8E00248CCD0014AC8D00208CC700188B
89055 +:10965000AC87002C8CCC001424060001AC8C0028B4
89056 +:109660008D0B00BC5166001A8D0200B48D0200B84B
89057 +:10967000A482003A948F003AA48F003C948800D4CE
89058 +:1096800003E000083102FFFF3C0908008D29002497
89059 +:10969000A4A000148F8400D0A4A900128CCE0018BE
89060 +:1096A000AC8E00248CCD0014AC8D00208CC700182B
89061 +:1096B000AC87002C8CCC001424060001AC8C002854
89062 +:1096C0008D0B00BC5566FFEA8D0200B88D0200B418
89063 +:1096D000A482003A948F003AA48F003C948800D46E
89064 +:1096E00003E000083102FFFF8F86001C3C0C0800DD
89065 +:1096F0008D8C0050240BFF808CCD00083C03000CA7
89066 +:10970000000D51C0018A4021010B4824AF8A00E8B6
89067 +:10971000AF49002890C700073105007F00BA10212B
89068 +:109720000043282130E4000410800039AF8500D0C8
89069 +:1097300090CF000731EE000811C000380000000093
89070 +:109740008CD9000C8CC400140324C02B13000030EF
89071 +:10975000000000008CC2000CACA200648CCD00188C
89072 +:109760002402FFF8ACAD00688CCC0010ACAC0080DB
89073 +:109770008CCB000CACAB00848CCA001CACAA007C67
89074 +:1097800090A900BC01224024A0A800BC90C30007FF
89075 +:109790003067000810E000048F8500D090AF00BC57
89076 +:1097A00035EE0001A0AE00BC90D9000733380001AF
89077 +:1097B000130000088F8300D08F8700D0240400346A
89078 +:1097C00090E800BC35030002A0E300BC8F8300D00A
89079 +:1097D000AC6400C090C900073126000210C000052B
89080 +:1097E00000000000906A00BC35420004A06200BC8A
89081 +:1097F0008F8300D09065011330AD003FA06D011341
89082 +:109800008F8C00D0958B00D403E000083162FFFFFD
89083 +:109810008CC200140A001305000000000A001306A1
89084 +:10982000ACA0006427BDFFD8AFB000108F90001C23
89085 +:10983000AFBF0024AFB40020AFB20018AFB1001426
89086 +:10984000AFB3001C9613000E3C07600A3C14600680
89087 +:109850003264FFFF369300100E00125534F40410EA
89088 +:109860008F8400D43C11600E0E00099B363100102D
89089 +:10987000920E00153C0708008CE700603C12601255
89090 +:1098800031CD000FA38D00F08E0E00048E0D000868
89091 +:1098900096080012961F00109619001A9618001EBE
89092 +:1098A000960F001C310CFFFF33EBFFFF332AFFFF45
89093 +:1098B0003309FFFF31E6FFFF3C010800AC2B0040FD
89094 +:1098C0003C010800AC2C00243C010800AC2A0044F8
89095 +:1098D000AE293178AE26317C92020015960300162F
89096 +:1098E00036520010304400FF3065FFFF3C06080090
89097 +:1098F0008CC60064AE243188AE4500B492080014D2
89098 +:1099000096190018241F0001011FC004332FFFFF08
89099 +:109910003C0508008CA50058AE5800B8AE4F00BCFE
89100 +:10992000920C0014AF8E00D8AF8D00DC318B00FF9D
89101 +:10993000AE4B00C0920A0015AE670048AE66004C00
89102 +:10994000314900FFAE4900C8AE65007C3C03080009
89103 +:109950008C6300503C0408008C84004C3C080800D8
89104 +:109960008D0800543C0208008C42005C8FBF00242C
89105 +:10997000AE6300808FB00010AE8300748FB3001C04
89106 +:10998000AE22319CAE4200DCAE2731A0AE2631A41F
89107 +:10999000AE24318CAE233190AE283194AE2531986F
89108 +:1099A000AE870050AE860054AE8500708FB10014B3
89109 +:1099B000AE4700E0AE4600E4AE4400CCAE4300D07B
89110 +:1099C000AE4800D4AE4500D88FB400208FB2001846
89111 +:1099D00003E0000827BD002827BDFFE0AFB1001459
89112 +:1099E000AFBF0018241100010E000845AFB00010F1
89113 +:1099F00010510005978400E6978300CC0083102B5C
89114 +:109A0000144000088F8500D4240700028FBF00187F
89115 +:109A10008FB100148FB0001000E0102103E00008A7
89116 +:109A200027BD00200E000C7A24040005AF8200E858
89117 +:109A30001040FFF6240700020E0008498F90001C1A
89118 +:109A4000979F00E68F9900E88F8D00C827EF0001EF
89119 +:109A5000240E0050AF590020A78F00E6A1AE0000F1
89120 +:109A60003C0C08008D8C00648F8600C8240A80009E
89121 +:109A7000000C5E00ACCB0074A4C0000694C9000AC0
89122 +:109A8000241FFF803C0D000C012AC024A4D8000A2A
89123 +:109A900090C8000A24182000011F1825A0C3000A3E
89124 +:109AA0008F8700C8A0E000788F8500C800003821AB
89125 +:109AB000A0A000833C0208008C4200508F8400E884
89126 +:109AC0000044782101FFC824AF590028960B0002FA
89127 +:109AD00031EE007F01DA6021018D3021A4CB00D46A
89128 +:109AE000960A0002AF8600D03C0E000425492401EE
89129 +:109AF000A4C900E68E080004ACC800048E03000868
89130 +:109B0000ACC30000A4C00010A4C00014A0C000D0CA
89131 +:109B10008F8500D02403FFBFA0A000D13C04080023
89132 +:109B20008C8400648F8200D0A04400D28E1F000C71
89133 +:109B30008F8A00D0978F00E4AD5F001C8E19001053
89134 +:109B400024100030AD590018A5400030A551005434
89135 +:109B5000A5510056A54F0016AD4E0068AD580080C7
89136 +:109B6000AD580084914D006231AC000F358B001070
89137 +:109B7000A14B00628F8600D090C900633128007F1E
89138 +:109B8000A0C800638F8400D02406FFFF9085006387
89139 +:109B900000A31024A08200638F9100D000E0102168
89140 +:109BA000923F00BC37F90001A23900BC8F8A00D077
89141 +:109BB000938F00F0AD580064AD5000C0914E00D3BB
89142 +:109BC000000F690031CC000F018D5825A14B00D347
89143 +:109BD0008F8500D08F8900DCACA900E88F8800D881
89144 +:109BE0008FBF00188FB100148FB0001027BD002068
89145 +:109BF000ACA800ECA4A600D6A4A000E0A4A000E2BB
89146 +:109C000003E000080000000027BDFFE0AFB0001037
89147 +:109C10008F90001CAFB10014AFBF00188E19000464
89148 +:109C20003C1808008F180050240FFF80001989C0CD
89149 +:109C30000238702131CD007F01CF602401BA50215C
89150 +:109C40003C0B000CAF4C0028014B4021950900D47F
89151 +:109C5000950400D68E0700043131FFFFAF8800D095
89152 +:109C60000E000913000721C08E0600048F8300C870
89153 +:109C7000000629C0AF4500209064003E30820040BD
89154 +:109C8000144000068F8400D0341FFFFF948300D659
89155 +:109C90003062FFFF145F000400000000948400D6CF
89156 +:109CA0000E0008A83084FFFF8E050004022030213A
89157 +:109CB0008FBF00188FB100148FB000102404002251
89158 +:109CC00000003821000529C00A00127C27BD0020B1
89159 +:109CD00027BDFFE0AFB100143091FFFFAFB000101F
89160 +:109CE000AFBF00181220001D000080218F86001CCD
89161 +:109CF0008CC500002403000600053F020005140285
89162 +:109D000030E4000714830015304500FF2CA800063E
89163 +:109D10001100004D000558803C0C0800258C57D4DC
89164 +:109D2000016C50218D490000012000080000000056
89165 +:109D30008F8E00EC240D000111CD005900000000B1
89166 +:109D4000260B00013170FFFF24CA00200211202BD6
89167 +:109D5000014030211480FFE6AF8A001C0200102170
89168 +:109D60008FBF00188FB100148FB0001003E00008FF
89169 +:109D700027BD0020938700CE14E00038240400148F
89170 +:109D80000E001338000000008F86001C2402000122
89171 +:109D90000A00147FAF8200EC8F8900EC24080002D7
89172 +:109DA0001128003B2404001300002821000030216A
89173 +:109DB000240700010E00127C000000000A00147F3E
89174 +:109DC0008F86001C8F8700EC2405000214E5FFF647
89175 +:109DD000240400120E0012E9000000008F8500E844
89176 +:109DE00000403021240400120E00127C00003821B3
89177 +:109DF0000A00147F8F86001C8F8300EC241F000351
89178 +:109E0000147FFFD0260B00010E00129B0000000003
89179 +:109E10008F8500E800403021240200022404001055
89180 +:109E200000003821AF8200EC0E00127C0000000020
89181 +:109E30000A00147F8F86001C8F8F00EC240600021E
89182 +:109E400011E6000B0000000024040010000028218F
89183 +:109E5000000030210A00149C240700010000282182
89184 +:109E60000E00127C000030210A00147F8F86001C37
89185 +:109E70000E0013A500000000144000128F99001C72
89186 +:109E80008F86001C240200030A00147FAF8200ECBE
89187 +:109E90000E001431000000000A00147F8F86001CA1
89188 +:109EA0000E00128B000000002402000224040014A3
89189 +:109EB0000000282100003021000038210A0014B9D8
89190 +:109EC000AF8200EC004038212404001097380002D3
89191 +:109ED000000028210E00127C3306FFFF0A00147FC9
89192 +:109EE0008F86001C8F8400C83C077FFF34E6FFFF8D
89193 +:109EF0008C8500742402000100A61824AC83007431
89194 +:109F000003E00008A082000510A000362CA200800B
89195 +:109F1000274A04003C0B000524090080104000077C
89196 +:109F20002408008030A6000F00C540212D030081C9
89197 +:109F30001460000200A0482124080080AF4B0030CC
89198 +:109F400000000000000000000000000011000009F7
89199 +:109F500000003821014030218C8D000024E70004EE
89200 +:109F600000E8602BACCD0000248400041580FFFACB
89201 +:109F700024C60004000000000000000000000000F3
89202 +:109F80003C0E0006010E3825AF47003000000000EF
89203 +:109F900000000000000000008F4F000031E80010BA
89204 +:109FA0001100FFFD000000008F42003C8F43003C89
89205 +:109FB0000049C8210323C02B130000040000000047
89206 +:109FC0008F4C003825860001AF4600388F47003C93
89207 +:109FD00000A9282300E96821AF4D003C14A0FFCE62
89208 +:109FE0002CA2008003E000080000000027BDFFD085
89209 +:109FF0003C020002AFB100143C11000CAF45003828
89210 +:10A00000AFB3001CAF46003C00809821AF42003047
89211 +:10A0100024050088AF44002803512021AFBF002849
89212 +:10A02000AFB50024AFB40020AFB200180E0014F199
89213 +:10A03000AFB000103C1F08008FFF004C3C18080018
89214 +:10A040008F1800642410FF8003F3A82132B9007F29
89215 +:10A0500002B078240018A0C0033A70210018914083
89216 +:10A0600001D12021AF4F00280E0014F10254282105
89217 +:10A070003C0D08008DAD00502405012001B358218E
89218 +:10A08000316C007F01705024019A48210131202158
89219 +:10A090000E0014F1AF4A00283C0808008D08005457
89220 +:10A0A0003C0508008CA500640113382130E6007FD0
89221 +:10A0B00000F0182400DA202100912021AF4300286D
89222 +:10A0C0000E0014F1000529403C0208008C420058A3
89223 +:10A0D0003C1008008E1000601200001C0053882104
89224 +:10A0E0002415FF800A0015743C14000C3226007FF2
89225 +:10A0F0000235182400DA202102402821AF4300282D
89226 +:10A10000009420210E0014F12610FFC01200000F51
89227 +:10A11000023288212E05004110A0FFF42412100005
89228 +:10A120003226007F001091800235182400DA2021A9
89229 +:10A1300002402821AF430028009420210E0014F192
89230 +:10A14000000080211600FFF3023288213C0B08003A
89231 +:10A150008D6B005C240AFF802405000201734021FE
89232 +:10A16000010A4824AF4900283C0408009484006296
89233 +:10A170003110007F021A88213C07000C0E000CAA47
89234 +:10A180000227982100402821026020218FBF00284B
89235 +:10A190008FB500248FB400208FB3001C8FB200183D
89236 +:10A1A0008FB100148FB000100A0014F127BD0030E9
89237 +:10A1B0008F83001C8C62000410400003000000002C
89238 +:10A1C00003E00008000000008C6400108C650008AB
89239 +:10A1D0000A00152A8C66000C000000000000001B1D
89240 +:10A1E0000000000F0000000A000000080000000648
89241 +:10A1F000000000050000000500000004000000044D
89242 +:10A200000000000300000003000000030000000342
89243 +:10A210000000000300000002000000020000000235
89244 +:10A220000000000200000002000000020000000226
89245 +:10A230000000000200000002000000020000000216
89246 +:10A240000000000200000002000000020000000206
89247 +:10A2500000000001000000010000000108000F24C0
89248 +:10A2600008000D6C08000FB80800106008000F4CC3
89249 +:10A2700008000F8C0800119408000D88080011B820
89250 +:10A2800008000DD8080015540800151C08000D889A
89251 +:10A2900008000D8808000D880800124008001240D0
89252 +:10A2A00008000D8808000D88080014E008000D88DB
89253 +:10A2B00008000D8808000D8808000D88080013B4F8
89254 +:10A2C00008000D8808000D8808000D8808000D881A
89255 +:10A2D00008000D8808000D8808000D8808000D880A
89256 +:10A2E00008000D8808000D8808000D8808000D88FA
89257 +:10A2F00008000D8808000D8808000FAC08000D88C4
89258 +:10A3000008000D880800167808000D8808000D88E0
89259 +:10A3100008000D8808000D8808000D8808000D88C9
89260 +:10A3200008000D8808000D8808000D8808000D88B9
89261 +:10A3300008000D8808000D8808000D8808000D88A9
89262 +:10A3400008000D8808000D8808000D88080014100A
89263 +:10A3500008000D8808000D8808001334080012A4B6
89264 +:10A3600008001E2C08001EFC08001F1408001F28EF
89265 +:10A3700008001F3808001E2C08001E2C08001E2C88
89266 +:10A3800008001ED808002E1408002E1C08002DE41A
89267 +:10A3900008002DF008002DFC08002E08080052F4DB
89268 +:10A3A000080052B40800528008005254080052308D
89269 +:10A3B000080051EC0A000C840000000000000000BE
89270 +:10A3C0000000000D727870362E322E33000000002F
89271 +:10A3D000060203030000000000000001000000006E
89272 +:10A3E000000000000000000000000000000000006D
89273 +:10A3F000000000000000000000000000000000005D
89274 +:10A40000000000000000000000000000000000004C
89275 +:10A41000000000000000000000000000000000003C
89276 +:10A42000000000000000000000000000000000002C
89277 +:10A43000000000000000000000000000000000001C
89278 +:10A44000000000000000000000000000000000000C
89279 +:10A4500000000000000000000000000000000000FC
89280 +:10A4600000000000000000000000000000000000EC
89281 +:10A4700000000000000000000000000000000000DC
89282 +:10A4800000000000000000000000000000000000CC
89283 +:10A4900000000000000000000000000000000000BC
89284 +:10A4A00000000000000000000000000000000000AC
89285 +:10A4B000000000000000000000000000000000009C
89286 +:10A4C000000000000000000000000000000000008C
89287 +:10A4D000000000000000000000000000000000007C
89288 +:10A4E000000000000000000000000000000000006C
89289 +:10A4F000000000000000000000000000000000005C
89290 +:10A50000000000000000000000000000000000004B
89291 +:10A51000000000000000000000000000000000003B
89292 +:10A52000000000000000000000000000000000002B
89293 +:10A53000000000000000000000000000000000001B
89294 +:10A54000000000000000000000000000000000000B
89295 +:10A5500000000000000000000000000000000000FB
89296 +:10A5600000000000000000000000000000000000EB
89297 +:10A5700000000000000000000000000000000000DB
89298 +:10A5800000000000000000000000000000000000CB
89299 +:10A5900000000000000000000000000000000000BB
89300 +:10A5A00000000000000000000000000000000000AB
89301 +:10A5B000000000000000000000000000000000009B
89302 +:10A5C000000000000000000000000000000000008B
89303 +:10A5D000000000000000000000000000000000007B
89304 +:10A5E000000000000000000000000000000000006B
89305 +:10A5F000000000000000000000000000000000005B
89306 +:10A60000000000000000000000000000000000004A
89307 +:10A61000000000000000000000000000000000003A
89308 +:10A62000000000000000000000000000000000002A
89309 +:10A63000000000000000000000000000000000001A
89310 +:10A64000000000000000000000000000000000000A
89311 +:10A6500000000000000000000000000000000000FA
89312 +:10A6600000000000000000000000000000000000EA
89313 +:10A6700000000000000000000000000000000000DA
89314 +:10A6800000000000000000000000000000000000CA
89315 +:10A6900000000000000000000000000000000000BA
89316 +:10A6A00000000000000000000000000000000000AA
89317 +:10A6B000000000000000000000000000000000009A
89318 +:10A6C000000000000000000000000000000000008A
89319 +:10A6D000000000000000000000000000000000007A
89320 +:10A6E000000000000000000000000000000000006A
89321 +:10A6F000000000000000000000000000000000005A
89322 +:10A700000000000000000000000000000000000049
89323 +:10A710000000000000000000000000000000000039
89324 +:10A720000000000000000000000000000000000029
89325 +:10A730000000000000000000000000000000000019
89326 +:10A740000000000000000000000000000000000009
89327 +:10A7500000000000000000000000000000000000F9
89328 +:10A7600000000000000000000000000000000000E9
89329 +:10A7700000000000000000000000000000000000D9
89330 +:10A7800000000000000000000000000000000000C9
89331 +:10A7900000000000000000000000000000000000B9
89332 +:10A7A00000000000000000000000000000000000A9
89333 +:10A7B0000000000000000000000000000000000099
89334 +:10A7C0000000000000000000000000000000000089
89335 +:10A7D0000000000000000000000000000000000079
89336 +:10A7E0000000000000000000000000000000000069
89337 +:10A7F0000000000000000000000000000000000059
89338 +:10A800000000000000000000000000000000000048
89339 +:10A810000000000000000000000000000000000038
89340 +:10A820000000000000000000000000000000000028
89341 +:10A830000000000000000000000000000000000018
89342 +:10A840000000000000000000000000000000000008
89343 +:10A8500000000000000000000000000000000000F8
89344 +:10A8600000000000000000000000000000000000E8
89345 +:10A8700000000000000000000000000000000000D8
89346 +:10A8800000000000000000000000000000000000C8
89347 +:10A8900000000000000000000000000000000000B8
89348 +:10A8A00000000000000000000000000000000000A8
89349 +:10A8B0000000000000000000000000000000000098
89350 +:10A8C0000000000000000000000000000000000088
89351 +:10A8D0000000000000000000000000000000000078
89352 +:10A8E0000000000000000000000000000000000068
89353 +:10A8F0000000000000000000000000000000000058
89354 +:10A900000000000000000000000000000000000047
89355 +:10A910000000000000000000000000000000000037
89356 +:10A920000000000000000000000000000000000027
89357 +:10A930000000000000000000000000000000000017
89358 +:10A940000000000000000000000000000000000007
89359 +:10A9500000000000000000000000000000000000F7
89360 +:10A9600000000000000000000000000000000000E7
89361 +:10A9700000000000000000000000000000000000D7
89362 +:10A9800000000000000000000000000000000000C7
89363 +:10A9900000000000000000000000000000000000B7
89364 +:10A9A00000000000000000000000000000000000A7
89365 +:10A9B0000000000000000000000000000000000097
89366 +:10A9C0000000000000000000000000000000000087
89367 +:10A9D0000000000000000000000000000000000077
89368 +:10A9E0000000000000000000000000000000000067
89369 +:10A9F0000000000000000000000000000000000057
89370 +:10AA00000000000000000000000000000000000046
89371 +:10AA10000000000000000000000000000000000036
89372 +:10AA20000000000000000000000000000000000026
89373 +:10AA30000000000000000000000000000000000016
89374 +:10AA40000000000000000000000000000000000006
89375 +:10AA500000000000000000000000000000000000F6
89376 +:10AA600000000000000000000000000000000000E6
89377 +:10AA700000000000000000000000000000000000D6
89378 +:10AA800000000000000000000000000000000000C6
89379 +:10AA900000000000000000000000000000000000B6
89380 +:10AAA00000000000000000000000000000000000A6
89381 +:10AAB0000000000000000000000000000000000096
89382 +:10AAC0000000000000000000000000000000000086
89383 +:10AAD0000000000000000000000000000000000076
89384 +:10AAE0000000000000000000000000000000000066
89385 +:10AAF0000000000000000000000000000000000056
89386 +:10AB00000000000000000000000000000000000045
89387 +:10AB10000000000000000000000000000000000035
89388 +:10AB20000000000000000000000000000000000025
89389 +:10AB30000000000000000000000000000000000015
89390 +:10AB40000000000000000000000000000000000005
89391 +:10AB500000000000000000000000000000000000F5
89392 +:10AB600000000000000000000000000000000000E5
89393 +:10AB700000000000000000000000000000000000D5
89394 +:10AB800000000000000000000000000000000000C5
89395 +:10AB900000000000000000000000000000000000B5
89396 +:10ABA00000000000000000000000000000000000A5
89397 +:10ABB0000000000000000000000000000000000095
89398 +:10ABC0000000000000000000000000000000000085
89399 +:10ABD0000000000000000000000000000000000075
89400 +:10ABE0000000000000000000000000000000000065
89401 +:10ABF0000000000000000000000000000000000055
89402 +:10AC00000000000000000000000000000000000044
89403 +:10AC10000000000000000000000000000000000034
89404 +:10AC20000000000000000000000000000000000024
89405 +:10AC30000000000000000000000000000000000014
89406 +:10AC40000000000000000000000000000000000004
89407 +:10AC500000000000000000000000000000000000F4
89408 +:10AC600000000000000000000000000000000000E4
89409 +:10AC700000000000000000000000000000000000D4
89410 +:10AC800000000000000000000000000000000000C4
89411 +:10AC900000000000000000000000000000000000B4
89412 +:10ACA00000000000000000000000000000000000A4
89413 +:10ACB0000000000000000000000000000000000094
89414 +:10ACC0000000000000000000000000000000000084
89415 +:10ACD0000000000000000000000000000000000074
89416 +:10ACE0000000000000000000000000000000000064
89417 +:10ACF0000000000000000000000000000000000054
89418 +:10AD00000000000000000000000000000000000043
89419 +:10AD10000000000000000000000000000000000033
89420 +:10AD20000000000000000000000000000000000023
89421 +:10AD30000000000000000000000000000000000013
89422 +:10AD40000000000000000000000000000000000003
89423 +:10AD500000000000000000000000000000000000F3
89424 +:10AD600000000000000000000000000000000000E3
89425 +:10AD700000000000000000000000000000000000D3
89426 +:10AD800000000000000000000000000000000000C3
89427 +:10AD900000000000000000000000000000000000B3
89428 +:10ADA00000000000000000000000000000000000A3
89429 +:10ADB0000000000000000000000000000000000093
89430 +:10ADC0000000000000000000000000000000000083
89431 +:10ADD0000000000000000000000000000000000073
89432 +:10ADE0000000000000000000000000000000000063
89433 +:10ADF0000000000000000000000000000000000053
89434 +:10AE00000000000000000000000000000000000042
89435 +:10AE10000000000000000000000000000000000032
89436 +:10AE20000000000000000000000000000000000022
89437 +:10AE30000000000000000000000000000000000012
89438 +:10AE40000000000000000000000000000000000002
89439 +:10AE500000000000000000000000000000000000F2
89440 +:10AE600000000000000000000000000000000000E2
89441 +:10AE700000000000000000000000000000000000D2
89442 +:10AE800000000000000000000000000000000000C2
89443 +:10AE900000000000000000000000000000000000B2
89444 +:10AEA00000000000000000000000000000000000A2
89445 +:10AEB0000000000000000000000000000000000092
89446 +:10AEC0000000000000000000000000000000000082
89447 +:10AED0000000000000000000000000000000000072
89448 +:10AEE0000000000000000000000000000000000062
89449 +:10AEF0000000000000000000000000000000000052
89450 +:10AF00000000000000000000000000000000000041
89451 +:10AF10000000000000000000000000000000000031
89452 +:10AF20000000000000000000000000000000000021
89453 +:10AF30000000000000000000000000000000000011
89454 +:10AF40000000000000000000000000000000000001
89455 +:10AF500000000000000000000000000000000000F1
89456 +:10AF600000000000000000000000000000000000E1
89457 +:10AF700000000000000000000000000000000000D1
89458 +:10AF800000000000000000000000000000000000C1
89459 +:10AF900000000000000000000000000000000000B1
89460 +:10AFA00000000000000000000000000000000000A1
89461 +:10AFB0000000000000000000000000000000000091
89462 +:10AFC0000000000000000000000000000000000081
89463 +:10AFD0000000000000000000000000000000000071
89464 +:10AFE0000000000000000000000000000000000061
89465 +:10AFF0000000000000000000000000000000000051
89466 +:10B000000000000000000000000000000000000040
89467 +:10B010000000000000000000000000000000000030
89468 +:10B020000000000000000000000000000000000020
89469 +:10B030000000000000000000000000000000000010
89470 +:10B040000000000000000000000000000000000000
89471 +:10B0500000000000000000000000000000000000F0
89472 +:10B0600000000000000000000000000000000000E0
89473 +:10B0700000000000000000000000000000000000D0
89474 +:10B0800000000000000000000000000000000000C0
89475 +:10B0900000000000000000000000000000000000B0
89476 +:10B0A00000000000000000000000000000000000A0
89477 +:10B0B0000000000000000000000000000000000090
89478 +:10B0C0000000000000000000000000000000000080
89479 +:10B0D0000000000000000000000000000000000070
89480 +:10B0E0000000000000000000000000000000000060
89481 +:10B0F0000000000000000000000000000000000050
89482 +:10B10000000000000000000000000000000000003F
89483 +:10B11000000000000000000000000000000000002F
89484 +:10B12000000000000000000000000000000000001F
89485 +:10B13000000000000000000000000000000000000F
89486 +:10B1400000000000000000000000000000000000FF
89487 +:10B1500000000000000000000000000000000000EF
89488 +:10B1600000000000000000000000000000000000DF
89489 +:10B1700000000000000000000000000000000000CF
89490 +:10B1800000000000000000000000000000000000BF
89491 +:10B1900000000000000000000000000000000000AF
89492 +:10B1A000000000000000000000000000000000009F
89493 +:10B1B000000000000000000000000000000000008F
89494 +:10B1C000000000000000000000000000000000007F
89495 +:10B1D000000000000000000000000000000000006F
89496 +:10B1E000000000000000000000000000000000005F
89497 +:10B1F000000000000000000000000000000000004F
89498 +:10B20000000000000000000000000000000000003E
89499 +:10B21000000000000000000000000000000000002E
89500 +:10B22000000000000000000000000000000000001E
89501 +:10B23000000000000000000000000000000000000E
89502 +:10B2400000000000000000000000000000000000FE
89503 +:10B2500000000000000000000000000000000000EE
89504 +:10B2600000000000000000000000000000000000DE
89505 +:10B2700000000000000000000000000000000000CE
89506 +:10B2800000000000000000000000000000000000BE
89507 +:10B2900000000000000000000000000000000000AE
89508 +:10B2A000000000000000000000000000000000009E
89509 +:10B2B000000000000000000000000000000000008E
89510 +:10B2C000000000000000000000000000000000007E
89511 +:10B2D000000000000000000000000000000000006E
89512 +:10B2E000000000000000000000000000000000005E
89513 +:10B2F000000000000000000000000000000000004E
89514 +:10B30000000000000000000000000000000000003D
89515 +:10B31000000000000000000000000000000000002D
89516 +:10B32000000000000000000000000000000000001D
89517 +:10B33000000000000000000000000000000000000D
89518 +:10B3400000000000000000000000000000000000FD
89519 +:10B3500000000000000000000000000000000000ED
89520 +:10B3600000000000000000000000000000000000DD
89521 +:10B3700000000000000000000000000000000000CD
89522 +:10B3800000000000000000000000000000000000BD
89523 +:10B3900000000000000000000000000000000000AD
89524 +:10B3A000000000000000000000000000000000009D
89525 +:10B3B000000000000000000000000000000000008D
89526 +:10B3C000000000000000000000000000000000007D
89527 +:10B3D000000000000000000000000000000000006D
89528 +:10B3E000000000000000000000000000000000005D
89529 +:10B3F000000000000000000000000000000000004D
89530 +:10B40000000000000000000000000000000000003C
89531 +:10B41000000000000000000000000000000000002C
89532 +:10B42000000000000000000000000000000000001C
89533 +:10B43000000000000000000000000000000000000C
89534 +:10B4400000000000000000000000000000000000FC
89535 +:10B4500000000000000000000000000000000000EC
89536 +:10B4600000000000000000000000000000000000DC
89537 +:10B4700000000000000000000000000000000000CC
89538 +:10B4800000000000000000000000000000000000BC
89539 +:10B4900000000000000000000000000000000000AC
89540 +:10B4A000000000000000000000000000000000009C
89541 +:10B4B000000000000000000000000000000000008C
89542 +:10B4C000000000000000000000000000000000007C
89543 +:10B4D000000000000000000000000000000000006C
89544 +:10B4E000000000000000000000000000000000005C
89545 +:10B4F000000000000000000000000000000000004C
89546 +:10B50000000000000000000000000000000000003B
89547 +:10B51000000000000000000000000000000000002B
89548 +:10B52000000000000000000000000000000000001B
89549 +:10B53000000000000000000000000000000000000B
89550 +:10B5400000000000000000000000000000000000FB
89551 +:10B5500000000000000000000000000000000000EB
89552 +:10B5600000000000000000000000000000000000DB
89553 +:10B5700000000000000000000000000000000000CB
89554 +:10B5800000000000000000000000000000000000BB
89555 +:10B5900000000000000000000000000000000000AB
89556 +:10B5A000000000000000000000000000000000009B
89557 +:10B5B000000000000000000000000000000000008B
89558 +:10B5C000000000000000000000000000000000007B
89559 +:10B5D000000000000000000000000000000000006B
89560 +:10B5E000000000000000000000000000000000005B
89561 +:10B5F000000000000000000000000000000000004B
89562 +:10B60000000000000000000000000000000000003A
89563 +:10B61000000000000000000000000000000000002A
89564 +:10B62000000000000000000000000000000000001A
89565 +:10B63000000000000000000000000000000000000A
89566 +:10B6400000000000000000000000000000000000FA
89567 +:10B6500000000000000000000000000000000000EA
89568 +:10B6600000000000000000000000000000000000DA
89569 +:10B6700000000000000000000000000000000000CA
89570 +:10B6800000000000000000000000000000000000BA
89571 +:10B6900000000000000000000000000000000000AA
89572 +:10B6A000000000000000000000000000000000009A
89573 +:10B6B000000000000000000000000000000000008A
89574 +:10B6C000000000000000000000000000000000007A
89575 +:10B6D000000000000000000000000000000000006A
89576 +:10B6E000000000000000000000000000000000005A
89577 +:10B6F000000000000000000000000000000000004A
89578 +:10B700000000000000000000000000000000000039
89579 +:10B710000000000000000000000000000000000029
89580 +:10B720000000000000000000000000000000000019
89581 +:10B730000000000000000000000000000000000009
89582 +:10B7400000000000000000000000000000000000F9
89583 +:10B7500000000000000000000000000000000000E9
89584 +:10B7600000000000000000000000000000000000D9
89585 +:10B7700000000000000000000000000000000000C9
89586 +:10B7800000000000000000000000000000000000B9
89587 +:10B7900000000000000000000000000000000000A9
89588 +:10B7A0000000000000000000000000000000000099
89589 +:10B7B0000000000000000000000000000000000089
89590 +:10B7C0000000000000000000000000000000000079
89591 +:10B7D0000000000000000000000000000000000069
89592 +:10B7E0000000000000000000000000000000000059
89593 +:10B7F0000000000000000000000000000000000049
89594 +:10B800000000000000000000000000000000000038
89595 +:10B810000000000000000000000000000000000028
89596 +:10B820000000000000000000000000000000000018
89597 +:10B830000000000000000000000000000000000008
89598 +:10B8400000000000000000000000000000000000F8
89599 +:10B8500000000000000000000000000000000000E8
89600 +:10B8600000000000000000000000000000000000D8
89601 +:10B8700000000000000000000000000000000000C8
89602 +:10B8800000000000000000000000000000000000B8
89603 +:10B8900000000000000000000000000000000000A8
89604 +:10B8A0000000000000000000000000000000000098
89605 +:10B8B0000000000000000000000000000000000088
89606 +:10B8C0000000000000000000000000000000000078
89607 +:10B8D0000000000000000000000000000000000068
89608 +:10B8E0000000000000000000000000000000000058
89609 +:10B8F0000000000000000000000000000000000048
89610 +:10B900000000000000000000000000000000000037
89611 +:10B910000000000000000000000000000000000027
89612 +:10B920000000000000000000000000000000000017
89613 +:10B930000000000000000000000000000000000007
89614 +:10B9400000000000000000000000000000000000F7
89615 +:10B9500000000000000000000000000000000000E7
89616 +:10B9600000000000000000000000000000000000D7
89617 +:10B9700000000000000000000000000000000000C7
89618 +:10B9800000000000000000000000000000000000B7
89619 +:10B9900000000000000000000000000000000000A7
89620 +:10B9A0000000000000000000000000000000000097
89621 +:10B9B0000000000000000000000000000000000087
89622 +:10B9C0000000000000000000000000000000000077
89623 +:10B9D0000000000000000000000000000000000067
89624 +:10B9E0000000000000000000000000000000000057
89625 +:10B9F0000000000000000000000000000000000047
89626 +:10BA00000000000000000000000000000000000036
89627 +:10BA10000000000000000000000000000000000026
89628 +:10BA20000000000000000000000000000000000016
89629 +:10BA30000000000000000000000000000000000006
89630 +:10BA400000000000000000000000000000000000F6
89631 +:10BA500000000000000000000000000000000000E6
89632 +:10BA600000000000000000000000000000000000D6
89633 +:10BA700000000000000000000000000000000000C6
89634 +:10BA800000000000000000000000000000000000B6
89635 +:10BA900000000000000000000000000000000000A6
89636 +:10BAA0000000000000000000000000000000000096
89637 +:10BAB0000000000000000000000000000000000086
89638 +:10BAC0000000000000000000000000000000000076
89639 +:10BAD0000000000000000000000000000000000066
89640 +:10BAE0000000000000000000000000000000000056
89641 +:10BAF0000000000000000000000000000000000046
89642 +:10BB00000000000000000000000000000000000035
89643 +:10BB10000000000000000000000000000000000025
89644 +:10BB20000000000000000000000000000000000015
89645 +:10BB30000000000000000000000000000000000005
89646 +:10BB400000000000000000000000000000000000F5
89647 +:10BB500000000000000000000000000000000000E5
89648 +:10BB600000000000000000000000000000000000D5
89649 +:10BB700000000000000000000000000000000000C5
89650 +:10BB800000000000000000000000000000000000B5
89651 +:10BB900000000000000000000000000000000000A5
89652 +:10BBA0000000000000000000000000000000000095
89653 +:10BBB0000000000000000000000000000000000085
89654 +:10BBC0000000000000000000000000000000000075
89655 +:10BBD0000000000000000000000000000000000065
89656 +:10BBE0000000000000000000000000000000000055
89657 +:10BBF0000000000000000000000000000000000045
89658 +:10BC00000000000000000000000000000000000034
89659 +:10BC10000000000000000000000000000000000024
89660 +:10BC20000000000000000000000000000000000014
89661 +:10BC30000000000000000000000000000000000004
89662 +:10BC400000000000000000000000000000000000F4
89663 +:10BC500000000000000000000000000000000000E4
89664 +:10BC600000000000000000000000000000000000D4
89665 +:10BC700000000000000000000000000000000000C4
89666 +:10BC800000000000000000000000000000000000B4
89667 +:10BC900000000000000000000000000000000000A4
89668 +:10BCA0000000000000000000000000000000000094
89669 +:10BCB0000000000000000000000000000000000084
89670 +:10BCC0000000000000000000000000000000000074
89671 +:10BCD0000000000000000000000000000000000064
89672 +:10BCE0000000000000000000000000000000000054
89673 +:10BCF0000000000000000000000000000000000044
89674 +:10BD00000000000000000000000000000000000033
89675 +:10BD10000000000000000000000000000000000023
89676 +:10BD20000000000000000000000000000000000013
89677 +:10BD30000000000000000000000000000000000003
89678 +:10BD400000000000000000000000000000000000F3
89679 +:10BD500000000000000000000000000000000000E3
89680 +:10BD600000000000000000000000000000000000D3
89681 +:10BD700000000000000000000000000000000000C3
89682 +:10BD800000000000000000000000000000000000B3
89683 +:10BD900000000000000000000000000000000000A3
89684 +:10BDA0000000000000000000000000000000000093
89685 +:10BDB0000000000000000000000000000000000083
89686 +:10BDC0000000000000000000000000000000000073
89687 +:10BDD0000000000000000000000000000000000063
89688 +:10BDE0000000000000000000000000000000000053
89689 +:10BDF0000000000000000000000000000000000043
89690 +:10BE00000000000000000000000000000000000032
89691 +:10BE10000000000000000000000000000000000022
89692 +:10BE20000000000000000000000000000000000012
89693 +:10BE30000000000000000000000000000000000002
89694 +:10BE400000000000000000000000000000000000F2
89695 +:10BE500000000000000000000000000000000000E2
89696 +:10BE600000000000000000000000000000000000D2
89697 +:10BE700000000000000000000000000000000000C2
89698 +:10BE800000000000000000000000000000000000B2
89699 +:10BE900000000000000000000000000000000000A2
89700 +:10BEA0000000000000000000000000000000000092
89701 +:10BEB0000000000000000000000000000000000082
89702 +:10BEC0000000000000000000000000000000000072
89703 +:10BED0000000000000000000000000000000000062
89704 +:10BEE0000000000000000000000000000000000052
89705 +:10BEF0000000000000000000000000000000000042
89706 +:10BF00000000000000000000000000000000000031
89707 +:10BF10000000000000000000000000000000000021
89708 +:10BF20000000000000000000000000000000000011
89709 +:10BF30000000000000000000000000000000000001
89710 +:10BF400000000000000000000000000000000000F1
89711 +:10BF500000000000000000000000000000000000E1
89712 +:10BF600000000000000000000000000000000000D1
89713 +:10BF700000000000000000000000000000000000C1
89714 +:10BF800000000000000000000000000000000000B1
89715 +:10BF900000000000000000000000000000000000A1
89716 +:10BFA0000000000000000000000000000000000091
89717 +:10BFB0000000000000000000000000000000000081
89718 +:10BFC0000000000000000000000000000000000071
89719 +:10BFD0000000000000000000000000000000000061
89720 +:10BFE0000000000000000000000000000000000051
89721 +:10BFF0000000000000000000000000000000000041
89722 +:10C000000000000000000000000000000000000030
89723 +:10C010000000000000000000000000000000000020
89724 +:10C020000000000000000000000000000000000010
89725 +:10C030000000000000000000000000000000000000
89726 +:10C0400000000000000000000000000000000000F0
89727 +:10C0500000000000000000000000000000000000E0
89728 +:10C0600000000000000000000000000000000000D0
89729 +:10C0700000000000000000000000000000000000C0
89730 +:10C0800000000000000000000000000000000000B0
89731 +:10C0900000000000000000000000000000000000A0
89732 +:10C0A0000000000000000000000000000000000090
89733 +:10C0B0000000000000000000000000000000000080
89734 +:10C0C0000000000000000000000000000000000070
89735 +:10C0D0000000000000000000000000000000000060
89736 +:10C0E0000000000000000000000000000000000050
89737 +:10C0F0000000000000000000000000000000000040
89738 +:10C10000000000000000000000000000000000002F
89739 +:10C11000000000000000000000000000000000001F
89740 +:10C12000000000000000000000000000000000000F
89741 +:10C1300000000000000000000000000000000000FF
89742 +:10C1400000000000000000000000000000000000EF
89743 +:10C1500000000000000000000000000000000000DF
89744 +:10C1600000000000000000000000000000000000CF
89745 +:10C1700000000000000000000000000000000000BF
89746 +:10C1800000000000000000000000000000000000AF
89747 +:10C19000000000000000000000000000000000009F
89748 +:10C1A000000000000000000000000000000000008F
89749 +:10C1B000000000000000000000000000000000007F
89750 +:10C1C000000000000000000000000000000000006F
89751 +:10C1D000000000000000000000000000000000005F
89752 +:10C1E000000000000000000000000000000000004F
89753 +:10C1F000000000000000000000000000000000003F
89754 +:10C20000000000000000000000000000000000002E
89755 +:10C21000000000000000000000000000000000001E
89756 +:10C22000000000000000000000000000000000000E
89757 +:10C2300000000000000000000000000000000000FE
89758 +:10C2400000000000000000000000000000000000EE
89759 +:10C2500000000000000000000000000000000000DE
89760 +:10C2600000000000000000000000000000000000CE
89761 +:10C2700000000000000000000000000000000000BE
89762 +:10C2800000000000000000000000000000000000AE
89763 +:10C29000000000000000000000000000000000009E
89764 +:10C2A000000000000000000000000000000000008E
89765 +:10C2B000000000000000000000000000000000007E
89766 +:10C2C000000000000000000000000000000000006E
89767 +:10C2D000000000000000000000000000000000005E
89768 +:10C2E000000000000000000000000000000000004E
89769 +:10C2F000000000000000000000000000000000003E
89770 +:10C30000000000000000000000000000000000002D
89771 +:10C31000000000000000000000000000000000001D
89772 +:10C32000000000000000000000000000000000000D
89773 +:10C3300000000000000000000000000000000000FD
89774 +:10C3400000000000000000000000000000000000ED
89775 +:10C3500000000000000000000000000000000000DD
89776 +:10C3600000000000000000000000000000000000CD
89777 +:10C3700000000000000000000000000000000000BD
89778 +:10C3800000000000000000000000000000000000AD
89779 +:10C39000000000000000000000000000000000009D
89780 +:10C3A000000000000000000000000000000000008D
89781 +:10C3B000000000000000000000000000000000007D
89782 +:10C3C000000000000000000000000000000000006D
89783 +:10C3D000000000000000000000000000000000005D
89784 +:10C3E000000000000000000000000000000000004D
89785 +:10C3F000000000000000000000000000000000003D
89786 +:10C40000000000000000000000000000000000002C
89787 +:10C41000000000000000000000000000000000001C
89788 +:10C42000000000000000000000000000000000000C
89789 +:10C4300000000000000000000000000000000000FC
89790 +:10C4400000000000000000000000000000000000EC
89791 +:10C4500000000000000000000000000000000000DC
89792 +:10C4600000000000000000000000000000000000CC
89793 +:10C4700000000000000000000000000000000000BC
89794 +:10C4800000000000000000000000000000000000AC
89795 +:10C49000000000000000000000000000000000009C
89796 +:10C4A000000000000000000000000000000000008C
89797 +:10C4B000000000000000000000000000000000007C
89798 +:10C4C000000000000000000000000000000000006C
89799 +:10C4D000000000000000000000000000000000005C
89800 +:10C4E000000000000000000000000000000000004C
89801 +:10C4F000000000000000000000000000000000003C
89802 +:10C50000000000000000000000000000000000002B
89803 +:10C51000000000000000000000000000000000001B
89804 +:10C52000000000000000000000000000000000000B
89805 +:10C5300000000000000000000000000000000000FB
89806 +:10C5400000000000000000000000000000000000EB
89807 +:10C5500000000000000000000000000000000000DB
89808 +:10C5600000000000000000000000000000000000CB
89809 +:10C5700000000000000000000000000000000000BB
89810 +:10C5800000000000000000000000000000000000AB
89811 +:10C59000000000000000000000000000000000009B
89812 +:10C5A000000000000000000000000000000000008B
89813 +:10C5B000000000000000000000000000000000007B
89814 +:10C5C000000000000000000000000000000000006B
89815 +:10C5D000000000000000000000000000000000005B
89816 +:10C5E000000000000000000000000000000000004B
89817 +:10C5F000000000000000000000000000000000003B
89818 +:10C60000000000000000000000000000000000002A
89819 +:10C61000000000000000000000000000000000001A
89820 +:10C62000000000000000000000000000000000000A
89821 +:10C6300000000000000000000000000000000000FA
89822 +:10C6400000000000000000000000000000000000EA
89823 +:10C6500000000000000000000000000000000000DA
89824 +:10C6600000000000000000000000000000000000CA
89825 +:10C6700000000000000000000000000000000000BA
89826 +:10C6800000000000000000000000000000000000AA
89827 +:10C69000000000000000000000000000000000009A
89828 +:10C6A000000000000000000000000000000000008A
89829 +:10C6B000000000000000000000000000000000007A
89830 +:10C6C000000000000000000000000000000000006A
89831 +:10C6D000000000000000000000000000000000005A
89832 +:10C6E000000000000000000000000000000000004A
89833 +:10C6F000000000000000000000000000000000003A
89834 +:10C700000000000000000000000000000000000029
89835 +:10C710000000000000000000000000000000000019
89836 +:10C720000000000000000000000000000000000009
89837 +:10C7300000000000000000000000000000000000F9
89838 +:10C7400000000000000000000000000000000000E9
89839 +:10C7500000000000000000000000000000000000D9
89840 +:10C7600000000000000000000000000000000000C9
89841 +:10C7700000000000000000000000000000000000B9
89842 +:10C7800000000000000000000000000000000000A9
89843 +:10C790000000000000000000000000000000000099
89844 +:10C7A0000000000000000000000000000000000089
89845 +:10C7B0000000000000000000000000000000000079
89846 +:10C7C0000000000000000000000000000000000069
89847 +:10C7D0000000000000000000000000000000000059
89848 +:10C7E0000000000000000000000000000000000049
89849 +:10C7F0000000000000000000000000000000000039
89850 +:10C800000000000000000000000000000000000028
89851 +:10C810000000000000000000000000000000000018
89852 +:10C820000000000000000000000000000000000008
89853 +:10C8300000000000000000000000000000000000F8
89854 +:10C8400000000000000000000000000000000000E8
89855 +:10C8500000000000000000000000000000000000D8
89856 +:10C8600000000000000000000000000000000000C8
89857 +:10C8700000000000000000000000000000000000B8
89858 +:10C8800000000000000000000000000000000000A8
89859 +:10C890000000000000000000000000000000000098
89860 +:10C8A0000000000000000000000000000000000088
89861 +:10C8B0000000000000000000000000000000000078
89862 +:10C8C0000000000000000000000000000000000068
89863 +:10C8D0000000000000000000000000000000000058
89864 +:10C8E0000000000000000000000000000000000048
89865 +:10C8F0000000000000000000000000000000000038
89866 +:10C900000000000000000000000000000000000027
89867 +:10C910000000000000000000000000000000000017
89868 +:10C920000000000000000000000000000000000007
89869 +:10C9300000000000000000000000000000000000F7
89870 +:10C9400000000000000000000000000000000000E7
89871 +:10C9500000000000000000000000000000000000D7
89872 +:10C9600000000000000000000000000000000000C7
89873 +:10C9700000000000000000000000000000000000B7
89874 +:10C9800000000000000000000000000000000000A7
89875 +:10C990000000000000000000000000000000000097
89876 +:10C9A0000000000000000000000000000000000087
89877 +:10C9B0000000000000000000000000000000000077
89878 +:10C9C0000000000000000000000000000000000067
89879 +:10C9D0000000000000000000000000000000000057
89880 +:10C9E0000000000000000000000000000000000047
89881 +:10C9F0000000000000000000000000000000000037
89882 +:10CA00000000000000000000000000000000000026
89883 +:10CA10000000000000000000000000000000000016
89884 +:10CA20000000000000000000000000000000000006
89885 +:10CA300000000000000000000000000000000000F6
89886 +:10CA400000000000000000000000000000000000E6
89887 +:10CA500000000000000000000000000000000000D6
89888 +:10CA600000000000000000000000000000000000C6
89889 +:10CA700000000000000000000000000000000000B6
89890 +:10CA800000000000000000000000000000000000A6
89891 +:10CA90000000000000000000000000000000000096
89892 +:10CAA0000000000000000000000000000000000086
89893 +:10CAB0000000000000000000000000000000000076
89894 +:10CAC0000000000000000000000000000000000066
89895 +:10CAD0000000000000000000000000000000000056
89896 +:10CAE0000000000000000000000000000000000046
89897 +:10CAF0000000000000000000000000000000000036
89898 +:10CB00000000000000000000000000000000000025
89899 +:10CB10000000000000000000000000000000000015
89900 +:10CB20000000000000000000000000000000000005
89901 +:10CB300000000000000000000000000000000000F5
89902 +:10CB400000000000000000000000000000000000E5
89903 +:10CB500000000000000000000000000000000000D5
89904 +:10CB600000000000000000000000000000000000C5
89905 +:10CB700000000000000000000000000000000000B5
89906 +:10CB800000000000000000000000000000000000A5
89907 +:10CB90000000000000000000000000000000000095
89908 +:10CBA0000000000000000000000000000000000085
89909 +:10CBB0000000000000000000000000000000000075
89910 +:10CBC0000000000000000000000000000000000065
89911 +:10CBD0000000000000000000000000000000000055
89912 +:10CBE0000000000000000000000000000000000045
89913 +:10CBF0000000000000000000000000000000000035
89914 +:10CC00000000000000000000000000000000000024
89915 +:10CC10000000000000000000000000000000000014
89916 +:10CC20000000000000000000000000000000000004
89917 +:10CC300000000000000000000000000000000000F4
89918 +:10CC400000000000000000000000000000000000E4
89919 +:10CC500000000000000000000000000000000000D4
89920 +:10CC600000000000000000000000000000000000C4
89921 +:10CC700000000000000000000000000000000000B4
89922 +:10CC800000000000000000000000000000000000A4
89923 +:10CC90000000000000000000000000000000000094
89924 +:10CCA0000000000000000000000000000000000084
89925 +:10CCB0000000000000000000000000000000000074
89926 +:10CCC0000000000000000000000000000000000064
89927 +:10CCD0000000000000000000000000000000000054
89928 +:10CCE0000000000000000000000000000000000044
89929 +:10CCF0000000000000000000000000000000000034
89930 +:10CD00000000000000000000000000000000000023
89931 +:10CD10000000000000000000000000000000000013
89932 +:10CD20000000000000000000000000000000000003
89933 +:10CD300000000000000000000000000000000000F3
89934 +:10CD400000000000000000000000000000000000E3
89935 +:10CD500000000000000000000000000000000000D3
89936 +:10CD600000000000000000000000000000000000C3
89937 +:10CD700000000000000000000000000000000000B3
89938 +:10CD800000000000000000000000000000000000A3
89939 +:10CD90000000000000000000000000000000000093
89940 +:10CDA0000000000000000000000000000000000083
89941 +:10CDB0000000000000000000000000000000000073
89942 +:10CDC0000000000000000000000000000000000063
89943 +:10CDD0000000000000000000000000000000000053
89944 +:10CDE0000000000000000000000000000000000043
89945 +:10CDF0000000000000000000000000000000000033
89946 +:10CE00000000000000000000000000000000000022
89947 +:10CE10000000000000000000000000000000000012
89948 +:10CE20000000000000000000000000000000000002
89949 +:10CE300000000000000000000000000000000000F2
89950 +:10CE400000000000000000000000000000000000E2
89951 +:10CE500000000000000000000000000000000000D2
89952 +:10CE600000000000000000000000000000000000C2
89953 +:10CE700000000000000000000000000000000000B2
89954 +:10CE800000000000000000000000000000000000A2
89955 +:10CE90000000000000000000000000000000000092
89956 +:10CEA0000000000000000000000000000000000082
89957 +:10CEB0000000000000000000000000000000000072
89958 +:10CEC0000000000000000000000000000000000062
89959 +:10CED0000000000000000000000000000000000052
89960 +:10CEE0000000000000000000000000000000000042
89961 +:10CEF0000000000000000000000000000000000032
89962 +:10CF00000000000000000000000000000000000021
89963 +:10CF10000000000000000000000000000000000011
89964 +:10CF20000000000000000000000000000000000001
89965 +:10CF300000000000000000000000000000000000F1
89966 +:10CF400000000000000000000000000000000000E1
89967 +:10CF500000000000000000000000000000000000D1
89968 +:10CF600000000000000000000000000000000000C1
89969 +:10CF700000000000000000000000000000000000B1
89970 +:10CF800000000000000000000000000000000000A1
89971 +:10CF90000000000000000000000000000000000091
89972 +:10CFA0000000000000000000000000000000000081
89973 +:10CFB0000000000000000000000000000000000071
89974 +:10CFC0000000000000000000000000000000000061
89975 +:10CFD0000000000000000000000000000000000051
89976 +:10CFE0000000000000000000000000000000000041
89977 +:10CFF0000000000000000000000000000000000031
89978 +:10D000000000000000000000000000000000000020
89979 +:10D010000000000000000000000000000000000010
89980 +:10D020000000000000000000000000000000000000
89981 +:10D0300000000000000000000000000000000000F0
89982 +:10D0400000000000000000000000000000000000E0
89983 +:10D0500000000000000000000000000000000000D0
89984 +:10D0600000000000000000000000000000000000C0
89985 +:10D0700000000000000000000000000000000000B0
89986 +:10D0800000000000000000000000000000000000A0
89987 +:10D090000000000000000000000000000000000090
89988 +:10D0A0000000000000000000000000000000000080
89989 +:10D0B0000000000000000000000000000000000070
89990 +:10D0C0000000000000000000000000000000000060
89991 +:10D0D0000000000000000000000000000000000050
89992 +:10D0E0000000000000000000000000000000000040
89993 +:10D0F0000000000000000000000000000000000030
89994 +:10D10000000000000000000000000000000000001F
89995 +:10D11000000000000000000000000000000000000F
89996 +:10D1200000000000000000000000000000000000FF
89997 +:10D1300000000000000000000000000000000000EF
89998 +:10D1400000000000000000000000000000000000DF
89999 +:10D1500000000000000000000000000000000000CF
90000 +:10D1600000000000000000000000000000000000BF
90001 +:10D1700000000000000000000000000000000000AF
90002 +:10D18000000000000000000000000000000000009F
90003 +:10D19000000000000000000000000000000000008F
90004 +:10D1A000000000000000000000000000000000007F
90005 +:10D1B000000000000000000000000000000000006F
90006 +:10D1C000000000000000000000000000000000005F
90007 +:10D1D000000000000000000000000000000000004F
90008 +:10D1E000000000000000000000000000000000003F
90009 +:10D1F000000000000000000000000000000000002F
90010 +:10D20000000000000000000000000000000000001E
90011 +:10D21000000000000000000000000000000000000E
90012 +:10D2200000000000000000000000000000000000FE
90013 +:10D2300000000000000000000000000000000000EE
90014 +:10D2400000000000000000000000000000000000DE
90015 +:10D2500000000000000000000000000000000000CE
90016 +:10D2600000000000000000000000000000000000BE
90017 +:10D2700000000000000000000000000000000000AE
90018 +:10D28000000000000000000000000000000000009E
90019 +:10D29000000000000000000000000000000000008E
90020 +:10D2A000000000000000000000000000000000007E
90021 +:10D2B000000000000000000000000000000000006E
90022 +:10D2C000000000000000000000000000000000005E
90023 +:10D2D000000000000000000000000000000000004E
90024 +:10D2E000000000000000000000000000000000003E
90025 +:10D2F000000000000000000000000000000000002E
90026 +:10D30000000000000000000000000000000000001D
90027 +:10D31000000000000000000000000000000000000D
90028 +:10D3200000000000000000000000000000000000FD
90029 +:10D3300000000000000000000000000000000000ED
90030 +:10D3400000000000000000000000000000000000DD
90031 +:10D3500000000000000000000000000000000000CD
90032 +:10D3600000000000000000000000000000000000BD
90033 +:10D3700000000000000000000000000000000000AD
90034 +:10D38000000000000000000000000000000000009D
90035 +:10D39000000000000000000000000000000000008D
90036 +:10D3A000000000000000000000000000000000007D
90037 +:10D3B000000000000000000000000000000000006D
90038 +:10D3C000000000000000000000000000000000005D
90039 +:10D3D000000000000000000000000000000000004D
90040 +:10D3E000000000000000000000000000000000003D
90041 +:10D3F000000000000000000000000000000000002D
90042 +:10D40000000000000000000000000000000000001C
90043 +:10D41000000000000000000000000000000000000C
90044 +:10D4200000000000000000000000000000000000FC
90045 +:10D4300000000000000000000000000000000000EC
90046 +:10D4400000000000000000000000000000000000DC
90047 +:10D4500000000000000000000000000000000000CC
90048 +:10D4600000000000000000000000000000000000BC
90049 +:10D4700000000000000000000000000000000000AC
90050 +:10D48000000000000000000000000000000000009C
90051 +:10D49000000000000000000000000000000000008C
90052 +:10D4A000000000000000000000000000000000007C
90053 +:10D4B000000000000000000000000000000000006C
90054 +:10D4C000000000000000000000000000000000005C
90055 +:10D4D000000000000000000000000000000000004C
90056 +:10D4E000000000000000000000000000000000003C
90057 +:10D4F000000000000000000000000000000000002C
90058 +:10D50000000000000000000000000000000000001B
90059 +:10D51000000000000000000000000000000000000B
90060 +:10D5200000000000000000000000000000000000FB
90061 +:10D5300000000000000000000000000000000000EB
90062 +:10D5400000000000000000000000000000000000DB
90063 +:10D5500000000000000000000000000000000000CB
90064 +:10D5600000000000000000000000000000000000BB
90065 +:10D5700000000000000000000000000000000000AB
90066 +:10D58000000000000000000000000000000000009B
90067 +:10D59000000000000000008000000000000000000B
90068 +:10D5A000000000000000000000000000000000007B
90069 +:10D5B00000000000000000000000000A0000000061
90070 +:10D5C0000000000000000000100000030000000048
90071 +:10D5D0000000000D0000000D3C02080024427340D2
90072 +:10D5E0003C030800246377CCAC4000000043202BB0
90073 +:10D5F0001480FFFD244200043C1D080037BD7FFC61
90074 +:10D6000003A0F0213C100800261032103C1C08003A
90075 +:10D61000279C73400E0010FE000000000000000D6B
90076 +:10D6200030A5FFFF30C600FF274301808F4201B8BD
90077 +:10D630000440FFFE24020002AC640000A465000860
90078 +:10D64000A066000AA062000B3C021000AC67001844
90079 +:10D6500003E00008AF4201B83C0360008C624FF861
90080 +:10D660000440FFFE3C020200AC644FC0AC624FC4F9
90081 +:10D670003C02100003E00008AC624FF89482000CFA
90082 +:10D680002486001400A0382100021302000210803A
90083 +:10D690000082402100C8102B1040005700000000FD
90084 +:10D6A00090C300002C6200095040005190C200015C
90085 +:10D6B000000310803C030800246372F00043102133
90086 +:10D6C0008C420000004000080000000090C30001F0
90087 +:10D6D0002402000A1462003A000000000106102330
90088 +:10D6E0002C42000A1440003624C600028CE20000DE
90089 +:10D6F00034420100ACE2000090C2000090C300017F
90090 +:10D7000090C4000290C5000300031C000002160034
90091 +:10D710000043102500042200004410250045102578
90092 +:10D7200024C60004ACE2000490C2000090C30001D3
90093 +:10D7300090C4000290C500030002160000031C0004
90094 +:10D740000043102500042200004410250045102548
90095 +:10D7500024C600040A000CB8ACE2000890C3000123
90096 +:10D76000240200041462001624C6000290C20000C5
90097 +:10D7700090C400018CE30000000212000044102558
90098 +:10D780003463000424C60002ACE2000C0A000CB8AA
90099 +:10D79000ACE3000090C300012402000314620008FF
90100 +:10D7A00024C600028CE2000090C3000024C60001E1
90101 +:10D7B00034420008A0E300100A000CB8ACE20000FC
90102 +:10D7C00003E000082402000190C3000124020002CB
90103 +:10D7D0001062000224C40002010020210A000CB8DB
90104 +:10D7E000008030210A000CB824C6000190C200015C
90105 +:10D7F0000A000CB800C2302103E00008000010212C
90106 +:10D8000027BDFFE8AFBF0014AFB000100E00130239
90107 +:10D8100000808021936200052403FFFE0200202186
90108 +:10D82000004310248FBF00148FB00010A3620005C6
90109 +:10D830000A00130B27BD001827BDFFE8AFB000108A
90110 +:10D84000AFBF00140E000F3C0080802193620000E7
90111 +:10D8500024030050304200FF14430004240201005E
90112 +:10D86000AF4201800A000D3002002021AF4001804C
90113 +:10D87000020020218FBF00148FB000100A000FE7B4
90114 +:10D8800027BD001827BDFF80AFBE0078AFB700747A
90115 +:10D89000AFB20060AFBF007CAFB60070AFB5006C38
90116 +:10D8A000AFB40068AFB30064AFB1005CAFB0005874
90117 +:10D8B0008F5001283C0208008C4231A02403FF80D5
90118 +:10D8C0009365003F0202102100431024AF42002460
90119 +:10D8D0003C0208008C4231A09364000530B200FF86
90120 +:10D8E000020210213042007F034218210004202749
90121 +:10D8F0003C02000A0062182130840001AF8300144A
90122 +:10D900000000F0210000B82114800053AFA00050A7
90123 +:10D9100093430116934401128F450104306300FFC5
90124 +:10D920003C020001308400FF00A2282403431021A0
90125 +:10D9300003441821245640002467400014A001CD60
90126 +:10D940002402000193620000304300FF2402002003
90127 +:10D950001062000524020050106200060000000062
90128 +:10D960000A000D74000000000000000D0A000D7D8B
90129 +:10D97000AFA000303C1E080027DE738C0A000D7D2E
90130 +:10D98000AFA000303C0208008C4200DC24420001C1
90131 +:10D990003C010800AC2200DC0E00139F00000000D8
90132 +:10D9A0000A000F318FBF007C8F4201043C0300202E
90133 +:10D9B00092D3000D004310240002202B00042140CC
90134 +:10D9C000AFA400308F4301043C02004000621824E1
90135 +:10D9D000146000023485004000802821326200205B
90136 +:10D9E000AFA500301440000234A6008000A0302112
90137 +:10D9F00010C0000BAFA6003093C500088F67004C25
90138 +:10DA00000200202100052B0034A5008130A5F08103
90139 +:10DA10000E000C9B30C600FF0A000F2E0000000015
90140 +:10DA20009362003E304200401040000F2402000488
90141 +:10DA300056420007240200120200202100E02821A3
90142 +:10DA40000E0013F702C030210A000F318FBF007C97
90143 +:10DA500016420005000000000E000D2100002021EC
90144 +:10DA60000A000F318FBF007C9743011A96C4000E45
90145 +:10DA700093620035326500043075FFFF00442004D6
90146 +:10DA8000AFA400548ED1000410A000158ED400085D
90147 +:10DA90009362003E3042004010400007000000004A
90148 +:10DAA0000E0013E0022020211040000D00000000B5
90149 +:10DAB0000A000F2E000000008F6200440222102393
90150 +:10DAC0000440016A000000008F6200480222102317
90151 +:10DAD00004410166240400160A000E218FC20004CE
90152 +:10DAE0008F6200480222102304400008000000005A
90153 +:10DAF0003C0208008C423100244200013C01080035
90154 +:10DB0000AC2231000A000F23000000008F620040A9
90155 +:10DB100002221023184000128F8400143C020800D7
90156 +:10DB20008C423100327300FC0000A8212442000125
90157 +:10DB30003C010800AC2231008F6300409482011C3C
90158 +:10DB4000022318233042FFFF0043102A50400010E8
90159 +:10DB50002402000C8F6200400A000DF20222102302
90160 +:10DB60009483011C9762003C0043102B1040000678
90161 +:10DB7000000000009482011C00551023A482011CA7
90162 +:10DB80000A000DF72402000CA480011C2402000CE2
90163 +:10DB9000AFA200308F620040005120231880000D9A
90164 +:10DBA00002A4102A1440012600000000149500066B
90165 +:10DBB00002A410233A620001304200011440012007
90166 +:10DBC0000000000002A41023022488210A000E098C
90167 +:10DBD0003055FFFF00002021326200021040001A81
90168 +:10DBE000326200109362003E30420040504000110B
90169 +:10DBF0008FC200040E00130202002021240200182C
90170 +:10DC0000A362003F936200052403FFFE020020216F
90171 +:10DC1000004310240E00130BA362000524040039F6
90172 +:10DC2000000028210E0013C9240600180A000F3036
90173 +:10DC300024020001240400170040F809000000003D
90174 +:10DC40000A000F302402000110400108000000000B
90175 +:10DC50008F63004C8F620054028210231C4001032A
90176 +:10DC600002831023044200010060A021AFA4001829
90177 +:10DC7000AFB10010AFB50014934201208F65004092
90178 +:10DC80009763003C304200FF034210210044102102
90179 +:10DC90008FA400543063FFFF244240000083182B00
90180 +:10DCA0008FA40030AFA20020AFA50028008320255C
90181 +:10DCB000AFA40030AFA50024AFA0002CAFB4003457
90182 +:10DCC0009362003E30420008504000118FC20000B5
90183 +:10DCD00002C0202127A500380E000CB2AFA00038EA
90184 +:10DCE0005440000B8FC200008FA200383042010068
90185 +:10DCF000504000078FC200008FA3003C8F6200607D
90186 +:10DD00000062102304430001AF6300608FC2000073
90187 +:10DD10000040F80927A400108FA200303042000212
90188 +:10DD200054400001327300FE9362003E30420040D6
90189 +:10DD3000104000378FA200248F6200541682001A10
90190 +:10DD40003262000124020014124200102A4200151F
90191 +:10DD500010400006240200162402000C12420007A4
90192 +:10DD6000326200010A000E7D000000001242000530
90193 +:10DD7000326200010A000E7D000000000A000E78E9
90194 +:10DD80002417000E0A000E78241700100A000E7CDB
90195 +:10DD900024170012936200232403FFBD00431024C4
90196 +:10DDA000A362002332620001104000198FA20024F8
90197 +:10DDB0002402000C1242000E2A42000D1040000600
90198 +:10DDC0002402000E2402000A124200078FA200243F
90199 +:10DDD0000A000E9524420001124200088FA200247E
90200 +:10DDE0000A000E95244200010A000E932417000831
90201 +:10DDF0002402000E16E20002241700162417001059
90202 +:10DE00008FA2002424420001AFA200248FA200248C
90203 +:10DE10008FA300148F76004000431021AF620040B2
90204 +:10DE20008F8200149442011C104000090000000081
90205 +:10DE30008F6200488F6400409763003C00441023C9
90206 +:10DE40003063FFFF0043102A104000088FA20054E7
90207 +:10DE5000936400368F6300403402FFFC008210049C
90208 +:10DE600000621821AF6300488FA200548FA60030D3
90209 +:10DE70000282902130C200081040000E0000000015
90210 +:10DE80008F6200581642000430C600FF9742011A04
90211 +:10DE90005040000134C6001093C500088FA700341D
90212 +:10DEA0000200202100052B0034A500800E000C9BF1
90213 +:10DEB00030A5F0808F620040005610231840001BF0
90214 +:10DEC0008FA200183C0208008C42319830420010AA
90215 +:10DED0001040000D24020001976200681440000AFF
90216 +:10DEE000240200018F8200149442011C1440000699
90217 +:10DEF00024020001A76200689742007A244200646D
90218 +:10DF00000A000EE9A7620012A76200120E001302B7
90219 +:10DF1000020020219362007D2403000102002021E1
90220 +:10DF2000344200010A000EE7AFA300501840000A77
90221 +:10DF3000000000000E001302020020219362007D09
90222 +:10DF40002403000102002021AFA30050344200044A
90223 +:10DF50000E00130BA362007D9362003E304200402E
90224 +:10DF60001440000C326200011040000A0000000062
90225 +:10DF70008F6300408FC20004240400182463000152
90226 +:10DF80000040F809AF6300408FA200300A000F3054
90227 +:10DF9000304200048F620058105200100000000050
90228 +:10DFA0008F620018022210231C4000082404000184
90229 +:10DFB0008F62001816220009000000008F62001C0A
90230 +:10DFC000028210230440000500000000AF720058D8
90231 +:10DFD000AFA40050AF710018AF74001C12E0000B2A
90232 +:10DFE0008FA200500E00130202002021A377003FF1
90233 +:10DFF0000E00130B0200202102E030212404003720
90234 +:10E000000E0013C9000028218FA200501040000309
90235 +:10E01000000000000E000CA90200202112A0000543
90236 +:10E02000000018218FA2003030420004504000113F
90237 +:10E0300000601021240300010A000F30006010214D
90238 +:10E040000E001302020020219362007D02002021B5
90239 +:10E05000344200040E00130BA362007D0E000CA9D5
90240 +:10E06000020020210A000F3024020001AF400044CA
90241 +:10E07000240200018FBF007C8FBE00788FB7007430
90242 +:10E080008FB600708FB5006C8FB400688FB30064DA
90243 +:10E090008FB200608FB1005C8FB0005803E00008C1
90244 +:10E0A00027BD00808F4201B80440FFFE2402080013
90245 +:10E0B000AF4201B803E00008000000003C02000885
90246 +:10E0C00003421021944200483084FFFF2484001250
90247 +:10E0D0003045FFFF10A0001700A4102B10400016C1
90248 +:10E0E00024020003934201202403001AA343018B5E
90249 +:10E0F000304200FF2446FFFE8F82000000A6182B4E
90250 +:10E100003863000100021382004310241040000510
90251 +:10E110008F84000434820001A746019403E00008C4
90252 +:10E12000AF8200042402FFFE0082102403E00008F6
90253 +:10E13000AF8200042402000303E00008A342018B25
90254 +:10E1400027BDFFE0AFB10014AFB00010AFBF0018A3
90255 +:10E1500030B0FFFF30D1FFFF8F4201B80440FFFE17
90256 +:10E1600000000000AF440180AF4400200E000F42C9
90257 +:10E17000020020218F8300008F840004A750019AA1
90258 +:10E18000A750018EA74301908F8300083082800042
90259 +:10E19000AF4301A8A75101881040000E8F820004F0
90260 +:10E1A00093420116304200FC24420004005A102120
90261 +:10E1B0008C4240003042FFFF144000068F82000472
90262 +:10E1C0003C02FFFF34427FFF00821024AF82000434
90263 +:10E1D0008F8200042403BFFF00431024A74201A63E
90264 +:10E1E0009743010C8F42010400031C003042FFFFE3
90265 +:10E1F00000621825AF4301AC3C021000AF4201B8E9
90266 +:10E200008FBF00188FB100148FB0001003E000081A
90267 +:10E2100027BD00208F470070934201128F830000BA
90268 +:10E2200027BDFFF0304200FF00022882306201006B
90269 +:10E23000000030211040004324A40003306240005D
90270 +:10E24000104000103062200000041080005A10219D
90271 +:10E250008C43400024A4000400041080AFA30000FD
90272 +:10E26000005A10218C424000AFA2000493420116D4
90273 +:10E27000304200FC005A10218C4240000A000FC0BE
90274 +:10E28000AFA200081040002F0000302100041080D1
90275 +:10E29000005A10218C43400024A400040004108084
90276 +:10E2A000AFA30000005A10218C424000AFA000082C
90277 +:10E2B000AFA200048FA80008000030210000202138
90278 +:10E2C000240A00083C0908002529010003A41021A4
90279 +:10E2D000148A000300042A001100000A0000000054
90280 +:10E2E00090420000248400012C83000C00A2102125
90281 +:10E2F00000021080004910218C4200001460FFF3DE
90282 +:10E3000000C230263C0408008C8431048F42007027
90283 +:10E310002C83002010600009004738233C030800CC
90284 +:10E32000246331080004108000431021248300017D
90285 +:10E33000AC4700003C010800AC233104AF86000864
90286 +:10E340002406000100C0102103E0000827BD0010D2
90287 +:10E350003C0208008C42003827BDFFD0AFB5002436
90288 +:10E36000AFB40020AFB10014AFBF0028AFB3001CA2
90289 +:10E37000AFB20018AFB00010000088213C150800B3
90290 +:10E3800026B50038144000022454FFFF0000A021ED
90291 +:10E390009742010E8F8400003042FFFF308340001F
90292 +:10E3A0001060000A245200043C0200200082102465
90293 +:10E3B00050400007308280008F8200042403BFFF9A
90294 +:10E3C000008318240A0010103442100030828000AC
90295 +:10E3D0001040000A3C020020008210241040000778
90296 +:10E3E0008F8200043C03FFFF34637FFF0083182407
90297 +:10E3F00034428000AF820004AF8300000E000F980B
90298 +:10E400000000000014400007000000009743011EB8
90299 +:10E410009742011C3063FFFF0002140000621825C0
90300 +:10E42000AF8300089742010C8F4340003045FFFF47
90301 +:10E430003402FFFF14620003000000000A001028ED
90302 +:10E44000241100208F42400030420100544000015E
90303 +:10E45000241100108F8400003082100050400014FE
90304 +:10E4600036310001308200201440000B3C021000C5
90305 +:10E47000008210245040000E363100013C030E0093
90306 +:10E480003C020DFF008318243442FFFF0043102B91
90307 +:10E4900050400007363100013C0208008C42002C3D
90308 +:10E4A000244200013C010800AC22002C363100055A
90309 +:10E4B0003C0608008CC6003454C000238F85000041
90310 +:10E4C0008F820004304240005440001F8F850000BE
90311 +:10E4D0003C021F01008210243C0310005443001A28
90312 +:10E4E0008F85000030A20200144000178F850000C5
90313 +:10E4F0003250FFFF363100028F4201B80440FFFE68
90314 +:10E5000000000000AF400180020020210E000F42F9
90315 +:10E51000AF4000208F8300042402BFFFA750019A60
90316 +:10E52000006218248F820000A750018EA751018835
90317 +:10E53000A74301A6A74201903C021000AF4201B8D8
90318 +:10E540000A0010F5000010213C02100000A2102467
90319 +:10E550001040003A0000000010C0000F0000000052
90320 +:10E5600030A201001040000C3C0302003C020F00EE
90321 +:10E5700000A2102410430008000000008F82000851
90322 +:10E58000005410240055102190420004244200043D
90323 +:10E590000A00109F000221C00000000000051602C2
90324 +:10E5A0003050000F3A0300022E4203EF38420001C0
90325 +:10E5B0002C6300010062182414600073240200011F
90326 +:10E5C0003C0308008C6300D02E06000C386200016A
90327 +:10E5D0002C4200010046102414400015001021C0F8
90328 +:10E5E0002602FFFC2C4200045440001100002021B0
90329 +:10E5F000386200022C420001004610241040000343
90330 +:10E60000000512420A00109F000020210010182B64
90331 +:10E610000043102450400006001021C000002021BB
90332 +:10E620003245FFFF0E000F633226FFFB001021C0B2
90333 +:10E630003245FFFF0A0010F2362600028F424000EA
90334 +:10E640003C0308008C630024304201001040004667
90335 +:10E6500030620001322200043070000D14400002CC
90336 +:10E660002413000424130002000512C238420001E2
90337 +:10E670002E4303EF304200013863000100431025B0
90338 +:10E68000104000033231FFFB2402FFFB0202802412
90339 +:10E6900010C000183202000130A201001040001525
90340 +:10E6A000320200013C020F0000A210243C030200D1
90341 +:10E6B0001043000F8F8200082403FFFE0203802412
90342 +:10E6C00000541024005510219042000402333025DC
90343 +:10E6D0002442000412000002000221C03226FFFF83
90344 +:10E6E0000E000F633245FFFF1200002700001021CB
90345 +:10E6F000320200011040000D320200042402000129
90346 +:10E7000012020002023330253226FFFF00002021D2
90347 +:10E710000E000F633245FFFF2402FFFE0202802439
90348 +:10E7200012000019000010213202000410400016EF
90349 +:10E7300024020001240200041202000202333025E8
90350 +:10E740003226FFFF3245FFFF0E000F632404010055
90351 +:10E750002402FFFB020280241200000B00001021A3
90352 +:10E760000A0010F5240200011040000700001021EB
90353 +:10E770003245FFFF36260002000020210E000F6305
90354 +:10E7800000000000000010218FBF00288FB500247A
90355 +:10E790008FB400208FB3001C8FB200188FB100140B
90356 +:10E7A0008FB0001003E0000827BD003027BDFFD068
90357 +:10E7B000AFB000103C04600CAFBF002CAFB6002817
90358 +:10E7C000AFB50024AFB40020AFB3001CAFB2001847
90359 +:10E7D000AFB100148C8250002403FF7F3C1A8000EC
90360 +:10E7E000004310243442380CAC8250002402000351
90361 +:10E7F0003C106000AF4200088E0208083C1B8008F5
90362 +:10E800003C010800AC2000203042FFF038420010EC
90363 +:10E810002C4200010E001B8DAF8200183C04FFFF4C
90364 +:10E820003C020400348308063442000CAE0219484E
90365 +:10E83000AE03194C3C0560168E0219808CA30000B3
90366 +:10E840003442020000641824AE0219803C02535383
90367 +:10E850001462000334A47C008CA200040050202128
90368 +:10E860008C82007C8C830078AF820010AF83000C18
90369 +:10E870008F55000032A200031040FFFD32A20001BC
90370 +:10E880001040013D32A200028F420128AF42002019
90371 +:10E890008F4201048F430100AF8200000E000F3C45
90372 +:10E8A000AF8300043C0208008C4200C01040000806
90373 +:10E8B0008F8400003C0208008C4200C42442000106
90374 +:10E8C0003C010800AC2200C40A00126900000000EC
90375 +:10E8D0003C020010008210241440010C8F830004BD
90376 +:10E8E0003C0208008C4200203C0308008C63003886
90377 +:10E8F00000008821244200013C010800AC220020D5
90378 +:10E900003C16080026D60038146000022474FFFF6D
90379 +:10E910000000A0219742010E308340003042FFFFEB
90380 +:10E920001060000A245200043C02002000821024DF
90381 +:10E9300050400007308280008F8200042403BFFF14
90382 +:10E94000008318240A0011703442100030828000C5
90383 +:10E950001040000A3C0200200082102410400007F2
90384 +:10E960008F8200043C03FFFF34637FFF0083182481
90385 +:10E9700034428000AF820004AF8300000E000F9885
90386 +:10E980000000000014400007000000009743011E33
90387 +:10E990009742011C3063FFFF00021400006218253B
90388 +:10E9A000AF8300089742010C8F4340003045FFFFC2
90389 +:10E9B0003402FFFF14620003000000000A00118807
90390 +:10E9C000241100208F4240003042010054400001D9
90391 +:10E9D000241100108F840000308210005040001479
90392 +:10E9E00036310001308200201440000B3C02100040
90393 +:10E9F000008210245040000E363100013C030E000E
90394 +:10EA00003C020DFF008318243442FFFF0043102B0B
90395 +:10EA100050400007363100013C0208008C42002CB7
90396 +:10EA2000244200013C010800AC22002C36310005D4
90397 +:10EA30003C0608008CC6003454C000238F850000BB
90398 +:10EA40008F820004304240005440001F8F85000038
90399 +:10EA50003C021F01008210243C0310005443001AA2
90400 +:10EA60008F85000030A20200144000178F8500003F
90401 +:10EA70003250FFFF363100028F4201B80440FFFEE2
90402 +:10EA800000000000AF400180020020210E000F4274
90403 +:10EA9000AF4000208F8300042402BFFFA750019ADB
90404 +:10EAA000006218248F820000A750018EA7510188B0
90405 +:10EAB000A74301A6A74201903C021000AF4201B853
90406 +:10EAC0000A001267000010213C02100000A210246E
90407 +:10EAD0001040003A0000000010C0000F00000000CD
90408 +:10EAE00030A201001040000C3C0302003C020F0069
90409 +:10EAF00000A2102410430008000000008F820008CC
90410 +:10EB000000541024005610219042000424420004B6
90411 +:10EB10000A0011FF000221C00000000000051602DB
90412 +:10EB20003050000F3A0300022E4203EF384200013A
90413 +:10EB30002C63000100621824146000852402000187
90414 +:10EB40003C0308008C6300D02E06000C38620001E4
90415 +:10EB50002C4200010046102414400015001021C072
90416 +:10EB60002602FFFC2C42000454400011000020212A
90417 +:10EB7000386200022C42000100461024504000037D
90418 +:10EB8000000512420A0011FF000020210010182B7E
90419 +:10EB90000043102450400006001021C00000202136
90420 +:10EBA0003245FFFF0E000F633226FFFB001021C02D
90421 +:10EBB0003245FFFF0A001252362600028F42400003
90422 +:10EBC0003C0308008C6300243042010010400046E2
90423 +:10EBD00030620001322200043070000D1440000247
90424 +:10EBE0002413000424130002000512C2384200015D
90425 +:10EBF0002E4303EF3042000138630001004310252B
90426 +:10EC0000104000033231FFFB2402FFFB020280248C
90427 +:10EC100010C000183202000130A20100104000159F
90428 +:10EC2000320200013C020F0000A210243C0302004B
90429 +:10EC30001043000F8F8200082403FFFE020380248C
90430 +:10EC40000054102400561021904200040233302555
90431 +:10EC50002442000412000002000221C03226FFFFFD
90432 +:10EC60000E000F633245FFFF120000390000102133
90433 +:10EC7000320200011040000D3202000424020001A3
90434 +:10EC800012020002023330253226FFFF000020214D
90435 +:10EC90000E000F633245FFFF2402FFFE02028024B4
90436 +:10ECA0001200002B00001021320200041040002846
90437 +:10ECB0002402000124020004120200020233302563
90438 +:10ECC0003226FFFF3245FFFF0E000F6324040100D0
90439 +:10ECD0002402FFFB020280241200001D000010210C
90440 +:10ECE0000A001267240200015040001900001021A0
90441 +:10ECF0003245FFFF36260002000020210E000F6380
90442 +:10ED0000000000000A001267000010212402BFFF6B
90443 +:10ED1000006210241040000800000000240287FF59
90444 +:10ED200000621024144000083C020060008210249D
90445 +:10ED300010400005000000000E000D34000000002F
90446 +:10ED40000A001267000000000E0012C70000000059
90447 +:10ED5000104000063C0240008F4301243C0260202A
90448 +:10ED6000AC430014000000003C024000AF420138F8
90449 +:10ED70000000000032A200021040FEBD00000000B2
90450 +:10ED80008F4201403C044000AF4200208F430148C5
90451 +:10ED90003C02700000621824106400420000000071
90452 +:10EDA0000083102B144000063C0260003C0220004F
90453 +:10EDB000106200073C0240000A0012C3000000007D
90454 +:10EDC0001062003C3C0240000A0012C30000000038
90455 +:10EDD0008F4501408F4601448F42014800021402D2
90456 +:10EDE000304300FF240200041462000A274401801B
90457 +:10EDF0008F4201B80440FFFE2402001CAC850000D5
90458 +:10EE0000A082000B3C021000AF4201B80A0012C3FE
90459 +:10EE10003C0240002402000914620012000616029F
90460 +:10EE2000000229C0AF4500208F4201B80440FFFE18
90461 +:10EE30002402000124030003AF450180A343018B9A
90462 +:10EE4000A740018EA740019AA7400190AF4001A8BA
90463 +:10EE5000A7420188A74201A6AF4001AC3C021000C6
90464 +:10EE6000AF4201B88F4201B80440FFFE000000002D
90465 +:10EE7000AC8500008F42014800021402A482000801
90466 +:10EE800024020002A082000B8F420148A4820010DD
90467 +:10EE90003C021000AC860024AF4201B80A0012C345
90468 +:10EEA0003C0240000E001310000000000A0012C3D4
90469 +:10EEB0003C0240000E001BC2000000003C0240006B
90470 +:10EEC000AF420178000000000A00112F000000008E
90471 +:10EED0008F4201003042003E144000112402000124
90472 +:10EEE000AF4000488F420100304207C0104000058B
90473 +:10EEF00000000000AF40004CAF40005003E00008AD
90474 +:10EF000024020001AF400054AF4000408F42010096
90475 +:10EF10003042380054400001AF4000442402000158
90476 +:10EF200003E00008000000008F4201B80440FFFE2B
90477 +:10EF300024020001AF440180AF400184A74501884D
90478 +:10EF4000A342018A24020002A342018B9742014A94
90479 +:10EF500014C00004A7420190AF4001A40A0012EFC0
90480 +:10EF60003C0210008F420144AF4201A43C02100059
90481 +:10EF7000AF4001A803E00008AF4201B88F4201B8DA
90482 +:10EF80000440FFFE24020002AF440180AF4401842C
90483 +:10EF9000A7450188A342018AA342018B9742014AF7
90484 +:10EFA000A7420190AF4001A48F420144AF4201A8A3
90485 +:10EFB0003C02100003E00008AF4201B83C029000A0
90486 +:10EFC0003442000100822025AF4400208F420020FF
90487 +:10EFD0000440FFFE0000000003E000080000000005
90488 +:10EFE0003C028000344200010082202503E000083A
90489 +:10EFF000AF44002027BDFFE8AFBF0014AFB0001042
90490 +:10F000008F50014093430149934201489344014882
90491 +:10F01000306300FF304200FF00021200006228252A
90492 +:10F020002402001910620076308400802862001AE1
90493 +:10F030001040001C24020020240200081062007707
90494 +:10F04000286200091040000E2402000B2402000177
90495 +:10F0500010620034286200025040000524020006BD
90496 +:10F0600050600034020020210A00139A00000000C2
90497 +:10F0700010620030020020210A00139A00000000F4
90498 +:10F080001062003B2862000C504000022402000E77
90499 +:10F090002402000910620056020020210A00139A7F
90500 +:10F0A0000000000010620056286200211040000F8E
90501 +:10F0B000240200382402001C106200582862001D3F
90502 +:10F0C000104000062402001F2402001B1062004CA6
90503 +:10F0D000000000000A00139A000000001062004ABD
90504 +:10F0E000020020210A00139A00000000106200456F
90505 +:10F0F0002862003910400007240200802462FFCB00
90506 +:10F100002C42000210400045020020210A00139604
90507 +:10F110000000302110620009000000000A00139A6C
90508 +:10F12000000000001480003D020020210A0013901E
90509 +:10F130008FBF00140A001396240600018F4201B805
90510 +:10F140000440FFFE24020002A342018BA745018870
90511 +:10F150009742014AA74201908F420144A74201927F
90512 +:10F160003C021000AF4201B80A00139C8FBF00148C
90513 +:10F170009742014A144000290000000093620005F4
90514 +:10F180003042000414400025000000000E0013026D
90515 +:10F190000200202193620005020020213442000475
90516 +:10F1A0000E00130BA36200059362000530420004B9
90517 +:10F1B00014400002000000000000000D93620000F7
90518 +:10F1C00024030020304200FF14430014000000001C
90519 +:10F1D0008F4201B80440FFFE24020005AF500180B9
90520 +:10F1E000A342018B3C0210000A00139AAF4201B8FF
90521 +:10F1F0008FBF00148FB000100A0012F227BD001854
90522 +:10F200000000000D02002021000030218FBF0014FB
90523 +:10F210008FB000100A0012DD27BD00180000000D9D
90524 +:10F220008FBF00148FB0001003E0000827BD001846
90525 +:10F2300027BDFFE8AFBF00100E000F3C000000002C
90526 +:10F24000AF4001808FBF0010000020210A000FE7AF
90527 +:10F2500027BD00183084FFFF30A5FFFF00001821F4
90528 +:10F260001080000700000000308200011040000202
90529 +:10F2700000042042006518210A0013AB0005284055
90530 +:10F2800003E000080060102110C0000624C6FFFF44
90531 +:10F290008CA2000024A50004AC8200000A0013B573
90532 +:10F2A0002484000403E000080000000010A000080F
90533 +:10F2B00024A3FFFFAC860000000000000000000057
90534 +:10F2C0002402FFFF2463FFFF1462FFFA248400047A
90535 +:10F2D00003E0000800000000308300FF30A500FFBD
90536 +:10F2E00030C600FF274701808F4201B80440FFFE6F
90537 +:10F2F000000000008F42012834634000ACE20000AF
90538 +:10F3000024020001ACE00004A4E30008A0E2000A2B
90539 +:10F3100024020002A0E2000B3C021000A4E5001051
90540 +:10F32000ACE00024ACE00028A4E6001203E00008F2
90541 +:10F33000AF4201B827BDFFE8AFBF00109362003FA6
90542 +:10F3400024030012304200FF1043000D00803021E2
90543 +:10F350008F620044008210230440000A8FBF001017
90544 +:10F360008F620048240400390000282100C21023C5
90545 +:10F3700004410004240600120E0013C9000000001E
90546 +:10F380008FBF00102402000103E0000827BD001811
90547 +:10F3900027BDFFC8AFB20030AFB1002CAFBF003403
90548 +:10F3A000AFB0002890C5000D0080902130A400105F
90549 +:10F3B0001080000B00C088218CC300088F620054AD
90550 +:10F3C0001062000730A20005144000B524040001BB
90551 +:10F3D0000E000D21000020210A0014BB0040202156
90552 +:10F3E00030A200051040000930A30012108000ACCC
90553 +:10F3F000240400018E2300088F620054146200A9C7
90554 +:10F400008FBF00340A00142C240400382402001298
90555 +:10F41000146200A3240400010220202127A500106B
90556 +:10F420000E000CB2AFA000101040001102402021CD
90557 +:10F430008E220008AF620084AF6000400E0013020D
90558 +:10F44000000000009362007D024020213442002031
90559 +:10F450000E00130BA362007D0E000CA902402021B8
90560 +:10F46000240400382405008D0A0014B82406001274
90561 +:10F470009362003E304200081040000F8FA200103F
90562 +:10F4800030420100104000078FA300148F6200601B
90563 +:10F490000062102304430008AF6300600A001441B7
90564 +:10F4A00000000000AF6000609362003E2403FFF79D
90565 +:10F4B00000431024A362003E9362003E30420008E5
90566 +:10F4C000144000022406000300003021936200343F
90567 +:10F4D000936300378F640084304200FF306300FF85
90568 +:10F4E00000661821000318800043282100A4202B67
90569 +:10F4F0001080000B000000009763003C8F620084C6
90570 +:10F500003063FFFF004510230062182B14600004D5
90571 +:10F51000000000008F6200840A00145D0045802313
90572 +:10F520009762003C3050FFFF8FA300103062000450
90573 +:10F5300010400004000628808FA2001C0A001465F9
90574 +:10F540000202102B2E02021850400003240202185F
90575 +:10F550000A00146E020510233063000410600003DB
90576 +:10F56000004510238FA2001C00451023004080217D
90577 +:10F570002C42008054400001241000800E00130231
90578 +:10F580000240202124020001AF62000C9362003E81
90579 +:10F59000001020403042007FA362003E8E22000413
90580 +:10F5A00024420001AF620040A770003C8F6200500F
90581 +:10F5B0009623000E00431021AF6200588F62005066
90582 +:10F5C00000441021AF62005C8E220004AF6200187C
90583 +:10F5D0008E220008AF62001C8FA20010304200088B
90584 +:10F5E0005440000A93A20020A360003693620036C4
90585 +:10F5F0002403FFDFA36200359362003E0043102422
90586 +:10F60000A362003E0A0014988E220008A36200350F
90587 +:10F610008E220008AF62004C8F6200248F6300408E
90588 +:10F6200000431021AF6200489362000024030050A1
90589 +:10F63000304200FF144300122403FF803C02080004
90590 +:10F640008C4231A00242102100431024AF42002816
90591 +:10F650003C0208008C4231A08E2400083C03000CC0
90592 +:10F66000024210213042007F03421021004310214A
90593 +:10F67000AC4400D88E230008AF820014AC4300DCF9
90594 +:10F680000E00130B02402021240400380000282122
90595 +:10F690002406000A0E0013C9000000002404000123
90596 +:10F6A0008FBF00348FB200308FB1002C8FB0002894
90597 +:10F6B0000080102103E0000827BD003827BDFFF8B7
90598 +:10F6C00027420180AFA20000308A00FF8F4201B8BC
90599 +:10F6D0000440FFFE000000008F4601283C020800A5
90600 +:10F6E0008C4231A02403FF80AF86004800C2102165
90601 +:10F6F00000431024AF4200243C0208008C4231A099
90602 +:10F700008FA900008FA8000000C210213042007FA6
90603 +:10F71000034218213C02000A00621821946400D4BC
90604 +:10F720008FA700008FA5000024020002AF83001401
90605 +:10F73000A0A2000B8FA30000354260003084FFFFC1
90606 +:10F74000A4E200083C021000AD260000AD04000455
90607 +:10F75000AC60002427BD0008AF4201B803E00008F8
90608 +:10F76000240200018F88003C938200288F830014BC
90609 +:10F770003C07080024E7779800481023304200FF38
90610 +:10F78000304900FC246500888F860040304A000321
90611 +:10F790001120000900002021248200048CA3000015
90612 +:10F7A000304400FF0089102AACE3000024A50004C7
90613 +:10F7B0001440FFF924E70004114000090000202153
90614 +:10F7C0002482000190A30000304400FF008A102B27
90615 +:10F7D000A0E3000024A500011440FFF924E7000184
90616 +:10F7E00030C20003144000048F85003C3102000346
90617 +:10F7F0001040000D0000000010A0000900002021B2
90618 +:10F800002482000190C30000304400FF0085102BCB
90619 +:10F81000A0E3000024C600011440FFF924E7000122
90620 +:10F8200003E00008000000001100FFFD000020219F
90621 +:10F83000248200048CC30000304400FF0088102B99
90622 +:10F84000ACE3000024C600041440FFF924E70004E0
90623 +:10F8500003E00008000000008F83003C9382002832
90624 +:10F8600030C600FF30A500FF00431023304300FFE7
90625 +:10F870008F820014008038210043102114C0000240
90626 +:10F88000244800880083382130E20003144000053A
90627 +:10F8900030A2000314400003306200031040000D4A
90628 +:10F8A0000000000010A000090000202124820001B7
90629 +:10F8B00090E30000304400FF0085102BA1030000FE
90630 +:10F8C00024E700011440FFF92508000103E00008C7
90631 +:10F8D0000000000010A0FFFD000020212482000491
90632 +:10F8E0008CE30000304400FF0085102BAD030000C6
90633 +:10F8F00024E700041440FFF92508000403E0000891
90634 +:10F90000000000000080482130AAFFFF30C600FF41
90635 +:10F9100030E7FFFF274801808F4201B80440FFFE17
90636 +:10F920008F820048AD0200008F420124AD02000426
90637 +:10F930008D220020A5070008A102000A240200165B
90638 +:10F94000A102000B934301208D2200088D240004A6
90639 +:10F95000306300FF004310219783003A00441021D8
90640 +:10F960008D250024004310233C0308008C6331A044
90641 +:10F970008F840014A502000C246300E82402FFFF1A
90642 +:10F98000A50A000EA5030010A5060012AD0500187B
90643 +:10F99000AD020024948201142403FFF73042FFFFDC
90644 +:10F9A000AD0200288C820118AD02002C3C02100030
90645 +:10F9B000AD000030AF4201B88D220020004310247A
90646 +:10F9C00003E00008AD2200208F82001430E7FFFF23
90647 +:10F9D00000804821904200D330A5FFFF30C600FFD1
90648 +:10F9E0000002110030420F0000E238252748018054
90649 +:10F9F0008F4201B80440FFFE8F820048AD02000034
90650 +:10FA00008F420124AD0200048D220020A5070008CA
90651 +:10FA1000A102000A24020017A102000B9343012057
90652 +:10FA20008D2200088D240004306300FF0043102164
90653 +:10FA30009783003A004410218F8400140043102360
90654 +:10FA40003C0308008C6331A0A502000CA505000E44
90655 +:10FA5000246300E8A5030010A5060012AD00001401
90656 +:10FA60008D220024AD0200188C82005CAD02001CC7
90657 +:10FA70008C820058AD0200202402FFFFAD0200245A
90658 +:10FA8000948200E63042FFFFAD02002894820060BD
90659 +:10FA9000948300BE30427FFF3063FFFF00021200FC
90660 +:10FAA00000431021AD02002C3C021000AD000030DC
90661 +:10FAB000AF4201B8948200BE2403FFF700A21021D8
90662 +:10FAC000A48200BE8D2200200043102403E0000821
90663 +:10FAD000AD220020274301808F4201B80440FFFE81
90664 +:10FAE0008F8200249442001C3042FFFF000211C0AC
90665 +:10FAF000AC62000024020019A062000B3C0210005E
90666 +:10FB0000AC60003003E00008AF4201B88F87002CE2
90667 +:10FB100030C300FF8F4201B80440FFFE8F820048CF
90668 +:10FB200034636000ACA2000093820044A0A20005F0
90669 +:10FB30008CE20010A4A20006A4A300088C8200207E
90670 +:10FB40002403FFF7A0A2000A24020002A0A2000BD7
90671 +:10FB50008CE20000ACA200108CE20004ACA2001405
90672 +:10FB60008CE2001CACA200248CE20020ACA2002895
90673 +:10FB70008CE2002CACA2002C8C820024ACA20018D9
90674 +:10FB80003C021000AF4201B88C82002000431024D8
90675 +:10FB900003E00008AC8200208F86001427BDFFE838
90676 +:10FBA000AFBF0014AFB0001090C20063304200201D
90677 +:10FBB0001040000830A500FF8CC2007C2403FFDF4A
90678 +:10FBC00024420001ACC2007C90C2006300431024B8
90679 +:10FBD000A0C2006310A000238F830014275001806F
90680 +:10FBE000020028210E0015D6240600828F82001400
90681 +:10FBF000904200633042004050400019A38000440E
90682 +:10FC00008F83002C8F4201B80440FFFE8F82004892
90683 +:10FC1000AE02000024026082A60200082402000254
90684 +:10FC2000A202000B8C620008AE0200108C62000C75
90685 +:10FC3000AE0200148C620014AE0200188C62001830
90686 +:10FC4000AE0200248C620024AE0200288C620028E0
90687 +:10FC5000AE02002C3C021000AF4201B8A380004469
90688 +:10FC60008F8300148FBF00148FB000109062006368
90689 +:10FC700027BD00183042007FA06200639782003ADF
90690 +:10FC80008F86003C8F850014938300280046102344
90691 +:10FC9000A782003AA4A000E490A400638F820040F1
90692 +:10FCA000AF83003C2403FFBF0046102100832024C3
90693 +:10FCB000AF820040A0A400638F820014A04000BD6A
90694 +:10FCC0008F82001403E00008A44000BE8F8A001455
90695 +:10FCD00027BDFFE0AFB10014AFB000108F88003C2B
90696 +:10FCE000AFBF00189389001C954200E430D100FF9B
90697 +:10FCF0000109182B0080802130AC00FF3047FFFF46
90698 +:10FD00000000582114600003310600FF012030215B
90699 +:10FD1000010958239783003A0068102B1440003CD7
90700 +:10FD20000000000014680007240200018E02002079
90701 +:10FD30002403FFFB34E7800000431024AE020020C0
90702 +:10FD40002402000134E70880158200053165FFFFB9
90703 +:10FD50000E001554020020210A00169102002021F5
90704 +:10FD60000E001585020020218F8400482743018062
90705 +:10FD70008F4201B80440FFFE24020018AC6400006A
90706 +:10FD8000A062000B8F840014948200E6A46200102D
90707 +:10FD90003C021000AC600030AF4201B894820060B9
90708 +:10FDA00024420001A4820060948200603C030800A9
90709 +:10FDB0008C63318830427FFF5443000F02002021C2
90710 +:10FDC000948200602403800000431024A482006019
90711 +:10FDD0009082006090830060304200FF000211C2F8
90712 +:10FDE00000021027000211C03063007F0062182556
90713 +:10FDF000A083006002002021022028218FBF00186C
90714 +:10FE00008FB100148FB000100A0015F927BD002033
90715 +:10FE1000914200632403FF8000431025A142006348
90716 +:10FE20009782003A3048FFFF110000209383001CA6
90717 +:10FE30008F840014004B1023304600FF948300E4AD
90718 +:10FE40002402EFFF0168282B00621824A48300E439
90719 +:10FE500014A000038E020020010058210000302170
90720 +:10FE60002403FFFB34E7800000431024AE0200208F
90721 +:10FE700024020001158200053165FFFF0E001554B4
90722 +:10FE8000020020210A0016B99783003A0E0015855A
90723 +:10FE9000020020219783003A8F82003CA780003A1D
90724 +:10FEA00000431023AF82003C9383001C8F82001418
90725 +:10FEB0008FBF00188FB100148FB0001027BD002035
90726 +:10FEC00003E00008A04300BD938200442403000126
90727 +:10FED00027BDFFE8004330042C420020AFB00010E3
90728 +:10FEE000AFBF00142410FFFE10400005274501801D
90729 +:10FEF0003C0208008C4231900A0016D600461024BD
90730 +:10FF00003C0208008C423194004610241440000743
90731 +:10FF1000240600848F8300142410FFFF9062006287
90732 +:10FF20003042000F34420040A06200620E0015D63D
90733 +:10FF300000000000020010218FBF00148FB00010DD
90734 +:10FF400003E0000827BD00188F83002427BDFFE0D1
90735 +:10FF5000AFB20018AFB10014AFB00010AFBF001CBB
90736 +:10FF60009062000D00A0902130D100FF3042007F50
90737 +:10FF7000A062000D8F8500148E4300180080802140
90738 +:10FF80008CA2007C146200052402000E90A2006383
90739 +:10FF9000344200200A0016FFA0A200630E0016C51E
90740 +:10FFA000A38200442403FFFF104300472404FFFF03
90741 +:10FFB00052200045000020218E4300003C0200102A
90742 +:10FFC00000621024504000043C020008020020217E
90743 +:10FFD0000A00170E24020015006210245040000988
90744 +:10FFE0008E45000002002021240200140E0016C5D8
90745 +:10FFF000A38200442403FFFF104300332404FFFFC7
90746 +:020000021000EC
90747 +:100000008E4500003C02000200A2102410400016A1
90748 +:100010003C0200048F8600248CC200148CC30010A4
90749 +:100020008CC40014004310230044102B50400005E2
90750 +:10003000020020218E43002C8CC2001010620003AD
90751 +:10004000020020210A00173F240200123C02000493
90752 +:1000500000A210245040001C00002021020020219A
90753 +:100060000A00173F2402001300A2102410400006CB
90754 +:100070008F8300248C620010504000130000202168
90755 +:100080000A001739020020218C6200105040000441
90756 +:100090008E42002C020020210A00173F240200118A
90757 +:1000A00050400009000020210200202124020017F6
90758 +:1000B0000E0016C5A38200442403FFFF1043000274
90759 +:1000C0002404FFFF000020218FBF001C8FB2001806
90760 +:1000D0008FB100148FB000100080102103E00008E1
90761 +:1000E00027BD00208F83001427BDFFD8AFB40020A8
90762 +:1000F000AFB3001CAFB20018AFB10014AFB0001026
90763 +:10010000AFBF0024906200638F91002C2412FFFF88
90764 +:100110003442004092250000A06200638E2200104D
90765 +:100120000080982130B0003F105200060360A021EB
90766 +:100130002402000D0E0016C5A38200441052005484
90767 +:100140002404FFFF8F8300148E2200188C63007C30
90768 +:1001500010430007026020212402000E0E0016C585
90769 +:10016000A38200442403FFFF104300492404FFFF3F
90770 +:1001700024040020120400048F83001490620063A2
90771 +:1001800034420020A06200638F85003410A000205C
90772 +:1001900000000000560400048F8200140260202139
90773 +:1001A0000A0017902402000A9683000A9442006015
90774 +:1001B0003042FFFF144300048F8200202404FFFD1F
90775 +:1001C0000A0017B7AF82003C3C0208008C42318C19
90776 +:1001D0000045102B14400006026020210000282159
90777 +:1001E0000E001646240600010A0017B70000202161
90778 +:1001F0002402002D0E0016C5A38200442403FFFF35
90779 +:10020000104300232404FFFF0A0017B70000202139
90780 +:10021000160400058F8400148E2300142402FFFFAF
90781 +:100220005062001802602021948200602442000184
90782 +:10023000A4820060948200603C0308008C633188D3
90783 +:1002400030427FFF5443000F0260202194820060FF
90784 +:100250002403800000431024A48200609082006088
90785 +:1002600090830060304200FF000211C2000210279C
90786 +:10027000000211C03063007F00621825A083006077
90787 +:10028000026020210E0015F9240500010000202144
90788 +:100290008FBF00248FB400208FB3001C8FB20018D2
90789 +:1002A0008FB100148FB000100080102103E000080F
90790 +:1002B00027BD00288F83001427BDFFE8AFB00010D2
90791 +:1002C000AFBF0014906200638F87002C00808021F4
90792 +:1002D000344200408CE60010A06200633C0308003A
90793 +:1002E0008C6331B030C23FFF0043102B1040004EF2
90794 +:1002F0008F8500302402FF8090A3000D004310245E
90795 +:10030000304200FF504000490200202100061382C5
90796 +:10031000304800032402000255020044020020215C
90797 +:1003200094A2001C8F85001424030023A4A20114AE
90798 +:100330008CE60000000616023042003F1043001019
90799 +:100340003C0300838CE300188CA2007C1062000642
90800 +:100350002402000E0E0016C5A38200442403FFFFF2
90801 +:10036000104300382404FFFF8F8300149062006361
90802 +:1003700034420020A06200630A0017FC8F8300242F
90803 +:1003800000C31024144300078F83002490A200624E
90804 +:100390003042000F34420020A0A20062A38800383F
90805 +:1003A0008F8300249062000D3042007FA062000D18
90806 +:1003B0008F83003410600018020020218F840030E9
90807 +:1003C0008C8200100043102B1040000924020018FA
90808 +:1003D000020020210E0016C5A38200442403FFFF63
90809 +:1003E000104300182404FFFF0A00182400002021F5
90810 +:1003F0008C820010240500010200202100431023FC
90811 +:100400008F830024240600010E001646AC62001003
90812 +:100410000A001824000020210E0015F9240500010F
90813 +:100420000A00182400002021020020212402000DCF
90814 +:100430008FBF00148FB0001027BD00180A0016C52A
90815 +:10044000A38200448FBF00148FB0001000801021E1
90816 +:1004500003E0000827BD001827BDFFC8AFB2002089
90817 +:10046000AFBF0034AFB60030AFB5002CAFB400283A
90818 +:10047000AFB30024AFB1001CAFB000188F46012805
90819 +:100480003C0308008C6331A02402FF80AF86004843
90820 +:1004900000C318213065007F03452821006218241D
90821 +:1004A0003C02000AAF43002400A2282190A200626F
90822 +:1004B00000809021AF850014304200FF000211023D
90823 +:1004C000A382003890A200BC304200021440000217
90824 +:1004D00024030034240300308F820014A3830028F7
90825 +:1004E000938300388C4200C0A3800044AF82003C5C
90826 +:1004F000240200041062031C8F84003C8E4400041C
90827 +:10050000508003198F84003C8E4200103083FFFF1F
90828 +:10051000A784003A106002FFAF8200408F8400146D
90829 +:100520002403FF809082006300621024304200FFA9
90830 +:10053000144002CF9785003A9383003824020002CA
90831 +:1005400030B6FFFF14620005000088219382002866
90832 +:100550002403FFFD0A001B19AF82003C8F82003C80
90833 +:1005600002C2102B144002A18F8400400E0014EC34
90834 +:1005700000000000938300283C040800248477983E
90835 +:10058000240200341462002EAF84002C3C0A0800C0
90836 +:100590008D4A77C82402FFFFAFA2001000803821E7
90837 +:1005A0002405002F3C09080025297398240800FF22
90838 +:1005B0002406FFFF90E2000024A3FFFF00062202B2
90839 +:1005C00000C21026304200FF0002108000491021B6
90840 +:1005D0008C420000306500FF24E7000114A8FFF5FD
90841 +:1005E0000082302600061027AFA20014AFA2001030
90842 +:1005F0000000282127A7001027A6001400C51023FB
90843 +:100600009044000324A2000100A71821304500FFF8
90844 +:100610002CA200041440FFF9A06400008FA2001077
90845 +:100620001142000724020005024020210E0016C5D9
90846 +:10063000A38200442403FFFF104300642404FFFF4F
90847 +:100640003C0208009042779C104000098F82001401
90848 +:10065000024020212402000C0E0016C5A382004493
90849 +:100660002403FFFF104300592404FFFF8F8200146E
90850 +:10067000A380001C3C0308008C63779C8C440080A2
90851 +:100680003C0200FF3442FFFF006218240083202B4D
90852 +:1006900010800008AF83003402402021240200199A
90853 +:1006A0000E0016C5A38200442403FFFF1043004739
90854 +:1006B0002404FFFF8F87003C9782003A8F85003427
90855 +:1006C000AF8700200047202310A0003BA784003AFA
90856 +:1006D0008F86001430A200030002102390C300BCD8
90857 +:1006E0003050000300B0282100031882307300014D
90858 +:1006F0000013108000A228213C0308008C6331A065
90859 +:100700008F8200483084FFFF0085202B004310219A
90860 +:1007100010800011244200888F84002C1082000E6B
90861 +:100720003C033F013C0208008C42779800431024B0
90862 +:100730003C0325001443000630E500FF8C820000D6
90863 +:10074000ACC200888C8200100A0018E9ACC2009884
90864 +:100750000E001529000030219382001C8F850014A3
90865 +:100760008F830040020238218F82003CA387001C47
90866 +:1007700094A400E4006218218F82003434841000B5
90867 +:10078000AF83004000503021A4A400E41260000EAA
90868 +:10079000AF86003C24E20004A382001C94A200E483
90869 +:1007A00024C30004AF83003C34422000A4A200E430
90870 +:1007B0000A001906000020218F820040AF80003C13
90871 +:1007C00000471021AF820040000020212414FFFFC9
90872 +:1007D000109402112403FFFF3C0808008D0877A83D
90873 +:1007E0003C0208008C4231B03C03080090637798CB
90874 +:1007F00031043FFF0082102B1040001B3067003F88
90875 +:100800003C0208008C4231A88F83004800042180FC
90876 +:1008100000621821006418213062007F0342282101
90877 +:100820003C02000C00A228213C020080344200015E
90878 +:100830003066007800C230252402FF800062102458
90879 +:10084000AF42002830640007AF4208048F820014D2
90880 +:100850000344202124840940AF460814AF850024B6
90881 +:10086000AF840030AC4301189383003824020003A6
90882 +:10087000146201CF240200012402002610E201D1FB
90883 +:1008800028E2002710400013240200322402002234
90884 +:1008900010E201CC28E200231040000824020024CA
90885 +:1008A0002402002010E201B82402002110E20147D6
90886 +:1008B000024020210A001AFB2402000B10E201C1B1
90887 +:1008C0002402002510E20010024020210A001AFB39
90888 +:1008D0002402000B10E201AE28E2003310400006B3
90889 +:1008E0002402003F2402003110E2009A024020213D
90890 +:1008F0000A001AFB2402000B10E201A5024020218D
90891 +:100900000A001AFB2402000B8F90002C3C03080005
90892 +:100910008C6331B08F8500308E0400100000A82158
90893 +:100920008CB3001430823FFF0043102B8CB10020A9
90894 +:100930005040018F0240202190A3000D2402FF802F
90895 +:1009400000431024304200FF504001890240202122
90896 +:10095000000413823042000314400185024020212C
90897 +:1009600094A3001C8F8200148E040028A443011459
90898 +:100970008CA20010026218231064000302402021A0
90899 +:100980000A00197C2402001F8F82003400621021AB
90900 +:100990000262102B104000088F83002402402021A7
90901 +:1009A000240200180E0016C5A382004410540174DE
90902 +:1009B0002404FFFF8F8300248F8400348C62001096
90903 +:1009C0000224882100441023AC6200108F8200149E
90904 +:1009D000AC7100208C4200680051102B10400009BF
90905 +:1009E0008F830030024020212402001D0E0016C516
90906 +:1009F000A38200442403FFFF104301612404FFFF8E
90907 +:100A00008F8300308E0200248C6300241043000783
90908 +:100A1000024020212402001C0E0016C5A3820044BF
90909 +:100A20002403FFFF104301562404FFFF8F8400249A
90910 +:100A30008C82002424420001AC8200241233000482
90911 +:100A40008F8200148C4200685622000E8E02000035
90912 +:100A50008E0200003C030080004310241440000D6F
90913 +:100A60002402001A024020210E0016C5A382004471
90914 +:100A70002403FFFF104301422404FFFF0A0019BAB8
90915 +:100A80008E0200143C0300800043102450400003F9
90916 +:100A90008E020014AC8000208E0200142411FFFF8F
90917 +:100AA0001051000E3C0308003C0208008C423190BB
90918 +:100AB000004310242403001B14400007A3830044B8
90919 +:100AC0000E0016C5024020211051012D2404FFFF05
90920 +:100AD0000A0019CB8E030000A38000448E0300009F
90921 +:100AE0003C02000100621024104000123C02008011
90922 +:100AF0000062102414400008024020212402001A41
90923 +:100B00000E0016C5A38200442403FFFF1043011CFE
90924 +:100B10002404FFFF02402021020028210E0016E5D8
90925 +:100B2000240600012403FFFF104301152404FFFFE6
90926 +:100B3000241500018F83002402A0302102402021CF
90927 +:100B40009462003624050001244200010A001ADFE5
90928 +:100B5000A46200368F90002C3C0308008C6331B0F7
90929 +:100B60008E13001032623FFF0043102B10400089AB
90930 +:100B70008F8400302402FF809083000D00431024F6
90931 +:100B8000304200FF104000842402000D0013138245
90932 +:100B900030420003240300011443007F2402000DAF
90933 +:100BA0009082000D30420008544000048F820034CF
90934 +:100BB000024020210A001A102402002450400004A0
90935 +:100BC0008E03000C024020210A001A102402002784
90936 +:100BD0008C82002054620006024020218E0300080F
90937 +:100BE0008C820024506200098E02001402402021F1
90938 +:100BF000240200200E0016C5A38200441054007188
90939 +:100C00002403FFFF0A001A458F8400242411FFFFEC
90940 +:100C1000145100048F860014024020210A001A405B
90941 +:100C2000240200258E0300188CC2007C1062000391
90942 +:100C30002402000E0A001A40024020218E030024E4
90943 +:100C40008C82002810620003240200210A001A404E
90944 +:100C5000024020218E0500288C82002C10A2000367
90945 +:100C60002402001F0A001A40024020218E03002C9B
90946 +:100C700014600003240200230A001A4002402021CD
90947 +:100C80008CC200680043102B104000032402002691
90948 +:100C90000A001A40024020218C82001400651821AD
90949 +:100CA0000043102B104000088F84002402402021B4
90950 +:100CB000240200220E0016C5A382004410510041F8
90951 +:100CC0002403FFFF8F8400242403FFF79082000D8C
90952 +:100CD00000431024A082000D8F8600143C030800FE
90953 +:100CE0008C6331AC8F82004894C400E08F8500246F
90954 +:100CF0000043102130847FFF000420400044102175
90955 +:100D00003043007F034320213C03000E0083202159
90956 +:100D10002403FF8000431024AF42002CA493000062
90957 +:100D20008CA2002824420001ACA200288CA2002C36
90958 +:100D30008E03002C00431021ACA2002C8E02002C4C
90959 +:100D4000ACA200308E020014ACA2003494A2003A8F
90960 +:100D500024420001A4A2003A94C600E03C0208002C
90961 +:100D60008C4231B024C4000130837FFF1462000F35
90962 +:100D700000803021240280000082302430C2FFFF36
90963 +:100D8000000213C2304200FF000210270A001A7E40
90964 +:100D9000000233C02402000D024020210E0016C5BF
90965 +:100DA000A38200440A001A84004018218F82001494
90966 +:100DB00002402021240500010E0015F9A44600E0A0
90967 +:100DC000000018210A001B16006088218F90002C5B
90968 +:100DD0003C0308008C6331B08E05001030A23FFF49
90969 +:100DE0000043102B104000612402FF808F840030EC
90970 +:100DF0009083000D00431024304200FF5040005CFF
90971 +:100E0000024020218F8200341040000B0005138225
90972 +:100E10008F8200149763000A944200603042FFFF03
90973 +:100E200014430005000513828F8200202404FFFD77
90974 +:100E30000A001AF3AF82003C304200031440000E57
90975 +:100E40000000000092020002104000058E03002402
90976 +:100E500050600015920300030A001AAF02402021DF
90977 +:100E60008C82002450620010920300030240202173
90978 +:100E70000A001AB72402000F9082000D30420008C9
90979 +:100E80005440000992030003024020212402001074
90980 +:100E90000E0016C5A38200442403FFFF1043003850
90981 +:100EA0002404FFFF92030003240200025462000C9A
90982 +:100EB000920200038F820034544000099202000322
90983 +:100EC000024020212402002C0E0016C5A3820044FB
90984 +:100ED0002403FFFF1043002A2404FFFF92020003B3
90985 +:100EE0000200282102402021384600102CC60001B3
90986 +:100EF0002C4200010E0016E5004630252410FFFFAD
90987 +:100F00001050001F2404FFFF8F8300341060001373
90988 +:100F1000024020213C0208008C42318C0043102BFF
90989 +:100F200014400007000000000000282124060001F2
90990 +:100F30000E001646000000000A001AF300002021EF
90991 +:100F40002402002D0E0016C5A38200441050000C90
90992 +:100F50002404FFFF0A001AF3000020210E0015F9F7
90993 +:100F6000240500010A001AF300002021024020217C
90994 +:100F70002402000D0E0016C5A3820044004020216B
90995 +:100F80000A001B16008088211514000E00000000C6
90996 +:100F90000E00174C024020210A001B160040882139
90997 +:100FA0000E0016C5A38200440A001B1600408821CB
90998 +:100FB00014620017022018212402002314E2000505
90999 +:100FC0002402000B0E0017C0024020210A001B164D
91000 +:100FD0000040882102402021A38200440E0016C553
91001 +:100FE0002411FFFF0A001B170220182130A500FF63
91002 +:100FF0000E001529240600019783003A8F82003CD9
91003 +:10100000A780003A00431023AF82003C0220182141
91004 +:101010001220003E9782003A2402FFFD5462003EF7
91005 +:101020008E4300208E4200048F830014005610234C
91006 +:10103000AE420004906200633042007FA062006311
91007 +:101040008E4200208F840014A780003A34420002B0
91008 +:10105000AE420020A48000E4908200632403FFBF1E
91009 +:1010600000431024A08200630A001B598E43002015
91010 +:101070009082006300621024304200FF1040002381
91011 +:101080009782003A90820088908300BD2485008872
91012 +:101090003042003F2444FFE02C820020A383001C48
91013 +:1010A00010400019AF85002C2402000100821804B2
91014 +:1010B000306200191440000C3C02800034420002EF
91015 +:1010C000006210241440000B306200201040000F1A
91016 +:1010D0009782003A90A600010240202124050001D9
91017 +:1010E0000A001B5330C60001024020210A001B5297
91018 +:1010F00024050001024020210000282124060001CF
91019 +:101100000E001646000000009782003A1440FD04CD
91020 +:101110008F8400148E4300203062000410400012BF
91021 +:101120008F84003C2402FFFB00621024AE420020AA
91022 +:10113000274301808F4201B80440FFFE8F820048A0
91023 +:10114000AC6200008F420124AC6200042402608380
91024 +:10115000A462000824020002A062000B3C021000FE
91025 +:10116000AF4201B88F84003C8F8300148FBF0034DE
91026 +:101170008FB600308FB5002C8FB400288FB30024B9
91027 +:101180008FB200208FB1001C8FB000182402000124
91028 +:1011900027BD003803E00008AC6400C030A500FFA4
91029 +:1011A0002403000124A900010069102B1040000C49
91030 +:1011B00000004021240A000100A31023004A380443
91031 +:1011C00024630001308200010069302B10400002CE
91032 +:1011D000000420420107402554C0FFF800A310235B
91033 +:1011E00003E00008010010213C020800244260A432
91034 +:1011F0003C010800AC22738C3C02080024425308D6
91035 +:101200003C010800AC2273902402000627BDFFE0D9
91036 +:101210003C010800A02273943C021EDCAFB200180F
91037 +:10122000AFB10014AFBF001CAFB0001034526F411B
91038 +:1012300000008821240500080E001B7A02202021CE
91039 +:10124000001180803C07080024E773980002160014
91040 +:1012500002071821AC6200000000282124A200012E
91041 +:101260003045FFFF8C6200002CA6000804410002FC
91042 +:10127000000220400092202614C0FFF8AC64000059
91043 +:10128000020780218E0400000E001B7A2405002036
91044 +:10129000262300013071FFFF2E2301001460FFE5BB
91045 +:1012A000AE0200008FBF001C8FB200188FB1001477
91046 +:1012B0008FB0001003E0000827BD002027BDFFD835
91047 +:1012C000AFB3001CAFB20018AFBF0020AFB1001425
91048 +:1012D000AFB000108F5101408F48014800089402C0
91049 +:1012E000324300FF311300FF8F4201B80440FFFE7C
91050 +:1012F00027500180AE1100008F420144AE0200046D
91051 +:1013000024020002A6120008A202000B240200140C
91052 +:10131000AE1300241062002528620015104000085A
91053 +:101320002402001524020010106200302402001272
91054 +:10133000106200098FBF00200A001CB58FB3001C8B
91055 +:101340001062007024020022106200378FBF00205C
91056 +:101350000A001CB58FB3001C3C0208008C4231A06F
91057 +:101360002403FF800222102100431024AF420024F6
91058 +:101370003C0208008C4231A0022210213042007F42
91059 +:10138000034218213C02000A00621821166000BCCA
91060 +:10139000AF830014906200623042000F344200308C
91061 +:1013A000A06200620A001CB48FBF00203C046000F1
91062 +:1013B0008C832C083C02F0033442FFFF00621824A7
91063 +:1013C000AC832C083C0208008C4231A08C832C0892
91064 +:1013D000244200740002108200021480006218256A
91065 +:1013E000AC832C080A001CB48FBF00203C0208000C
91066 +:1013F0008C4231A02403FF800222102100431024DC
91067 +:10140000AF4200243C0208008C4231A03C03000A99
91068 +:10141000022210213042007F03421021004310219C
91069 +:101420000A001CB3AF8200143C0208008C4231A0B9
91070 +:101430002405FF800222102100451024AF42002421
91071 +:101440003C0208008C4231A0022210213042007F71
91072 +:10145000034218213C02000A0062182190620063D6
91073 +:1014600000A21024304200FF10400085AF8300141A
91074 +:1014700024620088944300123C0208008C4231A888
91075 +:1014800030633FFF00031980022210210043102126
91076 +:101490003043007F03432021004510243C03000C0F
91077 +:1014A00000832021AF4200289082000D00A210246A
91078 +:1014B000304200FF10400072AF8400249082000D83
91079 +:1014C000304200101440006F8FBF00200E0015C87E
91080 +:1014D000000000008F4201B80440FFFE0000000041
91081 +:1014E000AE1100008F420144AE020004240200024B
91082 +:1014F000A6120008A202000BAE1300240A001CB4BE
91083 +:101500008FBF00202406FF8002261024AF42002057
91084 +:101510003C0208008C4231A031043FFF00042180CE
91085 +:101520000222102100461024AF4200243C03080090
91086 +:101530008C6331A83C0208008C4231A03227007F26
91087 +:101540000223182102221021006418213042007F5A
91088 +:101550003064007F034228213C02000A0066182400
91089 +:1015600000A22821034420213C02000C00822021FB
91090 +:10157000AF4300283C020008034718210062902175
91091 +:10158000AF850014AF8400240E0015C8010080212F
91092 +:101590008F4201B80440FFFE8F8200248F84001424
91093 +:1015A000274501809042000DACB10000A4B00006B8
91094 +:1015B000000216000002160300021027000237C2C4
91095 +:1015C00014C00016248200889442001232033FFFA8
91096 +:1015D00030423FFF14430012240260829083006374
91097 +:1015E0002402FF8000431024304200FF5040000CD2
91098 +:1015F00024026082908200623042000F3442004038
91099 +:10160000A082006224026084A4A200082402000DCB
91100 +:10161000A0A200050A001C9E3C0227002402608252
91101 +:10162000A4A20008A0A000053C02270000061C00A0
91102 +:101630000062182524020002A0A2000BACA3001037
91103 +:10164000ACA00014ACA00024ACA00028ACA0002CDE
91104 +:101650008E42004C8F840024ACA200189083000DB1
91105 +:101660002402FF8000431024304200FF1040000598
91106 +:101670008FBF00209082000D3042007FA082000DBD
91107 +:101680008FBF00208FB3001C8FB200188FB10014E1
91108 +:101690008FB000103C02100027BD002803E00008B6
91109 +:1016A000AF4201B80800343008003430080033A8D5
91110 +:1016B000080033E0080034140800343808003438D7
91111 +:1016C00008003438080033180A0001240000000024
91112 +:1016D000000000000000000D747061362E322E33C1
91113 +:1016E00000000000060203010000000000000000EE
91114 +:1016F00000000000000000000000000000000000EA
91115 +:1017000000000000000000000000000000000000D9
91116 +:1017100000000000000000000000000000000000C9
91117 +:1017200000000000000000000000000000000000B9
91118 +:1017300000000000000000000000000000000000A9
91119 +:101740000000000000000000000000000000000099
91120 +:101750000000000000000000000000001000000376
91121 +:10176000000000000000000D0000000D3C02080019
91122 +:1017700024421C003C03080024632094AC40000079
91123 +:101780000043202B1480FFFD244200043C1D080070
91124 +:1017900037BD2FFC03A0F0213C1008002610049058
91125 +:1017A0003C1C0800279C1C000E00015C000000008F
91126 +:1017B0000000000D3084FFFF308200078F85001885
91127 +:1017C00010400002248300073064FFF800853021B8
91128 +:1017D00030C41FFF03441821247B4000AF85001C48
91129 +:1017E000AF84001803E00008AF4400843084FFFF9A
91130 +:1017F000308200078F8500208F860028104000026D
91131 +:10180000248300073064FFF8008520210086182B10
91132 +:1018100014600002AF8500240086202303442821A1
91133 +:1018200034068000AF840020AF44008000A6202151
91134 +:1018300003E00008AF84003827BDFFD8AFB3001C19
91135 +:10184000AFB20018AFB00010AFBF0024AFB400209B
91136 +:10185000AFB100143C0860088D1450002418FF7FBD
91137 +:101860003C1A8000029898243672380CAD12500051
91138 +:101870008F5100083C07601C3C08600036300001B6
91139 +:10188000AF500008AF800018AF400080AF40008428
91140 +:101890008CE600088D0F08083C0760168CEC0000F1
91141 +:1018A00031EEFFF039CA00103C0DFFFF340B800011
91142 +:1018B0003C030080034B48212D440001018D282466
91143 +:1018C0003C0253533C010800AC230420AF8900388C
91144 +:1018D000AF860028AF840010275B400014A20003ED
91145 +:1018E00034E37C008CF90004032818218C7F007CF1
91146 +:1018F0008C6500783C0280003C0B08008D6B048CEA
91147 +:101900003C0A08008D4A048834520070AF85003CC0
91148 +:10191000AF9F00403C13080026731C440240A021E6
91149 +:101920008E4800008F46000038C30001306400017B
91150 +:1019300010800017AF880034028048218D2F0000EE
91151 +:101940003C0508008CA5045C3C1808008F1804585E
91152 +:1019500001E8102300A280210000C8210202402BD0
91153 +:1019600003198821022838213C010800AC30045CAE
91154 +:101970003C010800AC2704588F4E000039CD00010F
91155 +:1019800031AC00011580FFED01E04021AF8F003444
91156 +:101990008E5100003C0708008CE7045C3C0D0800F9
91157 +:1019A0008DAD04580228802300F0602100007021D2
91158 +:1019B0000190302B01AE1821006620213C01080067
91159 +:1019C000AC2C045C3C010800AC2404588F46010890
91160 +:1019D0008F47010030C92000AF860000AF87000CA0
91161 +:1019E0001120000A00C040213C1808008F18042C68
91162 +:1019F000270800013C010800AC28042C3C184000DA
91163 +:101A0000AF5801380A000196000000009749010410
91164 +:101A100000002821014550213122FFFF0162582199
91165 +:101A20000162F82B015F502130D902003C0108000F
91166 +:101A3000AC2B048C3C010800AC2A0488172000154C
91167 +:101A400024040F0010E400130000000024080D001F
91168 +:101A500010E8023B30CD000611A0FFE93C18400021
91169 +:101A6000936E00002409001031C400F01089027147
91170 +:101A700024020070108202E58F880014250F0001F7
91171 +:101A8000AF8F00143C184000AF5801380A0001968F
91172 +:101A900000000000974C01041180FFD93C18400061
91173 +:101AA00030C34000146000A1000000008F460178A0
91174 +:101AB00004C0FFFE8F87003824100800240F0008A0
91175 +:101AC0008CE30008AF500178A74F0140A7400142C6
91176 +:101AD000974E01048F86000031C9FFFF30CD000111
91177 +:101AE00011A002E1012040212531FFFE241800024F
91178 +:101AF000A75801463228FFFFA75101483C190800AA
91179 +:101B00008F39043C172002D08F8C000C30DF00206E
91180 +:101B100017E00002240400092404000130C20C0074
91181 +:101B2000240504005045000134840004A744014A00
91182 +:101B30003C1108008E3104203C1800483C10000184
91183 +:101B40000238182530CF00020070282511E000046B
91184 +:101B5000000018213C19010000B9282524030001C8
91185 +:101B600030DF000453E00005AF8300083C0600109E
91186 +:101B700000A6282524030001AF830008AF4510000C
91187 +:101B80000000000000000000000000000000000055
91188 +:101B90008F83000810600023000000008F451000B4
91189 +:101BA00004A1FFFE000000001060001E0000000005
91190 +:101BB0008F4410003C0C0020008C102410400019B1
91191 +:101BC0008F8E000031CD000211A000160000000031
91192 +:101BD000974F101415E000130000000097591008EB
91193 +:101BE0003338FFFF271100060011188200033080F0
91194 +:101BF00000C7282132300001322300031200032CD9
91195 +:101C00008CA200000000000D00C7F821AFE2000028
91196 +:101C10003C0508008CA5043024A600013C01080006
91197 +:101C2000AC2604308F6D00003402FFFFAF8D00043E
91198 +:101C30008CEC0000118202A6000020218CED000037
91199 +:101C400031AC01001180028A000000003C02080053
91200 +:101C50008C4204743C0308008C63044C3C1F080055
91201 +:101C60008FFF04703C1808008F1804480048382182
91202 +:101C70000068802100E8282B03E430210208402B73
91203 +:101C80000304882100C57021022878213C01080046
91204 +:101C9000AC30044C3C010800AC2F04483C01080067
91205 +:101CA000AC2704743C010800AC2E04708F8400182B
91206 +:101CB0000120302131290007249F000833F91FFF3C
91207 +:101CC00003594021AF84001CAF990018251B400028
91208 +:101CD000AF590084112000038F83002024C2000725
91209 +:101CE0003046FFF88F84002800C3282100A4302B41
91210 +:101CF00014C00002AF83002400A428230345602100
91211 +:101D0000340D8000018D10213C0F1000AF850020A4
91212 +:101D1000AF820038AF450080AF4F01788F88001444
91213 +:101D2000250F00010A0001EFAF8F00148F62000839
91214 +:101D30008F670000240500300007760231C300F0F1
91215 +:101D4000106500A7240F0040546FFF4C8F880014CB
91216 +:101D50008F4B01780560FFFE0000000030CA0200D2
91217 +:101D600015400003000612820000000D00061282DA
91218 +:101D7000304D0003000D4900012D18210003808023
91219 +:101D8000020D402100086080019380218E1F000019
91220 +:101D900017E00002000000000000000D8F6E00043C
91221 +:101DA00005C202BD92070006920E000592020004D1
91222 +:101DB0003C090001000E18800070F8218FED00181A
91223 +:101DC000277100082448000501A96021000830821D
91224 +:101DD000AFEC0018022020210E00059E26050014FD
91225 +:101DE000920A00068F7900043C0B7FFF000A2080D6
91226 +:101DF000009178218DF800043566FFFF0326282422
91227 +:101E000003053821ADE70004920E0005920D000491
91228 +:101E1000960C0008000E10800051C8218F2300008E
91229 +:101E2000974901043C07FFFF006758243128FFFF52
91230 +:101E3000010DF82103EC50233144FFFF01643025EC
91231 +:101E4000AF260000920300072418000110780275E5
91232 +:101E5000240F0003106F0285000000008E050010A3
91233 +:101E60002419000AA7590140A7450142921800040D
91234 +:101E70008F860000240F0001A7580144A7400146A7
91235 +:101E80009747010430D100023C050041A7470148B3
91236 +:101E900000001821A74F014A1220000330CB000494
91237 +:101EA0003C0501412403000151600005AF83000897
91238 +:101EB0003C06001000A6282524030001AF8300087B
91239 +:101EC000AF4510000000000000000000000000000E
91240 +:101ED000000000008F8A000811400004000000008C
91241 +:101EE0008F4410000481FFFE000000008F6B000093
91242 +:101EF000920800043C1108008E310444AF8B0004AA
91243 +:101F000097590104311800FF3C0E08008DCE0440A3
91244 +:101F10003325FFFF0305382102276021000010212F
91245 +:101F2000250F000A31E8FFFF0187482B01C2682115
91246 +:101F300001A9F821311000073C010800AC2C044431
91247 +:101F40003C010800AC3F0440120000038F8C0018D5
91248 +:101F50002506000730C8FFF8010C682131BF1FFFBC
91249 +:101F6000AF8C001CAF9F0018AF5F00849744010442
91250 +:101F7000035F80213084FFFF308A00071140000397
91251 +:101F8000261B4000248900073124FFF88F8200209F
91252 +:101F90008F850028008220210085702B15C000024B
91253 +:101FA000AF820024008520233C0B08008D6B048C3D
91254 +:101FB0003C0A08008D4A04880344882134038000C9
91255 +:101FC000022310213C0F1000AF840020AF820038A4
91256 +:101FD000AF440080AF4F01780A0002968F8800144A
91257 +:101FE0008F5001780600FFFE30D10200162000035A
91258 +:101FF000000612820000000D00061282305F00030E
91259 +:10200000001F1900007F302100062080009FC8219A
91260 +:1020100000194880013380218E180000130000024F
91261 +:10202000000000000000000D8F6C000C058001FB1B
91262 +:102030008F870038240E0001AE0E00008CE30008EC
91263 +:10204000A20000078F65000400055402314D00FF17
91264 +:1020500025A80005000830822CCB00411560000245
91265 +:10206000A20A00040000000D8F7800043C03FFFF6B
91266 +:1020700000E02821330BFFFF256C000B000C1082C1
91267 +:1020800000022080008748218D3F000026040014B4
91268 +:10209000A618000803E3C8240E00059EAD39000011
91269 +:1020A0008F4F01083C11100001F1382410E001AB02
91270 +:1020B00000000000974D01049208000725AAFFECDC
91271 +:1020C000350600023144FFFFA2060007960600080D
91272 +:1020D0002CC7001354E0000592030007921100077B
91273 +:1020E000362F0001A20F00079203000724180001F9
91274 +:1020F000107801C224090003106901D58F880038C7
91275 +:1021000030CBFFFF257100020011788331E400FF1E
91276 +:1021100000042880A20F000500A848218D2D000092
91277 +:10212000974A01043C0EFFFF01AEF8243143FFFF44
91278 +:10213000006B1023244CFFFE03ECC825AD390000D2
91279 +:10214000920600053C03FFF63462FFFF30D800FF23
91280 +:102150000018388000F08821922F00143C04FF7F83
91281 +:102160003487FFFF31EE000F01C65821316500FFB3
91282 +:1021700000055080015068218DAC00200148F821F5
91283 +:10218000A20B00060182C824AE0C000CAFF9000CB3
91284 +:10219000920900068E11000C032778240009C080E4
91285 +:1021A0000310702195C60026030828210227202449
91286 +:1021B000AE04000CADCF0020ADC60024ACA60010CC
91287 +:1021C0008F8800003C0B08008D6B048C3C0A0800D3
91288 +:1021D0008D4A0488241F001024190002A75F0140C3
91289 +:1021E000A7400142A7400144A7590146974901046D
91290 +:1021F00024070001310600022538FFFEA7580148D8
91291 +:102200003C050009A747014A10C00003000018213F
91292 +:102210003C05010924030001310C00045180000534
91293 +:10222000AF8300083C08001000A828252403000103
91294 +:10223000AF830008AF451000000000000000000060
91295 +:1022400000000000000000009205000424AE00021F
91296 +:1022500031CD0007000D182330620007AE020010D8
91297 +:102260008F90000812000004000000008F4F100043
91298 +:1022700005E1FFFE000000008F7100008F8E001846
91299 +:102280003C0308008C630444AF91000497450104AB
91300 +:1022900025CF001031E61FFF30A2FFFFAF8E001CDC
91301 +:1022A000AF860018AF4600842449FFFE3C0C0800AE
91302 +:1022B0008D8C0440974D010401208021000947C303
91303 +:1022C0000070C02131A9FFFF0310F82B0188C8213D
91304 +:1022D000033F202103463821313100073C0108002B
91305 +:1022E000AC3804443C010800AC2404401220000334
91306 +:1022F00024FB40002527000730E9FFF88F860020E7
91307 +:102300008F8400280126382100E4C02B170000022A
91308 +:10231000AF86002400E438230347202134198000CD
91309 +:10232000009910213C0F1000AF870020AF820038C9
91310 +:10233000AF470080AF4F01780A0002968F880014E3
91311 +:102340009747010410E0FDAE3C1840008F5801781B
91312 +:102350000700FFFE30C5400010A000033C1F00082E
91313 +:102360000000000D3C1F0008AF5F01402410080072
91314 +:102370008F860000AF5001789744010430D90001E6
91315 +:10238000132000ED3086FFFF24CCFFFE240D000259
91316 +:10239000A74D0146A74C01488F9100182408000D55
91317 +:1023A000A748014A8F630000262F000831E21FFF73
91318 +:1023B0000342702130C90007AF830004AF91001CB5
91319 +:1023C000AF82001800C03821AF4200841120000302
91320 +:1023D00025DB400024D800073307FFF88F85002055
91321 +:1023E0008F84002800E5302100C4382B14E000025F
91322 +:1023F000AF85002400C430238F8400140346F821E5
91323 +:10240000340C8000AF86002003EC8021AF460080B2
91324 +:10241000249900013C0610003C184000AF460178AA
91325 +:10242000AF900038AF990014AF5801380A000196F8
91326 +:10243000000000008F630000975101043067FFFF28
91327 +:102440003228FFFF8F4F017805E0FFFE30EC0007D8
91328 +:10245000000CF82333F0000724F9FFFE2404000ADF
91329 +:10246000A7440140A7500142A7590144A740014693
91330 +:10247000A74801488F45010830B800201700000226
91331 +:10248000240300092403000130CD0002A743014AC0
91332 +:102490003C04004111A00003000018213C0401414C
91333 +:1024A0002403000130C9000451200005AF83000857
91334 +:1024B0003C0600100086202524030001AF8300089D
91335 +:1024C000AF44100000000000000000000000000009
91336 +:1024D000000000008F8E000811C000040000000002
91337 +:1024E0008F4210000441FFFE000000008F7F0000BB
91338 +:1024F000276400088F91003CAF9F0004948500087A
91339 +:102500009490000A9499000C30AFFFFF0010C400B3
91340 +:102510003323FFFF11F100A6030320253C0E080022
91341 +:102520008DCE04443C0C08008D8C044000E88821CA
91342 +:102530002626FFFE01C628210000682100A6F82BF0
91343 +:10254000018D2021009F80213C010800AC2504441E
91344 +:102550003C010800AC30044024E200083042FFFF98
91345 +:102560003047000710E000038F830018244F000756
91346 +:1025700031E2FFF83106FFFF30C800070043802139
91347 +:1025800032191FFF0359C021AF83001CAF990018F7
91348 +:10259000271B4000AF590084110000038F8C0020DE
91349 +:1025A00024C5000730A6FFF88F84002800CC28211E
91350 +:1025B00000A4F82B17E00002AF8C002400A428230D
91351 +:1025C000AF850020AF4500803C0408008C840434B3
91352 +:1025D00003454821340E8000012E6821108000053B
91353 +:1025E000AF8D0038939100172406000E12260011BB
91354 +:1025F0002407043F3C021000AF4201788F8800148A
91355 +:10260000250F00010A0001EFAF8F00140E0005C472
91356 +:1026100000E020218F8800143C0B08008D6B048C97
91357 +:102620003C0A08008D4A0488250F00010A0001EFCA
91358 +:10263000AF8F00143C021000A7470148AF42017859
91359 +:102640000A0004CE8F88001424040F001184003D7A
91360 +:1026500030CE002015C0000224030009240300012D
91361 +:102660000A00021AA743014A0A00020DA7400146C8
91362 +:1026700094EF000894F1000A94F0000C8F8C003C59
91363 +:10268000001174003207FFFF31EDFFFF11AC00377E
91364 +:1026900001C720253C1808008F1804443C0F08008F
91365 +:1026A0008DEF0440000080210308682101A8382B29
91366 +:1026B00001F0702101C760213C010800AC2D0444E9
91367 +:1026C0003C010800AC2C04400A00027A8F840018F8
91368 +:1026D0003C0208008C42047C3C0308008C630454D8
91369 +:1026E0003C1F08008FFF04783C1808008F18045026
91370 +:1026F000004838210068802100E8282B03E43021BD
91371 +:102700000208402B0304882100C57021022878218B
91372 +:102710003C010800AC3004543C010800AC2F0450CC
91373 +:102720003C010800AC27047C3C010800AC2E047876
91374 +:102730000A00027A8F840018A74001460A00043577
91375 +:102740008F91001830CD002015A0FFC52403000D87
91376 +:10275000240300050A00021AA743014A974E010408
91377 +:1027600025C5FFF00A00038130A4FFFF8F980040C9
91378 +:102770001498FFC8000010213C0508008CA5046CCB
91379 +:102780003C1F08008FFF046800A8C8210328302BD5
91380 +:1027900003E22021008640213C010800AC39046C92
91381 +:1027A0003C010800AC2804680A00027A8F840018F3
91382 +:1027B0008F8C0040148CFF5900E8C8213C18080099
91383 +:1027C0008F18046C3C1108008E3104682723FFFE2B
91384 +:1027D00003034821000010210123302B0222702125
91385 +:1027E00001C668213C010800AC29046C3C010800CA
91386 +:1027F000AC2D04680A0004A524E200088F88003884
91387 +:102800003C03FFFF8D02000C0043F82403E4C825BD
91388 +:10281000AD19000C0A00038F30CBFFFF0A0003C381
91389 +:10282000AE000000974A0104920400048E26000CBA
91390 +:10283000014458212579FFF200C7C0243325FFFF4A
91391 +:1028400003053825AE27000C0A0002E68E050010AD
91392 +:102850003C0DFFFF8D0A0010014D582401646025D6
91393 +:10286000AD0C00100A00038F30CBFFFF974301042B
91394 +:10287000920E00048E290010006E1021244DFFEEF0
91395 +:102880000127602431A8FFFF0188F825AE3F001022
91396 +:102890000A0002E68E0500108E0F000CAE0000004C
91397 +:1028A00000078880023028210A0002B8ACAF00205F
91398 +:1028B0001460000D3058FFFF3C04FFFF0044682403
91399 +:1028C00001A47026000E602B000D102B004CF82484
91400 +:1028D00013E00002000000000000000D8CAF0000BB
91401 +:1028E0000A00025001E410253B03FFFF0003882B80
91402 +:1028F0000018802B0211202410800002000000002C
91403 +:102900000000000D8CB900000A0002503722FFFFC2
91404 +:102910003084FFFF30A5FFFF108000070000182162
91405 +:10292000308200011040000200042042006518219E
91406 +:102930001480FFFB0005284003E000080060102120
91407 +:1029400010C00007000000008CA2000024C6FFFF9A
91408 +:1029500024A50004AC82000014C0FFFB2484000402
91409 +:1029600003E000080000000010A0000824A3FFFFFF
91410 +:10297000AC86000000000000000000002402FFFF01
91411 +:102980002463FFFF1462FFFA2484000403E00008BC
91412 +:1029900000000000308EFFFF30D8FFFF00057C00F4
91413 +:1029A00001F8602539CDFFFF01AC5021014C582BB7
91414 +:1029B000014B4821000944023127FFFF00E8302184
91415 +:1029C0000006240230C5FFFF00A418213862FFFF73
91416 +:1029D00003E000083042FFFF3C0C08008D8C0484AB
91417 +:1029E000240BFF8027BDFFD001845021014B4824D8
91418 +:1029F000AF4900203C0808008D080484AFB20020D5
91419 +:102A0000AFB00018AFBF0028AFB30024AFB1001CB7
91420 +:102A1000936600040104382130E4007F009A1021FD
91421 +:102A20003C0300080043902130C500200360802152
91422 +:102A30003C080111277B000814A000022646007004
91423 +:102A40002646006C9213000497510104920F000473
91424 +:102A50003267000F322EFFFF31ED004001C72823FF
91425 +:102A600011A0000500004821925900BC3338000431
91426 +:102A70001700009000000000924300BC307F00046B
91427 +:102A800013E0000F0000000010A0000D0000000087
91428 +:102A9000960E0002240AFF8000A7602125CDFFFECC
91429 +:102AA000A74D1016920B0004014B2024308200FF2A
91430 +:102AB00010400085010C40253C0F0400010F40250B
91431 +:102AC0008F5301780660FFFE2404000AA7440140EA
91432 +:102AD000960D00022404000931AC0007000C5823B5
91433 +:102AE000316A0007A74A0142960200022443FFFE12
91434 +:102AF000A7430144A7400146975F0104A75F01482F
91435 +:102B00008F590108333800205300000124040001CC
91436 +:102B1000920F000431EE001015C000023483001043
91437 +:102B200000801821A743014A0000000000000000B7
91438 +:102B30000000000000000000AF481000000000008E
91439 +:102B40000000000000000000000000008F51100095
91440 +:102B50000621FFFE3113FFFF12600003000000009A
91441 +:102B60008F481018ACC8000096030006307FFFFFA6
91442 +:102B700027F900020019988200138880023B302157
91443 +:102B80008CD800001520005700183402920300046E
91444 +:102B90002405FF8000A3F82433F100FF1220002C4D
91445 +:102BA00000000000924700BC30F2000212400028F2
91446 +:102BB00000000000974B100C2562FFFEA742101684
91447 +:102BC000000000003C0A040035490030AF49100005
91448 +:102BD00000000000000000000000000000000000F5
91449 +:102BE0008F4C10000581FFFE000000009749100C7B
91450 +:102BF0008F51101C00C020213127FFFF24F200302C
91451 +:102C0000001218820003288000BBF8213226FFFF43
91452 +:102C1000AFF100000E0005B300112C020013C880B4
91453 +:102C2000033B98218E78000000027400AFB80010BA
91454 +:102C30008FA80010310FFFFFAFAF00108FA400105E
91455 +:102C400001C46825AFAD00108FA60010AE6600006D
91456 +:102C500097730008976D000A9766000C8F8A003CF6
91457 +:102C6000000D5C0030CCFFFF3262FFFF104A0036DF
91458 +:102C7000016C2025960600023C10100024D30008A9
91459 +:102C80000E00013B3264FFFF974C01040E00014926
91460 +:102C90003184FFFFAF5001788FBF00288FB300242D
91461 +:102CA0008FB200208FB1001C8FB0001803E0000825
91462 +:102CB00027BD003010A0FF700000000024A5FFFC1D
91463 +:102CC0000A0005EC240900048CD10000AF51101853
91464 +:102CD0008F5301780660FF7A2404000A0A00060177
91465 +:102CE0000000000000A7C8218F8800388F4E101CFC
91466 +:102CF0000019C0820018788001E82021AC8E000005
91467 +:102D0000000E2C0200C020210E0005B331C6FFFFCB
91468 +:102D1000023B28218CAD000000025400004030210D
91469 +:102D2000AFAD00108FAC0010318BFFFFAFAB0010C8
91470 +:102D30008FA2001001424825AFA900108FA70010F4
91471 +:102D40000A000631ACA700008F8F0040148FFFC926
91472 +:102D50000000000097420104960B00023C050800A9
91473 +:102D60008CA5046C3049FFFF316AFFFF3C1108005D
91474 +:102D70008E310468012A382124F2FFFE00B240217E
91475 +:102D80000012FFC30112C82B023FC02103192021EA
91476 +:102D90003C010800AC28046C3C010800AC24046829
91477 +:102DA0000A00066B0000000000A4102B1040000970
91478 +:102DB000240300010005284000A4102B04A00003F8
91479 +:102DC000000318405440FFFC000528401060000735
91480 +:102DD000000000000085302B14C0000200031842E0
91481 +:102DE000008520231460FFFB0005284203E0000853
91482 +:102DF000008010218F85002C27BDFFE800053027BB
91483 +:102E00002CC300012CA400020083102510400003F5
91484 +:102E1000AFBF00102405007FAF85002C00052827D8
91485 +:102E200030A5FFFF0E000592240426F58F830030A5
91486 +:102E3000240402BD004030210083382B10E000093B
91487 +:102E400024050001000420400083102B04800003AF
91488 +:102E5000000528405440FFFC0004204010A000085A
91489 +:102E600000C350210064402B1500000200052842D9
91490 +:102E70000064182314A0FFFB0004204200C350216B
91491 +:102E80008FBF0010000A4C02312200FF27BD00183E
91492 +:102E9000AF8A002C03E00008AF8900300A00002A46
91493 +:102EA00000000000000000000000000D7478703683
91494 +:102EB0002E322E3300000000060203000000000046
91495 +:102EC000000001360000EA60000000000000000081
91496 +:102ED00000000000000000000000000000000000F2
91497 +:102EE00000000000000000000000000000000000E2
91498 +:102EF00000000000000000000000000000000016BC
91499 +:102F000000000000000000000000000000000000C1
91500 +:102F100000000000000000000000000000000000B1
91501 +:102F200000000000000000000000000000000000A1
91502 +:102F3000000000000000138800000000000005DC15
91503 +:102F4000000000000000000010000003000000006E
91504 +:102F50000000000D0000000D3C02080024423C204F
91505 +:102F60003C03080024633DD4AC4000000043202B08
91506 +:102F70001480FFFD244200043C1D080037BD7FFC87
91507 +:102F800003A0F0213C100800261000A83C1C0800FB
91508 +:102F9000279C3C200E0002BA000000000000000D3B
91509 +:102FA0008F8300383C088000350700708CE50000F6
91510 +:102FB000008330253C02900000C22025AF85003000
91511 +:102FC000AF4400208F4900200520FFFE3C03800015
91512 +:102FD000346200708C4500008F8600303C19080078
91513 +:102FE0008F39007C3C0E08008DCE007800A620238F
91514 +:102FF00003245821000078210164682B01CF60214F
91515 +:10300000018D50213C010800AC2B007C3C010800E4
91516 +:10301000AC2A007803E00008000000000A0000412C
91517 +:10302000240400018F8400383C05800034A2000194
91518 +:103030000082182503E00008AF43002003E00008E9
91519 +:10304000000010213084FFFF30A5FFFF1080000733
91520 +:1030500000001821308200011040000200042042CC
91521 +:10306000006518211480FFFB0005284003E00008DC
91522 +:103070000060102110C00007000000008CA20000BA
91523 +:1030800024C6FFFF24A50004AC82000014C0FFFB8F
91524 +:103090002484000403E000080000000010A00008E1
91525 +:1030A00024A3FFFFAC860000000000000000000029
91526 +:1030B0002402FFFF2463FFFF1462FFFA248400044C
91527 +:1030C00003E0000800000000308AFFFF93A800130F
91528 +:1030D000A74A014497490E1630C600FF3C02100073
91529 +:1030E000A7490146AF450148A3460152A748015AE6
91530 +:1030F000AF4701608FA400188FA30014A7440158A4
91531 +:10310000AF43015403E00008AF42017803E0000838
91532 +:10311000000000003C038000346200708C49000015
91533 +:103120008F8800002484000727BDFFF83084FFF853
91534 +:10313000AF890030974D008A31ACFFFFAFAC000083
91535 +:103140008FAB0000016850232547FFFF30E61FFFCB
91536 +:1031500000C4282B14A0FFF73C0C8000358B0070B6
91537 +:103160008D6A00003C0708008CE700843C060800DC
91538 +:103170008CC6008000081082014918230002788064
91539 +:1031800000E370210000202101C3C82B00C4C0212E
91540 +:1031900001FA4021031948212502400027BD0008FB
91541 +:1031A0003C010800AC2E00843C010800AC290080E2
91542 +:1031B00003E00008000000008F8200002486000762
91543 +:1031C00030C5FFF800A2182130641FFF03E000089B
91544 +:1031D000AF8400008F8700388F8A004027BDFFB87A
91545 +:1031E0008F860044AFB60040AFBF0044AFB5003C8F
91546 +:1031F000AFB40038AFB30034AFB20030AFB1002C81
91547 +:10320000AFB000288F4501048D4900ACAF47008066
91548 +:103210008CC8002000A938230000B021AF480E1050
91549 +:103220008F440E1000004821AF440E148CC20024BD
91550 +:10323000AF420E188F430E18AF430E1C10E001254D
91551 +:103240002D230001936B0008116000D400000000E2
91552 +:10325000976E001031CDFFFF00ED602B158000CF81
91553 +:103260000000000097700010320FFFFFAF4F0E00FC
91554 +:103270008F520000325100081220FFFD00000000B4
91555 +:1032800097540E088F460E043285FFFF30B30001BD
91556 +:1032900012600132000000000000000D30B8A040B4
91557 +:1032A00024150040131500C030A9A0001120012DE5
91558 +:1032B00000000000937F000813E0000800000000F9
91559 +:1032C00097630010306BFFFF00CB402B1100000311
91560 +:1032D00030AC00401180012300000000A785003CB5
91561 +:1032E000AF8600349366000800E02821AFA70020D5
91562 +:1032F00014C0012427B30020AF60000C9782003C6B
91563 +:103300003047400014E00002240300162403000E9E
91564 +:1033100024194007A363000AAF790014938A003E82
91565 +:103320008F740014315800070018AA4002959025A8
91566 +:10333000AF7200149784003C8F700014309100101D
91567 +:1033400002117825AF6F0014978E003C31CD000834
91568 +:1033500011A00147000028218F6700143C021000D3
91569 +:103360003C0C810000E22825AF65001497460E0A48
91570 +:103370002408000E3405FFFC30C3FFFF006C582505
91571 +:10338000AF6B0004A3680002937F000A27E90004E2
91572 +:10339000A369000A9786003C9363000A30CC1F00A3
91573 +:1033A000000C598301634021251F0028A37F0009D9
91574 +:1033B00097490E0CA769001093790009272A00028B
91575 +:1033C000315800070018A82332B10007A371000B81
91576 +:1033D00093740009976400108F910034978F003C1C
91577 +:1033E000329200FF024480210205702131ED00403D
91578 +:1033F00011A0000531C4FFFF0091282B3C12800072
91579 +:1034000010A000140000A0210224382B14E0011B9E
91580 +:103410008FA500208F4D0E14AF4D0E108F420E1C45
91581 +:10342000AF420E18AF440E008F4F000031EE00087F
91582 +:1034300011C0FFFD0000000097540E080080882195
91583 +:1034400000009021A794003C8F500E04241400012A
91584 +:10345000AF900034976400103095FFFF8E68000035
91585 +:103460000111F82317E00009AE7F00008F650014FA
91586 +:103470008F8B004434A60040AF6600148F4C0E10B2
91587 +:10348000AD6C00208F430E18AD63002493670008D5
91588 +:1034900014E000D2000000000E00009E2404001082
91589 +:1034A0008F8900483C08320000402821312600FF67
91590 +:1034B0000006FC0003E8502525390001AF990048BB
91591 +:1034C000AC4A0000937800099370000A330400FFAF
91592 +:1034D00000047400320F00FF01CF6825AC4D0004DA
91593 +:1034E0008F820048064000EAACA20008ACA0000CA5
91594 +:1034F0009783003C306B0008156000022628000608
91595 +:1035000026280002974E0E148F450E1C8F6700046C
91596 +:10351000936D000231C4FFFF31A200FFAFA2001083
91597 +:103520008F6C0014AFA800180E00008BAFAC001415
91598 +:10353000240400100E0000C7000000008E7200007E
91599 +:1035400016400005000000008F6400142405FFBF32
91600 +:1035500000859824AF7300148F79000C033538214F
91601 +:10356000AF67000C9375000816A00008000000006B
91602 +:1035700012800006000000008F7F00143C0BEFFF5C
91603 +:103580003568FFFE03E84824AF690014A3740008FF
91604 +:103590008FA500200A00024602202021AF470E001E
91605 +:1035A0000A0000F5000000008F5901780720FFFE97
91606 +:1035B000241F08008F840000AF5F0178974B008ABA
91607 +:1035C000316AFFFF014448232528FFFF31021FFF16
91608 +:1035D0002C4300081460FFF9000000008F8E0048A3
91609 +:1035E0008F8D003800C048210344202125C60001EA
91610 +:1035F000240C0F00AF86004800E9382324864000E1
91611 +:1036000031CA00FF11AC0005240800019391003E6F
91612 +:103610003230000700107A4035E80001000AAC00A3
91613 +:103620003C18010002B8A025AC9440008F930048DC
91614 +:1036300030B2003630A40008ACD3000410800097EC
91615 +:1036400001123025974E0E0A8F8D00003C0281003A
91616 +:1036500031CCFFFF25AB0008018240253C03100060
91617 +:1036600031651FFF25390006241F000EAF48016099
91618 +:1036700000C33025A75F015AAF850000A759015844
91619 +:1036800014E0000A8F93003824120F0052720002D7
91620 +:103690002416000134C600408F580E108F94004449
91621 +:1036A000AE9800208F550E18AE9500248F450E144D
91622 +:1036B000AF4501448F590E1CAF590148A34A01522E
91623 +:1036C0003C0A1000AF460154AF4A017814E0FEDD19
91624 +:1036D0002D2300010076A025128000178FBF004423
91625 +:1036E0008F84003824160F0010960084000000001C
91626 +:1036F0008F45017804A0FFFE24150F001095006E81
91627 +:10370000000000008F470E14240202403C1F1000EE
91628 +:10371000AF4701448F440E1CAF440148A3400152FF
91629 +:10372000A740015AAF400160A7400158AF42015481
91630 +:10373000AF5F01788FBF00448FB600408FB5003C6B
91631 +:103740008FB400388FB300348FB200308FB1002CAB
91632 +:103750008FB0002803E0000827BD004814C0FED049
91633 +:1037600030B8A0408F420E148F84004400004821DE
91634 +:10377000AC8200208F510E1CAC9100240A00020E76
91635 +:103780002D2300018F910034978A003C3C12800069
91636 +:103790000220A821315800401700FF300000A0216E
91637 +:1037A000976900108F9200343139FFFF13320035D2
91638 +:1037B00000002021008048211480FEA000A03821B4
91639 +:1037C0008F420E148F840044AC8200208F510E1C57
91640 +:1037D000AC9100240A00020E2D230001936A000917
91641 +:1037E0009378000B315000FF330F00FF020F702160
91642 +:1037F00025C2000A3050FFFF0E00009E020020216B
91643 +:103800008F8600483C1F410024CD0001AF8D004849
91644 +:10381000936C000930C600FF00064400318300FFAE
91645 +:10382000246B0002010B4825013FC825AC5900005C
91646 +:103830008F67000C97440E1400F22825AC45000455
91647 +:103840008F450E1C8F670004936A00023084FFFFCF
91648 +:10385000315800FFAFB800108F6F0014AFB10018DF
91649 +:103860000E00008BAFAF00140A0001A60200202159
91650 +:10387000AF6000040A00013EA36000020A00024695
91651 +:1038800000002021000090210A0001702414000192
91652 +:103890003C1280000A000195ACB2000C8F91000030
91653 +:1038A00025240002A744015826300008320F1FFFCC
91654 +:1038B0000A0001F9AF8F0000AF40014C1120002C2D
91655 +:1038C000000000008F590E10AF5901448F430E18AD
91656 +:1038D000240200403C1F1000AF430148A3400152A6
91657 +:1038E000A740015AAF400160A7400158AF420154C0
91658 +:1038F000AF5F01780A0002278FBF00441120000645
91659 +:103900000000000097460E0830CC004015800002F1
91660 +:10391000000000000000000D8F4D017805A0FFFEA3
91661 +:103920000000000097530E103C120500240E2000EA
91662 +:10393000326AFFFF0152C025AF58014C8F4F0E1461
91663 +:103940003C021000AF4F01448F500E1CAF50014895
91664 +:10395000A34001528F840038A740015AAF40016054
91665 +:10396000A7400158AF4E01540A000215AF4201783A
91666 +:103970008F490E14AF4901448F430E1C0A00028E7A
91667 +:10398000240200403C0E20FF27BDFFE03C1A8000CF
91668 +:103990003C0F800835CDFFFDAFBF001CAFB2001853
91669 +:1039A000AFB10014AFB00010AF8F0040AF4D0E00AC
91670 +:1039B0000000000000000000000000000000000007
91671 +:1039C000000000003C0C00FF358BFFFDAF4B0E00EC
91672 +:1039D0003C0660048CC95000240AFF7F3C11600043
91673 +:1039E000012A40243507380CACC750008E24043817
91674 +:1039F00024050009AF4500083083FFFF38622F71AE
91675 +:103A00002450C0B3AF8000480E000068AF800000B3
91676 +:103A100052000001AE20442C0E0004353C11800001
91677 +:103A20000E000ED9363000708F8A00403C1208001C
91678 +:103A300026523C88020088218E0800008F5F00001B
91679 +:103A40003BF900013338000113000017AF88003044
91680 +:103A5000022048218D2700003C0F08008DEF006CEC
91681 +:103A60003C0C08008D8C006800E8C02301F8282178
91682 +:103A70000000682100B8302B018D582101664021DB
91683 +:103A80003C010800AC25006C3C010800AC28006833
91684 +:103A90008F44000038830001306200011440FFEDC4
91685 +:103AA00000E04021AF8700308E0C00003C0508008C
91686 +:103AB0008CA5006C3C0408008C84006801883023CD
91687 +:103AC00000A638210000102100E6402B00821821BA
91688 +:103AD0000068F8213C010800AC27006C3C0108009C
91689 +:103AE000AC3F00688F49010025590088AF99004418
91690 +:103AF000AF890038AF4900208E070000AF87003043
91691 +:103B00008F4D017805A0FFFE000000008E0600002A
91692 +:103B10003C0B08008D6B00743C0408008C84007022
91693 +:103B200000C728230165F8210000102103E5402B80
91694 +:103B30000082382100E8C821240908003C0108005F
91695 +:103B4000AC3F00743C010800AC390070AF4901780B
91696 +:103B500093580108A398003E938F003E31EE000178
91697 +:103B600015C000158F830038240E0D00106E00194B
91698 +:103B7000240F0F00106F001D00000000915900007D
91699 +:103B800024180050332900FF113800043C1F400066
91700 +:103B9000AF5F01380A0002E7000000000E00090EC6
91701 +:103BA000000000008F8A00403C1F4000AF5F0138DA
91702 +:103BB0000A0002E700000000938D003E31AC0006D1
91703 +:103BC000000C51000E0000CE0152D8210A00034320
91704 +:103BD0008F8A00403C1B0800277B3D080E0000CE6A
91705 +:103BE000000000000A0003438F8A00403C1B0800CD
91706 +:103BF000277B3D280E0000CE000000000A00034392
91707 +:103C00008F8A004090AA00018FAB00108CAC00108E
91708 +:103C10003C0300FF8D680004AD6C00208CAD0014E7
91709 +:103C200000E060213462FFFFAD6D00248CA7001816
91710 +:103C30003C09FF000109C024AD6700288CAE001CC0
91711 +:103C40000182C82403197825AD6F0004AD6E002CE5
91712 +:103C50008CAD0008314A00FFAD6D001C94A9000234
91713 +:103C60003128FFFFAD68001090A70000A56000029A
91714 +:103C7000A1600004A167000090A30002306200FF71
91715 +:103C80000002198210600005240500011065000E75
91716 +:103C90000000000003E00008A16A00018CD80028A1
91717 +:103CA000354A0080AD7800188CCF0014AD6F001439
91718 +:103CB0008CCE0030AD6E00088CC4002CA16A0001CF
91719 +:103CC00003E00008AD64000C8CCD001CAD6D001845
91720 +:103CD0008CC90014AD6900148CC80024AD680008BC
91721 +:103CE0008CC70020AD67000C8CC200148C8300646C
91722 +:103CF0000043C82B13200007000000008CC20014F2
91723 +:103D0000144CFFE400000000354A008003E0000886
91724 +:103D1000A16A00018C8200640A000399000000007F
91725 +:103D200090AA000027BDFFF88FA9001CA3AA0000DD
91726 +:103D30008FAE00003C0FFF808FA8001835E2FFFF18
91727 +:103D40008CCD002C01C26024AFAC0000A120000487
91728 +:103D500000E06021A7A000028FB800008D270004BA
91729 +:103D60000188182100A0582100C05021006D28268C
91730 +:103D70003C06FF7F3C0F00FF2CAD000135EEFFFF3E
91731 +:103D800034D9FFFF3C02FF0003193024000D1DC091
91732 +:103D9000010EC82400E2C02400C370250319782551
91733 +:103DA000AD2E0000AD2F00048D450024AFAE000005
91734 +:103DB000AD2500088D4D00202405FFFFAD2D000C22
91735 +:103DC000956800023107FFFFAD27001091660018CB
91736 +:103DD00030C200FF000219C2506000018D4500345E
91737 +:103DE000AD2500148D67000827BD0008AD27001C15
91738 +:103DF0008C8B00CCAD2C0028AD20002CAD2B0024EA
91739 +:103E0000AD20001803E00008AD20002027BDFFE032
91740 +:103E1000AFB20018AFB10014AFB00010AFBF001CBC
91741 +:103E20009098000000C088213C0D00FF330F007FF8
91742 +:103E3000A0CF0000908E000135ACFFFF3C0AFF00D0
91743 +:103E4000A0CE000194A6001EA22000048CAB00149A
91744 +:103E50008E29000400A08021016C2824012A40241E
91745 +:103E60000080902101052025A6260002AE24000432
91746 +:103E700026050020262400080E00007624060002F5
91747 +:103E800092470000260500282624001400071E0083
91748 +:103E90000003160324060004044000032403FFFF6C
91749 +:103EA000965900023323FFFF0E000076AE23001068
91750 +:103EB000262400248FBF001C8FB200188FB100147D
91751 +:103EC0008FB0001024050003000030210A0000809C
91752 +:103ED00027BD002027BDFFD8AFB1001CAFB0001830
91753 +:103EE000AFBF002090A80000240200018FB0003C6A
91754 +:103EF0003103003F00808821106200148FAA00382F
91755 +:103F0000240B0005506B0016AFAA001000A0202162
91756 +:103F100000C028210E0003DC02003021922400BCE6
91757 +:103F2000308300021060000326060030ACC00000A1
91758 +:103F300024C600048FBF00208FB1001C8FB0001872
91759 +:103F400000C0102103E0000827BD002801403821EF
91760 +:103F50000E00035AAFB000100A0004200000000059
91761 +:103F60000E0003A1AFB000140A00042000000000FE
91762 +:103F70003C02000A034218213C04080024843D6CE2
91763 +:103F80002405001A000030210A000080AF8300548D
91764 +:103F90003C038000346200708C48000000A058216F
91765 +:103FA00000C04821308A00FFAF8800308F4401787C
91766 +:103FB0000480FFFE3C0C8000358600708CC500003C
91767 +:103FC0003C0308008C6300743C1808008F180070D4
91768 +:103FD00000A82023006468210000C82101A4782BD8
91769 +:103FE0000319702101CF60213C010800AC2D007441
91770 +:103FF0003C010800AC2C00708F480E14AF480144FF
91771 +:10400000AF47014CA34A0152A74B01589346010800
91772 +:1040100030C5000854A0000135291000934B090059
91773 +:1040200024070050316A00FF11470007000000001C
91774 +:104030008F450E1CAF450148AF4901543C091000A3
91775 +:1040400003E00008AF490178934D010831A800084A
91776 +:104050001100001000000000934F010831EE001025
91777 +:1040600051C00001352900083C04080090843DD06F
91778 +:10407000A34401508F4309A4AF4301488F4209A0D4
91779 +:10408000AF420144AF4901543C09100003E000086D
91780 +:10409000AF4901783C1908008F393D8C333800084E
91781 +:1040A0005700FFF1352900080A00047300000000E2
91782 +:1040B00024070040AF470814AF4008108F4209445E
91783 +:1040C0008F4309508F4409548F45095C8F46094C32
91784 +:1040D000AF820064AF830050AF84004CAF85005CBA
91785 +:1040E00003E00008AF8600609346010930C5007FF9
91786 +:1040F000000518C0000521400083102103E00008DE
91787 +:10410000244200883C09080091293D9124A800021E
91788 +:104110003C05110000093C0000E8302500C51825C9
91789 +:1041200024820008AC83000003E00008AC80000497
91790 +:104130009347010B8F4A002C974F09083C18000E3B
91791 +:104140000358482131EEFFFF000E41C0AF48002C5C
91792 +:1041500097430908952C001A008040212403000190
91793 +:10416000318BFFFFAC8B00008D2D001C00A058216F
91794 +:1041700000C06021AC8D00048D24002030E7004099
91795 +:10418000AD04000891220019304400031083004858
91796 +:104190002885000214A00062240600021086005642
91797 +:1041A00024190003109900660000000010E0003A96
91798 +:1041B000000000003C07080094E73D8624E200016F
91799 +:1041C000934F0934934709219525002A31EE00FFCA
91800 +:1041D000000E488230ED00FF978700580009360036
91801 +:1041E000000D1C003044FFFF00C310250044C02513
91802 +:1041F00000A778213C19400003197025000F4C00DE
91803 +:10420000AD090004AD0E0000934D09203C030006EB
91804 +:1042100025090014000D360000C32025AD04000858
91805 +:104220008F59092C24E5000130A27FFFAD19000C45
91806 +:104230008F580930A782005825020028AD180010B9
91807 +:104240008F4F0938AD0F0014AD2B00048F4E09407D
91808 +:10425000AD2E0008934D09373C05080090A53D9010
91809 +:104260008F4409488F46094031A700FF00EC182110
91810 +:10427000008678230003C7000005CC0003196025E1
91811 +:1042800031E8FFFC01885825AD2B000CAD20001053
91812 +:1042900003E00008AF4A002C3C0D080095AD3D86B8
91813 +:1042A0003C0E080095CE3D800A0004C901AE1021E5
91814 +:1042B0003C05080094A53D8A3C06080094C63D8054
91815 +:1042C0003C18080097183D7C952E002400A6782104
91816 +:1042D00001F86823000E240025A2FFF200821825B1
91817 +:1042E00024190800AD03000CAD190014AD00001036
91818 +:1042F0000A0004C4250800189526002495250028E6
91819 +:104300000006C40000057C00370E810035ED080072
91820 +:10431000AD0E000CAD0D00100A0004C425080014F9
91821 +:104320001480FFA200000000952400240004140063
91822 +:1043300034430800AD03000C0A0004C42508001033
91823 +:104340003C03080094633D8A3C05080094A53D8029
91824 +:104350003C06080094C63D7C953900249538002819
91825 +:10436000006520210086782300196C000018740075
91826 +:1043700025E2FFEE01C2202535A3810024190800A3
91827 +:10438000AD03000CAD040010AD190018AD00001411
91828 +:104390000A0004C42508001C03E00008240201F4FC
91829 +:1043A00027BDFFE8AFB00010AFBF00140E000060E3
91830 +:1043B0000080802124050040AF4508148F83005001
91831 +:1043C0008F84004C8F85005C0070182100641023DE
91832 +:1043D00018400004AF830050AF6300548F66005450
91833 +:1043E000AF86004C1200000C000000008F440074E7
91834 +:1043F000936800813409FA002D07000710E00005DA
91835 +:1044000000891021936C0081240B01F4018B50046E
91836 +:1044100001441021AF62000C8F4E095C01C5682376
91837 +:1044200019A000048FBF00148F4F095CAF8F005C90
91838 +:104430008FBF00148FB000100A00006227BD001863
91839 +:104440008F8400648F8300508F82004CAF640044DF
91840 +:10445000AF63005003E00008AF6200543C038000EB
91841 +:10446000346200708C43000027BDFFF8308700FFE6
91842 +:1044700030A900FF30C800FFAF8300308F440178BF
91843 +:104480000480FFFE3C028000345900708F38000029
91844 +:10449000A3A700033C0708008CE700748FAC000062
91845 +:1044A0003C0608008CC60070030378233C0E7FFF97
91846 +:1044B00000EFC82135CDFFFF00005021018D2824D9
91847 +:1044C00000CA1821000847C0032F202B00A8102580
91848 +:1044D0000064C021AFA200003C010800AC390074A8
91849 +:1044E0003C010800AC380070934F010AA3A0000201
91850 +:1044F0003C0E80FFA3AF00018FAC0000312B007F8A
91851 +:1045000035CDFFFF018D4824000B5600012A4025C0
91852 +:10451000240730002406FF803C05100027BD00085A
91853 +:10452000AF48014CAF470154A7400158A346015280
91854 +:1045300003E00008AF45017827BDFFE8AFBF0014D6
91855 +:10454000AFB000108F6500743C068000309000FF13
91856 +:1045500000A620250E000060AF6400749363000580
91857 +:10456000346200080E000062A362000502002021F0
91858 +:104570008FBF00148FB00010240500052406000131
91859 +:104580000A00057027BD001827BDFFE03C0380002E
91860 +:10459000AFB00010AFBF0018AFB1001434620070AC
91861 +:1045A0008C470000309000FF30A800FFAF8700303C
91862 +:1045B0008F4401780480FFFE3C18800037110070A2
91863 +:1045C0008E2F00003C0D08008DAD00743C0A0800E1
91864 +:1045D0008D4A007001E7702301AE282100005821A8
91865 +:1045E00000AE302B014B4821012638213C01080048
91866 +:1045F000AC250074000088213C010800AC27007045
91867 +:104600001100000F000000008F6200742619FFFFE8
91868 +:104610003208007F0002FE0233E5007F150000062D
91869 +:10462000332200FF2407FF800207202624A3FFFF78
91870 +:1046300000838025320200FF0040802124111008F1
91871 +:104640000E000060000000008F49081831250004AA
91872 +:1046500014A0FFFD3218007F001878C000187140C8
91873 +:1046600001CF682125AC0088AF4C0818274A098083
91874 +:104670008D4B0020AF4B01448D460024AF460148CE
91875 +:10468000A35001500E000062A740015802201021E3
91876 +:104690008FBF00188FB100148FB0001003E0000826
91877 +:1046A00027BD002027BDFFE8308400FFAFBF00100A
91878 +:1046B0000E0005BB30A500FF8F8300508FBF001098
91879 +:1046C000344500402404FF903C02100027BD001830
91880 +:1046D000AF43014CA3440152AF45015403E000082D
91881 +:1046E000AF4201789343093E306200081040000D4C
91882 +:1046F0003C0901013528080AAC8800008F47007486
91883 +:10470000AC8700043C06080090C63D9030C5001000
91884 +:1047100050A00006AC8000088F6A0060AC8A0008D8
91885 +:104720002484000C03E00008008010210A00062207
91886 +:104730002484000C27BDFFE8AFBF0014AFB0001009
91887 +:104740009346093F00A050210005288000853823AA
91888 +:1047500030C200FF240300063C09080095293D866D
91889 +:1047600024E8FFD824050004104300372406000283
91890 +:104770009750093C3C0F020400063400320EFFFF44
91891 +:1047800001CF6825AC8D0000934C093E318B002091
91892 +:104790001160000800000000934309363C02010349
91893 +:1047A000345F0300307900FF033FC0252405000873
91894 +:1047B000AC98000493430934935909210005F88209
91895 +:1047C000306200FF0002C082332F00FF00186E002D
91896 +:1047D000000F740001AE6025018920253C094000CE
91897 +:1047E00000898025ACF0FFD8934309378F4F0948E3
91898 +:1047F0008F580940306200FF004AC821033F7021F2
91899 +:1048000001F86023000E6F0001A650253185FFFCE2
91900 +:10481000001F58800145482501683821AD09002056
91901 +:104820000E00006024F00028240400040E00006242
91902 +:10483000A364003F020010218FBF00148FB000104E
91903 +:1048400003E0000827BD00180A0006352406001200
91904 +:1048500027BDFFD024090010AFB60028AFB5002453
91905 +:10486000AFB40020AFB10014AFB000103C0108009D
91906 +:10487000A0293D90AFBF002CAFB3001CAFB2001811
91907 +:1048800097480908309400FF3C02000E3107FFFFF3
91908 +:10489000000731C0AF46002C974409089344010B30
91909 +:1048A00030B500FF03428021308300300000B0218A
91910 +:1048B0001060012500008821240C00043C01080040
91911 +:1048C000A02C3D90934B093E000B5600000A2E038E
91912 +:1048D00004A0016000000000AF400048934F010BAE
91913 +:1048E00031EE002011C00006000000009358093E80
91914 +:1048F00000189E0000139603064001890000000086
91915 +:104900009344010B30830040106000038F930050EC
91916 +:104910008F8200502453FFFF9347093E30E6000882
91917 +:1049200014C0000224120003000090219619002CEC
91918 +:1049300093580934934F0937A7990058330C00FF57
91919 +:1049400031EE00FF024E6821000D5880016C5021AD
91920 +:10495000015140213C010800A4283D869205001821
91921 +:1049600030A900FF010918213C010800A4233D885B
91922 +:104970009211001816200002000000000000000D37
91923 +:104980003C010800A4233D8A3C010800A4203D808E
91924 +:104990003C010800A4203D7C935F010B3063FFFFC6
91925 +:1049A00033F00040120000022464000A2464000B6B
91926 +:1049B0003091FFFF0E00009E022020219358010B32
91927 +:1049C0003C08080095083D8A0040202100185982C3
91928 +:1049D000316700010E00049A01072821934C010B56
91929 +:1049E0008F4B002C974E09083C0F000E034F4021BF
91930 +:1049F00031CDFFFF000D51C0AF4A002C974309088D
91931 +:104A00009505001A004038212404000130A9FFFF59
91932 +:104A1000AC4900008D06001C00404821318A00404E
91933 +:104A2000AC4600048D020020ACE20008910300199E
91934 +:104A300030630003106400EC28790002172001188D
91935 +:104A4000241000021070010C241F0003107F011EAF
91936 +:104A500000000000114000DE000000003C090800DA
91937 +:104A600095293D8625220001935F0934934E092143
91938 +:104A70009504002A33F900FF0019C08231CF00FFEE
91939 +:104A8000978E005800184600000F6C00010D80251D
91940 +:104A90003045FFFF02051025008E50213C034000E9
91941 +:104AA00000433025000A6400ACEC0004ACE60000D2
91942 +:104AB000935F09203C19000624EC0014001FC60077
91943 +:104AC00003197825ACEF00088F48092C25CD00018B
91944 +:104AD00031A57FFFACE8000C8F500930A785005846
91945 +:104AE00024E80028ACF000108F4409380100802130
91946 +:104AF000ACE40014AD9300048F530940AD9300085B
91947 +:104B0000934A09373C19080093393D908F4309486F
91948 +:104B10008F460940314200FF0052F82100667023A1
91949 +:104B2000001F7F000019C40001F8282531CDFFFCCB
91950 +:104B300000AD2025AD84000CAD800010AF4B002CE3
91951 +:104B4000934B093E317300081260000D3C060101D1
91952 +:104B500034CC080AACEC00288F530074AD13000469
91953 +:104B60003C0B0800916B3D903167001050E0000352
91954 +:104B7000AD0000088F6A0060AD0A00082510000C27
91955 +:104B800012C0003D000000009343093F24160006B8
91956 +:104B900024060004306200FF105600C924070002FA
91957 +:104BA0009758093C3C0F0204330DFFFF01AF40252D
91958 +:104BB000AE0800009345093E30A400201080000894
91959 +:104BC00000000000935309363C0B0103357F0300BE
91960 +:104BD000327900FF033F7025AE0E00042406000862
91961 +:104BE000934F093493480921312AFFFF31ED00FF2B
91962 +:104BF000000D1082310300FF0002B60000032C00FC
91963 +:104C000002C56025018A9825001220803C094000D9
91964 +:104C10000204502302695825AD4BFFD8935F093732
91965 +:104C20008F4F09488F58094033F900FF0332702134
91966 +:104C30000006B08201D668210007440001F828234D
91967 +:104C4000000D1F000068302530A2FFFC2547FFD86B
91968 +:104C500000C260250016808002074821ACEC0020CD
91969 +:104C6000253000280E00006024120004A372003FCB
91970 +:104C70000E000062000000009347010B30F200407C
91971 +:104C8000124000053C1900FF8E180000372EFFFF70
91972 +:104C9000030E3024AE0600000E0000C702202021C3
91973 +:104CA0003C10080092103D90321100031220000FBA
91974 +:104CB00002A028218F89005025330001AF930050B6
91975 +:104CC000AF7300508F6B00540173F8231BE0000298
91976 +:104CD000026020218F640054AF6400548F4C007434
91977 +:104CE000258401F4AF64000C02A028210280202159
91978 +:104CF000A76000680E0005BB3C1410008F850050B3
91979 +:104D000034550006AF45014C8F8A00488FBF002CF8
91980 +:104D10008FB3001C25560001AF9600488FB20018D3
91981 +:104D2000A34A01528FB60028AF5501548FB1001429
91982 +:104D3000AF5401788FB500248FB400208FB00010DD
91983 +:104D400003E0000827BD00309358093E00189E007C
91984 +:104D500000139603064200362411000293440923EF
91985 +:104D6000308300021060FEDD8F8600608F8200506D
91986 +:104D700014C2FEDA000000000E0000600000000017
91987 +:104D80009369003F24070016312800FF1107000C2B
91988 +:104D9000240500083C0C0800918C3D90358B0001E7
91989 +:104DA0003C010800A02B3D90936A003F314300FF77
91990 +:104DB00010650065240D000A106D005E2402000CD1
91991 +:104DC0000E000062000000000A00069000000000D3
91992 +:104DD0003C09080095293D863C0A0800954A3D801B
91993 +:104DE0000A0006F3012A10213C09080095293D8A92
91994 +:104DF0003C04080094843D803C06080094C63D7C39
91995 +:104E000095030024012410210046F8230003CC0060
91996 +:104E100027F0FFF20330C025240F0800ACF8000C87
91997 +:104E2000ACEF0014ACE000100A0006EE24E7001816
91998 +:104E30003C010800A0313D90935F093E241600011B
91999 +:104E400033F900201720FEA5241100080A0006905F
92000 +:104E5000241100048F6E00848F4D094011A0FE9E26
92001 +:104E6000AF8E0050240F00143C010800A02F3D908D
92002 +:104E70000A00068F00000000950E0024950D002802
92003 +:104E8000000E6400000D2C003589810034A6080056
92004 +:104E9000ACE9000CACE600100A0006EE24E70014B2
92005 +:104EA0001460FEEC000000009502002400021C00CB
92006 +:104EB00034640800ACE4000C0A0006EE24E700109D
92007 +:104EC0000A000741240700123C02080094423D8A70
92008 +:104ED0003C06080094C63D803C03080094633D7C7A
92009 +:104EE00095100024951900280046F82103E3C023FB
92010 +:104EF00000106C0000197400270FFFEE01CF282569
92011 +:104F000035AC8100ACEC000CACE5001024070800C7
92012 +:104F1000AD2700182527001C0A0006EEAD2000145E
92013 +:104F20008F7F004CAF7F00548F7900540A000699A0
92014 +:104F3000AF790050A362003F0E0000620000000045
92015 +:104F40000A00069000000000240200140A0008274E
92016 +:104F5000A362003F27BDFFE8308400FFAFBF001011
92017 +:104F60000E0005BB30A500FF9378007E9379007F8B
92018 +:104F7000936E00809368007A332F00FF001866005C
92019 +:104F8000000F6C0031CB00FF018D4825000B520053
92020 +:104F90008FBF0010012A3825310600FF344470000D
92021 +:104FA00000E628252402FF813C03100027BD0018DD
92022 +:104FB000AF45014CAF440154A342015203E0000845
92023 +:104FC000AF43017827BDFFD8AFB20018AFB10014CE
92024 +:104FD000AFB00010AFBF0020AFB3001C9342010977
92025 +:104FE000308600FF30B000FF000618C23204000215
92026 +:104FF0003071000114800005305200FF93670005F6
92027 +:1050000030E5000810A0000D30C80010024020213B
92028 +:105010000E0005A702202821240400018FBF0020D4
92029 +:105020008FB3001C8FB200188FB100148FB0001026
92030 +:105030000080102103E0000827BD00281500003281
92031 +:105040000000000093430109000028213062007F26
92032 +:10505000000220C00002F94003E49821267900886C
92033 +:10506000033B98218E7800248E6F0008130F0046B2
92034 +:10507000000000008F640084241800020004FD82F8
92035 +:1050800033F900031338007C0000000093660083AE
92036 +:10509000934A0109514600043205007C10A00060CB
92037 +:1050A000000000003205007C14A0005302402021C3
92038 +:1050B00016200006320400018E7F00248F5901045F
92039 +:1050C00017F9FFD600002021320400011080000AE9
92040 +:1050D000024020218F4209408F9300641053000644
92041 +:1050E000000000000E00066D022028218F430940B9
92042 +:1050F000AF630044024020210E0006020220282156
92043 +:105100000A000860240400013C0908008D2900649D
92044 +:10511000252600013C010800AC26006416000012A0
92045 +:10512000000000008F6D00843C0E00C001AE6024C2
92046 +:1051300015800005024020210E00082E02202821A3
92047 +:105140000A00086024040001240500040E00057014
92048 +:1051500024060001024020210E00082E02202821F2
92049 +:105160000A000860240400010E000041240400012C
92050 +:10517000936B007D020B50250E000062A36A007D38
92051 +:105180000A0008A38F6D00848F6600748F480104A5
92052 +:105190008E67002400064E021507FFB63126007FF9
92053 +:1051A000936B008326440001308A007F1146004340
92054 +:1051B000316300FF5464FFB08F6400842645000112
92055 +:1051C00030B1007F30A200FF122600042405000148
92056 +:1051D000004090210A00087624110001240FFF806E
92057 +:1051E000024F702401CF9026324200FF00409021F0
92058 +:1051F0000A000876241100010E00066D0220282105
92059 +:10520000321800301300FFAA321000820240202121
92060 +:105210000E0005A7022028210A00086024040001CE
92061 +:105220008F6E00743C0F80002405000301CF902591
92062 +:10523000AF72007493710083240600010E000570A4
92063 +:10524000322400FF0E00004124040001936D007D14
92064 +:10525000020D60250E000062A36C007D3C0B08006F
92065 +:105260008D6B0054257000013C010800AC300054E7
92066 +:105270000A000860240400018F6800743C09800063
92067 +:105280002405000401093825AF6700749363008387
92068 +:10529000240600010E000570306400FF0E0000417E
92069 +:1052A000240400019362007D020298250E00006232
92070 +:1052B000A373007D0A00086024040001324D0080C1
92071 +:1052C00039AC0080546CFF6C8F6400840A0008C9FC
92072 +:1052D0002645000127BDFFC83C0A0008AFBF0030CB
92073 +:1052E000AFB5002CAFB40028AFB30024AFB200209C
92074 +:1052F000AFB1001CAFB00018034AD8212409004008
92075 +:10530000AF490814AF4008108F4209448F43095039
92076 +:105310008F4609548F47095C8F48094C9344010814
92077 +:105320009345010BAF820064308400FF30A500FF7D
92078 +:10533000AF830050AF86004CAF87005C0E00084A78
92079 +:10534000AF8800601440017D8FBF0030A760006807
92080 +:10535000934D0900240B00503C15080026B53D482C
92081 +:1053600031AC00FF3C12080026523D58118B00035F
92082 +:10537000000000000000A8210000902193510109C5
92083 +:105380008F9F005024040010322E007F000E68C052
92084 +:10539000000E6140018D282124B40088AF54081804
92085 +:1053A0008F4901048F4A09A43C0B000E034BC02116
92086 +:1053B000012A10233C010800AC223D6C8F430958A0
92087 +:1053C0003C010800A0243D9097470908007F302346
92088 +:1053D0003C010800AC263D7030E8FFFF0008C9C062
92089 +:1053E0003C010800AC3F3D94AF59002C974209089E
92090 +:1053F0009710002C8EB10000930F001803749821B1
92091 +:10540000A7900058AF9300440220F80931F000FF44
92092 +:10541000304E000215C001B2304F000111E0014FC3
92093 +:10542000000000009343093E3066000814C00002EB
92094 +:10543000241400030000A0218F5809A424130001A4
92095 +:105440003C010800AC383D98934F0934935109371B
92096 +:1054500031EC00FF322E00FF028E6821000D288003
92097 +:1054600000AC5021015058213C010800A42B3D887C
92098 +:105470003C010800A42A3D8693490934312200FFEB
92099 +:1054800002022021249000103C010800A4303D8439
92100 +:10549000240700068F9F00503C010800AC273D8C7C
92101 +:1054A0008F88005C8F59095800008021011F282334
92102 +:1054B00004A00149033F20230480014700A4302BAE
92103 +:1054C00010C00149000000003C010800AC253D70FF
92104 +:1054D0008E4200000040F809000000003043000246
92105 +:1054E000146000F80040882130440001548000100E
92106 +:1054F0008E4200043C0908008D293D743C0AC0001E
92107 +:10550000012A8025AF500E008F45000030AB000807
92108 +:105510001160FFFD00000000974D0E0824100001EF
92109 +:10552000A78D003C8F4C0E04AF8C00348E420004DB
92110 +:105530000040F8090000000002228825322E0002F7
92111 +:1055400015C00180000000003C09080095293D7C41
92112 +:105550003C06080094C63D883C0A0800954A3D7EFA
92113 +:105560003C1908008F393D74012660213C18080061
92114 +:105570008F183D983C03080094633D92018A2021D6
92115 +:105580008F4E09400329F821248F000203E32821CC
92116 +:10559000031968213C010800A42C3D8AAF8E0064E9
92117 +:1055A0003C010800AC2D3D983C010800A4253D803D
92118 +:1055B0000E00009E31E4FFFF8F870048004020214D
92119 +:1055C0003C010800A0273D918E42000824E800011C
92120 +:1055D000AF8800480040F809000000009344010B28
92121 +:1055E0008F4C002C974A09083C0B000E034B4021BE
92122 +:1055F0003149FFFF000919C08F8B0050AF43002CC9
92123 +:10560000974309089506001A00403821308A004067
92124 +:1056100030DFFFFFAC5F00008D19001C0040482107
92125 +:10562000AC5900048D180020AC580008910F0019E7
92126 +:1056300031E30003107300F0000000002862000254
92127 +:105640001440010924050002106500FD240D00032B
92128 +:10565000106D010D00000000114000D90000000095
92129 +:105660003C0A0800954A3D8625420001934D0934C5
92130 +:1056700093580921950E002A31A300FF00032082D0
92131 +:10568000331F00FF9798005800047E00001FCC00D5
92132 +:1056900001F940253049FFFF0109102501D83021CB
92133 +:1056A0003C0540000045502500066C00ACED0004B0
92134 +:1056B000ACEA0000934309203C04000624ED0014EA
92135 +:1056C0000003FE0003E4C825ACF900088F49092C4B
92136 +:1056D000270F000131EE7FFFACE9000C8F48093045
92137 +:1056E000A78E005824E90028ACE800108F4509383F
92138 +:1056F00001204021ACE50014ADAB00048F4209400D
92139 +:10570000ADA20008934B09373C1F080093FF3D9062
92140 +:105710008F4309488F4A0940316600FF00D4202199
92141 +:10572000006A78230004C700001FCC000319282555
92142 +:1057300031EEFFFC00AE1025ADA2000CADA00010B4
92143 +:10574000AF4C002C934C093E318B00085160000F88
92144 +:105750008E58000C3C06010134CA080AACEA002845
92145 +:105760008F4B0074AD2B00043C0C0800918C3D90D5
92146 +:105770003187001050E00003AD2000088F62006008
92147 +:10578000AD2200082528000C8E58000C0300F809F3
92148 +:10579000010020213C19080097393D8A3C1F080070
92149 +:1057A00097FF3D7E033F782125E900020E0000C7E8
92150 +:1057B0003124FFFF3C0E08008DCE3D6C3C080800F4
92151 +:1057C0008D083D7401C828233C010800AC253D6CC0
92152 +:1057D00014A00006000000003C0308008C633D8C10
92153 +:1057E000346400403C010800AC243D8C1200007081
92154 +:1057F0008F8C00448F470E108F900044AE0700201E
92155 +:105800008F4D0E18AE0D00243C10080096103D8000
92156 +:105810000E0000600000000024020040AF420814A7
92157 +:105820008F8600508F8A004C00D01821006A5823C0
92158 +:1058300019600004AF830050AF6300548F650054BB
92159 +:10584000AF85004C1200000C000000008F44007473
92160 +:10585000936800813409FA002D0E000711C000057D
92161 +:1058600000891821937F0081241901F403F9780439
92162 +:1058700001E41821AF63000C8F44095C8F83005C46
92163 +:105880000083C0231B000003000000008F50095C50
92164 +:10589000AF90005C0E000062000000008F8C005092
92165 +:1058A0008E4700103C010800AC2C3D9400E0F80944
92166 +:1058B000000000003C0D08008DAD3D6C55A0FEF5CC
92167 +:1058C000240700068F450024975909088F8B006430
92168 +:1058D0008F9400503C0F001F978200588F86005411
92169 +:1058E0008F93004C3328FFFF35E9FF8000A9502437
92170 +:1058F000000871C032320100AF4E0024A4C2002C57
92171 +:10590000AF4A0024AF6B0044AF740050AF73005433
92172 +:105910001640008032380010570000868EA4000424
92173 +:10592000322300405460001B8EB100088EB0000C82
92174 +:105930000200F809000000008FBF00308FB5002C76
92175 +:105940008FB400288FB300248FB200208FB1001CC9
92176 +:105950008FB0001803E0000827BD00389347010905
92177 +:105960008F8800380007FE0003E8C825AF59008083
92178 +:105970008F5809A08F5309A4AFB80010AF580E1468
92179 +:105980008FB40010AF540E10AF530E1C0A00096202
92180 +:10599000AF530E180220F809000000008EB0000C72
92181 +:1059A0000200F809000000000A000AA88FBF0030BA
92182 +:1059B000A5800020A59300220A000A5BAD93002475
92183 +:1059C0003C09080095293D863C06080094C63D80A8
92184 +:1059D0000A0009F4012610213C010800AC203D70AA
92185 +:1059E0000A00098E8E4200003C010800AC243D7084
92186 +:1059F0000A00098E8E4200003C03080094633D8A31
92187 +:105A00003C04080094843D803C1F080097FF3D7CC7
92188 +:105A1000951800240064C821033F782300186C0007
92189 +:105A200025EEFFF201AE2825AC45000C240208004B
92190 +:105A3000ACE20014ACE000100A0009EF24E7001803
92191 +:105A400095060024950900280006240000091C0082
92192 +:105A5000349F810034790800ACFF000CACF90010D1
92193 +:105A60000A0009EF24E700141460FEFB00000000A8
92194 +:105A70009518002400187C0035EE0800ACEE000CF0
92195 +:105A80000A0009EF24E700103C07080094E73D8076
92196 +:105A90003C04080094843D8A3C03080094633D7CE8
92197 +:105AA00095190024951800280087F82103E378232E
92198 +:105AB0002407080000192C0000186C0025EEFFEEEA
92199 +:105AC00001AE302534A28100AD2700182527001C27
92200 +:105AD000AD22000CAD2600100A0009EFAD20001425
92201 +:105AE00093520109000028210E000602324400FFF3
92202 +:105AF0008FBF00308FB5002C8FB400288FB30024E7
92203 +:105B00008FB200208FB1001C8FB0001803E0000896
92204 +:105B100027BD0038935F010933E400FF0E00066DD6
92205 +:105B200000002821323800105300FF7E322300404D
92206 +:105B30008EA400040080F809000000000A000AA2F8
92207 +:105B4000322300401200FF5F000000008F540E144B
92208 +:105B50008F920044AE5400208F530E1C0A000A8A14
92209 +:105B6000AE5300248F82001C008040213C040100C1
92210 +:105B70009047008530E3002010600009000000001D
92211 +:105B80003C0708008CE73D948F83001800E3202336
92212 +:105B9000048000089389000414E30003010020211D
92213 +:105BA00003E00008008010213C04010003E000082D
92214 +:105BB000008010211120000B006738238F8C0020FB
92215 +:105BC00024090034918B00BC316A0002514000016D
92216 +:105BD0002409003000E9682B15A0FFF10100202105
92217 +:105BE00000E938232419FFFC00B9C02400F9782407
92218 +:105BF00000F8702B15C0FFEA01E8202130C2000335
92219 +:105C00000002182314C00012306900030000302184
92220 +:105C100000A9702101C6682100ED602B1180FFE012
92221 +:105C20003C0401002D2F00010006482B01053821FE
92222 +:105C300001E9302414C0FFDA24E4FFFC2419FFFC3E
92223 +:105C400000B9C0240308202103E0000800801021CF
92224 +:105C50008F8B002024060004916A00BC31440004AC
92225 +:105C60001480FFEC00A970210A000B5E00003021B7
92226 +:105C700027BDFFE8AFBF00108F460100934A01091E
92227 +:105C80003C1F08008FFF00902407FF80314F00FF6A
92228 +:105C900031E8007F0008614003E6C821032CC021E1
92229 +:105CA00027090120012770243C010800A02F3DD0C6
92230 +:105CB000AF4E080C3C0D08008DAD00903C040080F8
92231 +:105CC0003482000301A65821016C182124650120AB
92232 +:105CD00030AA007801424025AF48081C3C1F08004C
92233 +:105CE0008FFF00908F88004003E6C0213319000722
92234 +:105CF00003074824033A7821AF49002825E909C061
92235 +:105D0000952E00023C0D08008DAD008C3C0A080069
92236 +:105D10008D4A009031CC3FFF01A61821000C59801C
92237 +:105D2000006B282100A72024AF44002C95220002FC
92238 +:105D30003C1F08008FFF008C9107008530593FFF02
92239 +:105D400003E678210019C1800146702101F868211D
92240 +:105D500031CC007F31AB007F019A2821017A50219C
92241 +:105D60003C03000C3C04000E00A328210144102138
92242 +:105D700030E6002027470980AF82002CAF88001C46
92243 +:105D8000AF890024AF85002010C00006AF8700282F
92244 +:105D90008D0200508CA4010C0044302318C0007701
92245 +:105DA00000000000910C0085240DFFDF018D3824D8
92246 +:105DB000A10700858F8B001C8F8900248F87002806
92247 +:105DC0008D65004CAF850018912F000D31EE00203D
92248 +:105DD00011C000170000000024090001A38900047D
92249 +:105DE000AF80000C8CE400248F85000C240A00088E
92250 +:105DF000AF800008AF8000103C010800A42A3D7E5F
92251 +:105E00003C010800A4203D920E000B32000030211E
92252 +:105E10008F8500248FBF0010AF82001490A8000D62
92253 +:105E200027BD00180008394203E0000830E20001F5
92254 +:105E3000913F00022418000133F900FF001921826C
92255 +:105E400010980039240800021088005B8F86002C0F
92256 +:105E50008CE5002414A0001B8F9F002091220000DD
92257 +:105E6000240A00053046003F10CA00472404000100
92258 +:105E70008F860008A3840004AF860010AF86000C54
92259 +:105E80008CE400248F85000C240A00083C010800E3
92260 +:105E9000A42A3D7E3C010800A4203D920E000B3256
92261 +:105EA000000000008F8500248FBF0010AF82001417
92262 +:105EB00090A8000D27BD00180008394203E0000833
92263 +:105EC00030E200018CF800088CF900248FEE00C449
92264 +:105ED000A38000048CE40024AF8E000C8F85000C9E
92265 +:105EE0008F86000803197823240A0008AF8F00105A
92266 +:105EF0003C010800A42A3D7E3C010800A4203D92FC
92267 +:105F00000E000B32000000008F8500248FBF0010B0
92268 +:105F1000AF82001490A8000D27BD00180008394278
92269 +:105F200003E0000830E20001912300003062003FEE
92270 +:105F3000104400278F8500208CE400241480002169
92271 +:105F4000000000008D2E00183C187FFF8F85002078
92272 +:105F5000370FFFFF01CF1824AF8300088F9F000881
92273 +:105F60008CA8008403E8C82B1720000203E020213E
92274 +:105F70008CA400840A000BEDAF8400088CA3010CF4
92275 +:105F80000A000BCBAF8300188D2C00188F860008F9
92276 +:105F90003C0D7FFF8F89002035A3FFFF018358242C
92277 +:105FA00024040001AF8B0010AD2000CCA3840004BA
92278 +:105FB0000A000BF9AF86000C8CCA00140A000BED26
92279 +:105FC000AF8A00088CA300C80A000C30AF83000819
92280 +:105FD0008F84002C8CAC00648C8D0014018D582BA8
92281 +:105FE00011600004000000008CA200640A000C3064
92282 +:105FF000AF8200088C8200140A000C30AF820008C7
92283 +:106000008F85000C27BDFFE0AFBF0018AFB10014B3
92284 +:1060100014A00007AFB000108F86002424020005F2
92285 +:1060200090C400003083003F106200B68F840020CF
92286 +:106030008F91000800A080218F8C00283C0508006B
92287 +:106040008CA53D708D8B000431663FFF00C5502B41
92288 +:106050005540000100C02821938D000411A0007359
92289 +:1060600000B0F82B8F98002024040034930F00BC5C
92290 +:1060700031EE000251C000012404003000A4C82BFE
92291 +:10608000172000D10000000000A4282300B0F82B46
92292 +:106090003C010800A4243D7C17E000680200202198
92293 +:1060A0003C0308008C633D6C0083102B54400001BE
92294 +:1060B000008018218F8800243C010800AC233D7427
92295 +:1060C000000048219104000D308300205060000141
92296 +:1060D0008F490E188F8300140123382B10E00059CC
92297 +:1060E000000000003C0408008C843D7400895821A5
92298 +:1060F000006B502B114000560090602B006930233C
92299 +:1061000000C020213C010800AC263D7412000003B1
92300 +:10611000241FFFFC1090008A32270003009FC82430
92301 +:106120003C010800AC393D743C010800A4203D92BC
92302 +:106130008F84000C120400078F830020AF910008A9
92303 +:10614000020020218C7100CCAF90000C26300001A1
92304 +:10615000AC7000CC3C0208008C423D748F8A001069
92305 +:10616000240700180082202301422823AF84000C5A
92306 +:1061700010800002AF850010240700108F86001CDD
92307 +:106180003C010800A0273D902407004090CC0085EA
92308 +:10619000318B00C0116700408F8D001414A00015D2
92309 +:1061A00000002021934A01098F420974314500FF04
92310 +:1061B0000002260224A300013090007F3071007F8E
92311 +:1061C0001230007A2407FF80A0C300833C09080036
92312 +:1061D0008D293D8C8F880024240D0002352C000869
92313 +:1061E0003C010800A02D3DD13C010800AC2C3D8CA9
92314 +:1061F00024040010910E000D31C6002010C00005CF
92315 +:1062000000801821240800013C010800AC283D74DE
92316 +:10621000348300018FBF00188FB100148FB00010BD
92317 +:106220000060102103E0000827BD00203C010800A9
92318 +:10623000A4203D7C13E0FF9A020020210A000C817B
92319 +:1062400000A020213C0408008C843D740090602B49
92320 +:106250001180FFAE000000003C0F080095EF3D7C70
92321 +:1062600001E4702101C6682B11A000072C820004F4
92322 +:106270003C1F60008FF954043338003F1700FFE5DE
92323 +:10628000240300422C8200041040FFA0240300429B
92324 +:106290000A000CDF8FBF0018152DFFC000000000A2
92325 +:1062A0008CDF00743C0380002405FF8003E3C825D5
92326 +:1062B000ACD9007490D80085240E0004240400108A
92327 +:1062C000330F003F01E54025A0C800858F880024DA
92328 +:1062D0003C010800A02E3DD1240300019106000DD1
92329 +:1062E00030C9002015200003000000003C03080016
92330 +:1062F0008C633D743C010800AC233D6C0A000CD655
92331 +:10630000000000008F8700108C88008400E8282B94
92332 +:1063100014A0000200E088218C910084240900016F
92333 +:10632000A38900048F440E18022028210E000B328E
92334 +:1063300002203021022080210A000C67AF82001465
92335 +:1063400000071823306600033C010800A4263D9294
92336 +:10635000122000058F8C0020918B00BC316A000454
92337 +:106360001540001524CD00043C0F080095EF3D9228
92338 +:1063700001E4702100AE302B50C0FF6E8F84000C02
92339 +:106380002C85000514A0FFA32403004230980003CD
92340 +:1063900017000002009818232483FFFC3C0108002A
92341 +:1063A000AC233D740A000CA30000000000A7582491
92342 +:1063B0000A000CCB016718263C010800A42D3D9271
92343 +:1063C0000A000D33000000003C010800AC203D74C1
92344 +:1063D0000A000CDE240300428F83001014600007C3
92345 +:1063E000000010218F88002424050005910600007C
92346 +:1063F00030C400FF108500030000000003E0000827
92347 +:1064000000000000910A0018314900FF000939C25C
92348 +:1064100014E0FFFA8F85001C3C04080094843D7C46
92349 +:106420003C0308008C633D943C1908008F393D748F
92350 +:106430003C0F080095EF3D920064C0218CAD0054E4
92351 +:106440000319702101CF6021018D58231960001DAF
92352 +:1064500000000000910E001C8F8C002C974B0E103A
92353 +:1064600031CD00FF8D850004016D30238D88000043
92354 +:1064700030CEFFFF000E510000AAC82100003821D5
92355 +:1064800001072021032A182B0083C021AD990004A5
92356 +:10649000AD980000918F000A01CF6821A18D000AFC
92357 +:1064A0008F88002C974B0E12A50B0008950A003818
92358 +:1064B00025490001A50900389107000D34E60008C0
92359 +:1064C000A106000D03E000080000000027BDFFE06A
92360 +:1064D000938700048F8F00248FAD00143C0E7FFF44
92361 +:1064E0008F89000C35C8FFFFAFBF001CAFB000188C
92362 +:1064F00001A8182491EA000D000717C03C1FBFFF38
92363 +:10650000006258252D2E00018F90001837F9FFFFEB
92364 +:106510003C1808008F183D943C0F080095EF3D8A09
92365 +:1065200001796824000E47803C07EFFF3C05F0FF2F
92366 +:1065300001A818253149002034E2FFFF34ACFFFFE9
92367 +:106540000310582327A500102406000225EA0002A4
92368 +:1065500000621824008080211520000200004021E4
92369 +:106560008F480E1CA7AA0012056000372407000000
92370 +:1065700030FF00FF001FCF008F8B001C00793825F3
92371 +:10658000AFA70014916F00853C08080091083D9169
92372 +:106590003C18DFFF31EE00C0370AFFFF000E182B5A
92373 +:1065A0003C1F080097FF3D8400EA6824A3A800115F
92374 +:1065B0000003174001A248258FB90010AFA90014AD
92375 +:1065C0003C0A0800914A3D93A7BF00168FA800140B
92376 +:1065D000032CC0243C0B01003C0F0FFF030B1825BC
92377 +:1065E0003147000335EEFFFF010C68240007160059
92378 +:1065F000006EF8243C09700001A2C82503E9582563
92379 +:10660000AFB90014AFAB00100E000076A3A00015C8
92380 +:106610008F8C0024260200089186000D30C40020D3
92381 +:10662000108000068FBF001C3C05080094A53D802B
92382 +:1066300024B0FFFF3C010800A4303D808FB000185B
92383 +:1066400003E0000827BD00208F9800140118502B8C
92384 +:106650005540FFC7240700010A000DB630FF00FFB8
92385 +:106660009382000427BDFFE0AFBF00181040000F69
92386 +:10667000008050218F880024240B00058F8900089A
92387 +:10668000910700008F8400200100282130E3003FA3
92388 +:106690008F86002C106B000800003821AFA9001075
92389 +:1066A0000E00040EAFAA0014A38000048FBF0018D0
92390 +:1066B00003E0000827BD00208D1900183C0F0800DA
92391 +:1066C0008DEF3D748F9800103C027FFF8D08001401
92392 +:1066D000345FFFFF033F682401F8702101AE60239F
92393 +:1066E00001883821AFA900100E00040EAFAA0014D3
92394 +:1066F0000A000E04A38000048F8700243C050800D4
92395 +:1067000094A53D923C0208008C423D8C90E6000D21
92396 +:106710000005240030C300201060002C00444025F8
92397 +:106720008F85001C00006021240B000190A30085D0
92398 +:1067300000004821240A00013C0F800035EE007063
92399 +:106740008DC70000AF8700308F5801780700FFFE2B
92400 +:106750003C038000347900708F3800003C0508004D
92401 +:106760008CA500743C0D08008DAD007003077823E4
92402 +:1067700000AF38210000102100EF302B01A22021B2
92403 +:10678000008618213C010800AC2700743C01080079
92404 +:10679000AC230070AF4B01483C1908008F393D9481
92405 +:1067A000A7490144A74A0146AF59014C3C0B0800D8
92406 +:1067B000916B3D91A34B0152AF4801543C0810002E
92407 +:1067C000A74C015803E00008AF4801788F4B0E1C1E
92408 +:1067D0003C0A08008D4A3D7497490E16974D0E14D9
92409 +:1067E00001456021312AFFFF0A000E2731A9FFFF72
92410 +:1067F0008F8300249064000D308200201040002917
92411 +:10680000000000000000482100005021000040214D
92412 +:106810003C07800034EB00708D670000AF870030CC
92413 +:106820008F4C01780580FFFE3C0D800035AC007078
92414 +:106830008D8B00003C0508008CA500743C0408000A
92415 +:106840008C8400700167302300A67821000010219D
92416 +:1068500001E6C82B0082C021031970213C01080009
92417 +:10686000AC2F00743C010800AC2E0070AF49014809
92418 +:106870003C0D08008DAD3D94A7480144240900401B
92419 +:10688000A74A01463C081000240AFF91AF4D014C75
92420 +:10689000A34A0152AF490154A740015803E0000840
92421 +:1068A000AF4801788F490E1897460E1297450E1083
92422 +:1068B00030CAFFFF0A000E5D30A8FFFF8F8300245F
92423 +:1068C00027BDFFF89064000D308200201040003A90
92424 +:1068D00000000000240B000100004821240A0001F0
92425 +:1068E0003C088000350700708CE30000AF83003067
92426 +:1068F0008F4C01780580FFFE3C0E80003C040800B0
92427 +:1069000090843DD035C700708CEC00003C05080039
92428 +:106910008CA50074A3A400033C1908008F390070F3
92429 +:106920008FAD00000183302300A638210000102124
92430 +:106930000322782100E6C02B01F8602101AE40253A
92431 +:10694000AFA800003C010800AC2700743C0108001F
92432 +:10695000AC2C00709346010A3C04080090843DD1A1
92433 +:10696000A3A00002A3A600018FA300003C0580FFA6
92434 +:106970003099007F34A2FFFF006278240019C6001E
92435 +:1069800001F87025240D3000AF4E014C27BD0008E2
92436 +:10699000AF4D0154A7400158AF4B0148A7490144EE
92437 +:1069A000A74A01463C091000240AFF80A34A01526D
92438 +:1069B00003E00008AF4901788F4B0E1897460E127E
92439 +:1069C00097450E1030CAFFFF0A000E9130A9FFFF55
92440 +:1069D0008F85001C2402008090A40085308300C0B5
92441 +:1069E000106200058F8600208F8800088F87000CBA
92442 +:1069F000ACC800C8ACC700C403E000080000000039
92443 +:106A00003C0A0800254A39543C09080025293A2047
92444 +:106A10003C08080025082DD43C07080024E73B3437
92445 +:106A20003C06080024C637C43C05080024A5353CB4
92446 +:106A30003C040800248431643C0308002463385C6F
92447 +:106A40003C020800244236303C010800AC2A3D508C
92448 +:106A50003C010800AC293D4C3C010800AC283D48F5
92449 +:106A60003C010800AC273D543C010800AC263D64C5
92450 +:106A70003C010800AC253D5C3C010800AC243D58BD
92451 +:106A80003C010800AC233D683C010800AC223D609D
92452 +:086A900003E000080000000013
92453 +:00000001FF
92454 diff --git a/firmware/bnx2/bnx2-mips-09-6.2.1b.fw.ihex b/firmware/bnx2/bnx2-mips-09-6.2.1b.fw.ihex
92455 new file mode 100644
92456 index 0000000..43d7c4f
92457 --- /dev/null
92458 +++ b/firmware/bnx2/bnx2-mips-09-6.2.1b.fw.ihex
92459 @@ -0,0 +1,6496 @@
92460 +:10000000080001180800000000005594000000C816
92461 +:1000100000000000000000000000000008005594EF
92462 +:10002000000000380000565C080000A00800000036
92463 +:100030000000574400005694080059200000008436
92464 +:100040000000ADD808005744000001C00000AE5CBD
92465 +:100050000800321008000000000092580000B01C98
92466 +:10006000000000000000000000000000080092589E
92467 +:100070000000033C000142740800049008000400E2
92468 +:10008000000012FC000145B000000000000000006C
92469 +:1000900000000000080016FC00000004000158AC3D
92470 +:1000A000080000A80800000000003D00000158B052
92471 +:1000B00000000000000000000000000008003D00FB
92472 +:1000C00000000030000195B00A000046000000006A
92473 +:1000D000000000000000000D636F6D362E322E31DF
92474 +:1000E00062000000060201020000000000000003A0
92475 +:1000F000000000C800000032000000030000000003
92476 +:1001000000000000000000000000000000000000EF
92477 +:1001100000000010000001360000EA600000000549
92478 +:1001200000000000000000000000000000000008C7
92479 +:1001300000000000000000000000000000000000BF
92480 +:1001400000000000000000000000000000000000AF
92481 +:10015000000000000000000000000000000000009F
92482 +:10016000000000020000000000000000000000008D
92483 +:10017000000000000000000000000000000000007F
92484 +:10018000000000000000000000000010000000005F
92485 +:10019000000000000000000000000000000000005F
92486 +:1001A000000000000000000000000000000000004F
92487 +:1001B000000000000000000000000000000000003F
92488 +:1001C000000000000000000000000000000000002F
92489 +:1001D000000000000000000000000000000000001F
92490 +:1001E0000000000010000003000000000000000DEF
92491 +:1001F0000000000D3C020800244256083C030800A1
92492 +:1002000024635754AC4000000043202B1480FFFDB2
92493 +:10021000244200043C1D080037BD9FFC03A0F021D0
92494 +:100220003C100800261001183C1C0800279C5608AA
92495 +:100230000E000256000000000000000D27BDFFB4B4
92496 +:10024000AFA10000AFA20004AFA30008AFA4000C50
92497 +:10025000AFA50010AFA60014AFA70018AFA8001CF0
92498 +:10026000AFA90020AFAA0024AFAB0028AFAC002C90
92499 +:10027000AFAD0030AFAE0034AFAF0038AFB8003C28
92500 +:10028000AFB90040AFBC0044AFBF00480E001544FA
92501 +:10029000000000008FBF00488FBC00448FB90040B1
92502 +:1002A0008FB8003C8FAF00388FAE00348FAD003078
92503 +:1002B0008FAC002C8FAB00288FAA00248FA90020C0
92504 +:1002C0008FA8001C8FA700188FA600148FA5001000
92505 +:1002D0008FA4000C8FA300088FA200048FA1000040
92506 +:1002E00027BD004C3C1B60108F7A5030377B502864
92507 +:1002F00003400008AF7A00008F82002427BDFFE092
92508 +:10030000AFB00010AFBF0018AFB100148C42000CAA
92509 +:100310003C1080008E110100104000348FBF001887
92510 +:100320000E000D84000000008F85002024047FFF54
92511 +:100330000091202BACB100008E030104960201084D
92512 +:1003400000031C003042FFFF00621825ACA300042C
92513 +:100350009202010A96030114304200FF3063FFFF4E
92514 +:100360000002140000431025ACA200089603010C03
92515 +:100370009602010E00031C003042FFFF00621825A8
92516 +:10038000ACA3000C960301109602011200031C009E
92517 +:100390003042FFFF00621825ACA300108E02011846
92518 +:1003A000ACA200148E02011CACA20018148000083C
92519 +:1003B0008F820024978200003C0420050044182509
92520 +:1003C00024420001ACA3001C0A0000C6A782000062
92521 +:1003D0003C0340189442001E00431025ACA2001CB0
92522 +:1003E0000E000DB8240400018FBF00188FB1001457
92523 +:1003F0008FB000100000102103E0000827BD00208E
92524 +:100400003C0780008CE202B834E50100044100089A
92525 +:10041000240300013C0208008C42006024420001D9
92526 +:100420003C010800AC22006003E0000800601021DD
92527 +:100430003C0208008C42005C8CA4002094A30016AF
92528 +:100440008CA6000494A5000E24420001ACE40280B6
92529 +:100450002463FFFC3C010800AC22005C3C0210005D
92530 +:10046000A4E30284A4E5028600001821ACE6028819
92531 +:10047000ACE202B803E000080060102127BDFFE0F5
92532 +:100480003C028000AFB0001034420100AFBF001C3E
92533 +:10049000AFB20018AFB100148C43000094450008BF
92534 +:1004A0002462FE002C42038110400003000381C23D
92535 +:1004B0000A00010226100004240201001462000553
92536 +:1004C0003C1180003C02800890420004305000FF44
92537 +:1004D0003C11800036320100964300143202000FB6
92538 +:1004E00000021500004310253C0308008C63004403
92539 +:1004F00030A40004AE220080246300013C01080007
92540 +:10050000AC2300441080000730A200028FBF001C03
92541 +:100510008FB200188FB100148FB000100A0000CE07
92542 +:1005200027BD00201040002D0000182130A20080BF
92543 +:1005300010400005362200708E44001C0E000C672F
92544 +:10054000240500A0362200708C4400008F82000C2D
92545 +:10055000008210232C43012C10600004AF82001095
92546 +:10056000240300010A000145AF84000C8E42000400
92547 +:100570003C036020AF84000CAC6200143C02080015
92548 +:100580008C42005850400015000018218C62000475
92549 +:10059000240301FE304203FF144300100000182121
92550 +:1005A0002E020004104000032E0200080A00014041
92551 +:1005B0000000802114400003000000000A000140F8
92552 +:1005C0002610FFF90000000D2402000202021004B0
92553 +:1005D0003C036000AC626914000018218FBF001C4E
92554 +:1005E0008FB200188FB100148FB00010006010217E
92555 +:1005F00003E0000827BD00203C0480008C8301003C
92556 +:1006000024020100506200033C0280080000000D3B
92557 +:100610003C02800890430004000010213063000F6A
92558 +:1006200000031D0003E00008AC8300800004188074
92559 +:100630002782FF9C00621821000410C00044102390
92560 +:100640008C640000000210C03C030800246356E4E0
92561 +:10065000004310213C038000AC64009003E00008DC
92562 +:10066000AF8200243C0208008C42011410400019A3
92563 +:100670003084400030A2007F000231C03C02020002
92564 +:100680001080001400A218253C026020AC43001426
92565 +:100690003C0408008C8456B83C0308008C630110AD
92566 +:1006A0003C02800024050900AC4500200086202182
92567 +:1006B000246300013C028008AC4400643C01080053
92568 +:1006C000AC2301103C010800AC2456B803E000083C
92569 +:1006D000000000003C02602003E00008AC4500146C
92570 +:1006E00003E000080000102103E0000800001021D2
92571 +:1006F00030A2000810400008240201003C0208005B
92572 +:100700008C42010C244200013C010800AC22010C87
92573 +:1007100003E0000800000000148200080000000050
92574 +:100720003C0208008C4200FC244200013C0108000D
92575 +:10073000AC2200FC0A0001A330A200203C02080009
92576 +:100740008C420084244200013C010800AC22008459
92577 +:1007500030A200201040000830A200103C02080027
92578 +:100760008C420108244200013C010800AC2201082F
92579 +:1007700003E0000800000000104000080000000036
92580 +:100780003C0208008C420104244200013C010800A4
92581 +:10079000AC22010403E00008000000003C02080055
92582 +:1007A0008C420100244200013C010800AC220100FF
92583 +:1007B00003E000080000000027BDFFE0AFB1001417
92584 +:1007C0003C118000AFB20018AFBF001CAFB00010EA
92585 +:1007D0003632010096500008320200041040000733
92586 +:1007E000320300028FBF001C8FB200188FB10014BB
92587 +:1007F0008FB000100A0000CE27BD00201060000B53
92588 +:10080000020028218E2401000E00018A0000000051
92589 +:100810003202008010400003240500A10E000C6786
92590 +:100820008E44001C0A0001E3240200018E2301040F
92591 +:100830008F82000810430006020028218E24010048
92592 +:100840000E00018A000000008E220104AF82000821
92593 +:10085000000010218FBF001C8FB200188FB1001450
92594 +:100860008FB0001003E0000827BD00202C82000498
92595 +:1008700014400002000018212483FFFD240200021E
92596 +:10088000006210043C03600003E00008AC626914DD
92597 +:1008900027BDFFE0AFBF001CAFB20018AFB100141E
92598 +:1008A000AFB000103C048000948201083043700017
92599 +:1008B000240220001062000A2862200154400052E5
92600 +:1008C0008FBF001C24024000106200482402600018
92601 +:1008D0001062004A8FBF001C0A0002518FB200183C
92602 +:1008E00034820100904300098C5000189451000C90
92603 +:1008F000240200091062001C0000902128620009F7
92604 +:10090000144000218F8200242402000A5062001249
92605 +:10091000323100FF2402000B1062000F00000000C3
92606 +:100920002402000C146200188F8200243C0208008C
92607 +:100930008C4256B824030900AC83002000501021DB
92608 +:100940003C038008AC6200643C010800AC2256B84D
92609 +:100950000A0002508FBF001C0E0001E900102602A1
92610 +:100960000A0002308F8200240E0001E900102602E6
92611 +:100970003C0380089462001A8C72000C3042FFFF26
92612 +:10098000020280258F8200248C42000C5040001E01
92613 +:100990008FBF001C0E000D84000000003C02800090
92614 +:1009A00034420100944300088F82002400031C009D
92615 +:1009B0009444001E8F82002000641825AC50000073
92616 +:1009C00024040001AC510004AC520008AC40000CFF
92617 +:1009D000AC400010AC400014AC4000180E000DB844
92618 +:1009E000AC43001C0A0002508FBF001C0E000440E4
92619 +:1009F000000000000A0002508FBF001C0E000C9F78
92620 +:100A0000000000008FBF001C8FB200188FB10014CF
92621 +:100A10008FB000100000102103E0000827BD002067
92622 +:100A200027BDFFD8AFB400203C036010AFBF002447
92623 +:100A3000AFB3001CAFB20018AFB10014AFB00010DC
92624 +:100A40008C6450002402FF7F3C1408002694563822
92625 +:100A5000008220243484380CAC6450003C028000B6
92626 +:100A6000240300370E0014B0AC4300083C07080014
92627 +:100A700024E70618028010212404001D2484FFFFAF
92628 +:100A8000AC4700000481FFFD244200043C02080042
92629 +:100A9000244207C83C010800AC2256403C02080032
92630 +:100AA000244202303C030800246306203C04080072
92631 +:100AB000248403B43C05080024A506F03C06080085
92632 +:100AC00024C62C9C3C010800AC2256803C02080045
92633 +:100AD000244205303C010800AC2756843C01080044
92634 +:100AE000AC2656943C010800AC23569C3C010800FF
92635 +:100AF000AC2456A03C010800AC2556A43C010800DB
92636 +:100B0000AC2256A83C010800AC23563C3C0108002E
92637 +:100B1000AC2456443C010800AC2056603C0108005F
92638 +:100B2000AC2556643C010800AC2056703C0108001E
92639 +:100B3000AC27567C3C010800AC2656903C010800CE
92640 +:100B4000AC2356980E00056E00000000AF80000C2C
92641 +:100B50003C0280008C5300008F8300043C0208009C
92642 +:100B60008C420020106200213262000700008821C0
92643 +:100B70002792FF9C3C100800261056E43C02080017
92644 +:100B80008C42002024050001022518040043202483
92645 +:100B90008F820004004310245044000C26310001D1
92646 +:100BA00010800008AF9000248E4300003C028000BB
92647 +:100BB000AC4300900E000D4BAE05000C0A0002C1C4
92648 +:100BC00026310001AE00000C263100012E22000269
92649 +:100BD000261000381440FFE9265200043C020800A9
92650 +:100BE0008C420020AF820004326200071040FFD91F
92651 +:100BF0003C028000326200011040002D326200028F
92652 +:100C00003C0580008CA2010000002021ACA2002045
92653 +:100C10008CA301042C42078110400008ACA300A85B
92654 +:100C200094A2010824032000304270001443000302
92655 +:100C30003C02800890420005304400FF0E0001593C
92656 +:100C4000000000003C0280009042010B304300FF96
92657 +:100C50002C62001E54400004000310800E00018628
92658 +:100C60000A0002EC00000000005410218C42000039
92659 +:100C70000040F80900000000104000043C02800021
92660 +:100C80008C4301043C026020AC4300143C02080089
92661 +:100C90008C4200343C0440003C03800024420001AC
92662 +:100CA000AC6401383C010800AC220034326200021E
92663 +:100CB00010400010326200043C1080008E0201409F
92664 +:100CC000000020210E000159AE0200200E00038317
92665 +:100CD000000000003C024000AE0201783C02080027
92666 +:100CE0008C420038244200013C010800AC2200384C
92667 +:100CF000326200041040FF973C0280003C108000EC
92668 +:100D00008E020180000020210E000159AE02002059
92669 +:100D10008E03018024020F00546200073C02800809
92670 +:100D20008E0201883C0300E03042FFFF00431025A3
92671 +:100D30000A000328AE020080344200809042000086
92672 +:100D400024030050304200FF14430007000000005D
92673 +:100D50000E000362000000001440000300000000C9
92674 +:100D60000E000971000000003C0208008C42003CAB
92675 +:100D70003C0440003C03800024420001AC6401B804
92676 +:100D80003C010800AC22003C0A0002A33C028000A7
92677 +:100D90003C02900034420001008220253C02800089
92678 +:100DA000AC4400203C0380008C6200200440FFFE25
92679 +:100DB0000000000003E00008000000003C0280008A
92680 +:100DC000344300010083202503E00008AC440020E8
92681 +:100DD00027BDFFE0AFB10014AFB000100080882144
92682 +:100DE000AFBF00180E00033230B000FF8F83FF94B6
92683 +:100DF000022020219062002502028025A07000259B
92684 +:100E00008C7000183C0280000E00033D020280241A
92685 +:100E10001600000B8FBF00183C0480008C8201F884
92686 +:100E20000440FFFE348201C024030002AC510000E4
92687 +:100E3000A04300043C021000AC8201F88FBF0018F0
92688 +:100E40008FB100148FB0001003E0000827BD002010
92689 +:100E500027BDFFE83C028000AFBF00103442018094
92690 +:100E6000944300048C4400083063020010600005C5
92691 +:100E7000000028210E00100C000000000A0003787A
92692 +:100E8000240500013C02FF000480000700821824B2
92693 +:100E90003C02040014620004240500018F82FF94C8
92694 +:100EA00090420008240500018FBF001000A010210F
92695 +:100EB00003E0000827BD00188F82FF982405000179
92696 +:100EC000A040001A3C028000344201400A00034264
92697 +:100ED0008C4400008F85FF9427BDFFE0AFBF001C4E
92698 +:100EE000AFB20018AFB10014AFB0001090A2000074
92699 +:100EF000304400FF38830020388200300003182B74
92700 +:100F00000002102B0062182410600003240200501D
92701 +:100F1000148200A88FBF001C90A20005304200017F
92702 +:100F2000104000A48FBF001C3C02800034420140EE
92703 +:100F3000904200082443FFFF2C6200051040009EF1
92704 +:100F40008FB20018000310803C030800246355ACE6
92705 +:100F5000004310218C420000004000080000000007
92706 +:100F60003C028000345101400E0003328E24000008
92707 +:100F70008F92FF948E2200048E50000C1602000205
92708 +:100F800024020001AE42000C0E00033D8E2400003E
92709 +:100F90008E220004145000068FBF001C8FB2001870
92710 +:100FA0008FB100148FB000100A000F7827BD002009
92711 +:100FB0008E42000C0A000419000000003C0480006E
92712 +:100FC0003482014094A300108C4200043063FFFF80
92713 +:100FD0001443001C0000000024020001A4A2001021
92714 +:100FE0008C8202380441000F3C0380003C02003F29
92715 +:100FF0003448F0003C0760003C06FFC08CE22BBC8C
92716 +:1010000000461824004810240002130200031D8229
92717 +:10101000106200583C0280008C8202380440FFF7C6
92718 +:101020003C038000346201408C44000034620200C2
92719 +:10103000AC4400003C021000AC6202380A00043BE1
92720 +:101040008FBF001C94A200100A00041900000000C9
92721 +:10105000240200201482000F3C0280003C03800028
92722 +:1010600094A20012346301408C6300043042FFFFFD
92723 +:10107000146200050000000024020001A4A2001276
92724 +:101080000A0004028FBF001C94A200120A00041977
92725 +:1010900000000000345101400E0003328E24000095
92726 +:1010A0008F92FF948E230004964200123050FFFF6F
92727 +:1010B0001603000224020001A64200120E00033DA6
92728 +:1010C0008E2400008E220004160200068FBF001C32
92729 +:1010D0008FB200188FB100148FB000100A00037C8B
92730 +:1010E00027BD0020964200120A00041900000000EB
92731 +:1010F0003C03800094A20014346301408C6300041C
92732 +:101100003042FFFF14620008240200018FBF001C60
92733 +:101110008FB200188FB100148FB00010A4A2001479
92734 +:101120000A00146327BD002094A20014144000217B
92735 +:101130008FBF001C0A000435000000003C03800043
92736 +:1011400094A20016346301408C6300043042FFFF18
92737 +:101150001462000D240200018FBF001C8FB2001822
92738 +:101160008FB100148FB00010A4A200160A000B1457
92739 +:1011700027BD00209442007824420004A4A200105D
92740 +:101180000A00043B8FBF001C94A200162403000138
92741 +:101190003042FFFF144300078FBF001C3C020800D1
92742 +:1011A0008C420070244200013C010800AC22007017
92743 +:1011B0008FBF001C8FB200188FB100148FB00010C9
92744 +:1011C00003E0000827BD002027BDFFD8AFB20018FC
92745 +:1011D0008F92FF94AFB10014AFBF0020AFB3001CDB
92746 +:1011E000AFB000103C028000345101008C5001006F
92747 +:1011F0009242000092230009304400FF2402001FA5
92748 +:10120000106200AB28620020104000192402003850
92749 +:101210002862000A1040000D2402000B286200081A
92750 +:101220001040002E8F820024046001042862000216
92751 +:101230001440002A8F820024240200061062002637
92752 +:101240008FBF00200A00055F8FB3001C1062006092
92753 +:101250002862000B144000FA8FBF00202402000E09
92754 +:10126000106200788F8200240A00055F8FB3001C93
92755 +:10127000106200D2286200391040000A2402008067
92756 +:1012800024020036106200E528620037104000C3D7
92757 +:1012900024020035106200D98FBF00200A00055FCC
92758 +:1012A0008FB3001C1062002D2862008110400006E0
92759 +:1012B000240200C824020039106200C98FBF002038
92760 +:1012C0000A00055F8FB3001C106200A28FBF0020D0
92761 +:1012D0000A00055F8FB3001C8F8200248C42000C33
92762 +:1012E000104000D78FBF00200E000D8400000000CA
92763 +:1012F0003C038000346301008C6200008F85002075
92764 +:10130000946700089466000CACA200008C64000492
92765 +:101310008F82002400063400ACA400049448001E10
92766 +:101320008C62001800073C0000E83825ACA20008D9
92767 +:101330008C62001C24040001ACA2000C9062000A24
92768 +:1013400000C23025ACA60010ACA00014ACA0001860
92769 +:10135000ACA7001C0A00051D8FBF00208F8200244F
92770 +:101360008C42000C104000B68FBF00200E000D8490
92771 +:10137000000000008F820024962400089625000CAF
92772 +:101380009443001E000422029626000E8F82002045
92773 +:10139000000426000083202500052C003C0300806B
92774 +:1013A00000A6282500832025AC400000AC400004A6
92775 +:1013B000AC400008AC40000CAC450010AC40001440
92776 +:1013C000AC400018AC44001C0A00051C24040001B9
92777 +:1013D0009622000C14400018000000009242000504
92778 +:1013E0003042001014400014000000000E000332D0
92779 +:1013F0000200202192420005020020213442001008
92780 +:101400000E00033DA242000592420000240300208A
92781 +:10141000304200FF10430089020020218FBF0020CE
92782 +:101420008FB3001C8FB200188FB100148FB0001062
92783 +:101430000A00107527BD00280000000D0A00055E97
92784 +:101440008FBF00208C42000C1040007D8FBF002019
92785 +:101450000E000D84000000008E2200048F84002006
92786 +:101460009623000CAC8200003C0280089445002CBE
92787 +:101470008F82002400031C0030A5FFFF9446001E4D
92788 +:101480003C02400E0065182500C23025AC830004E4
92789 +:10149000AC800008AC80000CAC800010AC80001464
92790 +:1014A000AC800018AC86001C0A00051C2404000156
92791 +:1014B0000E000332020020218F93FF9802002021AA
92792 +:1014C0000E00033DA660000C020020210E00034226
92793 +:1014D000240500018F8200248C42000C104000582B
92794 +:1014E0008FBF00200E000D84000000009622000C2B
92795 +:1014F0008F83002000021400AC700000AC62000476
92796 +:10150000AC6000088E4400388F820024AC64000C6C
92797 +:101510008E46003C9445001E3C02401FAC66001005
92798 +:1015200000A228258E62000424040001AC6200148D
92799 +:10153000AC600018AC65001C8FBF00208FB3001C8E
92800 +:101540008FB200188FB100148FB000100A000DB8D0
92801 +:1015500027BD0028240200201082003A8FB3001C0F
92802 +:101560000E000F5E00000000104000358FBF00200D
92803 +:101570003C0480008C8201F80440FFFE348201C0EC
92804 +:1015800024030002AC500000A04300043C02100001
92805 +:10159000AC8201F80A00055E8FBF00200200202106
92806 +:1015A0008FBF00208FB3001C8FB200188FB10014C2
92807 +:1015B0008FB000100A000EA727BD00289625000C4A
92808 +:1015C000020020218FBF00208FB3001C8FB20018B3
92809 +:1015D0008FB100148FB000100A000ECC27BD002878
92810 +:1015E000020020218FB3001C8FB200188FB10014AD
92811 +:1015F0008FB000100A000EF727BD00289225000DBD
92812 +:10160000020020218FB3001C8FB200188FB100148C
92813 +:101610008FB000100A000F4827BD002802002021CB
92814 +:101620008FBF00208FB3001C8FB200188FB1001441
92815 +:101630008FB000100A000F1F27BD00288FBF0020A9
92816 +:101640008FB3001C8FB200188FB100148FB0001040
92817 +:1016500003E0000827BD00283C0580008CA202782A
92818 +:101660000440FFFE34A2024024030002AC44000008
92819 +:10167000A04300043C02100003E00008ACA2027882
92820 +:10168000A380001803E00008A38000193C03800039
92821 +:101690008C6202780440FFFE8F82001CAC62024024
92822 +:1016A00024020002A06202443C02100003E0000891
92823 +:1016B000AC6202783C02600003E000088C425404F3
92824 +:1016C0009083003024020005008040213063003FF9
92825 +:1016D0000000482114620005000050219082004C57
92826 +:1016E0009483004E304900FF306AFFFFAD00000CCC
92827 +:1016F000AD000010AD000024950200148D05001C03
92828 +:101700008D0400183042FFFF004910230002110031
92829 +:10171000000237C3004038210086202300A2102B8E
92830 +:101720000082202300A72823AD05001CAD0400186B
92831 +:10173000A5090014A5090020A50A001603E0000869
92832 +:10174000A50A002203E000080000000027BDFFD822
92833 +:10175000AFB200183C128008AFB40020AFB3001C39
92834 +:10176000AFB10014AFBF0024AFB00010365101007C
92835 +:101770003C0260008C4254049222000C3C1408008D
92836 +:10178000929400F7304300FF2402000110620032FF
92837 +:101790000080982124020002146200353650008037
92838 +:1017A0000E00143D000000009202004C2403FF8054
92839 +:1017B0003C0480003042007F000211C024420240FD
92840 +:1017C0000262102100431824AC8300949245000863
92841 +:1017D0009204004C3042007F3C03800614850007D1
92842 +:1017E000004380212402FFFFA22200112402FFFFF8
92843 +:1017F000A62200120A0005D22402FFFF9602002052
92844 +:10180000A222001196020022A62200128E020024BB
92845 +:101810003C048008AE2200143485008090A2004C65
92846 +:1018200034830100A06200108CA2003CAC6200185E
92847 +:101830008C820068AC6200F48C820064AC6200F0C0
92848 +:101840008C82006CAC6200F824020001A0A2006847
92849 +:101850000A0005EE3C0480080E001456000000004B
92850 +:1018600036420080A04000680A0005EE3C04800873
92851 +:10187000A2000068A20000690A0006293C02800854
92852 +:10188000348300808C62003834850100AC62006CC7
92853 +:1018900024020001A062006990A200D59083000894
92854 +:1018A000305100FF3072007F12320019001111C058
92855 +:1018B00024420240026210212403FF8000431824C6
92856 +:1018C0003C048000AC8300943042007F3C038006DF
92857 +:1018D000004380218E02000C1040000D02002021E8
92858 +:1018E0000E00057E0000000026220001305100FF9E
92859 +:1018F0009203003C023410260002102B0002102339
92860 +:101900003063007F022288240A0005F8A203003C0D
92861 +:101910003C088008350401008C8200E03507008017
92862 +:10192000ACE2003C8C8200E0AD02000090E5004C8F
92863 +:10193000908600D590E3004C908400D52402FF806F
92864 +:1019400000A228243063007F308400FF00A62825F1
92865 +:101950000064182A1060000230A500FF38A500803E
92866 +:10196000A0E5004CA10500093C0280089043000E50
92867 +:10197000344400803C058000A043000A8C8300189A
92868 +:101980003C027FFF3442FFFF00621824AC83001842
92869 +:101990008CA201F80440FFFE00000000ACB301C0BF
92870 +:1019A0008FBF00248FB400208FB3001C8FB20018AB
92871 +:1019B0008FB100148FB0001024020002A0A201C455
92872 +:1019C00027BD00283C02100003E00008ACA201F88B
92873 +:1019D00090A2000024420001A0A200003C030800E5
92874 +:1019E0008C6300F4304200FF144300020080302179
92875 +:1019F000A0A0000090A200008F84001C000211C073
92876 +:101A00002442024024830040008220212402FF80DF
92877 +:101A1000008220243063007F3C02800A006218218B
92878 +:101A20003C028000AC44002403E00008ACC300008A
92879 +:101A300094820006908300058C85000C8C86001033
92880 +:101A40008C8700188C88001C8C8400203C010800C6
92881 +:101A5000A42256C63C010800A02356C53C0108003C
92882 +:101A6000AC2556CC3C010800AC2656D03C01080001
92883 +:101A7000AC2756D83C010800AC2856DC3C010800D5
92884 +:101A8000AC2456E003E00008000000003C0280089F
92885 +:101A9000344201008C4400343C038000346504006F
92886 +:101AA000AC6400388C420038AF850028AC62003C42
92887 +:101AB0003C020005AC6200300000000000000000A5
92888 +:101AC00003E00008000000003C020006308400FF34
92889 +:101AD000008220253C028000AC4400300000000061
92890 +:101AE00000000000000000003C0380008C62000049
92891 +:101AF000304200101040FFFD3462040003E0000893
92892 +:101B0000AF82002894C200003C080800950800CA73
92893 +:101B100030E7FFFF0080482101021021A4C200002D
92894 +:101B200094C200003042FFFF00E2102B544000013D
92895 +:101B3000A4C7000094A200003C0308008C6300CC02
92896 +:101B400024420001A4A2000094A200003042FFFF42
92897 +:101B5000144300073C0280080107102BA4A00000DA
92898 +:101B60005440000101003821A4C700003C02800855
92899 +:101B7000344601008CC3002894A200003C0480007D
92900 +:101B80003042FFFE000210C000621021AC82003C17
92901 +:101B90008C82003C006218231860000400000000E2
92902 +:101BA0008CC200240A0006BA244200018CC2002420
92903 +:101BB000AC8200383C020050344200103C038000EC
92904 +:101BC000AC620030000000000000000000000000D7
92905 +:101BD0008C620000304200201040FFFD0000000039
92906 +:101BE00094A200003C04800030420001000210C0BA
92907 +:101BF000004410218C430400AD2300008C420404F7
92908 +:101C0000AD2200043C02002003E00008AC8200305A
92909 +:101C100027BDFFE0AFB20018AFB10014AFB00010A5
92910 +:101C2000AFBF001C94C2000000C080213C1208001D
92911 +:101C3000965200C624420001A6020000960300004E
92912 +:101C400094E2000000E03021144300058FB1003021
92913 +:101C50000E00068F024038210A0006F10000000045
92914 +:101C60008C8300048C82000424420040046100073D
92915 +:101C7000AC8200048C8200040440000400000000D8
92916 +:101C80008C82000024420001AC8200009602000019
92917 +:101C90003042FFFF50520001A600000096220000D3
92918 +:101CA00024420001A62200003C02800834420100C8
92919 +:101CB000962300009442003C144300048FBF001C94
92920 +:101CC00024020001A62200008FBF001C8FB2001862
92921 +:101CD0008FB100148FB0001003E0000827BD002072
92922 +:101CE00027BDFFE03C028008AFBF0018344201006E
92923 +:101CF0008C4800343C03800034690400AC68003830
92924 +:101D00008C42003830E700FFAF890028AC62003C0D
92925 +:101D10003C020005AC620030000000000000000042
92926 +:101D200000000000000000000000000000000000B3
92927 +:101D30008C82000C8C82000C97830016AD22000070
92928 +:101D40008C82001000604021AD2200048C820018BB
92929 +:101D5000AD2200088C82001CAD22000C8CA2001465
92930 +:101D6000AD2200108C820020AD220014908200056C
92931 +:101D7000304200FF00021200AD2200188CA20018B1
92932 +:101D8000AD22001C8CA2000CAD2200208CA2001001
92933 +:101D9000AD2200248CA2001CAD2200288CA20020C1
92934 +:101DA000AD22002C3402FFFFAD260030AD20003400
92935 +:101DB000506200013408FFFFAD28003850E00011E8
92936 +:101DC0003C0280083C048008348401009482005066
92937 +:101DD0003042FFFFAD22003C9483004494850044D0
92938 +:101DE000240200013063FFFF000318C200641821C1
92939 +:101DF0009064006430A5000700A210040A00075C8C
92940 +:101E00000044102534420100AD20003C94430044BE
92941 +:101E1000944400443063FFFF000318C2006218219D
92942 +:101E200030840007906500642402000100821004E1
92943 +:101E30000002102700451024A0620064000000008A
92944 +:101E400000000000000000003C0200063442004098
92945 +:101E50003C038000AC620030000000000000000085
92946 +:101E6000000000008C620000304200101040FFFDB6
92947 +:101E70003C06800834C201503463040034C7014A70
92948 +:101E800034C4013434C5014034C60144AFA200104B
92949 +:101E90000E0006D2AF8300288FBF001803E00008B1
92950 +:101EA00027BD00208F8300143C0608008CC600E884
92951 +:101EB0008F82001C30633FFF000319800046102111
92952 +:101EC000004310212403FF80004318243C068000B7
92953 +:101ED000ACC300283042007F3C03800C004330211B
92954 +:101EE00090C2000D30A500FF0000382134420010E0
92955 +:101EF000A0C2000D8F8900143C028008344201000A
92956 +:101F00009443004400091382304800032402000176
92957 +:101F1000A4C3000E1102000B2902000210400005AC
92958 +:101F2000240200021100000C240300010A0007A48F
92959 +:101F30000000182111020006000000000A0007A49A
92960 +:101F4000000018218CC2002C0A0007A424430001C1
92961 +:101F50008CC20014244300018CC200180043102BD3
92962 +:101F60005040000A240700012402002714A20003A5
92963 +:101F70003C0380080A0007B1240700013463010014
92964 +:101F80009462004C24420001A462004C00091382B8
92965 +:101F9000304300032C620002104000090080282119
92966 +:101FA000146000040000000094C200340A0007C15D
92967 +:101FB0003046FFFF8CC600380A0007C10080282188
92968 +:101FC000000030213C040800248456C00A000706A3
92969 +:101FD0000000000027BDFF90AFB60068AFB50064F9
92970 +:101FE000AFB40060AFB3005CAFB20058AFB1005403
92971 +:101FF000AFBF006CAFB000508C9000000080B021EB
92972 +:102000003C0208008C4200E8960400328F83001CDA
92973 +:102010002414FF8030843FFF0062182100042180D7
92974 +:1020200000641821007410243C13800000A090214B
92975 +:1020300090A50000AE620028920400323C02800CA1
92976 +:102040003063007F00628821308400C02402004099
92977 +:10205000148200320000A8218E3500388E2200182C
92978 +:102060001440000224020001AE2200189202003C3B
92979 +:10207000304200201440000E8F83001C000511C068
92980 +:102080002442024000621821306400783C02008043
92981 +:102090000082202500741824AE630800AE64081086
92982 +:1020A0008E2200188E03000800431021AE22001873
92983 +:1020B0008E22002C8E230018244200010062182B6F
92984 +:1020C0001060004300000000924200002442000122
92985 +:1020D000A24200003C0308008C6300F4304200FF81
92986 +:1020E00050430001A2400000924200008F84001C77
92987 +:1020F000000211C024420240248300403063007F6C
92988 +:10210000008220213C02800A0094202400621821D1
92989 +:10211000AE6400240A0008D2AEC30000920300326D
92990 +:102120002402FFC000431024304200FF1440000589
92991 +:1021300024020001AE220018962200340A00084250
92992 +:102140003055FFFF8E22001424420001AE220018F9
92993 +:102150009202003000021600000216030441001C27
92994 +:10216000000000009602003227A400100080282101
92995 +:10217000A7A20016960200320000302124070001B9
92996 +:102180003042FFFFAF8200140E000706AFA0001C14
92997 +:10219000960200328F83001C3C0408008C8400E807
92998 +:1021A00030423FFF000211800064182100621821B4
92999 +:1021B00000741024AE62002C3063007F3C02800E5D
93000 +:1021C000006218219062000D3042007FA062000D75
93001 +:1021D0009222000D304200105040007892420000E0
93002 +:1021E0003C028008344401009482004C8EC30000FD
93003 +:1021F0003C130800967300C62442FFFFA482004CE3
93004 +:10220000946200329623000E3054FFFF3070FFFFBF
93005 +:102210003C0308008C6300D000701807A7A30038A7
93006 +:102220009482003E3063FFFF3042FFFF14620007DC
93007 +:10223000000000008C8200303C038000244200300B
93008 +:10224000AC62003C0A00086A8C82002C9482004038
93009 +:102250003042FFFF5462000927A400408C820038FE
93010 +:102260003C03800024420030AC62003C8C8200348D
93011 +:10227000AC6200380A0008793C03800027A50038CA
93012 +:1022800027A60048026038210E00068FA7A000484C
93013 +:102290008FA300403C02800024630030AC43003830
93014 +:1022A0008FA30044AC43003C3C0380003C0200058B
93015 +:1022B000AC6200303C028008344401009482004249
93016 +:1022C000346304003042FFFF0202102B1440000769
93017 +:1022D000AF8300289482004E9483004202021021B2
93018 +:1022E000004310230A00088F3043FFFF9483004E01
93019 +:1022F00094820042026318210050102300621823C8
93020 +:102300003063FFFF3C028008344401009482003CAB
93021 +:102310003042FFFF14430003000000000A00089F42
93022 +:10232000240300019482003C3042FFFF0062102B26
93023 +:10233000144000058F8200289482003C0062102324
93024 +:102340003043FFFF8F820028AC550000AC400004F2
93025 +:10235000AC540008AC43000C3C02000634420010B0
93026 +:102360003C038000AC620030000000000000000070
93027 +:10237000000000008C620000304200101040FFFDA1
93028 +:102380003C04800834840100001018C20064182145
93029 +:102390009065006432020007240600010046100424
93030 +:1023A00000451025A0620064948300429622000E2E
93031 +:1023B00050430001A386001892420000244200010D
93032 +:1023C000A24200003C0308008C6300F4304200FF8E
93033 +:1023D00050430001A2400000924200008F84001C84
93034 +:1023E000000211C0244202402483004000822021C8
93035 +:1023F0002402FF80008220243063007F3C02800A98
93036 +:10240000006218213C028000AC440024AEC30000EE
93037 +:102410008FBF006C8FB600688FB500648FB400600A
93038 +:102420008FB3005C8FB200588FB100548FB0005052
93039 +:1024300003E0000827BD007027BDFFD8AFB3001C24
93040 +:10244000AFB20018AFB10014AFB00010AFBF0020A2
93041 +:102450000080982100E0802130B1FFFF0E000D8444
93042 +:1024600030D200FF0000000000000000000000006B
93043 +:102470008F8200208F830024AC510000AC520004F6
93044 +:10248000AC530008AC40000CAC400010AC40001451
93045 +:10249000AC4000189463001E02038025AC50001C61
93046 +:1024A0000000000000000000000000002404000103
93047 +:1024B0008FBF00208FB3001C8FB200188FB10014A3
93048 +:1024C0008FB000100A000DB827BD002830A5FFFF0F
93049 +:1024D0000A0008DC30C600FF3C02800834430100DB
93050 +:1024E0009462000E3C080800950800C63046FFFFC5
93051 +:1024F00014C000043402FFFF946500EA0A000929B1
93052 +:102500008F84001C10C20027000000009462004E5F
93053 +:102510009464003C3045FFFF00A6102300A6182B52
93054 +:102520003087FFFF106000043044FFFF00C5102318
93055 +:1025300000E210233044FFFF0088102B1040000EF3
93056 +:1025400000E810233C028008344401002403000109
93057 +:1025500034420080A44300162402FFFFA482000E30
93058 +:10256000948500EA8F84001C0000302130A5FFFF15
93059 +:102570000A0009013C0760200044102A10400009AD
93060 +:102580003C0280083443008094620016304200010F
93061 +:10259000104000043C0280009442007E244200145B
93062 +:1025A000A462001603E000080000000027BDFFE061
93063 +:1025B0003C028008AFBF001CAFB0001834420100DD
93064 +:1025C000944300429442004C104000193068FFFFD1
93065 +:1025D0009383001824020001146200298FBF001C9D
93066 +:1025E0003C06800834D00100000810C200501021C1
93067 +:1025F000904200643103000734C70148304200FFB5
93068 +:10260000006210073042000134C9014E34C4012C6D
93069 +:1026100034C5013E1040001634C601420E0006D2F9
93070 +:10262000AFA90010960200420A0009463048FFFF99
93071 +:102630003C028008344401009483004494820042A8
93072 +:102640001043000F8FBF001C94820044A4820042FC
93073 +:1026500094820050A482004E8C820038AC820030FC
93074 +:1026600094820040A482003E9482004AA4820048E2
93075 +:102670008FBF001C8FB000180A00090427BD00207E
93076 +:102680008FB0001803E0000827BD002027BDFFA081
93077 +:10269000AFB1004C3C118000AFBF0058AFB3005445
93078 +:1026A000AFB20050AFB000483626018890C2000398
93079 +:1026B0003044007FA3A400108E32018090C200003D
93080 +:1026C0003043007F240200031062003BAF92001CE5
93081 +:1026D00028620004104000062402000424020002C4
93082 +:1026E000106200098FBF00580A000B0F8FB300540F
93083 +:1026F0001062004D240200051062014E8FBF005889
93084 +:102700000A000B0F8FB30054000411C002421021C5
93085 +:102710002404FF8024420240004410242643004049
93086 +:10272000AE2200243063007F3C02800A0062182140
93087 +:102730009062003CAFA3003C00441025A062003C26
93088 +:102740008FA3003C9062003C304200401040016C7E
93089 +:102750008FBF00583C108008A3800018361001007D
93090 +:102760008E0200E08C63003427A4003C27A50010F3
93091 +:10277000004310210E0007C3AE0200E093A2001038
93092 +:102780003C038000A20200D58C6202780440FFFE68
93093 +:102790008F82001CAC62024024020002A06202444C
93094 +:1027A0003C021000AC6202780E0009390000000003
93095 +:1027B0000A000B0E8FBF00583C05800890C3000133
93096 +:1027C00090A2000B1443014E8FBF005834A4008028
93097 +:1027D0008C8200189082004C90A200083C0260009D
93098 +:1027E0008C4254048C8300183C027FFF3442FFFF6C
93099 +:1027F000006218243C0208008C4200B4AC8300182C
93100 +:102800003C038000244200013C010800AC2200B4DB
93101 +:102810008C6201F80440FFFE8F82001CAC6201C094
93102 +:102820000A000AD6240200023C10800890C300016E
93103 +:102830009202000B144301328FBF005827A40018E6
93104 +:1028400036050110240600033C0260008C4254044B
93105 +:102850000E000E470000000027A40028360501F0F6
93106 +:102860000E000E47240600038FA200283603010045
93107 +:10287000AE0200648FA2002CAE0200688FA200306E
93108 +:10288000AE02006C93A40018906300D52402FF8070
93109 +:102890000082102400431025304900FF3084007F5F
93110 +:1028A0003122007F0082102A544000013929008023
93111 +:1028B000000411C0244202402403FF800242102180
93112 +:1028C00000431024AE220094264200403042007F94
93113 +:1028D0003C038006004340218FA3001C2402FFFF1D
93114 +:1028E000AFA800403C130800927300F71062003359
93115 +:1028F00093A2001995030014304400FF3063FFFFDA
93116 +:102900000064182B106000100000000095040014F3
93117 +:102910008D07001C8D0600183084FFFF0044202323
93118 +:102920000004210000E438210000102100E4202BE5
93119 +:1029300000C2302100C43021AD07001CAD060018D4
93120 +:102940000A000A2F93A20019950400148D07001C99
93121 +:102950008D0600183084FFFF008220230004210030
93122 +:10296000000010210080182100C2302300E4202B39
93123 +:1029700000C4302300E33823AD07001CAD06001867
93124 +:1029800093A200198FA30040A462001497A2001A1A
93125 +:10299000A46200168FA2001CAC6200108FA2001C63
93126 +:1029A000AC62000C93A20019A462002097A2001A46
93127 +:1029B000A46200228FA2001CAC6200243C048008A8
93128 +:1029C000348300808C6200388FA20020012088218F
93129 +:1029D000AC62003C8FA20020AC82000093A20018E1
93130 +:1029E000A062004C93A20018A0820009A0600068B9
93131 +:1029F00093A20018105100512407FF803229007F54
93132 +:102A0000000911C024420240024210213046007FDA
93133 +:102A10003C03800000471024AC6200943C02800616
93134 +:102A200000C2302190C2003CAFA60040000020212F
93135 +:102A300000471025A0C2003C8FA80040950200026C
93136 +:102A4000950300148D07001C3042FFFF3063FFFF29
93137 +:102A50008D060018004310230002110000E2382107
93138 +:102A600000E2102B00C4302100C23021AD07001C51
93139 +:102A7000AD06001895020002A5020014A50000167C
93140 +:102A80008D020008AD0200108D020008AD02000C9E
93141 +:102A900095020002A5020020A50000228D02000878
93142 +:102AA000AD0200249102003C304200401040001A68
93143 +:102AB000262200013C108008A3A90038A38000183A
93144 +:102AC000361001008E0200E08D03003427A4004080
93145 +:102AD00027A50038004310210E0007C3AE0200E016
93146 +:102AE00093A200383C038000A20200D58C620278D9
93147 +:102AF0000440FFFE8F82001CAC62024024020002F0
93148 +:102B0000A06202443C021000AC6202780E00093957
93149 +:102B100000000000262200013043007F14730004EF
93150 +:102B2000004020212403FF8002231024004320269C
93151 +:102B300093A200180A000A4B309100FF93A40018DA
93152 +:102B40008FA3001C2402FFFF1062000A308900FFDF
93153 +:102B500024820001248300013042007F14530005C9
93154 +:102B6000306900FF2403FF800083102400431026F7
93155 +:102B7000304900FF3C028008904200080120882173
93156 +:102B8000305000FF123000193222007F000211C0C5
93157 +:102B900002421021244202402403FF8000431824F3
93158 +:102BA0003C048000AC8300943042007F3C038006EC
93159 +:102BB000004310218C43000C004020211060000BCA
93160 +:102BC000AFA200400E00057E000000002623000199
93161 +:102BD0002405FF803062007F145300020225202468
93162 +:102BE000008518260A000AAF307100FF3C048008F7
93163 +:102BF000348400808C8300183C027FFF3442FFFF46
93164 +:102C000000621824AC8300183C0380008C6201F839
93165 +:102C10000440FFFE00000000AC7201C0240200026C
93166 +:102C2000A06201C43C021000AC6201F80A000B0E65
93167 +:102C30008FBF00583C04800890C300019082000BB5
93168 +:102C40001443002F8FBF0058349000809202000878
93169 +:102C500030420040104000200000000092020008B6
93170 +:102C60000002160000021603044100050240202164
93171 +:102C70000E000ECC240500930A000B0E8FBF0058E7
93172 +:102C80009202000924030018304200FF1443000D93
93173 +:102C900002402021240500390E000E64000030217E
93174 +:102CA0000E0003328F84001C8F82FF9424030012D5
93175 +:102CB000A04300090E00033D8F84001C0A000B0E88
93176 +:102CC0008FBF0058240500360E000E64000030212E
93177 +:102CD0000A000B0E8FBF00580E0003320240202165
93178 +:102CE000920200058F84001C344200200E00033D38
93179 +:102CF000A20200050E0010758F84001C8FBF0058C3
93180 +:102D00008FB300548FB200508FB1004C8FB0004889
93181 +:102D100003E0000827BD00603C0280083445010044
93182 +:102D20003C0280008C42014094A3000E0000302140
93183 +:102D300000402021AF82001C3063FFFF3402FFFF00
93184 +:102D4000106200063C0760202402FFFFA4A2000ED0
93185 +:102D500094A500EA0A00090130A5FFFF03E000087E
93186 +:102D60000000000027BDFFC83C0280003C06800830
93187 +:102D7000AFB5002CAFB1001CAFBF0030AFB400281E
93188 +:102D8000AFB30024AFB20020AFB00018345101003F
93189 +:102D900034C501008C4301008E2200148CA400E491
93190 +:102DA0000000A821AF83001C0044102318400052EB
93191 +:102DB000A38000188E22001400005021ACA200E471
93192 +:102DC00090C3000890A200D53073007FA3A200102A
93193 +:102DD0008CB200E08CB400E4304200FF1053003BA2
93194 +:102DE00093A200108F83001C2407FF80000211C0F3
93195 +:102DF0000062102124420240246300400047102456
93196 +:102E00003063007F3C0980003C08800A006818217C
93197 +:102E1000AD2200248C62003427A4001427A50010E2
93198 +:102E2000024280210290102304400028AFA3001426
93199 +:102E30009062003C00E21024304200FF1440001970
93200 +:102E4000020090219062003C34420040A062003CAD
93201 +:102E50008F86001C93A3001024C200403042007FE4
93202 +:102E6000004828213C0208008C4200F42463000141
93203 +:102E7000306400FF14820002A3A30010A3A000107E
93204 +:102E800093A20010AFA50014000211C0244202401A
93205 +:102E900000C2102100471024AD2200240A000B4577
93206 +:102EA00093A200100E0007C3000000003C0280083F
93207 +:102EB00034420100AC5000E093A30010240A00014A
93208 +:102EC000A04300D50A000B4593A200102402000184
93209 +:102ED000154200093C0380008C6202780440FFFE2A
93210 +:102EE0008F82001CAC62024024020002A0620244F5
93211 +:102EF0003C021000AC6202789222000B2403000214
93212 +:102F0000304200FF144300720000000096220008C7
93213 +:102F1000304300FF24020082146200402402008437
93214 +:102F20003C028000344901008D22000C95230006EC
93215 +:102F3000000216023063FFFF3045003F24020027E5
93216 +:102F400010A2000FAF83001428A200281040000830
93217 +:102F5000240200312402002110A2000924020025CD
93218 +:102F600010A20007938200190A000BBD00000000A8
93219 +:102F700010A20007938200190A000BBD0000000098
93220 +:102F80000E000777012020210A000C3D0000000000
93221 +:102F90003C0380008C6202780440FFFE8F82001C9C
93222 +:102FA000AC62024024020002A06202443C02100013
93223 +:102FB000AC6202780A000C3D000000009523000678
93224 +:102FC000912400058D25000C8D2600108D270018FA
93225 +:102FD0008D28001C8D290020244200013C0108009E
93226 +:102FE000A42356C63C010800A02456C53C01080095
93227 +:102FF000AC2556CC3C010800AC2656D03C0108005C
93228 +:10300000AC2756D83C010800AC2856DC3C0108002F
93229 +:10301000AC2956E00A000C3DA38200191462000A94
93230 +:10302000240200813C02800834420100944500EAF9
93231 +:10303000922600058F84001C30A5FFFF30C600FFDC
93232 +:103040000A000BFE3C0760211462005C00000000D7
93233 +:103050009222000A304300FF306200201040000737
93234 +:10306000306200403C02800834420100944500EA8E
93235 +:103070008F84001C0A000BFC24060040104000074F
93236 +:10308000000316003C02800834420100944500EA27
93237 +:103090008F84001C0A000BFC24060041000216036A
93238 +:1030A000044100463C02800834420100944500EA95
93239 +:1030B0008F84001C2406004230A5FFFF3C076019E6
93240 +:1030C0000E000901000000000A000C3D0000000095
93241 +:1030D0009222000B24040016304200FF1044000628
93242 +:1030E0003C0680009222000B24030017304200FFB0
93243 +:1030F000144300320000000034C5010090A2000B10
93244 +:10310000304200FF1444000B000080218CA20020FC
93245 +:103110008CA400202403FF800043102400021140EF
93246 +:103120003084007F004410253C032000004310251C
93247 +:10313000ACC2083094A2000800021400000214037C
93248 +:10314000044200012410000194A2000830420080D3
93249 +:103150005040001A0200A82194A20008304220002A
93250 +:10316000504000160200A8218CA300183C021C2D20
93251 +:10317000344219ED106200110200A8213C0208003F
93252 +:103180008C4200D4104000053C0280082403000457
93253 +:1031900034420100A04300FC3C028008344201009C
93254 +:1031A000944500EA8F84001C2406000630A5FFFF2A
93255 +:1031B0000E0009013C0760210200A8210E00093918
93256 +:1031C000000000009222000A304200081040000473
93257 +:1031D00002A010210E0013790000000002A01021AF
93258 +:1031E0008FBF00308FB5002C8FB400288FB3002420
93259 +:1031F0008FB200208FB1001C8FB0001803E00008D0
93260 +:1032000027BD00382402FF80008220243C02900069
93261 +:1032100034420007008220253C028000AC4400209C
93262 +:103220003C0380008C6200200440FFFE0000000090
93263 +:1032300003E00008000000003C0380002402FF803F
93264 +:10324000008220243462000700822025AC64002024
93265 +:103250008C6200200440FFFE0000000003E0000834
93266 +:103260000000000027BDFFD8AFB3001CAFB10014B1
93267 +:10327000AFB00010AFBF0020AFB200183C1180000B
93268 +:103280003C0280088E32002034530100AE2400201E
93269 +:10329000966300EA000514003C074000004738250B
93270 +:1032A00000A08021000030210E0009013065FFFFE1
93271 +:1032B000240200A1160200022402FFFFA2620009FC
93272 +:1032C000AE3200208FBF00208FB3001C8FB20018D9
93273 +:1032D0008FB100148FB0001003E0000827BD002854
93274 +:1032E0003C0280082403000527BDFFE834420100AA
93275 +:1032F000A04300FCAFBF00103C0280008C420100E4
93276 +:10330000240500A1004020210E000C67AF82001CA4
93277 +:103310003C0380008C6202780440FFFE8F82001C18
93278 +:103320008FBF001027BD0018AC62024024020002CB
93279 +:10333000A06202443C021000AC62027803E0000884
93280 +:103340000000000027BDFFE83C068000AFBF001072
93281 +:1033500034C7010094E20008304400FF3883008243
93282 +:10336000388200842C6300012C4200010062182581
93283 +:103370001060002D24020083938200195040003B0E
93284 +:103380008FBF00103C020800904256CC8CC4010054
93285 +:103390003C06080094C656C63045003F38A30032AC
93286 +:1033A00038A2003F2C6300012C4200010062182566
93287 +:1033B000AF84001CAF860014A380001914600007BE
93288 +:1033C00000E020212402002014A2001200000000CE
93289 +:1033D0003402FFFF14C2000F00000000240200208E
93290 +:1033E00014A2000500E028218CE300142402FFFF52
93291 +:1033F0005062000B8FBF00103C040800248456C0AC
93292 +:10340000000030210E000706240700010A000CD638
93293 +:103410008FBF00100E000777000000008FBF001064
93294 +:103420000A00093927BD001814820004240200850F
93295 +:103430008CC501040A000CE1000020211482000662
93296 +:103440002482FF808CC50104240440008FBF00103B
93297 +:103450000A00016727BD0018304200FF2C4200021D
93298 +:1034600010400004240200228FBF00100A000B2726
93299 +:1034700027BD0018148200048F8200248FBF001023
93300 +:103480000A000C8627BD00188C42000C1040001E5C
93301 +:1034900000E0282190E300092402001814620003D0
93302 +:1034A000240200160A000CFC240300081462000722
93303 +:1034B00024020017240300123C02800834420080DA
93304 +:1034C000A04300090A000D0994A7000854620007F0
93305 +:1034D00094A700088F82FF942404FFFE9043000508
93306 +:1034E00000641824A043000594A7000890A6001BC0
93307 +:1034F0008CA4000094A500068FBF001000073C00BC
93308 +:103500000A0008DC27BD00188FBF001003E0000888
93309 +:1035100027BD00188F8500243C04800094A2002A57
93310 +:103520008CA30034000230C02402FFF000C210243B
93311 +:1035300000621821AC83003C8CA200303C03800068
93312 +:10354000AC8200383C02005034420010AC620030C3
93313 +:103550000000000000000000000000008C6200007D
93314 +:10356000304200201040FFFD30C20008104000062D
93315 +:103570003C0280008C620408ACA200208C62040C27
93316 +:103580000A000D34ACA200248C430400ACA300203C
93317 +:103590008C420404ACA200243C0300203C028000C6
93318 +:1035A000AC4300303C0480008C8200300043102487
93319 +:1035B0001440FFFD8F8600243C020040AC820030A6
93320 +:1035C00094C3002A94C2002894C4002C94C5002EF1
93321 +:1035D00024630001004410213064FFFFA4C20028CE
93322 +:1035E00014850002A4C3002AA4C0002A03E0000836
93323 +:1035F000000000008F84002427BDFFE83C05800404
93324 +:1036000024840010AFBF00100E000E472406000AED
93325 +:103610008F840024948200129483002E3042000F85
93326 +:10362000244200030043180424027FFF0043102BB0
93327 +:1036300010400002AC8300000000000D0E000D13CE
93328 +:10364000000000008F8300248FBF001027BD0018EA
93329 +:10365000946200149463001A3042000F00021500B7
93330 +:10366000006218253C02800003E00008AC4300A083
93331 +:103670008F8300243C028004944400069462001A64
93332 +:103680008C650000A4640016004410233042FFFF44
93333 +:103690000045102B03E00008384200018F8400240D
93334 +:1036A0003C0780049486001A8C85000094E2000692
93335 +:1036B000A482001694E3000600C310233042FFFFEB
93336 +:1036C0000045102B384200011440FFF8A483001677
93337 +:1036D00003E00008000000008F8400243C02800406
93338 +:1036E000944200069483001A8C850000A482001680
93339 +:1036F000006210233042FFFF0045102B38420001CA
93340 +:103700005040000D8F850024006030213C0780046C
93341 +:1037100094E20006A482001694E3000600C310237E
93342 +:103720003042FFFF0045102B384200011440FFF8E3
93343 +:10373000A48300168F8500243C03800034620400BB
93344 +:103740008CA40020AF820020AC6400388CA200243E
93345 +:10375000AC62003C3C020005AC62003003E00008B3
93346 +:10376000ACA000048F8400243C0300068C8200047B
93347 +:1037700000021140004310253C038000AC62003081
93348 +:103780000000000000000000000000008C6200004B
93349 +:10379000304200101040FFFD34620400AC80000491
93350 +:1037A00003E00008AF8200208F86002427BDFFE0E1
93351 +:1037B000AFB10014AFB00010AFBF00188CC300044D
93352 +:1037C0008CC500248F820020309000FF94C4001A22
93353 +:1037D00024630001244200202484000124A7002047
93354 +:1037E000ACC30004AF820020A4C4001AACC70024FC
93355 +:1037F00004A100060000882104E2000594C2001A1A
93356 +:103800008CC2002024420001ACC2002094C2001AE5
93357 +:1038100094C300282E040001004310262C4200010E
93358 +:10382000004410245040000594C2001A24020001F4
93359 +:10383000ACC2000894C2001A94C300280010202BC8
93360 +:10384000004310262C4200010044102514400007BC
93361 +:10385000000000008CC20008144000042402001084
93362 +:103860008CC300041462000F8F8500240E000DA786
93363 +:10387000241100018F820024944300289442001AEE
93364 +:1038800014430003000000000E000D1300000000B0
93365 +:10389000160000048F8500240E000D840000000037
93366 +:1038A0008F85002494A2001E94A4001C24420001D1
93367 +:1038B0003043FFFF14640002A4A2001EA4A0001E57
93368 +:1038C0001200000A3C02800494A2001494A3001A7F
93369 +:1038D0003042000F00021500006218253C028000F3
93370 +:1038E000AC4300A00A000E1EACA0000894420006E3
93371 +:1038F00094A3001A8CA40000A4A200160062102356
93372 +:103900003042FFFF0044102B384200011040000DF0
93373 +:1039100002201021006030213C07800494E2000660
93374 +:10392000A4A2001694E3000600C310233042FFFF58
93375 +:103930000044102B384200011440FFF8A4A30016E5
93376 +:10394000022010218FBF00188FB100148FB000101B
93377 +:1039500003E0000827BD002003E00008000000008D
93378 +:103960008F82002C3C03000600021140004310250A
93379 +:103970003C038000AC62003000000000000000004A
93380 +:10398000000000008C620000304200101040FFFD7B
93381 +:1039900034620400AF82002803E00008AF80002CEE
93382 +:1039A00003E000080000102103E000080000000010
93383 +:1039B0003084FFFF30A5FFFF0000182110800007B2
93384 +:1039C000000000003082000110400002000420428C
93385 +:1039D000006518210A000E3D0005284003E000089C
93386 +:1039E0000060102110C0000624C6FFFF8CA200005A
93387 +:1039F00024A50004AC8200000A000E4724840004C1
93388 +:103A000003E000080000000010A0000824A3FFFF4E
93389 +:103A1000AC86000000000000000000002402FFFF50
93390 +:103A20002463FFFF1462FFFA2484000403E000080B
93391 +:103A3000000000003C0280083442008024030001A2
93392 +:103A4000AC43000CA4430010A4430012A443001490
93393 +:103A500003E00008A44300168F82002427BDFFD88E
93394 +:103A6000AFB3001CAFB20018AFB10014AFB000107C
93395 +:103A7000AFBF00208C47000C248200802409FF8007
93396 +:103A80003C08800E3043007F008080213C0A80008B
93397 +:103A9000004920240068182130B100FF30D200FF17
93398 +:103AA00010E000290000982126020100AD44002CFE
93399 +:103AB000004928243042007F004820219062000005
93400 +:103AC00024030050304200FF1443000400000000B3
93401 +:103AD000AD45002C948200EA3053FFFF0E000D84A8
93402 +:103AE000000000008F8200248F83002000112C0032
93403 +:103AF0009442001E001224003484000100A22825F4
93404 +:103B00003C02400000A22825AC7000008FBF0020BE
93405 +:103B1000AC6000048FB20018AC7300088FB10014C1
93406 +:103B2000AC60000C8FB3001CAC6400108FB00010B0
93407 +:103B3000AC60001424040001AC60001827BD00280C
93408 +:103B40000A000DB8AC65001C8FBF00208FB3001CAD
93409 +:103B50008FB200188FB100148FB0001003E000087E
93410 +:103B600027BD00283C06800034C201009043000FAE
93411 +:103B7000240200101062000E2865001110A000073A
93412 +:103B800024020012240200082405003A10620006F4
93413 +:103B90000000302103E0000800000000240500358B
93414 +:103BA0001462FFFC000030210A000E6400000000D7
93415 +:103BB0008CC200748F83FF9424420FA003E000089E
93416 +:103BC000AC62000C27BDFFE8AFBF00100E0003423F
93417 +:103BD000240500013C0480088FBF0010240200016E
93418 +:103BE00034830080A462001227BD00182402000163
93419 +:103BF00003E00008A080001A27BDFFE0AFB2001864
93420 +:103C0000AFB10014AFB00010AFBF001C30B2FFFF67
93421 +:103C10000E000332008088213C028008345000806E
93422 +:103C20009202000924030004304200FF1443000CF8
93423 +:103C30003C028008124000082402000A0E000E5BBD
93424 +:103C400000000000920200052403FFFE0043102440
93425 +:103C5000A202000524020012A20200093C02800810
93426 +:103C600034420080022020210E00033DA0400027A6
93427 +:103C700016400003022020210E000EBF00000000AD
93428 +:103C800002202021324600FF8FBF001C8FB2001897
93429 +:103C90008FB100148FB00010240500380A000E64A4
93430 +:103CA00027BD002027BDFFE0AFBF001CAFB200184A
93431 +:103CB000AFB10014AFB000100E00033200808021BD
93432 +:103CC0000E000E5B000000003C02800834450080BE
93433 +:103CD00090A2000924120018305100FF1232000394
93434 +:103CE0000200202124020012A0A2000990A20005D7
93435 +:103CF0002403FFFE004310240E00033DA0A2000594
93436 +:103D00000200202124050020163200070000302187
93437 +:103D10008FBF001C8FB200188FB100148FB000103D
93438 +:103D20000A00034227BD00208FBF001C8FB200187D
93439 +:103D30008FB100148FB00010240500390A000E6402
93440 +:103D400027BD002027BDFFE83C028000AFB0001077
93441 +:103D5000AFBF0014344201009442000C2405003629
93442 +:103D60000080802114400012304600FF0E00033214
93443 +:103D7000000000003C02800834420080240300124E
93444 +:103D8000A043000990430005346300100E000E5B51
93445 +:103D9000A04300050E00033D020020210200202167
93446 +:103DA0000E000342240500200A000F3C0000000022
93447 +:103DB0000E000E64000000000E00033202002021FD
93448 +:103DC0003C0280089043001B2405FF9F0200202135
93449 +:103DD000006518248FBF00148FB00010A043001B93
93450 +:103DE0000A00033D27BD001827BDFFE0AFBF001844
93451 +:103DF000AFB10014AFB0001030B100FF0E000332BD
93452 +:103E0000008080213C02800824030012344200809C
93453 +:103E10000E000E5BA04300090E00033D02002021AE
93454 +:103E200002002021022030218FBF00188FB1001422
93455 +:103E30008FB00010240500350A000E6427BD002055
93456 +:103E40003C0480089083000E9082000A1443000B0B
93457 +:103E5000000028218F82FF942403005024050001D4
93458 +:103E600090420000304200FF1443000400000000B4
93459 +:103E70009082000E24420001A082000E03E00008A0
93460 +:103E800000A010213C0380008C6201F80440FFFE7A
93461 +:103E900024020002AC6401C0A06201C43C02100014
93462 +:103EA00003E00008AC6201F827BDFFE0AFB20018E4
93463 +:103EB0003C128008AFB10014AFBF001CAFB00010BF
93464 +:103EC00036510080922200092403000A304200FF8C
93465 +:103ED0001443003E000000008E4300048E22003890
93466 +:103EE000506200808FBF001C92220000240300500B
93467 +:103EF000304200FF144300253C0280008C42014008
93468 +:103F00008E4300043642010002202821AC43001CED
93469 +:103F10009622005C8E2300383042FFFF00021040E2
93470 +:103F200000621821AE23001C8E4300048E2400384A
93471 +:103F30009622005C006418233042FFFF0003184300
93472 +:103F4000000210400043102A10400006000000004C
93473 +:103F50008E4200048E230038004310230A000FAA6B
93474 +:103F6000000220439622005C3042FFFF0002204006
93475 +:103F70003C0280083443010034420080ACA4002C91
93476 +:103F8000A040002424020001A062000C0E000F5E7D
93477 +:103F900000000000104000538FBF001C3C02800056
93478 +:103FA0008C4401403C0380008C6201F80440FFFE19
93479 +:103FB00024020002AC6401C0A06201C43C021000F3
93480 +:103FC000AC6201F80A0010078FBF001C92220009A2
93481 +:103FD00024030010304200FF144300043C02800020
93482 +:103FE0008C4401400A000FEE0000282192220009B3
93483 +:103FF00024030016304200FF14430006240200147C
93484 +:10400000A22200093C0280008C4401400A001001F9
93485 +:104010008FBF001C8E2200388E23003C00431023EB
93486 +:10402000044100308FBF001C92220027244200016F
93487 +:10403000A2220027922200272C42000414400016DE
93488 +:104040003C1080009222000924030004304200FF4B
93489 +:10405000144300093C0280008C4401408FBF001CC7
93490 +:104060008FB200188FB100148FB000102405009398
93491 +:104070000A000ECC27BD00208C440140240500938B
93492 +:104080008FBF001C8FB200188FB100148FB00010CA
93493 +:104090000A000F4827BD00208E0401400E000332A5
93494 +:1040A000000000008E4200042442FFFFAE420004E4
93495 +:1040B0008E22003C2442FFFFAE22003C0E00033D56
93496 +:1040C0008E0401408E0401408FBF001C8FB2001887
93497 +:1040D0008FB100148FB00010240500040A000342C1
93498 +:1040E00027BD00208FB200188FB100148FB00010D0
93499 +:1040F00003E0000827BD00203C0680008CC2018838
93500 +:104100003C038008346500809063000E00021402B6
93501 +:10411000304400FF306300FF1464000E3C0280084E
93502 +:1041200090A20026304200FF104400098F82FF94C5
93503 +:10413000A0A400262403005090420000304200FF5B
93504 +:1041400014430006000000000A0005A18CC4018091
93505 +:104150003C02800834420080A044002603E00008AE
93506 +:104160000000000027BDFFE030E700FFAFB20018FD
93507 +:10417000AFBF001CAFB10014AFB0001000809021A1
93508 +:1041800014E0000630C600FF000000000000000D33
93509 +:10419000000000000A001060240001163C038008A3
93510 +:1041A0009062000E304200FF14460023346200800B
93511 +:1041B00090420026304200FF1446001F000000001D
93512 +:1041C0009062000F304200FF1446001B0000000008
93513 +:1041D0009062000A304200FF144600038F90FF9463
93514 +:1041E0000000000D8F90FF948F82FF983C1180009B
93515 +:1041F000AE05003CAC450000A066000A0E0003328C
93516 +:104200008E240100A20000240E00033D8E24010034
93517 +:104210003C0380008C6201F80440FFFE240200028F
93518 +:10422000AC7201C0A06201C43C021000AC6201F893
93519 +:104230000A0010618FBF001C000000000000000D8C
93520 +:10424000000000002400013F8FBF001C8FB2001847
93521 +:104250008FB100148FB0001003E0000827BD0020CC
93522 +:104260008F83FF943C0280008C44010034420100A3
93523 +:104270008C65003C9046001B0A00102724070001B3
93524 +:104280003C0280089043000E9042000A0043102632
93525 +:10429000304200FF03E000080002102B27BDFFE0C2
93526 +:1042A0003C028008AFB10014AFB00010AFBF0018DF
93527 +:1042B0003450008092020005240300303042003068
93528 +:1042C00014430085008088218F8200248C42000CDA
93529 +:1042D000104000828FBF00180E000D840000000007
93530 +:1042E0008F860020ACD100009202000892030009E2
93531 +:1042F000304200FF00021200306300FF004310252F
93532 +:10430000ACC200049202004D000216000002160327
93533 +:1043100004410005000000003C0308008C630048D5
93534 +:104320000A00109F3C1080089202000830420040B2
93535 +:10433000144000030000182192020027304300FFC0
93536 +:104340003C108008361100809222004D00031E00B0
93537 +:10435000304200FF0002140000621825ACC30008C0
93538 +:104360008E2400308F820024ACC4000C8E250034D3
93539 +:104370009443001E3C02C00BACC50010006218251F
93540 +:104380008E22003800002021ACC200148E22003C96
93541 +:10439000ACC200180E000DB8ACC3001C8E020004A5
93542 +:1043A0008F8400203C058000AC8200008E2200201B
93543 +:1043B000AC8200048E22001CAC8200088E220058C1
93544 +:1043C0008CA3007400431021AC82000C8E22002CC0
93545 +:1043D000AC8200108E2200408E23004400021400A4
93546 +:1043E00000431025AC8200149222004D240300806B
93547 +:1043F000304200FF1443000400000000AC800018AD
93548 +:104400000A0010E38F8200248E23000C2402000196
93549 +:104410001062000E2402FFFF92220008304200408A
93550 +:104420001440000A2402FFFF8E23000C8CA20074AB
93551 +:10443000006218233C0208000062102414400002AD
93552 +:10444000000028210060282100051043AC820018DC
93553 +:104450008F820024000020219443001E3C02C00CE7
93554 +:10446000006218258F8200200E000DB8AC43001C9E
93555 +:104470003C038008346201008C4200008F850020DC
93556 +:10448000346300808FBF0018ACA20000ACA0000411
93557 +:104490008C6400488F8200248FB10014ACA4000803
93558 +:1044A000ACA0000CACA00010906300059446001E68
93559 +:1044B0003C02400D00031E0000C23025ACA30014D6
93560 +:1044C0008FB00010ACA0001824040001ACA6001CA2
93561 +:1044D0000A000DB827BD00208FBF00188FB100144F
93562 +:1044E0008FB0001003E0000827BD00203C028000D0
93563 +:1044F0009443007C3C02800834460100308400FF75
93564 +:104500003065FFFF2402000524A34650A0C4000C20
93565 +:104510005482000C3065FFFF90C2000D2C42000752
93566 +:104520001040000724A30A0090C3000D24020014C9
93567 +:104530000062100400A210210A00111F3045FFFF85
93568 +:104540003065FFFF3C0280083442008003E0000831
93569 +:10455000A44500143C03800834680080AD05003891
93570 +:10456000346701008CE2001C308400FF00A210239D
93571 +:104570001840000330C600FF24A2FFFCACE2001C80
93572 +:1045800030820001504000083C0380088D02003C4E
93573 +:1045900000A2102304410012240400058C620004D0
93574 +:1045A00010A2000F3C0380088C62000414A2001EBD
93575 +:1045B000000000003C0208008C4200D8304200207D
93576 +:1045C000104000093C0280083462008090630008BB
93577 +:1045D0009042004C144300043C0280082404000470
93578 +:1045E0000A00110900000000344300803442010039
93579 +:1045F000A040000C24020001A462001410C0000AB4
93580 +:104600003C0280008C4401003C0380008C6201F875
93581 +:104610000440FFFE24020002AC6401C0A06201C499
93582 +:104620003C021000AC6201F803E00008000000004A
93583 +:1046300027BDFFE800A61823AFBF00101860008058
93584 +:10464000308800FF3C02800834470080A0E000244E
93585 +:1046500034440100A0E000278C82001C00A210233B
93586 +:1046600004400056000000008CE2003C94E3005C33
93587 +:104670008CE4002C004530233063FFFF00C3182179
93588 +:104680000083202B1080000400E018218CE2002C15
93589 +:104690000A00117800A2102194E2005C3042FFFF72
93590 +:1046A00000C2102100A21021AC62001C3C02800854
93591 +:1046B000344400809482005C8C83001C3042FFFFF5
93592 +:1046C0000002104000A210210043102B10400004F3
93593 +:1046D000000000008C82001C0A00118B3C06800840
93594 +:1046E0009482005C3042FFFF0002104000A21021C3
93595 +:1046F0003C06800834C3010034C70080AC82001C33
93596 +:10470000A060000CACE500388C62001C00A21023F5
93597 +:104710001840000224A2FFFCAC62001C3102000120
93598 +:10472000104000083C0380088CE2003C00A21023EB
93599 +:1047300004410012240400058CC2000410A20010E1
93600 +:104740008FBF00108C62000414A2004F8FBF0010B6
93601 +:104750003C0208008C4200D8304200201040000A81
93602 +:104760003C02800834620080906300089042004C54
93603 +:10477000144300053C028008240400048FBF00108D
93604 +:104780000A00110927BD001834430080344201009B
93605 +:10479000A040000C24020001A46200143C0280002E
93606 +:1047A0008C4401003C0380008C6201F80440FFFE51
93607 +:1047B000240200020A0011D8000000008CE2001C54
93608 +:1047C000004610230043102B54400001ACE5001CB0
93609 +:1047D00094E2005C3042FFFF0062102B144000079F
93610 +:1047E0002402000294E2005C8CE3001C3042FFFFD4
93611 +:1047F00000621821ACE3001C24020002ACE5003882
93612 +:104800000E000F5EA082000C1040001F8FBF001032
93613 +:104810003C0280008C4401003C0380008C6201F863
93614 +:104820000440FFFE24020002AC6401C0A06201C487
93615 +:104830003C021000AC6201F80A0011F08FBF0010BA
93616 +:1048400031020010104000108FBF00103C028008A1
93617 +:10485000344500808CA3001C94A2005C00661823E1
93618 +:104860003042FFFF006218213C023FFF3444FFFF4B
93619 +:104870000083102B544000010080182100C3102138
93620 +:10488000ACA2001C8FBF001003E0000827BD001879
93621 +:1048900027BDFFE800C0402100A63023AFBF0010B5
93622 +:1048A00018C00026308A00FF3C028008344900808E
93623 +:1048B0008D24001C8D23002C008820230064182BDD
93624 +:1048C0001060000F344701008CE2002000461021E8
93625 +:1048D000ACE200208CE200200044102B1440000BBE
93626 +:1048E0003C023FFF8CE2002000441023ACE2002099
93627 +:1048F0009522005C3042FFFF0A0012100082202146
93628 +:10490000ACE00020008620213C023FFF3443FFFF43
93629 +:104910000064102B54400001006020213C028008FC
93630 +:104920003442008000851821AC43001CA0400024C4
93631 +:10493000A04000270A0012623C03800831420010A8
93632 +:10494000104000433C0380083C06800834C40080CB
93633 +:104950008C82003C004810235840003E34660080A2
93634 +:104960009082002424420001A0820024908200242E
93635 +:104970003C0308008C630024304200FF0043102BEE
93636 +:10498000144000688FBF001034C201008C42001C2C
93637 +:1049900000A2102318400063000000008CC3000434
93638 +:1049A0009482005C006818233042FFFF0003184324
93639 +:1049B000000210400043102A1040000500000000D3
93640 +:1049C0008CC20004004810230A0012450002104364
93641 +:1049D0009482005C3042FFFF000210403C068008D9
93642 +:1049E000AC82002C34C5008094A2005C8CA4002C06
93643 +:1049F00094A3005C3042FFFF00021040008220219F
93644 +:104A00003063FFFF0083202101041021ACA2001CB1
93645 +:104A10008CC2000434C60100ACC2001C2402000297
93646 +:104A20000E000F5EA0C2000C1040003E8FBF0010B1
93647 +:104A30003C0280008C4401003C0380008C6201F841
93648 +:104A40000440FFFE240200020A001292000000004F
93649 +:104A500034660080ACC50038346401008C82001CD0
93650 +:104A600000A210231840000224A2FFFCAC82001C0C
93651 +:104A7000314200015040000A3C0380088CC2003CD7
93652 +:104A800000A2102304430014240400058C620004D7
93653 +:104A900014A200033C0380080A00128424040005C9
93654 +:104AA0008C62000414A2001F8FBF00103C0208009B
93655 +:104AB0008C4200D8304200201040000A3C0280089E
93656 +:104AC00034620080906300089042004C144300055B
93657 +:104AD0003C028008240400048FBF00100A00110962
93658 +:104AE00027BD00183443008034420100A040000C70
93659 +:104AF00024020001A46200143C0280008C440100E6
93660 +:104B00003C0380008C6201F80440FFFE2402000296
93661 +:104B1000AC6401C0A06201C43C021000AC6201F8A8
93662 +:104B20008FBF001003E0000827BD001827BDFFE875
93663 +:104B30003C0A8008AFBF0010354900808D22003C40
93664 +:104B400000C04021308400FF004610231840009D23
93665 +:104B500030E700FF354701002402000100A63023A2
93666 +:104B6000A0E0000CA0E0000DA522001418C0002455
93667 +:104B7000308200108D23001C8D22002C0068182329
93668 +:104B80000043102B1040000F000000008CE20020BA
93669 +:104B900000461021ACE200208CE200200043102BE4
93670 +:104BA0001440000B3C023FFF8CE200200043102326
93671 +:104BB000ACE200209522005C3042FFFF0A0012C1E7
93672 +:104BC00000621821ACE00020006618213C023FFF83
93673 +:104BD0003446FFFF00C3102B5440000100C01821D1
93674 +:104BE0003C0280083442008000651821AC43001C60
93675 +:104BF000A0400024A04000270A00130F3C038008B7
93676 +:104C0000104000403C0380088D22003C00481023E7
93677 +:104C10005840003D34670080912200242442000166
93678 +:104C2000A1220024912200243C0308008C6300246C
93679 +:104C3000304200FF0043102B1440009A8FBF001039
93680 +:104C40008CE2001C00A21023184000960000000017
93681 +:104C50008D4300049522005C006818233042FFFF5A
93682 +:104C600000031843000210400043102A10400005C2
93683 +:104C7000012020218D420004004810230A0012F276
93684 +:104C8000000210439522005C3042FFFF00021040FA
93685 +:104C90003C068008AC82002C34C5008094A2005CE5
93686 +:104CA0008CA4002C94A3005C3042FFFF0002104053
93687 +:104CB000008220213063FFFF0083182101031021AF
93688 +:104CC000ACA2001C8CC2000434C60100ACC2001CA3
93689 +:104CD000240200020E000F5EA0C2000C1040007102
93690 +:104CE0008FBF00103C0280008C4401003C03800018
93691 +:104CF0008C6201F80440FFFE240200020A0013390E
93692 +:104D00000000000034670080ACE500383466010024
93693 +:104D10008CC2001C00A210231840000224A2FFFC39
93694 +:104D2000ACC2001C30820001504000083C038008E7
93695 +:104D30008CE2003C00A2102304430051240400052F
93696 +:104D40008C62000410A2003E3C0380088C620004C8
93697 +:104D500054A200548FBF00103C0208008C4200D8BF
93698 +:104D600030420020104000063C028008346200807F
93699 +:104D7000906300089042004C104300403C028008C1
93700 +:104D80003443008034420100A040000C24020001A2
93701 +:104D9000A46200143C0280008C4401003C038000AB
93702 +:104DA0008C6201F80440FFFE24020002AC6401C0E2
93703 +:104DB000A06201C43C021000AC6201F80A00137743
93704 +:104DC0008FBF001024020005A120002714E2000A72
93705 +:104DD0003C038008354301009062000D2C42000620
93706 +:104DE000504000053C0380089062000D2442000101
93707 +:104DF000A062000D3C03800834670080ACE50038F9
93708 +:104E0000346601008CC2001C00A21023184000026E
93709 +:104E100024A2FFFCACC2001C308200015040000AFA
93710 +:104E20003C0380088CE2003C00A2102304410014E3
93711 +:104E3000240400058C62000414A200033C038008D3
93712 +:104E40000A00136E240400058C62000414A20015ED
93713 +:104E50008FBF00103C0208008C4200D83042002076
93714 +:104E60001040000A3C028008346200809063000811
93715 +:104E70009042004C144300053C02800824040004C6
93716 +:104E80008FBF00100A00110927BD001834430080AD
93717 +:104E900034420100A040000C24020001A46200146E
93718 +:104EA0008FBF001003E0000827BD00183C0B8008EE
93719 +:104EB00027BDFFE83C028000AFBF00103442010074
93720 +:104EC000356A00809044000A356901008C45001461
93721 +:104ED0008D4800389123000C308400FF0105102319
93722 +:104EE0001C4000B3306700FF2CE20006504000B1C8
93723 +:104EF0008FBF00102402000100E2300430C2000322
93724 +:104F00005440000800A8302330C2000C144000A117
93725 +:104F100030C20030144000A38FBF00100A00143BC1
93726 +:104F20000000000018C00024308200108D43001CD7
93727 +:104F30008D42002C006818230043102B1040000FF6
93728 +:104F4000000000008D22002000461021AD2200202C
93729 +:104F50008D2200200043102B1440000B3C023FFF29
93730 +:104F60008D22002000431023AD2200209542005CDA
93731 +:104F70003042FFFF0A0013AF00621821AD2000206D
93732 +:104F8000006618213C023FFF3446FFFF00C3102B90
93733 +:104F90005440000100C018213C02800834420080C7
93734 +:104FA00000651821AC43001CA0400024A04000274D
93735 +:104FB0000A0013FD3C038008104000403C038008B9
93736 +:104FC0008D42003C004810231840003D34670080AB
93737 +:104FD0009142002424420001A14200249142002475
93738 +:104FE0003C0308008C630024304200FF0043102B78
93739 +:104FF000144000708FBF00108D22001C00A21023EF
93740 +:105000001840006C000000008D6300049542005CB5
93741 +:10501000006818233042FFFF0003184300021040CD
93742 +:105020000043102A10400005014020218D62000439
93743 +:10503000004810230A0013E0000210439542005C70
93744 +:105040003042FFFF000210403C068008AC82002C7A
93745 +:1050500034C5008094A2005C8CA4002C94A3005C56
93746 +:105060003042FFFF00021040008220213063FFFF2A
93747 +:105070000083182101031021ACA2001C8CC2000483
93748 +:1050800034C60100ACC2001C240200020E000F5EF8
93749 +:10509000A0C2000C104000478FBF00103C028000EF
93750 +:1050A0008C4401003C0380008C6201F80440FFFE48
93751 +:1050B000240200020A00142D000000003467008062
93752 +:1050C000ACE50038346601008CC2001C00A210233D
93753 +:1050D0001840000224A2FFFCACC2001C3082000178
93754 +:1050E0005040000A3C0380088CE2003C00A21023E0
93755 +:1050F00004430014240400058C62000414A200037D
93756 +:105100003C0380080A00141F240400058C6200047C
93757 +:1051100014A200288FBF00103C0208008C4200D867
93758 +:10512000304200201040000A3C02800834620080B7
93759 +:10513000906300089042004C144300053C02800834
93760 +:10514000240400048FBF00100A00110927BD0018B5
93761 +:105150003443008034420100A040000C24020001CE
93762 +:10516000A46200143C0280008C4401003C038000D7
93763 +:105170008C6201F80440FFFE24020002AC6401C00E
93764 +:10518000A06201C43C021000AC6201F80A00143BAA
93765 +:105190008FBF00108FBF0010010030210A00115A8C
93766 +:1051A00027BD0018010030210A00129927BD001800
93767 +:1051B0008FBF001003E0000827BD00183C038008E3
93768 +:1051C0003464010024020003A082000C8C620004FD
93769 +:1051D00003E00008AC82001C3C05800834A300807A
93770 +:1051E0009062002734A501002406004324420001F8
93771 +:1051F000A0620027906300273C0208008C42004810
93772 +:10520000306300FF146200043C07602194A500EAAB
93773 +:105210000A00090130A5FFFF03E0000800000000BC
93774 +:1052200027BDFFE8AFBF00103C0280000E00144411
93775 +:105230008C4401803C02800834430100A060000CD3
93776 +:105240008C4200048FBF001027BD001803E0000847
93777 +:10525000AC62001C27BDFFE03C028008AFBF001815
93778 +:10526000AFB10014AFB000103445008034460100E7
93779 +:105270003C0880008D09014090C3000C8CA4003CC8
93780 +:105280008CA200381482003B306700FF9502007C3E
93781 +:1052900090A30027146000093045FFFF2402000599
93782 +:1052A00054E200083C04800890C2000D2442000132
93783 +:1052B000A0C2000D0A00147F3C048008A0C0000DAD
93784 +:1052C0003C048008348201009042000C2403000555
93785 +:1052D000304200FF1443000A24A205DC348300801E
93786 +:1052E000906200272C4200075040000524A20A00CB
93787 +:1052F00090630027240200140062100400A2102111
93788 +:105300003C108008361000803045FFFF012020212E
93789 +:105310000E001444A60500149602005C8E030038AB
93790 +:105320003C1180003042FFFF000210400062182153
93791 +:10533000AE03001C0E0003328E24014092020025B1
93792 +:1053400034420040A20200250E00033D8E2401409D
93793 +:105350008E2401403C0380008C6201F80440FFFE73
93794 +:1053600024020002AC6401C0A06201C43C0210002F
93795 +:10537000AC6201F88FBF00188FB100148FB000101D
93796 +:1053800003E0000827BD00203C0360103C02080039
93797 +:1053900024420174AC62502C8C6250003C048000AA
93798 +:1053A00034420080AC6250003C0208002442547C2D
93799 +:1053B0003C010800AC2256003C020800244254384C
93800 +:1053C0003C010800AC2256043C020002AC840008F8
93801 +:1053D000AC82000C03E000082402000100A0302190
93802 +:1053E0003C1C0800279C56083C0200023C050400B7
93803 +:1053F00000852826008220260004102B2CA5000101
93804 +:105400002C840001000210803C0308002463560035
93805 +:105410000085202500431821108000030000102182
93806 +:10542000AC6600002402000103E000080000000058
93807 +:105430003C1C0800279C56083C0200023C05040066
93808 +:1054400000852826008220260004102B2CA50001B0
93809 +:105450002C840001000210803C03080024635600E5
93810 +:105460000085202500431821108000050000102130
93811 +:105470003C02080024425438AC62000024020001BF
93812 +:1054800003E00008000000003C0200023C030400AE
93813 +:1054900000821026008318262C4200012C63000194
93814 +:1054A000004310251040000B000028213C1C080080
93815 +:1054B000279C56083C0380008C62000824050001EC
93816 +:1054C00000431025AC6200088C62000C00441025DB
93817 +:1054D000AC62000C03E0000800A010213C1C080096
93818 +:1054E000279C56083C0580008CA3000C0004202754
93819 +:1054F000240200010064182403E00008ACA3000C9F
93820 +:105500003C020002148200063C0560008CA208D018
93821 +:105510002403FFFE0043102403E00008ACA208D0DF
93822 +:105520003C02040014820005000000008CA208D098
93823 +:105530002403FFFD00431024ACA208D003E00008C0
93824 +:10554000000000003C02601A344200108C430080CE
93825 +:1055500027BDFFF88C440084AFA3000093A3000094
93826 +:10556000240200041462001AAFA4000493A20001F4
93827 +:105570001040000797A300023062FFFC3C0380004C
93828 +:10558000004310218C4200000A001536AFA200042F
93829 +:105590003062FFFC3C03800000431021AC4400005B
93830 +:1055A000A3A000003C0560008CA208D02403FFFEED
93831 +:1055B0003C04601A00431024ACA208D08FA300045E
93832 +:1055C0008FA2000034840010AC830084AC82008081
93833 +:1055D00003E0000827BD000827BDFFE8AFBF0010AB
93834 +:1055E0003C1C0800279C56083C0280008C43000CA1
93835 +:1055F0008C420004004318243C0200021060001496
93836 +:10560000006228243C0204003C04000210A00005B3
93837 +:10561000006210243C0208008C4256000A00155B10
93838 +:1056200000000000104000073C0404003C02080099
93839 +:105630008C4256040040F809000000000A00156082
93840 +:10564000000000000000000D3C1C0800279C5608CC
93841 +:105650008FBF001003E0000827BD0018800802403B
93842 +:1056600080080100800800808008000000000C8095
93843 +:105670000000320008000E9808000EF408000F88A1
93844 +:1056800008001028080010748008010080080080BD
93845 +:10569000800800000A000028000000000000000050
93846 +:1056A0000000000D6370362E322E316200000000C3
93847 +:1056B00006020104000000000000000000000000DD
93848 +:1056C000000000000000000038003C000000000066
93849 +:1056D00000000000000000000000000000000020AA
93850 +:1056E00000000000000000000000000000000000BA
93851 +:1056F00000000000000000000000000000000000AA
93852 +:10570000000000000000000021003800000000013F
93853 +:105710000000002B000000000000000400030D400A
93854 +:105720000000000000000000000000000000000079
93855 +:105730000000000000000000100000030000000056
93856 +:105740000000000D0000000D3C020800244259AC8E
93857 +:105750003C03080024635BF4AC4000000043202BB2
93858 +:105760001480FFFD244200043C1D080037BD9FFC4F
93859 +:1057700003A0F0213C100800261000A03C1C0800EB
93860 +:10578000279C59AC0E0002F6000000000000000D3E
93861 +:1057900027BDFFB4AFA10000AFA20004AFA3000873
93862 +:1057A000AFA4000CAFA50010AFA60014AFA700185F
93863 +:1057B000AFA8001CAFA90020AFAA0024AFAB0028FF
93864 +:1057C000AFAC002CAFAD0030AFAE0034AFAF00389F
93865 +:1057D000AFB8003CAFB90040AFBC0044AFBF004819
93866 +:1057E0000E000820000000008FBF00488FBC00445E
93867 +:1057F0008FB900408FB8003C8FAF00388FAE0034B7
93868 +:105800008FAD00308FAC002C8FAB00288FAA002406
93869 +:105810008FA900208FA8001C8FA700188FA6001446
93870 +:105820008FA500108FA4000C8FA300088FA2000486
93871 +:105830008FA1000027BD004C3C1B60188F7A5030B0
93872 +:10584000377B502803400008AF7A000000A01821E1
93873 +:1058500000801021008028213C0460003C0760008B
93874 +:105860002406000810600006348420788C42000072
93875 +:10587000ACE220088C63000003E00008ACE3200CDD
93876 +:105880000A000F8100000000240300403C02600079
93877 +:1058900003E00008AC4320003C0760008F86000452
93878 +:1058A0008CE520740086102100A2182B14600007DC
93879 +:1058B000000028218F8AFDA024050001A1440013C7
93880 +:1058C0008F89000401244021AF88000403E0000810
93881 +:1058D00000A010218F84FDA08F8500049086001306
93882 +:1058E00030C300FF00A31023AF82000403E00008D0
93883 +:1058F000A08000138F84FDA027BDFFE8AFB000108B
93884 +:10590000AFBF001490890011908700112402002875
93885 +:10591000312800FF3906002830E300FF2485002CE1
93886 +:105920002CD00001106200162484001C0E00006EB2
93887 +:10593000000000008F8FFDA03C05600024020204DF
93888 +:1059400095EE003E95ED003C000E5C0031ACFFFF93
93889 +:10595000016C5025ACAA2010520000012402000462
93890 +:10596000ACA22000000000000000000000000000C9
93891 +:105970008FBF00148FB0001003E0000827BD00188F
93892 +:105980000A0000A6000028218F85FDA027BDFFD8B2
93893 +:10599000AFBF0020AFB3001CAFB20018AFB100140E
93894 +:1059A000AFB000100080982190A4001124B0001C1A
93895 +:1059B00024B1002C308300FF386200280E000090D4
93896 +:1059C0002C5200010E00009800000000020020216F
93897 +:1059D0001240000202202821000028210E00006E43
93898 +:1059E000000000008F8DFDA03C0880003C05600099
93899 +:1059F00095AC003E95AB003C02683025000C4C0095
93900 +:105A0000316AFFFF012A3825ACA7201024020202C8
93901 +:105A1000ACA6201452400001240200028FBF0020D7
93902 +:105A20008FB3001C8FB200188FB100148FB000101C
93903 +:105A300027BD002803E00008ACA2200027BDFFE03E
93904 +:105A4000AFB20018AFB10014AFB00010AFBF001C70
93905 +:105A50003C1160008E2320748F82000430D0FFFF41
93906 +:105A600030F2FFFF1062000C2406008F0E00006E63
93907 +:105A7000000000003C06801F0010440034C5FF00F9
93908 +:105A80000112382524040002AE2720100000302126
93909 +:105A9000AE252014AE2420008FBF001C8FB200184A
93910 +:105AA0008FB100148FB0001000C0102103E0000877
93911 +:105AB00027BD002027BDFFE0AFB0001030D0FFFFB2
93912 +:105AC000AFBF0018AFB100140E00006E30F1FFFF41
93913 +:105AD00000102400009180253C036000AC70201071
93914 +:105AE0008FBF00188FB100148FB000102402000483
93915 +:105AF000AC62200027BD002003E000080000102158
93916 +:105B000027BDFFE03C046018AFBF0018AFB1001420
93917 +:105B1000AFB000108C8850002403FF7F34028071E6
93918 +:105B20000103382434E5380C241F00313C1980006F
93919 +:105B3000AC8550003C11800AAC8253BCAF3F0008DA
93920 +:105B40000E00054CAF9100400E00050A3C116000AC
93921 +:105B50000E00007D000000008E3008083C0F570941
93922 +:105B60002418FFF00218602435EEE00035EDF00057
93923 +:105B7000018E5026018D58262D4600012D69000109
93924 +:105B8000AF86004C0E000D09AF8900503C06601630
93925 +:105B90008CC700003C0860148D0500A03C03FFFF8B
93926 +:105BA00000E320243C02535300052FC2108200550D
93927 +:105BB00034D07C00960201F2A780006C10400003F4
93928 +:105BC000A780007C384B1E1EA78B006C960201F844
93929 +:105BD000104000048F8D0050384C1E1EA78C007C96
93930 +:105BE0008F8D005011A000058F83004C240E0020E3
93931 +:105BF000A78E007CA78E006C8F83004C1060000580
93932 +:105C00009785007C240F0020A78F007CA78F006C55
93933 +:105C10009785007C2CB8008153000001240500808A
93934 +:105C20009784006C2C91040152200001240404008C
93935 +:105C30001060000B3C0260008FBF00188FB1001491
93936 +:105C40008FB0001027BD0020A784006CA785007CC2
93937 +:105C5000A380007EA780007403E00008A780009264
93938 +:105C60008C4704382419103C30FFFFFF13F9000360
93939 +:105C700030A8FFFF1100004624030050A380007EDF
93940 +:105C80009386007E50C00024A785007CA780007CFE
93941 +:105C90009798007CA780006CA7800074A780009272
93942 +:105CA0003C010800AC3800800E00078700000000AF
93943 +:105CB0003C0F60008DED0808240EFFF03C0B600ED9
93944 +:105CC000260C0388356A00100000482100002821B6
93945 +:105CD00001AE20243C105709AF8C0010AF8A004859
93946 +:105CE000AF89001810900023AF8500148FBF0018F3
93947 +:105CF0008FB100148FB0001027BD002003E0000812
93948 +:105D0000AF80005400055080014648218D260004D4
93949 +:105D10000A00014800D180219798007CA784006C7C
93950 +:105D2000A7800074A78000923C010800AC38008076
93951 +:105D30000E000787000000003C0F60008DED080892
93952 +:105D4000240EFFF03C0B600E260C0388356A001011
93953 +:105D5000000048210000282101AE20243C105709F2
93954 +:105D6000AF8C0010AF8A0048AF8900181490FFDF95
93955 +:105D7000AF85001424110001AF9100548FBF0018AB
93956 +:105D80008FB100148FB0001003E0000827BD002081
93957 +:105D90000A00017BA383007E3083FFFF8F880040D1
93958 +:105DA0008F87003C000321403C0580003C020050EE
93959 +:105DB000008248253C0660003C0A010034AC040027
93960 +:105DC0008CCD08E001AA58241160000500000000F5
93961 +:105DD0008CCF08E024E7000101EA7025ACCE08E092
93962 +:105DE0008D19001001805821ACB900388D180014AD
93963 +:105DF000ACB8003CACA9003000000000000000007E
93964 +:105E00000000000000000000000000000000000092
93965 +:105E100000000000000000003C0380008C640000D3
93966 +:105E2000308200201040FFFD3C0F60008DED08E047
93967 +:105E30003C0E010001AE18241460FFE100000000D8
93968 +:105E4000AF87003C03E00008AF8B00588F8500400F
93969 +:105E5000240BFFF03C06800094A7001A8CA90024B4
93970 +:105E600030ECFFFF000C38C000EB5024012A402129
93971 +:105E7000ACC8003C8CA400248CC3003C00831023DD
93972 +:105E800018400033000000008CAD002025A2000166
93973 +:105E90003C0F0050ACC2003835EE00103C068000CC
93974 +:105EA000ACCE003000000000000000000000000048
93975 +:105EB00000000000000000000000000000000000E2
93976 +:105EC000000000003C0480008C9900003338002062
93977 +:105ED0001300FFFD30E20008104000173C0980006D
93978 +:105EE0008C880408ACA800108C83040CACA30014AC
93979 +:105EF0003C1900203C188000AF19003094AE001807
93980 +:105F000094AF001C01CF3021A4A6001894AD001A54
93981 +:105F100025A70001A4A7001A94AB001A94AC001E98
93982 +:105F2000118B00030000000003E0000800000000E7
93983 +:105F300003E00008A4A0001A8D2A0400ACAA0010F7
93984 +:105F40008D240404ACA400140A0002183C1900209B
93985 +:105F50008CA200200A0002003C0F00500A0001EE53
93986 +:105F60000000000027BDFFE8AFBF00100E000232A6
93987 +:105F7000000000008F8900408FBF00103C038000AC
93988 +:105F8000A520000A9528000A9527000427BD0018BF
93989 +:105F90003105FFFF30E6000F0006150000A22025A6
93990 +:105FA00003E00008AC6400803C0508008CA50020DC
93991 +:105FB0008F83000C27BDFFE8AFB00010AFBF001407
93992 +:105FC00010A300100000802124040001020430040A
93993 +:105FD00000A6202400C3102450440006261000010F
93994 +:105FE000001018802787FDA41480000A006718217C
93995 +:105FF000261000012E0900025520FFF38F83000CAC
93996 +:10600000AF85000C8FBF00148FB0001003E00008B4
93997 +:1060100027BD00188C6800003C058000ACA8002457
93998 +:106020000E000234261000013C0508008CA500205B
93999 +:106030000A0002592E0900022405000100851804F7
94000 +:106040003C0408008C84002027BDFFC8AFBF00348B
94001 +:1060500000831024AFBE0030AFB7002CAFB60028CD
94002 +:10606000AFB50024AFB40020AFB3001CAFB200182E
94003 +:10607000AFB1001410400051AFB000108F84004049
94004 +:10608000948700069488000A00E8302330D5FFFF8B
94005 +:1060900012A0004B8FBF0034948B0018948C000A20
94006 +:1060A000016C50233142FFFF02A2482B1520000251
94007 +:1060B00002A02021004020212C8F000515E00002C5
94008 +:1060C00000809821241300040E0001C102602021E9
94009 +:1060D0008F87004002609021AF80004494F4000A52
94010 +:1060E000026080211260004E3291FFFF3C1670006A
94011 +:1060F0003C1440003C1E20003C1760008F99005863
94012 +:106100008F380000031618241074004F0283F82BF8
94013 +:1061100017E0003600000000107E00478F86004424
94014 +:1061200014C0003A2403000102031023022320219B
94015 +:106130003050FFFF1600FFF13091FFFF8F870040C6
94016 +:106140003C1100203C108000AE11003094EB000A9E
94017 +:106150003C178000024B5021A4EA000A94E9000A8F
94018 +:1061600094E800043123FFFF3106000F00062D00E4
94019 +:106170000065F025AEFE008094F3000A94F6001846
94020 +:1061800012D30036001221408CFF00148CF4001052
94021 +:1061900003E468210000C02101A4782B029870213B
94022 +:1061A00001CF6021ACED0014ACEC001002B238233A
94023 +:1061B00030F5FFFF16A0FFB88F8400408FBF00347A
94024 +:1061C0008FBE00308FB7002C8FB600288FB500240B
94025 +:1061D0008FB400208FB3001C8FB200188FB1001451
94026 +:1061E0008FB0001003E0000827BD00381477FFCC03
94027 +:1061F0008F8600440E000EE202002021004018218C
94028 +:106200008F86004410C0FFC9020310230270702360
94029 +:106210008F87004001C368210A0002E431B2FFFF0A
94030 +:106220008F86004414C0FFC93C1100203C10800040
94031 +:106230000A0002AEAE1100300E00046602002021FA
94032 +:106240000A0002DB00401821020020210E0009395B
94033 +:10625000022028210A0002DB004018210E0001EE76
94034 +:10626000000000000A0002C702B2382327BDFFC8A1
94035 +:10627000AFB7002CAFB60028AFB50024AFB40020F4
94036 +:10628000AFB3001CAFB20018AFB10014AFB0001034
94037 +:10629000AFBF00300E00011B241300013C047FFF40
94038 +:1062A0003C0380083C0220003C010800AC20007048
94039 +:1062B0003496FFFF34770080345200033C1512C03F
94040 +:1062C000241400013C1080002411FF800E000245C0
94041 +:1062D000000000008F8700488F8B00188F89001402
94042 +:1062E0008CEA00EC8CE800E8014B302B01092823F4
94043 +:1062F00000A6102314400006014B18231440000E82
94044 +:106300003C05800002A3602B1180000B0000000000
94045 +:106310003C0560008CEE00EC8CED00E88CA4180CC1
94046 +:10632000AF8E001804800053AF8D00148F8F0010C3
94047 +:10633000ADF400003C0580008CBF00003BF900017B
94048 +:10634000333800011700FFE13C0380008C6201003C
94049 +:1063500024060C0010460009000000008C680100B3
94050 +:106360002D043080548000103C0480008C690100B2
94051 +:106370002D2331811060000C3C0480008CAA0100A8
94052 +:1063800011460004000020218CA6010024C5FF81D5
94053 +:1063900030A400FF8E0B01000E000269AE0B00243A
94054 +:1063A0000A00034F3C0480008C8D01002DAC3300AB
94055 +:1063B00011800022000000003C0708008CE70098D4
94056 +:1063C00024EE00013C010800AC2E00983C04800043
94057 +:1063D0008C8201001440000300000000566000148D
94058 +:1063E0003C0440008C9F01008C9801000000982123
94059 +:1063F00003F1C82400193940330F007F00EF7025E6
94060 +:1064000001D26825AC8D08308C8C01008C85010090
94061 +:10641000258B0100017130240006514030A3007F1C
94062 +:106420000143482501324025AC8808303C04400037
94063 +:10643000AE0401380A00030E000000008C99010030
94064 +:10644000240F0020AC99002092F80000330300FFD5
94065 +:10645000106F000C241F0050547FFFDD3C048000AF
94066 +:106460008C8401000E00154E000000000A00034F4E
94067 +:106470003C04800000963824ACA7180C0A000327BF
94068 +:106480008F8F00108C8501000E0008F72404008017
94069 +:106490000A00034F3C04800000A4102B24030001D9
94070 +:1064A00010400009000030210005284000A4102BF6
94071 +:1064B00004A00003000318405440FFFC00052840DE
94072 +:1064C0005060000A0004182B0085382B54E00004AB
94073 +:1064D0000003184200C33025008520230003184222
94074 +:1064E0001460FFF9000528420004182B03E000089F
94075 +:1064F00000C310213084FFFF30C600FF3C0780003E
94076 +:106500008CE201B80440FFFE00064C000124302557
94077 +:106510003C08200000C820253C031000ACE00180AE
94078 +:10652000ACE50184ACE4018803E00008ACE301B809
94079 +:106530003C0660008CC5201C2402FFF03083020062
94080 +:10654000308601001060000E00A2282434A500014E
94081 +:106550003087300010E0000530830C0034A50004C3
94082 +:106560003C04600003E00008AC85201C1060FFFDC7
94083 +:106570003C04600034A5000803E00008AC85201C42
94084 +:1065800054C0FFF334A500020A0003B03087300086
94085 +:1065900027BDFFE8AFB00010AFBF00143C0760009C
94086 +:1065A000240600021080001100A080218F83005873
94087 +:1065B0000E0003A78C6400188F8200580000202171
94088 +:1065C000240600018C45000C0E000398000000001A
94089 +:1065D0001600000224020003000010218FBF0014E7
94090 +:1065E0008FB0001003E0000827BD00188CE8201CC5
94091 +:1065F0002409FFF001092824ACE5201C8F870058EE
94092 +:106600000A0003CD8CE5000C3C02600E00804021A6
94093 +:1066100034460100240900180000000000000000BA
94094 +:10662000000000003C0A00503C0380003547020097
94095 +:10663000AC68003834640400AC65003CAC670030E2
94096 +:106640008C6C0000318B00201160FFFD2407FFFFE0
94097 +:106650002403007F8C8D00002463FFFF248400044A
94098 +:10666000ACCD00001467FFFB24C60004000000004E
94099 +:10667000000000000000000024A402000085282B78
94100 +:106680003C0300203C0E80002529FFFF010540212E
94101 +:10669000ADC300301520FFE00080282103E0000892
94102 +:1066A000000000008F82005827BDFFD8AFB3001C48
94103 +:1066B000AFBF0020AFB20018AFB10014AFB00010F0
94104 +:1066C00094460002008098218C5200182CC300814F
94105 +:1066D0008C4800048C4700088C51000C8C49001039
94106 +:1066E000106000078C4A00142CC4000414800013AE
94107 +:1066F00030EB000730C5000310A0001000000000C0
94108 +:106700002410008B02002021022028210E00039873
94109 +:10671000240600031660000224020003000010217A
94110 +:106720008FBF00208FB3001C8FB200188FB10014F0
94111 +:106730008FB0001003E0000827BD00281560FFF1AE
94112 +:106740002410008B3C0C80003C030020241F00011F
94113 +:10675000AD830030AF9F0044000000000000000047
94114 +:10676000000000002419FFF024D8000F031978243A
94115 +:106770003C1000D0AD88003801F0702524CD000316
94116 +:106780003C08600EAD87003C35850400AD8E0030BE
94117 +:10679000000D38823504003C3C0380008C6B000007
94118 +:1067A000316200201040FFFD0000000010E00008F2
94119 +:1067B00024E3FFFF2407FFFF8CA800002463FFFFF2
94120 +:1067C00024A50004AC8800001467FFFB24840004A7
94121 +:1067D0003C05600EACA60038000000000000000080
94122 +:1067E000000000008F8600543C0400203C0780001D
94123 +:1067F000ACE4003054C000060120202102402021DA
94124 +:106800000E0003A7000080210A00041D02002021C1
94125 +:106810000E0003DD01402821024020210E0003A7C5
94126 +:10682000000080210A00041D0200202127BDFFE096
94127 +:10683000AFB200183092FFFFAFB10014AFBF001C21
94128 +:10684000AFB000101640000D000088210A0004932C
94129 +:106850000220102124050003508500278CE5000C40
94130 +:106860000000000D262800013111FFFF24E2002066
94131 +:106870000232802B12000019AF8200588F82004430
94132 +:10688000144000168F8700583C0670003C0320001F
94133 +:106890008CE5000000A62024148300108F84006083
94134 +:1068A000000544023C09800000A980241480FFE90F
94135 +:1068B000310600FF2CCA000B5140FFEB26280001D7
94136 +:1068C000000668803C0E080025CE575801AE6021B6
94137 +:1068D0008D8B0000016000080000000002201021E4
94138 +:1068E0008FBF001C8FB200188FB100148FB0001042
94139 +:1068F00003E0000827BD00200E0003982404008454
94140 +:106900001600FFD88F8700580A000474AF8000601B
94141 +:10691000020028210E0003BF240400018F870058C5
94142 +:106920000A000474AF820060020028210E0003BF39
94143 +:10693000000020210A0004A38F8700580E000404E1
94144 +:10694000020020218F8700580A000474AF82006083
94145 +:1069500030AFFFFF000F19C03C0480008C9001B8DD
94146 +:106960000600FFFE3C1920043C181000AC83018097
94147 +:10697000AC800184AC990188AC9801B80A00047518
94148 +:106980002628000190E2000390E30002000020218D
94149 +:106990000002FE0000033A0000FF2825240600083C
94150 +:1069A0000E000398000000001600FFDC2402000324
94151 +:1069B0008F870058000010210A000474AF82006025
94152 +:1069C00090E8000200002021240600090A0004C308
94153 +:1069D00000082E0090E4000C240900FF308500FF21
94154 +:1069E00010A900150000302190F9000290F8000372
94155 +:1069F000308F00FF94EB000400196E000018740043
94156 +:106A0000000F62000186202501AE5025014B28258C
94157 +:106A10003084FF8B0A0004C32406000A90E30002BE
94158 +:106A200090FF0004000020210003360000DF28252D
94159 +:106A30000A0004C32406000B0A0004D52406008BB8
94160 +:106A4000000449C23127003F000443423C02800059
94161 +:106A500000082040240316802CE60020AC43002CC4
94162 +:106A600024EAFFE02482000114C0000330A900FFE3
94163 +:106A700000801021314700FF000260803C0D800043
94164 +:106A8000240A0001018D20213C0B000E00EA28049D
94165 +:106A9000008B302111200005000538278CCE000026
94166 +:106AA00001C5382503E00008ACC700008CD8000001
94167 +:106AB0000307782403E00008ACCF000027BDFFE007
94168 +:106AC000AFB10014AFB00010AFBF00183C076000BA
94169 +:106AD0008CE408083402F0003C1160003083F000C0
94170 +:106AE000240501C03C04800E000030211062000625
94171 +:106AF000241000018CEA08083149F0003928E00030
94172 +:106B00000008382B000780403C0D0200AE2D081411
94173 +:106B1000240C16803C0B80008E2744000E000F8B47
94174 +:106B2000AD6C002C120000043C02169124050001FB
94175 +:106B3000120500103C023D2C345800E0AE384408E9
94176 +:106B40003C1108008E31007C8FBF00183C066000AD
94177 +:106B500000118540360F16808FB100148FB00010E1
94178 +:106B60003C0E020027BD0020ACCF442003E000080B
94179 +:106B7000ACCE08103C0218DA345800E0AE384408B5
94180 +:106B80003C1108008E31007C8FBF00183C0660006D
94181 +:106B900000118540360F16808FB100148FB00010A1
94182 +:106BA0003C0E020027BD0020ACCF442003E00008CB
94183 +:106BB000ACCE08100A0004EB240500010A0004EB27
94184 +:106BC0000000282124020400A7820024A780001CC2
94185 +:106BD000000020213C06080024C65A582405FFFF67
94186 +:106BE00024890001000440803124FFFF01061821A0
94187 +:106BF0002C87002014E0FFFAAC6500002404040098
94188 +:106C0000A7840026A780001E000020213C06080063
94189 +:106C100024C65AD82405FFFF248D0001000460809B
94190 +:106C200031A4FFFF018658212C8A00201540FFFA6D
94191 +:106C3000AD650000A7800028A7800020A780002263
94192 +:106C4000000020213C06080024C65B582405FFFFF5
94193 +:106C5000249900010004C0803324FFFF030678213B
94194 +:106C60002C8E000415C0FFFAADE500003C05600065
94195 +:106C70008CA73D002403E08F00E31024344601403C
94196 +:106C800003E00008ACA63D002487007F000731C266
94197 +:106C900024C5FFFF000518C2246400013082FFFFF5
94198 +:106CA000000238C0A78400303C010800AC27003047
94199 +:106CB000AF80002C0000282100002021000030219E
94200 +:106CC0002489000100A728213124FFFF2CA81701E7
94201 +:106CD000110000032C8300801460FFF924C600011A
94202 +:106CE00000C02821AF86002C10C0001DA786002AF6
94203 +:106CF00024CAFFFF000A11423C08080025085B581F
94204 +:106D00001040000A00002021004030212407FFFF2E
94205 +:106D1000248E00010004688031C4FFFF01A86021B7
94206 +:106D20000086582B1560FFFAAD87000030A2001FC7
94207 +:106D30005040000800043080240300010043C804D0
94208 +:106D400000041080004878212738FFFF03E0000886
94209 +:106D5000ADF8000000C820212405FFFFAC8500002D
94210 +:106D600003E000080000000030A5FFFF30C6FFFF71
94211 +:106D700030A8001F0080602130E700FF0005294295
94212 +:106D80000000502110C0001D24090001240B000147
94213 +:106D900025180001010B2004330800FF0126782686
94214 +:106DA000390E00202DED00012DC2000101A2182591
94215 +:106DB0001060000D014450250005C880032C4021BF
94216 +:106DC0000100182110E0000F000A20278D040000A8
94217 +:106DD000008A1825AD03000024AD00010000402109
94218 +:106DE0000000502131A5FFFF252E000131C9FFFF12
94219 +:106DF00000C9102B1040FFE72518000103E0000830
94220 +:106E0000000000008D0A0000014440240A0005D162
94221 +:106E1000AC68000027BDFFE830A5FFFF30C6FFFFCC
94222 +:106E2000AFB00010AFBF001430E7FFFF00005021EB
94223 +:106E30003410FFFF0000602124AF001F00C0482174
94224 +:106E4000241800012419002005E0001601E010219B
94225 +:106E50000002F943019F682A0009702B01AE40240B
94226 +:106E600011000017000C18800064102110E00005CC
94227 +:106E70008C4B000000F840040008382301675824B8
94228 +:106E800000003821154000410000402155600016E7
94229 +:106E90003169FFFF258B0001316CFFFF05E1FFEC3D
94230 +:106EA00001E0102124A2003E0002F943019F682A5C
94231 +:106EB0000009702B01AE40241500FFEB000C188078
94232 +:106EC000154600053402FFFF020028210E0005B51B
94233 +:106ED00000003821020010218FBF00148FB0001075
94234 +:106EE00003E0000827BD00181520000301601821E9
94235 +:106EF000000B1C0224080010306A00FF154000053A
94236 +:106F0000306E000F250D000800031A0231A800FFA3
94237 +:106F1000306E000F15C00005307F000325100004FF
94238 +:106F200000031902320800FF307F000317E000055C
94239 +:106F3000386900012502000200031882304800FF72
94240 +:106F4000386900013123000110600004310300FFA3
94241 +:106F5000250A0001314800FF310300FF000C6940A1
94242 +:106F600001A34021240A000110CAFFD53110FFFF00
94243 +:106F7000246E000131C800FF1119FFC638C9000195
94244 +:106F80002D1F002053E0001C258B0001240D000163
94245 +:106F90000A000648240E002051460017258B0001E8
94246 +:106FA00025090001312800FF2D0900205120001281
94247 +:106FB000258B000125430001010D5004014B1024D5
94248 +:106FC000250900011440FFF4306AFFFF3127FFFF5D
94249 +:106FD00010EE000C2582FFFF304CFFFF0000502117
94250 +:106FE0003410FFFF312800FF2D0900205520FFF24B
94251 +:106FF00025430001258B0001014648260A000602B0
94252 +:10700000316CFFFF00003821000050210A000654B7
94253 +:107010003410FFFF27BDFFD8AFB0001030F0FFFFE6
94254 +:10702000AFB10014001039423211FFE000071080A8
94255 +:10703000AFB3001C00B1282330D3FFFFAFB200185C
94256 +:1070400030A5FFFF00809021026030210044202104
94257 +:10705000AFBF00200E0005E03207001F022288218A
94258 +:107060003403FFFF0240202102002821026030216A
94259 +:1070700000003821104300093231FFFF02201021A7
94260 +:107080008FBF00208FB3001C8FB200188FB1001487
94261 +:107090008FB0001003E0000827BD00280E0005E0B7
94262 +:1070A0000000000000408821022010218FBF002036
94263 +:1070B0008FB3001C8FB200188FB100148FB0001076
94264 +:1070C00003E0000827BD0028000424003C03600002
94265 +:1070D000AC603D0810A00002348210063482101605
94266 +:1070E00003E00008AC623D0427BDFFE0AFB0001034
94267 +:1070F000309000FF2E020006AFBF001810400008BD
94268 +:10710000AFB10014001030803C03080024635784A2
94269 +:1071100000C328218CA400000080000800000000AB
94270 +:10712000000020218FBF00188FB100148FB0001015
94271 +:107130000080102103E0000827BD00209791002A5D
94272 +:1071400016200051000020213C020800904200332C
94273 +:107150000A0006BB00000000978D002615A0003134
94274 +:10716000000020210A0006BB2402000897870024A3
94275 +:1071700014E0001A00001821006020212402000100
94276 +:107180001080FFE98FBF0018000429C2004530219C
94277 +:1071900000A6582B1160FFE43C0880003C0720004B
94278 +:1071A000000569C001A76025AD0C00203C038008E4
94279 +:1071B0002402001F2442FFFFAC6000000441FFFDD9
94280 +:1071C0002463000424A5000100A6702B15C0FFF560
94281 +:1071D000000569C00A0006A58FBF00189787001C2C
94282 +:1071E0003C04080024845A58240504000E0006605C
94283 +:1071F00024060001978B002424440001308AFFFFFD
94284 +:107200002569FFFF2D48040000402821150000409B
94285 +:10721000A789002424AC3800000C19C00A0006B964
94286 +:10722000A780001C9787001E3C04080024845AD8BD
94287 +:10723000240504000E00066024060001979900262C
94288 +:10724000244400013098FFFF272FFFFF2F0E04007A
94289 +:107250000040882115C0002CA78F0026A780001EA3
94290 +:107260003A020003262401003084FFFF0E00068D41
94291 +:107270002C4500010011F8C027F00100001021C0CA
94292 +:107280000A0006BB240200089785002E978700227B
94293 +:107290003C04080024845B580E00066024060001AC
94294 +:1072A0009787002A8F89002C2445000130A8FFFF12
94295 +:1072B00024E3FFFF0109302B0040802114C0001897
94296 +:1072C000A783002AA7800022978500300E000F7543
94297 +:1072D00002002021244A05003144FFFF0E00068DE4
94298 +:1072E000240500013C05080094A500320E000F752E
94299 +:1072F00002002021244521003C0208009042003376
94300 +:107300000A0006BB000521C00A0006F3A784001E80
94301 +:1073100024AC3800000C19C00A0006B9A784001C70
94302 +:107320000A00070DA7850022308400FF27BDFFE873
94303 +:107330002C820006AFBF0014AFB000101040001543
94304 +:1073400000A03821000440803C0308002463579CBF
94305 +:10735000010328218CA40000008000080000000028
94306 +:1073600024CC007F000751C2000C59C23170FFFFCE
94307 +:107370002547C40030E5FFFF2784001C02003021B0
94308 +:107380000E0005B52407000197860028020620217B
94309 +:10739000A78400288FBF00148FB0001003E00008FE
94310 +:1073A00027BD00183C0508008CA50030000779C2F5
94311 +:1073B0000E00038125E4DF003045FFFF3C04080098
94312 +:1073C00024845B58240600010E0005B52407000143
94313 +:1073D000978E002A8FBF00148FB0001025CD0001BA
94314 +:1073E00027BD001803E00008A78D002A0007C9C2C6
94315 +:1073F0002738FF00001878C231F0FFFF3C04080076
94316 +:1074000024845AD802002821240600010E0005B564
94317 +:1074100024070001978D0026260E0100000E84002F
94318 +:1074200025AC00013C0B6000A78C0026AD603D0838
94319 +:1074300036040006000030213C0760008CE23D0469
94320 +:10744000305F000617E0FFFD24C9000100061B00A5
94321 +:10745000312600FF006440252CC50004ACE83D0443
94322 +:1074600014A0FFF68FBF00148FB0001003E00008D7
94323 +:1074700027BD0018000751C22549C8002406000195
94324 +:10748000240700013C04080024845A580E0005B566
94325 +:107490003125FFFF978700248FBF00148FB00010A5
94326 +:1074A00024E6000127BD001803E00008A786002499
94327 +:1074B0003C0660183C090800252900FCACC9502C8A
94328 +:1074C0008CC850003C0580003C020002350700805B
94329 +:1074D000ACC750003C04080024841FE03C030800B3
94330 +:1074E00024631F98ACA50008ACA2000C3C01080066
94331 +:1074F000AC2459A43C010800AC2359A803E00008BF
94332 +:107500002402000100A030213C1C0800279C59AC3B
94333 +:107510003C0C04003C0B0002008B3826008C4026FB
94334 +:107520002CE200010007502B2D050001000A4880C5
94335 +:107530003C030800246359A4004520250123182199
94336 +:107540001080000300001021AC660000240200013E
94337 +:1075500003E00008000000003C1C0800279C59AC18
94338 +:107560003C0B04003C0A0002008A3026008B3826BF
94339 +:107570002CC200010006482B2CE5000100094080C8
94340 +:107580003C030800246359A4004520250103182169
94341 +:1075900010800005000010213C0C0800258C1F986D
94342 +:1075A000AC6C00002402000103E0000800000000B1
94343 +:1075B0003C0900023C080400008830260089382677
94344 +:1075C0002CC30001008028212CE400010083102539
94345 +:1075D0001040000B000030213C1C0800279C59ACD7
94346 +:1075E0003C0A80008D4E00082406000101CA68256F
94347 +:1075F000AD4D00088D4C000C01855825AD4B000C9D
94348 +:1076000003E0000800C010213C1C0800279C59AC76
94349 +:107610003C0580008CA6000C0004202724020001F9
94350 +:1076200000C4182403E00008ACA3000C3C020002D4
94351 +:107630001082000B3C0560003C070400108700032B
94352 +:107640000000000003E00008000000008CA908D042
94353 +:10765000240AFFFD012A402403E00008ACA808D05A
94354 +:107660008CA408D02406FFFE0086182403E000083E
94355 +:10767000ACA308D03C05601A34A600108CC300806F
94356 +:1076800027BDFFF88CC50084AFA3000093A40000C1
94357 +:107690002402001010820003AFA5000403E00008DC
94358 +:1076A00027BD000893A7000114E0001497AC000266
94359 +:1076B00097B800023C0F8000330EFFFC01CF682119
94360 +:1076C000ADA50000A3A000003C0660008CC708D058
94361 +:1076D0002408FFFE3C04601A00E82824ACC508D04A
94362 +:1076E0008FA300048FA200003499001027BD00086A
94363 +:1076F000AF22008003E00008AF2300843C0B800031
94364 +:10770000318AFFFC014B48218D2800000A00080C3B
94365 +:10771000AFA8000427BDFFE8AFBF00103C1C080065
94366 +:10772000279C59AC3C0580008CA4000C8CA2000462
94367 +:107730003C0300020044282410A0000A00A31824DF
94368 +:107740003C0604003C0400021460000900A610245A
94369 +:107750001440000F3C0404000000000D3C1C080015
94370 +:10776000279C59AC8FBF001003E0000827BD00180C
94371 +:107770003C0208008C4259A40040F80900000000B7
94372 +:107780003C1C0800279C59AC0A0008358FBF00102C
94373 +:107790003C0208008C4259A80040F8090000000093
94374 +:1077A0000A00083B000000003C0880008D0201B880
94375 +:1077B0000440FFFE35090180AD2400003C031000A9
94376 +:1077C00024040040AD250004A1240008A1260009DE
94377 +:1077D000A527000A03E00008AD0301B83084FFFFCD
94378 +:1077E0000080382130A5FFFF000020210A00084555
94379 +:1077F000240600803087FFFF8CA400002406003898
94380 +:107800000A000845000028218F8300788F860070C9
94381 +:107810001066000B008040213C07080024E75B68ED
94382 +:10782000000328C000A710218C440000246300013D
94383 +:10783000108800053063000F5466FFFA000328C06B
94384 +:1078400003E00008000010213C07080024E75B6CFF
94385 +:1078500000A7302103E000088CC200003C03900028
94386 +:1078600034620001008220253C038000AC640020CB
94387 +:107870008C65002004A0FFFE0000000003E000086B
94388 +:10788000000000003C0280003443000100832025FA
94389 +:1078900003E00008AC44002027BDFFE0AFB10014B6
94390 +:1078A0003091FFFFAFB00010AFBF001812200013DF
94391 +:1078B00000A080218CA20000240400022406020003
94392 +:1078C0001040000F004028210E0007250000000096
94393 +:1078D00000001021AE000000022038218FBF0018E8
94394 +:1078E0008FB100148FB0001000402021000028212B
94395 +:1078F000000030210A00084527BD00208CA20000AE
94396 +:10790000022038218FBF00188FB100148FB00010F3
94397 +:107910000040202100002821000030210A000845F5
94398 +:1079200027BD002000A010213087FFFF8CA5000498
94399 +:107930008C4400000A000845240600068F83FD9C45
94400 +:1079400027BDFFE8AFBF0014AFB00010906700087C
94401 +:10795000008010210080282130E600400000202116
94402 +:1079600010C000088C5000000E0000BD0200202155
94403 +:10797000020020218FBF00148FB000100A000548BC
94404 +:1079800027BD00180E0008A4000000000E0000BD76
94405 +:1079900002002021020020218FBF00148FB00010B0
94406 +:1079A0000A00054827BD001827BDFFE0AFB0001052
94407 +:1079B0008F90FD9CAFBF001CAFB20018AFB1001498
94408 +:1079C00092060001008088210E00087230D2000467
94409 +:1079D00092040005001129C2A6050000348300406E
94410 +:1079E000A20300050E00087C022020210E00054A9B
94411 +:1079F0000220202124020001AE02000C02202821D6
94412 +:107A0000A602001024040002A602001224060200AE
94413 +:107A1000A60200140E000725A60200161640000F4D
94414 +:107A20008FBF001C978C00743C0B08008D6B007896
94415 +:107A30002588FFFF3109FFFF256A0001012A382B45
94416 +:107A400010E00006A78800743C0F6006240E0016A4
94417 +:107A500035ED0010ADAE00508FBF001C8FB2001886
94418 +:107A60008FB100148FB0001003E0000827BD002084
94419 +:107A700027BDFFE0AFB10014AFBF0018AFB00010DA
94420 +:107A80001080000400A088212402008010820007DA
94421 +:107A9000000000000000000D8FBF00188FB100141F
94422 +:107AA0008FB0001003E0000827BD00200E00087210
94423 +:107AB00000A020218F86FD9C0220202190C500057A
94424 +:107AC0000E00087C30B000FF2403003E1603FFF1D7
94425 +:107AD0003C0680008CC401780480FFFE34C801405D
94426 +:107AE000240900073C071000AD11000002202021EE
94427 +:107AF000A10900048FBF00188FB100148FB00010CF
94428 +:107B0000ACC701780A0008C527BD002027BDFFE0EB
94429 +:107B1000AFB00010AFBF0018AFB100143C10800030
94430 +:107B20008E110020000000000E00054AAE04002067
94431 +:107B3000AE1100208FBF00188FB100148FB000105D
94432 +:107B400003E0000827BD00203084FFFF00803821BB
94433 +:107B50002406003500A020210A0008450000282145
94434 +:107B60003084FFFF008038212406003600A0202149
94435 +:107B70000A0008450000282127BDFFD0AFB500242A
94436 +:107B80003095FFFFAFB60028AFB40020AFBF002C88
94437 +:107B9000AFB3001CAFB20018AFB10014AFB000100B
94438 +:107BA00030B6FFFF12A000270000A0218F920058DE
94439 +:107BB0008E4300003C0680002402004000033E0289
94440 +:107BC00000032C0230E4007F006698241482001D1C
94441 +:107BD00030A500FF8F8300682C68000A1100001098
94442 +:107BE0008F8D0044000358803C0C0800258C57B84A
94443 +:107BF000016C50218D4900000120000800000000A8
94444 +:107C000002D4302130C5FFFF0E0008522404008446
94445 +:107C1000166000028F920058AF8000688F8D00447C
94446 +:107C20002659002026980001032090213314FFFFDD
94447 +:107C300015A00004AF9900580295202B1480FFDC9A
94448 +:107C400000000000028010218FBF002C8FB600289A
94449 +:107C50008FB500248FB400208FB3001C8FB20018A2
94450 +:107C60008FB100148FB0001003E0000827BD003072
94451 +:107C70002407003414A70149000000009247000EB9
94452 +:107C80008F9FFDA08F90FD9C24181600A3E700197C
94453 +:107C90009242000D3C0880003C07800CA3E20018D3
94454 +:107CA000964A00123C0D60003C117FFFA60A005C62
94455 +:107CB000964400103623FFFF240200053099FFFF91
94456 +:107CC000AE1900548E46001CAD1800288CEF000041
94457 +:107CD0008DAE444801E6482601C93021AE06003881
94458 +:107CE0008E05003824CB00013C0E7F00AE05003C21
94459 +:107CF0008E0C003CAFEC0004AE0B00208E13002075
94460 +:107D0000AE13001CA3E0001BAE03002CA3E2001284
94461 +:107D10008E4A001424130050AE0A00348E0400343E
94462 +:107D2000AFE400148E590018AE1900489258000CA8
94463 +:107D3000A218004E920D000835AF0020A20F0008D7
94464 +:107D40008E090018012E282434AC4000AE0C001817
94465 +:107D5000920B0000317200FF1253027F2403FF8058
94466 +:107D60003C04080024845BE80E0008AA0000000020
94467 +:107D70003C1108008E315BE80E00087202202021C1
94468 +:107D80002405000424080001A2050025022020216A
94469 +:107D90000E00087CA20800053C0580008CB001782C
94470 +:107DA0000600FFFE8F92005834AE0140240F0002FF
94471 +:107DB0003C091000ADD10000A1CF0004ACA90178AE
94472 +:107DC0000A000962AF8000682CAD003751A0FF9413
94473 +:107DD0008F8D0044000580803C110800263157E05B
94474 +:107DE000021178218DEE000001C0000800000000A3
94475 +:107DF0002411000414B1008C3C0780003C080800EA
94476 +:107E00008D085BE88F86FD9CACE800208E4500085D
94477 +:107E10008F99FDA0240D0050ACC500308E4C000899
94478 +:107E2000ACCC00508E4B000CACCB00348E43001019
94479 +:107E3000ACC300388E4A0010ACCA00548E42001405
94480 +:107E4000ACC2003C8E5F0018AF3F00048E50001C97
94481 +:107E5000ACD0002090C40000309800FF130D024AFF
94482 +:107E6000000000008CC400348CD00030009030231F
94483 +:107E700004C000F12404008C126000EE2402000310
94484 +:107E80000A000962AF8200682419000514B900666F
94485 +:107E90003C0580003C0808008D085BE88F86FD9C4F
94486 +:107EA000ACA800208E4C00048F8AFDA0240720007F
94487 +:107EB000ACCC001C924B000824120008A14B001906
94488 +:107EC0008F82005890430009A14300188F85005805
94489 +:107ED00090BF000A33E400FF1092001028890009C7
94490 +:107EE000152000BA240E0002240D0020108D000B76
94491 +:107EF000340780002898002117000008240740005C
94492 +:107F000024100040109000053C0700012419008057
94493 +:107F1000109900023C070002240740008CC20018A0
94494 +:107F20003C03FF00004350240147F825ACDF001854
94495 +:107F300090B2000BA0D200278F8300589464000CED
94496 +:107F4000108001FE000000009467000C3C1F8000C0
94497 +:107F50002405FFBFA4C7005C9063000E2407000443
94498 +:107F6000A0C300088F820058904A000FA0CA0009E1
94499 +:107F70008F8900588D3200108FE400740244C823AA
94500 +:107F8000ACD900588D300014ACD0002C95380018B6
94501 +:107F9000330DFFFFACCD00409531001A322FFFFFAB
94502 +:107FA000ACCF00448D2E001CACCE00489128000EB2
94503 +:107FB000A0C8000890CC000801855824126001B6C2
94504 +:107FC000A0CB00088F9200580A000962AF870068B2
94505 +:107FD0002406000614A600143C0E80003C0F080086
94506 +:107FE0008DEF5BE88F85FD98ADCF00208E4900189E
94507 +:107FF0008F86FD9C8F8BFDA0ACA900008CC800383B
94508 +:1080000024040005ACA800048CCC003C1260008164
94509 +:10801000AD6C00000A000962AF84006824110007FB
94510 +:1080200010B1004B240400063C05080024A55BE8C1
94511 +:108030000E000881240400818F9200580013102B39
94512 +:108040000A000962AF820068241F002314BFFFF6F4
94513 +:108050003C0C80003C0508008CA55BE88F8BFDA0E4
94514 +:10806000AD8500208F91FD9C8E4600042564002084
94515 +:1080700026450014AE260028240600030E000F81BA
94516 +:10808000257000308F87005802002021240600034D
94517 +:108090000E000F8124E500083C04080024845BE8FE
94518 +:1080A0000E0008AA0000000092230000240A0050DD
94519 +:1080B000306200FF544AFFE18F9200580E000F6CAF
94520 +:1080C000000000000A000A6A8F920058240800335A
94521 +:1080D00014A800323C0380003C1108008E315BE89C
94522 +:1080E0008F8FFDA0AC7100208E420008240D002867
94523 +:1080F0008F89FD9CADE200308E4A000C24060009F9
94524 +:10810000ADEA00348E5F0010ADFF00388E440014DD
94525 +:10811000ADE400208E590018ADF900248E58001CE3
94526 +:10812000ADF80028A1ED00118E4E00041260003160
94527 +:10813000AD2E00288F9200580A000962AF860068B1
94528 +:10814000240D002214ADFFB8000000002404000735
94529 +:108150003C1008008E105BE83C188000AF10002037
94530 +:108160005660FEAEAF8400683C04080024845BE8DF
94531 +:108170000E0008AA241300508F84FD9C90920000EA
94532 +:10818000325900FF1333014B000000008F9200585A
94533 +:10819000000020210A000962AF8400683C05080045
94534 +:1081A00024A55BE80E000858240400810A000A6A2E
94535 +:1081B0008F92005802D498213265FFFF0E000852BA
94536 +:1081C000240400840A0009628F920058108EFF5325
94537 +:1081D000240704002887000310E00179241100041B
94538 +:1081E000240F0001548FFF4D240740000A000A228B
94539 +:1081F000240701003C05080024A55BE80E0008A444
94540 +:10820000240400828F920058000030210A00096285
94541 +:10821000AF8600683C04080024845BE88CC2003808
94542 +:108220000E0008AA8CC3003C8F9200580A000AC0B6
94543 +:1082300000002021240400823C05080024A55BE8FE
94544 +:108240000E0008A4000000008F92005800001021CA
94545 +:108250000A000962AF8200688E5000048F91FD9C75
94546 +:108260003C078000ACF00020922C00050200282181
94547 +:10827000318B0002156001562404008A8F92FDA004
94548 +:108280002404008D9245001B30A6002014C001502C
94549 +:1082900002002821922E00092408001231C900FF93
94550 +:1082A0001128014B240400810E00087202002021D5
94551 +:1082B0009258001B240F000402002021370D0042B9
94552 +:1082C000A24D001B0E00087CA22F00253C0580005B
94553 +:1082D0008CA401780480FFFE34B90140241F000201
94554 +:1082E000AF300000A33F00048F9200583C101000F4
94555 +:1082F000ACB001780A000A6B0013102B8E500004FA
94556 +:108300008F91FD9C3C038000AC700020922A0005F8
94557 +:108310000200282131420002144000172404008A80
94558 +:10832000922C00092412000402002821318B00FF46
94559 +:1083300011720011240400810E0008720200202135
94560 +:108340008F89FDA0240800122405FFFE912F001B39
94561 +:108350000200202135EE0020A12E001BA2280009DA
94562 +:108360009226000500C538240E00087CA2270005CF
94563 +:1083700002002821000020210E0009330000000027
94564 +:108380000A000A6A8F9200588E4C00043C07800055
94565 +:108390003C10080026105BE8ACEC00203C01080013
94566 +:1083A000AC2C5BE8924B0003317100041220013BBE
94567 +:1083B0008F84FD9C24020006A0820009924F001BBE
94568 +:1083C000240EFFC031E9003F012E4025A08800089F
94569 +:1083D0009245000330A6000114C0013200000000E5
94570 +:1083E0008E420008AE0200083C0208008C425BF09E
94571 +:1083F000104001318F90FDA0000219C28F8DFD9CAD
94572 +:10840000A603000C8E4A000C24180001240400145A
94573 +:10841000AE0A002C8E420010AE02001C965F0016C1
94574 +:10842000A61F003C96590014A619003EADB8000CDA
94575 +:10843000A5B80010A5B80012A5B80014A5B800167C
94576 +:1084400012600144A2040011925100033232000272
94577 +:108450002E5300018F920058266200080A0009621C
94578 +:10846000AF8200688E4400043C1980003C068008FE
94579 +:10847000AF2400208E45000890D80000240D005045
94580 +:10848000331100FF122D009C2407008824060009E8
94581 +:108490000E000845000000000A000A6A8F9200588A
94582 +:1084A0008E5000043C0980003C118008AD30002053
94583 +:1084B0009228000024050050310400FF10850110AF
94584 +:1084C0002407008802002021000028210E00084512
94585 +:1084D0002406000E922D00002418FF80020028219F
94586 +:1084E00001B8802524040004240600300E0007256E
94587 +:1084F000A23000000A000A6A8F9200588E500004D1
94588 +:108500008F91FDA03C028000AC500020923F001BE8
94589 +:1085100033F900101320006C240700810200202191
94590 +:10852000000028212406001F0E000845000000005E
94591 +:108530000A000A6A8F9200588E44001C0E00085DE3
94592 +:1085400000000000104000E3004048218F880058E0
94593 +:1085500024070089012020218D05001C240600012C
94594 +:108560000E000845000000000A000A6A8F920058B9
94595 +:10857000964900023C10080026105BE831280004F0
94596 +:10858000110000973C0460008E4E001C3C0F8000E0
94597 +:10859000ADEE00203C010800AC2E5BE896470002DF
94598 +:1085A00030E40001148000E6000000008E42000468
94599 +:1085B000AE0200083C1008008E105BF0120000ECC8
94600 +:1085C0003C0F80008F92FD9C241000018E4E0018FD
94601 +:1085D0008F8DFDA08F9FFD9801CF4825AE490018D3
94602 +:1085E000A2400005AE50000C3C0808008D085BF06E
94603 +:1085F0008F840058A6500010000839C2A6500012FF
94604 +:10860000A6500014A6500016A5A7000C8C8C0008DC
94605 +:108610008F8B00588F8A0058ADAC002C8D63000CF6
94606 +:1086200024070002ADA3001C91460010A1A6001172
94607 +:108630008F82005890450011A3E500088F990058DB
94608 +:1086400093380012A258004E8F910058922F0013B9
94609 +:10865000A1AF00128F920058964E0014A5AE003CB8
94610 +:1086600096490016A5A9003E8E480018ADA8001432
94611 +:108670005660FD6AAF8700683C05080024A55BE8EA
94612 +:108680000E000881000020218F9200580000382140
94613 +:108690000A000962AF8700683C05080024A55BE872
94614 +:1086A0000E0008A4240400828F9200580A000A4D8C
94615 +:1086B000000038210E000F6C000000008F9200585F
94616 +:1086C0000A000AC0000020210E00087202002021CA
94617 +:1086D0009223001B02002021346A00100E00087C47
94618 +:1086E000A22A001B000038210200202100002821BE
94619 +:1086F0000A000BA52406001F9242000C305F000107
94620 +:1087000013E0000300000000964A000EA4CA002CEB
94621 +:10871000924B000C316300025060000600003821CB
94622 +:108720008E470014964C0012ACC7001CA4CC001A53
94623 +:10873000000038210A000B7F240600093C050800D0
94624 +:1087400024A55BE80E0008A42404008B8F92005837
94625 +:108750000A000A4D0013382B3C0C08008D8C5BE896
94626 +:1087600024DFFFFE25930100326B007F016790211B
94627 +:1087700002638824AD110028AE4600E0AE4000E45C
94628 +:108780000A0009B3AE5F001CACC000543C0D0800E9
94629 +:108790008DAD5BE83C18800C37090100ACED00287A
94630 +:1087A0008E510014AD3100E08E4F0014AD2F00E467
94631 +:1087B0008E4E001025C7FFFE0A0009F4AD27001CED
94632 +:1087C0005491FDD6240740000A000A222407100015
94633 +:1087D0000E00092D000000000A000A6A8F9200585E
94634 +:1087E0008C83442C3C12DEAD3651BEEF3C010800B8
94635 +:1087F000AC205BE810710062000000003C196C6264
94636 +:1088000037387970147800082404000297850074C2
94637 +:108810009782006C2404009200A2F82B13E0001948
94638 +:1088200002002821240400020E00069524050200FF
94639 +:108830003C068000ACC200203C010800AC225BE892
94640 +:108840001040000D8F8C0058240A002824040003D7
94641 +:10885000918B0010316300FF546A00012404000171
94642 +:108860000E0000810000000010400004240400837A
94643 +:108870000A000BC28F920058240400833C050800B4
94644 +:1088800024A55BE80E000881000000008F920058CC
94645 +:108890000013382B0A000962AF8700680A000B49F1
94646 +:1088A000240200128E4400080E00085D0000000043
94647 +:1088B0000A000B55AE0200083C05080024A55BE841
94648 +:1088C0000E000858240400878F9200580A000B728B
94649 +:1088D0000013102B240400040E000695240500301C
94650 +:1088E0001440002A004048218F8800582407008344
94651 +:1088F000012020218D05001C0A000BB32406000175
94652 +:108900008F8300788F8600701066FEEE000038219D
94653 +:108910003C07080024E75B6C000320C00087282187
94654 +:108920008CAE000011D0005D246F000131E3000F18
94655 +:108930005466FFFA000320C00A000B8C00003821A7
94656 +:108940008E4400040E00085D000000000A000BC801
94657 +:10895000AE0200083C05080024A55BE80E0008A450
94658 +:10896000240400828F9200580A000B72000010212C
94659 +:108970003C05080024A55BE80A000C7C2404008761
94660 +:108980008C83442C0A000C5B3C196C628F88005865
94661 +:108990003C0780083C0C8000240B0050240A000196
94662 +:1089A000AD820020A0EB0000A0EA000191030004CA
94663 +:1089B000A0E3001891040005A0E400199106000648
94664 +:1089C0003C04080024845B6CA0E6001A91020007B6
94665 +:1089D0003C06080024C65B68A0E2001B9105000865
94666 +:1089E000A0E5001C911F0009A0FF001D9119000ABD
94667 +:1089F000A0F9001E9118000BA0F8001F9112000CA6
94668 +:108A0000A0F200209111000DA0F100219110000EA4
94669 +:108A1000A0F00022910F000FA0EF0023910E001094
94670 +:108A2000A0EE0024910D0011A0ED0025950C00147E
94671 +:108A3000A4EC0028950B00168F8A00708F920078A6
94672 +:108A4000A4EB002A95030018000A10C02545000178
94673 +:108A5000A4E3002C8D1F001C0044C0210046C82147
94674 +:108A600030A5000FAF3F0000AF09000010B20006B4
94675 +:108A7000AF850070000038218D05001C01202021E9
94676 +:108A80000A000BB32406000124AD000131A7000F3A
94677 +:108A9000AF8700780A000CF9000038213C06080076
94678 +:108AA00024C65B680086902100003821ACA000003D
94679 +:108AB0000A000B8CAE4000003C0482013C036000C5
94680 +:108AC00034820E02AC603D68AF80009803E000087D
94681 +:108AD000AC623D6C27BDFFE8AFB000103090FFFFE7
94682 +:108AE000001018422C620041AFBF00141440000275
94683 +:108AF00024040080240300403C010800AC300060E6
94684 +:108B00003C010800AC2300640E000F7500602821B2
94685 +:108B1000244802BF2409FF8001092824001039805D
94686 +:108B2000001030408FBF00148FB0001000A720212C
94687 +:108B300000861821AF8300803C010800AC25005856
94688 +:108B40003C010800AC24005C03E0000827BD0018CD
94689 +:108B5000308300FF30C6FFFF30E400FF3C08800098
94690 +:108B60008D0201B80440FFFE000354000144382583
94691 +:108B70003C09600000E920253C031000AD050180A0
94692 +:108B8000AD060184AD04018803E00008AD0301B81F
94693 +:108B90008F8500583C0A6012354800108CAC0004E8
94694 +:108BA0003C0D600E35A60010318B00062D690001CA
94695 +:108BB000AD0900C48CA70004ACC731808CA20008AA
94696 +:108BC00094A40002ACC231848CA3001C0460000396
94697 +:108BD000A784009003E00008000000008CAF00189C
94698 +:108BE000ACCF31D08CAE001C03E00008ACCE31D449
94699 +:108BF0008F8500588F87FF288F86FF308CAE00044A
94700 +:108C00003C0F601235E80010ACEE00788CAD000827
94701 +:108C1000ACED007C8CAC0010ACCC004C8CAB000CF0
94702 +:108C2000ACCB004894CA00543C0208008C4200447B
94703 +:108C300025490001A4C9005494C400543083FFFFA7
94704 +:108C400010620017000000003C0208008C42004047
94705 +:108C5000A4C200528CA30018ACE300308CA2001414
94706 +:108C6000ACE2002C8CB90018ACF900388CB80014B8
94707 +:108C700024050001ACF800348D0600BC50C5001975
94708 +:108C80008D0200B48D0200B8A4E2004894E40048CC
94709 +:108C9000A4E4004A94E800EA03E000083102FFFF80
94710 +:108CA0003C0208008C420024A4C00054A4C200521C
94711 +:108CB0008CA30018ACE300308CA20014ACE2002CB2
94712 +:108CC0008CB90018ACF900388CB8001424050001E8
94713 +:108CD000ACF800348D0600BC54C5FFEB8D0200B823
94714 +:108CE0008D0200B4A4E2004894E40048A4E4004AE1
94715 +:108CF00094E800EA03E000083102FFFF8F86005885
94716 +:108D00003C0480008CC900088CC80008000929C0F8
94717 +:108D1000000839C0AC87002090C30007306200040F
94718 +:108D20001040003EAF85009490CB0007316A0008E8
94719 +:108D30001140003D8F87FF2C8CCD000C8CCE001491
94720 +:108D400001AE602B11800036000000008CC2000CC8
94721 +:108D5000ACE200708CCB00188F85FF288F88FF3025
94722 +:108D6000ACEB00748CCA00102402FFF8ACAA00D847
94723 +:108D70008CC9000CAD0900608CC4001CACA400D0F0
94724 +:108D800090E3007C0062C824A0F9007C90D8000722
94725 +:108D9000330F000811E000040000000090ED007C9B
94726 +:108DA00035AC0001A0EC007C90CF000731EE000153
94727 +:108DB00011C000060000000090E3007C241800347D
94728 +:108DC00034790002A0F9007CACB800DC90C2000746
94729 +:108DD0003046000210C000040000000090E8007C53
94730 +:108DE00035040004A0E4007C90ED007D3C0B600E97
94731 +:108DF000356A001031AC003FA0EC007D8D4931D4C4
94732 +:108E00003127000110E00002240E0001A0AE00098D
94733 +:108E100094AF00EA03E0000831E2FFFF8F87FF2CE8
94734 +:108E20000A000DAF8CC200140A000DB0ACE0007057
94735 +:108E30008F8C005827BDFFD8AFB3001CAFB200180D
94736 +:108E4000AFB00010AFBF0020AFB10014918F00157C
94737 +:108E50003C13600E3673001031EB000FA38B009CA7
94738 +:108E60008D8F00048D8B0008959F0012959900103E
94739 +:108E70009584001A9598001E958E001C33EDFFFF17
94740 +:108E8000332AFFFF3089FFFF3308FFFF31C7FFFFA1
94741 +:108E90003C010800AC2D00243C010800AC29004432
94742 +:108EA0003C010800AC2A0040AE683178AE67317CE6
94743 +:108EB00091850015959100163C12601236520010F3
94744 +:108EC00030A200FF3230FFFFAE623188AE5000B4F6
94745 +:108ED00091830014959F0018240600010066C804C1
94746 +:108EE00033F8FFFFAE5900B8AE5800BC918E0014A5
94747 +:108EF000AF8F00843C08600631CD00FFAE4D00C04E
94748 +:108F0000918A00159584000E3C07600A314900FFE4
94749 +:108F1000AF8B00883084FFFFAE4900C835110010C8
94750 +:108F20000E000D1034F004103C0208008C4200606A
94751 +:108F30003C0308008C6300643C0608008CC60058A3
94752 +:108F40003C0508008CA5005C8F8400808FBF00204A
94753 +:108F5000AE23004CAE65319CAE030054AE4500DC40
94754 +:108F6000AE6231A0AE6331A4AE663198AE22004845
94755 +:108F70008FB3001CAE0200508FB10014AE4200E06F
94756 +:108F8000AE4300E4AE4600D88FB000108FB2001898
94757 +:108F90000A00057D27BD0028978500929783007CF5
94758 +:108FA00027BDFFE8AFB0001000A3102BAFBF001427
94759 +:108FB000240400058F900058104000552409000239
94760 +:108FC0000E0006958F850080AF8200942404000374
94761 +:108FD0001040004F240900023C0680000E00008172
94762 +:108FE000ACC2002024070001240820001040004DDE
94763 +:108FF00024040005978E00928F8AFF2C24090050CC
94764 +:1090000025C50001A7850092A14900003C0D08007C
94765 +:109010008DAD0064240380008F84FF28000D66005E
94766 +:10902000AD4C0018A5400006954B000A8F85FF3017
94767 +:109030002402FF8001633024A546000A915F000AE4
94768 +:109040000000482103E2C825A159000AA0A0000899
94769 +:10905000A140004CA08000D5961800029783009094
94770 +:109060003C020004A49800EA960F00022418FFBFF7
94771 +:1090700025EE2401A48E00BE8E0D0004ACAD00448C
94772 +:109080008E0C0008ACAC0040A4A00050A4A000547A
94773 +:109090008E0B000C240C0030AC8B00288E060010C8
94774 +:1090A000AC860024A480003EA487004EA487005014
94775 +:1090B000A483003CAD420074AC8800D8ACA800602A
94776 +:1090C000A08700FC909F00D433F9007FA09900D4C2
94777 +:1090D000909000D402187824A08F00D4914E007C88
94778 +:1090E00035CD0001A14D007C938B009CAD480070F4
94779 +:1090F000AC8C00DCA08B00D68F8800888F87008422
94780 +:10910000AC8800C4AC8700C8A5400078A540007AB0
94781 +:109110008FBF00148FB000100120102103E0000861
94782 +:1091200027BD00188F8500940E0007258F860080CC
94783 +:109130000A000E9F2409000227BDFFE0AFB0001017
94784 +:109140008F900058AFB10014AFBF00188E09000413
94785 +:109150000E00054A000921C08E0800048F84FF28F4
94786 +:109160008F82FF30000839C03C068000ACC7002069
94787 +:10917000948500EA904300131460001C30B1FFFF97
94788 +:109180008F8CFF2C918B0008316A00401540000B3A
94789 +:10919000000000008E0D0004022030218FBF001857
94790 +:1091A0008FB100148FB00010240400220000382179
94791 +:1091B000000D29C00A000D2F27BD00200E000098C9
94792 +:1091C000000000008E0D0004022030218FBF001827
94793 +:1091D0008FB100148FB00010240400220000382149
94794 +:1091E000000D29C00A000D2F27BD00200E000090A1
94795 +:1091F000000000008E0D0004022030218FBF0018F7
94796 +:109200008FB100148FB00010240400220000382118
94797 +:10921000000D29C00A000D2F27BD002027BDFFE04B
94798 +:10922000AFB200183092FFFFAFB00010AFBF001C0C
94799 +:10923000AFB100141240001E000080218F8600583C
94800 +:109240008CC500002403000600053F02000514023F
94801 +:1092500030E4000714830016304500FF2CA80006F8
94802 +:1092600011000040000558803C0C0800258C58BCBB
94803 +:10927000016C50218D490000012000080000000011
94804 +:109280008F8E0098240D000111CD005024020002A1
94805 +:10929000AF820098260900013130FFFF24C800206A
94806 +:1092A0000212202B010030211480FFE5AF88005806
94807 +:1092B000020010218FBF001C8FB200188FB1001464
94808 +:1092C0008FB0001003E0000827BD00209387007EC8
94809 +:1092D00054E00034000030210E000DE700000000D3
94810 +:1092E0008F8600580A000EFF240200018F87009825
94811 +:1092F0002405000210E50031240400130000282199
94812 +:1093000000003021240700010E000D2F0000000096
94813 +:109310000A000F008F8600588F83009824020002F5
94814 +:109320001462FFF6240400120E000D9A00000000E3
94815 +:109330008F85009400403021240400120E000D2F70
94816 +:10934000000038210A000F008F8600588F83009894
94817 +:109350002411000310710029241F0002107FFFCE8A
94818 +:1093600026090001240400100000282100003021FB
94819 +:109370000A000F1D240700018F91009824060002A7
94820 +:109380001626FFF9240400100E000E410000000014
94821 +:10939000144000238F9800588F8600580A000EFF53
94822 +:1093A00024020003240400140E000D2F00002821C5
94823 +:1093B0008F8600580A000EFF240200020E000EA93C
94824 +:1093C000000000000A000F008F8600580E000D3FBD
94825 +:1093D00000000000241900022404001400002821C9
94826 +:1093E0000000302100003821AF9900980E000D2FA9
94827 +:1093F000000000000A000F008F8600580E000D5775
94828 +:10940000000000008F8500942419000200403021E4
94829 +:1094100024040010000038210A000F56AF9900986C
94830 +:109420000040382124040010970F0002000028217A
94831 +:109430000E000D2F31E6FFFF8F8600580A000F0047
94832 +:10944000AF9100988F84FF2C3C077FFF34E6FFFF2D
94833 +:109450008C8500182402000100A61824AC83001893
94834 +:1094600003E00008A08200053084FFFF30A5FFFF65
94835 +:109470001080000700001821308200011040000217
94836 +:1094800000042042006518211480FFFB00052840DD
94837 +:1094900003E000080060102110C000070000000079
94838 +:1094A0008CA2000024C6FFFF24A50004AC820000AB
94839 +:1094B00014C0FFFB2484000403E000080000000047
94840 +:1094C00010A0000824A3FFFFAC86000000000000ED
94841 +:1094D000000000002402FFFF2463FFFF1462FFFA74
94842 +:1094E0002484000403E0000800000000000411C010
94843 +:1094F00003E000082442024027BDFFE8AFB000109F
94844 +:1095000000808021AFBF00140E000F9600A0202124
94845 +:1095100000504821240AFF808FBF00148FB0001034
94846 +:10952000012A30243127007F3C08800A3C042100B6
94847 +:1095300000E8102100C428253C03800027BD001846
94848 +:10954000AC650024AF820038AC400000AC6500245C
94849 +:1095500003E00008AC4000403C0D08008DAD005811
94850 +:1095600000056180240AFF8001A45821016C482174
94851 +:10957000012A30243127007F3C08800C3C04210064
94852 +:1095800000E8102100C428253C038000AC650028B9
94853 +:10959000AF82003403E00008AC40002430A5FFFF98
94854 +:1095A0003C0680008CC201B80440FFFE3C086015F8
94855 +:1095B00000A838253C031000ACC40180ACC0018475
94856 +:1095C000ACC7018803E00008ACC301B83C0D08003B
94857 +:1095D0008DAD005800056180240AFF8001A4582148
94858 +:1095E000016C4021010A4824000931403107007F05
94859 +:1095F00000C728253C04200000A418253C02800058
94860 +:10960000AC43083003E00008AF80003427BDFFE81A
94861 +:10961000AFB0001000808021AFBF00140E000F9685
94862 +:1096200000A0202100504821240BFF80012B502452
94863 +:10963000000A39403128007F3C0620008FBF00140B
94864 +:109640008FB0001000E8282534C2000100A21825C0
94865 +:109650003C04800027BD0018AC83083003E00008FC
94866 +:10966000AF8000383C0580088CA700603C0680086D
94867 +:109670000087102B144000112C8340008CA8006040
94868 +:109680002D0340001060000F240340008CC90060CF
94869 +:109690000089282B14A00002008018218CC30060D0
94870 +:1096A00000035A42000B30803C0A0800254A59202A
94871 +:1096B00000CA202103E000088C8200001460FFF340
94872 +:1096C0002403400000035A42000B30803C0A08008B
94873 +:1096D000254A592000CA202103E000088C8200009E
94874 +:1096E0003C05800890A60008938400AB24C20001CA
94875 +:1096F000304200FF3043007F1064000C0002382726
94876 +:10970000A0A200083C0480008C85017804A0FFFE24
94877 +:109710008F8A00A0240900023C081000AC8A014096
94878 +:10972000A089014403E00008AC8801780A00101BFE
94879 +:1097300030E2008027BDFFD8AFB200188F9200A49E
94880 +:10974000AFBF0020AFB3001CAFB00010AFB100142A
94881 +:109750008F9300348E5900283C1000803C0EFFEFA0
94882 +:10976000AE7900008E580024A260000A35CDFFFFBC
94883 +:10977000AE7800049251002C3C0BFF9F356AFFFF2E
94884 +:10978000A271000C8E6F000C3C080040A271000B0F
94885 +:1097900001F06025018D4824012A382400E8302595
94886 +:1097A000AE66000C8E450004AE6000183C0400FF5D
94887 +:1097B000AE6500148E43002C3482FFFFA6600008C3
94888 +:1097C0000062F824AE7F00108E5900088F9000A030
94889 +:1097D000964E0012AE7900208E51000C31D83FFF1A
94890 +:1097E00000187980AE7100248E4D001401F06021C4
94891 +:1097F00031CB0001AE6D00288E4A0018000C41C22A
94892 +:10980000000B4B80AE6A002C8E46001C01093821EB
94893 +:10981000A667001CAE660030964500028E4400200C
94894 +:10982000A665001EAE64003492430033306200042B
94895 +:1098300054400006924700003C0280083443010077
94896 +:109840008C7F00D0AE7F0030924700008F860038BA
94897 +:10985000A0C700309245003330A4000250800007BA
94898 +:10986000925100018F880038240BFF80910A00304C
94899 +:10987000014B4825A1090030925100018F9000381A
94900 +:10988000240CFFBF2404FFDFA21100318F8D0038AC
94901 +:109890003C1880083711008091AF003C31EE007F0A
94902 +:1098A000A1AE003C8F890038912B003C016C502404
94903 +:1098B000A12A003C8F9F00388E68001493E6003C7C
94904 +:1098C0002D0700010007114000C4282400A218251C
94905 +:1098D000A3E3003C8F87003896590012A4F90032A8
94906 +:1098E0008E450004922E007C30B0000300107823D7
94907 +:1098F00031ED000300AD102131CC000215800002D3
94908 +:1099000024460034244600303C0280083443008062
94909 +:10991000907F007C00BFC824333800041700000289
94910 +:1099200024C2000400C010218F98003824190002BE
94911 +:10993000ACE20034A3190000924F003F8F8E003834
94912 +:109940003C0C8008358B0080A1CF00018F9100383E
94913 +:10995000924D003F8E440004A62D0002956A005CE3
94914 +:109960000E000FF43150FFFF00024B800209382532
94915 +:109970003C08420000E82825AE2500048E4400384B
94916 +:109980008F850038ACA400188E460034ACA6001CAD
94917 +:10999000ACA0000CACA00010A4A00014A4A0001661
94918 +:1099A000A4A00020A4A00022ACA000248E62001479
94919 +:1099B00050400001240200018FBF00208FB3001C23
94920 +:1099C0008FB200188FB100148FB00010ACA2000845
94921 +:1099D0000A00101327BD002827BDFFC83C058008DA
94922 +:1099E00034A40080AFBF0034AFBE0030AFB7002C4E
94923 +:1099F000AFB60028AFB50024AFB40020AFB3001C51
94924 +:109A0000AFB20018AFB10014AFB00010948300786B
94925 +:109A10009482007A104300512405FFFF0080F0215A
94926 +:109A20000A0011230080B821108B004D8FBF003435
94927 +:109A30008F8600A03C1808008F18005C2411FF805E
94928 +:109A40003C1680000306782101F18024AED0002C62
94929 +:109A500096EE007A31EC007F3C0D800E31CB7FFF1B
94930 +:109A6000018D5021000B4840012AA82196A4000036
94931 +:109A70003C0808008D0800582405FF8030953FFF02
94932 +:109A800001061821001539800067C8210325F82434
94933 +:109A90003C02010003E290253338007F3C11800C2A
94934 +:109AA000AED20028031190219250000D320F000415
94935 +:109AB00011E0003702E0982196E3007A96E8007AF8
94936 +:109AC00096E5007A2404800031077FFF24E300013B
94937 +:109AD00030627FFF00A4F82403E2C825A6F9007ACB
94938 +:109AE00096E6007A3C1408008E94006030D67FFF22
94939 +:109AF00012D400C1000000008E5800188F8400A00E
94940 +:109B000002A028212713FFFF0E000FCEAE53002C1A
94941 +:109B100097D5007897D4007A12950010000028217C
94942 +:109B20003C098008352401003C0A8008914800085F
94943 +:109B3000908700D53114007F30E400FF0284302B81
94944 +:109B400014C0FFB9268B0001938E00AB268C000158
94945 +:109B5000008E682115ACFFB78F8600A08FBF003440
94946 +:109B60008FBE00308FB7002C8FB600288FB5002431
94947 +:109B70008FB400208FB3001C8FB200188FB1001477
94948 +:109B80008FB0001000A0102103E0000827BD0038AE
94949 +:109B900000C020210E000F99028028218E4B00105A
94950 +:109BA0008E4C00308F84003824090002016C502351
94951 +:109BB000AE4A0010A089000096E3005C8E4400309D
94952 +:109BC0008F9100380E000FF43070FFFF00024380C9
94953 +:109BD000020838253C02420000E22825AE25000498
94954 +:109BE0008E5F00048F8A00388E590000240B000815
94955 +:109BF000AD5F001CAD590018AD40000CAD40001029
94956 +:109C00009246000A240400052408C00030D000FF5A
94957 +:109C1000A550001496580008A55800169251000A45
94958 +:109C20003C188008322F00FFA54F0020964E0008F8
94959 +:109C300037110100A54E0022AD400024924D000BCB
94960 +:109C400031AC00FFA54C0002A14B00018E49003051
94961 +:109C50008F830038240BFFBFAC690008A06400307C
94962 +:109C60008F9000382403FFDF9607003200E8282495
94963 +:109C700000B51025A6020032921F003233F9003FD2
94964 +:109C800037260040A20600328F8C0038AD800034A9
94965 +:109C90008E2F00D0AD8F0038918E003C3C0F7FFF9F
94966 +:109CA00031CD007FA18D003C8F84003835EEFFFF61
94967 +:109CB000908A003C014B4824A089003C8F850038E5
94968 +:109CC00090A8003C01033824A0A7003C8E42003439
94969 +:109CD0008F9100383C038008AE2200408E59002C42
94970 +:109CE0008E5F0030033F3023AE26004492300048A0
94971 +:109CF0003218007FA23800488F8800388E4D00301F
94972 +:109D00008D0C004801AE582401965024014B482583
94973 +:109D1000AD0900489244000AA104004C964700088F
94974 +:109D20008F850038A4A7004E8E5000308E4400303E
94975 +:109D30000E0003818C65006092F9007C0002F940FE
94976 +:109D4000004028210002110003E2302133360002D6
94977 +:109D500012C00003020680210005B0800216802197
94978 +:109D6000926D007C31B30004126000020005708027
94979 +:109D7000020E80218E4B00308F8800382405800031
94980 +:109D8000316A0003000A4823312400030204182129
94981 +:109D9000AD03003496E4007A96F0007A96F1007AEA
94982 +:109DA00032027FFF2447000130FF7FFF0225C824D5
94983 +:109DB000033F3025A6E6007A96F8007A3C120800A8
94984 +:109DC0008E520060330F7FFF11F200180000000078
94985 +:109DD0008F8400A00E000FCE02A028218F8400A047
94986 +:109DE0000E000FDE028028210E001013000000007C
94987 +:109DF0000A00111F0000000096F1007A022480245E
94988 +:109E0000A6F0007A92EF007A92EB007A31EE00FF32
94989 +:109E1000000E69C2000D6027000C51C03169007F3F
94990 +:109E2000012A20250A001119A2E4007A96E6007A98
94991 +:109E300000C5C024A6F8007A92EF007A92F3007A67
94992 +:109E400031F200FF001271C2000E6827000DB1C090
94993 +:109E5000326C007F01962825A2E5007A0A0011D015
94994 +:109E60008F8400A03C0380003084FFFF30A5FFFFFB
94995 +:109E7000AC640018AC65001C03E000088C620014A0
94996 +:109E800027BDFFA03C068008AFBF005CAFBE0058F6
94997 +:109E9000AFB70054AFB60050AFB5004CAFB40048F8
94998 +:109EA000AFB30044AFB20040AFB1003CAFB0003838
94999 +:109EB00034C80100910500D590C700083084FFFF29
95000 +:109EC00030A500FF30E2007F0045182AAFA4001043
95001 +:109ED000A7A00018A7A0002610600055AFA000148E
95002 +:109EE00090CA00083149007F00A9302324D3FFFF26
95003 +:109EF0000013802B8FB400100014902B02128824C2
95004 +:109F0000522000888FB300143C03800894790052DB
95005 +:109F1000947E00508FB60010033EC0230018BC0092
95006 +:109F2000001714030016FC0002C2A82A16A00002A3
95007 +:109F3000001F2C030040282100133C0000072403CD
95008 +:109F400000A4102A5440000100A020212885000907
95009 +:109F500014A000020080A021241400083C0C8008FA
95010 +:109F60008D860048001459808D88004C3C03800089
95011 +:109F70003169FFFF3C0A0010012A202534710400DA
95012 +:109F8000AC660038AF9100A4AC68003CAC64003013
95013 +:109F900000000000000000000000000000000000C1
95014 +:109FA00000000000000000000000000000000000B1
95015 +:109FB0008C6E000031CD002011A0FFFD0014782A26
95016 +:109FC00001F01024104000390000A8213C16800840
95017 +:109FD00092D700083C1280008E44010032F6007FC8
95018 +:109FE0000E000F9902C028218E3900108E44010006
95019 +:109FF0000000902133373FFF0E000FB102E028210F
95020 +:10A00000923800003302003F2C500008520000102C
95021 +:10A0100000008821000210803C030800246358E4FB
95022 +:10A020000043F8218FFE000003C00008000000007C
95023 +:10A0300090CF0008938C00AB31EE007F00AE682318
95024 +:10A04000018D58210A0012172573FFFF0000882197
95025 +:10A050003C1E80008FC401000E000FCE02E02821BC
95026 +:10A060008FC401000E000FDE02C028211220000F55
95027 +:10A070000013802B8F8B00A426A400010004AC00E9
95028 +:10A08000027298230015AC032578004002B4B02A70
95029 +:10A090000013802B241700010300882102D0102414
95030 +:10A0A000AF9800A41440FFC9AFB700143C07800864
95031 +:10A0B00094E200508FAE00103C05800002A288217F
95032 +:10A0C0003C060020A4F10050ACA6003094F40050EF
95033 +:10A0D00094EF005201D51823306CFFFF11F4001EDD
95034 +:10A0E000AFAC00108CEF004C001561808CF500487F
95035 +:10A0F00001EC28210000202100AC582B02A4C02133
95036 +:10A10000030BB021ACE5004CACF600488FB4001056
95037 +:10A110000014902B021288241620FF7C3C03800838
95038 +:10A120008FB300148FBF005C8FBE00583A620001ED
95039 +:10A130008FB700548FB600508FB5004C8FB40048D5
95040 +:10A140008FB300448FB200408FB1003C8FB0003815
95041 +:10A1500003E0000827BD006094FE00548CF2004428
95042 +:10A1600033C9FFFE0009C8C00259F821ACBF003C4A
95043 +:10A170008CE800448CAD003C010D50231940003B9D
95044 +:10A18000000000008CF7004026E20001ACA200387D
95045 +:10A190003C05005034A700103C038000AC67003041
95046 +:10A1A00000000000000000000000000000000000AF
95047 +:10A1B000000000000000000000000000000000009F
95048 +:10A1C0008C7800003316002012C0FFFD3C1180087F
95049 +:10A1D000962200543C1580003C068008304E000159
95050 +:10A1E000000E18C0007578218DEC04003C070800B3
95051 +:10A1F0008CE700443C040020ACCC00488DF40404FF
95052 +:10A20000240B0001ACD4004C10EB0260AEA4003073
95053 +:10A21000963900523C0508008CA5004000B99021F9
95054 +:10A22000A6320052963F005427ED0001A62D00549F
95055 +:10A230009626005430C4FFFF5487FF2F8FB40010C0
95056 +:10A2400030A5FFFF0E0011F4A62000543C070800C3
95057 +:10A250008CE70024963E00520047B82303D74823DA
95058 +:10A26000A62900520A0012198FB400108CE2004097
95059 +:10A270000A0012BE00000000922400012407000121
95060 +:10A280003085007F14A7001C97AD00268E2B00148C
95061 +:10A29000240CC000316A3FFF01AC48243C06080092
95062 +:10A2A0008CC60060012A402531043FFF0086882BC0
95063 +:10A2B00012200011A7A800263C0508008CA5005814
95064 +:10A2C0008F9100A0000439802402FF8000B1182182
95065 +:10A2D0000067F82103E2F02433F8007F3C1280008D
95066 +:10A2E0003C19800EAE5E002C0319702191D0000D38
95067 +:10A2F000360F0004A1CF000D0E001028241200011B
95068 +:10A30000241100013C1E80008FC401000E000FCEFE
95069 +:10A3100002E028218FC401000E000FDE02C02821B8
95070 +:10A320001620FF558F8B00A40A0012860013802B85
95071 +:10A330008F8600A490C80001310400201080019194
95072 +:10A34000241000013C048008348B0080916A007C5A
95073 +:10A350008F9E0034AFA0002C314900011120000F66
95074 +:10A36000AFB000288CCD00148C8E006001AE602B45
95075 +:10A370001580000201A038218C8700603C188008FD
95076 +:10A38000370300808C70007000F0782B15E000021D
95077 +:10A3900000E020218C640070AFA4002C3C028008F7
95078 +:10A3A000344500808CD200148CBF0070025FC82B33
95079 +:10A3B00017200002024020218CA400708FA7002CDF
95080 +:10A3C0000087182310600003AFA3003024050002AB
95081 +:10A3D000AFA500288FA400280264882B162000BA9D
95082 +:10A3E000000018218CD000388FCE000C3C0F00806C
95083 +:10A3F000AFD000008CCD00343C0CFF9F01CF58251E
95084 +:10A40000AFCD000490CA003F3586FFFF01662024CF
95085 +:10A410003C0900203C08FFEFA3CA000B0089382547
95086 +:10A420003511FFFF00F118243C0500088F8700A4B8
95087 +:10A430000065C825AFD9000C8CE20014AFC000182D
95088 +:10A440008FA60030AFC200148CF800188FB0002C1B
95089 +:10A450003C1FFFFBAFD8001C8CEF000837F2FFFF5A
95090 +:10A4600003326824AFCF00248CEC000C020670216C
95091 +:10A47000AFCD000CA7C00038A7C0003AAFCE002C6B
95092 +:10A48000AFCC0020AFC000288CEA00148FAB002CAA
95093 +:10A49000014B48230126402311000011AFC80010D2
95094 +:10A4A00090EB003D8FC900048FC80000000B5100E5
95095 +:10A4B000012A28210000102100AA882B010218215E
95096 +:10A4C0000071F821AFC50004AFDF000090F2003D3D
95097 +:10A4D000A3D2000A8F9900A497380006A7D80008D5
95098 +:10A4E0008F910038240800023C038008A228000055
95099 +:10A4F0003465008094BF005C8FA4002C33F0FFFF14
95100 +:10A500000E000FF48F9200380002CB808F8500A4DC
95101 +:10A51000021978253C18420001F87025AE4E00045F
95102 +:10A520008F8400388CAD0038AC8D00188CAC0034B2
95103 +:10A53000AC8C001CAC80000CAC800010A48000141B
95104 +:10A54000A4800016A4800020A4800022AC800024F7
95105 +:10A5500090A6003F8FA7002CA486000250E0019235
95106 +:10A56000240700018FA200305040000290A2003D5D
95107 +:10A5700090A2003E244A0001A08A00018F84003886
95108 +:10A580008FA9002CAC8900083C128008364D008051
95109 +:10A5900091AC007C3186000214C000022407003414
95110 +:10A5A000240700308F8500A43C198008373F0080C5
95111 +:10A5B00090B0000093F9007C240E0004A0900030BD
95112 +:10A5C0008F8F00A48FB8002C8F8D003891F200017E
95113 +:10A5D0003304000301C46023A1B200318F8E003820
95114 +:10A5E0008F8600A42402C00095CA003294C90012CC
95115 +:10A5F0008FAB002C0142402431233FFF010388250B
95116 +:10A60000A5D1003291D000323185000300EBF82152
95117 +:10A610003218003F370F0040A1CF00328FA4002C2A
95118 +:10A6200003E5382133280004108000028F850038AC
95119 +:10A6300000E838213C0A8008ACA700343549010005
95120 +:10A640008D2800D08FA3002C2419FFBFACA80038A0
95121 +:10A6500090B1003C2C640001240FFFDF3227007F03
95122 +:10A66000A0A7003C8F98003800049140931F003C45
95123 +:10A6700003F98024A310003C8F8C0038918E003C9D
95124 +:10A6800001CF682401B23025A186003C8F8900A447
95125 +:10A690008F8800388D2B0020AD0B00408D220024C8
95126 +:10A6A000AD0200448D2A0028AD0A00488D23002CFD
95127 +:10A6B0000E001013AD03004C8FB1002824070002D8
95128 +:10A6C000122700118FA300280003282B00058023E8
95129 +:10A6D0000270982400608021006090210A00126FAF
95130 +:10A6E0000010882B962900128F8400A00000902172
95131 +:10A6F0003125FFFFA7A900180E000FC22411000189
95132 +:10A700000A00131D3C1E80003C0B80003C12800898
95133 +:10A710008D640100924900088F92FF340E000F995A
95134 +:10A720003125007F8F9900388FA700288FA4003033
95135 +:10A73000A3270000965F005C33F0FFFF0E000FF4CC
95136 +:10A740008F91003800026B80020D80253C0842008A
95137 +:10A750008F8D00A402085025AE2A00048DA5003874
95138 +:10A760008F8A003800007821000F1100AD450018D5
95139 +:10A770008DB800343C047FFF3488FFFFAD58001CC7
95140 +:10A7800091A6003E8D4C001C8D4900180006190052
95141 +:10A79000000677020183C821004E58250323882B29
95142 +:10A7A000012B382100F1F821AD59001CAD5F0018D4
95143 +:10A7B000AD40000CAD40001091B0003E8FA40030C1
95144 +:10A7C00024090005A550001495A500042419C00013
95145 +:10A7D00000884024A545001691B8003EA5580020E9
95146 +:10A7E00095AF0004A54F0022AD40002491AE003F7C
95147 +:10A7F000A54E000291A6003E91AC003D01861023BB
95148 +:10A80000244B0001A14B00018F9100388FA3003031
95149 +:10A810003C028008344B0100AE230008A22900301E
95150 +:10A820008F8C00388F8700A4959F003294F000121F
95151 +:10A830002407FFBF033FC02432053FFF03057825EF
95152 +:10A84000A58F0032918E00322418FFDF31CD003FFA
95153 +:10A8500035A60040A18600328F910038240DFFFFFD
95154 +:10A86000240CFF80AE2000348D6A00D0AE2A003860
95155 +:10A870009223003C3069007FA229003C8F90003871
95156 +:10A880003C0380009219003C0327F824A21F003CDF
95157 +:10A890008F8E003891C5003C00B87824A1CF003CD1
95158 +:10A8A0008F8A00383C0E8008AD4D00408FA6002CEA
95159 +:10A8B000AD46004491420048004C5825A14B004849
95160 +:10A8C0008F9000388F9900A48E09004801238824B6
95161 +:10A8D00002283825AE070048933F003EA21F004CD7
95162 +:10A8E0008F9800A48F8F003897050004A5E5004ECF
95163 +:10A8F0000E0003818DC500609246007C8FAC003055
95164 +:10A9000000026940000291000040282130CB000283
95165 +:10A9100001B21021156000AA018230213C0E80088E
95166 +:10A9200035C20080904C007C31830004106000032D
95167 +:10A930008FB900300005788000CF3021241F00043B
95168 +:10A940008F910038332D000303ED8023320800037C
95169 +:10A9500000C85021AE2A00343C188000A7C500383A
95170 +:10A960003C0680088F04010090DE00080E000FDE18
95171 +:10A9700033C5007F0E001013000000000A00140D04
95172 +:10A980008FA300288F9800348CC90038241F00033F
95173 +:10A99000A7000008AF0900008CC50034A300000A1E
95174 +:10A9A0008F9900A4AF0500043C080080932D003F60
95175 +:10A9B000A31F000C8F0A000C3C02FF9FA30D000B8D
95176 +:10A9C0000148F0253451FFFF3C12FFEF8F9900A49E
95177 +:10A9D00003D170243646FFFF01C61824AF03000CD4
95178 +:10A9E0008F2C0014972900128F8400A0AF0C001048
95179 +:10A9F0008F2F0014AF000018AF000020AF0F00141D
95180 +:10AA0000AF0000248F270018312F3FFF000F59801F
95181 +:10AA1000AF0700288F2500080164F821312D0001BF
95182 +:10AA2000AF0500308F31000C8F920038001F51C2EB
95183 +:10AA3000000D438001481021241E00023C068008BE
95184 +:10AA4000A702001CA7000034AF11002CA25E00007A
95185 +:10AA500034D20080964E005C8F9900383C0342004F
95186 +:10AA600031CCFFFF01833825AF2700048F8B00A472
95187 +:10AA7000240500012402C0008D640038240700343E
95188 +:10AA8000AF2400188D690034AF29001CAF20000CE2
95189 +:10AA9000AF200010A7200014A7200016A720002038
95190 +:10AAA000A7200022AF200024A7300002A325000128
95191 +:10AAB0008F8800388F9F00A4AD10000893ED000030
95192 +:10AAC000A10D00308F8A00A48F98003891510001A9
95193 +:10AAD000A31100318F8B0038957E003203C27024A1
95194 +:10AAE00001CF6025A56C0032916300323064003FD5
95195 +:10AAF000A16400329249007C3125000214A00002BA
95196 +:10AB00008F840038240700303C198008AC8700345B
95197 +:10AB1000373201008E5F00D0240AFFBF020090216F
95198 +:10AB2000AC9F0038908D003C31A8007FA088003C8D
95199 +:10AB30008F9E003893C2003C004A8824A3D1003C79
95200 +:10AB40008F8300380010882B9066003C34CE0020A4
95201 +:10AB5000A06E003C8F8400A48F9800388C8C00205D
95202 +:10AB6000AF0C00408C8F0024AF0F00448C8700286E
95203 +:10AB7000AF0700488C8B002CAF0B004C0E0010135D
95204 +:10AB80003C1E80000A0012700000000094C80052B1
95205 +:10AB90003C0A08008D4A002401488821A4D10052B3
95206 +:10ABA0000A0012198FB40010A08700018F840038AA
95207 +:10ABB000240B0001AC8B00080A0013BE3C12800875
95208 +:10ABC000000520800A0014A200C4302127BDFFE048
95209 +:10ABD0003C0D8008AFB20018AFB00010AFBF001C32
95210 +:10ABE000AFB1001435B200808E4C001835A80100BA
95211 +:10ABF000964B000695A70050910900FC000C5602E8
95212 +:10AC0000016728233143007F312600FF240200031F
95213 +:10AC1000AF8300A8AF8400A010C2001B30B0FFFFBC
95214 +:10AC2000910600FC2412000530C200FF10520033D0
95215 +:10AC300000000000160000098FBF001C8FB2001832
95216 +:10AC40008FB100148FB00010240D0C003C0C80005C
95217 +:10AC500027BD002003E00008AD8D00240E0011FB8D
95218 +:10AC6000020020218FBF001C8FB200188FB100148A
95219 +:10AC70008FB00010240D0C003C0C800027BD00207C
95220 +:10AC800003E00008AD8D0024965800789651007AB4
95221 +:10AC9000924E007D0238782631E8FFFF31C400C0B3
95222 +:10ACA000148000092D11000116000037000000007B
95223 +:10ACB0005620FFE28FBF001C0E0010D100000000E4
95224 +:10ACC0000A00156A8FBF001C1620FFDA0000000082
95225 +:10ACD0000E0010D1000000001440FFD88FBF001CF0
95226 +:10ACE0001600002200000000925F007D33E2003F6A
95227 +:10ACF000A242007D0A00156A8FBF001C950900EA78
95228 +:10AD00008F86008000802821240400050E0007257E
95229 +:10AD10003130FFFF978300923C0480002465FFFFE1
95230 +:10AD2000A78500928C8A01B80540FFFE0000000054
95231 +:10AD3000AC8001808FBF001CAC9001848FB20018E2
95232 +:10AD40008FB100148FB000103C0760133C0B100053
95233 +:10AD5000240D0C003C0C800027BD0020AC8701882E
95234 +:10AD6000AC8B01B803E00008AD8D00240E0011FB90
95235 +:10AD7000020020215040FFB18FBF001C925F007D78
95236 +:10AD80000A00159733E2003F0E0011FB020020215C
95237 +:10AD90001440FFAA8FBF001C122000070000000013
95238 +:10ADA0009259007D3330003F36020040A242007DC0
95239 +:10ADB0000A00156A8FBF001C0E0010D100000000B1
95240 +:10ADC0005040FF9E8FBF001C9259007D3330003FE2
95241 +:10ADD0000A0015C636020040000000000000001BFB
95242 +:10ADE0000000000F0000000A00000008000000063C
95243 +:10ADF0000000000500000005000000040000000441
95244 +:10AE00000000000300000003000000030000000336
95245 +:10AE10000000000300000002000000020000000229
95246 +:10AE2000000000020000000200000002000000021A
95247 +:10AE3000000000020000000200000002000000020A
95248 +:10AE400000000002000000020000000200000002FA
95249 +:10AE50000000000100000001000000018008010066
95250 +:10AE6000800800808008000000000C000000308096
95251 +:10AE7000080011D00800127C08001294080012A8E3
95252 +:10AE8000080012BC080011D0080011D0080012F010
95253 +:10AE90000800132C080013400800138808001A8CBF
95254 +:10AEA00008001A8C08001AC408001AC408001AD82E
95255 +:10AEB00008001AA808001D0008001CCC08001D5836
95256 +:10AEC00008001D5808001DE008001D108008024001
95257 +:10AED000080027340800256C0800275C080027F4C8
95258 +:10AEE0000800293C0800298808002AAC080029B479
95259 +:10AEF00008002A38080025DC08002EDC08002EA4F3
95260 +:10AF000008002588080025880800258808002B20CF
95261 +:10AF100008002B20080025880800258808002DD06F
95262 +:10AF2000080025880800258808002588080025884D
95263 +:10AF300008002E0C080025880800258808002588B0
95264 +:10AF4000080025880800258808002588080025882D
95265 +:10AF5000080025880800258808002588080025881D
95266 +:10AF6000080025880800258808002588080029A8E9
95267 +:10AF7000080025880800258808002E680800258814
95268 +:10AF800008002588080025880800258808002588ED
95269 +:10AF900008002588080025880800258808002588DD
95270 +:10AFA00008002588080025880800258808002588CD
95271 +:10AFB00008002588080025880800258808002588BD
95272 +:10AFC00008002CF4080025880800258808002C6853
95273 +:10AFD00008002BC408003CE408003CB808003C848E
95274 +:10AFE00008003C5808003C3808003BEC8008010091
95275 +:10AFF00080080080800800008008008008004C6401
95276 +:10B0000008004C9C08004BE408004C6408004C64A9
95277 +:10B01000080049B808004C64080050500A000C842D
95278 +:10B0200000000000000000000000000D7278703683
95279 +:10B030002E322E31620000000602010300000000E3
95280 +:10B0400000000001000000000000000000000000FF
95281 +:10B0500000000000000000000000000000000000F0
95282 +:10B0600000000000000000000000000000000000E0
95283 +:10B0700000000000000000000000000000000000D0
95284 +:10B0800000000000000000000000000000000000C0
95285 +:10B0900000000000000000000000000000000000B0
95286 +:10B0A00000000000000000000000000000000000A0
95287 +:10B0B0000000000000000000000000000000000090
95288 +:10B0C0000000000000000000000000000000000080
95289 +:10B0D0000000000000000000000000000000000070
95290 +:10B0E0000000000000000000000000000000000060
95291 +:10B0F0000000000000000000000000000000000050
95292 +:10B10000000000000000000000000000000000003F
95293 +:10B11000000000000000000000000000000000002F
95294 +:10B12000000000000000000000000000000000001F
95295 +:10B13000000000000000000000000000000000000F
95296 +:10B1400000000000000000000000000000000000FF
95297 +:10B1500000000000000000000000000000000000EF
95298 +:10B1600000000000000000000000000000000000DF
95299 +:10B1700000000000000000000000000000000000CF
95300 +:10B1800000000000000000000000000000000000BF
95301 +:10B1900000000000000000000000000000000000AF
95302 +:10B1A000000000000000000000000000000000009F
95303 +:10B1B000000000000000000000000000000000008F
95304 +:10B1C000000000000000000000000000000000007F
95305 +:10B1D000000000000000000000000000000000006F
95306 +:10B1E000000000000000000000000000000000005F
95307 +:10B1F000000000000000000000000000000000004F
95308 +:10B20000000000000000000000000000000000003E
95309 +:10B21000000000000000000000000000000000002E
95310 +:10B22000000000000000000000000000000000001E
95311 +:10B23000000000000000000000000000000000000E
95312 +:10B2400000000000000000000000000000000000FE
95313 +:10B2500000000000000000000000000000000000EE
95314 +:10B2600000000000000000000000000000000000DE
95315 +:10B2700000000000000000000000000000000000CE
95316 +:10B2800000000000000000000000000000000000BE
95317 +:10B2900000000000000000000000000000000000AE
95318 +:10B2A000000000000000000000000000000000009E
95319 +:10B2B000000000000000000000000000000000008E
95320 +:10B2C000000000000000000000000000000000007E
95321 +:10B2D000000000000000000000000000000000006E
95322 +:10B2E000000000000000000000000000000000005E
95323 +:10B2F000000000000000000000000000000000004E
95324 +:10B30000000000000000000000000000000000003D
95325 +:10B31000000000000000000000000000000000002D
95326 +:10B32000000000000000000000000000000000001D
95327 +:10B33000000000000000000000000000000000000D
95328 +:10B3400000000000000000000000000000000000FD
95329 +:10B3500000000000000000000000000000000000ED
95330 +:10B3600000000000000000000000000000000000DD
95331 +:10B3700000000000000000000000000000000000CD
95332 +:10B3800000000000000000000000000000000000BD
95333 +:10B3900000000000000000000000000000000000AD
95334 +:10B3A000000000000000000000000000000000009D
95335 +:10B3B000000000000000000000000000000000008D
95336 +:10B3C000000000000000000000000000000000007D
95337 +:10B3D000000000000000000000000000000000006D
95338 +:10B3E000000000000000000000000000000000005D
95339 +:10B3F000000000000000000000000000000000004D
95340 +:10B40000000000000000000000000000000000003C
95341 +:10B41000000000000000000000000000000000002C
95342 +:10B42000000000000000000000000000000000001C
95343 +:10B43000000000000000000000000000000000000C
95344 +:10B4400000000000000000000000000000000000FC
95345 +:10B4500000000000000000000000000000000000EC
95346 +:10B4600000000000000000000000000000000000DC
95347 +:10B4700000000000000000000000000000000000CC
95348 +:10B4800000000000000000000000000000000000BC
95349 +:10B4900000000000000000000000000000000000AC
95350 +:10B4A000000000000000000000000000000000009C
95351 +:10B4B000000000000000000000000000000000008C
95352 +:10B4C000000000000000000000000000000000007C
95353 +:10B4D000000000000000000000000000000000006C
95354 +:10B4E000000000000000000000000000000000005C
95355 +:10B4F000000000000000000000000000000000004C
95356 +:10B50000000000000000000000000000000000003B
95357 +:10B51000000000000000000000000000000000002B
95358 +:10B52000000000000000000000000000000000001B
95359 +:10B53000000000000000000000000000000000000B
95360 +:10B5400000000000000000000000000000000000FB
95361 +:10B5500000000000000000000000000000000000EB
95362 +:10B5600000000000000000000000000000000000DB
95363 +:10B5700000000000000000000000000000000000CB
95364 +:10B5800000000000000000000000000000000000BB
95365 +:10B5900000000000000000000000000000000000AB
95366 +:10B5A000000000000000000000000000000000009B
95367 +:10B5B000000000000000000000000000000000008B
95368 +:10B5C000000000000000000000000000000000007B
95369 +:10B5D000000000000000000000000000000000006B
95370 +:10B5E000000000000000000000000000000000005B
95371 +:10B5F000000000000000000000000000000000004B
95372 +:10B60000000000000000000000000000000000003A
95373 +:10B61000000000000000000000000000000000002A
95374 +:10B62000000000000000000000000000000000001A
95375 +:10B63000000000000000000000000000000000000A
95376 +:10B6400000000000000000000000000000000000FA
95377 +:10B6500000000000000000000000000000000000EA
95378 +:10B6600000000000000000000000000000000000DA
95379 +:10B6700000000000000000000000000000000000CA
95380 +:10B6800000000000000000000000000000000000BA
95381 +:10B6900000000000000000000000000000000000AA
95382 +:10B6A000000000000000000000000000000000009A
95383 +:10B6B000000000000000000000000000000000008A
95384 +:10B6C000000000000000000000000000000000007A
95385 +:10B6D000000000000000000000000000000000006A
95386 +:10B6E000000000000000000000000000000000005A
95387 +:10B6F000000000000000000000000000000000004A
95388 +:10B700000000000000000000000000000000000039
95389 +:10B710000000000000000000000000000000000029
95390 +:10B720000000000000000000000000000000000019
95391 +:10B730000000000000000000000000000000000009
95392 +:10B7400000000000000000000000000000000000F9
95393 +:10B7500000000000000000000000000000000000E9
95394 +:10B7600000000000000000000000000000000000D9
95395 +:10B7700000000000000000000000000000000000C9
95396 +:10B7800000000000000000000000000000000000B9
95397 +:10B7900000000000000000000000000000000000A9
95398 +:10B7A0000000000000000000000000000000000099
95399 +:10B7B0000000000000000000000000000000000089
95400 +:10B7C0000000000000000000000000000000000079
95401 +:10B7D0000000000000000000000000000000000069
95402 +:10B7E0000000000000000000000000000000000059
95403 +:10B7F0000000000000000000000000000000000049
95404 +:10B800000000000000000000000000000000000038
95405 +:10B810000000000000000000000000000000000028
95406 +:10B820000000000000000000000000000000000018
95407 +:10B830000000000000000000000000000000000008
95408 +:10B8400000000000000000000000000000000000F8
95409 +:10B8500000000000000000000000000000000000E8
95410 +:10B8600000000000000000000000000000000000D8
95411 +:10B8700000000000000000000000000000000000C8
95412 +:10B8800000000000000000000000000000000000B8
95413 +:10B8900000000000000000000000000000000000A8
95414 +:10B8A0000000000000000000000000000000000098
95415 +:10B8B0000000000000000000000000000000000088
95416 +:10B8C0000000000000000000000000000000000078
95417 +:10B8D0000000000000000000000000000000000068
95418 +:10B8E0000000000000000000000000000000000058
95419 +:10B8F0000000000000000000000000000000000048
95420 +:10B900000000000000000000000000000000000037
95421 +:10B910000000000000000000000000000000000027
95422 +:10B920000000000000000000000000000000000017
95423 +:10B930000000000000000000000000000000000007
95424 +:10B9400000000000000000000000000000000000F7
95425 +:10B9500000000000000000000000000000000000E7
95426 +:10B9600000000000000000000000000000000000D7
95427 +:10B9700000000000000000000000000000000000C7
95428 +:10B9800000000000000000000000000000000000B7
95429 +:10B9900000000000000000000000000000000000A7
95430 +:10B9A0000000000000000000000000000000000097
95431 +:10B9B0000000000000000000000000000000000087
95432 +:10B9C0000000000000000000000000000000000077
95433 +:10B9D0000000000000000000000000000000000067
95434 +:10B9E0000000000000000000000000000000000057
95435 +:10B9F0000000000000000000000000000000000047
95436 +:10BA00000000000000000000000000000000000036
95437 +:10BA10000000000000000000000000000000000026
95438 +:10BA20000000000000000000000000000000000016
95439 +:10BA30000000000000000000000000000000000006
95440 +:10BA400000000000000000000000000000000000F6
95441 +:10BA500000000000000000000000000000000000E6
95442 +:10BA600000000000000000000000000000000000D6
95443 +:10BA700000000000000000000000000000000000C6
95444 +:10BA800000000000000000000000000000000000B6
95445 +:10BA900000000000000000000000000000000000A6
95446 +:10BAA0000000000000000000000000000000000096
95447 +:10BAB0000000000000000000000000000000000086
95448 +:10BAC0000000000000000000000000000000000076
95449 +:10BAD0000000000000000000000000000000000066
95450 +:10BAE0000000000000000000000000000000000056
95451 +:10BAF0000000000000000000000000000000000046
95452 +:10BB00000000000000000000000000000000000035
95453 +:10BB10000000000000000000000000000000000025
95454 +:10BB20000000000000000000000000000000000015
95455 +:10BB30000000000000000000000000000000000005
95456 +:10BB400000000000000000000000000000000000F5
95457 +:10BB500000000000000000000000000000000000E5
95458 +:10BB600000000000000000000000000000000000D5
95459 +:10BB700000000000000000000000000000000000C5
95460 +:10BB800000000000000000000000000000000000B5
95461 +:10BB900000000000000000000000000000000000A5
95462 +:10BBA0000000000000000000000000000000000095
95463 +:10BBB0000000000000000000000000000000000085
95464 +:10BBC0000000000000000000000000000000000075
95465 +:10BBD0000000000000000000000000000000000065
95466 +:10BBE0000000000000000000000000000000000055
95467 +:10BBF0000000000000000000000000000000000045
95468 +:10BC00000000000000000000000000000000000034
95469 +:10BC10000000000000000000000000000000000024
95470 +:10BC20000000000000000000000000000000000014
95471 +:10BC30000000000000000000000000000000000004
95472 +:10BC400000000000000000000000000000000000F4
95473 +:10BC500000000000000000000000000000000000E4
95474 +:10BC600000000000000000000000000000000000D4
95475 +:10BC700000000000000000000000000000000000C4
95476 +:10BC800000000000000000000000000000000000B4
95477 +:10BC900000000000000000000000000000000000A4
95478 +:10BCA0000000000000000000000000000000000094
95479 +:10BCB0000000000000000000000000000000000084
95480 +:10BCC0000000000000000000000000000000000074
95481 +:10BCD0000000000000000000000000000000000064
95482 +:10BCE0000000000000000000000000000000000054
95483 +:10BCF0000000000000000000000000000000000044
95484 +:10BD00000000000000000000000000000000000033
95485 +:10BD10000000000000000000000000000000000023
95486 +:10BD20000000000000000000000000000000000013
95487 +:10BD30000000000000000000000000000000000003
95488 +:10BD400000000000000000000000000000000000F3
95489 +:10BD500000000000000000000000000000000000E3
95490 +:10BD600000000000000000000000000000000000D3
95491 +:10BD700000000000000000000000000000000000C3
95492 +:10BD800000000000000000000000000000000000B3
95493 +:10BD900000000000000000000000000000000000A3
95494 +:10BDA0000000000000000000000000000000000093
95495 +:10BDB0000000000000000000000000000000000083
95496 +:10BDC0000000000000000000000000000000000073
95497 +:10BDD0000000000000000000000000000000000063
95498 +:10BDE0000000000000000000000000000000000053
95499 +:10BDF0000000000000000000000000000000000043
95500 +:10BE00000000000000000000000000000000000032
95501 +:10BE10000000000000000000000000000000000022
95502 +:10BE20000000000000000000000000000000000012
95503 +:10BE30000000000000000000000000000000000002
95504 +:10BE400000000000000000000000000000000000F2
95505 +:10BE500000000000000000000000000000000000E2
95506 +:10BE600000000000000000000000000000000000D2
95507 +:10BE700000000000000000000000000000000000C2
95508 +:10BE800000000000000000000000000000000000B2
95509 +:10BE900000000000000000000000000000000000A2
95510 +:10BEA0000000000000000000000000000000000092
95511 +:10BEB0000000000000000000000000000000000082
95512 +:10BEC0000000000000000000000000000000000072
95513 +:10BED0000000000000000000000000000000000062
95514 +:10BEE0000000000000000000000000000000000052
95515 +:10BEF0000000000000000000000000000000000042
95516 +:10BF00000000000000000000000000000000000031
95517 +:10BF10000000000000000000000000000000000021
95518 +:10BF20000000000000000000000000000000000011
95519 +:10BF30000000000000000000000000000000000001
95520 +:10BF400000000000000000000000000000000000F1
95521 +:10BF500000000000000000000000000000000000E1
95522 +:10BF600000000000000000000000000000000000D1
95523 +:10BF700000000000000000000000000000000000C1
95524 +:10BF800000000000000000000000000000000000B1
95525 +:10BF900000000000000000000000000000000000A1
95526 +:10BFA0000000000000000000000000000000000091
95527 +:10BFB0000000000000000000000000000000000081
95528 +:10BFC0000000000000000000000000000000000071
95529 +:10BFD0000000000000000000000000000000000061
95530 +:10BFE0000000000000000000000000000000000051
95531 +:10BFF0000000000000000000000000000000000041
95532 +:10C000000000000000000000000000000000000030
95533 +:10C010000000000000000000000000000000000020
95534 +:10C020000000000000000000000000000000000010
95535 +:10C030000000000000000000000000000000000000
95536 +:10C0400000000000000000000000000000000000F0
95537 +:10C0500000000000000000000000000000000000E0
95538 +:10C0600000000000000000000000000000000000D0
95539 +:10C0700000000000000000000000000000000000C0
95540 +:10C0800000000000000000000000000000000000B0
95541 +:10C0900000000000000000000000000000000000A0
95542 +:10C0A0000000000000000000000000000000000090
95543 +:10C0B0000000000000000000000000000000000080
95544 +:10C0C0000000000000000000000000000000000070
95545 +:10C0D0000000000000000000000000000000000060
95546 +:10C0E0000000000000000000000000000000000050
95547 +:10C0F0000000000000000000000000000000000040
95548 +:10C10000000000000000000000000000000000002F
95549 +:10C11000000000000000000000000000000000001F
95550 +:10C12000000000000000000000000000000000000F
95551 +:10C1300000000000000000000000000000000000FF
95552 +:10C1400000000000000000000000000000000000EF
95553 +:10C1500000000000000000000000000000000000DF
95554 +:10C1600000000000000000000000000000000000CF
95555 +:10C1700000000000000000000000000000000000BF
95556 +:10C1800000000000000000000000000000000000AF
95557 +:10C19000000000000000000000000000000000009F
95558 +:10C1A000000000000000000000000000000000008F
95559 +:10C1B000000000000000000000000000000000007F
95560 +:10C1C000000000000000000000000000000000006F
95561 +:10C1D000000000000000000000000000000000005F
95562 +:10C1E000000000000000000000000000000000004F
95563 +:10C1F000000000000000000000000000000000003F
95564 +:10C20000000000000000000000000000000000002E
95565 +:10C21000000000000000000000000000000000001E
95566 +:10C22000000000000000000000000000000000000E
95567 +:10C2300000000000000000000000000000000000FE
95568 +:10C2400000000000000000000000000000000000EE
95569 +:10C2500000000000000000000000000000000000DE
95570 +:10C2600000000000000000000000000000000000CE
95571 +:10C2700000000000000000000000000000000000BE
95572 +:10C2800000000000000000000000000000000000AE
95573 +:10C29000000000000000000000000000000000009E
95574 +:10C2A000000000000000000000000000000000008E
95575 +:10C2B000000000000000000000000000000000007E
95576 +:10C2C000000000000000000000000000000000006E
95577 +:10C2D000000000000000000000000000000000005E
95578 +:10C2E000000000000000000000000000000000004E
95579 +:10C2F000000000000000000000000000000000003E
95580 +:10C30000000000000000000000000000000000002D
95581 +:10C31000000000000000000000000000000000001D
95582 +:10C32000000000000000000000000000000000000D
95583 +:10C3300000000000000000000000000000000000FD
95584 +:10C3400000000000000000000000000000000000ED
95585 +:10C3500000000000000000000000000000000000DD
95586 +:10C3600000000000000000000000000000000000CD
95587 +:10C3700000000000000000000000000000000000BD
95588 +:10C3800000000000000000000000000000000000AD
95589 +:10C39000000000000000000000000000000000009D
95590 +:10C3A000000000000000000000000000000000008D
95591 +:10C3B000000000000000000000000000000000007D
95592 +:10C3C000000000000000000000000000000000006D
95593 +:10C3D000000000000000000000000000000000005D
95594 +:10C3E000000000000000000000000000000000004D
95595 +:10C3F000000000000000000000000000000000003D
95596 +:10C40000000000000000000000000000000000002C
95597 +:10C41000000000000000000000000000000000001C
95598 +:10C42000000000000000000000000000000000000C
95599 +:10C4300000000000000000000000000000000000FC
95600 +:10C4400000000000000000000000000000000000EC
95601 +:10C4500000000000000000000000000000000000DC
95602 +:10C4600000000000000000000000000000000000CC
95603 +:10C4700000000000000000000000000000000000BC
95604 +:10C4800000000000000000000000000000000000AC
95605 +:10C49000000000000000000000000000000000009C
95606 +:10C4A000000000000000000000000000000000008C
95607 +:10C4B000000000000000000000000000000000007C
95608 +:10C4C000000000000000000000000000000000006C
95609 +:10C4D000000000000000000000000000000000005C
95610 +:10C4E000000000000000000000000000000000004C
95611 +:10C4F000000000000000000000000000000000003C
95612 +:10C50000000000000000000000000000000000002B
95613 +:10C51000000000000000000000000000000000001B
95614 +:10C52000000000000000000000000000000000000B
95615 +:10C5300000000000000000000000000000000000FB
95616 +:10C5400000000000000000000000000000000000EB
95617 +:10C5500000000000000000000000000000000000DB
95618 +:10C5600000000000000000000000000000000000CB
95619 +:10C5700000000000000000000000000000000000BB
95620 +:10C5800000000000000000000000000000000000AB
95621 +:10C59000000000000000000000000000000000009B
95622 +:10C5A000000000000000000000000000000000008B
95623 +:10C5B000000000000000000000000000000000007B
95624 +:10C5C000000000000000000000000000000000006B
95625 +:10C5D000000000000000000000000000000000005B
95626 +:10C5E000000000000000000000000000000000004B
95627 +:10C5F000000000000000000000000000000000003B
95628 +:10C60000000000000000000000000000000000002A
95629 +:10C61000000000000000000000000000000000001A
95630 +:10C62000000000000000000000000000000000000A
95631 +:10C6300000000000000000000000000000000000FA
95632 +:10C6400000000000000000000000000000000000EA
95633 +:10C6500000000000000000000000000000000000DA
95634 +:10C6600000000000000000000000000000000000CA
95635 +:10C6700000000000000000000000000000000000BA
95636 +:10C6800000000000000000000000000000000000AA
95637 +:10C69000000000000000000000000000000000009A
95638 +:10C6A000000000000000000000000000000000008A
95639 +:10C6B000000000000000000000000000000000007A
95640 +:10C6C000000000000000000000000000000000006A
95641 +:10C6D000000000000000000000000000000000005A
95642 +:10C6E000000000000000000000000000000000004A
95643 +:10C6F000000000000000000000000000000000003A
95644 +:10C700000000000000000000000000000000000029
95645 +:10C710000000000000000000000000000000000019
95646 +:10C720000000000000000000000000000000000009
95647 +:10C7300000000000000000000000000000000000F9
95648 +:10C7400000000000000000000000000000000000E9
95649 +:10C7500000000000000000000000000000000000D9
95650 +:10C7600000000000000000000000000000000000C9
95651 +:10C7700000000000000000000000000000000000B9
95652 +:10C7800000000000000000000000000000000000A9
95653 +:10C790000000000000000000000000000000000099
95654 +:10C7A0000000000000000000000000000000000089
95655 +:10C7B0000000000000000000000000000000000079
95656 +:10C7C0000000000000000000000000000000000069
95657 +:10C7D0000000000000000000000000000000000059
95658 +:10C7E0000000000000000000000000000000000049
95659 +:10C7F0000000000000000000000000000000000039
95660 +:10C800000000000000000000000000000000000028
95661 +:10C810000000000000000000000000000000000018
95662 +:10C820000000000000000000000000000000000008
95663 +:10C8300000000000000000000000000000000000F8
95664 +:10C8400000000000000000000000000000000000E8
95665 +:10C8500000000000000000000000000000000000D8
95666 +:10C8600000000000000000000000000000000000C8
95667 +:10C8700000000000000000000000000000000000B8
95668 +:10C8800000000000000000000000000000000000A8
95669 +:10C890000000000000000000000000000000000098
95670 +:10C8A0000000000000000000000000000000000088
95671 +:10C8B0000000000000000000000000000000000078
95672 +:10C8C0000000000000000000000000000000000068
95673 +:10C8D0000000000000000000000000000000000058
95674 +:10C8E0000000000000000000000000000000000048
95675 +:10C8F0000000000000000000000000000000000038
95676 +:10C900000000000000000000000000000000000027
95677 +:10C910000000000000000000000000000000000017
95678 +:10C920000000000000000000000000000000000007
95679 +:10C9300000000000000000000000000000000000F7
95680 +:10C9400000000000000000000000000000000000E7
95681 +:10C9500000000000000000000000000000000000D7
95682 +:10C9600000000000000000000000000000000000C7
95683 +:10C9700000000000000000000000000000000000B7
95684 +:10C9800000000000000000000000000000000000A7
95685 +:10C990000000000000000000000000000000000097
95686 +:10C9A0000000000000000000000000000000000087
95687 +:10C9B0000000000000000000000000000000000077
95688 +:10C9C0000000000000000000000000000000000067
95689 +:10C9D0000000000000000000000000000000000057
95690 +:10C9E0000000000000000000000000000000000047
95691 +:10C9F0000000000000000000000000000000000037
95692 +:10CA00000000000000000000000000000000000026
95693 +:10CA10000000000000000000000000000000000016
95694 +:10CA20000000000000000000000000000000000006
95695 +:10CA300000000000000000000000000000000000F6
95696 +:10CA400000000000000000000000000000000000E6
95697 +:10CA500000000000000000000000000000000000D6
95698 +:10CA600000000000000000000000000000000000C6
95699 +:10CA700000000000000000000000000000000000B6
95700 +:10CA800000000000000000000000000000000000A6
95701 +:10CA90000000000000000000000000000000000096
95702 +:10CAA0000000000000000000000000000000000086
95703 +:10CAB0000000000000000000000000000000000076
95704 +:10CAC0000000000000000000000000000000000066
95705 +:10CAD0000000000000000000000000000000000056
95706 +:10CAE0000000000000000000000000000000000046
95707 +:10CAF0000000000000000000000000000000000036
95708 +:10CB00000000000000000000000000000000000025
95709 +:10CB10000000000000000000000000000000000015
95710 +:10CB20000000000000000000000000000000000005
95711 +:10CB300000000000000000000000000000000000F5
95712 +:10CB400000000000000000000000000000000000E5
95713 +:10CB500000000000000000000000000000000000D5
95714 +:10CB600000000000000000000000000000000000C5
95715 +:10CB700000000000000000000000000000000000B5
95716 +:10CB800000000000000000000000000000000000A5
95717 +:10CB90000000000000000000000000000000000095
95718 +:10CBA0000000000000000000000000000000000085
95719 +:10CBB0000000000000000000000000000000000075
95720 +:10CBC0000000000000000000000000000000000065
95721 +:10CBD0000000000000000000000000000000000055
95722 +:10CBE0000000000000000000000000000000000045
95723 +:10CBF0000000000000000000000000000000000035
95724 +:10CC00000000000000000000000000000000000024
95725 +:10CC10000000000000000000000000000000000014
95726 +:10CC20000000000000000000000000000000000004
95727 +:10CC300000000000000000000000000000000000F4
95728 +:10CC400000000000000000000000000000000000E4
95729 +:10CC500000000000000000000000000000000000D4
95730 +:10CC600000000000000000000000000000000000C4
95731 +:10CC700000000000000000000000000000000000B4
95732 +:10CC800000000000000000000000000000000000A4
95733 +:10CC90000000000000000000000000000000000094
95734 +:10CCA0000000000000000000000000000000000084
95735 +:10CCB0000000000000000000000000000000000074
95736 +:10CCC0000000000000000000000000000000000064
95737 +:10CCD0000000000000000000000000000000000054
95738 +:10CCE0000000000000000000000000000000000044
95739 +:10CCF0000000000000000000000000000000000034
95740 +:10CD00000000000000000000000000000000000023
95741 +:10CD10000000000000000000000000000000000013
95742 +:10CD20000000000000000000000000000000000003
95743 +:10CD300000000000000000000000000000000000F3
95744 +:10CD400000000000000000000000000000000000E3
95745 +:10CD500000000000000000000000000000000000D3
95746 +:10CD600000000000000000000000000000000000C3
95747 +:10CD700000000000000000000000000000000000B3
95748 +:10CD800000000000000000000000000000000000A3
95749 +:10CD90000000000000000000000000000000000093
95750 +:10CDA0000000000000000000000000000000000083
95751 +:10CDB0000000000000000000000000000000000073
95752 +:10CDC0000000000000000000000000000000000063
95753 +:10CDD0000000000000000000000000000000000053
95754 +:10CDE0000000000000000000000000000000000043
95755 +:10CDF0000000000000000000000000000000000033
95756 +:10CE00000000000000000000000000000000000022
95757 +:10CE10000000000000000000000000000000000012
95758 +:10CE20000000000000000000000000000000000002
95759 +:10CE300000000000000000000000000000000000F2
95760 +:10CE400000000000000000000000000000000000E2
95761 +:10CE500000000000000000000000000000000000D2
95762 +:10CE600000000000000000000000000000000000C2
95763 +:10CE700000000000000000000000000000000000B2
95764 +:10CE800000000000000000000000000000000000A2
95765 +:10CE90000000000000000000000000000000000092
95766 +:10CEA0000000000000000000000000000000000082
95767 +:10CEB0000000000000000000000000000000000072
95768 +:10CEC0000000000000000000000000000000000062
95769 +:10CED0000000000000000000000000000000000052
95770 +:10CEE0000000000000000000000000000000000042
95771 +:10CEF0000000000000000000000000000000000032
95772 +:10CF00000000000000000000000000000000000021
95773 +:10CF10000000000000000000000000000000000011
95774 +:10CF20000000000000000000000000000000000001
95775 +:10CF300000000000000000000000000000000000F1
95776 +:10CF400000000000000000000000000000000000E1
95777 +:10CF500000000000000000000000000000000000D1
95778 +:10CF600000000000000000000000000000000000C1
95779 +:10CF700000000000000000000000000000000000B1
95780 +:10CF800000000000000000000000000000000000A1
95781 +:10CF90000000000000000000000000000000000091
95782 +:10CFA0000000000000000000000000000000000081
95783 +:10CFB0000000000000000000000000000000000071
95784 +:10CFC0000000000000000000000000000000000061
95785 +:10CFD0000000000000000000000000000000000051
95786 +:10CFE0000000000000000000000000000000000041
95787 +:10CFF0000000000000000000000000000000000031
95788 +:10D000000000000000000000000000000000000020
95789 +:10D010000000000000000000000000000000000010
95790 +:10D020000000000000000000000000000000000000
95791 +:10D0300000000000000000000000000000000000F0
95792 +:10D0400000000000000000000000000000000000E0
95793 +:10D0500000000000000000000000000000000000D0
95794 +:10D0600000000000000000000000000000000000C0
95795 +:10D0700000000000000000000000000000000000B0
95796 +:10D0800000000000000000000000000000000000A0
95797 +:10D090000000000000000000000000000000000090
95798 +:10D0A0000000000000000000000000000000000080
95799 +:10D0B0000000000000000000000000000000000070
95800 +:10D0C0000000000000000000000000000000000060
95801 +:10D0D0000000000000000000000000000000000050
95802 +:10D0E0000000000000000000000000000000000040
95803 +:10D0F0000000000000000000000000000000000030
95804 +:10D10000000000000000000000000000000000001F
95805 +:10D11000000000000000000000000000000000000F
95806 +:10D1200000000000000000000000000000000000FF
95807 +:10D1300000000000000000000000000000000000EF
95808 +:10D1400000000000000000000000000000000000DF
95809 +:10D1500000000000000000000000000000000000CF
95810 +:10D1600000000000000000000000000000000000BF
95811 +:10D1700000000000000000000000000000000000AF
95812 +:10D18000000000000000000000000000000000009F
95813 +:10D19000000000000000000000000000000000008F
95814 +:10D1A000000000000000000000000000000000007F
95815 +:10D1B000000000000000000000000000000000006F
95816 +:10D1C000000000000000000000000000000000005F
95817 +:10D1D000000000000000000000000000000000004F
95818 +:10D1E000000000000000000000000000000000003F
95819 +:10D1F000000000000000000000000000000000002F
95820 +:10D20000000000000000000000000000000000001E
95821 +:10D21000000000000000000000000000000000000E
95822 +:10D2200000000000000000000000000000000000FE
95823 +:10D2300000000000000000000000000000000000EE
95824 +:10D2400000000000000000000000000000000000DE
95825 +:10D2500000000000000000000000000000000000CE
95826 +:10D2600000000000000000000000000000000000BE
95827 +:10D2700000000000000000000000000000000000AE
95828 +:10D28000000000000000000000000000000000009E
95829 +:10D29000000000000000000000000000000000008E
95830 +:10D2A000000000000000000000000000000000007E
95831 +:10D2B000000000000000000000000000000000006E
95832 +:10D2C000000000000000000000000000000000005E
95833 +:10D2D000000000000000000000000000000000004E
95834 +:10D2E000000000000000000000000000000000003E
95835 +:10D2F000000000000000000000000000000000002E
95836 +:10D30000000000000000000000000000000000001D
95837 +:10D31000000000000000000000000000000000000D
95838 +:10D3200000000000000000000000000000000000FD
95839 +:10D3300000000000000000000000000000000000ED
95840 +:10D3400000000000000000000000000000000000DD
95841 +:10D3500000000000000000000000000000000000CD
95842 +:10D3600000000000000000000000000000000000BD
95843 +:10D3700000000000000000000000000000000000AD
95844 +:10D38000000000000000000000000000000000009D
95845 +:10D39000000000000000000000000000000000008D
95846 +:10D3A000000000000000000000000000000000007D
95847 +:10D3B000000000000000000000000000000000006D
95848 +:10D3C000000000000000000000000000000000005D
95849 +:10D3D000000000000000000000000000000000004D
95850 +:10D3E000000000000000000000000000000000003D
95851 +:10D3F000000000000000000000000000000000002D
95852 +:10D40000000000000000000000000000000000001C
95853 +:10D41000000000000000000000000000000000000C
95854 +:10D4200000000000000000000000000000000000FC
95855 +:10D4300000000000000000000000000000000000EC
95856 +:10D4400000000000000000000000000000000000DC
95857 +:10D4500000000000000000000000000000000000CC
95858 +:10D4600000000000000000000000000000000000BC
95859 +:10D4700000000000000000000000000000000000AC
95860 +:10D48000000000000000000000000000000000009C
95861 +:10D49000000000000000000000000000000000008C
95862 +:10D4A000000000000000000000000000000000007C
95863 +:10D4B000000000000000000000000000000000006C
95864 +:10D4C000000000000000000000000000000000005C
95865 +:10D4D000000000000000000000000000000000004C
95866 +:10D4E000000000000000000000000000000000003C
95867 +:10D4F000000000000000000000000000000000002C
95868 +:10D50000000000000000000000000000000000001B
95869 +:10D51000000000000000000000000000000000000B
95870 +:10D5200000000000000000000000000000000000FB
95871 +:10D5300000000000000000000000000000000000EB
95872 +:10D5400000000000000000000000000000000000DB
95873 +:10D5500000000000000000000000000000000000CB
95874 +:10D5600000000000000000000000000000000000BB
95875 +:10D5700000000000000000000000000000000000AB
95876 +:10D58000000000000000000000000000000000009B
95877 +:10D59000000000000000000000000000000000008B
95878 +:10D5A000000000000000000000000000000000007B
95879 +:10D5B000000000000000000000000000000000006B
95880 +:10D5C000000000000000000000000000000000005B
95881 +:10D5D000000000000000000000000000000000004B
95882 +:10D5E000000000000000000000000000000000003B
95883 +:10D5F000000000000000000000000000000000002B
95884 +:10D60000000000000000000000000000000000001A
95885 +:10D61000000000000000000000000000000000000A
95886 +:10D6200000000000000000000000000000000000FA
95887 +:10D6300000000000000000000000000000000000EA
95888 +:10D6400000000000000000000000000000000000DA
95889 +:10D6500000000000000000000000000000000000CA
95890 +:10D6600000000000000000000000000000000000BA
95891 +:10D6700000000000000000000000000000000000AA
95892 +:10D68000000000000000000000000000000000009A
95893 +:10D69000000000000000000000000000000000008A
95894 +:10D6A000000000000000000000000000000000007A
95895 +:10D6B000000000000000000000000000000000006A
95896 +:10D6C000000000000000000000000000000000005A
95897 +:10D6D000000000000000000000000000000000004A
95898 +:10D6E000000000000000000000000000000000003A
95899 +:10D6F000000000000000000000000000000000002A
95900 +:10D700000000000000000000000000000000000019
95901 +:10D710000000000000000000000000000000000009
95902 +:10D7200000000000000000000000000000000000F9
95903 +:10D7300000000000000000000000000000000000E9
95904 +:10D7400000000000000000000000000000000000D9
95905 +:10D7500000000000000000000000000000000000C9
95906 +:10D7600000000000000000000000000000000000B9
95907 +:10D7700000000000000000000000000000000000A9
95908 +:10D780000000000000000000000000000000000099
95909 +:10D790000000000000000000000000000000000089
95910 +:10D7A0000000000000000000000000000000000079
95911 +:10D7B0000000000000000000000000000000000069
95912 +:10D7C0000000000000000000000000000000000059
95913 +:10D7D0000000000000000000000000000000000049
95914 +:10D7E0000000000000000000000000000000000039
95915 +:10D7F0000000000000000000000000000000000029
95916 +:10D800000000000000000000000000000000000018
95917 +:10D810000000000000000000000000000000000008
95918 +:10D8200000000000000000000000000000000000F8
95919 +:10D8300000000000000000000000000000000000E8
95920 +:10D8400000000000000000000000000000000000D8
95921 +:10D8500000000000000000000000000000000000C8
95922 +:10D8600000000000000000000000000000000000B8
95923 +:10D8700000000000000000000000000000000000A8
95924 +:10D880000000000000000000000000000000000098
95925 +:10D890000000000000000000000000000000000088
95926 +:10D8A0000000000000000000000000000000000078
95927 +:10D8B0000000000000000000000000000000000068
95928 +:10D8C0000000000000000000000000000000000058
95929 +:10D8D0000000000000000000000000000000000048
95930 +:10D8E0000000000000000000000000000000000038
95931 +:10D8F0000000000000000000000000000000000028
95932 +:10D900000000000000000000000000000000000017
95933 +:10D910000000000000000000000000000000000007
95934 +:10D9200000000000000000000000000000000000F7
95935 +:10D9300000000000000000000000000000000000E7
95936 +:10D9400000000000000000000000000000000000D7
95937 +:10D9500000000000000000000000000000000000C7
95938 +:10D9600000000000000000000000000000000000B7
95939 +:10D9700000000000000000000000000000000000A7
95940 +:10D980000000000000000000000000000000000097
95941 +:10D990000000000000000000000000000000000087
95942 +:10D9A0000000000000000000000000000000000077
95943 +:10D9B0000000000000000000000000000000000067
95944 +:10D9C0000000000000000000000000000000000057
95945 +:10D9D0000000000000000000000000000000000047
95946 +:10D9E0000000000000000000000000000000000037
95947 +:10D9F0000000000000000000000000000000000027
95948 +:10DA00000000000000000000000000000000000016
95949 +:10DA10000000000000000000000000000000000006
95950 +:10DA200000000000000000000000000000000000F6
95951 +:10DA300000000000000000000000000000000000E6
95952 +:10DA400000000000000000000000000000000000D6
95953 +:10DA500000000000000000000000000000000000C6
95954 +:10DA600000000000000000000000000000000000B6
95955 +:10DA700000000000000000000000000000000000A6
95956 +:10DA80000000000000000000000000000000000096
95957 +:10DA90000000000000000000000000000000000086
95958 +:10DAA0000000000000000000000000000000000076
95959 +:10DAB0000000000000000000000000000000000066
95960 +:10DAC0000000000000000000000000000000000056
95961 +:10DAD0000000000000000000000000000000000046
95962 +:10DAE0000000000000000000000000000000000036
95963 +:10DAF0000000000000000000000000000000000026
95964 +:10DB00000000000000000000000000000000000015
95965 +:10DB10000000000000000000000000000000000005
95966 +:10DB200000000000000000000000000000000000F5
95967 +:10DB300000000000000000000000000000000000E5
95968 +:10DB400000000000000000000000000000000000D5
95969 +:10DB500000000000000000000000000000000000C5
95970 +:10DB600000000000000000000000000000000000B5
95971 +:10DB700000000000000000000000000000000000A5
95972 +:10DB80000000000000000000000000000000000095
95973 +:10DB90000000000000000000000000000000000085
95974 +:10DBA0000000000000000000000000000000000075
95975 +:10DBB0000000000000000000000000000000000065
95976 +:10DBC0000000000000000000000000000000000055
95977 +:10DBD0000000000000000000000000000000000045
95978 +:10DBE0000000000000000000000000000000000035
95979 +:10DBF0000000000000000000000000000000000025
95980 +:10DC00000000000000000000000000000000000014
95981 +:10DC10000000000000000000000000000000000004
95982 +:10DC200000000000000000000000000000000000F4
95983 +:10DC300000000000000000000000000000000000E4
95984 +:10DC400000000000000000000000000000000000D4
95985 +:10DC500000000000000000000000000000000000C4
95986 +:10DC600000000000000000000000000000000000B4
95987 +:10DC700000000000000000000000000000000000A4
95988 +:10DC80000000000000000000000000000000000094
95989 +:10DC90000000000000000000000000000000000084
95990 +:10DCA0000000000000000000000000000000000074
95991 +:10DCB0000000000000000000000000000000000064
95992 +:10DCC0000000000000000000000000000000000054
95993 +:10DCD0000000000000000000000000000000000044
95994 +:10DCE0000000000000000000000000000000000034
95995 +:10DCF0000000000000000000000000000000000024
95996 +:10DD00000000000000000000000000000000000013
95997 +:10DD10000000000000000000000000000000000003
95998 +:10DD200000000000000000000000000000000000F3
95999 +:10DD300000000000000000000000000000000000E3
96000 +:10DD400000000000000000000000000000000000D3
96001 +:10DD500000000000000000000000000000000000C3
96002 +:10DD600000000000000000000000000000000000B3
96003 +:10DD700000000000000000000000000000000000A3
96004 +:10DD80000000000000000000000000000000000093
96005 +:10DD90000000000000000000000000000000000083
96006 +:10DDA0000000000000000000000000000000000073
96007 +:10DDB0000000000000000000000000000000000063
96008 +:10DDC0000000000000000000000000000000000053
96009 +:10DDD0000000000000000000000000000000000043
96010 +:10DDE0000000000000000000000000000000000033
96011 +:10DDF0000000000000000000000000000000000023
96012 +:10DE00000000000000000000000000000000000012
96013 +:10DE10000000000000000000000000000000000002
96014 +:10DE200000000000000000000000000000000000F2
96015 +:10DE300000000000000000000000000000000000E2
96016 +:10DE400000000000000000000000000000000000D2
96017 +:10DE500000000000000000000000000000000000C2
96018 +:10DE600000000000000000000000000000000000B2
96019 +:10DE700000000000000000000000000000000000A2
96020 +:10DE80000000000000000000000000000000000092
96021 +:10DE90000000000000000000000000000000000082
96022 +:10DEA0000000000000000000000000000000000072
96023 +:10DEB0000000000000000000000000000000000062
96024 +:10DEC0000000000000000000000000000000000052
96025 +:10DED0000000000000000000000000000000000042
96026 +:10DEE0000000000000000000000000000000000032
96027 +:10DEF0000000000000000000000000000000000022
96028 +:10DF00000000000000000000000000000000000011
96029 +:10DF10000000000000000000000000000000000001
96030 +:10DF200000000000000000000000000000000000F1
96031 +:10DF300000000000000000000000000000000000E1
96032 +:10DF400000000000000000000000000000000000D1
96033 +:10DF500000000000000000000000000000000000C1
96034 +:10DF600000000000000000000000000000000000B1
96035 +:10DF700000000000000000000000000000000000A1
96036 +:10DF80000000000000000000000000000000000091
96037 +:10DF90000000000000000000000000000000000081
96038 +:10DFA0000000000000000000000000000000000071
96039 +:10DFB0000000000000000000000000000000000061
96040 +:10DFC0000000000000000000000000000000000051
96041 +:10DFD0000000000000000000000000000000000041
96042 +:10DFE0000000000000000000000000000000000031
96043 +:10DFF0000000000000000000000000000000000021
96044 +:10E000000000000000000000000000000000000010
96045 +:10E010000000000000000000000000000000000000
96046 +:10E0200000000000000000000000000000000000F0
96047 +:10E0300000000000000000000000000000000000E0
96048 +:10E0400000000000000000000000000000000000D0
96049 +:10E0500000000000000000000000000000000000C0
96050 +:10E0600000000000000000000000000000000000B0
96051 +:10E0700000000000000000000000000000000000A0
96052 +:10E080000000000000000000000000000000000090
96053 +:10E090000000000000000000000000000000000080
96054 +:10E0A0000000000000000000000000000000000070
96055 +:10E0B0000000000000000000000000000000000060
96056 +:10E0C0000000000000000000000000000000000050
96057 +:10E0D0000000000000000000000000000000000040
96058 +:10E0E0000000000000000000000000000000000030
96059 +:10E0F0000000000000000000000000000000000020
96060 +:10E10000000000000000000000000000000000000F
96061 +:10E1100000000000000000000000000000000000FF
96062 +:10E1200000000000000000000000000000000000EF
96063 +:10E1300000000000000000000000000000000000DF
96064 +:10E1400000000000000000000000000000000000CF
96065 +:10E1500000000000000000000000000000000000BF
96066 +:10E1600000000000000000000000000000000000AF
96067 +:10E17000000000000000000000000000000000009F
96068 +:10E18000000000000000000000000000000000008F
96069 +:10E19000000000000000000000000000000000007F
96070 +:10E1A000000000000000000000000000000000006F
96071 +:10E1B000000000000000000000000000000000005F
96072 +:10E1C000000000000000000000000000000000004F
96073 +:10E1D000000000000000000000000000000000003F
96074 +:10E1E000000000000000000000000000000000002F
96075 +:10E1F000000000000000000000000000000000809F
96076 +:10E20000000000000000000000000000000000000E
96077 +:10E2100000000000000000000000000000000000FE
96078 +:10E220000000000A000000000000000000000000E4
96079 +:10E2300010000003000000000000000D0000000DB1
96080 +:10E240003C020801244295C03C030801246397FC6A
96081 +:10E25000AC4000000043202B1480FFFD244200044A
96082 +:10E260003C1D080037BD9FFC03A0F0213C100800B6
96083 +:10E27000261032103C1C0801279C95C00E0012BECF
96084 +:10E28000000000000000000D3C02800030A5FFFFF0
96085 +:10E2900030C600FF344301803C0880008D0901B87E
96086 +:10E2A0000520FFFE00000000AC6400002404000212
96087 +:10E2B000A4650008A066000AA064000BAC67001803
96088 +:10E2C0003C03100003E00008AD0301B83C0560000A
96089 +:10E2D0008CA24FF80440FFFE00000000ACA44FC029
96090 +:10E2E0003C0310003C040200ACA44FC403E000084F
96091 +:10E2F000ACA34FF89486000C00A050212488001491
96092 +:10E3000000062B0200051080004448210109182B4B
96093 +:10E310001060001100000000910300002C6400094F
96094 +:10E320005080000991190001000360803C0D080134
96095 +:10E3300025AD9258018D58218D67000000E000083E
96096 +:10E340000000000091190001011940210109302B42
96097 +:10E3500054C0FFF29103000003E000080000102108
96098 +:10E360000A000CCC25080001910F0001240E000AC0
96099 +:10E3700015EE00400128C8232F38000A1700003D81
96100 +:10E38000250D00028D580000250F0006370E0100F4
96101 +:10E39000AD4E0000910C000291AB000191A400026F
96102 +:10E3A00091A60003000C2E00000B3C0000A71025D6
96103 +:10E3B00000041A000043C8250326C025AD580004F8
96104 +:10E3C000910E000691ED000191E7000291E5000336
96105 +:10E3D000000E5E00000D6400016C30250007220075
96106 +:10E3E00000C41025004518252508000A0A000CCC99
96107 +:10E3F000AD430008910F000125040002240800022B
96108 +:10E4000055E80001012020210A000CCC00804021A9
96109 +:10E41000910C0001240B0003158B00160000000076
96110 +:10E420008D580000910E000225080003370D0008EA
96111 +:10E43000A14E00100A000CCCAD4D00009119000156
96112 +:10E44000240F0004172F000B0000000091070002AA
96113 +:10E45000910400038D43000000072A0000A410254A
96114 +:10E460003466000425080004AD42000C0A000CCC00
96115 +:10E47000AD46000003E000082402000127BDFFE8CC
96116 +:10E48000AFBF0014AFB000100E00164E0080802108
96117 +:10E490003C0480083485008090A600052403FFFE1C
96118 +:10E4A0000200202100C310248FBF00148FB0001081
96119 +:10E4B000A0A200050A00165827BD001827BDFFE8D6
96120 +:10E4C000AFB00010AFBF00140E000FD40080802149
96121 +:10E4D0003C06800834C5008090A40000240200504F
96122 +:10E4E000308300FF106200073C09800002002021F9
96123 +:10E4F0008FBF00148FB00010AD2001800A00108F74
96124 +:10E5000027BD0018240801003C07800002002021DC
96125 +:10E510008FBF00148FB00010ACE801800A00108F8C
96126 +:10E5200027BD001827BDFF783C058008AFBE0080DE
96127 +:10E53000AFB7007CAFB3006CAFB10064AFBF008475
96128 +:10E54000AFB60078AFB50074AFB40070AFB200687A
96129 +:10E55000AFB0006034A600803C0580008CB201287A
96130 +:10E5600090C400098CA701043C020001309100FF17
96131 +:10E5700000E218240000B8210000F021106000071C
96132 +:10E58000000098213C0908008D2931F02413000176
96133 +:10E59000252800013C010800AC2831F0ACA0008423
96134 +:10E5A00090CC0005000C5827316A0001154000721C
96135 +:10E5B000AFA0005090CD00002406002031A400FF41
96136 +:10E5C00010860018240E0050108E009300000000EA
96137 +:10E5D0003C1008008E1000DC260F00013C010800F2
96138 +:10E5E000AC2F00DC0E0016C7000000000040182110
96139 +:10E5F0008FBF00848FBE00808FB7007C8FB60078FD
96140 +:10E600008FB500748FB400708FB3006C8FB2006848
96141 +:10E610008FB100648FB000600060102103E000083B
96142 +:10E6200027BD00880000000D3C1F8000AFA0003017
96143 +:10E6300097E501168FE201043C04002030B9FFFF8A
96144 +:10E64000004438240007182B00033140AFA60030E7
96145 +:10E650008FF5010437F80C003C1600400338802188
96146 +:10E6600002B6A02434C40040128000479215000D69
96147 +:10E6700032A800201500000234860080008030217E
96148 +:10E6800014C0009FAFA600303C0D800835A6008066
96149 +:10E6900090CC0008318B0040516000063C06800899
96150 +:10E6A000240E0004122E00A8240F0012122F003294
96151 +:10E6B0003C06800834C401003C0280009447011AE3
96152 +:10E6C0009619000E909F00088E18000830E3FFFF97
96153 +:10E6D00003F9B00432B40004AFB6005CAFA3005835
96154 +:10E6E0008E1600041280002EAFB8005434C3008090
96155 +:10E6F000906800083105004014A0002500000000CB
96156 +:10E700008C70005002D090230640000500000000ED
96157 +:10E710008C71003402D1A82306A201678EE20008A2
96158 +:10E72000126000063C1280003C1508008EB531F4E2
96159 +:10E7300026B600013C010800AC3631F4AE4000447E
96160 +:10E74000240300018FBF00848FBE00808FB7007C40
96161 +:10E750008FB600788FB500748FB400708FB3006CE3
96162 +:10E760008FB200688FB100648FB00060006010212C
96163 +:10E7700003E0000827BD00880E000D2800002021BE
96164 +:10E780000A000D75004018210A000D9500C02021D7
96165 +:10E790000E00171702C020211440FFE10000000006
96166 +:10E7A0003C0B8008356400808C8A003402CA482300
96167 +:10E7B0000520001D000000003C1E08008FDE310017
96168 +:10E7C00027D700013C010800AC3731001260000679
96169 +:10E7D000024020213C1408008E9431F42690000160
96170 +:10E7E0003C010800AC3031F40E00164E3C1E80088F
96171 +:10E7F00037CD008091B700250240202136EE00047D
96172 +:10E800000E001658A1AE00250E000CAC02402021CF
96173 +:10E810000A000DCA240300013C17080126F796C020
96174 +:10E820000A000D843C1F80008C86003002C66023E5
96175 +:10E830001980000C2419000C908F004F3C14080024
96176 +:10E840008E94310032B500FC35ED0001268E0001BA
96177 +:10E850003C010800AC2E3100A08D004FAFA0005845
96178 +:10E860002419000CAFB900308C9800300316A02397
96179 +:10E870001A80010B8FA300580074F82A17E0FFD309
96180 +:10E88000000000001074002A8FA5005802D4B021A7
96181 +:10E8900000B410233044FFFFAFA4005832A8000298
96182 +:10E8A0001100002E32AB00103C15800836B00080FD
96183 +:10E8B0009216000832D30040526000FB8EE200083E
96184 +:10E8C0000E00164E02402021240A0018A20A000958
96185 +:10E8D000921100052409FFFE024020210229902404
96186 +:10E8E0000E001658A2120005240400390000282149
96187 +:10E8F0000E0016F2240600180A000DCA24030001B7
96188 +:10E9000092FE000C3C0A800835490080001EBB00C6
96189 +:10E910008D27003836F10081024020213225F08118
96190 +:10E920000E000C9B30C600FF0A000DC10000000065
96191 +:10E930003AA7000130E300011460FFA402D4B02123
96192 +:10E940000A000E1D00000000024020210E001734B6
96193 +:10E95000020028210A000D75004018211160FF7087
96194 +:10E960003C0F80083C0D800835EE00808DC40038D7
96195 +:10E970008FA300548DA60004006660231D80FF68ED
96196 +:10E98000000000000064C02307020001AFA400548F
96197 +:10E990003C1F08008FFF31E433F9000113200015FC
96198 +:10E9A0008FAC00583C07800094E3011A10600012FD
96199 +:10E9B0003C0680080E00216A024020213C03080129
96200 +:10E9C000906396F13064000214800145000000005D
96201 +:10E9D000306C0004118000078FAC0058306600FBDB
96202 +:10E9E0003C010801A02696F132B500FCAFA000580A
96203 +:10E9F0008FAC00583C06800834D30080AFB40018B8
96204 +:10EA0000AFB60010AFAC00143C088000950B01209D
96205 +:10EA10008E6F0030966A005C8FA3005C8FBF003061
96206 +:10EA20003169FFFF3144FFFF8FAE005401341021E4
96207 +:10EA3000350540000064382B0045C82103E7C02598
96208 +:10EA4000AFB90020AFAF0028AFB80030AFAF00249F
96209 +:10EA5000AFA0002CAFAE0034926D000831B40008B6
96210 +:10EA6000168000BB020020218EE200040040F8095D
96211 +:10EA700027A400108FAF003031F300025660000170
96212 +:10EA800032B500FE3C048008349F008093F90008F2
96213 +:10EA900033380040530000138FA400248C850004F9
96214 +:10EAA0008FA7005410A700D52404001432B0000131
96215 +:10EAB0001200000C8FA400242414000C1234011A3C
96216 +:10EAC0002A2D000D11A001022413000E240E000AAD
96217 +:10EAD000522E0001241E00088FAF002425E40001FF
96218 +:10EAE000AFA400248FAA00143C0B80083565008079
96219 +:10EAF000008A48218CB10030ACA9003090A4004EAF
96220 +:10EB00008CA700303408FFFF0088180400E3F821C8
96221 +:10EB1000ACBF00348FA600308FB900548FB8005CB2
96222 +:10EB200030C200081040000B033898218CAC002044
96223 +:10EB3000119300D330C600FF92EE000C8FA7003473
96224 +:10EB400002402021000E6B0035B400800E000C9BAB
96225 +:10EB50003285F0803C028008345000808E0F0030F7
96226 +:10EB600001F1302318C00097264800803C070800B8
96227 +:10EB70008CE731E42404FF80010418243118007F5D
96228 +:10EB80003C1F80003C19800430F10001AFE300908D
96229 +:10EB900012200006031928213C030801906396F116
96230 +:10EBA00030690008152000C6306A00F73C10800864
96231 +:10EBB00036040080908C004F318B000115600042BC
96232 +:10EBC000000000003C0608008CC6319830CE0010D2
96233 +:10EBD00051C0004230F9000190AF006B55E0003F9A
96234 +:10EBE00030F9000124180001A0B8006B3C1180002E
96235 +:10EBF0009622007A24470064A48700123C0D800806
96236 +:10EC000035A5008090B40008329000401600000442
96237 +:10EC10003C03800832AE000115C0008B00000000EC
96238 +:10EC2000346400808C86002010D3000A3463010015
96239 +:10EC30008C67000002C7782319E000978FBF00544B
96240 +:10EC4000AC93002024130001AC760000AFB3005059
96241 +:10EC5000AC7F000417C0004E000000008FA90050D8
96242 +:10EC60001520000B000000003C030801906396F1A2
96243 +:10EC7000306A00011140002E8FAB0058306400FE56
96244 +:10EC80003C010801A02496F10A000D75000018212E
96245 +:10EC90000E000CAC024020210A000F1300000000FF
96246 +:10ECA0000A000E200000A0210040F80924040017EB
96247 +:10ECB0000A000DCA240300010040F80924040016CC
96248 +:10ECC0000A000DCA240300019094004F240DFFFE9A
96249 +:10ECD000028D2824A085004F30F900011320000682
96250 +:10ECE0003C0480083C030801906396F1307F0010DB
96251 +:10ECF00017E00051306800EF34900080240A0001D2
96252 +:10ED0000024020210E00164EA60A00129203002592
96253 +:10ED100024090001AFA90050346200010240202103
96254 +:10ED20000E001658A20200250A000EF93C0D8008BC
96255 +:10ED30001160FE83000018218FA5003030AC000464
96256 +:10ED40001180FE2C8FBF00840A000DCB240300012C
96257 +:10ED500027A500380E000CB6AFA000385440FF4382
96258 +:10ED60008EE200048FB40038329001005200FF3F61
96259 +:10ED70008EE200048FA3003C8E6E0058006E682364
96260 +:10ED800005A3FF39AE6300580A000E948EE200041A
96261 +:10ED90000E00164E024020213C038008346800809B
96262 +:10EDA000024020210E001658A11E000903C0302188
96263 +:10EDB000240400370E0016F2000028210A000F116B
96264 +:10EDC0008FA900508FAB00185960FF8D3C0D800853
96265 +:10EDD0000E00164E02402021920C00252405000151
96266 +:10EDE000AFA5005035820004024020210E001658C5
96267 +:10EDF000A20200250A000EF93C0D800812240059D9
96268 +:10EE00002A2300151060004D240900162408000C68
96269 +:10EE10005628FF2732B000013C0A8008914C001BA5
96270 +:10EE20002406FFBD241E000E01865824A14B001BA2
96271 +:10EE30000A000EA532B000013C010801A02896F19D
96272 +:10EE40000A000EF93C0D80088CB500308EFE0008DB
96273 +:10EE50002404001826B6000103C0F809ACB600303F
96274 +:10EE60003C030801906396F13077000116E0FF81C2
96275 +:10EE7000306A00018FB200300A000D753243000481
96276 +:10EE80003C1080009605011A50A0FF2B34C60010DC
96277 +:10EE90000A000EC892EE000C8C6200001456FF6D42
96278 +:10EEA000000000008C7800048FB9005403388823D8
96279 +:10EEB0000621FF638FBF00540A000F0E0000000000
96280 +:10EEC0003C010801A02A96F10A000F3030F9000138
96281 +:10EED0001633FF028FAF00240A000EB0241E00106C
96282 +:10EEE0000E00164E024020213C0B80083568008041
96283 +:10EEF00091090025240A0001AFAA0050353300040F
96284 +:10EF0000024020210E001658A11300253C050801DF
96285 +:10EF100090A596F130A200FD3C010801A02296F1D7
96286 +:10EF20000A000E6D004018212411000E53D1FEEA94
96287 +:10EF3000241E00100A000EAF241E00165629FEDC07
96288 +:10EF400032B000013C0A8008914C001B2406FFBD32
96289 +:10EF5000241E001001865824A14B001B0A000EA598
96290 +:10EF600032B000010A000EA4241E00123C038000EF
96291 +:10EF70008C6201B80440FFFE24040800AC6401B8B0
96292 +:10EF800003E000080000000030A5FFFF30C6FFFFCF
96293 +:10EF90003C0780008CE201B80440FFFE34EA0180A7
96294 +:10EFA000AD440000ACE400203C0480089483004899
96295 +:10EFB0003068FFFF11000016AF88000824AB001274
96296 +:10EFC000010B482B512000133C04800034EF01005A
96297 +:10EFD00095EE00208F890000240D001A31CCFFFF30
96298 +:10EFE00031274000A14D000B10E000362583FFFEC5
96299 +:10EFF0000103C02B170000348F9900048F88000490
96300 +:10F00000A5430014350700010A001003AF87000470
96301 +:10F010003C04800024030003348201808F890000B7
96302 +:10F020008F870004A043000B3C088000350C018052
96303 +:10F03000A585000EA585001A8F85000C30EB800099
96304 +:10F04000A5890010AD850028A58600081160000F75
96305 +:10F050008F85001435190100972A00163158FFFCDE
96306 +:10F06000270F000401E870218DCD400031A6FFFF7D
96307 +:10F0700014C000072403BFFF3C02FFFF34487FFF9A
96308 +:10F0800000E83824AF8700048F8500142403BFFFF5
96309 +:10F090003C04800000E3582434830180A46B0026E4
96310 +:10F0A000AC69002C10A0000300054C02A465001000
96311 +:10F0B000A46900263C071000AC8701B803E00008F3
96312 +:10F0C000000000008F990004240AFFFE032A382460
96313 +:10F0D0000A001003AF87000427BDFFE88FA20028B5
96314 +:10F0E00030A5FFFF30C6FFFFAFBF0010AF87000C99
96315 +:10F0F000AF820014AF8000040E000FDBAF80000071
96316 +:10F100008FBF001027BD001803E00008AF80001477
96317 +:10F110003C06800034C4007034C701008C8A0000B3
96318 +:10F1200090E500128F84000027BDFFF030A300FFA0
96319 +:10F13000000318823082400010400037246500032D
96320 +:10F140000005C8800326C0218F0E4000246F0004F4
96321 +:10F15000000F6880AFAE000001A660218D8B4000DB
96322 +:10F16000AFAB000494E900163128FFFC01063821FA
96323 +:10F170008CE64000AFA600088FA9000800003021EF
96324 +:10F18000000028213C07080024E701000A0010675E
96325 +:10F19000240800089059000024A500012CAC000CA4
96326 +:10F1A0000079C0210018788001E770218DCD000022
96327 +:10F1B0001180000600CD302603A5102114A8FFF50C
96328 +:10F1C00000051A005520FFF4905900003C0480000F
96329 +:10F1D000348700703C0508008CA531048CE30000E6
96330 +:10F1E0002CA2002010400009006A38230005488046
96331 +:10F1F0003C0B0800256B3108012B402124AA00019B
96332 +:10F20000AD0700003C010800AC2A310400C0102109
96333 +:10F2100003E0000827BD0010308220001040000BE2
96334 +:10F2200000055880016648218D24400024680004B0
96335 +:10F2300000083880AFA4000000E618218C6540006B
96336 +:10F24000AFA000080A001057AFA500040000000D91
96337 +:10F250000A0010588FA9000827BDFFE03C07800076
96338 +:10F2600034E60100AFBF001CAFB20018AFB100140C
96339 +:10F27000AFB0001094C5000E8F87000030A4FFFFD0
96340 +:10F280002483000430E2400010400010AF830028C7
96341 +:10F290003C09002000E940241100000D30EC800002
96342 +:10F2A0008F8A0004240BBFFF00EB38243543100085
96343 +:10F2B000AF87000030F220001640000B3C1900041C
96344 +:10F2C000241FFFBF0A0010B7007F102430EC80001D
96345 +:10F2D000158000423C0E002030F220001240FFF862
96346 +:10F2E0008F8300043C19000400F9C0241300FFF5CB
96347 +:10F2F000241FFFBF34620040AF82000430E20100EF
96348 +:10F300001040001130F010008F83002C10600006B8
96349 +:10F310003C0F80003C05002000E52024148000C044
96350 +:10F320003C0800043C0F800035EE010095CD001E26
96351 +:10F3300095CC001C31AAFFFF000C5C00014B482556
96352 +:10F34000AF89000C30F010001200000824110001F9
96353 +:10F3500030F100201620008B3C18100000F890249B
96354 +:10F36000164000823C040C002411000130E801002A
96355 +:10F370001500000B3C0900018F85000430A94000F6
96356 +:10F38000152000073C0900013C0C1F0100EC58242B
96357 +:10F390003C0A1000116A01183C1080003C09000171
96358 +:10F3A00000E9302410C000173C0B10003C18080086
96359 +:10F3B0008F1800243307000214E0014024030001E9
96360 +:10F3C0008FBF001C8FB200188FB100148FB00010D7
96361 +:10F3D0000060102103E0000827BD002000EE682433
96362 +:10F3E00011A0FFBE30F220008F8F00043C11FFFF00
96363 +:10F3F00036307FFF00F0382435E380000A0010A685
96364 +:10F40000AF87000000EB102450400065AF8000245F
96365 +:10F410008F8C002C3C0D0F0000ED18241580008807
96366 +:10F42000AF83001030E8010011000086938F0010B8
96367 +:10F430003C0A0200106A00833C1280003650010032
96368 +:10F44000920500139789002A3626000230AF00FF8C
96369 +:10F4500025EE0004000E19C03C0480008C9801B811
96370 +:10F460000700FFFE34880180AD0300003C198008CE
96371 +:10F47000AC830020973100483225FFFF10A0015CCB
96372 +:10F48000AF8500082523001200A3F82B53E0015993
96373 +:10F490008F850004348D010095AC00202402001AF1
96374 +:10F4A00030E44000318BFFFFA102000B108001927D
96375 +:10F4B0002563FFFE00A3502B154001908F8F0004A1
96376 +:10F4C000A50300148F88000435050001AF850004F2
96377 +:10F4D0003C08800035190180A729000EA729001AD1
96378 +:10F4E0008F89000C30B18000A7270010AF290028B9
96379 +:10F4F000A72600081220000E3C04800035020100FF
96380 +:10F50000944C0016318BFFFC256400040088182100
96381 +:10F510008C7F400033E6FFFF14C000053C048000F0
96382 +:10F520003C0AFFFF354D7FFF00AD2824AF85000466
96383 +:10F53000240EBFFF00AE402434850180A4A800261D
96384 +:10F54000ACA7002C3C071000AC8701B800001821C4
96385 +:10F550008FBF001C8FB200188FB100148FB0001045
96386 +:10F560000060102103E0000827BD00203C020BFFD3
96387 +:10F5700000E41824345FFFFF03E3C82B5320FF7B14
96388 +:10F58000241100013C0608008CC6002C24C5000193
96389 +:10F590003C010800AC25002C0A0010D42411000501
96390 +:10F5A0008F85002410A0002FAF80001090A30000D2
96391 +:10F5B000146000792419000310A0002A30E601002D
96392 +:10F5C00010C000CC8F860010241F000210DF00C97D
96393 +:10F5D0008F8B000C3C0708008CE7003824E4FFFF09
96394 +:10F5E00014E0000201641824000018213C0D0800FA
96395 +:10F5F00025AD0038006D1021904C00048F85002847
96396 +:10F6000025830004000321C030A5FFFF3626000239
96397 +:10F610000E000FDB000000000A00114D0000182151
96398 +:10F6200000E8302414C0FF403C0F80000E00103D65
96399 +:10F63000000000008F8700000A0010CAAF82000C93
96400 +:10F64000938F00103C18080127189640000F90C0B7
96401 +:10F6500002588021AF9000248F85002414A0FFD38E
96402 +:10F66000AF8F00103C0480008C86400030C5010044
96403 +:10F6700010A000BC322300043C0C08008D8C002438
96404 +:10F6800024120004106000C23190000D3C04800080
96405 +:10F690008C8D40003402FFFF11A201003231FFFBCC
96406 +:10F6A0008C884000310A01005540000124110010EF
96407 +:10F6B00030EE080011C000BE2419FFFB8F9800280F
96408 +:10F6C0002F0F03EF51E000010219802430E90100FF
96409 +:10F6D00011200014320800018F87002C14E000FB79
96410 +:10F6E0008F8C000C3C05800034AB0100917F00132F
96411 +:10F6F00033E300FF246A00042403FFFE0203802496
96412 +:10F70000000A21C012000002023230253226FFFF1B
96413 +:10F710000E000FDB9785002A1200FF290000182138
96414 +:10F72000320800011100000D32180004240E0001FF
96415 +:10F73000120E0002023230253226FFFF9785002A82
96416 +:10F740000E000FDB00002021240FFFFE020F80249B
96417 +:10F750001200FF1B00001821321800045300FF188C
96418 +:10F760002403000102323025241200045612000145
96419 +:10F770003226FFFF9785002A0E000FDB24040100CC
96420 +:10F780002419FFFB021988241220FF0D0000182104
96421 +:10F790000A0010E9240300011079009C00003021C8
96422 +:10F7A00090AD00012402000211A200BE30EA004028
96423 +:10F7B00090B90001241800011338007F30E900409F
96424 +:10F7C0008CA600049785002A00C020210E000FDBC4
96425 +:10F7D0003626000200004021010018218FBF001CC6
96426 +:10F7E0008FB200188FB100148FB00010006010218C
96427 +:10F7F00003E0000827BD0020360F010095EE000C45
96428 +:10F8000031CD020015A0FEE63C0900013C1880083D
96429 +:10F81000971200489789002A362600023248FFFFD7
96430 +:10F82000AF8800083C0380008C7101B80620FFFE01
96431 +:10F83000346A0180AD4000001100008E3C0F800052
96432 +:10F84000253F0012011FC82B1320008B240E00033C
96433 +:10F85000346C0100958B00202402001A30E4400033
96434 +:10F860003163FFFFA142000B108000A72463FFFE5D
96435 +:10F870000103682B15A000A52408FFFE34A5000194
96436 +:10F88000A5430014AF8500043C0480002412BFFF90
96437 +:10F8900000B2802434850180A4A9000EA4A9001A16
96438 +:10F8A000A4A60008A4B00026A4A700103C071000DE
96439 +:10F8B000AC8701B80A00114D000018213C038000FC
96440 +:10F8C00034640100949F000E3C1908008F3900D861
96441 +:10F8D0002404008033E5FFFF273100013C010800CC
96442 +:10F8E000AC3100D80E000FDB240600030A00114DD6
96443 +:10F8F00000001821240A000210CA00598F85002830
96444 +:10F900003C0308008C6300D0240E0001106E005EE2
96445 +:10F910002CCF000C24D2FFFC2E5000041600002136
96446 +:10F9200000002021241800021078001B2CD9000CA4
96447 +:10F9300024DFFFF82FE900041520FF330000202109
96448 +:10F9400030EB020051600004000621C054C00022C8
96449 +:10F9500030A5FFFF000621C030A5FFFF0A00117D82
96450 +:10F96000362600023C0908008D29002431300001B0
96451 +:10F970005200FEF7000018219785002A3626000263
96452 +:10F980000E000FDB000020210A00114D000018219D
96453 +:10F990000A00119C241200021320FFE624DFFFF866
96454 +:10F9A0000000202130A5FFFF0A00117D362600024D
96455 +:10F9B0000A0011AC021980245120FF828CA6000499
96456 +:10F9C0003C05080190A5964110A0FF7E2408000187
96457 +:10F9D0000A0011F0010018210E000FDB3226000191
96458 +:10F9E0008F8600108F8500280A00124F000621C064
96459 +:10F9F0008F8500043C18800024120003371001801A
96460 +:10FA0000A212000B0A00112E3C08800090A30001F6
96461 +:10FA1000241100011071FF70240800012409000264
96462 +:10FA20005069000430E60040240800010A0011F08B
96463 +:10FA30000100182150C0FFFD240800013C0C80008B
96464 +:10FA4000358B01009563001094A40002307FFFFF06
96465 +:10FA5000509FFF62010018210A001284240800014F
96466 +:10FA60002CA803EF1100FE56240300010A001239EE
96467 +:10FA700000000000240E000335EA0180A14E000BB7
96468 +:10FA80000A00121C3C04800011E0FFA2000621C005
96469 +:10FA900030A5FFFF0A00117D362600020A0011A5DD
96470 +:10FAA000241100201140FFC63C1280003650010096
96471 +:10FAB000960F001094AE000231E80FFF15C8FFC08A
96472 +:10FAC000000000000A0011E690B900013C060800A1
96473 +:10FAD0008CC6003824C4FFFF14C00002018418241F
96474 +:10FAE000000018213C0D080025AD0038006D1021E4
96475 +:10FAF0000A0011B6904300048F8F0004240EFFFE0D
96476 +:10FB00000A00112C01EE28242408FFFE0A00121A14
96477 +:10FB100000A8282427BDFFC8AFB00010AFBF003435
96478 +:10FB20003C10600CAFBE0030AFB7002CAFB6002861
96479 +:10FB3000AFB50024AFB40020AFB3001CAFB20018C3
96480 +:10FB4000AFB100148E0E5000240FFF7F3C068000E2
96481 +:10FB500001CF682435AC380C240B0003AE0C5000E8
96482 +:10FB6000ACCB00083C010800AC2000200E001819A6
96483 +:10FB7000000000003C0A0010354980513C06601628
96484 +:10FB8000AE09537C8CC700003C0860148D0500A0B2
96485 +:10FB90003C03FFFF00E320243C02535300051FC237
96486 +:10FBA0001482000634C57C000003A08002869821E0
96487 +:10FBB0008E7200043C116000025128218CBF007C31
96488 +:10FBC0008CA200783C1E600037C420203C05080150
96489 +:10FBD00024A59288AF820018AF9F001C0E0016DD8E
96490 +:10FBE0002406000A3C190001273996403C01080010
96491 +:10FBF000AC3931DC0E0020DDAF8000148FD708084F
96492 +:10FC00002418FFF03C15570902F8B02412D502F56C
96493 +:10FC100024040001AF80002C3C1480003697018042
96494 +:10FC20003C1E080127DE9644369301008E900000AA
96495 +:10FC30003205000310A0FFFD3207000110E000882C
96496 +:10FC4000320600028E7100283C048000AE91002034
96497 +:10FC50008E6500048E66000000A0382100C040219F
96498 +:10FC60008C8301B80460FFFE3C0B0010240A0800DE
96499 +:10FC700000AB4824AC8A01B8552000E0240BBFFF3C
96500 +:10FC80009675000E3C1208008E52002030AC4000E9
96501 +:10FC900032AFFFFF264E000125ED00043C010800B5
96502 +:10FCA000AC2E0020118000E8AF8D00283C18002009
96503 +:10FCB00000B8B02412C000E530B980002408BFFFAE
96504 +:10FCC00000A8382434C81000AF87000030E62000B8
96505 +:10FCD00010C000E92409FFBF3C03000400E328240E
96506 +:10FCE00010A00002010910243502004030EA010092
96507 +:10FCF00011400010AF8200048F8B002C11600007B0
96508 +:10FD00003C0D002000ED6024118000043C0F000435
96509 +:10FD100000EF702411C00239000000009668001E38
96510 +:10FD20009678001C3115FFFF0018B40002B690252C
96511 +:10FD3000AF92000C30F910001320001324150001BD
96512 +:10FD400030FF002017E0000A3C04100000E41024FB
96513 +:10FD50001040000D3C0A0C003C090BFF00EA18247F
96514 +:10FD60003525FFFF00A3302B10C0000830ED010047
96515 +:10FD70003C0C08008D8C002C24150005258B0001FF
96516 +:10FD80003C010800AC2B002C30ED010015A0000B4D
96517 +:10FD90003C0500018F85000430AE400055C00007CF
96518 +:10FDA0003C0500013C161F0100F690243C0F10009A
96519 +:10FDB000124F01CE000000003C05000100E5302498
96520 +:10FDC00010C000AF3C0C10003C1F08008FFF002447
96521 +:10FDD00033E90002152000712403000100601021A6
96522 +:10FDE000104000083C0680003C08800035180100E7
96523 +:10FDF0008F0F00243C056020ACAF00140000000011
96524 +:10FE00003C0680003C194000ACD9013800000000DD
96525 +:10FE10005220001332060002262B0140262C0080BF
96526 +:10FE2000240EFF80016E2024018E6824000D1940ED
96527 +:10FE3000318A007F0004A9403172007F3C16200007
96528 +:10FE400036C20002006A482502B2382500E2882541
96529 +:10FE50000122F825ACDF0830ACD1083032060002B0
96530 +:10FE600010C0FF723C188000370501408CA80000CC
96531 +:10FE700024100040AF08002090AF000831E300706C
96532 +:10FE8000107000D428790041532000082405006038
96533 +:10FE9000241100201071000E3C0A40003C09800033
96534 +:10FEA000AD2A01780A001304000000001465FFFB6E
96535 +:10FEB0003C0A40000E001FFA000000003C0A40000F
96536 +:10FEC0003C098000AD2A01780A00130400000000FC
96537 +:10FED00090A90009241F00048CA70000312800FF0E
96538 +:10FEE000111F01B22503FFFA2C7200061240001404
96539 +:10FEF0003C0680008CA9000494A4000A310500FF90
96540 +:10FF000000095E022D6A00083086FFFF15400002DE
96541 +:10FF10002567000424070003240C000910AC01FA33
96542 +:10FF200028AD000A11A001DE2410000A240E0008EA
96543 +:10FF300010AE0028000731C000C038213C06800008
96544 +:10FF40008CD501B806A0FFFE34D20180AE47000078
96545 +:10FF500034CB0140916E0008240300023C0A4000AB
96546 +:10FF600031C400FF00046A0001A86025A64C000807
96547 +:10FF7000A243000B9562000A3C0810003C09800077
96548 +:10FF8000A64200108D670004AE470024ACC801B83B
96549 +:10FF9000AD2A01780A001304000000003C0A80002A
96550 +:10FFA000354401009483000E3C0208008C4200D8C6
96551 +:10FFB000240400803065FFFF245500013C01080047
96552 +:10FFC000AC3500D80E000FDB240600030A001370C6
96553 +:10FFD000000018210009320230D900FF2418000166
96554 +:10FFE0001738FFD5000731C08F910020262200016D
96555 +:10FFF000AF8200200A0013C800C0382100CB2024A3
96556 +:020000021000EC
96557 +:10000000AF85000010800008AF860004240D87FF34
96558 +:1000100000CD6024158000083C0E006000AE302446
96559 +:1000200010C00005000000000E000D42000000009E
96560 +:100030000A001371000000000E0016050000000009
96561 +:100040000A0013710000000030B980005320FF1F28
96562 +:10005000AF8500003C02002000A2F82453E0FF1B03
96563 +:10006000AF8500003C07FFFF34E47FFF00A4382485
96564 +:100070000A00132B34C880000A001334010910242D
96565 +:1000800000EC58245160005AAF8000248F8D002C62
96566 +:100090003C0E0F0000EE182415A00075AF83001071
96567 +:1000A00030EF010011E00073939800103C12020041
96568 +:1000B000107200703C06800034D9010093280013B0
96569 +:1000C0009789002A36A60002311800FF271600047F
96570 +:1000D000001619C03C0480008C8501B804A0FFFE06
96571 +:1000E00034880180AD0300003C158008AC830020FB
96572 +:1000F00096BF004833E5FFFF10A001BCAF850008A4
96573 +:100100002523001200A3102B504001B98F85000455
96574 +:10011000348D010095AC0020240B001A30E440001F
96575 +:10012000318AFFFFA10B000B108001BA2543FFFEAF
96576 +:1001300000A3702B15C001B88F9600048F8F0004A8
96577 +:10014000A503001435E50001AF8500043C088000DC
96578 +:1001500035150180A6A9000EA6A9001A8F89000CEA
96579 +:1001600030BF8000A6A70010AEA90028A6A60008F0
96580 +:1001700013E0000F3C0F8000350C0100958B00163A
96581 +:10018000316AFFFC25440004008818218C6240007D
96582 +:100190003046FFFF14C000072416BFFF3C0EFFFFD0
96583 +:1001A00035CD7FFF00AD2824AF8500043C0F8000D3
96584 +:1001B0002416BFFF00B6902435E50180A4B20026C6
96585 +:1001C000ACA7002C3C071000ADE701B80A00137083
96586 +:1001D000000018210E00165D000000003C0A4000DF
96587 +:1001E0003C098000AD2A01780A00130400000000D9
96588 +:1001F0008F85002410A00027AF80001090A300007E
96589 +:10020000106000742409000310690101000030210E
96590 +:1002100090AE0001240D000211CD014230EF0040EC
96591 +:1002200090A90001241F0001113F000930E20040A5
96592 +:100230008CA600049785002A00C020210E000FDB49
96593 +:1002400036A60002000040210A00137001001821A8
96594 +:100250005040FFF88CA600043C07080190E7964147
96595 +:1002600010E0FFF4240800010A00137001001821B7
96596 +:10027000939800103C1F080127FF96400018C8C043
96597 +:10028000033F4021AF8800248F85002414A0FFDBAA
96598 +:10029000AF9800103C0480008C86400030C50100FF
96599 +:1002A00010A0008732AB00043C0C08008D8C0024A9
96600 +:1002B00024160004156000033192000D241600027C
96601 +:1002C0003C0480008C8E4000340DFFFF11CD0113E3
96602 +:1002D00032B5FFFB8C984000330F010055E0000160
96603 +:1002E0002415001030E80800110000382409FFFB35
96604 +:1002F0008F9F00282FF903EF53200001024990241B
96605 +:1003000030E2010010400014325F00018F87002CA2
96606 +:1003100014E0010E8F8C000C3C0480003486010038
96607 +:1003200090C5001330AA00FF25430004000321C03C
96608 +:100330002419FFFE025990241240000202B6302513
96609 +:1003400032A6FFFF0E000FDB9785002A1240FEA3A6
96610 +:1003500000001821325F000113E0000D3247000455
96611 +:10036000240900011249000202B6302532A6FFFF1F
96612 +:100370009785002A0E000FDB000020212402FFFEDB
96613 +:10038000024290241240FE950000182132470004DA
96614 +:1003900050E0FE922403000102B63025241600042A
96615 +:1003A0005656000132A6FFFF9785002A0E000FDB8C
96616 +:1003B000240401002403FFFB0243A82412A0FE87AB
96617 +:1003C000000018210A001370240300010A0014B968
96618 +:1003D0000249902410A0FFAF30E5010010A00017E3
96619 +:1003E0008F8600102403000210C300148F84000CB9
96620 +:1003F0003C0608008CC6003824CAFFFF14C0000267
96621 +:10040000008A1024000010213C0E080025CE003880
96622 +:10041000004E682191AC00048F850028258B0004D4
96623 +:10042000000B21C030A5FFFF36A600020E000FDB37
96624 +:10043000000000000A00137000001821240F0002C1
96625 +:1004400010CF0088241600013C0308008C6300D004
96626 +:100450001076008D8F85002824D9FFFC2F280004FA
96627 +:100460001500006300002021241F0002107F005DA2
96628 +:100470002CC9000C24C3FFF82C6200041440FFE9CF
96629 +:100480000000202130EA020051400004000621C093
96630 +:1004900054C0000530A5FFFF000621C030A5FFFFB6
96631 +:1004A0000A00150436A600020E000FDB32A600017A
96632 +:1004B0008F8600108F8500280A001520000621C0B5
96633 +:1004C0003C0A08008D4A0024315200015240FE438C
96634 +:1004D000000018219785002A36A600020E000FDBC7
96635 +:1004E000000020210A001370000018219668000CFB
96636 +:1004F000311802005700FE313C0500013C1F800806
96637 +:1005000097F900489789002A36A600023328FFFF92
96638 +:10051000AF8800083C0380008C7501B806A0FFFE80
96639 +:100520003C04800034820180AC400000110000B621
96640 +:1005300024180003252A0012010A182B106000B2AB
96641 +:1005400000000000966F00203C0E8000240D001A71
96642 +:1005500031ECFFFF35CA018030EB4000A14D000BAC
96643 +:10056000116000B02583FFFE0103902B164000AE02
96644 +:100570002416FFFE34A50001A5430014AF85000436
96645 +:100580002419BFFF00B94024A6E9000EA6E9001A0D
96646 +:10059000A6E60008A6E80026A6E700103C07100023
96647 +:1005A000AE8701B80A001370000018213C048000D7
96648 +:1005B0008C8201B80440FFFE349601802415001C93
96649 +:1005C000AEC70000A2D5000B3C071000AC8701B8F5
96650 +:1005D0003C0A40003C098000AD2A01780A0013045F
96651 +:1005E000000000005120FFA424C3FFF800002021D8
96652 +:1005F00030A5FFFF0A00150436A600020E00103DCC
96653 +:10060000000000008F8700000A001346AF82000C34
96654 +:1006100090A30001241500011075FF0B24080001B0
96655 +:10062000240600021066000430E2004024080001A5
96656 +:100630000A001370010018215040FFFD240800013A
96657 +:100640003C0C8000358B0100956A001094A40002D8
96658 +:100650003143FFFF5083FDE1010018210A00158599
96659 +:10066000240800018F8500282CB203EF1240FDDB27
96660 +:10067000240300013C0308008C6300D02416000111
96661 +:100680001476FF7624D9FFFC2CD8000C1300FF72DF
96662 +:10069000000621C030A5FFFF0A00150436A600029F
96663 +:1006A00010B00037240F000B14AFFE23000731C039
96664 +:1006B000312600FF00065600000A4E0305220047BF
96665 +:1006C00030C6007F0006F8C03C16080126D69640CA
96666 +:1006D00003F68021A2000001A20000003C0F600090
96667 +:1006E0008DF918202405000100C588040011302769
96668 +:1006F0000326C024000731C000C03821ADF81820FF
96669 +:100700000A0013C8A60000028F850020000731C030
96670 +:1007100024A2FFFF0A0013F6AF8200200A0014B2E1
96671 +:100720002415002011E0FECC3C1980003728010080
96672 +:100730009518001094B6000233120FFF16D2FEC6B1
96673 +:10074000000000000A00148290A900013C0B080080
96674 +:100750008D6B0038256DFFFF15600002018D1024A0
96675 +:10076000000010213C080800250800380048C0217E
96676 +:10077000930F000425EE00040A0014C5000E21C0EA
96677 +:1007800000065202241F00FF115FFDEB000731C07D
96678 +:10079000000A20C03C0E080125CE9640008EA821FC
96679 +:1007A000009E602100095C02240D00013C076000EE
96680 +:1007B000A2AD0000AD860000A2AB00018CF21820B3
96681 +:1007C00024030001014310040242B025ACF61820B6
96682 +:1007D00000C038210A0013C8A6A900020A0015AA01
96683 +:1007E000AF8000200A0012FFAF84002C8F85000428
96684 +:1007F0003C1980002408000337380180A308000B4F
96685 +:100800000A00144D3C088000A2F8000B0A00155A9B
96686 +:100810002419BFFF8F9600042412FFFE0A00144B18
96687 +:1008200002D228242416FFFE0A00155800B62824F8
96688 +:100830003C038000346401008C85000030A2003E3F
96689 +:100840001440000800000000AC6000488C870000E5
96690 +:1008500030E607C010C0000500000000AC60004C8E
96691 +:10086000AC60005003E0000824020001AC600054BA
96692 +:10087000AC6000408C880000310438001080FFF923
96693 +:10088000000000002402000103E00008AC60004406
96694 +:100890003C0380008C6201B80440FFFE3467018095
96695 +:1008A000ACE4000024080001ACE00004A4E500086A
96696 +:1008B00024050002A0E8000A34640140A0E5000B12
96697 +:1008C0009483000A14C00008A4E30010ACE00024E4
96698 +:1008D0003C07800034E901803C041000AD20002872
96699 +:1008E00003E00008ACE401B88C8600043C0410006E
96700 +:1008F000ACE600243C07800034E90180AD200028EC
96701 +:1009000003E00008ACE401B83C0680008CC201B8EA
96702 +:100910000440FFFE34C7018024090002ACE400005B
96703 +:10092000ACE40004A4E50008A0E9000A34C50140D5
96704 +:10093000A0E9000B94A8000A3C041000A4E80010F1
96705 +:10094000ACE000248CA30004ACE3002803E0000822
96706 +:10095000ACC401B83C039000346200010082202541
96707 +:100960003C038000AC6400208C65002004A0FFFEE6
96708 +:100970000000000003E00008000000003C028000CE
96709 +:10098000344300010083202503E00008AC4400202C
96710 +:1009900027BDFFE03C098000AFBF0018AFB10014D5
96711 +:1009A000AFB00010352801408D10000091040009FF
96712 +:1009B0009107000891050008308400FF30E600FF31
96713 +:1009C00000061A002C820081008330251040002A86
96714 +:1009D00030A50080000460803C0D080125AD92B078
96715 +:1009E000018D58218D6A00000140000800000000C0
96716 +:1009F0003C038000346201409445000A14A0001EAC
96717 +:100A00008F91FCC09227000530E6000414C0001A44
96718 +:100A1000000000000E00164E02002021922A000560
96719 +:100A200002002021354900040E001658A2290005B5
96720 +:100A30009228000531040004148000020000000028
96721 +:100A40000000000D922D0000240B002031AC00FFAF
96722 +:100A5000158B00093C0580008CAE01B805C0FFFE77
96723 +:100A600034B10180AE3000003C0F100024100005AE
96724 +:100A7000A230000BACAF01B80000000D8FBF001812
96725 +:100A80008FB100148FB0001003E0000827BD0020D4
96726 +:100A90000200202100C028218FBF00188FB1001450
96727 +:100AA0008FB00010240600010A00161D27BD00208B
96728 +:100AB0000000000D0200202100C028218FBF001877
96729 +:100AC0008FB100148FB00010000030210A00161DF5
96730 +:100AD00027BD002014A0FFE8000000000200202134
96731 +:100AE0008FBF00188FB100148FB0001000C02821F4
96732 +:100AF0000A00163B27BD00203C0780008CEE01B8A1
96733 +:100B000005C0FFFE34F00180241F0002A21F000B6D
96734 +:100B100034F80140A60600089719000A3C0F10009F
96735 +:100B2000A61900108F110004A6110012ACEF01B835
96736 +:100B30000A0016998FBF001827BDFFE8AFBF00104D
96737 +:100B40000E000FD4000000003C0280008FBF001098
96738 +:100B500000002021AC4001800A00108F27BD001842
96739 +:100B60003084FFFF30A5FFFF108000070000182130
96740 +:100B7000308200011040000200042042006518216C
96741 +:100B80001480FFFB0005284003E0000800601021EE
96742 +:100B900010C00007000000008CA2000024C6FFFF68
96743 +:100BA00024A50004AC82000014C0FFFB24840004D0
96744 +:100BB00003E000080000000010A0000824A3FFFFCD
96745 +:100BC000AC86000000000000000000002402FFFFCF
96746 +:100BD0002463FFFF1462FFFA2484000403E000088A
96747 +:100BE000000000003C03800027BDFFF83462018054
96748 +:100BF000AFA20000308C00FF30AD00FF30CE00FF10
96749 +:100C00003C0B80008D6401B80480FFFE00000000F2
96750 +:100C10008FA900008D6801288FAA00008FA700000F
96751 +:100C20008FA400002405000124020002A085000A10
96752 +:100C30008FA30000359940003C051000A062000B16
96753 +:100C40008FB800008FAC00008FA600008FAF0000AF
96754 +:100C500027BD0008AD280000AD400004AD80002491
96755 +:100C6000ACC00028A4F90008A70D0010A5EE0012E2
96756 +:100C700003E00008AD6501B83C06800827BDFFE829
96757 +:100C800034C50080AFBF001090A7000924020012F5
96758 +:100C900030E300FF1062000B008030218CA8005070
96759 +:100CA00000882023048000088FBF00108CAA003425
96760 +:100CB000240400390000282100CA4823052000052B
96761 +:100CC000240600128FBF00102402000103E0000878
96762 +:100CD00027BD00180E0016F2000000008FBF0010A4
96763 +:100CE0002402000103E0000827BD001827BDFFC84B
96764 +:100CF000AFB20030AFB00028AFBF0034AFB1002CAE
96765 +:100D000000A0802190A5000D30A6001010C000109A
96766 +:100D1000008090213C0280088C4400048E0300086F
96767 +:100D20001064000C30A7000530A6000510C0009329
96768 +:100D3000240400018FBF00348FB200308FB1002C2B
96769 +:100D40008FB000280080102103E0000827BD003884
96770 +:100D500030A7000510E0000F30AB001210C00006F5
96771 +:100D6000240400013C0980088E0800088D25000439
96772 +:100D70005105009C240400388FBF00348FB200302E
96773 +:100D80008FB1002C8FB000280080102103E00008F4
96774 +:100D900027BD0038240A0012156AFFE6240400016A
96775 +:100DA0000200202127A500100E000CB6AFA00010F5
96776 +:100DB0001440007C3C19800837240080909800087B
96777 +:100DC000331100081220000A8FA7001030FF010025
96778 +:100DD00013E000A48FA300148C8600580066102333
96779 +:100DE000044000043C0A8008AC8300588FA7001020
96780 +:100DF0003C0A800835480080910900083124000829
96781 +:100E00001480000224080003000040213C1F8008D9
96782 +:100E100093F1001193F9001237E600808CCC005456
96783 +:100E2000333800FF03087821322D00FF000F708057
96784 +:100E300001AE282100AC582B1160006F00000000AB
96785 +:100E400094CA005C8CC900543144FFFF0125102373
96786 +:100E50000082182B14600068000000008CCB005446
96787 +:100E60000165182330EC00041180006C000830800C
96788 +:100E70008FA8001C0068102B1040006230ED0004A9
96789 +:100E8000006610232C46008010C00002004088211C
96790 +:100E9000241100800E00164E024020213C0D8008D7
96791 +:100EA00035A6008024070001ACC7000C90C80008DC
96792 +:100EB0000011484035A70100310C007FA0CC00088C
96793 +:100EC0008E05000424AB0001ACCB0030A4D1005C43
96794 +:100ED0008CCA003C9602000E01422021ACC40020C6
96795 +:100EE0008CC3003C0069F821ACDF001C8E190004A3
96796 +:100EF000ACF900008E180008ACF800048FB10010A7
96797 +:100F0000322F000855E0004793A60020A0C0004EF5
96798 +:100F100090D8004E2411FFDFA0F8000890CF000801
96799 +:100F200001F17024A0CE00088E0500083C0B80085B
96800 +:100F300035690080AD2500388D6A00148D2200309F
96801 +:100F40002419005001422021AD24003491230000D7
96802 +:100F5000307F00FF13F90036264F01000E001658AF
96803 +:100F60000240202124040038000028210E0016F23F
96804 +:100F70002406000A0A001757240400010E000D2859
96805 +:100F8000000020218FBF00348FB200308FB1002CC1
96806 +:100F90008FB00028004020210080102103E00008CD
96807 +:100FA00027BD00388E0E00083C0F800835F0008009
96808 +:100FB000AE0E005402402021AE0000300E00164E4E
96809 +:100FC00000000000920D00250240202135AC0020D9
96810 +:100FD0000E001658A20C00250E000CAC0240202179
96811 +:100FE000240400382405008D0E0016F22406001299
96812 +:100FF0000A0017572404000194C5005C0A001792E8
96813 +:1010000030A3FFFF2407021811A0FF9E00E6102363
96814 +:101010008FAE001C0A00179A01C610230A0017970A
96815 +:101020002C620218A0E600080A0017C48E0500080A
96816 +:101030002406FF8001E6C0243C118000AE38002861
96817 +:101040008E0D000831E7007F3C0E800C00EE602121
96818 +:10105000AD8D00E08E080008AF8C00380A0017D074
96819 +:10106000AD8800E4AC800058908500082403FFF7A9
96820 +:1010700000A33824A08700080A0017758FA7001066
96821 +:101080003C05080024A560A83C04080024846FF4F3
96822 +:101090003C020800244260B0240300063C01080121
96823 +:1010A000AC2596C03C010801AC2496C43C01080163
96824 +:1010B000AC2296C83C010801A02396CC03E00008AE
96825 +:1010C0000000000003E00008240200013C02800050
96826 +:1010D000308800FF344701803C0680008CC301B893
96827 +:1010E0000460FFFE000000008CC501282418FF806A
96828 +:1010F0003C0D800A24AF010001F8702431EC007F20
96829 +:10110000ACCE0024018D2021ACE50000948B00EAD8
96830 +:101110003509600024080002316AFFFFACEA0004D0
96831 +:1011200024020001A4E90008A0E8000BACE00024C0
96832 +:101130003C071000ACC701B8AF84003803E00008DA
96833 +:10114000AF85006C938800488F8900608F820038DB
96834 +:1011500030C600FF0109382330E900FF01221821C1
96835 +:1011600030A500FF2468008810C000020124382147
96836 +:101170000080382130E400031480000330AA00030B
96837 +:101180001140000D312B000310A0000900001021B8
96838 +:1011900090ED0000244E000131C200FF0045602B9D
96839 +:1011A000A10D000024E700011580FFF925080001CA
96840 +:1011B00003E00008000000001560FFF300000000DD
96841 +:1011C00010A0FFFB000010218CF80000245900043F
96842 +:1011D000332200FF0045782BAD18000024E70004FF
96843 +:1011E00015E0FFF92508000403E0000800000000F6
96844 +:1011F00093850048938800588F8700600004320070
96845 +:101200003103007F00E5102B30C47F001040000F39
96846 +:10121000006428258F8400383C0980008C8A00EC0B
96847 +:10122000AD2A00A43C03800000A35825AC6B00A0AD
96848 +:101230008C6C00A00580FFFE000000008C6D00ACEF
96849 +:10124000AC8D00EC03E000088C6200A80A00188254
96850 +:101250008F840038938800593C0280000080502120
96851 +:10126000310300FEA383005930ABFFFF30CC00FFF9
96852 +:1012700030E7FFFF344801803C0980008D2401B82D
96853 +:101280000480FFFE8F8D006C24180016AD0D000049
96854 +:101290008D2201248F8D0038AD0200048D5900206D
96855 +:1012A000A5070008240201C4A119000AA118000B17
96856 +:1012B000952F01208D4E00088D4700049783005C18
96857 +:1012C0008D59002401CF302100C7282100A32023FD
96858 +:1012D0002418FFFFA504000CA50B000EA5020010AA
96859 +:1012E000A50C0012AD190018AD18002495AF00E848
96860 +:1012F0003C0B10002407FFF731EEFFFFAD0E002876
96861 +:101300008DAC0084AD0C002CAD2B01B88D460020B7
96862 +:1013100000C7282403E00008AD4500208F8800386E
96863 +:101320000080582130E7FFFF910900D63C02800081
96864 +:1013300030A5FFFF312400FF00041A00006750258C
96865 +:1013400030C600FF344701803C0980008D2C01B875
96866 +:101350000580FFFE8F82006C240F0017ACE20000B6
96867 +:101360008D390124ACF900048D780020A4EA00082E
96868 +:10137000241901C4A0F8000AA0EF000B9523012056
96869 +:101380008D6E00088D6D00049784005C01C35021B0
96870 +:10139000014D602101841023A4E2000CA4E5000E9D
96871 +:1013A000A4F90010A4E60012ACE000148D7800242B
96872 +:1013B000240DFFFFACF800188D0F007CACEF001C73
96873 +:1013C0008D0E00783C0F1000ACEE0020ACED002438
96874 +:1013D000950A00BE240DFFF73146FFFFACE600285A
96875 +:1013E000950C00809504008231837FFF0003CA00C2
96876 +:1013F0003082FFFF0322C021ACF8002CAD2F01B8D2
96877 +:10140000950E00828D6A002000AE3021014D282407
96878 +:10141000A506008203E00008AD6500203C028000C4
96879 +:10142000344501803C0480008C8301B80460FFFED9
96880 +:101430008F8A0044240600199549001C3128FFFFBB
96881 +:10144000000839C0ACA70000A0A6000B3C051000A6
96882 +:1014500003E00008AC8501B88F87004C0080402174
96883 +:1014600030C400FF3C0680008CC201B80440FFFE7F
96884 +:101470008F89006C9383006834996000ACA90000E8
96885 +:10148000A0A300058CE20010240F00022403FFF744
96886 +:10149000A4A20006A4B900088D180020A0B8000A74
96887 +:1014A000A0AF000B8CEE0000ACAE00108CED000481
96888 +:1014B000ACAD00148CEC001CACAC00248CEB002018
96889 +:1014C000ACAB00288CEA002C3C071000ACAA002C26
96890 +:1014D0008D090024ACA90018ACC701B88D05002007
96891 +:1014E00000A3202403E00008AD0400208F8600380C
96892 +:1014F00027BDFFE0AFB10014AFBF0018AFB00010C0
96893 +:1015000090C300D430A500FF3062002010400008D6
96894 +:10151000008088218CCB00D02409FFDF256A0001E0
96895 +:10152000ACCA00D090C800D401093824A0C700D4A8
96896 +:1015300014A000403C0C80008F840038908700D4B9
96897 +:101540002418FFBF2406FFEF30E3007FA08300D400
96898 +:10155000979F005C8F8200608F8D003803E2C82364
96899 +:10156000A799005CA5A000BC91AF00D401F870243D
96900 +:10157000A1AE00D48F8C0038A18000D78F8A0038AC
96901 +:10158000A5400082AD4000EC914500D400A658244F
96902 +:10159000A14B00D48F9000348F8400609786005C4C
96903 +:1015A0000204282110C0000FAF850034A38000582A
96904 +:1015B0003C0780008E2C000894ED01208E2B000447
96905 +:1015C000018D5021014B8021020620233086FFFF30
96906 +:1015D00030C8000F3909000131310001162000091F
96907 +:1015E000A3880058938600488FBF00188FB100145D
96908 +:1015F0008FB0001027BD0020AF85006403E0000815
96909 +:10160000AF86006000C870238FBF00189386004823
96910 +:101610008FB100148FB0001034EF0C00010F28219F
96911 +:1016200027BD0020ACEE0084AF85006403E0000815
96912 +:10163000AF86006035900180020028210E00190F4E
96913 +:10164000240600828F840038908600D430C5004084
96914 +:1016500050A0FFBAA38000688F85004C3C06800034
96915 +:101660008CCD01B805A0FFFE8F89006C2408608234
96916 +:1016700024070002AE090000A6080008A207000B1C
96917 +:101680008CA300083C0E1000AE0300108CA2000CCE
96918 +:10169000AE0200148CBF0014AE1F00188CB90018E5
96919 +:1016A000AE1900248CB80024AE1800288CAF002896
96920 +:1016B000AE0F002CACCE01B80A001948A380006818
96921 +:1016C0008F8A003827BDFFE0AFB10014AFB0001023
96922 +:1016D0008F880060AFBF00189389003C954200BC22
96923 +:1016E00030D100FF0109182B0080802130AC00FFB1
96924 +:1016F0003047FFFF0000582114600003310600FF4F
96925 +:1017000001203021010958239783005C0068202BB9
96926 +:101710001480002700000000106800562419000102
96927 +:101720001199006334E708803165FFFF0E0018C08F
96928 +:10173000020020218F83006C3C07800034E601808A
96929 +:101740003C0580008CAB01B80560FFFE240A001840
96930 +:101750008F840038ACC30000A0CA000B948900BE7F
96931 +:101760003C081000A4C90010ACC00030ACA801B8FF
96932 +:101770009482008024430001A4830080949F008011
96933 +:101780003C0608008CC6318833EC7FFF1186005E72
96934 +:101790000000000002002021022028218FBF001835
96935 +:1017A0008FB100148FB000100A00193427BD00203B
96936 +:1017B000914400D42403FF8000838825A15100D4E4
96937 +:1017C0009784005C3088FFFF51000023938C003C1D
96938 +:1017D0008F8500382402EFFF008B782394AE00BC85
96939 +:1017E0000168502B31E900FF01C26824A4AD00BCA0
96940 +:1017F00051400039010058213C1F800037E60100AC
96941 +:101800008CD800043C190001031940245500000144
96942 +:1018100034E740008E0A00202403FFFB241100015E
96943 +:1018200001432024AE0400201191002D34E78000F4
96944 +:1018300002002021012030210E0018C03165FFFF79
96945 +:101840009787005C8F890060A780005C0127802358
96946 +:10185000AF900060938C003C8F8B00388FBF0018D6
96947 +:101860008FB100148FB0001027BD002003E00008E6
96948 +:10187000A16C00D73C0D800035AA01008D48000402
96949 +:101880003C0900010109282454A0000134E740006C
96950 +:101890008E0F00202418FFFB34E7800001F870242D
96951 +:1018A00024190001AE0E00201599FF9F34E708802F
96952 +:1018B000020020210E00188E3165FFFF020020215A
96953 +:1018C000022028218FBF00188FB100148FB00010A4
96954 +:1018D0000A00193427BD00200A0019F7000048212A
96955 +:1018E00002002021012030210E00188E3165FFFFFB
96956 +:1018F0009787005C8F890060A780005C01278023A8
96957 +:101900000A001A0EAF900060948C0080241F8000A3
96958 +:10191000019F3024A4860080908B0080908F0080EF
96959 +:10192000316700FF0007C9C20019C027001871C045
96960 +:1019300031ED007F01AE2825A08500800A0019DF67
96961 +:1019400002002021938500682403000127BDFFE8E1
96962 +:1019500000A330042CA20020AFB00010AFBF0014D1
96963 +:1019600000C01821104000132410FFFE3C0708009F
96964 +:101970008CE7319000E610243C088000350501809A
96965 +:1019800014400005240600848F890038240A0004CE
96966 +:101990002410FFFFA12A00FC0E00190F0000000018
96967 +:1019A000020010218FBF00148FB0001003E0000868
96968 +:1019B00027BD00183C0608008CC631940A001A574F
96969 +:1019C00000C310248F87004427BDFFE0AFB200188A
96970 +:1019D000AFB10014AFB00010AFBF001C30D000FF9B
96971 +:1019E00090E6000D00A088210080902130C5007F86
96972 +:1019F000A0E5000D8F8500388E2300188CA200D042
96973 +:101A00001062002E240A000E0E001A4AA38A0068F3
96974 +:101A10002409FFFF104900222404FFFF5200002088
96975 +:101A2000000020218E2600003C0C001000CC582421
96976 +:101A3000156000393C0E000800CE682455A0003F18
96977 +:101A4000024020213C18000200D880241200001F10
96978 +:101A50003C0A00048F8700448CE200148CE30010E1
96979 +:101A60008CE500140043F82303E5C82B1320000580
96980 +:101A7000024020218E24002C8CF1001010910031A6
96981 +:101A80000240202124020012A38200680E001A4A9C
96982 +:101A90002412FFFF105200022404FFFF0000202147
96983 +:101AA0008FBF001C8FB200188FB100148FB00010D0
96984 +:101AB0000080102103E0000827BD002090A800D47A
96985 +:101AC000350400200A001A80A0A400D400CA4824CB
96986 +:101AD0001520000B8F8B00448F8D00448DAC0010BF
96987 +:101AE0001580000B024020218E2E002C51C0FFECEF
96988 +:101AF00000002021024020210A001A9B2402001726
96989 +:101B00008D66001050C0FFE6000020210240202119
96990 +:101B10000A001A9B24020011024020212402001511
96991 +:101B20000E001A4AA3820068240FFFFF104FFFDC4B
96992 +:101B30002404FFFF0A001A8A8E2600000A001AC138
96993 +:101B4000240200143C08000400C8382450E0FFD4EC
96994 +:101B500000002021024020210A001A9B24020013C9
96995 +:101B60008F85003827BDFFD8AFB3001CAFB2001877
96996 +:101B7000AFB10014AFB00010AFBF002090A700D4E9
96997 +:101B80008F90004C2412FFFF34E2004092060000C8
96998 +:101B9000A0A200D48E0300100080982110720006CD
96999 +:101BA00030D1003F2408000D0E001A4AA3880068B7
97000 +:101BB000105200252404FFFF8F8A00388E09001878
97001 +:101BC0008D4400D01124000702602021240C000E57
97002 +:101BD0000E001A4AA38C0068240BFFFF104B001A5A
97003 +:101BE0002404FFFF24040020122400048F8D0038F9
97004 +:101BF00091AF00D435EE0020A1AE00D48F85005403
97005 +:101C000010A00019000000001224004A8F9800382C
97006 +:101C10008F92FCC0971000809651000A5230004805
97007 +:101C20008F9300403C1F08008FFF318C03E5C82BC9
97008 +:101C30001720001E02602021000028210E0019A993
97009 +:101C400024060001000020218FBF00208FB3001C5C
97010 +:101C50008FB200188FB100148FB0001000801021D7
97011 +:101C600003E0000827BD00285224002A8E05001436
97012 +:101C70008F840038948A008025490001A48900805F
97013 +:101C8000948800803C0208008C42318831077FFF35
97014 +:101C900010E2000E00000000026020210E00193446
97015 +:101CA000240500010A001B0B000020212402002D46
97016 +:101CB0000E001A4AA38200682403FFFF1443FFE1C9
97017 +:101CC0002404FFFF0A001B0C8FBF002094990080A2
97018 +:101CD000241F800024050001033FC024A498008035
97019 +:101CE00090920080908E0080325100FF001181C2DE
97020 +:101CF00000107827000F69C031CC007F018D582576
97021 +:101D0000A08B00800E001934026020210A001B0BFA
97022 +:101D1000000020212406FFFF54A6FFD68F84003840
97023 +:101D2000026020210E001934240500010A001B0B5B
97024 +:101D300000002021026020210A001B252402000A45
97025 +:101D40002404FFFD0A001B0BAF9300608F8800384E
97026 +:101D500027BDFFE8AFB00010AFBF0014910A00D458
97027 +:101D60008F87004C00808021354900408CE60010B0
97028 +:101D7000A10900D43C0208008C4231B030C53FFFBD
97029 +:101D800000A2182B106000078F850050240DFF80E3
97030 +:101D900090AE000D01AE6024318B00FF156000088D
97031 +:101DA0000006C382020020212403000D8FBF00140F
97032 +:101DB0008FB0001027BD00180A001A4AA3830068DC
97033 +:101DC00033060003240F000254CFFFF70200202146
97034 +:101DD00094A2001C8F85003824190023A4A200E8D7
97035 +:101DE0008CE8000000081E02307F003F13F9003528
97036 +:101DF0003C0A00838CE800188CA600D0110600086D
97037 +:101E0000000000002405000E0E001A4AA385006899
97038 +:101E10002407FFFF104700182404FFFF8F850038B8
97039 +:101E200090A900D435240020A0A400D48F8C0044B5
97040 +:101E3000918E000D31CD007FA18D000D8F83005458
97041 +:101E40001060001C020020218F8400508C9800102C
97042 +:101E50000303782B11E0000D241900180200202143
97043 +:101E6000A39900680E001A4A2410FFFF10500002C8
97044 +:101E70002404FFFF000020218FBF00148FB000104A
97045 +:101E80000080102103E0000827BD00188C86001098
97046 +:101E90008F9F00440200202100C31023AFE20010F6
97047 +:101EA000240500010E0019A9240600010A001B9751
97048 +:101EB000000020210E001934240500010A001B97A0
97049 +:101EC00000002021010A5824156AFFD98F8C004494
97050 +:101ED000A0A600FC0A001B84A386005A30A500FFC0
97051 +:101EE0002406000124A9000100C9102B1040000C99
97052 +:101EF00000004021240A000100A61823308B0001B5
97053 +:101F000024C60001006A3804000420421160000267
97054 +:101F100000C9182B010740251460FFF800A61823FC
97055 +:101F200003E000080100102127BDFFD8AFB0001862
97056 +:101F30008F90004CAFB1001CAFBF00202403FFFF07
97057 +:101F40002411002FAFA30010920600002405000802
97058 +:101F500026100001006620260E001BB0308400FF12
97059 +:101F600000021E003C021EDC34466F410A001BD8F2
97060 +:101F70000000102110A00009008018212445000154
97061 +:101F800030A2FFFF2C4500080461FFFA0003204047
97062 +:101F90000086202614A0FFF9008018210E001BB037
97063 +:101FA000240500208FA300102629FFFF313100FFF8
97064 +:101FB00000034202240700FF1627FFE20102182651
97065 +:101FC00000035027AFAA0014AFAA00100000302170
97066 +:101FD00027A8001027A7001400E6782391ED00033E
97067 +:101FE00024CE000100C8602131C600FF2CCB0004C4
97068 +:101FF0001560FFF9A18D00008FA200108FBF002097
97069 +:102000008FB1001C8FB0001803E0000827BD002826
97070 +:1020100027BDFFD0AFB3001CAFB00010AFBF00288A
97071 +:10202000AFB50024AFB40020AFB20018AFB10014B8
97072 +:102030003C0C80008D880128240FFF803C06800A1C
97073 +:1020400025100100250B0080020F68243205007F57
97074 +:10205000016F7024AD8E009000A62821AD8D002464
97075 +:1020600090A600FC3169007F3C0A8004012A1821F7
97076 +:10207000A386005A9067007C00809821AF830030CF
97077 +:1020800030E20002AF88006CAF85003800A0182154
97078 +:10209000144000022404003424040030A3840048C7
97079 +:1020A0008C7200DC30D100FF24040004AF92006089
97080 +:1020B00012240004A38000688E7400041680001EA1
97081 +:1020C0003C0880009386005930C7000110E0000FE3
97082 +:1020D0008F9300608CB000848CA800842404FF805F
97083 +:1020E000020410240002F940310A007F03EA482567
97084 +:1020F0003C0C2000012C902530CD00FE3C038000DC
97085 +:10210000AC720830A38D00598F9300608FBF0028F8
97086 +:102110008FB50024ACB300DC8FB400208FB3001C5B
97087 +:102120008FB200188FB100148FB00010240200018C
97088 +:1021300003E0000827BD00308E7F000895020120D3
97089 +:102140008E67001003E2C8213326FFFF30D8000F4E
97090 +:1021500033150001AF87003416A00058A39800582B
97091 +:1021600035090C000309382100D81823AD03008479
97092 +:10217000AF8700648E6A00043148FFFF1100007EC3
97093 +:10218000A78A005C90AC00D42407FF8000EC3024C8
97094 +:1021900030CB00FF1560004B9786005C938E005A91
97095 +:1021A000240D000230D5FFFF11CD02A20000A021B6
97096 +:1021B0008F85006002A5802B160000BC9388004824
97097 +:1021C0003C11800096240120310400FF1485008812
97098 +:1021D0008F8400648F9800343312000356400085CA
97099 +:1021E00030A500FF8F900064310C00FF24060034FE
97100 +:1021F00011860095AF90004C9204000414800118E1
97101 +:102200008F8E0038A380003C8E0D00048DC800D84E
97102 +:102210003C0600FF34CCFFFF01AC30240106182B34
97103 +:1022200014600120AF8600548F8700609798005C8F
97104 +:10223000AF8700400307402310C000C7A788005C99
97105 +:102240008F91003030C3000300035823922A007C92
97106 +:102250003171000302261021000A20823092000111
97107 +:102260000012488000492821311FFFFF03E5C82BD9
97108 +:10227000132001208F8800388F8500348F880064F8
97109 +:102280001105025A3C0E3F018E0600003C0C250051
97110 +:1022900000CE682411AC01638F84004C30E500FF50
97111 +:1022A0000E00184A000030218F8800388F870060A8
97112 +:1022B0008F8500340A001DB78F8600540A001C5613
97113 +:1022C000AF87006490A400D400E48024320200FFB1
97114 +:1022D000104000169386005990A6008890AE00D753
97115 +:1022E00024A8008830D4003F2686FFE02CD10020AF
97116 +:1022F000A38E003C1220000CAF88004C240B000180
97117 +:1023000000CB20043095001916A0012B3C0680005C
97118 +:1023100034CF0002008FC0241700022E3099002015
97119 +:1023200017200234000000009386005930CB0001D2
97120 +:102330001160000F9788005C8CBF00848CA900841A
97121 +:10234000240AFF8003EA6024000C19403132007F28
97122 +:10235000007238253C0D200000EDC82530D800FE65
97123 +:102360003C0F8000ADF90830A39800599788005CB5
97124 +:102370001500FF84000000008E630020306200041E
97125 +:102380001040FF51938600592404FFFB0064802411
97126 +:102390003C038000AE700020346601808C7301B86D
97127 +:1023A0000660FFFE8F98006C347501003C1400013C
97128 +:1023B000ACD800008C6B012424076085ACCB0004F2
97129 +:1023C0008EAE000401D488245220000124076083CB
97130 +:1023D00024190002A4C700083C0F1000A0D9000B6C
97131 +:1023E0003C068000ACCF01B80A001C2B9386005934
97132 +:1023F00030A500FF0E00184A240600018F88006CEB
97133 +:102400003C05800034A90900250201889388004812
97134 +:10241000304A0007304B00783C0340802407FF809F
97135 +:102420000163C825014980210047F824310C00FFD1
97136 +:1024300024060034ACBF0800AF90004CACB90810C3
97137 +:102440005586FF6E920400048F8400388E11003090
97138 +:10245000908E00D431CD001015A000108F83006045
97139 +:102460002C6F000515E000E400000000909800D4F7
97140 +:102470002465FFFC331200101640000830A400FF52
97141 +:102480008F9F00648F99003413F90004388700018E
97142 +:1024900030E20001144001C8000000000E001BC320
97143 +:1024A000000000000A001DF8000000008F84006496
97144 +:1024B00030C500FF0E00184A24060001939800481A
97145 +:1024C000240B0034130B00A08F8500388F8600602A
97146 +:1024D0009783005C306EFFFF00CE8823AF910060D1
97147 +:1024E000A780005C1280FF90028018212414FFFD59
97148 +:1024F0005474FFA28E6300208E6A00042403FFBF81
97149 +:102500002408FFEF0155F823AE7F000490AC00D4FF
97150 +:102510003189007FA0A900D48E7200208F8F0038EF
97151 +:10252000A780005C364D0002AE6D0020A5E000BC27
97152 +:1025300091E500D400A3C824A1F900D48F950038F8
97153 +:10254000AEA000EC92B800D403085824A2AB00D48B
97154 +:102550000A001CD78F8500388F910034AF8000604F
97155 +:1025600002275821AF8B0034000020212403FFFFF5
97156 +:10257000108301B48F8500388E0C00103C0D0800CC
97157 +:102580008DAD31B09208000031843FFF008D802B6B
97158 +:1025900012000023310D003F3C1908008F3931A88B
97159 +:1025A0008F9F006C000479802408FF80033F202166
97160 +:1025B000008FC821938500590328F8243C06008029
97161 +:1025C0003C0F800034D80001001F91403331007F60
97162 +:1025D0008F8600380251502535EE0940332B0078A4
97163 +:1025E000333000073C0310003C02800C017890253A
97164 +:1025F000020E48210143C0250222382134AE0001D9
97165 +:10260000ADFF0804AF890050ADF20814AF87004455
97166 +:10261000ADFF0028ACD90084ADF80830A38E005976
97167 +:102620009383005A24070003106700272407000142
97168 +:102630001467FFAC8F8500382411002311B1008589
97169 +:1026400000000000240E000B026020210E001A4A38
97170 +:10265000A38E00680040A0210A001D328F8500383B
97171 +:1026600002602021240B000C0E001A4AA38B006884
97172 +:10267000240AFFFF104AFFBD2404FFFF8F8E00389D
97173 +:10268000A380003C8E0D00048DC800D83C0600FFDE
97174 +:1026900034CCFFFF01AC30240106182B1060FEE2A1
97175 +:1026A000AF86005402602021241200190E001A4A3D
97176 +:1026B000A3920068240FFFFF104FFFAC2404FFFF1C
97177 +:1026C0000A001C838F86005425A3FFE02C74002091
97178 +:1026D0001280FFDD240E000B000328803C1108014E
97179 +:1026E000263194B400B148218D2D000001A00008CE
97180 +:1026F000000000008F85003400A710219385003C66
97181 +:10270000AF82003402251821A383003C951F00BC32
97182 +:102710000226282137F91000A51900BC5240FF926B
97183 +:10272000AF850060246A0004A38A003C950900BCC0
97184 +:1027300024A40004AF84006035322000A51200BC40
97185 +:102740000A001D54000020218F8600602CC800055F
97186 +:102750001500FF609783005C3065FFFF00C5C8234C
97187 +:102760002F2F000511E00003306400FF24CDFFFC93
97188 +:1027700031A400FF8F8900648F920034113200046D
97189 +:10278000389F000133EC0001158001380000000083
97190 +:102790008F840038908700D434E60010A08600D4DF
97191 +:1027A0008F8500388F8600609783005CACA000ECBA
97192 +:1027B0000A001D2F306EFFFF8CB500848CB400849E
97193 +:1027C0003C04100002A7302400068940328E007FAE
97194 +:1027D000022E8025020410253C08800024050001FB
97195 +:1027E00002602021240600010E0019A9AD02083064
97196 +:1027F0000A001CC38F8500388C8200EC1222FE7EFA
97197 +:102800000260202124090005A38900680E001A4AED
97198 +:102810002411FFFF1451FE782404FFFF0A001D5508
97199 +:102820002403FFFF8F8F004C8F8800388DF8000045
97200 +:10283000AD1800888DE70010AD0700988F87006005
97201 +:102840000A001DB78F8600542406FFFF118600057D
97202 +:10285000000000000E001B4C026020210A001D8FAA
97203 +:102860000040A0210E001AD1026020210A001D8F15
97204 +:102870000040A0218F90004C3C0208008C4231B0F7
97205 +:102880008E110010322C3FFF0182282B10A0000C6B
97206 +:10289000240BFF808F85005090A3000D01637024EE
97207 +:1028A00031CA00FF1140000702602021001143825D
97208 +:1028B000310600032418000110D8010600000000B2
97209 +:1028C000026020212403000D0E001A4AA383006831
97210 +:1028D000004020218F8500380A001D320080A02191
97211 +:1028E0008F90004C3C0A08008D4A31B08F85005013
97212 +:1028F0008E0400100000A0218CB1001430823FFF34
97213 +:10290000004A602B8CB200205180FFEE0260202133
97214 +:1029100090B8000D240BFF800178702431C300FFB4
97215 +:102920005060FFE80260202100044382310600036A
97216 +:1029300014C0FFE40260202194BF001C8F9900386E
97217 +:102940008E060028A73F00E88CAF0010022F20233E
97218 +:1029500014C4013A026020218F83005400C368210F
97219 +:10296000022D382B14E00136240200188F8A00440F
97220 +:102970008F820030024390218D4B00100163702341
97221 +:10298000AD4E0010AD5200208C4C00740192282BEB
97222 +:1029900014A0015F026020218F8400508E08002463
97223 +:1029A0008C86002411060007026020212419001CD7
97224 +:1029B0000E001A4AA3990068240FFFFF104FFFC5AD
97225 +:1029C0002404FFFF8F8400448C87002424FF00012F
97226 +:1029D000AC9F00241251012F8F8D00308DB10074F7
97227 +:1029E0001232012C3C0B00808E0E000001CB5024D3
97228 +:1029F00015400075000000008E0300142411FFFF35
97229 +:102A0000107100073C0808003C0608008CC6319095
97230 +:102A100000C8C0241300015202602021A380006876
97231 +:102A20008E0300003C19000100792024108000135F
97232 +:102A30003C1F0080007FA02416800009020028218E
97233 +:102A4000026020212411001A0E001A4AA391006886
97234 +:102A50002407FFFF1047FF9F2404FFFF02002821E7
97235 +:102A6000026020210E001A6A240600012410FFFFD4
97236 +:102A70001050FF982404FFFF241400018F8D0044A0
97237 +:102A8000026020210280302195A900342405000134
97238 +:102A9000253200010E0019A9A5B200340000202142
97239 +:102AA0008F8500380A001D320080A0218F90004CD5
97240 +:102AB0003C1408008E9431B08E07001030E53FFFC3
97241 +:102AC00000B4C82B132000618F8600502412FF80B1
97242 +:102AD00090C9000D0249682431A400FF5080005CB9
97243 +:102AE000026020218F8C00541180000700078B8228
97244 +:102AF0008F8500388F82FCC094BF0080944A000A02
97245 +:102B0000515F00F78F8600403227000314E0006415
97246 +:102B100000000000920E000211C000D8000000006A
97247 +:102B20008E0B0024156000D902602021920400035E
97248 +:102B300024190002308500FF14B90005308900FF18
97249 +:102B40008F940054128000EA240D002C308900FF7D
97250 +:102B5000392C00102D8400012D3200010244302553
97251 +:102B6000020028210E001A6A026020212410FFFFB3
97252 +:102B7000105000BF8F8500388F830054106000D341
97253 +:102B8000240500013C0A08008D4A318C0143F82BD2
97254 +:102B900017E000B22402002D02602021000028214D
97255 +:102BA0000E0019A9240600018F85003800001821A5
97256 +:102BB0000A001D320060A0210E0018750000000000
97257 +:102BC0000A001DF800000000AC8000200A001E78FA
97258 +:102BD0008E03001400002821026020210E0019A994
97259 +:102BE000240600010A001CC38F8500380A001DB7A7
97260 +:102BF0008F8800388CAA00848CAC00843C031000C1
97261 +:102C00000147F824001F91403189007F024968255F
97262 +:102C100001A32825ACC50830910700012405000157
97263 +:102C2000026020210E0019A930E600010A001CC331
97264 +:102C30008F850038938F00482403FFFD0A001D3460
97265 +:102C4000AF8F00600A001D342403FFFF02602021C3
97266 +:102C50002410000D0E001A4AA390006800401821AD
97267 +:102C60008F8500380A001D320060A0210E00187503
97268 +:102C7000000000009783005C8F86006000402021E8
97269 +:102C80003070FFFF00D010232C4A00051140FE11C8
97270 +:102C90008F850038ACA400EC0A001D2F306EFFFFBA
97271 +:102CA00090CF000D31E300085460FFA192040003AF
97272 +:102CB00002602021240200100E001A4AA38200683C
97273 +:102CC0002403FFFF5443FF9A920400030A001F12DB
97274 +:102CD0008F85003890A4000D308F000811E000951A
97275 +:102CE0008F990054572000A6026020218E1F000CEF
97276 +:102CF0008CB4002057F40005026020218E0D0008DE
97277 +:102D00008CA7002411A7003A026020212402002091
97278 +:102D1000A38200680E001A4A2412FFFF1052FEED33
97279 +:102D20002404FFFF8F9F00442402FFF73C14800E11
97280 +:102D300093EA000D2419FF803C03800001423824EF
97281 +:102D4000A3E7000D8F9F00303C0908008D2931ACAE
97282 +:102D50008F8C006C97F200788F870044012C302113
97283 +:102D6000324D7FFF000D204000C4782131E5007F07
97284 +:102D700000B4C02101F94024AC68002CA711000068
97285 +:102D80008CEB0028256E0001ACEE00288CEA002CAC
97286 +:102D90008E02002C01426021ACEC002C8E09002C2C
97287 +:102DA000ACE900308E120014ACF2003494ED003A1D
97288 +:102DB00025A40001A4E4003A97E600783C1108003D
97289 +:102DC0008E3131B024C3000130707FFF1211005CDE
97290 +:102DD000006030218F8F0030026020212405000127
97291 +:102DE0000E001934A5E600780A001EA1000020217B
97292 +:102DF0008E0900142412FFFF1132006B8F8A0038F5
97293 +:102E00008E0200188D4C00D0144C00650260202109
97294 +:102E10008E0B00248CAE0028116E005B2402002172
97295 +:102E20000E001A4AA38200681452FFBE2404FFFF5A
97296 +:102E30008F8500380A001D320080A0212402001F67
97297 +:102E40000E001A4AA38200682409FFFF1049FEA160
97298 +:102E50002404FFFF0A001E548F83005402602021C7
97299 +:102E60000E001A4AA38200681450FF508F85003864
97300 +:102E70002403FFFF0A001D320060A0218CD800242B
97301 +:102E80008E0800241118FF29026020210A001F2744
97302 +:102E90002402000F8E0900003C05008001259024CB
97303 +:102EA0001640FF492402001A026020210E001A4A2F
97304 +:102EB000A3820068240CFFFF144CFECF2404FFFF04
97305 +:102EC0008F8500380A001D320080A0210E001934C1
97306 +:102ED000026020218F8500380A001EE500001821BD
97307 +:102EE0002403FFFD0060A0210A001D32AF860060B0
97308 +:102EF000026020210E001A4AA38D00682403FFFF00
97309 +:102F00001043FF588F8500380A001ECC920400033E
97310 +:102F10002418001D0E001A4AA39800682403FFFF1E
97311 +:102F20001443FE9D2404FFFF8F8500380A001D32E4
97312 +:102F30000080A021026020210A001F3D24020024FD
97313 +:102F4000240880000068C024330BFFFF000B73C20D
97314 +:102F500031D000FF001088270A001F6E001133C017
97315 +:102F6000240F001B0E001A4AA38F00681451FEACF8
97316 +:102F70002404FFFF8F8500380A001D320080A02145
97317 +:102F80000A001F3D240200278E0600288CA3002C77
97318 +:102F900010C30008026020210A001F812402001FC4
97319 +:102FA0000A001F812402000E026020210A001F81F6
97320 +:102FB000240200258E04002C1080000D8F8F00301D
97321 +:102FC0008DE800740104C02B5700000C0260202122
97322 +:102FD0008CB900140086A0210334282B10A0FF52C6
97323 +:102FE0008F9F0044026020210A001F8124020022DA
97324 +:102FF000026020210A001F81240200230A001F8191
97325 +:103000002402002627BDFFD8AFB3001CAFB10014C7
97326 +:10301000AFBF0020AFB20018AFB000103C0280007C
97327 +:103020008C5201408C4B01483C048000000B8C0208
97328 +:10303000322300FF317300FF8C8501B804A0FFFE2E
97329 +:1030400034900180AE1200008C8701442464FFF0AC
97330 +:10305000240600022C830013AE070004A61100080A
97331 +:10306000A206000BAE1300241060004F8FBF00209B
97332 +:10307000000448803C0A0801254A9534012A402171
97333 +:103080008D04000000800008000000003C030800E0
97334 +:103090008C6331A831693FFF00099980007280215B
97335 +:1030A000021370212405FF80264D0100264C00806C
97336 +:1030B0003C02800031B1007F3198007F31CA007F2F
97337 +:1030C0003C1F800A3C1980043C0F800C01C5202461
97338 +:1030D00001A5302401853824014F1821AC46002475
97339 +:1030E000023F402103194821AC470090AC4400281E
97340 +:1030F000AF830044AF880038AF8900300E0019005C
97341 +:10310000016080213C0380008C6B01B80560FFFEEC
97342 +:103110008F8700448F8600383465018090E8000D69
97343 +:10312000ACB20000A4B0000600082600000416039C
97344 +:1031300000029027001227C21080008124C200885C
97345 +:10314000241F6082A4BF0008A0A000052402000282
97346 +:10315000A0A2000B8F8B0030000424003C08270045
97347 +:1031600000889025ACB20010ACA00014ACA00024E4
97348 +:10317000ACA00028ACA0002C8D6900382413FF807F
97349 +:10318000ACA9001890E3000D02638024320500FF13
97350 +:1031900010A000058FBF002090ED000D31AC007F26
97351 +:1031A000A0EC000D8FBF00208FB3001C8FB2001861
97352 +:1031B0008FB100148FB000103C0A10003C0E80004C
97353 +:1031C00027BD002803E00008ADCA01B8265F010052
97354 +:1031D0002405FF8033F8007F3C06800003E5782457
97355 +:1031E0003C19800A03192021ACCF0024908E00D412
97356 +:1031F00000AE682431AC00FF11800024AF84003899
97357 +:10320000248E008895CD00123C0C08008D8C31A8CE
97358 +:1032100031AB3FFF01924821000B5180012A402130
97359 +:1032200001052024ACC400283107007F3C06800C37
97360 +:1032300000E620219083000D00A31024304500FFFC
97361 +:1032400010A0FFD8AF8400449098000D330F0010F9
97362 +:1032500015E0FFD58FBF00200E0019000000000010
97363 +:103260003C0380008C7901B80720FFFE00000000BD
97364 +:10327000AE1200008C7F0144AE1F0004A6110008AE
97365 +:1032800024110002A211000BAE1300243C1308010C
97366 +:10329000927396F0327000015200FFC38FBF00207E
97367 +:1032A0000E002146024020210A0020638FBF00202B
97368 +:1032B0003C1260008E452C083C03F0033462FFFF93
97369 +:1032C00000A2F824AE5F2C088E582C083C1901C0CF
97370 +:1032D00003199825AE532C080A0020638FBF0020E5
97371 +:1032E000264D010031AF007F3C10800A240EFF8084
97372 +:1032F00001F0282101AE60243C0B8000AD6C00245D
97373 +:103300001660FFA8AF85003824110003A0B100FCAF
97374 +:103310000A0020638FBF002026480100310A007F89
97375 +:103320003C0B800A2409FF80014B30210109202435
97376 +:103330003C078000ACE400240A002062AF8600381D
97377 +:10334000944E0012320C3FFF31CD3FFF15ACFF7D94
97378 +:10335000241F608290D900D42418FF800319782498
97379 +:1033600031EA00FF1140FF7700000000240700044D
97380 +:10337000A0C700FC8F870044241160842406000D40
97381 +:10338000A4B10008A0A600050A00204D24020002F6
97382 +:103390003C040001248496DC24030014240200FE73
97383 +:1033A0003C010800AC2431EC3C010800AC2331E8BE
97384 +:1033B0003C010801A42296F83C040801248496F8F4
97385 +:1033C0000000182100643021A0C300042463000120
97386 +:1033D0002C6500FF54A0FFFC006430213C0708006E
97387 +:1033E00024E7010003E00008AF87007800A058211F
97388 +:1033F000008048210000102114A00012000050217C
97389 +:103400000A002142000000003C010801A42096F8B7
97390 +:103410003C05080194A596F88F8200783C0C0801C1
97391 +:10342000258C96F800E2182100AC2021014B302BAE
97392 +:10343000A089000400001021A460000810C0003919
97393 +:10344000010048218F8600780009384000E94021BA
97394 +:103450000008388000E6282190A8000B90B9000AE7
97395 +:103460000008204000881021000218800066C0215A
97396 +:10347000A319000A8F85007800E5782191EE000AF3
97397 +:1034800091E6000B000E684001AE6021000C208028
97398 +:1034900000851021A046000B3C030801906396F2C2
97399 +:1034A000106000222462FFFF8F8300383C01080176
97400 +:1034B000A02296F2906C00FF118000040000000032
97401 +:1034C000906E00FF25CDFFFFA06D00FF3C190801A5
97402 +:1034D000973996F8272300013078FFFF2F0F00FF60
97403 +:1034E00011E0FFC9254A00013C010801A42396F818
97404 +:1034F0003C05080194A596F88F8200783C0C0801E1
97405 +:10350000258C96F800E2182100AC2021014B302BCD
97406 +:10351000A089000400001021A460000814C0FFC9A5
97407 +:103520000100482103E000080000000003E000085B
97408 +:103530002402000227BDFFE0248501002407FF804C
97409 +:10354000AFB00010AFBF0018AFB1001400A718242F
97410 +:103550003C10800030A4007F3C06800A00862821B1
97411 +:103560008E110024AE03002490A200FF1440000836
97412 +:10357000AF850038A0A000098FBF0018AE1100244D
97413 +:103580008FB100148FB0001003E0000827BD0020A9
97414 +:1035900090A900FD90A800FF312400FF0E0020F448
97415 +:1035A000310500FF8F8500388FBF0018A0A00009EB
97416 +:1035B000AE1100248FB100148FB0001003E000089A
97417 +:1035C00027BD002027BDFFD0AFB20020AFB1001C47
97418 +:1035D000AFB00018AFBF002CAFB40028AFB30024C9
97419 +:1035E0003C0980009533011635320C00952F011AE5
97420 +:1035F0003271FFFF023280218E08000431EEFFFF9E
97421 +:10360000248B0100010E6821240CFF8025A5FFFFFB
97422 +:10361000016C50243166007F3C07800AAD2A0024EB
97423 +:1036200000C73021AF850074AF8800703C010801ED
97424 +:10363000A02096F190C300090200D02100809821BB
97425 +:10364000306300FF2862000510400048AF86003854
97426 +:10365000286400021480008E24140001240D00054B
97427 +:103660003C010801A02D96D590CC00FD3C0108013D
97428 +:10367000A02096D63C010801A02096D790CB000A46
97429 +:10368000240AFF80318500FF014B4824312700FFC9
97430 +:1036900010E0000C000058213C12800836510080D8
97431 +:1036A0008E2F00308CD0005C01F0702305C0018E9D
97432 +:1036B0008F87007090D4000A3284007FA0C4000A73
97433 +:1036C0008F8600383C118008363000808E0F003025
97434 +:1036D0008F87007000EF702319C000EE000000001B
97435 +:1036E00090D4000924120002328400FF1092024795
97436 +:1036F000000000008CC2005800E2F82327F9FFFF09
97437 +:103700001B2001300000000090C5000924080004BF
97438 +:1037100030A300FF10680057240A00013C01080193
97439 +:10372000A02A96D590C900FF252700013C01080179
97440 +:10373000A02796D43C030801906396D52406000583
97441 +:103740001066006A2C780005130000C40000902168
97442 +:103750000003F8803C0408012484958003E4C82118
97443 +:103760008F25000000A0000800000000241800FFC2
97444 +:103770001078005C0000000090CC000A90CA00099C
97445 +:103780003C080801910896F13187008000EA48253D
97446 +:103790003C010801A02996DC90C500FD3C140801FD
97447 +:1037A000929496F2311100013C010801A02596DDAA
97448 +:1037B00090DF00FE3C010801A03F96DE90D200FFA2
97449 +:1037C0003C010801A03296DF8CD900543C0108016D
97450 +:1037D000AC3996E08CD000583C010801AC3096E43E
97451 +:1037E0008CC3005C3C010801AC3496EC3C01080140
97452 +:1037F000AC2396E8162000088FBF002C8FB4002859
97453 +:103800008FB300248FB200208FB1001C8FB000183E
97454 +:1038100003E0000827BD00303C1180009624010E13
97455 +:103820000E000FD43094FFFF3C0B08018D6B96F413
97456 +:103830000260382102802821AE2B01803C13080150
97457 +:103840008E7396D401602021240600830E00102F71
97458 +:10385000AFB300108FBF002C8FB400288FB30024AB
97459 +:103860008FB200208FB1001C8FB0001803E0000859
97460 +:1038700027BD00303C1808008F1831FC270F0001CD
97461 +:103880003C010800AC2F31FC0A0021D700000000E9
97462 +:103890001474FFB900000000A0C000FF3C05080040
97463 +:1038A0008CA531E43C0308008C6331E03C02080045
97464 +:1038B0008C4232048F99003834A80001241F000282
97465 +:1038C0003C010801AC2396F43C010801A02896F0C5
97466 +:1038D0003C010801A02296F3A33F00090A002190B1
97467 +:1038E0008F8600380E002146000000000A0021D714
97468 +:1038F0008F8600383C1F080193FF96D424190001DD
97469 +:1039000013F902298F8700703C100801921096D895
97470 +:103910003C06080190C696D610C000050200A02102
97471 +:103920003C040801908496D9109001E48F870078B8
97472 +:10393000001088408F9F0078023048210009C8801D
97473 +:10394000033F702195D80008270F0001A5CF00087C
97474 +:103950003C040801908496D93C05080190A596D6B0
97475 +:103960000E0020F4000000008F8700780230202134
97476 +:103970000004308000C720218C8500048F820074F1
97477 +:1039800000A2402305020006AC8200048C8A0000DD
97478 +:103990008F830070014310235C400001AC83000062
97479 +:1039A0008F86003890CB00FF2D6C00025580002DD3
97480 +:1039B000241400010230F821001F40800107282153
97481 +:1039C00090B9000B8CAE00040019C0400319782197
97482 +:1039D000000F1880006710218C4D000001AE882375
97483 +:1039E0002630FFFF5E00001F241400018C440004F9
97484 +:1039F0008CAA0000008A482319200019240E000414
97485 +:103A00003C010801A02E96D590AD000B8CAB0004B4
97486 +:103A1000000D8840022D80210010108000471021E9
97487 +:103A20008C44000401646023058202009443000872
97488 +:103A300090DF00FE90B9000B33E500FF54B900049D
97489 +:103A40000107A021A0D400FE8F8700780107A021E4
97490 +:103A50009284000B0E0020F4240500018F860038AC
97491 +:103A600024140001125400962E500001160000424A
97492 +:103A70003C08FFFF241900021659FF3F0000000018
97493 +:103A8000A0C000FF8F860038A0D200090A0021D70D
97494 +:103A90008F86003890C700092404000230E300FF3D
97495 +:103AA0001064016F24090004106901528F880074AA
97496 +:103AB0008CCE0054010E682325B10001062001754B
97497 +:103AC000241800043C010801A03896D53C010801E7
97498 +:103AD000A02096D490D400FD90D200FF2E4F00027B
97499 +:103AE00015E0FF14328400FF000438408F8900780D
97500 +:103AF00090DF00FF00E41021000220800089C8212F
97501 +:103B00002FE500029324000B14A0FF0A24070002F3
97502 +:103B100000041840006480210010588001692821A9
97503 +:103B20008CAC0004010C50230540FF020000000093
97504 +:103B30003C030801906396D614600005246F0001D1
97505 +:103B40003C010801A02496D93C010801A02796D782
97506 +:103B50003C010801A02F96D690CE00FF24E700017B
97507 +:103B600031CD00FF01A7882B1220FFE990A4000BA4
97508 +:103B70000A0021C6000000003C0508018CA596D46F
97509 +:103B80003C12000400A8F82413F2000624020005E9
97510 +:103B90003C090801912996D5152000022402000352
97511 +:103BA000240200053C010801A02296F190C700FF05
97512 +:103BB00014E0012024020002A0C200090A0021D75B
97513 +:103BC0008F86003890CC00FF1180FEDA240A0001B5
97514 +:103BD0008F8C00748F890078240F00030180682186
97515 +:103BE0001160001E240E0002000540400105A021C6
97516 +:103BF00000142080008990218E51000401918023BF
97517 +:103C00000600FECC000000003C020801904296D65F
97518 +:103C100014400005245800013C010801A02A96D751
97519 +:103C20003C010801A02596D93C010801A03896D690
97520 +:103C300090DF00FF010510210002C88033E500FF7E
97521 +:103C4000254A00010329202100AA402B1500FEB9B6
97522 +:103C50009085000B1560FFE50005404000054040E1
97523 +:103C600001051821000310803C010801A02A96D408
97524 +:103C70003C010801A02596D8004918218C64000455
97525 +:103C800000E4F82327F9FFFF1F20FFE900000000F0
97526 +:103C90008C63000000E358230560013A01A38823E8
97527 +:103CA00010E301170184C0231B00FEA200000000E6
97528 +:103CB0003C010801A02E96D50A002305240B000123
97529 +:103CC000240E0004A0CE00093C0D08008DAD31F893
97530 +:103CD0008F86003825A200013C010800AC2231F893
97531 +:103CE0000A0021D7000000008CD9005C00F9C02335
97532 +:103CF0001F00FE7B000000008CDF005C10FFFF65F2
97533 +:103D00008F8400748CC3005C008340232502000173
97534 +:103D10001C40FF60000000008CC9005C248700018B
97535 +:103D200000E9282B10A0FE943C0D80008DAB01040F
97536 +:103D30003C0C0001016C50241140FE8F2402001045
97537 +:103D40003C010801A02296F10A0021D700000000E2
97538 +:103D50008F9100748F86003826220001ACC2005C6F
97539 +:103D60000A002292241400018F8700382404FF8067
97540 +:103D70000000882190E9000A241400010124302564
97541 +:103D8000A0E6000A3C05080190A596D63C0408016F
97542 +:103D9000908496D90E0020F4000000008F86003831
97543 +:103DA0008F85007890C800FD310700FF0007404074
97544 +:103DB0000107F821001FC0800305C8219323000BD1
97545 +:103DC000A0C300FD8F8500788F8600380305602131
97546 +:103DD000918F000B000F704001CF6821000D808093
97547 +:103DE000020510218C4B0000ACCB00548D840004E4
97548 +:103DF0008F83007400645023194000022482000164
97549 +:103E00002462000101074821ACC2005C0009308037
97550 +:103E100000C5402100E02021240500010E0020F40F
97551 +:103E20009110000B8F86003890C500FF10A0FF0C8A
97552 +:103E3000001070408F85007801D06821000D10803F
97553 +:103E4000004558218D6400008F8C0074018450233C
97554 +:103E50002547000104E0FF02263100013C03080170
97555 +:103E6000906396D62E2F0002247800013C010801B1
97556 +:103E7000A03896D63C010801A03496D711E0FEF890
97557 +:103E8000020038210A002365000740408F84003873
97558 +:103E90008F8300748C85005800A340230502FE9A8E
97559 +:103EA000AC8300580A00223B000000003C070801D8
97560 +:103EB00090E796F2240200FF10E200BE8F860038E1
97561 +:103EC0003C110801963196FA3C030801246396F8E8
97562 +:103ED000262500013230FFFF30ABFFFF02036021D7
97563 +:103EE0002D6A00FF1540008D918700043C010801F8
97564 +:103EF000A42096FA8F88003800074840012728211F
97565 +:103F0000911800FF000530802405000127140001EE
97566 +:103F1000A11400FF3C120801925296F28F8800789B
97567 +:103F20008F8E0070264F000100C820213C0108013F
97568 +:103F3000A02F96F2AC8E00008F8D0074A48500082F
97569 +:103F4000AC8D00043C030801906396D414600077A4
97570 +:103F5000000090213C010801A02596D4A087000B09
97571 +:103F60008F8C007800CC5021A147000A8F82003846
97572 +:103F7000A04700FD8F840038A08700FE8F860038A0
97573 +:103F80008F9F0070ACDF00548F990074ACD900583B
97574 +:103F90008F8D00780127C02100185880016DA02165
97575 +:103FA000928F000A000F704001CF18210003888013
97576 +:103FB000022D8021A207000B8F8600780166602108
97577 +:103FC000918A000B000A1040004A2021000428803A
97578 +:103FD00000A64021A107000A3C07800834E90080C0
97579 +:103FE0008D2200308F860038ACC2005C0A0022921D
97580 +:103FF0002414000190CA00FF1540FEAD8F880074A4
97581 +:10400000A0C400090A0021D78F860038A0C000FD97
97582 +:104010008F98003824060001A30000FE3C0108012F
97583 +:10402000A02696D53C010801A02096D40A0021C6FE
97584 +:104030000000000090CB00FF3C040801908496F340
97585 +:10404000316C00FF0184502B1540000F2402000347
97586 +:1040500024020004A0C200090A0021D78F8600387C
97587 +:1040600090C3000A2410FF8002035824316C00FF23
97588 +:104070001180FDC1000000003C010801A02096D580
97589 +:104080000A0021C600000000A0C200090A0021D7D2
97590 +:104090008F86003890D4000A2412FF8002544824EE
97591 +:1040A000312800FF1500FFF4240200083C0108013C
97592 +:1040B000A02296F10A0021D70000000000108840DD
97593 +:1040C0008F8B0070023018210003688001A7202127
97594 +:1040D000AC8B00008F8A0074240C0001A48C0008B3
97595 +:1040E000AC8A00043C05080190A596D62402000184
97596 +:1040F00010A2FE1E24A5FFFF0A0022519084000B8F
97597 +:104100000184A0231A80FD8B000000003C010801FF
97598 +:10411000A02E96D50A002305240B00013C010801BE
97599 +:10412000A42596FA0A0023B78F880038240B0001D3
97600 +:10413000106B00228F9800388F85003890BF00FFE9
97601 +:1041400033F900FF1079002B000000003C1F08012C
97602 +:1041500093FF96D8001FC840033FC0210018A080DD
97603 +:104160000288782191EE000AA08E000A8F8D0078D7
97604 +:104170003C030801906396D800CD88210A0023DD16
97605 +:10418000A223000B263000010600003101A4902379
97606 +:104190000640002B240200033C010801A02F96D505
97607 +:1041A0000A002305240B00018F8900380A00223BF6
97608 +:1041B000AD2700540A00229124120001931400FD3F
97609 +:1041C000A094000B8F8800388F8F0078910E00FE2E
97610 +:1041D00000CF6821A1AE000A8F910038A22700FD10
97611 +:1041E0008F8300708F900038AE0300540A0023DEE6
97612 +:1041F0008F8D007890B000FEA090000A8F8B003861
97613 +:104200008F8C0078916A00FD00CC1021A04A000B31
97614 +:104210008F840038A08700FE8F8600748F85003859
97615 +:10422000ACA600580A0023DE8F8D007894B80008F1
97616 +:10423000ACA40004030378210A002285A4AF00087F
97617 +:104240003C010801A02296D50A0021C6000000000A
97618 +:1042500090CF0009240D000431EE00FF11CDFD8543
97619 +:10426000240200013C010801A02296D50A0021C6C3
97620 +:1042700000000000080033440800334408003420E4
97621 +:10428000080033F4080033D8080033280800332826
97622 +:10429000080033280800334C8008010080080080A3
97623 +:1042A000800800005F865437E4AC62CC50103A4579
97624 +:1042B00036621985BF14C0E81BC27A1E84F4B55655
97625 +:1042C000094EA6FE7DDA01E7C04D748108005A74DC
97626 +:1042D00008005AB808005A5C08005A5C08005A5C8A
97627 +:1042E00008005A5C08005A7408005A5C08005A5CBE
97628 +:1042F00008005AC008005A5C080059D408005A5CEB
97629 +:1043000008005A5C08005AC008005A5C08005A5C51
97630 +:1043100008005A5C08005A5C08005A5C08005A5CA5
97631 +:1043200008005A5C08005A5C08005A5C08005A5C95
97632 +:1043300008005A9408005A5C08005A9408005A5C15
97633 +:1043400008005A5C08005A5C08005A9808005A9401
97634 +:1043500008005A5C08005A5C08005A5C08005A5C65
97635 +:1043600008005A5C08005A5C08005A5C08005A5C55
97636 +:1043700008005A5C08005A5C08005A5C08005A5C45
97637 +:1043800008005A5C08005A5C08005A5C08005A5C35
97638 +:1043900008005A5C08005A5C08005A5C08005A5C25
97639 +:1043A00008005A9808005A9808005A5C08005A9861
97640 +:1043B00008005A5C08005A5C08005A5C08005A5C05
97641 +:1043C00008005A5C08005A5C08005A5C08005A5CF5
97642 +:1043D00008005A5C08005A5C08005A5C08005A5CE5
97643 +:1043E00008005A5C08005A5C08005A5C08005A5CD5
97644 +:1043F00008005A5C08005A5C08005A5C08005A5CC5
97645 +:1044000008005A5C08005A5C08005A5C08005A5CB4
97646 +:1044100008005A5C08005A5C08005A5C08005A5CA4
97647 +:1044200008005A5C08005A5C08005A5C08005A5C94
97648 +:1044300008005A5C08005A5C08005A5C08005A5C84
97649 +:1044400008005A5C08005A5C08005A5C08005A5C74
97650 +:1044500008005A5C08005A5C08005A5C08005A5C64
97651 +:1044600008005A5C08005A5C08005A5C08005A5C54
97652 +:1044700008005A5C08005A5C08005A5C08005A5C44
97653 +:1044800008005A5C08005A5C08005A5C08005A5C34
97654 +:1044900008005A5C08005A5C08005A5C08005A5C24
97655 +:1044A00008005A5C08005A5C08005A5C08005A5C14
97656 +:1044B00008005A5C08005A5C08005A5C08005A5C04
97657 +:1044C00008005A5C08005A5C08005A5C08005ADC74
97658 +:1044D0000800782C08007A900800783808007628C0
97659 +:1044E00008007838080078C4080078380800762872
97660 +:1044F0000800762808007628080076280800762824
97661 +:104500000800762808007628080076280800762813
97662 +:1045100008007628080078580800784808007628AF
97663 +:1045200008007628080076280800762808007628F3
97664 +:1045300008007628080076280800762808007628E3
97665 +:1045400008007628080076280800762808007848B1
97666 +:10455000080082FC08008188080082C40800818865
97667 +:104560000800829408008070080081880800818813
97668 +:1045700008008188080081880800818808008188F7
97669 +:1045800008008188080081880800818808008188E7
97670 +:104590000800818808008188080081B008008D34F7
97671 +:1045A00008008E9008008E70080088D808008D4C96
97672 +:1045B0000A00012400000000000000000000000DBF
97673 +:1045C000747061362E322E31620000000602010145
97674 +:1045D00000000000000000000000000000000000DB
97675 +:1045E00000000000000000000000000000000000CB
97676 +:1045F00000000000000000000000000000000000BB
97677 +:1046000000000000000000000000000000000000AA
97678 +:10461000000000000000000000000000000000009A
97679 +:10462000000000000000000000000000000000008A
97680 +:10463000000000000000000000000000000000007A
97681 +:104640000000000010000003000000000000000D4A
97682 +:104650000000000D3C020800244217203C03080023
97683 +:1046600024632A10AC4000000043202B1480FFFD7F
97684 +:10467000244200043C1D080037BD2FFC03A0F0219C
97685 +:104680003C100800261004903C1C0800279C1720B2
97686 +:104690000E000262000000000000000D2402FF80F6
97687 +:1046A00027BDFFE000821024AFB00010AF42002011
97688 +:1046B000AFBF0018AFB10014936500043084007FD1
97689 +:1046C000034418213C0200080062182130A5002094
97690 +:1046D000036080213C080111277B000814A0000220
97691 +:1046E0002466005C2466005892020004974301048B
97692 +:1046F000920400043047000F3063FFFF3084004015
97693 +:10470000006728231080000900004821920200055C
97694 +:1047100030420004104000050000000010A000031B
97695 +:104720000000000024A5FFFC2409000492020005FB
97696 +:1047300030420004104000120000000010A00010E1
97697 +:10474000000000009602000200A72021010440257D
97698 +:104750002442FFFEA7421016920300042402FF80A9
97699 +:1047600000431024304200FF104000033C020400CC
97700 +:104770000A000174010240258CC20000AF421018EB
97701 +:104780008F4201780440FFFE2402000AA742014044
97702 +:1047900096020002240400093042000700021023A0
97703 +:1047A00030420007A7420142960200022442FFFE67
97704 +:1047B000A7420144A740014697420104A74201488D
97705 +:1047C0008F420108304200205040000124040001C3
97706 +:1047D00092020004304200101440000234830010A2
97707 +:1047E00000801821A743014A0000000000000000DB
97708 +:1047F0000000000000000000AF48100000000000B2
97709 +:104800000000000000000000000000008F421000C7
97710 +:104810000441FFFE3102FFFF1040000700000000CE
97711 +:1048200092020004304200401440000300000000E7
97712 +:104830008F421018ACC20000960200063042FFFF03
97713 +:10484000244200020002104300021040036288214B
97714 +:10485000962200001120000D3044FFFF00A7102118
97715 +:104860008F8300388F45101C0002108200021080D8
97716 +:1048700000431021AC45000030A6FFFF0E00058D5F
97717 +:1048800000052C0200402021A62200009203000413
97718 +:104890002402FF8000431024304200FF1040001F1C
97719 +:1048A0000000000092020005304200021040001B90
97720 +:1048B000000000009742100C2442FFFEA742101691
97721 +:1048C000000000003C02040034420030AF421000FF
97722 +:1048D00000000000000000000000000000000000D8
97723 +:1048E0008F4210000441FFFE000000009742100CB0
97724 +:1048F0008F45101C3042FFFF24420030000210821E
97725 +:1049000000021080005B1021AC45000030A6FFFFC4
97726 +:104910000E00058D00052C02A62200009604000260
97727 +:10492000248400080E0001E93084FFFF974401044D
97728 +:104930000E0001F73084FFFF8FBF00188FB1001405
97729 +:104940008FB000103C02100027BD002003E00008DB
97730 +:10495000AF4201783084FFFF308200078F8500244A
97731 +:1049600010400002248300073064FFF800A41021E7
97732 +:1049700030421FFF03421821247B4000AF850028EE
97733 +:10498000AF82002403E00008AF4200843084FFFFC0
97734 +:104990003082000F8F85002C8F860034104000027B
97735 +:1049A0002483000F3064FFF000A410210046182B70
97736 +:1049B000AF8500300046202314600002AF82002C37
97737 +:1049C000AF84002C8F82002C340480000342182115
97738 +:1049D00000641821AF83003803E00008AF42008074
97739 +:1049E0008F820014104000088F8200048F82FFDC49
97740 +:1049F000144000058F8200043C02FFBF3442FFFFD9
97741 +:104A0000008220248F82000430430006240200022A
97742 +:104A10001062000F3C0201012C62000350400005AF
97743 +:104A2000240200041060000F3C0200010A00023062
97744 +:104A30000000000010620005240200061462000C51
97745 +:104A40003C0201110A000229008210253C020011DB
97746 +:104A500000821025AF421000240200010A0002303B
97747 +:104A6000AF82000C00821025AF421000AF80000C16
97748 +:104A700000000000000000000000000003E000084B
97749 +:104A8000000000008F82000C1040000400000000B5
97750 +:104A90008F4210000441FFFE0000000003E0000808
97751 +:104AA000000000008F8200102443F800000231C291
97752 +:104AB00024C2FFF02C6303011060000300021042C7
97753 +:104AC0000A000257AC8200008F85001800C5102B29
97754 +:104AD0001440000B0000182100C5102324470001DA
97755 +:104AE0008F82001C00A210212442FFFF0046102BE1
97756 +:104AF000544000042402FFFF0A000257AC87000064
97757 +:104B00002402FFFF0A000260AC8200008C820000D9
97758 +:104B10000002194000621821000318800062182169
97759 +:104B2000000318803C0208002442175C0062182130
97760 +:104B300003E000080060102127BDFFD8AFBF0020B0
97761 +:104B4000AFB1001CAFB000183C0460088C8250006C
97762 +:104B50002403FF7F3C066000004310243442380CDD
97763 +:104B6000AC8250008CC24C1C3C1A80000002160221
97764 +:104B70003042000F10400007AF82001C8CC34C1C59
97765 +:104B80003C02001F3442FC0000621824000319C2DA
97766 +:104B9000AF8300188F420008275B400034420001B9
97767 +:104BA000AF420008AF8000243C02601CAF40008090
97768 +:104BB000AF4000848C4500088CC308083402800094
97769 +:104BC000034220212402FFF0006218243C020080EE
97770 +:104BD0003C010800AC2204203C025709AF84003895
97771 +:104BE00014620004AF850034240200010A0002921E
97772 +:104BF000AF820014AF8000148F42000038420001E1
97773 +:104C0000304200011440FFFC8F8200141040001657
97774 +:104C10000000000097420104104000058F8300004F
97775 +:104C2000146000072462FFFF0A0002A72C62000A3A
97776 +:104C30002C620010504000048F83000024620001A9
97777 +:104C4000AF8200008F8300002C62000A1440000332
97778 +:104C50002C6200070A0002AEAF80FFDC10400002A9
97779 +:104C600024020001AF82FFDC8F4301088F44010062
97780 +:104C700030622000AF83000410400008AF840010B1
97781 +:104C80003C0208008C42042C244200013C01080034
97782 +:104C9000AC22042C0A00058A3C0240003065020068
97783 +:104CA00014A0000324020F001482026024020D00ED
97784 +:104CB00097420104104002C83C02400030624000AC
97785 +:104CC000144000AD8F8200388C4400088F42017878
97786 +:104CD0000440FFFE24020800AF42017824020008CD
97787 +:104CE000A7420140A7400142974201048F8400047B
97788 +:104CF0003051FFFF30820001104000070220802168
97789 +:104D00002623FFFE240200023070FFFFA742014667
97790 +:104D10000A0002DBA7430148A74001463C02080005
97791 +:104D20008C42043C1440000D8F8300103082002020
97792 +:104D30001440000224030009240300010060202124
97793 +:104D40008F830010240209005062000134840004A3
97794 +:104D5000A744014A0A0002F60000000024020F00E6
97795 +:104D60001462000530820020144000062403000D68
97796 +:104D70000A0002F524030005144000022403000980
97797 +:104D800024030001A743014A3C0208008C4204208E
97798 +:104D90003C0400480E00020C004420250E000235A1
97799 +:104DA000000000008F82000C1040003E0000000058
97800 +:104DB0008F4210003C0300200043102410400039B3
97801 +:104DC0008F820004304200021040003600000000D4
97802 +:104DD000974210141440003300000000974210085E
97803 +:104DE0008F8800383042FFFF2442000600021882FC
97804 +:104DF0000003388000E83021304300018CC40000FB
97805 +:104E000010600004304200030000000D0A00033768
97806 +:104E100000E81021544000103084FFFF3C05FFFFE4
97807 +:104E200000852024008518260003182B0004102B71
97808 +:104E300000431024104000050000000000000000A6
97809 +:104E40000000000D00000000240002228CC20000BF
97810 +:104E50000A000336004520253883FFFF0003182B86
97811 +:104E60000004102B00431024104000050000000037
97812 +:104E7000000000000000000D000000002400022BD4
97813 +:104E80008CC200003444FFFF00E81021AC44000055
97814 +:104E90003C0208008C420430244200013C0108001E
97815 +:104EA000AC2204308F6200008F840038AF8200088B
97816 +:104EB0008C8300003402FFFF1462000F00001021F9
97817 +:104EC0003C0508008CA504543C0408008C84045064
97818 +:104ED00000B0282100B0302B008220210086202144
97819 +:104EE0003C010800AC2504543C010800AC240450EB
97820 +:104EF0000A000580240400088C8200003042010072
97821 +:104F00001040000F000010213C0508008CA5044C47
97822 +:104F10003C0408008C84044800B0282100B0302BE9
97823 +:104F200000822021008620213C010800AC25044C91
97824 +:104F30003C010800AC2404480A0005802404000851
97825 +:104F40003C0508008CA504443C0408008C84044003
97826 +:104F500000B0282100B0302B0082202100862021C3
97827 +:104F60003C010800AC2504443C010800AC2404408A
97828 +:104F70000A000580240400088F6200088F62000088
97829 +:104F800000021602304300F02402003010620005D7
97830 +:104F900024020040106200E08F8200200A00058891
97831 +:104FA0002442000114A000050000000000000000E1
97832 +:104FB0000000000D00000000240002568F4201781E
97833 +:104FC0000440FFFE000000000E00023D27A4001078
97834 +:104FD0001440000500408021000000000000000D8A
97835 +:104FE000000000002400025D8E0200001040000559
97836 +:104FF00000000000000000000000000D00000000A4
97837 +:10500000240002608F62000C0443000324020001AC
97838 +:105010000A00042EAE000000AE0200008F820038AD
97839 +:105020008C480008A20000078F65000C8F64000404
97840 +:1050300030A3FFFF0004240200852023308200FFFC
97841 +:105040000043102124420005000230832CC200815D
97842 +:10505000A605000A14400005A20400040000000098
97843 +:105060000000000D00000000240002788F85003849
97844 +:105070000E0005AB260400148F6200048F43010864
97845 +:10508000A60200083C02100000621824106000080C
97846 +:105090000000000097420104920300072442FFEC45
97847 +:1050A000346300023045FFFF0A0003C3A203000778
97848 +:1050B000974201042442FFF03045FFFF96060008A6
97849 +:1050C0002CC200135440000592030007920200070F
97850 +:1050D00034420001A20200079203000724020001EB
97851 +:1050E00010620005240200031062000B8F8200385A
97852 +:1050F0000A0003E030C6FFFF8F8200383C04FFFF48
97853 +:105100008C43000C0064182400651825AC43000C87
97854 +:105110000A0003E030C6FFFF3C04FFFF8C43001091
97855 +:105120000064182400651825AC43001030C6FFFF4A
97856 +:1051300024C2000200021083A20200058F830038FF
97857 +:10514000304200FF00021080004328218CA800009C
97858 +:105150008CA2000024030004000217021443001272
97859 +:1051600000000000974201043C03FFFF01031824E4
97860 +:105170003042FFFF004610232442FFFE006240251C
97861 +:10518000ACA8000092030005306200FF000210800E
97862 +:1051900000501021904200143042000F00431021B3
97863 +:1051A0000A000415A20200068CA400049742010420
97864 +:1051B0009603000A3088FFFF3042FFFF00461023AD
97865 +:1051C0002442FFD60002140001024025ACA80004CE
97866 +:1051D000920200079204000524630028000318834C
97867 +:1051E0000064182134420004A2030006A202000752
97868 +:1051F0008F8200042403FFFB34420002004310248A
97869 +:10520000AF820004920300068F87003800031880E5
97870 +:10521000007010218C4400203C02FFF63442FFFF56
97871 +:105220000082402400671821AE04000CAC68000C1A
97872 +:10523000920500063C03FF7F8E02000C00052880CB
97873 +:1052400000B020213463FFFF01033024948800263E
97874 +:1052500000A7282100431024AE02000CAC860020D9
97875 +:10526000AC880024ACA8001024020010A742014022
97876 +:1052700024020002A7400142A7400144A742014680
97877 +:10528000974201043C0400082442FFFEA742014863
97878 +:10529000240200010E00020CA742014A9603000AF4
97879 +:1052A0009202000400431021244200023042000711
97880 +:1052B00000021023304200070E000235AE0200103B
97881 +:1052C0008F6200003C0308008C6304442404001037
97882 +:1052D000AF820008974201043042FFFF2442FFFEE4
97883 +:1052E00000403821000237C33C0208008C420440D1
97884 +:1052F000006718210067282B004610210045102167
97885 +:105300003C010800AC2304443C010800AC220440EA
97886 +:105310000A0005150000000014A0000500000000B0
97887 +:10532000000000000000000D000000002400030A3F
97888 +:105330008F4201780440FFFE000000000E00023D95
97889 +:1053400027A4001414400005004080210000000044
97890 +:105350000000000D00000000240003118E02000078
97891 +:105360005440000692020007000000000000000DFB
97892 +:10537000000000002400031C9202000730420004D9
97893 +:10538000104000058F8200042403FFFB344200021A
97894 +:1053900000431024AF8200048F620004044300081D
97895 +:1053A00092020007920200068E03000CAE0000007D
97896 +:1053B0000002108000501021AC4300209202000730
97897 +:1053C00030420004544000099602000A920200058F
97898 +:1053D0003C03000100021080005010218C46001890
97899 +:1053E00000C33021AC4600189602000A9206000461
97900 +:1053F000277100080220202100C2302124C60005A8
97901 +:10540000260500140E0005AB00063082920400064B
97902 +:105410008F6500043C027FFF000420800091202162
97903 +:105420008C8300043442FFFF00A228240065182169
97904 +:10543000AC8300049202000792040005920300046A
97905 +:10544000304200041040001496070008308400FF2A
97906 +:1054500000042080009120218C86000497420104E2
97907 +:105460009605000A306300FF3042FFFF0043102121
97908 +:105470000045102130E3FFFF004310232442FFD8F2
97909 +:1054800030C6FFFF0002140000C23025AC860004C5
97910 +:105490000A0004C992030007308500FF0005288038
97911 +:1054A00000B128218CA4000097420104306300FF62
97912 +:1054B0003042FFFF00431021004710233C03FFFF51
97913 +:1054C000008320243042FFFF00822025ACA400008E
97914 +:1054D0009203000724020001106200060000000091
97915 +:1054E0002402000310620011000000000A0004EC16
97916 +:1054F0008E03001097420104920300049605000AEF
97917 +:105500008E24000C00431021004510212442FFF29C
97918 +:105510003C03FFFF008320243042FFFF0082202550
97919 +:10552000AE24000C0A0004EC8E0300109742010424
97920 +:10553000920300049605000A8E24001000431021F7
97921 +:10554000004510212442FFEE3C03FFFF008320248E
97922 +:105550003042FFFF00822025AE2400108E03001091
97923 +:105560002402000AA7420140A74301429603000A11
97924 +:10557000920200043C04004000431021A742014471
97925 +:10558000A740014697420104A742014824020001B6
97926 +:105590000E00020CA742014A0E0002350000000076
97927 +:1055A0008F6200009203000400002021AF820008F7
97928 +:1055B000974201049606000A3042FFFF006218215C
97929 +:1055C000006028213C0308008C6304443C0208006E
97930 +:1055D0008C42044000651821004410210065382BDE
97931 +:1055E000004710213C010800AC2304443C010800A2
97932 +:1055F000AC22044092040004008620212484000A86
97933 +:105600003084FFFF0E0001E9000000009744010410
97934 +:105610003084FFFF0E0001F7000000003C02100084
97935 +:10562000AF4201780A0005878F820020148200278C
97936 +:105630003062000697420104104000673C024000BF
97937 +:105640003062400010400005000000000000000033
97938 +:105650000000000D00000000240004208F420178AB
97939 +:105660000440FFFE24020800AF4201782402000833
97940 +:10567000A7420140A74001428F82000497430104E2
97941 +:1056800030420001104000073070FFFF2603FFFE8C
97942 +:1056900024020002A7420146A74301480A00053F31
97943 +:1056A0002402000DA74001462402000DA742014A32
97944 +:1056B0008F62000024040008AF8200080E0001E998
97945 +:1056C000000000000A0005190200202110400042DD
97946 +:1056D0003C02400093620000304300F024020010BE
97947 +:1056E0001062000524020070106200358F820020D5
97948 +:1056F0000A000588244200018F62000097430104DC
97949 +:105700003050FFFF3071FFFF8F4201780440FFFEF1
97950 +:105710003202000700021023304200072403000A6F
97951 +:105720002604FFFEA7430140A7420142A7440144CB
97952 +:10573000A7400146A75101488F420108304200208E
97953 +:10574000144000022403000924030001A743014A76
97954 +:105750000E00020C3C0400400E0002350000000068
97955 +:105760003C0708008CE70444021110212442FFFE8C
97956 +:105770003C0608008CC604400040182100E3382194
97957 +:10578000000010218F65000000E3402B00C2302193
97958 +:105790002604000800C830213084FFFFAF850008D0
97959 +:1057A0003C010800AC2704443C010800AC2604403E
97960 +:1057B0000E0001E9000000000A0005190220202166
97961 +:1057C0000E00013B000000008F82002024420001F7
97962 +:1057D000AF8200203C024000AF4201380A00029232
97963 +:1057E000000000003084FFFF30C6FFFF00052C00E2
97964 +:1057F00000A628253882FFFF004510210045282BF0
97965 +:105800000045102100021C023042FFFF004310211E
97966 +:1058100000021C023042FFFF004310213842FFFF0C
97967 +:1058200003E000083042FFFF3084FFFF30A5FFFF98
97968 +:1058300000001821108000070000000030820001E5
97969 +:105840001040000200042042006518210A0005A152
97970 +:105850000005284003E000080060102110C0000689
97971 +:1058600024C6FFFF8CA2000024A50004AC82000027
97972 +:105870000A0005AB2484000403E0000800000000D7
97973 +:1058800010A0000824A3FFFFAC8600000000000069
97974 +:10589000000000002402FFFF2463FFFF1462FFFAF0
97975 +:1058A0002484000403E00008000000000000000160
97976 +:1058B0000A00002A00000000000000000000000DA7
97977 +:1058C000747870362E322E3162000000060201001C
97978 +:1058D00000000000000001360000EA600000000047
97979 +:1058E00000000000000000000000000000000000B8
97980 +:1058F00000000000000000000000000000000000A8
97981 +:105900000000000000000000000000000000000097
97982 +:105910000000001600000000000000000000000071
97983 +:105920000000000000000000000000000000000077
97984 +:105930000000000000000000000000000000000067
97985 +:1059400000000000000000000000138800000000BC
97986 +:10595000000005DC00000000000000001000000353
97987 +:10596000000000000000000D0000000D3C020800D7
97988 +:1059700024423D683C0308002463401CAC40000006
97989 +:105980000043202B1480FFFD244200043C1D08002E
97990 +:1059900037BD7FFC03A0F0213C100800261000A8B2
97991 +:1059A0003C1C0800279C3D680E00044E00000000CF
97992 +:1059B0000000000D27BDFFB4AFA10000AFA200049E
97993 +:1059C000AFA30008AFA4000CAFA50010AFA6001451
97994 +:1059D000AFA70018AFA8001CAFA90020AFAA0024F1
97995 +:1059E000AFAB0028AFAC002CAFAD0030AFAE003491
97996 +:1059F000AFAF0038AFB8003CAFB90040AFBC004417
97997 +:105A0000AFBF00480E000591000000008FBF0048A6
97998 +:105A10008FBC00448FB900408FB8003C8FAF003876
97999 +:105A20008FAE00348FAD00308FAC002C8FAB0028D0
98000 +:105A30008FAA00248FA900208FA8001C8FA7001810
98001 +:105A40008FA600148FA500108FA4000C8FA3000850
98002 +:105A50008FA200048FA1000027BD004C3C1B6004F6
98003 +:105A60008F7A5030377B502803400008AF7A00000F
98004 +:105A70008F86003C3C0390003C0280000086282575
98005 +:105A800000A32025AC4400203C0380008C6700204C
98006 +:105A900004E0FFFE0000000003E00008000000003A
98007 +:105AA0000A000070240400018F85003C3C04800043
98008 +:105AB0003483000100A3102503E00008AC8200201D
98009 +:105AC00003E00008000010213084FFFF30A5FFFF35
98010 +:105AD00010800007000018213082000110400002F1
98011 +:105AE00000042042006518211480FFFB00052840B7
98012 +:105AF00003E000080060102110C000070000000053
98013 +:105B00008CA2000024C6FFFF24A50004AC82000084
98014 +:105B100014C0FFFB2484000403E000080000000020
98015 +:105B200010A0000824A3FFFFAC86000000000000C6
98016 +:105B3000000000002402FFFF2463FFFF1462FFFA4D
98017 +:105B40002484000403E000080000000090AA003153
98018 +:105B50008FAB00108CAC00403C0300FF8D6800044C
98019 +:105B6000AD6C00208CAD004400E060213462FFFF8A
98020 +:105B7000AD6D00248CA700483C09FF000109C0243A
98021 +:105B8000AD6700288CAE004C0182C824031978252B
98022 +:105B9000AD6F0004AD6E002C8CAD0038314A00FFB3
98023 +:105BA000AD6D001C94A900323128FFFFAD680010D4
98024 +:105BB00090A70030A5600002A1600004A16700006A
98025 +:105BC00090A30032306200FF0002198210600005CD
98026 +:105BD000240500011065000E0000000003E000082D
98027 +:105BE000A16A00018CD80028354A0080AD780018E1
98028 +:105BF0008CCF0014AD6F00148CCE0030AD6E000859
98029 +:105C00008CC4002CA16A000103E00008AD64000C04
98030 +:105C10008CCD001CAD6D00188CC90014AD6900144A
98031 +:105C20008CC80024AD6800088CC70020AD67000C4C
98032 +:105C30008CC200148C8300700043C82B1320000713
98033 +:105C4000000000008CC20014144CFFE400000000AF
98034 +:105C5000354A008003E00008A16A00018C820070D0
98035 +:105C60000A0000E6000000009089003027BDFFF820
98036 +:105C70008FA8001CA3A900008FA300003C0DFF808B
98037 +:105C800035A2FFFF8CAC002C00625824AFAB0000A3
98038 +:105C9000A100000400C05821A7A000028D06000446
98039 +:105CA00000A048210167C8218FA500000080502175
98040 +:105CB0003C18FF7F032C20263C0E00FF2C8C00019B
98041 +:105CC000370FFFFF35CDFFFF3C02FF0000AFC824B8
98042 +:105CD00000EDC02400C27824000C1DC003236825F9
98043 +:105CE00001F87025AD0D0000AD0E00048D240024D8
98044 +:105CF000AFAD0000AD0400088D2C00202404FFFF90
98045 +:105D0000AD0C000C9547003230E6FFFFAD060010E9
98046 +:105D10009145004830A200FF000219C25060000106
98047 +:105D20008D240034AD0400148D4700388FAA00186C
98048 +:105D300027BD0008AD0B0028AD0A0024AD07001CEC
98049 +:105D4000AD00002CAD00001803E00008AD000020FD
98050 +:105D500027BDFFE0AFB20018AFB10014AFB0001024
98051 +:105D6000AFBF001C9098003000C088213C0D00FFA0
98052 +:105D7000330F007FA0CF0000908E003135ACFFFFC5
98053 +:105D80003C0AFF00A0CE000194A6001EA220000441
98054 +:105D90008CAB00148E29000400A08021016C282403
98055 +:105DA000012A40240080902101052025A62600021A
98056 +:105DB000AE24000426050020262400080E000092D0
98057 +:105DC00024060002924700302605002826240014ED
98058 +:105DD00000071E000003160324060004044000030D
98059 +:105DE0002403FFFF965900323323FFFF0E00009279
98060 +:105DF000AE230010262400248FBF001C8FB2001891
98061 +:105E00008FB100148FB00010240500030000302172
98062 +:105E10000A00009C27BD002027BDFFD8AFB1001CA1
98063 +:105E2000AFB00018AFBF002090A9003024020001DD
98064 +:105E300000E050213123003F00A040218FB00040FE
98065 +:105E40000080882100C04821106200148FA700380C
98066 +:105E5000240B000500A0202100C02821106B001396
98067 +:105E6000020030210E000128000000009225007C75
98068 +:105E700030A400021080000326030030AE00003082
98069 +:105E8000260300348FBF00208FB1001C8FB0001894
98070 +:105E90000060102103E0000827BD00280E0000A7C5
98071 +:105EA000AFB000100A00016F000000008FA3003C9B
98072 +:105EB000010020210120282101403021AFA3001042
98073 +:105EC0000E0000EEAFB000140A00016F00000000E9
98074 +:105ED0003C06800034C20E008C4400108F850044C4
98075 +:105EE000ACA400208C43001803E00008ACA30024FD
98076 +:105EF0003C06800034C20E008C4400148F850044A0
98077 +:105F0000ACA400208C43001C03E00008ACA30024D8
98078 +:105F10009382000C1040001B2483000F2404FFF028
98079 +:105F20000064382410E00019978B00109784000E4D
98080 +:105F30009389000D3C0A601C0A0001AC01644023F7
98081 +:105F400001037021006428231126000231C2FFFFE3
98082 +:105F500030A2FFFF0047302B50C0000E00E4482164
98083 +:105F60008D4D000C31A3FFFF00036400000C2C03D7
98084 +:105F700004A1FFF30000302130637FFF0A0001A479
98085 +:105F80002406000103E00008000000009784000ED2
98086 +:105F900000E448213123FFFF3168FFFF0068382B00
98087 +:105FA00054E0FFF8A783000E938A000D114000050E
98088 +:105FB000240F0001006BC023A380000D03E0000844
98089 +:105FC000A798000E006BC023A38F000D03E000080C
98090 +:105FD000A798000E03E000080000000027BDFFE8BE
98091 +:105FE000AFB000103C10800036030140308BFFFF43
98092 +:105FF00093AA002BAFBF0014A46B000436040E005C
98093 +:106000009488001630C600FF8FA90030A4680006EF
98094 +:10601000AC650008A0660012A46A001AAC670020F4
98095 +:106020008FA5002CA4690018012020210E000198E2
98096 +:10603000AC6500143C021000AE0201788FBF001462
98097 +:106040008FB0001003E0000827BD00188F85000006
98098 +:106050002484000727BDFFF83084FFF83C06800049
98099 +:1060600094CB008A316AFFFFAFAA00008FA900001D
98100 +:10607000012540232507FFFF30E31FFF0064102B9D
98101 +:106080001440FFF700056882000D288034CC4000E2
98102 +:1060900000AC102103E0000827BD00088F8200003B
98103 +:1060A0002486000730C5FFF800A2182130641FFFC6
98104 +:1060B00003E00008AF8400008F87003C8F84004419
98105 +:1060C00027BDFFB0AFB70044AFB40038AFB1002C6C
98106 +:1060D000AFBF0048AFB60040AFB5003CAFB300342F
98107 +:1060E000AFB20030AFB000283C0B80008C8600249B
98108 +:1060F000AD6700808C8A002035670E00356901008D
98109 +:10610000ACEA00108C8800248D2500040000B82122
98110 +:10611000ACE800188CE3001000A688230000A02142
98111 +:10612000ACE300148CE20018ACE2001C122000FE6C
98112 +:1061300000E0B021936C0008118000F40000000022
98113 +:10614000976F001031EEFFFF022E682B15A000EFB5
98114 +:1061500000000000977200103250FFFFAED0000028
98115 +:106160003C0380008C740000329300081260FFFD35
98116 +:106170000000000096D800088EC700043305FFFF1A
98117 +:1061800030B5000112A000E4000000000000000D86
98118 +:1061900030BFA0402419004013F9011B30B4A00007
98119 +:1061A000128000DF000000009373000812600008F6
98120 +:1061B00000000000976D001031ACFFFF00EC202BB9
98121 +:1061C0001080000330AE004011C000D50000000078
98122 +:1061D000A7850040AF87003893630008022028217C
98123 +:1061E000AFB10020146000F527B40020AF60000CB0
98124 +:1061F000978F004031F14000162000022403001662
98125 +:106200002403000E24054007A363000AAF650014B1
98126 +:10621000938A00428F70001431550001001512401E
98127 +:1062200002024825AF690014979F00408F78001440
98128 +:1062300033F9001003194025AF680014979200400D
98129 +:106240003247000810E0016E000000008F67001464
98130 +:106250003C1210003C11800000F27825AF6F001452
98131 +:1062600036230E00946E000A3C0D81002406000EB9
98132 +:1062700031CCFFFF018D2025AF640004A36600022E
98133 +:106280009373000A3406FFFC266B0004A36B000A1C
98134 +:1062900097980040330820001100015F00000000C3
98135 +:1062A0003C05800034A90E00979900409538000CF9
98136 +:1062B00097870040001940423312C00031030003A9
98137 +:1062C00000127B0330F11000006F6825001172038B
98138 +:1062D00001AE6025000C20C0A76400129793004017
98139 +:1062E000936A000A001359823175003C02AA1021FA
98140 +:1062F0002450003CA3700009953F000C33F93FFF88
98141 +:10630000A779001097700012936900090130F821F5
98142 +:1063100027E5000230B900070019C0233308000741
98143 +:10632000A368000B9371000997720012976F001019
98144 +:10633000322700FF8F910038978D004000F218211E
98145 +:10634000006F702101C6602131A6004010C0000519
98146 +:106350003185FFFF00B1102B3C1280001040001768
98147 +:10636000000098210225A82B56A0013E8FA50020F1
98148 +:106370003C048000348A0E008D5300143C068000DB
98149 +:10638000AD5300108D4B001CAD4B0018AD45000007
98150 +:106390008CCD000031AC00081180FFFD34CE0E0022
98151 +:1063A00095C3000800A0882100009021A783004029
98152 +:1063B0008DC6000424130001AF860038976F0010CB
98153 +:1063C00031F5FFFF8E9F000003F1282310A0011F6D
98154 +:1063D000AE85000093620008144000DD000000005C
98155 +:1063E0000E0001E7240400108F900048004028218F
98156 +:1063F0003C023200320600FF000654000142F8253C
98157 +:1064000026090001AF890048ACBF0000937900095C
98158 +:1064100097780012936F000A332800FF3303FFFFC1
98159 +:106420000103382100076C0031EE00FF01AE60254A
98160 +:10643000ACAC00048F840048978B0040316A200088
98161 +:106440001140010AACA4000897640012308BFFFFD2
98162 +:1064500006400108ACAB000C978E004031C5000827
98163 +:1064600014A0000226280006262800023C1F8000F7
98164 +:1064700037E70E0094F900148CE5001C8F670004C8
98165 +:10648000937800023324FFFF330300FFAFA3001013
98166 +:106490008F6F0014AFA800180E0001CBAFAF00142F
98167 +:1064A000240400100E0001FB000000008E9200008A
98168 +:1064B00016400005000000008F7800142403FFBF81
98169 +:1064C0000303A024AF7400148F67000C00F5C821EB
98170 +:1064D000AF79000C9375000816A0000800000000BA
98171 +:1064E00012600006000000008F6800143C0AEFFFF5
98172 +:1064F0003549FFFE0109F824AF7F0014A37300089B
98173 +:106500008FA500200A00034F02202021AED10000F9
98174 +:106510000A00022D3C03800014E0FF1E30BFA040A3
98175 +:106520000E0001900000A0212E9100010237B0253D
98176 +:1065300012C000188FBF00488F87003C24170F003F
98177 +:1065400010F700D43C0680008CD901780720FFFEAC
98178 +:10655000241F0F0010FF00F634CA0E008D560014E1
98179 +:1065600034C7014024080240ACF600048D49001CE9
98180 +:106570003C141000ACE90008A0E00012A4E0001AEE
98181 +:10658000ACE00020A4E00018ACE80014ACD4017822
98182 +:106590008FBF00488FB700448FB600408FB5003CD6
98183 +:1065A0008FB400388FB300348FB200308FB1002C1D
98184 +:1065B0008FB0002803E0000827BD00508F910038FD
98185 +:1065C000978800403C1280000220A821310700403B
98186 +:1065D00014E0FF7C00009821977900108F9200381A
98187 +:1065E0003338FFFF131200A8000020210080A021F3
98188 +:1065F000108000F300A088211620FECE00000000CD
98189 +:106600000A00031F2E9100013C0380008C62017878
98190 +:106610000440FFFE240808008F860000AC68017863
98191 +:106620003C038000946D008A31ACFFFF0186582343
98192 +:10663000256AFFFF31441FFF2C8900081520FFF950
98193 +:10664000000000008F8F0048347040008F83003CB2
98194 +:1066500000E0A021240E0F0025E70001AF870048CD
98195 +:1066600000D03021023488233C08800031F500FF3F
98196 +:10667000106E0005240700019398004233130001B7
98197 +:106680000013924036470001001524003C0A010027
98198 +:10669000008A4825ACC900008F82004830BF003610
98199 +:1066A00030B90008ACC200041320009900FF9825FF
98200 +:1066B00035120E009650000A8F8700003C0F8100B3
98201 +:1066C0003203FFFF24ED000835060140006F60250E
98202 +:1066D0003C0E100031AB1FFF269200062405000E71
98203 +:1066E000ACCC0020026E9825A4C5001AAF8B000028
98204 +:1066F000A4D20018162000083C1080008F89003CAE
98205 +:1067000024020F00512200022417000136730040BA
98206 +:106710000E0001883C10800036060E008CCB001461
98207 +:10672000360A014002402021AD4B00048CC5001CFC
98208 +:10673000AD450008A1550012AD5300140E0001989C
98209 +:106740003C151000AE1501780A000352000000004D
98210 +:10675000936F0009976E0012936D000B31E500FFF7
98211 +:1067600000AE202131AC00FF008C80212602000AFF
98212 +:106770003050FFFF0E0001E7020020218F86004805
98213 +:106780003C0341003C05800024CB0001AF8B004856
98214 +:10679000936A00099769001230C600FF315F00FF5D
98215 +:1067A0003128FFFF03E8382124F900020006C40065
98216 +:1067B0000319782501E37025AC4E00008F6D000CA5
98217 +:1067C00034A40E00948B001401B26025AC4C00047C
98218 +:1067D0008C85001C8F670004936A00023164FFFF00
98219 +:1067E000314900FFAFA900108F680014AFB1001845
98220 +:1067F0000E0001CBAFA800140A0002FD0200202108
98221 +:10680000AF600004A36000029798004033082000A6
98222 +:106810001500FEA300003021A760001297840040FD
98223 +:10682000936B000A3C10800030931F0000135183CB
98224 +:10683000014BA82126A20028A362000936090E00F8
98225 +:10684000953F000C0A000295A77F00108F7000147E
98226 +:10685000360900400E000188AF6900140A0002C921
98227 +:10686000000000000A00034F000020210641FEFA4C
98228 +:10687000ACA0000C8CAC000C3C0D8000018D902570
98229 +:106880000A0002EAACB2000C000090210A0002C526
98230 +:1068900024130001128000073C028000344B0E00DC
98231 +:1068A0009566000830D300401260004900000000E7
98232 +:1068B0003C0680008CD001780600FFFE34C50E0037
98233 +:1068C00094B500103C03050034CC014032B8FFFF02
98234 +:1068D00003039025AD92000C8CAF0014240D200012
98235 +:1068E0003C041000AD8F00048CAE001CAD8E00087F
98236 +:1068F000A1800012A580001AAD800020A58000189C
98237 +:10690000AD8D0014ACC401780A0003263C0680005B
98238 +:106910008F9F0000351801402692000227F90008D9
98239 +:1069200033281FFFA71200180A000391AF88000048
98240 +:106930003C02800034450140ACA0000C1280001BDA
98241 +:1069400034530E0034510E008E370010ACB70004E3
98242 +:106950008E2400183C0B8000ACA400083570014068
98243 +:1069600024040040A20000128FBF0048A600001AB5
98244 +:106970008FB70044AE0000208FB60040A60000187C
98245 +:106980008FB5003CAE0400148FB400388FB30034D0
98246 +:106990008FB200308FB1002C8FB000283C02100065
98247 +:1069A00027BD005003E00008AD6201788E66001438
98248 +:1069B000ACA600048E64001C0A00042A3C0B800074
98249 +:1069C0000E0001902E9100010A0003200237B0252D
98250 +:1069D000000000000000000D00000000240003691A
98251 +:1069E0000A0004013C06800027BDFFD8AFBF00208D
98252 +:1069F0003C0980003C1F20FFAFB200183C0760003C
98253 +:106A000035320E002402001037F9FFFDACE23008E9
98254 +:106A1000AFB3001CAFB10014AFB00010AE5900000E
98255 +:106A20000000000000000000000000000000000066
98256 +:106A3000000000003C1800FF3713FFFDAE530000BC
98257 +:106A40003C0B60048D7050002411FF7F3C0E00024F
98258 +:106A50000211782435EC380C35CD0109ACED4C1819
98259 +:106A6000240A0009AD6C50008CE80438AD2A0008F7
98260 +:106A7000AD2000148CE54C1C3106FFFF38C42F718B
98261 +:106A800000051E023062000F2486C0B310400007CC
98262 +:106A9000AF8200088CE54C1C3C09001F3528FC0027
98263 +:106AA00000A81824000321C2AF8400048CF1080858
98264 +:106AB0003C0F57092412F0000232702435F0001008
98265 +:106AC00001D0602601CF68262DAA00012D8B000180
98266 +:106AD000014B382550E00009A380000C3C1F601CCE
98267 +:106AE0008FF8000824190001A399000C33137C00CF
98268 +:106AF000A7930010A780000EA380000DAF80004870
98269 +:106B000014C00003AF8000003C066000ACC0442C01
98270 +:106B10000E0005B93C1080000E000F1A361101005E
98271 +:106B20003C12080026523DD03C13080026733E500C
98272 +:106B30008E03000038640001308200011440FFFC25
98273 +:106B40003C0B800A8E2600002407FF8024C90240E7
98274 +:106B5000312A007F014B402101272824AE06002066
98275 +:106B6000AF880044AE0500243C048000AF86003CA2
98276 +:106B70008C8C01780580FFFE24180800922F0008F5
98277 +:106B8000AC980178A38F0042938E004231CD000172
98278 +:106B900011A0000F24050D0024DFF8002FF90301D8
98279 +:106BA0001320001C000629C224A4FFF00004104298
98280 +:106BB000000231400E00020200D2D8213C02400007
98281 +:106BC0003C068000ACC201380A0004A000000000AE
98282 +:106BD00010C50023240D0F0010CD00273C1F800896
98283 +:106BE00037F9008093380000240E0050330F00FF67
98284 +:106BF00015EEFFF33C0240000E000A3600000000D4
98285 +:106C00003C0240003C068000ACC201380A0004A0EF
98286 +:106C1000000000008F83000400A3402B1500000B30
98287 +:106C20008F8B0008006B50212547FFFF00E5482BA4
98288 +:106C30001520000600A36023000C19400E0002027C
98289 +:106C40000073D8210A0004C43C0240000000000D7B
98290 +:106C50000E000202000000000A0004C43C024000D2
98291 +:106C60003C1B0800277B3F500E0002020000000082
98292 +:106C70000A0004C43C0240003C1B0800277B3F7014
98293 +:106C80000E000202000000000A0004C43C024000A2
98294 +:106C90003C0660043C09080025290104ACC9502CBD
98295 +:106CA0008CC850003C0580003C0200023507008083
98296 +:106CB000ACC750003C040800248415A43C03080021
98297 +:106CC0002463155CACA50008ACA2000C3C010800D4
98298 +:106CD000AC243D603C010800AC233D6403E00008A7
98299 +:106CE0002402000100A030213C1C0800279C3D68C4
98300 +:106CF0003C0C04003C0B0002008B3826008C402624
98301 +:106D00002CE200010007502B2D050001000A4880ED
98302 +:106D10003C03080024633D60004520250123182121
98303 +:106D20001080000300001021AC6600002402000166
98304 +:106D300003E00008000000003C1C0800279C3D68A0
98305 +:106D40003C0B04003C0A0002008A3026008B3826E7
98306 +:106D50002CC200010006482B2CE5000100094080F0
98307 +:106D60003C03080024633D600045202501031821F1
98308 +:106D700010800005000010213C0C0800258C155CDB
98309 +:106D8000AC6C00002402000103E0000800000000D9
98310 +:106D90003C0900023C08040000883026008938269F
98311 +:106DA0002CC30001008028212CE400010083102561
98312 +:106DB0001040000B000030213C1C0800279C3D685F
98313 +:106DC0003C0A80008D4E00082406000101CA682597
98314 +:106DD000AD4D00088D4C000C01855825AD4B000CC5
98315 +:106DE00003E0000800C010213C1C0800279C3D68FF
98316 +:106DF0003C0580008CA6000C000420272402000122
98317 +:106E000000C4182403E00008ACA3000C3C020002FC
98318 +:106E10001082000B3C0560003C0704001087000353
98319 +:106E20000000000003E00008000000008CA908D06A
98320 +:106E3000240AFFFD012A402403E00008ACA808D082
98321 +:106E40008CA408D02406FFFE0086182403E0000866
98322 +:106E5000ACA308D03C05601A34A600108CC3008097
98323 +:106E600027BDFFF88CC50084AFA3000093A40000E9
98324 +:106E70002402000110820003AFA5000403E0000813
98325 +:106E800027BD000893A7000114E0001497AC00028E
98326 +:106E900097B800023C0F8000330EFFFC01CF682141
98327 +:106EA000ADA50000A3A000003C0660008CC708D080
98328 +:106EB0002408FFFE3C04601A00E82824ACC508D072
98329 +:106EC0008FA300048FA200003499001027BD000892
98330 +:106ED000AF22008003E00008AF2300843C0B800059
98331 +:106EE000318AFFFC014B48218D2800000A00057DF6
98332 +:106EF000AFA8000427BDFFE8AFBF00103C1C08008E
98333 +:106F0000279C3D683C0580008CA4000C8CA20004EA
98334 +:106F10003C0300020044282410A0000A00A3182407
98335 +:106F20003C0604003C0400021460000900A6102482
98336 +:106F30001440000F3C0404000000000D3C1C08003D
98337 +:106F4000279C3D688FBF001003E0000827BD001894
98338 +:106F50003C0208008C423D600040F809000000003F
98339 +:106F60003C1C0800279C3D680A0005A68FBF001046
98340 +:106F70003C0208008C423D640040F809000000001B
98341 +:106F80000A0005AC00000000000411C003E0000886
98342 +:106F9000244202403C04080024843FB42405001A23
98343 +:106FA0000A00009C0000302127BDFFE0AFB00010B8
98344 +:106FB0003C108000AFBF0018AFB1001436110100C3
98345 +:106FC000922200090E0005B63044007F8E3F00007B
98346 +:106FD0008F89003C3C0F008003E26021258800403F
98347 +:106FE0000049F821240DFF80310E00783198007897
98348 +:106FF00035F9000135F100020319382501D1482582
98349 +:10700000010D302403ED5824018D2824240A00406A
98350 +:1070100024040080240300C0AE0B0024AE0008103E
98351 +:10702000AE0A0814AE040818AE03081CAE05080426
98352 +:10703000AE070820AE060808AE0908243609090084
98353 +:107040009539000C3605098033ED007F3338FFFF9A
98354 +:10705000001889C0AE110800AE0F0828952C000C4E
98355 +:107060008FBF00188FB10014318BFFFF000B51C090
98356 +:10707000AE0A002C8CA400508FB000108CA3003CF2
98357 +:107080008D2700048CA8001C8CA600383C0E800ABA
98358 +:1070900001AE102127BD0020AF820044AF84005014
98359 +:1070A000AF830054AF87004CAF88005C03E000085A
98360 +:1070B000AF8600603C09080091293FD924A800024E
98361 +:1070C0003C05110000093C0000E8302500C51825EA
98362 +:1070D00024820008AC83000003E00008AC800004B8
98363 +:1070E0003C098000352309009128010B906A0011AA
98364 +:1070F0002402002800804821314700FF00A07021B1
98365 +:1071000000C068213108004010E20002340C86DD26
98366 +:10711000240C08003C0A800035420A9A944700007B
98367 +:10712000354B0A9C35460AA030F9FFFFAD39000007
98368 +:107130008D780000354B0A8024040001AD3800042E
98369 +:107140008CCF0000AD2F00089165001930A300031B
98370 +:107150001064009028640002148000AF240500022F
98371 +:107160001065009E240F0003106F00B435450AA47B
98372 +:10717000240A0800118A0048000000005100003D68
98373 +:107180003C0B80003C0480003483090090670012AF
98374 +:1071900030E200FF004D7821000FC8802724000155
98375 +:1071A0003C0A8000354F090091E50019354C0980F3
98376 +:1071B0008D87002830A300FF0003150000475825E5
98377 +:1071C0000004C4003C19600001793025370806FF2F
98378 +:1071D000AD260000AD2800048DEA002C25280028EB
98379 +:1071E000AD2A00088DEC0030AD2C000C8DE500348C
98380 +:1071F000AD2500108DE400383C05800034AC093C1E
98381 +:10720000AD2400148DE3001CAD2300188DE7002091
98382 +:10721000AD27001C8DE20024AD2200208DF900284E
98383 +:1072200034A20100AD3900248D830000AD0E0004AE
98384 +:1072300034B90900AD0300008C47000C250200148E
98385 +:10724000AD070008932B00123C04080090843FD83F
98386 +:10725000AD000010317800FF030D302100064F0013
98387 +:1072600000047C00012F702535CDFFFC03E00008F1
98388 +:10727000AD0D000C35780900930600123C0508009E
98389 +:1072800094A53FC830C800FF010D5021000A60805E
98390 +:107290000A00063C018520211500005B000000006B
98391 +:1072A0003C08080095083FCE3C06080094C63FC83D
98392 +:1072B000010610213C0B800035790900933800113C
98393 +:1072C000932A001935660A80330800FF94CF002AFC
98394 +:1072D00000086082314500FF978A0058000C1E00AC
98395 +:1072E000000524003047FFFF006410250047C0253B
98396 +:1072F00001EA30213C0B4000030B402500066400EE
98397 +:10730000AD280000AD2C0004932500183C030006B6
98398 +:107310002528001400053E0000E31025AD220008DA
98399 +:107320008F24002C3C05800034AC093CAD24000CBB
98400 +:107330008F38001C34A20100254F0001AD38001029
98401 +:107340008D830000AD0E000431EB7FFFAD03000024
98402 +:107350008C47000C34B90900A78B0058AD07000812
98403 +:10736000932B00123C04080090843FD8250200149F
98404 +:10737000317800FF030D302100064F0000047C002F
98405 +:10738000012F702535CDFFFCAD00001003E0000893
98406 +:10739000AD0D000C3C02080094423FD23C050800B1
98407 +:1073A00094A53FC835440AA43C07080094E73FC4AD
98408 +:1073B000948B00000045C8210327C023000B1C004C
98409 +:1073C0002706FFF200665025AD2A000CAD20001004
98410 +:1073D000AD2C00140A00063025290018354F0AA4E8
98411 +:1073E00095E50000956400280005140000043C00A9
98412 +:1073F0003459810000EC5825AD39000CAD2B00103C
98413 +:107400000A000630252900143C0C0800958C3FCE5C
98414 +:107410000A000681258200015460FF56240A0800F4
98415 +:1074200035580AA49706000000061C00006C502581
98416 +:10743000AD2A000C0A000630252900103C03080084
98417 +:1074400094633FD23C07080094E73FC83C0F080014
98418 +:1074500095EF3FC494A4000095790028006710219F
98419 +:10746000004F582300041C00001934002578FFEE5B
98420 +:1074700000D87825346A8100AD2A000CAD2F0010A9
98421 +:10748000AD200014AD2C00180A0006302529001C80
98422 +:1074900003E00008240207D027BDFFE0AFB20018C8
98423 +:1074A000AFB10014AFB00010AFBF001C0E00007CE5
98424 +:1074B000008088218F8800548F87004C3C0580080D
98425 +:1074C00034B20080011128213C1080002402008089
98426 +:1074D000240300C000A72023AE0208183C06800841
98427 +:1074E000AE03081C18800004AF850054ACC500042E
98428 +:1074F0008CC90004AF89004C1220000936040980B1
98429 +:107500000E0006F800000000924C00278E0B00745D
98430 +:1075100001825004014B3021AE46000C3604098034
98431 +:107520008C8E001C8F8F005C01CF682319A0000493
98432 +:107530008FBF001C8C90001CAF90005C8FBF001CA4
98433 +:107540008FB200188FB100148FB000100A00007EB7
98434 +:1075500027BD00208F8600508F8300548F82004CFF
98435 +:107560003C05800834A40080AC860050AC83003C0D
98436 +:1075700003E00008ACA200043C0308008C63005444
98437 +:1075800027BDFFF8308400FF2462000130A500FF12
98438 +:107590003C010800AC22005430C600FF3C078000CC
98439 +:1075A0008CE801780500FFFE3C0C7FFFA3A40003DC
98440 +:1075B0008FAA0000358BFFFF014B4824000627C02F
98441 +:1075C00001244025AFA8000034E201009043000AE6
98442 +:1075D000A3A000023C1980FFA3A300018FAF00000D
98443 +:1075E00030AE007F3738FFFF01F86024000E6E00D8
98444 +:1075F0003C0A002034E50140018D58253549200022
98445 +:107600002406FF803C04100027BD0008ACAB000C32
98446 +:10761000ACA90014A4A00018A0A6001203E0000862
98447 +:10762000ACE40178308800FF30A700FF3C03800005
98448 +:107630008C6201780440FFFE3C0C8000358A0A0011
98449 +:107640008D4B00203584014035850980AC8B0004CA
98450 +:107650008D4900240007302B00061540AC89000836
98451 +:10766000A088001090A3004CA083002D03E0000828
98452 +:10767000A480001827BDFFE8308400FFAFBF0010D2
98453 +:107680000E00075D30A500FF8F8300548FBF0010F0
98454 +:107690003C06800034C50140344700402404FF907C
98455 +:1076A0003C02100027BD0018ACA3000CA0A40012DF
98456 +:1076B000ACA7001403E00008ACC2017827BDFFE0CE
98457 +:1076C0003C088008AFBF001CAFB20018AFB1001477
98458 +:1076D000AFB00010351000808E0600183C07800007
98459 +:1076E000309200FF00C72025AE0400180E00007C79
98460 +:1076F00030B100FF92030005346200080E00007EE6
98461 +:10770000A2020005024020210E000771022028215C
98462 +:10771000024020218FBF001C8FB200188FB10014CF
98463 +:107720008FB0001024050005240600010A0007326E
98464 +:1077300027BD00203C05800034A309809066000826
98465 +:1077400030C200081040000F3C0A01013549080A08
98466 +:10775000AC8900008CA80074AC8800043C070800C9
98467 +:1077600090E73FD830E5001050A00008AC8000083A
98468 +:107770003C0D800835AC00808D8B0058AC8B000828
98469 +:107780002484000C03E00008008010210A0007B5E3
98470 +:107790002484000C27BDFFE83C098000AFB0001036
98471 +:1077A000AFBF00143526098090C8000924020006E6
98472 +:1077B00000A05821310300FF3527090000808021F7
98473 +:1077C000240500041062007B2408000294CF005CB2
98474 +:1077D0003C0E020431EDFFFF01AE6025AE0C00004F
98475 +:1077E00090CA00083144002010800008000000000A
98476 +:1077F00090C2004E3C1F010337F90300305800FFD0
98477 +:107800000319302524050008AE06000490F9001184
98478 +:1078100090E6001290E40011333800FF00187082E7
98479 +:1078200030CF00FF01CF5021014B6821308900FF8C
98480 +:1078300031AAFFFF39230028000A60801460002C61
98481 +:10784000020C482390E400123C198000372F0100FD
98482 +:10785000308C00FF018B1821000310800045F821B7
98483 +:10786000001F8400360706FFAD270004373F0900DC
98484 +:1078700093EC001193EE0012372609800005C082B8
98485 +:107880008DE4000C8CC5003431CD00FF01AB10211C
98486 +:107890000058182100A4F8230008840000033F00CA
98487 +:1078A00000F0302533F9FFFF318F00FC00D970253F
98488 +:1078B0000158202101E9682100045080ADAE000C80
98489 +:1078C0000E00007C012A80213C088008240B000463
98490 +:1078D000350500800E00007EA0AB000902001021DB
98491 +:1078E0008FBF00148FB0001003E0000827BD001800
98492 +:1078F00090EC001190E300193C18080097183FCE57
98493 +:10790000318200FF0002F882307000FF001FCE00BD
98494 +:1079100000103C000327302500D870253C0F4000A4
98495 +:1079200001CF68253C198000AD2D0000373F0900CC
98496 +:1079300093EC001193EE0012372F010037260980D7
98497 +:107940000005C0828DE4000C8CC5003431CD00FFF1
98498 +:1079500001AB10210058182100A4F823000884006E
98499 +:1079600000033F0000F0302533F9FFFF318F00FCAA
98500 +:1079700000D970250158202101E9682100045080B8
98501 +:10798000ADAE000C0E00007C012A80213C0880086E
98502 +:10799000240B0004350500800E00007EA0AB00091A
98503 +:1079A000020010218FBF00148FB0001003E0000808
98504 +:1079B00027BD00180A0007C72408001227BDFFD002
98505 +:1079C0003C038000AFB60028AFB50024AFB4002060
98506 +:1079D000AFB10014AFBF002CAFB3001CAFB20018A2
98507 +:1079E000AFB000103467010090E6000B309400FF48
98508 +:1079F00030B500FF30C200300000B02110400099C7
98509 +:107A000000008821346409809088000800082E0056
98510 +:107A100000051E03046000C0240400048F86005487
98511 +:107A20003C010800A0243FD83C0C8000AD800048F9
98512 +:107A30003C048000348E010091CD000B31A5002064
98513 +:107A400010A000073C078000349309809272000860
98514 +:107A50000012860000107E0305E000C43C1F800871
98515 +:107A600034EC0100918A000B34EB09809169000825
98516 +:107A7000314400400004402B3123000800C8982303
98517 +:107A80001460000224120003000090213C108000CA
98518 +:107A900036180A8036040900970E002C90830011D6
98519 +:107AA0009089001293050018307F00FF312800FFF5
98520 +:107AB000024810210002C880930D0018033F78216E
98521 +:107AC00001F1302130B100FF00D11821A78E0058FC
98522 +:107AD0003C010800A4263FCE3C010800A4233FD06F
98523 +:107AE00015A00002000000000000000D920B010B29
98524 +:107AF0003065FFFF3C010800A4233FD2316A0040FB
98525 +:107B00003C010800A4203FC83C010800A4203FC459
98526 +:107B10001140000224A4000A24A4000B3091FFFFAE
98527 +:107B20000E0001E7022020219206010B3C0C080008
98528 +:107B3000958C3FD2004020210006698231A70001C8
98529 +:107B40000E00060101872821004020210260282123
98530 +:107B50000E00060C024030210E0007A1004020213B
98531 +:107B600016C00069004020219212010B32560040DD
98532 +:107B700012C000053C0500FF8C93000034AEFFFFEF
98533 +:107B8000026E8024AC9000000E0001FB0220202138
98534 +:107B90003C0F080091EF3FD831F10003122000168E
98535 +:107BA0003C1380088F8200543C09800835280080EF
98536 +:107BB000245F0001AD1F003C3C0580088CB9000427
98537 +:107BC00003E02021033FC0231B000002AF9F0054AD
98538 +:107BD0008CA400040E0006F8ACA400043C0780004E
98539 +:107BE0008CEB00743C04800834830080004B5021EF
98540 +:107BF000AC6A000C3C1380083670008002802021A3
98541 +:107C000002A02821A200006B0E00075D3C1480003A
98542 +:107C10008F920054368C0140AD92000C8F86004844
98543 +:107C20003C151000344D000624D60001AF960048E4
98544 +:107C30008FBF002CA18600128FB60028AD8D0014D6
98545 +:107C40008FB3001CAE9501788FB200188FB5002459
98546 +:107C50008FB400208FB100148FB0001003E0000833
98547 +:107C600027BD003034640980908F0008000F760033
98548 +:107C7000000E6E0305A00033347F090093F8001B4B
98549 +:107C8000241900103C010800A0393FD8331300022A
98550 +:107C90001260FF678F8600548F8200601446FF6574
98551 +:107CA0003C0480000E00007C000000003C048008C2
98552 +:107CB0003485008090A8000924060016310300FFD7
98553 +:107CC0001066000D0000000090AB00093C070800A2
98554 +:107CD00090E73FD824090008316400FF34EA00012E
98555 +:107CE0003C010800A02A3FD81089002F240C000A6C
98556 +:107CF000108C00282402000C0E00007E0000000002
98557 +:107D00000A0008608F8600540E0007B9024028213F
98558 +:107D10000A0008AE004020213C0B8008356A008034
98559 +:107D20008D4600548CE9000C1120FF3DAF860054B5
98560 +:107D3000240700143C010800A0273FD80A00085F70
98561 +:107D40003C0C800090910008241200023C010800C5
98562 +:107D5000A0323FD8323000201200000B2416000160
98563 +:107D60008F8600540A0008602411000837F800804C
98564 +:107D70008F020038AFE200048FF90004AF19003C15
98565 +:107D80000A00086C3C0780008F8600540A000860D7
98566 +:107D900024110004A0A200090E00007E00000000D3
98567 +:107DA0000A0008608F860054240200140A00093A71
98568 +:107DB000A0A2000927BDFFE8AFB000103C10800072
98569 +:107DC000AFBF001436020100904400090E00075DA9
98570 +:107DD000240500013C0480089099000E3483008043
98571 +:107DE000909F000F906F00269089000A33F800FFE3
98572 +:107DF00000196E000018740031EC00FF01AE502530
98573 +:107E0000000C5A00014B3825312800FF3603014091
98574 +:107E10003445600000E830252402FF813C04100056
98575 +:107E2000AC66000C8FBF0014AC650014A062001299
98576 +:107E3000AE0401788FB0001003E0000827BD0018E1
98577 +:107E400027BDFFE8308400FFAFBF00100E00075DC4
98578 +:107E500030A500FF3C05800034A4014034470040B9
98579 +:107E60002406FF92AC870014A08600128F83005472
98580 +:107E70008FBF00103C02100027BD0018AC83000C1F
98581 +:107E800003E00008ACA2017827BDFFD8AFB0001016
98582 +:107E9000308400FF30B000FF3C058000AFB100141B
98583 +:107EA000AFBF0020AFB3001CAFB20018000410C277
98584 +:107EB00034A60100320300023051000114600007B3
98585 +:107EC00090D200093C098008353300809268000593
98586 +:107ED0003107000810E0000C308A00100240202119
98587 +:107EE0000E00078302202821240200018FBF0020FA
98588 +:107EF0008FB3001C8FB200188FB100148FB0001028
98589 +:107F000003E0000827BD00281540003434A50A000E
98590 +:107F10008CB800248CAF0008130F004B00003821F0
98591 +:107F20003C0D800835B30080926C00682406000286
98592 +:107F3000318B00FF116600843C06800034C20100D2
98593 +:107F40009263004C90590009307F00FF53F9000400
98594 +:107F50003213007C10E00069000000003213007C46
98595 +:107F60005660005C0240202116200009320D0001FD
98596 +:107F70003C0C800035840100358B0A008D6500249F
98597 +:107F80008C86000414A6FFD900001021320D0001D8
98598 +:107F900011A0000E024020213C1880003710010083
98599 +:107FA0008E0F000C8F8E005011EE000800000000B4
98600 +:107FB0000E000843022028218E19000C3C1F800867
98601 +:107FC00037F00080AE190050024020210E000771EA
98602 +:107FD000022028210A00098F240200013C05080024
98603 +:107FE0008CA5006424A400013C010800AC240064BA
98604 +:107FF0001600000D00000000022028210E0007716D
98605 +:1080000002402021926E0068240C000231CD00FF56
98606 +:1080100011AC0022024020210E00094100000000A6
98607 +:108020000A00098F240200010E00007024040001E0
98608 +:10803000926B0025020B30250E00007EA266002503
98609 +:108040000A0009D3022028218E6200188CDF000468
98610 +:108050008CB9002400021E0217F9FFB13065007FC1
98611 +:108060009268004C264400013093007F1265004066
98612 +:10807000310300FF1464FFAB3C0D8008264700016C
98613 +:1080800030F1007F30E200FF1225000B24070001D1
98614 +:10809000004090210A00099C2411000124050004DD
98615 +:1080A0000E000732240600010E0009410000000006
98616 +:1080B0000A00098F240200012405FF8002452024C4
98617 +:1080C00000859026324200FF004090210A00099C62
98618 +:1080D000241100010E00084302202821320700303D
98619 +:1080E00010E0FFA132100082024020210E00078321
98620 +:1080F000022028210A00098F240200018E6900183D
98621 +:108100000240202102202821012640250E0009647A
98622 +:10811000AE6800189264004C240500032406000198
98623 +:108120000E000732308400FF0E00007024040001AE
98624 +:1081300092710025021150250E00007EA26A0025D2
98625 +:108140000A00098F240200018E6F00183C1880007D
98626 +:108150000240202101F87025022028210E0007711D
98627 +:10816000AE6E00189264004C0A000A1B240500043D
98628 +:10817000324A0080394900801469FF6A3C0D80084A
98629 +:108180000A0009F42647000127BDFFC0AFB0001860
98630 +:108190003C108000AFBF0038AFB70034AFB600303E
98631 +:1081A000AFB5002CAFB40028AFB30024AFB20020AD
98632 +:1081B0000E0005BEAFB1001C360201009045000B59
98633 +:1081C0000E00097690440008144000E78FBF003885
98634 +:1081D0003C08800835070080A0E0006B3606098067
98635 +:1081E00090C50000240300503C17080026F73F907C
98636 +:1081F00030A400FF3C13080026733FA01083000347
98637 +:108200003C1080000000B82100009821241F0010BD
98638 +:108210003611010036120A00361509808E580024E6
98639 +:108220008E3400048EAF00208F8C00543C01080077
98640 +:10823000A03F3FD836190A80972B002C8EF60000FD
98641 +:10824000932A00180298702301EC68233C0108006F
98642 +:10825000AC2E3FB43C010800AC2D3FB83C010800F7
98643 +:10826000AC2C3FDCA78B005802C0F809315400FF4A
98644 +:1082700030490002152000E930420001504000C49E
98645 +:108280009227000992A90008312800081500000271
98646 +:10829000241500030000A8213C0A80003543090092
98647 +:1082A00035440A008C8D00249072001190700012E9
98648 +:1082B000907F0011325900FF321100FF02B11021EE
98649 +:1082C0000002C08033EF00FF0319B021028F70213C
98650 +:1082D00002D4602125CB00103C010800A4363FCE1B
98651 +:1082E0003C010800AC2D3FE03C010800A42C3FD02D
98652 +:1082F0003C010800A42B3FCC3556010035540980C1
98653 +:1083000035510E008F8700548F89005C8E850020C8
98654 +:1083100024080006012730233C010800AC283FD484
98655 +:1083200000A7282304C000B50000902104A000B3DA
98656 +:1083300000C5502B114000B5000000003C010800B2
98657 +:10834000AC263FB88E6200000040F8090000000033
98658 +:108350003046000214C0007400408021304B000100
98659 +:10836000556000118E6200043C0D08008DAD3FBCCD
98660 +:108370003C0EC0003C04800001AE6025AE2C000025
98661 +:108380008C980000330F000811E0FFFD0000000092
98662 +:10839000963F000824120001A79F00408E39000478
98663 +:1083A000AF9900388E6200040040F8090000000018
98664 +:1083B0000202802532030002146000B300000000B6
98665 +:1083C0003C09080095293FC43C06080094C63FD0EC
98666 +:1083D0003C0A0800954A3FC63C0708008CE73FBCB2
98667 +:1083E000012670213C0308008C633FE03C08080034
98668 +:1083F00095083FDA01CA20218ED9000C00E9282116
98669 +:10840000249F000200A878210067C02133E4FFFF09
98670 +:10841000AF9900503C010800AC383FE03C01080037
98671 +:10842000A42F3FC83C010800A42E3FD20E0001E754
98672 +:10843000000000008F8D0048004020213C01080012
98673 +:10844000A02D3FD98E62000825AC0001AF8C0048FA
98674 +:108450000040F809000000008F85005402A0302180
98675 +:108460000E00060C004020210E0007A10040202134
98676 +:108470008E6B000C0160F809004020213C0A0800C6
98677 +:10848000954A3FD23C06080094C63FC601464821A3
98678 +:10849000252800020E0001FB3104FFFF3C05080007
98679 +:1084A0008CA53FB43C0708008CE73FBC00A7202305
98680 +:1084B0003C010800AC243FB414800006000000001A
98681 +:1084C0003C0208008C423FD4344B00403C01080081
98682 +:1084D000AC2B3FD4124000438F8E00448E2D0010F1
98683 +:1084E0008F920044AE4D00208E2C0018AE4C00241C
98684 +:1084F0003C04080094843FC80E0006FA0000000007
98685 +:108500008F9F00548E6700103C010800AC3F3FDC99
98686 +:1085100000E0F809000000003C1908008F393FB462
98687 +:108520001720FF798F870054979300583C11800ED5
98688 +:10853000321601000E000729A633002C16C0004594
98689 +:10854000320300105460004C8EE5000432080040F5
98690 +:108550005500001D8EF000088EE4000C0080F80924
98691 +:10856000000000008FBF00388FB700348FB6003096
98692 +:108570008FB5002C8FB400288FB300248FB2002059
98693 +:108580008FB1001C8FB0001803E0000827BD004029
98694 +:108590008F86003C36110E0000072E0000A6202515
98695 +:1085A000AE0400808E4300208E500024AFA3001044
98696 +:1085B000AE2300148FB20010AE320010AE30001C9B
98697 +:1085C0000A000A75AE3000180200F8090000000029
98698 +:1085D0008EE4000C0080F809000000000A000B2E59
98699 +:1085E0008FBF003824180001240F0001A5C000200F
98700 +:1085F000A5D800220A000B10ADCF00243C010800D2
98701 +:10860000AC203FB80A000AA68E6200003C010800B8
98702 +:10861000AC253FB80A000AA68E6200009224000929
98703 +:108620000E000771000028218FBF00388FB700347B
98704 +:108630008FB600308FB5002C8FB400288FB3002484
98705 +:108640008FB200208FB1001C8FB0001803E000082B
98706 +:1086500027BD00403C1480009295010900002821AC
98707 +:108660000E00084332A400FF320300105060FFB830
98708 +:10867000320800408EE5000400A0F8090000000068
98709 +:108680000A000B28320800405240FFA89793005878
98710 +:108690008E3400148F930044AE7400208E35001C7D
98711 +:1086A000AE7500240A000B1F979300588F820014A8
98712 +:1086B0000004218003E00008008210213C078008AC
98713 +:1086C00034E200809043006900804021106000097E
98714 +:1086D0003C0401003C0708008CE73FDC8F8300303E
98715 +:1086E00000E32023048000089389001C14E30003A6
98716 +:1086F0000100202103E00008008010213C0401005B
98717 +:1087000003E00008008010211120000B00673823CF
98718 +:108710003C0D800035AC0980918B007C316A0002F1
98719 +:10872000114000202409003400E9702B15C0FFF12E
98720 +:108730000100202100E938232403FFFC00A3C82402
98721 +:1087400000E3C02400F9782B15E0FFEA030820219C
98722 +:1087500030C400030004102314C000143049000387
98723 +:108760000000302100A9782101E6702100EE682B7D
98724 +:1087700011A0FFE03C0401002D3800010006C82BC9
98725 +:10878000010548210319382414E0FFDA2524FFFCF1
98726 +:108790002402FFFC00A218240068202103E0000846
98727 +:1087A000008010210A000B9E240900303C0C800040
98728 +:1087B0003586098090CB007C316A00041540FFE9C2
98729 +:1087C000240600040A000BAD000030213C03080021
98730 +:1087D0008C63005C8F82001827BDFFE0AFBF0018DC
98731 +:1087E000AFB1001410620005AFB00010000329C043
98732 +:1087F00024A40280AF840014AF8300183C108000D2
98733 +:1088000036020A0094450032361101000E000B7F3B
98734 +:1088100030A43FFF8E240000241FFF803C11008005
98735 +:108820000082C021031F60243309007F000CC9406F
98736 +:1088300003294025330E0078362F00033C0D10002D
98737 +:10884000010D502501CF5825AE0C002836080980AF
98738 +:10885000AE0C080CAE0B082CAE0A08309103006970
98739 +:108860003C06800C0126382110600006AF870034DA
98740 +:108870008D09003C8D03006C0123382318E0008231
98741 +:10888000000000003C0B8008356A00803C1080002E
98742 +:10889000A1400069360609808CC200383C06800081
98743 +:1088A00034C50A0090A8003C310C00201180001A49
98744 +:1088B000AF820030240D00013C0E800035D10A004B
98745 +:1088C000A38D001CAF8000248E2400248F850024FB
98746 +:1088D000240D0008AF800020AF8000283C01080074
98747 +:1088E000A42D3FC63C010800A4203FDA0E000B83F4
98748 +:1088F000000030219228003C8FBF00188FB1001477
98749 +:108900008FB0001000086142AF82002C27BD00200C
98750 +:1089100003E000083182000190B80032240E00010B
98751 +:10892000330F00FF000F2182108E00412419000236
98752 +:108930001099006434C40AC03C03800034640A0007
98753 +:108940008C8F002415E0001E34660900909F0030D3
98754 +:108950002418000533F9003F1338004E24030001AA
98755 +:108960008F860020A383001CAF860028AF860024DA
98756 +:108970003C0E800035D10A008E2400248F8500240F
98757 +:10898000240D00083C010800A42D3FC63C0108004E
98758 +:10899000A4203FDA0E000B83000000009228003C68
98759 +:1089A0008FBF00188FB100148FB000100008614213
98760 +:1089B000AF82002C27BD002003E0000831820001B7
98761 +:1089C0008C8A00088C8B00248CD000643C0E8000C4
98762 +:1089D00035D10A00014B2823AF900024A380001C4E
98763 +:1089E000AF8500288E2400248F8600208F850024E8
98764 +:1089F000240D00083C010800A42D3FC63C010800DE
98765 +:108A0000A4203FDA0E000B83000000009228003CF7
98766 +:108A10008FBF00188FB100148FB0001000086142A2
98767 +:108A2000AF82002C27BD002003E000083182000146
98768 +:108A300090A200303051003F5224002834C50AC0B3
98769 +:108A40008CB000241600002234CB09008CA600480C
98770 +:108A50003C0A7FFF3545FFFF00C510243C0E800017
98771 +:108A6000AF82002035C509008F8800208CAD0060E2
98772 +:108A7000010D602B15800002010020218CA40060F4
98773 +:108A80000A000C22AF8400208D02006C0A000BFC4F
98774 +:108A90003C0680008C8200488F8600203C097FFFC6
98775 +:108AA0003527FFFF004788243C0480082403000189
98776 +:108AB000AF910028AC80006CA383001C0A000C302E
98777 +:108AC000AF8600248C9F00140A000C22AF9F002068
98778 +:108AD0008D6200680A000C6C3C0E800034C4098072
98779 +:108AE0008C8900708CA300140123382B10E0000443
98780 +:108AF000000000008C8200700A000C6C3C0E8000AC
98781 +:108B00008CA200140A000C6C3C0E80008F8500249F
98782 +:108B100027BDFFE0AFBF0018AFB1001414A00008DC
98783 +:108B2000AFB000103C04800034870A0090E60030AB
98784 +:108B30002402000530C3003F106200B934840900EC
98785 +:108B40008F91002000A080213C048000348E0A0018
98786 +:108B50008DCD00043C0608008CC63FB831A73FFF0E
98787 +:108B600000E6602B5580000100E03021938F001C4F
98788 +:108B700011E0007800D0282B349F098093F9007C05
98789 +:108B800033380002130000792403003400C3102B93
98790 +:108B9000144000D90000000000C3302300D0282B6F
98791 +:108BA0003C010800A4233FC414A0006E0200182159
98792 +:108BB0003C0408008C843FB40064402B5500000145
98793 +:108BC000006020213C05800034A90A00912A003C65
98794 +:108BD0003C010800AC243FBC31430020146000037A
98795 +:108BE0000000482134AB0E008D6900188F88002CDE
98796 +:108BF0000128202B1080005F000000003C050800C9
98797 +:108C00008CA53FBC00A96821010D602B1180005C80
98798 +:108C100000B0702B0109382300E028213C01080036
98799 +:108C2000AC273FBC12000003240AFFFC10B0008DEB
98800 +:108C30003224000300AA18243C010800A4203FDAD3
98801 +:108C40003C010800AC233FBC006028218F84002435
98802 +:108C5000120400063C0B80088D6C006C0200202181
98803 +:108C6000AF91002025900001AD70006C8F8D002821
98804 +:108C700000858823AF91002401A52023AF8400281C
98805 +:108C80001220000224070018240700103C18800856
98806 +:108C90003706008090CF00683C010800A0273FD82D
98807 +:108CA0002407000131EE00FF11C70047000000005B
98808 +:108CB00014800018000028213C06800034D109806F
98809 +:108CC00034CD010091A600098E2C001824C40001A7
98810 +:108CD000000C86023205007F308B007F1165007F1B
98811 +:108CE0002407FF803C19800837290080A124004C0C
98812 +:108CF0003C0808008D083FD4241800023C010800FD
98813 +:108D0000A0384019350F00083C010800AC2F3FD4B3
98814 +:108D1000240500103C02800034440A009083003C8B
98815 +:108D2000307F002013E0000500A02021240A00016C
98816 +:108D30003C010800AC2A3FBC34A400018FBF0018DE
98817 +:108D40008FB100148FB000100080102103E00008E4
98818 +:108D500027BD00203C010800A4203FC410A0FF94C0
98819 +:108D6000020018210A000CC000C018210A000CB72C
98820 +:108D7000240300303C0508008CA53FBC00B0702BDC
98821 +:108D800011C0FFA8000000003C19080097393FC43B
98822 +:108D90000325C0210307782B11E000072CAA00044B
98823 +:108DA0003C0360008C625404305F003F17E0FFE337
98824 +:108DB000240400422CAA00041140FF9A240400421B
98825 +:108DC0000A000D248FBF00181528FFB9000000000D
98826 +:108DD0008CCA00183C1F800024020002015F182585
98827 +:108DE000ACC3001837F90A00A0C200689329003C00
98828 +:108DF0002404000400A01021312800203C010800B8
98829 +:108E0000A0244019110000022405001024020001D2
98830 +:108E10003C010800AC223FB40A000D1A3C0280005D
98831 +:108E20008F8800288C8900600109282B14A000027B
98832 +:108E3000010088218C9100603C048000348B0E007E
98833 +:108E40008D640018240A000102202821022030210C
98834 +:108E5000A38A001C0E000B83022080210A000CA6AE
98835 +:108E6000AF82002C00045823122000073164000355
98836 +:108E70003C0E800035C7098090ED007C31AC0004C9
98837 +:108E800015800019248F00043C010800A4243FDA57
98838 +:108E90003C1F080097FF3FDA03E5C82100D9C02B2B
98839 +:108EA0001300FF6B8F8400242CA6000514C0FFA3C1
98840 +:108EB0002404004230A200031440000200A2182340
98841 +:108EC00024A3FFFC3C010800AC233FBC3C0108008C
98842 +:108ED000A4203FDA0A000CE70060282100C77024B4
98843 +:108EE0000A000D0D01C720263C010800A42F3FDA1F
98844 +:108EF0000A000D78000000003C010800AC203FBCD7
98845 +:108F00000A000D23240400428F8300283C058000C2
98846 +:108F100034AA0A00146000060000102191470030B6
98847 +:108F20002406000530E400FF108600030000000066
98848 +:108F300003E0000800000000914B0048316900FF89
98849 +:108F4000000941C21500FFFA3C0680083C040800F5
98850 +:108F500094843FC43C0308008C633FDC3C19080048
98851 +:108F60008F393FBC3C0F080095EF3FDA0064C02109
98852 +:108F70008CCD00040319702101CF602134AB0E00A9
98853 +:108F8000018D282318A0001D00000000914F004C07
98854 +:108F90008F8C0034956D001031EE00FF8D89000438
98855 +:108FA00001AE30238D8A000030CEFFFF000E290075
98856 +:108FB0000125C82100003821014720210325182B55
98857 +:108FC0000083C021AD990004AD980000918F000A84
98858 +:108FD00001CF6821A18D000A956500128F8A0034A7
98859 +:108FE000A5450008954B003825690001A5490038C2
98860 +:108FF0009148000D35070008A147000D03E0000867
98861 +:109000000000000027BDFFD8AFB000189388001CF7
98862 +:109010008FB000143C0A80003C197FFF8F8700242A
98863 +:109020003738FFFFAFBF0020AFB1001C355F0A002B
98864 +:109030000218182493EB003C00087FC03C02BFFFDD
98865 +:10904000006F60252CF000013449FFFF3C1F080031
98866 +:109050008FFF3FDC8F9900303C18080097183FD2F3
98867 +:1090600001897824001047803C07EFFF3C05F0FFA2
98868 +:1090700001E818253C1180003169002034E2FFFF2F
98869 +:1090800034ADFFFF362E098027A50010240600020C
98870 +:1090900003F96023270B0002354A0E0000621824F2
98871 +:1090A0000080802115200002000040218D48001C16
98872 +:1090B000A7AB0012058000392407000030E800FF4C
98873 +:1090C00000083F00006758253C028008AFAB001441
98874 +:1090D000344F008091EA00683C08080091083FD9AD
98875 +:1090E0003C09DFFF352CFFFF000AF82B3C0208008B
98876 +:1090F00094423FCCA3A80011016CC024001FCF40B4
98877 +:10910000031918258FA70010AFA300143C0C08000A
98878 +:10911000918C3FDBA7A200168FAB001400ED482412
98879 +:109120003C0F01003C0A0FFF012FC82531980003B6
98880 +:10913000355FFFFF016D40243C027000033F38247F
98881 +:1091400000181E0000E2482501037825AFAF001487
98882 +:10915000AFA9001091CC007C0E000092A3AC0015CA
98883 +:10916000362D0A0091A6003C30C400201080000675
98884 +:10917000260200083C11080096313FC8262EFFFF4A
98885 +:109180003C010800A42E3FC88FBF00208FB1001CF7
98886 +:109190008FB0001803E0000827BD00288F8B002C3B
98887 +:1091A000010B502B5540FFC5240700010A000E0497
98888 +:1091B00030E800FF9383001C3C02800027BDFFD8ED
98889 +:1091C00034480A0000805021AFBF002034460AC056
98890 +:1091D000010028211060000E3444098091070030FE
98891 +:1091E000240B00058F89002030EC003F118B000B11
98892 +:1091F00000003821AFA900103C0B80088D69006C7D
98893 +:10920000AFAA00180E00015AAFA90014A380001CD9
98894 +:109210008FBF002003E0000827BD00288D1F0048F5
98895 +:109220003C1808008F183FBC8F9900283C027FFF34
98896 +:109230008D0800443443FFFFAFA900103C0B8008A9
98897 +:109240008D69006C03E370240319782101CF682332
98898 +:1092500001A83821AFAA00180E00015AAFA90014C6
98899 +:109260000A000E58A380001C3C05800034A60A00AA
98900 +:1092700090C7003C3C06080094C63FDA3C02080058
98901 +:109280008C423FD430E30020000624001060001E12
98902 +:10929000004438253C0880083505008090A300680C
98903 +:1092A00000004821240800010000282124040001B6
98904 +:1092B0003C0680008CCD017805A0FFFE34CF014034
98905 +:1092C000ADE800083C0208008C423FDCA5E5000444
98906 +:1092D000A5E40006ADE2000C3C04080090843FD9F0
98907 +:1092E0003C03800834790080A1E40012ADE700144B
98908 +:1092F000A5E900189338004C3C0E1000A1F8002D91
98909 +:1093000003E00008ACCE017834A90E008D28001CC3
98910 +:109310003C0C08008D8C3FBC952B0016952A001440
98911 +:10932000018648213164FFFF0A000E803145FFFFAE
98912 +:109330003C04800034830A009065003C30A2002089
98913 +:109340001040001934870E00000040210000382131
98914 +:10935000000020213C0680008CC901780520FFFE1A
98915 +:1093600034CA014034CF010091EB0009AD48000838
98916 +:109370003C0E08008DCE3FDC240DFF91240C0040F4
98917 +:109380003C081000A5440004A5470006AD4E000CA3
98918 +:10939000A14D0012AD4C0014A5400018A14B002DAA
98919 +:1093A00003E00008ACC801788CE8001894E60012CD
98920 +:1093B00094E4001030C7FFFF0A000EA93084FFFFBD
98921 +:1093C0003C04800034830A009065003C30A20020F9
98922 +:1093D0001040002727BDFFF82409000100003821B4
98923 +:1093E000240800013C0680008CCA01780540FFFE7D
98924 +:1093F0003C0280FF34C40100908D00093C0C080041
98925 +:10940000918C4019A3AD00038FAB00003185007F24
98926 +:109410003459FFFF01665025AFAA00009083000A6F
98927 +:10942000A3A0000200057E00A3A300018FB80000E6
98928 +:1094300034CB0140240C30000319702401CF68257F
98929 +:10944000AD6D000C27BD0008AD6C0014A5600018C0
98930 +:10945000AD690008A56700042409FF80A56800061F
98931 +:109460003C081000A169001203E00008ACC80178B4
98932 +:1094700034870E008CE9001894E6001294E4001082
98933 +:1094800030C8FFFF0A000ECD3087FFFF27BDFFE089
98934 +:10949000AFB100143C118000AFB00010AFBF001896
98935 +:1094A00036380A00970F0032363001000E000B7F6D
98936 +:1094B00031E43FFF8E0E0000240DFF803C042000AD
98937 +:1094C00001C25821016D6024000C4940316A007FBF
98938 +:1094D000012A4025010438253C048008AE270830C5
98939 +:1094E0003486008090C500682403000230A200FF8B
98940 +:1094F000104300048F9F00208F990024AC9F0068C8
98941 +:10950000AC9900648FBF00188FB100148FB00010A9
98942 +:1095100003E0000827BD00203C0A0800254A3A80E5
98943 +:109520003C09080025293B103C08080025082F1C91
98944 +:109530003C07080024E73BDC3C06080024C639044D
98945 +:109540003C05080024A536583C0408002484325CFD
98946 +:109550003C030800246339B83C0208002442375415
98947 +:109560003C010800AC2A3F983C010800AC293F941C
98948 +:109570003C010800AC283F903C010800AC273F9C10
98949 +:109580003C010800AC263FAC3C010800AC253FA4E0
98950 +:109590003C010800AC243FA03C010800AC233FB0D4
98951 +:1095A0003C010800AC223FA803E0000800000000D6
98952 +:1095B00080000940800009008008010080080080C8
98953 +:1095C00080080000800E00008008008080080000F5
98954 +:1095D00080000A8080000A00800009808000090065
98955 +:00000001FF
98956 diff --git a/fs/9p/vfs_addr.c b/fs/9p/vfs_addr.c
98957 index 6181ad7..86db022 100644
98958 --- a/fs/9p/vfs_addr.c
98959 +++ b/fs/9p/vfs_addr.c
98960 @@ -121,7 +121,7 @@ static int v9fs_vfs_readpages(struct file *filp, struct address_space *mapping,
98961 if (ret == 0)
98962 return ret;
98963
98964 - ret = read_cache_pages(mapping, pages, (void *)v9fs_vfs_readpage, filp);
98965 + ret = read_cache_pages(mapping, pages, v9fs_vfs_readpage, filp);
98966 p9_debug(P9_DEBUG_VFS, " = %d\n", ret);
98967 return ret;
98968 }
98969 diff --git a/fs/9p/vfs_inode_dotl.c b/fs/9p/vfs_inode_dotl.c
98970 index eeabcb0..cea07b5 100644
98971 --- a/fs/9p/vfs_inode_dotl.c
98972 +++ b/fs/9p/vfs_inode_dotl.c
98973 @@ -179,7 +179,7 @@ static int v9fs_mapped_dotl_flags(int flags)
98974 {
98975 int i;
98976 int rflags = 0;
98977 - struct dotl_openflag_map dotl_oflag_map[] = {
98978 + static const struct dotl_openflag_map dotl_oflag_map[] = {
98979 { O_CREAT, P9_DOTL_CREATE },
98980 { O_EXCL, P9_DOTL_EXCL },
98981 { O_NOCTTY, P9_DOTL_NOCTTY },
98982 @@ -524,7 +524,7 @@ static int v9fs_mapped_iattr_valid(int iattr_valid)
98983 {
98984 int i;
98985 int p9_iattr_valid = 0;
98986 - struct dotl_iattr_map dotl_iattr_map[] = {
98987 + static const struct dotl_iattr_map dotl_iattr_map[] = {
98988 { ATTR_MODE, P9_ATTR_MODE },
98989 { ATTR_UID, P9_ATTR_UID },
98990 { ATTR_GID, P9_ATTR_GID },
98991 diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt
98992 index c7efddf..fa601ee 100644
98993 --- a/fs/Kconfig.binfmt
98994 +++ b/fs/Kconfig.binfmt
98995 @@ -112,7 +112,7 @@ config HAVE_AOUT
98996
98997 config BINFMT_AOUT
98998 tristate "Kernel support for a.out and ECOFF binaries"
98999 - depends on HAVE_AOUT
99000 + depends on HAVE_AOUT && BROKEN
99001 ---help---
99002 A.out (Assembler.OUTput) is a set of formats for libraries and
99003 executables used in the earliest versions of UNIX. Linux used
99004 diff --git a/fs/afs/file.c b/fs/afs/file.c
99005 index 6344aee..217c579 100644
99006 --- a/fs/afs/file.c
99007 +++ b/fs/afs/file.c
99008 @@ -122,11 +122,11 @@ static void afs_file_readpage_read_complete(struct page *page,
99009 /*
99010 * read page from file, directory or symlink, given a key to use
99011 */
99012 -int afs_page_filler(void *data, struct page *page)
99013 +int afs_page_filler(struct file *data, struct page *page)
99014 {
99015 struct inode *inode = page->mapping->host;
99016 struct afs_vnode *vnode = AFS_FS_I(inode);
99017 - struct key *key = data;
99018 + struct key *key = (struct key *)data;
99019 size_t len;
99020 off_t offset;
99021 int ret;
99022 @@ -220,14 +220,14 @@ static int afs_readpage(struct file *file, struct page *page)
99023 if (file) {
99024 key = file->private_data;
99025 ASSERT(key != NULL);
99026 - ret = afs_page_filler(key, page);
99027 + ret = afs_page_filler((struct file *)key, page);
99028 } else {
99029 struct inode *inode = page->mapping->host;
99030 key = afs_request_key(AFS_FS_S(inode->i_sb)->volume->cell);
99031 if (IS_ERR(key)) {
99032 ret = PTR_ERR(key);
99033 } else {
99034 - ret = afs_page_filler(key, page);
99035 + ret = afs_page_filler((struct file *)key, page);
99036 key_put(key);
99037 }
99038 }
99039 diff --git a/fs/afs/inode.c b/fs/afs/inode.c
99040 index 86cc726..b9b7f73 100644
99041 --- a/fs/afs/inode.c
99042 +++ b/fs/afs/inode.c
99043 @@ -142,7 +142,7 @@ struct inode *afs_iget_autocell(struct inode *dir, const char *dev_name,
99044 struct afs_vnode *vnode;
99045 struct super_block *sb;
99046 struct inode *inode;
99047 - static atomic_t afs_autocell_ino;
99048 + static atomic_unchecked_t afs_autocell_ino;
99049
99050 _enter("{%x:%u},%*.*s,",
99051 AFS_FS_I(dir)->fid.vid, AFS_FS_I(dir)->fid.vnode,
99052 @@ -155,7 +155,7 @@ struct inode *afs_iget_autocell(struct inode *dir, const char *dev_name,
99053 data.fid.unique = 0;
99054 data.fid.vnode = 0;
99055
99056 - inode = iget5_locked(sb, atomic_inc_return(&afs_autocell_ino),
99057 + inode = iget5_locked(sb, atomic_inc_return_unchecked(&afs_autocell_ino),
99058 afs_iget5_autocell_test, afs_iget5_set,
99059 &data);
99060 if (!inode) {
99061 diff --git a/fs/afs/internal.h b/fs/afs/internal.h
99062 index df976b2..fcafd44 100644
99063 --- a/fs/afs/internal.h
99064 +++ b/fs/afs/internal.h
99065 @@ -15,7 +15,7 @@
99066 #include <linux/pagemap.h>
99067 #include <linux/skbuff.h>
99068 #include <linux/rxrpc.h>
99069 -#include <linux/key.h>
99070 +#include <linux/key-type.h>
99071 #include <linux/workqueue.h>
99072 #include <linux/sched.h>
99073 #include <linux/fscache.h>
99074 @@ -498,7 +498,7 @@ extern const struct file_operations afs_file_operations;
99075
99076 extern int afs_open(struct inode *, struct file *);
99077 extern int afs_release(struct inode *, struct file *);
99078 -extern int afs_page_filler(void *, struct page *);
99079 +extern int afs_page_filler(struct file *, struct page *);
99080
99081 /*
99082 * flock.c
99083 diff --git a/fs/aio.c b/fs/aio.c
99084 index 4fe81d1..85f39a0 100644
99085 --- a/fs/aio.c
99086 +++ b/fs/aio.c
99087 @@ -455,7 +455,7 @@ static int aio_setup_ring(struct kioctx *ctx)
99088 size += sizeof(struct io_event) * nr_events;
99089
99090 nr_pages = PFN_UP(size);
99091 - if (nr_pages < 0)
99092 + if (nr_pages <= 0)
99093 return -EINVAL;
99094
99095 file = aio_private_file(ctx, nr_pages);
99096 diff --git a/fs/attr.c b/fs/attr.c
99097 index 3c42cab..3e01da6 100644
99098 --- a/fs/attr.c
99099 +++ b/fs/attr.c
99100 @@ -102,6 +102,10 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset)
99101 unsigned long limit;
99102
99103 limit = rlimit(RLIMIT_FSIZE);
99104 + if (offset > ULONG_MAX)
99105 + gr_learn_resource(current, RLIMIT_FSIZE, ULONG_MAX, 1);
99106 + else if (offset > 0)
99107 + gr_learn_resource(current, RLIMIT_FSIZE, (unsigned long)offset, 1);
99108 if (limit != RLIM_INFINITY && offset > limit)
99109 goto out_sig;
99110 if (offset > inode->i_sb->s_maxbytes)
99111 diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
99112 index e44271d..0fdc215 100644
99113 --- a/fs/autofs4/waitq.c
99114 +++ b/fs/autofs4/waitq.c
99115 @@ -56,7 +56,7 @@ static int autofs4_write(struct autofs_sb_info *sbi,
99116 {
99117 unsigned long sigpipe, flags;
99118 mm_segment_t fs;
99119 - const char *data = (const char *)addr;
99120 + const char __user *data = (const char __force_user *)addr;
99121 ssize_t wr = 0;
99122
99123 sigpipe = sigismember(&current->pending.signal, SIGPIPE);
99124 @@ -344,6 +344,10 @@ static int validate_request(struct autofs_wait_queue **wait,
99125 return 1;
99126 }
99127
99128 +#ifdef CONFIG_GRKERNSEC_HIDESYM
99129 +static atomic_unchecked_t autofs_dummy_name_id = ATOMIC_INIT(0);
99130 +#endif
99131 +
99132 int autofs4_wait(struct autofs_sb_info *sbi,
99133 struct dentry *dentry, enum autofs_notify notify)
99134 {
99135 @@ -389,7 +393,12 @@ int autofs4_wait(struct autofs_sb_info *sbi,
99136
99137 /* If this is a direct mount request create a dummy name */
99138 if (IS_ROOT(dentry) && autofs_type_trigger(sbi->type))
99139 +#ifdef CONFIG_GRKERNSEC_HIDESYM
99140 + /* this name does get written to userland via autofs4_write() */
99141 + qstr.len = sprintf(name, "%08x", atomic_inc_return_unchecked(&autofs_dummy_name_id));
99142 +#else
99143 qstr.len = sprintf(name, "%p", dentry);
99144 +#endif
99145 else {
99146 qstr.len = autofs4_getpath(sbi, dentry, &name);
99147 if (!qstr.len) {
99148 diff --git a/fs/befs/endian.h b/fs/befs/endian.h
99149 index 2722387..56059b5 100644
99150 --- a/fs/befs/endian.h
99151 +++ b/fs/befs/endian.h
99152 @@ -11,7 +11,7 @@
99153
99154 #include <asm/byteorder.h>
99155
99156 -static inline u64
99157 +static inline u64 __intentional_overflow(-1)
99158 fs64_to_cpu(const struct super_block *sb, fs64 n)
99159 {
99160 if (BEFS_SB(sb)->byte_order == BEFS_BYTESEX_LE)
99161 @@ -29,7 +29,7 @@ cpu_to_fs64(const struct super_block *sb, u64 n)
99162 return (__force fs64)cpu_to_be64(n);
99163 }
99164
99165 -static inline u32
99166 +static inline u32 __intentional_overflow(-1)
99167 fs32_to_cpu(const struct super_block *sb, fs32 n)
99168 {
99169 if (BEFS_SB(sb)->byte_order == BEFS_BYTESEX_LE)
99170 @@ -47,7 +47,7 @@ cpu_to_fs32(const struct super_block *sb, u32 n)
99171 return (__force fs32)cpu_to_be32(n);
99172 }
99173
99174 -static inline u16
99175 +static inline u16 __intentional_overflow(-1)
99176 fs16_to_cpu(const struct super_block *sb, fs16 n)
99177 {
99178 if (BEFS_SB(sb)->byte_order == BEFS_BYTESEX_LE)
99179 diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c
99180 index 7da05b1..9df0a29 100644
99181 --- a/fs/befs/linuxvfs.c
99182 +++ b/fs/befs/linuxvfs.c
99183 @@ -431,10 +431,12 @@ static struct inode *befs_iget(struct super_block *sb, unsigned long ino)
99184 static int __init
99185 befs_init_inodecache(void)
99186 {
99187 - befs_inode_cachep = kmem_cache_create("befs_inode_cache",
99188 + befs_inode_cachep = kmem_cache_create_usercopy("befs_inode_cache",
99189 sizeof (struct befs_inode_info),
99190 0, (SLAB_RECLAIM_ACCOUNT|
99191 SLAB_MEM_SPREAD|SLAB_ACCOUNT),
99192 + offsetof(struct befs_inode_info, i_data.symlink),
99193 + sizeof(((struct befs_inode_info *)0)->i_data.symlink),
99194 init_once);
99195 if (befs_inode_cachep == NULL) {
99196 pr_err("%s: Couldn't initialize inode slabcache\n", __func__);
99197 diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c
99198 index ae1b540..15cfacf 100644
99199 --- a/fs/binfmt_aout.c
99200 +++ b/fs/binfmt_aout.c
99201 @@ -16,6 +16,7 @@
99202 #include <linux/string.h>
99203 #include <linux/fs.h>
99204 #include <linux/file.h>
99205 +#include <linux/security.h>
99206 #include <linux/stat.h>
99207 #include <linux/fcntl.h>
99208 #include <linux/ptrace.h>
99209 @@ -58,6 +59,8 @@ static int aout_core_dump(struct coredump_params *cprm)
99210 #endif
99211 # define START_STACK(u) ((void __user *)u.start_stack)
99212
99213 + memset(&dump, 0, sizeof(dump));
99214 +
99215 fs = get_fs();
99216 set_fs(KERNEL_DS);
99217 has_dumped = 1;
99218 @@ -68,10 +71,12 @@ static int aout_core_dump(struct coredump_params *cprm)
99219
99220 /* If the size of the dump file exceeds the rlimit, then see what would happen
99221 if we wrote the stack, but not the data area. */
99222 + gr_learn_resource(current, RLIMIT_CORE, (dump.u_dsize + dump.u_ssize+1) * PAGE_SIZE, 1);
99223 if ((dump.u_dsize + dump.u_ssize+1) * PAGE_SIZE > cprm->limit)
99224 dump.u_dsize = 0;
99225
99226 /* Make sure we have enough room to write the stack and data areas. */
99227 + gr_learn_resource(current, RLIMIT_CORE, (dump.u_ssize + 1) * PAGE_SIZE, 1);
99228 if ((dump.u_ssize + 1) * PAGE_SIZE > cprm->limit)
99229 dump.u_ssize = 0;
99230
99231 @@ -228,6 +233,8 @@ static int load_aout_binary(struct linux_binprm * bprm)
99232 rlim = rlimit(RLIMIT_DATA);
99233 if (rlim >= RLIM_INFINITY)
99234 rlim = ~0;
99235 +
99236 + gr_learn_resource(current, RLIMIT_DATA, ex.a_data + ex.a_bss, 1);
99237 if (ex.a_data + ex.a_bss > rlim)
99238 return -ENOMEM;
99239
99240 @@ -257,6 +264,27 @@ static int load_aout_binary(struct linux_binprm * bprm)
99241
99242 install_exec_creds(bprm);
99243
99244 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
99245 + current->mm->pax_flags = 0UL;
99246 +#endif
99247 +
99248 +#ifdef CONFIG_PAX_PAGEEXEC
99249 + if (!(N_FLAGS(ex) & F_PAX_PAGEEXEC)) {
99250 + current->mm->pax_flags |= MF_PAX_PAGEEXEC;
99251 +
99252 +#ifdef CONFIG_PAX_EMUTRAMP
99253 + if (N_FLAGS(ex) & F_PAX_EMUTRAMP)
99254 + current->mm->pax_flags |= MF_PAX_EMUTRAMP;
99255 +#endif
99256 +
99257 +#ifdef CONFIG_PAX_MPROTECT
99258 + if (!(N_FLAGS(ex) & F_PAX_MPROTECT))
99259 + current->mm->pax_flags |= MF_PAX_MPROTECT;
99260 +#endif
99261 +
99262 + }
99263 +#endif
99264 +
99265 if (N_MAGIC(ex) == OMAGIC) {
99266 unsigned long text_addr, map_size;
99267 loff_t pos;
99268 @@ -311,7 +339,7 @@ static int load_aout_binary(struct linux_binprm * bprm)
99269 return error;
99270
99271 error = vm_mmap(bprm->file, N_DATADDR(ex), ex.a_data,
99272 - PROT_READ | PROT_WRITE | PROT_EXEC,
99273 + PROT_READ | PROT_WRITE,
99274 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,
99275 fd_offset + ex.a_text);
99276 if (error != N_DATADDR(ex))
99277 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
99278 index e5495f3..641d63f 100644
99279 --- a/fs/binfmt_elf.c
99280 +++ b/fs/binfmt_elf.c
99281 @@ -36,6 +36,7 @@
99282 #include <linux/coredump.h>
99283 #include <linux/sched.h>
99284 #include <linux/dax.h>
99285 +#include <linux/xattr.h>
99286 #include <asm/uaccess.h>
99287 #include <asm/param.h>
99288 #include <asm/page.h>
99289 @@ -67,6 +68,14 @@ static int elf_core_dump(struct coredump_params *cprm);
99290 #define elf_core_dump NULL
99291 #endif
99292
99293 +#ifdef CONFIG_PAX_MPROTECT
99294 +static void elf_handle_mprotect(struct vm_area_struct *vma, unsigned long newflags);
99295 +#endif
99296 +
99297 +#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
99298 +static void elf_handle_mmap(struct file *file);
99299 +#endif
99300 +
99301 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
99302 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
99303 #else
99304 @@ -86,6 +95,15 @@ static struct linux_binfmt elf_format = {
99305 .load_binary = load_elf_binary,
99306 .load_shlib = load_elf_library,
99307 .core_dump = elf_core_dump,
99308 +
99309 +#ifdef CONFIG_PAX_MPROTECT
99310 + .handle_mprotect= elf_handle_mprotect,
99311 +#endif
99312 +
99313 +#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
99314 + .handle_mmap = elf_handle_mmap,
99315 +#endif
99316 +
99317 .min_coredump = ELF_EXEC_PAGESIZE,
99318 };
99319
99320 @@ -93,6 +111,8 @@ static struct linux_binfmt elf_format = {
99321
99322 static int set_brk(unsigned long start, unsigned long end)
99323 {
99324 + unsigned long e = end;
99325 +
99326 start = ELF_PAGEALIGN(start);
99327 end = ELF_PAGEALIGN(end);
99328 if (end > start) {
99329 @@ -100,7 +120,7 @@ static int set_brk(unsigned long start, unsigned long end)
99330 if (error)
99331 return error;
99332 }
99333 - current->mm->start_brk = current->mm->brk = end;
99334 + current->mm->start_brk = current->mm->brk = e;
99335 return 0;
99336 }
99337
99338 @@ -161,7 +181,7 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
99339 elf_addr_t __user *u_rand_bytes;
99340 const char *k_platform = ELF_PLATFORM;
99341 const char *k_base_platform = ELF_BASE_PLATFORM;
99342 - unsigned char k_rand_bytes[16];
99343 + u32 k_rand_bytes[4];
99344 int items;
99345 elf_addr_t *elf_info;
99346 int ei_index = 0;
99347 @@ -208,8 +228,12 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
99348 * Generate 16 random bytes for userspace PRNG seeding.
99349 */
99350 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
99351 - u_rand_bytes = (elf_addr_t __user *)
99352 - STACK_ALLOC(p, sizeof(k_rand_bytes));
99353 + prandom_seed(k_rand_bytes[0] ^ prandom_u32());
99354 + prandom_seed(k_rand_bytes[1] ^ prandom_u32());
99355 + prandom_seed(k_rand_bytes[2] ^ prandom_u32());
99356 + prandom_seed(k_rand_bytes[3] ^ prandom_u32());
99357 + p = STACK_ROUND(p, sizeof(k_rand_bytes));
99358 + u_rand_bytes = (elf_addr_t __user *) p;
99359 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
99360 return -EFAULT;
99361
99362 @@ -517,14 +541,14 @@ static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp,
99363 an ELF header */
99364
99365 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
99366 - struct file *interpreter, unsigned long *interp_map_addr,
99367 + struct file *interpreter,
99368 unsigned long no_base, struct elf_phdr *interp_elf_phdata)
99369 {
99370 struct elf_phdr *eppnt;
99371 - unsigned long load_addr = 0;
99372 + unsigned long load_addr = 0, pax_task_size = TASK_SIZE;
99373 int load_addr_set = 0;
99374 unsigned long last_bss = 0, elf_bss = 0;
99375 - unsigned long error = ~0UL;
99376 + unsigned long error = -EINVAL;
99377 unsigned long total_size;
99378 int i;
99379
99380 @@ -544,6 +568,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
99381 goto out;
99382 }
99383
99384 +#ifdef CONFIG_PAX_SEGMEXEC
99385 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
99386 + pax_task_size = SEGMEXEC_TASK_SIZE;
99387 +#endif
99388 +
99389 eppnt = interp_elf_phdata;
99390 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
99391 if (eppnt->p_type == PT_LOAD) {
99392 @@ -567,8 +596,6 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
99393 map_addr = elf_map(interpreter, load_addr + vaddr,
99394 eppnt, elf_prot, elf_type, total_size);
99395 total_size = 0;
99396 - if (!*interp_map_addr)
99397 - *interp_map_addr = map_addr;
99398 error = map_addr;
99399 if (BAD_ADDR(map_addr))
99400 goto out;
99401 @@ -587,8 +614,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
99402 k = load_addr + eppnt->p_vaddr;
99403 if (BAD_ADDR(k) ||
99404 eppnt->p_filesz > eppnt->p_memsz ||
99405 - eppnt->p_memsz > TASK_SIZE ||
99406 - TASK_SIZE - eppnt->p_memsz < k) {
99407 + eppnt->p_memsz > pax_task_size ||
99408 + pax_task_size - eppnt->p_memsz < k) {
99409 error = -ENOMEM;
99410 goto out;
99411 }
99412 @@ -639,6 +666,336 @@ out:
99413 return error;
99414 }
99415
99416 +#ifdef CONFIG_PAX_PT_PAX_FLAGS
99417 +#ifdef CONFIG_PAX_SOFTMODE
99418 +static unsigned long pax_parse_pt_pax_softmode(const struct elf_phdr * const elf_phdata)
99419 +{
99420 + unsigned long pax_flags = 0UL;
99421 +
99422 +#ifdef CONFIG_PAX_PAGEEXEC
99423 + if (elf_phdata->p_flags & PF_PAGEEXEC)
99424 + pax_flags |= MF_PAX_PAGEEXEC;
99425 +#endif
99426 +
99427 +#ifdef CONFIG_PAX_SEGMEXEC
99428 + if (elf_phdata->p_flags & PF_SEGMEXEC)
99429 + pax_flags |= MF_PAX_SEGMEXEC;
99430 +#endif
99431 +
99432 +#ifdef CONFIG_PAX_EMUTRAMP
99433 + if ((elf_phdata->p_flags & PF_EMUTRAMP) && (pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)))
99434 + pax_flags |= MF_PAX_EMUTRAMP;
99435 +#endif
99436 +
99437 +#ifdef CONFIG_PAX_MPROTECT
99438 + if (elf_phdata->p_flags & PF_MPROTECT)
99439 + pax_flags |= MF_PAX_MPROTECT;
99440 +#endif
99441 +
99442 +#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)
99443 + if (randomize_va_space && (elf_phdata->p_flags & PF_RANDMMAP))
99444 + pax_flags |= MF_PAX_RANDMMAP;
99445 +#endif
99446 +
99447 + return pax_flags;
99448 +}
99449 +#endif
99450 +
99451 +static unsigned long pax_parse_pt_pax_hardmode(const struct elf_phdr * const elf_phdata)
99452 +{
99453 + unsigned long pax_flags = 0UL;
99454 +
99455 +#ifdef CONFIG_PAX_PAGEEXEC
99456 + if (!(elf_phdata->p_flags & PF_NOPAGEEXEC))
99457 + pax_flags |= MF_PAX_PAGEEXEC;
99458 +#endif
99459 +
99460 +#ifdef CONFIG_PAX_SEGMEXEC
99461 + if (!(elf_phdata->p_flags & PF_NOSEGMEXEC))
99462 + pax_flags |= MF_PAX_SEGMEXEC;
99463 +#endif
99464 +
99465 +#ifdef CONFIG_PAX_EMUTRAMP
99466 + if (!(elf_phdata->p_flags & PF_NOEMUTRAMP))
99467 + pax_flags |= MF_PAX_EMUTRAMP;
99468 +#endif
99469 +
99470 +#ifdef CONFIG_PAX_MPROTECT
99471 + if (!(elf_phdata->p_flags & PF_NOMPROTECT))
99472 + pax_flags |= MF_PAX_MPROTECT;
99473 +#endif
99474 +
99475 +#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)
99476 + if (randomize_va_space && !(elf_phdata->p_flags & PF_NORANDMMAP))
99477 + pax_flags |= MF_PAX_RANDMMAP;
99478 +#endif
99479 +
99480 + return pax_flags;
99481 +}
99482 +#endif
99483 +
99484 +#ifdef CONFIG_PAX_XATTR_PAX_FLAGS
99485 +#ifdef CONFIG_PAX_SOFTMODE
99486 +static unsigned long pax_parse_xattr_pax_softmode(unsigned long pax_flags_softmode)
99487 +{
99488 + unsigned long pax_flags = 0UL;
99489 +
99490 +#ifdef CONFIG_PAX_PAGEEXEC
99491 + if (pax_flags_softmode & MF_PAX_PAGEEXEC)
99492 + pax_flags |= MF_PAX_PAGEEXEC;
99493 +#endif
99494 +
99495 +#ifdef CONFIG_PAX_SEGMEXEC
99496 + if (pax_flags_softmode & MF_PAX_SEGMEXEC)
99497 + pax_flags |= MF_PAX_SEGMEXEC;
99498 +#endif
99499 +
99500 +#ifdef CONFIG_PAX_EMUTRAMP
99501 + if ((pax_flags_softmode & MF_PAX_EMUTRAMP) && (pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)))
99502 + pax_flags |= MF_PAX_EMUTRAMP;
99503 +#endif
99504 +
99505 +#ifdef CONFIG_PAX_MPROTECT
99506 + if (pax_flags_softmode & MF_PAX_MPROTECT)
99507 + pax_flags |= MF_PAX_MPROTECT;
99508 +#endif
99509 +
99510 +#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)
99511 + if (randomize_va_space && (pax_flags_softmode & MF_PAX_RANDMMAP))
99512 + pax_flags |= MF_PAX_RANDMMAP;
99513 +#endif
99514 +
99515 + return pax_flags;
99516 +}
99517 +#endif
99518 +
99519 +static unsigned long pax_parse_xattr_pax_hardmode(unsigned long pax_flags_hardmode)
99520 +{
99521 + unsigned long pax_flags = 0UL;
99522 +
99523 +#ifdef CONFIG_PAX_PAGEEXEC
99524 + if (!(pax_flags_hardmode & MF_PAX_PAGEEXEC))
99525 + pax_flags |= MF_PAX_PAGEEXEC;
99526 +#endif
99527 +
99528 +#ifdef CONFIG_PAX_SEGMEXEC
99529 + if (!(pax_flags_hardmode & MF_PAX_SEGMEXEC))
99530 + pax_flags |= MF_PAX_SEGMEXEC;
99531 +#endif
99532 +
99533 +#ifdef CONFIG_PAX_EMUTRAMP
99534 + if (!(pax_flags_hardmode & MF_PAX_EMUTRAMP))
99535 + pax_flags |= MF_PAX_EMUTRAMP;
99536 +#endif
99537 +
99538 +#ifdef CONFIG_PAX_MPROTECT
99539 + if (!(pax_flags_hardmode & MF_PAX_MPROTECT))
99540 + pax_flags |= MF_PAX_MPROTECT;
99541 +#endif
99542 +
99543 +#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)
99544 + if (randomize_va_space && !(pax_flags_hardmode & MF_PAX_RANDMMAP))
99545 + pax_flags |= MF_PAX_RANDMMAP;
99546 +#endif
99547 +
99548 + return pax_flags;
99549 +}
99550 +#endif
99551 +
99552 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
99553 +static unsigned long pax_parse_defaults(void)
99554 +{
99555 + unsigned long pax_flags = 0UL;
99556 +
99557 +#ifdef CONFIG_PAX_SOFTMODE
99558 + if (pax_softmode)
99559 + return pax_flags;
99560 +#endif
99561 +
99562 +#ifdef CONFIG_PAX_PAGEEXEC
99563 + pax_flags |= MF_PAX_PAGEEXEC;
99564 +#endif
99565 +
99566 +#ifdef CONFIG_PAX_SEGMEXEC
99567 + pax_flags |= MF_PAX_SEGMEXEC;
99568 +#endif
99569 +
99570 +#ifdef CONFIG_PAX_MPROTECT
99571 + pax_flags |= MF_PAX_MPROTECT;
99572 +#endif
99573 +
99574 +#ifdef CONFIG_PAX_RANDMMAP
99575 + if (randomize_va_space)
99576 + pax_flags |= MF_PAX_RANDMMAP;
99577 +#endif
99578 +
99579 + return pax_flags;
99580 +}
99581 +
99582 +static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex)
99583 +{
99584 + unsigned long pax_flags = PAX_PARSE_FLAGS_FALLBACK;
99585 +
99586 +#ifdef CONFIG_PAX_EI_PAX
99587 +
99588 +#ifdef CONFIG_PAX_SOFTMODE
99589 + if (pax_softmode)
99590 + return pax_flags;
99591 +#endif
99592 +
99593 + pax_flags = 0UL;
99594 +
99595 +#ifdef CONFIG_PAX_PAGEEXEC
99596 + if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_PAGEEXEC))
99597 + pax_flags |= MF_PAX_PAGEEXEC;
99598 +#endif
99599 +
99600 +#ifdef CONFIG_PAX_SEGMEXEC
99601 + if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_SEGMEXEC))
99602 + pax_flags |= MF_PAX_SEGMEXEC;
99603 +#endif
99604 +
99605 +#ifdef CONFIG_PAX_EMUTRAMP
99606 + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && (elf_ex->e_ident[EI_PAX] & EF_PAX_EMUTRAMP))
99607 + pax_flags |= MF_PAX_EMUTRAMP;
99608 +#endif
99609 +
99610 +#ifdef CONFIG_PAX_MPROTECT
99611 + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && !(elf_ex->e_ident[EI_PAX] & EF_PAX_MPROTECT))
99612 + pax_flags |= MF_PAX_MPROTECT;
99613 +#endif
99614 +
99615 +#ifdef CONFIG_PAX_ASLR
99616 + if (randomize_va_space && !(elf_ex->e_ident[EI_PAX] & EF_PAX_RANDMMAP))
99617 + pax_flags |= MF_PAX_RANDMMAP;
99618 +#endif
99619 +
99620 +#endif
99621 +
99622 + return pax_flags;
99623 +
99624 +}
99625 +
99626 +static unsigned long pax_parse_pt_pax(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata)
99627 +{
99628 +
99629 +#ifdef CONFIG_PAX_PT_PAX_FLAGS
99630 + unsigned long i;
99631 +
99632 + for (i = 0UL; i < elf_ex->e_phnum; i++)
99633 + if (elf_phdata[i].p_type == PT_PAX_FLAGS) {
99634 + if (((elf_phdata[i].p_flags & PF_PAGEEXEC) && (elf_phdata[i].p_flags & PF_NOPAGEEXEC)) ||
99635 + ((elf_phdata[i].p_flags & PF_SEGMEXEC) && (elf_phdata[i].p_flags & PF_NOSEGMEXEC)) ||
99636 + ((elf_phdata[i].p_flags & PF_EMUTRAMP) && (elf_phdata[i].p_flags & PF_NOEMUTRAMP)) ||
99637 + ((elf_phdata[i].p_flags & PF_MPROTECT) && (elf_phdata[i].p_flags & PF_NOMPROTECT)) ||
99638 + ((elf_phdata[i].p_flags & PF_RANDMMAP) && (elf_phdata[i].p_flags & PF_NORANDMMAP)))
99639 + return PAX_PARSE_FLAGS_FALLBACK;
99640 +
99641 +#ifdef CONFIG_PAX_SOFTMODE
99642 + if (pax_softmode)
99643 + return pax_parse_pt_pax_softmode(&elf_phdata[i]);
99644 + else
99645 +#endif
99646 +
99647 + return pax_parse_pt_pax_hardmode(&elf_phdata[i]);
99648 + break;
99649 + }
99650 +#endif
99651 +
99652 + return PAX_PARSE_FLAGS_FALLBACK;
99653 +}
99654 +
99655 +static unsigned long pax_parse_xattr_pax(struct file * const file)
99656 +{
99657 +
99658 +#ifdef CONFIG_PAX_XATTR_PAX_FLAGS
99659 + ssize_t xattr_size, i;
99660 + unsigned char xattr_value[sizeof("pemrs") - 1];
99661 + unsigned long pax_flags_hardmode = 0UL, pax_flags_softmode = 0UL;
99662 +
99663 + xattr_size = pax_getxattr(file->f_path.dentry, xattr_value, sizeof xattr_value);
99664 + if (xattr_size < 0 || xattr_size > sizeof xattr_value)
99665 + return PAX_PARSE_FLAGS_FALLBACK;
99666 +
99667 + for (i = 0; i < xattr_size; i++)
99668 + switch (xattr_value[i]) {
99669 + default:
99670 + return PAX_PARSE_FLAGS_FALLBACK;
99671 +
99672 +#define parse_flag(option1, option2, flag) \
99673 + case option1: \
99674 + if (pax_flags_hardmode & MF_PAX_##flag) \
99675 + return PAX_PARSE_FLAGS_FALLBACK;\
99676 + pax_flags_hardmode |= MF_PAX_##flag; \
99677 + break; \
99678 + case option2: \
99679 + if (pax_flags_softmode & MF_PAX_##flag) \
99680 + return PAX_PARSE_FLAGS_FALLBACK;\
99681 + pax_flags_softmode |= MF_PAX_##flag; \
99682 + break;
99683 +
99684 + parse_flag('p', 'P', PAGEEXEC);
99685 + parse_flag('e', 'E', EMUTRAMP);
99686 + parse_flag('m', 'M', MPROTECT);
99687 + parse_flag('r', 'R', RANDMMAP);
99688 + parse_flag('s', 'S', SEGMEXEC);
99689 +
99690 +#undef parse_flag
99691 + }
99692 +
99693 + if (pax_flags_hardmode & pax_flags_softmode)
99694 + return PAX_PARSE_FLAGS_FALLBACK;
99695 +
99696 +#ifdef CONFIG_PAX_SOFTMODE
99697 + if (pax_softmode)
99698 + return pax_parse_xattr_pax_softmode(pax_flags_softmode);
99699 + else
99700 +#endif
99701 +
99702 + return pax_parse_xattr_pax_hardmode(pax_flags_hardmode);
99703 +#else
99704 + return PAX_PARSE_FLAGS_FALLBACK;
99705 +#endif
99706 +
99707 +}
99708 +
99709 +static long pax_parse_pax_flags(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata, struct file * const file)
99710 +{
99711 + unsigned long pax_flags, ei_pax_flags, pt_pax_flags, xattr_pax_flags;
99712 +
99713 + pax_flags = pax_parse_defaults();
99714 + ei_pax_flags = pax_parse_ei_pax(elf_ex);
99715 + pt_pax_flags = pax_parse_pt_pax(elf_ex, elf_phdata);
99716 + xattr_pax_flags = pax_parse_xattr_pax(file);
99717 +
99718 + if (pt_pax_flags != PAX_PARSE_FLAGS_FALLBACK &&
99719 + xattr_pax_flags != PAX_PARSE_FLAGS_FALLBACK &&
99720 + pt_pax_flags != xattr_pax_flags)
99721 + return -EINVAL;
99722 + if (xattr_pax_flags != PAX_PARSE_FLAGS_FALLBACK)
99723 + pax_flags = xattr_pax_flags;
99724 + else if (pt_pax_flags != PAX_PARSE_FLAGS_FALLBACK)
99725 + pax_flags = pt_pax_flags;
99726 + else if (ei_pax_flags != PAX_PARSE_FLAGS_FALLBACK)
99727 + pax_flags = ei_pax_flags;
99728 +
99729 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC)
99730 + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
99731 + if ((__supported_pte_mask & _PAGE_NX))
99732 + pax_flags &= ~MF_PAX_SEGMEXEC;
99733 + else
99734 + pax_flags &= ~MF_PAX_PAGEEXEC;
99735 + }
99736 +#endif
99737 +
99738 + if (0 > pax_check_flags(&pax_flags))
99739 + return -EINVAL;
99740 +
99741 + current->mm->pax_flags = pax_flags;
99742 + return 0;
99743 +}
99744 +#endif
99745 +
99746 /*
99747 * These are the functions used to load ELF style executables and shared
99748 * libraries. There is no binary dependent code anywhere else.
99749 @@ -652,6 +1009,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
99750 {
99751 unsigned long random_variable = 0;
99752
99753 +#ifdef CONFIG_PAX_RANDUSTACK
99754 + if (current->mm->pax_flags & MF_PAX_RANDMMAP)
99755 + return stack_top - current->mm->delta_stack;
99756 +#endif
99757 +
99758 if ((current->flags & PF_RANDOMIZE) &&
99759 !(current->personality & ADDR_NO_RANDOMIZE)) {
99760 random_variable = get_random_long();
99761 @@ -671,7 +1033,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
99762 unsigned long load_addr = 0, load_bias = 0;
99763 int load_addr_set = 0;
99764 char * elf_interpreter = NULL;
99765 - unsigned long error;
99766 + unsigned long error = 0;
99767 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
99768 unsigned long elf_bss, elf_brk;
99769 int retval, i;
99770 @@ -686,6 +1048,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
99771 struct elfhdr interp_elf_ex;
99772 } *loc;
99773 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
99774 + unsigned long pax_task_size;
99775
99776 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
99777 if (!loc) {
99778 @@ -846,6 +1209,77 @@ static int load_elf_binary(struct linux_binprm *bprm)
99779 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
99780 may depend on the personality. */
99781 SET_PERSONALITY2(loc->elf_ex, &arch_state);
99782 +
99783 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
99784 + current->mm->pax_flags = 0UL;
99785 +#endif
99786 +
99787 +#ifdef CONFIG_PAX_DLRESOLVE
99788 + current->mm->call_dl_resolve = 0UL;
99789 +#endif
99790 +
99791 +#if defined(CONFIG_PPC32) && defined(CONFIG_PAX_EMUSIGRT)
99792 + current->mm->call_syscall = 0UL;
99793 +#endif
99794 +
99795 +#ifdef CONFIG_PAX_ASLR
99796 + current->mm->delta_mmap = 0UL;
99797 + current->mm->delta_stack = 0UL;
99798 +#endif
99799 +
99800 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
99801 + if (0 > pax_parse_pax_flags(&loc->elf_ex, elf_phdata, bprm->file)) {
99802 + retval = -EINVAL;
99803 + goto out_free_dentry;
99804 + }
99805 +#endif
99806 +
99807 +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
99808 + pax_set_initial_flags(bprm);
99809 +#elif defined(CONFIG_PAX_HOOK_ACL_FLAGS)
99810 + if (pax_set_initial_flags_func)
99811 + (pax_set_initial_flags_func)(bprm);
99812 +#endif
99813 +
99814 +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
99815 + if ((current->mm->pax_flags & MF_PAX_PAGEEXEC) && !(__supported_pte_mask & _PAGE_NX)) {
99816 + current->mm->context.user_cs_limit = PAGE_SIZE;
99817 + current->mm->def_flags |= VM_PAGEEXEC | VM_NOHUGEPAGE;
99818 + }
99819 +#endif
99820 +
99821 +#ifdef CONFIG_PAX_SEGMEXEC
99822 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
99823 + current->mm->context.user_cs_base = SEGMEXEC_TASK_SIZE;
99824 + current->mm->context.user_cs_limit = TASK_SIZE-SEGMEXEC_TASK_SIZE;
99825 + pax_task_size = SEGMEXEC_TASK_SIZE;
99826 + current->mm->def_flags |= VM_NOHUGEPAGE;
99827 + } else
99828 +#endif
99829 +
99830 + pax_task_size = TASK_SIZE;
99831 +
99832 +#if defined(CONFIG_ARCH_TRACK_EXEC_LIMIT) || defined(CONFIG_PAX_SEGMEXEC)
99833 + if (current->mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
99834 + set_user_cs(current->mm->context.user_cs_base, current->mm->context.user_cs_limit, get_cpu());
99835 + put_cpu();
99836 + }
99837 +#endif
99838 +
99839 +#ifdef CONFIG_PAX_ASLR
99840 + if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
99841 + current->mm->delta_mmap = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN)-1)) << PAGE_SHIFT;
99842 + current->mm->delta_stack = (pax_get_random_long() & ((1UL << PAX_DELTA_STACK_LEN)-1)) << PAGE_SHIFT;
99843 + }
99844 +#endif
99845 +
99846 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
99847 + if (current->mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
99848 + executable_stack = EXSTACK_DISABLE_X;
99849 + current->personality &= ~READ_IMPLIES_EXEC;
99850 + } else
99851 +#endif
99852 +
99853 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
99854 current->personality |= READ_IMPLIES_EXEC;
99855
99856 @@ -922,8 +1356,21 @@ static int load_elf_binary(struct linux_binprm *bprm)
99857 if (current->flags & PF_RANDOMIZE)
99858 load_bias += arch_mmap_rnd();
99859 load_bias = ELF_PAGESTART(load_bias);
99860 - total_size = total_mapping_size(elf_phdata,
99861 - loc->elf_ex.e_phnum);
99862 +
99863 +#ifdef CONFIG_PAX_RANDMMAP
99864 + /* PaX: randomize base address at the default exe base if requested */
99865 + if ((current->mm->pax_flags & MF_PAX_RANDMMAP) && elf_interpreter) {
99866 +#ifdef CONFIG_SPARC64
99867 + load_bias = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN) - 1)) << (PAGE_SHIFT+1);
99868 +#else
99869 + load_bias = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN) - 1)) << PAGE_SHIFT;
99870 +#endif
99871 + load_bias = ELF_PAGESTART(PAX_ELF_ET_DYN_BASE - vaddr + load_bias);
99872 + elf_flags |= MAP_FIXED;
99873 + }
99874 +#endif
99875 +
99876 + total_size = total_mapping_size(elf_phdata, loc->elf_ex.e_phnum);
99877 if (!total_size) {
99878 retval = -EINVAL;
99879 goto out_free_dentry;
99880 @@ -959,9 +1406,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
99881 * allowed task size. Note that p_filesz must always be
99882 * <= p_memsz so it is only necessary to check p_memsz.
99883 */
99884 - if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
99885 - elf_ppnt->p_memsz > TASK_SIZE ||
99886 - TASK_SIZE - elf_ppnt->p_memsz < k) {
99887 + if (k >= pax_task_size || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
99888 + elf_ppnt->p_memsz > pax_task_size ||
99889 + pax_task_size - elf_ppnt->p_memsz < k) {
99890 /* set_brk can never work. Avoid overflows. */
99891 retval = -EINVAL;
99892 goto out_free_dentry;
99893 @@ -997,16 +1444,43 @@ static int load_elf_binary(struct linux_binprm *bprm)
99894 if (retval)
99895 goto out_free_dentry;
99896 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
99897 - retval = -EFAULT; /* Nobody gets to see this, but.. */
99898 - goto out_free_dentry;
99899 + /*
99900 + * This bss-zeroing can fail if the ELF
99901 + * file specifies odd protections. So
99902 + * we don't check the return value
99903 + */
99904 }
99905
99906 +#ifdef CONFIG_PAX_RANDMMAP
99907 + if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
99908 + unsigned long start, size, flags;
99909 + vm_flags_t vm_flags;
99910 +
99911 + start = ELF_PAGEALIGN(elf_brk);
99912 + size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4);
99913 + flags = MAP_FIXED | MAP_PRIVATE;
99914 + vm_flags = VM_DONTEXPAND | VM_DONTDUMP;
99915 +
99916 + down_write(&current->mm->mmap_sem);
99917 + start = get_unmapped_area(NULL, start, PAGE_ALIGN(size), 0, flags);
99918 + retval = -ENOMEM;
99919 + if (!IS_ERR_VALUE(start) && !find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) {
99920 +// if (current->personality & ADDR_NO_RANDOMIZE)
99921 +// vm_flags |= VM_READ | VM_MAYREAD;
99922 + start = mmap_region(NULL, start, PAGE_ALIGN(size), vm_flags, 0);
99923 + retval = IS_ERR_VALUE(start) ? start : 0;
99924 + }
99925 + up_write(&current->mm->mmap_sem);
99926 + if (retval == 0)
99927 + retval = set_brk(start + size, start + size + PAGE_SIZE);
99928 + if (retval < 0)
99929 + goto out_free_dentry;
99930 + }
99931 +#endif
99932 +
99933 if (elf_interpreter) {
99934 - unsigned long interp_map_addr = 0;
99935 -
99936 elf_entry = load_elf_interp(&loc->interp_elf_ex,
99937 interpreter,
99938 - &interp_map_addr,
99939 load_bias, interp_elf_phdata);
99940 if (!IS_ERR((void *)elf_entry)) {
99941 /*
99942 @@ -1056,6 +1530,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
99943 current->mm->end_data = end_data;
99944 current->mm->start_stack = bprm->p;
99945
99946 +#ifndef CONFIG_PAX_RANDMMAP
99947 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
99948 current->mm->brk = current->mm->start_brk =
99949 arch_randomize_brk(current->mm);
99950 @@ -1063,6 +1538,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
99951 current->brk_randomized = 1;
99952 #endif
99953 }
99954 +#endif
99955
99956 if (current->personality & MMAP_PAGE_ZERO) {
99957 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
99958 @@ -1234,7 +1710,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
99959 * Decide what to dump of a segment, part, all or none.
99960 */
99961 static unsigned long vma_dump_size(struct vm_area_struct *vma,
99962 - unsigned long mm_flags)
99963 + unsigned long mm_flags, long signr)
99964 {
99965 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
99966
99967 @@ -1281,7 +1757,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
99968 if (vma->vm_file == NULL)
99969 return 0;
99970
99971 - if (FILTER(MAPPED_PRIVATE))
99972 + if (signr == SIGKILL || FILTER(MAPPED_PRIVATE))
99973 goto whole;
99974
99975 /*
99976 @@ -1381,7 +1857,7 @@ static void fill_elf_header(struct elfhdr *elf, int segs,
99977 return;
99978 }
99979
99980 -static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
99981 +static void fill_elf_note_phdr(struct elf_phdr *phdr, size_t sz, loff_t offset)
99982 {
99983 phdr->p_type = PT_NOTE;
99984 phdr->p_offset = offset;
99985 @@ -1488,9 +1964,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
99986 {
99987 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
99988 int i = 0;
99989 - do
99990 + do {
99991 i += 2;
99992 - while (auxv[i - 2] != AT_NULL);
99993 + } while (auxv[i - 2] != AT_NULL);
99994 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
99995 }
99996
99997 @@ -1499,7 +1975,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
99998 {
99999 mm_segment_t old_fs = get_fs();
100000 set_fs(KERNEL_DS);
100001 - copy_siginfo_to_user((user_siginfo_t __user *) csigdata, siginfo);
100002 + copy_siginfo_to_user((user_siginfo_t __force_user *) csigdata, siginfo);
100003 set_fs(old_fs);
100004 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
100005 }
100006 @@ -2219,7 +2695,7 @@ static int elf_core_dump(struct coredump_params *cprm)
100007 vma = next_vma(vma, gate_vma)) {
100008 unsigned long dump_size;
100009
100010 - dump_size = vma_dump_size(vma, cprm->mm_flags);
100011 + dump_size = vma_dump_size(vma, cprm->mm_flags, cprm->siginfo->si_signo);
100012 vma_filesz[i++] = dump_size;
100013 vma_data_size += dump_size;
100014 }
100015 @@ -2327,6 +2803,167 @@ out:
100016
100017 #endif /* CONFIG_ELF_CORE */
100018
100019 +#ifdef CONFIG_PAX_MPROTECT
100020 +/* PaX: non-PIC ELF libraries need relocations on their executable segments
100021 + * therefore we'll grant them VM_MAYWRITE once during their life. Similarly
100022 + * we'll remove VM_MAYWRITE for good on RELRO segments.
100023 + *
100024 + * The checks favour ld-linux.so behaviour which operates on a per ELF segment
100025 + * basis because we want to allow the common case and not the special ones.
100026 + */
100027 +static void elf_handle_mprotect(struct vm_area_struct *vma, unsigned long newflags)
100028 +{
100029 + struct elfhdr elf_h;
100030 + struct elf_phdr elf_p;
100031 + unsigned long i;
100032 + unsigned long oldflags;
100033 + bool is_textrel_rw, is_textrel_rx, is_relro;
100034 +
100035 + if (!(vma->vm_mm->pax_flags & MF_PAX_MPROTECT) || !vma->vm_file)
100036 + return;
100037 +
100038 + oldflags = vma->vm_flags & (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_EXEC | VM_WRITE | VM_READ);
100039 + newflags &= VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_EXEC | VM_WRITE | VM_READ;
100040 +
100041 +#ifdef CONFIG_PAX_ELFRELOCS
100042 + /* possible TEXTREL */
100043 + is_textrel_rw = !vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYREAD | VM_EXEC | VM_READ) && newflags == (VM_WRITE | VM_READ);
100044 + is_textrel_rx = vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_WRITE | VM_READ) && newflags == (VM_EXEC | VM_READ);
100045 +#else
100046 + is_textrel_rw = false;
100047 + is_textrel_rx = false;
100048 +#endif
100049 +
100050 + /* possible RELRO */
100051 + is_relro = vma->anon_vma && oldflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ) && newflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ);
100052 +
100053 + if (!is_textrel_rw && !is_textrel_rx && !is_relro)
100054 + return;
100055 +
100056 + if (sizeof(elf_h) != kernel_read(vma->vm_file, 0UL, (char *)&elf_h, sizeof(elf_h)) ||
100057 + memcmp(elf_h.e_ident, ELFMAG, SELFMAG) ||
100058 +
100059 +#ifdef CONFIG_PAX_ETEXECRELOCS
100060 + ((is_textrel_rw || is_textrel_rx) && (elf_h.e_type != ET_DYN && elf_h.e_type != ET_EXEC)) ||
100061 +#else
100062 + ((is_textrel_rw || is_textrel_rx) && elf_h.e_type != ET_DYN) ||
100063 +#endif
100064 +
100065 + (is_relro && (elf_h.e_type != ET_DYN && elf_h.e_type != ET_EXEC)) ||
100066 + !elf_check_arch(&elf_h) ||
100067 + elf_h.e_phentsize != sizeof(struct elf_phdr) ||
100068 + elf_h.e_phnum > 65536UL / sizeof(struct elf_phdr))
100069 + return;
100070 +
100071 + for (i = 0UL; i < elf_h.e_phnum; i++) {
100072 + if (sizeof(elf_p) != kernel_read(vma->vm_file, elf_h.e_phoff + i*sizeof(elf_p), (char *)&elf_p, sizeof(elf_p)))
100073 + return;
100074 + switch (elf_p.p_type) {
100075 + case PT_DYNAMIC:
100076 + if (!is_textrel_rw && !is_textrel_rx)
100077 + continue;
100078 + i = 0UL;
100079 + while ((i+1) * sizeof(elf_dyn) <= elf_p.p_filesz) {
100080 + elf_dyn dyn;
100081 +
100082 + if (sizeof(dyn) != kernel_read(vma->vm_file, elf_p.p_offset + i*sizeof(dyn), (char *)&dyn, sizeof(dyn)))
100083 + break;
100084 + if (dyn.d_tag == DT_NULL)
100085 + break;
100086 + if (dyn.d_tag == DT_TEXTREL || (dyn.d_tag == DT_FLAGS && (dyn.d_un.d_val & DF_TEXTREL))) {
100087 + gr_log_textrel(vma, is_textrel_rw);
100088 + if (is_textrel_rw)
100089 + vma->vm_flags |= VM_MAYWRITE;
100090 + else
100091 + /* PaX: disallow write access after relocs are done, hopefully noone else needs it... */
100092 + vma->vm_flags &= ~VM_MAYWRITE;
100093 + break;
100094 + }
100095 + i++;
100096 + }
100097 + is_textrel_rw = false;
100098 + is_textrel_rx = false;
100099 + continue;
100100 +
100101 + case PT_GNU_RELRO:
100102 + if (!is_relro)
100103 + continue;
100104 + if ((elf_p.p_offset >> PAGE_SHIFT) == vma->vm_pgoff && ELF_PAGEALIGN(elf_p.p_memsz) == vma->vm_end - vma->vm_start)
100105 + vma->vm_flags &= ~VM_MAYWRITE;
100106 + is_relro = false;
100107 + continue;
100108 +
100109 +#ifdef CONFIG_PAX_PT_PAX_FLAGS
100110 + case PT_PAX_FLAGS: {
100111 + const char *msg_mprotect = "", *msg_emutramp = "";
100112 + char *buffer_lib, *buffer_exe;
100113 +
100114 + if (elf_p.p_flags & PF_NOMPROTECT)
100115 + msg_mprotect = "MPROTECT disabled";
100116 +
100117 +#ifdef CONFIG_PAX_EMUTRAMP
100118 + if (!(vma->vm_mm->pax_flags & MF_PAX_EMUTRAMP) && !(elf_p.p_flags & PF_NOEMUTRAMP))
100119 + msg_emutramp = "EMUTRAMP enabled";
100120 +#endif
100121 +
100122 + if (!msg_mprotect[0] && !msg_emutramp[0])
100123 + continue;
100124 +
100125 + if (!printk_ratelimit())
100126 + continue;
100127 +
100128 + buffer_lib = (char *)__get_free_page(GFP_KERNEL);
100129 + buffer_exe = (char *)__get_free_page(GFP_KERNEL);
100130 + if (buffer_lib && buffer_exe) {
100131 + char *path_lib, *path_exe;
100132 +
100133 + path_lib = pax_get_path(&vma->vm_file->f_path, buffer_lib, PAGE_SIZE);
100134 + path_exe = pax_get_path(&vma->vm_mm->exe_file->f_path, buffer_exe, PAGE_SIZE);
100135 +
100136 + pr_info("PAX: %s wants %s%s%s on %s\n", path_lib, msg_mprotect,
100137 + (msg_mprotect[0] && msg_emutramp[0] ? " and " : ""), msg_emutramp, path_exe);
100138 +
100139 + }
100140 + free_page((unsigned long)buffer_exe);
100141 + free_page((unsigned long)buffer_lib);
100142 + continue;
100143 + }
100144 +#endif
100145 +
100146 + }
100147 + }
100148 +}
100149 +#endif
100150 +
100151 +#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
100152 +
100153 +extern int grsec_enable_log_rwxmaps;
100154 +
100155 +static void elf_handle_mmap(struct file *file)
100156 +{
100157 + struct elfhdr elf_h;
100158 + struct elf_phdr elf_p;
100159 + unsigned long i;
100160 +
100161 + if (!grsec_enable_log_rwxmaps)
100162 + return;
100163 +
100164 + if (sizeof(elf_h) != kernel_read(file, 0UL, (char *)&elf_h, sizeof(elf_h)) ||
100165 + memcmp(elf_h.e_ident, ELFMAG, SELFMAG) ||
100166 + (elf_h.e_type != ET_DYN && elf_h.e_type != ET_EXEC) || !elf_check_arch(&elf_h) ||
100167 + elf_h.e_phentsize != sizeof(struct elf_phdr) ||
100168 + elf_h.e_phnum > 65536UL / sizeof(struct elf_phdr))
100169 + return;
100170 +
100171 + for (i = 0UL; i < elf_h.e_phnum; i++) {
100172 + if (sizeof(elf_p) != kernel_read(file, elf_h.e_phoff + i*sizeof(elf_p), (char *)&elf_p, sizeof(elf_p)))
100173 + return;
100174 + if (elf_p.p_type == PT_GNU_STACK && (elf_p.p_flags & PF_X))
100175 + gr_log_ptgnustack(file);
100176 + }
100177 +}
100178 +#endif
100179 +
100180 static int __init init_elf_binfmt(void)
100181 {
100182 register_binfmt(&elf_format);
100183 diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
100184 index 464a972..c889ed6 100644
100185 --- a/fs/binfmt_elf_fdpic.c
100186 +++ b/fs/binfmt_elf_fdpic.c
100187 @@ -1302,7 +1302,7 @@ static inline void fill_elf_fdpic_header(struct elfhdr *elf, int segs)
100188 return;
100189 }
100190
100191 -static inline void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
100192 +static inline void fill_elf_note_phdr(struct elf_phdr *phdr, size_t sz, loff_t offset)
100193 {
100194 phdr->p_type = PT_NOTE;
100195 phdr->p_offset = offset;
100196 @@ -1673,7 +1673,7 @@ static int elf_fdpic_core_dump(struct coredump_params *cprm)
100197
100198 /* Write notes phdr entry */
100199 {
100200 - int sz = 0;
100201 + size_t sz = 0;
100202
100203 for (i = 0; i < numnote; i++)
100204 sz += notesize(notes + i);
100205 diff --git a/fs/block_dev.c b/fs/block_dev.c
100206 index 08ae993..9ef2014 100644
100207 --- a/fs/block_dev.c
100208 +++ b/fs/block_dev.c
100209 @@ -840,7 +840,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole,
100210 else if (bdev->bd_contains == bdev)
100211 return true; /* is a whole device which isn't held */
100212
100213 - else if (whole->bd_holder == bd_may_claim)
100214 + else if (whole->bd_holder == (void *)bd_may_claim)
100215 return true; /* is a partition of a device that is being partitioned */
100216 else if (whole->bd_holder != NULL)
100217 return false; /* is a partition of a held device */
100218 diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
100219 index d1c56c9..07bda1f 100644
100220 --- a/fs/btrfs/ctree.c
100221 +++ b/fs/btrfs/ctree.c
100222 @@ -358,7 +358,7 @@ static inline void tree_mod_log_write_unlock(struct btrfs_fs_info *fs_info)
100223 */
100224 static inline u64 btrfs_inc_tree_mod_seq(struct btrfs_fs_info *fs_info)
100225 {
100226 - return atomic64_inc_return(&fs_info->tree_mod_seq);
100227 + return atomic64_inc_return_unchecked(&fs_info->tree_mod_seq);
100228 }
100229
100230 /*
100231 @@ -1182,9 +1182,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans,
100232 free_extent_buffer(buf);
100233 add_root_to_dirty_list(root);
100234 } else {
100235 - if (root->root_key.objectid == BTRFS_TREE_RELOC_OBJECTID)
100236 - parent_start = parent->start;
100237 - else
100238 + if (root->root_key.objectid == BTRFS_TREE_RELOC_OBJECTID) {
100239 + if (parent)
100240 + parent_start = parent->start;
100241 + else
100242 + parent_start = 0;
100243 + } else
100244 parent_start = 0;
100245
100246 WARN_ON(trans->transid != btrfs_header_generation(parent));
100247 diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h
100248 index 791e47c..da50e2c 100644
100249 --- a/fs/btrfs/ctree.h
100250 +++ b/fs/btrfs/ctree.h
100251 @@ -345,8 +345,8 @@ struct btrfs_dev_replace {
100252 u64 replace_state; /* see #define above */
100253 u64 time_started; /* seconds since 1-Jan-1970 */
100254 u64 time_stopped; /* seconds since 1-Jan-1970 */
100255 - atomic64_t num_write_errors;
100256 - atomic64_t num_uncorrectable_read_errors;
100257 + atomic64_unchecked_t num_write_errors;
100258 + atomic64_unchecked_t num_uncorrectable_read_errors;
100259
100260 u64 cursor_left;
100261 u64 committed_cursor_left;
100262 @@ -836,7 +836,7 @@ struct btrfs_fs_info {
100263
100264 /* this protects tree_mod_seq_list */
100265 spinlock_t tree_mod_seq_lock;
100266 - atomic64_t tree_mod_seq;
100267 + atomic64_unchecked_t tree_mod_seq;
100268 struct list_head tree_mod_seq_list;
100269
100270 /* this protects tree_mod_log */
100271 @@ -1148,7 +1148,7 @@ struct btrfs_root {
100272 struct list_head log_ctxs[2];
100273 atomic_t log_writers;
100274 atomic_t log_commit[2];
100275 - atomic_t log_batch;
100276 + atomic_unchecked_t log_batch;
100277 int log_transid;
100278 /* No matter the commit succeeds or not*/
100279 int log_transid_committed;
100280 diff --git a/fs/btrfs/delayed-inode.c b/fs/btrfs/delayed-inode.c
100281 index 3eeb9cd..428a561 100644
100282 --- a/fs/btrfs/delayed-inode.c
100283 +++ b/fs/btrfs/delayed-inode.c
100284 @@ -456,7 +456,7 @@ static int __btrfs_add_delayed_deletion_item(struct btrfs_delayed_node *node,
100285
100286 static void finish_one_item(struct btrfs_delayed_root *delayed_root)
100287 {
100288 - int seq = atomic_inc_return(&delayed_root->items_seq);
100289 + int seq = atomic_inc_return_unchecked(&delayed_root->items_seq);
100290
100291 /*
100292 * atomic_dec_return implies a barrier for waitqueue_active
100293 @@ -1397,7 +1397,7 @@ void btrfs_assert_delayed_root_empty(struct btrfs_root *root)
100294
100295 static int could_end_wait(struct btrfs_delayed_root *delayed_root, int seq)
100296 {
100297 - int val = atomic_read(&delayed_root->items_seq);
100298 + int val = atomic_read_unchecked(&delayed_root->items_seq);
100299
100300 if (val < seq || val >= seq + BTRFS_DELAYED_BATCH)
100301 return 1;
100302 @@ -1422,7 +1422,7 @@ void btrfs_balance_delayed_items(struct btrfs_root *root)
100303 int seq;
100304 int ret;
100305
100306 - seq = atomic_read(&delayed_root->items_seq);
100307 + seq = atomic_read_unchecked(&delayed_root->items_seq);
100308
100309 ret = btrfs_wq_run_delayed_node(delayed_root, fs_info, 0);
100310 if (ret)
100311 diff --git a/fs/btrfs/delayed-inode.h b/fs/btrfs/delayed-inode.h
100312 index 2495b3d..8bdbb07 100644
100313 --- a/fs/btrfs/delayed-inode.h
100314 +++ b/fs/btrfs/delayed-inode.h
100315 @@ -43,7 +43,7 @@ struct btrfs_delayed_root {
100316 */
100317 struct list_head prepare_list;
100318 atomic_t items; /* for delayed items */
100319 - atomic_t items_seq; /* for delayed items */
100320 + atomic_unchecked_t items_seq; /* for delayed items */
100321 int nodes; /* for delayed nodes */
100322 wait_queue_head_t wait;
100323 };
100324 @@ -90,7 +90,7 @@ static inline void btrfs_init_delayed_root(
100325 struct btrfs_delayed_root *delayed_root)
100326 {
100327 atomic_set(&delayed_root->items, 0);
100328 - atomic_set(&delayed_root->items_seq, 0);
100329 + atomic_set_unchecked(&delayed_root->items_seq, 0);
100330 delayed_root->nodes = 0;
100331 spin_lock_init(&delayed_root->lock);
100332 init_waitqueue_head(&delayed_root->wait);
100333 diff --git a/fs/btrfs/delayed-ref.c b/fs/btrfs/delayed-ref.c
100334 index ac02e04..c0b234e 100644
100335 --- a/fs/btrfs/delayed-ref.c
100336 +++ b/fs/btrfs/delayed-ref.c
100337 @@ -658,7 +658,7 @@ add_delayed_tree_ref(struct btrfs_fs_info *fs_info,
100338 action = BTRFS_ADD_DELAYED_REF;
100339
100340 if (is_fstree(ref_root))
100341 - seq = atomic64_read(&fs_info->tree_mod_seq);
100342 + seq = atomic64_read_unchecked(&fs_info->tree_mod_seq);
100343 delayed_refs = &trans->transaction->delayed_refs;
100344
100345 /* first set the basic ref node struct up */
100346 @@ -714,7 +714,7 @@ add_delayed_data_ref(struct btrfs_fs_info *fs_info,
100347 delayed_refs = &trans->transaction->delayed_refs;
100348
100349 if (is_fstree(ref_root))
100350 - seq = atomic64_read(&fs_info->tree_mod_seq);
100351 + seq = atomic64_read_unchecked(&fs_info->tree_mod_seq);
100352
100353 /* first set the basic ref node struct up */
100354 atomic_set(&ref->refs, 1);
100355 diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c
100356 index e9bbff3..6985e2c 100644
100357 --- a/fs/btrfs/dev-replace.c
100358 +++ b/fs/btrfs/dev-replace.c
100359 @@ -82,8 +82,8 @@ no_valid_dev_replace_entry_found:
100360 dev_replace->replace_state = 0;
100361 dev_replace->time_started = 0;
100362 dev_replace->time_stopped = 0;
100363 - atomic64_set(&dev_replace->num_write_errors, 0);
100364 - atomic64_set(&dev_replace->num_uncorrectable_read_errors, 0);
100365 + atomic64_set_unchecked(&dev_replace->num_write_errors, 0);
100366 + atomic64_set_unchecked(&dev_replace->num_uncorrectable_read_errors, 0);
100367 dev_replace->cursor_left = 0;
100368 dev_replace->committed_cursor_left = 0;
100369 dev_replace->cursor_left_last_write_of_item = 0;
100370 @@ -112,9 +112,9 @@ no_valid_dev_replace_entry_found:
100371 dev_replace->time_started = btrfs_dev_replace_time_started(eb, ptr);
100372 dev_replace->time_stopped =
100373 btrfs_dev_replace_time_stopped(eb, ptr);
100374 - atomic64_set(&dev_replace->num_write_errors,
100375 + atomic64_set_unchecked(&dev_replace->num_write_errors,
100376 btrfs_dev_replace_num_write_errors(eb, ptr));
100377 - atomic64_set(&dev_replace->num_uncorrectable_read_errors,
100378 + atomic64_set_unchecked(&dev_replace->num_uncorrectable_read_errors,
100379 btrfs_dev_replace_num_uncorrectable_read_errors(eb, ptr));
100380 dev_replace->cursor_left = btrfs_dev_replace_cursor_left(eb, ptr);
100381 dev_replace->committed_cursor_left = dev_replace->cursor_left;
100382 @@ -274,9 +274,9 @@ int btrfs_run_dev_replace(struct btrfs_trans_handle *trans,
100383 btrfs_set_dev_replace_time_started(eb, ptr, dev_replace->time_started);
100384 btrfs_set_dev_replace_time_stopped(eb, ptr, dev_replace->time_stopped);
100385 btrfs_set_dev_replace_num_write_errors(eb, ptr,
100386 - atomic64_read(&dev_replace->num_write_errors));
100387 + atomic64_read_unchecked(&dev_replace->num_write_errors));
100388 btrfs_set_dev_replace_num_uncorrectable_read_errors(eb, ptr,
100389 - atomic64_read(&dev_replace->num_uncorrectable_read_errors));
100390 + atomic64_read_unchecked(&dev_replace->num_uncorrectable_read_errors));
100391 dev_replace->cursor_left_last_write_of_item =
100392 dev_replace->cursor_left;
100393 btrfs_set_dev_replace_cursor_left(eb, ptr,
100394 @@ -377,8 +377,8 @@ int btrfs_dev_replace_start(struct btrfs_root *root, char *tgtdev_name,
100395 dev_replace->cursor_right = 0;
100396 dev_replace->is_valid = 1;
100397 dev_replace->item_needs_writeback = 1;
100398 - atomic64_set(&dev_replace->num_write_errors, 0);
100399 - atomic64_set(&dev_replace->num_uncorrectable_read_errors, 0);
100400 + atomic64_set_unchecked(&dev_replace->num_write_errors, 0);
100401 + atomic64_set_unchecked(&dev_replace->num_uncorrectable_read_errors, 0);
100402 btrfs_dev_replace_unlock(dev_replace, 1);
100403
100404 ret = btrfs_sysfs_add_device_link(tgt_device->fs_devices, tgt_device);
100405 @@ -648,9 +648,9 @@ void btrfs_dev_replace_status(struct btrfs_fs_info *fs_info,
100406 args->status.time_started = dev_replace->time_started;
100407 args->status.time_stopped = dev_replace->time_stopped;
100408 args->status.num_write_errors =
100409 - atomic64_read(&dev_replace->num_write_errors);
100410 + atomic64_read_unchecked(&dev_replace->num_write_errors);
100411 args->status.num_uncorrectable_read_errors =
100412 - atomic64_read(&dev_replace->num_uncorrectable_read_errors);
100413 + atomic64_read_unchecked(&dev_replace->num_uncorrectable_read_errors);
100414 switch (dev_replace->replace_state) {
100415 case BTRFS_IOCTL_DEV_REPLACE_STATE_NEVER_STARTED:
100416 case BTRFS_IOCTL_DEV_REPLACE_STATE_CANCELED:
100417 diff --git a/fs/btrfs/dev-replace.h b/fs/btrfs/dev-replace.h
100418 index e922b42..2a5a145 100644
100419 --- a/fs/btrfs/dev-replace.h
100420 +++ b/fs/btrfs/dev-replace.h
100421 @@ -42,8 +42,8 @@ void btrfs_dev_replace_set_lock_blocking(struct btrfs_dev_replace *dev_replace);
100422 void btrfs_dev_replace_clear_lock_blocking(
100423 struct btrfs_dev_replace *dev_replace);
100424
100425 -static inline void btrfs_dev_replace_stats_inc(atomic64_t *stat_value)
100426 +static inline void btrfs_dev_replace_stats_inc(atomic64_unchecked_t *stat_value)
100427 {
100428 - atomic64_inc(stat_value);
100429 + atomic64_inc_unchecked(stat_value);
100430 }
100431 #endif
100432 diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
100433 index 3dede6d..6731015 100644
100434 --- a/fs/btrfs/disk-io.c
100435 +++ b/fs/btrfs/disk-io.c
100436 @@ -1311,7 +1311,7 @@ static void __setup_root(u32 nodesize, u32 sectorsize, u32 stripesize,
100437 atomic_set(&root->log_commit[0], 0);
100438 atomic_set(&root->log_commit[1], 0);
100439 atomic_set(&root->log_writers, 0);
100440 - atomic_set(&root->log_batch, 0);
100441 + atomic_set_unchecked(&root->log_batch, 0);
100442 atomic_set(&root->orphan_inodes, 0);
100443 atomic_set(&root->refs, 1);
100444 atomic_set(&root->will_be_snapshoted, 0);
100445 @@ -2662,7 +2662,7 @@ int open_ctree(struct super_block *sb,
100446 atomic_set(&fs_info->defrag_running, 0);
100447 atomic_set(&fs_info->qgroup_op_seq, 0);
100448 atomic_set(&fs_info->reada_works_cnt, 0);
100449 - atomic64_set(&fs_info->tree_mod_seq, 0);
100450 + atomic64_set_unchecked(&fs_info->tree_mod_seq, 0);
100451 fs_info->fs_frozen = 0;
100452 fs_info->sb = sb;
100453 fs_info->max_inline = BTRFS_DEFAULT_MAX_INLINE;
100454 diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c
100455 index 26f9ac7..bc78edc 100644
100456 --- a/fs/btrfs/extent_map.c
100457 +++ b/fs/btrfs/extent_map.c
100458 @@ -235,7 +235,9 @@ static void try_merge_map(struct extent_map_tree *tree, struct extent_map *em)
100459 em->start = merge->start;
100460 em->orig_start = merge->orig_start;
100461 em->len += merge->len;
100462 - em->block_len += merge->block_len;
100463 + if (em->block_start != EXTENT_MAP_HOLE &&
100464 + em->block_start != EXTENT_MAP_INLINE)
100465 + em->block_len += merge->block_len;
100466 em->block_start = merge->block_start;
100467 em->mod_len = (em->mod_len + em->mod_start) - merge->mod_start;
100468 em->mod_start = merge->mod_start;
100469 @@ -252,7 +254,9 @@ static void try_merge_map(struct extent_map_tree *tree, struct extent_map *em)
100470 merge = rb_entry(rb, struct extent_map, rb_node);
100471 if (rb && mergable_maps(em, merge)) {
100472 em->len += merge->len;
100473 - em->block_len += merge->block_len;
100474 + if (em->block_start != EXTENT_MAP_HOLE &&
100475 + em->block_start != EXTENT_MAP_INLINE)
100476 + em->block_len += merge->block_len;
100477 rb_erase(&merge->rb_node, &tree->map);
100478 RB_CLEAR_NODE(&merge->rb_node);
100479 em->mod_len = (merge->mod_start + merge->mod_len) - em->mod_start;
100480 diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
100481 index fea31a4..8be7c86 100644
100482 --- a/fs/btrfs/file.c
100483 +++ b/fs/btrfs/file.c
100484 @@ -1935,7 +1935,7 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync)
100485 return ret;
100486
100487 inode_lock(inode);
100488 - atomic_inc(&root->log_batch);
100489 + atomic_inc_unchecked(&root->log_batch);
100490 full_sync = test_bit(BTRFS_INODE_NEEDS_FULL_SYNC,
100491 &BTRFS_I(inode)->runtime_flags);
100492 /*
100493 @@ -1989,7 +1989,7 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync)
100494 inode_unlock(inode);
100495 goto out;
100496 }
100497 - atomic_inc(&root->log_batch);
100498 + atomic_inc_unchecked(&root->log_batch);
100499
100500 /*
100501 * If the last transaction that changed this file was before the current
100502 diff --git a/fs/btrfs/free-space-cache.h b/fs/btrfs/free-space-cache.h
100503 index 3af651c..30b9644 100644
100504 --- a/fs/btrfs/free-space-cache.h
100505 +++ b/fs/btrfs/free-space-cache.h
100506 @@ -48,6 +48,7 @@ struct btrfs_free_space_op {
100507 bool (*use_bitmap)(struct btrfs_free_space_ctl *ctl,
100508 struct btrfs_free_space *info);
100509 };
100510 +typedef struct btrfs_free_space_op __no_const btrfs_free_space_op_no_const;
100511
100512 struct btrfs_io_ctl;
100513
100514 diff --git a/fs/btrfs/raid56.c b/fs/btrfs/raid56.c
100515 index cd8d302..dfd9e57 100644
100516 --- a/fs/btrfs/raid56.c
100517 +++ b/fs/btrfs/raid56.c
100518 @@ -153,7 +153,7 @@ struct btrfs_raid_bio {
100519
100520 atomic_t stripes_pending;
100521
100522 - atomic_t error;
100523 + atomic_unchecked_t error;
100524 /*
100525 * these are two arrays of pointers. We allocate the
100526 * rbio big enough to hold them both and setup their
100527 @@ -916,7 +916,7 @@ static void raid_write_end_io(struct bio *bio)
100528 /* OK, we have read all the stripes we need to. */
100529 max_errors = (rbio->operation == BTRFS_RBIO_PARITY_SCRUB) ?
100530 0 : rbio->bbio->max_errors;
100531 - if (atomic_read(&rbio->error) > max_errors)
100532 + if (atomic_read_unchecked(&rbio->error) > max_errors)
100533 err = -EIO;
100534
100535 rbio_orig_end_io(rbio, err);
100536 @@ -999,7 +999,7 @@ static struct btrfs_raid_bio *alloc_rbio(struct btrfs_root *root,
100537 rbio->faila = -1;
100538 rbio->failb = -1;
100539 atomic_set(&rbio->refs, 1);
100540 - atomic_set(&rbio->error, 0);
100541 + atomic_set_unchecked(&rbio->error, 0);
100542 atomic_set(&rbio->stripes_pending, 0);
100543
100544 /*
100545 @@ -1208,7 +1208,7 @@ static noinline void finish_rmw(struct btrfs_raid_bio *rbio)
100546 set_bit(RBIO_RMW_LOCKED_BIT, &rbio->flags);
100547 spin_unlock_irq(&rbio->bio_list_lock);
100548
100549 - atomic_set(&rbio->error, 0);
100550 + atomic_set_unchecked(&rbio->error, 0);
100551
100552 /*
100553 * now that we've set rmw_locked, run through the
100554 @@ -1398,11 +1398,11 @@ static int fail_rbio_index(struct btrfs_raid_bio *rbio, int failed)
100555 if (rbio->faila == -1) {
100556 /* first failure on this rbio */
100557 rbio->faila = failed;
100558 - atomic_inc(&rbio->error);
100559 + atomic_inc_unchecked(&rbio->error);
100560 } else if (rbio->failb == -1) {
100561 /* second failure on this rbio */
100562 rbio->failb = failed;
100563 - atomic_inc(&rbio->error);
100564 + atomic_inc_unchecked(&rbio->error);
100565 } else {
100566 ret = -EIO;
100567 }
100568 @@ -1464,7 +1464,7 @@ static void raid_rmw_end_io(struct bio *bio)
100569 if (!atomic_dec_and_test(&rbio->stripes_pending))
100570 return;
100571
100572 - if (atomic_read(&rbio->error) > rbio->bbio->max_errors)
100573 + if (atomic_read_unchecked(&rbio->error) > rbio->bbio->max_errors)
100574 goto cleanup;
100575
100576 /*
100577 @@ -1519,7 +1519,7 @@ static int raid56_rmw_stripe(struct btrfs_raid_bio *rbio)
100578
100579 index_rbio_pages(rbio);
100580
100581 - atomic_set(&rbio->error, 0);
100582 + atomic_set_unchecked(&rbio->error, 0);
100583 /*
100584 * build a list of bios to read all the missing parts of this
100585 * stripe
100586 @@ -2012,7 +2012,7 @@ static void raid_recover_end_io(struct bio *bio)
100587 if (!atomic_dec_and_test(&rbio->stripes_pending))
100588 return;
100589
100590 - if (atomic_read(&rbio->error) > rbio->bbio->max_errors)
100591 + if (atomic_read_unchecked(&rbio->error) > rbio->bbio->max_errors)
100592 rbio_orig_end_io(rbio, -EIO);
100593 else
100594 __raid_recover_end_io(rbio);
100595 @@ -2041,7 +2041,7 @@ static int __raid56_parity_recover(struct btrfs_raid_bio *rbio)
100596 if (ret)
100597 goto cleanup;
100598
100599 - atomic_set(&rbio->error, 0);
100600 + atomic_set_unchecked(&rbio->error, 0);
100601
100602 /*
100603 * read everything that hasn't failed. Thanks to the
100604 @@ -2050,7 +2050,7 @@ static int __raid56_parity_recover(struct btrfs_raid_bio *rbio)
100605 */
100606 for (stripe = 0; stripe < rbio->real_stripes; stripe++) {
100607 if (rbio->faila == stripe || rbio->failb == stripe) {
100608 - atomic_inc(&rbio->error);
100609 + atomic_inc_unchecked(&rbio->error);
100610 continue;
100611 }
100612
100613 @@ -2080,7 +2080,7 @@ static int __raid56_parity_recover(struct btrfs_raid_bio *rbio)
100614 * were up to date, or we might have no bios to read because
100615 * the devices were gone.
100616 */
100617 - if (atomic_read(&rbio->error) <= rbio->bbio->max_errors) {
100618 + if (atomic_read_unchecked(&rbio->error) <= rbio->bbio->max_errors) {
100619 __raid_recover_end_io(rbio);
100620 goto out;
100621 } else {
100622 @@ -2342,7 +2342,7 @@ static noinline void finish_parity_scrub(struct btrfs_raid_bio *rbio,
100623 SetPageUptodate(q_page);
100624 }
100625
100626 - atomic_set(&rbio->error, 0);
100627 + atomic_set_unchecked(&rbio->error, 0);
100628
100629 for_each_set_bit(pagenr, rbio->dbitmap, rbio->stripe_npages) {
100630 struct page *p;
100631 @@ -2463,7 +2463,7 @@ static inline int is_data_stripe(struct btrfs_raid_bio *rbio, int stripe)
100632 */
100633 static void validate_rbio_for_parity_scrub(struct btrfs_raid_bio *rbio)
100634 {
100635 - if (atomic_read(&rbio->error) > rbio->bbio->max_errors)
100636 + if (atomic_read_unchecked(&rbio->error) > rbio->bbio->max_errors)
100637 goto cleanup;
100638
100639 if (rbio->faila >= 0 || rbio->failb >= 0) {
100640 @@ -2560,7 +2560,7 @@ static void raid56_parity_scrub_stripe(struct btrfs_raid_bio *rbio)
100641
100642 bio_list_init(&bio_list);
100643
100644 - atomic_set(&rbio->error, 0);
100645 + atomic_set_unchecked(&rbio->error, 0);
100646 /*
100647 * build a list of bios to read all the missing parts of this
100648 * stripe
100649 diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c
100650 index 1d195d2..9d9cfa9 100644
100651 --- a/fs/btrfs/scrub.c
100652 +++ b/fs/btrfs/scrub.c
100653 @@ -3720,7 +3720,7 @@ int scrub_enumerate_chunks(struct scrub_ctx *sctx,
100654 if (ret)
100655 break;
100656 if (is_dev_replace &&
100657 - atomic64_read(&dev_replace->num_write_errors) > 0) {
100658 + atomic64_read_unchecked(&dev_replace->num_write_errors) > 0) {
100659 ret = -EIO;
100660 break;
100661 }
100662 diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
100663 index 4071fe2..caa5e0e 100644
100664 --- a/fs/btrfs/super.c
100665 +++ b/fs/btrfs/super.c
100666 @@ -268,7 +268,7 @@ void __btrfs_abort_transaction(struct btrfs_trans_handle *trans,
100667 function, line, errstr);
100668 return;
100669 }
100670 - ACCESS_ONCE(trans->transaction->aborted) = errno;
100671 + ACCESS_ONCE_RW(trans->transaction->aborted) = errno;
100672 /* Wake up anybody who may be waiting on this transaction */
100673 wake_up(&fs_info->transaction_wait);
100674 wake_up(&fs_info->transaction_blocked_wait);
100675 diff --git a/fs/btrfs/sysfs.c b/fs/btrfs/sysfs.c
100676 index c656990..e86b7cc 100644
100677 --- a/fs/btrfs/sysfs.c
100678 +++ b/fs/btrfs/sysfs.c
100679 @@ -497,7 +497,7 @@ static int addrm_unknown_feature_attrs(struct btrfs_fs_info *fs_info, bool add)
100680 for (set = 0; set < FEAT_MAX; set++) {
100681 int i;
100682 struct attribute *attrs[2];
100683 - struct attribute_group agroup = {
100684 + attribute_group_no_const agroup = {
100685 .name = "features",
100686 .attrs = attrs,
100687 };
100688 diff --git a/fs/btrfs/tests/btrfs-tests.c b/fs/btrfs/tests/btrfs-tests.c
100689 index bf62ad9..9bb3ee8 100644
100690 --- a/fs/btrfs/tests/btrfs-tests.c
100691 +++ b/fs/btrfs/tests/btrfs-tests.c
100692 @@ -119,7 +119,7 @@ struct btrfs_fs_info *btrfs_alloc_dummy_fs_info(void)
100693 fs_info->running_transaction = NULL;
100694 fs_info->qgroup_tree = RB_ROOT;
100695 fs_info->qgroup_ulist = NULL;
100696 - atomic64_set(&fs_info->tree_mod_seq, 0);
100697 + atomic64_set_unchecked(&fs_info->tree_mod_seq, 0);
100698 INIT_LIST_HEAD(&fs_info->dirty_qgroups);
100699 INIT_LIST_HEAD(&fs_info->dead_roots);
100700 INIT_LIST_HEAD(&fs_info->tree_mod_seq_list);
100701 diff --git a/fs/btrfs/tests/free-space-tests.c b/fs/btrfs/tests/free-space-tests.c
100702 index 3221c8d..8fe6170 100644
100703 --- a/fs/btrfs/tests/free-space-tests.c
100704 +++ b/fs/btrfs/tests/free-space-tests.c
100705 @@ -409,7 +409,7 @@ test_steal_space_from_bitmap_to_extent(struct btrfs_block_group_cache *cache,
100706 int ret;
100707 u64 offset;
100708 u64 max_extent_size;
100709 - const struct btrfs_free_space_op test_free_space_ops = {
100710 + const btrfs_free_space_op_no_const test_free_space_ops = {
100711 .recalc_thresholds = cache->free_space_ctl->op->recalc_thresholds,
100712 .use_bitmap = test_use_bitmap,
100713 };
100714 diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c
100715 index 95d4191..f804459 100644
100716 --- a/fs/btrfs/transaction.c
100717 +++ b/fs/btrfs/transaction.c
100718 @@ -277,7 +277,7 @@ loop:
100719 if (!RB_EMPTY_ROOT(&fs_info->tree_mod_log))
100720 WARN(1, KERN_ERR "BTRFS: tree_mod_log rb tree not empty when "
100721 "creating a fresh transaction\n");
100722 - atomic64_set(&fs_info->tree_mod_seq, 0);
100723 + atomic64_set_unchecked(&fs_info->tree_mod_seq, 0);
100724
100725 spin_lock_init(&cur_trans->delayed_refs.lock);
100726
100727 diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
100728 index ef9c55b..fcd9451 100644
100729 --- a/fs/btrfs/tree-log.c
100730 +++ b/fs/btrfs/tree-log.c
100731 @@ -174,7 +174,7 @@ static int start_log_trans(struct btrfs_trans_handle *trans,
100732 root->log_start_pid = current->pid;
100733 }
100734
100735 - atomic_inc(&root->log_batch);
100736 + atomic_inc_unchecked(&root->log_batch);
100737 atomic_inc(&root->log_writers);
100738 if (ctx) {
100739 int index = root->log_transid % 2;
100740 @@ -2771,7 +2771,7 @@ int btrfs_sync_log(struct btrfs_trans_handle *trans,
100741 wait_log_commit(root, log_transid - 1);
100742
100743 while (1) {
100744 - int batch = atomic_read(&root->log_batch);
100745 + int batch = atomic_read_unchecked(&root->log_batch);
100746 /* when we're on an ssd, just kick the log commit out */
100747 if (!btrfs_test_opt(root->fs_info, SSD) &&
100748 test_bit(BTRFS_ROOT_MULTI_LOG_TASKS, &root->state)) {
100749 @@ -2780,7 +2780,7 @@ int btrfs_sync_log(struct btrfs_trans_handle *trans,
100750 mutex_lock(&root->log_mutex);
100751 }
100752 wait_for_writer(root);
100753 - if (batch == atomic_read(&root->log_batch))
100754 + if (batch == atomic_read_unchecked(&root->log_batch))
100755 break;
100756 }
100757
100758 @@ -2826,7 +2826,7 @@ int btrfs_sync_log(struct btrfs_trans_handle *trans,
100759 btrfs_init_log_ctx(&root_log_ctx, NULL);
100760
100761 mutex_lock(&log_root_tree->log_mutex);
100762 - atomic_inc(&log_root_tree->log_batch);
100763 + atomic_inc_unchecked(&log_root_tree->log_batch);
100764 atomic_inc(&log_root_tree->log_writers);
100765
100766 index2 = log_root_tree->log_transid % 2;
100767 diff --git a/fs/btrfs/tree-log.h b/fs/btrfs/tree-log.h
100768 index ab858e3..96fd5a1 100644
100769 --- a/fs/btrfs/tree-log.h
100770 +++ b/fs/btrfs/tree-log.h
100771 @@ -48,7 +48,7 @@ static inline void btrfs_init_log_ctx(struct btrfs_log_ctx *ctx,
100772 static inline void btrfs_set_log_full_commit(struct btrfs_fs_info *fs_info,
100773 struct btrfs_trans_handle *trans)
100774 {
100775 - ACCESS_ONCE(fs_info->last_trans_log_full_commit) = trans->transid;
100776 + ACCESS_ONCE_RW(fs_info->last_trans_log_full_commit) = trans->transid;
100777 }
100778
100779 static inline int btrfs_need_log_full_commit(struct btrfs_fs_info *fs_info,
100780 diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
100781 index 035efce..f7fd1a6 100644
100782 --- a/fs/btrfs/volumes.c
100783 +++ b/fs/btrfs/volumes.c
100784 @@ -246,7 +246,7 @@ static struct btrfs_device *__alloc_device(void)
100785
100786 spin_lock_init(&dev->reada_lock);
100787 atomic_set(&dev->reada_in_flight, 0);
100788 - atomic_set(&dev->dev_stats_ccnt, 0);
100789 + atomic_set_unchecked(&dev->dev_stats_ccnt, 0);
100790 btrfs_device_data_ordered_init(dev);
100791 INIT_RADIX_TREE(&dev->reada_zones, GFP_NOFS & ~__GFP_DIRECT_RECLAIM);
100792 INIT_RADIX_TREE(&dev->reada_extents, GFP_NOFS & ~__GFP_DIRECT_RECLAIM);
100793 @@ -5309,7 +5309,7 @@ static struct btrfs_bio *alloc_btrfs_bio(int total_stripes, int real_stripes)
100794 sizeof(u64) * (total_stripes),
100795 GFP_NOFS|__GFP_NOFAIL);
100796
100797 - atomic_set(&bbio->error, 0);
100798 + atomic_set_unchecked(&bbio->error, 0);
100799 atomic_set(&bbio->refs, 1);
100800
100801 return bbio;
100802 @@ -6008,7 +6008,7 @@ static void btrfs_end_bio(struct bio *bio)
100803 int is_orig_bio = 0;
100804
100805 if (bio->bi_error) {
100806 - atomic_inc(&bbio->error);
100807 + atomic_inc_unchecked(&bbio->error);
100808 if (bio->bi_error == -EIO || bio->bi_error == -EREMOTEIO) {
100809 unsigned int stripe_index =
100810 btrfs_io_bio(bio)->stripe_index;
100811 @@ -6046,7 +6046,7 @@ static void btrfs_end_bio(struct bio *bio)
100812 /* only send an error to the higher layers if it is
100813 * beyond the tolerance of the btrfs bio
100814 */
100815 - if (atomic_read(&bbio->error) > bbio->max_errors) {
100816 + if (atomic_read_unchecked(&bbio->error) > bbio->max_errors) {
100817 bio->bi_error = -EIO;
100818 } else {
100819 /*
100820 @@ -6156,7 +6156,7 @@ static void submit_stripe_bio(struct btrfs_root *root, struct btrfs_bio *bbio,
100821
100822 static void bbio_error(struct btrfs_bio *bbio, struct bio *bio, u64 logical)
100823 {
100824 - atomic_inc(&bbio->error);
100825 + atomic_inc_unchecked(&bbio->error);
100826 if (atomic_dec_and_test(&bbio->stripes_pending)) {
100827 /* Should be the original bio. */
100828 WARN_ON(bio != bbio->orig_bio);
100829 @@ -7033,10 +7033,10 @@ int btrfs_run_dev_stats(struct btrfs_trans_handle *trans,
100830 if (!device->dev_stats_valid || !btrfs_dev_stats_dirty(device))
100831 continue;
100832
100833 - stats_cnt = atomic_read(&device->dev_stats_ccnt);
100834 + stats_cnt = atomic_read_unchecked(&device->dev_stats_ccnt);
100835 ret = update_dev_stat_item(trans, dev_root, device);
100836 if (!ret)
100837 - atomic_sub(stats_cnt, &device->dev_stats_ccnt);
100838 + atomic_sub_unchecked(stats_cnt, &device->dev_stats_ccnt);
100839 }
100840 mutex_unlock(&fs_devices->device_list_mutex);
100841
100842 diff --git a/fs/btrfs/volumes.h b/fs/btrfs/volumes.h
100843 index 6613e63..688bc8e 100644
100844 --- a/fs/btrfs/volumes.h
100845 +++ b/fs/btrfs/volumes.h
100846 @@ -148,8 +148,8 @@ struct btrfs_device {
100847 int dev_stats_valid;
100848
100849 /* Counter to record the change of device stats */
100850 - atomic_t dev_stats_ccnt;
100851 - atomic_t dev_stat_values[BTRFS_DEV_STAT_VALUES_MAX];
100852 + atomic_unchecked_t dev_stats_ccnt;
100853 + atomic_unchecked_t dev_stat_values[BTRFS_DEV_STAT_VALUES_MAX];
100854 };
100855
100856 /*
100857 @@ -307,7 +307,7 @@ struct btrfs_bio {
100858 struct bio *orig_bio;
100859 unsigned long flags;
100860 void *private;
100861 - atomic_t error;
100862 + atomic_unchecked_t error;
100863 int max_errors;
100864 int num_stripes;
100865 int mirror_num;
100866 @@ -466,21 +466,21 @@ int btrfs_remove_chunk(struct btrfs_trans_handle *trans,
100867
100868 static inline int btrfs_dev_stats_dirty(struct btrfs_device *dev)
100869 {
100870 - return atomic_read(&dev->dev_stats_ccnt);
100871 + return atomic_read_unchecked(&dev->dev_stats_ccnt);
100872 }
100873
100874 static inline void btrfs_dev_stat_inc(struct btrfs_device *dev,
100875 int index)
100876 {
100877 - atomic_inc(dev->dev_stat_values + index);
100878 + atomic_inc_unchecked(dev->dev_stat_values + index);
100879 smp_mb__before_atomic();
100880 - atomic_inc(&dev->dev_stats_ccnt);
100881 + atomic_inc_unchecked(&dev->dev_stats_ccnt);
100882 }
100883
100884 static inline int btrfs_dev_stat_read(struct btrfs_device *dev,
100885 int index)
100886 {
100887 - return atomic_read(dev->dev_stat_values + index);
100888 + return atomic_read_unchecked(dev->dev_stat_values + index);
100889 }
100890
100891 static inline int btrfs_dev_stat_read_and_reset(struct btrfs_device *dev,
100892 @@ -488,18 +488,18 @@ static inline int btrfs_dev_stat_read_and_reset(struct btrfs_device *dev,
100893 {
100894 int ret;
100895
100896 - ret = atomic_xchg(dev->dev_stat_values + index, 0);
100897 + ret = atomic_xchg_unchecked(dev->dev_stat_values + index, 0);
100898 smp_mb__before_atomic();
100899 - atomic_inc(&dev->dev_stats_ccnt);
100900 + atomic_inc_unchecked(&dev->dev_stats_ccnt);
100901 return ret;
100902 }
100903
100904 static inline void btrfs_dev_stat_set(struct btrfs_device *dev,
100905 int index, unsigned long val)
100906 {
100907 - atomic_set(dev->dev_stat_values + index, val);
100908 + atomic_set_unchecked(dev->dev_stat_values + index, val);
100909 smp_mb__before_atomic();
100910 - atomic_inc(&dev->dev_stats_ccnt);
100911 + atomic_inc_unchecked(&dev->dev_stats_ccnt);
100912 }
100913
100914 static inline void btrfs_dev_stat_reset(struct btrfs_device *dev,
100915 diff --git a/fs/buffer.c b/fs/buffer.c
100916 index 9c8eb9b..236a1ca 100644
100917 --- a/fs/buffer.c
100918 +++ b/fs/buffer.c
100919 @@ -3476,7 +3476,7 @@ void __init buffer_init(void)
100920 bh_cachep = kmem_cache_create("buffer_head",
100921 sizeof(struct buffer_head), 0,
100922 (SLAB_RECLAIM_ACCOUNT|SLAB_PANIC|
100923 - SLAB_MEM_SPREAD),
100924 + SLAB_MEM_SPREAD|SLAB_NO_SANITIZE),
100925 NULL);
100926
100927 /*
100928 diff --git a/fs/cachefiles/bind.c b/fs/cachefiles/bind.c
100929 index 6af790f..ec4c1e6 100644
100930 --- a/fs/cachefiles/bind.c
100931 +++ b/fs/cachefiles/bind.c
100932 @@ -39,13 +39,11 @@ int cachefiles_daemon_bind(struct cachefiles_cache *cache, char *args)
100933 args);
100934
100935 /* start by checking things over */
100936 - ASSERT(cache->fstop_percent >= 0 &&
100937 - cache->fstop_percent < cache->fcull_percent &&
100938 + ASSERT(cache->fstop_percent < cache->fcull_percent &&
100939 cache->fcull_percent < cache->frun_percent &&
100940 cache->frun_percent < 100);
100941
100942 - ASSERT(cache->bstop_percent >= 0 &&
100943 - cache->bstop_percent < cache->bcull_percent &&
100944 + ASSERT(cache->bstop_percent < cache->bcull_percent &&
100945 cache->bcull_percent < cache->brun_percent &&
100946 cache->brun_percent < 100);
100947
100948 diff --git a/fs/cachefiles/daemon.c b/fs/cachefiles/daemon.c
100949 index 1ee54ff..ba89748 100644
100950 --- a/fs/cachefiles/daemon.c
100951 +++ b/fs/cachefiles/daemon.c
100952 @@ -176,8 +176,8 @@ static ssize_t cachefiles_daemon_read(struct file *file, char __user *_buffer,
100953 cachefiles_has_space(cache, 0, 0);
100954
100955 /* summarise */
100956 - f_released = atomic_xchg(&cache->f_released, 0);
100957 - b_released = atomic_long_xchg(&cache->b_released, 0);
100958 + f_released = atomic_xchg_unchecked(&cache->f_released, 0);
100959 + b_released = atomic_long_xchg_unchecked(&cache->b_released, 0);
100960 clear_bit(CACHEFILES_STATE_CHANGED, &cache->flags);
100961
100962 n = snprintf(buffer, sizeof(buffer),
100963 @@ -203,7 +203,7 @@ static ssize_t cachefiles_daemon_read(struct file *file, char __user *_buffer,
100964 if (n > buflen)
100965 return -EMSGSIZE;
100966
100967 - if (copy_to_user(_buffer, buffer, n) != 0)
100968 + if (n > sizeof(buffer) || copy_to_user(_buffer, buffer, n) != 0)
100969 return -EFAULT;
100970
100971 return n;
100972 @@ -229,7 +229,7 @@ static ssize_t cachefiles_daemon_write(struct file *file,
100973 if (test_bit(CACHEFILES_DEAD, &cache->flags))
100974 return -EIO;
100975
100976 - if (datalen < 0 || datalen > PAGE_SIZE - 1)
100977 + if (datalen > PAGE_SIZE - 1)
100978 return -EOPNOTSUPP;
100979
100980 /* drag the command string into the kernel so we can parse it */
100981 @@ -386,7 +386,7 @@ static int cachefiles_daemon_fstop(struct cachefiles_cache *cache, char *args)
100982 if (args[0] != '%' || args[1] != '\0')
100983 return -EINVAL;
100984
100985 - if (fstop < 0 || fstop >= cache->fcull_percent)
100986 + if (fstop >= cache->fcull_percent)
100987 return cachefiles_daemon_range_error(cache, args);
100988
100989 cache->fstop_percent = fstop;
100990 @@ -458,7 +458,7 @@ static int cachefiles_daemon_bstop(struct cachefiles_cache *cache, char *args)
100991 if (args[0] != '%' || args[1] != '\0')
100992 return -EINVAL;
100993
100994 - if (bstop < 0 || bstop >= cache->bcull_percent)
100995 + if (bstop >= cache->bcull_percent)
100996 return cachefiles_daemon_range_error(cache, args);
100997
100998 cache->bstop_percent = bstop;
100999 diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h
101000 index cd1effe..73f8767 100644
101001 --- a/fs/cachefiles/internal.h
101002 +++ b/fs/cachefiles/internal.h
101003 @@ -65,9 +65,9 @@ struct cachefiles_cache {
101004 wait_queue_head_t daemon_pollwq; /* poll waitqueue for daemon */
101005 struct rb_root active_nodes; /* active nodes (can't be culled) */
101006 rwlock_t active_lock; /* lock for active_nodes */
101007 - atomic_t gravecounter; /* graveyard uniquifier */
101008 - atomic_t f_released; /* number of objects released lately */
101009 - atomic_long_t b_released; /* number of blocks released lately */
101010 + atomic_unchecked_t gravecounter; /* graveyard uniquifier */
101011 + atomic_unchecked_t f_released; /* number of objects released lately */
101012 + atomic_long_unchecked_t b_released; /* number of blocks released lately */
101013 unsigned frun_percent; /* when to stop culling (% files) */
101014 unsigned fcull_percent; /* when to start culling (% files) */
101015 unsigned fstop_percent; /* when to stop allocating (% files) */
101016 @@ -182,19 +182,19 @@ extern int cachefiles_check_in_use(struct cachefiles_cache *cache,
101017 * proc.c
101018 */
101019 #ifdef CONFIG_CACHEFILES_HISTOGRAM
101020 -extern atomic_t cachefiles_lookup_histogram[HZ];
101021 -extern atomic_t cachefiles_mkdir_histogram[HZ];
101022 -extern atomic_t cachefiles_create_histogram[HZ];
101023 +extern atomic_unchecked_t cachefiles_lookup_histogram[HZ];
101024 +extern atomic_unchecked_t cachefiles_mkdir_histogram[HZ];
101025 +extern atomic_unchecked_t cachefiles_create_histogram[HZ];
101026
101027 extern int __init cachefiles_proc_init(void);
101028 extern void cachefiles_proc_cleanup(void);
101029 static inline
101030 -void cachefiles_hist(atomic_t histogram[], unsigned long start_jif)
101031 +void cachefiles_hist(atomic_unchecked_t histogram[], unsigned long start_jif)
101032 {
101033 unsigned long jif = jiffies - start_jif;
101034 if (jif >= HZ)
101035 jif = HZ - 1;
101036 - atomic_inc(&histogram[jif]);
101037 + atomic_inc_unchecked(&histogram[jif]);
101038 }
101039
101040 #else
101041 diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c
101042 index c6ee4b5..de05717 100644
101043 --- a/fs/cachefiles/namei.c
101044 +++ b/fs/cachefiles/namei.c
101045 @@ -274,8 +274,8 @@ void cachefiles_mark_object_inactive(struct cachefiles_cache *cache,
101046 /* This object can now be culled, so we need to let the daemon know
101047 * that there is something it can remove if it needs to.
101048 */
101049 - atomic_long_add(i_blocks, &cache->b_released);
101050 - if (atomic_inc_return(&cache->f_released))
101051 + atomic_long_add_unchecked(i_blocks, &cache->b_released);
101052 + if (atomic_inc_return_unchecked(&cache->f_released))
101053 cachefiles_state_changed(cache);
101054 }
101055
101056 @@ -334,7 +334,7 @@ try_again:
101057 /* first step is to make up a grave dentry in the graveyard */
101058 sprintf(nbuffer, "%08x%08x",
101059 (uint32_t) get_seconds(),
101060 - (uint32_t) atomic_inc_return(&cache->gravecounter));
101061 + (uint32_t) atomic_inc_return_unchecked(&cache->gravecounter));
101062
101063 /* do the multiway lock magic */
101064 trap = lock_rename(cache->graveyard, dir);
101065 diff --git a/fs/cachefiles/proc.c b/fs/cachefiles/proc.c
101066 index 125b90f..8c7bed5 100644
101067 --- a/fs/cachefiles/proc.c
101068 +++ b/fs/cachefiles/proc.c
101069 @@ -14,9 +14,9 @@
101070 #include <linux/seq_file.h>
101071 #include "internal.h"
101072
101073 -atomic_t cachefiles_lookup_histogram[HZ];
101074 -atomic_t cachefiles_mkdir_histogram[HZ];
101075 -atomic_t cachefiles_create_histogram[HZ];
101076 +atomic_unchecked_t cachefiles_lookup_histogram[HZ];
101077 +atomic_unchecked_t cachefiles_mkdir_histogram[HZ];
101078 +atomic_unchecked_t cachefiles_create_histogram[HZ];
101079
101080 /*
101081 * display the latency histogram
101082 @@ -35,9 +35,9 @@ static int cachefiles_histogram_show(struct seq_file *m, void *v)
101083 return 0;
101084 default:
101085 index = (unsigned long) v - 3;
101086 - x = atomic_read(&cachefiles_lookup_histogram[index]);
101087 - y = atomic_read(&cachefiles_mkdir_histogram[index]);
101088 - z = atomic_read(&cachefiles_create_histogram[index]);
101089 + x = atomic_read_unchecked(&cachefiles_lookup_histogram[index]);
101090 + y = atomic_read_unchecked(&cachefiles_mkdir_histogram[index]);
101091 + z = atomic_read_unchecked(&cachefiles_create_histogram[index]);
101092 if (x == 0 && y == 0 && z == 0)
101093 return 0;
101094
101095 diff --git a/fs/ceph/super.c b/fs/ceph/super.c
101096 index e247f6f..7c4ed52 100644
101097 --- a/fs/ceph/super.c
101098 +++ b/fs/ceph/super.c
101099 @@ -933,7 +933,7 @@ static int ceph_compare_super(struct super_block *sb, void *data)
101100 /*
101101 * construct our own bdi so we can control readahead, etc.
101102 */
101103 -static atomic_long_t bdi_seq = ATOMIC_LONG_INIT(0);
101104 +static atomic_long_unchecked_t bdi_seq = ATOMIC_LONG_INIT(0);
101105
101106 static int ceph_register_bdi(struct super_block *sb,
101107 struct ceph_fs_client *fsc)
101108 @@ -950,7 +950,7 @@ static int ceph_register_bdi(struct super_block *sb,
101109 VM_MAX_READAHEAD * 1024 / PAGE_SIZE;
101110
101111 err = bdi_register(&fsc->backing_dev_info, NULL, "ceph-%ld",
101112 - atomic_long_inc_return(&bdi_seq));
101113 + atomic_long_inc_return_unchecked(&bdi_seq));
101114 if (!err)
101115 sb->s_bdi = &fsc->backing_dev_info;
101116 return err;
101117 diff --git a/fs/char_dev.c b/fs/char_dev.c
101118 index 6edd825..e8cbd2d 100644
101119 --- a/fs/char_dev.c
101120 +++ b/fs/char_dev.c
101121 @@ -70,7 +70,7 @@ void chrdev_show(struct seq_file *f, off_t offset)
101122 *
101123 * Returns a -ve errno on failure.
101124 */
101125 -static struct char_device_struct *
101126 +static __nocapture(4) struct char_device_struct *
101127 __register_chrdev_region(unsigned int major, unsigned int baseminor,
101128 int minorct, const char *name)
101129 {
101130 diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
101131 index 3d03e48..0f22463 100644
101132 --- a/fs/cifs/cifs_debug.c
101133 +++ b/fs/cifs/cifs_debug.c
101134 @@ -265,8 +265,8 @@ static ssize_t cifs_stats_proc_write(struct file *file,
101135 rc = kstrtobool_from_user(buffer, count, &bv);
101136 if (rc == 0) {
101137 #ifdef CONFIG_CIFS_STATS2
101138 - atomic_set(&totBufAllocCount, 0);
101139 - atomic_set(&totSmBufAllocCount, 0);
101140 + atomic_set_unchecked(&totBufAllocCount, 0);
101141 + atomic_set_unchecked(&totSmBufAllocCount, 0);
101142 #endif /* CONFIG_CIFS_STATS2 */
101143 spin_lock(&cifs_tcp_ses_lock);
101144 list_for_each(tmp1, &cifs_tcp_ses_list) {
101145 @@ -279,7 +279,7 @@ static ssize_t cifs_stats_proc_write(struct file *file,
101146 tcon = list_entry(tmp3,
101147 struct cifs_tcon,
101148 tcon_list);
101149 - atomic_set(&tcon->num_smbs_sent, 0);
101150 + atomic_set_unchecked(&tcon->num_smbs_sent, 0);
101151 if (server->ops->clear_stats)
101152 server->ops->clear_stats(tcon);
101153 }
101154 @@ -313,8 +313,8 @@ static int cifs_stats_proc_show(struct seq_file *m, void *v)
101155 smBufAllocCount.counter, cifs_min_small);
101156 #ifdef CONFIG_CIFS_STATS2
101157 seq_printf(m, "Total Large %d Small %d Allocations\n",
101158 - atomic_read(&totBufAllocCount),
101159 - atomic_read(&totSmBufAllocCount));
101160 + atomic_read_unchecked(&totBufAllocCount),
101161 + atomic_read_unchecked(&totSmBufAllocCount));
101162 #endif /* CONFIG_CIFS_STATS2 */
101163
101164 seq_printf(m, "Operations (MIDs): %d\n", atomic_read(&midCount));
101165 @@ -343,7 +343,7 @@ static int cifs_stats_proc_show(struct seq_file *m, void *v)
101166 if (tcon->need_reconnect)
101167 seq_puts(m, "\tDISCONNECTED ");
101168 seq_printf(m, "\nSMBs: %d",
101169 - atomic_read(&tcon->num_smbs_sent));
101170 + atomic_read_unchecked(&tcon->num_smbs_sent));
101171 if (server->ops->print_stats)
101172 server->ops->print_stats(m, tcon);
101173 }
101174 diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
101175 index 8c68d03..267f6dd 100644
101176 --- a/fs/cifs/cifsfs.c
101177 +++ b/fs/cifs/cifsfs.c
101178 @@ -1148,9 +1148,10 @@ cifs_init_request_bufs(void)
101179 cifs_dbg(VFS, "CIFSMaxBufSize %d 0x%x\n",
101180 CIFSMaxBufSize, CIFSMaxBufSize);
101181 */
101182 - cifs_req_cachep = kmem_cache_create("cifs_request",
101183 + cifs_req_cachep = kmem_cache_create_usercopy("cifs_request",
101184 CIFSMaxBufSize + max_hdr_size, 0,
101185 - SLAB_HWCACHE_ALIGN, NULL);
101186 + SLAB_HWCACHE_ALIGN, 0,
101187 + CIFSMaxBufSize + max_hdr_size, NULL);
101188 if (cifs_req_cachep == NULL)
101189 return -ENOMEM;
101190
101191 @@ -1176,9 +1177,9 @@ cifs_init_request_bufs(void)
101192 more SMBs to use small buffer alloc and is still much more
101193 efficient to alloc 1 per page off the slab compared to 17K (5page)
101194 alloc of large cifs buffers even when page debugging is on */
101195 - cifs_sm_req_cachep = kmem_cache_create("cifs_small_rq",
101196 + cifs_sm_req_cachep = kmem_cache_create_usercopy("cifs_small_rq",
101197 MAX_CIFS_SMALL_BUFFER_SIZE, 0, SLAB_HWCACHE_ALIGN,
101198 - NULL);
101199 + 0, MAX_CIFS_SMALL_BUFFER_SIZE, NULL);
101200 if (cifs_sm_req_cachep == NULL) {
101201 mempool_destroy(cifs_req_poolp);
101202 kmem_cache_destroy(cifs_req_cachep);
101203 @@ -1262,8 +1263,8 @@ init_cifs(void)
101204 atomic_set(&bufAllocCount, 0);
101205 atomic_set(&smBufAllocCount, 0);
101206 #ifdef CONFIG_CIFS_STATS2
101207 - atomic_set(&totBufAllocCount, 0);
101208 - atomic_set(&totSmBufAllocCount, 0);
101209 + atomic_set_unchecked(&totBufAllocCount, 0);
101210 + atomic_set_unchecked(&totSmBufAllocCount, 0);
101211 #endif /* CONFIG_CIFS_STATS2 */
101212
101213 atomic_set(&midCount, 0);
101214 diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
101215 index 65f78b7..3c8044f0 100644
101216 --- a/fs/cifs/cifsglob.h
101217 +++ b/fs/cifs/cifsglob.h
101218 @@ -842,35 +842,35 @@ struct cifs_tcon {
101219 __u16 Flags; /* optional support bits */
101220 enum statusEnum tidStatus;
101221 #ifdef CONFIG_CIFS_STATS
101222 - atomic_t num_smbs_sent;
101223 + atomic_unchecked_t num_smbs_sent;
101224 union {
101225 struct {
101226 - atomic_t num_writes;
101227 - atomic_t num_reads;
101228 - atomic_t num_flushes;
101229 - atomic_t num_oplock_brks;
101230 - atomic_t num_opens;
101231 - atomic_t num_closes;
101232 - atomic_t num_deletes;
101233 - atomic_t num_mkdirs;
101234 - atomic_t num_posixopens;
101235 - atomic_t num_posixmkdirs;
101236 - atomic_t num_rmdirs;
101237 - atomic_t num_renames;
101238 - atomic_t num_t2renames;
101239 - atomic_t num_ffirst;
101240 - atomic_t num_fnext;
101241 - atomic_t num_fclose;
101242 - atomic_t num_hardlinks;
101243 - atomic_t num_symlinks;
101244 - atomic_t num_locks;
101245 - atomic_t num_acl_get;
101246 - atomic_t num_acl_set;
101247 + atomic_unchecked_t num_writes;
101248 + atomic_unchecked_t num_reads;
101249 + atomic_unchecked_t num_flushes;
101250 + atomic_unchecked_t num_oplock_brks;
101251 + atomic_unchecked_t num_opens;
101252 + atomic_unchecked_t num_closes;
101253 + atomic_unchecked_t num_deletes;
101254 + atomic_unchecked_t num_mkdirs;
101255 + atomic_unchecked_t num_posixopens;
101256 + atomic_unchecked_t num_posixmkdirs;
101257 + atomic_unchecked_t num_rmdirs;
101258 + atomic_unchecked_t num_renames;
101259 + atomic_unchecked_t num_t2renames;
101260 + atomic_unchecked_t num_ffirst;
101261 + atomic_unchecked_t num_fnext;
101262 + atomic_unchecked_t num_fclose;
101263 + atomic_unchecked_t num_hardlinks;
101264 + atomic_unchecked_t num_symlinks;
101265 + atomic_unchecked_t num_locks;
101266 + atomic_unchecked_t num_acl_get;
101267 + atomic_unchecked_t num_acl_set;
101268 } cifs_stats;
101269 #ifdef CONFIG_CIFS_SMB2
101270 struct {
101271 - atomic_t smb2_com_sent[NUMBER_OF_SMB2_COMMANDS];
101272 - atomic_t smb2_com_failed[NUMBER_OF_SMB2_COMMANDS];
101273 + atomic_unchecked_t smb2_com_sent[NUMBER_OF_SMB2_COMMANDS];
101274 + atomic_unchecked_t smb2_com_failed[NUMBER_OF_SMB2_COMMANDS];
101275 } smb2_stats;
101276 #endif /* CONFIG_CIFS_SMB2 */
101277 } stats;
101278 @@ -1223,7 +1223,7 @@ convert_delimiter(char *path, char delim)
101279 }
101280
101281 #ifdef CONFIG_CIFS_STATS
101282 -#define cifs_stats_inc atomic_inc
101283 +#define cifs_stats_inc atomic_inc_unchecked
101284
101285 static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon,
101286 unsigned int bytes)
101287 @@ -1586,8 +1586,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount;
101288 /* Various Debug counters */
101289 GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */
101290 #ifdef CONFIG_CIFS_STATS2
101291 -GLOBAL_EXTERN atomic_t totBufAllocCount; /* total allocated over all time */
101292 -GLOBAL_EXTERN atomic_t totSmBufAllocCount;
101293 +GLOBAL_EXTERN atomic_unchecked_t totBufAllocCount; /* total allocated over all time */
101294 +GLOBAL_EXTERN atomic_unchecked_t totSmBufAllocCount;
101295 #endif
101296 GLOBAL_EXTERN atomic_t smBufAllocCount;
101297 GLOBAL_EXTERN atomic_t midCount;
101298 diff --git a/fs/cifs/file.c b/fs/cifs/file.c
101299 index 605438a..b8185c2 100644
101300 --- a/fs/cifs/file.c
101301 +++ b/fs/cifs/file.c
101302 @@ -1386,7 +1386,7 @@ cifs_free_llist(struct list_head *llist)
101303
101304 int
101305 cifs_unlock_range(struct cifsFileInfo *cfile, struct file_lock *flock,
101306 - unsigned int xid)
101307 + const unsigned int xid)
101308 {
101309 int rc = 0, stored_rc;
101310 int types[] = {LOCKING_ANDX_LARGE_FILES,
101311 @@ -2072,10 +2072,14 @@ static int cifs_writepages(struct address_space *mapping,
101312 index = mapping->writeback_index; /* Start from prev offset */
101313 end = -1;
101314 } else {
101315 - index = wbc->range_start >> PAGE_SHIFT;
101316 - end = wbc->range_end >> PAGE_SHIFT;
101317 - if (wbc->range_start == 0 && wbc->range_end == LLONG_MAX)
101318 + if (wbc->range_start == 0 && wbc->range_end == LLONG_MAX) {
101319 range_whole = true;
101320 + index = 0;
101321 + end = ULONG_MAX;
101322 + } else {
101323 + index = wbc->range_start >> PAGE_SHIFT;
101324 + end = wbc->range_end >> PAGE_SHIFT;
101325 + }
101326 scanned = true;
101327 }
101328 server = cifs_sb_master_tcon(cifs_sb)->ses->server;
101329 @@ -2549,7 +2553,7 @@ cifs_write_from_iter(loff_t offset, size_t len, struct iov_iter *from,
101330 wdata->pid = pid;
101331 wdata->bytes = cur_len;
101332 wdata->pagesz = PAGE_SIZE;
101333 - wdata->tailsz = cur_len - ((nr_pages - 1) * PAGE_SIZE);
101334 + wdata->tailsz = cur_len - nr_pages * PAGE_SIZE + PAGE_SIZE;
101335 wdata->credits = credits;
101336
101337 if (!wdata->cfile->invalidHandle ||
101338 diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
101339 index c672915..bea28bc 100644
101340 --- a/fs/cifs/misc.c
101341 +++ b/fs/cifs/misc.c
101342 @@ -171,7 +171,7 @@ cifs_buf_get(void)
101343 memset(ret_buf, 0, buf_size + 3);
101344 atomic_inc(&bufAllocCount);
101345 #ifdef CONFIG_CIFS_STATS2
101346 - atomic_inc(&totBufAllocCount);
101347 + atomic_inc_unchecked(&totBufAllocCount);
101348 #endif /* CONFIG_CIFS_STATS2 */
101349 }
101350
101351 @@ -206,7 +206,7 @@ cifs_small_buf_get(void)
101352 /* memset(ret_buf, 0, sizeof(struct smb_hdr) + 27);*/
101353 atomic_inc(&smBufAllocCount);
101354 #ifdef CONFIG_CIFS_STATS2
101355 - atomic_inc(&totSmBufAllocCount);
101356 + atomic_inc_unchecked(&totSmBufAllocCount);
101357 #endif /* CONFIG_CIFS_STATS2 */
101358
101359 }
101360 diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c
101361 index fc537c2..47d654c 100644
101362 --- a/fs/cifs/smb1ops.c
101363 +++ b/fs/cifs/smb1ops.c
101364 @@ -622,27 +622,27 @@ static void
101365 cifs_clear_stats(struct cifs_tcon *tcon)
101366 {
101367 #ifdef CONFIG_CIFS_STATS
101368 - atomic_set(&tcon->stats.cifs_stats.num_writes, 0);
101369 - atomic_set(&tcon->stats.cifs_stats.num_reads, 0);
101370 - atomic_set(&tcon->stats.cifs_stats.num_flushes, 0);
101371 - atomic_set(&tcon->stats.cifs_stats.num_oplock_brks, 0);
101372 - atomic_set(&tcon->stats.cifs_stats.num_opens, 0);
101373 - atomic_set(&tcon->stats.cifs_stats.num_posixopens, 0);
101374 - atomic_set(&tcon->stats.cifs_stats.num_posixmkdirs, 0);
101375 - atomic_set(&tcon->stats.cifs_stats.num_closes, 0);
101376 - atomic_set(&tcon->stats.cifs_stats.num_deletes, 0);
101377 - atomic_set(&tcon->stats.cifs_stats.num_mkdirs, 0);
101378 - atomic_set(&tcon->stats.cifs_stats.num_rmdirs, 0);
101379 - atomic_set(&tcon->stats.cifs_stats.num_renames, 0);
101380 - atomic_set(&tcon->stats.cifs_stats.num_t2renames, 0);
101381 - atomic_set(&tcon->stats.cifs_stats.num_ffirst, 0);
101382 - atomic_set(&tcon->stats.cifs_stats.num_fnext, 0);
101383 - atomic_set(&tcon->stats.cifs_stats.num_fclose, 0);
101384 - atomic_set(&tcon->stats.cifs_stats.num_hardlinks, 0);
101385 - atomic_set(&tcon->stats.cifs_stats.num_symlinks, 0);
101386 - atomic_set(&tcon->stats.cifs_stats.num_locks, 0);
101387 - atomic_set(&tcon->stats.cifs_stats.num_acl_get, 0);
101388 - atomic_set(&tcon->stats.cifs_stats.num_acl_set, 0);
101389 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_writes, 0);
101390 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_reads, 0);
101391 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_flushes, 0);
101392 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_oplock_brks, 0);
101393 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_opens, 0);
101394 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_posixopens, 0);
101395 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_posixmkdirs, 0);
101396 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_closes, 0);
101397 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_deletes, 0);
101398 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_mkdirs, 0);
101399 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_rmdirs, 0);
101400 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_renames, 0);
101401 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_t2renames, 0);
101402 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_ffirst, 0);
101403 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_fnext, 0);
101404 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_fclose, 0);
101405 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_hardlinks, 0);
101406 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_symlinks, 0);
101407 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_locks, 0);
101408 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_acl_get, 0);
101409 + atomic_set_unchecked(&tcon->stats.cifs_stats.num_acl_set, 0);
101410 #endif
101411 }
101412
101413 @@ -651,36 +651,36 @@ cifs_print_stats(struct seq_file *m, struct cifs_tcon *tcon)
101414 {
101415 #ifdef CONFIG_CIFS_STATS
101416 seq_printf(m, " Oplocks breaks: %d",
101417 - atomic_read(&tcon->stats.cifs_stats.num_oplock_brks));
101418 + atomic_read_unchecked(&tcon->stats.cifs_stats.num_oplock_brks));
101419 seq_printf(m, "\nReads: %d Bytes: %llu",
101420 - atomic_read(&tcon->stats.cifs_stats.num_reads),
101421 + atomic_read_unchecked(&tcon->stats.cifs_stats.num_reads),
101422 (long long)(tcon->bytes_read));
101423 seq_printf(m, "\nWrites: %d Bytes: %llu",
101424 - atomic_read(&tcon->stats.cifs_stats.num_writes),
101425 + atomic_read_unchecked(&tcon->stats.cifs_stats.num_writes),
101426 (long long)(tcon->bytes_written));
101427 seq_printf(m, "\nFlushes: %d",
101428 - atomic_read(&tcon->stats.cifs_stats.num_flushes));
101429 + atomic_read_unchecked(&tcon->stats.cifs_stats.num_flushes));
101430 seq_printf(m, "\nLocks: %d HardLinks: %d Symlinks: %d",
101431 - atomic_read(&tcon->stats.cifs_stats.num_locks),
101432 - atomic_read(&tcon->stats.cifs_stats.num_hardlinks),
101433 - atomic_read(&tcon->stats.cifs_stats.num_symlinks));
101434 + atomic_read_unchecked(&tcon->stats.cifs_stats.num_locks),
101435 + atomic_read_unchecked(&tcon->stats.cifs_stats.num_hardlinks),
101436 + atomic_read_unchecked(&tcon->stats.cifs_stats.num_symlinks));
101437 seq_printf(m, "\nOpens: %d Closes: %d Deletes: %d",
101438 - atomic_read(&tcon->stats.cifs_stats.num_opens),
101439 - atomic_read(&tcon->stats.cifs_stats.num_closes),
101440 - atomic_read(&tcon->stats.cifs_stats.num_deletes));
101441 + atomic_read_unchecked(&tcon->stats.cifs_stats.num_opens),
101442 + atomic_read_unchecked(&tcon->stats.cifs_stats.num_closes),
101443 + atomic_read_unchecked(&tcon->stats.cifs_stats.num_deletes));
101444 seq_printf(m, "\nPosix Opens: %d Posix Mkdirs: %d",
101445 - atomic_read(&tcon->stats.cifs_stats.num_posixopens),
101446 - atomic_read(&tcon->stats.cifs_stats.num_posixmkdirs));
101447 + atomic_read_unchecked(&tcon->stats.cifs_stats.num_posixopens),
101448 + atomic_read_unchecked(&tcon->stats.cifs_stats.num_posixmkdirs));
101449 seq_printf(m, "\nMkdirs: %d Rmdirs: %d",
101450 - atomic_read(&tcon->stats.cifs_stats.num_mkdirs),
101451 - atomic_read(&tcon->stats.cifs_stats.num_rmdirs));
101452 + atomic_read_unchecked(&tcon->stats.cifs_stats.num_mkdirs),
101453 + atomic_read_unchecked(&tcon->stats.cifs_stats.num_rmdirs));
101454 seq_printf(m, "\nRenames: %d T2 Renames %d",
101455 - atomic_read(&tcon->stats.cifs_stats.num_renames),
101456 - atomic_read(&tcon->stats.cifs_stats.num_t2renames));
101457 + atomic_read_unchecked(&tcon->stats.cifs_stats.num_renames),
101458 + atomic_read_unchecked(&tcon->stats.cifs_stats.num_t2renames));
101459 seq_printf(m, "\nFindFirst: %d FNext %d FClose %d",
101460 - atomic_read(&tcon->stats.cifs_stats.num_ffirst),
101461 - atomic_read(&tcon->stats.cifs_stats.num_fnext),
101462 - atomic_read(&tcon->stats.cifs_stats.num_fclose));
101463 + atomic_read_unchecked(&tcon->stats.cifs_stats.num_ffirst),
101464 + atomic_read_unchecked(&tcon->stats.cifs_stats.num_fnext),
101465 + atomic_read_unchecked(&tcon->stats.cifs_stats.num_fclose));
101466 #endif
101467 }
101468
101469 diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
101470 index 0e73cef..e4dba34 100644
101471 --- a/fs/cifs/smb2ops.c
101472 +++ b/fs/cifs/smb2ops.c
101473 @@ -427,8 +427,8 @@ smb2_clear_stats(struct cifs_tcon *tcon)
101474 #ifdef CONFIG_CIFS_STATS
101475 int i;
101476 for (i = 0; i < NUMBER_OF_SMB2_COMMANDS; i++) {
101477 - atomic_set(&tcon->stats.smb2_stats.smb2_com_sent[i], 0);
101478 - atomic_set(&tcon->stats.smb2_stats.smb2_com_failed[i], 0);
101479 + atomic_set_unchecked(&tcon->stats.smb2_stats.smb2_com_sent[i], 0);
101480 + atomic_set_unchecked(&tcon->stats.smb2_stats.smb2_com_failed[i], 0);
101481 }
101482 #endif
101483 }
101484 @@ -468,65 +468,65 @@ static void
101485 smb2_print_stats(struct seq_file *m, struct cifs_tcon *tcon)
101486 {
101487 #ifdef CONFIG_CIFS_STATS
101488 - atomic_t *sent = tcon->stats.smb2_stats.smb2_com_sent;
101489 - atomic_t *failed = tcon->stats.smb2_stats.smb2_com_failed;
101490 + atomic_unchecked_t *sent = tcon->stats.smb2_stats.smb2_com_sent;
101491 + atomic_unchecked_t *failed = tcon->stats.smb2_stats.smb2_com_failed;
101492 seq_printf(m, "\nNegotiates: %d sent %d failed",
101493 - atomic_read(&sent[SMB2_NEGOTIATE_HE]),
101494 - atomic_read(&failed[SMB2_NEGOTIATE_HE]));
101495 + atomic_read_unchecked(&sent[SMB2_NEGOTIATE_HE]),
101496 + atomic_read_unchecked(&failed[SMB2_NEGOTIATE_HE]));
101497 seq_printf(m, "\nSessionSetups: %d sent %d failed",
101498 - atomic_read(&sent[SMB2_SESSION_SETUP_HE]),
101499 - atomic_read(&failed[SMB2_SESSION_SETUP_HE]));
101500 + atomic_read_unchecked(&sent[SMB2_SESSION_SETUP_HE]),
101501 + atomic_read_unchecked(&failed[SMB2_SESSION_SETUP_HE]));
101502 seq_printf(m, "\nLogoffs: %d sent %d failed",
101503 - atomic_read(&sent[SMB2_LOGOFF_HE]),
101504 - atomic_read(&failed[SMB2_LOGOFF_HE]));
101505 + atomic_read_unchecked(&sent[SMB2_LOGOFF_HE]),
101506 + atomic_read_unchecked(&failed[SMB2_LOGOFF_HE]));
101507 seq_printf(m, "\nTreeConnects: %d sent %d failed",
101508 - atomic_read(&sent[SMB2_TREE_CONNECT_HE]),
101509 - atomic_read(&failed[SMB2_TREE_CONNECT_HE]));
101510 + atomic_read_unchecked(&sent[SMB2_TREE_CONNECT_HE]),
101511 + atomic_read_unchecked(&failed[SMB2_TREE_CONNECT_HE]));
101512 seq_printf(m, "\nTreeDisconnects: %d sent %d failed",
101513 - atomic_read(&sent[SMB2_TREE_DISCONNECT_HE]),
101514 - atomic_read(&failed[SMB2_TREE_DISCONNECT_HE]));
101515 + atomic_read_unchecked(&sent[SMB2_TREE_DISCONNECT_HE]),
101516 + atomic_read_unchecked(&failed[SMB2_TREE_DISCONNECT_HE]));
101517 seq_printf(m, "\nCreates: %d sent %d failed",
101518 - atomic_read(&sent[SMB2_CREATE_HE]),
101519 - atomic_read(&failed[SMB2_CREATE_HE]));
101520 + atomic_read_unchecked(&sent[SMB2_CREATE_HE]),
101521 + atomic_read_unchecked(&failed[SMB2_CREATE_HE]));
101522 seq_printf(m, "\nCloses: %d sent %d failed",
101523 - atomic_read(&sent[SMB2_CLOSE_HE]),
101524 - atomic_read(&failed[SMB2_CLOSE_HE]));
101525 + atomic_read_unchecked(&sent[SMB2_CLOSE_HE]),
101526 + atomic_read_unchecked(&failed[SMB2_CLOSE_HE]));
101527 seq_printf(m, "\nFlushes: %d sent %d failed",
101528 - atomic_read(&sent[SMB2_FLUSH_HE]),
101529 - atomic_read(&failed[SMB2_FLUSH_HE]));
101530 + atomic_read_unchecked(&sent[SMB2_FLUSH_HE]),
101531 + atomic_read_unchecked(&failed[SMB2_FLUSH_HE]));
101532 seq_printf(m, "\nReads: %d sent %d failed",
101533 - atomic_read(&sent[SMB2_READ_HE]),
101534 - atomic_read(&failed[SMB2_READ_HE]));
101535 + atomic_read_unchecked(&sent[SMB2_READ_HE]),
101536 + atomic_read_unchecked(&failed[SMB2_READ_HE]));
101537 seq_printf(m, "\nWrites: %d sent %d failed",
101538 - atomic_read(&sent[SMB2_WRITE_HE]),
101539 - atomic_read(&failed[SMB2_WRITE_HE]));
101540 + atomic_read_unchecked(&sent[SMB2_WRITE_HE]),
101541 + atomic_read_unchecked(&failed[SMB2_WRITE_HE]));
101542 seq_printf(m, "\nLocks: %d sent %d failed",
101543 - atomic_read(&sent[SMB2_LOCK_HE]),
101544 - atomic_read(&failed[SMB2_LOCK_HE]));
101545 + atomic_read_unchecked(&sent[SMB2_LOCK_HE]),
101546 + atomic_read_unchecked(&failed[SMB2_LOCK_HE]));
101547 seq_printf(m, "\nIOCTLs: %d sent %d failed",
101548 - atomic_read(&sent[SMB2_IOCTL_HE]),
101549 - atomic_read(&failed[SMB2_IOCTL_HE]));
101550 + atomic_read_unchecked(&sent[SMB2_IOCTL_HE]),
101551 + atomic_read_unchecked(&failed[SMB2_IOCTL_HE]));
101552 seq_printf(m, "\nCancels: %d sent %d failed",
101553 - atomic_read(&sent[SMB2_CANCEL_HE]),
101554 - atomic_read(&failed[SMB2_CANCEL_HE]));
101555 + atomic_read_unchecked(&sent[SMB2_CANCEL_HE]),
101556 + atomic_read_unchecked(&failed[SMB2_CANCEL_HE]));
101557 seq_printf(m, "\nEchos: %d sent %d failed",
101558 - atomic_read(&sent[SMB2_ECHO_HE]),
101559 - atomic_read(&failed[SMB2_ECHO_HE]));
101560 + atomic_read_unchecked(&sent[SMB2_ECHO_HE]),
101561 + atomic_read_unchecked(&failed[SMB2_ECHO_HE]));
101562 seq_printf(m, "\nQueryDirectories: %d sent %d failed",
101563 - atomic_read(&sent[SMB2_QUERY_DIRECTORY_HE]),
101564 - atomic_read(&failed[SMB2_QUERY_DIRECTORY_HE]));
101565 + atomic_read_unchecked(&sent[SMB2_QUERY_DIRECTORY_HE]),
101566 + atomic_read_unchecked(&failed[SMB2_QUERY_DIRECTORY_HE]));
101567 seq_printf(m, "\nChangeNotifies: %d sent %d failed",
101568 - atomic_read(&sent[SMB2_CHANGE_NOTIFY_HE]),
101569 - atomic_read(&failed[SMB2_CHANGE_NOTIFY_HE]));
101570 + atomic_read_unchecked(&sent[SMB2_CHANGE_NOTIFY_HE]),
101571 + atomic_read_unchecked(&failed[SMB2_CHANGE_NOTIFY_HE]));
101572 seq_printf(m, "\nQueryInfos: %d sent %d failed",
101573 - atomic_read(&sent[SMB2_QUERY_INFO_HE]),
101574 - atomic_read(&failed[SMB2_QUERY_INFO_HE]));
101575 + atomic_read_unchecked(&sent[SMB2_QUERY_INFO_HE]),
101576 + atomic_read_unchecked(&failed[SMB2_QUERY_INFO_HE]));
101577 seq_printf(m, "\nSetInfos: %d sent %d failed",
101578 - atomic_read(&sent[SMB2_SET_INFO_HE]),
101579 - atomic_read(&failed[SMB2_SET_INFO_HE]));
101580 + atomic_read_unchecked(&sent[SMB2_SET_INFO_HE]),
101581 + atomic_read_unchecked(&failed[SMB2_SET_INFO_HE]));
101582 seq_printf(m, "\nOplockBreaks: %d sent %d failed",
101583 - atomic_read(&sent[SMB2_OPLOCK_BREAK_HE]),
101584 - atomic_read(&failed[SMB2_OPLOCK_BREAK_HE]));
101585 + atomic_read_unchecked(&sent[SMB2_OPLOCK_BREAK_HE]),
101586 + atomic_read_unchecked(&failed[SMB2_OPLOCK_BREAK_HE]));
101587 #endif
101588 }
101589
101590 diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
101591 index 3eec96c..b0c5b76 100644
101592 --- a/fs/cifs/smb2pdu.c
101593 +++ b/fs/cifs/smb2pdu.c
101594 @@ -2430,8 +2430,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
101595 default:
101596 cifs_dbg(VFS, "info level %u isn't supported\n",
101597 srch_inf->info_level);
101598 - rc = -EINVAL;
101599 - goto qdir_exit;
101600 + return -EINVAL;
101601 }
101602
101603 req->FileIndex = cpu_to_le32(index);
101604 diff --git a/fs/coda/cache.c b/fs/coda/cache.c
101605 index 5bb630a..043dc70 100644
101606 --- a/fs/coda/cache.c
101607 +++ b/fs/coda/cache.c
101608 @@ -24,7 +24,7 @@
101609 #include "coda_linux.h"
101610 #include "coda_cache.h"
101611
101612 -static atomic_t permission_epoch = ATOMIC_INIT(0);
101613 +static atomic_unchecked_t permission_epoch = ATOMIC_INIT(0);
101614
101615 /* replace or extend an acl cache hit */
101616 void coda_cache_enter(struct inode *inode, int mask)
101617 @@ -32,7 +32,7 @@ void coda_cache_enter(struct inode *inode, int mask)
101618 struct coda_inode_info *cii = ITOC(inode);
101619
101620 spin_lock(&cii->c_lock);
101621 - cii->c_cached_epoch = atomic_read(&permission_epoch);
101622 + cii->c_cached_epoch = atomic_read_unchecked(&permission_epoch);
101623 if (!uid_eq(cii->c_uid, current_fsuid())) {
101624 cii->c_uid = current_fsuid();
101625 cii->c_cached_perm = mask;
101626 @@ -46,14 +46,14 @@ void coda_cache_clear_inode(struct inode *inode)
101627 {
101628 struct coda_inode_info *cii = ITOC(inode);
101629 spin_lock(&cii->c_lock);
101630 - cii->c_cached_epoch = atomic_read(&permission_epoch) - 1;
101631 + cii->c_cached_epoch = atomic_read_unchecked(&permission_epoch) - 1;
101632 spin_unlock(&cii->c_lock);
101633 }
101634
101635 /* remove all acl caches */
101636 void coda_cache_clear_all(struct super_block *sb)
101637 {
101638 - atomic_inc(&permission_epoch);
101639 + atomic_inc_unchecked(&permission_epoch);
101640 }
101641
101642
101643 @@ -66,7 +66,7 @@ int coda_cache_check(struct inode *inode, int mask)
101644 spin_lock(&cii->c_lock);
101645 hit = (mask & cii->c_cached_perm) == mask &&
101646 uid_eq(cii->c_uid, current_fsuid()) &&
101647 - cii->c_cached_epoch == atomic_read(&permission_epoch);
101648 + cii->c_cached_epoch == atomic_read_unchecked(&permission_epoch);
101649 spin_unlock(&cii->c_lock);
101650
101651 return hit;
101652 diff --git a/fs/coda/dir.c b/fs/coda/dir.c
101653 index 6fb8672..da34e6a 100644
101654 --- a/fs/coda/dir.c
101655 +++ b/fs/coda/dir.c
101656 @@ -29,11 +29,10 @@
101657 #include "coda_int.h"
101658
101659 /* same as fs/bad_inode.c */
101660 -static int coda_return_EIO(void)
101661 +static int coda_mknod(struct inode *inode, struct dentry *dentry, umode_t mode, dev_t dev)
101662 {
101663 return -EIO;
101664 }
101665 -#define CODA_EIO_ERROR ((void *) (coda_return_EIO))
101666
101667 /* inode operations for directories */
101668 /* access routines: lookup, readlink, permission */
101669 @@ -568,7 +567,7 @@ const struct inode_operations coda_dir_inode_operations = {
101670 .symlink = coda_symlink,
101671 .mkdir = coda_mkdir,
101672 .rmdir = coda_rmdir,
101673 - .mknod = CODA_EIO_ERROR,
101674 + .mknod = coda_mknod,
101675 .rename = coda_rename,
101676 .permission = coda_permission,
101677 .getattr = coda_getattr,
101678 diff --git a/fs/compat.c b/fs/compat.c
101679 index be6e48b..f7baebf 100644
101680 --- a/fs/compat.c
101681 +++ b/fs/compat.c
101682 @@ -54,7 +54,7 @@
101683 #include <asm/ioctls.h>
101684 #include "internal.h"
101685
101686 -int compat_log = 1;
101687 +int compat_log = 0;
101688
101689 int compat_printk(const char *fmt, ...)
101690 {
101691 @@ -512,7 +512,7 @@ COMPAT_SYSCALL_DEFINE2(io_setup, unsigned, nr_reqs, u32 __user *, ctx32p)
101692
101693 set_fs(KERNEL_DS);
101694 /* The __user pointer cast is valid because of the set_fs() */
101695 - ret = sys_io_setup(nr_reqs, (aio_context_t __user *) &ctx64);
101696 + ret = sys_io_setup(nr_reqs, (aio_context_t __force_user *) &ctx64);
101697 set_fs(oldfs);
101698 /* truncating is ok because it's a user address */
101699 if (!ret)
101700 @@ -562,7 +562,7 @@ ssize_t compat_rw_copy_check_uvector(int type,
101701 goto out;
101702
101703 ret = -EINVAL;
101704 - if (nr_segs > UIO_MAXIOV || nr_segs < 0)
101705 + if (nr_segs > UIO_MAXIOV)
101706 goto out;
101707 if (nr_segs > fast_segs) {
101708 ret = -ENOMEM;
101709 @@ -843,6 +843,7 @@ struct compat_old_linux_dirent {
101710 struct compat_readdir_callback {
101711 struct dir_context ctx;
101712 struct compat_old_linux_dirent __user *dirent;
101713 + struct file * file;
101714 int result;
101715 };
101716
101717 @@ -862,6 +863,10 @@ static int compat_fillonedir(struct dir_context *ctx, const char *name,
101718 buf->result = -EOVERFLOW;
101719 return -EOVERFLOW;
101720 }
101721 +
101722 + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
101723 + return 0;
101724 +
101725 buf->result++;
101726 dirent = buf->dirent;
101727 if (!access_ok(VERIFY_WRITE, dirent,
101728 @@ -893,6 +898,7 @@ COMPAT_SYSCALL_DEFINE3(old_readdir, unsigned int, fd,
101729 if (!f.file)
101730 return -EBADF;
101731
101732 + buf.file = f.file;
101733 error = iterate_dir(f.file, &buf.ctx);
101734 if (buf.result)
101735 error = buf.result;
101736 @@ -912,6 +918,7 @@ struct compat_getdents_callback {
101737 struct dir_context ctx;
101738 struct compat_linux_dirent __user *current_dir;
101739 struct compat_linux_dirent __user *previous;
101740 + struct file * file;
101741 int count;
101742 int error;
101743 };
101744 @@ -934,6 +941,10 @@ static int compat_filldir(struct dir_context *ctx, const char *name, int namlen,
101745 buf->error = -EOVERFLOW;
101746 return -EOVERFLOW;
101747 }
101748 +
101749 + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
101750 + return 0;
101751 +
101752 dirent = buf->previous;
101753 if (dirent) {
101754 if (signal_pending(current))
101755 @@ -981,6 +992,7 @@ COMPAT_SYSCALL_DEFINE3(getdents, unsigned int, fd,
101756 if (!f.file)
101757 return -EBADF;
101758
101759 + buf.file = f.file;
101760 error = iterate_dir(f.file, &buf.ctx);
101761 if (error >= 0)
101762 error = buf.error;
101763 @@ -1001,6 +1013,7 @@ struct compat_getdents_callback64 {
101764 struct dir_context ctx;
101765 struct linux_dirent64 __user *current_dir;
101766 struct linux_dirent64 __user *previous;
101767 + struct file * file;
101768 int count;
101769 int error;
101770 };
101771 @@ -1019,6 +1032,10 @@ static int compat_filldir64(struct dir_context *ctx, const char *name,
101772 buf->error = -EINVAL; /* only used if we fail.. */
101773 if (reclen > buf->count)
101774 return -EINVAL;
101775 +
101776 + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
101777 + return 0;
101778 +
101779 dirent = buf->previous;
101780
101781 if (dirent) {
101782 @@ -1070,13 +1087,13 @@ COMPAT_SYSCALL_DEFINE3(getdents64, unsigned int, fd,
101783 if (!f.file)
101784 return -EBADF;
101785
101786 + buf.file = f.file;
101787 error = iterate_dir(f.file, &buf.ctx);
101788 if (error >= 0)
101789 error = buf.error;
101790 lastdirent = buf.previous;
101791 if (lastdirent) {
101792 - typeof(lastdirent->d_off) d_off = buf.ctx.pos;
101793 - if (__put_user_unaligned(d_off, &lastdirent->d_off))
101794 + if (__put_user_unaligned(buf.ctx.pos, &lastdirent->d_off))
101795 error = -EFAULT;
101796 else
101797 error = count - buf.count;
101798 @@ -1331,7 +1348,7 @@ COMPAT_SYSCALL_DEFINE5(select, int, n, compat_ulong_t __user *, inp,
101799 }
101800
101801 struct compat_sel_arg_struct {
101802 - compat_ulong_t n;
101803 + compat_long_t n;
101804 compat_uptr_t inp;
101805 compat_uptr_t outp;
101806 compat_uptr_t exp;
101807 diff --git a/fs/compat_binfmt_elf.c b/fs/compat_binfmt_elf.c
101808 index 4d24d17..4f8c09e 100644
101809 --- a/fs/compat_binfmt_elf.c
101810 +++ b/fs/compat_binfmt_elf.c
101811 @@ -30,11 +30,13 @@
101812 #undef elf_phdr
101813 #undef elf_shdr
101814 #undef elf_note
101815 +#undef elf_dyn
101816 #undef elf_addr_t
101817 #define elfhdr elf32_hdr
101818 #define elf_phdr elf32_phdr
101819 #define elf_shdr elf32_shdr
101820 #define elf_note elf32_note
101821 +#define elf_dyn Elf32_Dyn
101822 #define elf_addr_t Elf32_Addr
101823
101824 /*
101825 diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
101826 index c1e9f29..4ea2e52 100644
101827 --- a/fs/compat_ioctl.c
101828 +++ b/fs/compat_ioctl.c
101829 @@ -646,7 +646,7 @@ static int serial_struct_ioctl(struct file *file,
101830 if (copy_in_user(ss, ss32, offsetof(SS32, iomem_base)) ||
101831 get_user(udata, &ss32->iomem_base))
101832 return -EFAULT;
101833 - iomem_base = compat_ptr(udata);
101834 + iomem_base = (unsigned char __force_kernel *)compat_ptr(udata);
101835 if (put_user(iomem_base, &ss->iomem_base) ||
101836 convert_in_user(&ss32->iomem_reg_shift,
101837 &ss->iomem_reg_shift) ||
101838 @@ -728,8 +728,8 @@ static int do_i2c_rdwr_ioctl(struct file *file,
101839 for (i = 0; i < nmsgs; i++) {
101840 if (copy_in_user(&tmsgs[i].addr, &umsgs[i].addr, 3*sizeof(u16)))
101841 return -EFAULT;
101842 - if (get_user(datap, &umsgs[i].buf) ||
101843 - put_user(compat_ptr(datap), &tmsgs[i].buf))
101844 + if (get_user(datap, (compat_caddr_t __user *)&umsgs[i].buf) ||
101845 + put_user(compat_ptr(datap), (u8 __user * __user *)&tmsgs[i].buf))
101846 return -EFAULT;
101847 }
101848 return do_ioctl(file, cmd, (unsigned long)tdata);
101849 @@ -820,7 +820,7 @@ static int compat_ioctl_preallocate(struct file *file,
101850 copy_in_user(&p->l_len, &p32->l_len, sizeof(s64)) ||
101851 copy_in_user(&p->l_sysid, &p32->l_sysid, sizeof(s32)) ||
101852 copy_in_user(&p->l_pid, &p32->l_pid, sizeof(u32)) ||
101853 - copy_in_user(&p->l_pad, &p32->l_pad, 4*sizeof(u32)))
101854 + copy_in_user(p->l_pad, p32->l_pad, 4*sizeof(u32)))
101855 return -EFAULT;
101856
101857 return ioctl_preallocate(file, p);
101858 @@ -1629,8 +1629,8 @@ COMPAT_SYSCALL_DEFINE3(ioctl, unsigned int, fd, unsigned int, cmd,
101859 static int __init init_sys32_ioctl_cmp(const void *p, const void *q)
101860 {
101861 unsigned int a, b;
101862 - a = *(unsigned int *)p;
101863 - b = *(unsigned int *)q;
101864 + a = *(const unsigned int *)p;
101865 + b = *(const unsigned int *)q;
101866 if (a > b)
101867 return 1;
101868 if (a < b)
101869 diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c
101870 index 56fb261..8c808f1 100644
101871 --- a/fs/configfs/dir.c
101872 +++ b/fs/configfs/dir.c
101873 @@ -1638,7 +1638,7 @@ static int configfs_readdir(struct file *file, struct dir_context *ctx)
101874 list_move(q, &parent_sd->s_children);
101875 for (p = q->next; p != &parent_sd->s_children; p = p->next) {
101876 struct configfs_dirent *next;
101877 - const char *name;
101878 + const unsigned char * name;
101879 int len;
101880 struct inode *inode = NULL;
101881
101882 diff --git a/fs/coredump.c b/fs/coredump.c
101883 index 281b768..f39dcdf 100644
101884 --- a/fs/coredump.c
101885 +++ b/fs/coredump.c
101886 @@ -483,8 +483,8 @@ static void wait_for_dump_helpers(struct file *file)
101887 struct pipe_inode_info *pipe = file->private_data;
101888
101889 pipe_lock(pipe);
101890 - pipe->readers++;
101891 - pipe->writers--;
101892 + atomic_inc(&pipe->readers);
101893 + atomic_dec(&pipe->writers);
101894 wake_up_interruptible_sync(&pipe->wait);
101895 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
101896 pipe_unlock(pipe);
101897 @@ -493,11 +493,11 @@ static void wait_for_dump_helpers(struct file *file)
101898 * We actually want wait_event_freezable() but then we need
101899 * to clear TIF_SIGPENDING and improve dump_interrupted().
101900 */
101901 - wait_event_interruptible(pipe->wait, pipe->readers == 1);
101902 + wait_event_interruptible(pipe->wait, atomic_read(&pipe->readers) == 1);
101903
101904 pipe_lock(pipe);
101905 - pipe->readers--;
101906 - pipe->writers++;
101907 + atomic_dec(&pipe->readers);
101908 + atomic_inc(&pipe->writers);
101909 pipe_unlock(pipe);
101910 }
101911
101912 @@ -544,7 +544,9 @@ void do_coredump(const siginfo_t *siginfo)
101913 /* require nonrelative corefile path and be extra careful */
101914 bool need_suid_safe = false;
101915 bool core_dumped = false;
101916 - static atomic_t core_dump_count = ATOMIC_INIT(0);
101917 + static atomic_unchecked_t core_dump_count = ATOMIC_INIT(0);
101918 + long signr = siginfo->si_signo;
101919 + int dumpable;
101920 struct coredump_params cprm = {
101921 .siginfo = siginfo,
101922 .regs = signal_pt_regs(),
101923 @@ -557,12 +559,17 @@ void do_coredump(const siginfo_t *siginfo)
101924 .mm_flags = mm->flags,
101925 };
101926
101927 - audit_core_dumps(siginfo->si_signo);
101928 + audit_core_dumps(signr);
101929 +
101930 + dumpable = __get_dumpable(cprm.mm_flags);
101931 +
101932 + if (signr == SIGSEGV || signr == SIGBUS || signr == SIGKILL || signr == SIGILL)
101933 + gr_handle_brute_attach(dumpable);
101934
101935 binfmt = mm->binfmt;
101936 if (!binfmt || !binfmt->core_dump)
101937 goto fail;
101938 - if (!__get_dumpable(cprm.mm_flags))
101939 + if (!dumpable)
101940 goto fail;
101941
101942 cred = prepare_creds();
101943 @@ -580,7 +587,7 @@ void do_coredump(const siginfo_t *siginfo)
101944 need_suid_safe = true;
101945 }
101946
101947 - retval = coredump_wait(siginfo->si_signo, &core_state);
101948 + retval = coredump_wait(signr, &core_state);
101949 if (retval < 0)
101950 goto fail_creds;
101951
101952 @@ -623,7 +630,7 @@ void do_coredump(const siginfo_t *siginfo)
101953 }
101954 cprm.limit = RLIM_INFINITY;
101955
101956 - dump_count = atomic_inc_return(&core_dump_count);
101957 + dump_count = atomic_inc_return_unchecked(&core_dump_count);
101958 if (core_pipe_limit && (core_pipe_limit < dump_count)) {
101959 printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n",
101960 task_tgid_vnr(current), current->comm);
101961 @@ -657,6 +664,8 @@ void do_coredump(const siginfo_t *siginfo)
101962 int open_flags = O_CREAT | O_RDWR | O_NOFOLLOW |
101963 O_LARGEFILE | O_EXCL;
101964
101965 + gr_learn_resource(current, RLIMIT_CORE, binfmt->min_coredump, 1);
101966 +
101967 if (cprm.limit < binfmt->min_coredump)
101968 goto fail_unlock;
101969
101970 @@ -682,7 +691,7 @@ void do_coredump(const siginfo_t *siginfo)
101971 * If it doesn't exist, that's fine. If there's some
101972 * other problem, we'll catch it at the filp_open().
101973 */
101974 - (void) sys_unlink((const char __user *)cn.corename);
101975 + (void) sys_unlink((const char __force_user *)cn.corename);
101976 set_fs(old_fs);
101977 }
101978
101979 @@ -763,7 +772,7 @@ close_fail:
101980 filp_close(cprm.file, NULL);
101981 fail_dropcount:
101982 if (ispipe)
101983 - atomic_dec(&core_dump_count);
101984 + atomic_dec_unchecked(&core_dump_count);
101985 fail_unlock:
101986 kfree(cn.corename);
101987 coredump_finish(mm, core_dumped);
101988 @@ -784,6 +793,8 @@ int dump_emit(struct coredump_params *cprm, const void *addr, int nr)
101989 struct file *file = cprm->file;
101990 loff_t pos = file->f_pos;
101991 ssize_t n;
101992 +
101993 + gr_learn_resource(current, RLIMIT_CORE, cprm->written + nr, 1);
101994 if (cprm->written + nr > cprm->limit)
101995 return 0;
101996 while (nr) {
101997 diff --git a/fs/dcache.c b/fs/dcache.c
101998 index 5c7cc95..58840d7 100644
101999 --- a/fs/dcache.c
102000 +++ b/fs/dcache.c
102001 @@ -321,8 +321,9 @@ static void dentry_free(struct dentry *dentry)
102002 * d_iput() operation if defined.
102003 */
102004 static void dentry_unlink_inode(struct dentry * dentry)
102005 - __releases(dentry->d_lock)
102006 - __releases(dentry->d_inode->i_lock)
102007 + __releases(&dentry->d_lock)
102008 + __releases(&dentry->d_inode->i_lock);
102009 +static void dentry_unlink_inode(struct dentry * dentry)
102010 {
102011 struct inode *inode = dentry->d_inode;
102012 bool hashed = !d_unhashed(dentry);
102013 @@ -559,7 +560,8 @@ static void __dentry_kill(struct dentry *dentry)
102014 * Returns dentry requiring refcount drop, or NULL if we're done.
102015 */
102016 static struct dentry *dentry_kill(struct dentry *dentry)
102017 - __releases(dentry->d_lock)
102018 + __releases(&dentry->d_lock);
102019 +static struct dentry *dentry_kill(struct dentry *dentry)
102020 {
102021 struct inode *inode = dentry->d_inode;
102022 struct dentry *parent = NULL;
102023 @@ -589,7 +591,7 @@ static inline struct dentry *lock_parent(struct dentry *dentry)
102024 struct dentry *parent = dentry->d_parent;
102025 if (IS_ROOT(dentry))
102026 return NULL;
102027 - if (unlikely(dentry->d_lockref.count < 0))
102028 + if (unlikely(__lockref_read(&dentry->d_lockref) < 0))
102029 return NULL;
102030 if (likely(spin_trylock(&parent->d_lock)))
102031 return parent;
102032 @@ -651,8 +653,8 @@ static inline bool fast_dput(struct dentry *dentry)
102033 */
102034 if (unlikely(ret < 0)) {
102035 spin_lock(&dentry->d_lock);
102036 - if (dentry->d_lockref.count > 1) {
102037 - dentry->d_lockref.count--;
102038 + if (__lockref_read(&dentry->d_lockref) > 1) {
102039 + __lockref_dec(&dentry->d_lockref);
102040 spin_unlock(&dentry->d_lock);
102041 return 1;
102042 }
102043 @@ -707,7 +709,7 @@ static inline bool fast_dput(struct dentry *dentry)
102044 * else could have killed it and marked it dead. Either way, we
102045 * don't need to do anything else.
102046 */
102047 - if (dentry->d_lockref.count) {
102048 + if (__lockref_read(&dentry->d_lockref)) {
102049 spin_unlock(&dentry->d_lock);
102050 return 1;
102051 }
102052 @@ -717,7 +719,7 @@ static inline bool fast_dput(struct dentry *dentry)
102053 * lock, and we just tested that it was zero, so we can just
102054 * set it to 1.
102055 */
102056 - dentry->d_lockref.count = 1;
102057 + __lockref_set(&dentry->d_lockref, 1);
102058 return 0;
102059 }
102060
102061 @@ -754,8 +756,6 @@ void dput(struct dentry *dentry)
102062 return;
102063
102064 repeat:
102065 - might_sleep();
102066 -
102067 rcu_read_lock();
102068 if (likely(fast_dput(dentry))) {
102069 rcu_read_unlock();
102070 @@ -783,7 +783,7 @@ repeat:
102071 dentry->d_flags |= DCACHE_REFERENCED;
102072 dentry_lru_add(dentry);
102073
102074 - dentry->d_lockref.count--;
102075 + __lockref_dec(&dentry->d_lockref);
102076 spin_unlock(&dentry->d_lock);
102077 return;
102078
102079 @@ -800,7 +800,7 @@ EXPORT_SYMBOL(dput);
102080 /* This must be called with d_lock held */
102081 static inline void __dget_dlock(struct dentry *dentry)
102082 {
102083 - dentry->d_lockref.count++;
102084 + __lockref_inc(&dentry->d_lockref);
102085 }
102086
102087 static inline void __dget(struct dentry *dentry)
102088 @@ -841,8 +841,8 @@ repeat:
102089 goto repeat;
102090 }
102091 rcu_read_unlock();
102092 - BUG_ON(!ret->d_lockref.count);
102093 - ret->d_lockref.count++;
102094 + BUG_ON(!__lockref_read(&ret->d_lockref));
102095 + __lockref_inc(&ret->d_lockref);
102096 spin_unlock(&ret->d_lock);
102097 return ret;
102098 }
102099 @@ -920,9 +920,9 @@ restart:
102100 spin_lock(&inode->i_lock);
102101 hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) {
102102 spin_lock(&dentry->d_lock);
102103 - if (!dentry->d_lockref.count) {
102104 + if (!__lockref_read(&dentry->d_lockref)) {
102105 struct dentry *parent = lock_parent(dentry);
102106 - if (likely(!dentry->d_lockref.count)) {
102107 + if (likely(!__lockref_read(&dentry->d_lockref))) {
102108 __dentry_kill(dentry);
102109 dput(parent);
102110 goto restart;
102111 @@ -957,7 +957,7 @@ static void shrink_dentry_list(struct list_head *list)
102112 * We found an inuse dentry which was not removed from
102113 * the LRU because of laziness during lookup. Do not free it.
102114 */
102115 - if (dentry->d_lockref.count > 0) {
102116 + if (__lockref_read(&dentry->d_lockref) > 0) {
102117 spin_unlock(&dentry->d_lock);
102118 if (parent)
102119 spin_unlock(&parent->d_lock);
102120 @@ -995,8 +995,8 @@ static void shrink_dentry_list(struct list_head *list)
102121 dentry = parent;
102122 while (dentry && !lockref_put_or_lock(&dentry->d_lockref)) {
102123 parent = lock_parent(dentry);
102124 - if (dentry->d_lockref.count != 1) {
102125 - dentry->d_lockref.count--;
102126 + if (__lockref_read(&dentry->d_lockref) != 1) {
102127 + __lockref_inc(&dentry->d_lockref);
102128 spin_unlock(&dentry->d_lock);
102129 if (parent)
102130 spin_unlock(&parent->d_lock);
102131 @@ -1036,7 +1036,7 @@ static enum lru_status dentry_lru_isolate(struct list_head *item,
102132 * counts, just remove them from the LRU. Otherwise give them
102133 * another pass through the LRU.
102134 */
102135 - if (dentry->d_lockref.count) {
102136 + if (__lockref_read(&dentry->d_lockref)) {
102137 d_lru_isolate(lru, dentry);
102138 spin_unlock(&dentry->d_lock);
102139 return LRU_REMOVED;
102140 @@ -1373,7 +1373,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry)
102141 } else {
102142 if (dentry->d_flags & DCACHE_LRU_LIST)
102143 d_lru_del(dentry);
102144 - if (!dentry->d_lockref.count) {
102145 + if (!__lockref_read(&dentry->d_lockref)) {
102146 d_shrink_add(dentry, &data->dispose);
102147 data->found++;
102148 }
102149 @@ -1421,7 +1421,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry)
102150 return D_WALK_CONTINUE;
102151
102152 /* root with refcount 1 is fine */
102153 - if (dentry == _data && dentry->d_lockref.count == 1)
102154 + if (dentry == _data && __lockref_read(&dentry->d_lockref) == 1)
102155 return D_WALK_CONTINUE;
102156
102157 printk(KERN_ERR "BUG: Dentry %p{i=%lx,n=%pd} "
102158 @@ -1430,7 +1430,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry)
102159 dentry->d_inode ?
102160 dentry->d_inode->i_ino : 0UL,
102161 dentry,
102162 - dentry->d_lockref.count,
102163 + __lockref_read(&dentry->d_lockref),
102164 dentry->d_sb->s_type->name,
102165 dentry->d_sb->s_id);
102166 WARN_ON(1);
102167 @@ -1576,7 +1576,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
102168 dname = dentry->d_iname;
102169 } else if (name->len > DNAME_INLINE_LEN-1) {
102170 size_t size = offsetof(struct external_name, name[1]);
102171 - struct external_name *p = kmalloc(size + name->len,
102172 + struct external_name *p = kmalloc(round_up(size + name->len, sizeof(unsigned long)),
102173 GFP_KERNEL_ACCOUNT);
102174 if (!p) {
102175 kmem_cache_free(dentry_cache, dentry);
102176 @@ -1600,7 +1600,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
102177 smp_wmb();
102178 dentry->d_name.name = dname;
102179
102180 - dentry->d_lockref.count = 1;
102181 + __lockref_set(&dentry->d_lockref, 1);
102182 dentry->d_flags = 0;
102183 spin_lock_init(&dentry->d_lock);
102184 seqcount_init(&dentry->d_seq);
102185 @@ -1609,6 +1609,9 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
102186 dentry->d_sb = sb;
102187 dentry->d_op = NULL;
102188 dentry->d_fsdata = NULL;
102189 +#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME
102190 + atomic_set(&dentry->chroot_refcnt, 0);
102191 +#endif
102192 INIT_HLIST_BL_NODE(&dentry->d_hash);
102193 INIT_LIST_HEAD(&dentry->d_lru);
102194 INIT_LIST_HEAD(&dentry->d_subdirs);
102195 @@ -2250,7 +2253,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name)
102196 if (!d_same_name(dentry, parent, name))
102197 goto next;
102198
102199 - dentry->d_lockref.count++;
102200 + __lockref_inc(&dentry->d_lockref);
102201 found = dentry;
102202 spin_unlock(&dentry->d_lock);
102203 break;
102204 @@ -2318,7 +2321,7 @@ again:
102205 spin_lock(&dentry->d_lock);
102206 inode = dentry->d_inode;
102207 isdir = S_ISDIR(inode->i_mode);
102208 - if (dentry->d_lockref.count == 1) {
102209 + if (__lockref_read(&dentry->d_lockref) == 1) {
102210 if (!spin_trylock(&inode->i_lock)) {
102211 spin_unlock(&dentry->d_lock);
102212 cpu_relax();
102213 @@ -3500,7 +3503,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry)
102214
102215 if (!(dentry->d_flags & DCACHE_GENOCIDE)) {
102216 dentry->d_flags |= DCACHE_GENOCIDE;
102217 - dentry->d_lockref.count--;
102218 + __lockref_dec(&dentry->d_lockref);
102219 }
102220 }
102221 return D_WALK_CONTINUE;
102222 @@ -3571,8 +3574,8 @@ static void __init dcache_init(void)
102223 * but it is probably not worth it because of the cache nature
102224 * of the dcache.
102225 */
102226 - dentry_cache = KMEM_CACHE(dentry,
102227 - SLAB_RECLAIM_ACCOUNT|SLAB_PANIC|SLAB_MEM_SPREAD|SLAB_ACCOUNT);
102228 + dentry_cache = KMEM_CACHE_USERCOPY(dentry,
102229 + SLAB_RECLAIM_ACCOUNT|SLAB_PANIC|SLAB_MEM_SPREAD|SLAB_ACCOUNT, d_iname);
102230
102231 /* Hash may have been set up in dcache_init_early */
102232 if (!hashdist)
102233 @@ -3607,8 +3610,9 @@ void __init vfs_caches_init_early(void)
102234
102235 void __init vfs_caches_init(void)
102236 {
102237 - names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
102238 - SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
102239 + names_cachep = kmem_cache_create_usercopy("names_cache", PATH_MAX, 0,
102240 + SLAB_HWCACHE_ALIGN|SLAB_PANIC| SLAB_NO_SANITIZE,
102241 + 0, PATH_MAX, NULL);
102242
102243 dcache_init();
102244 inode_init();
102245 diff --git a/fs/debugfs/file.c b/fs/debugfs/file.c
102246 index 309f4e9..6747d80 100644
102247 --- a/fs/debugfs/file.c
102248 +++ b/fs/debugfs/file.c
102249 @@ -209,7 +209,7 @@ static int full_proxy_release(struct inode *inode, struct file *filp)
102250 return 0;
102251 }
102252
102253 -static void __full_proxy_fops_init(struct file_operations *proxy_fops,
102254 +static void __full_proxy_fops_init(file_operations_no_const *proxy_fops,
102255 const struct file_operations *real_fops)
102256 {
102257 proxy_fops->release = full_proxy_release;
102258 @@ -229,7 +229,7 @@ static int full_proxy_open(struct inode *inode, struct file *filp)
102259 {
102260 const struct dentry *dentry = F_DENTRY(filp);
102261 const struct file_operations *real_fops = NULL;
102262 - struct file_operations *proxy_fops = NULL;
102263 + file_operations_no_const *proxy_fops = NULL;
102264 int srcu_idx, r;
102265
102266 r = debugfs_use_file_start(dentry, &srcu_idx);
102267 @@ -734,6 +734,43 @@ struct dentry *debugfs_create_atomic_t(const char *name, umode_t mode,
102268 }
102269 EXPORT_SYMBOL_GPL(debugfs_create_atomic_t);
102270
102271 +static int debugfs_atomic_unchecked_t_set(void *data, u64 val)
102272 +{
102273 + atomic_set_unchecked((atomic_unchecked_t *)data, val);
102274 + return 0;
102275 +}
102276 +static int debugfs_atomic_unchecked_t_get(void *data, u64 *val)
102277 +{
102278 + *val = atomic_read_unchecked((atomic_unchecked_t *)data);
102279 + return 0;
102280 +}
102281 +DEFINE_DEBUGFS_ATTRIBUTE(fops_atomic_unchecked_t, debugfs_atomic_unchecked_t_get,
102282 + debugfs_atomic_unchecked_t_set, "%lld\n");
102283 +DEFINE_DEBUGFS_ATTRIBUTE(fops_atomic_unchecked_t_ro, debugfs_atomic_unchecked_t_get, NULL,
102284 + "%lld\n");
102285 +DEFINE_DEBUGFS_ATTRIBUTE(fops_atomic_unchecked_t_wo, NULL, debugfs_atomic_unchecked_t_set,
102286 + "%lld\n");
102287 +
102288 +/**
102289 + * debugfs_create_atomic_unchecked_t - create a debugfs file that is used to read and
102290 + * write an atomic_unchecked_t value
102291 + * @name: a pointer to a string containing the name of the file to create.
102292 + * @mode: the permission that the file should have
102293 + * @parent: a pointer to the parent dentry for this file. This should be a
102294 + * directory dentry if set. If this parameter is %NULL, then the
102295 + * file will be created in the root of the debugfs filesystem.
102296 + * @value: a pointer to the variable that the file should read to and write
102297 + * from.
102298 + */
102299 +struct dentry *debugfs_create_atomic_unchecked_t(const char *name, umode_t mode,
102300 + struct dentry *parent, atomic_unchecked_t *value)
102301 +{
102302 + return debugfs_create_mode_unsafe(name, mode, parent, value,
102303 + &fops_atomic_unchecked_t, &fops_atomic_unchecked_t_ro,
102304 + &fops_atomic_unchecked_t_wo);
102305 +}
102306 +EXPORT_SYMBOL_GPL(debugfs_create_atomic_unchecked_t);
102307 +
102308 ssize_t debugfs_read_file_bool(struct file *file, char __user *user_buf,
102309 size_t count, loff_t *ppos)
102310 {
102311 diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
102312 index 72361ba..21d833e 100644
102313 --- a/fs/debugfs/inode.c
102314 +++ b/fs/debugfs/inode.c
102315 @@ -253,6 +253,10 @@ static struct dentry *start_creating(const char *name, struct dentry *parent)
102316 struct dentry *dentry;
102317 int error;
102318
102319 +#ifdef CONFIG_GRKERNSEC_KMEM
102320 + return ERR_PTR(-ENODEV);
102321 +#endif
102322 +
102323 pr_debug("debugfs: creating file '%s'\n",name);
102324
102325 if (IS_ERR(parent))
102326 @@ -466,6 +470,10 @@ EXPORT_SYMBOL_GPL(debugfs_create_file_size);
102327 * If debugfs is not enabled in the kernel, the value -%ENODEV will be
102328 * returned.
102329 */
102330 +#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT
102331 +extern int grsec_enable_sysfs_restrict;
102332 +#endif
102333 +
102334 struct dentry *debugfs_create_dir(const char *name, struct dentry *parent)
102335 {
102336 struct dentry *dentry = start_creating(name, parent);
102337 @@ -478,7 +486,12 @@ struct dentry *debugfs_create_dir(const char *name, struct dentry *parent)
102338 if (unlikely(!inode))
102339 return failed_creating(dentry);
102340
102341 - inode->i_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO;
102342 +#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT
102343 + if (grsec_enable_sysfs_restrict)
102344 + inode->i_mode = S_IFDIR | S_IRWXU;
102345 + else
102346 +#endif
102347 + inode->i_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO;
102348 inode->i_op = &simple_dir_inode_operations;
102349 inode->i_fop = &simple_dir_operations;
102350
102351 @@ -782,6 +795,10 @@ static int __init debugfs_init(void)
102352 {
102353 int retval;
102354
102355 +#ifdef CONFIG_GRKERNSEC_KMEM
102356 + return -ENOSYS;
102357 +#endif
102358 +
102359 retval = sysfs_create_mount_point(kernel_kobj, "debug");
102360 if (retval)
102361 return retval;
102362 diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
102363 index 9d153b6..60baa46 100644
102364 --- a/fs/ecryptfs/inode.c
102365 +++ b/fs/ecryptfs/inode.c
102366 @@ -639,7 +639,7 @@ static char *ecryptfs_readlink_lower(struct dentry *dentry, size_t *bufsiz)
102367 old_fs = get_fs();
102368 set_fs(get_ds());
102369 rc = d_inode(lower_dentry)->i_op->readlink(lower_dentry,
102370 - (char __user *)lower_buf,
102371 + (char __force_user *)lower_buf,
102372 PATH_MAX);
102373 set_fs(old_fs);
102374 if (rc < 0)
102375 diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
102376 index e4141f2..d8263e8 100644
102377 --- a/fs/ecryptfs/miscdev.c
102378 +++ b/fs/ecryptfs/miscdev.c
102379 @@ -304,7 +304,7 @@ check_list:
102380 goto out_unlock_msg_ctx;
102381 i = PKT_TYPE_SIZE + PKT_CTR_SIZE;
102382 if (msg_ctx->msg) {
102383 - if (copy_to_user(&buf[i], packet_length, packet_length_size))
102384 + if (packet_length_size > sizeof(packet_length) || copy_to_user(&buf[i], packet_length, packet_length_size))
102385 goto out_unlock_msg_ctx;
102386 i += packet_length_size;
102387 if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
102388 diff --git a/fs/exec.c b/fs/exec.c
102389 index 6fcfb3f..840422d2 100644
102390 --- a/fs/exec.c
102391 +++ b/fs/exec.c
102392 @@ -57,8 +57,20 @@
102393 #include <linux/oom.h>
102394 #include <linux/compat.h>
102395 #include <linux/vmalloc.h>
102396 +#include <linux/random.h>
102397 +#include <linux/seq_file.h>
102398 +#include <linux/coredump.h>
102399 +#include <linux/mman.h>
102400 +
102401 +#ifdef CONFIG_PAX_REFCOUNT
102402 +#include <linux/kallsyms.h>
102403 +#include <linux/kdebug.h>
102404 +#endif
102405 +
102406 +#include <trace/events/fs.h>
102407
102408 #include <asm/uaccess.h>
102409 +#include <asm/sections.h>
102410 #include <asm/mmu_context.h>
102411 #include <asm/tlb.h>
102412
102413 @@ -67,19 +79,34 @@
102414
102415 #include <trace/events/sched.h>
102416
102417 +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
102418 +void __weak pax_set_initial_flags(struct linux_binprm *bprm)
102419 +{
102420 + pr_warn_once("PAX: PAX_HAVE_ACL_FLAGS was enabled without providing the pax_set_initial_flags callback, this is probably not what you wanted.\n");
102421 +}
102422 +#endif
102423 +
102424 +#ifdef CONFIG_PAX_HOOK_ACL_FLAGS
102425 +void (*pax_set_initial_flags_func)(struct linux_binprm *bprm);
102426 +EXPORT_SYMBOL(pax_set_initial_flags_func);
102427 +#endif
102428 +
102429 int suid_dumpable = 0;
102430
102431 static LIST_HEAD(formats);
102432 static DEFINE_RWLOCK(binfmt_lock);
102433
102434 +extern int gr_process_kernel_exec_ban(void);
102435 +extern int gr_process_sugid_exec_ban(const struct linux_binprm *bprm);
102436 +
102437 void __register_binfmt(struct linux_binfmt * fmt, int insert)
102438 {
102439 BUG_ON(!fmt);
102440 if (WARN_ON(!fmt->load_binary))
102441 return;
102442 write_lock(&binfmt_lock);
102443 - insert ? list_add(&fmt->lh, &formats) :
102444 - list_add_tail(&fmt->lh, &formats);
102445 + insert ? pax_list_add((struct list_head *)&fmt->lh, &formats) :
102446 + pax_list_add_tail((struct list_head *)&fmt->lh, &formats);
102447 write_unlock(&binfmt_lock);
102448 }
102449
102450 @@ -88,7 +115,7 @@ EXPORT_SYMBOL(__register_binfmt);
102451 void unregister_binfmt(struct linux_binfmt * fmt)
102452 {
102453 write_lock(&binfmt_lock);
102454 - list_del(&fmt->lh);
102455 + pax_list_del((struct list_head *)&fmt->lh);
102456 write_unlock(&binfmt_lock);
102457 }
102458
102459 @@ -190,22 +217,15 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
102460 int write)
102461 {
102462 struct page *page;
102463 - int ret;
102464
102465 -#ifdef CONFIG_STACK_GROWSUP
102466 - if (write) {
102467 - ret = expand_downwards(bprm->vma, pos);
102468 - if (ret < 0)
102469 - return NULL;
102470 - }
102471 -#endif
102472 + if (0 > expand_downwards(bprm->vma, pos))
102473 + return NULL;
102474 /*
102475 * We are doing an exec(). 'current' is the process
102476 * doing the exec and bprm->mm is the new process's mm.
102477 */
102478 - ret = get_user_pages_remote(current, bprm->mm, pos, 1, write,
102479 - 1, &page, NULL);
102480 - if (ret <= 0)
102481 + if (0 >= get_user_pages_remote(current, bprm->mm, pos, 1, write,
102482 + 1, &page, NULL))
102483 return NULL;
102484
102485 if (write) {
102486 @@ -221,6 +241,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
102487 if (size <= ARG_MAX)
102488 return page;
102489
102490 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
102491 + // only allow 512KB for argv+env on suid/sgid binaries
102492 + // to prevent easy ASLR exhaustion
102493 + if (((!uid_eq(bprm->cred->euid, current_euid())) ||
102494 + (!gid_eq(bprm->cred->egid, current_egid()))) &&
102495 + (size > (512 * 1024))) {
102496 + put_page(page);
102497 + return NULL;
102498 + }
102499 +#endif
102500 +
102501 /*
102502 * Limit to 1/4-th the stack size for the argv+env strings.
102503 * This ensures that:
102504 @@ -279,6 +310,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
102505 vma->vm_end = STACK_TOP_MAX;
102506 vma->vm_start = vma->vm_end - PAGE_SIZE;
102507 vma->vm_flags = VM_SOFTDIRTY | VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP;
102508 +
102509 +#ifdef CONFIG_PAX_SEGMEXEC
102510 + vma->vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
102511 +#endif
102512 +
102513 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
102514 INIT_LIST_HEAD(&vma->anon_vma_chain);
102515
102516 @@ -290,6 +326,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
102517 arch_bprm_mm_init(mm, vma);
102518 up_write(&mm->mmap_sem);
102519 bprm->p = vma->vm_end - sizeof(void *);
102520 +
102521 +#ifdef CONFIG_PAX_RANDUSTACK
102522 + if (randomize_va_space)
102523 + bprm->p ^= prandom_u32() & ~PAGE_MASK;
102524 +#endif
102525 +
102526 return 0;
102527 err:
102528 up_write(&mm->mmap_sem);
102529 @@ -407,7 +449,7 @@ struct user_arg_ptr {
102530 } ptr;
102531 };
102532
102533 -static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr)
102534 +const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr)
102535 {
102536 const char __user *native;
102537
102538 @@ -416,14 +458,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr)
102539 compat_uptr_t compat;
102540
102541 if (get_user(compat, argv.ptr.compat + nr))
102542 - return ERR_PTR(-EFAULT);
102543 + return (const char __force_user *)ERR_PTR(-EFAULT);
102544
102545 return compat_ptr(compat);
102546 }
102547 #endif
102548
102549 if (get_user(native, argv.ptr.native + nr))
102550 - return ERR_PTR(-EFAULT);
102551 + return (const char __force_user *)ERR_PTR(-EFAULT);
102552
102553 return native;
102554 }
102555 @@ -442,7 +484,7 @@ static int count(struct user_arg_ptr argv, int max)
102556 if (!p)
102557 break;
102558
102559 - if (IS_ERR(p))
102560 + if (IS_ERR((const char __force_kernel *)p))
102561 return -EFAULT;
102562
102563 if (i >= max)
102564 @@ -477,7 +519,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv,
102565
102566 ret = -EFAULT;
102567 str = get_user_arg_ptr(argv, argc);
102568 - if (IS_ERR(str))
102569 + if (IS_ERR((const char __force_kernel *)str))
102570 goto out;
102571
102572 len = strnlen_user(str, MAX_ARG_STRLEN);
102573 @@ -559,7 +601,7 @@ int copy_strings_kernel(int argc, const char *const *__argv,
102574 int r;
102575 mm_segment_t oldfs = get_fs();
102576 struct user_arg_ptr argv = {
102577 - .ptr.native = (const char __user *const __user *)__argv,
102578 + .ptr.native = (const char __user * const __force_user *)__argv,
102579 };
102580
102581 set_fs(KERNEL_DS);
102582 @@ -594,7 +636,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
102583 unsigned long new_end = old_end - shift;
102584 struct mmu_gather tlb;
102585
102586 - BUG_ON(new_start > new_end);
102587 + if (new_start >= new_end || new_start < mmap_min_addr)
102588 + return -ENOMEM;
102589
102590 /*
102591 * ensure there are no vmas between where we want to go
102592 @@ -603,6 +646,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
102593 if (vma != find_vma(mm, new_start))
102594 return -EFAULT;
102595
102596 +#ifdef CONFIG_PAX_SEGMEXEC
102597 + BUG_ON(pax_find_mirror_vma(vma));
102598 +#endif
102599 +
102600 /*
102601 * cover the whole range: [new_start, old_end)
102602 */
102603 @@ -680,20 +727,16 @@ int setup_arg_pages(struct linux_binprm *bprm,
102604 stack_base = PAGE_ALIGN(stack_top - stack_base);
102605
102606 stack_shift = vma->vm_start - stack_base;
102607 - mm->arg_start = bprm->p - stack_shift;
102608 + mm->arg_end = mm->arg_start = bprm->p - stack_shift;
102609 bprm->p = vma->vm_end - stack_shift;
102610 #else
102611 stack_top = arch_align_stack(stack_top);
102612 stack_top = PAGE_ALIGN(stack_top);
102613
102614 - if (unlikely(stack_top < mmap_min_addr) ||
102615 - unlikely(vma->vm_end - vma->vm_start >= stack_top - mmap_min_addr))
102616 - return -ENOMEM;
102617 -
102618 stack_shift = vma->vm_end - stack_top;
102619
102620 bprm->p -= stack_shift;
102621 - mm->arg_start = bprm->p;
102622 + mm->arg_end = mm->arg_start = bprm->p;
102623 #endif
102624
102625 if (bprm->loader)
102626 @@ -703,8 +746,27 @@ int setup_arg_pages(struct linux_binprm *bprm,
102627 if (down_write_killable(&mm->mmap_sem))
102628 return -EINTR;
102629
102630 + /* Move stack pages down in memory. */
102631 + if (stack_shift) {
102632 + ret = shift_arg_pages(vma, stack_shift);
102633 + if (ret)
102634 + goto out_unlock;
102635 + }
102636 +
102637 vm_flags = VM_STACK_FLAGS;
102638
102639 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
102640 + if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
102641 + vm_flags &= ~VM_EXEC;
102642 +
102643 +#ifdef CONFIG_PAX_MPROTECT
102644 + if (mm->pax_flags & MF_PAX_MPROTECT)
102645 + vm_flags &= ~VM_MAYEXEC;
102646 +#endif
102647 +
102648 + }
102649 +#endif
102650 +
102651 /*
102652 * Adjust stack execute permissions; explicitly enable for
102653 * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone
102654 @@ -723,13 +785,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
102655 goto out_unlock;
102656 BUG_ON(prev != vma);
102657
102658 - /* Move stack pages down in memory. */
102659 - if (stack_shift) {
102660 - ret = shift_arg_pages(vma, stack_shift);
102661 - if (ret)
102662 - goto out_unlock;
102663 - }
102664 -
102665 /* mprotect_fixup is overkill to remove the temporary stack flags */
102666 vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP;
102667
102668 @@ -753,6 +808,27 @@ int setup_arg_pages(struct linux_binprm *bprm,
102669 #endif
102670 current->mm->start_stack = bprm->p;
102671 ret = expand_stack(vma, stack_base);
102672 +
102673 +#if !defined(CONFIG_STACK_GROWSUP) && defined(CONFIG_PAX_RANDMMAP)
102674 + if (!ret && (mm->pax_flags & MF_PAX_RANDMMAP) && STACK_TOP <= 0xFFFFFFFFU && STACK_TOP > vma->vm_end) {
102675 + unsigned long size;
102676 + vm_flags_t vm_flags;
102677 +
102678 + size = STACK_TOP - vma->vm_end;
102679 + vm_flags = VM_NONE | VM_DONTEXPAND | VM_DONTDUMP;
102680 +
102681 + ret = vma->vm_end != mmap_region(NULL, vma->vm_end, size, vm_flags, 0);
102682 +
102683 +#ifdef CONFIG_X86
102684 + if (!ret) {
102685 + size = PAGE_SIZE + mmap_min_addr + ((mm->delta_mmap ^ mm->delta_stack) & (0xFFUL << PAGE_SHIFT));
102686 + ret = 0 != mmap_region(NULL, 0, PAGE_ALIGN(size), vm_flags, 0);
102687 + }
102688 +#endif
102689 +
102690 + }
102691 +#endif
102692 +
102693 if (ret)
102694 ret = -EFAULT;
102695
102696 @@ -801,6 +877,7 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags)
102697 {
102698 struct file *file;
102699 int err;
102700 + int unsafe_flags = 0;
102701 struct open_flags open_exec_flags = {
102702 .open_flag = O_LARGEFILE | O_RDONLY | __FMODE_EXEC,
102703 .acc_mode = MAY_EXEC,
102704 @@ -826,12 +903,22 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags)
102705 if (path_noexec(&file->f_path))
102706 goto exit;
102707
102708 + if (current->ptrace && !(current->ptrace & PT_PTRACE_CAP))
102709 + unsafe_flags = LSM_UNSAFE_PTRACE;
102710 +
102711 + if (gr_ptrace_readexec(file, unsafe_flags)) {
102712 + err = -EPERM;
102713 + goto exit;
102714 + }
102715 +
102716 err = deny_write_access(file);
102717 if (err)
102718 goto exit;
102719
102720 - if (name->name[0] != '\0')
102721 + if (name->name[0] != '\0') {
102722 fsnotify_open(file);
102723 + trace_open_exec(name->name);
102724 + }
102725
102726 out:
102727 return file;
102728 @@ -861,10 +948,13 @@ int kernel_read(struct file *file, loff_t offset,
102729 loff_t pos = offset;
102730 int result;
102731
102732 + if (count > INT_MAX)
102733 + return -EINVAL;
102734 +
102735 old_fs = get_fs();
102736 set_fs(get_ds());
102737 /* The cast to a user pointer is valid due to the set_fs() */
102738 - result = vfs_read(file, (void __user *)addr, count, &pos);
102739 + result = vfs_read(file, (void __force_user *)addr, count, &pos);
102740 set_fs(old_fs);
102741 return result;
102742 }
102743 @@ -1424,7 +1514,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
102744 }
102745 rcu_read_unlock();
102746
102747 - if (p->fs->users > n_fs)
102748 + if (atomic_read(&p->fs->users) > n_fs)
102749 bprm->unsafe |= LSM_UNSAFE_SHARE;
102750 else
102751 p->fs->in_exec = 1;
102752 @@ -1627,6 +1717,31 @@ static int exec_binprm(struct linux_binprm *bprm)
102753 return ret;
102754 }
102755
102756 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
102757 +static DEFINE_PER_CPU(u64, exec_counter);
102758 +static int __init init_exec_counters(void)
102759 +{
102760 + unsigned int cpu;
102761 +
102762 + for_each_possible_cpu(cpu) {
102763 + per_cpu(exec_counter, cpu) = (u64)cpu;
102764 + }
102765 +
102766 + return 0;
102767 +}
102768 +early_initcall(init_exec_counters);
102769 +static inline void increment_exec_counter(void)
102770 +{
102771 + BUILD_BUG_ON(NR_CPUS > (1 << 16));
102772 + current->exec_id = this_cpu_add_return(exec_counter, 1 << 16);
102773 +}
102774 +#else
102775 +static inline void increment_exec_counter(void) {}
102776 +#endif
102777 +
102778 +extern void gr_handle_exec_args(struct linux_binprm *bprm,
102779 + struct user_arg_ptr argv);
102780 +
102781 /*
102782 * sys_execve() executes a new program.
102783 */
102784 @@ -1635,6 +1750,11 @@ static int do_execveat_common(int fd, struct filename *filename,
102785 struct user_arg_ptr envp,
102786 int flags)
102787 {
102788 +#ifdef CONFIG_GRKERNSEC
102789 + struct file *old_exec_file;
102790 + struct acl_subject_label *old_acl;
102791 + struct rlimit old_rlim[RLIM_NLIMITS];
102792 +#endif
102793 char *pathbuf = NULL;
102794 struct linux_binprm *bprm;
102795 struct file *file;
102796 @@ -1644,6 +1764,8 @@ static int do_execveat_common(int fd, struct filename *filename,
102797 if (IS_ERR(filename))
102798 return PTR_ERR(filename);
102799
102800 + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(&current_user()->processes), 1);
102801 +
102802 /*
102803 * We move the actual failure in case of RLIMIT_NPROC excess from
102804 * set*uid() to execve() because too many poorly written programs
102805 @@ -1707,6 +1829,11 @@ static int do_execveat_common(int fd, struct filename *filename,
102806 }
102807 bprm->interp = bprm->filename;
102808
102809 + if (!gr_acl_handle_execve(file->f_path.dentry, file->f_path.mnt)) {
102810 + retval = -EACCES;
102811 + goto out_unmark;
102812 + }
102813 +
102814 retval = bprm_mm_init(bprm);
102815 if (retval)
102816 goto out_unmark;
102817 @@ -1723,24 +1850,70 @@ static int do_execveat_common(int fd, struct filename *filename,
102818 if (retval < 0)
102819 goto out;
102820
102821 +#ifdef CONFIG_GRKERNSEC
102822 + old_acl = current->acl;
102823 + memcpy(old_rlim, current->signal->rlim, sizeof(old_rlim));
102824 + old_exec_file = current->exec_file;
102825 + get_file(file);
102826 + current->exec_file = file;
102827 +#endif
102828 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
102829 + /* limit suid stack to 8MB
102830 + * we saved the old limits above and will restore them if this exec fails
102831 + */
102832 + if (((!uid_eq(bprm->cred->euid, current_euid())) || (!gid_eq(bprm->cred->egid, current_egid()))) &&
102833 + (old_rlim[RLIMIT_STACK].rlim_cur > (8 * 1024 * 1024)))
102834 + current->signal->rlim[RLIMIT_STACK].rlim_cur = 8 * 1024 * 1024;
102835 +#endif
102836 +
102837 + if (gr_process_kernel_exec_ban() || gr_process_sugid_exec_ban(bprm)) {
102838 + retval = -EPERM;
102839 + goto out_fail;
102840 + }
102841 +
102842 + if (!gr_tpe_allow(file)) {
102843 + retval = -EACCES;
102844 + goto out_fail;
102845 + }
102846 +
102847 + if (gr_check_crash_exec(file)) {
102848 + retval = -EACCES;
102849 + goto out_fail;
102850 + }
102851 +
102852 + retval = gr_set_proc_label(file->f_path.dentry, file->f_path.mnt,
102853 + bprm->unsafe);
102854 + if (retval < 0)
102855 + goto out_fail;
102856 +
102857 retval = copy_strings_kernel(1, &bprm->filename, bprm);
102858 if (retval < 0)
102859 - goto out;
102860 + goto out_fail;
102861
102862 bprm->exec = bprm->p;
102863 retval = copy_strings(bprm->envc, envp, bprm);
102864 if (retval < 0)
102865 - goto out;
102866 + goto out_fail;
102867
102868 retval = copy_strings(bprm->argc, argv, bprm);
102869 if (retval < 0)
102870 - goto out;
102871 + goto out_fail;
102872 +
102873 + gr_log_chroot_exec(file->f_path.dentry, file->f_path.mnt);
102874 +
102875 + gr_handle_exec_args(bprm, argv);
102876
102877 retval = exec_binprm(bprm);
102878 if (retval < 0)
102879 - goto out;
102880 + goto out_fail;
102881 +#ifdef CONFIG_GRKERNSEC
102882 + if (old_exec_file)
102883 + fput(old_exec_file);
102884 +#endif
102885
102886 /* execve succeeded */
102887 +
102888 + increment_exec_counter();
102889 current->fs->in_exec = 0;
102890 current->in_execve = 0;
102891 acct_update_integrals(current);
102892 @@ -1752,6 +1925,14 @@ static int do_execveat_common(int fd, struct filename *filename,
102893 put_files_struct(displaced);
102894 return retval;
102895
102896 +out_fail:
102897 +#ifdef CONFIG_GRKERNSEC
102898 + current->acl = old_acl;
102899 + memcpy(current->signal->rlim, old_rlim, sizeof(old_rlim));
102900 + fput(current->exec_file);
102901 + current->exec_file = old_exec_file;
102902 +#endif
102903 +
102904 out:
102905 if (bprm->mm) {
102906 acct_arg_size(bprm, 0);
102907 @@ -1898,3 +2079,194 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
102908 argv, envp, flags);
102909 }
102910 #endif
102911 +
102912 +int pax_check_flags(unsigned long *flags)
102913 +{
102914 + int retval = 0;
102915 +
102916 +#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_SEGMEXEC)
102917 + if (*flags & MF_PAX_SEGMEXEC)
102918 + {
102919 + *flags &= ~MF_PAX_SEGMEXEC;
102920 + retval = -EINVAL;
102921 + }
102922 +#endif
102923 +
102924 + if ((*flags & MF_PAX_PAGEEXEC)
102925 +
102926 +#ifdef CONFIG_PAX_PAGEEXEC
102927 + && (*flags & MF_PAX_SEGMEXEC)
102928 +#endif
102929 +
102930 + )
102931 + {
102932 + *flags &= ~MF_PAX_PAGEEXEC;
102933 + retval = -EINVAL;
102934 + }
102935 +
102936 + if ((*flags & MF_PAX_MPROTECT)
102937 +
102938 +#ifdef CONFIG_PAX_MPROTECT
102939 + && !(*flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC))
102940 +#endif
102941 +
102942 + )
102943 + {
102944 + *flags &= ~MF_PAX_MPROTECT;
102945 + retval = -EINVAL;
102946 + }
102947 +
102948 + if ((*flags & MF_PAX_EMUTRAMP)
102949 +
102950 +#ifdef CONFIG_PAX_EMUTRAMP
102951 + && !(*flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC))
102952 +#endif
102953 +
102954 + )
102955 + {
102956 + *flags &= ~MF_PAX_EMUTRAMP;
102957 + retval = -EINVAL;
102958 + }
102959 +
102960 + return retval;
102961 +}
102962 +
102963 +EXPORT_SYMBOL(pax_check_flags);
102964 +
102965 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
102966 +char *pax_get_path(const struct path *path, char *buf, int buflen)
102967 +{
102968 + char *pathname = d_path(path, buf, buflen);
102969 +
102970 + if (IS_ERR(pathname))
102971 + goto toolong;
102972 +
102973 + pathname = mangle_path(buf, pathname, "\t\n\\");
102974 + if (!pathname)
102975 + goto toolong;
102976 +
102977 + *pathname = 0;
102978 + return buf;
102979 +
102980 +toolong:
102981 + return "<path too long>";
102982 +}
102983 +EXPORT_SYMBOL(pax_get_path);
102984 +
102985 +void pax_report_fault(struct pt_regs *regs, void *pc, void *sp)
102986 +{
102987 + struct task_struct *tsk = current;
102988 + struct mm_struct *mm = current->mm;
102989 + char *buffer_exec = (char *)__get_free_page(GFP_KERNEL);
102990 + char *buffer_fault = (char *)__get_free_page(GFP_KERNEL);
102991 + char *path_exec = NULL;
102992 + char *path_fault = NULL;
102993 + unsigned long start = 0UL, end = 0UL, offset = 0UL;
102994 + siginfo_t info = { };
102995 +
102996 + if (buffer_exec && buffer_fault) {
102997 + struct vm_area_struct *vma, *vma_exec = NULL, *vma_fault = NULL;
102998 +
102999 + down_read(&mm->mmap_sem);
103000 + vma = mm->mmap;
103001 + while (vma && (!vma_exec || !vma_fault)) {
103002 + if (vma->vm_file && mm->exe_file == vma->vm_file && (vma->vm_flags & VM_EXEC))
103003 + vma_exec = vma;
103004 + if (vma->vm_start <= (unsigned long)pc && (unsigned long)pc < vma->vm_end)
103005 + vma_fault = vma;
103006 + vma = vma->vm_next;
103007 + }
103008 + if (vma_exec)
103009 + path_exec = pax_get_path(&vma_exec->vm_file->f_path, buffer_exec, PAGE_SIZE);
103010 + if (vma_fault) {
103011 + start = vma_fault->vm_start;
103012 + end = vma_fault->vm_end;
103013 + offset = vma_fault->vm_pgoff << PAGE_SHIFT;
103014 + if (vma_fault->vm_file)
103015 + path_fault = pax_get_path(&vma_fault->vm_file->f_path, buffer_fault, PAGE_SIZE);
103016 + else if ((unsigned long)pc >= mm->start_brk && (unsigned long)pc < mm->brk)
103017 + path_fault = "<heap>";
103018 + else if (vma_fault->vm_flags & (VM_GROWSDOWN | VM_GROWSUP))
103019 + path_fault = "<stack>";
103020 + else
103021 + path_fault = "<anonymous mapping>";
103022 + }
103023 + up_read(&mm->mmap_sem);
103024 + }
103025 + if (tsk->signal->curr_ip)
103026 + printk(KERN_ERR "PAX: From %pI4: execution attempt in: %s, %08lx-%08lx %08lx\n", &tsk->signal->curr_ip, path_fault, start, end, offset);
103027 + else
103028 + printk(KERN_ERR "PAX: execution attempt in: %s, %08lx-%08lx %08lx\n", path_fault, start, end, offset);
103029 + printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, PC: %p, SP: %p\n", path_exec, tsk->comm, task_pid_nr(tsk),
103030 + from_kuid_munged(&init_user_ns, task_uid(tsk)), from_kuid_munged(&init_user_ns, task_euid(tsk)), pc, sp);
103031 + free_page((unsigned long)buffer_exec);
103032 + free_page((unsigned long)buffer_fault);
103033 + pax_report_insns(regs, pc, sp);
103034 + info.si_signo = SIGKILL;
103035 + info.si_errno = 0;
103036 + info.si_code = SI_KERNEL;
103037 + info.si_pid = 0;
103038 + info.si_uid = 0;
103039 + do_coredump(&info);
103040 +}
103041 +#endif
103042 +
103043 +#ifdef CONFIG_PAX_REFCOUNT
103044 +static DEFINE_RATELIMIT_STATE(refcount_ratelimit, 15 * HZ, 3);
103045 +
103046 +void pax_report_refcount_error(struct pt_regs *regs, const char *kind)
103047 +{
103048 + do_send_sig_info(SIGKILL, SEND_SIG_FORCED, current, true);
103049 +
103050 + if (!__ratelimit(&refcount_ratelimit))
103051 + return;
103052 +
103053 + if (current->signal->curr_ip)
103054 + pr_emerg("PAX: From %pI4: %s detected in: %s:%d, uid/euid: %u/%u\n",
103055 + &current->signal->curr_ip,
103056 + kind ? kind : "refcount error",
103057 + current->comm, task_pid_nr(current),
103058 + from_kuid_munged(&init_user_ns, current_uid()),
103059 + from_kuid_munged(&init_user_ns, current_euid()));
103060 + else
103061 + pr_emerg("PAX: %s detected in: %s:%d, uid/euid: %u/%u\n",
103062 + kind ? kind : "refcount error",
103063 + current->comm, task_pid_nr(current),
103064 + from_kuid_munged(&init_user_ns, current_uid()),
103065 + from_kuid_munged(&init_user_ns, current_euid()));
103066 + print_symbol(KERN_EMERG "PAX: refcount error occured at: %s\n", instruction_pointer(regs));
103067 + preempt_disable();
103068 + show_regs(regs);
103069 + preempt_enable();
103070 +}
103071 +#endif
103072 +
103073 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK
103074 +void __used pax_track_stack(void)
103075 +{
103076 + unsigned long sp = (unsigned long)&sp;
103077 + if (sp < current_thread_info()->lowest_stack &&
103078 + sp >= (unsigned long)task_stack_page(current) + 2 * sizeof(unsigned long))
103079 + current_thread_info()->lowest_stack = sp;
103080 + if (unlikely((sp & ~(THREAD_SIZE - 1)) < (THREAD_SIZE/16)))
103081 + BUG();
103082 +}
103083 +EXPORT_SYMBOL(pax_track_stack);
103084 +#endif
103085 +
103086 +#ifdef CONFIG_PAX_SIZE_OVERFLOW
103087 +static DEFINE_RATELIMIT_STATE(size_overflow_ratelimit, 15 * HZ, 3);
103088 +extern bool pax_size_overflow_report_only;
103089 +
103090 +void __nocapture(1, 3, 4) __used report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name)
103091 +{
103092 + if (!pax_size_overflow_report_only || __ratelimit(&size_overflow_ratelimit)) {
103093 + pr_emerg("PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name);
103094 + dump_stack();
103095 + }
103096 +
103097 + if (!pax_size_overflow_report_only)
103098 + do_group_exit(SIGKILL);
103099 +}
103100 +EXPORT_SYMBOL(report_size_overflow);
103101 +#endif
103102 diff --git a/fs/exofs/inode.c b/fs/exofs/inode.c
103103 index 9dc4c6d..ed7c0e7 100644
103104 --- a/fs/exofs/inode.c
103105 +++ b/fs/exofs/inode.c
103106 @@ -470,6 +470,11 @@ fail:
103107 return ret;
103108 }
103109
103110 +static int readpage_filler(struct file *data, struct page *page)
103111 +{
103112 + return readpage_strip(data, page);
103113 +}
103114 +
103115 static int exofs_readpages(struct file *file, struct address_space *mapping,
103116 struct list_head *pages, unsigned nr_pages)
103117 {
103118 @@ -478,7 +483,7 @@ static int exofs_readpages(struct file *file, struct address_space *mapping,
103119
103120 _pcol_init(&pcol, nr_pages, mapping->host);
103121
103122 - ret = read_cache_pages(mapping, pages, readpage_strip, &pcol);
103123 + ret = read_cache_pages(mapping, pages, readpage_filler, &pcol);
103124 if (ret) {
103125 EXOFS_ERR("read_cache_pages => %d\n", ret);
103126 return ret;
103127 diff --git a/fs/exofs/super.c b/fs/exofs/super.c
103128 index 1076a42..54faf08 100644
103129 --- a/fs/exofs/super.c
103130 +++ b/fs/exofs/super.c
103131 @@ -192,10 +192,11 @@ static void exofs_init_once(void *foo)
103132 */
103133 static int init_inodecache(void)
103134 {
103135 - exofs_inode_cachep = kmem_cache_create("exofs_inode_cache",
103136 + exofs_inode_cachep = kmem_cache_create_usercopy("exofs_inode_cache",
103137 sizeof(struct exofs_i_info), 0,
103138 SLAB_RECLAIM_ACCOUNT | SLAB_MEM_SPREAD |
103139 - SLAB_ACCOUNT, exofs_init_once);
103140 + SLAB_ACCOUNT, offsetof(struct exofs_i_info, i_data),
103141 + sizeof(((struct exofs_i_info *)0)->i_data), exofs_init_once);
103142 if (exofs_inode_cachep == NULL)
103143 return -ENOMEM;
103144 return 0;
103145 diff --git a/fs/ext2/balloc.c b/fs/ext2/balloc.c
103146 index 4c40c07..7345640 100644
103147 --- a/fs/ext2/balloc.c
103148 +++ b/fs/ext2/balloc.c
103149 @@ -1184,10 +1184,10 @@ static int ext2_has_free_blocks(struct ext2_sb_info *sbi)
103150
103151 free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
103152 root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count);
103153 - if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) &&
103154 + if (free_blocks < root_blocks + 1 &&
103155 !uid_eq(sbi->s_resuid, current_fsuid()) &&
103156 (gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) ||
103157 - !in_group_p (sbi->s_resgid))) {
103158 + !in_group_p (sbi->s_resgid)) && !capable_nolog(CAP_SYS_RESOURCE)) {
103159 return 0;
103160 }
103161 return 1;
103162 diff --git a/fs/ext2/super.c b/fs/ext2/super.c
103163 index 1d93795..dbb5a08 100644
103164 --- a/fs/ext2/super.c
103165 +++ b/fs/ext2/super.c
103166 @@ -203,10 +203,12 @@ static void init_once(void *foo)
103167
103168 static int __init init_inodecache(void)
103169 {
103170 - ext2_inode_cachep = kmem_cache_create("ext2_inode_cache",
103171 + ext2_inode_cachep = kmem_cache_create_usercopy("ext2_inode_cache",
103172 sizeof(struct ext2_inode_info),
103173 0, (SLAB_RECLAIM_ACCOUNT|
103174 SLAB_MEM_SPREAD|SLAB_ACCOUNT),
103175 + offsetof(struct ext2_inode_info, i_data),
103176 + sizeof(((struct ext2_inode_info *)0)->i_data),
103177 init_once);
103178 if (ext2_inode_cachep == NULL)
103179 return -ENOMEM;
103180 @@ -273,10 +275,8 @@ static int ext2_show_options(struct seq_file *seq, struct dentry *root)
103181 #ifdef CONFIG_EXT2_FS_XATTR
103182 if (test_opt(sb, XATTR_USER))
103183 seq_puts(seq, ",user_xattr");
103184 - if (!test_opt(sb, XATTR_USER) &&
103185 - (def_mount_opts & EXT2_DEFM_XATTR_USER)) {
103186 + if (!test_opt(sb, XATTR_USER))
103187 seq_puts(seq, ",nouser_xattr");
103188 - }
103189 #endif
103190
103191 #ifdef CONFIG_EXT2_FS_POSIX_ACL
103192 @@ -864,8 +864,8 @@ static int ext2_fill_super(struct super_block *sb, void *data, int silent)
103193 if (def_mount_opts & EXT2_DEFM_UID16)
103194 set_opt(sbi->s_mount_opt, NO_UID32);
103195 #ifdef CONFIG_EXT2_FS_XATTR
103196 - if (def_mount_opts & EXT2_DEFM_XATTR_USER)
103197 - set_opt(sbi->s_mount_opt, XATTR_USER);
103198 + /* always enable user xattrs */
103199 + set_opt(sbi->s_mount_opt, XATTR_USER);
103200 #endif
103201 #ifdef CONFIG_EXT2_FS_POSIX_ACL
103202 if (def_mount_opts & EXT2_DEFM_ACL)
103203 diff --git a/fs/ext2/xattr.c b/fs/ext2/xattr.c
103204 index b7f896f..61d52fe 100644
103205 --- a/fs/ext2/xattr.c
103206 +++ b/fs/ext2/xattr.c
103207 @@ -244,7 +244,7 @@ ext2_xattr_list(struct dentry *dentry, char *buffer, size_t buffer_size)
103208 struct buffer_head *bh = NULL;
103209 struct ext2_xattr_entry *entry;
103210 char *end;
103211 - size_t rest = buffer_size;
103212 + size_t rest = buffer_size, total_size = 0;
103213 int error;
103214 struct mb_cache *ext2_mb_cache = EXT2_SB(inode->i_sb)->s_mb_cache;
103215
103216 @@ -307,9 +307,10 @@ bad_block: ext2_error(inode->i_sb, "ext2_xattr_list",
103217 *buffer++ = 0;
103218 }
103219 rest -= size;
103220 + total_size += size;
103221 }
103222 }
103223 - error = buffer_size - rest; /* total size */
103224 + error = total_size;
103225
103226 cleanup:
103227 brelse(bh);
103228 diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
103229 index e04ec86..953c3e6 100644
103230 --- a/fs/ext4/balloc.c
103231 +++ b/fs/ext4/balloc.c
103232 @@ -566,8 +566,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
103233 /* Hm, nope. Are (enough) root reserved clusters available? */
103234 if (uid_eq(sbi->s_resuid, current_fsuid()) ||
103235 (!gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) && in_group_p(sbi->s_resgid)) ||
103236 - capable(CAP_SYS_RESOURCE) ||
103237 - (flags & EXT4_MB_USE_ROOT_BLOCKS)) {
103238 + (flags & EXT4_MB_USE_ROOT_BLOCKS) ||
103239 + capable_nolog(CAP_SYS_RESOURCE)) {
103240
103241 if (free_clusters >= (nclusters + dirty_clusters +
103242 resv_clusters))
103243 diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
103244 index ea31931..2e49089 100644
103245 --- a/fs/ext4/ext4.h
103246 +++ b/fs/ext4/ext4.h
103247 @@ -1439,19 +1439,19 @@ struct ext4_sb_info {
103248 unsigned long s_mb_last_start;
103249
103250 /* stats for buddy allocator */
103251 - atomic_t s_bal_reqs; /* number of reqs with len > 1 */
103252 - atomic_t s_bal_success; /* we found long enough chunks */
103253 - atomic_t s_bal_allocated; /* in blocks */
103254 - atomic_t s_bal_ex_scanned; /* total extents scanned */
103255 - atomic_t s_bal_goals; /* goal hits */
103256 - atomic_t s_bal_breaks; /* too long searches */
103257 - atomic_t s_bal_2orders; /* 2^order hits */
103258 + atomic_unchecked_t s_bal_reqs; /* number of reqs with len > 1 */
103259 + atomic_unchecked_t s_bal_success; /* we found long enough chunks */
103260 + atomic_unchecked_t s_bal_allocated; /* in blocks */
103261 + atomic_unchecked_t s_bal_ex_scanned; /* total extents scanned */
103262 + atomic_unchecked_t s_bal_goals; /* goal hits */
103263 + atomic_unchecked_t s_bal_breaks; /* too long searches */
103264 + atomic_unchecked_t s_bal_2orders; /* 2^order hits */
103265 spinlock_t s_bal_lock;
103266 unsigned long s_mb_buddies_generated;
103267 unsigned long long s_mb_generation_time;
103268 - atomic_t s_mb_lost_chunks;
103269 - atomic_t s_mb_preallocated;
103270 - atomic_t s_mb_discarded;
103271 + atomic_unchecked_t s_mb_lost_chunks;
103272 + atomic_unchecked_t s_mb_preallocated;
103273 + atomic_unchecked_t s_mb_discarded;
103274 atomic_t s_lock_busy;
103275
103276 /* locality groups */
103277 diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
103278 index 7f69347..7fb5e14 100644
103279 --- a/fs/ext4/extents.c
103280 +++ b/fs/ext4/extents.c
103281 @@ -876,7 +876,7 @@ ext4_find_extent(struct inode *inode, ext4_lblk_t block,
103282 struct ext4_extent_header *eh;
103283 struct buffer_head *bh;
103284 struct ext4_ext_path *path = orig_path ? *orig_path : NULL;
103285 - short int depth, i, ppos = 0;
103286 + int depth, i, ppos = 0;
103287 int ret;
103288
103289 eh = ext_inode_hdr(inode);
103290 diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
103291 index f418f55..1c38f23 100644
103292 --- a/fs/ext4/mballoc.c
103293 +++ b/fs/ext4/mballoc.c
103294 @@ -1921,7 +1921,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
103295 BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len);
103296
103297 if (EXT4_SB(sb)->s_mb_stats)
103298 - atomic_inc(&EXT4_SB(sb)->s_bal_2orders);
103299 + atomic_inc_unchecked(&EXT4_SB(sb)->s_bal_2orders);
103300
103301 break;
103302 }
103303 @@ -2244,7 +2244,7 @@ repeat:
103304 ac->ac_status = AC_STATUS_CONTINUE;
103305 ac->ac_flags |= EXT4_MB_HINT_FIRST;
103306 cr = 3;
103307 - atomic_inc(&sbi->s_mb_lost_chunks);
103308 + atomic_inc_unchecked(&sbi->s_mb_lost_chunks);
103309 goto repeat;
103310 }
103311 }
103312 @@ -2743,25 +2743,25 @@ int ext4_mb_release(struct super_block *sb)
103313 if (sbi->s_mb_stats) {
103314 ext4_msg(sb, KERN_INFO,
103315 "mballoc: %u blocks %u reqs (%u success)",
103316 - atomic_read(&sbi->s_bal_allocated),
103317 - atomic_read(&sbi->s_bal_reqs),
103318 - atomic_read(&sbi->s_bal_success));
103319 + atomic_read_unchecked(&sbi->s_bal_allocated),
103320 + atomic_read_unchecked(&sbi->s_bal_reqs),
103321 + atomic_read_unchecked(&sbi->s_bal_success));
103322 ext4_msg(sb, KERN_INFO,
103323 "mballoc: %u extents scanned, %u goal hits, "
103324 "%u 2^N hits, %u breaks, %u lost",
103325 - atomic_read(&sbi->s_bal_ex_scanned),
103326 - atomic_read(&sbi->s_bal_goals),
103327 - atomic_read(&sbi->s_bal_2orders),
103328 - atomic_read(&sbi->s_bal_breaks),
103329 - atomic_read(&sbi->s_mb_lost_chunks));
103330 + atomic_read_unchecked(&sbi->s_bal_ex_scanned),
103331 + atomic_read_unchecked(&sbi->s_bal_goals),
103332 + atomic_read_unchecked(&sbi->s_bal_2orders),
103333 + atomic_read_unchecked(&sbi->s_bal_breaks),
103334 + atomic_read_unchecked(&sbi->s_mb_lost_chunks));
103335 ext4_msg(sb, KERN_INFO,
103336 "mballoc: %lu generated and it took %Lu",
103337 sbi->s_mb_buddies_generated,
103338 sbi->s_mb_generation_time);
103339 ext4_msg(sb, KERN_INFO,
103340 "mballoc: %u preallocated, %u discarded",
103341 - atomic_read(&sbi->s_mb_preallocated),
103342 - atomic_read(&sbi->s_mb_discarded));
103343 + atomic_read_unchecked(&sbi->s_mb_preallocated),
103344 + atomic_read_unchecked(&sbi->s_mb_discarded));
103345 }
103346
103347 free_percpu(sbi->s_locality_groups);
103348 @@ -3222,16 +3222,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
103349 struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb);
103350
103351 if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) {
103352 - atomic_inc(&sbi->s_bal_reqs);
103353 - atomic_add(ac->ac_b_ex.fe_len, &sbi->s_bal_allocated);
103354 + atomic_inc_unchecked(&sbi->s_bal_reqs);
103355 + atomic_add_unchecked(ac->ac_b_ex.fe_len, &sbi->s_bal_allocated);
103356 if (ac->ac_b_ex.fe_len >= ac->ac_o_ex.fe_len)
103357 - atomic_inc(&sbi->s_bal_success);
103358 - atomic_add(ac->ac_found, &sbi->s_bal_ex_scanned);
103359 + atomic_inc_unchecked(&sbi->s_bal_success);
103360 + atomic_add_unchecked(ac->ac_found, &sbi->s_bal_ex_scanned);
103361 if (ac->ac_g_ex.fe_start == ac->ac_b_ex.fe_start &&
103362 ac->ac_g_ex.fe_group == ac->ac_b_ex.fe_group)
103363 - atomic_inc(&sbi->s_bal_goals);
103364 + atomic_inc_unchecked(&sbi->s_bal_goals);
103365 if (ac->ac_found > sbi->s_mb_max_to_scan)
103366 - atomic_inc(&sbi->s_bal_breaks);
103367 + atomic_inc_unchecked(&sbi->s_bal_breaks);
103368 }
103369
103370 if (ac->ac_op == EXT4_MB_HISTORY_ALLOC)
103371 @@ -3658,7 +3658,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
103372 trace_ext4_mb_new_inode_pa(ac, pa);
103373
103374 ext4_mb_use_inode_pa(ac, pa);
103375 - atomic_add(pa->pa_free, &sbi->s_mb_preallocated);
103376 + atomic_add_unchecked(pa->pa_free, &sbi->s_mb_preallocated);
103377
103378 ei = EXT4_I(ac->ac_inode);
103379 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
103380 @@ -3718,7 +3718,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
103381 trace_ext4_mb_new_group_pa(ac, pa);
103382
103383 ext4_mb_use_group_pa(ac, pa);
103384 - atomic_add(pa->pa_free, &EXT4_SB(sb)->s_mb_preallocated);
103385 + atomic_add_unchecked(pa->pa_free, &EXT4_SB(sb)->s_mb_preallocated);
103386
103387 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
103388 lg = ac->ac_lg;
103389 @@ -3807,7 +3807,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
103390 * from the bitmap and continue.
103391 */
103392 }
103393 - atomic_add(free, &sbi->s_mb_discarded);
103394 + atomic_add_unchecked(free, &sbi->s_mb_discarded);
103395
103396 return err;
103397 }
103398 @@ -3825,7 +3825,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
103399 ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit);
103400 BUG_ON(group != e4b->bd_group && pa->pa_len != 0);
103401 mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len);
103402 - atomic_add(pa->pa_len, &EXT4_SB(sb)->s_mb_discarded);
103403 + atomic_add_unchecked(pa->pa_len, &EXT4_SB(sb)->s_mb_discarded);
103404 trace_ext4_mballoc_discard(sb, NULL, group, bit, pa->pa_len);
103405
103406 return 0;
103407 diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
103408 index cf68100..f96c5c0 100644
103409 --- a/fs/ext4/resize.c
103410 +++ b/fs/ext4/resize.c
103411 @@ -413,7 +413,7 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle,
103412
103413 ext4_debug("mark blocks [%llu/%u] used\n", block, count);
103414 for (count2 = count; count > 0; count -= count2, block += count2) {
103415 - ext4_fsblk_t start;
103416 + ext4_fsblk_t start, diff;
103417 struct buffer_head *bh;
103418 ext4_group_t group;
103419 int err;
103420 @@ -422,10 +422,6 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle,
103421 start = ext4_group_first_block_no(sb, group);
103422 group -= flex_gd->groups[0].group;
103423
103424 - count2 = EXT4_BLOCKS_PER_GROUP(sb) - (block - start);
103425 - if (count2 > count)
103426 - count2 = count;
103427 -
103428 if (flex_gd->bg_flags[group] & EXT4_BG_BLOCK_UNINIT) {
103429 BUG_ON(flex_gd->count > 1);
103430 continue;
103431 @@ -443,9 +439,15 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle,
103432 err = ext4_journal_get_write_access(handle, bh);
103433 if (err)
103434 return err;
103435 +
103436 + diff = block - start;
103437 + count2 = EXT4_BLOCKS_PER_GROUP(sb) - diff;
103438 + if (count2 > count)
103439 + count2 = count;
103440 +
103441 ext4_debug("mark block bitmap %#04llx (+%llu/%u)\n", block,
103442 - block - start, count2);
103443 - ext4_set_bits(bh->b_data, block - start, count2);
103444 + diff, count2);
103445 + ext4_set_bits(bh->b_data, diff, count2);
103446
103447 err = ext4_handle_dirty_metadata(handle, NULL, bh);
103448 if (unlikely(err))
103449 diff --git a/fs/ext4/super.c b/fs/ext4/super.c
103450 index 3ec8708..f39299c 100644
103451 --- a/fs/ext4/super.c
103452 +++ b/fs/ext4/super.c
103453 @@ -989,10 +989,12 @@ static void init_once(void *foo)
103454
103455 static int __init init_inodecache(void)
103456 {
103457 - ext4_inode_cachep = kmem_cache_create("ext4_inode_cache",
103458 + ext4_inode_cachep = kmem_cache_create_usercopy("ext4_inode_cache",
103459 sizeof(struct ext4_inode_info),
103460 0, (SLAB_RECLAIM_ACCOUNT|
103461 SLAB_MEM_SPREAD|SLAB_ACCOUNT),
103462 + offsetof(struct ext4_inode_info, i_data),
103463 + sizeof(((struct ext4_inode_info *)0)->i_data),
103464 init_once);
103465 if (ext4_inode_cachep == NULL)
103466 return -ENOMEM;
103467 @@ -1387,7 +1389,7 @@ static ext4_fsblk_t get_sb_block(void **data)
103468 }
103469
103470 #define DEFAULT_JOURNAL_IOPRIO (IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 3))
103471 -static char deprecated_msg[] = "Mount option \"%s\" will be removed by %s\n"
103472 +static const char deprecated_msg[] = "Mount option \"%s\" will be removed by %s\n"
103473 "Contact linux-ext4@vger.kernel.org if you think we should keep it.\n";
103474
103475 #ifdef CONFIG_QUOTA
103476 diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
103477 index 42145be..1f1db90 100644
103478 --- a/fs/ext4/sysfs.c
103479 +++ b/fs/ext4/sysfs.c
103480 @@ -45,7 +45,7 @@ struct ext4_attr {
103481 int offset;
103482 void *explicit_ptr;
103483 } u;
103484 -};
103485 +} __do_const;
103486
103487 static ssize_t session_write_kbytes_show(struct ext4_attr *a,
103488 struct ext4_sb_info *sbi, char *buf)
103489 diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
103490 index 2eb935c..2fda99e 100644
103491 --- a/fs/ext4/xattr.c
103492 +++ b/fs/ext4/xattr.c
103493 @@ -418,7 +418,7 @@ static int
103494 ext4_xattr_list_entries(struct dentry *dentry, struct ext4_xattr_entry *entry,
103495 char *buffer, size_t buffer_size)
103496 {
103497 - size_t rest = buffer_size;
103498 + size_t rest = buffer_size, total_size = 0;
103499
103500 for (; !IS_LAST_ENTRY(entry); entry = EXT4_XATTR_NEXT(entry)) {
103501 const struct xattr_handler *handler =
103502 @@ -439,9 +439,10 @@ ext4_xattr_list_entries(struct dentry *dentry, struct ext4_xattr_entry *entry,
103503 *buffer++ = 0;
103504 }
103505 rest -= size;
103506 + total_size += size;
103507 }
103508 }
103509 - return buffer_size - rest; /* total size */
103510 + return total_size;
103511 }
103512
103513 static int
103514 diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
103515 index 14f5fe2..ec3b8ad 100644
103516 --- a/fs/f2fs/f2fs.h
103517 +++ b/fs/f2fs/f2fs.h
103518 @@ -50,7 +50,7 @@ enum {
103519 };
103520
103521 struct f2fs_fault_info {
103522 - atomic_t inject_ops;
103523 + atomic_unchecked_t inject_ops;
103524 unsigned int inject_rate;
103525 unsigned int inject_type;
103526 };
103527 @@ -78,9 +78,8 @@ static inline bool time_to_inject(int type)
103528 else if (type == FAULT_EVICT_INODE && !IS_FAULT_SET(type))
103529 return false;
103530
103531 - atomic_inc(&f2fs_fault.inject_ops);
103532 - if (atomic_read(&f2fs_fault.inject_ops) >= f2fs_fault.inject_rate) {
103533 - atomic_set(&f2fs_fault.inject_ops, 0);
103534 + if (atomic_inc_return_unchecked(&f2fs_fault.inject_ops) >= f2fs_fault.inject_rate) {
103535 + atomic_set_unchecked(&f2fs_fault.inject_ops, 0);
103536 printk("%sF2FS-fs : inject %s in %pF\n",
103537 KERN_INFO,
103538 fault_name[type],
103539 diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
103540 index 7f863a6..74c873f 100644
103541 --- a/fs/f2fs/super.c
103542 +++ b/fs/f2fs/super.c
103543 @@ -55,7 +55,7 @@ char *fault_name[FAULT_MAX] = {
103544 static void f2fs_build_fault_attr(unsigned int rate)
103545 {
103546 if (rate) {
103547 - atomic_set(&f2fs_fault.inject_ops, 0);
103548 + atomic_set_unchecked(&f2fs_fault.inject_ops, 0);
103549 f2fs_fault.inject_rate = rate;
103550 f2fs_fault.inject_type = (1 << FAULT_MAX) - 1;
103551 } else {
103552 diff --git a/fs/fcntl.c b/fs/fcntl.c
103553 index 350a2c8..9fb9bf7 100644
103554 --- a/fs/fcntl.c
103555 +++ b/fs/fcntl.c
103556 @@ -103,6 +103,10 @@ void __f_setown(struct file *filp, struct pid *pid, enum pid_type type,
103557 int force)
103558 {
103559 security_file_set_fowner(filp);
103560 + if (gr_handle_chroot_fowner(pid, type))
103561 + return;
103562 + if (gr_check_protected_task_fowner(pid, type))
103563 + return;
103564 f_modown(filp, pid, type, force);
103565 }
103566 EXPORT_SYMBOL(__f_setown);
103567 diff --git a/fs/fhandle.c b/fs/fhandle.c
103568 index ca3c3dd..0c5456e 100644
103569 --- a/fs/fhandle.c
103570 +++ b/fs/fhandle.c
103571 @@ -8,6 +8,7 @@
103572 #include <linux/fs_struct.h>
103573 #include <linux/fsnotify.h>
103574 #include <linux/personality.h>
103575 +#include <linux/grsecurity.h>
103576 #include <asm/uaccess.h>
103577 #include "internal.h"
103578 #include "mount.h"
103579 @@ -67,8 +68,7 @@ static long do_sys_name_to_handle(struct path *path,
103580 } else
103581 retval = 0;
103582 /* copy the mount id */
103583 - if (copy_to_user(mnt_id, &real_mount(path->mnt)->mnt_id,
103584 - sizeof(*mnt_id)) ||
103585 + if (put_user(real_mount(path->mnt)->mnt_id, mnt_id) ||
103586 copy_to_user(ufh, handle,
103587 sizeof(struct file_handle) + handle_bytes))
103588 retval = -EFAULT;
103589 @@ -175,7 +175,7 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh,
103590 * the directory. Ideally we would like CAP_DAC_SEARCH.
103591 * But we don't have that
103592 */
103593 - if (!capable(CAP_DAC_READ_SEARCH)) {
103594 + if (!capable(CAP_DAC_READ_SEARCH) || !gr_chroot_fhandle()) {
103595 retval = -EPERM;
103596 goto out_err;
103597 }
103598 @@ -197,7 +197,7 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh,
103599 /* copy the full handle */
103600 *handle = f_handle;
103601 if (copy_from_user(&handle->f_handle,
103602 - &ufh->f_handle,
103603 + ufh->f_handle,
103604 f_handle.handle_bytes)) {
103605 retval = -EFAULT;
103606 goto out_handle;
103607 diff --git a/fs/file.c b/fs/file.c
103608 index 6b1acdf..b908eba 100644
103609 --- a/fs/file.c
103610 +++ b/fs/file.c
103611 @@ -16,6 +16,7 @@
103612 #include <linux/slab.h>
103613 #include <linux/vmalloc.h>
103614 #include <linux/file.h>
103615 +#include <linux/security.h>
103616 #include <linux/fdtable.h>
103617 #include <linux/bitops.h>
103618 #include <linux/interrupt.h>
103619 @@ -163,9 +164,10 @@ out:
103620 * Return <0 error code on error; 1 on successful completion.
103621 * The files->file_lock should be held on entry, and will be held on exit.
103622 */
103623 -static int expand_fdtable(struct files_struct *files, int nr)
103624 - __releases(files->file_lock)
103625 - __acquires(files->file_lock)
103626 +static int expand_fdtable(struct files_struct *files, unsigned int nr)
103627 + __releases(&files->file_lock)
103628 + __acquires(&files->file_lock);
103629 +static int expand_fdtable(struct files_struct *files, unsigned int nr)
103630 {
103631 struct fdtable *new_fdt, *cur_fdt;
103632
103633 @@ -208,9 +210,10 @@ static int expand_fdtable(struct files_struct *files, int nr)
103634 * expanded and execution may have blocked.
103635 * The files->file_lock should be held on entry, and will be held on exit.
103636 */
103637 -static int expand_files(struct files_struct *files, int nr)
103638 - __releases(files->file_lock)
103639 - __acquires(files->file_lock)
103640 +static int expand_files(struct files_struct *files, unsigned int nr)
103641 + __releases(&files->file_lock)
103642 + __acquires(&files->file_lock);
103643 +static int expand_files(struct files_struct *files, unsigned int nr)
103644 {
103645 struct fdtable *fdt;
103646 int expanded = 0;
103647 @@ -822,7 +825,9 @@ bool get_close_on_exec(unsigned int fd)
103648
103649 static int do_dup2(struct files_struct *files,
103650 struct file *file, unsigned fd, unsigned flags)
103651 -__releases(&files->file_lock)
103652 +__releases(&files->file_lock);
103653 +static int do_dup2(struct files_struct *files,
103654 + struct file *file, unsigned fd, unsigned flags)
103655 {
103656 struct file *tofree;
103657 struct fdtable *fdt;
103658 @@ -872,6 +877,7 @@ int replace_fd(unsigned fd, struct file *file, unsigned flags)
103659 if (!file)
103660 return __close_fd(files, fd);
103661
103662 + gr_learn_resource(current, RLIMIT_NOFILE, fd, 0);
103663 if (fd >= rlimit(RLIMIT_NOFILE))
103664 return -EBADF;
103665
103666 @@ -898,6 +904,7 @@ SYSCALL_DEFINE3(dup3, unsigned int, oldfd, unsigned int, newfd, int, flags)
103667 if (unlikely(oldfd == newfd))
103668 return -EINVAL;
103669
103670 + gr_learn_resource(current, RLIMIT_NOFILE, newfd, 0);
103671 if (newfd >= rlimit(RLIMIT_NOFILE))
103672 return -EBADF;
103673
103674 @@ -953,6 +960,7 @@ SYSCALL_DEFINE1(dup, unsigned int, fildes)
103675 int f_dupfd(unsigned int from, struct file *file, unsigned flags)
103676 {
103677 int err;
103678 + gr_learn_resource(current, RLIMIT_NOFILE, from, 0);
103679 if (from >= rlimit(RLIMIT_NOFILE))
103680 return -EINVAL;
103681 err = alloc_fd(from, flags);
103682 diff --git a/fs/filesystems.c b/fs/filesystems.c
103683 index c5618db..50c38f4 100644
103684 --- a/fs/filesystems.c
103685 +++ b/fs/filesystems.c
103686 @@ -275,7 +275,11 @@ struct file_system_type *get_fs_type(const char *name)
103687 int len = dot ? dot - name : strlen(name);
103688
103689 fs = __get_fs_type(name, len);
103690 +#ifdef CONFIG_GRKERNSEC_MODHARDEN
103691 + if (!fs && (___request_module(true, "grsec_modharden_fs", "fs-%.*s", len, name) == 0))
103692 +#else
103693 if (!fs && (request_module("fs-%.*s", len, name) == 0))
103694 +#endif
103695 fs = __get_fs_type(name, len);
103696
103697 if (dot && fs && !(fs->fs_flags & FS_HAS_SUBTYPE)) {
103698 diff --git a/fs/freevxfs/vxfs_super.c b/fs/freevxfs/vxfs_super.c
103699 index 455ce5b..ec65e7e 100644
103700 --- a/fs/freevxfs/vxfs_super.c
103701 +++ b/fs/freevxfs/vxfs_super.c
103702 @@ -332,9 +332,11 @@ vxfs_init(void)
103703 {
103704 int rv;
103705
103706 - vxfs_inode_cachep = kmem_cache_create("vxfs_inode",
103707 + vxfs_inode_cachep = kmem_cache_create_usercopy("vxfs_inode",
103708 sizeof(struct vxfs_inode_info), 0,
103709 - SLAB_RECLAIM_ACCOUNT|SLAB_MEM_SPREAD, NULL);
103710 + SLAB_RECLAIM_ACCOUNT|SLAB_MEM_SPREAD,
103711 + offsetof(struct vxfs_inode_info, vii_immed.vi_immed),
103712 + sizeof(((struct vxfs_inode_info *)0)->vii_immed.vi_immed), NULL);
103713 if (!vxfs_inode_cachep)
103714 return -ENOMEM;
103715 rv = register_filesystem(&vxfs_fs_type);
103716 diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c
103717 index 05713a5..6cfd433 100644
103718 --- a/fs/fs-writeback.c
103719 +++ b/fs/fs-writeback.c
103720 @@ -880,9 +880,9 @@ fs_initcall(cgroup_writeback_init);
103721 #else /* CONFIG_CGROUP_WRITEBACK */
103722
103723 static struct bdi_writeback *
103724 +locked_inode_to_wb_and_lock_list(struct inode *inode) __releases(&inode->i_lock) __acquires(&wb->list_lock);
103725 +static struct bdi_writeback *
103726 locked_inode_to_wb_and_lock_list(struct inode *inode)
103727 - __releases(&inode->i_lock)
103728 - __acquires(&wb->list_lock)
103729 {
103730 struct bdi_writeback *wb = inode_to_wb(inode);
103731
103732 @@ -891,8 +891,8 @@ locked_inode_to_wb_and_lock_list(struct inode *inode)
103733 return wb;
103734 }
103735
103736 +static struct bdi_writeback *inode_to_wb_and_lock_list(struct inode *inode) __acquires(&wb->list_lock);
103737 static struct bdi_writeback *inode_to_wb_and_lock_list(struct inode *inode)
103738 - __acquires(&wb->list_lock)
103739 {
103740 struct bdi_writeback *wb = inode_to_wb(inode);
103741
103742 @@ -1173,9 +1173,8 @@ static int write_inode(struct inode *inode, struct writeback_control *wbc)
103743 * Wait for writeback on an inode to complete. Called with i_lock held.
103744 * Caller must make sure inode cannot go away when we drop i_lock.
103745 */
103746 +static void __inode_wait_for_writeback(struct inode *inode) __must_hold(&inode->i_lock);
103747 static void __inode_wait_for_writeback(struct inode *inode)
103748 - __releases(inode->i_lock)
103749 - __acquires(inode->i_lock)
103750 {
103751 DEFINE_WAIT_BIT(wq, &inode->i_state, __I_SYNC);
103752 wait_queue_head_t *wqh;
103753 @@ -1204,8 +1203,8 @@ void inode_wait_for_writeback(struct inode *inode)
103754 * held and drops it. It is aimed for callers not holding any inode reference
103755 * so once i_lock is dropped, inode can go away.
103756 */
103757 +static void inode_sleep_on_writeback(struct inode *inode) __releases(&inode->i_lock);
103758 static void inode_sleep_on_writeback(struct inode *inode)
103759 - __releases(inode->i_lock)
103760 {
103761 DEFINE_WAIT(wait);
103762 wait_queue_head_t *wqh = bit_waitqueue(&inode->i_state, __I_SYNC);
103763 diff --git a/fs/fs_struct.c b/fs/fs_struct.c
103764 index 7dca743..1ff87ae 100644
103765 --- a/fs/fs_struct.c
103766 +++ b/fs/fs_struct.c
103767 @@ -4,6 +4,7 @@
103768 #include <linux/path.h>
103769 #include <linux/slab.h>
103770 #include <linux/fs_struct.h>
103771 +#include <linux/grsecurity.h>
103772 #include "internal.h"
103773
103774 /*
103775 @@ -15,14 +16,18 @@ void set_fs_root(struct fs_struct *fs, const struct path *path)
103776 struct path old_root;
103777
103778 path_get(path);
103779 + gr_inc_chroot_refcnts(path->dentry, path->mnt);
103780 spin_lock(&fs->lock);
103781 write_seqcount_begin(&fs->seq);
103782 old_root = fs->root;
103783 fs->root = *path;
103784 + gr_set_chroot_entries(current, path);
103785 write_seqcount_end(&fs->seq);
103786 spin_unlock(&fs->lock);
103787 - if (old_root.dentry)
103788 + if (old_root.dentry) {
103789 + gr_dec_chroot_refcnts(old_root.dentry, old_root.mnt);
103790 path_put(&old_root);
103791 + }
103792 }
103793
103794 /*
103795 @@ -67,6 +72,10 @@ void chroot_fs_refs(const struct path *old_root, const struct path *new_root)
103796 int hits = 0;
103797 spin_lock(&fs->lock);
103798 write_seqcount_begin(&fs->seq);
103799 + /* this root replacement is only done by pivot_root,
103800 + leave grsec's chroot tagging alone for this task
103801 + so that a pivoted root isn't treated as a chroot
103802 + */
103803 hits += replace_path(&fs->root, old_root, new_root);
103804 hits += replace_path(&fs->pwd, old_root, new_root);
103805 write_seqcount_end(&fs->seq);
103806 @@ -85,6 +94,7 @@ void chroot_fs_refs(const struct path *old_root, const struct path *new_root)
103807
103808 void free_fs_struct(struct fs_struct *fs)
103809 {
103810 + gr_dec_chroot_refcnts(fs->root.dentry, fs->root.mnt);
103811 path_put(&fs->root);
103812 path_put(&fs->pwd);
103813 kmem_cache_free(fs_cachep, fs);
103814 @@ -99,7 +109,8 @@ void exit_fs(struct task_struct *tsk)
103815 task_lock(tsk);
103816 spin_lock(&fs->lock);
103817 tsk->fs = NULL;
103818 - kill = !--fs->users;
103819 + gr_clear_chroot_entries(tsk);
103820 + kill = !atomic_dec_return(&fs->users);
103821 spin_unlock(&fs->lock);
103822 task_unlock(tsk);
103823 if (kill)
103824 @@ -112,7 +123,7 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old)
103825 struct fs_struct *fs = kmem_cache_alloc(fs_cachep, GFP_KERNEL);
103826 /* We don't need to lock fs - think why ;-) */
103827 if (fs) {
103828 - fs->users = 1;
103829 + atomic_set(&fs->users, 1);
103830 fs->in_exec = 0;
103831 spin_lock_init(&fs->lock);
103832 seqcount_init(&fs->seq);
103833 @@ -121,9 +132,13 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old)
103834 spin_lock(&old->lock);
103835 fs->root = old->root;
103836 path_get(&fs->root);
103837 + /* instead of calling gr_set_chroot_entries here,
103838 + we call it from every caller of this function
103839 + */
103840 fs->pwd = old->pwd;
103841 path_get(&fs->pwd);
103842 spin_unlock(&old->lock);
103843 + gr_inc_chroot_refcnts(fs->root.dentry, fs->root.mnt);
103844 }
103845 return fs;
103846 }
103847 @@ -139,8 +154,9 @@ int unshare_fs_struct(void)
103848
103849 task_lock(current);
103850 spin_lock(&fs->lock);
103851 - kill = !--fs->users;
103852 + kill = !atomic_dec_return(&fs->users);
103853 current->fs = new_fs;
103854 + gr_set_chroot_entries(current, &new_fs->root);
103855 spin_unlock(&fs->lock);
103856 task_unlock(current);
103857
103858 @@ -153,13 +169,13 @@ EXPORT_SYMBOL_GPL(unshare_fs_struct);
103859
103860 int current_umask(void)
103861 {
103862 - return current->fs->umask;
103863 + return current->fs->umask | gr_acl_umask();
103864 }
103865 EXPORT_SYMBOL(current_umask);
103866
103867 /* to be mentioned only in INIT_TASK */
103868 struct fs_struct init_fs = {
103869 - .users = 1,
103870 + .users = ATOMIC_INIT(1),
103871 .lock = __SPIN_LOCK_UNLOCKED(init_fs.lock),
103872 .seq = SEQCNT_ZERO(init_fs.seq),
103873 .umask = 0022,
103874 diff --git a/fs/fscache/cookie.c b/fs/fscache/cookie.c
103875 index 43040721..2780191 100644
103876 --- a/fs/fscache/cookie.c
103877 +++ b/fs/fscache/cookie.c
103878 @@ -19,7 +19,7 @@
103879
103880 struct kmem_cache *fscache_cookie_jar;
103881
103882 -static atomic_t fscache_object_debug_id = ATOMIC_INIT(0);
103883 +static atomic_unchecked_t fscache_object_debug_id = ATOMIC_INIT(0);
103884
103885 static int fscache_acquire_non_index_cookie(struct fscache_cookie *cookie);
103886 static int fscache_alloc_object(struct fscache_cache *cache,
103887 @@ -69,11 +69,11 @@ struct fscache_cookie *__fscache_acquire_cookie(
103888 parent ? (char *) parent->def->name : "<no-parent>",
103889 def->name, netfs_data, enable);
103890
103891 - fscache_stat(&fscache_n_acquires);
103892 + fscache_stat_unchecked(&fscache_n_acquires);
103893
103894 /* if there's no parent cookie, then we don't create one here either */
103895 if (!parent) {
103896 - fscache_stat(&fscache_n_acquires_null);
103897 + fscache_stat_unchecked(&fscache_n_acquires_null);
103898 _leave(" [no parent]");
103899 return NULL;
103900 }
103901 @@ -88,7 +88,7 @@ struct fscache_cookie *__fscache_acquire_cookie(
103902 /* allocate and initialise a cookie */
103903 cookie = kmem_cache_alloc(fscache_cookie_jar, GFP_KERNEL);
103904 if (!cookie) {
103905 - fscache_stat(&fscache_n_acquires_oom);
103906 + fscache_stat_unchecked(&fscache_n_acquires_oom);
103907 _leave(" [ENOMEM]");
103908 return NULL;
103909 }
103910 @@ -115,13 +115,13 @@ struct fscache_cookie *__fscache_acquire_cookie(
103911
103912 switch (cookie->def->type) {
103913 case FSCACHE_COOKIE_TYPE_INDEX:
103914 - fscache_stat(&fscache_n_cookie_index);
103915 + fscache_stat_unchecked(&fscache_n_cookie_index);
103916 break;
103917 case FSCACHE_COOKIE_TYPE_DATAFILE:
103918 - fscache_stat(&fscache_n_cookie_data);
103919 + fscache_stat_unchecked(&fscache_n_cookie_data);
103920 break;
103921 default:
103922 - fscache_stat(&fscache_n_cookie_special);
103923 + fscache_stat_unchecked(&fscache_n_cookie_special);
103924 break;
103925 }
103926
103927 @@ -135,7 +135,7 @@ struct fscache_cookie *__fscache_acquire_cookie(
103928 } else {
103929 atomic_dec(&parent->n_children);
103930 __fscache_cookie_put(cookie);
103931 - fscache_stat(&fscache_n_acquires_nobufs);
103932 + fscache_stat_unchecked(&fscache_n_acquires_nobufs);
103933 _leave(" = NULL");
103934 return NULL;
103935 }
103936 @@ -144,7 +144,7 @@ struct fscache_cookie *__fscache_acquire_cookie(
103937 }
103938 }
103939
103940 - fscache_stat(&fscache_n_acquires_ok);
103941 + fscache_stat_unchecked(&fscache_n_acquires_ok);
103942 _leave(" = %p", cookie);
103943 return cookie;
103944 }
103945 @@ -213,7 +213,7 @@ static int fscache_acquire_non_index_cookie(struct fscache_cookie *cookie)
103946 cache = fscache_select_cache_for_object(cookie->parent);
103947 if (!cache) {
103948 up_read(&fscache_addremove_sem);
103949 - fscache_stat(&fscache_n_acquires_no_cache);
103950 + fscache_stat_unchecked(&fscache_n_acquires_no_cache);
103951 _leave(" = -ENOMEDIUM [no cache]");
103952 return -ENOMEDIUM;
103953 }
103954 @@ -297,14 +297,14 @@ static int fscache_alloc_object(struct fscache_cache *cache,
103955 object = cache->ops->alloc_object(cache, cookie);
103956 fscache_stat_d(&fscache_n_cop_alloc_object);
103957 if (IS_ERR(object)) {
103958 - fscache_stat(&fscache_n_object_no_alloc);
103959 + fscache_stat_unchecked(&fscache_n_object_no_alloc);
103960 ret = PTR_ERR(object);
103961 goto error;
103962 }
103963
103964 - fscache_stat(&fscache_n_object_alloc);
103965 + fscache_stat_unchecked(&fscache_n_object_alloc);
103966
103967 - object->debug_id = atomic_inc_return(&fscache_object_debug_id);
103968 + object->debug_id = atomic_inc_return_unchecked(&fscache_object_debug_id);
103969
103970 _debug("ALLOC OBJ%x: %s {%lx}",
103971 object->debug_id, cookie->def->name, object->events);
103972 @@ -419,7 +419,7 @@ void __fscache_invalidate(struct fscache_cookie *cookie)
103973
103974 _enter("{%s}", cookie->def->name);
103975
103976 - fscache_stat(&fscache_n_invalidates);
103977 + fscache_stat_unchecked(&fscache_n_invalidates);
103978
103979 /* Only permit invalidation of data files. Invalidating an index will
103980 * require the caller to release all its attachments to the tree rooted
103981 @@ -477,10 +477,10 @@ void __fscache_update_cookie(struct fscache_cookie *cookie)
103982 {
103983 struct fscache_object *object;
103984
103985 - fscache_stat(&fscache_n_updates);
103986 + fscache_stat_unchecked(&fscache_n_updates);
103987
103988 if (!cookie) {
103989 - fscache_stat(&fscache_n_updates_null);
103990 + fscache_stat_unchecked(&fscache_n_updates_null);
103991 _leave(" [no cookie]");
103992 return;
103993 }
103994 @@ -581,12 +581,12 @@ EXPORT_SYMBOL(__fscache_disable_cookie);
103995 */
103996 void __fscache_relinquish_cookie(struct fscache_cookie *cookie, bool retire)
103997 {
103998 - fscache_stat(&fscache_n_relinquishes);
103999 + fscache_stat_unchecked(&fscache_n_relinquishes);
104000 if (retire)
104001 - fscache_stat(&fscache_n_relinquishes_retire);
104002 + fscache_stat_unchecked(&fscache_n_relinquishes_retire);
104003
104004 if (!cookie) {
104005 - fscache_stat(&fscache_n_relinquishes_null);
104006 + fscache_stat_unchecked(&fscache_n_relinquishes_null);
104007 _leave(" [no cookie]");
104008 return;
104009 }
104010 @@ -687,7 +687,7 @@ int __fscache_check_consistency(struct fscache_cookie *cookie)
104011 if (test_bit(FSCACHE_IOERROR, &object->cache->flags))
104012 goto inconsistent;
104013
104014 - op->debug_id = atomic_inc_return(&fscache_op_debug_id);
104015 + op->debug_id = atomic_inc_return_unchecked(&fscache_op_debug_id);
104016
104017 __fscache_use_cookie(cookie);
104018 if (fscache_submit_op(object, op) < 0)
104019 diff --git a/fs/fscache/internal.h b/fs/fscache/internal.h
104020 index 97ec451..f722cee 100644
104021 --- a/fs/fscache/internal.h
104022 +++ b/fs/fscache/internal.h
104023 @@ -136,8 +136,8 @@ extern void fscache_operation_gc(struct work_struct *);
104024 extern int fscache_wait_for_deferred_lookup(struct fscache_cookie *);
104025 extern int fscache_wait_for_operation_activation(struct fscache_object *,
104026 struct fscache_operation *,
104027 - atomic_t *,
104028 - atomic_t *);
104029 + atomic_unchecked_t *,
104030 + atomic_unchecked_t *);
104031 extern void fscache_invalidate_writes(struct fscache_cookie *);
104032
104033 /*
104034 @@ -155,102 +155,102 @@ extern void fscache_proc_cleanup(void);
104035 * stats.c
104036 */
104037 #ifdef CONFIG_FSCACHE_STATS
104038 -extern atomic_t fscache_n_ops_processed[FSCACHE_MAX_THREADS];
104039 -extern atomic_t fscache_n_objs_processed[FSCACHE_MAX_THREADS];
104040 +extern atomic_unchecked_t fscache_n_ops_processed[FSCACHE_MAX_THREADS];
104041 +extern atomic_unchecked_t fscache_n_objs_processed[FSCACHE_MAX_THREADS];
104042
104043 -extern atomic_t fscache_n_op_pend;
104044 -extern atomic_t fscache_n_op_run;
104045 -extern atomic_t fscache_n_op_enqueue;
104046 -extern atomic_t fscache_n_op_deferred_release;
104047 -extern atomic_t fscache_n_op_initialised;
104048 -extern atomic_t fscache_n_op_release;
104049 -extern atomic_t fscache_n_op_gc;
104050 -extern atomic_t fscache_n_op_cancelled;
104051 -extern atomic_t fscache_n_op_rejected;
104052 +extern atomic_unchecked_t fscache_n_op_pend;
104053 +extern atomic_unchecked_t fscache_n_op_run;
104054 +extern atomic_unchecked_t fscache_n_op_enqueue;
104055 +extern atomic_unchecked_t fscache_n_op_deferred_release;
104056 +extern atomic_unchecked_t fscache_n_op_initialised;
104057 +extern atomic_unchecked_t fscache_n_op_release;
104058 +extern atomic_unchecked_t fscache_n_op_gc;
104059 +extern atomic_unchecked_t fscache_n_op_cancelled;
104060 +extern atomic_unchecked_t fscache_n_op_rejected;
104061
104062 -extern atomic_t fscache_n_attr_changed;
104063 -extern atomic_t fscache_n_attr_changed_ok;
104064 -extern atomic_t fscache_n_attr_changed_nobufs;
104065 -extern atomic_t fscache_n_attr_changed_nomem;
104066 -extern atomic_t fscache_n_attr_changed_calls;
104067 +extern atomic_unchecked_t fscache_n_attr_changed;
104068 +extern atomic_unchecked_t fscache_n_attr_changed_ok;
104069 +extern atomic_unchecked_t fscache_n_attr_changed_nobufs;
104070 +extern atomic_unchecked_t fscache_n_attr_changed_nomem;
104071 +extern atomic_unchecked_t fscache_n_attr_changed_calls;
104072
104073 -extern atomic_t fscache_n_allocs;
104074 -extern atomic_t fscache_n_allocs_ok;
104075 -extern atomic_t fscache_n_allocs_wait;
104076 -extern atomic_t fscache_n_allocs_nobufs;
104077 -extern atomic_t fscache_n_allocs_intr;
104078 -extern atomic_t fscache_n_allocs_object_dead;
104079 -extern atomic_t fscache_n_alloc_ops;
104080 -extern atomic_t fscache_n_alloc_op_waits;
104081 +extern atomic_unchecked_t fscache_n_allocs;
104082 +extern atomic_unchecked_t fscache_n_allocs_ok;
104083 +extern atomic_unchecked_t fscache_n_allocs_wait;
104084 +extern atomic_unchecked_t fscache_n_allocs_nobufs;
104085 +extern atomic_unchecked_t fscache_n_allocs_intr;
104086 +extern atomic_unchecked_t fscache_n_allocs_object_dead;
104087 +extern atomic_unchecked_t fscache_n_alloc_ops;
104088 +extern atomic_unchecked_t fscache_n_alloc_op_waits;
104089
104090 -extern atomic_t fscache_n_retrievals;
104091 -extern atomic_t fscache_n_retrievals_ok;
104092 -extern atomic_t fscache_n_retrievals_wait;
104093 -extern atomic_t fscache_n_retrievals_nodata;
104094 -extern atomic_t fscache_n_retrievals_nobufs;
104095 -extern atomic_t fscache_n_retrievals_intr;
104096 -extern atomic_t fscache_n_retrievals_nomem;
104097 -extern atomic_t fscache_n_retrievals_object_dead;
104098 -extern atomic_t fscache_n_retrieval_ops;
104099 -extern atomic_t fscache_n_retrieval_op_waits;
104100 +extern atomic_unchecked_t fscache_n_retrievals;
104101 +extern atomic_unchecked_t fscache_n_retrievals_ok;
104102 +extern atomic_unchecked_t fscache_n_retrievals_wait;
104103 +extern atomic_unchecked_t fscache_n_retrievals_nodata;
104104 +extern atomic_unchecked_t fscache_n_retrievals_nobufs;
104105 +extern atomic_unchecked_t fscache_n_retrievals_intr;
104106 +extern atomic_unchecked_t fscache_n_retrievals_nomem;
104107 +extern atomic_unchecked_t fscache_n_retrievals_object_dead;
104108 +extern atomic_unchecked_t fscache_n_retrieval_ops;
104109 +extern atomic_unchecked_t fscache_n_retrieval_op_waits;
104110
104111 -extern atomic_t fscache_n_stores;
104112 -extern atomic_t fscache_n_stores_ok;
104113 -extern atomic_t fscache_n_stores_again;
104114 -extern atomic_t fscache_n_stores_nobufs;
104115 -extern atomic_t fscache_n_stores_oom;
104116 -extern atomic_t fscache_n_store_ops;
104117 -extern atomic_t fscache_n_store_calls;
104118 -extern atomic_t fscache_n_store_pages;
104119 -extern atomic_t fscache_n_store_radix_deletes;
104120 -extern atomic_t fscache_n_store_pages_over_limit;
104121 +extern atomic_unchecked_t fscache_n_stores;
104122 +extern atomic_unchecked_t fscache_n_stores_ok;
104123 +extern atomic_unchecked_t fscache_n_stores_again;
104124 +extern atomic_unchecked_t fscache_n_stores_nobufs;
104125 +extern atomic_unchecked_t fscache_n_stores_oom;
104126 +extern atomic_unchecked_t fscache_n_store_ops;
104127 +extern atomic_unchecked_t fscache_n_store_calls;
104128 +extern atomic_unchecked_t fscache_n_store_pages;
104129 +extern atomic_unchecked_t fscache_n_store_radix_deletes;
104130 +extern atomic_unchecked_t fscache_n_store_pages_over_limit;
104131
104132 -extern atomic_t fscache_n_store_vmscan_not_storing;
104133 -extern atomic_t fscache_n_store_vmscan_gone;
104134 -extern atomic_t fscache_n_store_vmscan_busy;
104135 -extern atomic_t fscache_n_store_vmscan_cancelled;
104136 -extern atomic_t fscache_n_store_vmscan_wait;
104137 +extern atomic_unchecked_t fscache_n_store_vmscan_not_storing;
104138 +extern atomic_unchecked_t fscache_n_store_vmscan_gone;
104139 +extern atomic_unchecked_t fscache_n_store_vmscan_busy;
104140 +extern atomic_unchecked_t fscache_n_store_vmscan_cancelled;
104141 +extern atomic_unchecked_t fscache_n_store_vmscan_wait;
104142
104143 -extern atomic_t fscache_n_marks;
104144 -extern atomic_t fscache_n_uncaches;
104145 +extern atomic_unchecked_t fscache_n_marks;
104146 +extern atomic_unchecked_t fscache_n_uncaches;
104147
104148 -extern atomic_t fscache_n_acquires;
104149 -extern atomic_t fscache_n_acquires_null;
104150 -extern atomic_t fscache_n_acquires_no_cache;
104151 -extern atomic_t fscache_n_acquires_ok;
104152 -extern atomic_t fscache_n_acquires_nobufs;
104153 -extern atomic_t fscache_n_acquires_oom;
104154 +extern atomic_unchecked_t fscache_n_acquires;
104155 +extern atomic_unchecked_t fscache_n_acquires_null;
104156 +extern atomic_unchecked_t fscache_n_acquires_no_cache;
104157 +extern atomic_unchecked_t fscache_n_acquires_ok;
104158 +extern atomic_unchecked_t fscache_n_acquires_nobufs;
104159 +extern atomic_unchecked_t fscache_n_acquires_oom;
104160
104161 -extern atomic_t fscache_n_invalidates;
104162 -extern atomic_t fscache_n_invalidates_run;
104163 +extern atomic_unchecked_t fscache_n_invalidates;
104164 +extern atomic_unchecked_t fscache_n_invalidates_run;
104165
104166 -extern atomic_t fscache_n_updates;
104167 -extern atomic_t fscache_n_updates_null;
104168 -extern atomic_t fscache_n_updates_run;
104169 +extern atomic_unchecked_t fscache_n_updates;
104170 +extern atomic_unchecked_t fscache_n_updates_null;
104171 +extern atomic_unchecked_t fscache_n_updates_run;
104172
104173 -extern atomic_t fscache_n_relinquishes;
104174 -extern atomic_t fscache_n_relinquishes_null;
104175 -extern atomic_t fscache_n_relinquishes_waitcrt;
104176 -extern atomic_t fscache_n_relinquishes_retire;
104177 +extern atomic_unchecked_t fscache_n_relinquishes;
104178 +extern atomic_unchecked_t fscache_n_relinquishes_null;
104179 +extern atomic_unchecked_t fscache_n_relinquishes_waitcrt;
104180 +extern atomic_unchecked_t fscache_n_relinquishes_retire;
104181
104182 -extern atomic_t fscache_n_cookie_index;
104183 -extern atomic_t fscache_n_cookie_data;
104184 -extern atomic_t fscache_n_cookie_special;
104185 +extern atomic_unchecked_t fscache_n_cookie_index;
104186 +extern atomic_unchecked_t fscache_n_cookie_data;
104187 +extern atomic_unchecked_t fscache_n_cookie_special;
104188
104189 -extern atomic_t fscache_n_object_alloc;
104190 -extern atomic_t fscache_n_object_no_alloc;
104191 -extern atomic_t fscache_n_object_lookups;
104192 -extern atomic_t fscache_n_object_lookups_negative;
104193 -extern atomic_t fscache_n_object_lookups_positive;
104194 -extern atomic_t fscache_n_object_lookups_timed_out;
104195 -extern atomic_t fscache_n_object_created;
104196 -extern atomic_t fscache_n_object_avail;
104197 -extern atomic_t fscache_n_object_dead;
104198 +extern atomic_unchecked_t fscache_n_object_alloc;
104199 +extern atomic_unchecked_t fscache_n_object_no_alloc;
104200 +extern atomic_unchecked_t fscache_n_object_lookups;
104201 +extern atomic_unchecked_t fscache_n_object_lookups_negative;
104202 +extern atomic_unchecked_t fscache_n_object_lookups_positive;
104203 +extern atomic_unchecked_t fscache_n_object_lookups_timed_out;
104204 +extern atomic_unchecked_t fscache_n_object_created;
104205 +extern atomic_unchecked_t fscache_n_object_avail;
104206 +extern atomic_unchecked_t fscache_n_object_dead;
104207
104208 -extern atomic_t fscache_n_checkaux_none;
104209 -extern atomic_t fscache_n_checkaux_okay;
104210 -extern atomic_t fscache_n_checkaux_update;
104211 -extern atomic_t fscache_n_checkaux_obsolete;
104212 +extern atomic_unchecked_t fscache_n_checkaux_none;
104213 +extern atomic_unchecked_t fscache_n_checkaux_okay;
104214 +extern atomic_unchecked_t fscache_n_checkaux_update;
104215 +extern atomic_unchecked_t fscache_n_checkaux_obsolete;
104216
104217 extern atomic_t fscache_n_cop_alloc_object;
104218 extern atomic_t fscache_n_cop_lookup_object;
104219 @@ -280,6 +280,11 @@ static inline void fscache_stat(atomic_t *stat)
104220 atomic_inc(stat);
104221 }
104222
104223 +static inline void fscache_stat_unchecked(atomic_unchecked_t *stat)
104224 +{
104225 + atomic_inc_unchecked(stat);
104226 +}
104227 +
104228 static inline void fscache_stat_d(atomic_t *stat)
104229 {
104230 atomic_dec(stat);
104231 @@ -292,6 +297,7 @@ extern const struct file_operations fscache_stats_fops;
104232
104233 #define __fscache_stat(stat) (NULL)
104234 #define fscache_stat(stat) do {} while (0)
104235 +#define fscache_stat_unchecked(stat) do {} while (0)
104236 #define fscache_stat_d(stat) do {} while (0)
104237 #endif
104238
104239 diff --git a/fs/fscache/object.c b/fs/fscache/object.c
104240 index 9e792e3..6b2affb 100644
104241 --- a/fs/fscache/object.c
104242 +++ b/fs/fscache/object.c
104243 @@ -465,7 +465,7 @@ static const struct fscache_state *fscache_look_up_object(struct fscache_object
104244 _debug("LOOKUP \"%s\" in \"%s\"",
104245 cookie->def->name, object->cache->tag->name);
104246
104247 - fscache_stat(&fscache_n_object_lookups);
104248 + fscache_stat_unchecked(&fscache_n_object_lookups);
104249 fscache_stat(&fscache_n_cop_lookup_object);
104250 ret = object->cache->ops->lookup_object(object);
104251 fscache_stat_d(&fscache_n_cop_lookup_object);
104252 @@ -475,7 +475,7 @@ static const struct fscache_state *fscache_look_up_object(struct fscache_object
104253 if (ret == -ETIMEDOUT) {
104254 /* probably stuck behind another object, so move this one to
104255 * the back of the queue */
104256 - fscache_stat(&fscache_n_object_lookups_timed_out);
104257 + fscache_stat_unchecked(&fscache_n_object_lookups_timed_out);
104258 _leave(" [timeout]");
104259 return NO_TRANSIT;
104260 }
104261 @@ -503,7 +503,7 @@ void fscache_object_lookup_negative(struct fscache_object *object)
104262 _enter("{OBJ%x,%s}", object->debug_id, object->state->name);
104263
104264 if (!test_and_set_bit(FSCACHE_OBJECT_IS_LOOKED_UP, &object->flags)) {
104265 - fscache_stat(&fscache_n_object_lookups_negative);
104266 + fscache_stat_unchecked(&fscache_n_object_lookups_negative);
104267
104268 /* Allow write requests to begin stacking up and read requests to begin
104269 * returning ENODATA.
104270 @@ -538,7 +538,7 @@ void fscache_obtained_object(struct fscache_object *object)
104271 /* if we were still looking up, then we must have a positive lookup
104272 * result, in which case there may be data available */
104273 if (!test_and_set_bit(FSCACHE_OBJECT_IS_LOOKED_UP, &object->flags)) {
104274 - fscache_stat(&fscache_n_object_lookups_positive);
104275 + fscache_stat_unchecked(&fscache_n_object_lookups_positive);
104276
104277 /* We do (presumably) have data */
104278 clear_bit_unlock(FSCACHE_COOKIE_NO_DATA_YET, &cookie->flags);
104279 @@ -550,7 +550,7 @@ void fscache_obtained_object(struct fscache_object *object)
104280 clear_bit_unlock(FSCACHE_COOKIE_LOOKING_UP, &cookie->flags);
104281 wake_up_bit(&cookie->flags, FSCACHE_COOKIE_LOOKING_UP);
104282 } else {
104283 - fscache_stat(&fscache_n_object_created);
104284 + fscache_stat_unchecked(&fscache_n_object_created);
104285 }
104286
104287 set_bit(FSCACHE_OBJECT_IS_AVAILABLE, &object->flags);
104288 @@ -586,7 +586,7 @@ static const struct fscache_state *fscache_object_available(struct fscache_objec
104289 fscache_stat_d(&fscache_n_cop_lookup_complete);
104290
104291 fscache_hist(fscache_obj_instantiate_histogram, object->lookup_jif);
104292 - fscache_stat(&fscache_n_object_avail);
104293 + fscache_stat_unchecked(&fscache_n_object_avail);
104294
104295 _leave("");
104296 return transit_to(JUMPSTART_DEPS);
104297 @@ -735,7 +735,7 @@ static const struct fscache_state *fscache_drop_object(struct fscache_object *ob
104298
104299 /* this just shifts the object release to the work processor */
104300 fscache_put_object(object);
104301 - fscache_stat(&fscache_n_object_dead);
104302 + fscache_stat_unchecked(&fscache_n_object_dead);
104303
104304 _leave("");
104305 return transit_to(OBJECT_DEAD);
104306 @@ -900,7 +900,7 @@ enum fscache_checkaux fscache_check_aux(struct fscache_object *object,
104307 enum fscache_checkaux result;
104308
104309 if (!object->cookie->def->check_aux) {
104310 - fscache_stat(&fscache_n_checkaux_none);
104311 + fscache_stat_unchecked(&fscache_n_checkaux_none);
104312 return FSCACHE_CHECKAUX_OKAY;
104313 }
104314
104315 @@ -909,17 +909,17 @@ enum fscache_checkaux fscache_check_aux(struct fscache_object *object,
104316 switch (result) {
104317 /* entry okay as is */
104318 case FSCACHE_CHECKAUX_OKAY:
104319 - fscache_stat(&fscache_n_checkaux_okay);
104320 + fscache_stat_unchecked(&fscache_n_checkaux_okay);
104321 break;
104322
104323 /* entry requires update */
104324 case FSCACHE_CHECKAUX_NEEDS_UPDATE:
104325 - fscache_stat(&fscache_n_checkaux_update);
104326 + fscache_stat_unchecked(&fscache_n_checkaux_update);
104327 break;
104328
104329 /* entry requires deletion */
104330 case FSCACHE_CHECKAUX_OBSOLETE:
104331 - fscache_stat(&fscache_n_checkaux_obsolete);
104332 + fscache_stat_unchecked(&fscache_n_checkaux_obsolete);
104333 break;
104334
104335 default:
104336 @@ -1007,7 +1007,7 @@ static const struct fscache_state *fscache_invalidate_object(struct fscache_obje
104337 {
104338 const struct fscache_state *s;
104339
104340 - fscache_stat(&fscache_n_invalidates_run);
104341 + fscache_stat_unchecked(&fscache_n_invalidates_run);
104342 fscache_stat(&fscache_n_cop_invalidate_object);
104343 s = _fscache_invalidate_object(object, event);
104344 fscache_stat_d(&fscache_n_cop_invalidate_object);
104345 @@ -1022,7 +1022,7 @@ static const struct fscache_state *fscache_update_object(struct fscache_object *
104346 {
104347 _enter("{OBJ%x},%d", object->debug_id, event);
104348
104349 - fscache_stat(&fscache_n_updates_run);
104350 + fscache_stat_unchecked(&fscache_n_updates_run);
104351 fscache_stat(&fscache_n_cop_update_object);
104352 object->cache->ops->update_object(object);
104353 fscache_stat_d(&fscache_n_cop_update_object);
104354 diff --git a/fs/fscache/operation.c b/fs/fscache/operation.c
104355 index de67745..6a3a9b6 100644
104356 --- a/fs/fscache/operation.c
104357 +++ b/fs/fscache/operation.c
104358 @@ -17,7 +17,7 @@
104359 #include <linux/slab.h>
104360 #include "internal.h"
104361
104362 -atomic_t fscache_op_debug_id;
104363 +atomic_unchecked_t fscache_op_debug_id;
104364 EXPORT_SYMBOL(fscache_op_debug_id);
104365
104366 static void fscache_operation_dummy_cancel(struct fscache_operation *op)
104367 @@ -40,12 +40,12 @@ void fscache_operation_init(struct fscache_operation *op,
104368 INIT_WORK(&op->work, fscache_op_work_func);
104369 atomic_set(&op->usage, 1);
104370 op->state = FSCACHE_OP_ST_INITIALISED;
104371 - op->debug_id = atomic_inc_return(&fscache_op_debug_id);
104372 + op->debug_id = atomic_inc_return_unchecked(&fscache_op_debug_id);
104373 op->processor = processor;
104374 op->cancel = cancel ?: fscache_operation_dummy_cancel;
104375 op->release = release;
104376 INIT_LIST_HEAD(&op->pend_link);
104377 - fscache_stat(&fscache_n_op_initialised);
104378 + fscache_stat_unchecked(&fscache_n_op_initialised);
104379 }
104380 EXPORT_SYMBOL(fscache_operation_init);
104381
104382 @@ -68,7 +68,7 @@ void fscache_enqueue_operation(struct fscache_operation *op)
104383 ASSERTCMP(atomic_read(&op->usage), >, 0);
104384 ASSERTCMP(op->state, ==, FSCACHE_OP_ST_IN_PROGRESS);
104385
104386 - fscache_stat(&fscache_n_op_enqueue);
104387 + fscache_stat_unchecked(&fscache_n_op_enqueue);
104388 switch (op->flags & FSCACHE_OP_TYPE) {
104389 case FSCACHE_OP_ASYNC:
104390 _debug("queue async");
104391 @@ -101,7 +101,7 @@ static void fscache_run_op(struct fscache_object *object,
104392 wake_up_bit(&op->flags, FSCACHE_OP_WAITING);
104393 if (op->processor)
104394 fscache_enqueue_operation(op);
104395 - fscache_stat(&fscache_n_op_run);
104396 + fscache_stat_unchecked(&fscache_n_op_run);
104397 }
104398
104399 /*
104400 @@ -169,7 +169,7 @@ int fscache_submit_exclusive_op(struct fscache_object *object,
104401 op->state = FSCACHE_OP_ST_PENDING;
104402 flags = READ_ONCE(object->flags);
104403 if (unlikely(!(flags & BIT(FSCACHE_OBJECT_IS_LIVE)))) {
104404 - fscache_stat(&fscache_n_op_rejected);
104405 + fscache_stat_unchecked(&fscache_n_op_rejected);
104406 op->cancel(op);
104407 op->state = FSCACHE_OP_ST_CANCELLED;
104408 ret = -ENOBUFS;
104409 @@ -185,11 +185,11 @@ int fscache_submit_exclusive_op(struct fscache_object *object,
104410 if (object->n_in_progress > 0) {
104411 atomic_inc(&op->usage);
104412 list_add_tail(&op->pend_link, &object->pending_ops);
104413 - fscache_stat(&fscache_n_op_pend);
104414 + fscache_stat_unchecked(&fscache_n_op_pend);
104415 } else if (!list_empty(&object->pending_ops)) {
104416 atomic_inc(&op->usage);
104417 list_add_tail(&op->pend_link, &object->pending_ops);
104418 - fscache_stat(&fscache_n_op_pend);
104419 + fscache_stat_unchecked(&fscache_n_op_pend);
104420 fscache_start_operations(object);
104421 } else {
104422 ASSERTCMP(object->n_in_progress, ==, 0);
104423 @@ -205,7 +205,7 @@ int fscache_submit_exclusive_op(struct fscache_object *object,
104424 object->n_exclusive++; /* reads and writes must wait */
104425 atomic_inc(&op->usage);
104426 list_add_tail(&op->pend_link, &object->pending_ops);
104427 - fscache_stat(&fscache_n_op_pend);
104428 + fscache_stat_unchecked(&fscache_n_op_pend);
104429 ret = 0;
104430 } else if (flags & BIT(FSCACHE_OBJECT_KILLED_BY_CACHE)) {
104431 op->cancel(op);
104432 @@ -254,7 +254,7 @@ int fscache_submit_op(struct fscache_object *object,
104433 op->state = FSCACHE_OP_ST_PENDING;
104434 flags = READ_ONCE(object->flags);
104435 if (unlikely(!(flags & BIT(FSCACHE_OBJECT_IS_LIVE)))) {
104436 - fscache_stat(&fscache_n_op_rejected);
104437 + fscache_stat_unchecked(&fscache_n_op_rejected);
104438 op->cancel(op);
104439 op->state = FSCACHE_OP_ST_CANCELLED;
104440 ret = -ENOBUFS;
104441 @@ -269,11 +269,11 @@ int fscache_submit_op(struct fscache_object *object,
104442 if (object->n_exclusive > 0) {
104443 atomic_inc(&op->usage);
104444 list_add_tail(&op->pend_link, &object->pending_ops);
104445 - fscache_stat(&fscache_n_op_pend);
104446 + fscache_stat_unchecked(&fscache_n_op_pend);
104447 } else if (!list_empty(&object->pending_ops)) {
104448 atomic_inc(&op->usage);
104449 list_add_tail(&op->pend_link, &object->pending_ops);
104450 - fscache_stat(&fscache_n_op_pend);
104451 + fscache_stat_unchecked(&fscache_n_op_pend);
104452 fscache_start_operations(object);
104453 } else {
104454 ASSERTCMP(object->n_exclusive, ==, 0);
104455 @@ -285,7 +285,7 @@ int fscache_submit_op(struct fscache_object *object,
104456 object->n_ops++;
104457 atomic_inc(&op->usage);
104458 list_add_tail(&op->pend_link, &object->pending_ops);
104459 - fscache_stat(&fscache_n_op_pend);
104460 + fscache_stat_unchecked(&fscache_n_op_pend);
104461 ret = 0;
104462 } else if (flags & BIT(FSCACHE_OBJECT_KILLED_BY_CACHE)) {
104463 op->cancel(op);
104464 @@ -369,7 +369,7 @@ int fscache_cancel_op(struct fscache_operation *op,
104465 list_del_init(&op->pend_link);
104466 put = true;
104467
104468 - fscache_stat(&fscache_n_op_cancelled);
104469 + fscache_stat_unchecked(&fscache_n_op_cancelled);
104470 op->cancel(op);
104471 op->state = FSCACHE_OP_ST_CANCELLED;
104472 if (test_bit(FSCACHE_OP_EXCLUSIVE, &op->flags))
104473 @@ -385,7 +385,7 @@ int fscache_cancel_op(struct fscache_operation *op,
104474 if (object->n_in_progress == 0)
104475 fscache_start_operations(object);
104476
104477 - fscache_stat(&fscache_n_op_cancelled);
104478 + fscache_stat_unchecked(&fscache_n_op_cancelled);
104479 op->cancel(op);
104480 op->state = FSCACHE_OP_ST_CANCELLED;
104481 if (test_bit(FSCACHE_OP_EXCLUSIVE, &op->flags))
104482 @@ -416,7 +416,7 @@ void fscache_cancel_all_ops(struct fscache_object *object)
104483 while (!list_empty(&object->pending_ops)) {
104484 op = list_entry(object->pending_ops.next,
104485 struct fscache_operation, pend_link);
104486 - fscache_stat(&fscache_n_op_cancelled);
104487 + fscache_stat_unchecked(&fscache_n_op_cancelled);
104488 list_del_init(&op->pend_link);
104489
104490 ASSERTCMP(op->state, ==, FSCACHE_OP_ST_PENDING);
104491 @@ -493,7 +493,7 @@ void fscache_put_operation(struct fscache_operation *op)
104492 op->state != FSCACHE_OP_ST_COMPLETE,
104493 op->state, ==, FSCACHE_OP_ST_CANCELLED);
104494
104495 - fscache_stat(&fscache_n_op_release);
104496 + fscache_stat_unchecked(&fscache_n_op_release);
104497
104498 if (op->release) {
104499 op->release(op);
104500 @@ -513,7 +513,7 @@ void fscache_put_operation(struct fscache_operation *op)
104501 * lock, and defer it otherwise */
104502 if (!spin_trylock(&object->lock)) {
104503 _debug("defer put");
104504 - fscache_stat(&fscache_n_op_deferred_release);
104505 + fscache_stat_unchecked(&fscache_n_op_deferred_release);
104506
104507 cache = object->cache;
104508 spin_lock(&cache->op_gc_list_lock);
104509 @@ -567,7 +567,7 @@ void fscache_operation_gc(struct work_struct *work)
104510
104511 _debug("GC DEFERRED REL OBJ%x OP%x",
104512 object->debug_id, op->debug_id);
104513 - fscache_stat(&fscache_n_op_gc);
104514 + fscache_stat_unchecked(&fscache_n_op_gc);
104515
104516 ASSERTCMP(atomic_read(&op->usage), ==, 0);
104517 ASSERTCMP(op->state, ==, FSCACHE_OP_ST_DEAD);
104518 diff --git a/fs/fscache/page.c b/fs/fscache/page.c
104519 index c8c4f79..0512aeb 100644
104520 --- a/fs/fscache/page.c
104521 +++ b/fs/fscache/page.c
104522 @@ -74,7 +74,7 @@ try_again:
104523 val = radix_tree_lookup(&cookie->stores, page->index);
104524 if (!val) {
104525 rcu_read_unlock();
104526 - fscache_stat(&fscache_n_store_vmscan_not_storing);
104527 + fscache_stat_unchecked(&fscache_n_store_vmscan_not_storing);
104528 __fscache_uncache_page(cookie, page);
104529 return true;
104530 }
104531 @@ -104,11 +104,11 @@ try_again:
104532 spin_unlock(&cookie->stores_lock);
104533
104534 if (xpage) {
104535 - fscache_stat(&fscache_n_store_vmscan_cancelled);
104536 - fscache_stat(&fscache_n_store_radix_deletes);
104537 + fscache_stat_unchecked(&fscache_n_store_vmscan_cancelled);
104538 + fscache_stat_unchecked(&fscache_n_store_radix_deletes);
104539 ASSERTCMP(xpage, ==, page);
104540 } else {
104541 - fscache_stat(&fscache_n_store_vmscan_gone);
104542 + fscache_stat_unchecked(&fscache_n_store_vmscan_gone);
104543 }
104544
104545 wake_up_bit(&cookie->flags, 0);
104546 @@ -123,11 +123,11 @@ page_busy:
104547 * sleeping on memory allocation, so we may need to impose a timeout
104548 * too. */
104549 if (!(gfp & __GFP_DIRECT_RECLAIM) || !(gfp & __GFP_FS)) {
104550 - fscache_stat(&fscache_n_store_vmscan_busy);
104551 + fscache_stat_unchecked(&fscache_n_store_vmscan_busy);
104552 return false;
104553 }
104554
104555 - fscache_stat(&fscache_n_store_vmscan_wait);
104556 + fscache_stat_unchecked(&fscache_n_store_vmscan_wait);
104557 if (!release_page_wait_timeout(cookie, page))
104558 _debug("fscache writeout timeout page: %p{%lx}",
104559 page, page->index);
104560 @@ -156,7 +156,7 @@ static void fscache_end_page_write(struct fscache_object *object,
104561 FSCACHE_COOKIE_STORING_TAG);
104562 if (!radix_tree_tag_get(&cookie->stores, page->index,
104563 FSCACHE_COOKIE_PENDING_TAG)) {
104564 - fscache_stat(&fscache_n_store_radix_deletes);
104565 + fscache_stat_unchecked(&fscache_n_store_radix_deletes);
104566 xpage = radix_tree_delete(&cookie->stores, page->index);
104567 }
104568 spin_unlock(&cookie->stores_lock);
104569 @@ -177,7 +177,7 @@ static void fscache_attr_changed_op(struct fscache_operation *op)
104570
104571 _enter("{OBJ%x OP%x}", object->debug_id, op->debug_id);
104572
104573 - fscache_stat(&fscache_n_attr_changed_calls);
104574 + fscache_stat_unchecked(&fscache_n_attr_changed_calls);
104575
104576 if (fscache_object_is_active(object)) {
104577 fscache_stat(&fscache_n_cop_attr_changed);
104578 @@ -204,11 +204,11 @@ int __fscache_attr_changed(struct fscache_cookie *cookie)
104579
104580 ASSERTCMP(cookie->def->type, !=, FSCACHE_COOKIE_TYPE_INDEX);
104581
104582 - fscache_stat(&fscache_n_attr_changed);
104583 + fscache_stat_unchecked(&fscache_n_attr_changed);
104584
104585 op = kzalloc(sizeof(*op), GFP_KERNEL);
104586 if (!op) {
104587 - fscache_stat(&fscache_n_attr_changed_nomem);
104588 + fscache_stat_unchecked(&fscache_n_attr_changed_nomem);
104589 _leave(" = -ENOMEM");
104590 return -ENOMEM;
104591 }
104592 @@ -230,7 +230,7 @@ int __fscache_attr_changed(struct fscache_cookie *cookie)
104593 if (fscache_submit_exclusive_op(object, op) < 0)
104594 goto nobufs_dec;
104595 spin_unlock(&cookie->lock);
104596 - fscache_stat(&fscache_n_attr_changed_ok);
104597 + fscache_stat_unchecked(&fscache_n_attr_changed_ok);
104598 fscache_put_operation(op);
104599 _leave(" = 0");
104600 return 0;
104601 @@ -242,7 +242,7 @@ nobufs:
104602 fscache_put_operation(op);
104603 if (wake_cookie)
104604 __fscache_wake_unused_cookie(cookie);
104605 - fscache_stat(&fscache_n_attr_changed_nobufs);
104606 + fscache_stat_unchecked(&fscache_n_attr_changed_nobufs);
104607 _leave(" = %d", -ENOBUFS);
104608 return -ENOBUFS;
104609 }
104610 @@ -293,7 +293,7 @@ static struct fscache_retrieval *fscache_alloc_retrieval(
104611 /* allocate a retrieval operation and attempt to submit it */
104612 op = kzalloc(sizeof(*op), GFP_NOIO);
104613 if (!op) {
104614 - fscache_stat(&fscache_n_retrievals_nomem);
104615 + fscache_stat_unchecked(&fscache_n_retrievals_nomem);
104616 return NULL;
104617 }
104618
104619 @@ -332,12 +332,12 @@ int fscache_wait_for_deferred_lookup(struct fscache_cookie *cookie)
104620 return 0;
104621 }
104622
104623 - fscache_stat(&fscache_n_retrievals_wait);
104624 + fscache_stat_unchecked(&fscache_n_retrievals_wait);
104625
104626 jif = jiffies;
104627 if (wait_on_bit(&cookie->flags, FSCACHE_COOKIE_LOOKING_UP,
104628 TASK_INTERRUPTIBLE) != 0) {
104629 - fscache_stat(&fscache_n_retrievals_intr);
104630 + fscache_stat_unchecked(&fscache_n_retrievals_intr);
104631 _leave(" = -ERESTARTSYS");
104632 return -ERESTARTSYS;
104633 }
104634 @@ -355,8 +355,8 @@ int fscache_wait_for_deferred_lookup(struct fscache_cookie *cookie)
104635 */
104636 int fscache_wait_for_operation_activation(struct fscache_object *object,
104637 struct fscache_operation *op,
104638 - atomic_t *stat_op_waits,
104639 - atomic_t *stat_object_dead)
104640 + atomic_unchecked_t *stat_op_waits,
104641 + atomic_unchecked_t *stat_object_dead)
104642 {
104643 int ret;
104644
104645 @@ -365,7 +365,7 @@ int fscache_wait_for_operation_activation(struct fscache_object *object,
104646
104647 _debug(">>> WT");
104648 if (stat_op_waits)
104649 - fscache_stat(stat_op_waits);
104650 + fscache_stat_unchecked(stat_op_waits);
104651 if (wait_on_bit(&op->flags, FSCACHE_OP_WAITING,
104652 TASK_INTERRUPTIBLE) != 0) {
104653 ret = fscache_cancel_op(op, false);
104654 @@ -382,7 +382,7 @@ int fscache_wait_for_operation_activation(struct fscache_object *object,
104655 check_if_dead:
104656 if (op->state == FSCACHE_OP_ST_CANCELLED) {
104657 if (stat_object_dead)
104658 - fscache_stat(stat_object_dead);
104659 + fscache_stat_unchecked(stat_object_dead);
104660 _leave(" = -ENOBUFS [cancelled]");
104661 return -ENOBUFS;
104662 }
104663 @@ -391,7 +391,7 @@ check_if_dead:
104664 enum fscache_operation_state state = op->state;
104665 fscache_cancel_op(op, true);
104666 if (stat_object_dead)
104667 - fscache_stat(stat_object_dead);
104668 + fscache_stat_unchecked(stat_object_dead);
104669 _leave(" = -ENOBUFS [obj dead %d]", state);
104670 return -ENOBUFS;
104671 }
104672 @@ -420,7 +420,7 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie,
104673
104674 _enter("%p,%p,,,", cookie, page);
104675
104676 - fscache_stat(&fscache_n_retrievals);
104677 + fscache_stat_unchecked(&fscache_n_retrievals);
104678
104679 if (hlist_empty(&cookie->backing_objects))
104680 goto nobufs;
104681 @@ -462,7 +462,7 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie,
104682 goto nobufs_unlock_dec;
104683 spin_unlock(&cookie->lock);
104684
104685 - fscache_stat(&fscache_n_retrieval_ops);
104686 + fscache_stat_unchecked(&fscache_n_retrieval_ops);
104687
104688 /* we wait for the operation to become active, and then process it
104689 * *here*, in this thread, and not in the thread pool */
104690 @@ -488,15 +488,15 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie,
104691
104692 error:
104693 if (ret == -ENOMEM)
104694 - fscache_stat(&fscache_n_retrievals_nomem);
104695 + fscache_stat_unchecked(&fscache_n_retrievals_nomem);
104696 else if (ret == -ERESTARTSYS)
104697 - fscache_stat(&fscache_n_retrievals_intr);
104698 + fscache_stat_unchecked(&fscache_n_retrievals_intr);
104699 else if (ret == -ENODATA)
104700 - fscache_stat(&fscache_n_retrievals_nodata);
104701 + fscache_stat_unchecked(&fscache_n_retrievals_nodata);
104702 else if (ret < 0)
104703 - fscache_stat(&fscache_n_retrievals_nobufs);
104704 + fscache_stat_unchecked(&fscache_n_retrievals_nobufs);
104705 else
104706 - fscache_stat(&fscache_n_retrievals_ok);
104707 + fscache_stat_unchecked(&fscache_n_retrievals_ok);
104708
104709 fscache_put_retrieval(op);
104710 _leave(" = %d", ret);
104711 @@ -511,7 +511,7 @@ nobufs_unlock:
104712 __fscache_wake_unused_cookie(cookie);
104713 fscache_put_retrieval(op);
104714 nobufs:
104715 - fscache_stat(&fscache_n_retrievals_nobufs);
104716 + fscache_stat_unchecked(&fscache_n_retrievals_nobufs);
104717 _leave(" = -ENOBUFS");
104718 return -ENOBUFS;
104719 }
104720 @@ -550,7 +550,7 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie,
104721
104722 _enter("%p,,%d,,,", cookie, *nr_pages);
104723
104724 - fscache_stat(&fscache_n_retrievals);
104725 + fscache_stat_unchecked(&fscache_n_retrievals);
104726
104727 if (hlist_empty(&cookie->backing_objects))
104728 goto nobufs;
104729 @@ -588,7 +588,7 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie,
104730 goto nobufs_unlock_dec;
104731 spin_unlock(&cookie->lock);
104732
104733 - fscache_stat(&fscache_n_retrieval_ops);
104734 + fscache_stat_unchecked(&fscache_n_retrieval_ops);
104735
104736 /* we wait for the operation to become active, and then process it
104737 * *here*, in this thread, and not in the thread pool */
104738 @@ -614,15 +614,15 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie,
104739
104740 error:
104741 if (ret == -ENOMEM)
104742 - fscache_stat(&fscache_n_retrievals_nomem);
104743 + fscache_stat_unchecked(&fscache_n_retrievals_nomem);
104744 else if (ret == -ERESTARTSYS)
104745 - fscache_stat(&fscache_n_retrievals_intr);
104746 + fscache_stat_unchecked(&fscache_n_retrievals_intr);
104747 else if (ret == -ENODATA)
104748 - fscache_stat(&fscache_n_retrievals_nodata);
104749 + fscache_stat_unchecked(&fscache_n_retrievals_nodata);
104750 else if (ret < 0)
104751 - fscache_stat(&fscache_n_retrievals_nobufs);
104752 + fscache_stat_unchecked(&fscache_n_retrievals_nobufs);
104753 else
104754 - fscache_stat(&fscache_n_retrievals_ok);
104755 + fscache_stat_unchecked(&fscache_n_retrievals_ok);
104756
104757 fscache_put_retrieval(op);
104758 _leave(" = %d", ret);
104759 @@ -637,7 +637,7 @@ nobufs_unlock:
104760 if (wake_cookie)
104761 __fscache_wake_unused_cookie(cookie);
104762 nobufs:
104763 - fscache_stat(&fscache_n_retrievals_nobufs);
104764 + fscache_stat_unchecked(&fscache_n_retrievals_nobufs);
104765 _leave(" = -ENOBUFS");
104766 return -ENOBUFS;
104767 }
104768 @@ -662,7 +662,7 @@ int __fscache_alloc_page(struct fscache_cookie *cookie,
104769
104770 _enter("%p,%p,,,", cookie, page);
104771
104772 - fscache_stat(&fscache_n_allocs);
104773 + fscache_stat_unchecked(&fscache_n_allocs);
104774
104775 if (hlist_empty(&cookie->backing_objects))
104776 goto nobufs;
104777 @@ -696,7 +696,7 @@ int __fscache_alloc_page(struct fscache_cookie *cookie,
104778 goto nobufs_unlock_dec;
104779 spin_unlock(&cookie->lock);
104780
104781 - fscache_stat(&fscache_n_alloc_ops);
104782 + fscache_stat_unchecked(&fscache_n_alloc_ops);
104783
104784 ret = fscache_wait_for_operation_activation(
104785 object, &op->op,
104786 @@ -712,11 +712,11 @@ int __fscache_alloc_page(struct fscache_cookie *cookie,
104787
104788 error:
104789 if (ret == -ERESTARTSYS)
104790 - fscache_stat(&fscache_n_allocs_intr);
104791 + fscache_stat_unchecked(&fscache_n_allocs_intr);
104792 else if (ret < 0)
104793 - fscache_stat(&fscache_n_allocs_nobufs);
104794 + fscache_stat_unchecked(&fscache_n_allocs_nobufs);
104795 else
104796 - fscache_stat(&fscache_n_allocs_ok);
104797 + fscache_stat_unchecked(&fscache_n_allocs_ok);
104798
104799 fscache_put_retrieval(op);
104800 _leave(" = %d", ret);
104801 @@ -730,7 +730,7 @@ nobufs_unlock:
104802 if (wake_cookie)
104803 __fscache_wake_unused_cookie(cookie);
104804 nobufs:
104805 - fscache_stat(&fscache_n_allocs_nobufs);
104806 + fscache_stat_unchecked(&fscache_n_allocs_nobufs);
104807 _leave(" = -ENOBUFS");
104808 return -ENOBUFS;
104809 }
104810 @@ -806,7 +806,7 @@ static void fscache_write_op(struct fscache_operation *_op)
104811
104812 spin_lock(&cookie->stores_lock);
104813
104814 - fscache_stat(&fscache_n_store_calls);
104815 + fscache_stat_unchecked(&fscache_n_store_calls);
104816
104817 /* find a page to store */
104818 page = NULL;
104819 @@ -817,7 +817,7 @@ static void fscache_write_op(struct fscache_operation *_op)
104820 page = results[0];
104821 _debug("gang %d [%lx]", n, page->index);
104822 if (page->index >= op->store_limit) {
104823 - fscache_stat(&fscache_n_store_pages_over_limit);
104824 + fscache_stat_unchecked(&fscache_n_store_pages_over_limit);
104825 goto superseded;
104826 }
104827
104828 @@ -829,7 +829,7 @@ static void fscache_write_op(struct fscache_operation *_op)
104829 spin_unlock(&cookie->stores_lock);
104830 spin_unlock(&object->lock);
104831
104832 - fscache_stat(&fscache_n_store_pages);
104833 + fscache_stat_unchecked(&fscache_n_store_pages);
104834 fscache_stat(&fscache_n_cop_write_page);
104835 ret = object->cache->ops->write_page(op, page);
104836 fscache_stat_d(&fscache_n_cop_write_page);
104837 @@ -935,7 +935,7 @@ int __fscache_write_page(struct fscache_cookie *cookie,
104838 ASSERTCMP(cookie->def->type, !=, FSCACHE_COOKIE_TYPE_INDEX);
104839 ASSERT(PageFsCache(page));
104840
104841 - fscache_stat(&fscache_n_stores);
104842 + fscache_stat_unchecked(&fscache_n_stores);
104843
104844 if (test_bit(FSCACHE_COOKIE_INVALIDATING, &cookie->flags)) {
104845 _leave(" = -ENOBUFS [invalidating]");
104846 @@ -994,7 +994,7 @@ int __fscache_write_page(struct fscache_cookie *cookie,
104847 spin_unlock(&cookie->stores_lock);
104848 spin_unlock(&object->lock);
104849
104850 - op->op.debug_id = atomic_inc_return(&fscache_op_debug_id);
104851 + op->op.debug_id = atomic_inc_return_unchecked(&fscache_op_debug_id);
104852 op->store_limit = object->store_limit;
104853
104854 __fscache_use_cookie(cookie);
104855 @@ -1003,8 +1003,8 @@ int __fscache_write_page(struct fscache_cookie *cookie,
104856
104857 spin_unlock(&cookie->lock);
104858 radix_tree_preload_end();
104859 - fscache_stat(&fscache_n_store_ops);
104860 - fscache_stat(&fscache_n_stores_ok);
104861 + fscache_stat_unchecked(&fscache_n_store_ops);
104862 + fscache_stat_unchecked(&fscache_n_stores_ok);
104863
104864 /* the work queue now carries its own ref on the object */
104865 fscache_put_operation(&op->op);
104866 @@ -1012,14 +1012,14 @@ int __fscache_write_page(struct fscache_cookie *cookie,
104867 return 0;
104868
104869 already_queued:
104870 - fscache_stat(&fscache_n_stores_again);
104871 + fscache_stat_unchecked(&fscache_n_stores_again);
104872 already_pending:
104873 spin_unlock(&cookie->stores_lock);
104874 spin_unlock(&object->lock);
104875 spin_unlock(&cookie->lock);
104876 radix_tree_preload_end();
104877 fscache_put_operation(&op->op);
104878 - fscache_stat(&fscache_n_stores_ok);
104879 + fscache_stat_unchecked(&fscache_n_stores_ok);
104880 _leave(" = 0");
104881 return 0;
104882
104883 @@ -1041,14 +1041,14 @@ nobufs:
104884 fscache_put_operation(&op->op);
104885 if (wake_cookie)
104886 __fscache_wake_unused_cookie(cookie);
104887 - fscache_stat(&fscache_n_stores_nobufs);
104888 + fscache_stat_unchecked(&fscache_n_stores_nobufs);
104889 _leave(" = -ENOBUFS");
104890 return -ENOBUFS;
104891
104892 nomem_free:
104893 fscache_put_operation(&op->op);
104894 nomem:
104895 - fscache_stat(&fscache_n_stores_oom);
104896 + fscache_stat_unchecked(&fscache_n_stores_oom);
104897 _leave(" = -ENOMEM");
104898 return -ENOMEM;
104899 }
104900 @@ -1066,7 +1066,7 @@ void __fscache_uncache_page(struct fscache_cookie *cookie, struct page *page)
104901 ASSERTCMP(cookie->def->type, !=, FSCACHE_COOKIE_TYPE_INDEX);
104902 ASSERTCMP(page, !=, NULL);
104903
104904 - fscache_stat(&fscache_n_uncaches);
104905 + fscache_stat_unchecked(&fscache_n_uncaches);
104906
104907 /* cache withdrawal may beat us to it */
104908 if (!PageFsCache(page))
104909 @@ -1117,7 +1117,7 @@ void fscache_mark_page_cached(struct fscache_retrieval *op, struct page *page)
104910 struct fscache_cookie *cookie = op->op.object->cookie;
104911
104912 #ifdef CONFIG_FSCACHE_STATS
104913 - atomic_inc(&fscache_n_marks);
104914 + atomic_inc_unchecked(&fscache_n_marks);
104915 #endif
104916
104917 _debug("- mark %p{%lx}", page, page->index);
104918 diff --git a/fs/fscache/stats.c b/fs/fscache/stats.c
104919 index 7ac6e83..352976a 100644
104920 --- a/fs/fscache/stats.c
104921 +++ b/fs/fscache/stats.c
104922 @@ -18,100 +18,100 @@
104923 /*
104924 * operation counters
104925 */
104926 -atomic_t fscache_n_op_pend;
104927 -atomic_t fscache_n_op_run;
104928 -atomic_t fscache_n_op_enqueue;
104929 -atomic_t fscache_n_op_requeue;
104930 -atomic_t fscache_n_op_deferred_release;
104931 -atomic_t fscache_n_op_initialised;
104932 -atomic_t fscache_n_op_release;
104933 -atomic_t fscache_n_op_gc;
104934 -atomic_t fscache_n_op_cancelled;
104935 -atomic_t fscache_n_op_rejected;
104936 +atomic_unchecked_t fscache_n_op_pend;
104937 +atomic_unchecked_t fscache_n_op_run;
104938 +atomic_unchecked_t fscache_n_op_enqueue;
104939 +atomic_unchecked_t fscache_n_op_requeue;
104940 +atomic_unchecked_t fscache_n_op_deferred_release;
104941 +atomic_unchecked_t fscache_n_op_initialised;
104942 +atomic_unchecked_t fscache_n_op_release;
104943 +atomic_unchecked_t fscache_n_op_gc;
104944 +atomic_unchecked_t fscache_n_op_cancelled;
104945 +atomic_unchecked_t fscache_n_op_rejected;
104946
104947 -atomic_t fscache_n_attr_changed;
104948 -atomic_t fscache_n_attr_changed_ok;
104949 -atomic_t fscache_n_attr_changed_nobufs;
104950 -atomic_t fscache_n_attr_changed_nomem;
104951 -atomic_t fscache_n_attr_changed_calls;
104952 +atomic_unchecked_t fscache_n_attr_changed;
104953 +atomic_unchecked_t fscache_n_attr_changed_ok;
104954 +atomic_unchecked_t fscache_n_attr_changed_nobufs;
104955 +atomic_unchecked_t fscache_n_attr_changed_nomem;
104956 +atomic_unchecked_t fscache_n_attr_changed_calls;
104957
104958 -atomic_t fscache_n_allocs;
104959 -atomic_t fscache_n_allocs_ok;
104960 -atomic_t fscache_n_allocs_wait;
104961 -atomic_t fscache_n_allocs_nobufs;
104962 -atomic_t fscache_n_allocs_intr;
104963 -atomic_t fscache_n_allocs_object_dead;
104964 -atomic_t fscache_n_alloc_ops;
104965 -atomic_t fscache_n_alloc_op_waits;
104966 +atomic_unchecked_t fscache_n_allocs;
104967 +atomic_unchecked_t fscache_n_allocs_ok;
104968 +atomic_unchecked_t fscache_n_allocs_wait;
104969 +atomic_unchecked_t fscache_n_allocs_nobufs;
104970 +atomic_unchecked_t fscache_n_allocs_intr;
104971 +atomic_unchecked_t fscache_n_allocs_object_dead;
104972 +atomic_unchecked_t fscache_n_alloc_ops;
104973 +atomic_unchecked_t fscache_n_alloc_op_waits;
104974
104975 -atomic_t fscache_n_retrievals;
104976 -atomic_t fscache_n_retrievals_ok;
104977 -atomic_t fscache_n_retrievals_wait;
104978 -atomic_t fscache_n_retrievals_nodata;
104979 -atomic_t fscache_n_retrievals_nobufs;
104980 -atomic_t fscache_n_retrievals_intr;
104981 -atomic_t fscache_n_retrievals_nomem;
104982 -atomic_t fscache_n_retrievals_object_dead;
104983 -atomic_t fscache_n_retrieval_ops;
104984 -atomic_t fscache_n_retrieval_op_waits;
104985 +atomic_unchecked_t fscache_n_retrievals;
104986 +atomic_unchecked_t fscache_n_retrievals_ok;
104987 +atomic_unchecked_t fscache_n_retrievals_wait;
104988 +atomic_unchecked_t fscache_n_retrievals_nodata;
104989 +atomic_unchecked_t fscache_n_retrievals_nobufs;
104990 +atomic_unchecked_t fscache_n_retrievals_intr;
104991 +atomic_unchecked_t fscache_n_retrievals_nomem;
104992 +atomic_unchecked_t fscache_n_retrievals_object_dead;
104993 +atomic_unchecked_t fscache_n_retrieval_ops;
104994 +atomic_unchecked_t fscache_n_retrieval_op_waits;
104995
104996 -atomic_t fscache_n_stores;
104997 -atomic_t fscache_n_stores_ok;
104998 -atomic_t fscache_n_stores_again;
104999 -atomic_t fscache_n_stores_nobufs;
105000 -atomic_t fscache_n_stores_oom;
105001 -atomic_t fscache_n_store_ops;
105002 -atomic_t fscache_n_store_calls;
105003 -atomic_t fscache_n_store_pages;
105004 -atomic_t fscache_n_store_radix_deletes;
105005 -atomic_t fscache_n_store_pages_over_limit;
105006 +atomic_unchecked_t fscache_n_stores;
105007 +atomic_unchecked_t fscache_n_stores_ok;
105008 +atomic_unchecked_t fscache_n_stores_again;
105009 +atomic_unchecked_t fscache_n_stores_nobufs;
105010 +atomic_unchecked_t fscache_n_stores_oom;
105011 +atomic_unchecked_t fscache_n_store_ops;
105012 +atomic_unchecked_t fscache_n_store_calls;
105013 +atomic_unchecked_t fscache_n_store_pages;
105014 +atomic_unchecked_t fscache_n_store_radix_deletes;
105015 +atomic_unchecked_t fscache_n_store_pages_over_limit;
105016
105017 -atomic_t fscache_n_store_vmscan_not_storing;
105018 -atomic_t fscache_n_store_vmscan_gone;
105019 -atomic_t fscache_n_store_vmscan_busy;
105020 -atomic_t fscache_n_store_vmscan_cancelled;
105021 -atomic_t fscache_n_store_vmscan_wait;
105022 +atomic_unchecked_t fscache_n_store_vmscan_not_storing;
105023 +atomic_unchecked_t fscache_n_store_vmscan_gone;
105024 +atomic_unchecked_t fscache_n_store_vmscan_busy;
105025 +atomic_unchecked_t fscache_n_store_vmscan_cancelled;
105026 +atomic_unchecked_t fscache_n_store_vmscan_wait;
105027
105028 -atomic_t fscache_n_marks;
105029 -atomic_t fscache_n_uncaches;
105030 +atomic_unchecked_t fscache_n_marks;
105031 +atomic_unchecked_t fscache_n_uncaches;
105032
105033 -atomic_t fscache_n_acquires;
105034 -atomic_t fscache_n_acquires_null;
105035 -atomic_t fscache_n_acquires_no_cache;
105036 -atomic_t fscache_n_acquires_ok;
105037 -atomic_t fscache_n_acquires_nobufs;
105038 -atomic_t fscache_n_acquires_oom;
105039 +atomic_unchecked_t fscache_n_acquires;
105040 +atomic_unchecked_t fscache_n_acquires_null;
105041 +atomic_unchecked_t fscache_n_acquires_no_cache;
105042 +atomic_unchecked_t fscache_n_acquires_ok;
105043 +atomic_unchecked_t fscache_n_acquires_nobufs;
105044 +atomic_unchecked_t fscache_n_acquires_oom;
105045
105046 -atomic_t fscache_n_invalidates;
105047 -atomic_t fscache_n_invalidates_run;
105048 +atomic_unchecked_t fscache_n_invalidates;
105049 +atomic_unchecked_t fscache_n_invalidates_run;
105050
105051 -atomic_t fscache_n_updates;
105052 -atomic_t fscache_n_updates_null;
105053 -atomic_t fscache_n_updates_run;
105054 +atomic_unchecked_t fscache_n_updates;
105055 +atomic_unchecked_t fscache_n_updates_null;
105056 +atomic_unchecked_t fscache_n_updates_run;
105057
105058 -atomic_t fscache_n_relinquishes;
105059 -atomic_t fscache_n_relinquishes_null;
105060 -atomic_t fscache_n_relinquishes_waitcrt;
105061 -atomic_t fscache_n_relinquishes_retire;
105062 +atomic_unchecked_t fscache_n_relinquishes;
105063 +atomic_unchecked_t fscache_n_relinquishes_null;
105064 +atomic_unchecked_t fscache_n_relinquishes_waitcrt;
105065 +atomic_unchecked_t fscache_n_relinquishes_retire;
105066
105067 -atomic_t fscache_n_cookie_index;
105068 -atomic_t fscache_n_cookie_data;
105069 -atomic_t fscache_n_cookie_special;
105070 +atomic_unchecked_t fscache_n_cookie_index;
105071 +atomic_unchecked_t fscache_n_cookie_data;
105072 +atomic_unchecked_t fscache_n_cookie_special;
105073
105074 -atomic_t fscache_n_object_alloc;
105075 -atomic_t fscache_n_object_no_alloc;
105076 -atomic_t fscache_n_object_lookups;
105077 -atomic_t fscache_n_object_lookups_negative;
105078 -atomic_t fscache_n_object_lookups_positive;
105079 -atomic_t fscache_n_object_lookups_timed_out;
105080 -atomic_t fscache_n_object_created;
105081 -atomic_t fscache_n_object_avail;
105082 -atomic_t fscache_n_object_dead;
105083 +atomic_unchecked_t fscache_n_object_alloc;
105084 +atomic_unchecked_t fscache_n_object_no_alloc;
105085 +atomic_unchecked_t fscache_n_object_lookups;
105086 +atomic_unchecked_t fscache_n_object_lookups_negative;
105087 +atomic_unchecked_t fscache_n_object_lookups_positive;
105088 +atomic_unchecked_t fscache_n_object_lookups_timed_out;
105089 +atomic_unchecked_t fscache_n_object_created;
105090 +atomic_unchecked_t fscache_n_object_avail;
105091 +atomic_unchecked_t fscache_n_object_dead;
105092
105093 -atomic_t fscache_n_checkaux_none;
105094 -atomic_t fscache_n_checkaux_okay;
105095 -atomic_t fscache_n_checkaux_update;
105096 -atomic_t fscache_n_checkaux_obsolete;
105097 +atomic_unchecked_t fscache_n_checkaux_none;
105098 +atomic_unchecked_t fscache_n_checkaux_okay;
105099 +atomic_unchecked_t fscache_n_checkaux_update;
105100 +atomic_unchecked_t fscache_n_checkaux_obsolete;
105101
105102 atomic_t fscache_n_cop_alloc_object;
105103 atomic_t fscache_n_cop_lookup_object;
105104 @@ -144,119 +144,119 @@ static int fscache_stats_show(struct seq_file *m, void *v)
105105 seq_puts(m, "FS-Cache statistics\n");
105106
105107 seq_printf(m, "Cookies: idx=%u dat=%u spc=%u\n",
105108 - atomic_read(&fscache_n_cookie_index),
105109 - atomic_read(&fscache_n_cookie_data),
105110 - atomic_read(&fscache_n_cookie_special));
105111 + atomic_read_unchecked(&fscache_n_cookie_index),
105112 + atomic_read_unchecked(&fscache_n_cookie_data),
105113 + atomic_read_unchecked(&fscache_n_cookie_special));
105114
105115 seq_printf(m, "Objects: alc=%u nal=%u avl=%u ded=%u\n",
105116 - atomic_read(&fscache_n_object_alloc),
105117 - atomic_read(&fscache_n_object_no_alloc),
105118 - atomic_read(&fscache_n_object_avail),
105119 - atomic_read(&fscache_n_object_dead));
105120 + atomic_read_unchecked(&fscache_n_object_alloc),
105121 + atomic_read_unchecked(&fscache_n_object_no_alloc),
105122 + atomic_read_unchecked(&fscache_n_object_avail),
105123 + atomic_read_unchecked(&fscache_n_object_dead));
105124 seq_printf(m, "ChkAux : non=%u ok=%u upd=%u obs=%u\n",
105125 - atomic_read(&fscache_n_checkaux_none),
105126 - atomic_read(&fscache_n_checkaux_okay),
105127 - atomic_read(&fscache_n_checkaux_update),
105128 - atomic_read(&fscache_n_checkaux_obsolete));
105129 + atomic_read_unchecked(&fscache_n_checkaux_none),
105130 + atomic_read_unchecked(&fscache_n_checkaux_okay),
105131 + atomic_read_unchecked(&fscache_n_checkaux_update),
105132 + atomic_read_unchecked(&fscache_n_checkaux_obsolete));
105133
105134 seq_printf(m, "Pages : mrk=%u unc=%u\n",
105135 - atomic_read(&fscache_n_marks),
105136 - atomic_read(&fscache_n_uncaches));
105137 + atomic_read_unchecked(&fscache_n_marks),
105138 + atomic_read_unchecked(&fscache_n_uncaches));
105139
105140 seq_printf(m, "Acquire: n=%u nul=%u noc=%u ok=%u nbf=%u"
105141 " oom=%u\n",
105142 - atomic_read(&fscache_n_acquires),
105143 - atomic_read(&fscache_n_acquires_null),
105144 - atomic_read(&fscache_n_acquires_no_cache),
105145 - atomic_read(&fscache_n_acquires_ok),
105146 - atomic_read(&fscache_n_acquires_nobufs),
105147 - atomic_read(&fscache_n_acquires_oom));
105148 + atomic_read_unchecked(&fscache_n_acquires),
105149 + atomic_read_unchecked(&fscache_n_acquires_null),
105150 + atomic_read_unchecked(&fscache_n_acquires_no_cache),
105151 + atomic_read_unchecked(&fscache_n_acquires_ok),
105152 + atomic_read_unchecked(&fscache_n_acquires_nobufs),
105153 + atomic_read_unchecked(&fscache_n_acquires_oom));
105154
105155 seq_printf(m, "Lookups: n=%u neg=%u pos=%u crt=%u tmo=%u\n",
105156 - atomic_read(&fscache_n_object_lookups),
105157 - atomic_read(&fscache_n_object_lookups_negative),
105158 - atomic_read(&fscache_n_object_lookups_positive),
105159 - atomic_read(&fscache_n_object_created),
105160 - atomic_read(&fscache_n_object_lookups_timed_out));
105161 + atomic_read_unchecked(&fscache_n_object_lookups),
105162 + atomic_read_unchecked(&fscache_n_object_lookups_negative),
105163 + atomic_read_unchecked(&fscache_n_object_lookups_positive),
105164 + atomic_read_unchecked(&fscache_n_object_created),
105165 + atomic_read_unchecked(&fscache_n_object_lookups_timed_out));
105166
105167 seq_printf(m, "Invals : n=%u run=%u\n",
105168 - atomic_read(&fscache_n_invalidates),
105169 - atomic_read(&fscache_n_invalidates_run));
105170 + atomic_read_unchecked(&fscache_n_invalidates),
105171 + atomic_read_unchecked(&fscache_n_invalidates_run));
105172
105173 seq_printf(m, "Updates: n=%u nul=%u run=%u\n",
105174 - atomic_read(&fscache_n_updates),
105175 - atomic_read(&fscache_n_updates_null),
105176 - atomic_read(&fscache_n_updates_run));
105177 + atomic_read_unchecked(&fscache_n_updates),
105178 + atomic_read_unchecked(&fscache_n_updates_null),
105179 + atomic_read_unchecked(&fscache_n_updates_run));
105180
105181 seq_printf(m, "Relinqs: n=%u nul=%u wcr=%u rtr=%u\n",
105182 - atomic_read(&fscache_n_relinquishes),
105183 - atomic_read(&fscache_n_relinquishes_null),
105184 - atomic_read(&fscache_n_relinquishes_waitcrt),
105185 - atomic_read(&fscache_n_relinquishes_retire));
105186 + atomic_read_unchecked(&fscache_n_relinquishes),
105187 + atomic_read_unchecked(&fscache_n_relinquishes_null),
105188 + atomic_read_unchecked(&fscache_n_relinquishes_waitcrt),
105189 + atomic_read_unchecked(&fscache_n_relinquishes_retire));
105190
105191 seq_printf(m, "AttrChg: n=%u ok=%u nbf=%u oom=%u run=%u\n",
105192 - atomic_read(&fscache_n_attr_changed),
105193 - atomic_read(&fscache_n_attr_changed_ok),
105194 - atomic_read(&fscache_n_attr_changed_nobufs),
105195 - atomic_read(&fscache_n_attr_changed_nomem),
105196 - atomic_read(&fscache_n_attr_changed_calls));
105197 + atomic_read_unchecked(&fscache_n_attr_changed),
105198 + atomic_read_unchecked(&fscache_n_attr_changed_ok),
105199 + atomic_read_unchecked(&fscache_n_attr_changed_nobufs),
105200 + atomic_read_unchecked(&fscache_n_attr_changed_nomem),
105201 + atomic_read_unchecked(&fscache_n_attr_changed_calls));
105202
105203 seq_printf(m, "Allocs : n=%u ok=%u wt=%u nbf=%u int=%u\n",
105204 - atomic_read(&fscache_n_allocs),
105205 - atomic_read(&fscache_n_allocs_ok),
105206 - atomic_read(&fscache_n_allocs_wait),
105207 - atomic_read(&fscache_n_allocs_nobufs),
105208 - atomic_read(&fscache_n_allocs_intr));
105209 + atomic_read_unchecked(&fscache_n_allocs),
105210 + atomic_read_unchecked(&fscache_n_allocs_ok),
105211 + atomic_read_unchecked(&fscache_n_allocs_wait),
105212 + atomic_read_unchecked(&fscache_n_allocs_nobufs),
105213 + atomic_read_unchecked(&fscache_n_allocs_intr));
105214 seq_printf(m, "Allocs : ops=%u owt=%u abt=%u\n",
105215 - atomic_read(&fscache_n_alloc_ops),
105216 - atomic_read(&fscache_n_alloc_op_waits),
105217 - atomic_read(&fscache_n_allocs_object_dead));
105218 + atomic_read_unchecked(&fscache_n_alloc_ops),
105219 + atomic_read_unchecked(&fscache_n_alloc_op_waits),
105220 + atomic_read_unchecked(&fscache_n_allocs_object_dead));
105221
105222 seq_printf(m, "Retrvls: n=%u ok=%u wt=%u nod=%u nbf=%u"
105223 " int=%u oom=%u\n",
105224 - atomic_read(&fscache_n_retrievals),
105225 - atomic_read(&fscache_n_retrievals_ok),
105226 - atomic_read(&fscache_n_retrievals_wait),
105227 - atomic_read(&fscache_n_retrievals_nodata),
105228 - atomic_read(&fscache_n_retrievals_nobufs),
105229 - atomic_read(&fscache_n_retrievals_intr),
105230 - atomic_read(&fscache_n_retrievals_nomem));
105231 + atomic_read_unchecked(&fscache_n_retrievals),
105232 + atomic_read_unchecked(&fscache_n_retrievals_ok),
105233 + atomic_read_unchecked(&fscache_n_retrievals_wait),
105234 + atomic_read_unchecked(&fscache_n_retrievals_nodata),
105235 + atomic_read_unchecked(&fscache_n_retrievals_nobufs),
105236 + atomic_read_unchecked(&fscache_n_retrievals_intr),
105237 + atomic_read_unchecked(&fscache_n_retrievals_nomem));
105238 seq_printf(m, "Retrvls: ops=%u owt=%u abt=%u\n",
105239 - atomic_read(&fscache_n_retrieval_ops),
105240 - atomic_read(&fscache_n_retrieval_op_waits),
105241 - atomic_read(&fscache_n_retrievals_object_dead));
105242 + atomic_read_unchecked(&fscache_n_retrieval_ops),
105243 + atomic_read_unchecked(&fscache_n_retrieval_op_waits),
105244 + atomic_read_unchecked(&fscache_n_retrievals_object_dead));
105245
105246 seq_printf(m, "Stores : n=%u ok=%u agn=%u nbf=%u oom=%u\n",
105247 - atomic_read(&fscache_n_stores),
105248 - atomic_read(&fscache_n_stores_ok),
105249 - atomic_read(&fscache_n_stores_again),
105250 - atomic_read(&fscache_n_stores_nobufs),
105251 - atomic_read(&fscache_n_stores_oom));
105252 + atomic_read_unchecked(&fscache_n_stores),
105253 + atomic_read_unchecked(&fscache_n_stores_ok),
105254 + atomic_read_unchecked(&fscache_n_stores_again),
105255 + atomic_read_unchecked(&fscache_n_stores_nobufs),
105256 + atomic_read_unchecked(&fscache_n_stores_oom));
105257 seq_printf(m, "Stores : ops=%u run=%u pgs=%u rxd=%u olm=%u\n",
105258 - atomic_read(&fscache_n_store_ops),
105259 - atomic_read(&fscache_n_store_calls),
105260 - atomic_read(&fscache_n_store_pages),
105261 - atomic_read(&fscache_n_store_radix_deletes),
105262 - atomic_read(&fscache_n_store_pages_over_limit));
105263 + atomic_read_unchecked(&fscache_n_store_ops),
105264 + atomic_read_unchecked(&fscache_n_store_calls),
105265 + atomic_read_unchecked(&fscache_n_store_pages),
105266 + atomic_read_unchecked(&fscache_n_store_radix_deletes),
105267 + atomic_read_unchecked(&fscache_n_store_pages_over_limit));
105268
105269 seq_printf(m, "VmScan : nos=%u gon=%u bsy=%u can=%u wt=%u\n",
105270 - atomic_read(&fscache_n_store_vmscan_not_storing),
105271 - atomic_read(&fscache_n_store_vmscan_gone),
105272 - atomic_read(&fscache_n_store_vmscan_busy),
105273 - atomic_read(&fscache_n_store_vmscan_cancelled),
105274 - atomic_read(&fscache_n_store_vmscan_wait));
105275 + atomic_read_unchecked(&fscache_n_store_vmscan_not_storing),
105276 + atomic_read_unchecked(&fscache_n_store_vmscan_gone),
105277 + atomic_read_unchecked(&fscache_n_store_vmscan_busy),
105278 + atomic_read_unchecked(&fscache_n_store_vmscan_cancelled),
105279 + atomic_read_unchecked(&fscache_n_store_vmscan_wait));
105280
105281 seq_printf(m, "Ops : pend=%u run=%u enq=%u can=%u rej=%u\n",
105282 - atomic_read(&fscache_n_op_pend),
105283 - atomic_read(&fscache_n_op_run),
105284 - atomic_read(&fscache_n_op_enqueue),
105285 - atomic_read(&fscache_n_op_cancelled),
105286 - atomic_read(&fscache_n_op_rejected));
105287 + atomic_read_unchecked(&fscache_n_op_pend),
105288 + atomic_read_unchecked(&fscache_n_op_run),
105289 + atomic_read_unchecked(&fscache_n_op_enqueue),
105290 + atomic_read_unchecked(&fscache_n_op_cancelled),
105291 + atomic_read_unchecked(&fscache_n_op_rejected));
105292 seq_printf(m, "Ops : ini=%u dfr=%u rel=%u gc=%u\n",
105293 - atomic_read(&fscache_n_op_initialised),
105294 - atomic_read(&fscache_n_op_deferred_release),
105295 - atomic_read(&fscache_n_op_release),
105296 - atomic_read(&fscache_n_op_gc));
105297 + atomic_read_unchecked(&fscache_n_op_initialised),
105298 + atomic_read_unchecked(&fscache_n_op_deferred_release),
105299 + atomic_read_unchecked(&fscache_n_op_release),
105300 + atomic_read_unchecked(&fscache_n_op_gc));
105301
105302 seq_printf(m, "CacheOp: alo=%d luo=%d luc=%d gro=%d\n",
105303 atomic_read(&fscache_n_cop_alloc_object),
105304 diff --git a/fs/fuse/cuse.c b/fs/fuse/cuse.c
105305 index c5b6b71..527e347 100644
105306 --- a/fs/fuse/cuse.c
105307 +++ b/fs/fuse/cuse.c
105308 @@ -611,10 +611,12 @@ static int __init cuse_init(void)
105309 INIT_LIST_HEAD(&cuse_conntbl[i]);
105310
105311 /* inherit and extend fuse_dev_operations */
105312 - cuse_channel_fops = fuse_dev_operations;
105313 - cuse_channel_fops.owner = THIS_MODULE;
105314 - cuse_channel_fops.open = cuse_channel_open;
105315 - cuse_channel_fops.release = cuse_channel_release;
105316 + pax_open_kernel();
105317 + memcpy((void *)&cuse_channel_fops, &fuse_dev_operations, sizeof(fuse_dev_operations));
105318 + const_cast(cuse_channel_fops.owner) = THIS_MODULE;
105319 + const_cast(cuse_channel_fops.open) = cuse_channel_open;
105320 + const_cast(cuse_channel_fops.release) = cuse_channel_release;
105321 + pax_close_kernel();
105322
105323 cuse_class = class_create(THIS_MODULE, "cuse");
105324 if (IS_ERR(cuse_class))
105325 diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
105326 index a94d2ed..80c8060 100644
105327 --- a/fs/fuse/dev.c
105328 +++ b/fs/fuse/dev.c
105329 @@ -1366,7 +1366,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
105330 ret = 0;
105331 pipe_lock(pipe);
105332
105333 - if (!pipe->readers) {
105334 + if (!atomic_read(&pipe->readers)) {
105335 send_sig(SIGPIPE, current, 0);
105336 if (!ret)
105337 ret = -EPIPE;
105338 @@ -1395,7 +1395,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
105339 page_nr++;
105340 ret += buf->len;
105341
105342 - if (pipe->files)
105343 + if (atomic_read(&pipe->files))
105344 do_wakeup = 1;
105345 }
105346
105347 diff --git a/fs/fuse/file.c b/fs/fuse/file.c
105348 index 3988b43..c02080c 100644
105349 --- a/fs/fuse/file.c
105350 +++ b/fs/fuse/file.c
105351 @@ -838,9 +838,9 @@ struct fuse_fill_data {
105352 unsigned nr_pages;
105353 };
105354
105355 -static int fuse_readpages_fill(void *_data, struct page *page)
105356 +static int fuse_readpages_fill(struct file *_data, struct page *page)
105357 {
105358 - struct fuse_fill_data *data = _data;
105359 + struct fuse_fill_data *data = (struct fuse_fill_data *)_data;
105360 struct fuse_req *req = data->req;
105361 struct inode *inode = data->inode;
105362 struct fuse_conn *fc = get_fuse_conn(inode);
105363 diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
105364 index 4e05b51..36c4e1f 100644
105365 --- a/fs/fuse/inode.c
105366 +++ b/fs/fuse/inode.c
105367 @@ -29,7 +29,7 @@ static struct kmem_cache *fuse_inode_cachep;
105368 struct list_head fuse_conn_list;
105369 DEFINE_MUTEX(fuse_mutex);
105370
105371 -static int set_global_limit(const char *val, struct kernel_param *kp);
105372 +static int set_global_limit(const char *val, const struct kernel_param *kp);
105373
105374 unsigned max_user_bgreq;
105375 module_param_call(max_user_bgreq, set_global_limit, param_get_uint,
105376 @@ -824,7 +824,7 @@ static void sanitize_global_limit(unsigned *limit)
105377 *limit = (1 << 16) - 1;
105378 }
105379
105380 -static int set_global_limit(const char *val, struct kernel_param *kp)
105381 +static int set_global_limit(const char *val, const struct kernel_param *kp)
105382 {
105383 int rv;
105384
105385 diff --git a/fs/gfs2/aops.c b/fs/gfs2/aops.c
105386 index 82df368..0079887 100644
105387 --- a/fs/gfs2/aops.c
105388 +++ b/fs/gfs2/aops.c
105389 @@ -511,7 +511,7 @@ static int stuffed_readpage(struct gfs2_inode *ip, struct page *page)
105390 *
105391 */
105392
105393 -static int __gfs2_readpage(void *file, struct page *page)
105394 +static int __gfs2_readpage(struct file *file, struct page *page)
105395 {
105396 struct gfs2_inode *ip = GFS2_I(page->mapping->host);
105397 struct gfs2_sbd *sdp = GFS2_SB(page->mapping->host);
105398 diff --git a/fs/gfs2/file.c b/fs/gfs2/file.c
105399 index 320e65e..7eb400d 100644
105400 --- a/fs/gfs2/file.c
105401 +++ b/fs/gfs2/file.c
105402 @@ -776,7 +776,7 @@ static void calc_max_reserv(struct gfs2_inode *ip, loff_t *len,
105403 {
105404 loff_t max = *len;
105405 const struct gfs2_sbd *sdp = GFS2_SB(&ip->i_inode);
105406 - unsigned int tmp, max_data = max_blocks - 3 * (sdp->sd_max_height - 1);
105407 + unsigned int tmp, max_data = max_blocks - 3 * sdp->sd_max_height + 3;
105408
105409 for (tmp = max_data; tmp > sdp->sd_diptrs;) {
105410 tmp = DIV_ROUND_UP(tmp, sdp->sd_inptrs);
105411 diff --git a/fs/gfs2/glock.c b/fs/gfs2/glock.c
105412 index 3a90b2b..7335643 100644
105413 --- a/fs/gfs2/glock.c
105414 +++ b/fs/gfs2/glock.c
105415 @@ -324,9 +324,9 @@ static void state_change(struct gfs2_glock *gl, unsigned int new_state)
105416 if (held1 != held2) {
105417 GLOCK_BUG_ON(gl, __lockref_is_dead(&gl->gl_lockref));
105418 if (held2)
105419 - gl->gl_lockref.count++;
105420 + __lockref_inc(&gl->gl_lockref);
105421 else
105422 - gl->gl_lockref.count--;
105423 + __lockref_dec(&gl->gl_lockref);
105424 }
105425 if (held1 && held2 && list_empty(&gl->gl_holders))
105426 clear_bit(GLF_QUEUED, &gl->gl_flags);
105427 @@ -560,9 +560,9 @@ out:
105428 out_sched:
105429 clear_bit(GLF_LOCK, &gl->gl_flags);
105430 smp_mb__after_atomic();
105431 - gl->gl_lockref.count++;
105432 + __lockref_inc(&gl->gl_lockref);
105433 if (queue_delayed_work(glock_workqueue, &gl->gl_work, 0) == 0)
105434 - gl->gl_lockref.count--;
105435 + __lockref_dec(&gl->gl_lockref);
105436 return;
105437
105438 out_unlock:
105439 @@ -690,7 +690,7 @@ int gfs2_glock_get(struct gfs2_sbd *sdp, u64 number,
105440 gl->gl_node.next = NULL;
105441 gl->gl_flags = 0;
105442 gl->gl_name = name;
105443 - gl->gl_lockref.count = 1;
105444 + __lockref_set(&gl->gl_lockref, 1);
105445 gl->gl_state = LM_ST_UNLOCKED;
105446 gl->gl_target = LM_ST_UNLOCKED;
105447 gl->gl_demote_state = LM_ST_EXCLUSIVE;
105448 @@ -979,9 +979,9 @@ int gfs2_glock_nq(struct gfs2_holder *gh)
105449 if (unlikely((LM_FLAG_NOEXP & gh->gh_flags) &&
105450 test_and_clear_bit(GLF_FROZEN, &gl->gl_flags))) {
105451 set_bit(GLF_REPLY_PENDING, &gl->gl_flags);
105452 - gl->gl_lockref.count++;
105453 + __lockref_inc(&gl->gl_lockref);
105454 if (queue_delayed_work(glock_workqueue, &gl->gl_work, 0) == 0)
105455 - gl->gl_lockref.count--;
105456 + __lockref_dec(&gl->gl_lockref);
105457 }
105458 run_queue(gl, 1);
105459 spin_unlock(&gl->gl_lockref.lock);
105460 @@ -1286,7 +1286,7 @@ void gfs2_glock_complete(struct gfs2_glock *gl, int ret)
105461 }
105462 }
105463
105464 - gl->gl_lockref.count++;
105465 + __lockref_inc(&gl->gl_lockref);
105466 set_bit(GLF_REPLY_PENDING, &gl->gl_flags);
105467 spin_unlock(&gl->gl_lockref.lock);
105468
105469 @@ -1345,12 +1345,12 @@ add_back_to_lru:
105470 goto add_back_to_lru;
105471 }
105472 clear_bit(GLF_LRU, &gl->gl_flags);
105473 - gl->gl_lockref.count++;
105474 + __lockref_inc(&gl->gl_lockref);
105475 if (demote_ok(gl))
105476 handle_callback(gl, LM_ST_UNLOCKED, 0, false);
105477 WARN_ON(!test_and_clear_bit(GLF_LOCK, &gl->gl_flags));
105478 if (queue_delayed_work(glock_workqueue, &gl->gl_work, 0) == 0)
105479 - gl->gl_lockref.count--;
105480 + __lockref_dec(&gl->gl_lockref);
105481 spin_unlock(&gl->gl_lockref.lock);
105482 cond_resched_lock(&lru_lock);
105483 }
105484 @@ -1677,7 +1677,7 @@ void gfs2_dump_glock(struct seq_file *seq, const struct gfs2_glock *gl)
105485 state2str(gl->gl_demote_state), dtime,
105486 atomic_read(&gl->gl_ail_count),
105487 atomic_read(&gl->gl_revokes),
105488 - (int)gl->gl_lockref.count, gl->gl_hold_time);
105489 + __lockref_read(&gl->gl_lockref), gl->gl_hold_time);
105490
105491 list_for_each_entry(gh, &gl->gl_holders, gh_list)
105492 dump_holder(seq, gh);
105493 diff --git a/fs/gfs2/glops.c b/fs/gfs2/glops.c
105494 index 5db59d4..817f4eb 100644
105495 --- a/fs/gfs2/glops.c
105496 +++ b/fs/gfs2/glops.c
105497 @@ -549,9 +549,9 @@ static void iopen_go_callback(struct gfs2_glock *gl, bool remote)
105498
105499 if (gl->gl_demote_state == LM_ST_UNLOCKED &&
105500 gl->gl_state == LM_ST_SHARED && ip) {
105501 - gl->gl_lockref.count++;
105502 + __lockref_inc(&gl->gl_lockref);
105503 if (queue_work(gfs2_delete_workqueue, &gl->gl_delete) == 0)
105504 - gl->gl_lockref.count--;
105505 + __lockref_dec(&gl->gl_lockref);
105506 }
105507 }
105508
105509 diff --git a/fs/gfs2/quota.c b/fs/gfs2/quota.c
105510 index 77930ca..684c04d 100644
105511 --- a/fs/gfs2/quota.c
105512 +++ b/fs/gfs2/quota.c
105513 @@ -154,7 +154,7 @@ static enum lru_status gfs2_qd_isolate(struct list_head *item,
105514 if (!spin_trylock(&qd->qd_lockref.lock))
105515 return LRU_SKIP;
105516
105517 - if (qd->qd_lockref.count == 0) {
105518 + if (__lockref_read(&qd->qd_lockref) == 0) {
105519 lockref_mark_dead(&qd->qd_lockref);
105520 list_lru_isolate_move(lru, &qd->qd_lru, dispose);
105521 }
105522 @@ -221,7 +221,7 @@ static struct gfs2_quota_data *qd_alloc(unsigned hash, struct gfs2_sbd *sdp, str
105523 return NULL;
105524
105525 qd->qd_sbd = sdp;
105526 - qd->qd_lockref.count = 1;
105527 + __lockref_set(&qd->qd_lockref, 1);
105528 spin_lock_init(&qd->qd_lockref.lock);
105529 qd->qd_id = qid;
105530 qd->qd_slot = -1;
105531 @@ -312,7 +312,7 @@ static void qd_put(struct gfs2_quota_data *qd)
105532 if (lockref_put_or_lock(&qd->qd_lockref))
105533 return;
105534
105535 - qd->qd_lockref.count = 0;
105536 + __lockref_set(&qd->qd_lockref, 0);
105537 list_lru_add(&gfs2_qd_lru, &qd->qd_lru);
105538 spin_unlock(&qd->qd_lockref.lock);
105539
105540 diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
105541 index 4ea71eb..19effa7 100644
105542 --- a/fs/hugetlbfs/inode.c
105543 +++ b/fs/hugetlbfs/inode.c
105544 @@ -174,6 +174,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
105545 struct mm_struct *mm = current->mm;
105546 struct vm_area_struct *vma;
105547 struct hstate *h = hstate_file(file);
105548 + unsigned long offset = gr_rand_threadstack_offset(mm, file, flags);
105549 struct vm_unmapped_area_info info;
105550
105551 if (len & ~huge_page_mask(h))
105552 @@ -187,17 +188,26 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
105553 return addr;
105554 }
105555
105556 +#ifdef CONFIG_PAX_RANDMMAP
105557 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
105558 +#endif
105559 +
105560 if (addr) {
105561 addr = ALIGN(addr, huge_page_size(h));
105562 vma = find_vma(mm, addr);
105563 - if (TASK_SIZE - len >= addr &&
105564 - (!vma || addr + len <= vma->vm_start))
105565 + if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset))
105566 return addr;
105567 }
105568
105569 info.flags = 0;
105570 info.length = len;
105571 info.low_limit = TASK_UNMAPPED_BASE;
105572 +
105573 +#ifdef CONFIG_PAX_RANDMMAP
105574 + if (mm->pax_flags & MF_PAX_RANDMMAP)
105575 + info.low_limit += mm->delta_mmap;
105576 +#endif
105577 +
105578 info.high_limit = TASK_SIZE;
105579 info.align_mask = PAGE_MASK & ~huge_page_mask(h);
105580 info.align_offset = 0;
105581 @@ -1212,7 +1222,7 @@ static struct file_system_type hugetlbfs_fs_type = {
105582 .kill_sb = kill_litter_super,
105583 };
105584
105585 -static struct vfsmount *hugetlbfs_vfsmount[HUGE_MAX_HSTATE];
105586 +struct vfsmount *hugetlbfs_vfsmount[HUGE_MAX_HSTATE];
105587
105588 static int can_do_hugetlb_shm(void)
105589 {
105590 diff --git a/fs/inode.c b/fs/inode.c
105591 index 7e3ef3a..4e28e95 100644
105592 --- a/fs/inode.c
105593 +++ b/fs/inode.c
105594 @@ -853,19 +853,19 @@ unsigned int get_next_ino(void)
105595 unsigned int *p = &get_cpu_var(last_ino);
105596 unsigned int res = *p;
105597
105598 +start:
105599 +
105600 #ifdef CONFIG_SMP
105601 if (unlikely((res & (LAST_INO_BATCH-1)) == 0)) {
105602 - static atomic_t shared_last_ino;
105603 - int next = atomic_add_return(LAST_INO_BATCH, &shared_last_ino);
105604 + static atomic_unchecked_t shared_last_ino;
105605 + int next = atomic_add_return_unchecked(LAST_INO_BATCH, &shared_last_ino);
105606
105607 res = next - LAST_INO_BATCH;
105608 }
105609 #endif
105610
105611 - res++;
105612 - /* get_next_ino should not provide a 0 inode number */
105613 - if (unlikely(!res))
105614 - res++;
105615 + if (unlikely(!++res))
105616 + goto start; /* never zero */
105617 *p = res;
105618 put_cpu_var(last_ino);
105619 return res;
105620 diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c
105621 index 5bb565f..41cbee9 100644
105622 --- a/fs/jbd2/commit.c
105623 +++ b/fs/jbd2/commit.c
105624 @@ -1077,7 +1077,7 @@ restart_loop:
105625 */
105626 stats.ts_tid = commit_transaction->t_tid;
105627 stats.run.rs_handle_count =
105628 - atomic_read(&commit_transaction->t_handle_count);
105629 + atomic_read_unchecked(&commit_transaction->t_handle_count);
105630 trace_jbd2_run_stats(journal->j_fs_dev->bd_dev,
105631 commit_transaction->t_tid, &stats.run);
105632 stats.ts_requested = (commit_transaction->t_requested) ? 1 : 0;
105633 diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
105634 index e165266..0799fc5 100644
105635 --- a/fs/jbd2/transaction.c
105636 +++ b/fs/jbd2/transaction.c
105637 @@ -91,7 +91,7 @@ jbd2_get_transaction(journal_t *journal, transaction_t *transaction)
105638 atomic_set(&transaction->t_updates, 0);
105639 atomic_set(&transaction->t_outstanding_credits,
105640 atomic_read(&journal->j_reserved_credits));
105641 - atomic_set(&transaction->t_handle_count, 0);
105642 + atomic_set_unchecked(&transaction->t_handle_count, 0);
105643 INIT_LIST_HEAD(&transaction->t_inode_list);
105644 INIT_LIST_HEAD(&transaction->t_private_list);
105645
105646 @@ -378,7 +378,7 @@ repeat:
105647 handle->h_requested_credits = blocks;
105648 handle->h_start_jiffies = jiffies;
105649 atomic_inc(&transaction->t_updates);
105650 - atomic_inc(&transaction->t_handle_count);
105651 + atomic_inc_unchecked(&transaction->t_handle_count);
105652 jbd_debug(4, "Handle %p given %d credits (total %d, free %lu)\n",
105653 handle, blocks,
105654 atomic_read(&transaction->t_outstanding_credits),
105655 diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c
105656 index 4a6cf28..d3a29d3 100644
105657 --- a/fs/jffs2/erase.c
105658 +++ b/fs/jffs2/erase.c
105659 @@ -452,7 +452,8 @@ static void jffs2_mark_erased_block(struct jffs2_sb_info *c, struct jffs2_eraseb
105660 struct jffs2_unknown_node marker = {
105661 .magic = cpu_to_je16(JFFS2_MAGIC_BITMASK),
105662 .nodetype = cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
105663 - .totlen = cpu_to_je32(c->cleanmarker_size)
105664 + .totlen = cpu_to_je32(c->cleanmarker_size),
105665 + .hdr_crc = cpu_to_je32(0)
105666 };
105667
105668 jffs2_prealloc_raw_node_refs(c, jeb, 1);
105669 diff --git a/fs/jffs2/file.c b/fs/jffs2/file.c
105670 index 0e62dec..2beac6f 100644
105671 --- a/fs/jffs2/file.c
105672 +++ b/fs/jffs2/file.c
105673 @@ -112,8 +112,9 @@ static int jffs2_do_readpage_nolock (struct inode *inode, struct page *pg)
105674 return ret;
105675 }
105676
105677 -int jffs2_do_readpage_unlock(struct inode *inode, struct page *pg)
105678 +int jffs2_do_readpage_unlock(struct file *_inode, struct page *pg)
105679 {
105680 + struct inode *inode = (struct inode *)_inode;
105681 int ret = jffs2_do_readpage_nolock(inode, pg);
105682 unlock_page(pg);
105683 return ret;
105684 @@ -126,7 +127,7 @@ static int jffs2_readpage (struct file *filp, struct page *pg)
105685 int ret;
105686
105687 mutex_lock(&f->sem);
105688 - ret = jffs2_do_readpage_unlock(pg->mapping->host, pg);
105689 + ret = jffs2_do_readpage_unlock((struct file *)pg->mapping->host, pg);
105690 mutex_unlock(&f->sem);
105691 return ret;
105692 }
105693 diff --git a/fs/jffs2/fs.c b/fs/jffs2/fs.c
105694 index ae2ebb2..39becae 100644
105695 --- a/fs/jffs2/fs.c
105696 +++ b/fs/jffs2/fs.c
105697 @@ -686,7 +686,7 @@ unsigned char *jffs2_gc_fetch_page(struct jffs2_sb_info *c,
105698 struct page *pg;
105699
105700 pg = read_cache_page(inode->i_mapping, offset >> PAGE_SHIFT,
105701 - (void *)jffs2_do_readpage_unlock, inode);
105702 + jffs2_do_readpage_unlock, inode);
105703 if (IS_ERR(pg))
105704 return (void *)pg;
105705
105706 diff --git a/fs/jffs2/os-linux.h b/fs/jffs2/os-linux.h
105707 index 824e61e..2d686a6 100644
105708 --- a/fs/jffs2/os-linux.h
105709 +++ b/fs/jffs2/os-linux.h
105710 @@ -154,7 +154,7 @@ extern const struct file_operations jffs2_file_operations;
105711 extern const struct inode_operations jffs2_file_inode_operations;
105712 extern const struct address_space_operations jffs2_file_address_operations;
105713 int jffs2_fsync(struct file *, loff_t, loff_t, int);
105714 -int jffs2_do_readpage_unlock (struct inode *inode, struct page *pg);
105715 +int jffs2_do_readpage_unlock (struct file *_inode, struct page *pg);
105716
105717 /* ioctl.c */
105718 long jffs2_ioctl(struct file *, unsigned int, unsigned long);
105719 diff --git a/fs/jffs2/wbuf.c b/fs/jffs2/wbuf.c
105720 index b25d28a..7934a69 100644
105721 --- a/fs/jffs2/wbuf.c
105722 +++ b/fs/jffs2/wbuf.c
105723 @@ -1023,7 +1023,8 @@ static const struct jffs2_unknown_node oob_cleanmarker =
105724 {
105725 .magic = constant_cpu_to_je16(JFFS2_MAGIC_BITMASK),
105726 .nodetype = constant_cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
105727 - .totlen = constant_cpu_to_je32(8)
105728 + .totlen = constant_cpu_to_je32(8),
105729 + .hdr_crc = constant_cpu_to_je32(0)
105730 };
105731
105732 /*
105733 diff --git a/fs/jfs/super.c b/fs/jfs/super.c
105734 index cec8814..daae32f 100644
105735 --- a/fs/jfs/super.c
105736 +++ b/fs/jfs/super.c
105737 @@ -897,8 +897,10 @@ static int __init init_jfs_fs(void)
105738 int rc;
105739
105740 jfs_inode_cachep =
105741 - kmem_cache_create("jfs_ip", sizeof(struct jfs_inode_info), 0,
105742 + kmem_cache_create_usercopy("jfs_ip", sizeof(struct jfs_inode_info), 0,
105743 SLAB_RECLAIM_ACCOUNT|SLAB_MEM_SPREAD|SLAB_ACCOUNT,
105744 + offsetof(struct jfs_inode_info, i_inline),
105745 + sizeof(((struct jfs_inode_info *)0)->i_inline),
105746 init_once);
105747 if (jfs_inode_cachep == NULL)
105748 return -ENOMEM;
105749 diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c
105750 index e57174d..573ed14 100644
105751 --- a/fs/kernfs/dir.c
105752 +++ b/fs/kernfs/dir.c
105753 @@ -334,7 +334,7 @@ struct kernfs_node *kernfs_get_parent(struct kernfs_node *kn)
105754 *
105755 * Returns 31 bit hash of ns + name (so it fits in an off_t )
105756 */
105757 -static unsigned int kernfs_name_hash(const char *name, const void *ns)
105758 +static unsigned int kernfs_name_hash(const unsigned char *name, const void *ns)
105759 {
105760 unsigned long hash = init_name_hash(ns);
105761 unsigned int len = strlen(name);
105762 @@ -1074,6 +1074,12 @@ static int kernfs_iop_mkdir(struct inode *dir, struct dentry *dentry,
105763 ret = scops->mkdir(parent, dentry->d_name.name, mode);
105764
105765 kernfs_put_active(parent);
105766 +
105767 + if (!ret) {
105768 + struct dentry *dentry_ret = kernfs_iop_lookup(dir, dentry, 0);
105769 + ret = PTR_ERR_OR_ZERO(dentry_ret);
105770 + }
105771 +
105772 return ret;
105773 }
105774
105775 diff --git a/fs/kernfs/file.c b/fs/kernfs/file.c
105776 index 2bcb86e..b9fad5d 100644
105777 --- a/fs/kernfs/file.c
105778 +++ b/fs/kernfs/file.c
105779 @@ -34,7 +34,7 @@ static DEFINE_MUTEX(kernfs_open_file_mutex);
105780
105781 struct kernfs_open_node {
105782 atomic_t refcnt;
105783 - atomic_t event;
105784 + atomic_unchecked_t event;
105785 wait_queue_head_t poll;
105786 struct list_head files; /* goes through kernfs_open_file.list */
105787 };
105788 @@ -163,7 +163,7 @@ static int kernfs_seq_show(struct seq_file *sf, void *v)
105789 {
105790 struct kernfs_open_file *of = sf->private;
105791
105792 - of->event = atomic_read(&of->kn->attr.open->event);
105793 + of->event = atomic_read_unchecked(&of->kn->attr.open->event);
105794
105795 return of->kn->attr.ops->seq_show(sf, v);
105796 }
105797 @@ -208,7 +208,7 @@ static ssize_t kernfs_file_direct_read(struct kernfs_open_file *of,
105798 goto out_free;
105799 }
105800
105801 - of->event = atomic_read(&of->kn->attr.open->event);
105802 + of->event = atomic_read_unchecked(&of->kn->attr.open->event);
105803 ops = kernfs_ops(of->kn);
105804 if (ops->read)
105805 len = ops->read(of, buf, len, *ppos);
105806 @@ -275,7 +275,7 @@ static ssize_t kernfs_fop_write(struct file *file, const char __user *user_buf,
105807 {
105808 struct kernfs_open_file *of = kernfs_of(file);
105809 const struct kernfs_ops *ops;
105810 - size_t len;
105811 + ssize_t len;
105812 char *buf;
105813
105814 if (of->atomic_write_len) {
105815 @@ -391,12 +391,12 @@ static int kernfs_vma_page_mkwrite(struct vm_area_struct *vma,
105816 return ret;
105817 }
105818
105819 -static int kernfs_vma_access(struct vm_area_struct *vma, unsigned long addr,
105820 - void *buf, int len, int write)
105821 +static ssize_t kernfs_vma_access(struct vm_area_struct *vma, unsigned long addr,
105822 + void *buf, size_t len, int write)
105823 {
105824 struct file *file = vma->vm_file;
105825 struct kernfs_open_file *of = kernfs_of(file);
105826 - int ret;
105827 + ssize_t ret;
105828
105829 if (!of->vm_ops)
105830 return -EINVAL;
105831 @@ -575,7 +575,7 @@ static int kernfs_get_open_node(struct kernfs_node *kn,
105832 return -ENOMEM;
105833
105834 atomic_set(&new_on->refcnt, 0);
105835 - atomic_set(&new_on->event, 1);
105836 + atomic_set_unchecked(&new_on->event, 1);
105837 init_waitqueue_head(&new_on->poll);
105838 INIT_LIST_HEAD(&new_on->files);
105839 goto retry;
105840 @@ -799,7 +799,7 @@ static unsigned int kernfs_fop_poll(struct file *filp, poll_table *wait)
105841
105842 kernfs_put_active(kn);
105843
105844 - if (of->event != atomic_read(&on->event))
105845 + if (of->event != atomic_read_unchecked(&on->event))
105846 goto trigger;
105847
105848 return DEFAULT_POLLMASK;
105849 @@ -830,7 +830,7 @@ repeat:
105850
105851 on = kn->attr.open;
105852 if (on) {
105853 - atomic_inc(&on->event);
105854 + atomic_inc_unchecked(&on->event);
105855 wake_up_interruptible(&on->poll);
105856 }
105857
105858 diff --git a/fs/lockd/clnt4xdr.c b/fs/lockd/clnt4xdr.c
105859 index d3e40db..a300f9c 100644
105860 --- a/fs/lockd/clnt4xdr.c
105861 +++ b/fs/lockd/clnt4xdr.c
105862 @@ -379,10 +379,11 @@ static void encode_nlm4_lock(struct xdr_stream *xdr,
105863 * struct nlm4_lock alock;
105864 * };
105865 */
105866 -static void nlm4_xdr_enc_testargs(struct rpc_rqst *req,
105867 +static void nlm4_xdr_enc_testargs(void *req,
105868 struct xdr_stream *xdr,
105869 - const struct nlm_args *args)
105870 + void *_args)
105871 {
105872 + const struct nlm_args *args = _args;
105873 const struct nlm_lock *lock = &args->lock;
105874
105875 encode_cookie(xdr, &args->cookie);
105876 @@ -400,10 +401,11 @@ static void nlm4_xdr_enc_testargs(struct rpc_rqst *req,
105877 * int state;
105878 * };
105879 */
105880 -static void nlm4_xdr_enc_lockargs(struct rpc_rqst *req,
105881 +static void nlm4_xdr_enc_lockargs(void *req,
105882 struct xdr_stream *xdr,
105883 - const struct nlm_args *args)
105884 + void *_args)
105885 {
105886 + const struct nlm_args *args = _args;
105887 const struct nlm_lock *lock = &args->lock;
105888
105889 encode_cookie(xdr, &args->cookie);
105890 @@ -422,10 +424,11 @@ static void nlm4_xdr_enc_lockargs(struct rpc_rqst *req,
105891 * struct nlm4_lock alock;
105892 * };
105893 */
105894 -static void nlm4_xdr_enc_cancargs(struct rpc_rqst *req,
105895 +static void nlm4_xdr_enc_cancargs(void *req,
105896 struct xdr_stream *xdr,
105897 - const struct nlm_args *args)
105898 + void *_args)
105899 {
105900 + const struct nlm_args *args = _args;
105901 const struct nlm_lock *lock = &args->lock;
105902
105903 encode_cookie(xdr, &args->cookie);
105904 @@ -440,10 +443,11 @@ static void nlm4_xdr_enc_cancargs(struct rpc_rqst *req,
105905 * struct nlm4_lock alock;
105906 * };
105907 */
105908 -static void nlm4_xdr_enc_unlockargs(struct rpc_rqst *req,
105909 +static void nlm4_xdr_enc_unlockargs(void *req,
105910 struct xdr_stream *xdr,
105911 - const struct nlm_args *args)
105912 + void *_args)
105913 {
105914 + const struct nlm_args *args = _args;
105915 const struct nlm_lock *lock = &args->lock;
105916
105917 encode_cookie(xdr, &args->cookie);
105918 @@ -456,10 +460,12 @@ static void nlm4_xdr_enc_unlockargs(struct rpc_rqst *req,
105919 * nlm4_stat stat;
105920 * };
105921 */
105922 -static void nlm4_xdr_enc_res(struct rpc_rqst *req,
105923 +static void nlm4_xdr_enc_res(void *req,
105924 struct xdr_stream *xdr,
105925 - const struct nlm_res *result)
105926 + void *_result)
105927 {
105928 + const struct nlm_res *result = _result;
105929 +
105930 encode_cookie(xdr, &result->cookie);
105931 encode_nlm4_stat(xdr, result->status);
105932 }
105933 @@ -477,10 +483,12 @@ static void nlm4_xdr_enc_res(struct rpc_rqst *req,
105934 * nlm4_testrply test_stat;
105935 * };
105936 */
105937 -static void nlm4_xdr_enc_testres(struct rpc_rqst *req,
105938 +static void nlm4_xdr_enc_testres(void *req,
105939 struct xdr_stream *xdr,
105940 - const struct nlm_res *result)
105941 + void *_result)
105942 {
105943 + const struct nlm_res *result = _result;
105944 +
105945 encode_cookie(xdr, &result->cookie);
105946 encode_nlm4_stat(xdr, result->status);
105947 if (result->status == nlm_lck_denied)
105948 @@ -523,10 +531,11 @@ out:
105949 return error;
105950 }
105951
105952 -static int nlm4_xdr_dec_testres(struct rpc_rqst *req,
105953 +static int nlm4_xdr_dec_testres(void *req,
105954 struct xdr_stream *xdr,
105955 - struct nlm_res *result)
105956 + void *_result)
105957 {
105958 + struct nlm_res *result = _result;
105959 int error;
105960
105961 error = decode_cookie(xdr, &result->cookie);
105962 @@ -543,10 +552,11 @@ out:
105963 * nlm4_stat stat;
105964 * };
105965 */
105966 -static int nlm4_xdr_dec_res(struct rpc_rqst *req,
105967 +static int nlm4_xdr_dec_res(void *req,
105968 struct xdr_stream *xdr,
105969 - struct nlm_res *result)
105970 + void *_result)
105971 {
105972 + struct nlm_res *result = _result;
105973 int error;
105974
105975 error = decode_cookie(xdr, &result->cookie);
105976 @@ -566,8 +576,8 @@ out:
105977 #define PROC(proc, argtype, restype) \
105978 [NLMPROC_##proc] = { \
105979 .p_proc = NLMPROC_##proc, \
105980 - .p_encode = (kxdreproc_t)nlm4_xdr_enc_##argtype, \
105981 - .p_decode = (kxdrdproc_t)nlm4_xdr_dec_##restype, \
105982 + .p_encode = nlm4_xdr_enc_##argtype, \
105983 + .p_decode = nlm4_xdr_dec_##restype, \
105984 .p_arglen = NLM4_##argtype##_sz, \
105985 .p_replen = NLM4_##restype##_sz, \
105986 .p_statidx = NLMPROC_##proc, \
105987 diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c
105988 index 1129520..356aeca 100644
105989 --- a/fs/lockd/clntproc.c
105990 +++ b/fs/lockd/clntproc.c
105991 @@ -36,11 +36,11 @@ static const struct rpc_call_ops nlmclnt_cancel_ops;
105992 /*
105993 * Cookie counter for NLM requests
105994 */
105995 -static atomic_t nlm_cookie = ATOMIC_INIT(0x1234);
105996 +static atomic_unchecked_t nlm_cookie = ATOMIC_INIT(0x1234);
105997
105998 void nlmclnt_next_cookie(struct nlm_cookie *c)
105999 {
106000 - u32 cookie = atomic_inc_return(&nlm_cookie);
106001 + u32 cookie = atomic_inc_return_unchecked(&nlm_cookie);
106002
106003 memcpy(c->data, &cookie, 4);
106004 c->len=4;
106005 diff --git a/fs/lockd/clntxdr.c b/fs/lockd/clntxdr.c
106006 index 3e9f787..c2177b8 100644
106007 --- a/fs/lockd/clntxdr.c
106008 +++ b/fs/lockd/clntxdr.c
106009 @@ -372,10 +372,11 @@ static void encode_nlm_lock(struct xdr_stream *xdr,
106010 * struct nlm_lock alock;
106011 * };
106012 */
106013 -static void nlm_xdr_enc_testargs(struct rpc_rqst *req,
106014 +static void nlm_xdr_enc_testargs(void *req,
106015 struct xdr_stream *xdr,
106016 - const struct nlm_args *args)
106017 + void *_args)
106018 {
106019 + const struct nlm_args *args = _args;
106020 const struct nlm_lock *lock = &args->lock;
106021
106022 encode_cookie(xdr, &args->cookie);
106023 @@ -393,10 +394,11 @@ static void nlm_xdr_enc_testargs(struct rpc_rqst *req,
106024 * int state;
106025 * };
106026 */
106027 -static void nlm_xdr_enc_lockargs(struct rpc_rqst *req,
106028 +static void nlm_xdr_enc_lockargs(void *req,
106029 struct xdr_stream *xdr,
106030 - const struct nlm_args *args)
106031 + void *_args)
106032 {
106033 + const struct nlm_args *args = _args;
106034 const struct nlm_lock *lock = &args->lock;
106035
106036 encode_cookie(xdr, &args->cookie);
106037 @@ -415,10 +417,11 @@ static void nlm_xdr_enc_lockargs(struct rpc_rqst *req,
106038 * struct nlm_lock alock;
106039 * };
106040 */
106041 -static void nlm_xdr_enc_cancargs(struct rpc_rqst *req,
106042 +static void nlm_xdr_enc_cancargs(void *req,
106043 struct xdr_stream *xdr,
106044 - const struct nlm_args *args)
106045 + void *_args)
106046 {
106047 + const struct nlm_args *args = _args;
106048 const struct nlm_lock *lock = &args->lock;
106049
106050 encode_cookie(xdr, &args->cookie);
106051 @@ -433,10 +436,11 @@ static void nlm_xdr_enc_cancargs(struct rpc_rqst *req,
106052 * struct nlm_lock alock;
106053 * };
106054 */
106055 -static void nlm_xdr_enc_unlockargs(struct rpc_rqst *req,
106056 +static void nlm_xdr_enc_unlockargs(void *req,
106057 struct xdr_stream *xdr,
106058 - const struct nlm_args *args)
106059 + void *_args)
106060 {
106061 + const struct nlm_args *args = _args;
106062 const struct nlm_lock *lock = &args->lock;
106063
106064 encode_cookie(xdr, &args->cookie);
106065 @@ -449,10 +453,11 @@ static void nlm_xdr_enc_unlockargs(struct rpc_rqst *req,
106066 * nlm_stat stat;
106067 * };
106068 */
106069 -static void nlm_xdr_enc_res(struct rpc_rqst *req,
106070 +static void nlm_xdr_enc_res(void *req,
106071 struct xdr_stream *xdr,
106072 - const struct nlm_res *result)
106073 + void *_result)
106074 {
106075 + const struct nlm_res *result = _result;
106076 encode_cookie(xdr, &result->cookie);
106077 encode_nlm_stat(xdr, result->status);
106078 }
106079 @@ -477,10 +482,11 @@ static void encode_nlm_testrply(struct xdr_stream *xdr,
106080 encode_nlm_holder(xdr, result);
106081 }
106082
106083 -static void nlm_xdr_enc_testres(struct rpc_rqst *req,
106084 +static void nlm_xdr_enc_testres(void *req,
106085 struct xdr_stream *xdr,
106086 - const struct nlm_res *result)
106087 + void *_result)
106088 {
106089 + const struct nlm_res *result = _result;
106090 encode_cookie(xdr, &result->cookie);
106091 encode_nlm_stat(xdr, result->status);
106092 encode_nlm_testrply(xdr, result);
106093 @@ -521,11 +527,12 @@ out:
106094 return error;
106095 }
106096
106097 -static int nlm_xdr_dec_testres(struct rpc_rqst *req,
106098 +static int nlm_xdr_dec_testres(void *req,
106099 struct xdr_stream *xdr,
106100 - struct nlm_res *result)
106101 + void *_result)
106102 {
106103 int error;
106104 + struct nlm_res *result = _result;
106105
106106 error = decode_cookie(xdr, &result->cookie);
106107 if (unlikely(error))
106108 @@ -541,11 +548,12 @@ out:
106109 * nlm_stat stat;
106110 * };
106111 */
106112 -static int nlm_xdr_dec_res(struct rpc_rqst *req,
106113 +static int nlm_xdr_dec_res(void *req,
106114 struct xdr_stream *xdr,
106115 - struct nlm_res *result)
106116 + void *_result)
106117 {
106118 int error;
106119 + struct nlm_res *result = _result;
106120
106121 error = decode_cookie(xdr, &result->cookie);
106122 if (unlikely(error))
106123 @@ -564,8 +572,8 @@ out:
106124 #define PROC(proc, argtype, restype) \
106125 [NLMPROC_##proc] = { \
106126 .p_proc = NLMPROC_##proc, \
106127 - .p_encode = (kxdreproc_t)nlm_xdr_enc_##argtype, \
106128 - .p_decode = (kxdrdproc_t)nlm_xdr_dec_##restype, \
106129 + .p_encode = nlm_xdr_enc_##argtype, \
106130 + .p_decode = nlm_xdr_dec_##restype, \
106131 .p_arglen = NLM_##argtype##_sz, \
106132 .p_replen = NLM_##restype##_sz, \
106133 .p_statidx = NLMPROC_##proc, \
106134 diff --git a/fs/lockd/mon.c b/fs/lockd/mon.c
106135 index 19166d4..c841d52 100644
106136 --- a/fs/lockd/mon.c
106137 +++ b/fs/lockd/mon.c
106138 @@ -475,23 +475,22 @@ static void encode_priv(struct xdr_stream *xdr, const struct nsm_args *argp)
106139 xdr_encode_opaque_fixed(p, argp->priv->data, SM_PRIV_SIZE);
106140 }
106141
106142 -static void nsm_xdr_enc_mon(struct rpc_rqst *req, struct xdr_stream *xdr,
106143 - const struct nsm_args *argp)
106144 +static void nsm_xdr_enc_mon(void *req, struct xdr_stream *xdr, void *argp)
106145 {
106146 encode_mon_id(xdr, argp);
106147 encode_priv(xdr, argp);
106148 }
106149
106150 -static void nsm_xdr_enc_unmon(struct rpc_rqst *req, struct xdr_stream *xdr,
106151 - const struct nsm_args *argp)
106152 +static void nsm_xdr_enc_unmon(void *req, struct xdr_stream *xdr, void *argp)
106153 {
106154 encode_mon_id(xdr, argp);
106155 }
106156
106157 -static int nsm_xdr_dec_stat_res(struct rpc_rqst *rqstp,
106158 +static int nsm_xdr_dec_stat_res(void *rqstp,
106159 struct xdr_stream *xdr,
106160 - struct nsm_res *resp)
106161 + void *_resp)
106162 {
106163 + struct nsm_res *resp = _resp;
106164 __be32 *p;
106165
106166 p = xdr_inline_decode(xdr, 4 + 4);
106167 @@ -505,10 +504,11 @@ static int nsm_xdr_dec_stat_res(struct rpc_rqst *rqstp,
106168 return 0;
106169 }
106170
106171 -static int nsm_xdr_dec_stat(struct rpc_rqst *rqstp,
106172 +static int nsm_xdr_dec_stat(void *rqstp,
106173 struct xdr_stream *xdr,
106174 - struct nsm_res *resp)
106175 + void *_resp)
106176 {
106177 + struct nsm_res *resp = _resp;
106178 __be32 *p;
106179
106180 p = xdr_inline_decode(xdr, 4);
106181 @@ -532,8 +532,8 @@ static int nsm_xdr_dec_stat(struct rpc_rqst *rqstp,
106182 static struct rpc_procinfo nsm_procedures[] = {
106183 [NSMPROC_MON] = {
106184 .p_proc = NSMPROC_MON,
106185 - .p_encode = (kxdreproc_t)nsm_xdr_enc_mon,
106186 - .p_decode = (kxdrdproc_t)nsm_xdr_dec_stat_res,
106187 + .p_encode = nsm_xdr_enc_mon,
106188 + .p_decode = nsm_xdr_dec_stat_res,
106189 .p_arglen = SM_mon_sz,
106190 .p_replen = SM_monres_sz,
106191 .p_statidx = NSMPROC_MON,
106192 @@ -541,8 +541,8 @@ static struct rpc_procinfo nsm_procedures[] = {
106193 },
106194 [NSMPROC_UNMON] = {
106195 .p_proc = NSMPROC_UNMON,
106196 - .p_encode = (kxdreproc_t)nsm_xdr_enc_unmon,
106197 - .p_decode = (kxdrdproc_t)nsm_xdr_dec_stat,
106198 + .p_encode = nsm_xdr_enc_unmon,
106199 + .p_decode = nsm_xdr_dec_stat,
106200 .p_arglen = SM_mon_id_sz,
106201 .p_replen = SM_unmonres_sz,
106202 .p_statidx = NSMPROC_UNMON,
106203 diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c
106204 index fc4084e..25d725d 100644
106205 --- a/fs/lockd/svc.c
106206 +++ b/fs/lockd/svc.c
106207 @@ -598,7 +598,7 @@ static struct ctl_table nlm_sysctl_root[] = {
106208 */
106209
106210 #define param_set_min_max(name, type, which_strtol, min, max) \
106211 -static int param_set_##name(const char *val, struct kernel_param *kp) \
106212 +static int param_set_##name(const char *val, const struct kernel_param *kp)\
106213 { \
106214 char *endp; \
106215 __typeof__(type) num = which_strtol(val, &endp, 0); \
106216 diff --git a/fs/lockd/svc4proc.c b/fs/lockd/svc4proc.c
106217 index 09c576f..89b4d3d 100644
106218 --- a/fs/lockd/svc4proc.c
106219 +++ b/fs/lockd/svc4proc.c
106220 @@ -72,9 +72,10 @@ nlm4svc_proc_null(struct svc_rqst *rqstp, void *argp, void *resp)
106221 * TEST: Check for conflicting lock
106222 */
106223 static __be32
106224 -nlm4svc_proc_test(struct svc_rqst *rqstp, struct nlm_args *argp,
106225 - struct nlm_res *resp)
106226 +nlm4svc_proc_test(struct svc_rqst *rqstp, void *_argp, void *_resp)
106227 {
106228 + struct nlm_args *argp = _argp;
106229 + struct nlm_res *resp = _resp;
106230 struct nlm_host *host;
106231 struct nlm_file *file;
106232 __be32 rc = rpc_success;
106233 @@ -99,9 +100,10 @@ nlm4svc_proc_test(struct svc_rqst *rqstp, struct nlm_args *argp,
106234 }
106235
106236 static __be32
106237 -nlm4svc_proc_lock(struct svc_rqst *rqstp, struct nlm_args *argp,
106238 - struct nlm_res *resp)
106239 +nlm4svc_proc_lock(struct svc_rqst *rqstp, void *_argp, void *_resp)
106240 {
106241 + struct nlm_args *argp = _argp;
106242 + struct nlm_res *resp = _resp;
106243 struct nlm_host *host;
106244 struct nlm_file *file;
106245 __be32 rc = rpc_success;
106246 @@ -141,9 +143,10 @@ nlm4svc_proc_lock(struct svc_rqst *rqstp, struct nlm_args *argp,
106247 }
106248
106249 static __be32
106250 -nlm4svc_proc_cancel(struct svc_rqst *rqstp, struct nlm_args *argp,
106251 - struct nlm_res *resp)
106252 +nlm4svc_proc_cancel(struct svc_rqst *rqstp, void *_argp, void *_resp)
106253 {
106254 + struct nlm_args *argp = _argp;
106255 + struct nlm_res *resp = _resp;
106256 struct nlm_host *host;
106257 struct nlm_file *file;
106258
106259 @@ -174,9 +177,10 @@ nlm4svc_proc_cancel(struct svc_rqst *rqstp, struct nlm_args *argp,
106260 * UNLOCK: release a lock
106261 */
106262 static __be32
106263 -nlm4svc_proc_unlock(struct svc_rqst *rqstp, struct nlm_args *argp,
106264 - struct nlm_res *resp)
106265 +nlm4svc_proc_unlock(struct svc_rqst *rqstp, void *_argp, void *_resp)
106266 {
106267 + struct nlm_args *argp = _argp;
106268 + struct nlm_res *resp = _resp;
106269 struct nlm_host *host;
106270 struct nlm_file *file;
106271
106272 @@ -208,9 +212,11 @@ nlm4svc_proc_unlock(struct svc_rqst *rqstp, struct nlm_args *argp,
106273 * was granted
106274 */
106275 static __be32
106276 -nlm4svc_proc_granted(struct svc_rqst *rqstp, struct nlm_args *argp,
106277 - struct nlm_res *resp)
106278 +nlm4svc_proc_granted(struct svc_rqst *rqstp, void *_argp, void *_resp)
106279 {
106280 + struct nlm_args *argp = _argp;
106281 + struct nlm_res *resp = _resp;
106282 +
106283 resp->cookie = argp->cookie;
106284
106285 dprintk("lockd: GRANTED called\n");
106286 @@ -244,7 +250,7 @@ static const struct rpc_call_ops nlm4svc_callback_ops = {
106287 * doesn't break any clients.
106288 */
106289 static __be32 nlm4svc_callback(struct svc_rqst *rqstp, u32 proc, struct nlm_args *argp,
106290 - __be32 (*func)(struct svc_rqst *, struct nlm_args *, struct nlm_res *))
106291 + __be32 (*func)(struct svc_rqst *, void *, void *))
106292 {
106293 struct nlm_host *host;
106294 struct nlm_rqst *call;
106295 @@ -273,35 +279,35 @@ static __be32 nlm4svc_callback(struct svc_rqst *rqstp, u32 proc, struct nlm_args
106296 return rpc_success;
106297 }
106298
106299 -static __be32 nlm4svc_proc_test_msg(struct svc_rqst *rqstp, struct nlm_args *argp,
106300 +static __be32 nlm4svc_proc_test_msg(struct svc_rqst *rqstp, void *argp,
106301 void *resp)
106302 {
106303 dprintk("lockd: TEST_MSG called\n");
106304 return nlm4svc_callback(rqstp, NLMPROC_TEST_RES, argp, nlm4svc_proc_test);
106305 }
106306
106307 -static __be32 nlm4svc_proc_lock_msg(struct svc_rqst *rqstp, struct nlm_args *argp,
106308 +static __be32 nlm4svc_proc_lock_msg(struct svc_rqst *rqstp, void *argp,
106309 void *resp)
106310 {
106311 dprintk("lockd: LOCK_MSG called\n");
106312 return nlm4svc_callback(rqstp, NLMPROC_LOCK_RES, argp, nlm4svc_proc_lock);
106313 }
106314
106315 -static __be32 nlm4svc_proc_cancel_msg(struct svc_rqst *rqstp, struct nlm_args *argp,
106316 +static __be32 nlm4svc_proc_cancel_msg(struct svc_rqst *rqstp, void *argp,
106317 void *resp)
106318 {
106319 dprintk("lockd: CANCEL_MSG called\n");
106320 return nlm4svc_callback(rqstp, NLMPROC_CANCEL_RES, argp, nlm4svc_proc_cancel);
106321 }
106322
106323 -static __be32 nlm4svc_proc_unlock_msg(struct svc_rqst *rqstp, struct nlm_args *argp,
106324 +static __be32 nlm4svc_proc_unlock_msg(struct svc_rqst *rqstp, void *argp,
106325 void *resp)
106326 {
106327 dprintk("lockd: UNLOCK_MSG called\n");
106328 return nlm4svc_callback(rqstp, NLMPROC_UNLOCK_RES, argp, nlm4svc_proc_unlock);
106329 }
106330
106331 -static __be32 nlm4svc_proc_granted_msg(struct svc_rqst *rqstp, struct nlm_args *argp,
106332 +static __be32 nlm4svc_proc_granted_msg(struct svc_rqst *rqstp, void *argp,
106333 void *resp)
106334 {
106335 dprintk("lockd: GRANTED_MSG called\n");
106336 @@ -312,9 +318,10 @@ static __be32 nlm4svc_proc_granted_msg(struct svc_rqst *rqstp, struct nlm_args *
106337 * SHARE: create a DOS share or alter existing share.
106338 */
106339 static __be32
106340 -nlm4svc_proc_share(struct svc_rqst *rqstp, struct nlm_args *argp,
106341 - struct nlm_res *resp)
106342 +nlm4svc_proc_share(struct svc_rqst *rqstp, void *_argp, void *_resp)
106343 {
106344 + struct nlm_args *argp = _argp;
106345 + struct nlm_res *resp = _resp;
106346 struct nlm_host *host;
106347 struct nlm_file *file;
106348
106349 @@ -345,9 +352,10 @@ nlm4svc_proc_share(struct svc_rqst *rqstp, struct nlm_args *argp,
106350 * UNSHARE: Release a DOS share.
106351 */
106352 static __be32
106353 -nlm4svc_proc_unshare(struct svc_rqst *rqstp, struct nlm_args *argp,
106354 - struct nlm_res *resp)
106355 +nlm4svc_proc_unshare(struct svc_rqst *rqstp, void *_argp, void *_resp)
106356 {
106357 + struct nlm_args *argp = _argp;
106358 + struct nlm_res *resp = _resp;
106359 struct nlm_host *host;
106360 struct nlm_file *file;
106361
106362 @@ -378,9 +386,10 @@ nlm4svc_proc_unshare(struct svc_rqst *rqstp, struct nlm_args *argp,
106363 * NM_LOCK: Create an unmonitored lock
106364 */
106365 static __be32
106366 -nlm4svc_proc_nm_lock(struct svc_rqst *rqstp, struct nlm_args *argp,
106367 - struct nlm_res *resp)
106368 +nlm4svc_proc_nm_lock(struct svc_rqst *rqstp, void *_argp, void *resp)
106369 {
106370 + struct nlm_args *argp = _argp;
106371 +
106372 dprintk("lockd: NM_LOCK called\n");
106373
106374 argp->monitor = 0; /* just clean the monitor flag */
106375 @@ -391,8 +400,7 @@ nlm4svc_proc_nm_lock(struct svc_rqst *rqstp, struct nlm_args *argp,
106376 * FREE_ALL: Release all locks and shares held by client
106377 */
106378 static __be32
106379 -nlm4svc_proc_free_all(struct svc_rqst *rqstp, struct nlm_args *argp,
106380 - void *resp)
106381 +nlm4svc_proc_free_all(struct svc_rqst *rqstp, void *argp, void *resp)
106382 {
106383 struct nlm_host *host;
106384
106385 @@ -409,7 +417,7 @@ nlm4svc_proc_free_all(struct svc_rqst *rqstp, struct nlm_args *argp,
106386 * SM_NOTIFY: private callback from statd (not part of official NLM proto)
106387 */
106388 static __be32
106389 -nlm4svc_proc_sm_notify(struct svc_rqst *rqstp, struct nlm_reboot *argp,
106390 +nlm4svc_proc_sm_notify(struct svc_rqst *rqstp, void *argp,
106391 void *resp)
106392 {
106393 dprintk("lockd: SM_NOTIFY called\n");
106394 @@ -429,9 +437,10 @@ nlm4svc_proc_sm_notify(struct svc_rqst *rqstp, struct nlm_reboot *argp,
106395 * client sent a GRANTED_RES, let's remove the associated block
106396 */
106397 static __be32
106398 -nlm4svc_proc_granted_res(struct svc_rqst *rqstp, struct nlm_res *argp,
106399 - void *resp)
106400 +nlm4svc_proc_granted_res(struct svc_rqst *rqstp, void *_argp, void *resp)
106401 {
106402 + struct nlm_res *argp = _argp;
106403 +
106404 if (!nlmsvc_ops)
106405 return rpc_success;
106406
106407 @@ -463,9 +472,9 @@ nlm4svc_proc_granted_res(struct svc_rqst *rqstp, struct nlm_res *argp,
106408 struct nlm_void { int dummy; };
106409
106410 #define PROC(name, xargt, xrest, argt, rest, respsize) \
106411 - { .pc_func = (svc_procfunc) nlm4svc_proc_##name, \
106412 - .pc_decode = (kxdrproc_t) nlm4svc_decode_##xargt, \
106413 - .pc_encode = (kxdrproc_t) nlm4svc_encode_##xrest, \
106414 + { .pc_func = nlm4svc_proc_##name, \
106415 + .pc_decode = nlm4svc_decode_##xargt, \
106416 + .pc_encode = nlm4svc_encode_##xrest, \
106417 .pc_release = NULL, \
106418 .pc_argsize = sizeof(struct nlm_##argt), \
106419 .pc_ressize = sizeof(struct nlm_##rest), \
106420 diff --git a/fs/lockd/svcproc.c b/fs/lockd/svcproc.c
106421 index fb26b9f..a6d5582 100644
106422 --- a/fs/lockd/svcproc.c
106423 +++ b/fs/lockd/svcproc.c
106424 @@ -102,9 +102,10 @@ nlmsvc_proc_null(struct svc_rqst *rqstp, void *argp, void *resp)
106425 * TEST: Check for conflicting lock
106426 */
106427 static __be32
106428 -nlmsvc_proc_test(struct svc_rqst *rqstp, struct nlm_args *argp,
106429 - struct nlm_res *resp)
106430 +nlmsvc_proc_test(struct svc_rqst *rqstp, void *_argp, void *_resp)
106431 {
106432 + struct nlm_args *argp = _argp;
106433 + struct nlm_res *resp = _resp;
106434 struct nlm_host *host;
106435 struct nlm_file *file;
106436 __be32 rc = rpc_success;
106437 @@ -130,9 +131,10 @@ nlmsvc_proc_test(struct svc_rqst *rqstp, struct nlm_args *argp,
106438 }
106439
106440 static __be32
106441 -nlmsvc_proc_lock(struct svc_rqst *rqstp, struct nlm_args *argp,
106442 - struct nlm_res *resp)
106443 +nlmsvc_proc_lock(struct svc_rqst *rqstp, void *_argp, void *_resp)
106444 {
106445 + struct nlm_args *argp = _argp;
106446 + struct nlm_res *resp = _resp;
106447 struct nlm_host *host;
106448 struct nlm_file *file;
106449 __be32 rc = rpc_success;
106450 @@ -172,9 +174,10 @@ nlmsvc_proc_lock(struct svc_rqst *rqstp, struct nlm_args *argp,
106451 }
106452
106453 static __be32
106454 -nlmsvc_proc_cancel(struct svc_rqst *rqstp, struct nlm_args *argp,
106455 - struct nlm_res *resp)
106456 +nlmsvc_proc_cancel(struct svc_rqst *rqstp, void *_argp, void *_resp)
106457 {
106458 + struct nlm_args *argp = _argp;
106459 + struct nlm_res *resp = _resp;
106460 struct nlm_host *host;
106461 struct nlm_file *file;
106462 struct net *net = SVC_NET(rqstp);
106463 @@ -206,9 +209,10 @@ nlmsvc_proc_cancel(struct svc_rqst *rqstp, struct nlm_args *argp,
106464 * UNLOCK: release a lock
106465 */
106466 static __be32
106467 -nlmsvc_proc_unlock(struct svc_rqst *rqstp, struct nlm_args *argp,
106468 - struct nlm_res *resp)
106469 +nlmsvc_proc_unlock(struct svc_rqst *rqstp, void *_argp, void *_resp)
106470 {
106471 + struct nlm_args *argp = _argp;
106472 + struct nlm_res *resp = _resp;
106473 struct nlm_host *host;
106474 struct nlm_file *file;
106475 struct net *net = SVC_NET(rqstp);
106476 @@ -241,9 +245,11 @@ nlmsvc_proc_unlock(struct svc_rqst *rqstp, struct nlm_args *argp,
106477 * was granted
106478 */
106479 static __be32
106480 -nlmsvc_proc_granted(struct svc_rqst *rqstp, struct nlm_args *argp,
106481 - struct nlm_res *resp)
106482 +nlmsvc_proc_granted(struct svc_rqst *rqstp, void *_argp, void *_resp)
106483 {
106484 + struct nlm_args *argp = _argp;
106485 + struct nlm_res *resp = _resp;
106486 +
106487 resp->cookie = argp->cookie;
106488
106489 dprintk("lockd: GRANTED called\n");
106490 @@ -285,7 +291,7 @@ static const struct rpc_call_ops nlmsvc_callback_ops = {
106491 * doesn't break any clients.
106492 */
106493 static __be32 nlmsvc_callback(struct svc_rqst *rqstp, u32 proc, struct nlm_args *argp,
106494 - __be32 (*func)(struct svc_rqst *, struct nlm_args *, struct nlm_res *))
106495 + __be32 (*func)(struct svc_rqst *, void *, void *))
106496 {
106497 struct nlm_host *host;
106498 struct nlm_rqst *call;
106499 @@ -314,38 +320,33 @@ static __be32 nlmsvc_callback(struct svc_rqst *rqstp, u32 proc, struct nlm_args
106500 return rpc_success;
106501 }
106502
106503 -static __be32 nlmsvc_proc_test_msg(struct svc_rqst *rqstp, struct nlm_args *argp,
106504 - void *resp)
106505 +static __be32 nlmsvc_proc_test_msg(struct svc_rqst *rqstp,void *argp, void *resp)
106506 {
106507 dprintk("lockd: TEST_MSG called\n");
106508 return nlmsvc_callback(rqstp, NLMPROC_TEST_RES, argp, nlmsvc_proc_test);
106509 }
106510
106511 -static __be32 nlmsvc_proc_lock_msg(struct svc_rqst *rqstp, struct nlm_args *argp,
106512 - void *resp)
106513 +static __be32 nlmsvc_proc_lock_msg(struct svc_rqst *rqstp, void *argp, void *resp)
106514 {
106515 dprintk("lockd: LOCK_MSG called\n");
106516 return nlmsvc_callback(rqstp, NLMPROC_LOCK_RES, argp, nlmsvc_proc_lock);
106517 }
106518
106519 -static __be32 nlmsvc_proc_cancel_msg(struct svc_rqst *rqstp, struct nlm_args *argp,
106520 - void *resp)
106521 +static __be32 nlmsvc_proc_cancel_msg(struct svc_rqst *rqstp, void *argp, void *resp)
106522 {
106523 dprintk("lockd: CANCEL_MSG called\n");
106524 return nlmsvc_callback(rqstp, NLMPROC_CANCEL_RES, argp, nlmsvc_proc_cancel);
106525 }
106526
106527 static __be32
106528 -nlmsvc_proc_unlock_msg(struct svc_rqst *rqstp, struct nlm_args *argp,
106529 - void *resp)
106530 +nlmsvc_proc_unlock_msg(struct svc_rqst *rqstp, void *argp, void *resp)
106531 {
106532 dprintk("lockd: UNLOCK_MSG called\n");
106533 return nlmsvc_callback(rqstp, NLMPROC_UNLOCK_RES, argp, nlmsvc_proc_unlock);
106534 }
106535
106536 static __be32
106537 -nlmsvc_proc_granted_msg(struct svc_rqst *rqstp, struct nlm_args *argp,
106538 - void *resp)
106539 +nlmsvc_proc_granted_msg(struct svc_rqst *rqstp, void *argp, void *resp)
106540 {
106541 dprintk("lockd: GRANTED_MSG called\n");
106542 return nlmsvc_callback(rqstp, NLMPROC_GRANTED_RES, argp, nlmsvc_proc_granted);
106543 @@ -355,9 +356,10 @@ nlmsvc_proc_granted_msg(struct svc_rqst *rqstp, struct nlm_args *argp,
106544 * SHARE: create a DOS share or alter existing share.
106545 */
106546 static __be32
106547 -nlmsvc_proc_share(struct svc_rqst *rqstp, struct nlm_args *argp,
106548 - struct nlm_res *resp)
106549 +nlmsvc_proc_share(struct svc_rqst *rqstp, void *_argp, void *_resp)
106550 {
106551 + struct nlm_args *argp = _argp;
106552 + struct nlm_res *resp = _resp;
106553 struct nlm_host *host;
106554 struct nlm_file *file;
106555
106556 @@ -388,9 +390,10 @@ nlmsvc_proc_share(struct svc_rqst *rqstp, struct nlm_args *argp,
106557 * UNSHARE: Release a DOS share.
106558 */
106559 static __be32
106560 -nlmsvc_proc_unshare(struct svc_rqst *rqstp, struct nlm_args *argp,
106561 - struct nlm_res *resp)
106562 +nlmsvc_proc_unshare(struct svc_rqst *rqstp, void *_argp, void *_resp)
106563 {
106564 + struct nlm_args *argp = _argp;
106565 + struct nlm_res *resp = _resp;
106566 struct nlm_host *host;
106567 struct nlm_file *file;
106568
106569 @@ -421,9 +424,10 @@ nlmsvc_proc_unshare(struct svc_rqst *rqstp, struct nlm_args *argp,
106570 * NM_LOCK: Create an unmonitored lock
106571 */
106572 static __be32
106573 -nlmsvc_proc_nm_lock(struct svc_rqst *rqstp, struct nlm_args *argp,
106574 - struct nlm_res *resp)
106575 +nlmsvc_proc_nm_lock(struct svc_rqst *rqstp, void *_argp, void *resp)
106576 {
106577 + struct nlm_args *argp = _argp;
106578 +
106579 dprintk("lockd: NM_LOCK called\n");
106580
106581 argp->monitor = 0; /* just clean the monitor flag */
106582 @@ -434,8 +438,7 @@ nlmsvc_proc_nm_lock(struct svc_rqst *rqstp, struct nlm_args *argp,
106583 * FREE_ALL: Release all locks and shares held by client
106584 */
106585 static __be32
106586 -nlmsvc_proc_free_all(struct svc_rqst *rqstp, struct nlm_args *argp,
106587 - void *resp)
106588 +nlmsvc_proc_free_all(struct svc_rqst *rqstp, void *argp, void *resp)
106589 {
106590 struct nlm_host *host;
106591
106592 @@ -452,8 +455,7 @@ nlmsvc_proc_free_all(struct svc_rqst *rqstp, struct nlm_args *argp,
106593 * SM_NOTIFY: private callback from statd (not part of official NLM proto)
106594 */
106595 static __be32
106596 -nlmsvc_proc_sm_notify(struct svc_rqst *rqstp, struct nlm_reboot *argp,
106597 - void *resp)
106598 +nlmsvc_proc_sm_notify(struct svc_rqst *rqstp, void *argp, void *resp)
106599 {
106600 dprintk("lockd: SM_NOTIFY called\n");
106601
106602 @@ -472,9 +474,10 @@ nlmsvc_proc_sm_notify(struct svc_rqst *rqstp, struct nlm_reboot *argp,
106603 * client sent a GRANTED_RES, let's remove the associated block
106604 */
106605 static __be32
106606 -nlmsvc_proc_granted_res(struct svc_rqst *rqstp, struct nlm_res *argp,
106607 - void *resp)
106608 +nlmsvc_proc_granted_res(struct svc_rqst *rqstp, void *_argp, void *resp)
106609 {
106610 + struct nlm_res *argp = _argp;
106611 +
106612 if (!nlmsvc_ops)
106613 return rpc_success;
106614
106615 @@ -505,9 +508,9 @@ nlmsvc_proc_granted_res(struct svc_rqst *rqstp, struct nlm_res *argp,
106616 struct nlm_void { int dummy; };
106617
106618 #define PROC(name, xargt, xrest, argt, rest, respsize) \
106619 - { .pc_func = (svc_procfunc) nlmsvc_proc_##name, \
106620 - .pc_decode = (kxdrproc_t) nlmsvc_decode_##xargt, \
106621 - .pc_encode = (kxdrproc_t) nlmsvc_encode_##xrest, \
106622 + { .pc_func = nlmsvc_proc_##name, \
106623 + .pc_decode = nlmsvc_decode_##xargt, \
106624 + .pc_encode = nlmsvc_encode_##xrest, \
106625 .pc_release = NULL, \
106626 .pc_argsize = sizeof(struct nlm_##argt), \
106627 .pc_ressize = sizeof(struct nlm_##rest), \
106628 diff --git a/fs/lockd/xdr.c b/fs/lockd/xdr.c
106629 index 5b651da..cfe0944 100644
106630 --- a/fs/lockd/xdr.c
106631 +++ b/fs/lockd/xdr.c
106632 @@ -182,8 +182,9 @@ nlm_encode_testres(__be32 *p, struct nlm_res *resp)
106633 * First, the server side XDR functions
106634 */
106635 int
106636 -nlmsvc_decode_testargs(struct svc_rqst *rqstp, __be32 *p, nlm_args *argp)
106637 +nlmsvc_decode_testargs(void *rqstp, __be32 *p, void *_argp)
106638 {
106639 + nlm_args *argp = _argp;
106640 u32 exclusive;
106641
106642 if (!(p = nlm_decode_cookie(p, &argp->cookie)))
106643 @@ -199,16 +200,19 @@ nlmsvc_decode_testargs(struct svc_rqst *rqstp, __be32 *p, nlm_args *argp)
106644 }
106645
106646 int
106647 -nlmsvc_encode_testres(struct svc_rqst *rqstp, __be32 *p, struct nlm_res *resp)
106648 +nlmsvc_encode_testres(void *rqstp, __be32 *p, void *_resp)
106649 {
106650 + struct nlm_res *resp = _resp;
106651 +
106652 if (!(p = nlm_encode_testres(p, resp)))
106653 return 0;
106654 return xdr_ressize_check(rqstp, p);
106655 }
106656
106657 int
106658 -nlmsvc_decode_lockargs(struct svc_rqst *rqstp, __be32 *p, nlm_args *argp)
106659 +nlmsvc_decode_lockargs(void *rqstp, __be32 *p, void *_argp)
106660 {
106661 + nlm_args *argp = _argp;
106662 u32 exclusive;
106663
106664 if (!(p = nlm_decode_cookie(p, &argp->cookie)))
106665 @@ -227,8 +231,9 @@ nlmsvc_decode_lockargs(struct svc_rqst *rqstp, __be32 *p, nlm_args *argp)
106666 }
106667
106668 int
106669 -nlmsvc_decode_cancargs(struct svc_rqst *rqstp, __be32 *p, nlm_args *argp)
106670 +nlmsvc_decode_cancargs(void *rqstp, __be32 *p, void *_argp)
106671 {
106672 + nlm_args *argp = _argp;
106673 u32 exclusive;
106674
106675 if (!(p = nlm_decode_cookie(p, &argp->cookie)))
106676 @@ -243,8 +248,10 @@ nlmsvc_decode_cancargs(struct svc_rqst *rqstp, __be32 *p, nlm_args *argp)
106677 }
106678
106679 int
106680 -nlmsvc_decode_unlockargs(struct svc_rqst *rqstp, __be32 *p, nlm_args *argp)
106681 +nlmsvc_decode_unlockargs(void *rqstp, __be32 *p, void *_argp)
106682 {
106683 + nlm_args *argp = _argp;
106684 +
106685 if (!(p = nlm_decode_cookie(p, &argp->cookie))
106686 || !(p = nlm_decode_lock(p, &argp->lock)))
106687 return 0;
106688 @@ -253,8 +260,10 @@ nlmsvc_decode_unlockargs(struct svc_rqst *rqstp, __be32 *p, nlm_args *argp)
106689 }
106690
106691 int
106692 -nlmsvc_decode_shareargs(struct svc_rqst *rqstp, __be32 *p, nlm_args *argp)
106693 +nlmsvc_decode_shareargs(void *rqstp, __be32 *p, void *_argp)
106694 {
106695 + nlm_args *argp = _argp;
106696 +
106697 struct nlm_lock *lock = &argp->lock;
106698
106699 memset(lock, 0, sizeof(*lock));
106700 @@ -274,8 +283,10 @@ nlmsvc_decode_shareargs(struct svc_rqst *rqstp, __be32 *p, nlm_args *argp)
106701 }
106702
106703 int
106704 -nlmsvc_encode_shareres(struct svc_rqst *rqstp, __be32 *p, struct nlm_res *resp)
106705 +nlmsvc_encode_shareres(void *rqstp, __be32 *p, void *_resp)
106706 {
106707 + struct nlm_res *resp = _resp;
106708 +
106709 if (!(p = nlm_encode_cookie(p, &resp->cookie)))
106710 return 0;
106711 *p++ = resp->status;
106712 @@ -284,8 +295,10 @@ nlmsvc_encode_shareres(struct svc_rqst *rqstp, __be32 *p, struct nlm_res *resp)
106713 }
106714
106715 int
106716 -nlmsvc_encode_res(struct svc_rqst *rqstp, __be32 *p, struct nlm_res *resp)
106717 +nlmsvc_encode_res(void *rqstp, __be32 *p, void *_resp)
106718 {
106719 + struct nlm_res *resp = _resp;
106720 +
106721 if (!(p = nlm_encode_cookie(p, &resp->cookie)))
106722 return 0;
106723 *p++ = resp->status;
106724 @@ -293,8 +306,9 @@ nlmsvc_encode_res(struct svc_rqst *rqstp, __be32 *p, struct nlm_res *resp)
106725 }
106726
106727 int
106728 -nlmsvc_decode_notify(struct svc_rqst *rqstp, __be32 *p, struct nlm_args *argp)
106729 +nlmsvc_decode_notify(void *rqstp, __be32 *p, void *_argp)
106730 {
106731 + struct nlm_args *argp = _argp;
106732 struct nlm_lock *lock = &argp->lock;
106733
106734 if (!(p = xdr_decode_string_inplace(p, &lock->caller,
106735 @@ -305,8 +319,10 @@ nlmsvc_decode_notify(struct svc_rqst *rqstp, __be32 *p, struct nlm_args *argp)
106736 }
106737
106738 int
106739 -nlmsvc_decode_reboot(struct svc_rqst *rqstp, __be32 *p, struct nlm_reboot *argp)
106740 +nlmsvc_decode_reboot(void *rqstp, __be32 *p, void *_argp)
106741 {
106742 + struct nlm_reboot *argp = _argp;
106743 +
106744 if (!(p = xdr_decode_string_inplace(p, &argp->mon, &argp->len, SM_MAXSTRLEN)))
106745 return 0;
106746 argp->state = ntohl(*p++);
106747 @@ -316,8 +332,10 @@ nlmsvc_decode_reboot(struct svc_rqst *rqstp, __be32 *p, struct nlm_reboot *argp)
106748 }
106749
106750 int
106751 -nlmsvc_decode_res(struct svc_rqst *rqstp, __be32 *p, struct nlm_res *resp)
106752 +nlmsvc_decode_res(void *rqstp, __be32 *p, void *_resp)
106753 {
106754 + struct nlm_res *resp = _resp;
106755 +
106756 if (!(p = nlm_decode_cookie(p, &resp->cookie)))
106757 return 0;
106758 resp->status = *p++;
106759 @@ -325,13 +343,13 @@ nlmsvc_decode_res(struct svc_rqst *rqstp, __be32 *p, struct nlm_res *resp)
106760 }
106761
106762 int
106763 -nlmsvc_decode_void(struct svc_rqst *rqstp, __be32 *p, void *dummy)
106764 +nlmsvc_decode_void(void *rqstp, __be32 *p, void *dummy)
106765 {
106766 return xdr_argsize_check(rqstp, p);
106767 }
106768
106769 int
106770 -nlmsvc_encode_void(struct svc_rqst *rqstp, __be32 *p, void *dummy)
106771 +nlmsvc_encode_void(void *rqstp, __be32 *p, void *dummy)
106772 {
106773 return xdr_ressize_check(rqstp, p);
106774 }
106775 diff --git a/fs/lockd/xdr4.c b/fs/lockd/xdr4.c
106776 index dfa4789..be443bd 100644
106777 --- a/fs/lockd/xdr4.c
106778 +++ b/fs/lockd/xdr4.c
106779 @@ -179,8 +179,9 @@ nlm4_encode_testres(__be32 *p, struct nlm_res *resp)
106780 * First, the server side XDR functions
106781 */
106782 int
106783 -nlm4svc_decode_testargs(struct svc_rqst *rqstp, __be32 *p, nlm_args *argp)
106784 +nlm4svc_decode_testargs(void *rqstp, __be32 *p, void *_argp)
106785 {
106786 + nlm_args *argp = _argp;
106787 u32 exclusive;
106788
106789 if (!(p = nlm4_decode_cookie(p, &argp->cookie)))
106790 @@ -196,7 +197,7 @@ nlm4svc_decode_testargs(struct svc_rqst *rqstp, __be32 *p, nlm_args *argp)
106791 }
106792
106793 int
106794 -nlm4svc_encode_testres(struct svc_rqst *rqstp, __be32 *p, struct nlm_res *resp)
106795 +nlm4svc_encode_testres(void *rqstp, __be32 *p, void *resp)
106796 {
106797 if (!(p = nlm4_encode_testres(p, resp)))
106798 return 0;
106799 @@ -204,8 +205,9 @@ nlm4svc_encode_testres(struct svc_rqst *rqstp, __be32 *p, struct nlm_res *resp)
106800 }
106801
106802 int
106803 -nlm4svc_decode_lockargs(struct svc_rqst *rqstp, __be32 *p, nlm_args *argp)
106804 +nlm4svc_decode_lockargs(void *rqstp, __be32 *p, void *_argp)
106805 {
106806 + nlm_args *argp = _argp;
106807 u32 exclusive;
106808
106809 if (!(p = nlm4_decode_cookie(p, &argp->cookie)))
106810 @@ -224,8 +226,9 @@ nlm4svc_decode_lockargs(struct svc_rqst *rqstp, __be32 *p, nlm_args *argp)
106811 }
106812
106813 int
106814 -nlm4svc_decode_cancargs(struct svc_rqst *rqstp, __be32 *p, nlm_args *argp)
106815 +nlm4svc_decode_cancargs(void *rqstp, __be32 *p, void *_argp)
106816 {
106817 + nlm_args *argp = _argp;
106818 u32 exclusive;
106819
106820 if (!(p = nlm4_decode_cookie(p, &argp->cookie)))
106821 @@ -240,8 +243,10 @@ nlm4svc_decode_cancargs(struct svc_rqst *rqstp, __be32 *p, nlm_args *argp)
106822 }
106823
106824 int
106825 -nlm4svc_decode_unlockargs(struct svc_rqst *rqstp, __be32 *p, nlm_args *argp)
106826 +nlm4svc_decode_unlockargs(void *rqstp, __be32 *p, void *_argp)
106827 {
106828 + nlm_args *argp = _argp;
106829 +
106830 if (!(p = nlm4_decode_cookie(p, &argp->cookie))
106831 || !(p = nlm4_decode_lock(p, &argp->lock)))
106832 return 0;
106833 @@ -250,8 +255,9 @@ nlm4svc_decode_unlockargs(struct svc_rqst *rqstp, __be32 *p, nlm_args *argp)
106834 }
106835
106836 int
106837 -nlm4svc_decode_shareargs(struct svc_rqst *rqstp, __be32 *p, nlm_args *argp)
106838 +nlm4svc_decode_shareargs(void *rqstp, __be32 *p, void *_argp)
106839 {
106840 + nlm_args *argp = _argp;
106841 struct nlm_lock *lock = &argp->lock;
106842
106843 memset(lock, 0, sizeof(*lock));
106844 @@ -271,8 +277,10 @@ nlm4svc_decode_shareargs(struct svc_rqst *rqstp, __be32 *p, nlm_args *argp)
106845 }
106846
106847 int
106848 -nlm4svc_encode_shareres(struct svc_rqst *rqstp, __be32 *p, struct nlm_res *resp)
106849 +nlm4svc_encode_shareres(void *rqstp, __be32 *p, void *_resp)
106850 {
106851 + struct nlm_res *resp = _resp;
106852 +
106853 if (!(p = nlm4_encode_cookie(p, &resp->cookie)))
106854 return 0;
106855 *p++ = resp->status;
106856 @@ -281,8 +289,10 @@ nlm4svc_encode_shareres(struct svc_rqst *rqstp, __be32 *p, struct nlm_res *resp)
106857 }
106858
106859 int
106860 -nlm4svc_encode_res(struct svc_rqst *rqstp, __be32 *p, struct nlm_res *resp)
106861 +nlm4svc_encode_res(void *rqstp, __be32 *p, void *_resp)
106862 {
106863 + struct nlm_res *resp = _resp;
106864 +
106865 if (!(p = nlm4_encode_cookie(p, &resp->cookie)))
106866 return 0;
106867 *p++ = resp->status;
106868 @@ -290,8 +300,9 @@ nlm4svc_encode_res(struct svc_rqst *rqstp, __be32 *p, struct nlm_res *resp)
106869 }
106870
106871 int
106872 -nlm4svc_decode_notify(struct svc_rqst *rqstp, __be32 *p, struct nlm_args *argp)
106873 +nlm4svc_decode_notify(void *rqstp, __be32 *p, void *_argp)
106874 {
106875 + struct nlm_args *argp = _argp;
106876 struct nlm_lock *lock = &argp->lock;
106877
106878 if (!(p = xdr_decode_string_inplace(p, &lock->caller,
106879 @@ -302,8 +313,10 @@ nlm4svc_decode_notify(struct svc_rqst *rqstp, __be32 *p, struct nlm_args *argp)
106880 }
106881
106882 int
106883 -nlm4svc_decode_reboot(struct svc_rqst *rqstp, __be32 *p, struct nlm_reboot *argp)
106884 +nlm4svc_decode_reboot(void *rqstp, __be32 *p, void *_argp)
106885 {
106886 + struct nlm_reboot *argp = _argp;
106887 +
106888 if (!(p = xdr_decode_string_inplace(p, &argp->mon, &argp->len, SM_MAXSTRLEN)))
106889 return 0;
106890 argp->state = ntohl(*p++);
106891 @@ -313,8 +326,10 @@ nlm4svc_decode_reboot(struct svc_rqst *rqstp, __be32 *p, struct nlm_reboot *argp
106892 }
106893
106894 int
106895 -nlm4svc_decode_res(struct svc_rqst *rqstp, __be32 *p, struct nlm_res *resp)
106896 +nlm4svc_decode_res(void *rqstp, __be32 *p, void *_resp)
106897 {
106898 + struct nlm_res *resp = _resp;
106899 +
106900 if (!(p = nlm4_decode_cookie(p, &resp->cookie)))
106901 return 0;
106902 resp->status = *p++;
106903 @@ -322,13 +337,13 @@ nlm4svc_decode_res(struct svc_rqst *rqstp, __be32 *p, struct nlm_res *resp)
106904 }
106905
106906 int
106907 -nlm4svc_decode_void(struct svc_rqst *rqstp, __be32 *p, void *dummy)
106908 +nlm4svc_decode_void(void *rqstp, __be32 *p, void *dummy)
106909 {
106910 return xdr_argsize_check(rqstp, p);
106911 }
106912
106913 int
106914 -nlm4svc_encode_void(struct svc_rqst *rqstp, __be32 *p, void *dummy)
106915 +nlm4svc_encode_void(void *rqstp, __be32 *p, void *dummy)
106916 {
106917 return xdr_ressize_check(rqstp, p);
106918 }
106919 diff --git a/fs/logfs/dev_bdev.c b/fs/logfs/dev_bdev.c
106920 index a8329cc..b3d18fb 100644
106921 --- a/fs/logfs/dev_bdev.c
106922 +++ b/fs/logfs/dev_bdev.c
106923 @@ -34,9 +34,8 @@ static int sync_request(struct page *page, struct block_device *bdev, int op)
106924 return submit_bio_wait(&bio);
106925 }
106926
106927 -static int bdev_readpage(void *_sb, struct page *page)
106928 +static int bdev_readpage(struct super_block *sb, struct page *page)
106929 {
106930 - struct super_block *sb = _sb;
106931 struct block_device *bdev = logfs_super(sb)->s_bdev;
106932 int err;
106933
106934 @@ -52,6 +51,11 @@ static int bdev_readpage(void *_sb, struct page *page)
106935 return err;
106936 }
106937
106938 +static int bdev_filler(struct file *file, struct page *page)
106939 +{
106940 + return bdev_readpage((struct super_block *)file, page);
106941 +}
106942 +
106943 static DECLARE_WAIT_QUEUE_HEAD(wq);
106944
106945 static void writeseg_end_io(struct bio *bio)
106946 @@ -251,7 +255,7 @@ static struct page *bdev_find_first_sb(struct super_block *sb, u64 *ofs)
106947 {
106948 struct logfs_super *super = logfs_super(sb);
106949 struct address_space *mapping = super->s_mapping_inode->i_mapping;
106950 - filler_t *filler = bdev_readpage;
106951 + filler_t *filler = bdev_filler;
106952
106953 *ofs = 0;
106954 return read_cache_page(mapping, 0, filler, sb);
106955 @@ -261,7 +265,7 @@ static struct page *bdev_find_last_sb(struct super_block *sb, u64 *ofs)
106956 {
106957 struct logfs_super *super = logfs_super(sb);
106958 struct address_space *mapping = super->s_mapping_inode->i_mapping;
106959 - filler_t *filler = bdev_readpage;
106960 + filler_t *filler = bdev_filler;
106961 u64 pos = (super->s_bdev->bd_inode->i_size & ~0xfffULL) - 0x1000;
106962 pgoff_t index = pos >> PAGE_SHIFT;
106963
106964 @@ -292,6 +296,7 @@ static const struct logfs_device_ops bd_devops = {
106965 .find_last_sb = bdev_find_last_sb,
106966 .write_sb = bdev_write_sb,
106967 .readpage = bdev_readpage,
106968 + .filler = bdev_filler,
106969 .writeseg = bdev_writeseg,
106970 .erase = bdev_erase,
106971 .can_write_buf = bdev_can_write_buf,
106972 diff --git a/fs/logfs/dev_mtd.c b/fs/logfs/dev_mtd.c
106973 index b76a62b..317c6ff 100644
106974 --- a/fs/logfs/dev_mtd.c
106975 +++ b/fs/logfs/dev_mtd.c
106976 @@ -122,9 +122,8 @@ static void logfs_mtd_sync(struct super_block *sb)
106977 mtd_sync(mtd);
106978 }
106979
106980 -static int logfs_mtd_readpage(void *_sb, struct page *page)
106981 +static int logfs_mtd_readpage(struct super_block *sb, struct page *page)
106982 {
106983 - struct super_block *sb = _sb;
106984 int err;
106985
106986 err = logfs_mtd_read(sb, page->index << PAGE_SHIFT, PAGE_SIZE,
106987 @@ -145,11 +144,16 @@ static int logfs_mtd_readpage(void *_sb, struct page *page)
106988 return err;
106989 }
106990
106991 +static int logfs_mtd_filler(struct file *file, struct page *page)
106992 +{
106993 + return logfs_mtd_readpage((struct super_block *)file, page);
106994 +}
106995 +
106996 static struct page *logfs_mtd_find_first_sb(struct super_block *sb, u64 *ofs)
106997 {
106998 struct logfs_super *super = logfs_super(sb);
106999 struct address_space *mapping = super->s_mapping_inode->i_mapping;
107000 - filler_t *filler = logfs_mtd_readpage;
107001 + filler_t *filler = logfs_mtd_filler;
107002 struct mtd_info *mtd = super->s_mtd;
107003
107004 *ofs = 0;
107005 @@ -166,7 +170,7 @@ static struct page *logfs_mtd_find_last_sb(struct super_block *sb, u64 *ofs)
107006 {
107007 struct logfs_super *super = logfs_super(sb);
107008 struct address_space *mapping = super->s_mapping_inode->i_mapping;
107009 - filler_t *filler = logfs_mtd_readpage;
107010 + filler_t *filler = logfs_mtd_filler;
107011 struct mtd_info *mtd = super->s_mtd;
107012
107013 *ofs = mtd->size - mtd->erasesize;
107014 @@ -254,6 +258,7 @@ static const struct logfs_device_ops mtd_devops = {
107015 .find_first_sb = logfs_mtd_find_first_sb,
107016 .find_last_sb = logfs_mtd_find_last_sb,
107017 .readpage = logfs_mtd_readpage,
107018 + .filler = logfs_mtd_filler,
107019 .writeseg = logfs_mtd_writeseg,
107020 .erase = logfs_mtd_erase,
107021 .can_write_buf = logfs_mtd_can_write_buf,
107022 diff --git a/fs/logfs/dir.c b/fs/logfs/dir.c
107023 index 9568064..e188a46 100644
107024 --- a/fs/logfs/dir.c
107025 +++ b/fs/logfs/dir.c
107026 @@ -174,7 +174,7 @@ static struct page *logfs_get_dd_page(struct inode *dir, struct dentry *dentry)
107027 if (!logfs_exist_block(dir, index))
107028 continue;
107029 page = read_cache_page(dir->i_mapping, index,
107030 - (filler_t *)logfs_readpage, NULL);
107031 + logfs_readpage, NULL);
107032 if (IS_ERR(page))
107033 return page;
107034 dd = kmap_atomic(page);
107035 @@ -306,7 +306,7 @@ static int logfs_readdir(struct file *file, struct dir_context *ctx)
107036 continue;
107037 }
107038 page = read_cache_page(dir->i_mapping, pos,
107039 - (filler_t *)logfs_readpage, NULL);
107040 + logfs_readpage, NULL);
107041 if (IS_ERR(page))
107042 return PTR_ERR(page);
107043 dd = kmap(page);
107044 diff --git a/fs/logfs/logfs.h b/fs/logfs/logfs.h
107045 index 27d040e..8959149 100644
107046 --- a/fs/logfs/logfs.h
107047 +++ b/fs/logfs/logfs.h
107048 @@ -151,7 +151,8 @@ struct logfs_device_ops {
107049 struct page *(*find_first_sb)(struct super_block *sb, u64 *ofs);
107050 struct page *(*find_last_sb)(struct super_block *sb, u64 *ofs);
107051 int (*write_sb)(struct super_block *sb, struct page *page);
107052 - int (*readpage)(void *_sb, struct page *page);
107053 + int (*readpage)(struct super_block *sb, struct page *page);
107054 + int (*filler)(struct file *file, struct page *page);
107055 void (*writeseg)(struct super_block *sb, u64 ofs, size_t len);
107056 int (*erase)(struct super_block *sb, loff_t ofs, size_t len,
107057 int ensure_write);
107058 @@ -617,8 +618,6 @@ static inline int logfs_buf_recover(struct logfs_area *area, u64 ofs,
107059 }
107060
107061 /* super.c */
107062 -struct page *emergency_read_begin(struct address_space *mapping, pgoff_t index);
107063 -void emergency_read_end(struct page *page);
107064 void logfs_crash_dump(struct super_block *sb);
107065 int logfs_statfs(struct dentry *dentry, struct kstatfs *stats);
107066 int logfs_check_ds(struct logfs_disk_super *ds);
107067 diff --git a/fs/logfs/readwrite.c b/fs/logfs/readwrite.c
107068 index 3fb8c6d..83a5133 100644
107069 --- a/fs/logfs/readwrite.c
107070 +++ b/fs/logfs/readwrite.c
107071 @@ -1963,7 +1963,7 @@ int logfs_read_inode(struct inode *inode)
107072 return -ENODATA;
107073
107074 page = read_cache_page(master_inode->i_mapping, ino,
107075 - (filler_t *)logfs_readpage, NULL);
107076 + logfs_readpage, NULL);
107077 if (IS_ERR(page))
107078 return PTR_ERR(page);
107079
107080 diff --git a/fs/logfs/segment.c b/fs/logfs/segment.c
107081 index 1efd605..d712407b 100644
107082 --- a/fs/logfs/segment.c
107083 +++ b/fs/logfs/segment.c
107084 @@ -54,7 +54,7 @@ static struct page *get_mapping_page(struct super_block *sb, pgoff_t index,
107085 {
107086 struct logfs_super *super = logfs_super(sb);
107087 struct address_space *mapping = super->s_mapping_inode->i_mapping;
107088 - filler_t *filler = super->s_devops->readpage;
107089 + filler_t *filler = super->s_devops->filler;
107090 struct page *page;
107091
107092 BUG_ON(mapping_gfp_constraint(mapping, __GFP_FS));
107093 diff --git a/fs/logfs/super.c b/fs/logfs/super.c
107094 index 5751082..7619dac 100644
107095 --- a/fs/logfs/super.c
107096 +++ b/fs/logfs/super.c
107097 @@ -18,39 +18,6 @@
107098 #include <linux/statfs.h>
107099 #include <linux/buffer_head.h>
107100
107101 -static DEFINE_MUTEX(emergency_mutex);
107102 -static struct page *emergency_page;
107103 -
107104 -struct page *emergency_read_begin(struct address_space *mapping, pgoff_t index)
107105 -{
107106 - filler_t *filler = (filler_t *)mapping->a_ops->readpage;
107107 - struct page *page;
107108 - int err;
107109 -
107110 - page = read_cache_page(mapping, index, filler, NULL);
107111 - if (page)
107112 - return page;
107113 -
107114 - /* No more pages available, switch to emergency page */
107115 - printk(KERN_INFO"Logfs: Using emergency page\n");
107116 - mutex_lock(&emergency_mutex);
107117 - err = filler(NULL, emergency_page);
107118 - if (err) {
107119 - mutex_unlock(&emergency_mutex);
107120 - printk(KERN_EMERG"Logfs: Error reading emergency page\n");
107121 - return ERR_PTR(err);
107122 - }
107123 - return emergency_page;
107124 -}
107125 -
107126 -void emergency_read_end(struct page *page)
107127 -{
107128 - if (page == emergency_page)
107129 - mutex_unlock(&emergency_mutex);
107130 - else
107131 - put_page(page);
107132 -}
107133 -
107134 static void dump_segfile(struct super_block *sb)
107135 {
107136 struct logfs_super *super = logfs_super(sb);
107137 @@ -614,10 +581,6 @@ static int __init logfs_init(void)
107138 {
107139 int ret;
107140
107141 - emergency_page = alloc_pages(GFP_KERNEL, 0);
107142 - if (!emergency_page)
107143 - return -ENOMEM;
107144 -
107145 ret = logfs_compr_init();
107146 if (ret)
107147 goto out1;
107148 @@ -633,7 +596,6 @@ static int __init logfs_init(void)
107149 out2:
107150 logfs_compr_exit();
107151 out1:
107152 - __free_pages(emergency_page, 0);
107153 return ret;
107154 }
107155
107156 @@ -642,7 +604,6 @@ static void __exit logfs_exit(void)
107157 unregister_filesystem(&logfs_fs_type);
107158 logfs_destroy_inode_cache();
107159 logfs_compr_exit();
107160 - __free_pages(emergency_page, 0);
107161 }
107162
107163 module_init(logfs_init);
107164 diff --git a/fs/mount.h b/fs/mount.h
107165 index 14db05d..687f6d8 100644
107166 --- a/fs/mount.h
107167 +++ b/fs/mount.h
107168 @@ -13,7 +13,7 @@ struct mnt_namespace {
107169 u64 seq; /* Sequence number to prevent loops */
107170 wait_queue_head_t poll;
107171 u64 event;
107172 -};
107173 +} __randomize_layout;
107174
107175 struct mnt_pcp {
107176 int mnt_count;
107177 @@ -65,7 +65,7 @@ struct mount {
107178 struct hlist_head mnt_pins;
107179 struct fs_pin mnt_umount;
107180 struct dentry *mnt_ex_mountpoint;
107181 -};
107182 +} __randomize_layout;
107183
107184 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
107185
107186 diff --git a/fs/namei.c b/fs/namei.c
107187 index adb0414..82da447 100644
107188 --- a/fs/namei.c
107189 +++ b/fs/namei.c
107190 @@ -338,17 +338,32 @@ int generic_permission(struct inode *inode, int mask)
107191 if (ret != -EACCES)
107192 return ret;
107193
107194 +#ifdef CONFIG_GRKERNSEC
107195 + /* we'll block if we have to log due to a denied capability use */
107196 + if (mask & MAY_NOT_BLOCK)
107197 + return -ECHILD;
107198 +#endif
107199 +
107200 if (S_ISDIR(inode->i_mode)) {
107201 /* DACs are overridable for directories */
107202 - if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
107203 - return 0;
107204 if (!(mask & MAY_WRITE))
107205 - if (capable_wrt_inode_uidgid(inode,
107206 - CAP_DAC_READ_SEARCH))
107207 + if (capable_wrt_inode_uidgid_nolog(inode, CAP_DAC_OVERRIDE) ||
107208 + capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH))
107209 return 0;
107210 + if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
107211 + return 0;
107212 return -EACCES;
107213 }
107214 /*
107215 + * Searching includes executable on directories, else just read.
107216 + */
107217 + mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
107218 + if (mask == MAY_READ)
107219 + if (capable_wrt_inode_uidgid_nolog(inode, CAP_DAC_OVERRIDE) ||
107220 + capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH))
107221 + return 0;
107222 +
107223 + /*
107224 * Read/write DACs are always overridable.
107225 * Executable DACs are overridable when there is
107226 * at least one exec bit set.
107227 @@ -357,14 +372,6 @@ int generic_permission(struct inode *inode, int mask)
107228 if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
107229 return 0;
107230
107231 - /*
107232 - * Searching includes executable on directories, else just read.
107233 - */
107234 - mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
107235 - if (mask == MAY_READ)
107236 - if (capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH))
107237 - return 0;
107238 -
107239 return -EACCES;
107240 }
107241 EXPORT_SYMBOL(generic_permission);
107242 @@ -524,12 +531,35 @@ struct nameidata {
107243 struct inode *link_inode;
107244 unsigned root_seq;
107245 int dfd;
107246 -};
107247 +#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
107248 + struct path *symlinkown_stack;
107249 + struct path symlinkown_internal[EMBEDDED_LEVELS];
107250 + unsigned symlinkown_depth;
107251 + int symlinkown_enabled;
107252 +#endif
107253 +} __randomize_layout;
107254 +
107255 +static int gr_handle_nameidata_symlinkowner(const struct nameidata *nd, const struct inode *target)
107256 +{
107257 +#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
107258 + int i;
107259 +
107260 + for (i = 0; i < nd->symlinkown_depth; i++) {
107261 + if (gr_handle_symlink_owner(&nd->symlinkown_stack[i], target))
107262 + return -EACCES;
107263 + }
107264 +#endif
107265 + return 0;
107266 +}
107267
107268 static void set_nameidata(struct nameidata *p, int dfd, struct filename *name)
107269 {
107270 struct nameidata *old = current->nameidata;
107271 p->stack = p->internal;
107272 +#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
107273 + p->symlinkown_stack = p->symlinkown_internal;
107274 + p->symlinkown_enabled = -1;
107275 +#endif
107276 p->dfd = dfd;
107277 p->name = name;
107278 p->total_link_count = old ? old->total_link_count : 0;
107279 @@ -546,6 +576,10 @@ static void restore_nameidata(void)
107280 old->total_link_count = now->total_link_count;
107281 if (now->stack != now->internal)
107282 kfree(now->stack);
107283 +#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
107284 + if (now->symlinkown_stack != now->symlinkown_internal)
107285 + kfree(now->symlinkown_stack);
107286 +#endif
107287 }
107288
107289 static int __nd_alloc_stack(struct nameidata *nd)
107290 @@ -565,6 +599,7 @@ static int __nd_alloc_stack(struct nameidata *nd)
107291 }
107292 memcpy(p, nd->internal, sizeof(nd->internal));
107293 nd->stack = p;
107294 +
107295 return 0;
107296 }
107297
107298 @@ -586,8 +621,32 @@ static bool path_connected(const struct path *path)
107299 return is_subdir(path->dentry, mnt->mnt_root);
107300 }
107301
107302 +#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
107303 +static int nd_alloc_symlinkown_stack(struct nameidata *nd)
107304 +{
107305 + struct path *p;
107306 +
107307 + if (likely(nd->symlinkown_depth != EMBEDDED_LEVELS))
107308 + return 0;
107309 + if (nd->symlinkown_stack != nd->symlinkown_internal)
107310 + return 0;
107311 +
107312 + p = kmalloc(MAXSYMLINKS * sizeof(struct path), GFP_KERNEL);
107313 + if (unlikely(!p))
107314 + return -ENOMEM;
107315 + memcpy(p, nd->symlinkown_internal, sizeof(nd->symlinkown_internal));
107316 + nd->symlinkown_stack = p;
107317 + return 0;
107318 +}
107319 +#endif
107320 +
107321 static inline int nd_alloc_stack(struct nameidata *nd)
107322 {
107323 +#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
107324 + if (nd->flags & LOOKUP_RCU)
107325 + return -ECHILD;
107326 +#endif
107327 +
107328 if (likely(nd->depth != EMBEDDED_LEVELS))
107329 return 0;
107330 if (likely(nd->stack != nd->internal))
107331 @@ -613,6 +672,14 @@ static void terminate_walk(struct nameidata *nd)
107332 path_put(&nd->path);
107333 for (i = 0; i < nd->depth; i++)
107334 path_put(&nd->stack[i].link);
107335 +
107336 +#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
107337 + /* we'll only ever set our values in ref-walk mode */
107338 + for (i = 0; i < nd->symlinkown_depth; i++)
107339 + path_put(&nd->symlinkown_stack[i]);
107340 + nd->symlinkown_depth = 0;
107341 +#endif
107342 +
107343 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) {
107344 path_put(&nd->root);
107345 nd->root.mnt = NULL;
107346 @@ -1026,6 +1093,9 @@ const char *get_link(struct nameidata *nd)
107347 if (unlikely(error))
107348 return ERR_PTR(error);
107349
107350 + if (gr_handle_follow_link(dentry, last->link.mnt))
107351 + return ERR_PTR(-EACCES);
107352 +
107353 nd->last_type = LAST_BIND;
107354 res = inode->i_link;
107355 if (!res) {
107356 @@ -1717,6 +1787,23 @@ static int pick_link(struct nameidata *nd, struct path *link,
107357 }
107358 }
107359
107360 +#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
107361 + if (unlikely(nd->symlinkown_enabled == -1))
107362 + nd->symlinkown_enabled = gr_get_symlinkown_enabled();
107363 + if (nd->symlinkown_enabled && gr_is_global_nonroot(inode->i_uid)) {
107364 + struct path *symlinkownlast;
107365 + error = nd_alloc_symlinkown_stack(nd);
107366 + if (unlikely(error)) {
107367 + path_put(link);
107368 + return error;
107369 + }
107370 + symlinkownlast = nd->symlinkown_stack + nd->symlinkown_depth++;
107371 + symlinkownlast->dentry = link->dentry;
107372 + symlinkownlast->mnt = link->mnt;
107373 + path_get(symlinkownlast);
107374 + }
107375 +#endif
107376 +
107377 last = nd->stack + nd->depth++;
107378 last->link = *link;
107379 clear_delayed_call(&last->done);
107380 @@ -1931,7 +2018,7 @@ u64 hashlen_string(const void *salt, const char *name)
107381 {
107382 unsigned long a = 0, x = 0, y = (unsigned long)salt;
107383 unsigned long adata, mask, len;
107384 - const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
107385 + static const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
107386
107387 len = 0;
107388 goto inside;
107389 @@ -2144,6 +2231,10 @@ static const char *path_init(struct nameidata *nd, unsigned flags)
107390 nd->last_type = LAST_ROOT; /* if there are only slashes... */
107391 nd->flags = flags | LOOKUP_JUMPED | LOOKUP_PARENT;
107392 nd->depth = 0;
107393 +#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
107394 + nd->symlinkown_depth = 0;
107395 +#endif
107396 +
107397 if (flags & LOOKUP_ROOT) {
107398 struct dentry *root = nd->root.dentry;
107399 struct inode *inode = root->d_inode;
107400 @@ -2275,6 +2366,14 @@ static int path_lookupat(struct nameidata *nd, unsigned flags, struct path *path
107401 if (!err)
107402 err = complete_walk(nd);
107403
107404 + if (!err && !(nd->flags & LOOKUP_PARENT)) {
107405 + if (!gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt))
107406 + err = -ENOENT;
107407 + if (!err)
107408 + err = gr_chroot_pathat(nd->dfd, nd->path.dentry,
107409 + nd->path.mnt, nd->flags);
107410 + }
107411 +
107412 if (!err && nd->flags & LOOKUP_DIRECTORY)
107413 if (!d_can_lookup(nd->path.dentry))
107414 err = -ENOTDIR;
107415 @@ -2323,6 +2422,14 @@ static int path_parentat(struct nameidata *nd, unsigned flags,
107416 err = link_path_walk(s, nd);
107417 if (!err)
107418 err = complete_walk(nd);
107419 +
107420 + if (!err && gr_handle_nameidata_symlinkowner(nd, nd->inode))
107421 + err = -EACCES;
107422 +
107423 + if (!err)
107424 + err = gr_chroot_pathat(nd->dfd, nd->path.dentry,
107425 + nd->path.mnt, nd->flags);
107426 +
107427 if (!err) {
107428 *parent = nd->path;
107429 nd->path.mnt = NULL;
107430 @@ -2940,6 +3047,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
107431 if (flag & O_NOATIME && !inode_owner_or_capable(inode))
107432 return -EPERM;
107433
107434 + if (gr_handle_rofs_blockwrite(dentry, path->mnt, acc_mode))
107435 + return -EPERM;
107436 + if (gr_handle_rawio(inode))
107437 + return -EPERM;
107438 + if (!gr_acl_handle_open(dentry, path->mnt, acc_mode))
107439 + return -EACCES;
107440 +
107441 return 0;
107442 }
107443
107444 @@ -3179,6 +3293,20 @@ no_open:
107445
107446 /* Negative dentry, just create the file */
107447 if (!dentry->d_inode && (open_flag & O_CREAT)) {
107448 + error = gr_chroot_pathat(nd->dfd, dentry, nd->path.mnt, nd->flags);
107449 + if (error)
107450 + goto out_dput;
107451 +
107452 + if (gr_handle_nameidata_symlinkowner(nd, dir_inode)) {
107453 + error = -EACCES;
107454 + goto out_dput;
107455 + }
107456 +
107457 + if (!gr_acl_handle_creat(dentry, dir, nd->path.mnt, op->open_flag, op->acc_mode, mode)) {
107458 + error = -EACCES;
107459 + goto out_dput;
107460 + }
107461 +
107462 *opened |= FILE_CREATED;
107463 audit_inode_child(dir_inode, dentry, AUDIT_TYPE_CHILD_CREATE);
107464 if (!dir_inode->i_op->create) {
107465 @@ -3189,6 +3317,7 @@ no_open:
107466 open_flag & O_EXCL);
107467 if (error)
107468 goto out_dput;
107469 + gr_handle_create(dentry, nd->path.mnt);
107470 fsnotify_create(dir_inode, dentry);
107471 }
107472 if (unlikely(create_error) && !dentry->d_inode) {
107473 @@ -3303,6 +3432,11 @@ static int do_last(struct nameidata *nd,
107474 goto finish_open_created;
107475 }
107476
107477 + if (!gr_acl_handle_hidden_file(path.dentry, nd->path.mnt)) {
107478 + path_to_nameidata(&path, nd);
107479 + return -ENOENT;
107480 + }
107481 +
107482 /*
107483 * If atomic_open() acquired write access it is dropped now due to
107484 * possible mount and symlink following (this might be optimized away if
107485 @@ -3322,6 +3456,13 @@ static int do_last(struct nameidata *nd,
107486 return -ENOENT;
107487 }
107488
107489 + /* only check if O_CREAT is specified, all other checks need to go
107490 + into may_open */
107491 + if (gr_handle_fifo(path.dentry, path.mnt, dir, open_flag, acc_mode)) {
107492 + path_to_nameidata(&path, nd);
107493 + return -EACCES;
107494 + }
107495 +
107496 /*
107497 * create/update audit record if it already exists.
107498 */
107499 @@ -3350,6 +3491,21 @@ finish_open:
107500 error = complete_walk(nd);
107501 if (error)
107502 return error;
107503 +
107504 + if (!gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt)) {
107505 + error = -ENOENT;
107506 + goto out;
107507 + }
107508 +
107509 + error = gr_chroot_pathat(nd->dfd, nd->path.dentry, nd->path.mnt, nd->flags);
107510 + if (error)
107511 + goto out;
107512 +
107513 + if (gr_handle_nameidata_symlinkowner(nd, nd->inode)) {
107514 + error = -EACCES;
107515 + goto out;
107516 + }
107517 +
107518 audit_inode(nd->name, nd->path.dentry, 0);
107519 error = -EISDIR;
107520 if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry))
107521 @@ -3606,9 +3762,11 @@ static struct dentry *filename_create(int dfd, struct filename *name,
107522 goto unlock;
107523
107524 error = -EEXIST;
107525 - if (d_is_positive(dentry))
107526 + if (d_is_positive(dentry)) {
107527 + if (!gr_acl_handle_hidden_file(dentry, path->mnt))
107528 + error = -ENOENT;
107529 goto fail;
107530 -
107531 + }
107532 /*
107533 * Special case - lookup gave negative, but... we had foo/bar/
107534 * From the vfs_mknod() POV we just have a negative dentry -
107535 @@ -3662,6 +3820,20 @@ inline struct dentry *user_path_create(int dfd, const char __user *pathname,
107536 }
107537 EXPORT_SYMBOL(user_path_create);
107538
107539 +static struct dentry *user_path_create_with_name(int dfd, const char __user *pathname, struct path *path, struct filename **to, unsigned int lookup_flags)
107540 +{
107541 + struct filename *tmp = getname(pathname);
107542 + struct dentry *res;
107543 + if (IS_ERR(tmp))
107544 + return ERR_CAST(tmp);
107545 + res = kern_path_create(dfd, tmp->name, path, lookup_flags);
107546 + if (IS_ERR(res))
107547 + putname(tmp);
107548 + else
107549 + *to = tmp;
107550 + return res;
107551 +}
107552 +
107553 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
107554 {
107555 int error = may_create(dir, dentry);
107556 @@ -3725,6 +3897,17 @@ retry:
107557
107558 if (!IS_POSIXACL(path.dentry->d_inode))
107559 mode &= ~current_umask();
107560 +
107561 + if (gr_handle_chroot_mknod(dentry, path.mnt, mode)) {
107562 + error = -EPERM;
107563 + goto out;
107564 + }
107565 +
107566 + if (!gr_acl_handle_mknod(dentry, path.dentry, path.mnt, mode)) {
107567 + error = -EACCES;
107568 + goto out;
107569 + }
107570 +
107571 error = security_path_mknod(&path, dentry, mode, dev);
107572 if (error)
107573 goto out;
107574 @@ -3742,6 +3925,8 @@ retry:
107575 error = vfs_mknod(path.dentry->d_inode,dentry,mode,0);
107576 break;
107577 }
107578 + if (!error)
107579 + gr_handle_create(dentry, path.mnt);
107580 out:
107581 done_path_create(&path, dentry);
107582 if (retry_estale(error, lookup_flags)) {
107583 @@ -3796,9 +3981,16 @@ retry:
107584
107585 if (!IS_POSIXACL(path.dentry->d_inode))
107586 mode &= ~current_umask();
107587 + if (!gr_acl_handle_mkdir(dentry, path.dentry, path.mnt)) {
107588 + error = -EACCES;
107589 + goto out;
107590 + }
107591 error = security_path_mkdir(&path, dentry, mode);
107592 if (!error)
107593 error = vfs_mkdir(path.dentry->d_inode, dentry, mode);
107594 + if (!error)
107595 + gr_handle_create(dentry, path.mnt);
107596 +out:
107597 done_path_create(&path, dentry);
107598 if (retry_estale(error, lookup_flags)) {
107599 lookup_flags |= LOOKUP_REVAL;
107600 @@ -3859,6 +4051,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
107601 struct path path;
107602 struct qstr last;
107603 int type;
107604 + u64 saved_ino = 0;
107605 + dev_t saved_dev = 0;
107606 unsigned int lookup_flags = 0;
107607 retry:
107608 name = user_path_parent(dfd, pathname,
107609 @@ -3891,10 +4085,20 @@ retry:
107610 error = -ENOENT;
107611 goto exit3;
107612 }
107613 + saved_ino = gr_get_ino_from_dentry(dentry);
107614 + saved_dev = gr_get_dev_from_dentry(dentry);
107615 +
107616 + if (!gr_acl_handle_rmdir(dentry, path.mnt)) {
107617 + error = -EACCES;
107618 + goto exit3;
107619 + }
107620 +
107621 error = security_path_rmdir(&path, dentry);
107622 if (error)
107623 goto exit3;
107624 error = vfs_rmdir(path.dentry->d_inode, dentry);
107625 + if (!error && (saved_dev || saved_ino))
107626 + gr_handle_delete(saved_ino, saved_dev);
107627 exit3:
107628 dput(dentry);
107629 exit2:
107630 @@ -3989,6 +4193,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
107631 int type;
107632 struct inode *inode = NULL;
107633 struct inode *delegated_inode = NULL;
107634 + u64 saved_ino = 0;
107635 + dev_t saved_dev = 0;
107636 unsigned int lookup_flags = 0;
107637 retry:
107638 name = user_path_parent(dfd, pathname,
107639 @@ -4015,10 +4221,21 @@ retry_deleg:
107640 if (d_is_negative(dentry))
107641 goto slashes;
107642 ihold(inode);
107643 + if (inode->i_nlink <= 1) {
107644 + saved_ino = gr_get_ino_from_dentry(dentry);
107645 + saved_dev = gr_get_dev_from_dentry(dentry);
107646 + }
107647 + if (!gr_acl_handle_unlink(dentry, path.mnt)) {
107648 + error = -EACCES;
107649 + goto exit2;
107650 + }
107651 +
107652 error = security_path_unlink(&path, dentry);
107653 if (error)
107654 goto exit2;
107655 error = vfs_unlink(path.dentry->d_inode, dentry, &delegated_inode);
107656 + if (!error && (saved_ino || saved_dev))
107657 + gr_handle_delete(saved_ino, saved_dev);
107658 exit2:
107659 dput(dentry);
107660 }
107661 @@ -4107,9 +4324,17 @@ retry:
107662 if (IS_ERR(dentry))
107663 goto out_putname;
107664
107665 + if (!gr_acl_handle_symlink(dentry, path.dentry, path.mnt, from)) {
107666 + error = -EACCES;
107667 + goto out;
107668 + }
107669 +
107670 error = security_path_symlink(&path, dentry, from->name);
107671 if (!error)
107672 error = vfs_symlink(path.dentry->d_inode, dentry, from->name);
107673 + if (!error)
107674 + gr_handle_create(dentry, path.mnt);
107675 +out:
107676 done_path_create(&path, dentry);
107677 if (retry_estale(error, lookup_flags)) {
107678 lookup_flags |= LOOKUP_REVAL;
107679 @@ -4220,6 +4445,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
107680 struct dentry *new_dentry;
107681 struct path old_path, new_path;
107682 struct inode *delegated_inode = NULL;
107683 + struct filename *to = NULL;
107684 int how = 0;
107685 int error;
107686
107687 @@ -4243,7 +4469,7 @@ retry:
107688 if (error)
107689 return error;
107690
107691 - new_dentry = user_path_create(newdfd, newname, &new_path,
107692 + new_dentry = user_path_create_with_name(newdfd, newname, &new_path, &to,
107693 (how & LOOKUP_REVAL));
107694 error = PTR_ERR(new_dentry);
107695 if (IS_ERR(new_dentry))
107696 @@ -4255,11 +4481,26 @@ retry:
107697 error = may_linkat(&old_path);
107698 if (unlikely(error))
107699 goto out_dput;
107700 +
107701 + if (gr_handle_hardlink(old_path.dentry, old_path.mnt, to)) {
107702 + error = -EACCES;
107703 + goto out_dput;
107704 + }
107705 +
107706 + if (!gr_acl_handle_link(new_dentry, new_path.dentry, new_path.mnt,
107707 + old_path.dentry, old_path.mnt, to)) {
107708 + error = -EACCES;
107709 + goto out_dput;
107710 + }
107711 +
107712 error = security_path_link(old_path.dentry, &new_path, new_dentry);
107713 if (error)
107714 goto out_dput;
107715 error = vfs_link(old_path.dentry, new_path.dentry->d_inode, new_dentry, &delegated_inode);
107716 + if (!error)
107717 + gr_handle_create(new_dentry, new_path.mnt);
107718 out_dput:
107719 + putname(to);
107720 done_path_create(&new_path, new_dentry);
107721 if (delegated_inode) {
107722 error = break_deleg_wait(&delegated_inode);
107723 @@ -4578,6 +4819,20 @@ retry_deleg:
107724 if (new_dentry == trap)
107725 goto exit5;
107726
107727 + if (gr_bad_chroot_rename(old_dentry, old_path.mnt, new_dentry, new_path.mnt)) {
107728 + /* use EXDEV error to cause 'mv' to switch to an alternative
107729 + * method for usability
107730 + */
107731 + error = -EXDEV;
107732 + goto exit5;
107733 + }
107734 +
107735 + error = gr_acl_handle_rename(new_dentry, new_path.dentry, new_path.mnt,
107736 + old_dentry, d_backing_inode(old_path.dentry), old_path.mnt,
107737 + to, flags);
107738 + if (error)
107739 + goto exit5;
107740 +
107741 error = security_path_rename(&old_path, old_dentry,
107742 &new_path, new_dentry, flags);
107743 if (error)
107744 @@ -4585,6 +4840,9 @@ retry_deleg:
107745 error = vfs_rename(old_path.dentry->d_inode, old_dentry,
107746 new_path.dentry->d_inode, new_dentry,
107747 &delegated_inode, flags);
107748 + if (!error)
107749 + gr_handle_rename(d_backing_inode(old_path.dentry), d_backing_inode(new_path.dentry), old_dentry,
107750 + new_dentry, old_path.mnt, d_is_positive(new_dentry) ? 1 : 0, flags);
107751 exit5:
107752 dput(new_dentry);
107753 exit4:
107754 diff --git a/fs/namespace.c b/fs/namespace.c
107755 index 7bb2cda..74b3e8f 100644
107756 --- a/fs/namespace.c
107757 +++ b/fs/namespace.c
107758 @@ -1516,6 +1516,9 @@ static int do_umount(struct mount *mnt, int flags)
107759 if (!(sb->s_flags & MS_RDONLY))
107760 retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
107761 up_write(&sb->s_umount);
107762 +
107763 + gr_log_remount(mnt->mnt_devname, retval);
107764 +
107765 return retval;
107766 }
107767
107768 @@ -1538,6 +1541,9 @@ static int do_umount(struct mount *mnt, int flags)
107769 }
107770 unlock_mount_hash();
107771 namespace_unlock();
107772 +
107773 + gr_log_unmount(mnt->mnt_devname, retval);
107774 +
107775 return retval;
107776 }
107777
107778 @@ -1601,7 +1607,7 @@ static inline bool may_mandlock(void)
107779 * unixes. Our API is identical to OSF/1 to avoid making a mess of AMD
107780 */
107781
107782 -SYSCALL_DEFINE2(umount, char __user *, name, int, flags)
107783 +SYSCALL_DEFINE2(umount, const char __user *, name, int, flags)
107784 {
107785 struct path path;
107786 struct mount *mnt;
107787 @@ -1646,7 +1652,7 @@ out:
107788 /*
107789 * The 2.0 compatible umount. No flags.
107790 */
107791 -SYSCALL_DEFINE1(oldumount, char __user *, name)
107792 +SYSCALL_DEFINE1(oldumount, const char __user *, name)
107793 {
107794 return sys_umount(name, 0);
107795 }
107796 @@ -2702,6 +2708,16 @@ long do_mount(const char *dev_name, const char __user *dir_name,
107797 MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
107798 MS_STRICTATIME);
107799
107800 + if (gr_handle_rofs_mount(path.dentry, path.mnt, mnt_flags)) {
107801 + retval = -EPERM;
107802 + goto dput_out;
107803 + }
107804 +
107805 + if (gr_handle_chroot_mount(path.dentry, path.mnt, dev_name)) {
107806 + retval = -EPERM;
107807 + goto dput_out;
107808 + }
107809 +
107810 if (flags & MS_REMOUNT)
107811 retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags,
107812 data_page);
107813 @@ -2715,7 +2731,10 @@ long do_mount(const char *dev_name, const char __user *dir_name,
107814 retval = do_new_mount(&path, type_page, flags, mnt_flags,
107815 dev_name, data_page);
107816 dput_out:
107817 + gr_log_mount(dev_name, &path, retval);
107818 +
107819 path_put(&path);
107820 +
107821 return retval;
107822 }
107823
107824 @@ -2733,7 +2752,7 @@ static void free_mnt_ns(struct mnt_namespace *ns)
107825 * number incrementing at 10Ghz will take 12,427 years to wrap which
107826 * is effectively never, so we can ignore the possibility.
107827 */
107828 -static atomic64_t mnt_ns_seq = ATOMIC64_INIT(1);
107829 +static atomic64_unchecked_t mnt_ns_seq = ATOMIC64_INIT(1);
107830
107831 static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
107832 {
107833 @@ -2749,7 +2768,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
107834 return ERR_PTR(ret);
107835 }
107836 new_ns->ns.ops = &mntns_operations;
107837 - new_ns->seq = atomic64_add_return(1, &mnt_ns_seq);
107838 + new_ns->seq = atomic64_add_return_unchecked(1, &mnt_ns_seq);
107839 atomic_set(&new_ns->count, 1);
107840 new_ns->root = NULL;
107841 INIT_LIST_HEAD(&new_ns->list);
107842 @@ -2759,6 +2778,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
107843 return new_ns;
107844 }
107845
107846 +__latent_entropy
107847 struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns,
107848 struct user_namespace *user_ns, struct fs_struct *new_fs)
107849 {
107850 @@ -2880,8 +2900,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name)
107851 }
107852 EXPORT_SYMBOL(mount_subtree);
107853
107854 -SYSCALL_DEFINE5(mount, char __user *, dev_name, char __user *, dir_name,
107855 - char __user *, type, unsigned long, flags, void __user *, data)
107856 +SYSCALL_DEFINE5(mount, const char __user *, dev_name, const char __user *, dir_name,
107857 + const char __user *, type, unsigned long, flags, void __user *, data)
107858 {
107859 int ret;
107860 char *kernel_type;
107861 @@ -2987,6 +3007,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
107862 if (error)
107863 goto out2;
107864
107865 + if (gr_handle_chroot_pivot()) {
107866 + error = -EPERM;
107867 + goto out2;
107868 + }
107869 +
107870 get_fs_root(current->fs, &root);
107871 old_mp = lock_mount(&old);
107872 error = PTR_ERR(old_mp);
107873 @@ -3326,7 +3351,7 @@ static int mntns_install(struct nsproxy *nsproxy, struct ns_common *ns)
107874 !ns_capable(current_user_ns(), CAP_SYS_ADMIN))
107875 return -EPERM;
107876
107877 - if (fs->users != 1)
107878 + if (atomic_read(&fs->users) != 1)
107879 return -EINVAL;
107880
107881 get_mnt_ns(mnt_ns);
107882 diff --git a/fs/nfs/callback.h b/fs/nfs/callback.h
107883 index 5fe1cec..d0f4ac0 100644
107884 --- a/fs/nfs/callback.h
107885 +++ b/fs/nfs/callback.h
107886 @@ -114,8 +114,8 @@ struct cb_sequenceres {
107887 uint32_t csr_target_highestslotid;
107888 };
107889
107890 -extern __be32 nfs4_callback_sequence(struct cb_sequenceargs *args,
107891 - struct cb_sequenceres *res,
107892 +extern __be32 nfs4_callback_sequence(void *_args,
107893 + void *_res,
107894 struct cb_process_state *cps);
107895
107896 #define RCA4_TYPE_MASK_RDATA_DLG 0
107897 @@ -134,14 +134,14 @@ struct cb_recallanyargs {
107898 uint32_t craa_type_mask;
107899 };
107900
107901 -extern __be32 nfs4_callback_recallany(struct cb_recallanyargs *args,
107902 +extern __be32 nfs4_callback_recallany(void *_args,
107903 void *dummy,
107904 struct cb_process_state *cps);
107905
107906 struct cb_recallslotargs {
107907 uint32_t crsa_target_highest_slotid;
107908 };
107909 -extern __be32 nfs4_callback_recallslot(struct cb_recallslotargs *args,
107910 +extern __be32 nfs4_callback_recallslot(void *_args,
107911 void *dummy,
107912 struct cb_process_state *cps);
107913
107914 @@ -160,7 +160,7 @@ struct cb_layoutrecallargs {
107915 };
107916
107917 extern __be32 nfs4_callback_layoutrecall(
107918 - struct cb_layoutrecallargs *args,
107919 + void *_args,
107920 void *dummy, struct cb_process_state *cps);
107921
107922 struct cb_devicenotifyitem {
107923 @@ -176,15 +176,15 @@ struct cb_devicenotifyargs {
107924 };
107925
107926 extern __be32 nfs4_callback_devicenotify(
107927 - struct cb_devicenotifyargs *args,
107928 + void *_args,
107929 void *dummy, struct cb_process_state *cps);
107930
107931 #endif /* CONFIG_NFS_V4_1 */
107932 extern int check_gss_callback_principal(struct nfs_client *, struct svc_rqst *);
107933 -extern __be32 nfs4_callback_getattr(struct cb_getattrargs *args,
107934 - struct cb_getattrres *res,
107935 +extern __be32 nfs4_callback_getattr(void *args,
107936 + void *res,
107937 struct cb_process_state *cps);
107938 -extern __be32 nfs4_callback_recall(struct cb_recallargs *args, void *dummy,
107939 +extern __be32 nfs4_callback_recall(void *args, void *dummy,
107940 struct cb_process_state *cps);
107941 #if IS_ENABLED(CONFIG_NFS_V4)
107942 extern int nfs_callback_up(u32 minorversion, struct rpc_xprt *xprt);
107943 diff --git a/fs/nfs/callback_proc.c b/fs/nfs/callback_proc.c
107944 index f953ef6..3791d58 100644
107945 --- a/fs/nfs/callback_proc.c
107946 +++ b/fs/nfs/callback_proc.c
107947 @@ -19,10 +19,12 @@
107948
107949 #define NFSDBG_FACILITY NFSDBG_CALLBACK
107950
107951 -__be32 nfs4_callback_getattr(struct cb_getattrargs *args,
107952 - struct cb_getattrres *res,
107953 +__be32 nfs4_callback_getattr(void *_args,
107954 + void *_res,
107955 struct cb_process_state *cps)
107956 {
107957 + struct cb_getattrargs *args = _args;
107958 + struct cb_getattrres *res = _res;
107959 struct nfs_delegation *delegation;
107960 struct nfs_inode *nfsi;
107961 struct inode *inode;
107962 @@ -68,9 +70,10 @@ out:
107963 return res->status;
107964 }
107965
107966 -__be32 nfs4_callback_recall(struct cb_recallargs *args, void *dummy,
107967 +__be32 nfs4_callback_recall(void *_args, void *dummy,
107968 struct cb_process_state *cps)
107969 {
107970 + struct cb_recallargs *args = _args;
107971 struct inode *inode;
107972 __be32 res;
107973
107974 @@ -294,7 +297,7 @@ static u32 do_callback_layoutrecall(struct nfs_client *clp,
107975
107976 }
107977
107978 -__be32 nfs4_callback_layoutrecall(struct cb_layoutrecallargs *args,
107979 +__be32 nfs4_callback_layoutrecall(void *args,
107980 void *dummy, struct cb_process_state *cps)
107981 {
107982 u32 res;
107983 @@ -321,9 +324,10 @@ static void pnfs_recall_all_layouts(struct nfs_client *clp)
107984 do_callback_layoutrecall(clp, &args);
107985 }
107986
107987 -__be32 nfs4_callback_devicenotify(struct cb_devicenotifyargs *args,
107988 +__be32 nfs4_callback_devicenotify(void *_args,
107989 void *dummy, struct cb_process_state *cps)
107990 {
107991 + struct cb_devicenotifyargs *args = _args;
107992 int i;
107993 __be32 res = 0;
107994 struct nfs_client *clp = cps->clp;
107995 @@ -465,10 +469,12 @@ out:
107996 return status;
107997 }
107998
107999 -__be32 nfs4_callback_sequence(struct cb_sequenceargs *args,
108000 - struct cb_sequenceres *res,
108001 +__be32 nfs4_callback_sequence(void *_args,
108002 + void *_res,
108003 struct cb_process_state *cps)
108004 {
108005 + struct cb_sequenceargs *args = _args;
108006 + struct cb_sequenceres *res = _res;
108007 struct nfs4_slot_table *tbl;
108008 struct nfs4_slot *slot;
108009 struct nfs_client *clp;
108010 @@ -569,9 +575,10 @@ validate_bitmap_values(unsigned long mask)
108011 return (mask & ~RCA4_TYPE_MASK_ALL) == 0;
108012 }
108013
108014 -__be32 nfs4_callback_recallany(struct cb_recallanyargs *args, void *dummy,
108015 +__be32 nfs4_callback_recallany(void *_args, void *dummy,
108016 struct cb_process_state *cps)
108017 {
108018 + struct cb_recallanyargs *args = _args;
108019 __be32 status;
108020 fmode_t flags = 0;
108021
108022 @@ -604,9 +611,10 @@ out:
108023 }
108024
108025 /* Reduce the fore channel's max_slots to the target value */
108026 -__be32 nfs4_callback_recallslot(struct cb_recallslotargs *args, void *dummy,
108027 +__be32 nfs4_callback_recallslot(void *_args, void *dummy,
108028 struct cb_process_state *cps)
108029 {
108030 + struct cb_recallslotargs *args = _args;
108031 struct nfs4_slot_table *fc_tbl;
108032 __be32 status;
108033
108034 diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c
108035 index 656f68f..79c0026 100644
108036 --- a/fs/nfs/callback_xdr.c
108037 +++ b/fs/nfs/callback_xdr.c
108038 @@ -53,7 +53,7 @@ struct callback_op {
108039 callback_decode_arg_t decode_args;
108040 callback_encode_res_t encode_res;
108041 long res_maxsize;
108042 -};
108043 +} __do_const;
108044
108045 static struct callback_op callback_ops[];
108046
108047 @@ -62,12 +62,12 @@ static __be32 nfs4_callback_null(struct svc_rqst *rqstp, void *argp, void *resp)
108048 return htonl(NFS4_OK);
108049 }
108050
108051 -static int nfs4_decode_void(struct svc_rqst *rqstp, __be32 *p, void *dummy)
108052 +static int nfs4_decode_void(void *rqstp, __be32 *p, void *dummy)
108053 {
108054 return xdr_argsize_check(rqstp, p);
108055 }
108056
108057 -static int nfs4_encode_void(struct svc_rqst *rqstp, __be32 *p, void *dummy)
108058 +static int nfs4_encode_void(void *rqstp, __be32 *p, void *dummy)
108059 {
108060 return xdr_ressize_check(rqstp, p);
108061 }
108062 @@ -199,8 +199,9 @@ static __be32 decode_op_hdr(struct xdr_stream *xdr, unsigned int *op)
108063 return 0;
108064 }
108065
108066 -static __be32 decode_getattr_args(struct svc_rqst *rqstp, struct xdr_stream *xdr, struct cb_getattrargs *args)
108067 +static __be32 decode_getattr_args(struct svc_rqst *rqstp, struct xdr_stream *xdr, void *_args)
108068 {
108069 + struct cb_getattrargs *args = _args;
108070 __be32 status;
108071
108072 status = decode_fh(xdr, &args->fh);
108073 @@ -212,8 +213,9 @@ out:
108074 return status;
108075 }
108076
108077 -static __be32 decode_recall_args(struct svc_rqst *rqstp, struct xdr_stream *xdr, struct cb_recallargs *args)
108078 +static __be32 decode_recall_args(struct svc_rqst *rqstp, struct xdr_stream *xdr, void *_args)
108079 {
108080 + struct cb_recallargs *args = _args;
108081 __be32 *p;
108082 __be32 status;
108083
108084 @@ -241,8 +243,9 @@ static __be32 decode_layout_stateid(struct xdr_stream *xdr, nfs4_stateid *statei
108085
108086 static __be32 decode_layoutrecall_args(struct svc_rqst *rqstp,
108087 struct xdr_stream *xdr,
108088 - struct cb_layoutrecallargs *args)
108089 + void *_args)
108090 {
108091 + struct cb_layoutrecallargs *args = _args;
108092 __be32 *p;
108093 __be32 status = 0;
108094 uint32_t iomode;
108095 @@ -301,8 +304,9 @@ out:
108096 static
108097 __be32 decode_devicenotify_args(struct svc_rqst *rqstp,
108098 struct xdr_stream *xdr,
108099 - struct cb_devicenotifyargs *args)
108100 + void *_args)
108101 {
108102 + struct cb_devicenotifyargs *args = _args;
108103 __be32 *p;
108104 __be32 status = 0;
108105 u32 tmp;
108106 @@ -442,8 +446,9 @@ out:
108107
108108 static __be32 decode_cb_sequence_args(struct svc_rqst *rqstp,
108109 struct xdr_stream *xdr,
108110 - struct cb_sequenceargs *args)
108111 + void *_args)
108112 {
108113 + struct cb_sequenceargs *args = _args;
108114 __be32 *p;
108115 int i;
108116 __be32 status;
108117 @@ -504,8 +509,9 @@ out_free:
108118
108119 static __be32 decode_recallany_args(struct svc_rqst *rqstp,
108120 struct xdr_stream *xdr,
108121 - struct cb_recallanyargs *args)
108122 + void *_args)
108123 {
108124 + struct cb_recallanyargs *args = _args;
108125 uint32_t bitmap[2];
108126 __be32 *p, status;
108127
108128 @@ -523,8 +529,9 @@ static __be32 decode_recallany_args(struct svc_rqst *rqstp,
108129
108130 static __be32 decode_recallslot_args(struct svc_rqst *rqstp,
108131 struct xdr_stream *xdr,
108132 - struct cb_recallslotargs *args)
108133 + void *_args)
108134 {
108135 + struct cb_recallslotargs *args = _args;
108136 __be32 *p;
108137
108138 p = read_buf(xdr, 4);
108139 @@ -659,8 +666,9 @@ static __be32 encode_op_hdr(struct xdr_stream *xdr, uint32_t op, __be32 res)
108140 return 0;
108141 }
108142
108143 -static __be32 encode_getattr_res(struct svc_rqst *rqstp, struct xdr_stream *xdr, const struct cb_getattrres *res)
108144 +static __be32 encode_getattr_res(struct svc_rqst *rqstp, struct xdr_stream *xdr, void *_res)
108145 {
108146 + const struct cb_getattrres *res = _res;
108147 __be32 *savep = NULL;
108148 __be32 status = res->status;
108149
108150 @@ -702,8 +710,9 @@ static __be32 encode_sessionid(struct xdr_stream *xdr,
108151
108152 static __be32 encode_cb_sequence_res(struct svc_rqst *rqstp,
108153 struct xdr_stream *xdr,
108154 - const struct cb_sequenceres *res)
108155 + void *_res)
108156 {
108157 + const struct cb_sequenceres *res = _res;
108158 __be32 *p;
108159 __be32 status = res->csr_status;
108160
108161 @@ -967,43 +976,41 @@ static struct callback_op callback_ops[] = {
108162 .res_maxsize = CB_OP_HDR_RES_MAXSZ,
108163 },
108164 [OP_CB_GETATTR] = {
108165 - .process_op = (callback_process_op_t)nfs4_callback_getattr,
108166 - .decode_args = (callback_decode_arg_t)decode_getattr_args,
108167 - .encode_res = (callback_encode_res_t)encode_getattr_res,
108168 + .process_op = nfs4_callback_getattr,
108169 + .decode_args = decode_getattr_args,
108170 + .encode_res = encode_getattr_res,
108171 .res_maxsize = CB_OP_GETATTR_RES_MAXSZ,
108172 },
108173 [OP_CB_RECALL] = {
108174 - .process_op = (callback_process_op_t)nfs4_callback_recall,
108175 - .decode_args = (callback_decode_arg_t)decode_recall_args,
108176 + .process_op = nfs4_callback_recall,
108177 + .decode_args = decode_recall_args,
108178 .res_maxsize = CB_OP_RECALL_RES_MAXSZ,
108179 },
108180 #if defined(CONFIG_NFS_V4_1)
108181 [OP_CB_LAYOUTRECALL] = {
108182 - .process_op = (callback_process_op_t)nfs4_callback_layoutrecall,
108183 - .decode_args =
108184 - (callback_decode_arg_t)decode_layoutrecall_args,
108185 + .process_op = nfs4_callback_layoutrecall,
108186 + .decode_args = decode_layoutrecall_args,
108187 .res_maxsize = CB_OP_LAYOUTRECALL_RES_MAXSZ,
108188 },
108189 [OP_CB_NOTIFY_DEVICEID] = {
108190 - .process_op = (callback_process_op_t)nfs4_callback_devicenotify,
108191 - .decode_args =
108192 - (callback_decode_arg_t)decode_devicenotify_args,
108193 + .process_op = nfs4_callback_devicenotify,
108194 + .decode_args = decode_devicenotify_args,
108195 .res_maxsize = CB_OP_DEVICENOTIFY_RES_MAXSZ,
108196 },
108197 [OP_CB_SEQUENCE] = {
108198 - .process_op = (callback_process_op_t)nfs4_callback_sequence,
108199 - .decode_args = (callback_decode_arg_t)decode_cb_sequence_args,
108200 - .encode_res = (callback_encode_res_t)encode_cb_sequence_res,
108201 + .process_op = nfs4_callback_sequence,
108202 + .decode_args = decode_cb_sequence_args,
108203 + .encode_res = encode_cb_sequence_res,
108204 .res_maxsize = CB_OP_SEQUENCE_RES_MAXSZ,
108205 },
108206 [OP_CB_RECALL_ANY] = {
108207 - .process_op = (callback_process_op_t)nfs4_callback_recallany,
108208 - .decode_args = (callback_decode_arg_t)decode_recallany_args,
108209 + .process_op = nfs4_callback_recallany,
108210 + .decode_args = decode_recallany_args,
108211 .res_maxsize = CB_OP_RECALLANY_RES_MAXSZ,
108212 },
108213 [OP_CB_RECALL_SLOT] = {
108214 - .process_op = (callback_process_op_t)nfs4_callback_recallslot,
108215 - .decode_args = (callback_decode_arg_t)decode_recallslot_args,
108216 + .process_op = nfs4_callback_recallslot,
108217 + .decode_args = decode_recallslot_args,
108218 .res_maxsize = CB_OP_RECALLSLOT_RES_MAXSZ,
108219 },
108220 #endif /* CONFIG_NFS_V4_1 */
108221 @@ -1015,13 +1022,13 @@ static struct callback_op callback_ops[] = {
108222 static struct svc_procedure nfs4_callback_procedures1[] = {
108223 [CB_NULL] = {
108224 .pc_func = nfs4_callback_null,
108225 - .pc_decode = (kxdrproc_t)nfs4_decode_void,
108226 - .pc_encode = (kxdrproc_t)nfs4_encode_void,
108227 + .pc_decode = nfs4_decode_void,
108228 + .pc_encode = nfs4_encode_void,
108229 .pc_xdrressize = 1,
108230 },
108231 [CB_COMPOUND] = {
108232 .pc_func = nfs4_callback_compound,
108233 - .pc_encode = (kxdrproc_t)nfs4_encode_void,
108234 + .pc_encode = nfs4_encode_void,
108235 .pc_argsize = 256,
108236 .pc_ressize = 256,
108237 .pc_xdrressize = NFS4_CALLBACK_BUFSIZE,
108238 diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
108239 index 6bc5a68..a7324a1 100644
108240 --- a/fs/nfs/dir.c
108241 +++ b/fs/nfs/dir.c
108242 @@ -705,8 +705,9 @@ out:
108243 * We only need to convert from xdr once so future lookups are much simpler
108244 */
108245 static
108246 -int nfs_readdir_filler(nfs_readdir_descriptor_t *desc, struct page* page)
108247 +int nfs_readdir_filler(struct file *_desc, struct page* page)
108248 {
108249 + nfs_readdir_descriptor_t *desc = (nfs_readdir_descriptor_t *)_desc;
108250 struct inode *inode = file_inode(desc->file);
108251 int ret;
108252
108253 @@ -741,7 +742,7 @@ struct page *get_cache_page(nfs_readdir_descriptor_t *desc)
108254
108255 for (;;) {
108256 page = read_cache_page(desc->file->f_mapping,
108257 - desc->page_index, (filler_t *)nfs_readdir_filler, desc);
108258 + desc->page_index, nfs_readdir_filler, desc);
108259 if (IS_ERR(page) || grab_page(page))
108260 break;
108261 put_page(page);
108262 diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
108263 index bf4ec5e..39aec95 100644
108264 --- a/fs/nfs/inode.c
108265 +++ b/fs/nfs/inode.c
108266 @@ -1323,16 +1323,16 @@ static int nfs_check_inode_attributes(struct inode *inode, struct nfs_fattr *fat
108267 return 0;
108268 }
108269
108270 -static atomic_long_t nfs_attr_generation_counter;
108271 +static atomic_long_unchecked_t nfs_attr_generation_counter;
108272
108273 static unsigned long nfs_read_attr_generation_counter(void)
108274 {
108275 - return atomic_long_read(&nfs_attr_generation_counter);
108276 + return atomic_long_read_unchecked(&nfs_attr_generation_counter);
108277 }
108278
108279 unsigned long nfs_inc_attr_generation_counter(void)
108280 {
108281 - return atomic_long_inc_return(&nfs_attr_generation_counter);
108282 + return atomic_long_inc_return_unchecked(&nfs_attr_generation_counter);
108283 }
108284 EXPORT_SYMBOL_GPL(nfs_inc_attr_generation_counter);
108285
108286 diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h
108287 index 74935a1..15544e5 100644
108288 --- a/fs/nfs/internal.h
108289 +++ b/fs/nfs/internal.h
108290 @@ -652,9 +652,10 @@ unsigned long nfs_block_size(unsigned long bsize, unsigned char *nrbitsp)
108291 static inline
108292 void nfs_super_set_maxbytes(struct super_block *sb, __u64 maxfilesize)
108293 {
108294 - sb->s_maxbytes = (loff_t)maxfilesize;
108295 - if (sb->s_maxbytes > MAX_LFS_FILESIZE || sb->s_maxbytes <= 0)
108296 + if (maxfilesize > MAX_LFS_FILESIZE || maxfilesize == 0)
108297 sb->s_maxbytes = MAX_LFS_FILESIZE;
108298 + else
108299 + sb->s_maxbytes = (loff_t)maxfilesize;
108300 }
108301
108302 /*
108303 diff --git a/fs/nfs/mount_clnt.c b/fs/nfs/mount_clnt.c
108304 index 09b1900..344f4c2 100644
108305 --- a/fs/nfs/mount_clnt.c
108306 +++ b/fs/nfs/mount_clnt.c
108307 @@ -303,8 +303,8 @@ static void encode_mntdirpath(struct xdr_stream *xdr, const char *pathname)
108308 xdr_encode_opaque(p, pathname, pathname_len);
108309 }
108310
108311 -static void mnt_xdr_enc_dirpath(struct rpc_rqst *req, struct xdr_stream *xdr,
108312 - const char *dirpath)
108313 +static void mnt_xdr_enc_dirpath(void *req, struct xdr_stream *xdr,
108314 + void *dirpath)
108315 {
108316 encode_mntdirpath(xdr, dirpath);
108317 }
108318 @@ -355,10 +355,11 @@ static int decode_fhandle(struct xdr_stream *xdr, struct mountres *res)
108319 return 0;
108320 }
108321
108322 -static int mnt_xdr_dec_mountres(struct rpc_rqst *req,
108323 +static int mnt_xdr_dec_mountres(void *req,
108324 struct xdr_stream *xdr,
108325 - struct mountres *res)
108326 + void *_res)
108327 {
108328 + struct mountres *res = _res;
108329 int status;
108330
108331 status = decode_status(xdr, res);
108332 @@ -447,10 +448,11 @@ static int decode_auth_flavors(struct xdr_stream *xdr, struct mountres *res)
108333 return 0;
108334 }
108335
108336 -static int mnt_xdr_dec_mountres3(struct rpc_rqst *req,
108337 +static int mnt_xdr_dec_mountres3(void *req,
108338 struct xdr_stream *xdr,
108339 - struct mountres *res)
108340 + void *_res)
108341 {
108342 + struct mountres *res = _res;
108343 int status;
108344
108345 status = decode_fhs_status(xdr, res);
108346 @@ -467,8 +469,8 @@ static int mnt_xdr_dec_mountres3(struct rpc_rqst *req,
108347 static struct rpc_procinfo mnt_procedures[] = {
108348 [MOUNTPROC_MNT] = {
108349 .p_proc = MOUNTPROC_MNT,
108350 - .p_encode = (kxdreproc_t)mnt_xdr_enc_dirpath,
108351 - .p_decode = (kxdrdproc_t)mnt_xdr_dec_mountres,
108352 + .p_encode = mnt_xdr_enc_dirpath,
108353 + .p_decode = mnt_xdr_dec_mountres,
108354 .p_arglen = MNT_enc_dirpath_sz,
108355 .p_replen = MNT_dec_mountres_sz,
108356 .p_statidx = MOUNTPROC_MNT,
108357 @@ -476,7 +478,7 @@ static struct rpc_procinfo mnt_procedures[] = {
108358 },
108359 [MOUNTPROC_UMNT] = {
108360 .p_proc = MOUNTPROC_UMNT,
108361 - .p_encode = (kxdreproc_t)mnt_xdr_enc_dirpath,
108362 + .p_encode = mnt_xdr_enc_dirpath,
108363 .p_arglen = MNT_enc_dirpath_sz,
108364 .p_statidx = MOUNTPROC_UMNT,
108365 .p_name = "UMOUNT",
108366 @@ -486,8 +488,8 @@ static struct rpc_procinfo mnt_procedures[] = {
108367 static struct rpc_procinfo mnt3_procedures[] = {
108368 [MOUNTPROC3_MNT] = {
108369 .p_proc = MOUNTPROC3_MNT,
108370 - .p_encode = (kxdreproc_t)mnt_xdr_enc_dirpath,
108371 - .p_decode = (kxdrdproc_t)mnt_xdr_dec_mountres3,
108372 + .p_encode = mnt_xdr_enc_dirpath,
108373 + .p_decode = mnt_xdr_dec_mountres3,
108374 .p_arglen = MNT_enc_dirpath_sz,
108375 .p_replen = MNT_dec_mountres3_sz,
108376 .p_statidx = MOUNTPROC3_MNT,
108377 @@ -495,7 +497,7 @@ static struct rpc_procinfo mnt3_procedures[] = {
108378 },
108379 [MOUNTPROC3_UMNT] = {
108380 .p_proc = MOUNTPROC3_UMNT,
108381 - .p_encode = (kxdreproc_t)mnt_xdr_enc_dirpath,
108382 + .p_encode = mnt_xdr_enc_dirpath,
108383 .p_arglen = MNT_enc_dirpath_sz,
108384 .p_statidx = MOUNTPROC3_UMNT,
108385 .p_name = "UMOUNT",
108386 diff --git a/fs/nfs/nfs2xdr.c b/fs/nfs/nfs2xdr.c
108387 index b4e03ed..6907eb4 100644
108388 --- a/fs/nfs/nfs2xdr.c
108389 +++ b/fs/nfs/nfs2xdr.c
108390 @@ -566,9 +566,9 @@ out_default:
108391 * "NFS: Network File System Protocol Specification".
108392 */
108393
108394 -static void nfs2_xdr_enc_fhandle(struct rpc_rqst *req,
108395 +static void nfs2_xdr_enc_fhandle(void *req,
108396 struct xdr_stream *xdr,
108397 - const struct nfs_fh *fh)
108398 + void *fh)
108399 {
108400 encode_fhandle(xdr, fh);
108401 }
108402 @@ -581,25 +581,31 @@ static void nfs2_xdr_enc_fhandle(struct rpc_rqst *req,
108403 * sattr attributes;
108404 * };
108405 */
108406 -static void nfs2_xdr_enc_sattrargs(struct rpc_rqst *req,
108407 +static void nfs2_xdr_enc_sattrargs(void *req,
108408 struct xdr_stream *xdr,
108409 - const struct nfs_sattrargs *args)
108410 + void *_args)
108411 {
108412 + const struct nfs_sattrargs *args = _args;
108413 +
108414 encode_fhandle(xdr, args->fh);
108415 encode_sattr(xdr, args->sattr);
108416 }
108417
108418 -static void nfs2_xdr_enc_diropargs(struct rpc_rqst *req,
108419 +static void nfs2_xdr_enc_diropargs(void *req,
108420 struct xdr_stream *xdr,
108421 - const struct nfs_diropargs *args)
108422 + void *_args)
108423 {
108424 + const struct nfs_diropargs *args = _args;
108425 +
108426 encode_diropargs(xdr, args->fh, args->name, args->len);
108427 }
108428
108429 -static void nfs2_xdr_enc_readlinkargs(struct rpc_rqst *req,
108430 +static void nfs2_xdr_enc_readlinkargs(void *req,
108431 struct xdr_stream *xdr,
108432 - const struct nfs_readlinkargs *args)
108433 + void *_args)
108434 {
108435 + const struct nfs_readlinkargs *args = _args;
108436 +
108437 encode_fhandle(xdr, args->fh);
108438 prepare_reply_buffer(req, args->pages, args->pgbase,
108439 args->pglen, NFS_readlinkres_sz);
108440 @@ -630,10 +636,13 @@ static void encode_readargs(struct xdr_stream *xdr,
108441 *p = cpu_to_be32(count);
108442 }
108443
108444 -static void nfs2_xdr_enc_readargs(struct rpc_rqst *req,
108445 +static void nfs2_xdr_enc_readargs(void *_req,
108446 struct xdr_stream *xdr,
108447 - const struct nfs_pgio_args *args)
108448 + void *_args)
108449 {
108450 + struct rpc_rqst *req = _req;
108451 + const struct nfs_pgio_args *args = _args;
108452 +
108453 encode_readargs(xdr, args);
108454 prepare_reply_buffer(req, args->pages, args->pgbase,
108455 args->count, NFS_readres_sz);
108456 @@ -670,9 +679,9 @@ static void encode_writeargs(struct xdr_stream *xdr,
108457 xdr_write_pages(xdr, args->pages, args->pgbase, count);
108458 }
108459
108460 -static void nfs2_xdr_enc_writeargs(struct rpc_rqst *req,
108461 +static void nfs2_xdr_enc_writeargs(void *req,
108462 struct xdr_stream *xdr,
108463 - const struct nfs_pgio_args *args)
108464 + void *args)
108465 {
108466 encode_writeargs(xdr, args);
108467 xdr->buf->flags |= XDRBUF_WRITE;
108468 @@ -686,18 +695,22 @@ static void nfs2_xdr_enc_writeargs(struct rpc_rqst *req,
108469 * sattr attributes;
108470 * };
108471 */
108472 -static void nfs2_xdr_enc_createargs(struct rpc_rqst *req,
108473 +static void nfs2_xdr_enc_createargs(void *req,
108474 struct xdr_stream *xdr,
108475 - const struct nfs_createargs *args)
108476 + void *_args)
108477 {
108478 + const struct nfs_createargs *args = _args;
108479 +
108480 encode_diropargs(xdr, args->fh, args->name, args->len);
108481 encode_sattr(xdr, args->sattr);
108482 }
108483
108484 -static void nfs2_xdr_enc_removeargs(struct rpc_rqst *req,
108485 +static void nfs2_xdr_enc_removeargs(void *req,
108486 struct xdr_stream *xdr,
108487 - const struct nfs_removeargs *args)
108488 + void *_args)
108489 {
108490 + const struct nfs_removeargs *args = _args;
108491 +
108492 encode_diropargs(xdr, args->fh, args->name.name, args->name.len);
108493 }
108494
108495 @@ -709,10 +722,11 @@ static void nfs2_xdr_enc_removeargs(struct rpc_rqst *req,
108496 * diropargs to;
108497 * };
108498 */
108499 -static void nfs2_xdr_enc_renameargs(struct rpc_rqst *req,
108500 +static void nfs2_xdr_enc_renameargs(void *req,
108501 struct xdr_stream *xdr,
108502 - const struct nfs_renameargs *args)
108503 + void *_args)
108504 {
108505 + const struct nfs_renameargs *args = _args;
108506 const struct qstr *old = args->old_name;
108507 const struct qstr *new = args->new_name;
108508
108509 @@ -728,10 +742,12 @@ static void nfs2_xdr_enc_renameargs(struct rpc_rqst *req,
108510 * diropargs to;
108511 * };
108512 */
108513 -static void nfs2_xdr_enc_linkargs(struct rpc_rqst *req,
108514 +static void nfs2_xdr_enc_linkargs(void *req,
108515 struct xdr_stream *xdr,
108516 - const struct nfs_linkargs *args)
108517 + void *_args)
108518 {
108519 + const struct nfs_linkargs *args = _args;
108520 +
108521 encode_fhandle(xdr, args->fromfh);
108522 encode_diropargs(xdr, args->tofh, args->toname, args->tolen);
108523 }
108524 @@ -745,10 +761,12 @@ static void nfs2_xdr_enc_linkargs(struct rpc_rqst *req,
108525 * sattr attributes;
108526 * };
108527 */
108528 -static void nfs2_xdr_enc_symlinkargs(struct rpc_rqst *req,
108529 +static void nfs2_xdr_enc_symlinkargs(void *req,
108530 struct xdr_stream *xdr,
108531 - const struct nfs_symlinkargs *args)
108532 + void *_args)
108533 {
108534 + const struct nfs_symlinkargs *args = _args;
108535 +
108536 encode_diropargs(xdr, args->fromfh, args->fromname, args->fromlen);
108537 encode_path(xdr, args->pages, args->pathlen);
108538 encode_sattr(xdr, args->sattr);
108539 @@ -775,10 +793,12 @@ static void encode_readdirargs(struct xdr_stream *xdr,
108540 *p = cpu_to_be32(args->count);
108541 }
108542
108543 -static void nfs2_xdr_enc_readdirargs(struct rpc_rqst *req,
108544 +static void nfs2_xdr_enc_readdirargs(void *req,
108545 struct xdr_stream *xdr,
108546 - const struct nfs_readdirargs *args)
108547 + void *_args)
108548 {
108549 + const struct nfs_readdirargs *args = _args;
108550 +
108551 encode_readdirargs(xdr, args);
108552 prepare_reply_buffer(req, args->pages, 0,
108553 args->count, NFS_readdirres_sz);
108554 @@ -791,7 +811,7 @@ static void nfs2_xdr_enc_readdirargs(struct rpc_rqst *req,
108555 * "NFS: Network File System Protocol Specification".
108556 */
108557
108558 -static int nfs2_xdr_dec_stat(struct rpc_rqst *req, struct xdr_stream *xdr,
108559 +static int nfs2_xdr_dec_stat(void *req, struct xdr_stream *xdr,
108560 void *__unused)
108561 {
108562 enum nfs_stat status;
108563 @@ -808,14 +828,14 @@ out_default:
108564 return nfs_stat_to_errno(status);
108565 }
108566
108567 -static int nfs2_xdr_dec_attrstat(struct rpc_rqst *req, struct xdr_stream *xdr,
108568 - struct nfs_fattr *result)
108569 +static int nfs2_xdr_dec_attrstat(void *req, struct xdr_stream *xdr,
108570 + void *result)
108571 {
108572 return decode_attrstat(xdr, result, NULL);
108573 }
108574
108575 -static int nfs2_xdr_dec_diropres(struct rpc_rqst *req, struct xdr_stream *xdr,
108576 - struct nfs_diropok *result)
108577 +static int nfs2_xdr_dec_diropres(void *req, struct xdr_stream *xdr,
108578 + void *result)
108579 {
108580 return decode_diropres(xdr, result);
108581 }
108582 @@ -830,7 +850,7 @@ static int nfs2_xdr_dec_diropres(struct rpc_rqst *req, struct xdr_stream *xdr,
108583 * void;
108584 * };
108585 */
108586 -static int nfs2_xdr_dec_readlinkres(struct rpc_rqst *req,
108587 +static int nfs2_xdr_dec_readlinkres(void *req,
108588 struct xdr_stream *xdr, void *__unused)
108589 {
108590 enum nfs_stat status;
108591 @@ -859,9 +879,10 @@ out_default:
108592 * void;
108593 * };
108594 */
108595 -static int nfs2_xdr_dec_readres(struct rpc_rqst *req, struct xdr_stream *xdr,
108596 - struct nfs_pgio_res *result)
108597 +static int nfs2_xdr_dec_readres(void *req, struct xdr_stream *xdr,
108598 + void *_result)
108599 {
108600 + struct nfs_pgio_res *result = _result;
108601 enum nfs_stat status;
108602 int error;
108603
108604 @@ -881,9 +902,11 @@ out_default:
108605 return nfs_stat_to_errno(status);
108606 }
108607
108608 -static int nfs2_xdr_dec_writeres(struct rpc_rqst *req, struct xdr_stream *xdr,
108609 - struct nfs_pgio_res *result)
108610 +static int nfs2_xdr_dec_writeres(void *req, struct xdr_stream *xdr,
108611 + void *_result)
108612 {
108613 + struct nfs_pgio_res *result = _result;
108614 +
108615 /* All NFSv2 writes are "file sync" writes */
108616 result->verf->committed = NFS_FILE_SYNC;
108617 return decode_attrstat(xdr, result->fattr, &result->op_status);
108618 @@ -981,7 +1004,7 @@ static int decode_readdirok(struct xdr_stream *xdr)
108619 return xdr_read_pages(xdr, xdr->buf->page_len);
108620 }
108621
108622 -static int nfs2_xdr_dec_readdirres(struct rpc_rqst *req,
108623 +static int nfs2_xdr_dec_readdirres(void *req,
108624 struct xdr_stream *xdr, void *__unused)
108625 {
108626 enum nfs_stat status;
108627 @@ -1033,8 +1056,8 @@ out_overflow:
108628 return -EIO;
108629 }
108630
108631 -static int nfs2_xdr_dec_statfsres(struct rpc_rqst *req, struct xdr_stream *xdr,
108632 - struct nfs2_fsstat *result)
108633 +static int nfs2_xdr_dec_statfsres(void *req, struct xdr_stream *xdr,
108634 + void *result)
108635 {
108636 enum nfs_stat status;
108637 int error;
108638 @@ -1118,8 +1141,8 @@ static int nfs_stat_to_errno(enum nfs_stat status)
108639 #define PROC(proc, argtype, restype, timer) \
108640 [NFSPROC_##proc] = { \
108641 .p_proc = NFSPROC_##proc, \
108642 - .p_encode = (kxdreproc_t)nfs2_xdr_enc_##argtype, \
108643 - .p_decode = (kxdrdproc_t)nfs2_xdr_dec_##restype, \
108644 + .p_encode = nfs2_xdr_enc_##argtype, \
108645 + .p_decode = nfs2_xdr_dec_##restype, \
108646 .p_arglen = NFS_##argtype##_sz, \
108647 .p_replen = NFS_##restype##_sz, \
108648 .p_timer = timer, \
108649 diff --git a/fs/nfs/nfs3xdr.c b/fs/nfs/nfs3xdr.c
108650 index 267126d..19c97b8 100644
108651 --- a/fs/nfs/nfs3xdr.c
108652 +++ b/fs/nfs/nfs3xdr.c
108653 @@ -844,9 +844,9 @@ static void encode_diropargs3(struct xdr_stream *xdr, const struct nfs_fh *fh,
108654 * nfs_fh3 object;
108655 * };
108656 */
108657 -static void nfs3_xdr_enc_getattr3args(struct rpc_rqst *req,
108658 +static void nfs3_xdr_enc_getattr3args(void *req,
108659 struct xdr_stream *xdr,
108660 - const struct nfs_fh *fh)
108661 + void *fh)
108662 {
108663 encode_nfs_fh3(xdr, fh);
108664 }
108665 @@ -882,10 +882,12 @@ static void encode_sattrguard3(struct xdr_stream *xdr,
108666 }
108667 }
108668
108669 -static void nfs3_xdr_enc_setattr3args(struct rpc_rqst *req,
108670 +static void nfs3_xdr_enc_setattr3args(void *req,
108671 struct xdr_stream *xdr,
108672 - const struct nfs3_sattrargs *args)
108673 + void *_args)
108674 {
108675 + const struct nfs3_sattrargs *args = _args;
108676 +
108677 encode_nfs_fh3(xdr, args->fh);
108678 encode_sattr3(xdr, args->sattr);
108679 encode_sattrguard3(xdr, args);
108680 @@ -898,10 +900,12 @@ static void nfs3_xdr_enc_setattr3args(struct rpc_rqst *req,
108681 * diropargs3 what;
108682 * };
108683 */
108684 -static void nfs3_xdr_enc_lookup3args(struct rpc_rqst *req,
108685 +static void nfs3_xdr_enc_lookup3args(void *req,
108686 struct xdr_stream *xdr,
108687 - const struct nfs3_diropargs *args)
108688 + void *_args)
108689 {
108690 + const struct nfs3_diropargs *args = _args;
108691 +
108692 encode_diropargs3(xdr, args->fh, args->name, args->len);
108693 }
108694
108695 @@ -920,9 +924,9 @@ static void encode_access3args(struct xdr_stream *xdr,
108696 encode_uint32(xdr, args->access);
108697 }
108698
108699 -static void nfs3_xdr_enc_access3args(struct rpc_rqst *req,
108700 +static void nfs3_xdr_enc_access3args(void *req,
108701 struct xdr_stream *xdr,
108702 - const struct nfs3_accessargs *args)
108703 + void *args)
108704 {
108705 encode_access3args(xdr, args);
108706 }
108707 @@ -934,10 +938,11 @@ static void nfs3_xdr_enc_access3args(struct rpc_rqst *req,
108708 * nfs_fh3 symlink;
108709 * };
108710 */
108711 -static void nfs3_xdr_enc_readlink3args(struct rpc_rqst *req,
108712 +static void nfs3_xdr_enc_readlink3args(void *req,
108713 struct xdr_stream *xdr,
108714 - const struct nfs3_readlinkargs *args)
108715 + void *_args)
108716 {
108717 + const struct nfs3_readlinkargs *args = _args;
108718 encode_nfs_fh3(xdr, args->fh);
108719 prepare_reply_buffer(req, args->pages, args->pgbase,
108720 args->pglen, NFS3_readlinkres_sz);
108721 @@ -964,10 +969,12 @@ static void encode_read3args(struct xdr_stream *xdr,
108722 *p = cpu_to_be32(args->count);
108723 }
108724
108725 -static void nfs3_xdr_enc_read3args(struct rpc_rqst *req,
108726 +static void nfs3_xdr_enc_read3args(void *_req,
108727 struct xdr_stream *xdr,
108728 - const struct nfs_pgio_args *args)
108729 + void *_args)
108730 {
108731 + struct rpc_rqst *req = _req;
108732 + const struct nfs_pgio_args *args = _args;
108733 encode_read3args(xdr, args);
108734 prepare_reply_buffer(req, args->pages, args->pgbase,
108735 args->count, NFS3_readres_sz);
108736 @@ -1006,9 +1013,9 @@ static void encode_write3args(struct xdr_stream *xdr,
108737 xdr_write_pages(xdr, args->pages, args->pgbase, args->count);
108738 }
108739
108740 -static void nfs3_xdr_enc_write3args(struct rpc_rqst *req,
108741 +static void nfs3_xdr_enc_write3args(void *req,
108742 struct xdr_stream *xdr,
108743 - const struct nfs_pgio_args *args)
108744 + void *args)
108745 {
108746 encode_write3args(xdr, args);
108747 xdr->buf->flags |= XDRBUF_WRITE;
108748 @@ -1053,10 +1060,12 @@ static void encode_createhow3(struct xdr_stream *xdr,
108749 }
108750 }
108751
108752 -static void nfs3_xdr_enc_create3args(struct rpc_rqst *req,
108753 +static void nfs3_xdr_enc_create3args(void *req,
108754 struct xdr_stream *xdr,
108755 - const struct nfs3_createargs *args)
108756 + void *_args)
108757 {
108758 + const struct nfs3_createargs *args = _args;
108759 +
108760 encode_diropargs3(xdr, args->fh, args->name, args->len);
108761 encode_createhow3(xdr, args);
108762 }
108763 @@ -1069,10 +1078,12 @@ static void nfs3_xdr_enc_create3args(struct rpc_rqst *req,
108764 * sattr3 attributes;
108765 * };
108766 */
108767 -static void nfs3_xdr_enc_mkdir3args(struct rpc_rqst *req,
108768 +static void nfs3_xdr_enc_mkdir3args(void *req,
108769 struct xdr_stream *xdr,
108770 - const struct nfs3_mkdirargs *args)
108771 + void *_args)
108772 {
108773 + const struct nfs3_mkdirargs *args = _args;
108774 +
108775 encode_diropargs3(xdr, args->fh, args->name, args->len);
108776 encode_sattr3(xdr, args->sattr);
108777 }
108778 @@ -1097,10 +1108,12 @@ static void encode_symlinkdata3(struct xdr_stream *xdr,
108779 encode_nfspath3(xdr, args->pages, args->pathlen);
108780 }
108781
108782 -static void nfs3_xdr_enc_symlink3args(struct rpc_rqst *req,
108783 +static void nfs3_xdr_enc_symlink3args(void *req,
108784 struct xdr_stream *xdr,
108785 - const struct nfs3_symlinkargs *args)
108786 + void *_args)
108787 {
108788 + const struct nfs3_symlinkargs *args = _args;
108789 +
108790 encode_diropargs3(xdr, args->fromfh, args->fromname, args->fromlen);
108791 encode_symlinkdata3(xdr, args);
108792 xdr->buf->flags |= XDRBUF_WRITE;
108793 @@ -1158,10 +1171,12 @@ static void encode_mknoddata3(struct xdr_stream *xdr,
108794 }
108795 }
108796
108797 -static void nfs3_xdr_enc_mknod3args(struct rpc_rqst *req,
108798 +static void nfs3_xdr_enc_mknod3args(void *req,
108799 struct xdr_stream *xdr,
108800 - const struct nfs3_mknodargs *args)
108801 + void *_args)
108802 {
108803 + const struct nfs3_mknodargs *args = _args;
108804 +
108805 encode_diropargs3(xdr, args->fh, args->name, args->len);
108806 encode_mknoddata3(xdr, args);
108807 }
108808 @@ -1173,10 +1188,12 @@ static void nfs3_xdr_enc_mknod3args(struct rpc_rqst *req,
108809 * diropargs3 object;
108810 * };
108811 */
108812 -static void nfs3_xdr_enc_remove3args(struct rpc_rqst *req,
108813 +static void nfs3_xdr_enc_remove3args(void *req,
108814 struct xdr_stream *xdr,
108815 - const struct nfs_removeargs *args)
108816 + void *_args)
108817 {
108818 + const struct nfs_removeargs *args = _args;
108819 +
108820 encode_diropargs3(xdr, args->fh, args->name.name, args->name.len);
108821 }
108822
108823 @@ -1188,10 +1205,11 @@ static void nfs3_xdr_enc_remove3args(struct rpc_rqst *req,
108824 * diropargs3 to;
108825 * };
108826 */
108827 -static void nfs3_xdr_enc_rename3args(struct rpc_rqst *req,
108828 +static void nfs3_xdr_enc_rename3args(void *req,
108829 struct xdr_stream *xdr,
108830 - const struct nfs_renameargs *args)
108831 + void *_args)
108832 {
108833 + const struct nfs_renameargs *args = _args;
108834 const struct qstr *old = args->old_name;
108835 const struct qstr *new = args->new_name;
108836
108837 @@ -1207,10 +1225,12 @@ static void nfs3_xdr_enc_rename3args(struct rpc_rqst *req,
108838 * diropargs3 link;
108839 * };
108840 */
108841 -static void nfs3_xdr_enc_link3args(struct rpc_rqst *req,
108842 +static void nfs3_xdr_enc_link3args(void *req,
108843 struct xdr_stream *xdr,
108844 - const struct nfs3_linkargs *args)
108845 + void *_args)
108846 {
108847 + const struct nfs3_linkargs *args = _args;
108848 +
108849 encode_nfs_fh3(xdr, args->fromfh);
108850 encode_diropargs3(xdr, args->tofh, args->toname, args->tolen);
108851 }
108852 @@ -1238,10 +1258,12 @@ static void encode_readdir3args(struct xdr_stream *xdr,
108853 *p = cpu_to_be32(args->count);
108854 }
108855
108856 -static void nfs3_xdr_enc_readdir3args(struct rpc_rqst *req,
108857 +static void nfs3_xdr_enc_readdir3args(void *req,
108858 struct xdr_stream *xdr,
108859 - const struct nfs3_readdirargs *args)
108860 + void *_args)
108861 {
108862 + const struct nfs3_readdirargs *args = _args;
108863 +
108864 encode_readdir3args(xdr, args);
108865 prepare_reply_buffer(req, args->pages, 0,
108866 args->count, NFS3_readdirres_sz);
108867 @@ -1278,10 +1300,12 @@ static void encode_readdirplus3args(struct xdr_stream *xdr,
108868 *p = cpu_to_be32(args->count);
108869 }
108870
108871 -static void nfs3_xdr_enc_readdirplus3args(struct rpc_rqst *req,
108872 +static void nfs3_xdr_enc_readdirplus3args(void *req,
108873 struct xdr_stream *xdr,
108874 - const struct nfs3_readdirargs *args)
108875 + void *_args)
108876 {
108877 + const struct nfs3_readdirargs *args = _args;
108878 +
108879 encode_readdirplus3args(xdr, args);
108880 prepare_reply_buffer(req, args->pages, 0,
108881 args->count, NFS3_readdirres_sz);
108882 @@ -1308,19 +1332,21 @@ static void encode_commit3args(struct xdr_stream *xdr,
108883 *p = cpu_to_be32(args->count);
108884 }
108885
108886 -static void nfs3_xdr_enc_commit3args(struct rpc_rqst *req,
108887 +static void nfs3_xdr_enc_commit3args(void *req,
108888 struct xdr_stream *xdr,
108889 - const struct nfs_commitargs *args)
108890 + void *args)
108891 {
108892 encode_commit3args(xdr, args);
108893 }
108894
108895 #ifdef CONFIG_NFS_V3_ACL
108896
108897 -static void nfs3_xdr_enc_getacl3args(struct rpc_rqst *req,
108898 +static void nfs3_xdr_enc_getacl3args(void *req,
108899 struct xdr_stream *xdr,
108900 - const struct nfs3_getaclargs *args)
108901 + void *_args)
108902 {
108903 + const struct nfs3_getaclargs *args = _args;
108904 +
108905 encode_nfs_fh3(xdr, args->fh);
108906 encode_uint32(xdr, args->mask);
108907 if (args->mask & (NFS_ACL | NFS_DFACL))
108908 @@ -1329,10 +1355,12 @@ static void nfs3_xdr_enc_getacl3args(struct rpc_rqst *req,
108909 ACL3_getaclres_sz);
108910 }
108911
108912 -static void nfs3_xdr_enc_setacl3args(struct rpc_rqst *req,
108913 +static void nfs3_xdr_enc_setacl3args(void *_req,
108914 struct xdr_stream *xdr,
108915 - const struct nfs3_setaclargs *args)
108916 + void *_args)
108917 {
108918 + struct rpc_rqst *req = _req;
108919 + const struct nfs3_setaclargs *args = _args;
108920 unsigned int base;
108921 int error;
108922
108923 @@ -1380,9 +1408,9 @@ static void nfs3_xdr_enc_setacl3args(struct rpc_rqst *req,
108924 * void;
108925 * };
108926 */
108927 -static int nfs3_xdr_dec_getattr3res(struct rpc_rqst *req,
108928 +static int nfs3_xdr_dec_getattr3res(void *req,
108929 struct xdr_stream *xdr,
108930 - struct nfs_fattr *result)
108931 + void *result)
108932 {
108933 enum nfs_stat status;
108934 int error;
108935 @@ -1417,9 +1445,9 @@ out_default:
108936 * SETATTR3resfail resfail;
108937 * };
108938 */
108939 -static int nfs3_xdr_dec_setattr3res(struct rpc_rqst *req,
108940 +static int nfs3_xdr_dec_setattr3res(void *req,
108941 struct xdr_stream *xdr,
108942 - struct nfs_fattr *result)
108943 + void *result)
108944 {
108945 enum nfs_stat status;
108946 int error;
108947 @@ -1458,10 +1486,11 @@ out_status:
108948 * LOOKUP3resfail resfail;
108949 * };
108950 */
108951 -static int nfs3_xdr_dec_lookup3res(struct rpc_rqst *req,
108952 +static int nfs3_xdr_dec_lookup3res(void *req,
108953 struct xdr_stream *xdr,
108954 - struct nfs3_diropres *result)
108955 + void *_result)
108956 {
108957 + struct nfs3_diropres *result = _result;
108958 enum nfs_stat status;
108959 int error;
108960
108961 @@ -1505,10 +1534,11 @@ out_default:
108962 * ACCESS3resfail resfail;
108963 * };
108964 */
108965 -static int nfs3_xdr_dec_access3res(struct rpc_rqst *req,
108966 +static int nfs3_xdr_dec_access3res(void *req,
108967 struct xdr_stream *xdr,
108968 - struct nfs3_accessres *result)
108969 + void *_result)
108970 {
108971 + struct nfs3_accessres *result = _result;
108972 enum nfs_stat status;
108973 int error;
108974
108975 @@ -1546,9 +1576,9 @@ out_default:
108976 * READLINK3resfail resfail;
108977 * };
108978 */
108979 -static int nfs3_xdr_dec_readlink3res(struct rpc_rqst *req,
108980 +static int nfs3_xdr_dec_readlink3res(void *req,
108981 struct xdr_stream *xdr,
108982 - struct nfs_fattr *result)
108983 + void *result)
108984 {
108985 enum nfs_stat status;
108986 int error;
108987 @@ -1625,9 +1655,10 @@ out_overflow:
108988 return -EIO;
108989 }
108990
108991 -static int nfs3_xdr_dec_read3res(struct rpc_rqst *req, struct xdr_stream *xdr,
108992 - struct nfs_pgio_res *result)
108993 +static int nfs3_xdr_dec_read3res(void *req, struct xdr_stream *xdr,
108994 + void *_result)
108995 {
108996 + struct nfs_pgio_res *result = _result;
108997 enum nfs_stat status;
108998 int error;
108999
109000 @@ -1698,9 +1729,10 @@ out_eio:
109001 return -EIO;
109002 }
109003
109004 -static int nfs3_xdr_dec_write3res(struct rpc_rqst *req, struct xdr_stream *xdr,
109005 - struct nfs_pgio_res *result)
109006 +static int nfs3_xdr_dec_write3res(void *req, struct xdr_stream *xdr,
109007 + void *_result)
109008 {
109009 + struct nfs_pgio_res *result = _result;
109010 enum nfs_stat status;
109011 int error;
109012
109013 @@ -1762,10 +1794,11 @@ out:
109014 return error;
109015 }
109016
109017 -static int nfs3_xdr_dec_create3res(struct rpc_rqst *req,
109018 +static int nfs3_xdr_dec_create3res(void *req,
109019 struct xdr_stream *xdr,
109020 - struct nfs3_diropres *result)
109021 + void *_result)
109022 {
109023 + struct nfs3_diropres *result = _result;
109024 enum nfs_stat status;
109025 int error;
109026
109027 @@ -1802,10 +1835,11 @@ out_default:
109028 * REMOVE3resfail resfail;
109029 * };
109030 */
109031 -static int nfs3_xdr_dec_remove3res(struct rpc_rqst *req,
109032 +static int nfs3_xdr_dec_remove3res(void *req,
109033 struct xdr_stream *xdr,
109034 - struct nfs_removeres *result)
109035 + void *_result)
109036 {
109037 + struct nfs_removeres *result = _result;
109038 enum nfs_stat status;
109039 int error;
109040
109041 @@ -1843,10 +1877,11 @@ out_status:
109042 * RENAME3resfail resfail;
109043 * };
109044 */
109045 -static int nfs3_xdr_dec_rename3res(struct rpc_rqst *req,
109046 +static int nfs3_xdr_dec_rename3res(void *req,
109047 struct xdr_stream *xdr,
109048 - struct nfs_renameres *result)
109049 + void *_result)
109050 {
109051 + struct nfs_renameres *result = _result;
109052 enum nfs_stat status;
109053 int error;
109054
109055 @@ -1887,9 +1922,10 @@ out_status:
109056 * LINK3resfail resfail;
109057 * };
109058 */
109059 -static int nfs3_xdr_dec_link3res(struct rpc_rqst *req, struct xdr_stream *xdr,
109060 - struct nfs3_linkres *result)
109061 +static int nfs3_xdr_dec_link3res(void *req, struct xdr_stream *xdr,
109062 + void *_result)
109063 {
109064 + struct nfs3_linkres *result = _result;
109065 enum nfs_stat status;
109066 int error;
109067
109068 @@ -2070,10 +2106,11 @@ out:
109069 return error;
109070 }
109071
109072 -static int nfs3_xdr_dec_readdir3res(struct rpc_rqst *req,
109073 +static int nfs3_xdr_dec_readdir3res(void *req,
109074 struct xdr_stream *xdr,
109075 - struct nfs3_readdirres *result)
109076 + void *_result)
109077 {
109078 + struct nfs3_readdirres *result = _result;
109079 enum nfs_stat status;
109080 int error;
109081
109082 @@ -2138,10 +2175,11 @@ out_overflow:
109083 return -EIO;
109084 }
109085
109086 -static int nfs3_xdr_dec_fsstat3res(struct rpc_rqst *req,
109087 +static int nfs3_xdr_dec_fsstat3res(void *req,
109088 struct xdr_stream *xdr,
109089 - struct nfs_fsstat *result)
109090 + void *_result)
109091 {
109092 + struct nfs_fsstat *result = _result;
109093 enum nfs_stat status;
109094 int error;
109095
109096 @@ -2214,10 +2252,11 @@ out_overflow:
109097 return -EIO;
109098 }
109099
109100 -static int nfs3_xdr_dec_fsinfo3res(struct rpc_rqst *req,
109101 +static int nfs3_xdr_dec_fsinfo3res(void *req,
109102 struct xdr_stream *xdr,
109103 - struct nfs_fsinfo *result)
109104 + void *_result)
109105 {
109106 + struct nfs_fsinfo *result = _result;
109107 enum nfs_stat status;
109108 int error;
109109
109110 @@ -2277,10 +2316,11 @@ out_overflow:
109111 return -EIO;
109112 }
109113
109114 -static int nfs3_xdr_dec_pathconf3res(struct rpc_rqst *req,
109115 +static int nfs3_xdr_dec_pathconf3res(void *req,
109116 struct xdr_stream *xdr,
109117 - struct nfs_pathconf *result)
109118 + void *_result)
109119 {
109120 + struct nfs_pathconf *result = _result;
109121 enum nfs_stat status;
109122 int error;
109123
109124 @@ -2318,10 +2358,11 @@ out_status:
109125 * COMMIT3resfail resfail;
109126 * };
109127 */
109128 -static int nfs3_xdr_dec_commit3res(struct rpc_rqst *req,
109129 +static int nfs3_xdr_dec_commit3res(void *req,
109130 struct xdr_stream *xdr,
109131 - struct nfs_commitres *result)
109132 + void *_result)
109133 {
109134 + struct nfs_commitres *result = _result;
109135 enum nfs_stat status;
109136 int error;
109137
109138 @@ -2387,9 +2428,9 @@ out:
109139 return error;
109140 }
109141
109142 -static int nfs3_xdr_dec_getacl3res(struct rpc_rqst *req,
109143 +static int nfs3_xdr_dec_getacl3res(void *req,
109144 struct xdr_stream *xdr,
109145 - struct nfs3_getaclres *result)
109146 + void *result)
109147 {
109148 enum nfs_stat status;
109149 int error;
109150 @@ -2406,9 +2447,9 @@ out_default:
109151 return nfs3_stat_to_errno(status);
109152 }
109153
109154 -static int nfs3_xdr_dec_setacl3res(struct rpc_rqst *req,
109155 +static int nfs3_xdr_dec_setacl3res(void *req,
109156 struct xdr_stream *xdr,
109157 - struct nfs_fattr *result)
109158 + void *result)
109159 {
109160 enum nfs_stat status;
109161 int error;
109162 @@ -2495,8 +2536,8 @@ static int nfs3_stat_to_errno(enum nfs_stat status)
109163 #define PROC(proc, argtype, restype, timer) \
109164 [NFS3PROC_##proc] = { \
109165 .p_proc = NFS3PROC_##proc, \
109166 - .p_encode = (kxdreproc_t)nfs3_xdr_enc_##argtype##3args, \
109167 - .p_decode = (kxdrdproc_t)nfs3_xdr_dec_##restype##3res, \
109168 + .p_encode = nfs3_xdr_enc_##argtype##3args, \
109169 + .p_decode = nfs3_xdr_dec_##restype##3res, \
109170 .p_arglen = NFS3_##argtype##args_sz, \
109171 .p_replen = NFS3_##restype##res_sz, \
109172 .p_timer = timer, \
109173 @@ -2538,8 +2579,8 @@ const struct rpc_version nfs_version3 = {
109174 static struct rpc_procinfo nfs3_acl_procedures[] = {
109175 [ACLPROC3_GETACL] = {
109176 .p_proc = ACLPROC3_GETACL,
109177 - .p_encode = (kxdreproc_t)nfs3_xdr_enc_getacl3args,
109178 - .p_decode = (kxdrdproc_t)nfs3_xdr_dec_getacl3res,
109179 + .p_encode = nfs3_xdr_enc_getacl3args,
109180 + .p_decode = nfs3_xdr_dec_getacl3res,
109181 .p_arglen = ACL3_getaclargs_sz,
109182 .p_replen = ACL3_getaclres_sz,
109183 .p_timer = 1,
109184 @@ -2547,8 +2588,8 @@ static struct rpc_procinfo nfs3_acl_procedures[] = {
109185 },
109186 [ACLPROC3_SETACL] = {
109187 .p_proc = ACLPROC3_SETACL,
109188 - .p_encode = (kxdreproc_t)nfs3_xdr_enc_setacl3args,
109189 - .p_decode = (kxdrdproc_t)nfs3_xdr_dec_setacl3res,
109190 + .p_encode = nfs3_xdr_enc_setacl3args,
109191 + .p_decode = nfs3_xdr_dec_setacl3res,
109192 .p_arglen = ACL3_setaclargs_sz,
109193 .p_replen = ACL3_setaclres_sz,
109194 .p_timer = 0,
109195 diff --git a/fs/nfs/nfs42xdr.c b/fs/nfs/nfs42xdr.c
109196 index 8b26058..b31170f 100644
109197 --- a/fs/nfs/nfs42xdr.c
109198 +++ b/fs/nfs/nfs42xdr.c
109199 @@ -205,10 +205,12 @@ static void encode_clone(struct xdr_stream *xdr,
109200 /*
109201 * Encode ALLOCATE request
109202 */
109203 -static void nfs4_xdr_enc_allocate(struct rpc_rqst *req,
109204 +static void nfs4_xdr_enc_allocate(void *_req,
109205 struct xdr_stream *xdr,
109206 - struct nfs42_falloc_args *args)
109207 + void *_args)
109208 {
109209 + struct rpc_rqst *req = _req;
109210 + struct nfs42_falloc_args *args = _args;
109211 struct compound_hdr hdr = {
109212 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109213 };
109214 @@ -224,10 +226,12 @@ static void nfs4_xdr_enc_allocate(struct rpc_rqst *req,
109215 /*
109216 * Encode COPY request
109217 */
109218 -static void nfs4_xdr_enc_copy(struct rpc_rqst *req,
109219 +static void nfs4_xdr_enc_copy(void *_req,
109220 struct xdr_stream *xdr,
109221 - struct nfs42_copy_args *args)
109222 + void *_args)
109223 {
109224 + struct rpc_rqst *req = _req;
109225 + struct nfs42_copy_args *args = _args;
109226 struct compound_hdr hdr = {
109227 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109228 };
109229 @@ -244,10 +248,12 @@ static void nfs4_xdr_enc_copy(struct rpc_rqst *req,
109230 /*
109231 * Encode DEALLOCATE request
109232 */
109233 -static void nfs4_xdr_enc_deallocate(struct rpc_rqst *req,
109234 +static void nfs4_xdr_enc_deallocate(void *_req,
109235 struct xdr_stream *xdr,
109236 - struct nfs42_falloc_args *args)
109237 + void *_args)
109238 {
109239 + struct rpc_rqst *req = _req;
109240 + struct nfs42_falloc_args *args = _args;
109241 struct compound_hdr hdr = {
109242 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109243 };
109244 @@ -263,10 +269,12 @@ static void nfs4_xdr_enc_deallocate(struct rpc_rqst *req,
109245 /*
109246 * Encode SEEK request
109247 */
109248 -static void nfs4_xdr_enc_seek(struct rpc_rqst *req,
109249 +static void nfs4_xdr_enc_seek(void *_req,
109250 struct xdr_stream *xdr,
109251 - struct nfs42_seek_args *args)
109252 + void *_args)
109253 {
109254 + struct rpc_rqst *req = _req;
109255 + struct nfs42_seek_args *args = _args;
109256 struct compound_hdr hdr = {
109257 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109258 };
109259 @@ -281,10 +289,12 @@ static void nfs4_xdr_enc_seek(struct rpc_rqst *req,
109260 /*
109261 * Encode LAYOUTSTATS request
109262 */
109263 -static void nfs4_xdr_enc_layoutstats(struct rpc_rqst *req,
109264 +static void nfs4_xdr_enc_layoutstats(void *_req,
109265 struct xdr_stream *xdr,
109266 - struct nfs42_layoutstat_args *args)
109267 + void *_args)
109268 {
109269 + struct rpc_rqst *req = _req;
109270 + struct nfs42_layoutstat_args *args = _args;
109271 int i;
109272
109273 struct compound_hdr hdr = {
109274 @@ -303,10 +313,12 @@ static void nfs4_xdr_enc_layoutstats(struct rpc_rqst *req,
109275 /*
109276 * Encode CLONE request
109277 */
109278 -static void nfs4_xdr_enc_clone(struct rpc_rqst *req,
109279 +static void nfs4_xdr_enc_clone(void *_req,
109280 struct xdr_stream *xdr,
109281 - struct nfs42_clone_args *args)
109282 + void *_args)
109283 {
109284 + struct rpc_rqst *req = _req;
109285 + struct nfs42_clone_args *args = _args;
109286 struct compound_hdr hdr = {
109287 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109288 };
109289 @@ -430,10 +442,12 @@ static int decode_clone(struct xdr_stream *xdr)
109290 /*
109291 * Decode ALLOCATE request
109292 */
109293 -static int nfs4_xdr_dec_allocate(struct rpc_rqst *rqstp,
109294 +static int nfs4_xdr_dec_allocate(void *_rqstp,
109295 struct xdr_stream *xdr,
109296 - struct nfs42_falloc_res *res)
109297 + void *_res)
109298 {
109299 + struct rpc_rqst *rqstp = _rqstp;
109300 + struct nfs42_falloc_res *res = _res;
109301 struct compound_hdr hdr;
109302 int status;
109303
109304 @@ -457,10 +471,12 @@ out:
109305 /*
109306 * Decode COPY response
109307 */
109308 -static int nfs4_xdr_dec_copy(struct rpc_rqst *rqstp,
109309 +static int nfs4_xdr_dec_copy(void *_rqstp,
109310 struct xdr_stream *xdr,
109311 - struct nfs42_copy_res *res)
109312 + void *_res)
109313 {
109314 + struct rpc_rqst *rqstp = _rqstp;
109315 + struct nfs42_copy_res *res = _res;
109316 struct compound_hdr hdr;
109317 int status;
109318
109319 @@ -487,10 +503,12 @@ out:
109320 /*
109321 * Decode DEALLOCATE request
109322 */
109323 -static int nfs4_xdr_dec_deallocate(struct rpc_rqst *rqstp,
109324 +static int nfs4_xdr_dec_deallocate(void *_rqstp,
109325 struct xdr_stream *xdr,
109326 - struct nfs42_falloc_res *res)
109327 + void *_res)
109328 {
109329 + struct rpc_rqst *rqstp = _rqstp;
109330 + struct nfs42_falloc_res *res = _res;
109331 struct compound_hdr hdr;
109332 int status;
109333
109334 @@ -514,10 +532,12 @@ out:
109335 /*
109336 * Decode SEEK request
109337 */
109338 -static int nfs4_xdr_dec_seek(struct rpc_rqst *rqstp,
109339 +static int nfs4_xdr_dec_seek(void *_rqstp,
109340 struct xdr_stream *xdr,
109341 - struct nfs42_seek_res *res)
109342 + void *_res)
109343 {
109344 + struct rpc_rqst *rqstp = _rqstp;
109345 + struct nfs42_seek_res *res = _res;
109346 struct compound_hdr hdr;
109347 int status;
109348
109349 @@ -538,10 +558,12 @@ out:
109350 /*
109351 * Decode LAYOUTSTATS request
109352 */
109353 -static int nfs4_xdr_dec_layoutstats(struct rpc_rqst *rqstp,
109354 +static int nfs4_xdr_dec_layoutstats(void *_rqstp,
109355 struct xdr_stream *xdr,
109356 - struct nfs42_layoutstat_res *res)
109357 + void *_res)
109358 {
109359 + struct rpc_rqst *rqstp = _rqstp;
109360 + struct nfs42_layoutstat_res *res = _res;
109361 struct compound_hdr hdr;
109362 int status, i;
109363
109364 @@ -568,10 +590,12 @@ out:
109365 /*
109366 * Decode CLONE request
109367 */
109368 -static int nfs4_xdr_dec_clone(struct rpc_rqst *rqstp,
109369 +static int nfs4_xdr_dec_clone(void *_rqstp,
109370 struct xdr_stream *xdr,
109371 - struct nfs42_clone_res *res)
109372 + void *_res)
109373 {
109374 + struct rpc_rqst *rqstp = _rqstp;
109375 + struct nfs42_clone_res *res = _res;
109376 struct compound_hdr hdr;
109377 int status;
109378
109379 diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
109380 index 7bd3a5c0..0c408e8 100644
109381 --- a/fs/nfs/nfs4xdr.c
109382 +++ b/fs/nfs/nfs4xdr.c
109383 @@ -2081,9 +2081,10 @@ static u32 nfs4_xdr_minorversion(const struct nfs4_sequence_args *args)
109384 /*
109385 * Encode an ACCESS request
109386 */
109387 -static void nfs4_xdr_enc_access(struct rpc_rqst *req, struct xdr_stream *xdr,
109388 - const struct nfs4_accessargs *args)
109389 +static void nfs4_xdr_enc_access(void *req, struct xdr_stream *xdr,
109390 + void *_args)
109391 {
109392 + const struct nfs4_accessargs *args = _args;
109393 struct compound_hdr hdr = {
109394 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109395 };
109396 @@ -2099,9 +2100,10 @@ static void nfs4_xdr_enc_access(struct rpc_rqst *req, struct xdr_stream *xdr,
109397 /*
109398 * Encode LOOKUP request
109399 */
109400 -static void nfs4_xdr_enc_lookup(struct rpc_rqst *req, struct xdr_stream *xdr,
109401 - const struct nfs4_lookup_arg *args)
109402 +static void nfs4_xdr_enc_lookup(void *req, struct xdr_stream *xdr,
109403 + void *_args)
109404 {
109405 + const struct nfs4_lookup_arg *args = _args;
109406 struct compound_hdr hdr = {
109407 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109408 };
109409 @@ -2118,10 +2120,11 @@ static void nfs4_xdr_enc_lookup(struct rpc_rqst *req, struct xdr_stream *xdr,
109410 /*
109411 * Encode LOOKUP_ROOT request
109412 */
109413 -static void nfs4_xdr_enc_lookup_root(struct rpc_rqst *req,
109414 +static void nfs4_xdr_enc_lookup_root(void *req,
109415 struct xdr_stream *xdr,
109416 - const struct nfs4_lookup_root_arg *args)
109417 + void *_args)
109418 {
109419 + const struct nfs4_lookup_root_arg *args = _args;
109420 struct compound_hdr hdr = {
109421 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109422 };
109423 @@ -2137,9 +2140,10 @@ static void nfs4_xdr_enc_lookup_root(struct rpc_rqst *req,
109424 /*
109425 * Encode REMOVE request
109426 */
109427 -static void nfs4_xdr_enc_remove(struct rpc_rqst *req, struct xdr_stream *xdr,
109428 - const struct nfs_removeargs *args)
109429 +static void nfs4_xdr_enc_remove(void *req, struct xdr_stream *xdr,
109430 + void *_args)
109431 {
109432 + const struct nfs_removeargs *args = _args;
109433 struct compound_hdr hdr = {
109434 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109435 };
109436 @@ -2154,9 +2158,10 @@ static void nfs4_xdr_enc_remove(struct rpc_rqst *req, struct xdr_stream *xdr,
109437 /*
109438 * Encode RENAME request
109439 */
109440 -static void nfs4_xdr_enc_rename(struct rpc_rqst *req, struct xdr_stream *xdr,
109441 - const struct nfs_renameargs *args)
109442 +static void nfs4_xdr_enc_rename(void *req, struct xdr_stream *xdr,
109443 + void *_args)
109444 {
109445 + const struct nfs_renameargs *args = _args;
109446 struct compound_hdr hdr = {
109447 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109448 };
109449 @@ -2173,9 +2178,10 @@ static void nfs4_xdr_enc_rename(struct rpc_rqst *req, struct xdr_stream *xdr,
109450 /*
109451 * Encode LINK request
109452 */
109453 -static void nfs4_xdr_enc_link(struct rpc_rqst *req, struct xdr_stream *xdr,
109454 - const struct nfs4_link_arg *args)
109455 +static void nfs4_xdr_enc_link(void *req, struct xdr_stream *xdr,
109456 + void *_args)
109457 {
109458 + const struct nfs4_link_arg *args = _args;
109459 struct compound_hdr hdr = {
109460 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109461 };
109462 @@ -2194,9 +2200,10 @@ static void nfs4_xdr_enc_link(struct rpc_rqst *req, struct xdr_stream *xdr,
109463 /*
109464 * Encode CREATE request
109465 */
109466 -static void nfs4_xdr_enc_create(struct rpc_rqst *req, struct xdr_stream *xdr,
109467 - const struct nfs4_create_arg *args)
109468 +static void nfs4_xdr_enc_create(void *req, struct xdr_stream *xdr,
109469 + void *_args)
109470 {
109471 + const struct nfs4_create_arg *args = _args;
109472 struct compound_hdr hdr = {
109473 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109474 };
109475 @@ -2213,8 +2220,8 @@ static void nfs4_xdr_enc_create(struct rpc_rqst *req, struct xdr_stream *xdr,
109476 /*
109477 * Encode SYMLINK request
109478 */
109479 -static void nfs4_xdr_enc_symlink(struct rpc_rqst *req, struct xdr_stream *xdr,
109480 - const struct nfs4_create_arg *args)
109481 +static void nfs4_xdr_enc_symlink(void *req, struct xdr_stream *xdr,
109482 + void *args)
109483 {
109484 nfs4_xdr_enc_create(req, xdr, args);
109485 }
109486 @@ -2222,9 +2229,10 @@ static void nfs4_xdr_enc_symlink(struct rpc_rqst *req, struct xdr_stream *xdr,
109487 /*
109488 * Encode GETATTR request
109489 */
109490 -static void nfs4_xdr_enc_getattr(struct rpc_rqst *req, struct xdr_stream *xdr,
109491 - const struct nfs4_getattr_arg *args)
109492 +static void nfs4_xdr_enc_getattr(void *req, struct xdr_stream *xdr,
109493 + void *_args)
109494 {
109495 + const struct nfs4_getattr_arg *args = _args;
109496 struct compound_hdr hdr = {
109497 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109498 };
109499 @@ -2239,9 +2247,10 @@ static void nfs4_xdr_enc_getattr(struct rpc_rqst *req, struct xdr_stream *xdr,
109500 /*
109501 * Encode a CLOSE request
109502 */
109503 -static void nfs4_xdr_enc_close(struct rpc_rqst *req, struct xdr_stream *xdr,
109504 - struct nfs_closeargs *args)
109505 +static void nfs4_xdr_enc_close(void *req, struct xdr_stream *xdr,
109506 + void *_args)
109507 {
109508 + struct nfs_closeargs *args = _args;
109509 struct compound_hdr hdr = {
109510 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109511 };
109512 @@ -2257,9 +2266,10 @@ static void nfs4_xdr_enc_close(struct rpc_rqst *req, struct xdr_stream *xdr,
109513 /*
109514 * Encode an OPEN request
109515 */
109516 -static void nfs4_xdr_enc_open(struct rpc_rqst *req, struct xdr_stream *xdr,
109517 - struct nfs_openargs *args)
109518 +static void nfs4_xdr_enc_open(void *req, struct xdr_stream *xdr,
109519 + void *_args)
109520 {
109521 + struct nfs_openargs *args = _args;
109522 struct compound_hdr hdr = {
109523 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109524 };
109525 @@ -2278,10 +2288,11 @@ static void nfs4_xdr_enc_open(struct rpc_rqst *req, struct xdr_stream *xdr,
109526 /*
109527 * Encode an OPEN_CONFIRM request
109528 */
109529 -static void nfs4_xdr_enc_open_confirm(struct rpc_rqst *req,
109530 +static void nfs4_xdr_enc_open_confirm(void *req,
109531 struct xdr_stream *xdr,
109532 - struct nfs_open_confirmargs *args)
109533 + void *_args)
109534 {
109535 + struct nfs_open_confirmargs *args = _args;
109536 struct compound_hdr hdr = {
109537 .nops = 0,
109538 };
109539 @@ -2295,10 +2306,11 @@ static void nfs4_xdr_enc_open_confirm(struct rpc_rqst *req,
109540 /*
109541 * Encode an OPEN request with no attributes.
109542 */
109543 -static void nfs4_xdr_enc_open_noattr(struct rpc_rqst *req,
109544 +static void nfs4_xdr_enc_open_noattr(void *req,
109545 struct xdr_stream *xdr,
109546 - struct nfs_openargs *args)
109547 + void *_args)
109548 {
109549 + struct nfs_openargs *args = _args;
109550 struct compound_hdr hdr = {
109551 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109552 };
109553 @@ -2316,10 +2328,11 @@ static void nfs4_xdr_enc_open_noattr(struct rpc_rqst *req,
109554 /*
109555 * Encode an OPEN_DOWNGRADE request
109556 */
109557 -static void nfs4_xdr_enc_open_downgrade(struct rpc_rqst *req,
109558 +static void nfs4_xdr_enc_open_downgrade(void *req,
109559 struct xdr_stream *xdr,
109560 - struct nfs_closeargs *args)
109561 + void *_args)
109562 {
109563 + struct nfs_closeargs *args = _args;
109564 struct compound_hdr hdr = {
109565 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109566 };
109567 @@ -2335,9 +2348,10 @@ static void nfs4_xdr_enc_open_downgrade(struct rpc_rqst *req,
109568 /*
109569 * Encode a LOCK request
109570 */
109571 -static void nfs4_xdr_enc_lock(struct rpc_rqst *req, struct xdr_stream *xdr,
109572 - struct nfs_lock_args *args)
109573 +static void nfs4_xdr_enc_lock(void *req, struct xdr_stream *xdr,
109574 + void *_args)
109575 {
109576 + struct nfs_lock_args *args = _args;
109577 struct compound_hdr hdr = {
109578 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109579 };
109580 @@ -2352,9 +2366,10 @@ static void nfs4_xdr_enc_lock(struct rpc_rqst *req, struct xdr_stream *xdr,
109581 /*
109582 * Encode a LOCKT request
109583 */
109584 -static void nfs4_xdr_enc_lockt(struct rpc_rqst *req, struct xdr_stream *xdr,
109585 - struct nfs_lockt_args *args)
109586 +static void nfs4_xdr_enc_lockt(void *req, struct xdr_stream *xdr,
109587 + void *_args)
109588 {
109589 + struct nfs_lockt_args *args = _args;
109590 struct compound_hdr hdr = {
109591 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109592 };
109593 @@ -2369,9 +2384,10 @@ static void nfs4_xdr_enc_lockt(struct rpc_rqst *req, struct xdr_stream *xdr,
109594 /*
109595 * Encode a LOCKU request
109596 */
109597 -static void nfs4_xdr_enc_locku(struct rpc_rqst *req, struct xdr_stream *xdr,
109598 - struct nfs_locku_args *args)
109599 +static void nfs4_xdr_enc_locku(void *req, struct xdr_stream *xdr,
109600 + void *_args)
109601 {
109602 + struct nfs_locku_args *args = _args;
109603 struct compound_hdr hdr = {
109604 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109605 };
109606 @@ -2383,10 +2399,11 @@ static void nfs4_xdr_enc_locku(struct rpc_rqst *req, struct xdr_stream *xdr,
109607 encode_nops(&hdr);
109608 }
109609
109610 -static void nfs4_xdr_enc_release_lockowner(struct rpc_rqst *req,
109611 +static void nfs4_xdr_enc_release_lockowner(void *req,
109612 struct xdr_stream *xdr,
109613 - struct nfs_release_lockowner_args *args)
109614 + void *_args)
109615 {
109616 + struct nfs_release_lockowner_args *args = _args;
109617 struct compound_hdr hdr = {
109618 .minorversion = 0,
109619 };
109620 @@ -2399,9 +2416,11 @@ static void nfs4_xdr_enc_release_lockowner(struct rpc_rqst *req,
109621 /*
109622 * Encode a READLINK request
109623 */
109624 -static void nfs4_xdr_enc_readlink(struct rpc_rqst *req, struct xdr_stream *xdr,
109625 - const struct nfs4_readlink *args)
109626 +static void nfs4_xdr_enc_readlink(void *_req, struct xdr_stream *xdr,
109627 + void *_args)
109628 {
109629 + struct rpc_rqst *req = _req;
109630 + const struct nfs4_readlink *args = _args;
109631 struct compound_hdr hdr = {
109632 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109633 };
109634 @@ -2419,9 +2438,11 @@ static void nfs4_xdr_enc_readlink(struct rpc_rqst *req, struct xdr_stream *xdr,
109635 /*
109636 * Encode a READDIR request
109637 */
109638 -static void nfs4_xdr_enc_readdir(struct rpc_rqst *req, struct xdr_stream *xdr,
109639 - const struct nfs4_readdir_arg *args)
109640 +static void nfs4_xdr_enc_readdir(void *_req, struct xdr_stream *xdr,
109641 + void *_args)
109642 {
109643 + struct rpc_rqst *req = _req;
109644 + const struct nfs4_readdir_arg *args = _args;
109645 struct compound_hdr hdr = {
109646 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109647 };
109648 @@ -2442,9 +2463,11 @@ static void nfs4_xdr_enc_readdir(struct rpc_rqst *req, struct xdr_stream *xdr,
109649 /*
109650 * Encode a READ request
109651 */
109652 -static void nfs4_xdr_enc_read(struct rpc_rqst *req, struct xdr_stream *xdr,
109653 - struct nfs_pgio_args *args)
109654 +static void nfs4_xdr_enc_read(void *_req, struct xdr_stream *xdr,
109655 + void *_args)
109656 {
109657 + struct rpc_rqst *req = _req;
109658 + struct nfs_pgio_args *args = _args;
109659 struct compound_hdr hdr = {
109660 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109661 };
109662 @@ -2463,9 +2486,11 @@ static void nfs4_xdr_enc_read(struct rpc_rqst *req, struct xdr_stream *xdr,
109663 /*
109664 * Encode an SETATTR request
109665 */
109666 -static void nfs4_xdr_enc_setattr(struct rpc_rqst *req, struct xdr_stream *xdr,
109667 - struct nfs_setattrargs *args)
109668 +static void nfs4_xdr_enc_setattr(void *_req, struct xdr_stream *xdr,
109669 + void *_args)
109670 {
109671 + struct rpc_rqst *req = _req;
109672 + struct nfs_setattrargs *args = _args;
109673 struct compound_hdr hdr = {
109674 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109675 };
109676 @@ -2481,9 +2506,11 @@ static void nfs4_xdr_enc_setattr(struct rpc_rqst *req, struct xdr_stream *xdr,
109677 /*
109678 * Encode a GETACL request
109679 */
109680 -static void nfs4_xdr_enc_getacl(struct rpc_rqst *req, struct xdr_stream *xdr,
109681 - struct nfs_getaclargs *args)
109682 +static void nfs4_xdr_enc_getacl(void *_req, struct xdr_stream *xdr,
109683 + void *_args)
109684 {
109685 + struct rpc_rqst *req = _req;
109686 + struct nfs_getaclargs *args = _args;
109687 struct compound_hdr hdr = {
109688 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109689 };
109690 @@ -2504,9 +2531,11 @@ static void nfs4_xdr_enc_getacl(struct rpc_rqst *req, struct xdr_stream *xdr,
109691 /*
109692 * Encode a WRITE request
109693 */
109694 -static void nfs4_xdr_enc_write(struct rpc_rqst *req, struct xdr_stream *xdr,
109695 - struct nfs_pgio_args *args)
109696 +static void nfs4_xdr_enc_write(void *_req, struct xdr_stream *xdr,
109697 + void *_args)
109698 {
109699 + struct rpc_rqst *req = _req;
109700 + struct nfs_pgio_args *args = _args;
109701 struct compound_hdr hdr = {
109702 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109703 };
109704 @@ -2524,9 +2553,10 @@ static void nfs4_xdr_enc_write(struct rpc_rqst *req, struct xdr_stream *xdr,
109705 /*
109706 * a COMMIT request
109707 */
109708 -static void nfs4_xdr_enc_commit(struct rpc_rqst *req, struct xdr_stream *xdr,
109709 - struct nfs_commitargs *args)
109710 +static void nfs4_xdr_enc_commit(void *req, struct xdr_stream *xdr,
109711 + void *_args)
109712 {
109713 + struct nfs_commitargs *args = _args;
109714 struct compound_hdr hdr = {
109715 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109716 };
109717 @@ -2541,9 +2571,10 @@ static void nfs4_xdr_enc_commit(struct rpc_rqst *req, struct xdr_stream *xdr,
109718 /*
109719 * FSINFO request
109720 */
109721 -static void nfs4_xdr_enc_fsinfo(struct rpc_rqst *req, struct xdr_stream *xdr,
109722 - struct nfs4_fsinfo_arg *args)
109723 +static void nfs4_xdr_enc_fsinfo(void *req, struct xdr_stream *xdr,
109724 + void *_args)
109725 {
109726 + struct nfs4_fsinfo_arg *args = _args;
109727 struct compound_hdr hdr = {
109728 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109729 };
109730 @@ -2558,9 +2589,10 @@ static void nfs4_xdr_enc_fsinfo(struct rpc_rqst *req, struct xdr_stream *xdr,
109731 /*
109732 * a PATHCONF request
109733 */
109734 -static void nfs4_xdr_enc_pathconf(struct rpc_rqst *req, struct xdr_stream *xdr,
109735 - const struct nfs4_pathconf_arg *args)
109736 +static void nfs4_xdr_enc_pathconf(void *req, struct xdr_stream *xdr,
109737 + void *_args)
109738 {
109739 + const struct nfs4_pathconf_arg *args = _args;
109740 struct compound_hdr hdr = {
109741 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109742 };
109743 @@ -2576,9 +2608,10 @@ static void nfs4_xdr_enc_pathconf(struct rpc_rqst *req, struct xdr_stream *xdr,
109744 /*
109745 * a STATFS request
109746 */
109747 -static void nfs4_xdr_enc_statfs(struct rpc_rqst *req, struct xdr_stream *xdr,
109748 - const struct nfs4_statfs_arg *args)
109749 +static void nfs4_xdr_enc_statfs(void *req, struct xdr_stream *xdr,
109750 + void *_args)
109751 {
109752 + const struct nfs4_statfs_arg *args = _args;
109753 struct compound_hdr hdr = {
109754 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109755 };
109756 @@ -2594,10 +2627,11 @@ static void nfs4_xdr_enc_statfs(struct rpc_rqst *req, struct xdr_stream *xdr,
109757 /*
109758 * GETATTR_BITMAP request
109759 */
109760 -static void nfs4_xdr_enc_server_caps(struct rpc_rqst *req,
109761 +static void nfs4_xdr_enc_server_caps(void *req,
109762 struct xdr_stream *xdr,
109763 - struct nfs4_server_caps_arg *args)
109764 + void *_args)
109765 {
109766 + struct nfs4_server_caps_arg *args = _args;
109767 const u32 *bitmask = args->bitmask;
109768 struct compound_hdr hdr = {
109769 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109770 @@ -2613,9 +2647,10 @@ static void nfs4_xdr_enc_server_caps(struct rpc_rqst *req,
109771 /*
109772 * a RENEW request
109773 */
109774 -static void nfs4_xdr_enc_renew(struct rpc_rqst *req, struct xdr_stream *xdr,
109775 - struct nfs_client *clp)
109776 +static void nfs4_xdr_enc_renew(void *req, struct xdr_stream *xdr,
109777 + void *_clp)
109778 {
109779 + struct nfs_client *clp = _clp;
109780 struct compound_hdr hdr = {
109781 .nops = 0,
109782 };
109783 @@ -2628,9 +2663,9 @@ static void nfs4_xdr_enc_renew(struct rpc_rqst *req, struct xdr_stream *xdr,
109784 /*
109785 * a SETCLIENTID request
109786 */
109787 -static void nfs4_xdr_enc_setclientid(struct rpc_rqst *req,
109788 +static void nfs4_xdr_enc_setclientid(void *req,
109789 struct xdr_stream *xdr,
109790 - struct nfs4_setclientid *sc)
109791 + void *sc)
109792 {
109793 struct compound_hdr hdr = {
109794 .nops = 0,
109795 @@ -2644,9 +2679,9 @@ static void nfs4_xdr_enc_setclientid(struct rpc_rqst *req,
109796 /*
109797 * a SETCLIENTID_CONFIRM request
109798 */
109799 -static void nfs4_xdr_enc_setclientid_confirm(struct rpc_rqst *req,
109800 +static void nfs4_xdr_enc_setclientid_confirm(void *req,
109801 struct xdr_stream *xdr,
109802 - struct nfs4_setclientid_res *arg)
109803 + void *arg)
109804 {
109805 struct compound_hdr hdr = {
109806 .nops = 0,
109807 @@ -2660,10 +2695,11 @@ static void nfs4_xdr_enc_setclientid_confirm(struct rpc_rqst *req,
109808 /*
109809 * DELEGRETURN request
109810 */
109811 -static void nfs4_xdr_enc_delegreturn(struct rpc_rqst *req,
109812 +static void nfs4_xdr_enc_delegreturn(void *req,
109813 struct xdr_stream *xdr,
109814 - const struct nfs4_delegreturnargs *args)
109815 + void *_args)
109816 {
109817 + const struct nfs4_delegreturnargs *args = _args;
109818 struct compound_hdr hdr = {
109819 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109820 };
109821 @@ -2679,10 +2715,12 @@ static void nfs4_xdr_enc_delegreturn(struct rpc_rqst *req,
109822 /*
109823 * Encode FS_LOCATIONS request
109824 */
109825 -static void nfs4_xdr_enc_fs_locations(struct rpc_rqst *req,
109826 +static void nfs4_xdr_enc_fs_locations(void *_req,
109827 struct xdr_stream *xdr,
109828 - struct nfs4_fs_locations_arg *args)
109829 + void *_args)
109830 {
109831 + struct rpc_rqst *req = _req;
109832 + struct nfs4_fs_locations_arg *args = _args;
109833 struct compound_hdr hdr = {
109834 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109835 };
109836 @@ -2712,10 +2750,11 @@ static void nfs4_xdr_enc_fs_locations(struct rpc_rqst *req,
109837 /*
109838 * Encode SECINFO request
109839 */
109840 -static void nfs4_xdr_enc_secinfo(struct rpc_rqst *req,
109841 +static void nfs4_xdr_enc_secinfo(void *req,
109842 struct xdr_stream *xdr,
109843 - struct nfs4_secinfo_arg *args)
109844 + void *_args)
109845 {
109846 + struct nfs4_secinfo_arg *args = _args;
109847 struct compound_hdr hdr = {
109848 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109849 };
109850 @@ -2730,10 +2769,11 @@ static void nfs4_xdr_enc_secinfo(struct rpc_rqst *req,
109851 /*
109852 * Encode FSID_PRESENT request
109853 */
109854 -static void nfs4_xdr_enc_fsid_present(struct rpc_rqst *req,
109855 +static void nfs4_xdr_enc_fsid_present(void *req,
109856 struct xdr_stream *xdr,
109857 - struct nfs4_fsid_present_arg *args)
109858 + void *_args)
109859 {
109860 + struct nfs4_fsid_present_arg *args = _args;
109861 struct compound_hdr hdr = {
109862 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109863 };
109864 @@ -2751,10 +2791,11 @@ static void nfs4_xdr_enc_fsid_present(struct rpc_rqst *req,
109865 /*
109866 * BIND_CONN_TO_SESSION request
109867 */
109868 -static void nfs4_xdr_enc_bind_conn_to_session(struct rpc_rqst *req,
109869 +static void nfs4_xdr_enc_bind_conn_to_session(void *req,
109870 struct xdr_stream *xdr,
109871 - struct nfs41_bind_conn_to_session_args *args)
109872 + void *_args)
109873 {
109874 + struct nfs41_bind_conn_to_session_args *args = _args;
109875 struct compound_hdr hdr = {
109876 .minorversion = args->client->cl_mvops->minor_version,
109877 };
109878 @@ -2767,10 +2808,11 @@ static void nfs4_xdr_enc_bind_conn_to_session(struct rpc_rqst *req,
109879 /*
109880 * EXCHANGE_ID request
109881 */
109882 -static void nfs4_xdr_enc_exchange_id(struct rpc_rqst *req,
109883 +static void nfs4_xdr_enc_exchange_id(void *req,
109884 struct xdr_stream *xdr,
109885 - struct nfs41_exchange_id_args *args)
109886 + void *_args)
109887 {
109888 + struct nfs41_exchange_id_args *args = _args;
109889 struct compound_hdr hdr = {
109890 .minorversion = args->client->cl_mvops->minor_version,
109891 };
109892 @@ -2783,10 +2825,11 @@ static void nfs4_xdr_enc_exchange_id(struct rpc_rqst *req,
109893 /*
109894 * a CREATE_SESSION request
109895 */
109896 -static void nfs4_xdr_enc_create_session(struct rpc_rqst *req,
109897 +static void nfs4_xdr_enc_create_session(void *req,
109898 struct xdr_stream *xdr,
109899 - struct nfs41_create_session_args *args)
109900 + void *_args)
109901 {
109902 + struct nfs41_create_session_args *args = _args;
109903 struct compound_hdr hdr = {
109904 .minorversion = args->client->cl_mvops->minor_version,
109905 };
109906 @@ -2799,10 +2842,11 @@ static void nfs4_xdr_enc_create_session(struct rpc_rqst *req,
109907 /*
109908 * a DESTROY_SESSION request
109909 */
109910 -static void nfs4_xdr_enc_destroy_session(struct rpc_rqst *req,
109911 +static void nfs4_xdr_enc_destroy_session(void *req,
109912 struct xdr_stream *xdr,
109913 - struct nfs4_session *session)
109914 + void *_session)
109915 {
109916 + struct nfs4_session *session = _session;
109917 struct compound_hdr hdr = {
109918 .minorversion = session->clp->cl_mvops->minor_version,
109919 };
109920 @@ -2815,10 +2859,11 @@ static void nfs4_xdr_enc_destroy_session(struct rpc_rqst *req,
109921 /*
109922 * a DESTROY_CLIENTID request
109923 */
109924 -static void nfs4_xdr_enc_destroy_clientid(struct rpc_rqst *req,
109925 +static void nfs4_xdr_enc_destroy_clientid(void *req,
109926 struct xdr_stream *xdr,
109927 - struct nfs_client *clp)
109928 + void *_clp)
109929 {
109930 + struct nfs_client *clp = _clp;
109931 struct compound_hdr hdr = {
109932 .minorversion = clp->cl_mvops->minor_version,
109933 };
109934 @@ -2831,8 +2876,8 @@ static void nfs4_xdr_enc_destroy_clientid(struct rpc_rqst *req,
109935 /*
109936 * a SEQUENCE request
109937 */
109938 -static void nfs4_xdr_enc_sequence(struct rpc_rqst *req, struct xdr_stream *xdr,
109939 - struct nfs4_sequence_args *args)
109940 +static void nfs4_xdr_enc_sequence(void *req, struct xdr_stream *xdr,
109941 + void *args)
109942 {
109943 struct compound_hdr hdr = {
109944 .minorversion = nfs4_xdr_minorversion(args),
109945 @@ -2846,10 +2891,11 @@ static void nfs4_xdr_enc_sequence(struct rpc_rqst *req, struct xdr_stream *xdr,
109946 /*
109947 * a GET_LEASE_TIME request
109948 */
109949 -static void nfs4_xdr_enc_get_lease_time(struct rpc_rqst *req,
109950 +static void nfs4_xdr_enc_get_lease_time(void *req,
109951 struct xdr_stream *xdr,
109952 - struct nfs4_get_lease_time_args *args)
109953 + void *_args)
109954 {
109955 + struct nfs4_get_lease_time_args *args = _args;
109956 struct compound_hdr hdr = {
109957 .minorversion = nfs4_xdr_minorversion(&args->la_seq_args),
109958 };
109959 @@ -2865,10 +2911,11 @@ static void nfs4_xdr_enc_get_lease_time(struct rpc_rqst *req,
109960 /*
109961 * a RECLAIM_COMPLETE request
109962 */
109963 -static void nfs4_xdr_enc_reclaim_complete(struct rpc_rqst *req,
109964 +static void nfs4_xdr_enc_reclaim_complete(void *req,
109965 struct xdr_stream *xdr,
109966 - struct nfs41_reclaim_complete_args *args)
109967 + void *_args)
109968 {
109969 + struct nfs41_reclaim_complete_args *args = _args;
109970 struct compound_hdr hdr = {
109971 .minorversion = nfs4_xdr_minorversion(&args->seq_args)
109972 };
109973 @@ -2882,10 +2929,12 @@ static void nfs4_xdr_enc_reclaim_complete(struct rpc_rqst *req,
109974 /*
109975 * Encode GETDEVICEINFO request
109976 */
109977 -static void nfs4_xdr_enc_getdeviceinfo(struct rpc_rqst *req,
109978 +static void nfs4_xdr_enc_getdeviceinfo(void *_req,
109979 struct xdr_stream *xdr,
109980 - struct nfs4_getdeviceinfo_args *args)
109981 + void *_args)
109982 {
109983 + struct rpc_rqst *req = _req;
109984 + struct nfs4_getdeviceinfo_args *args = _args;
109985 struct compound_hdr hdr = {
109986 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
109987 };
109988 @@ -2906,10 +2955,12 @@ static void nfs4_xdr_enc_getdeviceinfo(struct rpc_rqst *req,
109989 /*
109990 * Encode LAYOUTGET request
109991 */
109992 -static void nfs4_xdr_enc_layoutget(struct rpc_rqst *req,
109993 +static void nfs4_xdr_enc_layoutget(void *_req,
109994 struct xdr_stream *xdr,
109995 - struct nfs4_layoutget_args *args)
109996 + void *_args)
109997 {
109998 + struct rpc_rqst *req = _req;
109999 + struct nfs4_layoutget_args *args = _args;
110000 struct compound_hdr hdr = {
110001 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
110002 };
110003 @@ -2928,10 +2979,11 @@ static void nfs4_xdr_enc_layoutget(struct rpc_rqst *req,
110004 /*
110005 * Encode LAYOUTCOMMIT request
110006 */
110007 -static void nfs4_xdr_enc_layoutcommit(struct rpc_rqst *req,
110008 +static void nfs4_xdr_enc_layoutcommit(void *req,
110009 struct xdr_stream *xdr,
110010 - struct nfs4_layoutcommit_args *args)
110011 + void *_args)
110012 {
110013 + struct nfs4_layoutcommit_args *args = _args;
110014 struct nfs4_layoutcommit_data *data =
110015 container_of(args, struct nfs4_layoutcommit_data, args);
110016 struct compound_hdr hdr = {
110017 @@ -2949,10 +3001,11 @@ static void nfs4_xdr_enc_layoutcommit(struct rpc_rqst *req,
110018 /*
110019 * Encode LAYOUTRETURN request
110020 */
110021 -static void nfs4_xdr_enc_layoutreturn(struct rpc_rqst *req,
110022 +static void nfs4_xdr_enc_layoutreturn(void *req,
110023 struct xdr_stream *xdr,
110024 - struct nfs4_layoutreturn_args *args)
110025 + void *_args)
110026 {
110027 + struct nfs4_layoutreturn_args *args = _args;
110028 struct compound_hdr hdr = {
110029 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
110030 };
110031 @@ -2967,10 +3020,11 @@ static void nfs4_xdr_enc_layoutreturn(struct rpc_rqst *req,
110032 /*
110033 * Encode SECINFO_NO_NAME request
110034 */
110035 -static int nfs4_xdr_enc_secinfo_no_name(struct rpc_rqst *req,
110036 +static void nfs4_xdr_enc_secinfo_no_name(void *req,
110037 struct xdr_stream *xdr,
110038 - struct nfs41_secinfo_no_name_args *args)
110039 + void *_args)
110040 {
110041 + struct nfs41_secinfo_no_name_args *args = _args;
110042 struct compound_hdr hdr = {
110043 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
110044 };
110045 @@ -2980,16 +3034,16 @@ static int nfs4_xdr_enc_secinfo_no_name(struct rpc_rqst *req,
110046 encode_putrootfh(xdr, &hdr);
110047 encode_secinfo_no_name(xdr, args, &hdr);
110048 encode_nops(&hdr);
110049 - return 0;
110050 }
110051
110052 /*
110053 * Encode TEST_STATEID request
110054 */
110055 -static void nfs4_xdr_enc_test_stateid(struct rpc_rqst *req,
110056 +static void nfs4_xdr_enc_test_stateid(void *req,
110057 struct xdr_stream *xdr,
110058 - struct nfs41_test_stateid_args *args)
110059 + void *_args)
110060 {
110061 + struct nfs41_test_stateid_args *args = _args;
110062 struct compound_hdr hdr = {
110063 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
110064 };
110065 @@ -3003,10 +3057,11 @@ static void nfs4_xdr_enc_test_stateid(struct rpc_rqst *req,
110066 /*
110067 * Encode FREE_STATEID request
110068 */
110069 -static void nfs4_xdr_enc_free_stateid(struct rpc_rqst *req,
110070 +static void nfs4_xdr_enc_free_stateid(void *req,
110071 struct xdr_stream *xdr,
110072 - struct nfs41_free_stateid_args *args)
110073 + void *_args)
110074 {
110075 + struct nfs41_free_stateid_args *args = _args;
110076 struct compound_hdr hdr = {
110077 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
110078 };
110079 @@ -6096,10 +6151,11 @@ static int decode_free_stateid(struct xdr_stream *xdr,
110080 /*
110081 * Decode OPEN_DOWNGRADE response
110082 */
110083 -static int nfs4_xdr_dec_open_downgrade(struct rpc_rqst *rqstp,
110084 +static int nfs4_xdr_dec_open_downgrade(void *rqstp,
110085 struct xdr_stream *xdr,
110086 - struct nfs_closeres *res)
110087 + void *_res)
110088 {
110089 + struct nfs_closeres *res = _res;
110090 struct compound_hdr hdr;
110091 int status;
110092
110093 @@ -6123,9 +6179,10 @@ out:
110094 /*
110095 * Decode ACCESS response
110096 */
110097 -static int nfs4_xdr_dec_access(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110098 - struct nfs4_accessres *res)
110099 +static int nfs4_xdr_dec_access(void *rqstp, struct xdr_stream *xdr,
110100 + void *_res)
110101 {
110102 + struct nfs4_accessres *res = _res;
110103 struct compound_hdr hdr;
110104 int status;
110105
110106 @@ -6149,9 +6206,10 @@ out:
110107 /*
110108 * Decode LOOKUP response
110109 */
110110 -static int nfs4_xdr_dec_lookup(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110111 - struct nfs4_lookup_res *res)
110112 +static int nfs4_xdr_dec_lookup(void *rqstp, struct xdr_stream *xdr,
110113 + void *_res)
110114 {
110115 + struct nfs4_lookup_res *res = _res;
110116 struct compound_hdr hdr;
110117 int status;
110118
110119 @@ -6178,10 +6236,11 @@ out:
110120 /*
110121 * Decode LOOKUP_ROOT response
110122 */
110123 -static int nfs4_xdr_dec_lookup_root(struct rpc_rqst *rqstp,
110124 +static int nfs4_xdr_dec_lookup_root(void *rqstp,
110125 struct xdr_stream *xdr,
110126 - struct nfs4_lookup_res *res)
110127 + void *_res)
110128 {
110129 + struct nfs4_lookup_res *res = _res;
110130 struct compound_hdr hdr;
110131 int status;
110132
110133 @@ -6205,9 +6264,10 @@ out:
110134 /*
110135 * Decode REMOVE response
110136 */
110137 -static int nfs4_xdr_dec_remove(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110138 - struct nfs_removeres *res)
110139 +static int nfs4_xdr_dec_remove(void *rqstp, struct xdr_stream *xdr,
110140 + void *_res)
110141 {
110142 + struct nfs_removeres *res = _res;
110143 struct compound_hdr hdr;
110144 int status;
110145
110146 @@ -6228,9 +6288,10 @@ out:
110147 /*
110148 * Decode RENAME response
110149 */
110150 -static int nfs4_xdr_dec_rename(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110151 - struct nfs_renameres *res)
110152 +static int nfs4_xdr_dec_rename(void *rqstp, struct xdr_stream *xdr,
110153 + void *_res)
110154 {
110155 + struct nfs_renameres *res = _res;
110156 struct compound_hdr hdr;
110157 int status;
110158
110159 @@ -6257,9 +6318,10 @@ out:
110160 /*
110161 * Decode LINK response
110162 */
110163 -static int nfs4_xdr_dec_link(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110164 - struct nfs4_link_res *res)
110165 +static int nfs4_xdr_dec_link(void *rqstp, struct xdr_stream *xdr,
110166 + void *_res)
110167 {
110168 + struct nfs4_link_res *res = _res;
110169 struct compound_hdr hdr;
110170 int status;
110171
110172 @@ -6296,9 +6358,10 @@ out:
110173 /*
110174 * Decode CREATE response
110175 */
110176 -static int nfs4_xdr_dec_create(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110177 - struct nfs4_create_res *res)
110178 +static int nfs4_xdr_dec_create(void *rqstp, struct xdr_stream *xdr,
110179 + void *_res)
110180 {
110181 + struct nfs4_create_res *res = _res;
110182 struct compound_hdr hdr;
110183 int status;
110184
110185 @@ -6325,8 +6388,8 @@ out:
110186 /*
110187 * Decode SYMLINK response
110188 */
110189 -static int nfs4_xdr_dec_symlink(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110190 - struct nfs4_create_res *res)
110191 +static int nfs4_xdr_dec_symlink(void *rqstp, struct xdr_stream *xdr,
110192 + void *res)
110193 {
110194 return nfs4_xdr_dec_create(rqstp, xdr, res);
110195 }
110196 @@ -6334,9 +6397,10 @@ static int nfs4_xdr_dec_symlink(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110197 /*
110198 * Decode GETATTR response
110199 */
110200 -static int nfs4_xdr_dec_getattr(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110201 - struct nfs4_getattr_res *res)
110202 +static int nfs4_xdr_dec_getattr(void *rqstp, struct xdr_stream *xdr,
110203 + void *_res)
110204 {
110205 + struct nfs4_getattr_res *res = _res;
110206 struct compound_hdr hdr;
110207 int status;
110208
110209 @@ -6357,9 +6421,10 @@ out:
110210 /*
110211 * Encode an SETACL request
110212 */
110213 -static void nfs4_xdr_enc_setacl(struct rpc_rqst *req, struct xdr_stream *xdr,
110214 - struct nfs_setaclargs *args)
110215 +static void nfs4_xdr_enc_setacl(void *req, struct xdr_stream *xdr,
110216 + void *_args)
110217 {
110218 + struct nfs_setaclargs *args = _args;
110219 struct compound_hdr hdr = {
110220 .minorversion = nfs4_xdr_minorversion(&args->seq_args),
110221 };
110222 @@ -6375,9 +6440,10 @@ static void nfs4_xdr_enc_setacl(struct rpc_rqst *req, struct xdr_stream *xdr,
110223 * Decode SETACL response
110224 */
110225 static int
110226 -nfs4_xdr_dec_setacl(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110227 - struct nfs_setaclres *res)
110228 +nfs4_xdr_dec_setacl(void *rqstp, struct xdr_stream *xdr,
110229 + void *_res)
110230 {
110231 + struct nfs_setaclres *res = _res;
110232 struct compound_hdr hdr;
110233 int status;
110234
110235 @@ -6399,9 +6465,10 @@ out:
110236 * Decode GETACL response
110237 */
110238 static int
110239 -nfs4_xdr_dec_getacl(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110240 - struct nfs_getaclres *res)
110241 +nfs4_xdr_dec_getacl(void *rqstp, struct xdr_stream *xdr,
110242 + void *_res)
110243 {
110244 + struct nfs_getaclres *res = _res;
110245 struct compound_hdr hdr;
110246 int status;
110247
110248 @@ -6427,9 +6494,10 @@ out:
110249 /*
110250 * Decode CLOSE response
110251 */
110252 -static int nfs4_xdr_dec_close(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110253 - struct nfs_closeres *res)
110254 +static int nfs4_xdr_dec_close(void *rqstp, struct xdr_stream *xdr,
110255 + void *_res)
110256 {
110257 + struct nfs_closeres *res = _res;
110258 struct compound_hdr hdr;
110259 int status;
110260
110261 @@ -6459,9 +6527,10 @@ out:
110262 /*
110263 * Decode OPEN response
110264 */
110265 -static int nfs4_xdr_dec_open(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110266 - struct nfs_openres *res)
110267 +static int nfs4_xdr_dec_open(void *rqstp, struct xdr_stream *xdr,
110268 + void *_res)
110269 {
110270 + struct nfs_openres *res = _res;
110271 struct compound_hdr hdr;
110272 int status;
110273
110274 @@ -6490,9 +6559,9 @@ out:
110275 /*
110276 * Decode OPEN_CONFIRM response
110277 */
110278 -static int nfs4_xdr_dec_open_confirm(struct rpc_rqst *rqstp,
110279 +static int nfs4_xdr_dec_open_confirm(void *rqstp,
110280 struct xdr_stream *xdr,
110281 - struct nfs_open_confirmres *res)
110282 + void *res)
110283 {
110284 struct compound_hdr hdr;
110285 int status;
110286 @@ -6511,10 +6580,11 @@ out:
110287 /*
110288 * Decode OPEN response
110289 */
110290 -static int nfs4_xdr_dec_open_noattr(struct rpc_rqst *rqstp,
110291 +static int nfs4_xdr_dec_open_noattr(void *rqstp,
110292 struct xdr_stream *xdr,
110293 - struct nfs_openres *res)
110294 + void *_res)
110295 {
110296 + struct nfs_openres *res = _res;
110297 struct compound_hdr hdr;
110298 int status;
110299
110300 @@ -6540,10 +6610,11 @@ out:
110301 /*
110302 * Decode SETATTR response
110303 */
110304 -static int nfs4_xdr_dec_setattr(struct rpc_rqst *rqstp,
110305 +static int nfs4_xdr_dec_setattr(void *rqstp,
110306 struct xdr_stream *xdr,
110307 - struct nfs_setattrres *res)
110308 + void *_res)
110309 {
110310 + struct nfs_setattrres *res = _res;
110311 struct compound_hdr hdr;
110312 int status;
110313
110314 @@ -6567,9 +6638,10 @@ out:
110315 /*
110316 * Decode LOCK response
110317 */
110318 -static int nfs4_xdr_dec_lock(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110319 - struct nfs_lock_res *res)
110320 +static int nfs4_xdr_dec_lock(void *rqstp, struct xdr_stream *xdr,
110321 + void *_res)
110322 {
110323 + struct nfs_lock_res *res = _res;
110324 struct compound_hdr hdr;
110325 int status;
110326
110327 @@ -6590,9 +6662,10 @@ out:
110328 /*
110329 * Decode LOCKT response
110330 */
110331 -static int nfs4_xdr_dec_lockt(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110332 - struct nfs_lockt_res *res)
110333 +static int nfs4_xdr_dec_lockt(void *rqstp, struct xdr_stream *xdr,
110334 + void *_res)
110335 {
110336 + struct nfs_lockt_res *res = _res;
110337 struct compound_hdr hdr;
110338 int status;
110339
110340 @@ -6613,9 +6686,10 @@ out:
110341 /*
110342 * Decode LOCKU response
110343 */
110344 -static int nfs4_xdr_dec_locku(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110345 - struct nfs_locku_res *res)
110346 +static int nfs4_xdr_dec_locku(void *rqstp, struct xdr_stream *xdr,
110347 + void *_res)
110348 {
110349 + struct nfs_locku_res *res = _res;
110350 struct compound_hdr hdr;
110351 int status;
110352
110353 @@ -6633,7 +6707,7 @@ out:
110354 return status;
110355 }
110356
110357 -static int nfs4_xdr_dec_release_lockowner(struct rpc_rqst *rqstp,
110358 +static int nfs4_xdr_dec_release_lockowner(void *rqstp,
110359 struct xdr_stream *xdr, void *dummy)
110360 {
110361 struct compound_hdr hdr;
110362 @@ -6648,10 +6722,11 @@ static int nfs4_xdr_dec_release_lockowner(struct rpc_rqst *rqstp,
110363 /*
110364 * Decode READLINK response
110365 */
110366 -static int nfs4_xdr_dec_readlink(struct rpc_rqst *rqstp,
110367 +static int nfs4_xdr_dec_readlink(void *rqstp,
110368 struct xdr_stream *xdr,
110369 - struct nfs4_readlink_res *res)
110370 + void *_res)
110371 {
110372 + struct nfs4_readlink_res *res = _res;
110373 struct compound_hdr hdr;
110374 int status;
110375
110376 @@ -6672,9 +6747,10 @@ out:
110377 /*
110378 * Decode READDIR response
110379 */
110380 -static int nfs4_xdr_dec_readdir(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110381 - struct nfs4_readdir_res *res)
110382 +static int nfs4_xdr_dec_readdir(void *rqstp, struct xdr_stream *xdr,
110383 + void *_res)
110384 {
110385 + struct nfs4_readdir_res *res = _res;
110386 struct compound_hdr hdr;
110387 int status;
110388
110389 @@ -6695,9 +6771,10 @@ out:
110390 /*
110391 * Decode Read response
110392 */
110393 -static int nfs4_xdr_dec_read(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110394 - struct nfs_pgio_res *res)
110395 +static int nfs4_xdr_dec_read(void *rqstp, struct xdr_stream *xdr,
110396 + void *_res)
110397 {
110398 + struct nfs_pgio_res *res = _res;
110399 struct compound_hdr hdr;
110400 int status;
110401
110402 @@ -6721,9 +6798,10 @@ out:
110403 /*
110404 * Decode WRITE response
110405 */
110406 -static int nfs4_xdr_dec_write(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110407 - struct nfs_pgio_res *res)
110408 +static int nfs4_xdr_dec_write(void *rqstp, struct xdr_stream *xdr,
110409 + void *_res)
110410 {
110411 + struct nfs_pgio_res *res = _res;
110412 struct compound_hdr hdr;
110413 int status;
110414
110415 @@ -6751,9 +6829,10 @@ out:
110416 /*
110417 * Decode COMMIT response
110418 */
110419 -static int nfs4_xdr_dec_commit(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110420 - struct nfs_commitres *res)
110421 +static int nfs4_xdr_dec_commit(void *rqstp, struct xdr_stream *xdr,
110422 + void *_res)
110423 {
110424 + struct nfs_commitres *res = _res;
110425 struct compound_hdr hdr;
110426 int status;
110427
110428 @@ -6775,9 +6854,10 @@ out:
110429 /*
110430 * Decode FSINFO response
110431 */
110432 -static int nfs4_xdr_dec_fsinfo(struct rpc_rqst *req, struct xdr_stream *xdr,
110433 - struct nfs4_fsinfo_res *res)
110434 +static int nfs4_xdr_dec_fsinfo(void *req, struct xdr_stream *xdr,
110435 + void *_res)
110436 {
110437 + struct nfs4_fsinfo_res *res = _res;
110438 struct compound_hdr hdr;
110439 int status;
110440
110441 @@ -6794,9 +6874,10 @@ static int nfs4_xdr_dec_fsinfo(struct rpc_rqst *req, struct xdr_stream *xdr,
110442 /*
110443 * Decode PATHCONF response
110444 */
110445 -static int nfs4_xdr_dec_pathconf(struct rpc_rqst *req, struct xdr_stream *xdr,
110446 - struct nfs4_pathconf_res *res)
110447 +static int nfs4_xdr_dec_pathconf(void *req, struct xdr_stream *xdr,
110448 + void *_res)
110449 {
110450 + struct nfs4_pathconf_res *res = _res;
110451 struct compound_hdr hdr;
110452 int status;
110453
110454 @@ -6813,9 +6894,10 @@ static int nfs4_xdr_dec_pathconf(struct rpc_rqst *req, struct xdr_stream *xdr,
110455 /*
110456 * Decode STATFS response
110457 */
110458 -static int nfs4_xdr_dec_statfs(struct rpc_rqst *req, struct xdr_stream *xdr,
110459 - struct nfs4_statfs_res *res)
110460 +static int nfs4_xdr_dec_statfs(void *req, struct xdr_stream *xdr,
110461 + void *_res)
110462 {
110463 + struct nfs4_statfs_res *res = _res;
110464 struct compound_hdr hdr;
110465 int status;
110466
110467 @@ -6832,10 +6914,11 @@ static int nfs4_xdr_dec_statfs(struct rpc_rqst *req, struct xdr_stream *xdr,
110468 /*
110469 * Decode GETATTR_BITMAP response
110470 */
110471 -static int nfs4_xdr_dec_server_caps(struct rpc_rqst *req,
110472 +static int nfs4_xdr_dec_server_caps(void *req,
110473 struct xdr_stream *xdr,
110474 - struct nfs4_server_caps_res *res)
110475 + void *_res)
110476 {
110477 + struct nfs4_server_caps_res *res = _res;
110478 struct compound_hdr hdr;
110479 int status;
110480
110481 @@ -6856,7 +6939,7 @@ out:
110482 /*
110483 * Decode RENEW response
110484 */
110485 -static int nfs4_xdr_dec_renew(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110486 +static int nfs4_xdr_dec_renew(void *rqstp, struct xdr_stream *xdr,
110487 void *__unused)
110488 {
110489 struct compound_hdr hdr;
110490 @@ -6871,9 +6954,9 @@ static int nfs4_xdr_dec_renew(struct rpc_rqst *rqstp, struct xdr_stream *xdr,
110491 /*
110492 * Decode SETCLIENTID response
110493 */
110494 -static int nfs4_xdr_dec_setclientid(struct rpc_rqst *req,
110495 +static int nfs4_xdr_dec_setclientid(void *req,
110496 struct xdr_stream *xdr,
110497 - struct nfs4_setclientid_res *res)
110498 + void *res)
110499 {
110500 struct compound_hdr hdr;
110501 int status;
110502 @@ -6887,8 +6970,9 @@ static int nfs4_xdr_dec_setclientid(struct rpc_rqst *req,
110503 /*
110504 * Decode SETCLIENTID_CONFIRM response
110505 */
110506 -static int nfs4_xdr_dec_setclientid_confirm(struct rpc_rqst *req,
110507 - struct xdr_stream *xdr)
110508 +static int nfs4_xdr_dec_setclientid_confirm(void *req,
110509 + struct xdr_stream *xdr,
110510 + void *res)
110511 {
110512 struct compound_hdr hdr;
110513 int status;
110514 @@ -6902,10 +6986,11 @@ static int nfs4_xdr_dec_setclientid_confirm(struct rpc_rqst *req,
110515 /*
110516 * Decode DELEGRETURN response
110517 */
110518 -static int nfs4_xdr_dec_delegreturn(struct rpc_rqst *rqstp,
110519 +static int nfs4_xdr_dec_delegreturn(void *rqstp,
110520 struct xdr_stream *xdr,
110521 - struct nfs4_delegreturnres *res)
110522 + void *_res)
110523 {
110524 + struct nfs4_delegreturnres *res = _res;
110525 struct compound_hdr hdr;
110526 int status;
110527
110528 @@ -6929,10 +7014,11 @@ out:
110529 /*
110530 * Decode FS_LOCATIONS response
110531 */
110532 -static int nfs4_xdr_dec_fs_locations(struct rpc_rqst *req,
110533 +static int nfs4_xdr_dec_fs_locations(void *req,
110534 struct xdr_stream *xdr,
110535 - struct nfs4_fs_locations_res *res)
110536 + void *_res)
110537 {
110538 + struct nfs4_fs_locations_res *res = _res;
110539 struct compound_hdr hdr;
110540 int status;
110541
110542 @@ -6972,10 +7058,11 @@ out:
110543 /*
110544 * Decode SECINFO response
110545 */
110546 -static int nfs4_xdr_dec_secinfo(struct rpc_rqst *rqstp,
110547 +static int nfs4_xdr_dec_secinfo(void *rqstp,
110548 struct xdr_stream *xdr,
110549 - struct nfs4_secinfo_res *res)
110550 + void *_res)
110551 {
110552 + struct nfs4_secinfo_res *res = _res;
110553 struct compound_hdr hdr;
110554 int status;
110555
110556 @@ -6996,10 +7083,11 @@ out:
110557 /*
110558 * Decode FSID_PRESENT response
110559 */
110560 -static int nfs4_xdr_dec_fsid_present(struct rpc_rqst *rqstp,
110561 +static int nfs4_xdr_dec_fsid_present(void *rqstp,
110562 struct xdr_stream *xdr,
110563 - struct nfs4_fsid_present_res *res)
110564 + void *_res)
110565 {
110566 + struct nfs4_fsid_present_res *res = _res;
110567 struct compound_hdr hdr;
110568 int status;
110569
110570 @@ -7025,7 +7113,7 @@ out:
110571 /*
110572 * Decode BIND_CONN_TO_SESSION response
110573 */
110574 -static int nfs4_xdr_dec_bind_conn_to_session(struct rpc_rqst *rqstp,
110575 +static int nfs4_xdr_dec_bind_conn_to_session(void *rqstp,
110576 struct xdr_stream *xdr,
110577 void *res)
110578 {
110579 @@ -7041,7 +7129,7 @@ static int nfs4_xdr_dec_bind_conn_to_session(struct rpc_rqst *rqstp,
110580 /*
110581 * Decode EXCHANGE_ID response
110582 */
110583 -static int nfs4_xdr_dec_exchange_id(struct rpc_rqst *rqstp,
110584 +static int nfs4_xdr_dec_exchange_id(void *rqstp,
110585 struct xdr_stream *xdr,
110586 void *res)
110587 {
110588 @@ -7057,9 +7145,9 @@ static int nfs4_xdr_dec_exchange_id(struct rpc_rqst *rqstp,
110589 /*
110590 * Decode CREATE_SESSION response
110591 */
110592 -static int nfs4_xdr_dec_create_session(struct rpc_rqst *rqstp,
110593 +static int nfs4_xdr_dec_create_session(void *rqstp,
110594 struct xdr_stream *xdr,
110595 - struct nfs41_create_session_res *res)
110596 + void *res)
110597 {
110598 struct compound_hdr hdr;
110599 int status;
110600 @@ -7073,7 +7161,7 @@ static int nfs4_xdr_dec_create_session(struct rpc_rqst *rqstp,
110601 /*
110602 * Decode DESTROY_SESSION response
110603 */
110604 -static int nfs4_xdr_dec_destroy_session(struct rpc_rqst *rqstp,
110605 +static int nfs4_xdr_dec_destroy_session(void *rqstp,
110606 struct xdr_stream *xdr,
110607 void *res)
110608 {
110609 @@ -7089,7 +7177,7 @@ static int nfs4_xdr_dec_destroy_session(struct rpc_rqst *rqstp,
110610 /*
110611 * Decode DESTROY_CLIENTID response
110612 */
110613 -static int nfs4_xdr_dec_destroy_clientid(struct rpc_rqst *rqstp,
110614 +static int nfs4_xdr_dec_destroy_clientid(void *rqstp,
110615 struct xdr_stream *xdr,
110616 void *res)
110617 {
110618 @@ -7105,9 +7193,9 @@ static int nfs4_xdr_dec_destroy_clientid(struct rpc_rqst *rqstp,
110619 /*
110620 * Decode SEQUENCE response
110621 */
110622 -static int nfs4_xdr_dec_sequence(struct rpc_rqst *rqstp,
110623 +static int nfs4_xdr_dec_sequence(void *rqstp,
110624 struct xdr_stream *xdr,
110625 - struct nfs4_sequence_res *res)
110626 + void *res)
110627 {
110628 struct compound_hdr hdr;
110629 int status;
110630 @@ -7121,10 +7209,11 @@ static int nfs4_xdr_dec_sequence(struct rpc_rqst *rqstp,
110631 /*
110632 * Decode GET_LEASE_TIME response
110633 */
110634 -static int nfs4_xdr_dec_get_lease_time(struct rpc_rqst *rqstp,
110635 +static int nfs4_xdr_dec_get_lease_time(void *rqstp,
110636 struct xdr_stream *xdr,
110637 - struct nfs4_get_lease_time_res *res)
110638 + void *_res)
110639 {
110640 + struct nfs4_get_lease_time_res *res = _res;
110641 struct compound_hdr hdr;
110642 int status;
110643
110644 @@ -7141,10 +7230,11 @@ static int nfs4_xdr_dec_get_lease_time(struct rpc_rqst *rqstp,
110645 /*
110646 * Decode RECLAIM_COMPLETE response
110647 */
110648 -static int nfs4_xdr_dec_reclaim_complete(struct rpc_rqst *rqstp,
110649 +static int nfs4_xdr_dec_reclaim_complete(void *rqstp,
110650 struct xdr_stream *xdr,
110651 - struct nfs41_reclaim_complete_res *res)
110652 + void *_res)
110653 {
110654 + struct nfs41_reclaim_complete_res *res = _res;
110655 struct compound_hdr hdr;
110656 int status;
110657
110658 @@ -7159,10 +7249,11 @@ static int nfs4_xdr_dec_reclaim_complete(struct rpc_rqst *rqstp,
110659 /*
110660 * Decode GETDEVINFO response
110661 */
110662 -static int nfs4_xdr_dec_getdeviceinfo(struct rpc_rqst *rqstp,
110663 +static int nfs4_xdr_dec_getdeviceinfo(void *rqstp,
110664 struct xdr_stream *xdr,
110665 - struct nfs4_getdeviceinfo_res *res)
110666 + void *_res)
110667 {
110668 + struct nfs4_getdeviceinfo_res *res = _res;
110669 struct compound_hdr hdr;
110670 int status;
110671
110672 @@ -7180,10 +7271,11 @@ out:
110673 /*
110674 * Decode LAYOUTGET response
110675 */
110676 -static int nfs4_xdr_dec_layoutget(struct rpc_rqst *rqstp,
110677 +static int nfs4_xdr_dec_layoutget(void *rqstp,
110678 struct xdr_stream *xdr,
110679 - struct nfs4_layoutget_res *res)
110680 + void *_res)
110681 {
110682 + struct nfs4_layoutget_res *res = _res;
110683 struct compound_hdr hdr;
110684 int status;
110685
110686 @@ -7204,10 +7296,11 @@ out:
110687 /*
110688 * Decode LAYOUTRETURN response
110689 */
110690 -static int nfs4_xdr_dec_layoutreturn(struct rpc_rqst *rqstp,
110691 +static int nfs4_xdr_dec_layoutreturn(void *rqstp,
110692 struct xdr_stream *xdr,
110693 - struct nfs4_layoutreturn_res *res)
110694 + void *_res)
110695 {
110696 + struct nfs4_layoutreturn_res *res = _res;
110697 struct compound_hdr hdr;
110698 int status;
110699
110700 @@ -7228,10 +7321,11 @@ out:
110701 /*
110702 * Decode LAYOUTCOMMIT response
110703 */
110704 -static int nfs4_xdr_dec_layoutcommit(struct rpc_rqst *rqstp,
110705 +static int nfs4_xdr_dec_layoutcommit(void *rqstp,
110706 struct xdr_stream *xdr,
110707 - struct nfs4_layoutcommit_res *res)
110708 + void *_res)
110709 {
110710 + struct nfs4_layoutcommit_res *res = _res;
110711 struct compound_hdr hdr;
110712 int status;
110713
110714 @@ -7255,10 +7349,11 @@ out:
110715 /*
110716 * Decode SECINFO_NO_NAME response
110717 */
110718 -static int nfs4_xdr_dec_secinfo_no_name(struct rpc_rqst *rqstp,
110719 +static int nfs4_xdr_dec_secinfo_no_name(void *rqstp,
110720 struct xdr_stream *xdr,
110721 - struct nfs4_secinfo_res *res)
110722 + void *_res)
110723 {
110724 + struct nfs4_secinfo_res *res = _res;
110725 struct compound_hdr hdr;
110726 int status;
110727
110728 @@ -7279,10 +7374,11 @@ out:
110729 /*
110730 * Decode TEST_STATEID response
110731 */
110732 -static int nfs4_xdr_dec_test_stateid(struct rpc_rqst *rqstp,
110733 +static int nfs4_xdr_dec_test_stateid(void *rqstp,
110734 struct xdr_stream *xdr,
110735 - struct nfs41_test_stateid_res *res)
110736 + void *_res)
110737 {
110738 + struct nfs41_test_stateid_res *res = _res;
110739 struct compound_hdr hdr;
110740 int status;
110741
110742 @@ -7300,10 +7396,11 @@ out:
110743 /*
110744 * Decode FREE_STATEID response
110745 */
110746 -static int nfs4_xdr_dec_free_stateid(struct rpc_rqst *rqstp,
110747 +static int nfs4_xdr_dec_free_stateid(void *rqstp,
110748 struct xdr_stream *xdr,
110749 - struct nfs41_free_stateid_res *res)
110750 + void *_res)
110751 {
110752 + struct nfs41_free_stateid_res *res = _res;
110753 struct compound_hdr hdr;
110754 int status;
110755
110756 @@ -7468,8 +7565,8 @@ nfs4_stat_to_errno(int stat)
110757 #define PROC(proc, argtype, restype) \
110758 [NFSPROC4_CLNT_##proc] = { \
110759 .p_proc = NFSPROC4_COMPOUND, \
110760 - .p_encode = (kxdreproc_t)nfs4_xdr_##argtype, \
110761 - .p_decode = (kxdrdproc_t)nfs4_xdr_##restype, \
110762 + .p_encode = nfs4_xdr_##argtype, \
110763 + .p_decode = nfs4_xdr_##restype, \
110764 .p_arglen = NFS4_##argtype##_sz, \
110765 .p_replen = NFS4_##restype##_sz, \
110766 .p_statidx = NFSPROC4_CLNT_##proc, \
110767 diff --git a/fs/nfs/read.c b/fs/nfs/read.c
110768 index 572e5b3..5245a0a 100644
110769 --- a/fs/nfs/read.c
110770 +++ b/fs/nfs/read.c
110771 @@ -346,7 +346,7 @@ struct nfs_readdesc {
110772 };
110773
110774 static int
110775 -readpage_async_filler(void *data, struct page *page)
110776 +readpage_async_filler(struct file *data, struct page *page)
110777 {
110778 struct nfs_readdesc *desc = (struct nfs_readdesc *)data;
110779 struct nfs_page *new;
110780 diff --git a/fs/nfs/symlink.c b/fs/nfs/symlink.c
110781 index 4fe3eea..8922b2b 100644
110782 --- a/fs/nfs/symlink.c
110783 +++ b/fs/nfs/symlink.c
110784 @@ -25,9 +25,10 @@
110785 * and straight-forward than readdir caching.
110786 */
110787
110788 -static int nfs_symlink_filler(struct inode *inode, struct page *page)
110789 +static int nfs_symlink_filler(struct file *_inode, struct page *page)
110790 {
110791 int error;
110792 + struct inode *inode = (struct inode *)_inode;
110793
110794 error = NFS_PROTO(inode)->readlink(inode, page, 0, PAGE_SIZE);
110795 if (error < 0)
110796 @@ -64,8 +65,7 @@ static const char *nfs_get_link(struct dentry *dentry,
110797 err = ERR_PTR(nfs_revalidate_mapping(inode, inode->i_mapping));
110798 if (err)
110799 return err;
110800 - page = read_cache_page(&inode->i_data, 0,
110801 - (filler_t *)nfs_symlink_filler, inode);
110802 + page = read_cache_page(&inode->i_data, 0, nfs_symlink_filler, inode);
110803 if (IS_ERR(page))
110804 return ERR_CAST(page);
110805 }
110806 diff --git a/fs/nfsd/current_stateid.h b/fs/nfsd/current_stateid.h
110807 index 4123551..813b403 100644
110808 --- a/fs/nfsd/current_stateid.h
110809 +++ b/fs/nfsd/current_stateid.h
110810 @@ -8,21 +8,21 @@ extern void clear_current_stateid(struct nfsd4_compound_state *cstate);
110811 /*
110812 * functions to set current state id
110813 */
110814 -extern void nfsd4_set_opendowngradestateid(struct nfsd4_compound_state *cstate, struct nfsd4_open_downgrade *);
110815 -extern void nfsd4_set_openstateid(struct nfsd4_compound_state *, struct nfsd4_open *);
110816 -extern void nfsd4_set_lockstateid(struct nfsd4_compound_state *, struct nfsd4_lock *);
110817 -extern void nfsd4_set_closestateid(struct nfsd4_compound_state *, struct nfsd4_close *);
110818 +extern void nfsd4_set_opendowngradestateid(struct nfsd4_compound_state *cstate, void *);
110819 +extern void nfsd4_set_openstateid(struct nfsd4_compound_state *, void *);
110820 +extern void nfsd4_set_lockstateid(struct nfsd4_compound_state *, void *);
110821 +extern void nfsd4_set_closestateid(struct nfsd4_compound_state *, void *);
110822
110823 /*
110824 * functions to consume current state id
110825 */
110826 -extern void nfsd4_get_opendowngradestateid(struct nfsd4_compound_state *cstate, struct nfsd4_open_downgrade *);
110827 -extern void nfsd4_get_delegreturnstateid(struct nfsd4_compound_state *, struct nfsd4_delegreturn *);
110828 -extern void nfsd4_get_freestateid(struct nfsd4_compound_state *, struct nfsd4_free_stateid *);
110829 -extern void nfsd4_get_setattrstateid(struct nfsd4_compound_state *, struct nfsd4_setattr *);
110830 -extern void nfsd4_get_closestateid(struct nfsd4_compound_state *, struct nfsd4_close *);
110831 -extern void nfsd4_get_lockustateid(struct nfsd4_compound_state *, struct nfsd4_locku *);
110832 -extern void nfsd4_get_readstateid(struct nfsd4_compound_state *, struct nfsd4_read *);
110833 -extern void nfsd4_get_writestateid(struct nfsd4_compound_state *, struct nfsd4_write *);
110834 +extern void nfsd4_get_opendowngradestateid(struct nfsd4_compound_state *cstate, void *);
110835 +extern void nfsd4_get_delegreturnstateid(struct nfsd4_compound_state *, void *);
110836 +extern void nfsd4_get_freestateid(struct nfsd4_compound_state *, void *);
110837 +extern void nfsd4_get_setattrstateid(struct nfsd4_compound_state *, void *);
110838 +extern void nfsd4_get_closestateid(struct nfsd4_compound_state *, void *);
110839 +extern void nfsd4_get_lockustateid(struct nfsd4_compound_state *, void *);
110840 +extern void nfsd4_get_readstateid(struct nfsd4_compound_state *, void *);
110841 +extern void nfsd4_get_writestateid(struct nfsd4_compound_state *, void *);
110842
110843 #endif /* _NFSD4_CURRENT_STATE_H */
110844 diff --git a/fs/nfsd/nfs2acl.c b/fs/nfsd/nfs2acl.c
110845 index d08cd88..5d74e50 100644
110846 --- a/fs/nfsd/nfs2acl.c
110847 +++ b/fs/nfsd/nfs2acl.c
110848 @@ -27,9 +27,10 @@ nfsacld_proc_null(struct svc_rqst *rqstp, void *argp, void *resp)
110849 /*
110850 * Get the Access and/or Default ACL of a file.
110851 */
110852 -static __be32 nfsacld_proc_getacl(struct svc_rqst * rqstp,
110853 - struct nfsd3_getaclargs *argp, struct nfsd3_getaclres *resp)
110854 +static __be32 nfsacld_proc_getacl(struct svc_rqst * rqstp, void *_argp, void *_resp)
110855 {
110856 + struct nfsd3_getaclargs *argp = _argp;
110857 + struct nfsd3_getaclres *resp = _resp;
110858 struct posix_acl *acl;
110859 struct inode *inode;
110860 svc_fh *fh;
110861 @@ -87,10 +88,10 @@ fail:
110862 /*
110863 * Set the Access and/or Default ACL of a file.
110864 */
110865 -static __be32 nfsacld_proc_setacl(struct svc_rqst * rqstp,
110866 - struct nfsd3_setaclargs *argp,
110867 - struct nfsd_attrstat *resp)
110868 +static __be32 nfsacld_proc_setacl(struct svc_rqst * rqstp, void *_argp, void *_resp)
110869 {
110870 + struct nfsd3_setaclargs *argp = _argp;
110871 + struct nfsd_attrstat *resp = _resp;
110872 struct inode *inode;
110873 svc_fh *fh;
110874 __be32 nfserr = 0;
110875 @@ -141,9 +142,10 @@ out_errno:
110876 /*
110877 * Check file attributes
110878 */
110879 -static __be32 nfsacld_proc_getattr(struct svc_rqst * rqstp,
110880 - struct nfsd_fhandle *argp, struct nfsd_attrstat *resp)
110881 +static __be32 nfsacld_proc_getattr(struct svc_rqst * rqstp, void *_argp, void *_resp)
110882 {
110883 + struct nfsd_fhandle *argp = _argp;
110884 + struct nfsd_attrstat *resp = _resp;
110885 __be32 nfserr;
110886 dprintk("nfsd: GETATTR %s\n", SVCFH_fmt(&argp->fh));
110887
110888 @@ -158,9 +160,10 @@ static __be32 nfsacld_proc_getattr(struct svc_rqst * rqstp,
110889 /*
110890 * Check file access
110891 */
110892 -static __be32 nfsacld_proc_access(struct svc_rqst *rqstp, struct nfsd3_accessargs *argp,
110893 - struct nfsd3_accessres *resp)
110894 +static __be32 nfsacld_proc_access(struct svc_rqst *rqstp, void *_argp, void *_resp)
110895 {
110896 + struct nfsd3_accessargs *argp = _argp;
110897 + struct nfsd3_accessres *resp = _resp;
110898 __be32 nfserr;
110899
110900 dprintk("nfsd: ACCESS(2acl) %s 0x%x\n",
110901 @@ -179,9 +182,10 @@ static __be32 nfsacld_proc_access(struct svc_rqst *rqstp, struct nfsd3_accessarg
110902 /*
110903 * XDR decode functions
110904 */
110905 -static int nfsaclsvc_decode_getaclargs(struct svc_rqst *rqstp, __be32 *p,
110906 - struct nfsd3_getaclargs *argp)
110907 +static int nfsaclsvc_decode_getaclargs(void *rqstp, __be32 *p, void *_argp)
110908 {
110909 + struct nfsd3_getaclargs *argp = _argp;
110910 +
110911 p = nfs2svc_decode_fh(p, &argp->fh);
110912 if (!p)
110913 return 0;
110914 @@ -191,9 +195,10 @@ static int nfsaclsvc_decode_getaclargs(struct svc_rqst *rqstp, __be32 *p,
110915 }
110916
110917
110918 -static int nfsaclsvc_decode_setaclargs(struct svc_rqst *rqstp, __be32 *p,
110919 - struct nfsd3_setaclargs *argp)
110920 +static int nfsaclsvc_decode_setaclargs(void *_rqstp, __be32 *p, void *_argp)
110921 {
110922 + struct svc_rqst *rqstp = _rqstp;
110923 + struct nfsd3_setaclargs *argp = _argp;
110924 struct kvec *head = rqstp->rq_arg.head;
110925 unsigned int base;
110926 int n;
110927 @@ -217,18 +222,20 @@ static int nfsaclsvc_decode_setaclargs(struct svc_rqst *rqstp, __be32 *p,
110928 return (n > 0);
110929 }
110930
110931 -static int nfsaclsvc_decode_fhandleargs(struct svc_rqst *rqstp, __be32 *p,
110932 - struct nfsd_fhandle *argp)
110933 +static int nfsaclsvc_decode_fhandleargs(void *rqstp, __be32 *p, void *_argp)
110934 {
110935 + struct nfsd_fhandle *argp = _argp;
110936 +
110937 p = nfs2svc_decode_fh(p, &argp->fh);
110938 if (!p)
110939 return 0;
110940 return xdr_argsize_check(rqstp, p);
110941 }
110942
110943 -static int nfsaclsvc_decode_accessargs(struct svc_rqst *rqstp, __be32 *p,
110944 - struct nfsd3_accessargs *argp)
110945 +static int nfsaclsvc_decode_accessargs(void *rqstp, __be32 *p, void *_argp)
110946 {
110947 + struct nfsd3_accessargs *argp = _argp;
110948 +
110949 p = nfs2svc_decode_fh(p, &argp->fh);
110950 if (!p)
110951 return 0;
110952 @@ -245,15 +252,16 @@ static int nfsaclsvc_decode_accessargs(struct svc_rqst *rqstp, __be32 *p,
110953 * There must be an encoding function for void results so svc_process
110954 * will work properly.
110955 */
110956 -static int nfsaclsvc_encode_voidres(struct svc_rqst *rqstp, __be32 *p, void *dummy)
110957 +static int nfsaclsvc_encode_voidres(void *rqstp, __be32 *p, void *dummy)
110958 {
110959 return xdr_ressize_check(rqstp, p);
110960 }
110961
110962 /* GETACL */
110963 -static int nfsaclsvc_encode_getaclres(struct svc_rqst *rqstp, __be32 *p,
110964 - struct nfsd3_getaclres *resp)
110965 +static int nfsaclsvc_encode_getaclres(void *_rqstp, __be32 *p, void *_resp)
110966 {
110967 + struct svc_rqst *rqstp = _rqstp;
110968 + struct nfsd3_getaclres *resp = _resp;
110969 struct dentry *dentry = resp->fh.fh_dentry;
110970 struct inode *inode;
110971 struct kvec *head = rqstp->rq_res.head;
110972 @@ -296,17 +304,19 @@ static int nfsaclsvc_encode_getaclres(struct svc_rqst *rqstp, __be32 *p,
110973 return (n > 0);
110974 }
110975
110976 -static int nfsaclsvc_encode_attrstatres(struct svc_rqst *rqstp, __be32 *p,
110977 - struct nfsd_attrstat *resp)
110978 +static int nfsaclsvc_encode_attrstatres(void *rqstp, __be32 *p, void *_resp)
110979 {
110980 + struct nfsd_attrstat *resp = _resp;
110981 +
110982 p = nfs2svc_encode_fattr(rqstp, p, &resp->fh, &resp->stat);
110983 return xdr_ressize_check(rqstp, p);
110984 }
110985
110986 /* ACCESS */
110987 -static int nfsaclsvc_encode_accessres(struct svc_rqst *rqstp, __be32 *p,
110988 - struct nfsd3_accessres *resp)
110989 +static int nfsaclsvc_encode_accessres(void *rqstp, __be32 *p, void *_resp)
110990 {
110991 + struct nfsd3_accessres *resp = _resp;
110992 +
110993 p = nfs2svc_encode_fattr(rqstp, p, &resp->fh, &resp->stat);
110994 *p++ = htonl(resp->access);
110995 return xdr_ressize_check(rqstp, p);
110996 @@ -315,27 +325,30 @@ static int nfsaclsvc_encode_accessres(struct svc_rqst *rqstp, __be32 *p,
110997 /*
110998 * XDR release functions
110999 */
111000 -static int nfsaclsvc_release_getacl(struct svc_rqst *rqstp, __be32 *p,
111001 - struct nfsd3_getaclres *resp)
111002 +static int nfsaclsvc_release_getacl(void *rqstp, __be32 *p, void *_resp)
111003 {
111004 + struct nfsd3_getaclres *resp = _resp;
111005 +
111006 fh_put(&resp->fh);
111007 posix_acl_release(resp->acl_access);
111008 posix_acl_release(resp->acl_default);
111009 return 1;
111010 }
111011
111012 -static int nfsaclsvc_release_attrstat(struct svc_rqst *rqstp, __be32 *p,
111013 - struct nfsd_attrstat *resp)
111014 +static int nfsaclsvc_release_attrstat(void *rqstp, __be32 *p, void *_resp)
111015 {
111016 + struct nfsd_attrstat *resp = _resp;
111017 +
111018 fh_put(&resp->fh);
111019 return 1;
111020 }
111021
111022 -static int nfsaclsvc_release_access(struct svc_rqst *rqstp, __be32 *p,
111023 - struct nfsd3_accessres *resp)
111024 +static int nfsaclsvc_release_access(void *rqstp, __be32 *p, void *_resp)
111025 {
111026 - fh_put(&resp->fh);
111027 - return 1;
111028 + struct nfsd3_accessres *resp = _resp;
111029 +
111030 + fh_put(&resp->fh);
111031 + return 1;
111032 }
111033
111034 #define nfsaclsvc_decode_voidargs NULL
111035 @@ -346,10 +359,10 @@ static int nfsaclsvc_release_access(struct svc_rqst *rqstp, __be32 *p,
111036 struct nfsd3_voidargs { int dummy; };
111037
111038 #define PROC(name, argt, rest, relt, cache, respsize) \
111039 - { (svc_procfunc) nfsacld_proc_##name, \
111040 - (kxdrproc_t) nfsaclsvc_decode_##argt##args, \
111041 - (kxdrproc_t) nfsaclsvc_encode_##rest##res, \
111042 - (kxdrproc_t) nfsaclsvc_release_##relt, \
111043 + { nfsacld_proc_##name, \
111044 + nfsaclsvc_decode_##argt##args, \
111045 + nfsaclsvc_encode_##rest##res, \
111046 + nfsaclsvc_release_##relt, \
111047 sizeof(struct nfsd3_##argt##args), \
111048 sizeof(struct nfsd3_##rest##res), \
111049 0, \
111050 diff --git a/fs/nfsd/nfs3acl.c b/fs/nfsd/nfs3acl.c
111051 index 0c89034..36a8d76 100644
111052 --- a/fs/nfsd/nfs3acl.c
111053 +++ b/fs/nfsd/nfs3acl.c
111054 @@ -26,9 +26,10 @@ nfsd3_proc_null(struct svc_rqst *rqstp, void *argp, void *resp)
111055 /*
111056 * Get the Access and/or Default ACL of a file.
111057 */
111058 -static __be32 nfsd3_proc_getacl(struct svc_rqst * rqstp,
111059 - struct nfsd3_getaclargs *argp, struct nfsd3_getaclres *resp)
111060 +static __be32 nfsd3_proc_getacl(struct svc_rqst * rqstp, void *_argp, void *_resp)
111061 {
111062 + struct nfsd3_getaclargs *argp = _argp;
111063 + struct nfsd3_getaclres *resp = _resp;
111064 struct posix_acl *acl;
111065 struct inode *inode;
111066 svc_fh *fh;
111067 @@ -80,10 +81,10 @@ fail:
111068 /*
111069 * Set the Access and/or Default ACL of a file.
111070 */
111071 -static __be32 nfsd3_proc_setacl(struct svc_rqst * rqstp,
111072 - struct nfsd3_setaclargs *argp,
111073 - struct nfsd3_attrstat *resp)
111074 +static __be32 nfsd3_proc_setacl(struct svc_rqst * rqstp, void *_argp, void *_resp)
111075 {
111076 + struct nfsd3_setaclargs *argp = _argp;
111077 + struct nfsd3_attrstat *resp = _resp;
111078 struct inode *inode;
111079 svc_fh *fh;
111080 __be32 nfserr = 0;
111081 @@ -123,9 +124,10 @@ out:
111082 /*
111083 * XDR decode functions
111084 */
111085 -static int nfs3svc_decode_getaclargs(struct svc_rqst *rqstp, __be32 *p,
111086 - struct nfsd3_getaclargs *args)
111087 +static int nfs3svc_decode_getaclargs(void *rqstp, __be32 *p, void *_args)
111088 {
111089 + struct nfsd3_getaclargs *args = _args;
111090 +
111091 p = nfs3svc_decode_fh(p, &args->fh);
111092 if (!p)
111093 return 0;
111094 @@ -135,9 +137,10 @@ static int nfs3svc_decode_getaclargs(struct svc_rqst *rqstp, __be32 *p,
111095 }
111096
111097
111098 -static int nfs3svc_decode_setaclargs(struct svc_rqst *rqstp, __be32 *p,
111099 - struct nfsd3_setaclargs *args)
111100 +static int nfs3svc_decode_setaclargs(void *_rqstp, __be32 *p, void *_args)
111101 {
111102 + struct svc_rqst *rqstp = _rqstp;
111103 + struct nfsd3_setaclargs *args = _args;
111104 struct kvec *head = rqstp->rq_arg.head;
111105 unsigned int base;
111106 int n;
111107 @@ -166,9 +169,10 @@ static int nfs3svc_decode_setaclargs(struct svc_rqst *rqstp, __be32 *p,
111108 */
111109
111110 /* GETACL */
111111 -static int nfs3svc_encode_getaclres(struct svc_rqst *rqstp, __be32 *p,
111112 - struct nfsd3_getaclres *resp)
111113 +static int nfs3svc_encode_getaclres(void *_rqstp, __be32 *p, void *_resp)
111114 {
111115 + struct svc_rqst *rqstp = _rqstp;
111116 + struct nfsd3_getaclres *resp = _resp;
111117 struct dentry *dentry = resp->fh.fh_dentry;
111118
111119 p = nfs3svc_encode_post_op_attr(rqstp, p, &resp->fh);
111120 @@ -211,9 +215,10 @@ static int nfs3svc_encode_getaclres(struct svc_rqst *rqstp, __be32 *p,
111121 }
111122
111123 /* SETACL */
111124 -static int nfs3svc_encode_setaclres(struct svc_rqst *rqstp, __be32 *p,
111125 - struct nfsd3_attrstat *resp)
111126 +static int nfs3svc_encode_setaclres(void *rqstp, __be32 *p, void *_resp)
111127 {
111128 + struct nfsd3_attrstat *resp = _resp;
111129 +
111130 p = nfs3svc_encode_post_op_attr(rqstp, p, &resp->fh);
111131
111132 return xdr_ressize_check(rqstp, p);
111133 @@ -222,9 +227,10 @@ static int nfs3svc_encode_setaclres(struct svc_rqst *rqstp, __be32 *p,
111134 /*
111135 * XDR release functions
111136 */
111137 -static int nfs3svc_release_getacl(struct svc_rqst *rqstp, __be32 *p,
111138 - struct nfsd3_getaclres *resp)
111139 +static int nfs3svc_release_getacl(void *rqstp, __be32 *p, void *_resp)
111140 {
111141 + struct nfsd3_getaclres *resp = _resp;
111142 +
111143 fh_put(&resp->fh);
111144 posix_acl_release(resp->acl_access);
111145 posix_acl_release(resp->acl_default);
111146 @@ -238,10 +244,10 @@ static int nfs3svc_release_getacl(struct svc_rqst *rqstp, __be32 *p,
111147 struct nfsd3_voidargs { int dummy; };
111148
111149 #define PROC(name, argt, rest, relt, cache, respsize) \
111150 - { (svc_procfunc) nfsd3_proc_##name, \
111151 - (kxdrproc_t) nfs3svc_decode_##argt##args, \
111152 - (kxdrproc_t) nfs3svc_encode_##rest##res, \
111153 - (kxdrproc_t) nfs3svc_release_##relt, \
111154 + { nfsd3_proc_##name, \
111155 + nfs3svc_decode_##argt##args, \
111156 + nfs3svc_encode_##rest##res, \
111157 + nfs3svc_release_##relt, \
111158 sizeof(struct nfsd3_##argt##args), \
111159 sizeof(struct nfsd3_##rest##res), \
111160 0, \
111161 diff --git a/fs/nfsd/nfs3proc.c b/fs/nfsd/nfs3proc.c
111162 index d818e4f..bb15590 100644
111163 --- a/fs/nfsd/nfs3proc.c
111164 +++ b/fs/nfsd/nfs3proc.c
111165 @@ -40,9 +40,10 @@ nfsd3_proc_null(struct svc_rqst *rqstp, void *argp, void *resp)
111166 * Get a file's attributes
111167 */
111168 static __be32
111169 -nfsd3_proc_getattr(struct svc_rqst *rqstp, struct nfsd_fhandle *argp,
111170 - struct nfsd3_attrstat *resp)
111171 +nfsd3_proc_getattr(struct svc_rqst *rqstp, void *_argp, void *_resp)
111172 {
111173 + struct nfsd_fhandle *argp = _argp;
111174 + struct nfsd3_attrstat *resp = _resp;
111175 __be32 nfserr;
111176
111177 dprintk("nfsd: GETATTR(3) %s\n",
111178 @@ -63,9 +64,10 @@ nfsd3_proc_getattr(struct svc_rqst *rqstp, struct nfsd_fhandle *argp,
111179 * Set a file's attributes
111180 */
111181 static __be32
111182 -nfsd3_proc_setattr(struct svc_rqst *rqstp, struct nfsd3_sattrargs *argp,
111183 - struct nfsd3_attrstat *resp)
111184 +nfsd3_proc_setattr(struct svc_rqst *rqstp, void *_argp, void *_resp)
111185 {
111186 + struct nfsd3_sattrargs *argp = _argp;
111187 + struct nfsd3_attrstat *resp = _resp;
111188 __be32 nfserr;
111189
111190 dprintk("nfsd: SETATTR(3) %s\n",
111191 @@ -81,9 +83,10 @@ nfsd3_proc_setattr(struct svc_rqst *rqstp, struct nfsd3_sattrargs *argp,
111192 * Look up a path name component
111193 */
111194 static __be32
111195 -nfsd3_proc_lookup(struct svc_rqst *rqstp, struct nfsd3_diropargs *argp,
111196 - struct nfsd3_diropres *resp)
111197 +nfsd3_proc_lookup(struct svc_rqst *rqstp, void *_argp, void *_resp)
111198 {
111199 + struct nfsd3_diropargs *argp = _argp;
111200 + struct nfsd3_diropres *resp = _resp;
111201 __be32 nfserr;
111202
111203 dprintk("nfsd: LOOKUP(3) %s %.*s\n",
111204 @@ -105,9 +108,10 @@ nfsd3_proc_lookup(struct svc_rqst *rqstp, struct nfsd3_diropargs *argp,
111205 * Check file access
111206 */
111207 static __be32
111208 -nfsd3_proc_access(struct svc_rqst *rqstp, struct nfsd3_accessargs *argp,
111209 - struct nfsd3_accessres *resp)
111210 +nfsd3_proc_access(struct svc_rqst *rqstp, void *_argp, void *_resp)
111211 {
111212 + struct nfsd3_accessargs *argp = _argp;
111213 + struct nfsd3_accessres *resp = _resp;
111214 __be32 nfserr;
111215
111216 dprintk("nfsd: ACCESS(3) %s 0x%x\n",
111217 @@ -124,9 +128,10 @@ nfsd3_proc_access(struct svc_rqst *rqstp, struct nfsd3_accessargs *argp,
111218 * Read a symlink.
111219 */
111220 static __be32
111221 -nfsd3_proc_readlink(struct svc_rqst *rqstp, struct nfsd3_readlinkargs *argp,
111222 - struct nfsd3_readlinkres *resp)
111223 +nfsd3_proc_readlink(struct svc_rqst *rqstp, void *_argp, void *_resp)
111224 {
111225 + struct nfsd3_readlinkargs *argp = _argp;
111226 + struct nfsd3_readlinkres *resp = _resp;
111227 __be32 nfserr;
111228
111229 dprintk("nfsd: READLINK(3) %s\n", SVCFH_fmt(&argp->fh));
111230 @@ -142,9 +147,10 @@ nfsd3_proc_readlink(struct svc_rqst *rqstp, struct nfsd3_readlinkargs *argp,
111231 * Read a portion of a file.
111232 */
111233 static __be32
111234 -nfsd3_proc_read(struct svc_rqst *rqstp, struct nfsd3_readargs *argp,
111235 - struct nfsd3_readres *resp)
111236 +nfsd3_proc_read(struct svc_rqst *rqstp, void *_argp, void *_resp)
111237 {
111238 + struct nfsd3_readargs *argp = _argp;
111239 + struct nfsd3_readres *resp = _resp;
111240 __be32 nfserr;
111241 u32 max_blocksize = svc_max_payload(rqstp);
111242 unsigned long cnt = min(argp->count, max_blocksize);
111243 @@ -179,9 +185,10 @@ nfsd3_proc_read(struct svc_rqst *rqstp, struct nfsd3_readargs *argp,
111244 * Write data to a file
111245 */
111246 static __be32
111247 -nfsd3_proc_write(struct svc_rqst *rqstp, struct nfsd3_writeargs *argp,
111248 - struct nfsd3_writeres *resp)
111249 +nfsd3_proc_write(struct svc_rqst *rqstp, void *_argp, void *_resp)
111250 {
111251 + struct nfsd3_writeargs *argp = _argp;
111252 + struct nfsd3_writeres *resp = _resp;
111253 __be32 nfserr;
111254 unsigned long cnt = argp->len;
111255
111256 @@ -208,9 +215,10 @@ nfsd3_proc_write(struct svc_rqst *rqstp, struct nfsd3_writeargs *argp,
111257 * first reports about SunOS compatibility problems start to pour in...
111258 */
111259 static __be32
111260 -nfsd3_proc_create(struct svc_rqst *rqstp, struct nfsd3_createargs *argp,
111261 - struct nfsd3_diropres *resp)
111262 +nfsd3_proc_create(struct svc_rqst *rqstp, void *_argp, void *_resp)
111263 {
111264 + struct nfsd3_createargs *argp = _argp;
111265 + struct nfsd3_diropres *resp = _resp;
111266 svc_fh *dirfhp, *newfhp = NULL;
111267 struct iattr *attr;
111268 __be32 nfserr;
111269 @@ -245,9 +253,10 @@ nfsd3_proc_create(struct svc_rqst *rqstp, struct nfsd3_createargs *argp,
111270 * Make directory. This operation is not idempotent.
111271 */
111272 static __be32
111273 -nfsd3_proc_mkdir(struct svc_rqst *rqstp, struct nfsd3_createargs *argp,
111274 - struct nfsd3_diropres *resp)
111275 +nfsd3_proc_mkdir(struct svc_rqst *rqstp, void *_argp, void *_resp)
111276 {
111277 + struct nfsd3_createargs *argp = _argp;
111278 + struct nfsd3_diropres *resp = _resp;
111279 __be32 nfserr;
111280
111281 dprintk("nfsd: MKDIR(3) %s %.*s\n",
111282 @@ -265,9 +274,10 @@ nfsd3_proc_mkdir(struct svc_rqst *rqstp, struct nfsd3_createargs *argp,
111283 }
111284
111285 static __be32
111286 -nfsd3_proc_symlink(struct svc_rqst *rqstp, struct nfsd3_symlinkargs *argp,
111287 - struct nfsd3_diropres *resp)
111288 +nfsd3_proc_symlink(struct svc_rqst *rqstp, void *_argp, void *_resp)
111289 {
111290 + struct nfsd3_symlinkargs *argp = _argp;
111291 + struct nfsd3_diropres *resp = _resp;
111292 __be32 nfserr;
111293
111294 dprintk("nfsd: SYMLINK(3) %s %.*s -> %.*s\n",
111295 @@ -286,9 +296,10 @@ nfsd3_proc_symlink(struct svc_rqst *rqstp, struct nfsd3_symlinkargs *argp,
111296 * Make socket/fifo/device.
111297 */
111298 static __be32
111299 -nfsd3_proc_mknod(struct svc_rqst *rqstp, struct nfsd3_mknodargs *argp,
111300 - struct nfsd3_diropres *resp)
111301 +nfsd3_proc_mknod(struct svc_rqst *rqstp, void *_argp, void *_resp)
111302 {
111303 + struct nfsd3_mknodargs *argp = _argp;
111304 + struct nfsd3_diropres *resp = _resp;
111305 __be32 nfserr;
111306 int type;
111307 dev_t rdev = 0;
111308 @@ -323,9 +334,10 @@ nfsd3_proc_mknod(struct svc_rqst *rqstp, struct nfsd3_mknodargs *argp,
111309 * Remove file/fifo/socket etc.
111310 */
111311 static __be32
111312 -nfsd3_proc_remove(struct svc_rqst *rqstp, struct nfsd3_diropargs *argp,
111313 - struct nfsd3_attrstat *resp)
111314 +nfsd3_proc_remove(struct svc_rqst *rqstp, void *_argp, void *_resp)
111315 {
111316 + struct nfsd3_diropargs *argp = _argp;
111317 + struct nfsd3_attrstat *resp = _resp;
111318 __be32 nfserr;
111319
111320 dprintk("nfsd: REMOVE(3) %s %.*s\n",
111321 @@ -344,9 +356,10 @@ nfsd3_proc_remove(struct svc_rqst *rqstp, struct nfsd3_diropargs *argp,
111322 * Remove a directory
111323 */
111324 static __be32
111325 -nfsd3_proc_rmdir(struct svc_rqst *rqstp, struct nfsd3_diropargs *argp,
111326 - struct nfsd3_attrstat *resp)
111327 +nfsd3_proc_rmdir(struct svc_rqst *rqstp, void *_argp, void *_resp)
111328 {
111329 + struct nfsd3_diropargs *argp = _argp;
111330 + struct nfsd3_attrstat *resp = _resp;
111331 __be32 nfserr;
111332
111333 dprintk("nfsd: RMDIR(3) %s %.*s\n",
111334 @@ -361,9 +374,10 @@ nfsd3_proc_rmdir(struct svc_rqst *rqstp, struct nfsd3_diropargs *argp,
111335 }
111336
111337 static __be32
111338 -nfsd3_proc_rename(struct svc_rqst *rqstp, struct nfsd3_renameargs *argp,
111339 - struct nfsd3_renameres *resp)
111340 +nfsd3_proc_rename(struct svc_rqst *rqstp, void *_argp, void *_resp)
111341 {
111342 + struct nfsd3_renameargs *argp = _argp;
111343 + struct nfsd3_renameres *resp = _resp;
111344 __be32 nfserr;
111345
111346 dprintk("nfsd: RENAME(3) %s %.*s ->\n",
111347 @@ -383,9 +397,10 @@ nfsd3_proc_rename(struct svc_rqst *rqstp, struct nfsd3_renameargs *argp,
111348 }
111349
111350 static __be32
111351 -nfsd3_proc_link(struct svc_rqst *rqstp, struct nfsd3_linkargs *argp,
111352 - struct nfsd3_linkres *resp)
111353 +nfsd3_proc_link(struct svc_rqst *rqstp, void *_argp, void *_resp)
111354 {
111355 + struct nfsd3_linkargs *argp = _argp;
111356 + struct nfsd3_linkres *resp = _resp;
111357 __be32 nfserr;
111358
111359 dprintk("nfsd: LINK(3) %s ->\n",
111360 @@ -406,9 +421,10 @@ nfsd3_proc_link(struct svc_rqst *rqstp, struct nfsd3_linkargs *argp,
111361 * Read a portion of a directory.
111362 */
111363 static __be32
111364 -nfsd3_proc_readdir(struct svc_rqst *rqstp, struct nfsd3_readdirargs *argp,
111365 - struct nfsd3_readdirres *resp)
111366 +nfsd3_proc_readdir(struct svc_rqst *rqstp, void *_argp, void *_resp)
111367 {
111368 + struct nfsd3_readdirargs *argp = _argp;
111369 + struct nfsd3_readdirres *resp = _resp;
111370 __be32 nfserr;
111371 int count;
111372
111373 @@ -442,9 +458,10 @@ nfsd3_proc_readdir(struct svc_rqst *rqstp, struct nfsd3_readdirargs *argp,
111374 * For now, we choose to ignore the dircount parameter.
111375 */
111376 static __be32
111377 -nfsd3_proc_readdirplus(struct svc_rqst *rqstp, struct nfsd3_readdirargs *argp,
111378 - struct nfsd3_readdirres *resp)
111379 +nfsd3_proc_readdirplus(struct svc_rqst *rqstp, void *_argp, void *_resp)
111380 {
111381 + struct nfsd3_readdirargs *argp = _argp;
111382 + struct nfsd3_readdirres *resp = _resp;
111383 __be32 nfserr;
111384 int count = 0;
111385 loff_t offset;
111386 @@ -509,9 +526,10 @@ nfsd3_proc_readdirplus(struct svc_rqst *rqstp, struct nfsd3_readdirargs *argp,
111387 * Get file system stats
111388 */
111389 static __be32
111390 -nfsd3_proc_fsstat(struct svc_rqst * rqstp, struct nfsd_fhandle *argp,
111391 - struct nfsd3_fsstatres *resp)
111392 +nfsd3_proc_fsstat(struct svc_rqst * rqstp, void *_argp, void *_resp)
111393 {
111394 + struct nfsd_fhandle *argp = _argp;
111395 + struct nfsd3_fsstatres *resp = _resp;
111396 __be32 nfserr;
111397
111398 dprintk("nfsd: FSSTAT(3) %s\n",
111399 @@ -526,9 +544,10 @@ nfsd3_proc_fsstat(struct svc_rqst * rqstp, struct nfsd_fhandle *argp,
111400 * Get file system info
111401 */
111402 static __be32
111403 -nfsd3_proc_fsinfo(struct svc_rqst * rqstp, struct nfsd_fhandle *argp,
111404 - struct nfsd3_fsinfores *resp)
111405 +nfsd3_proc_fsinfo(struct svc_rqst * rqstp, void *_argp, void *_resp)
111406 {
111407 + struct nfsd_fhandle *argp = _argp;
111408 + struct nfsd3_fsinfores *resp = _resp;
111409 __be32 nfserr;
111410 u32 max_blocksize = svc_max_payload(rqstp);
111411
111412 @@ -569,9 +588,10 @@ nfsd3_proc_fsinfo(struct svc_rqst * rqstp, struct nfsd_fhandle *argp,
111413 * Get pathconf info for the specified file
111414 */
111415 static __be32
111416 -nfsd3_proc_pathconf(struct svc_rqst * rqstp, struct nfsd_fhandle *argp,
111417 - struct nfsd3_pathconfres *resp)
111418 +nfsd3_proc_pathconf(struct svc_rqst * rqstp, void *_argp, void *_resp)
111419 {
111420 + struct nfsd_fhandle *argp = _argp;
111421 + struct nfsd3_pathconfres *resp = _resp;
111422 __be32 nfserr;
111423
111424 dprintk("nfsd: PATHCONF(3) %s\n",
111425 @@ -612,9 +632,10 @@ nfsd3_proc_pathconf(struct svc_rqst * rqstp, struct nfsd_fhandle *argp,
111426 * Commit a file (range) to stable storage.
111427 */
111428 static __be32
111429 -nfsd3_proc_commit(struct svc_rqst * rqstp, struct nfsd3_commitargs *argp,
111430 - struct nfsd3_commitres *resp)
111431 +nfsd3_proc_commit(struct svc_rqst * rqstp, void *_argp, void *_resp)
111432 {
111433 + struct nfsd3_commitargs *argp = _argp;
111434 + struct nfsd3_commitres *resp = _resp;
111435 __be32 nfserr;
111436
111437 dprintk("nfsd: COMMIT(3) %s %u@%Lu\n",
111438 @@ -669,213 +690,213 @@ struct nfsd3_voidargs { int dummy; };
111439
111440 static struct svc_procedure nfsd_procedures3[22] = {
111441 [NFS3PROC_NULL] = {
111442 - .pc_func = (svc_procfunc) nfsd3_proc_null,
111443 - .pc_encode = (kxdrproc_t) nfs3svc_encode_voidres,
111444 + .pc_func = nfsd3_proc_null,
111445 + .pc_encode = nfs3svc_encode_voidres,
111446 .pc_argsize = sizeof(struct nfsd3_voidargs),
111447 .pc_ressize = sizeof(struct nfsd3_voidres),
111448 .pc_cachetype = RC_NOCACHE,
111449 .pc_xdrressize = ST,
111450 },
111451 [NFS3PROC_GETATTR] = {
111452 - .pc_func = (svc_procfunc) nfsd3_proc_getattr,
111453 - .pc_decode = (kxdrproc_t) nfs3svc_decode_fhandleargs,
111454 - .pc_encode = (kxdrproc_t) nfs3svc_encode_attrstatres,
111455 - .pc_release = (kxdrproc_t) nfs3svc_release_fhandle,
111456 + .pc_func = nfsd3_proc_getattr,
111457 + .pc_decode = nfs3svc_decode_fhandleargs,
111458 + .pc_encode = nfs3svc_encode_attrstatres,
111459 + .pc_release = nfs3svc_release_fhandle,
111460 .pc_argsize = sizeof(struct nfsd3_fhandleargs),
111461 .pc_ressize = sizeof(struct nfsd3_attrstatres),
111462 .pc_cachetype = RC_NOCACHE,
111463 .pc_xdrressize = ST+AT,
111464 },
111465 [NFS3PROC_SETATTR] = {
111466 - .pc_func = (svc_procfunc) nfsd3_proc_setattr,
111467 - .pc_decode = (kxdrproc_t) nfs3svc_decode_sattrargs,
111468 - .pc_encode = (kxdrproc_t) nfs3svc_encode_wccstatres,
111469 - .pc_release = (kxdrproc_t) nfs3svc_release_fhandle,
111470 + .pc_func = nfsd3_proc_setattr,
111471 + .pc_decode = nfs3svc_decode_sattrargs,
111472 + .pc_encode = nfs3svc_encode_wccstatres,
111473 + .pc_release = nfs3svc_release_fhandle,
111474 .pc_argsize = sizeof(struct nfsd3_sattrargs),
111475 .pc_ressize = sizeof(struct nfsd3_wccstatres),
111476 .pc_cachetype = RC_REPLBUFF,
111477 .pc_xdrressize = ST+WC,
111478 },
111479 [NFS3PROC_LOOKUP] = {
111480 - .pc_func = (svc_procfunc) nfsd3_proc_lookup,
111481 - .pc_decode = (kxdrproc_t) nfs3svc_decode_diropargs,
111482 - .pc_encode = (kxdrproc_t) nfs3svc_encode_diropres,
111483 - .pc_release = (kxdrproc_t) nfs3svc_release_fhandle2,
111484 + .pc_func = nfsd3_proc_lookup,
111485 + .pc_decode = nfs3svc_decode_diropargs,
111486 + .pc_encode = nfs3svc_encode_diropres,
111487 + .pc_release = nfs3svc_release_fhandle2,
111488 .pc_argsize = sizeof(struct nfsd3_diropargs),
111489 .pc_ressize = sizeof(struct nfsd3_diropres),
111490 .pc_cachetype = RC_NOCACHE,
111491 .pc_xdrressize = ST+FH+pAT+pAT,
111492 },
111493 [NFS3PROC_ACCESS] = {
111494 - .pc_func = (svc_procfunc) nfsd3_proc_access,
111495 - .pc_decode = (kxdrproc_t) nfs3svc_decode_accessargs,
111496 - .pc_encode = (kxdrproc_t) nfs3svc_encode_accessres,
111497 - .pc_release = (kxdrproc_t) nfs3svc_release_fhandle,
111498 + .pc_func = nfsd3_proc_access,
111499 + .pc_decode = nfs3svc_decode_accessargs,
111500 + .pc_encode = nfs3svc_encode_accessres,
111501 + .pc_release = nfs3svc_release_fhandle,
111502 .pc_argsize = sizeof(struct nfsd3_accessargs),
111503 .pc_ressize = sizeof(struct nfsd3_accessres),
111504 .pc_cachetype = RC_NOCACHE,
111505 .pc_xdrressize = ST+pAT+1,
111506 },
111507 [NFS3PROC_READLINK] = {
111508 - .pc_func = (svc_procfunc) nfsd3_proc_readlink,
111509 - .pc_decode = (kxdrproc_t) nfs3svc_decode_readlinkargs,
111510 - .pc_encode = (kxdrproc_t) nfs3svc_encode_readlinkres,
111511 - .pc_release = (kxdrproc_t) nfs3svc_release_fhandle,
111512 + .pc_func = nfsd3_proc_readlink,
111513 + .pc_decode = nfs3svc_decode_readlinkargs,
111514 + .pc_encode = nfs3svc_encode_readlinkres,
111515 + .pc_release = nfs3svc_release_fhandle,
111516 .pc_argsize = sizeof(struct nfsd3_readlinkargs),
111517 .pc_ressize = sizeof(struct nfsd3_readlinkres),
111518 .pc_cachetype = RC_NOCACHE,
111519 .pc_xdrressize = ST+pAT+1+NFS3_MAXPATHLEN/4,
111520 },
111521 [NFS3PROC_READ] = {
111522 - .pc_func = (svc_procfunc) nfsd3_proc_read,
111523 - .pc_decode = (kxdrproc_t) nfs3svc_decode_readargs,
111524 - .pc_encode = (kxdrproc_t) nfs3svc_encode_readres,
111525 - .pc_release = (kxdrproc_t) nfs3svc_release_fhandle,
111526 + .pc_func = nfsd3_proc_read,
111527 + .pc_decode = nfs3svc_decode_readargs,
111528 + .pc_encode = nfs3svc_encode_readres,
111529 + .pc_release = nfs3svc_release_fhandle,
111530 .pc_argsize = sizeof(struct nfsd3_readargs),
111531 .pc_ressize = sizeof(struct nfsd3_readres),
111532 .pc_cachetype = RC_NOCACHE,
111533 .pc_xdrressize = ST+pAT+4+NFSSVC_MAXBLKSIZE/4,
111534 },
111535 [NFS3PROC_WRITE] = {
111536 - .pc_func = (svc_procfunc) nfsd3_proc_write,
111537 - .pc_decode = (kxdrproc_t) nfs3svc_decode_writeargs,
111538 - .pc_encode = (kxdrproc_t) nfs3svc_encode_writeres,
111539 - .pc_release = (kxdrproc_t) nfs3svc_release_fhandle,
111540 + .pc_func = nfsd3_proc_write,
111541 + .pc_decode = nfs3svc_decode_writeargs,
111542 + .pc_encode = nfs3svc_encode_writeres,
111543 + .pc_release = nfs3svc_release_fhandle,
111544 .pc_argsize = sizeof(struct nfsd3_writeargs),
111545 .pc_ressize = sizeof(struct nfsd3_writeres),
111546 .pc_cachetype = RC_REPLBUFF,
111547 .pc_xdrressize = ST+WC+4,
111548 },
111549 [NFS3PROC_CREATE] = {
111550 - .pc_func = (svc_procfunc) nfsd3_proc_create,
111551 - .pc_decode = (kxdrproc_t) nfs3svc_decode_createargs,
111552 - .pc_encode = (kxdrproc_t) nfs3svc_encode_createres,
111553 - .pc_release = (kxdrproc_t) nfs3svc_release_fhandle2,
111554 + .pc_func = nfsd3_proc_create,
111555 + .pc_decode = nfs3svc_decode_createargs,
111556 + .pc_encode = nfs3svc_encode_createres,
111557 + .pc_release = nfs3svc_release_fhandle2,
111558 .pc_argsize = sizeof(struct nfsd3_createargs),
111559 .pc_ressize = sizeof(struct nfsd3_createres),
111560 .pc_cachetype = RC_REPLBUFF,
111561 .pc_xdrressize = ST+(1+FH+pAT)+WC,
111562 },
111563 [NFS3PROC_MKDIR] = {
111564 - .pc_func = (svc_procfunc) nfsd3_proc_mkdir,
111565 - .pc_decode = (kxdrproc_t) nfs3svc_decode_mkdirargs,
111566 - .pc_encode = (kxdrproc_t) nfs3svc_encode_createres,
111567 - .pc_release = (kxdrproc_t) nfs3svc_release_fhandle2,
111568 + .pc_func = nfsd3_proc_mkdir,
111569 + .pc_decode = nfs3svc_decode_mkdirargs,
111570 + .pc_encode = nfs3svc_encode_createres,
111571 + .pc_release = nfs3svc_release_fhandle2,
111572 .pc_argsize = sizeof(struct nfsd3_mkdirargs),
111573 .pc_ressize = sizeof(struct nfsd3_createres),
111574 .pc_cachetype = RC_REPLBUFF,
111575 .pc_xdrressize = ST+(1+FH+pAT)+WC,
111576 },
111577 [NFS3PROC_SYMLINK] = {
111578 - .pc_func = (svc_procfunc) nfsd3_proc_symlink,
111579 - .pc_decode = (kxdrproc_t) nfs3svc_decode_symlinkargs,
111580 - .pc_encode = (kxdrproc_t) nfs3svc_encode_createres,
111581 - .pc_release = (kxdrproc_t) nfs3svc_release_fhandle2,
111582 + .pc_func = nfsd3_proc_symlink,
111583 + .pc_decode = nfs3svc_decode_symlinkargs,
111584 + .pc_encode = nfs3svc_encode_createres,
111585 + .pc_release = nfs3svc_release_fhandle2,
111586 .pc_argsize = sizeof(struct nfsd3_symlinkargs),
111587 .pc_ressize = sizeof(struct nfsd3_createres),
111588 .pc_cachetype = RC_REPLBUFF,
111589 .pc_xdrressize = ST+(1+FH+pAT)+WC,
111590 },
111591 [NFS3PROC_MKNOD] = {
111592 - .pc_func = (svc_procfunc) nfsd3_proc_mknod,
111593 - .pc_decode = (kxdrproc_t) nfs3svc_decode_mknodargs,
111594 - .pc_encode = (kxdrproc_t) nfs3svc_encode_createres,
111595 - .pc_release = (kxdrproc_t) nfs3svc_release_fhandle2,
111596 + .pc_func = nfsd3_proc_mknod,
111597 + .pc_decode = nfs3svc_decode_mknodargs,
111598 + .pc_encode = nfs3svc_encode_createres,
111599 + .pc_release = nfs3svc_release_fhandle2,
111600 .pc_argsize = sizeof(struct nfsd3_mknodargs),
111601 .pc_ressize = sizeof(struct nfsd3_createres),
111602 .pc_cachetype = RC_REPLBUFF,
111603 .pc_xdrressize = ST+(1+FH+pAT)+WC,
111604 },
111605 [NFS3PROC_REMOVE] = {
111606 - .pc_func = (svc_procfunc) nfsd3_proc_remove,
111607 - .pc_decode = (kxdrproc_t) nfs3svc_decode_diropargs,
111608 - .pc_encode = (kxdrproc_t) nfs3svc_encode_wccstatres,
111609 - .pc_release = (kxdrproc_t) nfs3svc_release_fhandle,
111610 + .pc_func = nfsd3_proc_remove,
111611 + .pc_decode = nfs3svc_decode_diropargs,
111612 + .pc_encode = nfs3svc_encode_wccstatres,
111613 + .pc_release = nfs3svc_release_fhandle,
111614 .pc_argsize = sizeof(struct nfsd3_diropargs),
111615 .pc_ressize = sizeof(struct nfsd3_wccstatres),
111616 .pc_cachetype = RC_REPLBUFF,
111617 .pc_xdrressize = ST+WC,
111618 },
111619 [NFS3PROC_RMDIR] = {
111620 - .pc_func = (svc_procfunc) nfsd3_proc_rmdir,
111621 - .pc_decode = (kxdrproc_t) nfs3svc_decode_diropargs,
111622 - .pc_encode = (kxdrproc_t) nfs3svc_encode_wccstatres,
111623 - .pc_release = (kxdrproc_t) nfs3svc_release_fhandle,
111624 + .pc_func = nfsd3_proc_rmdir,
111625 + .pc_decode = nfs3svc_decode_diropargs,
111626 + .pc_encode = nfs3svc_encode_wccstatres,
111627 + .pc_release = nfs3svc_release_fhandle,
111628 .pc_argsize = sizeof(struct nfsd3_diropargs),
111629 .pc_ressize = sizeof(struct nfsd3_wccstatres),
111630 .pc_cachetype = RC_REPLBUFF,
111631 .pc_xdrressize = ST+WC,
111632 },
111633 [NFS3PROC_RENAME] = {
111634 - .pc_func = (svc_procfunc) nfsd3_proc_rename,
111635 - .pc_decode = (kxdrproc_t) nfs3svc_decode_renameargs,
111636 - .pc_encode = (kxdrproc_t) nfs3svc_encode_renameres,
111637 - .pc_release = (kxdrproc_t) nfs3svc_release_fhandle2,
111638 + .pc_func = nfsd3_proc_rename,
111639 + .pc_decode = nfs3svc_decode_renameargs,
111640 + .pc_encode = nfs3svc_encode_renameres,
111641 + .pc_release = nfs3svc_release_fhandle2,
111642 .pc_argsize = sizeof(struct nfsd3_renameargs),
111643 .pc_ressize = sizeof(struct nfsd3_renameres),
111644 .pc_cachetype = RC_REPLBUFF,
111645 .pc_xdrressize = ST+WC+WC,
111646 },
111647 [NFS3PROC_LINK] = {
111648 - .pc_func = (svc_procfunc) nfsd3_proc_link,
111649 - .pc_decode = (kxdrproc_t) nfs3svc_decode_linkargs,
111650 - .pc_encode = (kxdrproc_t) nfs3svc_encode_linkres,
111651 - .pc_release = (kxdrproc_t) nfs3svc_release_fhandle2,
111652 + .pc_func = nfsd3_proc_link,
111653 + .pc_decode = nfs3svc_decode_linkargs,
111654 + .pc_encode = nfs3svc_encode_linkres,
111655 + .pc_release = nfs3svc_release_fhandle2,
111656 .pc_argsize = sizeof(struct nfsd3_linkargs),
111657 .pc_ressize = sizeof(struct nfsd3_linkres),
111658 .pc_cachetype = RC_REPLBUFF,
111659 .pc_xdrressize = ST+pAT+WC,
111660 },
111661 [NFS3PROC_READDIR] = {
111662 - .pc_func = (svc_procfunc) nfsd3_proc_readdir,
111663 - .pc_decode = (kxdrproc_t) nfs3svc_decode_readdirargs,
111664 - .pc_encode = (kxdrproc_t) nfs3svc_encode_readdirres,
111665 - .pc_release = (kxdrproc_t) nfs3svc_release_fhandle,
111666 + .pc_func = nfsd3_proc_readdir,
111667 + .pc_decode = nfs3svc_decode_readdirargs,
111668 + .pc_encode = nfs3svc_encode_readdirres,
111669 + .pc_release = nfs3svc_release_fhandle,
111670 .pc_argsize = sizeof(struct nfsd3_readdirargs),
111671 .pc_ressize = sizeof(struct nfsd3_readdirres),
111672 .pc_cachetype = RC_NOCACHE,
111673 },
111674 [NFS3PROC_READDIRPLUS] = {
111675 - .pc_func = (svc_procfunc) nfsd3_proc_readdirplus,
111676 - .pc_decode = (kxdrproc_t) nfs3svc_decode_readdirplusargs,
111677 - .pc_encode = (kxdrproc_t) nfs3svc_encode_readdirres,
111678 - .pc_release = (kxdrproc_t) nfs3svc_release_fhandle,
111679 + .pc_func = nfsd3_proc_readdirplus,
111680 + .pc_decode = nfs3svc_decode_readdirplusargs,
111681 + .pc_encode = nfs3svc_encode_readdirres,
111682 + .pc_release = nfs3svc_release_fhandle,
111683 .pc_argsize = sizeof(struct nfsd3_readdirplusargs),
111684 .pc_ressize = sizeof(struct nfsd3_readdirres),
111685 .pc_cachetype = RC_NOCACHE,
111686 },
111687 [NFS3PROC_FSSTAT] = {
111688 - .pc_func = (svc_procfunc) nfsd3_proc_fsstat,
111689 - .pc_decode = (kxdrproc_t) nfs3svc_decode_fhandleargs,
111690 - .pc_encode = (kxdrproc_t) nfs3svc_encode_fsstatres,
111691 + .pc_func = nfsd3_proc_fsstat,
111692 + .pc_decode = nfs3svc_decode_fhandleargs,
111693 + .pc_encode = nfs3svc_encode_fsstatres,
111694 .pc_argsize = sizeof(struct nfsd3_fhandleargs),
111695 .pc_ressize = sizeof(struct nfsd3_fsstatres),
111696 .pc_cachetype = RC_NOCACHE,
111697 .pc_xdrressize = ST+pAT+2*6+1,
111698 },
111699 [NFS3PROC_FSINFO] = {
111700 - .pc_func = (svc_procfunc) nfsd3_proc_fsinfo,
111701 - .pc_decode = (kxdrproc_t) nfs3svc_decode_fhandleargs,
111702 - .pc_encode = (kxdrproc_t) nfs3svc_encode_fsinfores,
111703 + .pc_func = nfsd3_proc_fsinfo,
111704 + .pc_decode = nfs3svc_decode_fhandleargs,
111705 + .pc_encode = nfs3svc_encode_fsinfores,
111706 .pc_argsize = sizeof(struct nfsd3_fhandleargs),
111707 .pc_ressize = sizeof(struct nfsd3_fsinfores),
111708 .pc_cachetype = RC_NOCACHE,
111709 .pc_xdrressize = ST+pAT+12,
111710 },
111711 [NFS3PROC_PATHCONF] = {
111712 - .pc_func = (svc_procfunc) nfsd3_proc_pathconf,
111713 - .pc_decode = (kxdrproc_t) nfs3svc_decode_fhandleargs,
111714 - .pc_encode = (kxdrproc_t) nfs3svc_encode_pathconfres,
111715 + .pc_func = nfsd3_proc_pathconf,
111716 + .pc_decode = nfs3svc_decode_fhandleargs,
111717 + .pc_encode = nfs3svc_encode_pathconfres,
111718 .pc_argsize = sizeof(struct nfsd3_fhandleargs),
111719 .pc_ressize = sizeof(struct nfsd3_pathconfres),
111720 .pc_cachetype = RC_NOCACHE,
111721 .pc_xdrressize = ST+pAT+6,
111722 },
111723 [NFS3PROC_COMMIT] = {
111724 - .pc_func = (svc_procfunc) nfsd3_proc_commit,
111725 - .pc_decode = (kxdrproc_t) nfs3svc_decode_commitargs,
111726 - .pc_encode = (kxdrproc_t) nfs3svc_encode_commitres,
111727 - .pc_release = (kxdrproc_t) nfs3svc_release_fhandle,
111728 + .pc_func = nfsd3_proc_commit,
111729 + .pc_decode = nfs3svc_decode_commitargs,
111730 + .pc_encode = nfs3svc_encode_commitres,
111731 + .pc_release = nfs3svc_release_fhandle,
111732 .pc_argsize = sizeof(struct nfsd3_commitargs),
111733 .pc_ressize = sizeof(struct nfsd3_commitres),
111734 .pc_cachetype = RC_NOCACHE,
111735 diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c
111736 index dba2ff8..9ac9eba 100644
111737 --- a/fs/nfsd/nfs3xdr.c
111738 +++ b/fs/nfsd/nfs3xdr.c
111739 @@ -273,8 +273,10 @@ void fill_post_wcc(struct svc_fh *fhp)
111740 * XDR decode functions
111741 */
111742 int
111743 -nfs3svc_decode_fhandle(struct svc_rqst *rqstp, __be32 *p, struct nfsd_fhandle *args)
111744 +nfs3svc_decode_fhandle(void *rqstp, __be32 *p, void *_args)
111745 {
111746 + struct nfsd_fhandle *args = _args;
111747 +
111748 p = decode_fh(p, &args->fh);
111749 if (!p)
111750 return 0;
111751 @@ -282,9 +284,10 @@ nfs3svc_decode_fhandle(struct svc_rqst *rqstp, __be32 *p, struct nfsd_fhandle *a
111752 }
111753
111754 int
111755 -nfs3svc_decode_sattrargs(struct svc_rqst *rqstp, __be32 *p,
111756 - struct nfsd3_sattrargs *args)
111757 +nfs3svc_decode_sattrargs(void *rqstp, __be32 *p, void *_args)
111758 {
111759 + struct nfsd3_sattrargs *args = _args;
111760 +
111761 p = decode_fh(p, &args->fh);
111762 if (!p)
111763 return 0;
111764 @@ -300,9 +303,10 @@ nfs3svc_decode_sattrargs(struct svc_rqst *rqstp, __be32 *p,
111765 }
111766
111767 int
111768 -nfs3svc_decode_diropargs(struct svc_rqst *rqstp, __be32 *p,
111769 - struct nfsd3_diropargs *args)
111770 +nfs3svc_decode_diropargs(void *rqstp, __be32 *p, void *_args)
111771 {
111772 + struct nfsd3_diropargs *args = _args;
111773 +
111774 if (!(p = decode_fh(p, &args->fh))
111775 || !(p = decode_filename(p, &args->name, &args->len)))
111776 return 0;
111777 @@ -311,9 +315,10 @@ nfs3svc_decode_diropargs(struct svc_rqst *rqstp, __be32 *p,
111778 }
111779
111780 int
111781 -nfs3svc_decode_accessargs(struct svc_rqst *rqstp, __be32 *p,
111782 - struct nfsd3_accessargs *args)
111783 +nfs3svc_decode_accessargs(void *rqstp, __be32 *p, void *_args)
111784 {
111785 + struct nfsd3_accessargs *args = _args;
111786 +
111787 p = decode_fh(p, &args->fh);
111788 if (!p)
111789 return 0;
111790 @@ -323,9 +328,10 @@ nfs3svc_decode_accessargs(struct svc_rqst *rqstp, __be32 *p,
111791 }
111792
111793 int
111794 -nfs3svc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
111795 - struct nfsd3_readargs *args)
111796 +nfs3svc_decode_readargs(void *_rqstp, __be32 *p, void *_args)
111797 {
111798 + struct svc_rqst *rqstp = _rqstp;
111799 + struct nfsd3_readargs *args = _args;
111800 unsigned int len;
111801 int v;
111802 u32 max_blocksize = svc_max_payload(rqstp);
111803 @@ -353,9 +359,10 @@ nfs3svc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
111804 }
111805
111806 int
111807 -nfs3svc_decode_writeargs(struct svc_rqst *rqstp, __be32 *p,
111808 - struct nfsd3_writeargs *args)
111809 +nfs3svc_decode_writeargs(void *_rqstp, __be32 *p, void *_args)
111810 {
111811 + struct svc_rqst *rqstp = _rqstp;
111812 + struct nfsd3_writeargs *args = _args;
111813 unsigned int len, v, hdr, dlen;
111814 u32 max_blocksize = svc_max_payload(rqstp);
111815
111816 @@ -410,9 +417,11 @@ nfs3svc_decode_writeargs(struct svc_rqst *rqstp, __be32 *p,
111817 }
111818
111819 int
111820 -nfs3svc_decode_createargs(struct svc_rqst *rqstp, __be32 *p,
111821 - struct nfsd3_createargs *args)
111822 +nfs3svc_decode_createargs(void *_rqstp, __be32 *p, void *_args)
111823 {
111824 + struct svc_rqst *rqstp = _rqstp;
111825 + struct nfsd3_createargs *args = _args;
111826 +
111827 if (!(p = decode_fh(p, &args->fh))
111828 || !(p = decode_filename(p, &args->name, &args->len)))
111829 return 0;
111830 @@ -433,9 +442,10 @@ nfs3svc_decode_createargs(struct svc_rqst *rqstp, __be32 *p,
111831 return xdr_argsize_check(rqstp, p);
111832 }
111833 int
111834 -nfs3svc_decode_mkdirargs(struct svc_rqst *rqstp, __be32 *p,
111835 - struct nfsd3_createargs *args)
111836 +nfs3svc_decode_mkdirargs(void *rqstp, __be32 *p, void *_args)
111837 {
111838 + struct nfsd3_createargs *args = _args;
111839 +
111840 if (!(p = decode_fh(p, &args->fh)) ||
111841 !(p = decode_filename(p, &args->name, &args->len)))
111842 return 0;
111843 @@ -445,9 +455,10 @@ nfs3svc_decode_mkdirargs(struct svc_rqst *rqstp, __be32 *p,
111844 }
111845
111846 int
111847 -nfs3svc_decode_symlinkargs(struct svc_rqst *rqstp, __be32 *p,
111848 - struct nfsd3_symlinkargs *args)
111849 +nfs3svc_decode_symlinkargs(void *_rqstp, __be32 *p, void *_args)
111850 {
111851 + struct svc_rqst *rqstp = _rqstp;
111852 + struct nfsd3_symlinkargs *args = _args;
111853 unsigned int len, avail;
111854 char *old, *new;
111855 struct kvec *vec;
111856 @@ -495,9 +506,10 @@ nfs3svc_decode_symlinkargs(struct svc_rqst *rqstp, __be32 *p,
111857 }
111858
111859 int
111860 -nfs3svc_decode_mknodargs(struct svc_rqst *rqstp, __be32 *p,
111861 - struct nfsd3_mknodargs *args)
111862 +nfs3svc_decode_mknodargs(void *rqstp, __be32 *p, void *_args)
111863 {
111864 + struct nfsd3_mknodargs *args = _args;
111865 +
111866 if (!(p = decode_fh(p, &args->fh))
111867 || !(p = decode_filename(p, &args->name, &args->len)))
111868 return 0;
111869 @@ -517,9 +529,10 @@ nfs3svc_decode_mknodargs(struct svc_rqst *rqstp, __be32 *p,
111870 }
111871
111872 int
111873 -nfs3svc_decode_renameargs(struct svc_rqst *rqstp, __be32 *p,
111874 - struct nfsd3_renameargs *args)
111875 +nfs3svc_decode_renameargs(void *rqstp, __be32 *p, void *_args)
111876 {
111877 + struct nfsd3_renameargs *args = _args;
111878 +
111879 if (!(p = decode_fh(p, &args->ffh))
111880 || !(p = decode_filename(p, &args->fname, &args->flen))
111881 || !(p = decode_fh(p, &args->tfh))
111882 @@ -530,9 +543,11 @@ nfs3svc_decode_renameargs(struct svc_rqst *rqstp, __be32 *p,
111883 }
111884
111885 int
111886 -nfs3svc_decode_readlinkargs(struct svc_rqst *rqstp, __be32 *p,
111887 - struct nfsd3_readlinkargs *args)
111888 +nfs3svc_decode_readlinkargs(void *_rqstp, __be32 *p, void *_args)
111889 {
111890 + struct svc_rqst *rqstp = _rqstp;
111891 + struct nfsd3_readlinkargs *args = _args;
111892 +
111893 p = decode_fh(p, &args->fh);
111894 if (!p)
111895 return 0;
111896 @@ -542,9 +557,10 @@ nfs3svc_decode_readlinkargs(struct svc_rqst *rqstp, __be32 *p,
111897 }
111898
111899 int
111900 -nfs3svc_decode_linkargs(struct svc_rqst *rqstp, __be32 *p,
111901 - struct nfsd3_linkargs *args)
111902 +nfs3svc_decode_linkargs(void *rqstp, __be32 *p, void *_args)
111903 {
111904 + struct nfsd3_linkargs *args = _args;
111905 +
111906 if (!(p = decode_fh(p, &args->ffh))
111907 || !(p = decode_fh(p, &args->tfh))
111908 || !(p = decode_filename(p, &args->tname, &args->tlen)))
111909 @@ -554,9 +570,11 @@ nfs3svc_decode_linkargs(struct svc_rqst *rqstp, __be32 *p,
111910 }
111911
111912 int
111913 -nfs3svc_decode_readdirargs(struct svc_rqst *rqstp, __be32 *p,
111914 - struct nfsd3_readdirargs *args)
111915 +nfs3svc_decode_readdirargs(void *_rqstp, __be32 *p, void *_args)
111916 {
111917 + struct svc_rqst *rqstp = _rqstp;
111918 + struct nfsd3_readdirargs *args = _args;
111919 +
111920 p = decode_fh(p, &args->fh);
111921 if (!p)
111922 return 0;
111923 @@ -571,9 +589,10 @@ nfs3svc_decode_readdirargs(struct svc_rqst *rqstp, __be32 *p,
111924 }
111925
111926 int
111927 -nfs3svc_decode_readdirplusargs(struct svc_rqst *rqstp, __be32 *p,
111928 - struct nfsd3_readdirargs *args)
111929 +nfs3svc_decode_readdirplusargs(void *_rqstp, __be32 *p, void *_args)
111930 {
111931 + struct svc_rqst *rqstp = _rqstp;
111932 + struct nfsd3_readdirargs *args = _args;
111933 int len;
111934 u32 max_blocksize = svc_max_payload(rqstp);
111935
111936 @@ -597,9 +616,10 @@ nfs3svc_decode_readdirplusargs(struct svc_rqst *rqstp, __be32 *p,
111937 }
111938
111939 int
111940 -nfs3svc_decode_commitargs(struct svc_rqst *rqstp, __be32 *p,
111941 - struct nfsd3_commitargs *args)
111942 +nfs3svc_decode_commitargs(void *rqstp, __be32 *p, void *_args)
111943 {
111944 + struct nfsd3_commitargs *args = _args;
111945 +
111946 p = decode_fh(p, &args->fh);
111947 if (!p)
111948 return 0;
111949 @@ -617,16 +637,17 @@ nfs3svc_decode_commitargs(struct svc_rqst *rqstp, __be32 *p,
111950 * will work properly.
111951 */
111952 int
111953 -nfs3svc_encode_voidres(struct svc_rqst *rqstp, __be32 *p, void *dummy)
111954 +nfs3svc_encode_voidres(void *rqstp, __be32 *p, void *dummy)
111955 {
111956 return xdr_ressize_check(rqstp, p);
111957 }
111958
111959 /* GETATTR */
111960 int
111961 -nfs3svc_encode_attrstat(struct svc_rqst *rqstp, __be32 *p,
111962 - struct nfsd3_attrstat *resp)
111963 +nfs3svc_encode_attrstat(void *rqstp, __be32 *p, void *_resp)
111964 {
111965 + struct nfsd3_attrstat *resp = _resp;
111966 +
111967 if (resp->status == 0) {
111968 lease_get_mtime(d_inode(resp->fh.fh_dentry),
111969 &resp->stat.mtime);
111970 @@ -637,18 +658,20 @@ nfs3svc_encode_attrstat(struct svc_rqst *rqstp, __be32 *p,
111971
111972 /* SETATTR, REMOVE, RMDIR */
111973 int
111974 -nfs3svc_encode_wccstat(struct svc_rqst *rqstp, __be32 *p,
111975 - struct nfsd3_attrstat *resp)
111976 +nfs3svc_encode_wccstat(void *rqstp, __be32 *p, void *_resp)
111977 {
111978 + struct nfsd3_attrstat *resp = _resp;
111979 +
111980 p = encode_wcc_data(rqstp, p, &resp->fh);
111981 return xdr_ressize_check(rqstp, p);
111982 }
111983
111984 /* LOOKUP */
111985 int
111986 -nfs3svc_encode_diropres(struct svc_rqst *rqstp, __be32 *p,
111987 - struct nfsd3_diropres *resp)
111988 +nfs3svc_encode_diropres(void *rqstp, __be32 *p, void *_resp)
111989 {
111990 + struct nfsd3_diropres *resp = _resp;
111991 +
111992 if (resp->status == 0) {
111993 p = encode_fh(p, &resp->fh);
111994 p = encode_post_op_attr(rqstp, p, &resp->fh);
111995 @@ -659,9 +682,10 @@ nfs3svc_encode_diropres(struct svc_rqst *rqstp, __be32 *p,
111996
111997 /* ACCESS */
111998 int
111999 -nfs3svc_encode_accessres(struct svc_rqst *rqstp, __be32 *p,
112000 - struct nfsd3_accessres *resp)
112001 +nfs3svc_encode_accessres(void *rqstp, __be32 *p, void *_resp)
112002 {
112003 + struct nfsd3_accessres *resp = _resp;
112004 +
112005 p = encode_post_op_attr(rqstp, p, &resp->fh);
112006 if (resp->status == 0)
112007 *p++ = htonl(resp->access);
112008 @@ -670,9 +694,11 @@ nfs3svc_encode_accessres(struct svc_rqst *rqstp, __be32 *p,
112009
112010 /* READLINK */
112011 int
112012 -nfs3svc_encode_readlinkres(struct svc_rqst *rqstp, __be32 *p,
112013 - struct nfsd3_readlinkres *resp)
112014 +nfs3svc_encode_readlinkres(void *_rqstp, __be32 *p, void *_resp)
112015 {
112016 + struct svc_rqst *rqstp = _rqstp;
112017 + struct nfsd3_readlinkres *resp = _resp;
112018 +
112019 p = encode_post_op_attr(rqstp, p, &resp->fh);
112020 if (resp->status == 0) {
112021 *p++ = htonl(resp->len);
112022 @@ -691,9 +717,11 @@ nfs3svc_encode_readlinkres(struct svc_rqst *rqstp, __be32 *p,
112023
112024 /* READ */
112025 int
112026 -nfs3svc_encode_readres(struct svc_rqst *rqstp, __be32 *p,
112027 - struct nfsd3_readres *resp)
112028 +nfs3svc_encode_readres(void *_rqstp, __be32 *p, void *_resp)
112029 {
112030 + struct svc_rqst *rqstp = _rqstp;
112031 + struct nfsd3_readres *resp = _resp;
112032 +
112033 p = encode_post_op_attr(rqstp, p, &resp->fh);
112034 if (resp->status == 0) {
112035 *p++ = htonl(resp->count);
112036 @@ -715,9 +743,10 @@ nfs3svc_encode_readres(struct svc_rqst *rqstp, __be32 *p,
112037
112038 /* WRITE */
112039 int
112040 -nfs3svc_encode_writeres(struct svc_rqst *rqstp, __be32 *p,
112041 - struct nfsd3_writeres *resp)
112042 +nfs3svc_encode_writeres(void *_rqstp, __be32 *p, void *_resp)
112043 {
112044 + struct svc_rqst *rqstp = _rqstp;
112045 + struct nfsd3_writeres *resp = _resp;
112046 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
112047
112048 p = encode_wcc_data(rqstp, p, &resp->fh);
112049 @@ -732,9 +761,10 @@ nfs3svc_encode_writeres(struct svc_rqst *rqstp, __be32 *p,
112050
112051 /* CREATE, MKDIR, SYMLINK, MKNOD */
112052 int
112053 -nfs3svc_encode_createres(struct svc_rqst *rqstp, __be32 *p,
112054 - struct nfsd3_diropres *resp)
112055 +nfs3svc_encode_createres(void *rqstp, __be32 *p, void *_resp)
112056 {
112057 + struct nfsd3_diropres *resp = _resp;
112058 +
112059 if (resp->status == 0) {
112060 *p++ = xdr_one;
112061 p = encode_fh(p, &resp->fh);
112062 @@ -746,9 +776,10 @@ nfs3svc_encode_createres(struct svc_rqst *rqstp, __be32 *p,
112063
112064 /* RENAME */
112065 int
112066 -nfs3svc_encode_renameres(struct svc_rqst *rqstp, __be32 *p,
112067 - struct nfsd3_renameres *resp)
112068 +nfs3svc_encode_renameres(void *rqstp, __be32 *p, void *_resp)
112069 {
112070 + struct nfsd3_renameres *resp = _resp;
112071 +
112072 p = encode_wcc_data(rqstp, p, &resp->ffh);
112073 p = encode_wcc_data(rqstp, p, &resp->tfh);
112074 return xdr_ressize_check(rqstp, p);
112075 @@ -756,9 +787,10 @@ nfs3svc_encode_renameres(struct svc_rqst *rqstp, __be32 *p,
112076
112077 /* LINK */
112078 int
112079 -nfs3svc_encode_linkres(struct svc_rqst *rqstp, __be32 *p,
112080 - struct nfsd3_linkres *resp)
112081 +nfs3svc_encode_linkres(void *rqstp, __be32 *p, void *_resp)
112082 {
112083 + struct nfsd3_linkres *resp = _resp;
112084 +
112085 p = encode_post_op_attr(rqstp, p, &resp->fh);
112086 p = encode_wcc_data(rqstp, p, &resp->tfh);
112087 return xdr_ressize_check(rqstp, p);
112088 @@ -766,9 +798,11 @@ nfs3svc_encode_linkres(struct svc_rqst *rqstp, __be32 *p,
112089
112090 /* READDIR */
112091 int
112092 -nfs3svc_encode_readdirres(struct svc_rqst *rqstp, __be32 *p,
112093 - struct nfsd3_readdirres *resp)
112094 +nfs3svc_encode_readdirres(void *_rqstp, __be32 *p, void *_resp)
112095 {
112096 + struct svc_rqst *rqstp = _rqstp;
112097 + struct nfsd3_readdirres *resp = _resp;
112098 +
112099 p = encode_post_op_attr(rqstp, p, &resp->fh);
112100
112101 if (resp->status == 0) {
112102 @@ -1016,9 +1050,9 @@ nfs3svc_encode_entry_plus(void *cd, const char *name,
112103
112104 /* FSSTAT */
112105 int
112106 -nfs3svc_encode_fsstatres(struct svc_rqst *rqstp, __be32 *p,
112107 - struct nfsd3_fsstatres *resp)
112108 +nfs3svc_encode_fsstatres(void *rqstp, __be32 *p, void *_resp)
112109 {
112110 + struct nfsd3_fsstatres *resp = _resp;
112111 struct kstatfs *s = &resp->stats;
112112 u64 bs = s->f_bsize;
112113
112114 @@ -1038,9 +1072,10 @@ nfs3svc_encode_fsstatres(struct svc_rqst *rqstp, __be32 *p,
112115
112116 /* FSINFO */
112117 int
112118 -nfs3svc_encode_fsinfores(struct svc_rqst *rqstp, __be32 *p,
112119 - struct nfsd3_fsinfores *resp)
112120 +nfs3svc_encode_fsinfores(void *rqstp, __be32 *p, void *_resp)
112121 {
112122 + struct nfsd3_fsinfores *resp = _resp;
112123 +
112124 *p++ = xdr_zero; /* no post_op_attr */
112125
112126 if (resp->status == 0) {
112127 @@ -1062,9 +1097,10 @@ nfs3svc_encode_fsinfores(struct svc_rqst *rqstp, __be32 *p,
112128
112129 /* PATHCONF */
112130 int
112131 -nfs3svc_encode_pathconfres(struct svc_rqst *rqstp, __be32 *p,
112132 - struct nfsd3_pathconfres *resp)
112133 +nfs3svc_encode_pathconfres(void *rqstp, __be32 *p, void *_resp)
112134 {
112135 + struct nfsd3_pathconfres *resp = _resp;
112136 +
112137 *p++ = xdr_zero; /* no post_op_attr */
112138
112139 if (resp->status == 0) {
112140 @@ -1081,9 +1117,10 @@ nfs3svc_encode_pathconfres(struct svc_rqst *rqstp, __be32 *p,
112141
112142 /* COMMIT */
112143 int
112144 -nfs3svc_encode_commitres(struct svc_rqst *rqstp, __be32 *p,
112145 - struct nfsd3_commitres *resp)
112146 +nfs3svc_encode_commitres(void *_rqstp, __be32 *p, void *_resp)
112147 {
112148 + struct svc_rqst *rqstp = _rqstp;
112149 + struct nfsd3_commitres *resp = _resp;
112150 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
112151
112152 p = encode_wcc_data(rqstp, p, &resp->fh);
112153 @@ -1099,17 +1136,19 @@ nfs3svc_encode_commitres(struct svc_rqst *rqstp, __be32 *p,
112154 * XDR release functions
112155 */
112156 int
112157 -nfs3svc_release_fhandle(struct svc_rqst *rqstp, __be32 *p,
112158 - struct nfsd3_attrstat *resp)
112159 +nfs3svc_release_fhandle(void *rqstp, __be32 *p, void *_resp)
112160 {
112161 + struct nfsd3_attrstat *resp = _resp;
112162 +
112163 fh_put(&resp->fh);
112164 return 1;
112165 }
112166
112167 int
112168 -nfs3svc_release_fhandle2(struct svc_rqst *rqstp, __be32 *p,
112169 - struct nfsd3_fhandle_pair *resp)
112170 +nfs3svc_release_fhandle2(void *rqstp, __be32 *p, void *_resp)
112171 {
112172 + struct nfsd3_fhandle_pair *resp = _resp;
112173 +
112174 fh_put(&resp->fh1);
112175 fh_put(&resp->fh2);
112176 return 1;
112177 diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
112178 index 04c68d9..cc49866 100644
112179 --- a/fs/nfsd/nfs4callback.c
112180 +++ b/fs/nfsd/nfs4callback.c
112181 @@ -470,8 +470,7 @@ static int decode_cb_sequence4res(struct xdr_stream *xdr,
112182 /*
112183 * NB: Without this zero space reservation, callbacks over krb5p fail
112184 */
112185 -static void nfs4_xdr_enc_cb_null(struct rpc_rqst *req, struct xdr_stream *xdr,
112186 - void *__unused)
112187 +static void nfs4_xdr_enc_cb_null(void *req, struct xdr_stream *xdr, void *__unused)
112188 {
112189 xdr_reserve_space(xdr, 0);
112190 }
112191 @@ -479,9 +478,9 @@ static void nfs4_xdr_enc_cb_null(struct rpc_rqst *req, struct xdr_stream *xdr,
112192 /*
112193 * 20.2. Operation 4: CB_RECALL - Recall a Delegation
112194 */
112195 -static void nfs4_xdr_enc_cb_recall(struct rpc_rqst *req, struct xdr_stream *xdr,
112196 - const struct nfsd4_callback *cb)
112197 +static void nfs4_xdr_enc_cb_recall(void *req, struct xdr_stream *xdr, void *_cb)
112198 {
112199 + const struct nfsd4_callback *cb = _cb;
112200 const struct nfs4_delegation *dp = cb_to_delegation(cb);
112201 struct nfs4_cb_compound_hdr hdr = {
112202 .ident = cb->cb_clp->cl_cb_ident,
112203 @@ -504,8 +503,7 @@ static void nfs4_xdr_enc_cb_recall(struct rpc_rqst *req, struct xdr_stream *xdr,
112204 * Protocol".
112205 */
112206
112207 -static int nfs4_xdr_dec_cb_null(struct rpc_rqst *req, struct xdr_stream *xdr,
112208 - void *__unused)
112209 +static int nfs4_xdr_dec_cb_null(void *req, struct xdr_stream *xdr, void *__unused)
112210 {
112211 return 0;
112212 }
112213 @@ -513,10 +511,11 @@ static int nfs4_xdr_dec_cb_null(struct rpc_rqst *req, struct xdr_stream *xdr,
112214 /*
112215 * 20.2. Operation 4: CB_RECALL - Recall a Delegation
112216 */
112217 -static int nfs4_xdr_dec_cb_recall(struct rpc_rqst *rqstp,
112218 +static int nfs4_xdr_dec_cb_recall(void *rqstp,
112219 struct xdr_stream *xdr,
112220 - struct nfsd4_callback *cb)
112221 + void *_cb)
112222 {
112223 + struct nfsd4_callback *cb = _cb;
112224 struct nfs4_cb_compound_hdr hdr;
112225 int status;
112226
112227 @@ -586,10 +585,12 @@ static void encode_cb_layout4args(struct xdr_stream *xdr,
112228 hdr->nops++;
112229 }
112230
112231 -static void nfs4_xdr_enc_cb_layout(struct rpc_rqst *req,
112232 +static void nfs4_xdr_enc_cb_layout(void *_req,
112233 struct xdr_stream *xdr,
112234 - const struct nfsd4_callback *cb)
112235 + void *_cb)
112236 {
112237 + struct rpc_rqst *req = _req;
112238 + const struct nfsd4_callback *cb = _cb;
112239 const struct nfs4_layout_stateid *ls =
112240 container_of(cb, struct nfs4_layout_stateid, ls_recall);
112241 struct nfs4_cb_compound_hdr hdr = {
112242 @@ -603,10 +604,12 @@ static void nfs4_xdr_enc_cb_layout(struct rpc_rqst *req,
112243 encode_cb_nops(&hdr);
112244 }
112245
112246 -static int nfs4_xdr_dec_cb_layout(struct rpc_rqst *rqstp,
112247 +static int nfs4_xdr_dec_cb_layout(void *_rqstp,
112248 struct xdr_stream *xdr,
112249 - struct nfsd4_callback *cb)
112250 + void *_cb)
112251 {
112252 + struct rpc_rqst *rqstp = _rqstp;
112253 + struct nfsd4_callback *cb = _cb;
112254 struct nfs4_cb_compound_hdr hdr;
112255 int status;
112256
112257 @@ -629,8 +632,8 @@ static int nfs4_xdr_dec_cb_layout(struct rpc_rqst *rqstp,
112258 #define PROC(proc, call, argtype, restype) \
112259 [NFSPROC4_CLNT_##proc] = { \
112260 .p_proc = NFSPROC4_CB_##call, \
112261 - .p_encode = (kxdreproc_t)nfs4_xdr_enc_##argtype, \
112262 - .p_decode = (kxdrdproc_t)nfs4_xdr_dec_##restype, \
112263 + .p_encode = nfs4_xdr_enc_##argtype, \
112264 + .p_decode = nfs4_xdr_dec_##restype, \
112265 .p_arglen = NFS4_enc_##argtype##_sz, \
112266 .p_replen = NFS4_dec_##restype##_sz, \
112267 .p_statidx = NFSPROC4_CB_##call, \
112268 diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
112269 index 1fb2227..150c145 100644
112270 --- a/fs/nfsd/nfs4proc.c
112271 +++ b/fs/nfsd/nfs4proc.c
112272 @@ -358,8 +358,9 @@ copy_clientid(clientid_t *clid, struct nfsd4_session *session)
112273
112274 static __be32
112275 nfsd4_open(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112276 - struct nfsd4_open *open)
112277 + void *_open)
112278 {
112279 + struct nfsd4_open *open = _open;
112280 __be32 status;
112281 struct svc_fh *resfh = NULL;
112282 struct net *net = SVC_NET(rqstp);
112283 @@ -496,8 +497,10 @@ static __be32 nfsd4_open_omfg(struct svc_rqst *rqstp, struct nfsd4_compound_stat
112284 */
112285 static __be32
112286 nfsd4_getfh(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112287 - struct svc_fh **getfh)
112288 + void *_getfh)
112289 {
112290 + struct svc_fh **getfh = (struct svc_fh **)_getfh;
112291 +
112292 if (!cstate->current_fh.fh_dentry)
112293 return nfserr_nofilehandle;
112294
112295 @@ -507,8 +510,10 @@ nfsd4_getfh(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112296
112297 static __be32
112298 nfsd4_putfh(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112299 - struct nfsd4_putfh *putfh)
112300 + void *_putfh)
112301 {
112302 + struct nfsd4_putfh *putfh = _putfh;
112303 +
112304 fh_put(&cstate->current_fh);
112305 cstate->current_fh.fh_handle.fh_size = putfh->pf_fhlen;
112306 memcpy(&cstate->current_fh.fh_handle.fh_base, putfh->pf_fhval,
112307 @@ -562,8 +567,10 @@ nfsd4_savefh(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112308 */
112309 static __be32
112310 nfsd4_access(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112311 - struct nfsd4_access *access)
112312 + void *_access)
112313 {
112314 + struct nfsd4_access *access = _access;
112315 +
112316 if (access->ac_req_access & ~NFS3_ACCESS_FULL)
112317 return nfserr_inval;
112318
112319 @@ -588,8 +595,10 @@ static void gen_boot_verifier(nfs4_verifier *verifier, struct net *net)
112320
112321 static __be32
112322 nfsd4_commit(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112323 - struct nfsd4_commit *commit)
112324 + void *_commit)
112325 {
112326 + struct nfsd4_commit *commit = _commit;
112327 +
112328 gen_boot_verifier(&commit->co_verf, SVC_NET(rqstp));
112329 return nfsd_commit(rqstp, &cstate->current_fh, commit->co_offset,
112330 commit->co_count);
112331 @@ -597,8 +606,9 @@ nfsd4_commit(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112332
112333 static __be32
112334 nfsd4_create(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112335 - struct nfsd4_create *create)
112336 + void *_create)
112337 {
112338 + struct nfsd4_create *create = _create;
112339 struct svc_fh resfh;
112340 __be32 status;
112341 dev_t rdev;
112342 @@ -684,8 +694,9 @@ out:
112343
112344 static __be32
112345 nfsd4_getattr(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112346 - struct nfsd4_getattr *getattr)
112347 + void *_getattr)
112348 {
112349 + struct nfsd4_getattr *getattr = _getattr;
112350 __be32 status;
112351
112352 status = fh_verify(rqstp, &cstate->current_fh, 0, NFSD_MAY_NOP);
112353 @@ -705,8 +716,9 @@ nfsd4_getattr(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112354
112355 static __be32
112356 nfsd4_link(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112357 - struct nfsd4_link *link)
112358 + void *_link)
112359 {
112360 + struct nfsd4_link *link = _link;
112361 __be32 status = nfserr_nofilehandle;
112362
112363 if (!cstate->save_fh.fh_dentry)
112364 @@ -744,8 +756,9 @@ nfsd4_lookupp(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112365
112366 static __be32
112367 nfsd4_lookup(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112368 - struct nfsd4_lookup *lookup)
112369 + void *_lookup)
112370 {
112371 + struct nfsd4_lookup *lookup = _lookup;
112372 return nfsd_lookup(rqstp, &cstate->current_fh,
112373 lookup->lo_name, lookup->lo_len,
112374 &cstate->current_fh);
112375 @@ -753,8 +766,9 @@ nfsd4_lookup(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112376
112377 static __be32
112378 nfsd4_read(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112379 - struct nfsd4_read *read)
112380 + void *_read)
112381 {
112382 + struct nfsd4_read *read = _read;
112383 __be32 status;
112384
112385 read->rd_filp = NULL;
112386 @@ -789,8 +803,9 @@ out:
112387
112388 static __be32
112389 nfsd4_readdir(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112390 - struct nfsd4_readdir *readdir)
112391 + void *_readdir)
112392 {
112393 + struct nfsd4_readdir *readdir = _readdir;
112394 u64 cookie = readdir->rd_cookie;
112395 static const nfs4_verifier zeroverf;
112396
112397 @@ -814,8 +829,10 @@ nfsd4_readdir(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112398
112399 static __be32
112400 nfsd4_readlink(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112401 - struct nfsd4_readlink *readlink)
112402 + void *_readlink)
112403 {
112404 + struct nfsd4_readlink *readlink = _readlink;
112405 +
112406 readlink->rl_rqstp = rqstp;
112407 readlink->rl_fhp = &cstate->current_fh;
112408 return nfs_ok;
112409 @@ -823,8 +840,9 @@ nfsd4_readlink(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112410
112411 static __be32
112412 nfsd4_remove(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112413 - struct nfsd4_remove *remove)
112414 + void *_remove)
112415 {
112416 + struct nfsd4_remove *remove = _remove;
112417 __be32 status;
112418
112419 if (opens_in_grace(SVC_NET(rqstp)))
112420 @@ -840,8 +858,9 @@ nfsd4_remove(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112421
112422 static __be32
112423 nfsd4_rename(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112424 - struct nfsd4_rename *rename)
112425 + void *_rename)
112426 {
112427 + struct nfsd4_rename *rename = _rename;
112428 __be32 status = nfserr_nofilehandle;
112429
112430 if (!cstate->save_fh.fh_dentry)
112431 @@ -861,8 +880,9 @@ nfsd4_rename(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112432
112433 static __be32
112434 nfsd4_secinfo(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112435 - struct nfsd4_secinfo *secinfo)
112436 + void *_secinfo)
112437 {
112438 + struct nfsd4_secinfo *secinfo = _secinfo;
112439 struct svc_export *exp;
112440 struct dentry *dentry;
112441 __be32 err;
112442 @@ -890,8 +910,9 @@ nfsd4_secinfo(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112443
112444 static __be32
112445 nfsd4_secinfo_no_name(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112446 - struct nfsd4_secinfo_no_name *sin)
112447 + void *_sin)
112448 {
112449 + struct nfsd4_secinfo_no_name *sin = _sin;
112450 __be32 err;
112451
112452 switch (sin->sin_style) {
112453 @@ -913,8 +934,9 @@ nfsd4_secinfo_no_name(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstat
112454
112455 static __be32
112456 nfsd4_setattr(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112457 - struct nfsd4_setattr *setattr)
112458 + void *_setattr)
112459 {
112460 + struct nfsd4_setattr *setattr = _setattr;
112461 __be32 status = nfs_ok;
112462 int err;
112463
112464 @@ -974,8 +996,9 @@ static int fill_in_write_vector(struct kvec *vec, struct nfsd4_write *write)
112465
112466 static __be32
112467 nfsd4_write(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112468 - struct nfsd4_write *write)
112469 + void *_write)
112470 {
112471 + struct nfsd4_write *write = _write;
112472 stateid_t *stateid = &write->wr_stateid;
112473 struct file *filp = NULL;
112474 __be32 status = nfs_ok;
112475 @@ -1011,8 +1034,9 @@ nfsd4_write(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112476
112477 static __be32
112478 nfsd4_clone(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112479 - struct nfsd4_clone *clone)
112480 + void *_clone)
112481 {
112482 + struct nfsd4_clone *clone = _clone;
112483 struct file *src, *dst;
112484 __be32 status;
112485
112486 @@ -1075,23 +1099,28 @@ nfsd4_fallocate(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112487
112488 static __be32
112489 nfsd4_allocate(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112490 - struct nfsd4_fallocate *fallocate)
112491 + void *_fallocate)
112492 {
112493 + struct nfsd4_fallocate *fallocate = _fallocate;
112494 +
112495 return nfsd4_fallocate(rqstp, cstate, fallocate, 0);
112496 }
112497
112498 static __be32
112499 nfsd4_deallocate(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112500 - struct nfsd4_fallocate *fallocate)
112501 + void *_fallocate)
112502 {
112503 + struct nfsd4_fallocate *fallocate = _fallocate;
112504 +
112505 return nfsd4_fallocate(rqstp, cstate, fallocate,
112506 FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE);
112507 }
112508
112509 static __be32
112510 nfsd4_seek(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112511 - struct nfsd4_seek *seek)
112512 + void *_seek)
112513 {
112514 + struct nfsd4_seek *seek = (struct nfsd4_seek *)_seek;
112515 int whence;
112516 __be32 status;
112517 struct file *file;
112518 @@ -1138,8 +1167,9 @@ out:
112519 */
112520 static __be32
112521 _nfsd4_verify(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112522 - struct nfsd4_verify *verify)
112523 + void *_verify)
112524 {
112525 + struct nfsd4_verify *verify = _verify;
112526 __be32 *buf, *p;
112527 int count;
112528 __be32 status;
112529 @@ -1196,8 +1226,9 @@ out_kfree:
112530
112531 static __be32
112532 nfsd4_nverify(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112533 - struct nfsd4_verify *verify)
112534 + void *_verify)
112535 {
112536 + struct nfsd4_verify *verify = _verify;
112537 __be32 status;
112538
112539 status = _nfsd4_verify(rqstp, cstate, verify);
112540 @@ -1206,8 +1237,9 @@ nfsd4_nverify(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112541
112542 static __be32
112543 nfsd4_verify(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
112544 - struct nfsd4_verify *verify)
112545 + void *_verify)
112546 {
112547 + struct nfsd4_verify *verify = _verify;
112548 __be32 status;
112549
112550 status = _nfsd4_verify(rqstp, cstate, verify);
112551 @@ -1235,8 +1267,9 @@ nfsd4_layout_verify(struct svc_export *exp, unsigned int layout_type)
112552 static __be32
112553 nfsd4_getdeviceinfo(struct svc_rqst *rqstp,
112554 struct nfsd4_compound_state *cstate,
112555 - struct nfsd4_getdeviceinfo *gdp)
112556 + void *_gdp)
112557 {
112558 + struct nfsd4_getdeviceinfo *gdp = _gdp;
112559 const struct nfsd4_layout_ops *ops;
112560 struct nfsd4_deviceid_map *map;
112561 struct svc_export *exp;
112562 @@ -1281,8 +1314,9 @@ out:
112563 static __be32
112564 nfsd4_layoutget(struct svc_rqst *rqstp,
112565 struct nfsd4_compound_state *cstate,
112566 - struct nfsd4_layoutget *lgp)
112567 + void *_lgp)
112568 {
112569 + struct nfsd4_layoutget *lgp = _lgp;
112570 struct svc_fh *current_fh = &cstate->current_fh;
112571 const struct nfsd4_layout_ops *ops;
112572 struct nfs4_layout_stateid *ls;
112573 @@ -1361,8 +1395,9 @@ out:
112574 static __be32
112575 nfsd4_layoutcommit(struct svc_rqst *rqstp,
112576 struct nfsd4_compound_state *cstate,
112577 - struct nfsd4_layoutcommit *lcp)
112578 + void *_lcp)
112579 {
112580 + struct nfsd4_layoutcommit *lcp = _lcp;
112581 const struct nfsd4_layout_seg *seg = &lcp->lc_seg;
112582 struct svc_fh *current_fh = &cstate->current_fh;
112583 const struct nfsd4_layout_ops *ops;
112584 @@ -1425,8 +1460,9 @@ out:
112585 static __be32
112586 nfsd4_layoutreturn(struct svc_rqst *rqstp,
112587 struct nfsd4_compound_state *cstate,
112588 - struct nfsd4_layoutreturn *lrp)
112589 + void *_lrp)
112590 {
112591 + struct nfsd4_layoutreturn *lrp = _lrp;
112592 struct svc_fh *current_fh = &cstate->current_fh;
112593 __be32 nfserr;
112594
112595 @@ -1528,7 +1564,7 @@ struct nfsd4_operation {
112596 nfsd4op_rsize op_rsize_bop;
112597 stateid_getter op_get_currentstateid;
112598 stateid_setter op_set_currentstateid;
112599 -};
112600 +} __do_const;
112601
112602 static struct nfsd4_operation nfsd4_ops[];
112603
112604 @@ -1636,10 +1672,10 @@ static void svcxdr_init_encode(struct svc_rqst *rqstp,
112605 * COMPOUND call.
112606 */
112607 static __be32
112608 -nfsd4_proc_compound(struct svc_rqst *rqstp,
112609 - struct nfsd4_compoundargs *args,
112610 - struct nfsd4_compoundres *resp)
112611 +nfsd4_proc_compound(struct svc_rqst *rqstp, void *_args, void *_resp)
112612 {
112613 + struct nfsd4_compoundargs *args = _args;
112614 + struct nfsd4_compoundres *resp = _resp;
112615 struct nfsd4_op *op;
112616 struct nfsd4_operation *opdesc;
112617 struct nfsd4_compound_state *cstate = &resp->cstate;
112618 @@ -1998,338 +2034,338 @@ static inline u32 nfsd4_layoutreturn_rsize(struct svc_rqst *rqstp, struct nfsd4_
112619
112620 static struct nfsd4_operation nfsd4_ops[] = {
112621 [OP_ACCESS] = {
112622 - .op_func = (nfsd4op_func)nfsd4_access,
112623 + .op_func = nfsd4_access,
112624 .op_name = "OP_ACCESS",
112625 },
112626 [OP_CLOSE] = {
112627 - .op_func = (nfsd4op_func)nfsd4_close,
112628 + .op_func = nfsd4_close,
112629 .op_flags = OP_MODIFIES_SOMETHING,
112630 .op_name = "OP_CLOSE",
112631 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_status_stateid_rsize,
112632 - .op_get_currentstateid = (stateid_getter)nfsd4_get_closestateid,
112633 - .op_set_currentstateid = (stateid_setter)nfsd4_set_closestateid,
112634 + .op_rsize_bop = nfsd4_status_stateid_rsize,
112635 + .op_get_currentstateid = nfsd4_get_closestateid,
112636 + .op_set_currentstateid = nfsd4_set_closestateid,
112637 },
112638 [OP_COMMIT] = {
112639 - .op_func = (nfsd4op_func)nfsd4_commit,
112640 + .op_func = nfsd4_commit,
112641 .op_flags = OP_MODIFIES_SOMETHING,
112642 .op_name = "OP_COMMIT",
112643 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_commit_rsize,
112644 + .op_rsize_bop = nfsd4_commit_rsize,
112645 },
112646 [OP_CREATE] = {
112647 - .op_func = (nfsd4op_func)nfsd4_create,
112648 + .op_func = nfsd4_create,
112649 .op_flags = OP_MODIFIES_SOMETHING | OP_CACHEME | OP_CLEAR_STATEID,
112650 .op_name = "OP_CREATE",
112651 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_create_rsize,
112652 + .op_rsize_bop = nfsd4_create_rsize,
112653 },
112654 [OP_DELEGRETURN] = {
112655 - .op_func = (nfsd4op_func)nfsd4_delegreturn,
112656 + .op_func = nfsd4_delegreturn,
112657 .op_flags = OP_MODIFIES_SOMETHING,
112658 .op_name = "OP_DELEGRETURN",
112659 .op_rsize_bop = nfsd4_only_status_rsize,
112660 - .op_get_currentstateid = (stateid_getter)nfsd4_get_delegreturnstateid,
112661 + .op_get_currentstateid = nfsd4_get_delegreturnstateid,
112662 },
112663 [OP_GETATTR] = {
112664 - .op_func = (nfsd4op_func)nfsd4_getattr,
112665 + .op_func = nfsd4_getattr,
112666 .op_flags = ALLOWED_ON_ABSENT_FS,
112667 .op_rsize_bop = nfsd4_getattr_rsize,
112668 .op_name = "OP_GETATTR",
112669 },
112670 [OP_GETFH] = {
112671 - .op_func = (nfsd4op_func)nfsd4_getfh,
112672 + .op_func = nfsd4_getfh,
112673 .op_name = "OP_GETFH",
112674 },
112675 [OP_LINK] = {
112676 - .op_func = (nfsd4op_func)nfsd4_link,
112677 + .op_func = nfsd4_link,
112678 .op_flags = ALLOWED_ON_ABSENT_FS | OP_MODIFIES_SOMETHING
112679 | OP_CACHEME,
112680 .op_name = "OP_LINK",
112681 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_link_rsize,
112682 + .op_rsize_bop = nfsd4_link_rsize,
112683 },
112684 [OP_LOCK] = {
112685 - .op_func = (nfsd4op_func)nfsd4_lock,
112686 + .op_func = nfsd4_lock,
112687 .op_flags = OP_MODIFIES_SOMETHING,
112688 .op_name = "OP_LOCK",
112689 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_lock_rsize,
112690 - .op_set_currentstateid = (stateid_setter)nfsd4_set_lockstateid,
112691 + .op_rsize_bop = nfsd4_lock_rsize,
112692 + .op_set_currentstateid = nfsd4_set_lockstateid,
112693 },
112694 [OP_LOCKT] = {
112695 - .op_func = (nfsd4op_func)nfsd4_lockt,
112696 + .op_func = nfsd4_lockt,
112697 .op_name = "OP_LOCKT",
112698 },
112699 [OP_LOCKU] = {
112700 - .op_func = (nfsd4op_func)nfsd4_locku,
112701 + .op_func = nfsd4_locku,
112702 .op_flags = OP_MODIFIES_SOMETHING,
112703 .op_name = "OP_LOCKU",
112704 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_status_stateid_rsize,
112705 - .op_get_currentstateid = (stateid_getter)nfsd4_get_lockustateid,
112706 + .op_rsize_bop = nfsd4_status_stateid_rsize,
112707 + .op_get_currentstateid = nfsd4_get_lockustateid,
112708 },
112709 [OP_LOOKUP] = {
112710 - .op_func = (nfsd4op_func)nfsd4_lookup,
112711 + .op_func = nfsd4_lookup,
112712 .op_flags = OP_HANDLES_WRONGSEC | OP_CLEAR_STATEID,
112713 .op_name = "OP_LOOKUP",
112714 },
112715 [OP_LOOKUPP] = {
112716 - .op_func = (nfsd4op_func)nfsd4_lookupp,
112717 + .op_func = nfsd4_lookupp,
112718 .op_flags = OP_HANDLES_WRONGSEC | OP_CLEAR_STATEID,
112719 .op_name = "OP_LOOKUPP",
112720 },
112721 [OP_NVERIFY] = {
112722 - .op_func = (nfsd4op_func)nfsd4_nverify,
112723 + .op_func = nfsd4_nverify,
112724 .op_name = "OP_NVERIFY",
112725 },
112726 [OP_OPEN] = {
112727 - .op_func = (nfsd4op_func)nfsd4_open,
112728 + .op_func = nfsd4_open,
112729 .op_flags = OP_HANDLES_WRONGSEC | OP_MODIFIES_SOMETHING,
112730 .op_name = "OP_OPEN",
112731 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_open_rsize,
112732 - .op_set_currentstateid = (stateid_setter)nfsd4_set_openstateid,
112733 + .op_rsize_bop = nfsd4_open_rsize,
112734 + .op_set_currentstateid = nfsd4_set_openstateid,
112735 },
112736 [OP_OPEN_CONFIRM] = {
112737 - .op_func = (nfsd4op_func)nfsd4_open_confirm,
112738 + .op_func = nfsd4_open_confirm,
112739 .op_flags = OP_MODIFIES_SOMETHING,
112740 .op_name = "OP_OPEN_CONFIRM",
112741 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_status_stateid_rsize,
112742 + .op_rsize_bop = nfsd4_status_stateid_rsize,
112743 },
112744 [OP_OPEN_DOWNGRADE] = {
112745 - .op_func = (nfsd4op_func)nfsd4_open_downgrade,
112746 + .op_func = nfsd4_open_downgrade,
112747 .op_flags = OP_MODIFIES_SOMETHING,
112748 .op_name = "OP_OPEN_DOWNGRADE",
112749 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_status_stateid_rsize,
112750 - .op_get_currentstateid = (stateid_getter)nfsd4_get_opendowngradestateid,
112751 - .op_set_currentstateid = (stateid_setter)nfsd4_set_opendowngradestateid,
112752 + .op_rsize_bop = nfsd4_status_stateid_rsize,
112753 + .op_get_currentstateid = nfsd4_get_opendowngradestateid,
112754 + .op_set_currentstateid = nfsd4_set_opendowngradestateid,
112755 },
112756 [OP_PUTFH] = {
112757 - .op_func = (nfsd4op_func)nfsd4_putfh,
112758 + .op_func = nfsd4_putfh,
112759 .op_flags = ALLOWED_WITHOUT_FH | ALLOWED_ON_ABSENT_FS
112760 | OP_IS_PUTFH_LIKE | OP_CLEAR_STATEID,
112761 .op_name = "OP_PUTFH",
112762 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_only_status_rsize,
112763 + .op_rsize_bop = nfsd4_only_status_rsize,
112764 },
112765 [OP_PUTPUBFH] = {
112766 - .op_func = (nfsd4op_func)nfsd4_putrootfh,
112767 + .op_func = nfsd4_putrootfh,
112768 .op_flags = ALLOWED_WITHOUT_FH | ALLOWED_ON_ABSENT_FS
112769 | OP_IS_PUTFH_LIKE | OP_CLEAR_STATEID,
112770 .op_name = "OP_PUTPUBFH",
112771 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_only_status_rsize,
112772 + .op_rsize_bop = nfsd4_only_status_rsize,
112773 },
112774 [OP_PUTROOTFH] = {
112775 - .op_func = (nfsd4op_func)nfsd4_putrootfh,
112776 + .op_func = nfsd4_putrootfh,
112777 .op_flags = ALLOWED_WITHOUT_FH | ALLOWED_ON_ABSENT_FS
112778 | OP_IS_PUTFH_LIKE | OP_CLEAR_STATEID,
112779 .op_name = "OP_PUTROOTFH",
112780 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_only_status_rsize,
112781 + .op_rsize_bop = nfsd4_only_status_rsize,
112782 },
112783 [OP_READ] = {
112784 - .op_func = (nfsd4op_func)nfsd4_read,
112785 + .op_func = nfsd4_read,
112786 .op_name = "OP_READ",
112787 .op_rsize_bop = (nfsd4op_rsize)nfsd4_read_rsize,
112788 - .op_get_currentstateid = (stateid_getter)nfsd4_get_readstateid,
112789 + .op_get_currentstateid = nfsd4_get_readstateid,
112790 },
112791 [OP_READDIR] = {
112792 - .op_func = (nfsd4op_func)nfsd4_readdir,
112793 + .op_func = nfsd4_readdir,
112794 .op_name = "OP_READDIR",
112795 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_readdir_rsize,
112796 + .op_rsize_bop = nfsd4_readdir_rsize,
112797 },
112798 [OP_READLINK] = {
112799 - .op_func = (nfsd4op_func)nfsd4_readlink,
112800 + .op_func = nfsd4_readlink,
112801 .op_name = "OP_READLINK",
112802 },
112803 [OP_REMOVE] = {
112804 - .op_func = (nfsd4op_func)nfsd4_remove,
112805 + .op_func = nfsd4_remove,
112806 .op_flags = OP_MODIFIES_SOMETHING | OP_CACHEME,
112807 .op_name = "OP_REMOVE",
112808 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_remove_rsize,
112809 + .op_rsize_bop = nfsd4_remove_rsize,
112810 },
112811 [OP_RENAME] = {
112812 - .op_func = (nfsd4op_func)nfsd4_rename,
112813 + .op_func = nfsd4_rename,
112814 .op_flags = OP_MODIFIES_SOMETHING | OP_CACHEME,
112815 .op_name = "OP_RENAME",
112816 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_rename_rsize,
112817 + .op_rsize_bop = nfsd4_rename_rsize,
112818 },
112819 [OP_RENEW] = {
112820 - .op_func = (nfsd4op_func)nfsd4_renew,
112821 + .op_func = nfsd4_renew,
112822 .op_flags = ALLOWED_WITHOUT_FH | ALLOWED_ON_ABSENT_FS
112823 | OP_MODIFIES_SOMETHING,
112824 .op_name = "OP_RENEW",
112825 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_only_status_rsize,
112826 + .op_rsize_bop = nfsd4_only_status_rsize,
112827
112828 },
112829 [OP_RESTOREFH] = {
112830 - .op_func = (nfsd4op_func)nfsd4_restorefh,
112831 + .op_func = nfsd4_restorefh,
112832 .op_flags = ALLOWED_WITHOUT_FH | ALLOWED_ON_ABSENT_FS
112833 | OP_IS_PUTFH_LIKE | OP_MODIFIES_SOMETHING,
112834 .op_name = "OP_RESTOREFH",
112835 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_only_status_rsize,
112836 + .op_rsize_bop = nfsd4_only_status_rsize,
112837 },
112838 [OP_SAVEFH] = {
112839 - .op_func = (nfsd4op_func)nfsd4_savefh,
112840 + .op_func = nfsd4_savefh,
112841 .op_flags = OP_HANDLES_WRONGSEC | OP_MODIFIES_SOMETHING,
112842 .op_name = "OP_SAVEFH",
112843 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_only_status_rsize,
112844 + .op_rsize_bop = nfsd4_only_status_rsize,
112845 },
112846 [OP_SECINFO] = {
112847 - .op_func = (nfsd4op_func)nfsd4_secinfo,
112848 + .op_func = nfsd4_secinfo,
112849 .op_flags = OP_HANDLES_WRONGSEC,
112850 .op_name = "OP_SECINFO",
112851 },
112852 [OP_SETATTR] = {
112853 - .op_func = (nfsd4op_func)nfsd4_setattr,
112854 + .op_func = nfsd4_setattr,
112855 .op_name = "OP_SETATTR",
112856 .op_flags = OP_MODIFIES_SOMETHING | OP_CACHEME,
112857 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_setattr_rsize,
112858 - .op_get_currentstateid = (stateid_getter)nfsd4_get_setattrstateid,
112859 + .op_rsize_bop = nfsd4_setattr_rsize,
112860 + .op_get_currentstateid = nfsd4_get_setattrstateid,
112861 },
112862 [OP_SETCLIENTID] = {
112863 - .op_func = (nfsd4op_func)nfsd4_setclientid,
112864 + .op_func = nfsd4_setclientid,
112865 .op_flags = ALLOWED_WITHOUT_FH | ALLOWED_ON_ABSENT_FS
112866 | OP_MODIFIES_SOMETHING | OP_CACHEME,
112867 .op_name = "OP_SETCLIENTID",
112868 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_setclientid_rsize,
112869 + .op_rsize_bop = nfsd4_setclientid_rsize,
112870 },
112871 [OP_SETCLIENTID_CONFIRM] = {
112872 - .op_func = (nfsd4op_func)nfsd4_setclientid_confirm,
112873 + .op_func = nfsd4_setclientid_confirm,
112874 .op_flags = ALLOWED_WITHOUT_FH | ALLOWED_ON_ABSENT_FS
112875 | OP_MODIFIES_SOMETHING | OP_CACHEME,
112876 .op_name = "OP_SETCLIENTID_CONFIRM",
112877 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_only_status_rsize,
112878 + .op_rsize_bop = nfsd4_only_status_rsize,
112879 },
112880 [OP_VERIFY] = {
112881 - .op_func = (nfsd4op_func)nfsd4_verify,
112882 + .op_func = nfsd4_verify,
112883 .op_name = "OP_VERIFY",
112884 },
112885 [OP_WRITE] = {
112886 - .op_func = (nfsd4op_func)nfsd4_write,
112887 + .op_func = nfsd4_write,
112888 .op_flags = OP_MODIFIES_SOMETHING | OP_CACHEME,
112889 .op_name = "OP_WRITE",
112890 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_write_rsize,
112891 - .op_get_currentstateid = (stateid_getter)nfsd4_get_writestateid,
112892 + .op_rsize_bop = nfsd4_write_rsize,
112893 + .op_get_currentstateid = nfsd4_get_writestateid,
112894 },
112895 [OP_RELEASE_LOCKOWNER] = {
112896 - .op_func = (nfsd4op_func)nfsd4_release_lockowner,
112897 + .op_func = nfsd4_release_lockowner,
112898 .op_flags = ALLOWED_WITHOUT_FH | ALLOWED_ON_ABSENT_FS
112899 | OP_MODIFIES_SOMETHING,
112900 .op_name = "OP_RELEASE_LOCKOWNER",
112901 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_only_status_rsize,
112902 + .op_rsize_bop = nfsd4_only_status_rsize,
112903 },
112904
112905 /* NFSv4.1 operations */
112906 [OP_EXCHANGE_ID] = {
112907 - .op_func = (nfsd4op_func)nfsd4_exchange_id,
112908 + .op_func = nfsd4_exchange_id,
112909 .op_flags = ALLOWED_WITHOUT_FH | ALLOWED_AS_FIRST_OP
112910 | OP_MODIFIES_SOMETHING,
112911 .op_name = "OP_EXCHANGE_ID",
112912 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_exchange_id_rsize,
112913 + .op_rsize_bop = nfsd4_exchange_id_rsize,
112914 },
112915 [OP_BACKCHANNEL_CTL] = {
112916 - .op_func = (nfsd4op_func)nfsd4_backchannel_ctl,
112917 + .op_func = nfsd4_backchannel_ctl,
112918 .op_flags = ALLOWED_WITHOUT_FH | OP_MODIFIES_SOMETHING,
112919 .op_name = "OP_BACKCHANNEL_CTL",
112920 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_only_status_rsize,
112921 + .op_rsize_bop = nfsd4_only_status_rsize,
112922 },
112923 [OP_BIND_CONN_TO_SESSION] = {
112924 - .op_func = (nfsd4op_func)nfsd4_bind_conn_to_session,
112925 + .op_func = nfsd4_bind_conn_to_session,
112926 .op_flags = ALLOWED_WITHOUT_FH | ALLOWED_AS_FIRST_OP
112927 | OP_MODIFIES_SOMETHING,
112928 .op_name = "OP_BIND_CONN_TO_SESSION",
112929 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_bind_conn_to_session_rsize,
112930 + .op_rsize_bop = nfsd4_bind_conn_to_session_rsize,
112931 },
112932 [OP_CREATE_SESSION] = {
112933 - .op_func = (nfsd4op_func)nfsd4_create_session,
112934 + .op_func = nfsd4_create_session,
112935 .op_flags = ALLOWED_WITHOUT_FH | ALLOWED_AS_FIRST_OP
112936 | OP_MODIFIES_SOMETHING,
112937 .op_name = "OP_CREATE_SESSION",
112938 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_create_session_rsize,
112939 + .op_rsize_bop = nfsd4_create_session_rsize,
112940 },
112941 [OP_DESTROY_SESSION] = {
112942 - .op_func = (nfsd4op_func)nfsd4_destroy_session,
112943 + .op_func = nfsd4_destroy_session,
112944 .op_flags = ALLOWED_WITHOUT_FH | ALLOWED_AS_FIRST_OP
112945 | OP_MODIFIES_SOMETHING,
112946 .op_name = "OP_DESTROY_SESSION",
112947 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_only_status_rsize,
112948 + .op_rsize_bop = nfsd4_only_status_rsize,
112949 },
112950 [OP_SEQUENCE] = {
112951 - .op_func = (nfsd4op_func)nfsd4_sequence,
112952 + .op_func = nfsd4_sequence,
112953 .op_flags = ALLOWED_WITHOUT_FH | ALLOWED_AS_FIRST_OP,
112954 .op_name = "OP_SEQUENCE",
112955 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_sequence_rsize,
112956 + .op_rsize_bop = nfsd4_sequence_rsize,
112957 },
112958 [OP_DESTROY_CLIENTID] = {
112959 - .op_func = (nfsd4op_func)nfsd4_destroy_clientid,
112960 + .op_func = nfsd4_destroy_clientid,
112961 .op_flags = ALLOWED_WITHOUT_FH | ALLOWED_AS_FIRST_OP
112962 | OP_MODIFIES_SOMETHING,
112963 .op_name = "OP_DESTROY_CLIENTID",
112964 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_only_status_rsize,
112965 + .op_rsize_bop = nfsd4_only_status_rsize,
112966 },
112967 [OP_RECLAIM_COMPLETE] = {
112968 - .op_func = (nfsd4op_func)nfsd4_reclaim_complete,
112969 + .op_func = nfsd4_reclaim_complete,
112970 .op_flags = ALLOWED_WITHOUT_FH | OP_MODIFIES_SOMETHING,
112971 .op_name = "OP_RECLAIM_COMPLETE",
112972 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_only_status_rsize,
112973 + .op_rsize_bop = nfsd4_only_status_rsize,
112974 },
112975 [OP_SECINFO_NO_NAME] = {
112976 - .op_func = (nfsd4op_func)nfsd4_secinfo_no_name,
112977 + .op_func = nfsd4_secinfo_no_name,
112978 .op_flags = OP_HANDLES_WRONGSEC,
112979 .op_name = "OP_SECINFO_NO_NAME",
112980 },
112981 [OP_TEST_STATEID] = {
112982 - .op_func = (nfsd4op_func)nfsd4_test_stateid,
112983 + .op_func = nfsd4_test_stateid,
112984 .op_flags = ALLOWED_WITHOUT_FH,
112985 .op_name = "OP_TEST_STATEID",
112986 },
112987 [OP_FREE_STATEID] = {
112988 - .op_func = (nfsd4op_func)nfsd4_free_stateid,
112989 + .op_func = nfsd4_free_stateid,
112990 .op_flags = ALLOWED_WITHOUT_FH | OP_MODIFIES_SOMETHING,
112991 .op_name = "OP_FREE_STATEID",
112992 - .op_get_currentstateid = (stateid_getter)nfsd4_get_freestateid,
112993 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_only_status_rsize,
112994 + .op_get_currentstateid = nfsd4_get_freestateid,
112995 + .op_rsize_bop = nfsd4_only_status_rsize,
112996 },
112997 #ifdef CONFIG_NFSD_PNFS
112998 [OP_GETDEVICEINFO] = {
112999 - .op_func = (nfsd4op_func)nfsd4_getdeviceinfo,
113000 + .op_func = nfsd4_getdeviceinfo,
113001 .op_flags = ALLOWED_WITHOUT_FH,
113002 .op_name = "OP_GETDEVICEINFO",
113003 },
113004 [OP_LAYOUTGET] = {
113005 - .op_func = (nfsd4op_func)nfsd4_layoutget,
113006 + .op_func = nfsd4_layoutget,
113007 .op_flags = OP_MODIFIES_SOMETHING,
113008 .op_name = "OP_LAYOUTGET",
113009 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_layoutget_rsize,
113010 + .op_rsize_bop = nfsd4_layoutget_rsize,
113011 },
113012 [OP_LAYOUTCOMMIT] = {
113013 - .op_func = (nfsd4op_func)nfsd4_layoutcommit,
113014 + .op_func = nfsd4_layoutcommit,
113015 .op_flags = OP_MODIFIES_SOMETHING,
113016 .op_name = "OP_LAYOUTCOMMIT",
113017 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_layoutcommit_rsize,
113018 + .op_rsize_bop = nfsd4_layoutcommit_rsize,
113019 },
113020 [OP_LAYOUTRETURN] = {
113021 - .op_func = (nfsd4op_func)nfsd4_layoutreturn,
113022 + .op_func = nfsd4_layoutreturn,
113023 .op_flags = OP_MODIFIES_SOMETHING,
113024 .op_name = "OP_LAYOUTRETURN",
113025 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_layoutreturn_rsize,
113026 + .op_rsize_bop = nfsd4_layoutreturn_rsize,
113027 },
113028 #endif /* CONFIG_NFSD_PNFS */
113029
113030 /* NFSv4.2 operations */
113031 [OP_ALLOCATE] = {
113032 - .op_func = (nfsd4op_func)nfsd4_allocate,
113033 + .op_func = nfsd4_allocate,
113034 .op_flags = OP_MODIFIES_SOMETHING | OP_CACHEME,
113035 .op_name = "OP_ALLOCATE",
113036 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_only_status_rsize,
113037 + .op_rsize_bop = nfsd4_only_status_rsize,
113038 },
113039 [OP_DEALLOCATE] = {
113040 - .op_func = (nfsd4op_func)nfsd4_deallocate,
113041 + .op_func = nfsd4_deallocate,
113042 .op_flags = OP_MODIFIES_SOMETHING | OP_CACHEME,
113043 .op_name = "OP_DEALLOCATE",
113044 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_only_status_rsize,
113045 + .op_rsize_bop = nfsd4_only_status_rsize,
113046 },
113047 [OP_CLONE] = {
113048 - .op_func = (nfsd4op_func)nfsd4_clone,
113049 + .op_func = nfsd4_clone,
113050 .op_flags = OP_MODIFIES_SOMETHING | OP_CACHEME,
113051 .op_name = "OP_CLONE",
113052 - .op_rsize_bop = (nfsd4op_rsize)nfsd4_only_status_rsize,
113053 + .op_rsize_bop = nfsd4_only_status_rsize,
113054 },
113055 [OP_SEEK] = {
113056 - .op_func = (nfsd4op_func)nfsd4_seek,
113057 + .op_func = nfsd4_seek,
113058 .op_name = "OP_SEEK",
113059 },
113060 };
113061 @@ -2406,17 +2442,17 @@ struct nfsd4_voidargs { int dummy; };
113062
113063 static struct svc_procedure nfsd_procedures4[2] = {
113064 [NFSPROC4_NULL] = {
113065 - .pc_func = (svc_procfunc) nfsd4_proc_null,
113066 - .pc_encode = (kxdrproc_t) nfs4svc_encode_voidres,
113067 + .pc_func = nfsd4_proc_null,
113068 + .pc_encode = nfs4svc_encode_voidres,
113069 .pc_argsize = sizeof(struct nfsd4_voidargs),
113070 .pc_ressize = sizeof(struct nfsd4_voidres),
113071 .pc_cachetype = RC_NOCACHE,
113072 .pc_xdrressize = 1,
113073 },
113074 [NFSPROC4_COMPOUND] = {
113075 - .pc_func = (svc_procfunc) nfsd4_proc_compound,
113076 - .pc_decode = (kxdrproc_t) nfs4svc_decode_compoundargs,
113077 - .pc_encode = (kxdrproc_t) nfs4svc_encode_compoundres,
113078 + .pc_func = nfsd4_proc_compound,
113079 + .pc_decode = nfs4svc_decode_compoundargs,
113080 + .pc_encode = nfs4svc_encode_compoundres,
113081 .pc_argsize = sizeof(struct nfsd4_compoundargs),
113082 .pc_ressize = sizeof(struct nfsd4_compoundres),
113083 .pc_release = nfsd4_release_compoundargs,
113084 diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
113085 index a204d7e..f97b734 100644
113086 --- a/fs/nfsd/nfs4state.c
113087 +++ b/fs/nfsd/nfs4state.c
113088 @@ -2341,8 +2341,9 @@ static bool client_has_state(struct nfs4_client *clp)
113089 __be32
113090 nfsd4_exchange_id(struct svc_rqst *rqstp,
113091 struct nfsd4_compound_state *cstate,
113092 - struct nfsd4_exchange_id *exid)
113093 + void *_exid)
113094 {
113095 + struct nfsd4_exchange_id *exid = _exid;
113096 struct nfs4_client *conf, *new;
113097 struct nfs4_client *unconf = NULL;
113098 __be32 status;
113099 @@ -2636,8 +2637,9 @@ static __be32 nfsd4_check_cb_sec(struct nfsd4_cb_sec *cbs)
113100 __be32
113101 nfsd4_create_session(struct svc_rqst *rqstp,
113102 struct nfsd4_compound_state *cstate,
113103 - struct nfsd4_create_session *cr_ses)
113104 + void *_cr_ses)
113105 {
113106 + struct nfsd4_create_session *cr_ses = _cr_ses;
113107 struct sockaddr *sa = svc_addr(rqstp);
113108 struct nfs4_client *conf, *unconf;
113109 struct nfs4_client *old = NULL;
113110 @@ -2761,8 +2763,9 @@ static __be32 nfsd4_map_bcts_dir(u32 *dir)
113111 return nfserr_inval;
113112 }
113113
113114 -__be32 nfsd4_backchannel_ctl(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, struct nfsd4_backchannel_ctl *bc)
113115 +__be32 nfsd4_backchannel_ctl(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, void *_bc)
113116 {
113117 + struct nfsd4_backchannel_ctl *bc = _bc;
113118 struct nfsd4_session *session = cstate->session;
113119 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
113120 __be32 status;
113121 @@ -2782,8 +2785,9 @@ __be32 nfsd4_backchannel_ctl(struct svc_rqst *rqstp, struct nfsd4_compound_state
113122
113123 __be32 nfsd4_bind_conn_to_session(struct svc_rqst *rqstp,
113124 struct nfsd4_compound_state *cstate,
113125 - struct nfsd4_bind_conn_to_session *bcts)
113126 + void *_bcts)
113127 {
113128 + struct nfsd4_bind_conn_to_session *bcts = _bcts;
113129 __be32 status;
113130 struct nfsd4_conn *conn;
113131 struct nfsd4_session *session;
113132 @@ -2825,8 +2829,9 @@ static bool nfsd4_compound_in_session(struct nfsd4_session *session, struct nfs4
113133 __be32
113134 nfsd4_destroy_session(struct svc_rqst *r,
113135 struct nfsd4_compound_state *cstate,
113136 - struct nfsd4_destroy_session *sessionid)
113137 + void *_sessionid)
113138 {
113139 + struct nfsd4_destroy_session *sessionid = _sessionid;
113140 struct nfsd4_session *ses;
113141 __be32 status;
113142 int ref_held_by_me = 0;
113143 @@ -2922,8 +2927,9 @@ static bool nfsd4_request_too_big(struct svc_rqst *rqstp,
113144 __be32
113145 nfsd4_sequence(struct svc_rqst *rqstp,
113146 struct nfsd4_compound_state *cstate,
113147 - struct nfsd4_sequence *seq)
113148 + void *_seq)
113149 {
113150 + struct nfsd4_sequence *seq = _seq;
113151 struct nfsd4_compoundres *resp = rqstp->rq_resp;
113152 struct xdr_stream *xdr = &resp->xdr;
113153 struct nfsd4_session *session;
113154 @@ -3057,8 +3063,9 @@ nfsd4_sequence_done(struct nfsd4_compoundres *resp)
113155 }
113156
113157 __be32
113158 -nfsd4_destroy_clientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, struct nfsd4_destroy_clientid *dc)
113159 +nfsd4_destroy_clientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, void *_dc)
113160 {
113161 + struct nfsd4_destroy_clientid *dc = _dc;
113162 struct nfs4_client *conf, *unconf;
113163 struct nfs4_client *clp = NULL;
113164 __be32 status = 0;
113165 @@ -3098,8 +3105,9 @@ out:
113166 }
113167
113168 __be32
113169 -nfsd4_reclaim_complete(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, struct nfsd4_reclaim_complete *rc)
113170 +nfsd4_reclaim_complete(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, void *_rc)
113171 {
113172 + struct nfsd4_reclaim_complete *rc = _rc;
113173 __be32 status = 0;
113174
113175 if (rc->rca_one_fs) {
113176 @@ -3136,8 +3144,9 @@ out:
113177
113178 __be32
113179 nfsd4_setclientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
113180 - struct nfsd4_setclientid *setclid)
113181 + void *_setclid)
113182 {
113183 + struct nfsd4_setclientid *setclid = _setclid;
113184 struct xdr_netobj clname = setclid->se_name;
113185 nfs4_verifier clverifier = setclid->se_verf;
113186 struct nfs4_client *conf, *new;
113187 @@ -3195,8 +3204,9 @@ out:
113188 __be32
113189 nfsd4_setclientid_confirm(struct svc_rqst *rqstp,
113190 struct nfsd4_compound_state *cstate,
113191 - struct nfsd4_setclientid_confirm *setclientid_confirm)
113192 + void *_setclientid_confirm)
113193 {
113194 + struct nfsd4_setclientid_confirm *setclientid_confirm = _setclientid_confirm;
113195 struct nfs4_client *conf, *unconf;
113196 struct nfs4_client *old = NULL;
113197 nfs4_verifier confirm = setclientid_confirm->sc_confirm;
113198 @@ -4440,8 +4450,9 @@ void nfsd4_cleanup_open_state(struct nfsd4_compound_state *cstate,
113199
113200 __be32
113201 nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
113202 - clientid_t *clid)
113203 + void *_clid)
113204 {
113205 + clientid_t *clid = _clid;
113206 struct nfs4_client *clp;
113207 __be32 status;
113208 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
113209 @@ -4891,8 +4902,9 @@ out:
113210 */
113211 __be32
113212 nfsd4_test_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
113213 - struct nfsd4_test_stateid *test_stateid)
113214 + void *_test_stateid)
113215 {
113216 + struct nfsd4_test_stateid *test_stateid = _test_stateid;
113217 struct nfsd4_test_stateid_id *stateid;
113218 struct nfs4_client *cl = cstate->session->se_client;
113219
113220 @@ -4931,8 +4943,9 @@ out:
113221
113222 __be32
113223 nfsd4_free_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
113224 - struct nfsd4_free_stateid *free_stateid)
113225 + void *_free_stateid)
113226 {
113227 + struct nfsd4_free_stateid *free_stateid = _free_stateid;
113228 stateid_t *stateid = &free_stateid->fr_stateid;
113229 struct nfs4_stid *s;
113230 struct nfs4_delegation *dp;
113231 @@ -5060,8 +5073,9 @@ static __be32 nfs4_preprocess_confirmed_seqid_op(struct nfsd4_compound_state *cs
113232
113233 __be32
113234 nfsd4_open_confirm(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
113235 - struct nfsd4_open_confirm *oc)
113236 + void *_oc)
113237 {
113238 + struct nfsd4_open_confirm *oc = _oc;
113239 __be32 status;
113240 struct nfs4_openowner *oo;
113241 struct nfs4_ol_stateid *stp;
113242 @@ -5129,8 +5143,9 @@ static inline void nfs4_stateid_downgrade(struct nfs4_ol_stateid *stp, u32 to_ac
113243 __be32
113244 nfsd4_open_downgrade(struct svc_rqst *rqstp,
113245 struct nfsd4_compound_state *cstate,
113246 - struct nfsd4_open_downgrade *od)
113247 + void *_od)
113248 {
113249 + struct nfsd4_open_downgrade *od = _od;
113250 __be32 status;
113251 struct nfs4_ol_stateid *stp;
113252 struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);
113253 @@ -5198,8 +5213,9 @@ static void nfsd4_close_open_stateid(struct nfs4_ol_stateid *s)
113254 */
113255 __be32
113256 nfsd4_close(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
113257 - struct nfsd4_close *close)
113258 + void *_close)
113259 {
113260 + struct nfsd4_close *close = _close;
113261 __be32 status;
113262 struct nfs4_ol_stateid *stp;
113263 struct net *net = SVC_NET(rqstp);
113264 @@ -5228,8 +5244,9 @@ out:
113265
113266 __be32
113267 nfsd4_delegreturn(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
113268 - struct nfsd4_delegreturn *dr)
113269 + void *_dr)
113270 {
113271 + struct nfsd4_delegreturn *dr = _dr;
113272 struct nfs4_delegation *dp;
113273 stateid_t *stateid = &dr->dr_stateid;
113274 struct nfs4_stid *s;
113275 @@ -5580,8 +5597,9 @@ out:
113276 */
113277 __be32
113278 nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
113279 - struct nfsd4_lock *lock)
113280 + void *_lock)
113281 {
113282 + struct nfsd4_lock *lock = _lock;
113283 struct nfs4_openowner *open_sop = NULL;
113284 struct nfs4_lockowner *lock_sop = NULL;
113285 struct nfs4_ol_stateid *lock_stp = NULL;
113286 @@ -5782,8 +5800,9 @@ static __be32 nfsd_test_lock(struct svc_rqst *rqstp, struct svc_fh *fhp, struct
113287 */
113288 __be32
113289 nfsd4_lockt(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
113290 - struct nfsd4_lockt *lockt)
113291 + void *_lockt)
113292 {
113293 + struct nfsd4_lockt *lockt = _lockt;
113294 struct file_lock *file_lock = NULL;
113295 struct nfs4_lockowner *lo = NULL;
113296 __be32 status;
113297 @@ -5855,8 +5874,9 @@ out:
113298
113299 __be32
113300 nfsd4_locku(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
113301 - struct nfsd4_locku *locku)
113302 + void *_locku)
113303 {
113304 + struct nfsd4_locku *locku = _locku;
113305 struct nfs4_ol_stateid *stp;
113306 struct file *filp = NULL;
113307 struct file_lock *file_lock = NULL;
113308 @@ -5962,8 +5982,9 @@ check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner)
113309 __be32
113310 nfsd4_release_lockowner(struct svc_rqst *rqstp,
113311 struct nfsd4_compound_state *cstate,
113312 - struct nfsd4_release_lockowner *rlockowner)
113313 + void *_rlockowner)
113314 {
113315 + struct nfsd4_release_lockowner *rlockowner = _rlockowner;
113316 clientid_t *clid = &rlockowner->rl_clientid;
113317 struct nfs4_stateowner *sop;
113318 struct nfs4_lockowner *lo = NULL;
113319 @@ -6922,26 +6943,34 @@ clear_current_stateid(struct nfsd4_compound_state *cstate)
113320 * functions to set current state id
113321 */
113322 void
113323 -nfsd4_set_opendowngradestateid(struct nfsd4_compound_state *cstate, struct nfsd4_open_downgrade *odp)
113324 +nfsd4_set_opendowngradestateid(struct nfsd4_compound_state *cstate, void *_odp)
113325 {
113326 + struct nfsd4_open_downgrade *odp = _odp;
113327 +
113328 put_stateid(cstate, &odp->od_stateid);
113329 }
113330
113331 void
113332 -nfsd4_set_openstateid(struct nfsd4_compound_state *cstate, struct nfsd4_open *open)
113333 +nfsd4_set_openstateid(struct nfsd4_compound_state *cstate, void *_open)
113334 {
113335 + struct nfsd4_open *open = _open;
113336 +
113337 put_stateid(cstate, &open->op_stateid);
113338 }
113339
113340 void
113341 -nfsd4_set_closestateid(struct nfsd4_compound_state *cstate, struct nfsd4_close *close)
113342 +nfsd4_set_closestateid(struct nfsd4_compound_state *cstate, void *_close)
113343 {
113344 + struct nfsd4_close *close = _close;
113345 +
113346 put_stateid(cstate, &close->cl_stateid);
113347 }
113348
113349 void
113350 -nfsd4_set_lockstateid(struct nfsd4_compound_state *cstate, struct nfsd4_lock *lock)
113351 +nfsd4_set_lockstateid(struct nfsd4_compound_state *cstate, void *_lock)
113352 {
113353 + struct nfsd4_lock *lock = _lock;
113354 +
113355 put_stateid(cstate, &lock->lk_resp_stateid);
113356 }
113357
113358 @@ -6950,49 +6979,65 @@ nfsd4_set_lockstateid(struct nfsd4_compound_state *cstate, struct nfsd4_lock *lo
113359 */
113360
113361 void
113362 -nfsd4_get_opendowngradestateid(struct nfsd4_compound_state *cstate, struct nfsd4_open_downgrade *odp)
113363 +nfsd4_get_opendowngradestateid(struct nfsd4_compound_state *cstate, void *_odp)
113364 {
113365 + struct nfsd4_open_downgrade *odp = _odp;
113366 +
113367 get_stateid(cstate, &odp->od_stateid);
113368 }
113369
113370 void
113371 -nfsd4_get_delegreturnstateid(struct nfsd4_compound_state *cstate, struct nfsd4_delegreturn *drp)
113372 +nfsd4_get_delegreturnstateid(struct nfsd4_compound_state *cstate, void *_drp)
113373 {
113374 + struct nfsd4_delegreturn *drp = _drp;
113375 +
113376 get_stateid(cstate, &drp->dr_stateid);
113377 }
113378
113379 void
113380 -nfsd4_get_freestateid(struct nfsd4_compound_state *cstate, struct nfsd4_free_stateid *fsp)
113381 +nfsd4_get_freestateid(struct nfsd4_compound_state *cstate, void *_fsp)
113382 {
113383 + struct nfsd4_free_stateid *fsp = _fsp;
113384 +
113385 get_stateid(cstate, &fsp->fr_stateid);
113386 }
113387
113388 void
113389 -nfsd4_get_setattrstateid(struct nfsd4_compound_state *cstate, struct nfsd4_setattr *setattr)
113390 +nfsd4_get_setattrstateid(struct nfsd4_compound_state *cstate, void *_setattr)
113391 {
113392 + struct nfsd4_setattr *setattr = _setattr;
113393 +
113394 get_stateid(cstate, &setattr->sa_stateid);
113395 }
113396
113397 void
113398 -nfsd4_get_closestateid(struct nfsd4_compound_state *cstate, struct nfsd4_close *close)
113399 +nfsd4_get_closestateid(struct nfsd4_compound_state *cstate, void *_close)
113400 {
113401 + struct nfsd4_close *close = _close;
113402 +
113403 get_stateid(cstate, &close->cl_stateid);
113404 }
113405
113406 void
113407 -nfsd4_get_lockustateid(struct nfsd4_compound_state *cstate, struct nfsd4_locku *locku)
113408 +nfsd4_get_lockustateid(struct nfsd4_compound_state *cstate, void *_locku)
113409 {
113410 + struct nfsd4_locku *locku = _locku;
113411 +
113412 get_stateid(cstate, &locku->lu_stateid);
113413 }
113414
113415 void
113416 -nfsd4_get_readstateid(struct nfsd4_compound_state *cstate, struct nfsd4_read *read)
113417 +nfsd4_get_readstateid(struct nfsd4_compound_state *cstate, void *_read)
113418 {
113419 + struct nfsd4_read *read = _read;
113420 +
113421 get_stateid(cstate, &read->rd_stateid);
113422 }
113423
113424 void
113425 -nfsd4_get_writestateid(struct nfsd4_compound_state *cstate, struct nfsd4_write *write)
113426 +nfsd4_get_writestateid(struct nfsd4_compound_state *cstate, void *_write)
113427 {
113428 + struct nfsd4_write *write = _write;
113429 +
113430 get_stateid(cstate, &write->wr_stateid);
113431 }
113432 diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
113433 index 0aa0236..6381bd7 100644
113434 --- a/fs/nfsd/nfs4xdr.c
113435 +++ b/fs/nfsd/nfs4xdr.c
113436 @@ -447,8 +447,9 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
113437 }
113438
113439 static __be32
113440 -nfsd4_decode_stateid(struct nfsd4_compoundargs *argp, stateid_t *sid)
113441 +nfsd4_decode_stateid(struct nfsd4_compoundargs *argp, void *_sid)
113442 {
113443 + stateid_t *sid = _sid;
113444 DECODE_HEAD;
113445
113446 READ_BUF(sizeof(stateid_t));
113447 @@ -459,8 +460,9 @@ nfsd4_decode_stateid(struct nfsd4_compoundargs *argp, stateid_t *sid)
113448 }
113449
113450 static __be32
113451 -nfsd4_decode_access(struct nfsd4_compoundargs *argp, struct nfsd4_access *access)
113452 +nfsd4_decode_access(struct nfsd4_compoundargs *argp, void *_access)
113453 {
113454 + struct nfsd4_access *access = _access;
113455 DECODE_HEAD;
113456
113457 READ_BUF(4);
113458 @@ -469,8 +471,9 @@ nfsd4_decode_access(struct nfsd4_compoundargs *argp, struct nfsd4_access *access
113459 DECODE_TAIL;
113460 }
113461
113462 -static __be32 nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, struct nfsd4_cb_sec *cbs)
113463 +static __be32 nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, void *_cbs)
113464 {
113465 + struct nfsd4_cb_sec *cbs = _cbs;
113466 DECODE_HEAD;
113467 u32 dummy, uid, gid;
113468 char *machine_name;
113469 @@ -549,8 +552,9 @@ static __be32 nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, struct nfsd4_
113470 DECODE_TAIL;
113471 }
113472
113473 -static __be32 nfsd4_decode_backchannel_ctl(struct nfsd4_compoundargs *argp, struct nfsd4_backchannel_ctl *bc)
113474 +static __be32 nfsd4_decode_backchannel_ctl(struct nfsd4_compoundargs *argp, void *_bc)
113475 {
113476 + struct nfsd4_backchannel_ctl *bc = _bc;
113477 DECODE_HEAD;
113478
113479 READ_BUF(4);
113480 @@ -560,8 +564,9 @@ static __be32 nfsd4_decode_backchannel_ctl(struct nfsd4_compoundargs *argp, stru
113481 DECODE_TAIL;
113482 }
113483
113484 -static __be32 nfsd4_decode_bind_conn_to_session(struct nfsd4_compoundargs *argp, struct nfsd4_bind_conn_to_session *bcts)
113485 +static __be32 nfsd4_decode_bind_conn_to_session(struct nfsd4_compoundargs *argp, void *_bcts)
113486 {
113487 + struct nfsd4_bind_conn_to_session *bcts = _bcts;
113488 DECODE_HEAD;
113489
113490 READ_BUF(NFS4_MAX_SESSIONID_LEN + 8);
113491 @@ -573,8 +578,9 @@ static __be32 nfsd4_decode_bind_conn_to_session(struct nfsd4_compoundargs *argp,
113492 }
113493
113494 static __be32
113495 -nfsd4_decode_close(struct nfsd4_compoundargs *argp, struct nfsd4_close *close)
113496 +nfsd4_decode_close(struct nfsd4_compoundargs *argp, void *_close)
113497 {
113498 + struct nfsd4_close *close = _close;
113499 DECODE_HEAD;
113500
113501 READ_BUF(4);
113502 @@ -586,8 +592,9 @@ nfsd4_decode_close(struct nfsd4_compoundargs *argp, struct nfsd4_close *close)
113503
113504
113505 static __be32
113506 -nfsd4_decode_commit(struct nfsd4_compoundargs *argp, struct nfsd4_commit *commit)
113507 +nfsd4_decode_commit(struct nfsd4_compoundargs *argp, void *_commit)
113508 {
113509 + struct nfsd4_commit *commit = _commit;
113510 DECODE_HEAD;
113511
113512 READ_BUF(12);
113513 @@ -598,8 +605,9 @@ nfsd4_decode_commit(struct nfsd4_compoundargs *argp, struct nfsd4_commit *commit
113514 }
113515
113516 static __be32
113517 -nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create)
113518 +nfsd4_decode_create(struct nfsd4_compoundargs *argp, void *_create)
113519 {
113520 + struct nfsd4_create *create = _create;
113521 DECODE_HEAD;
113522
113523 READ_BUF(4);
113524 @@ -642,20 +650,25 @@ nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create
113525 }
113526
113527 static inline __be32
113528 -nfsd4_decode_delegreturn(struct nfsd4_compoundargs *argp, struct nfsd4_delegreturn *dr)
113529 +nfsd4_decode_delegreturn(struct nfsd4_compoundargs *argp, void *_dr)
113530 {
113531 + struct nfsd4_delegreturn *dr = _dr;
113532 +
113533 return nfsd4_decode_stateid(argp, &dr->dr_stateid);
113534 }
113535
113536 static inline __be32
113537 -nfsd4_decode_getattr(struct nfsd4_compoundargs *argp, struct nfsd4_getattr *getattr)
113538 +nfsd4_decode_getattr(struct nfsd4_compoundargs *argp, void *_getattr)
113539 {
113540 + struct nfsd4_getattr *getattr = _getattr;
113541 +
113542 return nfsd4_decode_bitmap(argp, getattr->ga_bmval);
113543 }
113544
113545 static __be32
113546 -nfsd4_decode_link(struct nfsd4_compoundargs *argp, struct nfsd4_link *link)
113547 +nfsd4_decode_link(struct nfsd4_compoundargs *argp, void *_link)
113548 {
113549 + struct nfsd4_link *link = _link;
113550 DECODE_HEAD;
113551
113552 READ_BUF(4);
113553 @@ -669,8 +682,9 @@ nfsd4_decode_link(struct nfsd4_compoundargs *argp, struct nfsd4_link *link)
113554 }
113555
113556 static __be32
113557 -nfsd4_decode_lock(struct nfsd4_compoundargs *argp, struct nfsd4_lock *lock)
113558 +nfsd4_decode_lock(struct nfsd4_compoundargs *argp, void *_lock)
113559 {
113560 + struct nfsd4_lock *lock = _lock;
113561 DECODE_HEAD;
113562
113563 /*
113564 @@ -709,8 +723,9 @@ nfsd4_decode_lock(struct nfsd4_compoundargs *argp, struct nfsd4_lock *lock)
113565 }
113566
113567 static __be32
113568 -nfsd4_decode_lockt(struct nfsd4_compoundargs *argp, struct nfsd4_lockt *lockt)
113569 +nfsd4_decode_lockt(struct nfsd4_compoundargs *argp, void *_lockt)
113570 {
113571 + struct nfsd4_lockt *lockt = _lockt;
113572 DECODE_HEAD;
113573
113574 READ_BUF(32);
113575 @@ -728,8 +743,9 @@ nfsd4_decode_lockt(struct nfsd4_compoundargs *argp, struct nfsd4_lockt *lockt)
113576 }
113577
113578 static __be32
113579 -nfsd4_decode_locku(struct nfsd4_compoundargs *argp, struct nfsd4_locku *locku)
113580 +nfsd4_decode_locku(struct nfsd4_compoundargs *argp, void *_locku)
113581 {
113582 + struct nfsd4_locku *locku = _locku;
113583 DECODE_HEAD;
113584
113585 READ_BUF(8);
113586 @@ -748,8 +764,9 @@ nfsd4_decode_locku(struct nfsd4_compoundargs *argp, struct nfsd4_locku *locku)
113587 }
113588
113589 static __be32
113590 -nfsd4_decode_lookup(struct nfsd4_compoundargs *argp, struct nfsd4_lookup *lookup)
113591 +nfsd4_decode_lookup(struct nfsd4_compoundargs *argp, void *_lookup)
113592 {
113593 + struct nfsd4_lookup *lookup = _lookup;
113594 DECODE_HEAD;
113595
113596 READ_BUF(4);
113597 @@ -847,8 +864,9 @@ xdr_error:
113598 }
113599
113600 static __be32
113601 -nfsd4_decode_open(struct nfsd4_compoundargs *argp, struct nfsd4_open *open)
113602 +nfsd4_decode_open(struct nfsd4_compoundargs *argp, void *_open)
113603 {
113604 + struct nfsd4_open *open = _open;
113605 DECODE_HEAD;
113606 u32 dummy;
113607
113608 @@ -960,8 +978,9 @@ nfsd4_decode_open(struct nfsd4_compoundargs *argp, struct nfsd4_open *open)
113609 }
113610
113611 static __be32
113612 -nfsd4_decode_open_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_open_confirm *open_conf)
113613 +nfsd4_decode_open_confirm(struct nfsd4_compoundargs *argp, void *_open_conf)
113614 {
113615 + struct nfsd4_open_confirm *open_conf = _open_conf;
113616 DECODE_HEAD;
113617
113618 if (argp->minorversion >= 1)
113619 @@ -977,8 +996,9 @@ nfsd4_decode_open_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_open_con
113620 }
113621
113622 static __be32
113623 -nfsd4_decode_open_downgrade(struct nfsd4_compoundargs *argp, struct nfsd4_open_downgrade *open_down)
113624 +nfsd4_decode_open_downgrade(struct nfsd4_compoundargs *argp, void *_open_down)
113625 {
113626 + struct nfsd4_open_downgrade *open_down = _open_down;
113627 DECODE_HEAD;
113628
113629 status = nfsd4_decode_stateid(argp, &open_down->od_stateid);
113630 @@ -997,8 +1017,9 @@ nfsd4_decode_open_downgrade(struct nfsd4_compoundargs *argp, struct nfsd4_open_d
113631 }
113632
113633 static __be32
113634 -nfsd4_decode_putfh(struct nfsd4_compoundargs *argp, struct nfsd4_putfh *putfh)
113635 +nfsd4_decode_putfh(struct nfsd4_compoundargs *argp, void *_putfh)
113636 {
113637 + struct nfsd4_putfh *putfh = _putfh;
113638 DECODE_HEAD;
113639
113640 READ_BUF(4);
113641 @@ -1020,8 +1041,9 @@ nfsd4_decode_putpubfh(struct nfsd4_compoundargs *argp, void *p)
113642 }
113643
113644 static __be32
113645 -nfsd4_decode_read(struct nfsd4_compoundargs *argp, struct nfsd4_read *read)
113646 +nfsd4_decode_read(struct nfsd4_compoundargs *argp, void *_read)
113647 {
113648 + struct nfsd4_read *read = _read;
113649 DECODE_HEAD;
113650
113651 status = nfsd4_decode_stateid(argp, &read->rd_stateid);
113652 @@ -1035,8 +1057,9 @@ nfsd4_decode_read(struct nfsd4_compoundargs *argp, struct nfsd4_read *read)
113653 }
113654
113655 static __be32
113656 -nfsd4_decode_readdir(struct nfsd4_compoundargs *argp, struct nfsd4_readdir *readdir)
113657 +nfsd4_decode_readdir(struct nfsd4_compoundargs *argp, void *_readdir)
113658 {
113659 + struct nfsd4_readdir *readdir = _readdir;
113660 DECODE_HEAD;
113661
113662 READ_BUF(24);
113663 @@ -1051,8 +1074,9 @@ nfsd4_decode_readdir(struct nfsd4_compoundargs *argp, struct nfsd4_readdir *read
113664 }
113665
113666 static __be32
113667 -nfsd4_decode_remove(struct nfsd4_compoundargs *argp, struct nfsd4_remove *remove)
113668 +nfsd4_decode_remove(struct nfsd4_compoundargs *argp, void *_remove)
113669 {
113670 + struct nfsd4_remove *remove = _remove;
113671 DECODE_HEAD;
113672
113673 READ_BUF(4);
113674 @@ -1066,8 +1090,9 @@ nfsd4_decode_remove(struct nfsd4_compoundargs *argp, struct nfsd4_remove *remove
113675 }
113676
113677 static __be32
113678 -nfsd4_decode_rename(struct nfsd4_compoundargs *argp, struct nfsd4_rename *rename)
113679 +nfsd4_decode_rename(struct nfsd4_compoundargs *argp, void *_rename)
113680 {
113681 + struct nfsd4_rename *rename = _rename;
113682 DECODE_HEAD;
113683
113684 READ_BUF(4);
113685 @@ -1087,7 +1112,7 @@ nfsd4_decode_rename(struct nfsd4_compoundargs *argp, struct nfsd4_rename *rename
113686 }
113687
113688 static __be32
113689 -nfsd4_decode_renew(struct nfsd4_compoundargs *argp, clientid_t *clientid)
113690 +nfsd4_decode_renew(struct nfsd4_compoundargs *argp, void *clientid)
113691 {
113692 DECODE_HEAD;
113693
113694 @@ -1102,8 +1127,9 @@ nfsd4_decode_renew(struct nfsd4_compoundargs *argp, clientid_t *clientid)
113695
113696 static __be32
113697 nfsd4_decode_secinfo(struct nfsd4_compoundargs *argp,
113698 - struct nfsd4_secinfo *secinfo)
113699 + void *_secinfo)
113700 {
113701 + struct nfsd4_secinfo *secinfo = _secinfo;
113702 DECODE_HEAD;
113703
113704 READ_BUF(4);
113705 @@ -1118,8 +1144,9 @@ nfsd4_decode_secinfo(struct nfsd4_compoundargs *argp,
113706
113707 static __be32
113708 nfsd4_decode_secinfo_no_name(struct nfsd4_compoundargs *argp,
113709 - struct nfsd4_secinfo_no_name *sin)
113710 + void *_sin)
113711 {
113712 + struct nfsd4_secinfo_no_name *sin = _sin;
113713 DECODE_HEAD;
113714
113715 READ_BUF(4);
113716 @@ -1128,8 +1155,9 @@ nfsd4_decode_secinfo_no_name(struct nfsd4_compoundargs *argp,
113717 }
113718
113719 static __be32
113720 -nfsd4_decode_setattr(struct nfsd4_compoundargs *argp, struct nfsd4_setattr *setattr)
113721 +nfsd4_decode_setattr(struct nfsd4_compoundargs *argp, void *_setattr)
113722 {
113723 + struct nfsd4_setattr *setattr = _setattr;
113724 __be32 status;
113725
113726 status = nfsd4_decode_stateid(argp, &setattr->sa_stateid);
113727 @@ -1140,8 +1168,9 @@ nfsd4_decode_setattr(struct nfsd4_compoundargs *argp, struct nfsd4_setattr *seta
113728 }
113729
113730 static __be32
113731 -nfsd4_decode_setclientid(struct nfsd4_compoundargs *argp, struct nfsd4_setclientid *setclientid)
113732 +nfsd4_decode_setclientid(struct nfsd4_compoundargs *argp, void *_setclientid)
113733 {
113734 + struct nfsd4_setclientid *setclientid = _setclientid;
113735 DECODE_HEAD;
113736
113737 if (argp->minorversion >= 1)
113738 @@ -1170,8 +1199,9 @@ nfsd4_decode_setclientid(struct nfsd4_compoundargs *argp, struct nfsd4_setclient
113739 }
113740
113741 static __be32
113742 -nfsd4_decode_setclientid_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_setclientid_confirm *scd_c)
113743 +nfsd4_decode_setclientid_confirm(struct nfsd4_compoundargs *argp, void *_scd_c)
113744 {
113745 + struct nfsd4_setclientid_confirm *scd_c = _scd_c;
113746 DECODE_HEAD;
113747
113748 if (argp->minorversion >= 1)
113749 @@ -1186,8 +1216,9 @@ nfsd4_decode_setclientid_confirm(struct nfsd4_compoundargs *argp, struct nfsd4_s
113750
113751 /* Also used for NVERIFY */
113752 static __be32
113753 -nfsd4_decode_verify(struct nfsd4_compoundargs *argp, struct nfsd4_verify *verify)
113754 +nfsd4_decode_verify(struct nfsd4_compoundargs *argp, void *_verify)
113755 {
113756 + struct nfsd4_verify *verify = _verify;
113757 DECODE_HEAD;
113758
113759 if ((status = nfsd4_decode_bitmap(argp, verify->ve_bmval)))
113760 @@ -1205,8 +1236,9 @@ nfsd4_decode_verify(struct nfsd4_compoundargs *argp, struct nfsd4_verify *verify
113761 }
113762
113763 static __be32
113764 -nfsd4_decode_write(struct nfsd4_compoundargs *argp, struct nfsd4_write *write)
113765 +nfsd4_decode_write(struct nfsd4_compoundargs *argp, void *_write)
113766 {
113767 + struct nfsd4_write *write = _write;
113768 int avail;
113769 int len;
113770 DECODE_HEAD;
113771 @@ -1256,8 +1288,9 @@ nfsd4_decode_write(struct nfsd4_compoundargs *argp, struct nfsd4_write *write)
113772 }
113773
113774 static __be32
113775 -nfsd4_decode_release_lockowner(struct nfsd4_compoundargs *argp, struct nfsd4_release_lockowner *rlockowner)
113776 +nfsd4_decode_release_lockowner(struct nfsd4_compoundargs *argp, void *_rlockowner)
113777 {
113778 + struct nfsd4_release_lockowner *rlockowner = _rlockowner;
113779 DECODE_HEAD;
113780
113781 if (argp->minorversion >= 1)
113782 @@ -1276,8 +1309,9 @@ nfsd4_decode_release_lockowner(struct nfsd4_compoundargs *argp, struct nfsd4_rel
113783
113784 static __be32
113785 nfsd4_decode_exchange_id(struct nfsd4_compoundargs *argp,
113786 - struct nfsd4_exchange_id *exid)
113787 + void *_exid)
113788 {
113789 + struct nfsd4_exchange_id *exid = _exid;
113790 int dummy, tmp;
113791 DECODE_HEAD;
113792
113793 @@ -1378,8 +1412,9 @@ nfsd4_decode_exchange_id(struct nfsd4_compoundargs *argp,
113794
113795 static __be32
113796 nfsd4_decode_create_session(struct nfsd4_compoundargs *argp,
113797 - struct nfsd4_create_session *sess)
113798 + void *_sess)
113799 {
113800 + struct nfsd4_create_session *sess = _sess;
113801 DECODE_HEAD;
113802 u32 dummy;
113803
113804 @@ -1430,8 +1465,9 @@ nfsd4_decode_create_session(struct nfsd4_compoundargs *argp,
113805
113806 static __be32
113807 nfsd4_decode_destroy_session(struct nfsd4_compoundargs *argp,
113808 - struct nfsd4_destroy_session *destroy_session)
113809 + void *_destroy_session)
113810 {
113811 + struct nfsd4_destroy_session *destroy_session = _destroy_session;
113812 DECODE_HEAD;
113813 READ_BUF(NFS4_MAX_SESSIONID_LEN);
113814 COPYMEM(destroy_session->sessionid.data, NFS4_MAX_SESSIONID_LEN);
113815 @@ -1441,8 +1477,9 @@ nfsd4_decode_destroy_session(struct nfsd4_compoundargs *argp,
113816
113817 static __be32
113818 nfsd4_decode_free_stateid(struct nfsd4_compoundargs *argp,
113819 - struct nfsd4_free_stateid *free_stateid)
113820 + void *_free_stateid)
113821 {
113822 + struct nfsd4_free_stateid *free_stateid = _free_stateid;
113823 DECODE_HEAD;
113824
113825 READ_BUF(sizeof(stateid_t));
113826 @@ -1454,8 +1491,9 @@ nfsd4_decode_free_stateid(struct nfsd4_compoundargs *argp,
113827
113828 static __be32
113829 nfsd4_decode_sequence(struct nfsd4_compoundargs *argp,
113830 - struct nfsd4_sequence *seq)
113831 + void *_seq)
113832 {
113833 + struct nfsd4_sequence *seq = _seq;
113834 DECODE_HEAD;
113835
113836 READ_BUF(NFS4_MAX_SESSIONID_LEN + 16);
113837 @@ -1469,8 +1507,9 @@ nfsd4_decode_sequence(struct nfsd4_compoundargs *argp,
113838 }
113839
113840 static __be32
113841 -nfsd4_decode_test_stateid(struct nfsd4_compoundargs *argp, struct nfsd4_test_stateid *test_stateid)
113842 +nfsd4_decode_test_stateid(struct nfsd4_compoundargs *argp, void *_test_stateid)
113843 {
113844 + struct nfsd4_test_stateid *test_stateid = _test_stateid;
113845 int i;
113846 __be32 *p, status;
113847 struct nfsd4_test_stateid_id *stateid;
113848 @@ -1504,8 +1543,9 @@ xdr_error:
113849 goto out;
113850 }
113851
113852 -static __be32 nfsd4_decode_destroy_clientid(struct nfsd4_compoundargs *argp, struct nfsd4_destroy_clientid *dc)
113853 +static __be32 nfsd4_decode_destroy_clientid(struct nfsd4_compoundargs *argp, void *_dc)
113854 {
113855 + struct nfsd4_destroy_clientid *dc = _dc;
113856 DECODE_HEAD;
113857
113858 READ_BUF(8);
113859 @@ -1514,8 +1554,9 @@ static __be32 nfsd4_decode_destroy_clientid(struct nfsd4_compoundargs *argp, str
113860 DECODE_TAIL;
113861 }
113862
113863 -static __be32 nfsd4_decode_reclaim_complete(struct nfsd4_compoundargs *argp, struct nfsd4_reclaim_complete *rc)
113864 +static __be32 nfsd4_decode_reclaim_complete(struct nfsd4_compoundargs *argp, void *_rc)
113865 {
113866 + struct nfsd4_reclaim_complete *rc = _rc;
113867 DECODE_HEAD;
113868
113869 READ_BUF(4);
113870 @@ -1527,8 +1568,9 @@ static __be32 nfsd4_decode_reclaim_complete(struct nfsd4_compoundargs *argp, str
113871 #ifdef CONFIG_NFSD_PNFS
113872 static __be32
113873 nfsd4_decode_getdeviceinfo(struct nfsd4_compoundargs *argp,
113874 - struct nfsd4_getdeviceinfo *gdev)
113875 + void *_gdev)
113876 {
113877 + struct nfsd4_getdeviceinfo *gdev = _gdev;
113878 DECODE_HEAD;
113879 u32 num, i;
113880
113881 @@ -1552,8 +1594,9 @@ nfsd4_decode_getdeviceinfo(struct nfsd4_compoundargs *argp,
113882
113883 static __be32
113884 nfsd4_decode_layoutget(struct nfsd4_compoundargs *argp,
113885 - struct nfsd4_layoutget *lgp)
113886 + void *_lgp)
113887 {
113888 + struct nfsd4_layoutget *lgp = _lgp;
113889 DECODE_HEAD;
113890
113891 READ_BUF(36);
113892 @@ -1576,8 +1619,9 @@ nfsd4_decode_layoutget(struct nfsd4_compoundargs *argp,
113893
113894 static __be32
113895 nfsd4_decode_layoutcommit(struct nfsd4_compoundargs *argp,
113896 - struct nfsd4_layoutcommit *lcp)
113897 + void *_lcp)
113898 {
113899 + struct nfsd4_layoutcommit *lcp = _lcp;
113900 DECODE_HEAD;
113901 u32 timechange;
113902
113903 @@ -1624,8 +1668,9 @@ nfsd4_decode_layoutcommit(struct nfsd4_compoundargs *argp,
113904
113905 static __be32
113906 nfsd4_decode_layoutreturn(struct nfsd4_compoundargs *argp,
113907 - struct nfsd4_layoutreturn *lrp)
113908 + void *_lrp)
113909 {
113910 + struct nfsd4_layoutreturn *lrp = _lrp;
113911 DECODE_HEAD;
113912
113913 READ_BUF(16);
113914 @@ -1659,8 +1704,9 @@ nfsd4_decode_layoutreturn(struct nfsd4_compoundargs *argp,
113915
113916 static __be32
113917 nfsd4_decode_fallocate(struct nfsd4_compoundargs *argp,
113918 - struct nfsd4_fallocate *fallocate)
113919 + void *_fallocate)
113920 {
113921 + struct nfsd4_fallocate *fallocate = _fallocate;
113922 DECODE_HEAD;
113923
113924 status = nfsd4_decode_stateid(argp, &fallocate->falloc_stateid);
113925 @@ -1675,8 +1721,9 @@ nfsd4_decode_fallocate(struct nfsd4_compoundargs *argp,
113926 }
113927
113928 static __be32
113929 -nfsd4_decode_clone(struct nfsd4_compoundargs *argp, struct nfsd4_clone *clone)
113930 +nfsd4_decode_clone(struct nfsd4_compoundargs *argp, void *_clone)
113931 {
113932 + struct nfsd4_clone *clone = _clone;
113933 DECODE_HEAD;
113934
113935 status = nfsd4_decode_stateid(argp, &clone->cl_src_stateid);
113936 @@ -1694,8 +1741,9 @@ nfsd4_decode_clone(struct nfsd4_compoundargs *argp, struct nfsd4_clone *clone)
113937 }
113938
113939 static __be32
113940 -nfsd4_decode_seek(struct nfsd4_compoundargs *argp, struct nfsd4_seek *seek)
113941 +nfsd4_decode_seek(struct nfsd4_compoundargs *argp, void *_seek)
113942 {
113943 + struct nfsd4_seek *seek = _seek;
113944 DECODE_HEAD;
113945
113946 status = nfsd4_decode_stateid(argp, &seek->seek_stateid);
113947 @@ -1723,88 +1771,88 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
113948
113949 typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *);
113950
113951 -static nfsd4_dec nfsd4_dec_ops[] = {
113952 - [OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access,
113953 - [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close,
113954 - [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit,
113955 - [OP_CREATE] = (nfsd4_dec)nfsd4_decode_create,
113956 - [OP_DELEGPURGE] = (nfsd4_dec)nfsd4_decode_notsupp,
113957 - [OP_DELEGRETURN] = (nfsd4_dec)nfsd4_decode_delegreturn,
113958 - [OP_GETATTR] = (nfsd4_dec)nfsd4_decode_getattr,
113959 - [OP_GETFH] = (nfsd4_dec)nfsd4_decode_noop,
113960 - [OP_LINK] = (nfsd4_dec)nfsd4_decode_link,
113961 - [OP_LOCK] = (nfsd4_dec)nfsd4_decode_lock,
113962 - [OP_LOCKT] = (nfsd4_dec)nfsd4_decode_lockt,
113963 - [OP_LOCKU] = (nfsd4_dec)nfsd4_decode_locku,
113964 - [OP_LOOKUP] = (nfsd4_dec)nfsd4_decode_lookup,
113965 - [OP_LOOKUPP] = (nfsd4_dec)nfsd4_decode_noop,
113966 - [OP_NVERIFY] = (nfsd4_dec)nfsd4_decode_verify,
113967 - [OP_OPEN] = (nfsd4_dec)nfsd4_decode_open,
113968 - [OP_OPENATTR] = (nfsd4_dec)nfsd4_decode_notsupp,
113969 - [OP_OPEN_CONFIRM] = (nfsd4_dec)nfsd4_decode_open_confirm,
113970 - [OP_OPEN_DOWNGRADE] = (nfsd4_dec)nfsd4_decode_open_downgrade,
113971 - [OP_PUTFH] = (nfsd4_dec)nfsd4_decode_putfh,
113972 - [OP_PUTPUBFH] = (nfsd4_dec)nfsd4_decode_putpubfh,
113973 - [OP_PUTROOTFH] = (nfsd4_dec)nfsd4_decode_noop,
113974 - [OP_READ] = (nfsd4_dec)nfsd4_decode_read,
113975 - [OP_READDIR] = (nfsd4_dec)nfsd4_decode_readdir,
113976 - [OP_READLINK] = (nfsd4_dec)nfsd4_decode_noop,
113977 - [OP_REMOVE] = (nfsd4_dec)nfsd4_decode_remove,
113978 - [OP_RENAME] = (nfsd4_dec)nfsd4_decode_rename,
113979 - [OP_RENEW] = (nfsd4_dec)nfsd4_decode_renew,
113980 - [OP_RESTOREFH] = (nfsd4_dec)nfsd4_decode_noop,
113981 - [OP_SAVEFH] = (nfsd4_dec)nfsd4_decode_noop,
113982 - [OP_SECINFO] = (nfsd4_dec)nfsd4_decode_secinfo,
113983 - [OP_SETATTR] = (nfsd4_dec)nfsd4_decode_setattr,
113984 - [OP_SETCLIENTID] = (nfsd4_dec)nfsd4_decode_setclientid,
113985 - [OP_SETCLIENTID_CONFIRM] = (nfsd4_dec)nfsd4_decode_setclientid_confirm,
113986 - [OP_VERIFY] = (nfsd4_dec)nfsd4_decode_verify,
113987 - [OP_WRITE] = (nfsd4_dec)nfsd4_decode_write,
113988 - [OP_RELEASE_LOCKOWNER] = (nfsd4_dec)nfsd4_decode_release_lockowner,
113989 +static const nfsd4_dec nfsd4_dec_ops[] = {
113990 + [OP_ACCESS] = nfsd4_decode_access,
113991 + [OP_CLOSE] = nfsd4_decode_close,
113992 + [OP_COMMIT] = nfsd4_decode_commit,
113993 + [OP_CREATE] = nfsd4_decode_create,
113994 + [OP_DELEGPURGE] = nfsd4_decode_notsupp,
113995 + [OP_DELEGRETURN] = nfsd4_decode_delegreturn,
113996 + [OP_GETATTR] = nfsd4_decode_getattr,
113997 + [OP_GETFH] = nfsd4_decode_noop,
113998 + [OP_LINK] = nfsd4_decode_link,
113999 + [OP_LOCK] = nfsd4_decode_lock,
114000 + [OP_LOCKT] = nfsd4_decode_lockt,
114001 + [OP_LOCKU] = nfsd4_decode_locku,
114002 + [OP_LOOKUP] = nfsd4_decode_lookup,
114003 + [OP_LOOKUPP] = nfsd4_decode_noop,
114004 + [OP_NVERIFY] = nfsd4_decode_verify,
114005 + [OP_OPEN] = nfsd4_decode_open,
114006 + [OP_OPENATTR] = nfsd4_decode_notsupp,
114007 + [OP_OPEN_CONFIRM] = nfsd4_decode_open_confirm,
114008 + [OP_OPEN_DOWNGRADE] = nfsd4_decode_open_downgrade,
114009 + [OP_PUTFH] = nfsd4_decode_putfh,
114010 + [OP_PUTPUBFH] = nfsd4_decode_putpubfh,
114011 + [OP_PUTROOTFH] = nfsd4_decode_noop,
114012 + [OP_READ] = nfsd4_decode_read,
114013 + [OP_READDIR] = nfsd4_decode_readdir,
114014 + [OP_READLINK] = nfsd4_decode_noop,
114015 + [OP_REMOVE] = nfsd4_decode_remove,
114016 + [OP_RENAME] = nfsd4_decode_rename,
114017 + [OP_RENEW] = nfsd4_decode_renew,
114018 + [OP_RESTOREFH] = nfsd4_decode_noop,
114019 + [OP_SAVEFH] = nfsd4_decode_noop,
114020 + [OP_SECINFO] = nfsd4_decode_secinfo,
114021 + [OP_SETATTR] = nfsd4_decode_setattr,
114022 + [OP_SETCLIENTID] = nfsd4_decode_setclientid,
114023 + [OP_SETCLIENTID_CONFIRM] = nfsd4_decode_setclientid_confirm,
114024 + [OP_VERIFY] = nfsd4_decode_verify,
114025 + [OP_WRITE] = nfsd4_decode_write,
114026 + [OP_RELEASE_LOCKOWNER] = nfsd4_decode_release_lockowner,
114027
114028 /* new operations for NFSv4.1 */
114029 - [OP_BACKCHANNEL_CTL] = (nfsd4_dec)nfsd4_decode_backchannel_ctl,
114030 - [OP_BIND_CONN_TO_SESSION]= (nfsd4_dec)nfsd4_decode_bind_conn_to_session,
114031 - [OP_EXCHANGE_ID] = (nfsd4_dec)nfsd4_decode_exchange_id,
114032 - [OP_CREATE_SESSION] = (nfsd4_dec)nfsd4_decode_create_session,
114033 - [OP_DESTROY_SESSION] = (nfsd4_dec)nfsd4_decode_destroy_session,
114034 - [OP_FREE_STATEID] = (nfsd4_dec)nfsd4_decode_free_stateid,
114035 - [OP_GET_DIR_DELEGATION] = (nfsd4_dec)nfsd4_decode_notsupp,
114036 + [OP_BACKCHANNEL_CTL] = nfsd4_decode_backchannel_ctl,
114037 + [OP_BIND_CONN_TO_SESSION]= nfsd4_decode_bind_conn_to_session,
114038 + [OP_EXCHANGE_ID] = nfsd4_decode_exchange_id,
114039 + [OP_CREATE_SESSION] = nfsd4_decode_create_session,
114040 + [OP_DESTROY_SESSION] = nfsd4_decode_destroy_session,
114041 + [OP_FREE_STATEID] = nfsd4_decode_free_stateid,
114042 + [OP_GET_DIR_DELEGATION] = nfsd4_decode_notsupp,
114043 #ifdef CONFIG_NFSD_PNFS
114044 - [OP_GETDEVICEINFO] = (nfsd4_dec)nfsd4_decode_getdeviceinfo,
114045 - [OP_GETDEVICELIST] = (nfsd4_dec)nfsd4_decode_notsupp,
114046 - [OP_LAYOUTCOMMIT] = (nfsd4_dec)nfsd4_decode_layoutcommit,
114047 - [OP_LAYOUTGET] = (nfsd4_dec)nfsd4_decode_layoutget,
114048 - [OP_LAYOUTRETURN] = (nfsd4_dec)nfsd4_decode_layoutreturn,
114049 + [OP_GETDEVICEINFO] = nfsd4_decode_getdeviceinfo,
114050 + [OP_GETDEVICELIST] = nfsd4_decode_notsupp,
114051 + [OP_LAYOUTCOMMIT] = nfsd4_decode_layoutcommit,
114052 + [OP_LAYOUTGET] = nfsd4_decode_layoutget,
114053 + [OP_LAYOUTRETURN] = nfsd4_decode_layoutreturn,
114054 #else
114055 - [OP_GETDEVICEINFO] = (nfsd4_dec)nfsd4_decode_notsupp,
114056 - [OP_GETDEVICELIST] = (nfsd4_dec)nfsd4_decode_notsupp,
114057 - [OP_LAYOUTCOMMIT] = (nfsd4_dec)nfsd4_decode_notsupp,
114058 - [OP_LAYOUTGET] = (nfsd4_dec)nfsd4_decode_notsupp,
114059 - [OP_LAYOUTRETURN] = (nfsd4_dec)nfsd4_decode_notsupp,
114060 + [OP_GETDEVICEINFO] = nfsd4_decode_notsupp,
114061 + [OP_GETDEVICELIST] = nfsd4_decode_notsupp,
114062 + [OP_LAYOUTCOMMIT] = nfsd4_decode_notsupp,
114063 + [OP_LAYOUTGET] = nfsd4_decode_notsupp,
114064 + [OP_LAYOUTRETURN] = nfsd4_decode_notsupp,
114065 #endif
114066 - [OP_SECINFO_NO_NAME] = (nfsd4_dec)nfsd4_decode_secinfo_no_name,
114067 - [OP_SEQUENCE] = (nfsd4_dec)nfsd4_decode_sequence,
114068 - [OP_SET_SSV] = (nfsd4_dec)nfsd4_decode_notsupp,
114069 - [OP_TEST_STATEID] = (nfsd4_dec)nfsd4_decode_test_stateid,
114070 - [OP_WANT_DELEGATION] = (nfsd4_dec)nfsd4_decode_notsupp,
114071 - [OP_DESTROY_CLIENTID] = (nfsd4_dec)nfsd4_decode_destroy_clientid,
114072 - [OP_RECLAIM_COMPLETE] = (nfsd4_dec)nfsd4_decode_reclaim_complete,
114073 + [OP_SECINFO_NO_NAME] = nfsd4_decode_secinfo_no_name,
114074 + [OP_SEQUENCE] = nfsd4_decode_sequence,
114075 + [OP_SET_SSV] = nfsd4_decode_notsupp,
114076 + [OP_TEST_STATEID] = nfsd4_decode_test_stateid,
114077 + [OP_WANT_DELEGATION] = nfsd4_decode_notsupp,
114078 + [OP_DESTROY_CLIENTID] = nfsd4_decode_destroy_clientid,
114079 + [OP_RECLAIM_COMPLETE] = nfsd4_decode_reclaim_complete,
114080
114081 /* new operations for NFSv4.2 */
114082 - [OP_ALLOCATE] = (nfsd4_dec)nfsd4_decode_fallocate,
114083 - [OP_COPY] = (nfsd4_dec)nfsd4_decode_notsupp,
114084 - [OP_COPY_NOTIFY] = (nfsd4_dec)nfsd4_decode_notsupp,
114085 - [OP_DEALLOCATE] = (nfsd4_dec)nfsd4_decode_fallocate,
114086 - [OP_IO_ADVISE] = (nfsd4_dec)nfsd4_decode_notsupp,
114087 - [OP_LAYOUTERROR] = (nfsd4_dec)nfsd4_decode_notsupp,
114088 - [OP_LAYOUTSTATS] = (nfsd4_dec)nfsd4_decode_notsupp,
114089 - [OP_OFFLOAD_CANCEL] = (nfsd4_dec)nfsd4_decode_notsupp,
114090 - [OP_OFFLOAD_STATUS] = (nfsd4_dec)nfsd4_decode_notsupp,
114091 - [OP_READ_PLUS] = (nfsd4_dec)nfsd4_decode_notsupp,
114092 - [OP_SEEK] = (nfsd4_dec)nfsd4_decode_seek,
114093 - [OP_WRITE_SAME] = (nfsd4_dec)nfsd4_decode_notsupp,
114094 - [OP_CLONE] = (nfsd4_dec)nfsd4_decode_clone,
114095 + [OP_ALLOCATE] = nfsd4_decode_fallocate,
114096 + [OP_COPY] = nfsd4_decode_notsupp,
114097 + [OP_COPY_NOTIFY] = nfsd4_decode_notsupp,
114098 + [OP_DEALLOCATE] = nfsd4_decode_fallocate,
114099 + [OP_IO_ADVISE] = nfsd4_decode_notsupp,
114100 + [OP_LAYOUTERROR] = nfsd4_decode_notsupp,
114101 + [OP_LAYOUTSTATS] = nfsd4_decode_notsupp,
114102 + [OP_OFFLOAD_CANCEL] = nfsd4_decode_notsupp,
114103 + [OP_OFFLOAD_STATUS] = nfsd4_decode_notsupp,
114104 + [OP_READ_PLUS] = nfsd4_decode_notsupp,
114105 + [OP_SEEK] = nfsd4_decode_seek,
114106 + [OP_WRITE_SAME] = nfsd4_decode_notsupp,
114107 + [OP_CLONE] = nfsd4_decode_clone,
114108 };
114109
114110 static inline bool
114111 @@ -3032,8 +3080,9 @@ nfsd4_encode_stateid(struct xdr_stream *xdr, stateid_t *sid)
114112 }
114113
114114 static __be32
114115 -nfsd4_encode_access(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_access *access)
114116 +nfsd4_encode_access(struct nfsd4_compoundres *resp, __be32 nfserr, void *_access)
114117 {
114118 + struct nfsd4_access *access = _access;
114119 struct xdr_stream *xdr = &resp->xdr;
114120 __be32 *p;
114121
114122 @@ -3047,8 +3096,9 @@ nfsd4_encode_access(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_
114123 return nfserr;
114124 }
114125
114126 -static __be32 nfsd4_encode_bind_conn_to_session(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_bind_conn_to_session *bcts)
114127 +static __be32 nfsd4_encode_bind_conn_to_session(struct nfsd4_compoundres *resp, __be32 nfserr, void *_bcts)
114128 {
114129 + struct nfsd4_bind_conn_to_session *bcts = _bcts;
114130 struct xdr_stream *xdr = &resp->xdr;
114131 __be32 *p;
114132
114133 @@ -3066,8 +3116,10 @@ static __be32 nfsd4_encode_bind_conn_to_session(struct nfsd4_compoundres *resp,
114134 }
114135
114136 static __be32
114137 -nfsd4_encode_close(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_close *close)
114138 +nfsd4_encode_close(struct nfsd4_compoundres *resp, __be32 nfserr, void *_close)
114139 {
114140 + struct nfsd4_close *close = _close;
114141 +
114142 struct xdr_stream *xdr = &resp->xdr;
114143
114144 if (!nfserr)
114145 @@ -3078,8 +3130,9 @@ nfsd4_encode_close(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_c
114146
114147
114148 static __be32
114149 -nfsd4_encode_commit(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_commit *commit)
114150 +nfsd4_encode_commit(struct nfsd4_compoundres *resp, __be32 nfserr, void *_commit)
114151 {
114152 + struct nfsd4_commit *commit = _commit;
114153 struct xdr_stream *xdr = &resp->xdr;
114154 __be32 *p;
114155
114156 @@ -3094,8 +3147,9 @@ nfsd4_encode_commit(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_
114157 }
114158
114159 static __be32
114160 -nfsd4_encode_create(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_create *create)
114161 +nfsd4_encode_create(struct nfsd4_compoundres *resp, __be32 nfserr, void *_create)
114162 {
114163 + struct nfsd4_create *create = _create;
114164 struct xdr_stream *xdr = &resp->xdr;
114165 __be32 *p;
114166
114167 @@ -3111,8 +3165,9 @@ nfsd4_encode_create(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_
114168 }
114169
114170 static __be32
114171 -nfsd4_encode_getattr(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_getattr *getattr)
114172 +nfsd4_encode_getattr(struct nfsd4_compoundres *resp, __be32 nfserr, void *_getattr)
114173 {
114174 + struct nfsd4_getattr *getattr = _getattr;
114175 struct svc_fh *fhp = getattr->ga_fhp;
114176 struct xdr_stream *xdr = &resp->xdr;
114177
114178 @@ -3126,8 +3181,9 @@ nfsd4_encode_getattr(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4
114179 }
114180
114181 static __be32
114182 -nfsd4_encode_getfh(struct nfsd4_compoundres *resp, __be32 nfserr, struct svc_fh **fhpp)
114183 +nfsd4_encode_getfh(struct nfsd4_compoundres *resp, __be32 nfserr, void *_fhpp)
114184 {
114185 + struct svc_fh **fhpp = (struct svc_fh **)_fhpp;
114186 struct xdr_stream *xdr = &resp->xdr;
114187 struct svc_fh *fhp = *fhpp;
114188 unsigned int len;
114189 @@ -3183,8 +3239,10 @@ again:
114190 }
114191
114192 static __be32
114193 -nfsd4_encode_lock(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_lock *lock)
114194 +nfsd4_encode_lock(struct nfsd4_compoundres *resp, __be32 nfserr, void *_lock)
114195 {
114196 + struct nfsd4_lock *lock = _lock;
114197 +
114198 struct xdr_stream *xdr = &resp->xdr;
114199
114200 if (!nfserr)
114201 @@ -3196,8 +3254,9 @@ nfsd4_encode_lock(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_lo
114202 }
114203
114204 static __be32
114205 -nfsd4_encode_lockt(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_lockt *lockt)
114206 +nfsd4_encode_lockt(struct nfsd4_compoundres *resp, __be32 nfserr, void *_lockt)
114207 {
114208 + struct nfsd4_lockt *lockt = _lockt;
114209 struct xdr_stream *xdr = &resp->xdr;
114210
114211 if (nfserr == nfserr_denied)
114212 @@ -3206,8 +3265,9 @@ nfsd4_encode_lockt(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_l
114213 }
114214
114215 static __be32
114216 -nfsd4_encode_locku(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_locku *locku)
114217 +nfsd4_encode_locku(struct nfsd4_compoundres *resp, __be32 nfserr, void *_locku)
114218 {
114219 + struct nfsd4_locku *locku = _locku;
114220 struct xdr_stream *xdr = &resp->xdr;
114221
114222 if (!nfserr)
114223 @@ -3218,8 +3278,9 @@ nfsd4_encode_locku(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_l
114224
114225
114226 static __be32
114227 -nfsd4_encode_link(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_link *link)
114228 +nfsd4_encode_link(struct nfsd4_compoundres *resp, __be32 nfserr, void *_link)
114229 {
114230 + struct nfsd4_link *link = _link;
114231 struct xdr_stream *xdr = &resp->xdr;
114232 __be32 *p;
114233
114234 @@ -3234,8 +3295,9 @@ nfsd4_encode_link(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_li
114235
114236
114237 static __be32
114238 -nfsd4_encode_open(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open *open)
114239 +nfsd4_encode_open(struct nfsd4_compoundres *resp, __be32 nfserr, void *_open)
114240 {
114241 + struct nfsd4_open *open = _open;
114242 struct xdr_stream *xdr = &resp->xdr;
114243 __be32 *p;
114244
114245 @@ -3332,8 +3394,10 @@ out:
114246 }
114247
114248 static __be32
114249 -nfsd4_encode_open_confirm(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open_confirm *oc)
114250 +nfsd4_encode_open_confirm(struct nfsd4_compoundres *resp, __be32 nfserr, void *_oc)
114251 {
114252 + struct nfsd4_open_confirm *oc = _oc;
114253 +
114254 struct xdr_stream *xdr = &resp->xdr;
114255
114256 if (!nfserr)
114257 @@ -3343,8 +3407,10 @@ nfsd4_encode_open_confirm(struct nfsd4_compoundres *resp, __be32 nfserr, struct
114258 }
114259
114260 static __be32
114261 -nfsd4_encode_open_downgrade(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_open_downgrade *od)
114262 +nfsd4_encode_open_downgrade(struct nfsd4_compoundres *resp, __be32 nfserr, void *_od)
114263 {
114264 + struct nfsd4_open_downgrade *od = _od;
114265 +
114266 struct xdr_stream *xdr = &resp->xdr;
114267
114268 if (!nfserr)
114269 @@ -3477,9 +3543,9 @@ static __be32 nfsd4_encode_readv(struct nfsd4_compoundres *resp,
114270 }
114271
114272 static __be32
114273 -nfsd4_encode_read(struct nfsd4_compoundres *resp, __be32 nfserr,
114274 - struct nfsd4_read *read)
114275 +nfsd4_encode_read(struct nfsd4_compoundres *resp, __be32 nfserr, void *_read)
114276 {
114277 + struct nfsd4_read *read = _read;
114278 unsigned long maxcount;
114279 struct xdr_stream *xdr = &resp->xdr;
114280 struct file *file = read->rd_filp;
114281 @@ -3531,8 +3597,9 @@ out:
114282 }
114283
114284 static __be32
114285 -nfsd4_encode_readlink(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_readlink *readlink)
114286 +nfsd4_encode_readlink(struct nfsd4_compoundres *resp, __be32 nfserr, void *_readlink)
114287 {
114288 + struct nfsd4_readlink *readlink = _readlink;
114289 int maxcount;
114290 __be32 wire_count;
114291 int zero = 0;
114292 @@ -3576,8 +3643,9 @@ nfsd4_encode_readlink(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd
114293 }
114294
114295 static __be32
114296 -nfsd4_encode_readdir(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_readdir *readdir)
114297 +nfsd4_encode_readdir(struct nfsd4_compoundres *resp, __be32 nfserr, void *_readdir)
114298 {
114299 + struct nfsd4_readdir *readdir = _readdir;
114300 int maxcount;
114301 int bytes_left;
114302 loff_t offset;
114303 @@ -3669,8 +3737,9 @@ err_no_verf:
114304 }
114305
114306 static __be32
114307 -nfsd4_encode_remove(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_remove *remove)
114308 +nfsd4_encode_remove(struct nfsd4_compoundres *resp, __be32 nfserr, void *_remove)
114309 {
114310 + struct nfsd4_remove *remove = _remove;
114311 struct xdr_stream *xdr = &resp->xdr;
114312 __be32 *p;
114313
114314 @@ -3684,8 +3753,9 @@ nfsd4_encode_remove(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_
114315 }
114316
114317 static __be32
114318 -nfsd4_encode_rename(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_rename *rename)
114319 +nfsd4_encode_rename(struct nfsd4_compoundres *resp, __be32 nfserr, void *_rename)
114320 {
114321 + struct nfsd4_rename *rename = _rename;
114322 struct xdr_stream *xdr = &resp->xdr;
114323 __be32 *p;
114324
114325 @@ -3701,8 +3771,9 @@ nfsd4_encode_rename(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_
114326
114327 static __be32
114328 nfsd4_do_encode_secinfo(struct xdr_stream *xdr,
114329 - __be32 nfserr, struct svc_export *exp)
114330 + __be32 nfserr, void *_exp)
114331 {
114332 + struct svc_export *exp = _exp;
114333 u32 i, nflavs, supported;
114334 struct exp_flavor_info *flavs;
114335 struct exp_flavor_info def_flavs[2];
114336 @@ -3777,8 +3848,9 @@ out:
114337
114338 static __be32
114339 nfsd4_encode_secinfo(struct nfsd4_compoundres *resp, __be32 nfserr,
114340 - struct nfsd4_secinfo *secinfo)
114341 + void *_secinfo)
114342 {
114343 + struct nfsd4_secinfo *secinfo = _secinfo;
114344 struct xdr_stream *xdr = &resp->xdr;
114345
114346 return nfsd4_do_encode_secinfo(xdr, nfserr, secinfo->si_exp);
114347 @@ -3786,8 +3858,9 @@ nfsd4_encode_secinfo(struct nfsd4_compoundres *resp, __be32 nfserr,
114348
114349 static __be32
114350 nfsd4_encode_secinfo_no_name(struct nfsd4_compoundres *resp, __be32 nfserr,
114351 - struct nfsd4_secinfo_no_name *secinfo)
114352 + void *_secinfo)
114353 {
114354 + struct nfsd4_secinfo_no_name *secinfo = _secinfo;
114355 struct xdr_stream *xdr = &resp->xdr;
114356
114357 return nfsd4_do_encode_secinfo(xdr, nfserr, secinfo->sin_exp);
114358 @@ -3798,8 +3871,9 @@ nfsd4_encode_secinfo_no_name(struct nfsd4_compoundres *resp, __be32 nfserr,
114359 * regardless of the error status.
114360 */
114361 static __be32
114362 -nfsd4_encode_setattr(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_setattr *setattr)
114363 +nfsd4_encode_setattr(struct nfsd4_compoundres *resp, __be32 nfserr, void *_setattr)
114364 {
114365 + struct nfsd4_setattr *setattr = _setattr;
114366 struct xdr_stream *xdr = &resp->xdr;
114367 __be32 *p;
114368
114369 @@ -3822,8 +3896,9 @@ nfsd4_encode_setattr(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4
114370 }
114371
114372 static __be32
114373 -nfsd4_encode_setclientid(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_setclientid *scd)
114374 +nfsd4_encode_setclientid(struct nfsd4_compoundres *resp, __be32 nfserr, void *_scd)
114375 {
114376 + struct nfsd4_setclientid *scd = _scd;
114377 struct xdr_stream *xdr = &resp->xdr;
114378 __be32 *p;
114379
114380 @@ -3846,8 +3921,9 @@ nfsd4_encode_setclientid(struct nfsd4_compoundres *resp, __be32 nfserr, struct n
114381 }
114382
114383 static __be32
114384 -nfsd4_encode_write(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_write *write)
114385 +nfsd4_encode_write(struct nfsd4_compoundres *resp, __be32 nfserr, void *_write)
114386 {
114387 + struct nfsd4_write *write = _write;
114388 struct xdr_stream *xdr = &resp->xdr;
114389 __be32 *p;
114390
114391 @@ -3865,8 +3941,9 @@ nfsd4_encode_write(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_w
114392
114393 static __be32
114394 nfsd4_encode_exchange_id(struct nfsd4_compoundres *resp, __be32 nfserr,
114395 - struct nfsd4_exchange_id *exid)
114396 + void *_exid)
114397 {
114398 + struct nfsd4_exchange_id *exid = _exid;
114399 struct xdr_stream *xdr = &resp->xdr;
114400 __be32 *p;
114401 char *major_id;
114402 @@ -3948,8 +4025,9 @@ out:
114403
114404 static __be32
114405 nfsd4_encode_create_session(struct nfsd4_compoundres *resp, __be32 nfserr,
114406 - struct nfsd4_create_session *sess)
114407 + void *_sess)
114408 {
114409 + struct nfsd4_create_session *sess = _sess;
114410 struct xdr_stream *xdr = &resp->xdr;
114411 __be32 *p;
114412
114413 @@ -4004,8 +4082,9 @@ nfsd4_encode_create_session(struct nfsd4_compoundres *resp, __be32 nfserr,
114414
114415 static __be32
114416 nfsd4_encode_sequence(struct nfsd4_compoundres *resp, __be32 nfserr,
114417 - struct nfsd4_sequence *seq)
114418 + void *_seq)
114419 {
114420 + struct nfsd4_sequence *seq = _seq;
114421 struct xdr_stream *xdr = &resp->xdr;
114422 __be32 *p;
114423
114424 @@ -4030,8 +4109,9 @@ nfsd4_encode_sequence(struct nfsd4_compoundres *resp, __be32 nfserr,
114425
114426 static __be32
114427 nfsd4_encode_test_stateid(struct nfsd4_compoundres *resp, __be32 nfserr,
114428 - struct nfsd4_test_stateid *test_stateid)
114429 + void *_test_stateid)
114430 {
114431 + struct nfsd4_test_stateid *test_stateid = _test_stateid;
114432 struct xdr_stream *xdr = &resp->xdr;
114433 struct nfsd4_test_stateid_id *stateid, *next;
114434 __be32 *p;
114435 @@ -4053,9 +4133,9 @@ nfsd4_encode_test_stateid(struct nfsd4_compoundres *resp, __be32 nfserr,
114436
114437 #ifdef CONFIG_NFSD_PNFS
114438 static __be32
114439 -nfsd4_encode_getdeviceinfo(struct nfsd4_compoundres *resp, __be32 nfserr,
114440 - struct nfsd4_getdeviceinfo *gdev)
114441 +nfsd4_encode_getdeviceinfo(struct nfsd4_compoundres *resp, __be32 nfserr, void *_gdev)
114442 {
114443 + struct nfsd4_getdeviceinfo *gdev = _gdev;
114444 struct xdr_stream *xdr = &resp->xdr;
114445 const struct nfsd4_layout_ops *ops =
114446 nfsd4_layout_ops[gdev->gd_layout_type];
114447 @@ -4123,9 +4203,9 @@ toosmall:
114448 }
114449
114450 static __be32
114451 -nfsd4_encode_layoutget(struct nfsd4_compoundres *resp, __be32 nfserr,
114452 - struct nfsd4_layoutget *lgp)
114453 +nfsd4_encode_layoutget(struct nfsd4_compoundres *resp, __be32 nfserr, void *_lgp)
114454 {
114455 + struct nfsd4_layoutget *lgp = _lgp;
114456 struct xdr_stream *xdr = &resp->xdr;
114457 const struct nfsd4_layout_ops *ops =
114458 nfsd4_layout_ops[lgp->lg_layout_type];
114459 @@ -4158,9 +4238,9 @@ out:
114460 }
114461
114462 static __be32
114463 -nfsd4_encode_layoutcommit(struct nfsd4_compoundres *resp, __be32 nfserr,
114464 - struct nfsd4_layoutcommit *lcp)
114465 +nfsd4_encode_layoutcommit(struct nfsd4_compoundres *resp, __be32 nfserr, void *_lcp)
114466 {
114467 + struct nfsd4_layoutcommit *lcp = _lcp;
114468 struct xdr_stream *xdr = &resp->xdr;
114469 __be32 *p;
114470
114471 @@ -4182,9 +4262,9 @@ nfsd4_encode_layoutcommit(struct nfsd4_compoundres *resp, __be32 nfserr,
114472 }
114473
114474 static __be32
114475 -nfsd4_encode_layoutreturn(struct nfsd4_compoundres *resp, __be32 nfserr,
114476 - struct nfsd4_layoutreturn *lrp)
114477 +nfsd4_encode_layoutreturn(struct nfsd4_compoundres *resp, __be32 nfserr, void *_lrp)
114478 {
114479 + struct nfsd4_layoutreturn *lrp = _lrp;
114480 struct xdr_stream *xdr = &resp->xdr;
114481 __be32 *p;
114482
114483 @@ -4203,8 +4283,9 @@ nfsd4_encode_layoutreturn(struct nfsd4_compoundres *resp, __be32 nfserr,
114484
114485 static __be32
114486 nfsd4_encode_seek(struct nfsd4_compoundres *resp, __be32 nfserr,
114487 - struct nfsd4_seek *seek)
114488 + void *_seek)
114489 {
114490 + struct nfsd4_seek *seek= (struct nfsd4_seek *)_seek;
114491 __be32 *p;
114492
114493 if (nfserr)
114494 @@ -4231,87 +4312,87 @@ typedef __be32(* nfsd4_enc)(struct nfsd4_compoundres *, __be32, void *);
114495 * done in the decoding phase.
114496 */
114497 static nfsd4_enc nfsd4_enc_ops[] = {
114498 - [OP_ACCESS] = (nfsd4_enc)nfsd4_encode_access,
114499 - [OP_CLOSE] = (nfsd4_enc)nfsd4_encode_close,
114500 - [OP_COMMIT] = (nfsd4_enc)nfsd4_encode_commit,
114501 - [OP_CREATE] = (nfsd4_enc)nfsd4_encode_create,
114502 - [OP_DELEGPURGE] = (nfsd4_enc)nfsd4_encode_noop,
114503 - [OP_DELEGRETURN] = (nfsd4_enc)nfsd4_encode_noop,
114504 - [OP_GETATTR] = (nfsd4_enc)nfsd4_encode_getattr,
114505 - [OP_GETFH] = (nfsd4_enc)nfsd4_encode_getfh,
114506 - [OP_LINK] = (nfsd4_enc)nfsd4_encode_link,
114507 - [OP_LOCK] = (nfsd4_enc)nfsd4_encode_lock,
114508 - [OP_LOCKT] = (nfsd4_enc)nfsd4_encode_lockt,
114509 - [OP_LOCKU] = (nfsd4_enc)nfsd4_encode_locku,
114510 - [OP_LOOKUP] = (nfsd4_enc)nfsd4_encode_noop,
114511 - [OP_LOOKUPP] = (nfsd4_enc)nfsd4_encode_noop,
114512 - [OP_NVERIFY] = (nfsd4_enc)nfsd4_encode_noop,
114513 - [OP_OPEN] = (nfsd4_enc)nfsd4_encode_open,
114514 - [OP_OPENATTR] = (nfsd4_enc)nfsd4_encode_noop,
114515 - [OP_OPEN_CONFIRM] = (nfsd4_enc)nfsd4_encode_open_confirm,
114516 - [OP_OPEN_DOWNGRADE] = (nfsd4_enc)nfsd4_encode_open_downgrade,
114517 - [OP_PUTFH] = (nfsd4_enc)nfsd4_encode_noop,
114518 - [OP_PUTPUBFH] = (nfsd4_enc)nfsd4_encode_noop,
114519 - [OP_PUTROOTFH] = (nfsd4_enc)nfsd4_encode_noop,
114520 - [OP_READ] = (nfsd4_enc)nfsd4_encode_read,
114521 - [OP_READDIR] = (nfsd4_enc)nfsd4_encode_readdir,
114522 - [OP_READLINK] = (nfsd4_enc)nfsd4_encode_readlink,
114523 - [OP_REMOVE] = (nfsd4_enc)nfsd4_encode_remove,
114524 - [OP_RENAME] = (nfsd4_enc)nfsd4_encode_rename,
114525 - [OP_RENEW] = (nfsd4_enc)nfsd4_encode_noop,
114526 - [OP_RESTOREFH] = (nfsd4_enc)nfsd4_encode_noop,
114527 - [OP_SAVEFH] = (nfsd4_enc)nfsd4_encode_noop,
114528 - [OP_SECINFO] = (nfsd4_enc)nfsd4_encode_secinfo,
114529 - [OP_SETATTR] = (nfsd4_enc)nfsd4_encode_setattr,
114530 - [OP_SETCLIENTID] = (nfsd4_enc)nfsd4_encode_setclientid,
114531 - [OP_SETCLIENTID_CONFIRM] = (nfsd4_enc)nfsd4_encode_noop,
114532 - [OP_VERIFY] = (nfsd4_enc)nfsd4_encode_noop,
114533 - [OP_WRITE] = (nfsd4_enc)nfsd4_encode_write,
114534 - [OP_RELEASE_LOCKOWNER] = (nfsd4_enc)nfsd4_encode_noop,
114535 + [OP_ACCESS] = nfsd4_encode_access,
114536 + [OP_CLOSE] = nfsd4_encode_close,
114537 + [OP_COMMIT] = nfsd4_encode_commit,
114538 + [OP_CREATE] = nfsd4_encode_create,
114539 + [OP_DELEGPURGE] = nfsd4_encode_noop,
114540 + [OP_DELEGRETURN] = nfsd4_encode_noop,
114541 + [OP_GETATTR] = nfsd4_encode_getattr,
114542 + [OP_GETFH] = nfsd4_encode_getfh,
114543 + [OP_LINK] = nfsd4_encode_link,
114544 + [OP_LOCK] = nfsd4_encode_lock,
114545 + [OP_LOCKT] = nfsd4_encode_lockt,
114546 + [OP_LOCKU] = nfsd4_encode_locku,
114547 + [OP_LOOKUP] = nfsd4_encode_noop,
114548 + [OP_LOOKUPP] = nfsd4_encode_noop,
114549 + [OP_NVERIFY] = nfsd4_encode_noop,
114550 + [OP_OPEN] = nfsd4_encode_open,
114551 + [OP_OPENATTR] = nfsd4_encode_noop,
114552 + [OP_OPEN_CONFIRM] = nfsd4_encode_open_confirm,
114553 + [OP_OPEN_DOWNGRADE] = nfsd4_encode_open_downgrade,
114554 + [OP_PUTFH] = nfsd4_encode_noop,
114555 + [OP_PUTPUBFH] = nfsd4_encode_noop,
114556 + [OP_PUTROOTFH] = nfsd4_encode_noop,
114557 + [OP_READ] = nfsd4_encode_read,
114558 + [OP_READDIR] = nfsd4_encode_readdir,
114559 + [OP_READLINK] = nfsd4_encode_readlink,
114560 + [OP_REMOVE] = nfsd4_encode_remove,
114561 + [OP_RENAME] = nfsd4_encode_rename,
114562 + [OP_RENEW] = nfsd4_encode_noop,
114563 + [OP_RESTOREFH] = nfsd4_encode_noop,
114564 + [OP_SAVEFH] = nfsd4_encode_noop,
114565 + [OP_SECINFO] = nfsd4_encode_secinfo,
114566 + [OP_SETATTR] = nfsd4_encode_setattr,
114567 + [OP_SETCLIENTID] = nfsd4_encode_setclientid,
114568 + [OP_SETCLIENTID_CONFIRM] = nfsd4_encode_noop,
114569 + [OP_VERIFY] = nfsd4_encode_noop,
114570 + [OP_WRITE] = nfsd4_encode_write,
114571 + [OP_RELEASE_LOCKOWNER] = nfsd4_encode_noop,
114572
114573 /* NFSv4.1 operations */
114574 - [OP_BACKCHANNEL_CTL] = (nfsd4_enc)nfsd4_encode_noop,
114575 - [OP_BIND_CONN_TO_SESSION] = (nfsd4_enc)nfsd4_encode_bind_conn_to_session,
114576 - [OP_EXCHANGE_ID] = (nfsd4_enc)nfsd4_encode_exchange_id,
114577 - [OP_CREATE_SESSION] = (nfsd4_enc)nfsd4_encode_create_session,
114578 - [OP_DESTROY_SESSION] = (nfsd4_enc)nfsd4_encode_noop,
114579 - [OP_FREE_STATEID] = (nfsd4_enc)nfsd4_encode_noop,
114580 - [OP_GET_DIR_DELEGATION] = (nfsd4_enc)nfsd4_encode_noop,
114581 + [OP_BACKCHANNEL_CTL] = nfsd4_encode_noop,
114582 + [OP_BIND_CONN_TO_SESSION] = nfsd4_encode_bind_conn_to_session,
114583 + [OP_EXCHANGE_ID] = nfsd4_encode_exchange_id,
114584 + [OP_CREATE_SESSION] = nfsd4_encode_create_session,
114585 + [OP_DESTROY_SESSION] = nfsd4_encode_noop,
114586 + [OP_FREE_STATEID] = nfsd4_encode_noop,
114587 + [OP_GET_DIR_DELEGATION] = nfsd4_encode_noop,
114588 #ifdef CONFIG_NFSD_PNFS
114589 - [OP_GETDEVICEINFO] = (nfsd4_enc)nfsd4_encode_getdeviceinfo,
114590 - [OP_GETDEVICELIST] = (nfsd4_enc)nfsd4_encode_noop,
114591 - [OP_LAYOUTCOMMIT] = (nfsd4_enc)nfsd4_encode_layoutcommit,
114592 - [OP_LAYOUTGET] = (nfsd4_enc)nfsd4_encode_layoutget,
114593 - [OP_LAYOUTRETURN] = (nfsd4_enc)nfsd4_encode_layoutreturn,
114594 + [OP_GETDEVICEINFO] = nfsd4_encode_getdeviceinfo,
114595 + [OP_GETDEVICELIST] = nfsd4_encode_noop,
114596 + [OP_LAYOUTCOMMIT] = nfsd4_encode_layoutcommit,
114597 + [OP_LAYOUTGET] = nfsd4_encode_layoutget,
114598 + [OP_LAYOUTRETURN] = nfsd4_encode_layoutreturn,
114599 #else
114600 - [OP_GETDEVICEINFO] = (nfsd4_enc)nfsd4_encode_noop,
114601 - [OP_GETDEVICELIST] = (nfsd4_enc)nfsd4_encode_noop,
114602 - [OP_LAYOUTCOMMIT] = (nfsd4_enc)nfsd4_encode_noop,
114603 - [OP_LAYOUTGET] = (nfsd4_enc)nfsd4_encode_noop,
114604 - [OP_LAYOUTRETURN] = (nfsd4_enc)nfsd4_encode_noop,
114605 + [OP_GETDEVICEINFO] = nfsd4_encode_noop,
114606 + [OP_GETDEVICELIST] = nfsd4_encode_noop,
114607 + [OP_LAYOUTCOMMIT] = nfsd4_encode_noop,
114608 + [OP_LAYOUTGET] = nfsd4_encode_noop,
114609 + [OP_LAYOUTRETURN] = nfsd4_encode_noop,
114610 #endif
114611 - [OP_SECINFO_NO_NAME] = (nfsd4_enc)nfsd4_encode_secinfo_no_name,
114612 - [OP_SEQUENCE] = (nfsd4_enc)nfsd4_encode_sequence,
114613 - [OP_SET_SSV] = (nfsd4_enc)nfsd4_encode_noop,
114614 - [OP_TEST_STATEID] = (nfsd4_enc)nfsd4_encode_test_stateid,
114615 - [OP_WANT_DELEGATION] = (nfsd4_enc)nfsd4_encode_noop,
114616 - [OP_DESTROY_CLIENTID] = (nfsd4_enc)nfsd4_encode_noop,
114617 - [OP_RECLAIM_COMPLETE] = (nfsd4_enc)nfsd4_encode_noop,
114618 + [OP_SECINFO_NO_NAME] = nfsd4_encode_secinfo_no_name,
114619 + [OP_SEQUENCE] = nfsd4_encode_sequence,
114620 + [OP_SET_SSV] = nfsd4_encode_noop,
114621 + [OP_TEST_STATEID] = nfsd4_encode_test_stateid,
114622 + [OP_WANT_DELEGATION] = nfsd4_encode_noop,
114623 + [OP_DESTROY_CLIENTID] = nfsd4_encode_noop,
114624 + [OP_RECLAIM_COMPLETE] = nfsd4_encode_noop,
114625
114626 /* NFSv4.2 operations */
114627 - [OP_ALLOCATE] = (nfsd4_enc)nfsd4_encode_noop,
114628 - [OP_COPY] = (nfsd4_enc)nfsd4_encode_noop,
114629 - [OP_COPY_NOTIFY] = (nfsd4_enc)nfsd4_encode_noop,
114630 - [OP_DEALLOCATE] = (nfsd4_enc)nfsd4_encode_noop,
114631 - [OP_IO_ADVISE] = (nfsd4_enc)nfsd4_encode_noop,
114632 - [OP_LAYOUTERROR] = (nfsd4_enc)nfsd4_encode_noop,
114633 - [OP_LAYOUTSTATS] = (nfsd4_enc)nfsd4_encode_noop,
114634 - [OP_OFFLOAD_CANCEL] = (nfsd4_enc)nfsd4_encode_noop,
114635 - [OP_OFFLOAD_STATUS] = (nfsd4_enc)nfsd4_encode_noop,
114636 - [OP_READ_PLUS] = (nfsd4_enc)nfsd4_encode_noop,
114637 - [OP_SEEK] = (nfsd4_enc)nfsd4_encode_seek,
114638 - [OP_WRITE_SAME] = (nfsd4_enc)nfsd4_encode_noop,
114639 - [OP_CLONE] = (nfsd4_enc)nfsd4_encode_noop,
114640 + [OP_ALLOCATE] = nfsd4_encode_noop,
114641 + [OP_COPY] = nfsd4_encode_noop,
114642 + [OP_COPY_NOTIFY] = nfsd4_encode_noop,
114643 + [OP_DEALLOCATE] = nfsd4_encode_noop,
114644 + [OP_IO_ADVISE] = nfsd4_encode_noop,
114645 + [OP_LAYOUTERROR] = nfsd4_encode_noop,
114646 + [OP_LAYOUTSTATS] = nfsd4_encode_noop,
114647 + [OP_OFFLOAD_CANCEL] = nfsd4_encode_noop,
114648 + [OP_OFFLOAD_STATUS] = nfsd4_encode_noop,
114649 + [OP_READ_PLUS] = nfsd4_encode_noop,
114650 + [OP_SEEK] = nfsd4_encode_seek,
114651 + [OP_WRITE_SAME] = nfsd4_encode_noop,
114652 + [OP_CLONE] = nfsd4_encode_noop,
114653 };
114654
114655 /*
114656 @@ -4436,9 +4517,9 @@ nfsd4_encode_replay(struct xdr_stream *xdr, struct nfsd4_op *op)
114657 }
114658
114659 int
114660 -nfs4svc_encode_voidres(struct svc_rqst *rqstp, __be32 *p, void *dummy)
114661 +nfs4svc_encode_voidres(void *rqstp, __be32 *p, void *dummy)
114662 {
114663 - return xdr_ressize_check(rqstp, p);
114664 + return xdr_ressize_check(rqstp, p);
114665 }
114666
114667 int nfsd4_release_compoundargs(void *rq, __be32 *p, void *resp)
114668 @@ -4461,8 +4542,11 @@ int nfsd4_release_compoundargs(void *rq, __be32 *p, void *resp)
114669 }
114670
114671 int
114672 -nfs4svc_decode_compoundargs(struct svc_rqst *rqstp, __be32 *p, struct nfsd4_compoundargs *args)
114673 +nfs4svc_decode_compoundargs(void *_rqstp, __be32 *p, void *_args)
114674 {
114675 + struct svc_rqst *rqstp = _rqstp;
114676 + struct nfsd4_compoundargs *args = _args;
114677 +
114678 if (rqstp->rq_arg.head[0].iov_len % 4) {
114679 /* client is nuts */
114680 dprintk("%s: compound not properly padded! (peeraddr=%pISc xid=0x%x)",
114681 @@ -4482,11 +4566,13 @@ nfs4svc_decode_compoundargs(struct svc_rqst *rqstp, __be32 *p, struct nfsd4_comp
114682 }
114683
114684 int
114685 -nfs4svc_encode_compoundres(struct svc_rqst *rqstp, __be32 *p, struct nfsd4_compoundres *resp)
114686 +nfs4svc_encode_compoundres(void *_rqstp, __be32 *p, void *_resp)
114687 {
114688 /*
114689 * All that remains is to write the tag and operation count...
114690 */
114691 + struct svc_rqst *rqstp = _rqstp;
114692 + struct nfsd4_compoundres *resp = _resp;
114693 struct xdr_buf *buf = resp->xdr.buf;
114694
114695 WARN_ON_ONCE(buf->len != buf->head[0].iov_len + buf->page_len +
114696 diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c
114697 index 54cde9a..ff5756c 100644
114698 --- a/fs/nfsd/nfscache.c
114699 +++ b/fs/nfsd/nfscache.c
114700 @@ -513,7 +513,7 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
114701 struct kvec *resv = &rqstp->rq_res.head[0], *cachv;
114702 u32 hash;
114703 struct nfsd_drc_bucket *b;
114704 - int len;
114705 + long len;
114706 size_t bufsize = 0;
114707
114708 if (!rp)
114709 @@ -522,11 +522,14 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
114710 hash = nfsd_cache_hash(rp->c_xid);
114711 b = &drc_hashtbl[hash];
114712
114713 - len = resv->iov_len - ((char*)statp - (char*)resv->iov_base);
114714 - len >>= 2;
114715 + if (statp) {
114716 + len = (char*)statp - (char*)resv->iov_base;
114717 + len = resv->iov_len - len;
114718 + len >>= 2;
114719 + }
114720
114721 /* Don't cache excessive amounts of data and XDR failures */
114722 - if (!statp || len > (256 >> 2)) {
114723 + if (!statp || len > (256 >> 2) || len < 0) {
114724 nfsd_reply_cache_free(b, rp);
114725 return;
114726 }
114727 @@ -534,7 +537,7 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
114728 switch (cachetype) {
114729 case RC_REPLSTAT:
114730 if (len != 1)
114731 - printk("nfsd: RC_REPLSTAT/reply len %d!\n",len);
114732 + printk("nfsd: RC_REPLSTAT/reply len %ld!\n",len);
114733 rp->c_replstat = *statp;
114734 break;
114735 case RC_REPLBUFF:
114736 diff --git a/fs/nfsd/nfsproc.c b/fs/nfsd/nfsproc.c
114737 index e921476..fcda44c 100644
114738 --- a/fs/nfsd/nfsproc.c
114739 +++ b/fs/nfsd/nfsproc.c
114740 @@ -39,9 +39,11 @@ nfsd_return_dirop(__be32 err, struct nfsd_diropres *resp)
114741 * N.B. After this call resp->fh needs an fh_put
114742 */
114743 static __be32
114744 -nfsd_proc_getattr(struct svc_rqst *rqstp, struct nfsd_fhandle *argp,
114745 - struct nfsd_attrstat *resp)
114746 +nfsd_proc_getattr(struct svc_rqst *rqstp, void *_argp,
114747 + void *_resp)
114748 {
114749 + struct nfsd_fhandle *argp = _argp;
114750 + struct nfsd_attrstat *resp = _resp;
114751 __be32 nfserr;
114752 dprintk("nfsd: GETATTR %s\n", SVCFH_fmt(&argp->fh));
114753
114754 @@ -56,9 +58,11 @@ nfsd_proc_getattr(struct svc_rqst *rqstp, struct nfsd_fhandle *argp,
114755 * N.B. After this call resp->fh needs an fh_put
114756 */
114757 static __be32
114758 -nfsd_proc_setattr(struct svc_rqst *rqstp, struct nfsd_sattrargs *argp,
114759 - struct nfsd_attrstat *resp)
114760 +nfsd_proc_setattr(struct svc_rqst *rqstp, void *_argp,
114761 + void *_resp)
114762 {
114763 + struct nfsd_sattrargs *argp = _argp;
114764 + struct nfsd_attrstat *resp = _resp;
114765 struct iattr *iap = &argp->attrs;
114766 struct svc_fh *fhp;
114767 __be32 nfserr;
114768 @@ -124,9 +128,11 @@ done:
114769 * N.B. After this call resp->fh needs an fh_put
114770 */
114771 static __be32
114772 -nfsd_proc_lookup(struct svc_rqst *rqstp, struct nfsd_diropargs *argp,
114773 - struct nfsd_diropres *resp)
114774 +nfsd_proc_lookup(struct svc_rqst *rqstp, void *_argp,
114775 + void *_resp)
114776 {
114777 + struct nfsd_diropargs *argp = _argp;
114778 + struct nfsd_diropres *resp = _resp;
114779 __be32 nfserr;
114780
114781 dprintk("nfsd: LOOKUP %s %.*s\n",
114782 @@ -144,9 +150,11 @@ nfsd_proc_lookup(struct svc_rqst *rqstp, struct nfsd_diropargs *argp,
114783 * Read a symlink.
114784 */
114785 static __be32
114786 -nfsd_proc_readlink(struct svc_rqst *rqstp, struct nfsd_readlinkargs *argp,
114787 - struct nfsd_readlinkres *resp)
114788 +nfsd_proc_readlink(struct svc_rqst *rqstp, void *_argp,
114789 + void *_resp)
114790 {
114791 + struct nfsd_readlinkargs *argp = _argp;
114792 + struct nfsd_readlinkres *resp = _resp;
114793 __be32 nfserr;
114794
114795 dprintk("nfsd: READLINK %s\n", SVCFH_fmt(&argp->fh));
114796 @@ -164,9 +172,11 @@ nfsd_proc_readlink(struct svc_rqst *rqstp, struct nfsd_readlinkargs *argp,
114797 * N.B. After this call resp->fh needs an fh_put
114798 */
114799 static __be32
114800 -nfsd_proc_read(struct svc_rqst *rqstp, struct nfsd_readargs *argp,
114801 - struct nfsd_readres *resp)
114802 +nfsd_proc_read(struct svc_rqst *rqstp, void *_argp,
114803 + void *_resp)
114804 {
114805 + struct nfsd_readargs *argp = _argp;
114806 + struct nfsd_readres *resp = _resp;
114807 __be32 nfserr;
114808
114809 dprintk("nfsd: READ %s %d bytes at %d\n",
114810 @@ -202,9 +212,11 @@ nfsd_proc_read(struct svc_rqst *rqstp, struct nfsd_readargs *argp,
114811 * N.B. After this call resp->fh needs an fh_put
114812 */
114813 static __be32
114814 -nfsd_proc_write(struct svc_rqst *rqstp, struct nfsd_writeargs *argp,
114815 - struct nfsd_attrstat *resp)
114816 +nfsd_proc_write(struct svc_rqst *rqstp, void *_argp,
114817 + void *_resp)
114818 {
114819 + struct nfsd_writeargs *argp = _argp;
114820 + struct nfsd_attrstat *resp = _resp;
114821 __be32 nfserr;
114822 int stable = 1;
114823 unsigned long cnt = argp->len;
114824 @@ -228,9 +240,11 @@ nfsd_proc_write(struct svc_rqst *rqstp, struct nfsd_writeargs *argp,
114825 * N.B. After this call _both_ argp->fh and resp->fh need an fh_put
114826 */
114827 static __be32
114828 -nfsd_proc_create(struct svc_rqst *rqstp, struct nfsd_createargs *argp,
114829 - struct nfsd_diropres *resp)
114830 +nfsd_proc_create(struct svc_rqst *rqstp, void *_argp,
114831 + void *_resp)
114832 {
114833 + struct nfsd_createargs *argp = _argp;
114834 + struct nfsd_diropres *resp = _resp;
114835 svc_fh *dirfhp = &argp->fh;
114836 svc_fh *newfhp = &resp->fh;
114837 struct iattr *attr = &argp->attrs;
114838 @@ -383,9 +397,10 @@ done:
114839 }
114840
114841 static __be32
114842 -nfsd_proc_remove(struct svc_rqst *rqstp, struct nfsd_diropargs *argp,
114843 +nfsd_proc_remove(struct svc_rqst *rqstp, void *_argp,
114844 void *resp)
114845 {
114846 + struct nfsd_diropargs *argp = _argp;
114847 __be32 nfserr;
114848
114849 dprintk("nfsd: REMOVE %s %.*s\n", SVCFH_fmt(&argp->fh),
114850 @@ -398,9 +413,10 @@ nfsd_proc_remove(struct svc_rqst *rqstp, struct nfsd_diropargs *argp,
114851 }
114852
114853 static __be32
114854 -nfsd_proc_rename(struct svc_rqst *rqstp, struct nfsd_renameargs *argp,
114855 +nfsd_proc_rename(struct svc_rqst *rqstp, void *_argp,
114856 void *resp)
114857 {
114858 + struct nfsd_renameargs *argp = _argp;
114859 __be32 nfserr;
114860
114861 dprintk("nfsd: RENAME %s %.*s -> \n",
114862 @@ -416,9 +432,10 @@ nfsd_proc_rename(struct svc_rqst *rqstp, struct nfsd_renameargs *argp,
114863 }
114864
114865 static __be32
114866 -nfsd_proc_link(struct svc_rqst *rqstp, struct nfsd_linkargs *argp,
114867 +nfsd_proc_link(struct svc_rqst *rqstp, void *_argp,
114868 void *resp)
114869 {
114870 + struct nfsd_linkargs *argp = _argp;
114871 __be32 nfserr;
114872
114873 dprintk("nfsd: LINK %s ->\n",
114874 @@ -436,9 +453,10 @@ nfsd_proc_link(struct svc_rqst *rqstp, struct nfsd_linkargs *argp,
114875 }
114876
114877 static __be32
114878 -nfsd_proc_symlink(struct svc_rqst *rqstp, struct nfsd_symlinkargs *argp,
114879 +nfsd_proc_symlink(struct svc_rqst *rqstp, void *_argp,
114880 void *resp)
114881 {
114882 + struct nfsd_symlinkargs *argp = _argp;
114883 struct svc_fh newfh;
114884 __be32 nfserr;
114885
114886 @@ -466,9 +484,11 @@ nfsd_proc_symlink(struct svc_rqst *rqstp, struct nfsd_symlinkargs *argp,
114887 * N.B. After this call resp->fh needs an fh_put
114888 */
114889 static __be32
114890 -nfsd_proc_mkdir(struct svc_rqst *rqstp, struct nfsd_createargs *argp,
114891 - struct nfsd_diropres *resp)
114892 +nfsd_proc_mkdir(struct svc_rqst *rqstp, void *_argp,
114893 + void *_resp)
114894 {
114895 + struct nfsd_createargs *argp = _argp;
114896 + struct nfsd_diropres *resp = _resp;
114897 __be32 nfserr;
114898
114899 dprintk("nfsd: MKDIR %s %.*s\n", SVCFH_fmt(&argp->fh), argp->len, argp->name);
114900 @@ -490,9 +510,10 @@ nfsd_proc_mkdir(struct svc_rqst *rqstp, struct nfsd_createargs *argp,
114901 * Remove a directory
114902 */
114903 static __be32
114904 -nfsd_proc_rmdir(struct svc_rqst *rqstp, struct nfsd_diropargs *argp,
114905 +nfsd_proc_rmdir(struct svc_rqst *rqstp, void *_argp,
114906 void *resp)
114907 {
114908 + struct nfsd_diropargs *argp = _argp;
114909 __be32 nfserr;
114910
114911 dprintk("nfsd: RMDIR %s %.*s\n", SVCFH_fmt(&argp->fh), argp->len, argp->name);
114912 @@ -506,9 +527,11 @@ nfsd_proc_rmdir(struct svc_rqst *rqstp, struct nfsd_diropargs *argp,
114913 * Read a portion of a directory.
114914 */
114915 static __be32
114916 -nfsd_proc_readdir(struct svc_rqst *rqstp, struct nfsd_readdirargs *argp,
114917 - struct nfsd_readdirres *resp)
114918 +nfsd_proc_readdir(struct svc_rqst *rqstp, void *_argp,
114919 + void *_resp)
114920 {
114921 + struct nfsd_readdirargs *argp = _argp;
114922 + struct nfsd_readdirres *resp = _resp;
114923 int count;
114924 __be32 nfserr;
114925 loff_t offset;
114926 @@ -546,9 +569,11 @@ nfsd_proc_readdir(struct svc_rqst *rqstp, struct nfsd_readdirargs *argp,
114927 * Get file system info
114928 */
114929 static __be32
114930 -nfsd_proc_statfs(struct svc_rqst * rqstp, struct nfsd_fhandle *argp,
114931 - struct nfsd_statfsres *resp)
114932 +nfsd_proc_statfs(struct svc_rqst * rqstp, void *_argp,
114933 + void *_resp)
114934 {
114935 + struct nfsd_fhandle *argp = _argp;
114936 + struct nfsd_statfsres *resp = _resp;
114937 __be32 nfserr;
114938
114939 dprintk("nfsd: STATFS %s\n", SVCFH_fmt(&argp->fh));
114940 @@ -571,166 +596,166 @@ struct nfsd_void { int dummy; };
114941
114942 static struct svc_procedure nfsd_procedures2[18] = {
114943 [NFSPROC_NULL] = {
114944 - .pc_func = (svc_procfunc) nfsd_proc_null,
114945 - .pc_decode = (kxdrproc_t) nfssvc_decode_void,
114946 - .pc_encode = (kxdrproc_t) nfssvc_encode_void,
114947 + .pc_func = nfsd_proc_null,
114948 + .pc_decode = nfssvc_decode_void,
114949 + .pc_encode = nfssvc_encode_void,
114950 .pc_argsize = sizeof(struct nfsd_void),
114951 .pc_ressize = sizeof(struct nfsd_void),
114952 .pc_cachetype = RC_NOCACHE,
114953 .pc_xdrressize = ST,
114954 },
114955 [NFSPROC_GETATTR] = {
114956 - .pc_func = (svc_procfunc) nfsd_proc_getattr,
114957 - .pc_decode = (kxdrproc_t) nfssvc_decode_fhandle,
114958 - .pc_encode = (kxdrproc_t) nfssvc_encode_attrstat,
114959 - .pc_release = (kxdrproc_t) nfssvc_release_fhandle,
114960 + .pc_func = nfsd_proc_getattr,
114961 + .pc_decode = nfssvc_decode_fhandle,
114962 + .pc_encode = nfssvc_encode_attrstat,
114963 + .pc_release = nfssvc_release_fhandle,
114964 .pc_argsize = sizeof(struct nfsd_fhandle),
114965 .pc_ressize = sizeof(struct nfsd_attrstat),
114966 .pc_cachetype = RC_NOCACHE,
114967 .pc_xdrressize = ST+AT,
114968 },
114969 [NFSPROC_SETATTR] = {
114970 - .pc_func = (svc_procfunc) nfsd_proc_setattr,
114971 - .pc_decode = (kxdrproc_t) nfssvc_decode_sattrargs,
114972 - .pc_encode = (kxdrproc_t) nfssvc_encode_attrstat,
114973 - .pc_release = (kxdrproc_t) nfssvc_release_fhandle,
114974 + .pc_func = nfsd_proc_setattr,
114975 + .pc_decode = nfssvc_decode_sattrargs,
114976 + .pc_encode = nfssvc_encode_attrstat,
114977 + .pc_release = nfssvc_release_fhandle,
114978 .pc_argsize = sizeof(struct nfsd_sattrargs),
114979 .pc_ressize = sizeof(struct nfsd_attrstat),
114980 .pc_cachetype = RC_REPLBUFF,
114981 .pc_xdrressize = ST+AT,
114982 },
114983 [NFSPROC_ROOT] = {
114984 - .pc_decode = (kxdrproc_t) nfssvc_decode_void,
114985 - .pc_encode = (kxdrproc_t) nfssvc_encode_void,
114986 + .pc_decode = nfssvc_decode_void,
114987 + .pc_encode = nfssvc_encode_void,
114988 .pc_argsize = sizeof(struct nfsd_void),
114989 .pc_ressize = sizeof(struct nfsd_void),
114990 .pc_cachetype = RC_NOCACHE,
114991 .pc_xdrressize = ST,
114992 },
114993 [NFSPROC_LOOKUP] = {
114994 - .pc_func = (svc_procfunc) nfsd_proc_lookup,
114995 - .pc_decode = (kxdrproc_t) nfssvc_decode_diropargs,
114996 - .pc_encode = (kxdrproc_t) nfssvc_encode_diropres,
114997 - .pc_release = (kxdrproc_t) nfssvc_release_fhandle,
114998 + .pc_func = nfsd_proc_lookup,
114999 + .pc_decode = nfssvc_decode_diropargs,
115000 + .pc_encode = nfssvc_encode_diropres,
115001 + .pc_release = nfssvc_release_fhandle,
115002 .pc_argsize = sizeof(struct nfsd_diropargs),
115003 .pc_ressize = sizeof(struct nfsd_diropres),
115004 .pc_cachetype = RC_NOCACHE,
115005 .pc_xdrressize = ST+FH+AT,
115006 },
115007 [NFSPROC_READLINK] = {
115008 - .pc_func = (svc_procfunc) nfsd_proc_readlink,
115009 - .pc_decode = (kxdrproc_t) nfssvc_decode_readlinkargs,
115010 - .pc_encode = (kxdrproc_t) nfssvc_encode_readlinkres,
115011 + .pc_func = nfsd_proc_readlink,
115012 + .pc_decode = nfssvc_decode_readlinkargs,
115013 + .pc_encode = nfssvc_encode_readlinkres,
115014 .pc_argsize = sizeof(struct nfsd_readlinkargs),
115015 .pc_ressize = sizeof(struct nfsd_readlinkres),
115016 .pc_cachetype = RC_NOCACHE,
115017 .pc_xdrressize = ST+1+NFS_MAXPATHLEN/4,
115018 },
115019 [NFSPROC_READ] = {
115020 - .pc_func = (svc_procfunc) nfsd_proc_read,
115021 - .pc_decode = (kxdrproc_t) nfssvc_decode_readargs,
115022 - .pc_encode = (kxdrproc_t) nfssvc_encode_readres,
115023 - .pc_release = (kxdrproc_t) nfssvc_release_fhandle,
115024 + .pc_func = nfsd_proc_read,
115025 + .pc_decode = nfssvc_decode_readargs,
115026 + .pc_encode = nfssvc_encode_readres,
115027 + .pc_release = nfssvc_release_fhandle,
115028 .pc_argsize = sizeof(struct nfsd_readargs),
115029 .pc_ressize = sizeof(struct nfsd_readres),
115030 .pc_cachetype = RC_NOCACHE,
115031 .pc_xdrressize = ST+AT+1+NFSSVC_MAXBLKSIZE_V2/4,
115032 },
115033 [NFSPROC_WRITECACHE] = {
115034 - .pc_decode = (kxdrproc_t) nfssvc_decode_void,
115035 - .pc_encode = (kxdrproc_t) nfssvc_encode_void,
115036 + .pc_decode = nfssvc_decode_void,
115037 + .pc_encode = nfssvc_encode_void,
115038 .pc_argsize = sizeof(struct nfsd_void),
115039 .pc_ressize = sizeof(struct nfsd_void),
115040 .pc_cachetype = RC_NOCACHE,
115041 .pc_xdrressize = ST,
115042 },
115043 [NFSPROC_WRITE] = {
115044 - .pc_func = (svc_procfunc) nfsd_proc_write,
115045 - .pc_decode = (kxdrproc_t) nfssvc_decode_writeargs,
115046 - .pc_encode = (kxdrproc_t) nfssvc_encode_attrstat,
115047 - .pc_release = (kxdrproc_t) nfssvc_release_fhandle,
115048 + .pc_func = nfsd_proc_write,
115049 + .pc_decode = nfssvc_decode_writeargs,
115050 + .pc_encode = nfssvc_encode_attrstat,
115051 + .pc_release = nfssvc_release_fhandle,
115052 .pc_argsize = sizeof(struct nfsd_writeargs),
115053 .pc_ressize = sizeof(struct nfsd_attrstat),
115054 .pc_cachetype = RC_REPLBUFF,
115055 .pc_xdrressize = ST+AT,
115056 },
115057 [NFSPROC_CREATE] = {
115058 - .pc_func = (svc_procfunc) nfsd_proc_create,
115059 - .pc_decode = (kxdrproc_t) nfssvc_decode_createargs,
115060 - .pc_encode = (kxdrproc_t) nfssvc_encode_diropres,
115061 - .pc_release = (kxdrproc_t) nfssvc_release_fhandle,
115062 + .pc_func = nfsd_proc_create,
115063 + .pc_decode = nfssvc_decode_createargs,
115064 + .pc_encode = nfssvc_encode_diropres,
115065 + .pc_release = nfssvc_release_fhandle,
115066 .pc_argsize = sizeof(struct nfsd_createargs),
115067 .pc_ressize = sizeof(struct nfsd_diropres),
115068 .pc_cachetype = RC_REPLBUFF,
115069 .pc_xdrressize = ST+FH+AT,
115070 },
115071 [NFSPROC_REMOVE] = {
115072 - .pc_func = (svc_procfunc) nfsd_proc_remove,
115073 - .pc_decode = (kxdrproc_t) nfssvc_decode_diropargs,
115074 - .pc_encode = (kxdrproc_t) nfssvc_encode_void,
115075 + .pc_func = nfsd_proc_remove,
115076 + .pc_decode = nfssvc_decode_diropargs,
115077 + .pc_encode = nfssvc_encode_void,
115078 .pc_argsize = sizeof(struct nfsd_diropargs),
115079 .pc_ressize = sizeof(struct nfsd_void),
115080 .pc_cachetype = RC_REPLSTAT,
115081 .pc_xdrressize = ST,
115082 },
115083 [NFSPROC_RENAME] = {
115084 - .pc_func = (svc_procfunc) nfsd_proc_rename,
115085 - .pc_decode = (kxdrproc_t) nfssvc_decode_renameargs,
115086 - .pc_encode = (kxdrproc_t) nfssvc_encode_void,
115087 + .pc_func = nfsd_proc_rename,
115088 + .pc_decode = nfssvc_decode_renameargs,
115089 + .pc_encode = nfssvc_encode_void,
115090 .pc_argsize = sizeof(struct nfsd_renameargs),
115091 .pc_ressize = sizeof(struct nfsd_void),
115092 .pc_cachetype = RC_REPLSTAT,
115093 .pc_xdrressize = ST,
115094 },
115095 [NFSPROC_LINK] = {
115096 - .pc_func = (svc_procfunc) nfsd_proc_link,
115097 - .pc_decode = (kxdrproc_t) nfssvc_decode_linkargs,
115098 - .pc_encode = (kxdrproc_t) nfssvc_encode_void,
115099 + .pc_func = nfsd_proc_link,
115100 + .pc_decode = nfssvc_decode_linkargs,
115101 + .pc_encode = nfssvc_encode_void,
115102 .pc_argsize = sizeof(struct nfsd_linkargs),
115103 .pc_ressize = sizeof(struct nfsd_void),
115104 .pc_cachetype = RC_REPLSTAT,
115105 .pc_xdrressize = ST,
115106 },
115107 [NFSPROC_SYMLINK] = {
115108 - .pc_func = (svc_procfunc) nfsd_proc_symlink,
115109 - .pc_decode = (kxdrproc_t) nfssvc_decode_symlinkargs,
115110 - .pc_encode = (kxdrproc_t) nfssvc_encode_void,
115111 + .pc_func = nfsd_proc_symlink,
115112 + .pc_decode = nfssvc_decode_symlinkargs,
115113 + .pc_encode = nfssvc_encode_void,
115114 .pc_argsize = sizeof(struct nfsd_symlinkargs),
115115 .pc_ressize = sizeof(struct nfsd_void),
115116 .pc_cachetype = RC_REPLSTAT,
115117 .pc_xdrressize = ST,
115118 },
115119 [NFSPROC_MKDIR] = {
115120 - .pc_func = (svc_procfunc) nfsd_proc_mkdir,
115121 - .pc_decode = (kxdrproc_t) nfssvc_decode_createargs,
115122 - .pc_encode = (kxdrproc_t) nfssvc_encode_diropres,
115123 - .pc_release = (kxdrproc_t) nfssvc_release_fhandle,
115124 + .pc_func = nfsd_proc_mkdir,
115125 + .pc_decode = nfssvc_decode_createargs,
115126 + .pc_encode = nfssvc_encode_diropres,
115127 + .pc_release = nfssvc_release_fhandle,
115128 .pc_argsize = sizeof(struct nfsd_createargs),
115129 .pc_ressize = sizeof(struct nfsd_diropres),
115130 .pc_cachetype = RC_REPLBUFF,
115131 .pc_xdrressize = ST+FH+AT,
115132 },
115133 [NFSPROC_RMDIR] = {
115134 - .pc_func = (svc_procfunc) nfsd_proc_rmdir,
115135 - .pc_decode = (kxdrproc_t) nfssvc_decode_diropargs,
115136 - .pc_encode = (kxdrproc_t) nfssvc_encode_void,
115137 + .pc_func = nfsd_proc_rmdir,
115138 + .pc_decode = nfssvc_decode_diropargs,
115139 + .pc_encode = nfssvc_encode_void,
115140 .pc_argsize = sizeof(struct nfsd_diropargs),
115141 .pc_ressize = sizeof(struct nfsd_void),
115142 .pc_cachetype = RC_REPLSTAT,
115143 .pc_xdrressize = ST,
115144 },
115145 [NFSPROC_READDIR] = {
115146 - .pc_func = (svc_procfunc) nfsd_proc_readdir,
115147 - .pc_decode = (kxdrproc_t) nfssvc_decode_readdirargs,
115148 - .pc_encode = (kxdrproc_t) nfssvc_encode_readdirres,
115149 + .pc_func = nfsd_proc_readdir,
115150 + .pc_decode = nfssvc_decode_readdirargs,
115151 + .pc_encode = nfssvc_encode_readdirres,
115152 .pc_argsize = sizeof(struct nfsd_readdirargs),
115153 .pc_ressize = sizeof(struct nfsd_readdirres),
115154 .pc_cachetype = RC_NOCACHE,
115155 },
115156 [NFSPROC_STATFS] = {
115157 - .pc_func = (svc_procfunc) nfsd_proc_statfs,
115158 - .pc_decode = (kxdrproc_t) nfssvc_decode_fhandle,
115159 - .pc_encode = (kxdrproc_t) nfssvc_encode_statfsres,
115160 + .pc_func = nfsd_proc_statfs,
115161 + .pc_decode = nfssvc_decode_fhandle,
115162 + .pc_encode = nfssvc_encode_statfsres,
115163 .pc_argsize = sizeof(struct nfsd_fhandle),
115164 .pc_ressize = sizeof(struct nfsd_statfsres),
115165 .pc_cachetype = RC_NOCACHE,
115166 diff --git a/fs/nfsd/nfsxdr.c b/fs/nfsd/nfsxdr.c
115167 index 41b468a..44e3e32 100644
115168 --- a/fs/nfsd/nfsxdr.c
115169 +++ b/fs/nfsd/nfsxdr.c
115170 @@ -206,14 +206,16 @@ __be32 *nfs2svc_encode_fattr(struct svc_rqst *rqstp, __be32 *p, struct svc_fh *f
115171 * XDR decode functions
115172 */
115173 int
115174 -nfssvc_decode_void(struct svc_rqst *rqstp, __be32 *p, void *dummy)
115175 +nfssvc_decode_void(void *rqstp, __be32 *p, void *dummy)
115176 {
115177 return xdr_argsize_check(rqstp, p);
115178 }
115179
115180 int
115181 -nfssvc_decode_fhandle(struct svc_rqst *rqstp, __be32 *p, struct nfsd_fhandle *args)
115182 +nfssvc_decode_fhandle(void *rqstp, __be32 *p, void *_args)
115183 {
115184 + struct nfsd_fhandle *args = _args;
115185 +
115186 p = decode_fh(p, &args->fh);
115187 if (!p)
115188 return 0;
115189 @@ -221,9 +223,10 @@ nfssvc_decode_fhandle(struct svc_rqst *rqstp, __be32 *p, struct nfsd_fhandle *ar
115190 }
115191
115192 int
115193 -nfssvc_decode_sattrargs(struct svc_rqst *rqstp, __be32 *p,
115194 - struct nfsd_sattrargs *args)
115195 +nfssvc_decode_sattrargs(void *rqstp, __be32 *p, void *_args)
115196 {
115197 + struct nfsd_sattrargs *args = _args;
115198 +
115199 p = decode_fh(p, &args->fh);
115200 if (!p)
115201 return 0;
115202 @@ -233,9 +236,10 @@ nfssvc_decode_sattrargs(struct svc_rqst *rqstp, __be32 *p,
115203 }
115204
115205 int
115206 -nfssvc_decode_diropargs(struct svc_rqst *rqstp, __be32 *p,
115207 - struct nfsd_diropargs *args)
115208 +nfssvc_decode_diropargs(void *rqstp, __be32 *p, void *_args)
115209 {
115210 + struct nfsd_diropargs *args = _args;
115211 +
115212 if (!(p = decode_fh(p, &args->fh))
115213 || !(p = decode_filename(p, &args->name, &args->len)))
115214 return 0;
115215 @@ -244,9 +248,10 @@ nfssvc_decode_diropargs(struct svc_rqst *rqstp, __be32 *p,
115216 }
115217
115218 int
115219 -nfssvc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
115220 - struct nfsd_readargs *args)
115221 +nfssvc_decode_readargs(void *_rqstp, __be32 *p, void *_args)
115222 {
115223 + struct svc_rqst *rqstp = _rqstp;
115224 + struct nfsd_readargs *args = _args;
115225 unsigned int len;
115226 int v;
115227 p = decode_fh(p, &args->fh);
115228 @@ -276,9 +281,10 @@ nfssvc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
115229 }
115230
115231 int
115232 -nfssvc_decode_writeargs(struct svc_rqst *rqstp, __be32 *p,
115233 - struct nfsd_writeargs *args)
115234 +nfssvc_decode_writeargs(void *_rqstp, __be32 *p, void *_args)
115235 {
115236 + struct svc_rqst *rqstp = _rqstp;
115237 + struct nfsd_writeargs *args = _args;
115238 unsigned int len, hdr, dlen;
115239 int v;
115240
115241 @@ -330,9 +336,10 @@ nfssvc_decode_writeargs(struct svc_rqst *rqstp, __be32 *p,
115242 }
115243
115244 int
115245 -nfssvc_decode_createargs(struct svc_rqst *rqstp, __be32 *p,
115246 - struct nfsd_createargs *args)
115247 +nfssvc_decode_createargs(void *rqstp, __be32 *p, void *_args)
115248 {
115249 + struct nfsd_createargs *args = _args;
115250 +
115251 if ( !(p = decode_fh(p, &args->fh))
115252 || !(p = decode_filename(p, &args->name, &args->len)))
115253 return 0;
115254 @@ -342,9 +349,10 @@ nfssvc_decode_createargs(struct svc_rqst *rqstp, __be32 *p,
115255 }
115256
115257 int
115258 -nfssvc_decode_renameargs(struct svc_rqst *rqstp, __be32 *p,
115259 - struct nfsd_renameargs *args)
115260 +nfssvc_decode_renameargs(void *rqstp, __be32 *p, void *_args)
115261 {
115262 + struct nfsd_renameargs *args = _args;
115263 +
115264 if (!(p = decode_fh(p, &args->ffh))
115265 || !(p = decode_filename(p, &args->fname, &args->flen))
115266 || !(p = decode_fh(p, &args->tfh))
115267 @@ -355,8 +363,11 @@ nfssvc_decode_renameargs(struct svc_rqst *rqstp, __be32 *p,
115268 }
115269
115270 int
115271 -nfssvc_decode_readlinkargs(struct svc_rqst *rqstp, __be32 *p, struct nfsd_readlinkargs *args)
115272 +nfssvc_decode_readlinkargs(void *_rqstp, __be32 *p, void *_args)
115273 {
115274 + struct svc_rqst *rqstp = _rqstp;
115275 + struct nfsd_readlinkargs *args = _args;
115276 +
115277 p = decode_fh(p, &args->fh);
115278 if (!p)
115279 return 0;
115280 @@ -366,9 +377,10 @@ nfssvc_decode_readlinkargs(struct svc_rqst *rqstp, __be32 *p, struct nfsd_readli
115281 }
115282
115283 int
115284 -nfssvc_decode_linkargs(struct svc_rqst *rqstp, __be32 *p,
115285 - struct nfsd_linkargs *args)
115286 +nfssvc_decode_linkargs(void *rqstp, __be32 *p, void *_args)
115287 {
115288 + struct nfsd_linkargs *args = _args;
115289 +
115290 if (!(p = decode_fh(p, &args->ffh))
115291 || !(p = decode_fh(p, &args->tfh))
115292 || !(p = decode_filename(p, &args->tname, &args->tlen)))
115293 @@ -378,9 +390,10 @@ nfssvc_decode_linkargs(struct svc_rqst *rqstp, __be32 *p,
115294 }
115295
115296 int
115297 -nfssvc_decode_symlinkargs(struct svc_rqst *rqstp, __be32 *p,
115298 - struct nfsd_symlinkargs *args)
115299 +nfssvc_decode_symlinkargs(void *rqstp, __be32 *p, void *_args)
115300 {
115301 + struct nfsd_symlinkargs *args = _args;
115302 +
115303 if ( !(p = decode_fh(p, &args->ffh))
115304 || !(p = decode_filename(p, &args->fname, &args->flen))
115305 || !(p = decode_pathname(p, &args->tname, &args->tlen)))
115306 @@ -391,9 +404,11 @@ nfssvc_decode_symlinkargs(struct svc_rqst *rqstp, __be32 *p,
115307 }
115308
115309 int
115310 -nfssvc_decode_readdirargs(struct svc_rqst *rqstp, __be32 *p,
115311 - struct nfsd_readdirargs *args)
115312 +nfssvc_decode_readdirargs(void *_rqstp, __be32 *p, void *_args)
115313 {
115314 + struct svc_rqst *rqstp = _rqstp;
115315 + struct nfsd_readdirargs *args = _args;
115316 +
115317 p = decode_fh(p, &args->fh);
115318 if (!p)
115319 return 0;
115320 @@ -409,32 +424,36 @@ nfssvc_decode_readdirargs(struct svc_rqst *rqstp, __be32 *p,
115321 * XDR encode functions
115322 */
115323 int
115324 -nfssvc_encode_void(struct svc_rqst *rqstp, __be32 *p, void *dummy)
115325 +nfssvc_encode_void(void *rqstp, __be32 *p, void *dummy)
115326 {
115327 return xdr_ressize_check(rqstp, p);
115328 }
115329
115330 int
115331 -nfssvc_encode_attrstat(struct svc_rqst *rqstp, __be32 *p,
115332 - struct nfsd_attrstat *resp)
115333 +nfssvc_encode_attrstat(void *rqstp, __be32 *p, void *_resp)
115334 {
115335 + struct nfsd_diropres *resp = _resp;
115336 +
115337 p = encode_fattr(rqstp, p, &resp->fh, &resp->stat);
115338 return xdr_ressize_check(rqstp, p);
115339 }
115340
115341 int
115342 -nfssvc_encode_diropres(struct svc_rqst *rqstp, __be32 *p,
115343 - struct nfsd_diropres *resp)
115344 +nfssvc_encode_diropres(void *rqstp, __be32 *p, void *_resp)
115345 {
115346 + struct nfsd_diropres *resp = _resp;
115347 +
115348 p = encode_fh(p, &resp->fh);
115349 p = encode_fattr(rqstp, p, &resp->fh, &resp->stat);
115350 return xdr_ressize_check(rqstp, p);
115351 }
115352
115353 int
115354 -nfssvc_encode_readlinkres(struct svc_rqst *rqstp, __be32 *p,
115355 - struct nfsd_readlinkres *resp)
115356 +nfssvc_encode_readlinkres(void *_rqstp, __be32 *p, void *_resp)
115357 {
115358 + struct svc_rqst *rqstp= _rqstp;
115359 + struct nfsd_readlinkres *resp = _resp;
115360 +
115361 *p++ = htonl(resp->len);
115362 xdr_ressize_check(rqstp, p);
115363 rqstp->rq_res.page_len = resp->len;
115364 @@ -448,9 +467,11 @@ nfssvc_encode_readlinkres(struct svc_rqst *rqstp, __be32 *p,
115365 }
115366
115367 int
115368 -nfssvc_encode_readres(struct svc_rqst *rqstp, __be32 *p,
115369 - struct nfsd_readres *resp)
115370 +nfssvc_encode_readres(void *_rqstp, __be32 *p, void *_resp)
115371 {
115372 + struct svc_rqst *rqstp = _rqstp;
115373 + struct nfsd_readres *resp = _resp;
115374 +
115375 p = encode_fattr(rqstp, p, &resp->fh, &resp->stat);
115376 *p++ = htonl(resp->count);
115377 xdr_ressize_check(rqstp, p);
115378 @@ -467,9 +488,11 @@ nfssvc_encode_readres(struct svc_rqst *rqstp, __be32 *p,
115379 }
115380
115381 int
115382 -nfssvc_encode_readdirres(struct svc_rqst *rqstp, __be32 *p,
115383 - struct nfsd_readdirres *resp)
115384 +nfssvc_encode_readdirres(void *_rqstp, __be32 *p, void *_resp)
115385 {
115386 + struct svc_rqst *rqstp = _rqstp;
115387 + struct nfsd_readdirres *resp = _resp;
115388 +
115389 xdr_ressize_check(rqstp, p);
115390 p = resp->buffer;
115391 *p++ = 0; /* no more entries */
115392 @@ -480,9 +503,9 @@ nfssvc_encode_readdirres(struct svc_rqst *rqstp, __be32 *p,
115393 }
115394
115395 int
115396 -nfssvc_encode_statfsres(struct svc_rqst *rqstp, __be32 *p,
115397 - struct nfsd_statfsres *resp)
115398 +nfssvc_encode_statfsres(void *rqstp, __be32 *p, void *_resp)
115399 {
115400 + struct nfsd_statfsres *resp = _resp;
115401 struct kstatfs *stat = &resp->stats;
115402
115403 *p++ = htonl(NFSSVC_MAXBLKSIZE_V2); /* max transfer size */
115404 @@ -542,9 +565,10 @@ nfssvc_encode_entry(void *ccdv, const char *name,
115405 * XDR release functions
115406 */
115407 int
115408 -nfssvc_release_fhandle(struct svc_rqst *rqstp, __be32 *p,
115409 - struct nfsd_fhandle *resp)
115410 +nfssvc_release_fhandle(void *rqstp, __be32 *p, void *_resp)
115411 {
115412 + struct nfsd_fhandle *resp = _resp;
115413 +
115414 fh_put(&resp->fh);
115415 return 1;
115416 }
115417 diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
115418 index ff476e6..08ef362 100644
115419 --- a/fs/nfsd/vfs.c
115420 +++ b/fs/nfsd/vfs.c
115421 @@ -870,7 +870,7 @@ __be32 nfsd_readv(struct file *file, loff_t offset, struct kvec *vec, int vlen,
115422
115423 oldfs = get_fs();
115424 set_fs(KERNEL_DS);
115425 - host_err = vfs_readv(file, (struct iovec __user *)vec, vlen, &offset, 0);
115426 + host_err = vfs_readv(file, (struct iovec __force_user *)vec, vlen, &offset, 0);
115427 set_fs(oldfs);
115428 return nfsd_finish_read(file, count, host_err);
115429 }
115430 @@ -960,7 +960,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
115431
115432 /* Write the data. */
115433 oldfs = get_fs(); set_fs(KERNEL_DS);
115434 - host_err = vfs_writev(file, (struct iovec __user *)vec, vlen, &pos, flags);
115435 + host_err = vfs_writev(file, (struct iovec __force_user *)vec, vlen, &pos, flags);
115436 set_fs(oldfs);
115437 if (host_err < 0)
115438 goto out_nfserr;
115439 @@ -1459,7 +1459,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp)
115440 */
115441
115442 oldfs = get_fs(); set_fs(KERNEL_DS);
115443 - host_err = inode->i_op->readlink(path.dentry, (char __user *)buf, *lenp);
115444 + host_err = inode->i_op->readlink(path.dentry, (char __force_user *)buf, *lenp);
115445 set_fs(oldfs);
115446
115447 if (host_err < 0)
115448 diff --git a/fs/nfsd/xdr.h b/fs/nfsd/xdr.h
115449 index 4f0481d..193c8e7 100644
115450 --- a/fs/nfsd/xdr.h
115451 +++ b/fs/nfsd/xdr.h
115452 @@ -131,40 +131,30 @@ union nfsd_xdrstore {
115453 #define NFS2_SVC_XDRSIZE sizeof(union nfsd_xdrstore)
115454
115455
115456 -int nfssvc_decode_void(struct svc_rqst *, __be32 *, void *);
115457 -int nfssvc_decode_fhandle(struct svc_rqst *, __be32 *, struct nfsd_fhandle *);
115458 -int nfssvc_decode_sattrargs(struct svc_rqst *, __be32 *,
115459 - struct nfsd_sattrargs *);
115460 -int nfssvc_decode_diropargs(struct svc_rqst *, __be32 *,
115461 - struct nfsd_diropargs *);
115462 -int nfssvc_decode_readargs(struct svc_rqst *, __be32 *,
115463 - struct nfsd_readargs *);
115464 -int nfssvc_decode_writeargs(struct svc_rqst *, __be32 *,
115465 - struct nfsd_writeargs *);
115466 -int nfssvc_decode_createargs(struct svc_rqst *, __be32 *,
115467 - struct nfsd_createargs *);
115468 -int nfssvc_decode_renameargs(struct svc_rqst *, __be32 *,
115469 - struct nfsd_renameargs *);
115470 -int nfssvc_decode_readlinkargs(struct svc_rqst *, __be32 *,
115471 - struct nfsd_readlinkargs *);
115472 -int nfssvc_decode_linkargs(struct svc_rqst *, __be32 *,
115473 - struct nfsd_linkargs *);
115474 -int nfssvc_decode_symlinkargs(struct svc_rqst *, __be32 *,
115475 - struct nfsd_symlinkargs *);
115476 -int nfssvc_decode_readdirargs(struct svc_rqst *, __be32 *,
115477 - struct nfsd_readdirargs *);
115478 -int nfssvc_encode_void(struct svc_rqst *, __be32 *, void *);
115479 -int nfssvc_encode_attrstat(struct svc_rqst *, __be32 *, struct nfsd_attrstat *);
115480 -int nfssvc_encode_diropres(struct svc_rqst *, __be32 *, struct nfsd_diropres *);
115481 -int nfssvc_encode_readlinkres(struct svc_rqst *, __be32 *, struct nfsd_readlinkres *);
115482 -int nfssvc_encode_readres(struct svc_rqst *, __be32 *, struct nfsd_readres *);
115483 -int nfssvc_encode_statfsres(struct svc_rqst *, __be32 *, struct nfsd_statfsres *);
115484 -int nfssvc_encode_readdirres(struct svc_rqst *, __be32 *, struct nfsd_readdirres *);
115485 +int nfssvc_decode_void(void *, __be32 *, void *);
115486 +int nfssvc_decode_fhandle(void *, __be32 *, void *);
115487 +int nfssvc_decode_sattrargs(void *, __be32 *, void *);
115488 +int nfssvc_decode_diropargs(void *, __be32 *, void *);
115489 +int nfssvc_decode_readargs(void *, __be32 *, void *);
115490 +int nfssvc_decode_writeargs(void *, __be32 *, void *);
115491 +int nfssvc_decode_createargs(void *, __be32 *, void *);
115492 +int nfssvc_decode_renameargs(void *, __be32 *, void *);
115493 +int nfssvc_decode_readlinkargs(void *, __be32 *, void *);
115494 +int nfssvc_decode_linkargs(void *, __be32 *, void *);
115495 +int nfssvc_decode_symlinkargs(void *, __be32 *, void *);
115496 +int nfssvc_decode_readdirargs(void *, __be32 *, void *);
115497 +int nfssvc_encode_void(void *, __be32 *, void *);
115498 +int nfssvc_encode_attrstat(void *, __be32 *, void *);
115499 +int nfssvc_encode_diropres(void *, __be32 *, void *);
115500 +int nfssvc_encode_readlinkres(void *, __be32 *, void *);
115501 +int nfssvc_encode_readres(void *, __be32 *, void *);
115502 +int nfssvc_encode_statfsres(void *, __be32 *, void *);
115503 +int nfssvc_encode_readdirres(void *, __be32 *, void *);
115504
115505 int nfssvc_encode_entry(void *, const char *name,
115506 int namlen, loff_t offset, u64 ino, unsigned int);
115507
115508 -int nfssvc_release_fhandle(struct svc_rqst *, __be32 *, struct nfsd_fhandle *);
115509 +int nfssvc_release_fhandle(void *, __be32 *, void *);
115510
115511 /* Helper functions for NFSv2 ACL code */
115512 __be32 *nfs2svc_encode_fattr(struct svc_rqst *rqstp, __be32 *p, struct svc_fh *fhp, struct kstat *stat);
115513 diff --git a/fs/nfsd/xdr3.h b/fs/nfsd/xdr3.h
115514 index 335e04a..d77a9c9 100644
115515 --- a/fs/nfsd/xdr3.h
115516 +++ b/fs/nfsd/xdr3.h
115517 @@ -269,71 +269,41 @@ union nfsd3_xdrstore {
115518
115519 #define NFS3_SVC_XDRSIZE sizeof(union nfsd3_xdrstore)
115520
115521 -int nfs3svc_decode_fhandle(struct svc_rqst *, __be32 *, struct nfsd_fhandle *);
115522 -int nfs3svc_decode_sattrargs(struct svc_rqst *, __be32 *,
115523 - struct nfsd3_sattrargs *);
115524 -int nfs3svc_decode_diropargs(struct svc_rqst *, __be32 *,
115525 - struct nfsd3_diropargs *);
115526 -int nfs3svc_decode_accessargs(struct svc_rqst *, __be32 *,
115527 - struct nfsd3_accessargs *);
115528 -int nfs3svc_decode_readargs(struct svc_rqst *, __be32 *,
115529 - struct nfsd3_readargs *);
115530 -int nfs3svc_decode_writeargs(struct svc_rqst *, __be32 *,
115531 - struct nfsd3_writeargs *);
115532 -int nfs3svc_decode_createargs(struct svc_rqst *, __be32 *,
115533 - struct nfsd3_createargs *);
115534 -int nfs3svc_decode_mkdirargs(struct svc_rqst *, __be32 *,
115535 - struct nfsd3_createargs *);
115536 -int nfs3svc_decode_mknodargs(struct svc_rqst *, __be32 *,
115537 - struct nfsd3_mknodargs *);
115538 -int nfs3svc_decode_renameargs(struct svc_rqst *, __be32 *,
115539 - struct nfsd3_renameargs *);
115540 -int nfs3svc_decode_readlinkargs(struct svc_rqst *, __be32 *,
115541 - struct nfsd3_readlinkargs *);
115542 -int nfs3svc_decode_linkargs(struct svc_rqst *, __be32 *,
115543 - struct nfsd3_linkargs *);
115544 -int nfs3svc_decode_symlinkargs(struct svc_rqst *, __be32 *,
115545 - struct nfsd3_symlinkargs *);
115546 -int nfs3svc_decode_readdirargs(struct svc_rqst *, __be32 *,
115547 - struct nfsd3_readdirargs *);
115548 -int nfs3svc_decode_readdirplusargs(struct svc_rqst *, __be32 *,
115549 - struct nfsd3_readdirargs *);
115550 -int nfs3svc_decode_commitargs(struct svc_rqst *, __be32 *,
115551 - struct nfsd3_commitargs *);
115552 -int nfs3svc_encode_voidres(struct svc_rqst *, __be32 *, void *);
115553 -int nfs3svc_encode_attrstat(struct svc_rqst *, __be32 *,
115554 - struct nfsd3_attrstat *);
115555 -int nfs3svc_encode_wccstat(struct svc_rqst *, __be32 *,
115556 - struct nfsd3_attrstat *);
115557 -int nfs3svc_encode_diropres(struct svc_rqst *, __be32 *,
115558 - struct nfsd3_diropres *);
115559 -int nfs3svc_encode_accessres(struct svc_rqst *, __be32 *,
115560 - struct nfsd3_accessres *);
115561 -int nfs3svc_encode_readlinkres(struct svc_rqst *, __be32 *,
115562 - struct nfsd3_readlinkres *);
115563 -int nfs3svc_encode_readres(struct svc_rqst *, __be32 *, struct nfsd3_readres *);
115564 -int nfs3svc_encode_writeres(struct svc_rqst *, __be32 *, struct nfsd3_writeres *);
115565 -int nfs3svc_encode_createres(struct svc_rqst *, __be32 *,
115566 - struct nfsd3_diropres *);
115567 -int nfs3svc_encode_renameres(struct svc_rqst *, __be32 *,
115568 - struct nfsd3_renameres *);
115569 -int nfs3svc_encode_linkres(struct svc_rqst *, __be32 *,
115570 - struct nfsd3_linkres *);
115571 -int nfs3svc_encode_readdirres(struct svc_rqst *, __be32 *,
115572 - struct nfsd3_readdirres *);
115573 -int nfs3svc_encode_fsstatres(struct svc_rqst *, __be32 *,
115574 - struct nfsd3_fsstatres *);
115575 -int nfs3svc_encode_fsinfores(struct svc_rqst *, __be32 *,
115576 - struct nfsd3_fsinfores *);
115577 -int nfs3svc_encode_pathconfres(struct svc_rqst *, __be32 *,
115578 - struct nfsd3_pathconfres *);
115579 -int nfs3svc_encode_commitres(struct svc_rqst *, __be32 *,
115580 - struct nfsd3_commitres *);
115581 +int nfs3svc_decode_fhandle(void *, __be32 *, void *);
115582 +int nfs3svc_decode_sattrargs(void *, __be32 *, void *);
115583 +int nfs3svc_decode_diropargs(void *, __be32 *, void *);
115584 +int nfs3svc_decode_accessargs(void *, __be32 *, void *);
115585 +int nfs3svc_decode_readargs(void *, __be32 *, void *);
115586 +int nfs3svc_decode_writeargs(void *, __be32 *, void *);
115587 +int nfs3svc_decode_createargs(void *, __be32 *, void *);
115588 +int nfs3svc_decode_mkdirargs(void *, __be32 *, void *);
115589 +int nfs3svc_decode_mknodargs(void *, __be32 *, void *);
115590 +int nfs3svc_decode_renameargs(void *, __be32 *, void *);
115591 +int nfs3svc_decode_readlinkargs(void *, __be32 *, void *);
115592 +int nfs3svc_decode_linkargs(void *, __be32 *, void *);
115593 +int nfs3svc_decode_symlinkargs(void *, __be32 *, void *);
115594 +int nfs3svc_decode_readdirargs(void *, __be32 *, void *);
115595 +int nfs3svc_decode_readdirplusargs(void *, __be32 *, void *);
115596 +int nfs3svc_decode_commitargs(void *, __be32 *, void *);
115597 +int nfs3svc_encode_voidres(void *, __be32 *, void *);
115598 +int nfs3svc_encode_attrstat(void *, __be32 *, void *);
115599 +int nfs3svc_encode_wccstat(void *, __be32 *, void *);
115600 +int nfs3svc_encode_diropres(void *, __be32 *, void *);
115601 +int nfs3svc_encode_accessres(void *, __be32 *, void *);
115602 +int nfs3svc_encode_readlinkres(void *, __be32 *, void *);
115603 +int nfs3svc_encode_readres(void *, __be32 *, void *);
115604 +int nfs3svc_encode_writeres(void *, __be32 *, void *);
115605 +int nfs3svc_encode_createres(void *, __be32 *, void *);
115606 +int nfs3svc_encode_renameres(void *, __be32 *, void *);
115607 +int nfs3svc_encode_linkres(void *, __be32 *, void *);
115608 +int nfs3svc_encode_readdirres(void *, __be32 *, void *);
115609 +int nfs3svc_encode_fsstatres(void *, __be32 *, void *);
115610 +int nfs3svc_encode_fsinfores(void *, __be32 *, void *);
115611 +int nfs3svc_encode_pathconfres(void *, __be32 *, void *);
115612 +int nfs3svc_encode_commitres(void *, __be32 *, void *);
115613
115614 -int nfs3svc_release_fhandle(struct svc_rqst *, __be32 *,
115615 - struct nfsd3_attrstat *);
115616 -int nfs3svc_release_fhandle2(struct svc_rqst *, __be32 *,
115617 - struct nfsd3_fhandle_pair *);
115618 +int nfs3svc_release_fhandle(void *, __be32 *, void *);
115619 +int nfs3svc_release_fhandle2(void *, __be32 *, void *);
115620 int nfs3svc_encode_entry(void *, const char *name,
115621 int namlen, loff_t offset, u64 ino,
115622 unsigned int);
115623 diff --git a/fs/nfsd/xdr4.h b/fs/nfsd/xdr4.h
115624 index beea0c5..7f3699d 100644
115625 --- a/fs/nfsd/xdr4.h
115626 +++ b/fs/nfsd/xdr4.h
115627 @@ -659,11 +659,9 @@ set_change_info(struct nfsd4_change_info *cinfo, struct svc_fh *fhp)
115628
115629
115630 bool nfsd4_mach_creds_match(struct nfs4_client *cl, struct svc_rqst *rqstp);
115631 -int nfs4svc_encode_voidres(struct svc_rqst *, __be32 *, void *);
115632 -int nfs4svc_decode_compoundargs(struct svc_rqst *, __be32 *,
115633 - struct nfsd4_compoundargs *);
115634 -int nfs4svc_encode_compoundres(struct svc_rqst *, __be32 *,
115635 - struct nfsd4_compoundres *);
115636 +int nfs4svc_encode_voidres(void *, __be32 *, void *);
115637 +int nfs4svc_decode_compoundargs(void *, __be32 *, void *);
115638 +int nfs4svc_encode_compoundres(void *, __be32 *, void *);
115639 __be32 nfsd4_check_resp_size(struct nfsd4_compoundres *, u32);
115640 void nfsd4_encode_operation(struct nfsd4_compoundres *, struct nfsd4_op *);
115641 void nfsd4_encode_replay(struct xdr_stream *xdr, struct nfsd4_op *op);
115642 @@ -673,26 +671,26 @@ __be32 nfsd4_encode_fattr_to_buf(__be32 **p, int words,
115643 u32 *bmval, struct svc_rqst *, int ignore_crossmnt);
115644 extern __be32 nfsd4_setclientid(struct svc_rqst *rqstp,
115645 struct nfsd4_compound_state *,
115646 - struct nfsd4_setclientid *setclid);
115647 + void *setclid);
115648 extern __be32 nfsd4_setclientid_confirm(struct svc_rqst *rqstp,
115649 struct nfsd4_compound_state *,
115650 - struct nfsd4_setclientid_confirm *setclientid_confirm);
115651 + void *setclientid_confirm);
115652 extern __be32 nfsd4_exchange_id(struct svc_rqst *rqstp,
115653 - struct nfsd4_compound_state *, struct nfsd4_exchange_id *);
115654 -extern __be32 nfsd4_backchannel_ctl(struct svc_rqst *, struct nfsd4_compound_state *, struct nfsd4_backchannel_ctl *);
115655 -extern __be32 nfsd4_bind_conn_to_session(struct svc_rqst *, struct nfsd4_compound_state *, struct nfsd4_bind_conn_to_session *);
115656 + struct nfsd4_compound_state *, void *);
115657 +extern __be32 nfsd4_backchannel_ctl(struct svc_rqst *, struct nfsd4_compound_state *, void *);
115658 +extern __be32 nfsd4_bind_conn_to_session(struct svc_rqst *, struct nfsd4_compound_state *, void *);
115659 extern __be32 nfsd4_create_session(struct svc_rqst *,
115660 struct nfsd4_compound_state *,
115661 - struct nfsd4_create_session *);
115662 + void *);
115663 extern __be32 nfsd4_sequence(struct svc_rqst *,
115664 struct nfsd4_compound_state *,
115665 - struct nfsd4_sequence *);
115666 + void *);
115667 extern void nfsd4_sequence_done(struct nfsd4_compoundres *resp);
115668 extern __be32 nfsd4_destroy_session(struct svc_rqst *,
115669 struct nfsd4_compound_state *,
115670 - struct nfsd4_destroy_session *);
115671 -extern __be32 nfsd4_destroy_clientid(struct svc_rqst *, struct nfsd4_compound_state *, struct nfsd4_destroy_clientid *);
115672 -__be32 nfsd4_reclaim_complete(struct svc_rqst *, struct nfsd4_compound_state *, struct nfsd4_reclaim_complete *);
115673 + void *);
115674 +extern __be32 nfsd4_destroy_clientid(struct svc_rqst *, struct nfsd4_compound_state *, void *);
115675 +__be32 nfsd4_reclaim_complete(struct svc_rqst *, struct nfsd4_compound_state *, void *);
115676 extern __be32 nfsd4_process_open1(struct nfsd4_compound_state *,
115677 struct nfsd4_open *open, struct nfsd_net *nn);
115678 extern __be32 nfsd4_process_open2(struct svc_rqst *rqstp,
115679 @@ -701,34 +699,34 @@ extern void nfsd4_cstate_clear_replay(struct nfsd4_compound_state *cstate);
115680 extern void nfsd4_cleanup_open_state(struct nfsd4_compound_state *cstate,
115681 struct nfsd4_open *open);
115682 extern __be32 nfsd4_open_confirm(struct svc_rqst *rqstp,
115683 - struct nfsd4_compound_state *, struct nfsd4_open_confirm *oc);
115684 + struct nfsd4_compound_state *, void *oc);
115685 extern __be32 nfsd4_close(struct svc_rqst *rqstp,
115686 struct nfsd4_compound_state *,
115687 - struct nfsd4_close *close);
115688 + void *close);
115689 extern __be32 nfsd4_open_downgrade(struct svc_rqst *rqstp,
115690 struct nfsd4_compound_state *,
115691 - struct nfsd4_open_downgrade *od);
115692 + void *od);
115693 extern __be32 nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *,
115694 - struct nfsd4_lock *lock);
115695 + void *lock);
115696 extern __be32 nfsd4_lockt(struct svc_rqst *rqstp,
115697 struct nfsd4_compound_state *,
115698 - struct nfsd4_lockt *lockt);
115699 + void *lockt);
115700 extern __be32 nfsd4_locku(struct svc_rqst *rqstp,
115701 struct nfsd4_compound_state *,
115702 - struct nfsd4_locku *locku);
115703 + void *locku);
115704 extern __be32
115705 nfsd4_release_lockowner(struct svc_rqst *rqstp,
115706 struct nfsd4_compound_state *,
115707 - struct nfsd4_release_lockowner *rlockowner);
115708 + void *rlockowner);
115709 extern int nfsd4_release_compoundargs(void *rq, __be32 *p, void *resp);
115710 extern __be32 nfsd4_delegreturn(struct svc_rqst *rqstp,
115711 - struct nfsd4_compound_state *, struct nfsd4_delegreturn *dr);
115712 + struct nfsd4_compound_state *, void *dr);
115713 extern __be32 nfsd4_renew(struct svc_rqst *rqstp,
115714 - struct nfsd4_compound_state *, clientid_t *clid);
115715 + struct nfsd4_compound_state *, void *clid);
115716 extern __be32 nfsd4_test_stateid(struct svc_rqst *rqstp,
115717 - struct nfsd4_compound_state *, struct nfsd4_test_stateid *test_stateid);
115718 + struct nfsd4_compound_state *, void *test_stateid);
115719 extern __be32 nfsd4_free_stateid(struct svc_rqst *rqstp,
115720 - struct nfsd4_compound_state *, struct nfsd4_free_stateid *free_stateid);
115721 + struct nfsd4_compound_state *, void *free_stateid);
115722 extern void nfsd4_bump_seqid(struct nfsd4_compound_state *, __be32 nfserr);
115723
115724 #endif
115725 diff --git a/fs/nls/nls_base.c b/fs/nls/nls_base.c
115726 index 52ccd34..a166501 100644
115727 --- a/fs/nls/nls_base.c
115728 +++ b/fs/nls/nls_base.c
115729 @@ -234,21 +234,25 @@ EXPORT_SYMBOL(utf16s_to_utf8s);
115730
115731 int __register_nls(struct nls_table *nls, struct module *owner)
115732 {
115733 - struct nls_table ** tmp = &tables;
115734 + struct nls_table *tmp = tables;
115735
115736 if (nls->next)
115737 return -EBUSY;
115738
115739 - nls->owner = owner;
115740 + pax_open_kernel();
115741 + const_cast(nls->owner) = owner;
115742 + pax_close_kernel();
115743 spin_lock(&nls_lock);
115744 - while (*tmp) {
115745 - if (nls == *tmp) {
115746 + while (tmp) {
115747 + if (nls == tmp) {
115748 spin_unlock(&nls_lock);
115749 return -EBUSY;
115750 }
115751 - tmp = &(*tmp)->next;
115752 + tmp = tmp->next;
115753 }
115754 - nls->next = tables;
115755 + pax_open_kernel();
115756 + const_cast(nls->next) = tables;
115757 + pax_close_kernel();
115758 tables = nls;
115759 spin_unlock(&nls_lock);
115760 return 0;
115761 @@ -257,12 +261,14 @@ EXPORT_SYMBOL(__register_nls);
115762
115763 int unregister_nls(struct nls_table * nls)
115764 {
115765 - struct nls_table ** tmp = &tables;
115766 + struct nls_table * const * tmp = &tables;
115767
115768 spin_lock(&nls_lock);
115769 while (*tmp) {
115770 if (nls == *tmp) {
115771 - *tmp = nls->next;
115772 + pax_open_kernel();
115773 + *(struct nls_table **)tmp = nls->next;
115774 + pax_close_kernel();
115775 spin_unlock(&nls_lock);
115776 return 0;
115777 }
115778 @@ -272,7 +278,7 @@ int unregister_nls(struct nls_table * nls)
115779 return -EINVAL;
115780 }
115781
115782 -static struct nls_table *find_nls(char *charset)
115783 +static struct nls_table *find_nls(const char *charset)
115784 {
115785 struct nls_table *nls;
115786 spin_lock(&nls_lock);
115787 @@ -288,7 +294,7 @@ static struct nls_table *find_nls(char *charset)
115788 return nls;
115789 }
115790
115791 -struct nls_table *load_nls(char *charset)
115792 +struct nls_table *load_nls(const char *charset)
115793 {
115794 return try_then_request_module(find_nls(charset), "nls_%s", charset);
115795 }
115796 diff --git a/fs/nls/nls_cp932.c b/fs/nls/nls_cp932.c
115797 index 67b7398..38622e8 100644
115798 --- a/fs/nls/nls_cp932.c
115799 +++ b/fs/nls/nls_cp932.c
115800 @@ -7834,7 +7834,7 @@ static const unsigned char charset2upper[256] = {
115801 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, /* 0xf8-0xff */
115802 };
115803
115804 -static int uni2char(const wchar_t uni,
115805 +static int uni2char(wchar_t uni,
115806 unsigned char *out, int boundlen)
115807 {
115808 const unsigned char *uni2charset;
115809 diff --git a/fs/nls/nls_cp936.c b/fs/nls/nls_cp936.c
115810 index c96546c..d5dfe94 100644
115811 --- a/fs/nls/nls_cp936.c
115812 +++ b/fs/nls/nls_cp936.c
115813 @@ -10997,7 +10997,7 @@ static const unsigned char charset2upper[256] = {
115814 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, /* 0xf8-0xff */
115815 };
115816
115817 -static int uni2char(const wchar_t uni,
115818 +static int uni2char(wchar_t uni,
115819 unsigned char *out, int boundlen)
115820 {
115821 const unsigned char *uni2charset;
115822 diff --git a/fs/nls/nls_cp949.c b/fs/nls/nls_cp949.c
115823 index 199171e..709af9a 100644
115824 --- a/fs/nls/nls_cp949.c
115825 +++ b/fs/nls/nls_cp949.c
115826 @@ -13858,7 +13858,7 @@ static const unsigned char charset2upper[256] = {
115827 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, /* 0xf8-0xff */
115828 };
115829
115830 -static int uni2char(const wchar_t uni,
115831 +static int uni2char(wchar_t uni,
115832 unsigned char *out, int boundlen)
115833 {
115834 const unsigned char *uni2charset;
115835 diff --git a/fs/nls/nls_cp950.c b/fs/nls/nls_cp950.c
115836 index 8e14187..d9cec2f 100644
115837 --- a/fs/nls/nls_cp950.c
115838 +++ b/fs/nls/nls_cp950.c
115839 @@ -9394,7 +9394,7 @@ static const unsigned char charset2upper[256] = {
115840 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, /* 0xf8-0xff */
115841 };
115842
115843 -static int uni2char(const wchar_t uni,
115844 +static int uni2char(wchar_t uni,
115845 unsigned char *out, int boundlen)
115846 {
115847 const unsigned char *uni2charset;
115848 diff --git a/fs/nls/nls_euc-jp.c b/fs/nls/nls_euc-jp.c
115849 index 162b3f1..b9121f8 100644
115850 --- a/fs/nls/nls_euc-jp.c
115851 +++ b/fs/nls/nls_euc-jp.c
115852 @@ -406,7 +406,7 @@ static inline int sjisnec2sjisibm(unsigned char *sjisibm,
115853 return 2;
115854 }
115855
115856 -static int uni2char(const wchar_t uni,
115857 +static int uni2char(wchar_t uni,
115858 unsigned char *out, int boundlen)
115859 {
115860 int n;
115861 @@ -560,8 +560,10 @@ static int __init init_nls_euc_jp(void)
115862 p_nls = load_nls("cp932");
115863
115864 if (p_nls) {
115865 - table.charset2upper = p_nls->charset2upper;
115866 - table.charset2lower = p_nls->charset2lower;
115867 + pax_open_kernel();
115868 + const_cast(table.charset2upper) = p_nls->charset2upper;
115869 + const_cast(table.charset2lower) = p_nls->charset2lower;
115870 + pax_close_kernel();
115871 return register_nls(&table);
115872 }
115873
115874 diff --git a/fs/nls/nls_koi8-ru.c b/fs/nls/nls_koi8-ru.c
115875 index a80a741..f28c9c9 100644
115876 --- a/fs/nls/nls_koi8-ru.c
115877 +++ b/fs/nls/nls_koi8-ru.c
115878 @@ -13,7 +13,7 @@
115879
115880 static struct nls_table *p_nls;
115881
115882 -static int uni2char(const wchar_t uni,
115883 +static int uni2char(wchar_t uni,
115884 unsigned char *out, int boundlen)
115885 {
115886 if (boundlen <= 0)
115887 @@ -62,8 +62,10 @@ static int __init init_nls_koi8_ru(void)
115888 p_nls = load_nls("koi8-u");
115889
115890 if (p_nls) {
115891 - table.charset2upper = p_nls->charset2upper;
115892 - table.charset2lower = p_nls->charset2lower;
115893 + pax_open_kernel();
115894 + const_cast(table.charset2upper) = p_nls->charset2upper;
115895 + const_cast(table.charset2lower) = p_nls->charset2lower;
115896 + pax_close_kernel();
115897 return register_nls(&table);
115898 }
115899
115900 diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
115901 index a643138..4b88993 100644
115902 --- a/fs/notify/fanotify/fanotify_user.c
115903 +++ b/fs/notify/fanotify/fanotify_user.c
115904 @@ -216,8 +216,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group,
115905
115906 fd = fanotify_event_metadata.fd;
115907 ret = -EFAULT;
115908 - if (copy_to_user(buf, &fanotify_event_metadata,
115909 - fanotify_event_metadata.event_len))
115910 + if (fanotify_event_metadata.event_len > sizeof fanotify_event_metadata ||
115911 + copy_to_user(buf, &fanotify_event_metadata, fanotify_event_metadata.event_len))
115912 goto out_close_fd;
115913
115914 #ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS
115915 diff --git a/fs/notify/notification.c b/fs/notify/notification.c
115916 index e455e83..6e2b732 100644
115917 --- a/fs/notify/notification.c
115918 +++ b/fs/notify/notification.c
115919 @@ -48,7 +48,7 @@
115920 #include <linux/fsnotify_backend.h>
115921 #include "fsnotify.h"
115922
115923 -static atomic_t fsnotify_sync_cookie = ATOMIC_INIT(0);
115924 +static atomic_unchecked_t fsnotify_sync_cookie = ATOMIC_INIT(0);
115925
115926 /**
115927 * fsnotify_get_cookie - return a unique cookie for use in synchronizing events.
115928 @@ -56,7 +56,7 @@ static atomic_t fsnotify_sync_cookie = ATOMIC_INIT(0);
115929 */
115930 u32 fsnotify_get_cookie(void)
115931 {
115932 - return atomic_inc_return(&fsnotify_sync_cookie);
115933 + return atomic_inc_return_unchecked(&fsnotify_sync_cookie);
115934 }
115935 EXPORT_SYMBOL_GPL(fsnotify_get_cookie);
115936
115937 diff --git a/fs/ntfs/debug.h b/fs/ntfs/debug.h
115938 index 61bf091..6ac5619 100644
115939 --- a/fs/ntfs/debug.h
115940 +++ b/fs/ntfs/debug.h
115941 @@ -30,7 +30,7 @@
115942
115943 extern int debug_msgs;
115944
115945 -extern __printf(4, 5)
115946 +extern __printf(4, 5) __nocapture(3)
115947 void __ntfs_debug(const char *file, int line, const char *function,
115948 const char *format, ...);
115949 /**
115950 @@ -58,12 +58,12 @@ do { \
115951
115952 #endif /* !DEBUG */
115953
115954 -extern __printf(3, 4)
115955 +extern __printf(3, 4) __nocapture(1)
115956 void __ntfs_warning(const char *function, const struct super_block *sb,
115957 const char *fmt, ...);
115958 #define ntfs_warning(sb, f, a...) __ntfs_warning(__func__, sb, f, ##a)
115959
115960 -extern __printf(3, 4)
115961 +extern __printf(3, 4) __nocapture(1)
115962 void __ntfs_error(const char *function, const struct super_block *sb,
115963 const char *fmt, ...);
115964 #define ntfs_error(sb, f, a...) __ntfs_error(__func__, sb, f, ##a)
115965 diff --git a/fs/ntfs/dir.c b/fs/ntfs/dir.c
115966 index a186135..31eb358 100644
115967 --- a/fs/ntfs/dir.c
115968 +++ b/fs/ntfs/dir.c
115969 @@ -1310,7 +1310,7 @@ find_next_index_buffer:
115970 ia = (INDEX_ALLOCATION*)(kaddr + (ia_pos & ~PAGE_MASK &
115971 ~(s64)(ndir->itype.index.block_size - 1)));
115972 /* Bounds checks. */
115973 - if (unlikely((u8*)ia < kaddr || (u8*)ia > kaddr + PAGE_SIZE)) {
115974 + if (unlikely(!kaddr || (u8*)ia < kaddr || (u8*)ia > kaddr + PAGE_SIZE)) {
115975 ntfs_error(sb, "Out of bounds check failed. Corrupt directory "
115976 "inode 0x%lx or driver bug.", vdir->i_ino);
115977 goto err_out;
115978 @@ -1517,7 +1517,7 @@ static int ntfs_dir_fsync(struct file *filp, loff_t start, loff_t end,
115979 na.type = AT_BITMAP;
115980 na.name = I30;
115981 na.name_len = 4;
115982 - bmp_vi = ilookup5(vi->i_sb, vi->i_ino, (test_t)ntfs_test_inode, &na);
115983 + bmp_vi = ilookup5(vi->i_sb, vi->i_ino, ntfs_test_inode, &na);
115984 if (bmp_vi) {
115985 write_inode_now(bmp_vi, !datasync);
115986 iput(bmp_vi);
115987 diff --git a/fs/ntfs/inode.c b/fs/ntfs/inode.c
115988 index e01287c..9939db2 100644
115989 --- a/fs/ntfs/inode.c
115990 +++ b/fs/ntfs/inode.c
115991 @@ -57,8 +57,9 @@
115992 * NOTE: This function runs with the inode_hash_lock spin lock held so it is not
115993 * allowed to sleep.
115994 */
115995 -int ntfs_test_inode(struct inode *vi, ntfs_attr *na)
115996 +int ntfs_test_inode(struct inode *vi, void *_na)
115997 {
115998 + ntfs_attr *na = _na;
115999 ntfs_inode *ni;
116000
116001 if (vi->i_ino != na->mft_no)
116002 @@ -101,8 +102,9 @@ int ntfs_test_inode(struct inode *vi, ntfs_attr *na)
116003 * NOTE: This function runs with the inode->i_lock spin lock held so it is not
116004 * allowed to sleep. (Hence the GFP_ATOMIC allocation.)
116005 */
116006 -static int ntfs_init_locked_inode(struct inode *vi, ntfs_attr *na)
116007 +static int ntfs_init_locked_inode(struct inode *vi, void *_na)
116008 {
116009 + ntfs_attr *na = _na;
116010 ntfs_inode *ni = NTFS_I(vi);
116011
116012 vi->i_ino = na->mft_no;
116013 @@ -145,7 +147,6 @@ static int ntfs_init_locked_inode(struct inode *vi, ntfs_attr *na)
116014 return 0;
116015 }
116016
116017 -typedef int (*set_t)(struct inode *, void *);
116018 static int ntfs_read_locked_inode(struct inode *vi);
116019 static int ntfs_read_locked_attr_inode(struct inode *base_vi, struct inode *vi);
116020 static int ntfs_read_locked_index_inode(struct inode *base_vi,
116021 @@ -178,8 +179,8 @@ struct inode *ntfs_iget(struct super_block *sb, unsigned long mft_no)
116022 na.name = NULL;
116023 na.name_len = 0;
116024
116025 - vi = iget5_locked(sb, mft_no, (test_t)ntfs_test_inode,
116026 - (set_t)ntfs_init_locked_inode, &na);
116027 + vi = iget5_locked(sb, mft_no, ntfs_test_inode,
116028 + ntfs_init_locked_inode, &na);
116029 if (unlikely(!vi))
116030 return ERR_PTR(-ENOMEM);
116031
116032 @@ -239,8 +240,8 @@ struct inode *ntfs_attr_iget(struct inode *base_vi, ATTR_TYPE type,
116033 na.name = name;
116034 na.name_len = name_len;
116035
116036 - vi = iget5_locked(base_vi->i_sb, na.mft_no, (test_t)ntfs_test_inode,
116037 - (set_t)ntfs_init_locked_inode, &na);
116038 + vi = iget5_locked(base_vi->i_sb, na.mft_no, ntfs_test_inode,
116039 + ntfs_init_locked_inode, &na);
116040 if (unlikely(!vi))
116041 return ERR_PTR(-ENOMEM);
116042
116043 @@ -294,8 +295,8 @@ struct inode *ntfs_index_iget(struct inode *base_vi, ntfschar *name,
116044 na.name = name;
116045 na.name_len = name_len;
116046
116047 - vi = iget5_locked(base_vi->i_sb, na.mft_no, (test_t)ntfs_test_inode,
116048 - (set_t)ntfs_init_locked_inode, &na);
116049 + vi = iget5_locked(base_vi->i_sb, na.mft_no, ntfs_test_inode,
116050 + ntfs_init_locked_inode, &na);
116051 if (unlikely(!vi))
116052 return ERR_PTR(-ENOMEM);
116053
116054 diff --git a/fs/ntfs/inode.h b/fs/ntfs/inode.h
116055 index b3c3469..17208ad 100644
116056 --- a/fs/ntfs/inode.h
116057 +++ b/fs/ntfs/inode.h
116058 @@ -267,9 +267,7 @@ typedef struct {
116059 ATTR_TYPE type;
116060 } ntfs_attr;
116061
116062 -typedef int (*test_t)(struct inode *, void *);
116063 -
116064 -extern int ntfs_test_inode(struct inode *vi, ntfs_attr *na);
116065 +extern int ntfs_test_inode(struct inode *vi, void *_na);
116066
116067 extern struct inode *ntfs_iget(struct super_block *sb, unsigned long mft_no);
116068 extern struct inode *ntfs_attr_iget(struct inode *base_vi, ATTR_TYPE type,
116069 diff --git a/fs/ntfs/mft.c b/fs/ntfs/mft.c
116070 index d15d492..c75f95ad 100644
116071 --- a/fs/ntfs/mft.c
116072 +++ b/fs/ntfs/mft.c
116073 @@ -963,7 +963,7 @@ bool ntfs_may_write_mft_record(ntfs_volume *vol, const unsigned long mft_no,
116074 * dirty code path of the inode dirty code path when writing
116075 * $MFT occurs.
116076 */
116077 - vi = ilookup5_nowait(sb, mft_no, (test_t)ntfs_test_inode, &na);
116078 + vi = ilookup5_nowait(sb, mft_no, ntfs_test_inode, &na);
116079 }
116080 if (vi) {
116081 ntfs_debug("Base inode 0x%lx is in icache.", mft_no);
116082 @@ -1024,7 +1024,7 @@ bool ntfs_may_write_mft_record(ntfs_volume *vol, const unsigned long mft_no,
116083 vi = igrab(mft_vi);
116084 BUG_ON(vi != mft_vi);
116085 } else
116086 - vi = ilookup5_nowait(sb, na.mft_no, (test_t)ntfs_test_inode,
116087 + vi = ilookup5_nowait(sb, na.mft_no, ntfs_test_inode,
116088 &na);
116089 if (!vi) {
116090 /*
116091 diff --git a/fs/ntfs/super.c b/fs/ntfs/super.c
116092 index ecb4987..c723ded 100644
116093 --- a/fs/ntfs/super.c
116094 +++ b/fs/ntfs/super.c
116095 @@ -688,7 +688,7 @@ static struct buffer_head *read_ntfs_boot_sector(struct super_block *sb,
116096 if (!silent)
116097 ntfs_error(sb, "Primary boot sector is invalid.");
116098 } else if (!silent)
116099 - ntfs_error(sb, read_err_str, "primary");
116100 + ntfs_error(sb, read_err_str, "%s", "primary");
116101 if (!(NTFS_SB(sb)->on_errors & ON_ERRORS_RECOVER)) {
116102 if (bh_primary)
116103 brelse(bh_primary);
116104 @@ -704,7 +704,7 @@ static struct buffer_head *read_ntfs_boot_sector(struct super_block *sb,
116105 goto hotfix_primary_boot_sector;
116106 brelse(bh_backup);
116107 } else if (!silent)
116108 - ntfs_error(sb, read_err_str, "backup");
116109 + ntfs_error(sb, read_err_str, "%s", "backup");
116110 /* Try to read NT3.51- backup boot sector. */
116111 if ((bh_backup = sb_bread(sb, nr_blocks >> 1))) {
116112 if (is_boot_sector_ntfs(sb, (NTFS_BOOT_SECTOR*)
116113 @@ -715,7 +715,7 @@ static struct buffer_head *read_ntfs_boot_sector(struct super_block *sb,
116114 "sector.");
116115 brelse(bh_backup);
116116 } else if (!silent)
116117 - ntfs_error(sb, read_err_str, "backup");
116118 + ntfs_error(sb, read_err_str, "%s", "backup");
116119 /* We failed. Cleanup and return. */
116120 if (bh_primary)
116121 brelse(bh_primary);
116122 @@ -2711,7 +2711,7 @@ static const struct super_operations ntfs_sops = {
116123 *
116124 * NOTE: @sb->s_flags contains the mount options flags.
116125 */
116126 -static int ntfs_fill_super(struct super_block *sb, void *opt, const int silent)
116127 +static int ntfs_fill_super(struct super_block *sb, void *opt, int silent)
116128 {
116129 ntfs_volume *vol;
116130 struct buffer_head *bh;
116131 diff --git a/fs/ocfs2/cluster/masklog.h b/fs/ocfs2/cluster/masklog.h
116132 index 308ea0e..3c16da6 100644
116133 --- a/fs/ocfs2/cluster/masklog.h
116134 +++ b/fs/ocfs2/cluster/masklog.h
116135 @@ -162,7 +162,7 @@ extern struct mlog_bits mlog_and_bits, mlog_not_bits;
116136
116137 #endif
116138
116139 -__printf(4, 5)
116140 +__printf(4, 5) __nocapture(2)
116141 void __mlog_printk(const u64 *m, const char *func, int line,
116142 const char *fmt, ...);
116143
116144 diff --git a/fs/ocfs2/dlm/dlmcommon.h b/fs/ocfs2/dlm/dlmcommon.h
116145 index e9f3705..8e53eb1 100644
116146 --- a/fs/ocfs2/dlm/dlmcommon.h
116147 +++ b/fs/ocfs2/dlm/dlmcommon.h
116148 @@ -151,9 +151,9 @@ struct dlm_ctxt
116149 struct list_head mle_hb_events;
116150
116151 /* these give a really vague idea of the system load */
116152 - atomic_t mle_tot_count[DLM_MLE_NUM_TYPES];
116153 + atomic_unchecked_t mle_tot_count[DLM_MLE_NUM_TYPES];
116154 atomic_t mle_cur_count[DLM_MLE_NUM_TYPES];
116155 - atomic_t res_tot_count;
116156 + atomic_unchecked_t res_tot_count;
116157 atomic_t res_cur_count;
116158
116159 struct dlm_debug_ctxt *dlm_debug_ctxt;
116160 diff --git a/fs/ocfs2/dlm/dlmdebug.c b/fs/ocfs2/dlm/dlmdebug.c
116161 index e7b760d..f8cd0ad 100644
116162 --- a/fs/ocfs2/dlm/dlmdebug.c
116163 +++ b/fs/ocfs2/dlm/dlmdebug.c
116164 @@ -735,10 +735,10 @@ static int debug_state_print(struct dlm_ctxt *dlm, char *buf, int len)
116165 out += snprintf(buf + out, len - out,
116166 "Lock Resources: %d (%d)\n",
116167 atomic_read(&dlm->res_cur_count),
116168 - atomic_read(&dlm->res_tot_count));
116169 + atomic_read_unchecked(&dlm->res_tot_count));
116170
116171 for (i = 0; i < DLM_MLE_NUM_TYPES; ++i)
116172 - tot_mles += atomic_read(&dlm->mle_tot_count[i]);
116173 + tot_mles += atomic_read_unchecked(&dlm->mle_tot_count[i]);
116174
116175 for (i = 0; i < DLM_MLE_NUM_TYPES; ++i)
116176 cur_mles += atomic_read(&dlm->mle_cur_count[i]);
116177 @@ -751,19 +751,19 @@ static int debug_state_print(struct dlm_ctxt *dlm, char *buf, int len)
116178 out += snprintf(buf + out, len - out,
116179 " Blocking: %d (%d)\n",
116180 atomic_read(&dlm->mle_cur_count[DLM_MLE_BLOCK]),
116181 - atomic_read(&dlm->mle_tot_count[DLM_MLE_BLOCK]));
116182 + atomic_read_unchecked(&dlm->mle_tot_count[DLM_MLE_BLOCK]));
116183
116184 /* Mastery: xxx (xxx) */
116185 out += snprintf(buf + out, len - out,
116186 " Mastery: %d (%d)\n",
116187 atomic_read(&dlm->mle_cur_count[DLM_MLE_MASTER]),
116188 - atomic_read(&dlm->mle_tot_count[DLM_MLE_MASTER]));
116189 + atomic_read_unchecked(&dlm->mle_tot_count[DLM_MLE_MASTER]));
116190
116191 /* Migration: xxx (xxx) */
116192 out += snprintf(buf + out, len - out,
116193 " Migration: %d (%d)\n",
116194 atomic_read(&dlm->mle_cur_count[DLM_MLE_MIGRATION]),
116195 - atomic_read(&dlm->mle_tot_count[DLM_MLE_MIGRATION]));
116196 + atomic_read_unchecked(&dlm->mle_tot_count[DLM_MLE_MIGRATION]));
116197
116198 /* Lists: Dirty=Empty Purge=InUse PendingASTs=Empty ... */
116199 out += snprintf(buf + out, len - out,
116200 diff --git a/fs/ocfs2/dlm/dlmdomain.c b/fs/ocfs2/dlm/dlmdomain.c
116201 index 533bd52..3a9d64a 100644
116202 --- a/fs/ocfs2/dlm/dlmdomain.c
116203 +++ b/fs/ocfs2/dlm/dlmdomain.c
116204 @@ -2055,10 +2055,10 @@ static struct dlm_ctxt *dlm_alloc_ctxt(const char *domain,
116205 dlm->reco.new_master = O2NM_INVALID_NODE_NUM;
116206 dlm->reco.dead_node = O2NM_INVALID_NODE_NUM;
116207
116208 - atomic_set(&dlm->res_tot_count, 0);
116209 + atomic_set_unchecked(&dlm->res_tot_count, 0);
116210 atomic_set(&dlm->res_cur_count, 0);
116211 for (i = 0; i < DLM_MLE_NUM_TYPES; ++i) {
116212 - atomic_set(&dlm->mle_tot_count[i], 0);
116213 + atomic_set_unchecked(&dlm->mle_tot_count[i], 0);
116214 atomic_set(&dlm->mle_cur_count[i], 0);
116215 }
116216
116217 diff --git a/fs/ocfs2/dlm/dlmmaster.c b/fs/ocfs2/dlm/dlmmaster.c
116218 index 6ea06f8..6789716 100644
116219 --- a/fs/ocfs2/dlm/dlmmaster.c
116220 +++ b/fs/ocfs2/dlm/dlmmaster.c
116221 @@ -303,7 +303,7 @@ static void dlm_init_mle(struct dlm_master_list_entry *mle,
116222 mle->mnamehash = dlm_lockid_hash(name, namelen);
116223 }
116224
116225 - atomic_inc(&dlm->mle_tot_count[mle->type]);
116226 + atomic_inc_unchecked(&dlm->mle_tot_count[mle->type]);
116227 atomic_inc(&dlm->mle_cur_count[mle->type]);
116228
116229 /* copy off the node_map and register hb callbacks on our copy */
116230 @@ -577,7 +577,7 @@ static void dlm_init_lockres(struct dlm_ctxt *dlm,
116231
116232 kref_init(&res->refs);
116233
116234 - atomic_inc(&dlm->res_tot_count);
116235 + atomic_inc_unchecked(&dlm->res_tot_count);
116236 atomic_inc(&dlm->res_cur_count);
116237
116238 /* just for consistency */
116239 diff --git a/fs/ocfs2/dlmfs/dlmfs.c b/fs/ocfs2/dlmfs/dlmfs.c
116240 index ef474cd..a5cc6a6 100644
116241 --- a/fs/ocfs2/dlmfs/dlmfs.c
116242 +++ b/fs/ocfs2/dlmfs/dlmfs.c
116243 @@ -88,13 +88,13 @@ struct workqueue_struct *user_dlm_worker;
116244 */
116245 #define DLMFS_CAPABILITIES "bast stackglue"
116246 static int param_set_dlmfs_capabilities(const char *val,
116247 - struct kernel_param *kp)
116248 + const struct kernel_param *kp)
116249 {
116250 printk(KERN_ERR "%s: readonly parameter\n", kp->name);
116251 return -EINVAL;
116252 }
116253 static int param_get_dlmfs_capabilities(char *buffer,
116254 - struct kernel_param *kp)
116255 + const struct kernel_param *kp)
116256 {
116257 return strlcpy(buffer, DLMFS_CAPABILITIES,
116258 strlen(DLMFS_CAPABILITIES) + 1);
116259 diff --git a/fs/ocfs2/filecheck.c b/fs/ocfs2/filecheck.c
116260 index 2cabbcf..93edf33 100644
116261 --- a/fs/ocfs2/filecheck.c
116262 +++ b/fs/ocfs2/filecheck.c
116263 @@ -217,7 +217,7 @@ int ocfs2_filecheck_create_sysfs(struct super_block *sb)
116264 struct ocfs2_filecheck *fcheck = NULL;
116265 struct ocfs2_filecheck_sysfs_entry *entry = NULL;
116266 struct attribute **attrs = NULL;
116267 - struct attribute_group attrgp;
116268 + attribute_group_no_const attrgp;
116269
116270 if (!ocfs2_kset)
116271 return -ENOMEM;
116272 diff --git a/fs/ocfs2/localalloc.c b/fs/ocfs2/localalloc.c
116273 index fe0d1f9..7ec8659 100644
116274 --- a/fs/ocfs2/localalloc.c
116275 +++ b/fs/ocfs2/localalloc.c
116276 @@ -1317,7 +1317,7 @@ static int ocfs2_local_alloc_slide_window(struct ocfs2_super *osb,
116277 goto bail;
116278 }
116279
116280 - atomic_inc(&osb->alloc_stats.moves);
116281 + atomic_inc_unchecked(&osb->alloc_stats.moves);
116282
116283 bail:
116284 if (handle)
116285 diff --git a/fs/ocfs2/ocfs2.h b/fs/ocfs2/ocfs2.h
116286 index e63af7d..2a8a83a 100644
116287 --- a/fs/ocfs2/ocfs2.h
116288 +++ b/fs/ocfs2/ocfs2.h
116289 @@ -247,11 +247,11 @@ enum ocfs2_vol_state
116290
116291 struct ocfs2_alloc_stats
116292 {
116293 - atomic_t moves;
116294 - atomic_t local_data;
116295 - atomic_t bitmap_data;
116296 - atomic_t bg_allocs;
116297 - atomic_t bg_extends;
116298 + atomic_unchecked_t moves;
116299 + atomic_unchecked_t local_data;
116300 + atomic_unchecked_t bitmap_data;
116301 + atomic_unchecked_t bg_allocs;
116302 + atomic_unchecked_t bg_extends;
116303 };
116304
116305 enum ocfs2_local_alloc_state
116306 diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c
116307 index 6ad3533..053f29d 100644
116308 --- a/fs/ocfs2/suballoc.c
116309 +++ b/fs/ocfs2/suballoc.c
116310 @@ -851,7 +851,7 @@ static int ocfs2_reserve_suballoc_bits(struct ocfs2_super *osb,
116311 mlog_errno(status);
116312 goto bail;
116313 }
116314 - atomic_inc(&osb->alloc_stats.bg_extends);
116315 + atomic_inc_unchecked(&osb->alloc_stats.bg_extends);
116316
116317 /* You should never ask for this much metadata */
116318 BUG_ON(bits_wanted >
116319 @@ -2026,7 +2026,7 @@ int ocfs2_claim_metadata(handle_t *handle,
116320 mlog_errno(status);
116321 goto bail;
116322 }
116323 - atomic_inc(&OCFS2_SB(ac->ac_inode->i_sb)->alloc_stats.bg_allocs);
116324 + atomic_inc_unchecked(&OCFS2_SB(ac->ac_inode->i_sb)->alloc_stats.bg_allocs);
116325
116326 *suballoc_loc = res.sr_bg_blkno;
116327 *suballoc_bit_start = res.sr_bit_offset;
116328 @@ -2192,7 +2192,7 @@ int ocfs2_claim_new_inode_at_loc(handle_t *handle,
116329 trace_ocfs2_claim_new_inode_at_loc((unsigned long long)di_blkno,
116330 res->sr_bits);
116331
116332 - atomic_inc(&OCFS2_SB(ac->ac_inode->i_sb)->alloc_stats.bg_allocs);
116333 + atomic_inc_unchecked(&OCFS2_SB(ac->ac_inode->i_sb)->alloc_stats.bg_allocs);
116334
116335 BUG_ON(res->sr_bits != 1);
116336
116337 @@ -2234,7 +2234,7 @@ int ocfs2_claim_new_inode(handle_t *handle,
116338 mlog_errno(status);
116339 goto bail;
116340 }
116341 - atomic_inc(&OCFS2_SB(ac->ac_inode->i_sb)->alloc_stats.bg_allocs);
116342 + atomic_inc_unchecked(&OCFS2_SB(ac->ac_inode->i_sb)->alloc_stats.bg_allocs);
116343
116344 BUG_ON(res.sr_bits != 1);
116345
116346 @@ -2338,7 +2338,7 @@ int __ocfs2_claim_clusters(handle_t *handle,
116347 cluster_start,
116348 num_clusters);
116349 if (!status)
116350 - atomic_inc(&osb->alloc_stats.local_data);
116351 + atomic_inc_unchecked(&osb->alloc_stats.local_data);
116352 } else {
116353 if (min_clusters > (osb->bitmap_cpg - 1)) {
116354 /* The only paths asking for contiguousness
116355 @@ -2364,7 +2364,7 @@ int __ocfs2_claim_clusters(handle_t *handle,
116356 ocfs2_desc_bitmap_to_cluster_off(ac->ac_inode,
116357 res.sr_bg_blkno,
116358 res.sr_bit_offset);
116359 - atomic_inc(&osb->alloc_stats.bitmap_data);
116360 + atomic_inc_unchecked(&osb->alloc_stats.bitmap_data);
116361 *num_clusters = res.sr_bits;
116362 }
116363 }
116364 diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c
116365 index 603b28d..a9818bd0 100644
116366 --- a/fs/ocfs2/super.c
116367 +++ b/fs/ocfs2/super.c
116368 @@ -306,11 +306,11 @@ static int ocfs2_osb_dump(struct ocfs2_super *osb, char *buf, int len)
116369 "%10s => GlobalAllocs: %d LocalAllocs: %d "
116370 "SubAllocs: %d LAWinMoves: %d SAExtends: %d\n",
116371 "Stats",
116372 - atomic_read(&osb->alloc_stats.bitmap_data),
116373 - atomic_read(&osb->alloc_stats.local_data),
116374 - atomic_read(&osb->alloc_stats.bg_allocs),
116375 - atomic_read(&osb->alloc_stats.moves),
116376 - atomic_read(&osb->alloc_stats.bg_extends));
116377 + atomic_read_unchecked(&osb->alloc_stats.bitmap_data),
116378 + atomic_read_unchecked(&osb->alloc_stats.local_data),
116379 + atomic_read_unchecked(&osb->alloc_stats.bg_allocs),
116380 + atomic_read_unchecked(&osb->alloc_stats.moves),
116381 + atomic_read_unchecked(&osb->alloc_stats.bg_extends));
116382
116383 out += snprintf(buf + out, len - out,
116384 "%10s => State: %u Descriptor: %llu Size: %u bits "
116385 @@ -2087,11 +2087,11 @@ static int ocfs2_initialize_super(struct super_block *sb,
116386
116387 mutex_init(&osb->system_file_mutex);
116388
116389 - atomic_set(&osb->alloc_stats.moves, 0);
116390 - atomic_set(&osb->alloc_stats.local_data, 0);
116391 - atomic_set(&osb->alloc_stats.bitmap_data, 0);
116392 - atomic_set(&osb->alloc_stats.bg_allocs, 0);
116393 - atomic_set(&osb->alloc_stats.bg_extends, 0);
116394 + atomic_set_unchecked(&osb->alloc_stats.moves, 0);
116395 + atomic_set_unchecked(&osb->alloc_stats.local_data, 0);
116396 + atomic_set_unchecked(&osb->alloc_stats.bitmap_data, 0);
116397 + atomic_set_unchecked(&osb->alloc_stats.bg_allocs, 0);
116398 + atomic_set_unchecked(&osb->alloc_stats.bg_extends, 0);
116399
116400 /* Copy the blockcheck stats from the superblock probe */
116401 osb->osb_ecc_stats = *stats;
116402 diff --git a/fs/open.c b/fs/open.c
116403 index 4fd6e25..fff35d4 100644
116404 --- a/fs/open.c
116405 +++ b/fs/open.c
116406 @@ -32,6 +32,8 @@
116407 #include <linux/dnotify.h>
116408 #include <linux/compat.h>
116409
116410 +#define CREATE_TRACE_POINTS
116411 +#include <trace/events/fs.h>
116412 #include "internal.h"
116413
116414 int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
116415 @@ -105,6 +107,8 @@ long vfs_truncate(const struct path *path, loff_t length)
116416 error = locks_verify_truncate(inode, NULL, length);
116417 if (!error)
116418 error = security_path_truncate(path);
116419 + if (!error && !gr_acl_handle_truncate(path->dentry, path->mnt))
116420 + error = -EACCES;
116421 if (!error)
116422 error = do_truncate(path->dentry, length, 0, NULL);
116423
116424 @@ -189,6 +193,8 @@ static long do_sys_ftruncate(unsigned int fd, loff_t length, int small)
116425 error = locks_verify_truncate(inode, f.file, length);
116426 if (!error)
116427 error = security_path_truncate(&f.file->f_path);
116428 + if (!error && !gr_acl_handle_truncate(f.file->f_path.dentry, f.file->f_path.mnt))
116429 + error = -EACCES;
116430 if (!error)
116431 error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, f.file);
116432 sb_end_write(inode->i_sb);
116433 @@ -398,6 +404,9 @@ retry:
116434 if (__mnt_is_readonly(path.mnt))
116435 res = -EROFS;
116436
116437 + if (!res && !gr_acl_handle_access(path.dentry, path.mnt, mode))
116438 + res = -EACCES;
116439 +
116440 out_path_release:
116441 path_put(&path);
116442 if (retry_estale(res, lookup_flags)) {
116443 @@ -429,6 +438,8 @@ retry:
116444 if (error)
116445 goto dput_and_out;
116446
116447 + gr_log_chdir(path.dentry, path.mnt);
116448 +
116449 set_fs_pwd(current->fs, &path);
116450
116451 dput_and_out:
116452 @@ -458,6 +469,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd)
116453 goto out_putf;
116454
116455 error = inode_permission(inode, MAY_EXEC | MAY_CHDIR);
116456 +
116457 + if (!error && !gr_chroot_fchdir(f.file->f_path.dentry, f.file->f_path.mnt))
116458 + error = -EPERM;
116459 +
116460 + if (!error)
116461 + gr_log_chdir(f.file->f_path.dentry, f.file->f_path.mnt);
116462 +
116463 if (!error)
116464 set_fs_pwd(current->fs, &f.file->f_path);
116465 out_putf:
116466 @@ -487,7 +505,13 @@ retry:
116467 if (error)
116468 goto dput_and_out;
116469
116470 + if (gr_handle_chroot_chroot(path.dentry, path.mnt))
116471 + goto dput_and_out;
116472 +
116473 set_fs_root(current->fs, &path);
116474 +
116475 + gr_handle_chroot_chdir(&path);
116476 +
116477 error = 0;
116478 dput_and_out:
116479 path_put(&path);
116480 @@ -511,6 +535,16 @@ static int chmod_common(const struct path *path, umode_t mode)
116481 return error;
116482 retry_deleg:
116483 inode_lock(inode);
116484 +
116485 + if (!gr_acl_handle_chmod(path->dentry, path->mnt, &mode)) {
116486 + error = -EACCES;
116487 + goto out_unlock;
116488 + }
116489 + if (gr_handle_chroot_chmod(path->dentry, path->mnt, mode)) {
116490 + error = -EACCES;
116491 + goto out_unlock;
116492 + }
116493 +
116494 error = security_path_chmod(path, mode);
116495 if (error)
116496 goto out_unlock;
116497 @@ -576,6 +610,9 @@ static int chown_common(const struct path *path, uid_t user, gid_t group)
116498 uid = make_kuid(current_user_ns(), user);
116499 gid = make_kgid(current_user_ns(), group);
116500
116501 + if (!gr_acl_handle_chown(path->dentry, path->mnt))
116502 + return -EACCES;
116503 +
116504 retry_deleg:
116505 newattrs.ia_valid = ATTR_CTIME;
116506 if (user != (uid_t) -1) {
116507 @@ -1040,6 +1077,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode)
116508 } else {
116509 fsnotify_open(f);
116510 fd_install(fd, f);
116511 + trace_do_sys_open(tmp->name, flags, mode);
116512 }
116513 }
116514 putname(tmp);
116515 diff --git a/fs/orangefs/super.c b/fs/orangefs/super.c
116516 index b9da9a0..e146758 100644
116517 --- a/fs/orangefs/super.c
116518 +++ b/fs/orangefs/super.c
116519 @@ -539,10 +539,12 @@ void orangefs_kill_sb(struct super_block *sb)
116520
116521 int orangefs_inode_cache_initialize(void)
116522 {
116523 - orangefs_inode_cache = kmem_cache_create("orangefs_inode_cache",
116524 + orangefs_inode_cache = kmem_cache_create_usercopy("orangefs_inode_cache",
116525 sizeof(struct orangefs_inode_s),
116526 0,
116527 ORANGEFS_CACHE_CREATE_FLAGS,
116528 + offsetof(struct orangefs_inode_s, link_target),
116529 + sizeof(((struct orangefs_inode_s *)0)->link_target),
116530 orangefs_inode_cache_ctor);
116531
116532 if (!orangefs_inode_cache) {
116533 diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
116534 index abadbc30..a67f44c 100644
116535 --- a/fs/overlayfs/copy_up.c
116536 +++ b/fs/overlayfs/copy_up.c
116537 @@ -197,7 +197,7 @@ static char *ovl_read_symlink(struct dentry *realdentry)
116538 set_fs(get_ds());
116539 /* The cast to a user pointer is valid due to the set_fs() */
116540 res = inode->i_op->readlink(realdentry,
116541 - (char __user *)buf, PAGE_SIZE - 1);
116542 + (char __force_user *)buf, PAGE_SIZE - 1);
116543 set_fs(old_fs);
116544 if (res < 0) {
116545 free_page((unsigned long) buf);
116546 diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
116547 index e2a94a2..f2ac233 100644
116548 --- a/fs/overlayfs/super.c
116549 +++ b/fs/overlayfs/super.c
116550 @@ -148,8 +148,8 @@ struct dentry *ovl_dentry_real(struct dentry *dentry)
116551 static void ovl_inode_init(struct inode *inode, struct inode *realinode,
116552 bool is_upper)
116553 {
116554 - WRITE_ONCE(inode->i_private, (unsigned long) realinode |
116555 - (is_upper ? OVL_ISUPPER_MASK : 0));
116556 + WRITE_ONCE(inode->i_private, (void *)((unsigned long) realinode |
116557 + (is_upper ? OVL_ISUPPER_MASK : 0)));
116558 }
116559
116560 struct vfsmount *ovl_entry_mnt_real(struct ovl_entry *oe, struct inode *inode,
116561 @@ -182,7 +182,7 @@ void ovl_path_lower(struct dentry *dentry, struct path *path)
116562 {
116563 struct ovl_entry *oe = dentry->d_fsdata;
116564
116565 - *path = oe->numlower ? oe->lowerstack[0] : (struct path) { NULL, NULL };
116566 + *path = oe->numlower ? oe->lowerstack[0] : (struct path) { .dentry = NULL, .mnt = NULL };
116567 }
116568
116569 int ovl_want_write(struct dentry *dentry)
116570 @@ -234,7 +234,7 @@ void ovl_inode_update(struct inode *inode, struct inode *upperinode)
116571 WARN_ON(!upperinode);
116572 WARN_ON(!inode_unhashed(inode));
116573 WRITE_ONCE(inode->i_private,
116574 - (unsigned long) upperinode | OVL_ISUPPER_MASK);
116575 + (void *)((unsigned long) upperinode | OVL_ISUPPER_MASK));
116576 if (!S_ISDIR(upperinode->i_mode))
116577 __insert_inode_hash(inode, (unsigned long) upperinode);
116578 }
116579 @@ -1107,8 +1107,8 @@ static const struct xattr_handler *ovl_xattr_handlers[] = {
116580
116581 static int ovl_fill_super(struct super_block *sb, void *data, int silent)
116582 {
116583 - struct path upperpath = { NULL, NULL };
116584 - struct path workpath = { NULL, NULL };
116585 + struct path upperpath = { .dentry = NULL, .mnt = NULL };
116586 + struct path workpath = { .dentry = NULL, .mnt = NULL };
116587 struct dentry *root_dentry;
116588 struct inode *realinode;
116589 struct ovl_entry *oe;
116590 diff --git a/fs/pipe.c b/fs/pipe.c
116591 index 4ebe6b2..b3752f2 100644
116592 --- a/fs/pipe.c
116593 +++ b/fs/pipe.c
116594 @@ -37,7 +37,7 @@ unsigned int pipe_max_size = 1048576;
116595 /*
116596 * Minimum pipe size, as required by POSIX
116597 */
116598 -unsigned int pipe_min_size = PAGE_SIZE;
116599 +unsigned int pipe_min_size __read_only = PAGE_SIZE;
116600
116601 /* Maximum allocatable pages per user. Hard limit is unset by default, soft
116602 * matches default values.
116603 @@ -62,7 +62,7 @@ unsigned long pipe_user_pages_soft = PIPE_DEF_BUFFERS * INR_OPEN_CUR;
116604
116605 static void pipe_lock_nested(struct pipe_inode_info *pipe, int subclass)
116606 {
116607 - if (pipe->files)
116608 + if (atomic_read(&pipe->files))
116609 mutex_lock_nested(&pipe->mutex, subclass);
116610 }
116611
116612 @@ -77,7 +77,7 @@ EXPORT_SYMBOL(pipe_lock);
116613
116614 void pipe_unlock(struct pipe_inode_info *pipe)
116615 {
116616 - if (pipe->files)
116617 + if (atomic_read(&pipe->files))
116618 mutex_unlock(&pipe->mutex);
116619 }
116620 EXPORT_SYMBOL(pipe_unlock);
116621 @@ -312,9 +312,9 @@ pipe_read(struct kiocb *iocb, struct iov_iter *to)
116622 }
116623 if (bufs) /* More to do? */
116624 continue;
116625 - if (!pipe->writers)
116626 + if (!atomic_read(&pipe->writers))
116627 break;
116628 - if (!pipe->waiting_writers) {
116629 + if (!atomic_read(&pipe->waiting_writers)) {
116630 /* syscall merging: Usually we must not sleep
116631 * if O_NONBLOCK is set, or if we got some data.
116632 * But if a writer sleeps in kernel space, then
116633 @@ -371,7 +371,7 @@ pipe_write(struct kiocb *iocb, struct iov_iter *from)
116634
116635 __pipe_lock(pipe);
116636
116637 - if (!pipe->readers) {
116638 + if (!atomic_read(&pipe->readers)) {
116639 send_sig(SIGPIPE, current, 0);
116640 ret = -EPIPE;
116641 goto out;
116642 @@ -406,7 +406,7 @@ pipe_write(struct kiocb *iocb, struct iov_iter *from)
116643 for (;;) {
116644 int bufs;
116645
116646 - if (!pipe->readers) {
116647 + if (!atomic_read(&pipe->readers)) {
116648 send_sig(SIGPIPE, current, 0);
116649 if (!ret)
116650 ret = -EPIPE;
116651 @@ -474,9 +474,9 @@ pipe_write(struct kiocb *iocb, struct iov_iter *from)
116652 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
116653 do_wakeup = 0;
116654 }
116655 - pipe->waiting_writers++;
116656 + atomic_inc(&pipe->waiting_writers);
116657 pipe_wait(pipe);
116658 - pipe->waiting_writers--;
116659 + atomic_dec(&pipe->waiting_writers);
116660 }
116661 out:
116662 __pipe_unlock(pipe);
116663 @@ -531,7 +531,7 @@ pipe_poll(struct file *filp, poll_table *wait)
116664 mask = 0;
116665 if (filp->f_mode & FMODE_READ) {
116666 mask = (nrbufs > 0) ? POLLIN | POLLRDNORM : 0;
116667 - if (!pipe->writers && filp->f_version != pipe->w_counter)
116668 + if (!atomic_read(&pipe->writers) && filp->f_version != pipe->w_counter)
116669 mask |= POLLHUP;
116670 }
116671
116672 @@ -541,7 +541,7 @@ pipe_poll(struct file *filp, poll_table *wait)
116673 * Most Unices do not set POLLERR for FIFOs but on Linux they
116674 * behave exactly like pipes for poll().
116675 */
116676 - if (!pipe->readers)
116677 + if (!atomic_read(&pipe->readers))
116678 mask |= POLLERR;
116679 }
116680
116681 @@ -553,7 +553,7 @@ static void put_pipe_info(struct inode *inode, struct pipe_inode_info *pipe)
116682 int kill = 0;
116683
116684 spin_lock(&inode->i_lock);
116685 - if (!--pipe->files) {
116686 + if (atomic_dec_and_test(&pipe->files)) {
116687 inode->i_pipe = NULL;
116688 kill = 1;
116689 }
116690 @@ -570,11 +570,11 @@ pipe_release(struct inode *inode, struct file *file)
116691
116692 __pipe_lock(pipe);
116693 if (file->f_mode & FMODE_READ)
116694 - pipe->readers--;
116695 + atomic_dec(&pipe->readers);
116696 if (file->f_mode & FMODE_WRITE)
116697 - pipe->writers--;
116698 + atomic_dec(&pipe->writers);
116699
116700 - if (pipe->readers || pipe->writers) {
116701 + if (atomic_read(&pipe->readers) || atomic_read(&pipe->writers)) {
116702 wake_up_interruptible_sync_poll(&pipe->wait, POLLIN | POLLOUT | POLLRDNORM | POLLWRNORM | POLLERR | POLLHUP);
116703 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
116704 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
116705 @@ -672,7 +672,7 @@ void free_pipe_info(struct pipe_inode_info *pipe)
116706 kfree(pipe);
116707 }
116708
116709 -static struct vfsmount *pipe_mnt __read_mostly;
116710 +struct vfsmount *pipe_mnt __read_mostly;
116711
116712 /*
116713 * pipefs_dname() is called from d_path().
116714 @@ -702,8 +702,9 @@ static struct inode * get_pipe_inode(void)
116715 goto fail_iput;
116716
116717 inode->i_pipe = pipe;
116718 - pipe->files = 2;
116719 - pipe->readers = pipe->writers = 1;
116720 + atomic_set(&pipe->files, 2);
116721 + atomic_set(&pipe->readers, 1);
116722 + atomic_set(&pipe->writers, 1);
116723 inode->i_fop = &pipefifo_fops;
116724
116725 /*
116726 @@ -885,17 +886,17 @@ static int fifo_open(struct inode *inode, struct file *filp)
116727 spin_lock(&inode->i_lock);
116728 if (inode->i_pipe) {
116729 pipe = inode->i_pipe;
116730 - pipe->files++;
116731 + atomic_inc(&pipe->files);
116732 spin_unlock(&inode->i_lock);
116733 } else {
116734 spin_unlock(&inode->i_lock);
116735 pipe = alloc_pipe_info();
116736 if (!pipe)
116737 return -ENOMEM;
116738 - pipe->files = 1;
116739 + atomic_set(&pipe->files, 1);
116740 spin_lock(&inode->i_lock);
116741 if (unlikely(inode->i_pipe)) {
116742 - inode->i_pipe->files++;
116743 + atomic_inc(&inode->i_pipe->files);
116744 spin_unlock(&inode->i_lock);
116745 free_pipe_info(pipe);
116746 pipe = inode->i_pipe;
116747 @@ -920,10 +921,10 @@ static int fifo_open(struct inode *inode, struct file *filp)
116748 * opened, even when there is no process writing the FIFO.
116749 */
116750 pipe->r_counter++;
116751 - if (pipe->readers++ == 0)
116752 + if (atomic_inc_return(&pipe->readers) == 1)
116753 wake_up_partner(pipe);
116754
116755 - if (!is_pipe && !pipe->writers) {
116756 + if (!is_pipe && !atomic_read(&pipe->writers)) {
116757 if ((filp->f_flags & O_NONBLOCK)) {
116758 /* suppress POLLHUP until we have
116759 * seen a writer */
116760 @@ -942,14 +943,14 @@ static int fifo_open(struct inode *inode, struct file *filp)
116761 * errno=ENXIO when there is no process reading the FIFO.
116762 */
116763 ret = -ENXIO;
116764 - if (!is_pipe && (filp->f_flags & O_NONBLOCK) && !pipe->readers)
116765 + if (!is_pipe && (filp->f_flags & O_NONBLOCK) && !atomic_read(&pipe->readers))
116766 goto err;
116767
116768 pipe->w_counter++;
116769 - if (!pipe->writers++)
116770 + if (atomic_inc_return(&pipe->writers) == 1)
116771 wake_up_partner(pipe);
116772
116773 - if (!is_pipe && !pipe->readers) {
116774 + if (!is_pipe && !atomic_read(&pipe->readers)) {
116775 if (wait_for_partner(pipe, &pipe->r_counter))
116776 goto err_wr;
116777 }
116778 @@ -963,11 +964,11 @@ static int fifo_open(struct inode *inode, struct file *filp)
116779 * the process can at least talk to itself.
116780 */
116781
116782 - pipe->readers++;
116783 - pipe->writers++;
116784 + atomic_inc(&pipe->readers);
116785 + atomic_inc(&pipe->writers);
116786 pipe->r_counter++;
116787 pipe->w_counter++;
116788 - if (pipe->readers == 1 || pipe->writers == 1)
116789 + if (atomic_read(&pipe->readers) == 1 || atomic_read(&pipe->writers) == 1)
116790 wake_up_partner(pipe);
116791 break;
116792
116793 @@ -981,13 +982,13 @@ static int fifo_open(struct inode *inode, struct file *filp)
116794 return 0;
116795
116796 err_rd:
116797 - if (!--pipe->readers)
116798 + if (atomic_dec_and_test(&pipe->readers))
116799 wake_up_interruptible(&pipe->wait);
116800 ret = -ERESTARTSYS;
116801 goto err;
116802
116803 err_wr:
116804 - if (!--pipe->writers)
116805 + if (atomic_dec_and_test(&pipe->writers))
116806 wake_up_interruptible(&pipe->wait);
116807 ret = -ERESTARTSYS;
116808 goto err;
116809 @@ -1065,7 +1066,7 @@ static long pipe_set_size(struct pipe_inode_info *pipe, unsigned long nr_pages)
116810 * Currently we rely on the pipe array holding a power-of-2 number
116811 * of pages.
116812 */
116813 -static inline unsigned int round_pipe_size(unsigned int size)
116814 +static inline unsigned long round_pipe_size(unsigned long size)
116815 {
116816 unsigned long nr_pages;
116817
116818 @@ -1113,13 +1114,16 @@ long pipe_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
116819
116820 switch (cmd) {
116821 case F_SETPIPE_SZ: {
116822 - unsigned int size, nr_pages;
116823 + unsigned long size, nr_pages;
116824 +
116825 + ret = -EINVAL;
116826 + if (arg < pipe_min_size)
116827 + goto out;
116828
116829 size = round_pipe_size(arg);
116830 nr_pages = size >> PAGE_SHIFT;
116831
116832 - ret = -EINVAL;
116833 - if (!nr_pages)
116834 + if (size < pipe_min_size)
116835 goto out;
116836
116837 if (!capable(CAP_SYS_RESOURCE) && size > pipe_max_size) {
116838 diff --git a/fs/posix_acl.c b/fs/posix_acl.c
116839 index bfc3ec3..f37d85d 100644
116840 --- a/fs/posix_acl.c
116841 +++ b/fs/posix_acl.c
116842 @@ -20,6 +20,7 @@
116843 #include <linux/xattr.h>
116844 #include <linux/export.h>
116845 #include <linux/user_namespace.h>
116846 +#include <linux/grsecurity.h>
116847
116848 static struct posix_acl **acl_by_type(struct inode *inode, int type)
116849 {
116850 @@ -311,7 +312,7 @@ posix_acl_equiv_mode(const struct posix_acl *acl, umode_t *mode_p)
116851 }
116852 }
116853 if (mode_p)
116854 - *mode_p = (*mode_p & ~S_IRWXUGO) | mode;
116855 + *mode_p = ((*mode_p & ~S_IRWXUGO) | mode) & ~gr_acl_umask();
116856 return not_equiv;
116857 }
116858 EXPORT_SYMBOL(posix_acl_equiv_mode);
116859 @@ -461,7 +462,7 @@ static int posix_acl_create_masq(struct posix_acl *acl, umode_t *mode_p)
116860 mode &= (group_obj->e_perm << 3) | ~S_IRWXG;
116861 }
116862
116863 - *mode_p = (*mode_p & ~S_IRWXUGO) | mode;
116864 + *mode_p = ((*mode_p & ~S_IRWXUGO) | mode) & ~gr_acl_umask();
116865 return not_equiv;
116866 }
116867
116868 @@ -519,6 +520,8 @@ __posix_acl_create(struct posix_acl **acl, gfp_t gfp, umode_t *mode_p)
116869 struct posix_acl *clone = posix_acl_clone(*acl, gfp);
116870 int err = -ENOMEM;
116871 if (clone) {
116872 + *mode_p &= ~gr_acl_umask();
116873 +
116874 err = posix_acl_create_masq(clone, mode_p);
116875 if (err < 0) {
116876 posix_acl_release(clone);
116877 @@ -722,11 +725,12 @@ struct posix_acl *
116878 posix_acl_from_xattr(struct user_namespace *user_ns,
116879 const void *value, size_t size)
116880 {
116881 - posix_acl_xattr_header *header = (posix_acl_xattr_header *)value;
116882 - posix_acl_xattr_entry *entry = (posix_acl_xattr_entry *)(header+1), *end;
116883 + const posix_acl_xattr_header *header = (const posix_acl_xattr_header *)value;
116884 + const posix_acl_xattr_entry *entry = (const posix_acl_xattr_entry *)(header+1), *end;
116885 int count;
116886 struct posix_acl *acl;
116887 struct posix_acl_entry *acl_e;
116888 + umode_t umask = gr_acl_umask();
116889
116890 if (!value)
116891 return NULL;
116892 @@ -752,12 +756,18 @@ posix_acl_from_xattr(struct user_namespace *user_ns,
116893
116894 switch(acl_e->e_tag) {
116895 case ACL_USER_OBJ:
116896 + acl_e->e_perm &= ~((umask & S_IRWXU) >> 6);
116897 + break;
116898 case ACL_GROUP_OBJ:
116899 case ACL_MASK:
116900 + acl_e->e_perm &= ~((umask & S_IRWXG) >> 3);
116901 + break;
116902 case ACL_OTHER:
116903 + acl_e->e_perm &= ~(umask & S_IRWXO);
116904 break;
116905
116906 case ACL_USER:
116907 + acl_e->e_perm &= ~((umask & S_IRWXU) >> 6);
116908 acl_e->e_uid =
116909 make_kuid(user_ns,
116910 le32_to_cpu(entry->e_id));
116911 @@ -765,6 +775,7 @@ posix_acl_from_xattr(struct user_namespace *user_ns,
116912 goto fail;
116913 break;
116914 case ACL_GROUP:
116915 + acl_e->e_perm &= ~((umask & S_IRWXG) >> 3);
116916 acl_e->e_gid =
116917 make_kgid(user_ns,
116918 le32_to_cpu(entry->e_id));
116919 diff --git a/fs/proc/Kconfig b/fs/proc/Kconfig
116920 index 1ade120..a86f1a2 100644
116921 --- a/fs/proc/Kconfig
116922 +++ b/fs/proc/Kconfig
116923 @@ -30,7 +30,7 @@ config PROC_FS
116924
116925 config PROC_KCORE
116926 bool "/proc/kcore support" if !ARM
116927 - depends on PROC_FS && MMU
116928 + depends on PROC_FS && MMU && !GRKERNSEC_PROC_ADD
116929 help
116930 Provides a virtual ELF core file of the live kernel. This can
116931 be read with gdb and other ELF tools. No modifications can be
116932 @@ -38,8 +38,8 @@ config PROC_KCORE
116933
116934 config PROC_VMCORE
116935 bool "/proc/vmcore support"
116936 - depends on PROC_FS && CRASH_DUMP
116937 - default y
116938 + depends on PROC_FS && CRASH_DUMP && !GRKERNSEC
116939 + default n
116940 help
116941 Exports the dump image of crashed kernel in ELF format.
116942
116943 @@ -63,8 +63,8 @@ config PROC_SYSCTL
116944 limited in memory.
116945
116946 config PROC_PAGE_MONITOR
116947 - default y
116948 - depends on PROC_FS && MMU
116949 + default n
116950 + depends on PROC_FS && MMU && !GRKERNSEC
116951 bool "Enable /proc page monitoring" if EXPERT
116952 help
116953 Various /proc files exist to monitor process memory utilization:
116954 diff --git a/fs/proc/array.c b/fs/proc/array.c
116955 index 88c7de1..3e4b510 100644
116956 --- a/fs/proc/array.c
116957 +++ b/fs/proc/array.c
116958 @@ -60,6 +60,7 @@
116959 #include <linux/tty.h>
116960 #include <linux/string.h>
116961 #include <linux/mman.h>
116962 +#include <linux/grsecurity.h>
116963 #include <linux/proc_fs.h>
116964 #include <linux/ioport.h>
116965 #include <linux/uaccess.h>
116966 @@ -369,6 +370,21 @@ static void task_cpus_allowed(struct seq_file *m, struct task_struct *task)
116967 cpumask_pr_args(&task->cpus_allowed));
116968 }
116969
116970 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
116971 +static inline void task_pax(struct seq_file *m, struct task_struct *p)
116972 +{
116973 + if (p->mm)
116974 + seq_printf(m, "PaX:\t%c%c%c%c%c\n",
116975 + p->mm->pax_flags & MF_PAX_PAGEEXEC ? 'P' : 'p',
116976 + p->mm->pax_flags & MF_PAX_EMUTRAMP ? 'E' : 'e',
116977 + p->mm->pax_flags & MF_PAX_MPROTECT ? 'M' : 'm',
116978 + p->mm->pax_flags & MF_PAX_RANDMMAP ? 'R' : 'r',
116979 + p->mm->pax_flags & MF_PAX_SEGMEXEC ? 'S' : 's');
116980 + else
116981 + seq_printf(m, "PaX:\t-----\n");
116982 +}
116983 +#endif
116984 +
116985 int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
116986 struct pid *pid, struct task_struct *task)
116987 {
116988 @@ -387,9 +403,24 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
116989 task_cpus_allowed(m, task);
116990 cpuset_task_status_allowed(m, task);
116991 task_context_switch_counts(m, task);
116992 +
116993 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
116994 + task_pax(m, task);
116995 +#endif
116996 +
116997 +#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC)
116998 + task_grsec_rbac(m, task);
116999 +#endif
117000 +
117001 return 0;
117002 }
117003
117004 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
117005 +#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \
117006 + (_mm->pax_flags & MF_PAX_RANDMMAP || \
117007 + _mm->pax_flags & MF_PAX_SEGMEXEC))
117008 +#endif
117009 +
117010 static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
117011 struct pid *pid, struct task_struct *task, int whole)
117012 {
117013 @@ -411,6 +442,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
117014 char tcomm[sizeof(task->comm)];
117015 unsigned long flags;
117016
117017 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
117018 + if (current->exec_id != m->exec_id) {
117019 + gr_log_badprocpid("stat");
117020 + return 0;
117021 + }
117022 +#endif
117023 +
117024 state = *get_task_state(task);
117025 vsize = eip = esp = 0;
117026 permitted = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT);
117027 @@ -481,6 +519,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
117028 gtime = task_gtime(task);
117029 }
117030
117031 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
117032 + if (PAX_RAND_FLAGS(mm)) {
117033 + eip = 0;
117034 + esp = 0;
117035 + wchan = 0;
117036 + }
117037 +#endif
117038 +#ifdef CONFIG_GRKERNSEC_HIDESYM
117039 + wchan = 0;
117040 + eip =0;
117041 + esp =0;
117042 +#endif
117043 +
117044 /* scale priority and nice values from timeslices to -20..20 */
117045 /* to make it look like a "normal" Unix priority/nice value */
117046 priority = task_prio(task);
117047 @@ -512,9 +563,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
117048 seq_put_decimal_ull(m, ' ', vsize);
117049 seq_put_decimal_ull(m, ' ', mm ? get_mm_rss(mm) : 0);
117050 seq_put_decimal_ull(m, ' ', rsslim);
117051 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
117052 + seq_put_decimal_ull(m, ' ', PAX_RAND_FLAGS(mm) ? 1 : (mm ? (permitted ? mm->start_code : 1) : 0));
117053 + seq_put_decimal_ull(m, ' ', PAX_RAND_FLAGS(mm) ? 1 : (mm ? (permitted ? mm->end_code : 1) : 0));
117054 + seq_put_decimal_ull(m, ' ', PAX_RAND_FLAGS(mm) ? 0 : ((permitted && mm) ? mm->start_stack : 0));
117055 +#else
117056 seq_put_decimal_ull(m, ' ', mm ? (permitted ? mm->start_code : 1) : 0);
117057 seq_put_decimal_ull(m, ' ', mm ? (permitted ? mm->end_code : 1) : 0);
117058 seq_put_decimal_ull(m, ' ', (permitted && mm) ? mm->start_stack : 0);
117059 +#endif
117060 seq_put_decimal_ull(m, ' ', esp);
117061 seq_put_decimal_ull(m, ' ', eip);
117062 /* The signal information here is obsolete.
117063 @@ -548,7 +605,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
117064 seq_put_decimal_ull(m, ' ', cputime_to_clock_t(gtime));
117065 seq_put_decimal_ll(m, ' ', cputime_to_clock_t(cgtime));
117066
117067 - if (mm && permitted) {
117068 + if (mm && permitted
117069 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
117070 + && !PAX_RAND_FLAGS(mm)
117071 +#endif
117072 + ) {
117073 seq_put_decimal_ull(m, ' ', mm->start_data);
117074 seq_put_decimal_ull(m, ' ', mm->end_data);
117075 seq_put_decimal_ull(m, ' ', mm->start_brk);
117076 @@ -586,8 +647,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
117077 struct pid *pid, struct task_struct *task)
117078 {
117079 unsigned long size = 0, resident = 0, shared = 0, text = 0, data = 0;
117080 - struct mm_struct *mm = get_task_mm(task);
117081 + struct mm_struct *mm;
117082
117083 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
117084 + if (current->exec_id != m->exec_id) {
117085 + gr_log_badprocpid("statm");
117086 + return 0;
117087 + }
117088 +#endif
117089 + mm = get_task_mm(task);
117090 if (mm) {
117091 size = task_statm(mm, &shared, &text, &data, &resident);
117092 mmput(mm);
117093 @@ -610,6 +678,21 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
117094 return 0;
117095 }
117096
117097 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
117098 +int proc_pid_ipaddr(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task)
117099 +{
117100 + unsigned long flags;
117101 + u32 curr_ip = 0;
117102 +
117103 + if (lock_task_sighand(task, &flags)) {
117104 + curr_ip = task->signal->curr_ip;
117105 + unlock_task_sighand(task, &flags);
117106 + }
117107 + seq_printf(m, "%pI4\n", &curr_ip);
117108 + return 0;
117109 +}
117110 +#endif
117111 +
117112 #ifdef CONFIG_PROC_CHILDREN
117113 static struct pid *
117114 get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos)
117115 diff --git a/fs/proc/base.c b/fs/proc/base.c
117116 index ac0df4d..5be5b93 100644
117117 --- a/fs/proc/base.c
117118 +++ b/fs/proc/base.c
117119 @@ -113,6 +113,14 @@ struct pid_entry {
117120 union proc_op op;
117121 };
117122
117123 +struct getdents_callback {
117124 + struct linux_dirent __user * current_dir;
117125 + struct linux_dirent __user * previous;
117126 + struct file * file;
117127 + int count;
117128 + int error;
117129 +};
117130 +
117131 #define NOD(NAME, MODE, IOP, FOP, OP) { \
117132 .name = (NAME), \
117133 .len = sizeof(NAME) - 1, \
117134 @@ -224,6 +232,11 @@ static ssize_t proc_pid_cmdline_read(struct file *file, char __user *buf,
117135 goto out_mmput;
117136 }
117137
117138 + if (gr_acl_handle_procpidmem(tsk)) {
117139 + rv = 0;
117140 + goto out_mmput;
117141 + }
117142 +
117143 page = (char *)__get_free_page(GFP_TEMPORARY);
117144 if (!page) {
117145 rv = -ENOMEM;
117146 @@ -400,12 +413,28 @@ static const struct file_operations proc_pid_cmdline_ops = {
117147 .llseek = generic_file_llseek,
117148 };
117149
117150 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
117151 +#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \
117152 + (_mm->pax_flags & MF_PAX_RANDMMAP || \
117153 + _mm->pax_flags & MF_PAX_SEGMEXEC))
117154 +#endif
117155 +
117156 static int proc_pid_auxv(struct seq_file *m, struct pid_namespace *ns,
117157 struct pid *pid, struct task_struct *task)
117158 {
117159 struct mm_struct *mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
117160 if (mm && !IS_ERR(mm)) {
117161 unsigned int nwords = 0;
117162 +
117163 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
117164 + /* allow if we're currently ptracing this task */
117165 + if (PAX_RAND_FLAGS(mm) &&
117166 + (!(task->ptrace & PT_PTRACED) || (task->parent != current))) {
117167 + mmput(mm);
117168 + return 0;
117169 + }
117170 +#endif
117171 +
117172 do {
117173 nwords += 2;
117174 } while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */
117175 @@ -417,7 +446,7 @@ static int proc_pid_auxv(struct seq_file *m, struct pid_namespace *ns,
117176 }
117177
117178
117179 -#ifdef CONFIG_KALLSYMS
117180 +#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
117181 /*
117182 * Provides a wchan file via kallsyms in a proper one-value-per-file format.
117183 * Returns the resolved symbol. If that fails, simply return the address.
117184 @@ -430,8 +459,8 @@ static int proc_pid_wchan(struct seq_file *m, struct pid_namespace *ns,
117185
117186 wchan = get_wchan(task);
117187
117188 - if (wchan && ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)
117189 - && !lookup_symbol_name(wchan, symname))
117190 + if (wchan && !lookup_symbol_name(wchan, symname)
117191 + && ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS))
117192 seq_printf(m, "%s", symname);
117193 else
117194 seq_putc(m, '0');
117195 @@ -457,7 +486,7 @@ static void unlock_trace(struct task_struct *task)
117196 mutex_unlock(&task->signal->cred_guard_mutex);
117197 }
117198
117199 -#ifdef CONFIG_STACKTRACE
117200 +#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM)
117201
117202 #define MAX_STACK_TRACE_DEPTH 64
117203
117204 @@ -652,7 +681,7 @@ static int proc_pid_limits(struct seq_file *m, struct pid_namespace *ns,
117205 return 0;
117206 }
117207
117208 -#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
117209 +#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
117210 static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns,
117211 struct pid *pid, struct task_struct *task)
117212 {
117213 @@ -685,7 +714,7 @@ static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns,
117214 /************************************************************************/
117215
117216 /* permission checks */
117217 -static int proc_fd_access_allowed(struct inode *inode)
117218 +static int proc_fd_access_allowed(struct inode *inode, unsigned int log)
117219 {
117220 struct task_struct *task;
117221 int allowed = 0;
117222 @@ -695,7 +724,10 @@ static int proc_fd_access_allowed(struct inode *inode)
117223 */
117224 task = get_proc_task(inode);
117225 if (task) {
117226 - allowed = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS);
117227 + if (log)
117228 + allowed = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS);
117229 + else
117230 + allowed = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT);
117231 put_task_struct(task);
117232 }
117233 return allowed;
117234 @@ -726,6 +758,30 @@ static bool has_pid_permissions(struct pid_namespace *pid,
117235 struct task_struct *task,
117236 int hide_pid_min)
117237 {
117238 + if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
117239 + return false;
117240 +
117241 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
117242 + rcu_read_lock();
117243 + {
117244 + const struct cred *tmpcred = current_cred();
117245 + const struct cred *cred = __task_cred(task);
117246 +
117247 + if (uid_eq(tmpcred->uid, GLOBAL_ROOT_UID) || uid_eq(tmpcred->uid, cred->uid)
117248 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
117249 + || in_group_p(grsec_proc_gid)
117250 +#endif
117251 + ) {
117252 + rcu_read_unlock();
117253 + return true;
117254 + }
117255 + }
117256 + rcu_read_unlock();
117257 +
117258 + if (!pid->hide_pid)
117259 + return ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT);
117260 +#endif
117261 +
117262 if (pid->hide_pid < hide_pid_min)
117263 return true;
117264 if (in_group_p(pid->pid_gid))
117265 @@ -747,7 +803,11 @@ static int proc_pid_permission(struct inode *inode, int mask)
117266 put_task_struct(task);
117267
117268 if (!has_perms) {
117269 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
117270 + {
117271 +#else
117272 if (pid->hide_pid == 2) {
117273 +#endif
117274 /*
117275 * Let's make getdents(), stat(), and open()
117276 * consistent with each other. If a process
117277 @@ -801,13 +861,24 @@ static const struct file_operations proc_single_file_operations = {
117278 };
117279
117280
117281 -struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode)
117282 +struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode, u64 *ptracer_exec_id)
117283 {
117284 struct task_struct *task = get_proc_task(inode);
117285 struct mm_struct *mm = ERR_PTR(-ESRCH);
117286
117287 + if (ptracer_exec_id)
117288 + *ptracer_exec_id = 0;
117289 +
117290 if (task) {
117291 mm = mm_access(task, mode | PTRACE_MODE_FSCREDS);
117292 + if (!IS_ERR_OR_NULL(mm) && gr_acl_handle_procpidmem(task)) {
117293 + mmput(mm);
117294 + mm = ERR_PTR(-EPERM);
117295 + }
117296 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
117297 + if (ptracer_exec_id)
117298 + current_is_ptracer(task, ptracer_exec_id);
117299 +#endif
117300 put_task_struct(task);
117301
117302 if (!IS_ERR_OR_NULL(mm)) {
117303 @@ -823,12 +894,17 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode)
117304
117305 static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
117306 {
117307 - struct mm_struct *mm = proc_mem_open(inode, mode);
117308 + struct mm_struct *mm = proc_mem_open(inode, mode, NULL);
117309
117310 if (IS_ERR(mm))
117311 return PTR_ERR(mm);
117312
117313 file->private_data = mm;
117314 +
117315 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
117316 + file->f_version = current->exec_id;
117317 +#endif
117318 +
117319 return 0;
117320 }
117321
117322 @@ -850,6 +926,26 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
117323 ssize_t copied;
117324 char *page;
117325
117326 +#ifdef CONFIG_GRKERNSEC
117327 + struct task_struct *task = get_proc_task(file_inode(file));
117328 + bool is_by_ptracer = false;
117329 +
117330 + if (task) {
117331 + is_by_ptracer = current_is_ptracer(task, NULL);
117332 + put_task_struct(task);
117333 + }
117334 +
117335 + if (write && !is_by_ptracer)
117336 + return -EPERM;
117337 +
117338 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
117339 + if (file->f_version != current->exec_id && !is_by_ptracer) {
117340 + gr_log_badprocpid("mem");
117341 + return 0;
117342 + }
117343 +#endif
117344 +#endif
117345 +
117346 if (!mm)
117347 return 0;
117348
117349 @@ -862,7 +958,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
117350 goto free;
117351
117352 while (count > 0) {
117353 - int this_len = min_t(int, count, PAGE_SIZE);
117354 + ssize_t this_len = min_t(ssize_t, count, PAGE_SIZE);
117355
117356 if (write && copy_from_user(page, buf, this_len)) {
117357 copied = -EFAULT;
117358 @@ -956,6 +1052,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
117359 if (!mm || !mm->env_end)
117360 return 0;
117361
117362 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
117363 + if (file->f_version != current->exec_id) {
117364 + gr_log_badprocpid("environ");
117365 + return 0;
117366 + }
117367 +#endif
117368 +
117369 page = (char *)__get_free_page(GFP_TEMPORARY);
117370 if (!page)
117371 return -ENOMEM;
117372 @@ -969,9 +1072,12 @@ static ssize_t environ_read(struct file *file, char __user *buf,
117373 env_end = mm->env_end;
117374 up_read(&mm->mmap_sem);
117375
117376 + if (!env_end)
117377 + goto free;
117378 +
117379 while (count > 0) {
117380 size_t this_len, max_len;
117381 - int retval;
117382 + ssize_t retval;
117383
117384 if (src >= (env_end - env_start))
117385 break;
117386 @@ -1583,7 +1689,7 @@ static const char *proc_pid_get_link(struct dentry *dentry,
117387 return ERR_PTR(-ECHILD);
117388
117389 /* Are we allowed to snoop on the tasks file descriptors? */
117390 - if (!proc_fd_access_allowed(inode))
117391 + if (!proc_fd_access_allowed(inode, 0))
117392 goto out;
117393
117394 error = PROC_I(inode)->op.proc_get_link(dentry, &path);
117395 @@ -1627,8 +1733,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
117396 struct path path;
117397
117398 /* Are we allowed to snoop on the tasks file descriptors? */
117399 - if (!proc_fd_access_allowed(inode))
117400 - goto out;
117401 + /* logging this is needed for learning on chromium to work properly,
117402 + but we don't want to flood the logs from 'ps' which does a readlink
117403 + on /proc/fd/2 of tasks in the listing, nor do we want 'ps' to learn
117404 + CAP_SYS_PTRACE as it's not necessary for its basic functionality
117405 + */
117406 + if (dentry->d_name.name[0] == '2' && dentry->d_name.name[1] == '\0') {
117407 + if (!proc_fd_access_allowed(inode,0))
117408 + goto out;
117409 + } else {
117410 + if (!proc_fd_access_allowed(inode,1))
117411 + goto out;
117412 + }
117413
117414 error = PROC_I(inode)->op.proc_get_link(dentry, &path);
117415 if (error)
117416 @@ -1678,7 +1794,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
117417 rcu_read_lock();
117418 cred = __task_cred(task);
117419 inode->i_uid = cred->euid;
117420 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
117421 + inode->i_gid = grsec_proc_gid;
117422 +#else
117423 inode->i_gid = cred->egid;
117424 +#endif
117425 rcu_read_unlock();
117426 }
117427 security_task_to_inode(task, inode);
117428 @@ -1714,10 +1834,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
117429 return -ENOENT;
117430 }
117431 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
117432 +#ifdef CONFIG_GRKERNSEC_PROC_USER
117433 + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
117434 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
117435 + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) ||
117436 +#endif
117437 task_dumpable(task)) {
117438 cred = __task_cred(task);
117439 stat->uid = cred->euid;
117440 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
117441 + stat->gid = grsec_proc_gid;
117442 +#else
117443 stat->gid = cred->egid;
117444 +#endif
117445 }
117446 }
117447 rcu_read_unlock();
117448 @@ -1755,11 +1884,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
117449
117450 if (task) {
117451 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
117452 +#ifdef CONFIG_GRKERNSEC_PROC_USER
117453 + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
117454 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
117455 + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) ||
117456 +#endif
117457 task_dumpable(task)) {
117458 rcu_read_lock();
117459 cred = __task_cred(task);
117460 inode->i_uid = cred->euid;
117461 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
117462 + inode->i_gid = grsec_proc_gid;
117463 +#else
117464 inode->i_gid = cred->egid;
117465 +#endif
117466 rcu_read_unlock();
117467 } else {
117468 inode->i_uid = GLOBAL_ROOT_UID;
117469 @@ -2373,6 +2511,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
117470 if (!task)
117471 goto out_no_task;
117472
117473 + if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
117474 + goto out;
117475 +
117476 /*
117477 * Yes, it does not scale. And it should not. Don't add
117478 * new entries into /proc/<tgid>/ without very good reasons.
117479 @@ -2403,6 +2544,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
117480 if (!task)
117481 return -ENOENT;
117482
117483 + if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
117484 + goto out;
117485 +
117486 if (!dir_emit_dots(file, ctx))
117487 goto out;
117488
117489 @@ -2815,7 +2959,9 @@ static const struct inode_operations proc_task_inode_operations;
117490 static const struct pid_entry tgid_base_stuff[] = {
117491 DIR("task", S_IRUGO|S_IXUGO, proc_task_inode_operations, proc_task_operations),
117492 DIR("fd", S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
117493 +#ifndef CONFIG_GRKERNSEC
117494 DIR("map_files", S_IRUSR|S_IXUSR, proc_map_files_inode_operations, proc_map_files_operations),
117495 +#endif
117496 DIR("fdinfo", S_IRUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
117497 DIR("ns", S_IRUSR|S_IXUGO, proc_ns_dir_inode_operations, proc_ns_dir_operations),
117498 #ifdef CONFIG_NET
117499 @@ -2833,7 +2979,7 @@ static const struct pid_entry tgid_base_stuff[] = {
117500 REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
117501 #endif
117502 REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
117503 -#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
117504 +#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
117505 ONE("syscall", S_IRUSR, proc_pid_syscall),
117506 #endif
117507 REG("cmdline", S_IRUGO, proc_pid_cmdline_ops),
117508 @@ -2858,10 +3004,10 @@ static const struct pid_entry tgid_base_stuff[] = {
117509 #ifdef CONFIG_SECURITY
117510 DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
117511 #endif
117512 -#ifdef CONFIG_KALLSYMS
117513 +#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
117514 ONE("wchan", S_IRUGO, proc_pid_wchan),
117515 #endif
117516 -#ifdef CONFIG_STACKTRACE
117517 +#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM)
117518 ONE("stack", S_IRUSR, proc_pid_stack),
117519 #endif
117520 #ifdef CONFIG_SCHED_INFO
117521 @@ -2895,6 +3041,9 @@ static const struct pid_entry tgid_base_stuff[] = {
117522 #ifdef CONFIG_HARDWALL
117523 ONE("hardwall", S_IRUGO, proc_pid_hardwall),
117524 #endif
117525 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
117526 + ONE("ipaddr", S_IRUSR, proc_pid_ipaddr),
117527 +#endif
117528 #ifdef CONFIG_USER_NS
117529 REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations),
117530 REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations),
117531 @@ -3028,7 +3177,14 @@ static int proc_pid_instantiate(struct inode *dir,
117532 if (!inode)
117533 goto out;
117534
117535 +#ifdef CONFIG_GRKERNSEC_PROC_USER
117536 + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
117537 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
117538 + inode->i_gid = grsec_proc_gid;
117539 + inode->i_mode = S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP;
117540 +#else
117541 inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
117542 +#endif
117543 inode->i_op = &proc_tgid_base_inode_operations;
117544 inode->i_fop = &proc_tgid_base_operations;
117545 inode->i_flags|=S_IMMUTABLE;
117546 @@ -3066,7 +3222,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
117547 if (!task)
117548 goto out;
117549
117550 + if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
117551 + goto out_put_task;
117552 +
117553 result = proc_pid_instantiate(dir, dentry, task, NULL);
117554 +out_put_task:
117555 put_task_struct(task);
117556 out:
117557 return ERR_PTR(result);
117558 @@ -3220,7 +3380,7 @@ static const struct pid_entry tid_base_stuff[] = {
117559 NOD("comm", S_IFREG|S_IRUGO|S_IWUSR,
117560 &proc_tid_comm_inode_operations,
117561 &proc_pid_set_comm_operations, {}),
117562 -#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
117563 +#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
117564 ONE("syscall", S_IRUSR, proc_pid_syscall),
117565 #endif
117566 REG("cmdline", S_IRUGO, proc_pid_cmdline_ops),
117567 @@ -3247,10 +3407,10 @@ static const struct pid_entry tid_base_stuff[] = {
117568 #ifdef CONFIG_SECURITY
117569 DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
117570 #endif
117571 -#ifdef CONFIG_KALLSYMS
117572 +#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
117573 ONE("wchan", S_IRUGO, proc_pid_wchan),
117574 #endif
117575 -#ifdef CONFIG_STACKTRACE
117576 +#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM)
117577 ONE("stack", S_IRUSR, proc_pid_stack),
117578 #endif
117579 #ifdef CONFIG_SCHED_INFO
117580 diff --git a/fs/proc/cmdline.c b/fs/proc/cmdline.c
117581 index cbd82df..c0407d2 100644
117582 --- a/fs/proc/cmdline.c
117583 +++ b/fs/proc/cmdline.c
117584 @@ -23,7 +23,11 @@ static const struct file_operations cmdline_proc_fops = {
117585
117586 static int __init proc_cmdline_init(void)
117587 {
117588 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
117589 + proc_create_grsec("cmdline", 0, NULL, &cmdline_proc_fops);
117590 +#else
117591 proc_create("cmdline", 0, NULL, &cmdline_proc_fops);
117592 +#endif
117593 return 0;
117594 }
117595 fs_initcall(proc_cmdline_init);
117596 diff --git a/fs/proc/devices.c b/fs/proc/devices.c
117597 index 50493ed..248166b 100644
117598 --- a/fs/proc/devices.c
117599 +++ b/fs/proc/devices.c
117600 @@ -64,7 +64,11 @@ static const struct file_operations proc_devinfo_operations = {
117601
117602 static int __init proc_devices_init(void)
117603 {
117604 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
117605 + proc_create_grsec("devices", 0, NULL, &proc_devinfo_operations);
117606 +#else
117607 proc_create("devices", 0, NULL, &proc_devinfo_operations);
117608 +#endif
117609 return 0;
117610 }
117611 fs_initcall(proc_devices_init);
117612 diff --git a/fs/proc/fd.c b/fs/proc/fd.c
117613 index 01df23c..9b6c8f9 100644
117614 --- a/fs/proc/fd.c
117615 +++ b/fs/proc/fd.c
117616 @@ -27,7 +27,8 @@ static int seq_show(struct seq_file *m, void *v)
117617 if (!task)
117618 return -ENOENT;
117619
117620 - files = get_files_struct(task);
117621 + if (!gr_acl_handle_procpidmem(task))
117622 + files = get_files_struct(task);
117623 put_task_struct(task);
117624
117625 if (files) {
117626 @@ -296,13 +297,15 @@ int proc_fd_permission(struct inode *inode, int mask)
117627 int rv;
117628
117629 rv = generic_permission(inode, mask);
117630 - if (rv == 0)
117631 - return rv;
117632
117633 rcu_read_lock();
117634 p = pid_task(proc_pid(inode), PIDTYPE_PID);
117635 - if (p && same_thread_group(p, current))
117636 - rv = 0;
117637 + if (p) {
117638 + if (same_thread_group(p, current))
117639 + rv = 0;
117640 + if (gr_acl_handle_procpidmem(p))
117641 + rv = -EACCES;
117642 + }
117643 rcu_read_unlock();
117644
117645 return rv;
117646 diff --git a/fs/proc/generic.c b/fs/proc/generic.c
117647 index c633476..881fce8 100644
117648 --- a/fs/proc/generic.c
117649 +++ b/fs/proc/generic.c
117650 @@ -22,6 +22,7 @@
117651 #include <linux/bitops.h>
117652 #include <linux/spinlock.h>
117653 #include <linux/completion.h>
117654 +#include <linux/grsecurity.h>
117655 #include <asm/uaccess.h>
117656
117657 #include "internal.h"
117658 @@ -253,6 +254,15 @@ struct dentry *proc_lookup(struct inode *dir, struct dentry *dentry,
117659 return proc_lookup_de(PDE(dir), dir, dentry);
117660 }
117661
117662 +struct dentry *proc_lookup_restrict(struct inode *dir, struct dentry *dentry,
117663 + unsigned int flags)
117664 +{
117665 + if (gr_proc_is_restricted())
117666 + return ERR_PTR(-EACCES);
117667 +
117668 + return proc_lookup_de(PDE(dir), dir, dentry);
117669 +}
117670 +
117671 /*
117672 * This returns non-zero if at EOF, so that the /proc
117673 * root directory can use this and check if it should
117674 @@ -310,6 +320,16 @@ int proc_readdir(struct file *file, struct dir_context *ctx)
117675 return proc_readdir_de(PDE(inode), file, ctx);
117676 }
117677
117678 +int proc_readdir_restrict(struct file *file, struct dir_context *ctx)
117679 +{
117680 + struct inode *inode = file_inode(file);
117681 +
117682 + if (gr_proc_is_restricted())
117683 + return -EACCES;
117684 +
117685 + return proc_readdir_de(PDE(inode), file, ctx);
117686 +}
117687 +
117688 /*
117689 * These are the generic /proc directory operations. They
117690 * use the in-memory "struct proc_dir_entry" tree to parse
117691 @@ -321,6 +341,12 @@ static const struct file_operations proc_dir_operations = {
117692 .iterate_shared = proc_readdir,
117693 };
117694
117695 +static const struct file_operations proc_dir_restricted_operations = {
117696 + .llseek = generic_file_llseek,
117697 + .read = generic_read_dir,
117698 + .iterate = proc_readdir_restrict,
117699 +};
117700 +
117701 /*
117702 * proc directories can do almost nothing..
117703 */
117704 @@ -330,6 +356,12 @@ static const struct inode_operations proc_dir_inode_operations = {
117705 .setattr = proc_notify_change,
117706 };
117707
117708 +static const struct inode_operations proc_dir_restricted_inode_operations = {
117709 + .lookup = proc_lookup_restrict,
117710 + .getattr = proc_getattr,
117711 + .setattr = proc_notify_change,
117712 +};
117713 +
117714 static int proc_register(struct proc_dir_entry * dir, struct proc_dir_entry * dp)
117715 {
117716 int ret;
117717 @@ -445,6 +477,31 @@ struct proc_dir_entry *proc_mkdir_data(const char *name, umode_t mode,
117718 }
117719 EXPORT_SYMBOL_GPL(proc_mkdir_data);
117720
117721 +struct proc_dir_entry *proc_mkdir_data_restrict(const char *name, umode_t mode,
117722 + struct proc_dir_entry *parent, void *data)
117723 +{
117724 + struct proc_dir_entry *ent;
117725 +
117726 + if (mode == 0)
117727 + mode = S_IRUGO | S_IXUGO;
117728 +
117729 + ent = __proc_create(&parent, name, S_IFDIR | mode, 2);
117730 + if (ent) {
117731 + ent->data = data;
117732 + ent->restricted = 1;
117733 + ent->proc_fops = &proc_dir_restricted_operations;
117734 + ent->proc_iops = &proc_dir_restricted_inode_operations;
117735 + parent->nlink++;
117736 + if (proc_register(parent, ent) < 0) {
117737 + kfree(ent);
117738 + parent->nlink--;
117739 + ent = NULL;
117740 + }
117741 + }
117742 + return ent;
117743 +}
117744 +EXPORT_SYMBOL_GPL(proc_mkdir_data_restrict);
117745 +
117746 struct proc_dir_entry *proc_mkdir_mode(const char *name, umode_t mode,
117747 struct proc_dir_entry *parent)
117748 {
117749 @@ -459,6 +516,13 @@ struct proc_dir_entry *proc_mkdir(const char *name,
117750 }
117751 EXPORT_SYMBOL(proc_mkdir);
117752
117753 +struct proc_dir_entry *proc_mkdir_restrict(const char *name,
117754 + struct proc_dir_entry *parent)
117755 +{
117756 + return proc_mkdir_data_restrict(name, 0, parent, NULL);
117757 +}
117758 +EXPORT_SYMBOL(proc_mkdir_restrict);
117759 +
117760 struct proc_dir_entry *proc_create_mount_point(const char *name)
117761 {
117762 umode_t mode = S_IFDIR | S_IRUGO | S_IXUGO;
117763 diff --git a/fs/proc/inode.c b/fs/proc/inode.c
117764 index c1b7238..290c707 100644
117765 --- a/fs/proc/inode.c
117766 +++ b/fs/proc/inode.c
117767 @@ -23,11 +23,17 @@
117768 #include <linux/slab.h>
117769 #include <linux/mount.h>
117770 #include <linux/magic.h>
117771 +#include <linux/grsecurity.h>
117772
117773 #include <asm/uaccess.h>
117774
117775 #include "internal.h"
117776
117777 +#ifdef CONFIG_PROC_SYSCTL
117778 +extern const struct inode_operations proc_sys_inode_operations;
117779 +extern const struct inode_operations proc_sys_dir_operations;
117780 +#endif
117781 +
117782 static void proc_evict_inode(struct inode *inode)
117783 {
117784 struct proc_dir_entry *de;
117785 @@ -48,6 +54,13 @@ static void proc_evict_inode(struct inode *inode)
117786 RCU_INIT_POINTER(PROC_I(inode)->sysctl, NULL);
117787 sysctl_head_put(head);
117788 }
117789 +
117790 +#ifdef CONFIG_PROC_SYSCTL
117791 + if (inode->i_op == &proc_sys_inode_operations ||
117792 + inode->i_op == &proc_sys_dir_operations)
117793 + gr_handle_delete(inode->i_ino, inode->i_sb->s_dev);
117794 +#endif
117795 +
117796 }
117797
117798 static struct kmem_cache * proc_inode_cachep;
117799 @@ -431,7 +444,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
117800 if (de->mode) {
117801 inode->i_mode = de->mode;
117802 inode->i_uid = de->uid;
117803 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
117804 + inode->i_gid = grsec_proc_gid;
117805 +#else
117806 inode->i_gid = de->gid;
117807 +#endif
117808 }
117809 if (de->size)
117810 inode->i_size = de->size;
117811 diff --git a/fs/proc/internal.h b/fs/proc/internal.h
117812 index 7931c55..7db5ad1 100644
117813 --- a/fs/proc/internal.h
117814 +++ b/fs/proc/internal.h
117815 @@ -47,9 +47,10 @@ struct proc_dir_entry {
117816 struct completion *pde_unload_completion;
117817 struct list_head pde_openers; /* who did ->open, but not ->release */
117818 spinlock_t pde_unload_lock; /* proc_fops checks and pde_users bumps */
117819 + u8 restricted; /* a directory in /proc/net that should be restricted via GRKERNSEC_PROC */
117820 u8 namelen;
117821 char name[];
117822 -};
117823 +} __randomize_layout;
117824
117825 union proc_op {
117826 int (*proc_get_link)(struct dentry *, struct path *);
117827 @@ -67,7 +68,7 @@ struct proc_inode {
117828 struct ctl_table *sysctl_entry;
117829 const struct proc_ns_operations *ns_ops;
117830 struct inode vfs_inode;
117831 -};
117832 +} __randomize_layout;
117833
117834 /*
117835 * General functions
117836 @@ -155,6 +156,10 @@ extern int proc_pid_status(struct seq_file *, struct pid_namespace *,
117837 struct pid *, struct task_struct *);
117838 extern int proc_pid_statm(struct seq_file *, struct pid_namespace *,
117839 struct pid *, struct task_struct *);
117840 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
117841 +extern int proc_pid_ipaddr(struct seq_file *, struct pid_namespace *,
117842 + struct pid *, struct task_struct *);
117843 +#endif
117844
117845 /*
117846 * base.c
117847 @@ -179,9 +184,11 @@ extern bool proc_fill_cache(struct file *, struct dir_context *, const char *, i
117848 * generic.c
117849 */
117850 extern struct dentry *proc_lookup(struct inode *, struct dentry *, unsigned int);
117851 +extern struct dentry *proc_lookup_restrict(struct inode *, struct dentry *, unsigned int);
117852 extern struct dentry *proc_lookup_de(struct proc_dir_entry *, struct inode *,
117853 struct dentry *);
117854 extern int proc_readdir(struct file *, struct dir_context *);
117855 +extern int proc_readdir_restrict(struct file *, struct dir_context *);
117856 extern int proc_readdir_de(struct proc_dir_entry *, struct file *, struct dir_context *);
117857
117858 static inline struct proc_dir_entry *pde_get(struct proc_dir_entry *pde)
117859 @@ -286,9 +293,12 @@ struct proc_maps_private {
117860 #ifdef CONFIG_NUMA
117861 struct mempolicy *task_mempolicy;
117862 #endif
117863 -};
117864 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
117865 + u64 ptracer_exec_id;
117866 +#endif
117867 +} __randomize_layout;
117868
117869 -struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode);
117870 +struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode, u64 *ptracer_exec_id);
117871
117872 extern const struct file_operations proc_pid_maps_operations;
117873 extern const struct file_operations proc_tid_maps_operations;
117874 diff --git a/fs/proc/interrupts.c b/fs/proc/interrupts.c
117875 index a352d57..cb94a5c 100644
117876 --- a/fs/proc/interrupts.c
117877 +++ b/fs/proc/interrupts.c
117878 @@ -47,7 +47,11 @@ static const struct file_operations proc_interrupts_operations = {
117879
117880 static int __init proc_interrupts_init(void)
117881 {
117882 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
117883 + proc_create_grsec("interrupts", 0, NULL, &proc_interrupts_operations);
117884 +#else
117885 proc_create("interrupts", 0, NULL, &proc_interrupts_operations);
117886 +#endif
117887 return 0;
117888 }
117889 fs_initcall(proc_interrupts_init);
117890 diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
117891 index 5c89a07..1749d06 100644
117892 --- a/fs/proc/kcore.c
117893 +++ b/fs/proc/kcore.c
117894 @@ -316,7 +316,7 @@ static char *storenote(struct memelfnote *men, char *bufp)
117895 * store an ELF coredump header in the supplied buffer
117896 * nphdr is the number of elf_phdr to insert
117897 */
117898 -static void elf_kcore_store_hdr(char *bufp, int nphdr, int dataoff)
117899 +static void elf_kcore_store_hdr(char *bufp, int nphdr, size_t dataoff)
117900 {
117901 struct elf_prstatus prstatus; /* NT_PRSTATUS */
117902 struct elf_prpsinfo prpsinfo; /* NT_PRPSINFO */
117903 @@ -484,9 +484,10 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
117904 * the addresses in the elf_phdr on our list.
117905 */
117906 start = kc_offset_to_vaddr(*fpos - elf_buflen);
117907 - if ((tsz = (PAGE_SIZE - (start & ~PAGE_MASK))) > buflen)
117908 + tsz = PAGE_SIZE - (start & ~PAGE_MASK);
117909 + if (tsz > buflen)
117910 tsz = buflen;
117911 -
117912 +
117913 while (buflen) {
117914 struct kcore_list *m;
117915
117916 @@ -508,24 +509,22 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
117917 } else {
117918 if (kern_addr_valid(start)) {
117919 unsigned long n;
117920 + mm_segment_t oldfs;
117921
117922 /*
117923 * Using bounce buffer to bypass the
117924 * hardened user copy kernel text checks.
117925 */
117926 - memcpy(buf, (char *) start, tsz);
117927 - n = copy_to_user(buffer, buf, tsz);
117928 - /*
117929 - * We cannot distinguish between fault on source
117930 - * and fault on destination. When this happens
117931 - * we clear too and hope it will trigger the
117932 - * EFAULT again.
117933 - */
117934 - if (n) {
117935 - if (clear_user(buffer + tsz - n,
117936 - n))
117937 - return -EFAULT;
117938 - }
117939 + oldfs = get_fs();
117940 + set_fs(KERNEL_DS);
117941 + n = __copy_from_user(buf, (const void __user *)start, tsz);
117942 + set_fs(oldfs);
117943 + if (n)
117944 + n = clear_user(buffer, tsz);
117945 + else
117946 + n = copy_to_user(buffer, buf, tsz);
117947 + if (n)
117948 + return -EFAULT;
117949 } else {
117950 if (clear_user(buffer, tsz))
117951 return -EFAULT;
117952 @@ -545,10 +544,13 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
117953
117954 static int open_kcore(struct inode *inode, struct file *filp)
117955 {
117956 +#if defined(CONFIG_GRKERNSEC_PROC_ADD) || defined(CONFIG_GRKERNSEC_HIDESYM)
117957 + return -EPERM;
117958 +#endif
117959 if (!capable(CAP_SYS_RAWIO))
117960 return -EPERM;
117961
117962 - filp->private_data = kmalloc(PAGE_SIZE, GFP_KERNEL);
117963 + filp->private_data = kmalloc(PAGE_SIZE, GFP_KERNEL|GFP_USERCOPY);
117964 if (!filp->private_data)
117965 return -ENOMEM;
117966
117967 @@ -589,7 +591,7 @@ static int __meminit kcore_callback(struct notifier_block *self,
117968 return NOTIFY_OK;
117969 }
117970
117971 -static struct notifier_block kcore_callback_nb __meminitdata = {
117972 +static struct notifier_block kcore_callback_nb = {
117973 .notifier_call = kcore_callback,
117974 .priority = 0,
117975 };
117976 diff --git a/fs/proc/meminfo.c b/fs/proc/meminfo.c
117977 index b9a8c81..936ca066 100644
117978 --- a/fs/proc/meminfo.c
117979 +++ b/fs/proc/meminfo.c
117980 @@ -161,7 +161,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v)
117981 0ul, // used to be vmalloc 'used'
117982 0ul // used to be vmalloc 'largest_chunk'
117983 #ifdef CONFIG_MEMORY_FAILURE
117984 - , atomic_long_read(&num_poisoned_pages) << (PAGE_SHIFT - 10)
117985 + , atomic_long_read_unchecked(&num_poisoned_pages) << (PAGE_SHIFT - 10)
117986 #endif
117987 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
117988 , K(global_node_page_state(NR_ANON_THPS) * HPAGE_PMD_NR)
117989 diff --git a/fs/proc/nommu.c b/fs/proc/nommu.c
117990 index f8595e8..e0d13cbd 100644
117991 --- a/fs/proc/nommu.c
117992 +++ b/fs/proc/nommu.c
117993 @@ -64,7 +64,7 @@ static int nommu_region_show(struct seq_file *m, struct vm_region *region)
117994
117995 if (file) {
117996 seq_pad(m, ' ');
117997 - seq_file_path(m, file, "");
117998 + seq_file_path(m, file, "\n\\");
117999 }
118000
118001 seq_putc(m, '\n');
118002 diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c
118003 index c8bbc68..d0f82d5 100644
118004 --- a/fs/proc/proc_net.c
118005 +++ b/fs/proc/proc_net.c
118006 @@ -23,9 +23,27 @@
118007 #include <linux/nsproxy.h>
118008 #include <net/net_namespace.h>
118009 #include <linux/seq_file.h>
118010 +#include <linux/grsecurity.h>
118011
118012 #include "internal.h"
118013
118014 +#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
118015 +static struct seq_operations *ipv6_seq_ops_addr;
118016 +
118017 +void register_ipv6_seq_ops_addr(struct seq_operations *addr)
118018 +{
118019 + ipv6_seq_ops_addr = addr;
118020 +}
118021 +
118022 +void unregister_ipv6_seq_ops_addr(void)
118023 +{
118024 + ipv6_seq_ops_addr = NULL;
118025 +}
118026 +
118027 +EXPORT_SYMBOL_GPL(register_ipv6_seq_ops_addr);
118028 +EXPORT_SYMBOL_GPL(unregister_ipv6_seq_ops_addr);
118029 +#endif
118030 +
118031 static inline struct net *PDE_NET(struct proc_dir_entry *pde)
118032 {
118033 return pde->parent->data;
118034 @@ -36,6 +54,8 @@ static struct net *get_proc_net(const struct inode *inode)
118035 return maybe_get_net(PDE_NET(PDE(inode)));
118036 }
118037
118038 +extern const struct seq_operations dev_seq_ops;
118039 +
118040 int seq_open_net(struct inode *ino, struct file *f,
118041 const struct seq_operations *ops, int size)
118042 {
118043 @@ -44,6 +64,14 @@ int seq_open_net(struct inode *ino, struct file *f,
118044
118045 BUG_ON(size < sizeof(*p));
118046
118047 + /* only permit access to /proc/net/dev */
118048 + if (
118049 +#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
118050 + ops != ipv6_seq_ops_addr &&
118051 +#endif
118052 + ops != &dev_seq_ops && gr_proc_is_restricted())
118053 + return -EACCES;
118054 +
118055 net = get_proc_net(ino);
118056 if (net == NULL)
118057 return -ENXIO;
118058 @@ -66,6 +94,9 @@ int single_open_net(struct inode *inode, struct file *file,
118059 int err;
118060 struct net *net;
118061
118062 + if (gr_proc_is_restricted())
118063 + return -EACCES;
118064 +
118065 err = -ENXIO;
118066 net = get_proc_net(inode);
118067 if (net == NULL)
118068 @@ -220,7 +251,7 @@ static __net_exit void proc_net_ns_exit(struct net *net)
118069 kfree(net->proc_net);
118070 }
118071
118072 -static struct pernet_operations __net_initdata proc_net_ns_ops = {
118073 +static struct pernet_operations __net_initconst proc_net_ns_ops = {
118074 .init = proc_net_ns_init,
118075 .exit = proc_net_ns_exit,
118076 };
118077 diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
118078 index 1b93650..49c54f2 100644
118079 --- a/fs/proc/proc_sysctl.c
118080 +++ b/fs/proc/proc_sysctl.c
118081 @@ -11,13 +11,21 @@
118082 #include <linux/namei.h>
118083 #include <linux/mm.h>
118084 #include <linux/module.h>
118085 +#include <linux/nsproxy.h>
118086 +#ifdef CONFIG_GRKERNSEC
118087 +#include <net/net_namespace.h>
118088 +#endif
118089 #include "internal.h"
118090
118091 +extern int gr_handle_chroot_sysctl(const int op);
118092 +extern int gr_handle_sysctl_mod(const char *dirname, const char *name,
118093 + const int op);
118094 +
118095 static const struct dentry_operations proc_sys_dentry_operations;
118096 static const struct file_operations proc_sys_file_operations;
118097 -static const struct inode_operations proc_sys_inode_operations;
118098 +const struct inode_operations proc_sys_inode_operations;
118099 static const struct file_operations proc_sys_dir_file_operations;
118100 -static const struct inode_operations proc_sys_dir_operations;
118101 +const struct inode_operations proc_sys_dir_operations;
118102
118103 /* Support for permanently empty directories */
118104
118105 @@ -32,13 +40,17 @@ static bool is_empty_dir(struct ctl_table_header *head)
118106
118107 static void set_empty_dir(struct ctl_dir *dir)
118108 {
118109 - dir->header.ctl_table[0].child = sysctl_mount_point;
118110 + pax_open_kernel();
118111 + const_cast(dir->header.ctl_table[0].child) = sysctl_mount_point;
118112 + pax_close_kernel();
118113 }
118114
118115 static void clear_empty_dir(struct ctl_dir *dir)
118116
118117 {
118118 - dir->header.ctl_table[0].child = NULL;
118119 + pax_open_kernel();
118120 + const_cast(dir->header.ctl_table[0].child) = NULL;
118121 + pax_close_kernel();
118122 }
118123
118124 void proc_sys_poll_notify(struct ctl_table_poll *poll)
118125 @@ -504,6 +516,9 @@ static struct dentry *proc_sys_lookup(struct inode *dir, struct dentry *dentry,
118126
118127 err = NULL;
118128 d_set_d_op(dentry, &proc_sys_dentry_operations);
118129 +
118130 + gr_handle_proc_create(dentry, inode);
118131 +
118132 d_add(dentry, inode);
118133
118134 out:
118135 @@ -519,6 +534,7 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
118136 struct inode *inode = file_inode(filp);
118137 struct ctl_table_header *head = grab_header(inode);
118138 struct ctl_table *table = PROC_I(inode)->sysctl_entry;
118139 + int op = write ? MAY_WRITE : MAY_READ;
118140 ssize_t error;
118141 size_t res;
118142
118143 @@ -530,7 +546,7 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
118144 * and won't be until we finish.
118145 */
118146 error = -EPERM;
118147 - if (sysctl_perm(head, table, write ? MAY_WRITE : MAY_READ))
118148 + if (sysctl_perm(head, table, op))
118149 goto out;
118150
118151 /* if that can happen at all, it should be -EINVAL, not -EISDIR */
118152 @@ -538,6 +554,27 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
118153 if (!table->proc_handler)
118154 goto out;
118155
118156 +#ifdef CONFIG_GRKERNSEC
118157 + error = -EPERM;
118158 + if (gr_handle_chroot_sysctl(op))
118159 + goto out;
118160 + dget(filp->f_path.dentry);
118161 + if (gr_handle_sysctl_mod((const char *)filp->f_path.dentry->d_parent->d_name.name, table->procname, op)) {
118162 + dput(filp->f_path.dentry);
118163 + goto out;
118164 + }
118165 + dput(filp->f_path.dentry);
118166 + if (!gr_acl_handle_open(filp->f_path.dentry, filp->f_path.mnt, op))
118167 + goto out;
118168 + if (write) {
118169 + if (current->nsproxy->net_ns != table->extra2) {
118170 + if (!capable(CAP_SYS_ADMIN))
118171 + goto out;
118172 + } else if (!ns_capable(current->nsproxy->net_ns->user_ns, CAP_NET_ADMIN))
118173 + goto out;
118174 + }
118175 +#endif
118176 +
118177 /* careful: calling conventions are nasty here */
118178 res = count;
118179 error = table->proc_handler(table, write, buf, &res, ppos);
118180 @@ -639,6 +676,7 @@ static bool proc_sys_fill_cache(struct file *file,
118181 return false;
118182 }
118183 d_set_d_op(child, &proc_sys_dentry_operations);
118184 + gr_handle_proc_create(child, inode);
118185 d_add(child, inode);
118186 }
118187 }
118188 @@ -679,6 +717,9 @@ static int scan(struct ctl_table_header *head, struct ctl_table *table,
118189 if ((*pos)++ < ctx->pos)
118190 return true;
118191
118192 + if (!gr_acl_handle_hidden_file(file->f_path.dentry, file->f_path.mnt))
118193 + return 0;
118194 +
118195 if (unlikely(S_ISLNK(table->mode)))
118196 res = proc_sys_link_fill_cache(file, ctx, head, table);
118197 else
118198 @@ -772,6 +813,9 @@ static int proc_sys_getattr(struct vfsmount *mnt, struct dentry *dentry, struct
118199 if (IS_ERR(head))
118200 return PTR_ERR(head);
118201
118202 + if (table && !gr_acl_handle_hidden_file(dentry, mnt))
118203 + return -ENOENT;
118204 +
118205 generic_fillattr(inode, stat);
118206 if (table)
118207 stat->mode = (stat->mode & S_IFMT) | table->mode;
118208 @@ -794,13 +838,13 @@ static const struct file_operations proc_sys_dir_file_operations = {
118209 .llseek = generic_file_llseek,
118210 };
118211
118212 -static const struct inode_operations proc_sys_inode_operations = {
118213 +const struct inode_operations proc_sys_inode_operations = {
118214 .permission = proc_sys_permission,
118215 .setattr = proc_sys_setattr,
118216 .getattr = proc_sys_getattr,
118217 };
118218
118219 -static const struct inode_operations proc_sys_dir_operations = {
118220 +const struct inode_operations proc_sys_dir_operations = {
118221 .lookup = proc_sys_lookup,
118222 .permission = proc_sys_permission,
118223 .setattr = proc_sys_setattr,
118224 @@ -877,7 +921,7 @@ static struct ctl_dir *find_subdir(struct ctl_dir *dir,
118225 static struct ctl_dir *new_dir(struct ctl_table_set *set,
118226 const char *name, int namelen)
118227 {
118228 - struct ctl_table *table;
118229 + ctl_table_no_const *table;
118230 struct ctl_dir *new;
118231 struct ctl_node *node;
118232 char *new_name;
118233 @@ -889,7 +933,7 @@ static struct ctl_dir *new_dir(struct ctl_table_set *set,
118234 return NULL;
118235
118236 node = (struct ctl_node *)(new + 1);
118237 - table = (struct ctl_table *)(node + 1);
118238 + table = (ctl_table_no_const *)(node + 1);
118239 new_name = (char *)(table + 2);
118240 memcpy(new_name, name, namelen);
118241 new_name[namelen] = '\0';
118242 @@ -1058,7 +1102,8 @@ static int sysctl_check_table(const char *path, struct ctl_table *table)
118243 static struct ctl_table_header *new_links(struct ctl_dir *dir, struct ctl_table *table,
118244 struct ctl_table_root *link_root)
118245 {
118246 - struct ctl_table *link_table, *entry, *link;
118247 + ctl_table_no_const *link_table, *link;
118248 + struct ctl_table *entry;
118249 struct ctl_table_header *links;
118250 struct ctl_node *node;
118251 char *link_name;
118252 @@ -1081,7 +1126,7 @@ static struct ctl_table_header *new_links(struct ctl_dir *dir, struct ctl_table
118253 return NULL;
118254
118255 node = (struct ctl_node *)(links + 1);
118256 - link_table = (struct ctl_table *)(node + nr_entries);
118257 + link_table = (ctl_table_no_const *)(node + nr_entries);
118258 link_name = (char *)&link_table[nr_entries + 1];
118259
118260 for (link = link_table, entry = table; entry->procname; link++, entry++) {
118261 @@ -1329,8 +1374,8 @@ static int register_leaf_sysctl_tables(const char *path, char *pos,
118262 struct ctl_table_header ***subheader, struct ctl_table_set *set,
118263 struct ctl_table *table)
118264 {
118265 - struct ctl_table *ctl_table_arg = NULL;
118266 - struct ctl_table *entry, *files;
118267 + ctl_table_no_const *ctl_table_arg = NULL, *files = NULL;
118268 + struct ctl_table *entry;
118269 int nr_files = 0;
118270 int nr_dirs = 0;
118271 int err = -ENOMEM;
118272 @@ -1342,10 +1387,9 @@ static int register_leaf_sysctl_tables(const char *path, char *pos,
118273 nr_files++;
118274 }
118275
118276 - files = table;
118277 /* If there are mixed files and directories we need a new table */
118278 if (nr_dirs && nr_files) {
118279 - struct ctl_table *new;
118280 + ctl_table_no_const *new;
118281 files = kzalloc(sizeof(struct ctl_table) * (nr_files + 1),
118282 GFP_KERNEL);
118283 if (!files)
118284 @@ -1363,7 +1407,7 @@ static int register_leaf_sysctl_tables(const char *path, char *pos,
118285 /* Register everything except a directory full of subdirectories */
118286 if (nr_files || !nr_dirs) {
118287 struct ctl_table_header *header;
118288 - header = __register_sysctl_table(set, path, files);
118289 + header = __register_sysctl_table(set, path, files ? files : table);
118290 if (!header) {
118291 kfree(ctl_table_arg);
118292 goto out;
118293 diff --git a/fs/proc/root.c b/fs/proc/root.c
118294 index 8d3e484..5fc5ce2 100644
118295 --- a/fs/proc/root.c
118296 +++ b/fs/proc/root.c
118297 @@ -143,7 +143,15 @@ void __init proc_root_init(void)
118298 proc_create_mount_point("openprom");
118299 #endif
118300 proc_tty_init();
118301 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
118302 +#ifdef CONFIG_GRKERNSEC_PROC_USER
118303 + proc_mkdir_mode("bus", S_IRUSR | S_IXUSR, NULL);
118304 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
118305 + proc_mkdir_mode("bus", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL);
118306 +#endif
118307 +#else
118308 proc_mkdir("bus", NULL);
118309 +#endif
118310 proc_sys_init();
118311 }
118312
118313 diff --git a/fs/proc/stat.c b/fs/proc/stat.c
118314 index 7907e45..027fceb 100644
118315 --- a/fs/proc/stat.c
118316 +++ b/fs/proc/stat.c
118317 @@ -11,6 +11,7 @@
118318 #include <linux/irqnr.h>
118319 #include <linux/cputime.h>
118320 #include <linux/tick.h>
118321 +#include <linux/grsecurity.h>
118322
118323 #ifndef arch_irq_stat_cpu
118324 #define arch_irq_stat_cpu(cpu) 0
118325 @@ -86,6 +87,18 @@ static int show_stat(struct seq_file *p, void *v)
118326 u64 sum_softirq = 0;
118327 unsigned int per_softirq_sums[NR_SOFTIRQS] = {0};
118328 struct timespec64 boottime;
118329 + int unrestricted = 1;
118330 +
118331 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
118332 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
118333 + if (!uid_eq(current_uid(), GLOBAL_ROOT_UID)
118334 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
118335 + && !in_group_p(grsec_proc_gid)
118336 +#endif
118337 + )
118338 + unrestricted = 0;
118339 +#endif
118340 +#endif
118341
118342 user = nice = system = idle = iowait =
118343 irq = softirq = steal = 0;
118344 @@ -97,23 +110,25 @@ static int show_stat(struct seq_file *p, void *v)
118345 nice += kcpustat_cpu(i).cpustat[CPUTIME_NICE];
118346 system += kcpustat_cpu(i).cpustat[CPUTIME_SYSTEM];
118347 idle += get_idle_time(i);
118348 - iowait += get_iowait_time(i);
118349 - irq += kcpustat_cpu(i).cpustat[CPUTIME_IRQ];
118350 - softirq += kcpustat_cpu(i).cpustat[CPUTIME_SOFTIRQ];
118351 - steal += kcpustat_cpu(i).cpustat[CPUTIME_STEAL];
118352 - guest += kcpustat_cpu(i).cpustat[CPUTIME_GUEST];
118353 - guest_nice += kcpustat_cpu(i).cpustat[CPUTIME_GUEST_NICE];
118354 - sum += kstat_cpu_irqs_sum(i);
118355 - sum += arch_irq_stat_cpu(i);
118356 + if (unrestricted) {
118357 + iowait += get_iowait_time(i);
118358 + irq += kcpustat_cpu(i).cpustat[CPUTIME_IRQ];
118359 + softirq += kcpustat_cpu(i).cpustat[CPUTIME_SOFTIRQ];
118360 + steal += kcpustat_cpu(i).cpustat[CPUTIME_STEAL];
118361 + guest += kcpustat_cpu(i).cpustat[CPUTIME_GUEST];
118362 + guest_nice += kcpustat_cpu(i).cpustat[CPUTIME_GUEST_NICE];
118363 + sum += kstat_cpu_irqs_sum(i);
118364 + sum += arch_irq_stat_cpu(i);
118365 + for (j = 0; j < NR_SOFTIRQS; j++) {
118366 + unsigned int softirq_stat = kstat_softirqs_cpu(j, i);
118367
118368 - for (j = 0; j < NR_SOFTIRQS; j++) {
118369 - unsigned int softirq_stat = kstat_softirqs_cpu(j, i);
118370 -
118371 - per_softirq_sums[j] += softirq_stat;
118372 - sum_softirq += softirq_stat;
118373 + per_softirq_sums[j] += softirq_stat;
118374 + sum_softirq += softirq_stat;
118375 + }
118376 }
118377 }
118378 - sum += arch_irq_stat();
118379 + if (unrestricted)
118380 + sum += arch_irq_stat();
118381
118382 seq_puts(p, "cpu ");
118383 seq_put_decimal_ull(p, ' ', cputime64_to_clock_t(user));
118384 @@ -134,12 +149,14 @@ static int show_stat(struct seq_file *p, void *v)
118385 nice = kcpustat_cpu(i).cpustat[CPUTIME_NICE];
118386 system = kcpustat_cpu(i).cpustat[CPUTIME_SYSTEM];
118387 idle = get_idle_time(i);
118388 - iowait = get_iowait_time(i);
118389 - irq = kcpustat_cpu(i).cpustat[CPUTIME_IRQ];
118390 - softirq = kcpustat_cpu(i).cpustat[CPUTIME_SOFTIRQ];
118391 - steal = kcpustat_cpu(i).cpustat[CPUTIME_STEAL];
118392 - guest = kcpustat_cpu(i).cpustat[CPUTIME_GUEST];
118393 - guest_nice = kcpustat_cpu(i).cpustat[CPUTIME_GUEST_NICE];
118394 + if (unrestricted) {
118395 + iowait = get_iowait_time(i);
118396 + irq = kcpustat_cpu(i).cpustat[CPUTIME_IRQ];
118397 + softirq = kcpustat_cpu(i).cpustat[CPUTIME_SOFTIRQ];
118398 + steal = kcpustat_cpu(i).cpustat[CPUTIME_STEAL];
118399 + guest = kcpustat_cpu(i).cpustat[CPUTIME_GUEST];
118400 + guest_nice = kcpustat_cpu(i).cpustat[CPUTIME_GUEST_NICE];
118401 + }
118402 seq_printf(p, "cpu%d", i);
118403 seq_put_decimal_ull(p, ' ', cputime64_to_clock_t(user));
118404 seq_put_decimal_ull(p, ' ', cputime64_to_clock_t(nice));
118405 @@ -157,7 +174,7 @@ static int show_stat(struct seq_file *p, void *v)
118406
118407 /* sum again ? it could be updated? */
118408 for_each_irq_nr(j)
118409 - seq_put_decimal_ull(p, ' ', kstat_irqs_usr(j));
118410 + seq_put_decimal_ull(p, ' ', unrestricted ? kstat_irqs_usr(j) : 0ULL);
118411
118412 seq_printf(p,
118413 "\nctxt %llu\n"
118414 @@ -165,11 +182,11 @@ static int show_stat(struct seq_file *p, void *v)
118415 "processes %lu\n"
118416 "procs_running %lu\n"
118417 "procs_blocked %lu\n",
118418 - nr_context_switches(),
118419 + unrestricted ? nr_context_switches() : 0ULL,
118420 (unsigned long long)boottime.tv_sec,
118421 - total_forks,
118422 - nr_running(),
118423 - nr_iowait());
118424 + unrestricted ? total_forks : 0UL,
118425 + unrestricted ? nr_running() : 0UL,
118426 + unrestricted ? nr_iowait() : 0UL);
118427
118428 seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq);
118429
118430 diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
118431 index f6fa99e..ea67f46 100644
118432 --- a/fs/proc/task_mmu.c
118433 +++ b/fs/proc/task_mmu.c
118434 @@ -15,12 +15,19 @@
118435 #include <linux/mmu_notifier.h>
118436 #include <linux/page_idle.h>
118437 #include <linux/shmem_fs.h>
118438 +#include <linux/grsecurity.h>
118439
118440 #include <asm/elf.h>
118441 #include <asm/uaccess.h>
118442 #include <asm/tlbflush.h>
118443 #include "internal.h"
118444
118445 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
118446 +#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \
118447 + (_mm->pax_flags & MF_PAX_RANDMMAP || \
118448 + _mm->pax_flags & MF_PAX_SEGMEXEC))
118449 +#endif
118450 +
118451 void task_mem(struct seq_file *m, struct mm_struct *mm)
118452 {
118453 unsigned long text, lib, swap, ptes, pmds, anon, file, shmem;
118454 @@ -65,8 +72,13 @@ void task_mem(struct seq_file *m, struct mm_struct *mm)
118455 "VmLib:\t%8lu kB\n"
118456 "VmPTE:\t%8lu kB\n"
118457 "VmPMD:\t%8lu kB\n"
118458 - "VmSwap:\t%8lu kB\n",
118459 - hiwater_vm << (PAGE_SHIFT-10),
118460 + "VmSwap:\t%8lu kB\n"
118461 +
118462 +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
118463 + "CsBase:\t%8lx\nCsLim:\t%8lx\n"
118464 +#endif
118465 +
118466 + ,hiwater_vm << (PAGE_SHIFT-10),
118467 total_vm << (PAGE_SHIFT-10),
118468 mm->locked_vm << (PAGE_SHIFT-10),
118469 mm->pinned_vm << (PAGE_SHIFT-10),
118470 @@ -79,7 +91,19 @@ void task_mem(struct seq_file *m, struct mm_struct *mm)
118471 mm->stack_vm << (PAGE_SHIFT-10), text, lib,
118472 ptes >> 10,
118473 pmds >> 10,
118474 - swap << (PAGE_SHIFT-10));
118475 + swap << (PAGE_SHIFT-10)
118476 +
118477 +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
118478 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
118479 + , PAX_RAND_FLAGS(mm) ? 0 : mm->context.user_cs_base
118480 + , PAX_RAND_FLAGS(mm) ? 0 : mm->context.user_cs_limit
118481 +#else
118482 + , mm->context.user_cs_base
118483 + , mm->context.user_cs_limit
118484 +#endif
118485 +#endif
118486 +
118487 + );
118488 hugetlb_report_usage(m, mm);
118489 }
118490
118491 @@ -230,7 +254,11 @@ static int proc_maps_open(struct inode *inode, struct file *file,
118492 return -ENOMEM;
118493
118494 priv->inode = inode;
118495 - priv->mm = proc_mem_open(inode, PTRACE_MODE_READ);
118496 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
118497 + priv->mm = proc_mem_open(inode, PTRACE_MODE_READ, &priv->ptracer_exec_id);
118498 +#else
118499 + priv->mm = proc_mem_open(inode, PTRACE_MODE_READ, NULL);
118500 +#endif
118501 if (IS_ERR(priv->mm)) {
118502 int err = PTR_ERR(priv->mm);
118503
118504 @@ -285,7 +313,7 @@ static int is_stack(struct proc_maps_private *priv,
118505 }
118506
118507 static void
118508 -show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
118509 +show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid, bool restrict)
118510 {
118511 struct mm_struct *mm = vma->vm_mm;
118512 struct file *file = vma->vm_file;
118513 @@ -304,13 +332,8 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
118514 pgoff = ((loff_t)vma->vm_pgoff) << PAGE_SHIFT;
118515 }
118516
118517 - /* We don't show the stack guard page in /proc/maps */
118518 - start = vma->vm_start;
118519 - if (stack_guard_page_start(vma, start))
118520 - start += PAGE_SIZE;
118521 - end = vma->vm_end;
118522 - if (stack_guard_page_end(vma, end))
118523 - end -= PAGE_SIZE;
118524 + start = restrict ? 0UL : vma->vm_start;
118525 + end = restrict ? 0UL : vma->vm_end;
118526
118527 seq_setwidth(m, 25 + sizeof(void *) * 6 - 1);
118528 seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu ",
118529 @@ -320,7 +343,7 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
118530 flags & VM_WRITE ? 'w' : '-',
118531 flags & VM_EXEC ? 'x' : '-',
118532 flags & VM_MAYSHARE ? 's' : 'p',
118533 - pgoff,
118534 + restrict ? 0UL : pgoff,
118535 MAJOR(dev), MINOR(dev), ino);
118536
118537 /*
118538 @@ -329,7 +352,7 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
118539 */
118540 if (file) {
118541 seq_pad(m, ' ');
118542 - seq_file_path(m, file, "\n");
118543 + seq_file_path(m, file, "\n\\");
118544 goto done;
118545 }
118546
118547 @@ -366,7 +389,20 @@ done:
118548
118549 static int show_map(struct seq_file *m, void *v, int is_pid)
118550 {
118551 - show_map_vma(m, v, is_pid);
118552 + bool restrict = false;
118553 +
118554 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
118555 + struct vm_area_struct *vma = (struct vm_area_struct *)v;
118556 + struct proc_maps_private *priv = m->private;
118557 + restrict = current->exec_id != priv->ptracer_exec_id;
118558 + if (current->exec_id != m->exec_id && restrict) {
118559 + gr_log_badprocpid("maps");
118560 + return 0;
118561 + }
118562 + if (restrict)
118563 + restrict = PAX_RAND_FLAGS(vma->vm_mm);
118564 +#endif
118565 + show_map_vma(m, v, is_pid, restrict);
118566 m_cache_vma(m, v);
118567 return 0;
118568 }
118569 @@ -654,6 +690,9 @@ static void show_smap_vma_flags(struct seq_file *m, struct vm_area_struct *vma)
118570 [ilog2(VM_RAND_READ)] = "rr",
118571 [ilog2(VM_DONTCOPY)] = "dc",
118572 [ilog2(VM_DONTEXPAND)] = "de",
118573 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
118574 + [ilog2(VM_PAGEEXEC)] = "px",
118575 +#endif
118576 [ilog2(VM_ACCOUNT)] = "ac",
118577 [ilog2(VM_NORESERVE)] = "nr",
118578 [ilog2(VM_HUGETLB)] = "ht",
118579 @@ -735,7 +774,14 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
118580 .mm = vma->vm_mm,
118581 .private = &mss,
118582 };
118583 + bool restrict = false;
118584
118585 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
118586 + if (current->exec_id != m->exec_id) {
118587 + gr_log_badprocpid("smaps");
118588 + return 0;
118589 + }
118590 +#endif
118591 memset(&mss, 0, sizeof mss);
118592
118593 #ifdef CONFIG_SHMEM
118594 @@ -762,10 +808,15 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
118595 }
118596 #endif
118597
118598 - /* mmap_sem is held in m_start */
118599 - walk_page_vma(vma, &smaps_walk);
118600 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
118601 + if (PAX_RAND_FLAGS(vma->vm_mm))
118602 + restrict = true;
118603 + else
118604 +#endif
118605 + /* mmap_sem is held in m_start */
118606 + walk_page_vma(vma, &smaps_walk);
118607
118608 - show_map_vma(m, vma, is_pid);
118609 + show_map_vma(m, vma, is_pid, restrict);
118610
118611 seq_printf(m,
118612 "Size: %8lu kB\n"
118613 @@ -786,7 +837,7 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
118614 "KernelPageSize: %8lu kB\n"
118615 "MMUPageSize: %8lu kB\n"
118616 "Locked: %8lu kB\n",
118617 - (vma->vm_end - vma->vm_start) >> 10,
118618 + restrict ? 0UL : (vma->vm_end - vma->vm_start) >> 10,
118619 mss.resident >> 10,
118620 (unsigned long)(mss.pss >> (10 + PSS_SHIFT)),
118621 mss.shared_clean >> 10,
118622 @@ -1443,7 +1494,7 @@ static int pagemap_open(struct inode *inode, struct file *file)
118623 {
118624 struct mm_struct *mm;
118625
118626 - mm = proc_mem_open(inode, PTRACE_MODE_READ);
118627 + mm = proc_mem_open(inode, PTRACE_MODE_READ, NULL);
118628 if (IS_ERR(mm))
118629 return PTR_ERR(mm);
118630 file->private_data = mm;
118631 @@ -1646,6 +1697,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
118632 char buffer[64];
118633 int nid;
118634
118635 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
118636 + if (current->exec_id != m->exec_id) {
118637 + gr_log_badprocpid("numa_maps");
118638 + return 0;
118639 + }
118640 +#endif
118641 +
118642 if (!mm)
118643 return 0;
118644
118645 @@ -1660,11 +1718,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
118646 mpol_to_str(buffer, sizeof(buffer), proc_priv->task_mempolicy);
118647 }
118648
118649 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
118650 + seq_printf(m, "%08lx %s", PAX_RAND_FLAGS(vma->vm_mm) ? 0UL : vma->vm_start, buffer);
118651 +#else
118652 seq_printf(m, "%08lx %s", vma->vm_start, buffer);
118653 +#endif
118654
118655 if (file) {
118656 seq_puts(m, " file=");
118657 - seq_file_path(m, file, "\n\t= ");
118658 + seq_file_path(m, file, "\n\t\\= ");
118659 } else if (vma->vm_start <= mm->brk && vma->vm_end >= mm->start_brk) {
118660 seq_puts(m, " heap");
118661 } else if (is_stack(proc_priv, vma, is_pid)) {
118662 diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c
118663 index faacb0c..b185575 100644
118664 --- a/fs/proc/task_nommu.c
118665 +++ b/fs/proc/task_nommu.c
118666 @@ -51,7 +51,7 @@ void task_mem(struct seq_file *m, struct mm_struct *mm)
118667 else
118668 bytes += kobjsize(mm);
118669
118670 - if (current->fs && current->fs->users > 1)
118671 + if (current->fs && atomic_read(&current->fs->users) > 1)
118672 sbytes += kobjsize(current->fs);
118673 else
118674 bytes += kobjsize(current->fs);
118675 @@ -142,7 +142,7 @@ static int is_stack(struct proc_maps_private *priv,
118676 stack = vma_is_stack_for_task(vma, task);
118677 rcu_read_unlock();
118678 }
118679 - return stack;
118680 + return stack || (vma->vm_flags & (VM_GROWSDOWN | VM_GROWSUP));
118681 }
118682
118683 /*
118684 @@ -183,7 +183,7 @@ static int nommu_vma_show(struct seq_file *m, struct vm_area_struct *vma,
118685
118686 if (file) {
118687 seq_pad(m, ' ');
118688 - seq_file_path(m, file, "");
118689 + seq_file_path(m, file, "\n\\");
118690 } else if (mm && is_stack(priv, vma, is_pid)) {
118691 seq_pad(m, ' ');
118692 seq_printf(m, "[stack]");
118693 @@ -287,7 +287,7 @@ static int maps_open(struct inode *inode, struct file *file,
118694 return -ENOMEM;
118695
118696 priv->inode = inode;
118697 - priv->mm = proc_mem_open(inode, PTRACE_MODE_READ);
118698 + priv->mm = proc_mem_open(inode, PTRACE_MODE_READ, NULL);
118699 if (IS_ERR(priv->mm)) {
118700 int err = PTR_ERR(priv->mm);
118701
118702 diff --git a/fs/proc/vmcore.c b/fs/proc/vmcore.c
118703 index 8ab782d..ef5bcbd 100644
118704 --- a/fs/proc/vmcore.c
118705 +++ b/fs/proc/vmcore.c
118706 @@ -105,9 +105,13 @@ static ssize_t read_from_oldmem(char *buf, size_t count,
118707 nr_bytes = count;
118708
118709 /* If pfn is not ram, return zeros for sparse dump files */
118710 - if (pfn_is_ram(pfn) == 0)
118711 - memset(buf, 0, nr_bytes);
118712 - else {
118713 + if (pfn_is_ram(pfn) == 0) {
118714 + if (userbuf) {
118715 + if (clear_user((char __force_user *)buf, nr_bytes))
118716 + return -EFAULT;
118717 + } else
118718 + memset(buf, 0, nr_bytes);
118719 + } else {
118720 tmp = copy_oldmem_page(pfn, buf, nr_bytes,
118721 offset, userbuf);
118722 if (tmp < 0)
118723 @@ -170,7 +174,7 @@ int __weak remap_oldmem_pfn_range(struct vm_area_struct *vma,
118724 static int copy_to(void *target, void *src, size_t size, int userbuf)
118725 {
118726 if (userbuf) {
118727 - if (copy_to_user((char __user *) target, src, size))
118728 + if (copy_to_user((char __force_user *) target, src, size))
118729 return -EFAULT;
118730 } else {
118731 memcpy(target, src, size);
118732 @@ -235,7 +239,7 @@ static ssize_t __read_vmcore(char *buffer, size_t buflen, loff_t *fpos,
118733 m->offset + m->size - *fpos,
118734 buflen);
118735 start = m->paddr + *fpos - m->offset;
118736 - tmp = read_from_oldmem(buffer, tsz, &start, userbuf);
118737 + tmp = read_from_oldmem((char __force_kernel *)buffer, tsz, &start, userbuf);
118738 if (tmp < 0)
118739 return tmp;
118740 buflen -= tsz;
118741 @@ -255,7 +259,7 @@ static ssize_t __read_vmcore(char *buffer, size_t buflen, loff_t *fpos,
118742 static ssize_t read_vmcore(struct file *file, char __user *buffer,
118743 size_t buflen, loff_t *fpos)
118744 {
118745 - return __read_vmcore((__force char *) buffer, buflen, fpos, 1);
118746 + return __read_vmcore((__force_kernel char *) buffer, buflen, fpos, 1);
118747 }
118748
118749 /*
118750 diff --git a/fs/pstore/ftrace.c b/fs/pstore/ftrace.c
118751 index d488770..10f088f 100644
118752 --- a/fs/pstore/ftrace.c
118753 +++ b/fs/pstore/ftrace.c
118754 @@ -13,6 +13,7 @@
118755
118756 #include <linux/kernel.h>
118757 #include <linux/compiler.h>
118758 +#include <linux/bug.h>
118759 #include <linux/irqflags.h>
118760 #include <linux/percpu.h>
118761 #include <linux/smp.h>
118762 diff --git a/fs/qnx6/qnx6.h b/fs/qnx6/qnx6.h
118763 index f23b5c4..da5d2f3 100644
118764 --- a/fs/qnx6/qnx6.h
118765 +++ b/fs/qnx6/qnx6.h
118766 @@ -74,7 +74,7 @@ enum {
118767 BYTESEX_BE,
118768 };
118769
118770 -static inline __u64 fs64_to_cpu(struct qnx6_sb_info *sbi, __fs64 n)
118771 +static inline __u64 __intentional_overflow(-1) fs64_to_cpu(struct qnx6_sb_info *sbi, __fs64 n)
118772 {
118773 if (sbi->s_bytesex == BYTESEX_LE)
118774 return le64_to_cpu((__force __le64)n);
118775 @@ -90,7 +90,7 @@ static inline __fs64 cpu_to_fs64(struct qnx6_sb_info *sbi, __u64 n)
118776 return (__force __fs64)cpu_to_be64(n);
118777 }
118778
118779 -static inline __u32 fs32_to_cpu(struct qnx6_sb_info *sbi, __fs32 n)
118780 +static inline __u32 __intentional_overflow(-1) fs32_to_cpu(struct qnx6_sb_info *sbi, __fs32 n)
118781 {
118782 if (sbi->s_bytesex == BYTESEX_LE)
118783 return le32_to_cpu((__force __le32)n);
118784 diff --git a/fs/quota/netlink.c b/fs/quota/netlink.c
118785 index 8b25267..0706a93 100644
118786 --- a/fs/quota/netlink.c
118787 +++ b/fs/quota/netlink.c
118788 @@ -42,7 +42,7 @@ static struct genl_family quota_genl_family = {
118789 void quota_send_warning(struct kqid qid, dev_t dev,
118790 const char warntype)
118791 {
118792 - static atomic_t seq;
118793 + static atomic_unchecked_t seq;
118794 struct sk_buff *skb;
118795 void *msg_head;
118796 int ret;
118797 @@ -58,7 +58,7 @@ void quota_send_warning(struct kqid qid, dev_t dev,
118798 "VFS: Not enough memory to send quota warning.\n");
118799 return;
118800 }
118801 - msg_head = genlmsg_put(skb, 0, atomic_add_return(1, &seq),
118802 + msg_head = genlmsg_put(skb, 0, atomic_add_return_unchecked(1, &seq),
118803 &quota_genl_family, 0, QUOTA_NL_C_WARNING);
118804 if (!msg_head) {
118805 printk(KERN_ERR
118806 diff --git a/fs/read_write.c b/fs/read_write.c
118807 index 66215a7..7d66f62 100644
118808 --- a/fs/read_write.c
118809 +++ b/fs/read_write.c
118810 @@ -23,7 +23,8 @@
118811 #include <asm/uaccess.h>
118812 #include <asm/unistd.h>
118813
118814 -typedef ssize_t (*io_fn_t)(struct file *, char __user *, size_t, loff_t *);
118815 +typedef ssize_t (*io_fnr_t)(struct file *, char __user *, size_t, loff_t *);
118816 +typedef ssize_t (*io_fnw_t)(struct file *, const char __user *, size_t, loff_t *);
118817 typedef ssize_t (*iter_fn_t)(struct kiocb *, struct iov_iter *);
118818
118819 const struct file_operations generic_ro_fops = {
118820 @@ -526,7 +527,7 @@ ssize_t __kernel_write(struct file *file, const char *buf, size_t count, loff_t
118821
118822 old_fs = get_fs();
118823 set_fs(get_ds());
118824 - p = (__force const char __user *)buf;
118825 + p = (const char __force_user *)buf;
118826 if (count > MAX_RW_COUNT)
118827 count = MAX_RW_COUNT;
118828 ret = __vfs_write(file, p, count, pos);
118829 @@ -700,7 +701,7 @@ static ssize_t do_iter_readv_writev(struct file *filp, struct iov_iter *iter,
118830
118831 /* Do it by hand, with file-ops */
118832 static ssize_t do_loop_readv_writev(struct file *filp, struct iov_iter *iter,
118833 - loff_t *ppos, io_fn_t fn, int flags)
118834 + loff_t *ppos, io_fnr_t fnr, io_fnw_t fnw, int flags)
118835 {
118836 ssize_t ret = 0;
118837
118838 @@ -711,7 +712,10 @@ static ssize_t do_loop_readv_writev(struct file *filp, struct iov_iter *iter,
118839 struct iovec iovec = iov_iter_iovec(iter);
118840 ssize_t nr;
118841
118842 - nr = fn(filp, iovec.iov_base, iovec.iov_len, ppos);
118843 + if (fnr)
118844 + nr = fnr(filp, iovec.iov_base, iovec.iov_len, ppos);
118845 + else
118846 + nr = fnw(filp, iovec.iov_base, iovec.iov_len, ppos);
118847
118848 if (nr < 0) {
118849 if (!ret)
118850 @@ -815,7 +819,8 @@ static ssize_t do_readv_writev(int type, struct file *file,
118851 struct iovec *iov = iovstack;
118852 struct iov_iter iter;
118853 ssize_t ret;
118854 - io_fn_t fn;
118855 + io_fnr_t fnr;
118856 + io_fnw_t fnw;
118857 iter_fn_t iter_fn;
118858
118859 ret = import_iovec(type, uvector, nr_segs,
118860 @@ -831,10 +836,12 @@ static ssize_t do_readv_writev(int type, struct file *file,
118861 goto out;
118862
118863 if (type == READ) {
118864 - fn = file->f_op->read;
118865 + fnr = file->f_op->read;
118866 + fnw = NULL;
118867 iter_fn = file->f_op->read_iter;
118868 } else {
118869 - fn = (io_fn_t)file->f_op->write;
118870 + fnr = NULL;
118871 + fnw = file->f_op->write;
118872 iter_fn = file->f_op->write_iter;
118873 file_start_write(file);
118874 }
118875 @@ -842,7 +849,7 @@ static ssize_t do_readv_writev(int type, struct file *file,
118876 if (iter_fn)
118877 ret = do_iter_readv_writev(file, &iter, pos, iter_fn, flags);
118878 else
118879 - ret = do_loop_readv_writev(file, &iter, pos, fn, flags);
118880 + ret = do_loop_readv_writev(file, &iter, pos, fnr, fnw, flags);
118881
118882 if (type != READ)
118883 file_end_write(file);
118884 @@ -1040,7 +1047,8 @@ static ssize_t compat_do_readv_writev(int type, struct file *file,
118885 struct iovec *iov = iovstack;
118886 struct iov_iter iter;
118887 ssize_t ret;
118888 - io_fn_t fn;
118889 + io_fnr_t fnr;
118890 + io_fnw_t fnw;
118891 iter_fn_t iter_fn;
118892
118893 ret = compat_import_iovec(type, uvector, nr_segs,
118894 @@ -1056,10 +1064,12 @@ static ssize_t compat_do_readv_writev(int type, struct file *file,
118895 goto out;
118896
118897 if (type == READ) {
118898 - fn = file->f_op->read;
118899 + fnr = file->f_op->read;
118900 + fnw = NULL;
118901 iter_fn = file->f_op->read_iter;
118902 } else {
118903 - fn = (io_fn_t)file->f_op->write;
118904 + fnr = NULL;
118905 + fnw = file->f_op->write;
118906 iter_fn = file->f_op->write_iter;
118907 file_start_write(file);
118908 }
118909 @@ -1067,7 +1077,7 @@ static ssize_t compat_do_readv_writev(int type, struct file *file,
118910 if (iter_fn)
118911 ret = do_iter_readv_writev(file, &iter, pos, iter_fn, flags);
118912 else
118913 - ret = do_loop_readv_writev(file, &iter, pos, fn, flags);
118914 + ret = do_loop_readv_writev(file, &iter, pos, fnr, fnw, flags);
118915
118916 if (type != READ)
118917 file_end_write(file);
118918 diff --git a/fs/readdir.c b/fs/readdir.c
118919 index 9d0212c..da1afd1 100644
118920 --- a/fs/readdir.c
118921 +++ b/fs/readdir.c
118922 @@ -18,6 +18,7 @@
118923 #include <linux/security.h>
118924 #include <linux/syscalls.h>
118925 #include <linux/unistd.h>
118926 +#include <linux/namei.h>
118927
118928 #include <asm/uaccess.h>
118929
118930 @@ -84,6 +85,7 @@ struct old_linux_dirent {
118931 struct readdir_callback {
118932 struct dir_context ctx;
118933 struct old_linux_dirent __user * dirent;
118934 + struct file * file;
118935 int result;
118936 };
118937
118938 @@ -102,6 +104,10 @@ static int fillonedir(struct dir_context *ctx, const char *name, int namlen,
118939 buf->result = -EOVERFLOW;
118940 return -EOVERFLOW;
118941 }
118942 +
118943 + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
118944 + return 0;
118945 +
118946 buf->result++;
118947 dirent = buf->dirent;
118948 if (!access_ok(VERIFY_WRITE, dirent,
118949 @@ -133,6 +139,7 @@ SYSCALL_DEFINE3(old_readdir, unsigned int, fd,
118950 if (!f.file)
118951 return -EBADF;
118952
118953 + buf.file = f.file;
118954 error = iterate_dir(f.file, &buf.ctx);
118955 if (buf.result)
118956 error = buf.result;
118957 @@ -158,6 +165,7 @@ struct getdents_callback {
118958 struct dir_context ctx;
118959 struct linux_dirent __user * current_dir;
118960 struct linux_dirent __user * previous;
118961 + struct file * file;
118962 int count;
118963 int error;
118964 };
118965 @@ -180,6 +188,10 @@ static int filldir(struct dir_context *ctx, const char *name, int namlen,
118966 buf->error = -EOVERFLOW;
118967 return -EOVERFLOW;
118968 }
118969 +
118970 + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
118971 + return 0;
118972 +
118973 dirent = buf->previous;
118974 if (dirent) {
118975 if (signal_pending(current))
118976 @@ -227,6 +239,7 @@ SYSCALL_DEFINE3(getdents, unsigned int, fd,
118977 if (!f.file)
118978 return -EBADF;
118979
118980 + buf.file = f.file;
118981 error = iterate_dir(f.file, &buf.ctx);
118982 if (error >= 0)
118983 error = buf.error;
118984 @@ -245,6 +258,7 @@ struct getdents_callback64 {
118985 struct dir_context ctx;
118986 struct linux_dirent64 __user * current_dir;
118987 struct linux_dirent64 __user * previous;
118988 + struct file *file;
118989 int count;
118990 int error;
118991 };
118992 @@ -261,6 +275,10 @@ static int filldir64(struct dir_context *ctx, const char *name, int namlen,
118993 buf->error = -EINVAL; /* only used if we fail.. */
118994 if (reclen > buf->count)
118995 return -EINVAL;
118996 +
118997 + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
118998 + return 0;
118999 +
119000 dirent = buf->previous;
119001 if (dirent) {
119002 if (signal_pending(current))
119003 @@ -310,13 +328,13 @@ SYSCALL_DEFINE3(getdents64, unsigned int, fd,
119004 if (!f.file)
119005 return -EBADF;
119006
119007 + buf.file = f.file;
119008 error = iterate_dir(f.file, &buf.ctx);
119009 if (error >= 0)
119010 error = buf.error;
119011 lastdirent = buf.previous;
119012 if (lastdirent) {
119013 - typeof(lastdirent->d_off) d_off = buf.ctx.pos;
119014 - if (__put_user(d_off, &lastdirent->d_off))
119015 + if (__put_user(buf.ctx.pos, &lastdirent->d_off))
119016 error = -EFAULT;
119017 else
119018 error = count - buf.count;
119019 diff --git a/fs/reiserfs/do_balan.c b/fs/reiserfs/do_balan.c
119020 index 9c02d96..6562c10 100644
119021 --- a/fs/reiserfs/do_balan.c
119022 +++ b/fs/reiserfs/do_balan.c
119023 @@ -1887,7 +1887,7 @@ void do_balance(struct tree_balance *tb, struct item_head *ih,
119024 return;
119025 }
119026
119027 - atomic_inc(&fs_generation(tb->tb_sb));
119028 + atomic_inc_unchecked(&fs_generation(tb->tb_sb));
119029 do_balance_starts(tb);
119030
119031 /*
119032 diff --git a/fs/reiserfs/item_ops.c b/fs/reiserfs/item_ops.c
119033 index aca73dd..e3c558d 100644
119034 --- a/fs/reiserfs/item_ops.c
119035 +++ b/fs/reiserfs/item_ops.c
119036 @@ -724,18 +724,18 @@ static void errcatch_print_vi(struct virtual_item *vi)
119037 }
119038
119039 static struct item_operations errcatch_ops = {
119040 - errcatch_bytes_number,
119041 - errcatch_decrement_key,
119042 - errcatch_is_left_mergeable,
119043 - errcatch_print_item,
119044 - errcatch_check_item,
119045 + .bytes_number = errcatch_bytes_number,
119046 + .decrement_key = errcatch_decrement_key,
119047 + .is_left_mergeable = errcatch_is_left_mergeable,
119048 + .print_item = errcatch_print_item,
119049 + .check_item = errcatch_check_item,
119050
119051 - errcatch_create_vi,
119052 - errcatch_check_left,
119053 - errcatch_check_right,
119054 - errcatch_part_size,
119055 - errcatch_unit_num,
119056 - errcatch_print_vi
119057 + .create_vi = errcatch_create_vi,
119058 + .check_left = errcatch_check_left,
119059 + .check_right = errcatch_check_right,
119060 + .part_size = errcatch_part_size,
119061 + .unit_num = errcatch_unit_num,
119062 + .print_vi = errcatch_print_vi
119063 };
119064
119065 #if ! (TYPE_STAT_DATA == 0 && TYPE_INDIRECT == 1 && TYPE_DIRECT == 2 && TYPE_DIRENTRY == 3)
119066 diff --git a/fs/reiserfs/procfs.c b/fs/reiserfs/procfs.c
119067 index fe99915..24fd9bd 100644
119068 --- a/fs/reiserfs/procfs.c
119069 +++ b/fs/reiserfs/procfs.c
119070 @@ -114,7 +114,7 @@ static int show_super(struct seq_file *m, void *unused)
119071 "SMALL_TAILS " : "NO_TAILS ",
119072 replay_only(sb) ? "REPLAY_ONLY " : "",
119073 convert_reiserfs(sb) ? "CONV " : "",
119074 - atomic_read(&r->s_generation_counter),
119075 + atomic_read_unchecked(&r->s_generation_counter),
119076 SF(s_disk_reads), SF(s_disk_writes), SF(s_fix_nodes),
119077 SF(s_do_balance), SF(s_unneeded_left_neighbor),
119078 SF(s_good_search_by_key_reada), SF(s_bmaps),
119079 diff --git a/fs/reiserfs/reiserfs.h b/fs/reiserfs/reiserfs.h
119080 index 2adcde1..7d27bc8 100644
119081 --- a/fs/reiserfs/reiserfs.h
119082 +++ b/fs/reiserfs/reiserfs.h
119083 @@ -580,7 +580,7 @@ struct reiserfs_sb_info {
119084 /* Comment? -Hans */
119085 wait_queue_head_t s_wait;
119086 /* increased by one every time the tree gets re-balanced */
119087 - atomic_t s_generation_counter;
119088 + atomic_unchecked_t s_generation_counter;
119089
119090 /* File system properties. Currently holds on-disk FS format */
119091 unsigned long s_properties;
119092 @@ -2300,7 +2300,7 @@ static inline loff_t max_reiserfs_offset(struct inode *inode)
119093 #define REISERFS_USER_MEM 1 /* user memory mode */
119094
119095 #define fs_generation(s) (REISERFS_SB(s)->s_generation_counter)
119096 -#define get_generation(s) atomic_read (&fs_generation(s))
119097 +#define get_generation(s) atomic_read_unchecked (&fs_generation(s))
119098 #define FILESYSTEM_CHANGED_TB(tb) (get_generation((tb)->tb_sb) != (tb)->fs_gen)
119099 #define __fs_changed(gen,s) (gen != get_generation (s))
119100 #define fs_changed(gen,s) \
119101 diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c
119102 index 74d5ddd..0ce3ad9 100644
119103 --- a/fs/reiserfs/super.c
119104 +++ b/fs/reiserfs/super.c
119105 @@ -1887,6 +1887,10 @@ static int reiserfs_fill_super(struct super_block *s, void *data, int silent)
119106 sbi->s_mount_opt |= (1 << REISERFS_SMALLTAIL);
119107 sbi->s_mount_opt |= (1 << REISERFS_ERROR_RO);
119108 sbi->s_mount_opt |= (1 << REISERFS_BARRIER_FLUSH);
119109 +#ifdef CONFIG_REISERFS_FS_XATTR
119110 + /* turn on user xattrs by default */
119111 + sbi->s_mount_opt |= (1 << REISERFS_XATTRS_USER);
119112 +#endif
119113 /* no preallocation minimum, be smart in reiserfs_file_write instead */
119114 sbi->s_alloc_options.preallocmin = 0;
119115 /* Preallocate by 16 blocks (17-1) at once */
119116 diff --git a/fs/select.c b/fs/select.c
119117 index 8ed9da5..4ee3bb4 100644
119118 --- a/fs/select.c
119119 +++ b/fs/select.c
119120 @@ -20,6 +20,7 @@
119121 #include <linux/export.h>
119122 #include <linux/slab.h>
119123 #include <linux/poll.h>
119124 +#include <linux/security.h>
119125 #include <linux/personality.h> /* for STICKY_TIMEOUTS */
119126 #include <linux/file.h>
119127 #include <linux/fdtable.h>
119128 @@ -723,7 +724,7 @@ SYSCALL_DEFINE6(pselect6, int, n, fd_set __user *, inp, fd_set __user *, outp,
119129
119130 #ifdef __ARCH_WANT_SYS_OLD_SELECT
119131 struct sel_arg_struct {
119132 - unsigned long n;
119133 + long n;
119134 fd_set __user *inp, *outp, *exp;
119135 struct timeval __user *tvp;
119136 };
119137 @@ -886,6 +887,7 @@ int do_sys_poll(struct pollfd __user *ufds, unsigned int nfds,
119138 struct poll_list *walk = head;
119139 unsigned long todo = nfds;
119140
119141 + gr_learn_resource(current, RLIMIT_NOFILE, nfds, 1);
119142 if (nfds > rlimit(RLIMIT_NOFILE))
119143 return -EINVAL;
119144
119145 diff --git a/fs/seq_file.c b/fs/seq_file.c
119146 index 6dc4296..cfdaf8e 100644
119147 --- a/fs/seq_file.c
119148 +++ b/fs/seq_file.c
119149 @@ -14,6 +14,8 @@
119150 #include <linux/mm.h>
119151 #include <linux/printk.h>
119152 #include <linux/string_helpers.h>
119153 +#include <linux/sched.h>
119154 +#include <linux/grsecurity.h>
119155
119156 #include <asm/uaccess.h>
119157 #include <asm/page.h>
119158 @@ -26,7 +28,7 @@ static void seq_set_overflow(struct seq_file *m)
119159 static void *seq_buf_alloc(unsigned long size)
119160 {
119161 void *buf;
119162 - gfp_t gfp = GFP_KERNEL;
119163 + gfp_t gfp = GFP_KERNEL | GFP_USERCOPY;
119164
119165 /*
119166 * For high order allocations, use __GFP_NORETRY to avoid oom-killing -
119167 @@ -38,7 +40,7 @@ static void *seq_buf_alloc(unsigned long size)
119168 gfp |= __GFP_NORETRY | __GFP_NOWARN;
119169 buf = kmalloc(size, gfp);
119170 if (!buf && size > PAGE_SIZE)
119171 - buf = vmalloc(size);
119172 + buf = vmalloc_usercopy(size);
119173 return buf;
119174 }
119175
119176 @@ -77,6 +79,10 @@ int seq_open(struct file *file, const struct seq_operations *op)
119177 // to the lifetime of the file.
119178 p->file = file;
119179
119180 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
119181 + p->exec_id = current->exec_id;
119182 +#endif
119183 +
119184 /*
119185 * Wrappers around seq_open(e.g. swaps_open) need to be
119186 * aware of this. If they set f_version themselves, they
119187 @@ -98,6 +104,16 @@ int seq_open(struct file *file, const struct seq_operations *op)
119188 }
119189 EXPORT_SYMBOL(seq_open);
119190
119191 +
119192 +int seq_open_restrict(struct file *file, const struct seq_operations *op)
119193 +{
119194 + if (gr_proc_is_restricted())
119195 + return -EACCES;
119196 +
119197 + return seq_open(file, op);
119198 +}
119199 +EXPORT_SYMBOL(seq_open_restrict);
119200 +
119201 static int traverse(struct seq_file *m, loff_t offset)
119202 {
119203 loff_t pos = 0, index;
119204 @@ -169,7 +185,7 @@ Eoverflow:
119205 ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos)
119206 {
119207 struct seq_file *m = file->private_data;
119208 - size_t copied = 0;
119209 + ssize_t copied = 0;
119210 loff_t pos;
119211 size_t n;
119212 void *p;
119213 @@ -566,7 +582,7 @@ static void single_stop(struct seq_file *p, void *v)
119214 int single_open(struct file *file, int (*show)(struct seq_file *, void *),
119215 void *data)
119216 {
119217 - struct seq_operations *op = kmalloc(sizeof(*op), GFP_KERNEL);
119218 + seq_operations_no_const *op = kzalloc(sizeof(*op), GFP_KERNEL);
119219 int res = -ENOMEM;
119220
119221 if (op) {
119222 @@ -602,6 +618,17 @@ int single_open_size(struct file *file, int (*show)(struct seq_file *, void *),
119223 }
119224 EXPORT_SYMBOL(single_open_size);
119225
119226 +int single_open_restrict(struct file *file, int (*show)(struct seq_file *, void *),
119227 + void *data)
119228 +{
119229 + if (gr_proc_is_restricted())
119230 + return -EACCES;
119231 +
119232 + return single_open(file, show, data);
119233 +}
119234 +EXPORT_SYMBOL(single_open_restrict);
119235 +
119236 +
119237 int single_release(struct inode *inode, struct file *file)
119238 {
119239 const struct seq_operations *op = ((struct seq_file *)file->private_data)->op;
119240 diff --git a/fs/splice.c b/fs/splice.c
119241 index dd9bf7e..3d55c3e 100644
119242 --- a/fs/splice.c
119243 +++ b/fs/splice.c
119244 @@ -195,7 +195,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
119245 pipe_lock(pipe);
119246
119247 for (;;) {
119248 - if (!pipe->readers) {
119249 + if (!atomic_read(&pipe->readers)) {
119250 send_sig(SIGPIPE, current, 0);
119251 if (!ret)
119252 ret = -EPIPE;
119253 @@ -218,7 +218,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
119254 page_nr++;
119255 ret += buf->len;
119256
119257 - if (pipe->files)
119258 + if (atomic_read(&pipe->files))
119259 do_wakeup = 1;
119260
119261 if (!--spd->nr_pages)
119262 @@ -249,9 +249,9 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
119263 do_wakeup = 0;
119264 }
119265
119266 - pipe->waiting_writers++;
119267 + atomic_inc(&pipe->waiting_writers);
119268 pipe_wait(pipe);
119269 - pipe->waiting_writers--;
119270 + atomic_dec(&pipe->waiting_writers);
119271 }
119272
119273 pipe_unlock(pipe);
119274 @@ -580,7 +580,7 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec,
119275 old_fs = get_fs();
119276 set_fs(get_ds());
119277 /* The cast to a user pointer is valid due to the set_fs() */
119278 - res = vfs_readv(file, (const struct iovec __user *)vec, vlen, &pos, 0);
119279 + res = vfs_readv(file, (const struct iovec __force_user *)vec, vlen, &pos, 0);
119280 set_fs(old_fs);
119281
119282 return res;
119283 @@ -595,7 +595,7 @@ ssize_t kernel_write(struct file *file, const char *buf, size_t count,
119284 old_fs = get_fs();
119285 set_fs(get_ds());
119286 /* The cast to a user pointer is valid due to the set_fs() */
119287 - res = vfs_write(file, (__force const char __user *)buf, count, &pos);
119288 + res = vfs_write(file, (const char __force_user *)buf, count, &pos);
119289 set_fs(old_fs);
119290
119291 return res;
119292 @@ -648,7 +648,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
119293 goto err;
119294
119295 this_len = min_t(size_t, len, PAGE_SIZE - offset);
119296 - vec[i].iov_base = (void __user *) page_address(page);
119297 + vec[i].iov_base = (void __force_user *) page_address(page);
119298 vec[i].iov_len = this_len;
119299 spd.pages[i] = page;
119300 spd.nr_pages++;
119301 @@ -787,7 +787,7 @@ static int splice_from_pipe_feed(struct pipe_inode_info *pipe, struct splice_des
119302 ops->release(pipe, buf);
119303 pipe->curbuf = (pipe->curbuf + 1) & (pipe->buffers - 1);
119304 pipe->nrbufs--;
119305 - if (pipe->files)
119306 + if (atomic_read(&pipe->files))
119307 sd->need_wakeup = true;
119308 }
119309
119310 @@ -818,10 +818,10 @@ static int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_des
119311 return -ERESTARTSYS;
119312
119313 while (!pipe->nrbufs) {
119314 - if (!pipe->writers)
119315 + if (!atomic_read(&pipe->writers))
119316 return 0;
119317
119318 - if (!pipe->waiting_writers && sd->num_spliced)
119319 + if (!atomic_read(&pipe->waiting_writers) && sd->num_spliced)
119320 return 0;
119321
119322 if (sd->flags & SPLICE_F_NONBLOCK)
119323 @@ -1037,7 +1037,7 @@ iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
119324 ops->release(pipe, buf);
119325 pipe->curbuf = (pipe->curbuf + 1) & (pipe->buffers - 1);
119326 pipe->nrbufs--;
119327 - if (pipe->files)
119328 + if (atomic_read(&pipe->files))
119329 sd.need_wakeup = true;
119330 } else {
119331 buf->offset += ret;
119332 @@ -1200,7 +1200,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
119333 * out of the pipe right after the splice_to_pipe(). So set
119334 * PIPE_READERS appropriately.
119335 */
119336 - pipe->readers = 1;
119337 + atomic_set(&pipe->readers, 1);
119338
119339 current->splice_pipe = pipe;
119340 }
119341 @@ -1507,6 +1507,7 @@ static int get_iovec_page_array(const struct iovec __user *iov,
119342
119343 partial[buffers].offset = off;
119344 partial[buffers].len = plen;
119345 + partial[buffers].private = 0;
119346
119347 off = 0;
119348 len -= plen;
119349 @@ -1738,9 +1739,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
119350 ret = -ERESTARTSYS;
119351 break;
119352 }
119353 - if (!pipe->writers)
119354 + if (!atomic_read(&pipe->writers))
119355 break;
119356 - if (!pipe->waiting_writers) {
119357 + if (!atomic_read(&pipe->waiting_writers)) {
119358 if (flags & SPLICE_F_NONBLOCK) {
119359 ret = -EAGAIN;
119360 break;
119361 @@ -1772,7 +1773,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
119362 pipe_lock(pipe);
119363
119364 while (pipe->nrbufs >= pipe->buffers) {
119365 - if (!pipe->readers) {
119366 + if (!atomic_read(&pipe->readers)) {
119367 send_sig(SIGPIPE, current, 0);
119368 ret = -EPIPE;
119369 break;
119370 @@ -1785,9 +1786,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
119371 ret = -ERESTARTSYS;
119372 break;
119373 }
119374 - pipe->waiting_writers++;
119375 + atomic_inc(&pipe->waiting_writers);
119376 pipe_wait(pipe);
119377 - pipe->waiting_writers--;
119378 + atomic_dec(&pipe->waiting_writers);
119379 }
119380
119381 pipe_unlock(pipe);
119382 @@ -1823,14 +1824,14 @@ retry:
119383 pipe_double_lock(ipipe, opipe);
119384
119385 do {
119386 - if (!opipe->readers) {
119387 + if (!atomic_read(&opipe->readers)) {
119388 send_sig(SIGPIPE, current, 0);
119389 if (!ret)
119390 ret = -EPIPE;
119391 break;
119392 }
119393
119394 - if (!ipipe->nrbufs && !ipipe->writers)
119395 + if (!ipipe->nrbufs && !atomic_read(&ipipe->writers))
119396 break;
119397
119398 /*
119399 @@ -1927,7 +1928,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
119400 pipe_double_lock(ipipe, opipe);
119401
119402 do {
119403 - if (!opipe->readers) {
119404 + if (!atomic_read(&opipe->readers)) {
119405 send_sig(SIGPIPE, current, 0);
119406 if (!ret)
119407 ret = -EPIPE;
119408 @@ -1972,7 +1973,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
119409 * return EAGAIN if we have the potential of some data in the
119410 * future, otherwise just return 0
119411 */
119412 - if (!ret && ipipe->waiting_writers && (flags & SPLICE_F_NONBLOCK))
119413 + if (!ret && atomic_read(&ipipe->waiting_writers) && (flags & SPLICE_F_NONBLOCK))
119414 ret = -EAGAIN;
119415
119416 pipe_unlock(ipipe);
119417 diff --git a/fs/squashfs/xattr.c b/fs/squashfs/xattr.c
119418 index 1548b37..0624869 100644
119419 --- a/fs/squashfs/xattr.c
119420 +++ b/fs/squashfs/xattr.c
119421 @@ -46,8 +46,8 @@ ssize_t squashfs_listxattr(struct dentry *d, char *buffer,
119422 + msblk->xattr_table;
119423 int offset = SQUASHFS_XATTR_OFFSET(squashfs_i(inode)->xattr);
119424 int count = squashfs_i(inode)->xattr_count;
119425 - size_t rest = buffer_size;
119426 - int err;
119427 + size_t used = 0;
119428 + ssize_t err;
119429
119430 /* check that the file system has xattrs */
119431 if (msblk->xattr_id_table == NULL)
119432 @@ -72,7 +72,7 @@ ssize_t squashfs_listxattr(struct dentry *d, char *buffer,
119433 size_t prefix_size = strlen(prefix);
119434
119435 if (buffer) {
119436 - if (prefix_size + name_size + 1 > rest) {
119437 + if (prefix_size + name_size + 1 > buffer_size - used) {
119438 err = -ERANGE;
119439 goto failed;
119440 }
119441 @@ -87,7 +87,7 @@ ssize_t squashfs_listxattr(struct dentry *d, char *buffer,
119442 buffer[name_size] = '\0';
119443 buffer += name_size + 1;
119444 }
119445 - rest -= prefix_size + name_size + 1;
119446 + used += prefix_size + name_size + 1;
119447 } else {
119448 /* no handler or insuffficient privileges, so skip */
119449 err = squashfs_read_metadata(sb, NULL, &start,
119450 @@ -108,7 +108,7 @@ ssize_t squashfs_listxattr(struct dentry *d, char *buffer,
119451 if (err < 0)
119452 goto failed;
119453 }
119454 - err = buffer_size - rest;
119455 + err = used;
119456
119457 failed:
119458 return err;
119459 diff --git a/fs/stat.c b/fs/stat.c
119460 index bc045c7..68725c1 100644
119461 --- a/fs/stat.c
119462 +++ b/fs/stat.c
119463 @@ -28,8 +28,13 @@ void generic_fillattr(struct inode *inode, struct kstat *stat)
119464 stat->gid = inode->i_gid;
119465 stat->rdev = inode->i_rdev;
119466 stat->size = i_size_read(inode);
119467 - stat->atime = inode->i_atime;
119468 - stat->mtime = inode->i_mtime;
119469 + if (is_sidechannel_device(inode) && !capable_nolog(CAP_MKNOD)) {
119470 + stat->atime = inode->i_ctime;
119471 + stat->mtime = inode->i_ctime;
119472 + } else {
119473 + stat->atime = inode->i_atime;
119474 + stat->mtime = inode->i_mtime;
119475 + }
119476 stat->ctime = inode->i_ctime;
119477 stat->blksize = (1 << inode->i_blkbits);
119478 stat->blocks = inode->i_blocks;
119479 @@ -52,9 +57,16 @@ EXPORT_SYMBOL(generic_fillattr);
119480 int vfs_getattr_nosec(struct path *path, struct kstat *stat)
119481 {
119482 struct inode *inode = d_backing_inode(path->dentry);
119483 + int retval;
119484
119485 - if (inode->i_op->getattr)
119486 - return inode->i_op->getattr(path->mnt, path->dentry, stat);
119487 + if (inode->i_op->getattr) {
119488 + retval = inode->i_op->getattr(path->mnt, path->dentry, stat);
119489 + if (!retval && is_sidechannel_device(inode) && !capable_nolog(CAP_MKNOD)) {
119490 + stat->atime = stat->ctime;
119491 + stat->mtime = stat->ctime;
119492 + }
119493 + return retval;
119494 + }
119495
119496 generic_fillattr(inode, stat);
119497 return 0;
119498 diff --git a/fs/super.c b/fs/super.c
119499 index 47d11e0..31ae978 100644
119500 --- a/fs/super.c
119501 +++ b/fs/super.c
119502 @@ -357,7 +357,8 @@ EXPORT_SYMBOL(deactivate_super);
119503 * called for superblocks not in rundown mode (== ones still on ->fs_supers
119504 * of their type), so increment of ->s_count is OK here.
119505 */
119506 -static int grab_super(struct super_block *s) __releases(sb_lock)
119507 +static int grab_super(struct super_block *s) __releases(&sb_lock);
119508 +static int grab_super(struct super_block *s)
119509 {
119510 s->s_count++;
119511 spin_unlock(&sb_lock);
119512 diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
119513 index 94374e4..b5da3a1 100644
119514 --- a/fs/sysfs/dir.c
119515 +++ b/fs/sysfs/dir.c
119516 @@ -33,6 +33,10 @@ void sysfs_warn_dup(struct kernfs_node *parent, const char *name)
119517 kfree(buf);
119518 }
119519
119520 +#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT
119521 +extern int grsec_enable_sysfs_restrict;
119522 +#endif
119523 +
119524 /**
119525 * sysfs_create_dir_ns - create a directory for an object with a namespace tag
119526 * @kobj: object we're creating directory for
119527 @@ -41,9 +45,16 @@ void sysfs_warn_dup(struct kernfs_node *parent, const char *name)
119528 int sysfs_create_dir_ns(struct kobject *kobj, const void *ns)
119529 {
119530 struct kernfs_node *parent, *kn;
119531 + const char *name;
119532 + umode_t mode = S_IRWXU | S_IRUGO | S_IXUGO;
119533 +#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT
119534 + const char *parent_name;
119535 +#endif
119536
119537 BUG_ON(!kobj);
119538
119539 + name = kobject_name(kobj);
119540 +
119541 if (kobj->parent)
119542 parent = kobj->parent->sd;
119543 else
119544 @@ -52,11 +63,24 @@ int sysfs_create_dir_ns(struct kobject *kobj, const void *ns)
119545 if (!parent)
119546 return -ENOENT;
119547
119548 - kn = kernfs_create_dir_ns(parent, kobject_name(kobj),
119549 - S_IRWXU | S_IRUGO | S_IXUGO, kobj, ns);
119550 +#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT
119551 + parent_name = parent->name;
119552 + mode = S_IRWXU;
119553 +
119554 + if ((!strcmp(parent_name, "") && (!strcmp(name, "devices") || !strcmp(name, "fs"))) ||
119555 + (!strcmp(parent_name, "devices") && !strcmp(name, "system")) ||
119556 + (!strcmp(parent_name, "fs") && (!strcmp(name, "selinux") || !strcmp(name, "fuse") || !strcmp(name, "ecryptfs"))) ||
119557 + (!strcmp(parent_name, "system") && !strcmp(name, "cpu")))
119558 + mode = S_IRWXU | S_IRUGO | S_IXUGO;
119559 + if (!grsec_enable_sysfs_restrict)
119560 + mode = S_IRWXU | S_IRUGO | S_IXUGO;
119561 +#endif
119562 +
119563 + kn = kernfs_create_dir_ns(parent, name,
119564 + mode, kobj, ns);
119565 if (IS_ERR(kn)) {
119566 if (PTR_ERR(kn) == -EEXIST)
119567 - sysfs_warn_dup(parent, kobject_name(kobj));
119568 + sysfs_warn_dup(parent, name);
119569 return PTR_ERR(kn);
119570 }
119571
119572 diff --git a/fs/sysv/sysv.h b/fs/sysv/sysv.h
119573 index 6c21228..9afd5fe 100644
119574 --- a/fs/sysv/sysv.h
119575 +++ b/fs/sysv/sysv.h
119576 @@ -187,7 +187,7 @@ static inline u32 PDP_swab(u32 x)
119577 #endif
119578 }
119579
119580 -static inline __u32 fs32_to_cpu(struct sysv_sb_info *sbi, __fs32 n)
119581 +static inline __u32 __intentional_overflow(-1) fs32_to_cpu(struct sysv_sb_info *sbi, __fs32 n)
119582 {
119583 if (sbi->s_bytesex == BYTESEX_PDP)
119584 return PDP_swab((__force __u32)n);
119585 diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c
119586 index ad40b64..9892e72 100644
119587 --- a/fs/tracefs/inode.c
119588 +++ b/fs/tracefs/inode.c
119589 @@ -53,7 +53,7 @@ static const struct file_operations tracefs_file_operations = {
119590 static struct tracefs_dir_ops {
119591 int (*mkdir)(const char *name);
119592 int (*rmdir)(const char *name);
119593 -} tracefs_ops;
119594 +} __no_const tracefs_ops __read_only;
119595
119596 static char *get_dname(struct dentry *dentry)
119597 {
119598 @@ -494,8 +494,10 @@ struct dentry *tracefs_create_instance_dir(const char *name, struct dentry *pare
119599 if (!dentry)
119600 return NULL;
119601
119602 - tracefs_ops.mkdir = mkdir;
119603 - tracefs_ops.rmdir = rmdir;
119604 + pax_open_kernel();
119605 + const_cast(tracefs_ops.mkdir) = mkdir;
119606 + const_cast(tracefs_ops.rmdir) = rmdir;
119607 + pax_close_kernel();
119608
119609 return dentry;
119610 }
119611 diff --git a/fs/ubifs/find.c b/fs/ubifs/find.c
119612 index 2dcf3d4..fa1e496 100644
119613 --- a/fs/ubifs/find.c
119614 +++ b/fs/ubifs/find.c
119615 @@ -94,8 +94,9 @@ static int valuable(struct ubifs_info *c, const struct ubifs_lprops *lprops)
119616 */
119617 static int scan_for_dirty_cb(struct ubifs_info *c,
119618 const struct ubifs_lprops *lprops, int in_tree,
119619 - struct scan_data *data)
119620 + void *_data)
119621 {
119622 + struct scan_data *data = _data;
119623 int ret = LPT_SCAN_CONTINUE;
119624
119625 /* Exclude LEBs that are currently in use */
119626 @@ -179,7 +180,7 @@ static const struct ubifs_lprops *scan_for_dirty(struct ubifs_info *c,
119627 data.lnum = -1;
119628 data.exclude_index = exclude_index;
119629 err = ubifs_lpt_scan_nolock(c, -1, c->lscan_lnum,
119630 - (ubifs_lpt_scan_callback)scan_for_dirty_cb,
119631 + scan_for_dirty_cb,
119632 &data);
119633 if (err)
119634 return ERR_PTR(err);
119635 @@ -361,8 +362,9 @@ out:
119636 */
119637 static int scan_for_free_cb(struct ubifs_info *c,
119638 const struct ubifs_lprops *lprops, int in_tree,
119639 - struct scan_data *data)
119640 + void *_data)
119641 {
119642 + struct scan_data *data = _data;
119643 int ret = LPT_SCAN_CONTINUE;
119644
119645 /* Exclude LEBs that are currently in use */
119646 @@ -458,7 +460,7 @@ const struct ubifs_lprops *do_find_free_space(struct ubifs_info *c,
119647 data.pick_free = pick_free;
119648 data.lnum = -1;
119649 err = ubifs_lpt_scan_nolock(c, -1, c->lscan_lnum,
119650 - (ubifs_lpt_scan_callback)scan_for_free_cb,
119651 + scan_for_free_cb,
119652 &data);
119653 if (err)
119654 return ERR_PTR(err);
119655 @@ -601,8 +603,9 @@ out:
119656 */
119657 static int scan_for_idx_cb(struct ubifs_info *c,
119658 const struct ubifs_lprops *lprops, int in_tree,
119659 - struct scan_data *data)
119660 + void *_data)
119661 {
119662 + struct scan_data *data = _data;
119663 int ret = LPT_SCAN_CONTINUE;
119664
119665 /* Exclude LEBs that are currently in use */
119666 @@ -638,7 +641,7 @@ static const struct ubifs_lprops *scan_for_leb_for_idx(struct ubifs_info *c)
119667
119668 data.lnum = -1;
119669 err = ubifs_lpt_scan_nolock(c, -1, c->lscan_lnum,
119670 - (ubifs_lpt_scan_callback)scan_for_idx_cb,
119671 + scan_for_idx_cb,
119672 &data);
119673 if (err)
119674 return ERR_PTR(err);
119675 @@ -738,18 +741,21 @@ out:
119676 return err;
119677 }
119678
119679 -static int cmp_dirty_idx(const struct ubifs_lprops **a,
119680 - const struct ubifs_lprops **b)
119681 +static int cmp_dirty_idx(const void *_a,
119682 + const void *_b)
119683 {
119684 + const struct ubifs_lprops **a = (const struct ubifs_lprops **)_a;
119685 + const struct ubifs_lprops **b = (const struct ubifs_lprops **)_b;
119686 const struct ubifs_lprops *lpa = *a;
119687 const struct ubifs_lprops *lpb = *b;
119688
119689 return lpa->dirty + lpa->free - lpb->dirty - lpb->free;
119690 }
119691
119692 -static void swap_dirty_idx(struct ubifs_lprops **a, struct ubifs_lprops **b,
119693 - int size)
119694 +static void swap_dirty_idx(void *_a, void *_b, int size)
119695 {
119696 + struct ubifs_lprops **a = (struct ubifs_lprops **)_a;
119697 + struct ubifs_lprops **b = (struct ubifs_lprops **)_b;
119698 struct ubifs_lprops *t = *a;
119699
119700 *a = *b;
119701 @@ -775,8 +781,7 @@ int ubifs_save_dirty_idx_lnums(struct ubifs_info *c)
119702 sizeof(void *) * c->dirty_idx.cnt);
119703 /* Sort it so that the dirtiest is now at the end */
119704 sort(c->dirty_idx.arr, c->dirty_idx.cnt, sizeof(void *),
119705 - (int (*)(const void *, const void *))cmp_dirty_idx,
119706 - (void (*)(void *, void *, int))swap_dirty_idx);
119707 + cmp_dirty_idx, swap_dirty_idx);
119708 dbg_find("found %d dirty index LEBs", c->dirty_idx.cnt);
119709 if (c->dirty_idx.cnt)
119710 dbg_find("dirtiest index LEB is %d with dirty %d and free %d",
119711 @@ -804,8 +809,9 @@ int ubifs_save_dirty_idx_lnums(struct ubifs_info *c)
119712 */
119713 static int scan_dirty_idx_cb(struct ubifs_info *c,
119714 const struct ubifs_lprops *lprops, int in_tree,
119715 - struct scan_data *data)
119716 + void *_data)
119717 {
119718 + struct scan_data *data = _data;
119719 int ret = LPT_SCAN_CONTINUE;
119720
119721 /* Exclude LEBs that are currently in use */
119722 @@ -865,7 +871,7 @@ static int find_dirty_idx_leb(struct ubifs_info *c)
119723 /* All pnodes are in memory, so skip scan */
119724 return -ENOSPC;
119725 err = ubifs_lpt_scan_nolock(c, -1, c->lscan_lnum,
119726 - (ubifs_lpt_scan_callback)scan_dirty_idx_cb,
119727 + scan_dirty_idx_cb,
119728 &data);
119729 if (err)
119730 return err;
119731 diff --git a/fs/ubifs/lprops.c b/fs/ubifs/lprops.c
119732 index a0011aa..c8cf709 100644
119733 --- a/fs/ubifs/lprops.c
119734 +++ b/fs/ubifs/lprops.c
119735 @@ -1028,8 +1028,9 @@ out:
119736 */
119737 static int scan_check_cb(struct ubifs_info *c,
119738 const struct ubifs_lprops *lp, int in_tree,
119739 - struct ubifs_lp_stats *lst)
119740 + void *_lst)
119741 {
119742 + struct ubifs_lp_stats *lst = _lst;
119743 struct ubifs_scan_leb *sleb;
119744 struct ubifs_scan_node *snod;
119745 int cat, lnum = lp->lnum, is_idx = 0, used = 0, free, dirty, ret;
119746 @@ -1283,7 +1284,7 @@ int dbg_check_lprops(struct ubifs_info *c)
119747
119748 memset(&lst, 0, sizeof(struct ubifs_lp_stats));
119749 err = ubifs_lpt_scan_nolock(c, c->main_first, c->leb_cnt - 1,
119750 - (ubifs_lpt_scan_callback)scan_check_cb,
119751 + scan_check_cb,
119752 &lst);
119753 if (err && err != -ENOSPC)
119754 goto out;
119755 diff --git a/fs/udf/misc.c b/fs/udf/misc.c
119756 index 71d1c25..084e2ad 100644
119757 --- a/fs/udf/misc.c
119758 +++ b/fs/udf/misc.c
119759 @@ -288,7 +288,7 @@ void udf_new_tag(char *data, uint16_t ident, uint16_t version, uint16_t snum,
119760
119761 u8 udf_tag_checksum(const struct tag *t)
119762 {
119763 - u8 *data = (u8 *)t;
119764 + const u8 *data = (const u8 *)t;
119765 u8 checksum = 0;
119766 int i;
119767 for (i = 0; i < sizeof(struct tag); ++i)
119768 diff --git a/fs/ufs/super.c b/fs/ufs/super.c
119769 index f04ab23..b26fff4 100644
119770 --- a/fs/ufs/super.c
119771 +++ b/fs/ufs/super.c
119772 @@ -1424,10 +1424,12 @@ static void init_once(void *foo)
119773
119774 static int __init init_inodecache(void)
119775 {
119776 - ufs_inode_cachep = kmem_cache_create("ufs_inode_cache",
119777 + ufs_inode_cachep = kmem_cache_create_usercopy("ufs_inode_cache",
119778 sizeof(struct ufs_inode_info),
119779 0, (SLAB_RECLAIM_ACCOUNT|
119780 SLAB_MEM_SPREAD|SLAB_ACCOUNT),
119781 + offsetof(struct ufs_inode_info, i_u1.i_symlink),
119782 + sizeof(((struct ufs_inode_info *)0)->i_u1.i_symlink),
119783 init_once);
119784 if (ufs_inode_cachep == NULL)
119785 return -ENOMEM;
119786 diff --git a/fs/ufs/swab.h b/fs/ufs/swab.h
119787 index 8d974c4..b82f6ec 100644
119788 --- a/fs/ufs/swab.h
119789 +++ b/fs/ufs/swab.h
119790 @@ -22,7 +22,7 @@ enum {
119791 BYTESEX_BE
119792 };
119793
119794 -static inline u64
119795 +static inline u64 __intentional_overflow(-1)
119796 fs64_to_cpu(struct super_block *sbp, __fs64 n)
119797 {
119798 if (UFS_SB(sbp)->s_bytesex == BYTESEX_LE)
119799 @@ -40,7 +40,7 @@ cpu_to_fs64(struct super_block *sbp, u64 n)
119800 return (__force __fs64)cpu_to_be64(n);
119801 }
119802
119803 -static inline u32
119804 +static inline u32 __intentional_overflow(-1)
119805 fs32_to_cpu(struct super_block *sbp, __fs32 n)
119806 {
119807 if (UFS_SB(sbp)->s_bytesex == BYTESEX_LE)
119808 diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
119809 index 85959d8..6e511a7 100644
119810 --- a/fs/userfaultfd.c
119811 +++ b/fs/userfaultfd.c
119812 @@ -432,7 +432,7 @@ static int userfaultfd_release(struct inode *inode, struct file *file)
119813 struct userfaultfd_wake_range range = { .len = 0, };
119814 unsigned long new_flags;
119815
119816 - ACCESS_ONCE(ctx->released) = true;
119817 + ACCESS_ONCE_RW(ctx->released) = true;
119818
119819 if (!mmget_not_zero(mm))
119820 goto wakeup;
119821 diff --git a/fs/utimes.c b/fs/utimes.c
119822 index ba54b9e..49fc4d8 100644
119823 --- a/fs/utimes.c
119824 +++ b/fs/utimes.c
119825 @@ -1,6 +1,7 @@
119826 #include <linux/compiler.h>
119827 #include <linux/file.h>
119828 #include <linux/fs.h>
119829 +#include <linux/security.h>
119830 #include <linux/linkage.h>
119831 #include <linux/mount.h>
119832 #include <linux/namei.h>
119833 @@ -90,6 +91,12 @@ static int utimes_common(struct path *path, struct timespec *times)
119834 newattrs.ia_valid |= ATTR_TOUCH;
119835 }
119836 retry_deleg:
119837 +
119838 + if (!gr_acl_handle_utime(path->dentry, path->mnt)) {
119839 + error = -EACCES;
119840 + goto mnt_drop_write_and_out;
119841 + }
119842 +
119843 inode_lock(inode);
119844 error = notify_change(path->dentry, &newattrs, &delegated_inode);
119845 inode_unlock(inode);
119846 @@ -99,6 +106,7 @@ retry_deleg:
119847 goto retry_deleg;
119848 }
119849
119850 +mnt_drop_write_and_out:
119851 mnt_drop_write(path->mnt);
119852 out:
119853 return error;
119854 diff --git a/fs/xattr.c b/fs/xattr.c
119855 index c243905..6f99cc7 100644
119856 --- a/fs/xattr.c
119857 +++ b/fs/xattr.c
119858 @@ -215,6 +215,27 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
119859 return error;
119860 }
119861
119862 +#ifdef CONFIG_PAX_XATTR_PAX_FLAGS
119863 +ssize_t
119864 +pax_getxattr(struct dentry *dentry, void *value, size_t size)
119865 +{
119866 + struct inode *inode = dentry->d_inode;
119867 + ssize_t error;
119868 +
119869 + error = inode_permission(inode, MAY_EXEC);
119870 + if (error)
119871 + return error;
119872 +
119873 + if (inode->i_op->getxattr)
119874 + error = inode->i_op->getxattr(dentry, inode, XATTR_NAME_USER_PAX_FLAGS, value, size);
119875 + else
119876 + error = -EOPNOTSUPP;
119877 +
119878 + return error;
119879 +}
119880 +EXPORT_SYMBOL(pax_getxattr);
119881 +#endif
119882 +
119883 ssize_t
119884 vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
119885 {
119886 @@ -307,7 +328,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr);
119887 * Extended attribute SET operations
119888 */
119889 static long
119890 -setxattr(struct dentry *d, const char __user *name, const void __user *value,
119891 +setxattr(struct path *path, const char __user *name, const void __user *value,
119892 size_t size, int flags)
119893 {
119894 int error;
119895 @@ -341,7 +362,12 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value,
119896 posix_acl_fix_xattr_from_user(kvalue, size);
119897 }
119898
119899 - error = vfs_setxattr(d, kname, kvalue, size, flags);
119900 + if (!gr_acl_handle_setxattr(path->dentry, path->mnt)) {
119901 + error = -EACCES;
119902 + goto out;
119903 + }
119904 +
119905 + error = vfs_setxattr(path->dentry, kname, kvalue, size, flags);
119906 out:
119907 kvfree(kvalue);
119908
119909 @@ -360,7 +386,7 @@ retry:
119910 return error;
119911 error = mnt_want_write(path.mnt);
119912 if (!error) {
119913 - error = setxattr(path.dentry, name, value, size, flags);
119914 + error = setxattr(&path, name, value, size, flags);
119915 mnt_drop_write(path.mnt);
119916 }
119917 path_put(&path);
119918 @@ -396,7 +422,7 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
119919 audit_file(f.file);
119920 error = mnt_want_write_file(f.file);
119921 if (!error) {
119922 - error = setxattr(f.file->f_path.dentry, name, value, size, flags);
119923 + error = setxattr(&f.file->f_path, name, value, size, flags);
119924 mnt_drop_write_file(f.file);
119925 }
119926 fdput(f);
119927 @@ -576,7 +602,7 @@ SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
119928 * Extended attribute REMOVE operations
119929 */
119930 static long
119931 -removexattr(struct dentry *d, const char __user *name)
119932 +removexattr(struct path *path, const char __user *name)
119933 {
119934 int error;
119935 char kname[XATTR_NAME_MAX + 1];
119936 @@ -587,7 +613,10 @@ removexattr(struct dentry *d, const char __user *name)
119937 if (error < 0)
119938 return error;
119939
119940 - return vfs_removexattr(d, kname);
119941 + if (!gr_acl_handle_removexattr(path->dentry, path->mnt))
119942 + return -EACCES;
119943 +
119944 + return vfs_removexattr(path->dentry, kname);
119945 }
119946
119947 static int path_removexattr(const char __user *pathname,
119948 @@ -601,7 +630,7 @@ retry:
119949 return error;
119950 error = mnt_want_write(path.mnt);
119951 if (!error) {
119952 - error = removexattr(path.dentry, name);
119953 + error = removexattr(&path, name);
119954 mnt_drop_write(path.mnt);
119955 }
119956 path_put(&path);
119957 @@ -627,14 +656,16 @@ SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
119958 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
119959 {
119960 struct fd f = fdget(fd);
119961 + struct path *path;
119962 int error = -EBADF;
119963
119964 if (!f.file)
119965 return error;
119966 + path = &f.file->f_path;
119967 audit_file(f.file);
119968 error = mnt_want_write_file(f.file);
119969 if (!error) {
119970 - error = removexattr(f.file->f_path.dentry, name);
119971 + error = removexattr(path, name);
119972 mnt_drop_write_file(f.file);
119973 }
119974 fdput(f);
119975 diff --git a/fs/xfs/kmem.h b/fs/xfs/kmem.h
119976 index 689f746..3e200fc 100644
119977 --- a/fs/xfs/kmem.h
119978 +++ b/fs/xfs/kmem.h
119979 @@ -102,6 +102,14 @@ kmem_zone_init_flags(int size, char *zone_name, unsigned long flags,
119980 return kmem_cache_create(zone_name, size, 0, flags, construct);
119981 }
119982
119983 +static inline kmem_zone_t *
119984 +kmem_zone_init_flags_usercopy(int size, char *zone_name, unsigned long flags,
119985 + size_t useroffset, size_t usersize,
119986 + void (*construct)(void *))
119987 +{
119988 + return kmem_cache_create_usercopy(zone_name, size, 0, flags, useroffset, usersize, construct);
119989 +}
119990 +
119991 static inline void
119992 kmem_zone_free(kmem_zone_t *zone, void *ptr)
119993 {
119994 diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c
119995 index b060bca..bfd7974 100644
119996 --- a/fs/xfs/libxfs/xfs_bmap.c
119997 +++ b/fs/xfs/libxfs/xfs_bmap.c
119998 @@ -559,7 +559,7 @@ xfs_bmap_validate_ret(
119999
120000 #else
120001 #define xfs_bmap_check_leaf_extents(cur, ip, whichfork) do { } while (0)
120002 -#define xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap)
120003 +#define xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap) do { } while (0)
120004 #endif /* DEBUG */
120005
120006 /*
120007 diff --git a/fs/xfs/libxfs/xfs_da_btree.c b/fs/xfs/libxfs/xfs_da_btree.c
120008 index f2dc1a9..5677aa5 100644
120009 --- a/fs/xfs/libxfs/xfs_da_btree.c
120010 +++ b/fs/xfs/libxfs/xfs_da_btree.c
120011 @@ -2011,6 +2011,7 @@ xfs_da_grow_inode_int(
120012 struct xfs_inode *dp = args->dp;
120013 int w = args->whichfork;
120014 xfs_rfsblock_t nblks = dp->i_d.di_nblocks;
120015 + xfs_rfsblock_t nblocks;
120016 struct xfs_bmbt_irec map, *mapp;
120017 int nmap, error, got, i, mapi;
120018
120019 @@ -2079,7 +2080,8 @@ xfs_da_grow_inode_int(
120020 }
120021
120022 /* account for newly allocated blocks in reserved blocks total */
120023 - args->total -= dp->i_d.di_nblocks - nblks;
120024 + nblocks = dp->i_d.di_nblocks - nblks;
120025 + args->total -= nblocks;
120026
120027 out_free_map:
120028 if (mapp != &map)
120029 diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
120030 index 96a70fd..de3d84c 100644
120031 --- a/fs/xfs/xfs_ioctl.c
120032 +++ b/fs/xfs/xfs_ioctl.c
120033 @@ -121,7 +121,7 @@ xfs_find_handle(
120034 }
120035
120036 error = -EFAULT;
120037 - if (copy_to_user(hreq->ohandle, &handle, hsize) ||
120038 + if (hsize > sizeof handle || copy_to_user(hreq->ohandle, &handle, hsize) ||
120039 copy_to_user(hreq->ohandlen, &hsize, sizeof(__s32)))
120040 goto out_put;
120041
120042 @@ -1590,6 +1590,12 @@ xfs_ioc_swapext(
120043 goto out_put_tmp_file;
120044 }
120045
120046 + if (f.file->f_op != &xfs_file_operations ||
120047 + tmp.file->f_op != &xfs_file_operations) {
120048 + error = -EINVAL;
120049 + goto out_put_tmp_file;
120050 + }
120051 +
120052 ip = XFS_I(file_inode(f.file));
120053 tip = XFS_I(file_inode(tmp.file));
120054
120055 diff --git a/fs/xfs/xfs_linux.h b/fs/xfs/xfs_linux.h
120056 index b8d64d5..3e87626 100644
120057 --- a/fs/xfs/xfs_linux.h
120058 +++ b/fs/xfs/xfs_linux.h
120059 @@ -218,7 +218,7 @@ static inline kgid_t xfs_gid_to_kgid(__uint32_t gid)
120060 * of the compiler which do not like us using do_div in the middle
120061 * of large functions.
120062 */
120063 -static inline __u32 xfs_do_div(void *a, __u32 b, int n)
120064 +static inline __u32 __intentional_overflow(-1) xfs_do_div(void *a, __u32 b, int n)
120065 {
120066 __u32 mod;
120067
120068 @@ -274,7 +274,7 @@ static inline __u32 xfs_do_mod(void *a, __u32 b, int n)
120069 return 0;
120070 }
120071 #else
120072 -static inline __u32 xfs_do_div(void *a, __u32 b, int n)
120073 +static inline __u32 __intentional_overflow(-1) xfs_do_div(void *a, __u32 b, int n)
120074 {
120075 __u32 mod;
120076
120077 diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c
120078 index fd6be45..6be6542 100644
120079 --- a/fs/xfs/xfs_super.c
120080 +++ b/fs/xfs/xfs_super.c
120081 @@ -1761,9 +1761,11 @@ xfs_init_zones(void)
120082 goto out_destroy_efd_zone;
120083
120084 xfs_inode_zone =
120085 - kmem_zone_init_flags(sizeof(xfs_inode_t), "xfs_inode",
120086 - KM_ZONE_HWALIGN | KM_ZONE_RECLAIM | KM_ZONE_SPREAD |
120087 - KM_ZONE_ACCOUNT, xfs_fs_inode_init_once);
120088 + kmem_zone_init_flags_usercopy(sizeof(xfs_inode_t), "xfs_inode",
120089 + KM_ZONE_HWALIGN | KM_ZONE_RECLAIM | KM_ZONE_SPREAD | KM_ZONE_ACCOUNT,
120090 + offsetof(xfs_inode_t, i_df.if_u2.if_inline_data),
120091 + sizeof(((xfs_inode_t *)0)->i_df.if_u2.if_inline_data),
120092 + xfs_fs_inode_init_once);
120093 if (!xfs_inode_zone)
120094 goto out_destroy_efi_zone;
120095
120096 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
120097 new file mode 100644
120098 index 0000000..821601d
120099 --- /dev/null
120100 +++ b/grsecurity/Kconfig
120101 @@ -0,0 +1,1205 @@
120102 +#
120103 +# grecurity configuration
120104 +#
120105 +menu "Memory Protections"
120106 +depends on GRKERNSEC
120107 +
120108 +config GRKERNSEC_KMEM
120109 + bool "Deny reading/writing to /dev/kmem, /dev/mem, and /dev/port"
120110 + default y if GRKERNSEC_CONFIG_AUTO
120111 + select STRICT_DEVMEM if (X86 || ARM || TILE || S390)
120112 + help
120113 + If you say Y here, /dev/kmem and /dev/mem won't be allowed to
120114 + be written to or read from to modify or leak the contents of the running
120115 + kernel. /dev/port will also not be allowed to be opened, writing to
120116 + /dev/cpu/*/msr will be prevented, and support for kexec will be removed.
120117 + If you have module support disabled, enabling this will close up several
120118 + ways that are currently used to insert malicious code into the running
120119 + kernel.
120120 +
120121 + Even with this feature enabled, we still highly recommend that
120122 + you use the RBAC system, as it is still possible for an attacker to
120123 + modify the running kernel through other more obscure methods.
120124 +
120125 + Enabling this feature will prevent the "cpupower" and "powertop" tools
120126 + from working and excludes debugfs from being compiled into the kernel.
120127 +
120128 + It is highly recommended that you say Y here if you meet all the
120129 + conditions above.
120130 +
120131 +config GRKERNSEC_VM86
120132 + bool "Restrict VM86 mode"
120133 + default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER)
120134 + depends on X86_32
120135 +
120136 + help
120137 + If you say Y here, only processes with CAP_SYS_RAWIO will be able to
120138 + make use of a special execution mode on 32bit x86 processors called
120139 + Virtual 8086 (VM86) mode. XFree86 may need vm86 mode for certain
120140 + video cards and will still work with this option enabled. The purpose
120141 + of the option is to prevent exploitation of emulation errors in
120142 + virtualization of vm86 mode like the one discovered in VMWare in 2009.
120143 + Nearly all users should be able to enable this option.
120144 +
120145 +config GRKERNSEC_IO
120146 + bool "Disable privileged I/O"
120147 + default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER)
120148 + depends on X86
120149 + select RTC_CLASS
120150 + select RTC_INTF_DEV
120151 + select RTC_DRV_CMOS
120152 +
120153 + help
120154 + If you say Y here, all ioperm and iopl calls will return an error.
120155 + Ioperm and iopl can be used to modify the running kernel.
120156 + Unfortunately, some programs need this access to operate properly,
120157 + the most notable of which are XFree86 and hwclock. hwclock can be
120158 + remedied by having RTC support in the kernel, so real-time
120159 + clock support is enabled if this option is enabled, to ensure
120160 + that hwclock operates correctly. If hwclock still does not work,
120161 + either update udev or symlink /dev/rtc to /dev/rtc0.
120162 +
120163 + If you're using XFree86 or a version of Xorg from 2012 or earlier,
120164 + you may not be able to boot into a graphical environment with this
120165 + option enabled. In this case, you should use the RBAC system instead.
120166 +
120167 +config GRKERNSEC_BPF_HARDEN
120168 + bool "Harden BPF interpreter"
120169 + default y if GRKERNSEC_CONFIG_AUTO
120170 + help
120171 + Unlike previous versions of grsecurity that hardened both the BPF
120172 + interpreted code against corruption at rest as well as the JIT code
120173 + against JIT-spray attacks and attacker-controlled immediate values
120174 + for ROP, this feature will enforce disabling of the new eBPF JIT engine
120175 + and will ensure the interpreted code is read-only at rest. This feature
120176 + may be removed at a later time when eBPF stabilizes to entirely revert
120177 + back to the more secure pre-3.16 BPF interpreter/JIT.
120178 +
120179 + If you're using KERNEXEC, it's recommended that you enable this option
120180 + to supplement the hardening of the kernel.
120181 +
120182 +config GRKERNSEC_PERF_HARDEN
120183 + bool "Disable unprivileged PERF_EVENTS usage by default"
120184 + default y if GRKERNSEC_CONFIG_AUTO
120185 + depends on PERF_EVENTS
120186 + help
120187 + If you say Y here, the range of acceptable values for the
120188 + /proc/sys/kernel/perf_event_paranoid sysctl will be expanded to allow and
120189 + default to a new value: 3. When the sysctl is set to this value, no
120190 + unprivileged use of the PERF_EVENTS syscall interface will be permitted.
120191 +
120192 + Though PERF_EVENTS can be used legitimately for performance monitoring
120193 + and low-level application profiling, it is forced on regardless of
120194 + configuration, has been at fault for several vulnerabilities, and
120195 + creates new opportunities for side channels and other information leaks.
120196 +
120197 + This feature puts PERF_EVENTS into a secure default state and permits
120198 + the administrator to change out of it temporarily if unprivileged
120199 + application profiling is needed.
120200 +
120201 +config GRKERNSEC_RAND_THREADSTACK
120202 + bool "Insert random gaps between thread stacks"
120203 + default y if GRKERNSEC_CONFIG_AUTO
120204 + depends on PAX_RANDMMAP && !PPC
120205 + help
120206 + If you say Y here, a random-sized gap will be enforced between allocated
120207 + thread stacks. Glibc's NPTL and other threading libraries that
120208 + pass MAP_STACK to the kernel for thread stack allocation are supported.
120209 + The implementation currently provides 8 bits of entropy for the gap.
120210 +
120211 + Many distributions do not compile threaded remote services with the
120212 + -fstack-check argument to GCC, causing the variable-sized stack-based
120213 + allocator, alloca(), to not probe the stack on allocation. This
120214 + permits an unbounded alloca() to skip over any guard page and potentially
120215 + modify another thread's stack reliably. An enforced random gap
120216 + reduces the reliability of such an attack and increases the chance
120217 + that such a read/write to another thread's stack instead lands in
120218 + an unmapped area, causing a crash and triggering grsecurity's
120219 + anti-bruteforcing logic.
120220 +
120221 +config GRKERNSEC_PROC_MEMMAP
120222 + bool "Harden ASLR against information leaks and entropy reduction"
120223 + default y if (GRKERNSEC_CONFIG_AUTO || PAX_NOEXEC || PAX_ASLR)
120224 + depends on PAX_NOEXEC || PAX_ASLR
120225 + help
120226 + If you say Y here, the /proc/<pid>/maps and /proc/<pid>/stat files will
120227 + give no information about the addresses of its mappings if
120228 + PaX features that rely on random addresses are enabled on the task.
120229 + In addition to sanitizing this information and disabling other
120230 + dangerous sources of information, this option causes reads of sensitive
120231 + /proc/<pid> entries where the file descriptor was opened in a different
120232 + task than the one performing the read. Such attempts are logged.
120233 + This option also limits argv/env strings for suid/sgid binaries
120234 + to 512KB to prevent a complete exhaustion of the stack entropy provided
120235 + by ASLR. Finally, it places an 8MB stack resource limit on suid/sgid
120236 + binaries to prevent alternative mmap layouts from being abused.
120237 +
120238 + If you use PaX it is essential that you say Y here as it closes up
120239 + several holes that make full ASLR useless locally.
120240 +
120241 +
120242 +config GRKERNSEC_KSTACKOVERFLOW
120243 + bool "Prevent kernel stack overflows"
120244 + default y if GRKERNSEC_CONFIG_AUTO
120245 + depends on X86_64
120246 + help
120247 + If you say Y here, the kernel's process stacks will be allocated
120248 + with vmalloc instead of the kernel's default allocator. This
120249 + introduces guard pages that in combination with the alloca checking
120250 + of the STACKLEAK feature and removal of thread_info from the kernel
120251 + stack prevents all forms of kernel process stack overflow abuse.
120252 + Note that this is different from kernel stack buffer overflows.
120253 +
120254 +config GRKERNSEC_BRUTE
120255 + bool "Deter exploit bruteforcing"
120256 + default y if GRKERNSEC_CONFIG_AUTO
120257 + help
120258 + If you say Y here, attempts to bruteforce exploits against forking
120259 + daemons such as apache or sshd, as well as against suid/sgid binaries
120260 + will be deterred. When a child of a forking daemon is killed by PaX
120261 + or crashes due to an illegal instruction or other suspicious signal,
120262 + the parent process will be delayed 30 seconds upon every subsequent
120263 + fork until the administrator is able to assess the situation and
120264 + restart the daemon.
120265 + In the suid/sgid case, the attempt is logged, the user has all their
120266 + existing instances of the suid/sgid binary terminated and will
120267 + be unable to execute any suid/sgid binaries for 15 minutes.
120268 +
120269 + It is recommended that you also enable signal logging in the auditing
120270 + section so that logs are generated when a process triggers a suspicious
120271 + signal.
120272 + If the sysctl option is enabled, a sysctl option with name
120273 + "deter_bruteforce" is created.
120274 +
120275 +config GRKERNSEC_MODHARDEN
120276 + bool "Harden module auto-loading"
120277 + default y if GRKERNSEC_CONFIG_AUTO
120278 + depends on MODULES
120279 + help
120280 + If you say Y here, module auto-loading in response to use of some
120281 + feature implemented by an unloaded module will be restricted to
120282 + root users. Enabling this option helps defend against attacks
120283 + by unprivileged users who abuse the auto-loading behavior to
120284 + cause a vulnerable module to load that is then exploited.
120285 +
120286 + If this option prevents a legitimate use of auto-loading for a
120287 + non-root user, the administrator can execute modprobe manually
120288 + with the exact name of the module mentioned in the alert log.
120289 + Alternatively, the administrator can add the module to the list
120290 + of modules loaded at boot by modifying init scripts.
120291 +
120292 + Modification of init scripts will most likely be needed on
120293 + Ubuntu servers with encrypted home directory support enabled,
120294 + as the first non-root user logging in will cause the ecb(aes),
120295 + ecb(aes)-all, cbc(aes), and cbc(aes)-all modules to be loaded.
120296 +
120297 +config GRKERNSEC_HIDESYM
120298 + bool "Hide kernel symbols"
120299 + default y if GRKERNSEC_CONFIG_AUTO
120300 + select PAX_USERCOPY_SLABS
120301 + help
120302 + If you say Y here, getting information on loaded modules, and
120303 + displaying all kernel symbols through a syscall will be restricted
120304 + to users with CAP_SYS_MODULE. For software compatibility reasons,
120305 + /proc/kallsyms will be restricted to the root user. The RBAC
120306 + system can hide that entry even from root.
120307 +
120308 + This option also prevents leaking of kernel addresses through
120309 + several /proc entries.
120310 +
120311 + Note that this option is only effective provided the following
120312 + conditions are met:
120313 + 1) The kernel using grsecurity is not precompiled by some distribution
120314 + 2) You have also enabled GRKERNSEC_DMESG
120315 + 3) You are using the RBAC system and hiding other files such as your
120316 + kernel image and System.map. Alternatively, enabling this option
120317 + causes the permissions on /boot, /lib/modules, and the kernel
120318 + source directory to change at compile time to prevent
120319 + reading by non-root users.
120320 + If the above conditions are met, this option will aid in providing a
120321 + useful protection against local kernel exploitation of overflows
120322 + and arbitrary read/write vulnerabilities.
120323 +
120324 + It is highly recommended that you enable GRKERNSEC_PERF_HARDEN
120325 + in addition to this feature.
120326 +
120327 +config GRKERNSEC_RANDSTRUCT
120328 + bool "Randomize layout of sensitive kernel structures"
120329 + default y if GRKERNSEC_CONFIG_AUTO
120330 + select GRKERNSEC_HIDESYM
120331 + select MODVERSIONS if MODULES
120332 + help
120333 + If you say Y here, the layouts of a number of sensitive kernel
120334 + structures (task, fs, cred, etc) and all structures composed entirely
120335 + of function pointers (aka "ops" structs) will be randomized at compile-time.
120336 + This can introduce the requirement of an additional infoleak
120337 + vulnerability for exploits targeting these structure types.
120338 +
120339 + Enabling this feature will introduce some performance impact, slightly
120340 + increase memory usage, and prevent the use of forensic tools like
120341 + Volatility against the system (unless the kernel source tree isn't
120342 + cleaned after kernel installation).
120343 +
120344 + The seed used for compilation is located at tools/gcc/randomize_layout_seed.h.
120345 + It remains after a make clean to allow for external modules to be compiled
120346 + with the existing seed and will be removed by a make mrproper or
120347 + make distclean.
120348 +
120349 + Note that the implementation requires gcc 4.6.4. or newer. You may need
120350 + to install the supporting headers explicitly in addition to the normal
120351 + gcc package.
120352 +
120353 +config GRKERNSEC_RANDSTRUCT_PERFORMANCE
120354 + bool "Use cacheline-aware structure randomization"
120355 + depends on GRKERNSEC_RANDSTRUCT
120356 + default y if GRKERNSEC_CONFIG_PRIORITY_PERF
120357 + help
120358 + If you say Y here, the RANDSTRUCT randomization will make a best effort
120359 + at restricting randomization to cacheline-sized groups of elements. It
120360 + will further not randomize bitfields in structures. This reduces the
120361 + performance hit of RANDSTRUCT at the cost of weakened randomization.
120362 +
120363 +config GRKERNSEC_KERN_LOCKOUT
120364 + bool "Active kernel exploit response"
120365 + default y if GRKERNSEC_CONFIG_AUTO
120366 + depends on X86 || ARM || PPC || SPARC
120367 + help
120368 + If you say Y here, when a PaX alert is triggered due to suspicious
120369 + activity in the kernel (from KERNEXEC/UDEREF/USERCOPY)
120370 + or an OOPS occurs due to bad memory accesses, instead of just
120371 + terminating the offending process (and potentially allowing
120372 + a subsequent exploit from the same user), we will take one of two
120373 + actions:
120374 + If the user was root, we will panic the system
120375 + If the user was non-root, we will log the attempt, terminate
120376 + all processes owned by the user, then prevent them from creating
120377 + any new processes until the system is restarted
120378 + This deters repeated kernel exploitation/bruteforcing attempts
120379 + and is useful for later forensics.
120380 +
120381 +config GRKERNSEC_OLD_ARM_USERLAND
120382 + bool "Old ARM userland compatibility"
120383 + depends on ARM && (CPU_V6 || CPU_V6K || CPU_V7)
120384 + help
120385 + If you say Y here, stubs of executable code to perform such operations
120386 + as "compare-exchange" will be placed at fixed locations in the ARM vector
120387 + table. This is unfortunately needed for old ARM userland meant to run
120388 + across a wide range of processors. Without this option enabled,
120389 + the get_tls and data memory barrier stubs will be emulated by the kernel,
120390 + which is enough for Linaro userlands or other userlands designed for v6
120391 + and newer ARM CPUs. It's recommended that you try without this option enabled
120392 + first, and only enable it if your userland does not boot (it will likely fail
120393 + at init time).
120394 +
120395 +endmenu
120396 +menu "Role Based Access Control Options"
120397 +depends on GRKERNSEC
120398 +
120399 +config GRKERNSEC_RBAC_DEBUG
120400 + bool
120401 +
120402 +config GRKERNSEC_NO_RBAC
120403 + bool "Disable RBAC system"
120404 + help
120405 + If you say Y here, the /dev/grsec device will be removed from the kernel,
120406 + preventing the RBAC system from being enabled. You should only say Y
120407 + here if you have no intention of using the RBAC system, so as to prevent
120408 + an attacker with root access from misusing the RBAC system to hide files
120409 + and processes when loadable module support and /dev/[k]mem have been
120410 + locked down.
120411 +
120412 +config GRKERNSEC_ACL_HIDEKERN
120413 + bool "Hide kernel processes"
120414 + help
120415 + If you say Y here, all kernel threads will be hidden to all
120416 + processes but those whose subject has the "view hidden processes"
120417 + flag.
120418 +
120419 +config GRKERNSEC_ACL_MAXTRIES
120420 + int "Maximum tries before password lockout"
120421 + default 3
120422 + help
120423 + This option enforces the maximum number of times a user can attempt
120424 + to authorize themselves with the grsecurity RBAC system before being
120425 + denied the ability to attempt authorization again for a specified time.
120426 + The lower the number, the harder it will be to brute-force a password.
120427 +
120428 +config GRKERNSEC_ACL_TIMEOUT
120429 + int "Time to wait after max password tries, in seconds"
120430 + default 30
120431 + help
120432 + This option specifies the time the user must wait after attempting to
120433 + authorize to the RBAC system with the maximum number of invalid
120434 + passwords. The higher the number, the harder it will be to brute-force
120435 + a password.
120436 +
120437 +endmenu
120438 +menu "Filesystem Protections"
120439 +depends on GRKERNSEC
120440 +
120441 +config GRKERNSEC_PROC
120442 + bool "Proc restrictions"
120443 + default y if GRKERNSEC_CONFIG_AUTO
120444 + help
120445 + If you say Y here, the permissions of the /proc filesystem
120446 + will be altered to enhance system security and privacy. You MUST
120447 + choose either a user only restriction or a user and group restriction.
120448 + Depending upon the option you choose, you can either restrict users to
120449 + see only the processes they themselves run, or choose a group that can
120450 + view all processes and files normally restricted to root if you choose
120451 + the "restrict to user only" option. NOTE: If you're running identd or
120452 + ntpd as a non-root user, you will have to run it as the group you
120453 + specify here.
120454 +
120455 +config GRKERNSEC_PROC_USER
120456 + bool "Restrict /proc to user only"
120457 + depends on GRKERNSEC_PROC
120458 + help
120459 + If you say Y here, non-root users will only be able to view their own
120460 + processes, and restricts them from viewing network-related information,
120461 + and viewing kernel symbol and module information.
120462 +
120463 +config GRKERNSEC_PROC_USERGROUP
120464 + bool "Allow special group"
120465 + default y if GRKERNSEC_CONFIG_AUTO
120466 + depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER
120467 + help
120468 + If you say Y here, you will be able to select a group that will be
120469 + able to view all processes and network-related information. If you've
120470 + enabled GRKERNSEC_HIDESYM, kernel and symbol information may still
120471 + remain hidden. This option is useful if you want to run identd as
120472 + a non-root user. The group you select may also be chosen at boot time
120473 + via "grsec_proc_gid=" on the kernel commandline.
120474 +
120475 +config GRKERNSEC_PROC_GID
120476 + int "GID for special group"
120477 + depends on GRKERNSEC_PROC_USERGROUP
120478 + default 1001
120479 +
120480 +config GRKERNSEC_PROC_ADD
120481 + bool "Additional restrictions"
120482 + default y if GRKERNSEC_CONFIG_AUTO
120483 + depends on GRKERNSEC_PROC_USER || GRKERNSEC_PROC_USERGROUP
120484 + help
120485 + If you say Y here, additional restrictions will be placed on
120486 + /proc that keep normal users from viewing device information and
120487 + slabinfo information that could be useful for exploits.
120488 +
120489 +config GRKERNSEC_LINK
120490 + bool "Linking restrictions"
120491 + default y if GRKERNSEC_CONFIG_AUTO
120492 + help
120493 + If you say Y here, /tmp race exploits will be prevented, since users
120494 + will no longer be able to follow symlinks owned by other users in
120495 + world-writable +t directories (e.g. /tmp), unless the owner of the
120496 + symlink is the owner of the directory. users will also not be
120497 + able to hardlink to files they do not own. If the sysctl option is
120498 + enabled, a sysctl option with name "linking_restrictions" is created.
120499 +
120500 +config GRKERNSEC_SYMLINKOWN
120501 + bool "Kernel-enforced SymlinksIfOwnerMatch"
120502 + default y if GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER
120503 + help
120504 + Apache's SymlinksIfOwnerMatch option has an inherent race condition
120505 + that prevents it from being used as a security feature. As Apache
120506 + verifies the symlink by performing a stat() against the target of
120507 + the symlink before it is followed, an attacker can setup a symlink
120508 + to point to a same-owned file, then replace the symlink with one
120509 + that targets another user's file just after Apache "validates" the
120510 + symlink -- a classic TOCTOU race. If you say Y here, a complete,
120511 + race-free replacement for Apache's "SymlinksIfOwnerMatch" option
120512 + will be in place for the group you specify. If the sysctl option
120513 + is enabled, a sysctl option with name "enforce_symlinksifowner" is
120514 + created.
120515 +
120516 +config GRKERNSEC_SYMLINKOWN_GID
120517 + int "GID for users with kernel-enforced SymlinksIfOwnerMatch"
120518 + depends on GRKERNSEC_SYMLINKOWN
120519 + default 1006
120520 + help
120521 + Setting this GID determines what group kernel-enforced
120522 + SymlinksIfOwnerMatch will be enabled for. If the sysctl option
120523 + is enabled, a sysctl option with name "symlinkown_gid" is created.
120524 +
120525 +config GRKERNSEC_FIFO
120526 + bool "FIFO restrictions"
120527 + default y if GRKERNSEC_CONFIG_AUTO
120528 + help
120529 + If you say Y here, users will not be able to write to FIFOs they don't
120530 + own in world-writable +t directories (e.g. /tmp), unless the owner of
120531 + the FIFO is the same owner of the directory it's held in. If the sysctl
120532 + option is enabled, a sysctl option with name "fifo_restrictions" is
120533 + created.
120534 +
120535 +config GRKERNSEC_SYSFS_RESTRICT
120536 + bool "Sysfs/debugfs restriction"
120537 + default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER)
120538 + depends on SYSFS
120539 + help
120540 + If you say Y here, sysfs (the pseudo-filesystem mounted at /sys) and
120541 + any filesystem normally mounted under it (e.g. debugfs) will be
120542 + mostly accessible only by root. These filesystems generally provide access
120543 + to hardware and debug information that isn't appropriate for unprivileged
120544 + users of the system. Sysfs and debugfs have also become a large source
120545 + of new vulnerabilities, ranging from infoleaks to local compromise.
120546 + There has been very little oversight with an eye toward security involved
120547 + in adding new exporters of information to these filesystems, so their
120548 + use is discouraged.
120549 + For reasons of compatibility, a few directories have been whitelisted
120550 + for access by non-root users:
120551 + /sys/fs/selinux
120552 + /sys/fs/fuse
120553 + /sys/devices/system/cpu
120554 +
120555 +config GRKERNSEC_ROFS
120556 + bool "Runtime read-only mount protection"
120557 + depends on SYSCTL
120558 + help
120559 + If you say Y here, a sysctl option with name "romount_protect" will
120560 + be created. By setting this option to 1 at runtime, filesystems
120561 + will be protected in the following ways:
120562 + * No new writable mounts will be allowed
120563 + * Existing read-only mounts won't be able to be remounted read/write
120564 + * Write operations will be denied on all block devices
120565 + This option acts independently of grsec_lock: once it is set to 1,
120566 + it cannot be turned off. Therefore, please be mindful of the resulting
120567 + behavior if this option is enabled in an init script on a read-only
120568 + filesystem.
120569 + Also be aware that as with other root-focused features, GRKERNSEC_KMEM
120570 + and GRKERNSEC_IO should be enabled and module loading disabled via
120571 + config or at runtime.
120572 + This feature is mainly intended for secure embedded systems.
120573 +
120574 +
120575 +config GRKERNSEC_DEVICE_SIDECHANNEL
120576 + bool "Eliminate stat/notify-based device sidechannels"
120577 + default y if GRKERNSEC_CONFIG_AUTO
120578 + help
120579 + If you say Y here, timing analyses on block or character
120580 + devices like /dev/ptmx using stat or inotify/dnotify/fanotify
120581 + will be thwarted for unprivileged users. If a process without
120582 + CAP_MKNOD stats such a device, the last access and last modify times
120583 + will match the device's create time. No access or modify events
120584 + will be triggered through inotify/dnotify/fanotify for such devices.
120585 + This feature will prevent attacks that may at a minimum
120586 + allow an attacker to determine the administrator's password length.
120587 +
120588 +config GRKERNSEC_CHROOT
120589 + bool "Chroot jail restrictions"
120590 + default y if GRKERNSEC_CONFIG_AUTO
120591 + help
120592 + If you say Y here, you will be able to choose several options that will
120593 + make breaking out of a chrooted jail much more difficult. If you
120594 + encounter no software incompatibilities with the following options, it
120595 + is recommended that you enable each one.
120596 +
120597 + Note that the chroot restrictions are not intended to apply to "chroots"
120598 + to directories that are simple bind mounts of the global root filesystem.
120599 + For several other reasons, a user shouldn't expect any significant
120600 + security by performing such a chroot.
120601 +
120602 +config GRKERNSEC_CHROOT_MOUNT
120603 + bool "Deny mounts"
120604 + default y if GRKERNSEC_CONFIG_AUTO
120605 + depends on GRKERNSEC_CHROOT
120606 + help
120607 + If you say Y here, processes inside a chroot will not be able to
120608 + mount or remount filesystems. If the sysctl option is enabled, a
120609 + sysctl option with name "chroot_deny_mount" is created.
120610 +
120611 +config GRKERNSEC_CHROOT_DOUBLE
120612 + bool "Deny double-chroots"
120613 + default y if GRKERNSEC_CONFIG_AUTO
120614 + depends on GRKERNSEC_CHROOT
120615 + help
120616 + If you say Y here, processes inside a chroot will not be able to chroot
120617 + again outside the chroot. This is a widely used method of breaking
120618 + out of a chroot jail and should not be allowed. If the sysctl
120619 + option is enabled, a sysctl option with name
120620 + "chroot_deny_chroot" is created.
120621 +
120622 +config GRKERNSEC_CHROOT_PIVOT
120623 + bool "Deny pivot_root in chroot"
120624 + default y if GRKERNSEC_CONFIG_AUTO
120625 + depends on GRKERNSEC_CHROOT
120626 + help
120627 + If you say Y here, processes inside a chroot will not be able to use
120628 + a function called pivot_root() that was introduced in Linux 2.3.41. It
120629 + works similar to chroot in that it changes the root filesystem. This
120630 + function could be misused in a chrooted process to attempt to break out
120631 + of the chroot, and therefore should not be allowed. If the sysctl
120632 + option is enabled, a sysctl option with name "chroot_deny_pivot" is
120633 + created.
120634 +
120635 +config GRKERNSEC_CHROOT_CHDIR
120636 + bool "Enforce chdir(\"/\") on all chroots"
120637 + default y if GRKERNSEC_CONFIG_AUTO
120638 + depends on GRKERNSEC_CHROOT
120639 + help
120640 + If you say Y here, the current working directory of all newly-chrooted
120641 + applications will be set to the the root directory of the chroot.
120642 + The man page on chroot(2) states:
120643 + Note that this call does not change the current working
120644 + directory, so that `.' can be outside the tree rooted at
120645 + `/'. In particular, the super-user can escape from a
120646 + `chroot jail' by doing `mkdir foo; chroot foo; cd ..'.
120647 +
120648 + It is recommended that you say Y here, since it's not known to break
120649 + any software. If the sysctl option is enabled, a sysctl option with
120650 + name "chroot_enforce_chdir" is created.
120651 +
120652 +config GRKERNSEC_CHROOT_CHMOD
120653 + bool "Deny (f)chmod +s"
120654 + default y if GRKERNSEC_CONFIG_AUTO
120655 + depends on GRKERNSEC_CHROOT
120656 + help
120657 + If you say Y here, processes inside a chroot will not be able to chmod
120658 + or fchmod files to make them have suid or sgid bits. This protects
120659 + against another published method of breaking a chroot. If the sysctl
120660 + option is enabled, a sysctl option with name "chroot_deny_chmod" is
120661 + created.
120662 +
120663 +config GRKERNSEC_CHROOT_FCHDIR
120664 + bool "Deny fchdir and fhandle out of chroot"
120665 + default y if GRKERNSEC_CONFIG_AUTO
120666 + depends on GRKERNSEC_CHROOT
120667 + help
120668 + If you say Y here, a well-known method of breaking chroots by fchdir'ing
120669 + to a file descriptor of the chrooting process that points to a directory
120670 + outside the filesystem will be stopped. This option also prevents use of
120671 + the recently-created syscall for opening files by a guessable "file handle"
120672 + inside a chroot, as well as accessing relative paths outside of a
120673 + directory passed in via file descriptor with openat and similar syscalls.
120674 + If the sysctl option is enabled, a sysctl option with name "chroot_deny_fchdir"
120675 + is created.
120676 +
120677 +config GRKERNSEC_CHROOT_MKNOD
120678 + bool "Deny mknod"
120679 + default y if GRKERNSEC_CONFIG_AUTO
120680 + depends on GRKERNSEC_CHROOT
120681 + help
120682 + If you say Y here, processes inside a chroot will not be allowed to
120683 + mknod. The problem with using mknod inside a chroot is that it
120684 + would allow an attacker to create a device entry that is the same
120685 + as one on the physical root of your system, which could range from
120686 + anything from the console device to a device for your harddrive (which
120687 + they could then use to wipe the drive or steal data). It is recommended
120688 + that you say Y here, unless you run into software incompatibilities.
120689 + If the sysctl option is enabled, a sysctl option with name
120690 + "chroot_deny_mknod" is created.
120691 +
120692 +config GRKERNSEC_CHROOT_SHMAT
120693 + bool "Deny shmat() out of chroot"
120694 + default y if GRKERNSEC_CONFIG_AUTO
120695 + depends on GRKERNSEC_CHROOT
120696 + help
120697 + If you say Y here, processes inside a chroot will not be able to attach
120698 + to shared memory segments that were created outside of the chroot jail.
120699 + It is recommended that you say Y here. If the sysctl option is enabled,
120700 + a sysctl option with name "chroot_deny_shmat" is created.
120701 +
120702 +config GRKERNSEC_CHROOT_UNIX
120703 + bool "Deny access to abstract AF_UNIX sockets out of chroot"
120704 + default y if GRKERNSEC_CONFIG_AUTO
120705 + depends on GRKERNSEC_CHROOT
120706 + help
120707 + If you say Y here, processes inside a chroot will not be able to
120708 + connect to abstract (meaning not belonging to a filesystem) Unix
120709 + domain sockets that were bound outside of a chroot. It is recommended
120710 + that you say Y here. If the sysctl option is enabled, a sysctl option
120711 + with name "chroot_deny_unix" is created.
120712 +
120713 +config GRKERNSEC_CHROOT_FINDTASK
120714 + bool "Protect outside processes"
120715 + default y if GRKERNSEC_CONFIG_AUTO
120716 + depends on GRKERNSEC_CHROOT
120717 + help
120718 + If you say Y here, processes inside a chroot will not be able to
120719 + kill, send signals with fcntl, ptrace, capget, getpgid, setpgid,
120720 + getsid, or view any process outside of the chroot. If the sysctl
120721 + option is enabled, a sysctl option with name "chroot_findtask" is
120722 + created.
120723 +
120724 +config GRKERNSEC_CHROOT_NICE
120725 + bool "Restrict priority changes"
120726 + default y if GRKERNSEC_CONFIG_AUTO
120727 + depends on GRKERNSEC_CHROOT
120728 + help
120729 + If you say Y here, processes inside a chroot will not be able to raise
120730 + the priority of processes in the chroot, or alter the priority of
120731 + processes outside the chroot. This provides more security than simply
120732 + removing CAP_SYS_NICE from the process' capability set. If the
120733 + sysctl option is enabled, a sysctl option with name "chroot_restrict_nice"
120734 + is created.
120735 +
120736 +config GRKERNSEC_CHROOT_SYSCTL
120737 + bool "Deny sysctl writes"
120738 + default y if GRKERNSEC_CONFIG_AUTO
120739 + depends on GRKERNSEC_CHROOT
120740 + help
120741 + If you say Y here, an attacker in a chroot will not be able to
120742 + write to sysctl entries, either by sysctl(2) or through a /proc
120743 + interface. It is strongly recommended that you say Y here. If the
120744 + sysctl option is enabled, a sysctl option with name
120745 + "chroot_deny_sysctl" is created.
120746 +
120747 +config GRKERNSEC_CHROOT_RENAME
120748 + bool "Deny bad renames"
120749 + default y if GRKERNSEC_CONFIG_AUTO
120750 + depends on GRKERNSEC_CHROOT
120751 + help
120752 + If you say Y here, an attacker in a chroot will not be able to
120753 + abuse the ability to create double chroots to break out of the
120754 + chroot by exploiting a race condition between a rename of a directory
120755 + within a chroot against an open of a symlink with relative path
120756 + components. This feature will likewise prevent an accomplice outside
120757 + a chroot from enabling a user inside the chroot to break out and make
120758 + use of their credentials on the global filesystem. Enabling this
120759 + feature is essential to prevent root users from breaking out of a
120760 + chroot. If the sysctl option is enabled, a sysctl option with name
120761 + "chroot_deny_bad_rename" is created.
120762 +
120763 +config GRKERNSEC_CHROOT_CAPS
120764 + bool "Capability restrictions"
120765 + default y if GRKERNSEC_CONFIG_AUTO
120766 + depends on GRKERNSEC_CHROOT
120767 + help
120768 + If you say Y here, the capabilities on all processes within a
120769 + chroot jail will be lowered to stop module insertion, raw i/o,
120770 + system and net admin tasks, rebooting the system, modifying immutable
120771 + files, modifying IPC owned by another, and changing the system time.
120772 + This is left an option because it can break some apps. Disable this
120773 + if your chrooted apps are having problems performing those kinds of
120774 + tasks. If the sysctl option is enabled, a sysctl option with
120775 + name "chroot_caps" is created.
120776 +
120777 +config GRKERNSEC_CHROOT_INITRD
120778 + bool "Exempt initrd tasks from restrictions"
120779 + default y if GRKERNSEC_CONFIG_AUTO
120780 + depends on GRKERNSEC_CHROOT && BLK_DEV_INITRD
120781 + help
120782 + If you say Y here, tasks started prior to init will be exempted from
120783 + grsecurity's chroot restrictions. This option is mainly meant to
120784 + resolve Plymouth's performing privileged operations unnecessarily
120785 + in a chroot.
120786 +
120787 +endmenu
120788 +menu "Kernel Auditing"
120789 +depends on GRKERNSEC
120790 +
120791 +config GRKERNSEC_AUDIT_GROUP
120792 + bool "Single group for auditing"
120793 + help
120794 + If you say Y here, the exec and chdir logging features will only operate
120795 + on a group you specify. This option is recommended if you only want to
120796 + watch certain users instead of having a large amount of logs from the
120797 + entire system. If the sysctl option is enabled, a sysctl option with
120798 + name "audit_group" is created.
120799 +
120800 +config GRKERNSEC_AUDIT_GID
120801 + int "GID for auditing"
120802 + depends on GRKERNSEC_AUDIT_GROUP
120803 + default 1007
120804 +
120805 +config GRKERNSEC_EXECLOG
120806 + bool "Exec logging"
120807 + help
120808 + If you say Y here, all execve() calls will be logged (since the
120809 + other exec*() calls are frontends to execve(), all execution
120810 + will be logged). Useful for shell-servers that like to keep track
120811 + of their users. If the sysctl option is enabled, a sysctl option with
120812 + name "exec_logging" is created.
120813 + WARNING: This option when enabled will produce a LOT of logs, especially
120814 + on an active system.
120815 +
120816 +config GRKERNSEC_RESLOG
120817 + bool "Resource logging"
120818 + default y if GRKERNSEC_CONFIG_AUTO
120819 + help
120820 + If you say Y here, all attempts to overstep resource limits will
120821 + be logged with the resource name, the requested size, and the current
120822 + limit. It is highly recommended that you say Y here. If the sysctl
120823 + option is enabled, a sysctl option with name "resource_logging" is
120824 + created. If the RBAC system is enabled, the sysctl value is ignored.
120825 +
120826 +config GRKERNSEC_CHROOT_EXECLOG
120827 + bool "Log execs within chroot"
120828 + help
120829 + If you say Y here, all executions inside a chroot jail will be logged
120830 + to syslog. This can cause a large amount of logs if certain
120831 + applications (eg. djb's daemontools) are installed on the system, and
120832 + is therefore left as an option. If the sysctl option is enabled, a
120833 + sysctl option with name "chroot_execlog" is created.
120834 +
120835 +config GRKERNSEC_AUDIT_PTRACE
120836 + bool "Ptrace logging"
120837 + help
120838 + If you say Y here, all attempts to attach to a process via ptrace
120839 + will be logged. If the sysctl option is enabled, a sysctl option
120840 + with name "audit_ptrace" is created.
120841 +
120842 +config GRKERNSEC_AUDIT_CHDIR
120843 + bool "Chdir logging"
120844 + help
120845 + If you say Y here, all chdir() calls will be logged. If the sysctl
120846 + option is enabled, a sysctl option with name "audit_chdir" is created.
120847 +
120848 +config GRKERNSEC_AUDIT_MOUNT
120849 + bool "(Un)Mount logging"
120850 + help
120851 + If you say Y here, all mounts and unmounts will be logged. If the
120852 + sysctl option is enabled, a sysctl option with name "audit_mount" is
120853 + created.
120854 +
120855 +config GRKERNSEC_SIGNAL
120856 + bool "Signal logging"
120857 + default y if GRKERNSEC_CONFIG_AUTO
120858 + help
120859 + If you say Y here, certain important signals will be logged, such as
120860 + SIGSEGV, which will as a result inform you of when a error in a program
120861 + occurred, which in some cases could mean a possible exploit attempt.
120862 + If the sysctl option is enabled, a sysctl option with name
120863 + "signal_logging" is created.
120864 +
120865 +config GRKERNSEC_FORKFAIL
120866 + bool "Fork failure logging"
120867 + help
120868 + If you say Y here, all failed fork() attempts will be logged.
120869 + This could suggest a fork bomb, or someone attempting to overstep
120870 + their process limit. If the sysctl option is enabled, a sysctl option
120871 + with name "forkfail_logging" is created.
120872 +
120873 +config GRKERNSEC_TIME
120874 + bool "Time change logging"
120875 + default y if GRKERNSEC_CONFIG_AUTO
120876 + help
120877 + If you say Y here, any changes of the system clock will be logged.
120878 + If the sysctl option is enabled, a sysctl option with name
120879 + "timechange_logging" is created.
120880 +
120881 +config GRKERNSEC_PROC_IPADDR
120882 + bool "/proc/<pid>/ipaddr support"
120883 + default y if GRKERNSEC_CONFIG_AUTO
120884 + help
120885 + If you say Y here, a new entry will be added to each /proc/<pid>
120886 + directory that contains the IP address of the person using the task.
120887 + The IP is carried across local TCP and AF_UNIX stream sockets.
120888 + This information can be useful for IDS/IPSes to perform remote response
120889 + to a local attack. The entry is readable by only the owner of the
120890 + process (and root if he has CAP_DAC_OVERRIDE, which can be removed via
120891 + the RBAC system), and thus does not create privacy concerns.
120892 +
120893 +config GRKERNSEC_RWXMAP_LOG
120894 + bool 'Denied RWX mmap/mprotect logging'
120895 + default y if GRKERNSEC_CONFIG_AUTO
120896 + depends on PAX_MPROTECT && !PAX_EMUPLT && !PAX_EMUSIGRT
120897 + help
120898 + If you say Y here, calls to mmap() and mprotect() with explicit
120899 + usage of PROT_WRITE and PROT_EXEC together will be logged when
120900 + denied by the PAX_MPROTECT feature. This feature will also
120901 + log other problematic scenarios that can occur when PAX_MPROTECT
120902 + is enabled on a binary, like textrels and PT_GNU_STACK. If the
120903 + sysctl option is enabled, a sysctl option with name "rwxmap_logging"
120904 + is created.
120905 +
120906 +endmenu
120907 +
120908 +menu "Executable Protections"
120909 +depends on GRKERNSEC
120910 +
120911 +config GRKERNSEC_DMESG
120912 + bool "Dmesg(8) restriction"
120913 + default y if GRKERNSEC_CONFIG_AUTO
120914 + help
120915 + If you say Y here, non-root users will not be able to use dmesg(8)
120916 + to view the contents of the kernel's circular log buffer.
120917 + The kernel's log buffer often contains kernel addresses and other
120918 + identifying information useful to an attacker in fingerprinting a
120919 + system for a targeted exploit.
120920 + If the sysctl option is enabled, a sysctl option with name "dmesg" is
120921 + created.
120922 +
120923 +config GRKERNSEC_HARDEN_PTRACE
120924 + bool "Deter ptrace-based process snooping"
120925 + default y if GRKERNSEC_CONFIG_AUTO
120926 + help
120927 + If you say Y here, TTY sniffers and other malicious monitoring
120928 + programs implemented through ptrace will be defeated. If you
120929 + have been using the RBAC system, this option has already been
120930 + enabled for several years for all users, with the ability to make
120931 + fine-grained exceptions.
120932 +
120933 + This option only affects the ability of non-root users to ptrace
120934 + processes that are not a descendent of the ptracing process.
120935 + This means that strace ./binary and gdb ./binary will still work,
120936 + but attaching to arbitrary processes will not. If the sysctl
120937 + option is enabled, a sysctl option with name "harden_ptrace" is
120938 + created.
120939 +
120940 +config GRKERNSEC_PTRACE_READEXEC
120941 + bool "Require read access to ptrace sensitive binaries"
120942 + default y if GRKERNSEC_CONFIG_AUTO
120943 + help
120944 + If you say Y here, unprivileged users will not be able to ptrace unreadable
120945 + binaries. This option is useful in environments that
120946 + remove the read bits (e.g. file mode 4711) from suid binaries to
120947 + prevent infoleaking of their contents. This option adds
120948 + consistency to the use of that file mode, as the binary could normally
120949 + be read out when run without privileges while ptracing.
120950 +
120951 + If the sysctl option is enabled, a sysctl option with name "ptrace_readexec"
120952 + is created.
120953 +
120954 +config GRKERNSEC_SETXID
120955 + bool "Enforce consistent multithreaded privileges"
120956 + default y if GRKERNSEC_CONFIG_AUTO
120957 + depends on (X86 || SPARC64 || PPC || ARM || MIPS)
120958 + help
120959 + If you say Y here, a change from a root uid to a non-root uid
120960 + in a multithreaded application will cause the resulting uids,
120961 + gids, supplementary groups, and capabilities in that thread
120962 + to be propagated to the other threads of the process. In most
120963 + cases this is unnecessary, as glibc will emulate this behavior
120964 + on behalf of the application. Other libcs do not act in the
120965 + same way, allowing the other threads of the process to continue
120966 + running with root privileges. If the sysctl option is enabled,
120967 + a sysctl option with name "consistent_setxid" is created.
120968 +
120969 +config GRKERNSEC_HARDEN_IPC
120970 + bool "Disallow access to overly-permissive IPC objects"
120971 + default y if GRKERNSEC_CONFIG_AUTO
120972 + depends on SYSVIPC
120973 + help
120974 + If you say Y here, access to overly-permissive IPC objects (shared
120975 + memory, message queues, and semaphores) will be denied for processes
120976 + given the following criteria beyond normal permission checks:
120977 + 1) If the IPC object is world-accessible and the euid doesn't match
120978 + that of the creator or current uid for the IPC object
120979 + 2) If the IPC object is group-accessible and the egid doesn't
120980 + match that of the creator or current gid for the IPC object
120981 + It's a common error to grant too much permission to these objects,
120982 + with impact ranging from denial of service and information leaking to
120983 + privilege escalation. This feature was developed in response to
120984 + research by Tim Brown:
120985 + http://labs.portcullis.co.uk/whitepapers/memory-squatting-attacks-on-system-v-shared-memory/
120986 + who found hundreds of such insecure usages. Processes with
120987 + CAP_IPC_OWNER are still permitted to access these IPC objects.
120988 + If the sysctl option is enabled, a sysctl option with name
120989 + "harden_ipc" is created.
120990 +
120991 +config GRKERNSEC_HARDEN_TTY
120992 + bool "Disallow unprivileged use of command injection"
120993 + default y if GRKERNSEC_CONFIG_AUTO
120994 + help
120995 + If you say Y here, the ability to use the TIOCSTI ioctl for
120996 + terminal command injection will be denied for unprivileged users.
120997 + There are very few legitimate uses for this functionality and it
120998 + has made vulnerabilities in several 'su'-like programs possible in
120999 + the past. Even without these vulnerabilities, it provides an
121000 + attacker with an easy mechanism to move laterally among other
121001 + processes within the same user's compromised session.
121002 + By default, Linux allows unprivileged use of command injection as
121003 + long as the injection is being performed into the same tty session.
121004 + This feature makes that case the same as attempting to inject into
121005 + another session, making any TIOCSTI use require CAP_SYS_ADMIN.
121006 + If the sysctl option is enabled, a sysctl option with name
121007 + "harden_tty" is created.
121008 +
121009 +config GRKERNSEC_TPE
121010 + bool "Trusted Path Execution (TPE)"
121011 + default y if GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER
121012 + help
121013 + If you say Y here, you will be able to choose a gid to add to the
121014 + supplementary groups of users you want to mark as "untrusted."
121015 + These users will not be able to execute any files that are not in
121016 + root-owned directories writable only by root. If the sysctl option
121017 + is enabled, a sysctl option with name "tpe" is created.
121018 +
121019 +config GRKERNSEC_TPE_ALL
121020 + bool "Partially restrict all non-root users"
121021 + depends on GRKERNSEC_TPE
121022 + help
121023 + If you say Y here, all non-root users will be covered under
121024 + a weaker TPE restriction. This is separate from, and in addition to,
121025 + the main TPE options that you have selected elsewhere. Thus, if a
121026 + "trusted" GID is chosen, this restriction applies to even that GID.
121027 + Under this restriction, all non-root users will only be allowed to
121028 + execute files in directories they own that are not group or
121029 + world-writable, or in directories owned by root and writable only by
121030 + root. If the sysctl option is enabled, a sysctl option with name
121031 + "tpe_restrict_all" is created.
121032 +
121033 +config GRKERNSEC_TPE_INVERT
121034 + bool "Invert GID option"
121035 + depends on GRKERNSEC_TPE
121036 + help
121037 + If you say Y here, the group you specify in the TPE configuration will
121038 + decide what group TPE restrictions will be *disabled* for. This
121039 + option is useful if you want TPE restrictions to be applied to most
121040 + users on the system. If the sysctl option is enabled, a sysctl option
121041 + with name "tpe_invert" is created. Unlike other sysctl options, this
121042 + entry will default to on for backward-compatibility.
121043 +
121044 +config GRKERNSEC_TPE_GID
121045 + int
121046 + default GRKERNSEC_TPE_UNTRUSTED_GID if (GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT)
121047 + default GRKERNSEC_TPE_TRUSTED_GID if (GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT)
121048 +
121049 +config GRKERNSEC_TPE_UNTRUSTED_GID
121050 + int "GID for TPE-untrusted users"
121051 + depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
121052 + default 1005
121053 + help
121054 + Setting this GID determines what group TPE restrictions will be
121055 + *enabled* for. If the sysctl option is enabled, a sysctl option
121056 + with name "tpe_gid" is created.
121057 +
121058 +config GRKERNSEC_TPE_TRUSTED_GID
121059 + int "GID for TPE-trusted users"
121060 + depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
121061 + default 1005
121062 + help
121063 + Setting this GID determines what group TPE restrictions will be
121064 + *disabled* for. If the sysctl option is enabled, a sysctl option
121065 + with name "tpe_gid" is created.
121066 +
121067 +endmenu
121068 +menu "Network Protections"
121069 +depends on GRKERNSEC
121070 +
121071 +config GRKERNSEC_BLACKHOLE
121072 + bool "TCP/UDP blackhole and LAST_ACK DoS prevention"
121073 + default y if GRKERNSEC_CONFIG_AUTO
121074 + depends on NET
121075 + help
121076 + If you say Y here, neither TCP resets nor ICMP
121077 + destination-unreachable packets will be sent in response to packets
121078 + sent to ports for which no associated listening process exists.
121079 + It will also prevent the sending of ICMP protocol unreachable packets
121080 + in response to packets with unknown protocols.
121081 + This feature supports both IPV4 and IPV6 and exempts the
121082 + loopback interface from blackholing. Enabling this feature
121083 + makes a host more resilient to DoS attacks and reduces network
121084 + visibility against scanners.
121085 +
121086 + The blackhole feature as-implemented is equivalent to the FreeBSD
121087 + blackhole feature, as it prevents RST responses to all packets, not
121088 + just SYNs. Under most application behavior this causes no
121089 + problems, but applications (like haproxy) may not close certain
121090 + connections in a way that cleanly terminates them on the remote
121091 + end, leaving the remote host in LAST_ACK state. Because of this
121092 + side-effect and to prevent intentional LAST_ACK DoSes, this
121093 + feature also adds automatic mitigation against such attacks.
121094 + The mitigation drastically reduces the amount of time a socket
121095 + can spend in LAST_ACK state. If you're using haproxy and not
121096 + all servers it connects to have this option enabled, consider
121097 + disabling this feature on the haproxy host.
121098 +
121099 + If the sysctl option is enabled, two sysctl options with names
121100 + "ip_blackhole" and "lastack_retries" will be created.
121101 + While "ip_blackhole" takes the standard zero/non-zero on/off
121102 + toggle, "lastack_retries" uses the same kinds of values as
121103 + "tcp_retries1" and "tcp_retries2". The default value of 4
121104 + prevents a socket from lasting more than 45 seconds in LAST_ACK
121105 + state.
121106 +
121107 +config GRKERNSEC_NO_SIMULT_CONNECT
121108 + bool "Disable TCP Simultaneous Connect"
121109 + default y if GRKERNSEC_CONFIG_AUTO
121110 + depends on NET
121111 + help
121112 + If you say Y here, a feature by Willy Tarreau will be enabled that
121113 + removes a weakness in Linux's strict implementation of TCP that
121114 + allows two clients to connect to each other without either entering
121115 + a listening state. The weakness allows an attacker to easily prevent
121116 + a client from connecting to a known server provided the source port
121117 + for the connection is guessed correctly.
121118 +
121119 + As the weakness could be used to prevent an antivirus or IPS from
121120 + fetching updates, or prevent an SSL gateway from fetching a CRL,
121121 + it should be eliminated by enabling this option. Though Linux is
121122 + one of few operating systems supporting simultaneous connect, it
121123 + has no legitimate use in practice and is rarely supported by firewalls.
121124 +
121125 +config GRKERNSEC_SOCKET
121126 + bool "Socket restrictions"
121127 + depends on NET
121128 + help
121129 + If you say Y here, you will be able to choose from several options.
121130 + If you assign a GID on your system and add it to the supplementary
121131 + groups of users you want to restrict socket access to, this patch
121132 + will perform up to three things, based on the option(s) you choose.
121133 +
121134 +config GRKERNSEC_SOCKET_ALL
121135 + bool "Deny any sockets to group"
121136 + depends on GRKERNSEC_SOCKET
121137 + help
121138 + If you say Y here, you will be able to choose a GID of whose users will
121139 + be unable to connect to other hosts from your machine or run server
121140 + applications from your machine. If the sysctl option is enabled, a
121141 + sysctl option with name "socket_all" is created.
121142 +
121143 +config GRKERNSEC_SOCKET_ALL_GID
121144 + int "GID to deny all sockets for"
121145 + depends on GRKERNSEC_SOCKET_ALL
121146 + default 1004
121147 + help
121148 + Here you can choose the GID to disable socket access for. Remember to
121149 + add the users you want socket access disabled for to the GID
121150 + specified here. If the sysctl option is enabled, a sysctl option
121151 + with name "socket_all_gid" is created.
121152 +
121153 +config GRKERNSEC_SOCKET_CLIENT
121154 + bool "Deny client sockets to group"
121155 + depends on GRKERNSEC_SOCKET
121156 + help
121157 + If you say Y here, you will be able to choose a GID of whose users will
121158 + be unable to connect to other hosts from your machine, but will be
121159 + able to run servers. If this option is enabled, all users in the group
121160 + you specify will have to use passive mode when initiating ftp transfers
121161 + from the shell on your machine. If the sysctl option is enabled, a
121162 + sysctl option with name "socket_client" is created.
121163 +
121164 +config GRKERNSEC_SOCKET_CLIENT_GID
121165 + int "GID to deny client sockets for"
121166 + depends on GRKERNSEC_SOCKET_CLIENT
121167 + default 1003
121168 + help
121169 + Here you can choose the GID to disable client socket access for.
121170 + Remember to add the users you want client socket access disabled for to
121171 + the GID specified here. If the sysctl option is enabled, a sysctl
121172 + option with name "socket_client_gid" is created.
121173 +
121174 +config GRKERNSEC_SOCKET_SERVER
121175 + bool "Deny server sockets to group"
121176 + depends on GRKERNSEC_SOCKET
121177 + help
121178 + If you say Y here, you will be able to choose a GID of whose users will
121179 + be unable to run server applications from your machine. If the sysctl
121180 + option is enabled, a sysctl option with name "socket_server" is created.
121181 +
121182 +config GRKERNSEC_SOCKET_SERVER_GID
121183 + int "GID to deny server sockets for"
121184 + depends on GRKERNSEC_SOCKET_SERVER
121185 + default 1002
121186 + help
121187 + Here you can choose the GID to disable server socket access for.
121188 + Remember to add the users you want server socket access disabled for to
121189 + the GID specified here. If the sysctl option is enabled, a sysctl
121190 + option with name "socket_server_gid" is created.
121191 +
121192 +endmenu
121193 +
121194 +menu "Physical Protections"
121195 +depends on GRKERNSEC
121196 +
121197 +config GRKERNSEC_DENYUSB
121198 + bool "Deny new USB connections after toggle"
121199 + default y if GRKERNSEC_CONFIG_AUTO
121200 + depends on SYSCTL && USB_SUPPORT
121201 + help
121202 + If you say Y here, a new sysctl option with name "deny_new_usb"
121203 + will be created. Setting its value to 1 will prevent any new
121204 + USB devices from being recognized by the OS. Any attempted USB
121205 + device insertion will be logged. This option is intended to be
121206 + used against custom USB devices designed to exploit vulnerabilities
121207 + in various USB device drivers.
121208 +
121209 + For greatest effectiveness, this sysctl should be set after any
121210 + relevant init scripts. This option is safe to enable in distros
121211 + as each user can choose whether or not to toggle the sysctl.
121212 +
121213 +config GRKERNSEC_DENYUSB_FORCE
121214 + bool "Reject all USB devices not connected at boot"
121215 + select USB
121216 + depends on GRKERNSEC_DENYUSB
121217 + help
121218 + If you say Y here, a variant of GRKERNSEC_DENYUSB will be enabled
121219 + that doesn't involve a sysctl entry. This option should only be
121220 + enabled if you're sure you want to deny all new USB connections
121221 + at runtime and don't want to modify init scripts. This should not
121222 + be enabled by distros. It forces the core USB code to be built
121223 + into the kernel image so that all devices connected at boot time
121224 + can be recognized and new USB device connections can be prevented
121225 + prior to init running.
121226 +
121227 +endmenu
121228 +
121229 +menu "Sysctl Support"
121230 +depends on GRKERNSEC && SYSCTL
121231 +
121232 +config GRKERNSEC_SYSCTL
121233 + bool "Sysctl support"
121234 + default y if GRKERNSEC_CONFIG_AUTO
121235 + help
121236 + If you say Y here, you will be able to change the options that
121237 + grsecurity runs with at bootup, without having to recompile your
121238 + kernel. You can echo values to files in /proc/sys/kernel/grsecurity
121239 + to enable (1) or disable (0) various features. All the sysctl entries
121240 + are mutable until the "grsec_lock" entry is set to a non-zero value.
121241 + All features enabled in the kernel configuration are disabled at boot
121242 + if you do not say Y to the "Turn on features by default" option.
121243 + All options should be set at startup, and the grsec_lock entry should
121244 + be set to a non-zero value after all the options are set.
121245 + *THIS IS EXTREMELY IMPORTANT*
121246 +
121247 +config GRKERNSEC_SYSCTL_DISTRO
121248 + bool "Extra sysctl support for distro makers (READ HELP)"
121249 + depends on GRKERNSEC_SYSCTL && GRKERNSEC_IO
121250 + help
121251 + If you say Y here, additional sysctl options will be created
121252 + for features that affect processes running as root. Therefore,
121253 + it is critical when using this option that the grsec_lock entry be
121254 + enabled after boot. Only distros with prebuilt kernel packages
121255 + with this option enabled that can ensure grsec_lock is enabled
121256 + after boot should use this option.
121257 + *Failure to set grsec_lock after boot makes all grsec features
121258 + this option covers useless*
121259 +
121260 + Currently this option creates the following sysctl entries:
121261 + "Disable Privileged I/O": "disable_priv_io"
121262 +
121263 +config GRKERNSEC_SYSCTL_ON
121264 + bool "Turn on features by default"
121265 + default y if GRKERNSEC_CONFIG_AUTO
121266 + depends on GRKERNSEC_SYSCTL
121267 + help
121268 + If you say Y here, instead of having all features enabled in the
121269 + kernel configuration disabled at boot time, the features will be
121270 + enabled at boot time. It is recommended you say Y here unless
121271 + there is some reason you would want all sysctl-tunable features to
121272 + be disabled by default. As mentioned elsewhere, it is important
121273 + to enable the grsec_lock entry once you have finished modifying
121274 + the sysctl entries.
121275 +
121276 +endmenu
121277 +menu "Logging Options"
121278 +depends on GRKERNSEC
121279 +
121280 +config GRKERNSEC_FLOODTIME
121281 + int "Seconds in between log messages (minimum)"
121282 + default 10
121283 + help
121284 + This option allows you to enforce the number of seconds between
121285 + grsecurity log messages. The default should be suitable for most
121286 + people, however, if you choose to change it, choose a value small enough
121287 + to allow informative logs to be produced, but large enough to
121288 + prevent flooding.
121289 +
121290 + Setting both this value and GRKERNSEC_FLOODBURST to 0 will disable
121291 + any rate limiting on grsecurity log messages.
121292 +
121293 +config GRKERNSEC_FLOODBURST
121294 + int "Number of messages in a burst (maximum)"
121295 + default 6
121296 + help
121297 + This option allows you to choose the maximum number of messages allowed
121298 + within the flood time interval you chose in a separate option. The
121299 + default should be suitable for most people, however if you find that
121300 + many of your logs are being interpreted as flooding, you may want to
121301 + raise this value.
121302 +
121303 + Setting both this value and GRKERNSEC_FLOODTIME to 0 will disable
121304 + any rate limiting on grsecurity log messages.
121305 +
121306 +endmenu
121307 diff --git a/grsecurity/Makefile b/grsecurity/Makefile
121308 new file mode 100644
121309 index 0000000..e136e5f
121310 --- /dev/null
121311 +++ b/grsecurity/Makefile
121312 @@ -0,0 +1,54 @@
121313 +# grsecurity - access control and security hardening for Linux
121314 +# All code in this directory and various hooks located throughout the Linux kernel are
121315 +# Copyright (C) 2001-2014 Bradley Spengler, Open Source Security, Inc.
121316 +# http://www.grsecurity.net spender@grsecurity.net
121317 +#
121318 +# This program is free software; you can redistribute it and/or
121319 +# modify it under the terms of the GNU General Public License version 2
121320 +# as published by the Free Software Foundation.
121321 +#
121322 +# This program is distributed in the hope that it will be useful,
121323 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
121324 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
121325 +# GNU General Public License for more details.
121326 +#
121327 +# You should have received a copy of the GNU General Public License
121328 +# along with this program; if not, write to the Free Software
121329 +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
121330 +
121331 +KBUILD_CFLAGS += -Werror
121332 +
121333 +obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \
121334 + grsec_mount.o grsec_sig.o grsec_sysctl.o \
121335 + grsec_time.o grsec_tpe.o grsec_link.o grsec_pax.o grsec_ptrace.o \
121336 + grsec_usb.o grsec_ipc.o grsec_proc.o grsec_tty.o
121337 +
121338 +obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_segv.o \
121339 + gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \
121340 + gracl_learn.o grsec_log.o gracl_policy.o
121341 +ifdef CONFIG_COMPAT
121342 +obj-$(CONFIG_GRKERNSEC) += gracl_compat.o
121343 +endif
121344 +
121345 +obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o
121346 +
121347 +ifdef CONFIG_NET
121348 +obj-y += grsec_sock.o
121349 +obj-$(CONFIG_GRKERNSEC) += gracl_ip.o
121350 +endif
121351 +
121352 +ifndef CONFIG_GRKERNSEC
121353 +obj-y += grsec_disabled.o
121354 +endif
121355 +
121356 +ifdef CONFIG_GRKERNSEC_HIDESYM
121357 +extra-y := grsec_hidesym.o
121358 +$(obj)/grsec_hidesym.o:
121359 + @-chmod -f 500 /boot
121360 + @-chmod -f 500 /lib/modules
121361 + @-chmod -f 500 /lib64/modules
121362 + @-chmod -f 500 /lib32/modules
121363 + @-chmod -f 700 .
121364 + @-chmod -f 700 $(objtree)
121365 + @echo ' grsec: protected kernel image paths'
121366 +endif
121367 diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
121368 new file mode 100644
121369 index 0000000..1bbe70e
121370 --- /dev/null
121371 +++ b/grsecurity/gracl.c
121372 @@ -0,0 +1,2773 @@
121373 +#include <linux/kernel.h>
121374 +#include <linux/module.h>
121375 +#include <linux/sched.h>
121376 +#include <linux/mm.h>
121377 +#include <linux/file.h>
121378 +#include <linux/fs.h>
121379 +#include <linux/namei.h>
121380 +#include <linux/mount.h>
121381 +#include <linux/tty.h>
121382 +#include <linux/proc_fs.h>
121383 +#include <linux/lglock.h>
121384 +#include <linux/slab.h>
121385 +#include <linux/vmalloc.h>
121386 +#include <linux/types.h>
121387 +#include <linux/sysctl.h>
121388 +#include <linux/netdevice.h>
121389 +#include <linux/ptrace.h>
121390 +#include <linux/gracl.h>
121391 +#include <linux/gralloc.h>
121392 +#include <linux/security.h>
121393 +#include <linux/grinternal.h>
121394 +#include <linux/pid_namespace.h>
121395 +#include <linux/stop_machine.h>
121396 +#include <linux/fdtable.h>
121397 +#include <linux/percpu.h>
121398 +#include <linux/lglock.h>
121399 +#include <linux/hugetlb.h>
121400 +#include <linux/posix-timers.h>
121401 +#include <linux/prefetch.h>
121402 +#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
121403 +#include <linux/magic.h>
121404 +#include <linux/pagemap.h>
121405 +#include "../fs/btrfs/async-thread.h"
121406 +#include "../fs/btrfs/ctree.h"
121407 +#include "../fs/btrfs/btrfs_inode.h"
121408 +#endif
121409 +#include "../fs/mount.h"
121410 +
121411 +#include <asm/uaccess.h>
121412 +#include <asm/errno.h>
121413 +#include <asm/mman.h>
121414 +
121415 +#define FOR_EACH_ROLE_START(role) \
121416 + role = running_polstate.role_list; \
121417 + while (role) {
121418 +
121419 +#define FOR_EACH_ROLE_END(role) \
121420 + role = role->prev; \
121421 + }
121422 +
121423 +extern struct path gr_real_root;
121424 +
121425 +static struct gr_policy_state running_polstate;
121426 +struct gr_policy_state *polstate = &running_polstate;
121427 +extern struct gr_alloc_state *current_alloc_state;
121428 +
121429 +extern char *gr_shared_page[4];
121430 +DEFINE_RWLOCK(gr_inode_lock);
121431 +
121432 +static unsigned int gr_status __read_only = GR_STATUS_INIT;
121433 +
121434 +#ifdef CONFIG_NET
121435 +extern struct vfsmount *sock_mnt;
121436 +#endif
121437 +
121438 +extern struct vfsmount *pipe_mnt;
121439 +extern struct vfsmount *shm_mnt;
121440 +
121441 +#ifdef CONFIG_HUGETLBFS
121442 +extern struct vfsmount *hugetlbfs_vfsmount[HUGE_MAX_HSTATE];
121443 +#endif
121444 +
121445 +extern u16 acl_sp_role_value;
121446 +extern struct acl_object_label *fakefs_obj_rw;
121447 +extern struct acl_object_label *fakefs_obj_rwx;
121448 +
121449 +int gr_acl_is_enabled(void)
121450 +{
121451 + return (gr_status & GR_READY);
121452 +}
121453 +
121454 +void gr_enable_rbac_system(void)
121455 +{
121456 + pax_open_kernel();
121457 + gr_status |= GR_READY;
121458 + pax_close_kernel();
121459 +}
121460 +
121461 +int gr_rbac_disable(void *unused)
121462 +{
121463 + pax_open_kernel();
121464 + gr_status &= ~GR_READY;
121465 + pax_close_kernel();
121466 +
121467 + return 0;
121468 +}
121469 +
121470 +static inline dev_t __get_dev(const struct dentry *dentry)
121471 +{
121472 + struct dentry *ldentry = d_backing_dentry((struct dentry *)dentry);
121473 +
121474 +#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
121475 + if (ldentry->d_sb->s_magic == BTRFS_SUPER_MAGIC)
121476 + return BTRFS_I(d_inode(ldentry))->root->anon_dev;
121477 + else
121478 +#endif
121479 + return d_inode(ldentry)->i_sb->s_dev;
121480 +}
121481 +
121482 +static inline u64 __get_ino(const struct dentry *dentry)
121483 +{
121484 + struct dentry *ldentry = d_backing_dentry((struct dentry *)dentry);
121485 +
121486 +#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
121487 + if (ldentry->d_sb->s_magic == BTRFS_SUPER_MAGIC)
121488 + return btrfs_ino(d_inode(dentry));
121489 + else
121490 +#endif
121491 + return d_inode(ldentry)->i_ino;
121492 +}
121493 +
121494 +dev_t gr_get_dev_from_dentry(struct dentry *dentry)
121495 +{
121496 + return __get_dev(dentry);
121497 +}
121498 +
121499 +u64 gr_get_ino_from_dentry(struct dentry *dentry)
121500 +{
121501 + return __get_ino(dentry);
121502 +}
121503 +
121504 +static char gr_task_roletype_to_char(struct task_struct *task)
121505 +{
121506 + switch (task->role->roletype &
121507 + (GR_ROLE_DEFAULT | GR_ROLE_USER | GR_ROLE_GROUP |
121508 + GR_ROLE_SPECIAL)) {
121509 + case GR_ROLE_DEFAULT:
121510 + return 'D';
121511 + case GR_ROLE_USER:
121512 + return 'U';
121513 + case GR_ROLE_GROUP:
121514 + return 'G';
121515 + case GR_ROLE_SPECIAL:
121516 + return 'S';
121517 + }
121518 +
121519 + return 'X';
121520 +}
121521 +
121522 +char gr_roletype_to_char(void)
121523 +{
121524 + return gr_task_roletype_to_char(current);
121525 +}
121526 +
121527 +int
121528 +gr_acl_tpe_check(void)
121529 +{
121530 + if (unlikely(!(gr_status & GR_READY)))
121531 + return 0;
121532 + if (current->role->roletype & GR_ROLE_TPE)
121533 + return 1;
121534 + else
121535 + return 0;
121536 +}
121537 +
121538 +int
121539 +gr_handle_rawio(const struct inode *inode)
121540 +{
121541 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
121542 + if (inode && (S_ISBLK(inode->i_mode) || (S_ISCHR(inode->i_mode) && imajor(inode) == RAW_MAJOR)) &&
121543 + grsec_enable_chroot_caps && proc_is_chrooted(current) &&
121544 + !capable(CAP_SYS_RAWIO))
121545 + return 1;
121546 +#endif
121547 + return 0;
121548 +}
121549 +
121550 +int
121551 +gr_streq(const char *a, const char *b, const unsigned int lena, const unsigned int lenb)
121552 +{
121553 + if (likely(lena != lenb))
121554 + return 0;
121555 +
121556 + return !memcmp(a, b, lena);
121557 +}
121558 +
121559 +static int prepend(char **buffer, int *buflen, const char *str, int namelen)
121560 +{
121561 + *buflen -= namelen;
121562 + if (*buflen < 0)
121563 + return -ENAMETOOLONG;
121564 + *buffer -= namelen;
121565 + memcpy(*buffer, str, namelen);
121566 + return 0;
121567 +}
121568 +
121569 +static int prepend_name(char **buffer, int *buflen, struct qstr *name)
121570 +{
121571 + return prepend(buffer, buflen, (const char *)name->name, name->len);
121572 +}
121573 +
121574 +static int prepend_path(const struct path *path, struct path *root,
121575 + char **buffer, int *buflen)
121576 +{
121577 + struct dentry *dentry = path->dentry;
121578 + struct vfsmount *vfsmnt = path->mnt;
121579 + struct mount *mnt = real_mount(vfsmnt);
121580 + bool slash = false;
121581 + int error = 0;
121582 +
121583 + while (dentry != root->dentry || vfsmnt != root->mnt) {
121584 + struct dentry * parent;
121585 +
121586 + if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
121587 + /* Global root? */
121588 + if (!mnt_has_parent(mnt)) {
121589 + goto out;
121590 + }
121591 + dentry = mnt->mnt_mountpoint;
121592 + mnt = mnt->mnt_parent;
121593 + vfsmnt = &mnt->mnt;
121594 + continue;
121595 + }
121596 + parent = dentry->d_parent;
121597 + prefetch(parent);
121598 + spin_lock(&dentry->d_lock);
121599 + error = prepend_name(buffer, buflen, &dentry->d_name);
121600 + spin_unlock(&dentry->d_lock);
121601 + if (!error)
121602 + error = prepend(buffer, buflen, "/", 1);
121603 + if (error)
121604 + break;
121605 +
121606 + slash = true;
121607 + dentry = parent;
121608 + }
121609 +
121610 +out:
121611 + if (!error && !slash)
121612 + error = prepend(buffer, buflen, "/", 1);
121613 +
121614 + return error;
121615 +}
121616 +
121617 +/* this must be called with mount_lock and rename_lock held */
121618 +
121619 +static char *__our_d_path(const struct path *path, struct path *root,
121620 + char *buf, int buflen)
121621 +{
121622 + char *res = buf + buflen;
121623 + int error;
121624 +
121625 + prepend(&res, &buflen, "\0", 1);
121626 + error = prepend_path(path, root, &res, &buflen);
121627 + if (error)
121628 + return ERR_PTR(error);
121629 +
121630 + return res;
121631 +}
121632 +
121633 +static char *
121634 +gen_full_path(struct path *path, struct path *root, char *buf, int buflen)
121635 +{
121636 + char *retval;
121637 +
121638 + retval = __our_d_path(path, root, buf, buflen);
121639 + if (unlikely(IS_ERR(retval)))
121640 + retval = strcpy(buf, "<path too long>");
121641 + else if (unlikely(retval[1] == '/' && retval[2] == '\0'))
121642 + retval[1] = '\0';
121643 +
121644 + return retval;
121645 +}
121646 +
121647 +static char *
121648 +__d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
121649 + char *buf, int buflen)
121650 +{
121651 + struct path path;
121652 + char *res;
121653 +
121654 + path.dentry = (struct dentry *)dentry;
121655 + path.mnt = (struct vfsmount *)vfsmnt;
121656 +
121657 + /* we can use gr_real_root.dentry, gr_real_root.mnt, because this is only called
121658 + by the RBAC system */
121659 + res = gen_full_path(&path, &gr_real_root, buf, buflen);
121660 +
121661 + return res;
121662 +}
121663 +
121664 +static char *
121665 +d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
121666 + char *buf, int buflen)
121667 +{
121668 + char *res;
121669 + struct path path;
121670 + struct path root;
121671 + struct task_struct *reaper = init_pid_ns.child_reaper;
121672 +
121673 + path.dentry = (struct dentry *)dentry;
121674 + path.mnt = (struct vfsmount *)vfsmnt;
121675 +
121676 + /* we can't use gr_real_root.dentry, gr_real_root.mnt, because they belong only to the RBAC system */
121677 + get_fs_root(reaper->fs, &root);
121678 +
121679 + read_seqlock_excl(&mount_lock);
121680 + write_seqlock(&rename_lock);
121681 + res = gen_full_path(&path, &root, buf, buflen);
121682 + write_sequnlock(&rename_lock);
121683 + read_sequnlock_excl(&mount_lock);
121684 +
121685 + path_put(&root);
121686 + return res;
121687 +}
121688 +
121689 +char *
121690 +gr_to_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt)
121691 +{
121692 + char *ret;
121693 + read_seqlock_excl(&mount_lock);
121694 + write_seqlock(&rename_lock);
121695 + ret = __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()),
121696 + PAGE_SIZE);
121697 + write_sequnlock(&rename_lock);
121698 + read_sequnlock_excl(&mount_lock);
121699 + return ret;
121700 +}
121701 +
121702 +static char *
121703 +gr_to_proc_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt)
121704 +{
121705 + char *ret;
121706 + char *buf;
121707 + int buflen;
121708 +
121709 + read_seqlock_excl(&mount_lock);
121710 + write_seqlock(&rename_lock);
121711 + buf = per_cpu_ptr(gr_shared_page[0], smp_processor_id());
121712 + ret = __d_real_path(dentry, mnt, buf, PAGE_SIZE - 6);
121713 + buflen = (int)(ret - buf);
121714 + if (buflen >= 5)
121715 + prepend(&ret, &buflen, "/proc", 5);
121716 + else
121717 + ret = strcpy(buf, "<path too long>");
121718 + write_sequnlock(&rename_lock);
121719 + read_sequnlock_excl(&mount_lock);
121720 + return ret;
121721 +}
121722 +
121723 +char *
121724 +gr_to_filename_nolock(const struct dentry *dentry, const struct vfsmount *mnt)
121725 +{
121726 + return __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()),
121727 + PAGE_SIZE);
121728 +}
121729 +
121730 +char *
121731 +gr_to_filename(const struct dentry *dentry, const struct vfsmount *mnt)
121732 +{
121733 + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()),
121734 + PAGE_SIZE);
121735 +}
121736 +
121737 +char *
121738 +gr_to_filename1(const struct dentry *dentry, const struct vfsmount *mnt)
121739 +{
121740 + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[1], smp_processor_id()),
121741 + PAGE_SIZE);
121742 +}
121743 +
121744 +char *
121745 +gr_to_filename2(const struct dentry *dentry, const struct vfsmount *mnt)
121746 +{
121747 + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[2], smp_processor_id()),
121748 + PAGE_SIZE);
121749 +}
121750 +
121751 +char *
121752 +gr_to_filename3(const struct dentry *dentry, const struct vfsmount *mnt)
121753 +{
121754 + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[3], smp_processor_id()),
121755 + PAGE_SIZE);
121756 +}
121757 +
121758 +__u32
121759 +to_gr_audit(const __u32 reqmode)
121760 +{
121761 + /* masks off auditable permission flags, then shifts them to create
121762 + auditing flags, and adds the special case of append auditing if
121763 + we're requesting write */
121764 + return (((reqmode & ~GR_AUDITS) << 10) | ((reqmode & GR_WRITE) ? GR_AUDIT_APPEND : 0));
121765 +}
121766 +
121767 +struct acl_role_label *
121768 +__lookup_acl_role_label(const struct gr_policy_state *state, const struct task_struct *task, const uid_t uid,
121769 + const gid_t gid)
121770 +{
121771 + unsigned int index = gr_rhash(uid, GR_ROLE_USER, state->acl_role_set.r_size);
121772 + struct acl_role_label *match;
121773 + struct role_allowed_ip *ipp;
121774 + unsigned int x;
121775 + u32 curr_ip = task->signal->saved_ip;
121776 +
121777 + match = state->acl_role_set.r_hash[index];
121778 +
121779 + while (match) {
121780 + if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_USER)) == (GR_ROLE_DOMAIN | GR_ROLE_USER)) {
121781 + for (x = 0; x < match->domain_child_num; x++) {
121782 + if (match->domain_children[x] == uid)
121783 + goto found;
121784 + }
121785 + } else if (match->uidgid == uid && match->roletype & GR_ROLE_USER)
121786 + break;
121787 + match = match->next;
121788 + }
121789 +found:
121790 + if (match == NULL) {
121791 + try_group:
121792 + index = gr_rhash(gid, GR_ROLE_GROUP, state->acl_role_set.r_size);
121793 + match = state->acl_role_set.r_hash[index];
121794 +
121795 + while (match) {
121796 + if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) == (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) {
121797 + for (x = 0; x < match->domain_child_num; x++) {
121798 + if (match->domain_children[x] == gid)
121799 + goto found2;
121800 + }
121801 + } else if (match->uidgid == gid && match->roletype & GR_ROLE_GROUP)
121802 + break;
121803 + match = match->next;
121804 + }
121805 +found2:
121806 + if (match == NULL)
121807 + match = state->default_role;
121808 + if (match->allowed_ips == NULL)
121809 + return match;
121810 + else {
121811 + for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
121812 + if (likely
121813 + ((ntohl(curr_ip) & ipp->netmask) ==
121814 + (ntohl(ipp->addr) & ipp->netmask)))
121815 + return match;
121816 + }
121817 + match = state->default_role;
121818 + }
121819 + } else if (match->allowed_ips == NULL) {
121820 + return match;
121821 + } else {
121822 + for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
121823 + if (likely
121824 + ((ntohl(curr_ip) & ipp->netmask) ==
121825 + (ntohl(ipp->addr) & ipp->netmask)))
121826 + return match;
121827 + }
121828 + goto try_group;
121829 + }
121830 +
121831 + return match;
121832 +}
121833 +
121834 +static struct acl_role_label *
121835 +lookup_acl_role_label(const struct task_struct *task, const uid_t uid,
121836 + const gid_t gid)
121837 +{
121838 + return __lookup_acl_role_label(&running_polstate, task, uid, gid);
121839 +}
121840 +
121841 +struct acl_subject_label *
121842 +lookup_acl_subj_label(const u64 ino, const dev_t dev,
121843 + const struct acl_role_label *role)
121844 +{
121845 + unsigned int index = gr_fhash(ino, dev, role->subj_hash_size);
121846 + struct acl_subject_label *match;
121847 +
121848 + match = role->subj_hash[index];
121849 +
121850 + while (match && (match->inode != ino || match->device != dev ||
121851 + (match->mode & GR_DELETED))) {
121852 + match = match->next;
121853 + }
121854 +
121855 + if (match && !(match->mode & GR_DELETED))
121856 + return match;
121857 + else
121858 + return NULL;
121859 +}
121860 +
121861 +struct acl_subject_label *
121862 +lookup_acl_subj_label_deleted(const u64 ino, const dev_t dev,
121863 + const struct acl_role_label *role)
121864 +{
121865 + unsigned int index = gr_fhash(ino, dev, role->subj_hash_size);
121866 + struct acl_subject_label *match;
121867 +
121868 + match = role->subj_hash[index];
121869 +
121870 + while (match && (match->inode != ino || match->device != dev ||
121871 + !(match->mode & GR_DELETED))) {
121872 + match = match->next;
121873 + }
121874 +
121875 + if (match && (match->mode & GR_DELETED))
121876 + return match;
121877 + else
121878 + return NULL;
121879 +}
121880 +
121881 +static struct acl_object_label *
121882 +lookup_acl_obj_label(const u64 ino, const dev_t dev,
121883 + const struct acl_subject_label *subj)
121884 +{
121885 + unsigned int index = gr_fhash(ino, dev, subj->obj_hash_size);
121886 + struct acl_object_label *match;
121887 +
121888 + match = subj->obj_hash[index];
121889 +
121890 + while (match && (match->inode != ino || match->device != dev ||
121891 + (match->mode & GR_DELETED))) {
121892 + match = match->next;
121893 + }
121894 +
121895 + if (match && !(match->mode & GR_DELETED))
121896 + return match;
121897 + else
121898 + return NULL;
121899 +}
121900 +
121901 +static struct acl_object_label *
121902 +lookup_acl_obj_label_create(const u64 ino, const dev_t dev,
121903 + const struct acl_subject_label *subj)
121904 +{
121905 + unsigned int index = gr_fhash(ino, dev, subj->obj_hash_size);
121906 + struct acl_object_label *match;
121907 +
121908 + match = subj->obj_hash[index];
121909 +
121910 + while (match && (match->inode != ino || match->device != dev ||
121911 + !(match->mode & GR_DELETED))) {
121912 + match = match->next;
121913 + }
121914 +
121915 + if (match && (match->mode & GR_DELETED))
121916 + return match;
121917 +
121918 + match = subj->obj_hash[index];
121919 +
121920 + while (match && (match->inode != ino || match->device != dev ||
121921 + (match->mode & GR_DELETED))) {
121922 + match = match->next;
121923 + }
121924 +
121925 + if (match && !(match->mode & GR_DELETED))
121926 + return match;
121927 + else
121928 + return NULL;
121929 +}
121930 +
121931 +struct name_entry *
121932 +__lookup_name_entry(const struct gr_policy_state *state, const char *name)
121933 +{
121934 + unsigned int len = strlen(name);
121935 + unsigned int key = full_name_hash(NULL, (const unsigned char *)name, len);
121936 + unsigned int index = key % state->name_set.n_size;
121937 + struct name_entry *match;
121938 +
121939 + match = state->name_set.n_hash[index];
121940 +
121941 + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len)))
121942 + match = match->next;
121943 +
121944 + return match;
121945 +}
121946 +
121947 +static struct name_entry *
121948 +lookup_name_entry(const char *name)
121949 +{
121950 + return __lookup_name_entry(&running_polstate, name);
121951 +}
121952 +
121953 +static struct name_entry *
121954 +lookup_name_entry_create(const char *name)
121955 +{
121956 + unsigned int len = strlen(name);
121957 + unsigned int key = full_name_hash(NULL, (const unsigned char *)name, len);
121958 + unsigned int index = key % running_polstate.name_set.n_size;
121959 + struct name_entry *match;
121960 +
121961 + match = running_polstate.name_set.n_hash[index];
121962 +
121963 + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
121964 + !match->deleted))
121965 + match = match->next;
121966 +
121967 + if (match && match->deleted)
121968 + return match;
121969 +
121970 + match = running_polstate.name_set.n_hash[index];
121971 +
121972 + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
121973 + match->deleted))
121974 + match = match->next;
121975 +
121976 + if (match && !match->deleted)
121977 + return match;
121978 + else
121979 + return NULL;
121980 +}
121981 +
121982 +static struct inodev_entry *
121983 +lookup_inodev_entry(const u64 ino, const dev_t dev)
121984 +{
121985 + unsigned int index = gr_fhash(ino, dev, running_polstate.inodev_set.i_size);
121986 + struct inodev_entry *match;
121987 +
121988 + match = running_polstate.inodev_set.i_hash[index];
121989 +
121990 + while (match && (match->nentry->inode != ino || match->nentry->device != dev))
121991 + match = match->next;
121992 +
121993 + return match;
121994 +}
121995 +
121996 +void
121997 +__insert_inodev_entry(const struct gr_policy_state *state, struct inodev_entry *entry)
121998 +{
121999 + unsigned int index = gr_fhash(entry->nentry->inode, entry->nentry->device,
122000 + state->inodev_set.i_size);
122001 + struct inodev_entry **curr;
122002 +
122003 + entry->prev = NULL;
122004 +
122005 + curr = &state->inodev_set.i_hash[index];
122006 + if (*curr != NULL)
122007 + (*curr)->prev = entry;
122008 +
122009 + entry->next = *curr;
122010 + *curr = entry;
122011 +
122012 + return;
122013 +}
122014 +
122015 +static void
122016 +insert_inodev_entry(struct inodev_entry *entry)
122017 +{
122018 + __insert_inodev_entry(&running_polstate, entry);
122019 +}
122020 +
122021 +void
122022 +insert_acl_obj_label(struct acl_object_label *obj,
122023 + struct acl_subject_label *subj)
122024 +{
122025 + unsigned int index =
122026 + gr_fhash(obj->inode, obj->device, subj->obj_hash_size);
122027 + struct acl_object_label **curr;
122028 +
122029 + obj->prev = NULL;
122030 +
122031 + curr = &subj->obj_hash[index];
122032 + if (*curr != NULL)
122033 + (*curr)->prev = obj;
122034 +
122035 + obj->next = *curr;
122036 + *curr = obj;
122037 +
122038 + return;
122039 +}
122040 +
122041 +void
122042 +insert_acl_subj_label(struct acl_subject_label *obj,
122043 + struct acl_role_label *role)
122044 +{
122045 + unsigned int index = gr_fhash(obj->inode, obj->device, role->subj_hash_size);
122046 + struct acl_subject_label **curr;
122047 +
122048 + obj->prev = NULL;
122049 +
122050 + curr = &role->subj_hash[index];
122051 + if (*curr != NULL)
122052 + (*curr)->prev = obj;
122053 +
122054 + obj->next = *curr;
122055 + *curr = obj;
122056 +
122057 + return;
122058 +}
122059 +
122060 +/* derived from glibc fnmatch() 0: match, 1: no match*/
122061 +
122062 +static int
122063 +glob_match(const char *p, const char *n)
122064 +{
122065 + char c;
122066 +
122067 + while ((c = *p++) != '\0') {
122068 + switch (c) {
122069 + case '?':
122070 + if (*n == '\0')
122071 + return 1;
122072 + else if (*n == '/')
122073 + return 1;
122074 + break;
122075 + case '\\':
122076 + if (*n != c)
122077 + return 1;
122078 + break;
122079 + case '*':
122080 + for (c = *p++; c == '?' || c == '*'; c = *p++) {
122081 + if (*n == '/')
122082 + return 1;
122083 + else if (c == '?') {
122084 + if (*n == '\0')
122085 + return 1;
122086 + else
122087 + ++n;
122088 + }
122089 + }
122090 + if (c == '\0') {
122091 + return 0;
122092 + } else {
122093 + const char *endp;
122094 +
122095 + if ((endp = strchr(n, '/')) == NULL)
122096 + endp = n + strlen(n);
122097 +
122098 + if (c == '[') {
122099 + for (--p; n < endp; ++n)
122100 + if (!glob_match(p, n))
122101 + return 0;
122102 + } else if (c == '/') {
122103 + while (*n != '\0' && *n != '/')
122104 + ++n;
122105 + if (*n == '/' && !glob_match(p, n + 1))
122106 + return 0;
122107 + } else {
122108 + for (--p; n < endp; ++n)
122109 + if (*n == c && !glob_match(p, n))
122110 + return 0;
122111 + }
122112 +
122113 + return 1;
122114 + }
122115 + case '[':
122116 + {
122117 + int not;
122118 + char cold;
122119 +
122120 + if (*n == '\0' || *n == '/')
122121 + return 1;
122122 +
122123 + not = (*p == '!' || *p == '^');
122124 + if (not)
122125 + ++p;
122126 +
122127 + c = *p++;
122128 + for (;;) {
122129 + unsigned char fn = (unsigned char)*n;
122130 +
122131 + if (c == '\0')
122132 + return 1;
122133 + else {
122134 + if (c == fn)
122135 + goto matched;
122136 + cold = c;
122137 + c = *p++;
122138 +
122139 + if (c == '-' && *p != ']') {
122140 + unsigned char cend = *p++;
122141 +
122142 + if (cend == '\0')
122143 + return 1;
122144 +
122145 + if (cold <= fn && fn <= cend)
122146 + goto matched;
122147 +
122148 + c = *p++;
122149 + }
122150 + }
122151 +
122152 + if (c == ']')
122153 + break;
122154 + }
122155 + if (!not)
122156 + return 1;
122157 + break;
122158 + matched:
122159 + while (c != ']') {
122160 + if (c == '\0')
122161 + return 1;
122162 +
122163 + c = *p++;
122164 + }
122165 + if (not)
122166 + return 1;
122167 + }
122168 + break;
122169 + default:
122170 + if (c != *n)
122171 + return 1;
122172 + }
122173 +
122174 + ++n;
122175 + }
122176 +
122177 + if (*n == '\0')
122178 + return 0;
122179 +
122180 + if (*n == '/')
122181 + return 0;
122182 +
122183 + return 1;
122184 +}
122185 +
122186 +static struct acl_object_label *
122187 +chk_glob_label(struct acl_object_label *globbed,
122188 + const struct dentry *dentry, const struct vfsmount *mnt, char **path)
122189 +{
122190 + struct acl_object_label *tmp;
122191 +
122192 + if (*path == NULL)
122193 + *path = gr_to_filename_nolock(dentry, mnt);
122194 +
122195 + tmp = globbed;
122196 +
122197 + while (tmp) {
122198 + if (!glob_match(tmp->filename, *path))
122199 + return tmp;
122200 + tmp = tmp->next;
122201 + }
122202 +
122203 + return NULL;
122204 +}
122205 +
122206 +static struct acl_object_label *
122207 +__full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
122208 + const u64 curr_ino, const dev_t curr_dev,
122209 + const struct acl_subject_label *subj, char **path, const int checkglob)
122210 +{
122211 + struct acl_subject_label *tmpsubj;
122212 + struct acl_object_label *retval;
122213 + struct acl_object_label *retval2;
122214 +
122215 + tmpsubj = (struct acl_subject_label *) subj;
122216 + read_lock(&gr_inode_lock);
122217 + do {
122218 + retval = lookup_acl_obj_label(curr_ino, curr_dev, tmpsubj);
122219 + if (retval) {
122220 + if (checkglob && retval->globbed) {
122221 + retval2 = chk_glob_label(retval->globbed, orig_dentry, orig_mnt, path);
122222 + if (retval2)
122223 + retval = retval2;
122224 + }
122225 + break;
122226 + }
122227 + } while ((tmpsubj = tmpsubj->parent_subject));
122228 + read_unlock(&gr_inode_lock);
122229 +
122230 + return retval;
122231 +}
122232 +
122233 +static struct acl_object_label *
122234 +full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
122235 + struct dentry *curr_dentry,
122236 + const struct acl_subject_label *subj, char **path, const int checkglob)
122237 +{
122238 + int newglob = checkglob;
122239 + u64 inode;
122240 + dev_t device;
122241 +
122242 + /* if we aren't checking a subdirectory of the original path yet, don't do glob checking
122243 + as we don't want a / * rule to match instead of the / object
122244 + don't do this for create lookups that call this function though, since they're looking up
122245 + on the parent and thus need globbing checks on all paths
122246 + */
122247 + if (orig_dentry == curr_dentry && newglob != GR_CREATE_GLOB)
122248 + newglob = GR_NO_GLOB;
122249 +
122250 + spin_lock(&curr_dentry->d_lock);
122251 + inode = __get_ino(curr_dentry);
122252 + device = __get_dev(curr_dentry);
122253 + spin_unlock(&curr_dentry->d_lock);
122254 +
122255 + return __full_lookup(orig_dentry, orig_mnt, inode, device, subj, path, newglob);
122256 +}
122257 +
122258 +#ifdef CONFIG_HUGETLBFS
122259 +static inline bool
122260 +is_hugetlbfs_mnt(const struct vfsmount *mnt)
122261 +{
122262 + int i;
122263 + for (i = 0; i < HUGE_MAX_HSTATE; i++) {
122264 + if (unlikely(hugetlbfs_vfsmount[i] == mnt))
122265 + return true;
122266 + }
122267 +
122268 + return false;
122269 +}
122270 +#endif
122271 +
122272 +static struct acl_object_label *
122273 +__chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
122274 + const struct acl_subject_label *subj, char *path, const int checkglob)
122275 +{
122276 + struct dentry *dentry = (struct dentry *) l_dentry;
122277 + struct vfsmount *mnt = (struct vfsmount *) l_mnt;
122278 + struct inode * inode = d_backing_inode(dentry);
122279 + struct mount *real_mnt = real_mount(mnt);
122280 + struct acl_object_label *retval;
122281 + struct dentry *parent;
122282 +
122283 + read_seqlock_excl(&mount_lock);
122284 + write_seqlock(&rename_lock);
122285 +
122286 + if (unlikely((mnt == shm_mnt && inode->i_nlink == 0) || mnt == pipe_mnt ||
122287 +#ifdef CONFIG_NET
122288 + mnt == sock_mnt ||
122289 +#endif
122290 +#ifdef CONFIG_HUGETLBFS
122291 + (is_hugetlbfs_mnt(mnt) && inode->i_nlink == 0) ||
122292 +#endif
122293 + /* ignore Eric Biederman */
122294 + IS_PRIVATE(inode))) {
122295 + retval = (subj->mode & GR_SHMEXEC) ? fakefs_obj_rwx : fakefs_obj_rw;
122296 + goto out;
122297 + }
122298 +
122299 + for (;;) {
122300 + if (dentry == gr_real_root.dentry && mnt == gr_real_root.mnt)
122301 + break;
122302 +
122303 + if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
122304 + if (!mnt_has_parent(real_mnt))
122305 + break;
122306 +
122307 + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
122308 + if (retval != NULL)
122309 + goto out;
122310 +
122311 + dentry = real_mnt->mnt_mountpoint;
122312 + real_mnt = real_mnt->mnt_parent;
122313 + mnt = &real_mnt->mnt;
122314 + continue;
122315 + }
122316 +
122317 + parent = dentry->d_parent;
122318 + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
122319 + if (retval != NULL)
122320 + goto out;
122321 +
122322 + dentry = parent;
122323 + }
122324 +
122325 + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
122326 +
122327 + /* gr_real_root is pinned so we don't have to hold a reference */
122328 + if (retval == NULL)
122329 + retval = full_lookup(l_dentry, l_mnt, gr_real_root.dentry, subj, &path, checkglob);
122330 +out:
122331 + write_sequnlock(&rename_lock);
122332 + read_sequnlock_excl(&mount_lock);
122333 +
122334 + BUG_ON(retval == NULL);
122335 +
122336 + return retval;
122337 +}
122338 +
122339 +static struct acl_object_label *
122340 +chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
122341 + const struct acl_subject_label *subj)
122342 +{
122343 + char *path = NULL;
122344 + return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_REG_GLOB);
122345 +}
122346 +
122347 +static struct acl_object_label *
122348 +chk_obj_label_noglob(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
122349 + const struct acl_subject_label *subj)
122350 +{
122351 + char *path = NULL;
122352 + return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_NO_GLOB);
122353 +}
122354 +
122355 +static struct acl_object_label *
122356 +chk_obj_create_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
122357 + const struct acl_subject_label *subj, char *path)
122358 +{
122359 + return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_CREATE_GLOB);
122360 +}
122361 +
122362 +struct acl_subject_label *
122363 +chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
122364 + const struct acl_role_label *role)
122365 +{
122366 + struct dentry *dentry = (struct dentry *) l_dentry;
122367 + struct vfsmount *mnt = (struct vfsmount *) l_mnt;
122368 + struct mount *real_mnt = real_mount(mnt);
122369 + struct acl_subject_label *retval;
122370 + struct dentry *parent;
122371 +
122372 + read_seqlock_excl(&mount_lock);
122373 + write_seqlock(&rename_lock);
122374 +
122375 + for (;;) {
122376 + if (dentry == gr_real_root.dentry && mnt == gr_real_root.mnt)
122377 + break;
122378 + if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
122379 + if (!mnt_has_parent(real_mnt))
122380 + break;
122381 +
122382 + spin_lock(&dentry->d_lock);
122383 + read_lock(&gr_inode_lock);
122384 + retval =
122385 + lookup_acl_subj_label(__get_ino(dentry),
122386 + __get_dev(dentry), role);
122387 + read_unlock(&gr_inode_lock);
122388 + spin_unlock(&dentry->d_lock);
122389 + if (retval != NULL)
122390 + goto out;
122391 +
122392 + dentry = real_mnt->mnt_mountpoint;
122393 + real_mnt = real_mnt->mnt_parent;
122394 + mnt = &real_mnt->mnt;
122395 + continue;
122396 + }
122397 +
122398 + spin_lock(&dentry->d_lock);
122399 + read_lock(&gr_inode_lock);
122400 + retval = lookup_acl_subj_label(__get_ino(dentry),
122401 + __get_dev(dentry), role);
122402 + read_unlock(&gr_inode_lock);
122403 + parent = dentry->d_parent;
122404 + spin_unlock(&dentry->d_lock);
122405 +
122406 + if (retval != NULL)
122407 + goto out;
122408 +
122409 + dentry = parent;
122410 + }
122411 +
122412 + spin_lock(&dentry->d_lock);
122413 + read_lock(&gr_inode_lock);
122414 + retval = lookup_acl_subj_label(__get_ino(dentry),
122415 + __get_dev(dentry), role);
122416 + read_unlock(&gr_inode_lock);
122417 + spin_unlock(&dentry->d_lock);
122418 +
122419 + if (unlikely(retval == NULL)) {
122420 + /* gr_real_root is pinned, we don't need to hold a reference */
122421 + read_lock(&gr_inode_lock);
122422 + retval = lookup_acl_subj_label(__get_ino(gr_real_root.dentry),
122423 + __get_dev(gr_real_root.dentry), role);
122424 + read_unlock(&gr_inode_lock);
122425 + }
122426 +out:
122427 + write_sequnlock(&rename_lock);
122428 + read_sequnlock_excl(&mount_lock);
122429 +
122430 + BUG_ON(retval == NULL);
122431 +
122432 + return retval;
122433 +}
122434 +
122435 +void
122436 +assign_special_role(const char *rolename)
122437 +{
122438 + struct acl_object_label *obj;
122439 + struct acl_role_label *r;
122440 + struct acl_role_label *assigned = NULL;
122441 + struct task_struct *tsk;
122442 + struct file *filp;
122443 +
122444 + FOR_EACH_ROLE_START(r)
122445 + if (!strcmp(rolename, r->rolename) &&
122446 + (r->roletype & GR_ROLE_SPECIAL)) {
122447 + assigned = r;
122448 + break;
122449 + }
122450 + FOR_EACH_ROLE_END(r)
122451 +
122452 + if (!assigned)
122453 + return;
122454 +
122455 + read_lock(&tasklist_lock);
122456 + read_lock(&grsec_exec_file_lock);
122457 +
122458 + tsk = current->real_parent;
122459 + if (tsk == NULL)
122460 + goto out_unlock;
122461 +
122462 + filp = tsk->exec_file;
122463 + if (filp == NULL)
122464 + goto out_unlock;
122465 +
122466 + tsk->is_writable = 0;
122467 + tsk->inherited = 0;
122468 +
122469 + tsk->acl_sp_role = 1;
122470 + tsk->acl_role_id = ++acl_sp_role_value;
122471 + tsk->role = assigned;
122472 + tsk->acl = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role);
122473 +
122474 + /* ignore additional mmap checks for processes that are writable
122475 + by the default ACL */
122476 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, running_polstate.default_role->root_label);
122477 + if (unlikely(obj->mode & GR_WRITE))
122478 + tsk->is_writable = 1;
122479 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role->root_label);
122480 + if (unlikely(obj->mode & GR_WRITE))
122481 + tsk->is_writable = 1;
122482 +
122483 +#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
122484 + printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename,
122485 + tsk->acl->filename, tsk->comm, task_pid_nr(tsk));
122486 +#endif
122487 +
122488 +out_unlock:
122489 + read_unlock(&grsec_exec_file_lock);
122490 + read_unlock(&tasklist_lock);
122491 + return;
122492 +}
122493 +
122494 +
122495 +static void
122496 +gr_log_learn(const struct dentry *dentry, const struct vfsmount *mnt, const __u32 mode)
122497 +{
122498 + struct task_struct *task = current;
122499 + const struct cred *cred = current_cred();
122500 +
122501 + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype,
122502 + GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
122503 + task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
122504 + 1UL, 1UL, gr_to_filename(dentry, mnt), (unsigned long) mode, &task->signal->saved_ip);
122505 +
122506 + return;
122507 +}
122508 +
122509 +static void
122510 +gr_log_learn_uid_change(const kuid_t real, const kuid_t effective, const kuid_t fs)
122511 +{
122512 + struct task_struct *task = current;
122513 + const struct cred *cred = current_cred();
122514 +
122515 + security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype,
122516 + GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
122517 + task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
122518 + 'u', GR_GLOBAL_UID(real), GR_GLOBAL_UID(effective), GR_GLOBAL_UID(fs), &task->signal->saved_ip);
122519 +
122520 + return;
122521 +}
122522 +
122523 +static void
122524 +gr_log_learn_gid_change(const kgid_t real, const kgid_t effective, const kgid_t fs)
122525 +{
122526 + struct task_struct *task = current;
122527 + const struct cred *cred = current_cred();
122528 +
122529 + security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype,
122530 + GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
122531 + task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
122532 + 'g', GR_GLOBAL_GID(real), GR_GLOBAL_GID(effective), GR_GLOBAL_GID(fs), &task->signal->saved_ip);
122533 +
122534 + return;
122535 +}
122536 +
122537 +static void
122538 +gr_set_proc_res(struct task_struct *task)
122539 +{
122540 + struct acl_subject_label *proc;
122541 + unsigned short i;
122542 +
122543 + proc = task->acl;
122544 +
122545 + if (proc->mode & (GR_LEARN | GR_INHERITLEARN))
122546 + return;
122547 +
122548 + for (i = 0; i < RLIM_NLIMITS; i++) {
122549 + unsigned long rlim_cur, rlim_max;
122550 +
122551 + if (!(proc->resmask & (1U << i)))
122552 + continue;
122553 +
122554 + rlim_cur = proc->res[i].rlim_cur;
122555 + rlim_max = proc->res[i].rlim_max;
122556 +
122557 + if (i == RLIMIT_NOFILE) {
122558 + unsigned long saved_sysctl_nr_open = sysctl_nr_open;
122559 + if (rlim_cur > saved_sysctl_nr_open)
122560 + rlim_cur = saved_sysctl_nr_open;
122561 + if (rlim_max > saved_sysctl_nr_open)
122562 + rlim_max = saved_sysctl_nr_open;
122563 + }
122564 +
122565 + task->signal->rlim[i].rlim_cur = rlim_cur;
122566 + task->signal->rlim[i].rlim_max = rlim_max;
122567 +
122568 + if (i == RLIMIT_CPU)
122569 + update_rlimit_cpu(task, rlim_cur);
122570 + }
122571 +
122572 + return;
122573 +}
122574 +
122575 +/* both of the below must be called with
122576 + rcu_read_lock();
122577 + read_lock(&tasklist_lock);
122578 + read_lock(&grsec_exec_file_lock);
122579 + except in the case of gr_set_role_label() (for __gr_get_subject_for_task)
122580 +*/
122581 +
122582 +struct acl_subject_label *__gr_get_subject_for_task(const struct gr_policy_state *state, struct task_struct *task, const char *filename, int fallback)
122583 +{
122584 + char *tmpname;
122585 + struct acl_subject_label *tmpsubj;
122586 + struct file *filp;
122587 + struct name_entry *nmatch;
122588 +
122589 + filp = task->exec_file;
122590 + if (filp == NULL)
122591 + return NULL;
122592 +
122593 + /* the following is to apply the correct subject
122594 + on binaries running when the RBAC system
122595 + is enabled, when the binaries have been
122596 + replaced or deleted since their execution
122597 + -----
122598 + when the RBAC system starts, the inode/dev
122599 + from exec_file will be one the RBAC system
122600 + is unaware of. It only knows the inode/dev
122601 + of the present file on disk, or the absence
122602 + of it.
122603 + */
122604 +
122605 + if (filename)
122606 + nmatch = __lookup_name_entry(state, filename);
122607 + else {
122608 + preempt_disable();
122609 + tmpname = gr_to_filename_rbac(filp->f_path.dentry, filp->f_path.mnt);
122610 +
122611 + nmatch = __lookup_name_entry(state, tmpname);
122612 + preempt_enable();
122613 + }
122614 + tmpsubj = NULL;
122615 + if (nmatch) {
122616 + if (nmatch->deleted)
122617 + tmpsubj = lookup_acl_subj_label_deleted(nmatch->inode, nmatch->device, task->role);
122618 + else
122619 + tmpsubj = lookup_acl_subj_label(nmatch->inode, nmatch->device, task->role);
122620 + }
122621 + /* this also works for the reload case -- if we don't match a potentially inherited subject
122622 + then we fall back to a normal lookup based on the binary's ino/dev
122623 + */
122624 + if (tmpsubj == NULL && fallback)
122625 + tmpsubj = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, task->role);
122626 +
122627 + return tmpsubj;
122628 +}
122629 +
122630 +static struct acl_subject_label *gr_get_subject_for_task(struct task_struct *task, const char *filename, int fallback)
122631 +{
122632 + return __gr_get_subject_for_task(&running_polstate, task, filename, fallback);
122633 +}
122634 +
122635 +void __gr_apply_subject_to_task(const struct gr_policy_state *state, struct task_struct *task, struct acl_subject_label *subj)
122636 +{
122637 + struct acl_object_label *obj;
122638 + struct file *filp;
122639 +
122640 + filp = task->exec_file;
122641 +
122642 + task->acl = subj;
122643 + task->is_writable = 0;
122644 + /* ignore additional mmap checks for processes that are writable
122645 + by the default ACL */
122646 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, state->default_role->root_label);
122647 + if (unlikely(obj->mode & GR_WRITE))
122648 + task->is_writable = 1;
122649 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label);
122650 + if (unlikely(obj->mode & GR_WRITE))
122651 + task->is_writable = 1;
122652 +
122653 + gr_set_proc_res(task);
122654 +
122655 +#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
122656 + printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task_pid_nr(task), task->role->rolename, task->acl->filename);
122657 +#endif
122658 +}
122659 +
122660 +static void gr_apply_subject_to_task(struct task_struct *task, struct acl_subject_label *subj)
122661 +{
122662 + __gr_apply_subject_to_task(&running_polstate, task, subj);
122663 +}
122664 +
122665 +__u32
122666 +gr_search_file(const struct dentry * dentry, const __u32 mode,
122667 + const struct vfsmount * mnt)
122668 +{
122669 + __u32 retval = mode;
122670 + struct acl_subject_label *curracl;
122671 + struct acl_object_label *currobj;
122672 +
122673 + if (unlikely(!(gr_status & GR_READY)))
122674 + return (mode & ~GR_AUDITS);
122675 +
122676 + curracl = current->acl;
122677 +
122678 + currobj = chk_obj_label(dentry, mnt, curracl);
122679 + retval = currobj->mode & mode;
122680 +
122681 + /* if we're opening a specified transfer file for writing
122682 + (e.g. /dev/initctl), then transfer our role to init
122683 + */
122684 + if (unlikely(currobj->mode & GR_INIT_TRANSFER && retval & GR_WRITE &&
122685 + current->role->roletype & GR_ROLE_PERSIST)) {
122686 + struct task_struct *task = init_pid_ns.child_reaper;
122687 +
122688 + if (task->role != current->role) {
122689 + struct acl_subject_label *subj;
122690 +
122691 + task->acl_sp_role = 0;
122692 + task->acl_role_id = current->acl_role_id;
122693 + task->role = current->role;
122694 + rcu_read_lock();
122695 + read_lock(&grsec_exec_file_lock);
122696 + subj = gr_get_subject_for_task(task, NULL, 1);
122697 + gr_apply_subject_to_task(task, subj);
122698 + read_unlock(&grsec_exec_file_lock);
122699 + rcu_read_unlock();
122700 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_INIT_TRANSFER_MSG);
122701 + }
122702 + }
122703 +
122704 + if (unlikely
122705 + ((curracl->mode & (GR_LEARN | GR_INHERITLEARN)) && !(mode & GR_NOPTRACE)
122706 + && (retval != (mode & ~(GR_AUDITS | GR_SUPPRESS))))) {
122707 + __u32 new_mode = mode;
122708 +
122709 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
122710 +
122711 + retval = new_mode;
122712 +
122713 + if (new_mode & GR_EXEC && curracl->mode & GR_INHERITLEARN)
122714 + new_mode |= GR_INHERIT;
122715 +
122716 + if (!(mode & GR_NOLEARN))
122717 + gr_log_learn(dentry, mnt, new_mode);
122718 + }
122719 +
122720 + return retval;
122721 +}
122722 +
122723 +struct acl_object_label *gr_get_create_object(const struct dentry *new_dentry,
122724 + const struct dentry *parent,
122725 + const struct vfsmount *mnt)
122726 +{
122727 + struct name_entry *match;
122728 + struct acl_object_label *matchpo;
122729 + struct acl_subject_label *curracl;
122730 + char *path;
122731 +
122732 + if (unlikely(!(gr_status & GR_READY)))
122733 + return NULL;
122734 +
122735 + preempt_disable();
122736 + path = gr_to_filename_rbac(new_dentry, mnt);
122737 + match = lookup_name_entry_create(path);
122738 +
122739 + curracl = current->acl;
122740 +
122741 + if (match) {
122742 + read_lock(&gr_inode_lock);
122743 + matchpo = lookup_acl_obj_label_create(match->inode, match->device, curracl);
122744 + read_unlock(&gr_inode_lock);
122745 +
122746 + if (matchpo) {
122747 + preempt_enable();
122748 + return matchpo;
122749 + }
122750 + }
122751 +
122752 + // lookup parent
122753 +
122754 + matchpo = chk_obj_create_label(parent, mnt, curracl, path);
122755 +
122756 + preempt_enable();
122757 + return matchpo;
122758 +}
122759 +
122760 +__u32
122761 +gr_check_create(const struct dentry * new_dentry, const struct dentry * parent,
122762 + const struct vfsmount * mnt, const __u32 mode)
122763 +{
122764 + struct acl_object_label *matchpo;
122765 + __u32 retval;
122766 +
122767 + if (unlikely(!(gr_status & GR_READY)))
122768 + return (mode & ~GR_AUDITS);
122769 +
122770 + matchpo = gr_get_create_object(new_dentry, parent, mnt);
122771 +
122772 + retval = matchpo->mode & mode;
122773 +
122774 + if ((retval != (mode & ~(GR_AUDITS | GR_SUPPRESS)))
122775 + && (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))) {
122776 + __u32 new_mode = mode;
122777 +
122778 + new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
122779 +
122780 + gr_log_learn(new_dentry, mnt, new_mode);
122781 + return new_mode;
122782 + }
122783 +
122784 + return retval;
122785 +}
122786 +
122787 +__u32
122788 +gr_check_link(const struct dentry * new_dentry,
122789 + const struct dentry * parent_dentry,
122790 + const struct vfsmount * parent_mnt,
122791 + const struct dentry * old_dentry, const struct vfsmount * old_mnt)
122792 +{
122793 + struct acl_object_label *obj;
122794 + __u32 oldmode, newmode;
122795 + __u32 needmode;
122796 + __u32 checkmodes = GR_FIND | GR_APPEND | GR_WRITE | GR_EXEC | GR_SETID | GR_READ |
122797 + GR_DELETE | GR_INHERIT;
122798 +
122799 + if (unlikely(!(gr_status & GR_READY)))
122800 + return (GR_CREATE | GR_LINK);
122801 +
122802 + obj = chk_obj_label(old_dentry, old_mnt, current->acl);
122803 + oldmode = obj->mode;
122804 +
122805 + obj = gr_get_create_object(new_dentry, parent_dentry, parent_mnt);
122806 + newmode = obj->mode;
122807 +
122808 + needmode = newmode & checkmodes;
122809 +
122810 + // old name for hardlink must have at least the permissions of the new name
122811 + if ((oldmode & needmode) != needmode)
122812 + goto bad;
122813 +
122814 + // if old name had restrictions/auditing, make sure the new name does as well
122815 + needmode = oldmode & (GR_NOPTRACE | GR_PTRACERD | GR_INHERIT | GR_AUDITS);
122816 +
122817 + // don't allow hardlinking of suid/sgid/fcapped files without permission
122818 + if (is_privileged_binary(old_dentry))
122819 + needmode |= GR_SETID;
122820 +
122821 + if ((newmode & needmode) != needmode)
122822 + goto bad;
122823 +
122824 + // enforce minimum permissions
122825 + if ((newmode & (GR_CREATE | GR_LINK)) == (GR_CREATE | GR_LINK))
122826 + return newmode;
122827 +bad:
122828 + needmode = oldmode;
122829 + if (is_privileged_binary(old_dentry))
122830 + needmode |= GR_SETID;
122831 +
122832 + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) {
122833 + gr_log_learn(old_dentry, old_mnt, needmode | GR_CREATE | GR_LINK);
122834 + return (GR_CREATE | GR_LINK);
122835 + } else if (newmode & GR_SUPPRESS)
122836 + return GR_SUPPRESS;
122837 + else
122838 + return 0;
122839 +}
122840 +
122841 +int
122842 +gr_check_hidden_task(const struct task_struct *task)
122843 +{
122844 + if (unlikely(!(gr_status & GR_READY)))
122845 + return 0;
122846 +
122847 + if (!(task->acl->mode & GR_PROCFIND) && !(current->acl->mode & GR_VIEW))
122848 + return 1;
122849 +
122850 + return 0;
122851 +}
122852 +
122853 +int
122854 +gr_check_protected_task(const struct task_struct *task)
122855 +{
122856 + if (unlikely(!(gr_status & GR_READY) || !task))
122857 + return 0;
122858 +
122859 + if ((task->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL) &&
122860 + task->acl != current->acl)
122861 + return 1;
122862 +
122863 + return 0;
122864 +}
122865 +
122866 +int
122867 +gr_check_protected_task_fowner(struct pid *pid, enum pid_type type)
122868 +{
122869 + struct task_struct *p;
122870 + int ret = 0;
122871 +
122872 + if (unlikely(!(gr_status & GR_READY) || !pid))
122873 + return ret;
122874 +
122875 + read_lock(&tasklist_lock);
122876 + do_each_pid_task(pid, type, p) {
122877 + if ((p->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL) &&
122878 + p->acl != current->acl) {
122879 + ret = 1;
122880 + goto out;
122881 + }
122882 + } while_each_pid_task(pid, type, p);
122883 +out:
122884 + read_unlock(&tasklist_lock);
122885 +
122886 + return ret;
122887 +}
122888 +
122889 +void
122890 +gr_copy_label(struct task_struct *tsk)
122891 +{
122892 + struct task_struct *p = current;
122893 +
122894 + tsk->inherited = p->inherited;
122895 + tsk->acl_sp_role = 0;
122896 + tsk->acl_role_id = p->acl_role_id;
122897 + tsk->acl = p->acl;
122898 + tsk->role = p->role;
122899 + tsk->signal->used_accept = 0;
122900 + tsk->signal->curr_ip = p->signal->curr_ip;
122901 + tsk->signal->saved_ip = p->signal->saved_ip;
122902 + if (p->exec_file)
122903 + get_file(p->exec_file);
122904 + tsk->exec_file = p->exec_file;
122905 + tsk->is_writable = p->is_writable;
122906 + if (unlikely(p->signal->used_accept)) {
122907 + p->signal->curr_ip = 0;
122908 + p->signal->saved_ip = 0;
122909 + }
122910 +
122911 + return;
122912 +}
122913 +
122914 +extern int gr_process_kernel_setuid_ban(struct user_struct *user);
122915 +
122916 +int
122917 +gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs)
122918 +{
122919 + unsigned int i;
122920 + __u16 num;
122921 + uid_t *uidlist;
122922 + uid_t curuid;
122923 + int realok = 0;
122924 + int effectiveok = 0;
122925 + int fsok = 0;
122926 + uid_t globalreal, globaleffective, globalfs;
122927 +
122928 +#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT)
122929 + struct user_struct *user;
122930 +
122931 + if (!uid_valid(real))
122932 + goto skipit;
122933 +
122934 + /* find user based on global namespace */
122935 +
122936 + globalreal = GR_GLOBAL_UID(real);
122937 +
122938 + user = find_user(make_kuid(&init_user_ns, globalreal));
122939 + if (user == NULL)
122940 + goto skipit;
122941 +
122942 + if (gr_process_kernel_setuid_ban(user)) {
122943 + /* for find_user */
122944 + free_uid(user);
122945 + return 1;
122946 + }
122947 +
122948 + /* for find_user */
122949 + free_uid(user);
122950 +
122951 +skipit:
122952 +#endif
122953 +
122954 + if (unlikely(!(gr_status & GR_READY)))
122955 + return 0;
122956 +
122957 + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
122958 + gr_log_learn_uid_change(real, effective, fs);
122959 +
122960 + num = current->acl->user_trans_num;
122961 + uidlist = current->acl->user_transitions;
122962 +
122963 + if (uidlist == NULL)
122964 + return 0;
122965 +
122966 + if (!uid_valid(real)) {
122967 + realok = 1;
122968 + globalreal = (uid_t)-1;
122969 + } else {
122970 + globalreal = GR_GLOBAL_UID(real);
122971 + }
122972 + if (!uid_valid(effective)) {
122973 + effectiveok = 1;
122974 + globaleffective = (uid_t)-1;
122975 + } else {
122976 + globaleffective = GR_GLOBAL_UID(effective);
122977 + }
122978 + if (!uid_valid(fs)) {
122979 + fsok = 1;
122980 + globalfs = (uid_t)-1;
122981 + } else {
122982 + globalfs = GR_GLOBAL_UID(fs);
122983 + }
122984 +
122985 + if (current->acl->user_trans_type & GR_ID_ALLOW) {
122986 + for (i = 0; i < num; i++) {
122987 + curuid = uidlist[i];
122988 + if (globalreal == curuid)
122989 + realok = 1;
122990 + if (globaleffective == curuid)
122991 + effectiveok = 1;
122992 + if (globalfs == curuid)
122993 + fsok = 1;
122994 + }
122995 + } else if (current->acl->user_trans_type & GR_ID_DENY) {
122996 + for (i = 0; i < num; i++) {
122997 + curuid = uidlist[i];
122998 + if (globalreal == curuid)
122999 + break;
123000 + if (globaleffective == curuid)
123001 + break;
123002 + if (globalfs == curuid)
123003 + break;
123004 + }
123005 + /* not in deny list */
123006 + if (i == num) {
123007 + realok = 1;
123008 + effectiveok = 1;
123009 + fsok = 1;
123010 + }
123011 + }
123012 +
123013 + if (realok && effectiveok && fsok)
123014 + return 0;
123015 + else {
123016 + gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : globalfs) : globaleffective) : globalreal);
123017 + return 1;
123018 + }
123019 +}
123020 +
123021 +int
123022 +gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs)
123023 +{
123024 + unsigned int i;
123025 + __u16 num;
123026 + gid_t *gidlist;
123027 + gid_t curgid;
123028 + int realok = 0;
123029 + int effectiveok = 0;
123030 + int fsok = 0;
123031 + gid_t globalreal, globaleffective, globalfs;
123032 +
123033 + if (unlikely(!(gr_status & GR_READY)))
123034 + return 0;
123035 +
123036 + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
123037 + gr_log_learn_gid_change(real, effective, fs);
123038 +
123039 + num = current->acl->group_trans_num;
123040 + gidlist = current->acl->group_transitions;
123041 +
123042 + if (gidlist == NULL)
123043 + return 0;
123044 +
123045 + if (!gid_valid(real)) {
123046 + realok = 1;
123047 + globalreal = (gid_t)-1;
123048 + } else {
123049 + globalreal = GR_GLOBAL_GID(real);
123050 + }
123051 + if (!gid_valid(effective)) {
123052 + effectiveok = 1;
123053 + globaleffective = (gid_t)-1;
123054 + } else {
123055 + globaleffective = GR_GLOBAL_GID(effective);
123056 + }
123057 + if (!gid_valid(fs)) {
123058 + fsok = 1;
123059 + globalfs = (gid_t)-1;
123060 + } else {
123061 + globalfs = GR_GLOBAL_GID(fs);
123062 + }
123063 +
123064 + if (current->acl->group_trans_type & GR_ID_ALLOW) {
123065 + for (i = 0; i < num; i++) {
123066 + curgid = gidlist[i];
123067 + if (globalreal == curgid)
123068 + realok = 1;
123069 + if (globaleffective == curgid)
123070 + effectiveok = 1;
123071 + if (globalfs == curgid)
123072 + fsok = 1;
123073 + }
123074 + } else if (current->acl->group_trans_type & GR_ID_DENY) {
123075 + for (i = 0; i < num; i++) {
123076 + curgid = gidlist[i];
123077 + if (globalreal == curgid)
123078 + break;
123079 + if (globaleffective == curgid)
123080 + break;
123081 + if (globalfs == curgid)
123082 + break;
123083 + }
123084 + /* not in deny list */
123085 + if (i == num) {
123086 + realok = 1;
123087 + effectiveok = 1;
123088 + fsok = 1;
123089 + }
123090 + }
123091 +
123092 + if (realok && effectiveok && fsok)
123093 + return 0;
123094 + else {
123095 + gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : globalfs) : globaleffective) : globalreal);
123096 + return 1;
123097 + }
123098 +}
123099 +
123100 +extern int gr_acl_is_capable(const int cap);
123101 +
123102 +void
123103 +gr_set_role_label(struct task_struct *task, const kuid_t kuid, const kgid_t kgid)
123104 +{
123105 + struct acl_role_label *role = task->role;
123106 + struct acl_role_label *origrole = role;
123107 + struct acl_subject_label *subj = NULL;
123108 + struct acl_object_label *obj;
123109 + struct file *filp;
123110 + uid_t uid;
123111 + gid_t gid;
123112 +
123113 + if (unlikely(!(gr_status & GR_READY)))
123114 + return;
123115 +
123116 + uid = GR_GLOBAL_UID(kuid);
123117 + gid = GR_GLOBAL_GID(kgid);
123118 +
123119 + filp = task->exec_file;
123120 +
123121 + /* kernel process, we'll give them the kernel role */
123122 + if (unlikely(!filp)) {
123123 + task->role = running_polstate.kernel_role;
123124 + task->acl = running_polstate.kernel_role->root_label;
123125 + return;
123126 + } else if (!task->role || !(task->role->roletype & GR_ROLE_SPECIAL)) {
123127 + /* save the current ip at time of role lookup so that the proper
123128 + IP will be learned for role_allowed_ip */
123129 + task->signal->saved_ip = task->signal->curr_ip;
123130 + role = lookup_acl_role_label(task, uid, gid);
123131 + }
123132 +
123133 + /* don't change the role if we're not a privileged process */
123134 + if (role && task->role != role &&
123135 + (((role->roletype & GR_ROLE_USER) && !gr_acl_is_capable(CAP_SETUID)) ||
123136 + ((role->roletype & GR_ROLE_GROUP) && !gr_acl_is_capable(CAP_SETGID))))
123137 + return;
123138 +
123139 + task->role = role;
123140 +
123141 + if (task->inherited) {
123142 + /* if we reached our subject through inheritance, then first see
123143 + if there's a subject of the same name in the new role that has
123144 + an object that would result in the same inherited subject
123145 + */
123146 + subj = gr_get_subject_for_task(task, task->acl->filename, 0);
123147 + if (subj) {
123148 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, subj);
123149 + if (!(obj->mode & GR_INHERIT))
123150 + subj = NULL;
123151 + }
123152 +
123153 + }
123154 + if (subj == NULL) {
123155 + /* otherwise:
123156 + perform subject lookup in possibly new role
123157 + we can use this result below in the case where role == task->role
123158 + */
123159 + subj = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, role);
123160 + }
123161 +
123162 + /* if we changed uid/gid, but result in the same role
123163 + and are using inheritance, don't lose the inherited subject
123164 + if current subject is other than what normal lookup
123165 + would result in, we arrived via inheritance, don't
123166 + lose subject
123167 + */
123168 + if (role != origrole || (!(task->acl->mode & GR_INHERITLEARN) &&
123169 + (subj == task->acl)))
123170 + task->acl = subj;
123171 +
123172 + /* leave task->inherited unaffected */
123173 +
123174 + task->is_writable = 0;
123175 +
123176 + /* ignore additional mmap checks for processes that are writable
123177 + by the default ACL */
123178 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, running_polstate.default_role->root_label);
123179 + if (unlikely(obj->mode & GR_WRITE))
123180 + task->is_writable = 1;
123181 + obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label);
123182 + if (unlikely(obj->mode & GR_WRITE))
123183 + task->is_writable = 1;
123184 +
123185 +#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
123186 + printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task_pid_nr(task), task->role->rolename, task->acl->filename);
123187 +#endif
123188 +
123189 + gr_set_proc_res(task);
123190 +
123191 + return;
123192 +}
123193 +
123194 +int
123195 +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt,
123196 + const int unsafe_flags)
123197 +{
123198 + struct task_struct *task = current;
123199 + struct acl_subject_label *newacl;
123200 + struct acl_object_label *obj;
123201 + __u32 retmode;
123202 +
123203 + if (unlikely(!(gr_status & GR_READY)))
123204 + return 0;
123205 +
123206 + newacl = chk_subj_label(dentry, mnt, task->role);
123207 +
123208 + /* special handling for if we did an strace -f -p <pid> from an admin role, where pid then
123209 + did an exec
123210 + */
123211 + rcu_read_lock();
123212 + read_lock(&tasklist_lock);
123213 + if (task->ptrace && task->parent && ((task->parent->role->roletype & GR_ROLE_GOD) ||
123214 + (task->parent->acl->mode & GR_POVERRIDE))) {
123215 + read_unlock(&tasklist_lock);
123216 + rcu_read_unlock();
123217 + goto skip_check;
123218 + }
123219 + read_unlock(&tasklist_lock);
123220 + rcu_read_unlock();
123221 +
123222 + if (unsafe_flags && !(task->acl->mode & GR_POVERRIDE) && (task->acl != newacl) &&
123223 + !(task->role->roletype & GR_ROLE_GOD) &&
123224 + !gr_search_file(dentry, GR_PTRACERD, mnt) &&
123225 + !(task->acl->mode & (GR_LEARN | GR_INHERITLEARN))) {
123226 + if (unsafe_flags & LSM_UNSAFE_SHARE)
123227 + gr_log_fs_generic(GR_DONT_AUDIT, GR_UNSAFESHARE_EXEC_ACL_MSG, dentry, mnt);
123228 + else
123229 + gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_EXEC_ACL_MSG, dentry, mnt);
123230 + return -EACCES;
123231 + }
123232 +
123233 +skip_check:
123234 +
123235 + obj = chk_obj_label(dentry, mnt, task->acl);
123236 + retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT);
123237 +
123238 + if (!(task->acl->mode & GR_INHERITLEARN) &&
123239 + ((newacl->mode & GR_LEARN) || !(retmode & GR_INHERIT))) {
123240 + if (obj->nested)
123241 + task->acl = obj->nested;
123242 + else
123243 + task->acl = newacl;
123244 + task->inherited = 0;
123245 + } else {
123246 + task->inherited = 1;
123247 + if (retmode & GR_INHERIT && retmode & GR_AUDIT_INHERIT)
123248 + gr_log_str_fs(GR_DO_AUDIT, GR_INHERIT_ACL_MSG, task->acl->filename, dentry, mnt);
123249 + }
123250 +
123251 + task->is_writable = 0;
123252 +
123253 + /* ignore additional mmap checks for processes that are writable
123254 + by the default ACL */
123255 + obj = chk_obj_label(dentry, mnt, running_polstate.default_role->root_label);
123256 + if (unlikely(obj->mode & GR_WRITE))
123257 + task->is_writable = 1;
123258 + obj = chk_obj_label(dentry, mnt, task->role->root_label);
123259 + if (unlikely(obj->mode & GR_WRITE))
123260 + task->is_writable = 1;
123261 +
123262 + gr_set_proc_res(task);
123263 +
123264 +#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
123265 + printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", task->comm, task_pid_nr(task), task->role->rolename, task->acl->filename);
123266 +#endif
123267 + return 0;
123268 +}
123269 +
123270 +/* always called with valid inodev ptr */
123271 +static void
123272 +do_handle_delete(struct inodev_entry *inodev, const u64 ino, const dev_t dev)
123273 +{
123274 + struct acl_object_label *matchpo;
123275 + struct acl_subject_label *matchps;
123276 + struct acl_subject_label *subj;
123277 + struct acl_role_label *role;
123278 + unsigned int x;
123279 +
123280 + FOR_EACH_ROLE_START(role)
123281 + FOR_EACH_SUBJECT_START(role, subj, x)
123282 + if ((matchpo = lookup_acl_obj_label(ino, dev, subj)) != NULL)
123283 + matchpo->mode |= GR_DELETED;
123284 + FOR_EACH_SUBJECT_END(subj,x)
123285 + FOR_EACH_NESTED_SUBJECT_START(role, subj)
123286 + /* nested subjects aren't in the role's subj_hash table */
123287 + if ((matchpo = lookup_acl_obj_label(ino, dev, subj)) != NULL)
123288 + matchpo->mode |= GR_DELETED;
123289 + FOR_EACH_NESTED_SUBJECT_END(subj)
123290 + if ((matchps = lookup_acl_subj_label(ino, dev, role)) != NULL)
123291 + matchps->mode |= GR_DELETED;
123292 + FOR_EACH_ROLE_END(role)
123293 +
123294 + inodev->nentry->deleted = 1;
123295 +
123296 + return;
123297 +}
123298 +
123299 +void
123300 +gr_handle_delete(const u64 ino, const dev_t dev)
123301 +{
123302 + struct inodev_entry *inodev;
123303 +
123304 + if (unlikely(!(gr_status & GR_READY)))
123305 + return;
123306 +
123307 + write_lock(&gr_inode_lock);
123308 + inodev = lookup_inodev_entry(ino, dev);
123309 + if (inodev != NULL)
123310 + do_handle_delete(inodev, ino, dev);
123311 + write_unlock(&gr_inode_lock);
123312 +
123313 + return;
123314 +}
123315 +
123316 +static void
123317 +update_acl_obj_label(const u64 oldinode, const dev_t olddevice,
123318 + const u64 newinode, const dev_t newdevice,
123319 + struct acl_subject_label *subj)
123320 +{
123321 + unsigned int index = gr_fhash(oldinode, olddevice, subj->obj_hash_size);
123322 + struct acl_object_label *match;
123323 +
123324 + match = subj->obj_hash[index];
123325 +
123326 + while (match && (match->inode != oldinode ||
123327 + match->device != olddevice ||
123328 + !(match->mode & GR_DELETED)))
123329 + match = match->next;
123330 +
123331 + if (match && (match->inode == oldinode)
123332 + && (match->device == olddevice)
123333 + && (match->mode & GR_DELETED)) {
123334 + if (match->prev == NULL) {
123335 + subj->obj_hash[index] = match->next;
123336 + if (match->next != NULL)
123337 + match->next->prev = NULL;
123338 + } else {
123339 + match->prev->next = match->next;
123340 + if (match->next != NULL)
123341 + match->next->prev = match->prev;
123342 + }
123343 + match->prev = NULL;
123344 + match->next = NULL;
123345 + match->inode = newinode;
123346 + match->device = newdevice;
123347 + match->mode &= ~GR_DELETED;
123348 +
123349 + insert_acl_obj_label(match, subj);
123350 + }
123351 +
123352 + return;
123353 +}
123354 +
123355 +static void
123356 +update_acl_subj_label(const u64 oldinode, const dev_t olddevice,
123357 + const u64 newinode, const dev_t newdevice,
123358 + struct acl_role_label *role)
123359 +{
123360 + unsigned int index = gr_fhash(oldinode, olddevice, role->subj_hash_size);
123361 + struct acl_subject_label *match;
123362 +
123363 + match = role->subj_hash[index];
123364 +
123365 + while (match && (match->inode != oldinode ||
123366 + match->device != olddevice ||
123367 + !(match->mode & GR_DELETED)))
123368 + match = match->next;
123369 +
123370 + if (match && (match->inode == oldinode)
123371 + && (match->device == olddevice)
123372 + && (match->mode & GR_DELETED)) {
123373 + if (match->prev == NULL) {
123374 + role->subj_hash[index] = match->next;
123375 + if (match->next != NULL)
123376 + match->next->prev = NULL;
123377 + } else {
123378 + match->prev->next = match->next;
123379 + if (match->next != NULL)
123380 + match->next->prev = match->prev;
123381 + }
123382 + match->prev = NULL;
123383 + match->next = NULL;
123384 + match->inode = newinode;
123385 + match->device = newdevice;
123386 + match->mode &= ~GR_DELETED;
123387 +
123388 + insert_acl_subj_label(match, role);
123389 + }
123390 +
123391 + return;
123392 +}
123393 +
123394 +static void
123395 +update_inodev_entry(const u64 oldinode, const dev_t olddevice,
123396 + const u64 newinode, const dev_t newdevice)
123397 +{
123398 + unsigned int index = gr_fhash(oldinode, olddevice, running_polstate.inodev_set.i_size);
123399 + struct inodev_entry *match;
123400 +
123401 + match = running_polstate.inodev_set.i_hash[index];
123402 +
123403 + while (match && (match->nentry->inode != oldinode ||
123404 + match->nentry->device != olddevice || !match->nentry->deleted))
123405 + match = match->next;
123406 +
123407 + if (match && (match->nentry->inode == oldinode)
123408 + && (match->nentry->device == olddevice) &&
123409 + match->nentry->deleted) {
123410 + if (match->prev == NULL) {
123411 + running_polstate.inodev_set.i_hash[index] = match->next;
123412 + if (match->next != NULL)
123413 + match->next->prev = NULL;
123414 + } else {
123415 + match->prev->next = match->next;
123416 + if (match->next != NULL)
123417 + match->next->prev = match->prev;
123418 + }
123419 + match->prev = NULL;
123420 + match->next = NULL;
123421 + match->nentry->inode = newinode;
123422 + match->nentry->device = newdevice;
123423 + match->nentry->deleted = 0;
123424 +
123425 + insert_inodev_entry(match);
123426 + }
123427 +
123428 + return;
123429 +}
123430 +
123431 +static void
123432 +__do_handle_create(const struct name_entry *matchn, u64 ino, dev_t dev)
123433 +{
123434 + struct acl_subject_label *subj;
123435 + struct acl_role_label *role;
123436 + unsigned int x;
123437 +
123438 + FOR_EACH_ROLE_START(role)
123439 + update_acl_subj_label(matchn->inode, matchn->device, ino, dev, role);
123440 +
123441 + FOR_EACH_NESTED_SUBJECT_START(role, subj)
123442 + if ((subj->inode == ino) && (subj->device == dev)) {
123443 + subj->inode = ino;
123444 + subj->device = dev;
123445 + }
123446 + /* nested subjects aren't in the role's subj_hash table */
123447 + update_acl_obj_label(matchn->inode, matchn->device,
123448 + ino, dev, subj);
123449 + FOR_EACH_NESTED_SUBJECT_END(subj)
123450 + FOR_EACH_SUBJECT_START(role, subj, x)
123451 + update_acl_obj_label(matchn->inode, matchn->device,
123452 + ino, dev, subj);
123453 + FOR_EACH_SUBJECT_END(subj,x)
123454 + FOR_EACH_ROLE_END(role)
123455 +
123456 + update_inodev_entry(matchn->inode, matchn->device, ino, dev);
123457 +
123458 + return;
123459 +}
123460 +
123461 +static void
123462 +do_handle_create(const struct name_entry *matchn, const struct dentry *dentry,
123463 + const struct vfsmount *mnt)
123464 +{
123465 + u64 ino = __get_ino(dentry);
123466 + dev_t dev = __get_dev(dentry);
123467 +
123468 + __do_handle_create(matchn, ino, dev);
123469 +
123470 + return;
123471 +}
123472 +
123473 +void
123474 +gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
123475 +{
123476 + struct name_entry *matchn;
123477 +
123478 + if (unlikely(!(gr_status & GR_READY)))
123479 + return;
123480 +
123481 + preempt_disable();
123482 + matchn = lookup_name_entry(gr_to_filename_rbac(dentry, mnt));
123483 +
123484 + if (unlikely((unsigned long)matchn)) {
123485 + write_lock(&gr_inode_lock);
123486 + do_handle_create(matchn, dentry, mnt);
123487 + write_unlock(&gr_inode_lock);
123488 + }
123489 + preempt_enable();
123490 +
123491 + return;
123492 +}
123493 +
123494 +void
123495 +gr_handle_proc_create(const struct dentry *dentry, const struct inode *inode)
123496 +{
123497 + struct name_entry *matchn;
123498 +
123499 + if (unlikely(!(gr_status & GR_READY)))
123500 + return;
123501 +
123502 + preempt_disable();
123503 + matchn = lookup_name_entry(gr_to_proc_filename_rbac(dentry, init_pid_ns.proc_mnt));
123504 +
123505 + if (unlikely((unsigned long)matchn)) {
123506 + write_lock(&gr_inode_lock);
123507 + __do_handle_create(matchn, inode->i_ino, inode->i_sb->s_dev);
123508 + write_unlock(&gr_inode_lock);
123509 + }
123510 + preempt_enable();
123511 +
123512 + return;
123513 +}
123514 +
123515 +void
123516 +gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
123517 + struct dentry *old_dentry,
123518 + struct dentry *new_dentry,
123519 + struct vfsmount *mnt, const __u8 replace, unsigned int flags)
123520 +{
123521 + struct name_entry *matchn;
123522 + struct name_entry *matchn2 = NULL;
123523 + struct inodev_entry *inodev;
123524 + struct inode *inode = d_backing_inode(new_dentry);
123525 + struct inode *old_inode = d_backing_inode(old_dentry);
123526 + u64 old_ino = __get_ino(old_dentry);
123527 + dev_t old_dev = __get_dev(old_dentry);
123528 + unsigned int exchange = flags & RENAME_EXCHANGE;
123529 +
123530 + /* vfs_rename swaps the name and parent link for old_dentry and
123531 + new_dentry
123532 + at this point, old_dentry has the new name, parent link, and inode
123533 + for the renamed file
123534 + if a file is being replaced by a rename, new_dentry has the inode
123535 + and name for the replaced file
123536 + */
123537 +
123538 + if (unlikely(!(gr_status & GR_READY)))
123539 + return;
123540 +
123541 + preempt_disable();
123542 + matchn = lookup_name_entry(gr_to_filename_rbac(old_dentry, mnt));
123543 +
123544 + /* exchange cases:
123545 + a filename exists for the source, but not dest
123546 + do a recreate on source
123547 + a filename exists for the dest, but not source
123548 + do a recreate on dest
123549 + a filename exists for both source and dest
123550 + delete source and dest, then create source and dest
123551 + a filename exists for neither source nor dest
123552 + no updates needed
123553 +
123554 + the name entry lookups get us the old inode/dev associated with
123555 + each name, so do the deletes first (if possible) so that when
123556 + we do the create, we pick up on the right entries
123557 + */
123558 +
123559 + if (exchange)
123560 + matchn2 = lookup_name_entry(gr_to_filename_rbac(new_dentry, mnt));
123561 +
123562 + /* we wouldn't have to check d_inode if it weren't for
123563 + NFS silly-renaming
123564 + */
123565 +
123566 + write_lock(&gr_inode_lock);
123567 + if (unlikely((replace || exchange) && inode)) {
123568 + u64 new_ino = __get_ino(new_dentry);
123569 + dev_t new_dev = __get_dev(new_dentry);
123570 +
123571 + inodev = lookup_inodev_entry(new_ino, new_dev);
123572 + if (inodev != NULL && ((inode->i_nlink <= 1) || d_is_dir(new_dentry)))
123573 + do_handle_delete(inodev, new_ino, new_dev);
123574 + }
123575 +
123576 + inodev = lookup_inodev_entry(old_ino, old_dev);
123577 + if (inodev != NULL && ((old_inode->i_nlink <= 1) || d_is_dir(old_dentry)))
123578 + do_handle_delete(inodev, old_ino, old_dev);
123579 +
123580 + if (unlikely(matchn != NULL))
123581 + do_handle_create(matchn, old_dentry, mnt);
123582 +
123583 + if (unlikely(matchn2 != NULL))
123584 + do_handle_create(matchn2, new_dentry, mnt);
123585 +
123586 + write_unlock(&gr_inode_lock);
123587 + preempt_enable();
123588 +
123589 + return;
123590 +}
123591 +
123592 +#if defined(CONFIG_GRKERNSEC_RESLOG) || !defined(CONFIG_GRKERNSEC_NO_RBAC)
123593 +static const unsigned long res_learn_bumps[GR_NLIMITS] = {
123594 + [RLIMIT_CPU] = GR_RLIM_CPU_BUMP,
123595 + [RLIMIT_FSIZE] = GR_RLIM_FSIZE_BUMP,
123596 + [RLIMIT_DATA] = GR_RLIM_DATA_BUMP,
123597 + [RLIMIT_STACK] = GR_RLIM_STACK_BUMP,
123598 + [RLIMIT_CORE] = GR_RLIM_CORE_BUMP,
123599 + [RLIMIT_RSS] = GR_RLIM_RSS_BUMP,
123600 + [RLIMIT_NPROC] = GR_RLIM_NPROC_BUMP,
123601 + [RLIMIT_NOFILE] = GR_RLIM_NOFILE_BUMP,
123602 + [RLIMIT_MEMLOCK] = GR_RLIM_MEMLOCK_BUMP,
123603 + [RLIMIT_AS] = GR_RLIM_AS_BUMP,
123604 + [RLIMIT_LOCKS] = GR_RLIM_LOCKS_BUMP,
123605 + [RLIMIT_SIGPENDING] = GR_RLIM_SIGPENDING_BUMP,
123606 + [RLIMIT_MSGQUEUE] = GR_RLIM_MSGQUEUE_BUMP,
123607 + [RLIMIT_NICE] = GR_RLIM_NICE_BUMP,
123608 + [RLIMIT_RTPRIO] = GR_RLIM_RTPRIO_BUMP,
123609 + [RLIMIT_RTTIME] = GR_RLIM_RTTIME_BUMP
123610 +};
123611 +
123612 +void
123613 +gr_learn_resource(const struct task_struct *task,
123614 + const int res, const unsigned long wanted, const int gt)
123615 +{
123616 + struct acl_subject_label *acl;
123617 + const struct cred *cred;
123618 +
123619 + if (unlikely((gr_status & GR_READY) &&
123620 + task->acl && (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))))
123621 + goto skip_reslog;
123622 +
123623 + gr_log_resource(task, res, wanted, gt);
123624 +skip_reslog:
123625 +
123626 + if (unlikely(!(gr_status & GR_READY) || !wanted || res >= GR_NLIMITS))
123627 + return;
123628 +
123629 + acl = task->acl;
123630 +
123631 + if (likely(!acl || !(acl->mode & (GR_LEARN | GR_INHERITLEARN)) ||
123632 + !(acl->resmask & (1U << (unsigned short) res))))
123633 + return;
123634 +
123635 + if (wanted >= acl->res[res].rlim_cur) {
123636 + unsigned long res_add;
123637 +
123638 + res_add = wanted + res_learn_bumps[res];
123639 +
123640 + acl->res[res].rlim_cur = res_add;
123641 +
123642 + if (wanted > acl->res[res].rlim_max)
123643 + acl->res[res].rlim_max = res_add;
123644 +
123645 + /* only log the subject filename, since resource logging is supported for
123646 + single-subject learning only */
123647 + rcu_read_lock();
123648 + cred = __task_cred(task);
123649 + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
123650 + task->role->roletype, GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), acl->filename,
123651 + acl->filename, acl->res[res].rlim_cur, acl->res[res].rlim_max,
123652 + "", (unsigned long) res, &task->signal->saved_ip);
123653 + rcu_read_unlock();
123654 + }
123655 +
123656 + return;
123657 +}
123658 +EXPORT_SYMBOL_GPL(gr_learn_resource);
123659 +#endif
123660 +
123661 +#if defined(CONFIG_PAX_HAVE_ACL_FLAGS) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR))
123662 +void
123663 +pax_set_initial_flags(struct linux_binprm *bprm)
123664 +{
123665 + struct task_struct *task = current;
123666 + struct acl_subject_label *proc;
123667 + unsigned long flags;
123668 +
123669 + if (unlikely(!(gr_status & GR_READY)))
123670 + return;
123671 +
123672 + flags = pax_get_flags(task);
123673 +
123674 + proc = task->acl;
123675 +
123676 + if (proc->pax_flags & GR_PAX_DISABLE_PAGEEXEC)
123677 + flags &= ~MF_PAX_PAGEEXEC;
123678 + if (proc->pax_flags & GR_PAX_DISABLE_SEGMEXEC)
123679 + flags &= ~MF_PAX_SEGMEXEC;
123680 + if (proc->pax_flags & GR_PAX_DISABLE_RANDMMAP)
123681 + flags &= ~MF_PAX_RANDMMAP;
123682 + if (proc->pax_flags & GR_PAX_DISABLE_EMUTRAMP)
123683 + flags &= ~MF_PAX_EMUTRAMP;
123684 + if (proc->pax_flags & GR_PAX_DISABLE_MPROTECT)
123685 + flags &= ~MF_PAX_MPROTECT;
123686 +
123687 + if (proc->pax_flags & GR_PAX_ENABLE_PAGEEXEC)
123688 + flags |= MF_PAX_PAGEEXEC;
123689 + if (proc->pax_flags & GR_PAX_ENABLE_SEGMEXEC)
123690 + flags |= MF_PAX_SEGMEXEC;
123691 + if (proc->pax_flags & GR_PAX_ENABLE_RANDMMAP)
123692 + flags |= MF_PAX_RANDMMAP;
123693 + if (proc->pax_flags & GR_PAX_ENABLE_EMUTRAMP)
123694 + flags |= MF_PAX_EMUTRAMP;
123695 + if (proc->pax_flags & GR_PAX_ENABLE_MPROTECT)
123696 + flags |= MF_PAX_MPROTECT;
123697 +
123698 + pax_set_flags(task, flags);
123699 +
123700 + return;
123701 +}
123702 +#endif
123703 +
123704 +int
123705 +gr_handle_proc_ptrace(struct task_struct *task)
123706 +{
123707 + struct file *filp;
123708 + struct task_struct *tmp = task;
123709 + struct task_struct *curtemp = current;
123710 + __u32 retmode;
123711 +
123712 +#ifndef CONFIG_GRKERNSEC_HARDEN_PTRACE
123713 + if (unlikely(!(gr_status & GR_READY)))
123714 + return 0;
123715 +#endif
123716 +
123717 + read_lock(&tasklist_lock);
123718 + read_lock(&grsec_exec_file_lock);
123719 + filp = task->exec_file;
123720 +
123721 + while (task_pid_nr(tmp) > 0) {
123722 + if (tmp == curtemp)
123723 + break;
123724 + tmp = tmp->real_parent;
123725 + }
123726 +
123727 + if (!filp || (task_pid_nr(tmp) == 0 && ((grsec_enable_harden_ptrace && gr_is_global_nonroot(current_uid()) && !(gr_status & GR_READY)) ||
123728 + ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE))))) {
123729 + read_unlock(&grsec_exec_file_lock);
123730 + read_unlock(&tasklist_lock);
123731 + return 1;
123732 + }
123733 +
123734 +#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
123735 + if (!(gr_status & GR_READY)) {
123736 + read_unlock(&grsec_exec_file_lock);
123737 + read_unlock(&tasklist_lock);
123738 + return 0;
123739 + }
123740 +#endif
123741 +
123742 + retmode = gr_search_file(filp->f_path.dentry, GR_NOPTRACE, filp->f_path.mnt);
123743 + read_unlock(&grsec_exec_file_lock);
123744 + read_unlock(&tasklist_lock);
123745 +
123746 + if (retmode & GR_NOPTRACE)
123747 + return 1;
123748 +
123749 + if (!(current->acl->mode & GR_POVERRIDE) && !(current->role->roletype & GR_ROLE_GOD)
123750 + && (current->acl != task->acl || (current->acl != current->role->root_label
123751 + && task_pid_nr(current) != task_pid_nr(task))))
123752 + return 1;
123753 +
123754 + return 0;
123755 +}
123756 +
123757 +void task_grsec_rbac(struct seq_file *m, struct task_struct *p)
123758 +{
123759 + if (unlikely(!(gr_status & GR_READY)))
123760 + return;
123761 +
123762 + if (!(current->role->roletype & GR_ROLE_GOD))
123763 + return;
123764 +
123765 + seq_printf(m, "RBAC:\t%.64s:%c:%.950s\n",
123766 + p->role->rolename, gr_task_roletype_to_char(p),
123767 + p->acl->filename);
123768 +}
123769 +
123770 +int
123771 +gr_handle_ptrace(struct task_struct *task, const long request)
123772 +{
123773 + struct task_struct *tmp = task;
123774 + struct task_struct *curtemp = current;
123775 + __u32 retmode;
123776 +
123777 +#ifndef CONFIG_GRKERNSEC_HARDEN_PTRACE
123778 + if (unlikely(!(gr_status & GR_READY)))
123779 + return 0;
123780 +#endif
123781 + if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) {
123782 + read_lock(&tasklist_lock);
123783 + while (task_pid_nr(tmp) > 0) {
123784 + if (tmp == curtemp)
123785 + break;
123786 + tmp = tmp->real_parent;
123787 + }
123788 +
123789 + if (task_pid_nr(tmp) == 0 && ((grsec_enable_harden_ptrace && gr_is_global_nonroot(current_uid()) && !(gr_status & GR_READY)) ||
123790 + ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE)))) {
123791 + read_unlock(&tasklist_lock);
123792 + gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
123793 + return 1;
123794 + }
123795 + read_unlock(&tasklist_lock);
123796 + }
123797 +
123798 +#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
123799 + if (!(gr_status & GR_READY))
123800 + return 0;
123801 +#endif
123802 +
123803 + read_lock(&grsec_exec_file_lock);
123804 + if (unlikely(!task->exec_file)) {
123805 + read_unlock(&grsec_exec_file_lock);
123806 + return 0;
123807 + }
123808 +
123809 + retmode = gr_search_file(task->exec_file->f_path.dentry, GR_PTRACERD | GR_NOPTRACE, task->exec_file->f_path.mnt);
123810 + read_unlock(&grsec_exec_file_lock);
123811 +
123812 + if (retmode & GR_NOPTRACE) {
123813 + gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
123814 + return 1;
123815 + }
123816 +
123817 + if (retmode & GR_PTRACERD) {
123818 + switch (request) {
123819 + case PTRACE_SEIZE:
123820 + case PTRACE_POKETEXT:
123821 + case PTRACE_POKEDATA:
123822 + case PTRACE_POKEUSR:
123823 +#if !defined(CONFIG_PPC32) && !defined(CONFIG_PPC64) && !defined(CONFIG_PARISC) && !defined(CONFIG_ALPHA) && !defined(CONFIG_IA64) && !defined(CONFIG_ARM64)
123824 + case PTRACE_SETREGS:
123825 + case PTRACE_SETFPREGS:
123826 +#endif
123827 +#ifdef CONFIG_COMPAT
123828 +#ifdef CONFIG_ARM64
123829 + case COMPAT_PTRACE_SETREGS:
123830 + case COMPAT_PTRACE_SETVFPREGS:
123831 +#ifdef CONFIG_HAVE_HW_BREAKPOINT
123832 + case COMPAT_PTRACE_SETHBPREGS:
123833 +#endif
123834 +#endif
123835 +#endif
123836 +#ifdef CONFIG_X86
123837 + case PTRACE_SETFPXREGS:
123838 +#endif
123839 +#ifdef CONFIG_ALTIVEC
123840 + case PTRACE_SETVRREGS:
123841 +#endif
123842 +#ifdef CONFIG_ARM
123843 + case PTRACE_SET_SYSCALL:
123844 + case PTRACE_SETVFPREGS:
123845 +#ifdef CONFIG_HAVE_HW_BREAKPOINT
123846 + case PTRACE_SETHBPREGS:
123847 +#endif
123848 +#endif
123849 + return 1;
123850 + default:
123851 + return 0;
123852 + }
123853 + } else if (!(current->acl->mode & GR_POVERRIDE) &&
123854 + !(current->role->roletype & GR_ROLE_GOD) &&
123855 + (current->acl != task->acl)) {
123856 + gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
123857 + return 1;
123858 + }
123859 +
123860 + return 0;
123861 +}
123862 +
123863 +static int is_writable_mmap(const struct file *filp)
123864 +{
123865 + struct task_struct *task = current;
123866 + struct acl_object_label *obj, *obj2;
123867 + struct dentry *dentry = filp->f_path.dentry;
123868 + struct vfsmount *mnt = filp->f_path.mnt;
123869 + struct inode *inode = d_backing_inode(dentry);
123870 +
123871 + if (gr_status & GR_READY && !(task->acl->mode & GR_OVERRIDE) &&
123872 + !task->is_writable && d_is_reg(dentry) && (mnt != shm_mnt || (inode->i_nlink > 0))) {
123873 + obj = chk_obj_label(dentry, mnt, running_polstate.default_role->root_label);
123874 + obj2 = chk_obj_label(dentry, mnt, task->role->root_label);
123875 + if (unlikely((obj->mode & GR_WRITE) || (obj2->mode & GR_WRITE))) {
123876 + gr_log_fs_generic(GR_DONT_AUDIT, GR_WRITLIB_ACL_MSG, dentry, mnt);
123877 + return 1;
123878 + }
123879 + }
123880 + return 0;
123881 +}
123882 +
123883 +int
123884 +gr_acl_handle_mmap(const struct file *file, const unsigned long prot)
123885 +{
123886 + __u32 mode;
123887 +
123888 + if (unlikely(!file || !(prot & PROT_EXEC)))
123889 + return 1;
123890 +
123891 + if (is_writable_mmap(file))
123892 + return 0;
123893 +
123894 + mode =
123895 + gr_search_file(file->f_path.dentry,
123896 + GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
123897 + file->f_path.mnt);
123898 +
123899 + if (!gr_tpe_allow(file))
123900 + return 0;
123901 +
123902 + if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
123903 + gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
123904 + return 0;
123905 + } else if (unlikely(!(mode & GR_EXEC))) {
123906 + return 0;
123907 + } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
123908 + gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
123909 + return 1;
123910 + }
123911 +
123912 + return 1;
123913 +}
123914 +
123915 +int
123916 +gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
123917 +{
123918 + __u32 mode;
123919 +
123920 + if (unlikely(!file || !(prot & PROT_EXEC)))
123921 + return 1;
123922 +
123923 + if (is_writable_mmap(file))
123924 + return 0;
123925 +
123926 + mode =
123927 + gr_search_file(file->f_path.dentry,
123928 + GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
123929 + file->f_path.mnt);
123930 +
123931 + if (!gr_tpe_allow(file))
123932 + return 0;
123933 +
123934 + if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
123935 + gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
123936 + return 0;
123937 + } else if (unlikely(!(mode & GR_EXEC))) {
123938 + return 0;
123939 + } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
123940 + gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
123941 + return 1;
123942 + }
123943 +
123944 + return 1;
123945 +}
123946 +
123947 +void
123948 +gr_acl_handle_psacct(struct task_struct *task, const long code)
123949 +{
123950 + unsigned long runtime, cputime;
123951 + cputime_t utime, stime;
123952 + unsigned int wday, cday;
123953 + __u8 whr, chr;
123954 + __u8 wmin, cmin;
123955 + __u8 wsec, csec;
123956 + struct timespec curtime, starttime;
123957 +
123958 + if (unlikely(!(gr_status & GR_READY) || !task->acl ||
123959 + !(task->acl->mode & GR_PROCACCT)))
123960 + return;
123961 +
123962 + curtime = ns_to_timespec(ktime_get_ns());
123963 + starttime = ns_to_timespec(task->start_time);
123964 + runtime = curtime.tv_sec - starttime.tv_sec;
123965 + wday = runtime / (60 * 60 * 24);
123966 + runtime -= wday * (60 * 60 * 24);
123967 + whr = runtime / (60 * 60);
123968 + runtime -= whr * (60 * 60);
123969 + wmin = runtime / 60;
123970 + runtime -= wmin * 60;
123971 + wsec = runtime;
123972 +
123973 + task_cputime(task, &utime, &stime);
123974 + cputime = cputime_to_secs(utime + stime);
123975 + cday = cputime / (60 * 60 * 24);
123976 + cputime -= cday * (60 * 60 * 24);
123977 + chr = cputime / (60 * 60);
123978 + cputime -= chr * (60 * 60);
123979 + cmin = cputime / 60;
123980 + cputime -= cmin * 60;
123981 + csec = cputime;
123982 +
123983 + gr_log_procacct(GR_DO_AUDIT, GR_ACL_PROCACCT_MSG, task, wday, whr, wmin, wsec, cday, chr, cmin, csec, code);
123984 +
123985 + return;
123986 +}
123987 +
123988 +#ifdef CONFIG_TASKSTATS
123989 +int gr_is_taskstats_denied(int pid)
123990 +{
123991 + struct task_struct *task;
123992 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
123993 + const struct cred *cred;
123994 +#endif
123995 + int ret = 0;
123996 +
123997 + /* restrict taskstats viewing to un-chrooted root users
123998 + who have the 'view' subject flag if the RBAC system is enabled
123999 + */
124000 +
124001 + rcu_read_lock();
124002 + read_lock(&tasklist_lock);
124003 + task = find_task_by_vpid(pid);
124004 + if (task) {
124005 +#ifdef CONFIG_GRKERNSEC_CHROOT
124006 + if (proc_is_chrooted(task))
124007 + ret = -EACCES;
124008 +#endif
124009 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
124010 + cred = __task_cred(task);
124011 +#ifdef CONFIG_GRKERNSEC_PROC_USER
124012 + if (gr_is_global_nonroot(cred->uid))
124013 + ret = -EACCES;
124014 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
124015 + if (gr_is_global_nonroot(cred->uid) && !groups_search(cred->group_info, grsec_proc_gid))
124016 + ret = -EACCES;
124017 +#endif
124018 +#endif
124019 + if (gr_status & GR_READY) {
124020 + if (!(task->acl->mode & GR_VIEW))
124021 + ret = -EACCES;
124022 + }
124023 + } else
124024 + ret = -ENOENT;
124025 +
124026 + read_unlock(&tasklist_lock);
124027 + rcu_read_unlock();
124028 +
124029 + return ret;
124030 +}
124031 +#endif
124032 +
124033 +/* AUXV entries are filled via a descendant of search_binary_handler
124034 + after we've already applied the subject for the target
124035 +*/
124036 +int gr_acl_enable_at_secure(void)
124037 +{
124038 + if (unlikely(!(gr_status & GR_READY)))
124039 + return 0;
124040 +
124041 + if (current->acl->mode & GR_ATSECURE)
124042 + return 1;
124043 +
124044 + return 0;
124045 +}
124046 +
124047 +int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const u64 ino)
124048 +{
124049 + struct task_struct *task = current;
124050 + struct dentry *dentry = file->f_path.dentry;
124051 + struct vfsmount *mnt = file->f_path.mnt;
124052 + struct acl_object_label *obj, *tmp;
124053 + struct acl_subject_label *subj;
124054 + unsigned int bufsize;
124055 + int is_not_root;
124056 + char *path;
124057 + dev_t dev = __get_dev(dentry);
124058 +
124059 + if (unlikely(!(gr_status & GR_READY)))
124060 + return 1;
124061 +
124062 + if (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))
124063 + return 1;
124064 +
124065 + /* ignore Eric Biederman */
124066 + if (IS_PRIVATE(d_backing_inode(dentry)))
124067 + return 1;
124068 +
124069 + subj = task->acl;
124070 + read_lock(&gr_inode_lock);
124071 + do {
124072 + obj = lookup_acl_obj_label(ino, dev, subj);
124073 + if (obj != NULL) {
124074 + read_unlock(&gr_inode_lock);
124075 + return (obj->mode & GR_FIND) ? 1 : 0;
124076 + }
124077 + } while ((subj = subj->parent_subject));
124078 + read_unlock(&gr_inode_lock);
124079 +
124080 + /* this is purely an optimization since we're looking for an object
124081 + for the directory we're doing a readdir on
124082 + if it's possible for any globbed object to match the entry we're
124083 + filling into the directory, then the object we find here will be
124084 + an anchor point with attached globbed objects
124085 + */
124086 + obj = chk_obj_label_noglob(dentry, mnt, task->acl);
124087 + if (obj->globbed == NULL)
124088 + return (obj->mode & GR_FIND) ? 1 : 0;
124089 +
124090 + is_not_root = ((obj->filename[0] == '/') &&
124091 + (obj->filename[1] == '\0')) ? 0 : 1;
124092 + bufsize = PAGE_SIZE - namelen - is_not_root;
124093 +
124094 + /* check bufsize > PAGE_SIZE || bufsize == 0 */
124095 + if (unlikely((bufsize - 1) > (PAGE_SIZE - 1)))
124096 + return 1;
124097 +
124098 + preempt_disable();
124099 + path = d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()),
124100 + bufsize);
124101 +
124102 + bufsize = strlen(path);
124103 +
124104 + /* if base is "/", don't append an additional slash */
124105 + if (is_not_root)
124106 + *(path + bufsize) = '/';
124107 + memcpy(path + bufsize + is_not_root, name, namelen);
124108 + *(path + bufsize + namelen + is_not_root) = '\0';
124109 +
124110 + tmp = obj->globbed;
124111 + while (tmp) {
124112 + if (!glob_match(tmp->filename, path)) {
124113 + preempt_enable();
124114 + return (tmp->mode & GR_FIND) ? 1 : 0;
124115 + }
124116 + tmp = tmp->next;
124117 + }
124118 + preempt_enable();
124119 + return (obj->mode & GR_FIND) ? 1 : 0;
124120 +}
124121 +
124122 +void gr_put_exec_file(struct task_struct *task)
124123 +{
124124 + struct file *filp;
124125 +
124126 + write_lock(&grsec_exec_file_lock);
124127 + filp = task->exec_file;
124128 + task->exec_file = NULL;
124129 + write_unlock(&grsec_exec_file_lock);
124130 +
124131 + if (filp)
124132 + fput(filp);
124133 +
124134 + return;
124135 +}
124136 +
124137 +
124138 +#ifdef CONFIG_NETFILTER_XT_MATCH_GRADM_MODULE
124139 +EXPORT_SYMBOL_GPL(gr_acl_is_enabled);
124140 +#endif
124141 +#ifdef CONFIG_SECURITY
124142 +EXPORT_SYMBOL_GPL(gr_check_user_change);
124143 +EXPORT_SYMBOL_GPL(gr_check_group_change);
124144 +#endif
124145 +
124146 diff --git a/grsecurity/gracl_alloc.c b/grsecurity/gracl_alloc.c
124147 new file mode 100644
124148 index 0000000..9adc75c
124149 --- /dev/null
124150 +++ b/grsecurity/gracl_alloc.c
124151 @@ -0,0 +1,105 @@
124152 +#include <linux/kernel.h>
124153 +#include <linux/mm.h>
124154 +#include <linux/slab.h>
124155 +#include <linux/vmalloc.h>
124156 +#include <linux/gracl.h>
124157 +#include <linux/grsecurity.h>
124158 +
124159 +static struct gr_alloc_state __current_alloc_state = { 1, 1, NULL };
124160 +struct gr_alloc_state *current_alloc_state = &__current_alloc_state;
124161 +
124162 +static int
124163 +alloc_pop(void)
124164 +{
124165 + if (current_alloc_state->alloc_stack_next == 1)
124166 + return 0;
124167 +
124168 + kfree(current_alloc_state->alloc_stack[current_alloc_state->alloc_stack_next - 2]);
124169 +
124170 + current_alloc_state->alloc_stack_next--;
124171 +
124172 + return 1;
124173 +}
124174 +
124175 +static int
124176 +alloc_push(void *buf)
124177 +{
124178 + if (current_alloc_state->alloc_stack_next >= current_alloc_state->alloc_stack_size)
124179 + return 1;
124180 +
124181 + current_alloc_state->alloc_stack[current_alloc_state->alloc_stack_next - 1] = buf;
124182 +
124183 + current_alloc_state->alloc_stack_next++;
124184 +
124185 + return 0;
124186 +}
124187 +
124188 +void *
124189 +acl_alloc(unsigned long len)
124190 +{
124191 + void *ret = NULL;
124192 +
124193 + if (!len || len > PAGE_SIZE)
124194 + goto out;
124195 +
124196 + ret = kmalloc(len, GFP_KERNEL);
124197 +
124198 + if (ret) {
124199 + if (alloc_push(ret)) {
124200 + kfree(ret);
124201 + ret = NULL;
124202 + }
124203 + }
124204 +
124205 +out:
124206 + return ret;
124207 +}
124208 +
124209 +void *
124210 +acl_alloc_num(unsigned long num, unsigned long len)
124211 +{
124212 + if (!len || (num > (PAGE_SIZE / len)))
124213 + return NULL;
124214 +
124215 + return acl_alloc(num * len);
124216 +}
124217 +
124218 +void
124219 +acl_free_all(void)
124220 +{
124221 + if (!current_alloc_state->alloc_stack)
124222 + return;
124223 +
124224 + while (alloc_pop()) ;
124225 +
124226 + if (current_alloc_state->alloc_stack) {
124227 + if ((current_alloc_state->alloc_stack_size * sizeof (void *)) <= PAGE_SIZE)
124228 + kfree(current_alloc_state->alloc_stack);
124229 + else
124230 + vfree(current_alloc_state->alloc_stack);
124231 + }
124232 +
124233 + current_alloc_state->alloc_stack = NULL;
124234 + current_alloc_state->alloc_stack_size = 1;
124235 + current_alloc_state->alloc_stack_next = 1;
124236 +
124237 + return;
124238 +}
124239 +
124240 +int
124241 +acl_alloc_stack_init(unsigned long size)
124242 +{
124243 + if ((size * sizeof (void *)) <= PAGE_SIZE)
124244 + current_alloc_state->alloc_stack =
124245 + (void **) kmalloc(size * sizeof (void *), GFP_KERNEL);
124246 + else
124247 + current_alloc_state->alloc_stack = (void **) vmalloc(size * sizeof (void *));
124248 +
124249 + current_alloc_state->alloc_stack_size = size;
124250 + current_alloc_state->alloc_stack_next = 1;
124251 +
124252 + if (!current_alloc_state->alloc_stack)
124253 + return 0;
124254 + else
124255 + return 1;
124256 +}
124257 diff --git a/grsecurity/gracl_cap.c b/grsecurity/gracl_cap.c
124258 new file mode 100644
124259 index 0000000..8747091
124260 --- /dev/null
124261 +++ b/grsecurity/gracl_cap.c
124262 @@ -0,0 +1,96 @@
124263 +#include <linux/kernel.h>
124264 +#include <linux/module.h>
124265 +#include <linux/sched.h>
124266 +#include <linux/gracl.h>
124267 +#include <linux/grsecurity.h>
124268 +#include <linux/grinternal.h>
124269 +
124270 +extern const char *captab_log[];
124271 +extern int captab_log_entries;
124272 +
124273 +int gr_learn_cap(const struct task_struct *task, const struct cred *cred, const int cap, bool log)
124274 +{
124275 + struct acl_subject_label *curracl;
124276 +
124277 + if (!gr_acl_is_enabled())
124278 + return 1;
124279 +
124280 + curracl = task->acl;
124281 +
124282 + if (curracl->mode & (GR_LEARN | GR_INHERITLEARN)) {
124283 + if (log)
124284 + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
124285 + task->role->roletype, GR_GLOBAL_UID(cred->uid),
124286 + GR_GLOBAL_GID(cred->gid), task->exec_file ?
124287 + gr_to_filename(task->exec_file->f_path.dentry,
124288 + task->exec_file->f_path.mnt) : curracl->filename,
124289 + curracl->filename, 0UL,
124290 + 0UL, "", (unsigned long) cap, &task->signal->saved_ip);
124291 + return 1;
124292 + }
124293 +
124294 + return 0;
124295 +}
124296 +
124297 +int gr_task_acl_is_capable(const struct task_struct *task, const struct cred *cred, const int cap, bool log)
124298 +{
124299 + struct acl_subject_label *curracl;
124300 + kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
124301 + kernel_cap_t cap_audit = __cap_empty_set;
124302 +
124303 + if (!gr_acl_is_enabled())
124304 + return 1;
124305 +
124306 + curracl = task->acl;
124307 +
124308 + cap_drop = curracl->cap_lower;
124309 + cap_mask = curracl->cap_mask;
124310 + cap_audit = curracl->cap_invert_audit;
124311 +
124312 + while ((curracl = curracl->parent_subject)) {
124313 + /* if the cap isn't specified in the current computed mask but is specified in the
124314 + current level subject, and is lowered in the current level subject, then add
124315 + it to the set of dropped capabilities
124316 + otherwise, add the current level subject's mask to the current computed mask
124317 + */
124318 + if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) {
124319 + cap_raise(cap_mask, cap);
124320 + if (cap_raised(curracl->cap_lower, cap))
124321 + cap_raise(cap_drop, cap);
124322 + if (cap_raised(curracl->cap_invert_audit, cap))
124323 + cap_raise(cap_audit, cap);
124324 + }
124325 + }
124326 +
124327 + if (!cap_raised(cap_drop, cap)) {
124328 + if (log && cap_raised(cap_audit, cap))
124329 + gr_log_cap(GR_DO_AUDIT, GR_CAP_ACL_MSG2, task, captab_log[cap]);
124330 + return 1;
124331 + }
124332 +
124333 + /* only learn the capability use if the process has the capability in the
124334 + general case, the two uses in sys.c of gr_learn_cap are an exception
124335 + to this rule to ensure any role transition involves what the full-learned
124336 + policy believes in a privileged process
124337 + */
124338 + if (cap_raised(cred->cap_effective, cap) && gr_learn_cap(task, cred, cap, log))
124339 + return 1;
124340 +
124341 + if (log && (cap >= 0) && (cap < captab_log_entries) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap))
124342 + gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]);
124343 +
124344 + return 0;
124345 +}
124346 +
124347 +int
124348 +gr_acl_is_capable(const int cap)
124349 +{
124350 + return gr_task_acl_is_capable(current, current_cred(), cap, true);
124351 +}
124352 +
124353 +int
124354 +gr_acl_is_capable_nolog(const int cap)
124355 +{
124356 + return gr_task_acl_is_capable(current, current_cred(), cap, false);
124357 +}
124358 +
124359 diff --git a/grsecurity/gracl_compat.c b/grsecurity/gracl_compat.c
124360 new file mode 100644
124361 index 0000000..a43dd06
124362 --- /dev/null
124363 +++ b/grsecurity/gracl_compat.c
124364 @@ -0,0 +1,269 @@
124365 +#include <linux/kernel.h>
124366 +#include <linux/gracl.h>
124367 +#include <linux/compat.h>
124368 +#include <linux/gracl_compat.h>
124369 +
124370 +#include <asm/uaccess.h>
124371 +
124372 +int copy_gr_arg_wrapper_compat(const char *buf, struct gr_arg_wrapper *uwrap)
124373 +{
124374 + struct gr_arg_wrapper_compat uwrapcompat;
124375 +
124376 + if (copy_from_user(&uwrapcompat, buf, sizeof(uwrapcompat)))
124377 + return -EFAULT;
124378 +
124379 + if ((uwrapcompat.version != GRSECURITY_VERSION) ||
124380 + (uwrapcompat.size != sizeof(struct gr_arg_compat)))
124381 + return -EINVAL;
124382 +
124383 + uwrap->arg = compat_ptr(uwrapcompat.arg);
124384 + uwrap->version = uwrapcompat.version;
124385 + uwrap->size = sizeof(struct gr_arg);
124386 +
124387 + return 0;
124388 +}
124389 +
124390 +int copy_gr_arg_compat(const struct gr_arg __user *buf, struct gr_arg *arg)
124391 +{
124392 + struct gr_arg_compat argcompat;
124393 +
124394 + if (copy_from_user(&argcompat, buf, sizeof(argcompat)))
124395 + return -EFAULT;
124396 +
124397 + arg->role_db.r_table = compat_ptr(argcompat.role_db.r_table);
124398 + arg->role_db.num_pointers = argcompat.role_db.num_pointers;
124399 + arg->role_db.num_roles = argcompat.role_db.num_roles;
124400 + arg->role_db.num_domain_children = argcompat.role_db.num_domain_children;
124401 + arg->role_db.num_subjects = argcompat.role_db.num_subjects;
124402 + arg->role_db.num_objects = argcompat.role_db.num_objects;
124403 +
124404 + memcpy(&arg->pw, &argcompat.pw, sizeof(arg->pw));
124405 + memcpy(&arg->salt, &argcompat.salt, sizeof(arg->salt));
124406 + memcpy(&arg->sum, &argcompat.sum, sizeof(arg->sum));
124407 + memcpy(&arg->sp_role, &argcompat.sp_role, sizeof(arg->sp_role));
124408 + arg->sprole_pws = compat_ptr(argcompat.sprole_pws);
124409 + arg->segv_device = argcompat.segv_device;
124410 + arg->segv_inode = argcompat.segv_inode;
124411 + arg->segv_uid = argcompat.segv_uid;
124412 + arg->num_sprole_pws = argcompat.num_sprole_pws;
124413 + arg->mode = argcompat.mode;
124414 +
124415 + return 0;
124416 +}
124417 +
124418 +int copy_acl_object_label_compat(struct acl_object_label *obj, const struct acl_object_label *userp)
124419 +{
124420 + struct acl_object_label_compat objcompat;
124421 +
124422 + if (copy_from_user(&objcompat, userp, sizeof(objcompat)))
124423 + return -EFAULT;
124424 +
124425 + obj->filename = compat_ptr(objcompat.filename);
124426 + obj->inode = objcompat.inode;
124427 + obj->device = objcompat.device;
124428 + obj->mode = objcompat.mode;
124429 +
124430 + obj->nested = compat_ptr(objcompat.nested);
124431 + obj->globbed = compat_ptr(objcompat.globbed);
124432 +
124433 + obj->prev = compat_ptr(objcompat.prev);
124434 + obj->next = compat_ptr(objcompat.next);
124435 +
124436 + return 0;
124437 +}
124438 +
124439 +int copy_acl_subject_label_compat(struct acl_subject_label *subj, const struct acl_subject_label *userp)
124440 +{
124441 + unsigned int i;
124442 + struct acl_subject_label_compat subjcompat;
124443 +
124444 + if (copy_from_user(&subjcompat, userp, sizeof(subjcompat)))
124445 + return -EFAULT;
124446 +
124447 + subj->filename = compat_ptr(subjcompat.filename);
124448 + subj->inode = subjcompat.inode;
124449 + subj->device = subjcompat.device;
124450 + subj->mode = subjcompat.mode;
124451 + subj->cap_mask = subjcompat.cap_mask;
124452 + subj->cap_lower = subjcompat.cap_lower;
124453 + subj->cap_invert_audit = subjcompat.cap_invert_audit;
124454 +
124455 + for (i = 0; i < GR_NLIMITS; i++) {
124456 + if (subjcompat.res[i].rlim_cur == COMPAT_RLIM_INFINITY)
124457 + subj->res[i].rlim_cur = RLIM_INFINITY;
124458 + else
124459 + subj->res[i].rlim_cur = subjcompat.res[i].rlim_cur;
124460 + if (subjcompat.res[i].rlim_max == COMPAT_RLIM_INFINITY)
124461 + subj->res[i].rlim_max = RLIM_INFINITY;
124462 + else
124463 + subj->res[i].rlim_max = subjcompat.res[i].rlim_max;
124464 + }
124465 + subj->resmask = subjcompat.resmask;
124466 +
124467 + subj->user_trans_type = subjcompat.user_trans_type;
124468 + subj->group_trans_type = subjcompat.group_trans_type;
124469 + subj->user_transitions = compat_ptr(subjcompat.user_transitions);
124470 + subj->group_transitions = compat_ptr(subjcompat.group_transitions);
124471 + subj->user_trans_num = subjcompat.user_trans_num;
124472 + subj->group_trans_num = subjcompat.group_trans_num;
124473 +
124474 + memcpy(&subj->sock_families, &subjcompat.sock_families, sizeof(subj->sock_families));
124475 + memcpy(&subj->ip_proto, &subjcompat.ip_proto, sizeof(subj->ip_proto));
124476 + subj->ip_type = subjcompat.ip_type;
124477 + subj->ips = compat_ptr(subjcompat.ips);
124478 + subj->ip_num = subjcompat.ip_num;
124479 + subj->inaddr_any_override = subjcompat.inaddr_any_override;
124480 +
124481 + subj->crashes = subjcompat.crashes;
124482 + subj->expires = subjcompat.expires;
124483 +
124484 + subj->parent_subject = compat_ptr(subjcompat.parent_subject);
124485 + subj->hash = compat_ptr(subjcompat.hash);
124486 + subj->prev = compat_ptr(subjcompat.prev);
124487 + subj->next = compat_ptr(subjcompat.next);
124488 +
124489 + subj->obj_hash = compat_ptr(subjcompat.obj_hash);
124490 + subj->obj_hash_size = subjcompat.obj_hash_size;
124491 + subj->pax_flags = subjcompat.pax_flags;
124492 +
124493 + return 0;
124494 +}
124495 +
124496 +int copy_acl_role_label_compat(struct acl_role_label *role, const struct acl_role_label *userp)
124497 +{
124498 + struct acl_role_label_compat rolecompat;
124499 +
124500 + if (copy_from_user(&rolecompat, userp, sizeof(rolecompat)))
124501 + return -EFAULT;
124502 +
124503 + role->rolename = compat_ptr(rolecompat.rolename);
124504 + role->uidgid = rolecompat.uidgid;
124505 + role->roletype = rolecompat.roletype;
124506 +
124507 + role->auth_attempts = rolecompat.auth_attempts;
124508 + role->expires = rolecompat.expires;
124509 +
124510 + role->root_label = compat_ptr(rolecompat.root_label);
124511 + role->hash = compat_ptr(rolecompat.hash);
124512 +
124513 + role->prev = compat_ptr(rolecompat.prev);
124514 + role->next = compat_ptr(rolecompat.next);
124515 +
124516 + role->transitions = compat_ptr(rolecompat.transitions);
124517 + role->allowed_ips = compat_ptr(rolecompat.allowed_ips);
124518 + role->domain_children = compat_ptr(rolecompat.domain_children);
124519 + role->domain_child_num = rolecompat.domain_child_num;
124520 +
124521 + role->umask = rolecompat.umask;
124522 +
124523 + role->subj_hash = compat_ptr(rolecompat.subj_hash);
124524 + role->subj_hash_size = rolecompat.subj_hash_size;
124525 +
124526 + return 0;
124527 +}
124528 +
124529 +int copy_role_allowed_ip_compat(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp)
124530 +{
124531 + struct role_allowed_ip_compat roleip_compat;
124532 +
124533 + if (copy_from_user(&roleip_compat, userp, sizeof(roleip_compat)))
124534 + return -EFAULT;
124535 +
124536 + roleip->addr = roleip_compat.addr;
124537 + roleip->netmask = roleip_compat.netmask;
124538 +
124539 + roleip->prev = compat_ptr(roleip_compat.prev);
124540 + roleip->next = compat_ptr(roleip_compat.next);
124541 +
124542 + return 0;
124543 +}
124544 +
124545 +int copy_role_transition_compat(struct role_transition *trans, const struct role_transition *userp)
124546 +{
124547 + struct role_transition_compat trans_compat;
124548 +
124549 + if (copy_from_user(&trans_compat, userp, sizeof(trans_compat)))
124550 + return -EFAULT;
124551 +
124552 + trans->rolename = compat_ptr(trans_compat.rolename);
124553 +
124554 + trans->prev = compat_ptr(trans_compat.prev);
124555 + trans->next = compat_ptr(trans_compat.next);
124556 +
124557 + return 0;
124558 +
124559 +}
124560 +
124561 +int copy_gr_hash_struct_compat(struct gr_hash_struct *hash, const struct gr_hash_struct *userp)
124562 +{
124563 + struct gr_hash_struct_compat hash_compat;
124564 +
124565 + if (copy_from_user(&hash_compat, userp, sizeof(hash_compat)))
124566 + return -EFAULT;
124567 +
124568 + hash->table = compat_ptr(hash_compat.table);
124569 + hash->nametable = compat_ptr(hash_compat.nametable);
124570 + hash->first = compat_ptr(hash_compat.first);
124571 +
124572 + hash->table_size = hash_compat.table_size;
124573 + hash->used_size = hash_compat.used_size;
124574 +
124575 + hash->type = hash_compat.type;
124576 +
124577 + return 0;
124578 +}
124579 +
124580 +int copy_pointer_from_array_compat(void *ptr, unsigned long idx, const void *userp)
124581 +{
124582 + compat_uptr_t ptrcompat;
124583 +
124584 + if (copy_from_user(&ptrcompat, userp + (idx * sizeof(ptrcompat)), sizeof(ptrcompat)))
124585 + return -EFAULT;
124586 +
124587 + *(void **)ptr = compat_ptr(ptrcompat);
124588 +
124589 + return 0;
124590 +}
124591 +
124592 +int copy_acl_ip_label_compat(struct acl_ip_label *ip, const struct acl_ip_label *userp)
124593 +{
124594 + struct acl_ip_label_compat ip_compat;
124595 +
124596 + if (copy_from_user(&ip_compat, userp, sizeof(ip_compat)))
124597 + return -EFAULT;
124598 +
124599 + ip->iface = compat_ptr(ip_compat.iface);
124600 + ip->addr = ip_compat.addr;
124601 + ip->netmask = ip_compat.netmask;
124602 + ip->low = ip_compat.low;
124603 + ip->high = ip_compat.high;
124604 + ip->mode = ip_compat.mode;
124605 + ip->type = ip_compat.type;
124606 +
124607 + memcpy(&ip->proto, &ip_compat.proto, sizeof(ip->proto));
124608 +
124609 + ip->prev = compat_ptr(ip_compat.prev);
124610 + ip->next = compat_ptr(ip_compat.next);
124611 +
124612 + return 0;
124613 +}
124614 +
124615 +int copy_sprole_pw_compat(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp)
124616 +{
124617 + struct sprole_pw_compat pw_compat;
124618 +
124619 + if (copy_from_user(&pw_compat, (const void *)userp + (sizeof(pw_compat) * idx), sizeof(pw_compat)))
124620 + return -EFAULT;
124621 +
124622 + pw->rolename = compat_ptr(pw_compat.rolename);
124623 + memcpy(&pw->salt, pw_compat.salt, sizeof(pw->salt));
124624 + memcpy(&pw->sum, pw_compat.sum, sizeof(pw->sum));
124625 +
124626 + return 0;
124627 +}
124628 +
124629 +size_t get_gr_arg_wrapper_size_compat(void)
124630 +{
124631 + return sizeof(struct gr_arg_wrapper_compat);
124632 +}
124633 +
124634 diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c
124635 new file mode 100644
124636 index 0000000..fce7f71
124637 --- /dev/null
124638 +++ b/grsecurity/gracl_fs.c
124639 @@ -0,0 +1,448 @@
124640 +#include <linux/kernel.h>
124641 +#include <linux/sched.h>
124642 +#include <linux/types.h>
124643 +#include <linux/fs.h>
124644 +#include <linux/file.h>
124645 +#include <linux/stat.h>
124646 +#include <linux/grsecurity.h>
124647 +#include <linux/grinternal.h>
124648 +#include <linux/gracl.h>
124649 +
124650 +umode_t
124651 +gr_acl_umask(void)
124652 +{
124653 + if (unlikely(!gr_acl_is_enabled()))
124654 + return 0;
124655 +
124656 + return current->role->umask;
124657 +}
124658 +
124659 +__u32
124660 +gr_acl_handle_hidden_file(const struct dentry * dentry,
124661 + const struct vfsmount * mnt)
124662 +{
124663 + __u32 mode;
124664 +
124665 + if (unlikely(d_is_negative(dentry)))
124666 + return GR_FIND;
124667 +
124668 + mode =
124669 + gr_search_file(dentry, GR_FIND | GR_AUDIT_FIND | GR_SUPPRESS, mnt);
124670 +
124671 + if (unlikely(mode & GR_FIND && mode & GR_AUDIT_FIND)) {
124672 + gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
124673 + return mode;
124674 + } else if (unlikely(!(mode & GR_FIND) && !(mode & GR_SUPPRESS))) {
124675 + gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
124676 + return 0;
124677 + } else if (unlikely(!(mode & GR_FIND)))
124678 + return 0;
124679 +
124680 + return GR_FIND;
124681 +}
124682 +
124683 +__u32
124684 +gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
124685 + int acc_mode)
124686 +{
124687 + __u32 reqmode = GR_FIND;
124688 + __u32 mode;
124689 +
124690 + if (unlikely(d_is_negative(dentry)))
124691 + return reqmode;
124692 +
124693 + if (acc_mode & MAY_APPEND)
124694 + reqmode |= GR_APPEND;
124695 + else if (acc_mode & MAY_WRITE)
124696 + reqmode |= GR_WRITE;
124697 + if ((acc_mode & MAY_READ) && !d_is_dir(dentry))
124698 + reqmode |= GR_READ;
124699 +
124700 + mode =
124701 + gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
124702 + mnt);
124703 +
124704 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
124705 + gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
124706 + reqmode & GR_READ ? " reading" : "",
124707 + reqmode & GR_WRITE ? " writing" : reqmode &
124708 + GR_APPEND ? " appending" : "");
124709 + return reqmode;
124710 + } else
124711 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
124712 + {
124713 + gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
124714 + reqmode & GR_READ ? " reading" : "",
124715 + reqmode & GR_WRITE ? " writing" : reqmode &
124716 + GR_APPEND ? " appending" : "");
124717 + return 0;
124718 + } else if (unlikely((mode & reqmode) != reqmode))
124719 + return 0;
124720 +
124721 + return reqmode;
124722 +}
124723 +
124724 +__u32
124725 +gr_acl_handle_creat(const struct dentry * dentry,
124726 + const struct dentry * p_dentry,
124727 + const struct vfsmount * p_mnt, int open_flags, int acc_mode,
124728 + const int imode)
124729 +{
124730 + __u32 reqmode = GR_WRITE | GR_CREATE;
124731 + __u32 mode;
124732 +
124733 + if (acc_mode & MAY_APPEND)
124734 + reqmode |= GR_APPEND;
124735 + // if a directory was required or the directory already exists, then
124736 + // don't count this open as a read
124737 + if ((acc_mode & MAY_READ) &&
124738 + !((open_flags & O_DIRECTORY) || d_is_dir(dentry)))
124739 + reqmode |= GR_READ;
124740 + if ((open_flags & O_CREAT) &&
124741 + ((imode & S_ISUID) || ((imode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))))
124742 + reqmode |= GR_SETID;
124743 +
124744 + mode =
124745 + gr_check_create(dentry, p_dentry, p_mnt,
124746 + reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
124747 +
124748 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
124749 + gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
124750 + reqmode & GR_READ ? " reading" : "",
124751 + reqmode & GR_WRITE ? " writing" : reqmode &
124752 + GR_APPEND ? " appending" : "");
124753 + return reqmode;
124754 + } else
124755 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
124756 + {
124757 + gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
124758 + reqmode & GR_READ ? " reading" : "",
124759 + reqmode & GR_WRITE ? " writing" : reqmode &
124760 + GR_APPEND ? " appending" : "");
124761 + return 0;
124762 + } else if (unlikely((mode & reqmode) != reqmode))
124763 + return 0;
124764 +
124765 + return reqmode;
124766 +}
124767 +
124768 +__u32
124769 +gr_acl_handle_access(const struct dentry * dentry, const struct vfsmount * mnt,
124770 + const int fmode)
124771 +{
124772 + __u32 mode, reqmode = GR_FIND;
124773 +
124774 + if ((fmode & S_IXOTH) && !d_is_dir(dentry))
124775 + reqmode |= GR_EXEC;
124776 + if (fmode & S_IWOTH)
124777 + reqmode |= GR_WRITE;
124778 + if (fmode & S_IROTH)
124779 + reqmode |= GR_READ;
124780 +
124781 + mode =
124782 + gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
124783 + mnt);
124784 +
124785 + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
124786 + gr_log_fs_rbac_mode3(GR_DO_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
124787 + reqmode & GR_READ ? " reading" : "",
124788 + reqmode & GR_WRITE ? " writing" : "",
124789 + reqmode & GR_EXEC ? " executing" : "");
124790 + return reqmode;
124791 + } else
124792 + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
124793 + {
124794 + gr_log_fs_rbac_mode3(GR_DONT_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
124795 + reqmode & GR_READ ? " reading" : "",
124796 + reqmode & GR_WRITE ? " writing" : "",
124797 + reqmode & GR_EXEC ? " executing" : "");
124798 + return 0;
124799 + } else if (unlikely((mode & reqmode) != reqmode))
124800 + return 0;
124801 +
124802 + return reqmode;
124803 +}
124804 +
124805 +static __u32 generic_fs_handler(const struct dentry *dentry, const struct vfsmount *mnt, __u32 reqmode, const char *fmt)
124806 +{
124807 + __u32 mode;
124808 +
124809 + mode = gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, mnt);
124810 +
124811 + if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
124812 + gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, dentry, mnt);
124813 + return mode;
124814 + } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
124815 + gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, dentry, mnt);
124816 + return 0;
124817 + } else if (unlikely((mode & (reqmode)) != (reqmode)))
124818 + return 0;
124819 +
124820 + return (reqmode);
124821 +}
124822 +
124823 +__u32
124824 +gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
124825 +{
124826 + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_RMDIR_ACL_MSG);
124827 +}
124828 +
124829 +__u32
124830 +gr_acl_handle_unlink(const struct dentry *dentry, const struct vfsmount *mnt)
124831 +{
124832 + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_UNLINK_ACL_MSG);
124833 +}
124834 +
124835 +__u32
124836 +gr_acl_handle_truncate(const struct dentry *dentry, const struct vfsmount *mnt)
124837 +{
124838 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_TRUNCATE_ACL_MSG);
124839 +}
124840 +
124841 +__u32
124842 +gr_acl_handle_utime(const struct dentry *dentry, const struct vfsmount *mnt)
124843 +{
124844 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_ATIME_ACL_MSG);
124845 +}
124846 +
124847 +__u32
124848 +gr_acl_handle_chmod(const struct dentry *dentry, const struct vfsmount *mnt,
124849 + umode_t *modeptr)
124850 +{
124851 + umode_t mode;
124852 + struct inode *inode = d_backing_inode(dentry);
124853 +
124854 + *modeptr &= ~gr_acl_umask();
124855 + mode = *modeptr;
124856 +
124857 + if (unlikely(inode && S_ISSOCK(inode->i_mode)))
124858 + return 1;
124859 +
124860 + if (unlikely(!d_is_dir(dentry) &&
124861 + ((mode & S_ISUID) || ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))))) {
124862 + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
124863 + GR_CHMOD_ACL_MSG);
124864 + } else {
124865 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHMOD_ACL_MSG);
124866 + }
124867 +}
124868 +
124869 +__u32
124870 +gr_acl_handle_chown(const struct dentry *dentry, const struct vfsmount *mnt)
124871 +{
124872 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHOWN_ACL_MSG);
124873 +}
124874 +
124875 +__u32
124876 +gr_acl_handle_setxattr(const struct dentry *dentry, const struct vfsmount *mnt)
124877 +{
124878 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_SETXATTR_ACL_MSG);
124879 +}
124880 +
124881 +__u32
124882 +gr_acl_handle_removexattr(const struct dentry *dentry, const struct vfsmount *mnt)
124883 +{
124884 + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_REMOVEXATTR_ACL_MSG);
124885 +}
124886 +
124887 +__u32
124888 +gr_acl_handle_execve(const struct dentry *dentry, const struct vfsmount *mnt)
124889 +{
124890 + return generic_fs_handler(dentry, mnt, GR_EXEC, GR_EXEC_ACL_MSG);
124891 +}
124892 +
124893 +__u32
124894 +gr_acl_handle_unix(const struct dentry *dentry, const struct vfsmount *mnt)
124895 +{
124896 + return generic_fs_handler(dentry, mnt, GR_READ | GR_WRITE,
124897 + GR_UNIXCONNECT_ACL_MSG);
124898 +}
124899 +
124900 +/* hardlinks require at minimum create and link permission,
124901 + any additional privilege required is based on the
124902 + privilege of the file being linked to
124903 +*/
124904 +__u32
124905 +gr_acl_handle_link(const struct dentry * new_dentry,
124906 + const struct dentry * parent_dentry,
124907 + const struct vfsmount * parent_mnt,
124908 + const struct dentry * old_dentry,
124909 + const struct vfsmount * old_mnt, const struct filename *to)
124910 +{
124911 + __u32 mode;
124912 + __u32 needmode = GR_CREATE | GR_LINK;
124913 + __u32 needaudit = GR_AUDIT_CREATE | GR_AUDIT_LINK;
124914 +
124915 + mode =
124916 + gr_check_link(new_dentry, parent_dentry, parent_mnt, old_dentry,
124917 + old_mnt);
124918 +
124919 + if (unlikely(((mode & needmode) == needmode) && (mode & needaudit))) {
124920 + gr_log_fs_rbac_str(GR_DO_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to->name);
124921 + return mode;
124922 + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
124923 + gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to->name);
124924 + return 0;
124925 + } else if (unlikely((mode & needmode) != needmode))
124926 + return 0;
124927 +
124928 + return 1;
124929 +}
124930 +
124931 +__u32
124932 +gr_acl_handle_symlink(const struct dentry * new_dentry,
124933 + const struct dentry * parent_dentry,
124934 + const struct vfsmount * parent_mnt, const struct filename *from)
124935 +{
124936 + __u32 needmode = GR_WRITE | GR_CREATE;
124937 + __u32 mode;
124938 +
124939 + mode =
124940 + gr_check_create(new_dentry, parent_dentry, parent_mnt,
124941 + GR_CREATE | GR_AUDIT_CREATE |
124942 + GR_WRITE | GR_AUDIT_WRITE | GR_SUPPRESS);
124943 +
124944 + if (unlikely(mode & GR_WRITE && mode & GR_AUDITS)) {
124945 + gr_log_fs_str_rbac(GR_DO_AUDIT, GR_SYMLINK_ACL_MSG, from->name, new_dentry, parent_mnt);
124946 + return mode;
124947 + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
124948 + gr_log_fs_str_rbac(GR_DONT_AUDIT, GR_SYMLINK_ACL_MSG, from->name, new_dentry, parent_mnt);
124949 + return 0;
124950 + } else if (unlikely((mode & needmode) != needmode))
124951 + return 0;
124952 +
124953 + return (GR_WRITE | GR_CREATE);
124954 +}
124955 +
124956 +static __u32 generic_fs_create_handler(const struct dentry *new_dentry, const struct dentry *parent_dentry, const struct vfsmount *parent_mnt, __u32 reqmode, const char *fmt)
124957 +{
124958 + __u32 mode;
124959 +
124960 + mode = gr_check_create(new_dentry, parent_dentry, parent_mnt, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
124961 +
124962 + if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
124963 + gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, new_dentry, parent_mnt);
124964 + return mode;
124965 + } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
124966 + gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, new_dentry, parent_mnt);
124967 + return 0;
124968 + } else if (unlikely((mode & (reqmode)) != (reqmode)))
124969 + return 0;
124970 +
124971 + return (reqmode);
124972 +}
124973 +
124974 +__u32
124975 +gr_acl_handle_mknod(const struct dentry * new_dentry,
124976 + const struct dentry * parent_dentry,
124977 + const struct vfsmount * parent_mnt,
124978 + const int mode)
124979 +{
124980 + __u32 reqmode = GR_WRITE | GR_CREATE;
124981 + if (unlikely((mode & S_ISUID) || ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))))
124982 + reqmode |= GR_SETID;
124983 +
124984 + return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
124985 + reqmode, GR_MKNOD_ACL_MSG);
124986 +}
124987 +
124988 +__u32
124989 +gr_acl_handle_mkdir(const struct dentry *new_dentry,
124990 + const struct dentry *parent_dentry,
124991 + const struct vfsmount *parent_mnt)
124992 +{
124993 + return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
124994 + GR_WRITE | GR_CREATE, GR_MKDIR_ACL_MSG);
124995 +}
124996 +
124997 +#define RENAME_CHECK_SUCCESS(old, new) \
124998 + (((old & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)) && \
124999 + ((new & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)))
125000 +
125001 +int
125002 +gr_acl_handle_rename(struct dentry *new_dentry,
125003 + struct dentry *parent_dentry,
125004 + const struct vfsmount *parent_mnt,
125005 + struct dentry *old_dentry,
125006 + struct inode *old_parent_inode,
125007 + struct vfsmount *old_mnt, const struct filename *newname, unsigned int flags)
125008 +{
125009 + __u32 comp1, comp2;
125010 + int error = 0;
125011 +
125012 + if (unlikely(!gr_acl_is_enabled()))
125013 + return 0;
125014 +
125015 + if (flags & RENAME_EXCHANGE) {
125016 + comp1 = gr_search_file(new_dentry, GR_READ | GR_WRITE |
125017 + GR_AUDIT_READ | GR_AUDIT_WRITE |
125018 + GR_SUPPRESS, parent_mnt);
125019 + comp2 =
125020 + gr_search_file(old_dentry,
125021 + GR_READ | GR_WRITE | GR_AUDIT_READ |
125022 + GR_AUDIT_WRITE | GR_SUPPRESS, old_mnt);
125023 + } else if (d_is_negative(new_dentry)) {
125024 + comp1 = gr_check_create(new_dentry, parent_dentry, parent_mnt,
125025 + GR_READ | GR_WRITE | GR_CREATE | GR_AUDIT_READ |
125026 + GR_AUDIT_WRITE | GR_AUDIT_CREATE | GR_SUPPRESS);
125027 + comp2 = gr_search_file(old_dentry, GR_READ | GR_WRITE |
125028 + GR_DELETE | GR_AUDIT_DELETE |
125029 + GR_AUDIT_READ | GR_AUDIT_WRITE |
125030 + GR_SUPPRESS, old_mnt);
125031 + } else {
125032 + comp1 = gr_search_file(new_dentry, GR_READ | GR_WRITE |
125033 + GR_CREATE | GR_DELETE |
125034 + GR_AUDIT_CREATE | GR_AUDIT_DELETE |
125035 + GR_AUDIT_READ | GR_AUDIT_WRITE |
125036 + GR_SUPPRESS, parent_mnt);
125037 + comp2 =
125038 + gr_search_file(old_dentry,
125039 + GR_READ | GR_WRITE | GR_AUDIT_READ |
125040 + GR_DELETE | GR_AUDIT_DELETE |
125041 + GR_AUDIT_WRITE | GR_SUPPRESS, old_mnt);
125042 + }
125043 +
125044 + if (RENAME_CHECK_SUCCESS(comp1, comp2) &&
125045 + ((comp1 & GR_AUDITS) || (comp2 & GR_AUDITS)))
125046 + gr_log_fs_rbac_str(GR_DO_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname->name);
125047 + else if (!RENAME_CHECK_SUCCESS(comp1, comp2) && !(comp1 & GR_SUPPRESS)
125048 + && !(comp2 & GR_SUPPRESS)) {
125049 + gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname->name);
125050 + error = -EACCES;
125051 + } else if (unlikely(!RENAME_CHECK_SUCCESS(comp1, comp2)))
125052 + error = -EACCES;
125053 +
125054 + return error;
125055 +}
125056 +
125057 +void
125058 +gr_acl_handle_exit(void)
125059 +{
125060 + u16 id;
125061 + char *rolename;
125062 +
125063 + if (unlikely(current->acl_sp_role && gr_acl_is_enabled() &&
125064 + !(current->role->roletype & GR_ROLE_PERSIST))) {
125065 + id = current->acl_role_id;
125066 + rolename = current->role->rolename;
125067 + gr_set_acls(1);
125068 + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLEL_ACL_MSG, rolename, id);
125069 + }
125070 +
125071 + gr_put_exec_file(current);
125072 + return;
125073 +}
125074 +
125075 +int
125076 +gr_acl_handle_procpidmem(const struct task_struct *task)
125077 +{
125078 + if (unlikely(!gr_acl_is_enabled()))
125079 + return 0;
125080 +
125081 + if (task != current && (task->acl->mode & GR_PROTPROCFD) &&
125082 + !(current->acl->mode & GR_POVERRIDE) &&
125083 + !(current->role->roletype & GR_ROLE_GOD))
125084 + return -EACCES;
125085 +
125086 + return 0;
125087 +}
125088 diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c
125089 new file mode 100644
125090 index 0000000..5da5304
125091 --- /dev/null
125092 +++ b/grsecurity/gracl_ip.c
125093 @@ -0,0 +1,387 @@
125094 +#include <linux/kernel.h>
125095 +#include <asm/uaccess.h>
125096 +#include <asm/errno.h>
125097 +#include <net/sock.h>
125098 +#include <linux/file.h>
125099 +#include <linux/fs.h>
125100 +#include <linux/net.h>
125101 +#include <linux/in.h>
125102 +#include <linux/skbuff.h>
125103 +#include <linux/ip.h>
125104 +#include <linux/udp.h>
125105 +#include <linux/types.h>
125106 +#include <linux/sched.h>
125107 +#include <linux/netdevice.h>
125108 +#include <linux/inetdevice.h>
125109 +#include <linux/gracl.h>
125110 +#include <linux/grsecurity.h>
125111 +#include <linux/grinternal.h>
125112 +
125113 +#define GR_BIND 0x01
125114 +#define GR_CONNECT 0x02
125115 +#define GR_INVERT 0x04
125116 +#define GR_BINDOVERRIDE 0x08
125117 +#define GR_CONNECTOVERRIDE 0x10
125118 +#define GR_SOCK_FAMILY 0x20
125119 +
125120 +static const char * gr_protocols[IPPROTO_MAX] = {
125121 + "ip", "icmp", "igmp", "ggp", "ipencap", "st", "tcp", "cbt",
125122 + "egp", "igp", "bbn-rcc", "nvp", "pup", "argus", "emcon", "xnet",
125123 + "chaos", "udp", "mux", "dcn", "hmp", "prm", "xns-idp", "trunk-1",
125124 + "trunk-2", "leaf-1", "leaf-2", "rdp", "irtp", "iso-tp4", "netblt", "mfe-nsp",
125125 + "merit-inp", "sep", "3pc", "idpr", "xtp", "ddp", "idpr-cmtp", "tp++",
125126 + "il", "ipv6", "sdrp", "ipv6-route", "ipv6-frag", "idrp", "rsvp", "gre",
125127 + "mhrp", "bna", "ipv6-crypt", "ipv6-auth", "i-nlsp", "swipe", "narp", "mobile",
125128 + "tlsp", "skip", "ipv6-icmp", "ipv6-nonxt", "ipv6-opts", "unknown:61", "cftp", "unknown:63",
125129 + "sat-expak", "kryptolan", "rvd", "ippc", "unknown:68", "sat-mon", "visa", "ipcv",
125130 + "cpnx", "cphb", "wsn", "pvp", "br-sat-mon", "sun-nd", "wb-mon", "wb-expak",
125131 + "iso-ip", "vmtp", "secure-vmtp", "vines", "ttp", "nfsnet-igp", "dgp", "tcf",
125132 + "eigrp", "ospf", "sprite-rpc", "larp", "mtp", "ax.25", "ipip", "micp",
125133 + "scc-sp", "etherip", "encap", "unknown:99", "gmtp", "ifmp", "pnni", "pim",
125134 + "aris", "scps", "qnx", "a/n", "ipcomp", "snp", "compaq-peer", "ipx-in-ip",
125135 + "vrrp", "pgm", "unknown:114", "l2tp", "ddx", "iatp", "stp", "srp",
125136 + "uti", "smp", "sm", "ptp", "isis", "fire", "crtp", "crdup",
125137 + "sscopmce", "iplt", "sps", "pipe", "sctp", "fc", "unkown:134", "unknown:135",
125138 + "unknown:136", "unknown:137", "unknown:138", "unknown:139", "unknown:140", "unknown:141", "unknown:142", "unknown:143",
125139 + "unknown:144", "unknown:145", "unknown:146", "unknown:147", "unknown:148", "unknown:149", "unknown:150", "unknown:151",
125140 + "unknown:152", "unknown:153", "unknown:154", "unknown:155", "unknown:156", "unknown:157", "unknown:158", "unknown:159",
125141 + "unknown:160", "unknown:161", "unknown:162", "unknown:163", "unknown:164", "unknown:165", "unknown:166", "unknown:167",
125142 + "unknown:168", "unknown:169", "unknown:170", "unknown:171", "unknown:172", "unknown:173", "unknown:174", "unknown:175",
125143 + "unknown:176", "unknown:177", "unknown:178", "unknown:179", "unknown:180", "unknown:181", "unknown:182", "unknown:183",
125144 + "unknown:184", "unknown:185", "unknown:186", "unknown:187", "unknown:188", "unknown:189", "unknown:190", "unknown:191",
125145 + "unknown:192", "unknown:193", "unknown:194", "unknown:195", "unknown:196", "unknown:197", "unknown:198", "unknown:199",
125146 + "unknown:200", "unknown:201", "unknown:202", "unknown:203", "unknown:204", "unknown:205", "unknown:206", "unknown:207",
125147 + "unknown:208", "unknown:209", "unknown:210", "unknown:211", "unknown:212", "unknown:213", "unknown:214", "unknown:215",
125148 + "unknown:216", "unknown:217", "unknown:218", "unknown:219", "unknown:220", "unknown:221", "unknown:222", "unknown:223",
125149 + "unknown:224", "unknown:225", "unknown:226", "unknown:227", "unknown:228", "unknown:229", "unknown:230", "unknown:231",
125150 + "unknown:232", "unknown:233", "unknown:234", "unknown:235", "unknown:236", "unknown:237", "unknown:238", "unknown:239",
125151 + "unknown:240", "unknown:241", "unknown:242", "unknown:243", "unknown:244", "unknown:245", "unknown:246", "unknown:247",
125152 + "unknown:248", "unknown:249", "unknown:250", "unknown:251", "unknown:252", "unknown:253", "unknown:254", "unknown:255",
125153 + };
125154 +
125155 +static const char * gr_socktypes[SOCK_MAX] = {
125156 + "unknown:0", "stream", "dgram", "raw", "rdm", "seqpacket", "unknown:6",
125157 + "unknown:7", "unknown:8", "unknown:9", "packet"
125158 + };
125159 +
125160 +static const char * gr_sockfamilies[AF_MAX] = {
125161 + "unspec", "unix", "inet", "ax25", "ipx", "appletalk", "netrom", "bridge", "atmpvc", "x25",
125162 + "inet6", "rose", "decnet", "netbeui", "security", "key", "netlink", "packet", "ash",
125163 + "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "fam_27", "fam_28",
125164 + "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf", "alg",
125165 + "nfc", "vsock", "kcm", "qipcrtr"
125166 + };
125167 +
125168 +const char *
125169 +gr_proto_to_name(unsigned char proto)
125170 +{
125171 + return gr_protocols[proto];
125172 +}
125173 +
125174 +const char *
125175 +gr_socktype_to_name(unsigned char type)
125176 +{
125177 + return gr_socktypes[type];
125178 +}
125179 +
125180 +const char *
125181 +gr_sockfamily_to_name(unsigned char family)
125182 +{
125183 + return gr_sockfamilies[family];
125184 +}
125185 +
125186 +extern const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
125187 +
125188 +int
125189 +gr_search_socket(const int domain, const int type, const int protocol)
125190 +{
125191 + struct acl_subject_label *curr;
125192 + const struct cred *cred = current_cred();
125193 +
125194 + if (unlikely(!gr_acl_is_enabled()))
125195 + goto exit;
125196 +
125197 + if ((domain < 0) || (type < 0) || (protocol < 0) ||
125198 + (domain >= AF_MAX) || (type >= SOCK_MAX) || (protocol >= IPPROTO_MAX))
125199 + goto exit; // let the kernel handle it
125200 +
125201 + curr = current->acl;
125202 +
125203 + if (curr->sock_families[domain / 32] & (1U << (domain % 32))) {
125204 + /* the family is allowed, if this is PF_INET allow it only if
125205 + the extra sock type/protocol checks pass */
125206 + if (domain == PF_INET)
125207 + goto inet_check;
125208 + goto exit;
125209 + } else {
125210 + if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
125211 + __u32 fakeip = 0;
125212 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
125213 + current->role->roletype, GR_GLOBAL_UID(cred->uid),
125214 + GR_GLOBAL_GID(cred->gid), current->exec_file ?
125215 + gr_to_filename(current->exec_file->f_path.dentry,
125216 + current->exec_file->f_path.mnt) :
125217 + curr->filename, curr->filename,
125218 + &fakeip, domain, 0, 0, GR_SOCK_FAMILY,
125219 + &current->signal->saved_ip);
125220 + goto exit;
125221 + }
125222 + goto exit_fail;
125223 + }
125224 +
125225 +inet_check:
125226 + /* the rest of this checking is for IPv4 only */
125227 + if (!curr->ips)
125228 + goto exit;
125229 +
125230 + if ((curr->ip_type & (1U << type)) &&
125231 + (curr->ip_proto[protocol / 32] & (1U << (protocol % 32))))
125232 + goto exit;
125233 +
125234 + if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
125235 + /* we don't place acls on raw sockets , and sometimes
125236 + dgram/ip sockets are opened for ioctl and not
125237 + bind/connect, so we'll fake a bind learn log */
125238 + if (type == SOCK_RAW || type == SOCK_PACKET) {
125239 + __u32 fakeip = 0;
125240 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
125241 + current->role->roletype, GR_GLOBAL_UID(cred->uid),
125242 + GR_GLOBAL_GID(cred->gid), current->exec_file ?
125243 + gr_to_filename(current->exec_file->f_path.dentry,
125244 + current->exec_file->f_path.mnt) :
125245 + curr->filename, curr->filename,
125246 + &fakeip, 0, type,
125247 + protocol, GR_CONNECT, &current->signal->saved_ip);
125248 + } else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) {
125249 + __u32 fakeip = 0;
125250 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
125251 + current->role->roletype, GR_GLOBAL_UID(cred->uid),
125252 + GR_GLOBAL_GID(cred->gid), current->exec_file ?
125253 + gr_to_filename(current->exec_file->f_path.dentry,
125254 + current->exec_file->f_path.mnt) :
125255 + curr->filename, curr->filename,
125256 + &fakeip, 0, type,
125257 + protocol, GR_BIND, &current->signal->saved_ip);
125258 + }
125259 + /* we'll log when they use connect or bind */
125260 + goto exit;
125261 + }
125262 +
125263 +exit_fail:
125264 + if (domain == PF_INET)
125265 + gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, gr_sockfamily_to_name(domain),
125266 + gr_socktype_to_name(type), gr_proto_to_name(protocol));
125267 + else if (rcu_access_pointer(net_families[domain]) != NULL)
125268 + gr_log_str2_int(GR_DONT_AUDIT, GR_SOCK_NOINET_MSG, gr_sockfamily_to_name(domain),
125269 + gr_socktype_to_name(type), protocol);
125270 +
125271 + return 0;
125272 +exit:
125273 + return 1;
125274 +}
125275 +
125276 +int check_ip_policy(struct acl_ip_label *ip, __u32 ip_addr, __u16 ip_port, __u8 protocol, const int mode, const int type, __u32 our_addr, __u32 our_netmask)
125277 +{
125278 + if ((ip->mode & mode) &&
125279 + (ip_port >= ip->low) &&
125280 + (ip_port <= ip->high) &&
125281 + ((ntohl(ip_addr) & our_netmask) ==
125282 + (ntohl(our_addr) & our_netmask))
125283 + && (ip->proto[protocol / 32] & (1U << (protocol % 32)))
125284 + && (ip->type & (1U << type))) {
125285 + if (ip->mode & GR_INVERT)
125286 + return 2; // specifically denied
125287 + else
125288 + return 1; // allowed
125289 + }
125290 +
125291 + return 0; // not specifically allowed, may continue parsing
125292 +}
125293 +
125294 +static int
125295 +gr_search_connectbind(const int full_mode, struct sock *sk,
125296 + struct sockaddr_in *addr, const int type)
125297 +{
125298 + char iface[IFNAMSIZ] = {0};
125299 + struct acl_subject_label *curr;
125300 + struct acl_ip_label *ip;
125301 + struct inet_sock *isk;
125302 + struct net_device *dev;
125303 + struct in_device *idev;
125304 + unsigned long i;
125305 + int ret;
125306 + int mode = full_mode & (GR_BIND | GR_CONNECT);
125307 + __u32 ip_addr = 0;
125308 + __u32 our_addr;
125309 + __u32 our_netmask;
125310 + char *p;
125311 + __u16 ip_port = 0;
125312 + const struct cred *cred = current_cred();
125313 +
125314 + if (unlikely(!gr_acl_is_enabled() || sk->sk_family != PF_INET))
125315 + return 0;
125316 +
125317 + curr = current->acl;
125318 + isk = inet_sk(sk);
125319 +
125320 + /* INADDR_ANY overriding for binds, inaddr_any_override is already in network order */
125321 + if ((full_mode & GR_BINDOVERRIDE) && addr->sin_addr.s_addr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0)
125322 + addr->sin_addr.s_addr = curr->inaddr_any_override;
125323 + if ((full_mode & GR_CONNECT) && isk->inet_saddr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0) {
125324 + struct sockaddr_in saddr;
125325 + int err;
125326 +
125327 + saddr.sin_family = AF_INET;
125328 + saddr.sin_addr.s_addr = curr->inaddr_any_override;
125329 + saddr.sin_port = isk->inet_sport;
125330 +
125331 + err = security_socket_bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
125332 + if (err)
125333 + return err;
125334 +
125335 + err = sk->sk_socket->ops->bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
125336 + if (err)
125337 + return err;
125338 + }
125339 +
125340 + if (!curr->ips)
125341 + return 0;
125342 +
125343 + ip_addr = addr->sin_addr.s_addr;
125344 + ip_port = ntohs(addr->sin_port);
125345 +
125346 + if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
125347 + security_learn(GR_IP_LEARN_MSG, current->role->rolename,
125348 + current->role->roletype, GR_GLOBAL_UID(cred->uid),
125349 + GR_GLOBAL_GID(cred->gid), current->exec_file ?
125350 + gr_to_filename(current->exec_file->f_path.dentry,
125351 + current->exec_file->f_path.mnt) :
125352 + curr->filename, curr->filename,
125353 + &ip_addr, ip_port, type,
125354 + sk->sk_protocol, mode, &current->signal->saved_ip);
125355 + return 0;
125356 + }
125357 +
125358 + for (i = 0; i < curr->ip_num; i++) {
125359 + ip = *(curr->ips + i);
125360 + if (ip->iface != NULL) {
125361 + strncpy(iface, ip->iface, IFNAMSIZ - 1);
125362 + p = strchr(iface, ':');
125363 + if (p != NULL)
125364 + *p = '\0';
125365 + dev = dev_get_by_name(sock_net(sk), iface);
125366 + if (dev == NULL)
125367 + continue;
125368 + idev = in_dev_get(dev);
125369 + if (idev == NULL) {
125370 + dev_put(dev);
125371 + continue;
125372 + }
125373 + rcu_read_lock();
125374 + for_ifa(idev) {
125375 + if (!strcmp(ip->iface, ifa->ifa_label)) {
125376 + our_addr = ifa->ifa_address;
125377 + our_netmask = 0xffffffff;
125378 + ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask);
125379 + if (ret == 1) {
125380 + rcu_read_unlock();
125381 + in_dev_put(idev);
125382 + dev_put(dev);
125383 + return 0;
125384 + } else if (ret == 2) {
125385 + rcu_read_unlock();
125386 + in_dev_put(idev);
125387 + dev_put(dev);
125388 + goto denied;
125389 + }
125390 + }
125391 + } endfor_ifa(idev);
125392 + rcu_read_unlock();
125393 + in_dev_put(idev);
125394 + dev_put(dev);
125395 + } else {
125396 + our_addr = ip->addr;
125397 + our_netmask = ip->netmask;
125398 + ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask);
125399 + if (ret == 1)
125400 + return 0;
125401 + else if (ret == 2)
125402 + goto denied;
125403 + }
125404 + }
125405 +
125406 +denied:
125407 + if (mode == GR_BIND)
125408 + gr_log_int5_str2(GR_DONT_AUDIT, GR_BIND_ACL_MSG, &ip_addr, ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol));
125409 + else if (mode == GR_CONNECT)
125410 + gr_log_int5_str2(GR_DONT_AUDIT, GR_CONNECT_ACL_MSG, &ip_addr, ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol));
125411 +
125412 + return -EACCES;
125413 +}
125414 +
125415 +int
125416 +gr_search_connect(struct socket *sock, struct sockaddr_in *addr)
125417 +{
125418 + /* always allow disconnection of dgram sockets with connect */
125419 + if (addr->sin_family == AF_UNSPEC)
125420 + return 0;
125421 + return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sock->sk, addr, sock->type);
125422 +}
125423 +
125424 +int
125425 +gr_search_bind(struct socket *sock, struct sockaddr_in *addr)
125426 +{
125427 + return gr_search_connectbind(GR_BIND | GR_BINDOVERRIDE, sock->sk, addr, sock->type);
125428 +}
125429 +
125430 +int gr_search_listen(struct socket *sock)
125431 +{
125432 + struct sock *sk = sock->sk;
125433 + struct sockaddr_in addr;
125434 +
125435 + addr.sin_addr.s_addr = inet_sk(sk)->inet_saddr;
125436 + addr.sin_port = inet_sk(sk)->inet_sport;
125437 +
125438 + return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
125439 +}
125440 +
125441 +int gr_search_accept(struct socket *sock)
125442 +{
125443 + struct sock *sk = sock->sk;
125444 + struct sockaddr_in addr;
125445 +
125446 + addr.sin_addr.s_addr = inet_sk(sk)->inet_saddr;
125447 + addr.sin_port = inet_sk(sk)->inet_sport;
125448 +
125449 + return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
125450 +}
125451 +
125452 +int
125453 +gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr)
125454 +{
125455 + if (addr)
125456 + return gr_search_connectbind(GR_CONNECT, sk, addr, SOCK_DGRAM);
125457 + else {
125458 + struct sockaddr_in sin;
125459 + const struct inet_sock *inet = inet_sk(sk);
125460 +
125461 + sin.sin_addr.s_addr = inet->inet_daddr;
125462 + sin.sin_port = inet->inet_dport;
125463 +
125464 + return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
125465 + }
125466 +}
125467 +
125468 +int
125469 +gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb)
125470 +{
125471 + struct sockaddr_in sin;
125472 +
125473 + if (unlikely(skb->len < sizeof (struct udphdr)))
125474 + return 0; // skip this packet
125475 +
125476 + sin.sin_addr.s_addr = ip_hdr(skb)->saddr;
125477 + sin.sin_port = udp_hdr(skb)->source;
125478 +
125479 + return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
125480 +}
125481 diff --git a/grsecurity/gracl_learn.c b/grsecurity/gracl_learn.c
125482 new file mode 100644
125483 index 0000000..c5abda5
125484 --- /dev/null
125485 +++ b/grsecurity/gracl_learn.c
125486 @@ -0,0 +1,209 @@
125487 +#include <linux/kernel.h>
125488 +#include <linux/mm.h>
125489 +#include <linux/sched.h>
125490 +#include <linux/poll.h>
125491 +#include <linux/string.h>
125492 +#include <linux/file.h>
125493 +#include <linux/types.h>
125494 +#include <linux/vmalloc.h>
125495 +#include <linux/grinternal.h>
125496 +
125497 +extern ssize_t write_grsec_handler(struct file * file, const char __user * buf,
125498 + size_t count, loff_t *ppos);
125499 +extern int gr_acl_is_enabled(void);
125500 +
125501 +static DECLARE_WAIT_QUEUE_HEAD(learn_wait);
125502 +static int gr_learn_attached;
125503 +
125504 +/* use a 512k buffer */
125505 +#define LEARN_BUFFER_SIZE (512 * 1024)
125506 +
125507 +static DEFINE_SPINLOCK(gr_learn_lock);
125508 +static DEFINE_MUTEX(gr_learn_user_mutex);
125509 +
125510 +/* we need to maintain two buffers, so that the kernel context of grlearn
125511 + uses a semaphore around the userspace copying, and the other kernel contexts
125512 + use a spinlock when copying into the buffer, since they cannot sleep
125513 +*/
125514 +static char *learn_buffer;
125515 +static char *learn_buffer_user;
125516 +static int learn_buffer_len;
125517 +static int learn_buffer_user_len;
125518 +
125519 +static ssize_t
125520 +read_learn(struct file *file, char __user * buf, size_t count, loff_t * ppos)
125521 +{
125522 + DECLARE_WAITQUEUE(wait, current);
125523 + ssize_t retval = 0;
125524 +
125525 + add_wait_queue(&learn_wait, &wait);
125526 + do {
125527 + mutex_lock(&gr_learn_user_mutex);
125528 + set_current_state(TASK_INTERRUPTIBLE);
125529 + spin_lock(&gr_learn_lock);
125530 + if (learn_buffer_len) {
125531 + set_current_state(TASK_RUNNING);
125532 + break;
125533 + }
125534 + spin_unlock(&gr_learn_lock);
125535 + mutex_unlock(&gr_learn_user_mutex);
125536 + if (file->f_flags & O_NONBLOCK) {
125537 + retval = -EAGAIN;
125538 + goto out;
125539 + }
125540 + if (signal_pending(current)) {
125541 + retval = -ERESTARTSYS;
125542 + goto out;
125543 + }
125544 +
125545 + schedule();
125546 + } while (1);
125547 +
125548 + memcpy(learn_buffer_user, learn_buffer, learn_buffer_len);
125549 + learn_buffer_user_len = learn_buffer_len;
125550 + retval = learn_buffer_len;
125551 + learn_buffer_len = 0;
125552 +
125553 + spin_unlock(&gr_learn_lock);
125554 +
125555 + if (copy_to_user(buf, learn_buffer_user, learn_buffer_user_len))
125556 + retval = -EFAULT;
125557 +
125558 + mutex_unlock(&gr_learn_user_mutex);
125559 +out:
125560 + set_current_state(TASK_RUNNING);
125561 + remove_wait_queue(&learn_wait, &wait);
125562 + return retval;
125563 +}
125564 +
125565 +static unsigned int
125566 +poll_learn(struct file * file, poll_table * wait)
125567 +{
125568 + poll_wait(file, &learn_wait, wait);
125569 +
125570 + if (learn_buffer_len)
125571 + return (POLLIN | POLLRDNORM);
125572 +
125573 + return 0;
125574 +}
125575 +
125576 +void
125577 +gr_clear_learn_entries(void)
125578 +{
125579 + char *tmp;
125580 +
125581 + mutex_lock(&gr_learn_user_mutex);
125582 + spin_lock(&gr_learn_lock);
125583 + tmp = learn_buffer;
125584 + learn_buffer = NULL;
125585 + spin_unlock(&gr_learn_lock);
125586 + if (tmp)
125587 + vfree(tmp);
125588 + if (learn_buffer_user != NULL) {
125589 + vfree(learn_buffer_user);
125590 + learn_buffer_user = NULL;
125591 + }
125592 + learn_buffer_len = 0;
125593 + mutex_unlock(&gr_learn_user_mutex);
125594 +
125595 + return;
125596 +}
125597 +
125598 +void
125599 +gr_add_learn_entry(const char *fmt, ...)
125600 +{
125601 + va_list args;
125602 + unsigned int len;
125603 +
125604 + if (!gr_learn_attached)
125605 + return;
125606 +
125607 + spin_lock(&gr_learn_lock);
125608 +
125609 + /* leave a gap at the end so we know when it's "full" but don't have to
125610 + compute the exact length of the string we're trying to append
125611 + */
125612 + if (learn_buffer_len > LEARN_BUFFER_SIZE - 16384) {
125613 + spin_unlock(&gr_learn_lock);
125614 + wake_up_interruptible(&learn_wait);
125615 + return;
125616 + }
125617 + if (learn_buffer == NULL) {
125618 + spin_unlock(&gr_learn_lock);
125619 + return;
125620 + }
125621 +
125622 + va_start(args, fmt);
125623 + len = vsnprintf(learn_buffer + learn_buffer_len, LEARN_BUFFER_SIZE - learn_buffer_len, fmt, args);
125624 + va_end(args);
125625 +
125626 + learn_buffer_len += len + 1;
125627 +
125628 + spin_unlock(&gr_learn_lock);
125629 + wake_up_interruptible(&learn_wait);
125630 +
125631 + return;
125632 +}
125633 +
125634 +static int
125635 +open_learn(struct inode *inode, struct file *file)
125636 +{
125637 + if (file->f_mode & FMODE_READ && gr_learn_attached)
125638 + return -EBUSY;
125639 + if (file->f_mode & FMODE_READ) {
125640 + int retval = 0;
125641 + mutex_lock(&gr_learn_user_mutex);
125642 + if (learn_buffer == NULL)
125643 + learn_buffer = vmalloc(LEARN_BUFFER_SIZE);
125644 + if (learn_buffer_user == NULL)
125645 + learn_buffer_user = vmalloc(LEARN_BUFFER_SIZE);
125646 + if (learn_buffer == NULL) {
125647 + retval = -ENOMEM;
125648 + goto out_error;
125649 + }
125650 + if (learn_buffer_user == NULL) {
125651 + retval = -ENOMEM;
125652 + goto out_error;
125653 + }
125654 + learn_buffer_len = 0;
125655 + learn_buffer_user_len = 0;
125656 + gr_learn_attached = 1;
125657 +out_error:
125658 + mutex_unlock(&gr_learn_user_mutex);
125659 + return retval;
125660 + }
125661 + return 0;
125662 +}
125663 +
125664 +static int
125665 +close_learn(struct inode *inode, struct file *file)
125666 +{
125667 + if (file->f_mode & FMODE_READ) {
125668 + char *tmp = NULL;
125669 + mutex_lock(&gr_learn_user_mutex);
125670 + spin_lock(&gr_learn_lock);
125671 + tmp = learn_buffer;
125672 + learn_buffer = NULL;
125673 + spin_unlock(&gr_learn_lock);
125674 + if (tmp)
125675 + vfree(tmp);
125676 + if (learn_buffer_user != NULL) {
125677 + vfree(learn_buffer_user);
125678 + learn_buffer_user = NULL;
125679 + }
125680 + learn_buffer_len = 0;
125681 + learn_buffer_user_len = 0;
125682 + gr_learn_attached = 0;
125683 + mutex_unlock(&gr_learn_user_mutex);
125684 + }
125685 +
125686 + return 0;
125687 +}
125688 +
125689 +const struct file_operations grsec_fops = {
125690 + .read = read_learn,
125691 + .write = write_grsec_handler,
125692 + .open = open_learn,
125693 + .release = close_learn,
125694 + .poll = poll_learn,
125695 +};
125696 diff --git a/grsecurity/gracl_policy.c b/grsecurity/gracl_policy.c
125697 new file mode 100644
125698 index 0000000..d943ba9
125699 --- /dev/null
125700 +++ b/grsecurity/gracl_policy.c
125701 @@ -0,0 +1,1784 @@
125702 +#include <linux/kernel.h>
125703 +#include <linux/module.h>
125704 +#include <linux/sched.h>
125705 +#include <linux/mm.h>
125706 +#include <linux/file.h>
125707 +#include <linux/fs.h>
125708 +#include <linux/namei.h>
125709 +#include <linux/mount.h>
125710 +#include <linux/tty.h>
125711 +#include <linux/proc_fs.h>
125712 +#include <linux/lglock.h>
125713 +#include <linux/slab.h>
125714 +#include <linux/vmalloc.h>
125715 +#include <linux/types.h>
125716 +#include <linux/sysctl.h>
125717 +#include <linux/netdevice.h>
125718 +#include <linux/ptrace.h>
125719 +#include <linux/gracl.h>
125720 +#include <linux/gralloc.h>
125721 +#include <linux/security.h>
125722 +#include <linux/grinternal.h>
125723 +#include <linux/pid_namespace.h>
125724 +#include <linux/stop_machine.h>
125725 +#include <linux/fdtable.h>
125726 +#include <linux/percpu.h>
125727 +#include <linux/lglock.h>
125728 +#include <linux/hugetlb.h>
125729 +#include <linux/posix-timers.h>
125730 +#include "../fs/mount.h"
125731 +
125732 +#include <asm/uaccess.h>
125733 +#include <asm/errno.h>
125734 +#include <asm/mman.h>
125735 +
125736 +extern struct gr_policy_state *polstate;
125737 +
125738 +#define FOR_EACH_ROLE_START(role) \
125739 + role = polstate->role_list; \
125740 + while (role) {
125741 +
125742 +#define FOR_EACH_ROLE_END(role) \
125743 + role = role->prev; \
125744 + }
125745 +
125746 +struct path gr_real_root;
125747 +
125748 +extern struct gr_alloc_state *current_alloc_state;
125749 +
125750 +u16 acl_sp_role_value;
125751 +
125752 +static DEFINE_MUTEX(gr_dev_mutex);
125753 +
125754 +extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum);
125755 +extern void gr_clear_learn_entries(void);
125756 +
125757 +struct gr_arg *gr_usermode __read_only;
125758 +unsigned char *gr_system_salt __read_only;
125759 +unsigned char *gr_system_sum __read_only;
125760 +
125761 +static unsigned int gr_auth_attempts = 0;
125762 +static unsigned long gr_auth_expires = 0UL;
125763 +
125764 +struct acl_object_label *fakefs_obj_rw;
125765 +struct acl_object_label *fakefs_obj_rwx;
125766 +
125767 +extern int gr_init_uidset(void);
125768 +extern void gr_free_uidset(void);
125769 +extern int gr_find_and_remove_uid(uid_t uid);
125770 +
125771 +extern struct acl_subject_label *__gr_get_subject_for_task(const struct gr_policy_state *state, struct task_struct *task, const char *filename, int fallback);
125772 +extern void __gr_apply_subject_to_task(const struct gr_policy_state *state, struct task_struct *task, struct acl_subject_label *subj);
125773 +extern int gr_streq(const char *a, const char *b, const unsigned int lena, const unsigned int lenb);
125774 +extern void __insert_inodev_entry(const struct gr_policy_state *state, struct inodev_entry *entry);
125775 +extern struct acl_role_label *__lookup_acl_role_label(const struct gr_policy_state *state, const struct task_struct *task, const uid_t uid, const gid_t gid);
125776 +extern void insert_acl_obj_label(struct acl_object_label *obj, struct acl_subject_label *subj);
125777 +extern void insert_acl_subj_label(struct acl_subject_label *obj, struct acl_role_label *role);
125778 +extern struct name_entry * __lookup_name_entry(const struct gr_policy_state *state, const char *name);
125779 +extern char *gr_to_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt);
125780 +extern struct acl_subject_label *lookup_acl_subj_label(const u64 ino, const dev_t dev, const struct acl_role_label *role);
125781 +extern struct acl_subject_label *lookup_acl_subj_label_deleted(const u64 ino, const dev_t dev, const struct acl_role_label *role);
125782 +extern void assign_special_role(const char *rolename);
125783 +extern struct acl_subject_label *chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt, const struct acl_role_label *role);
125784 +extern int gr_rbac_disable(void *unused);
125785 +extern void gr_enable_rbac_system(void);
125786 +
125787 +static int copy_acl_object_label_normal(struct acl_object_label *obj, const struct acl_object_label *userp)
125788 +{
125789 + if (copy_from_user(obj, userp, sizeof(struct acl_object_label)))
125790 + return -EFAULT;
125791 +
125792 + return 0;
125793 +}
125794 +
125795 +static int copy_acl_ip_label_normal(struct acl_ip_label *ip, const struct acl_ip_label *userp)
125796 +{
125797 + if (copy_from_user(ip, userp, sizeof(struct acl_ip_label)))
125798 + return -EFAULT;
125799 +
125800 + return 0;
125801 +}
125802 +
125803 +static int copy_acl_subject_label_normal(struct acl_subject_label *subj, const struct acl_subject_label *userp)
125804 +{
125805 + if (copy_from_user(subj, userp, sizeof(struct acl_subject_label)))
125806 + return -EFAULT;
125807 +
125808 + return 0;
125809 +}
125810 +
125811 +static int copy_acl_role_label_normal(struct acl_role_label *role, const struct acl_role_label *userp)
125812 +{
125813 + if (copy_from_user(role, userp, sizeof(struct acl_role_label)))
125814 + return -EFAULT;
125815 +
125816 + return 0;
125817 +}
125818 +
125819 +static int copy_role_allowed_ip_normal(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp)
125820 +{
125821 + if (copy_from_user(roleip, userp, sizeof(struct role_allowed_ip)))
125822 + return -EFAULT;
125823 +
125824 + return 0;
125825 +}
125826 +
125827 +static int copy_sprole_pw_normal(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp)
125828 +{
125829 + if (copy_from_user(pw, userp + idx, sizeof(struct sprole_pw)))
125830 + return -EFAULT;
125831 +
125832 + return 0;
125833 +}
125834 +
125835 +static int copy_gr_hash_struct_normal(struct gr_hash_struct *hash, const struct gr_hash_struct *userp)
125836 +{
125837 + if (copy_from_user(hash, userp, sizeof(struct gr_hash_struct)))
125838 + return -EFAULT;
125839 +
125840 + return 0;
125841 +}
125842 +
125843 +static int copy_role_transition_normal(struct role_transition *trans, const struct role_transition *userp)
125844 +{
125845 + if (copy_from_user(trans, userp, sizeof(struct role_transition)))
125846 + return -EFAULT;
125847 +
125848 + return 0;
125849 +}
125850 +
125851 +int copy_pointer_from_array_normal(void *ptr, unsigned long idx, const void *userp)
125852 +{
125853 + if (copy_from_user(ptr, userp + (idx * sizeof(void *)), sizeof(void *)))
125854 + return -EFAULT;
125855 +
125856 + return 0;
125857 +}
125858 +
125859 +static int copy_gr_arg_wrapper_normal(const char __user *buf, struct gr_arg_wrapper *uwrap)
125860 +{
125861 + if (copy_from_user(uwrap, buf, sizeof (struct gr_arg_wrapper)))
125862 + return -EFAULT;
125863 +
125864 + if ((uwrap->version != GRSECURITY_VERSION) ||
125865 + (uwrap->size != sizeof(struct gr_arg)))
125866 + return -EINVAL;
125867 +
125868 + return 0;
125869 +}
125870 +
125871 +static int copy_gr_arg_normal(const struct gr_arg __user *buf, struct gr_arg *arg)
125872 +{
125873 + if (copy_from_user(arg, buf, sizeof (struct gr_arg)))
125874 + return -EFAULT;
125875 +
125876 + return 0;
125877 +}
125878 +
125879 +static size_t get_gr_arg_wrapper_size_normal(void)
125880 +{
125881 + return sizeof(struct gr_arg_wrapper);
125882 +}
125883 +
125884 +#ifdef CONFIG_COMPAT
125885 +extern int copy_gr_arg_wrapper_compat(const char *buf, struct gr_arg_wrapper *uwrap);
125886 +extern int copy_gr_arg_compat(const struct gr_arg __user *buf, struct gr_arg *arg);
125887 +extern int copy_acl_object_label_compat(struct acl_object_label *obj, const struct acl_object_label *userp);
125888 +extern int copy_acl_subject_label_compat(struct acl_subject_label *subj, const struct acl_subject_label *userp);
125889 +extern int copy_acl_role_label_compat(struct acl_role_label *role, const struct acl_role_label *userp);
125890 +extern int copy_role_allowed_ip_compat(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp);
125891 +extern int copy_role_transition_compat(struct role_transition *trans, const struct role_transition *userp);
125892 +extern int copy_gr_hash_struct_compat(struct gr_hash_struct *hash, const struct gr_hash_struct *userp);
125893 +extern int copy_pointer_from_array_compat(void *ptr, unsigned long idx, const void *userp);
125894 +extern int copy_acl_ip_label_compat(struct acl_ip_label *ip, const struct acl_ip_label *userp);
125895 +extern int copy_sprole_pw_compat(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp);
125896 +extern size_t get_gr_arg_wrapper_size_compat(void);
125897 +
125898 +int (* copy_gr_arg_wrapper)(const char *buf, struct gr_arg_wrapper *uwrap) __read_only;
125899 +int (* copy_gr_arg)(const struct gr_arg *buf, struct gr_arg *arg) __read_only;
125900 +int (* copy_acl_object_label)(struct acl_object_label *obj, const struct acl_object_label *userp) __read_only;
125901 +int (* copy_acl_subject_label)(struct acl_subject_label *subj, const struct acl_subject_label *userp) __read_only;
125902 +int (* copy_acl_role_label)(struct acl_role_label *role, const struct acl_role_label *userp) __read_only;
125903 +int (* copy_acl_ip_label)(struct acl_ip_label *ip, const struct acl_ip_label *userp) __read_only;
125904 +int (* copy_pointer_from_array)(void *ptr, unsigned long idx, const void *userp) __read_only;
125905 +int (* copy_sprole_pw)(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp) __read_only;
125906 +int (* copy_gr_hash_struct)(struct gr_hash_struct *hash, const struct gr_hash_struct *userp) __read_only;
125907 +int (* copy_role_transition)(struct role_transition *trans, const struct role_transition *userp) __read_only;
125908 +int (* copy_role_allowed_ip)(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp) __read_only;
125909 +size_t (* get_gr_arg_wrapper_size)(void) __read_only;
125910 +
125911 +#else
125912 +#define copy_gr_arg_wrapper copy_gr_arg_wrapper_normal
125913 +#define copy_gr_arg copy_gr_arg_normal
125914 +#define copy_gr_hash_struct copy_gr_hash_struct_normal
125915 +#define copy_acl_object_label copy_acl_object_label_normal
125916 +#define copy_acl_subject_label copy_acl_subject_label_normal
125917 +#define copy_acl_role_label copy_acl_role_label_normal
125918 +#define copy_acl_ip_label copy_acl_ip_label_normal
125919 +#define copy_pointer_from_array copy_pointer_from_array_normal
125920 +#define copy_sprole_pw copy_sprole_pw_normal
125921 +#define copy_role_transition copy_role_transition_normal
125922 +#define copy_role_allowed_ip copy_role_allowed_ip_normal
125923 +#define get_gr_arg_wrapper_size get_gr_arg_wrapper_size_normal
125924 +#endif
125925 +
125926 +static struct acl_subject_label *
125927 +lookup_subject_map(const struct acl_subject_label *userp)
125928 +{
125929 + unsigned int index = gr_shash(userp, polstate->subj_map_set.s_size);
125930 + struct subject_map *match;
125931 +
125932 + match = polstate->subj_map_set.s_hash[index];
125933 +
125934 + while (match && match->user != userp)
125935 + match = match->next;
125936 +
125937 + if (match != NULL)
125938 + return match->kernel;
125939 + else
125940 + return NULL;
125941 +}
125942 +
125943 +static void
125944 +insert_subj_map_entry(struct subject_map *subjmap)
125945 +{
125946 + unsigned int index = gr_shash(subjmap->user, polstate->subj_map_set.s_size);
125947 + struct subject_map **curr;
125948 +
125949 + subjmap->prev = NULL;
125950 +
125951 + curr = &polstate->subj_map_set.s_hash[index];
125952 + if (*curr != NULL)
125953 + (*curr)->prev = subjmap;
125954 +
125955 + subjmap->next = *curr;
125956 + *curr = subjmap;
125957 +
125958 + return;
125959 +}
125960 +
125961 +static void
125962 +__insert_acl_role_label(struct acl_role_label *role, uid_t uidgid)
125963 +{
125964 + unsigned int index =
125965 + gr_rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), polstate->acl_role_set.r_size);
125966 + struct acl_role_label **curr;
125967 + struct acl_role_label *tmp, *tmp2;
125968 +
125969 + curr = &polstate->acl_role_set.r_hash[index];
125970 +
125971 + /* simple case, slot is empty, just set it to our role */
125972 + if (*curr == NULL) {
125973 + *curr = role;
125974 + } else {
125975 + /* example:
125976 + 1 -> 2 -> 3 (adding 2 -> 3 to here)
125977 + 2 -> 3
125978 + */
125979 + /* first check to see if we can already be reached via this slot */
125980 + tmp = *curr;
125981 + while (tmp && tmp != role)
125982 + tmp = tmp->next;
125983 + if (tmp == role) {
125984 + /* we don't need to add ourselves to this slot's chain */
125985 + return;
125986 + }
125987 + /* we need to add ourselves to this chain, two cases */
125988 + if (role->next == NULL) {
125989 + /* simple case, append the current chain to our role */
125990 + role->next = *curr;
125991 + *curr = role;
125992 + } else {
125993 + /* 1 -> 2 -> 3 -> 4
125994 + 2 -> 3 -> 4
125995 + 3 -> 4 (adding 1 -> 2 -> 3 -> 4 to here)
125996 + */
125997 + /* trickier case: walk our role's chain until we find
125998 + the role for the start of the current slot's chain */
125999 + tmp = role;
126000 + tmp2 = *curr;
126001 + while (tmp->next && tmp->next != tmp2)
126002 + tmp = tmp->next;
126003 + if (tmp->next == tmp2) {
126004 + /* from example above, we found 3, so just
126005 + replace this slot's chain with ours */
126006 + *curr = role;
126007 + } else {
126008 + /* we didn't find a subset of our role's chain
126009 + in the current slot's chain, so append their
126010 + chain to ours, and set us as the first role in
126011 + the slot's chain
126012 +
126013 + we could fold this case with the case above,
126014 + but making it explicit for clarity
126015 + */
126016 + tmp->next = tmp2;
126017 + *curr = role;
126018 + }
126019 + }
126020 + }
126021 +
126022 + return;
126023 +}
126024 +
126025 +static void
126026 +insert_acl_role_label(struct acl_role_label *role)
126027 +{
126028 + int i;
126029 +
126030 + if (polstate->role_list == NULL) {
126031 + polstate->role_list = role;
126032 + role->prev = NULL;
126033 + } else {
126034 + role->prev = polstate->role_list;
126035 + polstate->role_list = role;
126036 + }
126037 +
126038 + /* used for hash chains */
126039 + role->next = NULL;
126040 +
126041 + if (role->roletype & GR_ROLE_DOMAIN) {
126042 + for (i = 0; i < role->domain_child_num; i++)
126043 + __insert_acl_role_label(role, role->domain_children[i]);
126044 + } else
126045 + __insert_acl_role_label(role, role->uidgid);
126046 +}
126047 +
126048 +static int
126049 +insert_name_entry(char *name, const u64 inode, const dev_t device, __u8 deleted)
126050 +{
126051 + struct name_entry **curr, *nentry;
126052 + struct inodev_entry *ientry;
126053 + unsigned int len = strlen(name);
126054 + unsigned int key = full_name_hash(NULL, (const unsigned char *)name, len);
126055 + unsigned int index = key % polstate->name_set.n_size;
126056 +
126057 + curr = &polstate->name_set.n_hash[index];
126058 +
126059 + while (*curr && ((*curr)->key != key || !gr_streq((*curr)->name, name, (*curr)->len, len)))
126060 + curr = &((*curr)->next);
126061 +
126062 + if (*curr != NULL)
126063 + return 1;
126064 +
126065 + nentry = acl_alloc(sizeof (struct name_entry));
126066 + if (nentry == NULL)
126067 + return 0;
126068 + ientry = acl_alloc(sizeof (struct inodev_entry));
126069 + if (ientry == NULL)
126070 + return 0;
126071 + ientry->nentry = nentry;
126072 +
126073 + nentry->key = key;
126074 + nentry->name = name;
126075 + nentry->inode = inode;
126076 + nentry->device = device;
126077 + nentry->len = len;
126078 + nentry->deleted = deleted;
126079 +
126080 + nentry->prev = NULL;
126081 + curr = &polstate->name_set.n_hash[index];
126082 + if (*curr != NULL)
126083 + (*curr)->prev = nentry;
126084 + nentry->next = *curr;
126085 + *curr = nentry;
126086 +
126087 + /* insert us into the table searchable by inode/dev */
126088 + __insert_inodev_entry(polstate, ientry);
126089 +
126090 + return 1;
126091 +}
126092 +
126093 +/* allocating chained hash tables, so optimal size is where lambda ~ 1 */
126094 +
126095 +static void *
126096 +create_table(__u32 * len, int elementsize)
126097 +{
126098 + unsigned int table_sizes[] = {
126099 + 7, 13, 31, 61, 127, 251, 509, 1021, 2039, 4093, 8191, 16381,
126100 + 32749, 65521, 131071, 262139, 524287, 1048573, 2097143,
126101 + 4194301, 8388593, 16777213, 33554393, 67108859
126102 + };
126103 + void *newtable = NULL;
126104 + unsigned int pwr = 0;
126105 +
126106 + while ((pwr < ((sizeof (table_sizes) / sizeof (table_sizes[0])) - 1)) &&
126107 + table_sizes[pwr] <= *len)
126108 + pwr++;
126109 +
126110 + if (table_sizes[pwr] <= *len || (table_sizes[pwr] > ULONG_MAX / elementsize))
126111 + return newtable;
126112 +
126113 + if ((table_sizes[pwr] * elementsize) <= PAGE_SIZE)
126114 + newtable =
126115 + kmalloc(table_sizes[pwr] * elementsize, GFP_KERNEL);
126116 + else
126117 + newtable = vmalloc(table_sizes[pwr] * elementsize);
126118 +
126119 + *len = table_sizes[pwr];
126120 +
126121 + return newtable;
126122 +}
126123 +
126124 +static int
126125 +init_variables(const struct gr_arg *arg, bool reload)
126126 +{
126127 + struct task_struct *reaper = init_pid_ns.child_reaper;
126128 + unsigned int stacksize;
126129 +
126130 + polstate->subj_map_set.s_size = arg->role_db.num_subjects;
126131 + polstate->acl_role_set.r_size = arg->role_db.num_roles + arg->role_db.num_domain_children;
126132 + polstate->name_set.n_size = arg->role_db.num_objects;
126133 + polstate->inodev_set.i_size = arg->role_db.num_objects;
126134 +
126135 + if (!polstate->subj_map_set.s_size || !polstate->acl_role_set.r_size ||
126136 + !polstate->name_set.n_size || !polstate->inodev_set.i_size)
126137 + return 1;
126138 +
126139 + if (!reload) {
126140 + if (!gr_init_uidset())
126141 + return 1;
126142 + }
126143 +
126144 + /* set up the stack that holds allocation info */
126145 +
126146 + stacksize = arg->role_db.num_pointers + 5;
126147 +
126148 + if (!acl_alloc_stack_init(stacksize))
126149 + return 1;
126150 +
126151 + if (!reload) {
126152 + /* grab reference for the real root dentry and vfsmount */
126153 + get_fs_root(reaper->fs, &gr_real_root);
126154 +
126155 +#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
126156 + printk(KERN_ALERT "Obtained real root device=%d, inode=%lu\n", gr_get_dev_from_dentry(gr_real_root.dentry), gr_get_ino_from_dentry(gr_real_root.dentry));
126157 +#endif
126158 +
126159 + fakefs_obj_rw = kzalloc(sizeof(struct acl_object_label), GFP_KERNEL);
126160 + if (fakefs_obj_rw == NULL)
126161 + return 1;
126162 + fakefs_obj_rw->mode = GR_FIND | GR_READ | GR_WRITE;
126163 +
126164 + fakefs_obj_rwx = kzalloc(sizeof(struct acl_object_label), GFP_KERNEL);
126165 + if (fakefs_obj_rwx == NULL)
126166 + return 1;
126167 + fakefs_obj_rwx->mode = GR_FIND | GR_READ | GR_WRITE | GR_EXEC;
126168 + }
126169 +
126170 + polstate->subj_map_set.s_hash =
126171 + (struct subject_map **) create_table(&polstate->subj_map_set.s_size, sizeof(void *));
126172 + polstate->acl_role_set.r_hash =
126173 + (struct acl_role_label **) create_table(&polstate->acl_role_set.r_size, sizeof(void *));
126174 + polstate->name_set.n_hash = (struct name_entry **) create_table(&polstate->name_set.n_size, sizeof(void *));
126175 + polstate->inodev_set.i_hash =
126176 + (struct inodev_entry **) create_table(&polstate->inodev_set.i_size, sizeof(void *));
126177 +
126178 + if (!polstate->subj_map_set.s_hash || !polstate->acl_role_set.r_hash ||
126179 + !polstate->name_set.n_hash || !polstate->inodev_set.i_hash)
126180 + return 1;
126181 +
126182 + memset(polstate->subj_map_set.s_hash, 0,
126183 + sizeof(struct subject_map *) * polstate->subj_map_set.s_size);
126184 + memset(polstate->acl_role_set.r_hash, 0,
126185 + sizeof (struct acl_role_label *) * polstate->acl_role_set.r_size);
126186 + memset(polstate->name_set.n_hash, 0,
126187 + sizeof (struct name_entry *) * polstate->name_set.n_size);
126188 + memset(polstate->inodev_set.i_hash, 0,
126189 + sizeof (struct inodev_entry *) * polstate->inodev_set.i_size);
126190 +
126191 + return 0;
126192 +}
126193 +
126194 +/* free information not needed after startup
126195 + currently contains user->kernel pointer mappings for subjects
126196 +*/
126197 +
126198 +static void
126199 +free_init_variables(void)
126200 +{
126201 + __u32 i;
126202 +
126203 + if (polstate->subj_map_set.s_hash) {
126204 + for (i = 0; i < polstate->subj_map_set.s_size; i++) {
126205 + if (polstate->subj_map_set.s_hash[i]) {
126206 + kfree(polstate->subj_map_set.s_hash[i]);
126207 + polstate->subj_map_set.s_hash[i] = NULL;
126208 + }
126209 + }
126210 +
126211 + if ((polstate->subj_map_set.s_size * sizeof (struct subject_map *)) <=
126212 + PAGE_SIZE)
126213 + kfree(polstate->subj_map_set.s_hash);
126214 + else
126215 + vfree(polstate->subj_map_set.s_hash);
126216 + }
126217 +
126218 + return;
126219 +}
126220 +
126221 +static void
126222 +free_variables(bool reload)
126223 +{
126224 + struct acl_subject_label *s;
126225 + struct acl_role_label *r;
126226 + struct task_struct *task, *task2;
126227 + unsigned int x;
126228 +
126229 + if (!reload) {
126230 + gr_clear_learn_entries();
126231 +
126232 + read_lock(&tasklist_lock);
126233 + do_each_thread(task2, task) {
126234 + task->acl_sp_role = 0;
126235 + task->acl_role_id = 0;
126236 + task->inherited = 0;
126237 + task->acl = NULL;
126238 + task->role = NULL;
126239 + } while_each_thread(task2, task);
126240 + read_unlock(&tasklist_lock);
126241 +
126242 + kfree(fakefs_obj_rw);
126243 + fakefs_obj_rw = NULL;
126244 + kfree(fakefs_obj_rwx);
126245 + fakefs_obj_rwx = NULL;
126246 +
126247 + /* release the reference to the real root dentry and vfsmount */
126248 + path_put(&gr_real_root);
126249 + memset(&gr_real_root, 0, sizeof(gr_real_root));
126250 + }
126251 +
126252 + /* free all object hash tables */
126253 +
126254 + FOR_EACH_ROLE_START(r)
126255 + if (r->subj_hash == NULL)
126256 + goto next_role;
126257 + FOR_EACH_SUBJECT_START(r, s, x)
126258 + if (s->obj_hash == NULL)
126259 + break;
126260 + if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
126261 + kfree(s->obj_hash);
126262 + else
126263 + vfree(s->obj_hash);
126264 + FOR_EACH_SUBJECT_END(s, x)
126265 + FOR_EACH_NESTED_SUBJECT_START(r, s)
126266 + if (s->obj_hash == NULL)
126267 + break;
126268 + if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
126269 + kfree(s->obj_hash);
126270 + else
126271 + vfree(s->obj_hash);
126272 + FOR_EACH_NESTED_SUBJECT_END(s)
126273 + if ((r->subj_hash_size * sizeof (struct acl_subject_label *)) <= PAGE_SIZE)
126274 + kfree(r->subj_hash);
126275 + else
126276 + vfree(r->subj_hash);
126277 + r->subj_hash = NULL;
126278 +next_role:
126279 + FOR_EACH_ROLE_END(r)
126280 +
126281 + acl_free_all();
126282 +
126283 + if (polstate->acl_role_set.r_hash) {
126284 + if ((polstate->acl_role_set.r_size * sizeof (struct acl_role_label *)) <=
126285 + PAGE_SIZE)
126286 + kfree(polstate->acl_role_set.r_hash);
126287 + else
126288 + vfree(polstate->acl_role_set.r_hash);
126289 + }
126290 + if (polstate->name_set.n_hash) {
126291 + if ((polstate->name_set.n_size * sizeof (struct name_entry *)) <=
126292 + PAGE_SIZE)
126293 + kfree(polstate->name_set.n_hash);
126294 + else
126295 + vfree(polstate->name_set.n_hash);
126296 + }
126297 +
126298 + if (polstate->inodev_set.i_hash) {
126299 + if ((polstate->inodev_set.i_size * sizeof (struct inodev_entry *)) <=
126300 + PAGE_SIZE)
126301 + kfree(polstate->inodev_set.i_hash);
126302 + else
126303 + vfree(polstate->inodev_set.i_hash);
126304 + }
126305 +
126306 + if (!reload)
126307 + gr_free_uidset();
126308 +
126309 + memset(&polstate->name_set, 0, sizeof (struct name_db));
126310 + memset(&polstate->inodev_set, 0, sizeof (struct inodev_db));
126311 + memset(&polstate->acl_role_set, 0, sizeof (struct acl_role_db));
126312 + memset(&polstate->subj_map_set, 0, sizeof (struct acl_subj_map_db));
126313 +
126314 + polstate->default_role = NULL;
126315 + polstate->kernel_role = NULL;
126316 + polstate->role_list = NULL;
126317 +
126318 + return;
126319 +}
126320 +
126321 +static struct acl_subject_label *
126322 +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role, int *already_copied);
126323 +
126324 +static int alloc_and_copy_string(char **name, unsigned int maxlen)
126325 +{
126326 + unsigned int len = strnlen_user(*name, maxlen);
126327 + char *tmp;
126328 +
126329 + if (!len || len >= maxlen)
126330 + return -EINVAL;
126331 +
126332 + if ((tmp = (char *) acl_alloc(len)) == NULL)
126333 + return -ENOMEM;
126334 +
126335 + if (copy_from_user(tmp, *name, len))
126336 + return -EFAULT;
126337 +
126338 + tmp[len-1] = '\0';
126339 + *name = tmp;
126340 +
126341 + return 0;
126342 +}
126343 +
126344 +static int
126345 +copy_user_glob(struct acl_object_label *obj)
126346 +{
126347 + struct acl_object_label *g_tmp, **guser;
126348 + int error;
126349 +
126350 + if (obj->globbed == NULL)
126351 + return 0;
126352 +
126353 + guser = &obj->globbed;
126354 + while (*guser) {
126355 + g_tmp = (struct acl_object_label *)
126356 + acl_alloc(sizeof (struct acl_object_label));
126357 + if (g_tmp == NULL)
126358 + return -ENOMEM;
126359 +
126360 + if (copy_acl_object_label(g_tmp, *guser))
126361 + return -EFAULT;
126362 +
126363 + error = alloc_and_copy_string(&g_tmp->filename, PATH_MAX);
126364 + if (error)
126365 + return error;
126366 +
126367 + *guser = g_tmp;
126368 + guser = &(g_tmp->next);
126369 + }
126370 +
126371 + return 0;
126372 +}
126373 +
126374 +static int
126375 +copy_user_objs(struct acl_object_label *userp, struct acl_subject_label *subj,
126376 + struct acl_role_label *role)
126377 +{
126378 + struct acl_object_label *o_tmp;
126379 + int ret;
126380 +
126381 + while (userp) {
126382 + if ((o_tmp = (struct acl_object_label *)
126383 + acl_alloc(sizeof (struct acl_object_label))) == NULL)
126384 + return -ENOMEM;
126385 +
126386 + if (copy_acl_object_label(o_tmp, userp))
126387 + return -EFAULT;
126388 +
126389 + userp = o_tmp->prev;
126390 +
126391 + ret = alloc_and_copy_string(&o_tmp->filename, PATH_MAX);
126392 + if (ret)
126393 + return ret;
126394 +
126395 + insert_acl_obj_label(o_tmp, subj);
126396 + if (!insert_name_entry(o_tmp->filename, o_tmp->inode,
126397 + o_tmp->device, (o_tmp->mode & GR_DELETED) ? 1 : 0))
126398 + return -ENOMEM;
126399 +
126400 + ret = copy_user_glob(o_tmp);
126401 + if (ret)
126402 + return ret;
126403 +
126404 + if (o_tmp->nested) {
126405 + int already_copied;
126406 +
126407 + o_tmp->nested = do_copy_user_subj(o_tmp->nested, role, &already_copied);
126408 + if (IS_ERR(o_tmp->nested))
126409 + return PTR_ERR(o_tmp->nested);
126410 +
126411 + /* insert into nested subject list if we haven't copied this one yet
126412 + to prevent duplicate entries */
126413 + if (!already_copied) {
126414 + o_tmp->nested->next = role->hash->first;
126415 + role->hash->first = o_tmp->nested;
126416 + }
126417 + }
126418 + }
126419 +
126420 + return 0;
126421 +}
126422 +
126423 +static __u32
126424 +count_user_subjs(struct acl_subject_label *userp)
126425 +{
126426 + struct acl_subject_label s_tmp;
126427 + __u32 num = 0;
126428 +
126429 + while (userp) {
126430 + if (copy_acl_subject_label(&s_tmp, userp))
126431 + break;
126432 +
126433 + userp = s_tmp.prev;
126434 + }
126435 +
126436 + return num;
126437 +}
126438 +
126439 +static int
126440 +copy_user_allowedips(struct acl_role_label *rolep)
126441 +{
126442 + struct role_allowed_ip *ruserip, *rtmp = NULL, *rlast;
126443 +
126444 + ruserip = rolep->allowed_ips;
126445 +
126446 + while (ruserip) {
126447 + rlast = rtmp;
126448 +
126449 + if ((rtmp = (struct role_allowed_ip *)
126450 + acl_alloc(sizeof (struct role_allowed_ip))) == NULL)
126451 + return -ENOMEM;
126452 +
126453 + if (copy_role_allowed_ip(rtmp, ruserip))
126454 + return -EFAULT;
126455 +
126456 + ruserip = rtmp->prev;
126457 +
126458 + if (!rlast) {
126459 + rtmp->prev = NULL;
126460 + rolep->allowed_ips = rtmp;
126461 + } else {
126462 + rlast->next = rtmp;
126463 + rtmp->prev = rlast;
126464 + }
126465 +
126466 + if (!ruserip)
126467 + rtmp->next = NULL;
126468 + }
126469 +
126470 + return 0;
126471 +}
126472 +
126473 +static int
126474 +copy_user_transitions(struct acl_role_label *rolep)
126475 +{
126476 + struct role_transition *rusertp, *rtmp = NULL, *rlast;
126477 + int error;
126478 +
126479 + rusertp = rolep->transitions;
126480 +
126481 + while (rusertp) {
126482 + rlast = rtmp;
126483 +
126484 + if ((rtmp = (struct role_transition *)
126485 + acl_alloc(sizeof (struct role_transition))) == NULL)
126486 + return -ENOMEM;
126487 +
126488 + if (copy_role_transition(rtmp, rusertp))
126489 + return -EFAULT;
126490 +
126491 + rusertp = rtmp->prev;
126492 +
126493 + error = alloc_and_copy_string(&rtmp->rolename, GR_SPROLE_LEN);
126494 + if (error)
126495 + return error;
126496 +
126497 + if (!rlast) {
126498 + rtmp->prev = NULL;
126499 + rolep->transitions = rtmp;
126500 + } else {
126501 + rlast->next = rtmp;
126502 + rtmp->prev = rlast;
126503 + }
126504 +
126505 + if (!rusertp)
126506 + rtmp->next = NULL;
126507 + }
126508 +
126509 + return 0;
126510 +}
126511 +
126512 +static __u32 count_user_objs(const struct acl_object_label __user *userp)
126513 +{
126514 + struct acl_object_label o_tmp;
126515 + __u32 num = 0;
126516 +
126517 + while (userp) {
126518 + if (copy_acl_object_label(&o_tmp, userp))
126519 + break;
126520 +
126521 + userp = o_tmp.prev;
126522 + num++;
126523 + }
126524 +
126525 + return num;
126526 +}
126527 +
126528 +static struct acl_subject_label *
126529 +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role, int *already_copied)
126530 +{
126531 + struct acl_subject_label *s_tmp = NULL, *s_tmp2;
126532 + __u32 num_objs;
126533 + struct acl_ip_label **i_tmp, *i_utmp2;
126534 + struct gr_hash_struct ghash;
126535 + struct subject_map *subjmap;
126536 + unsigned int i_num;
126537 + int err;
126538 +
126539 + if (already_copied != NULL)
126540 + *already_copied = 0;
126541 +
126542 + s_tmp = lookup_subject_map(userp);
126543 +
126544 + /* we've already copied this subject into the kernel, just return
126545 + the reference to it, and don't copy it over again
126546 + */
126547 + if (s_tmp) {
126548 + if (already_copied != NULL)
126549 + *already_copied = 1;
126550 + return(s_tmp);
126551 + }
126552 +
126553 + if ((s_tmp = (struct acl_subject_label *)
126554 + acl_alloc(sizeof (struct acl_subject_label))) == NULL)
126555 + return ERR_PTR(-ENOMEM);
126556 +
126557 + subjmap = (struct subject_map *)kmalloc(sizeof (struct subject_map), GFP_KERNEL);
126558 + if (subjmap == NULL)
126559 + return ERR_PTR(-ENOMEM);
126560 +
126561 + subjmap->user = userp;
126562 + subjmap->kernel = s_tmp;
126563 + insert_subj_map_entry(subjmap);
126564 +
126565 + if (copy_acl_subject_label(s_tmp, userp))
126566 + return ERR_PTR(-EFAULT);
126567 +
126568 + err = alloc_and_copy_string(&s_tmp->filename, PATH_MAX);
126569 + if (err)
126570 + return ERR_PTR(err);
126571 +
126572 + if (!strcmp(s_tmp->filename, "/"))
126573 + role->root_label = s_tmp;
126574 +
126575 + if (copy_gr_hash_struct(&ghash, s_tmp->hash))
126576 + return ERR_PTR(-EFAULT);
126577 +
126578 + /* copy user and group transition tables */
126579 +
126580 + if (s_tmp->user_trans_num) {
126581 + uid_t *uidlist;
126582 +
126583 + uidlist = (uid_t *)acl_alloc_num(s_tmp->user_trans_num, sizeof(uid_t));
126584 + if (uidlist == NULL)
126585 + return ERR_PTR(-ENOMEM);
126586 + if (copy_from_user(uidlist, s_tmp->user_transitions, s_tmp->user_trans_num * sizeof(uid_t)))
126587 + return ERR_PTR(-EFAULT);
126588 +
126589 + s_tmp->user_transitions = uidlist;
126590 + }
126591 +
126592 + if (s_tmp->group_trans_num) {
126593 + gid_t *gidlist;
126594 +
126595 + gidlist = (gid_t *)acl_alloc_num(s_tmp->group_trans_num, sizeof(gid_t));
126596 + if (gidlist == NULL)
126597 + return ERR_PTR(-ENOMEM);
126598 + if (copy_from_user(gidlist, s_tmp->group_transitions, s_tmp->group_trans_num * sizeof(gid_t)))
126599 + return ERR_PTR(-EFAULT);
126600 +
126601 + s_tmp->group_transitions = gidlist;
126602 + }
126603 +
126604 + /* set up object hash table */
126605 + num_objs = count_user_objs(ghash.first);
126606 +
126607 + s_tmp->obj_hash_size = num_objs;
126608 + s_tmp->obj_hash =
126609 + (struct acl_object_label **)
126610 + create_table(&(s_tmp->obj_hash_size), sizeof(void *));
126611 +
126612 + if (!s_tmp->obj_hash)
126613 + return ERR_PTR(-ENOMEM);
126614 +
126615 + memset(s_tmp->obj_hash, 0,
126616 + s_tmp->obj_hash_size *
126617 + sizeof (struct acl_object_label *));
126618 +
126619 + /* add in objects */
126620 + err = copy_user_objs(ghash.first, s_tmp, role);
126621 +
126622 + if (err)
126623 + return ERR_PTR(err);
126624 +
126625 + /* set pointer for parent subject */
126626 + if (s_tmp->parent_subject) {
126627 + s_tmp2 = do_copy_user_subj(s_tmp->parent_subject, role, NULL);
126628 +
126629 + if (IS_ERR(s_tmp2))
126630 + return s_tmp2;
126631 +
126632 + s_tmp->parent_subject = s_tmp2;
126633 + }
126634 +
126635 + /* add in ip acls */
126636 +
126637 + if (!s_tmp->ip_num) {
126638 + s_tmp->ips = NULL;
126639 + goto insert;
126640 + }
126641 +
126642 + i_tmp =
126643 + (struct acl_ip_label **) acl_alloc_num(s_tmp->ip_num,
126644 + sizeof (struct acl_ip_label *));
126645 +
126646 + if (!i_tmp)
126647 + return ERR_PTR(-ENOMEM);
126648 +
126649 + for (i_num = 0; i_num < s_tmp->ip_num; i_num++) {
126650 + *(i_tmp + i_num) =
126651 + (struct acl_ip_label *)
126652 + acl_alloc(sizeof (struct acl_ip_label));
126653 + if (!*(i_tmp + i_num))
126654 + return ERR_PTR(-ENOMEM);
126655 +
126656 + if (copy_pointer_from_array(&i_utmp2, i_num, s_tmp->ips))
126657 + return ERR_PTR(-EFAULT);
126658 +
126659 + if (copy_acl_ip_label(*(i_tmp + i_num), i_utmp2))
126660 + return ERR_PTR(-EFAULT);
126661 +
126662 + if ((*(i_tmp + i_num))->iface == NULL)
126663 + continue;
126664 +
126665 + err = alloc_and_copy_string(&(*(i_tmp + i_num))->iface, IFNAMSIZ);
126666 + if (err)
126667 + return ERR_PTR(err);
126668 + }
126669 +
126670 + s_tmp->ips = i_tmp;
126671 +
126672 +insert:
126673 + if (!insert_name_entry(s_tmp->filename, s_tmp->inode,
126674 + s_tmp->device, (s_tmp->mode & GR_DELETED) ? 1 : 0))
126675 + return ERR_PTR(-ENOMEM);
126676 +
126677 + return s_tmp;
126678 +}
126679 +
126680 +static int
126681 +copy_user_subjs(struct acl_subject_label *userp, struct acl_role_label *role)
126682 +{
126683 + struct acl_subject_label s_pre;
126684 + struct acl_subject_label * ret;
126685 + int err;
126686 +
126687 + while (userp) {
126688 + if (copy_acl_subject_label(&s_pre, userp))
126689 + return -EFAULT;
126690 +
126691 + ret = do_copy_user_subj(userp, role, NULL);
126692 +
126693 + err = PTR_ERR(ret);
126694 + if (IS_ERR(ret))
126695 + return err;
126696 +
126697 + insert_acl_subj_label(ret, role);
126698 +
126699 + userp = s_pre.prev;
126700 + }
126701 +
126702 + return 0;
126703 +}
126704 +
126705 +static int
126706 +copy_user_acl(struct gr_arg *arg)
126707 +{
126708 + struct acl_role_label *r_tmp = NULL, **r_utmp, *r_utmp2;
126709 + struct acl_subject_label *subj_list;
126710 + struct sprole_pw *sptmp;
126711 + struct gr_hash_struct *ghash;
126712 + uid_t *domainlist;
126713 + unsigned int r_num;
126714 + int err = 0;
126715 + __u16 i;
126716 + __u32 num_subjs;
126717 +
126718 + /* we need a default and kernel role */
126719 + if (arg->role_db.num_roles < 2)
126720 + return -EINVAL;
126721 +
126722 + /* copy special role authentication info from userspace */
126723 +
126724 + polstate->num_sprole_pws = arg->num_sprole_pws;
126725 + polstate->acl_special_roles = (struct sprole_pw **) acl_alloc_num(polstate->num_sprole_pws, sizeof(struct sprole_pw *));
126726 +
126727 + if (!polstate->acl_special_roles && polstate->num_sprole_pws)
126728 + return -ENOMEM;
126729 +
126730 + for (i = 0; i < polstate->num_sprole_pws; i++) {
126731 + sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw));
126732 + if (!sptmp)
126733 + return -ENOMEM;
126734 + if (copy_sprole_pw(sptmp, i, arg->sprole_pws))
126735 + return -EFAULT;
126736 +
126737 + err = alloc_and_copy_string((char **)&sptmp->rolename, GR_SPROLE_LEN);
126738 + if (err)
126739 + return err;
126740 +
126741 +#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
126742 + printk(KERN_ALERT "Copying special role %s\n", sptmp->rolename);
126743 +#endif
126744 +
126745 + polstate->acl_special_roles[i] = sptmp;
126746 + }
126747 +
126748 + r_utmp = (struct acl_role_label **) arg->role_db.r_table;
126749 +
126750 + for (r_num = 0; r_num < arg->role_db.num_roles; r_num++) {
126751 + r_tmp = acl_alloc(sizeof (struct acl_role_label));
126752 +
126753 + if (!r_tmp)
126754 + return -ENOMEM;
126755 +
126756 + if (copy_pointer_from_array(&r_utmp2, r_num, r_utmp))
126757 + return -EFAULT;
126758 +
126759 + if (copy_acl_role_label(r_tmp, r_utmp2))
126760 + return -EFAULT;
126761 +
126762 + err = alloc_and_copy_string(&r_tmp->rolename, GR_SPROLE_LEN);
126763 + if (err)
126764 + return err;
126765 +
126766 + if (!strcmp(r_tmp->rolename, "default")
126767 + && (r_tmp->roletype & GR_ROLE_DEFAULT)) {
126768 + polstate->default_role = r_tmp;
126769 + } else if (!strcmp(r_tmp->rolename, ":::kernel:::")) {
126770 + polstate->kernel_role = r_tmp;
126771 + }
126772 +
126773 + if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL)
126774 + return -ENOMEM;
126775 +
126776 + if (copy_gr_hash_struct(ghash, r_tmp->hash))
126777 + return -EFAULT;
126778 +
126779 + r_tmp->hash = ghash;
126780 +
126781 + num_subjs = count_user_subjs(r_tmp->hash->first);
126782 +
126783 + r_tmp->subj_hash_size = num_subjs;
126784 + r_tmp->subj_hash =
126785 + (struct acl_subject_label **)
126786 + create_table(&(r_tmp->subj_hash_size), sizeof(void *));
126787 +
126788 + if (!r_tmp->subj_hash)
126789 + return -ENOMEM;
126790 +
126791 + err = copy_user_allowedips(r_tmp);
126792 + if (err)
126793 + return err;
126794 +
126795 + /* copy domain info */
126796 + if (r_tmp->domain_children != NULL) {
126797 + domainlist = acl_alloc_num(r_tmp->domain_child_num, sizeof(uid_t));
126798 + if (domainlist == NULL)
126799 + return -ENOMEM;
126800 +
126801 + if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t)))
126802 + return -EFAULT;
126803 +
126804 + r_tmp->domain_children = domainlist;
126805 + }
126806 +
126807 + err = copy_user_transitions(r_tmp);
126808 + if (err)
126809 + return err;
126810 +
126811 + memset(r_tmp->subj_hash, 0,
126812 + r_tmp->subj_hash_size *
126813 + sizeof (struct acl_subject_label *));
126814 +
126815 + /* acquire the list of subjects, then NULL out
126816 + the list prior to parsing the subjects for this role,
126817 + as during this parsing the list is replaced with a list
126818 + of *nested* subjects for the role
126819 + */
126820 + subj_list = r_tmp->hash->first;
126821 +
126822 + /* set nested subject list to null */
126823 + r_tmp->hash->first = NULL;
126824 +
126825 + err = copy_user_subjs(subj_list, r_tmp);
126826 +
126827 + if (err)
126828 + return err;
126829 +
126830 + insert_acl_role_label(r_tmp);
126831 + }
126832 +
126833 + if (polstate->default_role == NULL || polstate->kernel_role == NULL)
126834 + return -EINVAL;
126835 +
126836 + return err;
126837 +}
126838 +
126839 +static int gracl_reload_apply_policies(void *reload)
126840 +{
126841 + struct gr_reload_state *reload_state = (struct gr_reload_state *)reload;
126842 + struct task_struct *task, *task2;
126843 + struct acl_role_label *role, *rtmp;
126844 + struct acl_subject_label *subj;
126845 + const struct cred *cred;
126846 + int role_applied;
126847 + int ret = 0;
126848 +
126849 + memcpy(&reload_state->oldpolicy, reload_state->oldpolicy_ptr, sizeof(struct gr_policy_state));
126850 + memcpy(&reload_state->oldalloc, reload_state->oldalloc_ptr, sizeof(struct gr_alloc_state));
126851 +
126852 + /* first make sure we'll be able to apply the new policy cleanly */
126853 + do_each_thread(task2, task) {
126854 + if (task->exec_file == NULL)
126855 + continue;
126856 + role_applied = 0;
126857 + if (!reload_state->oldmode && task->role->roletype & GR_ROLE_SPECIAL) {
126858 + /* preserve special roles */
126859 + FOR_EACH_ROLE_START(role)
126860 + if ((role->roletype & GR_ROLE_SPECIAL) && !strcmp(task->role->rolename, role->rolename)) {
126861 + rtmp = task->role;
126862 + task->role = role;
126863 + role_applied = 1;
126864 + break;
126865 + }
126866 + FOR_EACH_ROLE_END(role)
126867 + }
126868 + if (!role_applied) {
126869 + cred = __task_cred(task);
126870 + rtmp = task->role;
126871 + task->role = __lookup_acl_role_label(polstate, task, GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid));
126872 + }
126873 + /* this handles non-nested inherited subjects, nested subjects will still
126874 + be dropped currently */
126875 + subj = __gr_get_subject_for_task(polstate, task, task->acl->filename, 1);
126876 + task->tmpacl = __gr_get_subject_for_task(polstate, task, NULL, 1);
126877 + /* change the role back so that we've made no modifications to the policy */
126878 + task->role = rtmp;
126879 +
126880 + if (subj == NULL || task->tmpacl == NULL) {
126881 + ret = -EINVAL;
126882 + goto out;
126883 + }
126884 + } while_each_thread(task2, task);
126885 +
126886 + /* now actually apply the policy */
126887 +
126888 + do_each_thread(task2, task) {
126889 + if (task->exec_file) {
126890 + role_applied = 0;
126891 + if (!reload_state->oldmode && task->role->roletype & GR_ROLE_SPECIAL) {
126892 + /* preserve special roles */
126893 + FOR_EACH_ROLE_START(role)
126894 + if ((role->roletype & GR_ROLE_SPECIAL) && !strcmp(task->role->rolename, role->rolename)) {
126895 + task->role = role;
126896 + role_applied = 1;
126897 + break;
126898 + }
126899 + FOR_EACH_ROLE_END(role)
126900 + }
126901 + if (!role_applied) {
126902 + cred = __task_cred(task);
126903 + task->role = __lookup_acl_role_label(polstate, task, GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid));
126904 + }
126905 + /* this handles non-nested inherited subjects, nested subjects will still
126906 + be dropped currently */
126907 + if (!reload_state->oldmode && task->inherited)
126908 + subj = __gr_get_subject_for_task(polstate, task, task->acl->filename, 1);
126909 + else {
126910 + /* looked up and tagged to the task previously */
126911 + subj = task->tmpacl;
126912 + }
126913 + /* subj will be non-null */
126914 + __gr_apply_subject_to_task(polstate, task, subj);
126915 + if (reload_state->oldmode) {
126916 + task->acl_role_id = 0;
126917 + task->acl_sp_role = 0;
126918 + task->inherited = 0;
126919 + }
126920 + } else {
126921 + // it's a kernel process
126922 + task->role = polstate->kernel_role;
126923 + task->acl = polstate->kernel_role->root_label;
126924 +#ifdef CONFIG_GRKERNSEC_ACL_HIDEKERN
126925 + task->acl->mode &= ~GR_PROCFIND;
126926 +#endif
126927 + }
126928 + } while_each_thread(task2, task);
126929 +
126930 + memcpy(reload_state->oldpolicy_ptr, &reload_state->newpolicy, sizeof(struct gr_policy_state));
126931 + memcpy(reload_state->oldalloc_ptr, &reload_state->newalloc, sizeof(struct gr_alloc_state));
126932 +
126933 +out:
126934 +
126935 + return ret;
126936 +}
126937 +
126938 +static int gracl_reload(struct gr_arg *args, unsigned char oldmode)
126939 +{
126940 + struct gr_reload_state new_reload_state = { };
126941 + int err;
126942 +
126943 + new_reload_state.oldpolicy_ptr = polstate;
126944 + new_reload_state.oldalloc_ptr = current_alloc_state;
126945 + new_reload_state.oldmode = oldmode;
126946 +
126947 + current_alloc_state = &new_reload_state.newalloc;
126948 + polstate = &new_reload_state.newpolicy;
126949 +
126950 + /* everything relevant is now saved off, copy in the new policy */
126951 + if (init_variables(args, true)) {
126952 + gr_log_str(GR_DONT_AUDIT_GOOD, GR_INITF_ACL_MSG, GR_VERSION);
126953 + err = -ENOMEM;
126954 + goto error;
126955 + }
126956 +
126957 + err = copy_user_acl(args);
126958 + free_init_variables();
126959 + if (err)
126960 + goto error;
126961 + /* the new policy is copied in, with the old policy available via saved_state
126962 + first go through applying roles, making sure to preserve special roles
126963 + then apply new subjects, making sure to preserve inherited and nested subjects,
126964 + though currently only inherited subjects will be preserved
126965 + */
126966 + err = stop_machine(gracl_reload_apply_policies, &new_reload_state, NULL);
126967 + if (err)
126968 + goto error;
126969 +
126970 + /* we've now applied the new policy, so restore the old policy state to free it */
126971 + polstate = &new_reload_state.oldpolicy;
126972 + current_alloc_state = &new_reload_state.oldalloc;
126973 + free_variables(true);
126974 +
126975 + /* oldpolicy/oldalloc_ptr point to the new policy/alloc states as they were copied
126976 + to running_polstate/current_alloc_state inside stop_machine
126977 + */
126978 + err = 0;
126979 + goto out;
126980 +error:
126981 + /* on error of loading the new policy, we'll just keep the previous
126982 + policy set around
126983 + */
126984 + free_variables(true);
126985 +
126986 + /* doesn't affect runtime, but maintains consistent state */
126987 +out:
126988 + polstate = new_reload_state.oldpolicy_ptr;
126989 + current_alloc_state = new_reload_state.oldalloc_ptr;
126990 +
126991 + return err;
126992 +}
126993 +
126994 +static int
126995 +gracl_init(struct gr_arg *args)
126996 +{
126997 + int error = 0;
126998 +
126999 + memcpy(gr_system_salt, args->salt, GR_SALT_LEN);
127000 + memcpy(gr_system_sum, args->sum, GR_SHA_LEN);
127001 +
127002 + if (init_variables(args, false)) {
127003 + gr_log_str(GR_DONT_AUDIT_GOOD, GR_INITF_ACL_MSG, GR_VERSION);
127004 + error = -ENOMEM;
127005 + goto out;
127006 + }
127007 +
127008 + error = copy_user_acl(args);
127009 + free_init_variables();
127010 + if (error)
127011 + goto out;
127012 +
127013 + error = gr_set_acls(0);
127014 + if (error)
127015 + goto out;
127016 +
127017 + gr_enable_rbac_system();
127018 +
127019 + return 0;
127020 +
127021 +out:
127022 + free_variables(false);
127023 + return error;
127024 +}
127025 +
127026 +static int
127027 +lookup_special_role_auth(__u16 mode, const char *rolename, unsigned char **salt,
127028 + unsigned char **sum)
127029 +{
127030 + struct acl_role_label *r;
127031 + struct role_allowed_ip *ipp;
127032 + struct role_transition *trans;
127033 + unsigned int i;
127034 + int found = 0;
127035 + u32 curr_ip = current->signal->curr_ip;
127036 +
127037 + current->signal->saved_ip = curr_ip;
127038 +
127039 + /* check transition table */
127040 +
127041 + for (trans = current->role->transitions; trans; trans = trans->next) {
127042 + if (!strcmp(rolename, trans->rolename)) {
127043 + found = 1;
127044 + break;
127045 + }
127046 + }
127047 +
127048 + if (!found)
127049 + return 0;
127050 +
127051 + /* handle special roles that do not require authentication
127052 + and check ip */
127053 +
127054 + FOR_EACH_ROLE_START(r)
127055 + if (!strcmp(rolename, r->rolename) &&
127056 + (r->roletype & GR_ROLE_SPECIAL)) {
127057 + found = 0;
127058 + if (r->allowed_ips != NULL) {
127059 + for (ipp = r->allowed_ips; ipp; ipp = ipp->next) {
127060 + if ((ntohl(curr_ip) & ipp->netmask) ==
127061 + (ntohl(ipp->addr) & ipp->netmask))
127062 + found = 1;
127063 + }
127064 + } else
127065 + found = 2;
127066 + if (!found)
127067 + return 0;
127068 +
127069 + if (((mode == GR_SPROLE) && (r->roletype & GR_ROLE_NOPW)) ||
127070 + ((mode == GR_SPROLEPAM) && (r->roletype & GR_ROLE_PAM))) {
127071 + *salt = NULL;
127072 + *sum = NULL;
127073 + return 1;
127074 + }
127075 + }
127076 + FOR_EACH_ROLE_END(r)
127077 +
127078 + for (i = 0; i < polstate->num_sprole_pws; i++) {
127079 + if (!strcmp(rolename, (const char *)polstate->acl_special_roles[i]->rolename)) {
127080 + *salt = polstate->acl_special_roles[i]->salt;
127081 + *sum = polstate->acl_special_roles[i]->sum;
127082 + return 1;
127083 + }
127084 + }
127085 +
127086 + return 0;
127087 +}
127088 +
127089 +int gr_check_secure_terminal(struct task_struct *task)
127090 +{
127091 + struct task_struct *p, *p2, *p3;
127092 + struct files_struct *files;
127093 + struct fdtable *fdt;
127094 + struct file *our_file = NULL, *file;
127095 + struct inode *our_inode = NULL;
127096 + int i;
127097 +
127098 + if (task->signal->tty == NULL)
127099 + return 1;
127100 +
127101 + files = get_files_struct(task);
127102 + if (files != NULL) {
127103 + rcu_read_lock();
127104 + fdt = files_fdtable(files);
127105 + for (i=0; i < fdt->max_fds; i++) {
127106 + file = fcheck_files(files, i);
127107 + if (file && (our_file == NULL) && (file->private_data == task->signal->tty)) {
127108 + get_file(file);
127109 + our_file = file;
127110 + }
127111 + }
127112 + rcu_read_unlock();
127113 + put_files_struct(files);
127114 + }
127115 +
127116 + if (our_file == NULL)
127117 + return 1;
127118 +
127119 + our_inode = d_backing_inode(our_file->f_path.dentry);
127120 +
127121 + read_lock(&tasklist_lock);
127122 + do_each_thread(p2, p) {
127123 + files = get_files_struct(p);
127124 + if (files == NULL ||
127125 + (p->signal && p->signal->tty == task->signal->tty)) {
127126 + if (files != NULL)
127127 + put_files_struct(files);
127128 + continue;
127129 + }
127130 + rcu_read_lock();
127131 + fdt = files_fdtable(files);
127132 + for (i=0; i < fdt->max_fds; i++) {
127133 + struct inode *inode = NULL;
127134 + file = fcheck_files(files, i);
127135 + if (file)
127136 + inode = d_backing_inode(file->f_path.dentry);
127137 + if (inode && S_ISCHR(inode->i_mode) && inode->i_rdev == our_inode->i_rdev) {
127138 + p3 = task;
127139 + while (task_pid_nr(p3) > 0) {
127140 + if (p3 == p)
127141 + break;
127142 + p3 = p3->real_parent;
127143 + }
127144 + if (p3 == p)
127145 + break;
127146 + gr_log_ttysniff(GR_DONT_AUDIT_GOOD, GR_TTYSNIFF_ACL_MSG, p);
127147 + gr_handle_alertkill(p);
127148 + rcu_read_unlock();
127149 + put_files_struct(files);
127150 + read_unlock(&tasklist_lock);
127151 + fput(our_file);
127152 + return 0;
127153 + }
127154 + }
127155 + rcu_read_unlock();
127156 + put_files_struct(files);
127157 + } while_each_thread(p2, p);
127158 + read_unlock(&tasklist_lock);
127159 +
127160 + fput(our_file);
127161 + return 1;
127162 +}
127163 +
127164 +ssize_t
127165 +write_grsec_handler(struct file *file, const char __user * buf, size_t count, loff_t *ppos)
127166 +{
127167 + struct gr_arg_wrapper uwrap;
127168 + unsigned char *sprole_salt = NULL;
127169 + unsigned char *sprole_sum = NULL;
127170 + int error = 0;
127171 + int error2 = 0;
127172 + size_t req_count = 0;
127173 + unsigned char oldmode = 0;
127174 +
127175 + mutex_lock(&gr_dev_mutex);
127176 +
127177 + if (gr_acl_is_enabled() && !(current->acl->mode & GR_KERNELAUTH)) {
127178 + error = -EPERM;
127179 + goto out;
127180 + }
127181 +
127182 +#ifdef CONFIG_COMPAT
127183 + pax_open_kernel();
127184 + if (in_compat_syscall()) {
127185 + copy_gr_arg_wrapper = &copy_gr_arg_wrapper_compat;
127186 + copy_gr_arg = &copy_gr_arg_compat;
127187 + copy_acl_object_label = &copy_acl_object_label_compat;
127188 + copy_acl_subject_label = &copy_acl_subject_label_compat;
127189 + copy_acl_role_label = &copy_acl_role_label_compat;
127190 + copy_acl_ip_label = &copy_acl_ip_label_compat;
127191 + copy_role_allowed_ip = &copy_role_allowed_ip_compat;
127192 + copy_role_transition = &copy_role_transition_compat;
127193 + copy_sprole_pw = &copy_sprole_pw_compat;
127194 + copy_gr_hash_struct = &copy_gr_hash_struct_compat;
127195 + copy_pointer_from_array = &copy_pointer_from_array_compat;
127196 + get_gr_arg_wrapper_size = &get_gr_arg_wrapper_size_compat;
127197 + } else {
127198 + copy_gr_arg_wrapper = &copy_gr_arg_wrapper_normal;
127199 + copy_gr_arg = &copy_gr_arg_normal;
127200 + copy_acl_object_label = &copy_acl_object_label_normal;
127201 + copy_acl_subject_label = &copy_acl_subject_label_normal;
127202 + copy_acl_role_label = &copy_acl_role_label_normal;
127203 + copy_acl_ip_label = &copy_acl_ip_label_normal;
127204 + copy_role_allowed_ip = &copy_role_allowed_ip_normal;
127205 + copy_role_transition = &copy_role_transition_normal;
127206 + copy_sprole_pw = &copy_sprole_pw_normal;
127207 + copy_gr_hash_struct = &copy_gr_hash_struct_normal;
127208 + copy_pointer_from_array = &copy_pointer_from_array_normal;
127209 + get_gr_arg_wrapper_size = &get_gr_arg_wrapper_size_normal;
127210 + }
127211 + pax_close_kernel();
127212 +#endif
127213 +
127214 + req_count = get_gr_arg_wrapper_size();
127215 +
127216 + if (count != req_count) {
127217 + gr_log_int_int(GR_DONT_AUDIT_GOOD, GR_DEV_ACL_MSG, (int)count, (int)req_count);
127218 + error = -EINVAL;
127219 + goto out;
127220 + }
127221 +
127222 +
127223 + if (gr_auth_expires && time_after_eq(get_seconds(), gr_auth_expires)) {
127224 + gr_auth_expires = 0;
127225 + gr_auth_attempts = 0;
127226 + }
127227 +
127228 + error = copy_gr_arg_wrapper(buf, &uwrap);
127229 + if (error)
127230 + goto out;
127231 +
127232 + error = copy_gr_arg(uwrap.arg, gr_usermode);
127233 + if (error)
127234 + goto out;
127235 +
127236 + if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_SPROLEPAM &&
127237 + gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
127238 + time_after(gr_auth_expires, get_seconds())) {
127239 + error = -EBUSY;
127240 + goto out;
127241 + }
127242 +
127243 + /* if non-root trying to do anything other than use a special role,
127244 + do not attempt authentication, do not count towards authentication
127245 + locking
127246 + */
127247 +
127248 + if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_STATUS &&
127249 + gr_usermode->mode != GR_UNSPROLE && gr_usermode->mode != GR_SPROLEPAM &&
127250 + gr_is_global_nonroot(current_uid())) {
127251 + error = -EPERM;
127252 + goto out;
127253 + }
127254 +
127255 + /* ensure pw and special role name are null terminated */
127256 +
127257 + gr_usermode->pw[GR_PW_LEN - 1] = '\0';
127258 + gr_usermode->sp_role[GR_SPROLE_LEN - 1] = '\0';
127259 +
127260 + /* Okay.
127261 + * We have our enough of the argument structure..(we have yet
127262 + * to copy_from_user the tables themselves) . Copy the tables
127263 + * only if we need them, i.e. for loading operations. */
127264 +
127265 + switch (gr_usermode->mode) {
127266 + case GR_STATUS:
127267 + if (gr_acl_is_enabled()) {
127268 + error = 1;
127269 + if (!gr_check_secure_terminal(current))
127270 + error = 3;
127271 + } else
127272 + error = 2;
127273 + goto out;
127274 + case GR_SHUTDOWN:
127275 + if (gr_acl_is_enabled() && !(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
127276 + stop_machine(gr_rbac_disable, NULL, NULL);
127277 + free_variables(false);
127278 + memset(gr_usermode, 0, sizeof(struct gr_arg));
127279 + memset(gr_system_salt, 0, GR_SALT_LEN);
127280 + memset(gr_system_sum, 0, GR_SHA_LEN);
127281 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTS_ACL_MSG);
127282 + } else if (gr_acl_is_enabled()) {
127283 + gr_log_noargs(GR_DONT_AUDIT, GR_SHUTF_ACL_MSG);
127284 + error = -EPERM;
127285 + } else {
127286 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTI_ACL_MSG);
127287 + error = -EAGAIN;
127288 + }
127289 + break;
127290 + case GR_ENABLE:
127291 + if (!gr_acl_is_enabled() && !(error2 = gracl_init(gr_usermode)))
127292 + gr_log_str(GR_DONT_AUDIT_GOOD, GR_ENABLE_ACL_MSG, GR_VERSION);
127293 + else {
127294 + if (gr_acl_is_enabled())
127295 + error = -EAGAIN;
127296 + else
127297 + error = error2;
127298 + gr_log_str(GR_DONT_AUDIT, GR_ENABLEF_ACL_MSG, GR_VERSION);
127299 + }
127300 + break;
127301 + case GR_OLDRELOAD:
127302 + oldmode = 1;
127303 + case GR_RELOAD:
127304 + if (!gr_acl_is_enabled()) {
127305 + gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOADI_ACL_MSG, GR_VERSION);
127306 + error = -EAGAIN;
127307 + } else if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
127308 + error2 = gracl_reload(gr_usermode, oldmode);
127309 + if (!error2)
127310 + gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOAD_ACL_MSG, GR_VERSION);
127311 + else {
127312 + gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
127313 + error = error2;
127314 + }
127315 + } else {
127316 + gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
127317 + error = -EPERM;
127318 + }
127319 + break;
127320 + case GR_SEGVMOD:
127321 + if (unlikely(!gr_acl_is_enabled())) {
127322 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODI_ACL_MSG);
127323 + error = -EAGAIN;
127324 + break;
127325 + }
127326 +
127327 + if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
127328 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODS_ACL_MSG);
127329 + if (gr_usermode->segv_device && gr_usermode->segv_inode) {
127330 + struct acl_subject_label *segvacl;
127331 + segvacl =
127332 + lookup_acl_subj_label(gr_usermode->segv_inode,
127333 + gr_usermode->segv_device,
127334 + current->role);
127335 + if (segvacl) {
127336 + segvacl->crashes = 0;
127337 + segvacl->expires = 0;
127338 + }
127339 + } else
127340 + gr_find_and_remove_uid(gr_usermode->segv_uid);
127341 + } else {
127342 + gr_log_noargs(GR_DONT_AUDIT, GR_SEGVMODF_ACL_MSG);
127343 + error = -EPERM;
127344 + }
127345 + break;
127346 + case GR_SPROLE:
127347 + case GR_SPROLEPAM:
127348 + if (unlikely(!gr_acl_is_enabled())) {
127349 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SPROLEI_ACL_MSG);
127350 + error = -EAGAIN;
127351 + break;
127352 + }
127353 +
127354 + if (current->role->expires && time_after_eq(get_seconds(), current->role->expires)) {
127355 + current->role->expires = 0;
127356 + current->role->auth_attempts = 0;
127357 + }
127358 +
127359 + if (current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
127360 + time_after(current->role->expires, get_seconds())) {
127361 + error = -EBUSY;
127362 + goto out;
127363 + }
127364 +
127365 + if (lookup_special_role_auth
127366 + (gr_usermode->mode, (const char *)gr_usermode->sp_role, &sprole_salt, &sprole_sum)
127367 + && ((!sprole_salt && !sprole_sum)
127368 + || !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) {
127369 + char *p = "";
127370 + assign_special_role((const char *)gr_usermode->sp_role);
127371 + read_lock(&tasklist_lock);
127372 + if (current->real_parent)
127373 + p = current->real_parent->role->rolename;
127374 + read_unlock(&tasklist_lock);
127375 + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLES_ACL_MSG,
127376 + p, acl_sp_role_value);
127377 + } else {
127378 + gr_log_str(GR_DONT_AUDIT, GR_SPROLEF_ACL_MSG, gr_usermode->sp_role);
127379 + error = -EPERM;
127380 + if(!(current->role->auth_attempts++))
127381 + current->role->expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
127382 +
127383 + goto out;
127384 + }
127385 + break;
127386 + case GR_UNSPROLE:
127387 + if (unlikely(!gr_acl_is_enabled())) {
127388 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_UNSPROLEI_ACL_MSG);
127389 + error = -EAGAIN;
127390 + break;
127391 + }
127392 +
127393 + if (current->role->roletype & GR_ROLE_SPECIAL) {
127394 + char *p = "";
127395 + int i = 0;
127396 +
127397 + read_lock(&tasklist_lock);
127398 + if (current->real_parent) {
127399 + p = current->real_parent->role->rolename;
127400 + i = current->real_parent->acl_role_id;
127401 + }
127402 + read_unlock(&tasklist_lock);
127403 +
127404 + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_UNSPROLES_ACL_MSG, p, i);
127405 + gr_set_acls(1);
127406 + } else {
127407 + error = -EPERM;
127408 + goto out;
127409 + }
127410 + break;
127411 + default:
127412 + gr_log_int(GR_DONT_AUDIT, GR_INVMODE_ACL_MSG, gr_usermode->mode);
127413 + error = -EINVAL;
127414 + break;
127415 + }
127416 +
127417 + if (error != -EPERM)
127418 + goto out;
127419 +
127420 + if(!(gr_auth_attempts++))
127421 + gr_auth_expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
127422 +
127423 + out:
127424 + mutex_unlock(&gr_dev_mutex);
127425 +
127426 + if (!error)
127427 + error = req_count;
127428 +
127429 + return error;
127430 +}
127431 +
127432 +int
127433 +gr_set_acls(const int type)
127434 +{
127435 + struct task_struct *task, *task2;
127436 + struct acl_role_label *role = current->role;
127437 + struct acl_subject_label *subj;
127438 + __u16 acl_role_id = current->acl_role_id;
127439 + const struct cred *cred;
127440 + int ret;
127441 +
127442 + rcu_read_lock();
127443 + read_lock(&tasklist_lock);
127444 + read_lock(&grsec_exec_file_lock);
127445 + do_each_thread(task2, task) {
127446 + /* check to see if we're called from the exit handler,
127447 + if so, only replace ACLs that have inherited the admin
127448 + ACL */
127449 +
127450 + if (type && (task->role != role ||
127451 + task->acl_role_id != acl_role_id))
127452 + continue;
127453 +
127454 + task->acl_role_id = 0;
127455 + task->acl_sp_role = 0;
127456 + task->inherited = 0;
127457 +
127458 + if (task->exec_file) {
127459 + cred = __task_cred(task);
127460 + task->role = __lookup_acl_role_label(polstate, task, GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid));
127461 + subj = __gr_get_subject_for_task(polstate, task, NULL, 1);
127462 + if (subj == NULL) {
127463 + ret = -EINVAL;
127464 + read_unlock(&grsec_exec_file_lock);
127465 + read_unlock(&tasklist_lock);
127466 + rcu_read_unlock();
127467 + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_DEFACL_MSG, task->comm, task_pid_nr(task));
127468 + return ret;
127469 + }
127470 + __gr_apply_subject_to_task(polstate, task, subj);
127471 + } else {
127472 + // it's a kernel process
127473 + task->role = polstate->kernel_role;
127474 + task->acl = polstate->kernel_role->root_label;
127475 +#ifdef CONFIG_GRKERNSEC_ACL_HIDEKERN
127476 + task->acl->mode &= ~GR_PROCFIND;
127477 +#endif
127478 + }
127479 + } while_each_thread(task2, task);
127480 + read_unlock(&grsec_exec_file_lock);
127481 + read_unlock(&tasklist_lock);
127482 + rcu_read_unlock();
127483 +
127484 + return 0;
127485 +}
127486 diff --git a/grsecurity/gracl_res.c b/grsecurity/gracl_res.c
127487 new file mode 100644
127488 index 0000000..dfba8fd
127489 --- /dev/null
127490 +++ b/grsecurity/gracl_res.c
127491 @@ -0,0 +1,74 @@
127492 +#include <linux/kernel.h>
127493 +#include <linux/sched.h>
127494 +#include <linux/gracl.h>
127495 +#include <linux/grinternal.h>
127496 +
127497 +static const char *restab_log[] = {
127498 + [RLIMIT_CPU] = "RLIMIT_CPU",
127499 + [RLIMIT_FSIZE] = "RLIMIT_FSIZE",
127500 + [RLIMIT_DATA] = "RLIMIT_DATA",
127501 + [RLIMIT_STACK] = "RLIMIT_STACK",
127502 + [RLIMIT_CORE] = "RLIMIT_CORE",
127503 + [RLIMIT_RSS] = "RLIMIT_RSS",
127504 + [RLIMIT_NPROC] = "RLIMIT_NPROC",
127505 + [RLIMIT_NOFILE] = "RLIMIT_NOFILE",
127506 + [RLIMIT_MEMLOCK] = "RLIMIT_MEMLOCK",
127507 + [RLIMIT_AS] = "RLIMIT_AS",
127508 + [RLIMIT_LOCKS] = "RLIMIT_LOCKS",
127509 + [RLIMIT_SIGPENDING] = "RLIMIT_SIGPENDING",
127510 + [RLIMIT_MSGQUEUE] = "RLIMIT_MSGQUEUE",
127511 + [RLIMIT_NICE] = "RLIMIT_NICE",
127512 + [RLIMIT_RTPRIO] = "RLIMIT_RTPRIO",
127513 + [RLIMIT_RTTIME] = "RLIMIT_RTTIME",
127514 + [GR_CRASH_RES] = "RLIMIT_CRASH"
127515 +};
127516 +
127517 +void
127518 +gr_log_resource(const struct task_struct *task,
127519 + const int res, const unsigned long wanted, const int gt)
127520 +{
127521 + const struct cred *cred;
127522 + unsigned long rlim;
127523 +
127524 + if (!gr_acl_is_enabled() && !grsec_resource_logging)
127525 + return;
127526 +
127527 + // not yet supported resource
127528 + if (unlikely(!restab_log[res]))
127529 + return;
127530 +
127531 + /*
127532 + * not really security relevant, too much userland code shared
127533 + * from pulseaudio that blindly attempts to violate limits in a loop,
127534 + * resulting in log spam
127535 + */
127536 + if (res == RLIMIT_NICE)
127537 + return;
127538 +
127539 + if (res == RLIMIT_CPU || res == RLIMIT_RTTIME)
127540 + rlim = task_rlimit_max(task, res);
127541 + else
127542 + rlim = task_rlimit(task, res);
127543 +
127544 + if (likely((rlim == RLIM_INFINITY) || (gt && wanted <= rlim) || (!gt && wanted < rlim)))
127545 + return;
127546 +
127547 + rcu_read_lock();
127548 + cred = __task_cred(task);
127549 +
127550 + if (res == RLIMIT_NPROC &&
127551 + (cap_raised(cred->cap_effective, CAP_SYS_ADMIN) ||
127552 + cap_raised(cred->cap_effective, CAP_SYS_RESOURCE)))
127553 + goto out_rcu_unlock;
127554 + else if (res == RLIMIT_MEMLOCK &&
127555 + cap_raised(cred->cap_effective, CAP_IPC_LOCK))
127556 + goto out_rcu_unlock;
127557 + rcu_read_unlock();
127558 +
127559 + gr_log_res_ulong2_str(GR_DONT_AUDIT, GR_RESOURCE_MSG, task, wanted, restab_log[res], rlim);
127560 +
127561 + return;
127562 +out_rcu_unlock:
127563 + rcu_read_unlock();
127564 + return;
127565 +}
127566 diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c
127567 new file mode 100644
127568 index 0000000..02c5a2b
127569 --- /dev/null
127570 +++ b/grsecurity/gracl_segv.c
127571 @@ -0,0 +1,306 @@
127572 +#include <linux/kernel.h>
127573 +#include <linux/mm.h>
127574 +#include <asm/uaccess.h>
127575 +#include <asm/errno.h>
127576 +#include <asm/mman.h>
127577 +#include <net/sock.h>
127578 +#include <linux/file.h>
127579 +#include <linux/fs.h>
127580 +#include <linux/net.h>
127581 +#include <linux/in.h>
127582 +#include <linux/slab.h>
127583 +#include <linux/types.h>
127584 +#include <linux/sched.h>
127585 +#include <linux/timer.h>
127586 +#include <linux/gracl.h>
127587 +#include <linux/grsecurity.h>
127588 +#include <linux/grinternal.h>
127589 +#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
127590 +#include <linux/magic.h>
127591 +#include <linux/pagemap.h>
127592 +#include "../fs/btrfs/async-thread.h"
127593 +#include "../fs/btrfs/ctree.h"
127594 +#include "../fs/btrfs/btrfs_inode.h"
127595 +#endif
127596 +
127597 +static struct crash_uid *uid_set;
127598 +static unsigned short uid_used;
127599 +static DEFINE_SPINLOCK(gr_uid_lock);
127600 +extern rwlock_t gr_inode_lock;
127601 +extern struct acl_subject_label *
127602 + lookup_acl_subj_label(const u64 inode, const dev_t dev,
127603 + const struct acl_role_label *role);
127604 +
127605 +int
127606 +gr_init_uidset(void)
127607 +{
127608 + uid_set =
127609 + kmalloc(GR_UIDTABLE_MAX * sizeof (struct crash_uid), GFP_KERNEL);
127610 + uid_used = 0;
127611 +
127612 + return uid_set ? 1 : 0;
127613 +}
127614 +
127615 +void
127616 +gr_free_uidset(void)
127617 +{
127618 + if (uid_set) {
127619 + struct crash_uid *tmpset;
127620 + spin_lock(&gr_uid_lock);
127621 + tmpset = uid_set;
127622 + uid_set = NULL;
127623 + uid_used = 0;
127624 + spin_unlock(&gr_uid_lock);
127625 + if (tmpset)
127626 + kfree(tmpset);
127627 + }
127628 +
127629 + return;
127630 +}
127631 +
127632 +int
127633 +gr_find_uid(const uid_t uid)
127634 +{
127635 + struct crash_uid *tmp = uid_set;
127636 + uid_t buid;
127637 + int low = 0, high = uid_used - 1, mid;
127638 +
127639 + while (high >= low) {
127640 + mid = (low + high) >> 1;
127641 + buid = tmp[mid].uid;
127642 + if (buid == uid)
127643 + return mid;
127644 + if (buid > uid)
127645 + high = mid - 1;
127646 + if (buid < uid)
127647 + low = mid + 1;
127648 + }
127649 +
127650 + return -1;
127651 +}
127652 +
127653 +static void
127654 +gr_insertsort(void)
127655 +{
127656 + unsigned short i, j;
127657 + struct crash_uid index;
127658 +
127659 + for (i = 1; i < uid_used; i++) {
127660 + index = uid_set[i];
127661 + j = i;
127662 + while ((j > 0) && uid_set[j - 1].uid > index.uid) {
127663 + uid_set[j] = uid_set[j - 1];
127664 + j--;
127665 + }
127666 + uid_set[j] = index;
127667 + }
127668 +
127669 + return;
127670 +}
127671 +
127672 +static void
127673 +gr_insert_uid(const kuid_t kuid, const unsigned long expires)
127674 +{
127675 + int loc;
127676 + uid_t uid = GR_GLOBAL_UID(kuid);
127677 +
127678 + if (uid_used == GR_UIDTABLE_MAX)
127679 + return;
127680 +
127681 + loc = gr_find_uid(uid);
127682 +
127683 + if (loc >= 0) {
127684 + uid_set[loc].expires = expires;
127685 + return;
127686 + }
127687 +
127688 + uid_set[uid_used].uid = uid;
127689 + uid_set[uid_used].expires = expires;
127690 + uid_used++;
127691 +
127692 + gr_insertsort();
127693 +
127694 + return;
127695 +}
127696 +
127697 +void
127698 +gr_remove_uid(const unsigned short loc)
127699 +{
127700 + unsigned short i;
127701 +
127702 + for (i = loc + 1; i < uid_used; i++)
127703 + uid_set[i - 1] = uid_set[i];
127704 +
127705 + uid_used--;
127706 +
127707 + return;
127708 +}
127709 +
127710 +int gr_find_and_remove_uid(uid_t uid)
127711 +{
127712 + int loc;
127713 +
127714 + spin_lock(&gr_uid_lock);
127715 + loc = gr_find_uid(uid);
127716 + if (loc >= 0)
127717 + gr_remove_uid(loc);
127718 + spin_unlock(&gr_uid_lock);
127719 +
127720 + return loc >= 0 ? 1 : 0;
127721 +}
127722 +
127723 +int
127724 +gr_check_crash_uid(const kuid_t kuid)
127725 +{
127726 + int loc;
127727 + int ret = 0;
127728 + uid_t uid;
127729 +
127730 + if (unlikely(!gr_acl_is_enabled()))
127731 + return 0;
127732 +
127733 + uid = GR_GLOBAL_UID(kuid);
127734 +
127735 + spin_lock(&gr_uid_lock);
127736 + loc = gr_find_uid(uid);
127737 +
127738 + if (loc < 0)
127739 + goto out_unlock;
127740 +
127741 + if (time_before_eq(uid_set[loc].expires, get_seconds()))
127742 + gr_remove_uid(loc);
127743 + else
127744 + ret = 1;
127745 +
127746 +out_unlock:
127747 + spin_unlock(&gr_uid_lock);
127748 + return ret;
127749 +}
127750 +
127751 +extern int gr_fake_force_sig(int sig, struct task_struct *t);
127752 +
127753 +void
127754 +gr_handle_crash(struct task_struct *task, const int sig)
127755 +{
127756 + struct acl_subject_label *curr;
127757 + struct task_struct *tsk, *tsk2;
127758 + const struct cred *cred;
127759 + const struct cred *cred2;
127760 +
127761 + if (sig != SIGSEGV && sig != SIGKILL && sig != SIGBUS && sig != SIGILL)
127762 + return;
127763 +
127764 + if (unlikely(!gr_acl_is_enabled()))
127765 + return;
127766 +
127767 + curr = task->acl;
127768 +
127769 + if (!(curr->resmask & (1U << GR_CRASH_RES)))
127770 + return;
127771 +
127772 + if (time_before_eq(curr->expires, get_seconds())) {
127773 + curr->expires = 0;
127774 + curr->crashes = 0;
127775 + }
127776 +
127777 + curr->crashes++;
127778 +
127779 + if (!curr->expires)
127780 + curr->expires = get_seconds() + curr->res[GR_CRASH_RES].rlim_max;
127781 +
127782 + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
127783 + time_after(curr->expires, get_seconds())) {
127784 + int is_priv = is_privileged_binary(task->mm->exe_file->f_path.dentry);
127785 +
127786 + rcu_read_lock();
127787 + cred = __task_cred(task);
127788 + if (gr_is_global_nonroot(cred->uid) && is_priv) {
127789 + gr_log_crash1(GR_DONT_AUDIT, GR_SEGVSTART_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
127790 + spin_lock(&gr_uid_lock);
127791 + gr_insert_uid(cred->uid, curr->expires);
127792 + spin_unlock(&gr_uid_lock);
127793 + curr->expires = 0;
127794 + curr->crashes = 0;
127795 + read_lock(&tasklist_lock);
127796 + do_each_thread(tsk2, tsk) {
127797 + cred2 = __task_cred(tsk);
127798 + if (tsk != task && uid_eq(cred2->uid, cred->uid))
127799 + gr_fake_force_sig(SIGKILL, tsk);
127800 + } while_each_thread(tsk2, tsk);
127801 + read_unlock(&tasklist_lock);
127802 + } else {
127803 + gr_log_crash2(GR_DONT_AUDIT, GR_SEGVNOSUID_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
127804 + read_lock(&tasklist_lock);
127805 + read_lock(&grsec_exec_file_lock);
127806 + do_each_thread(tsk2, tsk) {
127807 + if (likely(tsk != task)) {
127808 + // if this thread has the same subject as the one that triggered
127809 + // RES_CRASH and it's the same binary, kill it
127810 + if (tsk->acl == task->acl && gr_is_same_file(tsk->exec_file, task->exec_file))
127811 + gr_fake_force_sig(SIGKILL, tsk);
127812 + }
127813 + } while_each_thread(tsk2, tsk);
127814 + read_unlock(&grsec_exec_file_lock);
127815 + read_unlock(&tasklist_lock);
127816 + }
127817 + rcu_read_unlock();
127818 + }
127819 +
127820 + return;
127821 +}
127822 +
127823 +int
127824 +gr_check_crash_exec(const struct file *filp)
127825 +{
127826 + struct acl_subject_label *curr;
127827 + struct dentry *dentry;
127828 +
127829 + if (unlikely(!gr_acl_is_enabled()))
127830 + return 0;
127831 +
127832 + read_lock(&gr_inode_lock);
127833 + dentry = filp->f_path.dentry;
127834 + curr = lookup_acl_subj_label(gr_get_ino_from_dentry(dentry), gr_get_dev_from_dentry(dentry),
127835 + current->role);
127836 + read_unlock(&gr_inode_lock);
127837 +
127838 + if (!curr || !(curr->resmask & (1U << GR_CRASH_RES)) ||
127839 + (!curr->crashes && !curr->expires))
127840 + return 0;
127841 +
127842 + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
127843 + time_after(curr->expires, get_seconds()))
127844 + return 1;
127845 + else if (time_before_eq(curr->expires, get_seconds())) {
127846 + curr->crashes = 0;
127847 + curr->expires = 0;
127848 + }
127849 +
127850 + return 0;
127851 +}
127852 +
127853 +void
127854 +gr_handle_alertkill(struct task_struct *task)
127855 +{
127856 + struct acl_subject_label *curracl;
127857 + __u32 curr_ip;
127858 + struct task_struct *p, *p2;
127859 +
127860 + if (unlikely(!gr_acl_is_enabled()))
127861 + return;
127862 +
127863 + curracl = task->acl;
127864 + curr_ip = task->signal->curr_ip;
127865 +
127866 + if ((curracl->mode & GR_KILLIPPROC) && curr_ip) {
127867 + read_lock(&tasklist_lock);
127868 + do_each_thread(p2, p) {
127869 + if (p->signal->curr_ip == curr_ip)
127870 + gr_fake_force_sig(SIGKILL, p);
127871 + } while_each_thread(p2, p);
127872 + read_unlock(&tasklist_lock);
127873 + } else if (curracl->mode & GR_KILLPROC)
127874 + gr_fake_force_sig(SIGKILL, task);
127875 +
127876 + return;
127877 +}
127878 diff --git a/grsecurity/gracl_shm.c b/grsecurity/gracl_shm.c
127879 new file mode 100644
127880 index 0000000..6b0c9cc
127881 --- /dev/null
127882 +++ b/grsecurity/gracl_shm.c
127883 @@ -0,0 +1,40 @@
127884 +#include <linux/kernel.h>
127885 +#include <linux/mm.h>
127886 +#include <linux/sched.h>
127887 +#include <linux/file.h>
127888 +#include <linux/ipc.h>
127889 +#include <linux/gracl.h>
127890 +#include <linux/grsecurity.h>
127891 +#include <linux/grinternal.h>
127892 +
127893 +int
127894 +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
127895 + const u64 shm_createtime, const kuid_t cuid, const int shmid)
127896 +{
127897 + struct task_struct *task;
127898 +
127899 + if (!gr_acl_is_enabled())
127900 + return 1;
127901 +
127902 + rcu_read_lock();
127903 + read_lock(&tasklist_lock);
127904 +
127905 + task = find_task_by_vpid(shm_cprid);
127906 +
127907 + if (unlikely(!task))
127908 + task = find_task_by_vpid(shm_lapid);
127909 +
127910 + if (unlikely(task && (time_before_eq64(task->start_time, shm_createtime) ||
127911 + (task_pid_nr(task) == shm_lapid)) &&
127912 + (task->acl->mode & GR_PROTSHM) &&
127913 + (task->acl != current->acl))) {
127914 + read_unlock(&tasklist_lock);
127915 + rcu_read_unlock();
127916 + gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, GR_GLOBAL_UID(cuid), shm_cprid, shmid);
127917 + return 0;
127918 + }
127919 + read_unlock(&tasklist_lock);
127920 + rcu_read_unlock();
127921 +
127922 + return 1;
127923 +}
127924 diff --git a/grsecurity/grsec_chdir.c b/grsecurity/grsec_chdir.c
127925 new file mode 100644
127926 index 0000000..bc0be01
127927 --- /dev/null
127928 +++ b/grsecurity/grsec_chdir.c
127929 @@ -0,0 +1,19 @@
127930 +#include <linux/kernel.h>
127931 +#include <linux/sched.h>
127932 +#include <linux/fs.h>
127933 +#include <linux/file.h>
127934 +#include <linux/grsecurity.h>
127935 +#include <linux/grinternal.h>
127936 +
127937 +void
127938 +gr_log_chdir(const struct dentry *dentry, const struct vfsmount *mnt)
127939 +{
127940 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
127941 + if ((grsec_enable_chdir && grsec_enable_group &&
127942 + in_group_p(grsec_audit_gid)) || (grsec_enable_chdir &&
127943 + !grsec_enable_group)) {
127944 + gr_log_fs_generic(GR_DO_AUDIT, GR_CHDIR_AUDIT_MSG, dentry, mnt);
127945 + }
127946 +#endif
127947 + return;
127948 +}
127949 diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c
127950 new file mode 100644
127951 index 0000000..1964ab1c
127952 --- /dev/null
127953 +++ b/grsecurity/grsec_chroot.c
127954 @@ -0,0 +1,506 @@
127955 +#include <linux/kernel.h>
127956 +#include <linux/module.h>
127957 +#include <linux/sched.h>
127958 +#include <linux/file.h>
127959 +#include <linux/fs.h>
127960 +#include <linux/mount.h>
127961 +#include <linux/types.h>
127962 +#include <linux/namei.h>
127963 +#include "../fs/mount.h"
127964 +#include <linux/grsecurity.h>
127965 +#include <linux/grinternal.h>
127966 +
127967 +#ifdef CONFIG_GRKERNSEC_CHROOT_INITRD
127968 +int gr_init_ran;
127969 +#endif
127970 +
127971 +void gr_inc_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt)
127972 +{
127973 +#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME
127974 + struct dentry *tmpd = dentry;
127975 +
127976 + read_seqlock_excl(&mount_lock);
127977 + write_seqlock(&rename_lock);
127978 +
127979 + while (tmpd != mnt->mnt_root) {
127980 + atomic_inc(&tmpd->chroot_refcnt);
127981 + tmpd = tmpd->d_parent;
127982 + }
127983 + atomic_inc(&tmpd->chroot_refcnt);
127984 +
127985 + write_sequnlock(&rename_lock);
127986 + read_sequnlock_excl(&mount_lock);
127987 +#endif
127988 +}
127989 +
127990 +void gr_dec_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt)
127991 +{
127992 +#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME
127993 + struct dentry *tmpd = dentry;
127994 +
127995 + read_seqlock_excl(&mount_lock);
127996 + write_seqlock(&rename_lock);
127997 +
127998 + while (tmpd != mnt->mnt_root) {
127999 + atomic_dec(&tmpd->chroot_refcnt);
128000 + tmpd = tmpd->d_parent;
128001 + }
128002 + atomic_dec(&tmpd->chroot_refcnt);
128003 +
128004 + write_sequnlock(&rename_lock);
128005 + read_sequnlock_excl(&mount_lock);
128006 +#endif
128007 +}
128008 +
128009 +#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME
128010 +static struct dentry *get_closest_chroot(struct dentry *dentry)
128011 +{
128012 + write_seqlock(&rename_lock);
128013 + do {
128014 + if (atomic_read(&dentry->chroot_refcnt)) {
128015 + write_sequnlock(&rename_lock);
128016 + return dentry;
128017 + }
128018 + dentry = dentry->d_parent;
128019 + } while (!IS_ROOT(dentry));
128020 + write_sequnlock(&rename_lock);
128021 + return NULL;
128022 +}
128023 +#endif
128024 +
128025 +int gr_bad_chroot_rename(struct dentry *olddentry, struct vfsmount *oldmnt,
128026 + struct dentry *newdentry, struct vfsmount *newmnt)
128027 +{
128028 +#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME
128029 + struct dentry *chroot;
128030 +
128031 + if (unlikely(!grsec_enable_chroot_rename))
128032 + return 0;
128033 +
128034 + if (likely(!proc_is_chrooted(current) && gr_is_global_root(current_uid())))
128035 + return 0;
128036 +
128037 + chroot = get_closest_chroot(olddentry);
128038 +
128039 + if (chroot == NULL)
128040 + return 0;
128041 +
128042 + if (is_subdir(newdentry, chroot))
128043 + return 0;
128044 +
128045 + gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_RENAME_MSG, olddentry, oldmnt);
128046 +
128047 + return 1;
128048 +#else
128049 + return 0;
128050 +#endif
128051 +}
128052 +
128053 +void gr_set_chroot_entries(struct task_struct *task, const struct path *path)
128054 +{
128055 +#ifdef CONFIG_GRKERNSEC
128056 + if (task_pid_nr(task) > 1 && path->dentry != init_task.fs->root.dentry &&
128057 + path->dentry != task->nsproxy->mnt_ns->root->mnt.mnt_root
128058 +#ifdef CONFIG_GRKERNSEC_CHROOT_INITRD
128059 + && gr_init_ran
128060 +#endif
128061 + )
128062 + task->gr_is_chrooted = 1;
128063 + else {
128064 +#ifdef CONFIG_GRKERNSEC_CHROOT_INITRD
128065 + if (task_pid_nr(task) == 1 && !gr_init_ran)
128066 + gr_init_ran = 1;
128067 +#endif
128068 + task->gr_is_chrooted = 0;
128069 + }
128070 +
128071 + task->gr_chroot_dentry = path->dentry;
128072 +#endif
128073 + return;
128074 +}
128075 +
128076 +void gr_clear_chroot_entries(struct task_struct *task)
128077 +{
128078 +#ifdef CONFIG_GRKERNSEC
128079 + task->gr_is_chrooted = 0;
128080 + task->gr_chroot_dentry = NULL;
128081 +#endif
128082 + return;
128083 +}
128084 +
128085 +int
128086 +gr_handle_chroot_unix(const pid_t pid)
128087 +{
128088 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
128089 + struct task_struct *p;
128090 +
128091 + if (unlikely(!grsec_enable_chroot_unix))
128092 + return 1;
128093 +
128094 + if (likely(!proc_is_chrooted(current)))
128095 + return 1;
128096 +
128097 + rcu_read_lock();
128098 + read_lock(&tasklist_lock);
128099 + p = find_task_by_vpid_unrestricted(pid);
128100 + if (unlikely(p && !have_same_root(current, p))) {
128101 + read_unlock(&tasklist_lock);
128102 + rcu_read_unlock();
128103 + gr_log_noargs(GR_DONT_AUDIT, GR_UNIX_CHROOT_MSG);
128104 + return 0;
128105 + }
128106 + read_unlock(&tasklist_lock);
128107 + rcu_read_unlock();
128108 +#endif
128109 + return 1;
128110 +}
128111 +
128112 +int
128113 +gr_handle_chroot_nice(void)
128114 +{
128115 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
128116 + if (grsec_enable_chroot_nice && proc_is_chrooted(current)) {
128117 + gr_log_noargs(GR_DONT_AUDIT, GR_NICE_CHROOT_MSG);
128118 + return -EPERM;
128119 + }
128120 +#endif
128121 + return 0;
128122 +}
128123 +
128124 +int
128125 +gr_handle_chroot_setpriority(struct task_struct *p, const int niceval)
128126 +{
128127 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
128128 + if (grsec_enable_chroot_nice && (niceval < task_nice(p))
128129 + && proc_is_chrooted(current)) {
128130 + gr_log_str_int(GR_DONT_AUDIT, GR_PRIORITY_CHROOT_MSG, p->comm, task_pid_nr(p));
128131 + return -EACCES;
128132 + }
128133 +#endif
128134 + return 0;
128135 +}
128136 +
128137 +int
128138 +gr_handle_chroot_fowner(struct pid *pid, enum pid_type type)
128139 +{
128140 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
128141 + struct task_struct *p;
128142 + int ret = 0;
128143 + if (!grsec_enable_chroot_findtask || !proc_is_chrooted(current) || !pid)
128144 + return ret;
128145 +
128146 + read_lock(&tasklist_lock);
128147 + do_each_pid_task(pid, type, p) {
128148 + if (!have_same_root(current, p)) {
128149 + ret = 1;
128150 + goto out;
128151 + }
128152 + } while_each_pid_task(pid, type, p);
128153 +out:
128154 + read_unlock(&tasklist_lock);
128155 + return ret;
128156 +#endif
128157 + return 0;
128158 +}
128159 +
128160 +int
128161 +gr_pid_is_chrooted(struct task_struct *p)
128162 +{
128163 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
128164 + if (!grsec_enable_chroot_findtask || !proc_is_chrooted(current) || p == NULL)
128165 + return 0;
128166 +
128167 + if ((p->exit_state & (EXIT_ZOMBIE | EXIT_DEAD)) ||
128168 + !have_same_root(current, p)) {
128169 + return 1;
128170 + }
128171 +#endif
128172 + return 0;
128173 +}
128174 +
128175 +EXPORT_SYMBOL_GPL(gr_pid_is_chrooted);
128176 +
128177 +#if defined(CONFIG_GRKERNSEC_CHROOT_DOUBLE) || defined(CONFIG_GRKERNSEC_CHROOT_FCHDIR)
128178 +int gr_is_outside_chroot(const struct dentry *u_dentry, const struct vfsmount *u_mnt)
128179 +{
128180 + struct path path, currentroot;
128181 + int ret = 0;
128182 +
128183 + path.dentry = (struct dentry *)u_dentry;
128184 + path.mnt = (struct vfsmount *)u_mnt;
128185 + get_fs_root(current->fs, &currentroot);
128186 + if (path_is_under(&path, &currentroot))
128187 + ret = 1;
128188 + path_put(&currentroot);
128189 +
128190 + return ret;
128191 +}
128192 +#endif
128193 +
128194 +int
128195 +gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt)
128196 +{
128197 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
128198 + if (!grsec_enable_chroot_fchdir)
128199 + return 1;
128200 +
128201 + if (!proc_is_chrooted(current))
128202 + return 1;
128203 + else if (!gr_is_outside_chroot(u_dentry, u_mnt)) {
128204 + gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_FCHDIR_MSG, u_dentry, u_mnt);
128205 + return 0;
128206 + }
128207 +#endif
128208 + return 1;
128209 +}
128210 +
128211 +int
128212 +gr_chroot_pathat(int dfd, struct dentry *u_dentry, struct vfsmount *u_mnt, unsigned flags)
128213 +{
128214 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
128215 + struct fd f;
128216 + struct path fd_path;
128217 + struct path file_path;
128218 +
128219 + if (!grsec_enable_chroot_fchdir)
128220 + return 0;
128221 +
128222 + if (!proc_is_chrooted(current) || dfd == -1 || dfd == AT_FDCWD)
128223 + return 0;
128224 +
128225 + if (flags & LOOKUP_RCU)
128226 + return -ECHILD;
128227 +
128228 + f = fdget_raw(dfd);
128229 + if (!f.file)
128230 + return 0;
128231 +
128232 + fd_path = f.file->f_path;
128233 + path_get(&fd_path);
128234 + fdput(f);
128235 +
128236 + file_path.dentry = u_dentry;
128237 + file_path.mnt = u_mnt;
128238 +
128239 + if (!gr_is_outside_chroot(u_dentry, u_mnt) && !path_is_under(&file_path, &fd_path)) {
128240 + path_put(&fd_path);
128241 + gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_PATHAT_MSG, u_dentry, u_mnt);
128242 + return -ENOENT;
128243 + }
128244 + path_put(&fd_path);
128245 +#endif
128246 + return 0;
128247 +}
128248 +
128249 +int
128250 +gr_chroot_fhandle(void)
128251 +{
128252 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
128253 + if (!grsec_enable_chroot_fchdir)
128254 + return 1;
128255 +
128256 + if (!proc_is_chrooted(current))
128257 + return 1;
128258 + else {
128259 + gr_log_noargs(GR_DONT_AUDIT, GR_CHROOT_FHANDLE_MSG);
128260 + return 0;
128261 + }
128262 +#endif
128263 + return 1;
128264 +}
128265 +
128266 +int
128267 +gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
128268 + const u64 shm_createtime)
128269 +{
128270 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
128271 + struct task_struct *p;
128272 +
128273 + if (unlikely(!grsec_enable_chroot_shmat))
128274 + return 1;
128275 +
128276 + if (likely(!proc_is_chrooted(current)))
128277 + return 1;
128278 +
128279 + rcu_read_lock();
128280 + read_lock(&tasklist_lock);
128281 +
128282 + if ((p = find_task_by_vpid_unrestricted(shm_cprid))) {
128283 + if (time_before_eq64(p->start_time, shm_createtime)) {
128284 + if (have_same_root(current, p)) {
128285 + goto allow;
128286 + } else {
128287 + read_unlock(&tasklist_lock);
128288 + rcu_read_unlock();
128289 + gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG);
128290 + return 0;
128291 + }
128292 + }
128293 + /* creator exited, pid reuse, fall through to next check */
128294 + }
128295 + if ((p = find_task_by_vpid_unrestricted(shm_lapid))) {
128296 + if (unlikely(!have_same_root(current, p))) {
128297 + read_unlock(&tasklist_lock);
128298 + rcu_read_unlock();
128299 + gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG);
128300 + return 0;
128301 + }
128302 + }
128303 +
128304 +allow:
128305 + read_unlock(&tasklist_lock);
128306 + rcu_read_unlock();
128307 +#endif
128308 + return 1;
128309 +}
128310 +
128311 +void
128312 +gr_log_chroot_exec(const struct dentry *dentry, const struct vfsmount *mnt)
128313 +{
128314 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
128315 + if (grsec_enable_chroot_execlog && proc_is_chrooted(current))
128316 + gr_log_fs_generic(GR_DO_AUDIT, GR_EXEC_CHROOT_MSG, dentry, mnt);
128317 +#endif
128318 + return;
128319 +}
128320 +
128321 +int
128322 +gr_handle_chroot_mknod(const struct dentry *dentry,
128323 + const struct vfsmount *mnt, const int mode)
128324 +{
128325 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
128326 + if (grsec_enable_chroot_mknod && !S_ISFIFO(mode) && !S_ISREG(mode) &&
128327 + proc_is_chrooted(current)) {
128328 + gr_log_fs_generic(GR_DONT_AUDIT, GR_MKNOD_CHROOT_MSG, dentry, mnt);
128329 + return -EPERM;
128330 + }
128331 +#endif
128332 + return 0;
128333 +}
128334 +
128335 +int
128336 +gr_handle_chroot_mount(const struct dentry *dentry,
128337 + const struct vfsmount *mnt, const char *dev_name)
128338 +{
128339 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
128340 + if (grsec_enable_chroot_mount && proc_is_chrooted(current)) {
128341 + gr_log_str_fs(GR_DONT_AUDIT, GR_MOUNT_CHROOT_MSG, dev_name ? dev_name : "none", dentry, mnt);
128342 + return -EPERM;
128343 + }
128344 +#endif
128345 + return 0;
128346 +}
128347 +
128348 +int
128349 +gr_handle_chroot_pivot(void)
128350 +{
128351 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
128352 + if (grsec_enable_chroot_pivot && proc_is_chrooted(current)) {
128353 + gr_log_noargs(GR_DONT_AUDIT, GR_PIVOT_CHROOT_MSG);
128354 + return -EPERM;
128355 + }
128356 +#endif
128357 + return 0;
128358 +}
128359 +
128360 +int
128361 +gr_handle_chroot_chroot(const struct dentry *dentry, const struct vfsmount *mnt)
128362 +{
128363 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
128364 + if (grsec_enable_chroot_double && proc_is_chrooted(current) &&
128365 + !gr_is_outside_chroot(dentry, mnt)) {
128366 + gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_CHROOT_MSG, dentry, mnt);
128367 + return -EPERM;
128368 + }
128369 +#endif
128370 + return 0;
128371 +}
128372 +
128373 +extern const char *captab_log[];
128374 +extern int captab_log_entries;
128375 +
128376 +int
128377 +gr_task_chroot_is_capable(const struct task_struct *task, const struct cred *cred, const int cap)
128378 +{
128379 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
128380 + if (grsec_enable_chroot_caps && proc_is_chrooted(task)) {
128381 + kernel_cap_t chroot_caps = GR_CHROOT_CAPS;
128382 + if (cap_raised(chroot_caps, cap)) {
128383 + if (cap_raised(cred->cap_effective, cap) && cap < captab_log_entries) {
128384 + gr_log_cap(GR_DONT_AUDIT, GR_CAP_CHROOT_MSG, task, captab_log[cap]);
128385 + }
128386 + return 0;
128387 + }
128388 + }
128389 +#endif
128390 + return 1;
128391 +}
128392 +
128393 +int
128394 +gr_chroot_is_capable(const int cap)
128395 +{
128396 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
128397 + return gr_task_chroot_is_capable(current, current_cred(), cap);
128398 +#endif
128399 + return 1;
128400 +}
128401 +
128402 +int
128403 +gr_task_chroot_is_capable_nolog(const struct task_struct *task, const int cap)
128404 +{
128405 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
128406 + if (grsec_enable_chroot_caps && proc_is_chrooted(task)) {
128407 + kernel_cap_t chroot_caps = GR_CHROOT_CAPS;
128408 + if (cap_raised(chroot_caps, cap)) {
128409 + return 0;
128410 + }
128411 + }
128412 +#endif
128413 + return 1;
128414 +}
128415 +
128416 +int
128417 +gr_chroot_is_capable_nolog(const int cap)
128418 +{
128419 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
128420 + return gr_task_chroot_is_capable_nolog(current, cap);
128421 +#endif
128422 + return 1;
128423 +}
128424 +
128425 +int
128426 +gr_handle_chroot_sysctl(const int op)
128427 +{
128428 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
128429 + if (grsec_enable_chroot_sysctl && (op & MAY_WRITE) &&
128430 + proc_is_chrooted(current))
128431 + return -EACCES;
128432 +#endif
128433 + return 0;
128434 +}
128435 +
128436 +void
128437 +gr_handle_chroot_chdir(const struct path *path)
128438 +{
128439 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
128440 + if (grsec_enable_chroot_chdir)
128441 + set_fs_pwd(current->fs, path);
128442 +#endif
128443 + return;
128444 +}
128445 +
128446 +int
128447 +gr_handle_chroot_chmod(const struct dentry *dentry,
128448 + const struct vfsmount *mnt, const int mode)
128449 +{
128450 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
128451 + /* allow chmod +s on directories, but not files */
128452 + if (grsec_enable_chroot_chmod && !d_is_dir(dentry) &&
128453 + ((mode & S_ISUID) || ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))) &&
128454 + proc_is_chrooted(current)) {
128455 + gr_log_fs_generic(GR_DONT_AUDIT, GR_CHMOD_CHROOT_MSG, dentry, mnt);
128456 + return -EPERM;
128457 + }
128458 +#endif
128459 + return 0;
128460 +}
128461 diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c
128462 new file mode 100644
128463 index 0000000..ba8d997
128464 --- /dev/null
128465 +++ b/grsecurity/grsec_disabled.c
128466 @@ -0,0 +1,445 @@
128467 +#include <linux/kernel.h>
128468 +#include <linux/module.h>
128469 +#include <linux/sched.h>
128470 +#include <linux/file.h>
128471 +#include <linux/fs.h>
128472 +#include <linux/kdev_t.h>
128473 +#include <linux/net.h>
128474 +#include <linux/in.h>
128475 +#include <linux/ip.h>
128476 +#include <linux/skbuff.h>
128477 +#include <linux/sysctl.h>
128478 +
128479 +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
128480 +void
128481 +pax_set_initial_flags(struct linux_binprm *bprm)
128482 +{
128483 + return;
128484 +}
128485 +#endif
128486 +
128487 +#ifdef CONFIG_SYSCTL
128488 +__u32
128489 +gr_handle_sysctl(const struct ctl_table * table, const int op)
128490 +{
128491 + return 0;
128492 +}
128493 +#endif
128494 +
128495 +#ifdef CONFIG_TASKSTATS
128496 +int gr_is_taskstats_denied(int pid)
128497 +{
128498 + return 0;
128499 +}
128500 +#endif
128501 +
128502 +int
128503 +gr_acl_is_enabled(void)
128504 +{
128505 + return 0;
128506 +}
128507 +
128508 +int
128509 +gr_learn_cap(const struct task_struct *task, const struct cred *cred, const int cap, bool log)
128510 +{
128511 + return 0;
128512 +}
128513 +
128514 +void
128515 +gr_handle_proc_create(const struct dentry *dentry, const struct inode *inode)
128516 +{
128517 + return;
128518 +}
128519 +
128520 +int
128521 +gr_handle_rawio(const struct inode *inode)
128522 +{
128523 + return 0;
128524 +}
128525 +
128526 +void
128527 +gr_acl_handle_psacct(struct task_struct *task, const long code)
128528 +{
128529 + return;
128530 +}
128531 +
128532 +int
128533 +gr_handle_ptrace(struct task_struct *task, const long request)
128534 +{
128535 + return 0;
128536 +}
128537 +
128538 +int
128539 +gr_handle_proc_ptrace(struct task_struct *task)
128540 +{
128541 + return 0;
128542 +}
128543 +
128544 +int
128545 +gr_set_acls(const int type)
128546 +{
128547 + return 0;
128548 +}
128549 +
128550 +int
128551 +gr_check_hidden_task(const struct task_struct *tsk)
128552 +{
128553 + return 0;
128554 +}
128555 +
128556 +int
128557 +gr_check_protected_task(const struct task_struct *task)
128558 +{
128559 + return 0;
128560 +}
128561 +
128562 +int
128563 +gr_check_protected_task_fowner(struct pid *pid, enum pid_type type)
128564 +{
128565 + return 0;
128566 +}
128567 +
128568 +void
128569 +gr_copy_label(struct task_struct *tsk)
128570 +{
128571 + return;
128572 +}
128573 +
128574 +void
128575 +gr_set_pax_flags(struct task_struct *task)
128576 +{
128577 + return;
128578 +}
128579 +
128580 +int
128581 +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt,
128582 + const int unsafe_share)
128583 +{
128584 + return 0;
128585 +}
128586 +
128587 +void
128588 +gr_handle_delete(const u64 ino, const dev_t dev)
128589 +{
128590 + return;
128591 +}
128592 +
128593 +void
128594 +gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
128595 +{
128596 + return;
128597 +}
128598 +
128599 +void
128600 +gr_handle_crash(struct task_struct *task, const int sig)
128601 +{
128602 + return;
128603 +}
128604 +
128605 +int
128606 +gr_check_crash_exec(const struct file *filp)
128607 +{
128608 + return 0;
128609 +}
128610 +
128611 +int
128612 +gr_check_crash_uid(const kuid_t uid)
128613 +{
128614 + return 0;
128615 +}
128616 +
128617 +void
128618 +gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
128619 + struct dentry *old_dentry,
128620 + struct dentry *new_dentry,
128621 + struct vfsmount *mnt, const __u8 replace, unsigned int flags)
128622 +{
128623 + return;
128624 +}
128625 +
128626 +int
128627 +gr_search_socket(const int family, const int type, const int protocol)
128628 +{
128629 + return 1;
128630 +}
128631 +
128632 +int
128633 +gr_search_connectbind(const int mode, const struct socket *sock,
128634 + const struct sockaddr_in *addr)
128635 +{
128636 + return 0;
128637 +}
128638 +
128639 +void
128640 +gr_handle_alertkill(struct task_struct *task)
128641 +{
128642 + return;
128643 +}
128644 +
128645 +__u32
128646 +gr_acl_handle_execve(const struct dentry * dentry, const struct vfsmount * mnt)
128647 +{
128648 + return 1;
128649 +}
128650 +
128651 +__u32
128652 +gr_acl_handle_hidden_file(const struct dentry * dentry,
128653 + const struct vfsmount * mnt)
128654 +{
128655 + return 1;
128656 +}
128657 +
128658 +__u32
128659 +gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
128660 + int acc_mode)
128661 +{
128662 + return 1;
128663 +}
128664 +
128665 +__u32
128666 +gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
128667 +{
128668 + return 1;
128669 +}
128670 +
128671 +__u32
128672 +gr_acl_handle_unlink(const struct dentry * dentry, const struct vfsmount * mnt)
128673 +{
128674 + return 1;
128675 +}
128676 +
128677 +int
128678 +gr_acl_handle_mmap(const struct file *file, const unsigned long prot,
128679 + unsigned int *vm_flags)
128680 +{
128681 + return 1;
128682 +}
128683 +
128684 +__u32
128685 +gr_acl_handle_truncate(const struct dentry * dentry,
128686 + const struct vfsmount * mnt)
128687 +{
128688 + return 1;
128689 +}
128690 +
128691 +__u32
128692 +gr_acl_handle_utime(const struct dentry * dentry, const struct vfsmount * mnt)
128693 +{
128694 + return 1;
128695 +}
128696 +
128697 +__u32
128698 +gr_acl_handle_access(const struct dentry * dentry,
128699 + const struct vfsmount * mnt, const int fmode)
128700 +{
128701 + return 1;
128702 +}
128703 +
128704 +__u32
128705 +gr_acl_handle_chmod(const struct dentry * dentry, const struct vfsmount * mnt,
128706 + umode_t *mode)
128707 +{
128708 + return 1;
128709 +}
128710 +
128711 +__u32
128712 +gr_acl_handle_chown(const struct dentry * dentry, const struct vfsmount * mnt)
128713 +{
128714 + return 1;
128715 +}
128716 +
128717 +__u32
128718 +gr_acl_handle_setxattr(const struct dentry * dentry, const struct vfsmount * mnt)
128719 +{
128720 + return 1;
128721 +}
128722 +
128723 +__u32
128724 +gr_acl_handle_removexattr(const struct dentry * dentry, const struct vfsmount * mnt)
128725 +{
128726 + return 1;
128727 +}
128728 +
128729 +void
128730 +grsecurity_init(void)
128731 +{
128732 + return;
128733 +}
128734 +
128735 +umode_t gr_acl_umask(void)
128736 +{
128737 + return 0;
128738 +}
128739 +
128740 +__u32
128741 +gr_acl_handle_mknod(const struct dentry * new_dentry,
128742 + const struct dentry * parent_dentry,
128743 + const struct vfsmount * parent_mnt,
128744 + const int mode)
128745 +{
128746 + return 1;
128747 +}
128748 +
128749 +__u32
128750 +gr_acl_handle_mkdir(const struct dentry * new_dentry,
128751 + const struct dentry * parent_dentry,
128752 + const struct vfsmount * parent_mnt)
128753 +{
128754 + return 1;
128755 +}
128756 +
128757 +__u32
128758 +gr_acl_handle_symlink(const struct dentry * new_dentry,
128759 + const struct dentry * parent_dentry,
128760 + const struct vfsmount * parent_mnt, const struct filename *from)
128761 +{
128762 + return 1;
128763 +}
128764 +
128765 +__u32
128766 +gr_acl_handle_link(const struct dentry * new_dentry,
128767 + const struct dentry * parent_dentry,
128768 + const struct vfsmount * parent_mnt,
128769 + const struct dentry * old_dentry,
128770 + const struct vfsmount * old_mnt, const struct filename *to)
128771 +{
128772 + return 1;
128773 +}
128774 +
128775 +int
128776 +gr_acl_handle_rename(const struct dentry *new_dentry,
128777 + const struct dentry *parent_dentry,
128778 + const struct vfsmount *parent_mnt,
128779 + const struct dentry *old_dentry,
128780 + const struct inode *old_parent_inode,
128781 + const struct vfsmount *old_mnt, const struct filename *newname,
128782 + unsigned int flags)
128783 +{
128784 + return 0;
128785 +}
128786 +
128787 +int
128788 +gr_acl_handle_filldir(const struct file *file, const char *name,
128789 + const int namelen, const u64 ino)
128790 +{
128791 + return 1;
128792 +}
128793 +
128794 +int
128795 +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
128796 + const u64 shm_createtime, const kuid_t cuid, const int shmid)
128797 +{
128798 + return 1;
128799 +}
128800 +
128801 +int
128802 +gr_search_bind(const struct socket *sock, const struct sockaddr_in *addr)
128803 +{
128804 + return 0;
128805 +}
128806 +
128807 +int
128808 +gr_search_accept(const struct socket *sock)
128809 +{
128810 + return 0;
128811 +}
128812 +
128813 +int
128814 +gr_search_listen(const struct socket *sock)
128815 +{
128816 + return 0;
128817 +}
128818 +
128819 +int
128820 +gr_search_connect(const struct socket *sock, const struct sockaddr_in *addr)
128821 +{
128822 + return 0;
128823 +}
128824 +
128825 +__u32
128826 +gr_acl_handle_unix(const struct dentry * dentry, const struct vfsmount * mnt)
128827 +{
128828 + return 1;
128829 +}
128830 +
128831 +__u32
128832 +gr_acl_handle_creat(const struct dentry * dentry,
128833 + const struct dentry * p_dentry,
128834 + const struct vfsmount * p_mnt, int open_flags, int acc_mode,
128835 + const int imode)
128836 +{
128837 + return 1;
128838 +}
128839 +
128840 +void
128841 +gr_acl_handle_exit(void)
128842 +{
128843 + return;
128844 +}
128845 +
128846 +int
128847 +gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
128848 +{
128849 + return 1;
128850 +}
128851 +
128852 +void
128853 +gr_set_role_label(const kuid_t uid, const kgid_t gid)
128854 +{
128855 + return;
128856 +}
128857 +
128858 +int
128859 +gr_acl_handle_procpidmem(const struct task_struct *task)
128860 +{
128861 + return 0;
128862 +}
128863 +
128864 +int
128865 +gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb)
128866 +{
128867 + return 0;
128868 +}
128869 +
128870 +int
128871 +gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr)
128872 +{
128873 + return 0;
128874 +}
128875 +
128876 +int
128877 +gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs)
128878 +{
128879 + return 0;
128880 +}
128881 +
128882 +int
128883 +gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs)
128884 +{
128885 + return 0;
128886 +}
128887 +
128888 +int gr_acl_enable_at_secure(void)
128889 +{
128890 + return 0;
128891 +}
128892 +
128893 +dev_t gr_get_dev_from_dentry(struct dentry *dentry)
128894 +{
128895 + return d_backing_inode(dentry)->i_sb->s_dev;
128896 +}
128897 +
128898 +u64 gr_get_ino_from_dentry(struct dentry *dentry)
128899 +{
128900 + return d_backing_inode(dentry)->i_ino;
128901 +}
128902 +
128903 +void gr_put_exec_file(struct task_struct *task)
128904 +{
128905 + return;
128906 +}
128907 +
128908 +#ifdef CONFIG_SECURITY
128909 +EXPORT_SYMBOL_GPL(gr_check_user_change);
128910 +EXPORT_SYMBOL_GPL(gr_check_group_change);
128911 +#endif
128912 diff --git a/grsecurity/grsec_exec.c b/grsecurity/grsec_exec.c
128913 new file mode 100644
128914 index 0000000..808006e
128915 --- /dev/null
128916 +++ b/grsecurity/grsec_exec.c
128917 @@ -0,0 +1,188 @@
128918 +#include <linux/kernel.h>
128919 +#include <linux/sched.h>
128920 +#include <linux/file.h>
128921 +#include <linux/binfmts.h>
128922 +#include <linux/fs.h>
128923 +#include <linux/types.h>
128924 +#include <linux/grdefs.h>
128925 +#include <linux/grsecurity.h>
128926 +#include <linux/grinternal.h>
128927 +#include <linux/capability.h>
128928 +#include <linux/module.h>
128929 +#include <linux/compat.h>
128930 +
128931 +#include <asm/uaccess.h>
128932 +
128933 +#ifdef CONFIG_GRKERNSEC_EXECLOG
128934 +static char gr_exec_arg_buf[132];
128935 +static DEFINE_MUTEX(gr_exec_arg_mutex);
128936 +#endif
128937 +
128938 +struct user_arg_ptr {
128939 +#ifdef CONFIG_COMPAT
128940 + bool is_compat;
128941 +#endif
128942 + union {
128943 + const char __user *const __user *native;
128944 +#ifdef CONFIG_COMPAT
128945 + const compat_uptr_t __user *compat;
128946 +#endif
128947 + } ptr;
128948 +};
128949 +
128950 +extern const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr);
128951 +
128952 +void
128953 +gr_handle_exec_args(struct linux_binprm *bprm, struct user_arg_ptr argv)
128954 +{
128955 +#ifdef CONFIG_GRKERNSEC_EXECLOG
128956 + char *grarg = gr_exec_arg_buf;
128957 + unsigned int i, x, execlen = 0;
128958 + char c;
128959 +
128960 + if (!((grsec_enable_execlog && grsec_enable_group &&
128961 + in_group_p(grsec_audit_gid))
128962 + || (grsec_enable_execlog && !grsec_enable_group)))
128963 + return;
128964 +
128965 + mutex_lock(&gr_exec_arg_mutex);
128966 + memset(grarg, 0, sizeof(gr_exec_arg_buf));
128967 +
128968 + for (i = 0; i < bprm->argc && execlen < 128; i++) {
128969 + const char __user *p;
128970 + unsigned int len;
128971 +
128972 + p = get_user_arg_ptr(argv, i);
128973 + if (IS_ERR(p))
128974 + goto log;
128975 +
128976 + len = strnlen_user(p, 128 - execlen);
128977 + if (len > 128 - execlen)
128978 + len = 128 - execlen;
128979 + else if (len > 0)
128980 + len--;
128981 + if (copy_from_user(grarg + execlen, p, len))
128982 + goto log;
128983 +
128984 + /* rewrite unprintable characters */
128985 + for (x = 0; x < len; x++) {
128986 + c = *(grarg + execlen + x);
128987 + if (c < 32 || c > 126)
128988 + *(grarg + execlen + x) = ' ';
128989 + }
128990 +
128991 + execlen += len;
128992 + *(grarg + execlen) = ' ';
128993 + *(grarg + execlen + 1) = '\0';
128994 + execlen++;
128995 + }
128996 +
128997 + log:
128998 + gr_log_fs_str(GR_DO_AUDIT, GR_EXEC_AUDIT_MSG, bprm->file->f_path.dentry,
128999 + bprm->file->f_path.mnt, grarg);
129000 + mutex_unlock(&gr_exec_arg_mutex);
129001 +#endif
129002 + return;
129003 +}
129004 +
129005 +#ifdef CONFIG_GRKERNSEC
129006 +extern int gr_acl_is_capable(const int cap);
129007 +extern int gr_acl_is_capable_nolog(const int cap);
129008 +extern int gr_task_acl_is_capable(const struct task_struct *task, const struct cred *cred, const int cap, bool log);
129009 +extern int gr_chroot_is_capable(const int cap);
129010 +extern int gr_chroot_is_capable_nolog(const int cap);
129011 +extern int gr_task_chroot_is_capable(const struct task_struct *task, const struct cred *cred, const int cap);
129012 +extern int gr_task_chroot_is_capable_nolog(const struct task_struct *task, const int cap);
129013 +#endif
129014 +
129015 +const char *captab_log[] = {
129016 + "CAP_CHOWN",
129017 + "CAP_DAC_OVERRIDE",
129018 + "CAP_DAC_READ_SEARCH",
129019 + "CAP_FOWNER",
129020 + "CAP_FSETID",
129021 + "CAP_KILL",
129022 + "CAP_SETGID",
129023 + "CAP_SETUID",
129024 + "CAP_SETPCAP",
129025 + "CAP_LINUX_IMMUTABLE",
129026 + "CAP_NET_BIND_SERVICE",
129027 + "CAP_NET_BROADCAST",
129028 + "CAP_NET_ADMIN",
129029 + "CAP_NET_RAW",
129030 + "CAP_IPC_LOCK",
129031 + "CAP_IPC_OWNER",
129032 + "CAP_SYS_MODULE",
129033 + "CAP_SYS_RAWIO",
129034 + "CAP_SYS_CHROOT",
129035 + "CAP_SYS_PTRACE",
129036 + "CAP_SYS_PACCT",
129037 + "CAP_SYS_ADMIN",
129038 + "CAP_SYS_BOOT",
129039 + "CAP_SYS_NICE",
129040 + "CAP_SYS_RESOURCE",
129041 + "CAP_SYS_TIME",
129042 + "CAP_SYS_TTY_CONFIG",
129043 + "CAP_MKNOD",
129044 + "CAP_LEASE",
129045 + "CAP_AUDIT_WRITE",
129046 + "CAP_AUDIT_CONTROL",
129047 + "CAP_SETFCAP",
129048 + "CAP_MAC_OVERRIDE",
129049 + "CAP_MAC_ADMIN",
129050 + "CAP_SYSLOG",
129051 + "CAP_WAKE_ALARM",
129052 + "CAP_BLOCK_SUSPEND",
129053 + "CAP_AUDIT_READ"
129054 +};
129055 +
129056 +int captab_log_entries = sizeof(captab_log)/sizeof(captab_log[0]);
129057 +
129058 +int gr_is_capable(const int cap)
129059 +{
129060 +#ifdef CONFIG_GRKERNSEC
129061 + if (gr_acl_is_capable(cap) && gr_chroot_is_capable(cap))
129062 + return 1;
129063 + return 0;
129064 +#else
129065 + return 1;
129066 +#endif
129067 +}
129068 +
129069 +int gr_task_is_capable(const struct task_struct *task, const struct cred *cred, const int cap)
129070 +{
129071 +#ifdef CONFIG_GRKERNSEC
129072 + if (gr_task_acl_is_capable(task, cred, cap, true) && gr_task_chroot_is_capable(task, cred, cap))
129073 + return 1;
129074 + return 0;
129075 +#else
129076 + return 1;
129077 +#endif
129078 +}
129079 +
129080 +int gr_is_capable_nolog(const int cap)
129081 +{
129082 +#ifdef CONFIG_GRKERNSEC
129083 + if (gr_acl_is_capable_nolog(cap) && gr_chroot_is_capable_nolog(cap))
129084 + return 1;
129085 + return 0;
129086 +#else
129087 + return 1;
129088 +#endif
129089 +}
129090 +
129091 +int gr_task_is_capable_nolog(const struct task_struct *task, const struct cred *cred, const int cap)
129092 +{
129093 +#ifdef CONFIG_GRKERNSEC
129094 + if (gr_task_acl_is_capable(task, cred, cap, false) && gr_task_chroot_is_capable_nolog(task, cap))
129095 + return 1;
129096 + return 0;
129097 +#else
129098 + return 1;
129099 +#endif
129100 +}
129101 +
129102 +EXPORT_SYMBOL_GPL(gr_is_capable);
129103 +EXPORT_SYMBOL_GPL(gr_is_capable_nolog);
129104 +EXPORT_SYMBOL_GPL(gr_task_is_capable);
129105 +EXPORT_SYMBOL_GPL(gr_task_is_capable_nolog);
129106 diff --git a/grsecurity/grsec_fifo.c b/grsecurity/grsec_fifo.c
129107 new file mode 100644
129108 index 0000000..cdec49b
129109 --- /dev/null
129110 +++ b/grsecurity/grsec_fifo.c
129111 @@ -0,0 +1,26 @@
129112 +#include <linux/kernel.h>
129113 +#include <linux/sched.h>
129114 +#include <linux/fs.h>
129115 +#include <linux/file.h>
129116 +#include <linux/grinternal.h>
129117 +
129118 +int
129119 +gr_handle_fifo(const struct dentry *dentry, const struct vfsmount *mnt,
129120 + const struct dentry *dir, const int flag, const int acc_mode)
129121 +{
129122 +#ifdef CONFIG_GRKERNSEC_FIFO
129123 + const struct cred *cred = current_cred();
129124 + struct inode *inode = d_backing_inode(dentry);
129125 + struct inode *dir_inode = d_backing_inode(dir);
129126 +
129127 + if (grsec_enable_fifo && S_ISFIFO(inode->i_mode) &&
129128 + !(flag & O_EXCL) && (dir_inode->i_mode & S_ISVTX) &&
129129 + !uid_eq(inode->i_uid, dir_inode->i_uid) &&
129130 + !uid_eq(cred->fsuid, inode->i_uid)) {
129131 + if (!inode_permission(inode, acc_mode))
129132 + gr_log_fs_int2(GR_DONT_AUDIT, GR_FIFO_MSG, dentry, mnt, GR_GLOBAL_UID(inode->i_uid), GR_GLOBAL_GID(inode->i_gid));
129133 + return -EACCES;
129134 + }
129135 +#endif
129136 + return 0;
129137 +}
129138 diff --git a/grsecurity/grsec_fork.c b/grsecurity/grsec_fork.c
129139 new file mode 100644
129140 index 0000000..8ca18bf
129141 --- /dev/null
129142 +++ b/grsecurity/grsec_fork.c
129143 @@ -0,0 +1,23 @@
129144 +#include <linux/kernel.h>
129145 +#include <linux/sched.h>
129146 +#include <linux/grsecurity.h>
129147 +#include <linux/grinternal.h>
129148 +#include <linux/errno.h>
129149 +
129150 +void
129151 +gr_log_forkfail(const int retval)
129152 +{
129153 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
129154 + if (grsec_enable_forkfail && (retval == -EAGAIN || retval == -ENOMEM)) {
129155 + switch (retval) {
129156 + case -EAGAIN:
129157 + gr_log_str(GR_DONT_AUDIT, GR_FAILFORK_MSG, "EAGAIN");
129158 + break;
129159 + case -ENOMEM:
129160 + gr_log_str(GR_DONT_AUDIT, GR_FAILFORK_MSG, "ENOMEM");
129161 + break;
129162 + }
129163 + }
129164 +#endif
129165 + return;
129166 +}
129167 diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c
129168 new file mode 100644
129169 index 0000000..6822208
129170 --- /dev/null
129171 +++ b/grsecurity/grsec_init.c
129172 @@ -0,0 +1,294 @@
129173 +#include <linux/kernel.h>
129174 +#include <linux/sched.h>
129175 +#include <linux/mm.h>
129176 +#include <linux/gracl.h>
129177 +#include <linux/slab.h>
129178 +#include <linux/vmalloc.h>
129179 +#include <linux/percpu.h>
129180 +#include <linux/module.h>
129181 +
129182 +int grsec_enable_ptrace_readexec __read_only;
129183 +int grsec_enable_setxid __read_only;
129184 +int grsec_enable_symlinkown __read_only;
129185 +kgid_t grsec_symlinkown_gid __read_only;
129186 +int grsec_enable_brute __read_only;
129187 +int grsec_enable_link __read_only;
129188 +int grsec_enable_dmesg __read_only;
129189 +int grsec_enable_harden_ptrace __read_only;
129190 +int grsec_enable_harden_ipc __read_only;
129191 +int grsec_enable_fifo __read_only;
129192 +int grsec_enable_execlog __read_only;
129193 +int grsec_enable_signal __read_only;
129194 +int grsec_enable_forkfail __read_only;
129195 +int grsec_enable_audit_ptrace __read_only;
129196 +int grsec_enable_time __read_only;
129197 +int grsec_enable_group __read_only;
129198 +kgid_t grsec_audit_gid __read_only;
129199 +int grsec_enable_chdir __read_only;
129200 +int grsec_enable_mount __read_only;
129201 +int grsec_enable_rofs __read_only;
129202 +int grsec_deny_new_usb __read_only;
129203 +int grsec_enable_chroot_findtask __read_only;
129204 +int grsec_enable_chroot_mount __read_only;
129205 +int grsec_enable_chroot_shmat __read_only;
129206 +int grsec_enable_chroot_fchdir __read_only;
129207 +int grsec_enable_chroot_double __read_only;
129208 +int grsec_enable_chroot_pivot __read_only;
129209 +int grsec_enable_chroot_chdir __read_only;
129210 +int grsec_enable_chroot_chmod __read_only;
129211 +int grsec_enable_chroot_mknod __read_only;
129212 +int grsec_enable_chroot_nice __read_only;
129213 +int grsec_enable_chroot_execlog __read_only;
129214 +int grsec_enable_chroot_caps __read_only;
129215 +int grsec_enable_chroot_rename __read_only;
129216 +int grsec_enable_chroot_sysctl __read_only;
129217 +int grsec_enable_chroot_unix __read_only;
129218 +int grsec_enable_tpe __read_only;
129219 +kgid_t grsec_tpe_gid __read_only;
129220 +int grsec_enable_blackhole __read_only;
129221 +#ifdef CONFIG_IPV6_MODULE
129222 +EXPORT_SYMBOL_GPL(grsec_enable_blackhole);
129223 +#endif
129224 +int grsec_lastack_retries __read_only;
129225 +int grsec_enable_tpe_all __read_only;
129226 +int grsec_enable_tpe_invert __read_only;
129227 +int grsec_enable_socket_all __read_only;
129228 +kgid_t grsec_socket_all_gid __read_only;
129229 +int grsec_enable_socket_client __read_only;
129230 +kgid_t grsec_socket_client_gid __read_only;
129231 +int grsec_enable_socket_server __read_only;
129232 +kgid_t grsec_socket_server_gid __read_only;
129233 +int grsec_resource_logging __read_only;
129234 +int grsec_disable_privio __read_only;
129235 +int grsec_enable_log_rwxmaps __read_only;
129236 +int grsec_enable_harden_tty __read_only;
129237 +int grsec_lock __read_only;
129238 +
129239 +DEFINE_SPINLOCK(grsec_alert_lock);
129240 +unsigned long grsec_alert_wtime = 0;
129241 +unsigned long grsec_alert_fyet = 0;
129242 +
129243 +DEFINE_SPINLOCK(grsec_audit_lock);
129244 +
129245 +DEFINE_RWLOCK(grsec_exec_file_lock);
129246 +
129247 +char *gr_shared_page[4];
129248 +
129249 +char *gr_alert_log_fmt;
129250 +char *gr_audit_log_fmt;
129251 +char *gr_alert_log_buf;
129252 +char *gr_audit_log_buf;
129253 +
129254 +extern struct gr_arg *gr_usermode;
129255 +extern unsigned char *gr_system_salt;
129256 +extern unsigned char *gr_system_sum;
129257 +
129258 +void __init
129259 +grsecurity_init(void)
129260 +{
129261 + int j;
129262 + /* create the per-cpu shared pages */
129263 +
129264 +#ifdef CONFIG_X86
129265 + memset((char *)(0x41a + PAGE_OFFSET), 0, 36);
129266 +#endif
129267 +
129268 + for (j = 0; j < 4; j++) {
129269 + gr_shared_page[j] = (char *)__alloc_percpu(PAGE_SIZE, __alignof__(unsigned long long));
129270 + if (gr_shared_page[j] == NULL) {
129271 + panic("Unable to allocate grsecurity shared page");
129272 + return;
129273 + }
129274 + }
129275 +
129276 + /* allocate log buffers */
129277 + gr_alert_log_fmt = kmalloc(512, GFP_KERNEL);
129278 + if (!gr_alert_log_fmt) {
129279 + panic("Unable to allocate grsecurity alert log format buffer");
129280 + return;
129281 + }
129282 + gr_audit_log_fmt = kmalloc(512, GFP_KERNEL);
129283 + if (!gr_audit_log_fmt) {
129284 + panic("Unable to allocate grsecurity audit log format buffer");
129285 + return;
129286 + }
129287 + gr_alert_log_buf = (char *) get_zeroed_page(GFP_KERNEL);
129288 + if (!gr_alert_log_buf) {
129289 + panic("Unable to allocate grsecurity alert log buffer");
129290 + return;
129291 + }
129292 + gr_audit_log_buf = (char *) get_zeroed_page(GFP_KERNEL);
129293 + if (!gr_audit_log_buf) {
129294 + panic("Unable to allocate grsecurity audit log buffer");
129295 + return;
129296 + }
129297 +
129298 + /* allocate memory for authentication structure */
129299 + gr_usermode = kmalloc(sizeof(struct gr_arg), GFP_KERNEL);
129300 + gr_system_salt = kmalloc(GR_SALT_LEN, GFP_KERNEL);
129301 + gr_system_sum = kmalloc(GR_SHA_LEN, GFP_KERNEL);
129302 +
129303 + if (!gr_usermode || !gr_system_salt || !gr_system_sum) {
129304 + panic("Unable to allocate grsecurity authentication structure");
129305 + return;
129306 + }
129307 +
129308 +#ifdef CONFIG_GRKERNSEC_IO
129309 +#if !defined(CONFIG_GRKERNSEC_SYSCTL_DISTRO)
129310 + grsec_disable_privio = 1;
129311 +#elif defined(CONFIG_GRKERNSEC_SYSCTL_ON)
129312 + grsec_disable_privio = 1;
129313 +#else
129314 + grsec_disable_privio = 0;
129315 +#endif
129316 +#endif
129317 +
129318 +#ifdef CONFIG_GRKERNSEC_TPE_INVERT
129319 + /* for backward compatibility, tpe_invert always defaults to on if
129320 + enabled in the kernel
129321 + */
129322 + grsec_enable_tpe_invert = 1;
129323 +#endif
129324 +
129325 +#if !defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_SYSCTL_ON)
129326 +#ifndef CONFIG_GRKERNSEC_SYSCTL
129327 + grsec_lock = 1;
129328 +#endif
129329 +
129330 +#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
129331 + grsec_enable_log_rwxmaps = 1;
129332 +#endif
129333 +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
129334 + grsec_enable_group = 1;
129335 + grsec_audit_gid = KGIDT_INIT(CONFIG_GRKERNSEC_AUDIT_GID);
129336 +#endif
129337 +#ifdef CONFIG_GRKERNSEC_PTRACE_READEXEC
129338 + grsec_enable_ptrace_readexec = 1;
129339 +#endif
129340 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
129341 + grsec_enable_chdir = 1;
129342 +#endif
129343 +#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
129344 + grsec_enable_harden_ptrace = 1;
129345 +#endif
129346 +#ifdef CONFIG_GRKERNSEC_HARDEN_IPC
129347 + grsec_enable_harden_ipc = 1;
129348 +#endif
129349 +#ifdef CONFIG_GRKERNSEC_HARDEN_TTY
129350 + grsec_enable_harden_tty = 1;
129351 +#endif
129352 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
129353 + grsec_enable_mount = 1;
129354 +#endif
129355 +#ifdef CONFIG_GRKERNSEC_LINK
129356 + grsec_enable_link = 1;
129357 +#endif
129358 +#ifdef CONFIG_GRKERNSEC_BRUTE
129359 + grsec_enable_brute = 1;
129360 +#endif
129361 +#ifdef CONFIG_GRKERNSEC_DMESG
129362 + grsec_enable_dmesg = 1;
129363 +#endif
129364 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
129365 + grsec_enable_blackhole = 1;
129366 + grsec_lastack_retries = 4;
129367 +#endif
129368 +#ifdef CONFIG_GRKERNSEC_FIFO
129369 + grsec_enable_fifo = 1;
129370 +#endif
129371 +#ifdef CONFIG_GRKERNSEC_EXECLOG
129372 + grsec_enable_execlog = 1;
129373 +#endif
129374 +#ifdef CONFIG_GRKERNSEC_SETXID
129375 + grsec_enable_setxid = 1;
129376 +#endif
129377 +#ifdef CONFIG_GRKERNSEC_SIGNAL
129378 + grsec_enable_signal = 1;
129379 +#endif
129380 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
129381 + grsec_enable_forkfail = 1;
129382 +#endif
129383 +#ifdef CONFIG_GRKERNSEC_TIME
129384 + grsec_enable_time = 1;
129385 +#endif
129386 +#ifdef CONFIG_GRKERNSEC_RESLOG
129387 + grsec_resource_logging = 1;
129388 +#endif
129389 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
129390 + grsec_enable_chroot_findtask = 1;
129391 +#endif
129392 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
129393 + grsec_enable_chroot_unix = 1;
129394 +#endif
129395 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
129396 + grsec_enable_chroot_mount = 1;
129397 +#endif
129398 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
129399 + grsec_enable_chroot_fchdir = 1;
129400 +#endif
129401 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
129402 + grsec_enable_chroot_shmat = 1;
129403 +#endif
129404 +#ifdef CONFIG_GRKERNSEC_AUDIT_PTRACE
129405 + grsec_enable_audit_ptrace = 1;
129406 +#endif
129407 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
129408 + grsec_enable_chroot_double = 1;
129409 +#endif
129410 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
129411 + grsec_enable_chroot_pivot = 1;
129412 +#endif
129413 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
129414 + grsec_enable_chroot_chdir = 1;
129415 +#endif
129416 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
129417 + grsec_enable_chroot_chmod = 1;
129418 +#endif
129419 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
129420 + grsec_enable_chroot_mknod = 1;
129421 +#endif
129422 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
129423 + grsec_enable_chroot_nice = 1;
129424 +#endif
129425 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
129426 + grsec_enable_chroot_execlog = 1;
129427 +#endif
129428 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
129429 + grsec_enable_chroot_caps = 1;
129430 +#endif
129431 +#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME
129432 + grsec_enable_chroot_rename = 1;
129433 +#endif
129434 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
129435 + grsec_enable_chroot_sysctl = 1;
129436 +#endif
129437 +#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
129438 + grsec_enable_symlinkown = 1;
129439 + grsec_symlinkown_gid = KGIDT_INIT(CONFIG_GRKERNSEC_SYMLINKOWN_GID);
129440 +#endif
129441 +#ifdef CONFIG_GRKERNSEC_TPE
129442 + grsec_enable_tpe = 1;
129443 + grsec_tpe_gid = KGIDT_INIT(CONFIG_GRKERNSEC_TPE_GID);
129444 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
129445 + grsec_enable_tpe_all = 1;
129446 +#endif
129447 +#endif
129448 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
129449 + grsec_enable_socket_all = 1;
129450 + grsec_socket_all_gid = KGIDT_INIT(CONFIG_GRKERNSEC_SOCKET_ALL_GID);
129451 +#endif
129452 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
129453 + grsec_enable_socket_client = 1;
129454 + grsec_socket_client_gid = KGIDT_INIT(CONFIG_GRKERNSEC_SOCKET_CLIENT_GID);
129455 +#endif
129456 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
129457 + grsec_enable_socket_server = 1;
129458 + grsec_socket_server_gid = KGIDT_INIT(CONFIG_GRKERNSEC_SOCKET_SERVER_GID);
129459 +#endif
129460 +#endif
129461 +#ifdef CONFIG_GRKERNSEC_DENYUSB_FORCE
129462 + grsec_deny_new_usb = 1;
129463 +#endif
129464 +
129465 + return;
129466 +}
129467 diff --git a/grsecurity/grsec_ipc.c b/grsecurity/grsec_ipc.c
129468 new file mode 100644
129469 index 0000000..6a8ed69
129470 --- /dev/null
129471 +++ b/grsecurity/grsec_ipc.c
129472 @@ -0,0 +1,48 @@
129473 +#include <linux/kernel.h>
129474 +#include <linux/mm.h>
129475 +#include <linux/sched.h>
129476 +#include <linux/file.h>
129477 +#include <linux/ipc.h>
129478 +#include <linux/ipc_namespace.h>
129479 +#include <linux/grsecurity.h>
129480 +#include <linux/grinternal.h>
129481 +
129482 +int
129483 +gr_ipc_permitted(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp, int requested_mode, int granted_mode)
129484 +{
129485 +#ifdef CONFIG_GRKERNSEC_HARDEN_IPC
129486 + int write;
129487 + int orig_granted_mode;
129488 + kuid_t euid;
129489 + kgid_t egid;
129490 +
129491 + if (!grsec_enable_harden_ipc)
129492 + return 1;
129493 +
129494 + euid = current_euid();
129495 + egid = current_egid();
129496 +
129497 + write = requested_mode & 00002;
129498 + orig_granted_mode = ipcp->mode;
129499 +
129500 + if (uid_eq(euid, ipcp->cuid) || uid_eq(euid, ipcp->uid))
129501 + orig_granted_mode >>= 6;
129502 + else {
129503 + /* if likely wrong permissions, lock to user */
129504 + if (orig_granted_mode & 0007)
129505 + orig_granted_mode = 0;
129506 + /* otherwise do a egid-only check */
129507 + else if (gid_eq(egid, ipcp->cgid) || gid_eq(egid, ipcp->gid))
129508 + orig_granted_mode >>= 3;
129509 + /* otherwise, no access */
129510 + else
129511 + orig_granted_mode = 0;
129512 + }
129513 + if (!(requested_mode & ~granted_mode & 0007) && (requested_mode & ~orig_granted_mode & 0007) &&
129514 + !ns_capable_noaudit(ns->user_ns, CAP_IPC_OWNER)) {
129515 + gr_log_str_int(GR_DONT_AUDIT, GR_IPC_DENIED_MSG, write ? "write" : "read", GR_GLOBAL_UID(ipcp->cuid));
129516 + return 0;
129517 + }
129518 +#endif
129519 + return 1;
129520 +}
129521 diff --git a/grsecurity/grsec_link.c b/grsecurity/grsec_link.c
129522 new file mode 100644
129523 index 0000000..84c44a0
129524 --- /dev/null
129525 +++ b/grsecurity/grsec_link.c
129526 @@ -0,0 +1,65 @@
129527 +#include <linux/kernel.h>
129528 +#include <linux/sched.h>
129529 +#include <linux/fs.h>
129530 +#include <linux/file.h>
129531 +#include <linux/grinternal.h>
129532 +
129533 +int gr_get_symlinkown_enabled(void)
129534 +{
129535 +#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
129536 + if (grsec_enable_symlinkown && in_group_p(grsec_symlinkown_gid))
129537 + return 1;
129538 +#endif
129539 + return 0;
129540 +}
129541 +
129542 +int gr_handle_symlink_owner(const struct path *link, const struct inode *target)
129543 +{
129544 +#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
129545 + const struct inode *link_inode = d_backing_inode(link->dentry);
129546 +
129547 + if (target && !uid_eq(link_inode->i_uid, target->i_uid)) {
129548 + gr_log_fs_int2(GR_DONT_AUDIT, GR_SYMLINKOWNER_MSG, link->dentry, link->mnt, GR_GLOBAL_UID(link_inode->i_uid), GR_GLOBAL_UID(target->i_uid));
129549 + return 1;
129550 + }
129551 +#endif
129552 + return 0;
129553 +}
129554 +
129555 +int
129556 +gr_handle_follow_link(const struct dentry *dentry, const struct vfsmount *mnt)
129557 +{
129558 +#ifdef CONFIG_GRKERNSEC_LINK
129559 + struct inode *inode = d_backing_inode(dentry);
129560 + struct inode *parent = d_backing_inode(dentry->d_parent);
129561 + const struct cred *cred = current_cred();
129562 +
129563 + if (grsec_enable_link && d_is_symlink(dentry) &&
129564 + (parent->i_mode & S_ISVTX) && !uid_eq(parent->i_uid, inode->i_uid) &&
129565 + (parent->i_mode & S_IWOTH) && !uid_eq(cred->fsuid, inode->i_uid)) {
129566 + gr_log_fs_int2(GR_DONT_AUDIT, GR_SYMLINK_MSG, dentry, mnt, GR_GLOBAL_UID(inode->i_uid), GR_GLOBAL_GID(inode->i_gid));
129567 + return -EACCES;
129568 + }
129569 +#endif
129570 + return 0;
129571 +}
129572 +
129573 +int
129574 +gr_handle_hardlink(const struct dentry *dentry,
129575 + const struct vfsmount *mnt,
129576 + const struct filename *to)
129577 +{
129578 +#ifdef CONFIG_GRKERNSEC_LINK
129579 + struct inode *inode = d_backing_inode(dentry);
129580 + const struct cred *cred = current_cred();
129581 +
129582 + if (grsec_enable_link && !uid_eq(cred->fsuid, inode->i_uid) &&
129583 + (!d_is_reg(dentry) || is_privileged_binary(dentry) ||
129584 + (inode_permission(inode, MAY_READ | MAY_WRITE))) &&
129585 + !capable(CAP_FOWNER) && gr_is_global_nonroot(cred->uid)) {
129586 + gr_log_fs_int2_str(GR_DONT_AUDIT, GR_HARDLINK_MSG, dentry, mnt, GR_GLOBAL_UID(inode->i_uid), GR_GLOBAL_GID(inode->i_gid), to->name);
129587 + return -EPERM;
129588 + }
129589 +#endif
129590 + return 0;
129591 +}
129592 diff --git a/grsecurity/grsec_log.c b/grsecurity/grsec_log.c
129593 new file mode 100644
129594 index 0000000..a24b338
129595 --- /dev/null
129596 +++ b/grsecurity/grsec_log.c
129597 @@ -0,0 +1,340 @@
129598 +#include <linux/kernel.h>
129599 +#include <linux/sched.h>
129600 +#include <linux/file.h>
129601 +#include <linux/tty.h>
129602 +#include <linux/fs.h>
129603 +#include <linux/mm.h>
129604 +#include <linux/grinternal.h>
129605 +
129606 +#ifdef CONFIG_TREE_PREEMPT_RCU
129607 +#define DISABLE_PREEMPT() preempt_disable()
129608 +#define ENABLE_PREEMPT() preempt_enable()
129609 +#else
129610 +#define DISABLE_PREEMPT()
129611 +#define ENABLE_PREEMPT()
129612 +#endif
129613 +
129614 +#define BEGIN_LOCKS(x) \
129615 + DISABLE_PREEMPT(); \
129616 + rcu_read_lock(); \
129617 + read_lock(&tasklist_lock); \
129618 + read_lock(&grsec_exec_file_lock); \
129619 + if (x != GR_DO_AUDIT) \
129620 + spin_lock(&grsec_alert_lock); \
129621 + else \
129622 + spin_lock(&grsec_audit_lock)
129623 +
129624 +#define END_LOCKS(x) \
129625 + if (x != GR_DO_AUDIT) \
129626 + spin_unlock(&grsec_alert_lock); \
129627 + else \
129628 + spin_unlock(&grsec_audit_lock); \
129629 + read_unlock(&grsec_exec_file_lock); \
129630 + read_unlock(&tasklist_lock); \
129631 + rcu_read_unlock(); \
129632 + ENABLE_PREEMPT(); \
129633 + if (x == GR_DONT_AUDIT) \
129634 + gr_handle_alertkill(current)
129635 +
129636 +enum {
129637 + FLOODING,
129638 + NO_FLOODING
129639 +};
129640 +
129641 +extern char *gr_alert_log_fmt;
129642 +extern char *gr_audit_log_fmt;
129643 +extern char *gr_alert_log_buf;
129644 +extern char *gr_audit_log_buf;
129645 +
129646 +static int gr_log_start(int audit)
129647 +{
129648 + char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT;
129649 + char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt;
129650 + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
129651 +#if (CONFIG_GRKERNSEC_FLOODTIME > 0 && CONFIG_GRKERNSEC_FLOODBURST > 0)
129652 + unsigned long curr_secs = get_seconds();
129653 +
129654 + if (audit == GR_DO_AUDIT)
129655 + goto set_fmt;
129656 +
129657 + if (!grsec_alert_wtime || time_after(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
129658 + grsec_alert_wtime = curr_secs;
129659 + grsec_alert_fyet = 0;
129660 + } else if (time_before_eq(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)
129661 + && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) {
129662 + grsec_alert_fyet++;
129663 + } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
129664 + grsec_alert_wtime = curr_secs;
129665 + grsec_alert_fyet++;
129666 + printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
129667 + return FLOODING;
129668 + }
129669 + else return FLOODING;
129670 +
129671 +set_fmt:
129672 +#endif
129673 + memset(buf, 0, PAGE_SIZE);
129674 + if (current->signal->curr_ip && gr_acl_is_enabled()) {
129675 + sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: (%.64s:%c:%.950s) ");
129676 + snprintf(buf, PAGE_SIZE - 1, fmt, &current->signal->curr_ip, current->role->rolename, gr_roletype_to_char(), current->acl->filename);
129677 + } else if (current->signal->curr_ip) {
129678 + sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: ");
129679 + snprintf(buf, PAGE_SIZE - 1, fmt, &current->signal->curr_ip);
129680 + } else if (gr_acl_is_enabled()) {
129681 + sprintf(fmt, "%s%s", loglevel, "grsec: (%.64s:%c:%.950s) ");
129682 + snprintf(buf, PAGE_SIZE - 1, fmt, current->role->rolename, gr_roletype_to_char(), current->acl->filename);
129683 + } else {
129684 + sprintf(fmt, "%s%s", loglevel, "grsec: ");
129685 + strcpy(buf, fmt);
129686 + }
129687 +
129688 + return NO_FLOODING;
129689 +}
129690 +
129691 +static void gr_log_middle(int audit, const char *msg, va_list ap)
129692 + __attribute__ ((format (printf, 2, 0)));
129693 +
129694 +static void gr_log_middle(int audit, const char *msg, va_list ap)
129695 +{
129696 + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
129697 + unsigned int len = strlen(buf);
129698 +
129699 + vsnprintf(buf + len, PAGE_SIZE - len - 1, msg, ap);
129700 +
129701 + return;
129702 +}
129703 +
129704 +static void gr_log_middle_varargs(int audit, const char *msg, ...)
129705 + __attribute__ ((format (printf, 2, 3)));
129706 +
129707 +static void gr_log_middle_varargs(int audit, const char *msg, ...)
129708 +{
129709 + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
129710 + unsigned int len = strlen(buf);
129711 + va_list ap;
129712 +
129713 + va_start(ap, msg);
129714 + vsnprintf(buf + len, PAGE_SIZE - len - 1, msg, ap);
129715 + va_end(ap);
129716 +
129717 + return;
129718 +}
129719 +
129720 +static void gr_log_end(int audit, int append_default)
129721 +{
129722 + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
129723 + if (append_default) {
129724 + struct task_struct *task = current;
129725 + struct task_struct *parent = task->real_parent;
129726 + const struct cred *cred = __task_cred(task);
129727 + const struct cred *pcred = __task_cred(parent);
129728 + unsigned int len = strlen(buf);
129729 +
129730 + snprintf(buf + len, PAGE_SIZE - len - 1, DEFAULTSECMSG, gr_task_fullpath(task), task->comm, task_pid_nr(task), GR_GLOBAL_UID(cred->uid), GR_GLOBAL_UID(cred->euid), GR_GLOBAL_GID(cred->gid), GR_GLOBAL_GID(cred->egid), gr_parent_task_fullpath(task), parent->comm, task_pid_nr(task->real_parent), GR_GLOBAL_UID(pcred->uid), GR_GLOBAL_UID(pcred->euid), GR_GLOBAL_GID(pcred->gid), GR_GLOBAL_GID(pcred->egid));
129731 + }
129732 +
129733 + printk("%s\n", buf);
129734 +
129735 + return;
129736 +}
129737 +
129738 +void gr_log_varargs(int audit, const char *msg, int argtypes, ...)
129739 +{
129740 + int logtype;
129741 + char *result = (audit == GR_DO_AUDIT) ? "successful" : "denied";
129742 + char *str1 = NULL, *str2 = NULL, *str3 = NULL;
129743 + void *voidptr = NULL;
129744 + int num1 = 0, num2 = 0;
129745 + unsigned long ulong1 = 0, ulong2 = 0;
129746 + struct dentry *dentry = NULL;
129747 + struct vfsmount *mnt = NULL;
129748 + struct file *file = NULL;
129749 + struct task_struct *task = NULL;
129750 + struct vm_area_struct *vma = NULL;
129751 + const struct cred *cred, *pcred;
129752 + va_list ap;
129753 +
129754 + BEGIN_LOCKS(audit);
129755 + logtype = gr_log_start(audit);
129756 + if (logtype == FLOODING) {
129757 + END_LOCKS(audit);
129758 + return;
129759 + }
129760 + va_start(ap, argtypes);
129761 + switch (argtypes) {
129762 + case GR_TTYSNIFF:
129763 + task = va_arg(ap, struct task_struct *);
129764 + gr_log_middle_varargs(audit, msg, &task->signal->curr_ip, gr_task_fullpath0(task), task->comm, task_pid_nr(task), gr_parent_task_fullpath0(task), task->real_parent->comm, task_pid_nr(task->real_parent));
129765 + break;
129766 + case GR_SYSCTL_HIDDEN:
129767 + str1 = va_arg(ap, char *);
129768 + gr_log_middle_varargs(audit, msg, result, str1);
129769 + break;
129770 + case GR_RBAC:
129771 + dentry = va_arg(ap, struct dentry *);
129772 + mnt = va_arg(ap, struct vfsmount *);
129773 + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt));
129774 + break;
129775 + case GR_RBAC_STR:
129776 + dentry = va_arg(ap, struct dentry *);
129777 + mnt = va_arg(ap, struct vfsmount *);
129778 + str1 = va_arg(ap, char *);
129779 + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1);
129780 + break;
129781 + case GR_STR_RBAC:
129782 + str1 = va_arg(ap, char *);
129783 + dentry = va_arg(ap, struct dentry *);
129784 + mnt = va_arg(ap, struct vfsmount *);
129785 + gr_log_middle_varargs(audit, msg, result, str1, gr_to_filename(dentry, mnt));
129786 + break;
129787 + case GR_RBAC_MODE2:
129788 + dentry = va_arg(ap, struct dentry *);
129789 + mnt = va_arg(ap, struct vfsmount *);
129790 + str1 = va_arg(ap, char *);
129791 + str2 = va_arg(ap, char *);
129792 + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2);
129793 + break;
129794 + case GR_RBAC_MODE3:
129795 + dentry = va_arg(ap, struct dentry *);
129796 + mnt = va_arg(ap, struct vfsmount *);
129797 + str1 = va_arg(ap, char *);
129798 + str2 = va_arg(ap, char *);
129799 + str3 = va_arg(ap, char *);
129800 + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2, str3);
129801 + break;
129802 + case GR_FILENAME:
129803 + dentry = va_arg(ap, struct dentry *);
129804 + mnt = va_arg(ap, struct vfsmount *);
129805 + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt));
129806 + break;
129807 + case GR_STR_FILENAME:
129808 + str1 = va_arg(ap, char *);
129809 + dentry = va_arg(ap, struct dentry *);
129810 + mnt = va_arg(ap, struct vfsmount *);
129811 + gr_log_middle_varargs(audit, msg, str1, gr_to_filename(dentry, mnt));
129812 + break;
129813 + case GR_FILENAME_STR:
129814 + dentry = va_arg(ap, struct dentry *);
129815 + mnt = va_arg(ap, struct vfsmount *);
129816 + str1 = va_arg(ap, char *);
129817 + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), str1);
129818 + break;
129819 + case GR_FILENAME_TWO_INT:
129820 + dentry = va_arg(ap, struct dentry *);
129821 + mnt = va_arg(ap, struct vfsmount *);
129822 + num1 = va_arg(ap, int);
129823 + num2 = va_arg(ap, int);
129824 + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2);
129825 + break;
129826 + case GR_FILENAME_TWO_INT_STR:
129827 + dentry = va_arg(ap, struct dentry *);
129828 + mnt = va_arg(ap, struct vfsmount *);
129829 + num1 = va_arg(ap, int);
129830 + num2 = va_arg(ap, int);
129831 + str1 = va_arg(ap, char *);
129832 + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2, str1);
129833 + break;
129834 + case GR_TEXTREL:
129835 + str1 = va_arg(ap, char *);
129836 + file = va_arg(ap, struct file *);
129837 + ulong1 = va_arg(ap, unsigned long);
129838 + ulong2 = va_arg(ap, unsigned long);
129839 + gr_log_middle_varargs(audit, msg, str1, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : "<anonymous mapping>", ulong1, ulong2);
129840 + break;
129841 + case GR_PTRACE:
129842 + task = va_arg(ap, struct task_struct *);
129843 + gr_log_middle_varargs(audit, msg, task->exec_file ? gr_to_filename(task->exec_file->f_path.dentry, task->exec_file->f_path.mnt) : "(none)", task->comm, task_pid_nr(task));
129844 + break;
129845 + case GR_RESOURCE:
129846 + task = va_arg(ap, struct task_struct *);
129847 + cred = __task_cred(task);
129848 + pcred = __task_cred(task->real_parent);
129849 + ulong1 = va_arg(ap, unsigned long);
129850 + str1 = va_arg(ap, char *);
129851 + ulong2 = va_arg(ap, unsigned long);
129852 + gr_log_middle_varargs(audit, msg, ulong1, str1, ulong2, gr_task_fullpath(task), task->comm, task_pid_nr(task), GR_GLOBAL_UID(cred->uid), GR_GLOBAL_UID(cred->euid), GR_GLOBAL_GID(cred->gid), GR_GLOBAL_GID(cred->egid), gr_parent_task_fullpath(task), task->real_parent->comm, task_pid_nr(task->real_parent), GR_GLOBAL_UID(pcred->uid), GR_GLOBAL_UID(pcred->euid), GR_GLOBAL_GID(pcred->gid), GR_GLOBAL_GID(pcred->egid));
129853 + break;
129854 + case GR_CAP:
129855 + task = va_arg(ap, struct task_struct *);
129856 + cred = __task_cred(task);
129857 + pcred = __task_cred(task->real_parent);
129858 + str1 = va_arg(ap, char *);
129859 + gr_log_middle_varargs(audit, msg, str1, gr_task_fullpath(task), task->comm, task_pid_nr(task), GR_GLOBAL_UID(cred->uid), GR_GLOBAL_UID(cred->euid), GR_GLOBAL_GID(cred->gid), GR_GLOBAL_GID(cred->egid), gr_parent_task_fullpath(task), task->real_parent->comm, task_pid_nr(task->real_parent), GR_GLOBAL_UID(pcred->uid), GR_GLOBAL_UID(pcred->euid), GR_GLOBAL_GID(pcred->gid), GR_GLOBAL_GID(pcred->egid));
129860 + break;
129861 + case GR_SIG:
129862 + str1 = va_arg(ap, char *);
129863 + voidptr = va_arg(ap, void *);
129864 + gr_log_middle_varargs(audit, msg, str1, voidptr);
129865 + break;
129866 + case GR_SIG2:
129867 + task = va_arg(ap, struct task_struct *);
129868 + cred = __task_cred(task);
129869 + pcred = __task_cred(task->real_parent);
129870 + num1 = va_arg(ap, int);
129871 + gr_log_middle_varargs(audit, msg, num1, gr_task_fullpath0(task), task->comm, task_pid_nr(task), GR_GLOBAL_UID(cred->uid), GR_GLOBAL_UID(cred->euid), GR_GLOBAL_GID(cred->gid), GR_GLOBAL_GID(cred->egid), gr_parent_task_fullpath0(task), task->real_parent->comm, task_pid_nr(task->real_parent), GR_GLOBAL_UID(pcred->uid), GR_GLOBAL_UID(pcred->euid), GR_GLOBAL_GID(pcred->gid), GR_GLOBAL_GID(pcred->egid));
129872 + break;
129873 + case GR_CRASH1:
129874 + task = va_arg(ap, struct task_struct *);
129875 + cred = __task_cred(task);
129876 + pcred = __task_cred(task->real_parent);
129877 + ulong1 = va_arg(ap, unsigned long);
129878 + gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task_pid_nr(task), GR_GLOBAL_UID(cred->uid), GR_GLOBAL_UID(cred->euid), GR_GLOBAL_GID(cred->gid), GR_GLOBAL_GID(cred->egid), gr_parent_task_fullpath(task), task->real_parent->comm, task_pid_nr(task->real_parent), GR_GLOBAL_UID(pcred->uid), GR_GLOBAL_UID(pcred->euid), GR_GLOBAL_GID(pcred->gid), GR_GLOBAL_GID(pcred->egid), GR_GLOBAL_UID(cred->uid), ulong1);
129879 + break;
129880 + case GR_CRASH2:
129881 + task = va_arg(ap, struct task_struct *);
129882 + cred = __task_cred(task);
129883 + pcred = __task_cred(task->real_parent);
129884 + ulong1 = va_arg(ap, unsigned long);
129885 + gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task_pid_nr(task), GR_GLOBAL_UID(cred->uid), GR_GLOBAL_UID(cred->euid), GR_GLOBAL_GID(cred->gid), GR_GLOBAL_GID(cred->egid), gr_parent_task_fullpath(task), task->real_parent->comm, task_pid_nr(task->real_parent), GR_GLOBAL_UID(pcred->uid), GR_GLOBAL_UID(pcred->euid), GR_GLOBAL_GID(pcred->gid), GR_GLOBAL_GID(pcred->egid), ulong1);
129886 + break;
129887 + case GR_RWXMAP:
129888 + file = va_arg(ap, struct file *);
129889 + gr_log_middle_varargs(audit, msg, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : "<anonymous mapping>");
129890 + break;
129891 + case GR_RWXMAPVMA:
129892 + vma = va_arg(ap, struct vm_area_struct *);
129893 + if (vma->vm_file)
129894 + str1 = gr_to_filename(vma->vm_file->f_path.dentry, vma->vm_file->f_path.mnt);
129895 + else if (vma->vm_flags & (VM_GROWSDOWN | VM_GROWSUP))
129896 + str1 = "<stack>";
129897 + else if (vma->vm_start <= current->mm->brk &&
129898 + vma->vm_end >= current->mm->start_brk)
129899 + str1 = "<heap>";
129900 + else
129901 + str1 = "<anonymous mapping>";
129902 + gr_log_middle_varargs(audit, msg, str1);
129903 + break;
129904 + case GR_PSACCT:
129905 + {
129906 + unsigned int wday, cday;
129907 + __u8 whr, chr;
129908 + __u8 wmin, cmin;
129909 + __u8 wsec, csec;
129910 +
129911 + task = va_arg(ap, struct task_struct *);
129912 + wday = va_arg(ap, unsigned int);
129913 + cday = va_arg(ap, unsigned int);
129914 + whr = va_arg(ap, int);
129915 + chr = va_arg(ap, int);
129916 + wmin = va_arg(ap, int);
129917 + cmin = va_arg(ap, int);
129918 + wsec = va_arg(ap, int);
129919 + csec = va_arg(ap, int);
129920 + ulong1 = va_arg(ap, unsigned long);
129921 + cred = __task_cred(task);
129922 + pcred = __task_cred(task->real_parent);
129923 +
129924 + gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task_pid_nr(task), &task->signal->curr_ip, tty_name(task->signal->tty), GR_GLOBAL_UID(cred->uid), GR_GLOBAL_UID(cred->euid), GR_GLOBAL_GID(cred->gid), GR_GLOBAL_GID(cred->egid), wday, whr, wmin, wsec, cday, chr, cmin, csec, (task->flags & PF_SIGNALED) ? "killed by signal" : "exited", ulong1, gr_parent_task_fullpath(task), task->real_parent->comm, task_pid_nr(task->real_parent), &task->real_parent->signal->curr_ip, tty_name(task->real_parent->signal->tty), GR_GLOBAL_UID(pcred->uid), GR_GLOBAL_UID(pcred->euid), GR_GLOBAL_GID(pcred->gid), GR_GLOBAL_GID(pcred->egid));
129925 + }
129926 + break;
129927 + default:
129928 + gr_log_middle(audit, msg, ap);
129929 + }
129930 + va_end(ap);
129931 + // these don't need DEFAULTSECARGS printed on the end
129932 + if (argtypes == GR_CRASH1 || argtypes == GR_CRASH2)
129933 + gr_log_end(audit, 0);
129934 + else
129935 + gr_log_end(audit, 1);
129936 + END_LOCKS(audit);
129937 +}
129938 diff --git a/grsecurity/grsec_mem.c b/grsecurity/grsec_mem.c
129939 new file mode 100644
129940 index 0000000..0e39d8c
129941 --- /dev/null
129942 +++ b/grsecurity/grsec_mem.c
129943 @@ -0,0 +1,48 @@
129944 +#include <linux/kernel.h>
129945 +#include <linux/sched.h>
129946 +#include <linux/mm.h>
129947 +#include <linux/mman.h>
129948 +#include <linux/module.h>
129949 +#include <linux/grinternal.h>
129950 +
129951 +void gr_handle_msr_write(void)
129952 +{
129953 + gr_log_noargs(GR_DONT_AUDIT, GR_MSRWRITE_MSG);
129954 + return;
129955 +}
129956 +EXPORT_SYMBOL_GPL(gr_handle_msr_write);
129957 +
129958 +void
129959 +gr_handle_ioperm(void)
129960 +{
129961 + gr_log_noargs(GR_DONT_AUDIT, GR_IOPERM_MSG);
129962 + return;
129963 +}
129964 +
129965 +void
129966 +gr_handle_iopl(void)
129967 +{
129968 + gr_log_noargs(GR_DONT_AUDIT, GR_IOPL_MSG);
129969 + return;
129970 +}
129971 +
129972 +void
129973 +gr_handle_mem_readwrite(u64 from, u64 to)
129974 +{
129975 + gr_log_two_u64(GR_DONT_AUDIT, GR_MEM_READWRITE_MSG, from, to);
129976 + return;
129977 +}
129978 +
129979 +void
129980 +gr_handle_vm86(void)
129981 +{
129982 + gr_log_noargs(GR_DONT_AUDIT, GR_VM86_MSG);
129983 + return;
129984 +}
129985 +
129986 +void
129987 +gr_log_badprocpid(const char *entry)
129988 +{
129989 + gr_log_str(GR_DONT_AUDIT, GR_BADPROCPID_MSG, entry);
129990 + return;
129991 +}
129992 diff --git a/grsecurity/grsec_mount.c b/grsecurity/grsec_mount.c
129993 new file mode 100644
129994 index 0000000..fe02bf4
129995 --- /dev/null
129996 +++ b/grsecurity/grsec_mount.c
129997 @@ -0,0 +1,65 @@
129998 +#include <linux/kernel.h>
129999 +#include <linux/sched.h>
130000 +#include <linux/mount.h>
130001 +#include <linux/major.h>
130002 +#include <linux/grsecurity.h>
130003 +#include <linux/grinternal.h>
130004 +
130005 +void
130006 +gr_log_remount(const char *devname, const int retval)
130007 +{
130008 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
130009 + if (grsec_enable_mount && (retval >= 0))
130010 + gr_log_str(GR_DO_AUDIT, GR_REMOUNT_AUDIT_MSG, devname ? devname : "none");
130011 +#endif
130012 + return;
130013 +}
130014 +
130015 +void
130016 +gr_log_unmount(const char *devname, const int retval)
130017 +{
130018 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
130019 + if (grsec_enable_mount && (retval >= 0))
130020 + gr_log_str(GR_DO_AUDIT, GR_UNMOUNT_AUDIT_MSG, devname ? devname : "none");
130021 +#endif
130022 + return;
130023 +}
130024 +
130025 +void
130026 +gr_log_mount(const char *from, struct path *to, const int retval)
130027 +{
130028 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
130029 + if (grsec_enable_mount && (retval >= 0))
130030 + gr_log_str_fs(GR_DO_AUDIT, GR_MOUNT_AUDIT_MSG, from ? from : "none", to->dentry, to->mnt);
130031 +#endif
130032 + return;
130033 +}
130034 +
130035 +int
130036 +gr_handle_rofs_mount(struct dentry *dentry, struct vfsmount *mnt, int mnt_flags)
130037 +{
130038 +#ifdef CONFIG_GRKERNSEC_ROFS
130039 + if (grsec_enable_rofs && !(mnt_flags & MNT_READONLY)) {
130040 + gr_log_fs_generic(GR_DO_AUDIT, GR_ROFS_MOUNT_MSG, dentry, mnt);
130041 + return -EPERM;
130042 + } else
130043 + return 0;
130044 +#endif
130045 + return 0;
130046 +}
130047 +
130048 +int
130049 +gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode)
130050 +{
130051 +#ifdef CONFIG_GRKERNSEC_ROFS
130052 + struct inode *inode = d_backing_inode(dentry);
130053 +
130054 + if (grsec_enable_rofs && (acc_mode & MAY_WRITE) &&
130055 + inode && (S_ISBLK(inode->i_mode) || (S_ISCHR(inode->i_mode) && imajor(inode) == RAW_MAJOR))) {
130056 + gr_log_fs_generic(GR_DO_AUDIT, GR_ROFS_BLOCKWRITE_MSG, dentry, mnt);
130057 + return -EPERM;
130058 + } else
130059 + return 0;
130060 +#endif
130061 + return 0;
130062 +}
130063 diff --git a/grsecurity/grsec_pax.c b/grsecurity/grsec_pax.c
130064 new file mode 100644
130065 index 0000000..2ad7b96
130066 --- /dev/null
130067 +++ b/grsecurity/grsec_pax.c
130068 @@ -0,0 +1,47 @@
130069 +#include <linux/kernel.h>
130070 +#include <linux/sched.h>
130071 +#include <linux/mm.h>
130072 +#include <linux/file.h>
130073 +#include <linux/grinternal.h>
130074 +#include <linux/grsecurity.h>
130075 +
130076 +void
130077 +gr_log_textrel(struct vm_area_struct * vma, bool is_textrel_rw)
130078 +{
130079 +#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
130080 + if (grsec_enable_log_rwxmaps)
130081 + gr_log_textrel_ulong_ulong(GR_DONT_AUDIT, GR_TEXTREL_AUDIT_MSG,
130082 + is_textrel_rw ? "executable to writable" : "writable to executable",
130083 + vma->vm_file, vma->vm_start, vma->vm_pgoff);
130084 +#endif
130085 + return;
130086 +}
130087 +
130088 +void gr_log_ptgnustack(struct file *file)
130089 +{
130090 +#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
130091 + if (grsec_enable_log_rwxmaps)
130092 + gr_log_rwxmap(GR_DONT_AUDIT, GR_PTGNUSTACK_MSG, file);
130093 +#endif
130094 + return;
130095 +}
130096 +
130097 +void
130098 +gr_log_rwxmmap(struct file *file)
130099 +{
130100 +#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
130101 + if (grsec_enable_log_rwxmaps)
130102 + gr_log_rwxmap(GR_DONT_AUDIT, GR_RWXMMAP_MSG, file);
130103 +#endif
130104 + return;
130105 +}
130106 +
130107 +void
130108 +gr_log_rwxmprotect(struct vm_area_struct *vma)
130109 +{
130110 +#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
130111 + if (grsec_enable_log_rwxmaps)
130112 + gr_log_rwxmap_vma(GR_DONT_AUDIT, GR_RWXMPROTECT_MSG, vma);
130113 +#endif
130114 + return;
130115 +}
130116 diff --git a/grsecurity/grsec_proc.c b/grsecurity/grsec_proc.c
130117 new file mode 100644
130118 index 0000000..2005a3a
130119 --- /dev/null
130120 +++ b/grsecurity/grsec_proc.c
130121 @@ -0,0 +1,20 @@
130122 +#include <linux/kernel.h>
130123 +#include <linux/sched.h>
130124 +#include <linux/grsecurity.h>
130125 +#include <linux/grinternal.h>
130126 +
130127 +int gr_proc_is_restricted(void)
130128 +{
130129 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
130130 + const struct cred *cred = current_cred();
130131 +#endif
130132 +
130133 +#ifdef CONFIG_GRKERNSEC_PROC_USER
130134 + if (!uid_eq(cred->fsuid, GLOBAL_ROOT_UID))
130135 + return -EACCES;
130136 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
130137 + if (!uid_eq(cred->fsuid, GLOBAL_ROOT_UID) && !in_group_p(grsec_proc_gid))
130138 + return -EACCES;
130139 +#endif
130140 + return 0;
130141 +}
130142 diff --git a/grsecurity/grsec_ptrace.c b/grsecurity/grsec_ptrace.c
130143 new file mode 100644
130144 index 0000000..304c518
130145 --- /dev/null
130146 +++ b/grsecurity/grsec_ptrace.c
130147 @@ -0,0 +1,30 @@
130148 +#include <linux/kernel.h>
130149 +#include <linux/sched.h>
130150 +#include <linux/grinternal.h>
130151 +#include <linux/security.h>
130152 +
130153 +void
130154 +gr_audit_ptrace(struct task_struct *task)
130155 +{
130156 +#ifdef CONFIG_GRKERNSEC_AUDIT_PTRACE
130157 + if (grsec_enable_audit_ptrace)
130158 + gr_log_ptrace(GR_DO_AUDIT, GR_PTRACE_AUDIT_MSG, task);
130159 +#endif
130160 + return;
130161 +}
130162 +
130163 +int
130164 +gr_ptrace_readexec(struct file *file, int unsafe_flags)
130165 +{
130166 +#ifdef CONFIG_GRKERNSEC_PTRACE_READEXEC
130167 + const struct dentry *dentry = file->f_path.dentry;
130168 + const struct vfsmount *mnt = file->f_path.mnt;
130169 +
130170 + if (grsec_enable_ptrace_readexec && (unsafe_flags & LSM_UNSAFE_PTRACE) &&
130171 + (inode_permission(d_backing_inode(dentry), MAY_READ) || !gr_acl_handle_open(dentry, mnt, MAY_READ))) {
130172 + gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_READEXEC_MSG, dentry, mnt);
130173 + return -EACCES;
130174 + }
130175 +#endif
130176 + return 0;
130177 +}
130178 diff --git a/grsecurity/grsec_sig.c b/grsecurity/grsec_sig.c
130179 new file mode 100644
130180 index 0000000..f072c9d
130181 --- /dev/null
130182 +++ b/grsecurity/grsec_sig.c
130183 @@ -0,0 +1,248 @@
130184 +#include <linux/kernel.h>
130185 +#include <linux/sched.h>
130186 +#include <linux/fs.h>
130187 +#include <linux/delay.h>
130188 +#include <linux/grsecurity.h>
130189 +#include <linux/grinternal.h>
130190 +#include <linux/hardirq.h>
130191 +#include <asm/pgtable.h>
130192 +
130193 +char *signames[] = {
130194 + [SIGSEGV] = "Segmentation fault",
130195 + [SIGILL] = "Illegal instruction",
130196 + [SIGABRT] = "Abort",
130197 + [SIGBUS] = "Invalid alignment/Bus error"
130198 +};
130199 +
130200 +void
130201 +gr_log_signal(const int sig, const void *addr, const struct task_struct *t)
130202 +{
130203 +#ifdef CONFIG_GRKERNSEC_SIGNAL
130204 + if (grsec_enable_signal && ((sig == SIGSEGV) || (sig == SIGILL) ||
130205 + (sig == SIGABRT) || (sig == SIGBUS))) {
130206 + if (task_pid_nr(t) == task_pid_nr(current)) {
130207 + gr_log_sig_addr(GR_DONT_AUDIT_GOOD, GR_UNISIGLOG_MSG, signames[sig], addr);
130208 + } else {
130209 + gr_log_sig_task(GR_DONT_AUDIT_GOOD, GR_DUALSIGLOG_MSG, t, sig);
130210 + }
130211 + }
130212 +#endif
130213 + return;
130214 +}
130215 +
130216 +int
130217 +gr_handle_signal(const struct task_struct *p, const int sig)
130218 +{
130219 +#ifdef CONFIG_GRKERNSEC
130220 + /* ignore the 0 signal for protected task checks */
130221 + if (task_pid_nr(current) > 1 && sig && gr_check_protected_task(p)) {
130222 + gr_log_sig_task(GR_DONT_AUDIT, GR_SIG_ACL_MSG, p, sig);
130223 + return -EPERM;
130224 + } else if (gr_pid_is_chrooted((struct task_struct *)p)) {
130225 + return -EPERM;
130226 + }
130227 +#endif
130228 + return 0;
130229 +}
130230 +
130231 +#ifdef CONFIG_GRKERNSEC
130232 +extern int specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t);
130233 +
130234 +int gr_fake_force_sig(int sig, struct task_struct *t)
130235 +{
130236 + unsigned long int flags;
130237 + int ret, blocked, ignored;
130238 + struct k_sigaction *action;
130239 +
130240 + spin_lock_irqsave(&t->sighand->siglock, flags);
130241 + action = &t->sighand->action[sig-1];
130242 + ignored = action->sa.sa_handler == SIG_IGN;
130243 + blocked = sigismember(&t->blocked, sig);
130244 + if (blocked || ignored) {
130245 + action->sa.sa_handler = SIG_DFL;
130246 + if (blocked) {
130247 + sigdelset(&t->blocked, sig);
130248 + recalc_sigpending_and_wake(t);
130249 + }
130250 + }
130251 + if (action->sa.sa_handler == SIG_DFL)
130252 + t->signal->flags &= ~SIGNAL_UNKILLABLE;
130253 + ret = specific_send_sig_info(sig, SEND_SIG_PRIV, t);
130254 +
130255 + spin_unlock_irqrestore(&t->sighand->siglock, flags);
130256 +
130257 + return ret;
130258 +}
130259 +#endif
130260 +
130261 +#define GR_USER_BAN_TIME (15 * 60)
130262 +#define GR_DAEMON_BRUTE_TIME (30 * 60)
130263 +
130264 +void gr_handle_brute_attach(int dumpable)
130265 +{
130266 +#ifdef CONFIG_GRKERNSEC_BRUTE
130267 + struct task_struct *p = current;
130268 + kuid_t uid = GLOBAL_ROOT_UID;
130269 + int is_priv = 0;
130270 + int daemon = 0;
130271 +
130272 + if (!grsec_enable_brute)
130273 + return;
130274 +
130275 + if (is_privileged_binary(p->mm->exe_file->f_path.dentry))
130276 + is_priv = 1;
130277 +
130278 + rcu_read_lock();
130279 + read_lock(&tasklist_lock);
130280 + read_lock(&grsec_exec_file_lock);
130281 + if (!is_priv && p->real_parent && gr_is_same_file(p->real_parent->exec_file, p->exec_file)) {
130282 + p->real_parent->brute_expires = get_seconds() + GR_DAEMON_BRUTE_TIME;
130283 + p->real_parent->brute = 1;
130284 + daemon = 1;
130285 + } else {
130286 + const struct cred *cred = __task_cred(p), *cred2;
130287 + struct task_struct *tsk, *tsk2;
130288 +
130289 + if (dumpable != SUID_DUMP_USER && gr_is_global_nonroot(cred->uid)) {
130290 + struct user_struct *user;
130291 +
130292 + uid = cred->uid;
130293 +
130294 + /* this is put upon execution past expiration */
130295 + user = find_user(uid);
130296 + if (user == NULL)
130297 + goto unlock;
130298 + user->sugid_banned = 1;
130299 + user->sugid_ban_expires = get_seconds() + GR_USER_BAN_TIME;
130300 + if (user->sugid_ban_expires == ~0UL)
130301 + user->sugid_ban_expires--;
130302 +
130303 + /* only kill other threads of the same binary, from the same user */
130304 + do_each_thread(tsk2, tsk) {
130305 + cred2 = __task_cred(tsk);
130306 + if (tsk != p && uid_eq(cred2->uid, uid) && gr_is_same_file(tsk->exec_file, p->exec_file))
130307 + gr_fake_force_sig(SIGKILL, tsk);
130308 + } while_each_thread(tsk2, tsk);
130309 + }
130310 + }
130311 +unlock:
130312 + read_unlock(&grsec_exec_file_lock);
130313 + read_unlock(&tasklist_lock);
130314 + rcu_read_unlock();
130315 +
130316 + if (gr_is_global_nonroot(uid))
130317 + gr_log_fs_int2(GR_DONT_AUDIT, GR_BRUTE_SUID_MSG, p->exec_file->f_path.dentry, p->exec_file->f_path.mnt, GR_GLOBAL_UID(uid), GR_USER_BAN_TIME / 60);
130318 + else if (daemon)
130319 + gr_log_noargs(GR_DONT_AUDIT, GR_BRUTE_DAEMON_MSG);
130320 +
130321 +#endif
130322 + return;
130323 +}
130324 +
130325 +void gr_handle_brute_check(void)
130326 +{
130327 +#ifdef CONFIG_GRKERNSEC_BRUTE
130328 + struct task_struct *p = current;
130329 +
130330 + if (unlikely(p->brute)) {
130331 + if (!grsec_enable_brute)
130332 + p->brute = 0;
130333 + else if (time_before(get_seconds(), p->brute_expires))
130334 + msleep(30 * 1000);
130335 + }
130336 +#endif
130337 + return;
130338 +}
130339 +
130340 +void gr_handle_kernel_exploit(void)
130341 +{
130342 +#ifdef CONFIG_GRKERNSEC_KERN_LOCKOUT
130343 + static unsigned int num_banned_users __read_only;
130344 + const struct cred *cred;
130345 + struct task_struct *tsk, *tsk2;
130346 + struct user_struct *user;
130347 + kuid_t uid;
130348 +
130349 + if (in_irq() || in_serving_softirq() || in_nmi())
130350 + panic("grsec: halting the system due to suspicious kernel crash caused in interrupt context");
130351 +
130352 + uid = current_uid();
130353 +
130354 + if (gr_is_global_root(uid))
130355 + panic("grsec: halting the system due to suspicious kernel crash caused by root");
130356 + else {
130357 + pax_open_kernel();
130358 + num_banned_users++;
130359 + pax_close_kernel();
130360 + if (num_banned_users > 8)
130361 + panic("grsec: halting the system due to suspicious kernel crash caused by a large number of different users");
130362 +
130363 + /* kill all the processes of this user, hold a reference
130364 + to their creds struct, and prevent them from creating
130365 + another process until system reset
130366 + */
130367 + printk(KERN_ALERT "grsec: banning user with uid %u until system restart for suspicious kernel crash\n",
130368 + GR_GLOBAL_UID(uid));
130369 + /* we intentionally leak this ref */
130370 + user = get_uid(current->cred->user);
130371 + if (user)
130372 + user->kernel_banned = 1;
130373 +
130374 + /* kill all processes of this user */
130375 + read_lock(&tasklist_lock);
130376 + do_each_thread(tsk2, tsk) {
130377 + cred = __task_cred(tsk);
130378 + if (uid_eq(cred->uid, uid))
130379 + gr_fake_force_sig(SIGKILL, tsk);
130380 + } while_each_thread(tsk2, tsk);
130381 + read_unlock(&tasklist_lock);
130382 + }
130383 +#endif
130384 +}
130385 +
130386 +#ifdef CONFIG_GRKERNSEC_BRUTE
130387 +static bool sugid_ban_expired(struct user_struct *user)
130388 +{
130389 + if (user->sugid_ban_expires != ~0UL && time_after_eq(get_seconds(), user->sugid_ban_expires)) {
130390 + user->sugid_banned = 0;
130391 + user->sugid_ban_expires = 0;
130392 + free_uid(user);
130393 + return true;
130394 + }
130395 +
130396 + return false;
130397 +}
130398 +#endif
130399 +
130400 +int gr_process_kernel_exec_ban(void)
130401 +{
130402 +#ifdef CONFIG_GRKERNSEC_KERN_LOCKOUT
130403 + if (unlikely(current->cred->user->kernel_banned))
130404 + return -EPERM;
130405 +#endif
130406 + return 0;
130407 +}
130408 +
130409 +int gr_process_kernel_setuid_ban(struct user_struct *user)
130410 +{
130411 +#ifdef CONFIG_GRKERNSEC_KERN_LOCKOUT
130412 + if (unlikely(user->kernel_banned))
130413 + gr_fake_force_sig(SIGKILL, current);
130414 +#endif
130415 + return 0;
130416 +}
130417 +
130418 +int gr_process_sugid_exec_ban(const struct linux_binprm *bprm)
130419 +{
130420 +#ifdef CONFIG_GRKERNSEC_BRUTE
130421 + struct user_struct *user = current->cred->user;
130422 + if (unlikely(user->sugid_banned)) {
130423 + if (sugid_ban_expired(user))
130424 + return 0;
130425 + /* disallow execution of suid/sgid binaries only */
130426 + else if (is_privileged_binary(bprm->file->f_path.dentry))
130427 + return -EPERM;
130428 + }
130429 +#endif
130430 + return 0;
130431 +}
130432 diff --git a/grsecurity/grsec_sock.c b/grsecurity/grsec_sock.c
130433 new file mode 100644
130434 index 0000000..3cdd946
130435 --- /dev/null
130436 +++ b/grsecurity/grsec_sock.c
130437 @@ -0,0 +1,244 @@
130438 +#include <linux/kernel.h>
130439 +#include <linux/module.h>
130440 +#include <linux/sched.h>
130441 +#include <linux/file.h>
130442 +#include <linux/net.h>
130443 +#include <linux/in.h>
130444 +#include <linux/ip.h>
130445 +#include <net/sock.h>
130446 +#include <net/inet_sock.h>
130447 +#include <linux/grsecurity.h>
130448 +#include <linux/grinternal.h>
130449 +#include <linux/gracl.h>
130450 +
130451 +extern int gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb);
130452 +extern int gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr);
130453 +
130454 +EXPORT_SYMBOL_GPL(gr_search_udp_recvmsg);
130455 +EXPORT_SYMBOL_GPL(gr_search_udp_sendmsg);
130456 +
130457 +#ifdef CONFIG_UNIX_MODULE
130458 +EXPORT_SYMBOL_GPL(gr_acl_handle_unix);
130459 +EXPORT_SYMBOL_GPL(gr_acl_handle_mknod);
130460 +EXPORT_SYMBOL_GPL(gr_handle_chroot_unix);
130461 +EXPORT_SYMBOL_GPL(gr_handle_create);
130462 +#endif
130463 +
130464 +#ifdef CONFIG_GRKERNSEC
130465 +#define gr_conn_table_size 32749
130466 +struct conn_table_entry {
130467 + struct conn_table_entry *next;
130468 + struct signal_struct *sig;
130469 +};
130470 +
130471 +struct conn_table_entry *gr_conn_table[gr_conn_table_size];
130472 +DEFINE_SPINLOCK(gr_conn_table_lock);
130473 +
130474 +extern const char * gr_socktype_to_name(unsigned char type);
130475 +extern const char * gr_proto_to_name(unsigned char proto);
130476 +extern const char * gr_sockfamily_to_name(unsigned char family);
130477 +
130478 +static int
130479 +conn_hash(__u32 saddr, __u32 daddr, __u16 sport, __u16 dport, unsigned int size)
130480 +{
130481 + return ((daddr + saddr + (sport << 8) + (dport << 16)) % size);
130482 +}
130483 +
130484 +static int
130485 +conn_match(const struct signal_struct *sig, __u32 saddr, __u32 daddr,
130486 + __u16 sport, __u16 dport)
130487 +{
130488 + if (unlikely(sig->gr_saddr == saddr && sig->gr_daddr == daddr &&
130489 + sig->gr_sport == sport && sig->gr_dport == dport))
130490 + return 1;
130491 + else
130492 + return 0;
130493 +}
130494 +
130495 +static void gr_add_to_task_ip_table_nolock(struct signal_struct *sig, struct conn_table_entry *newent)
130496 +{
130497 + struct conn_table_entry **match;
130498 + unsigned int index;
130499 +
130500 + index = conn_hash(sig->gr_saddr, sig->gr_daddr,
130501 + sig->gr_sport, sig->gr_dport,
130502 + gr_conn_table_size);
130503 +
130504 + newent->sig = sig;
130505 +
130506 + match = &gr_conn_table[index];
130507 + newent->next = *match;
130508 + *match = newent;
130509 +
130510 + return;
130511 +}
130512 +
130513 +static void gr_del_task_from_ip_table_nolock(struct signal_struct *sig)
130514 +{
130515 + struct conn_table_entry *match, *last = NULL;
130516 + unsigned int index;
130517 +
130518 + index = conn_hash(sig->gr_saddr, sig->gr_daddr,
130519 + sig->gr_sport, sig->gr_dport,
130520 + gr_conn_table_size);
130521 +
130522 + match = gr_conn_table[index];
130523 + while (match && !conn_match(match->sig,
130524 + sig->gr_saddr, sig->gr_daddr, sig->gr_sport,
130525 + sig->gr_dport)) {
130526 + last = match;
130527 + match = match->next;
130528 + }
130529 +
130530 + if (match) {
130531 + if (last)
130532 + last->next = match->next;
130533 + else
130534 + gr_conn_table[index] = NULL;
130535 + kfree(match);
130536 + }
130537 +
130538 + return;
130539 +}
130540 +
130541 +static struct signal_struct * gr_lookup_task_ip_table(__u32 saddr, __u32 daddr,
130542 + __u16 sport, __u16 dport)
130543 +{
130544 + struct conn_table_entry *match;
130545 + unsigned int index;
130546 +
130547 + index = conn_hash(saddr, daddr, sport, dport, gr_conn_table_size);
130548 +
130549 + match = gr_conn_table[index];
130550 + while (match && !conn_match(match->sig, saddr, daddr, sport, dport))
130551 + match = match->next;
130552 +
130553 + if (match)
130554 + return match->sig;
130555 + else
130556 + return NULL;
130557 +}
130558 +
130559 +#endif
130560 +
130561 +void gr_update_task_in_ip_table(const struct inet_sock *inet)
130562 +{
130563 +#ifdef CONFIG_GRKERNSEC
130564 + struct signal_struct *sig = current->signal;
130565 + struct conn_table_entry *newent;
130566 +
130567 + newent = kmalloc(sizeof(struct conn_table_entry), GFP_ATOMIC);
130568 + if (newent == NULL)
130569 + return;
130570 + /* no bh lock needed since we are called with bh disabled */
130571 + spin_lock(&gr_conn_table_lock);
130572 + gr_del_task_from_ip_table_nolock(sig);
130573 + sig->gr_saddr = inet->inet_rcv_saddr;
130574 + sig->gr_daddr = inet->inet_daddr;
130575 + sig->gr_sport = inet->inet_sport;
130576 + sig->gr_dport = inet->inet_dport;
130577 + gr_add_to_task_ip_table_nolock(sig, newent);
130578 + spin_unlock(&gr_conn_table_lock);
130579 +#endif
130580 + return;
130581 +}
130582 +
130583 +void gr_del_task_from_ip_table(struct task_struct *task)
130584 +{
130585 +#ifdef CONFIG_GRKERNSEC
130586 + spin_lock_bh(&gr_conn_table_lock);
130587 + gr_del_task_from_ip_table_nolock(task->signal);
130588 + spin_unlock_bh(&gr_conn_table_lock);
130589 +#endif
130590 + return;
130591 +}
130592 +
130593 +void
130594 +gr_attach_curr_ip(const struct sock *sk)
130595 +{
130596 +#ifdef CONFIG_GRKERNSEC
130597 + struct signal_struct *p, *set;
130598 + const struct inet_sock *inet = inet_sk(sk);
130599 +
130600 + if (unlikely(sk->sk_protocol != IPPROTO_TCP))
130601 + return;
130602 +
130603 + set = current->signal;
130604 +
130605 + spin_lock_bh(&gr_conn_table_lock);
130606 + p = gr_lookup_task_ip_table(inet->inet_daddr, inet->inet_rcv_saddr,
130607 + inet->inet_dport, inet->inet_sport);
130608 + if (unlikely(p != NULL)) {
130609 + set->curr_ip = p->curr_ip;
130610 + set->used_accept = 1;
130611 + gr_del_task_from_ip_table_nolock(p);
130612 + spin_unlock_bh(&gr_conn_table_lock);
130613 + return;
130614 + }
130615 + spin_unlock_bh(&gr_conn_table_lock);
130616 +
130617 + set->curr_ip = inet->inet_daddr;
130618 + set->used_accept = 1;
130619 +#endif
130620 + return;
130621 +}
130622 +
130623 +int
130624 +gr_handle_sock_all(const int family, const int type, const int protocol)
130625 +{
130626 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
130627 + if (grsec_enable_socket_all && in_group_p(grsec_socket_all_gid) &&
130628 + (family != AF_UNIX)) {
130629 + if (family == AF_INET)
130630 + gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, gr_sockfamily_to_name(family), gr_socktype_to_name(type), gr_proto_to_name(protocol));
130631 + else
130632 + gr_log_str2_int(GR_DONT_AUDIT, GR_SOCK_NOINET_MSG, gr_sockfamily_to_name(family), gr_socktype_to_name(type), protocol);
130633 + return -EACCES;
130634 + }
130635 +#endif
130636 + return 0;
130637 +}
130638 +
130639 +int
130640 +gr_handle_sock_server(const struct sockaddr *sck)
130641 +{
130642 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
130643 + if (grsec_enable_socket_server &&
130644 + in_group_p(grsec_socket_server_gid) &&
130645 + sck && (sck->sa_family != AF_UNIX) &&
130646 + (sck->sa_family != AF_LOCAL)) {
130647 + gr_log_noargs(GR_DONT_AUDIT, GR_BIND_MSG);
130648 + return -EACCES;
130649 + }
130650 +#endif
130651 + return 0;
130652 +}
130653 +
130654 +int
130655 +gr_handle_sock_server_other(const struct sock *sck)
130656 +{
130657 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
130658 + if (grsec_enable_socket_server &&
130659 + in_group_p(grsec_socket_server_gid) &&
130660 + sck && (sck->sk_family != AF_UNIX) &&
130661 + (sck->sk_family != AF_LOCAL)) {
130662 + gr_log_noargs(GR_DONT_AUDIT, GR_BIND_MSG);
130663 + return -EACCES;
130664 + }
130665 +#endif
130666 + return 0;
130667 +}
130668 +
130669 +int
130670 +gr_handle_sock_client(const struct sockaddr *sck)
130671 +{
130672 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
130673 + if (grsec_enable_socket_client && in_group_p(grsec_socket_client_gid) &&
130674 + sck && (sck->sa_family != AF_UNIX) &&
130675 + (sck->sa_family != AF_LOCAL)) {
130676 + gr_log_noargs(GR_DONT_AUDIT, GR_CONNECT_MSG);
130677 + return -EACCES;
130678 + }
130679 +#endif
130680 + return 0;
130681 +}
130682 diff --git a/grsecurity/grsec_sysctl.c b/grsecurity/grsec_sysctl.c
130683 new file mode 100644
130684 index 0000000..4f673f8
130685 --- /dev/null
130686 +++ b/grsecurity/grsec_sysctl.c
130687 @@ -0,0 +1,497 @@
130688 +#include <linux/kernel.h>
130689 +#include <linux/sched.h>
130690 +#include <linux/sysctl.h>
130691 +#include <linux/grsecurity.h>
130692 +#include <linux/grinternal.h>
130693 +
130694 +int
130695 +gr_handle_sysctl_mod(const char *dirname, const char *name, const int op)
130696 +{
130697 +#ifdef CONFIG_GRKERNSEC_SYSCTL
130698 + if (dirname == NULL || name == NULL)
130699 + return 0;
130700 + if (!strcmp(dirname, "grsecurity") && grsec_lock && (op & MAY_WRITE)) {
130701 + gr_log_str(GR_DONT_AUDIT, GR_SYSCTL_MSG, name);
130702 + return -EACCES;
130703 + }
130704 +#endif
130705 + return 0;
130706 +}
130707 +
130708 +#if defined(CONFIG_GRKERNSEC_ROFS) || defined(CONFIG_GRKERNSEC_DENYUSB)
130709 +static int __maybe_unused __read_only one = 1;
130710 +#endif
130711 +
130712 +#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS) || \
130713 + defined(CONFIG_GRKERNSEC_DENYUSB)
130714 +struct ctl_table grsecurity_table[] = {
130715 +#ifdef CONFIG_GRKERNSEC_SYSCTL
130716 +#ifdef CONFIG_GRKERNSEC_SYSCTL_DISTRO
130717 +#ifdef CONFIG_GRKERNSEC_IO
130718 + {
130719 + .procname = "disable_priv_io",
130720 + .data = &grsec_disable_privio,
130721 + .maxlen = sizeof(int),
130722 + .mode = 0600,
130723 + .proc_handler = &proc_dointvec_secure,
130724 + },
130725 +#endif
130726 +#endif
130727 +#ifdef CONFIG_GRKERNSEC_LINK
130728 + {
130729 + .procname = "linking_restrictions",
130730 + .data = &grsec_enable_link,
130731 + .maxlen = sizeof(int),
130732 + .mode = 0600,
130733 + .proc_handler = &proc_dointvec_secure,
130734 + },
130735 +#endif
130736 +#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
130737 + {
130738 + .procname = "enforce_symlinksifowner",
130739 + .data = &grsec_enable_symlinkown,
130740 + .maxlen = sizeof(int),
130741 + .mode = 0600,
130742 + .proc_handler = &proc_dointvec_secure,
130743 + },
130744 + {
130745 + .procname = "symlinkown_gid",
130746 + .data = &grsec_symlinkown_gid,
130747 + .maxlen = sizeof(int),
130748 + .mode = 0600,
130749 + .proc_handler = &proc_dointvec_secure,
130750 + },
130751 +#endif
130752 +#ifdef CONFIG_GRKERNSEC_BRUTE
130753 + {
130754 + .procname = "deter_bruteforce",
130755 + .data = &grsec_enable_brute,
130756 + .maxlen = sizeof(int),
130757 + .mode = 0600,
130758 + .proc_handler = &proc_dointvec_secure,
130759 + },
130760 +#endif
130761 +#ifdef CONFIG_GRKERNSEC_FIFO
130762 + {
130763 + .procname = "fifo_restrictions",
130764 + .data = &grsec_enable_fifo,
130765 + .maxlen = sizeof(int),
130766 + .mode = 0600,
130767 + .proc_handler = &proc_dointvec_secure,
130768 + },
130769 +#endif
130770 +#ifdef CONFIG_GRKERNSEC_PTRACE_READEXEC
130771 + {
130772 + .procname = "ptrace_readexec",
130773 + .data = &grsec_enable_ptrace_readexec,
130774 + .maxlen = sizeof(int),
130775 + .mode = 0600,
130776 + .proc_handler = &proc_dointvec_secure,
130777 + },
130778 +#endif
130779 +#ifdef CONFIG_GRKERNSEC_SETXID
130780 + {
130781 + .procname = "consistent_setxid",
130782 + .data = &grsec_enable_setxid,
130783 + .maxlen = sizeof(int),
130784 + .mode = 0600,
130785 + .proc_handler = &proc_dointvec_secure,
130786 + },
130787 +#endif
130788 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
130789 + {
130790 + .procname = "ip_blackhole",
130791 + .data = &grsec_enable_blackhole,
130792 + .maxlen = sizeof(int),
130793 + .mode = 0600,
130794 + .proc_handler = &proc_dointvec_secure,
130795 + },
130796 + {
130797 + .procname = "lastack_retries",
130798 + .data = &grsec_lastack_retries,
130799 + .maxlen = sizeof(int),
130800 + .mode = 0600,
130801 + .proc_handler = &proc_dointvec_secure,
130802 + },
130803 +#endif
130804 +#ifdef CONFIG_GRKERNSEC_EXECLOG
130805 + {
130806 + .procname = "exec_logging",
130807 + .data = &grsec_enable_execlog,
130808 + .maxlen = sizeof(int),
130809 + .mode = 0600,
130810 + .proc_handler = &proc_dointvec_secure,
130811 + },
130812 +#endif
130813 +#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
130814 + {
130815 + .procname = "rwxmap_logging",
130816 + .data = &grsec_enable_log_rwxmaps,
130817 + .maxlen = sizeof(int),
130818 + .mode = 0600,
130819 + .proc_handler = &proc_dointvec_secure,
130820 + },
130821 +#endif
130822 +#ifdef CONFIG_GRKERNSEC_SIGNAL
130823 + {
130824 + .procname = "signal_logging",
130825 + .data = &grsec_enable_signal,
130826 + .maxlen = sizeof(int),
130827 + .mode = 0600,
130828 + .proc_handler = &proc_dointvec_secure,
130829 + },
130830 +#endif
130831 +#ifdef CONFIG_GRKERNSEC_FORKFAIL
130832 + {
130833 + .procname = "forkfail_logging",
130834 + .data = &grsec_enable_forkfail,
130835 + .maxlen = sizeof(int),
130836 + .mode = 0600,
130837 + .proc_handler = &proc_dointvec_secure,
130838 + },
130839 +#endif
130840 +#ifdef CONFIG_GRKERNSEC_TIME
130841 + {
130842 + .procname = "timechange_logging",
130843 + .data = &grsec_enable_time,
130844 + .maxlen = sizeof(int),
130845 + .mode = 0600,
130846 + .proc_handler = &proc_dointvec_secure,
130847 + },
130848 +#endif
130849 +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
130850 + {
130851 + .procname = "chroot_deny_shmat",
130852 + .data = &grsec_enable_chroot_shmat,
130853 + .maxlen = sizeof(int),
130854 + .mode = 0600,
130855 + .proc_handler = &proc_dointvec_secure,
130856 + },
130857 +#endif
130858 +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
130859 + {
130860 + .procname = "chroot_deny_unix",
130861 + .data = &grsec_enable_chroot_unix,
130862 + .maxlen = sizeof(int),
130863 + .mode = 0600,
130864 + .proc_handler = &proc_dointvec_secure,
130865 + },
130866 +#endif
130867 +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
130868 + {
130869 + .procname = "chroot_deny_mount",
130870 + .data = &grsec_enable_chroot_mount,
130871 + .maxlen = sizeof(int),
130872 + .mode = 0600,
130873 + .proc_handler = &proc_dointvec_secure,
130874 + },
130875 +#endif
130876 +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
130877 + {
130878 + .procname = "chroot_deny_fchdir",
130879 + .data = &grsec_enable_chroot_fchdir,
130880 + .maxlen = sizeof(int),
130881 + .mode = 0600,
130882 + .proc_handler = &proc_dointvec_secure,
130883 + },
130884 +#endif
130885 +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
130886 + {
130887 + .procname = "chroot_deny_chroot",
130888 + .data = &grsec_enable_chroot_double,
130889 + .maxlen = sizeof(int),
130890 + .mode = 0600,
130891 + .proc_handler = &proc_dointvec_secure,
130892 + },
130893 +#endif
130894 +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
130895 + {
130896 + .procname = "chroot_deny_pivot",
130897 + .data = &grsec_enable_chroot_pivot,
130898 + .maxlen = sizeof(int),
130899 + .mode = 0600,
130900 + .proc_handler = &proc_dointvec_secure,
130901 + },
130902 +#endif
130903 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
130904 + {
130905 + .procname = "chroot_enforce_chdir",
130906 + .data = &grsec_enable_chroot_chdir,
130907 + .maxlen = sizeof(int),
130908 + .mode = 0600,
130909 + .proc_handler = &proc_dointvec_secure,
130910 + },
130911 +#endif
130912 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
130913 + {
130914 + .procname = "chroot_deny_chmod",
130915 + .data = &grsec_enable_chroot_chmod,
130916 + .maxlen = sizeof(int),
130917 + .mode = 0600,
130918 + .proc_handler = &proc_dointvec_secure,
130919 + },
130920 +#endif
130921 +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
130922 + {
130923 + .procname = "chroot_deny_mknod",
130924 + .data = &grsec_enable_chroot_mknod,
130925 + .maxlen = sizeof(int),
130926 + .mode = 0600,
130927 + .proc_handler = &proc_dointvec_secure,
130928 + },
130929 +#endif
130930 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
130931 + {
130932 + .procname = "chroot_restrict_nice",
130933 + .data = &grsec_enable_chroot_nice,
130934 + .maxlen = sizeof(int),
130935 + .mode = 0600,
130936 + .proc_handler = &proc_dointvec_secure,
130937 + },
130938 +#endif
130939 +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
130940 + {
130941 + .procname = "chroot_execlog",
130942 + .data = &grsec_enable_chroot_execlog,
130943 + .maxlen = sizeof(int),
130944 + .mode = 0600,
130945 + .proc_handler = &proc_dointvec_secure,
130946 + },
130947 +#endif
130948 +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
130949 + {
130950 + .procname = "chroot_caps",
130951 + .data = &grsec_enable_chroot_caps,
130952 + .maxlen = sizeof(int),
130953 + .mode = 0600,
130954 + .proc_handler = &proc_dointvec_secure,
130955 + },
130956 +#endif
130957 +#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME
130958 + {
130959 + .procname = "chroot_deny_bad_rename",
130960 + .data = &grsec_enable_chroot_rename,
130961 + .maxlen = sizeof(int),
130962 + .mode = 0600,
130963 + .proc_handler = &proc_dointvec_secure,
130964 + },
130965 +#endif
130966 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
130967 + {
130968 + .procname = "chroot_deny_sysctl",
130969 + .data = &grsec_enable_chroot_sysctl,
130970 + .maxlen = sizeof(int),
130971 + .mode = 0600,
130972 + .proc_handler = &proc_dointvec_secure,
130973 + },
130974 +#endif
130975 +#ifdef CONFIG_GRKERNSEC_TPE
130976 + {
130977 + .procname = "tpe",
130978 + .data = &grsec_enable_tpe,
130979 + .maxlen = sizeof(int),
130980 + .mode = 0600,
130981 + .proc_handler = &proc_dointvec_secure,
130982 + },
130983 + {
130984 + .procname = "tpe_gid",
130985 + .data = &grsec_tpe_gid,
130986 + .maxlen = sizeof(int),
130987 + .mode = 0600,
130988 + .proc_handler = &proc_dointvec_secure,
130989 + },
130990 +#endif
130991 +#ifdef CONFIG_GRKERNSEC_TPE_INVERT
130992 + {
130993 + .procname = "tpe_invert",
130994 + .data = &grsec_enable_tpe_invert,
130995 + .maxlen = sizeof(int),
130996 + .mode = 0600,
130997 + .proc_handler = &proc_dointvec_secure,
130998 + },
130999 +#endif
131000 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
131001 + {
131002 + .procname = "tpe_restrict_all",
131003 + .data = &grsec_enable_tpe_all,
131004 + .maxlen = sizeof(int),
131005 + .mode = 0600,
131006 + .proc_handler = &proc_dointvec_secure,
131007 + },
131008 +#endif
131009 +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
131010 + {
131011 + .procname = "socket_all",
131012 + .data = &grsec_enable_socket_all,
131013 + .maxlen = sizeof(int),
131014 + .mode = 0600,
131015 + .proc_handler = &proc_dointvec_secure,
131016 + },
131017 + {
131018 + .procname = "socket_all_gid",
131019 + .data = &grsec_socket_all_gid,
131020 + .maxlen = sizeof(int),
131021 + .mode = 0600,
131022 + .proc_handler = &proc_dointvec_secure,
131023 + },
131024 +#endif
131025 +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
131026 + {
131027 + .procname = "socket_client",
131028 + .data = &grsec_enable_socket_client,
131029 + .maxlen = sizeof(int),
131030 + .mode = 0600,
131031 + .proc_handler = &proc_dointvec_secure,
131032 + },
131033 + {
131034 + .procname = "socket_client_gid",
131035 + .data = &grsec_socket_client_gid,
131036 + .maxlen = sizeof(int),
131037 + .mode = 0600,
131038 + .proc_handler = &proc_dointvec_secure,
131039 + },
131040 +#endif
131041 +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
131042 + {
131043 + .procname = "socket_server",
131044 + .data = &grsec_enable_socket_server,
131045 + .maxlen = sizeof(int),
131046 + .mode = 0600,
131047 + .proc_handler = &proc_dointvec_secure,
131048 + },
131049 + {
131050 + .procname = "socket_server_gid",
131051 + .data = &grsec_socket_server_gid,
131052 + .maxlen = sizeof(int),
131053 + .mode = 0600,
131054 + .proc_handler = &proc_dointvec_secure,
131055 + },
131056 +#endif
131057 +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
131058 + {
131059 + .procname = "audit_group",
131060 + .data = &grsec_enable_group,
131061 + .maxlen = sizeof(int),
131062 + .mode = 0600,
131063 + .proc_handler = &proc_dointvec_secure,
131064 + },
131065 + {
131066 + .procname = "audit_gid",
131067 + .data = &grsec_audit_gid,
131068 + .maxlen = sizeof(int),
131069 + .mode = 0600,
131070 + .proc_handler = &proc_dointvec_secure,
131071 + },
131072 +#endif
131073 +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
131074 + {
131075 + .procname = "audit_chdir",
131076 + .data = &grsec_enable_chdir,
131077 + .maxlen = sizeof(int),
131078 + .mode = 0600,
131079 + .proc_handler = &proc_dointvec_secure,
131080 + },
131081 +#endif
131082 +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
131083 + {
131084 + .procname = "audit_mount",
131085 + .data = &grsec_enable_mount,
131086 + .maxlen = sizeof(int),
131087 + .mode = 0600,
131088 + .proc_handler = &proc_dointvec_secure,
131089 + },
131090 +#endif
131091 +#ifdef CONFIG_GRKERNSEC_DMESG
131092 + {
131093 + .procname = "dmesg",
131094 + .data = &grsec_enable_dmesg,
131095 + .maxlen = sizeof(int),
131096 + .mode = 0600,
131097 + .proc_handler = &proc_dointvec_secure,
131098 + },
131099 +#endif
131100 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
131101 + {
131102 + .procname = "chroot_findtask",
131103 + .data = &grsec_enable_chroot_findtask,
131104 + .maxlen = sizeof(int),
131105 + .mode = 0600,
131106 + .proc_handler = &proc_dointvec_secure,
131107 + },
131108 +#endif
131109 +#ifdef CONFIG_GRKERNSEC_RESLOG
131110 + {
131111 + .procname = "resource_logging",
131112 + .data = &grsec_resource_logging,
131113 + .maxlen = sizeof(int),
131114 + .mode = 0600,
131115 + .proc_handler = &proc_dointvec_secure,
131116 + },
131117 +#endif
131118 +#ifdef CONFIG_GRKERNSEC_AUDIT_PTRACE
131119 + {
131120 + .procname = "audit_ptrace",
131121 + .data = &grsec_enable_audit_ptrace,
131122 + .maxlen = sizeof(int),
131123 + .mode = 0600,
131124 + .proc_handler = &proc_dointvec_secure,
131125 + },
131126 +#endif
131127 +#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE
131128 + {
131129 + .procname = "harden_ptrace",
131130 + .data = &grsec_enable_harden_ptrace,
131131 + .maxlen = sizeof(int),
131132 + .mode = 0600,
131133 + .proc_handler = &proc_dointvec_secure,
131134 + },
131135 +#endif
131136 +#ifdef CONFIG_GRKERNSEC_HARDEN_IPC
131137 + {
131138 + .procname = "harden_ipc",
131139 + .data = &grsec_enable_harden_ipc,
131140 + .maxlen = sizeof(int),
131141 + .mode = 0600,
131142 + .proc_handler = &proc_dointvec_secure,
131143 + },
131144 +#endif
131145 +#ifdef CONFIG_GRKERNSEC_HARDEN_TTY
131146 + {
131147 + .procname = "harden_tty",
131148 + .data = &grsec_enable_harden_tty,
131149 + .maxlen = sizeof(int),
131150 + .mode = 0600,
131151 + .proc_handler = &proc_dointvec_secure,
131152 + },
131153 +#endif
131154 + {
131155 + .procname = "grsec_lock",
131156 + .data = &grsec_lock,
131157 + .maxlen = sizeof(int),
131158 + .mode = 0600,
131159 + .proc_handler = &proc_dointvec_secure,
131160 + },
131161 +#endif
131162 +#ifdef CONFIG_GRKERNSEC_ROFS
131163 + {
131164 + .procname = "romount_protect",
131165 + .data = &grsec_enable_rofs,
131166 + .maxlen = sizeof(int),
131167 + .mode = 0600,
131168 + .proc_handler = &proc_dointvec_minmax_secure,
131169 + .extra1 = &one,
131170 + .extra2 = &one,
131171 + },
131172 +#endif
131173 +#if defined(CONFIG_GRKERNSEC_DENYUSB) && !defined(CONFIG_GRKERNSEC_DENYUSB_FORCE)
131174 + {
131175 + .procname = "deny_new_usb",
131176 + .data = &grsec_deny_new_usb,
131177 + .maxlen = sizeof(int),
131178 + .mode = 0600,
131179 + .proc_handler = &proc_dointvec_secure,
131180 + },
131181 +#endif
131182 + { }
131183 +};
131184 +#endif
131185 diff --git a/grsecurity/grsec_time.c b/grsecurity/grsec_time.c
131186 new file mode 100644
131187 index 0000000..61b514e
131188 --- /dev/null
131189 +++ b/grsecurity/grsec_time.c
131190 @@ -0,0 +1,16 @@
131191 +#include <linux/kernel.h>
131192 +#include <linux/sched.h>
131193 +#include <linux/grinternal.h>
131194 +#include <linux/module.h>
131195 +
131196 +void
131197 +gr_log_timechange(void)
131198 +{
131199 +#ifdef CONFIG_GRKERNSEC_TIME
131200 + if (grsec_enable_time)
131201 + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_TIME_MSG);
131202 +#endif
131203 + return;
131204 +}
131205 +
131206 +EXPORT_SYMBOL_GPL(gr_log_timechange);
131207 diff --git a/grsecurity/grsec_tpe.c b/grsecurity/grsec_tpe.c
131208 new file mode 100644
131209 index 0000000..cbd2776
131210 --- /dev/null
131211 +++ b/grsecurity/grsec_tpe.c
131212 @@ -0,0 +1,78 @@
131213 +#include <linux/kernel.h>
131214 +#include <linux/sched.h>
131215 +#include <linux/file.h>
131216 +#include <linux/fs.h>
131217 +#include <linux/grinternal.h>
131218 +
131219 +extern int gr_acl_tpe_check(void);
131220 +
131221 +int
131222 +gr_tpe_allow(const struct file *file)
131223 +{
131224 +#ifdef CONFIG_GRKERNSEC
131225 + struct inode *inode = d_backing_inode(file->f_path.dentry->d_parent);
131226 + struct inode *file_inode = d_backing_inode(file->f_path.dentry);
131227 + const struct cred *cred = current_cred();
131228 + char *msg = NULL;
131229 + char *msg2 = NULL;
131230 +
131231 + // never restrict root
131232 + if (gr_is_global_root(cred->uid))
131233 + return 1;
131234 +
131235 + if (grsec_enable_tpe) {
131236 +#ifdef CONFIG_GRKERNSEC_TPE_INVERT
131237 + if (grsec_enable_tpe_invert && !in_group_p(grsec_tpe_gid))
131238 + msg = "not being in trusted group";
131239 + else if (!grsec_enable_tpe_invert && in_group_p(grsec_tpe_gid))
131240 + msg = "being in untrusted group";
131241 +#else
131242 + if (in_group_p(grsec_tpe_gid))
131243 + msg = "being in untrusted group";
131244 +#endif
131245 + }
131246 + if (!msg && gr_acl_tpe_check())
131247 + msg = "being in untrusted role";
131248 +
131249 + // not in any affected group/role
131250 + if (!msg)
131251 + goto next_check;
131252 +
131253 + if (gr_is_global_nonroot(inode->i_uid))
131254 + msg2 = "file in non-root-owned directory";
131255 + else if (inode->i_mode & S_IWOTH)
131256 + msg2 = "file in world-writable directory";
131257 + else if ((inode->i_mode & S_IWGRP) && gr_is_global_nonroot_gid(inode->i_gid))
131258 + msg2 = "file in group-writable directory";
131259 + else if (file_inode->i_mode & S_IWOTH)
131260 + msg2 = "file is world-writable";
131261 +
131262 + if (msg && msg2) {
131263 + char fullmsg[70] = {0};
131264 + snprintf(fullmsg, sizeof(fullmsg)-1, "%s and %s", msg, msg2);
131265 + gr_log_str_fs(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, fullmsg, file->f_path.dentry, file->f_path.mnt);
131266 + return 0;
131267 + }
131268 + msg = NULL;
131269 +next_check:
131270 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
131271 + if (!grsec_enable_tpe || !grsec_enable_tpe_all)
131272 + return 1;
131273 +
131274 + if (gr_is_global_nonroot(inode->i_uid) && !uid_eq(inode->i_uid, cred->uid))
131275 + msg = "directory not owned by user";
131276 + else if (inode->i_mode & S_IWOTH)
131277 + msg = "file in world-writable directory";
131278 + else if ((inode->i_mode & S_IWGRP) && gr_is_global_nonroot_gid(inode->i_gid))
131279 + msg = "file in group-writable directory";
131280 + else if (file_inode->i_mode & S_IWOTH)
131281 + msg = "file is world-writable";
131282 +
131283 + if (msg) {
131284 + gr_log_str_fs(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, msg, file->f_path.dentry, file->f_path.mnt);
131285 + return 0;
131286 + }
131287 +#endif
131288 +#endif
131289 + return 1;
131290 +}
131291 diff --git a/grsecurity/grsec_tty.c b/grsecurity/grsec_tty.c
131292 new file mode 100644
131293 index 0000000..ad8b9c5
131294 --- /dev/null
131295 +++ b/grsecurity/grsec_tty.c
131296 @@ -0,0 +1,18 @@
131297 +#include <linux/kernel.h>
131298 +#include <linux/sched.h>
131299 +#include <linux/grsecurity.h>
131300 +#include <linux/grinternal.h>
131301 +#include <linux/capability.h>
131302 +#include <linux/tty.h>
131303 +
131304 +int gr_handle_tiocsti(struct tty_struct *tty)
131305 +{
131306 +#ifdef CONFIG_GRKERNSEC_HARDEN_TTY
131307 + if (grsec_enable_harden_tty && (current->signal->tty == tty) &&
131308 + !capable(CAP_SYS_ADMIN)) {
131309 + gr_log_noargs(GR_DONT_AUDIT, GR_TIOCSTI_MSG);
131310 + return 1;
131311 + }
131312 +#endif
131313 + return 0;
131314 +}
131315 diff --git a/grsecurity/grsec_usb.c b/grsecurity/grsec_usb.c
131316 new file mode 100644
131317 index 0000000..ae02d8e
131318 --- /dev/null
131319 +++ b/grsecurity/grsec_usb.c
131320 @@ -0,0 +1,15 @@
131321 +#include <linux/kernel.h>
131322 +#include <linux/grinternal.h>
131323 +#include <linux/module.h>
131324 +
131325 +int gr_handle_new_usb(void)
131326 +{
131327 +#ifdef CONFIG_GRKERNSEC_DENYUSB
131328 + if (grsec_deny_new_usb) {
131329 + printk(KERN_ALERT "grsec: denied insert of new USB device\n");
131330 + return 1;
131331 + }
131332 +#endif
131333 + return 0;
131334 +}
131335 +EXPORT_SYMBOL_GPL(gr_handle_new_usb);
131336 diff --git a/grsecurity/grsum.c b/grsecurity/grsum.c
131337 new file mode 100644
131338 index 0000000..1af1e63
131339 --- /dev/null
131340 +++ b/grsecurity/grsum.c
131341 @@ -0,0 +1,56 @@
131342 +#include <linux/err.h>
131343 +#include <linux/kernel.h>
131344 +#include <linux/sched.h>
131345 +#include <linux/mm.h>
131346 +#include <linux/scatterlist.h>
131347 +#include <linux/crypto.h>
131348 +#include <linux/gracl.h>
131349 +#include <crypto/algapi.h>
131350 +#include <crypto/hash.h>
131351 +
131352 +#if !defined(CONFIG_CRYPTO) || defined(CONFIG_CRYPTO_MODULE) || !defined(CONFIG_CRYPTO_SHA256) || defined(CONFIG_CRYPTO_SHA256_MODULE)
131353 +#error "crypto and sha256 must be built into the kernel"
131354 +#endif
131355 +
131356 +int
131357 +chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum)
131358 +{
131359 + struct crypto_ahash *tfm;
131360 + struct ahash_request *req;
131361 + struct scatterlist sg[2];
131362 + unsigned char temp_sum[GR_SHA_LEN];
131363 + unsigned long *tmpsumptr = (unsigned long *)temp_sum;
131364 + unsigned long *sumptr = (unsigned long *)sum;
131365 + int retval = 1;
131366 +
131367 + tfm = crypto_alloc_ahash("sha256", 0, CRYPTO_ALG_ASYNC);
131368 + if (IS_ERR(tfm))
131369 + goto out_wipe;
131370 +
131371 + sg_init_table(sg, 2);
131372 + sg_set_buf(&sg[0], salt, GR_SALT_LEN);
131373 + sg_set_buf(&sg[1], entry->pw, strlen((const char *)entry->pw));
131374 +
131375 + req = ahash_request_alloc(tfm, GFP_KERNEL);
131376 + if (!req) {
131377 + crypto_free_ahash(tfm);
131378 + goto out_wipe;
131379 + }
131380 +
131381 + ahash_request_set_callback(req, 0, NULL, NULL);
131382 + ahash_request_set_crypt(req, sg, temp_sum, GR_SALT_LEN + strlen((const char *)entry->pw));
131383 +
131384 + if (crypto_ahash_digest(req))
131385 + goto out_free;
131386 +
131387 + if (!crypto_memneq(sumptr, tmpsumptr, GR_SHA_LEN))
131388 + retval = 0;
131389 +
131390 +out_free:
131391 + ahash_request_free(req);
131392 + crypto_free_ahash(tfm);
131393 +out_wipe:
131394 + memset(entry->pw, 0, GR_PW_LEN);
131395 +
131396 + return retval;
131397 +}
131398 diff --git a/include/acpi/acpiosxf.h b/include/acpi/acpiosxf.h
131399 index 562603d..7ee4475 100644
131400 --- a/include/acpi/acpiosxf.h
131401 +++ b/include/acpi/acpiosxf.h
131402 @@ -337,11 +337,12 @@ acpi_status acpi_os_signal(u32 function, void *info);
131403 * Debug print routines
131404 */
131405 #ifndef ACPI_USE_ALTERNATE_PROTOTYPE_acpi_os_printf
131406 +__printf(1, 2)
131407 void ACPI_INTERNAL_VAR_XFACE acpi_os_printf(const char *format, ...);
131408 #endif
131409
131410 #ifndef ACPI_USE_ALTERNATE_PROTOTYPE_acpi_os_vprintf
131411 -void acpi_os_vprintf(const char *format, va_list args);
131412 +__printf(1, 0) void acpi_os_vprintf(const char *format, va_list args);
131413 #endif
131414
131415 #ifndef ACPI_USE_ALTERNATE_PROTOTYPE_acpi_os_redirect_output
131416 diff --git a/include/acpi/acpixf.h b/include/acpi/acpixf.h
131417 index 1ff3a76..c52f3b4 100644
131418 --- a/include/acpi/acpixf.h
131419 +++ b/include/acpi/acpixf.h
131420 @@ -914,7 +914,7 @@ ACPI_MSG_DEPENDENT_RETURN_VOID(ACPI_PRINTF_LIKE(3)
131421 /*
131422 * Debug output
131423 */
131424 -ACPI_DBG_DEPENDENT_RETURN_VOID(ACPI_PRINTF_LIKE(6)
131425 +ACPI_DBG_DEPENDENT_RETURN_VOID(ACPI_PRINTF_LIKE(6) __nocapture(3)
131426 void ACPI_INTERNAL_VAR_XFACE
131427 acpi_debug_print(u32 requested_debug_level,
131428 u32 line_number,
131429 diff --git a/include/acpi/ghes.h b/include/acpi/ghes.h
131430 index 720446c..f32baee 100644
131431 --- a/include/acpi/ghes.h
131432 +++ b/include/acpi/ghes.h
131433 @@ -32,7 +32,7 @@ struct ghes_estatus_node {
131434
131435 struct ghes_estatus_cache {
131436 u32 estatus_len;
131437 - atomic_t count;
131438 + atomic_unchecked_t count;
131439 struct acpi_hest_generic *generic;
131440 unsigned long long time_in;
131441 struct rcu_head rcu;
131442 diff --git a/include/asm-generic/4level-fixup.h b/include/asm-generic/4level-fixup.h
131443 index 5bdab6b..9ae82fe 100644
131444 --- a/include/asm-generic/4level-fixup.h
131445 +++ b/include/asm-generic/4level-fixup.h
131446 @@ -14,8 +14,10 @@
131447 #define pmd_alloc(mm, pud, address) \
131448 ((unlikely(pgd_none(*(pud))) && __pmd_alloc(mm, pud, address))? \
131449 NULL: pmd_offset(pud, address))
131450 +#define pmd_alloc_kernel(mm, pud, address) pmd_alloc((mm), (pud), (address))
131451
131452 #define pud_alloc(mm, pgd, address) (pgd)
131453 +#define pud_alloc_kernel(mm, pgd, address) pud_alloc((mm), (pgd), (address))
131454 #define pud_offset(pgd, start) (pgd)
131455 #define pud_none(pud) 0
131456 #define pud_bad(pud) 0
131457 diff --git a/include/asm-generic/atomic-long.h b/include/asm-generic/atomic-long.h
131458 index 288cc9e..714fd14 100644
131459 --- a/include/asm-generic/atomic-long.h
131460 +++ b/include/asm-generic/atomic-long.h
131461 @@ -22,6 +22,12 @@
131462
131463 typedef atomic64_t atomic_long_t;
131464
131465 +#ifdef CONFIG_PAX_REFCOUNT
131466 +typedef atomic64_unchecked_t atomic_long_unchecked_t;
131467 +#else
131468 +typedef atomic64_t atomic_long_unchecked_t;
131469 +#endif
131470 +
131471 #define ATOMIC_LONG_INIT(i) ATOMIC64_INIT(i)
131472 #define ATOMIC_LONG_PFX(x) atomic64 ## x
131473
131474 @@ -29,51 +35,61 @@ typedef atomic64_t atomic_long_t;
131475
131476 typedef atomic_t atomic_long_t;
131477
131478 +#ifdef CONFIG_PAX_REFCOUNT
131479 +typedef atomic_unchecked_t atomic_long_unchecked_t;
131480 +#else
131481 +typedef atomic_t atomic_long_unchecked_t;
131482 +#endif
131483 +
131484 #define ATOMIC_LONG_INIT(i) ATOMIC_INIT(i)
131485 #define ATOMIC_LONG_PFX(x) atomic ## x
131486
131487 #endif
131488
131489 -#define ATOMIC_LONG_READ_OP(mo) \
131490 -static inline long atomic_long_read##mo(const atomic_long_t *l) \
131491 +#define ATOMIC_LONG_READ_OP(mo, suffix) \
131492 +static inline long atomic_long_read##mo##suffix(const atomic_long##suffix##_t *l)\
131493 { \
131494 - ATOMIC_LONG_PFX(_t) *v = (ATOMIC_LONG_PFX(_t) *)l; \
131495 + ATOMIC_LONG_PFX(suffix##_t) *v = (ATOMIC_LONG_PFX(suffix##_t) *)l;\
131496 \
131497 - return (long)ATOMIC_LONG_PFX(_read##mo)(v); \
131498 + return (long)ATOMIC_LONG_PFX(_read##mo##suffix)(v); \
131499 }
131500 -ATOMIC_LONG_READ_OP()
131501 -ATOMIC_LONG_READ_OP(_acquire)
131502 +ATOMIC_LONG_READ_OP(,)
131503 +ATOMIC_LONG_READ_OP(,_unchecked)
131504 +ATOMIC_LONG_READ_OP(_acquire,)
131505
131506 #undef ATOMIC_LONG_READ_OP
131507
131508 -#define ATOMIC_LONG_SET_OP(mo) \
131509 -static inline void atomic_long_set##mo(atomic_long_t *l, long i) \
131510 +#define ATOMIC_LONG_SET_OP(mo, suffix) \
131511 +static inline void atomic_long_set##mo##suffix(atomic_long##suffix##_t *l, long i)\
131512 { \
131513 - ATOMIC_LONG_PFX(_t) *v = (ATOMIC_LONG_PFX(_t) *)l; \
131514 + ATOMIC_LONG_PFX(suffix##_t) *v = (ATOMIC_LONG_PFX(suffix##_t) *)l;\
131515 \
131516 - ATOMIC_LONG_PFX(_set##mo)(v, i); \
131517 + ATOMIC_LONG_PFX(_set##mo##suffix)(v, i); \
131518 }
131519 -ATOMIC_LONG_SET_OP()
131520 -ATOMIC_LONG_SET_OP(_release)
131521 +ATOMIC_LONG_SET_OP(,)
131522 +ATOMIC_LONG_SET_OP(,_unchecked)
131523 +ATOMIC_LONG_SET_OP(_release,)
131524
131525 #undef ATOMIC_LONG_SET_OP
131526
131527 -#define ATOMIC_LONG_ADD_SUB_OP(op, mo) \
131528 +#define ATOMIC_LONG_ADD_SUB_OP(op, mo, suffix) \
131529 static inline long \
131530 -atomic_long_##op##_return##mo(long i, atomic_long_t *l) \
131531 +atomic_long_##op##_return##mo##suffix(long i, atomic_long##suffix##_t *l)\
131532 { \
131533 - ATOMIC_LONG_PFX(_t) *v = (ATOMIC_LONG_PFX(_t) *)l; \
131534 + ATOMIC_LONG_PFX(suffix##_t) *v = (ATOMIC_LONG_PFX(suffix##_t) *)l;\
131535 \
131536 - return (long)ATOMIC_LONG_PFX(_##op##_return##mo)(i, v); \
131537 + return (long)ATOMIC_LONG_PFX(_##op##_return##mo##suffix)(i, v); \
131538 }
131539 -ATOMIC_LONG_ADD_SUB_OP(add,)
131540 -ATOMIC_LONG_ADD_SUB_OP(add, _relaxed)
131541 -ATOMIC_LONG_ADD_SUB_OP(add, _acquire)
131542 -ATOMIC_LONG_ADD_SUB_OP(add, _release)
131543 -ATOMIC_LONG_ADD_SUB_OP(sub,)
131544 -ATOMIC_LONG_ADD_SUB_OP(sub, _relaxed)
131545 -ATOMIC_LONG_ADD_SUB_OP(sub, _acquire)
131546 -ATOMIC_LONG_ADD_SUB_OP(sub, _release)
131547 +ATOMIC_LONG_ADD_SUB_OP(add,,)
131548 +ATOMIC_LONG_ADD_SUB_OP(add,,_unchecked)
131549 +ATOMIC_LONG_ADD_SUB_OP(add, _relaxed,)
131550 +ATOMIC_LONG_ADD_SUB_OP(add, _acquire,)
131551 +ATOMIC_LONG_ADD_SUB_OP(add, _release,)
131552 +ATOMIC_LONG_ADD_SUB_OP(sub,,)
131553 +//ATOMIC_LONG_ADD_SUB_OP(sub,,_unchecked)
131554 +ATOMIC_LONG_ADD_SUB_OP(sub, _relaxed,)
131555 +ATOMIC_LONG_ADD_SUB_OP(sub, _acquire,)
131556 +ATOMIC_LONG_ADD_SUB_OP(sub, _release,)
131557
131558 #undef ATOMIC_LONG_ADD_SUB_OP
131559
131560 @@ -98,6 +114,11 @@ ATOMIC_LONG_ADD_SUB_OP(sub, _release)
131561 #define atomic_long_xchg(v, new) \
131562 (ATOMIC_LONG_PFX(_xchg)((ATOMIC_LONG_PFX(_t) *)(v), (new)))
131563
131564 +#ifdef CONFIG_PAX_REFCOUNT
131565 +#define atomic_long_xchg_unchecked(v, new) \
131566 + (ATOMIC_LONG_PFX(_xchg_unchecked)((ATOMIC_LONG_PFX(_unchecked_t) *)(v), (new)))
131567 +#endif
131568 +
131569 static __always_inline void atomic_long_inc(atomic_long_t *l)
131570 {
131571 ATOMIC_LONG_PFX(_t) *v = (ATOMIC_LONG_PFX(_t) *)l;
131572 @@ -105,6 +126,15 @@ static __always_inline void atomic_long_inc(atomic_long_t *l)
131573 ATOMIC_LONG_PFX(_inc)(v);
131574 }
131575
131576 +#ifdef CONFIG_PAX_REFCOUNT
131577 +static __always_inline void atomic_long_inc_unchecked(atomic_long_unchecked_t *l)
131578 +{
131579 + ATOMIC_LONG_PFX(_unchecked_t) *v = (ATOMIC_LONG_PFX(_unchecked_t) *)l;
131580 +
131581 + ATOMIC_LONG_PFX(_inc_unchecked)(v);
131582 +}
131583 +#endif
131584 +
131585 static __always_inline void atomic_long_dec(atomic_long_t *l)
131586 {
131587 ATOMIC_LONG_PFX(_t) *v = (ATOMIC_LONG_PFX(_t) *)l;
131588 @@ -168,21 +198,32 @@ ATOMIC_LONG_FETCH_INC_DEC_OP(dec, _release)
131589
131590 #undef ATOMIC_LONG_FETCH_INC_DEC_OP
131591
131592 -#define ATOMIC_LONG_OP(op) \
131593 +#ifdef CONFIG_PAX_REFCOUNT
131594 +static __always_inline void atomic_long_dec_unchecked(atomic_long_unchecked_t *l)
131595 +{
131596 + ATOMIC_LONG_PFX(_unchecked_t) *v = (ATOMIC_LONG_PFX(_unchecked_t) *)l;
131597 +
131598 + ATOMIC_LONG_PFX(_dec_unchecked)(v);
131599 +}
131600 +#endif
131601 +
131602 +#define ATOMIC_LONG_OP(op, suffix) \
131603 static __always_inline void \
131604 -atomic_long_##op(long i, atomic_long_t *l) \
131605 +atomic_long_##op##suffix(long i, atomic_long##suffix##_t *l) \
131606 { \
131607 - ATOMIC_LONG_PFX(_t) *v = (ATOMIC_LONG_PFX(_t) *)l; \
131608 + ATOMIC_LONG_PFX(suffix##_t) *v = (ATOMIC_LONG_PFX(suffix##_t) *)l;\
131609 \
131610 - ATOMIC_LONG_PFX(_##op)(i, v); \
131611 + ATOMIC_LONG_PFX(_##op##suffix)(i, v); \
131612 }
131613
131614 -ATOMIC_LONG_OP(add)
131615 -ATOMIC_LONG_OP(sub)
131616 -ATOMIC_LONG_OP(and)
131617 -ATOMIC_LONG_OP(andnot)
131618 -ATOMIC_LONG_OP(or)
131619 -ATOMIC_LONG_OP(xor)
131620 +ATOMIC_LONG_OP(add,)
131621 +ATOMIC_LONG_OP(add,_unchecked)
131622 +ATOMIC_LONG_OP(sub,)
131623 +ATOMIC_LONG_OP(sub,_unchecked)
131624 +ATOMIC_LONG_OP(and,)
131625 +ATOMIC_LONG_OP(andnot,)
131626 +ATOMIC_LONG_OP(or,)
131627 +ATOMIC_LONG_OP(xor,)
131628
131629 #undef ATOMIC_LONG_OP
131630
131631 @@ -214,22 +255,23 @@ static inline int atomic_long_add_negative(long i, atomic_long_t *l)
131632 return ATOMIC_LONG_PFX(_add_negative)(i, v);
131633 }
131634
131635 -#define ATOMIC_LONG_INC_DEC_OP(op, mo) \
131636 +#define ATOMIC_LONG_INC_DEC_OP(op, mo, suffix) \
131637 static inline long \
131638 -atomic_long_##op##_return##mo(atomic_long_t *l) \
131639 +atomic_long_##op##_return##mo##suffix(atomic_long##suffix##_t *l) \
131640 { \
131641 - ATOMIC_LONG_PFX(_t) *v = (ATOMIC_LONG_PFX(_t) *)l; \
131642 + ATOMIC_LONG_PFX(suffix##_t) *v = (ATOMIC_LONG_PFX(suffix##_t) *)l;\
131643 \
131644 - return (long)ATOMIC_LONG_PFX(_##op##_return##mo)(v); \
131645 + return (long)ATOMIC_LONG_PFX(_##op##_return##mo##suffix)(v); \
131646 }
131647 -ATOMIC_LONG_INC_DEC_OP(inc,)
131648 -ATOMIC_LONG_INC_DEC_OP(inc, _relaxed)
131649 -ATOMIC_LONG_INC_DEC_OP(inc, _acquire)
131650 -ATOMIC_LONG_INC_DEC_OP(inc, _release)
131651 -ATOMIC_LONG_INC_DEC_OP(dec,)
131652 -ATOMIC_LONG_INC_DEC_OP(dec, _relaxed)
131653 -ATOMIC_LONG_INC_DEC_OP(dec, _acquire)
131654 -ATOMIC_LONG_INC_DEC_OP(dec, _release)
131655 +ATOMIC_LONG_INC_DEC_OP(inc,,)
131656 +ATOMIC_LONG_INC_DEC_OP(inc,,_unchecked)
131657 +ATOMIC_LONG_INC_DEC_OP(inc, _relaxed,)
131658 +ATOMIC_LONG_INC_DEC_OP(inc, _acquire,)
131659 +ATOMIC_LONG_INC_DEC_OP(inc, _release,)
131660 +ATOMIC_LONG_INC_DEC_OP(dec,,)
131661 +ATOMIC_LONG_INC_DEC_OP(dec, _relaxed,)
131662 +ATOMIC_LONG_INC_DEC_OP(dec, _acquire,)
131663 +ATOMIC_LONG_INC_DEC_OP(dec, _release,)
131664
131665 #undef ATOMIC_LONG_INC_DEC_OP
131666
131667 @@ -243,4 +285,62 @@ static inline long atomic_long_add_unless(atomic_long_t *l, long a, long u)
131668 #define atomic_long_inc_not_zero(l) \
131669 ATOMIC_LONG_PFX(_inc_not_zero)((ATOMIC_LONG_PFX(_t) *)(l))
131670
131671 +#ifdef CONFIG_PAX_REFCOUNT
131672 +static inline void pax_refcount_needs_these_functions(void)
131673 +{
131674 + atomic_read_unchecked((atomic_unchecked_t *)NULL);
131675 + atomic_set_unchecked((atomic_unchecked_t *)NULL, 0);
131676 + atomic_add_unchecked(0, (atomic_unchecked_t *)NULL);
131677 + atomic_sub_unchecked(0, (atomic_unchecked_t *)NULL);
131678 + atomic_inc_unchecked((atomic_unchecked_t *)NULL);
131679 + (void)atomic_inc_and_test_unchecked((atomic_unchecked_t *)NULL);
131680 + atomic_inc_return_unchecked((atomic_unchecked_t *)NULL);
131681 + atomic_add_return_unchecked(0, (atomic_unchecked_t *)NULL);
131682 + atomic_dec_unchecked((atomic_unchecked_t *)NULL);
131683 + atomic_cmpxchg_unchecked((atomic_unchecked_t *)NULL, 0, 0);
131684 + (void)atomic_xchg_unchecked((atomic_unchecked_t *)NULL, 0);
131685 +
131686 + atomic_long_read_unchecked((atomic_long_unchecked_t *)NULL);
131687 + atomic_long_set_unchecked((atomic_long_unchecked_t *)NULL, 0);
131688 + atomic_long_add_unchecked(0, (atomic_long_unchecked_t *)NULL);
131689 + atomic_long_sub_unchecked(0, (atomic_long_unchecked_t *)NULL);
131690 + atomic_long_inc_unchecked((atomic_long_unchecked_t *)NULL);
131691 + atomic_long_add_return_unchecked(0, (atomic_long_unchecked_t *)NULL);
131692 + atomic_long_inc_return_unchecked((atomic_long_unchecked_t *)NULL);
131693 + atomic_long_dec_unchecked((atomic_long_unchecked_t *)NULL);
131694 +}
131695 +#else
131696 +#define atomic_read_unchecked(v) atomic_read(v)
131697 +#define atomic_set_unchecked(v, i) atomic_set((v), (i))
131698 +#define atomic_add_unchecked(i, v) atomic_add((i), (v))
131699 +#define atomic_sub_unchecked(i, v) atomic_sub((i), (v))
131700 +#define atomic_inc_unchecked(v) atomic_inc(v)
131701 +#ifndef atomic_inc_and_test_unchecked
131702 +#define atomic_inc_and_test_unchecked(v) atomic_inc_and_test(v)
131703 +#endif
131704 +#ifndef atomic_inc_return_unchecked
131705 +#define atomic_inc_return_unchecked(v) atomic_inc_return(v)
131706 +#endif
131707 +#ifndef atomic_add_return_unchecked
131708 +#define atomic_add_return_unchecked(i, v) atomic_add_return((i), (v))
131709 +#endif
131710 +#define atomic_dec_unchecked(v) atomic_dec(v)
131711 +#define atomic_cmpxchg_unchecked(v, o, n) atomic_cmpxchg((v), (o), (n))
131712 +#ifndef atomic_xchg_unchecked
131713 +#define atomic_xchg_unchecked(v, i) atomic_xchg((v), (i))
131714 +#endif
131715 +
131716 +#define atomic_long_read_unchecked(v) atomic_long_read(v)
131717 +#define atomic_long_set_unchecked(v, i) atomic_long_set((v), (i))
131718 +#define atomic_long_add_unchecked(i, v) atomic_long_add((i), (v))
131719 +#define atomic_long_sub_unchecked(i, v) atomic_long_sub((i), (v))
131720 +#define atomic_long_inc_unchecked(v) atomic_long_inc(v)
131721 +#define atomic_long_add_return_unchecked(i, v) atomic_long_add_return((i), (v))
131722 +#define atomic_long_inc_return_unchecked(v) atomic_long_inc_return(v)
131723 +#define atomic_long_dec_unchecked(v) atomic_long_dec(v)
131724 +#ifndef atomic_long_xchg_unchecked
131725 +#define atomic_long_xchg_unchecked(v, i) atomic_long_xchg((v), (i))
131726 +#endif
131727 +#endif
131728 +
131729 #endif /* _ASM_GENERIC_ATOMIC_LONG_H */
131730 diff --git a/include/asm-generic/atomic64.h b/include/asm-generic/atomic64.h
131731 index dad68bf..cadcc641 100644
131732 --- a/include/asm-generic/atomic64.h
131733 +++ b/include/asm-generic/atomic64.h
131734 @@ -16,6 +16,8 @@ typedef struct {
131735 long long counter;
131736 } atomic64_t;
131737
131738 +typedef atomic64_t atomic64_unchecked_t;
131739 +
131740 #define ATOMIC64_INIT(i) { (i) }
131741
131742 extern long long atomic64_read(const atomic64_t *v);
131743 @@ -62,4 +64,15 @@ extern int atomic64_add_unless(atomic64_t *v, long long a, long long u);
131744 #define atomic64_dec_and_test(v) (atomic64_dec_return((v)) == 0)
131745 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1LL, 0LL)
131746
131747 +#define atomic64_read_unchecked(v) atomic64_read(v)
131748 +#define atomic64_set_unchecked(v, i) atomic64_set((v), (i))
131749 +#define atomic64_add_unchecked(a, v) atomic64_add((a), (v))
131750 +#define atomic64_add_return_unchecked(a, v) atomic64_add_return((a), (v))
131751 +#define atomic64_sub_unchecked(a, v) atomic64_sub((a), (v))
131752 +#define atomic64_inc_unchecked(v) atomic64_inc(v)
131753 +#define atomic64_inc_return_unchecked(v) atomic64_inc_return(v)
131754 +#define atomic64_dec_unchecked(v) atomic64_dec(v)
131755 +#define atomic64_cmpxchg_unchecked(v, o, n) atomic64_cmpxchg((v), (o), (n))
131756 +#define atomic64_xchg_unchecked(v, n) atomic64_xchg((v), (n))
131757 +
131758 #endif /* _ASM_GENERIC_ATOMIC64_H */
131759 diff --git a/include/asm-generic/bitops/__fls.h b/include/asm-generic/bitops/__fls.h
131760 index a60a7cc..0fe12f2 100644
131761 --- a/include/asm-generic/bitops/__fls.h
131762 +++ b/include/asm-generic/bitops/__fls.h
131763 @@ -9,7 +9,7 @@
131764 *
131765 * Undefined if no set bit exists, so code should check against 0 first.
131766 */
131767 -static __always_inline unsigned long __fls(unsigned long word)
131768 +static __always_inline unsigned long __intentional_overflow(-1) __fls(unsigned long word)
131769 {
131770 int num = BITS_PER_LONG - 1;
131771
131772 diff --git a/include/asm-generic/bitops/fls.h b/include/asm-generic/bitops/fls.h
131773 index 0576d1f..dad6c71 100644
131774 --- a/include/asm-generic/bitops/fls.h
131775 +++ b/include/asm-generic/bitops/fls.h
131776 @@ -9,7 +9,7 @@
131777 * Note fls(0) = 0, fls(1) = 1, fls(0x80000000) = 32.
131778 */
131779
131780 -static __always_inline int fls(int x)
131781 +static __always_inline int __intentional_overflow(-1) fls(int x)
131782 {
131783 int r = 32;
131784
131785 diff --git a/include/asm-generic/bitops/fls64.h b/include/asm-generic/bitops/fls64.h
131786 index b097cf8..3d40e14 100644
131787 --- a/include/asm-generic/bitops/fls64.h
131788 +++ b/include/asm-generic/bitops/fls64.h
131789 @@ -15,7 +15,7 @@
131790 * at position 64.
131791 */
131792 #if BITS_PER_LONG == 32
131793 -static __always_inline int fls64(__u64 x)
131794 +static __always_inline int __intentional_overflow(-1) fls64(__u64 x)
131795 {
131796 __u32 h = x >> 32;
131797 if (h)
131798 @@ -23,7 +23,7 @@ static __always_inline int fls64(__u64 x)
131799 return fls(x);
131800 }
131801 #elif BITS_PER_LONG == 64
131802 -static __always_inline int fls64(__u64 x)
131803 +static __always_inline int __intentional_overflow(-1) fls64(__u64 x)
131804 {
131805 if (x == 0)
131806 return 0;
131807 diff --git a/include/asm-generic/bug.h b/include/asm-generic/bug.h
131808 index 6f96247..f6ae0d7 100644
131809 --- a/include/asm-generic/bug.h
131810 +++ b/include/asm-generic/bug.h
131811 @@ -62,13 +62,13 @@ struct bug_entry {
131812 * to provide better diagnostics.
131813 */
131814 #ifndef __WARN_TAINT
131815 -extern __printf(3, 4)
131816 +extern __printf(3, 4) __nocapture(1)
131817 void warn_slowpath_fmt(const char *file, const int line,
131818 const char *fmt, ...);
131819 -extern __printf(4, 5)
131820 +extern __printf(4, 5) __nocapture(1)
131821 void warn_slowpath_fmt_taint(const char *file, const int line, unsigned taint,
131822 const char *fmt, ...);
131823 -extern void warn_slowpath_null(const char *file, const int line);
131824 +extern __nocapture(1) void warn_slowpath_null(const char *file, const int line);
131825 #define WANT_WARN_ON_SLOWPATH
131826 #define __WARN() warn_slowpath_null(__FILE__, __LINE__)
131827 #define __WARN_printf(arg...) warn_slowpath_fmt(__FILE__, __LINE__, arg)
131828 @@ -84,6 +84,7 @@ extern void warn_slowpath_null(const char *file, const int line);
131829 /* used internally by panic.c */
131830 struct warn_args;
131831
131832 +__nocapture(1, 0)
131833 void __warn(const char *file, int line, void *caller, unsigned taint,
131834 struct pt_regs *regs, struct warn_args *args);
131835
131836 diff --git a/include/asm-generic/cache.h b/include/asm-generic/cache.h
131837 index 1bfcfe5..e04c5c9 100644
131838 --- a/include/asm-generic/cache.h
131839 +++ b/include/asm-generic/cache.h
131840 @@ -6,7 +6,7 @@
131841 * cache lines need to provide their own cache.h.
131842 */
131843
131844 -#define L1_CACHE_SHIFT 5
131845 -#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT)
131846 +#define L1_CACHE_SHIFT 5UL
131847 +#define L1_CACHE_BYTES (1UL << L1_CACHE_SHIFT)
131848
131849 #endif /* __ASM_GENERIC_CACHE_H */
131850 diff --git a/include/asm-generic/emergency-restart.h b/include/asm-generic/emergency-restart.h
131851 index 0d68a1e..b74a761 100644
131852 --- a/include/asm-generic/emergency-restart.h
131853 +++ b/include/asm-generic/emergency-restart.h
131854 @@ -1,7 +1,7 @@
131855 #ifndef _ASM_GENERIC_EMERGENCY_RESTART_H
131856 #define _ASM_GENERIC_EMERGENCY_RESTART_H
131857
131858 -static inline void machine_emergency_restart(void)
131859 +static inline __noreturn void machine_emergency_restart(void)
131860 {
131861 machine_restart(NULL);
131862 }
131863 diff --git a/include/asm-generic/kmap_types.h b/include/asm-generic/kmap_types.h
131864 index 90f99c7..00ce236 100644
131865 --- a/include/asm-generic/kmap_types.h
131866 +++ b/include/asm-generic/kmap_types.h
131867 @@ -2,9 +2,9 @@
131868 #define _ASM_GENERIC_KMAP_TYPES_H
131869
131870 #ifdef __WITH_KM_FENCE
131871 -# define KM_TYPE_NR 41
131872 +# define KM_TYPE_NR 42
131873 #else
131874 -# define KM_TYPE_NR 20
131875 +# define KM_TYPE_NR 21
131876 #endif
131877
131878 #endif
131879 diff --git a/include/asm-generic/local.h b/include/asm-generic/local.h
131880 index 9ceb03b..62b0b8f 100644
131881 --- a/include/asm-generic/local.h
131882 +++ b/include/asm-generic/local.h
131883 @@ -23,24 +23,37 @@ typedef struct
131884 atomic_long_t a;
131885 } local_t;
131886
131887 +typedef struct {
131888 + atomic_long_unchecked_t a;
131889 +} local_unchecked_t;
131890 +
131891 #define LOCAL_INIT(i) { ATOMIC_LONG_INIT(i) }
131892
131893 #define local_read(l) atomic_long_read(&(l)->a)
131894 +#define local_read_unchecked(l) atomic_long_read_unchecked(&(l)->a)
131895 #define local_set(l,i) atomic_long_set((&(l)->a),(i))
131896 +#define local_set_unchecked(l,i) atomic_long_set_unchecked((&(l)->a),(i))
131897 #define local_inc(l) atomic_long_inc(&(l)->a)
131898 +#define local_inc_unchecked(l) atomic_long_inc_unchecked(&(l)->a)
131899 #define local_dec(l) atomic_long_dec(&(l)->a)
131900 +#define local_dec_unchecked(l) atomic_long_dec_unchecked(&(l)->a)
131901 #define local_add(i,l) atomic_long_add((i),(&(l)->a))
131902 +#define local_add_unchecked(i,l) atomic_long_add_unchecked((i),(&(l)->a))
131903 #define local_sub(i,l) atomic_long_sub((i),(&(l)->a))
131904 +#define local_sub_unchecked(i,l) atomic_long_sub_unchecked((i),(&(l)->a))
131905
131906 #define local_sub_and_test(i, l) atomic_long_sub_and_test((i), (&(l)->a))
131907 #define local_dec_and_test(l) atomic_long_dec_and_test(&(l)->a)
131908 #define local_inc_and_test(l) atomic_long_inc_and_test(&(l)->a)
131909 #define local_add_negative(i, l) atomic_long_add_negative((i), (&(l)->a))
131910 #define local_add_return(i, l) atomic_long_add_return((i), (&(l)->a))
131911 +#define local_add_return_unchecked(i, l) atomic_long_add_return_unchecked((i), (&(l)->a))
131912 #define local_sub_return(i, l) atomic_long_sub_return((i), (&(l)->a))
131913 #define local_inc_return(l) atomic_long_inc_return(&(l)->a)
131914 +#define local_dec_return(l) atomic_long_dec_return(&(l)->a)
131915
131916 #define local_cmpxchg(l, o, n) atomic_long_cmpxchg((&(l)->a), (o), (n))
131917 +#define local_cmpxchg_unchecked(l, o, n) atomic_long_cmpxchg((&(l)->a), (o), (n))
131918 #define local_xchg(l, n) atomic_long_xchg((&(l)->a), (n))
131919 #define local_add_unless(l, _a, u) atomic_long_add_unless((&(l)->a), (_a), (u))
131920 #define local_inc_not_zero(l) atomic_long_inc_not_zero(&(l)->a)
131921 diff --git a/include/asm-generic/pgtable-nopmd.h b/include/asm-generic/pgtable-nopmd.h
131922 index 725612b..8458d85 100644
131923 --- a/include/asm-generic/pgtable-nopmd.h
131924 +++ b/include/asm-generic/pgtable-nopmd.h
131925 @@ -1,14 +1,19 @@
131926 #ifndef _PGTABLE_NOPMD_H
131927 #define _PGTABLE_NOPMD_H
131928
131929 -#ifndef __ASSEMBLY__
131930 -
131931 #include <asm-generic/pgtable-nopud.h>
131932
131933 -struct mm_struct;
131934 -
131935 #define __PAGETABLE_PMD_FOLDED
131936
131937 +#define PMD_SHIFT PUD_SHIFT
131938 +#define PTRS_PER_PMD 1
131939 +#define PMD_SIZE (_AC(1,UL) << PMD_SHIFT)
131940 +#define PMD_MASK (~(PMD_SIZE-1))
131941 +
131942 +#ifndef __ASSEMBLY__
131943 +
131944 +struct mm_struct;
131945 +
131946 /*
131947 * Having the pmd type consist of a pud gets the size right, and allows
131948 * us to conceptually access the pud entry that this pmd is folded into
131949 @@ -16,11 +21,6 @@ struct mm_struct;
131950 */
131951 typedef struct { pud_t pud; } pmd_t;
131952
131953 -#define PMD_SHIFT PUD_SHIFT
131954 -#define PTRS_PER_PMD 1
131955 -#define PMD_SIZE (1UL << PMD_SHIFT)
131956 -#define PMD_MASK (~(PMD_SIZE-1))
131957 -
131958 /*
131959 * The "pud_xxx()" functions here are trivial for a folded two-level
131960 * setup: the pmd is never bad, and a pmd always exists (as it's folded
131961 @@ -33,6 +33,7 @@ static inline void pud_clear(pud_t *pud) { }
131962 #define pmd_ERROR(pmd) (pud_ERROR((pmd).pud))
131963
131964 #define pud_populate(mm, pmd, pte) do { } while (0)
131965 +#define pud_populate_kernel(mm, pmd, pte) do { } while (0)
131966
131967 /*
131968 * (pmds are folded into puds so this doesn't get actually called,
131969 diff --git a/include/asm-generic/pgtable-nopud.h b/include/asm-generic/pgtable-nopud.h
131970 index 810431d..0ec4804f 100644
131971 --- a/include/asm-generic/pgtable-nopud.h
131972 +++ b/include/asm-generic/pgtable-nopud.h
131973 @@ -1,10 +1,15 @@
131974 #ifndef _PGTABLE_NOPUD_H
131975 #define _PGTABLE_NOPUD_H
131976
131977 -#ifndef __ASSEMBLY__
131978 -
131979 #define __PAGETABLE_PUD_FOLDED
131980
131981 +#define PUD_SHIFT PGDIR_SHIFT
131982 +#define PTRS_PER_PUD 1
131983 +#define PUD_SIZE (_AC(1,UL) << PUD_SHIFT)
131984 +#define PUD_MASK (~(PUD_SIZE-1))
131985 +
131986 +#ifndef __ASSEMBLY__
131987 +
131988 /*
131989 * Having the pud type consist of a pgd gets the size right, and allows
131990 * us to conceptually access the pgd entry that this pud is folded into
131991 @@ -12,11 +17,6 @@
131992 */
131993 typedef struct { pgd_t pgd; } pud_t;
131994
131995 -#define PUD_SHIFT PGDIR_SHIFT
131996 -#define PTRS_PER_PUD 1
131997 -#define PUD_SIZE (1UL << PUD_SHIFT)
131998 -#define PUD_MASK (~(PUD_SIZE-1))
131999 -
132000 /*
132001 * The "pgd_xxx()" functions here are trivial for a folded two-level
132002 * setup: the pud is never bad, and a pud always exists (as it's folded
132003 @@ -29,6 +29,7 @@ static inline void pgd_clear(pgd_t *pgd) { }
132004 #define pud_ERROR(pud) (pgd_ERROR((pud).pgd))
132005
132006 #define pgd_populate(mm, pgd, pud) do { } while (0)
132007 +#define pgd_populate_kernel(mm, pgd, pud) do { } while (0)
132008 /*
132009 * (puds are folded into pgds so this doesn't get actually called,
132010 * but the define is needed for a generic inline function.)
132011 diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h
132012 index d4458b6..34e3f46 100644
132013 --- a/include/asm-generic/pgtable.h
132014 +++ b/include/asm-generic/pgtable.h
132015 @@ -757,6 +757,22 @@ static inline int pmd_protnone(pmd_t pmd)
132016 }
132017 #endif /* CONFIG_NUMA_BALANCING */
132018
132019 +#ifndef __HAVE_ARCH_PAX_OPEN_KERNEL
132020 +#ifdef CONFIG_PAX_KERNEXEC
132021 +#error KERNEXEC requires pax_open_kernel
132022 +#else
132023 +static inline unsigned long pax_open_kernel(void) { return 0; }
132024 +#endif
132025 +#endif
132026 +
132027 +#ifndef __HAVE_ARCH_PAX_CLOSE_KERNEL
132028 +#ifdef CONFIG_PAX_KERNEXEC
132029 +#error KERNEXEC requires pax_close_kernel
132030 +#else
132031 +static inline unsigned long pax_close_kernel(void) { return 0; }
132032 +#endif
132033 +#endif
132034 +
132035 #endif /* CONFIG_MMU */
132036
132037 #ifdef CONFIG_HAVE_ARCH_HUGE_VMAP
132038 diff --git a/include/asm-generic/sections.h b/include/asm-generic/sections.h
132039 index af0254c..a4e4da3 100644
132040 --- a/include/asm-generic/sections.h
132041 +++ b/include/asm-generic/sections.h
132042 @@ -31,6 +31,7 @@ extern char _data[], _sdata[], _edata[];
132043 extern char __bss_start[], __bss_stop[];
132044 extern char __init_begin[], __init_end[];
132045 extern char _sinittext[], _einittext[];
132046 +extern char _sinitdata[], _einitdata[];
132047 extern char _end[];
132048 extern char __per_cpu_load[], __per_cpu_start[], __per_cpu_end[];
132049 extern char __kprobes_text_start[], __kprobes_text_end[];
132050 diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h
132051 index 6df9b07..8b07d2ff 100644
132052 --- a/include/asm-generic/uaccess.h
132053 +++ b/include/asm-generic/uaccess.h
132054 @@ -352,4 +352,20 @@ clear_user(void __user *to, unsigned long n)
132055 return __clear_user(to, n);
132056 }
132057
132058 +#ifndef __HAVE_ARCH_PAX_OPEN_USERLAND
132059 +#ifdef CONFIG_PAX_MEMORY_UDEREF
132060 +#error UDEREF requires pax_open_userland
132061 +#else
132062 +static inline unsigned long pax_open_userland(void) { return 0; }
132063 +#endif
132064 +#endif
132065 +
132066 +#ifndef __HAVE_ARCH_PAX_CLOSE_USERLAND
132067 +#ifdef CONFIG_PAX_MEMORY_UDEREF
132068 +#error UDEREF requires pax_close_userland
132069 +#else
132070 +static inline unsigned long pax_close_userland(void) { return 0; }
132071 +#endif
132072 +#endif
132073 +
132074 #endif /* __ASM_GENERIC_UACCESS_H */
132075 diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
132076 index 2456397..85deae0 100644
132077 --- a/include/asm-generic/vmlinux.lds.h
132078 +++ b/include/asm-generic/vmlinux.lds.h
132079 @@ -266,6 +266,7 @@
132080 VMLINUX_SYMBOL(__start_rodata) = .; \
132081 *(.rodata) *(.rodata.*) \
132082 RO_AFTER_INIT_DATA /* Read only after init */ \
132083 + *(.data..read_only) \
132084 *(__vermagic) /* Kernel version magic */ \
132085 . = ALIGN(8); \
132086 VMLINUX_SYMBOL(__start___tracepoints_ptrs) = .; \
132087 @@ -434,9 +435,20 @@
132088 ALIGN_FUNCTION(); \
132089 *(.text.hot .text .text.fixup .text.unlikely) \
132090 *(.ref.text) \
132091 + REFCOUNT_TEXT \
132092 MEM_KEEP(init.text) \
132093 MEM_KEEP(exit.text) \
132094
132095 +#define __REFCOUNT_TEXT(section) \
132096 + VMLINUX_SYMBOL(__##section##_start) = .; \
132097 + *(.text.##section) \
132098 + VMLINUX_SYMBOL(__##section##_end) = .;
132099 +
132100 +#define REFCOUNT_TEXT \
132101 + __REFCOUNT_TEXT(refcount_overflow) \
132102 + __REFCOUNT_TEXT(refcount64_overflow) \
132103 + __REFCOUNT_TEXT(refcount_underflow) \
132104 + __REFCOUNT_TEXT(refcount64_underflow) \
132105
132106 /* sched.text is aling to function alignment to secure we have same
132107 * address even at second ld pass when generating System.map */
132108 @@ -531,7 +543,9 @@
132109 MEM_DISCARD(init.data) \
132110 KERNEL_CTORS() \
132111 MCOUNT_REC() \
132112 + *(.init.rodata.str) \
132113 *(.init.rodata) \
132114 + *(.init.rodata.*) \
132115 FTRACE_EVENTS() \
132116 TRACE_SYSCALLS() \
132117 KPROBE_BLACKLIST() \
132118 @@ -555,9 +569,12 @@
132119
132120 #define EXIT_DATA \
132121 *(.exit.data) \
132122 + *(.exit.rodata) \
132123 + *(.exit.rodata.*) \
132124 *(.fini_array) \
132125 *(.dtors) \
132126 MEM_DISCARD(exit.data) \
132127 + *(.exit.rodata.str) \
132128 MEM_DISCARD(exit.rodata)
132129
132130 #define EXIT_TEXT \
132131 @@ -774,17 +791,18 @@
132132 * section in the linker script will go there too. @phdr should have
132133 * a leading colon.
132134 *
132135 - * Note that this macros defines __per_cpu_load as an absolute symbol.
132136 + * Note that this macros defines per_cpu_load as an absolute symbol.
132137 * If there is no need to put the percpu section at a predetermined
132138 * address, use PERCPU_SECTION.
132139 */
132140 #define PERCPU_VADDR(cacheline, vaddr, phdr) \
132141 - VMLINUX_SYMBOL(__per_cpu_load) = .; \
132142 - .data..percpu vaddr : AT(VMLINUX_SYMBOL(__per_cpu_load) \
132143 + per_cpu_load = .; \
132144 + .data..percpu vaddr : AT(VMLINUX_SYMBOL(per_cpu_load) \
132145 - LOAD_OFFSET) { \
132146 + VMLINUX_SYMBOL(__per_cpu_load) = . + per_cpu_load; \
132147 PERCPU_INPUT(cacheline) \
132148 } phdr \
132149 - . = VMLINUX_SYMBOL(__per_cpu_load) + SIZEOF(.data..percpu);
132150 + . = VMLINUX_SYMBOL(per_cpu_load) + SIZEOF(.data..percpu);
132151
132152 /**
132153 * PERCPU_SECTION - define output section for percpu area, simple version
132154 @@ -846,12 +864,14 @@
132155
132156 #define INIT_DATA_SECTION(initsetup_align) \
132157 .init.data : AT(ADDR(.init.data) - LOAD_OFFSET) { \
132158 + VMLINUX_SYMBOL(_sinitdata) = .; \
132159 INIT_DATA \
132160 INIT_SETUP(initsetup_align) \
132161 INIT_CALLS \
132162 CON_INITCALL \
132163 SECURITY_INITCALL \
132164 INIT_RAM_FS \
132165 + VMLINUX_SYMBOL(_einitdata) = .; \
132166 }
132167
132168 #define BSS_SECTION(sbss_align, bss_align, stop_align) \
132169 diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h
132170 index 8637cdf..1907623 100644
132171 --- a/include/crypto/algapi.h
132172 +++ b/include/crypto/algapi.h
132173 @@ -38,7 +38,7 @@ struct crypto_type {
132174 unsigned int maskclear;
132175 unsigned int maskset;
132176 unsigned int tfmsize;
132177 -};
132178 +} __do_const;
132179
132180 struct crypto_instance {
132181 struct crypto_alg alg;
132182 diff --git a/include/crypto/cast6.h b/include/crypto/cast6.h
132183 index 32b60eb..1a592df 100644
132184 --- a/include/crypto/cast6.h
132185 +++ b/include/crypto/cast6.h
132186 @@ -18,7 +18,7 @@ int __cast6_setkey(struct cast6_ctx *ctx, const u8 *key,
132187 unsigned int keylen, u32 *flags);
132188 int cast6_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen);
132189
132190 -void __cast6_encrypt(struct cast6_ctx *ctx, u8 *dst, const u8 *src);
132191 -void __cast6_decrypt(struct cast6_ctx *ctx, u8 *dst, const u8 *src);
132192 +void __cast6_encrypt(void *ctx, u8 *dst, const u8 *src);
132193 +void __cast6_decrypt(void *ctx, u8 *dst, const u8 *src);
132194
132195 #endif
132196 diff --git a/include/crypto/serpent.h b/include/crypto/serpent.h
132197 index b7e0941..1a1f67f 100644
132198 --- a/include/crypto/serpent.h
132199 +++ b/include/crypto/serpent.h
132200 @@ -21,7 +21,7 @@ int __serpent_setkey(struct serpent_ctx *ctx, const u8 *key,
132201 unsigned int keylen);
132202 int serpent_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen);
132203
132204 -void __serpent_encrypt(struct serpent_ctx *ctx, u8 *dst, const u8 *src);
132205 -void __serpent_decrypt(struct serpent_ctx *ctx, u8 *dst, const u8 *src);
132206 +void __serpent_encrypt(void *ctx, u8 *dst, const u8 *src);
132207 +void __serpent_decrypt(void *ctx, u8 *dst, const u8 *src);
132208
132209 #endif
132210 diff --git a/include/crypto/xts.h b/include/crypto/xts.h
132211 index ede6b97..1f5b11f 100644
132212 --- a/include/crypto/xts.h
132213 +++ b/include/crypto/xts.h
132214 @@ -21,7 +21,7 @@ struct xts_crypt_req {
132215 void (*crypt_fn)(void *ctx, u8 *blks, unsigned int nbytes);
132216 };
132217
132218 -#define XTS_TWEAK_CAST(x) ((void (*)(void *, u8*, const u8*))(x))
132219 +#define XTS_TWEAK_CAST(x) (x)
132220
132221 int xts_crypt(struct blkcipher_desc *desc, struct scatterlist *dst,
132222 struct scatterlist *src, unsigned int nbytes,
132223 diff --git a/include/drm/drmP.h b/include/drm/drmP.h
132224 index 988903a..88e6883 100644
132225 --- a/include/drm/drmP.h
132226 +++ b/include/drm/drmP.h
132227 @@ -60,6 +60,7 @@
132228
132229 #include <asm/mman.h>
132230 #include <asm/pgalloc.h>
132231 +#include <asm/local.h>
132232 #include <asm/uaccess.h>
132233
132234 #include <uapi/drm/drm.h>
132235 @@ -134,7 +135,7 @@ struct dma_buf_attachment;
132236 #define DRM_UT_ATOMIC 0x10
132237 #define DRM_UT_VBL 0x20
132238
132239 -extern __printf(2, 3)
132240 +extern __printf(2, 3) __nocapture(1)
132241 void drm_ut_debug_printk(const char *function_name,
132242 const char *format, ...);
132243 extern __printf(1, 2)
132244 @@ -247,10 +248,12 @@ void drm_err(const char *format, ...);
132245 * \param cmd command.
132246 * \param arg argument.
132247 */
132248 -typedef int drm_ioctl_t(struct drm_device *dev, void *data,
132249 +typedef int (* const drm_ioctl_t)(struct drm_device *dev, void *data,
132250 + struct drm_file *file_priv);
132251 +typedef int (* drm_ioctl_no_const_t)(struct drm_device *dev, void *data,
132252 struct drm_file *file_priv);
132253
132254 -typedef int drm_ioctl_compat_t(struct file *filp, unsigned int cmd,
132255 +typedef int (* const drm_ioctl_compat_t)(struct file *filp, unsigned int cmd,
132256 unsigned long arg);
132257
132258 #define DRM_IOCTL_NR(n) _IOC_NR(n)
132259 @@ -266,9 +269,9 @@ typedef int drm_ioctl_compat_t(struct file *filp, unsigned int cmd,
132260 struct drm_ioctl_desc {
132261 unsigned int cmd;
132262 int flags;
132263 - drm_ioctl_t *func;
132264 + drm_ioctl_t func;
132265 const char *name;
132266 -};
132267 +} __do_const;
132268
132269 /**
132270 * Creates a driver or general drm_ioctl_desc array entry for the given
132271 @@ -639,7 +642,8 @@ struct drm_driver {
132272
132273 /* List of devices hanging off this driver with stealth attach. */
132274 struct list_head legacy_dev_list;
132275 -};
132276 +} __do_const;
132277 +typedef struct drm_driver __no_const drm_driver_no_const;
132278
132279 enum drm_minor_type {
132280 DRM_MINOR_LEGACY,
132281 @@ -657,7 +661,8 @@ struct drm_info_list {
132282 int (*show)(struct seq_file*, void*); /** show callback */
132283 u32 driver_features; /**< Required driver features for this entry */
132284 void *data;
132285 -};
132286 +} __do_const;
132287 +typedef struct drm_info_list __no_const drm_info_list_no_const;
132288
132289 /**
132290 * debugfs node structure. This structure represents a debugfs file.
132291 @@ -718,7 +723,7 @@ struct drm_device {
132292
132293 /** \name Usage Counters */
132294 /*@{ */
132295 - int open_count; /**< Outstanding files open, protected by drm_global_mutex. */
132296 + local_t open_count; /**< Outstanding files open, protected by drm_global_mutex. */
132297 spinlock_t buf_lock; /**< For drm_device::buf_use and a few other things. */
132298 int buf_use; /**< Buffers in use -- cannot alloc */
132299 atomic_t buf_alloc; /**< Buffer allocation in progress */
132300 diff --git a/include/drm/drm_mm.h b/include/drm/drm_mm.h
132301 index fc65118..7d80068 100644
132302 --- a/include/drm/drm_mm.h
132303 +++ b/include/drm/drm_mm.h
132304 @@ -291,7 +291,7 @@ void drm_mm_remove_node(struct drm_mm_node *node);
132305 void drm_mm_replace_node(struct drm_mm_node *old, struct drm_mm_node *new);
132306 void drm_mm_init(struct drm_mm *mm,
132307 u64 start,
132308 - u64 size);
132309 + u64 size) __intentional_overflow(3);
132310 void drm_mm_takedown(struct drm_mm *mm);
132311 bool drm_mm_clean(struct drm_mm *mm);
132312
132313 diff --git a/include/drm/drm_modeset_helper_vtables.h b/include/drm/drm_modeset_helper_vtables.h
132314 index b55f218..0fe15f5 100644
132315 --- a/include/drm/drm_modeset_helper_vtables.h
132316 +++ b/include/drm/drm_modeset_helper_vtables.h
132317 @@ -638,7 +638,7 @@ struct drm_encoder_helper_funcs {
132318 int (*atomic_check)(struct drm_encoder *encoder,
132319 struct drm_crtc_state *crtc_state,
132320 struct drm_connector_state *conn_state);
132321 -};
132322 +} __no_const;
132323
132324 /**
132325 * drm_encoder_helper_add - sets the helper vtable for an encoder
132326 @@ -778,6 +778,7 @@ struct drm_connector_helper_funcs {
132327 struct drm_encoder *(*atomic_best_encoder)(struct drm_connector *connector,
132328 struct drm_connector_state *connector_state);
132329 };
132330 +typedef struct drm_connector_helper_funcs __no_const drm_connector_helper_funcs_no_const;
132331
132332 /**
132333 * drm_connector_helper_add - sets the helper vtable for a connector
132334 diff --git a/include/drm/i915_pciids.h b/include/drm/i915_pciids.h
132335 index 33466bf..3c53007 100644
132336 --- a/include/drm/i915_pciids.h
132337 +++ b/include/drm/i915_pciids.h
132338 @@ -37,7 +37,7 @@
132339 */
132340 #define INTEL_VGA_DEVICE(id, info) { \
132341 0x8086, id, \
132342 - ~0, ~0, \
132343 + PCI_ANY_ID, PCI_ANY_ID, \
132344 0x030000, 0xff0000, \
132345 (unsigned long) info }
132346
132347 diff --git a/include/drm/intel-gtt.h b/include/drm/intel-gtt.h
132348 index f49edec..e47b019 100644
132349 --- a/include/drm/intel-gtt.h
132350 +++ b/include/drm/intel-gtt.h
132351 @@ -3,8 +3,8 @@
132352 #ifndef _DRM_INTEL_GTT_H
132353 #define _DRM_INTEL_GTT_H
132354
132355 -void intel_gtt_get(u64 *gtt_total, size_t *stolen_size,
132356 - phys_addr_t *mappable_base, u64 *mappable_end);
132357 +void intel_gtt_get(u64 *gtt_total, u64 *stolen_size,
132358 + u64 *mappable_base, u64 *mappable_end);
132359
132360 int intel_gmch_probe(struct pci_dev *bridge_pdev, struct pci_dev *gpu_pdev,
132361 struct agp_bridge_data *bridge);
132362 diff --git a/include/drm/ttm/ttm_memory.h b/include/drm/ttm/ttm_memory.h
132363 index 72dcbe8..8db58d7 100644
132364 --- a/include/drm/ttm/ttm_memory.h
132365 +++ b/include/drm/ttm/ttm_memory.h
132366 @@ -48,7 +48,7 @@
132367
132368 struct ttm_mem_shrink {
132369 int (*do_shrink) (struct ttm_mem_shrink *);
132370 -};
132371 +} __no_const;
132372
132373 /**
132374 * struct ttm_mem_global - Global memory accounting structure.
132375 diff --git a/include/drm/ttm/ttm_page_alloc.h b/include/drm/ttm/ttm_page_alloc.h
132376 index 49a8284..9643967 100644
132377 --- a/include/drm/ttm/ttm_page_alloc.h
132378 +++ b/include/drm/ttm/ttm_page_alloc.h
132379 @@ -80,6 +80,7 @@ void ttm_dma_page_alloc_fini(void);
132380 */
132381 extern int ttm_dma_page_alloc_debugfs(struct seq_file *m, void *data);
132382
132383 +struct device;
132384 extern int ttm_dma_populate(struct ttm_dma_tt *ttm_dma, struct device *dev);
132385 extern void ttm_dma_unpopulate(struct ttm_dma_tt *ttm_dma, struct device *dev);
132386
132387 diff --git a/include/keys/asymmetric-subtype.h b/include/keys/asymmetric-subtype.h
132388 index 2480469..afcbfd4 100644
132389 --- a/include/keys/asymmetric-subtype.h
132390 +++ b/include/keys/asymmetric-subtype.h
132391 @@ -37,7 +37,7 @@ struct asymmetric_key_subtype {
132392 /* Verify the signature on a key of this subtype (optional) */
132393 int (*verify_signature)(const struct key *key,
132394 const struct public_key_signature *sig);
132395 -};
132396 +} __do_const;
132397
132398 /**
132399 * asymmetric_key_subtype - Get the subtype from an asymmetric key
132400 diff --git a/include/keys/encrypted-type.h b/include/keys/encrypted-type.h
132401 index 1d45413..377bc27 100644
132402 --- a/include/keys/encrypted-type.h
132403 +++ b/include/keys/encrypted-type.h
132404 @@ -15,7 +15,7 @@
132405 #ifndef _KEYS_ENCRYPTED_TYPE_H
132406 #define _KEYS_ENCRYPTED_TYPE_H
132407
132408 -#include <linux/key.h>
132409 +#include <linux/key-type.h>
132410 #include <linux/rcupdate.h>
132411
132412 struct encrypted_key_payload {
132413 diff --git a/include/keys/rxrpc-type.h b/include/keys/rxrpc-type.h
132414 index 5de0673..5e8f2c5 100644
132415 --- a/include/keys/rxrpc-type.h
132416 +++ b/include/keys/rxrpc-type.h
132417 @@ -12,7 +12,7 @@
132418 #ifndef _KEYS_RXRPC_TYPE_H
132419 #define _KEYS_RXRPC_TYPE_H
132420
132421 -#include <linux/key.h>
132422 +#include <linux/key-type.h>
132423
132424 /*
132425 * key type for AF_RXRPC keys
132426 diff --git a/include/keys/user-type.h b/include/keys/user-type.h
132427 index c56fef4..c9ebdc7 100644
132428 --- a/include/keys/user-type.h
132429 +++ b/include/keys/user-type.h
132430 @@ -12,7 +12,7 @@
132431 #ifndef _KEYS_USER_TYPE_H
132432 #define _KEYS_USER_TYPE_H
132433
132434 -#include <linux/key.h>
132435 +#include <linux/key-type.h>
132436 #include <linux/rcupdate.h>
132437
132438 #ifdef CONFIG_KEYS
132439 diff --git a/include/linux/atmdev.h b/include/linux/atmdev.h
132440 index c1da539..1dcec55 100644
132441 --- a/include/linux/atmdev.h
132442 +++ b/include/linux/atmdev.h
132443 @@ -28,7 +28,7 @@ struct compat_atm_iobuf {
132444 #endif
132445
132446 struct k_atm_aal_stats {
132447 -#define __HANDLE_ITEM(i) atomic_t i
132448 +#define __HANDLE_ITEM(i) atomic_unchecked_t i
132449 __AAL_STAT_ITEMS
132450 #undef __HANDLE_ITEM
132451 };
132452 @@ -200,7 +200,7 @@ struct atmdev_ops { /* only send is required */
132453 int (*change_qos)(struct atm_vcc *vcc,struct atm_qos *qos,int flags);
132454 int (*proc_read)(struct atm_dev *dev,loff_t *pos,char *page);
132455 struct module *owner;
132456 -};
132457 +} __do_const ;
132458
132459 struct atmphy_ops {
132460 int (*start)(struct atm_dev *dev);
132461 diff --git a/include/linux/atomic.h b/include/linux/atomic.h
132462 index e71835b..957f2d6 100644
132463 --- a/include/linux/atomic.h
132464 +++ b/include/linux/atomic.h
132465 @@ -72,6 +72,7 @@
132466 #define atomic_add_return_relaxed atomic_add_return
132467 #define atomic_add_return_acquire atomic_add_return
132468 #define atomic_add_return_release atomic_add_return
132469 +#define atomic_add_return_unchecked_relaxed atomic_add_return_unchecked
132470
132471 #else /* atomic_add_return_relaxed */
132472
132473 @@ -89,6 +90,11 @@
132474 #define atomic_add_return(...) \
132475 __atomic_op_fence(atomic_add_return, __VA_ARGS__)
132476 #endif
132477 +
132478 +#ifndef atomic_add_return_unchecked
132479 +#define atomic_add_return_unchecked(...) \
132480 + __atomic_op_fence(atomic_add_return_unchecked, __VA_ARGS__)
132481 +#endif
132482 #endif /* atomic_add_return_relaxed */
132483
132484 /* atomic_inc_return_relaxed */
132485 @@ -113,6 +119,11 @@
132486 #define atomic_inc_return(...) \
132487 __atomic_op_fence(atomic_inc_return, __VA_ARGS__)
132488 #endif
132489 +
132490 +#ifndef atomic_inc_return_unchecked
132491 +#define atomic_inc_return_unchecked(...) \
132492 + __atomic_op_fence(atomic_inc_return_unchecked, __VA_ARGS__)
132493 +#endif
132494 #endif /* atomic_inc_return_relaxed */
132495
132496 /* atomic_sub_return_relaxed */
132497 @@ -490,6 +501,10 @@
132498 #ifndef xchg
132499 #define xchg(...) __atomic_op_fence(xchg, __VA_ARGS__)
132500 #endif
132501 +
132502 +#ifndef xchg_unchecked
132503 +#define xchg_unchecked(...) __atomic_op_fence(xchg_unchecked, __VA_ARGS__)
132504 +#endif
132505 #endif /* xchg_relaxed */
132506
132507 /**
132508 @@ -501,7 +516,7 @@
132509 * Atomically adds @a to @v, so long as @v was not already @u.
132510 * Returns non-zero if @v was not @u, and zero otherwise.
132511 */
132512 -static inline int atomic_add_unless(atomic_t *v, int a, int u)
132513 +static inline int __intentional_overflow(-1) atomic_add_unless(atomic_t *v, int a, int u)
132514 {
132515 return __atomic_add_unless(v, a, u) != u;
132516 }
132517 @@ -618,7 +633,7 @@ static inline int atomic_dec_if_positive(atomic_t *v)
132518 dec = c - 1;
132519 if (unlikely(dec < 0))
132520 break;
132521 - old = atomic_cmpxchg((v), c, dec);
132522 + old = atomic_cmpxchg(v, c, dec);
132523 if (likely(old == c))
132524 break;
132525 c = old;
132526 @@ -661,6 +676,11 @@ static inline int atomic_dec_if_positive(atomic_t *v)
132527 #define atomic64_add_return(...) \
132528 __atomic_op_fence(atomic64_add_return, __VA_ARGS__)
132529 #endif
132530 +
132531 +#ifndef atomic64_add_return_unchecked
132532 +#define atomic64_add_return_unchecked(...) \
132533 + __atomic_op_fence(atomic64_add_return_unchecked, __VA_ARGS__)
132534 +#endif
132535 #endif /* atomic64_add_return_relaxed */
132536
132537 /* atomic64_inc_return_relaxed */
132538 @@ -685,6 +705,11 @@ static inline int atomic_dec_if_positive(atomic_t *v)
132539 #define atomic64_inc_return(...) \
132540 __atomic_op_fence(atomic64_inc_return, __VA_ARGS__)
132541 #endif
132542 +
132543 +#ifndef atomic64_inc_return_unchecked
132544 +#define atomic64_inc_return_unchecked(...) \
132545 + __atomic_op_fence(atomic64_inc_return_unchecked, __VA_ARGS__)
132546 +#endif
132547 #endif /* atomic64_inc_return_relaxed */
132548
132549
132550 @@ -970,6 +995,11 @@ static inline int atomic_dec_if_positive(atomic_t *v)
132551 #define atomic64_xchg(...) \
132552 __atomic_op_fence(atomic64_xchg, __VA_ARGS__)
132553 #endif
132554 +
132555 +#ifndef atomic64_xchg_unchecked
132556 +#define atomic64_xchg_unchecked(...) \
132557 + __atomic_op_fence(atomic64_xchg_unchecked, __VA_ARGS__)
132558 +#endif
132559 #endif /* atomic64_xchg_relaxed */
132560
132561 /* atomic64_cmpxchg_relaxed */
132562 @@ -994,6 +1024,11 @@ static inline int atomic_dec_if_positive(atomic_t *v)
132563 #define atomic64_cmpxchg(...) \
132564 __atomic_op_fence(atomic64_cmpxchg, __VA_ARGS__)
132565 #endif
132566 +
132567 +#ifndef atomic64_cmpxchg_unchecked
132568 +#define atomic64_cmpxchg_unchecked(...) \
132569 + __atomic_op_fence(atomic64_cmpxchg_unchecked, __VA_ARGS__)
132570 +#endif
132571 #endif /* atomic64_cmpxchg_relaxed */
132572
132573 #ifndef atomic64_andnot
132574 diff --git a/include/linux/audit.h b/include/linux/audit.h
132575 index 9d4443f..b0b3fef 100644
132576 --- a/include/linux/audit.h
132577 +++ b/include/linux/audit.h
132578 @@ -135,7 +135,7 @@ extern void audit_log_n_hex(struct audit_buffer *ab,
132579 size_t len);
132580 extern void audit_log_n_string(struct audit_buffer *ab,
132581 const char *buf,
132582 - size_t n);
132583 + size_t n) __nocapture(2);
132584 extern void audit_log_n_untrustedstring(struct audit_buffer *ab,
132585 const char *string,
132586 size_t n);
132587 @@ -333,7 +333,7 @@ static inline void audit_ptrace(struct task_struct *t)
132588 extern unsigned int audit_serial(void);
132589 extern int auditsc_get_stamp(struct audit_context *ctx,
132590 struct timespec *t, unsigned int *serial);
132591 -extern int audit_set_loginuid(kuid_t loginuid);
132592 +extern int __intentional_overflow(-1) audit_set_loginuid(kuid_t loginuid);
132593
132594 static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
132595 {
132596 @@ -552,7 +552,8 @@ static inline bool audit_loginuid_set(struct task_struct *tsk)
132597 return uid_valid(audit_get_loginuid(tsk));
132598 }
132599
132600 -static inline void audit_log_string(struct audit_buffer *ab, const char *buf)
132601 +static inline __nocapture(2)
132602 +void audit_log_string(struct audit_buffer *ab, const char *buf)
132603 {
132604 audit_log_n_string(ab, buf, strlen(buf));
132605 }
132606 diff --git a/include/linux/average.h b/include/linux/average.h
132607 index d04aa58..3de0da8 100644
132608 --- a/include/linux/average.h
132609 +++ b/include/linux/average.h
132610 @@ -36,7 +36,7 @@
132611 BUILD_BUG_ON_NOT_POWER_OF_2(_factor); \
132612 BUILD_BUG_ON_NOT_POWER_OF_2(_weight); \
132613 \
132614 - ACCESS_ONCE(e->internal) = internal ? \
132615 + ACCESS_ONCE_RW(e->internal) = internal ? \
132616 (((internal << weight) - internal) + \
132617 (val << factor)) >> weight : \
132618 (val << factor); \
132619 diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
132620 index 1303b57..c8196d8 100644
132621 --- a/include/linux/binfmts.h
132622 +++ b/include/linux/binfmts.h
132623 @@ -44,7 +44,7 @@ struct linux_binprm {
132624 unsigned interp_flags;
132625 unsigned interp_data;
132626 unsigned long loader, exec;
132627 -};
132628 +} __randomize_layout;
132629
132630 #define BINPRM_FLAGS_ENFORCE_NONDUMP_BIT 0
132631 #define BINPRM_FLAGS_ENFORCE_NONDUMP (1 << BINPRM_FLAGS_ENFORCE_NONDUMP_BIT)
132632 @@ -78,8 +78,10 @@ struct linux_binfmt {
132633 int (*load_binary)(struct linux_binprm *);
132634 int (*load_shlib)(struct file *);
132635 int (*core_dump)(struct coredump_params *cprm);
132636 + void (*handle_mprotect)(struct vm_area_struct *vma, unsigned long newflags);
132637 + void (*handle_mmap)(struct file *);
132638 unsigned long min_coredump; /* minimal dump size */
132639 -};
132640 +} __do_const __randomize_layout;
132641
132642 extern void __register_binfmt(struct linux_binfmt *fmt, int insert);
132643
132644 diff --git a/include/linux/bio.h b/include/linux/bio.h
132645 index 23ddf4b..9115ce0 100644
132646 --- a/include/linux/bio.h
132647 +++ b/include/linux/bio.h
132648 @@ -354,7 +354,7 @@ static inline void bip_set_seed(struct bio_integrity_payload *bip,
132649 #endif /* CONFIG_BLK_DEV_INTEGRITY */
132650
132651 extern void bio_trim(struct bio *bio, int offset, int size);
132652 -extern struct bio *bio_split(struct bio *bio, int sectors,
132653 +extern struct bio *bio_split(struct bio *bio, unsigned int sectors,
132654 gfp_t gfp, struct bio_set *bs);
132655
132656 /**
132657 @@ -367,7 +367,7 @@ extern struct bio *bio_split(struct bio *bio, int sectors,
132658 * Returns a bio representing the next @sectors of @bio - if the bio is smaller
132659 * than @sectors, returns the original bio unchanged.
132660 */
132661 -static inline struct bio *bio_next_split(struct bio *bio, int sectors,
132662 +static inline struct bio *bio_next_split(struct bio *bio, unsigned int sectors,
132663 gfp_t gfp, struct bio_set *bs)
132664 {
132665 if (sectors >= bio_sectors(bio))
132666 diff --git a/include/linux/bitmap.h b/include/linux/bitmap.h
132667 index 598bc99..bb8f339f 100644
132668 --- a/include/linux/bitmap.h
132669 +++ b/include/linux/bitmap.h
132670 @@ -308,7 +308,7 @@ static inline int bitmap_full(const unsigned long *src, unsigned int nbits)
132671 return find_first_zero_bit(src, nbits) == nbits;
132672 }
132673
132674 -static __always_inline int bitmap_weight(const unsigned long *src, unsigned int nbits)
132675 +static __always_inline int __intentional_overflow(-1) bitmap_weight(const unsigned long *src, unsigned int nbits)
132676 {
132677 if (small_const_nbits(nbits))
132678 return hweight_long(*src & BITMAP_LAST_WORD_MASK(nbits));
132679 diff --git a/include/linux/bitops.h b/include/linux/bitops.h
132680 index 299e76b..ef972c1 100644
132681 --- a/include/linux/bitops.h
132682 +++ b/include/linux/bitops.h
132683 @@ -75,7 +75,7 @@ static inline int get_count_order(unsigned int count)
132684 return order;
132685 }
132686
132687 -static __always_inline unsigned long hweight_long(unsigned long w)
132688 +static __always_inline unsigned long __intentional_overflow(-1) hweight_long(unsigned long w)
132689 {
132690 return sizeof(w) == 4 ? hweight32(w) : hweight64(w);
132691 }
132692 @@ -105,7 +105,7 @@ static inline __u64 ror64(__u64 word, unsigned int shift)
132693 * @word: value to rotate
132694 * @shift: bits to roll
132695 */
132696 -static inline __u32 rol32(__u32 word, unsigned int shift)
132697 +static inline __u32 __intentional_overflow(-1) rol32(__u32 word, unsigned int shift)
132698 {
132699 return (word << shift) | (word >> ((-shift) & 31));
132700 }
132701 @@ -115,7 +115,7 @@ static inline __u32 rol32(__u32 word, unsigned int shift)
132702 * @word: value to rotate
132703 * @shift: bits to roll
132704 */
132705 -static inline __u32 ror32(__u32 word, unsigned int shift)
132706 +static inline __u32 __intentional_overflow(-1) ror32(__u32 word, unsigned int shift)
132707 {
132708 return (word >> shift) | (word << (32 - shift));
132709 }
132710 @@ -184,7 +184,7 @@ static inline __s64 sign_extend64(__u64 value, int index)
132711 return (__s64)(value << shift) >> shift;
132712 }
132713
132714 -static inline unsigned fls_long(unsigned long l)
132715 +static inline unsigned __intentional_overflow(-1) fls_long(unsigned long l)
132716 {
132717 if (sizeof(l) == 4)
132718 return fls(l);
132719 diff --git a/include/linux/blk-cgroup.h b/include/linux/blk-cgroup.h
132720 index 10648e3..a230bec 100644
132721 --- a/include/linux/blk-cgroup.h
132722 +++ b/include/linux/blk-cgroup.h
132723 @@ -63,12 +63,12 @@ struct blkcg {
132724 */
132725 struct blkg_stat {
132726 struct percpu_counter cpu_cnt;
132727 - atomic64_t aux_cnt;
132728 + atomic64_unchecked_t aux_cnt;
132729 };
132730
132731 struct blkg_rwstat {
132732 struct percpu_counter cpu_cnt[BLKG_RWSTAT_NR];
132733 - atomic64_t aux_cnt[BLKG_RWSTAT_NR];
132734 + atomic64_unchecked_t aux_cnt[BLKG_RWSTAT_NR];
132735 };
132736
132737 /*
132738 @@ -508,7 +508,7 @@ static inline int blkg_stat_init(struct blkg_stat *stat, gfp_t gfp)
132739 if (ret)
132740 return ret;
132741
132742 - atomic64_set(&stat->aux_cnt, 0);
132743 + atomic64_set_unchecked(&stat->aux_cnt, 0);
132744 return 0;
132745 }
132746
132747 @@ -546,7 +546,7 @@ static inline uint64_t blkg_stat_read(struct blkg_stat *stat)
132748 static inline void blkg_stat_reset(struct blkg_stat *stat)
132749 {
132750 percpu_counter_set(&stat->cpu_cnt, 0);
132751 - atomic64_set(&stat->aux_cnt, 0);
132752 + atomic64_set_unchecked(&stat->aux_cnt, 0);
132753 }
132754
132755 /**
132756 @@ -559,7 +559,7 @@ static inline void blkg_stat_reset(struct blkg_stat *stat)
132757 static inline void blkg_stat_add_aux(struct blkg_stat *to,
132758 struct blkg_stat *from)
132759 {
132760 - atomic64_add(blkg_stat_read(from) + atomic64_read(&from->aux_cnt),
132761 + atomic64_add_unchecked(blkg_stat_read(from) + atomic64_read_unchecked(&from->aux_cnt),
132762 &to->aux_cnt);
132763 }
132764
132765 @@ -574,7 +574,7 @@ static inline int blkg_rwstat_init(struct blkg_rwstat *rwstat, gfp_t gfp)
132766 percpu_counter_destroy(&rwstat->cpu_cnt[i]);
132767 return ret;
132768 }
132769 - atomic64_set(&rwstat->aux_cnt[i], 0);
132770 + atomic64_set_unchecked(&rwstat->aux_cnt[i], 0);
132771 }
132772 return 0;
132773 }
132774 @@ -629,7 +629,7 @@ static inline struct blkg_rwstat blkg_rwstat_read(struct blkg_rwstat *rwstat)
132775 int i;
132776
132777 for (i = 0; i < BLKG_RWSTAT_NR; i++)
132778 - atomic64_set(&result.aux_cnt[i],
132779 + atomic64_set_unchecked(&result.aux_cnt[i],
132780 percpu_counter_sum_positive(&rwstat->cpu_cnt[i]));
132781 return result;
132782 }
132783 @@ -646,8 +646,8 @@ static inline uint64_t blkg_rwstat_total(struct blkg_rwstat *rwstat)
132784 {
132785 struct blkg_rwstat tmp = blkg_rwstat_read(rwstat);
132786
132787 - return atomic64_read(&tmp.aux_cnt[BLKG_RWSTAT_READ]) +
132788 - atomic64_read(&tmp.aux_cnt[BLKG_RWSTAT_WRITE]);
132789 + return atomic64_read_unchecked(&tmp.aux_cnt[BLKG_RWSTAT_READ]) +
132790 + atomic64_read_unchecked(&tmp.aux_cnt[BLKG_RWSTAT_WRITE]);
132791 }
132792
132793 /**
132794 @@ -660,7 +660,7 @@ static inline void blkg_rwstat_reset(struct blkg_rwstat *rwstat)
132795
132796 for (i = 0; i < BLKG_RWSTAT_NR; i++) {
132797 percpu_counter_set(&rwstat->cpu_cnt[i], 0);
132798 - atomic64_set(&rwstat->aux_cnt[i], 0);
132799 + atomic64_set_unchecked(&rwstat->aux_cnt[i], 0);
132800 }
132801 }
132802
132803 @@ -678,8 +678,8 @@ static inline void blkg_rwstat_add_aux(struct blkg_rwstat *to,
132804 int i;
132805
132806 for (i = 0; i < BLKG_RWSTAT_NR; i++)
132807 - atomic64_add(atomic64_read(&v.aux_cnt[i]) +
132808 - atomic64_read(&from->aux_cnt[i]),
132809 + atomic64_add_unchecked(atomic64_read_unchecked(&v.aux_cnt[i]) +
132810 + atomic64_read_unchecked(&from->aux_cnt[i]),
132811 &to->aux_cnt[i]);
132812 }
132813
132814 diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
132815 index e79055c..262f1ba 100644
132816 --- a/include/linux/blkdev.h
132817 +++ b/include/linux/blkdev.h
132818 @@ -1690,7 +1690,7 @@ struct block_device_operations {
132819 void (*swap_slot_free_notify) (struct block_device *, unsigned long);
132820 struct module *owner;
132821 const struct pr_ops *pr_ops;
132822 -};
132823 +} __do_const;
132824
132825 extern int __blkdev_driver_ioctl(struct block_device *, fmode_t, unsigned int,
132826 unsigned long);
132827 diff --git a/include/linux/blktrace_api.h b/include/linux/blktrace_api.h
132828 index cceb72f..c9f287a 100644
132829 --- a/include/linux/blktrace_api.h
132830 +++ b/include/linux/blktrace_api.h
132831 @@ -25,7 +25,7 @@ struct blk_trace {
132832 struct dentry *dropped_file;
132833 struct dentry *msg_file;
132834 struct list_head running_list;
132835 - atomic_t dropped;
132836 + atomic_unchecked_t dropped;
132837 };
132838
132839 extern int blk_trace_ioctl(struct block_device *, unsigned, char __user *);
132840 diff --git a/include/linux/cache.h b/include/linux/cache.h
132841 index 1be04f8..9c2d3e2 100644
132842 --- a/include/linux/cache.h
132843 +++ b/include/linux/cache.h
132844 @@ -26,6 +26,15 @@
132845 * after mark_rodata_ro() has been called). These are effectively read-only,
132846 * but may get written to during init, so can't live in .rodata (via "const").
132847 */
132848 +#ifdef CONFIG_PAX_KERNEXEC
132849 +# ifdef __ro_after_init
132850 +# error KERNEXEC requires __read_only
132851 +# endif
132852 +# define __read_only __attribute__((__section__(".data..read_only")))
132853 +#else
132854 +# define __read_only __read_mostly
132855 +#endif
132856 +
132857 #ifndef __ro_after_init
132858 #define __ro_after_init __attribute__((__section__(".data..ro_after_init")))
132859 #endif
132860 diff --git a/include/linux/capability.h b/include/linux/capability.h
132861 index dbc21c7..5b432a7 100644
132862 --- a/include/linux/capability.h
132863 +++ b/include/linux/capability.h
132864 @@ -231,6 +231,10 @@ static inline bool capable(int cap)
132865 {
132866 return true;
132867 }
132868 +static inline bool capable_nolog(int cap)
132869 +{
132870 + return true;
132871 +}
132872 static inline bool ns_capable(struct user_namespace *ns, int cap)
132873 {
132874 return true;
132875 @@ -241,9 +245,13 @@ static inline bool ns_capable_noaudit(struct user_namespace *ns, int cap)
132876 }
132877 #endif /* CONFIG_MULTIUSER */
132878 extern bool capable_wrt_inode_uidgid(const struct inode *inode, int cap);
132879 +extern bool capable_wrt_inode_uidgid_nolog(const struct inode *inode, int cap);
132880 extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
132881 +extern bool capable_nolog(int cap);
132882
132883 /* audit system wants to get cap info from files as well */
132884 extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
132885
132886 +extern int is_privileged_binary(const struct dentry *dentry);
132887 +
132888 #endif /* !_LINUX_CAPABILITY_H */
132889 diff --git a/include/linux/cdev.h b/include/linux/cdev.h
132890 index f876361..7c05fd9dd 100644
132891 --- a/include/linux/cdev.h
132892 +++ b/include/linux/cdev.h
132893 @@ -16,7 +16,7 @@ struct cdev {
132894 struct list_head list;
132895 dev_t dev;
132896 unsigned int count;
132897 -};
132898 +} __randomize_layout;
132899
132900 void cdev_init(struct cdev *, const struct file_operations *);
132901
132902 diff --git a/include/linux/cdrom.h b/include/linux/cdrom.h
132903 index 8609d57..86e4d79 100644
132904 --- a/include/linux/cdrom.h
132905 +++ b/include/linux/cdrom.h
132906 @@ -87,7 +87,6 @@ struct cdrom_device_ops {
132907
132908 /* driver specifications */
132909 const int capability; /* capability flags */
132910 - int n_minors; /* number of active minor devices */
132911 /* handle uniform packets for scsi type devices (scsi,atapi) */
132912 int (*generic_packet) (struct cdrom_device_info *,
132913 struct packet_command *);
132914 diff --git a/include/linux/cgroup-defs.h b/include/linux/cgroup-defs.h
132915 index 5b17de6..d75785b 100644
132916 --- a/include/linux/cgroup-defs.h
132917 +++ b/include/linux/cgroup-defs.h
132918 @@ -427,7 +427,7 @@ struct cftype {
132919 #ifdef CONFIG_DEBUG_LOCK_ALLOC
132920 struct lock_class_key lockdep_key;
132921 #endif
132922 -};
132923 +} __do_const;
132924
132925 /*
132926 * Control Group subsystem type.
132927 diff --git a/include/linux/cleancache.h b/include/linux/cleancache.h
132928 index fccf7f4..1d5925e 100644
132929 --- a/include/linux/cleancache.h
132930 +++ b/include/linux/cleancache.h
132931 @@ -35,7 +35,7 @@ struct cleancache_ops {
132932 void (*invalidate_page)(int, struct cleancache_filekey, pgoff_t);
132933 void (*invalidate_inode)(int, struct cleancache_filekey);
132934 void (*invalidate_fs)(int);
132935 -};
132936 +} __no_const;
132937
132938 extern int cleancache_register_ops(const struct cleancache_ops *ops);
132939 extern void __cleancache_init_fs(struct super_block *);
132940 diff --git a/include/linux/clk-provider.h b/include/linux/clk-provider.h
132941 index a39c0c5..1518828 100644
132942 --- a/include/linux/clk-provider.h
132943 +++ b/include/linux/clk-provider.h
132944 @@ -218,6 +218,7 @@ struct clk_ops {
132945 void (*init)(struct clk_hw *hw);
132946 int (*debug_init)(struct clk_hw *hw, struct dentry *dentry);
132947 };
132948 +typedef struct clk_ops __no_const clk_ops_no_const;
132949
132950 /**
132951 * struct clk_init_data - holds init data that's common to all clocks and is
132952 diff --git a/include/linux/compat.h b/include/linux/compat.h
132953 index f964ef7..0679632 100644
132954 --- a/include/linux/compat.h
132955 +++ b/include/linux/compat.h
132956 @@ -47,14 +47,15 @@
132957 COMPAT_SYSCALL_DEFINEx(6, _##name, __VA_ARGS__)
132958
132959 #define COMPAT_SYSCALL_DEFINEx(x, name, ...) \
132960 - asmlinkage long compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))\
132961 - __attribute__((alias(__stringify(compat_SyS##name)))); \
132962 static inline long C_SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__));\
132963 - asmlinkage long compat_SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__));\
132964 - asmlinkage long compat_SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__))\
132965 + static inline asmlinkage long compat_SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__))\
132966 { \
132967 return C_SYSC##name(__MAP(x,__SC_DELOUSE,__VA_ARGS__)); \
132968 } \
132969 + asmlinkage long compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))\
132970 + { \
132971 + return compat_SyS##name(__MAP(x,__SC_ARGS,__VA_ARGS__));\
132972 + } \
132973 static inline long C_SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__))
132974
132975 #ifndef compat_user_stack_pointer
132976 @@ -318,7 +319,7 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
132977 compat_size_t __user *len_ptr);
132978
132979 asmlinkage long compat_sys_ipc(u32, int, int, u32, compat_uptr_t, u32);
132980 -asmlinkage long compat_sys_shmat(int shmid, compat_uptr_t shmaddr, int shmflg);
132981 +asmlinkage long compat_sys_shmat(int shmid, compat_uptr_t shmaddr, int shmflg) __intentional_overflow(0);
132982 asmlinkage long compat_sys_semctl(int semid, int semnum, int cmd, int arg);
132983 asmlinkage long compat_sys_msgsnd(int msqid, compat_uptr_t msgp,
132984 compat_ssize_t msgsz, int msgflg);
132985 @@ -327,7 +328,7 @@ asmlinkage long compat_sys_msgrcv(int msqid, compat_uptr_t msgp,
132986 long compat_sys_msgctl(int first, int second, void __user *uptr);
132987 long compat_sys_shmctl(int first, int second, void __user *uptr);
132988 long compat_sys_semtimedop(int semid, struct sembuf __user *tsems,
132989 - unsigned nsems, const struct compat_timespec __user *timeout);
132990 + compat_long_t nsems, const struct compat_timespec __user *timeout);
132991 asmlinkage long compat_sys_keyctl(u32 option,
132992 u32 arg2, u32 arg3, u32 arg4, u32 arg5);
132993 asmlinkage long compat_sys_ustat(unsigned dev, struct compat_ustat __user *u32);
132994 @@ -447,7 +448,7 @@ extern int compat_ptrace_request(struct task_struct *child,
132995 extern long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
132996 compat_ulong_t addr, compat_ulong_t data);
132997 asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
132998 - compat_long_t addr, compat_long_t data);
132999 + compat_ulong_t addr, compat_ulong_t data);
133000
133001 asmlinkage long compat_sys_lookup_dcookie(u32, u32, char __user *, compat_size_t);
133002 /*
133003 diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
133004 index 573c5a1..b902c3f 100644
133005 --- a/include/linux/compiler-gcc.h
133006 +++ b/include/linux/compiler-gcc.h
133007 @@ -116,9 +116,9 @@
133008 */
133009 #define __pure __attribute__((pure))
133010 #define __aligned(x) __attribute__((aligned(x)))
133011 -#define __printf(a, b) __attribute__((format(printf, a, b)))
133012 -#define __scanf(a, b) __attribute__((format(scanf, a, b)))
133013 -#define __attribute_const__ __attribute__((__const__))
133014 +#define __printf(a, b) __attribute__((format(printf, a, b))) __nocapture(a, b)
133015 +#define __scanf(a, b) __attribute__((format(scanf, a, b))) __nocapture(a, b)
133016 +#define __attribute_const__ __attribute__((const))
133017 #define __maybe_unused __attribute__((unused))
133018 #define __always_unused __attribute__((unused))
133019
133020 @@ -185,9 +185,56 @@
133021 # define __compiletime_warning(message) __attribute__((warning(message)))
133022 # define __compiletime_error(message) __attribute__((error(message)))
133023 #endif /* __CHECKER__ */
133024 +
133025 +#define __alloc_size(...) __attribute((alloc_size(__VA_ARGS__)))
133026 +#define __bos(ptr, arg) __builtin_object_size((ptr), (arg))
133027 +#define __bos0(ptr) __bos((ptr), 0)
133028 +#define __bos1(ptr) __bos((ptr), 1)
133029 #endif /* GCC_VERSION >= 40300 */
133030
133031 #if GCC_VERSION >= 40500
133032 +
133033 +#ifdef RANDSTRUCT_PLUGIN
133034 +#define __randomize_layout __attribute__((randomize_layout))
133035 +#define __no_randomize_layout __attribute__((no_randomize_layout))
133036 +#endif
133037 +
133038 +#ifdef CONSTIFY_PLUGIN
133039 +#define __no_const __attribute__((no_const))
133040 +#define __do_const __attribute__((do_const))
133041 +#define const_cast(x) (*(typeof((typeof(x))0) *)&(x))
133042 +#endif
133043 +
133044 +#ifdef SIZE_OVERFLOW_PLUGIN
133045 +#define __size_overflow(...) __attribute__((size_overflow(__VA_ARGS__)))
133046 +#define __intentional_overflow(...) __attribute__((intentional_overflow(__VA_ARGS__)))
133047 +#endif
133048 +
133049 +#ifndef __CHECKER__
133050 +#ifdef LATENT_ENTROPY_PLUGIN
133051 +#define __latent_entropy __attribute__((latent_entropy))
133052 +#endif
133053 +#endif
133054 +
133055 +#ifdef INITIFY_PLUGIN
133056 +#define __nocapture(...) __attribute__((nocapture(__VA_ARGS__)))
133057 +#endif
133058 +
133059 +/*
133060 + * The initify gcc-plugin attempts to identify const arguments that are only
133061 + * used during init (see __init and __exit), so they can be moved to the
133062 + * .init.rodata/.exit.rodata section. If an argument is passed to a non-init
133063 + * function, it must normally be assumed that such an argument has been
133064 + * captured by that function and may be used in the future when .init/.exit has
133065 + * been unmapped from memory. In order to identify functions that are confirmed
133066 + * to not capture their arguments, the __nocapture() attribute is used so that
133067 + * initify can better identify candidate variables.
133068 + */
133069 +#ifdef INITIFY_PLUGIN
133070 +#define __nocapture(...) __attribute__((nocapture(__VA_ARGS__)))
133071 +#define __unverified_nocapture(...) __attribute__((unverified_nocapture(__VA_ARGS__)))
133072 +#endif
133073 +
133074 /*
133075 * Mark a position in code as unreachable. This can be used to
133076 * suppress control flow warnings after asm blocks that transfer
133077 diff --git a/include/linux/compiler.h b/include/linux/compiler.h
133078 index 6685698..688714d 100644
133079 --- a/include/linux/compiler.h
133080 +++ b/include/linux/compiler.h
133081 @@ -5,11 +5,14 @@
133082
133083 #ifdef __CHECKER__
133084 # define __user __attribute__((noderef, address_space(1)))
133085 +# define __force_user __force __user
133086 # define __kernel __attribute__((address_space(0)))
133087 +# define __force_kernel __force __kernel
133088 # define __safe __attribute__((safe))
133089 # define __force __attribute__((force))
133090 # define __nocast __attribute__((nocast))
133091 # define __iomem __attribute__((noderef, address_space(2)))
133092 +# define __force_iomem __force __iomem
133093 # define __must_hold(x) __attribute__((context(x,1,1)))
133094 # define __acquires(x) __attribute__((context(x,0,1)))
133095 # define __releases(x) __attribute__((context(x,1,0)))
133096 @@ -17,33 +20,76 @@
133097 # define __release(x) __context__(x,-1)
133098 # define __cond_lock(x,c) ((c) ? ({ __acquire(x); 1; }) : 0)
133099 # define __percpu __attribute__((noderef, address_space(3)))
133100 +# define __force_percpu __force __percpu
133101 #ifdef CONFIG_SPARSE_RCU_POINTER
133102 # define __rcu __attribute__((noderef, address_space(4)))
133103 +# define __force_rcu __force __rcu
133104 #else /* CONFIG_SPARSE_RCU_POINTER */
133105 # define __rcu
133106 +# define __force_rcu
133107 #endif /* CONFIG_SPARSE_RCU_POINTER */
133108 # define __private __attribute__((noderef))
133109 extern void __chk_user_ptr(const volatile void __user *);
133110 extern void __chk_io_ptr(const volatile void __iomem *);
133111 # define ACCESS_PRIVATE(p, member) (*((typeof((p)->member) __force *) &(p)->member))
133112 #else /* __CHECKER__ */
133113 -# define __user
133114 -# define __kernel
133115 +# ifdef CHECKER_PLUGIN
133116 +# ifdef CHECKER_PLUGIN_USER
133117 +//# define __user
133118 +//# define __force_user
133119 +//# define __kernel
133120 +//# define __force_kernel
133121 +# else
133122 +# define __user
133123 +# define __force_user
133124 +# define __kernel
133125 +# define __force_kernel
133126 +# endif
133127 +# ifdef CHECKER_PLUGIN_CONTEXT
133128 +# define __must_hold(x) __attribute__((context(#x,1,1)))
133129 +# define __acquires(x) __attribute__((context(#x,0,1)))
133130 +# define __releases(x) __attribute__((context(#x,1,0)))
133131 +# define __acquire(x) __context__(#x,1)
133132 +# define __release(x) __context__(#x,-1)
133133 +# define __cond_lock(x,c) ((c) ? ({ __acquire(x); 1; }) : 0)
133134 +# define __cond_unlock(x,c) ((c) ? ({ __release(x); 1; }) : 0)
133135 +# else
133136 +# define __must_hold(x)
133137 +# define __acquires(x)
133138 +# define __releases(x)
133139 +# define __acquire(x) (void)0
133140 +# define __release(x) (void)0
133141 +# define __cond_lock(x,c) (c)
133142 +# define __cond_unlock(x,c) (c)
133143 +# endif
133144 +# else
133145 +# ifdef STRUCTLEAK_PLUGIN
133146 +# define __user __attribute__((user))
133147 +# else
133148 +# define __user
133149 +# endif
133150 +# define __force_user
133151 +# define __kernel
133152 +# define __force_kernel
133153 +# define __must_hold(x)
133154 +# define __acquires(x)
133155 +# define __releases(x)
133156 +# define __acquire(x) (void)0
133157 +# define __release(x) (void)0
133158 +# define __cond_lock(x,c) (c)
133159 +# endif
133160 # define __safe
133161 # define __force
133162 # define __nocast
133163 # define __iomem
133164 +# define __force_iomem
133165 # define __chk_user_ptr(x) (void)0
133166 # define __chk_io_ptr(x) (void)0
133167 # define __builtin_warning(x, y...) (1)
133168 -# define __must_hold(x)
133169 -# define __acquires(x)
133170 -# define __releases(x)
133171 -# define __acquire(x) (void)0
133172 -# define __release(x) (void)0
133173 -# define __cond_lock(x,c) (c)
133174 # define __percpu
133175 +# define __force_percpu
133176 # define __rcu
133177 +# define __force_rcu
133178 # define __private
133179 # define ACCESS_PRIVATE(p, member) ((p)->member)
133180 #endif /* __CHECKER__ */
133181 @@ -200,29 +246,20 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
133182
133183 #include <uapi/linux/types.h>
133184
133185 -#define __READ_ONCE_SIZE \
133186 -({ \
133187 - switch (size) { \
133188 - case 1: *(__u8 *)res = *(volatile __u8 *)p; break; \
133189 - case 2: *(__u16 *)res = *(volatile __u16 *)p; break; \
133190 - case 4: *(__u32 *)res = *(volatile __u32 *)p; break; \
133191 - case 8: *(__u64 *)res = *(volatile __u64 *)p; break; \
133192 - default: \
133193 - barrier(); \
133194 - __builtin_memcpy((void *)res, (const void *)p, size); \
133195 - barrier(); \
133196 - } \
133197 -})
133198 -
133199 -static __always_inline
133200 -void __read_once_size(const volatile void *p, void *res, int size)
133201 -{
133202 - __READ_ONCE_SIZE;
133203 -}
133204 -
133205 #ifdef CONFIG_KASAN
133206 /*
133207 - * This function is not 'inline' because __no_sanitize_address confilcts
133208 + * Use READ_ONCE_NOCHECK() instead of READ_ONCE() if you need
133209 + * to hide memory access from KASAN.
133210 + */
133211 +#define READ_ONCE_NOCHECK(x) \
133212 +({ \
133213 + union { typeof(x) __val; char __c[sizeof(x)]; } __u; \
133214 + __read_once_size_nocheck(&(x), __u.__c, sizeof(x)); \
133215 + __u.__val; \
133216 +})
133217 +
133218 +/*
133219 + * This function is not 'inline' because __no_sanitize_address conflicts
133220 * with inlining. Attempt to inline it may cause a build failure.
133221 * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368
133222 * '__maybe_unused' allows us to avoid defined-but-not-used warnings.
133223 @@ -230,29 +267,20 @@ void __read_once_size(const volatile void *p, void *res, int size)
133224 static __no_sanitize_address __maybe_unused
133225 void __read_once_size_nocheck(const volatile void *p, void *res, int size)
133226 {
133227 - __READ_ONCE_SIZE;
133228 -}
133229 -#else
133230 -static __always_inline
133231 -void __read_once_size_nocheck(const volatile void *p, void *res, int size)
133232 -{
133233 - __READ_ONCE_SIZE;
133234 -}
133235 -#endif
133236 -
133237 -static __always_inline void __write_once_size(volatile void *p, void *res, int size)
133238 -{
133239 switch (size) {
133240 - case 1: *(volatile __u8 *)p = *(__u8 *)res; break;
133241 - case 2: *(volatile __u16 *)p = *(__u16 *)res; break;
133242 - case 4: *(volatile __u32 *)p = *(__u32 *)res; break;
133243 - case 8: *(volatile __u64 *)p = *(__u64 *)res; break;
133244 + case 1: *(__u8 *)res = *(const volatile __u8 *)p; break;
133245 + case 2: *(__u16 *)res = *(const volatile __u16 *)p; break;
133246 + case 4: *(__u32 *)res = *(const volatile __u32 *)p; break;
133247 + case 8: *(__u64 *)res = *(const volatile __u64 *)p; break;
133248 default:
133249 barrier();
133250 - __builtin_memcpy((void *)p, (const void *)res, size);
133251 + __builtin_memcpy(res, (const void *)p, size);
133252 barrier();
133253 }
133254 }
133255 +#else
133256 +#define READ_ONCE_NOCHECK(x) READ_ONCE(x)
133257 +#endif
133258
133259 /*
133260 * Prevent the compiler from merging or refetching reads or writes. The
133261 @@ -277,29 +305,15 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
133262 * required ordering.
133263 */
133264
133265 -#define __READ_ONCE(x, check) \
133266 -({ \
133267 - union { typeof(x) __val; char __c[1]; } __u; \
133268 - if (check) \
133269 - __read_once_size(&(x), __u.__c, sizeof(x)); \
133270 - else \
133271 - __read_once_size_nocheck(&(x), __u.__c, sizeof(x)); \
133272 - __u.__val; \
133273 +#define READ_ONCE(x) ({ \
133274 + typeof(x) __val = *(volatile typeof(x) *)&(x); \
133275 + __val; \
133276 })
133277 -#define READ_ONCE(x) __READ_ONCE(x, 1)
133278
133279 -/*
133280 - * Use READ_ONCE_NOCHECK() instead of READ_ONCE() if you need
133281 - * to hide memory access from KASAN.
133282 - */
133283 -#define READ_ONCE_NOCHECK(x) __READ_ONCE(x, 0)
133284 -
133285 -#define WRITE_ONCE(x, val) \
133286 -({ \
133287 - union { typeof(x) __val; char __c[1]; } __u = \
133288 - { .__val = (__force typeof(x)) (val) }; \
133289 - __write_once_size(&(x), __u.__c, sizeof(x)); \
133290 - __u.__val; \
133291 +#define WRITE_ONCE(x, val) ({ \
133292 + typeof(x) __val = (val); \
133293 + (x) = *(volatile typeof(x) *)&__val; \
133294 + __val; \
133295 })
133296
133297 #endif /* __KERNEL__ */
133298 @@ -406,6 +420,50 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
133299 # define __attribute_const__ /* unimplemented */
133300 #endif
133301
133302 +#ifndef __randomize_layout
133303 +# define __randomize_layout
133304 +#endif
133305 +
133306 +#ifndef __no_randomize_layout
133307 +# define __no_randomize_layout
133308 +#endif
133309 +
133310 +#ifndef __no_const
133311 +# define __no_const
133312 +#endif
133313 +
133314 +#ifndef __do_const
133315 +# define __do_const
133316 +#endif
133317 +
133318 +#ifndef __size_overflow
133319 +# define __size_overflow(...)
133320 +#endif
133321 +
133322 +#ifndef __intentional_overflow
133323 +# define __intentional_overflow(...)
133324 +#endif
133325 +
133326 +#ifndef __latent_entropy
133327 +# define __latent_entropy
133328 +#endif
133329 +
133330 +#ifndef __nocapture
133331 +# define __nocapture(...)
133332 +#endif
133333 +
133334 +#ifndef const_cast
133335 +# define const_cast(x) (x)
133336 +#endif
133337 +
133338 +#ifndef __nocapture
133339 +# define __nocapture(...)
133340 +#endif
133341 +
133342 +#ifndef __unverified_nocapture
133343 +# define __unverified_nocapture(...)
133344 +#endif
133345 +
133346 /*
133347 * Tell gcc if a function is cold. The compiler will assume any path
133348 * directly leading to the call is unlikely.
133349 @@ -415,6 +473,22 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
133350 #define __cold
133351 #endif
133352
133353 +#ifndef __alloc_size
133354 +#define __alloc_size(...)
133355 +#endif
133356 +
133357 +#ifndef __bos
133358 +#define __bos(ptr, arg)
133359 +#endif
133360 +
133361 +#ifndef __bos0
133362 +#define __bos0(ptr)
133363 +#endif
133364 +
133365 +#ifndef __bos1
133366 +#define __bos1(ptr)
133367 +#endif
133368 +
133369 /* Simple shorthand for a section definition */
133370 #ifndef __section
133371 # define __section(S) __attribute__ ((__section__(#S)))
133372 @@ -437,6 +511,8 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
133373 # define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b))
133374 #endif
133375
133376 +#define __type_is_unsigned(t) (__same_type((t)0, 0UL) || __same_type((t)0, 0U) || __same_type((t)0, (unsigned short)0) || __same_type((t)0, (unsigned char)0))
133377 +
133378 /* Is this type a native word size -- useful for atomic operations */
133379 #ifndef __native_word
133380 # define __native_word(t) (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long))
133381 @@ -516,8 +592,9 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
133382 */
133383 #define __ACCESS_ONCE(x) ({ \
133384 __maybe_unused typeof(x) __var = (__force typeof(x)) 0; \
133385 - (volatile typeof(x) *)&(x); })
133386 + (volatile const typeof(x) *)&(x); })
133387 #define ACCESS_ONCE(x) (*__ACCESS_ONCE(x))
133388 +#define ACCESS_ONCE_RW(x) (*(volatile typeof(x) *)&(x))
133389
133390 /**
133391 * lockless_dereference() - safely load a pointer for later dereference
133392 diff --git a/include/linux/configfs.h b/include/linux/configfs.h
133393 index d9d6a9d..489772c 100644
133394 --- a/include/linux/configfs.h
133395 +++ b/include/linux/configfs.h
133396 @@ -136,7 +136,7 @@ struct configfs_attribute {
133397 umode_t ca_mode;
133398 ssize_t (*show)(struct config_item *, char *);
133399 ssize_t (*store)(struct config_item *, const char *, size_t);
133400 -};
133401 +} __do_const;
133402
133403 #define CONFIGFS_ATTR(_pfx, _name) \
133404 static struct configfs_attribute _pfx##attr_##_name = { \
133405 diff --git a/include/linux/cpufreq.h b/include/linux/cpufreq.h
133406 index 32dc0cbd..6e18583 100644
133407 --- a/include/linux/cpufreq.h
133408 +++ b/include/linux/cpufreq.h
133409 @@ -237,10 +237,11 @@ __ATTR(_name, 0644, show_##_name, store_##_name)
133410 struct global_attr {
133411 struct attribute attr;
133412 ssize_t (*show)(struct kobject *kobj,
133413 - struct attribute *attr, char *buf);
133414 - ssize_t (*store)(struct kobject *a, struct attribute *b,
133415 + struct kobj_attribute *attr, char *buf);
133416 + ssize_t (*store)(struct kobject *a, struct kobj_attribute *b,
133417 const char *c, size_t count);
133418 };
133419 +typedef struct global_attr __no_const global_attr_no_const;
133420
133421 #define define_one_global_ro(_name) \
133422 static struct global_attr _name = \
133423 @@ -323,7 +324,7 @@ struct cpufreq_driver {
133424 /* platform specific boost support code */
133425 bool boost_enabled;
133426 int (*set_boost)(int state);
133427 -};
133428 +} __do_const;
133429
133430 /* flags */
133431 #define CPUFREQ_STICKY (1 << 0) /* driver isn't removed even if
133432 diff --git a/include/linux/cpuidle.h b/include/linux/cpuidle.h
133433 index bb31373..e85eb5f 100644
133434 --- a/include/linux/cpuidle.h
133435 +++ b/include/linux/cpuidle.h
133436 @@ -59,7 +59,8 @@ struct cpuidle_state {
133437 void (*enter_freeze) (struct cpuidle_device *dev,
133438 struct cpuidle_driver *drv,
133439 int index);
133440 -};
133441 +} __do_const;
133442 +typedef struct cpuidle_state __no_const cpuidle_state_no_const;
133443
133444 /* Idle State Flags */
133445 #define CPUIDLE_FLAG_COUPLED (0x02) /* state applies to multiple cpus */
133446 @@ -237,7 +238,7 @@ struct cpuidle_governor {
133447 void (*reflect) (struct cpuidle_device *dev, int index);
133448
133449 struct module *owner;
133450 -};
133451 +} __do_const;
133452
133453 #ifdef CONFIG_CPU_IDLE
133454 extern int cpuidle_register_governor(struct cpuidle_governor *gov);
133455 diff --git a/include/linux/cpumask.h b/include/linux/cpumask.h
133456 index da7fbf1..c2a221b 100644
133457 --- a/include/linux/cpumask.h
133458 +++ b/include/linux/cpumask.h
133459 @@ -131,17 +131,17 @@ static inline unsigned int cpumask_first(const struct cpumask *srcp)
133460 }
133461
133462 /* Valid inputs for n are -1 and 0. */
133463 -static inline unsigned int cpumask_next(int n, const struct cpumask *srcp)
133464 +static inline unsigned int __intentional_overflow(-1) cpumask_next(int n, const struct cpumask *srcp)
133465 {
133466 return n+1;
133467 }
133468
133469 -static inline unsigned int cpumask_next_zero(int n, const struct cpumask *srcp)
133470 +static inline unsigned int __intentional_overflow(-1) cpumask_next_zero(int n, const struct cpumask *srcp)
133471 {
133472 return n+1;
133473 }
133474
133475 -static inline unsigned int cpumask_next_and(int n,
133476 +static inline unsigned int __intentional_overflow(-1) cpumask_next_and(int n,
133477 const struct cpumask *srcp,
133478 const struct cpumask *andp)
133479 {
133480 @@ -185,7 +185,7 @@ static inline unsigned int cpumask_first(const struct cpumask *srcp)
133481 *
133482 * Returns >= nr_cpu_ids if no further cpus set.
133483 */
133484 -static inline unsigned int cpumask_next(int n, const struct cpumask *srcp)
133485 +static inline unsigned int __intentional_overflow(-1) cpumask_next(int n, const struct cpumask *srcp)
133486 {
133487 /* -1 is a legal arg here. */
133488 if (n != -1)
133489 @@ -200,7 +200,7 @@ static inline unsigned int cpumask_next(int n, const struct cpumask *srcp)
133490 *
133491 * Returns >= nr_cpu_ids if no further cpus unset.
133492 */
133493 -static inline unsigned int cpumask_next_zero(int n, const struct cpumask *srcp)
133494 +static inline unsigned int __intentional_overflow(-1) cpumask_next_zero(int n, const struct cpumask *srcp)
133495 {
133496 /* -1 is a legal arg here. */
133497 if (n != -1)
133498 @@ -208,7 +208,7 @@ static inline unsigned int cpumask_next_zero(int n, const struct cpumask *srcp)
133499 return find_next_zero_bit(cpumask_bits(srcp), nr_cpumask_bits, n+1);
133500 }
133501
133502 -int cpumask_next_and(int n, const struct cpumask *, const struct cpumask *);
133503 +int cpumask_next_and(int n, const struct cpumask *, const struct cpumask *) __intentional_overflow(-1);
133504 int cpumask_any_but(const struct cpumask *mask, unsigned int cpu);
133505 unsigned int cpumask_local_spread(unsigned int i, int node);
133506
133507 @@ -475,7 +475,7 @@ static inline bool cpumask_full(const struct cpumask *srcp)
133508 * cpumask_weight - Count of bits in *srcp
133509 * @srcp: the cpumask to count bits (< nr_cpu_ids) in.
133510 */
133511 -static inline unsigned int cpumask_weight(const struct cpumask *srcp)
133512 +static inline unsigned int __intentional_overflow(-1) cpumask_weight(const struct cpumask *srcp)
133513 {
133514 return bitmap_weight(cpumask_bits(srcp), nr_cpumask_bits);
133515 }
133516 diff --git a/include/linux/cred.h b/include/linux/cred.h
133517 index 257db64..a73cf86 100644
133518 --- a/include/linux/cred.h
133519 +++ b/include/linux/cred.h
133520 @@ -35,7 +35,7 @@ struct group_info {
133521 int nblocks;
133522 kgid_t small_block[NGROUPS_SMALL];
133523 kgid_t *blocks[0];
133524 -};
133525 +} __randomize_layout;
133526
133527 /**
133528 * get_group_info - Get a reference to a group info structure
133529 @@ -153,7 +153,7 @@ struct cred {
133530 struct user_namespace *user_ns; /* user_ns the caps and keyrings are relative to. */
133531 struct group_info *group_info; /* supplementary groups for euid/fsgid */
133532 struct rcu_head rcu; /* RCU deletion hook */
133533 -};
133534 +} __randomize_layout;
133535
133536 extern void __put_cred(struct cred *);
133537 extern void exit_creds(struct task_struct *);
133538 @@ -211,6 +211,9 @@ static inline void validate_creds_for_do_exit(struct task_struct *tsk)
133539 static inline void validate_process_creds(void)
133540 {
133541 }
133542 +static inline void validate_task_creds(struct task_struct *task)
133543 +{
133544 +}
133545 #endif
133546
133547 static inline bool cap_ambient_invariant_ok(const struct cred *cred)
133548 @@ -355,6 +358,7 @@ static inline void put_cred(const struct cred *_cred)
133549
133550 #define task_uid(task) (task_cred_xxx((task), uid))
133551 #define task_euid(task) (task_cred_xxx((task), euid))
133552 +#define task_securebits(task) (task_cred_xxx((task), securebits))
133553
133554 #define current_cred_xxx(xxx) \
133555 ({ \
133556 diff --git a/include/linux/crypto.h b/include/linux/crypto.h
133557 index 7cee555..65ead50 100644
133558 --- a/include/linux/crypto.h
133559 +++ b/include/linux/crypto.h
133560 @@ -510,7 +510,7 @@ struct cipher_tfm {
133561 const u8 *key, unsigned int keylen);
133562 void (*cit_encrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src);
133563 void (*cit_decrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src);
133564 -};
133565 +} __no_const;
133566
133567 struct compress_tfm {
133568 int (*cot_compress)(struct crypto_tfm *tfm,
133569 @@ -519,7 +519,7 @@ struct compress_tfm {
133570 int (*cot_decompress)(struct crypto_tfm *tfm,
133571 const u8 *src, unsigned int slen,
133572 u8 *dst, unsigned int *dlen);
133573 -};
133574 +} __no_const;
133575
133576 #define crt_ablkcipher crt_u.ablkcipher
133577 #define crt_blkcipher crt_u.blkcipher
133578 diff --git a/include/linux/ctype.h b/include/linux/ctype.h
133579 index 653589e..4ef254a 100644
133580 --- a/include/linux/ctype.h
133581 +++ b/include/linux/ctype.h
133582 @@ -56,7 +56,7 @@ static inline unsigned char __toupper(unsigned char c)
133583 * Fast implementation of tolower() for internal usage. Do not use in your
133584 * code.
133585 */
133586 -static inline char _tolower(const char c)
133587 +static inline unsigned char _tolower(const unsigned char c)
133588 {
133589 return c | 0x20;
133590 }
133591 diff --git a/include/linux/dcache.h b/include/linux/dcache.h
133592 index 5ff3e9a..fc6b872 100644
133593 --- a/include/linux/dcache.h
133594 +++ b/include/linux/dcache.h
133595 @@ -102,6 +102,9 @@ struct dentry {
133596 struct list_head d_lru; /* LRU list */
133597 wait_queue_head_t *d_wait; /* in-lookup ones only */
133598 };
133599 +#ifdef CONFIG_GRKERNSEC_CHROOT_RENAME
133600 + atomic_t chroot_refcnt; /* tracks use of directory in chroot */
133601 +#endif
133602 struct list_head d_child; /* child of parent list */
133603 struct list_head d_subdirs; /* our children */
133604 /*
133605 @@ -112,7 +115,7 @@ struct dentry {
133606 struct hlist_bl_node d_in_lookup_hash; /* only for in-lookup ones */
133607 struct rcu_head d_rcu;
133608 } d_u;
133609 -};
133610 +} __randomize_layout;
133611
133612 /*
133613 * dentry->d_lock spinlock nesting subclasses:
133614 @@ -279,7 +282,7 @@ extern struct dentry *__d_lookup_rcu(const struct dentry *parent,
133615
133616 static inline unsigned d_count(const struct dentry *dentry)
133617 {
133618 - return dentry->d_lockref.count;
133619 + return __lockref_read(&dentry->d_lockref);
133620 }
133621
133622 /*
133623 @@ -308,7 +311,7 @@ extern char *dentry_path(struct dentry *, char *, int);
133624 static inline struct dentry *dget_dlock(struct dentry *dentry)
133625 {
133626 if (dentry)
133627 - dentry->d_lockref.count++;
133628 + __lockref_inc(&dentry->d_lockref);
133629 return dentry;
133630 }
133631
133632 diff --git a/include/linux/debugfs.h b/include/linux/debugfs.h
133633 index 4d3f0d1..7713e0a 100644
133634 --- a/include/linux/debugfs.h
133635 +++ b/include/linux/debugfs.h
133636 @@ -139,6 +139,8 @@ struct dentry *debugfs_create_size_t(const char *name, umode_t mode,
133637 struct dentry *parent, size_t *value);
133638 struct dentry *debugfs_create_atomic_t(const char *name, umode_t mode,
133639 struct dentry *parent, atomic_t *value);
133640 +struct dentry *debugfs_create_atomic_unchecked_t(const char *name, umode_t mode,
133641 + struct dentry *parent, atomic_unchecked_t *value);
133642 struct dentry *debugfs_create_bool(const char *name, umode_t mode,
133643 struct dentry *parent, bool *value);
133644
133645 @@ -234,7 +236,7 @@ static inline void debugfs_use_file_finish(int srcu_idx)
133646 { }
133647
133648 #define DEFINE_DEBUGFS_ATTRIBUTE(__fops, __get, __set, __fmt) \
133649 - static const struct file_operations __fops = { 0 }
133650 + static const struct file_operations __fops = { }
133651
133652 static inline struct dentry *debugfs_rename(struct dentry *old_dir, struct dentry *old_dentry,
133653 struct dentry *new_dir, char *new_name)
133654 @@ -311,6 +313,12 @@ static inline struct dentry *debugfs_create_atomic_t(const char *name, umode_t m
133655 return ERR_PTR(-ENODEV);
133656 }
133657
133658 +static inline struct dentry *debugfs_create_atomic_unchecked_t(const char *name, umode_t mode,
133659 + struct dentry *parent, atomic_unchecked_t *value)
133660 +{
133661 + return ERR_PTR(-ENODEV);
133662 +}
133663 +
133664 static inline struct dentry *debugfs_create_bool(const char *name, umode_t mode,
133665 struct dentry *parent,
133666 bool *value)
133667 diff --git a/include/linux/decompress/mm.h b/include/linux/decompress/mm.h
133668 index 7925bf0..d5143d2 100644
133669 --- a/include/linux/decompress/mm.h
133670 +++ b/include/linux/decompress/mm.h
133671 @@ -77,7 +77,7 @@ static void free(void *where)
133672 * warnings when not needed (indeed large_malloc / large_free are not
133673 * needed by inflate */
133674
133675 -#define malloc(a) kmalloc(a, GFP_KERNEL)
133676 +#define malloc(a) kmalloc((a), GFP_KERNEL)
133677 #define free(a) kfree(a)
133678
133679 #define large_malloc(a) vmalloc(a)
133680 diff --git a/include/linux/devfreq.h b/include/linux/devfreq.h
133681 index 2de4e2e..510a09b8 100644
133682 --- a/include/linux/devfreq.h
133683 +++ b/include/linux/devfreq.h
133684 @@ -124,7 +124,7 @@ struct devfreq_governor {
133685 int (*get_target_freq)(struct devfreq *this, unsigned long *freq);
133686 int (*event_handler)(struct devfreq *devfreq,
133687 unsigned int event, void *data);
133688 -};
133689 +} __do_const;
133690
133691 /**
133692 * struct devfreq - Device devfreq structure
133693 diff --git a/include/linux/device.h b/include/linux/device.h
133694 index 38f0281..72e7b70 100644
133695 --- a/include/linux/device.h
133696 +++ b/include/linux/device.h
133697 @@ -346,7 +346,7 @@ struct subsys_interface {
133698 struct list_head node;
133699 int (*add_dev)(struct device *dev, struct subsys_interface *sif);
133700 void (*remove_dev)(struct device *dev, struct subsys_interface *sif);
133701 -};
133702 +} __do_const;
133703
133704 int subsys_interface_register(struct subsys_interface *sif);
133705 void subsys_interface_unregister(struct subsys_interface *sif);
133706 @@ -542,7 +542,7 @@ struct device_type {
133707 void (*release)(struct device *dev);
133708
133709 const struct dev_pm_ops *pm;
133710 -};
133711 +} __do_const;
133712
133713 /* interface for exporting device attributes */
133714 struct device_attribute {
133715 @@ -552,11 +552,12 @@ struct device_attribute {
133716 ssize_t (*store)(struct device *dev, struct device_attribute *attr,
133717 const char *buf, size_t count);
133718 };
133719 +typedef struct device_attribute __no_const device_attribute_no_const;
133720
133721 struct dev_ext_attribute {
133722 struct device_attribute attr;
133723 void *var;
133724 -};
133725 +} __do_const;
133726
133727 ssize_t device_show_ulong(struct device *dev, struct device_attribute *attr,
133728 char *buf);
133729 diff --git a/include/linux/dma-mapping.h b/include/linux/dma-mapping.h
133730 index dc69df0..d8db6b8 100644
133731 --- a/include/linux/dma-mapping.h
133732 +++ b/include/linux/dma-mapping.h
133733 @@ -114,7 +114,7 @@ struct dma_map_ops {
133734 u64 (*get_required_mask)(struct device *dev);
133735 #endif
133736 int is_phys;
133737 -};
133738 +} __do_const;
133739
133740 extern struct dma_map_ops dma_noop_ops;
133741
133742 diff --git a/include/linux/efi.h b/include/linux/efi.h
133743 index 0148a30..6f9e494 100644
133744 --- a/include/linux/efi.h
133745 +++ b/include/linux/efi.h
133746 @@ -1134,6 +1134,7 @@ struct efivar_operations {
133747 efi_set_variable_t *set_variable_nonblocking;
133748 efi_query_variable_store_t *query_variable_store;
133749 };
133750 +typedef struct efivar_operations __no_const efivar_operations_no_const;
133751
133752 struct efivars {
133753 /*
133754 diff --git a/include/linux/elf.h b/include/linux/elf.h
133755 index 20fa8d8..3d0dd18 100644
133756 --- a/include/linux/elf.h
133757 +++ b/include/linux/elf.h
133758 @@ -29,6 +29,7 @@ extern Elf32_Dyn _DYNAMIC [];
133759 #define elf_note elf32_note
133760 #define elf_addr_t Elf32_Off
133761 #define Elf_Half Elf32_Half
133762 +#define elf_dyn Elf32_Dyn
133763
133764 #else
133765
133766 @@ -39,6 +40,7 @@ extern Elf64_Dyn _DYNAMIC [];
133767 #define elf_note elf64_note
133768 #define elf_addr_t Elf64_Off
133769 #define Elf_Half Elf64_Half
133770 +#define elf_dyn Elf64_Dyn
133771
133772 #endif
133773
133774 diff --git a/include/linux/err.h b/include/linux/err.h
133775 index 1e35588..ce9721b 100644
133776 --- a/include/linux/err.h
133777 +++ b/include/linux/err.h
133778 @@ -20,12 +20,12 @@
133779
133780 #define IS_ERR_VALUE(x) unlikely((unsigned long)(void *)(x) >= (unsigned long)-MAX_ERRNO)
133781
133782 -static inline void * __must_check ERR_PTR(long error)
133783 +static inline void * __must_check __intentional_overflow(-1) ERR_PTR(long error)
133784 {
133785 return (void *) error;
133786 }
133787
133788 -static inline long __must_check PTR_ERR(__force const void *ptr)
133789 +static inline long __must_check __intentional_overflow(-1) PTR_ERR(__force const void *ptr)
133790 {
133791 return (long) ptr;
133792 }
133793 diff --git a/include/linux/ethtool.h b/include/linux/ethtool.h
133794 index 9ded8c6..e11a2457 100644
133795 --- a/include/linux/ethtool.h
133796 +++ b/include/linux/ethtool.h
133797 @@ -373,4 +373,5 @@ struct ethtool_ops {
133798 int (*set_link_ksettings)(struct net_device *,
133799 const struct ethtool_link_ksettings *);
133800 };
133801 +typedef struct ethtool_ops __no_const ethtool_ops_no_const;
133802 #endif /* _LINUX_ETHTOOL_H */
133803 diff --git a/include/linux/extcon.h b/include/linux/extcon.h
133804 index 6100441..15b9e72 100644
133805 --- a/include/linux/extcon.h
133806 +++ b/include/linux/extcon.h
133807 @@ -123,7 +123,7 @@ struct extcon_dev {
133808 /* /sys/class/extcon/.../mutually_exclusive/... */
133809 struct attribute_group attr_g_muex;
133810 struct attribute **attrs_muex;
133811 - struct device_attribute *d_attrs_muex;
133812 + device_attribute_no_const *d_attrs_muex;
133813 };
133814
133815 #if IS_ENABLED(CONFIG_EXTCON)
133816 diff --git a/include/linux/fb.h b/include/linux/fb.h
133817 index a964d07..09bf71f 100644
133818 --- a/include/linux/fb.h
133819 +++ b/include/linux/fb.h
133820 @@ -320,7 +320,8 @@ struct fb_ops {
133821 /* called at KDB enter and leave time to prepare the console */
133822 int (*fb_debug_enter)(struct fb_info *info);
133823 int (*fb_debug_leave)(struct fb_info *info);
133824 -};
133825 +} __do_const;
133826 +typedef struct fb_ops __no_const fb_ops_no_const;
133827
133828 #ifdef CONFIG_FB_TILEBLITTING
133829 #define FB_TILE_CURSOR_NONE 0
133830 diff --git a/include/linux/fdtable.h b/include/linux/fdtable.h
133831 index 5295535..9852c7e 100644
133832 --- a/include/linux/fdtable.h
133833 +++ b/include/linux/fdtable.h
133834 @@ -105,7 +105,7 @@ struct files_struct *get_files_struct(struct task_struct *);
133835 void put_files_struct(struct files_struct *fs);
133836 void reset_files_struct(struct files_struct *);
133837 int unshare_files(struct files_struct **);
133838 -struct files_struct *dup_fd(struct files_struct *, int *);
133839 +struct files_struct *dup_fd(struct files_struct *, int *) __latent_entropy;
133840 void do_close_on_exec(struct files_struct *);
133841 int iterate_fd(struct files_struct *, unsigned,
133842 int (*)(const void *, struct file *, unsigned),
133843 diff --git a/include/linux/firewire.h b/include/linux/firewire.h
133844 index d4b7683..9feb066 100644
133845 --- a/include/linux/firewire.h
133846 +++ b/include/linux/firewire.h
133847 @@ -451,7 +451,7 @@ struct fw_iso_context {
133848
133849 struct fw_iso_context *fw_iso_context_create(struct fw_card *card,
133850 int type, int channel, int speed, size_t header_size,
133851 - fw_iso_callback_t callback, void *callback_data);
133852 + void *callback, void *callback_data);
133853 int fw_iso_context_set_channels(struct fw_iso_context *ctx, u64 *channels);
133854 int fw_iso_context_queue(struct fw_iso_context *ctx,
133855 struct fw_iso_packet *packet,
133856 diff --git a/include/linux/fs.h b/include/linux/fs.h
133857 index 7c39136..69c438a 100644
133858 --- a/include/linux/fs.h
133859 +++ b/include/linux/fs.h
133860 @@ -328,7 +328,7 @@ struct kiocb {
133861 void (*ki_complete)(struct kiocb *iocb, long ret, long ret2);
133862 void *private;
133863 int ki_flags;
133864 -};
133865 +} __randomize_layout;
133866
133867 static inline bool is_sync_kiocb(struct kiocb *kiocb)
133868 {
133869 @@ -444,7 +444,7 @@ struct address_space {
133870 spinlock_t private_lock; /* for use by the address_space */
133871 struct list_head private_list; /* ditto */
133872 void *private_data; /* ditto */
133873 -} __attribute__((aligned(sizeof(long))));
133874 +} __attribute__((aligned(sizeof(long)))) __randomize_layout;
133875 /*
133876 * On most architectures that alignment is already the case; but
133877 * must be enforced here for CRIS, to let the least significant bit
133878 @@ -486,7 +486,7 @@ struct block_device {
133879 int bd_fsfreeze_count;
133880 /* Mutex for freeze */
133881 struct mutex bd_fsfreeze_mutex;
133882 -};
133883 +} __randomize_layout;
133884
133885 /*
133886 * Radix-tree tags, for tagging dirty and writeback pages within the pagecache
133887 @@ -700,7 +700,7 @@ struct inode {
133888 #endif
133889
133890 void *i_private; /* fs or device private pointer */
133891 -};
133892 +} __randomize_layout;
133893
133894 static inline int inode_unhashed(struct inode *inode)
133895 {
133896 @@ -910,7 +910,7 @@ struct file {
133897 struct list_head f_tfile_llink;
133898 #endif /* #ifdef CONFIG_EPOLL */
133899 struct address_space *f_mapping;
133900 -} __attribute__((aligned(4))); /* lest something weird decides that 2 is OK */
133901 +} __attribute__((aligned(4))) __randomize_layout; /* lest something weird decides that 2 is OK */
133902
133903 struct file_handle {
133904 __u32 handle_bytes;
133905 @@ -1045,7 +1045,7 @@ struct file_lock {
133906 int state; /* state of grant or error if -ve */
133907 } afs;
133908 } fl_u;
133909 -};
133910 +} __randomize_layout;
133911
133912 struct file_lock_context {
133913 spinlock_t flc_lock;
133914 @@ -1432,7 +1432,7 @@ struct super_block {
133915
133916 spinlock_t s_inode_wblist_lock;
133917 struct list_head s_inodes_wb; /* writeback inodes */
133918 -};
133919 +} __randomize_layout;
133920
133921 /* Helper functions so that in most cases filesystems will
133922 * not need to deal directly with kuid_t and kgid_t and can
133923 @@ -1716,7 +1716,8 @@ struct file_operations {
133924 u64);
133925 ssize_t (*dedupe_file_range)(struct file *, u64, u64, struct file *,
133926 u64);
133927 -};
133928 +} __do_const __randomize_layout;
133929 +typedef struct file_operations __no_const file_operations_no_const;
133930
133931 struct inode_operations {
133932 struct dentry * (*lookup) (struct inode *,struct dentry *, unsigned int);
133933 @@ -2440,12 +2441,12 @@ static inline void bd_unlink_disk_holder(struct block_device *bdev,
133934 #define CHRDEV_MAJOR_HASH_SIZE 255
133935 /* Marks the bottom of the first segment of free char majors */
133936 #define CHRDEV_MAJOR_DYN_END 234
133937 -extern int alloc_chrdev_region(dev_t *, unsigned, unsigned, const char *);
133938 +extern __nocapture(4) int alloc_chrdev_region(dev_t *, unsigned, unsigned, const char *);
133939 extern int register_chrdev_region(dev_t, unsigned, const char *);
133940 extern int __register_chrdev(unsigned int major, unsigned int baseminor,
133941 unsigned int count, const char *name,
133942 const struct file_operations *fops);
133943 -extern void __unregister_chrdev(unsigned int major, unsigned int baseminor,
133944 +extern __nocapture(4) void __unregister_chrdev(unsigned int major, unsigned int baseminor,
133945 unsigned int count, const char *name);
133946 extern void unregister_chrdev_region(dev_t, unsigned);
133947 extern void chrdev_show(struct seq_file *,off_t);
133948 @@ -3193,4 +3194,14 @@ static inline bool dir_relax_shared(struct inode *inode)
133949 extern bool path_noexec(const struct path *path);
133950 extern void inode_nohighmem(struct inode *inode);
133951
133952 +static inline bool is_sidechannel_device(const struct inode *inode)
133953 +{
133954 +#ifdef CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL
133955 + umode_t mode = inode->i_mode;
133956 + return ((S_ISCHR(mode) || S_ISBLK(mode)) && (mode & (S_IROTH | S_IWOTH)));
133957 +#else
133958 + return false;
133959 +#endif
133960 +}
133961 +
133962 #endif /* _LINUX_FS_H */
133963 diff --git a/include/linux/fs_struct.h b/include/linux/fs_struct.h
133964 index 0efc3e6..fd23610 100644
133965 --- a/include/linux/fs_struct.h
133966 +++ b/include/linux/fs_struct.h
133967 @@ -6,13 +6,13 @@
133968 #include <linux/seqlock.h>
133969
133970 struct fs_struct {
133971 - int users;
133972 + atomic_t users;
133973 spinlock_t lock;
133974 seqcount_t seq;
133975 int umask;
133976 int in_exec;
133977 struct path root, pwd;
133978 -};
133979 +} __randomize_layout;
133980
133981 extern struct kmem_cache *fs_cachep;
133982
133983 diff --git a/include/linux/fscache-cache.h b/include/linux/fscache-cache.h
133984 index 13ba552..c4db760 100644
133985 --- a/include/linux/fscache-cache.h
133986 +++ b/include/linux/fscache-cache.h
133987 @@ -117,7 +117,7 @@ struct fscache_operation {
133988 fscache_operation_release_t release;
133989 };
133990
133991 -extern atomic_t fscache_op_debug_id;
133992 +extern atomic_unchecked_t fscache_op_debug_id;
133993 extern void fscache_op_work_func(struct work_struct *work);
133994
133995 extern void fscache_enqueue_operation(struct fscache_operation *);
133996 diff --git a/include/linux/fscache.h b/include/linux/fscache.h
133997 index 115bb81..e7b812b 100644
133998 --- a/include/linux/fscache.h
133999 +++ b/include/linux/fscache.h
134000 @@ -152,7 +152,7 @@ struct fscache_cookie_def {
134001 * - this is mandatory for any object that may have data
134002 */
134003 void (*now_uncached)(void *cookie_netfs_data);
134004 -};
134005 +} __do_const;
134006
134007 /*
134008 * fscache cached network filesystem type
134009 diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
134010 index eed9e85..21238db 100644
134011 --- a/include/linux/fsnotify.h
134012 +++ b/include/linux/fsnotify.h
134013 @@ -176,6 +176,9 @@ static inline void fsnotify_access(struct file *file)
134014 struct inode *inode = file_inode(file);
134015 __u32 mask = FS_ACCESS;
134016
134017 + if (is_sidechannel_device(inode))
134018 + return;
134019 +
134020 if (S_ISDIR(inode->i_mode))
134021 mask |= FS_ISDIR;
134022
134023 @@ -194,6 +197,9 @@ static inline void fsnotify_modify(struct file *file)
134024 struct inode *inode = file_inode(file);
134025 __u32 mask = FS_MODIFY;
134026
134027 + if (is_sidechannel_device(inode))
134028 + return;
134029 +
134030 if (S_ISDIR(inode->i_mode))
134031 mask |= FS_ISDIR;
134032
134033 @@ -296,7 +302,7 @@ static inline void fsnotify_change(struct dentry *dentry, unsigned int ia_valid)
134034 */
134035 static inline const unsigned char *fsnotify_oldname_init(const unsigned char *name)
134036 {
134037 - return kstrdup(name, GFP_KERNEL);
134038 + return (const unsigned char *)kstrdup((const char *)name, GFP_KERNEL);
134039 }
134040
134041 /*
134042 diff --git a/include/linux/genhd.h b/include/linux/genhd.h
134043 index 1dbf52f..b698a75 100644
134044 --- a/include/linux/genhd.h
134045 +++ b/include/linux/genhd.h
134046 @@ -208,7 +208,7 @@ struct gendisk {
134047 struct kobject *slave_dir;
134048
134049 struct timer_rand_state *random;
134050 - atomic_t sync_io; /* RAID */
134051 + atomic_unchecked_t sync_io; /* RAID */
134052 struct disk_events *ev;
134053 #ifdef CONFIG_BLK_DEV_INTEGRITY
134054 struct kobject integrity_kobj;
134055 @@ -437,7 +437,7 @@ extern void disk_flush_events(struct gendisk *disk, unsigned int mask);
134056 extern unsigned int disk_clear_events(struct gendisk *disk, unsigned int mask);
134057
134058 /* drivers/char/random.c */
134059 -extern void add_disk_randomness(struct gendisk *disk);
134060 +extern void add_disk_randomness(struct gendisk *disk) __latent_entropy;
134061 extern void rand_initialize_disk(struct gendisk *disk);
134062
134063 static inline sector_t get_start_sect(struct block_device *bdev)
134064 diff --git a/include/linux/genl_magic_func.h b/include/linux/genl_magic_func.h
134065 index 667c311..abac2a7 100644
134066 --- a/include/linux/genl_magic_func.h
134067 +++ b/include/linux/genl_magic_func.h
134068 @@ -246,7 +246,7 @@ const char *CONCAT_(GENL_MAGIC_FAMILY, _genl_cmd_to_str)(__u8 cmd)
134069 },
134070
134071 #define ZZZ_genl_ops CONCAT_(GENL_MAGIC_FAMILY, _genl_ops)
134072 -static struct genl_ops ZZZ_genl_ops[] __read_mostly = {
134073 +static struct genl_ops ZZZ_genl_ops[] = {
134074 #include GENL_MAGIC_INCLUDE_FILE
134075 };
134076
134077 diff --git a/include/linux/genl_magic_struct.h b/include/linux/genl_magic_struct.h
134078 index 6270a56..ddda3ac 100644
134079 --- a/include/linux/genl_magic_struct.h
134080 +++ b/include/linux/genl_magic_struct.h
134081 @@ -81,8 +81,8 @@ static inline int nla_put_u64_0pad(struct sk_buff *skb, int attrtype, u64 value)
134082 __field(attr_nr, attr_flag, name, NLA_U32, __u32, \
134083 nla_get_u32, nla_put_u32, false)
134084 #define __s32_field(attr_nr, attr_flag, name) \
134085 - __field(attr_nr, attr_flag, name, NLA_U32, __s32, \
134086 - nla_get_u32, nla_put_u32, true)
134087 + __field(attr_nr, attr_flag, name, NLA_S32, __s32, \
134088 + nla_get_s32, nla_put_s32, true)
134089 #define __u64_field(attr_nr, attr_flag, name) \
134090 __field(attr_nr, attr_flag, name, NLA_U64, __u64, \
134091 nla_get_u64, nla_put_u64_0pad, false)
134092 diff --git a/include/linux/gfp.h b/include/linux/gfp.h
134093 index f8041f9de..593a07b 100644
134094 --- a/include/linux/gfp.h
134095 +++ b/include/linux/gfp.h
134096 @@ -41,6 +41,13 @@ struct vm_area_struct;
134097 #define ___GFP_OTHER_NODE 0x800000u
134098 #define ___GFP_WRITE 0x1000000u
134099 #define ___GFP_KSWAPD_RECLAIM 0x2000000u
134100 +
134101 +#ifdef CONFIG_PAX_USERCOPY
134102 +#define ___GFP_USERCOPY 0x4000000u
134103 +#else
134104 +#define ___GFP_USERCOPY 0
134105 +#endif
134106 +
134107 /* If the above are modified, __GFP_BITS_SHIFT may need updating */
134108
134109 /*
134110 @@ -79,12 +86,15 @@ struct vm_area_struct;
134111 * node with no fallbacks or placement policy enforcements.
134112 *
134113 * __GFP_ACCOUNT causes the allocation to be accounted to kmemcg.
134114 + *
134115 + * __GFP_USERCOPY indicates that the page will be copied to/from userland
134116 */
134117 #define __GFP_RECLAIMABLE ((__force gfp_t)___GFP_RECLAIMABLE)
134118 #define __GFP_WRITE ((__force gfp_t)___GFP_WRITE)
134119 #define __GFP_HARDWALL ((__force gfp_t)___GFP_HARDWALL)
134120 #define __GFP_THISNODE ((__force gfp_t)___GFP_THISNODE)
134121 #define __GFP_ACCOUNT ((__force gfp_t)___GFP_ACCOUNT)
134122 +#define __GFP_USERCOPY ((__force gfp_t)___GFP_USERCOPY)
134123
134124 /*
134125 * Watermark modifiers -- controls access to emergency reserves
134126 @@ -187,7 +197,7 @@ struct vm_area_struct;
134127 #define __GFP_OTHER_NODE ((__force gfp_t)___GFP_OTHER_NODE)
134128
134129 /* Room for N __GFP_FOO bits */
134130 -#define __GFP_BITS_SHIFT 26
134131 +#define __GFP_BITS_SHIFT 27
134132 #define __GFP_BITS_MASK ((__force gfp_t)((1 << __GFP_BITS_SHIFT) - 1))
134133
134134 /*
134135 @@ -260,6 +270,8 @@ struct vm_area_struct;
134136 __GFP_NOMEMALLOC | __GFP_NOWARN) & ~__GFP_RECLAIM)
134137 #define GFP_TRANSHUGE (GFP_TRANSHUGE_LIGHT | __GFP_DIRECT_RECLAIM)
134138
134139 +#define GFP_USERCOPY __GFP_USERCOPY
134140 +
134141 /* Convert GFP flags to their corresponding migrate type */
134142 #define GFP_MOVABLE_MASK (__GFP_RECLAIMABLE|__GFP_MOVABLE)
134143 #define GFP_MOVABLE_SHIFT 3
134144 @@ -516,7 +528,7 @@ extern void __free_page_frag(void *addr);
134145 void page_alloc_init(void);
134146 void drain_zone_pages(struct zone *zone, struct per_cpu_pages *pcp);
134147 void drain_all_pages(struct zone *zone);
134148 -void drain_local_pages(struct zone *zone);
134149 +void drain_local_pages(void *zone);
134150
134151 void page_alloc_init_late(void);
134152
134153 diff --git a/include/linux/gracl.h b/include/linux/gracl.h
134154 new file mode 100644
134155 index 0000000..a3c4df7
134156 --- /dev/null
134157 +++ b/include/linux/gracl.h
134158 @@ -0,0 +1,342 @@
134159 +#ifndef GR_ACL_H
134160 +#define GR_ACL_H
134161 +
134162 +#include <linux/grdefs.h>
134163 +#include <linux/resource.h>
134164 +#include <linux/capability.h>
134165 +#include <linux/dcache.h>
134166 +#include <asm/resource.h>
134167 +
134168 +/* Major status information */
134169 +
134170 +#define GR_VERSION "grsecurity 3.1"
134171 +#define GRSECURITY_VERSION 0x3100
134172 +
134173 +enum {
134174 + GR_SHUTDOWN = 0,
134175 + GR_ENABLE = 1,
134176 + GR_SPROLE = 2,
134177 + GR_OLDRELOAD = 3,
134178 + GR_SEGVMOD = 4,
134179 + GR_STATUS = 5,
134180 + GR_UNSPROLE = 6,
134181 + GR_PASSSET = 7,
134182 + GR_SPROLEPAM = 8,
134183 + GR_RELOAD = 9,
134184 +};
134185 +
134186 +/* Password setup definitions
134187 + * kernel/grhash.c */
134188 +enum {
134189 + GR_PW_LEN = 128,
134190 + GR_SALT_LEN = 16,
134191 + GR_SHA_LEN = 32,
134192 +};
134193 +
134194 +enum {
134195 + GR_SPROLE_LEN = 64,
134196 +};
134197 +
134198 +enum {
134199 + GR_NO_GLOB = 0,
134200 + GR_REG_GLOB,
134201 + GR_CREATE_GLOB
134202 +};
134203 +
134204 +#define GR_NLIMITS 32
134205 +
134206 +/* Begin Data Structures */
134207 +
134208 +struct sprole_pw {
134209 + unsigned char *rolename;
134210 + unsigned char salt[GR_SALT_LEN];
134211 + unsigned char sum[GR_SHA_LEN]; /* 256-bit SHA hash of the password */
134212 +};
134213 +
134214 +struct name_entry {
134215 + __u32 key;
134216 + u64 inode;
134217 + dev_t device;
134218 + char *name;
134219 + __u16 len;
134220 + __u8 deleted;
134221 + struct name_entry *prev;
134222 + struct name_entry *next;
134223 +};
134224 +
134225 +struct inodev_entry {
134226 + struct name_entry *nentry;
134227 + struct inodev_entry *prev;
134228 + struct inodev_entry *next;
134229 +};
134230 +
134231 +struct acl_role_db {
134232 + struct acl_role_label **r_hash;
134233 + __u32 r_size;
134234 +};
134235 +
134236 +struct inodev_db {
134237 + struct inodev_entry **i_hash;
134238 + __u32 i_size;
134239 +};
134240 +
134241 +struct name_db {
134242 + struct name_entry **n_hash;
134243 + __u32 n_size;
134244 +};
134245 +
134246 +struct crash_uid {
134247 + uid_t uid;
134248 + unsigned long expires;
134249 +};
134250 +
134251 +struct gr_hash_struct {
134252 + void **table;
134253 + void **nametable;
134254 + void *first;
134255 + __u32 table_size;
134256 + __u32 used_size;
134257 + int type;
134258 +};
134259 +
134260 +/* Userspace Grsecurity ACL data structures */
134261 +
134262 +struct acl_subject_label {
134263 + char *filename;
134264 + u64 inode;
134265 + dev_t device;
134266 + __u32 mode;
134267 + kernel_cap_t cap_mask;
134268 + kernel_cap_t cap_lower;
134269 + kernel_cap_t cap_invert_audit;
134270 +
134271 + struct rlimit res[GR_NLIMITS];
134272 + __u32 resmask;
134273 +
134274 + __u8 user_trans_type;
134275 + __u8 group_trans_type;
134276 + uid_t *user_transitions;
134277 + gid_t *group_transitions;
134278 + __u16 user_trans_num;
134279 + __u16 group_trans_num;
134280 +
134281 + __u32 sock_families[2];
134282 + __u32 ip_proto[8];
134283 + __u32 ip_type;
134284 + struct acl_ip_label **ips;
134285 + __u32 ip_num;
134286 + __u32 inaddr_any_override;
134287 +
134288 + __u32 crashes;
134289 + unsigned long expires;
134290 +
134291 + struct acl_subject_label *parent_subject;
134292 + struct gr_hash_struct *hash;
134293 + struct acl_subject_label *prev;
134294 + struct acl_subject_label *next;
134295 +
134296 + struct acl_object_label **obj_hash;
134297 + __u32 obj_hash_size;
134298 + __u16 pax_flags;
134299 +};
134300 +
134301 +struct role_allowed_ip {
134302 + __u32 addr;
134303 + __u32 netmask;
134304 +
134305 + struct role_allowed_ip *prev;
134306 + struct role_allowed_ip *next;
134307 +};
134308 +
134309 +struct role_transition {
134310 + char *rolename;
134311 +
134312 + struct role_transition *prev;
134313 + struct role_transition *next;
134314 +};
134315 +
134316 +struct acl_role_label {
134317 + char *rolename;
134318 + uid_t uidgid;
134319 + __u16 roletype;
134320 +
134321 + __u16 auth_attempts;
134322 + unsigned long expires;
134323 +
134324 + struct acl_subject_label *root_label;
134325 + struct gr_hash_struct *hash;
134326 +
134327 + struct acl_role_label *prev;
134328 + struct acl_role_label *next;
134329 +
134330 + struct role_transition *transitions;
134331 + struct role_allowed_ip *allowed_ips;
134332 + uid_t *domain_children;
134333 + __u16 domain_child_num;
134334 +
134335 + umode_t umask;
134336 +
134337 + struct acl_subject_label **subj_hash;
134338 + __u32 subj_hash_size;
134339 +};
134340 +
134341 +struct user_acl_role_db {
134342 + struct acl_role_label **r_table;
134343 + __u32 num_pointers; /* Number of allocations to track */
134344 + __u32 num_roles; /* Number of roles */
134345 + __u32 num_domain_children; /* Number of domain children */
134346 + __u32 num_subjects; /* Number of subjects */
134347 + __u32 num_objects; /* Number of objects */
134348 +};
134349 +
134350 +struct acl_object_label {
134351 + char *filename;
134352 + u64 inode;
134353 + dev_t device;
134354 + __u32 mode;
134355 +
134356 + struct acl_subject_label *nested;
134357 + struct acl_object_label *globbed;
134358 +
134359 + /* next two structures not used */
134360 +
134361 + struct acl_object_label *prev;
134362 + struct acl_object_label *next;
134363 +};
134364 +
134365 +struct acl_ip_label {
134366 + char *iface;
134367 + __u32 addr;
134368 + __u32 netmask;
134369 + __u16 low, high;
134370 + __u8 mode;
134371 + __u32 type;
134372 + __u32 proto[8];
134373 +
134374 + /* next two structures not used */
134375 +
134376 + struct acl_ip_label *prev;
134377 + struct acl_ip_label *next;
134378 +};
134379 +
134380 +struct gr_arg {
134381 + struct user_acl_role_db role_db;
134382 + unsigned char pw[GR_PW_LEN];
134383 + unsigned char salt[GR_SALT_LEN];
134384 + unsigned char sum[GR_SHA_LEN];
134385 + unsigned char sp_role[GR_SPROLE_LEN];
134386 + struct sprole_pw *sprole_pws;
134387 + dev_t segv_device;
134388 + u64 segv_inode;
134389 + uid_t segv_uid;
134390 + __u16 num_sprole_pws;
134391 + __u16 mode;
134392 +};
134393 +
134394 +struct gr_arg_wrapper {
134395 + struct gr_arg *arg;
134396 + __u32 version;
134397 + __u32 size;
134398 +};
134399 +
134400 +struct subject_map {
134401 + struct acl_subject_label *user;
134402 + struct acl_subject_label *kernel;
134403 + struct subject_map *prev;
134404 + struct subject_map *next;
134405 +};
134406 +
134407 +struct acl_subj_map_db {
134408 + struct subject_map **s_hash;
134409 + __u32 s_size;
134410 +};
134411 +
134412 +struct gr_policy_state {
134413 + struct sprole_pw **acl_special_roles;
134414 + __u16 num_sprole_pws;
134415 + struct acl_role_label *kernel_role;
134416 + struct acl_role_label *role_list;
134417 + struct acl_role_label *default_role;
134418 + struct acl_role_db acl_role_set;
134419 + struct acl_subj_map_db subj_map_set;
134420 + struct name_db name_set;
134421 + struct inodev_db inodev_set;
134422 +};
134423 +
134424 +struct gr_alloc_state {
134425 + unsigned long alloc_stack_next;
134426 + unsigned long alloc_stack_size;
134427 + void **alloc_stack;
134428 +};
134429 +
134430 +struct gr_reload_state {
134431 + struct gr_policy_state oldpolicy;
134432 + struct gr_alloc_state oldalloc;
134433 + struct gr_policy_state newpolicy;
134434 + struct gr_alloc_state newalloc;
134435 + struct gr_policy_state *oldpolicy_ptr;
134436 + struct gr_alloc_state *oldalloc_ptr;
134437 + unsigned char oldmode;
134438 +};
134439 +
134440 +/* End Data Structures Section */
134441 +
134442 +/* Hash functions generated by empirical testing by Brad Spengler
134443 + Makes good use of the low bits of the inode. Generally 0-1 times
134444 + in loop for successful match. 0-3 for unsuccessful match.
134445 + Shift/add algorithm with modulus of table size and an XOR*/
134446 +
134447 +static __inline__ unsigned int
134448 +gr_rhash(const uid_t uid, const __u16 type, const unsigned int sz)
134449 +{
134450 + return ((((uid + type) << (16 + type)) ^ uid) % sz);
134451 +}
134452 +
134453 + static __inline__ unsigned int
134454 +gr_shash(const struct acl_subject_label *userp, const unsigned int sz)
134455 +{
134456 + return ((const unsigned long)userp % sz);
134457 +}
134458 +
134459 +static __inline__ unsigned int
134460 +gr_fhash(const u64 ino, const dev_t dev, const unsigned int sz)
134461 +{
134462 + unsigned int rem;
134463 + div_u64_rem((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9)), sz, &rem);
134464 + return rem;
134465 +}
134466 +
134467 +static __inline__ unsigned int
134468 +gr_nhash(const char *name, const __u16 len, const unsigned int sz)
134469 +{
134470 + return full_name_hash(NULL, (const unsigned char *)name, len) % sz;
134471 +}
134472 +
134473 +#define FOR_EACH_SUBJECT_START(role,subj,iter) \
134474 + subj = NULL; \
134475 + iter = 0; \
134476 + while (iter < role->subj_hash_size) { \
134477 + if (subj == NULL) \
134478 + subj = role->subj_hash[iter]; \
134479 + if (subj == NULL) { \
134480 + iter++; \
134481 + continue; \
134482 + }
134483 +
134484 +#define FOR_EACH_SUBJECT_END(subj,iter) \
134485 + subj = subj->next; \
134486 + if (subj == NULL) \
134487 + iter++; \
134488 + }
134489 +
134490 +
134491 +#define FOR_EACH_NESTED_SUBJECT_START(role,subj) \
134492 + subj = role->hash->first; \
134493 + while (subj != NULL) {
134494 +
134495 +#define FOR_EACH_NESTED_SUBJECT_END(subj) \
134496 + subj = subj->next; \
134497 + }
134498 +
134499 +#endif
134500 +
134501 diff --git a/include/linux/gracl_compat.h b/include/linux/gracl_compat.h
134502 new file mode 100644
134503 index 0000000..af64092
134504 --- /dev/null
134505 +++ b/include/linux/gracl_compat.h
134506 @@ -0,0 +1,156 @@
134507 +#ifndef GR_ACL_COMPAT_H
134508 +#define GR_ACL_COMPAT_H
134509 +
134510 +#include <linux/resource.h>
134511 +#include <asm/resource.h>
134512 +
134513 +struct sprole_pw_compat {
134514 + compat_uptr_t rolename;
134515 + unsigned char salt[GR_SALT_LEN];
134516 + unsigned char sum[GR_SHA_LEN];
134517 +};
134518 +
134519 +struct gr_hash_struct_compat {
134520 + compat_uptr_t table;
134521 + compat_uptr_t nametable;
134522 + compat_uptr_t first;
134523 + __u32 table_size;
134524 + __u32 used_size;
134525 + int type;
134526 +};
134527 +
134528 +struct acl_subject_label_compat {
134529 + compat_uptr_t filename;
134530 + compat_u64 inode;
134531 + __u32 device;
134532 + __u32 mode;
134533 + kernel_cap_t cap_mask;
134534 + kernel_cap_t cap_lower;
134535 + kernel_cap_t cap_invert_audit;
134536 +
134537 + struct compat_rlimit res[GR_NLIMITS];
134538 + __u32 resmask;
134539 +
134540 + __u8 user_trans_type;
134541 + __u8 group_trans_type;
134542 + compat_uptr_t user_transitions;
134543 + compat_uptr_t group_transitions;
134544 + __u16 user_trans_num;
134545 + __u16 group_trans_num;
134546 +
134547 + __u32 sock_families[2];
134548 + __u32 ip_proto[8];
134549 + __u32 ip_type;
134550 + compat_uptr_t ips;
134551 + __u32 ip_num;
134552 + __u32 inaddr_any_override;
134553 +
134554 + __u32 crashes;
134555 + compat_ulong_t expires;
134556 +
134557 + compat_uptr_t parent_subject;
134558 + compat_uptr_t hash;
134559 + compat_uptr_t prev;
134560 + compat_uptr_t next;
134561 +
134562 + compat_uptr_t obj_hash;
134563 + __u32 obj_hash_size;
134564 + __u16 pax_flags;
134565 +};
134566 +
134567 +struct role_allowed_ip_compat {
134568 + __u32 addr;
134569 + __u32 netmask;
134570 +
134571 + compat_uptr_t prev;
134572 + compat_uptr_t next;
134573 +};
134574 +
134575 +struct role_transition_compat {
134576 + compat_uptr_t rolename;
134577 +
134578 + compat_uptr_t prev;
134579 + compat_uptr_t next;
134580 +};
134581 +
134582 +struct acl_role_label_compat {
134583 + compat_uptr_t rolename;
134584 + uid_t uidgid;
134585 + __u16 roletype;
134586 +
134587 + __u16 auth_attempts;
134588 + compat_ulong_t expires;
134589 +
134590 + compat_uptr_t root_label;
134591 + compat_uptr_t hash;
134592 +
134593 + compat_uptr_t prev;
134594 + compat_uptr_t next;
134595 +
134596 + compat_uptr_t transitions;
134597 + compat_uptr_t allowed_ips;
134598 + compat_uptr_t domain_children;
134599 + __u16 domain_child_num;
134600 +
134601 + umode_t umask;
134602 +
134603 + compat_uptr_t subj_hash;
134604 + __u32 subj_hash_size;
134605 +};
134606 +
134607 +struct user_acl_role_db_compat {
134608 + compat_uptr_t r_table;
134609 + __u32 num_pointers;
134610 + __u32 num_roles;
134611 + __u32 num_domain_children;
134612 + __u32 num_subjects;
134613 + __u32 num_objects;
134614 +};
134615 +
134616 +struct acl_object_label_compat {
134617 + compat_uptr_t filename;
134618 + compat_u64 inode;
134619 + __u32 device;
134620 + __u32 mode;
134621 +
134622 + compat_uptr_t nested;
134623 + compat_uptr_t globbed;
134624 +
134625 + compat_uptr_t prev;
134626 + compat_uptr_t next;
134627 +};
134628 +
134629 +struct acl_ip_label_compat {
134630 + compat_uptr_t iface;
134631 + __u32 addr;
134632 + __u32 netmask;
134633 + __u16 low, high;
134634 + __u8 mode;
134635 + __u32 type;
134636 + __u32 proto[8];
134637 +
134638 + compat_uptr_t prev;
134639 + compat_uptr_t next;
134640 +};
134641 +
134642 +struct gr_arg_compat {
134643 + struct user_acl_role_db_compat role_db;
134644 + unsigned char pw[GR_PW_LEN];
134645 + unsigned char salt[GR_SALT_LEN];
134646 + unsigned char sum[GR_SHA_LEN];
134647 + unsigned char sp_role[GR_SPROLE_LEN];
134648 + compat_uptr_t sprole_pws;
134649 + __u32 segv_device;
134650 + compat_u64 segv_inode;
134651 + uid_t segv_uid;
134652 + __u16 num_sprole_pws;
134653 + __u16 mode;
134654 +};
134655 +
134656 +struct gr_arg_wrapper_compat {
134657 + compat_uptr_t arg;
134658 + __u32 version;
134659 + __u32 size;
134660 +};
134661 +
134662 +#endif
134663 diff --git a/include/linux/gralloc.h b/include/linux/gralloc.h
134664 new file mode 100644
134665 index 0000000..323ecf2
134666 --- /dev/null
134667 +++ b/include/linux/gralloc.h
134668 @@ -0,0 +1,9 @@
134669 +#ifndef __GRALLOC_H
134670 +#define __GRALLOC_H
134671 +
134672 +void acl_free_all(void);
134673 +int acl_alloc_stack_init(unsigned long size);
134674 +void *acl_alloc(unsigned long len);
134675 +void *acl_alloc_num(unsigned long num, unsigned long len);
134676 +
134677 +#endif
134678 diff --git a/include/linux/grdefs.h b/include/linux/grdefs.h
134679 new file mode 100644
134680 index 0000000..be66033
134681 --- /dev/null
134682 +++ b/include/linux/grdefs.h
134683 @@ -0,0 +1,140 @@
134684 +#ifndef GRDEFS_H
134685 +#define GRDEFS_H
134686 +
134687 +/* Begin grsecurity status declarations */
134688 +
134689 +enum {
134690 + GR_READY = 0x01,
134691 + GR_STATUS_INIT = 0x00 // disabled state
134692 +};
134693 +
134694 +/* Begin ACL declarations */
134695 +
134696 +/* Role flags */
134697 +
134698 +enum {
134699 + GR_ROLE_USER = 0x0001,
134700 + GR_ROLE_GROUP = 0x0002,
134701 + GR_ROLE_DEFAULT = 0x0004,
134702 + GR_ROLE_SPECIAL = 0x0008,
134703 + GR_ROLE_AUTH = 0x0010,
134704 + GR_ROLE_NOPW = 0x0020,
134705 + GR_ROLE_GOD = 0x0040,
134706 + GR_ROLE_LEARN = 0x0080,
134707 + GR_ROLE_TPE = 0x0100,
134708 + GR_ROLE_DOMAIN = 0x0200,
134709 + GR_ROLE_PAM = 0x0400,
134710 + GR_ROLE_PERSIST = 0x0800
134711 +};
134712 +
134713 +/* ACL Subject and Object mode flags */
134714 +enum {
134715 + GR_DELETED = 0x80000000
134716 +};
134717 +
134718 +/* ACL Object-only mode flags */
134719 +enum {
134720 + GR_READ = 0x00000001,
134721 + GR_APPEND = 0x00000002,
134722 + GR_WRITE = 0x00000004,
134723 + GR_EXEC = 0x00000008,
134724 + GR_FIND = 0x00000010,
134725 + GR_INHERIT = 0x00000020,
134726 + GR_SETID = 0x00000040,
134727 + GR_CREATE = 0x00000080,
134728 + GR_DELETE = 0x00000100,
134729 + GR_LINK = 0x00000200,
134730 + GR_AUDIT_READ = 0x00000400,
134731 + GR_AUDIT_APPEND = 0x00000800,
134732 + GR_AUDIT_WRITE = 0x00001000,
134733 + GR_AUDIT_EXEC = 0x00002000,
134734 + GR_AUDIT_FIND = 0x00004000,
134735 + GR_AUDIT_INHERIT= 0x00008000,
134736 + GR_AUDIT_SETID = 0x00010000,
134737 + GR_AUDIT_CREATE = 0x00020000,
134738 + GR_AUDIT_DELETE = 0x00040000,
134739 + GR_AUDIT_LINK = 0x00080000,
134740 + GR_PTRACERD = 0x00100000,
134741 + GR_NOPTRACE = 0x00200000,
134742 + GR_SUPPRESS = 0x00400000,
134743 + GR_NOLEARN = 0x00800000,
134744 + GR_INIT_TRANSFER= 0x01000000
134745 +};
134746 +
134747 +#define GR_AUDITS (GR_AUDIT_READ | GR_AUDIT_WRITE | GR_AUDIT_APPEND | GR_AUDIT_EXEC | \
134748 + GR_AUDIT_FIND | GR_AUDIT_INHERIT | GR_AUDIT_SETID | \
134749 + GR_AUDIT_CREATE | GR_AUDIT_DELETE | GR_AUDIT_LINK)
134750 +
134751 +/* ACL subject-only mode flags */
134752 +enum {
134753 + GR_KILL = 0x00000001,
134754 + GR_VIEW = 0x00000002,
134755 + GR_PROTECTED = 0x00000004,
134756 + GR_LEARN = 0x00000008,
134757 + GR_OVERRIDE = 0x00000010,
134758 + /* just a placeholder, this mode is only used in userspace */
134759 + GR_DUMMY = 0x00000020,
134760 + GR_PROTSHM = 0x00000040,
134761 + GR_KILLPROC = 0x00000080,
134762 + GR_KILLIPPROC = 0x00000100,
134763 + /* just a placeholder, this mode is only used in userspace */
134764 + GR_NOTROJAN = 0x00000200,
134765 + GR_PROTPROCFD = 0x00000400,
134766 + GR_PROCACCT = 0x00000800,
134767 + GR_RELAXPTRACE = 0x00001000,
134768 + //GR_NESTED = 0x00002000,
134769 + GR_INHERITLEARN = 0x00004000,
134770 + GR_PROCFIND = 0x00008000,
134771 + GR_POVERRIDE = 0x00010000,
134772 + GR_KERNELAUTH = 0x00020000,
134773 + GR_ATSECURE = 0x00040000,
134774 + GR_SHMEXEC = 0x00080000
134775 +};
134776 +
134777 +enum {
134778 + GR_PAX_ENABLE_SEGMEXEC = 0x0001,
134779 + GR_PAX_ENABLE_PAGEEXEC = 0x0002,
134780 + GR_PAX_ENABLE_MPROTECT = 0x0004,
134781 + GR_PAX_ENABLE_RANDMMAP = 0x0008,
134782 + GR_PAX_ENABLE_EMUTRAMP = 0x0010,
134783 + GR_PAX_DISABLE_SEGMEXEC = 0x0100,
134784 + GR_PAX_DISABLE_PAGEEXEC = 0x0200,
134785 + GR_PAX_DISABLE_MPROTECT = 0x0400,
134786 + GR_PAX_DISABLE_RANDMMAP = 0x0800,
134787 + GR_PAX_DISABLE_EMUTRAMP = 0x1000,
134788 +};
134789 +
134790 +enum {
134791 + GR_ID_USER = 0x01,
134792 + GR_ID_GROUP = 0x02,
134793 +};
134794 +
134795 +enum {
134796 + GR_ID_ALLOW = 0x01,
134797 + GR_ID_DENY = 0x02,
134798 +};
134799 +
134800 +#define GR_CRASH_RES 31
134801 +#define GR_UIDTABLE_MAX 500
134802 +
134803 +/* begin resource learning section */
134804 +enum {
134805 + GR_RLIM_CPU_BUMP = 60,
134806 + GR_RLIM_FSIZE_BUMP = 50000,
134807 + GR_RLIM_DATA_BUMP = 10000,
134808 + GR_RLIM_STACK_BUMP = 1000,
134809 + GR_RLIM_CORE_BUMP = 10000,
134810 + GR_RLIM_RSS_BUMP = 500000,
134811 + GR_RLIM_NPROC_BUMP = 1,
134812 + GR_RLIM_NOFILE_BUMP = 5,
134813 + GR_RLIM_MEMLOCK_BUMP = 50000,
134814 + GR_RLIM_AS_BUMP = 500000,
134815 + GR_RLIM_LOCKS_BUMP = 2,
134816 + GR_RLIM_SIGPENDING_BUMP = 5,
134817 + GR_RLIM_MSGQUEUE_BUMP = 10000,
134818 + GR_RLIM_NICE_BUMP = 1,
134819 + GR_RLIM_RTPRIO_BUMP = 1,
134820 + GR_RLIM_RTTIME_BUMP = 1000000
134821 +};
134822 +
134823 +#endif
134824 diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h
134825 new file mode 100644
134826 index 0000000..1dbf9c8
134827 --- /dev/null
134828 +++ b/include/linux/grinternal.h
134829 @@ -0,0 +1,231 @@
134830 +#ifndef __GRINTERNAL_H
134831 +#define __GRINTERNAL_H
134832 +
134833 +#ifdef CONFIG_GRKERNSEC
134834 +
134835 +#include <linux/fs.h>
134836 +#include <linux/mnt_namespace.h>
134837 +#include <linux/nsproxy.h>
134838 +#include <linux/gracl.h>
134839 +#include <linux/grdefs.h>
134840 +#include <linux/grmsg.h>
134841 +
134842 +void gr_add_learn_entry(const char *fmt, ...)
134843 + __attribute__ ((format (printf, 1, 2)));
134844 +__u32 gr_search_file(const struct dentry *dentry, const __u32 mode,
134845 + const struct vfsmount *mnt);
134846 +__u32 gr_check_create(const struct dentry *new_dentry,
134847 + const struct dentry *parent,
134848 + const struct vfsmount *mnt, const __u32 mode);
134849 +int gr_check_protected_task(const struct task_struct *task);
134850 +__u32 to_gr_audit(const __u32 reqmode);
134851 +int gr_set_acls(const int type);
134852 +int gr_acl_is_enabled(void);
134853 +char gr_roletype_to_char(void);
134854 +
134855 +void gr_handle_alertkill(struct task_struct *task);
134856 +char *gr_to_filename(const struct dentry *dentry,
134857 + const struct vfsmount *mnt);
134858 +char *gr_to_filename1(const struct dentry *dentry,
134859 + const struct vfsmount *mnt);
134860 +char *gr_to_filename2(const struct dentry *dentry,
134861 + const struct vfsmount *mnt);
134862 +char *gr_to_filename3(const struct dentry *dentry,
134863 + const struct vfsmount *mnt);
134864 +
134865 +extern int grsec_enable_ptrace_readexec;
134866 +extern int grsec_enable_harden_ptrace;
134867 +extern int grsec_enable_link;
134868 +extern int grsec_enable_fifo;
134869 +extern int grsec_enable_execve;
134870 +extern int grsec_enable_shm;
134871 +extern int grsec_enable_execlog;
134872 +extern int grsec_enable_signal;
134873 +extern int grsec_enable_audit_ptrace;
134874 +extern int grsec_enable_forkfail;
134875 +extern int grsec_enable_time;
134876 +extern int grsec_enable_rofs;
134877 +extern int grsec_deny_new_usb;
134878 +extern int grsec_enable_chroot_shmat;
134879 +extern int grsec_enable_chroot_mount;
134880 +extern int grsec_enable_chroot_double;
134881 +extern int grsec_enable_chroot_pivot;
134882 +extern int grsec_enable_chroot_chdir;
134883 +extern int grsec_enable_chroot_chmod;
134884 +extern int grsec_enable_chroot_mknod;
134885 +extern int grsec_enable_chroot_fchdir;
134886 +extern int grsec_enable_chroot_nice;
134887 +extern int grsec_enable_chroot_execlog;
134888 +extern int grsec_enable_chroot_caps;
134889 +extern int grsec_enable_chroot_rename;
134890 +extern int grsec_enable_chroot_sysctl;
134891 +extern int grsec_enable_chroot_unix;
134892 +extern int grsec_enable_symlinkown;
134893 +extern kgid_t grsec_symlinkown_gid;
134894 +extern int grsec_enable_tpe;
134895 +extern kgid_t grsec_tpe_gid;
134896 +extern int grsec_enable_tpe_all;
134897 +extern int grsec_enable_tpe_invert;
134898 +extern int grsec_enable_socket_all;
134899 +extern kgid_t grsec_socket_all_gid;
134900 +extern int grsec_enable_socket_client;
134901 +extern kgid_t grsec_socket_client_gid;
134902 +extern int grsec_enable_socket_server;
134903 +extern kgid_t grsec_socket_server_gid;
134904 +extern kgid_t grsec_audit_gid;
134905 +extern int grsec_enable_group;
134906 +extern int grsec_enable_log_rwxmaps;
134907 +extern int grsec_enable_mount;
134908 +extern int grsec_enable_chdir;
134909 +extern int grsec_resource_logging;
134910 +extern int grsec_enable_blackhole;
134911 +extern int grsec_lastack_retries;
134912 +extern int grsec_enable_brute;
134913 +extern int grsec_enable_harden_ipc;
134914 +extern int grsec_enable_harden_tty;
134915 +extern int grsec_lock;
134916 +
134917 +extern spinlock_t grsec_alert_lock;
134918 +extern unsigned long grsec_alert_wtime;
134919 +extern unsigned long grsec_alert_fyet;
134920 +
134921 +extern spinlock_t grsec_audit_lock;
134922 +
134923 +extern rwlock_t grsec_exec_file_lock;
134924 +
134925 +#define gr_task_fullpath(tsk) ((tsk)->exec_file ? \
134926 + gr_to_filename2((tsk)->exec_file->f_path.dentry, \
134927 + (tsk)->exec_file->f_path.mnt) : "/")
134928 +
134929 +#define gr_parent_task_fullpath(tsk) ((tsk)->real_parent->exec_file ? \
134930 + gr_to_filename3((tsk)->real_parent->exec_file->f_path.dentry, \
134931 + (tsk)->real_parent->exec_file->f_path.mnt) : "/")
134932 +
134933 +#define gr_task_fullpath0(tsk) ((tsk)->exec_file ? \
134934 + gr_to_filename((tsk)->exec_file->f_path.dentry, \
134935 + (tsk)->exec_file->f_path.mnt) : "/")
134936 +
134937 +#define gr_parent_task_fullpath0(tsk) ((tsk)->real_parent->exec_file ? \
134938 + gr_to_filename1((tsk)->real_parent->exec_file->f_path.dentry, \
134939 + (tsk)->real_parent->exec_file->f_path.mnt) : "/")
134940 +
134941 +#define proc_is_chrooted(tsk_a) ((tsk_a)->gr_is_chrooted)
134942 +
134943 +#define have_same_root(tsk_a,tsk_b) ((tsk_a)->gr_chroot_dentry == (tsk_b)->gr_chroot_dentry)
134944 +
134945 +static inline bool gr_is_same_file(const struct file *file1, const struct file *file2)
134946 +{
134947 + if (file1 && file2) {
134948 + const struct inode *inode1 = file1->f_path.dentry->d_inode;
134949 + const struct inode *inode2 = file2->f_path.dentry->d_inode;
134950 + if (inode1->i_ino == inode2->i_ino && inode1->i_sb->s_dev == inode2->i_sb->s_dev)
134951 + return true;
134952 + }
134953 +
134954 + return false;
134955 +}
134956 +
134957 +#define GR_CHROOT_CAPS {{ \
134958 + CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \
134959 + CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \
134960 + CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
134961 + CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
134962 + CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
134963 + CAP_TO_MASK(CAP_IPC_OWNER) | CAP_TO_MASK(CAP_SETFCAP), \
134964 + CAP_TO_MASK(CAP_SYSLOG) | CAP_TO_MASK(CAP_MAC_ADMIN) }}
134965 +
134966 +#define security_learn(normal_msg,args...) \
134967 +({ \
134968 + read_lock(&grsec_exec_file_lock); \
134969 + gr_add_learn_entry(normal_msg "\n", ## args); \
134970 + read_unlock(&grsec_exec_file_lock); \
134971 +})
134972 +
134973 +enum {
134974 + GR_DO_AUDIT,
134975 + GR_DONT_AUDIT,
134976 + /* used for non-audit messages that we shouldn't kill the task on */
134977 + GR_DONT_AUDIT_GOOD
134978 +};
134979 +
134980 +enum {
134981 + GR_TTYSNIFF,
134982 + GR_RBAC,
134983 + GR_RBAC_STR,
134984 + GR_STR_RBAC,
134985 + GR_RBAC_MODE2,
134986 + GR_RBAC_MODE3,
134987 + GR_FILENAME,
134988 + GR_SYSCTL_HIDDEN,
134989 + GR_NOARGS,
134990 + GR_ONE_INT,
134991 + GR_ONE_INT_TWO_STR,
134992 + GR_ONE_STR,
134993 + GR_STR_INT,
134994 + GR_TWO_STR_INT,
134995 + GR_TWO_INT,
134996 + GR_TWO_U64,
134997 + GR_THREE_INT,
134998 + GR_FIVE_INT_TWO_STR,
134999 + GR_TWO_STR,
135000 + GR_THREE_STR,
135001 + GR_FOUR_STR,
135002 + GR_STR_FILENAME,
135003 + GR_FILENAME_STR,
135004 + GR_FILENAME_TWO_INT,
135005 + GR_FILENAME_TWO_INT_STR,
135006 + GR_TEXTREL,
135007 + GR_PTRACE,
135008 + GR_RESOURCE,
135009 + GR_CAP,
135010 + GR_SIG,
135011 + GR_SIG2,
135012 + GR_CRASH1,
135013 + GR_CRASH2,
135014 + GR_PSACCT,
135015 + GR_RWXMAP,
135016 + GR_RWXMAPVMA
135017 +};
135018 +
135019 +#define gr_log_hidden_sysctl(audit, msg, str) gr_log_varargs(audit, msg, GR_SYSCTL_HIDDEN, str)
135020 +#define gr_log_ttysniff(audit, msg, task) gr_log_varargs(audit, msg, GR_TTYSNIFF, task)
135021 +#define gr_log_fs_rbac_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_RBAC, dentry, mnt)
135022 +#define gr_log_fs_rbac_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_RBAC_STR, dentry, mnt, str)
135023 +#define gr_log_fs_str_rbac(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_RBAC, str, dentry, mnt)
135024 +#define gr_log_fs_rbac_mode2(audit, msg, dentry, mnt, str1, str2) gr_log_varargs(audit, msg, GR_RBAC_MODE2, dentry, mnt, str1, str2)
135025 +#define gr_log_fs_rbac_mode3(audit, msg, dentry, mnt, str1, str2, str3) gr_log_varargs(audit, msg, GR_RBAC_MODE3, dentry, mnt, str1, str2, str3)
135026 +#define gr_log_fs_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_FILENAME, dentry, mnt)
135027 +#define gr_log_noargs(audit, msg) gr_log_varargs(audit, msg, GR_NOARGS)
135028 +#define gr_log_int(audit, msg, num) gr_log_varargs(audit, msg, GR_ONE_INT, num)
135029 +#define gr_log_int_str2(audit, msg, num, str1, str2) gr_log_varargs(audit, msg, GR_ONE_INT_TWO_STR, num, str1, str2)
135030 +#define gr_log_str(audit, msg, str) gr_log_varargs(audit, msg, GR_ONE_STR, str)
135031 +#define gr_log_str_int(audit, msg, str, num) gr_log_varargs(audit, msg, GR_STR_INT, str, num)
135032 +#define gr_log_int_int(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_INT, num1, num2)
135033 +#define gr_log_two_u64(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_U64, num1, num2)
135034 +#define gr_log_int3(audit, msg, num1, num2, num3) gr_log_varargs(audit, msg, GR_THREE_INT, num1, num2, num3)
135035 +#define gr_log_int5_str2(audit, msg, num1, num2, str1, str2) gr_log_varargs(audit, msg, GR_FIVE_INT_TWO_STR, num1, num2, str1, str2)
135036 +#define gr_log_str_str(audit, msg, str1, str2) gr_log_varargs(audit, msg, GR_TWO_STR, str1, str2)
135037 +#define gr_log_str2_int(audit, msg, str1, str2, num) gr_log_varargs(audit, msg, GR_TWO_STR_INT, str1, str2, num)
135038 +#define gr_log_str3(audit, msg, str1, str2, str3) gr_log_varargs(audit, msg, GR_THREE_STR, str1, str2, str3)
135039 +#define gr_log_str4(audit, msg, str1, str2, str3, str4) gr_log_varargs(audit, msg, GR_FOUR_STR, str1, str2, str3, str4)
135040 +#define gr_log_str_fs(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_FILENAME, str, dentry, mnt)
135041 +#define gr_log_fs_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_FILENAME_STR, dentry, mnt, str)
135042 +#define gr_log_fs_int2(audit, msg, dentry, mnt, num1, num2) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT, dentry, mnt, num1, num2)
135043 +#define gr_log_fs_int2_str(audit, msg, dentry, mnt, num1, num2, str) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT_STR, dentry, mnt, num1, num2, str)
135044 +#define gr_log_textrel_ulong_ulong(audit, msg, str, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, str, file, ulong1, ulong2)
135045 +#define gr_log_ptrace(audit, msg, task) gr_log_varargs(audit, msg, GR_PTRACE, task)
135046 +#define gr_log_res_ulong2_str(audit, msg, task, ulong1, str, ulong2) gr_log_varargs(audit, msg, GR_RESOURCE, task, ulong1, str, ulong2)
135047 +#define gr_log_cap(audit, msg, task, str) gr_log_varargs(audit, msg, GR_CAP, task, str)
135048 +#define gr_log_sig_addr(audit, msg, str, addr) gr_log_varargs(audit, msg, GR_SIG, str, addr)
135049 +#define gr_log_sig_task(audit, msg, task, num) gr_log_varargs(audit, msg, GR_SIG2, task, num)
135050 +#define gr_log_crash1(audit, msg, task, ulong) gr_log_varargs(audit, msg, GR_CRASH1, task, ulong)
135051 +#define gr_log_crash2(audit, msg, task, ulong1) gr_log_varargs(audit, msg, GR_CRASH2, task, ulong1)
135052 +#define gr_log_procacct(audit, msg, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) gr_log_varargs(audit, msg, GR_PSACCT, task, num1, num2, num3, num4, num5, num6, num7, num8, num9)
135053 +#define gr_log_rwxmap(audit, msg, str) gr_log_varargs(audit, msg, GR_RWXMAP, str)
135054 +#define gr_log_rwxmap_vma(audit, msg, str) gr_log_varargs(audit, msg, GR_RWXMAPVMA, str)
135055 +
135056 +void gr_log_varargs(int audit, const char *msg, int argtypes, ...);
135057 +
135058 +#endif
135059 +
135060 +#endif
135061 diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h
135062 new file mode 100644
135063 index 0000000..94ac4d2
135064 --- /dev/null
135065 +++ b/include/linux/grmsg.h
135066 @@ -0,0 +1,120 @@
135067 +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
135068 +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
135069 +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
135070 +#define GR_STOPMOD_MSG "denied modification of module state by "
135071 +#define GR_ROFS_BLOCKWRITE_MSG "denied write to block device %.950s by "
135072 +#define GR_ROFS_MOUNT_MSG "denied writable mount of %.950s by "
135073 +#define GR_IOPERM_MSG "denied use of ioperm() by "
135074 +#define GR_IOPL_MSG "denied use of iopl() by "
135075 +#define GR_SHMAT_ACL_MSG "denied attach of shared memory of UID %u, PID %d, ID %u by "
135076 +#define GR_UNIX_CHROOT_MSG "denied connect() to abstract AF_UNIX socket outside of chroot by "
135077 +#define GR_SHMAT_CHROOT_MSG "denied attach of shared memory outside of chroot by "
135078 +#define GR_MEM_READWRITE_MSG "denied access of range %Lx -> %Lx in /dev/mem by "
135079 +#define GR_SYMLINK_MSG "not following symlink %.950s owned by %d.%d by "
135080 +#define GR_LEARN_AUDIT_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%lu\t%lu\t%.4095s\t%lu\t%pI4"
135081 +#define GR_ID_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%c\t%d\t%d\t%d\t%pI4"
135082 +#define GR_HIDDEN_ACL_MSG "%s access to hidden file %.950s by "
135083 +#define GR_OPEN_ACL_MSG "%s open of %.950s for%s%s by "
135084 +#define GR_CREATE_ACL_MSG "%s create of %.950s for%s%s by "
135085 +#define GR_FIFO_MSG "denied writing FIFO %.950s of %d.%d by "
135086 +#define GR_MKNOD_CHROOT_MSG "denied mknod of %.950s from chroot by "
135087 +#define GR_MKNOD_ACL_MSG "%s mknod of %.950s by "
135088 +#define GR_UNIXCONNECT_ACL_MSG "%s connect() to the unix domain socket %.950s by "
135089 +#define GR_TTYSNIFF_ACL_MSG "terminal being sniffed by IP:%pI4 %.480s[%.16s:%d], parent %.480s[%.16s:%d] against "
135090 +#define GR_MKDIR_ACL_MSG "%s mkdir of %.950s by "
135091 +#define GR_RMDIR_ACL_MSG "%s rmdir of %.950s by "
135092 +#define GR_UNLINK_ACL_MSG "%s unlink of %.950s by "
135093 +#define GR_SYMLINK_ACL_MSG "%s symlink from %.480s to %.480s by "
135094 +#define GR_HARDLINK_MSG "denied hardlink of %.930s (owned by %d.%d) to %.30s for "
135095 +#define GR_LINK_ACL_MSG "%s link of %.480s to %.480s by "
135096 +#define GR_INHERIT_ACL_MSG "successful inherit of %.480s's ACL for %.480s by "
135097 +#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by "
135098 +#define GR_UNSAFESHARE_EXEC_ACL_MSG "denied exec with cloned fs of %.950s by "
135099 +#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by "
135100 +#define GR_EXEC_ACL_MSG "%s execution of %.950s by "
135101 +#define GR_EXEC_TPE_MSG "denied untrusted exec (due to %.70s) of %.950s by "
135102 +#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning uid %u from login for %lu seconds"
135103 +#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning execution for %lu seconds"
135104 +#define GR_MOUNT_CHROOT_MSG "denied mount of %.256s as %.930s from chroot by "
135105 +#define GR_PIVOT_CHROOT_MSG "denied pivot_root from chroot by "
135106 +#define GR_TRUNCATE_ACL_MSG "%s truncate of %.950s by "
135107 +#define GR_ATIME_ACL_MSG "%s access time change of %.950s by "
135108 +#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by "
135109 +#define GR_CHROOT_CHROOT_MSG "denied double chroot to %.950s by "
135110 +#define GR_CHROOT_RENAME_MSG "denied bad rename of %.950s out of a chroot by "
135111 +#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by "
135112 +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by "
135113 +#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by "
135114 +#define GR_CHROOT_PATHAT_MSG "denied relative path access outside of chroot to %.950s by "
135115 +#define GR_CHROOT_FHANDLE_MSG "denied use of file handles inside chroot by "
135116 +#define GR_CHOWN_ACL_MSG "%s chown of %.950s by "
135117 +#define GR_SETXATTR_ACL_MSG "%s setting extended attribute of %.950s by "
135118 +#define GR_REMOVEXATTR_ACL_MSG "%s removing extended attribute of %.950s by "
135119 +#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by "
135120 +#define GR_INITF_ACL_MSG "init_variables() failed %s by "
135121 +#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader"
135122 +#define GR_DEV_ACL_MSG "/dev/grsec: %d bytes sent %d required, being fed garbage by "
135123 +#define GR_SHUTS_ACL_MSG "shutdown auth success for "
135124 +#define GR_SHUTF_ACL_MSG "shutdown auth failure for "
135125 +#define GR_SHUTI_ACL_MSG "ignoring shutdown for disabled RBAC system for "
135126 +#define GR_SEGVMODS_ACL_MSG "segvmod auth success for "
135127 +#define GR_SEGVMODF_ACL_MSG "segvmod auth failure for "
135128 +#define GR_SEGVMODI_ACL_MSG "ignoring segvmod for disabled RBAC system for "
135129 +#define GR_ENABLE_ACL_MSG "%s RBAC system loaded by "
135130 +#define GR_ENABLEF_ACL_MSG "unable to load %s for "
135131 +#define GR_RELOADI_ACL_MSG "ignoring reload request for disabled RBAC system"
135132 +#define GR_RELOAD_ACL_MSG "%s RBAC system reloaded by "
135133 +#define GR_RELOADF_ACL_MSG "failed reload of %s for "
135134 +#define GR_SPROLEI_ACL_MSG "ignoring change to special role for disabled RBAC system for "
135135 +#define GR_SPROLES_ACL_MSG "successful change to special role %s (id %d) by "
135136 +#define GR_SPROLEL_ACL_MSG "special role %s (id %d) exited by "
135137 +#define GR_SPROLEF_ACL_MSG "special role %s failure for "
135138 +#define GR_UNSPROLEI_ACL_MSG "ignoring unauth of special role for disabled RBAC system for "
135139 +#define GR_UNSPROLES_ACL_MSG "successful unauth of special role %s (id %d) by "
135140 +#define GR_INVMODE_ACL_MSG "invalid mode %d by "
135141 +#define GR_PRIORITY_CHROOT_MSG "denied priority change of process (%.16s:%d) by "
135142 +#define GR_FAILFORK_MSG "failed fork with errno %s by "
135143 +#define GR_NICE_CHROOT_MSG "denied priority change by "
135144 +#define GR_UNISIGLOG_MSG "%.32s occurred at %p in "
135145 +#define GR_DUALSIGLOG_MSG "signal %d sent to " DEFAULTSECMSG " by "
135146 +#define GR_SIG_ACL_MSG "denied send of signal %d to protected task " DEFAULTSECMSG " by "
135147 +#define GR_SYSCTL_MSG "denied modification of grsecurity sysctl value : %.32s by "
135148 +#define GR_SYSCTL_ACL_MSG "%s sysctl of %.950s for%s%s by "
135149 +#define GR_TIME_MSG "time set by "
135150 +#define GR_DEFACL_MSG "fatal: unable to find subject for (%.16s:%d), loaded by "
135151 +#define GR_MMAP_ACL_MSG "%s executable mmap of %.950s by "
135152 +#define GR_MPROTECT_ACL_MSG "%s executable mprotect of %.950s by "
135153 +#define GR_SOCK_MSG "denied socket(%.16s,%.16s,%.16s) by "
135154 +#define GR_SOCK_NOINET_MSG "denied socket(%.16s,%.16s,%d) by "
135155 +#define GR_BIND_MSG "denied bind() by "
135156 +#define GR_CONNECT_MSG "denied connect() by "
135157 +#define GR_BIND_ACL_MSG "denied bind() to %pI4 port %u sock type %.16s protocol %.16s by "
135158 +#define GR_CONNECT_ACL_MSG "denied connect() to %pI4 port %u sock type %.16s protocol %.16s by "
135159 +#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%pI4\t%u\t%u\t%u\t%u\t%pI4"
135160 +#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process "
135161 +#define GR_CAP_ACL_MSG "use of %s denied for "
135162 +#define GR_CAP_CHROOT_MSG "use of %s in chroot denied for "
135163 +#define GR_CAP_ACL_MSG2 "use of %s permitted for "
135164 +#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for "
135165 +#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for "
135166 +#define GR_REMOUNT_AUDIT_MSG "remount of %.256s by "
135167 +#define GR_UNMOUNT_AUDIT_MSG "unmount of %.256s by "
135168 +#define GR_MOUNT_AUDIT_MSG "mount of %.256s to %.256s by "
135169 +#define GR_CHDIR_AUDIT_MSG "chdir to %.980s by "
135170 +#define GR_EXEC_AUDIT_MSG "exec of %.930s (%.128s) by "
135171 +#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for "
135172 +#define GR_RWXMMAP_MSG "denied RWX mmap of %.950s by "
135173 +#define GR_RWXMPROTECT_MSG "denied RWX mprotect of %.950s by "
135174 +#define GR_TEXTREL_AUDIT_MSG "allowed %s text relocation transition in %.950s, VMA:0x%08lx 0x%08lx by "
135175 +#define GR_PTGNUSTACK_MSG "denied marking stack executable as requested by PT_GNU_STACK marking in %.950s by "
135176 +#define GR_VM86_MSG "denied use of vm86 by "
135177 +#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by "
135178 +#define GR_PTRACE_READEXEC_MSG "denied ptrace of unreadable binary %.950s by "
135179 +#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by "
135180 +#define GR_BADPROCPID_MSG "denied read of sensitive /proc/pid/%s entry via fd passed across exec by "
135181 +#define GR_SYMLINKOWNER_MSG "denied following symlink %.950s since symlink owner %u does not match target owner %u, by "
135182 +#define GR_BRUTE_DAEMON_MSG "bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds. Please investigate the crash report for "
135183 +#define GR_BRUTE_SUID_MSG "bruteforce prevention initiated due to crash of %.950s against uid %u, banning suid/sgid execs for %u minutes. Please investigate the crash report for "
135184 +#define GR_IPC_DENIED_MSG "denied %s of overly-permissive IPC object with creator uid %u by "
135185 +#define GR_TIOCSTI_MSG "denied unprivileged use of TIOCSTI by "
135186 +#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
135187 diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
135188 new file mode 100644
135189 index 0000000..749b915
135190 --- /dev/null
135191 +++ b/include/linux/grsecurity.h
135192 @@ -0,0 +1,259 @@
135193 +#ifndef GR_SECURITY_H
135194 +#define GR_SECURITY_H
135195 +#include <linux/fs.h>
135196 +#include <linux/fs_struct.h>
135197 +#include <linux/binfmts.h>
135198 +#include <linux/tty.h>
135199 +#include <linux/gracl.h>
135200 +
135201 +/* notify of brain-dead configs */
135202 +#if defined(CONFIG_DEBUG_FS) && defined(CONFIG_GRKERNSEC_KMEM)
135203 +#error "CONFIG_DEBUG_FS being enabled is a security risk when CONFIG_GRKERNSEC_KMEM is enabled"
135204 +#endif
135205 +#if defined(CONFIG_PROC_PAGE_MONITOR) && defined(CONFIG_GRKERNSEC)
135206 +#error "CONFIG_PROC_PAGE_MONITOR is a security risk"
135207 +#endif
135208 +#if defined(CONFIG_GRKERNSEC_PROC_USER) && defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
135209 +#error "CONFIG_GRKERNSEC_PROC_USER and CONFIG_GRKERNSEC_PROC_USERGROUP cannot both be enabled."
135210 +#endif
135211 +#if defined(CONFIG_GRKERNSEC_PROC) && !defined(CONFIG_GRKERNSEC_PROC_USER) && !defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
135212 +#error "CONFIG_GRKERNSEC_PROC enabled, but neither CONFIG_GRKERNSEC_PROC_USER nor CONFIG_GRKERNSEC_PROC_USERGROUP enabled"
135213 +#endif
135214 +#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
135215 +#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
135216 +#endif
135217 +#if defined(CONFIG_PAX_ASLR) && !defined(CONFIG_PAX_RANDKSTACK) && !defined(CONFIG_PAX_RANDUSTACK) && !defined(CONFIG_PAX_RANDMMAP)
135218 +#error "CONFIG_PAX_ASLR enabled, but RANDKSTACK, RANDUSTACK, and RANDMMAP are disabled."
135219 +#endif
135220 +#if defined(CONFIG_PAX) && !defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_ASLR)
135221 +#error "CONFIG_PAX enabled, but no PaX options are enabled."
135222 +#endif
135223 +
135224 +int gr_handle_new_usb(void);
135225 +
135226 +void gr_handle_brute_attach(int dumpable);
135227 +void gr_handle_brute_check(void);
135228 +void gr_handle_kernel_exploit(void);
135229 +
135230 +char gr_roletype_to_char(void);
135231 +
135232 +int gr_proc_is_restricted(void);
135233 +
135234 +int gr_acl_enable_at_secure(void);
135235 +
135236 +int gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs);
135237 +int gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs);
135238 +
135239 +int gr_learn_cap(const struct task_struct *task, const struct cred *cred, const int cap, bool log);
135240 +
135241 +void gr_del_task_from_ip_table(struct task_struct *p);
135242 +
135243 +int gr_pid_is_chrooted(struct task_struct *p);
135244 +int gr_handle_chroot_fowner(struct pid *pid, enum pid_type type);
135245 +int gr_handle_chroot_nice(void);
135246 +int gr_handle_chroot_sysctl(const int op);
135247 +int gr_handle_chroot_setpriority(struct task_struct *p,
135248 + const int niceval);
135249 +int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
135250 +int gr_chroot_pathat(int dfd, struct dentry *u_dentry, struct vfsmount *u_mnt, unsigned flags);
135251 +int gr_chroot_fhandle(void);
135252 +int gr_handle_chroot_chroot(const struct dentry *dentry,
135253 + const struct vfsmount *mnt);
135254 +void gr_handle_chroot_chdir(const struct path *path);
135255 +int gr_handle_chroot_chmod(const struct dentry *dentry,
135256 + const struct vfsmount *mnt, const int mode);
135257 +int gr_handle_chroot_mknod(const struct dentry *dentry,
135258 + const struct vfsmount *mnt, const int mode);
135259 +int gr_handle_chroot_mount(const struct dentry *dentry,
135260 + const struct vfsmount *mnt,
135261 + const char *dev_name);
135262 +int gr_handle_chroot_pivot(void);
135263 +int gr_handle_chroot_unix(const pid_t pid);
135264 +
135265 +int gr_handle_rawio(const struct inode *inode);
135266 +
135267 +void gr_handle_ioperm(void);
135268 +void gr_handle_iopl(void);
135269 +void gr_handle_msr_write(void);
135270 +
135271 +umode_t gr_acl_umask(void);
135272 +
135273 +int gr_tpe_allow(const struct file *file);
135274 +
135275 +void gr_set_chroot_entries(struct task_struct *task, const struct path *path);
135276 +void gr_clear_chroot_entries(struct task_struct *task);
135277 +
135278 +void gr_log_forkfail(const int retval);
135279 +void gr_log_timechange(void);
135280 +void gr_log_signal(const int sig, const void *addr, const struct task_struct *t);
135281 +void gr_log_chdir(const struct dentry *dentry,
135282 + const struct vfsmount *mnt);
135283 +void gr_log_chroot_exec(const struct dentry *dentry,
135284 + const struct vfsmount *mnt);
135285 +void gr_log_remount(const char *devname, const int retval);
135286 +void gr_log_unmount(const char *devname, const int retval);
135287 +void gr_log_mount(const char *from, struct path *to, const int retval);
135288 +void gr_log_textrel(struct vm_area_struct *vma, bool is_textrel_rw);
135289 +void gr_log_ptgnustack(struct file *file);
135290 +void gr_log_rwxmmap(struct file *file);
135291 +void gr_log_rwxmprotect(struct vm_area_struct *vma);
135292 +
135293 +int gr_handle_follow_link(const struct dentry *dentry,
135294 + const struct vfsmount *mnt);
135295 +int gr_handle_fifo(const struct dentry *dentry,
135296 + const struct vfsmount *mnt,
135297 + const struct dentry *dir, const int flag,
135298 + const int acc_mode);
135299 +int gr_handle_hardlink(const struct dentry *dentry,
135300 + const struct vfsmount *mnt,
135301 + const struct filename *to);
135302 +
135303 +int gr_is_capable(const int cap);
135304 +int gr_is_capable_nolog(const int cap);
135305 +int gr_task_is_capable(const struct task_struct *task, const struct cred *cred, const int cap);
135306 +int gr_task_is_capable_nolog(const struct task_struct *task, const struct cred *cred, const int cap);
135307 +
135308 +void gr_copy_label(struct task_struct *tsk);
135309 +void gr_handle_crash(struct task_struct *task, const int sig);
135310 +int gr_handle_signal(const struct task_struct *p, const int sig);
135311 +int gr_check_crash_uid(const kuid_t uid);
135312 +int gr_check_protected_task(const struct task_struct *task);
135313 +int gr_check_protected_task_fowner(struct pid *pid, enum pid_type type);
135314 +int gr_acl_handle_mmap(const struct file *file,
135315 + const unsigned long prot);
135316 +int gr_acl_handle_mprotect(const struct file *file,
135317 + const unsigned long prot);
135318 +int gr_check_hidden_task(const struct task_struct *tsk);
135319 +__u32 gr_acl_handle_truncate(const struct dentry *dentry,
135320 + const struct vfsmount *mnt);
135321 +__u32 gr_acl_handle_utime(const struct dentry *dentry,
135322 + const struct vfsmount *mnt);
135323 +__u32 gr_acl_handle_access(const struct dentry *dentry,
135324 + const struct vfsmount *mnt, const int fmode);
135325 +__u32 gr_acl_handle_chmod(const struct dentry *dentry,
135326 + const struct vfsmount *mnt, umode_t *mode);
135327 +__u32 gr_acl_handle_chown(const struct dentry *dentry,
135328 + const struct vfsmount *mnt);
135329 +__u32 gr_acl_handle_setxattr(const struct dentry *dentry,
135330 + const struct vfsmount *mnt);
135331 +__u32 gr_acl_handle_removexattr(const struct dentry *dentry,
135332 + const struct vfsmount *mnt);
135333 +int gr_handle_ptrace(struct task_struct *task, const long request);
135334 +int gr_handle_proc_ptrace(struct task_struct *task);
135335 +__u32 gr_acl_handle_execve(const struct dentry *dentry,
135336 + const struct vfsmount *mnt);
135337 +int gr_check_crash_exec(const struct file *filp);
135338 +int gr_acl_is_enabled(void);
135339 +void gr_set_role_label(struct task_struct *task, const kuid_t uid,
135340 + const kgid_t gid);
135341 +int gr_set_proc_label(const struct dentry *dentry,
135342 + const struct vfsmount *mnt,
135343 + const int unsafe_flags);
135344 +__u32 gr_acl_handle_hidden_file(const struct dentry *dentry,
135345 + const struct vfsmount *mnt);
135346 +__u32 gr_acl_handle_open(const struct dentry *dentry,
135347 + const struct vfsmount *mnt, int acc_mode);
135348 +__u32 gr_acl_handle_creat(const struct dentry *dentry,
135349 + const struct dentry *p_dentry,
135350 + const struct vfsmount *p_mnt,
135351 + int open_flags, int acc_mode, const int imode);
135352 +void gr_handle_create(const struct dentry *dentry,
135353 + const struct vfsmount *mnt);
135354 +void gr_handle_proc_create(const struct dentry *dentry,
135355 + const struct inode *inode);
135356 +__u32 gr_acl_handle_mknod(const struct dentry *new_dentry,
135357 + const struct dentry *parent_dentry,
135358 + const struct vfsmount *parent_mnt,
135359 + const int mode);
135360 +__u32 gr_acl_handle_mkdir(const struct dentry *new_dentry,
135361 + const struct dentry *parent_dentry,
135362 + const struct vfsmount *parent_mnt);
135363 +__u32 gr_acl_handle_rmdir(const struct dentry *dentry,
135364 + const struct vfsmount *mnt);
135365 +void gr_handle_delete(const u64 ino, const dev_t dev);
135366 +__u32 gr_acl_handle_unlink(const struct dentry *dentry,
135367 + const struct vfsmount *mnt);
135368 +__u32 gr_acl_handle_symlink(const struct dentry *new_dentry,
135369 + const struct dentry *parent_dentry,
135370 + const struct vfsmount *parent_mnt,
135371 + const struct filename *from);
135372 +__u32 gr_acl_handle_link(const struct dentry *new_dentry,
135373 + const struct dentry *parent_dentry,
135374 + const struct vfsmount *parent_mnt,
135375 + const struct dentry *old_dentry,
135376 + const struct vfsmount *old_mnt, const struct filename *to);
135377 +int gr_handle_symlink_owner(const struct path *link, const struct inode *target);
135378 +int gr_acl_handle_rename(struct dentry *new_dentry,
135379 + struct dentry *parent_dentry,
135380 + const struct vfsmount *parent_mnt,
135381 + struct dentry *old_dentry,
135382 + struct inode *old_parent_inode,
135383 + struct vfsmount *old_mnt, const struct filename *newname, unsigned int flags);
135384 +void gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
135385 + struct dentry *old_dentry,
135386 + struct dentry *new_dentry,
135387 + struct vfsmount *mnt, const __u8 replace, unsigned int flags);
135388 +__u32 gr_check_link(const struct dentry *new_dentry,
135389 + const struct dentry *parent_dentry,
135390 + const struct vfsmount *parent_mnt,
135391 + const struct dentry *old_dentry,
135392 + const struct vfsmount *old_mnt);
135393 +int gr_acl_handle_filldir(const struct file *file, const char *name,
135394 + const unsigned int namelen, const u64 ino);
135395 +
135396 +__u32 gr_acl_handle_unix(const struct dentry *dentry,
135397 + const struct vfsmount *mnt);
135398 +void gr_acl_handle_exit(void);
135399 +void gr_acl_handle_psacct(struct task_struct *task, const long code);
135400 +int gr_acl_handle_procpidmem(const struct task_struct *task);
135401 +int gr_handle_rofs_mount(struct dentry *dentry, struct vfsmount *mnt, int mnt_flags);
135402 +int gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode);
135403 +void gr_audit_ptrace(struct task_struct *task);
135404 +dev_t gr_get_dev_from_dentry(struct dentry *dentry);
135405 +u64 gr_get_ino_from_dentry(struct dentry *dentry);
135406 +void gr_put_exec_file(struct task_struct *task);
135407 +
135408 +int gr_get_symlinkown_enabled(void);
135409 +
135410 +int gr_ptrace_readexec(struct file *file, int unsafe_flags);
135411 +
135412 +int gr_handle_tiocsti(struct tty_struct *tty);
135413 +
135414 +void gr_inc_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt);
135415 +void gr_dec_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt);
135416 +int gr_bad_chroot_rename(struct dentry *olddentry, struct vfsmount *oldmnt,
135417 + struct dentry *newdentry, struct vfsmount *newmnt);
135418 +
135419 +#ifdef CONFIG_GRKERNSEC_RESLOG
135420 +extern void gr_log_resource(const struct task_struct *task, const int res,
135421 + const unsigned long wanted, const int gt);
135422 +#else
135423 +static inline void gr_log_resource(const struct task_struct *task, const int res,
135424 + const unsigned long wanted, const int gt)
135425 +{
135426 +}
135427 +#endif
135428 +
135429 +#ifdef CONFIG_GRKERNSEC
135430 +void task_grsec_rbac(struct seq_file *m, struct task_struct *p);
135431 +void gr_handle_vm86(void);
135432 +void gr_handle_mem_readwrite(u64 from, u64 to);
135433 +
135434 +void gr_log_badprocpid(const char *entry);
135435 +
135436 +extern int grsec_enable_dmesg;
135437 +extern int grsec_disable_privio;
135438 +
135439 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
135440 +extern kgid_t grsec_proc_gid;
135441 +#endif
135442 +
135443 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
135444 +extern int grsec_enable_chroot_findtask;
135445 +#endif
135446 +#ifdef CONFIG_GRKERNSEC_SETXID
135447 +extern int grsec_enable_setxid;
135448 +#endif
135449 +#endif
135450 +
135451 +#endif
135452 diff --git a/include/linux/grsock.h b/include/linux/grsock.h
135453 new file mode 100644
135454 index 0000000..e7ffaaf
135455 --- /dev/null
135456 +++ b/include/linux/grsock.h
135457 @@ -0,0 +1,19 @@
135458 +#ifndef __GRSOCK_H
135459 +#define __GRSOCK_H
135460 +
135461 +extern void gr_attach_curr_ip(const struct sock *sk);
135462 +extern int gr_handle_sock_all(const int family, const int type,
135463 + const int protocol);
135464 +extern int gr_handle_sock_server(const struct sockaddr *sck);
135465 +extern int gr_handle_sock_server_other(const struct sock *sck);
135466 +extern int gr_handle_sock_client(const struct sockaddr *sck);
135467 +extern int gr_search_connect(struct socket * sock,
135468 + struct sockaddr_in * addr);
135469 +extern int gr_search_bind(struct socket * sock,
135470 + struct sockaddr_in * addr);
135471 +extern int gr_search_listen(struct socket * sock);
135472 +extern int gr_search_accept(struct socket * sock);
135473 +extern int gr_search_socket(const int domain, const int type,
135474 + const int protocol);
135475 +
135476 +#endif
135477 diff --git a/include/linux/highmem.h b/include/linux/highmem.h
135478 index bb3f329..9daed55 100644
135479 --- a/include/linux/highmem.h
135480 +++ b/include/linux/highmem.h
135481 @@ -190,6 +190,18 @@ static inline void clear_highpage(struct page *page)
135482 kunmap_atomic(kaddr);
135483 }
135484
135485 +static inline void sanitize_highpage(struct page *page)
135486 +{
135487 + void *kaddr;
135488 + unsigned long flags;
135489 +
135490 + local_irq_save(flags);
135491 + kaddr = kmap_atomic(page);
135492 + clear_page(kaddr);
135493 + kunmap_atomic(kaddr);
135494 + local_irq_restore(flags);
135495 +}
135496 +
135497 static inline void zero_user_segments(struct page *page,
135498 unsigned start1, unsigned end1,
135499 unsigned start2, unsigned end2)
135500 diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h
135501 index fe99e6f..b2e62ec 100644
135502 --- a/include/linux/hugetlb.h
135503 +++ b/include/linux/hugetlb.h
135504 @@ -314,7 +314,7 @@ struct hstate {
135505 unsigned int surplus_huge_pages_node[MAX_NUMNODES];
135506 #ifdef CONFIG_CGROUP_HUGETLB
135507 /* cgroup control files */
135508 - struct cftype cgroup_files[5];
135509 + struct cftype (*cgroup_files)[5];
135510 #endif
135511 char name[HSTATE_NAME_LEN];
135512 };
135513 diff --git a/include/linux/hugetlb_cgroup.h b/include/linux/hugetlb_cgroup.h
135514 index 063962f..d34f2da 100644
135515 --- a/include/linux/hugetlb_cgroup.h
135516 +++ b/include/linux/hugetlb_cgroup.h
135517 @@ -26,6 +26,13 @@ struct hugetlb_cgroup;
135518
135519 #ifdef CONFIG_CGROUP_HUGETLB
135520
135521 +enum {
135522 + RES_USAGE,
135523 + RES_LIMIT,
135524 + RES_MAX_USAGE,
135525 + RES_FAILCNT,
135526 +};
135527 +
135528 static inline struct hugetlb_cgroup *hugetlb_cgroup_from_page(struct page *page)
135529 {
135530 VM_BUG_ON_PAGE(!PageHuge(page), page);
135531 @@ -64,6 +71,10 @@ extern void hugetlb_cgroup_file_init(void) __init;
135532 extern void hugetlb_cgroup_migrate(struct page *oldhpage,
135533 struct page *newhpage);
135534
135535 +ssize_t hugetlb_cgroup_reset(struct kernfs_open_file *of, char *buf, size_t nbytes, loff_t off);
135536 +ssize_t hugetlb_cgroup_write(struct kernfs_open_file *of, char *buf, size_t nbytes, loff_t off);
135537 +u64 hugetlb_cgroup_read_u64(struct cgroup_subsys_state *css, struct cftype *cft);
135538 +
135539 #else
135540 static inline struct hugetlb_cgroup *hugetlb_cgroup_from_page(struct page *page)
135541 {
135542 diff --git a/include/linux/hwmon-sysfs.h b/include/linux/hwmon-sysfs.h
135543 index 1c7b89a..7dda400 100644
135544 --- a/include/linux/hwmon-sysfs.h
135545 +++ b/include/linux/hwmon-sysfs.h
135546 @@ -25,7 +25,8 @@
135547 struct sensor_device_attribute{
135548 struct device_attribute dev_attr;
135549 int index;
135550 -};
135551 +} __do_const;
135552 +typedef struct sensor_device_attribute __no_const sensor_device_attribute_no_const;
135553 #define to_sensor_dev_attr(_dev_attr) \
135554 container_of(_dev_attr, struct sensor_device_attribute, dev_attr)
135555
135556 @@ -41,7 +42,8 @@ struct sensor_device_attribute_2 {
135557 struct device_attribute dev_attr;
135558 u8 index;
135559 u8 nr;
135560 -};
135561 +} __do_const;
135562 +typedef struct sensor_device_attribute_2 __no_const sensor_device_attribute_2_no_const;
135563 #define to_sensor_dev_attr_2(_dev_attr) \
135564 container_of(_dev_attr, struct sensor_device_attribute_2, dev_attr)
135565
135566 diff --git a/include/linux/i2c.h b/include/linux/i2c.h
135567 index fffdc27..122364f 100644
135568 --- a/include/linux/i2c.h
135569 +++ b/include/linux/i2c.h
135570 @@ -425,6 +425,7 @@ struct i2c_algorithm {
135571 int (*unreg_slave)(struct i2c_client *client);
135572 #endif
135573 };
135574 +typedef struct i2c_algorithm __no_const i2c_algorithm_no_const;
135575
135576 /**
135577 * struct i2c_timings - I2C timing information
135578 diff --git a/include/linux/if_pppox.h b/include/linux/if_pppox.h
135579 index ba7a9b0..33a0237 100644
135580 --- a/include/linux/if_pppox.h
135581 +++ b/include/linux/if_pppox.h
135582 @@ -78,7 +78,7 @@ struct pppox_proto {
135583 int (*ioctl)(struct socket *sock, unsigned int cmd,
135584 unsigned long arg);
135585 struct module *owner;
135586 -};
135587 +} __do_const;
135588
135589 extern int register_pppox_proto(int proto_num, const struct pppox_proto *pp);
135590 extern void unregister_pppox_proto(int proto_num);
135591 diff --git a/include/linux/init.h b/include/linux/init.h
135592 index 6935d02..5e3f46e 100644
135593 --- a/include/linux/init.h
135594 +++ b/include/linux/init.h
135595 @@ -39,7 +39,7 @@
135596
135597 /* These are for everybody (although not all archs will actually
135598 discard it in modules) */
135599 -#define __init __section(.init.text) __cold notrace
135600 +#define __init __section(.init.text) __cold notrace __latent_entropy
135601 #define __initdata __section(.init.data)
135602 #define __initconst __constsection(.init.rodata)
135603 #define __exitdata __section(.exit.data)
135604 @@ -86,7 +86,7 @@
135605 #define __exit __section(.exit.text) __exitused __cold notrace
135606
135607 /* Used for MEMORY_HOTPLUG */
135608 -#define __meminit __section(.meminit.text) __cold notrace
135609 +#define __meminit __section(.meminit.text) __cold notrace __latent_entropy
135610 #define __meminitdata __section(.meminit.data)
135611 #define __meminitconst __constsection(.meminit.rodata)
135612 #define __memexit __section(.memexit.text) __exitused __cold notrace
135613 @@ -111,6 +111,12 @@
135614 #define __REFDATA .section ".ref.data", "aw"
135615 #define __REFCONST .section ".ref.rodata", "a"
135616
135617 +#ifdef CONFIG_PAX_KERNEXEC
135618 +#define __READ_ONLY .section ".data..read_only","a",%progbits
135619 +#else
135620 +#define __READ_ONLY .section ".data..mostly","aw",%progbits
135621 +#endif
135622 +
135623 #ifndef __ASSEMBLY__
135624 /*
135625 * Used for initialization calls..
135626 diff --git a/include/linux/init_task.h b/include/linux/init_task.h
135627 index f8834f8..eb807a2 100644
135628 --- a/include/linux/init_task.h
135629 +++ b/include/linux/init_task.h
135630 @@ -159,6 +159,12 @@ extern struct task_group root_task_group;
135631
135632 #define INIT_TASK_COMM "swapper"
135633
135634 +#ifdef CONFIG_X86
135635 +#define INIT_TASK_THREAD_INFO .tinfo = INIT_THREAD_INFO,
135636 +#else
135637 +#define INIT_TASK_THREAD_INFO
135638 +#endif
135639 +
135640 #ifdef CONFIG_RT_MUTEXES
135641 # define INIT_RT_MUTEXES(tsk) \
135642 .pi_waiters = RB_ROOT, \
135643 @@ -225,6 +231,7 @@ extern struct task_group root_task_group;
135644 RCU_POINTER_INITIALIZER(cred, &init_cred), \
135645 .comm = INIT_TASK_COMM, \
135646 .thread = INIT_THREAD, \
135647 + INIT_TASK_THREAD_INFO \
135648 .fs = &init_fs, \
135649 .files = &init_files, \
135650 .signal = &init_signals, \
135651 diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h
135652 index b6683f0..9c8f391 100644
135653 --- a/include/linux/interrupt.h
135654 +++ b/include/linux/interrupt.h
135655 @@ -454,8 +454,8 @@ extern const char * const softirq_to_name[NR_SOFTIRQS];
135656
135657 struct softirq_action
135658 {
135659 - void (*action)(struct softirq_action *);
135660 -};
135661 + void (*action)(void);
135662 +} __no_const;
135663
135664 asmlinkage void do_softirq(void);
135665 asmlinkage void __do_softirq(void);
135666 @@ -469,7 +469,7 @@ static inline void do_softirq_own_stack(void)
135667 }
135668 #endif
135669
135670 -extern void open_softirq(int nr, void (*action)(struct softirq_action *));
135671 +extern void open_softirq(int nr, void (*action)(void));
135672 extern void softirq_init(void);
135673 extern void __raise_softirq_irqoff(unsigned int nr);
135674
135675 diff --git a/include/linux/iommu.h b/include/linux/iommu.h
135676 index a35fb8b..bceb84f 100644
135677 --- a/include/linux/iommu.h
135678 +++ b/include/linux/iommu.h
135679 @@ -202,7 +202,7 @@ struct iommu_ops {
135680 int (*of_xlate)(struct device *dev, struct of_phandle_args *args);
135681
135682 unsigned long pgsize_bitmap;
135683 -};
135684 +} __do_const;
135685
135686 #define IOMMU_GROUP_NOTIFY_ADD_DEVICE 1 /* Device added */
135687 #define IOMMU_GROUP_NOTIFY_DEL_DEVICE 2 /* Pre Device removed */
135688 diff --git a/include/linux/ioport.h b/include/linux/ioport.h
135689 index 6230064..1ccafa4 100644
135690 --- a/include/linux/ioport.h
135691 +++ b/include/linux/ioport.h
135692 @@ -190,7 +190,7 @@ struct resource *lookup_resource(struct resource *root, resource_size_t start);
135693 int adjust_resource(struct resource *res, resource_size_t start,
135694 resource_size_t size);
135695 resource_size_t resource_alignment(struct resource *res);
135696 -static inline resource_size_t resource_size(const struct resource *res)
135697 +static inline resource_size_t __intentional_overflow(-1) resource_size(const struct resource *res)
135698 {
135699 return res->end - res->start + 1;
135700 }
135701 diff --git a/include/linux/ipc.h b/include/linux/ipc.h
135702 index 9d84942..12d5bdf 100644
135703 --- a/include/linux/ipc.h
135704 +++ b/include/linux/ipc.h
135705 @@ -19,8 +19,8 @@ struct kern_ipc_perm
135706 kuid_t cuid;
135707 kgid_t cgid;
135708 umode_t mode;
135709 - unsigned long seq;
135710 + unsigned long seq __intentional_overflow(-1);
135711 void *security;
135712 -};
135713 +} __randomize_layout;
135714
135715 #endif /* _LINUX_IPC_H */
135716 diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h
135717 index d10e54f..c68f8af 100644
135718 --- a/include/linux/ipc_namespace.h
135719 +++ b/include/linux/ipc_namespace.h
135720 @@ -60,7 +60,7 @@ struct ipc_namespace {
135721 struct user_namespace *user_ns;
135722
135723 struct ns_common ns;
135724 -};
135725 +} __randomize_layout;
135726
135727 extern struct ipc_namespace init_ipc_ns;
135728 extern spinlock_t mq_lock;
135729 diff --git a/include/linux/irq.h b/include/linux/irq.h
135730 index 0ac26c8..3bb92a3 100644
135731 --- a/include/linux/irq.h
135732 +++ b/include/linux/irq.h
135733 @@ -408,7 +408,10 @@ struct irq_chip {
135734 void (*ipi_send_mask)(struct irq_data *data, const struct cpumask *dest);
135735
135736 unsigned long flags;
135737 -};
135738 +} __do_const;
135739 +#ifndef _LINUX_IRQDOMAIN_H
135740 +typedef struct irq_chip __no_const irq_chip_no_const;
135741 +#endif
135742
135743 /*
135744 * irq_chip specific flags
135745 diff --git a/include/linux/irqchip/mmp.h b/include/linux/irqchip/mmp.h
135746 index c78a892..124e0b7 100644
135747 --- a/include/linux/irqchip/mmp.h
135748 +++ b/include/linux/irqchip/mmp.h
135749 @@ -1,6 +1,6 @@
135750 #ifndef __IRQCHIP_MMP_H
135751 #define __IRQCHIP_MMP_H
135752
135753 -extern struct irq_chip icu_irq_chip;
135754 +extern irq_chip_no_const icu_irq_chip;
135755
135756 #endif /* __IRQCHIP_MMP_H */
135757 diff --git a/include/linux/irqdesc.h b/include/linux/irqdesc.h
135758 index b51beeb..72974cf 100644
135759 --- a/include/linux/irqdesc.h
135760 +++ b/include/linux/irqdesc.h
135761 @@ -62,7 +62,7 @@ struct irq_desc {
135762 unsigned int irq_count; /* For detecting broken IRQs */
135763 unsigned long last_unhandled; /* Aging timer for unhandled count */
135764 unsigned int irqs_unhandled;
135765 - atomic_t threads_handled;
135766 + atomic_unchecked_t threads_handled;
135767 int threads_handled_last;
135768 raw_spinlock_t lock;
135769 struct cpumask *percpu_enabled;
135770 diff --git a/include/linux/irqdomain.h b/include/linux/irqdomain.h
135771 index ffb8460..1ef1031 100644
135772 --- a/include/linux/irqdomain.h
135773 +++ b/include/linux/irqdomain.h
135774 @@ -38,6 +38,9 @@ struct device_node;
135775 struct irq_domain;
135776 struct of_device_id;
135777 struct irq_chip;
135778 +#ifndef _LINUX_IRQ_H
135779 +typedef struct irq_chip __no_const irq_chip_no_const;
135780 +#endif
135781 struct irq_data;
135782 struct cpumask;
135783
135784 diff --git a/include/linux/jbd2.h b/include/linux/jbd2.h
135785 index dfaa1f4..a66f30d 100644
135786 --- a/include/linux/jbd2.h
135787 +++ b/include/linux/jbd2.h
135788 @@ -676,7 +676,7 @@ struct transaction_s
135789 /*
135790 * How many handles used this transaction? [t_handle_lock]
135791 */
135792 - atomic_t t_handle_count;
135793 + atomic_unchecked_t t_handle_count;
135794
135795 /*
135796 * This transaction is being forced and some process is
135797 diff --git a/include/linux/jiffies.h b/include/linux/jiffies.h
135798 index 5fdc553..766e169 100644
135799 --- a/include/linux/jiffies.h
135800 +++ b/include/linux/jiffies.h
135801 @@ -284,19 +284,19 @@ extern unsigned long preset_lpj;
135802 extern unsigned int jiffies_to_msecs(const unsigned long j);
135803 extern unsigned int jiffies_to_usecs(const unsigned long j);
135804
135805 -static inline u64 jiffies_to_nsecs(const unsigned long j)
135806 +static inline u64 __intentional_overflow(-1) jiffies_to_nsecs(const unsigned long j)
135807 {
135808 return (u64)jiffies_to_usecs(j) * NSEC_PER_USEC;
135809 }
135810
135811 -extern unsigned long __msecs_to_jiffies(const unsigned int m);
135812 +extern unsigned long __msecs_to_jiffies(const unsigned int m) __intentional_overflow(-1);
135813 #if HZ <= MSEC_PER_SEC && !(MSEC_PER_SEC % HZ)
135814 /*
135815 * HZ is equal to or smaller than 1000, and 1000 is a nice round
135816 * multiple of HZ, divide with the factor between them, but round
135817 * upwards:
135818 */
135819 -static inline unsigned long _msecs_to_jiffies(const unsigned int m)
135820 +static inline unsigned long __intentional_overflow(-1) _msecs_to_jiffies(const unsigned int m)
135821 {
135822 return (m + (MSEC_PER_SEC / HZ) - 1) / (MSEC_PER_SEC / HZ);
135823 }
135824 @@ -307,7 +307,7 @@ static inline unsigned long _msecs_to_jiffies(const unsigned int m)
135825 *
135826 * But first make sure the multiplication result cannot overflow:
135827 */
135828 -static inline unsigned long _msecs_to_jiffies(const unsigned int m)
135829 +static inline unsigned long __intentional_overflow(-1) _msecs_to_jiffies(const unsigned int m)
135830 {
135831 if (m > jiffies_to_msecs(MAX_JIFFY_OFFSET))
135832 return MAX_JIFFY_OFFSET;
135833 @@ -318,7 +318,7 @@ static inline unsigned long _msecs_to_jiffies(const unsigned int m)
135834 * Generic case - multiply, round and divide. But first check that if
135835 * we are doing a net multiplication, that we wouldn't overflow:
135836 */
135837 -static inline unsigned long _msecs_to_jiffies(const unsigned int m)
135838 +static inline unsigned long __intentional_overflow(-1) _msecs_to_jiffies(const unsigned int m)
135839 {
135840 if (HZ > MSEC_PER_SEC && m > jiffies_to_msecs(MAX_JIFFY_OFFSET))
135841 return MAX_JIFFY_OFFSET;
135842 @@ -362,14 +362,14 @@ static __always_inline unsigned long msecs_to_jiffies(const unsigned int m)
135843 }
135844 }
135845
135846 -extern unsigned long __usecs_to_jiffies(const unsigned int u);
135847 +extern unsigned long __usecs_to_jiffies(const unsigned int u) __intentional_overflow(-1);
135848 #if !(USEC_PER_SEC % HZ)
135849 -static inline unsigned long _usecs_to_jiffies(const unsigned int u)
135850 +static inline unsigned long __intentional_overflow(-1) _usecs_to_jiffies(const unsigned int u)
135851 {
135852 return (u + (USEC_PER_SEC / HZ) - 1) / (USEC_PER_SEC / HZ);
135853 }
135854 #else
135855 -static inline unsigned long _usecs_to_jiffies(const unsigned int u)
135856 +static inline unsigned long __intentional_overflow(-1) _usecs_to_jiffies(const unsigned int u)
135857 {
135858 return (USEC_TO_HZ_MUL32 * u + USEC_TO_HZ_ADJ32)
135859 >> USEC_TO_HZ_SHR32;
135860 diff --git a/include/linux/kallsyms.h b/include/linux/kallsyms.h
135861 index 6883e19..d2c7746 100644
135862 --- a/include/linux/kallsyms.h
135863 +++ b/include/linux/kallsyms.h
135864 @@ -15,7 +15,8 @@
135865
135866 struct module;
135867
135868 -#ifdef CONFIG_KALLSYMS
135869 +#if !defined(__INCLUDED_BY_HIDESYM) || !defined(CONFIG_KALLSYMS)
135870 +#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
135871 /* Lookup the address for a symbol. Returns 0 if not found. */
135872 unsigned long kallsyms_lookup_name(const char *name);
135873
135874 @@ -40,7 +41,7 @@ extern int sprint_symbol_no_offset(char *buffer, unsigned long address);
135875 extern int sprint_backtrace(char *buffer, unsigned long address);
135876
135877 /* Look up a kernel symbol and print it to the kernel messages. */
135878 -extern void __print_symbol(const char *fmt, unsigned long address);
135879 +extern __printf(1, 3) void __print_symbol(const char *fmt, unsigned long address, ...);
135880
135881 int lookup_symbol_name(unsigned long addr, char *symname);
135882 int lookup_symbol_attrs(unsigned long addr, unsigned long *size, unsigned long *offset, char *modname, char *name);
135883 @@ -104,21 +105,26 @@ static inline int lookup_symbol_attrs(unsigned long addr, unsigned long *size, u
135884 }
135885
135886 /* Stupid that this does nothing, but I didn't create this mess. */
135887 -#define __print_symbol(fmt, addr)
135888 +#define __print_symbol(fmt, addr, args...)
135889 #endif /*CONFIG_KALLSYMS*/
135890 +#else /* when included by kallsyms.c, vsnprintf.c, kprobes.c, or
135891 + arch/x86/kernel/dumpstack.c, with HIDESYM enabled */
135892 +extern unsigned long kallsyms_lookup_name(const char *name);
135893 +extern __printf(1, 3) void __print_symbol(const char *fmt, unsigned long address, ...);
135894 +extern int sprint_backtrace(char *buffer, unsigned long address);
135895 +extern int sprint_symbol(char *buffer, unsigned long address);
135896 +extern int sprint_symbol_no_offset(char *buffer, unsigned long address);
135897 +const char *kallsyms_lookup(unsigned long addr,
135898 + unsigned long *symbolsize,
135899 + unsigned long *offset,
135900 + char **modname, char *namebuf);
135901 +extern int kallsyms_lookup_size_offset(unsigned long addr,
135902 + unsigned long *symbolsize,
135903 + unsigned long *offset);
135904 +#endif
135905
135906 -/* This macro allows us to keep printk typechecking */
135907 -static __printf(1, 2)
135908 -void __check_printsym_format(const char *fmt, ...)
135909 -{
135910 -}
135911 -
135912 -static inline void print_symbol(const char *fmt, unsigned long addr)
135913 -{
135914 - __check_printsym_format(fmt, "");
135915 - __print_symbol(fmt, (unsigned long)
135916 - __builtin_extract_return_addr((void *)addr));
135917 -}
135918 +#define print_symbol(fmt, addr) \
135919 + __print_symbol(fmt, addr, "")
135920
135921 static inline void print_ip_sym(unsigned long ip)
135922 {
135923 diff --git a/include/linux/key-type.h b/include/linux/key-type.h
135924 index eaee981..d1d24c3 100644
135925 --- a/include/linux/key-type.h
135926 +++ b/include/linux/key-type.h
135927 @@ -45,7 +45,7 @@ struct key_preparsed_payload {
135928 size_t datalen; /* Raw datalen */
135929 size_t quotalen; /* Quota length for proposed payload */
135930 time_t expiry; /* Expiry time of key */
135931 -};
135932 +} __randomize_layout;
135933
135934 typedef int (*request_key_actor_t)(struct key_construction *key,
135935 const char *op, void *aux);
135936 @@ -150,7 +150,7 @@ struct key_type {
135937 /* internal fields */
135938 struct list_head link; /* link in types list */
135939 struct lock_class_key lock_class; /* key->sem lock class */
135940 -};
135941 +} __do_const __randomize_layout;
135942
135943 extern struct key_type key_type_keyring;
135944
135945 diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h
135946 index e465bb1..19f605fd 100644
135947 --- a/include/linux/kgdb.h
135948 +++ b/include/linux/kgdb.h
135949 @@ -52,7 +52,7 @@ extern int kgdb_connected;
135950 extern int kgdb_io_module_registered;
135951
135952 extern atomic_t kgdb_setting_breakpoint;
135953 -extern atomic_t kgdb_cpu_doing_single_step;
135954 +extern atomic_unchecked_t kgdb_cpu_doing_single_step;
135955
135956 extern struct task_struct *kgdb_usethread;
135957 extern struct task_struct *kgdb_contthread;
135958 @@ -254,7 +254,7 @@ struct kgdb_arch {
135959 void (*correct_hw_break)(void);
135960
135961 void (*enable_nmi)(bool on);
135962 -};
135963 +} __do_const;
135964
135965 /**
135966 * struct kgdb_io - Describe the interface for an I/O driver to talk with KGDB.
135967 @@ -279,7 +279,7 @@ struct kgdb_io {
135968 void (*pre_exception) (void);
135969 void (*post_exception) (void);
135970 int is_console;
135971 -};
135972 +} __do_const;
135973
135974 extern struct kgdb_arch arch_kgdb_ops;
135975
135976 diff --git a/include/linux/kmemleak.h b/include/linux/kmemleak.h
135977 index 4894c68..7824e6a 100644
135978 --- a/include/linux/kmemleak.h
135979 +++ b/include/linux/kmemleak.h
135980 @@ -27,7 +27,7 @@
135981
135982 extern void kmemleak_init(void) __init;
135983 extern void kmemleak_alloc(const void *ptr, size_t size, int min_count,
135984 - gfp_t gfp) __ref;
135985 + gfp_t gfp) __ref __size_overflow(2);
135986 extern void kmemleak_alloc_percpu(const void __percpu *ptr, size_t size,
135987 gfp_t gfp) __ref;
135988 extern void kmemleak_free(const void *ptr) __ref;
135989 @@ -63,7 +63,7 @@ static inline void kmemleak_erase(void **ptr)
135990 static inline void kmemleak_init(void)
135991 {
135992 }
135993 -static inline void kmemleak_alloc(const void *ptr, size_t size, int min_count,
135994 +static inline void __size_overflow(2) kmemleak_alloc(const void *ptr, size_t size, int min_count,
135995 gfp_t gfp)
135996 {
135997 }
135998 diff --git a/include/linux/kmod.h b/include/linux/kmod.h
135999 index fcfd2bf..e4f5edb 100644
136000 --- a/include/linux/kmod.h
136001 +++ b/include/linux/kmod.h
136002 @@ -34,6 +34,8 @@ extern char modprobe_path[]; /* for sysctl */
136003 * usually useless though. */
136004 extern __printf(2, 3)
136005 int __request_module(bool wait, const char *name, ...);
136006 +extern __printf(3, 4)
136007 +int ___request_module(bool wait, char *param_name, const char *name, ...);
136008 #define request_module(mod...) __request_module(true, mod)
136009 #define request_module_nowait(mod...) __request_module(false, mod)
136010 #define try_then_request_module(x, mod...) \
136011 @@ -57,6 +59,9 @@ struct subprocess_info {
136012 struct work_struct work;
136013 struct completion *complete;
136014 char *path;
136015 +#ifdef CONFIG_GRKERNSEC
136016 + char *origpath;
136017 +#endif
136018 char **argv;
136019 char **envp;
136020 int wait;
136021 @@ -64,7 +69,7 @@ struct subprocess_info {
136022 int (*init)(struct subprocess_info *info, struct cred *new);
136023 void (*cleanup)(struct subprocess_info *info);
136024 void *data;
136025 -};
136026 +} __randomize_layout;
136027
136028 extern int
136029 call_usermodehelper(char *path, char **argv, char **envp, int wait);
136030 diff --git a/include/linux/kobject.h b/include/linux/kobject.h
136031 index e628459..9d45d56 100644
136032 --- a/include/linux/kobject.h
136033 +++ b/include/linux/kobject.h
136034 @@ -119,7 +119,7 @@ struct kobj_type {
136035 struct attribute **default_attrs;
136036 const struct kobj_ns_type_operations *(*child_ns_type)(struct kobject *kobj);
136037 const void *(*namespace)(struct kobject *kobj);
136038 -};
136039 +} __do_const;
136040
136041 struct kobj_uevent_env {
136042 char *argv[3];
136043 @@ -143,6 +143,14 @@ struct kobj_attribute {
136044 ssize_t (*store)(struct kobject *kobj, struct kobj_attribute *attr,
136045 const char *buf, size_t count);
136046 };
136047 +typedef struct kobj_attribute __no_const kobj_attribute_no_const;
136048 +
136049 +#define KOBJECT_ATTR(_name, _mode, _show, _store) \
136050 + struct kobj_attribute dev_attr_##_name = __ATTR(_name, _mode, _show, _store)
136051 +#define KOBJECT_ATTR_RW(_name) \
136052 + struct kobj_attribute dev_attr_##_name = __ATTR_RW(_name)
136053 +#define KOBJECT_ATTR_RO(_name) \
136054 + struct kobj_attribute dev_attr_##_name = __ATTR_RO(_name)
136055
136056 extern const struct sysfs_ops kobj_sysfs_ops;
136057
136058 @@ -170,7 +178,7 @@ struct kset {
136059 spinlock_t list_lock;
136060 struct kobject kobj;
136061 const struct kset_uevent_ops *uevent_ops;
136062 -};
136063 +} __randomize_layout;
136064
136065 extern void kset_init(struct kset *kset);
136066 extern int __must_check kset_register(struct kset *kset);
136067 diff --git a/include/linux/kobject_ns.h b/include/linux/kobject_ns.h
136068 index df32d25..fb52e27 100644
136069 --- a/include/linux/kobject_ns.h
136070 +++ b/include/linux/kobject_ns.h
136071 @@ -44,7 +44,7 @@ struct kobj_ns_type_operations {
136072 const void *(*netlink_ns)(struct sock *sk);
136073 const void *(*initial_ns)(void);
136074 void (*drop_ns)(void *);
136075 -};
136076 +} __do_const;
136077
136078 int kobj_ns_type_register(const struct kobj_ns_type_operations *ops);
136079 int kobj_ns_type_registered(enum kobj_ns_type type);
136080 diff --git a/include/linux/kref.h b/include/linux/kref.h
136081 index e15828f..531fd0a 100644
136082 --- a/include/linux/kref.h
136083 +++ b/include/linux/kref.h
136084 @@ -67,7 +67,7 @@ static inline void kref_get(struct kref *kref)
136085 static inline int kref_sub(struct kref *kref, unsigned int count,
136086 void (*release)(struct kref *kref))
136087 {
136088 - WARN_ON(release == NULL);
136089 + BUG_ON(release == NULL);
136090
136091 if (atomic_sub_and_test((int) count, &kref->refcount)) {
136092 release(kref);
136093 diff --git a/include/linux/libata.h b/include/linux/libata.h
136094 index e37d4f9..0a24569 100644
136095 --- a/include/linux/libata.h
136096 +++ b/include/linux/libata.h
136097 @@ -997,7 +997,7 @@ struct ata_port_operations {
136098 * fields must be pointers.
136099 */
136100 const struct ata_port_operations *inherits;
136101 -};
136102 +} __do_const;
136103
136104 struct ata_port_info {
136105 unsigned long flags;
136106 diff --git a/include/linux/linkage.h b/include/linux/linkage.h
136107 index a6a42dd..9787403 100644
136108 --- a/include/linux/linkage.h
136109 +++ b/include/linux/linkage.h
136110 @@ -5,6 +5,7 @@
136111 #include <linux/stringify.h>
136112 #include <linux/export.h>
136113 #include <asm/linkage.h>
136114 +#include <asm/bitsperlong.h>
136115
136116 /* Some toolchains use other characters (e.g. '`') to mark new line in macro */
136117 #ifndef ASM_NL
136118 @@ -36,6 +37,7 @@
136119 #endif
136120
136121 #define __page_aligned_data __section(.data..page_aligned) __aligned(PAGE_SIZE)
136122 +#define __page_aligned_rodata __read_only __aligned(PAGE_SIZE)
136123 #define __page_aligned_bss __section(.bss..page_aligned) __aligned(PAGE_SIZE)
136124
136125 /*
136126 @@ -79,17 +81,40 @@
136127 #define ALIGN_STR __ALIGN_STR
136128
136129 #ifndef ENTRY
136130 -#define ENTRY(name) \
136131 +#define __ENTRY(name, rap_hash) \
136132 .globl name ASM_NL \
136133 ALIGN ASM_NL \
136134 + rap_hash \
136135 name:
136136 +
136137 +#define ENTRY(name) __ENTRY(name,)
136138 +
136139 #endif
136140 +
136141 #endif /* LINKER_SCRIPT */
136142
136143 #ifndef WEAK
136144 -#define WEAK(name) \
136145 - .weak name ASM_NL \
136146 +#define __WEAK(name, rap_hash) \
136147 + .weak name ASM_NL \
136148 + rap_hash \
136149 name:
136150 +
136151 +#define WEAK(name) __WEAK(name, )
136152 +#endif
136153 +
136154 +#ifdef CONFIG_PAX_RAP
136155 +#if BITS_PER_LONG == 64
136156 +#define __ASM_RAP_HASH(hash) .quad 0, hash ASM_NL
136157 +#elif BITS_PER_LONG == 32
136158 +#define __ASM_RAP_HASH(hash) .long 0, 0, 0, hash ASM_NL
136159 +#else
136160 +#error incompatible BITS_PER_LONG
136161 +#endif
136162 +#define RAP_ENTRY(name) __ENTRY(name, __ASM_RAP_HASH(__rap_hash_##name))
136163 +#define RAP_WEAK(name) __WEAK(name, __ASM_RAP_HASH(__rap_hash_##name))
136164 +#else
136165 +#define RAP_ENTRY(name) ENTRY(name)
136166 +#define RAP_WEAK(name) WEAK(name)
136167 #endif
136168
136169 #ifndef END
136170 diff --git a/include/linux/list.h b/include/linux/list.h
136171 index 5183138..645f33d 100644
136172 --- a/include/linux/list.h
136173 +++ b/include/linux/list.h
136174 @@ -113,6 +113,19 @@ extern void __list_del_entry(struct list_head *entry);
136175 extern void list_del(struct list_head *entry);
136176 #endif
136177
136178 +extern void __pax_list_add(struct list_head *new,
136179 + struct list_head *prev,
136180 + struct list_head *next);
136181 +static inline void pax_list_add(struct list_head *new, struct list_head *head)
136182 +{
136183 + __pax_list_add(new, head, head->next);
136184 +}
136185 +static inline void pax_list_add_tail(struct list_head *new, struct list_head *head)
136186 +{
136187 + __pax_list_add(new, head->prev, head);
136188 +}
136189 +extern void pax_list_del(struct list_head *entry);
136190 +
136191 /**
136192 * list_replace - replace old entry by new one
136193 * @old : the element to be replaced
136194 @@ -146,6 +159,8 @@ static inline void list_del_init(struct list_head *entry)
136195 INIT_LIST_HEAD(entry);
136196 }
136197
136198 +extern void pax_list_del_init(struct list_head *entry);
136199 +
136200 /**
136201 * list_move - delete from one list and add as another's head
136202 * @list: the entry to move
136203 diff --git a/include/linux/llist.h b/include/linux/llist.h
136204 index fd4ca0b..d77d4a8 100644
136205 --- a/include/linux/llist.h
136206 +++ b/include/linux/llist.h
136207 @@ -168,6 +168,10 @@ static inline struct llist_node *llist_next(struct llist_node *node)
136208 extern bool llist_add_batch(struct llist_node *new_first,
136209 struct llist_node *new_last,
136210 struct llist_head *head);
136211 +
136212 +extern bool pax_llist_add_batch(struct llist_node *new_first,
136213 + struct llist_node *new_last,
136214 + struct llist_head *head);
136215 /**
136216 * llist_add - add a new entry
136217 * @new: new entry to be added
136218 @@ -180,6 +184,11 @@ static inline bool llist_add(struct llist_node *new, struct llist_head *head)
136219 return llist_add_batch(new, new, head);
136220 }
136221
136222 +static inline bool pax_llist_add(struct llist_node *new, struct llist_head *head)
136223 +{
136224 + return pax_llist_add_batch(new, new, head);
136225 +}
136226 +
136227 /**
136228 * llist_del_all - delete all entries from lock-less list
136229 * @head: the head of lock-less list to delete all entries
136230 diff --git a/include/linux/lockd/xdr.h b/include/linux/lockd/xdr.h
136231 index d39ed1c..8b5d98f 100644
136232 --- a/include/linux/lockd/xdr.h
136233 +++ b/include/linux/lockd/xdr.h
136234 @@ -95,24 +95,24 @@ struct nlm_reboot {
136235 */
136236 #define NLMSVC_XDRSIZE sizeof(struct nlm_args)
136237
136238 -int nlmsvc_decode_testargs(struct svc_rqst *, __be32 *, struct nlm_args *);
136239 -int nlmsvc_encode_testres(struct svc_rqst *, __be32 *, struct nlm_res *);
136240 -int nlmsvc_decode_lockargs(struct svc_rqst *, __be32 *, struct nlm_args *);
136241 -int nlmsvc_decode_cancargs(struct svc_rqst *, __be32 *, struct nlm_args *);
136242 -int nlmsvc_decode_unlockargs(struct svc_rqst *, __be32 *, struct nlm_args *);
136243 -int nlmsvc_encode_res(struct svc_rqst *, __be32 *, struct nlm_res *);
136244 -int nlmsvc_decode_res(struct svc_rqst *, __be32 *, struct nlm_res *);
136245 -int nlmsvc_encode_void(struct svc_rqst *, __be32 *, void *);
136246 -int nlmsvc_decode_void(struct svc_rqst *, __be32 *, void *);
136247 -int nlmsvc_decode_shareargs(struct svc_rqst *, __be32 *, struct nlm_args *);
136248 -int nlmsvc_encode_shareres(struct svc_rqst *, __be32 *, struct nlm_res *);
136249 -int nlmsvc_decode_notify(struct svc_rqst *, __be32 *, struct nlm_args *);
136250 -int nlmsvc_decode_reboot(struct svc_rqst *, __be32 *, struct nlm_reboot *);
136251 +int nlmsvc_decode_testargs(void *, __be32 *, void *);
136252 +int nlmsvc_encode_testres(void *, __be32 *, void *);
136253 +int nlmsvc_decode_lockargs(void *, __be32 *, void *);
136254 +int nlmsvc_decode_cancargs(void *, __be32 *, void *);
136255 +int nlmsvc_decode_unlockargs(void *, __be32 *, void *);
136256 +int nlmsvc_encode_res(void *, __be32 *, void *);
136257 +int nlmsvc_decode_res(void *, __be32 *, void *);
136258 +int nlmsvc_encode_void(void *, __be32 *p, void *);
136259 +int nlmsvc_decode_void(void *, __be32 *, void *);
136260 +int nlmsvc_decode_shareargs(void *, __be32 *, void *);
136261 +int nlmsvc_encode_shareres(void *, __be32 *, void *);
136262 +int nlmsvc_decode_notify(void *, __be32 *, void *);
136263 +int nlmsvc_decode_reboot(void *, __be32 *, void *);
136264 /*
136265 -int nlmclt_encode_testargs(struct rpc_rqst *, u32 *, struct nlm_args *);
136266 -int nlmclt_encode_lockargs(struct rpc_rqst *, u32 *, struct nlm_args *);
136267 -int nlmclt_encode_cancargs(struct rpc_rqst *, u32 *, struct nlm_args *);
136268 -int nlmclt_encode_unlockargs(struct rpc_rqst *, u32 *, struct nlm_args *);
136269 +int nlmclt_encode_testargs(void *, u32 *, void *);
136270 +int nlmclt_encode_lockargs(void *, u32 *, void *);
136271 +int nlmclt_encode_cancargs(void *, u32 *, void *);
136272 +int nlmclt_encode_unlockargs(void *, u32 *, void *);
136273 */
136274
136275 #endif /* LOCKD_XDR_H */
136276 diff --git a/include/linux/lockd/xdr4.h b/include/linux/lockd/xdr4.h
136277 index e58c88b..759ca71 100644
136278 --- a/include/linux/lockd/xdr4.h
136279 +++ b/include/linux/lockd/xdr4.h
136280 @@ -23,24 +23,24 @@
136281
136282
136283
136284 -int nlm4svc_decode_testargs(struct svc_rqst *, __be32 *, struct nlm_args *);
136285 -int nlm4svc_encode_testres(struct svc_rqst *, __be32 *, struct nlm_res *);
136286 -int nlm4svc_decode_lockargs(struct svc_rqst *, __be32 *, struct nlm_args *);
136287 -int nlm4svc_decode_cancargs(struct svc_rqst *, __be32 *, struct nlm_args *);
136288 -int nlm4svc_decode_unlockargs(struct svc_rqst *, __be32 *, struct nlm_args *);
136289 -int nlm4svc_encode_res(struct svc_rqst *, __be32 *, struct nlm_res *);
136290 -int nlm4svc_decode_res(struct svc_rqst *, __be32 *, struct nlm_res *);
136291 -int nlm4svc_encode_void(struct svc_rqst *, __be32 *, void *);
136292 -int nlm4svc_decode_void(struct svc_rqst *, __be32 *, void *);
136293 -int nlm4svc_decode_shareargs(struct svc_rqst *, __be32 *, struct nlm_args *);
136294 -int nlm4svc_encode_shareres(struct svc_rqst *, __be32 *, struct nlm_res *);
136295 -int nlm4svc_decode_notify(struct svc_rqst *, __be32 *, struct nlm_args *);
136296 -int nlm4svc_decode_reboot(struct svc_rqst *, __be32 *, struct nlm_reboot *);
136297 +int nlm4svc_decode_testargs(void *, __be32 *, void *);
136298 +int nlm4svc_encode_testres(void *, __be32 *, void *);
136299 +int nlm4svc_decode_lockargs(void *, __be32 *, void *);
136300 +int nlm4svc_decode_cancargs(void *, __be32 *, void *);
136301 +int nlm4svc_decode_unlockargs(void *, __be32 *, void *);
136302 +int nlm4svc_encode_res(void *, __be32 *, void *);
136303 +int nlm4svc_decode_res(void *, __be32 *, void *);
136304 +int nlm4svc_encode_void(void *, __be32 *, void *);
136305 +int nlm4svc_decode_void(void *, __be32 *, void *);
136306 +int nlm4svc_decode_shareargs(void *, __be32 *, void *);
136307 +int nlm4svc_encode_shareres(void *, __be32 *, void *);
136308 +int nlm4svc_decode_notify(void *, __be32 *, void *);
136309 +int nlm4svc_decode_reboot(void *, __be32 *, void *);
136310 /*
136311 -int nlmclt_encode_testargs(struct rpc_rqst *, u32 *, struct nlm_args *);
136312 -int nlmclt_encode_lockargs(struct rpc_rqst *, u32 *, struct nlm_args *);
136313 -int nlmclt_encode_cancargs(struct rpc_rqst *, u32 *, struct nlm_args *);
136314 -int nlmclt_encode_unlockargs(struct rpc_rqst *, u32 *, struct nlm_args *);
136315 +int nlmclt_encode_testargs(void *, u32 *, void *);
136316 +int nlmclt_encode_lockargs(void *, u32 *, void *);
136317 +int nlmclt_encode_cancargs(void *, u32 *, void *);
136318 +int nlmclt_encode_unlockargs(void *, u32 *, void *);
136319 */
136320 extern const struct rpc_version nlm_version4;
136321
136322 diff --git a/include/linux/lockref.h b/include/linux/lockref.h
136323 index b10b122..d37b3de 100644
136324 --- a/include/linux/lockref.h
136325 +++ b/include/linux/lockref.h
136326 @@ -28,7 +28,7 @@ struct lockref {
136327 #endif
136328 struct {
136329 spinlock_t lock;
136330 - int count;
136331 + atomic_t count;
136332 };
136333 };
136334 };
136335 @@ -43,9 +43,29 @@ extern void lockref_mark_dead(struct lockref *);
136336 extern int lockref_get_not_dead(struct lockref *);
136337
136338 /* Must be called under spinlock for reliable results */
136339 -static inline int __lockref_is_dead(const struct lockref *l)
136340 +static inline int __lockref_is_dead(const struct lockref *lockref)
136341 {
136342 - return ((int)l->count < 0);
136343 + return atomic_read(&lockref->count) < 0;
136344 +}
136345 +
136346 +static inline int __lockref_read(const struct lockref *lockref)
136347 +{
136348 + return atomic_read(&lockref->count);
136349 +}
136350 +
136351 +static inline void __lockref_set(struct lockref *lockref, int count)
136352 +{
136353 + atomic_set(&lockref->count, count);
136354 +}
136355 +
136356 +static inline void __lockref_inc(struct lockref *lockref)
136357 +{
136358 + atomic_inc(&lockref->count);
136359 +}
136360 +
136361 +static inline void __lockref_dec(struct lockref *lockref)
136362 +{
136363 + atomic_dec(&lockref->count);
136364 }
136365
136366 #endif /* __LINUX_LOCKREF_H */
136367 diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
136368 index 101bf19..feb307e 100644
136369 --- a/include/linux/lsm_hooks.h
136370 +++ b/include/linux/lsm_hooks.h
136371 @@ -1831,7 +1831,7 @@ struct security_hook_heads {
136372 struct list_head audit_rule_match;
136373 struct list_head audit_rule_free;
136374 #endif /* CONFIG_AUDIT */
136375 -};
136376 +} __randomize_layout;
136377
136378 /*
136379 * Security module hook list structure.
136380 @@ -1841,7 +1841,7 @@ struct security_hook_list {
136381 struct list_head list;
136382 struct list_head *head;
136383 union security_list_options hook;
136384 -};
136385 +} __randomize_layout;
136386
136387 /*
136388 * Initializing a security_hook_list structure takes
136389 diff --git a/include/linux/math64.h b/include/linux/math64.h
136390 index 6e8b5b2..8e8a37d 100644
136391 --- a/include/linux/math64.h
136392 +++ b/include/linux/math64.h
136393 @@ -15,7 +15,7 @@
136394 * This is commonly provided by 32bit archs to provide an optimized 64bit
136395 * divide.
136396 */
136397 -static inline u64 div_u64_rem(u64 dividend, u32 divisor, u32 *remainder)
136398 +static inline u64 __intentional_overflow(-1) div_u64_rem(u64 dividend, u32 divisor, u32 *remainder)
136399 {
136400 *remainder = dividend % divisor;
136401 return dividend / divisor;
136402 @@ -42,7 +42,7 @@ static inline u64 div64_u64_rem(u64 dividend, u64 divisor, u64 *remainder)
136403 /**
136404 * div64_u64 - unsigned 64bit divide with 64bit divisor
136405 */
136406 -static inline u64 div64_u64(u64 dividend, u64 divisor)
136407 +static inline u64 __intentional_overflow(-1) div64_u64(u64 dividend, u64 divisor)
136408 {
136409 return dividend / divisor;
136410 }
136411 @@ -61,7 +61,7 @@ static inline s64 div64_s64(s64 dividend, s64 divisor)
136412 #define div64_ul(x, y) div_u64((x), (y))
136413
136414 #ifndef div_u64_rem
136415 -static inline u64 div_u64_rem(u64 dividend, u32 divisor, u32 *remainder)
136416 +static inline u64 __intentional_overflow(-1) div_u64_rem(u64 dividend, u32 divisor, u32 *remainder)
136417 {
136418 *remainder = do_div(dividend, divisor);
136419 return dividend;
136420 @@ -77,7 +77,7 @@ extern u64 div64_u64_rem(u64 dividend, u64 divisor, u64 *remainder);
136421 #endif
136422
136423 #ifndef div64_u64
136424 -extern u64 div64_u64(u64 dividend, u64 divisor);
136425 +extern u64 __intentional_overflow(-1) div64_u64(u64 dividend, u64 divisor);
136426 #endif
136427
136428 #ifndef div64_s64
136429 @@ -94,7 +94,7 @@ extern s64 div64_s64(s64 dividend, s64 divisor);
136430 * divide.
136431 */
136432 #ifndef div_u64
136433 -static inline u64 div_u64(u64 dividend, u32 divisor)
136434 +static inline u64 __intentional_overflow(-1) div_u64(u64 dividend, u32 divisor)
136435 {
136436 u32 remainder;
136437 return div_u64_rem(dividend, divisor, &remainder);
136438 diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h
136439 index 5d8ca6e..0b2174b 100644
136440 --- a/include/linux/memcontrol.h
136441 +++ b/include/linux/memcontrol.h
136442 @@ -258,7 +258,7 @@ struct mem_cgroup {
136443 int last_scanned_node;
136444 #if MAX_NUMNODES > 1
136445 nodemask_t scan_nodes;
136446 - atomic_t numainfo_events;
136447 + atomic64_t numainfo_events;
136448 atomic_t numainfo_updating;
136449 #endif
136450
136451 diff --git a/include/linux/memory.h b/include/linux/memory.h
136452 index 093607f..9717227 100644
136453 --- a/include/linux/memory.h
136454 +++ b/include/linux/memory.h
136455 @@ -126,7 +126,7 @@ extern struct memory_block *find_memory_block(struct mem_section *);
136456
136457 #ifdef CONFIG_MEMORY_HOTPLUG
136458 #define hotplug_memory_notifier(fn, pri) ({ \
136459 - static __meminitdata struct notifier_block fn##_mem_nb =\
136460 + static __meminitconst struct notifier_block fn##_mem_nb =\
136461 { .notifier_call = fn, .priority = pri };\
136462 register_memory_notifier(&fn##_mem_nb); \
136463 })
136464 diff --git a/include/linux/mempolicy.h b/include/linux/mempolicy.h
136465 index 5e5b296..629113f 100644
136466 --- a/include/linux/mempolicy.h
136467 +++ b/include/linux/mempolicy.h
136468 @@ -91,6 +91,10 @@ static inline struct mempolicy *mpol_dup(struct mempolicy *pol)
136469 }
136470
136471 #define vma_policy(vma) ((vma)->vm_policy)
136472 +static inline void set_vma_policy(struct vm_area_struct *vma, struct mempolicy *pol)
136473 +{
136474 + vma->vm_policy = pol;
136475 +}
136476
136477 static inline void mpol_get(struct mempolicy *pol)
136478 {
136479 @@ -236,6 +240,9 @@ mpol_shared_policy_lookup(struct shared_policy *sp, unsigned long idx)
136480 }
136481
136482 #define vma_policy(vma) NULL
136483 +static inline void set_vma_policy(struct vm_area_struct *vma, struct mempolicy *pol)
136484 +{
136485 +}
136486
136487 static inline int
136488 vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst)
136489 diff --git a/include/linux/mm.h b/include/linux/mm.h
136490 index 277cd39..27ecb26 100644
136491 --- a/include/linux/mm.h
136492 +++ b/include/linux/mm.h
136493 @@ -107,6 +107,7 @@ extern int mmap_rnd_compat_bits __read_mostly;
136494 #define DEFAULT_MAX_MAP_COUNT (USHRT_MAX - MAPCOUNT_ELF_CORE_MARGIN)
136495
136496 extern int sysctl_max_map_count;
136497 +extern unsigned long sysctl_heap_stack_gap;
136498
136499 extern unsigned long sysctl_user_reserve_kbytes;
136500 extern unsigned long sysctl_admin_reserve_kbytes;
136501 @@ -182,6 +183,11 @@ extern unsigned int kobjsize(const void *objp);
136502 #define VM_ACCOUNT 0x00100000 /* Is a VM accounted object */
136503 #define VM_NORESERVE 0x00200000 /* should the VM suppress accounting */
136504 #define VM_HUGETLB 0x00400000 /* Huge TLB Page VM */
136505 +
136506 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
136507 +#define VM_PAGEEXEC 0x00800000 /* vma->vm_page_prot needs special handling */
136508 +#endif
136509 +
136510 #define VM_ARCH_1 0x01000000 /* Architecture-specific flag */
136511 #define VM_ARCH_2 0x02000000
136512 #define VM_DONTDUMP 0x04000000 /* Do not include in the core dump */
136513 @@ -364,8 +370,8 @@ struct vm_operations_struct {
136514 /* called by access_process_vm when get_user_pages() fails, typically
136515 * for use by special VMAs that can switch between memory and hardware
136516 */
136517 - int (*access)(struct vm_area_struct *vma, unsigned long addr,
136518 - void *buf, int len, int write);
136519 + ssize_t (*access)(struct vm_area_struct *vma, unsigned long addr,
136520 + void *buf, size_t len, int write);
136521
136522 /* Called by the /proc/PID/maps code to ask the vma whether it
136523 * has a special name. Returning non-NULL will also cause this
136524 @@ -403,6 +409,7 @@ struct vm_operations_struct {
136525 struct page *(*find_special_page)(struct vm_area_struct *vma,
136526 unsigned long addr);
136527 };
136528 +typedef struct vm_operations_struct __no_const vm_operations_struct_no_const;
136529
136530 struct mmu_gather;
136531 struct inode;
136532 @@ -1237,8 +1244,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address,
136533 unsigned long *pfn);
136534 int follow_phys(struct vm_area_struct *vma, unsigned long address,
136535 unsigned int flags, unsigned long *prot, resource_size_t *phys);
136536 -int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
136537 - void *buf, int len, int write);
136538 +ssize_t generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
136539 + void *buf, size_t len, int write);
136540
136541 static inline void unmap_shared_mapping_range(struct address_space *mapping,
136542 loff_t const holebegin, loff_t const holelen)
136543 @@ -1278,9 +1285,9 @@ static inline int fixup_user_fault(struct task_struct *tsk,
136544 }
136545 #endif
136546
136547 -extern int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write);
136548 -extern int access_remote_vm(struct mm_struct *mm, unsigned long addr,
136549 - void *buf, int len, int write);
136550 +extern ssize_t access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, size_t len, int write);
136551 +extern ssize_t access_remote_vm(struct mm_struct *mm, unsigned long addr,
136552 + void *buf, size_t len, int write);
136553
136554 long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
136555 unsigned long start, unsigned long nr_pages,
136556 @@ -1370,39 +1377,11 @@ int clear_page_dirty_for_io(struct page *page);
136557
136558 int get_cmdline(struct task_struct *task, char *buffer, int buflen);
136559
136560 -/* Is the vma a continuation of the stack vma above it? */
136561 -static inline int vma_growsdown(struct vm_area_struct *vma, unsigned long addr)
136562 -{
136563 - return vma && (vma->vm_end == addr) && (vma->vm_flags & VM_GROWSDOWN);
136564 -}
136565 -
136566 static inline bool vma_is_anonymous(struct vm_area_struct *vma)
136567 {
136568 return !vma->vm_ops;
136569 }
136570
136571 -static inline int stack_guard_page_start(struct vm_area_struct *vma,
136572 - unsigned long addr)
136573 -{
136574 - return (vma->vm_flags & VM_GROWSDOWN) &&
136575 - (vma->vm_start == addr) &&
136576 - !vma_growsdown(vma->vm_prev, addr);
136577 -}
136578 -
136579 -/* Is the vma a continuation of the stack vma below it? */
136580 -static inline int vma_growsup(struct vm_area_struct *vma, unsigned long addr)
136581 -{
136582 - return vma && (vma->vm_start == addr) && (vma->vm_flags & VM_GROWSUP);
136583 -}
136584 -
136585 -static inline int stack_guard_page_end(struct vm_area_struct *vma,
136586 - unsigned long addr)
136587 -{
136588 - return (vma->vm_flags & VM_GROWSUP) &&
136589 - (vma->vm_end == addr) &&
136590 - !vma_growsup(vma->vm_next, addr);
136591 -}
136592 -
136593 int vma_is_stack_for_task(struct vm_area_struct *vma, struct task_struct *t);
136594
136595 extern unsigned long move_page_tables(struct vm_area_struct *vma,
136596 @@ -1547,8 +1526,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd,
136597 {
136598 return 0;
136599 }
136600 +
136601 +static inline int __pud_alloc_kernel(struct mm_struct *mm, pgd_t *pgd,
136602 + unsigned long address)
136603 +{
136604 + return 0;
136605 +}
136606 #else
136607 int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address);
136608 +int __pud_alloc_kernel(struct mm_struct *mm, pgd_t *pgd, unsigned long address);
136609 #endif
136610
136611 #if defined(__PAGETABLE_PMD_FOLDED) || !defined(CONFIG_MMU)
136612 @@ -1558,6 +1544,12 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud,
136613 return 0;
136614 }
136615
136616 +static inline int __pmd_alloc_kernel(struct mm_struct *mm, pud_t *pud,
136617 + unsigned long address)
136618 +{
136619 + return 0;
136620 +}
136621 +
136622 static inline void mm_nr_pmds_init(struct mm_struct *mm) {}
136623
136624 static inline unsigned long mm_nr_pmds(struct mm_struct *mm)
136625 @@ -1570,6 +1562,7 @@ static inline void mm_dec_nr_pmds(struct mm_struct *mm) {}
136626
136627 #else
136628 int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address);
136629 +int __pmd_alloc_kernel(struct mm_struct *mm, pud_t *pud, unsigned long address);
136630
136631 static inline void mm_nr_pmds_init(struct mm_struct *mm)
136632 {
136633 @@ -1606,11 +1599,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a
136634 NULL: pud_offset(pgd, address);
136635 }
136636
136637 +static inline pud_t *pud_alloc_kernel(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
136638 +{
136639 + return (unlikely(pgd_none(*pgd)) && __pud_alloc_kernel(mm, pgd, address))?
136640 + NULL: pud_offset(pgd, address);
136641 +}
136642 +
136643 static inline pmd_t *pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
136644 {
136645 return (unlikely(pud_none(*pud)) && __pmd_alloc(mm, pud, address))?
136646 NULL: pmd_offset(pud, address);
136647 }
136648 +
136649 +static inline pmd_t *pmd_alloc_kernel(struct mm_struct *mm, pud_t *pud, unsigned long address)
136650 +{
136651 + return (unlikely(pud_none(*pud)) && __pmd_alloc_kernel(mm, pud, address))?
136652 + NULL: pmd_offset(pud, address);
136653 +}
136654 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */
136655
136656 #if USE_SPLIT_PTE_PTLOCKS
136657 @@ -1995,12 +2000,23 @@ extern struct vm_area_struct *copy_vma(struct vm_area_struct **,
136658 bool *need_rmap_locks);
136659 extern void exit_mmap(struct mm_struct *);
136660
136661 +#if defined(CONFIG_GRKERNSEC) && (defined(CONFIG_GRKERNSEC_RESLOG) || !defined(CONFIG_GRKERNSEC_NO_RBAC))
136662 +extern void gr_learn_resource(const struct task_struct *task, const int res,
136663 + const unsigned long wanted, const int gt);
136664 +#else
136665 +static inline void gr_learn_resource(const struct task_struct *task, const int res,
136666 + const unsigned long wanted, const int gt)
136667 +{
136668 +}
136669 +#endif
136670 +
136671 static inline int check_data_rlimit(unsigned long rlim,
136672 unsigned long new,
136673 unsigned long start,
136674 unsigned long end_data,
136675 unsigned long start_data)
136676 {
136677 + gr_learn_resource(current, RLIMIT_DATA, (new - start) + (end_data - start_data), 1);
136678 if (rlim < RLIM_INFINITY) {
136679 if (((new - start) + (end_data - start_data)) > rlim)
136680 return -ENOSPC;
136681 @@ -2036,6 +2052,7 @@ extern unsigned long do_mmap(struct file *file, unsigned long addr,
136682 unsigned long len, unsigned long prot, unsigned long flags,
136683 vm_flags_t vm_flags, unsigned long pgoff, unsigned long *populate);
136684 extern int do_munmap(struct mm_struct *, unsigned long, size_t);
136685 +extern int __do_munmap(struct mm_struct *, unsigned long, size_t);
136686
136687 static inline unsigned long
136688 do_mmap_pgoff(struct file *file, unsigned long addr,
136689 @@ -2072,10 +2089,11 @@ struct vm_unmapped_area_info {
136690 unsigned long high_limit;
136691 unsigned long align_mask;
136692 unsigned long align_offset;
136693 + unsigned long threadstack_offset;
136694 };
136695
136696 -extern unsigned long unmapped_area(struct vm_unmapped_area_info *info);
136697 -extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info);
136698 +extern unsigned long unmapped_area(const struct vm_unmapped_area_info *info);
136699 +extern unsigned long unmapped_area_topdown(const struct vm_unmapped_area_info *info);
136700
136701 /*
136702 * Search for an unmapped address range.
136703 @@ -2087,7 +2105,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info);
136704 * - satisfies (begin_addr & align_mask) == (align_offset & align_mask)
136705 */
136706 static inline unsigned long
136707 -vm_unmapped_area(struct vm_unmapped_area_info *info)
136708 +vm_unmapped_area(const struct vm_unmapped_area_info *info)
136709 {
136710 if (info->flags & VM_UNMAPPED_AREA_TOPDOWN)
136711 return unmapped_area_topdown(info);
136712 @@ -2148,6 +2166,9 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
136713 extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
136714 struct vm_area_struct **pprev);
136715
136716 +extern struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma);
136717 +extern __must_check long pax_mirror_vma(struct vm_area_struct *vma_m, struct vm_area_struct *vma);
136718 +
136719 /* Look up the first VMA which intersects the interval start_addr..end_addr-1,
136720 NULL if none. Assume start_addr < end_addr. */
136721 static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
136722 @@ -2177,10 +2198,10 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
136723 }
136724
136725 #ifdef CONFIG_MMU
136726 -pgprot_t vm_get_page_prot(unsigned long vm_flags);
136727 +pgprot_t vm_get_page_prot(vm_flags_t vm_flags);
136728 void vma_set_page_prot(struct vm_area_struct *vma);
136729 #else
136730 -static inline pgprot_t vm_get_page_prot(unsigned long vm_flags)
136731 +static inline pgprot_t vm_get_page_prot(vm_flags_t vm_flags)
136732 {
136733 return __pgprot(0);
136734 }
136735 @@ -2366,7 +2387,7 @@ extern int get_hwpoison_page(struct page *page);
136736 extern int sysctl_memory_failure_early_kill;
136737 extern int sysctl_memory_failure_recovery;
136738 extern void shake_page(struct page *p, int access);
136739 -extern atomic_long_t num_poisoned_pages;
136740 +extern atomic_long_unchecked_t num_poisoned_pages;
136741 extern int soft_offline_page(struct page *page, int flags);
136742
136743
136744 @@ -2454,5 +2475,11 @@ void __init setup_nr_node_ids(void);
136745 static inline void setup_nr_node_ids(void) {}
136746 #endif
136747
136748 +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
136749 +extern void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot);
136750 +#else
136751 +static inline void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot) {}
136752 +#endif
136753 +
136754 #endif /* __KERNEL__ */
136755 #endif /* _LINUX_MM_H */
136756 diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
136757 index 903200f..c868416 100644
136758 --- a/include/linux/mm_types.h
136759 +++ b/include/linux/mm_types.h
136760 @@ -358,7 +358,9 @@ struct vm_area_struct {
136761 struct mempolicy *vm_policy; /* NUMA policy for the VMA */
136762 #endif
136763 struct vm_userfaultfd_ctx vm_userfaultfd_ctx;
136764 -};
136765 +
136766 + struct vm_area_struct *vm_mirror;/* PaX: mirror vma or NULL */
136767 +} __randomize_layout;
136768
136769 struct core_thread {
136770 struct task_struct *task;
136771 @@ -518,7 +520,25 @@ struct mm_struct {
136772 #ifdef CONFIG_MMU
136773 struct work_struct async_put_work;
136774 #endif
136775 -};
136776 +
136777 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
136778 + unsigned long pax_flags;
136779 +#endif
136780 +
136781 +#ifdef CONFIG_PAX_DLRESOLVE
136782 + unsigned long call_dl_resolve;
136783 +#endif
136784 +
136785 +#if defined(CONFIG_PPC32) && defined(CONFIG_PAX_EMUSIGRT)
136786 + unsigned long call_syscall;
136787 +#endif
136788 +
136789 +#ifdef CONFIG_PAX_ASLR
136790 + unsigned long delta_mmap; /* randomized offset */
136791 + unsigned long delta_stack; /* randomized offset */
136792 +#endif
136793 +
136794 +} __randomize_layout;
136795
136796 static inline void mm_init_cpumask(struct mm_struct *mm)
136797 {
136798 diff --git a/include/linux/mmiotrace.h b/include/linux/mmiotrace.h
136799 index 3ba327a..85cd5ce 100644
136800 --- a/include/linux/mmiotrace.h
136801 +++ b/include/linux/mmiotrace.h
136802 @@ -46,7 +46,7 @@ extern int kmmio_handler(struct pt_regs *regs, unsigned long addr);
136803 /* Called from ioremap.c */
136804 extern void mmiotrace_ioremap(resource_size_t offset, unsigned long size,
136805 void __iomem *addr);
136806 -extern void mmiotrace_iounmap(volatile void __iomem *addr);
136807 +extern void mmiotrace_iounmap(const volatile void __iomem *addr);
136808
136809 /* For anyone to insert markers. Remember trailing newline. */
136810 extern __printf(1, 2) int mmiotrace_printk(const char *fmt, ...);
136811 @@ -66,7 +66,7 @@ static inline void mmiotrace_ioremap(resource_size_t offset,
136812 {
136813 }
136814
136815 -static inline void mmiotrace_iounmap(volatile void __iomem *addr)
136816 +static inline void mmiotrace_iounmap(const volatile void __iomem *addr)
136817 {
136818 }
136819
136820 diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
136821 index 7f2ae99..27ca9cf 100644
136822 --- a/include/linux/mmzone.h
136823 +++ b/include/linux/mmzone.h
136824 @@ -517,7 +517,7 @@ struct zone {
136825
136826 ZONE_PADDING(_pad3_)
136827 /* Zone statistics */
136828 - atomic_long_t vm_stat[NR_VM_ZONE_STAT_ITEMS];
136829 + atomic_long_unchecked_t vm_stat[NR_VM_ZONE_STAT_ITEMS];
136830 } ____cacheline_internodealigned_in_smp;
136831
136832 enum pgdat_flags {
136833 @@ -721,7 +721,7 @@ typedef struct pglist_data {
136834
136835 /* Per-node vmstats */
136836 struct per_cpu_nodestat __percpu *per_cpu_nodestats;
136837 - atomic_long_t vm_stat[NR_VM_NODE_STAT_ITEMS];
136838 + atomic_long_unchecked_t vm_stat[NR_VM_NODE_STAT_ITEMS];
136839 } pg_data_t;
136840
136841 #define node_present_pages(nid) (NODE_DATA(nid)->node_present_pages)
136842 diff --git a/include/linux/mod_devicetable.h b/include/linux/mod_devicetable.h
136843 index ed84c07..c29bce4 100644
136844 --- a/include/linux/mod_devicetable.h
136845 +++ b/include/linux/mod_devicetable.h
136846 @@ -139,7 +139,7 @@ struct usb_device_id {
136847 #define USB_DEVICE_ID_MATCH_INT_PROTOCOL 0x0200
136848 #define USB_DEVICE_ID_MATCH_INT_NUMBER 0x0400
136849
136850 -#define HID_ANY_ID (~0)
136851 +#define HID_ANY_ID (~0U)
136852 #define HID_BUS_ANY 0xffff
136853 #define HID_GROUP_ANY 0x0000
136854
136855 @@ -480,7 +480,7 @@ struct dmi_system_id {
136856 const char *ident;
136857 struct dmi_strmatch matches[4];
136858 void *driver_data;
136859 -};
136860 +} __do_const;
136861 /*
136862 * struct dmi_device_id appears during expansion of
136863 * "MODULE_DEVICE_TABLE(dmi, x)". Compiler doesn't look inside it
136864 diff --git a/include/linux/module.h b/include/linux/module.h
136865 index 0c3207d..18808a5 100644
136866 --- a/include/linux/module.h
136867 +++ b/include/linux/module.h
136868 @@ -20,9 +20,11 @@
136869 #include <linux/export.h>
136870 #include <linux/extable.h> /* only as arch move module.h -> extable.h */
136871 #include <linux/rbtree_latch.h>
136872 +#include <linux/fs.h>
136873
136874 #include <linux/percpu.h>
136875 #include <asm/module.h>
136876 +#include <asm/pgtable.h>
136877
136878 /* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
136879 #define MODULE_SIG_STRING "~Module signature appended~\n"
136880 @@ -46,7 +48,7 @@ struct module_kobject {
136881 struct kobject *drivers_dir;
136882 struct module_param_attrs *mp;
136883 struct completion *kobj_completion;
136884 -};
136885 +} __randomize_layout;
136886
136887 struct module_attribute {
136888 struct attribute attr;
136889 @@ -58,12 +60,13 @@ struct module_attribute {
136890 int (*test)(struct module *);
136891 void (*free)(struct module *);
136892 };
136893 +typedef struct module_attribute __no_const module_attribute_no_const;
136894
136895 struct module_version_attribute {
136896 struct module_attribute mattr;
136897 const char *module_name;
136898 const char *version;
136899 -} __attribute__ ((__aligned__(sizeof(void *))));
136900 +} __do_const __attribute__ ((__aligned__(sizeof(void *))));
136901
136902 extern ssize_t __modver_version_show(struct module_attribute *,
136903 struct module_kobject *, char *);
136904 @@ -290,19 +293,18 @@ struct mod_tree_node {
136905 };
136906
136907 struct module_layout {
136908 - /* The actual code + data. */
136909 - void *base;
136910 - /* Total size. */
136911 - unsigned int size;
136912 - /* The size of the executable code. */
136913 - unsigned int text_size;
136914 - /* Size of RO section of the module (text+rodata) */
136915 - unsigned int ro_size;
136916 - /* Size of RO after init section */
136917 - unsigned int ro_after_init_size;
136918 + /* The actual code. */
136919 + void *base_rx;
136920 + /* The actual data. */
136921 + void *base_rw;
136922 + /* Code size. */
136923 + unsigned int size_rx;
136924 + /* Data size. */
136925 + unsigned int size_rw;
136926
136927 #ifdef CONFIG_MODULES_TREE_LOOKUP
136928 - struct mod_tree_node mtn;
136929 + struct mod_tree_node mtn_rx;
136930 + struct mod_tree_node mtn_rw;
136931 #endif
136932 };
136933
136934 @@ -339,7 +341,7 @@ struct module {
136935
136936 /* Sysfs stuff. */
136937 struct module_kobject mkobj;
136938 - struct module_attribute *modinfo_attrs;
136939 + module_attribute_no_const *modinfo_attrs;
136940 const char *version;
136941 const char *srcversion;
136942 struct kobject *holders_dir;
136943 @@ -447,6 +449,10 @@ struct module {
136944 unsigned int num_trace_events;
136945 struct trace_enum_map **trace_enums;
136946 unsigned int num_trace_enums;
136947 + struct file_operations trace_id;
136948 + struct file_operations trace_enable;
136949 + struct file_operations trace_format;
136950 + struct file_operations trace_filter;
136951 #endif
136952 #ifdef CONFIG_FTRACE_MCOUNT_RECORD
136953 unsigned int num_ftrace_callsites;
136954 @@ -478,7 +484,8 @@ struct module {
136955 ctor_fn_t *ctors;
136956 unsigned int num_ctors;
136957 #endif
136958 -} ____cacheline_aligned;
136959 +} ____cacheline_aligned __randomize_layout;
136960 +
136961 #ifndef MODULE_ARCH_INIT
136962 #define MODULE_ARCH_INIT {}
136963 #endif
136964 @@ -499,18 +506,38 @@ bool is_module_address(unsigned long addr);
136965 bool is_module_percpu_address(unsigned long addr);
136966 bool is_module_text_address(unsigned long addr);
136967
136968 +static inline int within_module_range(unsigned long addr, void *start, unsigned long size)
136969 +{
136970 +
136971 +#ifdef CONFIG_PAX_KERNEXEC
136972 + if (ktla_ktva(addr) >= (unsigned long)start &&
136973 + ktla_ktva(addr) < (unsigned long)start + size)
136974 + return 1;
136975 +#endif
136976 +
136977 + return ((void *)addr >= start && (void *)addr < start + size);
136978 +}
136979 +
136980 +static inline int within_module_rx(unsigned long addr, const struct module_layout *layout)
136981 +{
136982 + return within_module_range(addr, layout->base_rx, layout->size_rx);
136983 +}
136984 +
136985 +static inline int within_module_rw(unsigned long addr, const struct module_layout *layout)
136986 +{
136987 + return within_module_range(addr, layout->base_rw, layout->size_rw);
136988 +}
136989 +
136990 static inline bool within_module_core(unsigned long addr,
136991 const struct module *mod)
136992 {
136993 - return (unsigned long)mod->core_layout.base <= addr &&
136994 - addr < (unsigned long)mod->core_layout.base + mod->core_layout.size;
136995 + return within_module_rx(addr, &mod->core_layout) || within_module_rw(addr, &mod->core_layout);
136996 }
136997
136998 static inline bool within_module_init(unsigned long addr,
136999 const struct module *mod)
137000 {
137001 - return (unsigned long)mod->init_layout.base <= addr &&
137002 - addr < (unsigned long)mod->init_layout.base + mod->init_layout.size;
137003 + return within_module_rx(addr, &mod->init_layout) || within_module_rw(addr, &mod->init_layout);
137004 }
137005
137006 static inline bool within_module(unsigned long addr, const struct module *mod)
137007 diff --git a/include/linux/moduleloader.h b/include/linux/moduleloader.h
137008 index 4d0cb9b..3169ac7 100644
137009 --- a/include/linux/moduleloader.h
137010 +++ b/include/linux/moduleloader.h
137011 @@ -25,9 +25,21 @@ unsigned int arch_mod_section_prepend(struct module *mod, unsigned int section);
137012 sections. Returns NULL on failure. */
137013 void *module_alloc(unsigned long size);
137014
137015 +#ifdef CONFIG_PAX_KERNEXEC
137016 +void *module_alloc_exec(unsigned long size);
137017 +#else
137018 +#define module_alloc_exec(x) module_alloc(x)
137019 +#endif
137020 +
137021 /* Free memory returned from module_alloc. */
137022 void module_memfree(void *module_region);
137023
137024 +#ifdef CONFIG_PAX_KERNEXEC
137025 +void module_memfree_exec(void *module_region);
137026 +#else
137027 +#define module_memfree_exec(x) module_memfree((x))
137028 +#endif
137029 +
137030 /*
137031 * Apply the given relocation to the (simplified) ELF. Return -error
137032 * or 0.
137033 @@ -45,8 +57,10 @@ static inline int apply_relocate(Elf_Shdr *sechdrs,
137034 unsigned int relsec,
137035 struct module *me)
137036 {
137037 +#ifdef CONFIG_MODULES
137038 printk(KERN_ERR "module %s: REL relocation unsupported\n",
137039 module_name(me));
137040 +#endif
137041 return -ENOEXEC;
137042 }
137043 #endif
137044 @@ -68,8 +82,10 @@ static inline int apply_relocate_add(Elf_Shdr *sechdrs,
137045 unsigned int relsec,
137046 struct module *me)
137047 {
137048 +#ifdef CONFIG_MODULES
137049 printk(KERN_ERR "module %s: REL relocation unsupported\n",
137050 module_name(me));
137051 +#endif
137052 return -ENOEXEC;
137053 }
137054 #endif
137055 diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h
137056 index 52666d9..f10563b 100644
137057 --- a/include/linux/moduleparam.h
137058 +++ b/include/linux/moduleparam.h
137059 @@ -54,7 +54,7 @@ struct kernel_param_ops {
137060 int (*get)(char *buffer, const struct kernel_param *kp);
137061 /* Optional function to free kp->arg when module unloaded. */
137062 void (*free)(void *arg);
137063 -};
137064 +} __do_const;
137065
137066 /*
137067 * Flags available for kernel_param
137068 @@ -226,15 +226,15 @@ struct kparam_array
137069
137070 /* Obsolete - use module_param_cb() */
137071 #define module_param_call(name, set, get, arg, perm) \
137072 - static const struct kernel_param_ops __param_ops_##name = \
137073 - { .flags = 0, (void *)set, (void *)get }; \
137074 + static const struct kernel_param_ops __param_ops_##name = \
137075 + { .flags = 0, set, get }; \
137076 __module_param_call(MODULE_PARAM_PREFIX, \
137077 name, &__param_ops_##name, arg, \
137078 (perm) + sizeof(__check_old_set_param(set))*0, -1, 0)
137079
137080 /* We don't get oldget: it's often a new-style param_get_uint, etc. */
137081 static inline int
137082 -__check_old_set_param(int (*oldset)(const char *, struct kernel_param *))
137083 +__check_old_set_param(int (*oldset)(const char *, const struct kernel_param *))
137084 {
137085 return 0;
137086 }
137087 @@ -289,7 +289,7 @@ static inline void kernel_param_unlock(struct module *mod)
137088 * @len is usually just sizeof(string).
137089 */
137090 #define module_param_string(name, string, len, perm) \
137091 - static const struct kparam_string __param_string_##name \
137092 + static const struct kparam_string __param_string_##name __used \
137093 = { len, string }; \
137094 __module_param_call(MODULE_PARAM_PREFIX, name, \
137095 &param_ops_string, \
137096 @@ -441,7 +441,7 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp);
137097 */
137098 #define module_param_array_named(name, array, type, nump, perm) \
137099 param_check_##type(name, &(array)[0]); \
137100 - static const struct kparam_array __param_arr_##name \
137101 + static const struct kparam_array __param_arr_##name __used \
137102 = { .max = ARRAY_SIZE(array), .num = nump, \
137103 .ops = &param_ops_##type, \
137104 .elemsize = sizeof(array[0]), .elem = array }; \
137105 diff --git a/include/linux/mount.h b/include/linux/mount.h
137106 index 54a594d..1f7fa02 100644
137107 --- a/include/linux/mount.h
137108 +++ b/include/linux/mount.h
137109 @@ -67,7 +67,7 @@ struct vfsmount {
137110 struct dentry *mnt_root; /* root of the mounted tree */
137111 struct super_block *mnt_sb; /* pointer to superblock */
137112 int mnt_flags;
137113 -};
137114 +} __randomize_layout;
137115
137116 struct file; /* forward dec */
137117 struct path;
137118 diff --git a/include/linux/msg.h b/include/linux/msg.h
137119 index f3f302f..a001305 100644
137120 --- a/include/linux/msg.h
137121 +++ b/include/linux/msg.h
137122 @@ -29,7 +29,7 @@ struct msg_queue {
137123 struct list_head q_messages;
137124 struct list_head q_receivers;
137125 struct list_head q_senders;
137126 -};
137127 +} __randomize_layout;
137128
137129 /* Helper routines for sys_msgsnd and sys_msgrcv */
137130 extern long do_msgsnd(int msqid, long mtype, void __user *mtext,
137131 diff --git a/include/linux/net.h b/include/linux/net.h
137132 index b9f0ff4..fd3f501 100644
137133 --- a/include/linux/net.h
137134 +++ b/include/linux/net.h
137135 @@ -196,7 +196,7 @@ struct net_proto_family {
137136 int (*create)(struct net *net, struct socket *sock,
137137 int protocol, int kern);
137138 struct module *owner;
137139 -};
137140 +} __do_const;
137141
137142 struct iovec;
137143 struct kvec;
137144 diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
137145 index e8d79d4..d9519a7 100644
137146 --- a/include/linux/netdevice.h
137147 +++ b/include/linux/netdevice.h
137148 @@ -1307,6 +1307,7 @@ struct net_device_ops {
137149 int (*ndo_xdp)(struct net_device *dev,
137150 struct netdev_xdp *xdp);
137151 };
137152 +typedef struct net_device_ops __no_const net_device_ops_no_const;
137153
137154 /**
137155 * enum net_device_priv_flags - &struct net_device priv_flags
137156 @@ -1636,7 +1637,7 @@ struct net_device {
137157 unsigned long base_addr;
137158 int irq;
137159
137160 - atomic_t carrier_changes;
137161 + atomic_unchecked_t carrier_changes;
137162
137163 /*
137164 * Some hardware also needs these fields (state,dev_list,
137165 @@ -1676,9 +1677,9 @@ struct net_device {
137166
137167 struct net_device_stats stats;
137168
137169 - atomic_long_t rx_dropped;
137170 - atomic_long_t tx_dropped;
137171 - atomic_long_t rx_nohandler;
137172 + atomic_long_unchecked_t rx_dropped;
137173 + atomic_long_unchecked_t tx_dropped;
137174 + atomic_long_unchecked_t rx_nohandler;
137175
137176 #ifdef CONFIG_WIRELESS_EXT
137177 const struct iw_handler_def *wireless_handlers;
137178 @@ -4218,7 +4219,7 @@ static inline bool netif_reduces_vlan_mtu(struct net_device *dev)
137179 return dev->priv_flags & IFF_MACSEC;
137180 }
137181
137182 -extern struct pernet_operations __net_initdata loopback_net_ops;
137183 +extern struct pernet_operations __net_initconst loopback_net_ops;
137184
137185 /* Logging, debugging and troubleshooting/diagnostic helpers. */
137186
137187 diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
137188 index 9230f9a..065b8f8 100644
137189 --- a/include/linux/netfilter.h
137190 +++ b/include/linux/netfilter.h
137191 @@ -119,7 +119,7 @@ struct nf_sockopt_ops {
137192 #endif
137193 /* Use the module struct to lock set/get code in place */
137194 struct module *owner;
137195 -};
137196 +} __do_const;
137197
137198 /* Function to register/unregister hook points. */
137199 int nf_register_net_hook(struct net *net, const struct nf_hook_ops *ops);
137200 diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h
137201 index 83b9a2e..5266f3b 100644
137202 --- a/include/linux/netfilter/ipset/ip_set.h
137203 +++ b/include/linux/netfilter/ipset/ip_set.h
137204 @@ -104,8 +104,8 @@ struct ip_set_ext {
137205 };
137206
137207 struct ip_set_counter {
137208 - atomic64_t bytes;
137209 - atomic64_t packets;
137210 + atomic64_unchecked_t bytes;
137211 + atomic64_unchecked_t packets;
137212 };
137213
137214 struct ip_set_comment_rcu {
137215 @@ -297,25 +297,25 @@ ip_set_put_flags(struct sk_buff *skb, struct ip_set *set)
137216 static inline void
137217 ip_set_add_bytes(u64 bytes, struct ip_set_counter *counter)
137218 {
137219 - atomic64_add((long long)bytes, &(counter)->bytes);
137220 + atomic64_add_unchecked((long long)bytes, &(counter)->bytes);
137221 }
137222
137223 static inline void
137224 ip_set_add_packets(u64 packets, struct ip_set_counter *counter)
137225 {
137226 - atomic64_add((long long)packets, &(counter)->packets);
137227 + atomic64_add_unchecked((long long)packets, &(counter)->packets);
137228 }
137229
137230 static inline u64
137231 ip_set_get_bytes(const struct ip_set_counter *counter)
137232 {
137233 - return (u64)atomic64_read(&(counter)->bytes);
137234 + return (u64)atomic64_read_unchecked(&(counter)->bytes);
137235 }
137236
137237 static inline u64
137238 ip_set_get_packets(const struct ip_set_counter *counter)
137239 {
137240 - return (u64)atomic64_read(&(counter)->packets);
137241 + return (u64)atomic64_read_unchecked(&(counter)->packets);
137242 }
137243
137244 static inline void
137245 @@ -387,9 +387,9 @@ ip_set_init_counter(struct ip_set_counter *counter,
137246 const struct ip_set_ext *ext)
137247 {
137248 if (ext->bytes != ULLONG_MAX)
137249 - atomic64_set(&(counter)->bytes, (long long)(ext->bytes));
137250 + atomic64_set_unchecked(&(counter)->bytes, (long long)(ext->bytes));
137251 if (ext->packets != ULLONG_MAX)
137252 - atomic64_set(&(counter)->packets, (long long)(ext->packets));
137253 + atomic64_set_unchecked(&(counter)->packets, (long long)(ext->packets));
137254 }
137255
137256 /* Netlink CB args */
137257 diff --git a/include/linux/netfilter/ipset/ip_set_comment.h b/include/linux/netfilter/ipset/ip_set_comment.h
137258 index 8d02485..a1e1aa5 100644
137259 --- a/include/linux/netfilter/ipset/ip_set_comment.h
137260 +++ b/include/linux/netfilter/ipset/ip_set_comment.h
137261 @@ -58,8 +58,9 @@ ip_set_put_comment(struct sk_buff *skb, struct ip_set_comment *comment)
137262 * of the set data anymore.
137263 */
137264 static inline void
137265 -ip_set_comment_free(struct ip_set_comment *comment)
137266 +ip_set_comment_free(void *_comment)
137267 {
137268 + struct ip_set_comment *comment = _comment;
137269 struct ip_set_comment_rcu *c;
137270
137271 c = rcu_dereference_protected(comment->c, 1);
137272 diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
137273 index 1d82dd5..d6b384c 100644
137274 --- a/include/linux/netfilter/nfnetlink.h
137275 +++ b/include/linux/netfilter/nfnetlink.h
137276 @@ -19,7 +19,7 @@ struct nfnl_callback {
137277 const struct nlattr * const cda[]);
137278 const struct nla_policy *policy; /* netlink attribute policy */
137279 const u_int16_t attr_count; /* number of nlattr's */
137280 -};
137281 +} __do_const;
137282
137283 struct nfnetlink_subsystem {
137284 const char *name;
137285 diff --git a/include/linux/netfilter/xt_gradm.h b/include/linux/netfilter/xt_gradm.h
137286 new file mode 100644
137287 index 0000000..33f4af8
137288 --- /dev/null
137289 +++ b/include/linux/netfilter/xt_gradm.h
137290 @@ -0,0 +1,9 @@
137291 +#ifndef _LINUX_NETFILTER_XT_GRADM_H
137292 +#define _LINUX_NETFILTER_XT_GRADM_H 1
137293 +
137294 +struct xt_gradm_mtinfo {
137295 + __u16 flags;
137296 + __u16 invflags;
137297 +};
137298 +
137299 +#endif
137300 diff --git a/include/linux/netlink.h b/include/linux/netlink.h
137301 index da14ab6..874abff 100644
137302 --- a/include/linux/netlink.h
137303 +++ b/include/linux/netlink.h
137304 @@ -150,19 +150,19 @@ struct netlink_dump_control {
137305 void *data;
137306 struct module *module;
137307 u16 min_dump_alloc;
137308 -};
137309 +} __do_const;
137310 +typedef struct netlink_dump_control __no_const netlink_dump_control_no_const;
137311
137312 extern int __netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
137313 const struct nlmsghdr *nlh,
137314 - struct netlink_dump_control *control);
137315 + struct netlink_dump_control *control,
137316 + void *data,
137317 + struct module *module);
137318 static inline int netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
137319 const struct nlmsghdr *nlh,
137320 struct netlink_dump_control *control)
137321 {
137322 - if (!control->module)
137323 - control->module = THIS_MODULE;
137324 -
137325 - return __netlink_dump_start(ssk, skb, nlh, control);
137326 + return __netlink_dump_start(ssk, skb, nlh, control, control->data, control->module ? : THIS_MODULE);
137327 }
137328
137329 struct netlink_tap {
137330 diff --git a/include/linux/nls.h b/include/linux/nls.h
137331 index 520681b..2b7fabb 100644
137332 --- a/include/linux/nls.h
137333 +++ b/include/linux/nls.h
137334 @@ -31,7 +31,7 @@ struct nls_table {
137335 const unsigned char *charset2upper;
137336 struct module *owner;
137337 struct nls_table *next;
137338 -};
137339 +} __do_const;
137340
137341 /* this value hold the maximum octet of charset */
137342 #define NLS_MAX_CHARSET_SIZE 6 /* for UTF-8 */
137343 @@ -46,7 +46,7 @@ enum utf16_endian {
137344 /* nls_base.c */
137345 extern int __register_nls(struct nls_table *, struct module *);
137346 extern int unregister_nls(struct nls_table *);
137347 -extern struct nls_table *load_nls(char *);
137348 +extern struct nls_table *load_nls(const char *);
137349 extern void unload_nls(struct nls_table *);
137350 extern struct nls_table *load_nls_default(void);
137351 #define register_nls(nls) __register_nls((nls), THIS_MODULE)
137352 diff --git a/include/linux/notifier.h b/include/linux/notifier.h
137353 index 4149868..0971cea 100644
137354 --- a/include/linux/notifier.h
137355 +++ b/include/linux/notifier.h
137356 @@ -56,7 +56,8 @@ struct notifier_block {
137357 notifier_fn_t notifier_call;
137358 struct notifier_block __rcu *next;
137359 int priority;
137360 -};
137361 +} __do_const;
137362 +typedef struct notifier_block __no_const notifier_block_no_const;
137363
137364 struct atomic_notifier_head {
137365 spinlock_t lock;
137366 diff --git a/include/linux/oprofile.h b/include/linux/oprofile.h
137367 index b2a0f15..4d7da32 100644
137368 --- a/include/linux/oprofile.h
137369 +++ b/include/linux/oprofile.h
137370 @@ -138,9 +138,9 @@ int oprofilefs_create_ulong(struct dentry * root,
137371 int oprofilefs_create_ro_ulong(struct dentry * root,
137372 char const * name, ulong * val);
137373
137374 -/** Create a file for read-only access to an atomic_t. */
137375 +/** Create a file for read-only access to an atomic_unchecked_t. */
137376 int oprofilefs_create_ro_atomic(struct dentry * root,
137377 - char const * name, atomic_t * val);
137378 + char const * name, atomic_unchecked_t * val);
137379
137380 /** create a directory */
137381 struct dentry *oprofilefs_mkdir(struct dentry *parent, char const *name);
137382 diff --git a/include/linux/padata.h b/include/linux/padata.h
137383 index 113ee62..70198a7 100644
137384 --- a/include/linux/padata.h
137385 +++ b/include/linux/padata.h
137386 @@ -129,7 +129,7 @@ struct parallel_data {
137387 struct padata_serial_queue __percpu *squeue;
137388 atomic_t reorder_objects;
137389 atomic_t refcnt;
137390 - atomic_t seq_nr;
137391 + atomic_unchecked_t seq_nr;
137392 struct padata_cpumask cpumask;
137393 spinlock_t lock ____cacheline_aligned;
137394 unsigned int processed;
137395 diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h
137396 index 01e8443..3a4d158 100644
137397 --- a/include/linux/pagemap.h
137398 +++ b/include/linux/pagemap.h
137399 @@ -215,7 +215,7 @@ static inline gfp_t readahead_gfp_mask(struct address_space *x)
137400 __GFP_COLD | __GFP_NORETRY | __GFP_NOWARN;
137401 }
137402
137403 -typedef int filler_t(void *, struct page *);
137404 +typedef int filler_t(struct file *, struct page *);
137405
137406 pgoff_t page_cache_next_hole(struct address_space *mapping,
137407 pgoff_t index, unsigned long max_scan);
137408 @@ -359,7 +359,7 @@ extern int read_cache_pages(struct address_space *mapping,
137409 static inline struct page *read_mapping_page(struct address_space *mapping,
137410 pgoff_t index, void *data)
137411 {
137412 - filler_t *filler = (filler_t *)mapping->a_ops->readpage;
137413 + filler_t *filler = mapping->a_ops->readpage;
137414 return read_cache_page(mapping, index, filler, data);
137415 }
137416
137417 diff --git a/include/linux/path.h b/include/linux/path.h
137418 index d137218..be0c176 100644
137419 --- a/include/linux/path.h
137420 +++ b/include/linux/path.h
137421 @@ -1,13 +1,15 @@
137422 #ifndef _LINUX_PATH_H
137423 #define _LINUX_PATH_H
137424
137425 +#include <linux/compiler.h>
137426 +
137427 struct dentry;
137428 struct vfsmount;
137429
137430 struct path {
137431 struct vfsmount *mnt;
137432 struct dentry *dentry;
137433 -};
137434 +} __randomize_layout;
137435
137436 extern void path_get(const struct path *);
137437 extern void path_put(const struct path *);
137438 diff --git a/include/linux/pci_hotplug.h b/include/linux/pci_hotplug.h
137439 index 8c78950..0d74ed9 100644
137440 --- a/include/linux/pci_hotplug.h
137441 +++ b/include/linux/pci_hotplug.h
137442 @@ -71,7 +71,8 @@ struct hotplug_slot_ops {
137443 int (*get_latch_status) (struct hotplug_slot *slot, u8 *value);
137444 int (*get_adapter_status) (struct hotplug_slot *slot, u8 *value);
137445 int (*reset_slot) (struct hotplug_slot *slot, int probe);
137446 -};
137447 +} __do_const;
137448 +typedef struct hotplug_slot_ops __no_const hotplug_slot_ops_no_const;
137449
137450 /**
137451 * struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot
137452 diff --git a/include/linux/percpu.h b/include/linux/percpu.h
137453 index 56939d3..7fb18e3 100644
137454 --- a/include/linux/percpu.h
137455 +++ b/include/linux/percpu.h
137456 @@ -28,7 +28,7 @@
137457 * preallocate for this. Keep PERCPU_DYNAMIC_RESERVE equal to or
137458 * larger than PERCPU_DYNAMIC_EARLY_SIZE.
137459 */
137460 -#define PERCPU_DYNAMIC_EARLY_SLOTS 128
137461 +#define PERCPU_DYNAMIC_EARLY_SLOTS 256
137462 #define PERCPU_DYNAMIC_EARLY_SIZE (12 << 10)
137463
137464 /*
137465 diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
137466 index 2b6b43c..7021115 100644
137467 --- a/include/linux/perf_event.h
137468 +++ b/include/linux/perf_event.h
137469 @@ -575,8 +575,8 @@ struct perf_event {
137470
137471 enum perf_event_active_state state;
137472 unsigned int attach_state;
137473 - local64_t count;
137474 - atomic64_t child_count;
137475 + local64_t count; /* PaX: fix it one day */
137476 + atomic64_unchecked_t child_count;
137477
137478 /*
137479 * These are the total time in nanoseconds that the event
137480 @@ -627,8 +627,8 @@ struct perf_event {
137481 * These accumulate total time (in nanoseconds) that children
137482 * events have been enabled and running, respectively.
137483 */
137484 - atomic64_t child_total_time_enabled;
137485 - atomic64_t child_total_time_running;
137486 + atomic64_unchecked_t child_total_time_enabled;
137487 + atomic64_unchecked_t child_total_time_running;
137488
137489 /*
137490 * Protect attach/detach and child_list:
137491 @@ -1077,7 +1077,7 @@ static inline void perf_event_task_sched_out(struct task_struct *prev,
137492
137493 static inline u64 __perf_event_count(struct perf_event *event)
137494 {
137495 - return local64_read(&event->count) + atomic64_read(&event->child_count);
137496 + return local64_read(&event->count) + atomic64_read_unchecked(&event->child_count);
137497 }
137498
137499 extern void perf_event_mmap(struct vm_area_struct *vma);
137500 @@ -1128,7 +1128,7 @@ static inline int perf_callchain_store(struct perf_callchain_entry_ctx *ctx, u64
137501 }
137502 }
137503
137504 -extern int sysctl_perf_event_paranoid;
137505 +extern int sysctl_perf_event_legitimately_concerned;
137506 extern int sysctl_perf_event_mlock;
137507 extern int sysctl_perf_event_sample_rate;
137508 extern int sysctl_perf_cpu_time_max_percent;
137509 @@ -1145,19 +1145,24 @@ extern int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write,
137510 int perf_event_max_stack_handler(struct ctl_table *table, int write,
137511 void __user *buffer, size_t *lenp, loff_t *ppos);
137512
137513 +static inline bool perf_paranoid_any(void)
137514 +{
137515 + return sysctl_perf_event_legitimately_concerned > 2;
137516 +}
137517 +
137518 static inline bool perf_paranoid_tracepoint_raw(void)
137519 {
137520 - return sysctl_perf_event_paranoid > -1;
137521 + return sysctl_perf_event_legitimately_concerned > -1;
137522 }
137523
137524 static inline bool perf_paranoid_cpu(void)
137525 {
137526 - return sysctl_perf_event_paranoid > 0;
137527 + return sysctl_perf_event_legitimately_concerned > 0;
137528 }
137529
137530 static inline bool perf_paranoid_kernel(void)
137531 {
137532 - return sysctl_perf_event_paranoid > 1;
137533 + return sysctl_perf_event_legitimately_concerned > 1;
137534 }
137535
137536 extern void perf_event_init(void);
137537 @@ -1317,7 +1322,7 @@ struct perf_pmu_events_attr {
137538 struct device_attribute attr;
137539 u64 id;
137540 const char *event_str;
137541 -};
137542 +} __do_const;
137543
137544 struct perf_pmu_events_ht_attr {
137545 struct device_attribute attr;
137546 diff --git a/include/linux/pid.h b/include/linux/pid.h
137547 index 23705a5..af2bfb4 100644
137548 --- a/include/linux/pid.h
137549 +++ b/include/linux/pid.h
137550 @@ -169,8 +169,8 @@ static inline pid_t pid_nr(struct pid *pid)
137551 return nr;
137552 }
137553
137554 -pid_t pid_nr_ns(struct pid *pid, struct pid_namespace *ns);
137555 -pid_t pid_vnr(struct pid *pid);
137556 +pid_t pid_nr_ns(const struct pid *pid, const struct pid_namespace *ns);
137557 +pid_t pid_vnr(const struct pid *pid);
137558
137559 #define do_each_pid_task(pid, type, task) \
137560 do { \
137561 diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h
137562 index 918b117..7af374b7 100644
137563 --- a/include/linux/pid_namespace.h
137564 +++ b/include/linux/pid_namespace.h
137565 @@ -45,7 +45,7 @@ struct pid_namespace {
137566 int hide_pid;
137567 int reboot; /* group exit code if this pidns was rebooted */
137568 struct ns_common ns;
137569 -};
137570 +} __randomize_layout;
137571
137572 extern struct pid_namespace init_pid_ns;
137573
137574 diff --git a/include/linux/pipe_fs_i.h b/include/linux/pipe_fs_i.h
137575 index 24f5470..deb6089 100644
137576 --- a/include/linux/pipe_fs_i.h
137577 +++ b/include/linux/pipe_fs_i.h
137578 @@ -48,10 +48,10 @@ struct pipe_inode_info {
137579 struct mutex mutex;
137580 wait_queue_head_t wait;
137581 unsigned int nrbufs, curbuf, buffers;
137582 - unsigned int readers;
137583 - unsigned int writers;
137584 - unsigned int files;
137585 - unsigned int waiting_writers;
137586 + atomic_t readers;
137587 + atomic_t writers;
137588 + atomic_t files;
137589 + atomic_t waiting_writers;
137590 unsigned int r_counter;
137591 unsigned int w_counter;
137592 struct page *tmp_page;
137593 diff --git a/include/linux/pm.h b/include/linux/pm.h
137594 index 06eb353..dbf4a34 100644
137595 --- a/include/linux/pm.h
137596 +++ b/include/linux/pm.h
137597 @@ -631,6 +631,7 @@ struct dev_pm_domain {
137598 void (*sync)(struct device *dev);
137599 void (*dismiss)(struct device *dev);
137600 };
137601 +typedef struct dev_pm_domain __no_const dev_pm_domain_no_const;
137602
137603 /*
137604 * The PM_EVENT_ messages are also used by drivers implementing the legacy
137605 diff --git a/include/linux/pm_domain.h b/include/linux/pm_domain.h
137606 index 31fec85..97f3906 100644
137607 --- a/include/linux/pm_domain.h
137608 +++ b/include/linux/pm_domain.h
137609 @@ -35,7 +35,7 @@ struct gpd_dev_ops {
137610 int (*start)(struct device *dev);
137611 int (*stop)(struct device *dev);
137612 bool (*active_wakeup)(struct device *dev);
137613 -};
137614 +} __no_const;
137615
137616 struct genpd_power_state {
137617 s64 power_off_latency_ns;
137618 diff --git a/include/linux/pm_runtime.h b/include/linux/pm_runtime.h
137619 index 2e14d26..aed7c63 100644
137620 --- a/include/linux/pm_runtime.h
137621 +++ b/include/linux/pm_runtime.h
137622 @@ -116,7 +116,7 @@ static inline bool pm_runtime_callbacks_present(struct device *dev)
137623
137624 static inline void pm_runtime_mark_last_busy(struct device *dev)
137625 {
137626 - ACCESS_ONCE(dev->power.last_busy) = jiffies;
137627 + ACCESS_ONCE_RW(dev->power.last_busy) = jiffies;
137628 }
137629
137630 static inline bool pm_runtime_is_irq_safe(struct device *dev)
137631 diff --git a/include/linux/pnp.h b/include/linux/pnp.h
137632 index 2588ca6..b705409 100644
137633 --- a/include/linux/pnp.h
137634 +++ b/include/linux/pnp.h
137635 @@ -298,7 +298,7 @@ static inline void pnp_set_drvdata(struct pnp_dev *pdev, void *data)
137636 struct pnp_fixup {
137637 char id[7];
137638 void (*quirk_function) (struct pnp_dev * dev); /* fixup function */
137639 -};
137640 +} __do_const;
137641
137642 /* config parameters */
137643 #define PNP_CONFIG_NORMAL 0x0001
137644 diff --git a/include/linux/poison.h b/include/linux/poison.h
137645 index 51334ed..7fda393 100644
137646 --- a/include/linux/poison.h
137647 +++ b/include/linux/poison.h
137648 @@ -19,8 +19,8 @@
137649 * under normal circumstances, used to verify that nobody uses
137650 * non-initialized list entries.
137651 */
137652 -#define LIST_POISON1 ((void *) 0x100 + POISON_POINTER_DELTA)
137653 -#define LIST_POISON2 ((void *) 0x200 + POISON_POINTER_DELTA)
137654 +#define LIST_POISON1 ((void *) (long)0xFFFFFF02)
137655 +#define LIST_POISON2 ((void *) (long)0xFFFFFF04)
137656
137657 /********** include/linux/timer.h **********/
137658 /*
137659 diff --git a/include/linux/power/smartreflex.h b/include/linux/power/smartreflex.h
137660 index d8b187c3..9a9257a 100644
137661 --- a/include/linux/power/smartreflex.h
137662 +++ b/include/linux/power/smartreflex.h
137663 @@ -238,7 +238,7 @@ struct omap_sr_class_data {
137664 int (*notify)(struct omap_sr *sr, u32 status);
137665 u8 notify_flags;
137666 u8 class_type;
137667 -};
137668 +} __do_const;
137669
137670 /**
137671 * struct omap_sr_nvalue_table - Smartreflex n-target value info
137672 diff --git a/include/linux/ppp-comp.h b/include/linux/ppp-comp.h
137673 index 4ea1d37..80f4b33 100644
137674 --- a/include/linux/ppp-comp.h
137675 +++ b/include/linux/ppp-comp.h
137676 @@ -84,7 +84,7 @@ struct compressor {
137677 struct module *owner;
137678 /* Extra skb space needed by the compressor algorithm */
137679 unsigned int comp_extra;
137680 -};
137681 +} __do_const;
137682
137683 /*
137684 * The return value from decompress routine is the length of the
137685 diff --git a/include/linux/preempt.h b/include/linux/preempt.h
137686 index 75e4e30..fcfde15 100644
137687 --- a/include/linux/preempt.h
137688 +++ b/include/linux/preempt.h
137689 @@ -134,11 +134,16 @@ extern void preempt_count_sub(int val);
137690 #define preempt_count_dec_and_test() __preempt_count_dec_and_test()
137691 #endif
137692
137693 +#define raw_preempt_count_add(val) __preempt_count_add(val)
137694 +#define raw_preempt_count_sub(val) __preempt_count_sub(val)
137695 +
137696 #define __preempt_count_inc() __preempt_count_add(1)
137697 #define __preempt_count_dec() __preempt_count_sub(1)
137698
137699 #define preempt_count_inc() preempt_count_add(1)
137700 +#define raw_preempt_count_inc() raw_preempt_count_add(1)
137701 #define preempt_count_dec() preempt_count_sub(1)
137702 +#define raw_preempt_count_dec() raw_preempt_count_sub(1)
137703
137704 #ifdef CONFIG_PREEMPT_COUNT
137705
137706 @@ -148,6 +153,12 @@ do { \
137707 barrier(); \
137708 } while (0)
137709
137710 +#define raw_preempt_disable() \
137711 +do { \
137712 + raw_preempt_count_inc(); \
137713 + barrier(); \
137714 +} while (0)
137715 +
137716 #define sched_preempt_enable_no_resched() \
137717 do { \
137718 barrier(); \
137719 @@ -156,6 +167,12 @@ do { \
137720
137721 #define preempt_enable_no_resched() sched_preempt_enable_no_resched()
137722
137723 +#define raw_preempt_enable_no_resched() \
137724 +do { \
137725 + barrier(); \
137726 + raw_preempt_count_dec(); \
137727 +} while (0)
137728 +
137729 #define preemptible() (preempt_count() == 0 && !irqs_disabled())
137730
137731 #ifdef CONFIG_PREEMPT
137732 @@ -216,8 +233,10 @@ do { \
137733 * region.
137734 */
137735 #define preempt_disable() barrier()
137736 +#define raw_preempt_disable() barrier()
137737 #define sched_preempt_enable_no_resched() barrier()
137738 #define preempt_enable_no_resched() barrier()
137739 +#define raw_preempt_enable_no_resched() barrier()
137740 #define preempt_enable() barrier()
137741 #define preempt_check_resched() do { } while (0)
137742
137743 @@ -232,11 +251,13 @@ do { \
137744 /*
137745 * Modules have no business playing preemption tricks.
137746 */
137747 +#ifndef CONFIG_PAX_KERNEXEC
137748 #undef sched_preempt_enable_no_resched
137749 #undef preempt_enable_no_resched
137750 #undef preempt_enable_no_resched_notrace
137751 #undef preempt_check_resched
137752 #endif
137753 +#endif
137754
137755 #define preempt_set_need_resched() \
137756 do { \
137757 diff --git a/include/linux/printk.h b/include/linux/printk.h
137758 index 696a56b..c7cff38 100644
137759 --- a/include/linux/printk.h
137760 +++ b/include/linux/printk.h
137761 @@ -43,7 +43,7 @@ static inline const char *printk_skip_level(const char *buffer)
137762 #define CONSOLE_LOGLEVEL_DEBUG 10 /* issue debug messages */
137763 #define CONSOLE_LOGLEVEL_MOTORMOUTH 15 /* You can't shut this one up */
137764
137765 -extern int console_printk[];
137766 +extern int console_printk[4];
137767
137768 #define console_loglevel (console_printk[0])
137769 #define default_message_loglevel (console_printk[1])
137770 @@ -144,6 +144,8 @@ static inline void printk_nmi_flush(void) { }
137771 static inline void printk_nmi_flush_on_panic(void) { }
137772 #endif /* PRINTK_NMI */
137773
137774 +extern int kptr_restrict;
137775 +
137776 #ifdef CONFIG_PRINTK
137777 asmlinkage __printf(5, 0)
137778 int vprintk_emit(int facility, int level,
137779 @@ -171,14 +173,13 @@ __printf(1, 2) __cold int printk_deferred(const char *fmt, ...);
137780 * with all other unrelated printk_ratelimit() callsites. Instead use
137781 * printk_ratelimited() or plain old __ratelimit().
137782 */
137783 -extern int __printk_ratelimit(const char *func);
137784 +extern int __printk_ratelimit(const char *func) __nocapture(1);
137785 #define printk_ratelimit() __printk_ratelimit(__func__)
137786 extern bool printk_timed_ratelimit(unsigned long *caller_jiffies,
137787 unsigned int interval_msec);
137788
137789 extern int printk_delay_msec;
137790 extern int dmesg_restrict;
137791 -extern int kptr_restrict;
137792
137793 extern int
137794 devkmsg_sysctl_set_loglvl(struct ctl_table *table, int write, void __user *buf,
137795 diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
137796 index b97bf2e..f14c92d4 100644
137797 --- a/include/linux/proc_fs.h
137798 +++ b/include/linux/proc_fs.h
137799 @@ -17,8 +17,11 @@ extern void proc_flush_task(struct task_struct *);
137800 extern struct proc_dir_entry *proc_symlink(const char *,
137801 struct proc_dir_entry *, const char *);
137802 extern struct proc_dir_entry *proc_mkdir(const char *, struct proc_dir_entry *);
137803 +extern struct proc_dir_entry *proc_mkdir_restrict(const char *, struct proc_dir_entry *);
137804 extern struct proc_dir_entry *proc_mkdir_data(const char *, umode_t,
137805 struct proc_dir_entry *, void *);
137806 +extern struct proc_dir_entry *proc_mkdir_data_restrict(const char *, umode_t,
137807 + struct proc_dir_entry *, void *);
137808 extern struct proc_dir_entry *proc_mkdir_mode(const char *, umode_t,
137809 struct proc_dir_entry *);
137810
137811 @@ -34,6 +37,19 @@ static inline struct proc_dir_entry *proc_create(
137812 return proc_create_data(name, mode, parent, proc_fops, NULL);
137813 }
137814
137815 +static inline struct proc_dir_entry *proc_create_grsec(const char *name, umode_t mode,
137816 + struct proc_dir_entry *parent, const struct file_operations *proc_fops)
137817 +{
137818 +#ifdef CONFIG_GRKERNSEC_PROC_USER
137819 + return proc_create_data(name, S_IRUSR, parent, proc_fops, NULL);
137820 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
137821 + return proc_create_data(name, S_IRUSR | S_IRGRP, parent, proc_fops, NULL);
137822 +#else
137823 + return proc_create_data(name, mode, parent, proc_fops, NULL);
137824 +#endif
137825 +}
137826 +
137827 +
137828 extern void proc_set_size(struct proc_dir_entry *, loff_t);
137829 extern void proc_set_user(struct proc_dir_entry *, kuid_t, kgid_t);
137830 extern void *PDE_DATA(const struct inode *);
137831 @@ -56,8 +72,12 @@ static inline struct proc_dir_entry *proc_symlink(const char *name,
137832 struct proc_dir_entry *parent,const char *dest) { return NULL;}
137833 static inline struct proc_dir_entry *proc_mkdir(const char *name,
137834 struct proc_dir_entry *parent) {return NULL;}
137835 +static inline struct proc_dir_entry *proc_mkdir_restrict(const char *name,
137836 + struct proc_dir_entry *parent) { return NULL; }
137837 static inline struct proc_dir_entry *proc_mkdir_data(const char *name,
137838 umode_t mode, struct proc_dir_entry *parent, void *data) { return NULL; }
137839 +static inline struct proc_dir_entry *proc_mkdir_data_restrict(const char *name,
137840 + umode_t mode, struct proc_dir_entry *parent, void *data) { return NULL; }
137841 static inline struct proc_dir_entry *proc_mkdir_mode(const char *name,
137842 umode_t mode, struct proc_dir_entry *parent) { return NULL; }
137843 #define proc_create(name, mode, parent, proc_fops) ({NULL;})
137844 @@ -79,7 +99,7 @@ struct net;
137845 static inline struct proc_dir_entry *proc_net_mkdir(
137846 struct net *net, const char *name, struct proc_dir_entry *parent)
137847 {
137848 - return proc_mkdir_data(name, 0, parent, net);
137849 + return proc_mkdir_data_restrict(name, 0, parent, net);
137850 }
137851
137852 #endif /* _LINUX_PROC_FS_H */
137853 diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h
137854 index de0e771..9e746e9 100644
137855 --- a/include/linux/proc_ns.h
137856 +++ b/include/linux/proc_ns.h
137857 @@ -18,7 +18,7 @@ struct proc_ns_operations {
137858 struct ns_common *(*get)(struct task_struct *task);
137859 void (*put)(struct ns_common *ns);
137860 int (*install)(struct nsproxy *nsproxy, struct ns_common *ns);
137861 -};
137862 +} __do_const __randomize_layout;
137863
137864 extern const struct proc_ns_operations netns_operations;
137865 extern const struct proc_ns_operations utsns_operations;
137866 diff --git a/include/linux/psci.h b/include/linux/psci.h
137867 index bdea1cb..a094b75 100644
137868 --- a/include/linux/psci.h
137869 +++ b/include/linux/psci.h
137870 @@ -33,7 +33,7 @@ struct psci_operations {
137871 int (*affinity_info)(unsigned long target_affinity,
137872 unsigned long lowest_affinity_level);
137873 int (*migrate_info_type)(void);
137874 -};
137875 +} __no_const;
137876
137877 extern struct psci_operations psci_ops;
137878
137879 diff --git a/include/linux/quota.h b/include/linux/quota.h
137880 index 55107a8..eb06178 100644
137881 --- a/include/linux/quota.h
137882 +++ b/include/linux/quota.h
137883 @@ -76,7 +76,7 @@ struct kqid { /* Type in which we store the quota identifier */
137884
137885 extern bool qid_eq(struct kqid left, struct kqid right);
137886 extern bool qid_lt(struct kqid left, struct kqid right);
137887 -extern qid_t from_kqid(struct user_namespace *to, struct kqid qid);
137888 +extern qid_t from_kqid(struct user_namespace *to, struct kqid qid) __intentional_overflow(-1);
137889 extern qid_t from_kqid_munged(struct user_namespace *to, struct kqid qid);
137890 extern bool qid_valid(struct kqid qid);
137891
137892 diff --git a/include/linux/random.h b/include/linux/random.h
137893 index 3d6e981..4925f17 100644
137894 --- a/include/linux/random.h
137895 +++ b/include/linux/random.h
137896 @@ -18,9 +18,19 @@ struct random_ready_callback {
137897 };
137898
137899 extern void add_device_randomness(const void *, unsigned int);
137900 +
137901 +#if defined(LATENT_ENTROPY_PLUGIN) && !defined(__CHECKER__)
137902 +static inline void add_latent_entropy(void)
137903 +{
137904 + add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy));
137905 +}
137906 +#else
137907 +static inline void add_latent_entropy(void) {}
137908 +#endif
137909 +
137910 extern void add_input_randomness(unsigned int type, unsigned int code,
137911 - unsigned int value);
137912 -extern void add_interrupt_randomness(int irq, int irq_flags);
137913 + unsigned int value) __latent_entropy;
137914 +extern void add_interrupt_randomness(int irq, int irq_flags) __latent_entropy;
137915
137916 extern void get_random_bytes(void *buf, int nbytes);
137917 extern int add_random_ready_callback(struct random_ready_callback *rdy);
137918 @@ -52,6 +62,11 @@ void prandom_seed_full_state(struct rnd_state __percpu *pcpu_state);
137919 #define prandom_init_once(pcpu_state) \
137920 DO_ONCE(prandom_seed_full_state, (pcpu_state))
137921
137922 +static inline unsigned long __intentional_overflow(-1) pax_get_random_long(void)
137923 +{
137924 + return prandom_u32() + (sizeof(long) > 4 ? (unsigned long)prandom_u32() << 32 : 0);
137925 +}
137926 +
137927 /**
137928 * prandom_u32_max - returns a pseudo-random number in interval [0, ep_ro)
137929 * @ep_ro: right open interval endpoint
137930 @@ -64,7 +79,7 @@ void prandom_seed_full_state(struct rnd_state __percpu *pcpu_state);
137931 *
137932 * Returns: pseudo-random number in interval [0, ep_ro)
137933 */
137934 -static inline u32 prandom_u32_max(u32 ep_ro)
137935 +static inline u32 __intentional_overflow(-1) prandom_u32_max(u32 ep_ro)
137936 {
137937 return (u32)(((u64) prandom_u32() * ep_ro) >> 32);
137938 }
137939 diff --git a/include/linux/ratelimit.h b/include/linux/ratelimit.h
137940 index 57c9e06..fe14126 100644
137941 --- a/include/linux/ratelimit.h
137942 +++ b/include/linux/ratelimit.h
137943 @@ -72,7 +72,8 @@ ratelimit_set_flags(struct ratelimit_state *rs, unsigned long flags)
137944
137945 extern struct ratelimit_state printk_ratelimit_state;
137946
137947 -extern int ___ratelimit(struct ratelimit_state *rs, const char *func);
137948 +extern __nocapture(2)
137949 +int ___ratelimit(struct ratelimit_state *rs, const char *func);
137950 #define __ratelimit(state) ___ratelimit(state, __func__)
137951
137952 #ifdef CONFIG_PRINTK
137953 diff --git a/include/linux/rbtree_augmented.h b/include/linux/rbtree_augmented.h
137954 index d076183..9702b6e 100644
137955 --- a/include/linux/rbtree_augmented.h
137956 +++ b/include/linux/rbtree_augmented.h
137957 @@ -90,7 +90,9 @@ rbname ## _rotate(struct rb_node *rb_old, struct rb_node *rb_new) \
137958 old->rbaugmented = rbcompute(old); \
137959 } \
137960 rbstatic const struct rb_augment_callbacks rbname = { \
137961 - rbname ## _propagate, rbname ## _copy, rbname ## _rotate \
137962 + .propagate = rbname ## _propagate, \
137963 + .copy = rbname ## _copy, \
137964 + .rotate = rbname ## _rotate \
137965 };
137966
137967
137968 diff --git a/include/linux/rculist.h b/include/linux/rculist.h
137969 index 8beb98d..c515d45 100644
137970 --- a/include/linux/rculist.h
137971 +++ b/include/linux/rculist.h
137972 @@ -59,6 +59,9 @@ void __list_add_rcu(struct list_head *new,
137973 struct list_head *prev, struct list_head *next);
137974 #endif
137975
137976 +void __pax_list_add_rcu(struct list_head *new,
137977 + struct list_head *prev, struct list_head *next);
137978 +
137979 /**
137980 * list_add_rcu - add a new entry to rcu-protected list
137981 * @new: new entry to be added
137982 @@ -80,6 +83,11 @@ static inline void list_add_rcu(struct list_head *new, struct list_head *head)
137983 __list_add_rcu(new, head, head->next);
137984 }
137985
137986 +static inline void pax_list_add_rcu(struct list_head *new, struct list_head *head)
137987 +{
137988 + __pax_list_add_rcu(new, head, head->next);
137989 +}
137990 +
137991 /**
137992 * list_add_tail_rcu - add a new entry to rcu-protected list
137993 * @new: new entry to be added
137994 @@ -102,6 +110,12 @@ static inline void list_add_tail_rcu(struct list_head *new,
137995 __list_add_rcu(new, head->prev, head);
137996 }
137997
137998 +static inline void pax_list_add_tail_rcu(struct list_head *new,
137999 + struct list_head *head)
138000 +{
138001 + __pax_list_add_rcu(new, head->prev, head);
138002 +}
138003 +
138004 /**
138005 * list_del_rcu - deletes entry from list without re-initialization
138006 * @entry: the element to delete from the list.
138007 @@ -132,6 +146,8 @@ static inline void list_del_rcu(struct list_head *entry)
138008 entry->prev = LIST_POISON2;
138009 }
138010
138011 +extern void pax_list_del_rcu(struct list_head *entry);
138012 +
138013 /**
138014 * hlist_del_init_rcu - deletes entry from hash list with re-initialization
138015 * @n: the element to delete from the hash list.
138016 diff --git a/include/linux/rcupdate.h b/include/linux/rcupdate.h
138017 index 1aa62e1..8f67337 100644
138018 --- a/include/linux/rcupdate.h
138019 +++ b/include/linux/rcupdate.h
138020 @@ -863,6 +863,7 @@ static inline void rcu_preempt_sleep_check(void)
138021 * read-side critical sections may be preempted and they may also block, but
138022 * only when acquiring spinlocks that are subject to priority inheritance.
138023 */
138024 +static inline void rcu_read_lock(void) __acquires(RCU);
138025 static inline void rcu_read_lock(void)
138026 {
138027 __rcu_read_lock();
138028 @@ -917,6 +918,7 @@ static inline void rcu_read_lock(void)
138029 *
138030 * See rcu_read_lock() for more information.
138031 */
138032 +static inline void rcu_read_unlock(void) __releases(RCU);
138033 static inline void rcu_read_unlock(void)
138034 {
138035 RCU_LOCKDEP_WARN(!rcu_is_watching(),
138036 @@ -943,6 +945,7 @@ static inline void rcu_read_unlock(void)
138037 * rcu_read_unlock_bh() from one task if the matching rcu_read_lock_bh()
138038 * was invoked from some other task.
138039 */
138040 +static inline void rcu_read_lock_bh(void) __acquires(RCU_BH);
138041 static inline void rcu_read_lock_bh(void)
138042 {
138043 local_bh_disable();
138044 @@ -957,6 +960,7 @@ static inline void rcu_read_lock_bh(void)
138045 *
138046 * See rcu_read_lock_bh() for more information.
138047 */
138048 +static inline void rcu_read_unlock_bh(void) __releases(RCU_BH);
138049 static inline void rcu_read_unlock_bh(void)
138050 {
138051 RCU_LOCKDEP_WARN(!rcu_is_watching(),
138052 @@ -979,6 +983,7 @@ static inline void rcu_read_unlock_bh(void)
138053 * rcu_read_unlock_sched() from process context if the matching
138054 * rcu_read_lock_sched() was invoked from an NMI handler.
138055 */
138056 +static inline void rcu_read_lock_sched(void) __acquires(RCU_SCHED);
138057 static inline void rcu_read_lock_sched(void)
138058 {
138059 preempt_disable();
138060 @@ -989,6 +994,7 @@ static inline void rcu_read_lock_sched(void)
138061 }
138062
138063 /* Used by lockdep and tracing: cannot be traced, cannot call lockdep. */
138064 +static inline notrace void rcu_read_lock_sched_notrace(void) __acquires(RCU_SCHED);
138065 static inline notrace void rcu_read_lock_sched_notrace(void)
138066 {
138067 preempt_disable_notrace();
138068 @@ -1000,6 +1006,7 @@ static inline notrace void rcu_read_lock_sched_notrace(void)
138069 *
138070 * See rcu_read_lock_sched for more information.
138071 */
138072 +static inline void rcu_read_unlock_sched(void) __releases(RCU_SCHED);
138073 static inline void rcu_read_unlock_sched(void)
138074 {
138075 RCU_LOCKDEP_WARN(!rcu_is_watching(),
138076 @@ -1010,6 +1017,7 @@ static inline void rcu_read_unlock_sched(void)
138077 }
138078
138079 /* Used by lockdep and tracing: cannot be traced, cannot call lockdep. */
138080 +static inline notrace void rcu_read_unlock_sched_notrace(void) __releases(RCU_SCHED);
138081 static inline notrace void rcu_read_unlock_sched_notrace(void)
138082 {
138083 __release(RCU_SCHED);
138084 diff --git a/include/linux/reboot.h b/include/linux/reboot.h
138085 index a7ff409..03e2fa8 100644
138086 --- a/include/linux/reboot.h
138087 +++ b/include/linux/reboot.h
138088 @@ -47,9 +47,9 @@ extern void do_kernel_restart(char *cmd);
138089 */
138090
138091 extern void migrate_to_reboot_cpu(void);
138092 -extern void machine_restart(char *cmd);
138093 -extern void machine_halt(void);
138094 -extern void machine_power_off(void);
138095 +extern void machine_restart(char *cmd) __noreturn;
138096 +extern void machine_halt(void) __noreturn;
138097 +extern void machine_power_off(void) __noreturn;
138098
138099 extern void machine_shutdown(void);
138100 struct pt_regs;
138101 @@ -60,9 +60,9 @@ extern void machine_crash_shutdown(struct pt_regs *);
138102 */
138103
138104 extern void kernel_restart_prepare(char *cmd);
138105 -extern void kernel_restart(char *cmd);
138106 -extern void kernel_halt(void);
138107 -extern void kernel_power_off(void);
138108 +extern void kernel_restart(char *cmd) __noreturn;
138109 +extern void kernel_halt(void) __noreturn;
138110 +extern void kernel_power_off(void) __noreturn;
138111
138112 extern int C_A_D; /* for sysctl */
138113 void ctrl_alt_del(void);
138114 @@ -77,7 +77,7 @@ extern void orderly_reboot(void);
138115 * Emergency restart, callable from an interrupt handler.
138116 */
138117
138118 -extern void emergency_restart(void);
138119 +extern void emergency_restart(void) __noreturn;
138120 #include <asm/emergency-restart.h>
138121
138122 #endif /* _LINUX_REBOOT_H */
138123 diff --git a/include/linux/regset.h b/include/linux/regset.h
138124 index 8e0c9fe..ac4d221 100644
138125 --- a/include/linux/regset.h
138126 +++ b/include/linux/regset.h
138127 @@ -161,7 +161,8 @@ struct user_regset {
138128 unsigned int align;
138129 unsigned int bias;
138130 unsigned int core_note_type;
138131 -};
138132 +} __do_const;
138133 +typedef struct user_regset __no_const user_regset_no_const;
138134
138135 /**
138136 * struct user_regset_view - available regsets
138137 diff --git a/include/linux/relay.h b/include/linux/relay.h
138138 index d7c8359..818daf5 100644
138139 --- a/include/linux/relay.h
138140 +++ b/include/linux/relay.h
138141 @@ -157,7 +157,7 @@ struct rchan_callbacks
138142 * The callback should return 0 if successful, negative if not.
138143 */
138144 int (*remove_buf_file)(struct dentry *dentry);
138145 -};
138146 +} __no_const;
138147
138148 /*
138149 * CONFIG_RELAY kernel API, kernel/relay.c
138150 diff --git a/include/linux/rio.h b/include/linux/rio.h
138151 index 37b95c4..2457ca92 100644
138152 --- a/include/linux/rio.h
138153 +++ b/include/linux/rio.h
138154 @@ -429,7 +429,7 @@ struct rio_ops {
138155 int (*map_outb)(struct rio_mport *mport, u16 destid, u64 rstart,
138156 u32 size, u32 flags, dma_addr_t *laddr);
138157 void (*unmap_outb)(struct rio_mport *mport, u16 destid, u64 rstart);
138158 -};
138159 +} __no_const;
138160
138161 #define RIO_RESOURCE_MEM 0x00000100
138162 #define RIO_RESOURCE_DOORBELL 0x00000200
138163 diff --git a/include/linux/rmap.h b/include/linux/rmap.h
138164 index b46bb56..f5a4748 100644
138165 --- a/include/linux/rmap.h
138166 +++ b/include/linux/rmap.h
138167 @@ -139,8 +139,8 @@ static inline void anon_vma_unlock_read(struct anon_vma *anon_vma)
138168 void anon_vma_init(void); /* create anon_vma_cachep */
138169 int anon_vma_prepare(struct vm_area_struct *);
138170 void unlink_anon_vmas(struct vm_area_struct *);
138171 -int anon_vma_clone(struct vm_area_struct *, struct vm_area_struct *);
138172 -int anon_vma_fork(struct vm_area_struct *, struct vm_area_struct *);
138173 +int anon_vma_clone(struct vm_area_struct *, const struct vm_area_struct *);
138174 +int anon_vma_fork(struct vm_area_struct *, const struct vm_area_struct *);
138175
138176 static inline void anon_vma_merge(struct vm_area_struct *vma,
138177 struct vm_area_struct *next)
138178 diff --git a/include/linux/scatterlist.h b/include/linux/scatterlist.h
138179 index cb3c8fe..85365ba 100644
138180 --- a/include/linux/scatterlist.h
138181 +++ b/include/linux/scatterlist.h
138182 @@ -1,6 +1,7 @@
138183 #ifndef _LINUX_SCATTERLIST_H
138184 #define _LINUX_SCATTERLIST_H
138185
138186 +#include <linux/sched.h>
138187 #include <linux/string.h>
138188 #include <linux/types.h>
138189 #include <linux/bug.h>
138190 @@ -136,10 +137,17 @@ static inline struct page *sg_page(struct scatterlist *sg)
138191 static inline void sg_set_buf(struct scatterlist *sg, const void *buf,
138192 unsigned int buflen)
138193 {
138194 + const void *realbuf = buf;
138195 +
138196 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
138197 + if (object_starts_on_stack(buf))
138198 + realbuf = buf - current->stack + current->lowmem_stack;
138199 +#endif
138200 +
138201 #ifdef CONFIG_DEBUG_SG
138202 - BUG_ON(!virt_addr_valid(buf));
138203 + BUG_ON(!virt_addr_valid(realbuf));
138204 #endif
138205 - sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf));
138206 + sg_set_page(sg, virt_to_page(realbuf), buflen, offset_in_page(realbuf));
138207 }
138208
138209 /*
138210 diff --git a/include/linux/sched.h b/include/linux/sched.h
138211 index 62c68e5..7058558 100644
138212 --- a/include/linux/sched.h
138213 +++ b/include/linux/sched.h
138214 @@ -7,7 +7,7 @@
138215
138216
138217 struct sched_param {
138218 - int sched_priority;
138219 + unsigned int sched_priority;
138220 };
138221
138222 #include <asm/param.h> /* for HZ */
138223 @@ -134,6 +134,7 @@ struct perf_event_context;
138224 struct blk_plug;
138225 struct filename;
138226 struct nameidata;
138227 +struct linux_binprm;
138228
138229 #define VMACACHE_BITS 2
138230 #define VMACACHE_SIZE (1U << VMACACHE_BITS)
138231 @@ -452,6 +453,18 @@ struct nsproxy;
138232 struct user_namespace;
138233
138234 #ifdef CONFIG_MMU
138235 +
138236 +#ifdef CONFIG_GRKERNSEC_RAND_THREADSTACK
138237 +extern unsigned long gr_rand_threadstack_offset(const struct mm_struct *mm, const struct file *filp, unsigned long flags);
138238 +#else
138239 +static inline unsigned long gr_rand_threadstack_offset(const struct mm_struct *mm, const struct file *filp, unsigned long flags)
138240 +{
138241 + return 0;
138242 +}
138243 +#endif
138244 +
138245 +extern bool check_heap_stack_gap(const struct vm_area_struct *vma, unsigned long addr, unsigned long len, unsigned long offset);
138246 +
138247 extern void arch_pick_mmap_layout(struct mm_struct *mm);
138248 extern unsigned long
138249 arch_get_unmapped_area(struct file *, unsigned long, unsigned long,
138250 @@ -791,6 +804,17 @@ struct signal_struct {
138251 #ifdef CONFIG_TASKSTATS
138252 struct taskstats *stats;
138253 #endif
138254 +
138255 +#ifdef CONFIG_GRKERNSEC
138256 + u32 curr_ip;
138257 + u32 saved_ip;
138258 + u32 gr_saddr;
138259 + u32 gr_daddr;
138260 + u16 gr_sport;
138261 + u16 gr_dport;
138262 + u8 used_accept:1;
138263 +#endif
138264 +
138265 #ifdef CONFIG_AUDIT
138266 unsigned audit_tty;
138267 struct tty_audit_buf *tty_audit_buf;
138268 @@ -808,7 +832,7 @@ struct signal_struct {
138269 struct mutex cred_guard_mutex; /* guard against foreign influences on
138270 * credential calculations
138271 * (notably. ptrace) */
138272 -};
138273 +} __randomize_layout;
138274
138275 /*
138276 * Bits in flags field of signal_struct.
138277 @@ -863,6 +887,14 @@ struct user_struct {
138278 struct key *session_keyring; /* UID's default session keyring */
138279 #endif
138280
138281 +#ifdef CONFIG_GRKERNSEC_KERN_LOCKOUT
138282 + unsigned char kernel_banned;
138283 +#endif
138284 +#ifdef CONFIG_GRKERNSEC_BRUTE
138285 + unsigned char sugid_banned;
138286 + unsigned long sugid_ban_expires;
138287 +#endif
138288 +
138289 /* Hash table maintenance information */
138290 struct hlist_node uidhash_node;
138291 kuid_t uid;
138292 @@ -870,7 +902,7 @@ struct user_struct {
138293 #if defined(CONFIG_PERF_EVENTS) || defined(CONFIG_BPF_SYSCALL)
138294 atomic_long_t locked_vm;
138295 #endif
138296 -};
138297 +} __randomize_layout;
138298
138299 extern int uids_sysfs_init(void);
138300
138301 @@ -1460,6 +1492,9 @@ struct tlbflush_unmap_batch {
138302 struct task_struct {
138303 volatile long state; /* -1 unrunnable, 0 runnable, >0 stopped */
138304 void *stack;
138305 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
138306 + void *lowmem_stack;
138307 +#endif
138308 atomic_t usage;
138309 unsigned int flags; /* per process flags, defined below */
138310 unsigned int ptrace;
138311 @@ -1599,8 +1634,8 @@ struct task_struct {
138312 struct list_head thread_node;
138313
138314 struct completion *vfork_done; /* for vfork() */
138315 - int __user *set_child_tid; /* CLONE_CHILD_SETTID */
138316 - int __user *clear_child_tid; /* CLONE_CHILD_CLEARTID */
138317 + pid_t __user *set_child_tid; /* CLONE_CHILD_SETTID */
138318 + pid_t __user *clear_child_tid; /* CLONE_CHILD_CLEARTID */
138319
138320 cputime_t utime, stime, utimescaled, stimescaled;
138321 cputime_t gtime;
138322 @@ -1630,11 +1665,6 @@ struct task_struct {
138323 struct task_cputime cputime_expires;
138324 struct list_head cpu_timers[3];
138325
138326 -/* process credentials */
138327 - const struct cred __rcu *real_cred; /* objective and real subjective task
138328 - * credentials (COW) */
138329 - const struct cred __rcu *cred; /* effective (overridable) subjective task
138330 - * credentials (COW) */
138331 char comm[TASK_COMM_LEN]; /* executable name excluding path
138332 - access with [gs]et_task_comm (which lock
138333 it with task_lock())
138334 @@ -1650,6 +1680,8 @@ struct task_struct {
138335 /* hung task detection */
138336 unsigned long last_switch_count;
138337 #endif
138338 +/* CPU-specific state of this task */
138339 + struct thread_struct thread;
138340 /* filesystem information */
138341 struct fs_struct *fs;
138342 /* open file information */
138343 @@ -1660,8 +1692,11 @@ struct task_struct {
138344 struct signal_struct *signal;
138345 struct sighand_struct *sighand;
138346
138347 - sigset_t blocked, real_blocked;
138348 - sigset_t saved_sigmask; /* restored if set_restore_sigmask() was used */
138349 + sigset_t real_blocked;
138350 + struct {
138351 + sigset_t blocked;
138352 + sigset_t saved_sigmask; /* restored if set_restore_sigmask() was used */
138353 + };
138354 struct sigpending pending;
138355
138356 unsigned long sas_ss_sp;
138357 @@ -1728,6 +1763,10 @@ struct task_struct {
138358 unsigned int in_ubsan;
138359 #endif
138360
138361 +/* process credentials */
138362 + const struct cred __rcu *real_cred; /* objective and real subjective task
138363 + * credentials (COW) */
138364 +
138365 /* journalling filesystem info */
138366 void *journal_info;
138367
138368 @@ -1766,6 +1805,10 @@ struct task_struct {
138369 /* cg_list protected by css_set_lock and tsk->alloc_lock */
138370 struct list_head cg_list;
138371 #endif
138372 +
138373 + const struct cred __rcu *cred; /* effective (overridable) subjective task
138374 + * credentials (COW) */
138375 +
138376 #ifdef CONFIG_FUTEX
138377 struct robust_list_head __user *robust_list;
138378 #ifdef CONFIG_COMPAT
138379 @@ -1881,7 +1924,7 @@ struct task_struct {
138380 * Number of functions that haven't been traced
138381 * because of depth overrun.
138382 */
138383 - atomic_t trace_overrun;
138384 + atomic_unchecked_t trace_overrun;
138385 /* Pause for the tracing */
138386 atomic_t tracing_graph_pause;
138387 #endif
138388 @@ -1923,22 +1966,93 @@ struct task_struct {
138389 #ifdef CONFIG_MMU
138390 struct task_struct *oom_reaper_list;
138391 #endif
138392 -/* CPU-specific state of this task */
138393 - struct thread_struct thread;
138394 -/*
138395 - * WARNING: on x86, 'thread_struct' contains a variable-sized
138396 - * structure. It *MUST* be at the end of 'task_struct'.
138397 - *
138398 - * Do not put anything below here!
138399 - */
138400 -};
138401 +
138402 +#ifdef CONFIG_GRKERNSEC
138403 + /* grsecurity */
138404 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
138405 + u64 exec_id;
138406 +#endif
138407 +#ifdef CONFIG_GRKERNSEC_SETXID
138408 + const struct cred *delayed_cred;
138409 +#endif
138410 + struct dentry *gr_chroot_dentry;
138411 + struct acl_subject_label *acl;
138412 + struct acl_subject_label *tmpacl;
138413 + struct acl_role_label *role;
138414 + struct file *exec_file;
138415 + unsigned long brute_expires;
138416 + u16 acl_role_id;
138417 + u8 inherited;
138418 + /* is this the task that authenticated to the special role */
138419 + u8 acl_sp_role;
138420 + u8 is_writable;
138421 + u8 brute;
138422 + u8 gr_is_chrooted;
138423 +#endif
138424 +
138425 +/* thread_info moved to task_struct */
138426 +#ifdef CONFIG_X86
138427 + struct thread_info tinfo;
138428 +#endif
138429 +} __randomize_layout;
138430
138431 #ifdef CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT
138432 -extern int arch_task_struct_size __read_mostly;
138433 +extern size_t arch_task_struct_size __read_mostly;
138434 #else
138435 # define arch_task_struct_size (sizeof(struct task_struct))
138436 #endif
138437
138438 +#define MF_PAX_PAGEEXEC 0x01000000 /* Paging based non-executable pages */
138439 +#define MF_PAX_EMUTRAMP 0x02000000 /* Emulate trampolines */
138440 +#define MF_PAX_MPROTECT 0x04000000 /* Restrict mprotect() */
138441 +#define MF_PAX_RANDMMAP 0x08000000 /* Randomize mmap() base */
138442 +/*#define MF_PAX_RANDEXEC 0x10000000*/ /* Randomize ET_EXEC base */
138443 +#define MF_PAX_SEGMEXEC 0x20000000 /* Segmentation based non-executable pages */
138444 +
138445 +#ifdef CONFIG_PAX_SOFTMODE
138446 +extern int pax_softmode;
138447 +#endif
138448 +
138449 +extern int pax_check_flags(unsigned long *);
138450 +#define PAX_PARSE_FLAGS_FALLBACK (~0UL)
138451 +
138452 +/* if tsk != current then task_lock must be held on it */
138453 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
138454 +static inline unsigned long pax_get_flags(struct task_struct *tsk)
138455 +{
138456 + if (likely(tsk->mm))
138457 + return tsk->mm->pax_flags;
138458 + else
138459 + return 0UL;
138460 +}
138461 +
138462 +/* if tsk != current then task_lock must be held on it */
138463 +static inline long pax_set_flags(struct task_struct *tsk, unsigned long flags)
138464 +{
138465 + if (likely(tsk->mm)) {
138466 + tsk->mm->pax_flags = flags;
138467 + return 0;
138468 + }
138469 + return -EINVAL;
138470 +}
138471 +#endif
138472 +
138473 +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
138474 +extern void pax_set_initial_flags(struct linux_binprm *bprm);
138475 +#elif defined(CONFIG_PAX_HOOK_ACL_FLAGS)
138476 +extern void (*pax_set_initial_flags_func)(struct linux_binprm *bprm);
138477 +#endif
138478 +
138479 +#ifdef CONFIG_PAX_SIZE_OVERFLOW
138480 +extern bool pax_size_overflow_report_only;
138481 +#endif
138482 +
138483 +struct path;
138484 +extern char *pax_get_path(const struct path *path, char *buf, int buflen);
138485 +extern void pax_report_fault(struct pt_regs *regs, void *pc, void *sp);
138486 +extern void pax_report_insns(struct pt_regs *regs, void *pc, void *sp);
138487 +extern void pax_report_refcount_error(struct pt_regs *regs, const char *kind);
138488 +
138489 /* Future-safe accessor for struct task_struct's cpus_allowed. */
138490 #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed)
138491
138492 @@ -2051,7 +2165,7 @@ struct pid_namespace;
138493 pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type,
138494 struct pid_namespace *ns);
138495
138496 -static inline pid_t task_pid_nr(struct task_struct *tsk)
138497 +static inline pid_t task_pid_nr(const struct task_struct *tsk)
138498 {
138499 return tsk->pid;
138500 }
138501 @@ -2418,6 +2532,48 @@ extern u64 sched_clock_cpu(int cpu);
138502
138503 extern void sched_clock_init(void);
138504
138505 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
138506 +static inline void populate_stack(void *stack, unsigned int size)
138507 +{
138508 + int c;
138509 + int *ptr = stack;
138510 + int *end = stack + size;
138511 +
138512 + while (ptr < end) {
138513 + c = *(volatile int *)ptr;
138514 + (void)c;
138515 + ptr += PAGE_SIZE/sizeof(int);
138516 + }
138517 +}
138518 +#else
138519 +static inline void populate_stack(void *stack, unsigned int size)
138520 +{
138521 +}
138522 +#endif
138523 +
138524 +#ifdef CONFIG_GRKERNSEC
138525 +static inline bool current_is_ptracer(struct task_struct *task, u64 *exec_id)
138526 +{
138527 + bool ret = false;
138528 + if (!task->ptrace)
138529 + return ret;
138530 +
138531 + rcu_read_lock();
138532 + read_lock(&tasklist_lock);
138533 + if (task->parent && task->parent == current) {
138534 + ret = true;
138535 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
138536 + if (exec_id)
138537 + *exec_id = task->parent->exec_id;
138538 +#endif
138539 + }
138540 + read_unlock(&tasklist_lock);
138541 + rcu_read_unlock();
138542 +
138543 + return ret;
138544 +}
138545 +#endif
138546 +
138547 #ifndef CONFIG_HAVE_UNSTABLE_SCHED_CLOCK
138548 static inline void sched_clock_tick(void)
138549 {
138550 @@ -2573,7 +2729,9 @@ extern void set_curr_task(int cpu, struct task_struct *p);
138551 void yield(void);
138552
138553 union thread_union {
138554 +#ifndef CONFIG_X86
138555 struct thread_info thread_info;
138556 +#endif
138557 unsigned long stack[THREAD_SIZE/sizeof(long)];
138558 };
138559
138560 @@ -2606,6 +2764,7 @@ extern struct pid_namespace init_pid_ns;
138561 */
138562
138563 extern struct task_struct *find_task_by_vpid(pid_t nr);
138564 +extern struct task_struct *find_task_by_vpid_unrestricted(pid_t nr);
138565 extern struct task_struct *find_task_by_pid_ns(pid_t nr,
138566 struct pid_namespace *ns);
138567
138568 @@ -2637,7 +2796,7 @@ extern void proc_caches_init(void);
138569 extern void flush_signals(struct task_struct *);
138570 extern void ignore_signals(struct task_struct *);
138571 extern void flush_signal_handlers(struct task_struct *, int force_default);
138572 -extern int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info);
138573 +extern int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info) __must_hold(&tsk->sighand->siglock);
138574
138575 static inline int kernel_dequeue_signal(siginfo_t *info)
138576 {
138577 @@ -2889,7 +3048,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
138578 extern void exit_itimers(struct signal_struct *);
138579 extern void flush_itimer_signals(void);
138580
138581 -extern void do_group_exit(int);
138582 +extern __noreturn void do_group_exit(int);
138583
138584 extern int do_execve(struct filename *,
138585 const char __user * const __user *,
138586 @@ -3004,11 +3163,13 @@ static inline int thread_group_empty(struct task_struct *p)
138587 * It must not be nested with write_lock_irq(&tasklist_lock),
138588 * neither inside nor outside.
138589 */
138590 +static inline void task_lock(struct task_struct *p) __acquires(&p->alloc_lock);
138591 static inline void task_lock(struct task_struct *p)
138592 {
138593 spin_lock(&p->alloc_lock);
138594 }
138595
138596 +static inline void task_unlock(struct task_struct *p) __releases(&p->alloc_lock);
138597 static inline void task_unlock(struct task_struct *p)
138598 {
138599 spin_unlock(&p->alloc_lock);
138600 @@ -3094,9 +3255,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
138601 #define task_stack_end_corrupted(task) \
138602 (*(end_of_stack(task)) != STACK_END_MAGIC)
138603
138604 -static inline int object_is_on_stack(void *obj)
138605 +static inline int object_starts_on_stack(const void *obj)
138606 {
138607 - void *stack = task_stack_page(current);
138608 + const void *stack = task_stack_page(current);
138609
138610 return (obj >= stack) && (obj < (stack + THREAD_SIZE));
138611 }
138612 @@ -3473,7 +3634,7 @@ static inline unsigned long rlimit_max(unsigned int limit)
138613 struct update_util_data {
138614 void (*func)(struct update_util_data *data,
138615 u64 time, unsigned long util, unsigned long max);
138616 -};
138617 +} __no_const;
138618
138619 void cpufreq_add_update_util_hook(int cpu, struct update_util_data *data,
138620 void (*func)(struct update_util_data *data, u64 time,
138621 diff --git a/include/linux/scif.h b/include/linux/scif.h
138622 index 49a35d6..c6209dd 100644
138623 --- a/include/linux/scif.h
138624 +++ b/include/linux/scif.h
138625 @@ -156,7 +156,7 @@ struct scif_client {
138626 void (*probe)(struct scif_peer_dev *spdev);
138627 void (*remove)(struct scif_peer_dev *spdev);
138628 struct subsys_interface si;
138629 -};
138630 +} __do_const;
138631
138632 #define SCIF_OPEN_FAILED ((scif_epd_t)-1)
138633 #define SCIF_REGISTER_FAILED ((off_t)-1)
138634 diff --git a/include/linux/security.h b/include/linux/security.h
138635 index 7831cd5..9e82896 100644
138636 --- a/include/linux/security.h
138637 +++ b/include/linux/security.h
138638 @@ -30,6 +30,7 @@
138639 #include <linux/string.h>
138640 #include <linux/mm.h>
138641 #include <linux/fs.h>
138642 +#include <linux/grsecurity.h>
138643
138644 struct linux_binprm;
138645 struct cred;
138646 diff --git a/include/linux/sem.h b/include/linux/sem.h
138647 index d0efd6e..c68948c 100644
138648 --- a/include/linux/sem.h
138649 +++ b/include/linux/sem.h
138650 @@ -22,7 +22,7 @@ struct sem_array {
138651 int sem_nsems; /* no. of semaphores in array */
138652 int complex_count; /* pending complex operations */
138653 bool complex_mode; /* no parallel simple ops */
138654 -};
138655 +} __randomize_layout;
138656
138657 #ifdef CONFIG_SYSVIPC
138658
138659 diff --git a/include/linux/semaphore.h b/include/linux/semaphore.h
138660 index dc368b8..e895209 100644
138661 --- a/include/linux/semaphore.h
138662 +++ b/include/linux/semaphore.h
138663 @@ -37,7 +37,7 @@ static inline void sema_init(struct semaphore *sem, int val)
138664 }
138665
138666 extern void down(struct semaphore *sem);
138667 -extern int __must_check down_interruptible(struct semaphore *sem);
138668 +extern int __must_check down_interruptible(struct semaphore *sem) __intentional_overflow(-1);
138669 extern int __must_check down_killable(struct semaphore *sem);
138670 extern int __must_check down_trylock(struct semaphore *sem);
138671 extern int __must_check down_timeout(struct semaphore *sem, long jiffies);
138672 diff --git a/include/linux/seq_buf.h b/include/linux/seq_buf.h
138673 index fb7eb9c..fcfd102 100644
138674 --- a/include/linux/seq_buf.h
138675 +++ b/include/linux/seq_buf.h
138676 @@ -16,7 +16,7 @@
138677 * @readpos: The next position to read in the buffer.
138678 */
138679 struct seq_buf {
138680 - char *buffer;
138681 + unsigned char *buffer;
138682 size_t size;
138683 size_t len;
138684 loff_t readpos;
138685 @@ -78,7 +78,7 @@ static inline unsigned int seq_buf_used(struct seq_buf *s)
138686 * Return the number of bytes available in the buffer, or zero if
138687 * there's no space.
138688 */
138689 -static inline size_t seq_buf_get_buf(struct seq_buf *s, char **bufp)
138690 +static inline size_t seq_buf_get_buf(struct seq_buf *s, unsigned char **bufp)
138691 {
138692 WARN_ON(s->len > s->size + 1);
138693
138694 diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h
138695 index f3d45dd..4539816 100644
138696 --- a/include/linux/seq_file.h
138697 +++ b/include/linux/seq_file.h
138698 @@ -25,6 +25,9 @@ struct seq_file {
138699 const struct seq_operations *op;
138700 int poll_event;
138701 const struct file *file;
138702 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
138703 + u64 exec_id;
138704 +#endif
138705 void *private;
138706 };
138707
138708 @@ -34,6 +37,7 @@ struct seq_operations {
138709 void * (*next) (struct seq_file *m, void *v, loff_t *pos);
138710 int (*show) (struct seq_file *m, void *v);
138711 };
138712 +typedef struct seq_operations __no_const seq_operations_no_const;
138713
138714 #define SEQ_SKIP 1
138715
138716 @@ -106,6 +110,7 @@ void seq_pad(struct seq_file *m, char c);
138717
138718 char *mangle_path(char *s, const char *p, const char *esc);
138719 int seq_open(struct file *, const struct seq_operations *);
138720 +int seq_open_restrict(struct file *, const struct seq_operations *);
138721 ssize_t seq_read(struct file *, char __user *, size_t, loff_t *);
138722 loff_t seq_lseek(struct file *, loff_t, int);
138723 int seq_release(struct inode *, struct file *);
138724 @@ -133,6 +138,7 @@ int seq_path_root(struct seq_file *m, const struct path *path,
138725 const struct path *root, const char *esc);
138726
138727 int single_open(struct file *, int (*)(struct seq_file *, void *), void *);
138728 +int single_open_restrict(struct file *, int (*)(struct seq_file *, void *), void *);
138729 int single_open_size(struct file *, int (*)(struct seq_file *, void *), void *, size_t);
138730 int single_release(struct inode *, struct file *);
138731 void *__seq_open_private(struct file *, const struct seq_operations *, int);
138732 diff --git a/include/linux/seqlock.h b/include/linux/seqlock.h
138733 index ead9765..2379f94 100644
138734 --- a/include/linux/seqlock.h
138735 +++ b/include/linux/seqlock.h
138736 @@ -443,42 +443,49 @@ static inline unsigned read_seqretry(const seqlock_t *sl, unsigned start)
138737 * Acts like a normal spin_lock/unlock.
138738 * Don't need preempt_disable() because that is in the spin_lock already.
138739 */
138740 +static inline void write_seqlock(seqlock_t *sl) __acquires(sl);
138741 static inline void write_seqlock(seqlock_t *sl)
138742 {
138743 spin_lock(&sl->lock);
138744 write_seqcount_begin(&sl->seqcount);
138745 }
138746
138747 +static inline void write_sequnlock(seqlock_t *sl) __releases(sl);
138748 static inline void write_sequnlock(seqlock_t *sl)
138749 {
138750 write_seqcount_end(&sl->seqcount);
138751 spin_unlock(&sl->lock);
138752 }
138753
138754 +static inline void write_seqlock_bh(seqlock_t *sl) __acquires(sl);
138755 static inline void write_seqlock_bh(seqlock_t *sl)
138756 {
138757 spin_lock_bh(&sl->lock);
138758 write_seqcount_begin(&sl->seqcount);
138759 }
138760
138761 +static inline void write_sequnlock_bh(seqlock_t *sl) __releases(sl);
138762 static inline void write_sequnlock_bh(seqlock_t *sl)
138763 {
138764 write_seqcount_end(&sl->seqcount);
138765 spin_unlock_bh(&sl->lock);
138766 }
138767
138768 +static inline void write_seqlock_irq(seqlock_t *sl) __acquires(sl);
138769 static inline void write_seqlock_irq(seqlock_t *sl)
138770 {
138771 spin_lock_irq(&sl->lock);
138772 write_seqcount_begin(&sl->seqcount);
138773 }
138774
138775 +static inline void write_sequnlock_irq(seqlock_t *sl) __releases(sl);
138776 static inline void write_sequnlock_irq(seqlock_t *sl)
138777 {
138778 write_seqcount_end(&sl->seqcount);
138779 spin_unlock_irq(&sl->lock);
138780 }
138781
138782 +static inline unsigned long __write_seqlock_irqsave(seqlock_t *sl) __acquires(sl);
138783 static inline unsigned long __write_seqlock_irqsave(seqlock_t *sl)
138784 {
138785 unsigned long flags;
138786 @@ -491,6 +498,7 @@ static inline unsigned long __write_seqlock_irqsave(seqlock_t *sl)
138787 #define write_seqlock_irqsave(lock, flags) \
138788 do { flags = __write_seqlock_irqsave(lock); } while (0)
138789
138790 +static inline void write_sequnlock_irqrestore(seqlock_t *sl, unsigned long flags) __releases(sl);
138791 static inline void
138792 write_sequnlock_irqrestore(seqlock_t *sl, unsigned long flags)
138793 {
138794 @@ -503,11 +511,13 @@ write_sequnlock_irqrestore(seqlock_t *sl, unsigned long flags)
138795 * but doesn't update the sequence number. Acts like a normal spin_lock/unlock.
138796 * Don't need preempt_disable() because that is in the spin_lock already.
138797 */
138798 +static inline void read_seqlock_excl(seqlock_t *sl) __acquires(sl);
138799 static inline void read_seqlock_excl(seqlock_t *sl)
138800 {
138801 spin_lock(&sl->lock);
138802 }
138803
138804 +static inline void read_sequnlock_excl(seqlock_t *sl) __releases(sl);
138805 static inline void read_sequnlock_excl(seqlock_t *sl)
138806 {
138807 spin_unlock(&sl->lock);
138808 diff --git a/include/linux/shm.h b/include/linux/shm.h
138809 index 04e8818..af85805 100644
138810 --- a/include/linux/shm.h
138811 +++ b/include/linux/shm.h
138812 @@ -22,7 +22,11 @@ struct shmid_kernel /* private to the kernel */
138813 /* The task created the shm object. NULL if the task is dead. */
138814 struct task_struct *shm_creator;
138815 struct list_head shm_clist; /* list by creator */
138816 -};
138817 +#ifdef CONFIG_GRKERNSEC
138818 + u64 shm_createtime;
138819 + pid_t shm_lapid;
138820 +#endif
138821 +} __randomize_layout;
138822
138823 /* shm_mode upper byte flags */
138824 #define SHM_DEST 01000 /* segment will be destroyed on last detach */
138825 diff --git a/include/linux/signal.h b/include/linux/signal.h
138826 index b63f63e..fe39718 100644
138827 --- a/include/linux/signal.h
138828 +++ b/include/linux/signal.h
138829 @@ -303,7 +303,7 @@ static inline void allow_signal(int sig)
138830 * know it'll be handled, so that they don't get converted to
138831 * SIGKILL or just silently dropped.
138832 */
138833 - kernel_sigaction(sig, (__force __sighandler_t)2);
138834 + kernel_sigaction(sig, (__force_user __sighandler_t)2);
138835 }
138836
138837 static inline void disallow_signal(int sig)
138838 diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
138839 index 0f665cb..fa26c21 100644
138840 --- a/include/linux/skbuff.h
138841 +++ b/include/linux/skbuff.h
138842 @@ -906,7 +906,7 @@ struct sk_buff *__alloc_skb(unsigned int size, gfp_t priority, int flags,
138843 int node);
138844 struct sk_buff *__build_skb(void *data, unsigned int frag_size);
138845 struct sk_buff *build_skb(void *data, unsigned int frag_size);
138846 -static inline struct sk_buff *alloc_skb(unsigned int size,
138847 +static inline struct sk_buff * __intentional_overflow(0) alloc_skb(unsigned int size,
138848 gfp_t priority)
138849 {
138850 return __alloc_skb(size, priority, 0, NUMA_NO_NODE);
138851 @@ -2215,7 +2215,7 @@ static inline unsigned char *skb_checksum_start(const struct sk_buff *skb)
138852 return skb->head + skb->csum_start;
138853 }
138854
138855 -static inline int skb_transport_offset(const struct sk_buff *skb)
138856 +static inline int __intentional_overflow(0) skb_transport_offset(const struct sk_buff *skb)
138857 {
138858 return skb_transport_header(skb) - skb->data;
138859 }
138860 @@ -2230,7 +2230,7 @@ static inline u32 skb_inner_network_header_len(const struct sk_buff *skb)
138861 return skb->inner_transport_header - skb->inner_network_header;
138862 }
138863
138864 -static inline int skb_network_offset(const struct sk_buff *skb)
138865 +static inline int __intentional_overflow(0) skb_network_offset(const struct sk_buff *skb)
138866 {
138867 return skb_network_header(skb) - skb->data;
138868 }
138869 @@ -2290,7 +2290,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
138870 * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8)
138871 */
138872 #ifndef NET_SKB_PAD
138873 -#define NET_SKB_PAD max(32, L1_CACHE_BYTES)
138874 +#define NET_SKB_PAD max(_AC(32,UL), L1_CACHE_BYTES)
138875 #endif
138876
138877 int ___pskb_trim(struct sk_buff *skb, unsigned int len);
138878 @@ -2997,9 +2997,9 @@ struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, int noblock,
138879 int *err);
138880 unsigned int datagram_poll(struct file *file, struct socket *sock,
138881 struct poll_table_struct *wait);
138882 -int skb_copy_datagram_iter(const struct sk_buff *from, int offset,
138883 +int __intentional_overflow(0) skb_copy_datagram_iter(const struct sk_buff *from, int offset,
138884 struct iov_iter *to, int size);
138885 -static inline int skb_copy_datagram_msg(const struct sk_buff *from, int offset,
138886 +static inline int __intentional_overflow(2,4) skb_copy_datagram_msg(const struct sk_buff *from, int offset,
138887 struct msghdr *msg, int size)
138888 {
138889 return skb_copy_datagram_iter(from, offset, &msg->msg_iter, size);
138890 @@ -3536,6 +3536,9 @@ static inline void nf_reset(struct sk_buff *skb)
138891 nf_bridge_put(skb->nf_bridge);
138892 skb->nf_bridge = NULL;
138893 #endif
138894 +#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
138895 + skb->nf_trace = 0;
138896 +#endif
138897 }
138898
138899 static inline void nf_reset_trace(struct sk_buff *skb)
138900 diff --git a/include/linux/slab.h b/include/linux/slab.h
138901 index 4293808..9bdcc4e 100644
138902 --- a/include/linux/slab.h
138903 +++ b/include/linux/slab.h
138904 @@ -15,14 +15,29 @@
138905 #include <linux/types.h>
138906 #include <linux/workqueue.h>
138907
138908 +#include <linux/err.h>
138909
138910 /*
138911 * Flags to pass to kmem_cache_create().
138912 * The ones marked DEBUG are only valid if CONFIG_DEBUG_SLAB is set.
138913 */
138914 #define SLAB_CONSISTENCY_CHECKS 0x00000100UL /* DEBUG: Perform (expensive) checks on alloc/free */
138915 +
138916 +#ifdef CONFIG_PAX_USERCOPY
138917 +#define SLAB_USERCOPY 0x00000200UL /* PaX: Allow copying objs to/from userland */
138918 +#else
138919 +#define SLAB_USERCOPY 0x00000000UL
138920 +#endif
138921 +
138922 #define SLAB_RED_ZONE 0x00000400UL /* DEBUG: Red zone objs in a cache */
138923 #define SLAB_POISON 0x00000800UL /* DEBUG: Poison objects */
138924 +
138925 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
138926 +#define SLAB_NO_SANITIZE 0x00001000UL /* PaX: Do not sanitize objs on free */
138927 +#else
138928 +#define SLAB_NO_SANITIZE 0x00000000UL
138929 +#endif
138930 +
138931 #define SLAB_HWCACHE_ALIGN 0x00002000UL /* Align objs on cache lines */
138932 #define SLAB_CACHE_DMA 0x00004000UL /* Use GFP_DMA memory */
138933 #define SLAB_STORE_USER 0x00010000UL /* DEBUG: Store the last owner for bug hunting */
138934 @@ -109,10 +124,13 @@
138935 * ZERO_SIZE_PTR can be passed to kfree though in the same way that NULL can.
138936 * Both make kfree a no-op.
138937 */
138938 -#define ZERO_SIZE_PTR ((void *)16)
138939 +#define ZERO_SIZE_PTR \
138940 +({ \
138941 + BUILD_BUG_ON(!(MAX_ERRNO & ~PAGE_MASK));\
138942 + (void *)(-MAX_ERRNO-1L); \
138943 +})
138944
138945 -#define ZERO_OR_NULL_PTR(x) ((unsigned long)(x) <= \
138946 - (unsigned long)ZERO_SIZE_PTR)
138947 +#define ZERO_OR_NULL_PTR(x) ((unsigned long)(x) - 1 >= (unsigned long)ZERO_SIZE_PTR - 1)
138948
138949 #include <linux/kmemleak.h>
138950 #include <linux/kasan.h>
138951 @@ -127,6 +145,9 @@ bool slab_is_available(void);
138952 struct kmem_cache *kmem_cache_create(const char *, size_t, size_t,
138953 unsigned long,
138954 void (*)(void *));
138955 +struct kmem_cache *kmem_cache_create_usercopy(const char *, size_t, size_t,
138956 + unsigned long, size_t, size_t,
138957 + void (*)(void *));
138958 void kmem_cache_destroy(struct kmem_cache *);
138959 int kmem_cache_shrink(struct kmem_cache *);
138960
138961 @@ -146,6 +167,11 @@ void memcg_destroy_kmem_caches(struct mem_cgroup *);
138962 sizeof(struct __struct), __alignof__(struct __struct),\
138963 (__flags), NULL)
138964
138965 +#define KMEM_CACHE_USERCOPY(__struct, __flags, __field) kmem_cache_create_usercopy(#__struct,\
138966 + sizeof(struct __struct), __alignof__(struct __struct),\
138967 + (__flags), offsetof(struct __struct, __field),\
138968 + sizeof(((struct __struct *)0)->__field), NULL)
138969 +
138970 /*
138971 * Common kmalloc functions provided by all allocators
138972 */
138973 @@ -154,18 +180,10 @@ void * __must_check krealloc(const void *, size_t, gfp_t);
138974 void kfree(const void *);
138975 void kzfree(const void *);
138976 size_t ksize(const void *);
138977 +bool is_usercopy_object(const void *ptr);
138978
138979 -#ifdef CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR
138980 const char *__check_heap_object(const void *ptr, unsigned long n,
138981 struct page *page);
138982 -#else
138983 -static inline const char *__check_heap_object(const void *ptr,
138984 - unsigned long n,
138985 - struct page *page)
138986 -{
138987 - return NULL;
138988 -}
138989 -#endif
138990
138991 /*
138992 * Some archs want to perform DMA into kmalloc caches and need a guaranteed
138993 @@ -276,6 +294,10 @@ extern struct kmem_cache *kmalloc_caches[KMALLOC_SHIFT_HIGH + 1];
138994 extern struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1];
138995 #endif
138996
138997 +#ifdef CONFIG_PAX_USERCOPY
138998 +extern struct kmem_cache *kmalloc_usercopy_caches[KMALLOC_SHIFT_HIGH + 1];
138999 +#endif
139000 +
139001 /*
139002 * Figure out which kmalloc slab an allocation of a certain size
139003 * belongs to.
139004 @@ -284,7 +306,7 @@ extern struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1];
139005 * 2 = 129 .. 192 bytes
139006 * n = 2^(n-1)+1 .. 2^n
139007 */
139008 -static __always_inline int kmalloc_index(size_t size)
139009 +static __always_inline __size_overflow(1) int kmalloc_index(size_t size)
139010 {
139011 if (!size)
139012 return 0;
139013 @@ -327,7 +349,7 @@ static __always_inline int kmalloc_index(size_t size)
139014 }
139015 #endif /* !CONFIG_SLOB */
139016
139017 -void *__kmalloc(size_t size, gfp_t flags) __assume_kmalloc_alignment __malloc;
139018 +void *__kmalloc(size_t size, gfp_t flags) __assume_kmalloc_alignment __malloc __alloc_size(1) __size_overflow(1);
139019 void *kmem_cache_alloc(struct kmem_cache *, gfp_t flags) __assume_slab_alignment __malloc;
139020 void kmem_cache_free(struct kmem_cache *, void *);
139021
139022 @@ -351,10 +373,10 @@ static __always_inline void kfree_bulk(size_t size, void **p)
139023 }
139024
139025 #ifdef CONFIG_NUMA
139026 -void *__kmalloc_node(size_t size, gfp_t flags, int node) __assume_kmalloc_alignment __malloc;
139027 +void *__kmalloc_node(size_t size, gfp_t flags, int node) __assume_kmalloc_alignment __malloc __alloc_size(1) __size_overflow(1);
139028 void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node) __assume_slab_alignment __malloc;
139029 #else
139030 -static __always_inline void *__kmalloc_node(size_t size, gfp_t flags, int node)
139031 +static __always_inline void * __alloc_size(1) __size_overflow(1) __kmalloc_node(size_t size, gfp_t flags, int node)
139032 {
139033 return __kmalloc(size, flags);
139034 }
139035 diff --git a/include/linux/slab_def.h b/include/linux/slab_def.h
139036 index 4ad2c5a..ebff702 100644
139037 --- a/include/linux/slab_def.h
139038 +++ b/include/linux/slab_def.h
139039 @@ -40,7 +40,7 @@ struct kmem_cache {
139040 /* 4) cache creation/removal */
139041 const char *name;
139042 struct list_head list;
139043 - int refcount;
139044 + atomic_t refcount;
139045 int object_size;
139046 int align;
139047
139048 @@ -56,10 +56,14 @@ struct kmem_cache {
139049 unsigned long node_allocs;
139050 unsigned long node_frees;
139051 unsigned long node_overflow;
139052 - atomic_t allochit;
139053 - atomic_t allocmiss;
139054 - atomic_t freehit;
139055 - atomic_t freemiss;
139056 + atomic_unchecked_t allochit;
139057 + atomic_unchecked_t allocmiss;
139058 + atomic_unchecked_t freehit;
139059 + atomic_unchecked_t freemiss;
139060 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
139061 + atomic_unchecked_t sanitized;
139062 + atomic_unchecked_t not_sanitized;
139063 +#endif
139064 #ifdef CONFIG_DEBUG_SLAB_LEAK
139065 atomic_t store_user_clean;
139066 #endif
139067 @@ -84,6 +88,9 @@ struct kmem_cache {
139068 unsigned int *random_seq;
139069 #endif
139070
139071 + size_t useroffset; /* USERCOPY region offset */
139072 + size_t usersize; /* USERCOPY region size */
139073 +
139074 struct kmem_cache_node *node[MAX_NUMNODES];
139075 };
139076
139077 diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h
139078 index 75f56c2..97880d2 100644
139079 --- a/include/linux/slub_def.h
139080 +++ b/include/linux/slub_def.h
139081 @@ -74,7 +74,7 @@ struct kmem_cache {
139082 struct kmem_cache_order_objects max;
139083 struct kmem_cache_order_objects min;
139084 gfp_t allocflags; /* gfp flags to use on each alloc */
139085 - int refcount; /* Refcount for slab cache destroy */
139086 + atomic_t refcount; /* Refcount for slab cache destroy */
139087 void (*ctor)(void *);
139088 int inuse; /* Offset to metadata */
139089 int align; /* Alignment */
139090 @@ -108,6 +108,9 @@ struct kmem_cache {
139091 struct kasan_cache kasan_info;
139092 #endif
139093
139094 + size_t useroffset; /* USERCOPY region offset */
139095 + size_t usersize; /* USERCOPY region size */
139096 +
139097 struct kmem_cache_node *node[MAX_NUMNODES];
139098 };
139099
139100 diff --git a/include/linux/smp.h b/include/linux/smp.h
139101 index eccae469..58e69b8 100644
139102 --- a/include/linux/smp.h
139103 +++ b/include/linux/smp.h
139104 @@ -183,7 +183,9 @@ static inline void smp_init(void) { }
139105 #endif
139106
139107 #define get_cpu() ({ preempt_disable(); smp_processor_id(); })
139108 +#define raw_get_cpu() ({ raw_preempt_disable(); raw_smp_processor_id(); })
139109 #define put_cpu() preempt_enable()
139110 +#define raw_put_cpu_no_resched() raw_preempt_enable_no_resched()
139111
139112 /*
139113 * Callback to arch code if there's nosmp or maxcpus=0 on the
139114 diff --git a/include/linux/sock_diag.h b/include/linux/sock_diag.h
139115 index a0596ca0..6c9245f 100644
139116 --- a/include/linux/sock_diag.h
139117 +++ b/include/linux/sock_diag.h
139118 @@ -16,7 +16,7 @@ struct sock_diag_handler {
139119 int (*dump)(struct sk_buff *skb, struct nlmsghdr *nlh);
139120 int (*get_info)(struct sk_buff *skb, struct sock *sk);
139121 int (*destroy)(struct sk_buff *skb, struct nlmsghdr *nlh);
139122 -};
139123 +} __do_const;
139124
139125 int sock_diag_register(const struct sock_diag_handler *h);
139126 void sock_diag_unregister(const struct sock_diag_handler *h);
139127 diff --git a/include/linux/sonet.h b/include/linux/sonet.h
139128 index 680f9a3..f13aeb0 100644
139129 --- a/include/linux/sonet.h
139130 +++ b/include/linux/sonet.h
139131 @@ -7,7 +7,7 @@
139132 #include <uapi/linux/sonet.h>
139133
139134 struct k_sonet_stats {
139135 -#define __HANDLE_ITEM(i) atomic_t i
139136 +#define __HANDLE_ITEM(i) atomic_unchecked_t i
139137 __SONET_ITEMS
139138 #undef __HANDLE_ITEM
139139 };
139140 diff --git a/include/linux/spinlock.h b/include/linux/spinlock.h
139141 index 47dd0ce..3275f16 100644
139142 --- a/include/linux/spinlock.h
139143 +++ b/include/linux/spinlock.h
139144 @@ -142,14 +142,17 @@ do { \
139145 extern int do_raw_spin_trylock(raw_spinlock_t *lock);
139146 extern void do_raw_spin_unlock(raw_spinlock_t *lock) __releases(lock);
139147 #else
139148 -static inline void do_raw_spin_lock(raw_spinlock_t *lock) __acquires(lock)
139149 +static inline void do_raw_spin_lock(raw_spinlock_t *lock) __acquires(lock);
139150 +static inline void do_raw_spin_lock(raw_spinlock_t *lock)
139151 {
139152 __acquire(lock);
139153 arch_spin_lock(&lock->raw_lock);
139154 }
139155
139156 static inline void
139157 -do_raw_spin_lock_flags(raw_spinlock_t *lock, unsigned long *flags) __acquires(lock)
139158 +do_raw_spin_lock_flags(raw_spinlock_t *lock, unsigned long *flags) __acquires(lock);
139159 +static inline void
139160 +do_raw_spin_lock_flags(raw_spinlock_t *lock, unsigned long *flags)
139161 {
139162 __acquire(lock);
139163 arch_spin_lock_flags(&lock->raw_lock, *flags);
139164 @@ -160,7 +163,8 @@ static inline int do_raw_spin_trylock(raw_spinlock_t *lock)
139165 return arch_spin_trylock(&(lock)->raw_lock);
139166 }
139167
139168 -static inline void do_raw_spin_unlock(raw_spinlock_t *lock) __releases(lock)
139169 +static inline void do_raw_spin_unlock(raw_spinlock_t *lock) __releases(lock);
139170 +static inline void do_raw_spin_unlock(raw_spinlock_t *lock)
139171 {
139172 arch_spin_unlock(&lock->raw_lock);
139173 __release(lock);
139174 @@ -297,11 +301,13 @@ do { \
139175 raw_spin_lock_init(&(_lock)->rlock); \
139176 } while (0)
139177
139178 +static __always_inline void spin_lock(spinlock_t *lock) __acquires(lock);
139179 static __always_inline void spin_lock(spinlock_t *lock)
139180 {
139181 raw_spin_lock(&lock->rlock);
139182 }
139183
139184 +static __always_inline void spin_lock_bh(spinlock_t *lock) __acquires(lock);
139185 static __always_inline void spin_lock_bh(spinlock_t *lock)
139186 {
139187 raw_spin_lock_bh(&lock->rlock);
139188 @@ -327,6 +333,7 @@ do { \
139189 raw_spin_lock_nest_lock(spinlock_check(lock), nest_lock); \
139190 } while (0)
139191
139192 +static __always_inline void spin_lock_irq(spinlock_t *lock) __acquires(lock);
139193 static __always_inline void spin_lock_irq(spinlock_t *lock)
139194 {
139195 raw_spin_lock_irq(&lock->rlock);
139196 @@ -342,21 +349,25 @@ do { \
139197 raw_spin_lock_irqsave_nested(spinlock_check(lock), flags, subclass); \
139198 } while (0)
139199
139200 +static __always_inline void spin_unlock(spinlock_t *lock) __releases(lock);
139201 static __always_inline void spin_unlock(spinlock_t *lock)
139202 {
139203 raw_spin_unlock(&lock->rlock);
139204 }
139205
139206 +static __always_inline void spin_unlock_bh(spinlock_t *lock) __releases(lock);
139207 static __always_inline void spin_unlock_bh(spinlock_t *lock)
139208 {
139209 raw_spin_unlock_bh(&lock->rlock);
139210 }
139211
139212 +static __always_inline void spin_unlock_irq(spinlock_t *lock) __releases(lock);
139213 static __always_inline void spin_unlock_irq(spinlock_t *lock)
139214 {
139215 raw_spin_unlock_irq(&lock->rlock);
139216 }
139217
139218 +static __always_inline void spin_unlock_irqrestore(spinlock_t *lock, unsigned long flags) __releases(lock);
139219 static __always_inline void spin_unlock_irqrestore(spinlock_t *lock, unsigned long flags)
139220 {
139221 raw_spin_unlock_irqrestore(&lock->rlock, flags);
139222 diff --git a/include/linux/srcu.h b/include/linux/srcu.h
139223 index dc8eb63..b4b9482 100644
139224 --- a/include/linux/srcu.h
139225 +++ b/include/linux/srcu.h
139226 @@ -228,7 +228,8 @@ static inline int srcu_read_lock_held(struct srcu_struct *sp)
139227 * srcu_read_unlock() in an irq handler if the matching srcu_read_lock()
139228 * was invoked in process context.
139229 */
139230 -static inline int srcu_read_lock(struct srcu_struct *sp) __acquires(sp)
139231 +static inline int srcu_read_lock(struct srcu_struct *sp) __acquires(sp);
139232 +static inline int srcu_read_lock(struct srcu_struct *sp)
139233 {
139234 int retval;
139235
139236 @@ -246,8 +247,8 @@ static inline int srcu_read_lock(struct srcu_struct *sp) __acquires(sp)
139237 *
139238 * Exit an SRCU read-side critical section.
139239 */
139240 +static inline void srcu_read_unlock(struct srcu_struct *sp, int idx) __releases(sp);
139241 static inline void srcu_read_unlock(struct srcu_struct *sp, int idx)
139242 - __releases(sp)
139243 {
139244 rcu_lock_release(&(sp)->dep_map);
139245 __srcu_read_unlock(sp, idx);
139246 diff --git a/include/linux/string.h b/include/linux/string.h
139247 index 26b6f6a..434ee17 100644
139248 --- a/include/linux/string.h
139249 +++ b/include/linux/string.h
139250 @@ -18,51 +18,51 @@ extern void *memdup_user_nul(const void __user *, size_t);
139251 #include <asm/string.h>
139252
139253 #ifndef __HAVE_ARCH_STRCPY
139254 -extern char * strcpy(char *,const char *);
139255 +extern char * strcpy(char *,const char *) __nocapture(2);
139256 #endif
139257 #ifndef __HAVE_ARCH_STRNCPY
139258 -extern char * strncpy(char *,const char *, __kernel_size_t);
139259 +extern char * strncpy(char *,const char *, __kernel_size_t) __nocapture(2);
139260 #endif
139261 #ifndef __HAVE_ARCH_STRLCPY
139262 -size_t strlcpy(char *, const char *, size_t);
139263 +size_t strlcpy(char *, const char *, size_t) __nocapture(2);
139264 #endif
139265 #ifndef __HAVE_ARCH_STRSCPY
139266 -ssize_t __must_check strscpy(char *, const char *, size_t);
139267 +ssize_t __must_check strscpy(char *, const char *, size_t) __nocapture(2);
139268 #endif
139269 #ifndef __HAVE_ARCH_STRCAT
139270 -extern char * strcat(char *, const char *);
139271 +extern char * strcat(char *, const char *) __nocapture(2);
139272 #endif
139273 #ifndef __HAVE_ARCH_STRNCAT
139274 -extern char * strncat(char *, const char *, __kernel_size_t);
139275 +extern char * strncat(char *, const char *, __kernel_size_t) __nocapture(2);
139276 #endif
139277 #ifndef __HAVE_ARCH_STRLCAT
139278 -extern size_t strlcat(char *, const char *, __kernel_size_t);
139279 +extern size_t strlcat(char *, const char *, __kernel_size_t) __nocapture(2);
139280 #endif
139281 #ifndef __HAVE_ARCH_STRCMP
139282 -extern int strcmp(const char *,const char *);
139283 +extern int strcmp(const char *,const char *) __nocapture();
139284 #endif
139285 #ifndef __HAVE_ARCH_STRNCMP
139286 -extern int strncmp(const char *,const char *,__kernel_size_t);
139287 +extern int strncmp(const char *,const char *,__kernel_size_t) __nocapture(1, 2);
139288 #endif
139289 #ifndef __HAVE_ARCH_STRCASECMP
139290 -extern int strcasecmp(const char *s1, const char *s2);
139291 +extern int strcasecmp(const char *s1, const char *s2) __nocapture();
139292 #endif
139293 #ifndef __HAVE_ARCH_STRNCASECMP
139294 -extern int strncasecmp(const char *s1, const char *s2, size_t n);
139295 +extern int strncasecmp(const char *s1, const char *s2, size_t n) __nocapture(1, 2);
139296 #endif
139297 #ifndef __HAVE_ARCH_STRCHR
139298 -extern char * strchr(const char *,int);
139299 +extern char * strchr(const char *,int) __nocapture(-1);
139300 #endif
139301 #ifndef __HAVE_ARCH_STRCHRNUL
139302 -extern char * strchrnul(const char *,int);
139303 +extern char * strchrnul(const char *,int) __nocapture(-1);
139304 #endif
139305 #ifndef __HAVE_ARCH_STRNCHR
139306 -extern char * strnchr(const char *, size_t, int);
139307 +extern char * strnchr(const char *, size_t, int) __nocapture(-1);
139308 #endif
139309 #ifndef __HAVE_ARCH_STRRCHR
139310 -extern char * strrchr(const char *,int);
139311 +extern char * strrchr(const char *,int) __nocapture(-1);
139312 #endif
139313 -extern char * __must_check skip_spaces(const char *);
139314 +extern char * __must_check skip_spaces(const char *) __nocapture(-1);
139315
139316 extern char *strim(char *);
139317
139318 @@ -72,63 +72,63 @@ static inline __must_check char *strstrip(char *str)
139319 }
139320
139321 #ifndef __HAVE_ARCH_STRSTR
139322 -extern char * strstr(const char *, const char *);
139323 +extern char * strstr(const char *, const char *) __nocapture(-1, 2);
139324 #endif
139325 #ifndef __HAVE_ARCH_STRNSTR
139326 extern char * strnstr(const char *, const char *, size_t);
139327 #endif
139328 #ifndef __HAVE_ARCH_STRLEN
139329 -extern __kernel_size_t strlen(const char *);
139330 +extern __kernel_size_t strlen(const char *) __nocapture(1);
139331 #endif
139332 #ifndef __HAVE_ARCH_STRNLEN
139333 -extern __kernel_size_t strnlen(const char *,__kernel_size_t);
139334 +extern __kernel_size_t strnlen(const char *,__kernel_size_t) __nocapture(1);
139335 #endif
139336 #ifndef __HAVE_ARCH_STRPBRK
139337 -extern char * strpbrk(const char *,const char *);
139338 +extern char * strpbrk(const char *,const char *) __nocapture(-1, 2);
139339 #endif
139340 #ifndef __HAVE_ARCH_STRSEP
139341 -extern char * strsep(char **,const char *);
139342 +extern char * strsep(char **,const char *) __nocapture(2);
139343 #endif
139344 #ifndef __HAVE_ARCH_STRSPN
139345 -extern __kernel_size_t strspn(const char *,const char *);
139346 +extern __kernel_size_t strspn(const char *,const char *) __nocapture();
139347 #endif
139348 #ifndef __HAVE_ARCH_STRCSPN
139349 -extern __kernel_size_t strcspn(const char *,const char *);
139350 +extern __kernel_size_t strcspn(const char *,const char *) __nocapture();
139351 #endif
139352
139353 #ifndef __HAVE_ARCH_MEMSET
139354 extern void * memset(void *,int,__kernel_size_t);
139355 #endif
139356 #ifndef __HAVE_ARCH_MEMCPY
139357 -extern void * memcpy(void *,const void *,__kernel_size_t);
139358 +extern void * memcpy(void *,const void *,__kernel_size_t) __nocapture(2);
139359 #endif
139360 #ifndef __HAVE_ARCH_MEMMOVE
139361 -extern void * memmove(void *,const void *,__kernel_size_t);
139362 +extern void * memmove(void *,const void *,__kernel_size_t) __nocapture(2);
139363 #endif
139364 #ifndef __HAVE_ARCH_MEMSCAN
139365 extern void * memscan(void *,int,__kernel_size_t);
139366 #endif
139367 #ifndef __HAVE_ARCH_MEMCMP
139368 -extern int memcmp(const void *,const void *,__kernel_size_t);
139369 +extern int memcmp(const void *,const void *,__kernel_size_t) __nocapture(1, 2);
139370 #endif
139371 #ifndef __HAVE_ARCH_MEMCHR
139372 -extern void * memchr(const void *,int,__kernel_size_t);
139373 +extern void * memchr(const void *,int,__kernel_size_t) __nocapture(-1);
139374 #endif
139375 -void *memchr_inv(const void *s, int c, size_t n);
139376 +void *memchr_inv(const void *s, int c, size_t n) __nocapture(-1);
139377 char *strreplace(char *s, char old, char new);
139378
139379 extern void kfree_const(const void *x);
139380
139381 -extern char *kstrdup(const char *s, gfp_t gfp) __malloc;
139382 -extern const char *kstrdup_const(const char *s, gfp_t gfp);
139383 -extern char *kstrndup(const char *s, size_t len, gfp_t gfp);
139384 -extern void *kmemdup(const void *src, size_t len, gfp_t gfp);
139385 +extern char *kstrdup(const char *s, gfp_t gfp) __malloc __nocapture(1);
139386 +extern const char *kstrdup_const(const char *s, gfp_t gfp) __nocapture(1);
139387 +extern char *kstrndup(const char *s, size_t len, gfp_t gfp) __nocapture(1);
139388 +extern void *kmemdup(const void *src, size_t len, gfp_t gfp) __nocapture(1);
139389
139390 extern char **argv_split(gfp_t gfp, const char *str, int *argcp);
139391 extern void argv_free(char **argv);
139392
139393 -extern bool sysfs_streq(const char *s1, const char *s2);
139394 -extern int kstrtobool(const char *s, bool *res);
139395 +extern bool sysfs_streq(const char *s1, const char *s2) __nocapture();
139396 +extern int kstrtobool(const char *s, bool *res) __nocapture(1);
139397 static inline int strtobool(const char *s, bool *res)
139398 {
139399 return kstrtobool(s, res);
139400 @@ -137,8 +137,8 @@ static inline int strtobool(const char *s, bool *res)
139401 int match_string(const char * const *array, size_t n, const char *string);
139402
139403 #ifdef CONFIG_BINARY_PRINTF
139404 -int vbin_printf(u32 *bin_buf, size_t size, const char *fmt, va_list args);
139405 -int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf);
139406 +int vbin_printf(u32 *bin_buf, size_t size, const char *fmt, va_list args) __nocapture(3);
139407 +int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) __nocapture(3);
139408 int bprintf(u32 *bin_buf, size_t size, const char *fmt, ...) __printf(3, 4);
139409 #endif
139410
139411 diff --git a/include/linux/sunrpc/addr.h b/include/linux/sunrpc/addr.h
139412 index 5c9c6cd..f16c5c9 100644
139413 --- a/include/linux/sunrpc/addr.h
139414 +++ b/include/linux/sunrpc/addr.h
139415 @@ -23,9 +23,9 @@ static inline unsigned short rpc_get_port(const struct sockaddr *sap)
139416 {
139417 switch (sap->sa_family) {
139418 case AF_INET:
139419 - return ntohs(((struct sockaddr_in *)sap)->sin_port);
139420 + return ntohs(((const struct sockaddr_in *)sap)->sin_port);
139421 case AF_INET6:
139422 - return ntohs(((struct sockaddr_in6 *)sap)->sin6_port);
139423 + return ntohs(((const struct sockaddr_in6 *)sap)->sin6_port);
139424 }
139425 return 0;
139426 }
139427 @@ -58,7 +58,7 @@ static inline bool rpc_cmp_addr4(const struct sockaddr *sap1,
139428 static inline bool __rpc_copy_addr4(struct sockaddr *dst,
139429 const struct sockaddr *src)
139430 {
139431 - const struct sockaddr_in *ssin = (struct sockaddr_in *) src;
139432 + const struct sockaddr_in *ssin = (const struct sockaddr_in *) src;
139433 struct sockaddr_in *dsin = (struct sockaddr_in *) dst;
139434
139435 dsin->sin_family = ssin->sin_family;
139436 @@ -177,7 +177,7 @@ static inline u32 rpc_get_scope_id(const struct sockaddr *sa)
139437 if (sa->sa_family != AF_INET6)
139438 return 0;
139439
139440 - return ((struct sockaddr_in6 *) sa)->sin6_scope_id;
139441 + return ((const struct sockaddr_in6 *) sa)->sin6_scope_id;
139442 }
139443
139444 #endif /* _LINUX_SUNRPC_ADDR_H */
139445 diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h
139446 index 5c02b06..93e07c5 100644
139447 --- a/include/linux/sunrpc/clnt.h
139448 +++ b/include/linux/sunrpc/clnt.h
139449 @@ -103,7 +103,7 @@ struct rpc_procinfo {
139450 unsigned int p_timer; /* Which RTT timer to use */
139451 u32 p_statidx; /* Which procedure to account */
139452 const char * p_name; /* name of procedure */
139453 -};
139454 +} __do_const;
139455
139456 #ifdef __KERNEL__
139457
139458 diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h
139459 index 7321ae9..f37a11e 100644
139460 --- a/include/linux/sunrpc/svc.h
139461 +++ b/include/linux/sunrpc/svc.h
139462 @@ -426,7 +426,7 @@ struct svc_procedure {
139463 unsigned int pc_count; /* call count */
139464 unsigned int pc_cachetype; /* cache info (NFS) */
139465 unsigned int pc_xdrressize; /* maximum size of XDR reply */
139466 -};
139467 +} __do_const;
139468
139469 /*
139470 * Mode for mapping cpus to pools.
139471 diff --git a/include/linux/sunrpc/svc_rdma.h b/include/linux/sunrpc/svc_rdma.h
139472 index d6917b8..e05ca83 100644
139473 --- a/include/linux/sunrpc/svc_rdma.h
139474 +++ b/include/linux/sunrpc/svc_rdma.h
139475 @@ -54,15 +54,15 @@ extern unsigned int svcrdma_max_requests;
139476 extern unsigned int svcrdma_max_bc_requests;
139477 extern unsigned int svcrdma_max_req_size;
139478
139479 -extern atomic_t rdma_stat_recv;
139480 -extern atomic_t rdma_stat_read;
139481 -extern atomic_t rdma_stat_write;
139482 -extern atomic_t rdma_stat_sq_starve;
139483 -extern atomic_t rdma_stat_rq_starve;
139484 -extern atomic_t rdma_stat_rq_poll;
139485 -extern atomic_t rdma_stat_rq_prod;
139486 -extern atomic_t rdma_stat_sq_poll;
139487 -extern atomic_t rdma_stat_sq_prod;
139488 +extern atomic_unchecked_t rdma_stat_recv;
139489 +extern atomic_unchecked_t rdma_stat_read;
139490 +extern atomic_unchecked_t rdma_stat_write;
139491 +extern atomic_unchecked_t rdma_stat_sq_starve;
139492 +extern atomic_unchecked_t rdma_stat_rq_starve;
139493 +extern atomic_unchecked_t rdma_stat_rq_poll;
139494 +extern atomic_unchecked_t rdma_stat_rq_prod;
139495 +extern atomic_unchecked_t rdma_stat_sq_poll;
139496 +extern atomic_unchecked_t rdma_stat_sq_prod;
139497
139498 /*
139499 * Contexts are built when an RDMA request is created and are a
139500 diff --git a/include/linux/sunrpc/svcauth.h b/include/linux/sunrpc/svcauth.h
139501 index d039320..035edad 100644
139502 --- a/include/linux/sunrpc/svcauth.h
139503 +++ b/include/linux/sunrpc/svcauth.h
139504 @@ -128,7 +128,7 @@ struct auth_ops {
139505 int (*release)(struct svc_rqst *rq);
139506 void (*domain_release)(struct auth_domain *);
139507 int (*set_client)(struct svc_rqst *rq);
139508 -};
139509 +} __do_const;
139510
139511 #define SVC_GARBAGE 1
139512 #define SVC_SYSERR 2
139513 diff --git a/include/linux/swapops.h b/include/linux/swapops.h
139514 index 5c3a5f3..84a8bef 100644
139515 --- a/include/linux/swapops.h
139516 +++ b/include/linux/swapops.h
139517 @@ -165,7 +165,7 @@ static inline int is_write_migration_entry(swp_entry_t entry)
139518
139519 #ifdef CONFIG_MEMORY_FAILURE
139520
139521 -extern atomic_long_t num_poisoned_pages __read_mostly;
139522 +extern atomic_long_unchecked_t num_poisoned_pages __read_mostly;
139523
139524 /*
139525 * Support for hardware poisoned pages
139526 @@ -188,22 +188,22 @@ static inline bool test_set_page_hwpoison(struct page *page)
139527
139528 static inline void num_poisoned_pages_inc(void)
139529 {
139530 - atomic_long_inc(&num_poisoned_pages);
139531 + atomic_long_inc_unchecked(&num_poisoned_pages);
139532 }
139533
139534 static inline void num_poisoned_pages_dec(void)
139535 {
139536 - atomic_long_dec(&num_poisoned_pages);
139537 + atomic_long_dec_unchecked(&num_poisoned_pages);
139538 }
139539
139540 static inline void num_poisoned_pages_add(long num)
139541 {
139542 - atomic_long_add(num, &num_poisoned_pages);
139543 + atomic_long_add_unchecked(num, &num_poisoned_pages);
139544 }
139545
139546 static inline void num_poisoned_pages_sub(long num)
139547 {
139548 - atomic_long_sub(num, &num_poisoned_pages);
139549 + atomic_long_sub_unchecked(num, &num_poisoned_pages);
139550 }
139551 #else
139552
139553 diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
139554 index d022390..80f9811 100644
139555 --- a/include/linux/syscalls.h
139556 +++ b/include/linux/syscalls.h
139557 @@ -102,7 +102,14 @@ union bpf_attr;
139558 #define __TYPE_IS_L(t) (__same_type((t)0, 0L))
139559 #define __TYPE_IS_UL(t) (__same_type((t)0, 0UL))
139560 #define __TYPE_IS_LL(t) (__same_type((t)0, 0LL) || __same_type((t)0, 0ULL))
139561 -#define __SC_LONG(t, a) __typeof(__builtin_choose_expr(__TYPE_IS_LL(t), 0LL, 0L)) a
139562 +#define __SC_TYPE(t) __typeof__( \
139563 + __builtin_choose_expr( \
139564 + sizeof(t) > sizeof(int), \
139565 + (t) 0, \
139566 + __builtin_choose_expr(__type_is_unsigned(t), 0UL, 0L) \
139567 + ))
139568 +#define __SC_LONG(t, a) __SC_TYPE(t) a
139569 +#define __SC_WRAP(t, a) (__SC_TYPE(t)) a
139570 #define __SC_CAST(t, a) (t) a
139571 #define __SC_ARGS(t, a) a
139572 #define __SC_TEST(t, a) (void)BUILD_BUG_ON_ZERO(!__TYPE_IS_LL(t) && sizeof(t) > sizeof(long))
139573 @@ -192,17 +199,18 @@ extern struct trace_event_functions exit_syscall_print_funcs;
139574
139575 #define __PROTECT(...) asmlinkage_protect(__VA_ARGS__)
139576 #define __SYSCALL_DEFINEx(x, name, ...) \
139577 - asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) \
139578 - __attribute__((alias(__stringify(SyS##name)))); \
139579 static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__)); \
139580 - asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__)); \
139581 - asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__)) \
139582 + static inline asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__)) \
139583 { \
139584 long ret = SYSC##name(__MAP(x,__SC_CAST,__VA_ARGS__)); \
139585 __MAP(x,__SC_TEST,__VA_ARGS__); \
139586 __PROTECT(x, ret,__MAP(x,__SC_ARGS,__VA_ARGS__)); \
139587 return ret; \
139588 } \
139589 + asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) \
139590 + { \
139591 + return SyS##name(__MAP(x,__SC_WRAP,__VA_ARGS__)); \
139592 + } \
139593 static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__))
139594
139595 asmlinkage long sys32_quotactl(unsigned int cmd, const char __user *special,
139596 @@ -384,11 +392,11 @@ asmlinkage long sys_sync(void);
139597 asmlinkage long sys_fsync(unsigned int fd);
139598 asmlinkage long sys_fdatasync(unsigned int fd);
139599 asmlinkage long sys_bdflush(int func, long data);
139600 -asmlinkage long sys_mount(char __user *dev_name, char __user *dir_name,
139601 - char __user *type, unsigned long flags,
139602 +asmlinkage long sys_mount(const char __user *dev_name, const char __user *dir_name,
139603 + const char __user *type, unsigned long flags,
139604 void __user *data);
139605 -asmlinkage long sys_umount(char __user *name, int flags);
139606 -asmlinkage long sys_oldumount(char __user *name);
139607 +asmlinkage long sys_umount(const char __user *name, int flags);
139608 +asmlinkage long sys_oldumount(const char __user *name);
139609 asmlinkage long sys_truncate(const char __user *path, long length);
139610 asmlinkage long sys_ftruncate(unsigned int fd, unsigned long length);
139611 asmlinkage long sys_stat(const char __user *filename,
139612 @@ -457,7 +465,7 @@ asmlinkage long sys_remap_file_pages(unsigned long start, unsigned long size,
139613 unsigned long prot, unsigned long pgoff,
139614 unsigned long flags);
139615 asmlinkage long sys_msync(unsigned long start, size_t len, int flags);
139616 -asmlinkage long sys_fadvise64(int fd, loff_t offset, size_t len, int advice);
139617 +asmlinkage long sys_fadvise64(int fd, loff_t offset, loff_t len, int advice);
139618 asmlinkage long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice);
139619 asmlinkage long sys_munmap(unsigned long addr, size_t len);
139620 asmlinkage long sys_mlock(unsigned long start, size_t len);
139621 @@ -610,7 +618,7 @@ asmlinkage long sys_getsockname(int, struct sockaddr __user *, int __user *);
139622 asmlinkage long sys_getpeername(int, struct sockaddr __user *, int __user *);
139623 asmlinkage long sys_send(int, void __user *, size_t, unsigned);
139624 asmlinkage long sys_sendto(int, void __user *, size_t, unsigned,
139625 - struct sockaddr __user *, int);
139626 + struct sockaddr __user *, int) __intentional_overflow(0);
139627 asmlinkage long sys_sendmsg(int fd, struct user_msghdr __user *msg, unsigned flags);
139628 asmlinkage long sys_sendmmsg(int fd, struct mmsghdr __user *msg,
139629 unsigned int vlen, unsigned flags);
139630 @@ -669,10 +677,10 @@ asmlinkage long sys_msgctl(int msqid, int cmd, struct msqid_ds __user *buf);
139631
139632 asmlinkage long sys_semget(key_t key, int nsems, int semflg);
139633 asmlinkage long sys_semop(int semid, struct sembuf __user *sops,
139634 - unsigned nsops);
139635 + long nsops);
139636 asmlinkage long sys_semctl(int semid, int semnum, int cmd, unsigned long arg);
139637 asmlinkage long sys_semtimedop(int semid, struct sembuf __user *sops,
139638 - unsigned nsops,
139639 + long nsops,
139640 const struct timespec __user *timeout);
139641 asmlinkage long sys_shmat(int shmid, char __user *shmaddr, int shmflg);
139642 asmlinkage long sys_shmget(key_t key, size_t size, int flag);
139643 @@ -706,7 +714,7 @@ asmlinkage long sys_sysfs(int option,
139644 unsigned long arg1, unsigned long arg2);
139645 asmlinkage long sys_syslog(int type, char __user *buf, int len);
139646 asmlinkage long sys_uselib(const char __user *library);
139647 -asmlinkage long sys_ni_syscall(void);
139648 +asmlinkage long sys_ni_syscall(unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, unsigned long);
139649 asmlinkage long sys_ptrace(long request, long pid, unsigned long addr,
139650 unsigned long data);
139651
139652 @@ -885,7 +893,7 @@ asmlinkage long sys_seccomp(unsigned int op, unsigned int flags,
139653 const char __user *uargs);
139654 asmlinkage long sys_getrandom(char __user *buf, size_t count,
139655 unsigned int flags);
139656 -asmlinkage long sys_bpf(int cmd, union bpf_attr *attr, unsigned int size);
139657 +asmlinkage long sys_bpf(int cmd, union bpf_attr __user *attr, unsigned int size);
139658
139659 asmlinkage long sys_execveat(int dfd, const char __user *filename,
139660 const char __user *const __user *argv,
139661 diff --git a/include/linux/syscore_ops.h b/include/linux/syscore_ops.h
139662 index 27b3b0b..e093dd9 100644
139663 --- a/include/linux/syscore_ops.h
139664 +++ b/include/linux/syscore_ops.h
139665 @@ -16,7 +16,7 @@ struct syscore_ops {
139666 int (*suspend)(void);
139667 void (*resume)(void);
139668 void (*shutdown)(void);
139669 -};
139670 +} __do_const;
139671
139672 extern void register_syscore_ops(struct syscore_ops *ops);
139673 extern void unregister_syscore_ops(struct syscore_ops *ops);
139674 diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
139675 index a4f7203..dcad65f 100644
139676 --- a/include/linux/sysctl.h
139677 +++ b/include/linux/sysctl.h
139678 @@ -40,12 +40,18 @@ typedef int proc_handler (struct ctl_table *ctl, int write,
139679
139680 extern int proc_dostring(struct ctl_table *, int,
139681 void __user *, size_t *, loff_t *);
139682 +extern int proc_dostring_modpriv(struct ctl_table *, int,
139683 + void __user *, size_t *, loff_t *);
139684 extern int proc_dointvec(struct ctl_table *, int,
139685 void __user *, size_t *, loff_t *);
139686 +extern int proc_dointvec_secure(struct ctl_table *, int,
139687 + void __user *, size_t *, loff_t *);
139688 extern int proc_douintvec(struct ctl_table *, int,
139689 void __user *, size_t *, loff_t *);
139690 extern int proc_dointvec_minmax(struct ctl_table *, int,
139691 void __user *, size_t *, loff_t *);
139692 +extern int proc_dointvec_minmax_secure(struct ctl_table *, int,
139693 + void __user *, size_t *, loff_t *);
139694 extern int proc_dointvec_jiffies(struct ctl_table *, int,
139695 void __user *, size_t *, loff_t *);
139696 extern int proc_dointvec_userhz_jiffies(struct ctl_table *, int,
139697 @@ -116,7 +122,8 @@ struct ctl_table
139698 struct ctl_table_poll *poll;
139699 void *extra1;
139700 void *extra2;
139701 -};
139702 +} __do_const __randomize_layout;
139703 +typedef struct ctl_table __no_const ctl_table_no_const;
139704
139705 struct ctl_node {
139706 struct rb_node node;
139707 diff --git a/include/linux/sysfs.h b/include/linux/sysfs.h
139708 index c6f0f0d..e663567 100644
139709 --- a/include/linux/sysfs.h
139710 +++ b/include/linux/sysfs.h
139711 @@ -34,7 +34,8 @@ struct attribute {
139712 struct lock_class_key *key;
139713 struct lock_class_key skey;
139714 #endif
139715 -};
139716 +} __do_const;
139717 +typedef struct attribute __no_const attribute_no_const;
139718
139719 /**
139720 * sysfs_attr_init - initialize a dynamically allocated sysfs attribute
139721 @@ -88,7 +89,8 @@ struct attribute_group {
139722 struct bin_attribute *, int);
139723 struct attribute **attrs;
139724 struct bin_attribute **bin_attrs;
139725 -};
139726 +} __do_const;
139727 +typedef struct attribute_group __no_const attribute_group_no_const;
139728
139729 /**
139730 * Use these macros to make defining attributes easier. See include/linux/device.h
139731 @@ -162,7 +164,8 @@ struct bin_attribute {
139732 char *, loff_t, size_t);
139733 int (*mmap)(struct file *, struct kobject *, struct bin_attribute *attr,
139734 struct vm_area_struct *vma);
139735 -};
139736 +} __do_const;
139737 +typedef struct bin_attribute __no_const bin_attribute_no_const;
139738
139739 /**
139740 * sysfs_bin_attr_init - initialize a dynamically allocated bin_attribute
139741 @@ -512,7 +515,7 @@ static inline void sysfs_notify_dirent(struct kernfs_node *kn)
139742 }
139743
139744 static inline struct kernfs_node *sysfs_get_dirent(struct kernfs_node *parent,
139745 - const unsigned char *name)
139746 + const char *name)
139747 {
139748 return kernfs_find_and_get(parent, name);
139749 }
139750 diff --git a/include/linux/sysrq.h b/include/linux/sysrq.h
139751 index 387fa7d..3fcde6b 100644
139752 --- a/include/linux/sysrq.h
139753 +++ b/include/linux/sysrq.h
139754 @@ -16,6 +16,7 @@
139755
139756 #include <linux/errno.h>
139757 #include <linux/types.h>
139758 +#include <linux/compiler.h>
139759
139760 /* Possible values of bitmask for enabling sysrq functions */
139761 /* 0x0001 is reserved for enable everything */
139762 @@ -33,7 +34,7 @@ struct sysrq_key_op {
139763 char *help_msg;
139764 char *action_msg;
139765 int enable_mask;
139766 -};
139767 +} __do_const;
139768
139769 #ifdef CONFIG_MAGIC_SYSRQ
139770
139771 diff --git a/include/linux/tcp.h b/include/linux/tcp.h
139772 index 7be9b12..66bf0a8 100644
139773 --- a/include/linux/tcp.h
139774 +++ b/include/linux/tcp.h
139775 @@ -68,13 +68,13 @@ struct tcp_fastopen_cookie {
139776
139777 /* This defines a selective acknowledgement block. */
139778 struct tcp_sack_block_wire {
139779 - __be32 start_seq;
139780 - __be32 end_seq;
139781 + __be32 start_seq __intentional_overflow(-1);
139782 + __be32 end_seq __intentional_overflow(-1);
139783 };
139784
139785 struct tcp_sack_block {
139786 - u32 start_seq;
139787 - u32 end_seq;
139788 + u32 start_seq __intentional_overflow(-1);
139789 + u32 end_seq __intentional_overflow(-1);
139790 };
139791
139792 /*These are used to set the sack_ok field in struct tcp_options_received */
139793 @@ -162,7 +162,7 @@ struct tcp_sock {
139794 * total number of data segments in.
139795 */
139796 u32 rcv_nxt; /* What we want to receive next */
139797 - u32 copied_seq; /* Head of yet unread data */
139798 + u32 copied_seq __intentional_overflow(-1); /* Head of yet unread data */
139799 u32 rcv_wup; /* rcv_nxt on last window update sent */
139800 u32 snd_nxt; /* Next sequence we send */
139801 u32 segs_out; /* RFC4898 tcpEStatsPerfSegsOut
139802 @@ -270,7 +270,7 @@ struct tcp_sock {
139803 u32 delivered; /* Total data packets delivered incl. rexmits */
139804
139805 u32 rcv_wnd; /* Current receiver window */
139806 - u32 write_seq; /* Tail(+1) of data held in tcp send buffer */
139807 + u32 write_seq __intentional_overflow(-1); /* Tail(+1) of data held in tcp send buffer */
139808 u32 notsent_lowat; /* TCP_NOTSENT_LOWAT */
139809 u32 pushed_seq; /* Last pushed seq, required to talk to windows */
139810 u32 lost_out; /* Lost packets */
139811 @@ -311,7 +311,7 @@ struct tcp_sock {
139812 int undo_retrans; /* number of undoable retransmissions. */
139813 u32 total_retrans; /* Total retransmits for entire connection */
139814
139815 - u32 urg_seq; /* Seq of received urgent pointer */
139816 + u32 urg_seq __intentional_overflow(-1); /* Seq of received urgent pointer */
139817 unsigned int keepalive_time; /* time before keep alive takes place */
139818 unsigned int keepalive_intvl; /* time interval between keep alive probes */
139819
139820 diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
139821 index 2b5b10e..37b4c2c 100644
139822 --- a/include/linux/thread_info.h
139823 +++ b/include/linux/thread_info.h
139824 @@ -50,6 +50,13 @@ struct restart_block {
139825
139826 extern long do_no_restart_syscall(struct restart_block *parm);
139827
139828 +enum {
139829 + BAD_STACK = -1,
139830 + NOT_STACK = 0,
139831 + GOOD_STACK,
139832 + GOOD_FRAME,
139833 +};
139834 +
139835 #include <linux/bitops.h>
139836 #include <asm/thread_info.h>
139837
139838 @@ -106,11 +113,11 @@ static inline int test_ti_thread_flag(struct thread_info *ti, int flag)
139839 #define tif_need_resched() test_thread_flag(TIF_NEED_RESCHED)
139840
139841 #ifndef CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES
139842 -static inline int arch_within_stack_frames(const void * const stack,
139843 - const void * const stackend,
139844 - const void *obj, unsigned long len)
139845 +static inline int arch_within_stack_frames(unsigned long stack,
139846 + unsigned long stackend,
139847 + unsigned long obj, unsigned long len)
139848 {
139849 - return 0;
139850 + return GOOD_STACK;
139851 }
139852 #endif
139853
139854 diff --git a/include/linux/tty.h b/include/linux/tty.h
139855 index 40144f3..610732a 100644
139856 --- a/include/linux/tty.h
139857 +++ b/include/linux/tty.h
139858 @@ -225,7 +225,7 @@ struct tty_port {
139859 const struct tty_port_operations *ops; /* Port operations */
139860 spinlock_t lock; /* Lock protecting tty field */
139861 int blocked_open; /* Waiting to open */
139862 - int count; /* Usage count */
139863 + atomic_t count; /* Usage count */
139864 wait_queue_head_t open_wait; /* Open waiters */
139865 wait_queue_head_t delta_msr_wait; /* Modem status change */
139866 unsigned long flags; /* User TTY flags ASYNC_ */
139867 @@ -326,7 +326,7 @@ struct tty_struct {
139868 /* If the tty has a pending do_SAK, queue it here - akpm */
139869 struct work_struct SAK_work;
139870 struct tty_port *port;
139871 -};
139872 +} __randomize_layout;
139873
139874 /* Each of a tty's open files has private_data pointing to tty_file_private */
139875 struct tty_file_private {
139876 @@ -646,7 +646,7 @@ extern int tty_port_open(struct tty_port *port,
139877 struct tty_struct *tty, struct file *filp);
139878 static inline int tty_port_users(struct tty_port *port)
139879 {
139880 - return port->count + port->blocked_open;
139881 + return atomic_read(&port->count) + port->blocked_open;
139882 }
139883
139884 extern int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc);
139885 diff --git a/include/linux/tty_driver.h b/include/linux/tty_driver.h
139886 index b742b5e..76dc1fa 100644
139887 --- a/include/linux/tty_driver.h
139888 +++ b/include/linux/tty_driver.h
139889 @@ -291,7 +291,7 @@ struct tty_operations {
139890 void (*poll_put_char)(struct tty_driver *driver, int line, char ch);
139891 #endif
139892 const struct file_operations *proc_fops;
139893 -};
139894 +} __do_const __randomize_layout;
139895
139896 struct tty_driver {
139897 int magic; /* magic number for this structure */
139898 @@ -325,7 +325,7 @@ struct tty_driver {
139899
139900 const struct tty_operations *ops;
139901 struct list_head tty_drivers;
139902 -};
139903 +} __randomize_layout;
139904
139905 extern struct list_head tty_drivers;
139906
139907 diff --git a/include/linux/tty_ldisc.h b/include/linux/tty_ldisc.h
139908 index 3971cf0..7704c48 100644
139909 --- a/include/linux/tty_ldisc.h
139910 +++ b/include/linux/tty_ldisc.h
139911 @@ -202,7 +202,7 @@ struct tty_ldisc_ops {
139912
139913 struct module *owner;
139914
139915 - int refcount;
139916 + atomic_t refcount;
139917 };
139918
139919 struct tty_ldisc {
139920 diff --git a/include/linux/types.h b/include/linux/types.h
139921 index baf7183..161f20f 100644
139922 --- a/include/linux/types.h
139923 +++ b/include/linux/types.h
139924 @@ -159,8 +159,10 @@ typedef unsigned __bitwise__ fmode_t;
139925
139926 #ifdef CONFIG_PHYS_ADDR_T_64BIT
139927 typedef u64 phys_addr_t;
139928 +#define RESOURCE_SIZE_MAX ULLONG_MAX
139929 #else
139930 typedef u32 phys_addr_t;
139931 +#define RESOURCE_SIZE_MAX ULONG_MAX
139932 #endif
139933
139934 typedef phys_addr_t resource_size_t;
139935 @@ -175,10 +177,26 @@ typedef struct {
139936 int counter;
139937 } atomic_t;
139938
139939 +#ifdef CONFIG_PAX_REFCOUNT
139940 +typedef struct {
139941 + int counter;
139942 +} atomic_unchecked_t;
139943 +#else
139944 +typedef atomic_t atomic_unchecked_t;
139945 +#endif
139946 +
139947 #ifdef CONFIG_64BIT
139948 typedef struct {
139949 long counter;
139950 } atomic64_t;
139951 +
139952 +#ifdef CONFIG_PAX_REFCOUNT
139953 +typedef struct {
139954 + long counter;
139955 +} atomic64_unchecked_t;
139956 +#else
139957 +typedef atomic64_t atomic64_unchecked_t;
139958 +#endif
139959 #endif
139960
139961 struct list_head {
139962 diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
139963 index f30c187..d2b4ce2 100644
139964 --- a/include/linux/uaccess.h
139965 +++ b/include/linux/uaccess.h
139966 @@ -109,7 +109,7 @@ extern long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count);
139967 * Returns 0 on success, or -EFAULT.
139968 */
139969 #define probe_kernel_address(addr, retval) \
139970 - probe_kernel_read(&retval, addr, sizeof(retval))
139971 + probe_kernel_read(&(retval), addr, sizeof(retval))
139972
139973 #ifndef user_access_begin
139974 #define user_access_begin() do { } while (0)
139975 diff --git a/include/linux/uidgid.h b/include/linux/uidgid.h
139976 index 25e9d92..1b34fff 100644
139977 --- a/include/linux/uidgid.h
139978 +++ b/include/linux/uidgid.h
139979 @@ -187,4 +187,10 @@ static inline bool kgid_has_mapping(struct user_namespace *ns, kgid_t gid)
139980
139981 #endif /* CONFIG_USER_NS */
139982
139983 +#define GR_GLOBAL_UID(x) from_kuid_munged(&init_user_ns, (x))
139984 +#define GR_GLOBAL_GID(x) from_kgid_munged(&init_user_ns, (x))
139985 +#define gr_is_global_root(x) uid_eq((x), GLOBAL_ROOT_UID)
139986 +#define gr_is_global_nonroot(x) (!uid_eq((x), GLOBAL_ROOT_UID))
139987 +#define gr_is_global_nonroot_gid(x) (!gid_eq((x), GLOBAL_ROOT_GID))
139988 +
139989 #endif /* _LINUX_UIDGID_H */
139990 diff --git a/include/linux/uio_driver.h b/include/linux/uio_driver.h
139991 index 32c0e83..671eb35 100644
139992 --- a/include/linux/uio_driver.h
139993 +++ b/include/linux/uio_driver.h
139994 @@ -67,7 +67,7 @@ struct uio_device {
139995 struct module *owner;
139996 struct device *dev;
139997 int minor;
139998 - atomic_t event;
139999 + atomic_unchecked_t event;
140000 struct fasync_struct *async_queue;
140001 wait_queue_head_t wait;
140002 struct uio_info *info;
140003 diff --git a/include/linux/unaligned/access_ok.h b/include/linux/unaligned/access_ok.h
140004 index 33383ca..44211d6 100644
140005 --- a/include/linux/unaligned/access_ok.h
140006 +++ b/include/linux/unaligned/access_ok.h
140007 @@ -4,34 +4,34 @@
140008 #include <linux/kernel.h>
140009 #include <asm/byteorder.h>
140010
140011 -static __always_inline u16 get_unaligned_le16(const void *p)
140012 +static __always_inline u16 __intentional_overflow(-1) get_unaligned_le16(const void *p)
140013 {
140014 - return le16_to_cpup((__le16 *)p);
140015 + return le16_to_cpup((const __le16 *)p);
140016 }
140017
140018 -static __always_inline u32 get_unaligned_le32(const void *p)
140019 +static __always_inline u32 __intentional_overflow(-1) get_unaligned_le32(const void *p)
140020 {
140021 - return le32_to_cpup((__le32 *)p);
140022 + return le32_to_cpup((const __le32 *)p);
140023 }
140024
140025 -static __always_inline u64 get_unaligned_le64(const void *p)
140026 +static __always_inline u64 __intentional_overflow(-1) get_unaligned_le64(const void *p)
140027 {
140028 - return le64_to_cpup((__le64 *)p);
140029 + return le64_to_cpup((const __le64 *)p);
140030 }
140031
140032 -static __always_inline u16 get_unaligned_be16(const void *p)
140033 +static __always_inline u16 __intentional_overflow(-1) get_unaligned_be16(const void *p)
140034 {
140035 - return be16_to_cpup((__be16 *)p);
140036 + return be16_to_cpup((const __be16 *)p);
140037 }
140038
140039 -static __always_inline u32 get_unaligned_be32(const void *p)
140040 +static __always_inline u32 __intentional_overflow(-1) get_unaligned_be32(const void *p)
140041 {
140042 - return be32_to_cpup((__be32 *)p);
140043 + return be32_to_cpup((const __be32 *)p);
140044 }
140045
140046 -static __always_inline u64 get_unaligned_be64(const void *p)
140047 +static __always_inline u64 __intentional_overflow(-1) get_unaligned_be64(const void *p)
140048 {
140049 - return be64_to_cpup((__be64 *)p);
140050 + return be64_to_cpup((const __be64 *)p);
140051 }
140052
140053 static __always_inline void put_unaligned_le16(u16 val, void *p)
140054 diff --git a/include/linux/usb.h b/include/linux/usb.h
140055 index eba1f10..94c966f 100644
140056 --- a/include/linux/usb.h
140057 +++ b/include/linux/usb.h
140058 @@ -370,7 +370,7 @@ struct usb_bus {
140059 * with the URB_SHORT_NOT_OK flag set.
140060 */
140061 unsigned no_sg_constraint:1; /* no sg constraint */
140062 - unsigned sg_tablesize; /* 0 or largest number of sg list entries */
140063 + unsigned short sg_tablesize; /* 0 or largest number of sg list entries */
140064
140065 int devnum_next; /* Next open device number in
140066 * round-robin allocation */
140067 @@ -599,7 +599,7 @@ struct usb_device {
140068 int maxchild;
140069
140070 u32 quirks;
140071 - atomic_t urbnum;
140072 + atomic_unchecked_t urbnum;
140073
140074 unsigned long active_duration;
140075
140076 @@ -1793,10 +1793,10 @@ void usb_sg_wait(struct usb_sg_request *io);
140077
140078 /* NOTE: these are not the standard USB_ENDPOINT_XFER_* values!! */
140079 /* (yet ... they're the values used by usbfs) */
140080 -#define PIPE_ISOCHRONOUS 0
140081 -#define PIPE_INTERRUPT 1
140082 -#define PIPE_CONTROL 2
140083 -#define PIPE_BULK 3
140084 +#define PIPE_ISOCHRONOUS 0U
140085 +#define PIPE_INTERRUPT 1U
140086 +#define PIPE_CONTROL 2U
140087 +#define PIPE_BULK 3U
140088
140089 #define usb_pipein(pipe) ((pipe) & USB_DIR_IN)
140090 #define usb_pipeout(pipe) (!usb_pipein(pipe))
140091 diff --git a/include/linux/usb/hcd.h b/include/linux/usb/hcd.h
140092 index 66fc137..9602956 100644
140093 --- a/include/linux/usb/hcd.h
140094 +++ b/include/linux/usb/hcd.h
140095 @@ -24,6 +24,7 @@
140096 #include <linux/rwsem.h>
140097 #include <linux/interrupt.h>
140098 #include <linux/idr.h>
140099 +#include <scsi/scsi_host.h>
140100
140101 #define MAX_TOPO_LEVEL 6
140102
140103 diff --git a/include/linux/usb/renesas_usbhs.h b/include/linux/usb/renesas_usbhs.h
140104 index 00a47d0..ed482765 100644
140105 --- a/include/linux/usb/renesas_usbhs.h
140106 +++ b/include/linux/usb/renesas_usbhs.h
140107 @@ -39,7 +39,7 @@ enum {
140108 */
140109 struct renesas_usbhs_driver_callback {
140110 int (*notify_hotplug)(struct platform_device *pdev);
140111 -};
140112 +} __no_const;
140113
140114 /*
140115 * callback functions for platform
140116 diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
140117 index 9217169..61e5eeb 100644
140118 --- a/include/linux/user_namespace.h
140119 +++ b/include/linux/user_namespace.h
140120 @@ -39,7 +39,7 @@ struct user_namespace {
140121 struct key *persistent_keyring_register;
140122 struct rw_semaphore persistent_keyring_register_sem;
140123 #endif
140124 -};
140125 +} __randomize_layout;
140126
140127 extern struct user_namespace init_user_ns;
140128
140129 diff --git a/include/linux/utsname.h b/include/linux/utsname.h
140130 index 5093f58..c103e58 100644
140131 --- a/include/linux/utsname.h
140132 +++ b/include/linux/utsname.h
140133 @@ -25,7 +25,7 @@ struct uts_namespace {
140134 struct new_utsname name;
140135 struct user_namespace *user_ns;
140136 struct ns_common ns;
140137 -};
140138 +} __randomize_layout;
140139 extern struct uts_namespace init_uts_ns;
140140
140141 #ifdef CONFIG_UTS_NS
140142 diff --git a/include/linux/vermagic.h b/include/linux/vermagic.h
140143 index 6f8fbcf..4efc177 100644
140144 --- a/include/linux/vermagic.h
140145 +++ b/include/linux/vermagic.h
140146 @@ -25,9 +25,42 @@
140147 #define MODULE_ARCH_VERMAGIC ""
140148 #endif
140149
140150 +#ifdef CONFIG_PAX_REFCOUNT
140151 +#define MODULE_PAX_REFCOUNT "REFCOUNT "
140152 +#else
140153 +#define MODULE_PAX_REFCOUNT ""
140154 +#endif
140155 +
140156 +#ifdef CONSTIFY_PLUGIN
140157 +#define MODULE_CONSTIFY_PLUGIN "CONSTIFY_PLUGIN "
140158 +#else
140159 +#define MODULE_CONSTIFY_PLUGIN ""
140160 +#endif
140161 +
140162 +#ifdef STACKLEAK_PLUGIN
140163 +#define MODULE_STACKLEAK_PLUGIN "STACKLEAK_PLUGIN "
140164 +#else
140165 +#define MODULE_STACKLEAK_PLUGIN ""
140166 +#endif
140167 +
140168 +#ifdef RANDSTRUCT_PLUGIN
140169 +#include <generated/randomize_layout_hash.h>
140170 +#define MODULE_RANDSTRUCT_PLUGIN "RANDSTRUCT_PLUGIN_" RANDSTRUCT_HASHED_SEED
140171 +#else
140172 +#define MODULE_RANDSTRUCT_PLUGIN
140173 +#endif
140174 +
140175 +#ifdef CONFIG_GRKERNSEC
140176 +#define MODULE_GRSEC "GRSEC "
140177 +#else
140178 +#define MODULE_GRSEC ""
140179 +#endif
140180 +
140181 #define VERMAGIC_STRING \
140182 UTS_RELEASE " " \
140183 MODULE_VERMAGIC_SMP MODULE_VERMAGIC_PREEMPT \
140184 MODULE_VERMAGIC_MODULE_UNLOAD MODULE_VERMAGIC_MODVERSIONS \
140185 - MODULE_ARCH_VERMAGIC
140186 + MODULE_ARCH_VERMAGIC \
140187 + MODULE_PAX_REFCOUNT MODULE_CONSTIFY_PLUGIN MODULE_STACKLEAK_PLUGIN \
140188 + MODULE_GRSEC MODULE_RANDSTRUCT_PLUGIN
140189
140190 diff --git a/include/linux/vga_switcheroo.h b/include/linux/vga_switcheroo.h
140191 index 960bedb..1616043 100644
140192 --- a/include/linux/vga_switcheroo.h
140193 +++ b/include/linux/vga_switcheroo.h
140194 @@ -170,9 +170,9 @@ enum vga_switcheroo_state vga_switcheroo_get_client_state(struct pci_dev *dev);
140195
140196 void vga_switcheroo_set_dynamic_switch(struct pci_dev *pdev, enum vga_switcheroo_state dynamic);
140197
140198 -int vga_switcheroo_init_domain_pm_ops(struct device *dev, struct dev_pm_domain *domain);
140199 +int vga_switcheroo_init_domain_pm_ops(struct device *dev, dev_pm_domain_no_const *domain);
140200 void vga_switcheroo_fini_domain_pm_ops(struct device *dev);
140201 -int vga_switcheroo_init_domain_pm_optimus_hdmi_audio(struct device *dev, struct dev_pm_domain *domain);
140202 +int vga_switcheroo_init_domain_pm_optimus_hdmi_audio(struct device *dev, dev_pm_domain_no_const *domain);
140203 #else
140204
140205 static inline void vga_switcheroo_unregister_client(struct pci_dev *dev) {}
140206 @@ -194,9 +194,9 @@ static inline enum vga_switcheroo_state vga_switcheroo_get_client_state(struct p
140207
140208 static inline void vga_switcheroo_set_dynamic_switch(struct pci_dev *pdev, enum vga_switcheroo_state dynamic) {}
140209
140210 -static inline int vga_switcheroo_init_domain_pm_ops(struct device *dev, struct dev_pm_domain *domain) { return -EINVAL; }
140211 +static inline int vga_switcheroo_init_domain_pm_ops(struct device *dev, dev_pm_domain_no_const *domain) { return -EINVAL; }
140212 static inline void vga_switcheroo_fini_domain_pm_ops(struct device *dev) {}
140213 -static inline int vga_switcheroo_init_domain_pm_optimus_hdmi_audio(struct device *dev, struct dev_pm_domain *domain) { return -EINVAL; }
140214 +static inline int vga_switcheroo_init_domain_pm_optimus_hdmi_audio(struct device *dev, dev_pm_domain_no_const *domain) { return -EINVAL; }
140215
140216 #endif
140217 #endif /* _LINUX_VGA_SWITCHEROO_H_ */
140218 diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h
140219 index 3d9d786..b7e5717 100644
140220 --- a/include/linux/vmalloc.h
140221 +++ b/include/linux/vmalloc.h
140222 @@ -19,6 +19,14 @@ struct notifier_block; /* in notifier.h */
140223 #define VM_UNINITIALIZED 0x00000020 /* vm_struct is not fully initialized */
140224 #define VM_NO_GUARD 0x00000040 /* don't add guard page */
140225 #define VM_KASAN 0x00000080 /* has allocated kasan shadow memory */
140226 +
140227 +#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
140228 +#define VM_KERNEXEC 0x00000100 /* allocate from executable kernel memory range */
140229 +#endif
140230 +
140231 +#define VM_USERCOPY 0x00000200 /* allocation intended for copies to userland */
140232 +
140233 +
140234 /* bits [20..32] reserved for arch specific ioremap internals */
140235
140236 /*
140237 @@ -67,7 +75,11 @@ static inline void vmalloc_init(void)
140238 }
140239 #endif
140240
140241 +#if defined(CONFIG_GRKERNSEC_KSTACKOVERFLOW) && defined(CONFIG_X86_64)
140242 +extern void *vzalloc_irq_stack(void);
140243 +#endif
140244 extern void *vmalloc(unsigned long size);
140245 +extern void *vmalloc_usercopy(unsigned long size);
140246 extern void *vzalloc(unsigned long size);
140247 extern void *vmalloc_user(unsigned long size);
140248 extern void *vmalloc_node(unsigned long size, int node);
140249 @@ -87,6 +99,10 @@ extern void *vmap(struct page **pages, unsigned int count,
140250 unsigned long flags, pgprot_t prot);
140251 extern void vunmap(const void *addr);
140252
140253 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
140254 +extern void unmap_process_stacks(struct task_struct *task);
140255 +#endif
140256 +
140257 extern int remap_vmalloc_range_partial(struct vm_area_struct *vma,
140258 unsigned long uaddr, void *kaddr,
140259 unsigned long size);
140260 @@ -151,7 +167,7 @@ extern void free_vm_area(struct vm_struct *area);
140261
140262 /* for /dev/kmem */
140263 extern long vread(char *buf, char *addr, unsigned long count);
140264 -extern long vwrite(char *buf, char *addr, unsigned long count);
140265 +extern long vwrite(char *buf, char *addr, unsigned long count) __size_overflow(3);
140266
140267 /*
140268 * Internals. Dont't use..
140269 diff --git a/include/linux/vmstat.h b/include/linux/vmstat.h
140270 index 6137719..f925b2f 100644
140271 --- a/include/linux/vmstat.h
140272 +++ b/include/linux/vmstat.h
140273 @@ -107,26 +107,26 @@ static inline void vm_events_fold_cpu(int cpu)
140274 /*
140275 * Zone and node-based page accounting with per cpu differentials.
140276 */
140277 -extern atomic_long_t vm_zone_stat[NR_VM_ZONE_STAT_ITEMS];
140278 -extern atomic_long_t vm_node_stat[NR_VM_NODE_STAT_ITEMS];
140279 +extern atomic_long_unchecked_t vm_zone_stat[NR_VM_ZONE_STAT_ITEMS];
140280 +extern atomic_long_unchecked_t vm_node_stat[NR_VM_NODE_STAT_ITEMS];
140281
140282 static inline void zone_page_state_add(long x, struct zone *zone,
140283 enum zone_stat_item item)
140284 {
140285 - atomic_long_add(x, &zone->vm_stat[item]);
140286 - atomic_long_add(x, &vm_zone_stat[item]);
140287 + atomic_long_add_unchecked(x, &zone->vm_stat[item]);
140288 + atomic_long_add_unchecked(x, &vm_zone_stat[item]);
140289 }
140290
140291 static inline void node_page_state_add(long x, struct pglist_data *pgdat,
140292 enum node_stat_item item)
140293 {
140294 - atomic_long_add(x, &pgdat->vm_stat[item]);
140295 - atomic_long_add(x, &vm_node_stat[item]);
140296 + atomic_long_add_unchecked(x, &pgdat->vm_stat[item]);
140297 + atomic_long_add_unchecked(x, &vm_node_stat[item]);
140298 }
140299
140300 static inline unsigned long global_page_state(enum zone_stat_item item)
140301 {
140302 - long x = atomic_long_read(&vm_zone_stat[item]);
140303 + long x = atomic_long_read_unchecked(&vm_zone_stat[item]);
140304 #ifdef CONFIG_SMP
140305 if (x < 0)
140306 x = 0;
140307 @@ -136,7 +136,7 @@ static inline unsigned long global_page_state(enum zone_stat_item item)
140308
140309 static inline unsigned long global_node_page_state(enum node_stat_item item)
140310 {
140311 - long x = atomic_long_read(&vm_node_stat[item]);
140312 + long x = atomic_long_read_unchecked(&vm_node_stat[item]);
140313 #ifdef CONFIG_SMP
140314 if (x < 0)
140315 x = 0;
140316 @@ -144,10 +144,10 @@ static inline unsigned long global_node_page_state(enum node_stat_item item)
140317 return x;
140318 }
140319
140320 -static inline unsigned long zone_page_state(struct zone *zone,
140321 +static inline unsigned long __intentional_overflow(-1) zone_page_state(struct zone *zone,
140322 enum zone_stat_item item)
140323 {
140324 - long x = atomic_long_read(&zone->vm_stat[item]);
140325 + long x = atomic_long_read_unchecked(&zone->vm_stat[item]);
140326 #ifdef CONFIG_SMP
140327 if (x < 0)
140328 x = 0;
140329 @@ -164,7 +164,7 @@ static inline unsigned long zone_page_state(struct zone *zone,
140330 static inline unsigned long zone_page_state_snapshot(struct zone *zone,
140331 enum zone_stat_item item)
140332 {
140333 - long x = atomic_long_read(&zone->vm_stat[item]);
140334 + long x = atomic_long_read_unchecked(&zone->vm_stat[item]);
140335
140336 #ifdef CONFIG_SMP
140337 int cpu;
140338 @@ -180,7 +180,7 @@ static inline unsigned long zone_page_state_snapshot(struct zone *zone,
140339 static inline unsigned long node_page_state_snapshot(pg_data_t *pgdat,
140340 enum node_stat_item item)
140341 {
140342 - long x = atomic_long_read(&pgdat->vm_stat[item]);
140343 + long x = atomic_long_read_unchecked(&pgdat->vm_stat[item]);
140344
140345 #ifdef CONFIG_SMP
140346 int cpu;
140347 @@ -267,26 +267,26 @@ static inline void __mod_node_page_state(struct pglist_data *pgdat,
140348
140349 static inline void __inc_zone_state(struct zone *zone, enum zone_stat_item item)
140350 {
140351 - atomic_long_inc(&zone->vm_stat[item]);
140352 - atomic_long_inc(&vm_zone_stat[item]);
140353 + atomic_long_inc_unchecked(&zone->vm_stat[item]);
140354 + atomic_long_inc_unchecked(&vm_zone_stat[item]);
140355 }
140356
140357 static inline void __inc_node_state(struct pglist_data *pgdat, enum node_stat_item item)
140358 {
140359 - atomic_long_inc(&pgdat->vm_stat[item]);
140360 - atomic_long_inc(&vm_node_stat[item]);
140361 + atomic_long_inc_unchecked(&pgdat->vm_stat[item]);
140362 + atomic_long_inc_unchecked(&vm_node_stat[item]);
140363 }
140364
140365 static inline void __dec_zone_state(struct zone *zone, enum zone_stat_item item)
140366 {
140367 - atomic_long_dec(&zone->vm_stat[item]);
140368 - atomic_long_dec(&vm_zone_stat[item]);
140369 + atomic_long_dec_unchecked(&zone->vm_stat[item]);
140370 + atomic_long_dec_unchecked(&vm_zone_stat[item]);
140371 }
140372
140373 static inline void __dec_node_state(struct pglist_data *pgdat, enum node_stat_item item)
140374 {
140375 - atomic_long_dec(&pgdat->vm_stat[item]);
140376 - atomic_long_dec(&vm_node_stat[item]);
140377 + atomic_long_dec_unchecked(&pgdat->vm_stat[item]);
140378 + atomic_long_dec_unchecked(&vm_node_stat[item]);
140379 }
140380
140381 static inline void __inc_zone_page_state(struct page *page,
140382 diff --git a/include/linux/writeback.h b/include/linux/writeback.h
140383 index fc1e16c..73b1d36 100644
140384 --- a/include/linux/writeback.h
140385 +++ b/include/linux/writeback.h
140386 @@ -278,8 +278,9 @@ static inline void inode_detach_wb(struct inode *inode)
140387 }
140388
140389 static inline void wbc_attach_and_unlock_inode(struct writeback_control *wbc,
140390 + struct inode *inode) __releases(&inode->i_lock);
140391 +static inline void wbc_attach_and_unlock_inode(struct writeback_control *wbc,
140392 struct inode *inode)
140393 - __releases(&inode->i_lock)
140394 {
140395 spin_unlock(&inode->i_lock);
140396 }
140397 diff --git a/include/linux/xattr.h b/include/linux/xattr.h
140398 index 94079ba..ae4c218 100644
140399 --- a/include/linux/xattr.h
140400 +++ b/include/linux/xattr.h
140401 @@ -35,7 +35,7 @@ struct xattr_handler {
140402 int (*set)(const struct xattr_handler *, struct dentry *dentry,
140403 struct inode *inode, const char *name, const void *buffer,
140404 size_t size, int flags);
140405 -};
140406 +} __do_const;
140407
140408 const char *xattr_full_name(const struct xattr_handler *, const char *);
140409
140410 @@ -46,6 +46,9 @@ struct xattr {
140411 };
140412
140413 ssize_t xattr_getsecurity(struct inode *, const char *, void *, size_t);
140414 +#ifdef CONFIG_PAX_XATTR_PAX_FLAGS
140415 +ssize_t pax_getxattr(struct dentry *, void *, size_t);
140416 +#endif
140417 ssize_t vfs_getxattr(struct dentry *, const char *, void *, size_t);
140418 ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size);
140419 int __vfs_setxattr_noperm(struct dentry *, const char *, const void *, size_t, int);
140420 diff --git a/include/linux/zlib.h b/include/linux/zlib.h
140421 index 92dbbd3..13ab0b3 100644
140422 --- a/include/linux/zlib.h
140423 +++ b/include/linux/zlib.h
140424 @@ -31,6 +31,7 @@
140425 #define _ZLIB_H
140426
140427 #include <linux/zconf.h>
140428 +#include <linux/compiler.h>
140429
140430 /* zlib deflate based on ZLIB_VERSION "1.1.3" */
140431 /* zlib inflate based on ZLIB_VERSION "1.2.3" */
140432 @@ -179,7 +180,7 @@ typedef z_stream *z_streamp;
140433
140434 /* basic functions */
140435
140436 -extern int zlib_deflate_workspacesize (int windowBits, int memLevel);
140437 +extern int zlib_deflate_workspacesize (int windowBits, int memLevel) __intentional_overflow(0);
140438 /*
140439 Returns the number of bytes that needs to be allocated for a per-
140440 stream workspace with the specified parameters. A pointer to this
140441 diff --git a/include/media/v4l2-dev.h b/include/media/v4l2-dev.h
140442 index a122b1b..bcb7940 100644
140443 --- a/include/media/v4l2-dev.h
140444 +++ b/include/media/v4l2-dev.h
140445 @@ -160,7 +160,7 @@ struct v4l2_file_operations {
140446 int (*mmap) (struct file *, struct vm_area_struct *);
140447 int (*open) (struct file *);
140448 int (*release) (struct file *);
140449 -};
140450 +} __do_const;
140451
140452 /*
140453 * Newer version of video_device, handled by videodev2.c
140454 diff --git a/include/media/v4l2-device.h b/include/media/v4l2-device.h
140455 index a9d6aa4..124a822 100644
140456 --- a/include/media/v4l2-device.h
140457 +++ b/include/media/v4l2-device.h
140458 @@ -139,7 +139,7 @@ int __must_check v4l2_device_register(struct device *dev,
140459 * then the name will be set to cx18-0 since cx180 would look really odd.
140460 */
140461 int v4l2_device_set_name(struct v4l2_device *v4l2_dev, const char *basename,
140462 - atomic_t *instance);
140463 + atomic_unchecked_t *instance);
140464
140465 /**
140466 * v4l2_device_disconnect - Change V4L2 device state to disconnected.
140467 diff --git a/include/net/9p/transport.h b/include/net/9p/transport.h
140468 index 5122b5e..598b440 100644
140469 --- a/include/net/9p/transport.h
140470 +++ b/include/net/9p/transport.h
140471 @@ -62,7 +62,7 @@ struct p9_trans_module {
140472 int (*cancelled)(struct p9_client *, struct p9_req_t *req);
140473 int (*zc_request)(struct p9_client *, struct p9_req_t *,
140474 struct iov_iter *, struct iov_iter *, int , int, int);
140475 -};
140476 +} __do_const;
140477
140478 void v9fs_register_trans(struct p9_trans_module *m);
140479 void v9fs_unregister_trans(struct p9_trans_module *m);
140480 diff --git a/include/net/af_unix.h b/include/net/af_unix.h
140481 index fd60ecc..64e2a1e 100644
140482 --- a/include/net/af_unix.h
140483 +++ b/include/net/af_unix.h
140484 @@ -36,7 +36,7 @@ struct unix_skb_parms {
140485 u32 secid; /* Security ID */
140486 #endif
140487 u32 consumed;
140488 -};
140489 +} __randomize_layout;
140490
140491 #define UNIXCB(skb) (*(struct unix_skb_parms *)&((skb)->cb))
140492
140493 diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
140494 index 5ee3c68..54f883a 100644
140495 --- a/include/net/bluetooth/l2cap.h
140496 +++ b/include/net/bluetooth/l2cap.h
140497 @@ -619,7 +619,7 @@ struct l2cap_ops {
140498 struct sk_buff *(*alloc_skb) (struct l2cap_chan *chan,
140499 unsigned long hdr_len,
140500 unsigned long len, int nb);
140501 -};
140502 +} __do_const;
140503
140504 struct l2cap_conn {
140505 struct hci_conn *hcon;
140506 diff --git a/include/net/bonding.h b/include/net/bonding.h
140507 index 6360c25..6eb51ef 100644
140508 --- a/include/net/bonding.h
140509 +++ b/include/net/bonding.h
140510 @@ -707,7 +707,7 @@ extern struct rtnl_link_ops bond_link_ops;
140511
140512 static inline void bond_tx_drop(struct net_device *dev, struct sk_buff *skb)
140513 {
140514 - atomic_long_inc(&dev->tx_dropped);
140515 + atomic_long_inc_unchecked(&dev->tx_dropped);
140516 dev_kfree_skb_any(skb);
140517 }
140518
140519 diff --git a/include/net/caif/cfctrl.h b/include/net/caif/cfctrl.h
140520 index f2ae33d..c457cf0 100644
140521 --- a/include/net/caif/cfctrl.h
140522 +++ b/include/net/caif/cfctrl.h
140523 @@ -52,7 +52,7 @@ struct cfctrl_rsp {
140524 void (*radioset_rsp)(void);
140525 void (*reject_rsp)(struct cflayer *layer, u8 linkid,
140526 struct cflayer *client_layer);
140527 -};
140528 +} __no_const;
140529
140530 /* Link Setup Parameters for CAIF-Links. */
140531 struct cfctrl_link_param {
140532 @@ -101,8 +101,8 @@ struct cfctrl_request_info {
140533 struct cfctrl {
140534 struct cfsrvl serv;
140535 struct cfctrl_rsp res;
140536 - atomic_t req_seq_no;
140537 - atomic_t rsp_seq_no;
140538 + atomic_unchecked_t req_seq_no;
140539 + atomic_unchecked_t rsp_seq_no;
140540 struct list_head list;
140541 /* Protects from simultaneous access to first_req list */
140542 spinlock_t info_list_lock;
140543 diff --git a/include/net/cfg80211-wext.h b/include/net/cfg80211-wext.h
140544 index 25baddc..f9a1374 100644
140545 --- a/include/net/cfg80211-wext.h
140546 +++ b/include/net/cfg80211-wext.h
140547 @@ -22,34 +22,34 @@
140548 */
140549 int cfg80211_wext_giwname(struct net_device *dev,
140550 struct iw_request_info *info,
140551 - char *name, char *extra);
140552 + union iwreq_data *wrqu, char *extra);
140553 int cfg80211_wext_siwmode(struct net_device *dev, struct iw_request_info *info,
140554 - u32 *mode, char *extra);
140555 + union iwreq_data *wrqu, char *extra);
140556 int cfg80211_wext_giwmode(struct net_device *dev, struct iw_request_info *info,
140557 - u32 *mode, char *extra);
140558 + union iwreq_data *wrqu, char *extra);
140559 int cfg80211_wext_siwscan(struct net_device *dev,
140560 struct iw_request_info *info,
140561 union iwreq_data *wrqu, char *extra);
140562 int cfg80211_wext_giwscan(struct net_device *dev,
140563 struct iw_request_info *info,
140564 - struct iw_point *data, char *extra);
140565 + union iwreq_data *wrqu, char *extra);
140566 int cfg80211_wext_giwrange(struct net_device *dev,
140567 struct iw_request_info *info,
140568 - struct iw_point *data, char *extra);
140569 + union iwreq_data *wrqu, char *extra);
140570 int cfg80211_wext_siwrts(struct net_device *dev,
140571 struct iw_request_info *info,
140572 - struct iw_param *rts, char *extra);
140573 + union iwreq_data *wrqu, char *extra);
140574 int cfg80211_wext_giwrts(struct net_device *dev,
140575 struct iw_request_info *info,
140576 - struct iw_param *rts, char *extra);
140577 + union iwreq_data *wrqu, char *extra);
140578 int cfg80211_wext_siwfrag(struct net_device *dev,
140579 struct iw_request_info *info,
140580 - struct iw_param *frag, char *extra);
140581 + union iwreq_data *wrqu, char *extra);
140582 int cfg80211_wext_giwfrag(struct net_device *dev,
140583 struct iw_request_info *info,
140584 - struct iw_param *frag, char *extra);
140585 + union iwreq_data *wrqu, char *extra);
140586 int cfg80211_wext_giwretry(struct net_device *dev,
140587 struct iw_request_info *info,
140588 - struct iw_param *retry, char *extra);
140589 + union iwreq_data *wrqu, char *extra);
140590
140591 #endif /* __NET_CFG80211_WEXT_H */
140592 diff --git a/include/net/cfg802154.h b/include/net/cfg802154.h
140593 index 795ca40..97964b2 100644
140594 --- a/include/net/cfg802154.h
140595 +++ b/include/net/cfg802154.h
140596 @@ -354,7 +354,7 @@ struct wpan_dev {
140597 /* MAC BSN field */
140598 atomic_t bsn;
140599 /* MAC DSN field */
140600 - atomic_t dsn;
140601 + atomic_unchecked_t dsn;
140602
140603 u8 min_be;
140604 u8 max_be;
140605 diff --git a/include/net/fib_rules.h b/include/net/fib_rules.h
140606 index 456e4a6..32ce9c4 100644
140607 --- a/include/net/fib_rules.h
140608 +++ b/include/net/fib_rules.h
140609 @@ -33,8 +33,12 @@ struct fib_rule {
140610 struct rcu_head rcu;
140611 };
140612
140613 +typedef struct rt6_info *(*pol_lookup_t)(struct net *,
140614 + struct fib6_table *,
140615 + struct flowi6 *, int);
140616 +
140617 struct fib_lookup_arg {
140618 - void *lookup_ptr;
140619 + pol_lookup_t lookup_ptr;
140620 void *result;
140621 struct fib_rule *rule;
140622 u32 table;
140623 diff --git a/include/net/flow.h b/include/net/flow.h
140624 index d47ef4b..ab39dc5 100644
140625 --- a/include/net/flow.h
140626 +++ b/include/net/flow.h
140627 @@ -243,7 +243,7 @@ void flow_cache_fini(struct net *net);
140628
140629 void flow_cache_flush(struct net *net);
140630 void flow_cache_flush_deferred(struct net *net);
140631 -extern atomic_t flow_cache_genid;
140632 +extern atomic_unchecked_t flow_cache_genid;
140633
140634 __u32 __get_hash_from_flowi6(const struct flowi6 *fl6, struct flow_keys *keys);
140635
140636 diff --git a/include/net/genetlink.h b/include/net/genetlink.h
140637 index 8d4608c..460372d 100644
140638 --- a/include/net/genetlink.h
140639 +++ b/include/net/genetlink.h
140640 @@ -128,7 +128,7 @@ struct genl_ops {
140641 u8 cmd;
140642 u8 internal_flags;
140643 u8 flags;
140644 -};
140645 +} __do_const;
140646
140647 int __genl_register_family(struct genl_family *family);
140648
140649 diff --git a/include/net/gro_cells.h b/include/net/gro_cells.h
140650 index d15214d..f6de1b4 100644
140651 --- a/include/net/gro_cells.h
140652 +++ b/include/net/gro_cells.h
140653 @@ -25,7 +25,7 @@ static inline int gro_cells_receive(struct gro_cells *gcells, struct sk_buff *sk
140654 cell = this_cpu_ptr(gcells->cells);
140655
140656 if (skb_queue_len(&cell->napi_skbs) > netdev_max_backlog) {
140657 - atomic_long_inc(&dev->rx_dropped);
140658 + atomic_long_inc_unchecked(&dev->rx_dropped);
140659 kfree_skb(skb);
140660 return NET_RX_DROP;
140661 }
140662 diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h
140663 index 49dcad4..6d2c708 100644
140664 --- a/include/net/inet_connection_sock.h
140665 +++ b/include/net/inet_connection_sock.h
140666 @@ -65,7 +65,7 @@ struct inet_connection_sock_af_ops {
140667 int (*bind_conflict)(const struct sock *sk,
140668 const struct inet_bind_bucket *tb, bool relax);
140669 void (*mtu_reduced)(struct sock *sk);
140670 -};
140671 +} __do_const;
140672
140673 /** inet_connection_sock - INET connection oriented sock
140674 *
140675 diff --git a/include/net/inet_sock.h b/include/net/inet_sock.h
140676 index 236a810..0dae469 100644
140677 --- a/include/net/inet_sock.h
140678 +++ b/include/net/inet_sock.h
140679 @@ -44,7 +44,7 @@
140680 struct ip_options {
140681 __be32 faddr;
140682 __be32 nexthop;
140683 - unsigned char optlen;
140684 + unsigned char optlen __intentional_overflow(0);
140685 unsigned char srr;
140686 unsigned char rr;
140687 unsigned char ts;
140688 diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h
140689 index 235c781..160d4a3 100644
140690 --- a/include/net/inetpeer.h
140691 +++ b/include/net/inetpeer.h
140692 @@ -52,7 +52,7 @@ struct inet_peer {
140693 */
140694 union {
140695 struct {
140696 - atomic_t rid; /* Frag reception counter */
140697 + atomic_unchecked_t rid; /* Frag reception counter */
140698 };
140699 struct rcu_head rcu;
140700 struct inet_peer *gc_next;
140701 diff --git a/include/net/ip.h b/include/net/ip.h
140702 index 9742b92..f47d922 100644
140703 --- a/include/net/ip.h
140704 +++ b/include/net/ip.h
140705 @@ -326,7 +326,7 @@ static inline unsigned int ip_skb_dst_mtu(struct sock *sk,
140706 return min(skb_dst(skb)->dev->mtu, IP_MAX_MTU);
140707 }
140708
140709 -u32 ip_idents_reserve(u32 hash, int segs);
140710 +u32 ip_idents_reserve(u32 hash, int segs) __intentional_overflow(-1);
140711 void __ip_select_ident(struct net *net, struct iphdr *iph, int segs);
140712
140713 static inline void ip_select_ident_segs(struct net *net, struct sk_buff *skb,
140714 diff --git a/include/net/ip6_fib.h b/include/net/ip6_fib.h
140715 index fb961a5..754f4432 100644
140716 --- a/include/net/ip6_fib.h
140717 +++ b/include/net/ip6_fib.h
140718 @@ -248,10 +248,6 @@ struct fib6_table {
140719 #define RT6_TABLE_LOCAL RT6_TABLE_MAIN
140720 #endif
140721
140722 -typedef struct rt6_info *(*pol_lookup_t)(struct net *,
140723 - struct fib6_table *,
140724 - struct flowi6 *, int);
140725 -
140726 /*
140727 * exported functions
140728 */
140729 diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h
140730 index 7d4a72e..f4ec499 100644
140731 --- a/include/net/ip_fib.h
140732 +++ b/include/net/ip_fib.h
140733 @@ -175,7 +175,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh);
140734
140735 #define FIB_RES_SADDR(net, res) \
140736 ((FIB_RES_NH(res).nh_saddr_genid == \
140737 - atomic_read(&(net)->ipv4.dev_addr_genid)) ? \
140738 + atomic_read_unchecked(&(net)->ipv4.dev_addr_genid)) ? \
140739 FIB_RES_NH(res).nh_saddr : \
140740 fib_info_update_nh_saddr((net), &FIB_RES_NH(res)))
140741 #define FIB_RES_GW(res) (FIB_RES_NH(res).nh_gw)
140742 diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
140743 index cd6018a..996671f 100644
140744 --- a/include/net/ip_vs.h
140745 +++ b/include/net/ip_vs.h
140746 @@ -543,7 +543,7 @@ struct ip_vs_conn {
140747 struct ip_vs_conn *control; /* Master control connection */
140748 atomic_t n_control; /* Number of controlled ones */
140749 struct ip_vs_dest *dest; /* real server */
140750 - atomic_t in_pkts; /* incoming packet counter */
140751 + atomic_unchecked_t in_pkts; /* incoming packet counter */
140752
140753 /* Packet transmitter for different forwarding methods. If it
140754 * mangles the packet, it must return NF_DROP or better NF_STOLEN,
140755 @@ -664,7 +664,7 @@ struct ip_vs_dest {
140756 __be16 port; /* port number of the server */
140757 union nf_inet_addr addr; /* IP address of the server */
140758 volatile unsigned int flags; /* dest status flags */
140759 - atomic_t conn_flags; /* flags to copy to conn */
140760 + atomic_unchecked_t conn_flags; /* flags to copy to conn */
140761 atomic_t weight; /* server weight */
140762
140763 atomic_t refcnt; /* reference counter */
140764 @@ -931,11 +931,11 @@ struct netns_ipvs {
140765 /* ip_vs_lblc */
140766 int sysctl_lblc_expiration;
140767 struct ctl_table_header *lblc_ctl_header;
140768 - struct ctl_table *lblc_ctl_table;
140769 + ctl_table_no_const *lblc_ctl_table;
140770 /* ip_vs_lblcr */
140771 int sysctl_lblcr_expiration;
140772 struct ctl_table_header *lblcr_ctl_header;
140773 - struct ctl_table *lblcr_ctl_table;
140774 + ctl_table_no_const *lblcr_ctl_table;
140775 /* ip_vs_est */
140776 struct list_head est_list; /* estimator list */
140777 spinlock_t est_lock;
140778 diff --git a/include/net/ipv6.h b/include/net/ipv6.h
140779 index 8fed1cd..3ac5db9 100644
140780 --- a/include/net/ipv6.h
140781 +++ b/include/net/ipv6.h
140782 @@ -788,7 +788,7 @@ static inline __be32 ip6_make_flowlabel(struct net *net, struct sk_buff *skb,
140783 * to minimize possbility that any useful information to an
140784 * attacker is leaked. Only lower 20 bits are relevant.
140785 */
140786 - rol32(hash, 16);
140787 + hash = rol32(hash, 16);
140788
140789 flowlabel = (__force __be32)hash & IPV6_FLOWLABEL_MASK;
140790
140791 diff --git a/include/net/irda/ircomm_tty.h b/include/net/irda/ircomm_tty.h
140792 index 8d4f588..2e37ad2 100644
140793 --- a/include/net/irda/ircomm_tty.h
140794 +++ b/include/net/irda/ircomm_tty.h
140795 @@ -33,6 +33,7 @@
140796 #include <linux/termios.h>
140797 #include <linux/timer.h>
140798 #include <linux/tty.h> /* struct tty_struct */
140799 +#include <asm/local.h>
140800
140801 #include <net/irda/irias_object.h>
140802 #include <net/irda/ircomm_core.h>
140803 diff --git a/include/net/irda/irias_object.h b/include/net/irda/irias_object.h
140804 index 83f7808..a925cf8 100644
140805 --- a/include/net/irda/irias_object.h
140806 +++ b/include/net/irda/irias_object.h
140807 @@ -83,7 +83,7 @@ void irias_insert_object(struct ias_object *obj);
140808 int irias_delete_object(struct ias_object *obj);
140809 int irias_delete_attrib(struct ias_object *obj, struct ias_attrib *attrib,
140810 int cleanobject);
140811 -void __irias_delete_object(struct ias_object *obj);
140812 +void __irias_delete_object(void *_obj);
140813
140814 void irias_add_integer_attrib(struct ias_object *obj, char *name, int value,
140815 int user);
140816 diff --git a/include/net/irda/irlmp.h b/include/net/irda/irlmp.h
140817 index f132924..f80b01d 100644
140818 --- a/include/net/irda/irlmp.h
140819 +++ b/include/net/irda/irlmp.h
140820 @@ -194,6 +194,7 @@ struct irlmp_cb {
140821 /* Prototype declarations */
140822 int irlmp_init(void);
140823 void irlmp_cleanup(void);
140824 +void irlmp_kfree(void *arg);
140825 struct lsap_cb *irlmp_open_lsap(__u8 slsap, notify_t *notify, __u8 pid);
140826 void irlmp_close_lsap( struct lsap_cb *self);
140827
140828 diff --git a/include/net/irda/irlmp_event.h b/include/net/irda/irlmp_event.h
140829 index 9e4ec17..c3247bb 100644
140830 --- a/include/net/irda/irlmp_event.h
140831 +++ b/include/net/irda/irlmp_event.h
140832 @@ -82,9 +82,9 @@ typedef enum {
140833 extern const char *const irlmp_state[];
140834 extern const char *const irlsap_state[];
140835
140836 -void irlmp_watchdog_timer_expired(void *data);
140837 -void irlmp_discovery_timer_expired(void *data);
140838 -void irlmp_idle_timer_expired(void *data);
140839 +void irlmp_watchdog_timer_expired(unsigned long data);
140840 +void irlmp_discovery_timer_expired(unsigned long data);
140841 +void irlmp_idle_timer_expired(unsigned long data);
140842
140843 void irlmp_do_lap_event(struct lap_cb *self, IRLMP_EVENT event,
140844 struct sk_buff *skb);
140845 diff --git a/include/net/irda/timer.h b/include/net/irda/timer.h
140846 index cb2615c..8223ae7 100644
140847 --- a/include/net/irda/timer.h
140848 +++ b/include/net/irda/timer.h
140849 @@ -72,12 +72,10 @@ struct lap_cb;
140850
140851 #define WATCHDOG_TIMEOUT (20*HZ) /* 20 sec */
140852
140853 -typedef void (*TIMER_CALLBACK)(void *);
140854 -
140855 static inline void irda_start_timer(struct timer_list *ptimer, int timeout,
140856 - void* data, TIMER_CALLBACK callback)
140857 + void* data, void (*callback)(unsigned long))
140858 {
140859 - ptimer->function = (void (*)(unsigned long)) callback;
140860 + ptimer->function = callback;
140861 ptimer->data = (unsigned long) data;
140862
140863 /* Set new value for timer (update or add timer).
140864 diff --git a/include/net/iucv/af_iucv.h b/include/net/iucv/af_iucv.h
140865 index 714cc9a..ea05f3e 100644
140866 --- a/include/net/iucv/af_iucv.h
140867 +++ b/include/net/iucv/af_iucv.h
140868 @@ -149,7 +149,7 @@ struct iucv_skb_cb {
140869 struct iucv_sock_list {
140870 struct hlist_head head;
140871 rwlock_t lock;
140872 - atomic_t autobind_name;
140873 + atomic_unchecked_t autobind_name;
140874 };
140875
140876 unsigned int iucv_sock_poll(struct file *file, struct socket *sock,
140877 diff --git a/include/net/llc_c_ac.h b/include/net/llc_c_ac.h
140878 index f3be818..bf46196 100644
140879 --- a/include/net/llc_c_ac.h
140880 +++ b/include/net/llc_c_ac.h
140881 @@ -87,7 +87,7 @@
140882 #define LLC_CONN_AC_STOP_SENDACK_TMR 70
140883 #define LLC_CONN_AC_START_SENDACK_TMR_IF_NOT_RUNNING 71
140884
140885 -typedef int (*llc_conn_action_t)(struct sock *sk, struct sk_buff *skb);
140886 +typedef int (* const llc_conn_action_t)(struct sock *sk, struct sk_buff *skb);
140887
140888 int llc_conn_ac_clear_remote_busy(struct sock *sk, struct sk_buff *skb);
140889 int llc_conn_ac_conn_ind(struct sock *sk, struct sk_buff *skb);
140890 diff --git a/include/net/llc_c_ev.h b/include/net/llc_c_ev.h
140891 index 3948cf1..83b28c4 100644
140892 --- a/include/net/llc_c_ev.h
140893 +++ b/include/net/llc_c_ev.h
140894 @@ -125,8 +125,8 @@ static __inline__ struct llc_conn_state_ev *llc_conn_ev(struct sk_buff *skb)
140895 return (struct llc_conn_state_ev *)skb->cb;
140896 }
140897
140898 -typedef int (*llc_conn_ev_t)(struct sock *sk, struct sk_buff *skb);
140899 -typedef int (*llc_conn_ev_qfyr_t)(struct sock *sk, struct sk_buff *skb);
140900 +typedef int (* const llc_conn_ev_t)(struct sock *sk, struct sk_buff *skb);
140901 +typedef int (* const llc_conn_ev_qfyr_t)(struct sock *sk, struct sk_buff *skb);
140902
140903 int llc_conn_ev_conn_req(struct sock *sk, struct sk_buff *skb);
140904 int llc_conn_ev_data_req(struct sock *sk, struct sk_buff *skb);
140905 diff --git a/include/net/llc_c_st.h b/include/net/llc_c_st.h
140906 index 48f3f89..0e92c50 100644
140907 --- a/include/net/llc_c_st.h
140908 +++ b/include/net/llc_c_st.h
140909 @@ -37,7 +37,7 @@ struct llc_conn_state_trans {
140910 u8 next_state;
140911 const llc_conn_ev_qfyr_t *ev_qualifiers;
140912 const llc_conn_action_t *ev_actions;
140913 -};
140914 +} __do_const;
140915
140916 struct llc_conn_state {
140917 u8 current_state;
140918 diff --git a/include/net/llc_s_ac.h b/include/net/llc_s_ac.h
140919 index a61b98c..aade1eb 100644
140920 --- a/include/net/llc_s_ac.h
140921 +++ b/include/net/llc_s_ac.h
140922 @@ -23,7 +23,7 @@
140923 #define SAP_ACT_TEST_IND 9
140924
140925 /* All action functions must look like this */
140926 -typedef int (*llc_sap_action_t)(struct llc_sap *sap, struct sk_buff *skb);
140927 +typedef int (* const llc_sap_action_t)(struct llc_sap *sap, struct sk_buff *skb);
140928
140929 int llc_sap_action_unitdata_ind(struct llc_sap *sap, struct sk_buff *skb);
140930 int llc_sap_action_send_ui(struct llc_sap *sap, struct sk_buff *skb);
140931 diff --git a/include/net/llc_s_st.h b/include/net/llc_s_st.h
140932 index c4359e2..76dbc4a 100644
140933 --- a/include/net/llc_s_st.h
140934 +++ b/include/net/llc_s_st.h
140935 @@ -20,7 +20,7 @@ struct llc_sap_state_trans {
140936 llc_sap_ev_t ev;
140937 u8 next_state;
140938 const llc_sap_action_t *ev_actions;
140939 -};
140940 +} __do_const;
140941
140942 struct llc_sap_state {
140943 u8 curr_state;
140944 diff --git a/include/net/mac80211.h b/include/net/mac80211.h
140945 index cca510a..04adc84 100644
140946 --- a/include/net/mac80211.h
140947 +++ b/include/net/mac80211.h
140948 @@ -1567,7 +1567,7 @@ enum ieee80211_key_flags {
140949 * @iv_len: The IV length for this key type
140950 */
140951 struct ieee80211_key_conf {
140952 - atomic64_t tx_pn;
140953 + atomic64_unchecked_t tx_pn;
140954 u32 cipher;
140955 u8 icv_len;
140956 u8 iv_len;
140957 @@ -5358,7 +5358,7 @@ struct ieee80211_tx_rate_control {
140958 struct sk_buff *skb;
140959 struct ieee80211_tx_rate reported_rate;
140960 bool rts, short_preamble;
140961 - u8 max_rate_idx;
140962 + s8 max_rate_idx;
140963 u32 rate_idx_mask;
140964 u8 *rate_idx_mcs_mask;
140965 bool bss;
140966 @@ -5395,7 +5395,7 @@ struct rate_control_ops {
140967 void (*remove_sta_debugfs)(void *priv, void *priv_sta);
140968
140969 u32 (*get_expected_throughput)(void *priv_sta);
140970 -};
140971 +} __do_const;
140972
140973 static inline int rate_supported(struct ieee80211_sta *sta,
140974 enum nl80211_band band,
140975 diff --git a/include/net/neighbour.h b/include/net/neighbour.h
140976 index 8b68384..48fe40e 100644
140977 --- a/include/net/neighbour.h
140978 +++ b/include/net/neighbour.h
140979 @@ -142,7 +142,7 @@ struct neighbour {
140980 unsigned int arp_queue_len_bytes;
140981 struct timer_list timer;
140982 unsigned long used;
140983 - atomic_t probes;
140984 + atomic_unchecked_t probes;
140985 __u8 flags;
140986 __u8 nud_state;
140987 __u8 type;
140988 @@ -163,7 +163,7 @@ struct neigh_ops {
140989 void (*error_report)(struct neighbour *, struct sk_buff *);
140990 int (*output)(struct neighbour *, struct sk_buff *);
140991 int (*connected_output)(struct neighbour *, struct sk_buff *);
140992 -};
140993 +} __do_const;
140994
140995 struct pneigh_entry {
140996 struct pneigh_entry *next;
140997 @@ -217,7 +217,7 @@ struct neigh_table {
140998 struct neigh_statistics __percpu *stats;
140999 struct neigh_hash_table __rcu *nht;
141000 struct pneigh_entry **phash_buckets;
141001 -};
141002 +} __randomize_layout;
141003
141004 enum {
141005 NEIGH_ARP_TABLE = 0,
141006 diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
141007 index 0933c74..11d1250 100644
141008 --- a/include/net/net_namespace.h
141009 +++ b/include/net/net_namespace.h
141010 @@ -53,7 +53,7 @@ struct net {
141011 */
141012 spinlock_t rules_mod_lock;
141013
141014 - atomic64_t cookie_gen;
141015 + atomic64_unchecked_t cookie_gen;
141016
141017 struct list_head list; /* list of network namespaces */
141018 struct list_head cleanup_list; /* namespaces on death row */
141019 @@ -141,8 +141,8 @@ struct net {
141020 struct netns_mpls mpls;
141021 #endif
141022 struct sock *diag_nlsk;
141023 - atomic_t fnhe_genid;
141024 -};
141025 + atomic_unchecked_t fnhe_genid;
141026 +} __randomize_layout;
141027
141028 #include <linux/seq_file_net.h>
141029
141030 @@ -277,7 +277,11 @@ static inline struct net *read_pnet(const possible_net_t *pnet)
141031 #define __net_init __init
141032 #define __net_exit __ref
141033 #define __net_initdata __initdata
141034 +#ifdef CONSTIFY_PLUGIN
141035 #define __net_initconst __initconst
141036 +#else
141037 +#define __net_initconst __initdata
141038 +#endif
141039 #endif
141040
141041 int peernet2id_alloc(struct net *net, struct net *peer);
141042 @@ -292,7 +296,7 @@ struct pernet_operations {
141043 void (*exit_batch)(struct list_head *net_exit_list);
141044 int *id;
141045 size_t size;
141046 -};
141047 +} __do_const;
141048
141049 /*
141050 * Use these carefully. If you implement a network device and it
141051 @@ -340,12 +344,12 @@ static inline void unregister_net_sysctl_table(struct ctl_table_header *header)
141052
141053 static inline int rt_genid_ipv4(struct net *net)
141054 {
141055 - return atomic_read(&net->ipv4.rt_genid);
141056 + return atomic_read_unchecked(&net->ipv4.rt_genid);
141057 }
141058
141059 static inline void rt_genid_bump_ipv4(struct net *net)
141060 {
141061 - atomic_inc(&net->ipv4.rt_genid);
141062 + atomic_inc_unchecked(&net->ipv4.rt_genid);
141063 }
141064
141065 extern void (*__fib6_flush_trees)(struct net *net);
141066 @@ -372,12 +376,12 @@ static inline void rt_genid_bump_all(struct net *net)
141067
141068 static inline int fnhe_genid(struct net *net)
141069 {
141070 - return atomic_read(&net->fnhe_genid);
141071 + return atomic_read_unchecked(&net->fnhe_genid);
141072 }
141073
141074 static inline void fnhe_genid_bump(struct net *net)
141075 {
141076 - atomic_inc(&net->fnhe_genid);
141077 + atomic_inc_unchecked(&net->fnhe_genid);
141078 }
141079
141080 #endif /* __NET_NET_NAMESPACE_H */
141081 diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
141082 index 445b019..b776cb2 100644
141083 --- a/include/net/netfilter/nf_conntrack.h
141084 +++ b/include/net/netfilter/nf_conntrack.h
141085 @@ -301,7 +301,7 @@ static inline unsigned long nf_ct_expires(const struct nf_conn *ct)
141086
141087 struct kernel_param;
141088
141089 -int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp);
141090 +int nf_conntrack_set_hashsize(const char *val, const struct kernel_param *kp);
141091 int nf_conntrack_hash_resize(unsigned int hashsize);
141092 extern unsigned int nf_conntrack_htable_size;
141093 extern unsigned int nf_conntrack_max;
141094 diff --git a/include/net/netlabel.h b/include/net/netlabel.h
141095 index efe9806..bec155a 100644
141096 --- a/include/net/netlabel.h
141097 +++ b/include/net/netlabel.h
141098 @@ -669,6 +669,7 @@ static inline int netlbl_skbuff_getattr(const struct sk_buff *skb,
141099 return -ENOSYS;
141100 }
141101 static inline void netlbl_skbuff_err(struct sk_buff *skb,
141102 + u16 family,
141103 int error,
141104 int gateway)
141105 {
141106 diff --git a/include/net/netlink.h b/include/net/netlink.h
141107 index 254a0fc..040f766 100644
141108 --- a/include/net/netlink.h
141109 +++ b/include/net/netlink.h
141110 @@ -532,7 +532,7 @@ static inline void nlmsg_trim(struct sk_buff *skb, const void *mark)
141111 {
141112 if (mark) {
141113 WARN_ON((unsigned char *) mark < skb->data);
141114 - skb_trim(skb, (unsigned char *) mark - skb->data);
141115 + skb_trim(skb, (const unsigned char *) mark - skb->data);
141116 }
141117 }
141118
141119 diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h
141120 index 38b1a80..c2d91f1 100644
141121 --- a/include/net/netns/conntrack.h
141122 +++ b/include/net/netns/conntrack.h
141123 @@ -14,10 +14,10 @@ struct nf_conntrack_ecache;
141124 struct nf_proto_net {
141125 #ifdef CONFIG_SYSCTL
141126 struct ctl_table_header *ctl_table_header;
141127 - struct ctl_table *ctl_table;
141128 + ctl_table_no_const *ctl_table;
141129 #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
141130 struct ctl_table_header *ctl_compat_header;
141131 - struct ctl_table *ctl_compat_table;
141132 + ctl_table_no_const *ctl_compat_table;
141133 #endif
141134 #endif
141135 unsigned int users;
141136 @@ -60,7 +60,7 @@ struct nf_ip_net {
141137 struct nf_icmp_net icmpv6;
141138 #if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)
141139 struct ctl_table_header *ctl_table_header;
141140 - struct ctl_table *ctl_table;
141141 + ctl_table_no_const *ctl_table;
141142 #endif
141143 };
141144
141145 diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
141146 index d061ffe..cc6cdb96 100644
141147 --- a/include/net/netns/ipv4.h
141148 +++ b/include/net/netns/ipv4.h
141149 @@ -119,7 +119,7 @@ struct netns_ipv4 {
141150
141151 struct ping_group_range ping_group_range;
141152
141153 - atomic_t dev_addr_genid;
141154 + atomic_unchecked_t dev_addr_genid;
141155
141156 #ifdef CONFIG_SYSCTL
141157 unsigned long *sysctl_local_reserved_ports;
141158 @@ -136,6 +136,6 @@ struct netns_ipv4 {
141159 #ifdef CONFIG_IP_ROUTE_MULTIPATH
141160 int sysctl_fib_multipath_use_neigh;
141161 #endif
141162 - atomic_t rt_genid;
141163 + atomic_unchecked_t rt_genid;
141164 };
141165 #endif
141166 diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h
141167 index 10d0848..68bc2da 100644
141168 --- a/include/net/netns/ipv6.h
141169 +++ b/include/net/netns/ipv6.h
141170 @@ -83,8 +83,8 @@ struct netns_ipv6 {
141171 struct fib_rules_ops *mr6_rules_ops;
141172 #endif
141173 #endif
141174 - atomic_t dev_addr_genid;
141175 - atomic_t fib6_sernum;
141176 + atomic_unchecked_t dev_addr_genid;
141177 + atomic_unchecked_t fib6_sernum;
141178 };
141179
141180 #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
141181 diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h
141182 index 24cd394..8310b26 100644
141183 --- a/include/net/netns/xfrm.h
141184 +++ b/include/net/netns/xfrm.h
141185 @@ -78,7 +78,7 @@ struct netns_xfrm {
141186
141187 /* flow cache part */
141188 struct flow_cache flow_cache_global;
141189 - atomic_t flow_cache_genid;
141190 + atomic_unchecked_t flow_cache_genid;
141191 struct list_head flow_cache_gc_list;
141192 atomic_t flow_cache_gc_count;
141193 spinlock_t flow_cache_gc_lock;
141194 diff --git a/include/net/ping.h b/include/net/ping.h
141195 index 4cd90d6..4947311 100644
141196 --- a/include/net/ping.h
141197 +++ b/include/net/ping.h
141198 @@ -54,7 +54,7 @@ struct ping_iter_state {
141199
141200 extern struct proto ping_prot;
141201 #if IS_ENABLED(CONFIG_IPV6)
141202 -extern struct pingv6_ops pingv6_ops;
141203 +extern struct pingv6_ops *pingv6_ops;
141204 #endif
141205
141206 struct pingfakehdr {
141207 diff --git a/include/net/protocol.h b/include/net/protocol.h
141208 index bf36ca3..c29da79 100644
141209 --- a/include/net/protocol.h
141210 +++ b/include/net/protocol.h
141211 @@ -49,7 +49,7 @@ struct net_protocol {
141212 * socket lookup?
141213 */
141214 icmp_strict_tag_validation:1;
141215 -};
141216 +} __do_const;
141217
141218 #if IS_ENABLED(CONFIG_IPV6)
141219 struct inet6_protocol {
141220 @@ -62,7 +62,7 @@ struct inet6_protocol {
141221 u8 type, u8 code, int offset,
141222 __be32 info);
141223 unsigned int flags; /* INET6_PROTO_xxx */
141224 -};
141225 +} __do_const;
141226
141227 #define INET6_PROTO_NOPOLICY 0x1
141228 #define INET6_PROTO_FINAL 0x2
141229 diff --git a/include/net/rtnetlink.h b/include/net/rtnetlink.h
141230 index 4113916..afa5d60 100644
141231 --- a/include/net/rtnetlink.h
141232 +++ b/include/net/rtnetlink.h
141233 @@ -103,7 +103,7 @@ struct rtnl_link_ops {
141234 int (*fill_linkxstats)(struct sk_buff *skb,
141235 const struct net_device *dev,
141236 int *prividx, int attr);
141237 -};
141238 +} __do_const;
141239
141240 int __rtnl_link_register(struct rtnl_link_ops *ops);
141241 void __rtnl_link_unregister(struct rtnl_link_ops *ops);
141242 diff --git a/include/net/sctp/checksum.h b/include/net/sctp/checksum.h
141243 index 4a5b9a3..ca27d73 100644
141244 --- a/include/net/sctp/checksum.h
141245 +++ b/include/net/sctp/checksum.h
141246 @@ -61,8 +61,8 @@ static inline __le32 sctp_compute_cksum(const struct sk_buff *skb,
141247 unsigned int offset)
141248 {
141249 struct sctphdr *sh = sctp_hdr(skb);
141250 - __le32 ret, old = sh->checksum;
141251 - const struct skb_checksum_ops ops = {
141252 + __le32 ret, old = sh->checksum;
141253 + static const struct skb_checksum_ops ops = {
141254 .update = sctp_csum_update,
141255 .combine = sctp_csum_combine,
141256 };
141257 diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h
141258 index bafe2a0..f27e53c 100644
141259 --- a/include/net/sctp/sm.h
141260 +++ b/include/net/sctp/sm.h
141261 @@ -80,7 +80,7 @@ typedef void (sctp_timer_event_t) (unsigned long);
141262 typedef struct {
141263 sctp_state_fn_t *fn;
141264 const char *name;
141265 -} sctp_sm_table_entry_t;
141266 +} __do_const sctp_sm_table_entry_t;
141267
141268 /* A naming convention of "sctp_sf_xxx" applies to all the state functions
141269 * currently in use.
141270 @@ -292,7 +292,7 @@ __u32 sctp_generate_tag(const struct sctp_endpoint *);
141271 __u32 sctp_generate_tsn(const struct sctp_endpoint *);
141272
141273 /* Extern declarations for major data structures. */
141274 -extern sctp_timer_event_t *sctp_timer_events[SCTP_NUM_TIMEOUT_TYPES];
141275 +extern sctp_timer_event_t * const sctp_timer_events[SCTP_NUM_TIMEOUT_TYPES];
141276
141277
141278 /* Get the size of a DATA chunk payload. */
141279 diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
141280 index ced0df3..5d02406 100644
141281 --- a/include/net/sctp/structs.h
141282 +++ b/include/net/sctp/structs.h
141283 @@ -514,7 +514,7 @@ struct sctp_pf {
141284 void (*to_sk_saddr)(union sctp_addr *, struct sock *sk);
141285 void (*to_sk_daddr)(union sctp_addr *, struct sock *sk);
141286 struct sctp_af *af;
141287 -};
141288 +} __do_const;
141289
141290
141291 /* Structure to track chunk fragments that have been acked, but peer
141292 diff --git a/include/net/snmp.h b/include/net/snmp.h
141293 index c9228ad..5543dfb 100644
141294 --- a/include/net/snmp.h
141295 +++ b/include/net/snmp.h
141296 @@ -67,7 +67,7 @@ struct icmp_mib {
141297
141298 #define ICMPMSG_MIB_MAX __ICMPMSG_MIB_MAX
141299 struct icmpmsg_mib {
141300 - atomic_long_t mibs[ICMPMSG_MIB_MAX];
141301 + atomic_long_unchecked_t mibs[ICMPMSG_MIB_MAX];
141302 };
141303
141304 /* ICMP6 (IPv6-ICMP) */
141305 @@ -78,17 +78,17 @@ struct icmpv6_mib {
141306 };
141307 /* per device counters, (shared on all cpus) */
141308 struct icmpv6_mib_device {
141309 - atomic_long_t mibs[ICMP6_MIB_MAX];
141310 + atomic_long_unchecked_t mibs[ICMP6_MIB_MAX];
141311 };
141312
141313 #define ICMP6MSG_MIB_MAX __ICMP6MSG_MIB_MAX
141314 /* per network ns counters */
141315 struct icmpv6msg_mib {
141316 - atomic_long_t mibs[ICMP6MSG_MIB_MAX];
141317 + atomic_long_unchecked_t mibs[ICMP6MSG_MIB_MAX];
141318 };
141319 /* per device counters, (shared on all cpus) */
141320 struct icmpv6msg_mib_device {
141321 - atomic_long_t mibs[ICMP6MSG_MIB_MAX];
141322 + atomic_long_unchecked_t mibs[ICMP6MSG_MIB_MAX];
141323 };
141324
141325
141326 @@ -127,7 +127,7 @@ struct linux_xfrm_mib {
141327 __this_cpu_inc(mib->mibs[field])
141328
141329 #define SNMP_INC_STATS_ATOMIC_LONG(mib, field) \
141330 - atomic_long_inc(&mib->mibs[field])
141331 + atomic_long_inc_unchecked(&mib->mibs[field])
141332
141333 #define SNMP_INC_STATS(mib, field) \
141334 this_cpu_inc(mib->mibs[field])
141335 diff --git a/include/net/sock.h b/include/net/sock.h
141336 index 8741988..ed2e15c 100644
141337 --- a/include/net/sock.h
141338 +++ b/include/net/sock.h
141339 @@ -188,7 +188,7 @@ struct sock_common {
141340 struct in6_addr skc_v6_rcv_saddr;
141341 #endif
141342
141343 - atomic64_t skc_cookie;
141344 + atomic64_unchecked_t skc_cookie;
141345
141346 /* following fields are padding to force
141347 * offset(struct sock, sk_refcnt) == 128 on 64bit arches
141348 @@ -364,7 +364,7 @@ struct sock {
141349 unsigned int sk_napi_id;
141350 unsigned int sk_ll_usec;
141351 #endif
141352 - atomic_t sk_drops;
141353 + atomic_unchecked_t sk_drops;
141354 int sk_rcvbuf;
141355
141356 struct sk_filter __rcu *sk_filter;
141357 @@ -1069,7 +1069,7 @@ struct proto {
141358 atomic_t socks;
141359 #endif
141360 int (*diag_destroy)(struct sock *sk, int err);
141361 -};
141362 +} __randomize_layout;
141363
141364 int proto_register(struct proto *prot, int alloc_slab);
141365 void proto_unregister(struct proto *prot);
141366 @@ -1156,7 +1156,7 @@ static inline long sk_prot_mem_limits(const struct sock *sk, int index)
141367 return sk->sk_prot->sysctl_mem[index];
141368 }
141369
141370 -static inline long
141371 +static inline long __intentional_overflow(-1)
141372 sk_memory_allocated(const struct sock *sk)
141373 {
141374 return atomic_long_read(sk->sk_prot->memory_allocated);
141375 @@ -1769,7 +1769,7 @@ static inline bool sk_check_csum_caps(struct sock *sk)
141376 }
141377
141378 static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb,
141379 - struct iov_iter *from, char *to,
141380 + struct iov_iter *from, unsigned char *to,
141381 int copy, int offset)
141382 {
141383 if (skb->ip_summed == CHECKSUM_NONE) {
141384 @@ -2023,7 +2023,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
141385 }
141386 }
141387
141388 -struct sk_buff *sk_stream_alloc_skb(struct sock *sk, int size, gfp_t gfp,
141389 +struct sk_buff * __intentional_overflow(0) sk_stream_alloc_skb(struct sock *sk, int size, gfp_t gfp,
141390 bool force_schedule);
141391
141392 /**
141393 @@ -2099,14 +2099,14 @@ struct sock_skb_cb {
141394 static inline void
141395 sock_skb_set_dropcount(const struct sock *sk, struct sk_buff *skb)
141396 {
141397 - SOCK_SKB_CB(skb)->dropcount = atomic_read(&sk->sk_drops);
141398 + SOCK_SKB_CB(skb)->dropcount = atomic_read_unchecked(&sk->sk_drops);
141399 }
141400
141401 static inline void sk_drops_add(struct sock *sk, const struct sk_buff *skb)
141402 {
141403 int segs = max_t(u16, 1, skb_shinfo(skb)->gso_segs);
141404
141405 - atomic_add(segs, &sk->sk_drops);
141406 + atomic_add_unchecked(segs, &sk->sk_drops);
141407 }
141408
141409 void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk,
141410 diff --git a/include/net/tcp.h b/include/net/tcp.h
141411 index 7717302..a633d63 100644
141412 --- a/include/net/tcp.h
141413 +++ b/include/net/tcp.h
141414 @@ -543,7 +543,7 @@ void tcp_retransmit_timer(struct sock *sk);
141415 void tcp_xmit_retransmit_queue(struct sock *);
141416 void tcp_simple_retransmit(struct sock *);
141417 int tcp_trim_head(struct sock *, struct sk_buff *, u32);
141418 -int tcp_fragment(struct sock *, struct sk_buff *, u32, unsigned int, gfp_t);
141419 +int tcp_fragment(struct sock *, struct sk_buff *, u32, unsigned int, gfp_t) __intentional_overflow(3);
141420
141421 void tcp_send_probe0(struct sock *);
141422 void tcp_send_partial(struct sock *);
141423 @@ -732,8 +732,8 @@ static inline u32 tcp_skb_timestamp(const struct sk_buff *skb)
141424 * If this grows please adjust skbuff.h:skbuff->cb[xxx] size appropriately.
141425 */
141426 struct tcp_skb_cb {
141427 - __u32 seq; /* Starting sequence number */
141428 - __u32 end_seq; /* SEQ + FIN + SYN + datalen */
141429 + __u32 seq __intentional_overflow(-1); /* Starting sequence number */
141430 + __u32 end_seq __intentional_overflow(-1); /* SEQ + FIN + SYN + datalen */
141431 union {
141432 /* Note : tcp_tw_isn is used in input path only
141433 * (isn chosen by tcp_timewait_state_process())
141434 @@ -763,7 +763,7 @@ struct tcp_skb_cb {
141435 __u8 txstamp_ack:1, /* Record TX timestamp for ack? */
141436 eor:1, /* Is skb MSG_EOR marked? */
141437 unused:6;
141438 - __u32 ack_seq; /* Sequence number ACK'd */
141439 + __u32 ack_seq __intentional_overflow(-1); /* Sequence number ACK'd */
141440 union {
141441 struct {
141442 /* There is space for up to 20 bytes */
141443 @@ -1872,7 +1872,7 @@ static inline void tcp_segs_in(struct tcp_sock *tp, const struct sk_buff *skb)
141444 */
141445 static inline void tcp_listendrop(const struct sock *sk)
141446 {
141447 - atomic_inc(&((struct sock *)sk)->sk_drops);
141448 + atomic_inc_unchecked(&((struct sock *)sk)->sk_drops);
141449 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENDROPS);
141450 }
141451
141452 diff --git a/include/net/xfrm.h b/include/net/xfrm.h
141453 index 1793431..2feaff28 100644
141454 --- a/include/net/xfrm.h
141455 +++ b/include/net/xfrm.h
141456 @@ -280,7 +280,6 @@ struct xfrm_dst;
141457 struct xfrm_policy_afinfo {
141458 unsigned short family;
141459 struct dst_ops *dst_ops;
141460 - void (*garbage_collect)(struct net *net);
141461 struct dst_entry *(*dst_lookup)(struct net *net,
141462 int tos, int oif,
141463 const xfrm_address_t *saddr,
141464 @@ -299,7 +298,7 @@ struct xfrm_policy_afinfo {
141465 struct net_device *dev,
141466 const struct flowi *fl);
141467 struct dst_entry *(*blackhole_route)(struct net *net, struct dst_entry *orig);
141468 -};
141469 +} __do_const;
141470
141471 int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo);
141472 int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo);
141473 @@ -338,7 +337,7 @@ struct xfrm_state_afinfo {
141474 int (*transport_finish)(struct sk_buff *skb,
141475 int async);
141476 void (*local_error)(struct sk_buff *skb, u32 mtu);
141477 -};
141478 +} __do_const;
141479
141480 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo);
141481 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo);
141482 @@ -433,7 +432,7 @@ struct xfrm_mode {
141483 struct module *owner;
141484 unsigned int encap;
141485 int flags;
141486 -};
141487 +} __do_const;
141488
141489 /* Flags for xfrm_mode. */
141490 enum {
141491 @@ -528,7 +527,7 @@ struct xfrm_policy {
141492 struct timer_list timer;
141493
141494 struct flow_cache_object flo;
141495 - atomic_t genid;
141496 + atomic_unchecked_t genid;
141497 u32 priority;
141498 u32 index;
141499 struct xfrm_mark mark;
141500 @@ -599,7 +598,7 @@ struct xfrm_mgr {
141501 int num_bundles,
141502 const struct xfrm_kmaddress *k);
141503 bool (*is_alive)(const struct km_event *c);
141504 -};
141505 +} __do_const;
141506
141507 int xfrm_register_km(struct xfrm_mgr *km);
141508 int xfrm_unregister_km(struct xfrm_mgr *km);
141509 @@ -1168,6 +1167,7 @@ static inline void xfrm_sk_free_policy(struct sock *sk)
141510 }
141511
141512 void xfrm_garbage_collect(struct net *net);
141513 +void xfrm_garbage_collect_deferred(struct net *net);
141514
141515 #else
141516
141517 @@ -1206,6 +1206,9 @@ static inline int xfrm6_policy_check_reverse(struct sock *sk, int dir,
141518 static inline void xfrm_garbage_collect(struct net *net)
141519 {
141520 }
141521 +static inline void xfrm_garbage_collect_deferred(struct net *net)
141522 +{
141523 +}
141524 #endif
141525
141526 static __inline__
141527 diff --git a/include/rdma/ib_cm.h b/include/rdma/ib_cm.h
141528 index 92a7d85..1779570 100644
141529 --- a/include/rdma/ib_cm.h
141530 +++ b/include/rdma/ib_cm.h
141531 @@ -486,8 +486,8 @@ int ib_cm_notify(struct ib_cm_id *cm_id, enum ib_event_type event);
141532 * @private_data_len: Size of the private data buffer, in bytes.
141533 */
141534 int ib_send_cm_rej(struct ib_cm_id *cm_id,
141535 - enum ib_cm_rej_reason reason,
141536 - void *ari,
141537 + int reason,
141538 + const void *ari,
141539 u8 ari_length,
141540 const void *private_data,
141541 u8 private_data_len);
141542 @@ -558,8 +558,8 @@ int ib_cm_init_qp_attr(struct ib_cm_id *cm_id,
141543 * @private_data_len: Size of the private data buffer, in bytes.
141544 */
141545 int ib_send_cm_apr(struct ib_cm_id *cm_id,
141546 - enum ib_cm_apr_status status,
141547 - void *info,
141548 + int status,
141549 + const void *info,
141550 u8 info_length,
141551 const void *private_data,
141552 u8 private_data_len);
141553 diff --git a/include/rdma/ib_verbs.h b/include/rdma/ib_verbs.h
141554 index e1f9673..138c39f 100644
141555 --- a/include/rdma/ib_verbs.h
141556 +++ b/include/rdma/ib_verbs.h
141557 @@ -1190,7 +1190,7 @@ struct ib_sge {
141558
141559 struct ib_cqe {
141560 void (*done)(struct ib_cq *cq, struct ib_wc *wc);
141561 -};
141562 +} __no_const;
141563
141564 struct ib_send_wr {
141565 struct ib_send_wr *next;
141566 diff --git a/include/scsi/libfc.h b/include/scsi/libfc.h
141567 index 7428a53..9d6aaef 100644
141568 --- a/include/scsi/libfc.h
141569 +++ b/include/scsi/libfc.h
141570 @@ -771,6 +771,7 @@ struct libfc_function_template {
141571 */
141572 void (*disc_stop_final) (struct fc_lport *);
141573 };
141574 +typedef struct libfc_function_template __no_const libfc_function_template_no_const;
141575
141576 /**
141577 * struct fc_disc - Discovery context
141578 @@ -875,7 +876,7 @@ struct fc_lport {
141579 struct fc_vport *vport;
141580
141581 /* Operational Information */
141582 - struct libfc_function_template tt;
141583 + libfc_function_template_no_const tt;
141584 u8 link_up;
141585 u8 qfull;
141586 u16 vlan;
141587 diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h
141588 index 8a95631..bd0f3e5 100644
141589 --- a/include/scsi/scsi_device.h
141590 +++ b/include/scsi/scsi_device.h
141591 @@ -193,9 +193,9 @@ struct scsi_device {
141592 unsigned int max_device_blocked; /* what device_blocked counts down from */
141593 #define SCSI_DEFAULT_DEVICE_BLOCKED 3
141594
141595 - atomic_t iorequest_cnt;
141596 - atomic_t iodone_cnt;
141597 - atomic_t ioerr_cnt;
141598 + atomic_unchecked_t iorequest_cnt;
141599 + atomic_unchecked_t iodone_cnt;
141600 + atomic_unchecked_t ioerr_cnt;
141601
141602 struct device sdev_gendev,
141603 sdev_dev;
141604 diff --git a/include/scsi/scsi_driver.h b/include/scsi/scsi_driver.h
141605 index 891a658..fcd68df 100644
141606 --- a/include/scsi/scsi_driver.h
141607 +++ b/include/scsi/scsi_driver.h
141608 @@ -14,7 +14,7 @@ struct scsi_driver {
141609 void (*rescan)(struct device *);
141610 int (*init_command)(struct scsi_cmnd *);
141611 void (*uninit_command)(struct scsi_cmnd *);
141612 - int (*done)(struct scsi_cmnd *);
141613 + unsigned int (*done)(struct scsi_cmnd *);
141614 int (*eh_action)(struct scsi_cmnd *, int);
141615 };
141616 #define to_scsi_driver(drv) \
141617 diff --git a/include/scsi/scsi_transport_fc.h b/include/scsi/scsi_transport_fc.h
141618 index bf66ea6..1c719d83 100644
141619 --- a/include/scsi/scsi_transport_fc.h
141620 +++ b/include/scsi/scsi_transport_fc.h
141621 @@ -758,7 +758,8 @@ struct fc_function_template {
141622 unsigned long show_host_system_hostname:1;
141623
141624 unsigned long disable_target_scan:1;
141625 -};
141626 +} __do_const;
141627 +typedef struct fc_function_template __no_const fc_function_template_no_const;
141628
141629
141630 /**
141631 diff --git a/include/scsi/sg.h b/include/scsi/sg.h
141632 index 3afec70..b196b43 100644
141633 --- a/include/scsi/sg.h
141634 +++ b/include/scsi/sg.h
141635 @@ -52,7 +52,7 @@ typedef struct sg_io_hdr
141636 or scatter gather list */
141637 unsigned char __user *cmdp; /* [i], [*i] points to command to perform */
141638 void __user *sbp; /* [i], [*o] points to sense_buffer memory */
141639 - unsigned int timeout; /* [i] MAX_UINT->no timeout (unit: millisec) */
141640 + unsigned int timeout __intentional_overflow(-1); /* [i] MAX_UINT->no timeout (unit: millisec) */
141641 unsigned int flags; /* [i] 0 -> default, see SG_FLAG... */
141642 int pack_id; /* [i->o] unused internally (normally) */
141643 void __user * usr_ptr; /* [i->o] unused internally */
141644 diff --git a/include/sound/compress_driver.h b/include/sound/compress_driver.h
141645 index cee8c00..0ee1834 100644
141646 --- a/include/sound/compress_driver.h
141647 +++ b/include/sound/compress_driver.h
141648 @@ -132,7 +132,7 @@ struct snd_compr_ops {
141649 struct snd_compr_caps *caps);
141650 int (*get_codec_caps) (struct snd_compr_stream *stream,
141651 struct snd_compr_codec_caps *codec);
141652 -};
141653 +} __no_const;
141654
141655 /**
141656 * struct snd_compr: Compressed device
141657 diff --git a/include/sound/control.h b/include/sound/control.h
141658 index 21d047f..9573462 100644
141659 --- a/include/sound/control.h
141660 +++ b/include/sound/control.h
141661 @@ -214,8 +214,10 @@ int _snd_ctl_add_slave(struct snd_kcontrol *master, struct snd_kcontrol *slave,
141662 * Return: Zero if successful or a negative error code.
141663 */
141664 static inline int
141665 -snd_ctl_add_slave(struct snd_kcontrol *master, struct snd_kcontrol *slave)
141666 +snd_ctl_add_slave(void *_master, struct snd_kcontrol *slave)
141667 {
141668 + struct snd_kcontrol *master = _master;
141669 +
141670 return _snd_ctl_add_slave(master, slave, 0);
141671 }
141672
141673 diff --git a/include/sound/pcm.h b/include/sound/pcm.h
141674 index af1fb37..0432863 100644
141675 --- a/include/sound/pcm.h
141676 +++ b/include/sound/pcm.h
141677 @@ -1075,7 +1075,7 @@ int snd_pcm_update_state(struct snd_pcm_substream *substream,
141678 struct snd_pcm_runtime *runtime);
141679 int snd_pcm_update_hw_ptr(struct snd_pcm_substream *substream);
141680 void snd_pcm_playback_silence(struct snd_pcm_substream *substream, snd_pcm_uframes_t new_hw_ptr);
141681 -void snd_pcm_period_elapsed(struct snd_pcm_substream *substream);
141682 +void snd_pcm_period_elapsed(void *_substream);
141683 snd_pcm_sframes_t snd_pcm_lib_write(struct snd_pcm_substream *substream,
141684 const void __user *buf,
141685 snd_pcm_uframes_t frames);
141686 diff --git a/include/sound/rawmidi.h b/include/sound/rawmidi.h
141687 index f730b91..0079544 100644
141688 --- a/include/sound/rawmidi.h
141689 +++ b/include/sound/rawmidi.h
141690 @@ -159,8 +159,7 @@ void snd_rawmidi_set_ops(struct snd_rawmidi *rmidi, int stream,
141691
141692 /* callbacks */
141693
141694 -int snd_rawmidi_receive(struct snd_rawmidi_substream *substream,
141695 - const unsigned char *buffer, int count);
141696 +int snd_rawmidi_receive(void *_substream, const void *_buffer, int count);
141697 int snd_rawmidi_transmit_empty(struct snd_rawmidi_substream *substream);
141698 int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream,
141699 unsigned char *buffer, int count);
141700 diff --git a/include/sound/seq_kernel.h b/include/sound/seq_kernel.h
141701 index feb58d4..9ce81c1 100644
141702 --- a/include/sound/seq_kernel.h
141703 +++ b/include/sound/seq_kernel.h
141704 @@ -80,7 +80,7 @@ int snd_seq_kernel_client_ctl(int client, unsigned int cmd, void *arg);
141705 #define SNDRV_SEQ_EXT_USRPTR 0x80000000
141706 #define SNDRV_SEQ_EXT_CHAINED 0x40000000
141707
141708 -typedef int (*snd_seq_dump_func_t)(void *ptr, void *buf, int count);
141709 +typedef int (*snd_seq_dump_func_t)(void *ptr, const void *buf, int count);
141710 int snd_seq_expand_var_event(const struct snd_seq_event *event, int count, char *buf,
141711 int in_kernel, int size_aligned);
141712 int snd_seq_dump_var_event(const struct snd_seq_event *event,
141713 diff --git a/include/sound/soc.h b/include/sound/soc.h
141714 index 6144882..abe63c1 100644
141715 --- a/include/sound/soc.h
141716 +++ b/include/sound/soc.h
141717 @@ -931,7 +931,7 @@ struct snd_soc_codec_driver {
141718 enum snd_soc_dapm_type, int);
141719
141720 bool ignore_pmdown_time; /* Doesn't benefit from pmdown delay */
141721 -};
141722 +} __do_const;
141723
141724 /* SoC platform interface */
141725 struct snd_soc_platform_driver {
141726 @@ -958,7 +958,7 @@ struct snd_soc_platform_driver {
141727 const struct snd_compr_ops *compr_ops;
141728
141729 int (*bespoke_trigger)(struct snd_pcm_substream *, int);
141730 -};
141731 +} __do_const;
141732
141733 struct snd_soc_dai_link_component {
141734 const char *name;
141735 diff --git a/include/trace/events/fs.h b/include/trace/events/fs.h
141736 new file mode 100644
141737 index 0000000..fb634b7
141738 --- /dev/null
141739 +++ b/include/trace/events/fs.h
141740 @@ -0,0 +1,53 @@
141741 +#undef TRACE_SYSTEM
141742 +#define TRACE_SYSTEM fs
141743 +
141744 +#if !defined(_TRACE_FS_H) || defined(TRACE_HEADER_MULTI_READ)
141745 +#define _TRACE_FS_H
141746 +
141747 +#include <linux/fs.h>
141748 +#include <linux/tracepoint.h>
141749 +
141750 +TRACE_EVENT(do_sys_open,
141751 +
141752 + TP_PROTO(const char *filename, int flags, int mode),
141753 +
141754 + TP_ARGS(filename, flags, mode),
141755 +
141756 + TP_STRUCT__entry(
141757 + __string( filename, filename )
141758 + __field( int, flags )
141759 + __field( int, mode )
141760 + ),
141761 +
141762 + TP_fast_assign(
141763 + __assign_str(filename, filename);
141764 + __entry->flags = flags;
141765 + __entry->mode = mode;
141766 + ),
141767 +
141768 + TP_printk("\"%s\" %x %o",
141769 + __get_str(filename), __entry->flags, __entry->mode)
141770 +);
141771 +
141772 +TRACE_EVENT(open_exec,
141773 +
141774 + TP_PROTO(const char *filename),
141775 +
141776 + TP_ARGS(filename),
141777 +
141778 + TP_STRUCT__entry(
141779 + __string( filename, filename )
141780 + ),
141781 +
141782 + TP_fast_assign(
141783 + __assign_str(filename, filename);
141784 + ),
141785 +
141786 + TP_printk("\"%s\"",
141787 + __get_str(filename))
141788 +);
141789 +
141790 +#endif /* _TRACE_FS_H */
141791 +
141792 +/* This part must be outside protection */
141793 +#include <trace/define_trace.h>
141794 diff --git a/include/trace/events/irq.h b/include/trace/events/irq.h
141795 index f95f25e..87ed448 100644
141796 --- a/include/trace/events/irq.h
141797 +++ b/include/trace/events/irq.h
141798 @@ -51,7 +51,7 @@ SOFTIRQ_NAME_LIST
141799 */
141800 TRACE_EVENT(irq_handler_entry,
141801
141802 - TP_PROTO(int irq, struct irqaction *action),
141803 + TP_PROTO(int irq, const struct irqaction *action),
141804
141805 TP_ARGS(irq, action),
141806
141807 @@ -81,7 +81,7 @@ TRACE_EVENT(irq_handler_entry,
141808 */
141809 TRACE_EVENT(irq_handler_exit,
141810
141811 - TP_PROTO(int irq, struct irqaction *action, int ret),
141812 + TP_PROTO(int irq, const struct irqaction *action, int ret),
141813
141814 TP_ARGS(irq, action, ret),
141815
141816 diff --git a/include/trace/events/mmflags.h b/include/trace/events/mmflags.h
141817 index 5a81ab4..7b68dc7 100644
141818 --- a/include/trace/events/mmflags.h
141819 +++ b/include/trace/events/mmflags.h
141820 @@ -135,6 +135,12 @@ IF_HAVE_PG_IDLE(PG_idle, "idle" )
141821 #define IF_HAVE_VM_SOFTDIRTY(flag,name)
141822 #endif
141823
141824 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
141825 +#define IF_HAVE_VM_PAGEEXEC(flag,name) {flag, name },
141826 +#else
141827 +#define IF_HAVE_VM_PAGEEXEC(flag,name)
141828 +#endif
141829 +
141830 #define __def_vmaflag_names \
141831 {VM_READ, "read" }, \
141832 {VM_WRITE, "write" }, \
141833 @@ -159,6 +165,7 @@ IF_HAVE_PG_IDLE(PG_idle, "idle" )
141834 {VM_ACCOUNT, "account" }, \
141835 {VM_NORESERVE, "noreserve" }, \
141836 {VM_HUGETLB, "hugetlb" }, \
141837 +IF_HAVE_VM_PAGEEXEC(VM_PAGEEXEC, "pageexec" ) \
141838 __VM_ARCH_SPECIFIC_1 , \
141839 __VM_ARCH_SPECIFIC_2 , \
141840 {VM_DONTDUMP, "dontdump" }, \
141841 diff --git a/include/uapi/linux/a.out.h b/include/uapi/linux/a.out.h
141842 index 7caf44c..23c6f27 100644
141843 --- a/include/uapi/linux/a.out.h
141844 +++ b/include/uapi/linux/a.out.h
141845 @@ -39,6 +39,14 @@ enum machine_type {
141846 M_MIPS2 = 152 /* MIPS R6000/R4000 binary */
141847 };
141848
141849 +/* Constants for the N_FLAGS field */
141850 +#define F_PAX_PAGEEXEC 1 /* Paging based non-executable pages */
141851 +#define F_PAX_EMUTRAMP 2 /* Emulate trampolines */
141852 +#define F_PAX_MPROTECT 4 /* Restrict mprotect() */
141853 +#define F_PAX_RANDMMAP 8 /* Randomize mmap() base */
141854 +/*#define F_PAX_RANDEXEC 16*/ /* Randomize ET_EXEC base */
141855 +#define F_PAX_SEGMEXEC 32 /* Segmentation based non-executable pages */
141856 +
141857 #if !defined (N_MAGIC)
141858 #define N_MAGIC(exec) ((exec).a_info & 0xffff)
141859 #endif
141860 diff --git a/include/uapi/linux/bcache.h b/include/uapi/linux/bcache.h
141861 index 22b6ad3..aeba37e 100644
141862 --- a/include/uapi/linux/bcache.h
141863 +++ b/include/uapi/linux/bcache.h
141864 @@ -5,6 +5,7 @@
141865 * Bcache on disk data structures
141866 */
141867
141868 +#include <linux/compiler.h>
141869 #include <asm/types.h>
141870
141871 #define BITMASK(name, type, field, offset, size) \
141872 @@ -20,8 +21,8 @@ static inline void SET_##name(type *k, __u64 v) \
141873 /* Btree keys - all units are in sectors */
141874
141875 struct bkey {
141876 - __u64 high;
141877 - __u64 low;
141878 + __u64 high __intentional_overflow(-1);
141879 + __u64 low __intentional_overflow(-1);
141880 __u64 ptr[];
141881 };
141882
141883 diff --git a/include/uapi/linux/byteorder/little_endian.h b/include/uapi/linux/byteorder/little_endian.h
141884 index 4b93f2b..ffa1302 100644
141885 --- a/include/uapi/linux/byteorder/little_endian.h
141886 +++ b/include/uapi/linux/byteorder/little_endian.h
141887 @@ -42,51 +42,51 @@
141888
141889 static __always_inline __le64 __cpu_to_le64p(const __u64 *p)
141890 {
141891 - return (__force __le64)*p;
141892 + return (__force const __le64)*p;
141893 }
141894 -static __always_inline __u64 __le64_to_cpup(const __le64 *p)
141895 +static __always_inline __u64 __intentional_overflow(-1) __le64_to_cpup(const __le64 *p)
141896 {
141897 - return (__force __u64)*p;
141898 + return (__force const __u64)*p;
141899 }
141900 static __always_inline __le32 __cpu_to_le32p(const __u32 *p)
141901 {
141902 - return (__force __le32)*p;
141903 + return (__force const __le32)*p;
141904 }
141905 static __always_inline __u32 __le32_to_cpup(const __le32 *p)
141906 {
141907 - return (__force __u32)*p;
141908 + return (__force const __u32)*p;
141909 }
141910 static __always_inline __le16 __cpu_to_le16p(const __u16 *p)
141911 {
141912 - return (__force __le16)*p;
141913 + return (__force const __le16)*p;
141914 }
141915 static __always_inline __u16 __le16_to_cpup(const __le16 *p)
141916 {
141917 - return (__force __u16)*p;
141918 + return (__force const __u16)*p;
141919 }
141920 static __always_inline __be64 __cpu_to_be64p(const __u64 *p)
141921 {
141922 - return (__force __be64)__swab64p(p);
141923 + return (__force const __be64)__swab64p(p);
141924 }
141925 static __always_inline __u64 __be64_to_cpup(const __be64 *p)
141926 {
141927 - return __swab64p((__u64 *)p);
141928 + return __swab64p((const __u64 *)p);
141929 }
141930 static __always_inline __be32 __cpu_to_be32p(const __u32 *p)
141931 {
141932 - return (__force __be32)__swab32p(p);
141933 + return (__force const __be32)__swab32p(p);
141934 }
141935 -static __always_inline __u32 __be32_to_cpup(const __be32 *p)
141936 +static __always_inline __u32 __intentional_overflow(-1) __be32_to_cpup(const __be32 *p)
141937 {
141938 - return __swab32p((__u32 *)p);
141939 + return __swab32p((const __u32 *)p);
141940 }
141941 static __always_inline __be16 __cpu_to_be16p(const __u16 *p)
141942 {
141943 - return (__force __be16)__swab16p(p);
141944 + return (__force const __be16)__swab16p(p);
141945 }
141946 static __always_inline __u16 __be16_to_cpup(const __be16 *p)
141947 {
141948 - return __swab16p((__u16 *)p);
141949 + return __swab16p((const __u16 *)p);
141950 }
141951 #define __cpu_to_le64s(x) do { (void)(x); } while (0)
141952 #define __le64_to_cpus(x) do { (void)(x); } while (0)
141953 diff --git a/include/uapi/linux/connector.h b/include/uapi/linux/connector.h
141954 index 4cb2835..cfbc4e2 100644
141955 --- a/include/uapi/linux/connector.h
141956 +++ b/include/uapi/linux/connector.h
141957 @@ -69,7 +69,7 @@ struct cb_id {
141958 struct cn_msg {
141959 struct cb_id id;
141960
141961 - __u32 seq;
141962 + __u32 seq __intentional_overflow(-1);
141963 __u32 ack;
141964
141965 __u16 len; /* Length of the following data */
141966 diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h
141967 index b59ee07..acfaf4ca 100644
141968 --- a/include/uapi/linux/elf.h
141969 +++ b/include/uapi/linux/elf.h
141970 @@ -37,6 +37,17 @@ typedef __s64 Elf64_Sxword;
141971 #define PT_GNU_EH_FRAME 0x6474e550
141972
141973 #define PT_GNU_STACK (PT_LOOS + 0x474e551)
141974 +#define PT_GNU_RELRO (PT_LOOS + 0x474e552)
141975 +
141976 +#define PT_PAX_FLAGS (PT_LOOS + 0x5041580)
141977 +
141978 +/* Constants for the e_flags field */
141979 +#define EF_PAX_PAGEEXEC 1 /* Paging based non-executable pages */
141980 +#define EF_PAX_EMUTRAMP 2 /* Emulate trampolines */
141981 +#define EF_PAX_MPROTECT 4 /* Restrict mprotect() */
141982 +#define EF_PAX_RANDMMAP 8 /* Randomize mmap() base */
141983 +/*#define EF_PAX_RANDEXEC 16*/ /* Randomize ET_EXEC base */
141984 +#define EF_PAX_SEGMEXEC 32 /* Segmentation based non-executable pages */
141985
141986 /*
141987 * Extended Numbering
141988 @@ -94,6 +105,8 @@ typedef __s64 Elf64_Sxword;
141989 #define DT_DEBUG 21
141990 #define DT_TEXTREL 22
141991 #define DT_JMPREL 23
141992 +#define DT_FLAGS 30
141993 + #define DF_TEXTREL 0x00000004
141994 #define DT_ENCODING 32
141995 #define OLD_DT_LOOS 0x60000000
141996 #define DT_LOOS 0x6000000d
141997 @@ -240,6 +253,19 @@ typedef struct elf64_hdr {
141998 #define PF_W 0x2
141999 #define PF_X 0x1
142000
142001 +#define PF_PAGEEXEC (1U << 4) /* Enable PAGEEXEC */
142002 +#define PF_NOPAGEEXEC (1U << 5) /* Disable PAGEEXEC */
142003 +#define PF_SEGMEXEC (1U << 6) /* Enable SEGMEXEC */
142004 +#define PF_NOSEGMEXEC (1U << 7) /* Disable SEGMEXEC */
142005 +#define PF_MPROTECT (1U << 8) /* Enable MPROTECT */
142006 +#define PF_NOMPROTECT (1U << 9) /* Disable MPROTECT */
142007 +/*#define PF_RANDEXEC (1U << 10)*/ /* Enable RANDEXEC */
142008 +/*#define PF_NORANDEXEC (1U << 11)*/ /* Disable RANDEXEC */
142009 +#define PF_EMUTRAMP (1U << 12) /* Enable EMUTRAMP */
142010 +#define PF_NOEMUTRAMP (1U << 13) /* Disable EMUTRAMP */
142011 +#define PF_RANDMMAP (1U << 14) /* Enable RANDMMAP */
142012 +#define PF_NORANDMMAP (1U << 15) /* Disable RANDMMAP */
142013 +
142014 typedef struct elf32_phdr{
142015 Elf32_Word p_type;
142016 Elf32_Off p_offset;
142017 @@ -335,6 +361,8 @@ typedef struct elf64_shdr {
142018 #define EI_OSABI 7
142019 #define EI_PAD 8
142020
142021 +#define EI_PAX 14
142022 +
142023 #define ELFMAG0 0x7f /* EI_MAG */
142024 #define ELFMAG1 'E'
142025 #define ELFMAG2 'L'
142026 diff --git a/include/uapi/linux/personality.h b/include/uapi/linux/personality.h
142027 index aa169c4..6a2771d 100644
142028 --- a/include/uapi/linux/personality.h
142029 +++ b/include/uapi/linux/personality.h
142030 @@ -30,6 +30,7 @@ enum {
142031 #define PER_CLEAR_ON_SETID (READ_IMPLIES_EXEC | \
142032 ADDR_NO_RANDOMIZE | \
142033 ADDR_COMPAT_LAYOUT | \
142034 + ADDR_LIMIT_3GB | \
142035 MMAP_PAGE_ZERO)
142036
142037 /*
142038 diff --git a/include/uapi/linux/screen_info.h b/include/uapi/linux/screen_info.h
142039 index 8b8d39d..1ca6c07 100644
142040 --- a/include/uapi/linux/screen_info.h
142041 +++ b/include/uapi/linux/screen_info.h
142042 @@ -44,7 +44,7 @@ struct screen_info {
142043 __u16 vesa_attributes; /* 0x34 */
142044 __u32 capabilities; /* 0x36 */
142045 __u32 ext_lfb_base; /* 0x3a */
142046 - __u8 _reserved[2]; /* 0x3e */
142047 + __u16 vesapm_size; /* 0x3e */
142048 } __attribute__((packed));
142049
142050 #define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */
142051 diff --git a/include/uapi/linux/swab.h b/include/uapi/linux/swab.h
142052 index 8f3a8f6..736a542 100644
142053 --- a/include/uapi/linux/swab.h
142054 +++ b/include/uapi/linux/swab.h
142055 @@ -43,7 +43,7 @@
142056 * ___swab16, ___swab32, ___swab64, ___swahw32, ___swahb32
142057 */
142058
142059 -static inline __attribute_const__ __u16 __fswab16(__u16 val)
142060 +static inline __intentional_overflow(0) __attribute_const__ __u16 __fswab16(__u16 val)
142061 {
142062 #if defined (__arch_swab16)
142063 return __arch_swab16(val);
142064 @@ -52,7 +52,7 @@ static inline __attribute_const__ __u16 __fswab16(__u16 val)
142065 #endif
142066 }
142067
142068 -static inline __attribute_const__ __u32 __fswab32(__u32 val)
142069 +static inline __intentional_overflow(0) __attribute_const__ __u32 __fswab32(__u32 val)
142070 {
142071 #if defined(__arch_swab32)
142072 return __arch_swab32(val);
142073 @@ -61,7 +61,7 @@ static inline __attribute_const__ __u32 __fswab32(__u32 val)
142074 #endif
142075 }
142076
142077 -static inline __attribute_const__ __u64 __fswab64(__u64 val)
142078 +static inline __intentional_overflow(0) __attribute_const__ __u64 __fswab64(__u64 val)
142079 {
142080 #if defined (__arch_swab64)
142081 return __arch_swab64(val);
142082 diff --git a/include/uapi/linux/xattr.h b/include/uapi/linux/xattr.h
142083 index 1590c49..6977e11 100644
142084 --- a/include/uapi/linux/xattr.h
142085 +++ b/include/uapi/linux/xattr.h
142086 @@ -73,5 +73,10 @@
142087 #define XATTR_POSIX_ACL_DEFAULT "posix_acl_default"
142088 #define XATTR_NAME_POSIX_ACL_DEFAULT XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_DEFAULT
142089
142090 +/* User namespace */
142091 +#define XATTR_PAX_PREFIX "pax."
142092 +#define XATTR_PAX_FLAGS_SUFFIX "flags"
142093 +#define XATTR_NAME_USER_PAX_FLAGS XATTR_USER_PREFIX XATTR_PAX_PREFIX XATTR_PAX_FLAGS_SUFFIX
142094 +#define XATTR_NAME_PAX_FLAGS XATTR_PAX_PREFIX XATTR_PAX_FLAGS_SUFFIX
142095
142096 #endif /* _UAPI_LINUX_XATTR_H */
142097 diff --git a/include/video/udlfb.h b/include/video/udlfb.h
142098 index f9466fa..f4e2b81 100644
142099 --- a/include/video/udlfb.h
142100 +++ b/include/video/udlfb.h
142101 @@ -53,10 +53,10 @@ struct dlfb_data {
142102 u32 pseudo_palette[256];
142103 int blank_mode; /*one of FB_BLANK_ */
142104 /* blit-only rendering path metrics, exposed through sysfs */
142105 - atomic_t bytes_rendered; /* raw pixel-bytes driver asked to render */
142106 - atomic_t bytes_identical; /* saved effort with backbuffer comparison */
142107 - atomic_t bytes_sent; /* to usb, after compression including overhead */
142108 - atomic_t cpu_kcycles_used; /* transpired during pixel processing */
142109 + atomic_unchecked_t bytes_rendered; /* raw pixel-bytes driver asked to render */
142110 + atomic_unchecked_t bytes_identical; /* saved effort with backbuffer comparison */
142111 + atomic_unchecked_t bytes_sent; /* to usb, after compression including overhead */
142112 + atomic_unchecked_t cpu_kcycles_used; /* transpired during pixel processing */
142113 };
142114
142115 #define NR_USB_REQUEST_I2C_SUB_IO 0x02
142116 diff --git a/include/video/uvesafb.h b/include/video/uvesafb.h
142117 index 30f5362..8ed8ac9 100644
142118 --- a/include/video/uvesafb.h
142119 +++ b/include/video/uvesafb.h
142120 @@ -122,6 +122,7 @@ struct uvesafb_par {
142121 u8 ypan; /* 0 - nothing, 1 - ypan, 2 - ywrap */
142122 u8 pmi_setpal; /* PMI for palette changes */
142123 u16 *pmi_base; /* protected mode interface location */
142124 + u8 *pmi_code; /* protected mode code location */
142125 void *pmi_start;
142126 void *pmi_pal;
142127 u8 *vbe_state_orig; /*
142128 diff --git a/init/Kconfig b/init/Kconfig
142129 index cac3f09..fcf4fa4 100644
142130 --- a/init/Kconfig
142131 +++ b/init/Kconfig
142132 @@ -31,6 +31,9 @@ menu "General setup"
142133 config BROKEN
142134 bool
142135
142136 +config BROKEN_SECURITY
142137 + bool
142138 +
142139 config BROKEN_ON_SMP
142140 bool
142141 depends on BROKEN || !SMP
142142 @@ -288,7 +291,8 @@ config FHANDLE
142143
142144 config USELIB
142145 bool "uselib syscall"
142146 - def_bool ALPHA || M68K || SPARC || X86_32 || IA32_EMULATION
142147 + default n
142148 + depends on !GRKERNSEC
142149 help
142150 This option enables the uselib syscall, a system call used in the
142151 dynamic linker from libc5 and earlier. glibc does not use this
142152 @@ -632,6 +636,7 @@ config RCU_FAST_NO_HZ
142153 config TREE_RCU_TRACE
142154 def_bool RCU_TRACE && ( TREE_RCU || PREEMPT_RCU )
142155 select DEBUG_FS
142156 + depends on !GRKERNSEC_KMEM
142157 help
142158 This option provides tracing for the TREE_RCU and
142159 PREEMPT_RCU implementations, permitting Makefile to
142160 @@ -1158,6 +1163,7 @@ endif # CGROUPS
142161 config CHECKPOINT_RESTORE
142162 bool "Checkpoint/restore support" if EXPERT
142163 select PROC_CHILDREN
142164 + depends on !GRKERNSEC
142165 default n
142166 help
142167 Enables additional kernel features in a sake of checkpoint/restore.
142168 @@ -1630,7 +1636,7 @@ config ADVISE_SYSCALLS
142169 config USERFAULTFD
142170 bool "Enable userfaultfd() system call"
142171 select ANON_INODES
142172 - depends on MMU
142173 + depends on MMU && !GRKERNSEC
142174 help
142175 Enable the userfaultfd() system call that allows to intercept and
142176 handle page faults in userland.
142177 @@ -1743,7 +1749,7 @@ config SLUB_DEBUG
142178
142179 config COMPAT_BRK
142180 bool "Disable heap randomization"
142181 - default y
142182 + default n
142183 help
142184 Randomizing heap placement makes heap exploits harder, but it
142185 also breaks ancient binaries (including anything libc5 based).
142186 @@ -1761,7 +1767,6 @@ choice
142187
142188 config SLAB
142189 bool "SLAB"
142190 - select HAVE_HARDENED_USERCOPY_ALLOCATOR
142191 help
142192 The regular slab allocator that is established and known to work
142193 well in all environments. It organizes cache hot objects in
142194 @@ -1769,7 +1774,6 @@ config SLAB
142195
142196 config SLUB
142197 bool "SLUB (Unqueued Allocator)"
142198 - select HAVE_HARDENED_USERCOPY_ALLOCATOR
142199 help
142200 SLUB is a slab allocator that minimizes cache line usage
142201 instead of managing queues of cached objects (SLAB approach).
142202 diff --git a/init/do_mounts.c b/init/do_mounts.c
142203 index dea5de9..497f996 100644
142204 --- a/init/do_mounts.c
142205 +++ b/init/do_mounts.c
142206 @@ -363,11 +363,11 @@ static void __init get_fs_names(char *page)
142207 static int __init do_mount_root(char *name, char *fs, int flags, void *data)
142208 {
142209 struct super_block *s;
142210 - int err = sys_mount(name, "/root", fs, flags, data);
142211 + int err = sys_mount((char __force_user *)name, (char __force_user *)"/root", (char __force_user *)fs, flags, (void __force_user *)data);
142212 if (err)
142213 return err;
142214
142215 - sys_chdir("/root");
142216 + sys_chdir((const char __force_user *)"/root");
142217 s = current->fs->pwd.dentry->d_sb;
142218 ROOT_DEV = s->s_dev;
142219 printk(KERN_INFO
142220 @@ -490,18 +490,18 @@ void __init change_floppy(char *fmt, ...)
142221 va_start(args, fmt);
142222 vsprintf(buf, fmt, args);
142223 va_end(args);
142224 - fd = sys_open("/dev/root", O_RDWR | O_NDELAY, 0);
142225 + fd = sys_open((char __user *)"/dev/root", O_RDWR | O_NDELAY, 0);
142226 if (fd >= 0) {
142227 sys_ioctl(fd, FDEJECT, 0);
142228 sys_close(fd);
142229 }
142230 printk(KERN_NOTICE "VFS: Insert %s and press ENTER\n", buf);
142231 - fd = sys_open("/dev/console", O_RDWR, 0);
142232 + fd = sys_open((__force const char __user *)"/dev/console", O_RDWR, 0);
142233 if (fd >= 0) {
142234 sys_ioctl(fd, TCGETS, (long)&termios);
142235 termios.c_lflag &= ~ICANON;
142236 sys_ioctl(fd, TCSETSF, (long)&termios);
142237 - sys_read(fd, &c, 1);
142238 + sys_read(fd, (char __user *)&c, 1);
142239 termios.c_lflag |= ICANON;
142240 sys_ioctl(fd, TCSETSF, (long)&termios);
142241 sys_close(fd);
142242 @@ -600,8 +600,8 @@ void __init prepare_namespace(void)
142243 mount_root();
142244 out:
142245 devtmpfs_mount("dev");
142246 - sys_mount(".", "/", NULL, MS_MOVE, NULL);
142247 - sys_chroot(".");
142248 + sys_mount((char __force_user *)".", (char __force_user *)"/", NULL, MS_MOVE, NULL);
142249 + sys_chroot((const char __force_user *)".");
142250 }
142251
142252 static bool is_tmpfs;
142253 @@ -609,7 +609,7 @@ static struct dentry *rootfs_mount(struct file_system_type *fs_type,
142254 int flags, const char *dev_name, void *data)
142255 {
142256 static unsigned long once;
142257 - void *fill = ramfs_fill_super;
142258 + int (*fill)(struct super_block *, void *, int) = ramfs_fill_super;
142259
142260 if (test_and_set_bit(0, &once))
142261 return ERR_PTR(-ENODEV);
142262 diff --git a/init/do_mounts.h b/init/do_mounts.h
142263 index 067af1d..b535547 100644
142264 --- a/init/do_mounts.h
142265 +++ b/init/do_mounts.h
142266 @@ -15,15 +15,15 @@ extern int root_mountflags;
142267
142268 static inline int create_dev(char *name, dev_t dev)
142269 {
142270 - sys_unlink(name);
142271 - return sys_mknod(name, S_IFBLK|0600, new_encode_dev(dev));
142272 + sys_unlink((char __force_user *)name);
142273 + return sys_mknod((char __force_user *)name, S_IFBLK|0600, new_encode_dev(dev));
142274 }
142275
142276 #if BITS_PER_LONG == 32
142277 static inline u32 bstat(char *name)
142278 {
142279 struct stat64 stat;
142280 - if (sys_stat64(name, &stat) != 0)
142281 + if (sys_stat64((char __force_user *)name, (struct stat64 __force_user *)&stat) != 0)
142282 return 0;
142283 if (!S_ISBLK(stat.st_mode))
142284 return 0;
142285 @@ -35,7 +35,7 @@ static inline u32 bstat(char *name)
142286 static inline u32 bstat(char *name)
142287 {
142288 struct stat stat;
142289 - if (sys_newstat(name, &stat) != 0)
142290 + if (sys_newstat((const char __force_user *)name, (struct stat __force_user *)&stat) != 0)
142291 return 0;
142292 if (!S_ISBLK(stat.st_mode))
142293 return 0;
142294 diff --git a/init/do_mounts_initrd.c b/init/do_mounts_initrd.c
142295 index a1000ca..3137150 100644
142296 --- a/init/do_mounts_initrd.c
142297 +++ b/init/do_mounts_initrd.c
142298 @@ -37,13 +37,13 @@ static int init_linuxrc(struct subprocess_info *info, struct cred *new)
142299 {
142300 sys_unshare(CLONE_FS | CLONE_FILES);
142301 /* stdin/stdout/stderr for /linuxrc */
142302 - sys_open("/dev/console", O_RDWR, 0);
142303 + sys_open((const char __force_user *)"/dev/console", O_RDWR, 0);
142304 sys_dup(0);
142305 sys_dup(0);
142306 /* move initrd over / and chdir/chroot in initrd root */
142307 - sys_chdir("/root");
142308 - sys_mount(".", "/", NULL, MS_MOVE, NULL);
142309 - sys_chroot(".");
142310 + sys_chdir((const char __force_user *)"/root");
142311 + sys_mount((char __force_user *)".", (char __force_user *)"/", NULL, MS_MOVE, NULL);
142312 + sys_chroot((const char __force_user *)".");
142313 sys_setsid();
142314 return 0;
142315 }
142316 @@ -59,8 +59,8 @@ static void __init handle_initrd(void)
142317 create_dev("/dev/root.old", Root_RAM0);
142318 /* mount initrd on rootfs' /root */
142319 mount_block_root("/dev/root.old", root_mountflags & ~MS_RDONLY);
142320 - sys_mkdir("/old", 0700);
142321 - sys_chdir("/old");
142322 + sys_mkdir((const char __force_user *)"/old", 0700);
142323 + sys_chdir((const char __force_user *)"/old");
142324
142325 /* try loading default modules from initrd */
142326 load_default_modules();
142327 @@ -80,31 +80,31 @@ static void __init handle_initrd(void)
142328 current->flags &= ~PF_FREEZER_SKIP;
142329
142330 /* move initrd to rootfs' /old */
142331 - sys_mount("..", ".", NULL, MS_MOVE, NULL);
142332 + sys_mount((char __force_user *)"..", (char __force_user *)".", NULL, MS_MOVE, NULL);
142333 /* switch root and cwd back to / of rootfs */
142334 - sys_chroot("..");
142335 + sys_chroot((const char __force_user *)"..");
142336
142337 if (new_decode_dev(real_root_dev) == Root_RAM0) {
142338 - sys_chdir("/old");
142339 + sys_chdir((const char __force_user *)"/old");
142340 return;
142341 }
142342
142343 - sys_chdir("/");
142344 + sys_chdir((const char __force_user *)"/");
142345 ROOT_DEV = new_decode_dev(real_root_dev);
142346 mount_root();
142347
142348 printk(KERN_NOTICE "Trying to move old root to /initrd ... ");
142349 - error = sys_mount("/old", "/root/initrd", NULL, MS_MOVE, NULL);
142350 + error = sys_mount((char __force_user *)"/old", (char __force_user *)"/root/initrd", NULL, MS_MOVE, NULL);
142351 if (!error)
142352 printk("okay\n");
142353 else {
142354 - int fd = sys_open("/dev/root.old", O_RDWR, 0);
142355 + int fd = sys_open((const char __force_user *)"/dev/root.old", O_RDWR, 0);
142356 if (error == -ENOENT)
142357 printk("/initrd does not exist. Ignored.\n");
142358 else
142359 printk("failed\n");
142360 printk(KERN_NOTICE "Unmounting old root\n");
142361 - sys_umount("/old", MNT_DETACH);
142362 + sys_umount((char __force_user *)"/old", MNT_DETACH);
142363 printk(KERN_NOTICE "Trying to free ramdisk memory ... ");
142364 if (fd < 0) {
142365 error = fd;
142366 @@ -127,11 +127,11 @@ bool __init initrd_load(void)
142367 * mounted in the normal path.
142368 */
142369 if (rd_load_image("/initrd.image") && ROOT_DEV != Root_RAM0) {
142370 - sys_unlink("/initrd.image");
142371 + sys_unlink((const char __force_user *)"/initrd.image");
142372 handle_initrd();
142373 return true;
142374 }
142375 }
142376 - sys_unlink("/initrd.image");
142377 + sys_unlink((const char __force_user *)"/initrd.image");
142378 return false;
142379 }
142380 diff --git a/init/do_mounts_md.c b/init/do_mounts_md.c
142381 index 8cb6db5..d729f50 100644
142382 --- a/init/do_mounts_md.c
142383 +++ b/init/do_mounts_md.c
142384 @@ -180,7 +180,7 @@ static void __init md_setup_drive(void)
142385 partitioned ? "_d" : "", minor,
142386 md_setup_args[ent].device_names);
142387
142388 - fd = sys_open(name, 0, 0);
142389 + fd = sys_open((char __force_user *)name, 0, 0);
142390 if (fd < 0) {
142391 printk(KERN_ERR "md: open failed - cannot start "
142392 "array %s\n", name);
142393 @@ -243,7 +243,7 @@ static void __init md_setup_drive(void)
142394 * array without it
142395 */
142396 sys_close(fd);
142397 - fd = sys_open(name, 0, 0);
142398 + fd = sys_open((char __force_user *)name, 0, 0);
142399 sys_ioctl(fd, BLKRRPART, 0);
142400 }
142401 sys_close(fd);
142402 @@ -293,7 +293,7 @@ static void __init autodetect_raid(void)
142403
142404 wait_for_device_probe();
142405
142406 - fd = sys_open("/dev/md0", 0, 0);
142407 + fd = sys_open((const char __force_user *) "/dev/md0", 0, 0);
142408 if (fd >= 0) {
142409 sys_ioctl(fd, RAID_AUTORUN, raid_autopart);
142410 sys_close(fd);
142411 diff --git a/init/init_task.c b/init/init_task.c
142412 index ba0a7f36..a7b3aaa 100644
142413 --- a/init/init_task.c
142414 +++ b/init/init_task.c
142415 @@ -23,4 +23,8 @@ EXPORT_SYMBOL(init_task);
142416 * linker map entry.
142417 */
142418 union thread_union init_thread_union __init_task_data =
142419 +#ifdef CONFIG_X86
142420 + { .stack[0] = ~0xabcd1234, };
142421 +#else
142422 { INIT_THREAD_INFO(init_task) };
142423 +#endif
142424 diff --git a/init/initramfs.c b/init/initramfs.c
142425 index b32ad7d..05f6420 100644
142426 --- a/init/initramfs.c
142427 +++ b/init/initramfs.c
142428 @@ -25,7 +25,7 @@ static ssize_t __init xwrite(int fd, const char *p, size_t count)
142429
142430 /* sys_write only can write MAX_RW_COUNT aka 2G-4K bytes at most */
142431 while (count) {
142432 - ssize_t rv = sys_write(fd, p, count);
142433 + ssize_t rv = sys_write(fd, (char __force_user *)p, count);
142434
142435 if (rv < 0) {
142436 if (rv == -EINTR || rv == -EAGAIN)
142437 @@ -107,7 +107,7 @@ static void __init free_hash(void)
142438 }
142439 }
142440
142441 -static long __init do_utime(char *filename, time_t mtime)
142442 +static long __init do_utime(char __force_user *filename, time_t mtime)
142443 {
142444 struct timespec t[2];
142445
142446 @@ -142,7 +142,7 @@ static void __init dir_utime(void)
142447 struct dir_entry *de, *tmp;
142448 list_for_each_entry_safe(de, tmp, &dir_list, list) {
142449 list_del(&de->list);
142450 - do_utime(de->name, de->mtime);
142451 + do_utime((char __force_user *)de->name, de->mtime);
142452 kfree(de->name);
142453 kfree(de);
142454 }
142455 @@ -304,7 +304,7 @@ static int __init maybe_link(void)
142456 if (nlink >= 2) {
142457 char *old = find_link(major, minor, ino, mode, collected);
142458 if (old)
142459 - return (sys_link(old, collected) < 0) ? -1 : 1;
142460 + return (sys_link((char __force_user *)old, (char __force_user *)collected) < 0) ? -1 : 1;
142461 }
142462 return 0;
142463 }
142464 @@ -313,11 +313,11 @@ static void __init clean_path(char *path, umode_t fmode)
142465 {
142466 struct stat st;
142467
142468 - if (!sys_newlstat(path, &st) && (st.st_mode ^ fmode) & S_IFMT) {
142469 + if (!sys_newlstat((char __force_user *)path, (struct stat __force_user *)&st) && (st.st_mode ^ fmode) & S_IFMT) {
142470 if (S_ISDIR(st.st_mode))
142471 - sys_rmdir(path);
142472 + sys_rmdir((char __force_user *)path);
142473 else
142474 - sys_unlink(path);
142475 + sys_unlink((char __force_user *)path);
142476 }
142477 }
142478
142479 @@ -338,7 +338,7 @@ static int __init do_name(void)
142480 int openflags = O_WRONLY|O_CREAT;
142481 if (ml != 1)
142482 openflags |= O_TRUNC;
142483 - wfd = sys_open(collected, openflags, mode);
142484 + wfd = sys_open((char __force_user *)collected, openflags, mode);
142485
142486 if (wfd >= 0) {
142487 sys_fchown(wfd, uid, gid);
142488 @@ -350,17 +350,17 @@ static int __init do_name(void)
142489 }
142490 }
142491 } else if (S_ISDIR(mode)) {
142492 - sys_mkdir(collected, mode);
142493 - sys_chown(collected, uid, gid);
142494 - sys_chmod(collected, mode);
142495 + sys_mkdir((char __force_user *)collected, mode);
142496 + sys_chown((char __force_user *)collected, uid, gid);
142497 + sys_chmod((char __force_user *)collected, mode);
142498 dir_add(collected, mtime);
142499 } else if (S_ISBLK(mode) || S_ISCHR(mode) ||
142500 S_ISFIFO(mode) || S_ISSOCK(mode)) {
142501 if (maybe_link() == 0) {
142502 - sys_mknod(collected, mode, rdev);
142503 - sys_chown(collected, uid, gid);
142504 - sys_chmod(collected, mode);
142505 - do_utime(collected, mtime);
142506 + sys_mknod((char __force_user *)collected, mode, rdev);
142507 + sys_chown((char __force_user *)collected, uid, gid);
142508 + sys_chmod((char __force_user *)collected, mode);
142509 + do_utime((char __force_user *)collected, mtime);
142510 }
142511 }
142512 return 0;
142513 @@ -372,7 +372,7 @@ static int __init do_copy(void)
142514 if (xwrite(wfd, victim, body_len) != body_len)
142515 error("write error");
142516 sys_close(wfd);
142517 - do_utime(vcollected, mtime);
142518 + do_utime((char __force_user *)vcollected, mtime);
142519 kfree(vcollected);
142520 eat(body_len);
142521 state = SkipIt;
142522 @@ -390,9 +390,9 @@ static int __init do_symlink(void)
142523 {
142524 collected[N_ALIGN(name_len) + body_len] = '\0';
142525 clean_path(collected, 0);
142526 - sys_symlink(collected + N_ALIGN(name_len), collected);
142527 - sys_lchown(collected, uid, gid);
142528 - do_utime(collected, mtime);
142529 + sys_symlink((char __force_user *)collected + N_ALIGN(name_len), (char __force_user *)collected);
142530 + sys_lchown((char __force_user *)collected, uid, gid);
142531 + do_utime((char __force_user *)collected, mtime);
142532 state = SkipIt;
142533 next_state = Reset;
142534 return 0;
142535 diff --git a/init/main.c b/init/main.c
142536 index a8a58e2..75fba2e 100644
142537 --- a/init/main.c
142538 +++ b/init/main.c
142539 @@ -11,6 +11,10 @@
142540
142541 #define DEBUG /* Enable initcall_debug */
142542
142543 +#ifdef CONFIG_GRKERNSEC_HIDESYM
142544 +#define __INCLUDED_BY_HIDESYM 1
142545 +#endif
142546 +
142547 #include <linux/types.h>
142548 #include <linux/module.h>
142549 #include <linux/proc_fs.h>
142550 @@ -94,6 +98,8 @@ extern void init_IRQ(void);
142551 extern void fork_init(void);
142552 extern void radix_tree_init(void);
142553
142554 +extern void grsecurity_init(void);
142555 +
142556 /*
142557 * Debug helper: via this flag we know that we are in 'early bootup code'
142558 * where only the boot processor is running with IRQ disabled. This means
142559 @@ -155,6 +161,48 @@ static int __init set_reset_devices(char *str)
142560
142561 __setup("reset_devices", set_reset_devices);
142562
142563 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
142564 +kgid_t grsec_proc_gid = KGIDT_INIT(CONFIG_GRKERNSEC_PROC_GID);
142565 +static int __init setup_grsec_proc_gid(char *str)
142566 +{
142567 + grsec_proc_gid = KGIDT_INIT(simple_strtol(str, NULL, 0));
142568 + return 1;
142569 +}
142570 +__setup("grsec_proc_gid=", setup_grsec_proc_gid);
142571 +#endif
142572 +#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT
142573 +int grsec_enable_sysfs_restrict = 1;
142574 +static int __init setup_grsec_sysfs_restrict(char *str)
142575 +{
142576 + if (!simple_strtol(str, NULL, 0))
142577 + grsec_enable_sysfs_restrict = 0;
142578 + return 1;
142579 +}
142580 +__setup("grsec_sysfs_restrict", setup_grsec_sysfs_restrict);
142581 +#endif
142582 +
142583 +#ifdef CONFIG_PAX_SOFTMODE
142584 +int pax_softmode;
142585 +
142586 +static int __init setup_pax_softmode(char *str)
142587 +{
142588 + get_option(&str, &pax_softmode);
142589 + return 1;
142590 +}
142591 +__setup("pax_softmode=", setup_pax_softmode);
142592 +#endif
142593 +
142594 +#ifdef CONFIG_PAX_SIZE_OVERFLOW
142595 +bool pax_size_overflow_report_only __read_only;
142596 +
142597 +static int __init setup_pax_size_overflow_report_only(char *str)
142598 +{
142599 + pax_size_overflow_report_only = true;
142600 + return 0;
142601 +}
142602 +early_param("pax_size_overflow_report_only", setup_pax_size_overflow_report_only);
142603 +#endif
142604 +
142605 static const char *argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
142606 const char *envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
142607 static const char *panic_later, *panic_param;
142608 @@ -767,7 +815,7 @@ int __init_or_module do_one_initcall(initcall_t fn)
142609 {
142610 int count = preempt_count();
142611 int ret;
142612 - char msgbuf[64];
142613 + const char *msg1 = "", *msg2 = "";
142614
142615 if (initcall_blacklisted(fn))
142616 return -EPERM;
142617 @@ -777,18 +825,17 @@ int __init_or_module do_one_initcall(initcall_t fn)
142618 else
142619 ret = fn();
142620
142621 - msgbuf[0] = 0;
142622 -
142623 if (preempt_count() != count) {
142624 - sprintf(msgbuf, "preemption imbalance ");
142625 + msg1 = " preemption imbalance";
142626 preempt_count_set(count);
142627 }
142628 if (irqs_disabled()) {
142629 - strlcat(msgbuf, "disabled interrupts ", sizeof(msgbuf));
142630 + msg2 = " disabled interrupts";
142631 local_irq_enable();
142632 }
142633 - WARN(msgbuf[0], "initcall %pF returned with %s\n", fn, msgbuf);
142634 + WARN(*msg1 || *msg2, "initcall %pF returned with%s%s\n", fn, msg1, msg2);
142635
142636 + add_latent_entropy();
142637 return ret;
142638 }
142639
142640 @@ -893,8 +940,8 @@ static int run_init_process(const char *init_filename)
142641 {
142642 argv_init[0] = init_filename;
142643 return do_execve(getname_kernel(init_filename),
142644 - (const char __user *const __user *)argv_init,
142645 - (const char __user *const __user *)envp_init);
142646 + (const char __user *const __force_user *)argv_init,
142647 + (const char __user *const __force_user *)envp_init);
142648 }
142649
142650 static int try_to_run_init_process(const char *init_filename)
142651 @@ -911,6 +958,10 @@ static int try_to_run_init_process(const char *init_filename)
142652 return ret;
142653 }
142654
142655 +#ifdef CONFIG_GRKERNSEC_CHROOT_INITRD
142656 +extern int gr_init_ran;
142657 +#endif
142658 +
142659 static noinline void __init kernel_init_freeable(void);
142660
142661 #ifdef CONFIG_DEBUG_RODATA
142662 @@ -959,6 +1010,11 @@ static int __ref kernel_init(void *unused)
142663 ramdisk_execute_command, ret);
142664 }
142665
142666 +#ifdef CONFIG_GRKERNSEC_CHROOT_INITRD
142667 + /* if no initrd was used, be extra sure we enforce chroot restrictions */
142668 + gr_init_ran = 1;
142669 +#endif
142670 +
142671 /*
142672 * We try each of these until one succeeds.
142673 *
142674 @@ -1016,7 +1072,7 @@ static noinline void __init kernel_init_freeable(void)
142675 do_basic_setup();
142676
142677 /* Open the /dev/console on the rootfs, this should never fail */
142678 - if (sys_open((const char __user *) "/dev/console", O_RDWR, 0) < 0)
142679 + if (sys_open((const char __force_user *) "/dev/console", O_RDWR, 0) < 0)
142680 pr_err("Warning: unable to open an initial console.\n");
142681
142682 (void) sys_dup(0);
142683 @@ -1029,11 +1085,13 @@ static noinline void __init kernel_init_freeable(void)
142684 if (!ramdisk_execute_command)
142685 ramdisk_execute_command = "/init";
142686
142687 - if (sys_access((const char __user *) ramdisk_execute_command, 0) != 0) {
142688 + if (sys_access((const char __force_user *) ramdisk_execute_command, 0) != 0) {
142689 ramdisk_execute_command = NULL;
142690 prepare_namespace();
142691 }
142692
142693 + grsecurity_init();
142694 +
142695 /*
142696 * Ok, we have completed the initial bootup, and
142697 * we're essentially up and running. Get rid of the
142698 diff --git a/ipc/compat.c b/ipc/compat.c
142699 index 9b3c85f..5266b0f 100644
142700 --- a/ipc/compat.c
142701 +++ b/ipc/compat.c
142702 @@ -396,7 +396,7 @@ COMPAT_SYSCALL_DEFINE6(ipc, u32, call, int, first, int, second,
142703 COMPAT_SHMLBA);
142704 if (err < 0)
142705 return err;
142706 - return put_user(raddr, (compat_ulong_t *)compat_ptr(third));
142707 + return put_user(raddr, (compat_ulong_t __user *)compat_ptr(third));
142708 }
142709 case SHMDT:
142710 return sys_shmdt(compat_ptr(ptr));
142711 @@ -747,7 +747,7 @@ COMPAT_SYSCALL_DEFINE3(shmctl, int, first, int, second, void __user *, uptr)
142712 }
142713
142714 COMPAT_SYSCALL_DEFINE4(semtimedop, int, semid, struct sembuf __user *, tsems,
142715 - unsigned, nsops,
142716 + compat_long_t, nsops,
142717 const struct compat_timespec __user *, timeout)
142718 {
142719 struct timespec __user *ts64;
142720 diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c
142721 index 8ad93c2..54036e1 100644
142722 --- a/ipc/ipc_sysctl.c
142723 +++ b/ipc/ipc_sysctl.c
142724 @@ -30,7 +30,7 @@ static void *get_ipc(struct ctl_table *table)
142725 static int proc_ipc_dointvec(struct ctl_table *table, int write,
142726 void __user *buffer, size_t *lenp, loff_t *ppos)
142727 {
142728 - struct ctl_table ipc_table;
142729 + ctl_table_no_const ipc_table;
142730
142731 memcpy(&ipc_table, table, sizeof(ipc_table));
142732 ipc_table.data = get_ipc(table);
142733 @@ -41,7 +41,7 @@ static int proc_ipc_dointvec(struct ctl_table *table, int write,
142734 static int proc_ipc_dointvec_minmax(struct ctl_table *table, int write,
142735 void __user *buffer, size_t *lenp, loff_t *ppos)
142736 {
142737 - struct ctl_table ipc_table;
142738 + ctl_table_no_const ipc_table;
142739
142740 memcpy(&ipc_table, table, sizeof(ipc_table));
142741 ipc_table.data = get_ipc(table);
142742 @@ -65,7 +65,7 @@ static int proc_ipc_dointvec_minmax_orphans(struct ctl_table *table, int write,
142743 static int proc_ipc_doulongvec_minmax(struct ctl_table *table, int write,
142744 void __user *buffer, size_t *lenp, loff_t *ppos)
142745 {
142746 - struct ctl_table ipc_table;
142747 + ctl_table_no_const ipc_table;
142748 memcpy(&ipc_table, table, sizeof(ipc_table));
142749 ipc_table.data = get_ipc(table);
142750
142751 @@ -76,7 +76,7 @@ static int proc_ipc_doulongvec_minmax(struct ctl_table *table, int write,
142752 static int proc_ipc_auto_msgmni(struct ctl_table *table, int write,
142753 void __user *buffer, size_t *lenp, loff_t *ppos)
142754 {
142755 - struct ctl_table ipc_table;
142756 + ctl_table_no_const ipc_table;
142757 int dummy = 0;
142758
142759 memcpy(&ipc_table, table, sizeof(ipc_table));
142760 @@ -99,6 +99,8 @@ static int proc_ipc_auto_msgmni(struct ctl_table *table, int write,
142761 static int zero;
142762 static int one = 1;
142763 static int int_max = INT_MAX;
142764 +static unsigned long long_zero = 0;
142765 +static unsigned long long_max = LONG_MAX;
142766
142767 static struct ctl_table ipc_kern_table[] = {
142768 {
142769 @@ -107,6 +109,8 @@ static struct ctl_table ipc_kern_table[] = {
142770 .maxlen = sizeof(init_ipc_ns.shm_ctlmax),
142771 .mode = 0644,
142772 .proc_handler = proc_ipc_doulongvec_minmax,
142773 + .extra1 = &long_zero,
142774 + .extra2 = &long_max,
142775 },
142776 {
142777 .procname = "shmall",
142778 @@ -114,6 +118,8 @@ static struct ctl_table ipc_kern_table[] = {
142779 .maxlen = sizeof(init_ipc_ns.shm_ctlall),
142780 .mode = 0644,
142781 .proc_handler = proc_ipc_doulongvec_minmax,
142782 + .extra1 = &long_zero,
142783 + .extra2 = &long_max,
142784 },
142785 {
142786 .procname = "shmmni",
142787 diff --git a/ipc/mq_sysctl.c b/ipc/mq_sysctl.c
142788 index 68d4e95..1477ded 100644
142789 --- a/ipc/mq_sysctl.c
142790 +++ b/ipc/mq_sysctl.c
142791 @@ -25,7 +25,7 @@ static void *get_mq(struct ctl_table *table)
142792 static int proc_mq_dointvec(struct ctl_table *table, int write,
142793 void __user *buffer, size_t *lenp, loff_t *ppos)
142794 {
142795 - struct ctl_table mq_table;
142796 + ctl_table_no_const mq_table;
142797 memcpy(&mq_table, table, sizeof(mq_table));
142798 mq_table.data = get_mq(table);
142799
142800 @@ -35,7 +35,7 @@ static int proc_mq_dointvec(struct ctl_table *table, int write,
142801 static int proc_mq_dointvec_minmax(struct ctl_table *table, int write,
142802 void __user *buffer, size_t *lenp, loff_t *ppos)
142803 {
142804 - struct ctl_table mq_table;
142805 + ctl_table_no_const mq_table;
142806 memcpy(&mq_table, table, sizeof(mq_table));
142807 mq_table.data = get_mq(table);
142808
142809 diff --git a/ipc/mqueue.c b/ipc/mqueue.c
142810 index 0b13ace..2b586ea 100644
142811 --- a/ipc/mqueue.c
142812 +++ b/ipc/mqueue.c
142813 @@ -274,6 +274,7 @@ static struct inode *mqueue_get_inode(struct super_block *sb,
142814 mq_bytes = mq_treesize + (info->attr.mq_maxmsg *
142815 info->attr.mq_msgsize);
142816
142817 + gr_learn_resource(current, RLIMIT_MSGQUEUE, u->mq_bytes + mq_bytes, 1);
142818 spin_lock(&mq_lock);
142819 if (u->mq_bytes + mq_bytes < u->mq_bytes ||
142820 u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) {
142821 diff --git a/ipc/msg.c b/ipc/msg.c
142822 index c6521c2..4e2379d 100644
142823 --- a/ipc/msg.c
142824 +++ b/ipc/msg.c
142825 @@ -1041,7 +1041,8 @@ void msg_exit_ns(struct ipc_namespace *ns)
142826 static int sysvipc_msg_proc_show(struct seq_file *s, void *it)
142827 {
142828 struct user_namespace *user_ns = seq_user_ns(s);
142829 - struct msg_queue *msq = it;
142830 + struct kern_ipc_perm *perm = it;
142831 + struct msg_queue *msq = container_of(perm, struct msg_queue, q_perm);
142832
142833 seq_printf(s,
142834 "%10d %10d %4o %10lu %10lu %5u %5u %5u %5u %5u %5u %10lu %10lu %10lu\n",
142835 diff --git a/ipc/msgutil.c b/ipc/msgutil.c
142836 index a521999..6259e10 100644
142837 --- a/ipc/msgutil.c
142838 +++ b/ipc/msgutil.c
142839 @@ -53,7 +53,7 @@ static struct msg_msg *alloc_msg(size_t len)
142840 size_t alen;
142841
142842 alen = min(len, DATALEN_MSG);
142843 - msg = kmalloc(sizeof(*msg) + alen, GFP_KERNEL);
142844 + msg = kmalloc(sizeof(*msg) + alen, GFP_KERNEL|GFP_USERCOPY);
142845 if (msg == NULL)
142846 return NULL;
142847
142848 @@ -65,7 +65,7 @@ static struct msg_msg *alloc_msg(size_t len)
142849 while (len > 0) {
142850 struct msg_msgseg *seg;
142851 alen = min(len, DATALEN_SEG);
142852 - seg = kmalloc(sizeof(*seg) + alen, GFP_KERNEL);
142853 + seg = kmalloc(sizeof(*seg) + alen, GFP_KERNEL|GFP_USERCOPY);
142854 if (seg == NULL)
142855 goto out_err;
142856 *pseg = seg;
142857 diff --git a/ipc/sem.c b/ipc/sem.c
142858 index 5e318c5..235b6b0 100644
142859 --- a/ipc/sem.c
142860 +++ b/ipc/sem.c
142861 @@ -1814,7 +1814,7 @@ static int get_queue_result(struct sem_queue *q)
142862 }
142863
142864 SYSCALL_DEFINE4(semtimedop, int, semid, struct sembuf __user *, tsops,
142865 - unsigned, nsops, const struct timespec __user *, timeout)
142866 + long, nsops, const struct timespec __user *, timeout)
142867 {
142868 int error = -EINVAL;
142869 struct sem_array *sma;
142870 @@ -2049,7 +2049,7 @@ out_free:
142871 }
142872
142873 SYSCALL_DEFINE3(semop, int, semid, struct sembuf __user *, tsops,
142874 - unsigned, nsops)
142875 + long, nsops)
142876 {
142877 return sys_semtimedop(semid, tsops, nsops, NULL);
142878 }
142879 @@ -2204,7 +2204,8 @@ void exit_sem(struct task_struct *tsk)
142880 static int sysvipc_sem_proc_show(struct seq_file *s, void *it)
142881 {
142882 struct user_namespace *user_ns = seq_user_ns(s);
142883 - struct sem_array *sma = it;
142884 + struct kern_ipc_perm *perm = it;
142885 + struct sem_array *sma = container_of(perm, struct sem_array, sem_perm);
142886 time_t sem_otime;
142887
142888 /*
142889 diff --git a/ipc/shm.c b/ipc/shm.c
142890 index dbac886..ef5e42d 100644
142891 --- a/ipc/shm.c
142892 +++ b/ipc/shm.c
142893 @@ -72,9 +72,17 @@ static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp);
142894 static int sysvipc_shm_proc_show(struct seq_file *s, void *it);
142895 #endif
142896
142897 +#ifdef CONFIG_GRKERNSEC
142898 +extern int gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
142899 + const u64 shm_createtime, const kuid_t cuid,
142900 + const int shmid);
142901 +extern int gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
142902 + const u64 shm_createtime);
142903 +#endif
142904 +
142905 void shm_init_ns(struct ipc_namespace *ns)
142906 {
142907 - ns->shm_ctlmax = SHMMAX;
142908 + ns->shm_ctlmax = BITS_PER_LONG == 32 ? SHMMAX : LONG_MAX;
142909 ns->shm_ctlall = SHMALL;
142910 ns->shm_ctlmni = SHMMNI;
142911 ns->shm_rmid_forced = 0;
142912 @@ -590,6 +598,9 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
142913 shp->shm_lprid = 0;
142914 shp->shm_atim = shp->shm_dtim = 0;
142915 shp->shm_ctim = get_seconds();
142916 +#ifdef CONFIG_GRKERNSEC
142917 + shp->shm_createtime = ktime_get_ns();
142918 +#endif
142919 shp->shm_segsz = size;
142920 shp->shm_nattch = 0;
142921 shp->shm_file = file;
142922 @@ -1133,6 +1144,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
142923 f_mode = FMODE_READ | FMODE_WRITE;
142924 }
142925 if (shmflg & SHM_EXEC) {
142926 +
142927 +#ifdef CONFIG_PAX_MPROTECT
142928 + if (current->mm->pax_flags & MF_PAX_MPROTECT)
142929 + goto out;
142930 +#endif
142931 +
142932 prot |= PROT_EXEC;
142933 acc_mode |= S_IXUGO;
142934 }
142935 @@ -1157,6 +1174,15 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
142936 if (err)
142937 goto out_unlock;
142938
142939 +#ifdef CONFIG_GRKERNSEC
142940 + if (!gr_handle_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime,
142941 + shp->shm_perm.cuid, shmid) ||
142942 + !gr_chroot_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime)) {
142943 + err = -EACCES;
142944 + goto out_unlock;
142945 + }
142946 +#endif
142947 +
142948 ipc_lock_object(&shp->shm_perm);
142949
142950 /* check if shm_destroy() is tearing down shp */
142951 @@ -1169,6 +1195,9 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
142952 path = shp->shm_file->f_path;
142953 path_get(&path);
142954 shp->shm_nattch++;
142955 +#ifdef CONFIG_GRKERNSEC
142956 + shp->shm_lapid = current->pid;
142957 +#endif
142958 size = i_size_read(d_inode(path.dentry));
142959 ipc_unlock_object(&shp->shm_perm);
142960 rcu_read_unlock();
142961 @@ -1372,7 +1401,8 @@ SYSCALL_DEFINE1(shmdt, char __user *, shmaddr)
142962 static int sysvipc_shm_proc_show(struct seq_file *s, void *it)
142963 {
142964 struct user_namespace *user_ns = seq_user_ns(s);
142965 - struct shmid_kernel *shp = it;
142966 + struct kern_ipc_perm *perm = it;
142967 + struct shmid_kernel *shp = container_of(perm, struct shmid_kernel, shm_perm);
142968 unsigned long rss = 0, swp = 0;
142969
142970 shm_add_rss_swap(shp, &rss, &swp);
142971 diff --git a/ipc/util.c b/ipc/util.c
142972 index 798cad1..d6ffc17 100644
142973 --- a/ipc/util.c
142974 +++ b/ipc/util.c
142975 @@ -71,6 +71,8 @@ struct ipc_proc_iface {
142976 int (*show)(struct seq_file *, void *);
142977 };
142978
142979 +extern int gr_ipc_permitted(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp, int requested_mode, int granted_mode);
142980 +
142981 /**
142982 * ipc_init - initialise ipc subsystem
142983 *
142984 @@ -489,6 +491,10 @@ int ipcperms(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp, short flag)
142985 granted_mode >>= 6;
142986 else if (in_group_p(ipcp->cgid) || in_group_p(ipcp->gid))
142987 granted_mode >>= 3;
142988 +
142989 + if (!gr_ipc_permitted(ns, ipcp, requested_mode, granted_mode))
142990 + return -1;
142991 +
142992 /* is there some bit set in requested_mode but not in granted_mode? */
142993 if ((requested_mode & ~granted_mode & 0007) &&
142994 !ns_capable(ns->user_ns, CAP_IPC_OWNER))
142995 diff --git a/kernel/audit.c b/kernel/audit.c
142996 index a8a91bd2..b8f3933 100644
142997 --- a/kernel/audit.c
142998 +++ b/kernel/audit.c
142999 @@ -122,7 +122,7 @@ u32 audit_sig_sid = 0;
143000 3) suppressed due to audit_rate_limit
143001 4) suppressed due to audit_backlog_limit
143002 */
143003 -static atomic_t audit_lost = ATOMIC_INIT(0);
143004 +static atomic_unchecked_t audit_lost = ATOMIC_INIT(0);
143005
143006 /* The netlink socket. */
143007 static struct sock *audit_sock;
143008 @@ -256,7 +256,7 @@ void audit_log_lost(const char *message)
143009 unsigned long now;
143010 int print;
143011
143012 - atomic_inc(&audit_lost);
143013 + atomic_inc_unchecked(&audit_lost);
143014
143015 print = (audit_failure == AUDIT_FAIL_PANIC || !audit_rate_limit);
143016
143017 @@ -273,7 +273,7 @@ void audit_log_lost(const char *message)
143018 if (print) {
143019 if (printk_ratelimit())
143020 pr_warn("audit_lost=%u audit_rate_limit=%u audit_backlog_limit=%u\n",
143021 - atomic_read(&audit_lost),
143022 + atomic_read_unchecked(&audit_lost),
143023 audit_rate_limit,
143024 audit_backlog_limit);
143025 audit_panic(message);
143026 @@ -854,7 +854,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
143027 s.pid = audit_pid;
143028 s.rate_limit = audit_rate_limit;
143029 s.backlog_limit = audit_backlog_limit;
143030 - s.lost = atomic_read(&audit_lost);
143031 + s.lost = atomic_read_unchecked(&audit_lost);
143032 s.backlog = skb_queue_len(&audit_skb_queue);
143033 s.feature_bitmap = AUDIT_FEATURE_BITMAP_ALL;
143034 s.backlog_wait_time = audit_backlog_wait_time_master;
143035 @@ -1171,7 +1171,7 @@ static void __net_exit audit_net_exit(struct net *net)
143036 netlink_kernel_release(sock);
143037 }
143038
143039 -static struct pernet_operations audit_net_ops __net_initdata = {
143040 +static struct pernet_operations audit_net_ops __net_initconst = {
143041 .init = audit_net_init,
143042 .exit = audit_net_exit,
143043 .id = &audit_net_id,
143044 diff --git a/kernel/auditsc.c b/kernel/auditsc.c
143045 index 5abf1dc..78861f76 100644
143046 --- a/kernel/auditsc.c
143047 +++ b/kernel/auditsc.c
143048 @@ -1954,7 +1954,7 @@ int auditsc_get_stamp(struct audit_context *ctx,
143049 }
143050
143051 /* global counter which is incremented every time something logs in */
143052 -static atomic_t session_id = ATOMIC_INIT(0);
143053 +static atomic_unchecked_t session_id = ATOMIC_INIT(0);
143054
143055 static int audit_set_loginuid_perm(kuid_t loginuid)
143056 {
143057 @@ -2026,7 +2026,7 @@ int audit_set_loginuid(kuid_t loginuid)
143058
143059 /* are we setting or clearing? */
143060 if (uid_valid(loginuid))
143061 - sessionid = (unsigned int)atomic_inc_return(&session_id);
143062 + sessionid = (unsigned int)atomic_inc_return_unchecked(&session_id);
143063
143064 task->sessionid = sessionid;
143065 task->loginuid = loginuid;
143066 diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
143067 index 03fd23d..4b2832f0 100644
143068 --- a/kernel/bpf/core.c
143069 +++ b/kernel/bpf/core.c
143070 @@ -208,6 +208,8 @@ struct bpf_prog *bpf_patch_insn_single(struct bpf_prog *prog, u32 off,
143071 }
143072
143073 #ifdef CONFIG_BPF_JIT
143074 +extern long __rap_hash___bpf_prog_run;
143075 +
143076 struct bpf_binary_header *
143077 bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr,
143078 unsigned int alignment,
143079 @@ -221,27 +223,45 @@ bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr,
143080 * random section of illegal instructions.
143081 */
143082 size = round_up(proglen + sizeof(*hdr) + 128, PAGE_SIZE);
143083 - hdr = module_alloc(size);
143084 + hdr = module_alloc_exec(size);
143085 if (hdr == NULL)
143086 return NULL;
143087
143088 /* Fill space with illegal/arch-dep instructions. */
143089 bpf_fill_ill_insns(hdr, size);
143090
143091 + pax_open_kernel();
143092 hdr->pages = size / PAGE_SIZE;
143093 + pax_close_kernel();
143094 +
143095 hole = min_t(unsigned int, size - (proglen + sizeof(*hdr)),
143096 PAGE_SIZE - sizeof(*hdr));
143097 +
143098 +#ifdef CONFIG_PAX_RAP
143099 + hole -= 8;
143100 +#endif
143101 +
143102 start = (get_random_int() % hole) & ~(alignment - 1);
143103
143104 +#ifdef CONFIG_PAX_RAP
143105 + start += 8;
143106 +#endif
143107 +
143108 /* Leave a random number of instructions before BPF code. */
143109 *image_ptr = &hdr->image[start];
143110
143111 +#ifdef CONFIG_PAX_RAP
143112 + pax_open_kernel();
143113 + *(long *)(*image_ptr - 8) = (long)&__rap_hash___bpf_prog_run;
143114 + pax_close_kernel();
143115 +#endif
143116 +
143117 return hdr;
143118 }
143119
143120 void bpf_jit_binary_free(struct bpf_binary_header *hdr)
143121 {
143122 - module_memfree(hdr);
143123 + module_memfree_exec(hdr);
143124 }
143125
143126 int bpf_jit_harden __read_mostly;
143127 @@ -465,7 +485,7 @@ EXPORT_SYMBOL_GPL(__bpf_call_base);
143128 *
143129 * Decode and execute eBPF instructions.
143130 */
143131 -static unsigned int __bpf_prog_run(void *ctx, const struct bpf_insn *insn)
143132 +unsigned int __bpf_prog_run(const struct sk_buff *ctx, const struct bpf_insn *insn)
143133 {
143134 u64 stack[MAX_BPF_STACK / sizeof(u64)];
143135 u64 regs[MAX_BPF_REG], tmp;
143136 @@ -970,7 +990,7 @@ static int bpf_check_tail_call(const struct bpf_prog *fp)
143137 */
143138 struct bpf_prog *bpf_prog_select_runtime(struct bpf_prog *fp, int *err)
143139 {
143140 - fp->bpf_func = (void *) __bpf_prog_run;
143141 + fp->bpf_func = __bpf_prog_run;
143142
143143 /* eBPF JITs can rewrite the program in case constant
143144 * blinding is active. However, in case of error during
143145 diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
143146 index 228f962..ebef033 100644
143147 --- a/kernel/bpf/syscall.c
143148 +++ b/kernel/bpf/syscall.c
143149 @@ -827,8 +827,16 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, siz
143150 union bpf_attr attr = {};
143151 int err;
143152
143153 - if (!capable(CAP_SYS_ADMIN) && sysctl_unprivileged_bpf_disabled)
143154 + /* the syscall is limited to root temporarily. This restriction will be
143155 + * lifted by upstream when a half-assed security audit is clean. Note
143156 + * that eBPF+tracing must have this restriction, since it may pass
143157 + * kernel data to user space
143158 + */
143159 + if (!capable(CAP_SYS_ADMIN))
143160 return -EPERM;
143161 +#ifdef CONFIG_GRKERNSEC
143162 + return -EPERM;
143163 +#endif
143164
143165 if (!access_ok(VERIFY_READ, uattr, 1))
143166 return -EFAULT;
143167 diff --git a/kernel/capability.c b/kernel/capability.c
143168 index 00411c8..aaad585 100644
143169 --- a/kernel/capability.c
143170 +++ b/kernel/capability.c
143171 @@ -193,6 +193,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr)
143172 * before modification is attempted and the application
143173 * fails.
143174 */
143175 + if (tocopy > ARRAY_SIZE(kdata))
143176 + return -EFAULT;
143177 +
143178 if (copy_to_user(dataptr, kdata, tocopy
143179 * sizeof(struct __user_cap_data_struct))) {
143180 return -EFAULT;
143181 @@ -298,10 +301,11 @@ bool has_ns_capability(struct task_struct *t,
143182 int ret;
143183
143184 rcu_read_lock();
143185 - ret = security_capable(__task_cred(t), ns, cap);
143186 + ret = security_capable(__task_cred(t), ns, cap) == 0 &&
143187 + gr_task_is_capable(t, __task_cred(t), cap);
143188 rcu_read_unlock();
143189
143190 - return (ret == 0);
143191 + return ret;
143192 }
143193
143194 /**
143195 @@ -338,10 +342,10 @@ bool has_ns_capability_noaudit(struct task_struct *t,
143196 int ret;
143197
143198 rcu_read_lock();
143199 - ret = security_capable_noaudit(__task_cred(t), ns, cap);
143200 + ret = security_capable_noaudit(__task_cred(t), ns, cap) == 0 && gr_task_is_capable_nolog(t, __task_cred(t), cap);
143201 rcu_read_unlock();
143202
143203 - return (ret == 0);
143204 + return ret;
143205 }
143206
143207 /**
143208 @@ -370,9 +374,9 @@ static bool ns_capable_common(struct user_namespace *ns, int cap, bool audit)
143209 BUG();
143210 }
143211
143212 - capable = audit ? security_capable(current_cred(), ns, cap) :
143213 - security_capable_noaudit(current_cred(), ns, cap);
143214 - if (capable == 0) {
143215 + capable = audit ? (security_capable(current_cred(), ns, cap) == 0 && gr_is_capable(cap)) :
143216 + (security_capable_noaudit(current_cred(), ns, cap) == 0 && gr_is_capable_nolog(cap)) ;
143217 + if (capable) {
143218 current->flags |= PF_SUPERPRIV;
143219 return true;
143220 }
143221 @@ -429,6 +433,13 @@ bool capable(int cap)
143222 return ns_capable(&init_user_ns, cap);
143223 }
143224 EXPORT_SYMBOL(capable);
143225 +
143226 +bool capable_nolog(int cap)
143227 +{
143228 + return ns_capable_noaudit(&init_user_ns, cap);
143229 +}
143230 +EXPORT_SYMBOL(capable_nolog);
143231 +
143232 #endif /* CONFIG_MULTIUSER */
143233
143234 /**
143235 @@ -473,3 +484,12 @@ bool capable_wrt_inode_uidgid(const struct inode *inode, int cap)
143236 kgid_has_mapping(ns, inode->i_gid);
143237 }
143238 EXPORT_SYMBOL(capable_wrt_inode_uidgid);
143239 +
143240 +bool capable_wrt_inode_uidgid_nolog(const struct inode *inode, int cap)
143241 +{
143242 + struct user_namespace *ns = current_user_ns();
143243 +
143244 + return ns_capable_noaudit(ns, cap) && kuid_has_mapping(ns, inode->i_uid) &&
143245 + kgid_has_mapping(ns, inode->i_gid);
143246 +}
143247 +EXPORT_SYMBOL(capable_wrt_inode_uidgid_nolog);
143248 diff --git a/kernel/cgroup.c b/kernel/cgroup.c
143249 index d6b729b..f78716c 100644
143250 --- a/kernel/cgroup.c
143251 +++ b/kernel/cgroup.c
143252 @@ -3645,7 +3645,7 @@ static int cgroup_add_file(struct cgroup_subsys_state *css, struct cgroup *cgrp,
143253 key = &cft->lockdep_key;
143254 #endif
143255 kn = __kernfs_create_file(cgrp->kn, cgroup_file_name(cgrp, cft, name),
143256 - cgroup_file_mode(cft), 0, cft->kf_ops, cft,
143257 + cgroup_file_mode(cft), 0, cft->kf_ops, (void *)cft,
143258 NULL, key);
143259 if (IS_ERR(kn))
143260 return PTR_ERR(kn);
143261 @@ -3749,11 +3749,14 @@ static void cgroup_exit_cftypes(struct cftype *cfts)
143262 /* free copy for custom atomic_write_len, see init_cftypes() */
143263 if (cft->max_write_len && cft->max_write_len != PAGE_SIZE)
143264 kfree(cft->kf_ops);
143265 - cft->kf_ops = NULL;
143266 - cft->ss = NULL;
143267 +
143268 + pax_open_kernel();
143269 + const_cast(cft->kf_ops) = NULL;
143270 + const_cast(cft->ss) = NULL;
143271
143272 /* revert flags set by cgroup core while adding @cfts */
143273 - cft->flags &= ~(__CFTYPE_ONLY_ON_DFL | __CFTYPE_NOT_ON_DFL);
143274 + const_cast(cft->flags) &= ~(__CFTYPE_ONLY_ON_DFL | __CFTYPE_NOT_ON_DFL);
143275 + pax_close_kernel();
143276 }
143277 }
143278
143279 @@ -3784,8 +3787,10 @@ static int cgroup_init_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
143280 kf_ops->atomic_write_len = cft->max_write_len;
143281 }
143282
143283 - cft->kf_ops = kf_ops;
143284 - cft->ss = ss;
143285 + pax_open_kernel();
143286 + const_cast(cft->kf_ops) = kf_ops;
143287 + const_cast(cft->ss) = ss;
143288 + pax_close_kernel();
143289 }
143290
143291 return 0;
143292 @@ -3798,7 +3803,7 @@ static int cgroup_rm_cftypes_locked(struct cftype *cfts)
143293 if (!cfts || !cfts[0].ss)
143294 return -ENOENT;
143295
143296 - list_del(&cfts->node);
143297 + pax_list_del((struct list_head *)&cfts->node);
143298 cgroup_apply_cftypes(cfts, false);
143299 cgroup_exit_cftypes(cfts);
143300 return 0;
143301 @@ -3855,7 +3860,7 @@ static int cgroup_add_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
143302
143303 mutex_lock(&cgroup_mutex);
143304
143305 - list_add_tail(&cfts->node, &ss->cfts);
143306 + pax_list_add_tail((struct list_head *)&cfts->node, &ss->cfts);
143307 ret = cgroup_apply_cftypes(cfts, true);
143308 if (ret)
143309 cgroup_rm_cftypes_locked(cfts);
143310 @@ -3876,8 +3881,10 @@ int cgroup_add_dfl_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
143311 {
143312 struct cftype *cft;
143313
143314 + pax_open_kernel();
143315 for (cft = cfts; cft && cft->name[0] != '\0'; cft++)
143316 - cft->flags |= __CFTYPE_ONLY_ON_DFL;
143317 + const_cast(cft->flags) |= __CFTYPE_ONLY_ON_DFL;
143318 + pax_close_kernel();
143319 return cgroup_add_cftypes(ss, cfts);
143320 }
143321
143322 @@ -3893,8 +3900,10 @@ int cgroup_add_legacy_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
143323 {
143324 struct cftype *cft;
143325
143326 + pax_open_kernel();
143327 for (cft = cfts; cft && cft->name[0] != '\0'; cft++)
143328 - cft->flags |= __CFTYPE_NOT_ON_DFL;
143329 + const_cast(cft->flags) |= __CFTYPE_NOT_ON_DFL;
143330 + pax_close_kernel();
143331 return cgroup_add_cftypes(ss, cfts);
143332 }
143333
143334 @@ -6066,6 +6075,9 @@ static void cgroup_release_agent(struct work_struct *work)
143335 if (!pathbuf || !agentbuf)
143336 goto out;
143337
143338 + if (agentbuf[0] == '\0')
143339 + goto out;
143340 +
143341 spin_lock_irq(&css_set_lock);
143342 path = cgroup_path_ns_locked(cgrp, pathbuf, PATH_MAX, &init_cgroup_ns);
143343 spin_unlock_irq(&css_set_lock);
143344 @@ -6522,7 +6534,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v)
143345 struct task_struct *task;
143346 int count = 0;
143347
143348 - seq_printf(seq, "css_set %p\n", cset);
143349 + seq_printf(seq, "css_set %pK\n", cset);
143350
143351 list_for_each_entry(task, &cset->tasks, cg_list) {
143352 if (count++ > MAX_TASKS_SHOWN_PER_CSS)
143353 diff --git a/kernel/cgroup_pids.c b/kernel/cgroup_pids.c
143354 index 2bd6737..9b0ddd4 100644
143355 --- a/kernel/cgroup_pids.c
143356 +++ b/kernel/cgroup_pids.c
143357 @@ -54,7 +54,7 @@ struct pids_cgroup {
143358 struct cgroup_file events_file;
143359
143360 /* Number of times fork failed because limit was hit. */
143361 - atomic64_t events_limit;
143362 + atomic64_unchecked_t events_limit;
143363 };
143364
143365 static struct pids_cgroup *css_pids(struct cgroup_subsys_state *css)
143366 @@ -78,7 +78,7 @@ pids_css_alloc(struct cgroup_subsys_state *parent)
143367
143368 pids->limit = PIDS_MAX;
143369 atomic64_set(&pids->counter, 0);
143370 - atomic64_set(&pids->events_limit, 0);
143371 + atomic64_set_unchecked(&pids->events_limit, 0);
143372 return &pids->css;
143373 }
143374
143375 @@ -227,7 +227,7 @@ static int pids_can_fork(struct task_struct *task)
143376 err = pids_try_charge(pids, 1);
143377 if (err) {
143378 /* Only log the first time events_limit is incremented. */
143379 - if (atomic64_inc_return(&pids->events_limit) == 1) {
143380 + if (atomic64_inc_return_unchecked(&pids->events_limit) == 1) {
143381 pr_info("cgroup: fork rejected by pids controller in ");
143382 pr_cont_cgroup_path(task_cgroup(current, pids_cgrp_id));
143383 pr_cont("\n");
143384 @@ -310,7 +310,7 @@ static int pids_events_show(struct seq_file *sf, void *v)
143385 {
143386 struct pids_cgroup *pids = css_pids(seq_css(sf));
143387
143388 - seq_printf(sf, "max %lld\n", (s64)atomic64_read(&pids->events_limit));
143389 + seq_printf(sf, "max %lld\n", (s64)atomic64_read_unchecked(&pids->events_limit));
143390 return 0;
143391 }
143392
143393 diff --git a/kernel/compat.c b/kernel/compat.c
143394 index 333d364..762ec00 100644
143395 --- a/kernel/compat.c
143396 +++ b/kernel/compat.c
143397 @@ -13,6 +13,7 @@
143398
143399 #include <linux/linkage.h>
143400 #include <linux/compat.h>
143401 +#include <linux/module.h>
143402 #include <linux/errno.h>
143403 #include <linux/time.h>
143404 #include <linux/signal.h>
143405 @@ -220,7 +221,7 @@ static long compat_nanosleep_restart(struct restart_block *restart)
143406 mm_segment_t oldfs;
143407 long ret;
143408
143409 - restart->nanosleep.rmtp = (struct timespec __user *) &rmt;
143410 + restart->nanosleep.rmtp = (struct timespec __force_user *) &rmt;
143411 oldfs = get_fs();
143412 set_fs(KERNEL_DS);
143413 ret = hrtimer_nanosleep_restart(restart);
143414 @@ -252,7 +253,7 @@ COMPAT_SYSCALL_DEFINE2(nanosleep, struct compat_timespec __user *, rqtp,
143415 oldfs = get_fs();
143416 set_fs(KERNEL_DS);
143417 ret = hrtimer_nanosleep(&tu,
143418 - rmtp ? (struct timespec __user *)&rmt : NULL,
143419 + rmtp ? (struct timespec __force_user *)&rmt : NULL,
143420 HRTIMER_MODE_REL, CLOCK_MONOTONIC);
143421 set_fs(oldfs);
143422
143423 @@ -378,7 +379,7 @@ COMPAT_SYSCALL_DEFINE1(sigpending, compat_old_sigset_t __user *, set)
143424 mm_segment_t old_fs = get_fs();
143425
143426 set_fs(KERNEL_DS);
143427 - ret = sys_sigpending((old_sigset_t __user *) &s);
143428 + ret = sys_sigpending((old_sigset_t __force_user *) &s);
143429 set_fs(old_fs);
143430 if (ret == 0)
143431 ret = put_user(s, set);
143432 @@ -468,7 +469,7 @@ COMPAT_SYSCALL_DEFINE2(old_getrlimit, unsigned int, resource,
143433 mm_segment_t old_fs = get_fs();
143434
143435 set_fs(KERNEL_DS);
143436 - ret = sys_old_getrlimit(resource, (struct rlimit __user *)&r);
143437 + ret = sys_old_getrlimit(resource, (struct rlimit __force_user *)&r);
143438 set_fs(old_fs);
143439
143440 if (!ret) {
143441 @@ -550,8 +551,8 @@ COMPAT_SYSCALL_DEFINE4(wait4,
143442 set_fs (KERNEL_DS);
143443 ret = sys_wait4(pid,
143444 (stat_addr ?
143445 - (unsigned int __user *) &status : NULL),
143446 - options, (struct rusage __user *) &r);
143447 + (unsigned int __force_user *) &status : NULL),
143448 + options, (struct rusage __force_user *) &r);
143449 set_fs (old_fs);
143450
143451 if (ret > 0) {
143452 @@ -577,8 +578,8 @@ COMPAT_SYSCALL_DEFINE5(waitid,
143453 memset(&info, 0, sizeof(info));
143454
143455 set_fs(KERNEL_DS);
143456 - ret = sys_waitid(which, pid, (siginfo_t __user *)&info, options,
143457 - uru ? (struct rusage __user *)&ru : NULL);
143458 + ret = sys_waitid(which, pid, (siginfo_t __force_user *)&info, options,
143459 + uru ? (struct rusage __force_user *)&ru : NULL);
143460 set_fs(old_fs);
143461
143462 if ((ret < 0) || (info.si_signo == 0))
143463 @@ -712,8 +713,8 @@ COMPAT_SYSCALL_DEFINE4(timer_settime, timer_t, timer_id, int, flags,
143464 oldfs = get_fs();
143465 set_fs(KERNEL_DS);
143466 err = sys_timer_settime(timer_id, flags,
143467 - (struct itimerspec __user *) &newts,
143468 - (struct itimerspec __user *) &oldts);
143469 + (struct itimerspec __force_user *) &newts,
143470 + (struct itimerspec __force_user *) &oldts);
143471 set_fs(oldfs);
143472 if (!err && old && put_compat_itimerspec(old, &oldts))
143473 return -EFAULT;
143474 @@ -730,7 +731,7 @@ COMPAT_SYSCALL_DEFINE2(timer_gettime, timer_t, timer_id,
143475 oldfs = get_fs();
143476 set_fs(KERNEL_DS);
143477 err = sys_timer_gettime(timer_id,
143478 - (struct itimerspec __user *) &ts);
143479 + (struct itimerspec __force_user *) &ts);
143480 set_fs(oldfs);
143481 if (!err && put_compat_itimerspec(setting, &ts))
143482 return -EFAULT;
143483 @@ -749,7 +750,7 @@ COMPAT_SYSCALL_DEFINE2(clock_settime, clockid_t, which_clock,
143484 oldfs = get_fs();
143485 set_fs(KERNEL_DS);
143486 err = sys_clock_settime(which_clock,
143487 - (struct timespec __user *) &ts);
143488 + (struct timespec __force_user *) &ts);
143489 set_fs(oldfs);
143490 return err;
143491 }
143492 @@ -764,7 +765,7 @@ COMPAT_SYSCALL_DEFINE2(clock_gettime, clockid_t, which_clock,
143493 oldfs = get_fs();
143494 set_fs(KERNEL_DS);
143495 err = sys_clock_gettime(which_clock,
143496 - (struct timespec __user *) &ts);
143497 + (struct timespec __force_user *) &ts);
143498 set_fs(oldfs);
143499 if (!err && compat_put_timespec(&ts, tp))
143500 return -EFAULT;
143501 @@ -784,7 +785,7 @@ COMPAT_SYSCALL_DEFINE2(clock_adjtime, clockid_t, which_clock,
143502
143503 oldfs = get_fs();
143504 set_fs(KERNEL_DS);
143505 - ret = sys_clock_adjtime(which_clock, (struct timex __user *) &txc);
143506 + ret = sys_clock_adjtime(which_clock, (struct timex __force_user *) &txc);
143507 set_fs(oldfs);
143508
143509 err = compat_put_timex(utp, &txc);
143510 @@ -804,7 +805,7 @@ COMPAT_SYSCALL_DEFINE2(clock_getres, clockid_t, which_clock,
143511 oldfs = get_fs();
143512 set_fs(KERNEL_DS);
143513 err = sys_clock_getres(which_clock,
143514 - (struct timespec __user *) &ts);
143515 + (struct timespec __force_user *) &ts);
143516 set_fs(oldfs);
143517 if (!err && tp && compat_put_timespec(&ts, tp))
143518 return -EFAULT;
143519 @@ -818,7 +819,7 @@ static long compat_clock_nanosleep_restart(struct restart_block *restart)
143520 struct timespec tu;
143521 struct compat_timespec __user *rmtp = restart->nanosleep.compat_rmtp;
143522
143523 - restart->nanosleep.rmtp = (struct timespec __user *) &tu;
143524 + restart->nanosleep.rmtp = (struct timespec __force_user *) &tu;
143525 oldfs = get_fs();
143526 set_fs(KERNEL_DS);
143527 err = clock_nanosleep_restart(restart);
143528 @@ -850,8 +851,8 @@ COMPAT_SYSCALL_DEFINE4(clock_nanosleep, clockid_t, which_clock, int, flags,
143529 oldfs = get_fs();
143530 set_fs(KERNEL_DS);
143531 err = sys_clock_nanosleep(which_clock, flags,
143532 - (struct timespec __user *) &in,
143533 - (struct timespec __user *) &out);
143534 + (struct timespec __force_user *) &in,
143535 + (struct timespec __force_user *) &out);
143536 set_fs(oldfs);
143537
143538 if ((err == -ERESTART_RESTARTBLOCK) && rmtp &&
143539 @@ -1147,7 +1148,7 @@ COMPAT_SYSCALL_DEFINE2(sched_rr_get_interval,
143540 mm_segment_t old_fs = get_fs();
143541
143542 set_fs(KERNEL_DS);
143543 - ret = sys_sched_rr_get_interval(pid, (struct timespec __user *)&t);
143544 + ret = sys_sched_rr_get_interval(pid, (struct timespec __force_user *)&t);
143545 set_fs(old_fs);
143546 if (compat_put_timespec(&t, interval))
143547 return -EFAULT;
143548 diff --git a/kernel/configs.c b/kernel/configs.c
143549 index c18b1f1..b9a0132 100644
143550 --- a/kernel/configs.c
143551 +++ b/kernel/configs.c
143552 @@ -74,8 +74,19 @@ static int __init ikconfig_init(void)
143553 struct proc_dir_entry *entry;
143554
143555 /* create the current config file */
143556 +#if defined(CONFIG_GRKERNSEC_PROC_ADD) || defined(CONFIG_GRKERNSEC_HIDESYM)
143557 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_HIDESYM)
143558 + entry = proc_create("config.gz", S_IFREG | S_IRUSR, NULL,
143559 + &ikconfig_file_ops);
143560 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
143561 + entry = proc_create("config.gz", S_IFREG | S_IRUSR | S_IRGRP, NULL,
143562 + &ikconfig_file_ops);
143563 +#endif
143564 +#else
143565 entry = proc_create("config.gz", S_IFREG | S_IRUGO, NULL,
143566 &ikconfig_file_ops);
143567 +#endif
143568 +
143569 if (!entry)
143570 return -ENOMEM;
143571
143572 diff --git a/kernel/cred.c b/kernel/cred.c
143573 index 5f264fb..8fc856b 100644
143574 --- a/kernel/cred.c
143575 +++ b/kernel/cred.c
143576 @@ -172,6 +172,15 @@ void exit_creds(struct task_struct *tsk)
143577 validate_creds(cred);
143578 alter_cred_subscribers(cred, -1);
143579 put_cred(cred);
143580 +
143581 +#ifdef CONFIG_GRKERNSEC_SETXID
143582 + cred = (struct cred *) tsk->delayed_cred;
143583 + if (cred != NULL) {
143584 + tsk->delayed_cred = NULL;
143585 + validate_creds(cred);
143586 + put_cred(cred);
143587 + }
143588 +#endif
143589 }
143590
143591 /**
143592 @@ -419,7 +428,7 @@ static bool cred_cap_issubset(const struct cred *set, const struct cred *subset)
143593 * Always returns 0 thus allowing this function to be tail-called at the end
143594 * of, say, sys_setgid().
143595 */
143596 -int commit_creds(struct cred *new)
143597 +static int __commit_creds(struct cred *new)
143598 {
143599 struct task_struct *task = current;
143600 const struct cred *old = task->real_cred;
143601 @@ -438,6 +447,8 @@ int commit_creds(struct cred *new)
143602
143603 get_cred(new); /* we will require a ref for the subj creds too */
143604
143605 + gr_set_role_label(task, new->uid, new->gid);
143606 +
143607 /* dumpability changes */
143608 if (!uid_eq(old->euid, new->euid) ||
143609 !gid_eq(old->egid, new->egid) ||
143610 @@ -487,6 +498,105 @@ int commit_creds(struct cred *new)
143611 put_cred(old);
143612 return 0;
143613 }
143614 +#ifdef CONFIG_GRKERNSEC_SETXID
143615 +extern int set_user(struct cred *new);
143616 +
143617 +void gr_delayed_cred_worker(void)
143618 +{
143619 + const struct cred *new = current->delayed_cred;
143620 + struct cred *ncred;
143621 +
143622 + current->delayed_cred = NULL;
143623 +
143624 + if (!uid_eq(current_uid(), GLOBAL_ROOT_UID) && new != NULL) {
143625 + // from doing get_cred on it when queueing this
143626 + put_cred(new);
143627 + return;
143628 + } else if (new == NULL)
143629 + return;
143630 +
143631 + ncred = prepare_creds();
143632 + if (!ncred)
143633 + goto die;
143634 + // uids
143635 + ncred->uid = new->uid;
143636 + ncred->euid = new->euid;
143637 + ncred->suid = new->suid;
143638 + ncred->fsuid = new->fsuid;
143639 + // gids
143640 + ncred->gid = new->gid;
143641 + ncred->egid = new->egid;
143642 + ncred->sgid = new->sgid;
143643 + ncred->fsgid = new->fsgid;
143644 + // groups
143645 + set_groups(ncred, new->group_info);
143646 + // caps
143647 + ncred->securebits = new->securebits;
143648 + ncred->cap_inheritable = new->cap_inheritable;
143649 + ncred->cap_permitted = new->cap_permitted;
143650 + ncred->cap_effective = new->cap_effective;
143651 + ncred->cap_bset = new->cap_bset;
143652 +
143653 + if (set_user(ncred)) {
143654 + abort_creds(ncred);
143655 + goto die;
143656 + }
143657 +
143658 + // from doing get_cred on it when queueing this
143659 + put_cred(new);
143660 +
143661 + __commit_creds(ncred);
143662 + return;
143663 +die:
143664 + // from doing get_cred on it when queueing this
143665 + put_cred(new);
143666 + do_group_exit(SIGKILL);
143667 +}
143668 +#endif
143669 +
143670 +int commit_creds(struct cred *new)
143671 +{
143672 +#ifdef CONFIG_GRKERNSEC_SETXID
143673 + int ret;
143674 + int schedule_it = 0;
143675 + struct task_struct *t;
143676 + unsigned oldsecurebits = current_cred()->securebits;
143677 +
143678 + /* we won't get called with tasklist_lock held for writing
143679 + and interrupts disabled as the cred struct in that case is
143680 + init_cred
143681 + */
143682 + if (grsec_enable_setxid && !current_is_single_threaded() &&
143683 + uid_eq(current_uid(), GLOBAL_ROOT_UID) &&
143684 + !uid_eq(new->uid, GLOBAL_ROOT_UID)) {
143685 + schedule_it = 1;
143686 + }
143687 + ret = __commit_creds(new);
143688 + if (schedule_it) {
143689 + rcu_read_lock();
143690 + read_lock(&tasklist_lock);
143691 + for (t = next_thread(current); t != current;
143692 + t = next_thread(t)) {
143693 + /* we'll check if the thread has uid 0 in
143694 + * the delayed worker routine
143695 + */
143696 + if (task_securebits(t) == oldsecurebits &&
143697 + t->delayed_cred == NULL) {
143698 + t->delayed_cred = get_cred(new);
143699 + set_tsk_thread_flag(t, TIF_GRSEC_SETXID);
143700 + set_tsk_need_resched(t);
143701 + }
143702 + }
143703 + read_unlock(&tasklist_lock);
143704 + rcu_read_unlock();
143705 + }
143706 +
143707 + return ret;
143708 +#else
143709 + return __commit_creds(new);
143710 +#endif
143711 +}
143712 +
143713 EXPORT_SYMBOL(commit_creds);
143714
143715 /**
143716 diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c
143717 index 0874e2e..5b32cc9 100644
143718 --- a/kernel/debug/debug_core.c
143719 +++ b/kernel/debug/debug_core.c
143720 @@ -127,7 +127,7 @@ static DEFINE_RAW_SPINLOCK(dbg_slave_lock);
143721 */
143722 static atomic_t masters_in_kgdb;
143723 static atomic_t slaves_in_kgdb;
143724 -static atomic_t kgdb_break_tasklet_var;
143725 +static atomic_unchecked_t kgdb_break_tasklet_var;
143726 atomic_t kgdb_setting_breakpoint;
143727
143728 struct task_struct *kgdb_usethread;
143729 @@ -137,7 +137,7 @@ int kgdb_single_step;
143730 static pid_t kgdb_sstep_pid;
143731
143732 /* to keep track of the CPU which is doing the single stepping*/
143733 -atomic_t kgdb_cpu_doing_single_step = ATOMIC_INIT(-1);
143734 +atomic_unchecked_t kgdb_cpu_doing_single_step = ATOMIC_INIT(-1);
143735
143736 /*
143737 * If you are debugging a problem where roundup (the collection of
143738 @@ -552,7 +552,7 @@ return_normal:
143739 * kernel will only try for the value of sstep_tries before
143740 * giving up and continuing on.
143741 */
143742 - if (atomic_read(&kgdb_cpu_doing_single_step) != -1 &&
143743 + if (atomic_read_unchecked(&kgdb_cpu_doing_single_step) != -1 &&
143744 (kgdb_info[cpu].task &&
143745 kgdb_info[cpu].task->pid != kgdb_sstep_pid) && --sstep_tries) {
143746 atomic_set(&kgdb_active, -1);
143747 @@ -654,8 +654,8 @@ cpu_master_loop:
143748 }
143749
143750 kgdb_restore:
143751 - if (atomic_read(&kgdb_cpu_doing_single_step) != -1) {
143752 - int sstep_cpu = atomic_read(&kgdb_cpu_doing_single_step);
143753 + if (atomic_read_unchecked(&kgdb_cpu_doing_single_step) != -1) {
143754 + int sstep_cpu = atomic_read_unchecked(&kgdb_cpu_doing_single_step);
143755 if (kgdb_info[sstep_cpu].task)
143756 kgdb_sstep_pid = kgdb_info[sstep_cpu].task->pid;
143757 else
143758 @@ -949,18 +949,18 @@ static void kgdb_unregister_callbacks(void)
143759 static void kgdb_tasklet_bpt(unsigned long ing)
143760 {
143761 kgdb_breakpoint();
143762 - atomic_set(&kgdb_break_tasklet_var, 0);
143763 + atomic_set_unchecked(&kgdb_break_tasklet_var, 0);
143764 }
143765
143766 static DECLARE_TASKLET(kgdb_tasklet_breakpoint, kgdb_tasklet_bpt, 0);
143767
143768 void kgdb_schedule_breakpoint(void)
143769 {
143770 - if (atomic_read(&kgdb_break_tasklet_var) ||
143771 + if (atomic_read_unchecked(&kgdb_break_tasklet_var) ||
143772 atomic_read(&kgdb_active) != -1 ||
143773 atomic_read(&kgdb_setting_breakpoint))
143774 return;
143775 - atomic_inc(&kgdb_break_tasklet_var);
143776 + atomic_inc_unchecked(&kgdb_break_tasklet_var);
143777 tasklet_schedule(&kgdb_tasklet_breakpoint);
143778 }
143779 EXPORT_SYMBOL_GPL(kgdb_schedule_breakpoint);
143780 diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
143781 index 2a20c0d..3eb7d03 100644
143782 --- a/kernel/debug/kdb/kdb_main.c
143783 +++ b/kernel/debug/kdb/kdb_main.c
143784 @@ -2021,7 +2021,7 @@ static int kdb_lsmod(int argc, const char **argv)
143785 continue;
143786
143787 kdb_printf("%-20s%8u 0x%p ", mod->name,
143788 - mod->core_layout.size, (void *)mod);
143789 + mod->core_layout.size_rx + mod->core_layout.size_rw, (void *)mod);
143790 #ifdef CONFIG_MODULE_UNLOAD
143791 kdb_printf("%4d ", module_refcount(mod));
143792 #endif
143793 @@ -2031,7 +2031,7 @@ static int kdb_lsmod(int argc, const char **argv)
143794 kdb_printf(" (Loading)");
143795 else
143796 kdb_printf(" (Live)");
143797 - kdb_printf(" 0x%p", mod->core_layout.base);
143798 + kdb_printf(" 0x%p 0x%p", mod->core_layout.base_rx, mod->core_layout.base_rw);
143799
143800 #ifdef CONFIG_MODULE_UNLOAD
143801 {
143802 diff --git a/kernel/events/callchain.c b/kernel/events/callchain.c
143803 index e9fdb52..cfb547d 100644
143804 --- a/kernel/events/callchain.c
143805 +++ b/kernel/events/callchain.c
143806 @@ -251,7 +251,7 @@ int perf_event_max_stack_handler(struct ctl_table *table, int write,
143807 {
143808 int *value = table->data;
143809 int new_value = *value, ret;
143810 - struct ctl_table new_table = *table;
143811 + ctl_table_no_const new_table = *table;
143812
143813 new_table.data = &new_value;
143814 ret = proc_dointvec_minmax(&new_table, write, buffer, lenp, ppos);
143815 diff --git a/kernel/events/core.c b/kernel/events/core.c
143816 index fc9bb22..bedc98b 100644
143817 --- a/kernel/events/core.c
143818 +++ b/kernel/events/core.c
143819 @@ -389,8 +389,15 @@ static struct srcu_struct pmus_srcu;
143820 * 0 - disallow raw tracepoint access for unpriv
143821 * 1 - disallow cpu events for unpriv
143822 * 2 - disallow kernel profiling for unpriv
143823 + * 3 - disallow all unpriv perf event use
143824 */
143825 -int sysctl_perf_event_paranoid __read_mostly = 2;
143826 +#ifdef CONFIG_GRKERNSEC_PERF_HARDEN
143827 +int sysctl_perf_event_legitimately_concerned __read_only = 3;
143828 +#elif defined(CONFIG_GRKERNSEC_HIDESYM)
143829 +int sysctl_perf_event_legitimately_concerned __read_only = 2;
143830 +#else
143831 +int sysctl_perf_event_legitimately_concerned __read_only = 2;
143832 +#endif
143833
143834 /* Minimum for 512 kiB + 1 user control page */
143835 int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */
143836 @@ -545,7 +552,7 @@ void perf_sample_event_took(u64 sample_len_ns)
143837 }
143838 }
143839
143840 -static atomic64_t perf_event_id;
143841 +static atomic64_unchecked_t perf_event_id;
143842
143843 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
143844 enum event_type_t event_type);
143845 @@ -1044,8 +1051,9 @@ static void __perf_mux_hrtimer_init(struct perf_cpu_context *cpuctx, int cpu)
143846 timer->function = perf_mux_hrtimer_handler;
143847 }
143848
143849 -static int perf_mux_hrtimer_restart(struct perf_cpu_context *cpuctx)
143850 +static int perf_mux_hrtimer_restart(void *_cpuctx)
143851 {
143852 + struct perf_cpu_context *cpuctx = _cpuctx;
143853 struct hrtimer *timer = &cpuctx->hrtimer;
143854 struct pmu *pmu = cpuctx->ctx.pmu;
143855 unsigned long flags;
143856 @@ -3111,7 +3119,7 @@ void __perf_event_task_sched_in(struct task_struct *prev,
143857 perf_pmu_sched_task(prev, task, true);
143858 }
143859
143860 -static u64 perf_calculate_period(struct perf_event *event, u64 nsec, u64 count)
143861 +static u64 perf_calculate_period(const struct perf_event *event, u64 nsec, u64 count)
143862 {
143863 u64 frequency = event->attr.sample_freq;
143864 u64 sec = NSEC_PER_SEC;
143865 @@ -4201,9 +4209,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
143866 total += perf_event_count(event);
143867
143868 *enabled += event->total_time_enabled +
143869 - atomic64_read(&event->child_total_time_enabled);
143870 + atomic64_read_unchecked(&event->child_total_time_enabled);
143871 *running += event->total_time_running +
143872 - atomic64_read(&event->child_total_time_running);
143873 + atomic64_read_unchecked(&event->child_total_time_running);
143874
143875 list_for_each_entry(child, &event->child_list, child_list) {
143876 (void)perf_event_read(child, false);
143877 @@ -4235,12 +4243,12 @@ static int __perf_read_group_add(struct perf_event *leader,
143878 */
143879 if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
143880 values[n++] += leader->total_time_enabled +
143881 - atomic64_read(&leader->child_total_time_enabled);
143882 + atomic64_read_unchecked(&leader->child_total_time_enabled);
143883 }
143884
143885 if (read_format & PERF_FORMAT_TOTAL_TIME_RUNNING) {
143886 values[n++] += leader->total_time_running +
143887 - atomic64_read(&leader->child_total_time_running);
143888 + atomic64_read_unchecked(&leader->child_total_time_running);
143889 }
143890
143891 /*
143892 @@ -4763,10 +4771,10 @@ void perf_event_update_userpage(struct perf_event *event)
143893 userpg->offset -= local64_read(&event->hw.prev_count);
143894
143895 userpg->time_enabled = enabled +
143896 - atomic64_read(&event->child_total_time_enabled);
143897 + atomic64_read_unchecked(&event->child_total_time_enabled);
143898
143899 userpg->time_running = running +
143900 - atomic64_read(&event->child_total_time_running);
143901 + atomic64_read_unchecked(&event->child_total_time_running);
143902
143903 arch_perf_update_userpage(event, userpg, now);
143904
143905 @@ -5468,7 +5476,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
143906
143907 /* Data. */
143908 sp = perf_user_stack_pointer(regs);
143909 - rem = __output_copy_user(handle, (void *) sp, dump_size);
143910 + rem = __output_copy_user(handle, (void __user *) sp, dump_size);
143911 dyn_size = dump_size - rem;
143912
143913 perf_output_skip(handle, rem);
143914 @@ -5559,11 +5567,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
143915 values[n++] = perf_event_count(event);
143916 if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
143917 values[n++] = enabled +
143918 - atomic64_read(&event->child_total_time_enabled);
143919 + atomic64_read_unchecked(&event->child_total_time_enabled);
143920 }
143921 if (read_format & PERF_FORMAT_TOTAL_TIME_RUNNING) {
143922 values[n++] = running +
143923 - atomic64_read(&event->child_total_time_running);
143924 + atomic64_read_unchecked(&event->child_total_time_running);
143925 }
143926 if (read_format & PERF_FORMAT_ID)
143927 values[n++] = primary_event_id(event);
143928 @@ -8562,8 +8570,7 @@ perf_event_mux_interval_ms_store(struct device *dev,
143929 cpuctx = per_cpu_ptr(pmu->pmu_cpu_context, cpu);
143930 cpuctx->hrtimer_interval = ns_to_ktime(NSEC_PER_MSEC * timer);
143931
143932 - cpu_function_call(cpu,
143933 - (remote_function_f)perf_mux_hrtimer_restart, cpuctx);
143934 + cpu_function_call(cpu, perf_mux_hrtimer_restart, cpuctx);
143935 }
143936 put_online_cpus();
143937 mutex_unlock(&mux_interval_mutex);
143938 @@ -9004,7 +9011,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
143939 event->parent = parent_event;
143940
143941 event->ns = get_pid_ns(task_active_pid_ns(current));
143942 - event->id = atomic64_inc_return(&perf_event_id);
143943 + event->id = atomic64_inc_return_unchecked(&perf_event_id);
143944
143945 event->state = PERF_EVENT_STATE_INACTIVE;
143946
143947 @@ -9395,6 +9402,11 @@ SYSCALL_DEFINE5(perf_event_open,
143948 if (flags & ~PERF_FLAG_ALL)
143949 return -EINVAL;
143950
143951 +#ifdef CONFIG_GRKERNSEC_PERF_HARDEN
143952 + if (perf_paranoid_any() && !capable(CAP_SYS_ADMIN))
143953 + return -EACCES;
143954 +#endif
143955 +
143956 err = perf_copy_attr(attr_uptr, &attr);
143957 if (err)
143958 return err;
143959 @@ -9912,10 +9924,10 @@ static void sync_child_event(struct perf_event *child_event,
143960 /*
143961 * Add back the child's count to the parent's count:
143962 */
143963 - atomic64_add(child_val, &parent_event->child_count);
143964 - atomic64_add(child_event->total_time_enabled,
143965 + atomic64_add_unchecked(child_val, &parent_event->child_count);
143966 + atomic64_add_unchecked(child_event->total_time_enabled,
143967 &parent_event->child_total_time_enabled);
143968 - atomic64_add(child_event->total_time_running,
143969 + atomic64_add_unchecked(child_event->total_time_running,
143970 &parent_event->child_total_time_running);
143971 }
143972
143973 diff --git a/kernel/events/hw_breakpoint.c b/kernel/events/hw_breakpoint.c
143974 index 3f8cb1e..83f0438 100644
143975 --- a/kernel/events/hw_breakpoint.c
143976 +++ b/kernel/events/hw_breakpoint.c
143977 @@ -30,6 +30,7 @@
143978 * This file contains the arch-independent routines.
143979 */
143980
143981 +#include <linux/bug.h>
143982 #include <linux/irqflags.h>
143983 #include <linux/kallsyms.h>
143984 #include <linux/notifier.h>
143985 diff --git a/kernel/events/internal.h b/kernel/events/internal.h
143986 index 486fd78..96062d7 100644
143987 --- a/kernel/events/internal.h
143988 +++ b/kernel/events/internal.h
143989 @@ -150,10 +150,10 @@ static inline unsigned long perf_aux_size(struct ring_buffer *rb)
143990 return len; \
143991 }
143992
143993 -#define DEFINE_OUTPUT_COPY(func_name, memcpy_func) \
143994 +#define DEFINE_OUTPUT_COPY(func_name, memcpy_func, user) \
143995 static inline unsigned long \
143996 func_name(struct perf_output_handle *handle, \
143997 - const void *buf, unsigned long len) \
143998 + const void user *buf, unsigned long len) \
143999 __DEFINE_OUTPUT_COPY_BODY(true, memcpy_func, handle->addr, buf, size)
144000
144001 static inline unsigned long
144002 @@ -172,7 +172,7 @@ memcpy_common(void *dst, const void *src, unsigned long n)
144003 return 0;
144004 }
144005
144006 -DEFINE_OUTPUT_COPY(__output_copy, memcpy_common)
144007 +DEFINE_OUTPUT_COPY(__output_copy, memcpy_common, )
144008
144009 static inline unsigned long
144010 memcpy_skip(void *dst, const void *src, unsigned long n)
144011 @@ -180,7 +180,7 @@ memcpy_skip(void *dst, const void *src, unsigned long n)
144012 return 0;
144013 }
144014
144015 -DEFINE_OUTPUT_COPY(__output_skip, memcpy_skip)
144016 +DEFINE_OUTPUT_COPY(__output_skip, memcpy_skip, )
144017
144018 #ifndef arch_perf_out_copy_user
144019 #define arch_perf_out_copy_user arch_perf_out_copy_user
144020 @@ -198,7 +198,7 @@ arch_perf_out_copy_user(void *dst, const void *src, unsigned long n)
144021 }
144022 #endif
144023
144024 -DEFINE_OUTPUT_COPY(__output_copy_user, arch_perf_out_copy_user)
144025 +DEFINE_OUTPUT_COPY(__output_copy_user, arch_perf_out_copy_user, __user)
144026
144027 /* Callchain handling */
144028 extern struct perf_callchain_entry *
144029 diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c
144030 index 8c50276..457c599 100644
144031 --- a/kernel/events/uprobes.c
144032 +++ b/kernel/events/uprobes.c
144033 @@ -1695,7 +1695,7 @@ static int is_trap_at_addr(struct mm_struct *mm, unsigned long vaddr)
144034 {
144035 struct page *page;
144036 uprobe_opcode_t opcode;
144037 - int result;
144038 + long result;
144039
144040 pagefault_disable();
144041 result = __get_user(opcode, (uprobe_opcode_t __user *)vaddr);
144042 diff --git a/kernel/exit.c b/kernel/exit.c
144043 index 091a78b..7d6001b 100644
144044 --- a/kernel/exit.c
144045 +++ b/kernel/exit.c
144046 @@ -170,6 +170,10 @@ void release_task(struct task_struct *p)
144047 struct task_struct *leader;
144048 int zap_leader;
144049 repeat:
144050 +#ifdef CONFIG_NET
144051 + gr_del_task_from_ip_table(p);
144052 +#endif
144053 +
144054 /* don't need to get the RCU readlock here - the process is dead and
144055 * can't be modifying its own credentials. But shut RCU-lockdep up */
144056 rcu_read_lock();
144057 @@ -525,9 +529,8 @@ static struct task_struct *find_alive_thread(struct task_struct *p)
144058 return NULL;
144059 }
144060
144061 +static struct task_struct *find_child_reaper(struct task_struct *father) __must_hold(&tasklist_lock);
144062 static struct task_struct *find_child_reaper(struct task_struct *father)
144063 - __releases(&tasklist_lock)
144064 - __acquires(&tasklist_lock)
144065 {
144066 struct pid_namespace *pid_ns = task_active_pid_ns(father);
144067 struct task_struct *reaper = pid_ns->child_reaper;
144068 @@ -624,6 +627,8 @@ static void reparent_leader(struct task_struct *father, struct task_struct *p,
144069 * jobs, send them a SIGHUP and then a SIGCONT. (POSIX 3.2.2.2)
144070 */
144071 static void forget_original_parent(struct task_struct *father,
144072 + struct list_head *dead) __must_hold(&tasklist_lock);
144073 +static void forget_original_parent(struct task_struct *father,
144074 struct list_head *dead)
144075 {
144076 struct task_struct *p, *t, *reaper;
144077 @@ -731,6 +736,15 @@ void do_exit(long code)
144078 int group_dead;
144079 TASKS_RCU(int tasks_rcu_i);
144080
144081 + /*
144082 + * If do_exit is called because this processes oopsed, it's possible
144083 + * that get_fs() was left as KERNEL_DS, so reset it to USER_DS before
144084 + * continuing. Amongst other possible reasons, this is to prevent
144085 + * mm_release()->clear_child_tid() from writing to a user-controlled
144086 + * kernel address.
144087 + */
144088 + set_fs(USER_DS);
144089 +
144090 profile_task_exit(tsk);
144091 kcov_task_exit(tsk);
144092
144093 @@ -741,15 +755,6 @@ void do_exit(long code)
144094 if (unlikely(!tsk->pid))
144095 panic("Attempted to kill the idle task!");
144096
144097 - /*
144098 - * If do_exit is called because this processes oopsed, it's possible
144099 - * that get_fs() was left as KERNEL_DS, so reset it to USER_DS before
144100 - * continuing. Amongst other possible reasons, this is to prevent
144101 - * mm_release()->clear_child_tid() from writing to a user-controlled
144102 - * kernel address.
144103 - */
144104 - set_fs(USER_DS);
144105 -
144106 ptrace_event(PTRACE_EVENT_EXIT, code);
144107
144108 validate_creds_for_do_exit(tsk);
144109 @@ -812,6 +817,9 @@ void do_exit(long code)
144110 tsk->exit_code = code;
144111 taskstats_exit(tsk, group_dead);
144112
144113 + gr_acl_handle_psacct(tsk, code);
144114 + gr_acl_handle_exit();
144115 +
144116 exit_mm(tsk);
144117
144118 if (group_dead)
144119 @@ -926,7 +934,7 @@ SYSCALL_DEFINE1(exit, int, error_code)
144120 * Take down every thread in the group. This is called by fatal signals
144121 * as well as by sys_exit_group (below).
144122 */
144123 -void
144124 +__noreturn void
144125 do_group_exit(int exit_code)
144126 {
144127 struct signal_struct *sig = current->signal;
144128 @@ -1054,6 +1062,7 @@ static int wait_noreap_copyout(struct wait_opts *wo, struct task_struct *p,
144129 * the lock and this task is uninteresting. If we return nonzero, we have
144130 * released the lock and the system call should return.
144131 */
144132 +static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p) __must_hold(&tasklist_lock);
144133 static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p)
144134 {
144135 int state, retval, status;
144136 @@ -1070,6 +1079,7 @@ static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p)
144137
144138 get_task_struct(p);
144139 read_unlock(&tasklist_lock);
144140 + __acquire(&tasklist_lock); // XXX sparse can't model conditional release
144141 sched_annotate_sleep();
144142
144143 if ((exit_code & 0x7f) == 0) {
144144 @@ -1092,6 +1102,7 @@ static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p)
144145 * We own this thread, nobody else can reap it.
144146 */
144147 read_unlock(&tasklist_lock);
144148 + __acquire(&tasklist_lock); // XXX sparse can't model conditional release
144149 sched_annotate_sleep();
144150
144151 /*
144152 @@ -1234,6 +1245,8 @@ static int *task_stopped_code(struct task_struct *p, bool ptrace)
144153 * search should terminate.
144154 */
144155 static int wait_task_stopped(struct wait_opts *wo,
144156 + int ptrace, struct task_struct *p) __must_hold(&tasklist_lock);
144157 +static int wait_task_stopped(struct wait_opts *wo,
144158 int ptrace, struct task_struct *p)
144159 {
144160 struct siginfo __user *infop;
144161 @@ -1281,6 +1294,7 @@ unlock_sig:
144162 pid = task_pid_vnr(p);
144163 why = ptrace ? CLD_TRAPPED : CLD_STOPPED;
144164 read_unlock(&tasklist_lock);
144165 + __acquire(&tasklist_lock); // XXX sparse can't model conditional release
144166 sched_annotate_sleep();
144167
144168 if (unlikely(wo->wo_flags & WNOWAIT))
144169 @@ -1318,6 +1332,7 @@ unlock_sig:
144170 * the lock and this task is uninteresting. If we return nonzero, we have
144171 * released the lock and the system call should return.
144172 */
144173 +static int wait_task_continued(struct wait_opts *wo, struct task_struct *p) __must_hold(&tasklist_lock);
144174 static int wait_task_continued(struct wait_opts *wo, struct task_struct *p)
144175 {
144176 int retval;
144177 @@ -1344,6 +1359,7 @@ static int wait_task_continued(struct wait_opts *wo, struct task_struct *p)
144178 pid = task_pid_vnr(p);
144179 get_task_struct(p);
144180 read_unlock(&tasklist_lock);
144181 + __acquire(&tasklist_lock); // XXX sparse can't model conditional release
144182 sched_annotate_sleep();
144183
144184 if (!wo->wo_info) {
144185 @@ -1373,6 +1389,8 @@ static int wait_task_continued(struct wait_opts *wo, struct task_struct *p)
144186 * or another error from security_task_wait(), or still -ECHILD.
144187 */
144188 static int wait_consider_task(struct wait_opts *wo, int ptrace,
144189 + struct task_struct *p) __must_hold(&tasklist_lock);
144190 +static int wait_consider_task(struct wait_opts *wo, int ptrace,
144191 struct task_struct *p)
144192 {
144193 /*
144194 @@ -1498,6 +1516,7 @@ static int wait_consider_task(struct wait_opts *wo, int ptrace,
144195 * ->notask_error is 0 if there were any eligible children,
144196 * or another error from security_task_wait(), or still -ECHILD.
144197 */
144198 +static int do_wait_thread(struct wait_opts *wo, struct task_struct *tsk) __must_hold(&tasklist_lock);
144199 static int do_wait_thread(struct wait_opts *wo, struct task_struct *tsk)
144200 {
144201 struct task_struct *p;
144202 @@ -1512,6 +1531,7 @@ static int do_wait_thread(struct wait_opts *wo, struct task_struct *tsk)
144203 return 0;
144204 }
144205
144206 +static int ptrace_do_wait(struct wait_opts *wo, struct task_struct *tsk) __must_hold(&tasklist_lock);
144207 static int ptrace_do_wait(struct wait_opts *wo, struct task_struct *tsk)
144208 {
144209 struct task_struct *p;
144210 @@ -1575,12 +1595,16 @@ repeat:
144211 tsk = current;
144212 do {
144213 retval = do_wait_thread(wo, tsk);
144214 - if (retval)
144215 + if (retval) {
144216 + __release(&tasklist_lock); // XXX sparse can't model conditional release
144217 goto end;
144218 + }
144219
144220 retval = ptrace_do_wait(wo, tsk);
144221 - if (retval)
144222 + if (retval) {
144223 + __release(&tasklist_lock); // XXX sparse can't model conditional release
144224 goto end;
144225 + }
144226
144227 if (wo->wo_flags & __WNOTHREAD)
144228 break;
144229 diff --git a/kernel/extable.c b/kernel/extable.c
144230 index e820cce..72195de 100644
144231 --- a/kernel/extable.c
144232 +++ b/kernel/extable.c
144233 @@ -23,6 +23,7 @@
144234
144235 #include <asm/sections.h>
144236 #include <asm/uaccess.h>
144237 +#include <asm/setup.h>
144238
144239 /*
144240 * mutex protecting text section modification (dynamic code patching).
144241 @@ -41,10 +42,22 @@ u32 __initdata __visible main_extable_sort_needed = 1;
144242 /* Sort the kernel's built-in exception table */
144243 void __init sort_main_extable(void)
144244 {
144245 - if (main_extable_sort_needed && __stop___ex_table > __start___ex_table) {
144246 + struct exception_table_entry *start = __start___ex_table;
144247 +
144248 + if (main_extable_sort_needed && __stop___ex_table > start) {
144249 pr_notice("Sorting __ex_table...\n");
144250 - sort_extable(__start___ex_table, __stop___ex_table);
144251 + sort_extable(start, __stop___ex_table);
144252 }
144253 +
144254 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
144255 + while (start < __stop___ex_table) {
144256 + start->insn -= kaslr_offset();
144257 + start->fixup -= kaslr_offset();
144258 + start->handler -= kaslr_offset();
144259 + start++;
144260 + }
144261 +#endif
144262 +
144263 }
144264
144265 /* Given an address, look for it in the exception tables. */
144266 diff --git a/kernel/fork.c b/kernel/fork.c
144267 index beb3172..c13f974 100644
144268 --- a/kernel/fork.c
144269 +++ b/kernel/fork.c
144270 @@ -188,13 +188,56 @@ static void free_thread_stack(unsigned long *stack)
144271
144272 void thread_stack_cache_init(void)
144273 {
144274 - thread_stack_cache = kmem_cache_create("thread_stack", THREAD_SIZE,
144275 - THREAD_SIZE, 0, NULL);
144276 + thread_stack_cache = kmem_cache_create_usercopy("thread_stack", THREAD_SIZE,
144277 + THREAD_SIZE, 0, 0, THREAD_SIZE, NULL);
144278 BUG_ON(thread_stack_cache == NULL);
144279 }
144280 # endif
144281 #endif
144282
144283 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
144284 +static inline unsigned long *gr_alloc_thread_stack_node(struct task_struct *tsk,
144285 + int node, void **lowmem_stack)
144286 +{
144287 + struct page *pages[THREAD_SIZE / PAGE_SIZE];
144288 + void *ret = NULL;
144289 + unsigned int i;
144290 +
144291 + *lowmem_stack = alloc_thread_stack_node(tsk, node);
144292 + if (*lowmem_stack == NULL)
144293 + goto out;
144294 +
144295 + for (i = 0; i < THREAD_SIZE / PAGE_SIZE; i++)
144296 + pages[i] = virt_to_page(*lowmem_stack + (i * PAGE_SIZE));
144297 +
144298 + /* use VM_IOREMAP to gain THREAD_SIZE alignment */
144299 + ret = vmap(pages, THREAD_SIZE / PAGE_SIZE, VM_IOREMAP, PAGE_KERNEL);
144300 + if (ret == NULL) {
144301 + free_thread_stack(*lowmem_stack);
144302 + *lowmem_stack = NULL;
144303 + } else
144304 + populate_stack(ret, THREAD_SIZE);
144305 +
144306 +out:
144307 + return ret;
144308 +}
144309 +
144310 +static inline void gr_free_thread_stack(struct task_struct *tsk, unsigned long *stack)
144311 +{
144312 + unmap_process_stacks(tsk);
144313 +}
144314 +#else
144315 +static inline unsigned long *gr_alloc_thread_stack_node(struct task_struct *tsk,
144316 + int node, void **lowmem_stack)
144317 +{
144318 + return alloc_thread_stack_node(tsk, node);
144319 +}
144320 +static inline void gr_free_thread_stack(struct task_struct *tsk, unsigned long *stack)
144321 +{
144322 + free_thread_stack(stack);
144323 +}
144324 +#endif
144325 +
144326 /* SLAB cache for signal_struct structures (tsk->signal) */
144327 static struct kmem_cache *signal_cachep;
144328
144329 @@ -213,10 +256,14 @@ struct kmem_cache *vm_area_cachep;
144330 /* SLAB cache for mm_struct structures (tsk->mm) */
144331 static struct kmem_cache *mm_cachep;
144332
144333 -static void account_kernel_stack(unsigned long *stack, int account)
144334 +static void account_kernel_stack(struct task_struct *tsk, unsigned long *stack, int account)
144335 {
144336 /* All stack pages are in the same zone and belong to the same memcg. */
144337 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
144338 + struct page *first_page = virt_to_page(tsk->lowmem_stack);
144339 +#else
144340 struct page *first_page = virt_to_page(stack);
144341 +#endif
144342
144343 mod_zone_page_state(page_zone(first_page), NR_KERNEL_STACK_KB,
144344 THREAD_SIZE / 1024 * account);
144345 @@ -228,9 +275,9 @@ static void account_kernel_stack(unsigned long *stack, int account)
144346
144347 void free_task(struct task_struct *tsk)
144348 {
144349 - account_kernel_stack(tsk->stack, -1);
144350 + account_kernel_stack(tsk, tsk->stack, -1);
144351 arch_release_thread_stack(tsk->stack);
144352 - free_thread_stack(tsk->stack);
144353 + gr_free_thread_stack(tsk, tsk->stack);
144354 rt_mutex_debug_task_free(tsk);
144355 ftrace_graph_exit_task(tsk);
144356 put_seccomp_filter(tsk);
144357 @@ -297,7 +344,7 @@ static void set_max_threads(unsigned int max_threads_suggested)
144358
144359 #ifdef CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT
144360 /* Initialized by the architecture: */
144361 -int arch_task_struct_size __read_mostly;
144362 +size_t arch_task_struct_size __read_mostly;
144363 #endif
144364
144365 void __init fork_init(void)
144366 @@ -307,9 +354,12 @@ void __init fork_init(void)
144367 #define ARCH_MIN_TASKALIGN L1_CACHE_BYTES
144368 #endif
144369 /* create a slab on which task_structs can be allocated */
144370 - task_struct_cachep = kmem_cache_create("task_struct",
144371 + task_struct_cachep = kmem_cache_create_usercopy("task_struct",
144372 arch_task_struct_size, ARCH_MIN_TASKALIGN,
144373 - SLAB_PANIC|SLAB_NOTRACK|SLAB_ACCOUNT, NULL);
144374 + SLAB_PANIC|SLAB_NOTRACK|SLAB_ACCOUNT,
144375 + offsetof(struct task_struct, blocked),
144376 + sizeof(init_task.blocked) + sizeof(init_task.saved_sigmask),
144377 + NULL);
144378 #endif
144379
144380 /* do the arch specific task caches init */
144381 @@ -342,6 +392,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig, int node)
144382 {
144383 struct task_struct *tsk;
144384 unsigned long *stack;
144385 + void *lowmem_stack;
144386 int err;
144387
144388 if (node == NUMA_NO_NODE)
144389 @@ -350,7 +401,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig, int node)
144390 if (!tsk)
144391 return NULL;
144392
144393 - stack = alloc_thread_stack_node(tsk, node);
144394 + stack = gr_alloc_thread_stack_node(tsk, node, &lowmem_stack);
144395 if (!stack)
144396 goto free_tsk;
144397
144398 @@ -359,6 +410,10 @@ static struct task_struct *dup_task_struct(struct task_struct *orig, int node)
144399 goto free_stack;
144400
144401 tsk->stack = stack;
144402 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
144403 + tsk->lowmem_stack = lowmem_stack;
144404 +#endif
144405 +
144406 #ifdef CONFIG_SECCOMP
144407 /*
144408 * We must handle setting up seccomp filters once we're under
144409 @@ -375,7 +430,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig, int node)
144410 set_task_stack_end_magic(tsk);
144411
144412 #ifdef CONFIG_CC_STACKPROTECTOR
144413 - tsk->stack_canary = get_random_int();
144414 + tsk->stack_canary = pax_get_random_long();
144415 #endif
144416
144417 /*
144418 @@ -390,26 +445,92 @@ static struct task_struct *dup_task_struct(struct task_struct *orig, int node)
144419 tsk->task_frag.page = NULL;
144420 tsk->wake_q.next = NULL;
144421
144422 - account_kernel_stack(stack, 1);
144423 + account_kernel_stack(tsk, stack, 1);
144424
144425 kcov_task_init(tsk);
144426
144427 return tsk;
144428
144429 free_stack:
144430 - free_thread_stack(stack);
144431 + gr_free_thread_stack(tsk, stack);
144432 free_tsk:
144433 free_task_struct(tsk);
144434 return NULL;
144435 }
144436
144437 #ifdef CONFIG_MMU
144438 -static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
144439 +static struct vm_area_struct *dup_vma(struct mm_struct *mm, struct mm_struct *oldmm, struct vm_area_struct *mpnt)
144440 +{
144441 + struct vm_area_struct *tmp;
144442 + unsigned long charge;
144443 + struct file *file;
144444 + int retval;
144445 +
144446 + charge = 0;
144447 + if (mpnt->vm_flags & VM_ACCOUNT) {
144448 + unsigned long len = vma_pages(mpnt);
144449 +
144450 + if (security_vm_enough_memory_mm(oldmm, len)) /* sic */
144451 + goto fail_nomem;
144452 + charge = len;
144453 + }
144454 + tmp = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL);
144455 + if (!tmp)
144456 + goto fail_nomem;
144457 + *tmp = *mpnt;
144458 + tmp->vm_mm = mm;
144459 + INIT_LIST_HEAD(&tmp->anon_vma_chain);
144460 + retval = vma_dup_policy(mpnt, tmp);
144461 + if (retval)
144462 + goto fail_nomem_policy;
144463 + if (anon_vma_fork(tmp, mpnt))
144464 + goto fail_nomem_anon_vma_fork;
144465 + tmp->vm_flags &= ~(VM_LOCKED|VM_LOCKONFAULT|VM_UFFD_MISSING|VM_UFFD_WP);
144466 + tmp->vm_next = tmp->vm_prev = NULL;
144467 + tmp->vm_mirror = NULL;
144468 + tmp->vm_userfaultfd_ctx = NULL_VM_UFFD_CTX;
144469 + file = tmp->vm_file;
144470 + if (file) {
144471 + struct inode *inode = file_inode(file);
144472 + struct address_space *mapping = file->f_mapping;
144473 +
144474 + get_file(file);
144475 + if (tmp->vm_flags & VM_DENYWRITE)
144476 + atomic_dec(&inode->i_writecount);
144477 + i_mmap_lock_write(mapping);
144478 + if (tmp->vm_flags & VM_SHARED)
144479 + atomic_inc(&mapping->i_mmap_writable);
144480 + flush_dcache_mmap_lock(mapping);
144481 + /* insert tmp into the share list, just after mpnt */
144482 + vma_interval_tree_insert_after(tmp, mpnt, &mapping->i_mmap);
144483 + flush_dcache_mmap_unlock(mapping);
144484 + i_mmap_unlock_write(mapping);
144485 + }
144486 +
144487 + /*
144488 + * Clear hugetlb-related page reserves for children. This only
144489 + * affects MAP_PRIVATE mappings. Faults generated by the child
144490 + * are not guaranteed to succeed, even if read-only
144491 + */
144492 + if (is_vm_hugetlb_page(tmp))
144493 + reset_vma_resv_huge_pages(tmp);
144494 +
144495 + return tmp;
144496 +
144497 +fail_nomem_anon_vma_fork:
144498 + mpol_put(vma_policy(tmp));
144499 +fail_nomem_policy:
144500 + kmem_cache_free(vm_area_cachep, tmp);
144501 +fail_nomem:
144502 + vm_unacct_memory(charge);
144503 + return NULL;
144504 +}
144505 +
144506 +static __latent_entropy int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
144507 {
144508 struct vm_area_struct *mpnt, *tmp, *prev, **pprev;
144509 struct rb_node **rb_link, *rb_parent;
144510 int retval;
144511 - unsigned long charge;
144512
144513 uprobe_start_dup_mmap();
144514 if (down_write_killable(&oldmm->mmap_sem)) {
144515 @@ -443,52 +564,14 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
144516
144517 prev = NULL;
144518 for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) {
144519 - struct file *file;
144520 -
144521 if (mpnt->vm_flags & VM_DONTCOPY) {
144522 vm_stat_account(mm, mpnt->vm_flags, -vma_pages(mpnt));
144523 continue;
144524 }
144525 - charge = 0;
144526 - if (mpnt->vm_flags & VM_ACCOUNT) {
144527 - unsigned long len = vma_pages(mpnt);
144528 -
144529 - if (security_vm_enough_memory_mm(oldmm, len)) /* sic */
144530 - goto fail_nomem;
144531 - charge = len;
144532 - }
144533 - tmp = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL);
144534 - if (!tmp)
144535 - goto fail_nomem;
144536 - *tmp = *mpnt;
144537 - INIT_LIST_HEAD(&tmp->anon_vma_chain);
144538 - retval = vma_dup_policy(mpnt, tmp);
144539 - if (retval)
144540 - goto fail_nomem_policy;
144541 - tmp->vm_mm = mm;
144542 - if (anon_vma_fork(tmp, mpnt))
144543 - goto fail_nomem_anon_vma_fork;
144544 - tmp->vm_flags &=
144545 - ~(VM_LOCKED|VM_LOCKONFAULT|VM_UFFD_MISSING|VM_UFFD_WP);
144546 - tmp->vm_next = tmp->vm_prev = NULL;
144547 - tmp->vm_userfaultfd_ctx = NULL_VM_UFFD_CTX;
144548 - file = tmp->vm_file;
144549 - if (file) {
144550 - struct inode *inode = file_inode(file);
144551 - struct address_space *mapping = file->f_mapping;
144552 -
144553 - get_file(file);
144554 - if (tmp->vm_flags & VM_DENYWRITE)
144555 - atomic_dec(&inode->i_writecount);
144556 - i_mmap_lock_write(mapping);
144557 - if (tmp->vm_flags & VM_SHARED)
144558 - atomic_inc(&mapping->i_mmap_writable);
144559 - flush_dcache_mmap_lock(mapping);
144560 - /* insert tmp into the share list, just after mpnt */
144561 - vma_interval_tree_insert_after(tmp, mpnt,
144562 - &mapping->i_mmap);
144563 - flush_dcache_mmap_unlock(mapping);
144564 - i_mmap_unlock_write(mapping);
144565 + tmp = dup_vma(mm, oldmm, mpnt);
144566 + if (!tmp) {
144567 + retval = -ENOMEM;
144568 + goto out;
144569 }
144570
144571 /*
144572 @@ -520,6 +603,38 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
144573 if (retval)
144574 goto out;
144575 }
144576 +
144577 +#ifdef CONFIG_PAX_SEGMEXEC
144578 + if (oldmm->pax_flags & MF_PAX_SEGMEXEC) {
144579 + struct vm_area_struct *mpnt_m;
144580 +
144581 + for (mpnt = oldmm->mmap, mpnt_m = mm->mmap; mpnt; mpnt = mpnt->vm_next) {
144582 + if (mpnt->vm_flags & VM_DONTCOPY)
144583 + continue;
144584 +
144585 + BUG_ON(!mpnt_m || mpnt_m->vm_mirror || mpnt->vm_mm != oldmm || mpnt_m->vm_mm != mm);
144586 +
144587 + if (!mpnt->vm_mirror) {
144588 + mpnt_m = mpnt_m->vm_next;
144589 + continue;
144590 + }
144591 +
144592 + if (mpnt->vm_end <= SEGMEXEC_TASK_SIZE) {
144593 + BUG_ON(mpnt->vm_mirror->vm_mirror != mpnt);
144594 + mpnt->vm_mirror = mpnt_m;
144595 + } else {
144596 + BUG_ON(mpnt->vm_mirror->vm_mirror == mpnt || mpnt->vm_mirror->vm_mirror->vm_mm != mm);
144597 + mpnt_m->vm_mirror = mpnt->vm_mirror->vm_mirror;
144598 + mpnt_m->vm_mirror->vm_mirror = mpnt_m;
144599 + mpnt->vm_mirror->vm_mirror = mpnt;
144600 + }
144601 +
144602 + mpnt_m = mpnt_m->vm_next;
144603 + }
144604 + BUG_ON(mpnt_m);
144605 + }
144606 +#endif
144607 +
144608 /* a new mm has just been created */
144609 arch_dup_mmap(oldmm, mm);
144610 retval = 0;
144611 @@ -530,14 +645,6 @@ out:
144612 fail_uprobe_end:
144613 uprobe_end_dup_mmap();
144614 return retval;
144615 -fail_nomem_anon_vma_fork:
144616 - mpol_put(vma_policy(tmp));
144617 -fail_nomem_policy:
144618 - kmem_cache_free(vm_area_cachep, tmp);
144619 -fail_nomem:
144620 - retval = -ENOMEM;
144621 - vm_unacct_memory(charge);
144622 - goto out;
144623 }
144624
144625 static inline int mm_alloc_pgd(struct mm_struct *mm)
144626 @@ -857,8 +964,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
144627 return ERR_PTR(err);
144628
144629 mm = get_task_mm(task);
144630 - if (mm && mm != current->mm &&
144631 - !ptrace_may_access(task, mode)) {
144632 + if (mm && ((mm != current->mm && !ptrace_may_access(task, mode)) ||
144633 + ((mode & PTRACE_MODE_ATTACH) && (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task))))) {
144634 mmput(mm);
144635 mm = ERR_PTR(-EACCES);
144636 }
144637 @@ -1057,13 +1164,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
144638 spin_unlock(&fs->lock);
144639 return -EAGAIN;
144640 }
144641 - fs->users++;
144642 + atomic_inc(&fs->users);
144643 spin_unlock(&fs->lock);
144644 return 0;
144645 }
144646 tsk->fs = copy_fs_struct(fs);
144647 if (!tsk->fs)
144648 return -ENOMEM;
144649 + /* Carry through gr_chroot_dentry and is_chrooted instead
144650 + of recomputing it here. Already copied when the task struct
144651 + is duplicated. This allows pivot_root to not be treated as
144652 + a chroot
144653 + */
144654 + //gr_set_chroot_entries(tsk, &tsk->fs->root);
144655 +
144656 return 0;
144657 }
144658
144659 @@ -1296,7 +1410,7 @@ init_task_pid(struct task_struct *task, enum pid_type type, struct pid *pid)
144660 * parts of the process environment (as per the clone
144661 * flags). The actual kick-off is left to the caller.
144662 */
144663 -static struct task_struct *copy_process(unsigned long clone_flags,
144664 +static __latent_entropy struct task_struct *copy_process(unsigned long clone_flags,
144665 unsigned long stack_start,
144666 unsigned long stack_size,
144667 int __user *child_tidptr,
144668 @@ -1368,6 +1482,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
144669 DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
144670 #endif
144671 retval = -EAGAIN;
144672 +
144673 + gr_learn_resource(p, RLIMIT_NPROC, atomic_read(&p->real_cred->user->processes), 0);
144674 +
144675 if (atomic_read(&p->real_cred->user->processes) >=
144676 task_rlimit(p, RLIMIT_NPROC)) {
144677 if (p->real_cred->user != INIT_USER &&
144678 @@ -1626,6 +1743,16 @@ static struct task_struct *copy_process(unsigned long clone_flags,
144679 goto bad_fork_cancel_cgroup;
144680 }
144681
144682 + /* synchronizes with gr_set_acls()
144683 + we need to call this past the point of no return for fork()
144684 + */
144685 + gr_copy_label(p);
144686 +
144687 +#ifdef CONFIG_GRKERNSEC_SETXID
144688 + if (p->delayed_cred)
144689 + get_cred(p->delayed_cred);
144690 +#endif
144691 +
144692 if (likely(p->pid)) {
144693 ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace);
144694
144695 @@ -1717,6 +1844,8 @@ bad_fork_cleanup_count:
144696 bad_fork_free:
144697 free_task(p);
144698 fork_out:
144699 + gr_log_forkfail(retval);
144700 +
144701 return ERR_PTR(retval);
144702 }
144703
144704 @@ -1780,6 +1909,7 @@ long _do_fork(unsigned long clone_flags,
144705
144706 p = copy_process(clone_flags, stack_start, stack_size,
144707 child_tidptr, NULL, trace, tls, NUMA_NO_NODE);
144708 + add_latent_entropy();
144709 /*
144710 * Do this prior waking up the new thread - the thread pointer
144711 * might get invalid after that point, if the thread exits quickly.
144712 @@ -1796,6 +1926,8 @@ long _do_fork(unsigned long clone_flags,
144713 if (clone_flags & CLONE_PARENT_SETTID)
144714 put_user(nr, parent_tidptr);
144715
144716 + gr_handle_brute_check();
144717 +
144718 if (clone_flags & CLONE_VFORK) {
144719 p->vfork_done = &vfork;
144720 init_completion(&vfork);
144721 @@ -1928,11 +2060,12 @@ void __init proc_caches_init(void)
144722 * maximum number of CPU's we can ever have. The cpumask_allocation
144723 * is at the end of the structure, exactly for that reason.
144724 */
144725 - mm_cachep = kmem_cache_create("mm_struct",
144726 + mm_cachep = kmem_cache_create_usercopy("mm_struct",
144727 sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
144728 SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK|SLAB_ACCOUNT,
144729 + offsetof(struct mm_struct, saved_auxv), sizeof(init_mm.saved_auxv),
144730 NULL);
144731 - vm_area_cachep = KMEM_CACHE(vm_area_struct, SLAB_PANIC|SLAB_ACCOUNT);
144732 + vm_area_cachep = KMEM_CACHE(vm_area_struct, SLAB_PANIC|SLAB_ACCOUNT|SLAB_NO_SANITIZE);
144733 mmap_init();
144734 nsproxy_cache_init();
144735 }
144736 @@ -1980,7 +2113,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
144737 return 0;
144738
144739 /* don't need lock here; in the worst case we'll do useless copy */
144740 - if (fs->users == 1)
144741 + if (atomic_read(&fs->users) == 1)
144742 return 0;
144743
144744 *new_fsp = copy_fs_struct(fs);
144745 @@ -2093,7 +2226,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
144746 fs = current->fs;
144747 spin_lock(&fs->lock);
144748 current->fs = new_fs;
144749 - if (--fs->users)
144750 + gr_set_chroot_entries(current, &current->fs->root);
144751 + if (atomic_dec_return(&fs->users))
144752 new_fs = NULL;
144753 else
144754 new_fs = fs;
144755 @@ -2157,7 +2291,7 @@ int unshare_files(struct files_struct **displaced)
144756 int sysctl_max_threads(struct ctl_table *table, int write,
144757 void __user *buffer, size_t *lenp, loff_t *ppos)
144758 {
144759 - struct ctl_table t;
144760 + ctl_table_no_const t;
144761 int ret;
144762 int threads = max_threads;
144763 int min = MIN_THREADS;
144764 diff --git a/kernel/futex.c b/kernel/futex.c
144765 index 46cb3a3..96207f8 100644
144766 --- a/kernel/futex.c
144767 +++ b/kernel/futex.c
144768 @@ -210,7 +210,7 @@ struct futex_pi_state {
144769 atomic_t refcount;
144770
144771 union futex_key key;
144772 -};
144773 +} __randomize_layout;
144774
144775 /**
144776 * struct futex_q - The hashed futex queue entry, one per waiting task
144777 @@ -244,7 +244,7 @@ struct futex_q {
144778 struct rt_mutex_waiter *rt_waiter;
144779 union futex_key *requeue_pi_key;
144780 u32 bitset;
144781 -};
144782 +} __randomize_layout;
144783
144784 static const struct futex_q futex_q_init = {
144785 /* list gets initialized in queue_me()*/
144786 @@ -494,6 +494,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw)
144787 struct address_space *mapping;
144788 int err, ro = 0;
144789
144790 +#ifdef CONFIG_PAX_SEGMEXEC
144791 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && address >= SEGMEXEC_TASK_SIZE)
144792 + return -EFAULT;
144793 +#endif
144794 +
144795 /*
144796 * The futex address must be "naturally" aligned.
144797 */
144798 @@ -3270,6 +3275,7 @@ static void __init futex_detect_cmpxchg(void)
144799 {
144800 #ifndef CONFIG_HAVE_FUTEX_CMPXCHG
144801 u32 curval;
144802 + mm_segment_t oldfs;
144803
144804 /*
144805 * This will fail and we want it. Some arch implementations do
144806 @@ -3281,8 +3287,11 @@ static void __init futex_detect_cmpxchg(void)
144807 * implementation, the non-functional ones will return
144808 * -ENOSYS.
144809 */
144810 + oldfs = get_fs();
144811 + set_fs(USER_DS);
144812 if (cmpxchg_futex_value_locked(&curval, NULL, 0, 0) == -EFAULT)
144813 futex_cmpxchg_enabled = 1;
144814 + set_fs(oldfs);
144815 #endif
144816 }
144817
144818 diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
144819 index 4ae3232..5adee02 100644
144820 --- a/kernel/futex_compat.c
144821 +++ b/kernel/futex_compat.c
144822 @@ -32,7 +32,7 @@ fetch_robust_entry(compat_uptr_t *uentry, struct robust_list __user **entry,
144823 return 0;
144824 }
144825
144826 -static void __user *futex_uaddr(struct robust_list __user *entry,
144827 +static void __user __intentional_overflow(-1) *futex_uaddr(struct robust_list __user *entry,
144828 compat_long_t futex_offset)
144829 {
144830 compat_uptr_t base = ptr_to_compat(entry);
144831 diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c
144832 index 9530fcd..7f3a521 100644
144833 --- a/kernel/irq/manage.c
144834 +++ b/kernel/irq/manage.c
144835 @@ -972,7 +972,7 @@ static int irq_thread(void *data)
144836
144837 action_ret = handler_fn(desc, action);
144838 if (action_ret == IRQ_HANDLED)
144839 - atomic_inc(&desc->threads_handled);
144840 + atomic_inc_unchecked(&desc->threads_handled);
144841 if (action_ret == IRQ_WAKE_THREAD)
144842 irq_wake_secondary(desc, action);
144843
144844 diff --git a/kernel/irq/msi.c b/kernel/irq/msi.c
144845 index 19e9dfb..0766454 100644
144846 --- a/kernel/irq/msi.c
144847 +++ b/kernel/irq/msi.c
144848 @@ -214,16 +214,18 @@ static void msi_domain_update_dom_ops(struct msi_domain_info *info)
144849 return;
144850 }
144851
144852 + pax_open_kernel();
144853 if (ops->get_hwirq == NULL)
144854 - ops->get_hwirq = msi_domain_ops_default.get_hwirq;
144855 + const_cast(ops->get_hwirq) = msi_domain_ops_default.get_hwirq;
144856 if (ops->msi_init == NULL)
144857 - ops->msi_init = msi_domain_ops_default.msi_init;
144858 + const_cast(ops->msi_init) = msi_domain_ops_default.msi_init;
144859 if (ops->msi_check == NULL)
144860 - ops->msi_check = msi_domain_ops_default.msi_check;
144861 + const_cast(ops->msi_check) = msi_domain_ops_default.msi_check;
144862 if (ops->msi_prepare == NULL)
144863 - ops->msi_prepare = msi_domain_ops_default.msi_prepare;
144864 + const_cast(ops->msi_prepare) = msi_domain_ops_default.msi_prepare;
144865 if (ops->set_desc == NULL)
144866 - ops->set_desc = msi_domain_ops_default.set_desc;
144867 + const_cast(ops->set_desc) = msi_domain_ops_default.set_desc;
144868 + pax_close_kernel();
144869 }
144870
144871 static void msi_domain_update_chip_ops(struct msi_domain_info *info)
144872 @@ -231,8 +233,11 @@ static void msi_domain_update_chip_ops(struct msi_domain_info *info)
144873 struct irq_chip *chip = info->chip;
144874
144875 BUG_ON(!chip || !chip->irq_mask || !chip->irq_unmask);
144876 - if (!chip->irq_set_affinity)
144877 - chip->irq_set_affinity = msi_domain_set_affinity;
144878 + if (!chip->irq_set_affinity) {
144879 + pax_open_kernel();
144880 + const_cast(chip->irq_set_affinity) = msi_domain_set_affinity;
144881 + pax_close_kernel();
144882 + }
144883 }
144884
144885 /**
144886 diff --git a/kernel/irq/spurious.c b/kernel/irq/spurious.c
144887 index 5707f97..d526a3d 100644
144888 --- a/kernel/irq/spurious.c
144889 +++ b/kernel/irq/spurious.c
144890 @@ -334,7 +334,7 @@ void note_interrupt(struct irq_desc *desc, irqreturn_t action_ret)
144891 * count. We just care about the count being
144892 * different than the one we saw before.
144893 */
144894 - handled = atomic_read(&desc->threads_handled);
144895 + handled = atomic_read_unchecked(&desc->threads_handled);
144896 handled |= SPURIOUS_DEFERRED;
144897 if (handled != desc->threads_handled_last) {
144898 action_ret = IRQ_HANDLED;
144899 diff --git a/kernel/jump_label.c b/kernel/jump_label.c
144900 index 93ad6c1..139ea2a 100644
144901 --- a/kernel/jump_label.c
144902 +++ b/kernel/jump_label.c
144903 @@ -15,6 +15,7 @@
144904 #include <linux/static_key.h>
144905 #include <linux/jump_label_ratelimit.h>
144906 #include <linux/bug.h>
144907 +#include <linux/mm.h>
144908
144909 #ifdef HAVE_JUMP_LABEL
144910
144911 @@ -52,7 +53,9 @@ jump_label_sort_entries(struct jump_entry *start, struct jump_entry *stop)
144912
144913 size = (((unsigned long)stop - (unsigned long)start)
144914 / sizeof(struct jump_entry));
144915 + pax_open_kernel();
144916 sort(start, size, sizeof(struct jump_entry), jump_label_cmp, NULL);
144917 + pax_close_kernel();
144918 }
144919
144920 static void jump_label_update(struct static_key *key);
144921 @@ -475,10 +478,12 @@ static void jump_label_invalidate_module_init(struct module *mod)
144922 struct jump_entry *iter_stop = iter_start + mod->num_jump_entries;
144923 struct jump_entry *iter;
144924
144925 + pax_open_kernel();
144926 for (iter = iter_start; iter < iter_stop; iter++) {
144927 if (within_module_init(iter->code, mod))
144928 iter->code = 0;
144929 }
144930 + pax_close_kernel();
144931 }
144932
144933 static int
144934 diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
144935 index fafd1a3..316983e 100644
144936 --- a/kernel/kallsyms.c
144937 +++ b/kernel/kallsyms.c
144938 @@ -11,6 +11,9 @@
144939 * Changed the compression method from stem compression to "table lookup"
144940 * compression (see scripts/kallsyms.c for a more complete description)
144941 */
144942 +#ifdef CONFIG_GRKERNSEC_HIDESYM
144943 +#define __INCLUDED_BY_HIDESYM 1
144944 +#endif
144945 #include <linux/kallsyms.h>
144946 #include <linux/module.h>
144947 #include <linux/init.h>
144948 @@ -58,12 +61,33 @@ extern const unsigned long kallsyms_markers[] __weak;
144949
144950 static inline int is_kernel_inittext(unsigned long addr)
144951 {
144952 + if (system_state != SYSTEM_BOOTING)
144953 + return 0;
144954 +
144955 if (addr >= (unsigned long)_sinittext
144956 && addr <= (unsigned long)_einittext)
144957 return 1;
144958 return 0;
144959 }
144960
144961 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
144962 +#ifdef CONFIG_MODULES
144963 +static inline int is_module_text(unsigned long addr)
144964 +{
144965 + if ((unsigned long)MODULES_EXEC_VADDR <= addr && addr <= (unsigned long)MODULES_EXEC_END)
144966 + return 1;
144967 +
144968 + addr = ktla_ktva(addr);
144969 + return (unsigned long)MODULES_EXEC_VADDR <= addr && addr <= (unsigned long)MODULES_EXEC_END;
144970 +}
144971 +#else
144972 +static inline int is_module_text(unsigned long addr)
144973 +{
144974 + return 0;
144975 +}
144976 +#endif
144977 +#endif
144978 +
144979 static inline int is_kernel_text(unsigned long addr)
144980 {
144981 if ((addr >= (unsigned long)_stext && addr <= (unsigned long)_etext) ||
144982 @@ -74,13 +98,28 @@ static inline int is_kernel_text(unsigned long addr)
144983
144984 static inline int is_kernel(unsigned long addr)
144985 {
144986 +
144987 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
144988 + if (is_kernel_text(addr) || is_kernel_inittext(addr))
144989 + return 1;
144990 +
144991 + if (ktla_ktva((unsigned long)_text) <= addr && addr < (unsigned long)_end)
144992 +#else
144993 if (addr >= (unsigned long)_stext && addr <= (unsigned long)_end)
144994 +#endif
144995 +
144996 return 1;
144997 return in_gate_area_no_mm(addr);
144998 }
144999
145000 static int is_ksym_addr(unsigned long addr)
145001 {
145002 +
145003 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
145004 + if (is_module_text(addr))
145005 + return 0;
145006 +#endif
145007 +
145008 if (all_var)
145009 return is_kernel(addr);
145010
145011 @@ -458,10 +497,11 @@ int sprint_backtrace(char *buffer, unsigned long address)
145012 }
145013
145014 /* Look up a kernel symbol and print it to the kernel messages. */
145015 -void __print_symbol(const char *fmt, unsigned long address)
145016 +void __print_symbol(const char *fmt, unsigned long address, ...)
145017 {
145018 char buffer[KSYM_SYMBOL_LEN];
145019
145020 + address = (unsigned long)__builtin_extract_return_addr((void *)address);
145021 sprint_symbol(buffer, address);
145022
145023 printk(fmt, buffer);
145024 @@ -505,7 +545,6 @@ static unsigned long get_ksymbol_core(struct kallsym_iter *iter)
145025
145026 static void reset_iter(struct kallsym_iter *iter, loff_t new_pos)
145027 {
145028 - iter->name[0] = '\0';
145029 iter->nameoff = get_symbol_offset(new_pos);
145030 iter->pos = new_pos;
145031 }
145032 @@ -553,6 +592,11 @@ static int s_show(struct seq_file *m, void *p)
145033 {
145034 struct kallsym_iter *iter = m->private;
145035
145036 +#ifdef CONFIG_GRKERNSEC_HIDESYM
145037 + if (!uid_eq(current_uid(), GLOBAL_ROOT_UID))
145038 + return 0;
145039 +#endif
145040 +
145041 /* Some debugging symbols have no name. Ignore them. */
145042 if (!iter->name[0])
145043 return 0;
145044 @@ -566,6 +610,7 @@ static int s_show(struct seq_file *m, void *p)
145045 */
145046 type = iter->exported ? toupper(iter->type) :
145047 tolower(iter->type);
145048 +
145049 seq_printf(m, "%pK %c %s\t[%s]\n", (void *)iter->value,
145050 type, iter->name, iter->module_name);
145051 } else
145052 diff --git a/kernel/kcmp.c b/kernel/kcmp.c
145053 index 3a47fa9..bcb17e3 100644
145054 --- a/kernel/kcmp.c
145055 +++ b/kernel/kcmp.c
145056 @@ -100,6 +100,10 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type,
145057 struct task_struct *task1, *task2;
145058 int ret;
145059
145060 +#ifdef CONFIG_GRKERNSEC
145061 + return -ENOSYS;
145062 +#endif
145063 +
145064 rcu_read_lock();
145065
145066 /*
145067 diff --git a/kernel/kexec.c b/kernel/kexec.c
145068 index 980936a..81408fd 100644
145069 --- a/kernel/kexec.c
145070 +++ b/kernel/kexec.c
145071 @@ -236,7 +236,8 @@ COMPAT_SYSCALL_DEFINE4(kexec_load, compat_ulong_t, entry,
145072 compat_ulong_t, flags)
145073 {
145074 struct compat_kexec_segment in;
145075 - struct kexec_segment out, __user *ksegments;
145076 + struct kexec_segment out;
145077 + struct kexec_segment __user *ksegments;
145078 unsigned long i, result;
145079
145080 /* Don't allow clients that don't understand the native
145081 diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c
145082 index 5616755..0affaae 100644
145083 --- a/kernel/kexec_core.c
145084 +++ b/kernel/kexec_core.c
145085 @@ -871,7 +871,7 @@ int kimage_load_segment(struct kimage *image,
145086
145087 struct kimage *kexec_image;
145088 struct kimage *kexec_crash_image;
145089 -int kexec_load_disabled;
145090 +int kexec_load_disabled __read_only;
145091
145092 /*
145093 * No panic_cpu check version of crash_kexec(). This function is called
145094 diff --git a/kernel/kmod.c b/kernel/kmod.c
145095 index 0277d12..2d2899c 100644
145096 --- a/kernel/kmod.c
145097 +++ b/kernel/kmod.c
145098 @@ -66,7 +66,7 @@ static void free_modprobe_argv(struct subprocess_info *info)
145099 kfree(info->argv);
145100 }
145101
145102 -static int call_modprobe(char *module_name, int wait)
145103 +static int call_modprobe(char *module_name, char *module_param, int wait)
145104 {
145105 struct subprocess_info *info;
145106 static char *envp[] = {
145107 @@ -76,7 +76,7 @@ static int call_modprobe(char *module_name, int wait)
145108 NULL
145109 };
145110
145111 - char **argv = kmalloc(sizeof(char *[5]), GFP_KERNEL);
145112 + char **argv = kmalloc(sizeof(char *[6]), GFP_KERNEL);
145113 if (!argv)
145114 goto out;
145115
145116 @@ -88,7 +88,8 @@ static int call_modprobe(char *module_name, int wait)
145117 argv[1] = "-q";
145118 argv[2] = "--";
145119 argv[3] = module_name; /* check free_modprobe_argv() */
145120 - argv[4] = NULL;
145121 + argv[4] = module_param;
145122 + argv[5] = NULL;
145123
145124 info = call_usermodehelper_setup(modprobe_path, argv, envp, GFP_KERNEL,
145125 NULL, free_modprobe_argv, NULL);
145126 @@ -121,9 +122,8 @@ out:
145127 * If module auto-loading support is disabled then this function
145128 * becomes a no-operation.
145129 */
145130 -int __request_module(bool wait, const char *fmt, ...)
145131 +static int ____request_module(bool wait, char *module_param, const char *fmt, va_list ap)
145132 {
145133 - va_list args;
145134 char module_name[MODULE_NAME_LEN];
145135 unsigned int max_modprobes;
145136 int ret;
145137 @@ -142,9 +142,7 @@ int __request_module(bool wait, const char *fmt, ...)
145138 if (!modprobe_path[0])
145139 return 0;
145140
145141 - va_start(args, fmt);
145142 - ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args);
145143 - va_end(args);
145144 + ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, ap);
145145 if (ret >= MODULE_NAME_LEN)
145146 return -ENAMETOOLONG;
145147
145148 @@ -152,6 +150,20 @@ int __request_module(bool wait, const char *fmt, ...)
145149 if (ret)
145150 return ret;
145151
145152 +#ifdef CONFIG_GRKERNSEC_MODHARDEN
145153 + if (uid_eq(current_uid(), GLOBAL_ROOT_UID)) {
145154 + /* hack to workaround consolekit/udisks stupidity */
145155 + read_lock(&tasklist_lock);
145156 + if (!strcmp(current->comm, "mount") &&
145157 + current->real_parent && !strncmp(current->real_parent->comm, "udisk", 5)) {
145158 + read_unlock(&tasklist_lock);
145159 + printk(KERN_ALERT "grsec: denied attempt to auto-load fs module %.64s by udisks\n", module_name);
145160 + return -EPERM;
145161 + }
145162 + read_unlock(&tasklist_lock);
145163 + }
145164 +#endif
145165 +
145166 /* If modprobe needs a service that is in a module, we get a recursive
145167 * loop. Limit the number of running kmod threads to max_threads/2 or
145168 * MAX_KMOD_CONCURRENT, whichever is the smaller. A cleaner method
145169 @@ -180,16 +192,61 @@ int __request_module(bool wait, const char *fmt, ...)
145170
145171 trace_module_request(module_name, wait, _RET_IP_);
145172
145173 - ret = call_modprobe(module_name, wait ? UMH_WAIT_PROC : UMH_WAIT_EXEC);
145174 + ret = call_modprobe(module_name, module_param, wait ? UMH_WAIT_PROC : UMH_WAIT_EXEC);
145175
145176 atomic_dec(&kmod_concurrent);
145177 return ret;
145178 }
145179 +
145180 +int ___request_module(bool wait, char *module_param, const char *fmt, ...)
145181 +{
145182 + va_list args;
145183 + int ret;
145184 +
145185 + va_start(args, fmt);
145186 + ret = ____request_module(wait, module_param, fmt, args);
145187 + va_end(args);
145188 +
145189 + return ret;
145190 +}
145191 +
145192 +int __request_module(bool wait, const char *fmt, ...)
145193 +{
145194 + va_list args;
145195 + int ret;
145196 +
145197 +#ifdef CONFIG_GRKERNSEC_MODHARDEN
145198 + if (!uid_eq(current_uid(), GLOBAL_ROOT_UID)) {
145199 + char module_param[MODULE_NAME_LEN];
145200 +
145201 + memset(module_param, 0, sizeof(module_param));
145202 +
145203 + snprintf(module_param, sizeof(module_param) - 1, "grsec_modharden_normal%u_", GR_GLOBAL_UID(current_uid()));
145204 +
145205 + va_start(args, fmt);
145206 + ret = ____request_module(wait, module_param, fmt, args);
145207 + va_end(args);
145208 +
145209 + return ret;
145210 + }
145211 +#endif
145212 +
145213 + va_start(args, fmt);
145214 + ret = ____request_module(wait, NULL, fmt, args);
145215 + va_end(args);
145216 +
145217 + return ret;
145218 +}
145219 +
145220 EXPORT_SYMBOL(__request_module);
145221 #endif /* CONFIG_MODULES */
145222
145223 static void call_usermodehelper_freeinfo(struct subprocess_info *info)
145224 {
145225 +#ifdef CONFIG_GRKERNSEC
145226 + kfree(info->path);
145227 + info->path = info->origpath;
145228 +#endif
145229 if (info->cleanup)
145230 (*info->cleanup)(info);
145231 kfree(info);
145232 @@ -228,6 +285,22 @@ static int call_usermodehelper_exec_async(void *data)
145233 */
145234 set_user_nice(current, 0);
145235
145236 +#ifdef CONFIG_GRKERNSEC
145237 + /* this is race-free as far as userland is concerned as we copied
145238 + out the path to be used prior to this point and are now operating
145239 + on that copy
145240 + */
145241 + if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/usr/lib/", 9) &&
145242 + strncmp(sub_info->path, "/lib/", 5) && strncmp(sub_info->path, "/lib64/", 7) &&
145243 + strncmp(sub_info->path, "/usr/libexec/", 13) && strncmp(sub_info->path, "/usr/bin/", 9) &&
145244 + strncmp(sub_info->path, "/usr/sbin/", 10) && strcmp(sub_info->path, "/bin/false") &&
145245 + strcmp(sub_info->path, "/usr/share/apport/apport")) || strstr(sub_info->path, "..")) {
145246 + printk(KERN_ALERT "grsec: denied exec of usermode helper binary %.950s located outside of permitted system paths\n", sub_info->path);
145247 + retval = -EPERM;
145248 + goto out;
145249 + }
145250 +#endif
145251 +
145252 retval = -ENOMEM;
145253 new = prepare_kernel_cred(current);
145254 if (!new)
145255 @@ -250,8 +323,8 @@ static int call_usermodehelper_exec_async(void *data)
145256 commit_creds(new);
145257
145258 retval = do_execve(getname_kernel(sub_info->path),
145259 - (const char __user *const __user *)sub_info->argv,
145260 - (const char __user *const __user *)sub_info->envp);
145261 + (const char __user *const __force_user *)sub_info->argv,
145262 + (const char __user *const __force_user *)sub_info->envp);
145263 out:
145264 sub_info->retval = retval;
145265 /*
145266 @@ -287,7 +360,7 @@ static void call_usermodehelper_exec_sync(struct subprocess_info *sub_info)
145267 *
145268 * Thus the __user pointer cast is valid here.
145269 */
145270 - sys_wait4(pid, (int __user *)&ret, 0, NULL);
145271 + sys_wait4(pid, (int __force_user *)&ret, 0, NULL);
145272
145273 /*
145274 * If ret is 0, either call_usermodehelper_exec_async failed and
145275 @@ -528,7 +601,12 @@ struct subprocess_info *call_usermodehelper_setup(char *path, char **argv,
145276 goto out;
145277
145278 INIT_WORK(&sub_info->work, call_usermodehelper_exec_work);
145279 +#ifdef CONFIG_GRKERNSEC
145280 + sub_info->origpath = path;
145281 + sub_info->path = kstrdup(path, gfp_mask);
145282 +#else
145283 sub_info->path = path;
145284 +#endif
145285 sub_info->argv = argv;
145286 sub_info->envp = envp;
145287
145288 @@ -630,7 +708,7 @@ EXPORT_SYMBOL(call_usermodehelper);
145289 static int proc_cap_handler(struct ctl_table *table, int write,
145290 void __user *buffer, size_t *lenp, loff_t *ppos)
145291 {
145292 - struct ctl_table t;
145293 + ctl_table_no_const t;
145294 unsigned long cap_array[_KERNEL_CAPABILITY_U32S];
145295 kernel_cap_t new_cap;
145296 int err, i;
145297 diff --git a/kernel/kprobes.c b/kernel/kprobes.c
145298 index d10ab6b..1725fbd 100644
145299 --- a/kernel/kprobes.c
145300 +++ b/kernel/kprobes.c
145301 @@ -31,6 +31,9 @@
145302 * <jkenisto@us.ibm.com> and Prasanna S Panchamukhi
145303 * <prasanna@in.ibm.com> added function-return probes.
145304 */
145305 +#ifdef CONFIG_GRKERNSEC_HIDESYM
145306 +#define __INCLUDED_BY_HIDESYM 1
145307 +#endif
145308 #include <linux/kprobes.h>
145309 #include <linux/hash.h>
145310 #include <linux/init.h>
145311 @@ -122,12 +125,12 @@ enum kprobe_slot_state {
145312
145313 static void *alloc_insn_page(void)
145314 {
145315 - return module_alloc(PAGE_SIZE);
145316 + return module_alloc_exec(PAGE_SIZE);
145317 }
145318
145319 static void free_insn_page(void *page)
145320 {
145321 - module_memfree(page);
145322 + module_memfree_exec(page);
145323 }
145324
145325 struct kprobe_insn_cache kprobe_insn_slots = {
145326 @@ -2198,11 +2201,11 @@ static void report_probe(struct seq_file *pi, struct kprobe *p,
145327 kprobe_type = "k";
145328
145329 if (sym)
145330 - seq_printf(pi, "%p %s %s+0x%x %s ",
145331 + seq_printf(pi, "%pK %s %s+0x%x %s ",
145332 p->addr, kprobe_type, sym, offset,
145333 (modname ? modname : " "));
145334 else
145335 - seq_printf(pi, "%p %s %p ",
145336 + seq_printf(pi, "%pK %s %pK ",
145337 p->addr, kprobe_type, p->addr);
145338
145339 if (!pp)
145340 @@ -2291,7 +2294,7 @@ static int kprobe_blacklist_seq_show(struct seq_file *m, void *v)
145341 struct kprobe_blacklist_entry *ent =
145342 list_entry(v, struct kprobe_blacklist_entry, list);
145343
145344 - seq_printf(m, "0x%p-0x%p\t%ps\n", (void *)ent->start_addr,
145345 + seq_printf(m, "0x%pK-0x%pK\t%ps\n", (void *)ent->start_addr,
145346 (void *)ent->end_addr, (void *)ent->start_addr);
145347 return 0;
145348 }
145349 diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c
145350 index ee1bc1b..a351806 100644
145351 --- a/kernel/ksysfs.c
145352 +++ b/kernel/ksysfs.c
145353 @@ -50,6 +50,8 @@ static ssize_t uevent_helper_store(struct kobject *kobj,
145354 {
145355 if (count+1 > UEVENT_HELPER_PATH_LEN)
145356 return -ENOENT;
145357 + if (!capable(CAP_SYS_ADMIN))
145358 + return -EPERM;
145359 memcpy(uevent_helper, buf, count);
145360 uevent_helper[count] = '\0';
145361 if (count && uevent_helper[count-1] == '\n')
145362 @@ -195,7 +197,7 @@ static ssize_t notes_read(struct file *filp, struct kobject *kobj,
145363 return count;
145364 }
145365
145366 -static struct bin_attribute notes_attr = {
145367 +static bin_attribute_no_const notes_attr __read_only = {
145368 .attr = {
145369 .name = "notes",
145370 .mode = S_IRUGO,
145371 diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c
145372 index 589d763..3962223 100644
145373 --- a/kernel/locking/lockdep.c
145374 +++ b/kernel/locking/lockdep.c
145375 @@ -603,6 +603,10 @@ static int static_obj(void *obj)
145376 end = (unsigned long) &_end,
145377 addr = (unsigned long) obj;
145378
145379 +#ifdef CONFIG_PAX_KERNEXEC
145380 + start = ktla_ktva(start);
145381 +#endif
145382 +
145383 /*
145384 * static variable?
145385 */
145386 @@ -733,6 +737,7 @@ register_lock_class(struct lockdep_map *lock, unsigned int subclass, int force)
145387 if (!static_obj(lock->key)) {
145388 debug_locks_off();
145389 printk("INFO: trying to register non-static key.\n");
145390 + printk("lock:%pS key:%pS.\n", lock, lock->key);
145391 printk("the code is fine but needs lockdep annotation.\n");
145392 printk("turning off the locking correctness validator.\n");
145393 dump_stack();
145394 @@ -3231,7 +3236,7 @@ static int __lock_acquire(struct lockdep_map *lock, unsigned int subclass,
145395 if (!class)
145396 return 0;
145397 }
145398 - atomic_inc((atomic_t *)&class->ops);
145399 + atomic_long_inc_unchecked((atomic_long_unchecked_t *)&class->ops);
145400 if (very_verbose(class)) {
145401 printk("\nacquire class [%p] %s", class->key, class->name);
145402 if (class->name_version > 1)
145403 diff --git a/kernel/locking/lockdep_proc.c b/kernel/locking/lockdep_proc.c
145404 index a0f61ef..b6aef3c 100644
145405 --- a/kernel/locking/lockdep_proc.c
145406 +++ b/kernel/locking/lockdep_proc.c
145407 @@ -65,7 +65,7 @@ static int l_show(struct seq_file *m, void *v)
145408 return 0;
145409 }
145410
145411 - seq_printf(m, "%p", class->key);
145412 + seq_printf(m, "%pK", class->key);
145413 #ifdef CONFIG_DEBUG_LOCKDEP
145414 seq_printf(m, " OPS:%8ld", class->ops);
145415 #endif
145416 @@ -83,7 +83,7 @@ static int l_show(struct seq_file *m, void *v)
145417
145418 list_for_each_entry(entry, &class->locks_after, entry) {
145419 if (entry->distance == 1) {
145420 - seq_printf(m, " -> [%p] ", entry->class->key);
145421 + seq_printf(m, " -> [%pK] ", entry->class->key);
145422 print_name(m, entry->class);
145423 seq_puts(m, "\n");
145424 }
145425 @@ -154,7 +154,7 @@ static int lc_show(struct seq_file *m, void *v)
145426 if (!class->key)
145427 continue;
145428
145429 - seq_printf(m, "[%p] ", class->key);
145430 + seq_printf(m, "[%pK] ", class->key);
145431 print_name(m, class);
145432 seq_puts(m, "\n");
145433 }
145434 @@ -510,7 +510,7 @@ static void seq_stats(struct seq_file *m, struct lock_stat_data *data)
145435 if (!i)
145436 seq_line(m, '-', 40-namelen, namelen);
145437
145438 - snprintf(ip, sizeof(ip), "[<%p>]",
145439 + snprintf(ip, sizeof(ip), "[<%pK>]",
145440 (void *)class->contention_point[i]);
145441 seq_printf(m, "%40s %14lu %29s %pS\n",
145442 name, stats->contention_point[i],
145443 @@ -525,7 +525,7 @@ static void seq_stats(struct seq_file *m, struct lock_stat_data *data)
145444 if (!i)
145445 seq_line(m, '-', 40-namelen, namelen);
145446
145447 - snprintf(ip, sizeof(ip), "[<%p>]",
145448 + snprintf(ip, sizeof(ip), "[<%pK>]",
145449 (void *)class->contending_point[i]);
145450 seq_printf(m, "%40s %14lu %29s %pS\n",
145451 name, stats->contending_point[i],
145452 diff --git a/kernel/module.c b/kernel/module.c
145453 index 529efae..05499fa 100644
145454 --- a/kernel/module.c
145455 +++ b/kernel/module.c
145456 @@ -61,6 +61,7 @@
145457 #include <linux/pfn.h>
145458 #include <linux/bsearch.h>
145459 #include <linux/dynamic_debug.h>
145460 +#include <linux/grsecurity.h>
145461 #include <uapi/linux/module.h>
145462 #include "module-internal.h"
145463
145464 @@ -108,16 +109,32 @@ static LIST_HEAD(modules);
145465
145466 static __always_inline unsigned long __mod_tree_val(struct latch_tree_node *n)
145467 {
145468 - struct module_layout *layout = container_of(n, struct module_layout, mtn.node);
145469 + struct mod_tree_node *mtn = container_of(n, struct mod_tree_node, node);
145470 + struct module *mod = mtn->mod;
145471
145472 - return (unsigned long)layout->base;
145473 + if (unlikely(mtn == &mod->init_layout.mtn_rw))
145474 + return (unsigned long)mod->init_layout.base_rw;
145475 + if (unlikely(mtn == &mod->init_layout.mtn_rx))
145476 + return (unsigned long)mod->init_layout.base_rx;
145477 +
145478 + if (unlikely(mtn == &mod->core_layout.mtn_rw))
145479 + return (unsigned long)mod->core_layout.base_rw;
145480 + return (unsigned long)mod->core_layout.base_rx;
145481 }
145482
145483 static __always_inline unsigned long __mod_tree_size(struct latch_tree_node *n)
145484 {
145485 - struct module_layout *layout = container_of(n, struct module_layout, mtn.node);
145486 + struct mod_tree_node *mtn = container_of(n, struct mod_tree_node, node);
145487 + struct module *mod = mtn->mod;
145488
145489 - return (unsigned long)layout->size;
145490 + if (unlikely(mtn == &mod->init_layout.mtn_rw))
145491 + return (unsigned long)mod->init_layout.size_rw;
145492 + if (unlikely(mtn == &mod->init_layout.mtn_rx))
145493 + return (unsigned long)mod->init_layout.size_rx;
145494 +
145495 + if (unlikely(mtn == &mod->core_layout.mtn_rw))
145496 + return (unsigned long)mod->core_layout.size_rw;
145497 + return (unsigned long)mod->core_layout.size_rx;
145498 }
145499
145500 static __always_inline bool
145501 @@ -150,14 +167,19 @@ static const struct latch_tree_ops mod_tree_ops = {
145502
145503 static struct mod_tree_root {
145504 struct latch_tree_root root;
145505 - unsigned long addr_min;
145506 - unsigned long addr_max;
145507 + unsigned long addr_min_rw;
145508 + unsigned long addr_min_rx;
145509 + unsigned long addr_max_rw;
145510 + unsigned long addr_max_rx;
145511 } mod_tree __cacheline_aligned = {
145512 - .addr_min = -1UL,
145513 + .addr_min_rw = -1UL,
145514 + .addr_min_rx = -1UL,
145515 };
145516
145517 -#define module_addr_min mod_tree.addr_min
145518 -#define module_addr_max mod_tree.addr_max
145519 +#define module_addr_min_rw mod_tree.addr_min_rw
145520 +#define module_addr_min_rx mod_tree.addr_min_rx
145521 +#define module_addr_max_rw mod_tree.addr_max_rw
145522 +#define module_addr_max_rx mod_tree.addr_max_rx
145523
145524 static noinline void __mod_tree_insert(struct mod_tree_node *node)
145525 {
145526 @@ -175,23 +197,31 @@ static void __mod_tree_remove(struct mod_tree_node *node)
145527 */
145528 static void mod_tree_insert(struct module *mod)
145529 {
145530 - mod->core_layout.mtn.mod = mod;
145531 - mod->init_layout.mtn.mod = mod;
145532 + mod->core_layout.mtn_rx.mod = mod;
145533 + mod->core_layout.mtn_rw.mod = mod;
145534 + mod->init_layout.mtn_rx.mod = mod;
145535 + mod->init_layout.mtn_rw.mod = mod;
145536
145537 - __mod_tree_insert(&mod->core_layout.mtn);
145538 - if (mod->init_layout.size)
145539 - __mod_tree_insert(&mod->init_layout.mtn);
145540 + __mod_tree_insert(&mod->core_layout.mtn_rx);
145541 + __mod_tree_insert(&mod->core_layout.mtn_rw);
145542 + if (mod->init_layout.size_rx)
145543 + __mod_tree_insert(&mod->init_layout.mtn_rx);
145544 + if (mod->init_layout.size_rw)
145545 + __mod_tree_insert(&mod->init_layout.mtn_rw);
145546 }
145547
145548 static void mod_tree_remove_init(struct module *mod)
145549 {
145550 - if (mod->init_layout.size)
145551 - __mod_tree_remove(&mod->init_layout.mtn);
145552 + if (mod->init_layout.size_rx)
145553 + __mod_tree_remove(&mod->init_layout.mtn_rx);
145554 + if (mod->init_layout.size_rw)
145555 + __mod_tree_remove(&mod->init_layout.mtn_rw);
145556 }
145557
145558 static void mod_tree_remove(struct module *mod)
145559 {
145560 - __mod_tree_remove(&mod->core_layout.mtn);
145561 + __mod_tree_remove(&mod->core_layout.mtn_rx);
145562 + __mod_tree_remove(&mod->core_layout.mtn_rw);
145563 mod_tree_remove_init(mod);
145564 }
145565
145566 @@ -208,7 +238,8 @@ static struct module *mod_find(unsigned long addr)
145567
145568 #else /* MODULES_TREE_LOOKUP */
145569
145570 -static unsigned long module_addr_min = -1UL, module_addr_max = 0;
145571 +static unsigned long module_addr_min_rw = -1UL, module_addr_max_rw = 0;
145572 +static unsigned long module_addr_min_rx = -1UL, module_addr_max_rx = 0;
145573
145574 static void mod_tree_insert(struct module *mod) { }
145575 static void mod_tree_remove_init(struct module *mod) { }
145576 @@ -232,22 +263,36 @@ static struct module *mod_find(unsigned long addr)
145577 * Bounds of module text, for speeding up __module_address.
145578 * Protected by module_mutex.
145579 */
145580 -static void __mod_update_bounds(void *base, unsigned int size)
145581 +static void __mod_update_bounds_rx(void *base, unsigned int size)
145582 {
145583 unsigned long min = (unsigned long)base;
145584 unsigned long max = min + size;
145585
145586 - if (min < module_addr_min)
145587 - module_addr_min = min;
145588 - if (max > module_addr_max)
145589 - module_addr_max = max;
145590 + if (min < module_addr_min_rx)
145591 + module_addr_min_rx = min;
145592 + if (max > module_addr_max_rx)
145593 + module_addr_max_rx = max;
145594 +}
145595 +
145596 +static void __mod_update_bounds_rw(void *base, unsigned int size)
145597 +{
145598 + unsigned long min = (unsigned long)base;
145599 + unsigned long max = min + size;
145600 +
145601 + if (min < module_addr_min_rw)
145602 + module_addr_min_rw = min;
145603 + if (max > module_addr_max_rw)
145604 + module_addr_max_rw = max;
145605 }
145606
145607 static void mod_update_bounds(struct module *mod)
145608 {
145609 - __mod_update_bounds(mod->core_layout.base, mod->core_layout.size);
145610 - if (mod->init_layout.size)
145611 - __mod_update_bounds(mod->init_layout.base, mod->init_layout.size);
145612 + __mod_update_bounds_rx(mod->core_layout.base_rx, mod->core_layout.size_rx);
145613 + __mod_update_bounds_rw(mod->core_layout.base_rw, mod->core_layout.size_rw);
145614 + if (mod->init_layout.size_rx)
145615 + __mod_update_bounds_rx(mod->init_layout.base_rx, mod->init_layout.size_rx);
145616 + if (mod->init_layout.size_rw)
145617 + __mod_update_bounds_rw(mod->init_layout.base_rw, mod->init_layout.size_rw);
145618 }
145619
145620 #ifdef CONFIG_KGDB_KDB
145621 @@ -276,7 +321,7 @@ module_param(sig_enforce, bool_enable_only, 0644);
145622 #endif /* !CONFIG_MODULE_SIG_FORCE */
145623
145624 /* Block module loading/unloading? */
145625 -int modules_disabled = 0;
145626 +int modules_disabled __read_only = 0;
145627 core_param(nomodule, modules_disabled, bint, 0);
145628
145629 /* Waiting for a module to finish initializing? */
145630 @@ -454,7 +499,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
145631 return true;
145632
145633 list_for_each_entry_rcu(mod, &modules, list) {
145634 - struct symsearch arr[] = {
145635 + struct symsearch modarr[] = {
145636 { mod->syms, mod->syms + mod->num_syms, mod->crcs,
145637 NOT_GPL_ONLY, false },
145638 { mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms,
145639 @@ -479,7 +524,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
145640 if (mod->state == MODULE_STATE_UNFORMED)
145641 continue;
145642
145643 - if (each_symbol_in_section(arr, ARRAY_SIZE(arr), mod, fn, data))
145644 + if (each_symbol_in_section(modarr, ARRAY_SIZE(modarr), mod, fn, data))
145645 return true;
145646 }
145647 return false;
145648 @@ -625,7 +670,7 @@ static int percpu_modalloc(struct module *mod, struct load_info *info)
145649 if (!pcpusec->sh_size)
145650 return 0;
145651
145652 - if (align > PAGE_SIZE) {
145653 + if (align-1 >= PAGE_SIZE) {
145654 pr_warn("%s: per-cpu alignment %li > %li\n",
145655 mod->name, align, PAGE_SIZE);
145656 align = PAGE_SIZE;
145657 @@ -1198,7 +1243,7 @@ struct module_attribute module_uevent =
145658 static ssize_t show_coresize(struct module_attribute *mattr,
145659 struct module_kobject *mk, char *buffer)
145660 {
145661 - return sprintf(buffer, "%u\n", mk->mod->core_layout.size);
145662 + return sprintf(buffer, "%u\n", mk->mod->core_layout.size_rx + mk->mod->core_layout.size_rw);
145663 }
145664
145665 static struct module_attribute modinfo_coresize =
145666 @@ -1207,7 +1252,7 @@ static struct module_attribute modinfo_coresize =
145667 static ssize_t show_initsize(struct module_attribute *mattr,
145668 struct module_kobject *mk, char *buffer)
145669 {
145670 - return sprintf(buffer, "%u\n", mk->mod->init_layout.size);
145671 + return sprintf(buffer, "%u\n", mk->mod->init_layout.size_rx + mk->mod->init_layout.size_rw);
145672 }
145673
145674 static struct module_attribute modinfo_initsize =
145675 @@ -1299,12 +1344,29 @@ static int check_version(Elf_Shdr *sechdrs,
145676 goto bad_version;
145677 }
145678
145679 +#ifdef CONFIG_GRKERNSEC_RANDSTRUCT
145680 + /*
145681 + * avoid potentially printing jibberish on attempted load
145682 + * of a module randomized with a different seed
145683 + */
145684 + pr_warn("no symbol version for %s\n", symname);
145685 +#else
145686 pr_warn("%s: no symbol version for %s\n", mod->name, symname);
145687 +#endif
145688 return 0;
145689
145690 bad_version:
145691 +#ifdef CONFIG_GRKERNSEC_RANDSTRUCT
145692 + /*
145693 + * avoid potentially printing jibberish on attempted load
145694 + * of a module randomized with a different seed
145695 + */
145696 + pr_warn("attempted module disagrees about version of symbol %s\n",
145697 + symname);
145698 +#else
145699 pr_warn("%s: disagrees about version of symbol %s\n",
145700 mod->name, symname);
145701 +#endif
145702 return 0;
145703 }
145704
145705 @@ -1432,7 +1494,7 @@ resolve_symbol_wait(struct module *mod,
145706 */
145707 #ifdef CONFIG_SYSFS
145708
145709 -#ifdef CONFIG_KALLSYMS
145710 +#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
145711 static inline bool sect_empty(const Elf_Shdr *sect)
145712 {
145713 return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0;
145714 @@ -1570,7 +1632,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info)
145715 {
145716 unsigned int notes, loaded, i;
145717 struct module_notes_attrs *notes_attrs;
145718 - struct bin_attribute *nattr;
145719 + bin_attribute_no_const *nattr;
145720
145721 /* failed to create section attributes, so can't create notes */
145722 if (!mod->sect_attrs)
145723 @@ -1682,7 +1744,7 @@ static void del_usage_links(struct module *mod)
145724 static int module_add_modinfo_attrs(struct module *mod)
145725 {
145726 struct module_attribute *attr;
145727 - struct module_attribute *temp_attr;
145728 + module_attribute_no_const *temp_attr;
145729 int error = 0;
145730 int i;
145731
145732 @@ -1869,40 +1931,40 @@ static void mod_sysfs_teardown(struct module *mod)
145733 static void frob_text(const struct module_layout *layout,
145734 int (*set_memory)(unsigned long start, int num_pages))
145735 {
145736 - BUG_ON((unsigned long)layout->base & (PAGE_SIZE-1));
145737 - BUG_ON((unsigned long)layout->text_size & (PAGE_SIZE-1));
145738 - set_memory((unsigned long)layout->base,
145739 - layout->text_size >> PAGE_SHIFT);
145740 + BUG_ON((unsigned long)layout->base_rx & (PAGE_SIZE-1));
145741 + BUG_ON((unsigned long)layout->size_rx & (PAGE_SIZE-1));
145742 + set_memory((unsigned long)layout->base_rx,
145743 + layout->size_rx >> PAGE_SHIFT);
145744 }
145745
145746 static void frob_rodata(const struct module_layout *layout,
145747 int (*set_memory)(unsigned long start, int num_pages))
145748 {
145749 - BUG_ON((unsigned long)layout->base & (PAGE_SIZE-1));
145750 - BUG_ON((unsigned long)layout->text_size & (PAGE_SIZE-1));
145751 - BUG_ON((unsigned long)layout->ro_size & (PAGE_SIZE-1));
145752 - set_memory((unsigned long)layout->base + layout->text_size,
145753 - (layout->ro_size - layout->text_size) >> PAGE_SHIFT);
145754 + BUG_ON((unsigned long)layout->base_rx & (PAGE_SIZE-1));
145755 + BUG_ON((unsigned long)layout->size_rx & (PAGE_SIZE-1));
145756 +// BUG_ON((unsigned long)layout->size_ro & (PAGE_SIZE-1));
145757 +// set_memory((unsigned long)layout->base_rx + layout->size_rx,
145758 +// (layout->size_ro - layout->size_rx) >> PAGE_SHIFT);
145759 }
145760
145761 static void frob_ro_after_init(const struct module_layout *layout,
145762 int (*set_memory)(unsigned long start, int num_pages))
145763 {
145764 - BUG_ON((unsigned long)layout->base & (PAGE_SIZE-1));
145765 +#if 0
145766 + BUG_ON((unsigned long)layout->base_rx & (PAGE_SIZE-1));
145767 BUG_ON((unsigned long)layout->ro_size & (PAGE_SIZE-1));
145768 BUG_ON((unsigned long)layout->ro_after_init_size & (PAGE_SIZE-1));
145769 set_memory((unsigned long)layout->base + layout->ro_size,
145770 (layout->ro_after_init_size - layout->ro_size) >> PAGE_SHIFT);
145771 +#endif
145772 }
145773
145774 static void frob_writable_data(const struct module_layout *layout,
145775 int (*set_memory)(unsigned long start, int num_pages))
145776 {
145777 - BUG_ON((unsigned long)layout->base & (PAGE_SIZE-1));
145778 - BUG_ON((unsigned long)layout->ro_after_init_size & (PAGE_SIZE-1));
145779 - BUG_ON((unsigned long)layout->size & (PAGE_SIZE-1));
145780 - set_memory((unsigned long)layout->base + layout->ro_after_init_size,
145781 - (layout->size - layout->ro_after_init_size) >> PAGE_SHIFT);
145782 + BUG_ON((unsigned long)layout->base_rw & (PAGE_SIZE-1));
145783 + BUG_ON((unsigned long)layout->size_rw & (PAGE_SIZE-1));
145784 + set_memory((unsigned long)layout->base_rw, layout->size_rw >> PAGE_SHIFT);
145785 }
145786
145787 /* livepatching wants to disable read-only so it can frob module. */
145788 @@ -1987,7 +2049,15 @@ static void disable_ro_nx(const struct module_layout *layout)
145789 }
145790
145791 #else
145792 -static void disable_ro_nx(const struct module_layout *layout) { }
145793 +static void disable_ro_nx(const struct module_layout *layout)
145794 +{
145795 +
145796 +#ifdef CONFIG_PAX_KERNEXEC
145797 + set_memory_nx((unsigned long)layout->base_rx, PFN_UP(layout->size_rx));
145798 + set_memory_rw((unsigned long)layout->base_rx, PFN_UP(layout->size_rx));
145799 +#endif
145800 +
145801 +}
145802 static void module_enable_nx(const struct module *mod) { }
145803 static void module_disable_nx(const struct module *mod) { }
145804 #endif
145805 @@ -2124,16 +2194,19 @@ static void free_module(struct module *mod)
145806 /* This may be empty, but that's OK */
145807 disable_ro_nx(&mod->init_layout);
145808 module_arch_freeing_init(mod);
145809 - module_memfree(mod->init_layout.base);
145810 + module_memfree(mod->init_layout.base_rw);
145811 + module_memfree_exec(mod->init_layout.base_rx);
145812 kfree(mod->args);
145813 percpu_modfree(mod);
145814
145815 /* Free lock-classes; relies on the preceding sync_rcu(). */
145816 - lockdep_free_key_range(mod->core_layout.base, mod->core_layout.size);
145817 + lockdep_free_key_range(mod->core_layout.base_rw, mod->core_layout.size_rw);
145818 + lockdep_free_key_range(mod->core_layout.base_rx, mod->core_layout.size_rx);
145819
145820 /* Finally, free the core (containing the module structure) */
145821 disable_ro_nx(&mod->core_layout);
145822 - module_memfree(mod->core_layout.base);
145823 + module_memfree_exec(mod->core_layout.base_rx);
145824 + module_memfree(mod->core_layout.base_rw);
145825
145826 #ifdef CONFIG_MPU
145827 update_protections(current->mm);
145828 @@ -2202,9 +2275,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
145829 int ret = 0;
145830 const struct kernel_symbol *ksym;
145831
145832 +#ifdef CONFIG_GRKERNSEC_MODHARDEN
145833 + int is_fs_load = 0;
145834 + int register_filesystem_found = 0;
145835 + char *p;
145836 +
145837 + p = strstr(mod->args, "grsec_modharden_fs");
145838 + if (p) {
145839 + char *endptr = p + sizeof("grsec_modharden_fs") - 1;
145840 + /* copy \0 as well */
145841 + memmove(p, endptr, strlen(mod->args) - (unsigned int)(endptr - mod->args) + 1);
145842 + is_fs_load = 1;
145843 + }
145844 +#endif
145845 +
145846 for (i = 1; i < symsec->sh_size / sizeof(Elf_Sym); i++) {
145847 const char *name = info->strtab + sym[i].st_name;
145848
145849 +#ifdef CONFIG_GRKERNSEC_MODHARDEN
145850 + /* it's a real shame this will never get ripped and copied
145851 + upstream! ;(
145852 + */
145853 + if (is_fs_load && !strcmp(name, "register_filesystem"))
145854 + register_filesystem_found = 1;
145855 +#endif
145856 +
145857 switch (sym[i].st_shndx) {
145858 case SHN_COMMON:
145859 /* Ignore common symbols */
145860 @@ -2233,7 +2328,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
145861 ksym = resolve_symbol_wait(mod, info, name);
145862 /* Ok if resolved. */
145863 if (ksym && !IS_ERR(ksym)) {
145864 + pax_open_kernel();
145865 sym[i].st_value = ksym->value;
145866 + pax_close_kernel();
145867 break;
145868 }
145869
145870 @@ -2252,11 +2349,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
145871 secbase = (unsigned long)mod_percpu(mod);
145872 else
145873 secbase = info->sechdrs[sym[i].st_shndx].sh_addr;
145874 + pax_open_kernel();
145875 sym[i].st_value += secbase;
145876 + pax_close_kernel();
145877 break;
145878 }
145879 }
145880
145881 +#ifdef CONFIG_GRKERNSEC_MODHARDEN
145882 + if (is_fs_load && !register_filesystem_found) {
145883 + printk(KERN_ALERT "grsec: Denied attempt to load non-fs module %.64s through mount\n", mod->name);
145884 + ret = -EPERM;
145885 + }
145886 +#endif
145887 +
145888 return ret;
145889 }
145890
145891 @@ -2345,26 +2451,12 @@ static void layout_sections(struct module *mod, struct load_info *info)
145892 || s->sh_entsize != ~0UL
145893 || strstarts(sname, ".init"))
145894 continue;
145895 - s->sh_entsize = get_offset(mod, &mod->core_layout.size, s, i);
145896 + if ((s->sh_flags & SHF_WRITE) || !(s->sh_flags & SHF_ALLOC))
145897 + s->sh_entsize = get_offset(mod, &mod->core_layout.size_rw, s, i);
145898 + else
145899 + s->sh_entsize = get_offset(mod, &mod->core_layout.size_rx, s, i);
145900 pr_debug("\t%s\n", sname);
145901 }
145902 - switch (m) {
145903 - case 0: /* executable */
145904 - mod->core_layout.size = debug_align(mod->core_layout.size);
145905 - mod->core_layout.text_size = mod->core_layout.size;
145906 - break;
145907 - case 1: /* RO: text and ro-data */
145908 - mod->core_layout.size = debug_align(mod->core_layout.size);
145909 - mod->core_layout.ro_size = mod->core_layout.size;
145910 - break;
145911 - case 2: /* RO after init */
145912 - mod->core_layout.size = debug_align(mod->core_layout.size);
145913 - mod->core_layout.ro_after_init_size = mod->core_layout.size;
145914 - break;
145915 - case 4: /* whole core */
145916 - mod->core_layout.size = debug_align(mod->core_layout.size);
145917 - break;
145918 - }
145919 }
145920
145921 pr_debug("Init section allocation order:\n");
145922 @@ -2378,30 +2470,13 @@ static void layout_sections(struct module *mod, struct load_info *info)
145923 || s->sh_entsize != ~0UL
145924 || !strstarts(sname, ".init"))
145925 continue;
145926 - s->sh_entsize = (get_offset(mod, &mod->init_layout.size, s, i)
145927 - | INIT_OFFSET_MASK);
145928 + if ((s->sh_flags & SHF_WRITE) || !(s->sh_flags & SHF_ALLOC))
145929 + s->sh_entsize = get_offset(mod, &mod->init_layout.size_rw, s, i);
145930 + else
145931 + s->sh_entsize = get_offset(mod, &mod->init_layout.size_rx, s, i);
145932 + s->sh_entsize |= INIT_OFFSET_MASK;
145933 pr_debug("\t%s\n", sname);
145934 }
145935 - switch (m) {
145936 - case 0: /* executable */
145937 - mod->init_layout.size = debug_align(mod->init_layout.size);
145938 - mod->init_layout.text_size = mod->init_layout.size;
145939 - break;
145940 - case 1: /* RO: text and ro-data */
145941 - mod->init_layout.size = debug_align(mod->init_layout.size);
145942 - mod->init_layout.ro_size = mod->init_layout.size;
145943 - break;
145944 - case 2:
145945 - /*
145946 - * RO after init doesn't apply to init_layout (only
145947 - * core_layout), so it just takes the value of ro_size.
145948 - */
145949 - mod->init_layout.ro_after_init_size = mod->init_layout.ro_size;
145950 - break;
145951 - case 4: /* whole init */
145952 - mod->init_layout.size = debug_align(mod->init_layout.size);
145953 - break;
145954 - }
145955 }
145956 }
145957
145958 @@ -2579,7 +2654,7 @@ static void layout_symtab(struct module *mod, struct load_info *info)
145959
145960 /* Put symbol section at end of init part of module. */
145961 symsect->sh_flags |= SHF_ALLOC;
145962 - symsect->sh_entsize = get_offset(mod, &mod->init_layout.size, symsect,
145963 + symsect->sh_entsize = get_offset(mod, &mod->init_layout.size_rx, symsect,
145964 info->index.sym) | INIT_OFFSET_MASK;
145965 pr_debug("\t%s\n", info->secstrings + symsect->sh_name);
145966
145967 @@ -2597,23 +2672,23 @@ static void layout_symtab(struct module *mod, struct load_info *info)
145968 }
145969
145970 /* Append room for core symbols at end of core part. */
145971 - info->symoffs = ALIGN(mod->core_layout.size, symsect->sh_addralign ?: 1);
145972 - info->stroffs = mod->core_layout.size = info->symoffs + ndst * sizeof(Elf_Sym);
145973 - mod->core_layout.size += strtab_size;
145974 - mod->core_layout.size = debug_align(mod->core_layout.size);
145975 + info->symoffs = ALIGN(mod->core_layout.size_rx, symsect->sh_addralign ?: 1);
145976 + info->stroffs = mod->core_layout.size_rx = info->symoffs + ndst * sizeof(Elf_Sym);
145977 + mod->core_layout.size_rx += strtab_size;
145978 + mod->core_layout.size_rx = debug_align(mod->core_layout.size_rx);
145979
145980 /* Put string table section at end of init part of module. */
145981 strsect->sh_flags |= SHF_ALLOC;
145982 - strsect->sh_entsize = get_offset(mod, &mod->init_layout.size, strsect,
145983 + strsect->sh_entsize = get_offset(mod, &mod->init_layout.size_rx, strsect,
145984 info->index.str) | INIT_OFFSET_MASK;
145985 pr_debug("\t%s\n", info->secstrings + strsect->sh_name);
145986
145987 /* We'll tack temporary mod_kallsyms on the end. */
145988 - mod->init_layout.size = ALIGN(mod->init_layout.size,
145989 + mod->init_layout.size_rx = ALIGN(mod->init_layout.size_rx,
145990 __alignof__(struct mod_kallsyms));
145991 - info->mod_kallsyms_init_off = mod->init_layout.size;
145992 - mod->init_layout.size += sizeof(struct mod_kallsyms);
145993 - mod->init_layout.size = debug_align(mod->init_layout.size);
145994 + info->mod_kallsyms_init_off = mod->init_layout.size_rx;
145995 + mod->init_layout.size_rx += sizeof(struct mod_kallsyms);
145996 + mod->init_layout.size_rx = debug_align(mod->init_layout.size_rx);
145997 }
145998
145999 /*
146000 @@ -2630,7 +2705,9 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
146001 Elf_Shdr *symsec = &info->sechdrs[info->index.sym];
146002
146003 /* Set up to point into init section. */
146004 - mod->kallsyms = mod->init_layout.base + info->mod_kallsyms_init_off;
146005 + mod->kallsyms = mod->init_layout.base_rx + info->mod_kallsyms_init_off;
146006 +
146007 + pax_open_kernel();
146008
146009 mod->kallsyms->symtab = (void *)symsec->sh_addr;
146010 mod->kallsyms->num_symtab = symsec->sh_size / sizeof(Elf_Sym);
146011 @@ -2643,8 +2720,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
146012 = elf_type(&mod->kallsyms->symtab[i], info);
146013
146014 /* Now populate the cut down core kallsyms for after init. */
146015 - mod->core_kallsyms.symtab = dst = mod->core_layout.base + info->symoffs;
146016 - mod->core_kallsyms.strtab = s = mod->core_layout.base + info->stroffs;
146017 + mod->core_kallsyms.symtab = dst = mod->core_layout.base_rx + info->symoffs;
146018 + mod->core_kallsyms.strtab = s = mod->core_layout.base_rx + info->stroffs;
146019 src = mod->kallsyms->symtab;
146020 for (ndst = i = 0; i < mod->kallsyms->num_symtab; i++) {
146021 if (i == 0 || is_livepatch_module(mod) ||
146022 @@ -2657,6 +2734,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
146023 }
146024 }
146025 mod->core_kallsyms.num_symtab = ndst;
146026 +
146027 + pax_close_kernel();
146028 }
146029 #else
146030 static inline void layout_symtab(struct module *mod, struct load_info *info)
146031 @@ -2924,7 +3003,15 @@ static struct module *setup_load_info(struct load_info *info, int flags)
146032 mod = (void *)info->sechdrs[info->index.mod].sh_addr;
146033
146034 if (info->index.sym == 0) {
146035 +#ifdef CONFIG_GRKERNSEC_RANDSTRUCT
146036 + /*
146037 + * avoid potentially printing jibberish on attempted load
146038 + * of a module randomized with a different seed
146039 + */
146040 + pr_warn("module has no symbols (stripped?)\n");
146041 +#else
146042 pr_warn("%s: module has no symbols (stripped?)\n", mod->name);
146043 +#endif
146044 return ERR_PTR(-ENOEXEC);
146045 }
146046
146047 @@ -2940,8 +3027,16 @@ static struct module *setup_load_info(struct load_info *info, int flags)
146048 static int check_modinfo(struct module *mod, struct load_info *info, int flags)
146049 {
146050 const char *modmagic = get_modinfo(info, "vermagic");
146051 + const char *license = get_modinfo(info, "license");
146052 int err;
146053
146054 +#if defined(CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR) || defined(CONFIG_PAX_RAP)
146055 + if (!license || !license_is_gpl_compatible(license)) {
146056 + pr_err("%s: module is not compatible with the KERNEXEC 'or' method and RAP\n", mod->name);
146057 + return -ENOEXEC;
146058 + }
146059 +#endif
146060 +
146061 if (flags & MODULE_INIT_IGNORE_VERMAGIC)
146062 modmagic = NULL;
146063
146064 @@ -2974,7 +3069,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
146065 return err;
146066
146067 /* Set up license info based on the info section */
146068 - set_license(mod, get_modinfo(info, "license"));
146069 + set_license(mod, license);
146070
146071 return 0;
146072 }
146073 @@ -3071,7 +3166,7 @@ static int move_module(struct module *mod, struct load_info *info)
146074 void *ptr;
146075
146076 /* Do the allocs. */
146077 - ptr = module_alloc(mod->core_layout.size);
146078 + ptr = module_alloc(mod->core_layout.size_rw);
146079 /*
146080 * The pointer to this block is stored in the module structure
146081 * which is inside the block. Just mark it as not being a
146082 @@ -3081,11 +3176,11 @@ static int move_module(struct module *mod, struct load_info *info)
146083 if (!ptr)
146084 return -ENOMEM;
146085
146086 - memset(ptr, 0, mod->core_layout.size);
146087 - mod->core_layout.base = ptr;
146088 + memset(ptr, 0, mod->core_layout.size_rw);
146089 + mod->core_layout.base_rw = ptr;
146090
146091 - if (mod->init_layout.size) {
146092 - ptr = module_alloc(mod->init_layout.size);
146093 + if (mod->init_layout.size_rw) {
146094 + ptr = module_alloc(mod->init_layout.size_rw);
146095 /*
146096 * The pointer to this block is stored in the module structure
146097 * which is inside the block. This block doesn't need to be
146098 @@ -3094,13 +3189,45 @@ static int move_module(struct module *mod, struct load_info *info)
146099 */
146100 kmemleak_ignore(ptr);
146101 if (!ptr) {
146102 - module_memfree(mod->core_layout.base);
146103 + module_memfree(mod->core_layout.base_rw);
146104 return -ENOMEM;
146105 }
146106 - memset(ptr, 0, mod->init_layout.size);
146107 - mod->init_layout.base = ptr;
146108 + memset(ptr, 0, mod->init_layout.size_rw);
146109 + mod->init_layout.base_rw = ptr;
146110 } else
146111 - mod->init_layout.base = NULL;
146112 + mod->init_layout.base_rw = NULL;
146113 +
146114 + ptr = module_alloc_exec(mod->core_layout.size_rx);
146115 + kmemleak_not_leak(ptr);
146116 + if (!ptr) {
146117 + if (mod->init_layout.base_rw)
146118 + module_memfree(mod->init_layout.base_rw);
146119 + module_memfree(mod->core_layout.base_rw);
146120 + return -ENOMEM;
146121 + }
146122 +
146123 + pax_open_kernel();
146124 + memset(ptr, 0, mod->core_layout.size_rx);
146125 + pax_close_kernel();
146126 + mod->core_layout.base_rx = ptr;
146127 +
146128 + if (mod->init_layout.size_rx) {
146129 + ptr = module_alloc_exec(mod->init_layout.size_rx);
146130 + kmemleak_ignore(ptr);
146131 + if (!ptr) {
146132 + module_memfree(mod->core_layout.base_rx);
146133 + if (mod->init_layout.base_rw)
146134 + module_memfree(mod->init_layout.base_rw);
146135 + module_memfree(mod->core_layout.base_rw);
146136 + return -ENOMEM;
146137 + }
146138 +
146139 + pax_open_kernel();
146140 + memset(ptr, 0, mod->init_layout.size_rx);
146141 + pax_close_kernel();
146142 + mod->init_layout.base_rx = ptr;
146143 + } else
146144 + mod->init_layout.base_rx = NULL;
146145
146146 /* Transfer each section which specifies SHF_ALLOC */
146147 pr_debug("final section addresses:\n");
146148 @@ -3111,16 +3238,45 @@ static int move_module(struct module *mod, struct load_info *info)
146149 if (!(shdr->sh_flags & SHF_ALLOC))
146150 continue;
146151
146152 - if (shdr->sh_entsize & INIT_OFFSET_MASK)
146153 - dest = mod->init_layout.base
146154 - + (shdr->sh_entsize & ~INIT_OFFSET_MASK);
146155 - else
146156 - dest = mod->core_layout.base + shdr->sh_entsize;
146157 + if (shdr->sh_entsize & INIT_OFFSET_MASK) {
146158 + if ((shdr->sh_flags & SHF_WRITE) || !(shdr->sh_flags & SHF_ALLOC))
146159 + dest = mod->init_layout.base_rw
146160 + + (shdr->sh_entsize & ~INIT_OFFSET_MASK);
146161 + else
146162 + dest = mod->init_layout.base_rx
146163 + + (shdr->sh_entsize & ~INIT_OFFSET_MASK);
146164 + } else {
146165 + if ((shdr->sh_flags & SHF_WRITE) || !(shdr->sh_flags & SHF_ALLOC))
146166 + dest = mod->core_layout.base_rw + shdr->sh_entsize;
146167 + else
146168 + dest = mod->core_layout.base_rx + shdr->sh_entsize;
146169 + }
146170 +
146171 + if (shdr->sh_type != SHT_NOBITS) {
146172 +
146173 +#ifdef CONFIG_PAX_KERNEXEC
146174 +#ifdef CONFIG_X86_64
146175 + if ((shdr->sh_flags & SHF_WRITE) && (shdr->sh_flags & SHF_EXECINSTR))
146176 + set_memory_x((unsigned long)dest, (shdr->sh_size + PAGE_SIZE) >> PAGE_SHIFT);
146177 +#endif
146178 + if (!(shdr->sh_flags & SHF_WRITE) && (shdr->sh_flags & SHF_ALLOC)) {
146179 + pax_open_kernel();
146180 + memcpy(dest, (void *)shdr->sh_addr, shdr->sh_size);
146181 + pax_close_kernel();
146182 + } else
146183 +#endif
146184
146185 - if (shdr->sh_type != SHT_NOBITS)
146186 memcpy(dest, (void *)shdr->sh_addr, shdr->sh_size);
146187 + }
146188 /* Update sh_addr to point to copy in image. */
146189 - shdr->sh_addr = (unsigned long)dest;
146190 +
146191 +#ifdef CONFIG_PAX_KERNEXEC
146192 + if (shdr->sh_flags & SHF_EXECINSTR)
146193 + shdr->sh_addr = ktva_ktla((unsigned long)dest);
146194 + else
146195 +#endif
146196 +
146197 + shdr->sh_addr = (unsigned long)dest;
146198 pr_debug("\t0x%lx %s\n",
146199 (long)shdr->sh_addr, info->secstrings + shdr->sh_name);
146200 }
146201 @@ -3182,12 +3338,12 @@ static void flush_module_icache(const struct module *mod)
146202 * Do it before processing of module parameters, so the module
146203 * can provide parameter accessor functions of its own.
146204 */
146205 - if (mod->init_layout.base)
146206 - flush_icache_range((unsigned long)mod->init_layout.base,
146207 - (unsigned long)mod->init_layout.base
146208 - + mod->init_layout.size);
146209 - flush_icache_range((unsigned long)mod->core_layout.base,
146210 - (unsigned long)mod->core_layout.base + mod->core_layout.size);
146211 + if (mod->init_layout.base_rx)
146212 + flush_icache_range((unsigned long)mod->init_layout.base_rx,
146213 + (unsigned long)mod->init_layout.base_rx
146214 + + mod->init_layout.size_rx);
146215 + flush_icache_range((unsigned long)mod->core_layout.base_rx,
146216 + (unsigned long)mod->core_layout.base_rx + mod->core_layout.size_rx);
146217
146218 set_fs(old_fs);
146219 }
146220 @@ -3279,8 +3435,10 @@ static void module_deallocate(struct module *mod, struct load_info *info)
146221 {
146222 percpu_modfree(mod);
146223 module_arch_freeing_init(mod);
146224 - module_memfree(mod->init_layout.base);
146225 - module_memfree(mod->core_layout.base);
146226 + module_memfree_exec(mod->init_layout.base_rx);
146227 + module_memfree_exec(mod->core_layout.base_rx);
146228 + module_memfree(mod->init_layout.base_rw);
146229 + module_memfree(mod->core_layout.base_rw);
146230 }
146231
146232 int __weak module_finalize(const Elf_Ehdr *hdr,
146233 @@ -3293,7 +3451,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
146234 static int post_relocation(struct module *mod, const struct load_info *info)
146235 {
146236 /* Sort exception table now relocations are done. */
146237 + pax_open_kernel();
146238 sort_extable(mod->extable, mod->extable + mod->num_exentries);
146239 + pax_close_kernel();
146240
146241 /* Copy relocated percpu area over. */
146242 percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr,
146243 @@ -3341,13 +3501,15 @@ static void do_mod_ctors(struct module *mod)
146244 /* For freeing module_init on success, in case kallsyms traversing */
146245 struct mod_initfree {
146246 struct rcu_head rcu;
146247 - void *module_init;
146248 + void *module_init_rw;
146249 + void *module_init_rx;
146250 };
146251
146252 static void do_free_init(struct rcu_head *head)
146253 {
146254 struct mod_initfree *m = container_of(head, struct mod_initfree, rcu);
146255 - module_memfree(m->module_init);
146256 + module_memfree(m->module_init_rw);
146257 + module_memfree_exec(m->module_init_rx);
146258 kfree(m);
146259 }
146260
146261 @@ -3367,7 +3529,8 @@ static noinline int do_init_module(struct module *mod)
146262 ret = -ENOMEM;
146263 goto fail;
146264 }
146265 - freeinit->module_init = mod->init_layout.base;
146266 + freeinit->module_init_rx = mod->init_layout.base_rx;
146267 + freeinit->module_init_rw = mod->init_layout.base_rw;
146268
146269 /*
146270 * We want to find out whether @mod uses async during init. Clear
146271 @@ -3427,11 +3590,10 @@ static noinline int do_init_module(struct module *mod)
146272 mod_tree_remove_init(mod);
146273 disable_ro_nx(&mod->init_layout);
146274 module_arch_freeing_init(mod);
146275 - mod->init_layout.base = NULL;
146276 - mod->init_layout.size = 0;
146277 - mod->init_layout.ro_size = 0;
146278 - mod->init_layout.ro_after_init_size = 0;
146279 - mod->init_layout.text_size = 0;
146280 + mod->init_layout.base_rx = NULL;
146281 + mod->init_layout.base_rw = NULL;
146282 + mod->init_layout.size_rx = 0;
146283 + mod->init_layout.size_rw = 0;
146284 /*
146285 * We want to free module_init, but be aware that kallsyms may be
146286 * walking this with preempt disabled. In all the failure paths, we
146287 @@ -3630,9 +3792,38 @@ static int load_module(struct load_info *info, const char __user *uargs,
146288 if (err)
146289 goto free_unload;
146290
146291 + /* Now copy in args */
146292 + mod->args = strndup_user(uargs, ~0UL >> 1);
146293 + if (IS_ERR(mod->args)) {
146294 + err = PTR_ERR(mod->args);
146295 + goto free_unload;
146296 + }
146297 +
146298 /* Set up MODINFO_ATTR fields */
146299 setup_modinfo(mod, info);
146300
146301 +#ifdef CONFIG_GRKERNSEC_MODHARDEN
146302 + {
146303 + char *p, *p2;
146304 +
146305 + if (strstr(mod->args, "grsec_modharden_netdev")) {
146306 + printk(KERN_ALERT "grsec: denied auto-loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev-%.64s instead.", mod->name);
146307 + err = -EPERM;
146308 + goto free_modinfo;
146309 + } else if ((p = strstr(mod->args, "grsec_modharden_normal"))) {
146310 + p += sizeof("grsec_modharden_normal") - 1;
146311 + p2 = strstr(p, "_");
146312 + if (p2) {
146313 + *p2 = '\0';
146314 + printk(KERN_ALERT "grsec: denied kernel module auto-load of %.64s by uid %.9s\n", mod->name, p);
146315 + *p2 = '_';
146316 + }
146317 + err = -EPERM;
146318 + goto free_modinfo;
146319 + }
146320 + }
146321 +#endif
146322 +
146323 /* Fix up syms, so that st_value is a pointer to location. */
146324 err = simplify_symbols(mod, info);
146325 if (err < 0)
146326 @@ -3648,13 +3839,6 @@ static int load_module(struct load_info *info, const char __user *uargs,
146327
146328 flush_module_icache(mod);
146329
146330 - /* Now copy in args */
146331 - mod->args = strndup_user(uargs, ~0UL >> 1);
146332 - if (IS_ERR(mod->args)) {
146333 - err = PTR_ERR(mod->args);
146334 - goto free_arch_cleanup;
146335 - }
146336 -
146337 dynamic_debug_setup(info->debug, info->num_debug);
146338
146339 /* Ftrace init must be called in the MODULE_STATE_UNFORMED state */
146340 @@ -3719,11 +3903,10 @@ static int load_module(struct load_info *info, const char __user *uargs,
146341 ddebug_cleanup:
146342 dynamic_debug_remove(info->debug);
146343 synchronize_sched();
146344 - kfree(mod->args);
146345 - free_arch_cleanup:
146346 module_arch_cleanup(mod);
146347 free_modinfo:
146348 free_modinfo(mod);
146349 + kfree(mod->args);
146350 free_unload:
146351 module_unload_free(mod);
146352 unlink_mod:
146353 @@ -3743,7 +3926,8 @@ static int load_module(struct load_info *info, const char __user *uargs,
146354 */
146355 ftrace_release_mod(mod);
146356 /* Free lock-classes; relies on the preceding sync_rcu() */
146357 - lockdep_free_key_range(mod->core_layout.base, mod->core_layout.size);
146358 + lockdep_free_key_range(mod->core_layout.base_rw, mod->core_layout.size_rw);
146359 + lockdep_free_key_range(mod->core_layout.base_rx, mod->core_layout.size_rx);
146360
146361 module_deallocate(mod, info);
146362 free_copy:
146363 @@ -3831,10 +4015,16 @@ static const char *get_ksymbol(struct module *mod,
146364 struct mod_kallsyms *kallsyms = rcu_dereference_sched(mod->kallsyms);
146365
146366 /* At worse, next value is at end of module */
146367 - if (within_module_init(addr, mod))
146368 - nextval = (unsigned long)mod->init_layout.base+mod->init_layout.text_size;
146369 + if (within_module_rx(addr, &mod->init_layout))
146370 + nextval = (unsigned long)mod->init_layout.base_rx+mod->init_layout.size_rx;
146371 + else if (within_module_rw(addr, &mod->init_layout))
146372 + nextval = (unsigned long)mod->init_layout.base_rw+mod->init_layout.size_rw;
146373 + else if (within_module_rx(addr, &mod->core_layout))
146374 + nextval = (unsigned long)mod->core_layout.base_rx+mod->core_layout.size_rx;
146375 + else if (within_module_rw(addr, &mod->core_layout))
146376 + nextval = (unsigned long)mod->core_layout.base_rw+mod->core_layout.size_rw;
146377 else
146378 - nextval = (unsigned long)mod->core_layout.base+mod->core_layout.text_size;
146379 + return NULL;
146380
146381 /* Scan for closest preceding symbol, and next symbol. (ELF
146382 starts real symbols at 1). */
146383 @@ -4087,7 +4277,7 @@ static int m_show(struct seq_file *m, void *p)
146384 return 0;
146385
146386 seq_printf(m, "%s %u",
146387 - mod->name, mod->init_layout.size + mod->core_layout.size);
146388 + mod->name, mod->init_layout.size_rx + mod->init_layout.size_rw + mod->core_layout.size_rx + mod->core_layout.size_rw);
146389 print_unload_info(m, mod);
146390
146391 /* Informative for users. */
146392 @@ -4096,7 +4286,7 @@ static int m_show(struct seq_file *m, void *p)
146393 mod->state == MODULE_STATE_COMING ? "Loading" :
146394 "Live");
146395 /* Used by oprofile and other similar tools. */
146396 - seq_printf(m, " 0x%pK", mod->core_layout.base);
146397 + seq_printf(m, " 0x%pK 0x%pK", mod->core_layout.base_rx, mod->core_layout.base_rw);
146398
146399 /* Taints info */
146400 if (mod->taints)
146401 @@ -4132,7 +4322,17 @@ static const struct file_operations proc_modules_operations = {
146402
146403 static int __init proc_modules_init(void)
146404 {
146405 +#ifndef CONFIG_GRKERNSEC_HIDESYM
146406 +#ifdef CONFIG_GRKERNSEC_PROC_USER
146407 + proc_create("modules", S_IRUSR, NULL, &proc_modules_operations);
146408 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
146409 + proc_create("modules", S_IRUSR | S_IRGRP, NULL, &proc_modules_operations);
146410 +#else
146411 proc_create("modules", 0, NULL, &proc_modules_operations);
146412 +#endif
146413 +#else
146414 + proc_create("modules", S_IRUSR, NULL, &proc_modules_operations);
146415 +#endif
146416 return 0;
146417 }
146418 module_init(proc_modules_init);
146419 @@ -4193,7 +4393,15 @@ struct module *__module_address(unsigned long addr)
146420 {
146421 struct module *mod;
146422
146423 - if (addr < module_addr_min || addr > module_addr_max)
146424 +#ifdef CONFIG_X86_32
146425 + unsigned long vaddr = ktla_ktva(addr);
146426 +
146427 + if (module_addr_min_rx <= vaddr && vaddr <= module_addr_max_rx)
146428 + addr = vaddr;
146429 +#endif
146430 +
146431 + if ((addr < module_addr_min_rx || addr > module_addr_max_rx) &&
146432 + (addr < module_addr_min_rw || addr > module_addr_max_rw))
146433 return NULL;
146434
146435 module_assert_mutex_or_preempt();
146436 @@ -4236,11 +4444,21 @@ bool is_module_text_address(unsigned long addr)
146437 */
146438 struct module *__module_text_address(unsigned long addr)
146439 {
146440 - struct module *mod = __module_address(addr);
146441 + struct module *mod;
146442 +
146443 +#ifdef CONFIG_X86_32
146444 + addr = ktla_ktva(addr);
146445 +#endif
146446 +
146447 + if (addr < module_addr_min_rx || addr > module_addr_max_rx)
146448 + return NULL;
146449 +
146450 + mod = __module_address(addr);
146451 +
146452 if (mod) {
146453 /* Make sure it's within the text section. */
146454 - if (!within(addr, mod->init_layout.base, mod->init_layout.text_size)
146455 - && !within(addr, mod->core_layout.base, mod->core_layout.text_size))
146456 + if (!within_module_rx(addr, &mod->init_layout)
146457 + && !within_module_rx(addr, &mod->core_layout))
146458 mod = NULL;
146459 }
146460 return mod;
146461 @@ -4270,7 +4488,7 @@ void print_modules(void)
146462 #ifdef CONFIG_MODVERSIONS
146463 /* Generate the signature for all relevant module structures here.
146464 * If these change, we don't want to try to parse the module. */
146465 -void module_layout(struct module *mod,
146466 +__visible void module_layout(struct module *mod,
146467 struct modversion_info *ver,
146468 struct kernel_param *kp,
146469 struct kernel_symbol *ks,
146470 diff --git a/kernel/notifier.c b/kernel/notifier.c
146471 index fd2c9ac..6263e05 100644
146472 --- a/kernel/notifier.c
146473 +++ b/kernel/notifier.c
146474 @@ -5,6 +5,7 @@
146475 #include <linux/rcupdate.h>
146476 #include <linux/vmalloc.h>
146477 #include <linux/reboot.h>
146478 +#include <linux/mm.h>
146479
146480 /*
146481 * Notifier list for kernel code which wants to be called
146482 @@ -24,10 +25,12 @@ static int notifier_chain_register(struct notifier_block **nl,
146483 while ((*nl) != NULL) {
146484 if (n->priority > (*nl)->priority)
146485 break;
146486 - nl = &((*nl)->next);
146487 + nl = (struct notifier_block **)&((*nl)->next);
146488 }
146489 - n->next = *nl;
146490 + pax_open_kernel();
146491 + const_cast(n->next) = *nl;
146492 rcu_assign_pointer(*nl, n);
146493 + pax_close_kernel();
146494 return 0;
146495 }
146496
146497 @@ -39,10 +42,12 @@ static int notifier_chain_cond_register(struct notifier_block **nl,
146498 return 0;
146499 if (n->priority > (*nl)->priority)
146500 break;
146501 - nl = &((*nl)->next);
146502 + nl = (struct notifier_block **)&((*nl)->next);
146503 }
146504 - n->next = *nl;
146505 + pax_open_kernel();
146506 + const_cast(n->next) = *nl;
146507 rcu_assign_pointer(*nl, n);
146508 + pax_close_kernel();
146509 return 0;
146510 }
146511
146512 @@ -51,10 +56,12 @@ static int notifier_chain_unregister(struct notifier_block **nl,
146513 {
146514 while ((*nl) != NULL) {
146515 if ((*nl) == n) {
146516 + pax_open_kernel();
146517 rcu_assign_pointer(*nl, n->next);
146518 + pax_close_kernel();
146519 return 0;
146520 }
146521 - nl = &((*nl)->next);
146522 + nl = (struct notifier_block **)&((*nl)->next);
146523 }
146524 return -ENOENT;
146525 }
146526 diff --git a/kernel/padata.c b/kernel/padata.c
146527 index 9932788..7052e20 100644
146528 --- a/kernel/padata.c
146529 +++ b/kernel/padata.c
146530 @@ -54,7 +54,7 @@ static int padata_cpu_hash(struct parallel_data *pd)
146531 * seq_nr mod. number of cpus in use.
146532 */
146533
146534 - seq_nr = atomic_inc_return(&pd->seq_nr);
146535 + seq_nr = atomic_inc_return_unchecked(&pd->seq_nr);
146536 cpu_index = seq_nr % cpumask_weight(pd->cpumask.pcpu);
146537
146538 return padata_index_to_cpu(pd, cpu_index);
146539 @@ -428,7 +428,7 @@ static struct parallel_data *padata_alloc_pd(struct padata_instance *pinst,
146540 padata_init_pqueues(pd);
146541 padata_init_squeues(pd);
146542 setup_timer(&pd->timer, padata_reorder_timer, (unsigned long)pd);
146543 - atomic_set(&pd->seq_nr, -1);
146544 + atomic_set_unchecked(&pd->seq_nr, -1);
146545 atomic_set(&pd->reorder_objects, 0);
146546 atomic_set(&pd->refcnt, 0);
146547 pd->pinst = pinst;
146548 diff --git a/kernel/panic.c b/kernel/panic.c
146549 index ca8cea1..2de8171 100644
146550 --- a/kernel/panic.c
146551 +++ b/kernel/panic.c
146552 @@ -56,7 +56,7 @@ EXPORT_SYMBOL(panic_blink);
146553 /*
146554 * Stop ourself in panic -- architecture code may override this
146555 */
146556 -void __weak panic_smp_self_stop(void)
146557 +void __weak __noreturn panic_smp_self_stop(void)
146558 {
146559 while (1)
146560 cpu_relax();
146561 @@ -488,11 +488,11 @@ void __warn(const char *file, int line, void *caller, unsigned taint,
146562 pr_warn("------------[ cut here ]------------\n");
146563
146564 if (file)
146565 - pr_warn("WARNING: CPU: %d PID: %d at %s:%d %pS\n",
146566 + pr_warn("WARNING: CPU: %d PID: %d at %s:%d %pA\n",
146567 raw_smp_processor_id(), current->pid, file, line,
146568 caller);
146569 else
146570 - pr_warn("WARNING: CPU: %d PID: %d at %pS\n",
146571 + pr_warn("WARNING: CPU: %d PID: %d at %pA\n",
146572 raw_smp_processor_id(), current->pid, caller);
146573
146574 if (args)
146575 @@ -523,7 +523,7 @@ void __warn(const char *file, int line, void *caller, unsigned taint,
146576 }
146577
146578 #ifdef WANT_WARN_ON_SLOWPATH
146579 -void warn_slowpath_fmt(const char *file, int line, const char *fmt, ...)
146580 +void warn_slowpath_fmt(const char *file, const int line, const char *fmt, ...)
146581 {
146582 struct warn_args args;
146583
146584 @@ -535,7 +535,7 @@ void warn_slowpath_fmt(const char *file, int line, const char *fmt, ...)
146585 }
146586 EXPORT_SYMBOL(warn_slowpath_fmt);
146587
146588 -void warn_slowpath_fmt_taint(const char *file, int line,
146589 +void warn_slowpath_fmt_taint(const char *file, const int line,
146590 unsigned taint, const char *fmt, ...)
146591 {
146592 struct warn_args args;
146593 @@ -547,7 +547,7 @@ void warn_slowpath_fmt_taint(const char *file, int line,
146594 }
146595 EXPORT_SYMBOL(warn_slowpath_fmt_taint);
146596
146597 -void warn_slowpath_null(const char *file, int line)
146598 +void warn_slowpath_null(const char *file, const int line)
146599 {
146600 __warn(file, line, __builtin_return_address(0), TAINT_WARN, NULL, NULL);
146601 }
146602 @@ -562,7 +562,8 @@ EXPORT_SYMBOL(warn_slowpath_null);
146603 */
146604 __visible void __stack_chk_fail(void)
146605 {
146606 - panic("stack-protector: Kernel stack is corrupted in: %p\n",
146607 + dump_stack();
146608 + panic("stack-protector: Kernel stack is corrupted in: %pA\n",
146609 __builtin_return_address(0));
146610 }
146611 EXPORT_SYMBOL(__stack_chk_fail);
146612 diff --git a/kernel/pid.c b/kernel/pid.c
146613 index f66162f..e950a59 100644
146614 --- a/kernel/pid.c
146615 +++ b/kernel/pid.c
146616 @@ -33,6 +33,7 @@
146617 #include <linux/rculist.h>
146618 #include <linux/bootmem.h>
146619 #include <linux/hash.h>
146620 +#include <linux/security.h>
146621 #include <linux/pid_namespace.h>
146622 #include <linux/init_task.h>
146623 #include <linux/syscalls.h>
146624 @@ -47,7 +48,7 @@ struct pid init_struct_pid = INIT_STRUCT_PID;
146625
146626 int pid_max = PID_MAX_DEFAULT;
146627
146628 -#define RESERVED_PIDS 300
146629 +#define RESERVED_PIDS 500
146630
146631 int pid_max_min = RESERVED_PIDS + 1;
146632 int pid_max_max = PID_MAX_LIMIT;
146633 @@ -451,9 +452,17 @@ EXPORT_SYMBOL(pid_task);
146634 */
146635 struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns)
146636 {
146637 + struct task_struct *task;
146638 +
146639 RCU_LOCKDEP_WARN(!rcu_read_lock_held(),
146640 "find_task_by_pid_ns() needs rcu_read_lock() protection");
146641 - return pid_task(find_pid_ns(nr, ns), PIDTYPE_PID);
146642 +
146643 + task = pid_task(find_pid_ns(nr, ns), PIDTYPE_PID);
146644 +
146645 + if (gr_pid_is_chrooted(task))
146646 + return NULL;
146647 +
146648 + return task;
146649 }
146650
146651 struct task_struct *find_task_by_vpid(pid_t vnr)
146652 @@ -461,6 +470,13 @@ struct task_struct *find_task_by_vpid(pid_t vnr)
146653 return find_task_by_pid_ns(vnr, task_active_pid_ns(current));
146654 }
146655
146656 +struct task_struct *find_task_by_vpid_unrestricted(pid_t vnr)
146657 +{
146658 + RCU_LOCKDEP_WARN(!rcu_read_lock_held(),
146659 + "find_task_by_pid_ns() needs rcu_read_lock() protection");
146660 + return pid_task(find_pid_ns(vnr, task_active_pid_ns(current)), PIDTYPE_PID);
146661 +}
146662 +
146663 struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
146664 {
146665 struct pid *pid;
146666 @@ -497,9 +513,9 @@ struct pid *find_get_pid(pid_t nr)
146667 }
146668 EXPORT_SYMBOL_GPL(find_get_pid);
146669
146670 -pid_t pid_nr_ns(struct pid *pid, struct pid_namespace *ns)
146671 +pid_t pid_nr_ns(const struct pid *pid, const struct pid_namespace *ns)
146672 {
146673 - struct upid *upid;
146674 + const struct upid *upid;
146675 pid_t nr = 0;
146676
146677 if (pid && ns->level <= pid->level) {
146678 @@ -511,7 +527,7 @@ pid_t pid_nr_ns(struct pid *pid, struct pid_namespace *ns)
146679 }
146680 EXPORT_SYMBOL_GPL(pid_nr_ns);
146681
146682 -pid_t pid_vnr(struct pid *pid)
146683 +pid_t pid_vnr(const struct pid *pid)
146684 {
146685 return pid_nr_ns(pid, task_active_pid_ns(current));
146686 }
146687 diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
146688 index a65ba13..f600dbb 100644
146689 --- a/kernel/pid_namespace.c
146690 +++ b/kernel/pid_namespace.c
146691 @@ -274,7 +274,7 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int write,
146692 void __user *buffer, size_t *lenp, loff_t *ppos)
146693 {
146694 struct pid_namespace *pid_ns = task_active_pid_ns(current);
146695 - struct ctl_table tmp = *table;
146696 + ctl_table_no_const tmp = *table;
146697
146698 if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN))
146699 return -EPERM;
146700 diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig
146701 index 68d3ebc..554935d 100644
146702 --- a/kernel/power/Kconfig
146703 +++ b/kernel/power/Kconfig
146704 @@ -34,6 +34,7 @@ config HIBERNATE_CALLBACKS
146705 config HIBERNATION
146706 bool "Hibernation (aka 'suspend to disk')"
146707 depends on SWAP && ARCH_HIBERNATION_POSSIBLE
146708 + depends on !GRKERNSEC_KMEM
146709 select HIBERNATE_CALLBACKS
146710 select LZO_COMPRESS
146711 select LZO_DECOMPRESS
146712 diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
146713 index 33c79b6..b26dbc4 100644
146714 --- a/kernel/power/hibernate.c
146715 +++ b/kernel/power/hibernate.c
146716 @@ -306,8 +306,10 @@ static int create_image(int platform_mode)
146717 if (error)
146718 printk(KERN_ERR "PM: Error %d creating hibernation image\n",
146719 error);
146720 - if (!in_suspend)
146721 + if (!in_suspend) {
146722 events_check_enabled = false;
146723 + clear_free_pages();
146724 + }
146725
146726 platform_leave(platform_mode);
146727
146728 @@ -1189,22 +1191,6 @@ static int __init nohibernate_setup(char *str)
146729 return 1;
146730 }
146731
146732 -static int __init page_poison_nohibernate_setup(char *str)
146733 -{
146734 -#ifdef CONFIG_PAGE_POISONING_ZERO
146735 - /*
146736 - * The zeroing option for page poison skips the checks on alloc.
146737 - * since hibernation doesn't save free pages there's no way to
146738 - * guarantee the pages will still be zeroed.
146739 - */
146740 - if (!strcmp(str, "on")) {
146741 - pr_info("Disabling hibernation due to page poisoning\n");
146742 - return nohibernate_setup(str);
146743 - }
146744 -#endif
146745 - return 1;
146746 -}
146747 -
146748 __setup("noresume", noresume_setup);
146749 __setup("resume_offset=", resume_offset_setup);
146750 __setup("resume=", resume_setup);
146751 @@ -1212,4 +1198,3 @@ __setup("hibernate=", hibernate_setup);
146752 __setup("resumewait", resumewait_setup);
146753 __setup("resumedelay=", resumedelay_setup);
146754 __setup("nohibernate", nohibernate_setup);
146755 -__setup("page_poison=", page_poison_nohibernate_setup);
146756 diff --git a/kernel/power/power.h b/kernel/power/power.h
146757 index 242d8b8..56d1d0d 100644
146758 --- a/kernel/power/power.h
146759 +++ b/kernel/power/power.h
146760 @@ -110,6 +110,8 @@ extern int create_basic_memory_bitmaps(void);
146761 extern void free_basic_memory_bitmaps(void);
146762 extern int hibernate_preallocate_memory(void);
146763
146764 +extern void clear_free_pages(void);
146765 +
146766 /**
146767 * Auxiliary structure used for reading the snapshot image data and
146768 * metadata from and writing them to the list of page backup entries
146769 diff --git a/kernel/power/process.c b/kernel/power/process.c
146770 index 8f27d5a..e7389a0 100644
146771 --- a/kernel/power/process.c
146772 +++ b/kernel/power/process.c
146773 @@ -34,6 +34,7 @@ static int try_to_freeze_tasks(bool user_only)
146774 unsigned int elapsed_msecs;
146775 bool wakeup = false;
146776 int sleep_usecs = USEC_PER_MSEC;
146777 + bool timedout = false;
146778
146779 start = ktime_get_boottime();
146780
146781 @@ -44,13 +45,20 @@ static int try_to_freeze_tasks(bool user_only)
146782
146783 while (true) {
146784 todo = 0;
146785 + if (time_after(jiffies, end_time))
146786 + timedout = true;
146787 read_lock(&tasklist_lock);
146788 for_each_process_thread(g, p) {
146789 if (p == current || !freeze_task(p))
146790 continue;
146791
146792 - if (!freezer_should_skip(p))
146793 + if (!freezer_should_skip(p)) {
146794 todo++;
146795 + if (timedout) {
146796 + printk(KERN_ERR "Task refusing to freeze:\n");
146797 + sched_show_task(p);
146798 + }
146799 + }
146800 }
146801 read_unlock(&tasklist_lock);
146802
146803 @@ -59,7 +67,7 @@ static int try_to_freeze_tasks(bool user_only)
146804 todo += wq_busy;
146805 }
146806
146807 - if (!todo || time_after(jiffies, end_time))
146808 + if (!todo || timedout)
146809 break;
146810
146811 if (pm_wakeup_pending()) {
146812 diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c
146813 index b022284..b48c449 100644
146814 --- a/kernel/power/snapshot.c
146815 +++ b/kernel/power/snapshot.c
146816 @@ -1020,6 +1020,28 @@ static void swsusp_unset_page_forbidden(struct page *page)
146817 memory_bm_clear_bit(forbidden_pages_map, page_to_pfn(page));
146818 }
146819
146820 +void clear_free_pages(void)
146821 +{
146822 +#if defined(CONFIG_PAX_MEMORY_SANITIZE) || defined(CONFIG_PAGE_POISONING_ZERO)
146823 + struct memory_bitmap *bm = free_pages_map;
146824 + unsigned long pfn;
146825 +
146826 + if (WARN_ON(!(free_pages_map)))
146827 + return;
146828 +
146829 + memory_bm_position_reset(bm);
146830 + pfn = memory_bm_next_pfn(bm);
146831 + while (pfn != BM_END_OF_MAP) {
146832 + if (pfn_valid(pfn))
146833 + clear_highpage(pfn_to_page(pfn));
146834 +
146835 + pfn = memory_bm_next_pfn(bm);
146836 + }
146837 + memory_bm_position_reset(bm);
146838 + pr_info("PM: free pages cleared after restore\n");
146839 +#endif /* CONFIG_PAX_MEMORY_SANITIZE || PAGE_POISONING_ZERO */
146840 +}
146841 +
146842 /**
146843 * mark_nosave_pages - Mark pages that should not be saved.
146844 * @bm: Memory bitmap.
146845 @@ -1132,6 +1154,26 @@ void free_basic_memory_bitmaps(void)
146846 pr_debug("PM: Basic memory bitmaps freed\n");
146847 }
146848
146849 +void clear_free_pages(void)
146850 +{
146851 + struct memory_bitmap *bm = free_pages_map;
146852 + unsigned long pfn;
146853 +
146854 + if (WARN_ON(!(free_pages_map)))
146855 + return;
146856 +
146857 + memory_bm_position_reset(bm);
146858 + pfn = memory_bm_next_pfn(bm);
146859 + while (pfn != BM_END_OF_MAP) {
146860 + if (pfn_valid(pfn))
146861 + clear_highpage(pfn_to_page(pfn));
146862 +
146863 + pfn = memory_bm_next_pfn(bm);
146864 + }
146865 + memory_bm_position_reset(bm);
146866 + pr_info("PM: free pages cleared after restore\n");
146867 +}
146868 +
146869 /**
146870 * snapshot_additional_pages - Estimate the number of extra pages needed.
146871 * @zone: Memory zone to carry out the computation for.
146872 diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
146873 index eea6dbc..075ab5e 100644
146874 --- a/kernel/printk/printk.c
146875 +++ b/kernel/printk/printk.c
146876 @@ -588,7 +588,7 @@ static int log_store(int facility, int level,
146877 return msg->text_len;
146878 }
146879
146880 -int dmesg_restrict = IS_ENABLED(CONFIG_SECURITY_DMESG_RESTRICT);
146881 +int dmesg_restrict __read_only = IS_ENABLED(CONFIG_SECURITY_DMESG_RESTRICT);
146882
146883 static int syslog_action_restricted(int type)
146884 {
146885 @@ -611,6 +611,11 @@ int check_syslog_permissions(int type, int source)
146886 if (source == SYSLOG_FROM_PROC && type != SYSLOG_ACTION_OPEN)
146887 goto ok;
146888
146889 +#ifdef CONFIG_GRKERNSEC_DMESG
146890 + if (grsec_enable_dmesg && !capable(CAP_SYSLOG) && !capable_nolog(CAP_SYS_ADMIN))
146891 + return -EPERM;
146892 +#endif
146893 +
146894 if (syslog_action_restricted(type)) {
146895 if (capable(CAP_SYSLOG))
146896 goto ok;
146897 diff --git a/kernel/profile.c b/kernel/profile.c
146898 index 2dbccf2..f98676c 100644
146899 --- a/kernel/profile.c
146900 +++ b/kernel/profile.c
146901 @@ -37,7 +37,7 @@ struct profile_hit {
146902 #define NR_PROFILE_HIT (PAGE_SIZE/sizeof(struct profile_hit))
146903 #define NR_PROFILE_GRP (NR_PROFILE_HIT/PROFILE_GRPSZ)
146904
146905 -static atomic_t *prof_buffer;
146906 +static atomic_unchecked_t *prof_buffer;
146907 static unsigned long prof_len, prof_shift;
146908
146909 int prof_on __read_mostly;
146910 @@ -257,7 +257,7 @@ static void profile_flip_buffers(void)
146911 hits[i].pc = 0;
146912 continue;
146913 }
146914 - atomic_add(hits[i].hits, &prof_buffer[hits[i].pc]);
146915 + atomic_add_unchecked(hits[i].hits, &prof_buffer[hits[i].pc]);
146916 hits[i].hits = hits[i].pc = 0;
146917 }
146918 }
146919 @@ -318,9 +318,9 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits)
146920 * Add the current hit(s) and flush the write-queue out
146921 * to the global buffer:
146922 */
146923 - atomic_add(nr_hits, &prof_buffer[pc]);
146924 + atomic_add_unchecked(nr_hits, &prof_buffer[pc]);
146925 for (i = 0; i < NR_PROFILE_HIT; ++i) {
146926 - atomic_add(hits[i].hits, &prof_buffer[hits[i].pc]);
146927 + atomic_add_unchecked(hits[i].hits, &prof_buffer[hits[i].pc]);
146928 hits[i].pc = hits[i].hits = 0;
146929 }
146930 out:
146931 @@ -384,7 +384,7 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits)
146932 {
146933 unsigned long pc;
146934 pc = ((unsigned long)__pc - (unsigned long)_stext) >> prof_shift;
146935 - atomic_add(nr_hits, &prof_buffer[min(pc, prof_len - 1)]);
146936 + atomic_add_unchecked(nr_hits, &prof_buffer[min(pc, prof_len - 1)]);
146937 }
146938 #endif /* !CONFIG_SMP */
146939
146940 @@ -479,7 +479,7 @@ read_profile(struct file *file, char __user *buf, size_t count, loff_t *ppos)
146941 return -EFAULT;
146942 buf++; p++; count--; read++;
146943 }
146944 - pnt = (char *)prof_buffer + p - sizeof(atomic_t);
146945 + pnt = (char *)prof_buffer + p - sizeof(atomic_unchecked_t);
146946 if (copy_to_user(buf, (void *)pnt, count))
146947 return -EFAULT;
146948 read += count;
146949 @@ -510,7 +510,7 @@ static ssize_t write_profile(struct file *file, const char __user *buf,
146950 }
146951 #endif
146952 profile_discard_flip_buffers();
146953 - memset(prof_buffer, 0, prof_len * sizeof(atomic_t));
146954 + memset(prof_buffer, 0, prof_len * sizeof(atomic_unchecked_t));
146955 return count;
146956 }
146957
146958 diff --git a/kernel/ptrace.c b/kernel/ptrace.c
146959 index 1d3b766..4fc197c 100644
146960 --- a/kernel/ptrace.c
146961 +++ b/kernel/ptrace.c
146962 @@ -206,12 +206,32 @@ static int ptrace_check_attach(struct task_struct *child, bool ignore_state)
146963 return ret;
146964 }
146965
146966 -static int ptrace_has_cap(struct user_namespace *ns, unsigned int mode)
146967 +static bool ptrace_has_cap(const struct cred *tcred, unsigned int mode)
146968 {
146969 + struct user_namespace *tns = tcred->user_ns;
146970 + struct user_namespace *curns = current_cred()->user_ns;
146971 +
146972 + /* When a root-owned process enters a user namespace created by a
146973 + * malicious user, the user shouldn't be able to execute code under
146974 + * uid 0 by attaching to the root-owned process via ptrace.
146975 + * Therefore, similar to the capable_wrt_inode_uidgid() check,
146976 + * verify that all the uids and gids of the target process are
146977 + * mapped into the current namespace.
146978 + * No fsuid/fsgid check because __ptrace_may_access doesn't do it
146979 + * either.
146980 + */
146981 + if (!kuid_has_mapping(curns, tcred->euid) ||
146982 + !kuid_has_mapping(curns, tcred->suid) ||
146983 + !kuid_has_mapping(curns, tcred->uid) ||
146984 + !kgid_has_mapping(curns, tcred->egid) ||
146985 + !kgid_has_mapping(curns, tcred->sgid) ||
146986 + !kgid_has_mapping(curns, tcred->gid))
146987 + return false;
146988 +
146989 if (mode & PTRACE_MODE_NOAUDIT)
146990 - return has_ns_capability_noaudit(current, ns, CAP_SYS_PTRACE);
146991 + return has_ns_capability_noaudit(current, tns, CAP_SYS_PTRACE);
146992 else
146993 - return has_ns_capability(current, ns, CAP_SYS_PTRACE);
146994 + return has_ns_capability(current, tns, CAP_SYS_PTRACE);
146995 }
146996
146997 /* Returns 0 on success, -errno on denial. */
146998 @@ -263,7 +283,7 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
146999 gid_eq(caller_gid, tcred->sgid) &&
147000 gid_eq(caller_gid, tcred->gid))
147001 goto ok;
147002 - if (ptrace_has_cap(tcred->user_ns, mode))
147003 + if (ptrace_has_cap(tcred, mode))
147004 goto ok;
147005 rcu_read_unlock();
147006 return -EPERM;
147007 @@ -274,7 +294,7 @@ ok:
147008 dumpable = get_dumpable(task->mm);
147009 rcu_read_lock();
147010 if (dumpable != SUID_DUMP_USER &&
147011 - !ptrace_has_cap(__task_cred(task)->user_ns, mode)) {
147012 + !ptrace_has_cap(__task_cred(task), mode)) {
147013 rcu_read_unlock();
147014 return -EPERM;
147015 }
147016 @@ -343,7 +363,7 @@ static int ptrace_attach(struct task_struct *task, long request,
147017 if (seize)
147018 flags |= PT_SEIZED;
147019 rcu_read_lock();
147020 - if (ns_capable(__task_cred(task)->user_ns, CAP_SYS_PTRACE))
147021 + if (ns_capable_noaudit(__task_cred(task)->user_ns, CAP_SYS_PTRACE))
147022 flags |= PT_PTRACE_CAP;
147023 rcu_read_unlock();
147024 task->ptrace = flags;
147025 @@ -542,7 +562,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
147026 break;
147027 return -EIO;
147028 }
147029 - if (copy_to_user(dst, buf, retval))
147030 + if (retval > sizeof(buf) || copy_to_user(dst, buf, retval))
147031 return -EFAULT;
147032 copied += retval;
147033 src += retval;
147034 @@ -843,7 +863,7 @@ int ptrace_request(struct task_struct *child, long request,
147035 bool seized = child->ptrace & PT_SEIZED;
147036 int ret = -EIO;
147037 siginfo_t siginfo, *si;
147038 - void __user *datavp = (void __user *) data;
147039 + void __user *datavp = (__force void __user *) data;
147040 unsigned long __user *datalp = datavp;
147041 unsigned long flags;
147042
147043 @@ -1094,14 +1114,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
147044 goto out;
147045 }
147046
147047 + if (gr_handle_ptrace(child, request)) {
147048 + ret = -EPERM;
147049 + goto out_put_task_struct;
147050 + }
147051 +
147052 if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) {
147053 ret = ptrace_attach(child, request, addr, data);
147054 /*
147055 * Some architectures need to do book-keeping after
147056 * a ptrace attach.
147057 */
147058 - if (!ret)
147059 + if (!ret) {
147060 arch_ptrace_attach(child);
147061 + gr_audit_ptrace(child);
147062 + }
147063 goto out_put_task_struct;
147064 }
147065
147066 @@ -1129,7 +1156,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
147067 copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0);
147068 if (copied != sizeof(tmp))
147069 return -EIO;
147070 - return put_user(tmp, (unsigned long __user *)data);
147071 + return put_user(tmp, (__force unsigned long __user *)data);
147072 }
147073
147074 int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr,
147075 @@ -1222,7 +1249,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request,
147076 }
147077
147078 COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid,
147079 - compat_long_t, addr, compat_long_t, data)
147080 + compat_ulong_t, addr, compat_ulong_t, data)
147081 {
147082 struct task_struct *child;
147083 long ret;
147084 @@ -1238,14 +1265,21 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid,
147085 goto out;
147086 }
147087
147088 + if (gr_handle_ptrace(child, request)) {
147089 + ret = -EPERM;
147090 + goto out_put_task_struct;
147091 + }
147092 +
147093 if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) {
147094 ret = ptrace_attach(child, request, addr, data);
147095 /*
147096 * Some architectures need to do book-keeping after
147097 * a ptrace attach.
147098 */
147099 - if (!ret)
147100 + if (!ret) {
147101 arch_ptrace_attach(child);
147102 + gr_audit_ptrace(child);
147103 + }
147104 goto out_put_task_struct;
147105 }
147106
147107 diff --git a/kernel/rcu/rcutorture.c b/kernel/rcu/rcutorture.c
147108 index 971e2b1..dc5637d 100644
147109 --- a/kernel/rcu/rcutorture.c
147110 +++ b/kernel/rcu/rcutorture.c
147111 @@ -132,12 +132,12 @@ static struct rcu_torture rcu_tortures[10 * RCU_TORTURE_PIPE_LEN];
147112 static DEFINE_SPINLOCK(rcu_torture_lock);
147113 static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_count);
147114 static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_batch);
147115 -static atomic_t rcu_torture_wcount[RCU_TORTURE_PIPE_LEN + 1];
147116 -static atomic_t n_rcu_torture_alloc;
147117 -static atomic_t n_rcu_torture_alloc_fail;
147118 -static atomic_t n_rcu_torture_free;
147119 -static atomic_t n_rcu_torture_mberror;
147120 -static atomic_t n_rcu_torture_error;
147121 +static atomic_unchecked_t rcu_torture_wcount[RCU_TORTURE_PIPE_LEN + 1];
147122 +static atomic_unchecked_t n_rcu_torture_alloc;
147123 +static atomic_unchecked_t n_rcu_torture_alloc_fail;
147124 +static atomic_unchecked_t n_rcu_torture_free;
147125 +static atomic_unchecked_t n_rcu_torture_mberror;
147126 +static atomic_unchecked_t n_rcu_torture_error;
147127 static long n_rcu_torture_barrier_error;
147128 static long n_rcu_torture_boost_ktrerror;
147129 static long n_rcu_torture_boost_rterror;
147130 @@ -146,7 +146,7 @@ static long n_rcu_torture_boosts;
147131 static long n_rcu_torture_timers;
147132 static long n_barrier_attempts;
147133 static long n_barrier_successes;
147134 -static atomic_long_t n_cbfloods;
147135 +static atomic_long_unchecked_t n_cbfloods;
147136 static struct list_head rcu_torture_removed;
147137
147138 static int rcu_torture_writer_state;
147139 @@ -225,11 +225,11 @@ rcu_torture_alloc(void)
147140
147141 spin_lock_bh(&rcu_torture_lock);
147142 if (list_empty(&rcu_torture_freelist)) {
147143 - atomic_inc(&n_rcu_torture_alloc_fail);
147144 + atomic_inc_unchecked(&n_rcu_torture_alloc_fail);
147145 spin_unlock_bh(&rcu_torture_lock);
147146 return NULL;
147147 }
147148 - atomic_inc(&n_rcu_torture_alloc);
147149 + atomic_inc_unchecked(&n_rcu_torture_alloc);
147150 p = rcu_torture_freelist.next;
147151 list_del_init(p);
147152 spin_unlock_bh(&rcu_torture_lock);
147153 @@ -242,7 +242,7 @@ rcu_torture_alloc(void)
147154 static void
147155 rcu_torture_free(struct rcu_torture *p)
147156 {
147157 - atomic_inc(&n_rcu_torture_free);
147158 + atomic_inc_unchecked(&n_rcu_torture_free);
147159 spin_lock_bh(&rcu_torture_lock);
147160 list_add_tail(&p->rtort_free, &rcu_torture_freelist);
147161 spin_unlock_bh(&rcu_torture_lock);
147162 @@ -323,7 +323,7 @@ rcu_torture_pipe_update_one(struct rcu_torture *rp)
147163 i = rp->rtort_pipe_count;
147164 if (i > RCU_TORTURE_PIPE_LEN)
147165 i = RCU_TORTURE_PIPE_LEN;
147166 - atomic_inc(&rcu_torture_wcount[i]);
147167 + atomic_inc_unchecked(&rcu_torture_wcount[i]);
147168 if (++rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) {
147169 rp->rtort_mbtest = 0;
147170 return true;
147171 @@ -853,7 +853,7 @@ rcu_torture_cbflood(void *arg)
147172 VERBOSE_TOROUT_STRING("rcu_torture_cbflood task started");
147173 do {
147174 schedule_timeout_interruptible(cbflood_inter_holdoff);
147175 - atomic_long_inc(&n_cbfloods);
147176 + atomic_long_inc_unchecked(&n_cbfloods);
147177 WARN_ON(signal_pending(current));
147178 for (i = 0; i < cbflood_n_burst; i++) {
147179 for (j = 0; j < cbflood_n_per_burst; j++) {
147180 @@ -983,7 +983,7 @@ rcu_torture_writer(void *arg)
147181 i = old_rp->rtort_pipe_count;
147182 if (i > RCU_TORTURE_PIPE_LEN)
147183 i = RCU_TORTURE_PIPE_LEN;
147184 - atomic_inc(&rcu_torture_wcount[i]);
147185 + atomic_inc_unchecked(&rcu_torture_wcount[i]);
147186 old_rp->rtort_pipe_count++;
147187 switch (synctype[torture_random(&rand) % nsynctypes]) {
147188 case RTWS_DEF_FREE:
147189 @@ -1111,7 +1111,7 @@ static void rcu_torture_timer(unsigned long unused)
147190 return;
147191 }
147192 if (p->rtort_mbtest == 0)
147193 - atomic_inc(&n_rcu_torture_mberror);
147194 + atomic_inc_unchecked(&n_rcu_torture_mberror);
147195 spin_lock(&rand_lock);
147196 cur_ops->read_delay(&rand);
147197 n_rcu_torture_timers++;
147198 @@ -1187,7 +1187,7 @@ rcu_torture_reader(void *arg)
147199 continue;
147200 }
147201 if (p->rtort_mbtest == 0)
147202 - atomic_inc(&n_rcu_torture_mberror);
147203 + atomic_inc_unchecked(&n_rcu_torture_mberror);
147204 cur_ops->read_delay(&rand);
147205 preempt_disable();
147206 pipe_count = p->rtort_pipe_count;
147207 @@ -1255,11 +1255,11 @@ rcu_torture_stats_print(void)
147208 rcu_torture_current,
147209 rcu_torture_current_version,
147210 list_empty(&rcu_torture_freelist),
147211 - atomic_read(&n_rcu_torture_alloc),
147212 - atomic_read(&n_rcu_torture_alloc_fail),
147213 - atomic_read(&n_rcu_torture_free));
147214 + atomic_read_unchecked(&n_rcu_torture_alloc),
147215 + atomic_read_unchecked(&n_rcu_torture_alloc_fail),
147216 + atomic_read_unchecked(&n_rcu_torture_free));
147217 pr_cont("rtmbe: %d rtbke: %ld rtbre: %ld ",
147218 - atomic_read(&n_rcu_torture_mberror),
147219 + atomic_read_unchecked(&n_rcu_torture_mberror),
147220 n_rcu_torture_boost_ktrerror,
147221 n_rcu_torture_boost_rterror);
147222 pr_cont("rtbf: %ld rtb: %ld nt: %ld ",
147223 @@ -1271,17 +1271,17 @@ rcu_torture_stats_print(void)
147224 n_barrier_successes,
147225 n_barrier_attempts,
147226 n_rcu_torture_barrier_error);
147227 - pr_cont("cbflood: %ld\n", atomic_long_read(&n_cbfloods));
147228 + pr_cont("cbflood: %ld\n", atomic_long_read_unchecked(&n_cbfloods));
147229
147230 pr_alert("%s%s ", torture_type, TORTURE_FLAG);
147231 - if (atomic_read(&n_rcu_torture_mberror) != 0 ||
147232 + if (atomic_read_unchecked(&n_rcu_torture_mberror) != 0 ||
147233 n_rcu_torture_barrier_error != 0 ||
147234 n_rcu_torture_boost_ktrerror != 0 ||
147235 n_rcu_torture_boost_rterror != 0 ||
147236 n_rcu_torture_boost_failure != 0 ||
147237 i > 1) {
147238 pr_cont("%s", "!!! ");
147239 - atomic_inc(&n_rcu_torture_error);
147240 + atomic_inc_unchecked(&n_rcu_torture_error);
147241 WARN_ON_ONCE(1);
147242 }
147243 pr_cont("Reader Pipe: ");
147244 @@ -1298,7 +1298,7 @@ rcu_torture_stats_print(void)
147245 pr_alert("%s%s ", torture_type, TORTURE_FLAG);
147246 pr_cont("Free-Block Circulation: ");
147247 for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) {
147248 - pr_cont(" %d", atomic_read(&rcu_torture_wcount[i]));
147249 + pr_cont(" %d", atomic_read_unchecked(&rcu_torture_wcount[i]));
147250 }
147251 pr_cont("\n");
147252
147253 @@ -1655,7 +1655,7 @@ rcu_torture_cleanup(void)
147254
147255 rcu_torture_stats_print(); /* -After- the stats thread is stopped! */
147256
147257 - if (atomic_read(&n_rcu_torture_error) || n_rcu_torture_barrier_error)
147258 + if (atomic_read_unchecked(&n_rcu_torture_error) || n_rcu_torture_barrier_error)
147259 rcu_torture_print_module_parms(cur_ops, "End of test: FAILURE");
147260 else if (torture_onoff_failures())
147261 rcu_torture_print_module_parms(cur_ops,
147262 @@ -1780,18 +1780,18 @@ rcu_torture_init(void)
147263
147264 rcu_torture_current = NULL;
147265 rcu_torture_current_version = 0;
147266 - atomic_set(&n_rcu_torture_alloc, 0);
147267 - atomic_set(&n_rcu_torture_alloc_fail, 0);
147268 - atomic_set(&n_rcu_torture_free, 0);
147269 - atomic_set(&n_rcu_torture_mberror, 0);
147270 - atomic_set(&n_rcu_torture_error, 0);
147271 + atomic_set_unchecked(&n_rcu_torture_alloc, 0);
147272 + atomic_set_unchecked(&n_rcu_torture_alloc_fail, 0);
147273 + atomic_set_unchecked(&n_rcu_torture_free, 0);
147274 + atomic_set_unchecked(&n_rcu_torture_mberror, 0);
147275 + atomic_set_unchecked(&n_rcu_torture_error, 0);
147276 n_rcu_torture_barrier_error = 0;
147277 n_rcu_torture_boost_ktrerror = 0;
147278 n_rcu_torture_boost_rterror = 0;
147279 n_rcu_torture_boost_failure = 0;
147280 n_rcu_torture_boosts = 0;
147281 for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++)
147282 - atomic_set(&rcu_torture_wcount[i], 0);
147283 + atomic_set_unchecked(&rcu_torture_wcount[i], 0);
147284 for_each_possible_cpu(cpu) {
147285 for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) {
147286 per_cpu(rcu_torture_count, cpu)[i] = 0;
147287 diff --git a/kernel/rcu/tiny.c b/kernel/rcu/tiny.c
147288 index 944b1b4..45d1d75 100644
147289 --- a/kernel/rcu/tiny.c
147290 +++ b/kernel/rcu/tiny.c
147291 @@ -42,7 +42,7 @@
147292 /* Forward declarations for tiny_plugin.h. */
147293 struct rcu_ctrlblk;
147294 static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp);
147295 -static void rcu_process_callbacks(struct softirq_action *unused);
147296 +static void rcu_process_callbacks(void);
147297 static void __call_rcu(struct rcu_head *head,
147298 rcu_callback_t func,
147299 struct rcu_ctrlblk *rcp);
147300 @@ -170,7 +170,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp)
147301 false));
147302 }
147303
147304 -static void rcu_process_callbacks(struct softirq_action *unused)
147305 +static __latent_entropy void rcu_process_callbacks(void)
147306 {
147307 __rcu_process_callbacks(&rcu_sched_ctrlblk);
147308 __rcu_process_callbacks(&rcu_bh_ctrlblk);
147309 diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
147310 index 5d80925..a71654a 100644
147311 --- a/kernel/rcu/tree.c
147312 +++ b/kernel/rcu/tree.c
147313 @@ -328,7 +328,7 @@ static void rcu_momentary_dyntick_idle(void)
147314 */
147315 rdtp = this_cpu_ptr(&rcu_dynticks);
147316 smp_mb__before_atomic(); /* Earlier stuff before QS. */
147317 - atomic_add(2, &rdtp->dynticks); /* QS. */
147318 + atomic_add_unchecked(2, &rdtp->dynticks); /* QS. */
147319 smp_mb__after_atomic(); /* Later stuff after QS. */
147320 break;
147321 }
147322 @@ -693,10 +693,10 @@ static void rcu_eqs_enter_common(long long oldval, bool user)
147323 rcu_prepare_for_idle();
147324 /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */
147325 smp_mb__before_atomic(); /* See above. */
147326 - atomic_inc(&rdtp->dynticks);
147327 + atomic_inc_unchecked(&rdtp->dynticks);
147328 smp_mb__after_atomic(); /* Force ordering with next sojourn. */
147329 WARN_ON_ONCE(IS_ENABLED(CONFIG_RCU_EQS_DEBUG) &&
147330 - atomic_read(&rdtp->dynticks) & 0x1);
147331 + atomic_read_unchecked(&rdtp->dynticks) & 0x1);
147332 rcu_dynticks_task_enter();
147333
147334 /*
147335 @@ -829,11 +829,11 @@ static void rcu_eqs_exit_common(long long oldval, int user)
147336
147337 rcu_dynticks_task_exit();
147338 smp_mb__before_atomic(); /* Force ordering w/previous sojourn. */
147339 - atomic_inc(&rdtp->dynticks);
147340 + atomic_inc_unchecked(&rdtp->dynticks);
147341 /* CPUs seeing atomic_inc() must see later RCU read-side crit sects */
147342 smp_mb__after_atomic(); /* See above. */
147343 WARN_ON_ONCE(IS_ENABLED(CONFIG_RCU_EQS_DEBUG) &&
147344 - !(atomic_read(&rdtp->dynticks) & 0x1));
147345 + !(atomic_read_unchecked(&rdtp->dynticks) & 0x1));
147346 rcu_cleanup_after_idle();
147347 trace_rcu_dyntick(TPS("End"), oldval, rdtp->dynticks_nesting);
147348 if (IS_ENABLED(CONFIG_RCU_EQS_DEBUG) &&
147349 @@ -979,12 +979,12 @@ void rcu_nmi_enter(void)
147350 * to be in the outermost NMI handler that interrupted an RCU-idle
147351 * period (observation due to Andy Lutomirski).
147352 */
147353 - if (!(atomic_read(&rdtp->dynticks) & 0x1)) {
147354 + if (!(atomic_read_unchecked(&rdtp->dynticks) & 0x1)) {
147355 smp_mb__before_atomic(); /* Force delay from prior write. */
147356 - atomic_inc(&rdtp->dynticks);
147357 + atomic_inc_unchecked(&rdtp->dynticks);
147358 /* atomic_inc() before later RCU read-side crit sects */
147359 smp_mb__after_atomic(); /* See above. */
147360 - WARN_ON_ONCE(!(atomic_read(&rdtp->dynticks) & 0x1));
147361 + WARN_ON_ONCE(!(atomic_read_unchecked(&rdtp->dynticks) & 0x1));
147362 incby = 1;
147363 }
147364 rdtp->dynticks_nmi_nesting += incby;
147365 @@ -1009,7 +1009,7 @@ void rcu_nmi_exit(void)
147366 * to us!)
147367 */
147368 WARN_ON_ONCE(rdtp->dynticks_nmi_nesting <= 0);
147369 - WARN_ON_ONCE(!(atomic_read(&rdtp->dynticks) & 0x1));
147370 + WARN_ON_ONCE(!(atomic_read_unchecked(&rdtp->dynticks) & 0x1));
147371
147372 /*
147373 * If the nesting level is not 1, the CPU wasn't RCU-idle, so
147374 @@ -1024,9 +1024,9 @@ void rcu_nmi_exit(void)
147375 rdtp->dynticks_nmi_nesting = 0;
147376 /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */
147377 smp_mb__before_atomic(); /* See above. */
147378 - atomic_inc(&rdtp->dynticks);
147379 + atomic_inc_unchecked(&rdtp->dynticks);
147380 smp_mb__after_atomic(); /* Force delay to next write. */
147381 - WARN_ON_ONCE(atomic_read(&rdtp->dynticks) & 0x1);
147382 + WARN_ON_ONCE(atomic_read_unchecked(&rdtp->dynticks) & 0x1);
147383 }
147384
147385 /**
147386 @@ -1039,7 +1039,7 @@ void rcu_nmi_exit(void)
147387 */
147388 bool notrace __rcu_is_watching(void)
147389 {
147390 - return atomic_read(this_cpu_ptr(&rcu_dynticks.dynticks)) & 0x1;
147391 + return atomic_read_unchecked(this_cpu_ptr(&rcu_dynticks.dynticks)) & 0x1;
147392 }
147393
147394 /**
147395 @@ -1122,7 +1122,7 @@ static int rcu_is_cpu_rrupt_from_idle(void)
147396 static int dyntick_save_progress_counter(struct rcu_data *rdp,
147397 bool *isidle, unsigned long *maxj)
147398 {
147399 - rdp->dynticks_snap = atomic_add_return(0, &rdp->dynticks->dynticks);
147400 + rdp->dynticks_snap = atomic_add_return_unchecked(0, &rdp->dynticks->dynticks);
147401 rcu_sysidle_check_cpu(rdp, isidle, maxj);
147402 if ((rdp->dynticks_snap & 0x1) == 0) {
147403 trace_rcu_fqs(rdp->rsp->name, rdp->gpnum, rdp->cpu, TPS("dti"));
147404 @@ -1147,7 +1147,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp,
147405 int *rcrmp;
147406 unsigned int snap;
147407
147408 - curr = (unsigned int)atomic_add_return(0, &rdp->dynticks->dynticks);
147409 + curr = (unsigned int)atomic_add_return_unchecked(0, &rdp->dynticks->dynticks);
147410 snap = (unsigned int)rdp->dynticks_snap;
147411
147412 /*
147413 @@ -3013,7 +3013,7 @@ __rcu_process_callbacks(struct rcu_state *rsp)
147414 /*
147415 * Do RCU core processing for the current CPU.
147416 */
147417 -static void rcu_process_callbacks(struct softirq_action *unused)
147418 +static __latent_entropy void rcu_process_callbacks(void)
147419 {
147420 struct rcu_state *rsp;
147421
147422 @@ -3750,7 +3750,7 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp)
147423 rdp->grpmask = leaf_node_cpu_bit(rdp->mynode, cpu);
147424 rdp->dynticks = &per_cpu(rcu_dynticks, cpu);
147425 WARN_ON_ONCE(rdp->dynticks->dynticks_nesting != DYNTICK_TASK_EXIT_IDLE);
147426 - WARN_ON_ONCE(atomic_read(&rdp->dynticks->dynticks) != 1);
147427 + WARN_ON_ONCE(atomic_read_unchecked(&rdp->dynticks->dynticks) != 1);
147428 rdp->cpu = cpu;
147429 rdp->rsp = rsp;
147430 rcu_boot_init_nocb_percpu_data(rdp);
147431 @@ -3780,8 +3780,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp)
147432 init_callback_list(rdp); /* Re-enable callbacks on this CPU. */
147433 rdp->dynticks->dynticks_nesting = DYNTICK_TASK_EXIT_IDLE;
147434 rcu_sysidle_init_percpu_data(rdp->dynticks);
147435 - atomic_set(&rdp->dynticks->dynticks,
147436 - (atomic_read(&rdp->dynticks->dynticks) & ~0x1) + 1);
147437 + atomic_set_unchecked(&rdp->dynticks->dynticks,
147438 + (atomic_read_unchecked(&rdp->dynticks->dynticks) & ~0x1) + 1);
147439 raw_spin_unlock_rcu_node(rnp); /* irqs remain disabled. */
147440
147441 /*
147442 diff --git a/kernel/rcu/tree.h b/kernel/rcu/tree.h
147443 index f714f87..f49d80b 100644
147444 --- a/kernel/rcu/tree.h
147445 +++ b/kernel/rcu/tree.h
147446 @@ -111,11 +111,11 @@ struct rcu_dynticks {
147447 long long dynticks_nesting; /* Track irq/process nesting level. */
147448 /* Process level is worth LLONG_MAX/2. */
147449 int dynticks_nmi_nesting; /* Track NMI nesting level. */
147450 - atomic_t dynticks; /* Even value for idle, else odd. */
147451 + atomic_unchecked_t dynticks;/* Even value for idle, else odd. */
147452 #ifdef CONFIG_NO_HZ_FULL_SYSIDLE
147453 long long dynticks_idle_nesting;
147454 /* irq/process nesting level from idle. */
147455 - atomic_t dynticks_idle; /* Even value for idle, else odd. */
147456 + atomic_unchecked_t dynticks_idle;/* Even value for idle, else odd. */
147457 /* "Idle" excludes userspace execution. */
147458 unsigned long dynticks_idle_jiffies;
147459 /* End of last non-NMI non-idle period. */
147460 @@ -400,9 +400,9 @@ struct rcu_data {
147461 #ifdef CONFIG_RCU_FAST_NO_HZ
147462 struct rcu_head oom_head;
147463 #endif /* #ifdef CONFIG_RCU_FAST_NO_HZ */
147464 - atomic_long_t exp_workdone1; /* # done by others #1. */
147465 - atomic_long_t exp_workdone2; /* # done by others #2. */
147466 - atomic_long_t exp_workdone3; /* # done by others #3. */
147467 + atomic_long_unchecked_t exp_workdone1; /* # done by others #1. */
147468 + atomic_long_unchecked_t exp_workdone2; /* # done by others #2. */
147469 + atomic_long_unchecked_t exp_workdone3; /* # done by others #3. */
147470
147471 /* 7) Callback offloading. */
147472 #ifdef CONFIG_RCU_NOCB_CPU
147473 @@ -519,8 +519,8 @@ struct rcu_state {
147474 struct mutex exp_mutex; /* Serialize expedited GP. */
147475 struct mutex exp_wake_mutex; /* Serialize wakeup. */
147476 unsigned long expedited_sequence; /* Take a ticket. */
147477 - atomic_long_t expedited_normal; /* # fallbacks to normal. */
147478 - atomic_t expedited_need_qs; /* # CPUs left to check in. */
147479 + atomic_long_unchecked_t expedited_normal;/* # fallbacks to normal. */
147480 + atomic_unchecked_t expedited_need_qs; /* # CPUs left to check in. */
147481 struct swait_queue_head expedited_wq; /* Wait for check-ins. */
147482 int ncpus_snap; /* # CPUs seen last time. */
147483
147484 diff --git a/kernel/rcu/tree_exp.h b/kernel/rcu/tree_exp.h
147485 index 6d86ab6..7046dff 100644
147486 --- a/kernel/rcu/tree_exp.h
147487 +++ b/kernel/rcu/tree_exp.h
147488 @@ -223,14 +223,14 @@ static void rcu_report_exp_rdp(struct rcu_state *rsp, struct rcu_data *rdp,
147489 }
147490
147491 /* Common code for synchronize_{rcu,sched}_expedited() work-done checking. */
147492 -static bool sync_exp_work_done(struct rcu_state *rsp, atomic_long_t *stat,
147493 +static bool sync_exp_work_done(struct rcu_state *rsp, atomic_long_unchecked_t *stat,
147494 unsigned long s)
147495 {
147496 if (rcu_exp_gp_seq_done(rsp, s)) {
147497 trace_rcu_exp_grace_period(rsp->name, s, TPS("done"));
147498 /* Ensure test happens before caller kfree(). */
147499 smp_mb__before_atomic(); /* ^^^ */
147500 - atomic_long_inc(stat);
147501 + atomic_long_inc_unchecked(stat);
147502 return true;
147503 }
147504 return false;
147505 @@ -359,7 +359,7 @@ static void sync_rcu_exp_select_cpus(struct rcu_state *rsp,
147506 struct rcu_dynticks *rdtp = &per_cpu(rcu_dynticks, cpu);
147507
147508 if (raw_smp_processor_id() == cpu ||
147509 - !(atomic_add_return(0, &rdtp->dynticks) & 0x1))
147510 + !(atomic_add_return_unchecked(0, &rdtp->dynticks) & 0x1))
147511 mask_ofl_test |= rdp->grpmask;
147512 }
147513 mask_ofl_ipi = rnp->expmask & ~mask_ofl_test;
147514 diff --git a/kernel/rcu/tree_plugin.h b/kernel/rcu/tree_plugin.h
147515 index 0082fce..29572cb 100644
147516 --- a/kernel/rcu/tree_plugin.h
147517 +++ b/kernel/rcu/tree_plugin.h
147518 @@ -1174,7 +1174,7 @@ static void rcu_boost_kthread_setaffinity(struct rcu_node *rnp, int outgoingcpu)
147519 free_cpumask_var(cm);
147520 }
147521
147522 -static struct smp_hotplug_thread rcu_cpu_thread_spec = {
147523 +static struct smp_hotplug_thread rcu_cpu_thread_spec __read_only = {
147524 .store = &rcu_cpu_kthread_task,
147525 .thread_should_run = rcu_cpu_kthread_should_run,
147526 .thread_fn = rcu_cpu_kthread,
147527 @@ -1643,7 +1643,7 @@ static void print_cpu_stall_info(struct rcu_state *rsp, int cpu)
147528 "o."[!!(rdp->grpmask & rdp->mynode->qsmaskinit)],
147529 "N."[!!(rdp->grpmask & rdp->mynode->qsmaskinitnext)],
147530 ticks_value, ticks_title,
147531 - atomic_read(&rdtp->dynticks) & 0xfff,
147532 + atomic_read_unchecked(&rdtp->dynticks) & 0xfff,
147533 rdtp->dynticks_nesting, rdtp->dynticks_nmi_nesting,
147534 rdp->softirq_snap, kstat_softirqs_cpu(RCU_SOFTIRQ, cpu),
147535 READ_ONCE(rsp->n_force_qs) - rsp->n_force_qs_gpstart,
147536 @@ -2177,8 +2177,8 @@ static int rcu_nocb_kthread(void *arg)
147537 }
147538 trace_rcu_batch_end(rdp->rsp->name, c, !!list, 0, 0, 1);
147539 smp_mb__before_atomic(); /* _add after CB invocation. */
147540 - atomic_long_add(-c, &rdp->nocb_q_count);
147541 - atomic_long_add(-cl, &rdp->nocb_q_count_lazy);
147542 + atomic_long_sub(c, &rdp->nocb_q_count);
147543 + atomic_long_sub(cl, &rdp->nocb_q_count_lazy);
147544 rdp->n_nocbs_invoked += c;
147545 }
147546 return 0;
147547 @@ -2533,9 +2533,9 @@ static void rcu_sysidle_enter(int irq)
147548 j = jiffies;
147549 WRITE_ONCE(rdtp->dynticks_idle_jiffies, j);
147550 smp_mb__before_atomic();
147551 - atomic_inc(&rdtp->dynticks_idle);
147552 + atomic_inc_unchecked(&rdtp->dynticks_idle);
147553 smp_mb__after_atomic();
147554 - WARN_ON_ONCE(atomic_read(&rdtp->dynticks_idle) & 0x1);
147555 + WARN_ON_ONCE(atomic_read_unchecked(&rdtp->dynticks_idle) & 0x1);
147556 }
147557
147558 /*
147559 @@ -2606,9 +2606,9 @@ static void rcu_sysidle_exit(int irq)
147560
147561 /* Record end of idle period. */
147562 smp_mb__before_atomic();
147563 - atomic_inc(&rdtp->dynticks_idle);
147564 + atomic_inc_unchecked(&rdtp->dynticks_idle);
147565 smp_mb__after_atomic();
147566 - WARN_ON_ONCE(!(atomic_read(&rdtp->dynticks_idle) & 0x1));
147567 + WARN_ON_ONCE(!(atomic_read_unchecked(&rdtp->dynticks_idle) & 0x1));
147568
147569 /*
147570 * If we are the timekeeping CPU, we are permitted to be non-idle
147571 @@ -2654,7 +2654,7 @@ static void rcu_sysidle_check_cpu(struct rcu_data *rdp, bool *isidle,
147572 WARN_ON_ONCE(smp_processor_id() != tick_do_timer_cpu);
147573
147574 /* Pick up current idle and NMI-nesting counter and check. */
147575 - cur = atomic_read(&rdtp->dynticks_idle);
147576 + cur = atomic_read_unchecked(&rdtp->dynticks_idle);
147577 if (cur & 0x1) {
147578 *isidle = false; /* We are not idle! */
147579 return;
147580 diff --git a/kernel/rcu/tree_trace.c b/kernel/rcu/tree_trace.c
147581 index 86782f9a..2e8c0a3 100644
147582 --- a/kernel/rcu/tree_trace.c
147583 +++ b/kernel/rcu/tree_trace.c
147584 @@ -124,7 +124,7 @@ static void print_one_rcu_data(struct seq_file *m, struct rcu_data *rdp)
147585 rdp->rcu_qs_ctr_snap == per_cpu(rcu_qs_ctr, rdp->cpu),
147586 rdp->core_needs_qs);
147587 seq_printf(m, " dt=%d/%llx/%d df=%lu",
147588 - atomic_read(&rdp->dynticks->dynticks),
147589 + atomic_read_unchecked(&rdp->dynticks->dynticks),
147590 rdp->dynticks->dynticks_nesting,
147591 rdp->dynticks->dynticks_nmi_nesting,
147592 rdp->dynticks_fqs);
147593 @@ -189,14 +189,14 @@ static int show_rcuexp(struct seq_file *m, void *v)
147594
147595 for_each_possible_cpu(cpu) {
147596 rdp = per_cpu_ptr(rsp->rda, cpu);
147597 - s1 += atomic_long_read(&rdp->exp_workdone1);
147598 - s2 += atomic_long_read(&rdp->exp_workdone2);
147599 - s3 += atomic_long_read(&rdp->exp_workdone3);
147600 + s1 += atomic_long_read_unchecked(&rdp->exp_workdone1);
147601 + s2 += atomic_long_read_unchecked(&rdp->exp_workdone2);
147602 + s3 += atomic_long_read_unchecked(&rdp->exp_workdone3);
147603 }
147604 seq_printf(m, "s=%lu wd1=%lu wd2=%lu wd3=%lu n=%lu enq=%d sc=%lu\n",
147605 rsp->expedited_sequence, s1, s2, s3,
147606 - atomic_long_read(&rsp->expedited_normal),
147607 - atomic_read(&rsp->expedited_need_qs),
147608 + atomic_long_read_unchecked(&rsp->expedited_normal),
147609 + atomic_read_unchecked(&rsp->expedited_need_qs),
147610 rsp->expedited_sequence / 2);
147611 return 0;
147612 }
147613 diff --git a/kernel/resource.c b/kernel/resource.c
147614 index 9b5f044..b8b0a33 100644
147615 --- a/kernel/resource.c
147616 +++ b/kernel/resource.c
147617 @@ -84,8 +84,8 @@ static void *r_next(struct seq_file *m, void *v, loff_t *pos)
147618
147619 enum { MAX_IORES_LEVEL = 5 };
147620
147621 +static void *r_start(struct seq_file *m, loff_t *pos) __acquires(&resource_lock);
147622 static void *r_start(struct seq_file *m, loff_t *pos)
147623 - __acquires(resource_lock)
147624 {
147625 struct resource *p = m->private;
147626 loff_t l = 0;
147627 @@ -95,8 +95,8 @@ static void *r_start(struct seq_file *m, loff_t *pos)
147628 return p;
147629 }
147630
147631 +static void r_stop(struct seq_file *m, void *v) __releases(&resource_lock);
147632 static void r_stop(struct seq_file *m, void *v)
147633 - __releases(resource_lock)
147634 {
147635 read_unlock(&resource_lock);
147636 }
147637 @@ -171,8 +171,18 @@ static const struct file_operations proc_iomem_operations = {
147638
147639 static int __init ioresources_init(void)
147640 {
147641 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
147642 +#ifdef CONFIG_GRKERNSEC_PROC_USER
147643 + proc_create("ioports", S_IRUSR, NULL, &proc_ioports_operations);
147644 + proc_create("iomem", S_IRUSR, NULL, &proc_iomem_operations);
147645 +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
147646 + proc_create("ioports", S_IRUSR | S_IRGRP, NULL, &proc_ioports_operations);
147647 + proc_create("iomem", S_IRUSR | S_IRGRP, NULL, &proc_iomem_operations);
147648 +#endif
147649 +#else
147650 proc_create("ioports", 0, NULL, &proc_ioports_operations);
147651 proc_create("iomem", 0, NULL, &proc_iomem_operations);
147652 +#endif
147653 return 0;
147654 }
147655 __initcall(ioresources_init);
147656 diff --git a/kernel/sched/auto_group.c b/kernel/sched/auto_group.c
147657 index a5d966c..9c2d28b 100644
147658 --- a/kernel/sched/auto_group.c
147659 +++ b/kernel/sched/auto_group.c
147660 @@ -9,7 +9,7 @@
147661
147662 unsigned int __read_mostly sysctl_sched_autogroup_enabled = 1;
147663 static struct autogroup autogroup_default;
147664 -static atomic_t autogroup_seq_nr;
147665 +static atomic_unchecked_t autogroup_seq_nr;
147666
147667 void __init autogroup_init(struct task_struct *init_task)
147668 {
147669 @@ -77,7 +77,7 @@ static inline struct autogroup *autogroup_create(void)
147670
147671 kref_init(&ag->kref);
147672 init_rwsem(&ag->lock);
147673 - ag->id = atomic_inc_return(&autogroup_seq_nr);
147674 + ag->id = atomic_inc_return_unchecked(&autogroup_seq_nr);
147675 ag->tg = tg;
147676 #ifdef CONFIG_RT_GROUP_SCHED
147677 /*
147678 diff --git a/kernel/sched/core.c b/kernel/sched/core.c
147679 index 44817c6..caeebd2 100644
147680 --- a/kernel/sched/core.c
147681 +++ b/kernel/sched/core.c
147682 @@ -2259,7 +2259,7 @@ void set_numabalancing_state(bool enabled)
147683 int sysctl_numa_balancing(struct ctl_table *table, int write,
147684 void __user *buffer, size_t *lenp, loff_t *ppos)
147685 {
147686 - struct ctl_table t;
147687 + ctl_table_no_const t;
147688 int err;
147689 int state = static_branch_likely(&sched_numa_balancing);
147690
147691 @@ -2334,7 +2334,7 @@ static void __init init_schedstats(void)
147692 int sysctl_schedstats(struct ctl_table *table, int write,
147693 void __user *buffer, size_t *lenp, loff_t *ppos)
147694 {
147695 - struct ctl_table t;
147696 + ctl_table_no_const t;
147697 int err;
147698 int state = static_branch_likely(&sched_schedstats);
147699
147700 @@ -2784,7 +2784,7 @@ static struct rq *finish_task_switch(struct task_struct *prev)
147701 /* rq->lock is NOT held, but preemption is disabled */
147702 static void __balance_callback(struct rq *rq)
147703 {
147704 - struct callback_head *head, *next;
147705 + struct balance_callback *head, *next;
147706 void (*func)(struct rq *rq);
147707 unsigned long flags;
147708
147709 @@ -2792,7 +2792,7 @@ static void __balance_callback(struct rq *rq)
147710 head = rq->balance_callback;
147711 rq->balance_callback = NULL;
147712 while (head) {
147713 - func = (void (*)(struct rq *))head->func;
147714 + func = head->func;
147715 next = head->next;
147716 head->next = NULL;
147717 head = next;
147718 @@ -3759,6 +3759,8 @@ int can_nice(const struct task_struct *p, const int nice)
147719 /* convert nice value [19,-20] to rlimit style value [1,40] */
147720 int nice_rlim = nice_to_rlimit(nice);
147721
147722 + gr_learn_resource(p, RLIMIT_NICE, nice_rlim, 1);
147723 +
147724 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
147725 capable(CAP_SYS_NICE));
147726 }
147727 @@ -3785,7 +3787,8 @@ SYSCALL_DEFINE1(nice, int, increment)
147728 nice = task_nice(current) + increment;
147729
147730 nice = clamp_val(nice, MIN_NICE, MAX_NICE);
147731 - if (increment < 0 && !can_nice(current, nice))
147732 + if (increment < 0 && (!can_nice(current, nice) ||
147733 + gr_handle_chroot_nice()))
147734 return -EPERM;
147735
147736 retval = security_task_setnice(current, nice);
147737 @@ -4095,6 +4098,7 @@ recheck:
147738 if (policy != p->policy && !rlim_rtprio)
147739 return -EPERM;
147740
147741 + gr_learn_resource(p, RLIMIT_RTPRIO, attr->sched_priority, 1);
147742 /* can't increase priority */
147743 if (attr->sched_priority > p->rt_priority &&
147744 attr->sched_priority > rlim_rtprio)
147745 @@ -7450,6 +7454,14 @@ void __init sched_init(void)
147746 for_each_possible_cpu(i) {
147747 struct rq *rq;
147748
147749 +#if defined(CONFIG_GRKERNSEC_KSTACKOVERFLOW) && defined(CONFIG_X86_64)
147750 + void *newstack = vzalloc_irq_stack();
147751 + if (newstack == NULL)
147752 + panic("grsec: Unable to allocate irq stack");
147753 + populate_stack(newstack, IRQ_STACK_SIZE);
147754 + per_cpu(irq_stack_ptr, i) = newstack + IRQ_STACK_SIZE - 64;
147755 +#endif
147756 +
147757 rq = cpu_rq(i);
147758 raw_spin_lock_init(&rq->lock);
147759 rq->nr_running = 0;
147760 @@ -7580,7 +7592,7 @@ void __might_sleep(const char *file, int line, int preempt_offset)
147761 */
147762 WARN_ONCE(current->state != TASK_RUNNING && current->task_state_change,
147763 "do not call blocking ops when !TASK_RUNNING; "
147764 - "state=%lx set at [<%p>] %pS\n",
147765 + "state=%lx set at [<%p>] %pA\n",
147766 current->state,
147767 (void *)current->task_state_change,
147768 (void *)current->task_state_change);
147769 diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c
147770 index 1ce8867..0472a49 100644
147771 --- a/kernel/sched/deadline.c
147772 +++ b/kernel/sched/deadline.c
147773 @@ -219,8 +219,8 @@ static inline bool need_pull_dl_task(struct rq *rq, struct task_struct *prev)
147774 return dl_task(prev);
147775 }
147776
147777 -static DEFINE_PER_CPU(struct callback_head, dl_push_head);
147778 -static DEFINE_PER_CPU(struct callback_head, dl_pull_head);
147779 +static DEFINE_PER_CPU(struct balance_callback, dl_push_head);
147780 +static DEFINE_PER_CPU(struct balance_callback, dl_pull_head);
147781
147782 static void push_dl_tasks(struct rq *);
147783 static void pull_dl_task(struct rq *);
147784 diff --git a/kernel/sched/debug.c b/kernel/sched/debug.c
147785 index 2a0a999..dc593c8 100644
147786 --- a/kernel/sched/debug.c
147787 +++ b/kernel/sched/debug.c
147788 @@ -193,7 +193,7 @@ late_initcall(sched_init_debug);
147789
147790 #ifdef CONFIG_SYSCTL
147791
147792 -static struct ctl_table sd_ctl_dir[] = {
147793 +static ctl_table_no_const sd_ctl_dir[] __read_only = {
147794 {
147795 .procname = "sched_domain",
147796 .mode = 0555,
147797 @@ -210,17 +210,17 @@ static struct ctl_table sd_ctl_root[] = {
147798 {}
147799 };
147800
147801 -static struct ctl_table *sd_alloc_ctl_entry(int n)
147802 +static ctl_table_no_const *sd_alloc_ctl_entry(int n)
147803 {
147804 - struct ctl_table *entry =
147805 + ctl_table_no_const *entry =
147806 kcalloc(n, sizeof(struct ctl_table), GFP_KERNEL);
147807
147808 return entry;
147809 }
147810
147811 -static void sd_free_ctl_entry(struct ctl_table **tablep)
147812 +static void sd_free_ctl_entry(ctl_table_no_const *tablep)
147813 {
147814 - struct ctl_table *entry;
147815 + ctl_table_no_const *entry;
147816
147817 /*
147818 * In the intermediate directories, both the child directory and
147819 @@ -228,22 +228,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
147820 * will always be set. In the lowest directory the names are
147821 * static strings and all have proc handlers.
147822 */
147823 - for (entry = *tablep; entry->mode; entry++) {
147824 - if (entry->child)
147825 - sd_free_ctl_entry(&entry->child);
147826 + for (entry = tablep; entry->mode; entry++) {
147827 + if (entry->child) {
147828 + sd_free_ctl_entry(entry->child);
147829 + pax_open_kernel();
147830 + entry->child = NULL;
147831 + pax_close_kernel();
147832 + }
147833 if (entry->proc_handler == NULL)
147834 kfree(entry->procname);
147835 }
147836
147837 - kfree(*tablep);
147838 - *tablep = NULL;
147839 + kfree(tablep);
147840 }
147841
147842 static int min_load_idx = 0;
147843 static int max_load_idx = CPU_LOAD_IDX_MAX-1;
147844
147845 static void
147846 -set_table_entry(struct ctl_table *entry,
147847 +set_table_entry(ctl_table_no_const *entry,
147848 const char *procname, void *data, int maxlen,
147849 umode_t mode, proc_handler *proc_handler,
147850 bool load_idx)
147851 @@ -260,10 +263,10 @@ set_table_entry(struct ctl_table *entry,
147852 }
147853 }
147854
147855 -static struct ctl_table *
147856 +static ctl_table_no_const *
147857 sd_alloc_ctl_domain_table(struct sched_domain *sd)
147858 {
147859 - struct ctl_table *table = sd_alloc_ctl_entry(14);
147860 + ctl_table_no_const *table = sd_alloc_ctl_entry(14);
147861
147862 if (table == NULL)
147863 return NULL;
147864 @@ -301,9 +304,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
147865 return table;
147866 }
147867
147868 -static struct ctl_table *sd_alloc_ctl_cpu_table(int cpu)
147869 +static ctl_table_no_const *sd_alloc_ctl_cpu_table(int cpu)
147870 {
147871 - struct ctl_table *entry, *table;
147872 + ctl_table_no_const *entry, *table;
147873 struct sched_domain *sd;
147874 int domain_num = 0, i;
147875 char buf[32];
147876 @@ -330,11 +333,13 @@ static struct ctl_table_header *sd_sysctl_header;
147877 void register_sched_domain_sysctl(void)
147878 {
147879 int i, cpu_num = num_possible_cpus();
147880 - struct ctl_table *entry = sd_alloc_ctl_entry(cpu_num + 1);
147881 + ctl_table_no_const *entry = sd_alloc_ctl_entry(cpu_num + 1);
147882 char buf[32];
147883
147884 WARN_ON(sd_ctl_dir[0].child);
147885 + pax_open_kernel();
147886 sd_ctl_dir[0].child = entry;
147887 + pax_close_kernel();
147888
147889 if (entry == NULL)
147890 return;
147891 @@ -356,8 +361,12 @@ void unregister_sched_domain_sysctl(void)
147892 {
147893 unregister_sysctl_table(sd_sysctl_header);
147894 sd_sysctl_header = NULL;
147895 - if (sd_ctl_dir[0].child)
147896 - sd_free_ctl_entry(&sd_ctl_dir[0].child);
147897 + if (sd_ctl_dir[0].child) {
147898 + sd_free_ctl_entry(sd_ctl_dir[0].child);
147899 + pax_open_kernel();
147900 + sd_ctl_dir[0].child = NULL;
147901 + pax_close_kernel();
147902 + }
147903 }
147904 #endif /* CONFIG_SYSCTL */
147905 #endif /* CONFIG_SMP */
147906 @@ -801,7 +810,11 @@ static int __init init_sched_debug_procfs(void)
147907 {
147908 struct proc_dir_entry *pe;
147909
147910 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
147911 + pe = proc_create("sched_debug", 0400, NULL, &sched_debug_fops);
147912 +#else
147913 pe = proc_create("sched_debug", 0444, NULL, &sched_debug_fops);
147914 +#endif
147915 if (!pe)
147916 return -ENOMEM;
147917 return 0;
147918 diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
147919 index 8b3610c..94bbee3 100644
147920 --- a/kernel/sched/fair.c
147921 +++ b/kernel/sched/fair.c
147922 @@ -8305,7 +8305,7 @@ static void nohz_idle_balance(struct rq *this_rq, enum cpu_idle_type idle) { }
147923 * run_rebalance_domains is triggered when needed from the scheduler tick.
147924 * Also triggered for nohz idle balancing (with nohz_balancing_kick set).
147925 */
147926 -static void run_rebalance_domains(struct softirq_action *h)
147927 +static __latent_entropy void run_rebalance_domains(void)
147928 {
147929 struct rq *this_rq = this_rq();
147930 enum cpu_idle_type idle = this_rq->idle_balance ?
147931 diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c
147932 index d5690b7..40d1c85 100644
147933 --- a/kernel/sched/rt.c
147934 +++ b/kernel/sched/rt.c
147935 @@ -362,8 +362,8 @@ static inline int has_pushable_tasks(struct rq *rq)
147936 return !plist_head_empty(&rq->rt.pushable_tasks);
147937 }
147938
147939 -static DEFINE_PER_CPU(struct callback_head, rt_push_head);
147940 -static DEFINE_PER_CPU(struct callback_head, rt_pull_head);
147941 +static DEFINE_PER_CPU(struct balance_callback, rt_push_head);
147942 +static DEFINE_PER_CPU(struct balance_callback, rt_pull_head);
147943
147944 static void push_rt_tasks(struct rq *);
147945 static void pull_rt_task(struct rq *);
147946 diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h
147947 index c64fc51..d12559e 100644
147948 --- a/kernel/sched/sched.h
147949 +++ b/kernel/sched/sched.h
147950 @@ -642,7 +642,10 @@ struct rq {
147951 unsigned long cpu_capacity;
147952 unsigned long cpu_capacity_orig;
147953
147954 - struct callback_head *balance_callback;
147955 + struct balance_callback {
147956 + struct balance_callback *next;
147957 + void (*func)(struct rq *rq);
147958 + } *balance_callback;
147959
147960 unsigned char idle_balance;
147961 /* For active balancing */
147962 @@ -788,7 +791,7 @@ extern int migrate_swap(struct task_struct *, struct task_struct *);
147963
147964 static inline void
147965 queue_balance_callback(struct rq *rq,
147966 - struct callback_head *head,
147967 + struct balance_callback *head,
147968 void (*func)(struct rq *rq))
147969 {
147970 lockdep_assert_held(&rq->lock);
147971 @@ -796,7 +799,7 @@ queue_balance_callback(struct rq *rq,
147972 if (unlikely(head->next))
147973 return;
147974
147975 - head->func = (void (*)(struct callback_head *))func;
147976 + head->func = func;
147977 head->next = rq->balance_callback;
147978 rq->balance_callback = head;
147979 }
147980 @@ -1253,7 +1256,7 @@ struct sched_class {
147981 #ifdef CONFIG_FAIR_GROUP_SCHED
147982 void (*task_change_group) (struct task_struct *p, int type);
147983 #endif
147984 -};
147985 +} __do_const;
147986
147987 static inline void put_prev_task(struct rq *rq, struct task_struct *prev)
147988 {
147989 @@ -1323,7 +1326,7 @@ extern struct dl_bandwidth def_dl_bandwidth;
147990 extern void init_dl_bandwidth(struct dl_bandwidth *dl_b, u64 period, u64 runtime);
147991 extern void init_dl_task_timer(struct sched_dl_entity *dl_se);
147992
147993 -unsigned long to_ratio(u64 period, u64 runtime);
147994 +unsigned long __attribute_const__ to_ratio(u64 period, u64 runtime);
147995
147996 extern void init_entity_runnable_average(struct sched_entity *se);
147997 extern void post_init_entity_util_avg(struct sched_entity *se);
147998 diff --git a/kernel/signal.c b/kernel/signal.c
147999 index af21afc..bc14d32 100644
148000 --- a/kernel/signal.c
148001 +++ b/kernel/signal.c
148002 @@ -53,12 +53,12 @@ static struct kmem_cache *sigqueue_cachep;
148003
148004 int print_fatal_signals __read_mostly;
148005
148006 -static void __user *sig_handler(struct task_struct *t, int sig)
148007 +static __sighandler_t sig_handler(struct task_struct *t, int sig)
148008 {
148009 return t->sighand->action[sig - 1].sa.sa_handler;
148010 }
148011
148012 -static int sig_handler_ignored(void __user *handler, int sig)
148013 +static int sig_handler_ignored(__sighandler_t handler, int sig)
148014 {
148015 /* Is it explicitly or implicitly ignored? */
148016 return handler == SIG_IGN ||
148017 @@ -67,7 +67,7 @@ static int sig_handler_ignored(void __user *handler, int sig)
148018
148019 static int sig_task_ignored(struct task_struct *t, int sig, bool force)
148020 {
148021 - void __user *handler;
148022 + __sighandler_t handler;
148023
148024 handler = sig_handler(t, sig);
148025
148026 @@ -372,6 +372,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimi
148027 atomic_inc(&user->sigpending);
148028 rcu_read_unlock();
148029
148030 + if (!override_rlimit)
148031 + gr_learn_resource(t, RLIMIT_SIGPENDING, atomic_read(&user->sigpending), 1);
148032 +
148033 if (override_rlimit ||
148034 atomic_read(&user->sigpending) <=
148035 task_rlimit(t, RLIMIT_SIGPENDING)) {
148036 @@ -494,7 +497,7 @@ flush_signal_handlers(struct task_struct *t, int force_default)
148037
148038 int unhandled_signal(struct task_struct *tsk, int sig)
148039 {
148040 - void __user *handler = tsk->sighand->action[sig-1].sa.sa_handler;
148041 + __sighandler_t handler = tsk->sighand->action[sig-1].sa.sa_handler;
148042 if (is_global_init(tsk))
148043 return 1;
148044 if (handler != SIG_IGN && handler != SIG_DFL)
148045 @@ -556,6 +559,7 @@ static int __dequeue_signal(struct sigpending *pending, sigset_t *mask,
148046 *
148047 * All callers have to hold the siglock.
148048 */
148049 +int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info) __must_hold(&tsk->sighand->siglock);
148050 int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info)
148051 {
148052 int signr;
148053 @@ -742,6 +746,13 @@ static int check_kill_permission(int sig, struct siginfo *info,
148054 }
148055 }
148056
148057 + /* allow glibc communication via tgkill to other threads in our
148058 + thread group */
148059 + if ((info == SEND_SIG_NOINFO || info->si_code != SI_TKILL ||
148060 + sig != (SIGRTMIN+1) || task_tgid_vnr(t) != info->si_pid)
148061 + && gr_handle_signal(t, sig))
148062 + return -EPERM;
148063 +
148064 return security_task_kill(t, info, sig, 0);
148065 }
148066
148067 @@ -1125,7 +1136,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
148068 return send_signal(sig, info, p, 1);
148069 }
148070
148071 -static int
148072 +int
148073 specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t)
148074 {
148075 return send_signal(sig, info, t, 0);
148076 @@ -1162,6 +1173,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
148077 unsigned long int flags;
148078 int ret, blocked, ignored;
148079 struct k_sigaction *action;
148080 + int is_unhandled = 0;
148081
148082 spin_lock_irqsave(&t->sighand->siglock, flags);
148083 action = &t->sighand->action[sig-1];
148084 @@ -1176,9 +1188,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
148085 }
148086 if (action->sa.sa_handler == SIG_DFL)
148087 t->signal->flags &= ~SIGNAL_UNKILLABLE;
148088 + if (action->sa.sa_handler == SIG_IGN || action->sa.sa_handler == SIG_DFL)
148089 + is_unhandled = 1;
148090 ret = specific_send_sig_info(sig, info, t);
148091 spin_unlock_irqrestore(&t->sighand->siglock, flags);
148092
148093 + /* only deal with unhandled signals, java etc trigger SIGSEGV during
148094 + normal operation */
148095 + if (is_unhandled) {
148096 + gr_log_signal(sig, !is_si_special(info) ? info->si_addr : NULL, t);
148097 + gr_handle_crash(t, sig);
148098 + }
148099 +
148100 return ret;
148101 }
148102
148103 @@ -1259,8 +1280,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
148104 ret = check_kill_permission(sig, info, p);
148105 rcu_read_unlock();
148106
148107 - if (!ret && sig)
148108 + if (!ret && sig) {
148109 ret = do_send_sig_info(sig, info, p, true);
148110 + if (!ret)
148111 + gr_log_signal(sig, !is_si_special(info) ? info->si_addr : NULL, p);
148112 + }
148113
148114 return ret;
148115 }
148116 @@ -1774,9 +1798,8 @@ static int sigkill_pending(struct task_struct *tsk)
148117 * If we actually decide not to stop at all because the tracer
148118 * is gone, we keep current->exit_code unless clear_code.
148119 */
148120 +static void ptrace_stop(int exit_code, int why, int clear_code, siginfo_t *info) __must_hold(&current->sighand->siglock);
148121 static void ptrace_stop(int exit_code, int why, int clear_code, siginfo_t *info)
148122 - __releases(&current->sighand->siglock)
148123 - __acquires(&current->sighand->siglock)
148124 {
148125 bool gstop_done = false;
148126
148127 @@ -1896,6 +1919,7 @@ static void ptrace_stop(int exit_code, int why, int clear_code, siginfo_t *info)
148128 recalc_sigpending_tsk(current);
148129 }
148130
148131 +static void ptrace_do_notify(int signr, int exit_code, int why) __must_hold(&current->sighand->siglock);
148132 static void ptrace_do_notify(int signr, int exit_code, int why)
148133 {
148134 siginfo_t info;
148135 @@ -1943,8 +1967,8 @@ void ptrace_notify(int exit_code)
148136 * %false if group stop is already cancelled or ptrace trap is scheduled.
148137 * %true if participated in group stop.
148138 */
148139 +static bool do_signal_stop(int signr) __releases(&current->sighand->siglock);
148140 static bool do_signal_stop(int signr)
148141 - __releases(&current->sighand->siglock)
148142 {
148143 struct signal_struct *sig = current->signal;
148144
148145 @@ -1956,8 +1980,10 @@ static bool do_signal_stop(int signr)
148146 WARN_ON_ONCE(signr & ~JOBCTL_STOP_SIGMASK);
148147
148148 if (!likely(current->jobctl & JOBCTL_STOP_DEQUEUED) ||
148149 - unlikely(signal_group_exit(sig)))
148150 + unlikely(signal_group_exit(sig))) {
148151 + __release(&current->sighand->siglock); // XXX sparse can't model conditional release
148152 return false;
148153 + }
148154 /*
148155 * There is no group stop already in progress. We must
148156 * initiate one now.
148157 @@ -2041,6 +2067,7 @@ static bool do_signal_stop(int signr)
148158 * Schedule it and let the caller deal with it.
148159 */
148160 task_set_jobctl_pending(current, JOBCTL_TRAP_STOP);
148161 + __release(&current->sighand->siglock); // XXX sparse can't model conditional release
148162 return false;
148163 }
148164 }
148165 @@ -2864,7 +2891,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
148166 int error = -ESRCH;
148167
148168 rcu_read_lock();
148169 - p = find_task_by_vpid(pid);
148170 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
148171 + /* allow glibc communication via tgkill to other threads in our
148172 + thread group */
148173 + if (grsec_enable_chroot_findtask && info->si_code == SI_TKILL &&
148174 + sig == (SIGRTMIN+1) && tgid == info->si_pid)
148175 + p = find_task_by_vpid_unrestricted(pid);
148176 + else
148177 +#endif
148178 + p = find_task_by_vpid(pid);
148179 if (p && (tgid <= 0 || task_tgid_vnr(p) == tgid)) {
148180 error = check_kill_permission(sig, info, p);
148181 /*
148182 @@ -3196,8 +3231,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack,
148183 }
148184 seg = get_fs();
148185 set_fs(KERNEL_DS);
148186 - ret = do_sigaltstack((stack_t __force __user *) (uss_ptr ? &uss : NULL),
148187 - (stack_t __force __user *) &uoss,
148188 + ret = do_sigaltstack((stack_t __force_user *) (uss_ptr ? &uss : NULL),
148189 + (stack_t __force_user *) &uoss,
148190 compat_user_stack_pointer());
148191 set_fs(seg);
148192 if (ret >= 0 && uoss_ptr) {
148193 @@ -3481,7 +3516,7 @@ SYSCALL_DEFINE1(ssetmask, int, newmask)
148194 SYSCALL_DEFINE2(signal, int, sig, __sighandler_t, handler)
148195 {
148196 struct k_sigaction new_sa, old_sa;
148197 - int ret;
148198 + long ret;
148199
148200 new_sa.sa.sa_handler = handler;
148201 new_sa.sa.sa_flags = SA_ONESHOT | SA_NOMASK;
148202 @@ -3489,7 +3524,7 @@ SYSCALL_DEFINE2(signal, int, sig, __sighandler_t, handler)
148203
148204 ret = do_sigaction(sig, &new_sa, &old_sa);
148205
148206 - return ret ? ret : (unsigned long)old_sa.sa.sa_handler;
148207 + return ret ? ret : (long)old_sa.sa.sa_handler;
148208 }
148209 #endif /* __ARCH_WANT_SYS_SIGNAL */
148210
148211 diff --git a/kernel/smp.c b/kernel/smp.c
148212 index 3aa642d..3200019 100644
148213 --- a/kernel/smp.c
148214 +++ b/kernel/smp.c
148215 @@ -573,7 +573,7 @@ void __init smp_init(void)
148216 * early_boot_irqs_disabled is set. Use local_irq_save/restore() instead
148217 * of local_irq_disable/enable().
148218 */
148219 -int on_each_cpu(void (*func) (void *info), void *info, int wait)
148220 +int on_each_cpu(smp_call_func_t func, void *info, int wait)
148221 {
148222 unsigned long flags;
148223 int ret = 0;
148224 diff --git a/kernel/smpboot.c b/kernel/smpboot.c
148225 index 13bc43d..e7068a2 100644
148226 --- a/kernel/smpboot.c
148227 +++ b/kernel/smpboot.c
148228 @@ -13,6 +13,7 @@
148229 #include <linux/percpu.h>
148230 #include <linux/kthread.h>
148231 #include <linux/smpboot.h>
148232 +#include <asm/pgtable.h>
148233
148234 #include "smpboot.h"
148235
148236 @@ -303,7 +304,7 @@ int smpboot_register_percpu_thread_cpumask(struct smp_hotplug_thread *plug_threa
148237 if (cpumask_test_cpu(cpu, cpumask))
148238 smpboot_unpark_thread(plug_thread, cpu);
148239 }
148240 - list_add(&plug_thread->list, &hotplug_threads);
148241 + pax_list_add(&plug_thread->list, &hotplug_threads);
148242 out:
148243 mutex_unlock(&smpboot_threads_lock);
148244 put_online_cpus();
148245 @@ -321,7 +322,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread)
148246 {
148247 get_online_cpus();
148248 mutex_lock(&smpboot_threads_lock);
148249 - list_del(&plug_thread->list);
148250 + pax_list_del(&plug_thread->list);
148251 smpboot_destroy_threads(plug_thread);
148252 mutex_unlock(&smpboot_threads_lock);
148253 put_online_cpus();
148254 @@ -361,7 +362,9 @@ int smpboot_update_cpumask_percpu_thread(struct smp_hotplug_thread *plug_thread,
148255 for_each_cpu_and(cpu, tmp, cpu_online_mask)
148256 smpboot_unpark_thread(plug_thread, cpu);
148257
148258 + pax_open_kernel();
148259 cpumask_copy(old, new);
148260 + pax_close_kernel();
148261
148262 mutex_unlock(&smpboot_threads_lock);
148263 put_online_cpus();
148264 diff --git a/kernel/softirq.c b/kernel/softirq.c
148265 index 17caf4b..2e68ae7 100644
148266 --- a/kernel/softirq.c
148267 +++ b/kernel/softirq.c
148268 @@ -53,7 +53,7 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned;
148269 EXPORT_SYMBOL(irq_stat);
148270 #endif
148271
148272 -static struct softirq_action softirq_vec[NR_SOFTIRQS] __cacheline_aligned_in_smp;
148273 +static struct softirq_action softirq_vec[NR_SOFTIRQS] __read_only __aligned(PAGE_SIZE);
148274
148275 DEFINE_PER_CPU(struct task_struct *, ksoftirqd);
148276
148277 @@ -270,7 +270,7 @@ restart:
148278 kstat_incr_softirqs_this_cpu(vec_nr);
148279
148280 trace_softirq_entry(vec_nr);
148281 - h->action(h);
148282 + h->action();
148283 trace_softirq_exit(vec_nr);
148284 if (unlikely(prev_count != preempt_count())) {
148285 pr_err("huh, entered softirq %u %s %p with preempt_count %08x, exited with %08x?\n",
148286 @@ -430,7 +430,7 @@ void __raise_softirq_irqoff(unsigned int nr)
148287 or_softirq_pending(1UL << nr);
148288 }
148289
148290 -void open_softirq(int nr, void (*action)(struct softirq_action *))
148291 +void __init open_softirq(int nr, void (*action)(void))
148292 {
148293 softirq_vec[nr].action = action;
148294 }
148295 @@ -482,7 +482,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t)
148296 }
148297 EXPORT_SYMBOL(__tasklet_hi_schedule_first);
148298
148299 -static void tasklet_action(struct softirq_action *a)
148300 +static __latent_entropy void tasklet_action(void)
148301 {
148302 struct tasklet_struct *list;
148303
148304 @@ -518,7 +518,7 @@ static void tasklet_action(struct softirq_action *a)
148305 }
148306 }
148307
148308 -static void tasklet_hi_action(struct softirq_action *a)
148309 +static __latent_entropy void tasklet_hi_action(void)
148310 {
148311 struct tasklet_struct *list;
148312
148313 @@ -744,7 +744,7 @@ static struct notifier_block cpu_nfb = {
148314 .notifier_call = cpu_callback
148315 };
148316
148317 -static struct smp_hotplug_thread softirq_threads = {
148318 +static struct smp_hotplug_thread softirq_threads __read_only = {
148319 .store = &ksoftirqd,
148320 .thread_should_run = ksoftirqd_should_run,
148321 .thread_fn = run_ksoftirqd,
148322 diff --git a/kernel/stop_machine.c b/kernel/stop_machine.c
148323 index 4a1ca5f..98ccb56 100644
148324 --- a/kernel/stop_machine.c
148325 +++ b/kernel/stop_machine.c
148326 @@ -509,7 +509,7 @@ void stop_machine_unpark(int cpu)
148327 kthread_unpark(stopper->thread);
148328 }
148329
148330 -static struct smp_hotplug_thread cpu_stop_threads = {
148331 +static struct smp_hotplug_thread cpu_stop_threads __read_only = {
148332 .store = &cpu_stopper.thread,
148333 .thread_should_run = cpu_stop_should_run,
148334 .thread_fn = cpu_stopper_thread,
148335 diff --git a/kernel/sys.c b/kernel/sys.c
148336 index 89d5be4..441bef3 100644
148337 --- a/kernel/sys.c
148338 +++ b/kernel/sys.c
148339 @@ -160,6 +160,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
148340 error = -EACCES;
148341 goto out;
148342 }
148343 +
148344 + if (gr_handle_chroot_setpriority(p, niceval)) {
148345 + error = -EACCES;
148346 + goto out;
148347 + }
148348 +
148349 no_nice = security_task_setnice(p, niceval);
148350 if (no_nice) {
148351 error = no_nice;
148352 @@ -366,6 +372,20 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
148353 goto error;
148354 }
148355
148356 + if (gr_check_group_change(new->gid, new->egid, INVALID_GID))
148357 + goto error;
148358 +
148359 + if (!gid_eq(new->gid, old->gid)) {
148360 + /* make sure we generate a learn log for what will
148361 + end up being a role transition after a full-learning
148362 + policy is generated
148363 + CAP_SETGID is required to perform a transition
148364 + we may not log a CAP_SETGID check above, e.g.
148365 + in the case where new rgid = old egid
148366 + */
148367 + gr_learn_cap(current, new, CAP_SETGID, true);
148368 + }
148369 +
148370 if (rgid != (gid_t) -1 ||
148371 (egid != (gid_t) -1 && !gid_eq(kegid, old->gid)))
148372 new->sgid = new->egid;
148373 @@ -401,6 +421,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
148374 old = current_cred();
148375
148376 retval = -EPERM;
148377 +
148378 + if (gr_check_group_change(kgid, kgid, kgid))
148379 + goto error;
148380 +
148381 if (ns_capable(old->user_ns, CAP_SETGID))
148382 new->gid = new->egid = new->sgid = new->fsgid = kgid;
148383 else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid))
148384 @@ -418,7 +442,7 @@ error:
148385 /*
148386 * change the user struct in a credentials set to match the new UID
148387 */
148388 -static int set_user(struct cred *new)
148389 +int set_user(struct cred *new)
148390 {
148391 struct user_struct *new_user;
148392
148393 @@ -498,7 +522,18 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
148394 goto error;
148395 }
148396
148397 + if (gr_check_user_change(new->uid, new->euid, INVALID_UID))
148398 + goto error;
148399 +
148400 if (!uid_eq(new->uid, old->uid)) {
148401 + /* make sure we generate a learn log for what will
148402 + end up being a role transition after a full-learning
148403 + policy is generated
148404 + CAP_SETUID is required to perform a transition
148405 + we may not log a CAP_SETUID check above, e.g.
148406 + in the case where new ruid = old euid
148407 + */
148408 + gr_learn_cap(current, new, CAP_SETUID, true);
148409 retval = set_user(new);
148410 if (retval < 0)
148411 goto error;
148412 @@ -548,6 +583,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
148413 old = current_cred();
148414
148415 retval = -EPERM;
148416 +
148417 + if (gr_check_crash_uid(kuid))
148418 + goto error;
148419 + if (gr_check_user_change(kuid, kuid, kuid))
148420 + goto error;
148421 +
148422 if (ns_capable(old->user_ns, CAP_SETUID)) {
148423 new->suid = new->uid = kuid;
148424 if (!uid_eq(kuid, old->uid)) {
148425 @@ -617,6 +658,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
148426 goto error;
148427 }
148428
148429 + if (gr_check_user_change(kruid, keuid, INVALID_UID))
148430 + goto error;
148431 +
148432 if (ruid != (uid_t) -1) {
148433 new->uid = kruid;
148434 if (!uid_eq(kruid, old->uid)) {
148435 @@ -701,6 +745,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
148436 goto error;
148437 }
148438
148439 + if (gr_check_group_change(krgid, kegid, INVALID_GID))
148440 + goto error;
148441 +
148442 if (rgid != (gid_t) -1)
148443 new->gid = krgid;
148444 if (egid != (gid_t) -1)
148445 @@ -765,12 +812,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
148446 uid_eq(kuid, old->suid) || uid_eq(kuid, old->fsuid) ||
148447 ns_capable(old->user_ns, CAP_SETUID)) {
148448 if (!uid_eq(kuid, old->fsuid)) {
148449 + if (gr_check_user_change(INVALID_UID, INVALID_UID, kuid))
148450 + goto error;
148451 +
148452 new->fsuid = kuid;
148453 if (security_task_fix_setuid(new, old, LSM_SETID_FS) == 0)
148454 goto change_okay;
148455 }
148456 }
148457
148458 +error:
148459 abort_creds(new);
148460 return old_fsuid;
148461
148462 @@ -803,12 +854,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
148463 if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->egid) ||
148464 gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) ||
148465 ns_capable(old->user_ns, CAP_SETGID)) {
148466 + if (gr_check_group_change(INVALID_GID, INVALID_GID, kgid))
148467 + goto error;
148468 +
148469 if (!gid_eq(kgid, old->fsgid)) {
148470 new->fsgid = kgid;
148471 goto change_okay;
148472 }
148473 }
148474
148475 +error:
148476 abort_creds(new);
148477 return old_fsgid;
148478
148479 @@ -1187,19 +1242,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
148480 return -EFAULT;
148481
148482 down_read(&uts_sem);
148483 - error = __copy_to_user(&name->sysname, &utsname()->sysname,
148484 + error = __copy_to_user(name->sysname, &utsname()->sysname,
148485 __OLD_UTS_LEN);
148486 error |= __put_user(0, name->sysname + __OLD_UTS_LEN);
148487 - error |= __copy_to_user(&name->nodename, &utsname()->nodename,
148488 + error |= __copy_to_user(name->nodename, &utsname()->nodename,
148489 __OLD_UTS_LEN);
148490 error |= __put_user(0, name->nodename + __OLD_UTS_LEN);
148491 - error |= __copy_to_user(&name->release, &utsname()->release,
148492 + error |= __copy_to_user(name->release, &utsname()->release,
148493 __OLD_UTS_LEN);
148494 error |= __put_user(0, name->release + __OLD_UTS_LEN);
148495 - error |= __copy_to_user(&name->version, &utsname()->version,
148496 + error |= __copy_to_user(name->version, &utsname()->version,
148497 __OLD_UTS_LEN);
148498 error |= __put_user(0, name->version + __OLD_UTS_LEN);
148499 - error |= __copy_to_user(&name->machine, &utsname()->machine,
148500 + error |= __copy_to_user(name->machine, &utsname()->machine,
148501 __OLD_UTS_LEN);
148502 error |= __put_user(0, name->machine + __OLD_UTS_LEN);
148503 up_read(&uts_sem);
148504 @@ -1400,6 +1455,13 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource,
148505 */
148506 new_rlim->rlim_cur = 1;
148507 }
148508 + /* Handle the case where a fork and setuid occur and then RLIMIT_NPROC
148509 + is changed to a lower value. Since tasks can be created by the same
148510 + user in between this limit change and an execve by this task, force
148511 + a recheck only for this task by setting PF_NPROC_EXCEEDED
148512 + */
148513 + if (resource == RLIMIT_NPROC && tsk->real_cred->user != INIT_USER)
148514 + tsk->flags |= PF_NPROC_EXCEEDED;
148515 }
148516 if (!retval) {
148517 if (old_rlim)
148518 diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c
148519 index 2c5e3a8..301fb1a 100644
148520 --- a/kernel/sys_ni.c
148521 +++ b/kernel/sys_ni.c
148522 @@ -6,12 +6,12 @@
148523
148524 /* we can't #include <linux/syscalls.h> here,
148525 but tell gcc to not warn with -Wmissing-prototypes */
148526 -asmlinkage long sys_ni_syscall(void);
148527 +asmlinkage long sys_ni_syscall(unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, unsigned long);
148528
148529 /*
148530 * Non-implemented system calls get redirected here.
148531 */
148532 -asmlinkage long sys_ni_syscall(void)
148533 +asmlinkage long sys_ni_syscall(unsigned long a, unsigned long b, unsigned long c, unsigned long d, unsigned long e, unsigned long f)
148534 {
148535 return -ENOSYS;
148536 }
148537 diff --git a/kernel/sysctl.c b/kernel/sysctl.c
148538 index a13bbda..745603f 100644
148539 --- a/kernel/sysctl.c
148540 +++ b/kernel/sysctl.c
148541 @@ -95,7 +95,6 @@
148542 #endif
148543
148544 #if defined(CONFIG_SYSCTL)
148545 -
148546 /* External variables not in a header file. */
148547 extern int suid_dumpable;
148548 #ifdef CONFIG_COREDUMP
148549 @@ -112,23 +111,25 @@ extern int sysctl_nr_open_min, sysctl_nr_open_max;
148550 #ifndef CONFIG_MMU
148551 extern int sysctl_nr_trim_pages;
148552 #endif
148553 +extern int sysctl_modify_ldt;
148554
148555 /* Constants used for minimum and maximum */
148556 #ifdef CONFIG_LOCKUP_DETECTOR
148557 -static int sixty = 60;
148558 +static int sixty __read_only = 60;
148559 #endif
148560
148561 -static int __maybe_unused neg_one = -1;
148562 +static int __maybe_unused neg_one __read_only = -1;
148563
148564 -static int zero;
148565 -static int __maybe_unused one = 1;
148566 -static int __maybe_unused two = 2;
148567 -static int __maybe_unused four = 4;
148568 -static unsigned long one_ul = 1;
148569 -static int one_hundred = 100;
148570 -static int one_thousand = 1000;
148571 +static int zero __read_only = 0;
148572 +static int __maybe_unused one __read_only = 1;
148573 +static int __maybe_unused two __read_only = 2;
148574 +static int __maybe_unused three __read_only = 3;
148575 +static int __maybe_unused four __read_only = 4;
148576 +static unsigned long one_ul __read_only = 1;
148577 +static int one_hundred __read_only = 100;
148578 +static int one_thousand __read_only = 1000;
148579 #ifdef CONFIG_PRINTK
148580 -static int ten_thousand = 10000;
148581 +static int ten_thousand __read_only = 10000;
148582 #endif
148583 #ifdef CONFIG_PERF_EVENTS
148584 static int six_hundred_forty_kb = 640 * 1024;
148585 @@ -185,10 +186,8 @@ static int proc_taint(struct ctl_table *table, int write,
148586 void __user *buffer, size_t *lenp, loff_t *ppos);
148587 #endif
148588
148589 -#ifdef CONFIG_PRINTK
148590 -static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
148591 +static int proc_dointvec_minmax_secure_sysadmin(struct ctl_table *table, int write,
148592 void __user *buffer, size_t *lenp, loff_t *ppos);
148593 -#endif
148594
148595 static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write,
148596 void __user *buffer, size_t *lenp, loff_t *ppos);
148597 @@ -219,6 +218,8 @@ static int sysrq_sysctl_handler(struct ctl_table *table, int write,
148598
148599 #endif
148600
148601 +extern struct ctl_table grsecurity_table[];
148602 +
148603 static struct ctl_table kern_table[];
148604 static struct ctl_table vm_table[];
148605 static struct ctl_table fs_table[];
148606 @@ -233,6 +234,20 @@ extern struct ctl_table epoll_table[];
148607 int sysctl_legacy_va_layout;
148608 #endif
148609
148610 +#ifdef CONFIG_PAX_SOFTMODE
148611 +static struct ctl_table pax_table[] = {
148612 + {
148613 + .procname = "softmode",
148614 + .data = &pax_softmode,
148615 + .maxlen = sizeof(unsigned int),
148616 + .mode = 0600,
148617 + .proc_handler = &proc_dointvec,
148618 + },
148619 +
148620 + { }
148621 +};
148622 +#endif
148623 +
148624 /* The default sysctl tables: */
148625
148626 static struct ctl_table sysctl_base_table[] = {
148627 @@ -281,6 +296,22 @@ static int max_extfrag_threshold = 1000;
148628 #endif
148629
148630 static struct ctl_table kern_table[] = {
148631 +#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS)
148632 + {
148633 + .procname = "grsecurity",
148634 + .mode = 0500,
148635 + .child = grsecurity_table,
148636 + },
148637 +#endif
148638 +
148639 +#ifdef CONFIG_PAX_SOFTMODE
148640 + {
148641 + .procname = "pax",
148642 + .mode = 0500,
148643 + .child = pax_table,
148644 + },
148645 +#endif
148646 +
148647 {
148648 .procname = "sched_child_runs_first",
148649 .data = &sysctl_sched_child_runs_first,
148650 @@ -644,7 +675,7 @@ static struct ctl_table kern_table[] = {
148651 .maxlen = sizeof(int),
148652 .mode = 0644,
148653 /* only handle a transition from default "0" to "1" */
148654 - .proc_handler = proc_dointvec_minmax,
148655 + .proc_handler = proc_dointvec_minmax_secure,
148656 .extra1 = &one,
148657 .extra2 = &one,
148658 },
148659 @@ -655,7 +686,7 @@ static struct ctl_table kern_table[] = {
148660 .data = &modprobe_path,
148661 .maxlen = KMOD_PATH_LEN,
148662 .mode = 0644,
148663 - .proc_handler = proc_dostring,
148664 + .proc_handler = proc_dostring_modpriv,
148665 },
148666 {
148667 .procname = "modules_disabled",
148668 @@ -663,7 +694,7 @@ static struct ctl_table kern_table[] = {
148669 .maxlen = sizeof(int),
148670 .mode = 0644,
148671 /* only handle a transition from default "0" to "1" */
148672 - .proc_handler = proc_dointvec_minmax,
148673 + .proc_handler = proc_dointvec_minmax_secure,
148674 .extra1 = &one,
148675 .extra2 = &one,
148676 },
148677 @@ -825,20 +856,24 @@ static struct ctl_table kern_table[] = {
148678 .data = &dmesg_restrict,
148679 .maxlen = sizeof(int),
148680 .mode = 0644,
148681 - .proc_handler = proc_dointvec_minmax_sysadmin,
148682 + .proc_handler = proc_dointvec_minmax_secure_sysadmin,
148683 .extra1 = &zero,
148684 .extra2 = &one,
148685 },
148686 +#endif
148687 {
148688 .procname = "kptr_restrict",
148689 .data = &kptr_restrict,
148690 .maxlen = sizeof(int),
148691 .mode = 0644,
148692 - .proc_handler = proc_dointvec_minmax_sysadmin,
148693 + .proc_handler = proc_dointvec_minmax_secure_sysadmin,
148694 +#ifdef CONFIG_GRKERNSEC_HIDESYM
148695 + .extra1 = &one,
148696 +#else
148697 .extra1 = &zero,
148698 +#endif
148699 .extra2 = &two,
148700 },
148701 -#endif
148702 {
148703 .procname = "ngroups_max",
148704 .data = &ngroups_max,
148705 @@ -1003,6 +1038,17 @@ static struct ctl_table kern_table[] = {
148706 .mode = 0644,
148707 .proc_handler = proc_dointvec,
148708 },
148709 +#ifdef CONFIG_MODIFY_LDT_SYSCALL
148710 + {
148711 + .procname = "modify_ldt",
148712 + .data = &sysctl_modify_ldt,
148713 + .maxlen = sizeof(int),
148714 + .mode = 0644,
148715 + .proc_handler = proc_dointvec_minmax_secure_sysadmin,
148716 + .extra1 = &zero,
148717 + .extra2 = &one,
148718 + },
148719 +#endif
148720 #endif
148721 #if defined(CONFIG_MMU)
148722 {
148723 @@ -1125,10 +1171,17 @@ static struct ctl_table kern_table[] = {
148724 */
148725 {
148726 .procname = "perf_event_paranoid",
148727 - .data = &sysctl_perf_event_paranoid,
148728 - .maxlen = sizeof(sysctl_perf_event_paranoid),
148729 + .data = &sysctl_perf_event_legitimately_concerned,
148730 + .maxlen = sizeof(sysctl_perf_event_legitimately_concerned),
148731 .mode = 0644,
148732 - .proc_handler = proc_dointvec,
148733 + /* go ahead, be a hero */
148734 + .proc_handler = proc_dointvec_minmax_secure_sysadmin,
148735 + .extra1 = &neg_one,
148736 +#ifdef CONFIG_GRKERNSEC_PERF_HARDEN
148737 + .extra2 = &three,
148738 +#else
148739 + .extra2 = &two,
148740 +#endif
148741 },
148742 {
148743 .procname = "perf_event_mlock_kb",
148744 @@ -1469,6 +1522,13 @@ static struct ctl_table vm_table[] = {
148745 .proc_handler = proc_dointvec_minmax,
148746 .extra1 = &zero,
148747 },
148748 + {
148749 + .procname = "heap_stack_gap",
148750 + .data = &sysctl_heap_stack_gap,
148751 + .maxlen = sizeof(sysctl_heap_stack_gap),
148752 + .mode = 0644,
148753 + .proc_handler = proc_doulongvec_minmax,
148754 + },
148755 #else
148756 {
148757 .procname = "nr_trim_pages",
148758 @@ -1988,6 +2048,16 @@ int proc_dostring(struct ctl_table *table, int write,
148759 (char __user *)buffer, lenp, ppos);
148760 }
148761
148762 +int proc_dostring_modpriv(struct ctl_table *table, int write,
148763 + void __user *buffer, size_t *lenp, loff_t *ppos)
148764 +{
148765 + if (write && !capable(CAP_SYS_MODULE))
148766 + return -EPERM;
148767 +
148768 + return _proc_do_string(table->data, table->maxlen, write,
148769 + buffer, lenp, ppos);
148770 +}
148771 +
148772 static size_t proc_skip_spaces(char **buf)
148773 {
148774 size_t ret;
148775 @@ -2093,6 +2163,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
148776 len = strlen(tmp);
148777 if (len > *size)
148778 len = *size;
148779 + if (len > sizeof(tmp))
148780 + len = sizeof(tmp);
148781 if (copy_to_user(*buf, tmp, len))
148782 return -EFAULT;
148783 *size -= len;
148784 @@ -2297,6 +2369,44 @@ int proc_douintvec(struct ctl_table *table, int write,
148785 do_proc_douintvec_conv, NULL);
148786 }
148787
148788 +static int do_proc_dointvec_conv_secure(bool *negp, unsigned long *lvalp,
148789 + int *valp,
148790 + int write, void *data)
148791 +{
148792 + if (write) {
148793 + if (*negp) {
148794 + if (*lvalp > (unsigned long) INT_MAX + 1)
148795 + return -EINVAL;
148796 + pax_open_kernel();
148797 + *valp = -*lvalp;
148798 + pax_close_kernel();
148799 + } else {
148800 + if (*lvalp > (unsigned long) INT_MAX)
148801 + return -EINVAL;
148802 + pax_open_kernel();
148803 + *valp = *lvalp;
148804 + pax_close_kernel();
148805 + }
148806 + } else {
148807 + int val = *valp;
148808 + if (val < 0) {
148809 + *negp = true;
148810 + *lvalp = -(unsigned long)val;
148811 + } else {
148812 + *negp = false;
148813 + *lvalp = (unsigned long)val;
148814 + }
148815 + }
148816 + return 0;
148817 +}
148818 +
148819 +int proc_dointvec_secure(struct ctl_table *table, int write,
148820 + void __user *buffer, size_t *lenp, loff_t *ppos)
148821 +{
148822 + return do_proc_dointvec(table,write,buffer,lenp,ppos,
148823 + do_proc_dointvec_conv_secure,NULL);
148824 +}
148825 +
148826 /*
148827 * Taint values can only be increased
148828 * This means we can safely use a temporary.
148829 @@ -2304,7 +2414,7 @@ int proc_douintvec(struct ctl_table *table, int write,
148830 static int proc_taint(struct ctl_table *table, int write,
148831 void __user *buffer, size_t *lenp, loff_t *ppos)
148832 {
148833 - struct ctl_table t;
148834 + ctl_table_no_const t;
148835 unsigned long tmptaint = get_taint();
148836 int err;
148837
148838 @@ -2332,16 +2442,14 @@ static int proc_taint(struct ctl_table *table, int write,
148839 return err;
148840 }
148841
148842 -#ifdef CONFIG_PRINTK
148843 -static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
148844 +static int proc_dointvec_minmax_secure_sysadmin(struct ctl_table *table, int write,
148845 void __user *buffer, size_t *lenp, loff_t *ppos)
148846 {
148847 if (write && !capable(CAP_SYS_ADMIN))
148848 return -EPERM;
148849
148850 - return proc_dointvec_minmax(table, write, buffer, lenp, ppos);
148851 + return proc_dointvec_minmax_secure(table, write, buffer, lenp, ppos);
148852 }
148853 -#endif
148854
148855 struct do_proc_dointvec_minmax_conv_param {
148856 int *min;
148857 @@ -2372,6 +2480,32 @@ static int do_proc_dointvec_minmax_conv(bool *negp, unsigned long *lvalp,
148858 return 0;
148859 }
148860
148861 +static int do_proc_dointvec_minmax_conv_secure(bool *negp, unsigned long *lvalp,
148862 + int *valp,
148863 + int write, void *data)
148864 +{
148865 + struct do_proc_dointvec_minmax_conv_param *param = data;
148866 + if (write) {
148867 + int val = *negp ? -*lvalp : *lvalp;
148868 + if ((param->min && *param->min > val) ||
148869 + (param->max && *param->max < val))
148870 + return -EINVAL;
148871 + pax_open_kernel();
148872 + *valp = val;
148873 + pax_close_kernel();
148874 + } else {
148875 + int val = *valp;
148876 + if (val < 0) {
148877 + *negp = true;
148878 + *lvalp = -(unsigned long)val;
148879 + } else {
148880 + *negp = false;
148881 + *lvalp = (unsigned long)val;
148882 + }
148883 + }
148884 + return 0;
148885 +}
148886 +
148887 /**
148888 * proc_dointvec_minmax - read a vector of integers with min/max values
148889 * @table: the sysctl table
148890 @@ -2399,6 +2533,17 @@ int proc_dointvec_minmax(struct ctl_table *table, int write,
148891 do_proc_dointvec_minmax_conv, &param);
148892 }
148893
148894 +int proc_dointvec_minmax_secure(struct ctl_table *table, int write,
148895 + void __user *buffer, size_t *lenp, loff_t *ppos)
148896 +{
148897 + struct do_proc_dointvec_minmax_conv_param param = {
148898 + .min = (int *) table->extra1,
148899 + .max = (int *) table->extra2,
148900 + };
148901 + return do_proc_dointvec(table, write, buffer, lenp, ppos,
148902 + do_proc_dointvec_minmax_conv_secure, &param);
148903 +}
148904 +
148905 static void validate_coredump_safety(void)
148906 {
148907 #ifdef CONFIG_COREDUMP
148908 @@ -2886,6 +3031,12 @@ int proc_dostring(struct ctl_table *table, int write,
148909 return -ENOSYS;
148910 }
148911
148912 +int proc_dostring_modpriv(struct ctl_table *table, int write,
148913 + void __user *buffer, size_t *lenp, loff_t *ppos)
148914 +{
148915 + return -ENOSYS;
148916 +}
148917 +
148918 int proc_dointvec(struct ctl_table *table, int write,
148919 void __user *buffer, size_t *lenp, loff_t *ppos)
148920 {
148921 @@ -2949,5 +3100,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax);
148922 EXPORT_SYMBOL(proc_dointvec_userhz_jiffies);
148923 EXPORT_SYMBOL(proc_dointvec_ms_jiffies);
148924 EXPORT_SYMBOL(proc_dostring);
148925 +EXPORT_SYMBOL(proc_dostring_modpriv);
148926 EXPORT_SYMBOL(proc_doulongvec_minmax);
148927 EXPORT_SYMBOL(proc_doulongvec_ms_jiffies_minmax);
148928 diff --git a/kernel/taskstats.c b/kernel/taskstats.c
148929 index b3f05ee..b1b5044 100644
148930 --- a/kernel/taskstats.c
148931 +++ b/kernel/taskstats.c
148932 @@ -28,9 +28,12 @@
148933 #include <linux/fs.h>
148934 #include <linux/file.h>
148935 #include <linux/pid_namespace.h>
148936 +#include <linux/grsecurity.h>
148937 #include <net/genetlink.h>
148938 #include <linux/atomic.h>
148939
148940 +extern int gr_is_taskstats_denied(int pid);
148941 +
148942 /*
148943 * Maximum length of a cpumask that can be specified in
148944 * the TASKSTATS_CMD_ATTR_REGISTER/DEREGISTER_CPUMASK attribute
148945 @@ -540,6 +543,9 @@ err:
148946
148947 static int taskstats_user_cmd(struct sk_buff *skb, struct genl_info *info)
148948 {
148949 + if (gr_is_taskstats_denied(current->pid))
148950 + return -EACCES;
148951 +
148952 if (info->attrs[TASKSTATS_CMD_ATTR_REGISTER_CPUMASK])
148953 return cmd_attr_register_cpumask(info);
148954 else if (info->attrs[TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK])
148955 diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c
148956 index c3aad68..c4b87f3 100644
148957 --- a/kernel/time/alarmtimer.c
148958 +++ b/kernel/time/alarmtimer.c
148959 @@ -522,7 +522,7 @@ static int alarm_clock_getres(const clockid_t which_clock, struct timespec *tp)
148960 *
148961 * Provides the underlying alarm base time.
148962 */
148963 -static int alarm_clock_get(clockid_t which_clock, struct timespec *tp)
148964 +static int alarm_clock_get(const clockid_t which_clock, struct timespec *tp)
148965 {
148966 struct alarm_base *base = &alarm_bases[clock2alarm(which_clock)];
148967
148968 @@ -836,7 +836,7 @@ static int __init alarmtimer_init(void)
148969 struct platform_device *pdev;
148970 int error = 0;
148971 int i;
148972 - struct k_clock alarm_clock = {
148973 + static struct k_clock alarm_clock = {
148974 .clock_getres = alarm_clock_getres,
148975 .clock_get = alarm_clock_get,
148976 .timer_create = alarm_timer_create,
148977 diff --git a/kernel/time/posix-clock.c b/kernel/time/posix-clock.c
148978 index 9cff0ab..0e69c94 100644
148979 --- a/kernel/time/posix-clock.c
148980 +++ b/kernel/time/posix-clock.c
148981 @@ -273,7 +273,7 @@ static void put_clock_desc(struct posix_clock_desc *cd)
148982 fput(cd->fp);
148983 }
148984
148985 -static int pc_clock_adjtime(clockid_t id, struct timex *tx)
148986 +static int pc_clock_adjtime(const clockid_t id, struct timex *tx)
148987 {
148988 struct posix_clock_desc cd;
148989 int err;
148990 @@ -297,7 +297,7 @@ out:
148991 return err;
148992 }
148993
148994 -static int pc_clock_gettime(clockid_t id, struct timespec *ts)
148995 +static int pc_clock_gettime(const clockid_t id, struct timespec *ts)
148996 {
148997 struct posix_clock_desc cd;
148998 int err;
148999 @@ -316,7 +316,7 @@ static int pc_clock_gettime(clockid_t id, struct timespec *ts)
149000 return err;
149001 }
149002
149003 -static int pc_clock_getres(clockid_t id, struct timespec *ts)
149004 +static int pc_clock_getres(const clockid_t id, struct timespec *ts)
149005 {
149006 struct posix_clock_desc cd;
149007 int err;
149008 @@ -335,7 +335,7 @@ static int pc_clock_getres(clockid_t id, struct timespec *ts)
149009 return err;
149010 }
149011
149012 -static int pc_clock_settime(clockid_t id, const struct timespec *ts)
149013 +static int pc_clock_settime(const clockid_t id, const struct timespec *ts)
149014 {
149015 struct posix_clock_desc cd;
149016 int err;
149017 diff --git a/kernel/time/posix-cpu-timers.c b/kernel/time/posix-cpu-timers.c
149018 index 39008d7..0a60468 100644
149019 --- a/kernel/time/posix-cpu-timers.c
149020 +++ b/kernel/time/posix-cpu-timers.c
149021 @@ -1468,14 +1468,14 @@ struct k_clock clock_posix_cpu = {
149022
149023 static __init int init_posix_cpu_timers(void)
149024 {
149025 - struct k_clock process = {
149026 + static struct k_clock process = {
149027 .clock_getres = process_cpu_clock_getres,
149028 .clock_get = process_cpu_clock_get,
149029 .timer_create = process_cpu_timer_create,
149030 .nsleep = process_cpu_nsleep,
149031 .nsleep_restart = process_cpu_nsleep_restart,
149032 };
149033 - struct k_clock thread = {
149034 + static struct k_clock thread = {
149035 .clock_getres = thread_cpu_clock_getres,
149036 .clock_get = thread_cpu_clock_get,
149037 .timer_create = thread_cpu_timer_create,
149038 diff --git a/kernel/time/posix-timers.c b/kernel/time/posix-timers.c
149039 index f2826c3..7e6663a 100644
149040 --- a/kernel/time/posix-timers.c
149041 +++ b/kernel/time/posix-timers.c
149042 @@ -43,6 +43,7 @@
149043 #include <linux/hash.h>
149044 #include <linux/posix-clock.h>
149045 #include <linux/posix-timers.h>
149046 +#include <linux/grsecurity.h>
149047 #include <linux/syscalls.h>
149048 #include <linux/wait.h>
149049 #include <linux/workqueue.h>
149050 @@ -124,7 +125,7 @@ static DEFINE_SPINLOCK(hash_lock);
149051 * which we beg off on and pass to do_sys_settimeofday().
149052 */
149053
149054 -static struct k_clock posix_clocks[MAX_CLOCKS];
149055 +static struct k_clock *posix_clocks[MAX_CLOCKS];
149056
149057 /*
149058 * These ones are defined below.
149059 @@ -203,7 +204,7 @@ static inline void unlock_timer(struct k_itimer *timr, unsigned long flags)
149060 }
149061
149062 /* Get clock_realtime */
149063 -static int posix_clock_realtime_get(clockid_t which_clock, struct timespec *tp)
149064 +static int posix_clock_realtime_get(const clockid_t which_clock, struct timespec *tp)
149065 {
149066 ktime_get_real_ts(tp);
149067 return 0;
149068 @@ -225,7 +226,7 @@ static int posix_clock_realtime_adj(const clockid_t which_clock,
149069 /*
149070 * Get monotonic time for posix timers
149071 */
149072 -static int posix_ktime_get_ts(clockid_t which_clock, struct timespec *tp)
149073 +static int posix_ktime_get_ts(const clockid_t which_clock, struct timespec *tp)
149074 {
149075 ktime_get_ts(tp);
149076 return 0;
149077 @@ -234,20 +235,20 @@ static int posix_ktime_get_ts(clockid_t which_clock, struct timespec *tp)
149078 /*
149079 * Get monotonic-raw time for posix timers
149080 */
149081 -static int posix_get_monotonic_raw(clockid_t which_clock, struct timespec *tp)
149082 +static int posix_get_monotonic_raw(const clockid_t which_clock, struct timespec *tp)
149083 {
149084 getrawmonotonic(tp);
149085 return 0;
149086 }
149087
149088
149089 -static int posix_get_realtime_coarse(clockid_t which_clock, struct timespec *tp)
149090 +static int posix_get_realtime_coarse(const clockid_t which_clock, struct timespec *tp)
149091 {
149092 *tp = current_kernel_time();
149093 return 0;
149094 }
149095
149096 -static int posix_get_monotonic_coarse(clockid_t which_clock,
149097 +static int posix_get_monotonic_coarse(const clockid_t which_clock,
149098 struct timespec *tp)
149099 {
149100 *tp = get_monotonic_coarse();
149101 @@ -266,7 +267,7 @@ static int posix_get_boottime(const clockid_t which_clock, struct timespec *tp)
149102 return 0;
149103 }
149104
149105 -static int posix_get_tai(clockid_t which_clock, struct timespec *tp)
149106 +static int posix_get_tai(const clockid_t which_clock, struct timespec *tp)
149107 {
149108 timekeeping_clocktai(tp);
149109 return 0;
149110 @@ -284,7 +285,7 @@ static int posix_get_hrtimer_res(clockid_t which_clock, struct timespec *tp)
149111 */
149112 static __init int init_posix_timers(void)
149113 {
149114 - struct k_clock clock_realtime = {
149115 + static struct k_clock clock_realtime = {
149116 .clock_getres = posix_get_hrtimer_res,
149117 .clock_get = posix_clock_realtime_get,
149118 .clock_set = posix_clock_realtime_set,
149119 @@ -296,7 +297,7 @@ static __init int init_posix_timers(void)
149120 .timer_get = common_timer_get,
149121 .timer_del = common_timer_del,
149122 };
149123 - struct k_clock clock_monotonic = {
149124 + static struct k_clock clock_monotonic = {
149125 .clock_getres = posix_get_hrtimer_res,
149126 .clock_get = posix_ktime_get_ts,
149127 .nsleep = common_nsleep,
149128 @@ -306,19 +307,19 @@ static __init int init_posix_timers(void)
149129 .timer_get = common_timer_get,
149130 .timer_del = common_timer_del,
149131 };
149132 - struct k_clock clock_monotonic_raw = {
149133 + static struct k_clock clock_monotonic_raw = {
149134 .clock_getres = posix_get_hrtimer_res,
149135 .clock_get = posix_get_monotonic_raw,
149136 };
149137 - struct k_clock clock_realtime_coarse = {
149138 + static struct k_clock clock_realtime_coarse = {
149139 .clock_getres = posix_get_coarse_res,
149140 .clock_get = posix_get_realtime_coarse,
149141 };
149142 - struct k_clock clock_monotonic_coarse = {
149143 + static struct k_clock clock_monotonic_coarse = {
149144 .clock_getres = posix_get_coarse_res,
149145 .clock_get = posix_get_monotonic_coarse,
149146 };
149147 - struct k_clock clock_tai = {
149148 + static struct k_clock clock_tai = {
149149 .clock_getres = posix_get_hrtimer_res,
149150 .clock_get = posix_get_tai,
149151 .nsleep = common_nsleep,
149152 @@ -328,7 +329,7 @@ static __init int init_posix_timers(void)
149153 .timer_get = common_timer_get,
149154 .timer_del = common_timer_del,
149155 };
149156 - struct k_clock clock_boottime = {
149157 + static struct k_clock clock_boottime = {
149158 .clock_getres = posix_get_hrtimer_res,
149159 .clock_get = posix_get_boottime,
149160 .nsleep = common_nsleep,
149161 @@ -540,7 +541,7 @@ void posix_timers_register_clock(const clockid_t clock_id,
149162 return;
149163 }
149164
149165 - posix_clocks[clock_id] = *new_clock;
149166 + posix_clocks[clock_id] = new_clock;
149167 }
149168 EXPORT_SYMBOL_GPL(posix_timers_register_clock);
149169
149170 @@ -586,9 +587,9 @@ static struct k_clock *clockid_to_kclock(const clockid_t id)
149171 return (id & CLOCKFD_MASK) == CLOCKFD ?
149172 &clock_posix_dynamic : &clock_posix_cpu;
149173
149174 - if (id >= MAX_CLOCKS || !posix_clocks[id].clock_getres)
149175 + if (id >= MAX_CLOCKS || !posix_clocks[id] || !posix_clocks[id]->clock_getres)
149176 return NULL;
149177 - return &posix_clocks[id];
149178 + return posix_clocks[id];
149179 }
149180
149181 static int common_timer_create(struct k_itimer *new_timer)
149182 @@ -606,7 +607,7 @@ SYSCALL_DEFINE3(timer_create, const clockid_t, which_clock,
149183 struct k_clock *kc = clockid_to_kclock(which_clock);
149184 struct k_itimer *new_timer;
149185 int error, new_timer_id;
149186 - sigevent_t event;
149187 + sigevent_t event = { };
149188 int it_id_set = IT_ID_NOT_SET;
149189
149190 if (!kc)
149191 @@ -1021,6 +1022,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock,
149192 if (copy_from_user(&new_tp, tp, sizeof (*tp)))
149193 return -EFAULT;
149194
149195 + /* only the CLOCK_REALTIME clock can be set, all other clocks
149196 + have their clock_set fptr set to a nosettime dummy function
149197 + CLOCK_REALTIME has a NULL clock_set fptr which causes it to
149198 + call common_clock_set, which calls do_sys_settimeofday, which
149199 + we hook
149200 + */
149201 +
149202 return kc->clock_set(which_clock, &new_tp);
149203 }
149204
149205 diff --git a/kernel/time/time.c b/kernel/time/time.c
149206 index 667b933..1668952 100644
149207 --- a/kernel/time/time.c
149208 +++ b/kernel/time/time.c
149209 @@ -177,6 +177,11 @@ int do_sys_settimeofday64(const struct timespec64 *tv, const struct timezone *tz
149210 if (tz->tz_minuteswest > 15*60 || tz->tz_minuteswest < -15*60)
149211 return -EINVAL;
149212
149213 + /* we log in do_settimeofday called below, so don't log twice
149214 + */
149215 + if (!tv)
149216 + gr_log_timechange();
149217 +
149218 sys_tz = *tz;
149219 update_vsyscall_tz();
149220 if (firsttime) {
149221 diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
149222 index 37dec7e..6a6ac85 100644
149223 --- a/kernel/time/timekeeping.c
149224 +++ b/kernel/time/timekeeping.c
149225 @@ -15,6 +15,7 @@
149226 #include <linux/init.h>
149227 #include <linux/mm.h>
149228 #include <linux/sched.h>
149229 +#include <linux/grsecurity.h>
149230 #include <linux/syscore_ops.h>
149231 #include <linux/clocksource.h>
149232 #include <linux/jiffies.h>
149233 @@ -1172,6 +1173,8 @@ int do_settimeofday64(const struct timespec64 *ts)
149234 if (!timespec64_valid_strict(ts))
149235 return -EINVAL;
149236
149237 + gr_log_timechange();
149238 +
149239 raw_spin_lock_irqsave(&timekeeper_lock, flags);
149240 write_seqcount_begin(&tk_core.seq);
149241
149242 diff --git a/kernel/time/timer.c b/kernel/time/timer.c
149243 index 32bf6f7..a0ba7cb 100644
149244 --- a/kernel/time/timer.c
149245 +++ b/kernel/time/timer.c
149246 @@ -1633,7 +1633,7 @@ static inline void __run_timers(struct timer_base *base)
149247 /*
149248 * This function runs timers and the timer-tq in bottom half context.
149249 */
149250 -static void run_timer_softirq(struct softirq_action *h)
149251 +static __latent_entropy void run_timer_softirq(void)
149252 {
149253 struct timer_base *base = this_cpu_ptr(&timer_bases[BASE_STD]);
149254
149255 diff --git a/kernel/time/timer_list.c b/kernel/time/timer_list.c
149256 index ba7d8b2..aa301b0 100644
149257 --- a/kernel/time/timer_list.c
149258 +++ b/kernel/time/timer_list.c
149259 @@ -50,12 +50,16 @@ static void SEQ_printf(struct seq_file *m, const char *fmt, ...)
149260
149261 static void print_name_offset(struct seq_file *m, void *sym)
149262 {
149263 +#ifdef CONFIG_GRKERNSEC_HIDESYM
149264 + SEQ_printf(m, "<%p>", NULL);
149265 +#else
149266 char symname[KSYM_NAME_LEN];
149267
149268 if (lookup_symbol_name((unsigned long)sym, symname) < 0)
149269 SEQ_printf(m, "<%pK>", sym);
149270 else
149271 SEQ_printf(m, "%s", symname);
149272 +#endif
149273 }
149274
149275 static void
149276 @@ -124,11 +128,14 @@ next_one:
149277 static void
149278 print_base(struct seq_file *m, struct hrtimer_clock_base *base, u64 now)
149279 {
149280 +#ifdef CONFIG_GRKERNSEC_HIDESYM
149281 + SEQ_printf(m, " .base: %p\n", NULL);
149282 +#else
149283 SEQ_printf(m, " .base: %pK\n", base);
149284 +#endif
149285 SEQ_printf(m, " .index: %d\n", base->index);
149286
149287 SEQ_printf(m, " .resolution: %u nsecs\n", (unsigned) hrtimer_resolution);
149288 -
149289 SEQ_printf(m, " .get_time: ");
149290 print_name_offset(m, base->get_time);
149291 SEQ_printf(m, "\n");
149292 @@ -393,7 +400,11 @@ static int __init init_timer_list_procfs(void)
149293 {
149294 struct proc_dir_entry *pe;
149295
149296 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
149297 + pe = proc_create("timer_list", 0400, NULL, &timer_list_fops);
149298 +#else
149299 pe = proc_create("timer_list", 0444, NULL, &timer_list_fops);
149300 +#endif
149301 if (!pe)
149302 return -ENOMEM;
149303 return 0;
149304 diff --git a/kernel/time/timer_stats.c b/kernel/time/timer_stats.c
149305 index 087204c..671b5822 100644
149306 --- a/kernel/time/timer_stats.c
149307 +++ b/kernel/time/timer_stats.c
149308 @@ -116,7 +116,7 @@ static ktime_t time_start, time_stop;
149309 static unsigned long nr_entries;
149310 static struct entry entries[MAX_ENTRIES];
149311
149312 -static atomic_t overflow_count;
149313 +static atomic_unchecked_t overflow_count;
149314
149315 /*
149316 * The entries are in a hash-table, for fast lookup:
149317 @@ -140,7 +140,7 @@ static void reset_entries(void)
149318 nr_entries = 0;
149319 memset(entries, 0, sizeof(entries));
149320 memset(tstat_hash_table, 0, sizeof(tstat_hash_table));
149321 - atomic_set(&overflow_count, 0);
149322 + atomic_set_unchecked(&overflow_count, 0);
149323 }
149324
149325 static struct entry *alloc_entry(void)
149326 @@ -261,7 +261,7 @@ void timer_stats_update_stats(void *timer, pid_t pid, void *startf,
149327 if (likely(entry))
149328 entry->count++;
149329 else
149330 - atomic_inc(&overflow_count);
149331 + atomic_inc_unchecked(&overflow_count);
149332
149333 out_unlock:
149334 raw_spin_unlock_irqrestore(lock, flags);
149335 @@ -269,12 +269,16 @@ void timer_stats_update_stats(void *timer, pid_t pid, void *startf,
149336
149337 static void print_name_offset(struct seq_file *m, unsigned long addr)
149338 {
149339 +#ifdef CONFIG_GRKERNSEC_HIDESYM
149340 + seq_printf(m, "<%p>", NULL);
149341 +#else
149342 char symname[KSYM_NAME_LEN];
149343
149344 if (lookup_symbol_name(addr, symname) < 0)
149345 - seq_printf(m, "<%p>", (void *)addr);
149346 + seq_printf(m, "<%pK>", (void *)addr);
149347 else
149348 seq_printf(m, "%s", symname);
149349 +#endif
149350 }
149351
149352 static int tstats_show(struct seq_file *m, void *v)
149353 @@ -300,8 +304,8 @@ static int tstats_show(struct seq_file *m, void *v)
149354
149355 seq_puts(m, "Timer Stats Version: v0.3\n");
149356 seq_printf(m, "Sample period: %ld.%03ld s\n", (long)period.tv_sec, ms);
149357 - if (atomic_read(&overflow_count))
149358 - seq_printf(m, "Overflow: %d entries\n", atomic_read(&overflow_count));
149359 + if (atomic_read_unchecked(&overflow_count))
149360 + seq_printf(m, "Overflow: %d entries\n", atomic_read_unchecked(&overflow_count));
149361 seq_printf(m, "Collection: %s\n", timer_stats_active ? "active" : "inactive");
149362
149363 for (i = 0; i < nr_entries; i++) {
149364 @@ -417,7 +421,11 @@ static int __init init_tstats_procfs(void)
149365 {
149366 struct proc_dir_entry *pe;
149367
149368 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
149369 + pe = proc_create("timer_stats", 0600, NULL, &tstats_fops);
149370 +#else
149371 pe = proc_create("timer_stats", 0644, NULL, &tstats_fops);
149372 +#endif
149373 if (!pe)
149374 return -ENOMEM;
149375 return 0;
149376 diff --git a/kernel/trace/Kconfig b/kernel/trace/Kconfig
149377 index f4b86e8..18903a2 100644
149378 --- a/kernel/trace/Kconfig
149379 +++ b/kernel/trace/Kconfig
149380 @@ -107,6 +107,7 @@ config TRACING
149381 config GENERIC_TRACER
149382 bool
149383 select TRACING
149384 + depends on !GRKERNSEC_KMEM
149385
149386 #
149387 # Minimum requirements an architecture has to meet for us to
149388 @@ -120,6 +121,7 @@ config TRACING_SUPPORT
149389 # irqflags tracing for your architecture.
149390 depends on TRACE_IRQFLAGS_SUPPORT || PPC32
149391 depends on STACKTRACE_SUPPORT
149392 + depends on !GRKERNSEC_KMEM
149393 default y
149394
149395 if TRACING_SUPPORT
149396 @@ -225,6 +227,7 @@ config ENABLE_DEFAULT_TRACERS
149397 bool "Trace process context switches and events"
149398 depends on !GENERIC_TRACER
149399 select TRACING
149400 + depends on !GRKERNSEC_KMEM
149401 help
149402 This tracer hooks to various trace points in the kernel,
149403 allowing the user to pick and choose which trace point they
149404 @@ -378,6 +381,7 @@ config BLK_DEV_IO_TRACE
149405 depends on BLOCK
149406 select RELAY
149407 select DEBUG_FS
149408 + depends on !GRKERNSEC_KMEM
149409 select TRACEPOINTS
149410 select GENERIC_TRACER
149411 select STACKTRACE
149412 @@ -402,6 +406,7 @@ config KPROBE_EVENT
149413 depends on HAVE_REGS_AND_STACK_ACCESS_API
149414 bool "Enable kprobes-based dynamic events"
149415 select TRACING
149416 + depends on !GRKERNSEC_KMEM
149417 select PROBE_EVENTS
149418 default y
149419 help
149420 @@ -423,6 +428,7 @@ config UPROBE_EVENT
149421 select UPROBES
149422 select PROBE_EVENTS
149423 select TRACING
149424 + depends on !GRKERNSEC_KMEM
149425 default n
149426 help
149427 This allows the user to add tracing events on top of userspace
149428 diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c
149429 index dbafc5d..819bd5d 100644
149430 --- a/kernel/trace/blktrace.c
149431 +++ b/kernel/trace/blktrace.c
149432 @@ -334,7 +334,7 @@ static ssize_t blk_dropped_read(struct file *filp, char __user *buffer,
149433 struct blk_trace *bt = filp->private_data;
149434 char buf[16];
149435
149436 - snprintf(buf, sizeof(buf), "%u\n", atomic_read(&bt->dropped));
149437 + snprintf(buf, sizeof(buf), "%u\n", atomic_read_unchecked(&bt->dropped));
149438
149439 return simple_read_from_buffer(buffer, count, ppos, buf, strlen(buf));
149440 }
149441 @@ -386,7 +386,7 @@ static int blk_subbuf_start_callback(struct rchan_buf *buf, void *subbuf,
149442 return 1;
149443
149444 bt = buf->chan->private_data;
149445 - atomic_inc(&bt->dropped);
149446 + atomic_inc_unchecked(&bt->dropped);
149447 return 0;
149448 }
149449
149450 @@ -485,7 +485,7 @@ int do_blk_trace_setup(struct request_queue *q, char *name, dev_t dev,
149451
149452 bt->dir = dir;
149453 bt->dev = dev;
149454 - atomic_set(&bt->dropped, 0);
149455 + atomic_set_unchecked(&bt->dropped, 0);
149456 INIT_LIST_HEAD(&bt->running_list);
149457
149458 ret = -EIO;
149459 diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
149460 index 84752c8..64513c9 100644
149461 --- a/kernel/trace/ftrace.c
149462 +++ b/kernel/trace/ftrace.c
149463 @@ -120,8 +120,9 @@ static void ftrace_ops_list_func(unsigned long ip, unsigned long parent_ip,
149464 struct ftrace_ops *op, struct pt_regs *regs);
149465 #else
149466 /* See comment below, where ftrace_ops_list_func is defined */
149467 -static void ftrace_ops_no_ops(unsigned long ip, unsigned long parent_ip);
149468 -#define ftrace_ops_list_func ((ftrace_func_t)ftrace_ops_no_ops)
149469 +static void ftrace_ops_no_ops(unsigned long ip, unsigned long parent_ip,
149470 + struct ftrace_ops *op, struct pt_regs *regs);
149471 +#define ftrace_ops_list_func (ftrace_ops_no_ops)
149472 #endif
149473
149474 /*
149475 @@ -2480,13 +2481,18 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
149476 if (unlikely(ftrace_disabled))
149477 return 0;
149478
149479 + ret = ftrace_arch_code_modify_prepare();
149480 + FTRACE_WARN_ON(ret);
149481 + if (ret)
149482 + return 0;
149483 +
149484 ret = ftrace_make_nop(mod, rec, MCOUNT_ADDR);
149485 + FTRACE_WARN_ON(ftrace_arch_code_modify_post_process());
149486 if (ret) {
149487 ftrace_bug_type = FTRACE_BUG_INIT;
149488 ftrace_bug(ret, rec);
149489 - return 0;
149490 }
149491 - return 1;
149492 + return ret ? 0 : 1;
149493 }
149494
149495 /*
149496 @@ -4850,8 +4856,10 @@ static int ftrace_process_locs(struct module *mod,
149497 if (!count)
149498 return 0;
149499
149500 + pax_open_kernel();
149501 sort(start, count, sizeof(*start),
149502 ftrace_cmp_ips, NULL);
149503 + pax_close_kernel();
149504
149505 start_pg = ftrace_allocate_pages(count);
149506 if (!start_pg)
149507 @@ -5267,7 +5275,8 @@ static void ftrace_ops_list_func(unsigned long ip, unsigned long parent_ip,
149508 __ftrace_ops_list_func(ip, parent_ip, NULL, regs);
149509 }
149510 #else
149511 -static void ftrace_ops_no_ops(unsigned long ip, unsigned long parent_ip)
149512 +static void ftrace_ops_no_ops(unsigned long ip, unsigned long parent_ip,
149513 + struct ftrace_ops *op, struct pt_regs *regs)
149514 {
149515 __ftrace_ops_list_func(ip, parent_ip, NULL, NULL);
149516 }
149517 @@ -5690,8 +5699,12 @@ int ftrace_graph_entry_stub(struct ftrace_graph_ent *trace)
149518 }
149519
149520 /* The callbacks that hook a function */
149521 -trace_func_graph_ret_t ftrace_graph_return =
149522 - (trace_func_graph_ret_t)ftrace_stub;
149523 +static void ftrace_graph_return_stub(struct ftrace_graph_ret *trace)
149524 +{
149525 + ftrace_stub(0, 0, NULL, NULL);
149526 +}
149527 +
149528 +trace_func_graph_ret_t ftrace_graph_return = ftrace_graph_return_stub;
149529 trace_func_graph_ent_t ftrace_graph_entry = ftrace_graph_entry_stub;
149530 static trace_func_graph_ent_t __ftrace_graph_entry = ftrace_graph_entry_stub;
149531
149532 @@ -5724,7 +5737,7 @@ static int alloc_retstack_tasklist(struct ftrace_ret_stack **ret_stack_list)
149533
149534 if (t->ret_stack == NULL) {
149535 atomic_set(&t->tracing_graph_pause, 0);
149536 - atomic_set(&t->trace_overrun, 0);
149537 + atomic_set_unchecked(&t->trace_overrun, 0);
149538 t->curr_ret_stack = -1;
149539 /* Make sure the tasks see the -1 first: */
149540 smp_wmb();
149541 @@ -5919,7 +5932,7 @@ void unregister_ftrace_graph(void)
149542 goto out;
149543
149544 ftrace_graph_active--;
149545 - ftrace_graph_return = (trace_func_graph_ret_t)ftrace_stub;
149546 + ftrace_graph_return = ftrace_graph_return_stub;
149547 ftrace_graph_entry = ftrace_graph_entry_stub;
149548 __ftrace_graph_entry = ftrace_graph_entry_stub;
149549 ftrace_shutdown(&graph_ops, FTRACE_STOP_FUNC_RET);
149550 @@ -5947,7 +5960,7 @@ static void
149551 graph_init_task(struct task_struct *t, struct ftrace_ret_stack *ret_stack)
149552 {
149553 atomic_set(&t->tracing_graph_pause, 0);
149554 - atomic_set(&t->trace_overrun, 0);
149555 + atomic_set_unchecked(&t->trace_overrun, 0);
149556 t->ftrace_timestamp = 0;
149557 /* make curr_ret_stack visible before we add the ret_stack */
149558 smp_wmb();
149559 diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
149560 index 9c14373..5ddd763 100644
149561 --- a/kernel/trace/ring_buffer.c
149562 +++ b/kernel/trace/ring_buffer.c
149563 @@ -296,9 +296,9 @@ struct buffer_data_page {
149564 */
149565 struct buffer_page {
149566 struct list_head list; /* list of buffer pages */
149567 - local_t write; /* index for next write */
149568 + local_unchecked_t write; /* index for next write */
149569 unsigned read; /* index for next read */
149570 - local_t entries; /* entries on this page */
149571 + local_unchecked_t entries; /* entries on this page */
149572 unsigned long real_end; /* real end of data */
149573 struct buffer_data_page *page; /* Actual data page */
149574 };
149575 @@ -448,11 +448,11 @@ struct ring_buffer_per_cpu {
149576 unsigned long last_overrun;
149577 local_t entries_bytes;
149578 local_t entries;
149579 - local_t overrun;
149580 - local_t commit_overrun;
149581 - local_t dropped_events;
149582 + local_unchecked_t overrun;
149583 + local_unchecked_t commit_overrun;
149584 + local_unchecked_t dropped_events;
149585 local_t committing;
149586 - local_t commits;
149587 + local_unchecked_t commits;
149588 unsigned long read;
149589 unsigned long read_bytes;
149590 u64 write_stamp;
149591 @@ -1018,8 +1018,8 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
149592 *
149593 * We add a counter to the write field to denote this.
149594 */
149595 - old_write = local_add_return(RB_WRITE_INTCNT, &next_page->write);
149596 - old_entries = local_add_return(RB_WRITE_INTCNT, &next_page->entries);
149597 + old_write = local_add_return_unchecked(RB_WRITE_INTCNT, &next_page->write);
149598 + old_entries = local_add_return_unchecked(RB_WRITE_INTCNT, &next_page->entries);
149599
149600 /*
149601 * Just make sure we have seen our old_write and synchronize
149602 @@ -1047,8 +1047,8 @@ static void rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
149603 * cmpxchg to only update if an interrupt did not already
149604 * do it for us. If the cmpxchg fails, we don't care.
149605 */
149606 - (void)local_cmpxchg(&next_page->write, old_write, val);
149607 - (void)local_cmpxchg(&next_page->entries, old_entries, eval);
149608 + (void)local_cmpxchg_unchecked(&next_page->write, old_write, val);
149609 + (void)local_cmpxchg_unchecked(&next_page->entries, old_entries, eval);
149610
149611 /*
149612 * No need to worry about races with clearing out the commit.
149613 @@ -1412,12 +1412,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
149614
149615 static inline unsigned long rb_page_entries(struct buffer_page *bpage)
149616 {
149617 - return local_read(&bpage->entries) & RB_WRITE_MASK;
149618 + return local_read_unchecked(&bpage->entries) & RB_WRITE_MASK;
149619 }
149620
149621 static inline unsigned long rb_page_write(struct buffer_page *bpage)
149622 {
149623 - return local_read(&bpage->write) & RB_WRITE_MASK;
149624 + return local_read_unchecked(&bpage->write) & RB_WRITE_MASK;
149625 }
149626
149627 static int
149628 @@ -1512,7 +1512,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned long nr_pages)
149629 * bytes consumed in ring buffer from here.
149630 * Increment overrun to account for the lost events.
149631 */
149632 - local_add(page_entries, &cpu_buffer->overrun);
149633 + local_add_unchecked(page_entries, &cpu_buffer->overrun);
149634 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
149635 }
149636
149637 @@ -1942,7 +1942,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
149638 * it is our responsibility to update
149639 * the counters.
149640 */
149641 - local_add(entries, &cpu_buffer->overrun);
149642 + local_add_unchecked(entries, &cpu_buffer->overrun);
149643 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
149644
149645 /*
149646 @@ -2079,7 +2079,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
149647 if (tail == BUF_PAGE_SIZE)
149648 tail_page->real_end = 0;
149649
149650 - local_sub(length, &tail_page->write);
149651 + local_sub_unchecked(length, &tail_page->write);
149652 return;
149653 }
149654
149655 @@ -2114,7 +2114,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
149656 rb_event_set_padding(event);
149657
149658 /* Set the write back to the previous setting */
149659 - local_sub(length, &tail_page->write);
149660 + local_sub_unchecked(length, &tail_page->write);
149661 return;
149662 }
149663
149664 @@ -2126,7 +2126,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
149665
149666 /* Set write to end of buffer */
149667 length = (tail + length) - BUF_PAGE_SIZE;
149668 - local_sub(length, &tail_page->write);
149669 + local_sub_unchecked(length, &tail_page->write);
149670 }
149671
149672 static inline void rb_end_commit(struct ring_buffer_per_cpu *cpu_buffer);
149673 @@ -2154,7 +2154,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
149674 * about it.
149675 */
149676 if (unlikely(next_page == commit_page)) {
149677 - local_inc(&cpu_buffer->commit_overrun);
149678 + local_inc_unchecked(&cpu_buffer->commit_overrun);
149679 goto out_reset;
149680 }
149681
149682 @@ -2184,7 +2184,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
149683 * this is easy, just stop here.
149684 */
149685 if (!(buffer->flags & RB_FL_OVERWRITE)) {
149686 - local_inc(&cpu_buffer->dropped_events);
149687 + local_inc_unchecked(&cpu_buffer->dropped_events);
149688 goto out_reset;
149689 }
149690
149691 @@ -2210,7 +2210,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
149692 cpu_buffer->tail_page) &&
149693 (cpu_buffer->commit_page ==
149694 cpu_buffer->reader_page))) {
149695 - local_inc(&cpu_buffer->commit_overrun);
149696 + local_inc_unchecked(&cpu_buffer->commit_overrun);
149697 goto out_reset;
149698 }
149699 }
149700 @@ -2358,7 +2358,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
149701
149702 if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) {
149703 unsigned long write_mask =
149704 - local_read(&bpage->write) & ~RB_WRITE_MASK;
149705 + local_read_unchecked(&bpage->write) & ~RB_WRITE_MASK;
149706 unsigned long event_length = rb_event_length(event);
149707 /*
149708 * This is on the tail page. It is possible that
149709 @@ -2368,7 +2368,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
149710 */
149711 old_index += write_mask;
149712 new_index += write_mask;
149713 - index = local_cmpxchg(&bpage->write, old_index, new_index);
149714 + index = local_cmpxchg_unchecked(&bpage->write, old_index, new_index);
149715 if (index == old_index) {
149716 /* update counters */
149717 local_sub(event_length, &cpu_buffer->entries_bytes);
149718 @@ -2383,7 +2383,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
149719 static void rb_start_commit(struct ring_buffer_per_cpu *cpu_buffer)
149720 {
149721 local_inc(&cpu_buffer->committing);
149722 - local_inc(&cpu_buffer->commits);
149723 + local_inc_unchecked(&cpu_buffer->commits);
149724 }
149725
149726 static void
149727 @@ -2450,7 +2450,7 @@ static inline void rb_end_commit(struct ring_buffer_per_cpu *cpu_buffer)
149728 return;
149729
149730 again:
149731 - commits = local_read(&cpu_buffer->commits);
149732 + commits = local_read_unchecked(&cpu_buffer->commits);
149733 /* synchronize with interrupts */
149734 barrier();
149735 if (local_read(&cpu_buffer->committing) == 1)
149736 @@ -2466,7 +2466,7 @@ static inline void rb_end_commit(struct ring_buffer_per_cpu *cpu_buffer)
149737 * updating of the commit page and the clearing of the
149738 * committing counter.
149739 */
149740 - if (unlikely(local_read(&cpu_buffer->commits) != commits) &&
149741 + if (unlikely(local_read_unchecked(&cpu_buffer->commits) != commits) &&
149742 !local_read(&cpu_buffer->committing)) {
149743 local_inc(&cpu_buffer->committing);
149744 goto again;
149745 @@ -2695,7 +2695,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
149746
149747 /* Don't let the compiler play games with cpu_buffer->tail_page */
149748 tail_page = info->tail_page = READ_ONCE(cpu_buffer->tail_page);
149749 - write = local_add_return(info->length, &tail_page->write);
149750 + write = local_add_return_unchecked(info->length, &tail_page->write);
149751
149752 /* set write to only the index of the write */
149753 write &= RB_WRITE_MASK;
149754 @@ -2718,7 +2718,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
149755 kmemcheck_annotate_bitfield(event, bitfield);
149756 rb_update_event(cpu_buffer, event, info);
149757
149758 - local_inc(&tail_page->entries);
149759 + local_inc_unchecked(&tail_page->entries);
149760
149761 /*
149762 * If this is the first commit on the page, then update
149763 @@ -2755,7 +2755,7 @@ rb_reserve_next_event(struct ring_buffer *buffer,
149764 barrier();
149765 if (unlikely(ACCESS_ONCE(cpu_buffer->buffer) != buffer)) {
149766 local_dec(&cpu_buffer->committing);
149767 - local_dec(&cpu_buffer->commits);
149768 + local_dec_unchecked(&cpu_buffer->commits);
149769 return NULL;
149770 }
149771 #endif
149772 @@ -2884,7 +2884,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
149773
149774 /* Do the likely case first */
149775 if (likely(bpage->page == (void *)addr)) {
149776 - local_dec(&bpage->entries);
149777 + local_dec_unchecked(&bpage->entries);
149778 return;
149779 }
149780
149781 @@ -2896,7 +2896,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
149782 start = bpage;
149783 do {
149784 if (bpage->page == (void *)addr) {
149785 - local_dec(&bpage->entries);
149786 + local_dec_unchecked(&bpage->entries);
149787 return;
149788 }
149789 rb_inc_page(cpu_buffer, &bpage);
149790 @@ -3184,7 +3184,7 @@ static inline unsigned long
149791 rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer)
149792 {
149793 return local_read(&cpu_buffer->entries) -
149794 - (local_read(&cpu_buffer->overrun) + cpu_buffer->read);
149795 + (local_read_unchecked(&cpu_buffer->overrun) + cpu_buffer->read);
149796 }
149797
149798 /**
149799 @@ -3273,7 +3273,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
149800 return 0;
149801
149802 cpu_buffer = buffer->buffers[cpu];
149803 - ret = local_read(&cpu_buffer->overrun);
149804 + ret = local_read_unchecked(&cpu_buffer->overrun);
149805
149806 return ret;
149807 }
149808 @@ -3296,7 +3296,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
149809 return 0;
149810
149811 cpu_buffer = buffer->buffers[cpu];
149812 - ret = local_read(&cpu_buffer->commit_overrun);
149813 + ret = local_read_unchecked(&cpu_buffer->commit_overrun);
149814
149815 return ret;
149816 }
149817 @@ -3318,7 +3318,7 @@ ring_buffer_dropped_events_cpu(struct ring_buffer *buffer, int cpu)
149818 return 0;
149819
149820 cpu_buffer = buffer->buffers[cpu];
149821 - ret = local_read(&cpu_buffer->dropped_events);
149822 + ret = local_read_unchecked(&cpu_buffer->dropped_events);
149823
149824 return ret;
149825 }
149826 @@ -3381,7 +3381,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
149827 /* if you care about this being correct, lock the buffer */
149828 for_each_buffer_cpu(buffer, cpu) {
149829 cpu_buffer = buffer->buffers[cpu];
149830 - overruns += local_read(&cpu_buffer->overrun);
149831 + overruns += local_read_unchecked(&cpu_buffer->overrun);
149832 }
149833
149834 return overruns;
149835 @@ -3552,8 +3552,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
149836 /*
149837 * Reset the reader page to size zero.
149838 */
149839 - local_set(&cpu_buffer->reader_page->write, 0);
149840 - local_set(&cpu_buffer->reader_page->entries, 0);
149841 + local_set_unchecked(&cpu_buffer->reader_page->write, 0);
149842 + local_set_unchecked(&cpu_buffer->reader_page->entries, 0);
149843 local_set(&cpu_buffer->reader_page->page->commit, 0);
149844 cpu_buffer->reader_page->real_end = 0;
149845
149846 @@ -3587,7 +3587,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
149847 * want to compare with the last_overrun.
149848 */
149849 smp_mb();
149850 - overwrite = local_read(&(cpu_buffer->overrun));
149851 + overwrite = local_read_unchecked(&(cpu_buffer->overrun));
149852
149853 /*
149854 * Here's the tricky part.
149855 @@ -4173,8 +4173,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
149856
149857 cpu_buffer->head_page
149858 = list_entry(cpu_buffer->pages, struct buffer_page, list);
149859 - local_set(&cpu_buffer->head_page->write, 0);
149860 - local_set(&cpu_buffer->head_page->entries, 0);
149861 + local_set_unchecked(&cpu_buffer->head_page->write, 0);
149862 + local_set_unchecked(&cpu_buffer->head_page->entries, 0);
149863 local_set(&cpu_buffer->head_page->page->commit, 0);
149864
149865 cpu_buffer->head_page->read = 0;
149866 @@ -4184,18 +4184,18 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
149867
149868 INIT_LIST_HEAD(&cpu_buffer->reader_page->list);
149869 INIT_LIST_HEAD(&cpu_buffer->new_pages);
149870 - local_set(&cpu_buffer->reader_page->write, 0);
149871 - local_set(&cpu_buffer->reader_page->entries, 0);
149872 + local_set_unchecked(&cpu_buffer->reader_page->write, 0);
149873 + local_set_unchecked(&cpu_buffer->reader_page->entries, 0);
149874 local_set(&cpu_buffer->reader_page->page->commit, 0);
149875 cpu_buffer->reader_page->read = 0;
149876
149877 local_set(&cpu_buffer->entries_bytes, 0);
149878 - local_set(&cpu_buffer->overrun, 0);
149879 - local_set(&cpu_buffer->commit_overrun, 0);
149880 - local_set(&cpu_buffer->dropped_events, 0);
149881 + local_set_unchecked(&cpu_buffer->overrun, 0);
149882 + local_set_unchecked(&cpu_buffer->commit_overrun, 0);
149883 + local_set_unchecked(&cpu_buffer->dropped_events, 0);
149884 local_set(&cpu_buffer->entries, 0);
149885 local_set(&cpu_buffer->committing, 0);
149886 - local_set(&cpu_buffer->commits, 0);
149887 + local_set_unchecked(&cpu_buffer->commits, 0);
149888 cpu_buffer->read = 0;
149889 cpu_buffer->read_bytes = 0;
149890
149891 @@ -4585,8 +4585,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
149892 rb_init_page(bpage);
149893 bpage = reader->page;
149894 reader->page = *data_page;
149895 - local_set(&reader->write, 0);
149896 - local_set(&reader->entries, 0);
149897 + local_set_unchecked(&reader->write, 0);
149898 + local_set_unchecked(&reader->entries, 0);
149899 reader->read = 0;
149900 *data_page = bpage;
149901
149902 diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
149903 index 7bc5676..90db3d8 100644
149904 --- a/kernel/trace/trace.c
149905 +++ b/kernel/trace/trace.c
149906 @@ -3883,7 +3883,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
149907 return 0;
149908 }
149909
149910 -int set_tracer_flag(struct trace_array *tr, unsigned int mask, int enabled)
149911 +int set_tracer_flag(struct trace_array *tr, unsigned long mask, int enabled)
149912 {
149913 /* do nothing if flag is already set */
149914 if (!!(tr->trace_flags & mask) == !!enabled)
149915 diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
149916 index f783df4..6d1062f 100644
149917 --- a/kernel/trace/trace.h
149918 +++ b/kernel/trace/trace.h
149919 @@ -1610,7 +1610,7 @@ void trace_printk_control(bool enabled);
149920 void trace_printk_init_buffers(void);
149921 void trace_printk_start_comm(void);
149922 int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set);
149923 -int set_tracer_flag(struct trace_array *tr, unsigned int mask, int enabled);
149924 +int set_tracer_flag(struct trace_array *tr, unsigned long mask, int enabled);
149925
149926 /*
149927 * Normal trace_printk() and friends allocates special buffers
149928 diff --git a/kernel/trace/trace_clock.c b/kernel/trace/trace_clock.c
149929 index 0f06532..247c8e7 100644
149930 --- a/kernel/trace/trace_clock.c
149931 +++ b/kernel/trace/trace_clock.c
149932 @@ -127,7 +127,7 @@ u64 notrace trace_clock_global(void)
149933 }
149934 EXPORT_SYMBOL_GPL(trace_clock_global);
149935
149936 -static atomic64_t trace_counter;
149937 +static atomic64_unchecked_t trace_counter;
149938
149939 /*
149940 * trace_clock_counter(): simply an atomic counter.
149941 @@ -136,5 +136,5 @@ static atomic64_t trace_counter;
149942 */
149943 u64 notrace trace_clock_counter(void)
149944 {
149945 - return atomic64_add_return(1, &trace_counter);
149946 + return atomic64_inc_return_unchecked(&trace_counter);
149947 }
149948 diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
149949 index 03c0a48..154163e 100644
149950 --- a/kernel/trace/trace_events.c
149951 +++ b/kernel/trace/trace_events.c
149952 @@ -2274,7 +2274,6 @@ __trace_early_add_new_event(struct trace_event_call *call,
149953 return 0;
149954 }
149955
149956 -struct ftrace_module_file_ops;
149957 static void __add_event_to_tracers(struct trace_event_call *call);
149958
149959 /* Add an additional event_call dynamically */
149960 diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c
149961 index f3a960e..f4ce9f9 100644
149962 --- a/kernel/trace/trace_events_hist.c
149963 +++ b/kernel/trace/trace_events_hist.c
149964 @@ -1078,8 +1078,8 @@ static void hist_trigger_show(struct seq_file *m,
149965 }
149966
149967 seq_printf(m, "\nTotals:\n Hits: %llu\n Entries: %u\n Dropped: %llu\n",
149968 - (u64)atomic64_read(&hist_data->map->hits),
149969 - n_entries, (u64)atomic64_read(&hist_data->map->drops));
149970 + (u64)atomic64_read_unchecked(&hist_data->map->hits),
149971 + n_entries, (u64)atomic64_read_unchecked(&hist_data->map->drops));
149972 }
149973
149974 static int hist_show(struct seq_file *m, void *v)
149975 diff --git a/kernel/trace/trace_functions_graph.c b/kernel/trace/trace_functions_graph.c
149976 index 7363ccf..807cbf1 100644
149977 --- a/kernel/trace/trace_functions_graph.c
149978 +++ b/kernel/trace/trace_functions_graph.c
149979 @@ -138,7 +138,7 @@ ftrace_push_return_trace(unsigned long ret, unsigned long func, int *depth,
149980
149981 /* The return trace stack is full */
149982 if (current->curr_ret_stack == FTRACE_RETFUNC_DEPTH - 1) {
149983 - atomic_inc(&current->trace_overrun);
149984 + atomic_inc_unchecked(&current->trace_overrun);
149985 return -EBUSY;
149986 }
149987
149988 @@ -235,7 +235,7 @@ ftrace_pop_return_trace(struct ftrace_graph_ret *trace, unsigned long *ret,
149989 *ret = current->ret_stack[index].ret;
149990 trace->func = current->ret_stack[index].func;
149991 trace->calltime = current->ret_stack[index].calltime;
149992 - trace->overrun = atomic_read(&current->trace_overrun);
149993 + trace->overrun = atomic_read_unchecked(&current->trace_overrun);
149994 trace->depth = index;
149995 }
149996
149997 diff --git a/kernel/trace/trace_mmiotrace.c b/kernel/trace/trace_mmiotrace.c
149998 index cd7480d..f97e6e4 100644
149999 --- a/kernel/trace/trace_mmiotrace.c
150000 +++ b/kernel/trace/trace_mmiotrace.c
150001 @@ -24,7 +24,7 @@ struct header_iter {
150002 static struct trace_array *mmio_trace_array;
150003 static bool overrun_detected;
150004 static unsigned long prev_overruns;
150005 -static atomic_t dropped_count;
150006 +static atomic_unchecked_t dropped_count;
150007
150008 static void mmio_reset_data(struct trace_array *tr)
150009 {
150010 @@ -120,7 +120,7 @@ static void mmio_close(struct trace_iterator *iter)
150011
150012 static unsigned long count_overruns(struct trace_iterator *iter)
150013 {
150014 - unsigned long cnt = atomic_xchg(&dropped_count, 0);
150015 + unsigned long cnt = atomic_xchg_unchecked(&dropped_count, 0);
150016 unsigned long over = ring_buffer_overruns(iter->trace_buffer->buffer);
150017
150018 if (over > prev_overruns)
150019 @@ -303,7 +303,7 @@ static void __trace_mmiotrace_rw(struct trace_array *tr,
150020 event = trace_buffer_lock_reserve(buffer, TRACE_MMIO_RW,
150021 sizeof(*entry), 0, pc);
150022 if (!event) {
150023 - atomic_inc(&dropped_count);
150024 + atomic_inc_unchecked(&dropped_count);
150025 return;
150026 }
150027 entry = ring_buffer_event_data(event);
150028 @@ -333,7 +333,7 @@ static void __trace_mmiotrace_map(struct trace_array *tr,
150029 event = trace_buffer_lock_reserve(buffer, TRACE_MMIO_MAP,
150030 sizeof(*entry), 0, pc);
150031 if (!event) {
150032 - atomic_inc(&dropped_count);
150033 + atomic_inc_unchecked(&dropped_count);
150034 return;
150035 }
150036 entry = ring_buffer_event_data(event);
150037 diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c
150038 index 0bb9cf2..f319026 100644
150039 --- a/kernel/trace/trace_output.c
150040 +++ b/kernel/trace/trace_output.c
150041 @@ -717,14 +717,16 @@ int register_trace_event(struct trace_event *event)
150042 goto out;
150043 }
150044
150045 + pax_open_kernel();
150046 if (event->funcs->trace == NULL)
150047 - event->funcs->trace = trace_nop_print;
150048 + const_cast(event->funcs->trace) = trace_nop_print;
150049 if (event->funcs->raw == NULL)
150050 - event->funcs->raw = trace_nop_print;
150051 + const_cast(event->funcs->raw) = trace_nop_print;
150052 if (event->funcs->hex == NULL)
150053 - event->funcs->hex = trace_nop_print;
150054 + const_cast(event->funcs->hex) = trace_nop_print;
150055 if (event->funcs->binary == NULL)
150056 - event->funcs->binary = trace_nop_print;
150057 + const_cast(event->funcs->binary) = trace_nop_print;
150058 + pax_close_kernel();
150059
150060 key = event->type & (EVENT_HASHSIZE - 1);
150061
150062 diff --git a/kernel/trace/trace_seq.c b/kernel/trace/trace_seq.c
150063 index e694c9f..6775a38 100644
150064 --- a/kernel/trace/trace_seq.c
150065 +++ b/kernel/trace/trace_seq.c
150066 @@ -337,7 +337,7 @@ int trace_seq_path(struct trace_seq *s, const struct path *path)
150067 return 0;
150068 }
150069
150070 - seq_buf_path(&s->seq, path, "\n");
150071 + seq_buf_path(&s->seq, path, "\n\\");
150072
150073 if (unlikely(seq_buf_has_overflowed(&s->seq))) {
150074 s->seq.len = save_len;
150075 diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c
150076 index 2a1abba..2a81a78 100644
150077 --- a/kernel/trace/trace_stack.c
150078 +++ b/kernel/trace/trace_stack.c
150079 @@ -88,7 +88,7 @@ check_stack(unsigned long ip, unsigned long *stack)
150080 return;
150081
150082 /* we do not handle interrupt stacks yet */
150083 - if (!object_is_on_stack(stack))
150084 + if (!object_starts_on_stack(stack))
150085 return;
150086
150087 /* Can't do this from NMI context (can cause deadlocks) */
150088 diff --git a/kernel/trace/trace_syscalls.c b/kernel/trace/trace_syscalls.c
150089 index b2b6efc..52e0a3d 100644
150090 --- a/kernel/trace/trace_syscalls.c
150091 +++ b/kernel/trace/trace_syscalls.c
150092 @@ -605,6 +605,8 @@ static int perf_sysenter_enable(struct trace_event_call *call)
150093 int num;
150094
150095 num = ((struct syscall_metadata *)call->data)->syscall_nr;
150096 + if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
150097 + return -EINVAL;
150098
150099 mutex_lock(&syscall_trace_lock);
150100 if (!sys_perf_refcount_enter)
150101 @@ -625,6 +627,8 @@ static void perf_sysenter_disable(struct trace_event_call *call)
150102 int num;
150103
150104 num = ((struct syscall_metadata *)call->data)->syscall_nr;
150105 + if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
150106 + return;
150107
150108 mutex_lock(&syscall_trace_lock);
150109 sys_perf_refcount_enter--;
150110 @@ -677,6 +681,8 @@ static int perf_sysexit_enable(struct trace_event_call *call)
150111 int num;
150112
150113 num = ((struct syscall_metadata *)call->data)->syscall_nr;
150114 + if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
150115 + return -EINVAL;
150116
150117 mutex_lock(&syscall_trace_lock);
150118 if (!sys_perf_refcount_exit)
150119 @@ -697,6 +703,8 @@ static void perf_sysexit_disable(struct trace_event_call *call)
150120 int num;
150121
150122 num = ((struct syscall_metadata *)call->data)->syscall_nr;
150123 + if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
150124 + return;
150125
150126 mutex_lock(&syscall_trace_lock);
150127 sys_perf_refcount_exit--;
150128 diff --git a/kernel/trace/tracing_map.c b/kernel/trace/tracing_map.c
150129 index 0a689bb..e96cd14 100644
150130 --- a/kernel/trace/tracing_map.c
150131 +++ b/kernel/trace/tracing_map.c
150132 @@ -349,7 +349,7 @@ static struct tracing_map_elt *get_free_elt(struct tracing_map *map)
150133 struct tracing_map_elt *elt = NULL;
150134 int idx;
150135
150136 - idx = atomic_inc_return(&map->next_elt);
150137 + idx = atomic_inc_return_unchecked(&map->next_elt);
150138 if (idx < map->max_elts) {
150139 elt = *(TRACING_MAP_ELT(map->elts, idx));
150140 if (map->ops && map->ops->elt_init)
150141 @@ -425,7 +425,7 @@ __tracing_map_insert(struct tracing_map *map, void *key, bool lookup_only)
150142
150143 if (test_key && test_key == key_hash && entry->val &&
150144 keys_match(key, entry->val->key, map->key_size)) {
150145 - atomic64_inc(&map->hits);
150146 + atomic64_inc_unchecked(&map->hits);
150147 return entry->val;
150148 }
150149
150150 @@ -438,14 +438,14 @@ __tracing_map_insert(struct tracing_map *map, void *key, bool lookup_only)
150151
150152 elt = get_free_elt(map);
150153 if (!elt) {
150154 - atomic64_inc(&map->drops);
150155 + atomic64_inc_unchecked(&map->drops);
150156 entry->key = 0;
150157 break;
150158 }
150159
150160 memcpy(elt->key, key, map->key_size);
150161 entry->val = elt;
150162 - atomic64_inc(&map->hits);
150163 + atomic64_inc_unchecked(&map->hits);
150164
150165 return entry->val;
150166 }
150167 @@ -557,9 +557,9 @@ void tracing_map_clear(struct tracing_map *map)
150168 {
150169 unsigned int i;
150170
150171 - atomic_set(&map->next_elt, -1);
150172 - atomic64_set(&map->hits, 0);
150173 - atomic64_set(&map->drops, 0);
150174 + atomic_set_unchecked(&map->next_elt, -1);
150175 + atomic64_set_unchecked(&map->hits, 0);
150176 + atomic64_set_unchecked(&map->drops, 0);
150177
150178 tracing_map_array_clear(map->map);
150179
150180 @@ -641,7 +641,7 @@ struct tracing_map *tracing_map_create(unsigned int map_bits,
150181
150182 map->map_bits = map_bits;
150183 map->max_elts = (1 << map_bits);
150184 - atomic_set(&map->next_elt, -1);
150185 + atomic_set_unchecked(&map->next_elt, -1);
150186
150187 map->map_size = (1 << (map_bits + 1));
150188 map->ops = ops;
150189 @@ -700,9 +700,10 @@ int tracing_map_init(struct tracing_map *map)
150190 return err;
150191 }
150192
150193 -static int cmp_entries_dup(const struct tracing_map_sort_entry **a,
150194 - const struct tracing_map_sort_entry **b)
150195 +static int cmp_entries_dup(const void *_a, const void *_b)
150196 {
150197 + const struct tracing_map_sort_entry **a = (const struct tracing_map_sort_entry **)_a;
150198 + const struct tracing_map_sort_entry **b = (const struct tracing_map_sort_entry **)_b;
150199 int ret = 0;
150200
150201 if (memcmp((*a)->key, (*b)->key, (*a)->elt->map->key_size))
150202 @@ -711,9 +712,10 @@ static int cmp_entries_dup(const struct tracing_map_sort_entry **a,
150203 return ret;
150204 }
150205
150206 -static int cmp_entries_sum(const struct tracing_map_sort_entry **a,
150207 - const struct tracing_map_sort_entry **b)
150208 +static int cmp_entries_sum(const void *_a, const void *_b)
150209 {
150210 + const struct tracing_map_sort_entry **a = (const struct tracing_map_sort_entry **)_a;
150211 + const struct tracing_map_sort_entry **b = (const struct tracing_map_sort_entry **)_b;
150212 const struct tracing_map_elt *elt_a, *elt_b;
150213 struct tracing_map_sort_key *sort_key;
150214 struct tracing_map_field *field;
150215 @@ -739,9 +741,10 @@ static int cmp_entries_sum(const struct tracing_map_sort_entry **a,
150216 return ret;
150217 }
150218
150219 -static int cmp_entries_key(const struct tracing_map_sort_entry **a,
150220 - const struct tracing_map_sort_entry **b)
150221 +static int cmp_entries_key(const void *_a, const void *_b)
150222 {
150223 + const struct tracing_map_sort_entry **a = (const struct tracing_map_sort_entry **)_a;
150224 + const struct tracing_map_sort_entry **b = (const struct tracing_map_sort_entry **)_b;
150225 const struct tracing_map_elt *elt_a, *elt_b;
150226 struct tracing_map_sort_key *sort_key;
150227 struct tracing_map_field *field;
150228 @@ -874,8 +877,7 @@ static int merge_dups(struct tracing_map_sort_entry **sort_entries,
150229 if (n_entries < 2)
150230 return total_dups;
150231
150232 - sort(sort_entries, n_entries, sizeof(struct tracing_map_sort_entry *),
150233 - (int (*)(const void *, const void *))cmp_entries_dup, NULL);
150234 + sort(sort_entries, n_entries, sizeof(struct tracing_map_sort_entry *), cmp_entries_dup, NULL);
150235
150236 key = sort_entries[0]->key;
150237 for (i = 1; i < n_entries; i++) {
150238 @@ -923,10 +925,8 @@ static void sort_secondary(struct tracing_map *map,
150239 struct tracing_map_sort_key *primary_key,
150240 struct tracing_map_sort_key *secondary_key)
150241 {
150242 - int (*primary_fn)(const struct tracing_map_sort_entry **,
150243 - const struct tracing_map_sort_entry **);
150244 - int (*secondary_fn)(const struct tracing_map_sort_entry **,
150245 - const struct tracing_map_sort_entry **);
150246 + int (*primary_fn)(const void*, const void*);
150247 + int (*secondary_fn)(const void*, const void*);
150248 unsigned i, start = 0, n_sub = 1;
150249
150250 if (is_key(map, primary_key->field_idx))
150251 @@ -958,7 +958,7 @@ static void sort_secondary(struct tracing_map *map,
150252 set_sort_key(map, secondary_key);
150253 sort(&entries[start], n_sub,
150254 sizeof(struct tracing_map_sort_entry *),
150255 - (int (*)(const void *, const void *))secondary_fn, NULL);
150256 + secondary_fn, NULL);
150257 set_sort_key(map, primary_key);
150258
150259 start = i + 1;
150260 @@ -995,8 +995,7 @@ int tracing_map_sort_entries(struct tracing_map *map,
150261 unsigned int n_sort_keys,
150262 struct tracing_map_sort_entry ***sort_entries)
150263 {
150264 - int (*cmp_entries_fn)(const struct tracing_map_sort_entry **,
150265 - const struct tracing_map_sort_entry **);
150266 + int (*cmp_entries_fn)(const void*, const void*);
150267 struct tracing_map_sort_entry *sort_entry, **entries;
150268 int i, n_entries, ret;
150269
150270 @@ -1042,8 +1041,7 @@ int tracing_map_sort_entries(struct tracing_map *map,
150271
150272 set_sort_key(map, &sort_keys[0]);
150273
150274 - sort(entries, n_entries, sizeof(struct tracing_map_sort_entry *),
150275 - (int (*)(const void *, const void *))cmp_entries_fn, NULL);
150276 + sort(entries, n_entries, sizeof(struct tracing_map_sort_entry *), cmp_entries_fn, NULL);
150277
150278 if (n_sort_keys > 1)
150279 sort_secondary(map,
150280 diff --git a/kernel/trace/tracing_map.h b/kernel/trace/tracing_map.h
150281 index 618838f..3dc1b9b 100644
150282 --- a/kernel/trace/tracing_map.h
150283 +++ b/kernel/trace/tracing_map.h
150284 @@ -181,7 +181,7 @@ struct tracing_map {
150285 unsigned int map_bits;
150286 unsigned int map_size;
150287 unsigned int max_elts;
150288 - atomic_t next_elt;
150289 + atomic_unchecked_t next_elt;
150290 struct tracing_map_array *elts;
150291 struct tracing_map_array *map;
150292 const struct tracing_map_ops *ops;
150293 @@ -191,8 +191,8 @@ struct tracing_map {
150294 int key_idx[TRACING_MAP_KEYS_MAX];
150295 unsigned int n_keys;
150296 struct tracing_map_sort_key sort_key;
150297 - atomic64_t hits;
150298 - atomic64_t drops;
150299 + atomic64_unchecked_t hits;
150300 + atomic64_unchecked_t drops;
150301 };
150302
150303 /**
150304 diff --git a/kernel/user.c b/kernel/user.c
150305 index b069ccb..c59fe26 100644
150306 --- a/kernel/user.c
150307 +++ b/kernel/user.c
150308 @@ -127,8 +127,8 @@ static struct user_struct *uid_hash_find(kuid_t uid, struct hlist_head *hashent)
150309 * IRQ state (as stored in flags) is restored and uidhash_lock released
150310 * upon function exit.
150311 */
150312 +static void free_user(struct user_struct *up, unsigned long flags) __releases(&uidhash_lock);
150313 static void free_user(struct user_struct *up, unsigned long flags)
150314 - __releases(&uidhash_lock)
150315 {
150316 uid_hash_remove(up);
150317 spin_unlock_irqrestore(&uidhash_lock, flags);
150318 diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
150319 index 68f5942..8576ce7 100644
150320 --- a/kernel/user_namespace.c
150321 +++ b/kernel/user_namespace.c
150322 @@ -84,6 +84,21 @@ int create_user_ns(struct cred *new)
150323 !kgid_has_mapping(parent_ns, group))
150324 return -EPERM;
150325
150326 +#ifdef CONFIG_GRKERNSEC
150327 + /*
150328 + * This doesn't really inspire confidence:
150329 + * http://marc.info/?l=linux-kernel&m=135543612731939&w=2
150330 + * http://marc.info/?l=linux-kernel&m=135545831607095&w=2
150331 + * Increases kernel attack surface in areas developers
150332 + * previously cared little about ("low importance due
150333 + * to requiring "root" capability")
150334 + * To be removed when this code receives *proper* review
150335 + */
150336 + if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) ||
150337 + !capable(CAP_SETGID))
150338 + return -EPERM;
150339 +#endif
150340 +
150341 ns = kmem_cache_zalloc(user_ns_cachep, GFP_KERNEL);
150342 if (!ns)
150343 return -ENOMEM;
150344 @@ -988,7 +1003,7 @@ static int userns_install(struct nsproxy *nsproxy, struct ns_common *ns)
150345 if (!thread_group_empty(current))
150346 return -EINVAL;
150347
150348 - if (current->fs->users != 1)
150349 + if (atomic_read(&current->fs->users) != 1)
150350 return -EINVAL;
150351
150352 if (!ns_capable(user_ns, CAP_SYS_ADMIN))
150353 diff --git a/kernel/utsname_sysctl.c b/kernel/utsname_sysctl.c
150354 index c8eac43..4b5f08f 100644
150355 --- a/kernel/utsname_sysctl.c
150356 +++ b/kernel/utsname_sysctl.c
150357 @@ -47,7 +47,7 @@ static void put_uts(struct ctl_table *table, int write, void *which)
150358 static int proc_do_uts_string(struct ctl_table *table, int write,
150359 void __user *buffer, size_t *lenp, loff_t *ppos)
150360 {
150361 - struct ctl_table uts_table;
150362 + ctl_table_no_const uts_table;
150363 int r;
150364 memcpy(&uts_table, table, sizeof(uts_table));
150365 uts_table.data = get_uts(table, write);
150366 diff --git a/kernel/watchdog.c b/kernel/watchdog.c
150367 index 9acb29f..6fe517c 100644
150368 --- a/kernel/watchdog.c
150369 +++ b/kernel/watchdog.c
150370 @@ -680,7 +680,7 @@ static int watchdog_nmi_enable(unsigned int cpu) { return 0; }
150371 static void watchdog_nmi_disable(unsigned int cpu) { return; }
150372 #endif /* CONFIG_HARDLOCKUP_DETECTOR */
150373
150374 -static struct smp_hotplug_thread watchdog_threads = {
150375 +static struct smp_hotplug_thread watchdog_threads __read_only = {
150376 .store = &softlockup_watchdog,
150377 .thread_should_run = watchdog_should_run,
150378 .thread_fn = watchdog,
150379 diff --git a/kernel/workqueue.c b/kernel/workqueue.c
150380 index ef071ca..621135c 100644
150381 --- a/kernel/workqueue.c
150382 +++ b/kernel/workqueue.c
150383 @@ -1922,9 +1922,8 @@ static void pool_mayday_timeout(unsigned long __pool)
150384 * multiple times. Does GFP_KERNEL allocations. Called only from
150385 * manager.
150386 */
150387 +static void maybe_create_worker(struct worker_pool *pool) __must_hold(&pool->lock);
150388 static void maybe_create_worker(struct worker_pool *pool)
150389 -__releases(&pool->lock)
150390 -__acquires(&pool->lock)
150391 {
150392 restart:
150393 spin_unlock_irq(&pool->lock);
150394 @@ -2014,9 +2013,8 @@ static bool manage_workers(struct worker *worker)
150395 * CONTEXT:
150396 * spin_lock_irq(pool->lock) which is released and regrabbed.
150397 */
150398 +static void process_one_work(struct worker *worker, struct work_struct *work) __must_hold(&pool->lock);
150399 static void process_one_work(struct worker *worker, struct work_struct *work)
150400 -__releases(&pool->lock)
150401 -__acquires(&pool->lock)
150402 {
150403 struct pool_workqueue *pwq = get_work_pwq(work);
150404 struct worker_pool *pool = worker->pool;
150405 @@ -4573,7 +4571,7 @@ static void rebind_workers(struct worker_pool *pool)
150406 WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND));
150407 worker_flags |= WORKER_REBOUND;
150408 worker_flags &= ~WORKER_UNBOUND;
150409 - ACCESS_ONCE(worker->flags) = worker_flags;
150410 + ACCESS_ONCE_RW(worker->flags) = worker_flags;
150411 }
150412
150413 spin_unlock_irq(&pool->lock);
150414 diff --git a/lib/842/842_compress.c b/lib/842/842_compress.c
150415 index 4051339..7144fad 100644
150416 --- a/lib/842/842_compress.c
150417 +++ b/lib/842/842_compress.c
150418 @@ -306,7 +306,7 @@ static int add_template(struct sw842_param *p, u8 c)
150419 }
150420
150421 if (sw842_template_counts)
150422 - atomic_inc(&template_count[t[4]]);
150423 + atomic_inc_unchecked(&template_count[t[4]]);
150424
150425 return 0;
150426 }
150427 @@ -328,7 +328,7 @@ static int add_repeat_template(struct sw842_param *p, u8 r)
150428 return ret;
150429
150430 if (sw842_template_counts)
150431 - atomic_inc(&template_repeat_count);
150432 + atomic_inc_unchecked(&template_repeat_count);
150433
150434 return 0;
150435 }
150436 @@ -355,7 +355,7 @@ static int add_short_data_template(struct sw842_param *p, u8 b)
150437 }
150438
150439 if (sw842_template_counts)
150440 - atomic_inc(&template_short_data_count);
150441 + atomic_inc_unchecked(&template_short_data_count);
150442
150443 return 0;
150444 }
150445 @@ -368,7 +368,7 @@ static int add_zeros_template(struct sw842_param *p)
150446 return ret;
150447
150448 if (sw842_template_counts)
150449 - atomic_inc(&template_zeros_count);
150450 + atomic_inc_unchecked(&template_zeros_count);
150451
150452 return 0;
150453 }
150454 @@ -381,7 +381,7 @@ static int add_end_template(struct sw842_param *p)
150455 return ret;
150456
150457 if (sw842_template_counts)
150458 - atomic_inc(&template_end_count);
150459 + atomic_inc_unchecked(&template_end_count);
150460
150461 return 0;
150462 }
150463 diff --git a/lib/842/842_debugfs.h b/lib/842/842_debugfs.h
150464 index e7f3bff..77d1d92 100644
150465 --- a/lib/842/842_debugfs.h
150466 +++ b/lib/842/842_debugfs.h
150467 @@ -7,7 +7,7 @@
150468 static bool sw842_template_counts;
150469 module_param_named(template_counts, sw842_template_counts, bool, 0444);
150470
150471 -static atomic_t template_count[OPS_MAX], template_repeat_count,
150472 +static atomic_unchecked_t template_count[OPS_MAX], template_repeat_count,
150473 template_zeros_count, template_short_data_count, template_end_count;
150474
150475 static struct dentry *sw842_debugfs_root;
150476 @@ -28,16 +28,16 @@ static int __init sw842_debugfs_create(void)
150477 char name[32];
150478
150479 snprintf(name, 32, "template_%02x", i);
150480 - debugfs_create_atomic_t(name, m, sw842_debugfs_root,
150481 + debugfs_create_atomic_unchecked_t(name, m, sw842_debugfs_root,
150482 &template_count[i]);
150483 }
150484 - debugfs_create_atomic_t("template_repeat", m, sw842_debugfs_root,
150485 + debugfs_create_atomic_unchecked_t("template_repeat", m, sw842_debugfs_root,
150486 &template_repeat_count);
150487 - debugfs_create_atomic_t("template_zeros", m, sw842_debugfs_root,
150488 + debugfs_create_atomic_unchecked_t("template_zeros", m, sw842_debugfs_root,
150489 &template_zeros_count);
150490 - debugfs_create_atomic_t("template_short_data", m, sw842_debugfs_root,
150491 + debugfs_create_atomic_unchecked_t("template_short_data", m, sw842_debugfs_root,
150492 &template_short_data_count);
150493 - debugfs_create_atomic_t("template_end", m, sw842_debugfs_root,
150494 + debugfs_create_atomic_unchecked_t("template_end", m, sw842_debugfs_root,
150495 &template_end_count);
150496
150497 return 0;
150498 diff --git a/lib/842/842_decompress.c b/lib/842/842_decompress.c
150499 index 11fc39b..e5cfa58 100644
150500 --- a/lib/842/842_decompress.c
150501 +++ b/lib/842/842_decompress.c
150502 @@ -263,7 +263,7 @@ static int do_op(struct sw842_param *p, u8 o)
150503 }
150504
150505 if (sw842_template_counts)
150506 - atomic_inc(&template_count[o]);
150507 + atomic_inc_unchecked(&template_count[o]);
150508
150509 return 0;
150510 }
150511 @@ -331,7 +331,7 @@ int sw842_decompress(const u8 *in, unsigned int ilen,
150512 }
150513
150514 if (sw842_template_counts)
150515 - atomic_inc(&template_repeat_count);
150516 + atomic_inc_unchecked(&template_repeat_count);
150517
150518 break;
150519 case OP_ZEROS:
150520 @@ -343,7 +343,7 @@ int sw842_decompress(const u8 *in, unsigned int ilen,
150521 p.olen -= 8;
150522
150523 if (sw842_template_counts)
150524 - atomic_inc(&template_zeros_count);
150525 + atomic_inc_unchecked(&template_zeros_count);
150526
150527 break;
150528 case OP_SHORT_DATA:
150529 @@ -364,12 +364,12 @@ int sw842_decompress(const u8 *in, unsigned int ilen,
150530 }
150531
150532 if (sw842_template_counts)
150533 - atomic_inc(&template_short_data_count);
150534 + atomic_inc_unchecked(&template_short_data_count);
150535
150536 break;
150537 case OP_END:
150538 if (sw842_template_counts)
150539 - atomic_inc(&template_end_count);
150540 + atomic_inc_unchecked(&template_end_count);
150541
150542 break;
150543 default: /* use template */
150544 diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
150545 index cab7405..c65d473 100644
150546 --- a/lib/Kconfig.debug
150547 +++ b/lib/Kconfig.debug
150548 @@ -243,6 +243,7 @@ config PAGE_OWNER
150549 bool "Track page owner"
150550 depends on DEBUG_KERNEL && STACKTRACE_SUPPORT
150551 select DEBUG_FS
150552 + depends on !GRKERNSEC_KMEM
150553 select STACKTRACE
150554 select STACKDEPOT
150555 select PAGE_EXTENSION
150556 @@ -259,6 +260,7 @@ config PAGE_OWNER
150557 config DEBUG_FS
150558 bool "Debug Filesystem"
150559 select SRCU
150560 + depends on !GRKERNSEC_KMEM
150561 help
150562 debugfs is a virtual file system that kernel developers use to put
150563 debugging files into. Enable this option to be able to read and
150564 @@ -512,6 +514,7 @@ config DEBUG_KMEMLEAK
150565 bool "Kernel memory leak detector"
150566 depends on DEBUG_KERNEL && HAVE_DEBUG_KMEMLEAK
150567 select DEBUG_FS
150568 + depends on !GRKERNSEC_KMEM
150569 select STACKTRACE if STACKTRACE_SUPPORT
150570 select KALLSYMS
150571 select CRC32
150572 @@ -711,6 +714,7 @@ config KCOV
150573 select DEBUG_FS
150574 select GCC_PLUGINS if !COMPILE_TEST
150575 select GCC_PLUGIN_SANCOV if !COMPILE_TEST
150576 + depends on !GRKERNSEC_KMEM
150577 help
150578 KCOV exposes kernel code coverage information in a form suitable
150579 for coverage-guided fuzzing (randomized testing).
150580 @@ -1012,7 +1016,7 @@ config DEBUG_MUTEXES
150581
150582 config DEBUG_WW_MUTEX_SLOWPATH
150583 bool "Wait/wound mutex debugging: Slowpath testing"
150584 - depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT
150585 + depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT && !PAX_CONSTIFY_PLUGIN
150586 select DEBUG_LOCK_ALLOC
150587 select DEBUG_SPINLOCK
150588 select DEBUG_MUTEXES
150589 @@ -1029,7 +1033,7 @@ config DEBUG_WW_MUTEX_SLOWPATH
150590
150591 config DEBUG_LOCK_ALLOC
150592 bool "Lock debugging: detect incorrect freeing of live locks"
150593 - depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT
150594 + depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT && !PAX_CONSTIFY_PLUGIN
150595 select DEBUG_SPINLOCK
150596 select DEBUG_MUTEXES
150597 select LOCKDEP
150598 @@ -1043,7 +1047,7 @@ config DEBUG_LOCK_ALLOC
150599
150600 config PROVE_LOCKING
150601 bool "Lock debugging: prove locking correctness"
150602 - depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT
150603 + depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT && !PAX_CONSTIFY_PLUGIN
150604 select LOCKDEP
150605 select DEBUG_SPINLOCK
150606 select DEBUG_MUTEXES
150607 @@ -1094,7 +1098,7 @@ config LOCKDEP
150608
150609 config LOCK_STAT
150610 bool "Lock usage statistics"
150611 - depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT
150612 + depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT && !PAX_CONSTIFY_PLUGIN
150613 select LOCKDEP
150614 select DEBUG_SPINLOCK
150615 select DEBUG_MUTEXES
150616 @@ -1507,6 +1511,7 @@ config NOTIFIER_ERROR_INJECTION
150617 tristate "Notifier error injection"
150618 depends on DEBUG_KERNEL
150619 select DEBUG_FS
150620 + depends on !GRKERNSEC_KMEM
150621 help
150622 This option provides the ability to inject artificial errors to
150623 specified notifier chain callbacks. It is useful to test the error
150624 @@ -1652,6 +1657,7 @@ config FAIL_MMC_REQUEST
150625 config FAIL_FUTEX
150626 bool "Fault-injection capability for futexes"
150627 select DEBUG_FS
150628 + depends on !GRKERNSEC_KMEM
150629 depends on FAULT_INJECTION && FUTEX
150630 help
150631 Provide fault-injection capability for futexes.
150632 @@ -1676,6 +1682,7 @@ config LATENCYTOP
150633 depends on DEBUG_KERNEL
150634 depends on STACKTRACE_SUPPORT
150635 depends on PROC_FS
150636 + depends on !GRKERNSEC_HIDESYM
150637 select FRAME_POINTER if !MIPS && !PPC && !S390 && !MICROBLAZE && !ARM_UNWIND && !ARC
150638 select KALLSYMS
150639 select KALLSYMS_ALL
150640 @@ -1830,7 +1837,7 @@ endmenu # runtime tests
150641
150642 config PROVIDE_OHCI1394_DMA_INIT
150643 bool "Remote debugging over FireWire early on boot"
150644 - depends on PCI && X86
150645 + depends on PCI && X86 && !GRKERNSEC
150646 help
150647 If you want to debug problems which hang or crash the kernel early
150648 on boot and the crashing machine has a FireWire port, you can use
150649 diff --git a/lib/Makefile b/lib/Makefile
150650 index 5dc77a8..8c18345 100644
150651 --- a/lib/Makefile
150652 +++ b/lib/Makefile
150653 @@ -76,7 +76,7 @@ obj-$(CONFIG_BTREE) += btree.o
150654 obj-$(CONFIG_INTERVAL_TREE) += interval_tree.o
150655 obj-$(CONFIG_ASSOCIATIVE_ARRAY) += assoc_array.o
150656 obj-$(CONFIG_DEBUG_PREEMPT) += smp_processor_id.o
150657 -obj-$(CONFIG_DEBUG_LIST) += list_debug.o
150658 +obj-y += list_debug.o
150659 obj-$(CONFIG_DEBUG_OBJECTS) += debugobjects.o
150660
150661 ifneq ($(CONFIG_HAVE_DEC_LOCK),y)
150662 diff --git a/lib/bitmap.c b/lib/bitmap.c
150663 index eca8808..23b3fd8 100644
150664 --- a/lib/bitmap.c
150665 +++ b/lib/bitmap.c
150666 @@ -363,7 +363,7 @@ int __bitmap_parse(const char *buf, unsigned int buflen,
150667 {
150668 int c, old_c, totaldigits, ndigits, nchunks, nbits;
150669 u32 chunk;
150670 - const char __user __force *ubuf = (const char __user __force *)buf;
150671 + const char __user *ubuf = (const char __force_user *)buf;
150672
150673 bitmap_zero(maskp, nmaskbits);
150674
150675 @@ -449,7 +449,7 @@ int bitmap_parse_user(const char __user *ubuf,
150676 {
150677 if (!access_ok(VERIFY_READ, ubuf, ulen))
150678 return -EFAULT;
150679 - return __bitmap_parse((const char __force *)ubuf,
150680 + return __bitmap_parse((const char __force_kernel *)ubuf,
150681 ulen, 1, maskp, nmaskbits);
150682
150683 }
150684 @@ -509,7 +509,7 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen,
150685 {
150686 unsigned a, b;
150687 int c, old_c, totaldigits, ndigits;
150688 - const char __user __force *ubuf = (const char __user __force *)buf;
150689 + const char __user *ubuf = (const char __force_user *)buf;
150690 int at_start, in_range;
150691
150692 totaldigits = c = 0;
150693 @@ -613,7 +613,7 @@ int bitmap_parselist_user(const char __user *ubuf,
150694 {
150695 if (!access_ok(VERIFY_READ, ubuf, ulen))
150696 return -EFAULT;
150697 - return __bitmap_parselist((const char __force *)ubuf,
150698 + return __bitmap_parselist((const char __force_kernel *)ubuf,
150699 ulen, 1, maskp, nmaskbits);
150700 }
150701 EXPORT_SYMBOL(bitmap_parselist_user);
150702 diff --git a/lib/bug.c b/lib/bug.c
150703 index bc3656e..470f3ab 100644
150704 --- a/lib/bug.c
150705 +++ b/lib/bug.c
150706 @@ -148,6 +148,8 @@ enum bug_trap_type report_bug(unsigned long bugaddr, struct pt_regs *regs)
150707 return BUG_TRAP_TYPE_NONE;
150708
150709 bug = find_bug(bugaddr);
150710 + if (!bug)
150711 + return BUG_TRAP_TYPE_NONE;
150712
150713 file = NULL;
150714 line = 0;
150715 diff --git a/lib/debugobjects.c b/lib/debugobjects.c
150716 index a8e1260..cf8f2be 100644
150717 --- a/lib/debugobjects.c
150718 +++ b/lib/debugobjects.c
150719 @@ -288,7 +288,7 @@ static void debug_object_is_on_stack(void *addr, int onstack)
150720 if (limit > 4)
150721 return;
150722
150723 - is_on_stack = object_is_on_stack(addr);
150724 + is_on_stack = object_starts_on_stack(addr);
150725 if (is_on_stack == onstack)
150726 return;
150727
150728 diff --git a/lib/decompress_bunzip2.c b/lib/decompress_bunzip2.c
150729 index 0234361..41a411c 100644
150730 --- a/lib/decompress_bunzip2.c
150731 +++ b/lib/decompress_bunzip2.c
150732 @@ -665,7 +665,8 @@ static int INIT start_bunzip(struct bunzip_data **bdp, void *inbuf, long len,
150733
150734 /* Fourth byte (ascii '1'-'9'), indicates block size in units of 100k of
150735 uncompressed data. Allocate intermediate buffer for block. */
150736 - bd->dbufSize = 100000*(i-BZh0);
150737 + i -= BZh0;
150738 + bd->dbufSize = 100000 * i;
150739
150740 bd->dbuf = large_malloc(bd->dbufSize * sizeof(int));
150741 if (!bd->dbuf)
150742 diff --git a/lib/decompress_unlzma.c b/lib/decompress_unlzma.c
150743 index ed7a1fd..44a1a62 100644
150744 --- a/lib/decompress_unlzma.c
150745 +++ b/lib/decompress_unlzma.c
150746 @@ -39,10 +39,10 @@
150747
150748 #define MIN(a, b) (((a) < (b)) ? (a) : (b))
150749
150750 -static long long INIT read_int(unsigned char *ptr, int size)
150751 +static unsigned long long INIT read_int(unsigned char *ptr, int size)
150752 {
150753 int i;
150754 - long long ret = 0;
150755 + unsigned long long ret = 0;
150756
150757 for (i = 0; i < size; i++)
150758 ret = (ret << 8) | ptr[size-i-1];
150759 diff --git a/lib/div64.c b/lib/div64.c
150760 index 7f34525..c53be4b 100644
150761 --- a/lib/div64.c
150762 +++ b/lib/div64.c
150763 @@ -61,7 +61,7 @@ EXPORT_SYMBOL(__div64_32);
150764 #endif
150765
150766 #ifndef div_s64_rem
150767 -s64 div_s64_rem(s64 dividend, s32 divisor, s32 *remainder)
150768 +s64 __intentional_overflow(-1) div_s64_rem(s64 dividend, s32 divisor, s32 *remainder)
150769 {
150770 u64 quotient;
150771
150772 @@ -132,7 +132,7 @@ EXPORT_SYMBOL(div64_u64_rem);
150773 * 'http://www.hackersdelight.org/hdcodetxt/divDouble.c.txt'
150774 */
150775 #ifndef div64_u64
150776 -u64 div64_u64(u64 dividend, u64 divisor)
150777 +u64 __intentional_overflow(-1) div64_u64(u64 dividend, u64 divisor)
150778 {
150779 u32 high = divisor >> 32;
150780 u64 quot;
150781 diff --git a/lib/dma-debug.c b/lib/dma-debug.c
150782 index fcfa193..b345d59 100644
150783 --- a/lib/dma-debug.c
150784 +++ b/lib/dma-debug.c
150785 @@ -984,7 +984,7 @@ static int dma_debug_device_change(struct notifier_block *nb, unsigned long acti
150786
150787 void dma_debug_add_bus(struct bus_type *bus)
150788 {
150789 - struct notifier_block *nb;
150790 + notifier_block_no_const *nb;
150791
150792 if (dma_debug_disabled())
150793 return;
150794 @@ -1166,7 +1166,7 @@ static void check_unmap(struct dma_debug_entry *ref)
150795
150796 static void check_for_stack(struct device *dev, void *addr)
150797 {
150798 - if (object_is_on_stack(addr))
150799 + if (object_starts_on_stack(addr))
150800 err_printk(dev, NULL, "DMA-API: device driver maps memory from "
150801 "stack [addr=%p]\n", addr);
150802 }
150803 diff --git a/lib/inflate.c b/lib/inflate.c
150804 index 013a761..c28f3fc 100644
150805 --- a/lib/inflate.c
150806 +++ b/lib/inflate.c
150807 @@ -269,7 +269,7 @@ static void free(void *where)
150808 malloc_ptr = free_mem_ptr;
150809 }
150810 #else
150811 -#define malloc(a) kmalloc(a, GFP_KERNEL)
150812 +#define malloc(a) kmalloc((a), GFP_KERNEL)
150813 #define free(a) kfree(a)
150814 #endif
150815
150816 diff --git a/lib/ioremap.c b/lib/ioremap.c
150817 index 86c8911..f5bfc34 100644
150818 --- a/lib/ioremap.c
150819 +++ b/lib/ioremap.c
150820 @@ -75,7 +75,7 @@ static inline int ioremap_pmd_range(pud_t *pud, unsigned long addr,
150821 unsigned long next;
150822
150823 phys_addr -= addr;
150824 - pmd = pmd_alloc(&init_mm, pud, addr);
150825 + pmd = pmd_alloc_kernel(&init_mm, pud, addr);
150826 if (!pmd)
150827 return -ENOMEM;
150828 do {
150829 @@ -101,7 +101,7 @@ static inline int ioremap_pud_range(pgd_t *pgd, unsigned long addr,
150830 unsigned long next;
150831
150832 phys_addr -= addr;
150833 - pud = pud_alloc(&init_mm, pgd, addr);
150834 + pud = pud_alloc_kernel(&init_mm, pgd, addr);
150835 if (!pud)
150836 return -ENOMEM;
150837 do {
150838 diff --git a/lib/irq_poll.c b/lib/irq_poll.c
150839 index 836f7db..44d9849 100644
150840 --- a/lib/irq_poll.c
150841 +++ b/lib/irq_poll.c
150842 @@ -74,7 +74,7 @@ void irq_poll_complete(struct irq_poll *iop)
150843 }
150844 EXPORT_SYMBOL(irq_poll_complete);
150845
150846 -static void irq_poll_softirq(struct softirq_action *h)
150847 +static __latent_entropy void irq_poll_softirq(void)
150848 {
150849 struct list_head *list = this_cpu_ptr(&blk_cpu_iopoll);
150850 int rearm = 0, budget = irq_poll_budget;
150851 diff --git a/lib/is_single_threaded.c b/lib/is_single_threaded.c
150852 index 391fd23..96e17b6 100644
150853 --- a/lib/is_single_threaded.c
150854 +++ b/lib/is_single_threaded.c
150855 @@ -22,6 +22,9 @@ bool current_is_single_threaded(void)
150856 struct task_struct *p, *t;
150857 bool ret;
150858
150859 + if (!mm)
150860 + return true;
150861 +
150862 if (atomic_read(&task->signal->live) != 1)
150863 return false;
150864
150865 diff --git a/lib/kobject.c b/lib/kobject.c
150866 index 445dcae..cbfd25d 100644
150867 --- a/lib/kobject.c
150868 +++ b/lib/kobject.c
150869 @@ -955,9 +955,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add);
150870
150871
150872 static DEFINE_SPINLOCK(kobj_ns_type_lock);
150873 -static const struct kobj_ns_type_operations *kobj_ns_ops_tbl[KOBJ_NS_TYPES];
150874 +static const struct kobj_ns_type_operations *kobj_ns_ops_tbl[KOBJ_NS_TYPES] __read_only;
150875
150876 -int kobj_ns_type_register(const struct kobj_ns_type_operations *ops)
150877 +int __init kobj_ns_type_register(const struct kobj_ns_type_operations *ops)
150878 {
150879 enum kobj_ns_type type = ops->type;
150880 int error;
150881 diff --git a/lib/list_debug.c b/lib/list_debug.c
150882 index 3859bf6..818741d6 100644
150883 --- a/lib/list_debug.c
150884 +++ b/lib/list_debug.c
150885 @@ -11,7 +11,9 @@
150886 #include <linux/bug.h>
150887 #include <linux/kernel.h>
150888 #include <linux/rculist.h>
150889 +#include <linux/mm.h>
150890
150891 +#ifdef CONFIG_DEBUG_LIST
150892 /*
150893 * Insert a new entry between two known consecutive entries.
150894 *
150895 @@ -19,21 +21,40 @@
150896 * the prev/next entries already!
150897 */
150898
150899 +static bool __list_add_debug(struct list_head *new,
150900 + struct list_head *prev,
150901 + struct list_head *next)
150902 +{
150903 + if (unlikely(next->prev != prev)) {
150904 + printk(KERN_ERR "list_add corruption. next->prev should be "
150905 + "prev (%p), but was %p. (next=%p).\n",
150906 + prev, next->prev, next);
150907 + BUG();
150908 + return false;
150909 + }
150910 + if (unlikely(prev->next != next)) {
150911 + printk(KERN_ERR "list_add corruption. prev->next should be "
150912 + "next (%p), but was %p. (prev=%p).\n",
150913 + next, prev->next, prev);
150914 + BUG();
150915 + return false;
150916 + }
150917 + if (unlikely(new == prev || new == next)) {
150918 + printk(KERN_ERR "list_add double add: new=%p, prev=%p, next=%p.\n",
150919 + new, prev, next);
150920 + BUG();
150921 + return false;
150922 + }
150923 + return true;
150924 +}
150925 +
150926 void __list_add(struct list_head *new,
150927 - struct list_head *prev,
150928 - struct list_head *next)
150929 + struct list_head *prev,
150930 + struct list_head *next)
150931 {
150932 - WARN(next->prev != prev,
150933 - "list_add corruption. next->prev should be "
150934 - "prev (%p), but was %p. (next=%p).\n",
150935 - prev, next->prev, next);
150936 - WARN(prev->next != next,
150937 - "list_add corruption. prev->next should be "
150938 - "next (%p), but was %p. (prev=%p).\n",
150939 - next, prev->next, prev);
150940 - WARN(new == prev || new == next,
150941 - "list_add double add: new=%p, prev=%p, next=%p.\n",
150942 - new, prev, next);
150943 + if (!__list_add_debug(new, prev, next))
150944 + return;
150945 +
150946 next->prev = new;
150947 new->next = next;
150948 new->prev = prev;
150949 @@ -41,28 +62,46 @@ void __list_add(struct list_head *new,
150950 }
150951 EXPORT_SYMBOL(__list_add);
150952
150953 -void __list_del_entry(struct list_head *entry)
150954 +static bool __list_del_entry_debug(struct list_head *entry)
150955 {
150956 struct list_head *prev, *next;
150957
150958 prev = entry->prev;
150959 next = entry->next;
150960
150961 - if (WARN(next == LIST_POISON1,
150962 - "list_del corruption, %p->next is LIST_POISON1 (%p)\n",
150963 - entry, LIST_POISON1) ||
150964 - WARN(prev == LIST_POISON2,
150965 - "list_del corruption, %p->prev is LIST_POISON2 (%p)\n",
150966 - entry, LIST_POISON2) ||
150967 - WARN(prev->next != entry,
150968 - "list_del corruption. prev->next should be %p, "
150969 - "but was %p\n", entry, prev->next) ||
150970 - WARN(next->prev != entry,
150971 - "list_del corruption. next->prev should be %p, "
150972 - "but was %p\n", entry, next->prev))
150973 + if (unlikely(next == LIST_POISON1)) {
150974 + printk(KERN_ERR "list_del corruption, %p->next is LIST_POISON1 (%p)\n",
150975 + entry, LIST_POISON1);
150976 + BUG();
150977 + return false;
150978 + }
150979 + if (unlikely(prev == LIST_POISON2)) {
150980 + printk(KERN_ERR "list_del corruption, %p->prev is LIST_POISON2 (%p)\n",
150981 + entry, LIST_POISON2);
150982 + BUG();
150983 + return false;
150984 + }
150985 + if (unlikely(entry->prev->next != entry)) {
150986 + printk(KERN_ERR "list_del corruption. prev->next should be %p, "
150987 + "but was %p\n", entry, prev->next);
150988 + BUG();
150989 + return false;
150990 + }
150991 + if (unlikely(entry->next->prev != entry)) {
150992 + printk(KERN_ERR "list_del corruption. next->prev should be %p, "
150993 + "but was %p\n", entry, next->prev);
150994 + BUG();
150995 + return false;
150996 + }
150997 + return true;
150998 +}
150999 +
151000 +void __list_del_entry(struct list_head *entry)
151001 +{
151002 + if (!__list_del_entry_debug(entry))
151003 return;
151004
151005 - __list_del(prev, next);
151006 + __list_del(entry->prev, entry->next);
151007 }
151008 EXPORT_SYMBOL(__list_del_entry);
151009
151010 @@ -86,15 +125,85 @@ EXPORT_SYMBOL(list_del);
151011 void __list_add_rcu(struct list_head *new,
151012 struct list_head *prev, struct list_head *next)
151013 {
151014 - WARN(next->prev != prev,
151015 - "list_add_rcu corruption. next->prev should be prev (%p), but was %p. (next=%p).\n",
151016 - prev, next->prev, next);
151017 - WARN(prev->next != next,
151018 - "list_add_rcu corruption. prev->next should be next (%p), but was %p. (prev=%p).\n",
151019 - next, prev->next, prev);
151020 + if (!__list_add_debug(new, prev, next))
151021 + return;
151022 +
151023 new->next = next;
151024 new->prev = prev;
151025 rcu_assign_pointer(list_next_rcu(prev), new);
151026 next->prev = new;
151027 }
151028 EXPORT_SYMBOL(__list_add_rcu);
151029 +#endif
151030 +
151031 +void __pax_list_add(struct list_head *new, struct list_head *prev, struct list_head *next)
151032 +{
151033 +#ifdef CONFIG_DEBUG_LIST
151034 + if (!__list_add_debug(new, prev, next))
151035 + return;
151036 +#endif
151037 +
151038 + pax_open_kernel();
151039 + next->prev = new;
151040 + new->next = next;
151041 + new->prev = prev;
151042 + prev->next = new;
151043 + pax_close_kernel();
151044 +}
151045 +EXPORT_SYMBOL(__pax_list_add);
151046 +
151047 +void pax_list_del(struct list_head *entry)
151048 +{
151049 +#ifdef CONFIG_DEBUG_LIST
151050 + if (!__list_del_entry_debug(entry))
151051 + return;
151052 +#endif
151053 +
151054 + pax_open_kernel();
151055 + __list_del(entry->prev, entry->next);
151056 + entry->next = LIST_POISON1;
151057 + entry->prev = LIST_POISON2;
151058 + pax_close_kernel();
151059 +}
151060 +EXPORT_SYMBOL(pax_list_del);
151061 +
151062 +void pax_list_del_init(struct list_head *entry)
151063 +{
151064 + pax_open_kernel();
151065 + __list_del(entry->prev, entry->next);
151066 + INIT_LIST_HEAD(entry);
151067 + pax_close_kernel();
151068 +}
151069 +EXPORT_SYMBOL(pax_list_del_init);
151070 +
151071 +void __pax_list_add_rcu(struct list_head *new,
151072 + struct list_head *prev, struct list_head *next)
151073 +{
151074 +#ifdef CONFIG_DEBUG_LIST
151075 + if (!__list_add_debug(new, prev, next))
151076 + return;
151077 +#endif
151078 +
151079 + pax_open_kernel();
151080 + new->next = next;
151081 + new->prev = prev;
151082 + rcu_assign_pointer(list_next_rcu(prev), new);
151083 + next->prev = new;
151084 + pax_close_kernel();
151085 +}
151086 +EXPORT_SYMBOL(__pax_list_add_rcu);
151087 +
151088 +void pax_list_del_rcu(struct list_head *entry)
151089 +{
151090 +#ifdef CONFIG_DEBUG_LIST
151091 + if (!__list_del_entry_debug(entry))
151092 + return;
151093 +#endif
151094 +
151095 + pax_open_kernel();
151096 + __list_del(entry->prev, entry->next);
151097 + entry->next = LIST_POISON1;
151098 + entry->prev = LIST_POISON2;
151099 + pax_close_kernel();
151100 +}
151101 +EXPORT_SYMBOL(pax_list_del_rcu);
151102 diff --git a/lib/llist.c b/lib/llist.c
151103 index ae5872b..63a9698 100644
151104 --- a/lib/llist.c
151105 +++ b/lib/llist.c
151106 @@ -25,6 +25,7 @@
151107 #include <linux/kernel.h>
151108 #include <linux/export.h>
151109 #include <linux/llist.h>
151110 +#include <linux/mm.h>
151111
151112
151113 /**
151114 @@ -48,6 +49,22 @@ bool llist_add_batch(struct llist_node *new_first, struct llist_node *new_last,
151115 }
151116 EXPORT_SYMBOL_GPL(llist_add_batch);
151117
151118 +bool pax_llist_add_batch(struct llist_node *new_first, struct llist_node *new_last,
151119 + struct llist_head *head)
151120 +{
151121 + struct llist_node *first;
151122 +
151123 + do {
151124 + first = ACCESS_ONCE(head->first);
151125 + pax_open_kernel();
151126 + new_last->next = first;
151127 + pax_close_kernel();
151128 + } while (cmpxchg(&head->first, first, new_first) != first);
151129 +
151130 + return !first;
151131 +}
151132 +EXPORT_SYMBOL_GPL(pax_llist_add_batch);
151133 +
151134 /**
151135 * llist_del_first - delete the first entry of lock-less list
151136 * @head: the head for your lock-less list
151137 diff --git a/lib/lockref.c b/lib/lockref.c
151138 index 5a92189..d77978d 100644
151139 --- a/lib/lockref.c
151140 +++ b/lib/lockref.c
151141 @@ -40,13 +40,13 @@
151142 void lockref_get(struct lockref *lockref)
151143 {
151144 CMPXCHG_LOOP(
151145 - new.count++;
151146 + __lockref_inc(&new);
151147 ,
151148 return;
151149 );
151150
151151 spin_lock(&lockref->lock);
151152 - lockref->count++;
151153 + __lockref_inc(lockref);
151154 spin_unlock(&lockref->lock);
151155 }
151156 EXPORT_SYMBOL(lockref_get);
151157 @@ -61,8 +61,8 @@ int lockref_get_not_zero(struct lockref *lockref)
151158 int retval;
151159
151160 CMPXCHG_LOOP(
151161 - new.count++;
151162 - if (old.count <= 0)
151163 + __lockref_inc(&new);
151164 + if (__lockref_read(&old) <= 0)
151165 return 0;
151166 ,
151167 return 1;
151168 @@ -70,8 +70,8 @@ int lockref_get_not_zero(struct lockref *lockref)
151169
151170 spin_lock(&lockref->lock);
151171 retval = 0;
151172 - if (lockref->count > 0) {
151173 - lockref->count++;
151174 + if (__lockref_read(lockref) > 0) {
151175 + __lockref_inc(lockref);
151176 retval = 1;
151177 }
151178 spin_unlock(&lockref->lock);
151179 @@ -88,17 +88,17 @@ EXPORT_SYMBOL(lockref_get_not_zero);
151180 int lockref_get_or_lock(struct lockref *lockref)
151181 {
151182 CMPXCHG_LOOP(
151183 - new.count++;
151184 - if (old.count <= 0)
151185 + __lockref_inc(&new);
151186 + if (__lockref_read(&old) <= 0)
151187 break;
151188 ,
151189 return 1;
151190 );
151191
151192 spin_lock(&lockref->lock);
151193 - if (lockref->count <= 0)
151194 + if (__lockref_read(lockref) <= 0)
151195 return 0;
151196 - lockref->count++;
151197 + __lockref_inc(lockref);
151198 spin_unlock(&lockref->lock);
151199 return 1;
151200 }
151201 @@ -114,11 +114,11 @@ EXPORT_SYMBOL(lockref_get_or_lock);
151202 int lockref_put_return(struct lockref *lockref)
151203 {
151204 CMPXCHG_LOOP(
151205 - new.count--;
151206 - if (old.count <= 0)
151207 + __lockref_dec(&new);
151208 + if (__lockref_read(&old) <= 0)
151209 return -1;
151210 ,
151211 - return new.count;
151212 + return __lockref_read(&new);
151213 );
151214 return -1;
151215 }
151216 @@ -132,17 +132,17 @@ EXPORT_SYMBOL(lockref_put_return);
151217 int lockref_put_or_lock(struct lockref *lockref)
151218 {
151219 CMPXCHG_LOOP(
151220 - new.count--;
151221 - if (old.count <= 1)
151222 + __lockref_dec(&new);
151223 + if (__lockref_read(&old) <= 1)
151224 break;
151225 ,
151226 return 1;
151227 );
151228
151229 spin_lock(&lockref->lock);
151230 - if (lockref->count <= 1)
151231 + if (__lockref_read(lockref) <= 1)
151232 return 0;
151233 - lockref->count--;
151234 + __lockref_dec(lockref);
151235 spin_unlock(&lockref->lock);
151236 return 1;
151237 }
151238 @@ -155,7 +155,7 @@ EXPORT_SYMBOL(lockref_put_or_lock);
151239 void lockref_mark_dead(struct lockref *lockref)
151240 {
151241 assert_spin_locked(&lockref->lock);
151242 - lockref->count = -128;
151243 + __lockref_set(lockref, -128);
151244 }
151245 EXPORT_SYMBOL(lockref_mark_dead);
151246
151247 @@ -169,8 +169,8 @@ int lockref_get_not_dead(struct lockref *lockref)
151248 int retval;
151249
151250 CMPXCHG_LOOP(
151251 - new.count++;
151252 - if (old.count < 0)
151253 + __lockref_inc(&new);
151254 + if (__lockref_read(&old) < 0)
151255 return 0;
151256 ,
151257 return 1;
151258 @@ -178,8 +178,8 @@ int lockref_get_not_dead(struct lockref *lockref)
151259
151260 spin_lock(&lockref->lock);
151261 retval = 0;
151262 - if (lockref->count >= 0) {
151263 - lockref->count++;
151264 + if (__lockref_read(lockref) >= 0) {
151265 + __lockref_inc(lockref);
151266 retval = 1;
151267 }
151268 spin_unlock(&lockref->lock);
151269 diff --git a/lib/nlattr.c b/lib/nlattr.c
151270 index fce1e9a..d44559b 100644
151271 --- a/lib/nlattr.c
151272 +++ b/lib/nlattr.c
151273 @@ -278,6 +278,8 @@ int nla_memcpy(void *dest, const struct nlattr *src, int count)
151274 {
151275 int minlen = min_t(int, count, nla_len(src));
151276
151277 + BUG_ON(minlen < 0);
151278 +
151279 memcpy(dest, nla_data(src), minlen);
151280 if (count > minlen)
151281 memset(dest + minlen, 0, count - minlen);
151282 diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c
151283 index 27fe749..2c0e855 100644
151284 --- a/lib/percpu-refcount.c
151285 +++ b/lib/percpu-refcount.c
151286 @@ -31,7 +31,7 @@
151287 * atomic_long_t can't hit 0 before we've added up all the percpu refs.
151288 */
151289
151290 -#define PERCPU_COUNT_BIAS (1LU << (BITS_PER_LONG - 1))
151291 +#define PERCPU_COUNT_BIAS (1LU << (BITS_PER_LONG - 2))
151292
151293 static DECLARE_WAIT_QUEUE_HEAD(percpu_ref_switch_waitq);
151294
151295 diff --git a/lib/radix-tree.c b/lib/radix-tree.c
151296 index 8e6d552..3b33b84 100644
151297 --- a/lib/radix-tree.c
151298 +++ b/lib/radix-tree.c
151299 @@ -67,7 +67,7 @@ struct radix_tree_preload {
151300 /* nodes->private_data points to next preallocated node */
151301 struct radix_tree_node *nodes;
151302 };
151303 -static DEFINE_PER_CPU(struct radix_tree_preload, radix_tree_preloads) = { 0, };
151304 +static DEFINE_PER_CPU(struct radix_tree_preload, radix_tree_preloads);
151305
151306 static inline void *node_to_entry(void *ptr)
151307 {
151308 diff --git a/lib/random32.c b/lib/random32.c
151309 index 69ed593..a309235 100644
151310 --- a/lib/random32.c
151311 +++ b/lib/random32.c
151312 @@ -47,7 +47,7 @@ static inline void prandom_state_selftest(void)
151313 }
151314 #endif
151315
151316 -static DEFINE_PER_CPU(struct rnd_state, net_rand_state);
151317 +static DEFINE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy;
151318
151319 /**
151320 * prandom_u32_state - seeded pseudo-random number generator.
151321 diff --git a/lib/rbtree.c b/lib/rbtree.c
151322 index eb8a19f..3cb9b61 100644
151323 --- a/lib/rbtree.c
151324 +++ b/lib/rbtree.c
151325 @@ -412,7 +412,9 @@ static inline void dummy_copy(struct rb_node *old, struct rb_node *new) {}
151326 static inline void dummy_rotate(struct rb_node *old, struct rb_node *new) {}
151327
151328 static const struct rb_augment_callbacks dummy_callbacks = {
151329 - dummy_propagate, dummy_copy, dummy_rotate
151330 + .propagate = dummy_propagate,
151331 + .copy = dummy_copy,
151332 + .rotate = dummy_rotate
151333 };
151334
151335 void rb_insert_color(struct rb_node *node, struct rb_root *root)
151336 diff --git a/lib/rhashtable.c b/lib/rhashtable.c
151337 index 56054e5..dd1cdc4 100644
151338 --- a/lib/rhashtable.c
151339 +++ b/lib/rhashtable.c
151340 @@ -563,8 +563,8 @@ EXPORT_SYMBOL_GPL(rhashtable_walk_exit);
151341 * will rewind back to the beginning and you may use it immediately
151342 * by calling rhashtable_walk_next.
151343 */
151344 +int rhashtable_walk_start(struct rhashtable_iter *iter) __acquires(RCU);
151345 int rhashtable_walk_start(struct rhashtable_iter *iter)
151346 - __acquires(RCU)
151347 {
151348 struct rhashtable *ht = iter->ht;
151349
151350 @@ -648,8 +648,8 @@ EXPORT_SYMBOL_GPL(rhashtable_walk_next);
151351 *
151352 * Finish a hash table walk.
151353 */
151354 +void rhashtable_walk_stop(struct rhashtable_iter *iter) __releases(RCU);
151355 void rhashtable_walk_stop(struct rhashtable_iter *iter)
151356 - __releases(RCU)
151357 {
151358 struct rhashtable *ht;
151359 struct bucket_table *tbl = iter->walker->tbl;
151360 diff --git a/lib/seq_buf.c b/lib/seq_buf.c
151361 index cb18469..20ac511 100644
151362 --- a/lib/seq_buf.c
151363 +++ b/lib/seq_buf.c
151364 @@ -259,7 +259,7 @@ int seq_buf_putmem_hex(struct seq_buf *s, const void *mem,
151365 */
151366 int seq_buf_path(struct seq_buf *s, const struct path *path, const char *esc)
151367 {
151368 - char *buf;
151369 + unsigned char *buf;
151370 size_t size = seq_buf_get_buf(s, &buf);
151371 int res = -1;
151372
151373 @@ -268,7 +268,7 @@ int seq_buf_path(struct seq_buf *s, const struct path *path, const char *esc)
151374 if (size) {
151375 char *p = d_path(path, buf, size);
151376 if (!IS_ERR(p)) {
151377 - char *end = mangle_path(buf, p, esc);
151378 + unsigned char *end = mangle_path(buf, p, esc);
151379 if (end)
151380 res = end - buf;
151381 }
151382 diff --git a/lib/show_mem.c b/lib/show_mem.c
151383 index 1feed6a..4ede1e9 100644
151384 --- a/lib/show_mem.c
151385 +++ b/lib/show_mem.c
151386 @@ -47,6 +47,6 @@ void show_mem(unsigned int filter)
151387 quicklist_total_size());
151388 #endif
151389 #ifdef CONFIG_MEMORY_FAILURE
151390 - printk("%lu pages hwpoisoned\n", atomic_long_read(&num_poisoned_pages));
151391 + printk("%lu pages hwpoisoned\n", atomic_long_read_unchecked(&num_poisoned_pages));
151392 #endif
151393 }
151394 diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c
151395 index 9c5fe81..00657ec 100644
151396 --- a/lib/strncpy_from_user.c
151397 +++ b/lib/strncpy_from_user.c
151398 @@ -23,7 +23,7 @@
151399 */
151400 static inline long do_strncpy_from_user(char *dst, const char __user *src, long count, unsigned long max)
151401 {
151402 - const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
151403 + static const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
151404 long res = 0;
151405
151406 /*
151407 diff --git a/lib/strnlen_user.c b/lib/strnlen_user.c
151408 index 8e105ed..eefbbf9 100644
151409 --- a/lib/strnlen_user.c
151410 +++ b/lib/strnlen_user.c
151411 @@ -26,7 +26,7 @@
151412 */
151413 static inline long do_strnlen_user(const char __user *src, unsigned long count, unsigned long max)
151414 {
151415 - const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
151416 + static const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
151417 long align, res = 0;
151418 unsigned long c;
151419
151420 diff --git a/lib/vsprintf.c b/lib/vsprintf.c
151421 index 0967771..2871684 100644
151422 --- a/lib/vsprintf.c
151423 +++ b/lib/vsprintf.c
151424 @@ -16,6 +16,9 @@
151425 * - scnprintf and vscnprintf
151426 */
151427
151428 +#ifdef CONFIG_GRKERNSEC_HIDESYM
151429 +#define __INCLUDED_BY_HIDESYM 1
151430 +#endif
151431 #include <stdarg.h>
151432 #include <linux/clk.h>
151433 #include <linux/clk-provider.h>
151434 @@ -118,7 +121,7 @@ long long simple_strtoll(const char *cp, char **endp, unsigned int base)
151435 }
151436 EXPORT_SYMBOL(simple_strtoll);
151437
151438 -static noinline_for_stack
151439 +static noinline_for_stack __nocapture(1) __unverified_nocapture(1)
151440 int skip_atoi(const char **s)
151441 {
151442 int i = 0;
151443 @@ -680,7 +683,7 @@ char *symbol_string(char *buf, char *end, void *ptr,
151444 #ifdef CONFIG_KALLSYMS
151445 if (*fmt == 'B')
151446 sprint_backtrace(sym, value);
151447 - else if (*fmt != 'f' && *fmt != 's')
151448 + else if (*fmt != 'f' && *fmt != 's' && *fmt != 'X')
151449 sprint_symbol(sym, value);
151450 else
151451 sprint_symbol_no_offset(sym, value);
151452 @@ -1470,7 +1473,11 @@ char *flags_string(char *buf, char *end, void *flags_ptr, const char *fmt)
151453 return format_flags(buf, end, flags, names);
151454 }
151455
151456 -int kptr_restrict __read_mostly;
151457 +#ifdef CONFIG_GRKERNSEC_HIDESYM
151458 +int kptr_restrict __read_only = 1;
151459 +#else
151460 +int kptr_restrict __read_only;
151461 +#endif
151462
151463 /*
151464 * Show a '%p' thing. A kernel extension is that the '%p' is followed
151465 @@ -1481,8 +1488,10 @@ int kptr_restrict __read_mostly;
151466 *
151467 * - 'F' For symbolic function descriptor pointers with offset
151468 * - 'f' For simple symbolic function names without offset
151469 + * - 'X' For simple symbolic function names without offset approved for use with GRKERNSEC_HIDESYM
151470 * - 'S' For symbolic direct pointers with offset
151471 * - 's' For symbolic direct pointers without offset
151472 + * - 'A' For symbolic direct pointers with offset approved for use with GRKERNSEC_HIDESYM
151473 * - '[FfSs]R' as above with __builtin_extract_return_addr() translation
151474 * - 'B' For backtraced symbolic direct pointers with offset
151475 * - 'R' For decoded struct resource, e.g., [mem 0x0-0x1f 64bit pref]
151476 @@ -1570,7 +1579,7 @@ int kptr_restrict __read_mostly;
151477 * function pointers are really function descriptors, which contain a
151478 * pointer to the real address.
151479 */
151480 -static noinline_for_stack
151481 +static noinline_for_stack __nocapture(1) __unverified_nocapture(1)
151482 char *pointer(const char *fmt, char *buf, char *end, void *ptr,
151483 struct printf_spec spec)
151484 {
151485 @@ -1578,12 +1587,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
151486
151487 if (!ptr && *fmt != 'K') {
151488 /*
151489 - * Print (null) with the same width as a pointer so it makes
151490 + * Print (nil) with the same width as a pointer so it makes
151491 * tabular output look nice.
151492 */
151493 if (spec.field_width == -1)
151494 spec.field_width = default_width;
151495 - return string(buf, end, "(null)", spec);
151496 + return string(buf, end, "(nil)", spec);
151497 }
151498
151499 switch (*fmt) {
151500 @@ -1593,6 +1602,14 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
151501 /* Fallthrough */
151502 case 'S':
151503 case 's':
151504 +#ifdef CONFIG_GRKERNSEC_HIDESYM
151505 + break;
151506 +#else
151507 + return symbol_string(buf, end, ptr, spec, fmt);
151508 +#endif
151509 + case 'X':
151510 + ptr = dereference_function_descriptor(ptr);
151511 + case 'A':
151512 case 'B':
151513 return symbol_string(buf, end, ptr, spec, fmt);
151514 case 'R':
151515 @@ -1657,6 +1674,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
151516 va_end(va);
151517 return buf;
151518 }
151519 + case 'P':
151520 + break;
151521 case 'K':
151522 switch (kptr_restrict) {
151523 case 0:
151524 @@ -1686,6 +1705,9 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
151525 */
151526 cred = current_cred();
151527 if (!has_capability_noaudit(current, CAP_SYSLOG) ||
151528 +#ifdef CONFIG_GRKERNSEC_HIDESYM
151529 + !has_capability_noaudit(current, CAP_SYS_ADMIN) ||
151530 +#endif
151531 !uid_eq(cred->euid, cred->uid) ||
151532 !gid_eq(cred->egid, cred->gid))
151533 ptr = NULL;
151534 @@ -1719,6 +1741,22 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
151535 case 'G':
151536 return flags_string(buf, end, ptr, fmt);
151537 }
151538 +
151539 +#ifdef CONFIG_GRKERNSEC_HIDESYM
151540 + /* 'P' = approved pointers to copy to userland,
151541 + as in the /proc/kallsyms case, as we make it display nothing
151542 + for non-root users, and the real contents for root users
151543 + 'X' = approved simple symbols
151544 + Also ignore 'K' pointers, since we force their NULLing for non-root users
151545 + above
151546 + */
151547 + if ((unsigned long)ptr > TASK_SIZE && *fmt != 'P' && *fmt != 'X' && *fmt != 'K' && is_usercopy_object(buf)) {
151548 + printk(KERN_ALERT "grsec: kernel infoleak detected! Please report this log to spender@grsecurity.net.\n");
151549 + dump_stack();
151550 + ptr = NULL;
151551 + }
151552 +#endif
151553 +
151554 spec.flags |= SMALL;
151555 if (spec.field_width == -1) {
151556 spec.field_width = default_width;
151557 @@ -1749,7 +1787,7 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
151558 * @precision: precision of a number
151559 * @qualifier: qualifier of a number (long, size_t, ...)
151560 */
151561 -static noinline_for_stack
151562 +static noinline_for_stack __nocapture(1)
151563 int format_decode(const char *fmt, struct printf_spec *spec)
151564 {
151565 const char *start = fmt;
151566 @@ -2419,11 +2457,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
151567 typeof(type) value; \
151568 if (sizeof(type) == 8) { \
151569 args = PTR_ALIGN(args, sizeof(u32)); \
151570 - *(u32 *)&value = *(u32 *)args; \
151571 - *((u32 *)&value + 1) = *(u32 *)(args + 4); \
151572 + *(u32 *)&value = *(const u32 *)args; \
151573 + *((u32 *)&value + 1) = *(const u32 *)(args + 4); \
151574 } else { \
151575 args = PTR_ALIGN(args, sizeof(type)); \
151576 - value = *(typeof(type) *)args; \
151577 + value = *(const typeof(type) *)args; \
151578 } \
151579 args += sizeof(type); \
151580 value; \
151581 @@ -2486,7 +2524,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
151582 case FORMAT_TYPE_STR: {
151583 const char *str_arg = args;
151584 args += strlen(str_arg) + 1;
151585 - str = string(str, end, (char *)str_arg, spec);
151586 + str = string(str, end, str_arg, spec);
151587 break;
151588 }
151589
151590 diff --git a/localversion-grsec b/localversion-grsec
151591 new file mode 100644
151592 index 0000000..7cd6065
151593 --- /dev/null
151594 +++ b/localversion-grsec
151595 @@ -0,0 +1 @@
151596 +-grsec
151597 diff --git a/mm/Kconfig b/mm/Kconfig
151598 index be0ee11..8e98a95 100644
151599 --- a/mm/Kconfig
151600 +++ b/mm/Kconfig
151601 @@ -342,10 +342,11 @@ config KSM
151602 root has set /sys/kernel/mm/ksm/run to 1 (if CONFIG_SYSFS is set).
151603
151604 config DEFAULT_MMAP_MIN_ADDR
151605 - int "Low address space to protect from user allocation"
151606 + int "Low address space to protect from user allocation"
151607 depends on MMU
151608 - default 4096
151609 - help
151610 + default 32768 if ALPHA || ARM || PARISC || SPARC32
151611 + default 65536
151612 + help
151613 This is the portion of low virtual memory which should be protected
151614 from userspace allocation. Keeping a user from writing to low pages
151615 can help reduce the impact of kernel NULL pointer bugs.
151616 @@ -377,8 +378,9 @@ config MEMORY_FAILURE
151617
151618 config HWPOISON_INJECT
151619 tristate "HWPoison pages injector"
151620 - depends on MEMORY_FAILURE && DEBUG_KERNEL && PROC_FS
151621 + depends on MEMORY_FAILURE && DEBUG_KERNEL && PROC_FS && !GRKERNSEC
151622 select PROC_PAGE_MONITOR
151623 + depends on !GRKERNSEC
151624
151625 config NOMMU_INITIAL_TRIM_EXCESS
151626 int "Turn on mmap() excess space trimming before booting"
151627 @@ -548,6 +550,7 @@ config MEM_SOFT_DIRTY
151628 bool "Track memory changes"
151629 depends on CHECKPOINT_RESTORE && HAVE_ARCH_SOFT_DIRTY && PROC_FS
151630 select PROC_PAGE_MONITOR
151631 + depends on !GRKERNSEC
151632 help
151633 This option enables memory changes tracking by introducing a
151634 soft-dirty bit on pte-s. This bit it set when someone writes
151635 @@ -632,6 +635,7 @@ config ZSMALLOC_STAT
151636 bool "Export zsmalloc statistics"
151637 depends on ZSMALLOC
151638 select DEBUG_FS
151639 + depends on !GRKERNSEC_KMEM
151640 help
151641 This option enables code in the zsmalloc to collect various
151642 statistics about whats happening in zsmalloc and exports that
151643 diff --git a/mm/Kconfig.debug b/mm/Kconfig.debug
151644 index 22f4cd9..ed3f097 100644
151645 --- a/mm/Kconfig.debug
151646 +++ b/mm/Kconfig.debug
151647 @@ -10,6 +10,7 @@ config PAGE_EXTENSION
151648 config DEBUG_PAGEALLOC
151649 bool "Debug page memory allocations"
151650 depends on DEBUG_KERNEL
151651 + depends on !PAX_MEMORY_SANITIZE
151652 depends on !HIBERNATION || ARCH_SUPPORTS_DEBUG_PAGEALLOC && !PPC && !SPARC
151653 depends on !KMEMCHECK
151654 select PAGE_EXTENSION
151655 @@ -76,8 +77,6 @@ config PAGE_POISONING_ZERO
151656 no longer necessary to write zeros when GFP_ZERO is used on
151657 allocation.
151658
151659 - Enabling page poisoning with this option will disable hibernation
151660 -
151661 If unsure, say N
151662 bool
151663
151664 diff --git a/mm/backing-dev.c b/mm/backing-dev.c
151665 index 8fde443..a8cc381 100644
151666 --- a/mm/backing-dev.c
151667 +++ b/mm/backing-dev.c
151668 @@ -12,7 +12,7 @@
151669 #include <linux/device.h>
151670 #include <trace/events/writeback.h>
151671
151672 -static atomic_long_t bdi_seq = ATOMIC_LONG_INIT(0);
151673 +static atomic_long_unchecked_t bdi_seq = ATOMIC_LONG_INIT(0);
151674
151675 struct backing_dev_info noop_backing_dev_info = {
151676 .name = "noop",
151677 @@ -898,7 +898,7 @@ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name)
151678 return err;
151679
151680 err = bdi_register(bdi, NULL, "%.28s-%ld", name,
151681 - atomic_long_inc_return(&bdi_seq));
151682 + atomic_long_inc_return_unchecked(&bdi_seq));
151683 if (err) {
151684 bdi_destroy(bdi);
151685 return err;
151686 diff --git a/mm/fadvise.c b/mm/fadvise.c
151687 index 6c707bf..c8d0529 100644
151688 --- a/mm/fadvise.c
151689 +++ b/mm/fadvise.c
151690 @@ -165,7 +165,7 @@ out:
151691
151692 #ifdef __ARCH_WANT_SYS_FADVISE64
151693
151694 -SYSCALL_DEFINE4(fadvise64, int, fd, loff_t, offset, size_t, len, int, advice)
151695 +SYSCALL_DEFINE4(fadvise64, int, fd, loff_t, offset, loff_t, len, int, advice)
151696 {
151697 return sys_fadvise64_64(fd, offset, len, advice);
151698 }
151699 diff --git a/mm/filemap.c b/mm/filemap.c
151700 index ced9ef6..e042a5b 100644
151701 --- a/mm/filemap.c
151702 +++ b/mm/filemap.c
151703 @@ -2334,7 +2334,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
151704 struct address_space *mapping = file->f_mapping;
151705
151706 if (!mapping->a_ops->readpage)
151707 - return -ENOEXEC;
151708 + return -ENODEV;
151709 file_accessed(file);
151710 vma->vm_ops = &generic_file_vm_ops;
151711 return 0;
151712 @@ -2377,7 +2377,7 @@ static struct page *wait_on_page_read(struct page *page)
151713
151714 static struct page *do_read_cache_page(struct address_space *mapping,
151715 pgoff_t index,
151716 - int (*filler)(void *, struct page *),
151717 + filler_t *filler,
151718 void *data,
151719 gfp_t gfp)
151720 {
151721 @@ -2484,7 +2484,7 @@ out:
151722 */
151723 struct page *read_cache_page(struct address_space *mapping,
151724 pgoff_t index,
151725 - int (*filler)(void *, struct page *),
151726 + filler_t *filler,
151727 void *data)
151728 {
151729 return do_read_cache_page(mapping, index, filler, data, mapping_gfp_mask(mapping));
151730 @@ -2506,7 +2506,7 @@ struct page *read_cache_page_gfp(struct address_space *mapping,
151731 pgoff_t index,
151732 gfp_t gfp)
151733 {
151734 - filler_t *filler = (filler_t *)mapping->a_ops->readpage;
151735 + filler_t *filler = mapping->a_ops->readpage;
151736
151737 return do_read_cache_page(mapping, index, filler, NULL, gfp);
151738 }
151739 @@ -2536,6 +2536,7 @@ inline ssize_t generic_write_checks(struct kiocb *iocb, struct iov_iter *from)
151740 pos = iocb->ki_pos;
151741
151742 if (limit != RLIM_INFINITY) {
151743 + gr_learn_resource(current, RLIMIT_FSIZE, iocb->ki_pos, 0);
151744 if (iocb->ki_pos >= limit) {
151745 send_sig(SIGXFSZ, current, 0);
151746 return -EFBIG;
151747 diff --git a/mm/gup.c b/mm/gup.c
151748 index 22cc22e..361d456 100644
151749 --- a/mm/gup.c
151750 +++ b/mm/gup.c
151751 @@ -370,11 +370,6 @@ static int faultin_page(struct task_struct *tsk, struct vm_area_struct *vma,
151752 /* mlock all present pages, but do not fault in new pages */
151753 if ((*flags & (FOLL_POPULATE | FOLL_MLOCK)) == FOLL_MLOCK)
151754 return -ENOENT;
151755 - /* For mm_populate(), just skip the stack guard page. */
151756 - if ((*flags & FOLL_POPULATE) &&
151757 - (stack_guard_page_start(vma, address) ||
151758 - stack_guard_page_end(vma, address + PAGE_SIZE)))
151759 - return -ENOENT;
151760 if (*flags & FOLL_WRITE)
151761 fault_flags |= FAULT_FLAG_WRITE;
151762 if (*flags & FOLL_REMOTE)
151763 @@ -548,14 +543,14 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
151764 if (!(gup_flags & FOLL_FORCE))
151765 gup_flags |= FOLL_NUMA;
151766
151767 - do {
151768 + while (nr_pages) {
151769 struct page *page;
151770 unsigned int foll_flags = gup_flags;
151771 unsigned int page_increm;
151772
151773 /* first iteration or cross vma bound */
151774 if (!vma || start >= vma->vm_end) {
151775 - vma = find_extend_vma(mm, start);
151776 + vma = find_vma(mm, start);
151777 if (!vma && in_gate_area(mm, start)) {
151778 int ret;
151779 ret = get_gate_page(mm, start & PAGE_MASK,
151780 @@ -567,7 +562,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
151781 goto next_page;
151782 }
151783
151784 - if (!vma || check_vma_flags(vma, gup_flags))
151785 + if (!vma || start < vma->vm_start || check_vma_flags(vma, gup_flags))
151786 return i ? : -EFAULT;
151787 if (is_vm_hugetlb_page(vma)) {
151788 i = follow_hugetlb_page(mm, vma, pages, vmas,
151789 @@ -628,7 +623,7 @@ next_page:
151790 i += page_increm;
151791 start += page_increm * PAGE_SIZE;
151792 nr_pages -= page_increm;
151793 - } while (nr_pages);
151794 + }
151795 return i;
151796 }
151797 EXPORT_SYMBOL(__get_user_pages);
151798 diff --git a/mm/highmem.c b/mm/highmem.c
151799 index 50b4ca6..cf64608 100644
151800 --- a/mm/highmem.c
151801 +++ b/mm/highmem.c
151802 @@ -191,8 +191,9 @@ static void flush_all_zero_pkmaps(void)
151803 * So no dangers, even with speculative execution.
151804 */
151805 page = pte_page(pkmap_page_table[i]);
151806 + pax_open_kernel();
151807 pte_clear(&init_mm, PKMAP_ADDR(i), &pkmap_page_table[i]);
151808 -
151809 + pax_close_kernel();
151810 set_page_address(page, NULL);
151811 need_flush = 1;
151812 }
151813 @@ -255,8 +256,11 @@ start:
151814 }
151815 }
151816 vaddr = PKMAP_ADDR(last_pkmap_nr);
151817 +
151818 + pax_open_kernel();
151819 set_pte_at(&init_mm, vaddr,
151820 &(pkmap_page_table[last_pkmap_nr]), mk_pte(page, kmap_prot));
151821 + pax_close_kernel();
151822
151823 pkmap_count[last_pkmap_nr] = 1;
151824 set_page_address(page, (void *)vaddr);
151825 diff --git a/mm/hugetlb.c b/mm/hugetlb.c
151826 index 770d83e..7cd013a 100644
151827 --- a/mm/hugetlb.c
151828 +++ b/mm/hugetlb.c
151829 @@ -38,7 +38,72 @@ int hugepages_treat_as_movable;
151830
151831 int hugetlb_max_hstate __read_mostly;
151832 unsigned int default_hstate_idx;
151833 -struct hstate hstates[HUGE_MAX_HSTATE];
151834 +
151835 +#ifdef CONFIG_CGROUP_HUGETLB
151836 +static struct cftype hugetlb_files[HUGE_MAX_HSTATE][5] = {
151837 +# define MEMFILE_PRIVATE(x, val) (((x) << 16) | (val))
151838 +# define CFTYPE_INIT(idx) \
151839 + { /* Add the limit file */ \
151840 + [0] = { .private = MEMFILE_PRIVATE(idx, RES_LIMIT), \
151841 + .read_u64 = hugetlb_cgroup_read_u64, \
151842 + .write = hugetlb_cgroup_write, }, \
151843 + /* Add the usage file */ \
151844 + [1] = { .private = MEMFILE_PRIVATE(idx, RES_USAGE), \
151845 + .read_u64 = hugetlb_cgroup_read_u64, }, \
151846 + /* Add the MAX usage file */ \
151847 + [2] = { .private = MEMFILE_PRIVATE(idx, RES_MAX_USAGE), \
151848 + .write = hugetlb_cgroup_reset, \
151849 + .read_u64 = hugetlb_cgroup_read_u64, }, \
151850 + /* Add the failcntfile */ \
151851 + [3] = { .private = MEMFILE_PRIVATE(idx, RES_FAILCNT), \
151852 + .write = hugetlb_cgroup_reset, \
151853 + .read_u64 = hugetlb_cgroup_read_u64, }, \
151854 + [4] = { /* NULL terminator */ }, \
151855 + }
151856 +
151857 +# if HUGE_MAX_HSTATE > 0
151858 + [0] = CFTYPE_INIT(0),
151859 +# endif
151860 +# if HUGE_MAX_HSTATE > 1
151861 + [1] = CFTYPE_INIT(1),
151862 +# endif
151863 +# if HUGE_MAX_HSTATE > 2
151864 + [2] = CFTYPE_INIT(2),
151865 +# endif
151866 +# if HUGE_MAX_HSTATE > 3
151867 + [3] = CFTYPE_INIT(3),
151868 +# endif
151869 +# if HUGE_MAX_HSTATE > 4
151870 +# error PaX: add more initializers...
151871 +# endif
151872 +
151873 +# undef CFTYPE_INIT
151874 +};
151875 +#endif
151876 +
151877 +struct hstate hstates[HUGE_MAX_HSTATE] = {
151878 +#ifdef CONFIG_CGROUP_HUGETLB
151879 +# define HSTATE_INIT(idx) [idx] = { .cgroup_files = &hugetlb_files[idx] }
151880 +
151881 +# if HUGE_MAX_HSTATE > 0
151882 + HSTATE_INIT(0),
151883 +# endif
151884 +# if HUGE_MAX_HSTATE > 1
151885 + HSTATE_INIT(1),
151886 +# endif
151887 +# if HUGE_MAX_HSTATE > 2
151888 + HSTATE_INIT(2),
151889 +# endif
151890 +# if HUGE_MAX_HSTATE > 3
151891 + HSTATE_INIT(3),
151892 +# endif
151893 +# if HUGE_MAX_HSTATE > 4
151894 +# error PaX: add more initializers...
151895 +# endif
151896 +
151897 +# undef HSTATE_INIT
151898 +#endif
151899 +};
151900 /*
151901 * Minimum page order among possible hugepage sizes, set to a proper value
151902 * at boot time.
151903 @@ -2830,6 +2895,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
151904 struct ctl_table *table, int write,
151905 void __user *buffer, size_t *length, loff_t *ppos)
151906 {
151907 + ctl_table_no_const t;
151908 struct hstate *h = &default_hstate;
151909 unsigned long tmp = h->max_huge_pages;
151910 int ret;
151911 @@ -2837,9 +2903,10 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
151912 if (!hugepages_supported())
151913 return -EOPNOTSUPP;
151914
151915 - table->data = &tmp;
151916 - table->maxlen = sizeof(unsigned long);
151917 - ret = proc_doulongvec_minmax(table, write, buffer, length, ppos);
151918 + t = *table;
151919 + t.data = &tmp;
151920 + t.maxlen = sizeof(unsigned long);
151921 + ret = proc_doulongvec_minmax(&t, write, buffer, length, ppos);
151922 if (ret)
151923 goto out;
151924
151925 @@ -2874,6 +2941,7 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write,
151926 struct hstate *h = &default_hstate;
151927 unsigned long tmp;
151928 int ret;
151929 + ctl_table_no_const hugetlb_table;
151930
151931 if (!hugepages_supported())
151932 return -EOPNOTSUPP;
151933 @@ -2883,9 +2951,10 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write,
151934 if (write && hstate_is_gigantic(h))
151935 return -EINVAL;
151936
151937 - table->data = &tmp;
151938 - table->maxlen = sizeof(unsigned long);
151939 - ret = proc_doulongvec_minmax(table, write, buffer, length, ppos);
151940 + hugetlb_table = *table;
151941 + hugetlb_table.data = &tmp;
151942 + hugetlb_table.maxlen = sizeof(unsigned long);
151943 + ret = proc_doulongvec_minmax(&hugetlb_table, write, buffer, length, ppos);
151944 if (ret)
151945 goto out;
151946
151947 @@ -3379,6 +3448,27 @@ static void unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
151948 i_mmap_unlock_write(mapping);
151949 }
151950
151951 +#ifdef CONFIG_PAX_SEGMEXEC
151952 +static void pax_mirror_huge_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m)
151953 +{
151954 + struct mm_struct *mm = vma->vm_mm;
151955 + struct vm_area_struct *vma_m;
151956 + unsigned long address_m;
151957 + pte_t *ptep_m;
151958 +
151959 + vma_m = pax_find_mirror_vma(vma);
151960 + if (!vma_m)
151961 + return;
151962 +
151963 + BUG_ON(address >= SEGMEXEC_TASK_SIZE);
151964 + address_m = address + SEGMEXEC_TASK_SIZE;
151965 + ptep_m = huge_pte_offset(mm, address_m & HPAGE_MASK);
151966 + get_page(page_m);
151967 + hugepage_add_anon_rmap(page_m, vma_m, address_m);
151968 + set_huge_pte_at(mm, address_m, ptep_m, make_huge_pte(vma_m, page_m, 0));
151969 +}
151970 +#endif
151971 +
151972 /*
151973 * Hugetlb_cow() should be called with page lock of the original hugepage held.
151974 * Called with hugetlb_instantiation_mutex held and pte_page locked so we
151975 @@ -3492,6 +3582,11 @@ retry_avoidcopy:
151976 make_huge_pte(vma, new_page, 1));
151977 page_remove_rmap(old_page, true);
151978 hugepage_add_new_anon_rmap(new_page, vma, address);
151979 +
151980 +#ifdef CONFIG_PAX_SEGMEXEC
151981 + pax_mirror_huge_pte(vma, address, new_page);
151982 +#endif
151983 +
151984 /* Make the old page be freed below */
151985 new_page = old_page;
151986 }
151987 @@ -3665,6 +3760,10 @@ retry:
151988 && (vma->vm_flags & VM_SHARED)));
151989 set_huge_pte_at(mm, address, ptep, new_pte);
151990
151991 +#ifdef CONFIG_PAX_SEGMEXEC
151992 + pax_mirror_huge_pte(vma, address, page);
151993 +#endif
151994 +
151995 hugetlb_count_add(pages_per_huge_page(h), mm);
151996 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
151997 /* Optimization, do the COW without a second fault */
151998 @@ -3733,6 +3832,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
151999 struct address_space *mapping;
152000 int need_wait_lock = 0;
152001
152002 +#ifdef CONFIG_PAX_SEGMEXEC
152003 + struct vm_area_struct *vma_m;
152004 +#endif
152005 +
152006 address &= huge_page_mask(h);
152007
152008 ptep = huge_pte_offset(mm, address);
152009 @@ -3750,6 +3853,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
152010 return VM_FAULT_OOM;
152011 }
152012
152013 +#ifdef CONFIG_PAX_SEGMEXEC
152014 + vma_m = pax_find_mirror_vma(vma);
152015 + if (vma_m) {
152016 + unsigned long address_m;
152017 +
152018 + if (vma->vm_start > vma_m->vm_start) {
152019 + address_m = address;
152020 + address -= SEGMEXEC_TASK_SIZE;
152021 + vma = vma_m;
152022 + h = hstate_vma(vma);
152023 + } else
152024 + address_m = address + SEGMEXEC_TASK_SIZE;
152025 +
152026 + if (!huge_pte_alloc(mm, address_m, huge_page_size(h)))
152027 + return VM_FAULT_OOM;
152028 + address_m &= HPAGE_MASK;
152029 + unmap_hugepage_range(vma, address_m, address_m + HPAGE_SIZE, NULL);
152030 + }
152031 +#endif
152032 +
152033 mapping = vma->vm_file->f_mapping;
152034 idx = vma_hugecache_offset(h, vma, address);
152035
152036 diff --git a/mm/hugetlb_cgroup.c b/mm/hugetlb_cgroup.c
152037 index eec1150..af03e3e 100644
152038 --- a/mm/hugetlb_cgroup.c
152039 +++ b/mm/hugetlb_cgroup.c
152040 @@ -27,7 +27,6 @@ struct hugetlb_cgroup {
152041 struct page_counter hugepage[HUGE_MAX_HSTATE];
152042 };
152043
152044 -#define MEMFILE_PRIVATE(x, val) (((x) << 16) | (val))
152045 #define MEMFILE_IDX(val) (((val) >> 16) & 0xffff)
152046 #define MEMFILE_ATTR(val) ((val) & 0xffff)
152047
152048 @@ -254,14 +253,7 @@ void hugetlb_cgroup_uncharge_cgroup(int idx, unsigned long nr_pages,
152049 return;
152050 }
152051
152052 -enum {
152053 - RES_USAGE,
152054 - RES_LIMIT,
152055 - RES_MAX_USAGE,
152056 - RES_FAILCNT,
152057 -};
152058 -
152059 -static u64 hugetlb_cgroup_read_u64(struct cgroup_subsys_state *css,
152060 +u64 hugetlb_cgroup_read_u64(struct cgroup_subsys_state *css,
152061 struct cftype *cft)
152062 {
152063 struct page_counter *counter;
152064 @@ -285,7 +277,7 @@ static u64 hugetlb_cgroup_read_u64(struct cgroup_subsys_state *css,
152065
152066 static DEFINE_MUTEX(hugetlb_limit_mutex);
152067
152068 -static ssize_t hugetlb_cgroup_write(struct kernfs_open_file *of,
152069 +ssize_t hugetlb_cgroup_write(struct kernfs_open_file *of,
152070 char *buf, size_t nbytes, loff_t off)
152071 {
152072 int ret, idx;
152073 @@ -316,7 +308,7 @@ static ssize_t hugetlb_cgroup_write(struct kernfs_open_file *of,
152074 return ret ?: nbytes;
152075 }
152076
152077 -static ssize_t hugetlb_cgroup_reset(struct kernfs_open_file *of,
152078 +ssize_t hugetlb_cgroup_reset(struct kernfs_open_file *of,
152079 char *buf, size_t nbytes, loff_t off)
152080 {
152081 int ret = 0;
152082 @@ -352,46 +344,26 @@ static char *mem_fmt(char *buf, int size, unsigned long hsize)
152083
152084 static void __init __hugetlb_cgroup_file_init(int idx)
152085 {
152086 + char names[4][MAX_CFTYPE_NAME];
152087 char buf[32];
152088 - struct cftype *cft;
152089 struct hstate *h = &hstates[idx];
152090
152091 /* format the size */
152092 mem_fmt(buf, 32, huge_page_size(h));
152093 -
152094 - /* Add the limit file */
152095 - cft = &h->cgroup_files[0];
152096 - snprintf(cft->name, MAX_CFTYPE_NAME, "%s.limit_in_bytes", buf);
152097 - cft->private = MEMFILE_PRIVATE(idx, RES_LIMIT);
152098 - cft->read_u64 = hugetlb_cgroup_read_u64;
152099 - cft->write = hugetlb_cgroup_write;
152100 -
152101 - /* Add the usage file */
152102 - cft = &h->cgroup_files[1];
152103 - snprintf(cft->name, MAX_CFTYPE_NAME, "%s.usage_in_bytes", buf);
152104 - cft->private = MEMFILE_PRIVATE(idx, RES_USAGE);
152105 - cft->read_u64 = hugetlb_cgroup_read_u64;
152106 -
152107 - /* Add the MAX usage file */
152108 - cft = &h->cgroup_files[2];
152109 - snprintf(cft->name, MAX_CFTYPE_NAME, "%s.max_usage_in_bytes", buf);
152110 - cft->private = MEMFILE_PRIVATE(idx, RES_MAX_USAGE);
152111 - cft->write = hugetlb_cgroup_reset;
152112 - cft->read_u64 = hugetlb_cgroup_read_u64;
152113 -
152114 - /* Add the failcntfile */
152115 - cft = &h->cgroup_files[3];
152116 - snprintf(cft->name, MAX_CFTYPE_NAME, "%s.failcnt", buf);
152117 - cft->private = MEMFILE_PRIVATE(idx, RES_FAILCNT);
152118 - cft->write = hugetlb_cgroup_reset;
152119 - cft->read_u64 = hugetlb_cgroup_read_u64;
152120 -
152121 - /* NULL terminate the last cft */
152122 - cft = &h->cgroup_files[4];
152123 - memset(cft, 0, sizeof(*cft));
152124 + snprintf(names[0], MAX_CFTYPE_NAME, "%s.limit_in_bytes", buf);
152125 + snprintf(names[1], MAX_CFTYPE_NAME, "%s.usage_in_bytes", buf);
152126 + snprintf(names[2], MAX_CFTYPE_NAME, "%s.max_usage_in_bytes", buf);
152127 + snprintf(names[3], MAX_CFTYPE_NAME, "%s.failcnt", buf);
152128 +
152129 + pax_open_kernel();
152130 + strncpy((void *)(*h->cgroup_files)[0].name, names[0], MAX_CFTYPE_NAME);
152131 + strncpy((void *)(*h->cgroup_files)[1].name, names[1], MAX_CFTYPE_NAME);
152132 + strncpy((void *)(*h->cgroup_files)[2].name, names[2], MAX_CFTYPE_NAME);
152133 + strncpy((void *)(*h->cgroup_files)[3].name, names[3], MAX_CFTYPE_NAME);
152134 + pax_close_kernel();
152135
152136 WARN_ON(cgroup_add_legacy_cftypes(&hugetlb_cgrp_subsys,
152137 - h->cgroup_files));
152138 + *h->cgroup_files));
152139 }
152140
152141 void __init hugetlb_cgroup_file_init(void)
152142 diff --git a/mm/internal.h b/mm/internal.h
152143 index 1501304..e026d61 100644
152144 --- a/mm/internal.h
152145 +++ b/mm/internal.h
152146 @@ -151,6 +151,7 @@ static inline struct page *pageblock_pfn_to_page(unsigned long start_pfn,
152147 extern int __isolate_free_page(struct page *page, unsigned int order);
152148 extern void __free_pages_bootmem(struct page *page, unsigned long pfn,
152149 unsigned int order);
152150 +extern void free_compound_page(struct page *page);
152151 extern void prep_compound_page(struct page *page, unsigned int order);
152152 extern void post_alloc_hook(struct page *page, unsigned int order,
152153 gfp_t gfp_flags);
152154 @@ -251,7 +252,7 @@ static inline bool is_exec_mapping(vm_flags_t flags)
152155 */
152156 static inline bool is_stack_mapping(vm_flags_t flags)
152157 {
152158 - return (flags & VM_STACK) == VM_STACK;
152159 + return flags & (VM_GROWSUP | VM_GROWSDOWN);
152160 }
152161
152162 /*
152163 diff --git a/mm/kmemleak.c b/mm/kmemleak.c
152164 index 086292f..702caa3 100644
152165 --- a/mm/kmemleak.c
152166 +++ b/mm/kmemleak.c
152167 @@ -367,7 +367,7 @@ static void print_unreferenced(struct seq_file *seq,
152168
152169 for (i = 0; i < object->trace_len; i++) {
152170 void *ptr = (void *)object->trace[i];
152171 - seq_printf(seq, " [<%p>] %pS\n", ptr, ptr);
152172 + seq_printf(seq, " [<%pP>] %pA\n", ptr, ptr);
152173 }
152174 }
152175
152176 @@ -1959,7 +1959,7 @@ static int __init kmemleak_late_init(void)
152177 return -ENOMEM;
152178 }
152179
152180 - dentry = debugfs_create_file("kmemleak", S_IRUGO, NULL, NULL,
152181 + dentry = debugfs_create_file("kmemleak", S_IRUSR, NULL, NULL,
152182 &kmemleak_fops);
152183 if (!dentry)
152184 pr_warn("Failed to create the debugfs kmemleak file\n");
152185 diff --git a/mm/maccess.c b/mm/maccess.c
152186 index 78f9274..5d8c2e02 100644
152187 --- a/mm/maccess.c
152188 +++ b/mm/maccess.c
152189 @@ -28,12 +28,12 @@ long __probe_kernel_read(void *dst, const void *src, size_t size)
152190 long ret;
152191 mm_segment_t old_fs = get_fs();
152192
152193 - set_fs(KERNEL_DS);
152194 pagefault_disable();
152195 + set_fs(KERNEL_DS);
152196 ret = __copy_from_user_inatomic(dst,
152197 - (__force const void __user *)src, size);
152198 - pagefault_enable();
152199 + (const void __force_user *)src, size);
152200 set_fs(old_fs);
152201 + pagefault_enable();
152202
152203 return ret ? -EFAULT : 0;
152204 }
152205 @@ -56,11 +56,11 @@ long __probe_kernel_write(void *dst, const void *src, size_t size)
152206 long ret;
152207 mm_segment_t old_fs = get_fs();
152208
152209 - set_fs(KERNEL_DS);
152210 pagefault_disable();
152211 - ret = __copy_to_user_inatomic((__force void __user *)dst, src, size);
152212 - pagefault_enable();
152213 + set_fs(KERNEL_DS);
152214 + ret = __copy_to_user_inatomic((void __force_user *)dst, src, size);
152215 set_fs(old_fs);
152216 + pagefault_enable();
152217
152218 return ret ? -EFAULT : 0;
152219 }
152220 diff --git a/mm/madvise.c b/mm/madvise.c
152221 index 93fb63e..0aa6448 100644
152222 --- a/mm/madvise.c
152223 +++ b/mm/madvise.c
152224 @@ -56,6 +56,10 @@ static long madvise_behavior(struct vm_area_struct *vma,
152225 pgoff_t pgoff;
152226 unsigned long new_flags = vma->vm_flags;
152227
152228 +#ifdef CONFIG_PAX_SEGMEXEC
152229 + struct vm_area_struct *vma_m;
152230 +#endif
152231 +
152232 switch (behavior) {
152233 case MADV_NORMAL:
152234 new_flags = new_flags & ~VM_RAND_READ & ~VM_SEQ_READ;
152235 @@ -132,6 +136,13 @@ success:
152236 /*
152237 * vm_flags is protected by the mmap_sem held in write mode.
152238 */
152239 +
152240 +#ifdef CONFIG_PAX_SEGMEXEC
152241 + vma_m = pax_find_mirror_vma(vma);
152242 + if (vma_m)
152243 + vma_m->vm_flags = new_flags & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT);
152244 +#endif
152245 +
152246 vma->vm_flags = new_flags;
152247
152248 out:
152249 @@ -471,11 +482,27 @@ static long madvise_dontneed(struct vm_area_struct *vma,
152250 struct vm_area_struct **prev,
152251 unsigned long start, unsigned long end)
152252 {
152253 +
152254 +#ifdef CONFIG_PAX_SEGMEXEC
152255 + struct vm_area_struct *vma_m;
152256 +#endif
152257 +
152258 *prev = vma;
152259 if (vma->vm_flags & (VM_LOCKED|VM_HUGETLB|VM_PFNMAP))
152260 return -EINVAL;
152261
152262 zap_page_range(vma, start, end - start, NULL);
152263 +
152264 +#ifdef CONFIG_PAX_SEGMEXEC
152265 + vma_m = pax_find_mirror_vma(vma);
152266 + if (vma_m) {
152267 + if (vma_m->vm_flags & (VM_LOCKED|VM_HUGETLB|VM_PFNMAP))
152268 + return -EINVAL;
152269 +
152270 + zap_page_range(vma_m, start + SEGMEXEC_TASK_SIZE, end - start, NULL);
152271 + }
152272 +#endif
152273 +
152274 return 0;
152275 }
152276
152277 @@ -702,6 +729,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior)
152278 if (end < start)
152279 return error;
152280
152281 +#ifdef CONFIG_PAX_SEGMEXEC
152282 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
152283 + if (end > SEGMEXEC_TASK_SIZE)
152284 + return error;
152285 + } else
152286 +#endif
152287 +
152288 + if (end > TASK_SIZE)
152289 + return error;
152290 +
152291 error = 0;
152292 if (end == start)
152293 return error;
152294 diff --git a/mm/memcontrol.c b/mm/memcontrol.c
152295 index 4be518d..450a2ae 100644
152296 --- a/mm/memcontrol.c
152297 +++ b/mm/memcontrol.c
152298 @@ -702,7 +702,7 @@ static void memcg_check_events(struct mem_cgroup *memcg, struct page *page)
152299 mem_cgroup_update_tree(memcg, page);
152300 #if MAX_NUMNODES > 1
152301 if (unlikely(do_numainfo))
152302 - atomic_inc(&memcg->numainfo_events);
152303 + atomic64_inc(&memcg->numainfo_events);
152304 #endif
152305 }
152306 }
152307 @@ -1318,7 +1318,7 @@ static void mem_cgroup_may_update_nodemask(struct mem_cgroup *memcg)
152308 * numainfo_events > 0 means there was at least NUMAINFO_EVENTS_TARGET
152309 * pagein/pageout changes since the last update.
152310 */
152311 - if (!atomic_read(&memcg->numainfo_events))
152312 + if (!atomic64_read(&memcg->numainfo_events))
152313 return;
152314 if (atomic_inc_return(&memcg->numainfo_updating) > 1)
152315 return;
152316 @@ -1332,7 +1332,7 @@ static void mem_cgroup_may_update_nodemask(struct mem_cgroup *memcg)
152317 node_clear(nid, memcg->scan_nodes);
152318 }
152319
152320 - atomic_set(&memcg->numainfo_events, 0);
152321 + atomic64_set(&memcg->numainfo_events, 0);
152322 atomic_set(&memcg->numainfo_updating, 0);
152323 }
152324
152325 diff --git a/mm/memory-failure.c b/mm/memory-failure.c
152326 index de88f33..f9d9816 100644
152327 --- a/mm/memory-failure.c
152328 +++ b/mm/memory-failure.c
152329 @@ -64,7 +64,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
152330
152331 int sysctl_memory_failure_recovery __read_mostly = 1;
152332
152333 -atomic_long_t num_poisoned_pages __read_mostly = ATOMIC_LONG_INIT(0);
152334 +atomic_long_unchecked_t num_poisoned_pages __read_mostly = ATOMIC_LONG_INIT(0);
152335
152336 #if defined(CONFIG_HWPOISON_INJECT) || defined(CONFIG_HWPOISON_INJECT_MODULE)
152337
152338 @@ -188,7 +188,7 @@ static int kill_proc(struct task_struct *t, unsigned long addr, int trapno,
152339 pfn, t->comm, t->pid);
152340 si.si_signo = SIGBUS;
152341 si.si_errno = 0;
152342 - si.si_addr = (void *)addr;
152343 + si.si_addr = (void __user *)addr;
152344 #ifdef __ARCH_SI_TRAPNO
152345 si.si_trapno = trapno;
152346 #endif
152347 @@ -779,7 +779,7 @@ static struct page_state {
152348 unsigned long res;
152349 enum mf_action_page_type type;
152350 int (*action)(struct page *p, unsigned long pfn);
152351 -} error_states[] = {
152352 +} __do_const error_states[] = {
152353 { reserved, reserved, MF_MSG_KERNEL, me_kernel },
152354 /*
152355 * free pages are specially detected outside this table:
152356 diff --git a/mm/memory.c b/mm/memory.c
152357 index 793fe0f..6e94a87 100644
152358 --- a/mm/memory.c
152359 +++ b/mm/memory.c
152360 @@ -427,6 +427,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
152361 free_pte_range(tlb, pmd, addr);
152362 } while (pmd++, addr = next, addr != end);
152363
152364 +#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_PER_CPU_PGD)
152365 start &= PUD_MASK;
152366 if (start < floor)
152367 return;
152368 @@ -442,6 +443,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
152369 pud_clear(pud);
152370 pmd_free_tlb(tlb, pmd, start);
152371 mm_dec_nr_pmds(tlb->mm);
152372 +#endif
152373 }
152374
152375 static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
152376 @@ -461,6 +463,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
152377 free_pmd_range(tlb, pud, addr, next, floor, ceiling);
152378 } while (pud++, addr = next, addr != end);
152379
152380 +#if !defined(CONFIG_X86_64) || !defined(CONFIG_PAX_PER_CPU_PGD)
152381 start &= PGDIR_MASK;
152382 if (start < floor)
152383 return;
152384 @@ -475,6 +478,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
152385 pud = pud_offset(pgd, start);
152386 pgd_clear(pgd);
152387 pud_free_tlb(tlb, pud, start);
152388 +#endif
152389 +
152390 }
152391
152392 /*
152393 @@ -693,7 +698,7 @@ static void print_bad_pte(struct vm_area_struct *vma, unsigned long addr,
152394 /*
152395 * Choose text because data symbols depend on CONFIG_KALLSYMS_ALL=y
152396 */
152397 - pr_alert("file:%pD fault:%pf mmap:%pf readpage:%pf\n",
152398 + pr_alert("file:%pD fault:%pX mmap:%pX readpage:%pX\n",
152399 vma->vm_file,
152400 vma->vm_ops ? vma->vm_ops->fault : NULL,
152401 vma->vm_file ? vma->vm_file->f_op->mmap : NULL,
152402 @@ -1464,6 +1469,10 @@ pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr,
152403 return NULL;
152404 }
152405
152406 +#ifdef CONFIG_PAX_SEGMEXEC
152407 +static void pax_mirror_file_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl);
152408 +#endif
152409 +
152410 /*
152411 * This is the old fallback for page remapping.
152412 *
152413 @@ -1497,6 +1506,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
152414 page_add_file_rmap(page, false);
152415 set_pte_at(mm, addr, pte, mk_pte(page, prot));
152416
152417 +#ifdef CONFIG_PAX_SEGMEXEC
152418 + pax_mirror_file_pte(vma, addr, page, ptl);
152419 +#endif
152420 +
152421 retval = 0;
152422 pte_unmap_unlock(pte, ptl);
152423 return retval;
152424 @@ -1541,9 +1554,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
152425 if (!page_count(page))
152426 return -EINVAL;
152427 if (!(vma->vm_flags & VM_MIXEDMAP)) {
152428 +
152429 +#ifdef CONFIG_PAX_SEGMEXEC
152430 + struct vm_area_struct *vma_m;
152431 +#endif
152432 +
152433 BUG_ON(down_read_trylock(&vma->vm_mm->mmap_sem));
152434 BUG_ON(vma->vm_flags & VM_PFNMAP);
152435 vma->vm_flags |= VM_MIXEDMAP;
152436 +
152437 +#ifdef CONFIG_PAX_SEGMEXEC
152438 + vma_m = pax_find_mirror_vma(vma);
152439 + if (vma_m)
152440 + vma_m->vm_flags |= VM_MIXEDMAP;
152441 +#endif
152442 +
152443 }
152444 return insert_page(vma, addr, page, vma->vm_page_prot);
152445 }
152446 @@ -1650,6 +1675,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
152447 pfn_t pfn)
152448 {
152449 BUG_ON(!(vma->vm_flags & VM_MIXEDMAP));
152450 + BUG_ON(vma->vm_mirror);
152451
152452 if (addr < vma->vm_start || addr >= vma->vm_end)
152453 return -EFAULT;
152454 @@ -1903,7 +1929,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
152455
152456 BUG_ON(pud_huge(*pud));
152457
152458 - pmd = pmd_alloc(mm, pud, addr);
152459 + pmd = (mm == &init_mm) ?
152460 + pmd_alloc_kernel(mm, pud, addr) :
152461 + pmd_alloc(mm, pud, addr);
152462 if (!pmd)
152463 return -ENOMEM;
152464 do {
152465 @@ -1923,7 +1951,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
152466 unsigned long next;
152467 int err;
152468
152469 - pud = pud_alloc(mm, pgd, addr);
152470 + pud = (mm == &init_mm) ?
152471 + pud_alloc_kernel(mm, pgd, addr) :
152472 + pud_alloc(mm, pgd, addr);
152473 if (!pud)
152474 return -ENOMEM;
152475 do {
152476 @@ -2119,6 +2149,185 @@ static inline int wp_page_reuse(struct fault_env *fe, pte_t orig_pte,
152477 return VM_FAULT_WRITE;
152478 }
152479
152480 +#ifdef CONFIG_PAX_SEGMEXEC
152481 +static void pax_unmap_mirror_pte(struct vm_area_struct *vma, unsigned long address, pmd_t *pmd)
152482 +{
152483 + struct mm_struct *mm = vma->vm_mm;
152484 + spinlock_t *ptl;
152485 + pte_t *pte, entry;
152486 +
152487 + pte = pte_offset_map_lock(mm, pmd, address, &ptl);
152488 + entry = *pte;
152489 + if (pte_none(entry))
152490 + ;
152491 + else if (!pte_present(entry)) {
152492 + swp_entry_t swapentry;
152493 +
152494 + swapentry = pte_to_swp_entry(entry);
152495 + if (!non_swap_entry(swapentry))
152496 + dec_mm_counter_fast(mm, MM_SWAPENTS);
152497 + else if (is_migration_entry(swapentry))
152498 + dec_mm_counter_fast(mm, mm_counter(migration_entry_to_page(swapentry)));
152499 + free_swap_and_cache(swapentry);
152500 + pte_clear_not_present_full(mm, address, pte, 0);
152501 + } else {
152502 + struct page *page;
152503 +
152504 + flush_cache_page(vma, address, pte_pfn(entry));
152505 + entry = ptep_clear_flush(vma, address, pte);
152506 + BUG_ON(pte_dirty(entry));
152507 + page = vm_normal_page(vma, address, entry);
152508 + if (page) {
152509 + update_hiwater_rss(mm);
152510 + dec_mm_counter_fast(mm, mm_counter(page));
152511 + page_remove_rmap(page, false);
152512 + put_page(page);
152513 + }
152514 + }
152515 + pte_unmap_unlock(pte, ptl);
152516 +}
152517 +
152518 +/* PaX: if vma is mirrored, synchronize the mirror's PTE
152519 + *
152520 + * the ptl of the lower mapped page is held on entry and is not released on exit
152521 + * or inside to ensure atomic changes to the PTE states (swapout, mremap, munmap, etc)
152522 + */
152523 +static bool pax_mirror_anon_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl)
152524 +{
152525 + struct mm_struct *mm = vma->vm_mm;
152526 + unsigned long address_m;
152527 + spinlock_t *ptl_m;
152528 + struct vm_area_struct *vma_m;
152529 + pmd_t *pmd_m;
152530 + pte_t *pte_m, entry_m;
152531 +
152532 + BUG_ON(!page_m || !PageAnon(page_m));
152533 +
152534 + vma_m = pax_find_mirror_vma(vma);
152535 + if (!vma_m)
152536 + return false;
152537 +
152538 + BUG_ON(!PageLocked(page_m));
152539 + BUG_ON(address >= SEGMEXEC_TASK_SIZE);
152540 + address_m = address + SEGMEXEC_TASK_SIZE;
152541 + pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m);
152542 + pte_m = pte_offset_map(pmd_m, address_m);
152543 + ptl_m = pte_lockptr(mm, pmd_m);
152544 + if (ptl != ptl_m) {
152545 + spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING);
152546 + if (!pte_none(*pte_m))
152547 + goto out;
152548 + }
152549 +
152550 + entry_m = pfn_pte(page_to_pfn(page_m), vma_m->vm_page_prot);
152551 + get_page(page_m);
152552 + page_add_anon_rmap(page_m, vma_m, address_m, false);
152553 + inc_mm_counter_fast(mm, MM_ANONPAGES);
152554 + set_pte_at(mm, address_m, pte_m, entry_m);
152555 + update_mmu_cache(vma_m, address_m, pte_m);
152556 +out:
152557 + if (ptl != ptl_m)
152558 + spin_unlock(ptl_m);
152559 + pte_unmap(pte_m);
152560 + return true;
152561 +}
152562 +
152563 +static void pax_mirror_file_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl)
152564 +{
152565 + struct mm_struct *mm = vma->vm_mm;
152566 + unsigned long address_m;
152567 + spinlock_t *ptl_m;
152568 + struct vm_area_struct *vma_m;
152569 + pmd_t *pmd_m;
152570 + pte_t *pte_m, entry_m;
152571 +
152572 + BUG_ON(!page_m || PageAnon(page_m));
152573 +
152574 + vma_m = pax_find_mirror_vma(vma);
152575 + if (!vma_m)
152576 + return;
152577 +
152578 + BUG_ON(address >= SEGMEXEC_TASK_SIZE);
152579 + address_m = address + SEGMEXEC_TASK_SIZE;
152580 + pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m);
152581 + pte_m = pte_offset_map(pmd_m, address_m);
152582 + ptl_m = pte_lockptr(mm, pmd_m);
152583 + if (ptl != ptl_m) {
152584 + spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING);
152585 + if (!pte_none(*pte_m))
152586 + goto out;
152587 + }
152588 +
152589 + entry_m = pfn_pte(page_to_pfn(page_m), vma_m->vm_page_prot);
152590 + get_page(page_m);
152591 + page_add_file_rmap(page_m, false);
152592 + inc_mm_counter_fast(mm, mm_counter_file(page_m));
152593 + set_pte_at(mm, address_m, pte_m, entry_m);
152594 + update_mmu_cache(vma_m, address_m, pte_m);
152595 +out:
152596 + if (ptl != ptl_m)
152597 + spin_unlock(ptl_m);
152598 + pte_unmap(pte_m);
152599 +}
152600 +
152601 +static void pax_mirror_pfn_pte(struct vm_area_struct *vma, unsigned long address, unsigned long pfn_m, spinlock_t *ptl)
152602 +{
152603 + struct mm_struct *mm = vma->vm_mm;
152604 + unsigned long address_m;
152605 + spinlock_t *ptl_m;
152606 + struct vm_area_struct *vma_m;
152607 + pmd_t *pmd_m;
152608 + pte_t *pte_m, entry_m;
152609 +
152610 + vma_m = pax_find_mirror_vma(vma);
152611 + if (!vma_m)
152612 + return;
152613 +
152614 + BUG_ON(address >= SEGMEXEC_TASK_SIZE);
152615 + address_m = address + SEGMEXEC_TASK_SIZE;
152616 + pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m);
152617 + pte_m = pte_offset_map(pmd_m, address_m);
152618 + ptl_m = pte_lockptr(mm, pmd_m);
152619 + if (ptl != ptl_m) {
152620 + spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING);
152621 + if (!pte_none(*pte_m))
152622 + goto out;
152623 + }
152624 +
152625 + entry_m = pfn_pte(pfn_m, vma_m->vm_page_prot);
152626 + set_pte_at(mm, address_m, pte_m, entry_m);
152627 +out:
152628 + if (ptl != ptl_m)
152629 + spin_unlock(ptl_m);
152630 + pte_unmap(pte_m);
152631 +}
152632 +
152633 +static void pax_mirror_pte(struct vm_area_struct *vma, unsigned long address, pte_t *pte, pmd_t *pmd, spinlock_t *ptl)
152634 +{
152635 + struct page *page_m;
152636 + pte_t entry;
152637 +
152638 + if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC))
152639 + return;
152640 +
152641 + entry = *pte;
152642 + page_m = vm_normal_page(vma, address, entry);
152643 + if (!page_m)
152644 + pax_mirror_pfn_pte(vma, address, pte_pfn(entry), ptl);
152645 + else if (PageAnon(page_m)) {
152646 + if (pax_find_mirror_vma(vma)) {
152647 + pte_unmap_unlock(pte, ptl);
152648 + lock_page(page_m);
152649 + pte = pte_offset_map_lock(vma->vm_mm, pmd, address, &ptl);
152650 + if (pte_same(entry, *pte))
152651 + pax_mirror_anon_pte(vma, address, page_m, ptl);
152652 + unlock_page(page_m);
152653 + }
152654 + } else
152655 + pax_mirror_file_pte(vma, address, page_m, ptl);
152656 +}
152657 +#endif
152658 +
152659 /*
152660 * Handle the case of a page which we actually need to copy to a new page.
152661 *
152662 @@ -2174,6 +2383,12 @@ static int wp_page_copy(struct fault_env *fe, pte_t orig_pte,
152663 */
152664 fe->pte = pte_offset_map_lock(mm, fe->pmd, fe->address, &fe->ptl);
152665 if (likely(pte_same(*fe->pte, orig_pte))) {
152666 +
152667 +#ifdef CONFIG_PAX_SEGMEXEC
152668 + if (pax_find_mirror_vma(vma))
152669 + BUG_ON(!trylock_page(new_page));
152670 +#endif
152671 +
152672 if (old_page) {
152673 if (!PageAnon(old_page)) {
152674 dec_mm_counter_fast(mm,
152675 @@ -2229,6 +2444,11 @@ static int wp_page_copy(struct fault_env *fe, pte_t orig_pte,
152676 page_remove_rmap(old_page, false);
152677 }
152678
152679 +#ifdef CONFIG_PAX_SEGMEXEC
152680 + if (pax_mirror_anon_pte(vma, fe->address, new_page, fe->ptl))
152681 + unlock_page(new_page);
152682 +#endif
152683 +
152684 /* Free the old page.. */
152685 new_page = old_page;
152686 page_copied = 1;
152687 @@ -2653,6 +2873,11 @@ int do_swap_page(struct fault_env *fe, pte_t orig_pte)
152688 if (mem_cgroup_swap_full(page) ||
152689 (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
152690 try_to_free_swap(page);
152691 +
152692 +#ifdef CONFIG_PAX_SEGMEXEC
152693 + if ((fe->flags & FAULT_FLAG_WRITE) || !pax_find_mirror_vma(vma))
152694 +#endif
152695 +
152696 unlock_page(page);
152697 if (page != swapcache) {
152698 /*
152699 @@ -2676,6 +2901,12 @@ int do_swap_page(struct fault_env *fe, pte_t orig_pte)
152700
152701 /* No need to invalidate - it was non-present before */
152702 update_mmu_cache(vma, fe->address, fe->pte);
152703 +
152704 +#ifdef CONFIG_PAX_SEGMEXEC
152705 + if (pax_mirror_anon_pte(vma, fe->address, page, fe->ptl))
152706 + unlock_page(page);
152707 +#endif
152708 +
152709 unlock:
152710 pte_unmap_unlock(fe->pte, fe->ptl);
152711 out:
152712 @@ -2695,40 +2926,6 @@ out_release:
152713 }
152714
152715 /*
152716 - * This is like a special single-page "expand_{down|up}wards()",
152717 - * except we must first make sure that 'address{-|+}PAGE_SIZE'
152718 - * doesn't hit another vma.
152719 - */
152720 -static inline int check_stack_guard_page(struct vm_area_struct *vma, unsigned long address)
152721 -{
152722 - address &= PAGE_MASK;
152723 - if ((vma->vm_flags & VM_GROWSDOWN) && address == vma->vm_start) {
152724 - struct vm_area_struct *prev = vma->vm_prev;
152725 -
152726 - /*
152727 - * Is there a mapping abutting this one below?
152728 - *
152729 - * That's only ok if it's the same stack mapping
152730 - * that has gotten split..
152731 - */
152732 - if (prev && prev->vm_end == address)
152733 - return prev->vm_flags & VM_GROWSDOWN ? 0 : -ENOMEM;
152734 -
152735 - return expand_downwards(vma, address - PAGE_SIZE);
152736 - }
152737 - if ((vma->vm_flags & VM_GROWSUP) && address + PAGE_SIZE == vma->vm_end) {
152738 - struct vm_area_struct *next = vma->vm_next;
152739 -
152740 - /* As VM_GROWSDOWN but s/below/above/ */
152741 - if (next && next->vm_start == address + PAGE_SIZE)
152742 - return next->vm_flags & VM_GROWSUP ? 0 : -ENOMEM;
152743 -
152744 - return expand_upwards(vma, address + PAGE_SIZE);
152745 - }
152746 - return 0;
152747 -}
152748 -
152749 -/*
152750 * We enter with non-exclusive mmap_sem (to exclude vma changes,
152751 * but allow concurrent faults), and pte mapped but not yet locked.
152752 * We return with mmap_sem still held, but pte unmapped and unlocked.
152753 @@ -2737,17 +2934,13 @@ static int do_anonymous_page(struct fault_env *fe)
152754 {
152755 struct vm_area_struct *vma = fe->vma;
152756 struct mem_cgroup *memcg;
152757 - struct page *page;
152758 + struct page *page = NULL;
152759 pte_t entry;
152760
152761 /* File mapping without ->vm_ops ? */
152762 if (vma->vm_flags & VM_SHARED)
152763 return VM_FAULT_SIGBUS;
152764
152765 - /* Check if we need to add a guard page to the stack */
152766 - if (check_stack_guard_page(vma, fe->address) < 0)
152767 - return VM_FAULT_SIGSEGV;
152768 -
152769 /*
152770 * Use pte_alloc() instead of pte_alloc_map(). We can't run
152771 * pte_offset_map() on pmds where a huge pmd might be created
152772 @@ -2816,6 +3009,11 @@ static int do_anonymous_page(struct fault_env *fe)
152773 return handle_userfault(fe, VM_UFFD_MISSING);
152774 }
152775
152776 +#ifdef CONFIG_PAX_SEGMEXEC
152777 + if (pax_find_mirror_vma(vma))
152778 + BUG_ON(!trylock_page(page));
152779 +#endif
152780 +
152781 inc_mm_counter_fast(vma->vm_mm, MM_ANONPAGES);
152782 page_add_new_anon_rmap(page, vma, fe->address, false);
152783 mem_cgroup_commit_charge(page, memcg, false, false);
152784 @@ -2825,6 +3023,12 @@ setpte:
152785
152786 /* No need to invalidate - it was non-present before */
152787 update_mmu_cache(vma, fe->address, fe->pte);
152788 +
152789 +#ifdef CONFIG_PAX_SEGMEXEC
152790 + if (page && pax_mirror_anon_pte(vma, fe->address, page, fe->ptl))
152791 + unlock_page(page);
152792 +#endif
152793 +
152794 unlock:
152795 pte_unmap_unlock(fe->pte, fe->ptl);
152796 return 0;
152797 @@ -3039,6 +3243,13 @@ int alloc_set_pte(struct fault_env *fe, struct mem_cgroup *memcg,
152798 }
152799 set_pte_at(vma->vm_mm, fe->address, fe->pte, entry);
152800
152801 +#ifdef CONFIG_PAX_SEGMEXEC
152802 + if (write && !(vma->vm_flags & VM_SHARED))
152803 + pax_mirror_anon_pte(vma, fe->address, page, fe->ptl);
152804 + else
152805 + pax_mirror_file_pte(vma, fe->address, page, fe->ptl);
152806 +#endif
152807 +
152808 /* no need to invalidate: a not-present page won't be cached */
152809 update_mmu_cache(vma, fe->address, fe->pte);
152810
152811 @@ -3552,6 +3763,11 @@ static int handle_pte_fault(struct fault_env *fe)
152812 if (fe->flags & FAULT_FLAG_WRITE)
152813 flush_tlb_fix_spurious_fault(fe->vma, fe->address);
152814 }
152815 +
152816 +#ifdef CONFIG_PAX_SEGMEXEC
152817 + pax_mirror_pte(fe->vma, fe->address, fe->pte, fe->pmd, fe->ptl);
152818 +#endif
152819 +
152820 unlock:
152821 pte_unmap_unlock(fe->pte, fe->ptl);
152822 return 0;
152823 @@ -3575,14 +3791,49 @@ static int __handle_mm_fault(struct vm_area_struct *vma, unsigned long address,
152824 pgd_t *pgd;
152825 pud_t *pud;
152826
152827 - pgd = pgd_offset(mm, address);
152828 - pud = pud_alloc(mm, pgd, address);
152829 +#ifdef CONFIG_PAX_SEGMEXEC
152830 + struct vm_area_struct *vma_m;
152831 +
152832 + vma_m = pax_find_mirror_vma(vma);
152833 + if (vma_m) {
152834 + unsigned long address_m;
152835 + pgd_t *pgd_m;
152836 + pud_t *pud_m;
152837 + pmd_t *pmd_m;
152838 + pmd_t orig_pmd_m;
152839 +
152840 + if (vma->vm_start > vma_m->vm_start) {
152841 + address_m = address;
152842 + fe.address -= SEGMEXEC_TASK_SIZE;
152843 + fe.vma = vma_m;
152844 + } else
152845 + address_m = address + SEGMEXEC_TASK_SIZE;
152846 +
152847 + pgd_m = pgd_offset(mm, address_m);
152848 + pud_m = pud_alloc(mm, pgd_m, address_m);
152849 + if (!pud_m)
152850 + return VM_FAULT_OOM;
152851 + pmd_m = pmd_alloc(mm, pud_m, address_m);
152852 + if (!pmd_m)
152853 + return VM_FAULT_OOM;
152854 + BUG_ON(transparent_hugepage_enabled(vma_m));
152855 + orig_pmd_m = *pmd_m;
152856 + barrier();
152857 + BUG_ON(pmd_trans_huge(orig_pmd_m) || pmd_devmap(orig_pmd_m));
152858 + if (!pmd_present(*pmd_m) && __pte_alloc(mm, pmd_m, address_m))
152859 + return VM_FAULT_OOM;
152860 + pax_unmap_mirror_pte(vma_m, address_m, pmd_m);
152861 + }
152862 +#endif
152863 +
152864 + pgd = pgd_offset(mm, fe.address);
152865 + pud = pud_alloc(mm, pgd, fe.address);
152866 if (!pud)
152867 return VM_FAULT_OOM;
152868 - fe.pmd = pmd_alloc(mm, pud, address);
152869 + fe.pmd = pmd_alloc(mm, pud, fe.address);
152870 if (!fe.pmd)
152871 return VM_FAULT_OOM;
152872 - if (pmd_none(*fe.pmd) && transparent_hugepage_enabled(vma)) {
152873 + if (pmd_none(*fe.pmd) && transparent_hugepage_enabled(fe.vma)) {
152874 int ret = create_huge_pmd(&fe);
152875 if (!(ret & VM_FAULT_FALLBACK))
152876 return ret;
152877 @@ -3592,7 +3843,7 @@ static int __handle_mm_fault(struct vm_area_struct *vma, unsigned long address,
152878
152879 barrier();
152880 if (pmd_trans_huge(orig_pmd) || pmd_devmap(orig_pmd)) {
152881 - if (pmd_protnone(orig_pmd) && vma_is_accessible(vma))
152882 + if (pmd_protnone(orig_pmd) && vma_is_accessible(fe.vma))
152883 return do_huge_pmd_numa_page(&fe, orig_pmd);
152884
152885 if ((fe.flags & FAULT_FLAG_WRITE) &&
152886 @@ -3667,7 +3918,7 @@ EXPORT_SYMBOL_GPL(handle_mm_fault);
152887 * Allocate page upper directory.
152888 * We've already handled the fast-path in-line.
152889 */
152890 -int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
152891 +static int ____pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address, bool kernel)
152892 {
152893 pud_t *new = pud_alloc_one(mm, address);
152894 if (!new)
152895 @@ -3678,11 +3929,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
152896 spin_lock(&mm->page_table_lock);
152897 if (pgd_present(*pgd)) /* Another has populated it */
152898 pud_free(mm, new);
152899 + else if (kernel)
152900 + pgd_populate_kernel(mm, pgd, new);
152901 else
152902 pgd_populate(mm, pgd, new);
152903 spin_unlock(&mm->page_table_lock);
152904 return 0;
152905 }
152906 +
152907 +int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
152908 +{
152909 + return ____pud_alloc(mm, pgd, address, false);
152910 +}
152911 +
152912 +int __pud_alloc_kernel(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
152913 +{
152914 + return ____pud_alloc(mm, pgd, address, true);
152915 +}
152916 #endif /* __PAGETABLE_PUD_FOLDED */
152917
152918 #ifndef __PAGETABLE_PMD_FOLDED
152919 @@ -3690,7 +3953,7 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
152920 * Allocate page middle directory.
152921 * We've already handled the fast-path in-line.
152922 */
152923 -int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
152924 +static int ____pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address, bool kernel)
152925 {
152926 pmd_t *new = pmd_alloc_one(mm, address);
152927 if (!new)
152928 @@ -3702,19 +3965,35 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
152929 #ifndef __ARCH_HAS_4LEVEL_HACK
152930 if (!pud_present(*pud)) {
152931 mm_inc_nr_pmds(mm);
152932 - pud_populate(mm, pud, new);
152933 + if (kernel)
152934 + pud_populate_kernel(mm, pud, new);
152935 + else
152936 + pud_populate(mm, pud, new);
152937 } else /* Another has populated it */
152938 pmd_free(mm, new);
152939 #else
152940 if (!pgd_present(*pud)) {
152941 mm_inc_nr_pmds(mm);
152942 - pgd_populate(mm, pud, new);
152943 + if (kernel)
152944 + pgd_populate_kernel(mm, pud, new);
152945 + else
152946 + pgd_populate(mm, pud, new);
152947 } else /* Another has populated it */
152948 pmd_free(mm, new);
152949 #endif /* __ARCH_HAS_4LEVEL_HACK */
152950 spin_unlock(&mm->page_table_lock);
152951 return 0;
152952 }
152953 +
152954 +int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
152955 +{
152956 + return ____pmd_alloc(mm, pud, address, false);
152957 +}
152958 +
152959 +int __pmd_alloc_kernel(struct mm_struct *mm, pud_t *pud, unsigned long address)
152960 +{
152961 + return ____pmd_alloc(mm, pud, address, true);
152962 +}
152963 #endif /* __PAGETABLE_PMD_FOLDED */
152964
152965 static int __follow_pte(struct mm_struct *mm, unsigned long address,
152966 @@ -3824,8 +4103,8 @@ out:
152967 return ret;
152968 }
152969
152970 -int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
152971 - void *buf, int len, int write)
152972 +ssize_t generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
152973 + void *buf, size_t len, int write)
152974 {
152975 resource_size_t phys_addr;
152976 unsigned long prot = 0;
152977 @@ -3851,8 +4130,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);
152978 * Access another process' address space as given in mm. If non-NULL, use the
152979 * given task for page fault accounting.
152980 */
152981 -static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
152982 - unsigned long addr, void *buf, int len, int write)
152983 +static ssize_t __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
152984 + unsigned long addr, void *buf, size_t len, int write)
152985 {
152986 struct vm_area_struct *vma;
152987 void *old_buf = buf;
152988 @@ -3860,7 +4139,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
152989 down_read(&mm->mmap_sem);
152990 /* ignore errors, just check how much was successfully transferred */
152991 while (len) {
152992 - int bytes, ret, offset;
152993 + ssize_t bytes, ret, offset;
152994 void *maddr;
152995 struct page *page = NULL;
152996
152997 @@ -3921,8 +4200,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
152998 *
152999 * The caller must hold a reference on @mm.
153000 */
153001 -int access_remote_vm(struct mm_struct *mm, unsigned long addr,
153002 - void *buf, int len, int write)
153003 +ssize_t access_remote_vm(struct mm_struct *mm, unsigned long addr,
153004 + void *buf, size_t len, int write)
153005 {
153006 return __access_remote_vm(NULL, mm, addr, buf, len, write);
153007 }
153008 @@ -3932,11 +4211,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
153009 * Source/target buffer must be kernel space,
153010 * Do not walk the page table directly, use get_user_pages
153011 */
153012 -int access_process_vm(struct task_struct *tsk, unsigned long addr,
153013 - void *buf, int len, int write)
153014 +ssize_t access_process_vm(struct task_struct *tsk, unsigned long addr,
153015 + void *buf, size_t len, int write)
153016 {
153017 struct mm_struct *mm;
153018 - int ret;
153019 + ssize_t ret;
153020
153021 mm = get_task_mm(tsk);
153022 if (!mm)
153023 diff --git a/mm/mempolicy.c b/mm/mempolicy.c
153024 index 2da72a5..845e125 100644
153025 --- a/mm/mempolicy.c
153026 +++ b/mm/mempolicy.c
153027 @@ -732,6 +732,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
153028 unsigned long vmstart;
153029 unsigned long vmend;
153030
153031 +#ifdef CONFIG_PAX_SEGMEXEC
153032 + struct vm_area_struct *vma_m;
153033 +#endif
153034 +
153035 vma = find_vma(mm, start);
153036 if (!vma || vma->vm_start > start)
153037 return -EFAULT;
153038 @@ -775,6 +779,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
153039 err = vma_replace_policy(vma, new_pol);
153040 if (err)
153041 goto out;
153042 +
153043 +#ifdef CONFIG_PAX_SEGMEXEC
153044 + vma_m = pax_find_mirror_vma(vma);
153045 + if (vma_m) {
153046 + err = vma_replace_policy(vma_m, new_pol);
153047 + if (err)
153048 + goto out;
153049 + }
153050 +#endif
153051 +
153052 }
153053
153054 out:
153055 @@ -1190,6 +1204,17 @@ static long do_mbind(unsigned long start, unsigned long len,
153056
153057 if (end < start)
153058 return -EINVAL;
153059 +
153060 +#ifdef CONFIG_PAX_SEGMEXEC
153061 + if (mm->pax_flags & MF_PAX_SEGMEXEC) {
153062 + if (end > SEGMEXEC_TASK_SIZE)
153063 + return -EINVAL;
153064 + } else
153065 +#endif
153066 +
153067 + if (end > TASK_SIZE)
153068 + return -EINVAL;
153069 +
153070 if (end == start)
153071 return 0;
153072
153073 @@ -1415,8 +1440,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
153074 */
153075 tcred = __task_cred(task);
153076 if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
153077 - !uid_eq(cred->uid, tcred->suid) && !uid_eq(cred->uid, tcred->uid) &&
153078 - !capable(CAP_SYS_NICE)) {
153079 + !uid_eq(cred->uid, tcred->suid) && !capable(CAP_SYS_NICE)) {
153080 rcu_read_unlock();
153081 err = -EPERM;
153082 goto out_put;
153083 @@ -1447,6 +1471,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
153084 goto out;
153085 }
153086
153087 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
153088 + if (mm != current->mm &&
153089 + (mm->pax_flags & MF_PAX_RANDMMAP || mm->pax_flags & MF_PAX_SEGMEXEC)) {
153090 + mmput(mm);
153091 + err = -EPERM;
153092 + goto out;
153093 + }
153094 +#endif
153095 +
153096 err = do_migrate_pages(mm, old, new,
153097 capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
153098
153099 diff --git a/mm/migrate.c b/mm/migrate.c
153100 index f7ee04a..41da9dc 100644
153101 --- a/mm/migrate.c
153102 +++ b/mm/migrate.c
153103 @@ -1686,8 +1686,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
153104 */
153105 tcred = __task_cred(task);
153106 if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
153107 - !uid_eq(cred->uid, tcred->suid) && !uid_eq(cred->uid, tcred->uid) &&
153108 - !capable(CAP_SYS_NICE)) {
153109 + !uid_eq(cred->uid, tcred->suid) && !capable(CAP_SYS_NICE)) {
153110 rcu_read_unlock();
153111 err = -EPERM;
153112 goto out;
153113 diff --git a/mm/mlock.c b/mm/mlock.c
153114 index 14645be..e2c7aa1 100644
153115 --- a/mm/mlock.c
153116 +++ b/mm/mlock.c
153117 @@ -14,6 +14,7 @@
153118 #include <linux/pagevec.h>
153119 #include <linux/mempolicy.h>
153120 #include <linux/syscalls.h>
153121 +#include <linux/security.h>
153122 #include <linux/sched.h>
153123 #include <linux/export.h>
153124 #include <linux/rmap.h>
153125 @@ -573,7 +574,7 @@ static int apply_vma_lock_flags(unsigned long start, size_t len,
153126 {
153127 unsigned long nstart, end, tmp;
153128 struct vm_area_struct * vma, * prev;
153129 - int error;
153130 + int error = 0;
153131
153132 VM_BUG_ON(offset_in_page(start));
153133 VM_BUG_ON(len != PAGE_ALIGN(len));
153134 @@ -582,6 +583,9 @@ static int apply_vma_lock_flags(unsigned long start, size_t len,
153135 return -EINVAL;
153136 if (end == start)
153137 return 0;
153138 + if (end > TASK_SIZE)
153139 + return -EINVAL;
153140 +
153141 vma = find_vma(current->mm, start);
153142 if (!vma || vma->vm_start > start)
153143 return -ENOMEM;
153144 @@ -591,8 +595,14 @@ static int apply_vma_lock_flags(unsigned long start, size_t len,
153145 prev = vma;
153146
153147 for (nstart = start ; ; ) {
153148 - vm_flags_t newflags = vma->vm_flags & VM_LOCKED_CLEAR_MASK;
153149 + vm_flags_t newflags;
153150
153151 +#ifdef CONFIG_PAX_SEGMEXEC
153152 + if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_start >= SEGMEXEC_TASK_SIZE))
153153 + break;
153154 +#endif
153155 +
153156 + newflags = vma->vm_flags & VM_LOCKED_CLEAR_MASK;
153157 newflags |= flags;
153158
153159 /* Here we know that vma->vm_start <= nstart < vma->vm_end. */
153160 @@ -641,6 +651,10 @@ static __must_check int do_mlock(unsigned long start, size_t len, vm_flags_t fla
153161 locked += current->mm->locked_vm;
153162
153163 /* check against resource limits */
153164 + if (locked > (ULONG_MAX >> PAGE_SHIFT))
153165 + gr_learn_resource(current, RLIMIT_MEMLOCK, ULONG_MAX, 1);
153166 + else
153167 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1);
153168 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK))
153169 error = apply_vma_lock_flags(start, len, flags);
153170
153171 @@ -722,6 +736,11 @@ static int apply_mlockall_flags(int flags)
153172 for (vma = current->mm->mmap; vma ; vma = prev->vm_next) {
153173 vm_flags_t newflags;
153174
153175 +#ifdef CONFIG_PAX_SEGMEXEC
153176 + if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_start >= SEGMEXEC_TASK_SIZE))
153177 + break;
153178 +#endif
153179 +
153180 newflags = vma->vm_flags & VM_LOCKED_CLEAR_MASK;
153181 newflags |= to_add;
153182
153183 @@ -754,6 +773,10 @@ SYSCALL_DEFINE1(mlockall, int, flags)
153184 return -EINTR;
153185
153186 ret = -ENOMEM;
153187 + if (current->mm->total_vm > (ULONG_MAX >> PAGE_SHIFT))
153188 + gr_learn_resource(current, RLIMIT_MEMLOCK, ULONG_MAX, 1);
153189 + else
153190 + gr_learn_resource(current, RLIMIT_MEMLOCK, current->mm->total_vm << PAGE_SHIFT, 1);
153191 if (!(flags & MCL_CURRENT) || (current->mm->total_vm <= lock_limit) ||
153192 capable(CAP_IPC_LOCK))
153193 ret = apply_mlockall_flags(flags);
153194 diff --git a/mm/mm_init.c b/mm/mm_init.c
153195 index 5b72266..dc04ce5 100644
153196 --- a/mm/mm_init.c
153197 +++ b/mm/mm_init.c
153198 @@ -169,7 +169,7 @@ static int __meminit mm_compute_batch_notifier(struct notifier_block *self,
153199 return NOTIFY_OK;
153200 }
153201
153202 -static struct notifier_block compute_batch_nb __meminitdata = {
153203 +static struct notifier_block compute_batch_nb = {
153204 .notifier_call = mm_compute_batch_notifier,
153205 .priority = IPC_CALLBACK_PRI, /* use lowest priority */
153206 };
153207 diff --git a/mm/mmap.c b/mm/mmap.c
153208 index ca9d91b..b2438f1 100644
153209 --- a/mm/mmap.c
153210 +++ b/mm/mmap.c
153211 @@ -44,6 +44,7 @@
153212 #include <linux/userfaultfd_k.h>
153213 #include <linux/moduleparam.h>
153214 #include <linux/pkeys.h>
153215 +#include <linux/random.h>
153216
153217 #include <asm/uaccess.h>
153218 #include <asm/cacheflush.h>
153219 @@ -70,6 +71,16 @@ int mmap_rnd_compat_bits __read_mostly = CONFIG_ARCH_MMAP_RND_COMPAT_BITS;
153220 static bool ignore_rlimit_data;
153221 core_param(ignore_rlimit_data, ignore_rlimit_data, bool, 0644);
153222
153223 +static inline void verify_mm_writelocked(struct mm_struct *mm)
153224 +{
153225 +#if defined(CONFIG_DEBUG_VM) || defined(CONFIG_PAX)
153226 + if (unlikely(down_read_trylock(&mm->mmap_sem))) {
153227 + up_read(&mm->mmap_sem);
153228 + BUG();
153229 + }
153230 +#endif
153231 +}
153232 +
153233 static void unmap_region(struct mm_struct *mm,
153234 struct vm_area_struct *vma, struct vm_area_struct *prev,
153235 unsigned long start, unsigned long end);
153236 @@ -89,16 +100,25 @@ static void unmap_region(struct mm_struct *mm,
153237 * x: (no) no x: (no) yes x: (no) yes x: (yes) yes
153238 *
153239 */
153240 -pgprot_t protection_map[16] = {
153241 +pgprot_t protection_map[16] __read_only = {
153242 __P000, __P001, __P010, __P011, __P100, __P101, __P110, __P111,
153243 __S000, __S001, __S010, __S011, __S100, __S101, __S110, __S111
153244 };
153245
153246 -pgprot_t vm_get_page_prot(unsigned long vm_flags)
153247 +pgprot_t vm_get_page_prot(vm_flags_t vm_flags)
153248 {
153249 - return __pgprot(pgprot_val(protection_map[vm_flags &
153250 + pgprot_t prot = __pgprot(pgprot_val(protection_map[vm_flags &
153251 (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]) |
153252 pgprot_val(arch_vm_get_page_prot(vm_flags)));
153253 +
153254 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
153255 + if (!(__supported_pte_mask & _PAGE_NX) &&
153256 + (vm_flags & (VM_PAGEEXEC | VM_EXEC)) == VM_PAGEEXEC &&
153257 + (vm_flags & (VM_READ | VM_WRITE)))
153258 + prot = __pgprot(pte_val(pte_exprotect(__pte(pgprot_val(prot)))));
153259 +#endif
153260 +
153261 + return prot;
153262 }
153263 EXPORT_SYMBOL(vm_get_page_prot);
153264
153265 @@ -160,6 +180,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
153266 struct vm_area_struct *next = vma->vm_next;
153267
153268 might_sleep();
153269 + BUG_ON(vma->vm_mirror);
153270 if (vma->vm_ops && vma->vm_ops->close)
153271 vma->vm_ops->close(vma);
153272 if (vma->vm_file)
153273 @@ -173,6 +194,7 @@ static int do_brk(unsigned long addr, unsigned long len);
153274
153275 SYSCALL_DEFINE1(brk, unsigned long, brk)
153276 {
153277 + unsigned long rlim;
153278 unsigned long retval;
153279 unsigned long newbrk, oldbrk;
153280 struct mm_struct *mm = current->mm;
153281 @@ -204,7 +226,13 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
153282 * segment grow beyond its set limit the in case where the limit is
153283 * not page aligned -Ram Gupta
153284 */
153285 - if (check_data_rlimit(rlimit(RLIMIT_DATA), brk, mm->start_brk,
153286 + rlim = rlimit(RLIMIT_DATA);
153287 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
153288 + /* force a minimum 16MB brk heap on setuid/setgid binaries */
153289 + if (rlim < (4096 * PAGE_SIZE) && (get_dumpable(mm) != SUID_DUMP_USER) && gr_is_global_nonroot(current_uid()))
153290 + rlim = 4096 * PAGE_SIZE;
153291 +#endif
153292 + if (check_data_rlimit(rlim, brk, mm->start_brk,
153293 mm->end_data, mm->start_data))
153294 goto out;
153295
153296 @@ -879,6 +907,12 @@ can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags,
153297 pgoff_t vm_pgoff,
153298 struct vm_userfaultfd_ctx vm_userfaultfd_ctx)
153299 {
153300 +
153301 +#ifdef CONFIG_PAX_SEGMEXEC
153302 + if ((vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_start == SEGMEXEC_TASK_SIZE)
153303 + return 0;
153304 +#endif
153305 +
153306 if (is_mergeable_vma(vma, file, vm_flags, vm_userfaultfd_ctx) &&
153307 is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) {
153308 if (vma->vm_pgoff == vm_pgoff)
153309 @@ -900,6 +934,12 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
153310 pgoff_t vm_pgoff,
153311 struct vm_userfaultfd_ctx vm_userfaultfd_ctx)
153312 {
153313 +
153314 +#ifdef CONFIG_PAX_SEGMEXEC
153315 + if ((vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end == SEGMEXEC_TASK_SIZE)
153316 + return 0;
153317 +#endif
153318 +
153319 if (is_mergeable_vma(vma, file, vm_flags, vm_userfaultfd_ctx) &&
153320 is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) {
153321 pgoff_t vm_pglen;
153322 @@ -950,6 +990,13 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
153323 struct vm_area_struct *area, *next;
153324 int err;
153325
153326 +#ifdef CONFIG_PAX_SEGMEXEC
153327 + unsigned long addr_m = addr + SEGMEXEC_TASK_SIZE, end_m = end + SEGMEXEC_TASK_SIZE;
153328 + struct vm_area_struct *area_m = NULL, *next_m = NULL, *prev_m = NULL;
153329 +
153330 + BUG_ON((mm->pax_flags & MF_PAX_SEGMEXEC) && SEGMEXEC_TASK_SIZE < end);
153331 +#endif
153332 +
153333 /*
153334 * We later require that vma->vm_flags == vm_flags,
153335 * so this tests vma->vm_flags & VM_SPECIAL, too.
153336 @@ -965,6 +1012,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
153337 if (next && next->vm_end == end) /* cases 6, 7, 8 */
153338 next = next->vm_next;
153339
153340 +#ifdef CONFIG_PAX_SEGMEXEC
153341 + if (prev)
153342 + prev_m = pax_find_mirror_vma(prev);
153343 + if (area)
153344 + area_m = pax_find_mirror_vma(area);
153345 + if (next)
153346 + next_m = pax_find_mirror_vma(next);
153347 +#endif
153348 +
153349 /*
153350 * Can it merge with the predecessor?
153351 */
153352 @@ -987,9 +1043,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
153353 /* cases 1, 6 */
153354 err = vma_adjust(prev, prev->vm_start,
153355 next->vm_end, prev->vm_pgoff, NULL);
153356 - } else /* cases 2, 5, 7 */
153357 +
153358 +#ifdef CONFIG_PAX_SEGMEXEC
153359 + if (!err && prev_m)
153360 + err = vma_adjust(prev_m, prev_m->vm_start,
153361 + next_m->vm_end, prev_m->vm_pgoff, NULL);
153362 +#endif
153363 +
153364 + } else { /* cases 2, 5, 7 */
153365 err = vma_adjust(prev, prev->vm_start,
153366 end, prev->vm_pgoff, NULL);
153367 +
153368 +#ifdef CONFIG_PAX_SEGMEXEC
153369 + if (!err && prev_m)
153370 + err = vma_adjust(prev_m, prev_m->vm_start,
153371 + end_m, prev_m->vm_pgoff, NULL);
153372 +#endif
153373 +
153374 + }
153375 if (err)
153376 return NULL;
153377 khugepaged_enter_vma_merge(prev, vm_flags);
153378 @@ -1004,12 +1075,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
153379 can_vma_merge_before(next, vm_flags,
153380 anon_vma, file, pgoff+pglen,
153381 vm_userfaultfd_ctx)) {
153382 - if (prev && addr < prev->vm_end) /* case 4 */
153383 + if (prev && addr < prev->vm_end) { /* case 4 */
153384 err = vma_adjust(prev, prev->vm_start,
153385 addr, prev->vm_pgoff, NULL);
153386 - else /* cases 3, 8 */
153387 +
153388 +#ifdef CONFIG_PAX_SEGMEXEC
153389 + if (!err && prev_m)
153390 + err = vma_adjust(prev_m, prev_m->vm_start,
153391 + addr_m, prev_m->vm_pgoff, NULL);
153392 +#endif
153393 +
153394 + } else { /* cases 3, 8 */
153395 err = vma_adjust(area, addr, next->vm_end,
153396 next->vm_pgoff - pglen, NULL);
153397 +
153398 +#ifdef CONFIG_PAX_SEGMEXEC
153399 + if (!err && area_m)
153400 + err = vma_adjust(area_m, addr_m, next_m->vm_end,
153401 + next_m->vm_pgoff - pglen, NULL);
153402 +#endif
153403 +
153404 + }
153405 if (err)
153406 return NULL;
153407 khugepaged_enter_vma_merge(area, vm_flags);
153408 @@ -1139,6 +1225,10 @@ static inline int mlock_future_check(struct mm_struct *mm,
153409 locked += mm->locked_vm;
153410 lock_limit = rlimit(RLIMIT_MEMLOCK);
153411 lock_limit >>= PAGE_SHIFT;
153412 + if (locked > (ULONG_MAX >> PAGE_SHIFT))
153413 + gr_learn_resource(current, RLIMIT_MEMLOCK, ULONG_MAX, 1);
153414 + else
153415 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1);
153416 if (locked > lock_limit && !capable(CAP_IPC_LOCK))
153417 return -EAGAIN;
153418 }
153419 @@ -1167,7 +1257,7 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
153420 * (the exception is when the underlying filesystem is noexec
153421 * mounted, in which case we dont add PROT_EXEC.)
153422 */
153423 - if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC))
153424 + if ((prot & (PROT_READ | PROT_WRITE)) && (current->personality & READ_IMPLIES_EXEC))
153425 if (!(file && path_noexec(&file->f_path)))
153426 prot |= PROT_EXEC;
153427
153428 @@ -1190,7 +1280,7 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
153429 /* Obtain the address to map to. we verify (or select) it and ensure
153430 * that it represents a valid section of the address space.
153431 */
153432 - addr = get_unmapped_area(file, addr, len, pgoff, flags);
153433 + addr = get_unmapped_area(file, addr, len, pgoff, flags | ((prot & PROT_EXEC) ? MAP_EXECUTABLE : 0));
153434 if (offset_in_page(addr))
153435 return addr;
153436
153437 @@ -1207,6 +1297,43 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
153438 vm_flags |= calc_vm_prot_bits(prot, pkey) | calc_vm_flag_bits(flags) |
153439 mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
153440
153441 +#ifdef CONFIG_PAX_MPROTECT
153442 + if (mm->pax_flags & MF_PAX_MPROTECT) {
153443 +
153444 +#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
153445 + if (file && !pgoff && (vm_flags & VM_EXEC) && mm->binfmt &&
153446 + mm->binfmt->handle_mmap)
153447 + mm->binfmt->handle_mmap(file);
153448 +#endif
153449 +
153450 +#ifndef CONFIG_PAX_MPROTECT_COMPAT
153451 + if ((vm_flags & (VM_WRITE | VM_EXEC)) == (VM_WRITE | VM_EXEC)) {
153452 + gr_log_rwxmmap(file);
153453 +
153454 +#ifdef CONFIG_PAX_EMUPLT
153455 + vm_flags &= ~VM_EXEC;
153456 +#else
153457 + return -EPERM;
153458 +#endif
153459 +
153460 + }
153461 +
153462 + if (!(vm_flags & VM_EXEC))
153463 + vm_flags &= ~VM_MAYEXEC;
153464 +#else
153465 + if ((vm_flags & (VM_WRITE | VM_EXEC)) != VM_EXEC)
153466 + vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
153467 +#endif
153468 + else
153469 + vm_flags &= ~VM_MAYWRITE;
153470 + }
153471 +#endif
153472 +
153473 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
153474 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && file)
153475 + vm_flags &= ~VM_PAGEEXEC;
153476 +#endif
153477 +
153478 if (flags & MAP_LOCKED)
153479 if (!can_do_mlock())
153480 return -EPERM;
153481 @@ -1294,6 +1421,9 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
153482 vm_flags |= VM_NORESERVE;
153483 }
153484
153485 + if (!gr_acl_handle_mmap(file, prot))
153486 + return -EACCES;
153487 +
153488 addr = mmap_region(file, addr, len, vm_flags, pgoff);
153489 if (!IS_ERR_VALUE(addr) &&
153490 ((vm_flags & VM_LOCKED) ||
153491 @@ -1387,7 +1517,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma)
153492 const struct vm_operations_struct *vm_ops = vma->vm_ops;
153493
153494 /* If it was private or non-writable, the write bit is already clear */
153495 - if ((vm_flags & (VM_WRITE|VM_SHARED)) != ((VM_WRITE|VM_SHARED)))
153496 + if ((vm_flags & (VM_WRITE|VM_SHARED)) != (VM_WRITE|VM_SHARED))
153497 return 0;
153498
153499 /* The backer wishes to know when pages are first written to? */
153500 @@ -1438,7 +1568,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
153501 struct rb_node **rb_link, *rb_parent;
153502 unsigned long charged = 0;
153503
153504 +#ifdef CONFIG_PAX_SEGMEXEC
153505 + struct vm_area_struct *vma_m = NULL;
153506 +#endif
153507 +
153508 + /*
153509 + * mm->mmap_sem is required to protect against another thread
153510 + * changing the mappings in case we sleep.
153511 + */
153512 + verify_mm_writelocked(mm);
153513 +
153514 /* Check against address space limit. */
153515 +
153516 +#ifdef CONFIG_PAX_RANDMMAP
153517 + if (!(mm->pax_flags & MF_PAX_RANDMMAP) || (vm_flags & (VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)))
153518 +#endif
153519 +
153520 if (!may_expand_vm(mm, vm_flags, len >> PAGE_SHIFT)) {
153521 unsigned long nr_pages;
153522
153523 @@ -1458,6 +1603,7 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
153524 &rb_parent)) {
153525 if (do_munmap(mm, addr, len))
153526 return -ENOMEM;
153527 + BUG_ON(find_vma_links(mm, addr, addr + len, &prev, &rb_link, &rb_parent));
153528 }
153529
153530 /*
153531 @@ -1489,6 +1635,16 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
153532 goto unacct_error;
153533 }
153534
153535 +#ifdef CONFIG_PAX_SEGMEXEC
153536 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vm_flags & VM_EXEC)) {
153537 + vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
153538 + if (!vma_m) {
153539 + error = -ENOMEM;
153540 + goto free_vma;
153541 + }
153542 + }
153543 +#endif
153544 +
153545 vma->vm_mm = mm;
153546 vma->vm_start = addr;
153547 vma->vm_end = addr + len;
153548 @@ -1519,6 +1675,13 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
153549 if (error)
153550 goto unmap_and_free_vma;
153551
153552 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
153553 + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && !(vma->vm_flags & VM_SPECIAL)) {
153554 + vma->vm_flags |= VM_PAGEEXEC;
153555 + vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
153556 + }
153557 +#endif
153558 +
153559 /* Can addr have changed??
153560 *
153561 * Answer: Yes, several device drivers can do it in their
153562 @@ -1537,6 +1700,12 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
153563 }
153564
153565 vma_link(mm, vma, prev, rb_link, rb_parent);
153566 +
153567 +#ifdef CONFIG_PAX_SEGMEXEC
153568 + if (vma_m)
153569 + BUG_ON(pax_mirror_vma(vma_m, vma));
153570 +#endif
153571 +
153572 /* Once vma denies write, undo our temporary denial count */
153573 if (file) {
153574 if (vm_flags & VM_SHARED)
153575 @@ -1549,6 +1718,7 @@ out:
153576 perf_event_mmap(vma);
153577
153578 vm_stat_account(mm, vm_flags, len >> PAGE_SHIFT);
153579 + track_exec_limit(mm, addr, addr + len, vm_flags);
153580 if (vm_flags & VM_LOCKED) {
153581 if (!((vm_flags & VM_SPECIAL) || is_vm_hugetlb_page(vma) ||
153582 vma == get_gate_vma(current->mm)))
153583 @@ -1586,6 +1756,12 @@ allow_write_and_free_vma:
153584 if (vm_flags & VM_DENYWRITE)
153585 allow_write_access(file);
153586 free_vma:
153587 +
153588 +#ifdef CONFIG_PAX_SEGMEXEC
153589 + if (vma_m)
153590 + kmem_cache_free(vm_area_cachep, vma_m);
153591 +#endif
153592 +
153593 kmem_cache_free(vm_area_cachep, vma);
153594 unacct_error:
153595 if (charged)
153596 @@ -1593,7 +1769,54 @@ unacct_error:
153597 return error;
153598 }
153599
153600 -unsigned long unmapped_area(struct vm_unmapped_area_info *info)
153601 +#ifdef CONFIG_GRKERNSEC_RAND_THREADSTACK
153602 +unsigned long gr_rand_threadstack_offset(const struct mm_struct *mm, const struct file *filp, unsigned long flags)
153603 +{
153604 + if ((mm->pax_flags & MF_PAX_RANDMMAP) && !filp && (flags & MAP_STACK))
153605 + return ((prandom_u32() & 0xFF) + 1) << PAGE_SHIFT;
153606 +
153607 + return 0;
153608 +}
153609 +#endif
153610 +
153611 +bool check_heap_stack_gap(const struct vm_area_struct *vma, unsigned long addr, unsigned long len, unsigned long offset)
153612 +{
153613 + if (!vma) {
153614 +#ifdef CONFIG_STACK_GROWSUP
153615 + if (addr > sysctl_heap_stack_gap)
153616 + vma = find_vma(current->mm, addr - sysctl_heap_stack_gap);
153617 + else
153618 + vma = find_vma(current->mm, 0);
153619 + if (vma && (vma->vm_flags & VM_GROWSUP))
153620 + return false;
153621 +#endif
153622 + return true;
153623 + }
153624 +
153625 + if (addr + len > vma->vm_start)
153626 + return false;
153627 +
153628 + if (vma->vm_flags & VM_GROWSDOWN)
153629 + return sysctl_heap_stack_gap <= vma->vm_start - addr - len;
153630 +#ifdef CONFIG_STACK_GROWSUP
153631 + else if (vma->vm_prev && (vma->vm_prev->vm_flags & VM_GROWSUP))
153632 + return addr - vma->vm_prev->vm_end >= sysctl_heap_stack_gap;
153633 +#endif
153634 + else if (offset)
153635 + return offset <= vma->vm_start - addr - len;
153636 +
153637 + return true;
153638 +}
153639 +
153640 +unsigned long skip_heap_stack_gap(const struct vm_area_struct *vma, unsigned long flag, unsigned long gap_start, unsigned long gap_end)
153641 +{
153642 + if (!vma || !(vma->vm_flags & flag))
153643 + return 0;
153644 +
153645 + return min(sysctl_heap_stack_gap, gap_end - gap_start);
153646 +}
153647 +
153648 +unsigned long unmapped_area(const struct vm_unmapped_area_info *info)
153649 {
153650 /*
153651 * We implement the search by looking for an rbtree node that
153652 @@ -1646,6 +1869,15 @@ check_current:
153653 /* Check if current node has a suitable gap */
153654 if (gap_start > high_limit)
153655 return -ENOMEM;
153656 +
153657 + gap_start += skip_heap_stack_gap(vma->vm_prev, VM_GROWSUP, gap_start, gap_end);
153658 + gap_end -= skip_heap_stack_gap(vma, VM_GROWSDOWN, gap_start, gap_end);
153659 +
153660 + if (gap_end - gap_start > info->threadstack_offset)
153661 + gap_start += info->threadstack_offset;
153662 + else
153663 + gap_start = gap_end;
153664 +
153665 if (gap_end >= low_limit && gap_end - gap_start >= length)
153666 goto found;
153667
153668 @@ -1695,7 +1927,7 @@ found:
153669 return gap_start;
153670 }
153671
153672 -unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info)
153673 +unsigned long unmapped_area_topdown(const struct vm_unmapped_area_info *info)
153674 {
153675 struct mm_struct *mm = current->mm;
153676 struct vm_area_struct *vma;
153677 @@ -1749,6 +1981,15 @@ check_current:
153678 gap_end = vma->vm_start;
153679 if (gap_end < low_limit)
153680 return -ENOMEM;
153681 +
153682 + gap_start += skip_heap_stack_gap(vma->vm_prev, VM_GROWSUP, gap_start, gap_end);
153683 + gap_end -= skip_heap_stack_gap(vma, VM_GROWSDOWN, gap_start, gap_end);
153684 +
153685 + if (gap_end - gap_start > info->threadstack_offset)
153686 + gap_end -= info->threadstack_offset;
153687 + else
153688 + gap_end = gap_start;
153689 +
153690 if (gap_start <= high_limit && gap_end - gap_start >= length)
153691 goto found;
153692
153693 @@ -1812,6 +2053,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
153694 struct mm_struct *mm = current->mm;
153695 struct vm_area_struct *vma;
153696 struct vm_unmapped_area_info info;
153697 + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
153698
153699 if (len > TASK_SIZE - mmap_min_addr)
153700 return -ENOMEM;
153701 @@ -1819,11 +2061,15 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
153702 if (flags & MAP_FIXED)
153703 return addr;
153704
153705 +#ifdef CONFIG_PAX_RANDMMAP
153706 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
153707 +#endif
153708 +
153709 if (addr) {
153710 addr = PAGE_ALIGN(addr);
153711 vma = find_vma(mm, addr);
153712 if (TASK_SIZE - len >= addr && addr >= mmap_min_addr &&
153713 - (!vma || addr + len <= vma->vm_start))
153714 + check_heap_stack_gap(vma, addr, len, offset))
153715 return addr;
153716 }
153717
153718 @@ -1832,6 +2078,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
153719 info.low_limit = mm->mmap_base;
153720 info.high_limit = TASK_SIZE;
153721 info.align_mask = 0;
153722 + info.threadstack_offset = offset;
153723 return vm_unmapped_area(&info);
153724 }
153725 #endif
153726 @@ -1850,6 +2097,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
153727 struct mm_struct *mm = current->mm;
153728 unsigned long addr = addr0;
153729 struct vm_unmapped_area_info info;
153730 + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
153731
153732 /* requested length too big for entire address space */
153733 if (len > TASK_SIZE - mmap_min_addr)
153734 @@ -1858,12 +2106,16 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
153735 if (flags & MAP_FIXED)
153736 return addr;
153737
153738 +#ifdef CONFIG_PAX_RANDMMAP
153739 + if (!(mm->pax_flags & MF_PAX_RANDMMAP))
153740 +#endif
153741 +
153742 /* requesting a specific address */
153743 if (addr) {
153744 addr = PAGE_ALIGN(addr);
153745 vma = find_vma(mm, addr);
153746 if (TASK_SIZE - len >= addr && addr >= mmap_min_addr &&
153747 - (!vma || addr + len <= vma->vm_start))
153748 + check_heap_stack_gap(vma, addr, len, offset))
153749 return addr;
153750 }
153751
153752 @@ -1872,6 +2124,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
153753 info.low_limit = max(PAGE_SIZE, mmap_min_addr);
153754 info.high_limit = mm->mmap_base;
153755 info.align_mask = 0;
153756 + info.threadstack_offset = offset;
153757 addr = vm_unmapped_area(&info);
153758
153759 /*
153760 @@ -1884,6 +2137,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
153761 VM_BUG_ON(addr != -ENOMEM);
153762 info.flags = 0;
153763 info.low_limit = TASK_UNMAPPED_BASE;
153764 +
153765 +#ifdef CONFIG_PAX_RANDMMAP
153766 + if (mm->pax_flags & MF_PAX_RANDMMAP)
153767 + info.low_limit += mm->delta_mmap;
153768 +#endif
153769 +
153770 info.high_limit = TASK_SIZE;
153771 addr = vm_unmapped_area(&info);
153772 }
153773 @@ -1993,6 +2252,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr,
153774 return vma;
153775 }
153776
153777 +#ifdef CONFIG_PAX_SEGMEXEC
153778 +struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma)
153779 +{
153780 + struct vm_area_struct *vma_m;
153781 +
153782 + BUG_ON(!vma || vma->vm_start >= vma->vm_end);
153783 + if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC)) {
153784 + BUG_ON(vma->vm_mirror);
153785 + return NULL;
153786 + }
153787 + BUG_ON(vma->vm_start < SEGMEXEC_TASK_SIZE && SEGMEXEC_TASK_SIZE < vma->vm_end);
153788 + vma_m = vma->vm_mirror;
153789 + BUG_ON(!vma_m || vma_m->vm_mirror != vma);
153790 + BUG_ON(vma->vm_file != vma_m->vm_file);
153791 + BUG_ON(vma->vm_end - vma->vm_start != vma_m->vm_end - vma_m->vm_start);
153792 + BUG_ON(vma->vm_pgoff != vma_m->vm_pgoff);
153793 + BUG_ON(vma->anon_vma != vma_m->anon_vma && vma->anon_vma->root != vma_m->anon_vma->root);
153794 + BUG_ON((vma->vm_flags ^ vma_m->vm_flags) & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED));
153795 + return vma_m;
153796 +}
153797 +#endif
153798 +
153799 /*
153800 * Verify that the stack growth is acceptable and
153801 * update accounting. This is shared with both the
153802 @@ -2010,8 +2291,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
153803
153804 /* Stack limit test */
153805 actual_size = size;
153806 - if (size && (vma->vm_flags & (VM_GROWSUP | VM_GROWSDOWN)))
153807 - actual_size -= PAGE_SIZE;
153808 + gr_learn_resource(current, RLIMIT_STACK, actual_size, 1);
153809 if (actual_size > READ_ONCE(rlim[RLIMIT_STACK].rlim_cur))
153810 return -ENOMEM;
153811
153812 @@ -2022,6 +2302,10 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
153813 locked = mm->locked_vm + grow;
153814 limit = READ_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur);
153815 limit >>= PAGE_SHIFT;
153816 + if (locked > (ULONG_MAX >> PAGE_SHIFT))
153817 + gr_learn_resource(current, RLIMIT_MEMLOCK, ULONG_MAX, 1);
153818 + else
153819 + gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1);
153820 if (locked > limit && !capable(CAP_IPC_LOCK))
153821 return -ENOMEM;
153822 }
153823 @@ -2047,17 +2331,21 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
153824 * PA-RISC uses this for its stack; IA64 for its Register Backing Store.
153825 * vma is the last one with address > vma->vm_end. Have to extend vma.
153826 */
153827 +#ifndef CONFIG_IA64
153828 +static
153829 +#endif
153830 int expand_upwards(struct vm_area_struct *vma, unsigned long address)
153831 {
153832 struct mm_struct *mm = vma->vm_mm;
153833 int error = 0;
153834 + bool locknext;
153835
153836 if (!(vma->vm_flags & VM_GROWSUP))
153837 return -EFAULT;
153838
153839 /* Guard against wrapping around to address 0. */
153840 - if (address < PAGE_ALIGN(address+4))
153841 - address = PAGE_ALIGN(address+4);
153842 + if (address < PAGE_ALIGN(address+1))
153843 + address = PAGE_ALIGN(address+1);
153844 else
153845 return -ENOMEM;
153846
153847 @@ -2065,15 +2353,24 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
153848 if (unlikely(anon_vma_prepare(vma)))
153849 return -ENOMEM;
153850
153851 + locknext = vma->vm_next && (vma->vm_next->vm_flags & VM_GROWSDOWN);
153852 + if (locknext && anon_vma_prepare(vma->vm_next))
153853 + return -ENOMEM;
153854 +
153855 /*
153856 * vma->vm_start/vm_end cannot change under us because the caller
153857 * is required to hold the mmap_sem in read mode. We need the
153858 - * anon_vma lock to serialize against concurrent expand_stacks.
153859 + * anon_vma locks to serialize against concurrent expand_stacks
153860 + * and expand_upwards.
153861 */
153862 anon_vma_lock_write(vma->anon_vma);
153863 + if (locknext)
153864 + anon_vma_lock_write(vma->vma_next->anon_vma);
153865
153866 /* Somebody else might have raced and expanded it already */
153867 - if (address > vma->vm_end) {
153868 + if (vma->vm_next && (vma->vm_next->vm_flags & (VM_READ | VM_WRITE | VM_EXEC)) && vma->vm_next->vm_start - address < sysctl_heap_stack_gap)
153869 + error = -ENOMEM;
153870 + else if (address > vma->vm_end && (!locknext || vma->vm_next->vm_start >= address)) {
153871 unsigned long size, grow;
153872
153873 size = address - vma->vm_start;
153874 @@ -2111,6 +2408,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
153875 }
153876 }
153877 }
153878 + if (locknext)
153879 + anon_vma_unlock_write(vma->vm_next->anon_vma);
153880 anon_vma_unlock_write(vma->anon_vma);
153881 khugepaged_enter_vma_merge(vma, vma->vm_flags);
153882 validate_mm(mm);
153883 @@ -2126,6 +2425,8 @@ int expand_downwards(struct vm_area_struct *vma,
153884 {
153885 struct mm_struct *mm = vma->vm_mm;
153886 int error;
153887 + bool lockprev = false;
153888 + struct vm_area_struct *prev;
153889
153890 address &= PAGE_MASK;
153891 error = security_mmap_addr(address);
153892 @@ -2136,6 +2437,15 @@ int expand_downwards(struct vm_area_struct *vma,
153893 if (unlikely(anon_vma_prepare(vma)))
153894 return -ENOMEM;
153895
153896 + prev = vma->vm_prev;
153897 +#if defined(CONFIG_STACK_GROWSUP) || defined(CONFIG_IA64)
153898 + lockprev = prev && (prev->vm_flags & VM_GROWSUP);
153899 +#endif
153900 + if (lockprev && anon_vma_prepare(prev))
153901 + return -ENOMEM;
153902 + if (lockprev)
153903 + anon_vma_lock_write(prev->anon_vma);
153904 +
153905 /*
153906 * vma->vm_start/vm_end cannot change under us because the caller
153907 * is required to hold the mmap_sem in read mode. We need the
153908 @@ -2144,9 +2454,17 @@ int expand_downwards(struct vm_area_struct *vma,
153909 anon_vma_lock_write(vma->anon_vma);
153910
153911 /* Somebody else might have raced and expanded it already */
153912 - if (address < vma->vm_start) {
153913 + if (prev && (prev->vm_flags & (VM_READ | VM_WRITE | VM_EXEC)) && address - prev->vm_end < sysctl_heap_stack_gap)
153914 + error = -ENOMEM;
153915 + else if (address < vma->vm_start && (!lockprev || prev->vm_end <= address)) {
153916 unsigned long size, grow;
153917
153918 +#ifdef CONFIG_PAX_SEGMEXEC
153919 + struct vm_area_struct *vma_m;
153920 +
153921 + vma_m = pax_find_mirror_vma(vma);
153922 +#endif
153923 +
153924 size = vma->vm_end - address;
153925 grow = (vma->vm_start - address) >> PAGE_SHIFT;
153926
153927 @@ -2174,13 +2492,27 @@ int expand_downwards(struct vm_area_struct *vma,
153928 vma->vm_pgoff -= grow;
153929 anon_vma_interval_tree_post_update_vma(vma);
153930 vma_gap_update(vma);
153931 +
153932 +#ifdef CONFIG_PAX_SEGMEXEC
153933 + if (vma_m) {
153934 + anon_vma_interval_tree_pre_update_vma(vma_m);
153935 + vma_m->vm_start -= grow << PAGE_SHIFT;
153936 + vma_m->vm_pgoff -= grow;
153937 + anon_vma_interval_tree_post_update_vma(vma_m);
153938 + vma_gap_update(vma_m);
153939 + }
153940 +#endif
153941 +
153942 spin_unlock(&mm->page_table_lock);
153943
153944 + track_exec_limit(vma->vm_mm, vma->vm_start, vma->vm_end, vma->vm_flags);
153945 perf_event_mmap(vma);
153946 }
153947 }
153948 }
153949 anon_vma_unlock_write(vma->anon_vma);
153950 + if (lockprev)
153951 + anon_vma_unlock_write(prev->anon_vma);
153952 khugepaged_enter_vma_merge(vma, vma->vm_flags);
153953 validate_mm(mm);
153954 return error;
153955 @@ -2280,6 +2612,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
153956 do {
153957 long nrpages = vma_pages(vma);
153958
153959 +#ifdef CONFIG_PAX_SEGMEXEC
153960 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_start >= SEGMEXEC_TASK_SIZE)) {
153961 + vma = remove_vma(vma);
153962 + continue;
153963 + }
153964 +#endif
153965 +
153966 if (vma->vm_flags & VM_ACCOUNT)
153967 nr_accounted += nrpages;
153968 vm_stat_account(mm, vma->vm_flags, -nrpages);
153969 @@ -2324,6 +2663,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
153970 insertion_point = (prev ? &prev->vm_next : &mm->mmap);
153971 vma->vm_prev = NULL;
153972 do {
153973 +
153974 +#ifdef CONFIG_PAX_SEGMEXEC
153975 + if (vma->vm_mirror) {
153976 + BUG_ON(!vma->vm_mirror->vm_mirror || vma->vm_mirror->vm_mirror != vma);
153977 + vma->vm_mirror->vm_mirror = NULL;
153978 + vma->vm_mirror->vm_flags &= ~VM_EXEC;
153979 + vma->vm_mirror = NULL;
153980 + }
153981 +#endif
153982 +
153983 vma_rb_erase(vma, &mm->mm_rb);
153984 mm->map_count--;
153985 tail_vma = vma;
153986 @@ -2351,14 +2700,33 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
153987 struct vm_area_struct *new;
153988 int err;
153989
153990 +#ifdef CONFIG_PAX_SEGMEXEC
153991 + struct vm_area_struct *vma_m, *new_m = NULL;
153992 + unsigned long addr_m = addr + SEGMEXEC_TASK_SIZE;
153993 +#endif
153994 +
153995 if (is_vm_hugetlb_page(vma) && (addr &
153996 ~(huge_page_mask(hstate_vma(vma)))))
153997 return -EINVAL;
153998
153999 +#ifdef CONFIG_PAX_SEGMEXEC
154000 + vma_m = pax_find_mirror_vma(vma);
154001 +#endif
154002 +
154003 new = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL);
154004 if (!new)
154005 return -ENOMEM;
154006
154007 +#ifdef CONFIG_PAX_SEGMEXEC
154008 + if (vma_m) {
154009 + new_m = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL);
154010 + if (!new_m) {
154011 + kmem_cache_free(vm_area_cachep, new);
154012 + return -ENOMEM;
154013 + }
154014 + }
154015 +#endif
154016 +
154017 /* most fields are the same, copy all, and then fixup */
154018 *new = *vma;
154019
154020 @@ -2371,6 +2739,22 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
154021 new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
154022 }
154023
154024 +#ifdef CONFIG_PAX_SEGMEXEC
154025 + if (vma_m) {
154026 + *new_m = *vma_m;
154027 + INIT_LIST_HEAD(&new_m->anon_vma_chain);
154028 + new_m->vm_mirror = new;
154029 + new->vm_mirror = new_m;
154030 +
154031 + if (new_below)
154032 + new_m->vm_end = addr_m;
154033 + else {
154034 + new_m->vm_start = addr_m;
154035 + new_m->vm_pgoff += ((addr_m - vma_m->vm_start) >> PAGE_SHIFT);
154036 + }
154037 + }
154038 +#endif
154039 +
154040 err = vma_dup_policy(vma, new);
154041 if (err)
154042 goto out_free_vma;
154043 @@ -2391,6 +2775,38 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
154044 else
154045 err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
154046
154047 +#ifdef CONFIG_PAX_SEGMEXEC
154048 + if (!err && vma_m) {
154049 + struct mempolicy *pol = vma_policy(new);
154050 +
154051 + if (anon_vma_clone(new_m, vma_m))
154052 + goto out_free_mpol;
154053 +
154054 + mpol_get(pol);
154055 + set_vma_policy(new_m, pol);
154056 +
154057 + if (new_m->vm_file)
154058 + get_file(new_m->vm_file);
154059 +
154060 + if (new_m->vm_ops && new_m->vm_ops->open)
154061 + new_m->vm_ops->open(new_m);
154062 +
154063 + if (new_below)
154064 + err = vma_adjust(vma_m, addr_m, vma_m->vm_end, vma_m->vm_pgoff +
154065 + ((addr_m - new_m->vm_start) >> PAGE_SHIFT), new_m);
154066 + else
154067 + err = vma_adjust(vma_m, vma_m->vm_start, addr_m, vma_m->vm_pgoff, new_m);
154068 +
154069 + if (err) {
154070 + if (new_m->vm_ops && new_m->vm_ops->close)
154071 + new_m->vm_ops->close(new_m);
154072 + if (new_m->vm_file)
154073 + fput(new_m->vm_file);
154074 + mpol_put(pol);
154075 + }
154076 + }
154077 +#endif
154078 +
154079 /* Success. */
154080 if (!err)
154081 return 0;
154082 @@ -2400,10 +2816,18 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
154083 new->vm_ops->close(new);
154084 if (new->vm_file)
154085 fput(new->vm_file);
154086 - unlink_anon_vmas(new);
154087 out_free_mpol:
154088 mpol_put(vma_policy(new));
154089 out_free_vma:
154090 +
154091 +#ifdef CONFIG_PAX_SEGMEXEC
154092 + if (new_m) {
154093 + unlink_anon_vmas(new_m);
154094 + kmem_cache_free(vm_area_cachep, new_m);
154095 + }
154096 +#endif
154097 +
154098 + unlink_anon_vmas(new);
154099 kmem_cache_free(vm_area_cachep, new);
154100 return err;
154101 }
154102 @@ -2415,6 +2839,15 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
154103 int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
154104 unsigned long addr, int new_below)
154105 {
154106 +
154107 +#ifdef CONFIG_PAX_SEGMEXEC
154108 + if (mm->pax_flags & MF_PAX_SEGMEXEC) {
154109 + BUG_ON(vma->vm_end > SEGMEXEC_TASK_SIZE);
154110 + if (mm->map_count >= sysctl_max_map_count-1)
154111 + return -ENOMEM;
154112 + } else
154113 +#endif
154114 +
154115 if (mm->map_count >= sysctl_max_map_count)
154116 return -ENOMEM;
154117
154118 @@ -2426,11 +2859,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
154119 * work. This now handles partial unmappings.
154120 * Jeremy Fitzhardinge <jeremy@goop.org>
154121 */
154122 +#ifdef CONFIG_PAX_SEGMEXEC
154123 int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
154124 {
154125 + int ret = __do_munmap(mm, start, len);
154126 + if (ret || !(mm->pax_flags & MF_PAX_SEGMEXEC))
154127 + return ret;
154128 +
154129 + return __do_munmap(mm, start + SEGMEXEC_TASK_SIZE, len);
154130 +}
154131 +
154132 +int __do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
154133 +#else
154134 +int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
154135 +#endif
154136 +{
154137 unsigned long end;
154138 struct vm_area_struct *vma, *prev, *last;
154139
154140 + /*
154141 + * mm->mmap_sem is required to protect against another thread
154142 + * changing the mappings in case we sleep.
154143 + */
154144 + verify_mm_writelocked(mm);
154145 +
154146 if ((offset_in_page(start)) || start > TASK_SIZE || len > TASK_SIZE-start)
154147 return -EINVAL;
154148
154149 @@ -2508,6 +2960,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
154150 /* Fix up all other VM information */
154151 remove_vma_list(mm, vma);
154152
154153 + track_exec_limit(mm, start, end, 0UL);
154154 +
154155 return 0;
154156 }
154157
154158 @@ -2516,6 +2970,12 @@ int vm_munmap(unsigned long start, size_t len)
154159 int ret;
154160 struct mm_struct *mm = current->mm;
154161
154162 +#ifdef CONFIG_PAX_SEGMEXEC
154163 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) &&
154164 + (len > SEGMEXEC_TASK_SIZE || start > SEGMEXEC_TASK_SIZE-len))
154165 + return -EINVAL;
154166 +#endif
154167 +
154168 if (down_write_killable(&mm->mmap_sem))
154169 return -EINTR;
154170
154171 @@ -2572,6 +3032,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
154172
154173 vma = find_vma(mm, start);
154174
154175 +#ifdef CONFIG_PAX_SEGMEXEC
154176 + if (vma && (mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_flags & VM_MAYEXEC))
154177 + goto out;
154178 +#endif
154179 +
154180 if (!vma || !(vma->vm_flags & VM_SHARED))
154181 goto out;
154182
154183 @@ -2638,16 +3103,6 @@ out:
154184 return ret;
154185 }
154186
154187 -static inline void verify_mm_writelocked(struct mm_struct *mm)
154188 -{
154189 -#ifdef CONFIG_DEBUG_VM
154190 - if (unlikely(down_read_trylock(&mm->mmap_sem))) {
154191 - WARN_ON(1);
154192 - up_read(&mm->mmap_sem);
154193 - }
154194 -#endif
154195 -}
154196 -
154197 /*
154198 * this is really a simplified "do_mmap". it only handles
154199 * anonymous maps. eventually we may be able to do some
154200 @@ -2661,6 +3116,7 @@ static int do_brk(unsigned long addr, unsigned long request)
154201 struct rb_node **rb_link, *rb_parent;
154202 pgoff_t pgoff = addr >> PAGE_SHIFT;
154203 int error;
154204 + unsigned long charged;
154205
154206 len = PAGE_ALIGN(request);
154207 if (len < request)
154208 @@ -2670,10 +3126,24 @@ static int do_brk(unsigned long addr, unsigned long request)
154209
154210 flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
154211
154212 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
154213 + if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
154214 + flags &= ~VM_EXEC;
154215 +
154216 +#ifdef CONFIG_PAX_MPROTECT
154217 + if (mm->pax_flags & MF_PAX_MPROTECT)
154218 + flags &= ~VM_MAYEXEC;
154219 +#endif
154220 +
154221 + }
154222 +#endif
154223 +
154224 error = get_unmapped_area(NULL, addr, len, 0, MAP_FIXED);
154225 if (offset_in_page(error))
154226 return error;
154227
154228 + charged = len >> PAGE_SHIFT;
154229 +
154230 error = mlock_future_check(mm, mm->def_flags, len);
154231 if (error)
154232 return error;
154233 @@ -2691,16 +3161,17 @@ static int do_brk(unsigned long addr, unsigned long request)
154234 &rb_parent)) {
154235 if (do_munmap(mm, addr, len))
154236 return -ENOMEM;
154237 + BUG_ON(find_vma_links(mm, addr, addr + len, &prev, &rb_link, &rb_parent));
154238 }
154239
154240 /* Check against address space limits *after* clearing old maps... */
154241 - if (!may_expand_vm(mm, flags, len >> PAGE_SHIFT))
154242 + if (!may_expand_vm(mm, flags, charged))
154243 return -ENOMEM;
154244
154245 if (mm->map_count > sysctl_max_map_count)
154246 return -ENOMEM;
154247
154248 - if (security_vm_enough_memory_mm(mm, len >> PAGE_SHIFT))
154249 + if (security_vm_enough_memory_mm(mm, charged))
154250 return -ENOMEM;
154251
154252 /* Can we just expand an old private anonymous mapping? */
154253 @@ -2714,7 +3185,7 @@ static int do_brk(unsigned long addr, unsigned long request)
154254 */
154255 vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
154256 if (!vma) {
154257 - vm_unacct_memory(len >> PAGE_SHIFT);
154258 + vm_unacct_memory(charged);
154259 return -ENOMEM;
154260 }
154261
154262 @@ -2728,11 +3199,12 @@ static int do_brk(unsigned long addr, unsigned long request)
154263 vma_link(mm, vma, prev, rb_link, rb_parent);
154264 out:
154265 perf_event_mmap(vma);
154266 - mm->total_vm += len >> PAGE_SHIFT;
154267 - mm->data_vm += len >> PAGE_SHIFT;
154268 + mm->total_vm += charged;
154269 + mm->data_vm += charged;
154270 if (flags & VM_LOCKED)
154271 - mm->locked_vm += (len >> PAGE_SHIFT);
154272 + mm->locked_vm += charged;
154273 vma->vm_flags |= VM_SOFTDIRTY;
154274 + track_exec_limit(mm, addr, addr + len, flags);
154275 return 0;
154276 }
154277
154278 @@ -2796,6 +3268,7 @@ void exit_mmap(struct mm_struct *mm)
154279 while (vma) {
154280 if (vma->vm_flags & VM_ACCOUNT)
154281 nr_accounted += vma_pages(vma);
154282 + vma->vm_mirror = NULL;
154283 vma = remove_vma(vma);
154284 }
154285 vm_unacct_memory(nr_accounted);
154286 @@ -2810,6 +3283,10 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
154287 struct vm_area_struct *prev;
154288 struct rb_node **rb_link, *rb_parent;
154289
154290 +#ifdef CONFIG_PAX_SEGMEXEC
154291 + struct vm_area_struct *vma_m = NULL;
154292 +#endif
154293 +
154294 if (find_vma_links(mm, vma->vm_start, vma->vm_end,
154295 &prev, &rb_link, &rb_parent))
154296 return -ENOMEM;
154297 @@ -2817,6 +3294,9 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
154298 security_vm_enough_memory_mm(mm, vma_pages(vma)))
154299 return -ENOMEM;
154300
154301 + if (security_mmap_addr(vma->vm_start))
154302 + return -EPERM;
154303 +
154304 /*
154305 * The vm_pgoff of a purely anonymous vma should be irrelevant
154306 * until its first write fault, when page's anon_vma and index
154307 @@ -2834,7 +3314,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
154308 vma->vm_pgoff = vma->vm_start >> PAGE_SHIFT;
154309 }
154310
154311 +#ifdef CONFIG_PAX_SEGMEXEC
154312 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_flags & VM_EXEC)) {
154313 + vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
154314 + if (!vma_m)
154315 + return -ENOMEM;
154316 + }
154317 +#endif
154318 +
154319 vma_link(mm, vma, prev, rb_link, rb_parent);
154320 +
154321 +#ifdef CONFIG_PAX_SEGMEXEC
154322 + if (vma_m)
154323 + BUG_ON(pax_mirror_vma(vma_m, vma));
154324 +#endif
154325 +
154326 return 0;
154327 }
154328
154329 @@ -2853,6 +3347,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
154330 struct rb_node **rb_link, *rb_parent;
154331 bool faulted_in_anon_vma = true;
154332
154333 + BUG_ON(vma->vm_mirror);
154334 +
154335 /*
154336 * If anonymous vma has not yet been faulted, update new pgoff
154337 * to match new location, to increase its chance of merging.
154338 @@ -2919,27 +3415,70 @@ out:
154339 return NULL;
154340 }
154341
154342 +#ifdef CONFIG_PAX_SEGMEXEC
154343 +long pax_mirror_vma(struct vm_area_struct *vma_m, struct vm_area_struct *vma)
154344 +{
154345 + struct vm_area_struct *prev_m;
154346 + struct rb_node **rb_link_m, *rb_parent_m;
154347 + struct mempolicy *pol_m;
154348 +
154349 + BUG_ON(!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC));
154350 + BUG_ON(vma->vm_mirror || vma_m->vm_mirror);
154351 + BUG_ON(!mpol_equal(vma_policy(vma), vma_policy(vma_m)));
154352 + *vma_m = *vma;
154353 + INIT_LIST_HEAD(&vma_m->anon_vma_chain);
154354 + if (anon_vma_clone(vma_m, vma))
154355 + return -ENOMEM;
154356 + pol_m = vma_policy(vma_m);
154357 + mpol_get(pol_m);
154358 + set_vma_policy(vma_m, pol_m);
154359 + vma_m->vm_start += SEGMEXEC_TASK_SIZE;
154360 + vma_m->vm_end += SEGMEXEC_TASK_SIZE;
154361 + vma_m->vm_flags &= ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED);
154362 + vma_m->vm_page_prot = vm_get_page_prot(vma_m->vm_flags);
154363 + if (vma_m->vm_file)
154364 + get_file(vma_m->vm_file);
154365 + if (vma_m->vm_ops && vma_m->vm_ops->open)
154366 + vma_m->vm_ops->open(vma_m);
154367 + BUG_ON(find_vma_links(vma->vm_mm, vma_m->vm_start, vma_m->vm_end, &prev_m, &rb_link_m, &rb_parent_m));
154368 + vma_link(vma->vm_mm, vma_m, prev_m, rb_link_m, rb_parent_m);
154369 + vma_m->vm_mirror = vma;
154370 + vma->vm_mirror = vma_m;
154371 + return 0;
154372 +}
154373 +#endif
154374 +
154375 /*
154376 * Return true if the calling process may expand its vm space by the passed
154377 * number of pages
154378 */
154379 bool may_expand_vm(struct mm_struct *mm, vm_flags_t flags, unsigned long npages)
154380 {
154381 + if ((mm->total_vm + npages) > (ULONG_MAX >> PAGE_SHIFT))
154382 + gr_learn_resource(current, RLIMIT_AS, ULONG_MAX, 1);
154383 + else
154384 + gr_learn_resource(current, RLIMIT_AS, (mm->total_vm + npages) << PAGE_SHIFT, 1);
154385 +
154386 if (mm->total_vm + npages > rlimit(RLIMIT_AS) >> PAGE_SHIFT)
154387 return false;
154388
154389 - if (is_data_mapping(flags) &&
154390 - mm->data_vm + npages > rlimit(RLIMIT_DATA) >> PAGE_SHIFT) {
154391 - /* Workaround for Valgrind */
154392 - if (rlimit(RLIMIT_DATA) == 0 &&
154393 - mm->data_vm + npages <= rlimit_max(RLIMIT_DATA) >> PAGE_SHIFT)
154394 - return true;
154395 - if (!ignore_rlimit_data) {
154396 - pr_warn_once("%s (%d): VmData %lu exceed data ulimit %lu. Update limits or use boot option ignore_rlimit_data.\n",
154397 - current->comm, current->pid,
154398 - (mm->data_vm + npages) << PAGE_SHIFT,
154399 - rlimit(RLIMIT_DATA));
154400 - return false;
154401 + if (is_data_mapping(flags)) {
154402 + if ((mm->data_vm + npages) > (ULONG_MAX >> PAGE_SHIFT))
154403 + gr_learn_resource(current, RLIMIT_DATA, ULONG_MAX, 1);
154404 + else
154405 + gr_learn_resource(current, RLIMIT_DATA, (mm->data_vm + npages) << PAGE_SHIFT, 1);
154406 + if (mm->data_vm + npages > rlimit(RLIMIT_DATA) >> PAGE_SHIFT) {
154407 + /* Workaround for Valgrind */
154408 + if (rlimit(RLIMIT_DATA) == 0 &&
154409 + mm->data_vm + npages <= rlimit_max(RLIMIT_DATA) >> PAGE_SHIFT)
154410 + return true;
154411 + if (!ignore_rlimit_data) {
154412 + pr_warn_once("%s (%d): VmData %lu exceed data ulimit %lu. Update limits or use boot option ignore_rlimit_data.\n",
154413 + current->comm, current->pid,
154414 + (mm->data_vm + npages) << PAGE_SHIFT,
154415 + rlimit(RLIMIT_DATA));
154416 + return false;
154417 + }
154418 }
154419 }
154420
154421 @@ -2948,6 +3487,11 @@ bool may_expand_vm(struct mm_struct *mm, vm_flags_t flags, unsigned long npages)
154422
154423 void vm_stat_account(struct mm_struct *mm, vm_flags_t flags, long npages)
154424 {
154425 +
154426 +#ifdef CONFIG_PAX_RANDMMAP
154427 + if (!(mm->pax_flags & MF_PAX_RANDMMAP) || (flags & (VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)))
154428 +#endif
154429 +
154430 mm->total_vm += npages;
154431
154432 if (is_exec_mapping(flags))
154433 @@ -3042,6 +3586,22 @@ static struct vm_area_struct *__install_special_mapping(
154434 vma->vm_start = addr;
154435 vma->vm_end = addr + len;
154436
154437 +#ifdef CONFIG_PAX_MPROTECT
154438 + if (mm->pax_flags & MF_PAX_MPROTECT) {
154439 +#ifndef CONFIG_PAX_MPROTECT_COMPAT
154440 + if ((vm_flags & (VM_WRITE | VM_EXEC)) == (VM_WRITE | VM_EXEC))
154441 + return ERR_PTR(-EPERM);
154442 + if (!(vm_flags & VM_EXEC))
154443 + vm_flags &= ~VM_MAYEXEC;
154444 +#else
154445 + if ((vm_flags & (VM_WRITE | VM_EXEC)) != VM_EXEC)
154446 + vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
154447 +#endif
154448 + else
154449 + vm_flags &= ~VM_MAYWRITE;
154450 + }
154451 +#endif
154452 +
154453 vma->vm_flags = vm_flags | mm->def_flags | VM_DONTEXPAND | VM_SOFTDIRTY;
154454 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
154455
154456 diff --git a/mm/mprotect.c b/mm/mprotect.c
154457 index a4830f0..0675c13 100644
154458 --- a/mm/mprotect.c
154459 +++ b/mm/mprotect.c
154460 @@ -25,10 +25,18 @@
154461 #include <linux/perf_event.h>
154462 #include <linux/ksm.h>
154463 #include <linux/pkeys.h>
154464 +#include <linux/sched/sysctl.h>
154465 +
154466 +#ifdef CONFIG_PAX_MPROTECT
154467 +#include <linux/elf.h>
154468 +#include <linux/binfmts.h>
154469 +#endif
154470 +
154471 #include <asm/uaccess.h>
154472 #include <asm/pgtable.h>
154473 #include <asm/cacheflush.h>
154474 #include <asm/tlbflush.h>
154475 +#include <asm/mmu_context.h>
154476
154477 #include "internal.h"
154478
154479 @@ -258,6 +266,48 @@ unsigned long change_protection(struct vm_area_struct *vma, unsigned long start,
154480 return pages;
154481 }
154482
154483 +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
154484 +/* called while holding the mmap semaphor for writing except stack expansion */
154485 +void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot)
154486 +{
154487 + unsigned long oldlimit, newlimit = 0UL;
154488 +
154489 + if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || (__supported_pte_mask & _PAGE_NX))
154490 + return;
154491 +
154492 + spin_lock(&mm->page_table_lock);
154493 + oldlimit = mm->context.user_cs_limit;
154494 + if ((prot & VM_EXEC) && oldlimit < end)
154495 + /* USER_CS limit moved up */
154496 + newlimit = end;
154497 + else if (!(prot & VM_EXEC) && start < oldlimit && oldlimit <= end)
154498 + /* USER_CS limit moved down */
154499 + newlimit = start;
154500 +
154501 + if (newlimit) {
154502 + mm->context.user_cs_limit = newlimit;
154503 +
154504 +#ifdef CONFIG_SMP
154505 + wmb();
154506 + cpumask_clear(&mm->context.cpu_user_cs_mask);
154507 + cpumask_set_cpu(smp_processor_id(), &mm->context.cpu_user_cs_mask);
154508 +#endif
154509 +
154510 + set_user_cs(mm->context.user_cs_base, mm->context.user_cs_limit, smp_processor_id());
154511 + }
154512 + spin_unlock(&mm->page_table_lock);
154513 + if (newlimit == end) {
154514 + struct vm_area_struct *vma = find_vma(mm, oldlimit);
154515 +
154516 + for (; vma && vma->vm_start < end; vma = vma->vm_next)
154517 + if (is_vm_hugetlb_page(vma))
154518 + hugetlb_change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot);
154519 + else
154520 + change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot, vma_wants_writenotify(vma), 0);
154521 + }
154522 +}
154523 +#endif
154524 +
154525 int
154526 mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
154527 unsigned long start, unsigned long end, unsigned long newflags)
154528 @@ -270,11 +320,29 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
154529 int error;
154530 int dirty_accountable = 0;
154531
154532 +#ifdef CONFIG_PAX_SEGMEXEC
154533 + struct vm_area_struct *vma_m = NULL;
154534 + unsigned long start_m, end_m;
154535 +
154536 + start_m = start + SEGMEXEC_TASK_SIZE;
154537 + end_m = end + SEGMEXEC_TASK_SIZE;
154538 +#endif
154539 +
154540 if (newflags == oldflags) {
154541 *pprev = vma;
154542 return 0;
154543 }
154544
154545 + if (newflags & (VM_READ | VM_WRITE | VM_EXEC)) {
154546 + struct vm_area_struct *prev = vma->vm_prev, *next = vma->vm_next;
154547 +
154548 + if (next && (next->vm_flags & VM_GROWSDOWN) && sysctl_heap_stack_gap > next->vm_start - end)
154549 + return -ENOMEM;
154550 +
154551 + if (prev && (prev->vm_flags & VM_GROWSUP) && sysctl_heap_stack_gap > start - prev->vm_end)
154552 + return -ENOMEM;
154553 + }
154554 +
154555 /*
154556 * If we make a private mapping writable we increase our commit;
154557 * but (without finer accounting) cannot reduce our commit if we
154558 @@ -295,6 +363,42 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
154559 }
154560 }
154561
154562 +#ifdef CONFIG_PAX_SEGMEXEC
154563 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && ((oldflags ^ newflags) & VM_EXEC)) {
154564 + if (start != vma->vm_start) {
154565 + error = split_vma(mm, vma, start, 1);
154566 + if (error)
154567 + goto fail;
154568 + BUG_ON(!*pprev || (*pprev)->vm_next == vma);
154569 + *pprev = (*pprev)->vm_next;
154570 + }
154571 +
154572 + if (end != vma->vm_end) {
154573 + error = split_vma(mm, vma, end, 0);
154574 + if (error)
154575 + goto fail;
154576 + }
154577 +
154578 + if (pax_find_mirror_vma(vma)) {
154579 + error = __do_munmap(mm, start_m, end_m - start_m);
154580 + if (error)
154581 + goto fail;
154582 + } else {
154583 + vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
154584 + if (!vma_m) {
154585 + error = -ENOMEM;
154586 + goto fail;
154587 + }
154588 + vma->vm_flags = newflags;
154589 + error = pax_mirror_vma(vma_m, vma);
154590 + if (error) {
154591 + vma->vm_flags = oldflags;
154592 + goto fail;
154593 + }
154594 + }
154595 + }
154596 +#endif
154597 +
154598 /*
154599 * First try to merge with previous and/or next vma.
154600 */
154601 @@ -326,7 +430,19 @@ success:
154602 * vm_flags and vm_page_prot are protected by the mmap_sem
154603 * held in write mode.
154604 */
154605 +
154606 +#ifdef CONFIG_PAX_SEGMEXEC
154607 + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (newflags & VM_EXEC) && ((vma->vm_flags ^ newflags) & VM_READ))
154608 + pax_find_mirror_vma(vma)->vm_flags ^= VM_READ;
154609 +#endif
154610 +
154611 vma->vm_flags = newflags;
154612 +
154613 +#ifdef CONFIG_PAX_MPROTECT
154614 + if (mm->binfmt && mm->binfmt->handle_mprotect)
154615 + mm->binfmt->handle_mprotect(vma, newflags);
154616 +#endif
154617 +
154618 dirty_accountable = vma_wants_writenotify(vma);
154619 vma_set_page_prot(vma);
154620
154621 @@ -360,7 +476,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
154622 int error = -EINVAL;
154623 const int grows = prot & (PROT_GROWSDOWN|PROT_GROWSUP);
154624 const bool rier = (current->personality & READ_IMPLIES_EXEC) &&
154625 - (prot & PROT_READ);
154626 + (prot & (PROT_READ | PROT_WRITE));
154627
154628 prot &= ~(PROT_GROWSDOWN|PROT_GROWSUP);
154629 if (grows == (PROT_GROWSDOWN|PROT_GROWSUP)) /* can't be both */
154630 @@ -374,6 +490,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
154631 end = start + len;
154632 if (end <= start)
154633 return -ENOMEM;
154634 +
154635 +#ifdef CONFIG_PAX_SEGMEXEC
154636 + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
154637 + if (end > SEGMEXEC_TASK_SIZE)
154638 + return -EINVAL;
154639 + } else
154640 +#endif
154641 +
154642 + if (end > TASK_SIZE)
154643 + return -EINVAL;
154644 +
154645 if (!arch_validate_prot(prot))
154646 return -EINVAL;
154647
154648 @@ -407,6 +534,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
154649 if (start > vma->vm_start)
154650 prev = vma;
154651
154652 +#ifdef CONFIG_PAX_MPROTECT
154653 + if (current->mm->binfmt && current->mm->binfmt->handle_mprotect)
154654 + current->mm->binfmt->handle_mprotect(vma, calc_vm_prot_bits(prot, 0));
154655 +#endif
154656 +
154657 for (nstart = start ; ; ) {
154658 unsigned long newflags;
154659 int pkey = arch_override_mprotect_pkey(vma, prot, -1);
154660 @@ -422,6 +554,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
154661
154662 /* newflags >> 4 shift VM_MAY% in place of VM_% */
154663 if ((newflags & ~(newflags >> 4)) & (VM_READ | VM_WRITE | VM_EXEC)) {
154664 + if (prot & (PROT_WRITE | PROT_EXEC))
154665 + gr_log_rwxmprotect(vma);
154666 +
154667 + error = -EACCES;
154668 + goto out;
154669 + }
154670 +
154671 + if (!gr_acl_handle_mprotect(vma->vm_file, prot)) {
154672 error = -EACCES;
154673 goto out;
154674 }
154675 @@ -436,6 +576,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
154676 error = mprotect_fixup(vma, &prev, nstart, tmp, newflags);
154677 if (error)
154678 goto out;
154679 +
154680 + track_exec_limit(current->mm, nstart, tmp, newflags);
154681 +
154682 nstart = tmp;
154683
154684 if (nstart < prev->vm_end)
154685 diff --git a/mm/mremap.c b/mm/mremap.c
154686 index da22ad2..f98a3df 100644
154687 --- a/mm/mremap.c
154688 +++ b/mm/mremap.c
154689 @@ -148,6 +148,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd,
154690 continue;
154691 pte = ptep_get_and_clear(mm, old_addr, old_pte);
154692 pte = move_pte(pte, new_vma->vm_page_prot, old_addr, new_addr);
154693 +
154694 +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
154695 + if (!(__supported_pte_mask & _PAGE_NX) && pte_present(pte) && (new_vma->vm_flags & (VM_PAGEEXEC | VM_EXEC)) == VM_PAGEEXEC)
154696 + pte = pte_exprotect(pte);
154697 +#endif
154698 +
154699 pte = move_soft_dirty_pte(pte);
154700 set_pte_at(mm, new_addr, new_pte, pte);
154701 }
154702 @@ -357,6 +363,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr,
154703 if (is_vm_hugetlb_page(vma))
154704 return ERR_PTR(-EINVAL);
154705
154706 +#ifdef CONFIG_PAX_SEGMEXEC
154707 + if (pax_find_mirror_vma(vma))
154708 + return ERR_PTR(-EINVAL);
154709 +#endif
154710 +
154711 /* We can't remap across vm area boundaries */
154712 if (old_len > vma->vm_end - addr)
154713 return ERR_PTR(-EFAULT);
154714 @@ -404,11 +415,19 @@ static unsigned long mremap_to(unsigned long addr, unsigned long old_len,
154715 unsigned long ret = -EINVAL;
154716 unsigned long charged = 0;
154717 unsigned long map_flags;
154718 + unsigned long pax_task_size = TASK_SIZE;
154719
154720 if (offset_in_page(new_addr))
154721 goto out;
154722
154723 - if (new_len > TASK_SIZE || new_addr > TASK_SIZE - new_len)
154724 +#ifdef CONFIG_PAX_SEGMEXEC
154725 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
154726 + pax_task_size = SEGMEXEC_TASK_SIZE;
154727 +#endif
154728 +
154729 + pax_task_size -= PAGE_SIZE;
154730 +
154731 + if (new_len > TASK_SIZE || new_addr > pax_task_size - new_len)
154732 goto out;
154733
154734 /* Ensure the old/new locations do not overlap */
154735 @@ -481,6 +500,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
154736 unsigned long ret = -EINVAL;
154737 unsigned long charged = 0;
154738 bool locked = false;
154739 + unsigned long pax_task_size = TASK_SIZE;
154740
154741 if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE))
154742 return ret;
154743 @@ -502,6 +522,17 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
154744 if (!new_len)
154745 return ret;
154746
154747 +#ifdef CONFIG_PAX_SEGMEXEC
154748 + if (mm->pax_flags & MF_PAX_SEGMEXEC)
154749 + pax_task_size = SEGMEXEC_TASK_SIZE;
154750 +#endif
154751 +
154752 + pax_task_size -= PAGE_SIZE;
154753 +
154754 + if (new_len > pax_task_size || addr > pax_task_size-new_len ||
154755 + old_len > pax_task_size || addr > pax_task_size-old_len)
154756 + return ret;
154757 +
154758 if (down_write_killable(&current->mm->mmap_sem))
154759 return -EINTR;
154760
154761 @@ -553,6 +584,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
154762 new_addr = addr;
154763 }
154764 ret = addr;
154765 + track_exec_limit(vma->vm_mm, vma->vm_start, addr + new_len, vma->vm_flags);
154766 goto out;
154767 }
154768 }
154769 @@ -576,7 +608,12 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
154770 goto out;
154771 }
154772
154773 + map_flags = vma->vm_flags;
154774 ret = move_vma(vma, addr, old_len, new_len, new_addr, &locked);
154775 + if (!(ret & ~PAGE_MASK)) {
154776 + track_exec_limit(current->mm, addr, addr + old_len, 0UL);
154777 + track_exec_limit(current->mm, new_addr, new_addr + new_len, map_flags);
154778 + }
154779 }
154780 out:
154781 if (offset_in_page(ret)) {
154782 diff --git a/mm/nommu.c b/mm/nommu.c
154783 index 95daf81..559c30b 100644
154784 --- a/mm/nommu.c
154785 +++ b/mm/nommu.c
154786 @@ -48,7 +48,6 @@ unsigned long max_mapnr;
154787 EXPORT_SYMBOL(max_mapnr);
154788 unsigned long highest_memmap_pfn;
154789 int sysctl_nr_trim_pages = CONFIG_NOMMU_INITIAL_TRIM_EXCESS;
154790 -int heap_stack_gap = 0;
154791
154792 atomic_long_t mmap_pages_allocated;
154793
154794 @@ -836,15 +835,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr)
154795 EXPORT_SYMBOL(find_vma);
154796
154797 /*
154798 - * find a VMA
154799 - * - we don't extend stack VMAs under NOMMU conditions
154800 - */
154801 -struct vm_area_struct *find_extend_vma(struct mm_struct *mm, unsigned long addr)
154802 -{
154803 - return find_vma(mm, addr);
154804 -}
154805 -
154806 -/*
154807 * expand a stack to a given address
154808 * - not supported under NOMMU conditions
154809 */
154810 @@ -1509,6 +1499,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
154811
154812 /* most fields are the same, copy all, and then fixup */
154813 *new = *vma;
154814 + INIT_LIST_HEAD(&new->anon_vma_chain);
154815 *region = *vma->vm_region;
154816 new->vm_region = region;
154817
154818 @@ -1816,8 +1807,8 @@ void filemap_map_pages(struct fault_env *fe,
154819 }
154820 EXPORT_SYMBOL(filemap_map_pages);
154821
154822 -static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
154823 - unsigned long addr, void *buf, int len, int write)
154824 +static ssize_t __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
154825 + unsigned long addr, void *buf, size_t len, int write)
154826 {
154827 struct vm_area_struct *vma;
154828
154829 @@ -1858,8 +1849,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
154830 *
154831 * The caller must hold a reference on @mm.
154832 */
154833 -int access_remote_vm(struct mm_struct *mm, unsigned long addr,
154834 - void *buf, int len, int write)
154835 +ssize_t access_remote_vm(struct mm_struct *mm, unsigned long addr,
154836 + void *buf, size_t len, int write)
154837 {
154838 return __access_remote_vm(NULL, mm, addr, buf, len, write);
154839 }
154840 @@ -1868,7 +1859,7 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
154841 * Access another process' address space.
154842 * - source/target buffer must be kernel space
154843 */
154844 -int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write)
154845 +ssize_t access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, size_t len, int write)
154846 {
154847 struct mm_struct *mm;
154848
154849 diff --git a/mm/page-writeback.c b/mm/page-writeback.c
154850 index f4cd7d8..982c35d 100644
154851 --- a/mm/page-writeback.c
154852 +++ b/mm/page-writeback.c
154853 @@ -902,7 +902,7 @@ static long long pos_ratio_polynom(unsigned long setpoint,
154854 * card's wb_dirty may rush to many times higher than wb_setpoint.
154855 * - the wb dirty thresh drops quickly due to change of JBOD workload
154856 */
154857 -static void wb_position_ratio(struct dirty_throttle_control *dtc)
154858 +static void __intentional_overflow(-1) wb_position_ratio(struct dirty_throttle_control *dtc)
154859 {
154860 struct bdi_writeback *wb = dtc->wb;
154861 unsigned long write_bw = wb->avg_write_bandwidth;
154862 diff --git a/mm/page_alloc.c b/mm/page_alloc.c
154863 index a2214c6..72191b7 100644
154864 --- a/mm/page_alloc.c
154865 +++ b/mm/page_alloc.c
154866 @@ -64,6 +64,7 @@
154867 #include <linux/page_owner.h>
154868 #include <linux/kthread.h>
154869 #include <linux/memcontrol.h>
154870 +#include <linux/random.h>
154871
154872 #include <asm/sections.h>
154873 #include <asm/tlbflush.h>
154874 @@ -676,7 +677,7 @@ static inline void clear_page_guard(struct zone *zone, struct page *page,
154875 __mod_zone_freepage_state(zone, (1 << order), migratetype);
154876 }
154877 #else
154878 -struct page_ext_operations debug_guardpage_ops = { NULL, };
154879 +struct page_ext_operations debug_guardpage_ops = { .need = NULL, .init = NULL };
154880 static inline void set_page_guard(struct zone *zone, struct page *page,
154881 unsigned int order, int migratetype) {}
154882 static inline void clear_page_guard(struct zone *zone, struct page *page,
154883 @@ -979,6 +980,10 @@ static __always_inline bool free_pages_prepare(struct page *page,
154884 {
154885 int bad = 0;
154886
154887 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
154888 + unsigned long index = 1UL << order;
154889 +#endif
154890 +
154891 VM_BUG_ON_PAGE(PageTail(page), page);
154892
154893 trace_mm_page_free(page, order);
154894 @@ -1025,6 +1030,12 @@ static __always_inline bool free_pages_prepare(struct page *page,
154895 debug_check_no_obj_freed(page_address(page),
154896 PAGE_SIZE << order);
154897 }
154898 +
154899 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
154900 + for (; index; --index)
154901 + sanitize_highpage(page + index - 1);
154902 +#endif
154903 +
154904 arch_free_page(page, order);
154905 kernel_poison_pages(page, 1 << order, 0);
154906 kernel_map_pages(page, 1 << order, 0);
154907 @@ -1234,6 +1245,20 @@ static void __free_pages_ok(struct page *page, unsigned int order)
154908 local_irq_restore(flags);
154909 }
154910
154911 +bool __meminitdata extra_latent_entropy;
154912 +
154913 +static int __init setup_pax_extra_latent_entropy(char *str)
154914 +{
154915 + extra_latent_entropy = true;
154916 + return 0;
154917 +}
154918 +early_param("pax_extra_latent_entropy", setup_pax_extra_latent_entropy);
154919 +
154920 +#ifdef LATENT_ENTROPY_PLUGIN
154921 +volatile unsigned long latent_entropy __latent_entropy;
154922 +EXPORT_SYMBOL(latent_entropy);
154923 +#endif
154924 +
154925 static void __init __free_pages_boot_core(struct page *page, unsigned int order)
154926 {
154927 unsigned int nr_pages = 1 << order;
154928 @@ -1249,6 +1274,21 @@ static void __init __free_pages_boot_core(struct page *page, unsigned int order)
154929 __ClearPageReserved(p);
154930 set_page_count(p, 0);
154931
154932 + if (extra_latent_entropy && !PageHighMem(page) && page_to_pfn(page) < 0x100000) {
154933 + unsigned long hash = 0;
154934 + size_t index, end = PAGE_SIZE * nr_pages / sizeof hash;
154935 + const unsigned long *data = lowmem_page_address(page);
154936 +
154937 + for (index = 0; index < end; index++)
154938 + hash ^= hash + data[index];
154939 +#ifdef LATENT_ENTROPY_PLUGIN
154940 + latent_entropy ^= hash;
154941 + add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy));
154942 +#else
154943 + add_device_randomness((const void *)&hash, sizeof(hash));
154944 +#endif
154945 + }
154946 +
154947 page_zone(page)->managed_pages += nr_pages;
154948 set_page_refcounted(page);
154949 __free_pages(page, order);
154950 @@ -1305,7 +1345,6 @@ static inline bool __meminit meminit_pfn_in_nid(unsigned long pfn, int node,
154951 }
154952 #endif
154953
154954 -
154955 void __init __free_pages_bootmem(struct page *page, unsigned long pfn,
154956 unsigned int order)
154957 {
154958 @@ -1678,8 +1717,8 @@ static inline int check_new_page(struct page *page)
154959
154960 static inline bool free_pages_prezeroed(bool poisoned)
154961 {
154962 - return IS_ENABLED(CONFIG_PAGE_POISONING_ZERO) &&
154963 - page_poisoning_enabled() && poisoned;
154964 + return IS_ENABLED(CONFIG_PAX_MEMORY_SANITIZE) ||
154965 + (IS_ENABLED(CONFIG_PAGE_POISONING_ZERO) && page_poisoning_enabled() && poisoned);
154966 }
154967
154968 #ifdef CONFIG_DEBUG_VM
154969 @@ -1735,11 +1774,13 @@ static void prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags
154970 int i;
154971 bool poisoned = true;
154972
154973 +#ifndef CONFIG_PAX_MEMORY_SANITIZE
154974 for (i = 0; i < (1 << order); i++) {
154975 struct page *p = page + i;
154976 if (poisoned)
154977 poisoned &= page_is_poisoned(p);
154978 }
154979 +#endif
154980
154981 post_alloc_hook(page, order, gfp_flags);
154982
154983 @@ -2278,8 +2319,9 @@ static void drain_pages(unsigned int cpu)
154984 * The CPU has to be pinned. When zone parameter is non-NULL, spill just
154985 * the single zone's pages.
154986 */
154987 -void drain_local_pages(struct zone *zone)
154988 +void drain_local_pages(void *_zone)
154989 {
154990 + struct zone *zone = _zone;
154991 int cpu = smp_processor_id();
154992
154993 if (zone)
154994 @@ -2339,8 +2381,7 @@ void drain_all_pages(struct zone *zone)
154995 else
154996 cpumask_clear_cpu(cpu, &cpus_with_pcps);
154997 }
154998 - on_each_cpu_mask(&cpus_with_pcps, (smp_call_func_t) drain_local_pages,
154999 - zone, 1);
155000 + on_each_cpu_mask(&cpus_with_pcps, drain_local_pages, zone, 1);
155001 }
155002
155003 #ifdef CONFIG_HIBERNATION
155004 diff --git a/mm/percpu.c b/mm/percpu.c
155005 index 9903830..5176325 100644
155006 --- a/mm/percpu.c
155007 +++ b/mm/percpu.c
155008 @@ -133,7 +133,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly;
155009 static unsigned int pcpu_high_unit_cpu __read_mostly;
155010
155011 /* the address of the first chunk which starts with the kernel static area */
155012 -void *pcpu_base_addr __read_mostly;
155013 +void *pcpu_base_addr __read_only;
155014 EXPORT_SYMBOL_GPL(pcpu_base_addr);
155015
155016 static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */
155017 diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c
155018 index 07514d4..9989090 100644
155019 --- a/mm/process_vm_access.c
155020 +++ b/mm/process_vm_access.c
155021 @@ -13,6 +13,7 @@
155022 #include <linux/uio.h>
155023 #include <linux/sched.h>
155024 #include <linux/highmem.h>
155025 +#include <linux/security.h>
155026 #include <linux/ptrace.h>
155027 #include <linux/slab.h>
155028 #include <linux/syscalls.h>
155029 @@ -159,19 +160,19 @@ static ssize_t process_vm_rw_core(pid_t pid, struct iov_iter *iter,
155030 ssize_t iov_len;
155031 size_t total_len = iov_iter_count(iter);
155032
155033 + return -ENOSYS; // PaX: until properly audited
155034 +
155035 /*
155036 * Work out how many pages of struct pages we're going to need
155037 * when eventually calling get_user_pages
155038 */
155039 for (i = 0; i < riovcnt; i++) {
155040 iov_len = rvec[i].iov_len;
155041 - if (iov_len > 0) {
155042 - nr_pages_iov = ((unsigned long)rvec[i].iov_base
155043 - + iov_len)
155044 - / PAGE_SIZE - (unsigned long)rvec[i].iov_base
155045 - / PAGE_SIZE + 1;
155046 - nr_pages = max(nr_pages, nr_pages_iov);
155047 - }
155048 + if (iov_len <= 0)
155049 + continue;
155050 + nr_pages_iov = ((unsigned long)rvec[i].iov_base + iov_len) / PAGE_SIZE -
155051 + (unsigned long)rvec[i].iov_base / PAGE_SIZE + 1;
155052 + nr_pages = max(nr_pages, nr_pages_iov);
155053 }
155054
155055 if (nr_pages == 0)
155056 @@ -199,6 +200,11 @@ static ssize_t process_vm_rw_core(pid_t pid, struct iov_iter *iter,
155057 goto free_proc_pages;
155058 }
155059
155060 + if (gr_handle_ptrace(task, vm_write ? PTRACE_POKETEXT : PTRACE_ATTACH)) {
155061 + rc = -EPERM;
155062 + goto put_task_struct;
155063 + }
155064 +
155065 mm = mm_access(task, PTRACE_MODE_ATTACH_REALCREDS);
155066 if (!mm || IS_ERR(mm)) {
155067 rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
155068 diff --git a/mm/readahead.c b/mm/readahead.c
155069 index c8a955b..fad2128 100644
155070 --- a/mm/readahead.c
155071 +++ b/mm/readahead.c
155072 @@ -81,7 +81,7 @@ static void read_cache_pages_invalidate_pages(struct address_space *mapping,
155073 * Hides the details of the LRU cache etc from the filesystems.
155074 */
155075 int read_cache_pages(struct address_space *mapping, struct list_head *pages,
155076 - int (*filler)(void *, struct page *), void *data)
155077 + filler_t *filler, void *data)
155078 {
155079 struct page *page;
155080 int ret = 0;
155081 diff --git a/mm/rmap.c b/mm/rmap.c
155082 index 1ef3640..88c345d 100644
155083 --- a/mm/rmap.c
155084 +++ b/mm/rmap.c
155085 @@ -172,6 +172,10 @@ int anon_vma_prepare(struct vm_area_struct *vma)
155086 struct anon_vma *anon_vma = vma->anon_vma;
155087 struct anon_vma_chain *avc;
155088
155089 +#ifdef CONFIG_PAX_SEGMEXEC
155090 + struct anon_vma_chain *avc_m = NULL;
155091 +#endif
155092 +
155093 might_sleep();
155094 if (unlikely(!anon_vma)) {
155095 struct mm_struct *mm = vma->vm_mm;
155096 @@ -181,6 +185,12 @@ int anon_vma_prepare(struct vm_area_struct *vma)
155097 if (!avc)
155098 goto out_enomem;
155099
155100 +#ifdef CONFIG_PAX_SEGMEXEC
155101 + avc_m = anon_vma_chain_alloc(GFP_KERNEL);
155102 + if (!avc_m)
155103 + goto out_enomem_free_avc;
155104 +#endif
155105 +
155106 anon_vma = find_mergeable_anon_vma(vma);
155107 allocated = NULL;
155108 if (!anon_vma) {
155109 @@ -194,6 +204,19 @@ int anon_vma_prepare(struct vm_area_struct *vma)
155110 /* page_table_lock to protect against threads */
155111 spin_lock(&mm->page_table_lock);
155112 if (likely(!vma->anon_vma)) {
155113 +
155114 +#ifdef CONFIG_PAX_SEGMEXEC
155115 + struct vm_area_struct *vma_m = pax_find_mirror_vma(vma);
155116 +
155117 + if (vma_m) {
155118 + BUG_ON(vma_m->anon_vma);
155119 + vma_m->anon_vma = anon_vma;
155120 + anon_vma_chain_link(vma_m, avc_m, anon_vma);
155121 + anon_vma->degree++;
155122 + avc_m = NULL;
155123 + }
155124 +#endif
155125 +
155126 vma->anon_vma = anon_vma;
155127 anon_vma_chain_link(vma, avc, anon_vma);
155128 /* vma reference or self-parent link for new root */
155129 @@ -206,12 +229,24 @@ int anon_vma_prepare(struct vm_area_struct *vma)
155130
155131 if (unlikely(allocated))
155132 put_anon_vma(allocated);
155133 +
155134 +#ifdef CONFIG_PAX_SEGMEXEC
155135 + if (unlikely(avc_m))
155136 + anon_vma_chain_free(avc_m);
155137 +#endif
155138 +
155139 if (unlikely(avc))
155140 anon_vma_chain_free(avc);
155141 }
155142 return 0;
155143
155144 out_enomem_free_avc:
155145 +
155146 +#ifdef CONFIG_PAX_SEGMEXEC
155147 + if (avc_m)
155148 + anon_vma_chain_free(avc_m);
155149 +#endif
155150 +
155151 anon_vma_chain_free(avc);
155152 out_enomem:
155153 return -ENOMEM;
155154 @@ -255,7 +290,7 @@ static inline void unlock_anon_vma_root(struct anon_vma *root)
155155 * good chance of avoiding scanning the whole hierarchy when it searches where
155156 * page is mapped.
155157 */
155158 -int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src)
155159 +int anon_vma_clone(struct vm_area_struct *dst, const struct vm_area_struct *src)
155160 {
155161 struct anon_vma_chain *avc, *pavc;
155162 struct anon_vma *root = NULL;
155163 @@ -309,7 +344,7 @@ int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src)
155164 * the corresponding VMA in the parent process is attached to.
155165 * Returns 0 on success, non-zero on failure.
155166 */
155167 -int anon_vma_fork(struct vm_area_struct *vma, struct vm_area_struct *pvma)
155168 +int anon_vma_fork(struct vm_area_struct *vma, const struct vm_area_struct *pvma)
155169 {
155170 struct anon_vma_chain *avc;
155171 struct anon_vma *anon_vma;
155172 @@ -429,10 +464,10 @@ static void anon_vma_ctor(void *data)
155173 void __init anon_vma_init(void)
155174 {
155175 anon_vma_cachep = kmem_cache_create("anon_vma", sizeof(struct anon_vma),
155176 - 0, SLAB_DESTROY_BY_RCU|SLAB_PANIC|SLAB_ACCOUNT,
155177 + 0, SLAB_DESTROY_BY_RCU|SLAB_PANIC|SLAB_ACCOUNT|SLAB_NO_SANITIZE,
155178 anon_vma_ctor);
155179 anon_vma_chain_cachep = KMEM_CACHE(anon_vma_chain,
155180 - SLAB_PANIC|SLAB_ACCOUNT);
155181 + SLAB_PANIC|SLAB_ACCOUNT|SLAB_NO_SANITIZE);
155182 }
155183
155184 /*
155185 diff --git a/mm/shmem.c b/mm/shmem.c
155186 index 971fc83..6afaf44 100644
155187 --- a/mm/shmem.c
155188 +++ b/mm/shmem.c
155189 @@ -34,7 +34,7 @@
155190 #include <linux/uio.h>
155191 #include <linux/khugepaged.h>
155192
155193 -static struct vfsmount *shm_mnt;
155194 +struct vfsmount *shm_mnt;
155195
155196 #ifdef CONFIG_SHMEM
155197 /*
155198 @@ -83,7 +83,7 @@ static struct vfsmount *shm_mnt;
155199 #define BOGO_DIRENT_SIZE 20
155200
155201 /* Symlink up to this size is kmalloc'ed instead of using a swappable page */
155202 -#define SHORT_SYMLINK_LEN 128
155203 +#define SHORT_SYMLINK_LEN 64
155204
155205 /*
155206 * shmem_fallocate communicates with shmem_fault or shmem_writepage via
155207 @@ -3255,6 +3255,24 @@ static int shmem_xattr_handler_set(const struct xattr_handler *handler,
155208 return simple_xattr_set(&info->xattrs, name, value, size, flags);
155209 }
155210
155211 +#ifdef CONFIG_PAX_XATTR_PAX_FLAGS
155212 +static int shmem_user_xattr_handler_set(const struct xattr_handler *handler,
155213 + struct dentry *dentry, struct inode *inode,
155214 + const char *name, const void *value,
155215 + size_t size, int flags)
155216 +{
155217 + struct shmem_inode_info *info = SHMEM_I(inode);
155218 +
155219 + if (strcmp(name, XATTR_NAME_PAX_FLAGS))
155220 + return -EOPNOTSUPP;
155221 + if (size > 8)
155222 + return -EINVAL;
155223 +
155224 + name = xattr_full_name(handler, name);
155225 + return simple_xattr_set(&info->xattrs, name, value, size, flags);
155226 +}
155227 +#endif
155228 +
155229 static const struct xattr_handler shmem_security_xattr_handler = {
155230 .prefix = XATTR_SECURITY_PREFIX,
155231 .get = shmem_xattr_handler_get,
155232 @@ -3267,6 +3285,14 @@ static const struct xattr_handler shmem_trusted_xattr_handler = {
155233 .set = shmem_xattr_handler_set,
155234 };
155235
155236 +#ifdef CONFIG_PAX_XATTR_PAX_FLAGS
155237 +static const struct xattr_handler shmem_user_xattr_handler = {
155238 + .prefix = XATTR_USER_PREFIX,
155239 + .get = shmem_xattr_handler_get,
155240 + .set = shmem_user_xattr_handler_set,
155241 +};
155242 +#endif
155243 +
155244 static const struct xattr_handler *shmem_xattr_handlers[] = {
155245 #ifdef CONFIG_TMPFS_POSIX_ACL
155246 &posix_acl_access_xattr_handler,
155247 @@ -3274,6 +3300,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
155248 #endif
155249 &shmem_security_xattr_handler,
155250 &shmem_trusted_xattr_handler,
155251 +
155252 +#ifdef CONFIG_PAX_XATTR_PAX_FLAGS
155253 + &shmem_user_xattr_handler,
155254 +#endif
155255 +
155256 NULL
155257 };
155258
155259 @@ -3653,8 +3684,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
155260 int err = -ENOMEM;
155261
155262 /* Round up to L1_CACHE_BYTES to resist false sharing */
155263 - sbinfo = kzalloc(max((int)sizeof(struct shmem_sb_info),
155264 - L1_CACHE_BYTES), GFP_KERNEL);
155265 + sbinfo = kzalloc(max(sizeof(struct shmem_sb_info), L1_CACHE_BYTES), GFP_KERNEL);
155266 if (!sbinfo)
155267 return -ENOMEM;
155268
155269 diff --git a/mm/slab.c b/mm/slab.c
155270 index b672710..9ebcec1 100644
155271 --- a/mm/slab.c
155272 +++ b/mm/slab.c
155273 @@ -116,6 +116,7 @@
155274 #include <linux/kmemcheck.h>
155275 #include <linux/memory.h>
155276 #include <linux/prefetch.h>
155277 +#include <linux/vmalloc.h>
155278
155279 #include <net/sock.h>
155280
155281 @@ -284,10 +285,12 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent)
155282 if ((x)->max_freeable < i) \
155283 (x)->max_freeable = i; \
155284 } while (0)
155285 -#define STATS_INC_ALLOCHIT(x) atomic_inc(&(x)->allochit)
155286 -#define STATS_INC_ALLOCMISS(x) atomic_inc(&(x)->allocmiss)
155287 -#define STATS_INC_FREEHIT(x) atomic_inc(&(x)->freehit)
155288 -#define STATS_INC_FREEMISS(x) atomic_inc(&(x)->freemiss)
155289 +#define STATS_INC_ALLOCHIT(x) atomic_inc_unchecked(&(x)->allochit)
155290 +#define STATS_INC_ALLOCMISS(x) atomic_inc_unchecked(&(x)->allocmiss)
155291 +#define STATS_INC_FREEHIT(x) atomic_inc_unchecked(&(x)->freehit)
155292 +#define STATS_INC_FREEMISS(x) atomic_inc_unchecked(&(x)->freemiss)
155293 +#define STATS_INC_SANITIZED(x) atomic_inc_unchecked(&(x)->sanitized)
155294 +#define STATS_INC_NOT_SANITIZED(x) atomic_inc_unchecked(&(x)->not_sanitized)
155295 #else
155296 #define STATS_INC_ACTIVE(x) do { } while (0)
155297 #define STATS_DEC_ACTIVE(x) do { } while (0)
155298 @@ -304,6 +307,8 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent)
155299 #define STATS_INC_ALLOCMISS(x) do { } while (0)
155300 #define STATS_INC_FREEHIT(x) do { } while (0)
155301 #define STATS_INC_FREEMISS(x) do { } while (0)
155302 +#define STATS_INC_SANITIZED(x) do { } while (0)
155303 +#define STATS_INC_NOT_SANITIZED(x) do { } while (0)
155304 #endif
155305
155306 #if DEBUG
155307 @@ -410,7 +415,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct page *page,
155308 * reciprocal_divide(offset, cache->reciprocal_buffer_size)
155309 */
155310 static inline unsigned int obj_to_index(const struct kmem_cache *cache,
155311 - const struct page *page, void *obj)
155312 + const struct page *page, const void *obj)
155313 {
155314 u32 offset = (obj - page->s_mem);
155315 return reciprocal_divide(offset, cache->reciprocal_buffer_size);
155316 @@ -1290,7 +1295,7 @@ void __init kmem_cache_init(void)
155317 create_boot_cache(kmem_cache, "kmem_cache",
155318 offsetof(struct kmem_cache, node) +
155319 nr_node_ids * sizeof(struct kmem_cache_node *),
155320 - SLAB_HWCACHE_ALIGN);
155321 + SLAB_HWCACHE_ALIGN, 0, 0);
155322 list_add(&kmem_cache->list, &slab_caches);
155323 slab_state = PARTIAL;
155324
155325 @@ -1298,8 +1303,8 @@ void __init kmem_cache_init(void)
155326 * Initialize the caches that provide memory for the kmem_cache_node
155327 * structures first. Without this, further allocations will bug.
155328 */
155329 - kmalloc_caches[INDEX_NODE] = create_kmalloc_cache("kmalloc-node",
155330 - kmalloc_size(INDEX_NODE), ARCH_KMALLOC_FLAGS);
155331 + kmalloc_caches[INDEX_NODE] = create_kmalloc_cache_usercopy("kmalloc-node",
155332 + kmalloc_size(INDEX_NODE), ARCH_KMALLOC_FLAGS, 0, kmalloc_size(INDEX_NODE));
155333 slab_state = PARTIAL_NODE;
155334 setup_kmalloc_cache_index_table();
155335
155336 @@ -1544,7 +1549,7 @@ static void store_stackinfo(struct kmem_cache *cachep, unsigned long *addr,
155337
155338 while (!kstack_end(sptr)) {
155339 svalue = *sptr++;
155340 - if (kernel_text_address(svalue)) {
155341 + if (kernel_text_address(ktva_ktla(svalue))) {
155342 *addr++ = svalue;
155343 size -= sizeof(unsigned long);
155344 if (size <= sizeof(unsigned long))
155345 @@ -1931,7 +1936,7 @@ __kmem_cache_alias(const char *name, size_t size, size_t align,
155346
155347 cachep = find_mergeable(size, align, flags, name, ctor);
155348 if (cachep) {
155349 - cachep->refcount++;
155350 + atomic_inc(&cachep->refcount);
155351
155352 /*
155353 * Adjust the object sizes so that we clear
155354 @@ -2060,6 +2065,8 @@ __kmem_cache_create (struct kmem_cache *cachep, unsigned long flags)
155355 #endif
155356 #endif
155357
155358 + flags = pax_sanitize_slab_flags(flags);
155359 +
155360 /*
155361 * Check that size is in terms of words. This is needed to avoid
155362 * unaligned accesses for some archs when redzoning is used, and makes
155363 @@ -3524,6 +3531,20 @@ void ___cache_free(struct kmem_cache *cachep, void *objp,
155364 struct array_cache *ac = cpu_cache_get(cachep);
155365
155366 check_irq_off();
155367 +
155368 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
155369 + if (cachep->flags & (SLAB_POISON | SLAB_NO_SANITIZE))
155370 + STATS_INC_NOT_SANITIZED(cachep);
155371 + else {
155372 + memset(objp, PAX_MEMORY_SANITIZE_VALUE, cachep->object_size);
155373 +
155374 + if (cachep->ctor)
155375 + cachep->ctor(objp);
155376 +
155377 + STATS_INC_SANITIZED(cachep);
155378 + }
155379 +#endif
155380 +
155381 kmemleak_free_recursive(objp, cachep->flags);
155382 objp = cache_free_debugcheck(cachep, objp, caller);
155383
155384 @@ -3703,7 +3724,7 @@ __do_kmalloc_node(size_t size, gfp_t flags, int node, unsigned long caller)
155385 return ret;
155386 }
155387
155388 -void *__kmalloc_node(size_t size, gfp_t flags, int node)
155389 +void * __size_overflow(1) __kmalloc_node(size_t size, gfp_t flags, int node)
155390 {
155391 return __do_kmalloc_node(size, flags, node, _RET_IP_);
155392 }
155393 @@ -3723,7 +3744,7 @@ EXPORT_SYMBOL(__kmalloc_node_track_caller);
155394 * @flags: the type of memory to allocate (see kmalloc).
155395 * @caller: function caller for debug tracking of the caller
155396 */
155397 -static __always_inline void *__do_kmalloc(size_t size, gfp_t flags,
155398 +static __always_inline void * __size_overflow(1) __do_kmalloc(size_t size, gfp_t flags,
155399 unsigned long caller)
155400 {
155401 struct kmem_cache *cachep;
155402 @@ -3823,6 +3844,7 @@ void kfree(const void *objp)
155403
155404 if (unlikely(ZERO_OR_NULL_PTR(objp)))
155405 return;
155406 + VM_BUG_ON(!virt_addr_valid(objp));
155407 local_irq_save(flags);
155408 kfree_debugcheck(objp);
155409 c = virt_to_cache(objp);
155410 @@ -4190,14 +4212,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep)
155411 }
155412 /* cpu stats */
155413 {
155414 - unsigned long allochit = atomic_read(&cachep->allochit);
155415 - unsigned long allocmiss = atomic_read(&cachep->allocmiss);
155416 - unsigned long freehit = atomic_read(&cachep->freehit);
155417 - unsigned long freemiss = atomic_read(&cachep->freemiss);
155418 + unsigned long allochit = atomic_read_unchecked(&cachep->allochit);
155419 + unsigned long allocmiss = atomic_read_unchecked(&cachep->allocmiss);
155420 + unsigned long freehit = atomic_read_unchecked(&cachep->freehit);
155421 + unsigned long freemiss = atomic_read_unchecked(&cachep->freemiss);
155422
155423 seq_printf(m, " : cpustat %6lu %6lu %6lu %6lu",
155424 allochit, allocmiss, freehit, freemiss);
155425 }
155426 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
155427 + {
155428 + unsigned long sanitized = atomic_read_unchecked(&cachep->sanitized);
155429 + unsigned long not_sanitized = atomic_read_unchecked(&cachep->not_sanitized);
155430 +
155431 + seq_printf(m, " : pax %6lu %6lu", sanitized, not_sanitized);
155432 + }
155433 +#endif
155434 #endif
155435 }
155436
155437 @@ -4434,16 +4464,48 @@ static const struct file_operations proc_slabstats_operations = {
155438 static int __init slab_proc_init(void)
155439 {
155440 #ifdef CONFIG_DEBUG_SLAB_LEAK
155441 - proc_create("slab_allocators", 0, NULL, &proc_slabstats_operations);
155442 + proc_create("slab_allocators", S_IRUSR, NULL, &proc_slabstats_operations);
155443 #endif
155444 return 0;
155445 }
155446 module_init(slab_proc_init);
155447 #endif
155448
155449 +bool is_usercopy_object(const void *ptr)
155450 +{
155451 + struct page *page;
155452 +
155453 + if (ZERO_OR_NULL_PTR(ptr))
155454 + return false;
155455 +
155456 + if (!slab_is_available())
155457 + return false;
155458 +
155459 + if (is_vmalloc_addr(ptr)
155460 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
155461 + && !object_starts_on_stack(ptr)
155462 +#endif
155463 + ) {
155464 + struct vm_struct *vm = find_vm_area(ptr);
155465 + if (vm && (vm->flags & VM_USERCOPY))
155466 + return true;
155467 + return false;
155468 + }
155469 +
155470 + if (!virt_addr_valid(ptr))
155471 + return false;
155472 +
155473 + page = virt_to_head_page(ptr);
155474 +
155475 + if (!PageSlab(page))
155476 + return false;
155477 +
155478 + return !!page->slab_cache->usersize;
155479 +}
155480 +
155481 #ifdef CONFIG_HARDENED_USERCOPY
155482 /*
155483 - * Rejects objects that are incorrectly sized.
155484 + * Detect unwanted object access
155485 *
155486 * Returns NULL if check passes, otherwise const char * to name of cache
155487 * to indicate an error.
155488 @@ -4457,17 +4519,23 @@ const char *__check_heap_object(const void *ptr, unsigned long n,
155489
155490 /* Find and validate object. */
155491 cachep = page->slab_cache;
155492 - objnr = obj_to_index(cachep, page, (void *)ptr);
155493 +
155494 + objnr = obj_to_index(cachep, page, ptr);
155495 BUG_ON(objnr >= cachep->num);
155496
155497 /* Find offset within object. */
155498 offset = ptr - index_to_obj(cachep, page, objnr) - obj_offset(cachep);
155499
155500 - /* Allow address range falling entirely within object size. */
155501 - if (offset <= cachep->object_size && n <= cachep->object_size - offset)
155502 - return NULL;
155503 + if (offset < cachep->useroffset)
155504 + return cachep->name;
155505
155506 - return cachep->name;
155507 + if (offset - cachep->useroffset >= cachep->usersize)
155508 + return cachep->name;
155509 +
155510 + if (n > cachep->useroffset - offset + cachep->usersize)
155511 + return cachep->name;
155512 +
155513 + return NULL;
155514 }
155515 #endif /* CONFIG_HARDENED_USERCOPY */
155516
155517 diff --git a/mm/slab.h b/mm/slab.h
155518 index 9653f2e..9b9e8cd 100644
155519 --- a/mm/slab.h
155520 +++ b/mm/slab.h
155521 @@ -21,8 +21,10 @@ struct kmem_cache {
155522 unsigned int size; /* The aligned/padded/added on size */
155523 unsigned int align; /* Alignment as calculated */
155524 unsigned long flags; /* Active flags on the slab */
155525 + size_t useroffset; /* USERCOPY region offset */
155526 + size_t usersize; /* USERCOPY region size */
155527 const char *name; /* Slab name for sysfs */
155528 - int refcount; /* Use counter */
155529 + atomic_t refcount; /* Use counter */
155530 void (*ctor)(void *); /* Called on object slot creation */
155531 struct list_head list; /* List of all slab caches on the system */
155532 };
155533 @@ -71,6 +73,35 @@ extern struct list_head slab_caches;
155534 /* The slab cache that manages slab cache information */
155535 extern struct kmem_cache *kmem_cache;
155536
155537 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
155538 +#ifdef CONFIG_X86_64
155539 +#define PAX_MEMORY_SANITIZE_VALUE '\xfe'
155540 +#else
155541 +#define PAX_MEMORY_SANITIZE_VALUE '\xff'
155542 +#endif
155543 +enum pax_sanitize_mode {
155544 + PAX_SANITIZE_SLAB_OFF = 0,
155545 + PAX_SANITIZE_SLAB_FAST,
155546 + PAX_SANITIZE_SLAB_FULL,
155547 +};
155548 +
155549 +extern enum pax_sanitize_mode pax_sanitize_slab;
155550 +
155551 +static inline unsigned long pax_sanitize_slab_flags(unsigned long flags)
155552 +{
155553 + if (pax_sanitize_slab == PAX_SANITIZE_SLAB_OFF || (flags & SLAB_DESTROY_BY_RCU))
155554 + flags |= SLAB_NO_SANITIZE;
155555 + else if (pax_sanitize_slab == PAX_SANITIZE_SLAB_FULL)
155556 + flags &= ~SLAB_NO_SANITIZE;
155557 + return flags;
155558 +}
155559 +#else
155560 +static inline unsigned long pax_sanitize_slab_flags(unsigned long flags)
155561 +{
155562 + return flags;
155563 +}
155564 +#endif
155565 +
155566 unsigned long calculate_alignment(unsigned long flags,
155567 unsigned long align, unsigned long size);
155568
155569 @@ -89,8 +120,11 @@ extern int __kmem_cache_create(struct kmem_cache *, unsigned long flags);
155570
155571 extern struct kmem_cache *create_kmalloc_cache(const char *name, size_t size,
155572 unsigned long flags);
155573 +extern struct kmem_cache *create_kmalloc_cache_usercopy(const char *name, size_t size,
155574 + unsigned long flags, size_t useroffset, size_t usersize);
155575 extern void create_boot_cache(struct kmem_cache *, const char *name,
155576 - size_t size, unsigned long flags);
155577 + size_t size, unsigned long flags,
155578 + size_t useroffset, size_t usersize);
155579
155580 int slab_unmergeable(struct kmem_cache *s);
155581 struct kmem_cache *find_mergeable(size_t size, size_t align,
155582 @@ -120,7 +154,7 @@ static inline unsigned long kmem_cache_flags(unsigned long object_size,
155583
155584 /* Legal flag mask for kmem_cache_create(), for various configurations */
155585 #define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | SLAB_PANIC | \
155586 - SLAB_DESTROY_BY_RCU | SLAB_DEBUG_OBJECTS )
155587 + SLAB_DESTROY_BY_RCU | SLAB_DEBUG_OBJECTS | SLAB_NO_SANITIZE)
155588
155589 #if defined(CONFIG_DEBUG_SLAB)
155590 #define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER)
155591 @@ -345,6 +379,9 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x)
155592 return s;
155593
155594 page = virt_to_head_page(x);
155595 +
155596 + BUG_ON(!PageSlab(page));
155597 +
155598 cachep = page->slab_cache;
155599 if (slab_equal_or_root(cachep, s))
155600 return cachep;
155601 diff --git a/mm/slab_common.c b/mm/slab_common.c
155602 index 71f0b28..83ad94c 100644
155603 --- a/mm/slab_common.c
155604 +++ b/mm/slab_common.c
155605 @@ -25,11 +25,35 @@
155606
155607 #include "slab.h"
155608
155609 -enum slab_state slab_state;
155610 +enum slab_state slab_state __read_only;
155611 LIST_HEAD(slab_caches);
155612 DEFINE_MUTEX(slab_mutex);
155613 struct kmem_cache *kmem_cache;
155614
155615 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
155616 +enum pax_sanitize_mode pax_sanitize_slab __read_only = PAX_SANITIZE_SLAB_FAST;
155617 +static int __init pax_sanitize_slab_setup(char *str)
155618 +{
155619 + if (!str)
155620 + return 0;
155621 +
155622 + if (!strcmp(str, "0") || !strcmp(str, "off")) {
155623 + pr_info("PaX slab sanitization: %s\n", "disabled");
155624 + pax_sanitize_slab = PAX_SANITIZE_SLAB_OFF;
155625 + } else if (!strcmp(str, "1") || !strcmp(str, "fast")) {
155626 + pr_info("PaX slab sanitization: %s\n", "fast");
155627 + pax_sanitize_slab = PAX_SANITIZE_SLAB_FAST;
155628 + } else if (!strcmp(str, "full")) {
155629 + pr_info("PaX slab sanitization: %s\n", "full");
155630 + pax_sanitize_slab = PAX_SANITIZE_SLAB_FULL;
155631 + } else
155632 + pr_err("PaX slab sanitization: unsupported option '%s'\n", str);
155633 +
155634 + return 0;
155635 +}
155636 +early_param("pax_sanitize_slab", pax_sanitize_slab_setup);
155637 +#endif
155638 +
155639 /*
155640 * Set of flags that will prevent slab merging
155641 */
155642 @@ -44,7 +68,7 @@ struct kmem_cache *kmem_cache;
155643 * Merge control. If this is set then no merging of slab caches will occur.
155644 * (Could be removed. This was introduced to pacify the merge skeptics.)
155645 */
155646 -static int slab_nomerge;
155647 +static int slab_nomerge __read_only = 1;
155648
155649 static int __init setup_slab_nomerge(char *str)
155650 {
155651 @@ -244,7 +268,7 @@ int slab_unmergeable(struct kmem_cache *s)
155652 /*
155653 * We may have set a slab to be unmergeable during bootstrap.
155654 */
155655 - if (s->refcount < 0)
155656 + if (atomic_read(&s->refcount) < 0)
155657 return 1;
155658
155659 return 0;
155660 @@ -323,12 +347,15 @@ unsigned long calculate_alignment(unsigned long flags,
155661
155662 static struct kmem_cache *create_cache(const char *name,
155663 size_t object_size, size_t size, size_t align,
155664 - unsigned long flags, void (*ctor)(void *),
155665 + unsigned long flags, size_t useroffset,
155666 + size_t usersize, void (*ctor)(void *),
155667 struct mem_cgroup *memcg, struct kmem_cache *root_cache)
155668 {
155669 struct kmem_cache *s;
155670 int err;
155671
155672 + BUG_ON(useroffset + usersize > object_size);
155673 +
155674 err = -ENOMEM;
155675 s = kmem_cache_zalloc(kmem_cache, GFP_KERNEL);
155676 if (!s)
155677 @@ -339,6 +366,8 @@ static struct kmem_cache *create_cache(const char *name,
155678 s->size = size;
155679 s->align = align;
155680 s->ctor = ctor;
155681 + s->useroffset = useroffset;
155682 + s->usersize = usersize;
155683
155684 err = init_memcg_params(s, memcg, root_cache);
155685 if (err)
155686 @@ -348,7 +377,7 @@ static struct kmem_cache *create_cache(const char *name,
155687 if (err)
155688 goto out_free_cache;
155689
155690 - s->refcount = 1;
155691 + atomic_set(&s->refcount, 1);
155692 list_add(&s->list, &slab_caches);
155693 out:
155694 if (err)
155695 @@ -362,11 +391,13 @@ out_free_cache:
155696 }
155697
155698 /*
155699 - * kmem_cache_create - Create a cache.
155700 + * __kmem_cache_create_usercopy - Create a cache.
155701 * @name: A string which is used in /proc/slabinfo to identify this cache.
155702 * @size: The size of objects to be created in this cache.
155703 * @align: The required alignment for the objects.
155704 * @flags: SLAB flags
155705 + * @useroffset: USERCOPY region offset
155706 + * @usersize: USERCOPY region size
155707 * @ctor: A constructor for the objects.
155708 *
155709 * Returns a ptr to the cache on success, NULL on failure.
155710 @@ -385,9 +416,10 @@ out_free_cache:
155711 * cacheline. This can be beneficial if you're counting cycles as closely
155712 * as davem.
155713 */
155714 -struct kmem_cache *
155715 -kmem_cache_create(const char *name, size_t size, size_t align,
155716 - unsigned long flags, void (*ctor)(void *))
155717 +static struct kmem_cache *
155718 +__kmem_cache_create_usercopy(const char *name, size_t size, size_t align,
155719 + unsigned long flags, size_t useroffset, size_t usersize,
155720 + void (*ctor)(void *))
155721 {
155722 struct kmem_cache *s = NULL;
155723 const char *cache_name;
155724 @@ -412,7 +444,10 @@ kmem_cache_create(const char *name, size_t size, size_t align,
155725 */
155726 flags &= CACHE_CREATE_MASK;
155727
155728 - s = __kmem_cache_alias(name, size, align, flags, ctor);
155729 + BUG_ON(!usersize && useroffset);
155730 + BUG_ON(size < usersize || size - usersize < useroffset);
155731 + if (!usersize)
155732 + s = __kmem_cache_alias(name, size, align, flags, ctor);
155733 if (s)
155734 goto out_unlock;
155735
155736 @@ -424,7 +459,7 @@ kmem_cache_create(const char *name, size_t size, size_t align,
155737
155738 s = create_cache(cache_name, size, size,
155739 calculate_alignment(flags, align, size),
155740 - flags, ctor, NULL, NULL);
155741 + flags, useroffset, usersize, ctor, NULL, NULL);
155742 if (IS_ERR(s)) {
155743 err = PTR_ERR(s);
155744 kfree_const(cache_name);
155745 @@ -450,8 +485,25 @@ out_unlock:
155746 }
155747 return s;
155748 }
155749 +
155750 +struct kmem_cache *
155751 +kmem_cache_create(const char *name, size_t size, size_t align,
155752 + unsigned long flags, void (*ctor)(void *))
155753 +{
155754 + return __kmem_cache_create_usercopy(name, size, align, flags, 0,
155755 + (flags & SLAB_USERCOPY) ? size : 0, ctor);
155756 +}
155757 EXPORT_SYMBOL(kmem_cache_create);
155758
155759 +struct kmem_cache *
155760 +kmem_cache_create_usercopy(const char *name, size_t size, size_t align,
155761 + unsigned long flags, size_t useroffset, size_t usersize,
155762 + void (*ctor)(void *))
155763 +{
155764 + return __kmem_cache_create_usercopy(name, size, align, flags, useroffset, usersize, ctor);
155765 +}
155766 +EXPORT_SYMBOL(kmem_cache_create_usercopy);
155767 +
155768 static int shutdown_cache(struct kmem_cache *s,
155769 struct list_head *release, bool *need_rcu_barrier)
155770 {
155771 @@ -473,7 +525,7 @@ static void release_caches(struct list_head *release, bool need_rcu_barrier)
155772 rcu_barrier();
155773
155774 list_for_each_entry_safe(s, s2, release, list) {
155775 -#ifdef SLAB_SUPPORTS_SYSFS
155776 +#if defined(SLAB_SUPPORTS_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
155777 sysfs_slab_remove(s);
155778 #else
155779 slab_kmem_cache_release(s);
155780 @@ -533,7 +585,8 @@ void memcg_create_kmem_cache(struct mem_cgroup *memcg,
155781
155782 s = create_cache(cache_name, root_cache->object_size,
155783 root_cache->size, root_cache->align,
155784 - root_cache->flags, root_cache->ctor,
155785 + root_cache->flags, root_cache->useroffset,
155786 + root_cache->usersize, root_cache->ctor,
155787 memcg, root_cache);
155788 /*
155789 * If we could not create a memcg cache, do not complain, because
155790 @@ -718,8 +771,7 @@ void kmem_cache_destroy(struct kmem_cache *s)
155791 kasan_cache_destroy(s);
155792 mutex_lock(&slab_mutex);
155793
155794 - s->refcount--;
155795 - if (s->refcount)
155796 + if (!atomic_dec_and_test(&s->refcount))
155797 goto out_unlock;
155798
155799 err = shutdown_memcg_caches(s, &release, &need_rcu_barrier);
155800 @@ -770,13 +822,15 @@ bool slab_is_available(void)
155801 #ifndef CONFIG_SLOB
155802 /* Create a cache during boot when no slab services are available yet */
155803 void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t size,
155804 - unsigned long flags)
155805 + unsigned long flags, size_t useroffset, size_t usersize)
155806 {
155807 int err;
155808
155809 s->name = name;
155810 s->size = s->object_size = size;
155811 s->align = calculate_alignment(flags, ARCH_KMALLOC_MINALIGN, size);
155812 + s->useroffset = useroffset;
155813 + s->usersize = usersize;
155814
155815 slab_init_memcg_params(s);
155816
155817 @@ -786,23 +840,29 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz
155818 panic("Creation of kmalloc slab %s size=%zu failed. Reason %d\n",
155819 name, size, err);
155820
155821 - s->refcount = -1; /* Exempt from merging for now */
155822 + atomic_set(&s->refcount, -1); /* Exempt from merging for now */
155823 }
155824
155825 -struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
155826 - unsigned long flags)
155827 +struct kmem_cache *__init create_kmalloc_cache_usercopy(const char *name, size_t size,
155828 + unsigned long flags, size_t useroffset, size_t usersize)
155829 {
155830 struct kmem_cache *s = kmem_cache_zalloc(kmem_cache, GFP_NOWAIT);
155831
155832 if (!s)
155833 panic("Out of memory when creating slab %s\n", name);
155834
155835 - create_boot_cache(s, name, size, flags);
155836 + create_boot_cache(s, name, size, flags, useroffset, usersize);
155837 list_add(&s->list, &slab_caches);
155838 - s->refcount = 1;
155839 + atomic_set(&s->refcount, 1);
155840 return s;
155841 }
155842
155843 +struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
155844 + unsigned long flags)
155845 +{
155846 + return create_kmalloc_cache_usercopy(name, size, flags, 0, 0);
155847 +}
155848 +
155849 struct kmem_cache *kmalloc_caches[KMALLOC_SHIFT_HIGH + 1];
155850 EXPORT_SYMBOL(kmalloc_caches);
155851
155852 @@ -811,6 +871,11 @@ struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1];
155853 EXPORT_SYMBOL(kmalloc_dma_caches);
155854 #endif
155855
155856 +#ifdef CONFIG_PAX_USERCOPY
155857 +struct kmem_cache *kmalloc_usercopy_caches[KMALLOC_SHIFT_HIGH + 1];
155858 +EXPORT_SYMBOL(kmalloc_usercopy_caches);
155859 +#endif
155860 +
155861 /*
155862 * Conversion table for small slabs sizes / 8 to the index in the
155863 * kmalloc array. This is necessary for slabs < 192 since we have non power
155864 @@ -875,6 +940,13 @@ struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags)
155865 return kmalloc_dma_caches[index];
155866
155867 #endif
155868 +
155869 +#ifdef CONFIG_PAX_USERCOPY
155870 + if (unlikely((flags & GFP_USERCOPY)))
155871 + return kmalloc_usercopy_caches[index];
155872 +
155873 +#endif
155874 +
155875 return kmalloc_caches[index];
155876 }
155877
155878 @@ -952,8 +1024,8 @@ void __init setup_kmalloc_cache_index_table(void)
155879
155880 static void __init new_kmalloc_cache(int idx, unsigned long flags)
155881 {
155882 - kmalloc_caches[idx] = create_kmalloc_cache(kmalloc_info[idx].name,
155883 - kmalloc_info[idx].size, flags);
155884 + kmalloc_caches[idx] = create_kmalloc_cache_usercopy(kmalloc_info[idx].name,
155885 + kmalloc_info[idx].size, flags, 0, kmalloc_info[idx].size);
155886 }
155887
155888 /*
155889 @@ -998,6 +1070,23 @@ void __init create_kmalloc_caches(unsigned long flags)
155890 }
155891 }
155892 #endif
155893 +
155894 +#ifdef CONFIG_PAX_USERCOPY
155895 + for (i = 0; i <= KMALLOC_SHIFT_HIGH; i++) {
155896 + struct kmem_cache *s = kmalloc_caches[i];
155897 +
155898 + if (s) {
155899 + int size = kmalloc_size(i);
155900 + char *n = kasprintf(GFP_NOWAIT,
155901 + "usercopy-kmalloc-%d", size);
155902 +
155903 + BUG_ON(!n);
155904 + kmalloc_usercopy_caches[i] = create_kmalloc_cache_usercopy(n,
155905 + size, flags, 0, size);
155906 + }
155907 + }
155908 +#endif
155909 +
155910 }
155911 #endif /* !CONFIG_SLOB */
155912
155913 @@ -1013,6 +1102,12 @@ void *kmalloc_order(size_t size, gfp_t flags, unsigned int order)
155914
155915 flags |= __GFP_COMP;
155916 page = alloc_pages(flags, order);
155917 +#ifdef CONFIG_SLOB
155918 + if (page) {
155919 + page->private = 1UL << order;
155920 + __SetPageSlab(page);
155921 + }
155922 +#endif
155923 ret = page ? page_address(page) : NULL;
155924 kmemleak_alloc(ret, size, 1, flags);
155925 kasan_kmalloc_large(ret, size, flags);
155926 @@ -1102,6 +1197,9 @@ static void print_slabinfo_header(struct seq_file *m)
155927 #ifdef CONFIG_DEBUG_SLAB
155928 seq_puts(m, " : globalstat <listallocs> <maxobjs> <grown> <reaped> <error> <maxfreeable> <nodeallocs> <remotefrees> <alienoverflow>");
155929 seq_puts(m, " : cpustat <allochit> <allocmiss> <freehit> <freemiss>");
155930 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
155931 + seq_puts(m, " : pax <sanitized> <not_sanitized>");
155932 +#endif
155933 #endif
155934 seq_putc(m, '\n');
155935 }
155936 @@ -1231,7 +1329,7 @@ static int __init slab_proc_init(void)
155937 module_init(slab_proc_init);
155938 #endif /* CONFIG_SLABINFO */
155939
155940 -static __always_inline void *__do_krealloc(const void *p, size_t new_size,
155941 +static __always_inline void * __size_overflow(2) __do_krealloc(const void *p, size_t new_size,
155942 gfp_t flags)
155943 {
155944 void *ret;
155945 diff --git a/mm/slob.c b/mm/slob.c
155946 index 5ec1580..eea07f2 100644
155947 --- a/mm/slob.c
155948 +++ b/mm/slob.c
155949 @@ -67,6 +67,7 @@
155950 #include <linux/rcupdate.h>
155951 #include <linux/list.h>
155952 #include <linux/kmemleak.h>
155953 +#include <linux/vmalloc.h>
155954
155955 #include <trace/events/kmem.h>
155956
155957 @@ -157,7 +158,7 @@ static void set_slob(slob_t *s, slobidx_t size, slob_t *next)
155958 /*
155959 * Return the size of a slob block.
155960 */
155961 -static slobidx_t slob_units(slob_t *s)
155962 +static slobidx_t slob_units(const slob_t *s)
155963 {
155964 if (s->units > 0)
155965 return s->units;
155966 @@ -167,7 +168,7 @@ static slobidx_t slob_units(slob_t *s)
155967 /*
155968 * Return the next free slob block pointer after this one.
155969 */
155970 -static slob_t *slob_next(slob_t *s)
155971 +static slob_t *slob_next(const slob_t *s)
155972 {
155973 slob_t *base = (slob_t *)((unsigned long)s & PAGE_MASK);
155974 slobidx_t next;
155975 @@ -182,14 +183,14 @@ static slob_t *slob_next(slob_t *s)
155976 /*
155977 * Returns true if s is the last free block in its page.
155978 */
155979 -static int slob_last(slob_t *s)
155980 +static int slob_last(const slob_t *s)
155981 {
155982 return !((unsigned long)slob_next(s) & ~PAGE_MASK);
155983 }
155984
155985 -static void *slob_new_pages(gfp_t gfp, int order, int node)
155986 +static struct page *slob_new_pages(gfp_t gfp, unsigned int order, int node)
155987 {
155988 - void *page;
155989 + struct page *page;
155990
155991 #ifdef CONFIG_NUMA
155992 if (node != NUMA_NO_NODE)
155993 @@ -201,14 +202,18 @@ static void *slob_new_pages(gfp_t gfp, int order, int node)
155994 if (!page)
155995 return NULL;
155996
155997 - return page_address(page);
155998 + __SetPageSlab(page);
155999 + return page;
156000 }
156001
156002 -static void slob_free_pages(void *b, int order)
156003 +static void slob_free_pages(struct page *sp, int order)
156004 {
156005 if (current->reclaim_state)
156006 current->reclaim_state->reclaimed_slab += 1 << order;
156007 - free_pages((unsigned long)b, order);
156008 + __ClearPageSlab(sp);
156009 + page_mapcount_reset(sp);
156010 + sp->private = 0;
156011 + __free_pages(sp, order);
156012 }
156013
156014 /*
156015 @@ -253,6 +258,7 @@ static void *slob_page_alloc(struct page *sp, size_t size, int align)
156016 }
156017
156018 sp->units -= units;
156019 + BUG_ON(sp->units < 0);
156020 if (!sp->units)
156021 clear_slob_page_free(sp);
156022 return cur;
156023 @@ -313,15 +319,15 @@ static void *slob_alloc(size_t size, gfp_t gfp, int align, int node)
156024
156025 /* Not enough space: must allocate a new page */
156026 if (!b) {
156027 - b = slob_new_pages(gfp & ~__GFP_ZERO, 0, node);
156028 - if (!b)
156029 + sp = slob_new_pages(gfp & ~__GFP_ZERO, 0, node);
156030 + if (!sp)
156031 return NULL;
156032 - sp = virt_to_page(b);
156033 - __SetPageSlab(sp);
156034 + b = page_address(sp);
156035
156036 spin_lock_irqsave(&slob_lock, flags);
156037 sp->units = SLOB_UNITS(PAGE_SIZE);
156038 sp->freelist = b;
156039 + sp->private = 0;
156040 INIT_LIST_HEAD(&sp->lru);
156041 set_slob(b, SLOB_UNITS(PAGE_SIZE), b + SLOB_UNITS(PAGE_SIZE));
156042 set_slob_page_free(sp, slob_list);
156043 @@ -337,7 +343,7 @@ static void *slob_alloc(size_t size, gfp_t gfp, int align, int node)
156044 /*
156045 * slob_free: entry point into the slob allocator.
156046 */
156047 -static void slob_free(void *block, int size)
156048 +static void slob_free(struct kmem_cache *c, void *block, int size)
156049 {
156050 struct page *sp;
156051 slob_t *prev, *next, *b = (slob_t *)block;
156052 @@ -349,7 +355,8 @@ static void slob_free(void *block, int size)
156053 return;
156054 BUG_ON(!size);
156055
156056 - sp = virt_to_page(block);
156057 + sp = virt_to_head_page(block);
156058 + BUG_ON(virt_to_page(block) != sp);
156059 units = SLOB_UNITS(size);
156060
156061 spin_lock_irqsave(&slob_lock, flags);
156062 @@ -359,12 +366,15 @@ static void slob_free(void *block, int size)
156063 if (slob_page_free(sp))
156064 clear_slob_page_free(sp);
156065 spin_unlock_irqrestore(&slob_lock, flags);
156066 - __ClearPageSlab(sp);
156067 - page_mapcount_reset(sp);
156068 - slob_free_pages(b, 0);
156069 + slob_free_pages(sp, 0);
156070 return;
156071 }
156072
156073 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
156074 + if (pax_sanitize_slab && !(c && (c->flags & SLAB_NO_SANITIZE)))
156075 + memset(block, PAX_MEMORY_SANITIZE_VALUE, size);
156076 +#endif
156077 +
156078 if (!slob_page_free(sp)) {
156079 /* This slob page is about to become partially free. Easy! */
156080 sp->units = units;
156081 @@ -424,11 +434,10 @@ out:
156082 */
156083
156084 static __always_inline void *
156085 -__do_kmalloc_node(size_t size, gfp_t gfp, int node, unsigned long caller)
156086 +__do_kmalloc_node_align(size_t size, gfp_t gfp, int node, unsigned long caller, int align)
156087 {
156088 - unsigned int *m;
156089 - int align = max_t(size_t, ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
156090 - void *ret;
156091 + slob_t *m;
156092 + void *ret = NULL;
156093
156094 gfp &= gfp_allowed_mask;
156095
156096 @@ -442,27 +451,45 @@ __do_kmalloc_node(size_t size, gfp_t gfp, int node, unsigned long caller)
156097
156098 if (!m)
156099 return NULL;
156100 - *m = size;
156101 + BUILD_BUG_ON(ARCH_KMALLOC_MINALIGN < 2 * SLOB_UNIT);
156102 + BUILD_BUG_ON(ARCH_SLAB_MINALIGN < 2 * SLOB_UNIT);
156103 + m[0].units = size;
156104 + m[1].units = align;
156105 ret = (void *)m + align;
156106
156107 trace_kmalloc_node(caller, ret,
156108 size, size + align, gfp, node);
156109 } else {
156110 unsigned int order = get_order(size);
156111 + struct page *page;
156112
156113 if (likely(order))
156114 gfp |= __GFP_COMP;
156115 - ret = slob_new_pages(gfp, order, node);
156116 + page = slob_new_pages(gfp, order, node);
156117 + if (page) {
156118 + ret = page_address(page);
156119 + page->private = size;
156120 + }
156121
156122 trace_kmalloc_node(caller, ret,
156123 size, PAGE_SIZE << order, gfp, node);
156124 }
156125
156126 - kmemleak_alloc(ret, size, 1, gfp);
156127 return ret;
156128 }
156129
156130 -void *__kmalloc(size_t size, gfp_t gfp)
156131 +static __always_inline void *
156132 +__do_kmalloc_node(size_t size, gfp_t gfp, int node, unsigned long caller)
156133 +{
156134 + int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
156135 + void *ret = __do_kmalloc_node_align(size, gfp, node, caller, align);
156136 +
156137 + if (!ZERO_OR_NULL_PTR(ret))
156138 + kmemleak_alloc(ret, size, 1, gfp);
156139 + return ret;
156140 +}
156141 +
156142 +void * __size_overflow(1) __kmalloc(size_t size, gfp_t gfp)
156143 {
156144 return __do_kmalloc_node(size, gfp, NUMA_NO_NODE, _RET_IP_);
156145 }
156146 @@ -491,39 +518,140 @@ void kfree(const void *block)
156147 return;
156148 kmemleak_free(block);
156149
156150 - sp = virt_to_page(block);
156151 - if (PageSlab(sp)) {
156152 + VM_BUG_ON(!virt_addr_valid(block));
156153 + sp = virt_to_head_page(block);
156154 + BUG_ON(virt_to_page(block) != sp);
156155 + VM_BUG_ON(!PageSlab(sp));
156156 + if (!sp->private) {
156157 int align = max_t(size_t, ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
156158 - unsigned int *m = (unsigned int *)(block - align);
156159 - slob_free(m, *m + align);
156160 - } else
156161 + slob_t *m = (slob_t *)(block - align);
156162 +
156163 + BUG_ON(sp->units < 0);
156164 + slob_free(NULL, m, m[0].units + align);
156165 + } else {
156166 + __ClearPageSlab(sp);
156167 + page_mapcount_reset(sp);
156168 + sp->private = 0;
156169 __free_pages(sp, compound_order(sp));
156170 + }
156171 }
156172 EXPORT_SYMBOL(kfree);
156173
156174 +bool is_usercopy_object(const void *ptr)
156175 +{
156176 + struct page *page;
156177 +
156178 + if (ZERO_OR_NULL_PTR(ptr))
156179 + return false;
156180 +
156181 + if (!slab_is_available())
156182 + return false;
156183 +
156184 + if (is_vmalloc_addr(ptr)
156185 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
156186 + && !object_starts_on_stack(ptr)
156187 +#endif
156188 + ) {
156189 + struct vm_struct *vm = find_vm_area(ptr);
156190 + if (vm && (vm->flags & VM_USERCOPY))
156191 + return true;
156192 + return false;
156193 + }
156194 +
156195 + if (!virt_addr_valid(ptr))
156196 + return false;
156197 +
156198 + page = virt_to_head_page(ptr);
156199 + BUG_ON(virt_to_page(ptr) != page);
156200 +
156201 + if (!PageSlab(page))
156202 + return false;
156203 +
156204 + // PAX: TODO check SLAB_USERCOPY
156205 +
156206 + return false;
156207 +}
156208 +
156209 +#ifdef CONFIG_HARDENED_USERCOPY
156210 +const char *__check_heap_object(const void *ptr, unsigned long n,
156211 + struct page *page)
156212 +{
156213 + const slob_t *free;
156214 + const void *base;
156215 + unsigned long flags;
156216 +
156217 + BUG_ON(virt_to_page(ptr) != page);
156218 +
156219 + if (page->private) {
156220 + base = page_address(page);
156221 + if (base <= ptr && n <= page->private - (ptr - base))
156222 + return NULL;
156223 + return "<slob 1>";
156224 + }
156225 +
156226 + /* some tricky double walking to find the chunk */
156227 + spin_lock_irqsave(&slob_lock, flags);
156228 + base = (const void *)((unsigned long)ptr & PAGE_MASK);
156229 + free = page->freelist;
156230 +
156231 + while (!slob_last(free) && (const void *)free <= ptr) {
156232 + base = free + slob_units(free);
156233 + free = slob_next(free);
156234 + }
156235 +
156236 + while (base < (const void *)free) {
156237 + slobidx_t m = ((slob_t *)base)[0].units, align = ((slob_t *)base)[1].units;
156238 + int size = SLOB_UNIT * SLOB_UNITS(m + align);
156239 + int offset;
156240 +
156241 + if (ptr < base + align)
156242 + break;
156243 +
156244 + offset = ptr - base - align;
156245 + if (offset >= m) {
156246 + base += size;
156247 + continue;
156248 + }
156249 +
156250 + if (n > m - offset)
156251 + break;
156252 +
156253 + spin_unlock_irqrestore(&slob_lock, flags);
156254 + return NULL;
156255 + }
156256 +
156257 + spin_unlock_irqrestore(&slob_lock, flags);
156258 + return "<slob 2>";
156259 +}
156260 +#endif
156261 +
156262 /* can't use ksize for kmem_cache_alloc memory, only kmalloc */
156263 size_t ksize(const void *block)
156264 {
156265 struct page *sp;
156266 int align;
156267 - unsigned int *m;
156268 + slob_t *m;
156269
156270 BUG_ON(!block);
156271 if (unlikely(block == ZERO_SIZE_PTR))
156272 return 0;
156273
156274 - sp = virt_to_page(block);
156275 - if (unlikely(!PageSlab(sp)))
156276 - return PAGE_SIZE << compound_order(sp);
156277 + sp = virt_to_head_page(block);
156278 + BUG_ON(virt_to_page(block) != sp);
156279 + VM_BUG_ON(!PageSlab(sp));
156280 + if (sp->private)
156281 + return sp->private;
156282
156283 align = max_t(size_t, ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
156284 - m = (unsigned int *)(block - align);
156285 - return SLOB_UNITS(*m) * SLOB_UNIT;
156286 + m = (slob_t *)(block - align);
156287 + return SLOB_UNITS(m[0].units) * SLOB_UNIT;
156288 }
156289 EXPORT_SYMBOL(ksize);
156290
156291 int __kmem_cache_create(struct kmem_cache *c, unsigned long flags)
156292 {
156293 + flags = pax_sanitize_slab_flags(flags);
156294 +
156295 if (flags & SLAB_DESTROY_BY_RCU) {
156296 /* leave room for rcu footer at the end of object */
156297 c->size += sizeof(struct slob_rcu);
156298 @@ -534,23 +662,33 @@ int __kmem_cache_create(struct kmem_cache *c, unsigned long flags)
156299
156300 static void *slob_alloc_node(struct kmem_cache *c, gfp_t flags, int node)
156301 {
156302 - void *b;
156303 + void *b = NULL;
156304
156305 flags &= gfp_allowed_mask;
156306
156307 lockdep_trace_alloc(flags);
156308
156309 +#ifdef CONFIG_PAX_USERCOPY
156310 + b = __do_kmalloc_node_align(c->size, flags, node, _RET_IP_, c->align);
156311 +#else
156312 if (c->size < PAGE_SIZE) {
156313 b = slob_alloc(c->size, flags, c->align, node);
156314 trace_kmem_cache_alloc_node(_RET_IP_, b, c->object_size,
156315 SLOB_UNITS(c->size) * SLOB_UNIT,
156316 flags, node);
156317 } else {
156318 - b = slob_new_pages(flags, get_order(c->size), node);
156319 + struct page *sp;
156320 +
156321 + sp = slob_new_pages(flags, get_order(c->size), node);
156322 + if (sp) {
156323 + b = page_address(sp);
156324 + sp->private = c->size;
156325 + }
156326 trace_kmem_cache_alloc_node(_RET_IP_, b, c->object_size,
156327 PAGE_SIZE << get_order(c->size),
156328 flags, node);
156329 }
156330 +#endif
156331
156332 if (b && c->ctor)
156333 c->ctor(b);
156334 @@ -566,7 +704,7 @@ void *kmem_cache_alloc(struct kmem_cache *cachep, gfp_t flags)
156335 EXPORT_SYMBOL(kmem_cache_alloc);
156336
156337 #ifdef CONFIG_NUMA
156338 -void *__kmalloc_node(size_t size, gfp_t gfp, int node)
156339 +void * __size_overflow(1) __kmalloc_node(size_t size, gfp_t gfp, int node)
156340 {
156341 return __do_kmalloc_node(size, gfp, node, _RET_IP_);
156342 }
156343 @@ -579,12 +717,17 @@ void *kmem_cache_alloc_node(struct kmem_cache *cachep, gfp_t gfp, int node)
156344 EXPORT_SYMBOL(kmem_cache_alloc_node);
156345 #endif
156346
156347 -static void __kmem_cache_free(void *b, int size)
156348 +static void __kmem_cache_free(struct kmem_cache *c, void *b, int size)
156349 {
156350 - if (size < PAGE_SIZE)
156351 - slob_free(b, size);
156352 + struct page *sp;
156353 +
156354 + BUG_ON(virt_to_page(b) != virt_to_head_page(b));
156355 + sp = virt_to_head_page(b);
156356 + BUG_ON(!PageSlab(sp));
156357 + if (!sp->private)
156358 + slob_free(c, b, size);
156359 else
156360 - slob_free_pages(b, get_order(size));
156361 + slob_free_pages(sp, get_order(size));
156362 }
156363
156364 static void kmem_rcu_free(struct rcu_head *head)
156365 @@ -592,22 +735,36 @@ static void kmem_rcu_free(struct rcu_head *head)
156366 struct slob_rcu *slob_rcu = (struct slob_rcu *)head;
156367 void *b = (void *)slob_rcu - (slob_rcu->size - sizeof(struct slob_rcu));
156368
156369 - __kmem_cache_free(b, slob_rcu->size);
156370 + __kmem_cache_free(NULL, b, slob_rcu->size);
156371 }
156372
156373 void kmem_cache_free(struct kmem_cache *c, void *b)
156374 {
156375 + int size = c->size;
156376 +
156377 +#ifdef CONFIG_PAX_USERCOPY
156378 + if (size + c->align < PAGE_SIZE) {
156379 + size += c->align;
156380 + b -= c->align;
156381 + }
156382 +#endif
156383 +
156384 kmemleak_free_recursive(b, c->flags);
156385 if (unlikely(c->flags & SLAB_DESTROY_BY_RCU)) {
156386 struct slob_rcu *slob_rcu;
156387 - slob_rcu = b + (c->size - sizeof(struct slob_rcu));
156388 - slob_rcu->size = c->size;
156389 + slob_rcu = b + (size - sizeof(struct slob_rcu));
156390 + slob_rcu->size = size;
156391 call_rcu(&slob_rcu->head, kmem_rcu_free);
156392 } else {
156393 - __kmem_cache_free(b, c->size);
156394 + __kmem_cache_free(c, b, size);
156395 }
156396
156397 +#ifdef CONFIG_PAX_USERCOPY
156398 + trace_kfree(_RET_IP_, b);
156399 +#else
156400 trace_kmem_cache_free(_RET_IP_, b);
156401 +#endif
156402 +
156403 }
156404 EXPORT_SYMBOL(kmem_cache_free);
156405
156406 diff --git a/mm/slub.c b/mm/slub.c
156407 index 9adae58..5527bad 100644
156408 --- a/mm/slub.c
156409 +++ b/mm/slub.c
156410 @@ -34,6 +34,7 @@
156411 #include <linux/stacktrace.h>
156412 #include <linux/prefetch.h>
156413 #include <linux/memcontrol.h>
156414 +#include <linux/vmalloc.h>
156415
156416 #include <trace/events/kmem.h>
156417
156418 @@ -214,7 +215,7 @@ struct track {
156419
156420 enum track_item { TRACK_ALLOC, TRACK_FREE };
156421
156422 -#ifdef CONFIG_SYSFS
156423 +#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
156424 static int sysfs_slab_add(struct kmem_cache *);
156425 static int sysfs_slab_alias(struct kmem_cache *, const char *);
156426 static void memcg_propagate_slab_attrs(struct kmem_cache *s);
156427 @@ -240,30 +241,40 @@ static inline void stat(const struct kmem_cache *s, enum stat_item si)
156428 * Core slab cache functions
156429 *******************************************************************/
156430
156431 +static const unsigned long global_rand __latent_entropy;
156432 +
156433 static inline void *get_freepointer(struct kmem_cache *s, void *object)
156434 {
156435 - return *(void **)(object + s->offset);
156436 + unsigned long freepointer_addr = (unsigned long)object + s->offset;
156437 + return (void *)(*(unsigned long *)freepointer_addr ^ global_rand ^ freepointer_addr);
156438 }
156439
156440 static void prefetch_freepointer(const struct kmem_cache *s, void *object)
156441 {
156442 - prefetch(object + s->offset);
156443 + unsigned long freepointer_addr = (unsigned long)object + s->offset;
156444 + if (object) {
156445 + void **freepointer_ptr = (void **)(*(unsigned long *)freepointer_addr ^ global_rand ^ freepointer_addr);
156446 + prefetch(freepointer_ptr);
156447 + }
156448 }
156449
156450 static inline void *get_freepointer_safe(struct kmem_cache *s, void *object)
156451 {
156452 + unsigned long freepointer_addr;
156453 void *p;
156454
156455 if (!debug_pagealloc_enabled())
156456 return get_freepointer(s, object);
156457
156458 - probe_kernel_read(&p, (void **)(object + s->offset), sizeof(p));
156459 - return p;
156460 + freepointer_addr = (unsigned long)object + s->offset;
156461 + probe_kernel_read(&p, (void **)freepointer_addr, sizeof(p));
156462 + return (void *)((unsigned long)p ^ global_rand ^ freepointer_addr);
156463 }
156464
156465 static inline void set_freepointer(struct kmem_cache *s, void *object, void *fp)
156466 {
156467 - *(void **)(object + s->offset) = fp;
156468 + unsigned long freepointer_addr = (unsigned long)object + s->offset;
156469 + *(void **)freepointer_addr = (void *)((unsigned long)fp ^ global_rand ^ freepointer_addr);
156470 }
156471
156472 /* Loop over all objects in a slab */
156473 @@ -569,7 +580,7 @@ static void print_track(const char *s, struct track *t)
156474 if (!t->addr)
156475 return;
156476
156477 - pr_err("INFO: %s in %pS age=%lu cpu=%u pid=%d\n",
156478 + pr_err("INFO: %s in %pA age=%lu cpu=%u pid=%d\n",
156479 s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid);
156480 #ifdef CONFIG_STACKTRACE
156481 {
156482 @@ -2896,6 +2907,23 @@ static __always_inline void do_slab_free(struct kmem_cache *s,
156483 void *tail_obj = tail ? : head;
156484 struct kmem_cache_cpu *c;
156485 unsigned long tid;
156486 +
156487 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
156488 + if (!(s->flags & SLAB_NO_SANITIZE)) {
156489 + int offset = s->offset ? 0 : sizeof(void *);
156490 + void *x = head;
156491 +
156492 + while (1) {
156493 + memset(x + offset, PAX_MEMORY_SANITIZE_VALUE, s->object_size - offset);
156494 + if (s->ctor)
156495 + s->ctor(x);
156496 + if (x == tail_obj)
156497 + break;
156498 + x = get_freepointer(s, x);
156499 + }
156500 + }
156501 +#endif
156502 +
156503 redo:
156504 /*
156505 * Determine the currently cpus per cpu slab.
156506 @@ -3699,7 +3727,7 @@ static int __init setup_slub_min_objects(char *str)
156507
156508 __setup("slub_min_objects=", setup_slub_min_objects);
156509
156510 -void *__kmalloc(size_t size, gfp_t flags)
156511 +void * __size_overflow(1) __kmalloc(size_t size, gfp_t flags)
156512 {
156513 struct kmem_cache *s;
156514 void *ret;
156515 @@ -3737,7 +3765,7 @@ static void *kmalloc_large_node(size_t size, gfp_t flags, int node)
156516 return ptr;
156517 }
156518
156519 -void *__kmalloc_node(size_t size, gfp_t flags, int node)
156520 +void * __size_overflow(1) __kmalloc_node(size_t size, gfp_t flags, int node)
156521 {
156522 struct kmem_cache *s;
156523 void *ret;
156524 @@ -3768,9 +3796,41 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node)
156525 EXPORT_SYMBOL(__kmalloc_node);
156526 #endif
156527
156528 +bool is_usercopy_object(const void *ptr)
156529 +{
156530 + struct page *page;
156531 +
156532 + if (ZERO_OR_NULL_PTR(ptr))
156533 + return false;
156534 +
156535 + if (!slab_is_available())
156536 + return false;
156537 +
156538 + if (is_vmalloc_addr(ptr)
156539 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
156540 + && !object_starts_on_stack(ptr)
156541 +#endif
156542 + ) {
156543 + struct vm_struct *vm = find_vm_area(ptr);
156544 + if (vm && (vm->flags & VM_USERCOPY))
156545 + return true;
156546 + return false;
156547 + }
156548 +
156549 + if (!virt_addr_valid(ptr))
156550 + return false;
156551 +
156552 + page = virt_to_head_page(ptr);
156553 +
156554 + if (!PageSlab(page))
156555 + return false;
156556 +
156557 + return !!page->slab_cache->usersize;
156558 +}
156559 +
156560 #ifdef CONFIG_HARDENED_USERCOPY
156561 /*
156562 - * Rejects objects that are incorrectly sized.
156563 + * Detect unwanted object access
156564 *
156565 * Returns NULL if check passes, otherwise const char * to name of cache
156566 * to indicate an error.
156567 @@ -3780,15 +3840,15 @@ const char *__check_heap_object(const void *ptr, unsigned long n,
156568 {
156569 struct kmem_cache *s;
156570 unsigned long offset;
156571 - size_t object_size;
156572
156573 /* Find object and usable object size. */
156574 s = page->slab_cache;
156575 - object_size = slab_ksize(s);
156576
156577 +#ifdef CONFIG_BROKEN_SECURITY
156578 /* Reject impossible pointers. */
156579 if (ptr < page_address(page))
156580 return s->name;
156581 +#endif
156582
156583 /* Find offset within object. */
156584 offset = (ptr - page_address(page)) % s->size;
156585 @@ -3800,11 +3860,16 @@ const char *__check_heap_object(const void *ptr, unsigned long n,
156586 offset -= s->red_left_pad;
156587 }
156588
156589 - /* Allow address range falling entirely within object size. */
156590 - if (offset <= object_size && n <= object_size - offset)
156591 - return NULL;
156592 + if (offset < s->useroffset)
156593 + return s->name;
156594
156595 - return s->name;
156596 + if (offset - s->useroffset >= s->usersize)
156597 + return s->name;
156598 +
156599 + if (n > s->useroffset - offset + s->usersize)
156600 + return s->name;
156601 +
156602 + return NULL;
156603 }
156604 #endif /* CONFIG_HARDENED_USERCOPY */
156605
156606 @@ -3846,6 +3911,7 @@ void kfree(const void *x)
156607 if (unlikely(ZERO_OR_NULL_PTR(x)))
156608 return;
156609
156610 + VM_BUG_ON(!virt_addr_valid(x));
156611 page = virt_to_head_page(x);
156612 if (unlikely(!PageSlab(page))) {
156613 BUG_ON(!PageCompound(page));
156614 @@ -4116,7 +4182,7 @@ void __init kmem_cache_init(void)
156615 kmem_cache = &boot_kmem_cache;
156616
156617 create_boot_cache(kmem_cache_node, "kmem_cache_node",
156618 - sizeof(struct kmem_cache_node), SLAB_HWCACHE_ALIGN);
156619 + sizeof(struct kmem_cache_node), SLAB_HWCACHE_ALIGN, 0, 0);
156620
156621 register_hotmemory_notifier(&slab_memory_callback_nb);
156622
156623 @@ -4126,7 +4192,7 @@ void __init kmem_cache_init(void)
156624 create_boot_cache(kmem_cache, "kmem_cache",
156625 offsetof(struct kmem_cache, node) +
156626 nr_node_ids * sizeof(struct kmem_cache_node *),
156627 - SLAB_HWCACHE_ALIGN);
156628 + SLAB_HWCACHE_ALIGN, 0, 0);
156629
156630 kmem_cache = bootstrap(&boot_kmem_cache);
156631
156632 @@ -4166,7 +4232,7 @@ __kmem_cache_alias(const char *name, size_t size, size_t align,
156633
156634 s = find_mergeable(size, align, flags, name, ctor);
156635 if (s) {
156636 - s->refcount++;
156637 + atomic_inc(&s->refcount);
156638
156639 /*
156640 * Adjust the object sizes so that we clear
156641 @@ -4182,7 +4248,7 @@ __kmem_cache_alias(const char *name, size_t size, size_t align,
156642 }
156643
156644 if (sysfs_slab_alias(s, name)) {
156645 - s->refcount--;
156646 + atomic_dec(&s->refcount);
156647 s = NULL;
156648 }
156649 }
156650 @@ -4194,6 +4260,8 @@ int __kmem_cache_create(struct kmem_cache *s, unsigned long flags)
156651 {
156652 int err;
156653
156654 + flags = pax_sanitize_slab_flags(flags);
156655 +
156656 err = kmem_cache_open(s, flags);
156657 if (err)
156658 return err;
156659 @@ -4299,7 +4367,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags,
156660 }
156661 #endif
156662
156663 -#ifdef CONFIG_SYSFS
156664 +#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
156665 static int count_inuse(struct page *page)
156666 {
156667 return page->inuse;
156668 @@ -4580,7 +4648,11 @@ static int list_locations(struct kmem_cache *s, char *buf,
156669 len += sprintf(buf + len, "%7ld ", l->count);
156670
156671 if (l->addr)
156672 +#ifdef CONFIG_GRKERNSEC_HIDESYM
156673 + len += sprintf(buf + len, "%pS", NULL);
156674 +#else
156675 len += sprintf(buf + len, "%pS", (void *)l->addr);
156676 +#endif
156677 else
156678 len += sprintf(buf + len, "<not-available>");
156679
156680 @@ -4678,12 +4750,12 @@ static void __init resiliency_test(void)
156681 validate_slab_cache(kmalloc_caches[9]);
156682 }
156683 #else
156684 -#ifdef CONFIG_SYSFS
156685 +#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
156686 static void resiliency_test(void) {};
156687 #endif
156688 #endif
156689
156690 -#ifdef CONFIG_SYSFS
156691 +#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
156692 enum slab_stat_type {
156693 SL_ALL, /* All slabs */
156694 SL_PARTIAL, /* Only partially allocated slabs */
156695 @@ -4920,13 +4992,17 @@ static ssize_t ctor_show(struct kmem_cache *s, char *buf)
156696 {
156697 if (!s->ctor)
156698 return 0;
156699 +#ifdef CONFIG_GRKERNSEC_HIDESYM
156700 + return sprintf(buf, "%pS\n", NULL);
156701 +#else
156702 return sprintf(buf, "%pS\n", s->ctor);
156703 +#endif
156704 }
156705 SLAB_ATTR_RO(ctor);
156706
156707 static ssize_t aliases_show(struct kmem_cache *s, char *buf)
156708 {
156709 - return sprintf(buf, "%d\n", s->refcount < 0 ? 0 : s->refcount - 1);
156710 + return sprintf(buf, "%d\n", atomic_read(&s->refcount) < 0 ? 0 : atomic_read(&s->refcount) - 1);
156711 }
156712 SLAB_ATTR_RO(aliases);
156713
156714 @@ -5014,6 +5090,22 @@ static ssize_t cache_dma_show(struct kmem_cache *s, char *buf)
156715 SLAB_ATTR_RO(cache_dma);
156716 #endif
156717
156718 +#ifdef CONFIG_PAX_USERCOPY
156719 +static ssize_t usercopy_show(struct kmem_cache *s, char *buf)
156720 +{
156721 + return sprintf(buf, "%d\n", !!s->usersize);
156722 +}
156723 +SLAB_ATTR_RO(usercopy);
156724 +#endif
156725 +
156726 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
156727 +static ssize_t sanitize_show(struct kmem_cache *s, char *buf)
156728 +{
156729 + return sprintf(buf, "%d\n", !(s->flags & SLAB_NO_SANITIZE));
156730 +}
156731 +SLAB_ATTR_RO(sanitize);
156732 +#endif
156733 +
156734 static ssize_t destroy_by_rcu_show(struct kmem_cache *s, char *buf)
156735 {
156736 return sprintf(buf, "%d\n", !!(s->flags & SLAB_DESTROY_BY_RCU));
156737 @@ -5069,7 +5161,7 @@ static ssize_t trace_store(struct kmem_cache *s, const char *buf,
156738 * as well as cause other issues like converting a mergeable
156739 * cache into an umergeable one.
156740 */
156741 - if (s->refcount > 1)
156742 + if (atomic_read(&s->refcount) > 1)
156743 return -EINVAL;
156744
156745 s->flags &= ~SLAB_TRACE;
156746 @@ -5187,7 +5279,7 @@ static ssize_t failslab_show(struct kmem_cache *s, char *buf)
156747 static ssize_t failslab_store(struct kmem_cache *s, const char *buf,
156748 size_t length)
156749 {
156750 - if (s->refcount > 1)
156751 + if (atomic_read(&s->refcount) > 1)
156752 return -EINVAL;
156753
156754 s->flags &= ~SLAB_FAILSLAB;
156755 @@ -5319,7 +5411,7 @@ STAT_ATTR(CPU_PARTIAL_NODE, cpu_partial_node);
156756 STAT_ATTR(CPU_PARTIAL_DRAIN, cpu_partial_drain);
156757 #endif
156758
156759 -static struct attribute *slab_attrs[] = {
156760 +static struct attribute *slab_attrs[] __read_only = {
156761 &slab_size_attr.attr,
156762 &object_size_attr.attr,
156763 &objs_per_slab_attr.attr,
156764 @@ -5354,6 +5446,12 @@ static struct attribute *slab_attrs[] = {
156765 #ifdef CONFIG_ZONE_DMA
156766 &cache_dma_attr.attr,
156767 #endif
156768 +#ifdef CONFIG_PAX_USERCOPY
156769 + &usercopy_attr.attr,
156770 +#endif
156771 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
156772 + &sanitize_attr.attr,
156773 +#endif
156774 #ifdef CONFIG_NUMA
156775 &remote_node_defrag_ratio_attr.attr,
156776 #endif
156777 @@ -5597,6 +5695,7 @@ static char *create_unique_id(struct kmem_cache *s)
156778 return name;
156779 }
156780
156781 +#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
156782 static int sysfs_slab_add(struct kmem_cache *s)
156783 {
156784 int err;
156785 @@ -5668,6 +5767,7 @@ void sysfs_slab_remove(struct kmem_cache *s)
156786 kobject_del(&s->kobj);
156787 kobject_put(&s->kobj);
156788 }
156789 +#endif
156790
156791 /*
156792 * Need to buffer aliases during bootup until sysfs becomes
156793 @@ -5681,6 +5781,7 @@ struct saved_alias {
156794
156795 static struct saved_alias *alias_list;
156796
156797 +#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
156798 static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
156799 {
156800 struct saved_alias *al;
156801 @@ -5703,6 +5804,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
156802 alias_list = al;
156803 return 0;
156804 }
156805 +#endif
156806
156807 static int __init slab_sysfs_init(void)
156808 {
156809 diff --git a/mm/sparse-vmemmap.c b/mm/sparse-vmemmap.c
156810 index 574c67b..e890af8 100644
156811 --- a/mm/sparse-vmemmap.c
156812 +++ b/mm/sparse-vmemmap.c
156813 @@ -203,7 +203,7 @@ pud_t * __meminit vmemmap_pud_populate(pgd_t *pgd, unsigned long addr, int node)
156814 void *p = vmemmap_alloc_block(PAGE_SIZE, node);
156815 if (!p)
156816 return NULL;
156817 - pud_populate(&init_mm, pud, p);
156818 + pud_populate_kernel(&init_mm, pud, p);
156819 }
156820 return pud;
156821 }
156822 @@ -215,7 +215,7 @@ pgd_t * __meminit vmemmap_pgd_populate(unsigned long addr, int node)
156823 void *p = vmemmap_alloc_block(PAGE_SIZE, node);
156824 if (!p)
156825 return NULL;
156826 - pgd_populate(&init_mm, pgd, p);
156827 + pgd_populate_kernel(&init_mm, pgd, p);
156828 }
156829 return pgd;
156830 }
156831 diff --git a/mm/sparse.c b/mm/sparse.c
156832 index 1e168bf..2dc7328 100644
156833 --- a/mm/sparse.c
156834 +++ b/mm/sparse.c
156835 @@ -749,7 +749,7 @@ static void clear_hwpoisoned_pages(struct page *memmap, int nr_pages)
156836
156837 for (i = 0; i < nr_pages; i++) {
156838 if (PageHWPoison(&memmap[i])) {
156839 - atomic_long_sub(1, &num_poisoned_pages);
156840 + atomic_long_sub_unchecked(1, &num_poisoned_pages);
156841 ClearPageHWPoison(&memmap[i]);
156842 }
156843 }
156844 diff --git a/mm/swap.c b/mm/swap.c
156845 index 75c63bb..a4dce20 100644
156846 --- a/mm/swap.c
156847 +++ b/mm/swap.c
156848 @@ -91,6 +91,13 @@ static void __put_compound_page(struct page *page)
156849 if (!PageHuge(page))
156850 __page_cache_release(page);
156851 dtor = get_compound_page_dtor(page);
156852 + if (!PageHuge(page))
156853 + BUG_ON(dtor != free_compound_page
156854 +#ifdef CONFIG_TRANSPARENT_HUGEPAGE
156855 + && dtor != free_transhuge_page
156856 +#endif
156857 + );
156858 +
156859 (*dtor)(page);
156860 }
156861
156862 diff --git a/mm/swapfile.c b/mm/swapfile.c
156863 index 2657acc..7eedf77 100644
156864 --- a/mm/swapfile.c
156865 +++ b/mm/swapfile.c
156866 @@ -90,7 +90,7 @@ static DEFINE_MUTEX(swapon_mutex);
156867
156868 static DECLARE_WAIT_QUEUE_HEAD(proc_poll_wait);
156869 /* Activity counter to indicate that a swapon or swapoff has occurred */
156870 -static atomic_t proc_poll_event = ATOMIC_INIT(0);
156871 +static atomic_unchecked_t proc_poll_event = ATOMIC_INIT(0);
156872
156873 static inline unsigned char swap_count(unsigned char ent)
156874 {
156875 @@ -1979,7 +1979,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile)
156876 spin_unlock(&swap_lock);
156877
156878 err = 0;
156879 - atomic_inc(&proc_poll_event);
156880 + atomic_inc_unchecked(&proc_poll_event);
156881 wake_up_interruptible(&proc_poll_wait);
156882
156883 out_dput:
156884 @@ -1996,8 +1996,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait)
156885
156886 poll_wait(file, &proc_poll_wait, wait);
156887
156888 - if (seq->poll_event != atomic_read(&proc_poll_event)) {
156889 - seq->poll_event = atomic_read(&proc_poll_event);
156890 + if (seq->poll_event != atomic_read_unchecked(&proc_poll_event)) {
156891 + seq->poll_event = atomic_read_unchecked(&proc_poll_event);
156892 return POLLIN | POLLRDNORM | POLLERR | POLLPRI;
156893 }
156894
156895 @@ -2095,7 +2095,7 @@ static int swaps_open(struct inode *inode, struct file *file)
156896 return ret;
156897
156898 seq = file->private_data;
156899 - seq->poll_event = atomic_read(&proc_poll_event);
156900 + seq->poll_event = atomic_read_unchecked(&proc_poll_event);
156901 return 0;
156902 }
156903
156904 @@ -2543,7 +2543,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags)
156905 (frontswap_map) ? "FS" : "");
156906
156907 mutex_unlock(&swapon_mutex);
156908 - atomic_inc(&proc_poll_event);
156909 + atomic_inc_unchecked(&proc_poll_event);
156910 wake_up_interruptible(&proc_poll_wait);
156911
156912 if (S_ISREG(inode->i_mode))
156913 diff --git a/mm/usercopy.c b/mm/usercopy.c
156914 index 3c8da0a..3e4bdaf 100644
156915 --- a/mm/usercopy.c
156916 +++ b/mm/usercopy.c
156917 @@ -16,15 +16,9 @@
156918
156919 #include <linux/mm.h>
156920 #include <linux/slab.h>
156921 +#include <linux/ratelimit.h>
156922 #include <asm/sections.h>
156923
156924 -enum {
156925 - BAD_STACK = -1,
156926 - NOT_STACK = 0,
156927 - GOOD_FRAME,
156928 - GOOD_STACK,
156929 -};
156930 -
156931 /*
156932 * Checks if a given pointer and length is contained by the current
156933 * stack frame (if possible).
156934 @@ -35,11 +29,13 @@ enum {
156935 * GOOD_STACK: fully on the stack (when can't do frame-checking)
156936 * BAD_STACK: error condition (invalid stack position or bad stack frame)
156937 */
156938 -static noinline int check_stack_object(const void *obj, unsigned long len)
156939 +static noinline int check_stack_object(unsigned long obj, unsigned long len)
156940 {
156941 - const void * const stack = task_stack_page(current);
156942 - const void * const stackend = stack + THREAD_SIZE;
156943 - int ret;
156944 + unsigned long stack = (unsigned long)task_stack_page(current);
156945 + unsigned long stackend = (unsigned long)stack + THREAD_SIZE;
156946 +
156947 + if (obj + len < obj)
156948 + return BAD_STACK;
156949
156950 /* Object is not on the stack at all. */
156951 if (obj + len <= stack || stackend <= obj)
156952 @@ -54,25 +50,29 @@ static noinline int check_stack_object(const void *obj, unsigned long len)
156953 return BAD_STACK;
156954
156955 /* Check if object is safely within a valid frame. */
156956 - ret = arch_within_stack_frames(stack, stackend, obj, len);
156957 - if (ret)
156958 - return ret;
156959 -
156960 - return GOOD_STACK;
156961 + return arch_within_stack_frames(stack, stackend, obj, len);
156962 }
156963
156964 -static void report_usercopy(const void *ptr, unsigned long len,
156965 - bool to_user, const char *type)
156966 +static DEFINE_RATELIMIT_STATE(usercopy_ratelimit, 15 * HZ, 3);
156967 +
156968 +static __noreturn void report_usercopy(const void *ptr, unsigned long len,
156969 + bool to_user, const char *type)
156970 {
156971 - pr_emerg("kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
156972 - to_user ? "exposure" : "overwrite",
156973 - to_user ? "from" : "to", ptr, type ? : "unknown", len);
156974 + if (__ratelimit(&usercopy_ratelimit)) {
156975 + pr_emerg("kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
156976 + to_user ? "exposure" : "overwrite",
156977 + to_user ? "from" : "to", ptr, type ? : "unknown", len);
156978 + dump_stack();
156979 + }
156980 + do_group_exit(SIGKILL);
156981 +#ifdef CONFIG_BROKEN_SECURITY
156982 /*
156983 * For greater effect, it would be nice to do do_group_exit(),
156984 * but BUG() actually hooks all the lock-breaking and per-arch
156985 * Oops code, so that is used here instead.
156986 */
156987 BUG();
156988 +#endif
156989 }
156990
156991 /* Returns true if any portion of [ptr,ptr+n) over laps with [low,high). */
156992 @@ -252,10 +252,15 @@ void __check_object_size(const void *ptr, unsigned long n, bool to_user)
156993 goto report;
156994
156995 /* Check for bad stack object. */
156996 - switch (check_stack_object(ptr, n)) {
156997 + switch (check_stack_object((unsigned long)ptr, n)) {
156998 case NOT_STACK:
156999 /* Object is not touching the current process stack. */
157000 - break;
157001 + /* Check for object in kernel to avoid text exposure. */
157002 + err = check_kernel_text_object(ptr, n);
157003 + if (err)
157004 + break;
157005 + return;
157006 +
157007 case GOOD_FRAME:
157008 case GOOD_STACK:
157009 /*
157010 @@ -264,16 +269,12 @@ void __check_object_size(const void *ptr, unsigned long n, bool to_user)
157011 * process stack (when frame checking not available).
157012 */
157013 return;
157014 - default:
157015 +
157016 + case BAD_STACK:
157017 err = "<process stack>";
157018 - goto report;
157019 + break;
157020 }
157021
157022 - /* Check for object in kernel to avoid text exposure. */
157023 - err = check_kernel_text_object(ptr, n);
157024 - if (!err)
157025 - return;
157026 -
157027 report:
157028 report_usercopy(ptr, n, to_user, err);
157029 }
157030 diff --git a/mm/util.c b/mm/util.c
157031 index 662cddf..ad8d778 100644
157032 --- a/mm/util.c
157033 +++ b/mm/util.c
157034 @@ -239,6 +239,12 @@ int vma_is_stack_for_task(struct vm_area_struct *vma, struct task_struct *t)
157035 void arch_pick_mmap_layout(struct mm_struct *mm)
157036 {
157037 mm->mmap_base = TASK_UNMAPPED_BASE;
157038 +
157039 +#ifdef CONFIG_PAX_RANDMMAP
157040 + if (mm->pax_flags & MF_PAX_RANDMMAP)
157041 + mm->mmap_base += mm->delta_mmap;
157042 +#endif
157043 +
157044 mm->get_unmapped_area = arch_get_unmapped_area;
157045 }
157046 #endif
157047 @@ -432,6 +438,7 @@ unsigned long sysctl_overcommit_kbytes __read_mostly;
157048 int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
157049 unsigned long sysctl_user_reserve_kbytes __read_mostly = 1UL << 17; /* 128MB */
157050 unsigned long sysctl_admin_reserve_kbytes __read_mostly = 1UL << 13; /* 8MB */
157051 +unsigned long sysctl_heap_stack_gap __read_mostly = 64*1024;
157052
157053 int overcommit_ratio_handler(struct ctl_table *table, int write,
157054 void __user *buffer, size_t *lenp,
157055 @@ -611,6 +618,9 @@ int get_cmdline(struct task_struct *task, char *buffer, int buflen)
157056 if (!mm->arg_end)
157057 goto out_mm; /* Shh! No looking before we're done */
157058
157059 + if (gr_acl_handle_procpidmem(task))
157060 + goto out_mm;
157061 +
157062 down_read(&mm->mmap_sem);
157063 arg_start = mm->arg_start;
157064 arg_end = mm->arg_end;
157065 diff --git a/mm/vmalloc.c b/mm/vmalloc.c
157066 index 91f44e7..8500d40 100644
157067 --- a/mm/vmalloc.c
157068 +++ b/mm/vmalloc.c
157069 @@ -43,20 +43,65 @@ struct vfree_deferred {
157070 struct work_struct wq;
157071 };
157072 static DEFINE_PER_CPU(struct vfree_deferred, vfree_deferred);
157073 +static DEFINE_PER_CPU(struct vfree_deferred, vunmap_deferred);
157074 +
157075 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
157076 +struct stack_deferred_llist {
157077 + struct llist_head list;
157078 + void *stack;
157079 + void *lowmem_stack;
157080 +};
157081 +
157082 +struct stack_deferred {
157083 + struct stack_deferred_llist list;
157084 + struct work_struct wq;
157085 +};
157086 +
157087 +static DEFINE_PER_CPU(struct stack_deferred, stack_deferred);
157088 +#endif
157089
157090 static void __vunmap(const void *, int);
157091
157092 -static void free_work(struct work_struct *w)
157093 +static void vfree_work(struct work_struct *w)
157094 {
157095 struct vfree_deferred *p = container_of(w, struct vfree_deferred, wq);
157096 struct llist_node *llnode = llist_del_all(&p->list);
157097 while (llnode) {
157098 - void *p = llnode;
157099 + void *x = llnode;
157100 llnode = llist_next(llnode);
157101 - __vunmap(p, 1);
157102 + __vunmap(x, 1);
157103 }
157104 }
157105
157106 +static void vunmap_work(struct work_struct *w)
157107 +{
157108 + struct vfree_deferred *p = container_of(w, struct vfree_deferred, wq);
157109 + struct llist_node *llnode = llist_del_all(&p->list);
157110 + while (llnode) {
157111 + void *x = llnode;
157112 + llnode = llist_next(llnode);
157113 + __vunmap(x, 0);
157114 + }
157115 +}
157116 +
157117 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
157118 +static void unmap_work(struct work_struct *w)
157119 +{
157120 + struct stack_deferred *p = container_of(w, struct stack_deferred, wq);
157121 + struct llist_node *llnode = llist_del_all(&p->list.list);
157122 + while (llnode) {
157123 + struct stack_deferred_llist *x =
157124 + llist_entry((struct llist_head *)llnode,
157125 + struct stack_deferred_llist, list);
157126 + void *stack = ACCESS_ONCE(x->stack);
157127 + void *lowmem_stack = ACCESS_ONCE(x->lowmem_stack);
157128 + llnode = llist_next(llnode);
157129 + __vunmap(stack, 0);
157130 + free_pages((unsigned long)lowmem_stack, THREAD_SIZE_ORDER);
157131 + }
157132 +}
157133 +#endif
157134 +
157135 /*** Page table manipulation functions ***/
157136
157137 static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
157138 @@ -64,10 +109,23 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
157139 pte_t *pte;
157140
157141 pte = pte_offset_kernel(pmd, addr);
157142 + pax_open_kernel();
157143 do {
157144 - pte_t ptent = ptep_get_and_clear(&init_mm, addr, pte);
157145 - WARN_ON(!pte_none(ptent) && !pte_present(ptent));
157146 +
157147 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
157148 + if ((unsigned long)MODULES_EXEC_VADDR <= addr && addr < (unsigned long)MODULES_EXEC_END) {
157149 + BUG_ON(!pte_exec(*pte));
157150 + set_pte_at(&init_mm, addr, pte, pfn_pte(__pa(addr) >> PAGE_SHIFT, PAGE_KERNEL_EXEC));
157151 + continue;
157152 + }
157153 +#endif
157154 +
157155 + {
157156 + pte_t ptent = ptep_get_and_clear(&init_mm, addr, pte);
157157 + WARN_ON(!pte_none(ptent) && !pte_present(ptent));
157158 + }
157159 } while (pte++, addr += PAGE_SIZE, addr != end);
157160 + pax_close_kernel();
157161 }
157162
157163 static void vunmap_pmd_range(pud_t *pud, unsigned long addr, unsigned long end)
157164 @@ -130,16 +188,29 @@ static int vmap_pte_range(pmd_t *pmd, unsigned long addr,
157165 pte = pte_alloc_kernel(pmd, addr);
157166 if (!pte)
157167 return -ENOMEM;
157168 +
157169 + pax_open_kernel();
157170 do {
157171 struct page *page = pages[*nr];
157172
157173 - if (WARN_ON(!pte_none(*pte)))
157174 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
157175 + if (pgprot_val(prot) & _PAGE_NX)
157176 +#endif
157177 +
157178 + if (!pte_none(*pte)) {
157179 + pax_close_kernel();
157180 + WARN_ON(1);
157181 return -EBUSY;
157182 - if (WARN_ON(!page))
157183 + }
157184 + if (!page) {
157185 + pax_close_kernel();
157186 + WARN_ON(1);
157187 return -ENOMEM;
157188 + }
157189 set_pte_at(&init_mm, addr, pte, mk_pte(page, prot));
157190 (*nr)++;
157191 } while (pte++, addr += PAGE_SIZE, addr != end);
157192 + pax_close_kernel();
157193 return 0;
157194 }
157195
157196 @@ -149,7 +220,7 @@ static int vmap_pmd_range(pud_t *pud, unsigned long addr,
157197 pmd_t *pmd;
157198 unsigned long next;
157199
157200 - pmd = pmd_alloc(&init_mm, pud, addr);
157201 + pmd = pmd_alloc_kernel(&init_mm, pud, addr);
157202 if (!pmd)
157203 return -ENOMEM;
157204 do {
157205 @@ -166,7 +237,7 @@ static int vmap_pud_range(pgd_t *pgd, unsigned long addr,
157206 pud_t *pud;
157207 unsigned long next;
157208
157209 - pud = pud_alloc(&init_mm, pgd, addr);
157210 + pud = pud_alloc_kernel(&init_mm, pgd, addr);
157211 if (!pud)
157212 return -ENOMEM;
157213 do {
157214 @@ -226,6 +297,12 @@ int is_vmalloc_or_module_addr(const void *x)
157215 if (addr >= MODULES_VADDR && addr < MODULES_END)
157216 return 1;
157217 #endif
157218 +
157219 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
157220 + if (x >= (const void *)MODULES_EXEC_VADDR && x < (const void *)MODULES_EXEC_END)
157221 + return 1;
157222 +#endif
157223 +
157224 return is_vmalloc_addr(x);
157225 }
157226
157227 @@ -246,8 +323,14 @@ struct page *vmalloc_to_page(const void *vmalloc_addr)
157228
157229 if (!pgd_none(*pgd)) {
157230 pud_t *pud = pud_offset(pgd, addr);
157231 +#ifdef CONFIG_X86
157232 + if (!pud_large(*pud))
157233 +#endif
157234 if (!pud_none(*pud)) {
157235 pmd_t *pmd = pmd_offset(pud, addr);
157236 +#ifdef CONFIG_X86
157237 + if (!pmd_large(*pmd))
157238 +#endif
157239 if (!pmd_none(*pmd)) {
157240 pte_t *ptep, pte;
157241
157242 @@ -350,7 +433,7 @@ static BLOCKING_NOTIFIER_HEAD(vmap_notify_list);
157243 * Allocate a region of KVA of the specified size and alignment, within the
157244 * vstart and vend.
157245 */
157246 -static struct vmap_area *alloc_vmap_area(unsigned long size,
157247 +static struct vmap_area * __size_overflow(1) alloc_vmap_area(unsigned long size,
157248 unsigned long align,
157249 unsigned long vstart, unsigned long vend,
157250 int node, gfp_t gfp_mask)
157251 @@ -1228,13 +1311,27 @@ void __init vmalloc_init(void)
157252 for_each_possible_cpu(i) {
157253 struct vmap_block_queue *vbq;
157254 struct vfree_deferred *p;
157255 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
157256 + struct stack_deferred *p2;
157257 +#endif
157258
157259 vbq = &per_cpu(vmap_block_queue, i);
157260 spin_lock_init(&vbq->lock);
157261 INIT_LIST_HEAD(&vbq->free);
157262 +
157263 p = &per_cpu(vfree_deferred, i);
157264 init_llist_head(&p->list);
157265 - INIT_WORK(&p->wq, free_work);
157266 + INIT_WORK(&p->wq, vfree_work);
157267 +
157268 + p = &per_cpu(vunmap_deferred, i);
157269 + init_llist_head(&p->list);
157270 + INIT_WORK(&p->wq, vunmap_work);
157271 +
157272 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
157273 + p2 = &per_cpu(stack_deferred, i);
157274 + init_llist_head(&p2->list.list);
157275 + INIT_WORK(&p2->wq, unmap_work);
157276 +#endif
157277 }
157278
157279 /* Import existing vmlist entries. */
157280 @@ -1359,6 +1456,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
157281 struct vm_struct *area;
157282
157283 BUG_ON(in_interrupt());
157284 +
157285 +#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
157286 + if (flags & VM_KERNEXEC) {
157287 + if (start != VMALLOC_START || end != VMALLOC_END)
157288 + return NULL;
157289 + start = (unsigned long)MODULES_EXEC_VADDR;
157290 + end = (unsigned long)MODULES_EXEC_END;
157291 + }
157292 +#endif
157293 +
157294 if (flags & VM_IOREMAP)
157295 align = 1ul << clamp_t(int, fls_long(size),
157296 PAGE_SHIFT, IOREMAP_MAX_ORDER);
157297 @@ -1371,7 +1478,11 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
157298 if (unlikely(!area))
157299 return NULL;
157300
157301 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
157302 + if (!(flags & VM_NO_GUARD) || (start >= VMALLOC_START && end <= VMALLOC_END))
157303 +#else
157304 if (!(flags & VM_NO_GUARD))
157305 +#endif
157306 size += PAGE_SIZE;
157307
157308 va = alloc_vmap_area(size, align, start, end, node, gfp_mask);
157309 @@ -1553,13 +1664,36 @@ EXPORT_SYMBOL(vfree);
157310 */
157311 void vunmap(const void *addr)
157312 {
157313 - BUG_ON(in_interrupt());
157314 - might_sleep();
157315 - if (addr)
157316 + if (!addr)
157317 + return;
157318 + if (unlikely(in_interrupt())) {
157319 + struct vfree_deferred *p = this_cpu_ptr(&vunmap_deferred);
157320 + if (pax_llist_add((struct llist_node *)addr, &p->list))
157321 + schedule_work(&p->wq);
157322 + } else {
157323 + might_sleep();
157324 __vunmap(addr, 0);
157325 + }
157326 }
157327 EXPORT_SYMBOL(vunmap);
157328
157329 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
157330 +void unmap_process_stacks(struct task_struct *task)
157331 +{
157332 + if (unlikely(in_interrupt())) {
157333 + struct stack_deferred *p = this_cpu_ptr(&stack_deferred);
157334 + struct stack_deferred_llist *list = task->stack;
157335 + list->stack = task->stack;
157336 + list->lowmem_stack = task->lowmem_stack;
157337 + if (llist_add((struct llist_node *)&list->list, &p->list.list))
157338 + schedule_work(&p->wq);
157339 + } else {
157340 + __vunmap(task->stack, 0);
157341 + free_pages((unsigned long)task->lowmem_stack, THREAD_SIZE_ORDER);
157342 + }
157343 +}
157344 +#endif
157345 +
157346 /**
157347 * vmap - map an array of pages into virtually contiguous space
157348 * @pages: array of page pointers
157349 @@ -1581,6 +1715,11 @@ void *vmap(struct page **pages, unsigned int count,
157350 if (count > totalram_pages)
157351 return NULL;
157352
157353 +#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
157354 + if (!(pgprot_val(prot) & _PAGE_NX))
157355 + flags |= VM_KERNEXEC;
157356 +#endif
157357 +
157358 size = (unsigned long)count << PAGE_SHIFT;
157359 area = get_vm_area_caller(size, flags, __builtin_return_address(0));
157360 if (!area)
157361 @@ -1684,6 +1823,14 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
157362 if (!size || (size >> PAGE_SHIFT) > totalram_pages)
157363 goto fail;
157364
157365 +#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
157366 + if (!(pgprot_val(prot) & _PAGE_NX)) {
157367 + vm_flags |= VM_KERNEXEC;
157368 + start = VMALLOC_START;
157369 + end = VMALLOC_END;
157370 + }
157371 +#endif
157372 +
157373 area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNINITIALIZED |
157374 vm_flags, start, end, node, gfp_mask, caller);
157375 if (!area)
157376 @@ -1737,6 +1884,14 @@ static void *__vmalloc_node(unsigned long size, unsigned long align,
157377 gfp_mask, prot, 0, node, caller);
157378 }
157379
157380 +void *vmalloc_usercopy(unsigned long size)
157381 +{
157382 + return __vmalloc_node_range(size, 1, VMALLOC_START, VMALLOC_END,
157383 + GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL,
157384 + VM_USERCOPY, NUMA_NO_NODE,
157385 + __builtin_return_address(0));
157386 +}
157387 +
157388 void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot)
157389 {
157390 return __vmalloc_node(size, 1, gfp_mask, prot, NUMA_NO_NODE,
157391 @@ -1751,6 +1906,16 @@ static inline void *__vmalloc_node_flags(unsigned long size,
157392 node, __builtin_return_address(0));
157393 }
157394
157395 +#if defined(CONFIG_GRKERNSEC_KSTACKOVERFLOW) && defined(CONFIG_X86_64)
157396 +void *vzalloc_irq_stack(void)
157397 +{
157398 + return __vmalloc_node(IRQ_STACK_SIZE, IRQ_STACK_SIZE,
157399 + GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO,
157400 + PAGE_KERNEL, NUMA_NO_NODE,
157401 + __builtin_return_address(0));
157402 +}
157403 +#endif
157404 +
157405 /**
157406 * vmalloc - allocate virtually contiguous memory
157407 * @size: allocation size
157408 @@ -1860,10 +2025,9 @@ EXPORT_SYMBOL(vzalloc_node);
157409 * For tight control over page level allocator and protection flags
157410 * use __vmalloc() instead.
157411 */
157412 -
157413 void *vmalloc_exec(unsigned long size)
157414 {
157415 - return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL_EXEC,
157416 + return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, PAGE_KERNEL_EXEC,
157417 NUMA_NO_NODE, __builtin_return_address(0));
157418 }
157419
157420 @@ -2170,6 +2334,8 @@ int remap_vmalloc_range_partial(struct vm_area_struct *vma, unsigned long uaddr,
157421 {
157422 struct vm_struct *area;
157423
157424 + BUG_ON(vma->vm_mirror);
157425 +
157426 size = PAGE_ALIGN(size);
157427
157428 if (!PAGE_ALIGNED(uaddr) || !PAGE_ALIGNED(kaddr))
157429 @@ -2539,7 +2705,7 @@ found:
157430 /* insert all vm's */
157431 for (area = 0; area < nr_vms; area++)
157432 setup_vmalloc_vm(vms[area], vas[area], VM_ALLOC,
157433 - pcpu_get_vm_areas);
157434 + __builtin_return_address(0));
157435
157436 kfree(vas);
157437 return vms;
157438 @@ -2652,7 +2818,11 @@ static int s_show(struct seq_file *m, void *p)
157439 v->addr, v->addr + v->size, v->size);
157440
157441 if (v->caller)
157442 +#ifdef CONFIG_GRKERNSEC_HIDESYM
157443 + seq_printf(m, " %pK", v->caller);
157444 +#else
157445 seq_printf(m, " %pS", v->caller);
157446 +#endif
157447
157448 if (v->nr_pages)
157449 seq_printf(m, " pages=%d", v->nr_pages);
157450 diff --git a/mm/vmstat.c b/mm/vmstat.c
157451 index 89cec42..673413a 100644
157452 --- a/mm/vmstat.c
157453 +++ b/mm/vmstat.c
157454 @@ -27,6 +27,7 @@
157455 #include <linux/mm_inline.h>
157456 #include <linux/page_ext.h>
157457 #include <linux/page_owner.h>
157458 +#include <linux/grsecurity.h>
157459
157460 #include "internal.h"
157461
157462 @@ -86,8 +87,8 @@ void vm_events_fold_cpu(int cpu)
157463 *
157464 * vm_stat contains the global counters
157465 */
157466 -atomic_long_t vm_zone_stat[NR_VM_ZONE_STAT_ITEMS] __cacheline_aligned_in_smp;
157467 -atomic_long_t vm_node_stat[NR_VM_NODE_STAT_ITEMS] __cacheline_aligned_in_smp;
157468 +atomic_long_unchecked_t vm_zone_stat[NR_VM_ZONE_STAT_ITEMS] __cacheline_aligned_in_smp;
157469 +atomic_long_unchecked_t vm_node_stat[NR_VM_NODE_STAT_ITEMS] __cacheline_aligned_in_smp;
157470 EXPORT_SYMBOL(vm_zone_stat);
157471 EXPORT_SYMBOL(vm_node_stat);
157472
157473 @@ -611,13 +612,13 @@ static int fold_diff(int *zone_diff, int *node_diff)
157474
157475 for (i = 0; i < NR_VM_ZONE_STAT_ITEMS; i++)
157476 if (zone_diff[i]) {
157477 - atomic_long_add(zone_diff[i], &vm_zone_stat[i]);
157478 + atomic_long_add_unchecked(zone_diff[i], &vm_zone_stat[i]);
157479 changes++;
157480 }
157481
157482 for (i = 0; i < NR_VM_NODE_STAT_ITEMS; i++)
157483 if (node_diff[i]) {
157484 - atomic_long_add(node_diff[i], &vm_node_stat[i]);
157485 + atomic_long_add_unchecked(node_diff[i], &vm_node_stat[i]);
157486 changes++;
157487 }
157488 return changes;
157489 @@ -657,7 +658,7 @@ static int refresh_cpu_vm_stats(bool do_pagesets)
157490 v = this_cpu_xchg(p->vm_stat_diff[i], 0);
157491 if (v) {
157492
157493 - atomic_long_add(v, &zone->vm_stat[i]);
157494 + atomic_long_add_unchecked(v, &zone->vm_stat[i]);
157495 global_zone_diff[i] += v;
157496 #ifdef CONFIG_NUMA
157497 /* 3 seconds idle till flush */
157498 @@ -706,7 +707,7 @@ static int refresh_cpu_vm_stats(bool do_pagesets)
157499
157500 v = this_cpu_xchg(p->vm_node_stat_diff[i], 0);
157501 if (v) {
157502 - atomic_long_add(v, &pgdat->vm_stat[i]);
157503 + atomic_long_add_unchecked(v, &pgdat->vm_stat[i]);
157504 global_node_diff[i] += v;
157505 }
157506 }
157507 @@ -740,7 +741,7 @@ void cpu_vm_stats_fold(int cpu)
157508
157509 v = p->vm_stat_diff[i];
157510 p->vm_stat_diff[i] = 0;
157511 - atomic_long_add(v, &zone->vm_stat[i]);
157512 + atomic_long_add_unchecked(v, &zone->vm_stat[i]);
157513 global_zone_diff[i] += v;
157514 }
157515 }
157516 @@ -756,7 +757,7 @@ void cpu_vm_stats_fold(int cpu)
157517
157518 v = p->vm_node_stat_diff[i];
157519 p->vm_node_stat_diff[i] = 0;
157520 - atomic_long_add(v, &pgdat->vm_stat[i]);
157521 + atomic_long_add_unchecked(v, &pgdat->vm_stat[i]);
157522 global_node_diff[i] += v;
157523 }
157524 }
157525 @@ -776,8 +777,8 @@ void drain_zonestat(struct zone *zone, struct per_cpu_pageset *pset)
157526 if (pset->vm_stat_diff[i]) {
157527 int v = pset->vm_stat_diff[i];
157528 pset->vm_stat_diff[i] = 0;
157529 - atomic_long_add(v, &zone->vm_stat[i]);
157530 - atomic_long_add(v, &vm_zone_stat[i]);
157531 + atomic_long_add_unchecked(v, &zone->vm_stat[i]);
157532 + atomic_long_add_unchecked(v, &vm_zone_stat[i]);
157533 }
157534 }
157535 #endif
157536 @@ -807,7 +808,7 @@ unsigned long sum_zone_node_page_state(int node,
157537 unsigned long node_page_state(struct pglist_data *pgdat,
157538 enum node_stat_item item)
157539 {
157540 - long x = atomic_long_read(&pgdat->vm_stat[item]);
157541 + long x = atomic_long_read_unchecked(&pgdat->vm_stat[item]);
157542 #ifdef CONFIG_SMP
157543 if (x < 0)
157544 x = 0;
157545 @@ -1556,10 +1557,22 @@ static void *vmstat_start(struct seq_file *m, loff_t *pos)
157546 stat_items_size += sizeof(struct vm_event_state);
157547 #endif
157548
157549 - v = kmalloc(stat_items_size, GFP_KERNEL);
157550 + v = kzalloc(stat_items_size, GFP_KERNEL);
157551 m->private = v;
157552 if (!v)
157553 return ERR_PTR(-ENOMEM);
157554 +
157555 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
157556 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
157557 + if (!uid_eq(current_uid(), GLOBAL_ROOT_UID)
157558 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
157559 + && !in_group_p(grsec_proc_gid)
157560 +#endif
157561 + )
157562 + return (unsigned long *)m->private + *pos;
157563 +#endif
157564 +#endif
157565 +
157566 for (i = 0; i < NR_VM_ZONE_STAT_ITEMS; i++)
157567 v[i] = global_page_state(i);
157568 v += NR_VM_ZONE_STAT_ITEMS;
157569 @@ -1656,7 +1669,7 @@ int vmstat_refresh(struct ctl_table *table, int write,
157570 if (err)
157571 return err;
157572 for (i = 0; i < NR_VM_ZONE_STAT_ITEMS; i++) {
157573 - val = atomic_long_read(&vm_zone_stat[i]);
157574 + val = atomic_long_read_unchecked(&vm_zone_stat[i]);
157575 if (val < 0) {
157576 switch (i) {
157577 case NR_PAGES_SCANNED:
157578 @@ -1856,10 +1869,16 @@ static int __init setup_vmstat(void)
157579 cpu_notifier_register_done();
157580 #endif
157581 #ifdef CONFIG_PROC_FS
157582 - proc_create("buddyinfo", S_IRUGO, NULL, &fragmentation_file_operations);
157583 - proc_create("pagetypeinfo", S_IRUGO, NULL, &pagetypeinfo_file_ops);
157584 - proc_create("vmstat", S_IRUGO, NULL, &proc_vmstat_file_operations);
157585 - proc_create("zoneinfo", S_IRUGO, NULL, &proc_zoneinfo_file_operations);
157586 + {
157587 + mode_t gr_mode = S_IRUGO;
157588 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
157589 + gr_mode = S_IRUSR;
157590 +#endif
157591 + proc_create("buddyinfo", gr_mode, NULL, &fragmentation_file_operations);
157592 + proc_create("pagetypeinfo", gr_mode, NULL, &pagetypeinfo_file_ops);
157593 + proc_create("vmstat", S_IRUGO, NULL, &proc_vmstat_file_operations);
157594 + proc_create("zoneinfo", gr_mode, NULL, &proc_zoneinfo_file_operations);
157595 + }
157596 #endif
157597 return 0;
157598 }
157599 diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
157600 index 8de138d..df7e387 100644
157601 --- a/net/8021q/vlan.c
157602 +++ b/net/8021q/vlan.c
157603 @@ -496,7 +496,7 @@ out:
157604 return NOTIFY_DONE;
157605 }
157606
157607 -static struct notifier_block vlan_notifier_block __read_mostly = {
157608 +static struct notifier_block vlan_notifier_block = {
157609 .notifier_call = vlan_device_event,
157610 };
157611
157612 @@ -571,8 +571,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
157613 err = -EPERM;
157614 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
157615 break;
157616 - if ((args.u.name_type >= 0) &&
157617 - (args.u.name_type < VLAN_NAME_TYPE_HIGHEST)) {
157618 + if (args.u.name_type < VLAN_NAME_TYPE_HIGHEST) {
157619 struct vlan_net *vn;
157620
157621 vn = net_generic(net, vlan_net_id);
157622 diff --git a/net/8021q/vlan_netlink.c b/net/8021q/vlan_netlink.c
157623 index 1270207..d165bb5 100644
157624 --- a/net/8021q/vlan_netlink.c
157625 +++ b/net/8021q/vlan_netlink.c
157626 @@ -248,7 +248,7 @@ static struct net *vlan_get_link_net(const struct net_device *dev)
157627 return dev_net(real_dev);
157628 }
157629
157630 -struct rtnl_link_ops vlan_link_ops __read_mostly = {
157631 +struct rtnl_link_ops vlan_link_ops = {
157632 .kind = "vlan",
157633 .maxtype = IFLA_VLAN_MAX,
157634 .policy = vlan_policy,
157635 diff --git a/net/9p/mod.c b/net/9p/mod.c
157636 index 6ab36ae..6f1841b 100644
157637 --- a/net/9p/mod.c
157638 +++ b/net/9p/mod.c
157639 @@ -84,7 +84,7 @@ static LIST_HEAD(v9fs_trans_list);
157640 void v9fs_register_trans(struct p9_trans_module *m)
157641 {
157642 spin_lock(&v9fs_trans_lock);
157643 - list_add_tail(&m->list, &v9fs_trans_list);
157644 + pax_list_add_tail((struct list_head *)&m->list, &v9fs_trans_list);
157645 spin_unlock(&v9fs_trans_lock);
157646 }
157647 EXPORT_SYMBOL(v9fs_register_trans);
157648 @@ -97,7 +97,7 @@ EXPORT_SYMBOL(v9fs_register_trans);
157649 void v9fs_unregister_trans(struct p9_trans_module *m)
157650 {
157651 spin_lock(&v9fs_trans_lock);
157652 - list_del_init(&m->list);
157653 + pax_list_del_init((struct list_head *)&m->list);
157654 spin_unlock(&v9fs_trans_lock);
157655 }
157656 EXPORT_SYMBOL(v9fs_unregister_trans);
157657 diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
157658 index 7bc2208..79c8068 100644
157659 --- a/net/9p/trans_fd.c
157660 +++ b/net/9p/trans_fd.c
157661 @@ -432,7 +432,7 @@ static int p9_fd_write(struct p9_client *client, void *v, int len)
157662 oldfs = get_fs();
157663 set_fs(get_ds());
157664 /* The cast to a user pointer is valid due to the set_fs() */
157665 - ret = vfs_write(ts->wr, (__force void __user *)v, len, &ts->wr->f_pos);
157666 + ret = vfs_write(ts->wr, (void __force_user *)v, len, &ts->wr->f_pos);
157667 set_fs(oldfs);
157668
157669 if (ret <= 0 && ret != -ERESTARTSYS && ret != -EAGAIN)
157670 diff --git a/net/appletalk/atalk_proc.c b/net/appletalk/atalk_proc.c
157671 index af46bc4..f9adfcd 100644
157672 --- a/net/appletalk/atalk_proc.c
157673 +++ b/net/appletalk/atalk_proc.c
157674 @@ -256,7 +256,7 @@ int __init atalk_proc_init(void)
157675 struct proc_dir_entry *p;
157676 int rc = -ENOMEM;
157677
157678 - atalk_proc_dir = proc_mkdir("atalk", init_net.proc_net);
157679 + atalk_proc_dir = proc_mkdir_restrict("atalk", init_net.proc_net);
157680 if (!atalk_proc_dir)
157681 goto out;
157682
157683 diff --git a/net/atm/atm_misc.c b/net/atm/atm_misc.c
157684 index 876fbe8..8bbea9f 100644
157685 --- a/net/atm/atm_misc.c
157686 +++ b/net/atm/atm_misc.c
157687 @@ -17,7 +17,7 @@ int atm_charge(struct atm_vcc *vcc, int truesize)
157688 if (atomic_read(&sk_atm(vcc)->sk_rmem_alloc) <= sk_atm(vcc)->sk_rcvbuf)
157689 return 1;
157690 atm_return(vcc, truesize);
157691 - atomic_inc(&vcc->stats->rx_drop);
157692 + atomic_inc_unchecked(&vcc->stats->rx_drop);
157693 return 0;
157694 }
157695 EXPORT_SYMBOL(atm_charge);
157696 @@ -39,7 +39,7 @@ struct sk_buff *atm_alloc_charge(struct atm_vcc *vcc, int pdu_size,
157697 }
157698 }
157699 atm_return(vcc, guess);
157700 - atomic_inc(&vcc->stats->rx_drop);
157701 + atomic_inc_unchecked(&vcc->stats->rx_drop);
157702 return NULL;
157703 }
157704 EXPORT_SYMBOL(atm_alloc_charge);
157705 @@ -86,7 +86,7 @@ EXPORT_SYMBOL(atm_pcr_goal);
157706
157707 void sonet_copy_stats(struct k_sonet_stats *from, struct sonet_stats *to)
157708 {
157709 -#define __HANDLE_ITEM(i) to->i = atomic_read(&from->i)
157710 +#define __HANDLE_ITEM(i) to->i = atomic_read_unchecked(&from->i)
157711 __SONET_ITEMS
157712 #undef __HANDLE_ITEM
157713 }
157714 @@ -94,7 +94,7 @@ EXPORT_SYMBOL(sonet_copy_stats);
157715
157716 void sonet_subtract_stats(struct k_sonet_stats *from, struct sonet_stats *to)
157717 {
157718 -#define __HANDLE_ITEM(i) atomic_sub(to->i, &from->i)
157719 +#define __HANDLE_ITEM(i) atomic_sub_unchecked(to->i,&from->i)
157720 __SONET_ITEMS
157721 #undef __HANDLE_ITEM
157722 }
157723 diff --git a/net/atm/lec.c b/net/atm/lec.c
157724 index e574a7e..2f5a14d 100644
157725 --- a/net/atm/lec.c
157726 +++ b/net/atm/lec.c
157727 @@ -111,9 +111,9 @@ static inline void lec_arp_put(struct lec_arp_table *entry)
157728 }
157729
157730 static struct lane2_ops lane2_ops = {
157731 - lane2_resolve, /* resolve, spec 3.1.3 */
157732 - lane2_associate_req, /* associate_req, spec 3.1.4 */
157733 - NULL /* associate indicator, spec 3.1.5 */
157734 + .resolve = lane2_resolve,
157735 + .associate_req = lane2_associate_req,
157736 + .associate_indicator = NULL
157737 };
157738
157739 static unsigned char bus_mac[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
157740 diff --git a/net/atm/lec.h b/net/atm/lec.h
157741 index 4149db1..f2ab682 100644
157742 --- a/net/atm/lec.h
157743 +++ b/net/atm/lec.h
157744 @@ -48,7 +48,7 @@ struct lane2_ops {
157745 const u8 *tlvs, u32 sizeoftlvs);
157746 void (*associate_indicator) (struct net_device *dev, const u8 *mac_addr,
157747 const u8 *tlvs, u32 sizeoftlvs);
157748 -};
157749 +} __no_const;
157750
157751 /*
157752 * ATM LAN Emulation supports both LLC & Dix Ethernet EtherType
157753 diff --git a/net/atm/mpoa_caches.c b/net/atm/mpoa_caches.c
157754 index 9e60e74..a89fdeb 100644
157755 --- a/net/atm/mpoa_caches.c
157756 +++ b/net/atm/mpoa_caches.c
157757 @@ -535,33 +535,32 @@ static void eg_destroy_cache(struct mpoa_client *mpc)
157758
157759
157760 static const struct in_cache_ops ingress_ops = {
157761 - in_cache_add_entry, /* add_entry */
157762 - in_cache_get, /* get */
157763 - in_cache_get_with_mask, /* get_with_mask */
157764 - in_cache_get_by_vcc, /* get_by_vcc */
157765 - in_cache_put, /* put */
157766 - in_cache_remove_entry, /* remove_entry */
157767 - cache_hit, /* cache_hit */
157768 - clear_count_and_expired, /* clear_count */
157769 - check_resolving_entries, /* check_resolving */
157770 - refresh_entries, /* refresh */
157771 - in_destroy_cache /* destroy_cache */
157772 + .add_entry = in_cache_add_entry,
157773 + .get = in_cache_get,
157774 + .get_with_mask = in_cache_get_with_mask,
157775 + .get_by_vcc = in_cache_get_by_vcc,
157776 + .put = in_cache_put,
157777 + .remove_entry = in_cache_remove_entry,
157778 + .cache_hit = cache_hit,
157779 + .clear_count = clear_count_and_expired,
157780 + .check_resolving = check_resolving_entries,
157781 + .refresh = refresh_entries,
157782 + .destroy_cache = in_destroy_cache
157783 };
157784
157785 static const struct eg_cache_ops egress_ops = {
157786 - eg_cache_add_entry, /* add_entry */
157787 - eg_cache_get_by_cache_id, /* get_by_cache_id */
157788 - eg_cache_get_by_tag, /* get_by_tag */
157789 - eg_cache_get_by_vcc, /* get_by_vcc */
157790 - eg_cache_get_by_src_ip, /* get_by_src_ip */
157791 - eg_cache_put, /* put */
157792 - eg_cache_remove_entry, /* remove_entry */
157793 - update_eg_cache_entry, /* update */
157794 - clear_expired, /* clear_expired */
157795 - eg_destroy_cache /* destroy_cache */
157796 + .add_entry = eg_cache_add_entry,
157797 + .get_by_cache_id = eg_cache_get_by_cache_id,
157798 + .get_by_tag = eg_cache_get_by_tag,
157799 + .get_by_vcc = eg_cache_get_by_vcc,
157800 + .get_by_src_ip = eg_cache_get_by_src_ip,
157801 + .put = eg_cache_put,
157802 + .remove_entry = eg_cache_remove_entry,
157803 + .update = update_eg_cache_entry,
157804 + .clear_expired = clear_expired,
157805 + .destroy_cache = eg_destroy_cache
157806 };
157807
157808 -
157809 void atm_mpoa_init_cache(struct mpoa_client *mpc)
157810 {
157811 mpc->in_ops = &ingress_ops;
157812 diff --git a/net/atm/proc.c b/net/atm/proc.c
157813 index bbb6461..cf04016 100644
157814 --- a/net/atm/proc.c
157815 +++ b/net/atm/proc.c
157816 @@ -45,9 +45,9 @@ static void add_stats(struct seq_file *seq, const char *aal,
157817 const struct k_atm_aal_stats *stats)
157818 {
157819 seq_printf(seq, "%s ( %d %d %d %d %d )", aal,
157820 - atomic_read(&stats->tx), atomic_read(&stats->tx_err),
157821 - atomic_read(&stats->rx), atomic_read(&stats->rx_err),
157822 - atomic_read(&stats->rx_drop));
157823 + atomic_read_unchecked(&stats->tx),atomic_read_unchecked(&stats->tx_err),
157824 + atomic_read_unchecked(&stats->rx),atomic_read_unchecked(&stats->rx_err),
157825 + atomic_read_unchecked(&stats->rx_drop));
157826 }
157827
157828 static void atm_dev_info(struct seq_file *seq, const struct atm_dev *dev)
157829 diff --git a/net/atm/resources.c b/net/atm/resources.c
157830 index 0447d5d..3cf4728 100644
157831 --- a/net/atm/resources.c
157832 +++ b/net/atm/resources.c
157833 @@ -160,7 +160,7 @@ EXPORT_SYMBOL(atm_dev_deregister);
157834 static void copy_aal_stats(struct k_atm_aal_stats *from,
157835 struct atm_aal_stats *to)
157836 {
157837 -#define __HANDLE_ITEM(i) to->i = atomic_read(&from->i)
157838 +#define __HANDLE_ITEM(i) to->i = atomic_read_unchecked(&from->i)
157839 __AAL_STAT_ITEMS
157840 #undef __HANDLE_ITEM
157841 }
157842 @@ -168,7 +168,7 @@ static void copy_aal_stats(struct k_atm_aal_stats *from,
157843 static void subtract_aal_stats(struct k_atm_aal_stats *from,
157844 struct atm_aal_stats *to)
157845 {
157846 -#define __HANDLE_ITEM(i) atomic_sub(to->i, &from->i)
157847 +#define __HANDLE_ITEM(i) atomic_sub_unchecked(to->i, &from->i)
157848 __AAL_STAT_ITEMS
157849 #undef __HANDLE_ITEM
157850 }
157851 diff --git a/net/ax25/sysctl_net_ax25.c b/net/ax25/sysctl_net_ax25.c
157852 index 919a5ce..cc6b444 100644
157853 --- a/net/ax25/sysctl_net_ax25.c
157854 +++ b/net/ax25/sysctl_net_ax25.c
157855 @@ -152,7 +152,7 @@ int ax25_register_dev_sysctl(ax25_dev *ax25_dev)
157856 {
157857 char path[sizeof("net/ax25/") + IFNAMSIZ];
157858 int k;
157859 - struct ctl_table *table;
157860 + ctl_table_no_const *table;
157861
157862 table = kmemdup(ax25_param_table, sizeof(ax25_param_table), GFP_KERNEL);
157863 if (!table)
157864 diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c
157865 index 19b0abd..9a487ee 100644
157866 --- a/net/batman-adv/bat_iv_ogm.c
157867 +++ b/net/batman-adv/bat_iv_ogm.c
157868 @@ -361,7 +361,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface)
157869
157870 /* randomize initial seqno to avoid collision */
157871 get_random_bytes(&random_seqno, sizeof(random_seqno));
157872 - atomic_set(&hard_iface->bat_iv.ogm_seqno, random_seqno);
157873 + atomic_set_unchecked(&hard_iface->bat_iv.ogm_seqno, random_seqno);
157874
157875 hard_iface->bat_iv.ogm_buff_len = BATADV_OGM_HLEN;
157876 ogm_buff = kmalloc(hard_iface->bat_iv.ogm_buff_len, GFP_ATOMIC);
157877 @@ -973,9 +973,9 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface)
157878 batadv_ogm_packet->tvlv_len = htons(tvlv_len);
157879
157880 /* change sequence number to network order */
157881 - seqno = (u32)atomic_read(&hard_iface->bat_iv.ogm_seqno);
157882 + seqno = (u32)atomic_read_unchecked(&hard_iface->bat_iv.ogm_seqno);
157883 batadv_ogm_packet->seqno = htonl(seqno);
157884 - atomic_inc(&hard_iface->bat_iv.ogm_seqno);
157885 + atomic_inc_unchecked(&hard_iface->bat_iv.ogm_seqno);
157886
157887 batadv_iv_ogm_slide_own_bcast_window(hard_iface);
157888
157889 @@ -1673,7 +1673,7 @@ static void batadv_iv_ogm_process(const struct sk_buff *skb, int ogm_offset,
157890 return;
157891
157892 /* could be changed by schedule_own_packet() */
157893 - if_incoming_seqno = atomic_read(&if_incoming->bat_iv.ogm_seqno);
157894 + if_incoming_seqno = atomic_read_unchecked(&if_incoming->bat_iv.ogm_seqno);
157895
157896 if (ogm_packet->flags & BATADV_DIRECTLINK)
157897 has_directlink_flag = true;
157898 diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c
157899 index 0934730..a8189fc 100644
157900 --- a/net/batman-adv/fragmentation.c
157901 +++ b/net/batman-adv/fragmentation.c
157902 @@ -469,7 +469,7 @@ int batadv_frag_send_packet(struct sk_buff *skb,
157903 frag_header.packet_type = BATADV_UNICAST_FRAG;
157904 frag_header.version = BATADV_COMPAT_VERSION;
157905 frag_header.ttl = BATADV_TTL;
157906 - frag_header.seqno = htons(atomic_inc_return(&bat_priv->frag_seqno));
157907 + frag_header.seqno = htons(atomic_inc_return_unchecked(&bat_priv->frag_seqno));
157908 frag_header.reserved = 0;
157909 frag_header.no = 0;
157910 frag_header.total_size = htons(skb->len);
157911 diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c
157912 index 3d19947..5c61638 100644
157913 --- a/net/batman-adv/routing.c
157914 +++ b/net/batman-adv/routing.c
157915 @@ -758,7 +758,7 @@ batadv_reroute_unicast_packet(struct batadv_priv *bat_priv,
157916 if (!primary_if)
157917 goto out;
157918 orig_addr = primary_if->net_dev->dev_addr;
157919 - orig_ttvn = (u8)atomic_read(&bat_priv->tt.vn);
157920 + orig_ttvn = (u8)atomic_read_unchecked(&bat_priv->tt.vn);
157921 } else {
157922 orig_node = batadv_transtable_search(bat_priv, NULL, dst_addr,
157923 vid);
157924 @@ -834,7 +834,7 @@ static bool batadv_check_unicast_ttvn(struct batadv_priv *bat_priv,
157925 * value is used later to check if the node which sent (or re-routed
157926 * last time) the packet had an updated information or not
157927 */
157928 - curr_ttvn = (u8)atomic_read(&bat_priv->tt.vn);
157929 + curr_ttvn = (u8)atomic_read_unchecked(&bat_priv->tt.vn);
157930 if (!batadv_is_my_mac(bat_priv, unicast_packet->dest)) {
157931 orig_node = batadv_orig_hash_find(bat_priv,
157932 unicast_packet->dest);
157933 diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
157934 index 7527c06..42024c6 100644
157935 --- a/net/batman-adv/soft-interface.c
157936 +++ b/net/batman-adv/soft-interface.c
157937 @@ -180,7 +180,7 @@ static void batadv_interface_set_rx_mode(struct net_device *dev)
157938 {
157939 }
157940
157941 -static int batadv_interface_tx(struct sk_buff *skb,
157942 +static netdev_tx_t batadv_interface_tx(struct sk_buff *skb,
157943 struct net_device *soft_iface)
157944 {
157945 struct ethhdr *ethhdr;
157946 @@ -332,7 +332,7 @@ send:
157947 primary_if->net_dev->dev_addr);
157948
157949 /* set broadcast sequence number */
157950 - seqno = atomic_inc_return(&bat_priv->bcast_seqno);
157951 + seqno = atomic_inc_return_unchecked(&bat_priv->bcast_seqno);
157952 bcast_packet->seqno = htonl(seqno);
157953
157954 batadv_add_bcast_packet_to_list(bat_priv, skb, brd_delay);
157955 @@ -835,8 +835,8 @@ static int batadv_softif_init_late(struct net_device *dev)
157956 atomic_set(&bat_priv->batman_queue_left, BATADV_BATMAN_QUEUE_LEN);
157957
157958 atomic_set(&bat_priv->mesh_state, BATADV_MESH_INACTIVE);
157959 - atomic_set(&bat_priv->bcast_seqno, 1);
157960 - atomic_set(&bat_priv->tt.vn, 0);
157961 + atomic_set_unchecked(&bat_priv->bcast_seqno, 1);
157962 + atomic_set_unchecked(&bat_priv->tt.vn, 0);
157963 atomic_set(&bat_priv->tt.local_changes, 0);
157964 atomic_set(&bat_priv->tt.ogm_append_cnt, 0);
157965 #ifdef CONFIG_BATMAN_ADV_BLA
157966 @@ -851,7 +851,7 @@ static int batadv_softif_init_late(struct net_device *dev)
157967
157968 /* randomize initial seqno to avoid collision */
157969 get_random_bytes(&random_seqno, sizeof(random_seqno));
157970 - atomic_set(&bat_priv->frag_seqno, random_seqno);
157971 + atomic_set_unchecked(&bat_priv->frag_seqno, random_seqno);
157972
157973 bat_priv->primary_if = NULL;
157974 bat_priv->num_ifaces = 0;
157975 @@ -1069,7 +1069,7 @@ bool batadv_softif_is_valid(const struct net_device *net_dev)
157976 return false;
157977 }
157978
157979 -struct rtnl_link_ops batadv_link_ops __read_mostly = {
157980 +struct rtnl_link_ops batadv_link_ops = {
157981 .kind = "batadv",
157982 .priv_size = sizeof(struct batadv_priv),
157983 .setup = batadv_softif_init_early,
157984 diff --git a/net/batman-adv/sysfs.c b/net/batman-adv/sysfs.c
157985 index fe9ca94..ae07bdc 100644
157986 --- a/net/batman-adv/sysfs.c
157987 +++ b/net/batman-adv/sysfs.c
157988 @@ -146,7 +146,7 @@ struct batadv_attribute batadv_attr_##_name = { \
157989
157990 #define BATADV_ATTR_SIF_STORE_BOOL(_name, _post_func) \
157991 ssize_t batadv_store_##_name(struct kobject *kobj, \
157992 - struct attribute *attr, char *buff, \
157993 + struct kobj_attribute *attr, char *buff, \
157994 size_t count) \
157995 { \
157996 struct net_device *net_dev = batadv_kobj_to_netdev(kobj); \
157997 @@ -158,7 +158,7 @@ ssize_t batadv_store_##_name(struct kobject *kobj, \
157998
157999 #define BATADV_ATTR_SIF_SHOW_BOOL(_name) \
158000 ssize_t batadv_show_##_name(struct kobject *kobj, \
158001 - struct attribute *attr, char *buff) \
158002 + struct kobj_attribute *attr, char *buff) \
158003 { \
158004 struct batadv_priv *bat_priv = batadv_kobj_to_batpriv(kobj); \
158005 \
158006 @@ -178,7 +178,7 @@ ssize_t batadv_show_##_name(struct kobject *kobj, \
158007
158008 #define BATADV_ATTR_SIF_STORE_UINT(_name, _var, _min, _max, _post_func) \
158009 ssize_t batadv_store_##_name(struct kobject *kobj, \
158010 - struct attribute *attr, char *buff, \
158011 + struct kobj_attribute *attr, char *buff, \
158012 size_t count) \
158013 { \
158014 struct net_device *net_dev = batadv_kobj_to_netdev(kobj); \
158015 @@ -191,7 +191,7 @@ ssize_t batadv_store_##_name(struct kobject *kobj, \
158016
158017 #define BATADV_ATTR_SIF_SHOW_UINT(_name, _var) \
158018 ssize_t batadv_show_##_name(struct kobject *kobj, \
158019 - struct attribute *attr, char *buff) \
158020 + struct kobj_attribute *attr, char *buff) \
158021 { \
158022 struct batadv_priv *bat_priv = batadv_kobj_to_batpriv(kobj); \
158023 \
158024 @@ -209,7 +209,7 @@ ssize_t batadv_show_##_name(struct kobject *kobj, \
158025
158026 #define BATADV_ATTR_VLAN_STORE_BOOL(_name, _post_func) \
158027 ssize_t batadv_store_vlan_##_name(struct kobject *kobj, \
158028 - struct attribute *attr, char *buff, \
158029 + struct kobj_attribute *attr, char *buff,\
158030 size_t count) \
158031 { \
158032 struct batadv_priv *bat_priv = batadv_vlan_kobj_to_batpriv(kobj);\
158033 @@ -225,7 +225,7 @@ ssize_t batadv_store_vlan_##_name(struct kobject *kobj, \
158034
158035 #define BATADV_ATTR_VLAN_SHOW_BOOL(_name) \
158036 ssize_t batadv_show_vlan_##_name(struct kobject *kobj, \
158037 - struct attribute *attr, char *buff) \
158038 + struct kobj_attribute *attr, char *buff)\
158039 { \
158040 struct batadv_priv *bat_priv = batadv_vlan_kobj_to_batpriv(kobj);\
158041 struct batadv_softif_vlan *vlan = batadv_kobj_to_vlan(bat_priv, \
158042 @@ -247,7 +247,7 @@ ssize_t batadv_show_vlan_##_name(struct kobject *kobj, \
158043
158044 #define BATADV_ATTR_HIF_STORE_UINT(_name, _var, _min, _max, _post_func) \
158045 ssize_t batadv_store_##_name(struct kobject *kobj, \
158046 - struct attribute *attr, char *buff, \
158047 + struct kobj_attribute *attr, char *buff, \
158048 size_t count) \
158049 { \
158050 struct net_device *net_dev = batadv_kobj_to_netdev(kobj); \
158051 @@ -268,7 +268,7 @@ ssize_t batadv_store_##_name(struct kobject *kobj, \
158052
158053 #define BATADV_ATTR_HIF_SHOW_UINT(_name, _var) \
158054 ssize_t batadv_show_##_name(struct kobject *kobj, \
158055 - struct attribute *attr, char *buff) \
158056 + struct kobj_attribute *attr, char *buff) \
158057 { \
158058 struct net_device *net_dev = batadv_kobj_to_netdev(kobj); \
158059 struct batadv_hard_iface *hard_iface; \
158060 @@ -338,13 +338,13 @@ static int batadv_store_bool_attr(char *buff, size_t count,
158061 static inline ssize_t
158062 __batadv_store_bool_attr(char *buff, size_t count,
158063 void (*post_func)(struct net_device *),
158064 - struct attribute *attr,
158065 + struct kobj_attribute *attr,
158066 atomic_t *attr_store, struct net_device *net_dev)
158067 {
158068 bool changed;
158069 int ret;
158070
158071 - ret = batadv_store_bool_attr(buff, count, net_dev, attr->name,
158072 + ret = batadv_store_bool_attr(buff, count, net_dev, attr->attr.name,
158073 attr_store, &changed);
158074 if (post_func && changed)
158075 post_func(net_dev);
158076 @@ -393,13 +393,13 @@ static int batadv_store_uint_attr(const char *buff, size_t count,
158077 static ssize_t __batadv_store_uint_attr(const char *buff, size_t count,
158078 int min, int max,
158079 void (*post_func)(struct net_device *),
158080 - const struct attribute *attr,
158081 + const struct kobj_attribute *attr,
158082 atomic_t *attr_store,
158083 struct net_device *net_dev)
158084 {
158085 int ret;
158086
158087 - ret = batadv_store_uint_attr(buff, count, net_dev, attr->name, min, max,
158088 + ret = batadv_store_uint_attr(buff, count, net_dev, attr->attr.name, min, max,
158089 attr_store);
158090 if (post_func && ret)
158091 post_func(net_dev);
158092 @@ -408,7 +408,7 @@ static ssize_t __batadv_store_uint_attr(const char *buff, size_t count,
158093 }
158094
158095 static ssize_t batadv_show_bat_algo(struct kobject *kobj,
158096 - struct attribute *attr, char *buff)
158097 + struct kobj_attribute *attr, char *buff)
158098 {
158099 struct batadv_priv *bat_priv = batadv_kobj_to_batpriv(kobj);
158100
158101 @@ -422,7 +422,7 @@ static void batadv_post_gw_reselect(struct net_device *net_dev)
158102 batadv_gw_reselect(bat_priv);
158103 }
158104
158105 -static ssize_t batadv_show_gw_mode(struct kobject *kobj, struct attribute *attr,
158106 +static ssize_t batadv_show_gw_mode(struct kobject *kobj, struct kobj_attribute *attr,
158107 char *buff)
158108 {
158109 struct batadv_priv *bat_priv = batadv_kobj_to_batpriv(kobj);
158110 @@ -447,7 +447,7 @@ static ssize_t batadv_show_gw_mode(struct kobject *kobj, struct attribute *attr,
158111 }
158112
158113 static ssize_t batadv_store_gw_mode(struct kobject *kobj,
158114 - struct attribute *attr, char *buff,
158115 + struct kobj_attribute *attr, char *buff,
158116 size_t count)
158117 {
158118 struct net_device *net_dev = batadv_kobj_to_netdev(kobj);
158119 @@ -515,7 +515,7 @@ static ssize_t batadv_store_gw_mode(struct kobject *kobj,
158120 }
158121
158122 static ssize_t batadv_show_gw_bwidth(struct kobject *kobj,
158123 - struct attribute *attr, char *buff)
158124 + struct kobj_attribute *attr, char *buff)
158125 {
158126 struct batadv_priv *bat_priv = batadv_kobj_to_batpriv(kobj);
158127 u32 down, up;
158128 @@ -528,7 +528,7 @@ static ssize_t batadv_show_gw_bwidth(struct kobject *kobj,
158129 }
158130
158131 static ssize_t batadv_store_gw_bwidth(struct kobject *kobj,
158132 - struct attribute *attr, char *buff,
158133 + struct kobj_attribute *attr, char *buff,
158134 size_t count)
158135 {
158136 struct net_device *net_dev = batadv_kobj_to_netdev(kobj);
158137 @@ -549,7 +549,7 @@ static ssize_t batadv_store_gw_bwidth(struct kobject *kobj,
158138 * error code in case of failure
158139 */
158140 static ssize_t batadv_show_isolation_mark(struct kobject *kobj,
158141 - struct attribute *attr, char *buff)
158142 + struct kobj_attribute *attr, char *buff)
158143 {
158144 struct batadv_priv *bat_priv = batadv_kobj_to_batpriv(kobj);
158145
158146 @@ -568,7 +568,7 @@ static ssize_t batadv_show_isolation_mark(struct kobject *kobj,
158147 * Return: 'count' on success or a negative error code in case of failure
158148 */
158149 static ssize_t batadv_store_isolation_mark(struct kobject *kobj,
158150 - struct attribute *attr, char *buff,
158151 + struct kobj_attribute *attr, char *buff,
158152 size_t count)
158153 {
158154 struct net_device *net_dev = batadv_kobj_to_netdev(kobj);
158155 @@ -805,7 +805,7 @@ void batadv_sysfs_del_vlan(struct batadv_priv *bat_priv,
158156 }
158157
158158 static ssize_t batadv_show_mesh_iface(struct kobject *kobj,
158159 - struct attribute *attr, char *buff)
158160 + struct kobj_attribute *attr, char *buff)
158161 {
158162 struct net_device *net_dev = batadv_kobj_to_netdev(kobj);
158163 struct batadv_hard_iface *hard_iface;
158164 @@ -829,7 +829,7 @@ static ssize_t batadv_show_mesh_iface(struct kobject *kobj,
158165 }
158166
158167 static ssize_t batadv_store_mesh_iface(struct kobject *kobj,
158168 - struct attribute *attr, char *buff,
158169 + struct kobj_attribute *attr, char *buff,
158170 size_t count)
158171 {
158172 struct net_device *net_dev = batadv_kobj_to_netdev(kobj);
158173 @@ -887,7 +887,7 @@ out:
158174 }
158175
158176 static ssize_t batadv_show_iface_status(struct kobject *kobj,
158177 - struct attribute *attr, char *buff)
158178 + struct kobj_attribute *attr, char *buff)
158179 {
158180 struct net_device *net_dev = batadv_kobj_to_netdev(kobj);
158181 struct batadv_hard_iface *hard_iface;
158182 @@ -934,7 +934,7 @@ static ssize_t batadv_show_iface_status(struct kobject *kobj,
158183 * Return: 'count' on success or a negative error code in case of failure
158184 */
158185 static ssize_t batadv_store_throughput_override(struct kobject *kobj,
158186 - struct attribute *attr,
158187 + struct kobj_attribute *attr,
158188 char *buff, size_t count)
158189 {
158190 struct net_device *net_dev = batadv_kobj_to_netdev(kobj);
158191 @@ -972,7 +972,7 @@ out:
158192 }
158193
158194 static ssize_t batadv_show_throughput_override(struct kobject *kobj,
158195 - struct attribute *attr,
158196 + struct kobj_attribute *attr,
158197 char *buff)
158198 {
158199 struct net_device *net_dev = batadv_kobj_to_netdev(kobj);
158200 diff --git a/net/batman-adv/sysfs.h b/net/batman-adv/sysfs.h
158201 index c76021b..3aef377 100644
158202 --- a/net/batman-adv/sysfs.h
158203 +++ b/net/batman-adv/sysfs.h
158204 @@ -37,9 +37,9 @@ struct net_device;
158205
158206 struct batadv_attribute {
158207 struct attribute attr;
158208 - ssize_t (*show)(struct kobject *kobj, struct attribute *attr,
158209 + ssize_t (*show)(struct kobject *kobj, struct kobj_attribute *attr,
158210 char *buf);
158211 - ssize_t (*store)(struct kobject *kobj, struct attribute *attr,
158212 + ssize_t (*store)(struct kobject *kobj, struct kobj_attribute *attr,
158213 char *buf, size_t count);
158214 };
158215
158216 diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
158217 index 7e6df7a..474128b 100644
158218 --- a/net/batman-adv/translation-table.c
158219 +++ b/net/batman-adv/translation-table.c
158220 @@ -664,7 +664,7 @@ bool batadv_tt_local_add(struct net_device *soft_iface, const u8 *addr,
158221 batadv_dbg(BATADV_DBG_TT, bat_priv,
158222 "Creating new local tt entry: %pM (vid: %d, ttvn: %d)\n",
158223 addr, BATADV_PRINT_VID(vid),
158224 - (u8)atomic_read(&bat_priv->tt.vn));
158225 + (u8)atomic_read_unchecked(&bat_priv->tt.vn));
158226
158227 ether_addr_copy(tt_local->common.addr, addr);
158228 /* The local entry has to be marked as NEW to avoid to send it in
158229 @@ -894,7 +894,7 @@ batadv_tt_prepare_tvlv_local_data(struct batadv_priv *bat_priv,
158230 }
158231
158232 (*tt_data)->flags = BATADV_NO_FLAGS;
158233 - (*tt_data)->ttvn = atomic_read(&bat_priv->tt.vn);
158234 + (*tt_data)->ttvn = atomic_read_unchecked(&bat_priv->tt.vn);
158235 (*tt_data)->num_vlan = htons(num_vlan);
158236
158237 tt_vlan = (struct batadv_tvlv_tt_vlan_data *)(*tt_data + 1);
158238 @@ -1011,7 +1011,7 @@ int batadv_tt_local_seq_print_text(struct seq_file *seq, void *offset)
158239
158240 seq_printf(seq,
158241 "Locally retrieved addresses (from %s) announced via TT (TTVN: %u):\n",
158242 - net_dev->name, (u8)atomic_read(&bat_priv->tt.vn));
158243 + net_dev->name, (u8)atomic_read_unchecked(&bat_priv->tt.vn));
158244 seq_puts(seq,
158245 " Client VID Flags Last seen (CRC )\n");
158246
158247 @@ -2818,7 +2818,7 @@ static bool batadv_send_my_tt_response(struct batadv_priv *bat_priv,
158248
158249 spin_lock_bh(&bat_priv->tt.commit_lock);
158250
158251 - my_ttvn = (u8)atomic_read(&bat_priv->tt.vn);
158252 + my_ttvn = (u8)atomic_read_unchecked(&bat_priv->tt.vn);
158253 req_ttvn = tt_data->ttvn;
158254
158255 orig_node = batadv_orig_hash_find(bat_priv, req_src);
158256 @@ -2857,7 +2857,7 @@ static bool batadv_send_my_tt_response(struct batadv_priv *bat_priv,
158257 bat_priv->tt.last_changeset_len);
158258 spin_unlock_bh(&bat_priv->tt.last_changeset_lock);
158259 } else {
158260 - req_ttvn = (u8)atomic_read(&bat_priv->tt.vn);
158261 + req_ttvn = (u8)atomic_read_unchecked(&bat_priv->tt.vn);
158262
158263 /* allocate the tvlv, put the tt_data and all the tt_vlan_data
158264 * in the initial part
158265 @@ -3376,10 +3376,10 @@ static void batadv_tt_local_commit_changes_nolock(struct batadv_priv *bat_priv)
158266 batadv_tt_local_update_crc(bat_priv);
158267
158268 /* Increment the TTVN only once per OGM interval */
158269 - atomic_inc(&bat_priv->tt.vn);
158270 + atomic_inc_unchecked(&bat_priv->tt.vn);
158271 batadv_dbg(BATADV_DBG_TT, bat_priv,
158272 "Local changes committed, updating to ttvn %u\n",
158273 - (u8)atomic_read(&bat_priv->tt.vn));
158274 + (u8)atomic_read_unchecked(&bat_priv->tt.vn));
158275
158276 /* reset the sending counter */
158277 atomic_set(&bat_priv->tt.ogm_append_cnt, BATADV_TT_OGM_APPEND_MAX);
158278 diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
158279 index a64522c..168782d 100644
158280 --- a/net/batman-adv/types.h
158281 +++ b/net/batman-adv/types.h
158282 @@ -84,7 +84,7 @@ enum batadv_dhcp_recipient {
158283 struct batadv_hard_iface_bat_iv {
158284 unsigned char *ogm_buff;
158285 int ogm_buff_len;
158286 - atomic_t ogm_seqno;
158287 + atomic_unchecked_t ogm_seqno;
158288 };
158289
158290 /**
158291 @@ -633,7 +633,7 @@ enum batadv_counters {
158292 * @work: work queue callback item for translation table purging
158293 */
158294 struct batadv_priv_tt {
158295 - atomic_t vn;
158296 + atomic_unchecked_t vn;
158297 atomic_t ogm_append_cnt;
158298 atomic_t local_changes;
158299 struct list_head changes_list;
158300 @@ -1042,7 +1042,7 @@ struct batadv_priv {
158301 atomic_t bonding;
158302 atomic_t fragmentation;
158303 atomic_t packet_size_max;
158304 - atomic_t frag_seqno;
158305 + atomic_unchecked_t frag_seqno;
158306 #ifdef CONFIG_BATMAN_ADV_BLA
158307 atomic_t bridge_loop_avoidance;
158308 #endif
158309 @@ -1059,7 +1059,7 @@ struct batadv_priv {
158310 #endif
158311 u32 isolation_mark;
158312 u32 isolation_mark_mask;
158313 - atomic_t bcast_seqno;
158314 + atomic_unchecked_t bcast_seqno;
158315 atomic_t bcast_queue_left;
158316 atomic_t batman_queue_left;
158317 char num_ifaces;
158318 diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
158319 index 96f04b7..753db63 100644
158320 --- a/net/bluetooth/hci_sock.c
158321 +++ b/net/bluetooth/hci_sock.c
158322 @@ -1482,7 +1482,7 @@ static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
158323 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
158324 }
158325
158326 - len = min_t(unsigned int, len, sizeof(uf));
158327 + len = min((size_t)len, sizeof(uf));
158328 if (copy_from_user(&uf, optval, len)) {
158329 err = -EFAULT;
158330 break;
158331 diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
158332 index d4cad29b0..25c71a9 100644
158333 --- a/net/bluetooth/l2cap_core.c
158334 +++ b/net/bluetooth/l2cap_core.c
158335 @@ -3548,8 +3548,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
158336 break;
158337
158338 case L2CAP_CONF_RFC:
158339 - if (olen == sizeof(rfc))
158340 - memcpy(&rfc, (void *)val, olen);
158341 + if (olen != sizeof(rfc))
158342 + break;
158343 +
158344 + memcpy(&rfc, (void *)val, olen);
158345
158346 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
158347 rfc.mode != chan->mode)
158348 diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
158349 index a8ba752..de24ce0 100644
158350 --- a/net/bluetooth/l2cap_sock.c
158351 +++ b/net/bluetooth/l2cap_sock.c
158352 @@ -633,7 +633,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
158353 struct sock *sk = sock->sk;
158354 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
158355 struct l2cap_options opts;
158356 - int len, err = 0;
158357 + int err = 0;
158358 + size_t len = optlen;
158359 u32 opt;
158360
158361 BT_DBG("sk %p", sk);
158362 @@ -660,7 +661,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
158363 opts.max_tx = chan->max_tx;
158364 opts.txwin_size = chan->tx_win;
158365
158366 - len = min_t(unsigned int, sizeof(opts), optlen);
158367 + len = min(sizeof(opts), len);
158368 if (copy_from_user((char *) &opts, optval, len)) {
158369 err = -EFAULT;
158370 break;
158371 @@ -747,7 +748,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
158372 struct bt_security sec;
158373 struct bt_power pwr;
158374 struct l2cap_conn *conn;
158375 - int len, err = 0;
158376 + int err = 0;
158377 + size_t len = optlen;
158378 u32 opt;
158379
158380 BT_DBG("sk %p", sk);
158381 @@ -771,7 +773,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
158382
158383 sec.level = BT_SECURITY_LOW;
158384
158385 - len = min_t(unsigned int, sizeof(sec), optlen);
158386 + len = min(sizeof(sec), len);
158387 if (copy_from_user((char *) &sec, optval, len)) {
158388 err = -EFAULT;
158389 break;
158390 @@ -867,7 +869,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
158391
158392 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
158393
158394 - len = min_t(unsigned int, sizeof(pwr), optlen);
158395 + len = min(sizeof(pwr), len);
158396 if (copy_from_user((char *) &pwr, optval, len)) {
158397 err = -EFAULT;
158398 break;
158399 diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
158400 index 7511df7..a670df3 100644
158401 --- a/net/bluetooth/rfcomm/sock.c
158402 +++ b/net/bluetooth/rfcomm/sock.c
158403 @@ -690,7 +690,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c
158404 struct sock *sk = sock->sk;
158405 struct bt_security sec;
158406 int err = 0;
158407 - size_t len;
158408 + size_t len = optlen;
158409 u32 opt;
158410
158411 BT_DBG("sk %p", sk);
158412 @@ -712,7 +712,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c
158413
158414 sec.level = BT_SECURITY_LOW;
158415
158416 - len = min_t(unsigned int, sizeof(sec), optlen);
158417 + len = min(sizeof(sec), len);
158418 if (copy_from_user((char *) &sec, optval, len)) {
158419 err = -EFAULT;
158420 break;
158421 diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
158422 index 8e385a0..a5bdd8e 100644
158423 --- a/net/bluetooth/rfcomm/tty.c
158424 +++ b/net/bluetooth/rfcomm/tty.c
158425 @@ -752,7 +752,7 @@ static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
158426 BT_DBG("tty %p id %d", tty, tty->index);
158427
158428 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
158429 - dev->channel, dev->port.count);
158430 + dev->channel, atomic_read(&dev->port.count));
158431
158432 err = tty_port_open(&dev->port, tty, filp);
158433 if (err)
158434 @@ -775,7 +775,7 @@ static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
158435 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
158436
158437 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
158438 - dev->port.count);
158439 + atomic_read(&dev->port.count));
158440
158441 tty_port_close(&dev->port, tty, filp);
158442 }
158443 diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c
158444 index 77e7f69..6572d43 100644
158445 --- a/net/bridge/br_netfilter_hooks.c
158446 +++ b/net/bridge/br_netfilter_hooks.c
158447 @@ -982,13 +982,13 @@ static void __net_exit brnf_exit_net(struct net *net)
158448 brnet->enabled = false;
158449 }
158450
158451 -static struct pernet_operations brnf_net_ops __read_mostly = {
158452 +static struct pernet_operations brnf_net_ops = {
158453 .exit = brnf_exit_net,
158454 .id = &brnf_net_id,
158455 .size = sizeof(struct brnf_net),
158456 };
158457
158458 -static struct notifier_block brnf_notifier __read_mostly = {
158459 +static struct notifier_block brnf_notifier = {
158460 .notifier_call = brnf_device_event,
158461 };
158462
158463 diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
158464 index f2a29e4..34963c3 100644
158465 --- a/net/bridge/br_netlink.c
158466 +++ b/net/bridge/br_netlink.c
158467 @@ -1395,7 +1395,7 @@ static struct rtnl_af_ops br_af_ops __read_mostly = {
158468 .get_link_af_size = br_get_link_af_size_filtered,
158469 };
158470
158471 -struct rtnl_link_ops br_link_ops __read_mostly = {
158472 +struct rtnl_link_ops br_link_ops = {
158473 .kind = "bridge",
158474 .priv_size = sizeof(struct net_bridge),
158475 .setup = br_dev_setup,
158476 diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
158477 index 0833c25..c649cbf 100644
158478 --- a/net/bridge/netfilter/ebtables.c
158479 +++ b/net/bridge/netfilter/ebtables.c
158480 @@ -1547,7 +1547,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
158481 tmp.valid_hooks = t->table->valid_hooks;
158482 }
158483 mutex_unlock(&ebt_mutex);
158484 - if (copy_to_user(user, &tmp, *len) != 0) {
158485 + if (*len > sizeof(tmp) || copy_to_user(user, &tmp, *len) != 0) {
158486 BUGPRINT("c2u Didn't work\n");
158487 ret = -EFAULT;
158488 break;
158489 @@ -2351,7 +2351,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd,
158490 goto out;
158491 tmp.valid_hooks = t->valid_hooks;
158492
158493 - if (copy_to_user(user, &tmp, *len) != 0) {
158494 + if (*len > sizeof(tmp) || copy_to_user(user, &tmp, *len) != 0) {
158495 ret = -EFAULT;
158496 break;
158497 }
158498 @@ -2362,7 +2362,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd,
158499 tmp.entries_size = t->table->entries_size;
158500 tmp.valid_hooks = t->table->valid_hooks;
158501
158502 - if (copy_to_user(user, &tmp, *len) != 0) {
158503 + if (*len > sizeof(tmp) || copy_to_user(user, &tmp, *len) != 0) {
158504 ret = -EFAULT;
158505 break;
158506 }
158507 diff --git a/net/caif/cfctrl.c b/net/caif/cfctrl.c
158508 index f5afda1..dcf770a 100644
158509 --- a/net/caif/cfctrl.c
158510 +++ b/net/caif/cfctrl.c
158511 @@ -10,6 +10,7 @@
158512 #include <linux/spinlock.h>
158513 #include <linux/slab.h>
158514 #include <linux/pkt_sched.h>
158515 +#include <linux/sched.h>
158516 #include <net/caif/caif_layer.h>
158517 #include <net/caif/cfpkt.h>
158518 #include <net/caif/cfctrl.h>
158519 @@ -43,8 +44,8 @@ struct cflayer *cfctrl_create(void)
158520 memset(&dev_info, 0, sizeof(dev_info));
158521 dev_info.id = 0xff;
158522 cfsrvl_init(&this->serv, 0, &dev_info, false);
158523 - atomic_set(&this->req_seq_no, 1);
158524 - atomic_set(&this->rsp_seq_no, 1);
158525 + atomic_set_unchecked(&this->req_seq_no, 1);
158526 + atomic_set_unchecked(&this->rsp_seq_no, 1);
158527 this->serv.layer.receive = cfctrl_recv;
158528 sprintf(this->serv.layer.name, "ctrl");
158529 this->serv.layer.ctrlcmd = cfctrl_ctrlcmd;
158530 @@ -130,8 +131,8 @@ static void cfctrl_insert_req(struct cfctrl *ctrl,
158531 struct cfctrl_request_info *req)
158532 {
158533 spin_lock_bh(&ctrl->info_list_lock);
158534 - atomic_inc(&ctrl->req_seq_no);
158535 - req->sequence_no = atomic_read(&ctrl->req_seq_no);
158536 + atomic_inc_unchecked(&ctrl->req_seq_no);
158537 + req->sequence_no = atomic_read_unchecked(&ctrl->req_seq_no);
158538 list_add_tail(&req->list, &ctrl->list);
158539 spin_unlock_bh(&ctrl->info_list_lock);
158540 }
158541 @@ -149,7 +150,7 @@ static struct cfctrl_request_info *cfctrl_remove_req(struct cfctrl *ctrl,
158542 if (p != first)
158543 pr_warn("Requests are not received in order\n");
158544
158545 - atomic_set(&ctrl->rsp_seq_no,
158546 + atomic_set_unchecked(&ctrl->rsp_seq_no,
158547 p->sequence_no);
158548 list_del(&p->list);
158549 goto out;
158550 diff --git a/net/caif/chnl_net.c b/net/caif/chnl_net.c
158551 index 3408ed5..885aab5 100644
158552 --- a/net/caif/chnl_net.c
158553 +++ b/net/caif/chnl_net.c
158554 @@ -213,7 +213,7 @@ static void chnl_flowctrl_cb(struct cflayer *layr, enum caif_ctrlcmd flow,
158555 }
158556 }
158557
158558 -static int chnl_net_start_xmit(struct sk_buff *skb, struct net_device *dev)
158559 +static netdev_tx_t chnl_net_start_xmit(struct sk_buff *skb, struct net_device *dev)
158560 {
158561 struct chnl_net *priv;
158562 struct cfpkt *pkt = NULL;
158563 @@ -514,7 +514,7 @@ static const struct nla_policy ipcaif_policy[IFLA_CAIF_MAX + 1] = {
158564 };
158565
158566
158567 -static struct rtnl_link_ops ipcaif_link_ops __read_mostly = {
158568 +static struct rtnl_link_ops ipcaif_link_ops = {
158569 .kind = "caif",
158570 .priv_size = sizeof(struct chnl_net),
158571 .setup = ipcaif_net_setup,
158572 diff --git a/net/can/af_can.c b/net/can/af_can.c
158573 index 1108079..1871d16 100644
158574 --- a/net/can/af_can.c
158575 +++ b/net/can/af_can.c
158576 @@ -890,7 +890,7 @@ static const struct net_proto_family can_family_ops = {
158577 };
158578
158579 /* notifier block for netdevice event */
158580 -static struct notifier_block can_netdev_notifier __read_mostly = {
158581 +static struct notifier_block can_netdev_notifier = {
158582 .notifier_call = can_notifier,
158583 };
158584
158585 diff --git a/net/can/bcm.c b/net/can/bcm.c
158586 index 8e999ff..684a43e 100644
158587 --- a/net/can/bcm.c
158588 +++ b/net/can/bcm.c
158589 @@ -1674,7 +1674,7 @@ static int __init bcm_module_init(void)
158590 }
158591
158592 /* create /proc/net/can-bcm directory */
158593 - proc_dir = proc_mkdir("can-bcm", init_net.proc_net);
158594 + proc_dir = proc_mkdir_restrict("can-bcm", init_net.proc_net);
158595 return 0;
158596 }
158597
158598 diff --git a/net/can/gw.c b/net/can/gw.c
158599 index 4551687..4e82e9b 100644
158600 --- a/net/can/gw.c
158601 +++ b/net/can/gw.c
158602 @@ -80,7 +80,6 @@ MODULE_PARM_DESC(max_hops,
158603 "default: " __stringify(CGW_DEFAULT_HOPS) ")");
158604
158605 static HLIST_HEAD(cgw_list);
158606 -static struct notifier_block notifier;
158607
158608 static struct kmem_cache *cgw_cache __read_mostly;
158609
158610 @@ -992,6 +991,10 @@ static int cgw_remove_job(struct sk_buff *skb, struct nlmsghdr *nlh)
158611 return err;
158612 }
158613
158614 +static struct notifier_block notifier = {
158615 + .notifier_call = cgw_notifier
158616 +};
158617 +
158618 static __init int cgw_module_init(void)
158619 {
158620 /* sanitize given module parameter */
158621 @@ -1007,7 +1010,6 @@ static __init int cgw_module_init(void)
158622 return -ENOMEM;
158623
158624 /* set notifier */
158625 - notifier.notifier_call = cgw_notifier;
158626 register_netdevice_notifier(&notifier);
158627
158628 if (__rtnl_register(PF_CAN, RTM_GETROUTE, NULL, cgw_dump_jobs, NULL)) {
158629 diff --git a/net/can/proc.c b/net/can/proc.c
158630 index 85ef7bb..84c0fec 100644
158631 --- a/net/can/proc.c
158632 +++ b/net/can/proc.c
158633 @@ -514,7 +514,7 @@ static void can_remove_proc_readentry(const char *name)
158634 void can_init_proc(void)
158635 {
158636 /* create /proc/net/can directory */
158637 - can_dir = proc_mkdir("can", init_net.proc_net);
158638 + can_dir = proc_mkdir_restrict("can", init_net.proc_net);
158639
158640 if (!can_dir) {
158641 pr_info("can: failed to create /proc/net/can.\n");
158642 diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c
158643 index bddfcf6..36880cd 100644
158644 --- a/net/ceph/ceph_common.c
158645 +++ b/net/ceph/ceph_common.c
158646 @@ -5,7 +5,7 @@
158647 #include <linux/fs.h>
158648 #include <linux/inet.h>
158649 #include <linux/in6.h>
158650 -#include <linux/key.h>
158651 +#include <linux/key-type.h>
158652 #include <keys/ceph-type.h>
158653 #include <linux/module.h>
158654 #include <linux/mount.h>
158655 diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
158656 index a550289..218652a 100644
158657 --- a/net/ceph/messenger.c
158658 +++ b/net/ceph/messenger.c
158659 @@ -187,7 +187,7 @@ static void con_fault(struct ceph_connection *con);
158660 #define MAX_ADDR_STR_LEN 64 /* 54 is enough */
158661
158662 static char addr_str[ADDR_STR_COUNT][MAX_ADDR_STR_LEN];
158663 -static atomic_t addr_str_seq = ATOMIC_INIT(0);
158664 +static atomic_unchecked_t addr_str_seq = ATOMIC_INIT(0);
158665
158666 static struct page *zero_page; /* used in certain error cases */
158667
158668 @@ -198,7 +198,7 @@ const char *ceph_pr_addr(const struct sockaddr_storage *ss)
158669 struct sockaddr_in *in4 = (struct sockaddr_in *) ss;
158670 struct sockaddr_in6 *in6 = (struct sockaddr_in6 *) ss;
158671
158672 - i = atomic_inc_return(&addr_str_seq) & ADDR_STR_COUNT_MASK;
158673 + i = atomic_inc_return_unchecked(&addr_str_seq) & ADDR_STR_COUNT_MASK;
158674 s = addr_str[i];
158675
158676 switch (ss->ss_family) {
158677 diff --git a/net/compat.c b/net/compat.c
158678 index 1cd2ec0..2650ce6 100644
158679 --- a/net/compat.c
158680 +++ b/net/compat.c
158681 @@ -58,7 +58,7 @@ int get_compat_msghdr(struct msghdr *kmsg,
158682
158683 if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
158684 kmsg->msg_namelen = sizeof(struct sockaddr_storage);
158685 - kmsg->msg_control = compat_ptr(tmp3);
158686 + kmsg->msg_control = (void __force_kernel *)compat_ptr(tmp3);
158687
158688 if (save_addr)
158689 *save_addr = compat_ptr(uaddr);
158690 @@ -98,20 +98,20 @@ int get_compat_msghdr(struct msghdr *kmsg,
158691
158692 #define CMSG_COMPAT_FIRSTHDR(msg) \
158693 (((msg)->msg_controllen) >= sizeof(struct compat_cmsghdr) ? \
158694 - (struct compat_cmsghdr __user *)((msg)->msg_control) : \
158695 + (struct compat_cmsghdr __force_user *)((msg)->msg_control) : \
158696 (struct compat_cmsghdr __user *)NULL)
158697
158698 #define CMSG_COMPAT_OK(ucmlen, ucmsg, mhdr) \
158699 ((ucmlen) >= sizeof(struct compat_cmsghdr) && \
158700 (ucmlen) <= (unsigned long) \
158701 ((mhdr)->msg_controllen - \
158702 - ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
158703 + ((char __force_kernel *)(ucmsg) - (char *)(mhdr)->msg_control)))
158704
158705 static inline struct compat_cmsghdr __user *cmsg_compat_nxthdr(struct msghdr *msg,
158706 struct compat_cmsghdr __user *cmsg, int cmsg_len)
158707 {
158708 char __user *ptr = (char __user *)cmsg + CMSG_COMPAT_ALIGN(cmsg_len);
158709 - if ((unsigned long)(ptr + 1 - (char __user *)msg->msg_control) >
158710 + if ((unsigned long)(ptr + 1 - (char __force_user *)msg->msg_control) >
158711 msg->msg_controllen)
158712 return NULL;
158713 return (struct compat_cmsghdr __user *)ptr;
158714 @@ -201,7 +201,7 @@ Efault:
158715
158716 int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *data)
158717 {
158718 - struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __user *) kmsg->msg_control;
158719 + struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __force_user *) kmsg->msg_control;
158720 struct compat_cmsghdr cmhdr;
158721 struct compat_timeval ctv;
158722 struct compat_timespec cts[3];
158723 @@ -257,7 +257,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat
158724
158725 void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm)
158726 {
158727 - struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __user *) kmsg->msg_control;
158728 + struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __force_user *) kmsg->msg_control;
158729 int fdmax = (kmsg->msg_controllen - sizeof(struct compat_cmsghdr)) / sizeof(int);
158730 int fdnum = scm->fp->count;
158731 struct file **fp = scm->fp->fp;
158732 @@ -358,7 +358,7 @@ static int do_set_sock_timeout(struct socket *sock, int level,
158733 return -EFAULT;
158734 old_fs = get_fs();
158735 set_fs(KERNEL_DS);
158736 - err = sock_setsockopt(sock, level, optname, (char *)&ktime, sizeof(ktime));
158737 + err = sock_setsockopt(sock, level, optname, (char __force_user *)&ktime, sizeof(ktime));
158738 set_fs(old_fs);
158739
158740 return err;
158741 @@ -420,7 +420,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname,
158742 len = sizeof(ktime);
158743 old_fs = get_fs();
158744 set_fs(KERNEL_DS);
158745 - err = sock_getsockopt(sock, level, optname, (char *) &ktime, &len);
158746 + err = sock_getsockopt(sock, level, optname, (char __force_user *) &ktime, (int __force_user *)&len);
158747 set_fs(old_fs);
158748
158749 if (!err) {
158750 @@ -563,7 +563,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
158751 case MCAST_JOIN_GROUP:
158752 case MCAST_LEAVE_GROUP:
158753 {
158754 - struct compat_group_req __user *gr32 = (void *)optval;
158755 + struct compat_group_req __user *gr32 = (void __user *)optval;
158756 struct group_req __user *kgr =
158757 compat_alloc_user_space(sizeof(struct group_req));
158758 u32 interface;
158759 @@ -584,7 +584,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
158760 case MCAST_BLOCK_SOURCE:
158761 case MCAST_UNBLOCK_SOURCE:
158762 {
158763 - struct compat_group_source_req __user *gsr32 = (void *)optval;
158764 + struct compat_group_source_req __user *gsr32 = (void __user *)optval;
158765 struct group_source_req __user *kgsr = compat_alloc_user_space(
158766 sizeof(struct group_source_req));
158767 u32 interface;
158768 @@ -605,7 +605,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
158769 }
158770 case MCAST_MSFILTER:
158771 {
158772 - struct compat_group_filter __user *gf32 = (void *)optval;
158773 + struct compat_group_filter __user *gf32 = (void __user *)optval;
158774 struct group_filter __user *kgf;
158775 u32 interface, fmode, numsrc;
158776
158777 @@ -643,7 +643,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname,
158778 char __user *optval, int __user *optlen,
158779 int (*getsockopt)(struct sock *, int, int, char __user *, int __user *))
158780 {
158781 - struct compat_group_filter __user *gf32 = (void *)optval;
158782 + struct compat_group_filter __user *gf32 = (void __user *)optval;
158783 struct group_filter __user *kgf;
158784 int __user *koptlen;
158785 u32 interface, fmode, numsrc;
158786 @@ -787,7 +787,7 @@ COMPAT_SYSCALL_DEFINE2(socketcall, int, call, u32 __user *, args)
158787
158788 if (call < SYS_SOCKET || call > SYS_SENDMMSG)
158789 return -EINVAL;
158790 - if (copy_from_user(a, args, nas[call]))
158791 + if (nas[call] > sizeof a || copy_from_user(a, args, nas[call]))
158792 return -EFAULT;
158793 a0 = a[0];
158794 a1 = a[1];
158795 diff --git a/net/core/datagram.c b/net/core/datagram.c
158796 index b7de71f..808387d 100644
158797 --- a/net/core/datagram.c
158798 +++ b/net/core/datagram.c
158799 @@ -360,7 +360,7 @@ int skb_kill_datagram(struct sock *sk, struct sk_buff *skb, unsigned int flags)
158800 }
158801
158802 kfree_skb(skb);
158803 - atomic_inc(&sk->sk_drops);
158804 + atomic_inc_unchecked(&sk->sk_drops);
158805 sk_mem_reclaim_partial(sk);
158806
158807 return err;
158808 diff --git a/net/core/dev.c b/net/core/dev.c
158809 index ea63120..7fbab94 100644
158810 --- a/net/core/dev.c
158811 +++ b/net/core/dev.c
158812 @@ -1768,7 +1768,7 @@ int __dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
158813 {
158814 if (skb_orphan_frags(skb, GFP_ATOMIC) ||
158815 unlikely(!is_skb_forwardable(dev, skb))) {
158816 - atomic_long_inc(&dev->rx_dropped);
158817 + atomic_long_inc_unchecked(&dev->rx_dropped);
158818 kfree_skb(skb);
158819 return NET_RX_DROP;
158820 }
158821 @@ -3005,7 +3005,7 @@ static struct sk_buff *validate_xmit_skb(struct sk_buff *skb, struct net_device
158822 out_kfree_skb:
158823 kfree_skb(skb);
158824 out_null:
158825 - atomic_long_inc(&dev->tx_dropped);
158826 + atomic_long_inc_unchecked(&dev->tx_dropped);
158827 return NULL;
158828 }
158829
158830 @@ -3425,7 +3425,7 @@ recursion_alert:
158831 rc = -ENETDOWN;
158832 rcu_read_unlock_bh();
158833
158834 - atomic_long_inc(&dev->tx_dropped);
158835 + atomic_long_inc_unchecked(&dev->tx_dropped);
158836 kfree_skb_list(skb);
158837 return rc;
158838 out:
158839 @@ -3778,7 +3778,7 @@ drop:
158840
158841 local_irq_restore(flags);
158842
158843 - atomic_long_inc(&skb->dev->rx_dropped);
158844 + atomic_long_inc_unchecked(&skb->dev->rx_dropped);
158845 kfree_skb(skb);
158846 return NET_RX_DROP;
158847 }
158848 @@ -3855,7 +3855,7 @@ int netif_rx_ni(struct sk_buff *skb)
158849 }
158850 EXPORT_SYMBOL(netif_rx_ni);
158851
158852 -static void net_tx_action(struct softirq_action *h)
158853 +static __latent_entropy void net_tx_action(void)
158854 {
158855 struct softnet_data *sd = this_cpu_ptr(&softnet_data);
158856
158857 @@ -4218,9 +4218,9 @@ ncls:
158858 } else {
158859 drop:
158860 if (!deliver_exact)
158861 - atomic_long_inc(&skb->dev->rx_dropped);
158862 + atomic_long_inc_unchecked(&skb->dev->rx_dropped);
158863 else
158864 - atomic_long_inc(&skb->dev->rx_nohandler);
158865 + atomic_long_inc_unchecked(&skb->dev->rx_nohandler);
158866 kfree_skb(skb);
158867 /* Jamal, now you will not able to escape explaining
158868 * me how you were going to use this. :-)
158869 @@ -5187,7 +5187,7 @@ out_unlock:
158870 return work;
158871 }
158872
158873 -static void net_rx_action(struct softirq_action *h)
158874 +static __latent_entropy void net_rx_action(void)
158875 {
158876 struct softnet_data *sd = this_cpu_ptr(&softnet_data);
158877 unsigned long time_limit = jiffies + 2;
158878 @@ -7520,9 +7520,9 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
158879 } else {
158880 netdev_stats_to_stats64(storage, &dev->stats);
158881 }
158882 - storage->rx_dropped += atomic_long_read(&dev->rx_dropped);
158883 - storage->tx_dropped += atomic_long_read(&dev->tx_dropped);
158884 - storage->rx_nohandler += atomic_long_read(&dev->rx_nohandler);
158885 + storage->rx_dropped += atomic_long_read_unchecked(&dev->rx_dropped);
158886 + storage->tx_dropped += atomic_long_read_unchecked(&dev->tx_dropped);
158887 + storage->rx_nohandler += atomic_long_read_unchecked(&dev->rx_nohandler);
158888 return storage;
158889 }
158890 EXPORT_SYMBOL(dev_get_stats);
158891 @@ -8144,7 +8144,7 @@ static void __net_exit netdev_exit(struct net *net)
158892 kfree(net->dev_index_head);
158893 }
158894
158895 -static struct pernet_operations __net_initdata netdev_net_ops = {
158896 +static struct pernet_operations __net_initconst netdev_net_ops = {
158897 .init = netdev_init,
158898 .exit = netdev_exit,
158899 };
158900 @@ -8244,7 +8244,7 @@ static void __net_exit default_device_exit_batch(struct list_head *net_list)
158901 rtnl_unlock();
158902 }
158903
158904 -static struct pernet_operations __net_initdata default_device_ops = {
158905 +static struct pernet_operations __net_initconst default_device_ops = {
158906 .exit = default_device_exit,
158907 .exit_batch = default_device_exit_batch,
158908 };
158909 diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
158910 index b94b1d2..da3ed7c 100644
158911 --- a/net/core/dev_ioctl.c
158912 +++ b/net/core/dev_ioctl.c
158913 @@ -368,8 +368,13 @@ void dev_load(struct net *net, const char *name)
158914 no_module = !dev;
158915 if (no_module && capable(CAP_NET_ADMIN))
158916 no_module = request_module("netdev-%s", name);
158917 - if (no_module && capable(CAP_SYS_MODULE))
158918 + if (no_module && capable(CAP_SYS_MODULE)) {
158919 +#ifdef CONFIG_GRKERNSEC_MODHARDEN
158920 + ___request_module(true, "grsec_modharden_netdev", "%s", name);
158921 +#else
158922 request_module("%s", name);
158923 +#endif
158924 + }
158925 }
158926 EXPORT_SYMBOL(dev_load);
158927
158928 diff --git a/net/core/filter.c b/net/core/filter.c
158929 index cb06ace..3cab3fc 100644
158930 --- a/net/core/filter.c
158931 +++ b/net/core/filter.c
158932 @@ -596,7 +596,11 @@ do_pass:
158933
158934 /* Unknown instruction. */
158935 default:
158936 - goto err;
158937 + WARN(1, KERN_ALERT "Unknown sock filter code:%u jt:%u tf:%u k:%u\n",
158938 + fp->code, fp->jt, fp->jf, fp->k);
158939 + kfree(addrs);
158940 + BUG();
158941 + return -EINVAL;
158942 }
158943
158944 insn++;
158945 @@ -640,7 +644,7 @@ static int check_load_and_stores(const struct sock_filter *filter, int flen)
158946 u16 *masks, memvalid = 0; /* One bit per cell, 16 cells */
158947 int pc, ret = 0;
158948
158949 - BUILD_BUG_ON(BPF_MEMWORDS > 16);
158950 + BUILD_BUG_ON(BPF_MEMWORDS != 16);
158951
158952 masks = kmalloc_array(flen, sizeof(*masks), GFP_KERNEL);
158953 if (!masks)
158954 @@ -1086,7 +1090,7 @@ int bpf_prog_create(struct bpf_prog **pfp, struct sock_fprog_kern *fprog)
158955 if (!fp)
158956 return -ENOMEM;
158957
158958 - memcpy(fp->insns, fprog->filter, fsize);
158959 + memcpy(fp->insns, (void __force_kernel *)fprog->filter, fsize);
158960
158961 fp->len = fprog->len;
158962 /* Since unattached filters are not copied back to user
158963 diff --git a/net/core/flow.c b/net/core/flow.c
158964 index 3937b1b..b18d1cb 100644
158965 --- a/net/core/flow.c
158966 +++ b/net/core/flow.c
158967 @@ -65,7 +65,7 @@ static void flow_cache_new_hashrnd(unsigned long arg)
158968 static int flow_entry_valid(struct flow_cache_entry *fle,
158969 struct netns_xfrm *xfrm)
158970 {
158971 - if (atomic_read(&xfrm->flow_cache_genid) != fle->genid)
158972 + if (atomic_read_unchecked(&xfrm->flow_cache_genid) != fle->genid)
158973 return 0;
158974 if (fle->object && !fle->object->ops->check(fle->object))
158975 return 0;
158976 @@ -238,7 +238,7 @@ flow_cache_lookup(struct net *net, const struct flowi *key, u16 family, u8 dir,
158977
158978 if (fcp->hash_count > 2 * fc->high_watermark ||
158979 atomic_read(&net->xfrm.flow_cache_gc_count) > fc->high_watermark) {
158980 - atomic_inc(&net->xfrm.flow_cache_genid);
158981 + atomic_inc_unchecked(&net->xfrm.flow_cache_genid);
158982 flo = ERR_PTR(-ENOBUFS);
158983 goto ret_object;
158984 }
158985 @@ -253,7 +253,7 @@ flow_cache_lookup(struct net *net, const struct flowi *key, u16 family, u8 dir,
158986 hlist_add_head(&fle->u.hlist, &fcp->hash_table[hash]);
158987 fcp->hash_count++;
158988 }
158989 - } else if (likely(fle->genid == atomic_read(&net->xfrm.flow_cache_genid))) {
158990 + } else if (likely(fle->genid == atomic_read_unchecked(&net->xfrm.flow_cache_genid))) {
158991 flo = fle->object;
158992 if (!flo)
158993 goto ret_object;
158994 @@ -274,7 +274,7 @@ nocache:
158995 }
158996 flo = resolver(net, key, family, dir, flo, ctx);
158997 if (fle) {
158998 - fle->genid = atomic_read(&net->xfrm.flow_cache_genid);
158999 + fle->genid = atomic_read_unchecked(&net->xfrm.flow_cache_genid);
159000 if (!IS_ERR(flo))
159001 fle->object = flo;
159002 else
159003 diff --git a/net/core/neighbour.c b/net/core/neighbour.c
159004 index cf26e04c4..e70ca13 100644
159005 --- a/net/core/neighbour.c
159006 +++ b/net/core/neighbour.c
159007 @@ -860,7 +860,7 @@ static void neigh_probe(struct neighbour *neigh)
159008 skb = skb_clone(skb, GFP_ATOMIC);
159009 write_unlock(&neigh->lock);
159010 neigh->ops->solicit(neigh, skb);
159011 - atomic_inc(&neigh->probes);
159012 + atomic_inc_unchecked(&neigh->probes);
159013 kfree_skb(skb);
159014 }
159015
159016 @@ -916,7 +916,7 @@ static void neigh_timer_handler(unsigned long arg)
159017 neigh_dbg(2, "neigh %p is probed\n", neigh);
159018 neigh->nud_state = NUD_PROBE;
159019 neigh->updated = jiffies;
159020 - atomic_set(&neigh->probes, 0);
159021 + atomic_set_unchecked(&neigh->probes, 0);
159022 notify = 1;
159023 next = now + NEIGH_VAR(neigh->parms, RETRANS_TIME);
159024 }
159025 @@ -926,7 +926,7 @@ static void neigh_timer_handler(unsigned long arg)
159026 }
159027
159028 if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
159029 - atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) {
159030 + atomic_read_unchecked(&neigh->probes) >= neigh_max_probes(neigh)) {
159031 neigh->nud_state = NUD_FAILED;
159032 notify = 1;
159033 neigh_invalidate(neigh);
159034 @@ -970,7 +970,7 @@ int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
159035 NEIGH_VAR(neigh->parms, APP_PROBES)) {
159036 unsigned long next, now = jiffies;
159037
159038 - atomic_set(&neigh->probes,
159039 + atomic_set_unchecked(&neigh->probes,
159040 NEIGH_VAR(neigh->parms, UCAST_PROBES));
159041 neigh->nud_state = NUD_INCOMPLETE;
159042 neigh->updated = now;
159043 @@ -1156,7 +1156,7 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
159044 if (new != old) {
159045 neigh_del_timer(neigh);
159046 if (new & NUD_PROBE)
159047 - atomic_set(&neigh->probes, 0);
159048 + atomic_set_unchecked(&neigh->probes, 0);
159049 if (new & NUD_IN_TIMER)
159050 neigh_add_timer(neigh, (jiffies +
159051 ((new & NUD_REACHABLE) ?
159052 @@ -1244,7 +1244,7 @@ void __neigh_set_probe_once(struct neighbour *neigh)
159053 if (!(neigh->nud_state & NUD_FAILED))
159054 return;
159055 neigh->nud_state = NUD_INCOMPLETE;
159056 - atomic_set(&neigh->probes, neigh_max_probes(neigh));
159057 + atomic_set_unchecked(&neigh->probes, neigh_max_probes(neigh));
159058 neigh_add_timer(neigh,
159059 jiffies + NEIGH_VAR(neigh->parms, RETRANS_TIME));
159060 }
159061 @@ -2184,7 +2184,7 @@ static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
159062 ci.ndm_refcnt = atomic_read(&neigh->refcnt) - 1;
159063 read_unlock_bh(&neigh->lock);
159064
159065 - if (nla_put_u32(skb, NDA_PROBES, atomic_read(&neigh->probes)) ||
159066 + if (nla_put_u32(skb, NDA_PROBES, atomic_read_unchecked(&neigh->probes)) ||
159067 nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
159068 goto nla_put_failure;
159069
159070 @@ -2872,7 +2872,7 @@ static int proc_unres_qlen(struct ctl_table *ctl, int write,
159071 void __user *buffer, size_t *lenp, loff_t *ppos)
159072 {
159073 int size, ret;
159074 - struct ctl_table tmp = *ctl;
159075 + ctl_table_no_const tmp = *ctl;
159076
159077 tmp.extra1 = &zero;
159078 tmp.extra2 = &unres_qlen_max;
159079 @@ -2935,7 +2935,7 @@ static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
159080 void __user *buffer,
159081 size_t *lenp, loff_t *ppos)
159082 {
159083 - struct ctl_table tmp = *ctl;
159084 + ctl_table_no_const tmp = *ctl;
159085 int ret;
159086
159087 tmp.extra1 = &zero;
159088 diff --git a/net/core/net-procfs.c b/net/core/net-procfs.c
159089 index 14d0934..f2a895f 100644
159090 --- a/net/core/net-procfs.c
159091 +++ b/net/core/net-procfs.c
159092 @@ -79,7 +79,13 @@ static void dev_seq_printf_stats(struct seq_file *seq, struct net_device *dev)
159093 struct rtnl_link_stats64 temp;
159094 const struct rtnl_link_stats64 *stats = dev_get_stats(dev, &temp);
159095
159096 - seq_printf(seq, "%6s: %7llu %7llu %4llu %4llu %4llu %5llu %10llu %9llu "
159097 + if (gr_proc_is_restricted())
159098 + seq_printf(seq, "%6s: %7llu %7llu %4llu %4llu %4llu %5llu %10llu %9llu "
159099 + "%8llu %7llu %4llu %4llu %4llu %5llu %7llu %10llu\n",
159100 + dev->name, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL,
159101 + 0ULL, 0ULL, 0ULL, 0ULL, 0ULL, 0ULL);
159102 + else
159103 + seq_printf(seq, "%6s: %7llu %7llu %4llu %4llu %4llu %5llu %10llu %9llu "
159104 "%8llu %7llu %4llu %4llu %4llu %5llu %7llu %10llu\n",
159105 dev->name, stats->rx_bytes, stats->rx_packets,
159106 stats->rx_errors,
159107 @@ -167,7 +173,7 @@ static int softnet_seq_show(struct seq_file *seq, void *v)
159108 return 0;
159109 }
159110
159111 -static const struct seq_operations dev_seq_ops = {
159112 +const struct seq_operations dev_seq_ops = {
159113 .start = dev_seq_start,
159114 .next = dev_seq_next,
159115 .stop = dev_seq_stop,
159116 @@ -197,7 +203,7 @@ static const struct seq_operations softnet_seq_ops = {
159117
159118 static int softnet_seq_open(struct inode *inode, struct file *file)
159119 {
159120 - return seq_open(file, &softnet_seq_ops);
159121 + return seq_open_restrict(file, &softnet_seq_ops);
159122 }
159123
159124 static const struct file_operations softnet_seq_fops = {
159125 @@ -284,8 +290,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v)
159126 else
159127 seq_printf(seq, "%04x", ntohs(pt->type));
159128
159129 +#ifdef CONFIG_GRKERNSEC_HIDESYM
159130 + seq_printf(seq, " %-8s %pf\n",
159131 + pt->dev ? pt->dev->name : "", NULL);
159132 +#else
159133 seq_printf(seq, " %-8s %pf\n",
159134 pt->dev ? pt->dev->name : "", pt->func);
159135 +#endif
159136 }
159137
159138 return 0;
159139 @@ -348,7 +359,7 @@ static void __net_exit dev_proc_net_exit(struct net *net)
159140 remove_proc_entry("dev", net->proc_net);
159141 }
159142
159143 -static struct pernet_operations __net_initdata dev_proc_ops = {
159144 +static struct pernet_operations __net_initconst dev_proc_ops = {
159145 .init = dev_proc_net_init,
159146 .exit = dev_proc_net_exit,
159147 };
159148 @@ -410,7 +421,7 @@ static void __net_exit dev_mc_net_exit(struct net *net)
159149 remove_proc_entry("dev_mcast", net->proc_net);
159150 }
159151
159152 -static struct pernet_operations __net_initdata dev_mc_net_ops = {
159153 +static struct pernet_operations __net_initconst dev_mc_net_ops = {
159154 .init = dev_mc_net_init,
159155 .exit = dev_mc_net_exit,
159156 };
159157 diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
159158 index 6e4f347..8eff663 100644
159159 --- a/net/core/net-sysfs.c
159160 +++ b/net/core/net-sysfs.c
159161 @@ -290,7 +290,7 @@ static ssize_t carrier_changes_show(struct device *dev,
159162 {
159163 struct net_device *netdev = to_net_dev(dev);
159164 return sprintf(buf, fmt_dec,
159165 - atomic_read(&netdev->carrier_changes));
159166 + atomic_read_unchecked(&netdev->carrier_changes));
159167 }
159168 static DEVICE_ATTR_RO(carrier_changes);
159169
159170 diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
159171 index 2c2eb1b..2f3b518 100644
159172 --- a/net/core/net_namespace.c
159173 +++ b/net/core/net_namespace.c
159174 @@ -526,7 +526,7 @@ static __net_exit void net_ns_net_exit(struct net *net)
159175 ns_free_inum(&net->ns);
159176 }
159177
159178 -static struct pernet_operations __net_initdata net_ns_ops = {
159179 +static struct pernet_operations __net_initconst net_ns_ops = {
159180 .init = net_ns_net_init,
159181 .exit = net_ns_net_exit,
159182 };
159183 @@ -775,7 +775,7 @@ static int __register_pernet_operations(struct list_head *list,
159184 int error;
159185 LIST_HEAD(net_exit_list);
159186
159187 - list_add_tail(&ops->list, list);
159188 + pax_list_add_tail((struct list_head *)&ops->list, list);
159189 if (ops->init || (ops->id && ops->size)) {
159190 for_each_net(net) {
159191 error = ops_init(ops, net);
159192 @@ -788,7 +788,7 @@ static int __register_pernet_operations(struct list_head *list,
159193
159194 out_undo:
159195 /* If I have an error cleanup all namespaces I initialized */
159196 - list_del(&ops->list);
159197 + pax_list_del((struct list_head *)&ops->list);
159198 ops_exit_list(ops, &net_exit_list);
159199 ops_free_list(ops, &net_exit_list);
159200 return error;
159201 @@ -799,7 +799,7 @@ static void __unregister_pernet_operations(struct pernet_operations *ops)
159202 struct net *net;
159203 LIST_HEAD(net_exit_list);
159204
159205 - list_del(&ops->list);
159206 + pax_list_del((struct list_head *)&ops->list);
159207 for_each_net(net)
159208 list_add_tail(&net->exit_list, &net_exit_list);
159209 ops_exit_list(ops, &net_exit_list);
159210 @@ -933,7 +933,7 @@ int register_pernet_device(struct pernet_operations *ops)
159211 mutex_lock(&net_mutex);
159212 error = register_pernet_operations(&pernet_list, ops);
159213 if (!error && (first_device == &pernet_list))
159214 - first_device = &ops->list;
159215 + first_device = (struct list_head *)&ops->list;
159216 mutex_unlock(&net_mutex);
159217 return error;
159218 }
159219 diff --git a/net/core/netpoll.c b/net/core/netpoll.c
159220 index 53599bd..cbd0b29 100644
159221 --- a/net/core/netpoll.c
159222 +++ b/net/core/netpoll.c
159223 @@ -382,7 +382,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len)
159224 struct udphdr *udph;
159225 struct iphdr *iph;
159226 struct ethhdr *eth;
159227 - static atomic_t ip_ident;
159228 + static atomic_unchecked_t ip_ident;
159229 struct ipv6hdr *ip6h;
159230
159231 WARN_ON_ONCE(!irqs_disabled());
159232 @@ -455,7 +455,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len)
159233 put_unaligned(0x45, (unsigned char *)iph);
159234 iph->tos = 0;
159235 put_unaligned(htons(ip_len), &(iph->tot_len));
159236 - iph->id = htons(atomic_inc_return(&ip_ident));
159237 + iph->id = htons(atomic_inc_return_unchecked(&ip_ident));
159238 iph->frag_off = 0;
159239 iph->ttl = 64;
159240 iph->protocol = IPPROTO_UDP;
159241 diff --git a/net/core/pktgen.c b/net/core/pktgen.c
159242 index bbd118b..c1c33449 100644
159243 --- a/net/core/pktgen.c
159244 +++ b/net/core/pktgen.c
159245 @@ -3865,7 +3865,7 @@ static int __net_init pg_net_init(struct net *net)
159246 pn->net = net;
159247 INIT_LIST_HEAD(&pn->pktgen_threads);
159248 pn->pktgen_exiting = false;
159249 - pn->proc_dir = proc_mkdir(PG_PROC_DIR, pn->net->proc_net);
159250 + pn->proc_dir = proc_mkdir_restrict(PG_PROC_DIR, pn->net->proc_net);
159251 if (!pn->proc_dir) {
159252 pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR);
159253 return -ENODEV;
159254 diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
159255 index 189cc78..d76c934 100644
159256 --- a/net/core/rtnetlink.c
159257 +++ b/net/core/rtnetlink.c
159258 @@ -61,7 +61,7 @@ struct rtnl_link {
159259 rtnl_doit_func doit;
159260 rtnl_dumpit_func dumpit;
159261 rtnl_calcit_func calcit;
159262 -};
159263 +} __no_const;
159264
159265 static DEFINE_MUTEX(rtnl_mutex);
159266
159267 @@ -329,10 +329,13 @@ int __rtnl_link_register(struct rtnl_link_ops *ops)
159268 * to use the ops for creating device. So do not
159269 * fill up dellink as well. That disables rtnl_dellink.
159270 */
159271 - if (ops->setup && !ops->dellink)
159272 - ops->dellink = unregister_netdevice_queue;
159273 + if (ops->setup && !ops->dellink) {
159274 + pax_open_kernel();
159275 + const_cast(ops->dellink) = unregister_netdevice_queue;
159276 + pax_close_kernel();
159277 + }
159278
159279 - list_add_tail(&ops->list, &link_ops);
159280 + pax_list_add_tail((struct list_head *)&ops->list, &link_ops);
159281 return 0;
159282 }
159283 EXPORT_SYMBOL_GPL(__rtnl_link_register);
159284 @@ -379,7 +382,7 @@ void __rtnl_link_unregister(struct rtnl_link_ops *ops)
159285 for_each_net(net) {
159286 __rtnl_kill_links(net, ops);
159287 }
159288 - list_del(&ops->list);
159289 + pax_list_del((struct list_head *)&ops->list);
159290 }
159291 EXPORT_SYMBOL_GPL(__rtnl_link_unregister);
159292
159293 @@ -1296,7 +1299,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
159294 (dev->ifalias &&
159295 nla_put_string(skb, IFLA_IFALIAS, dev->ifalias)) ||
159296 nla_put_u32(skb, IFLA_CARRIER_CHANGES,
159297 - atomic_read(&dev->carrier_changes)) ||
159298 + atomic_read_unchecked(&dev->carrier_changes)) ||
159299 nla_put_u8(skb, IFLA_PROTO_DOWN, dev->proto_down))
159300 goto nla_put_failure;
159301
159302 @@ -3829,7 +3832,7 @@ static int rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
159303 __rtnl_unlock();
159304 rtnl = net->rtnl;
159305 {
159306 - struct netlink_dump_control c = {
159307 + netlink_dump_control_no_const c = {
159308 .dump = dumpit,
159309 .min_dump_alloc = min_dump_alloc,
159310 };
159311 diff --git a/net/core/scm.c b/net/core/scm.c
159312 index 2696aef..dbd5807 100644
159313 --- a/net/core/scm.c
159314 +++ b/net/core/scm.c
159315 @@ -215,9 +215,9 @@ EXPORT_SYMBOL(__scm_send);
159316 int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data)
159317 {
159318 struct cmsghdr __user *cm
159319 - = (__force struct cmsghdr __user *)msg->msg_control;
159320 + = (struct cmsghdr __force_user *)msg->msg_control;
159321 struct cmsghdr cmhdr;
159322 - int cmlen = CMSG_LEN(len);
159323 + size_t cmlen = CMSG_LEN(len);
159324 int err;
159325
159326 if (MSG_CMSG_COMPAT & msg->msg_flags)
159327 @@ -238,7 +238,7 @@ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data)
159328 err = -EFAULT;
159329 if (copy_to_user(cm, &cmhdr, sizeof cmhdr))
159330 goto out;
159331 - if (copy_to_user(CMSG_DATA(cm), data, cmlen - sizeof(struct cmsghdr)))
159332 + if (copy_to_user((void __force_user *)CMSG_DATA((void __force_kernel *)cm), data, cmlen - sizeof(struct cmsghdr)))
159333 goto out;
159334 cmlen = CMSG_SPACE(len);
159335 if (msg->msg_controllen < cmlen)
159336 @@ -254,7 +254,7 @@ EXPORT_SYMBOL(put_cmsg);
159337 void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
159338 {
159339 struct cmsghdr __user *cm
159340 - = (__force struct cmsghdr __user*)msg->msg_control;
159341 + = (struct cmsghdr __force_user *)msg->msg_control;
159342
159343 int fdmax = 0;
159344 int fdnum = scm->fp->count;
159345 @@ -274,7 +274,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
159346 if (fdnum < fdmax)
159347 fdmax = fdnum;
159348
159349 - for (i=0, cmfptr=(__force int __user *)CMSG_DATA(cm); i<fdmax;
159350 + for (i=0, cmfptr=(int __force_user *)CMSG_DATA((void __force_kernel *)cm); i<fdmax;
159351 i++, cmfptr++)
159352 {
159353 struct socket *sock;
159354 @@ -303,7 +303,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
159355
159356 if (i > 0)
159357 {
159358 - int cmlen = CMSG_LEN(i*sizeof(int));
159359 + size_t cmlen = CMSG_LEN(i*sizeof(int));
159360 err = put_user(SOL_SOCKET, &cm->cmsg_level);
159361 if (!err)
159362 err = put_user(SCM_RIGHTS, &cm->cmsg_type);
159363 diff --git a/net/core/skbuff.c b/net/core/skbuff.c
159364 index 3864b4b6..d2cbe83 100644
159365 --- a/net/core/skbuff.c
159366 +++ b/net/core/skbuff.c
159367 @@ -1047,7 +1047,8 @@ static void skb_headers_offset_update(struct sk_buff *skb, int off)
159368 if (skb->ip_summed == CHECKSUM_PARTIAL)
159369 skb->csum_start += off;
159370 /* {transport,network,mac}_header and tail are relative to skb->head */
159371 - skb->transport_header += off;
159372 + if (skb_transport_header_was_set(skb))
159373 + skb->transport_header += off;
159374 skb->network_header += off;
159375 if (skb_mac_header_was_set(skb))
159376 skb->mac_header += off;
159377 @@ -2174,7 +2175,7 @@ EXPORT_SYMBOL(__skb_checksum);
159378 __wsum skb_checksum(const struct sk_buff *skb, int offset,
159379 int len, __wsum csum)
159380 {
159381 - const struct skb_checksum_ops ops = {
159382 + static const struct skb_checksum_ops ops = {
159383 .update = csum_partial_ext,
159384 .combine = csum_block_add_ext,
159385 };
159386 @@ -3432,12 +3433,14 @@ void __init skb_init(void)
159387 skbuff_head_cache = kmem_cache_create("skbuff_head_cache",
159388 sizeof(struct sk_buff),
159389 0,
159390 - SLAB_HWCACHE_ALIGN|SLAB_PANIC,
159391 + SLAB_HWCACHE_ALIGN|SLAB_PANIC|
159392 + SLAB_NO_SANITIZE,
159393 NULL);
159394 skbuff_fclone_cache = kmem_cache_create("skbuff_fclone_cache",
159395 sizeof(struct sk_buff_fclones),
159396 0,
159397 - SLAB_HWCACHE_ALIGN|SLAB_PANIC,
159398 + SLAB_HWCACHE_ALIGN|SLAB_PANIC|
159399 + SLAB_NO_SANITIZE,
159400 NULL);
159401 }
159402
159403 diff --git a/net/core/sock.c b/net/core/sock.c
159404 index fd7b41e..71dae11 100644
159405 --- a/net/core/sock.c
159406 +++ b/net/core/sock.c
159407 @@ -411,13 +411,13 @@ int __sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
159408 struct sk_buff_head *list = &sk->sk_receive_queue;
159409
159410 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) {
159411 - atomic_inc(&sk->sk_drops);
159412 + atomic_inc_unchecked(&sk->sk_drops);
159413 trace_sock_rcvqueue_full(sk, skb);
159414 return -ENOMEM;
159415 }
159416
159417 if (!sk_rmem_schedule(sk, skb, skb->truesize)) {
159418 - atomic_inc(&sk->sk_drops);
159419 + atomic_inc_unchecked(&sk->sk_drops);
159420 return -ENOBUFS;
159421 }
159422
159423 @@ -463,7 +463,7 @@ int __sk_receive_skb(struct sock *sk, struct sk_buff *skb,
159424 skb->dev = NULL;
159425
159426 if (sk_rcvqueues_full(sk, sk->sk_rcvbuf)) {
159427 - atomic_inc(&sk->sk_drops);
159428 + atomic_inc_unchecked(&sk->sk_drops);
159429 goto discard_and_relse;
159430 }
159431 if (nested)
159432 @@ -481,7 +481,7 @@ int __sk_receive_skb(struct sock *sk, struct sk_buff *skb,
159433 mutex_release(&sk->sk_lock.dep_map, 1, _RET_IP_);
159434 } else if (sk_add_backlog(sk, skb, sk->sk_rcvbuf)) {
159435 bh_unlock_sock(sk);
159436 - atomic_inc(&sk->sk_drops);
159437 + atomic_inc_unchecked(&sk->sk_drops);
159438 goto discard_and_relse;
159439 }
159440
159441 @@ -889,19 +889,6 @@ set_rcvbuf:
159442 }
159443 break;
159444
159445 - case SO_ATTACH_BPF:
159446 - ret = -EINVAL;
159447 - if (optlen == sizeof(u32)) {
159448 - u32 ufd;
159449 -
159450 - ret = -EFAULT;
159451 - if (copy_from_user(&ufd, optval, sizeof(ufd)))
159452 - break;
159453 -
159454 - ret = sk_attach_bpf(ufd, sk);
159455 - }
159456 - break;
159457 -
159458 case SO_ATTACH_REUSEPORT_CBPF:
159459 ret = -EINVAL;
159460 if (optlen == sizeof(struct sock_fprog)) {
159461 @@ -915,6 +902,20 @@ set_rcvbuf:
159462 }
159463 break;
159464
159465 +#ifndef GRKERNSEC_BPF_HARDEN
159466 + case SO_ATTACH_BPF:
159467 + ret = -EINVAL;
159468 + if (optlen == sizeof(u32)) {
159469 + u32 ufd;
159470 +
159471 + ret = -EFAULT;
159472 + if (copy_from_user(&ufd, optval, sizeof(ufd)))
159473 + break;
159474 +
159475 + ret = sk_attach_bpf(ufd, sk);
159476 + }
159477 + break;
159478 +
159479 case SO_ATTACH_REUSEPORT_EBPF:
159480 ret = -EINVAL;
159481 if (optlen == sizeof(u32)) {
159482 @@ -928,6 +929,8 @@ set_rcvbuf:
159483 }
159484 break;
159485
159486 +#endif
159487 +
159488 case SO_DETACH_FILTER:
159489 ret = sk_detach_filter(sk);
159490 break;
159491 @@ -1037,12 +1040,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
159492 struct timeval tm;
159493 } v;
159494
159495 - int lv = sizeof(int);
159496 - int len;
159497 + unsigned int lv = sizeof(int);
159498 + unsigned int len;
159499
159500 if (get_user(len, optlen))
159501 return -EFAULT;
159502 - if (len < 0)
159503 + if (len > INT_MAX)
159504 return -EINVAL;
159505
159506 memset(&v, 0, sizeof(v));
159507 @@ -1180,11 +1183,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
159508
159509 case SO_PEERNAME:
159510 {
159511 - char address[128];
159512 + char address[_K_SS_MAXSIZE];
159513
159514 if (sock->ops->getname(sock, (struct sockaddr *)address, &lv, 2))
159515 return -ENOTCONN;
159516 - if (lv < len)
159517 + if (lv < len || sizeof address < len)
159518 return -EINVAL;
159519 if (copy_to_user(optval, address, len))
159520 return -EFAULT;
159521 @@ -1272,7 +1275,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
159522
159523 if (len > lv)
159524 len = lv;
159525 - if (copy_to_user(optval, &v, len))
159526 + if (len > sizeof(v) || copy_to_user(optval, &v, len))
159527 return -EFAULT;
159528 lenout:
159529 if (put_user(len, optlen))
159530 @@ -1536,7 +1539,7 @@ struct sock *sk_clone_lock(const struct sock *sk, const gfp_t priority)
159531 newsk->sk_dst_cache = NULL;
159532 newsk->sk_wmem_queued = 0;
159533 newsk->sk_forward_alloc = 0;
159534 - atomic_set(&newsk->sk_drops, 0);
159535 + atomic_set_unchecked(&newsk->sk_drops, 0);
159536 newsk->sk_send_head = NULL;
159537 newsk->sk_userlocks = sk->sk_userlocks & ~SOCK_BINDPORT_LOCK;
159538
159539 @@ -1565,7 +1568,7 @@ struct sock *sk_clone_lock(const struct sock *sk, const gfp_t priority)
159540 newsk->sk_err = 0;
159541 newsk->sk_priority = 0;
159542 newsk->sk_incoming_cpu = raw_smp_processor_id();
159543 - atomic64_set(&newsk->sk_cookie, 0);
159544 + atomic64_set_unchecked(&newsk->sk_cookie, 0);
159545
159546 cgroup_sk_alloc(&newsk->sk_cgrp_data);
159547
159548 @@ -2497,7 +2500,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
159549 */
159550 smp_wmb();
159551 atomic_set(&sk->sk_refcnt, 1);
159552 - atomic_set(&sk->sk_drops, 0);
159553 + atomic_set_unchecked(&sk->sk_drops, 0);
159554 }
159555 EXPORT_SYMBOL(sock_init_data);
159556
159557 @@ -2621,6 +2624,7 @@ void sock_enable_timestamp(struct sock *sk, int flag)
159558 int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
159559 int level, int type)
159560 {
159561 + struct sock_extended_err ee;
159562 struct sock_exterr_skb *serr;
159563 struct sk_buff *skb;
159564 int copied, err;
159565 @@ -2642,7 +2646,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
159566 sock_recv_timestamp(msg, sk, skb);
159567
159568 serr = SKB_EXT_ERR(skb);
159569 - put_cmsg(msg, level, type, sizeof(serr->ee), &serr->ee);
159570 + ee = serr->ee;
159571 + put_cmsg(msg, level, type, sizeof ee, &ee);
159572
159573 msg->msg_flags |= MSG_ERRQUEUE;
159574 err = copied;
159575 @@ -3094,7 +3099,7 @@ static __net_exit void proto_exit_net(struct net *net)
159576 }
159577
159578
159579 -static __net_initdata struct pernet_operations proto_net_ops = {
159580 +static __net_initconst struct pernet_operations proto_net_ops = {
159581 .init = proto_init_net,
159582 .exit = proto_exit_net,
159583 };
159584 diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
159585 index 6b10573..af9e62e 100644
159586 --- a/net/core/sock_diag.c
159587 +++ b/net/core/sock_diag.c
159588 @@ -14,7 +14,7 @@
159589 #include <linux/inet_diag.h>
159590 #include <linux/sock_diag.h>
159591
159592 -static const struct sock_diag_handler *sock_diag_handlers[AF_MAX];
159593 +static const struct sock_diag_handler *sock_diag_handlers[AF_MAX] __read_only;
159594 static int (*inet_rcv_compat)(struct sk_buff *skb, struct nlmsghdr *nlh);
159595 static DEFINE_MUTEX(sock_diag_table_mutex);
159596 static struct workqueue_struct *broadcast_wq;
159597 @@ -22,12 +22,12 @@ static struct workqueue_struct *broadcast_wq;
159598 static u64 sock_gen_cookie(struct sock *sk)
159599 {
159600 while (1) {
159601 - u64 res = atomic64_read(&sk->sk_cookie);
159602 + u64 res = atomic64_read_unchecked(&sk->sk_cookie);
159603
159604 if (res)
159605 return res;
159606 - res = atomic64_inc_return(&sock_net(sk)->cookie_gen);
159607 - atomic64_cmpxchg(&sk->sk_cookie, 0, res);
159608 + res = atomic64_inc_return_unchecked(&sock_net(sk)->cookie_gen);
159609 + atomic64_cmpxchg_unchecked(&sk->sk_cookie, 0, res);
159610 }
159611 }
159612
159613 @@ -67,7 +67,7 @@ int sock_diag_put_meminfo(struct sock *sk, struct sk_buff *skb, int attrtype)
159614 mem[SK_MEMINFO_WMEM_QUEUED] = sk->sk_wmem_queued;
159615 mem[SK_MEMINFO_OPTMEM] = atomic_read(&sk->sk_omem_alloc);
159616 mem[SK_MEMINFO_BACKLOG] = sk->sk_backlog.len;
159617 - mem[SK_MEMINFO_DROPS] = atomic_read(&sk->sk_drops);
159618 + mem[SK_MEMINFO_DROPS] = atomic_read_unchecked(&sk->sk_drops);
159619
159620 return nla_put(skb, attrtype, sizeof(mem), &mem);
159621 }
159622 @@ -193,8 +193,11 @@ int sock_diag_register(const struct sock_diag_handler *hndl)
159623 mutex_lock(&sock_diag_table_mutex);
159624 if (sock_diag_handlers[hndl->family])
159625 err = -EBUSY;
159626 - else
159627 + else {
159628 + pax_open_kernel();
159629 sock_diag_handlers[hndl->family] = hndl;
159630 + pax_close_kernel();
159631 + }
159632 mutex_unlock(&sock_diag_table_mutex);
159633
159634 return err;
159635 @@ -210,7 +213,9 @@ void sock_diag_unregister(const struct sock_diag_handler *hnld)
159636
159637 mutex_lock(&sock_diag_table_mutex);
159638 BUG_ON(sock_diag_handlers[family] != hnld);
159639 + pax_open_kernel();
159640 sock_diag_handlers[family] = NULL;
159641 + pax_close_kernel();
159642 mutex_unlock(&sock_diag_table_mutex);
159643 }
159644 EXPORT_SYMBOL_GPL(sock_diag_unregister);
159645 diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
159646 index 0df2aa6..7db59f7 100644
159647 --- a/net/core/sysctl_net_core.c
159648 +++ b/net/core/sysctl_net_core.c
159649 @@ -36,7 +36,7 @@ static int rps_sock_flow_sysctl(struct ctl_table *table, int write,
159650 {
159651 unsigned int orig_size, size;
159652 int ret, i;
159653 - struct ctl_table tmp = {
159654 + ctl_table_no_const tmp = {
159655 .data = &size,
159656 .maxlen = sizeof(size),
159657 .mode = table->mode
159658 @@ -204,7 +204,7 @@ static int set_default_qdisc(struct ctl_table *table, int write,
159659 void __user *buffer, size_t *lenp, loff_t *ppos)
159660 {
159661 char id[IFNAMSIZ];
159662 - struct ctl_table tbl = {
159663 + ctl_table_no_const tbl = {
159664 .data = id,
159665 .maxlen = IFNAMSIZ,
159666 };
159667 @@ -222,7 +222,7 @@ static int set_default_qdisc(struct ctl_table *table, int write,
159668 static int proc_do_rss_key(struct ctl_table *table, int write,
159669 void __user *buffer, size_t *lenp, loff_t *ppos)
159670 {
159671 - struct ctl_table fake_table;
159672 + ctl_table_no_const fake_table;
159673 char buf[NETDEV_RSS_KEY_LEN * 3];
159674
159675 snprintf(buf, sizeof(buf), "%*phC", NETDEV_RSS_KEY_LEN, netdev_rss_key);
159676 @@ -286,7 +286,7 @@ static struct ctl_table net_core_table[] = {
159677 .mode = 0444,
159678 .proc_handler = proc_do_rss_key,
159679 },
159680 -#ifdef CONFIG_BPF_JIT
159681 +#if defined(CONFIG_BPF_JIT) && !defined(CONFIG_GRKERNSEC_BPF_HARDEN)
159682 {
159683 .procname = "bpf_jit_enable",
159684 .data = &bpf_jit_enable,
159685 @@ -428,13 +428,12 @@ static struct ctl_table netns_core_table[] = {
159686
159687 static __net_init int sysctl_core_net_init(struct net *net)
159688 {
159689 - struct ctl_table *tbl;
159690 + ctl_table_no_const *tbl = NULL;
159691
159692 net->core.sysctl_somaxconn = SOMAXCONN;
159693
159694 - tbl = netns_core_table;
159695 if (!net_eq(net, &init_net)) {
159696 - tbl = kmemdup(tbl, sizeof(netns_core_table), GFP_KERNEL);
159697 + tbl = kmemdup(netns_core_table, sizeof(netns_core_table), GFP_KERNEL);
159698 if (tbl == NULL)
159699 goto err_dup;
159700
159701 @@ -444,17 +443,16 @@ static __net_init int sysctl_core_net_init(struct net *net)
159702 if (net->user_ns != &init_user_ns) {
159703 tbl[0].procname = NULL;
159704 }
159705 - }
159706 -
159707 - net->core.sysctl_hdr = register_net_sysctl(net, "net/core", tbl);
159708 + net->core.sysctl_hdr = register_net_sysctl(net, "net/core", tbl);
159709 + } else
159710 + net->core.sysctl_hdr = register_net_sysctl(net, "net/core", netns_core_table);
159711 if (net->core.sysctl_hdr == NULL)
159712 goto err_reg;
159713
159714 return 0;
159715
159716 err_reg:
159717 - if (tbl != netns_core_table)
159718 - kfree(tbl);
159719 + kfree(tbl);
159720 err_dup:
159721 return -ENOMEM;
159722 }
159723 @@ -469,7 +467,7 @@ static __net_exit void sysctl_core_net_exit(struct net *net)
159724 kfree(tbl);
159725 }
159726
159727 -static __net_initdata struct pernet_operations sysctl_core_ops = {
159728 +static __net_initconst struct pernet_operations sysctl_core_ops = {
159729 .init = sysctl_core_net_init,
159730 .exit = sysctl_core_net_exit,
159731 };
159732 diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
159733 index 13d6b1a..eaa0cee 100644
159734 --- a/net/decnet/af_decnet.c
159735 +++ b/net/decnet/af_decnet.c
159736 @@ -1524,7 +1524,12 @@ static int __dn_getsockopt(struct socket *sock, int level,int optname, char __us
159737 struct linkinfo_dn link;
159738 unsigned int r_len;
159739 void *r_data = NULL;
159740 - unsigned int val;
159741 + struct optdata_dn opt;
159742 + struct accessdata_dn acc;
159743 + u8 mode;
159744 + int val;
159745 + unsigned long window;
159746 + unsigned char rem;
159747
159748 if(get_user(r_len , optlen))
159749 return -EFAULT;
159750 @@ -1533,25 +1538,29 @@ static int __dn_getsockopt(struct socket *sock, int level,int optname, char __us
159751 case DSO_CONDATA:
159752 if (r_len > sizeof(struct optdata_dn))
159753 r_len = sizeof(struct optdata_dn);
159754 - r_data = &scp->conndata_in;
159755 + opt = scp->conndata_in;
159756 + r_data = &opt;
159757 break;
159758
159759 case DSO_DISDATA:
159760 if (r_len > sizeof(struct optdata_dn))
159761 r_len = sizeof(struct optdata_dn);
159762 - r_data = &scp->discdata_in;
159763 + opt = scp->discdata_in;
159764 + r_data = &opt;
159765 break;
159766
159767 case DSO_CONACCESS:
159768 if (r_len > sizeof(struct accessdata_dn))
159769 r_len = sizeof(struct accessdata_dn);
159770 - r_data = &scp->accessdata;
159771 + acc = scp->accessdata;
159772 + r_data = &acc;
159773 break;
159774
159775 case DSO_ACCEPTMODE:
159776 if (r_len > sizeof(unsigned char))
159777 r_len = sizeof(unsigned char);
159778 - r_data = &scp->accept_mode;
159779 + mode = scp->accept_mode;
159780 + r_data = &mode;
159781 break;
159782
159783 case DSO_LINKINFO:
159784 @@ -1601,7 +1610,8 @@ static int __dn_getsockopt(struct socket *sock, int level,int optname, char __us
159785 case DSO_MAXWINDOW:
159786 if (r_len > sizeof(unsigned long))
159787 r_len = sizeof(unsigned long);
159788 - r_data = &scp->max_window;
159789 + window = scp->max_window;
159790 + r_data = &window;
159791 break;
159792
159793 case DSO_NODELAY:
159794 @@ -1621,13 +1631,15 @@ static int __dn_getsockopt(struct socket *sock, int level,int optname, char __us
159795 case DSO_SERVICES:
159796 if (r_len > sizeof(unsigned char))
159797 r_len = sizeof(unsigned char);
159798 - r_data = &scp->services_rem;
159799 + rem = scp->services_rem;
159800 + r_data = &rem;
159801 break;
159802
159803 case DSO_INFO:
159804 if (r_len > sizeof(unsigned char))
159805 r_len = sizeof(unsigned char);
159806 - r_data = &scp->info_rem;
159807 + rem = scp->info_rem;
159808 + r_data = &rem;
159809 break;
159810 }
159811
159812 diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c
159813 index b2c26b0..41f803e 100644
159814 --- a/net/decnet/dn_dev.c
159815 +++ b/net/decnet/dn_dev.c
159816 @@ -201,7 +201,7 @@ static struct dn_dev_sysctl_table {
159817 .extra1 = &min_t3,
159818 .extra2 = &max_t3
159819 },
159820 - {0}
159821 + { }
159822 },
159823 };
159824
159825 diff --git a/net/decnet/sysctl_net_decnet.c b/net/decnet/sysctl_net_decnet.c
159826 index 5325b54..a0d4d69 100644
159827 --- a/net/decnet/sysctl_net_decnet.c
159828 +++ b/net/decnet/sysctl_net_decnet.c
159829 @@ -174,7 +174,7 @@ static int dn_node_address_handler(struct ctl_table *table, int write,
159830
159831 if (len > *lenp) len = *lenp;
159832
159833 - if (copy_to_user(buffer, addr, len))
159834 + if (len > sizeof addr || copy_to_user(buffer, addr, len))
159835 return -EFAULT;
159836
159837 *lenp = len;
159838 @@ -237,7 +237,7 @@ static int dn_def_dev_handler(struct ctl_table *table, int write,
159839
159840 if (len > *lenp) len = *lenp;
159841
159842 - if (copy_to_user(buffer, devname, len))
159843 + if (len > sizeof devname || copy_to_user(buffer, devname, len))
159844 return -EFAULT;
159845
159846 *lenp = len;
159847 diff --git a/net/dsa/dsa.c b/net/dsa/dsa.c
159848 index 7e68bc6..09a6073 100644
159849 --- a/net/dsa/dsa.c
159850 +++ b/net/dsa/dsa.c
159851 @@ -269,7 +269,7 @@ const struct dsa_device_ops *dsa_resolve_tag_protocol(int tag_protocol)
159852 int dsa_cpu_port_ethtool_setup(struct dsa_switch *ds)
159853 {
159854 struct net_device *master;
159855 - struct ethtool_ops *cpu_ops;
159856 + ethtool_ops_no_const *cpu_ops;
159857
159858 master = ds->dst->master_netdev;
159859 if (ds->master_netdev)
159860 @@ -1045,7 +1045,7 @@ static struct packet_type dsa_pack_type __read_mostly = {
159861 .func = dsa_switch_rcv,
159862 };
159863
159864 -static struct notifier_block dsa_netdevice_nb __read_mostly = {
159865 +static struct notifier_block dsa_netdevice_nb = {
159866 .notifier_call = dsa_slave_netdevice_event,
159867 };
159868
159869 diff --git a/net/dsa/dsa_priv.h b/net/dsa/dsa_priv.h
159870 index 00077a9..c513046 100644
159871 --- a/net/dsa/dsa_priv.h
159872 +++ b/net/dsa/dsa_priv.h
159873 @@ -60,7 +60,7 @@ void dsa_cpu_port_ethtool_restore(struct dsa_switch *ds);
159874 /* slave.c */
159875 extern const struct dsa_device_ops notag_netdev_ops;
159876 void dsa_slave_mii_bus_init(struct dsa_switch *ds);
159877 -void dsa_cpu_port_ethtool_init(struct ethtool_ops *ops);
159878 +void dsa_cpu_port_ethtool_init(ethtool_ops_no_const *ops);
159879 int dsa_slave_create(struct dsa_switch *ds, struct device *parent,
159880 int port, const char *name);
159881 void dsa_slave_destroy(struct net_device *slave_dev);
159882 diff --git a/net/dsa/slave.c b/net/dsa/slave.c
159883 index fc91967..b11a825 100644
159884 --- a/net/dsa/slave.c
159885 +++ b/net/dsa/slave.c
159886 @@ -906,7 +906,7 @@ static void dsa_slave_poll_controller(struct net_device *dev)
159887 }
159888 #endif
159889
159890 -void dsa_cpu_port_ethtool_init(struct ethtool_ops *ops)
159891 +void dsa_cpu_port_ethtool_init(ethtool_ops_no_const *ops)
159892 {
159893 ops->get_sset_count = dsa_cpu_port_get_sset_count;
159894 ops->get_ethtool_stats = dsa_cpu_port_get_ethtool_stats;
159895 diff --git a/net/hsr/hsr_device.c b/net/hsr/hsr_device.c
159896 index 16737cd..81
Unofficial grsecurity patch archive (https://github.com/slashbeast/grsecurity-scrape)