From: Michael Tremer Date: Wed, 20 Jun 2012 09:44:13 +0000 (+0200) Subject: kernel: Update to 3.4.3. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c6e2a6c8d69aa16618fa245b581c0c9affab7152;p=ipfire-3.x.git kernel: Update to 3.4.3. This is an update to the next major release of the Linux kernel. For the first time, we are able to properly build kernels for armv5tel (kirkwood and versatile). --- diff --git a/kernel/config-arm-generic b/kernel/config-arm-generic index bfa849213..c736d0183 100644 --- a/kernel/config-arm-generic +++ b/kernel/config-arm-generic @@ -12,12 +12,12 @@ CONFIG_ARM_PATCH_PHYS_VIRT=y # General setup # CONFIG_BROKEN_ON_SMP=y -CONFIG_KERNEL_GZIP=y # # IRQ subsystem # CONFIG_IRQ_DOMAIN=y +# CONFIG_IRQ_DOMAIN_DEBUG is not set # # RCU Subsystem @@ -78,7 +78,7 @@ CONFIG_ARCH_VERSATILE=y # CONFIG_ARCH_SHMOBILE is not set # CONFIG_ARCH_RPC is not set # CONFIG_ARCH_SA1100 is not set -# CONFIG_ARCH_S3C2410 is not set +# CONFIG_ARCH_S3C24XX is not set # CONFIG_ARCH_S3C64XX is not set # CONFIG_ARCH_S5P64X0 is not set # CONFIG_ARCH_S5PC100 is not set @@ -137,7 +137,6 @@ CONFIG_MULTI_IRQ_HANDLER=y CONFIG_ARM_VIC=y CONFIG_ARM_VIC_NR=2 CONFIG_ICST=y -CONFIG_PL330=y # # Bus support @@ -212,6 +211,11 @@ CONFIG_PM_CLK=y CONFIG_CPU_PM=y CONFIG_ARM_CPU_SUSPEND=y +# +# Classification +# +CONFIG_BPF_JIT=y + # # Bluetooth device drivers # @@ -266,6 +270,9 @@ CONFIG_OF_PCI_IRQ=y # # Distributed Switch Architecture drivers # +CONFIG_NET_VENDOR_CIRRUS=y +CONFIG_CS89x0=m +CONFIG_CS89x0_PLATFORM=y CONFIG_DM9000=m # CONFIG_DM9000_FORCE_SIMPLE_PHY_POLL is not set CONFIG_NET_VENDOR_FARADAY=y @@ -366,6 +373,13 @@ CONFIG_VIDEO_CAFE_CCIC=m # Graphics support # # CONFIG_DRM_RADEON is not set +# CONFIG_DRM_NOUVEAU is not set + +# +# I2C encoder or helper chips +# +CONFIG_DRM_I2C_CH7006=m +CONFIG_DRM_I2C_SIL164=m # CONFIG_FB_BOOT_VESA_SUPPORT is not set CONFIG_FB_CFB_FILLRECT=m CONFIG_FB_CFB_COPYAREA=m @@ -405,6 +419,8 @@ CONFIG_MMC_SDHCI_PXAV3=m CONFIG_MMC_SDHCI_PXAV2=m CONFIG_MMC_DW=m # CONFIG_MMC_DW_IDMAC is not set +CONFIG_MMC_DW_PLTFM=m +CONFIG_MMC_DW_PCI=m # # LED drivers @@ -424,11 +440,6 @@ CONFIG_RTC_DRV_PL031=m # CONFIG_DW_DMAC is not set CONFIG_PL330_DMA=y -# -# Microsoft Hyper-V guest support -# -# CONFIG_DRM_NOUVEAU is not set - # # Android # diff --git a/kernel/config-armv5tel-kirkwood b/kernel/config-armv5tel-kirkwood index b2d324477..8e5d6e6ce 100644 --- a/kernel/config-armv5tel-kirkwood +++ b/kernel/config-armv5tel-kirkwood @@ -1,3 +1,4 @@ +CONFIG_NEED_MACH_IO_H=y # # IRQ subsystem @@ -20,6 +21,8 @@ CONFIG_MACH_MV88F6281GTW_GE=y CONFIG_MACH_SHEEVAPLUG=y CONFIG_MACH_ESATA_SHEEVAPLUG=y CONFIG_MACH_GURUPLUG=y +CONFIG_ARCH_KIRKWOOD_DT=y +CONFIG_MACH_DREAMPLUG_DT=y CONFIG_MACH_TS219=y CONFIG_MACH_TS41X=y CONFIG_MACH_DOCKSTAR=y diff --git a/kernel/config-armv7hl-omap b/kernel/config-armv7hl-omap index 613c38485..87e6c4e24 100644 --- a/kernel/config-armv7hl-omap +++ b/kernel/config-armv7hl-omap @@ -52,7 +52,6 @@ CONFIG_OMAP_RESET_CLOCKS=y CONFIG_OMAP_MUX=y # CONFIG_OMAP_MUX_DEBUG is not set CONFIG_OMAP_MUX_WARNINGS=y -CONFIG_OMAP_MCBSP=y CONFIG_OMAP_MBOX_FWK=m CONFIG_OMAP_MBOX_KFIFO_SIZE=256 CONFIG_OMAP_32K_TIMER=y @@ -215,6 +214,7 @@ CONFIG_XPS=y # # Generic Driver Options # +CONFIG_REGMAP_I2C=y CONFIG_MTD=y CONFIG_MTD_TESTS=m # CONFIG_MTD_REDBOOT_PARTS is not set @@ -289,6 +289,7 @@ CONFIG_MTD_NAND=y CONFIG_MTD_NAND_OMAP2=y CONFIG_MTD_NAND_IDS=y # CONFIG_MTD_NAND_DISKONCHIP is not set +# CONFIG_MTD_NAND_DOCG4 is not set # CONFIG_MTD_NAND_NANDSIM is not set CONFIG_MTD_NAND_PLATFORM=y # CONFIG_MTD_ALAUDA is not set @@ -310,6 +311,7 @@ CONFIG_MTD_ONENAND_SIM=m # Device Tree and Open Firmware support # CONFIG_OF_I2C=y +CONFIG_OF_MTD=y # CONFIG_PARPORT is not set CONFIG_BLK_DEV_RAM_SIZE=65536 CONFIG_MG_DISK=m @@ -324,8 +326,9 @@ CONFIG_MG_DISK_RES=0 # Distributed Switch Architecture drivers # # CONFIG_TI_DAVINCI_EMAC is not set -# CONFIG_TI_DAVINCI_MDIO is not set -# CONFIG_TI_DAVINCI_CPDMA is not set +CONFIG_TI_DAVINCI_MDIO=m +CONFIG_TI_DAVINCI_CPDMA=m +# CONFIG_TI_CPSW is not set # # Input device support @@ -418,7 +421,9 @@ CONFIG_TWL6040_CORE=y # CONFIG_MFD_WM8350_I2C is not set # CONFIG_MFD_WM8994 is not set CONFIG_MFD_OMAP_USB_HOST=y +CONFIG_MFD_TPS65090=y # CONFIG_MFD_AAT2870_CORE is not set +# CONFIG_MFD_RC5T583 is not set CONFIG_REGULATOR=y # CONFIG_REGULATOR_DEBUG is not set # CONFIG_REGULATOR_DUMMY is not set @@ -426,19 +431,19 @@ CONFIG_REGULATOR_FIXED_VOLTAGE=y # CONFIG_REGULATOR_VIRTUAL_CONSUMER is not set # CONFIG_REGULATOR_USERSPACE_CONSUMER is not set CONFIG_REGULATOR_GPIO=y -# CONFIG_REGULATOR_BQ24022 is not set +# CONFIG_REGULATOR_AD5398 is not set +# CONFIG_REGULATOR_ISL6271A is not set # CONFIG_REGULATOR_MAX1586 is not set # CONFIG_REGULATOR_MAX8649 is not set # CONFIG_REGULATOR_MAX8660 is not set # CONFIG_REGULATOR_MAX8952 is not set -CONFIG_REGULATOR_TWL4030=y -# CONFIG_REGULATOR_WM8400 is not set # CONFIG_REGULATOR_LP3971 is not set # CONFIG_REGULATOR_LP3972 is not set +CONFIG_REGULATOR_TPS62360=m # CONFIG_REGULATOR_TPS65023 is not set # CONFIG_REGULATOR_TPS6507X is not set -# CONFIG_REGULATOR_ISL6271A is not set -# CONFIG_REGULATOR_AD5398 is not set +CONFIG_REGULATOR_TWL4030=y +# CONFIG_REGULATOR_WM8400 is not set # # Miscelaneous helper chips @@ -453,9 +458,8 @@ CONFIG_VIDEO_OMAP2_VOUT=m # CONFIG_TTPCI_EEPROM is not set # -# Graphics support +# I2C encoder or helper chips # -CONFIG_DRM_KMS_HELPER=m # CONFIG_VGASTATE is not set # CONFIG_FB_DDC is not set # CONFIG_FB_SVGALIB is not set @@ -464,7 +468,6 @@ CONFIG_DRM_KMS_HELPER=m # # Frame buffer hardware drivers # -# CONFIG_FB_OMAP_BOOTLOADER_INIT is not set CONFIG_OMAP2_VRAM=y CONFIG_OMAP2_VRFB=y CONFIG_OMAP2_DSS=y @@ -492,6 +495,7 @@ CONFIG_PANEL_GENERIC_DPI=y CONFIG_PANEL_SHARP_LS037V7DW01=y # CONFIG_PANEL_PICODLP is not set # CONFIG_LCD_PLATFORM is not set +# CONFIG_BACKLIGHT_PANDORA is not set # # Console display driver support @@ -555,10 +559,8 @@ CONFIG_VIRTIO=m CONFIG_VIRTIO_RING=m # -# I2C encoder or helper chips +# Microsoft Hyper-V guest support # -CONFIG_DRM_I2C_CH7006=m -CONFIG_DRM_I2C_SIL164=m # CONFIG_TIDSPBRIDGE is not set # @@ -587,6 +589,7 @@ CONFIG_HWSPINLOCK_OMAP=m # Kernel hacking # CONFIG_RCU_CPU_STALL_TIMEOUT=60 +# CONFIG_RCU_CPU_STALL_INFO is not set # CONFIG_DEBUG_PER_CPU_MAPS is not set # CONFIG_CPU_NOTIFIER_ERROR_INJECT is not set CONFIG_OC_ETM=y diff --git a/kernel/config-generic b/kernel/config-generic index 0c5fbfaf2..870a24366 100644 --- a/kernel/config-generic +++ b/kernel/config-generic @@ -26,8 +26,11 @@ CONFIG_LOCALVERSION="" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_HAVE_KERNEL_GZIP=y CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y CONFIG_HAVE_KERNEL_LZO=y +# CONFIG_KERNEL_GZIP is not set # CONFIG_KERNEL_LZMA is not set +CONFIG_KERNEL_XZ=y # CONFIG_KERNEL_LZO is not set CONFIG_DEFAULT_HOSTNAME="(none)" CONFIG_SWAP=y @@ -53,16 +56,13 @@ CONFIG_HAVE_GENERIC_HARDIRQS=y # IRQ subsystem # CONFIG_GENERIC_HARDIRQS=y -CONFIG_HAVE_SPARSE_IRQ=y CONFIG_GENERIC_IRQ_PROBE=y CONFIG_GENERIC_IRQ_SHOW=y -CONFIG_SPARSE_IRQ=y # # RCU Subsystem # # CONFIG_PREEMPT_RCU is not set -# CONFIG_RCU_TRACE is not set # CONFIG_TREE_RCU_TRACE is not set # CONFIG_IKCONFIG is not set CONFIG_LOG_BUF_SHIFT=18 @@ -141,10 +141,12 @@ CONFIG_SLUB=y CONFIG_TRACEPOINTS=y CONFIG_HAVE_OPROFILE=y # CONFIG_KPROBES is not set +CONFIG_JUMP_LABEL=y CONFIG_HAVE_KPROBES=y CONFIG_HAVE_KRETPROBES=y CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y CONFIG_HAVE_DMA_API_DEBUG=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y # # GCOV-based kernel profiling @@ -205,7 +207,6 @@ CONFIG_DEFAULT_IOSCHED="cfq" # CONFIG_INLINE_SPIN_LOCK_BH is not set # CONFIG_INLINE_SPIN_LOCK_IRQ is not set # CONFIG_INLINE_SPIN_LOCK_IRQSAVE is not set -CONFIG_INLINE_SPIN_UNLOCK=y # CONFIG_INLINE_SPIN_UNLOCK_BH is not set CONFIG_INLINE_SPIN_UNLOCK_IRQ=y # CONFIG_INLINE_SPIN_UNLOCK_IRQRESTORE is not set @@ -284,6 +285,7 @@ CONFIG_PM=y # CONFIG_PCI=y # CONFIG_PCI_DEBUG is not set +# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set CONFIG_PCI_STUB=y CONFIG_PCI_ATS=y CONFIG_PCI_IOV=y @@ -417,6 +419,7 @@ CONFIG_NF_CONNTRACK_SECMARK=y CONFIG_NF_CONNTRACK_ZONES=y CONFIG_NF_CONNTRACK_PROCFS=y CONFIG_NF_CONNTRACK_EVENTS=y +CONFIG_NF_CONNTRACK_TIMEOUT=y CONFIG_NF_CONNTRACK_TIMESTAMP=y CONFIG_NF_CT_PROTO_DCCP=m CONFIG_NF_CT_PROTO_GRE=m @@ -434,6 +437,7 @@ CONFIG_NF_CONNTRACK_SANE=m CONFIG_NF_CONNTRACK_SIP=m CONFIG_NF_CONNTRACK_TFTP=m CONFIG_NF_CT_NETLINK=m +CONFIG_NF_CT_NETLINK_TIMEOUT=m CONFIG_NETFILTER_TPROXY=m CONFIG_NETFILTER_XTABLES=y @@ -457,6 +461,7 @@ CONFIG_NETFILTER_XT_TARGET_DSCP=m CONFIG_NETFILTER_XT_TARGET_HL=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m +CONFIG_NETFILTER_XT_TARGET_LOG=m CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_TARGET_NFLOG=m CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m @@ -581,7 +586,6 @@ CONFIG_IP_NF_MATCH_RPFILTER=m CONFIG_IP_NF_MATCH_TTL=m CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m -CONFIG_IP_NF_TARGET_LOG=m # CONFIG_IP_NF_TARGET_ULOG is not set CONFIG_NF_NAT=m CONFIG_NF_NAT_NEEDED=y @@ -627,7 +631,6 @@ CONFIG_IP6_NF_MATCH_MH=m CONFIG_IP6_NF_MATCH_RPFILTER=m CONFIG_IP6_NF_MATCH_RT=m CONFIG_IP6_NF_TARGET_HL=m -CONFIG_IP6_NF_TARGET_LOG=m CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_TARGET_REJECT=m CONFIG_IP6_NF_MANGLE=m @@ -719,6 +722,7 @@ CONFIG_NET_SCH_MQPRIO=m CONFIG_NET_SCH_CHOKE=m CONFIG_NET_SCH_QFQ=m CONFIG_NET_SCH_INGRESS=m +CONFIG_NET_SCH_PLUG=m # # Classification @@ -858,7 +862,7 @@ CONFIG_EXTRA_FIRMWARE="" # CONFIG_GENERIC_CPU_DEVICES is not set CONFIG_REGMAP=y CONFIG_REGMAP_I2C=m -# CONFIG_DMA_SHARED_BUFFER is not set +CONFIG_DMA_SHARED_BUFFER=y CONFIG_CONNECTOR=y CONFIG_PROC_EVENTS=y # CONFIG_MTD is not set @@ -965,12 +969,12 @@ CONFIG_SCSI_PROC_FS=y # # SCSI support type (disk, tape, CD-ROM) # -CONFIG_BLK_DEV_SD=m -# CONFIG_CHR_DEV_ST is not set -# CONFIG_CHR_DEV_OSST is not set -CONFIG_BLK_DEV_SR=m +CONFIG_BLK_DEV_SD=y +CONFIG_CHR_DEV_ST=m +CONFIG_CHR_DEV_OSST=m +CONFIG_BLK_DEV_SR=y CONFIG_BLK_DEV_SR_VENDOR=y -CONFIG_CHR_DEV_SG=m +CONFIG_CHR_DEV_SG=y CONFIG_CHR_DEV_SCH=m CONFIG_SCSI_ENCLOSURE=m CONFIG_SCSI_MULTI_LUN=y @@ -1034,6 +1038,7 @@ CONFIG_MEGARAID_SAS=m CONFIG_SCSI_MPT2SAS=m CONFIG_SCSI_MPT2SAS_MAX_SGE=128 # CONFIG_SCSI_MPT2SAS_LOGGING is not set +CONFIG_SCSI_UFSHCD=m CONFIG_SCSI_HPTIOP=m CONFIG_LIBFC=m CONFIG_LIBFCOE=m @@ -1068,7 +1073,8 @@ CONFIG_SCSI_PMCRAID=m CONFIG_SCSI_PM8001=m # CONFIG_SCSI_SRP is not set CONFIG_SCSI_BFA_FC=m -CONFIG_SCSI_DH=m +CONFIG_SCSI_VIRTIO=m +CONFIG_SCSI_DH=y CONFIG_SCSI_DH_RDAC=m CONFIG_SCSI_DH_HP_SW=m CONFIG_SCSI_DH_EMC=m @@ -1183,6 +1189,7 @@ CONFIG_MD_MULTIPATH=m CONFIG_MD_FAULTY=m CONFIG_BLK_DEV_DM=y # CONFIG_DM_DEBUG is not set +CONFIG_DM_BUFIO=m CONFIG_DM_CRYPT=m CONFIG_DM_SNAPSHOT=y # CONFIG_DM_THIN_PROVISIONING is not set @@ -1196,6 +1203,7 @@ CONFIG_DM_MULTIPATH_ST=m # CONFIG_DM_DELAY is not set CONFIG_DM_UEVENT=y # CONFIG_DM_FLAKEY is not set +CONFIG_DM_VERITY=m # CONFIG_TARGET_CORE is not set CONFIG_FUSION=y CONFIG_FUSION_SPI=m @@ -1210,7 +1218,6 @@ CONFIG_FUSION_LOGGING=y # CONFIG_FIREWIRE=m CONFIG_FIREWIRE_OHCI=m -CONFIG_FIREWIRE_OHCI_DEBUG=y CONFIG_FIREWIRE_SBP2=m # CONFIG_FIREWIRE_NET is not set # CONFIG_FIREWIRE_NOSY is not set @@ -1403,6 +1410,8 @@ CONFIG_NET_VENDOR_SIS=y CONFIG_SIS900=m CONFIG_SIS190=m CONFIG_SFC=m +CONFIG_SFC_MCDI_MON=y +CONFIG_SFC_SRIOV=y CONFIG_NET_VENDOR_SMSC=y CONFIG_EPIC100=m CONFIG_SMSC9420=m @@ -1433,6 +1442,7 @@ CONFIG_PHYLIB=y # # MII PHY device drivers # +CONFIG_AMD_PHY=m CONFIG_MARVELL_PHY=m CONFIG_DAVICOM_PHY=m CONFIG_QSEMI_PHY=m @@ -1497,6 +1507,7 @@ CONFIG_USB_KC2190=y CONFIG_USB_NET_ZAURUS=m CONFIG_USB_NET_CX82310_ETH=m CONFIG_USB_NET_KALMIA=m +CONFIG_USB_NET_QMI_WWAN=m CONFIG_USB_HSO=m CONFIG_USB_NET_INT51X1=m CONFIG_USB_IPHETH=m @@ -1526,12 +1537,13 @@ CONFIG_ATH5K_DEBUG=y CONFIG_ATH5K_PCI=y CONFIG_ATH9K_HW=m CONFIG_ATH9K_COMMON=m +CONFIG_ATH9K_BTCOEX_SUPPORT=y CONFIG_ATH9K=m CONFIG_ATH9K_PCI=y CONFIG_ATH9K_AHB=y CONFIG_ATH9K_DEBUGFS=y +CONFIG_ATH9K_MAC_DEBUG=y CONFIG_ATH9K_RATE_CONTROL=y -CONFIG_ATH9K_BTCOEX_SUPPORT=y CONFIG_ATH9K_HTC=m # CONFIG_ATH9K_HTC_DEBUGFS is not set CONFIG_CARL9170=m @@ -1582,14 +1594,14 @@ CONFIG_LIBIPW=m # CONFIG_LIBIPW_DEBUG is not set # CONFIG_IWLWIFI is not set CONFIG_IWLEGACY=m +CONFIG_IWL4965=m +CONFIG_IWL3945=m # -# Debugging Options +# iwl3945 / iwl4965 Debugging Options # # CONFIG_IWLEGACY_DEBUG is not set # CONFIG_IWLEGACY_DEBUGFS is not set -CONFIG_IWL4965=m -CONFIG_IWL3945=m # CONFIG_IWM is not set CONFIG_LIBERTAS=m CONFIG_LIBERTAS_USB=m @@ -1636,6 +1648,7 @@ CONFIG_RTL8192SE=m CONFIG_RTL8192DE=m CONFIG_RTL8192CU=m CONFIG_RTLWIFI=m +# CONFIG_RTLWIFI_DEBUG is not set CONFIG_RTL8192C_COMMON=m CONFIG_WL1251=m CONFIG_WL1251_SDIO=m @@ -1755,7 +1768,6 @@ CONFIG_HYSDN=m CONFIG_HYSDN_CAPI=y # CONFIG_MISDN is not set CONFIG_ISDN_HDLC=m -# CONFIG_PHONE is not set # # Input device support @@ -1799,6 +1811,7 @@ CONFIG_KEYBOARD_GPIO_POLLED=m # CONFIG_KEYBOARD_OPENCORES is not set # CONFIG_KEYBOARD_STOWAWAY is not set # CONFIG_KEYBOARD_SUNKBD is not set +CONFIG_KEYBOARD_OMAP4=m # CONFIG_KEYBOARD_XTKBD is not set CONFIG_INPUT_MOUSE=y CONFIG_MOUSE_PS2=m @@ -1815,6 +1828,7 @@ CONFIG_MOUSE_BCM5974=m CONFIG_MOUSE_VSXXXAA=m # CONFIG_MOUSE_GPIO is not set CONFIG_MOUSE_SYNAPTICS_I2C=m +CONFIG_MOUSE_SYNAPTICS_USB=m # CONFIG_INPUT_JOYSTICK is not set # CONFIG_INPUT_TABLET is not set # CONFIG_INPUT_TOUCHSCREEN is not set @@ -1959,6 +1973,7 @@ CONFIG_I2C_VIAPRO=m # I2C system bus drivers (mostly embedded / system-on-chip) # # CONFIG_I2C_DESIGNWARE_PCI is not set +# CONFIG_I2C_EG20T is not set # CONFIG_I2C_GPIO is not set # CONFIG_I2C_INTEL_MID is not set # CONFIG_I2C_OCORES is not set @@ -1966,7 +1981,6 @@ CONFIG_I2C_PCA_PLATFORM=m # CONFIG_I2C_PXA_PCI is not set CONFIG_I2C_SIMTEC=m # CONFIG_I2C_XILINX is not set -# CONFIG_I2C_EG20T is not set # # External I2C/SMBus adapter drivers @@ -1985,6 +1999,13 @@ CONFIG_I2C_STUB=m # CONFIG_I2C_DEBUG_ALGO is not set # CONFIG_I2C_DEBUG_BUS is not set # CONFIG_SPI is not set +CONFIG_HSI=m +CONFIG_HSI_BOARDINFO=y + +# +# HSI clients +# +CONFIG_HSI_CHAR=m # # PPS support @@ -2064,6 +2085,7 @@ CONFIG_W1_SLAVE_DS2433=m CONFIG_W1_SLAVE_DS2433_CRC=y CONFIG_W1_SLAVE_DS2760=m CONFIG_W1_SLAVE_DS2780=m +CONFIG_W1_SLAVE_DS2781=m CONFIG_W1_SLAVE_BQ27000=m CONFIG_POWER_SUPPLY=y # CONFIG_POWER_SUPPLY_DEBUG is not set @@ -2071,6 +2093,7 @@ CONFIG_POWER_SUPPLY=y # CONFIG_TEST_POWER is not set # CONFIG_BATTERY_DS2760 is not set # CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set # CONFIG_BATTERY_DS2782 is not set # CONFIG_BATTERY_SBS is not set # CONFIG_BATTERY_BQ27x00 is not set @@ -2080,6 +2103,7 @@ CONFIG_POWER_SUPPLY=y # CONFIG_CHARGER_MAX8903 is not set # CONFIG_CHARGER_LP8727 is not set # CONFIG_CHARGER_GPIO is not set +# CONFIG_CHARGER_SMB347 is not set CONFIG_HWMON=y CONFIG_HWMON_VID=m # CONFIG_HWMON_DEBUG_CHIP is not set @@ -2140,6 +2164,7 @@ CONFIG_SENSORS_MAX1668=m CONFIG_SENSORS_MAX6639=m CONFIG_SENSORS_MAX6642=m CONFIG_SENSORS_MAX6650=m +CONFIG_SENSORS_MCP3021=m CONFIG_SENSORS_NTC_THERMISTOR=m CONFIG_SENSORS_PC87360=m CONFIG_SENSORS_PC87427=m @@ -2249,6 +2274,7 @@ CONFIG_MFD_SM501_GPIO=y # CONFIG_TPS6105X is not set # CONFIG_TPS65010 is not set # CONFIG_TPS6507X is not set +# CONFIG_MFD_TPS65217 is not set # CONFIG_MFD_TMIO is not set CONFIG_MFD_WM8400=m # CONFIG_MFD_PCF50633 is not set @@ -2296,6 +2322,7 @@ CONFIG_IR_MCEUSB=m CONFIG_IR_REDRAT3=m CONFIG_IR_STREAMZAP=m CONFIG_RC_LOOPBACK=m +CONFIG_IR_GPIO_CIR=m CONFIG_MEDIA_ATTACH=y CONFIG_MEDIA_TUNER=m CONFIG_MEDIA_TUNER_CUSTOMISE=y @@ -2554,6 +2581,7 @@ CONFIG_USB_DSBR=m CONFIG_RADIO_MAXIRADIO=m CONFIG_I2C_SI4713=m CONFIG_RADIO_SI4713=m +CONFIG_USB_KEENE=m # CONFIG_RADIO_TEA5764 is not set # CONFIG_RADIO_SAA7706H is not set # CONFIG_RADIO_TEF6862 is not set @@ -2613,11 +2641,13 @@ CONFIG_DVB_USB_AF9015=m CONFIG_DVB_USB_CE6230=m CONFIG_DVB_USB_FRIIO=m CONFIG_DVB_USB_EC168=m +CONFIG_DVB_USB_AZ6007=m CONFIG_DVB_USB_AZ6027=m CONFIG_DVB_USB_LME2510=m CONFIG_DVB_USB_TECHNISAT_USB2=m # CONFIG_DVB_USB_IT913X is not set # CONFIG_DVB_USB_MXL111SF is not set +CONFIG_DVB_USB_RTL28XXU=m CONFIG_DVB_TTUSB_BUDGET=m CONFIG_DVB_TTUSB_DEC=m CONFIG_SMS_SIANO_MDTV=m @@ -2755,6 +2785,7 @@ CONFIG_DVB_EC100=m CONFIG_DVB_HD29L2=m CONFIG_DVB_STV0367=m CONFIG_DVB_CXD2820R=m +CONFIG_DVB_RTL2830=m # # DVB-C (cable) frontends @@ -2806,6 +2837,7 @@ CONFIG_DVB_ATBM8830=m CONFIG_DVB_TDA665x=m CONFIG_DVB_IX2505V=m CONFIG_DVB_IT913X_FE=m +CONFIG_DVB_M88RS2000=m # # Tools to develop new frontends @@ -2818,13 +2850,21 @@ CONFIG_DVB_IT913X_FE=m CONFIG_VGA_ARB=y CONFIG_VGA_ARB_MAX_GPUS=16 CONFIG_DRM=m +CONFIG_DRM_USB=m +CONFIG_DRM_KMS_HELPER=m +# CONFIG_DRM_LOAD_EDID_FIRMWARE is not set CONFIG_DRM_TTM=m CONFIG_DRM_TDFX=m CONFIG_DRM_R128=m + +# +# I2C encoder or helper chips +# CONFIG_DRM_MGA=m CONFIG_DRM_VIA=m CONFIG_DRM_SAVAGE=m CONFIG_DRM_VMWGFX=m +CONFIG_DRM_UDL=m CONFIG_STUB_POULSBO=m CONFIG_VGASTATE=m CONFIG_VIDEO_OUTPUT_CONTROL=m @@ -2859,6 +2899,7 @@ CONFIG_FB_RIVA=m # CONFIG_FB_RIVA_I2C is not set # CONFIG_FB_RIVA_DEBUG is not set CONFIG_FB_RIVA_BACKLIGHT=y +CONFIG_FB_I740=m CONFIG_FB_MATROX=m CONFIG_FB_MATROX_MILLENIUM=y CONFIG_FB_MATROX_MYSTIQUE=y @@ -2896,6 +2937,7 @@ CONFIG_FB_MB862XX=m CONFIG_FB_MB862XX_PCI_GDC=y CONFIG_FB_MB862XX_I2C=y # CONFIG_FB_BROADSHEET is not set +# CONFIG_EXYNOS_VIDEO is not set CONFIG_BACKLIGHT_LCD_SUPPORT=y CONFIG_LCD_CLASS_DEVICE=m CONFIG_LCD_PLATFORM=m @@ -2903,6 +2945,7 @@ CONFIG_BACKLIGHT_CLASS_DEVICE=y # CONFIG_BACKLIGHT_GENERIC is not set # CONFIG_BACKLIGHT_ADP8860 is not set # CONFIG_BACKLIGHT_ADP8870 is not set +# CONFIG_BACKLIGHT_LP855X is not set # # Console display driver support @@ -3072,7 +3115,7 @@ CONFIG_SND_FIREWIRE_SPEAKERS=m CONFIG_AC97_BUS=m CONFIG_HID_SUPPORT=y CONFIG_HID=y -CONFIG_HID_BATTERY_STRENGTH=y +# CONFIG_HID_BATTERY_STRENGTH is not set CONFIG_HIDRAW=y # @@ -3127,31 +3170,26 @@ CONFIG_HID_PICOLCD_LCD=y CONFIG_HID_PICOLCD_LEDS=y # CONFIG_HID_PRIMAX is not set CONFIG_HID_ROCCAT=m -CONFIG_HID_ROCCAT_COMMON=m -CONFIG_HID_ROCCAT_ARVO=m -CONFIG_HID_ROCCAT_ISKU=m -CONFIG_HID_ROCCAT_KONE=m -CONFIG_HID_ROCCAT_KONEPLUS=m -CONFIG_HID_ROCCAT_KOVAPLUS=m -CONFIG_HID_ROCCAT_PYRA=m +CONFIG_HID_SAITEK=m CONFIG_HID_SAMSUNG=m # CONFIG_HID_SONY is not set CONFIG_HID_SPEEDLINK=m CONFIG_HID_SUNPLUS=m # CONFIG_HID_GREENASIA is not set # CONFIG_HID_SMARTJOYPLUS is not set +CONFIG_HID_TIVO=m CONFIG_HID_TOPSEED=m # CONFIG_HID_THRUSTMASTER is not set # CONFIG_HID_WACOM is not set # CONFIG_HID_WIIMOTE is not set # CONFIG_HID_ZEROPLUS is not set CONFIG_HID_ZYDACRON=m -CONFIG_USB_SUPPORT=y -CONFIG_USB_COMMON=y -CONFIG_USB_ARCH_HAS_HCD=y CONFIG_USB_ARCH_HAS_OHCI=y CONFIG_USB_ARCH_HAS_EHCI=y CONFIG_USB_ARCH_HAS_XHCI=y +CONFIG_USB_SUPPORT=y +CONFIG_USB_COMMON=y +CONFIG_USB_ARCH_HAS_HCD=y CONFIG_USB=y # CONFIG_USB_DEBUG is not set CONFIG_USB_ANNOUNCE_NEW_DEVICES=y @@ -3178,12 +3216,13 @@ CONFIG_USB_XHCI_HCD=m CONFIG_USB_EHCI_HCD=y CONFIG_USB_EHCI_ROOT_HUB_TT=y CONFIG_USB_EHCI_TT_NEWSCHED=y -CONFIG_USB_EHCI_MV=y # CONFIG_USB_OXU210HP_HCD is not set # CONFIG_USB_ISP116X_HCD is not set # CONFIG_USB_ISP1760_HCD is not set CONFIG_USB_ISP1362_HCD=m CONFIG_USB_OHCI_HCD=y +CONFIG_USB_OHCI_HCD_PLATFORM=y +CONFIG_USB_EHCI_HCD_PLATFORM=y # CONFIG_USB_OHCI_BIG_ENDIAN_DESC is not set # CONFIG_USB_OHCI_BIG_ENDIAN_MMIO is not set CONFIG_USB_OHCI_LITTLE_ENDIAN=y @@ -3258,6 +3297,7 @@ CONFIG_USB_SERIAL_IPAQ=m CONFIG_USB_SERIAL_IR=m CONFIG_USB_SERIAL_EDGEPORT=m CONFIG_USB_SERIAL_EDGEPORT_TI=m +CONFIG_USB_SERIAL_F81232=m # CONFIG_USB_SERIAL_GARMIN is not set CONFIG_USB_SERIAL_IPW=m CONFIG_USB_SERIAL_IUU=m @@ -3266,6 +3306,7 @@ CONFIG_USB_SERIAL_KEYSPAN_PDA=m CONFIG_USB_SERIAL_KLSI=m # CONFIG_USB_SERIAL_KOBIL_SCT is not set CONFIG_USB_SERIAL_MCT_U232=m +# CONFIG_USB_SERIAL_METRO is not set CONFIG_USB_SERIAL_MOS7720=m CONFIG_USB_SERIAL_MOS7715_PARPORT=y CONFIG_USB_SERIAL_MOS7840=m @@ -3388,6 +3429,7 @@ CONFIG_LEDS_LP3944=m CONFIG_LEDS_LP5521=m CONFIG_LEDS_LP5523=m # CONFIG_LEDS_PCA955X is not set +CONFIG_LEDS_PCA9633=m # CONFIG_LEDS_BD2802 is not set CONFIG_LEDS_LT3593=m CONFIG_LEDS_TCA6507=m @@ -3537,10 +3579,6 @@ CONFIG_RTLLIB_CRYPTO_WEP=m # CONFIG_TRANZPORT is not set # CONFIG_IDE_PHISON is not set # CONFIG_LINE6_USB is not set - -# -# I2C encoder or helper chips -# # CONFIG_USB_SERIAL_QUATECH2 is not set # CONFIG_USB_SERIAL_QUATECH_USB2 is not set # CONFIG_VT6655 is not set @@ -3548,9 +3586,6 @@ CONFIG_RTLLIB_CRYPTO_WEP=m # CONFIG_VME_BUS is not set # CONFIG_DX_SEP is not set # CONFIG_IIO is not set -# CONFIG_XVMALLOC is not set -# CONFIG_ZRAM is not set -# CONFIG_ZCACHE is not set # CONFIG_FB_SM7XX is not set # CONFIG_CRYSTALHD is not set # CONFIG_FB_XGI is not set @@ -3570,11 +3605,21 @@ CONFIG_RTLLIB_CRYPTO_WEP=m # Android # # CONFIG_ANDROID is not set +# CONFIG_PHONE is not set +# CONFIG_USB_WPAN_HCD is not set # # Hardware Spinlock drivers # CONFIG_IOMMU_SUPPORT=y + +# +# Remoteproc drivers (EXPERIMENTAL) +# + +# +# Rpmsg drivers (EXPERIMENTAL) +# CONFIG_VIRT_DRIVERS=y # CONFIG_PM_DEVFREQ is not set @@ -3693,6 +3738,7 @@ CONFIG_MISC_FILESYSTEMS=y # CONFIG_OMFS_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set # CONFIG_ROMFS_FS is not set CONFIG_PSTORE=y # CONFIG_SYSV_FS is not set @@ -3708,10 +3754,10 @@ CONFIG_NFS_V4_1=y CONFIG_PNFS_FILE_LAYOUT=m CONFIG_PNFS_BLOCK=m CONFIG_PNFS_OBJLAYOUT=m +CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="ipfire.org" CONFIG_NFS_FSCACHE=y # CONFIG_NFS_USE_LEGACY_DNS is not set CONFIG_NFS_USE_KERNEL_DNS=y -# CONFIG_NFS_USE_NEW_IDMAPPER is not set CONFIG_NFSD=m CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y @@ -3726,6 +3772,7 @@ CONFIG_SUNRPC=m CONFIG_SUNRPC_GSS=m CONFIG_SUNRPC_BACKCHANNEL=y CONFIG_RPCSEC_GSS_KRB5=m +# CONFIG_SUNRPC_DEBUG is not set # CONFIG_CEPH_FS is not set CONFIG_CIFS=m CONFIG_CIFS_STATS=y @@ -3840,12 +3887,12 @@ CONFIG_DEBUG_LIST=y CONFIG_FRAME_POINTER=y CONFIG_BOOT_PRINTK_DELAY=y # CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_TRACE is not set # CONFIG_BACKTRACE_SELF_TEST is not set # CONFIG_DEBUG_BLOCK_EXT_DEVT is not set # CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set # CONFIG_LKDTM is not set # CONFIG_FAULT_INJECTION is not set -CONFIG_SYSCTL_SYSCALL_CHECK=y # CONFIG_DEBUG_PAGEALLOC is not set CONFIG_NOP_TRACER=y CONFIG_HAVE_FUNCTION_TRACER=y @@ -4164,11 +4211,17 @@ CONFIG_BINARY_PRINTF=y CONFIG_RAID6_PQ=m CONFIG_BITREVERSE=y CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IO=y CONFIG_CRC_CCITT=m CONFIG_CRC16=y -CONFIG_CRC_T10DIF=m +CONFIG_CRC_T10DIF=y CONFIG_CRC_ITU_T=m CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set CONFIG_CRC7=m CONFIG_LIBCRC32C=m CONFIG_CRC8=m diff --git a/kernel/config-i686-default b/kernel/config-i686-default index c273ee1d0..c48984323 100644 --- a/kernel/config-i686-default +++ b/kernel/config-i686-default @@ -56,7 +56,6 @@ CONFIG_M686=y # CONFIG_MVIAC3_2 is not set # CONFIG_MVIAC7 is not set CONFIG_X86_GENERIC=y -CONFIG_X86_INTERNODE_CACHE_SHIFT=6 # CONFIG_X86_PPRO_FENCE is not set CONFIG_X86_INVLPG=y CONFIG_X86_BSWAP=y @@ -65,9 +64,7 @@ CONFIG_X86_ALIGNMENT_16=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_USE_PPRO_CHECKSUM=y CONFIG_X86_MINIMUM_CPU_FAMILY=5 -CONFIG_CPU_SUP_CYRIX_32=y CONFIG_CPU_SUP_TRANSMETA_32=y -CONFIG_CPU_SUP_UMC_32=y CONFIG_NR_CPUS=32 # CONFIG_X86_ANCIENT_MCE is not set CONFIG_VM86=y @@ -139,6 +136,8 @@ CONFIG_PCI_BIOS=y # CONFIG_MCA is not set # CONFIG_SCx200 is not set # CONFIG_ALIX is not set +# CONFIG_NET5501 is not set +# CONFIG_GEOS is not set # # PC-card bridges diff --git a/kernel/config-i686-legacy b/kernel/config-i686-legacy index b28d1c848..df2ac3d9c 100644 --- a/kernel/config-i686-legacy +++ b/kernel/config-i686-legacy @@ -1,4 +1,10 @@ +# +# IRQ subsystem +# +CONFIG_IRQ_DOMAIN=y +# CONFIG_IRQ_DOMAIN_DEBUG is not set + # # Processor type and features # @@ -68,6 +74,7 @@ CONFIG_I2C_PXA_PCI=y # PCI GPIO expanders: # CONFIG_GPIO_CS5535=y +# CONFIG_GPIO_SODAVILLE is not set # # 1-wire Slaves @@ -80,7 +87,7 @@ CONFIG_BATTERY_OLPC=y CONFIG_MFD_CORE=y # -# Graphics support +# I2C encoder or helper chips # CONFIG_FB_SYS_FILLRECT=m CONFIG_FB_SYS_COPYAREA=m @@ -88,9 +95,9 @@ CONFIG_FB_SYS_IMAGEBLIT=m CONFIG_FB_SYS_FOPS=m # -# LED drivers +# Frame buffer hardware drivers # -# CONFIG_LEDS_NET5501 is not set +# CONFIG_BACKLIGHT_OT200 is not set # # Microsoft Hyper-V guest support diff --git a/kernel/config-x86-generic b/kernel/config-x86-generic index b81d82e6e..4f5883b97 100644 --- a/kernel/config-x86-generic +++ b/kernel/config-x86-generic @@ -11,6 +11,7 @@ CONFIG_RWSEM_XCHGADD_ALGORITHM=y CONFIG_ARCH_HAS_CPU_RELAX=y CONFIG_ARCH_HAS_DEFAULT_IDLE=y CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_ARCH_HAS_CPU_AUTOPROBE=y CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y CONFIG_ARCH_HIBERNATION_POSSIBLE=y @@ -22,15 +23,14 @@ CONFIG_ARCH_CPU_PROBE_RELEASE=y # # General setup # -# CONFIG_KERNEL_GZIP is not set # CONFIG_KERNEL_BZIP2 is not set -CONFIG_KERNEL_XZ=y # # IRQ subsystem # CONFIG_GENERIC_PENDING_IRQ=y CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y # # RCU Subsystem @@ -44,7 +44,6 @@ CONFIG_PCSPKR_PLATFORM=y # Kernel Performance Events And Counters # CONFIG_OPROFILE_NMI_TIMER=y -CONFIG_JUMP_LABEL=y CONFIG_USER_RETURN_NOTIFIER=y CONFIG_USE_GENERIC_SMP_HELPERS=y CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y @@ -90,6 +89,7 @@ CONFIG_NO_BOOTMEM=y # CONFIG_MK8 is not set # CONFIG_MCORE2 is not set # CONFIG_MATOM is not set +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 CONFIG_X86_CMPXCHG=y CONFIG_X86_L1_CACHE_SHIFT=6 CONFIG_X86_XADD=y @@ -137,7 +137,6 @@ CONFIG_MMU_NOTIFIER=y CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y CONFIG_MEMORY_FAILURE=y -# CONFIG_HWPOISON_INJECT is not set CONFIG_TRANSPARENT_HUGEPAGE=y CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=y # CONFIG_TRANSPARENT_HUGEPAGE_MADVISE is not set @@ -196,6 +195,7 @@ CONFIG_ACPI_CONTAINER=y CONFIG_ACPI_SBS=m CONFIG_ACPI_HED=y CONFIG_ACPI_CUSTOM_METHOD=m +CONFIG_ACPI_BGRT=m CONFIG_ACPI_APEI=y CONFIG_ACPI_APEI_GHES=y CONFIG_ACPI_APEI_PCIEAER=y @@ -254,6 +254,9 @@ CONFIG_PCIE_ECRC=y CONFIG_PCIEAER_INJECT=m CONFIG_PCIEASPM=y # CONFIG_PCIEASPM_DEBUG is not set +# CONFIG_PCIEASPM_DEFAULT is not set +CONFIG_PCIEASPM_POWERSAVE=y +# CONFIG_PCIEASPM_PERFORMANCE is not set CONFIG_PCIE_PME=y CONFIG_ARCH_SUPPORTS_MSI=y CONFIG_PCI_MSI=y @@ -369,7 +372,7 @@ CONFIG_MOUSE_PS2_LIFEBOOK=y CONFIG_INPUT_PCSPKR=m CONFIG_INPUT_APANEL=m CONFIG_INPUT_ATLAS_BTNS=m -CONFIG_INPUT_XEN_KBDDEV_FRONTEND=m +CONFIG_INPUT_XEN_KBDDEV_FRONTEND=y # # Hardware I/O ports @@ -393,6 +396,7 @@ CONFIG_SERIAL_8250_PNP=y # CONFIG_HVC_IRQ=y CONFIG_HVC_XEN=y +CONFIG_HVC_XEN_FRONTEND=y CONFIG_HW_RANDOM_INTEL=m CONFIG_HW_RANDOM_AMD=m CONFIG_HW_RANDOM_VIA=m @@ -513,9 +517,17 @@ CONFIG_AGP_INTEL=y CONFIG_AGP_SIS=y CONFIG_AGP_VIA=y CONFIG_VGA_SWITCHEROO=y -CONFIG_DRM_KMS_HELPER=m CONFIG_DRM_RADEON=m CONFIG_DRM_RADEON_KMS=y +CONFIG_DRM_NOUVEAU=m +CONFIG_DRM_NOUVEAU_BACKLIGHT=y +CONFIG_DRM_NOUVEAU_DEBUG=y + +# +# I2C encoder or helper chips +# +# CONFIG_DRM_I2C_CH7006 is not set +# CONFIG_DRM_I2C_SIL164 is not set CONFIG_DRM_I810=m CONFIG_DRM_I915=m CONFIG_DRM_I915_KMS=y @@ -649,17 +661,12 @@ CONFIG_SWIOTLB_XEN=y CONFIG_XEN_TMEM=y CONFIG_XEN_PCIDEV_BACKEND=m CONFIG_XEN_PRIVCMD=m +CONFIG_XEN_ACPI_PROCESSOR=m # CONFIG_SLICOSS is not set # CONFIG_COMEDI is not set -CONFIG_DRM_NOUVEAU=m -CONFIG_DRM_NOUVEAU_BACKLIGHT=y -CONFIG_DRM_NOUVEAU_DEBUG=y - -# -# I2C encoder or helper chips -# -# CONFIG_DRM_I2C_CH7006 is not set -# CONFIG_DRM_I2C_SIL164 is not set +# CONFIG_ZRAM is not set +# CONFIG_ZCACHE is not set +CONFIG_ZSMALLOC=m # CONFIG_ACPI_QUICKSTART is not set # @@ -704,7 +711,6 @@ CONFIG_ASUS_NB_WMI=m CONFIG_EEEPC_WMI=m CONFIG_ACPI_WMI=m CONFIG_MSI_WMI=m -# CONFIG_ACPI_ASUS is not set CONFIG_TOPSTAR_LAPTOP=m CONFIG_ACPI_TOSHIBA=m CONFIG_TOSHIBA_BT_RFKILL=m @@ -716,6 +722,7 @@ CONFIG_SAMSUNG_LAPTOP=m CONFIG_MXM_WMI=m CONFIG_INTEL_OAKTRAIL=m CONFIG_SAMSUNG_Q10=m +# CONFIG_APPLE_GMUX is not set # # Hardware Spinlock drivers @@ -744,6 +751,11 @@ CONFIG_ISCSI_IBFT_FIND=y CONFIG_ISCSI_IBFT=m # CONFIG_GOOGLE_FIRMWARE is not set +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y + # # Pseudo filesystems # @@ -757,6 +769,7 @@ CONFIG_HARDLOCKUP_DETECTOR=y # CONFIG_DEBUG_VIRTUAL is not set CONFIG_ARCH_WANT_FRAME_POINTERS=y CONFIG_RCU_CPU_STALL_TIMEOUT=60 +# CONFIG_RCU_CPU_STALL_INFO is not set # CONFIG_DEBUG_PER_CPU_MAPS is not set # CONFIG_CPU_NOTIFIER_ERROR_INJECT is not set CONFIG_USER_STACKTRACE_SUPPORT=y diff --git a/kernel/config-x86_64-default b/kernel/config-x86_64-default index 14b8ad815..d65fa450d 100644 --- a/kernel/config-x86_64-default +++ b/kernel/config-x86_64-default @@ -17,6 +17,11 @@ CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx - # CONFIG_RCU_FANOUT=64 +# +# Kernel Performance Events And Counters +# +CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y + # # Partition Types # @@ -32,7 +37,6 @@ CONFIG_X86_NUMACHIP=y CONFIG_XEN_MAX_DOMAIN_MEMORY=500 # CONFIG_MPSC is not set CONFIG_GENERIC_CPU=y -CONFIG_X86_INTERNODE_CACHE_SHIFT=7 CONFIG_X86_MINIMUM_CPU_FAMILY=64 CONFIG_GART_IOMMU=y # CONFIG_CALGARY_IOMMU is not set @@ -90,6 +94,7 @@ CONFIG_HOTPLUG_PCI_SHPC=m CONFIG_COMPAT_BINFMT_ELF=y CONFIG_IA32_EMULATION=y # CONFIG_IA32_AOUT is not set +# CONFIG_X86_X32 is not set CONFIG_COMPAT=y CONFIG_COMPAT_FOR_U64_ALIGNMENT=y CONFIG_SYSVIPC_COMPAT=y @@ -174,6 +179,7 @@ CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m # CONFIG_CRYPTO_AES_X86_64=y CONFIG_CRYPTO_BLOWFISH_X86_64=m +CONFIG_CRYPTO_CAMELLIA_X86_64=m CONFIG_CRYPTO_SALSA20_X86_64=m CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m CONFIG_CRYPTO_TWOFISH_X86_64=m diff --git a/kernel/kernel.nm b/kernel/kernel.nm index 10bc121cf..d17b73176 100644 --- a/kernel/kernel.nm +++ b/kernel/kernel.nm @@ -4,7 +4,7 @@ ############################################################################### name = kernel -version = 3.3.6 +version = 3.4.3 release = 1 thisapp = linux-%{version} @@ -36,8 +36,11 @@ build requires asciidoc + binutils >= 2.22.52.0.3-2 binutils-devel + bison elfutils-devel + flex gcc-plugin-devel gettext ncurses-devel @@ -45,7 +48,6 @@ build perl python-devel xmlto - xz-lzma-compat /sbin/depmod end @@ -86,10 +88,10 @@ build # won't build with the grsecurity patch. # Build versatile kernel. - #build_kernel_versatile = 1 + build_kernel_versatile = 1 # Build a kernel for Marvell Kirkwood-based devices. - #build_kernel_kirkwood = 1 + build_kernel_kirkwood = 1 kernel_arch = arm kernel_image = arch/%{kernel_arch}/boot/zImage @@ -207,6 +209,7 @@ build # Install configuration file. cp configs/config.${flavour} .config + cat .config # Run the build. make ARCH=%{kernel_arch} oldnoconfig >/dev/null diff --git a/kernel/patches/grsecurity-2.9-3.3.6-201205151707.patch b/kernel/patches/grsecurity-2.9.1-3.4.3-201206171836.patch similarity index 82% rename from kernel/patches/grsecurity-2.9-3.3.6-201205151707.patch rename to kernel/patches/grsecurity-2.9.1-3.4.3-201206171836.patch index 9202846db..57ad30210 100644 --- a/kernel/patches/grsecurity-2.9-3.3.6-201205151707.patch +++ b/kernel/patches/grsecurity-2.9.1-3.4.3-201206171836.patch @@ -1,5 +1,5 @@ diff --git a/Documentation/dontdiff b/Documentation/dontdiff -index 0c083c5..bf13011 100644 +index b4a898f..830febf 100644 --- a/Documentation/dontdiff +++ b/Documentation/dontdiff @@ -2,9 +2,11 @@ @@ -42,7 +42,15 @@ index 0c083c5..bf13011 100644 SCCS System.map* TAGS -@@ -92,19 +98,24 @@ bounds.h +@@ -80,6 +86,7 @@ aic7*seq.h* + aicasm + aicdb.h* + altivec*.c ++ashldi3.S + asm-offsets.h + asm_offsets.h + autoconf.h* +@@ -92,19 +99,24 @@ bounds.h bsetup btfixupprep build @@ -67,7 +75,7 @@ index 0c083c5..bf13011 100644 conmakehash consolemap_deftbl.c* cpustr.h -@@ -115,9 +126,11 @@ devlist.h* +@@ -115,9 +127,11 @@ devlist.h* dnotify_test docproc dslm @@ -79,7 +87,7 @@ index 0c083c5..bf13011 100644 fixdep flask.h fore200e_mkfirm -@@ -125,12 +138,15 @@ fore200e_pca_fw.c* +@@ -125,12 +139,15 @@ fore200e_pca_fw.c* gconf gconf.glade.h gen-devlist @@ -95,7 +103,7 @@ index 0c083c5..bf13011 100644 hpet_example hugepage-mmap hugepage-shm -@@ -145,7 +161,7 @@ int32.c +@@ -145,7 +162,7 @@ int32.c int4.c int8.c kallsyms @@ -104,7 +112,7 @@ index 0c083c5..bf13011 100644 keywords.c ksym.c* ksym.h* -@@ -153,7 +169,7 @@ kxgettext +@@ -153,7 +170,7 @@ kxgettext lkc_defs.h lex.c lex.*.c @@ -113,7 +121,7 @@ index 0c083c5..bf13011 100644 logo_*.c logo_*_clut224.c logo_*_mono.c -@@ -165,14 +181,15 @@ machtypes.h +@@ -164,14 +181,15 @@ machtypes.h map map_hugetlb maui_boot.h @@ -130,7 +138,23 @@ index 0c083c5..bf13011 100644 mkprep mkregtable mktables -@@ -208,6 +225,7 @@ r300_reg_safe.h +@@ -188,6 +206,7 @@ oui.c* + page-types + parse.c + parse.h ++parse-events* + patches* + pca200e.bin + pca200e_ecd.bin2 +@@ -197,6 +216,7 @@ perf-archive + piggyback + piggy.gzip + piggy.S ++pmu-* + pnmtologo + ppc_defs.h* + pss_boot.h +@@ -207,6 +227,7 @@ r300_reg_safe.h r420_reg_safe.h r600_reg_safe.h recordmcount @@ -138,7 +162,7 @@ index 0c083c5..bf13011 100644 relocs rlim_names.h rn50_reg_safe.h -@@ -218,6 +236,7 @@ setup +@@ -217,6 +238,7 @@ setup setup.bin setup.elf sImage @@ -146,7 +170,7 @@ index 0c083c5..bf13011 100644 sm_tbl* split-include syscalltab.h -@@ -228,6 +247,7 @@ tftpboot.img +@@ -227,6 +249,7 @@ tftpboot.img timeconst.h times.h* trix_boot.h @@ -154,7 +178,15 @@ index 0c083c5..bf13011 100644 utsrelease.h* vdso-syms.lds vdso.lds -@@ -245,7 +265,9 @@ vmlinux +@@ -238,13 +261,17 @@ vdso32.lds + vdso32.so.dbg + vdso64.lds + vdso64.so.dbg ++vdsox32.lds ++vdsox32-syms.lds + version.h* + vmImage + vmlinux vmlinux-* vmlinux.aout vmlinux.bin.all @@ -164,7 +196,7 @@ index 0c083c5..bf13011 100644 vmlinuz voffset.h vsyscall.lds -@@ -253,9 +275,11 @@ vsyscall_32.lds +@@ -252,9 +279,11 @@ vsyscall_32.lds wanxlfw.inc uImage unifdef @@ -177,10 +209,10 @@ index 0c083c5..bf13011 100644 +zconf.lex.c zoffset.h diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index d99fd9c..8689fef 100644 +index c1601e5..08557ce 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -1977,6 +1977,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -2021,6 +2021,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the specified number of seconds. This is to be used if your oopses keep scrolling off the screen. @@ -195,7 +227,7 @@ index d99fd9c..8689fef 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 9cd6941..92e68ff 100644 +index a0804c6..f487027 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -221,12 +253,13 @@ index 9cd6941..92e68ff 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -564,6 +565,55 @@ else +@@ -564,6 +565,56 @@ else KBUILD_CFLAGS += -O2 endif +ifndef DISABLE_PAX_PLUGINS -+ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y) ++PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(HOSTCXX)" "$(CC)") ++ifneq ($(PLUGINCC),) +ifndef DISABLE_PAX_CONSTIFY_PLUGIN +ifndef CONFIG_UML +CONSTIFY_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN @@ -256,7 +289,7 @@ index 9cd6941..92e68ff 100644 +GCC_PLUGINS_CFLAGS := $(CONSTIFY_PLUGIN_CFLAGS) $(STACKLEAK_PLUGIN_CFLAGS) $(KALLOCSTAT_PLUGIN_CFLAGS) +GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS) $(SIZE_OVERFLOW_PLUGIN) +GCC_PLUGINS_AFLAGS := $(KERNEXEC_PLUGIN_AFLAGS) -+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN SIZE_OVERFLOW_PLUGIN ++export PLUGINCC CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN SIZE_OVERFLOW_PLUGIN +ifeq ($(KBUILD_EXTMOD),) +gcc-plugins: + $(Q)$(MAKE) $(build)=tools/gcc @@ -277,7 +310,7 @@ index 9cd6941..92e68ff 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -708,7 +758,7 @@ export mod_strip_cmd +@@ -708,7 +759,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -286,7 +319,7 @@ index 9cd6941..92e68ff 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -932,6 +982,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -932,6 +983,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -295,7 +328,7 @@ index 9cd6941..92e68ff 100644 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -941,7 +993,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -941,7 +994,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -304,7 +337,7 @@ index 9cd6941..92e68ff 100644 $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -985,6 +1037,7 @@ prepare0: archprepare FORCE +@@ -985,6 +1038,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. @@ -312,7 +345,7 @@ index 9cd6941..92e68ff 100644 prepare: prepare0 # Generate some files -@@ -1089,6 +1142,8 @@ all: modules +@@ -1092,6 +1146,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -321,7 +354,7 @@ index 9cd6941..92e68ff 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1104,7 +1159,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1107,7 +1163,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -330,7 +363,7 @@ index 9cd6941..92e68ff 100644 # Target to install modules PHONY += modules_install -@@ -1201,6 +1256,7 @@ distclean: mrproper +@@ -1204,6 +1260,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -338,7 +371,7 @@ index 9cd6941..92e68ff 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1361,6 +1417,8 @@ PHONY += $(module-dirs) modules +@@ -1364,6 +1421,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -347,7 +380,7 @@ index 9cd6941..92e68ff 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1487,17 +1545,21 @@ else +@@ -1490,17 +1549,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -373,7 +406,7 @@ index 9cd6941..92e68ff 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1507,11 +1569,15 @@ endif +@@ -1510,11 +1573,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -392,7 +425,7 @@ index 9cd6941..92e68ff 100644 $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) $(@:.ko=.o) diff --git a/arch/alpha/include/asm/atomic.h b/arch/alpha/include/asm/atomic.h -index 640f909..48b6597 100644 +index 3bb7ffe..347a54c 100644 --- a/arch/alpha/include/asm/atomic.h +++ b/arch/alpha/include/asm/atomic.h @@ -250,6 +250,16 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) @@ -439,10 +472,10 @@ index ad368a9..fbe0f25 100644 #endif diff --git a/arch/alpha/include/asm/elf.h b/arch/alpha/include/asm/elf.h -index da5449e..7418343 100644 +index 968d999..d36b2df 100644 --- a/arch/alpha/include/asm/elf.h +++ b/arch/alpha/include/asm/elf.h -@@ -90,6 +90,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG]; +@@ -91,6 +91,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG]; #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x1000000) @@ -474,10 +507,10 @@ index bc2a0da..8ad11ee 100644 static inline void diff --git a/arch/alpha/include/asm/pgtable.h b/arch/alpha/include/asm/pgtable.h -index de98a73..bd4f1f8 100644 +index 81a4342..348b927 100644 --- a/arch/alpha/include/asm/pgtable.h +++ b/arch/alpha/include/asm/pgtable.h -@@ -101,6 +101,17 @@ struct vm_area_struct; +@@ -102,6 +102,17 @@ struct vm_area_struct; #define PAGE_SHARED __pgprot(_PAGE_VALID | __ACCESS_BITS) #define PAGE_COPY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW) #define PAGE_READONLY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW) @@ -509,10 +542,10 @@ index 2fd00b7..cfd5069 100644 for (i = 0; i < n; i++) { diff --git a/arch/alpha/kernel/osf_sys.c b/arch/alpha/kernel/osf_sys.c -index 01e8715..be0e80f 100644 +index 49ee319..9ee7d14 100644 --- a/arch/alpha/kernel/osf_sys.c +++ b/arch/alpha/kernel/osf_sys.c -@@ -1147,7 +1147,7 @@ arch_get_unmapped_area_1(unsigned long addr, unsigned long len, +@@ -1146,7 +1146,7 @@ arch_get_unmapped_area_1(unsigned long addr, unsigned long len, /* At this point: (!vma || addr < vma->vm_end). */ if (limit - len < addr) return -ENOMEM; @@ -521,7 +554,7 @@ index 01e8715..be0e80f 100644 return addr; addr = vma->vm_end; vma = vma->vm_next; -@@ -1183,6 +1183,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1182,6 +1182,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, merely specific addresses, but regions of memory -- perhaps this feature should be incorporated into all ports? */ @@ -532,7 +565,7 @@ index 01e8715..be0e80f 100644 if (addr) { addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit); if (addr != (unsigned long) -ENOMEM) -@@ -1190,8 +1194,8 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1189,8 +1193,8 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, } /* Next, try allocating at TASK_UNMAPPED_BASE. */ @@ -544,10 +577,10 @@ index 01e8715..be0e80f 100644 return addr; diff --git a/arch/alpha/mm/fault.c b/arch/alpha/mm/fault.c -index fadd5f8..904e73a 100644 +index 5eecab1..609abc0 100644 --- a/arch/alpha/mm/fault.c +++ b/arch/alpha/mm/fault.c -@@ -54,6 +54,124 @@ __load_new_mm_context(struct mm_struct *next_mm) +@@ -53,6 +53,124 @@ __load_new_mm_context(struct mm_struct *next_mm) __reload_thread(pcb); } @@ -672,7 +705,7 @@ index fadd5f8..904e73a 100644 /* * This routine handles page faults. It determines the address, -@@ -131,8 +249,29 @@ do_page_fault(unsigned long address, unsigned long mmcsr, +@@ -130,8 +248,29 @@ do_page_fault(unsigned long address, unsigned long mmcsr, good_area: si_code = SEGV_ACCERR; if (cause < 0) { @@ -704,12 +737,12 @@ index fadd5f8..904e73a 100644 /* Allow reads even for write-only mappings */ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h -index 86976d0..8e07f84 100644 +index 68374ba..cff7196 100644 --- a/arch/arm/include/asm/atomic.h +++ b/arch/arm/include/asm/atomic.h -@@ -15,6 +15,10 @@ - #include - #include +@@ -17,17 +17,35 @@ + #include + #include +#ifdef CONFIG_GENERIC_ATOMIC64 +#include @@ -718,7 +751,16 @@ index 86976d0..8e07f84 100644 #define ATOMIC_INIT(i) { (i) } #ifdef __KERNEL__ -@@ -25,7 +29,15 @@ + ++#define _ASM_EXTABLE(from, to) \ ++" .pushsection __ex_table,\"a\"\n"\ ++" .align 3\n" \ ++" .long " #from ", " #to"\n" \ ++" .popsection" ++ + /* + * On ARM, ordinary assignment (str instruction) doesn't clear the local + * strex/ldrex monitor on some implementations. The reason we can use it for * atomic_set() is the clrex or dummy strex done on every exception return. */ #define atomic_read(v) (*(volatile int *)&(v)->counter) @@ -734,7 +776,7 @@ index 86976d0..8e07f84 100644 #if __LINUX_ARM_ARCH__ >= 6 -@@ -40,6 +52,35 @@ static inline void atomic_add(int i, atomic_t *v) +@@ -42,6 +60,35 @@ static inline void atomic_add(int i, atomic_t *v) int result; __asm__ __volatile__("@ atomic_add\n" @@ -770,7 +812,7 @@ index 86976d0..8e07f84 100644 "1: ldrex %0, [%3]\n" " add %0, %0, %4\n" " strex %1, %0, [%3]\n" -@@ -58,6 +99,42 @@ static inline int atomic_add_return(int i, atomic_t *v) +@@ -60,6 +107,42 @@ static inline int atomic_add_return(int i, atomic_t *v) smp_mb(); __asm__ __volatile__("@ atomic_add_return\n" @@ -780,7 +822,7 @@ index 86976d0..8e07f84 100644 +#ifdef CONFIG_PAX_REFCOUNT +" bvc 3f\n" +" mov %0, %1\n" -+"2: bkpt 0xf103\n" ++"2: bkpt 0xf103\n" +"3:\n" +#endif + @@ -813,7 +855,7 @@ index 86976d0..8e07f84 100644 "1: ldrex %0, [%3]\n" " add %0, %0, %4\n" " strex %1, %0, [%3]\n" -@@ -78,6 +155,35 @@ static inline void atomic_sub(int i, atomic_t *v) +@@ -80,6 +163,35 @@ static inline void atomic_sub(int i, atomic_t *v) int result; __asm__ __volatile__("@ atomic_sub\n" @@ -849,7 +891,7 @@ index 86976d0..8e07f84 100644 "1: ldrex %0, [%3]\n" " sub %0, %0, %4\n" " strex %1, %0, [%3]\n" -@@ -96,11 +202,25 @@ static inline int atomic_sub_return(int i, atomic_t *v) +@@ -98,11 +210,25 @@ static inline int atomic_sub_return(int i, atomic_t *v) smp_mb(); __asm__ __volatile__("@ atomic_sub_return\n" @@ -877,7 +919,7 @@ index 86976d0..8e07f84 100644 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "Ir" (i) : "cc"); -@@ -132,6 +252,28 @@ static inline int atomic_cmpxchg(atomic_t *ptr, int old, int new) +@@ -134,6 +260,28 @@ static inline int atomic_cmpxchg(atomic_t *ptr, int old, int new) return oldval; } @@ -906,35 +948,48 @@ index 86976d0..8e07f84 100644 static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr) { unsigned long tmp, tmp2; -@@ -165,7 +307,9 @@ static inline int atomic_add_return(int i, atomic_t *v) +@@ -167,7 +315,17 @@ static inline int atomic_add_return(int i, atomic_t *v) return val; } -+#define atomic_add_return_unchecked(i, v) atomic_add_return(i, v) ++ ++static inline int atomic_add_return_unchecked(int i, atomic_unchecked_t *v) ++{ ++ return atomic_add_return(i, v); ++} ++ #define atomic_add(i, v) (void) atomic_add_return(i, v) -+#define atomic_add_unchecked(i, v) (void) atomic_add_return_unchecked(i, v) ++static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v) ++{ ++ (void) atomic_add_return(i, v); ++} static inline int atomic_sub_return(int i, atomic_t *v) { -@@ -179,7 +323,9 @@ static inline int atomic_sub_return(int i, atomic_t *v) - +@@ -182,6 +340,10 @@ static inline int atomic_sub_return(int i, atomic_t *v) return val; } -+#define atomic_sub_return_unchecked(i, v) atomic_sub_return(i, v) #define atomic_sub(i, v) (void) atomic_sub_return(i, v) -+#define atomic_sub_unchecked(i, v) (void) atomic_sub_return_unchecked(i, v) ++static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v) ++{ ++ (void) atomic_sub_return(i, v); ++} static inline int atomic_cmpxchg(atomic_t *v, int old, int new) { -@@ -194,6 +340,7 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new) - +@@ -197,6 +359,11 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new) return ret; } -+#define atomic_cmpxchg_unchecked(v, o, n) atomic_cmpxchg(v, o, n) ++static inline int atomic_cmpxchg_unchecked(atomic_unchecked_t *v, int old, int new) ++{ ++ return atomic_cmpxchg(v, old, new); ++} ++ static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr) { -@@ -207,6 +354,10 @@ static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr) + unsigned long flags; +@@ -209,6 +376,10 @@ static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr) #endif /* __LINUX_ARM_ARCH__ */ #define atomic_xchg(v, new) (xchg(&((v)->counter), new)) @@ -945,7 +1000,7 @@ index 86976d0..8e07f84 100644 static inline int __atomic_add_unless(atomic_t *v, int a, int u) { -@@ -219,11 +370,27 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) +@@ -221,11 +392,27 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) } #define atomic_inc(v) atomic_add(1, v) @@ -973,7 +1028,7 @@ index 86976d0..8e07f84 100644 #define atomic_dec_return(v) (atomic_sub_return(1, v)) #define atomic_sub_and_test(i, v) (atomic_sub_return(i, v) == 0) -@@ -239,6 +406,14 @@ typedef struct { +@@ -241,6 +428,14 @@ typedef struct { u64 __aligned(8) counter; } atomic64_t; @@ -988,7 +1043,7 @@ index 86976d0..8e07f84 100644 #define ATOMIC64_INIT(i) { (i) } static inline u64 atomic64_read(atomic64_t *v) -@@ -254,6 +429,19 @@ static inline u64 atomic64_read(atomic64_t *v) +@@ -256,6 +451,19 @@ static inline u64 atomic64_read(atomic64_t *v) return result; } @@ -1008,7 +1063,7 @@ index 86976d0..8e07f84 100644 static inline void atomic64_set(atomic64_t *v, u64 i) { u64 tmp; -@@ -268,6 +456,20 @@ static inline void atomic64_set(atomic64_t *v, u64 i) +@@ -270,6 +478,20 @@ static inline void atomic64_set(atomic64_t *v, u64 i) : "cc"); } @@ -1029,7 +1084,7 @@ index 86976d0..8e07f84 100644 static inline void atomic64_add(u64 i, atomic64_t *v) { u64 result; -@@ -276,6 +478,36 @@ static inline void atomic64_add(u64 i, atomic64_t *v) +@@ -278,6 +500,36 @@ static inline void atomic64_add(u64 i, atomic64_t *v) __asm__ __volatile__("@ atomic64_add\n" "1: ldrexd %0, %H0, [%3]\n" " adds %0, %0, %4\n" @@ -1066,7 +1121,7 @@ index 86976d0..8e07f84 100644 " adc %H0, %H0, %H4\n" " strexd %1, %0, %H0, [%3]\n" " teq %1, #0\n" -@@ -287,12 +519,49 @@ static inline void atomic64_add(u64 i, atomic64_t *v) +@@ -289,12 +541,49 @@ static inline void atomic64_add(u64 i, atomic64_t *v) static inline u64 atomic64_add_return(u64 i, atomic64_t *v) { @@ -1118,7 +1173,7 @@ index 86976d0..8e07f84 100644 "1: ldrexd %0, %H0, [%3]\n" " adds %0, %0, %4\n" " adc %H0, %H0, %H4\n" -@@ -316,6 +585,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) +@@ -318,6 +607,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) __asm__ __volatile__("@ atomic64_sub\n" "1: ldrexd %0, %H0, [%3]\n" " subs %0, %0, %4\n" @@ -1155,7 +1210,7 @@ index 86976d0..8e07f84 100644 " sbc %H0, %H0, %H4\n" " strexd %1, %0, %H0, [%3]\n" " teq %1, #0\n" -@@ -327,18 +626,32 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) +@@ -329,18 +648,32 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) static inline u64 atomic64_sub_return(u64 i, atomic64_t *v) { @@ -1193,7 +1248,7 @@ index 86976d0..8e07f84 100644 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "r" (i) : "cc"); -@@ -372,6 +685,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new) +@@ -374,6 +707,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new) return oldval; } @@ -1224,7 +1279,7 @@ index 86976d0..8e07f84 100644 static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new) { u64 result; -@@ -395,21 +732,34 @@ static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new) +@@ -397,21 +754,34 @@ static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new) static inline u64 atomic64_dec_if_positive(atomic64_t *v) { @@ -1266,7 +1321,7 @@ index 86976d0..8e07f84 100644 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter) : "cc"); -@@ -432,13 +782,25 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u) +@@ -434,13 +804,25 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u) " teq %0, %5\n" " teqeq %H0, %H5\n" " moveq %1, #0\n" @@ -1294,7 +1349,7 @@ index 86976d0..8e07f84 100644 : "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "r" (u), "r" (a) : "cc"); -@@ -451,10 +813,13 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u) +@@ -453,10 +835,13 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u) #define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0) #define atomic64_inc(v) atomic64_add(1LL, (v)) @@ -1325,7 +1380,7 @@ index 75fe66b..2255c86 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/arm/include/asm/cacheflush.h b/arch/arm/include/asm/cacheflush.h -index d5d8d5c..ad92c96 100644 +index 1252a26..9dc17b5 100644 --- a/arch/arm/include/asm/cacheflush.h +++ b/arch/arm/include/asm/cacheflush.h @@ -108,7 +108,7 @@ struct cpu_cache_fns { @@ -1337,8 +1392,21 @@ index d5d8d5c..ad92c96 100644 /* * Select the calling method +diff --git a/arch/arm/include/asm/cmpxchg.h b/arch/arm/include/asm/cmpxchg.h +index d41d7cb..9bea5e0 100644 +--- a/arch/arm/include/asm/cmpxchg.h ++++ b/arch/arm/include/asm/cmpxchg.h +@@ -102,6 +102,8 @@ static inline unsigned long __xchg(unsigned long x, volatile void *ptr, int size + + #define xchg(ptr,x) \ + ((__typeof__(*(ptr)))__xchg((unsigned long)(x),(ptr),sizeof(*(ptr)))) ++#define xchg_unchecked(ptr,x) \ ++ ((__typeof__(*(ptr)))__xchg((unsigned long)(x),(ptr),sizeof(*(ptr)))) + + #include + diff --git a/arch/arm/include/asm/elf.h b/arch/arm/include/asm/elf.h -index 0e9ce8d..6ef1e03 100644 +index 38050b1..9d90e8b 100644 --- a/arch/arm/include/asm/elf.h +++ b/arch/arm/include/asm/elf.h @@ -116,7 +116,14 @@ int dump_task_regs(struct task_struct *t, elf_gregset_t *elfregs); @@ -1357,7 +1425,7 @@ index 0e9ce8d..6ef1e03 100644 /* When the program starts, a1 contains a pointer to a function to be registered with atexit, as per the SVR4 ABI. A value of 0 means we -@@ -126,10 +133,6 @@ int dump_task_regs(struct task_struct *t, elf_gregset_t *elfregs); +@@ -126,8 +133,4 @@ int dump_task_regs(struct task_struct *t, elf_gregset_t *elfregs); extern void elf_set_personality(const struct elf32_hdr *); #define SET_PERSONALITY(ex) elf_set_personality(&(ex)) @@ -1365,9 +1433,7 @@ index 0e9ce8d..6ef1e03 100644 -extern unsigned long arch_randomize_brk(struct mm_struct *mm); -#define arch_randomize_brk arch_randomize_brk - - extern int vectors_user_mapping(void); - #define arch_setup_additional_pages(bprm, uses_interp) vectors_user_mapping() - #define ARCH_HAS_SETUP_ADDITIONAL_PAGES + #endif diff --git a/arch/arm/include/asm/kmap_types.h b/arch/arm/include/asm/kmap_types.h index e51b1e8..32a3113 100644 --- a/arch/arm/include/asm/kmap_types.h @@ -1394,7 +1460,7 @@ index 53426c6..c7baff3 100644 #ifdef CONFIG_OUTER_CACHE diff --git a/arch/arm/include/asm/page.h b/arch/arm/include/asm/page.h -index 97b440c..b7ff179 100644 +index 5838361..da6e813 100644 --- a/arch/arm/include/asm/page.h +++ b/arch/arm/include/asm/page.h @@ -123,7 +123,7 @@ struct cpu_user_fns { @@ -1430,38 +1496,11 @@ index 943504f..bf8d667 100644 #endif /* CONFIG_ARM_LPAE */ -diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h -index e4c96cc..1145653 100644 ---- a/arch/arm/include/asm/system.h -+++ b/arch/arm/include/asm/system.h -@@ -98,6 +98,8 @@ void hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, - - #define xchg(ptr,x) \ - ((__typeof__(*(ptr)))__xchg((unsigned long)(x),(ptr),sizeof(*(ptr)))) -+#define xchg_unchecked(ptr,x) \ -+ ((__typeof__(*(ptr)))__xchg((unsigned long)(x),(ptr),sizeof(*(ptr)))) - - extern asmlinkage void c_backtrace(unsigned long fp, int pmode); - -@@ -534,6 +536,13 @@ static inline unsigned long long __cmpxchg64_mb(volatile void *ptr, - - #endif /* __LINUX_ARM_ARCH__ >= 6 */ - -+#define _ASM_EXTABLE(from, to) \ -+" .pushsection __ex_table,\"a\"\n"\ -+" .align 3\n" \ -+" .long " #from ", " #to"\n" \ -+" .popsection" -+ -+ - #endif /* __ASSEMBLY__ */ - - #define arch_align_stack(x) (x) diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h -index d4c24d4..4ac53e8 100644 +index 0f04d84..2be5648 100644 --- a/arch/arm/include/asm/thread_info.h +++ b/arch/arm/include/asm/thread_info.h -@@ -141,6 +141,12 @@ extern void vfp_flush_hwstate(struct thread_info *); +@@ -148,6 +148,12 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */ #define TIF_SYSCALL_TRACE 8 #define TIF_SYSCALL_AUDIT 9 @@ -1474,7 +1513,7 @@ index d4c24d4..4ac53e8 100644 #define TIF_POLLING_NRFLAG 16 #define TIF_USING_IWMMXT 17 #define TIF_MEMDIE 18 /* is terminating due to OOM killer */ -@@ -156,9 +162,11 @@ extern void vfp_flush_hwstate(struct thread_info *); +@@ -163,9 +169,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT) #define _TIF_RESTORE_SIGMASK (1 << TIF_RESTORE_SIGMASK) #define _TIF_SECCOMP (1 << TIF_SECCOMP) @@ -1488,7 +1527,7 @@ index d4c24d4..4ac53e8 100644 /* * Change these and you break ASM code in entry-common.S diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h -index 2958976..12ccac4 100644 +index 71f6536..602f279 100644 --- a/arch/arm/include/asm/uaccess.h +++ b/arch/arm/include/asm/uaccess.h @@ -22,6 +22,8 @@ @@ -1547,10 +1586,10 @@ index 2958976..12ccac4 100644 n = __copy_to_user(to, from, n); return n; diff --git a/arch/arm/kernel/armksyms.c b/arch/arm/kernel/armksyms.c -index 5b0bce6..becd81c 100644 +index b57c75e..ed2d6b2 100644 --- a/arch/arm/kernel/armksyms.c +++ b/arch/arm/kernel/armksyms.c -@@ -95,8 +95,8 @@ EXPORT_SYMBOL(__strncpy_from_user); +@@ -94,8 +94,8 @@ EXPORT_SYMBOL(__strncpy_from_user); #ifdef CONFIG_MMU EXPORT_SYMBOL(copy_page); @@ -1562,7 +1601,7 @@ index 5b0bce6..becd81c 100644 EXPORT_SYMBOL(__get_user_1); diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c -index 971d65c..cc936fb 100644 +index 2b7b017..c380fa2 100644 --- a/arch/arm/kernel/process.c +++ b/arch/arm/kernel/process.c @@ -28,7 +28,6 @@ @@ -1573,7 +1612,7 @@ index 971d65c..cc936fb 100644 #include #include -@@ -273,9 +272,10 @@ void machine_power_off(void) +@@ -275,9 +274,10 @@ void machine_power_off(void) machine_shutdown(); if (pm_power_off) pm_power_off(); @@ -1585,7 +1624,7 @@ index 971d65c..cc936fb 100644 { machine_shutdown(); -@@ -517,12 +517,6 @@ unsigned long get_wchan(struct task_struct *p) +@@ -519,12 +519,6 @@ unsigned long get_wchan(struct task_struct *p) return 0; } @@ -1599,10 +1638,10 @@ index 971d65c..cc936fb 100644 /* * The vectors page is always readable from user space for the diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c -index f5ce8ab..4b73893 100644 +index 9650c14..ae30cdd 100644 --- a/arch/arm/kernel/ptrace.c +++ b/arch/arm/kernel/ptrace.c -@@ -905,10 +905,19 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -906,10 +906,19 @@ long arch_ptrace(struct task_struct *child, long request, return ret; } @@ -1623,10 +1662,10 @@ index f5ce8ab..4b73893 100644 audit_syscall_exit(regs); else diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c -index a255c39..4a19b25 100644 +index ebfac78..cbea9c0 100644 --- a/arch/arm/kernel/setup.c +++ b/arch/arm/kernel/setup.c -@@ -109,13 +109,13 @@ struct processor processor __read_mostly; +@@ -111,13 +111,13 @@ struct processor processor __read_mostly; struct cpu_tlb_fns cpu_tlb __read_mostly; #endif #ifdef MULTI_USER @@ -1644,10 +1683,10 @@ index a255c39..4a19b25 100644 #endif diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c -index f84dfe6..13e94f7 100644 +index 63d402f..db1d714 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c -@@ -259,6 +259,8 @@ static int __die(const char *str, int err, struct thread_info *thread, struct pt +@@ -264,6 +264,8 @@ static int __die(const char *str, int err, struct thread_info *thread, struct pt static DEFINE_RAW_SPINLOCK(die_lock); @@ -1656,7 +1695,7 @@ index f84dfe6..13e94f7 100644 /* * This function is protected against re-entrancy. */ -@@ -291,6 +293,9 @@ void die(const char *str, struct pt_regs *regs, int err) +@@ -296,6 +298,9 @@ void die(const char *str, struct pt_regs *regs, int err) panic("Fatal exception in interrupt"); if (panic_on_oops) panic("Fatal exception"); @@ -1803,10 +1842,10 @@ index 025f742..8432b08 100644 /* * This test is stubbed out of the main function above to keep diff --git a/arch/arm/mach-omap2/board-n8x0.c b/arch/arm/mach-omap2/board-n8x0.c -index 6722627..8f97548c 100644 +index 518091c..eae9a76 100644 --- a/arch/arm/mach-omap2/board-n8x0.c +++ b/arch/arm/mach-omap2/board-n8x0.c -@@ -597,7 +597,7 @@ static int n8x0_menelaus_late_init(struct device *dev) +@@ -596,7 +596,7 @@ static int n8x0_menelaus_late_init(struct device *dev) } #endif @@ -1815,24 +1854,11 @@ index 6722627..8f97548c 100644 .late_init = n8x0_menelaus_late_init, }; -diff --git a/arch/arm/mach-ux500/mbox-db5500.c b/arch/arm/mach-ux500/mbox-db5500.c -index 2b2d51c..0127490 100644 ---- a/arch/arm/mach-ux500/mbox-db5500.c -+++ b/arch/arm/mach-ux500/mbox-db5500.c -@@ -168,7 +168,7 @@ static ssize_t mbox_read_fifo(struct device *dev, - return sprintf(buf, "0x%X\n", mbox_value); - } - --static DEVICE_ATTR(fifo, S_IWUGO | S_IRUGO, mbox_read_fifo, mbox_write_fifo); -+static DEVICE_ATTR(fifo, S_IWUSR | S_IRUGO, mbox_read_fifo, mbox_write_fifo); - - static int mbox_show(struct seq_file *s, void *data) - { diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c -index bb7eac3..3bade16 100644 +index 5bb4835..4760f68 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c -@@ -172,6 +172,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr, +@@ -174,6 +174,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr, } #endif @@ -1846,7 +1872,7 @@ index bb7eac3..3bade16 100644 tsk->thread.address = addr; tsk->thread.error_code = fsr; tsk->thread.trap_no = 14; -@@ -393,6 +400,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) +@@ -397,6 +404,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) } #endif /* CONFIG_MMU */ @@ -1880,7 +1906,7 @@ index bb7eac3..3bade16 100644 /* * First Level Translation Fault Handler * -@@ -573,6 +607,20 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs) +@@ -577,6 +611,20 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs) const struct fsr_info *inf = ifsr_info + fsr_fs(ifsr); struct siginfo info; @@ -1977,6 +2003,19 @@ index ce8cb19..3ec539d 100644 mm->get_unmapped_area = arch_get_unmapped_area_topdown; mm->unmap_area = arch_unmap_area_topdown; } +diff --git a/arch/arm/plat-orion/include/plat/addr-map.h b/arch/arm/plat-orion/include/plat/addr-map.h +index fd556f7..af2e7d2 100644 +--- a/arch/arm/plat-orion/include/plat/addr-map.h ++++ b/arch/arm/plat-orion/include/plat/addr-map.h +@@ -26,7 +26,7 @@ struct orion_addr_map_cfg { + value in bridge_virt_base */ + void __iomem *(*win_cfg_base) (const struct orion_addr_map_cfg *cfg, + const int win); +-}; ++} __no_const; + + /* + * Information needed to setup one address mapping. diff --git a/arch/arm/plat-samsung/include/plat/dma-ops.h b/arch/arm/plat-samsung/include/plat/dma-ops.h index 71a6827..e7fbc23 100644 --- a/arch/arm/plat-samsung/include/plat/dma-ops.h @@ -2153,10 +2192,10 @@ index 1de779f..336fad3 100644 #define __read_mostly __attribute__((__section__(".data.read_mostly"))) diff --git a/arch/frv/include/asm/atomic.h b/arch/frv/include/asm/atomic.h -index 0d8a7d6..d0c9ff5 100644 +index b86329d..6709906 100644 --- a/arch/frv/include/asm/atomic.h +++ b/arch/frv/include/asm/atomic.h -@@ -241,6 +241,16 @@ extern uint32_t __xchg_32(uint32_t i, volatile void *v); +@@ -186,6 +186,16 @@ static inline void atomic64_dec(atomic64_t *v) #define atomic64_cmpxchg(v, old, new) (__cmpxchg_64(old, new, &(v)->counter)) #define atomic64_xchg(v, new) (__xchg_64(new, &(v)->counter)) @@ -2269,10 +2308,10 @@ index 0f01de2..d37d309 100644 #define __cacheline_aligned __aligned(L1_CACHE_BYTES) #define ____cacheline_aligned __aligned(L1_CACHE_BYTES) diff --git a/arch/ia64/include/asm/atomic.h b/arch/ia64/include/asm/atomic.h -index 3fad89e..3047da5 100644 +index 7d91166..88ab87e 100644 --- a/arch/ia64/include/asm/atomic.h +++ b/arch/ia64/include/asm/atomic.h -@@ -209,6 +209,16 @@ atomic64_add_negative (__s64 i, atomic64_t *v) +@@ -208,6 +208,16 @@ atomic64_add_negative (__s64 i, atomic64_t *v) #define atomic64_inc(v) atomic64_add(1, (v)) #define atomic64_dec(v) atomic64_sub(1, (v)) @@ -2359,7 +2398,7 @@ index 96a8d92..617a1cf 100644 { return quicklist_alloc(0, GFP_KERNEL, NULL); diff --git a/arch/ia64/include/asm/pgtable.h b/arch/ia64/include/asm/pgtable.h -index 1a97af3..7529d31 100644 +index 815810c..d60bd4c 100644 --- a/arch/ia64/include/asm/pgtable.h +++ b/arch/ia64/include/asm/pgtable.h @@ -12,7 +12,7 @@ @@ -2371,7 +2410,7 @@ index 1a97af3..7529d31 100644 #include #include #include -@@ -143,6 +143,17 @@ +@@ -142,6 +142,17 @@ #define PAGE_READONLY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R) #define PAGE_COPY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R) #define PAGE_COPY_EXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RX) @@ -2390,10 +2429,10 @@ index 1a97af3..7529d31 100644 #define PAGE_KERNEL __pgprot(__DIRTY_BITS | _PAGE_PL_0 | _PAGE_AR_RWX) #define PAGE_KERNELRX __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_RX) diff --git a/arch/ia64/include/asm/spinlock.h b/arch/ia64/include/asm/spinlock.h -index b77768d..e0795eb 100644 +index 54ff557..70c88b7 100644 --- a/arch/ia64/include/asm/spinlock.h +++ b/arch/ia64/include/asm/spinlock.h -@@ -72,7 +72,7 @@ static __always_inline void __ticket_spin_unlock(arch_spinlock_t *lock) +@@ -71,7 +71,7 @@ static __always_inline void __ticket_spin_unlock(arch_spinlock_t *lock) unsigned short *p = (unsigned short *)&lock->lock + 1, tmp; asm volatile ("ld2.bias %0=[%1]" : "=r"(tmp) : "r"(p)); @@ -2553,10 +2592,10 @@ index 609d500..7dde2a8 100644 mm->free_area_cache = addr + len; return addr; diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S -index 53c0ba0..2accdde 100644 +index 0ccb28f..8992469 100644 --- a/arch/ia64/kernel/vmlinux.lds.S +++ b/arch/ia64/kernel/vmlinux.lds.S -@@ -199,7 +199,7 @@ SECTIONS { +@@ -198,7 +198,7 @@ SECTIONS { /* Per-cpu data: */ . = ALIGN(PERCPU_PAGE_SIZE); PERCPU_VADDR(SMP_CACHE_BYTES, PERCPU_ADDR, :percpu) @@ -2566,10 +2605,10 @@ index 53c0ba0..2accdde 100644 * ensure percpu data fits * into percpu page size diff --git a/arch/ia64/mm/fault.c b/arch/ia64/mm/fault.c -index 20b3593..1ce77f0 100644 +index 02d29c2..ea893df 100644 --- a/arch/ia64/mm/fault.c +++ b/arch/ia64/mm/fault.c -@@ -73,6 +73,23 @@ mapped_kernel_page_is_present (unsigned long address) +@@ -72,6 +72,23 @@ mapped_kernel_page_is_present (unsigned long address) return pte_present(pte); } @@ -2593,7 +2632,7 @@ index 20b3593..1ce77f0 100644 void __kprobes ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *regs) { -@@ -146,9 +163,23 @@ ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *re +@@ -145,9 +162,23 @@ ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *re mask = ( (((isr >> IA64_ISR_X_BIT) & 1UL) << VM_EXEC_BIT) | (((isr >> IA64_ISR_W_BIT) & 1UL) << VM_WRITE_BIT)); @@ -2632,10 +2671,10 @@ index 5ca674b..e0e1b70 100644 addr = ALIGN(vmm->vm_end, HPAGE_SIZE); } diff --git a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c -index 13df239d..cb52116 100644 +index 0eab454..bd794f2 100644 --- a/arch/ia64/mm/init.c +++ b/arch/ia64/mm/init.c -@@ -121,6 +121,19 @@ ia64_init_addr_space (void) +@@ -120,6 +120,19 @@ ia64_init_addr_space (void) vma->vm_start = current->thread.rbs_bot & PAGE_MASK; vma->vm_end = vma->vm_start + PAGE_SIZE; vma->vm_flags = VM_DATA_DEFAULT_FLAGS|VM_GROWSUP|VM_ACCOUNT; @@ -2731,12 +2770,12 @@ index 4efe96a..60e8699 100644 #define SMP_CACHE_BYTES L1_CACHE_BYTES diff --git a/arch/mips/include/asm/atomic.h b/arch/mips/include/asm/atomic.h -index 1d93f81..67794d0 100644 +index 3f4c5cb..3439c6e 100644 --- a/arch/mips/include/asm/atomic.h +++ b/arch/mips/include/asm/atomic.h @@ -21,6 +21,10 @@ + #include #include - #include +#ifdef CONFIG_GENERIC_ATOMIC64 +#include @@ -2804,6 +2843,18 @@ index 455c0ac..ad65fbe 100644 -#define arch_randomize_brk arch_randomize_brk - #endif /* _ASM_ELF_H */ +diff --git a/arch/mips/include/asm/exec.h b/arch/mips/include/asm/exec.h +index c1f6afa..38cc6e9 100644 +--- a/arch/mips/include/asm/exec.h ++++ b/arch/mips/include/asm/exec.h +@@ -12,6 +12,6 @@ + #ifndef _ASM_EXEC_H + #define _ASM_EXEC_H + +-extern unsigned long arch_align_stack(unsigned long sp); ++#define arch_align_stack(x) ((x) & ~0xfUL) + + #endif /* _ASM_EXEC_H */ diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h index da9bd7d..91aa7ab 100644 --- a/arch/mips/include/asm/page.h @@ -2833,18 +2884,6 @@ index 881d18b..cea38bc 100644 #endif /* -diff --git a/arch/mips/include/asm/system.h b/arch/mips/include/asm/system.h -index 6018c80..7c37203 100644 ---- a/arch/mips/include/asm/system.h -+++ b/arch/mips/include/asm/system.h -@@ -230,6 +230,6 @@ extern void per_cpu_trap_init(void); - */ - #define __ARCH_WANT_UNLOCKED_CTXSW - --extern unsigned long arch_align_stack(unsigned long sp); -+#define arch_align_stack(x) ((x) & ~0xfUL) - - #endif /* _ASM_SYSTEM_H */ diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h index 0d85d8e..ec71487 100644 --- a/arch/mips/include/asm/thread_info.h @@ -2916,10 +2955,10 @@ index ff44823..97f8906 100644 /* diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c -index 7955409..ceaea7c 100644 +index e9a5fd7..378809a 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c -@@ -483,15 +483,3 @@ unsigned long get_wchan(struct task_struct *task) +@@ -480,15 +480,3 @@ unsigned long get_wchan(struct task_struct *task) out: return pc; } @@ -2936,10 +2975,10 @@ index 7955409..ceaea7c 100644 - return sp & ALMASK; -} diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c -index 7786b60..3e38c72 100644 +index 7c24c29..e2f1981 100644 --- a/arch/mips/kernel/ptrace.c +++ b/arch/mips/kernel/ptrace.c -@@ -529,6 +529,10 @@ static inline int audit_arch(void) +@@ -528,6 +528,10 @@ static inline int audit_arch(void) return arch; } @@ -2950,7 +2989,7 @@ index 7786b60..3e38c72 100644 /* * Notification of system call entry/exit * - triggered by current->work.syscall_trace -@@ -538,6 +542,11 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs) +@@ -537,6 +541,11 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs) /* do the secure computing check first */ secure_computing(regs->regs[2]); @@ -3015,10 +3054,10 @@ index 5422855..74e63a3 100644 and t0, t1, t0 bnez t0, trace_a_syscall diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c -index 69ebd58..e4bff83 100644 +index c14f6df..537e729 100644 --- a/arch/mips/mm/fault.c +++ b/arch/mips/mm/fault.c -@@ -28,6 +28,23 @@ +@@ -27,6 +27,23 @@ #include /* For VMALLOC_END */ #include @@ -3187,10 +3226,10 @@ index 4ce7a01..449202a 100644 #endif /* __ASM_OPENRISC_CACHE_H */ diff --git a/arch/parisc/include/asm/atomic.h b/arch/parisc/include/asm/atomic.h -index 4054b31..a10c105 100644 +index 6c6defc..d30653d 100644 --- a/arch/parisc/include/asm/atomic.h +++ b/arch/parisc/include/asm/atomic.h -@@ -335,6 +335,16 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) +@@ -229,6 +229,16 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0) @@ -3278,10 +3317,10 @@ index fc987a1..6e068ef 100644 #endif diff --git a/arch/parisc/include/asm/pgtable.h b/arch/parisc/include/asm/pgtable.h -index 22dadeb..f6c2be4 100644 +index ee99f23..802b0a1 100644 --- a/arch/parisc/include/asm/pgtable.h +++ b/arch/parisc/include/asm/pgtable.h -@@ -210,6 +210,17 @@ struct vm_area_struct; +@@ -212,6 +212,17 @@ struct vm_area_struct; #define PAGE_EXECREAD __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_EXEC |_PAGE_ACCESSED) #define PAGE_COPY PAGE_EXECREAD #define PAGE_RWX __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_EXEC |_PAGE_ACCESSED) @@ -3434,10 +3473,10 @@ index c9b9322..02d8940 100644 if (filp) { addr = get_shared_area(filp->f_mapping, addr, len, pgoff); diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c -index f19e660..414fe24 100644 +index 45ba99f..8e22c33 100644 --- a/arch/parisc/kernel/traps.c +++ b/arch/parisc/kernel/traps.c -@@ -733,9 +733,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs) +@@ -732,9 +732,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs) down_read(¤t->mm->mmap_sem); vma = find_vma(current->mm,regs->iaoq[0]); @@ -3622,12 +3661,12 @@ index 18162ce..94de376 100644 /* * If for any reason at all we couldn't handle the fault, make diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h -index 02e41b5..ec6e26c 100644 +index da29032..f76c24c 100644 --- a/arch/powerpc/include/asm/atomic.h +++ b/arch/powerpc/include/asm/atomic.h -@@ -469,6 +469,16 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) - - #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0) +@@ -522,6 +522,16 @@ static __inline__ long atomic64_inc_not_zero(atomic64_t *v) + return t1; + } +#define atomic64_read_unchecked(v) atomic64_read(v) +#define atomic64_set_unchecked(v, i) atomic64_set((v), (i)) @@ -3643,7 +3682,7 @@ index 02e41b5..ec6e26c 100644 #endif /* __KERNEL__ */ diff --git a/arch/powerpc/include/asm/cache.h b/arch/powerpc/include/asm/cache.h -index 4b50941..5605819 100644 +index 9e495c9..b6878e5 100644 --- a/arch/powerpc/include/asm/cache.h +++ b/arch/powerpc/include/asm/cache.h @@ -3,6 +3,7 @@ @@ -3699,6 +3738,18 @@ index 3bf9cca..e7457d0 100644 #endif /* __KERNEL__ */ /* +diff --git a/arch/powerpc/include/asm/exec.h b/arch/powerpc/include/asm/exec.h +index 8196e9c..d83a9f3 100644 +--- a/arch/powerpc/include/asm/exec.h ++++ b/arch/powerpc/include/asm/exec.h +@@ -4,6 +4,6 @@ + #ifndef _ASM_POWERPC_EXEC_H + #define _ASM_POWERPC_EXEC_H + +-extern unsigned long arch_align_stack(unsigned long sp); ++#define arch_align_stack(x) ((x) & ~0xfUL) + + #endif /* _ASM_POWERPC_EXEC_H */ diff --git a/arch/powerpc/include/asm/kmap_types.h b/arch/powerpc/include/asm/kmap_types.h index bca8fdc..61e9580 100644 --- a/arch/powerpc/include/asm/kmap_types.h @@ -3832,7 +3883,7 @@ index 4aad413..85d86bf 100644 #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */ #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */ diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h -index 7fdc2c0..e47a9b02d3 100644 +index 9d7f0fb..a28fe69 100644 --- a/arch/powerpc/include/asm/reg.h +++ b/arch/powerpc/include/asm/reg.h @@ -212,6 +212,7 @@ @@ -3843,24 +3894,11 @@ index 7fdc2c0..e47a9b02d3 100644 #define DSISR_PROTFAULT 0x08000000 /* protection fault */ #define DSISR_ISSTORE 0x02000000 /* access was a store */ #define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */ -diff --git a/arch/powerpc/include/asm/system.h b/arch/powerpc/include/asm/system.h -index c377457..3c69fbc 100644 ---- a/arch/powerpc/include/asm/system.h -+++ b/arch/powerpc/include/asm/system.h -@@ -539,7 +539,7 @@ __cmpxchg_local(volatile void *ptr, unsigned long old, unsigned long new, - #define cmpxchg64_local(ptr, o, n) __cmpxchg64_local_generic((ptr), (o), (n)) - #endif - --extern unsigned long arch_align_stack(unsigned long sp); -+#define arch_align_stack(x) ((x) & ~0xfUL) - - /* Used in very early kernel initialization. */ - extern unsigned long reloc_offset(void); diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h -index 96471494..60ed5a2 100644 +index 4a741c7..c8162227b 100644 --- a/arch/powerpc/include/asm/thread_info.h +++ b/arch/powerpc/include/asm/thread_info.h -@@ -104,13 +104,15 @@ static inline struct thread_info *current_thread_info(void) +@@ -104,12 +104,14 @@ static inline struct thread_info *current_thread_info(void) #define TIF_PERFMON_CTXSW 6 /* perfmon needs ctxsw calls */ #define TIF_SYSCALL_AUDIT 7 /* syscall auditing active */ #define TIF_SINGLESTEP 8 /* singlestepping active */ @@ -3870,14 +3908,13 @@ index 96471494..60ed5a2 100644 #define TIF_NOERROR 12 /* Force successful syscall return */ #define TIF_NOTIFY_RESUME 13 /* callback before returning to user */ #define TIF_SYSCALL_TRACEPOINT 15 /* syscall tracepoint instrumentation */ - #define TIF_RUNLATCH 16 /* Is the runlatch enabled? */ -+#define TIF_MEMDIE 17 /* is terminating due to OOM killer */ ++#define TIF_MEMDIE 16 /* is terminating due to OOM killer */ +/* mask must be expressable within 16 bits to satisfy 'andi' instruction reqs */ +#define TIF_GRSEC_SETXID 9 /* update credentials on syscall entry/exit */ /* as above, but as bit values */ #define _TIF_SYSCALL_TRACE (1<ops = ops; - host->of_node = of_node_get(of_node); - -- if (host->ops->match == NULL) -- host->ops->match = default_irq_host_match; -- - raw_spin_lock_irqsave(&irq_big_lock, flags); - - /* If it's a legacy controller, check for duplicates and -@@ -635,7 +632,12 @@ struct irq_host *irq_find_host(struct device_node *node) - */ - raw_spin_lock_irqsave(&irq_big_lock, flags); - list_for_each_entry(h, &irq_hosts, link) -- if (h->ops->match(h, node)) { -+ if (h->ops->match) { -+ if (h->ops->match(h, node)) { -+ found = h; -+ break; -+ } -+ } else if (default_irq_host_match(h, node)) { - found = h; - break; - } diff --git a/arch/powerpc/kernel/module_32.c b/arch/powerpc/kernel/module_32.c -index 0b6d796..d760ddb 100644 +index 2e3200c..72095ce 100644 --- a/arch/powerpc/kernel/module_32.c +++ b/arch/powerpc/kernel/module_32.c @@ -162,7 +162,7 @@ int module_frob_arch_sections(Elf32_Ehdr *hdr, @@ -4171,10 +4180,10 @@ index 0b6d796..d760ddb 100644 /* Find this entry, or if that fails, the next avail. entry */ while (entry->jump[0]) { diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c -index d817ab0..b23b18e 100644 +index 4937c96..70714b7 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c -@@ -676,8 +676,8 @@ void show_regs(struct pt_regs * regs) +@@ -681,8 +681,8 @@ void show_regs(struct pt_regs * regs) * Lookup NIP late so we have the best change of getting the * above info out without failing */ @@ -4185,7 +4194,7 @@ index d817ab0..b23b18e 100644 #endif show_stack(current, (unsigned long *) regs->gpr[1]); if (!user_mode(regs)) -@@ -1181,10 +1181,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1186,10 +1186,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) newsp = stack[0]; ip = stack[STACK_FRAME_LR_SAVE]; if (!firstframe || ip != lr) { @@ -4198,7 +4207,7 @@ index d817ab0..b23b18e 100644 (void *)current->ret_stack[curr_frame].ret); curr_frame--; } -@@ -1204,7 +1204,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1209,7 +1209,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) struct pt_regs *regs = (struct pt_regs *) (sp + STACK_FRAME_OVERHEAD); lr = regs->link; @@ -4207,7 +4216,7 @@ index d817ab0..b23b18e 100644 regs->trap, (void *)regs->nip, (void *)lr); firstframe = 1; } -@@ -1279,58 +1279,3 @@ void thread_info_cache_init(void) +@@ -1282,58 +1282,3 @@ void thread_info_cache_init(void) } #endif /* THREAD_SHIFT < PAGE_SHIFT */ @@ -4267,7 +4276,7 @@ index d817ab0..b23b18e 100644 - return ret; -} diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c -index 5b43325..94a5bb4 100644 +index 8d8e028..c2aeb50 100644 --- a/arch/powerpc/kernel/ptrace.c +++ b/arch/powerpc/kernel/ptrace.c @@ -1702,6 +1702,10 @@ long arch_ptrace(struct task_struct *child, long request, @@ -4306,10 +4315,10 @@ index 5b43325..94a5bb4 100644 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c -index 836a5a1..27289a3 100644 +index 45eb998..0cb36bc 100644 --- a/arch/powerpc/kernel/signal_32.c +++ b/arch/powerpc/kernel/signal_32.c -@@ -859,7 +859,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka, +@@ -861,7 +861,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka, /* Save user registers on the stack */ frame = &rt_sf->uc.uc_mcontext; addr = frame; @@ -4319,10 +4328,10 @@ index 836a5a1..27289a3 100644 goto badframe; regs->link = current->mm->context.vdso_base + vdso32_rt_sigtramp; diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c -index a50b5ec..547078a 100644 +index 2692efd..6673d2e 100644 --- a/arch/powerpc/kernel/signal_64.c +++ b/arch/powerpc/kernel/signal_64.c -@@ -429,7 +429,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info, +@@ -430,7 +430,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info, current->thread.fpscr.val = 0; /* Set up to return from userspace. */ @@ -4332,10 +4341,10 @@ index a50b5ec..547078a 100644 } else { err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]); diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c -index c091527..5592625 100644 +index 1589723..cefe690 100644 --- a/arch/powerpc/kernel/traps.c +++ b/arch/powerpc/kernel/traps.c -@@ -131,6 +131,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs) +@@ -133,6 +133,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs) return flags; } @@ -4344,7 +4353,7 @@ index c091527..5592625 100644 static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr) { -@@ -178,6 +180,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, +@@ -182,6 +184,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, panic("Fatal exception in interrupt"); if (panic_on_oops) panic("Fatal exception"); @@ -4355,10 +4364,10 @@ index c091527..5592625 100644 } diff --git a/arch/powerpc/kernel/vdso.c b/arch/powerpc/kernel/vdso.c -index 7d14bb6..1305601 100644 +index 9eb5b9b..e45498a 100644 --- a/arch/powerpc/kernel/vdso.c +++ b/arch/powerpc/kernel/vdso.c -@@ -35,6 +35,7 @@ +@@ -34,6 +34,7 @@ #include #include #include @@ -4366,7 +4375,7 @@ index 7d14bb6..1305601 100644 #include "setup.h" -@@ -219,7 +220,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -218,7 +219,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) vdso_base = VDSO32_MBASE; #endif @@ -4375,7 +4384,7 @@ index 7d14bb6..1305601 100644 /* vDSO has a problem and was disabled, just don't "enable" it for the * process -@@ -239,7 +240,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -238,7 +239,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) vdso_base = get_unmapped_area(NULL, vdso_base, (vdso_pages << PAGE_SHIFT) + ((VDSO_ALIGNMENT - 1) & PAGE_MASK), @@ -4420,7 +4429,7 @@ index 5eea6f3..5d10396 100644 EXPORT_SYMBOL(copy_in_user); diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c -index 2f0d1b0..36fb5cc 100644 +index 08ffcf5..a0ab912 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c @@ -32,6 +32,10 @@ @@ -4434,15 +4443,7 @@ index 2f0d1b0..36fb5cc 100644 #include #include -@@ -43,6 +47,7 @@ - #include - #include - #include -+#include - - #include "icswx.h" - -@@ -68,6 +73,33 @@ static inline int notify_page_fault(struct pt_regs *regs) +@@ -68,6 +72,33 @@ static inline int notify_page_fault(struct pt_regs *regs) } #endif @@ -4476,7 +4477,7 @@ index 2f0d1b0..36fb5cc 100644 /* * Check whether the instruction at regs->nip is a store using * an update addressing form which will update r1. -@@ -138,7 +170,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address, +@@ -215,7 +246,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address, * indicate errors in DSISR but can validly be set in SRR1. */ if (trap == 0x400) @@ -4485,7 +4486,7 @@ index 2f0d1b0..36fb5cc 100644 else is_write = error_code & DSISR_ISSTORE; #else -@@ -276,7 +308,7 @@ good_area: +@@ -366,7 +397,7 @@ good_area: * "undefined". Of those that can be set, this is the only * one which seems bad. */ @@ -4494,7 +4495,7 @@ index 2f0d1b0..36fb5cc 100644 /* Guarded storage error. */ goto bad_area; #endif /* CONFIG_8xx */ -@@ -291,7 +323,7 @@ good_area: +@@ -381,7 +412,7 @@ good_area: * processors use the same I/D cache coherency mechanism * as embedded. */ @@ -4503,7 +4504,7 @@ index 2f0d1b0..36fb5cc 100644 goto bad_area; #endif /* CONFIG_PPC_STD_MMU */ -@@ -360,6 +392,23 @@ bad_area: +@@ -463,6 +494,23 @@ bad_area: bad_area_nosemaphore: /* User mode accesses cause a SIGSEGV */ if (user_mode(regs)) { @@ -4625,7 +4626,7 @@ index 73709f7..6b90313 100644 if (!fixed && addr) { addr = _ALIGN_UP(addr, 1ul << pshift); diff --git a/arch/s390/include/asm/atomic.h b/arch/s390/include/asm/atomic.h -index 8517d2a..d2738d4 100644 +index 748347b..81bc6c7 100644 --- a/arch/s390/include/asm/atomic.h +++ b/arch/s390/include/asm/atomic.h @@ -326,6 +326,16 @@ static inline long long atomic64_dec_if_positive(atomic64_t *v) @@ -4662,10 +4663,10 @@ index 2a30d5a..5e5586f 100644 #define __read_mostly __attribute__((__section__(".data..read_mostly"))) diff --git a/arch/s390/include/asm/elf.h b/arch/s390/include/asm/elf.h -index 547f1a6..0b22b53 100644 +index c4ee39f..352881b 100644 --- a/arch/s390/include/asm/elf.h +++ b/arch/s390/include/asm/elf.h -@@ -162,8 +162,14 @@ extern unsigned int vdso_enabled; +@@ -161,8 +161,14 @@ extern unsigned int vdso_enabled; the loader. We need to make sure that it is out of the way of the program that it will "exec", and that there is sufficient room for the brk. */ @@ -4682,7 +4683,7 @@ index 547f1a6..0b22b53 100644 /* This yields a mask that user programs can use to figure out what instruction set this CPU supports. */ -@@ -211,7 +217,4 @@ struct linux_binprm; +@@ -210,7 +216,4 @@ struct linux_binprm; #define ARCH_HAS_SETUP_ADDITIONAL_PAGES 1 int arch_setup_additional_pages(struct linux_binprm *, int); @@ -4690,24 +4691,23 @@ index 547f1a6..0b22b53 100644 -#define arch_randomize_brk arch_randomize_brk - #endif -diff --git a/arch/s390/include/asm/system.h b/arch/s390/include/asm/system.h -index d73cc6b..1a296ad 100644 ---- a/arch/s390/include/asm/system.h -+++ b/arch/s390/include/asm/system.h -@@ -260,7 +260,7 @@ extern void (*_machine_restart)(char *command); - extern void (*_machine_halt)(void); - extern void (*_machine_power_off)(void); +diff --git a/arch/s390/include/asm/exec.h b/arch/s390/include/asm/exec.h +index c4a93d6..4d2a9b4 100644 +--- a/arch/s390/include/asm/exec.h ++++ b/arch/s390/include/asm/exec.h +@@ -7,6 +7,6 @@ + #ifndef __ASM_EXEC_H + #define __ASM_EXEC_H -extern unsigned long arch_align_stack(unsigned long sp); +#define arch_align_stack(x) ((x) & ~0xfUL) - static inline int tprot(unsigned long addr) - { + #endif /* __ASM_EXEC_H */ diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h -index 2b23885..e136e31 100644 +index 8f2cada..1cddd55 100644 --- a/arch/s390/include/asm/uaccess.h +++ b/arch/s390/include/asm/uaccess.h -@@ -235,6 +235,10 @@ static inline unsigned long __must_check +@@ -236,6 +236,10 @@ static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) { might_fault(); @@ -4718,7 +4718,7 @@ index 2b23885..e136e31 100644 if (access_ok(VERIFY_WRITE, to, n)) n = __copy_to_user(to, from, n); return n; -@@ -260,6 +264,9 @@ copy_to_user(void __user *to, const void *from, unsigned long n) +@@ -261,6 +265,9 @@ copy_to_user(void __user *to, const void *from, unsigned long n) static inline unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n) { @@ -4728,7 +4728,7 @@ index 2b23885..e136e31 100644 if (__builtin_constant_p(n) && (n <= 256)) return uaccess.copy_from_user_small(n, from, to); else -@@ -294,6 +301,10 @@ copy_from_user(void *to, const void __user *from, unsigned long n) +@@ -295,6 +302,10 @@ copy_from_user(void *to, const void __user *from, unsigned long n) unsigned int sz = __compiletime_object_size(to); might_fault(); @@ -4815,10 +4815,10 @@ index dfcb343..eda788a 100644 if (r_type == R_390_GOTPC) *(unsigned int *) loc = val; diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c -index e795933..b32563c 100644 +index 60055ce..ee4b252 100644 --- a/arch/s390/kernel/process.c +++ b/arch/s390/kernel/process.c -@@ -323,39 +323,3 @@ unsigned long get_wchan(struct task_struct *p) +@@ -316,39 +316,3 @@ unsigned long get_wchan(struct task_struct *p) } return 0; } @@ -4859,7 +4859,7 @@ index e795933..b32563c 100644 - return ret; -} diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c -index a0155c0..34cc491 100644 +index 2857c48..d047481 100644 --- a/arch/s390/mm/mmap.c +++ b/arch/s390/mm/mmap.c @@ -92,10 +92,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) @@ -4885,7 +4885,7 @@ index a0155c0..34cc491 100644 mm->get_unmapped_area = arch_get_unmapped_area_topdown; mm->unmap_area = arch_unmap_area_topdown; } -@@ -167,10 +179,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -166,10 +178,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) */ if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -4923,24 +4923,23 @@ index ae3d59f..f65f075 100644 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) #endif /* _ASM_SCORE_CACHE_H */ -diff --git a/arch/score/include/asm/system.h b/arch/score/include/asm/system.h -index 589d5c7..669e274 100644 ---- a/arch/score/include/asm/system.h -+++ b/arch/score/include/asm/system.h -@@ -17,7 +17,7 @@ do { \ - #define finish_arch_switch(prev) do {} while (0) - - typedef void (*vi_handler_t)(void); +diff --git a/arch/score/include/asm/exec.h b/arch/score/include/asm/exec.h +index f9f3cd5..58ff438 100644 +--- a/arch/score/include/asm/exec.h ++++ b/arch/score/include/asm/exec.h +@@ -1,6 +1,6 @@ + #ifndef _ASM_SCORE_EXEC_H + #define _ASM_SCORE_EXEC_H + -extern unsigned long arch_align_stack(unsigned long sp); +#define arch_align_stack(x) (x) - #define mb() barrier() - #define rmb() barrier() + #endif /* _ASM_SCORE_EXEC_H */ diff --git a/arch/score/kernel/process.c b/arch/score/kernel/process.c -index 25d0803..d6c8e36 100644 +index 2707023..1c2a3b7 100644 --- a/arch/score/kernel/process.c +++ b/arch/score/kernel/process.c -@@ -161,8 +161,3 @@ unsigned long get_wchan(struct task_struct *task) +@@ -159,8 +159,3 @@ unsigned long get_wchan(struct task_struct *task) return task_pt_regs(task)->cp0_epc; } @@ -5058,7 +5057,7 @@ index eddcfb3..b117d90 100644 VMLINUX_MAIN += $(drivers-y) $(net-y) diff --git a/arch/sparc/include/asm/atomic_64.h b/arch/sparc/include/asm/atomic_64.h -index 9f421df..b81fc12 100644 +index ce35a1c..2e7b8f9 100644 --- a/arch/sparc/include/asm/atomic_64.h +++ b/arch/sparc/include/asm/atomic_64.h @@ -14,18 +14,40 @@ @@ -5207,7 +5206,7 @@ index 9f421df..b81fc12 100644 if (likely(old == c)) break; c = old; -@@ -89,20 +166,35 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) +@@ -88,20 +165,35 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) #define atomic64_cmpxchg(v, o, n) \ ((__typeof__((v)->counter))cmpxchg(&((v)->counter), (o), (n))) #define atomic64_xchg(v, new) (xchg(&((v)->counter), new)) @@ -5326,7 +5325,7 @@ index 40b2d7a..22a665b 100644 static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr) { diff --git a/arch/sparc/include/asm/pgtable_32.h b/arch/sparc/include/asm/pgtable_32.h -index a790cc6..091ed94 100644 +index 3d71018..48a11c5 100644 --- a/arch/sparc/include/asm/pgtable_32.h +++ b/arch/sparc/include/asm/pgtable_32.h @@ -45,6 +45,13 @@ BTFIXUPDEF_SIMM13(user_ptrs_per_pgd) @@ -5611,7 +5610,7 @@ index 8303ac4..07f333d 100644 } diff --git a/arch/sparc/include/asm/uaccess_64.h b/arch/sparc/include/asm/uaccess_64.h -index 3e1449f..5293a0e 100644 +index a1091afb..380228e 100644 --- a/arch/sparc/include/asm/uaccess_64.h +++ b/arch/sparc/include/asm/uaccess_64.h @@ -10,6 +10,7 @@ @@ -5620,9 +5619,9 @@ index 3e1449f..5293a0e 100644 #include +#include #include - #include #include -@@ -213,8 +214,15 @@ extern unsigned long copy_from_user_fixup(void *to, const void __user *from, + #include +@@ -212,8 +213,15 @@ extern unsigned long copy_from_user_fixup(void *to, const void __user *from, static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long size) { @@ -5639,7 +5638,7 @@ index 3e1449f..5293a0e 100644 if (unlikely(ret)) ret = copy_from_user_fixup(to, from, size); -@@ -230,8 +238,15 @@ extern unsigned long copy_to_user_fixup(void __user *to, const void *from, +@@ -229,8 +237,15 @@ extern unsigned long copy_to_user_fixup(void __user *to, const void *from, static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long size) { @@ -5670,10 +5669,10 @@ index cb85458..e063f17 100644 extra-y := head_$(BITS).o extra-y += init_task.o diff --git a/arch/sparc/kernel/process_32.c b/arch/sparc/kernel/process_32.c -index f793742..4d880af 100644 +index efa0754..74b03fe 100644 --- a/arch/sparc/kernel/process_32.c +++ b/arch/sparc/kernel/process_32.c -@@ -204,7 +204,7 @@ void __show_backtrace(unsigned long fp) +@@ -200,7 +200,7 @@ void __show_backtrace(unsigned long fp) rw->ins[4], rw->ins[5], rw->ins[6], rw->ins[7]); @@ -5682,7 +5681,7 @@ index f793742..4d880af 100644 rw = (struct reg_window32 *) rw->ins[6]; } spin_unlock_irqrestore(&sparc_backtrace_lock, flags); -@@ -271,14 +271,14 @@ void show_regs(struct pt_regs *r) +@@ -267,14 +267,14 @@ void show_regs(struct pt_regs *r) printk("PSR: %08lx PC: %08lx NPC: %08lx Y: %08lx %s\n", r->psr, r->pc, r->npc, r->y, print_tainted()); @@ -5699,7 +5698,7 @@ index f793742..4d880af 100644 printk("%%L: %08lx %08lx %08lx %08lx %08lx %08lx %08lx %08lx\n", rw->locals[0], rw->locals[1], rw->locals[2], rw->locals[3], -@@ -313,7 +313,7 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp) +@@ -309,7 +309,7 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp) rw = (struct reg_window32 *) fp; pc = rw->ins[7]; printk("[%08lx : ", pc); @@ -5709,10 +5708,10 @@ index f793742..4d880af 100644 } while (++count < 16); printk("\n"); diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c -index 39d8b05..d1a7d90 100644 +index aff0c72..9067b39 100644 --- a/arch/sparc/kernel/process_64.c +++ b/arch/sparc/kernel/process_64.c -@@ -182,14 +182,14 @@ static void show_regwindow(struct pt_regs *regs) +@@ -179,14 +179,14 @@ static void show_regwindow(struct pt_regs *regs) printk("i4: %016lx i5: %016lx i6: %016lx i7: %016lx\n", rwk->ins[4], rwk->ins[5], rwk->ins[6], rwk->ins[7]); if (regs->tstate & TSTATE_PRIV) @@ -5729,7 +5728,7 @@ index 39d8b05..d1a7d90 100644 printk("g0: %016lx g1: %016lx g2: %016lx g3: %016lx\n", regs->u_regs[0], regs->u_regs[1], regs->u_regs[2], regs->u_regs[3]); -@@ -202,7 +202,7 @@ void show_regs(struct pt_regs *regs) +@@ -199,7 +199,7 @@ void show_regs(struct pt_regs *regs) printk("o4: %016lx o5: %016lx sp: %016lx ret_pc: %016lx\n", regs->u_regs[12], regs->u_regs[13], regs->u_regs[14], regs->u_regs[15]); @@ -5738,7 +5737,7 @@ index 39d8b05..d1a7d90 100644 show_regwindow(regs); show_stack(current, (unsigned long *) regs->u_regs[UREG_FP]); } -@@ -287,7 +287,7 @@ void arch_trigger_all_cpu_backtrace(void) +@@ -284,7 +284,7 @@ void arch_trigger_all_cpu_backtrace(void) ((tp && tp->task) ? tp->task->pid : -1)); if (gp->tstate & TSTATE_PRIV) { @@ -5748,10 +5747,10 @@ index 39d8b05..d1a7d90 100644 (void *) gp->o7, (void *) gp->i7, diff --git a/arch/sparc/kernel/ptrace_64.c b/arch/sparc/kernel/ptrace_64.c -index 9388844..0075fd2 100644 +index 6f97c07..b1300ec 100644 --- a/arch/sparc/kernel/ptrace_64.c +++ b/arch/sparc/kernel/ptrace_64.c -@@ -1058,6 +1058,10 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -1057,6 +1057,10 @@ long arch_ptrace(struct task_struct *child, long request, return ret; } @@ -5762,7 +5761,7 @@ index 9388844..0075fd2 100644 asmlinkage int syscall_trace_enter(struct pt_regs *regs) { int ret = 0; -@@ -1065,6 +1069,11 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs) +@@ -1064,6 +1068,11 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs) /* do the secure computing check first */ secure_computing(regs->u_regs[UREG_G1]); @@ -5774,7 +5773,7 @@ index 9388844..0075fd2 100644 if (test_thread_flag(TIF_SYSCALL_TRACE)) ret = tracehook_report_syscall_entry(regs); -@@ -1085,6 +1094,11 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs) +@@ -1084,6 +1093,11 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs) asmlinkage void syscall_trace_leave(struct pt_regs *regs) { @@ -5809,7 +5808,7 @@ index 42b282f..28ce9f2 100644 addr = vmm->vm_end; if (flags & MAP_SHARED) diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c -index 232df99..cee1f9c 100644 +index 3ee51f1..2ba4913 100644 --- a/arch/sparc/kernel/sys_sparc_64.c +++ b/arch/sparc/kernel/sys_sparc_64.c @@ -124,7 +124,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi @@ -6009,10 +6008,10 @@ index 1d7e274..b39c527 100644 or %g3, %g2, %g3 stx %o0, [%sp + PTREGS_OFF + PT_V9_I0] diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c -index 591f20c..0f1b925 100644 +index d2de213..6b22bc3 100644 --- a/arch/sparc/kernel/traps_32.c +++ b/arch/sparc/kernel/traps_32.c -@@ -45,6 +45,8 @@ static void instruction_dump(unsigned long *pc) +@@ -44,6 +44,8 @@ static void instruction_dump(unsigned long *pc) #define __SAVE __asm__ __volatile__("save %sp, -0x40, %sp\n\t") #define __RESTORE __asm__ __volatile__("restore %g0, %g0, %g0\n\t") @@ -6021,7 +6020,7 @@ index 591f20c..0f1b925 100644 void die_if_kernel(char *str, struct pt_regs *regs) { static int die_counter; -@@ -77,15 +79,17 @@ void die_if_kernel(char *str, struct pt_regs *regs) +@@ -76,15 +78,17 @@ void die_if_kernel(char *str, struct pt_regs *regs) count++ < 30 && (((unsigned long) rw) >= PAGE_OFFSET) && !(((unsigned long) rw) & 0x7)) { @@ -6042,7 +6041,7 @@ index 591f20c..0f1b925 100644 } diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c -index 0cbdaa4..438e4c9 100644 +index c72fdf5..743a344 100644 --- a/arch/sparc/kernel/traps_64.c +++ b/arch/sparc/kernel/traps_64.c @@ -75,7 +75,7 @@ static void dump_tl1_traplog(struct tl1_traplog *p) @@ -6183,7 +6182,7 @@ index 0cbdaa4..438e4c9 100644 } EXPORT_SYMBOL(die_if_kernel); diff --git a/arch/sparc/kernel/unaligned_64.c b/arch/sparc/kernel/unaligned_64.c -index 76e4ac1..78f8bb1 100644 +index dae85bc..af1e19d 100644 --- a/arch/sparc/kernel/unaligned_64.c +++ b/arch/sparc/kernel/unaligned_64.c @@ -279,7 +279,7 @@ static void log_unaligned(struct pt_regs *regs) @@ -6483,7 +6482,7 @@ index 301421c..e2535d1 100644 obj-$(CONFIG_SPARC64) += ultra.o tlb.o tsb.o gup.o obj-y += fault_$(BITS).o diff --git a/arch/sparc/mm/fault_32.c b/arch/sparc/mm/fault_32.c -index 8023fd7..c8e89e9 100644 +index df3155a..eb708b8 100644 --- a/arch/sparc/mm/fault_32.c +++ b/arch/sparc/mm/fault_32.c @@ -21,6 +21,9 @@ @@ -6494,9 +6493,9 @@ index 8023fd7..c8e89e9 100644 +#include +#include - #include #include -@@ -208,6 +211,268 @@ static unsigned long compute_si_addr(struct pt_regs *regs, int text_fault) + #include +@@ -207,6 +210,268 @@ static unsigned long compute_si_addr(struct pt_regs *regs, int text_fault) return safe_compute_effective_address(regs, insn); } @@ -6765,7 +6764,7 @@ index 8023fd7..c8e89e9 100644 static noinline void do_fault_siginfo(int code, int sig, struct pt_regs *regs, int text_fault) { -@@ -280,6 +545,24 @@ good_area: +@@ -282,6 +547,24 @@ good_area: if(!(vma->vm_flags & VM_WRITE)) goto bad_area; } else { @@ -6791,7 +6790,7 @@ index 8023fd7..c8e89e9 100644 if(!(vma->vm_flags & (VM_READ | VM_EXEC))) goto bad_area; diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c -index 504c062..6fcb9c6 100644 +index 1fe0429..aee2e87 100644 --- a/arch/sparc/mm/fault_64.c +++ b/arch/sparc/mm/fault_64.c @@ -21,6 +21,9 @@ @@ -7271,7 +7270,7 @@ index 504c062..6fcb9c6 100644 asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs) { struct mm_struct *mm = current->mm; -@@ -340,6 +794,29 @@ asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs) +@@ -343,6 +797,29 @@ retry: if (!vma) goto bad_area; @@ -7365,10 +7364,10 @@ index 07e1453..0a7d9e9 100644 } if (mm->get_unmapped_area == arch_get_unmapped_area) diff --git a/arch/sparc/mm/init_32.c b/arch/sparc/mm/init_32.c -index 7b00de6..78239f4 100644 +index c5f9021..7591bae 100644 --- a/arch/sparc/mm/init_32.c +++ b/arch/sparc/mm/init_32.c -@@ -316,6 +316,9 @@ extern void device_scan(void); +@@ -315,6 +315,9 @@ extern void device_scan(void); pgprot_t PAGE_SHARED __read_mostly; EXPORT_SYMBOL(PAGE_SHARED); @@ -7378,7 +7377,7 @@ index 7b00de6..78239f4 100644 void __init paging_init(void) { switch(sparc_cpu_model) { -@@ -344,17 +347,17 @@ void __init paging_init(void) +@@ -343,17 +346,17 @@ void __init paging_init(void) /* Initialize the protection map with non-constant, MMU dependent values. */ protection_map[0] = PAGE_NONE; @@ -7421,10 +7420,10 @@ index cbef74e..c38fead 100644 page_kernel = pgprot_val(SRMMU_PAGE_KERNEL); diff --git a/arch/tile/include/asm/atomic_64.h b/arch/tile/include/asm/atomic_64.h -index 27fe667..36d474c 100644 +index f4500c6..889656c 100644 --- a/arch/tile/include/asm/atomic_64.h +++ b/arch/tile/include/asm/atomic_64.h -@@ -142,6 +142,16 @@ static inline long atomic64_add_unless(atomic64_t *v, long a, long u) +@@ -143,6 +143,16 @@ static inline long atomic64_add_unless(atomic64_t *v, long a, long u) #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0) @@ -7460,10 +7459,10 @@ index 392e533..536b092 100644 /* bytes per L2 cache line */ #define L2_CACHE_SHIFT CHIP_L2_LOG_LINE_SIZE() diff --git a/arch/um/Makefile b/arch/um/Makefile -index 28688e6..4c0aa1c 100644 +index 55c0661..86ad413 100644 --- a/arch/um/Makefile +++ b/arch/um/Makefile -@@ -61,6 +61,10 @@ USER_CFLAGS = $(patsubst $(KERNEL_DEFINES),,$(patsubst -D__KERNEL__,,\ +@@ -62,6 +62,10 @@ USER_CFLAGS = $(patsubst $(KERNEL_DEFINES),,$(patsubst -D__KERNEL__,,\ $(patsubst -I%,,$(KBUILD_CFLAGS)))) $(ARCH_INCLUDE) $(MODE_INCLUDE) \ $(filter -I%,$(CFLAGS)) -D_FILE_OFFSET_BITS=64 -idirafter include @@ -7533,10 +7532,10 @@ index 0032f92..cd151e0 100644 #ifdef CONFIG_64BIT #define set_pud(pudptr, pudval) set_64bit((u64 *) (pudptr), pud_val(pudval)) diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c -index 69f2490..2634831 100644 +index 2b73ded..804f540 100644 --- a/arch/um/kernel/process.c +++ b/arch/um/kernel/process.c -@@ -408,22 +408,6 @@ int singlestepping(void * t) +@@ -404,22 +404,6 @@ int singlestepping(void * t) return 2; } @@ -7577,10 +7576,10 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 5bed94e..fbcf200 100644 +index c9866b0..fe53aef 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -226,7 +226,7 @@ config X86_HT +@@ -229,7 +229,7 @@ config X86_HT config X86_32_LAZY_GS def_bool y @@ -7589,7 +7588,7 @@ index 5bed94e..fbcf200 100644 config ARCH_HWEIGHT_CFLAGS string -@@ -1058,7 +1058,7 @@ choice +@@ -1042,7 +1042,7 @@ choice config NOHIGHMEM bool "off" @@ -7598,7 +7597,7 @@ index 5bed94e..fbcf200 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1095,7 +1095,7 @@ config NOHIGHMEM +@@ -1079,7 +1079,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -7607,7 +7606,7 @@ index 5bed94e..fbcf200 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1149,7 +1149,7 @@ config PAGE_OFFSET +@@ -1133,7 +1133,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -7616,7 +7615,7 @@ index 5bed94e..fbcf200 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1539,6 +1539,7 @@ config SECCOMP +@@ -1523,6 +1523,7 @@ config SECCOMP config CC_STACKPROTECTOR bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" @@ -7624,7 +7623,7 @@ index 5bed94e..fbcf200 100644 ---help--- This option turns on the -fstack-protector GCC feature. This feature puts, at the beginning of functions, a canary value on -@@ -1596,6 +1597,7 @@ config KEXEC_JUMP +@@ -1580,6 +1581,7 @@ config KEXEC_JUMP config PHYSICAL_START hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP) default "0x1000000" @@ -7632,7 +7631,7 @@ index 5bed94e..fbcf200 100644 ---help--- This gives the physical address where the kernel is loaded. -@@ -1659,6 +1661,7 @@ config X86_NEED_RELOCS +@@ -1643,6 +1645,7 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" if X86_32 default "0x1000000" @@ -7640,7 +7639,7 @@ index 5bed94e..fbcf200 100644 range 0x2000 0x1000000 ---help--- This value puts the alignment restrictions on physical address -@@ -1690,9 +1693,10 @@ config HOTPLUG_CPU +@@ -1674,9 +1677,10 @@ config HOTPLUG_CPU Say N if you want to disable CPU hotplug. config COMPAT_VDSO @@ -7653,10 +7652,10 @@ index 5bed94e..fbcf200 100644 Map the 32-bit VDSO to the predictable old-style address too. diff --git a/arch/x86/Kconfig.cpu b/arch/x86/Kconfig.cpu -index 3c57033..22d44aa 100644 +index 706e12e..62e4feb 100644 --- a/arch/x86/Kconfig.cpu +++ b/arch/x86/Kconfig.cpu -@@ -335,7 +335,7 @@ config X86_PPRO_FENCE +@@ -334,7 +334,7 @@ config X86_PPRO_FENCE config X86_F00F_BUG def_bool y @@ -7665,7 +7664,7 @@ index 3c57033..22d44aa 100644 config X86_INVD_BUG def_bool y -@@ -359,7 +359,7 @@ config X86_POPAD_OK +@@ -358,7 +358,7 @@ config X86_POPAD_OK config X86_ALIGNMENT_16 def_bool y @@ -7674,7 +7673,7 @@ index 3c57033..22d44aa 100644 config X86_INTEL_USERCOPY def_bool y -@@ -405,7 +405,7 @@ config X86_CMPXCHG64 +@@ -404,7 +404,7 @@ config X86_CMPXCHG64 # generates cmov. config X86_CMOV def_bool y @@ -7706,7 +7705,7 @@ index e46c214..7c72b55 100644 This option helps catch unintended modifications to loadable kernel module's text and read-only data. It also prevents execution diff --git a/arch/x86/Makefile b/arch/x86/Makefile -index 209ba12..15140db 100644 +index b1c611e..2c1a823 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -46,6 +46,7 @@ else @@ -7717,7 +7716,7 @@ index 209ba12..15140db 100644 KBUILD_AFLAGS += -m64 KBUILD_CFLAGS += -m64 -@@ -201,3 +202,12 @@ define archhelp +@@ -222,3 +223,12 @@ define archhelp echo ' FDARGS="..." arguments for the booted kernel' echo ' FDINITRD=file initrd for the booted kernel' endef @@ -7767,7 +7766,7 @@ index 878e4b9..20537ab 100644 #endif /* BOOT_BITOPS_H */ diff --git a/arch/x86/boot/boot.h b/arch/x86/boot/boot.h -index c7093bd..d4247ffe0 100644 +index 18997e5..83d9c67 100644 --- a/arch/x86/boot/boot.h +++ b/arch/x86/boot/boot.h @@ -85,7 +85,7 @@ static inline void io_delay(void) @@ -7789,7 +7788,7 @@ index c7093bd..d4247ffe0 100644 return diff; } diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile -index fd55a2f..217b501 100644 +index e398bb5..3a382ca 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -14,6 +14,9 @@ cflags-$(CONFIG_X86_64) := -mcmodel=small @@ -7802,6 +7801,26 @@ index fd55a2f..217b501 100644 KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ GCOV_PROFILE := n +diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c +index 0cdfc0d..6e79437 100644 +--- a/arch/x86/boot/compressed/eboot.c ++++ b/arch/x86/boot/compressed/eboot.c +@@ -122,7 +122,6 @@ again: + *addr = max_addr; + } + +-free_pool: + efi_call_phys1(sys_table->boottime->free_pool, map); + + fail: +@@ -186,7 +185,6 @@ static efi_status_t low_alloc(unsigned long size, unsigned long align, + if (i == map_size / desc_size) + status = EFI_NOT_FOUND; + +-free_pool: + efi_call_phys1(sys_table->boottime->free_pool, map); + fail: + return status; diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S index c85e3ac..6f5aa80 100644 --- a/arch/x86/boot/compressed/head_32.S @@ -7878,201 +7897,6 @@ index 7116dcb..d9ae1d7 100644 error("Wrong destination address"); #endif -diff --git a/arch/x86/boot/compressed/relocs.c b/arch/x86/boot/compressed/relocs.c -index e77f4e4..17e511f 100644 ---- a/arch/x86/boot/compressed/relocs.c -+++ b/arch/x86/boot/compressed/relocs.c -@@ -13,8 +13,11 @@ - - static void die(char *fmt, ...); - -+#include "../../../../include/generated/autoconf.h" -+ - #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) - static Elf32_Ehdr ehdr; -+static Elf32_Phdr *phdr; - static unsigned long reloc_count, reloc_idx; - static unsigned long *relocs; - -@@ -270,9 +273,39 @@ static void read_ehdr(FILE *fp) - } - } - -+static void read_phdrs(FILE *fp) -+{ -+ unsigned int i; -+ -+ phdr = calloc(ehdr.e_phnum, sizeof(Elf32_Phdr)); -+ if (!phdr) { -+ die("Unable to allocate %d program headers\n", -+ ehdr.e_phnum); -+ } -+ if (fseek(fp, ehdr.e_phoff, SEEK_SET) < 0) { -+ die("Seek to %d failed: %s\n", -+ ehdr.e_phoff, strerror(errno)); -+ } -+ if (fread(phdr, sizeof(*phdr), ehdr.e_phnum, fp) != ehdr.e_phnum) { -+ die("Cannot read ELF program headers: %s\n", -+ strerror(errno)); -+ } -+ for(i = 0; i < ehdr.e_phnum; i++) { -+ phdr[i].p_type = elf32_to_cpu(phdr[i].p_type); -+ phdr[i].p_offset = elf32_to_cpu(phdr[i].p_offset); -+ phdr[i].p_vaddr = elf32_to_cpu(phdr[i].p_vaddr); -+ phdr[i].p_paddr = elf32_to_cpu(phdr[i].p_paddr); -+ phdr[i].p_filesz = elf32_to_cpu(phdr[i].p_filesz); -+ phdr[i].p_memsz = elf32_to_cpu(phdr[i].p_memsz); -+ phdr[i].p_flags = elf32_to_cpu(phdr[i].p_flags); -+ phdr[i].p_align = elf32_to_cpu(phdr[i].p_align); -+ } -+ -+} -+ - static void read_shdrs(FILE *fp) - { -- int i; -+ unsigned int i; - Elf32_Shdr shdr; - - secs = calloc(ehdr.e_shnum, sizeof(struct section)); -@@ -307,7 +340,7 @@ static void read_shdrs(FILE *fp) - - static void read_strtabs(FILE *fp) - { -- int i; -+ unsigned int i; - for (i = 0; i < ehdr.e_shnum; i++) { - struct section *sec = &secs[i]; - if (sec->shdr.sh_type != SHT_STRTAB) { -@@ -332,7 +365,7 @@ static void read_strtabs(FILE *fp) - - static void read_symtabs(FILE *fp) - { -- int i,j; -+ unsigned int i,j; - for (i = 0; i < ehdr.e_shnum; i++) { - struct section *sec = &secs[i]; - if (sec->shdr.sh_type != SHT_SYMTAB) { -@@ -365,7 +398,9 @@ static void read_symtabs(FILE *fp) - - static void read_relocs(FILE *fp) - { -- int i,j; -+ unsigned int i,j; -+ uint32_t base; -+ - for (i = 0; i < ehdr.e_shnum; i++) { - struct section *sec = &secs[i]; - if (sec->shdr.sh_type != SHT_REL) { -@@ -385,9 +420,18 @@ static void read_relocs(FILE *fp) - die("Cannot read symbol table: %s\n", - strerror(errno)); - } -+ base = 0; -+ for (j = 0; j < ehdr.e_phnum; j++) { -+ if (phdr[j].p_type != PT_LOAD ) -+ continue; -+ if (secs[sec->shdr.sh_info].shdr.sh_offset < phdr[j].p_offset || secs[sec->shdr.sh_info].shdr.sh_offset >= phdr[j].p_offset + phdr[j].p_filesz) -+ continue; -+ base = CONFIG_PAGE_OFFSET + phdr[j].p_paddr - phdr[j].p_vaddr; -+ break; -+ } - for (j = 0; j < sec->shdr.sh_size/sizeof(Elf32_Rel); j++) { - Elf32_Rel *rel = &sec->reltab[j]; -- rel->r_offset = elf32_to_cpu(rel->r_offset); -+ rel->r_offset = elf32_to_cpu(rel->r_offset) + base; - rel->r_info = elf32_to_cpu(rel->r_info); - } - } -@@ -396,13 +440,13 @@ static void read_relocs(FILE *fp) - - static void print_absolute_symbols(void) - { -- int i; -+ unsigned int i; - printf("Absolute symbols\n"); - printf(" Num: Value Size Type Bind Visibility Name\n"); - for (i = 0; i < ehdr.e_shnum; i++) { - struct section *sec = &secs[i]; - char *sym_strtab; -- int j; -+ unsigned int j; - - if (sec->shdr.sh_type != SHT_SYMTAB) { - continue; -@@ -429,14 +473,14 @@ static void print_absolute_symbols(void) - - static void print_absolute_relocs(void) - { -- int i, printed = 0; -+ unsigned int i, printed = 0; - - for (i = 0; i < ehdr.e_shnum; i++) { - struct section *sec = &secs[i]; - struct section *sec_applies, *sec_symtab; - char *sym_strtab; - Elf32_Sym *sh_symtab; -- int j; -+ unsigned int j; - if (sec->shdr.sh_type != SHT_REL) { - continue; - } -@@ -497,13 +541,13 @@ static void print_absolute_relocs(void) - - static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym)) - { -- int i; -+ unsigned int i; - /* Walk through the relocations */ - for (i = 0; i < ehdr.e_shnum; i++) { - char *sym_strtab; - Elf32_Sym *sh_symtab; - struct section *sec_applies, *sec_symtab; -- int j; -+ unsigned int j; - struct section *sec = &secs[i]; - - if (sec->shdr.sh_type != SHT_REL) { -@@ -528,6 +572,22 @@ static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym)) - !is_rel_reloc(sym_name(sym_strtab, sym))) { - continue; - } -+ /* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */ -+ if (!strcmp(sec_name(sym->st_shndx), ".data..percpu") && strcmp(sym_name(sym_strtab, sym), "__per_cpu_load")) -+ continue; -+ -+#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32) -+ /* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */ -+ if (!strcmp(sec_name(sym->st_shndx), ".module.text") && !strcmp(sym_name(sym_strtab, sym), "_etext")) -+ continue; -+ if (!strcmp(sec_name(sym->st_shndx), ".init.text")) -+ continue; -+ if (!strcmp(sec_name(sym->st_shndx), ".exit.text")) -+ continue; -+ if (!strcmp(sec_name(sym->st_shndx), ".text") && strcmp(sym_name(sym_strtab, sym), "__LOAD_PHYSICAL_ADDR")) -+ continue; -+#endif -+ - switch (r_type) { - case R_386_NONE: - case R_386_PC32: -@@ -569,7 +629,7 @@ static int cmp_relocs(const void *va, const void *vb) - - static void emit_relocs(int as_text) - { -- int i; -+ unsigned int i; - /* Count how many relocations I have and allocate space for them. */ - reloc_count = 0; - walk_relocs(count_reloc); -@@ -663,6 +723,7 @@ int main(int argc, char **argv) - fname, strerror(errno)); - } - read_ehdr(fp); -+ read_phdrs(fp); - read_shdrs(fp); - read_strtabs(fp); - read_symtabs(fp); diff --git a/arch/x86/boot/cpucheck.c b/arch/x86/boot/cpucheck.c index 4d3ff03..e4972ff 100644 --- a/arch/x86/boot/cpucheck.c @@ -8246,7 +8070,7 @@ index 5b577d5..3c1fed4 100644 movq r1,r2; \ movq r3,r4; \ diff --git a/arch/x86/crypto/aesni-intel_asm.S b/arch/x86/crypto/aesni-intel_asm.S -index be6d9e3..21fbbca 100644 +index 3470624..201259d 100644 --- a/arch/x86/crypto/aesni-intel_asm.S +++ b/arch/x86/crypto/aesni-intel_asm.S @@ -31,6 +31,7 @@ @@ -8401,7 +8225,7 @@ index be6d9e3..21fbbca 100644 /* * void aesni_cbc_dec(struct crypto_aes_ctx *ctx, const u8 *dst, u8 *src, -@@ -2498,7 +2523,9 @@ ENTRY(aesni_cbc_dec) +@@ -2500,7 +2525,9 @@ ENTRY(aesni_cbc_dec) popl LEN popl IVP #endif @@ -8411,7 +8235,7 @@ index be6d9e3..21fbbca 100644 #ifdef __x86_64__ .align 16 -@@ -2524,6 +2551,7 @@ _aesni_inc_init: +@@ -2526,6 +2553,7 @@ _aesni_inc_init: mov $1, TCTR_LOW MOVQ_R64_XMM TCTR_LOW INC MOVQ_R64_XMM CTR TCTR_LOW @@ -8419,7 +8243,7 @@ index be6d9e3..21fbbca 100644 ret /* -@@ -2552,6 +2580,7 @@ _aesni_inc: +@@ -2554,6 +2582,7 @@ _aesni_inc: .Linc_low: movaps CTR, IV PSHUFB_XMM BSWAP_MASK IV @@ -8427,7 +8251,7 @@ index be6d9e3..21fbbca 100644 ret /* -@@ -2612,5 +2641,7 @@ ENTRY(aesni_ctr_enc) +@@ -2614,5 +2643,7 @@ ENTRY(aesni_ctr_enc) .Lctr_enc_ret: movups IV, (IVP) .Lctr_enc_just_ret: @@ -8435,19 +8259,6 @@ index be6d9e3..21fbbca 100644 ret +ENDPROC(aesni_ctr_enc) #endif -diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c -index 545d0ce..14841a6 100644 ---- a/arch/x86/crypto/aesni-intel_glue.c -+++ b/arch/x86/crypto/aesni-intel_glue.c -@@ -929,6 +929,8 @@ out_free_ablkcipher: - } - - static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key, -+ unsigned int key_len) __size_overflow(3); -+static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key, - unsigned int key_len) - { - int ret = 0; diff --git a/arch/x86/crypto/blowfish-x86_64-asm_64.S b/arch/x86/crypto/blowfish-x86_64-asm_64.S index 391d245..67f35c2 100644 --- a/arch/x86/crypto/blowfish-x86_64-asm_64.S @@ -8504,6 +8315,64 @@ index 391d245..67f35c2 100644 + pax_force_retaddr 0, 1 ret; +diff --git a/arch/x86/crypto/camellia-x86_64-asm_64.S b/arch/x86/crypto/camellia-x86_64-asm_64.S +index 0b33743..7a56206 100644 +--- a/arch/x86/crypto/camellia-x86_64-asm_64.S ++++ b/arch/x86/crypto/camellia-x86_64-asm_64.S +@@ -20,6 +20,8 @@ + * + */ + ++#include ++ + .file "camellia-x86_64-asm_64.S" + .text + +@@ -229,12 +231,14 @@ __enc_done: + enc_outunpack(mov, RT1); + + movq RRBP, %rbp; ++ pax_force_retaddr 0, 1 + ret; + + __enc_xor: + enc_outunpack(xor, RT1); + + movq RRBP, %rbp; ++ pax_force_retaddr 0, 1 + ret; + + .global camellia_dec_blk; +@@ -275,6 +279,7 @@ __dec_rounds16: + dec_outunpack(); + + movq RRBP, %rbp; ++ pax_force_retaddr 0, 1 + ret; + + /********************************************************************** +@@ -468,6 +473,7 @@ __enc2_done: + + movq RRBP, %rbp; + popq %rbx; ++ pax_force_retaddr 0, 1 + ret; + + __enc2_xor: +@@ -475,6 +481,7 @@ __enc2_xor: + + movq RRBP, %rbp; + popq %rbx; ++ pax_force_retaddr 0, 1 + ret; + + .global camellia_dec_blk_2way; +@@ -517,4 +524,5 @@ __dec2_rounds16: + + movq RRBP, %rbp; + movq RXOR, %rbx; ++ pax_force_retaddr 0, 1 + ret; diff --git a/arch/x86/crypto/salsa20-x86_64-asm_64.S b/arch/x86/crypto/salsa20-x86_64-asm_64.S index 6214a9b..1f4fc9a 100644 --- a/arch/x86/crypto/salsa20-x86_64-asm_64.S @@ -8537,7 +8406,7 @@ index 6214a9b..1f4fc9a 100644 + pax_force_retaddr ret diff --git a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S -index 7f24a15..9cd3ffe 100644 +index 3ee1ff0..cbc568b 100644 --- a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S +++ b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S @@ -24,6 +24,8 @@ @@ -8549,7 +8418,7 @@ index 7f24a15..9cd3ffe 100644 .file "serpent-sse2-x86_64-asm_64.S" .text -@@ -695,12 +697,14 @@ __serpent_enc_blk_8way: +@@ -692,12 +694,14 @@ __serpent_enc_blk_8way: write_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2); write_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2); @@ -8564,7 +8433,7 @@ index 7f24a15..9cd3ffe 100644 ret; .align 8 -@@ -758,4 +762,5 @@ serpent_dec_blk_8way: +@@ -755,4 +759,5 @@ serpent_dec_blk_8way: write_blocks(%rsi, RC1, RD1, RB1, RE1, RK0, RK1, RK2); write_blocks(%rax, RC2, RD2, RB2, RE2, RK0, RK1, RK2); @@ -8654,10 +8523,10 @@ index 7bcf3fc..f53832f 100644 + pax_force_retaddr 0, 1 ret diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c -index 39e4909..887aa7e 100644 +index 07b3a68..bd2a388 100644 --- a/arch/x86/ia32/ia32_aout.c +++ b/arch/x86/ia32/ia32_aout.c -@@ -162,6 +162,8 @@ static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file, +@@ -159,6 +159,8 @@ static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file, unsigned long dump_start, dump_size; struct user32 dump; @@ -8667,10 +8536,10 @@ index 39e4909..887aa7e 100644 set_fs(KERNEL_DS); has_dumped = 1; diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c -index 6557769..ef6ae89 100644 +index a69245b..6d145f4 100644 --- a/arch/x86/ia32/ia32_signal.c +++ b/arch/x86/ia32/ia32_signal.c -@@ -169,7 +169,7 @@ asmlinkage long sys32_sigaltstack(const stack_ia32_t __user *uss_ptr, +@@ -168,7 +168,7 @@ asmlinkage long sys32_sigaltstack(const stack_ia32_t __user *uss_ptr, } seg = get_fs(); set_fs(KERNEL_DS); @@ -8679,7 +8548,7 @@ index 6557769..ef6ae89 100644 set_fs(seg); if (ret >= 0 && uoss_ptr) { if (!access_ok(VERIFY_WRITE, uoss_ptr, sizeof(stack_ia32_t))) -@@ -370,7 +370,7 @@ static int ia32_setup_sigcontext(struct sigcontext_ia32 __user *sc, +@@ -369,7 +369,7 @@ static int ia32_setup_sigcontext(struct sigcontext_ia32 __user *sc, */ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, size_t frame_size, @@ -8688,7 +8557,7 @@ index 6557769..ef6ae89 100644 { unsigned long sp; -@@ -391,7 +391,7 @@ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, +@@ -390,7 +390,7 @@ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, if (used_math()) { sp = sp - sig_xstate_ia32_size; @@ -8697,7 +8566,7 @@ index 6557769..ef6ae89 100644 if (save_i387_xstate_ia32(*fpstate) < 0) return (void __user *) -1L; } -@@ -399,7 +399,7 @@ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, +@@ -398,7 +398,7 @@ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, sp -= frame_size; /* Align the stack pointer according to the i386 ABI, * i.e. so that on function entry ((sp + 4) & 15) == 0. */ @@ -8706,7 +8575,7 @@ index 6557769..ef6ae89 100644 return (void __user *) sp; } -@@ -457,7 +457,7 @@ int ia32_setup_frame(int sig, struct k_sigaction *ka, +@@ -456,7 +456,7 @@ int ia32_setup_frame(int sig, struct k_sigaction *ka, * These are actually not used anymore, but left because some * gdb versions depend on them as a marker. */ @@ -8715,7 +8584,7 @@ index 6557769..ef6ae89 100644 } put_user_catch(err); if (err) -@@ -499,7 +499,7 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, +@@ -498,7 +498,7 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, 0xb8, __NR_ia32_rt_sigreturn, 0x80cd, @@ -8724,7 +8593,7 @@ index 6557769..ef6ae89 100644 }; frame = get_sigframe(ka, regs, sizeof(*frame), &fpstate); -@@ -529,16 +529,18 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, +@@ -528,16 +528,18 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, if (ka->sa.sa_flags & SA_RESTORER) restorer = ka->sa.sa_restorer; @@ -9044,7 +8913,7 @@ index e3e7340..05ed805 100644 RESTORE_REST cmpq $(IA32_NR_syscalls-1),%rax diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c -index f6f5c53..b358b28 100644 +index aec2202..f76174e 100644 --- a/arch/x86/ia32/sys_ia32.c +++ b/arch/x86/ia32/sys_ia32.c @@ -69,8 +69,8 @@ asmlinkage long sys32_ftruncate64(unsigned int fd, unsigned long offset_low, @@ -9058,18 +8927,7 @@ index f6f5c53..b358b28 100644 SET_UID(uid, stat->uid); SET_GID(gid, stat->gid); if (!access_ok(VERIFY_WRITE, ubuf, sizeof(struct stat64)) || -@@ -308,8 +308,8 @@ asmlinkage long sys32_rt_sigprocmask(int how, compat_sigset_t __user *set, - } - set_fs(KERNEL_DS); - ret = sys_rt_sigprocmask(how, -- set ? (sigset_t __user *)&s : NULL, -- oset ? (sigset_t __user *)&s : NULL, -+ set ? (sigset_t __force_user *)&s : NULL, -+ oset ? (sigset_t __force_user *)&s : NULL, - sigsetsize); - set_fs(old_fs); - if (ret) -@@ -332,7 +332,7 @@ asmlinkage long sys32_alarm(unsigned int seconds) +@@ -292,7 +292,7 @@ asmlinkage long sys32_alarm(unsigned int seconds) return alarm_setitimer(seconds); } @@ -9078,7 +8936,7 @@ index f6f5c53..b358b28 100644 int options) { return compat_sys_wait4(pid, stat_addr, options, NULL); -@@ -353,7 +353,7 @@ asmlinkage long sys32_sched_rr_get_interval(compat_pid_t pid, +@@ -313,7 +313,7 @@ asmlinkage long sys32_sched_rr_get_interval(compat_pid_t pid, mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -9087,7 +8945,7 @@ index f6f5c53..b358b28 100644 set_fs(old_fs); if (put_compat_timespec(&t, interval)) return -EFAULT; -@@ -369,7 +369,7 @@ asmlinkage long sys32_rt_sigpending(compat_sigset_t __user *set, +@@ -329,7 +329,7 @@ asmlinkage long sys32_rt_sigpending(compat_sigset_t __user *set, mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -9096,7 +8954,7 @@ index f6f5c53..b358b28 100644 set_fs(old_fs); if (!ret) { switch (_NSIG_WORDS) { -@@ -394,7 +394,7 @@ asmlinkage long sys32_rt_sigqueueinfo(int pid, int sig, +@@ -354,7 +354,7 @@ asmlinkage long sys32_rt_sigqueueinfo(int pid, int sig, if (copy_siginfo_from_user32(&info, uinfo)) return -EFAULT; set_fs(KERNEL_DS); @@ -9105,7 +8963,7 @@ index f6f5c53..b358b28 100644 set_fs(old_fs); return ret; } -@@ -439,7 +439,7 @@ asmlinkage long sys32_sendfile(int out_fd, int in_fd, +@@ -399,7 +399,7 @@ asmlinkage long sys32_sendfile(int out_fd, int in_fd, return -EFAULT; set_fs(KERNEL_DS); @@ -9165,7 +9023,7 @@ index 952bd01..7692c6f 100644 .long \orig - . .long \alt - . diff --git a/arch/x86/include/asm/alternative.h b/arch/x86/include/asm/alternative.h -index 37ad100..7d47faa 100644 +index 49331be..9706065 100644 --- a/arch/x86/include/asm/alternative.h +++ b/arch/x86/include/asm/alternative.h @@ -89,7 +89,7 @@ static inline int alternatives_text_reserved(void *start, void *end) @@ -9178,10 +9036,10 @@ index 37ad100..7d47faa 100644 ".previous" diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h -index 3ab9bdd..238033e 100644 +index d854101..f6ea947 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h -@@ -45,7 +45,7 @@ static inline void generic_apic_probe(void) +@@ -44,7 +44,7 @@ static inline void generic_apic_probe(void) #ifdef CONFIG_X86_LOCAL_APIC @@ -9622,7 +9480,7 @@ index 58cb6d4..ca9010d 100644 /* * atomic_dec_if_positive - decrement by 1 if old value positive diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h -index fa13f0e..27c2e08 100644 +index 1981199..36b9dfb 100644 --- a/arch/x86/include/asm/atomic64_32.h +++ b/arch/x86/include/asm/atomic64_32.h @@ -12,6 +12,14 @@ typedef struct { @@ -9639,8 +9497,40 @@ index fa13f0e..27c2e08 100644 + #define ATOMIC64_INIT(val) { (val) } - #ifdef CONFIG_X86_CMPXCHG64 -@@ -38,6 +46,21 @@ static inline long long atomic64_cmpxchg(atomic64_t *v, long long o, long long n + #define __ATOMIC64_DECL(sym) void atomic64_##sym(atomic64_t *, ...) +@@ -37,21 +45,31 @@ typedef struct { + ATOMIC64_DECL_ONE(sym##_386) + + ATOMIC64_DECL_ONE(add_386); ++ATOMIC64_DECL_ONE(add_unchecked_386); + ATOMIC64_DECL_ONE(sub_386); ++ATOMIC64_DECL_ONE(sub_unchecked_386); + ATOMIC64_DECL_ONE(inc_386); ++ATOMIC64_DECL_ONE(inc_unchecked_386); + ATOMIC64_DECL_ONE(dec_386); ++ATOMIC64_DECL_ONE(dec_unchecked_386); + #endif + + #define alternative_atomic64(f, out, in...) \ + __alternative_atomic64(f, f, ASM_OUTPUT2(out), ## in) + + ATOMIC64_DECL(read); ++ATOMIC64_DECL(read_unchecked); + ATOMIC64_DECL(set); ++ATOMIC64_DECL(set_unchecked); + ATOMIC64_DECL(xchg); + ATOMIC64_DECL(add_return); ++ATOMIC64_DECL(add_return_unchecked); + ATOMIC64_DECL(sub_return); ++ATOMIC64_DECL(sub_return_unchecked); + ATOMIC64_DECL(inc_return); ++ATOMIC64_DECL(inc_return_unchecked); + ATOMIC64_DECL(dec_return); ++ATOMIC64_DECL(dec_return_unchecked); + ATOMIC64_DECL(dec_if_positive); + ATOMIC64_DECL(inc_not_zero); + ATOMIC64_DECL(add_unless); +@@ -77,6 +95,21 @@ static inline long long atomic64_cmpxchg(atomic64_t *v, long long o, long long n } /** @@ -9662,7 +9552,7 @@ index fa13f0e..27c2e08 100644 * atomic64_xchg - xchg atomic64 variable * @v: pointer to type atomic64_t * @n: value to assign -@@ -77,6 +100,24 @@ static inline void atomic64_set(atomic64_t *v, long long i) +@@ -112,6 +145,22 @@ static inline void atomic64_set(atomic64_t *v, long long i) } /** @@ -9676,18 +9566,16 @@ index fa13f0e..27c2e08 100644 +{ + unsigned high = (unsigned)(i >> 32); + unsigned low = (unsigned)i; -+ asm volatile(ATOMIC64_ALTERNATIVE(set) -+ : "+b" (low), "+c" (high) -+ : "S" (v) -+ : "eax", "edx", "memory" -+ ); ++ alternative_atomic64(set, /* no output */, ++ "S" (v), "b" (low), "c" (high) ++ : "eax", "edx", "memory"); +} + +/** * atomic64_read - read atomic64 variable * @v: pointer to type atomic64_t * -@@ -93,6 +134,22 @@ static inline long long atomic64_read(const atomic64_t *v) +@@ -125,6 +174,19 @@ static inline long long atomic64_read(const atomic64_t *v) } /** @@ -9699,10 +9587,7 @@ index fa13f0e..27c2e08 100644 +static inline long long atomic64_read_unchecked(atomic64_unchecked_t *v) +{ + long long r; -+ asm volatile(ATOMIC64_ALTERNATIVE(read_unchecked) -+ : "=A" (r), "+c" (v) -+ : : "memory" -+ ); ++ alternative_atomic64(read, "=&A" (r), "c" (v) : "memory"); + return r; + } + @@ -9710,7 +9595,7 @@ index fa13f0e..27c2e08 100644 * atomic64_add_return - add and return * @i: integer value to add * @v: pointer to type atomic64_t -@@ -108,6 +165,22 @@ static inline long long atomic64_add_return(long long i, atomic64_t *v) +@@ -139,6 +201,21 @@ static inline long long atomic64_add_return(long long i, atomic64_t *v) return i; } @@ -9723,35 +9608,31 @@ index fa13f0e..27c2e08 100644 + */ +static inline long long atomic64_add_return_unchecked(long long i, atomic64_unchecked_t *v) +{ -+ asm volatile(ATOMIC64_ALTERNATIVE(add_return_unchecked) -+ : "+A" (i), "+c" (v) -+ : : "memory" -+ ); ++ alternative_atomic64(add_return_unchecked, ++ ASM_OUTPUT2("+A" (i), "+c" (v)), ++ ASM_NO_INPUT_CLOBBER("memory")); + return i; +} + /* * Other variants with different arithmetic operators: */ -@@ -131,6 +204,17 @@ static inline long long atomic64_inc_return(atomic64_t *v) +@@ -158,6 +235,14 @@ static inline long long atomic64_inc_return(atomic64_t *v) return a; } +static inline long long atomic64_inc_return_unchecked(atomic64_unchecked_t *v) +{ + long long a; -+ asm volatile(ATOMIC64_ALTERNATIVE(inc_return_unchecked) -+ : "=A" (a) -+ : "S" (v) -+ : "memory", "ecx" -+ ); ++ alternative_atomic64(inc_return_unchecked, "=&A" (a), ++ "S" (v) : "memory", "ecx"); + return a; +} + static inline long long atomic64_dec_return(atomic64_t *v) { long long a; -@@ -159,6 +243,22 @@ static inline long long atomic64_add(long long i, atomic64_t *v) +@@ -182,6 +267,21 @@ static inline long long atomic64_add(long long i, atomic64_t *v) } /** @@ -9763,10 +9644,9 @@ index fa13f0e..27c2e08 100644 + */ +static inline long long atomic64_add_unchecked(long long i, atomic64_unchecked_t *v) +{ -+ asm volatile(ATOMIC64_ALTERNATIVE_(add_unchecked, add_return_unchecked) -+ : "+A" (i), "+c" (v) -+ : : "memory" -+ ); ++ __alternative_atomic64(add_unchecked, add_return_unchecked, ++ ASM_OUTPUT2("+A" (i), "+c" (v)), ++ ASM_NO_INPUT_CLOBBER("memory")); + return i; +} + @@ -10140,10 +10020,10 @@ index 48f99f1..d78ebf9 100644 #ifdef CONFIG_X86_VSMP #ifdef CONFIG_SMP diff --git a/arch/x86/include/asm/cacheflush.h b/arch/x86/include/asm/cacheflush.h -index 4e12668..501d239 100644 +index 9863ee3..4a1f8e1 100644 --- a/arch/x86/include/asm/cacheflush.h +++ b/arch/x86/include/asm/cacheflush.h -@@ -26,7 +26,7 @@ static inline unsigned long get_page_memtype(struct page *pg) +@@ -27,7 +27,7 @@ static inline unsigned long get_page_memtype(struct page *pg) unsigned long pg_flags = pg->flags & _PGMT_MASK; if (pg_flags == _PGMT_DEFAULT) @@ -10252,10 +10132,10 @@ index 99480e5..d81165b 100644 ({ \ __typeof__ (*(ptr)) __ret = (inc); \ diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h -index 8d67d42..183d0eb 100644 +index 340ee49..4238ced 100644 --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h -@@ -367,7 +367,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) +@@ -371,7 +371,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) ".section .discard,\"aw\",@progbits\n" " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */ ".previous\n" @@ -10489,10 +10369,10 @@ index 3778256..c5d4fce 100644 #define BIOS_ROM_BASE 0xffe00000 diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h -index 5f962df..7289f09 100644 +index 5939f44..f8845f6 100644 --- a/arch/x86/include/asm/elf.h +++ b/arch/x86/include/asm/elf.h -@@ -238,7 +238,25 @@ extern int force_personality32; +@@ -243,7 +243,25 @@ extern int force_personality32; the loader. We need to make sure that it is out of the way of the program that it will "exec", and that there is sufficient room for the brk. */ @@ -10511,14 +10391,14 @@ index 5f962df..7289f09 100644 +#else +#define PAX_ELF_ET_DYN_BASE 0x400000UL + -+#define PAX_DELTA_MMAP_LEN ((test_thread_flag(TIF_IA32)) ? 16 : TASK_SIZE_MAX_SHIFT - PAGE_SHIFT - 3) -+#define PAX_DELTA_STACK_LEN ((test_thread_flag(TIF_IA32)) ? 16 : TASK_SIZE_MAX_SHIFT - PAGE_SHIFT - 3) ++#define PAX_DELTA_MMAP_LEN ((test_thread_flag(TIF_ADDR32)) ? 16 : TASK_SIZE_MAX_SHIFT - PAGE_SHIFT - 3) ++#define PAX_DELTA_STACK_LEN ((test_thread_flag(TIF_ADDR32)) ? 16 : TASK_SIZE_MAX_SHIFT - PAGE_SHIFT - 3) +#endif +#endif /* This yields a mask that user programs can use to figure out what instruction set this CPU supports. This could be done in user space, -@@ -291,9 +309,7 @@ do { \ +@@ -296,16 +314,12 @@ do { \ #define ARCH_DLINFO \ do { \ @@ -10528,8 +10408,16 @@ index 5f962df..7289f09 100644 + NEW_AUX_ENT(AT_SYSINFO_EHDR, current->mm->context.vdso); \ } while (0) + #define ARCH_DLINFO_X32 \ + do { \ +- if (vdso_enabled) \ +- NEW_AUX_ENT(AT_SYSINFO_EHDR, \ +- (unsigned long)current->mm->context.vdso); \ ++ NEW_AUX_ENT(AT_SYSINFO_EHDR, current->mm->context.vdso); \ + } while (0) + #define AT_SYSINFO 32 -@@ -304,7 +320,7 @@ do { \ +@@ -320,7 +334,7 @@ else \ #endif /* !CONFIG_X86_32 */ @@ -10538,7 +10426,7 @@ index 5f962df..7289f09 100644 #define VDSO_ENTRY \ ((unsigned long)VDSO32_SYMBOL(VDSO_CURRENT_BASE, vsyscall)) -@@ -318,9 +334,6 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm, +@@ -336,9 +350,6 @@ extern int x32_setup_additional_pages(struct linux_binprm *bprm, extern int syscall32_setup_pages(struct linux_binprm *, int exstack); #define compat_arch_setup_additional_pages syscall32_setup_pages @@ -10560,24 +10448,49 @@ index cc70c1c..d96d011 100644 +extern void machine_emergency_restart(void) __noreturn; #endif /* _ASM_X86_EMERGENCY_RESTART_H */ -diff --git a/arch/x86/include/asm/floppy.h b/arch/x86/include/asm/floppy.h -index dbe82a5..c6d8a00 100644 ---- a/arch/x86/include/asm/floppy.h -+++ b/arch/x86/include/asm/floppy.h -@@ -157,6 +157,7 @@ static unsigned long dma_mem_alloc(unsigned long size) - } - +diff --git a/arch/x86/include/asm/fpu-internal.h b/arch/x86/include/asm/fpu-internal.h +index 4fa8815..71b121a 100644 +--- a/arch/x86/include/asm/fpu-internal.h ++++ b/arch/x86/include/asm/fpu-internal.h +@@ -86,6 +86,11 @@ static inline int fxrstor_checking(struct i387_fxsave_struct *fx) + { + int err; -+static unsigned long vdma_mem_alloc(unsigned long size) __size_overflow(1); - static unsigned long vdma_mem_alloc(unsigned long size) ++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) ++ if ((unsigned long)fx < PAX_USER_SHADOW_BASE) ++ fx = (struct i387_fxsave_struct __user *)((void *)fx + PAX_USER_SHADOW_BASE); ++#endif ++ + /* See comment in fxsave() below. */ + #ifdef CONFIG_AS_FXSAVEQ + asm volatile("1: fxrstorq %[fx]\n\t" +@@ -115,6 +120,11 @@ static inline int fxsave_user(struct i387_fxsave_struct __user *fx) { - return (unsigned long)vmalloc(size); + int err; + ++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) ++ if ((unsigned long)fx < PAX_USER_SHADOW_BASE) ++ fx = (struct i387_fxsave_struct __user *)((void __user *)fx + PAX_USER_SHADOW_BASE); ++#endif ++ + /* + * Clear the bytes not touched by the fxsave and reserved + * for the SW usage. +@@ -271,7 +281,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk) + "emms\n\t" /* clear stack tags */ + "fildl %P[addr]", /* set F?P to defined value */ + X86_FEATURE_FXSAVE_LEAK, +- [addr] "m" (tsk->thread.fpu.has_fpu)); ++ [addr] "m" (init_tss[smp_processor_id()].x86_tss.sp0)); + + return fpu_restore_checking(&tsk->thread.fpu); + } diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h -index d09bb03..4ea4194 100644 +index 71ecbcb..bac10b7 100644 --- a/arch/x86/include/asm/futex.h +++ b/arch/x86/include/asm/futex.h -@@ -12,16 +12,18 @@ - #include +@@ -11,16 +11,18 @@ + #include #define __futex_atomic_op1(insn, ret, oldval, uaddr, oparg) \ + typecheck(u32 __user *, uaddr); \ @@ -10596,7 +10509,7 @@ index d09bb03..4ea4194 100644 asm volatile("1:\tmovl %2, %0\n" \ "\tmovl\t%0, %3\n" \ "\t" insn "\n" \ -@@ -34,7 +36,7 @@ +@@ -33,7 +35,7 @@ _ASM_EXTABLE(1b, 4b) \ _ASM_EXTABLE(2b, 4b) \ : "=&a" (oldval), "=&r" (ret), \ @@ -10605,7 +10518,7 @@ index d09bb03..4ea4194 100644 : "r" (oparg), "i" (-EFAULT), "1" (0)) static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) -@@ -61,10 +63,10 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) +@@ -60,10 +62,10 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) switch (op) { case FUTEX_OP_SET: @@ -10618,7 +10531,7 @@ index d09bb03..4ea4194 100644 uaddr, oparg); break; case FUTEX_OP_OR: -@@ -123,13 +125,13 @@ static inline int futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, +@@ -122,13 +124,13 @@ static inline int futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) return -EFAULT; @@ -10649,52 +10562,6 @@ index eb92a6e..b98b2f4 100644 /* EISA */ extern void eisa_set_level_irq(unsigned int irq); -diff --git a/arch/x86/include/asm/i387.h b/arch/x86/include/asm/i387.h -index 2479049..3fb9795 100644 ---- a/arch/x86/include/asm/i387.h -+++ b/arch/x86/include/asm/i387.h -@@ -93,6 +93,11 @@ static inline int fxrstor_checking(struct i387_fxsave_struct *fx) - { - int err; - -+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ if ((unsigned long)fx < PAX_USER_SHADOW_BASE) -+ fx = (struct i387_fxsave_struct __user *)((void *)fx + PAX_USER_SHADOW_BASE); -+#endif -+ - /* See comment in fxsave() below. */ - #ifdef CONFIG_AS_FXSAVEQ - asm volatile("1: fxrstorq %[fx]\n\t" -@@ -122,6 +127,11 @@ static inline int fxsave_user(struct i387_fxsave_struct __user *fx) - { - int err; - -+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ if ((unsigned long)fx < PAX_USER_SHADOW_BASE) -+ fx = (struct i387_fxsave_struct __user *)((void __user *)fx + PAX_USER_SHADOW_BASE); -+#endif -+ - /* - * Clear the bytes not touched by the fxsave and reserved - * for the SW usage. -@@ -278,7 +288,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk) - "emms\n\t" /* clear stack tags */ - "fildl %P[addr]", /* set F?P to defined value */ - X86_FEATURE_FXSAVE_LEAK, -- [addr] "m" (tsk->thread.fpu.has_fpu)); -+ [addr] "m" (init_tss[smp_processor_id()].x86_tss.sp0)); - - return fpu_restore_checking(&tsk->thread.fpu); - } -@@ -445,7 +455,7 @@ static inline bool interrupted_kernel_fpu_idle(void) - static inline bool interrupted_user_mode(void) - { - struct pt_regs *regs = get_irq_regs(); -- return regs && user_mode_vm(regs); -+ return regs && user_mode(regs); - } - - /* diff --git a/arch/x86/include/asm/io.h b/arch/x86/include/asm/io.h index d8e8eef..99f81ae 100644 --- a/arch/x86/include/asm/io.h @@ -10754,10 +10621,10 @@ index 5478825..839e88c 100644 #define flush_insn_slot(p) do { } while (0) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h -index 52d6640..136b3bd 100644 +index e216ba0..453f6ec 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h -@@ -663,7 +663,7 @@ struct kvm_x86_ops { +@@ -679,7 +679,7 @@ struct kvm_x86_ops { int (*check_intercept)(struct kvm_vcpu *vcpu, struct x86_instruction_info *info, enum x86_intercept_stage stage); @@ -10766,29 +10633,11 @@ index 52d6640..136b3bd 100644 struct kvm_arch_async_pf { u32 token; -@@ -694,7 +694,7 @@ void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned int kvm_nr_mmu_pages); - int load_pdptrs(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, unsigned long cr3); - - int emulator_write_phys(struct kvm_vcpu *vcpu, gpa_t gpa, -- const void *val, int bytes); -+ const void *val, int bytes) __size_overflow(2); - u8 kvm_get_guest_memory_type(struct kvm_vcpu *vcpu, gfn_t gfn); - - extern bool tdp_enabled; -@@ -781,7 +781,7 @@ int fx_init(struct kvm_vcpu *vcpu); - - void kvm_mmu_flush_tlb(struct kvm_vcpu *vcpu); - void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, -- const u8 *new, int bytes); -+ const u8 *new, int bytes) __size_overflow(2); - int kvm_mmu_unprotect_page(struct kvm *kvm, gfn_t gfn); - int kvm_mmu_unprotect_page_virt(struct kvm_vcpu *vcpu, gva_t gva); - void __kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu); diff --git a/arch/x86/include/asm/local.h b/arch/x86/include/asm/local.h -index 9cdae5d..300d20f 100644 +index c8bed0d..e5721fa 100644 --- a/arch/x86/include/asm/local.h +++ b/arch/x86/include/asm/local.h -@@ -18,26 +18,58 @@ typedef struct { +@@ -17,26 +17,58 @@ typedef struct { static inline void local_inc(local_t *l) { @@ -10851,7 +10700,7 @@ index 9cdae5d..300d20f 100644 : "+m" (l->a.counter) : "ir" (i)); } -@@ -55,7 +87,16 @@ static inline int local_sub_and_test(long i, local_t *l) +@@ -54,7 +86,16 @@ static inline int local_sub_and_test(long i, local_t *l) { unsigned char c; @@ -10869,7 +10718,7 @@ index 9cdae5d..300d20f 100644 : "+m" (l->a.counter), "=qm" (c) : "ir" (i) : "memory"); return c; -@@ -73,7 +114,16 @@ static inline int local_dec_and_test(local_t *l) +@@ -72,7 +113,16 @@ static inline int local_dec_and_test(local_t *l) { unsigned char c; @@ -10887,7 +10736,7 @@ index 9cdae5d..300d20f 100644 : "+m" (l->a.counter), "=qm" (c) : : "memory"); return c != 0; -@@ -91,7 +141,16 @@ static inline int local_inc_and_test(local_t *l) +@@ -90,7 +140,16 @@ static inline int local_inc_and_test(local_t *l) { unsigned char c; @@ -10905,7 +10754,7 @@ index 9cdae5d..300d20f 100644 : "+m" (l->a.counter), "=qm" (c) : : "memory"); return c != 0; -@@ -110,7 +169,16 @@ static inline int local_add_negative(long i, local_t *l) +@@ -109,7 +168,16 @@ static inline int local_add_negative(long i, local_t *l) { unsigned char c; @@ -10923,7 +10772,7 @@ index 9cdae5d..300d20f 100644 : "+m" (l->a.counter), "=qm" (c) : "ir" (i) : "memory"); return c; -@@ -133,7 +201,15 @@ static inline long local_add_return(long i, local_t *l) +@@ -132,7 +200,15 @@ static inline long local_add_return(long i, local_t *l) #endif /* Modern 486+ processor */ __i = i; @@ -10994,7 +10843,7 @@ index 5f55e69..e20bfb1 100644 #ifdef CONFIG_SMP diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h -index 6902152..399f3a2 100644 +index 6902152..da4283a 100644 --- a/arch/x86/include/asm/mmu_context.h +++ b/arch/x86/include/asm/mmu_context.h @@ -24,6 +24,18 @@ void destroy_context(struct mm_struct *mm); @@ -11037,8 +10886,8 @@ index 6902152..399f3a2 100644 /* Re-load page tables */ +#ifdef CONFIG_PAX_PER_CPU_PGD + pax_open_kernel(); -+ __clone_user_pgds(get_cpu_pgd(cpu), next->pgd, USER_PGD_PTRS); -+ __shadow_user_pgds(get_cpu_pgd(cpu) + USER_PGD_PTRS, next->pgd, USER_PGD_PTRS); ++ __clone_user_pgds(get_cpu_pgd(cpu), next->pgd); ++ __shadow_user_pgds(get_cpu_pgd(cpu) + USER_PGD_PTRS, next->pgd); + pax_close_kernel(); + load_cr3(get_cpu_pgd(cpu)); +#else @@ -11077,8 +10926,8 @@ index 6902152..399f3a2 100644 + +#ifdef CONFIG_PAX_PER_CPU_PGD + pax_open_kernel(); -+ __clone_user_pgds(get_cpu_pgd(cpu), next->pgd, USER_PGD_PTRS); -+ __shadow_user_pgds(get_cpu_pgd(cpu) + USER_PGD_PTRS, next->pgd, USER_PGD_PTRS); ++ __clone_user_pgds(get_cpu_pgd(cpu), next->pgd); ++ __shadow_user_pgds(get_cpu_pgd(cpu) + USER_PGD_PTRS, next->pgd); + pax_close_kernel(); + load_cr3(get_cpu_pgd(cpu)); +#endif @@ -11166,10 +11015,10 @@ index 7639dbf..e08a58c 100644 extern unsigned long __phys_addr(unsigned long); #define __phys_reloc_hide(x) (x) diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h -index a7d2db9..edb023e 100644 +index aa0f913..0c5bc6a 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h -@@ -667,6 +667,18 @@ static inline void set_pgd(pgd_t *pgdp, pgd_t pgd) +@@ -668,6 +668,18 @@ static inline void set_pgd(pgd_t *pgdp, pgd_t pgd) val); } @@ -11188,7 +11037,7 @@ index a7d2db9..edb023e 100644 static inline void pgd_clear(pgd_t *pgdp) { set_pgd(pgdp, __pgd(0)); -@@ -748,6 +760,21 @@ static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx, +@@ -749,6 +761,21 @@ static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx, pv_mmu_ops.set_fixmap(idx, phys, flags); } @@ -11210,7 +11059,7 @@ index a7d2db9..edb023e 100644 #if defined(CONFIG_SMP) && defined(CONFIG_PARAVIRT_SPINLOCKS) static inline int arch_spin_is_locked(struct arch_spinlock *lock) -@@ -964,7 +991,7 @@ extern void default_banner(void); +@@ -965,7 +992,7 @@ extern void default_banner(void); #define PARA_PATCH(struct, off) ((PARAVIRT_PATCH_##struct + (off)) / 4) #define PARA_SITE(ptype, clobbers, ops) _PVSITE(ptype, clobbers, ops, .long, 4) @@ -11219,7 +11068,7 @@ index a7d2db9..edb023e 100644 #endif #define INTERRUPT_RETURN \ -@@ -1041,6 +1068,21 @@ extern void default_banner(void); +@@ -1042,6 +1069,21 @@ extern void default_banner(void); PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_irq_enable_sysexit), \ CLBR_NONE, \ jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_irq_enable_sysexit)) @@ -11386,10 +11235,67 @@ index 98391db..8f6984e 100644 static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) diff --git a/arch/x86/include/asm/pgtable-3level.h b/arch/x86/include/asm/pgtable-3level.h -index effff47..f9e4035 100644 +index effff47..bbb8295 100644 --- a/arch/x86/include/asm/pgtable-3level.h +++ b/arch/x86/include/asm/pgtable-3level.h -@@ -38,12 +38,16 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) +@@ -31,6 +31,56 @@ static inline void native_set_pte(pte_t *ptep, pte_t pte) + ptep->pte_low = pte.pte_low; + } + ++#define __HAVE_ARCH_READ_PMD_ATOMIC ++/* ++ * pte_offset_map_lock on 32bit PAE kernels was reading the pmd_t with ++ * a "*pmdp" dereference done by gcc. Problem is, in certain places ++ * where pte_offset_map_lock is called, concurrent page faults are ++ * allowed, if the mmap_sem is hold for reading. An example is mincore ++ * vs page faults vs MADV_DONTNEED. On the page fault side ++ * pmd_populate rightfully does a set_64bit, but if we're reading the ++ * pmd_t with a "*pmdp" on the mincore side, a SMP race can happen ++ * because gcc will not read the 64bit of the pmd atomically. To fix ++ * this all places running pmd_offset_map_lock() while holding the ++ * mmap_sem in read mode, shall read the pmdp pointer using this ++ * function to know if the pmd is null nor not, and in turn to know if ++ * they can run pmd_offset_map_lock or pmd_trans_huge or other pmd ++ * operations. ++ * ++ * Without THP if the mmap_sem is hold for reading, the ++ * pmd can only transition from null to not null while read_pmd_atomic runs. ++ * So there's no need of literally reading it atomically. ++ * ++ * With THP if the mmap_sem is hold for reading, the pmd can become ++ * THP or null or point to a pte (and in turn become "stable") at any ++ * time under read_pmd_atomic, so it's mandatory to read it atomically ++ * with cmpxchg8b. ++ */ ++#ifndef CONFIG_TRANSPARENT_HUGEPAGE ++static inline pmd_t read_pmd_atomic(pmd_t *pmdp) ++{ ++ pmdval_t ret; ++ u32 *tmp = (u32 *)pmdp; ++ ++ ret = (pmdval_t) (*tmp); ++ if (ret) { ++ /* ++ * If the low part is null, we must not read the high part ++ * or we can end up with a partial pmd. ++ */ ++ smp_rmb(); ++ ret |= ((pmdval_t)*(tmp + 1)) << 32; ++ } ++ ++ return __pmd(ret); ++} ++#else /* CONFIG_TRANSPARENT_HUGEPAGE */ ++static inline pmd_t read_pmd_atomic(pmd_t *pmdp) ++{ ++ return __pmd(atomic64_read((atomic64_t *)pmdp)); ++} ++#endif /* CONFIG_TRANSPARENT_HUGEPAGE */ ++ + static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) + { + set_64bit((unsigned long long *)(ptep), native_pte_val(pte)); +@@ -38,12 +88,16 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd) { @@ -11407,7 +11313,7 @@ index effff47..f9e4035 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index 49afb3f..ed14d07 100644 +index 49afb3f..91a8c63 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); @@ -11576,13 +11482,13 @@ index 49afb3f..ed14d07 100644 } +#ifdef CONFIG_PAX_PER_CPU_PGD -+extern void __clone_user_pgds(pgd_t *dst, const pgd_t *src, int count); ++extern void __clone_user_pgds(pgd_t *dst, const pgd_t *src); +#endif + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+extern void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count); ++extern void __shadow_user_pgds(pgd_t *dst, const pgd_t *src); +#else -+static inline void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count) {} ++static inline void __shadow_user_pgds(pgd_t *dst, const pgd_t *src) {} +#endif #include @@ -11853,10 +11759,10 @@ index 013286a..8b42f4f 100644 #define pgprot_writecombine pgprot_writecombine extern pgprot_t pgprot_writecombine(pgprot_t prot); diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h -index 58545c9..fe6fc38e 100644 +index 4fa7dcc..764e33a 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h -@@ -266,7 +266,7 @@ struct tss_struct { +@@ -276,7 +276,7 @@ struct tss_struct { } ____cacheline_aligned; @@ -11865,7 +11771,7 @@ index 58545c9..fe6fc38e 100644 /* * Save the original ist values for checking stack pointers during debugging -@@ -860,11 +860,18 @@ static inline void spin_lock_prefetch(const void *x) +@@ -807,11 +807,18 @@ static inline void spin_lock_prefetch(const void *x) */ #define TASK_SIZE PAGE_OFFSET #define TASK_SIZE_MAX TASK_SIZE @@ -11886,7 +11792,7 @@ index 58545c9..fe6fc38e 100644 .vm86_info = NULL, \ .sysenter_cs = __KERNEL_CS, \ .io_bitmap_ptr = NULL, \ -@@ -878,7 +885,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -825,7 +832,7 @@ static inline void spin_lock_prefetch(const void *x) */ #define INIT_TSS { \ .x86_tss = { \ @@ -11895,7 +11801,7 @@ index 58545c9..fe6fc38e 100644 .ss0 = __KERNEL_DS, \ .ss1 = __KERNEL_CS, \ .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \ -@@ -889,11 +896,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -836,11 +843,7 @@ static inline void spin_lock_prefetch(const void *x) extern unsigned long thread_saved_pc(struct task_struct *tsk); #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long)) @@ -11908,7 +11814,7 @@ index 58545c9..fe6fc38e 100644 /* * The below -8 is to reserve 8 bytes on top of the ring0 stack. -@@ -908,7 +911,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -855,7 +858,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define task_pt_regs(task) \ ({ \ struct pt_regs *__regs__; \ @@ -11917,7 +11823,7 @@ index 58545c9..fe6fc38e 100644 __regs__ - 1; \ }) -@@ -918,13 +921,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -865,13 +868,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); /* * User space process size. 47bits minus one guard page. */ @@ -11931,9 +11837,9 @@ index 58545c9..fe6fc38e 100644 - 0xc0000000 : 0xFFFFe000) + 0xc0000000 : 0xFFFFf000) - #define TASK_SIZE (test_thread_flag(TIF_IA32) ? \ + #define TASK_SIZE (test_thread_flag(TIF_ADDR32) ? \ IA32_PAGE_OFFSET : TASK_SIZE_MAX) -@@ -935,11 +938,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -882,11 +885,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define STACK_TOP_MAX TASK_SIZE_MAX #define INIT_THREAD { \ @@ -11947,7 +11853,7 @@ index 58545c9..fe6fc38e 100644 } /* -@@ -961,6 +964,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, +@@ -914,6 +917,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, */ #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3)) @@ -11958,11 +11864,26 @@ index 58545c9..fe6fc38e 100644 #define KSTK_EIP(task) (task_pt_regs(task)->ip) /* Get/set a process' ability to use the timestamp counter instruction */ +@@ -976,12 +983,12 @@ extern bool cpu_has_amd_erratum(const int *); + + void cpu_idle_wait(void); + +-extern unsigned long arch_align_stack(unsigned long sp); ++#define arch_align_stack(x) ((x) & ~0xfUL) + extern void free_init_pages(char *what, unsigned long begin, unsigned long end); + + void default_idle(void); + bool set_pm_idle_to_default(void); + +-void stop_this_cpu(void *dummy); ++void stop_this_cpu(void *dummy) __noreturn; + + #endif /* _ASM_X86_PROCESSOR_H */ diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h -index 3566454..4bdfb8c 100644 +index dcfde52..dbfea06 100644 --- a/arch/x86/include/asm/ptrace.h +++ b/arch/x86/include/asm/ptrace.h -@@ -156,28 +156,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs) +@@ -155,28 +155,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs) } /* @@ -11998,7 +11919,7 @@ index 3566454..4bdfb8c 100644 #endif } -@@ -193,15 +194,16 @@ static inline int v8086_mode(struct pt_regs *regs) +@@ -192,15 +193,16 @@ static inline int v8086_mode(struct pt_regs *regs) #ifdef CONFIG_X86_64 static inline bool user_64bit_mode(struct pt_regs *regs) { @@ -12168,7 +12089,7 @@ index 2dbe4a7..ce1db00 100644 #endif /* __KERNEL__ */ diff --git a/arch/x86/include/asm/segment.h b/arch/x86/include/asm/segment.h -index 5e64171..f58957e 100644 +index 1654662..5af4157 100644 --- a/arch/x86/include/asm/segment.h +++ b/arch/x86/include/asm/segment.h @@ -64,10 +64,15 @@ @@ -12237,6 +12158,15 @@ index 5e64171..f58957e 100644 #define __KERNEL_DS (GDT_ENTRY_KERNEL_DS*8) #define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS*8+3) #define __USER_CS (GDT_ENTRY_DEFAULT_USER_CS*8+3) +@@ -263,7 +279,7 @@ static inline unsigned long get_limit(unsigned long segment) + { + unsigned long __limit; + asm("lsll %1,%0" : "=r" (__limit) : "r" (segment)); +- return __limit + 1; ++ return __limit; + } + + #endif /* !__ASSEMBLY__ */ diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h index 0434c40..1714bf0 100644 --- a/arch/x86/include/asm/smp.h @@ -12277,7 +12207,7 @@ index 0434c40..1714bf0 100644 #endif diff --git a/arch/x86/include/asm/spinlock.h b/arch/x86/include/asm/spinlock.h -index a82c2bf..2198f61 100644 +index 76bfa2c..12d3fe7 100644 --- a/arch/x86/include/asm/spinlock.h +++ b/arch/x86/include/asm/spinlock.h @@ -175,6 +175,14 @@ static inline int arch_write_can_lock(arch_rwlock_t *lock) @@ -12343,10 +12273,10 @@ index a82c2bf..2198f61 100644 } diff --git a/arch/x86/include/asm/stackprotector.h b/arch/x86/include/asm/stackprotector.h -index 1575177..cb23f52 100644 +index b5d9533..41655fa 100644 --- a/arch/x86/include/asm/stackprotector.h +++ b/arch/x86/include/asm/stackprotector.h -@@ -48,7 +48,7 @@ +@@ -47,7 +47,7 @@ * head_32 for boot CPU and setup_per_cpu_areas() for others. */ #define GDT_STACK_CANARY_INIT \ @@ -12355,7 +12285,7 @@ index 1575177..cb23f52 100644 /* * Initialize the stackprotector canary value. -@@ -113,7 +113,7 @@ static inline void setup_stack_canary_segment(int cpu) +@@ -112,7 +112,7 @@ static inline void setup_stack_canary_segment(int cpu) static inline void load_stack_canary_segment(void) { @@ -12417,37 +12347,11 @@ index 70bbe39..4ae2bd4 100644 }; void dump_trace(struct task_struct *tsk, struct pt_regs *regs, -diff --git a/arch/x86/include/asm/sys_ia32.h b/arch/x86/include/asm/sys_ia32.h -index cb23852..2dde194 100644 ---- a/arch/x86/include/asm/sys_ia32.h -+++ b/arch/x86/include/asm/sys_ia32.h -@@ -40,7 +40,7 @@ asmlinkage long sys32_rt_sigprocmask(int, compat_sigset_t __user *, - compat_sigset_t __user *, unsigned int); - asmlinkage long sys32_alarm(unsigned int); - --asmlinkage long sys32_waitpid(compat_pid_t, unsigned int *, int); -+asmlinkage long sys32_waitpid(compat_pid_t, unsigned int __user *, int); - asmlinkage long sys32_sysfs(int, u32, u32); - - asmlinkage long sys32_sched_rr_get_interval(compat_pid_t, -diff --git a/arch/x86/include/asm/syscalls.h b/arch/x86/include/asm/syscalls.h -index f1d8b44..a4de8b7 100644 ---- a/arch/x86/include/asm/syscalls.h -+++ b/arch/x86/include/asm/syscalls.h -@@ -30,7 +30,7 @@ long sys_clone(unsigned long, unsigned long, void __user *, - void __user *, struct pt_regs *); - - /* kernel/ldt.c */ --asmlinkage int sys_modify_ldt(int, void __user *, unsigned long); -+asmlinkage int sys_modify_ldt(int, void __user *, unsigned long) __size_overflow(3); - - /* kernel/signal.c */ - long sys_rt_sigreturn(struct pt_regs *); -diff --git a/arch/x86/include/asm/system.h b/arch/x86/include/asm/system.h -index 2d2f01c..f985723 100644 ---- a/arch/x86/include/asm/system.h -+++ b/arch/x86/include/asm/system.h -@@ -129,7 +129,7 @@ do { \ +diff --git a/arch/x86/include/asm/switch_to.h b/arch/x86/include/asm/switch_to.h +index 4ec45b3..a4f0a8a 100644 +--- a/arch/x86/include/asm/switch_to.h ++++ b/arch/x86/include/asm/switch_to.h +@@ -108,7 +108,7 @@ do { \ "call __switch_to\n\t" \ "movq "__percpu_arg([current_task])",%%rsi\n\t" \ __switch_canary \ @@ -12456,7 +12360,7 @@ index 2d2f01c..f985723 100644 "movq %%rax,%%rdi\n\t" \ "testl %[_tif_fork],%P[ti_flags](%%r8)\n\t" \ "jnz ret_from_fork\n\t" \ -@@ -140,7 +140,7 @@ do { \ +@@ -119,7 +119,7 @@ do { \ [threadrsp] "i" (offsetof(struct task_struct, thread.sp)), \ [ti_flags] "i" (offsetof(struct thread_info, flags)), \ [_tif_fork] "i" (_TIF_FORK), \ @@ -12465,33 +12369,21 @@ index 2d2f01c..f985723 100644 [current_task] "m" (current_task) \ __switch_canary_iparam \ : "memory", "cc" __EXTRA_CLOBBER) -@@ -200,7 +200,7 @@ static inline unsigned long get_limit(unsigned long segment) - { - unsigned long __limit; - asm("lsll %1,%0" : "=r" (__limit) : "r" (segment)); -- return __limit + 1; -+ return __limit; - } - - static inline void native_clts(void) -@@ -397,13 +397,13 @@ void enable_hlt(void); - - void cpu_idle_wait(void); - --extern unsigned long arch_align_stack(unsigned long sp); -+#define arch_align_stack(x) ((x) & ~0xfUL) - extern void free_init_pages(char *what, unsigned long begin, unsigned long end); - - void default_idle(void); - bool set_pm_idle_to_default(void); +diff --git a/arch/x86/include/asm/sys_ia32.h b/arch/x86/include/asm/sys_ia32.h +index 3fda9db4..4ca1c61 100644 +--- a/arch/x86/include/asm/sys_ia32.h ++++ b/arch/x86/include/asm/sys_ia32.h +@@ -40,7 +40,7 @@ asmlinkage long sys32_sigaction(int, struct old_sigaction32 __user *, + struct old_sigaction32 __user *); + asmlinkage long sys32_alarm(unsigned int); --void stop_this_cpu(void *dummy); -+void stop_this_cpu(void *dummy) __noreturn; +-asmlinkage long sys32_waitpid(compat_pid_t, unsigned int *, int); ++asmlinkage long sys32_waitpid(compat_pid_t, unsigned int __user *, int); + asmlinkage long sys32_sysfs(int, u32, u32); - /* - * Force strict CPU ordering. + asmlinkage long sys32_sched_rr_get_interval(compat_pid_t, diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h -index cfd8144..664ac89 100644 +index ad6df8c..5e0cf6e 100644 --- a/arch/x86/include/asm/thread_info.h +++ b/arch/x86/include/asm/thread_info.h @@ -10,6 +10,7 @@ @@ -12541,25 +12433,26 @@ index cfd8144..664ac89 100644 #define init_stack (init_thread_union.stack) #else /* !__ASSEMBLY__ */ -@@ -95,6 +89,7 @@ struct thread_info { - #define TIF_BLOCKSTEP 25 /* set when we want DEBUGCTLMSR_BTF */ - #define TIF_LAZY_MMU_UPDATES 27 /* task is updating the mmu lazily */ +@@ -97,6 +91,7 @@ struct thread_info { #define TIF_SYSCALL_TRACEPOINT 28 /* syscall tracepoint instrumentation */ -+#define TIF_GRSEC_SETXID 29 /* update credentials on syscall entry/exit */ + #define TIF_ADDR32 29 /* 32-bit address space on 64 bits */ + #define TIF_X32 30 /* 32-bit native x86-64 binary */ ++#define TIF_GRSEC_SETXID 31 /* update credentials on syscall entry/exit */ #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) -@@ -116,16 +111,17 @@ struct thread_info { - #define _TIF_BLOCKSTEP (1 << TIF_BLOCKSTEP) - #define _TIF_LAZY_MMU_UPDATES (1 << TIF_LAZY_MMU_UPDATES) +@@ -120,16 +115,18 @@ struct thread_info { #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) + #define _TIF_ADDR32 (1 << TIF_ADDR32) + #define _TIF_X32 (1 << TIF_X32) +#define _TIF_GRSEC_SETXID (1 << TIF_GRSEC_SETXID) /* work to do in syscall_trace_enter() */ #define _TIF_WORK_SYSCALL_ENTRY \ (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_EMU | _TIF_SYSCALL_AUDIT | \ - _TIF_SECCOMP | _TIF_SINGLESTEP | _TIF_SYSCALL_TRACEPOINT) -+ _TIF_SECCOMP | _TIF_SINGLESTEP | _TIF_SYSCALL_TRACEPOINT | _TIF_GRSEC_SETXID) ++ _TIF_SECCOMP | _TIF_SINGLESTEP | _TIF_SYSCALL_TRACEPOINT | \ ++ _TIF_GRSEC_SETXID) /* work to do in syscall_trace_leave() */ #define _TIF_WORK_SYSCALL_EXIT \ @@ -12569,7 +12462,7 @@ index cfd8144..664ac89 100644 /* work to do on interrupt/exception return */ #define _TIF_WORK_MASK \ -@@ -135,7 +131,8 @@ struct thread_info { +@@ -139,7 +136,8 @@ struct thread_info { /* work to do on any return to user space */ #define _TIF_ALLWORK_MASK \ @@ -12579,7 +12472,7 @@ index cfd8144..664ac89 100644 /* Only used for 64 bit */ #define _TIF_DO_NOTIFY_MASK \ -@@ -169,45 +166,40 @@ struct thread_info { +@@ -173,45 +171,40 @@ struct thread_info { ret; \ }) @@ -12650,7 +12543,7 @@ index cfd8144..664ac89 100644 /* * macros/functions for gaining access to the thread information structure * preempt_count needs to be 1 initially, until the scheduler is functional. -@@ -215,27 +207,8 @@ static inline struct thread_info *current_thread_info(void) +@@ -219,27 +212,8 @@ static inline struct thread_info *current_thread_info(void) #ifndef __ASSEMBLY__ DECLARE_PER_CPU(unsigned long, kernel_stack); @@ -12680,7 +12573,7 @@ index cfd8144..664ac89 100644 #endif #endif /* !X86_32 */ -@@ -269,5 +242,16 @@ extern void arch_task_cache_init(void); +@@ -285,5 +259,16 @@ extern void arch_task_cache_init(void); extern void free_thread_info(struct thread_info *ti); extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src); #define arch_task_cache_init arch_task_cache_init @@ -12698,7 +12591,7 @@ index cfd8144..664ac89 100644 #endif #endif /* _ASM_X86_THREAD_INFO_H */ diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h -index 8be5f54..7ae826d 100644 +index e054459..14bc8a7 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -7,12 +7,15 @@ @@ -12921,7 +12814,7 @@ index 8be5f54..7ae826d 100644 #ifdef CONFIG_X86_WP_WORKS_OK diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h -index 566e803..7183d0b 100644 +index 8084bc7..cc139cb 100644 --- a/arch/x86/include/asm/uaccess_32.h +++ b/arch/x86/include/asm/uaccess_32.h @@ -11,15 +11,15 @@ @@ -12945,12 +12838,8 @@ index 566e803..7183d0b 100644 /** * __copy_to_user_inatomic: - Copy a block of data into user space, with less checking. -@@ -41,8 +41,13 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero - */ - +@@ -43,6 +43,9 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero static __always_inline unsigned long __must_check -+__copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) __size_overflow(3); -+static __always_inline unsigned long __must_check __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) { + if ((long)n < 0) @@ -12959,7 +12848,7 @@ index 566e803..7183d0b 100644 if (__builtin_constant_p(n)) { unsigned long ret; -@@ -61,6 +66,8 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) +@@ -61,6 +64,8 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) return ret; } } @@ -12968,12 +12857,7 @@ index 566e803..7183d0b 100644 return __copy_to_user_ll(to, from, n); } -@@ -79,15 +86,23 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) - * On success, this will be zero. - */ - static __always_inline unsigned long __must_check -+__copy_to_user(void __user *to, const void *from, unsigned long n) __size_overflow(3); -+static __always_inline unsigned long __must_check +@@ -82,12 +87,16 @@ static __always_inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n) { might_fault(); @@ -12982,8 +12866,6 @@ index 566e803..7183d0b 100644 } static __always_inline unsigned long -+__copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) __size_overflow(3); -+static __always_inline unsigned long __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) { + if ((long)n < 0) @@ -12992,12 +12874,7 @@ index 566e803..7183d0b 100644 /* Avoid zeroing the tail if the copy fails.. * If 'n' is constant and 1, 2, or 4, we do still zero on a failure, * but as the zeroing behaviour is only significant when n is not -@@ -134,9 +149,15 @@ __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) - * for explanation of why this is needed. - */ - static __always_inline unsigned long -+__copy_from_user(void *to, const void __user *from, unsigned long n) __size_overflow(3); -+static __always_inline unsigned long +@@ -137,6 +146,10 @@ static __always_inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n) { might_fault(); @@ -13008,7 +12885,7 @@ index 566e803..7183d0b 100644 if (__builtin_constant_p(n)) { unsigned long ret; -@@ -152,13 +173,21 @@ __copy_from_user(void *to, const void __user *from, unsigned long n) +@@ -152,6 +165,8 @@ __copy_from_user(void *to, const void __user *from, unsigned long n) return ret; } } @@ -13017,9 +12894,7 @@ index 566e803..7183d0b 100644 return __copy_from_user_ll(to, from, n); } - static __always_inline unsigned long __copy_from_user_nocache(void *to, -+ const void __user *from, unsigned long n) __size_overflow(3); -+static __always_inline unsigned long __copy_from_user_nocache(void *to, +@@ -159,6 +174,10 @@ static __always_inline unsigned long __copy_from_user_nocache(void *to, const void __user *from, unsigned long n) { might_fault(); @@ -13030,13 +12905,8 @@ index 566e803..7183d0b 100644 if (__builtin_constant_p(n)) { unsigned long ret; -@@ -179,17 +208,24 @@ static __always_inline unsigned long __copy_from_user_nocache(void *to, - - static __always_inline unsigned long +@@ -181,15 +200,19 @@ static __always_inline unsigned long __copy_from_user_inatomic_nocache(void *to, const void __user *from, -+ unsigned long n) __size_overflow(3); -+static __always_inline unsigned long -+__copy_from_user_inatomic_nocache(void *to, const void __user *from, unsigned long n) { - return __copy_from_user_ll_nocache_nozero(to, from, n); @@ -13062,7 +12932,7 @@ index 566e803..7183d0b 100644 extern void copy_from_user_overflow(void) #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS -@@ -199,17 +235,65 @@ extern void copy_from_user_overflow(void) +@@ -199,17 +222,61 @@ extern void copy_from_user_overflow(void) #endif ; @@ -13083,8 +12953,6 @@ index 566e803..7183d0b 100644 + * On success, this will be zero. + */ +static inline unsigned long __must_check -+copy_to_user(void __user *to, const void *from, unsigned long n) __size_overflow(3); -+static inline unsigned long __must_check +copy_to_user(void __user *to, const void *from, unsigned long n) +{ + int sz = __compiletime_object_size(from); @@ -13113,8 +12981,6 @@ index 566e803..7183d0b 100644 + * data to the requested size using zero bytes. + */ +static inline unsigned long __must_check -+copy_from_user(void *to, const void __user *from, unsigned long n) __size_overflow(3); -+static inline unsigned long __must_check +copy_from_user(void *to, const void __user *from, unsigned long n) { int sz = __compiletime_object_size(to); @@ -13135,7 +13001,7 @@ index 566e803..7183d0b 100644 return n; } -@@ -235,7 +319,7 @@ long __must_check __strncpy_from_user(char *dst, +@@ -230,7 +297,7 @@ static inline unsigned long __must_check copy_from_user(void *to, #define strlen_user(str) strnlen_user(str, LONG_MAX) long strnlen_user(const char __user *str, long n); @@ -13146,7 +13012,7 @@ index 566e803..7183d0b 100644 #endif /* _ASM_X86_UACCESS_32_H */ diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h -index 1c66d30..e294b5f 100644 +index fcd4b6f..1d52af4 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -10,6 +10,9 @@ @@ -13177,7 +13043,7 @@ index 1c66d30..e294b5f 100644 { unsigned ret; -@@ -32,142 +37,237 @@ copy_user_generic(void *to, const void *from, unsigned len) +@@ -32,142 +37,238 @@ copy_user_generic(void *to, const void *from, unsigned len) ASM_OUTPUT2("=a" (ret), "=D" (to), "=S" (from), "=d" (len)), "1" (to), "2" (from), "3" (len) @@ -13197,12 +13063,25 @@ index 1c66d30..e294b5f 100644 -__must_check unsigned long -copy_in_user(void __user *to, const void __user *from, unsigned len); +copy_in_user(void __user *to, const void __user *from, unsigned long len) __size_overflow(3); ++ ++extern void copy_to_user_overflow(void) ++#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS ++ __compiletime_error("copy_to_user() buffer size is not provably correct") ++#else ++ __compiletime_warning("copy_to_user() buffer size is not provably correct") ++#endif ++; ++ ++extern void copy_from_user_overflow(void) ++#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS ++ __compiletime_error("copy_from_user() buffer size is not provably correct") ++#else ++ __compiletime_warning("copy_from_user() buffer size is not provably correct") ++#endif ++; static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, -+ unsigned long n) __size_overflow(3); -+static inline unsigned long __must_check copy_from_user(void *to, -+ const void __user *from, unsigned long n) { - int sz = __compiletime_object_size(to); @@ -13227,8 +13106,6 @@ index 1c66d30..e294b5f 100644 static __always_inline __must_check -int copy_to_user(void __user *dst, const void *src, unsigned size) -+int copy_to_user(void __user *dst, const void *src, unsigned long size) __size_overflow(3); -+static __always_inline __must_check +int copy_to_user(void __user *dst, const void *src, unsigned long size) { might_fault(); @@ -13241,8 +13118,6 @@ index 1c66d30..e294b5f 100644 static __always_inline __must_check -int __copy_from_user(void *dst, const void __user *src, unsigned size) -+unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long size) __size_overflow(3); -+static __always_inline __must_check +unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long size) { - int ret = 0; @@ -13262,9 +13137,7 @@ index 1c66d30..e294b5f 100644 +#endif + + if (unlikely(sz != -1 && sz < size)) { -+#ifdef CONFIG_DEBUG_VM -+ WARN(1, "Buffer overflow detected!\n"); -+#endif ++ copy_from_user_overflow(); + return size; + } + @@ -13331,8 +13204,6 @@ index 1c66d30..e294b5f 100644 static __always_inline __must_check -int __copy_to_user(void __user *dst, const void *src, unsigned size) -+unsigned long __copy_to_user(void __user *dst, const void *src, unsigned long size) __size_overflow(3); -+static __always_inline __must_check +unsigned long __copy_to_user(void __user *dst, const void *src, unsigned long size) { - int ret = 0; @@ -13352,9 +13223,7 @@ index 1c66d30..e294b5f 100644 +#endif + + if (unlikely(sz != -1 && sz < size)) { -+#ifdef CONFIG_DEBUG_VM -+ WARN(1, "Buffer overflow detected!\n"); -+#endif ++ copy_to_user_overflow(); + return size; + } + @@ -13421,8 +13290,6 @@ index 1c66d30..e294b5f 100644 static __always_inline __must_check -int __copy_in_user(void __user *dst, const void __user *src, unsigned size) -+unsigned long __copy_in_user(void __user *dst, const void __user *src, unsigned long size) __size_overflow(3); -+static __always_inline __must_check +unsigned long __copy_in_user(void __user *dst, const void __user *src, unsigned long size) { - int ret = 0; @@ -13463,7 +13330,7 @@ index 1c66d30..e294b5f 100644 ret, "b", "b", "=q", 1); if (likely(!ret)) __put_user_asm(tmp, (u8 __user *)dst, -@@ -176,7 +276,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -176,7 +277,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) } case 2: { u16 tmp; @@ -13472,7 +13339,7 @@ index 1c66d30..e294b5f 100644 ret, "w", "w", "=r", 2); if (likely(!ret)) __put_user_asm(tmp, (u16 __user *)dst, -@@ -186,7 +286,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -186,7 +287,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) case 4: { u32 tmp; @@ -13481,7 +13348,7 @@ index 1c66d30..e294b5f 100644 ret, "l", "k", "=r", 4); if (likely(!ret)) __put_user_asm(tmp, (u32 __user *)dst, -@@ -195,7 +295,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -195,7 +296,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) } case 8: { u64 tmp; @@ -13490,7 +13357,7 @@ index 1c66d30..e294b5f 100644 ret, "q", "", "=r", 8); if (likely(!ret)) __put_user_asm(tmp, (u64 __user *)dst, -@@ -203,8 +303,16 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -203,47 +304,92 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) return ret; } default: @@ -13509,7 +13376,6 @@ index 1c66d30..e294b5f 100644 } } -@@ -215,39 +323,83 @@ __strncpy_from_user(char *dst, const char __user *src, long count); __must_check long strnlen_user(const char __user *str, long n); __must_check long __strnlen_user(const char __user *str, long n); __must_check long strlen_user(const char __user *str); @@ -13520,8 +13386,6 @@ index 1c66d30..e294b5f 100644 static __must_check __always_inline int -__copy_from_user_inatomic(void *dst, const void __user *src, unsigned size) -+__copy_from_user_inatomic(void *dst, const void __user *src, unsigned long size) __size_overflow(3); -+static __must_check __always_inline int +__copy_from_user_inatomic(void *dst, const void __user *src, unsigned long size) { - return copy_user_generic(dst, (__force const void *)src, size); @@ -13542,8 +13406,6 @@ index 1c66d30..e294b5f 100644 -static __must_check __always_inline int -__copy_to_user_inatomic(void __user *dst, const void *src, unsigned size) +static __must_check __always_inline unsigned long -+__copy_to_user_inatomic(void __user *dst, const void *src, unsigned long size) __size_overflow(3); -+static __must_check __always_inline unsigned long +__copy_to_user_inatomic(void __user *dst, const void *src, unsigned long size) { - return copy_user_generic((__force void *)dst, src, size); @@ -13568,7 +13430,6 @@ index 1c66d30..e294b5f 100644 -static inline int -__copy_from_user_nocache(void *dst, const void __user *src, unsigned size) -+static inline unsigned long __copy_from_user_nocache(void *dst, const void __user *src, unsigned long size) __size_overflow(3); +static inline unsigned long __copy_from_user_nocache(void *dst, const void __user *src, unsigned long size) { might_sleep(); @@ -13588,8 +13449,6 @@ index 1c66d30..e294b5f 100644 -__copy_from_user_inatomic_nocache(void *dst, const void __user *src, - unsigned size) +static inline unsigned long __copy_from_user_inatomic_nocache(void *dst, const void __user *src, -+ unsigned long size) __size_overflow(3); -+static inline unsigned long __copy_from_user_inatomic_nocache(void *dst, const void __user *src, + unsigned long size) { + if (size > INT_MAX) @@ -13623,7 +13482,7 @@ index bb05228..d763d5b 100644 #endif diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h -index a609c39..7a68dc7 100644 +index 764b66a..ad3cfc8 100644 --- a/arch/x86/include/asm/x86_init.h +++ b/arch/x86/include/asm/x86_init.h @@ -29,7 +29,7 @@ struct x86_init_mpparse { @@ -13716,25 +13575,25 @@ index a609c39..7a68dc7 100644 /** * struct x86_cpuinit_ops - platform specific cpu hotplug setups -@@ -149,7 +149,7 @@ struct x86_init_ops { - struct x86_cpuinit_ops { +@@ -151,7 +151,7 @@ struct x86_cpuinit_ops { void (*setup_percpu_clockev)(void); + void (*early_percpu_clock_init)(void); void (*fixup_cpu_id)(struct cpuinfo_x86 *c, int node); -}; +} __no_const; /** * struct x86_platform_ops - platform specific runtime functions -@@ -171,7 +171,7 @@ struct x86_platform_ops { - void (*nmi_init)(void); - unsigned char (*get_nmi_reason)(void); +@@ -177,7 +177,7 @@ struct x86_platform_ops { int (*i8042_detect)(void); + void (*save_sched_clock_state)(void); + void (*restore_sched_clock_state)(void); -}; +} __no_const; struct pci_dev; -@@ -180,7 +180,7 @@ struct x86_msi_ops { +@@ -186,7 +186,7 @@ struct x86_msi_ops { void (*teardown_msi_irq)(unsigned int irq); void (*teardown_msi_irqs)(struct pci_dev *dev); void (*restore_msi_irqs)(struct pci_dev *dev, int irq); @@ -13813,10 +13672,10 @@ index b4fd836..4358fe3 100644 pushw $0 pushw trampoline_segment diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c -index 103b6ab..2004d0a 100644 +index 146a49c..1b5338b 100644 --- a/arch/x86/kernel/acpi/sleep.c +++ b/arch/x86/kernel/acpi/sleep.c -@@ -94,8 +94,12 @@ int acpi_suspend_lowlevel(void) +@@ -98,8 +98,12 @@ int acpi_suspend_lowlevel(void) header->trampoline_segment = trampoline_address() >> 4; #ifdef CONFIG_SMP stack_start = (unsigned long)temp_stack + sizeof(temp_stack); @@ -13830,7 +13689,7 @@ index 103b6ab..2004d0a 100644 #endif initial_code = (unsigned long)wakeup_long64; diff --git a/arch/x86/kernel/acpi/wakeup_32.S b/arch/x86/kernel/acpi/wakeup_32.S -index 13ab720..95d5442 100644 +index 7261083..5c12053 100644 --- a/arch/x86/kernel/acpi/wakeup_32.S +++ b/arch/x86/kernel/acpi/wakeup_32.S @@ -30,13 +30,11 @@ wakeup_pmode_return: @@ -13987,7 +13846,7 @@ index 1f84794..e23f862 100644 } diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c -index 5b3f88e..61232b4 100644 +index edc2448..553e7c5 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -184,7 +184,7 @@ int first_system_vector = 0xfe; @@ -13999,7 +13858,7 @@ index 5b3f88e..61232b4 100644 int pic_mode; -@@ -1912,7 +1912,7 @@ void smp_error_interrupt(struct pt_regs *regs) +@@ -1917,7 +1917,7 @@ void smp_error_interrupt(struct pt_regs *regs) apic_write(APIC_ESR, 0); v1 = apic_read(APIC_ESR); ack_APIC_irq(); @@ -14009,10 +13868,21 @@ index 5b3f88e..61232b4 100644 apic_printk(APIC_DEBUG, KERN_DEBUG "APIC error on CPU%d: %02x(%02x)", smp_processor_id(), v0 , v1); diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c -index fb07275..e06bb59 100644 +index e88300d..cd5a87a 100644 --- a/arch/x86/kernel/apic/io_apic.c +++ b/arch/x86/kernel/apic/io_apic.c -@@ -1096,7 +1096,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, int slot, int pin, +@@ -83,7 +83,9 @@ static struct io_apic_ops io_apic_ops = { + + void __init set_io_apic_ops(const struct io_apic_ops *ops) + { +- io_apic_ops = *ops; ++ pax_open_kernel(); ++ memcpy((void*)&io_apic_ops, ops, sizeof io_apic_ops); ++ pax_close_kernel(); + } + + /* +@@ -1135,7 +1137,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, int slot, int pin, } EXPORT_SYMBOL(IO_APIC_get_PCI_irq_vector); @@ -14021,7 +13891,7 @@ index fb07275..e06bb59 100644 { /* Used to the online set of cpus does not change * during assign_irq_vector. -@@ -1104,7 +1104,7 @@ void lock_vector_lock(void) +@@ -1143,7 +1145,7 @@ void lock_vector_lock(void) raw_spin_lock(&vector_lock); } @@ -14030,16 +13900,16 @@ index fb07275..e06bb59 100644 { raw_spin_unlock(&vector_lock); } -@@ -2510,7 +2510,7 @@ static void ack_apic_edge(struct irq_data *data) +@@ -2549,7 +2551,7 @@ static void ack_apic_edge(struct irq_data *data) ack_APIC_irq(); } -atomic_t irq_mis_count; +atomic_unchecked_t irq_mis_count; - static void ack_apic_level(struct irq_data *data) - { -@@ -2576,7 +2576,7 @@ static void ack_apic_level(struct irq_data *data) + #ifdef CONFIG_GENERIC_PENDING_IRQ + static inline bool ioapic_irqd_mask(struct irq_data *data, struct irq_cfg *cfg) +@@ -2667,7 +2669,7 @@ static void ack_apic_level(struct irq_data *data) * at the cpu. */ if (!(v & (1 << (i & 0x1f)))) { @@ -14049,10 +13919,10 @@ index fb07275..e06bb59 100644 eoi_ioapic_irq(irq, cfg); } diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c -index f76623c..aab694f 100644 +index 459e78c..f037006 100644 --- a/arch/x86/kernel/apm_32.c +++ b/arch/x86/kernel/apm_32.c -@@ -411,7 +411,7 @@ static DEFINE_MUTEX(apm_mutex); +@@ -410,7 +410,7 @@ static DEFINE_MUTEX(apm_mutex); * This is for buggy BIOS's that refer to (real mode) segment 0x40 * even though they are called in protected mode. */ @@ -14061,7 +13931,7 @@ index f76623c..aab694f 100644 (unsigned long)__va(0x400UL), PAGE_SIZE - 0x400 - 1); static const char driver_version[] = "1.16ac"; /* no spaces */ -@@ -589,7 +589,10 @@ static long __apm_bios_call(void *_call) +@@ -588,7 +588,10 @@ static long __apm_bios_call(void *_call) BUG_ON(cpu != 0); gdt = get_cpu_gdt_table(cpu); save_desc_40 = gdt[0x40 / 8]; @@ -14072,7 +13942,7 @@ index f76623c..aab694f 100644 apm_irq_save(flags); APM_DO_SAVE_SEGS; -@@ -598,7 +601,11 @@ static long __apm_bios_call(void *_call) +@@ -597,7 +600,11 @@ static long __apm_bios_call(void *_call) &call->esi); APM_DO_RESTORE_SEGS; apm_irq_restore(flags); @@ -14084,7 +13954,7 @@ index f76623c..aab694f 100644 put_cpu(); return call->eax & 0xff; -@@ -665,7 +672,10 @@ static long __apm_bios_call_simple(void *_call) +@@ -664,7 +671,10 @@ static long __apm_bios_call_simple(void *_call) BUG_ON(cpu != 0); gdt = get_cpu_gdt_table(cpu); save_desc_40 = gdt[0x40 / 8]; @@ -14095,7 +13965,7 @@ index f76623c..aab694f 100644 apm_irq_save(flags); APM_DO_SAVE_SEGS; -@@ -673,7 +683,11 @@ static long __apm_bios_call_simple(void *_call) +@@ -672,7 +682,11 @@ static long __apm_bios_call_simple(void *_call) &call->eax); APM_DO_RESTORE_SEGS; apm_irq_restore(flags); @@ -14107,7 +13977,7 @@ index f76623c..aab694f 100644 put_cpu(); return error; } -@@ -2347,12 +2361,15 @@ static int __init apm_init(void) +@@ -2345,12 +2359,15 @@ static int __init apm_init(void) * code to that CPU. */ gdt = get_cpu_gdt_table(0); @@ -14164,10 +14034,10 @@ index 68de2dc..1f3c720 100644 BLANK(); OFFSET(XEN_vcpu_info_mask, vcpu_info, evtchn_upcall_mask); diff --git a/arch/x86/kernel/asm-offsets_64.c b/arch/x86/kernel/asm-offsets_64.c -index 834e897..dacddc8 100644 +index 1b4754f..fbb4227 100644 --- a/arch/x86/kernel/asm-offsets_64.c +++ b/arch/x86/kernel/asm-offsets_64.c -@@ -70,6 +70,7 @@ int main(void) +@@ -76,6 +76,7 @@ int main(void) BLANK(); #undef ENTRY @@ -14176,7 +14046,7 @@ index 834e897..dacddc8 100644 BLANK(); diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile -index 25f24dc..4094a7f 100644 +index 6ab6aa2..8f71507 100644 --- a/arch/x86/kernel/cpu/Makefile +++ b/arch/x86/kernel/cpu/Makefile @@ -8,10 +8,6 @@ CFLAGS_REMOVE_common.o = -pg @@ -14191,10 +14061,10 @@ index 25f24dc..4094a7f 100644 obj-y += proc.o capflags.o powerflags.o common.o obj-y += vmware.o hypervisor.o sched.o mshyperv.o diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c -index 80ab83d..0a7b34e 100644 +index 146bb62..ac9c74a 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c -@@ -670,7 +670,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, +@@ -691,7 +691,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, unsigned int size) { /* AMD errata T13 (order #21922) */ @@ -14204,10 +14074,10 @@ index 80ab83d..0a7b34e 100644 if (c->x86_model == 3 && c->x86_mask == 0) size = 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index 1a810e4..9fa8201 100644 +index cf79302..b1b28ae 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c -@@ -84,60 +84,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = { +@@ -86,60 +86,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = { static const struct cpu_dev *this_cpu __cpuinitdata = &default_cpu; @@ -14268,7 +14138,7 @@ index 1a810e4..9fa8201 100644 static int __init x86_xsave_setup(char *s) { setup_clear_cpu_cap(X86_FEATURE_XSAVE); -@@ -372,7 +318,7 @@ void switch_to_new_gdt(int cpu) +@@ -374,7 +320,7 @@ void switch_to_new_gdt(int cpu) { struct desc_ptr gdt_descr; @@ -14277,7 +14147,7 @@ index 1a810e4..9fa8201 100644 gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); /* Reload the per-cpu base */ -@@ -839,6 +785,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) +@@ -841,6 +787,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) /* Filter out anything that depends on CPUID levels we don't have */ filter_cpuid_features(c, true); @@ -14288,7 +14158,7 @@ index 1a810e4..9fa8201 100644 /* If the model name is still unset, do table lookup. */ if (!c->x86_model_id[0]) { const char *p; -@@ -1019,10 +969,12 @@ static __init int setup_disablecpuid(char *arg) +@@ -1021,10 +971,12 @@ static __init int setup_disablecpuid(char *arg) } __setup("clearcpuid=", setup_disablecpuid); @@ -14303,7 +14173,7 @@ index 1a810e4..9fa8201 100644 DEFINE_PER_CPU_FIRST(union irq_stack_union, irq_stack_union) __aligned(PAGE_SIZE); -@@ -1036,7 +988,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = +@@ -1038,7 +990,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = EXPORT_PER_CPU_SYMBOL(current_task); DEFINE_PER_CPU(unsigned long, kernel_stack) = @@ -14369,21 +14239,8 @@ index 3e6ff6c..54b4992 100644 load_idt(&idt_descr); } #endif -diff --git a/arch/x86/kernel/cpu/mcheck/mce-inject.c b/arch/x86/kernel/cpu/mcheck/mce-inject.c -index fc4beb3..f20a5a7 100644 ---- a/arch/x86/kernel/cpu/mcheck/mce-inject.c -+++ b/arch/x86/kernel/cpu/mcheck/mce-inject.c -@@ -199,6 +199,8 @@ static void raise_mce(struct mce *m) - - /* Error injection interface */ - static ssize_t mce_write(struct file *filp, const char __user *ubuf, -+ size_t usize, loff_t *off) __size_overflow(3); -+static ssize_t mce_write(struct file *filp, const char __user *ubuf, - size_t usize, loff_t *off) - { - struct mce m; diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c -index 5a11ae2..a1a1c8a 100644 +index 61604ae..98250a5 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -42,6 +42,7 @@ @@ -14434,7 +14291,7 @@ index 5a11ae2..a1a1c8a 100644 return; } /* First print corrected ones that are still unlogged */ -@@ -658,7 +659,7 @@ static int mce_timed_out(u64 *t) +@@ -684,7 +685,7 @@ static int mce_timed_out(u64 *t) * might have been modified by someone else. */ rmb(); @@ -14443,7 +14300,7 @@ index 5a11ae2..a1a1c8a 100644 wait_for_panic(); if (!monarch_timeout) goto out; -@@ -1446,7 +1447,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) +@@ -1535,7 +1536,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) } /* Call the installed machine check handler for this CPU setup. */ @@ -14452,7 +14309,7 @@ index 5a11ae2..a1a1c8a 100644 unexpected_machine_check; /* -@@ -1469,7 +1470,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1558,7 +1559,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) return; } @@ -14462,7 +14319,7 @@ index 5a11ae2..a1a1c8a 100644 __mcheck_cpu_init_generic(); __mcheck_cpu_init_vendor(c); -@@ -1483,7 +1486,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1572,7 +1575,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) */ static DEFINE_SPINLOCK(mce_chrdev_state_lock); @@ -14471,7 +14328,7 @@ index 5a11ae2..a1a1c8a 100644 static int mce_chrdev_open_exclu; /* already open exclusive? */ static int mce_chrdev_open(struct inode *inode, struct file *file) -@@ -1491,7 +1494,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1580,7 +1583,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) spin_lock(&mce_chrdev_state_lock); if (mce_chrdev_open_exclu || @@ -14480,7 +14337,7 @@ index 5a11ae2..a1a1c8a 100644 spin_unlock(&mce_chrdev_state_lock); return -EBUSY; -@@ -1499,7 +1502,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1588,7 +1591,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) if (file->f_flags & O_EXCL) mce_chrdev_open_exclu = 1; @@ -14489,7 +14346,7 @@ index 5a11ae2..a1a1c8a 100644 spin_unlock(&mce_chrdev_state_lock); -@@ -1510,7 +1513,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) +@@ -1599,7 +1602,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) { spin_lock(&mce_chrdev_state_lock); @@ -14498,7 +14355,7 @@ index 5a11ae2..a1a1c8a 100644 mce_chrdev_open_exclu = 0; spin_unlock(&mce_chrdev_state_lock); -@@ -2229,7 +2232,7 @@ struct dentry *mce_get_debugfs_dir(void) +@@ -2324,7 +2327,7 @@ struct dentry *mce_get_debugfs_dir(void) static void mce_reset(void) { cpu_missing = 0; @@ -14508,18 +14365,18 @@ index 5a11ae2..a1a1c8a 100644 atomic_set(&mce_callin, 0); atomic_set(&global_nwo, 0); diff --git a/arch/x86/kernel/cpu/mcheck/p5.c b/arch/x86/kernel/cpu/mcheck/p5.c -index 5c0e653..0882b0a 100644 +index 2d5454c..51987eb 100644 --- a/arch/x86/kernel/cpu/mcheck/p5.c +++ b/arch/x86/kernel/cpu/mcheck/p5.c -@@ -12,6 +12,7 @@ - #include +@@ -11,6 +11,7 @@ + #include #include #include +#include /* By default disabled */ int mce_p5_enabled __read_mostly; -@@ -50,7 +51,9 @@ void intel_p5_mcheck_init(struct cpuinfo_x86 *c) +@@ -49,7 +50,9 @@ void intel_p5_mcheck_init(struct cpuinfo_x86 *c) if (!cpu_has(c, X86_FEATURE_MCE)) return; @@ -14530,18 +14387,18 @@ index 5c0e653..0882b0a 100644 wmb(); diff --git a/arch/x86/kernel/cpu/mcheck/winchip.c b/arch/x86/kernel/cpu/mcheck/winchip.c -index 54060f5..c1a7577 100644 +index 2d7998f..17c9de1 100644 --- a/arch/x86/kernel/cpu/mcheck/winchip.c +++ b/arch/x86/kernel/cpu/mcheck/winchip.c -@@ -11,6 +11,7 @@ - #include +@@ -10,6 +10,7 @@ + #include #include #include +#include /* Machine check handler for WinChip C6: */ static void winchip_machine_check(struct pt_regs *regs, long error_code) -@@ -24,7 +25,9 @@ void winchip_mcheck_init(struct cpuinfo_x86 *c) +@@ -23,7 +24,9 @@ void winchip_mcheck_init(struct cpuinfo_x86 *c) { u32 lo, hi; @@ -14551,19 +14408,6 @@ index 54060f5..c1a7577 100644 /* Make sure the vector pointer is visible before we enable MCEs: */ wmb(); -diff --git a/arch/x86/kernel/cpu/mtrr/if.c b/arch/x86/kernel/cpu/mtrr/if.c -index 7928963..1b16001 100644 ---- a/arch/x86/kernel/cpu/mtrr/if.c -+++ b/arch/x86/kernel/cpu/mtrr/if.c -@@ -91,6 +91,8 @@ mtrr_file_del(unsigned long base, unsigned long size, - * "base=%Lx size=%Lx type=%s" or "disable=%d" - */ - static ssize_t -+mtrr_write(struct file *file, const char __user *buf, size_t len, loff_t * ppos) __size_overflow(3); -+static ssize_t - mtrr_write(struct file *file, const char __user *buf, size_t len, loff_t * ppos) - { - int i, err; diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c index 6b96110..0da73eb 100644 --- a/arch/x86/kernel/cpu/mtrr/main.c @@ -14591,10 +14435,10 @@ index df5e41f..816c719 100644 extern int generic_get_free_region(unsigned long base, unsigned long size, int replace_reg); diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c -index 5adce10..99284ec 100644 +index bb8e034..fb9020b 100644 --- a/arch/x86/kernel/cpu/perf_event.c +++ b/arch/x86/kernel/cpu/perf_event.c -@@ -1665,7 +1665,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) +@@ -1835,7 +1835,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) break; perf_callchain_store(entry, frame.return_address); @@ -14655,7 +14499,7 @@ index 37250fe..bf2ec74 100644 .__cr3 = __pa_nodebug(swapper_pg_dir), diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c -index 4025fe4..d8451c6 100644 +index 1b81839..0b4e7b0 100644 --- a/arch/x86/kernel/dumpstack.c +++ b/arch/x86/kernel/dumpstack.c @@ -2,6 +2,9 @@ @@ -14668,18 +14512,25 @@ index 4025fe4..d8451c6 100644 #include #include #include -@@ -35,9 +38,8 @@ void printk_address(unsigned long address, int reliable) +@@ -35,16 +38,14 @@ void printk_address(unsigned long address, int reliable) static void print_ftrace_graph_addr(unsigned long addr, void *data, const struct stacktrace_ops *ops, - struct thread_info *tinfo, int *graph) + struct task_struct *task, int *graph) { -- struct task_struct *task = tinfo->task; +- struct task_struct *task; unsigned long ret_addr; - int index = task->curr_ret_stack; + int index; + + if (addr != (unsigned long)return_to_handler) + return; + +- task = tinfo->task; + index = task->curr_ret_stack; -@@ -58,7 +60,7 @@ print_ftrace_graph_addr(unsigned long addr, void *data, + if (!task->ret_stack || index < *graph) +@@ -61,7 +62,7 @@ print_ftrace_graph_addr(unsigned long addr, void *data, static inline void print_ftrace_graph_addr(unsigned long addr, void *data, const struct stacktrace_ops *ops, @@ -14688,7 +14539,7 @@ index 4025fe4..d8451c6 100644 { } #endif -@@ -69,10 +71,8 @@ print_ftrace_graph_addr(unsigned long addr, void *data, +@@ -72,10 +73,8 @@ print_ftrace_graph_addr(unsigned long addr, void *data, * severe exception (double fault, nmi, stack fault, debug, mce) hardware stack */ @@ -14700,7 +14551,7 @@ index 4025fe4..d8451c6 100644 if (end) { if (p < end && p >= (end-THREAD_SIZE)) return 1; -@@ -83,14 +83,14 @@ static inline int valid_stack_ptr(struct thread_info *tinfo, +@@ -86,14 +85,14 @@ static inline int valid_stack_ptr(struct thread_info *tinfo, } unsigned long @@ -14717,7 +14568,7 @@ index 4025fe4..d8451c6 100644 unsigned long addr; addr = *stack; -@@ -102,7 +102,7 @@ print_context_stack(struct thread_info *tinfo, +@@ -105,7 +104,7 @@ print_context_stack(struct thread_info *tinfo, } else { ops->address(data, addr, 0); } @@ -14726,7 +14577,7 @@ index 4025fe4..d8451c6 100644 } stack++; } -@@ -111,7 +111,7 @@ print_context_stack(struct thread_info *tinfo, +@@ -114,7 +113,7 @@ print_context_stack(struct thread_info *tinfo, EXPORT_SYMBOL_GPL(print_context_stack); unsigned long @@ -14735,7 +14586,7 @@ index 4025fe4..d8451c6 100644 unsigned long *stack, unsigned long bp, const struct stacktrace_ops *ops, void *data, unsigned long *end, int *graph) -@@ -119,7 +119,7 @@ print_context_stack_bp(struct thread_info *tinfo, +@@ -122,7 +121,7 @@ print_context_stack_bp(struct thread_info *tinfo, struct stack_frame *frame = (struct stack_frame *)bp; unsigned long *ret_addr = &frame->return_address; @@ -14744,7 +14595,7 @@ index 4025fe4..d8451c6 100644 unsigned long addr = *ret_addr; if (!__kernel_text_address(addr)) -@@ -128,7 +128,7 @@ print_context_stack_bp(struct thread_info *tinfo, +@@ -131,7 +130,7 @@ print_context_stack_bp(struct thread_info *tinfo, ops->address(data, addr, 1); frame = frame->next_frame; ret_addr = &frame->return_address; @@ -14753,7 +14604,7 @@ index 4025fe4..d8451c6 100644 } return (unsigned long)frame; -@@ -186,7 +186,7 @@ void dump_stack(void) +@@ -189,7 +188,7 @@ void dump_stack(void) bp = stack_frame(current, NULL); printk("Pid: %d, comm: %.20s %s %s %.*s\n", @@ -14762,7 +14613,7 @@ index 4025fe4..d8451c6 100644 init_utsname()->release, (int)strcspn(init_utsname()->version, " "), init_utsname()->version); -@@ -222,6 +222,8 @@ unsigned __kprobes long oops_begin(void) +@@ -225,6 +224,8 @@ unsigned __kprobes long oops_begin(void) } EXPORT_SYMBOL_GPL(oops_begin); @@ -14771,7 +14622,7 @@ index 4025fe4..d8451c6 100644 void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr) { if (regs && kexec_should_crash(current)) -@@ -243,7 +245,10 @@ void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr) +@@ -246,7 +247,10 @@ void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr) panic("Fatal exception in interrupt"); if (panic_on_oops) panic("Fatal exception"); @@ -14783,7 +14634,7 @@ index 4025fe4..d8451c6 100644 } int __kprobes __die(const char *str, struct pt_regs *regs, long err) -@@ -270,7 +275,7 @@ int __kprobes __die(const char *str, struct pt_regs *regs, long err) +@@ -273,7 +277,7 @@ int __kprobes __die(const char *str, struct pt_regs *regs, long err) show_registers(regs); #ifdef CONFIG_X86_32 @@ -14792,7 +14643,7 @@ index 4025fe4..d8451c6 100644 sp = regs->sp; ss = regs->ss & 0xffff; } else { -@@ -298,7 +303,7 @@ void die(const char *str, struct pt_regs *regs, long err) +@@ -301,7 +305,7 @@ void die(const char *str, struct pt_regs *regs, long err) unsigned long flags = oops_begin(); int sig = SIGSEGV; @@ -14802,7 +14653,7 @@ index 4025fe4..d8451c6 100644 if (__die(str, regs, err)) diff --git a/arch/x86/kernel/dumpstack_32.c b/arch/x86/kernel/dumpstack_32.c -index c99f9ed..2a15d80 100644 +index 88ec912..e95e935 100644 --- a/arch/x86/kernel/dumpstack_32.c +++ b/arch/x86/kernel/dumpstack_32.c @@ -38,15 +38,13 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, @@ -14825,6 +14676,15 @@ index c99f9ed..2a15d80 100644 if (ops->stack(data, "IRQ") < 0) break; touch_nmi_watchdog(); +@@ -87,7 +85,7 @@ void show_registers(struct pt_regs *regs) + int i; + + print_modules(); +- __show_regs(regs, !user_mode_vm(regs)); ++ __show_regs(regs, !user_mode(regs)); + + printk(KERN_EMERG "Process %.*s (pid: %d, ti=%p task=%p task.ti=%p)\n", + TASK_COMM_LEN, current->comm, task_pid_nr(current), @@ -96,21 +94,22 @@ void show_registers(struct pt_regs *regs) * When in-kernel, we also print out the stack and code at the * time of the fault.. @@ -14885,7 +14745,7 @@ index c99f9ed..2a15d80 100644 +EXPORT_SYMBOL(pax_check_alloca); +#endif diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c -index 17107bd..b2deecf 100644 +index 17107bd..9623722 100644 --- a/arch/x86/kernel/dumpstack_64.c +++ b/arch/x86/kernel/dumpstack_64.c @@ -119,9 +119,9 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, @@ -14920,7 +14780,16 @@ index 17107bd..b2deecf 100644 data, estack_end, &graph); ops->stack(data, ""); /* -@@ -172,7 +172,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, +@@ -161,6 +161,8 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, + * second-to-last pointer (index -2 to end) in the + * exception stack: + */ ++ if ((u16)estack_end[-1] != __KERNEL_DS) ++ goto out; + stack = (unsigned long *) estack_end[-2]; + continue; + } +@@ -172,7 +174,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, if (in_irq_stack(stack, irq_stack, irq_stack_end)) { if (ops->stack(data, "IRQ") < 0) break; @@ -14929,17 +14798,18 @@ index 17107bd..b2deecf 100644 ops, data, irq_stack_end, &graph); /* * We link to the next stack (which would be -@@ -191,7 +191,8 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, +@@ -191,7 +193,9 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, /* * This handles the process stack: */ - bp = ops->walk_stack(tinfo, stack, bp, ops, data, NULL, &graph); + stack_start = (void *)((unsigned long)stack & ~(THREAD_SIZE-1)); + bp = ops->walk_stack(task, stack_start, stack, bp, ops, data, NULL, &graph); ++out: put_cpu(); } EXPORT_SYMBOL(dump_trace); -@@ -305,3 +306,50 @@ int is_valid_bugaddr(unsigned long ip) +@@ -305,3 +309,50 @@ int is_valid_bugaddr(unsigned long ip) return ud2 == 0x0b0f; } @@ -15780,7 +15650,7 @@ index 7b784f4..db6b628 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index 1333d98..b340ca2 100644 +index cdc79b5..4710a75 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -56,6 +56,8 @@ @@ -16154,12 +16024,12 @@ index 1333d98..b340ca2 100644 movq %rsp, %rsi leaq -RBP(%rsp),%rdi /* arg1 for handler */ -- testl $3, CS(%rdi) -+ testb $3, CS(%rdi) +- testl $3, CS-RBP(%rsi) ++ testb $3, CS-RBP(%rsi) je 1f SWAPGS /* -@@ -356,9 +640,10 @@ ENTRY(save_rest) +@@ -355,9 +639,10 @@ ENTRY(save_rest) movq_cfi r15, R15+16 movq %r11, 8(%rsp) /* return address */ FIXUP_TOP_OF_STACK %r11, 16 @@ -16171,7 +16041,7 @@ index 1333d98..b340ca2 100644 /* save complete stack frame */ .pushsection .kprobes.text, "ax" -@@ -387,9 +672,10 @@ ENTRY(save_paranoid) +@@ -386,9 +671,10 @@ ENTRY(save_paranoid) js 1f /* negative -> in kernel */ SWAPGS xorl %ebx,%ebx @@ -16184,7 +16054,7 @@ index 1333d98..b340ca2 100644 .popsection /* -@@ -411,7 +697,7 @@ ENTRY(ret_from_fork) +@@ -410,7 +696,7 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -16193,7 +16063,7 @@ index 1333d98..b340ca2 100644 jz retint_restore_args testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -421,7 +707,7 @@ ENTRY(ret_from_fork) +@@ -420,7 +706,7 @@ ENTRY(ret_from_fork) jmp ret_from_sys_call # go to the SYSRET fastpath CFI_ENDPROC @@ -16202,7 +16072,7 @@ index 1333d98..b340ca2 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -457,7 +743,7 @@ END(ret_from_fork) +@@ -456,7 +742,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -16211,7 +16081,7 @@ index 1333d98..b340ca2 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -470,21 +756,23 @@ GLOBAL(system_call_after_swapgs) +@@ -469,16 +755,18 @@ GLOBAL(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -16231,14 +16101,17 @@ index 1333d98..b340ca2 100644 + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%rcx) jnz tracesys system_call_fastpath: - cmpq $__NR_syscall_max,%rax + #if __SYSCALL_MASK == ~0 +@@ -488,7 +776,7 @@ system_call_fastpath: + cmpl $__NR_syscall_max,%eax + #endif ja badsys - movq %r10,%rcx + movq R10-ARGOFFSET(%rsp),%rcx call *sys_call_table(,%rax,8) # XXX: rip relative movq %rax,RAX-ARGOFFSET(%rsp) /* -@@ -498,10 +786,13 @@ sysret_check: +@@ -502,10 +790,13 @@ sysret_check: LOCKDEP_SYS_EXIT DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -16253,7 +16126,7 @@ index 1333d98..b340ca2 100644 /* * sysretq will re-enable interrupts: */ -@@ -553,14 +844,18 @@ badsys: +@@ -557,14 +848,18 @@ badsys: * jump back to the normal fast path. */ auditsys: @@ -16273,7 +16146,7 @@ index 1333d98..b340ca2 100644 jmp system_call_fastpath /* -@@ -581,7 +876,7 @@ sysret_audit: +@@ -585,7 +880,7 @@ sysret_audit: /* Do syscall tracing */ tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -16282,7 +16155,7 @@ index 1333d98..b340ca2 100644 jz auditsys #endif SAVE_REST -@@ -589,16 +884,20 @@ tracesys: +@@ -593,12 +888,16 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -16297,14 +16170,18 @@ index 1333d98..b340ca2 100644 LOAD_ARGS ARGOFFSET, 1 + pax_set_fptr_mask RESTORE_REST + #if __SYSCALL_MASK == ~0 cmpq $__NR_syscall_max,%rax +@@ -607,7 +906,7 @@ tracesys: + cmpl $__NR_syscall_max,%eax + #endif ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */ - movq %r10,%rcx /* fixup for C */ + movq R10-ARGOFFSET(%rsp),%rcx /* fixup for C */ call *sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) /* Use IRET because user could have changed frame */ -@@ -619,6 +918,7 @@ GLOBAL(int_with_check) +@@ -628,6 +927,7 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -16312,7 +16189,7 @@ index 1333d98..b340ca2 100644 jmp retint_swapgs /* Either reschedule or signal or syscall exit tracking needed. */ -@@ -665,7 +965,7 @@ int_restore_rest: +@@ -674,7 +974,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -16321,7 +16198,7 @@ index 1333d98..b340ca2 100644 /* * Certain special system calls that need to save a complete full stack frame. -@@ -681,7 +981,7 @@ ENTRY(\label) +@@ -690,7 +990,7 @@ ENTRY(\label) call \func jmp ptregscall_common CFI_ENDPROC @@ -16330,7 +16207,7 @@ index 1333d98..b340ca2 100644 .endm PTREGSCALL stub_clone, sys_clone, %r8 -@@ -699,9 +999,10 @@ ENTRY(ptregscall_common) +@@ -708,9 +1008,10 @@ ENTRY(ptregscall_common) movq_cfi_restore R12+8, r12 movq_cfi_restore RBP+8, rbp movq_cfi_restore RBX+8, rbx @@ -16342,7 +16219,7 @@ index 1333d98..b340ca2 100644 ENTRY(stub_execve) CFI_STARTPROC -@@ -716,7 +1017,7 @@ ENTRY(stub_execve) +@@ -725,7 +1026,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -16351,16 +16228,16 @@ index 1333d98..b340ca2 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -734,7 +1035,7 @@ ENTRY(stub_rt_sigreturn) +@@ -743,7 +1044,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC -END(stub_rt_sigreturn) +ENDPROC(stub_rt_sigreturn) - /* - * Build the entry stubs and pointer table with some assembler magic. -@@ -769,7 +1070,7 @@ vector=vector+1 + #ifdef CONFIG_X86_X32_ABI + PTREGSCALL stub_x32_sigaltstack, sys32_sigaltstack, %rdx +@@ -812,7 +1113,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -16369,7 +16246,7 @@ index 1333d98..b340ca2 100644 .previous END(interrupt) -@@ -789,6 +1090,16 @@ END(interrupt) +@@ -832,6 +1133,16 @@ END(interrupt) subq $ORIG_RAX-RBP, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP SAVE_ARGS_IRQ @@ -16386,7 +16263,7 @@ index 1333d98..b340ca2 100644 call \func .endm -@@ -820,7 +1131,7 @@ ret_from_intr: +@@ -863,7 +1174,7 @@ ret_from_intr: exit_intr: GET_THREAD_INFO(%rcx) @@ -16395,7 +16272,7 @@ index 1333d98..b340ca2 100644 je retint_kernel /* Interrupt came from user space */ -@@ -842,12 +1153,15 @@ retint_swapgs: /* return to user-space */ +@@ -885,12 +1196,15 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -16411,7 +16288,7 @@ index 1333d98..b340ca2 100644 /* * The iretq could re-enable interrupts: */ -@@ -936,7 +1250,7 @@ ENTRY(retint_kernel) +@@ -979,7 +1293,7 @@ ENTRY(retint_kernel) #endif CFI_ENDPROC @@ -16420,7 +16297,7 @@ index 1333d98..b340ca2 100644 /* * End of kprobes section */ -@@ -953,7 +1267,7 @@ ENTRY(\sym) +@@ -996,7 +1310,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -16429,7 +16306,7 @@ index 1333d98..b340ca2 100644 .endm #ifdef CONFIG_SMP -@@ -1026,12 +1340,22 @@ ENTRY(\sym) +@@ -1069,12 +1383,22 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -16453,7 +16330,7 @@ index 1333d98..b340ca2 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1043,15 +1367,25 @@ ENTRY(\sym) +@@ -1086,15 +1410,25 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -16481,7 +16358,7 @@ index 1333d98..b340ca2 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1061,14 +1395,30 @@ ENTRY(\sym) +@@ -1104,14 +1438,30 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -16513,7 +16390,7 @@ index 1333d98..b340ca2 100644 .endm .macro errorentry sym do_sym -@@ -1079,13 +1429,23 @@ ENTRY(\sym) +@@ -1122,13 +1472,23 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -16538,7 +16415,7 @@ index 1333d98..b340ca2 100644 .endm /* error code is on the stack already */ -@@ -1098,13 +1458,23 @@ ENTRY(\sym) +@@ -1141,13 +1501,23 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -16563,7 +16440,7 @@ index 1333d98..b340ca2 100644 .endm zeroentry divide_error do_divide_error -@@ -1134,9 +1504,10 @@ gs_change: +@@ -1177,9 +1547,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -16575,7 +16452,7 @@ index 1333d98..b340ca2 100644 .section __ex_table,"a" .align 8 -@@ -1158,13 +1529,14 @@ ENTRY(kernel_thread_helper) +@@ -1201,13 +1572,14 @@ ENTRY(kernel_thread_helper) * Here we are in the child and the registers are set as they were * at kernel_thread() invocation in the parent. */ @@ -16591,7 +16468,7 @@ index 1333d98..b340ca2 100644 /* * execve(). This function needs to use IRET, not SYSRET, to set up all state properly. -@@ -1191,11 +1563,11 @@ ENTRY(kernel_execve) +@@ -1234,11 +1606,11 @@ ENTRY(kernel_execve) RESTORE_REST testq %rax,%rax je int_ret_from_sys_call @@ -16605,7 +16482,7 @@ index 1333d98..b340ca2 100644 /* Call softirq on interrupt stack. Interrupts are off. */ ENTRY(call_softirq) -@@ -1213,9 +1585,10 @@ ENTRY(call_softirq) +@@ -1256,9 +1628,10 @@ ENTRY(call_softirq) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -16617,7 +16494,7 @@ index 1333d98..b340ca2 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1253,7 +1626,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1296,7 +1669,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -16626,7 +16503,7 @@ index 1333d98..b340ca2 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1312,7 +1685,7 @@ ENTRY(xen_failsafe_callback) +@@ -1355,7 +1728,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -16635,7 +16512,7 @@ index 1333d98..b340ca2 100644 apicinterrupt XEN_HVM_EVTCHN_CALLBACK \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1361,16 +1734,31 @@ ENTRY(paranoid_exit) +@@ -1404,16 +1777,31 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -16668,7 +16545,7 @@ index 1333d98..b340ca2 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1399,7 +1787,7 @@ paranoid_schedule: +@@ -1442,7 +1830,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -16677,7 +16554,7 @@ index 1333d98..b340ca2 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1426,12 +1814,13 @@ ENTRY(error_entry) +@@ -1469,12 +1857,13 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -16692,7 +16569,7 @@ index 1333d98..b340ca2 100644 ret /* -@@ -1458,7 +1847,7 @@ bstep_iret: +@@ -1501,7 +1890,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -16701,7 +16578,7 @@ index 1333d98..b340ca2 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1478,7 +1867,7 @@ ENTRY(error_exit) +@@ -1521,7 +1910,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -16710,7 +16587,7 @@ index 1333d98..b340ca2 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1535,9 +1924,11 @@ ENTRY(nmi) +@@ -1579,9 +1968,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -16723,7 +16600,7 @@ index 1333d98..b340ca2 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1659,6 +2050,16 @@ restart_nmi: +@@ -1728,6 +2119,16 @@ end_repeat_nmi: */ call save_paranoid DEFAULT_FRAME 0 @@ -16740,7 +16617,7 @@ index 1333d98..b340ca2 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1666,14 +2067,25 @@ restart_nmi: +@@ -1735,21 +2136,32 @@ end_repeat_nmi: testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore nmi_swapgs: @@ -16765,9 +16642,8 @@ index 1333d98..b340ca2 100644 -END(nmi) +ENDPROC(nmi) - /* - * If an NMI hit an iret because of an exception or breakpoint, -@@ -1700,7 +2112,7 @@ ENTRY(ignore_sysret) + ENTRY(ignore_sysret) + CFI_STARTPROC mov $-ENOSYS,%eax sysret CFI_ENDPROC @@ -17621,83 +17497,23 @@ index 9c3bd4a..e1d9b35 100644 +EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR); +#endif diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c -index f239f30..aab2a58 100644 +index 2d6e649..df6e1af 100644 --- a/arch/x86/kernel/i387.c +++ b/arch/x86/kernel/i387.c -@@ -189,6 +189,9 @@ int xfpregs_active(struct task_struct *target, const struct user_regset *regset) - - int xfpregs_get(struct task_struct *target, const struct user_regset *regset, - unsigned int pos, unsigned int count, -+ void *kbuf, void __user *ubuf) __size_overflow(4); -+int xfpregs_get(struct task_struct *target, const struct user_regset *regset, -+ unsigned int pos, unsigned int count, - void *kbuf, void __user *ubuf) - { - int ret; -@@ -208,6 +211,9 @@ int xfpregs_get(struct task_struct *target, const struct user_regset *regset, - - int xfpregs_set(struct task_struct *target, const struct user_regset *regset, - unsigned int pos, unsigned int count, -+ const void *kbuf, const void __user *ubuf) __size_overflow(4); -+int xfpregs_set(struct task_struct *target, const struct user_regset *regset, -+ unsigned int pos, unsigned int count, - const void *kbuf, const void __user *ubuf) - { - int ret; -@@ -241,6 +247,9 @@ int xfpregs_set(struct task_struct *target, const struct user_regset *regset, - - int xstateregs_get(struct task_struct *target, const struct user_regset *regset, - unsigned int pos, unsigned int count, -+ void *kbuf, void __user *ubuf) __size_overflow(4); -+int xstateregs_get(struct task_struct *target, const struct user_regset *regset, -+ unsigned int pos, unsigned int count, - void *kbuf, void __user *ubuf) - { - int ret; -@@ -270,6 +279,9 @@ int xstateregs_get(struct task_struct *target, const struct user_regset *regset, - - int xstateregs_set(struct task_struct *target, const struct user_regset *regset, - unsigned int pos, unsigned int count, -+ const void *kbuf, const void __user *ubuf) __size_overflow(4); -+int xstateregs_set(struct task_struct *target, const struct user_regset *regset, -+ unsigned int pos, unsigned int count, - const void *kbuf, const void __user *ubuf) - { - int ret; -@@ -440,6 +452,9 @@ static void convert_to_fxsr(struct task_struct *tsk, - - int fpregs_get(struct task_struct *target, const struct user_regset *regset, - unsigned int pos, unsigned int count, -+ void *kbuf, void __user *ubuf) __size_overflow(3,4); -+int fpregs_get(struct task_struct *target, const struct user_regset *regset, -+ unsigned int pos, unsigned int count, - void *kbuf, void __user *ubuf) - { - struct user_i387_ia32_struct env; -@@ -472,6 +487,9 @@ int fpregs_get(struct task_struct *target, const struct user_regset *regset, - - int fpregs_set(struct task_struct *target, const struct user_regset *regset, - unsigned int pos, unsigned int count, -+ const void *kbuf, const void __user *ubuf) __size_overflow(3,4); -+int fpregs_set(struct task_struct *target, const struct user_regset *regset, -+ unsigned int pos, unsigned int count, - const void *kbuf, const void __user *ubuf) +@@ -59,7 +59,7 @@ static inline bool interrupted_kernel_fpu_idle(void) + static inline bool interrupted_user_mode(void) { - struct user_i387_ia32_struct env; -@@ -620,6 +638,8 @@ static inline int restore_i387_fsave(struct _fpstate_ia32 __user *buf) + struct pt_regs *regs = get_irq_regs(); +- return regs && user_mode_vm(regs); ++ return regs && user_mode(regs); } - static int restore_i387_fxsave(struct _fpstate_ia32 __user *buf, -+ unsigned int size) __size_overflow(2); -+static int restore_i387_fxsave(struct _fpstate_ia32 __user *buf, - unsigned int size) - { - struct task_struct *tsk = current; + /* diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c -index 6104852..6114160 100644 +index 36d1853..bf25736 100644 --- a/arch/x86/kernel/i8259.c +++ b/arch/x86/kernel/i8259.c -@@ -210,7 +210,7 @@ spurious_8259A_irq: +@@ -209,7 +209,7 @@ spurious_8259A_irq: "spurious 8259A interrupt: IRQ%d.\n", irq); spurious_irq_mask |= irqmask; } @@ -17776,7 +17592,7 @@ index 8c96897..be66bfa 100644 return -EPERM; } diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c -index 7943e0c..dd32c5c 100644 +index 3dafc60..aa8e9c4 100644 --- a/arch/x86/kernel/irq.c +++ b/arch/x86/kernel/irq.c @@ -18,7 +18,7 @@ @@ -17814,7 +17630,7 @@ index 7943e0c..dd32c5c 100644 return sum; } diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c -index 40fc861..9b8739b 100644 +index 58b7f27..e112d08 100644 --- a/arch/x86/kernel/irq_32.c +++ b/arch/x86/kernel/irq_32.c @@ -39,7 +39,7 @@ static int check_stack_overflow(void) @@ -17849,7 +17665,7 @@ index 40fc861..9b8739b 100644 irqctx = __this_cpu_read(hardirq_ctx); /* -@@ -92,21 +91,16 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) +@@ -92,16 +91,16 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) * handler) we can't do that and just have to keep using the * current stack (which is the irq stack already after all) */ @@ -17864,20 +17680,15 @@ index 40fc861..9b8739b 100644 + isp = (u32 *) ((char *)irqctx + sizeof(*irqctx) - 8); + irqctx->previous_esp = current_stack_pointer; -- /* -- * Copy the softirq bits in preempt_count so that the -- * softirq checks work in the hardirq context. -- */ -- irqctx->tinfo.preempt_count = -- (irqctx->tinfo.preempt_count & ~SOFTIRQ_MASK) | -- (curctx->tinfo.preempt_count & SOFTIRQ_MASK); +- /* Copy the preempt_count so that the [soft]irq checks work. */ +- irqctx->tinfo.preempt_count = curctx->tinfo.preempt_count; +#ifdef CONFIG_PAX_MEMORY_UDEREF + __set_fs(MAKE_MM_SEG(0)); +#endif if (unlikely(overflow)) call_on_stack(print_stack_overflow, isp); -@@ -118,6 +112,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) +@@ -113,6 +112,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) : "0" (irq), "1" (desc), "2" (isp), "D" (desc->handle_irq) : "memory", "cc", "ecx"); @@ -17889,7 +17700,7 @@ index 40fc861..9b8739b 100644 return 1; } -@@ -126,29 +125,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) +@@ -121,29 +125,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) */ void __cpuinit irq_ctx_init(int cpu) { @@ -17921,7 +17732,7 @@ index 40fc861..9b8739b 100644 printk(KERN_DEBUG "CPU %u irqstacks, hard=%p soft=%p\n", cpu, per_cpu(hardirq_ctx, cpu), per_cpu(softirq_ctx, cpu)); -@@ -157,7 +138,6 @@ void __cpuinit irq_ctx_init(int cpu) +@@ -152,7 +138,6 @@ void __cpuinit irq_ctx_init(int cpu) asmlinkage void do_softirq(void) { unsigned long flags; @@ -17929,7 +17740,7 @@ index 40fc861..9b8739b 100644 union irq_ctx *irqctx; u32 *isp; -@@ -167,15 +147,22 @@ asmlinkage void do_softirq(void) +@@ -162,15 +147,22 @@ asmlinkage void do_softirq(void) local_irq_save(flags); if (local_softirq_pending()) { @@ -17956,6 +17767,15 @@ index 40fc861..9b8739b 100644 /* * Shouldn't happen, we returned above if in_interrupt(): */ +@@ -191,7 +183,7 @@ bool handle_irq(unsigned irq, struct pt_regs *regs) + if (unlikely(!desc)) + return false; + +- if (user_mode_vm(regs) || !execute_on_irq_stack(overflow, desc, irq)) { ++ if (user_mode(regs) || !execute_on_irq_stack(overflow, desc, irq)) { + if (unlikely(overflow)) + print_stack_overflow(); + desc->handle_irq(irq, desc); diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c index d04d3ec..ea4b374 100644 --- a/arch/x86/kernel/irq_64.c @@ -17970,7 +17790,7 @@ index d04d3ec..ea4b374 100644 if (regs->sp >= curbase + sizeof(struct thread_info) + diff --git a/arch/x86/kernel/kdebugfs.c b/arch/x86/kernel/kdebugfs.c -index 90fcf62..e682cdd 100644 +index 1d5d31e..ab846ed 100644 --- a/arch/x86/kernel/kdebugfs.c +++ b/arch/x86/kernel/kdebugfs.c @@ -28,6 +28,8 @@ struct setup_data_node { @@ -17983,10 +17803,10 @@ index 90fcf62..e682cdd 100644 { struct setup_data_node *node = file->private_data; diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c -index 2f45c4c..d95504f 100644 +index 8bfb614..2b3b35f 100644 --- a/arch/x86/kernel/kgdb.c +++ b/arch/x86/kernel/kgdb.c -@@ -126,11 +126,11 @@ char *dbg_get_reg(int regno, void *mem, struct pt_regs *regs) +@@ -127,11 +127,11 @@ char *dbg_get_reg(int regno, void *mem, struct pt_regs *regs) #ifdef CONFIG_X86_32 switch (regno) { case GDB_SS: @@ -18000,7 +17820,7 @@ index 2f45c4c..d95504f 100644 *(unsigned long *)mem = kernel_stack_pointer(regs); break; case GDB_GS: -@@ -475,12 +475,12 @@ int kgdb_arch_handle_exception(int e_vector, int signo, int err_code, +@@ -476,12 +476,12 @@ int kgdb_arch_handle_exception(int e_vector, int signo, int err_code, case 'k': /* clear the trace bit */ linux_regs->flags &= ~X86_EFLAGS_TF; @@ -18015,7 +17835,7 @@ index 2f45c4c..d95504f 100644 raw_smp_processor_id()); } -@@ -545,7 +545,7 @@ static int __kgdb_notify(struct die_args *args, unsigned long cmd) +@@ -546,7 +546,7 @@ static int __kgdb_notify(struct die_args *args, unsigned long cmd) switch (cmd) { case DIE_DEBUG: @@ -18024,11 +17844,47 @@ index 2f45c4c..d95504f 100644 if (user_mode(regs)) return single_step_cont(regs, args); break; +diff --git a/arch/x86/kernel/kprobes-opt.c b/arch/x86/kernel/kprobes-opt.c +index c5e410e..da6aaf9 100644 +--- a/arch/x86/kernel/kprobes-opt.c ++++ b/arch/x86/kernel/kprobes-opt.c +@@ -338,7 +338,7 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) + * Verify if the address gap is in 2GB range, because this uses + * a relative jump. + */ +- rel = (long)op->optinsn.insn - (long)op->kp.addr + RELATIVEJUMP_SIZE; ++ rel = (long)op->optinsn.insn - ktla_ktva((long)op->kp.addr) + RELATIVEJUMP_SIZE; + if (abs(rel) > 0x7fffffff) + return -ERANGE; + +@@ -359,11 +359,11 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) + synthesize_set_arg1(buf + TMPL_MOVE_IDX, (unsigned long)op); + + /* Set probe function call */ +- synthesize_relcall(buf + TMPL_CALL_IDX, optimized_callback); ++ synthesize_relcall(buf + TMPL_CALL_IDX, ktla_ktva(optimized_callback)); + + /* Set returning jmp instruction at the tail of out-of-line buffer */ + synthesize_reljump(buf + TMPL_END_IDX + op->optinsn.size, +- (u8 *)op->kp.addr + op->optinsn.size); ++ (u8 *)ktla_ktva(op->kp.addr) + op->optinsn.size); + + flush_icache_range((unsigned long) buf, + (unsigned long) buf + TMPL_END_IDX + +@@ -385,7 +385,7 @@ static void __kprobes setup_optimize_kprobe(struct text_poke_param *tprm, + ((long)op->kp.addr + RELATIVEJUMP_SIZE)); + + /* Backup instructions which will be replaced by jump address */ +- memcpy(op->optinsn.copied_insn, op->kp.addr + INT3_SIZE, ++ memcpy(op->optinsn.copied_insn, ktla_ktva(op->kp.addr) + INT3_SIZE, + RELATIVE_ADDR_SIZE); + + insn_buf[0] = RELATIVEJUMP_OPCODE; diff --git a/arch/x86/kernel/kprobes.c b/arch/x86/kernel/kprobes.c -index 7da647d..56fe348 100644 +index e213fc8..d783ba4 100644 --- a/arch/x86/kernel/kprobes.c +++ b/arch/x86/kernel/kprobes.c -@@ -118,8 +118,11 @@ static void __kprobes __synthesize_relative_insn(void *from, void *to, u8 op) +@@ -120,8 +120,11 @@ static void __kprobes __synthesize_relative_insn(void *from, void *to, u8 op) } __attribute__((packed)) *insn; insn = (struct __arch_relative_insn *)from; @@ -18040,7 +17896,7 @@ index 7da647d..56fe348 100644 } /* Insert a jump instruction at address 'from', which jumps to address 'to'.*/ -@@ -156,7 +159,7 @@ static int __kprobes can_boost(kprobe_opcode_t *opcodes) +@@ -164,7 +167,7 @@ int __kprobes can_boost(kprobe_opcode_t *opcodes) kprobe_opcode_t opcode; kprobe_opcode_t *orig_opcodes = opcodes; @@ -18049,18 +17905,18 @@ index 7da647d..56fe348 100644 return 0; /* Page fault may occur on this address. */ retry: -@@ -317,7 +320,9 @@ static int __kprobes __copy_instruction(u8 *dest, u8 *src, int recover) - } - } - insn_get_length(&insn); +@@ -332,7 +335,9 @@ int __kprobes __copy_instruction(u8 *dest, u8 *src) + /* Another subsystem puts a breakpoint, failed to recover */ + if (insn.opcode.bytes[0] == BREAKPOINT_INSTRUCTION) + return 0; + pax_open_kernel(); memcpy(dest, insn.kaddr, insn.length); + pax_close_kernel(); #ifdef CONFIG_X86_64 if (insn_rip_relative(&insn)) { -@@ -341,7 +346,9 @@ static int __kprobes __copy_instruction(u8 *dest, u8 *src, int recover) - (u8 *) dest; +@@ -355,7 +360,9 @@ int __kprobes __copy_instruction(u8 *dest, u8 *src) + newdisp = (u8 *) src + (s64) insn.displacement.value - (u8 *) dest; BUG_ON((s64) (s32) newdisp != newdisp); /* Sanity check. */ disp = (u8 *) dest + insn_offset_displacement(&insn); + pax_open_kernel(); @@ -18069,22 +17925,7 @@ index 7da647d..56fe348 100644 } #endif return insn.length; -@@ -355,12 +362,12 @@ static void __kprobes arch_copy_kprobe(struct kprobe *p) - */ - __copy_instruction(p->ainsn.insn, p->addr, 0); - -- if (can_boost(p->addr)) -+ if (can_boost(ktla_ktva(p->addr))) - p->ainsn.boostable = 0; - else - p->ainsn.boostable = -1; - -- p->opcode = *p->addr; -+ p->opcode = *(ktla_ktva(p->addr)); - } - - int __kprobes arch_prepare_kprobe(struct kprobe *p) -@@ -477,7 +484,7 @@ static void __kprobes setup_singlestep(struct kprobe *p, struct pt_regs *regs, +@@ -485,7 +492,7 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k * nor set current_kprobe, because it doesn't use single * stepping. */ @@ -18093,7 +17934,7 @@ index 7da647d..56fe348 100644 preempt_enable_no_resched(); return; } -@@ -496,7 +503,7 @@ static void __kprobes setup_singlestep(struct kprobe *p, struct pt_regs *regs, +@@ -504,7 +511,7 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k if (p->opcode == BREAKPOINT_INSTRUCTION) regs->ip = (unsigned long)p->addr; else @@ -18102,7 +17943,7 @@ index 7da647d..56fe348 100644 } /* -@@ -575,7 +582,7 @@ static int __kprobes kprobe_handler(struct pt_regs *regs) +@@ -583,7 +590,7 @@ static int __kprobes kprobe_handler(struct pt_regs *regs) setup_singlestep(p, regs, kcb, 0); return 1; } @@ -18111,7 +17952,7 @@ index 7da647d..56fe348 100644 /* * The breakpoint instruction was removed right * after we hit it. Another cpu has removed -@@ -683,6 +690,9 @@ static void __used __kprobes kretprobe_trampoline_holder(void) +@@ -628,6 +635,9 @@ static void __used __kprobes kretprobe_trampoline_holder(void) " movq %rax, 152(%rsp)\n" RESTORE_REGS_STRING " popfq\n" @@ -18121,8 +17962,8 @@ index 7da647d..56fe348 100644 #else " pushf\n" SAVE_REGS_STRING -@@ -820,7 +830,7 @@ static void __kprobes resume_execution(struct kprobe *p, - struct pt_regs *regs, struct kprobe_ctlblk *kcb) +@@ -765,7 +775,7 @@ static void __kprobes + resume_execution(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *kcb) { unsigned long *tos = stack_addr(regs); - unsigned long copy_ip = (unsigned long)p->ainsn.insn; @@ -18130,7 +17971,7 @@ index 7da647d..56fe348 100644 unsigned long orig_ip = (unsigned long)p->addr; kprobe_opcode_t *insn = p->ainsn.insn; -@@ -1002,7 +1012,7 @@ int __kprobes kprobe_exceptions_notify(struct notifier_block *self, +@@ -947,7 +957,7 @@ kprobe_exceptions_notify(struct notifier_block *self, unsigned long val, void *d struct die_args *args = data; int ret = NOTIFY_DONE; @@ -18139,43 +17980,11 @@ index 7da647d..56fe348 100644 return ret; switch (val) { -@@ -1384,7 +1394,7 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) - * Verify if the address gap is in 2GB range, because this uses - * a relative jump. - */ -- rel = (long)op->optinsn.insn - (long)op->kp.addr + RELATIVEJUMP_SIZE; -+ rel = (long)op->optinsn.insn - ktla_ktva((long)op->kp.addr) + RELATIVEJUMP_SIZE; - if (abs(rel) > 0x7fffffff) - return -ERANGE; - -@@ -1405,11 +1415,11 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) - synthesize_set_arg1(buf + TMPL_MOVE_IDX, (unsigned long)op); - - /* Set probe function call */ -- synthesize_relcall(buf + TMPL_CALL_IDX, optimized_callback); -+ synthesize_relcall(buf + TMPL_CALL_IDX, ktla_ktva(optimized_callback)); - - /* Set returning jmp instruction at the tail of out-of-line buffer */ - synthesize_reljump(buf + TMPL_END_IDX + op->optinsn.size, -- (u8 *)op->kp.addr + op->optinsn.size); -+ (u8 *)ktla_ktva(op->kp.addr) + op->optinsn.size); - - flush_icache_range((unsigned long) buf, - (unsigned long) buf + TMPL_END_IDX + -@@ -1431,7 +1441,7 @@ static void __kprobes setup_optimize_kprobe(struct text_poke_param *tprm, - ((long)op->kp.addr + RELATIVEJUMP_SIZE)); - - /* Backup instructions which will be replaced by jump address */ -- memcpy(op->optinsn.copied_insn, op->kp.addr + INT3_SIZE, -+ memcpy(op->optinsn.copied_insn, ktla_ktva(op->kp.addr) + INT3_SIZE, - RELATIVE_ADDR_SIZE); - - insn_buf[0] = RELATIVEJUMP_OPCODE; diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c -index ea69726..a305f16 100644 +index ebc9873..1b9724b 100644 --- a/arch/x86/kernel/ldt.c +++ b/arch/x86/kernel/ldt.c -@@ -67,13 +67,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) +@@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) if (reload) { #ifdef CONFIG_SMP preempt_disable(); @@ -18191,7 +18000,7 @@ index ea69726..a305f16 100644 #endif } if (oldsize) { -@@ -95,7 +95,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old) +@@ -94,7 +94,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old) return err; for (i = 0; i < old->size; i++) @@ -18200,7 +18009,7 @@ index ea69726..a305f16 100644 return 0; } -@@ -116,6 +116,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm) +@@ -115,6 +115,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm) retval = copy_ldt(&mm->context, &old_mm->context); mutex_unlock(&old_mm->context.lock); } @@ -18225,23 +18034,7 @@ index ea69726..a305f16 100644 return retval; } -@@ -141,6 +159,7 @@ void destroy_context(struct mm_struct *mm) - } - } - -+static int read_ldt(void __user *ptr, unsigned long bytecount) __size_overflow(2); - static int read_ldt(void __user *ptr, unsigned long bytecount) - { - int err; -@@ -175,6 +194,7 @@ error_return: - return err; - } - -+static int read_default_ldt(void __user *ptr, unsigned long bytecount) __size_overflow(2); - static int read_default_ldt(void __user *ptr, unsigned long bytecount) - { - /* CHECKME: Can we use _one_ random number ? */ -@@ -230,6 +250,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) +@@ -229,6 +247,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) } } @@ -18256,10 +18049,10 @@ index ea69726..a305f16 100644 if (oldmode) ldt.avl = 0; diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c -index a3fa43b..8966f4c 100644 +index 5b19e4d..6476a76 100644 --- a/arch/x86/kernel/machine_kexec_32.c +++ b/arch/x86/kernel/machine_kexec_32.c -@@ -27,7 +27,7 @@ +@@ -26,7 +26,7 @@ #include #include @@ -18268,7 +18061,7 @@ index a3fa43b..8966f4c 100644 { struct desc_ptr curidt; -@@ -39,7 +39,7 @@ static void set_idt(void *newidt, __u16 limit) +@@ -38,7 +38,7 @@ static void set_idt(void *newidt, __u16 limit) } @@ -18277,7 +18070,7 @@ index a3fa43b..8966f4c 100644 { struct desc_ptr curgdt; -@@ -217,7 +217,7 @@ void machine_kexec(struct kimage *image) +@@ -216,7 +216,7 @@ void machine_kexec(struct kimage *image) } control_page = page_address(image->control_code_page); @@ -18287,14 +18080,11 @@ index a3fa43b..8966f4c 100644 relocate_kernel_ptr = control_page; page_list[PA_CONTROL_PAGE] = __pa(control_page); diff --git a/arch/x86/kernel/microcode_intel.c b/arch/x86/kernel/microcode_intel.c -index 3ca42d0..79d24cd 100644 +index 0327e2b..e43737b 100644 --- a/arch/x86/kernel/microcode_intel.c +++ b/arch/x86/kernel/microcode_intel.c -@@ -434,15 +434,16 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device) - return ret; - } +@@ -430,13 +430,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device) -+static int get_ucode_user(void *to, const void *from, size_t n) __size_overflow(3); static int get_ucode_user(void *to, const void *from, size_t n) { - return copy_from_user(to, from, n); @@ -18310,15 +18100,14 @@ index 3ca42d0..79d24cd 100644 static void microcode_fini_cpu(int cpu) diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c -index 925179f..1f0d561 100644 +index f21fd94..61565cd 100644 --- a/arch/x86/kernel/module.c +++ b/arch/x86/kernel/module.c -@@ -36,15 +36,61 @@ +@@ -35,15 +35,60 @@ #define DEBUGP(fmt...) #endif -void *module_alloc(unsigned long size) -+static inline void *__module_alloc(unsigned long size, pgprot_t prot) __size_overflow(1); +static inline void *__module_alloc(unsigned long size, pgprot_t prot) { - if (PAGE_ALIGN(size) > MODULES_LEN) @@ -18378,7 +18167,7 @@ index 925179f..1f0d561 100644 #ifdef CONFIG_X86_32 int apply_relocate(Elf32_Shdr *sechdrs, const char *strtab, -@@ -55,14 +101,16 @@ int apply_relocate(Elf32_Shdr *sechdrs, +@@ -54,14 +99,16 @@ int apply_relocate(Elf32_Shdr *sechdrs, unsigned int i; Elf32_Rel *rel = (void *)sechdrs[relsec].sh_addr; Elf32_Sym *sym; @@ -18398,7 +18187,7 @@ index 925179f..1f0d561 100644 /* This is the symbol it is referring to. Note that all undefined symbols have been resolved. */ sym = (Elf32_Sym *)sechdrs[symindex].sh_addr -@@ -71,11 +119,15 @@ int apply_relocate(Elf32_Shdr *sechdrs, +@@ -70,11 +117,15 @@ int apply_relocate(Elf32_Shdr *sechdrs, switch (ELF32_R_TYPE(rel[i].r_info)) { case R_386_32: /* We add the value into the location given */ @@ -18416,7 +18205,7 @@ index 925179f..1f0d561 100644 break; default: printk(KERN_ERR "module %s: Unknown relocation: %u\n", -@@ -120,21 +172,30 @@ int apply_relocate_add(Elf64_Shdr *sechdrs, +@@ -119,21 +170,30 @@ int apply_relocate_add(Elf64_Shdr *sechdrs, case R_X86_64_NONE: break; case R_X86_64_64: @@ -18448,10 +18237,10 @@ index 925179f..1f0d561 100644 if ((s64)val != *(s32 *)loc) goto overflow; diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c -index 47acaf3..ec48ab6 100644 +index 32856fa..ce95eaa 100644 --- a/arch/x86/kernel/nmi.c +++ b/arch/x86/kernel/nmi.c -@@ -505,6 +505,17 @@ static inline void nmi_nesting_postprocess(void) +@@ -507,6 +507,17 @@ static inline void nmi_nesting_postprocess(void) dotraplinkage notrace __kprobes void do_nmi(struct pt_regs *regs, long error_code) { @@ -18483,10 +18272,10 @@ index 676b8c7..870ba04 100644 .spin_is_locked = __ticket_spin_is_locked, .spin_is_contended = __ticket_spin_is_contended, diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c -index d90272e..6bb013b 100644 +index ab13760..01218e0 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c -@@ -53,6 +53,9 @@ u64 _paravirt_ident_64(u64 x) +@@ -55,6 +55,9 @@ u64 _paravirt_ident_64(u64 x) { return x; } @@ -18496,7 +18285,7 @@ index d90272e..6bb013b 100644 void __init default_banner(void) { -@@ -145,15 +148,19 @@ unsigned paravirt_patch_default(u8 type, u16 clobbers, void *insnbuf, +@@ -147,15 +150,19 @@ unsigned paravirt_patch_default(u8 type, u16 clobbers, void *insnbuf, if (opfunc == NULL) /* If there's no function, patch it with a ud2a (BUG) */ ret = paravirt_patch_insns(insnbuf, len, ud2a, ud2a+sizeof(ud2a)); @@ -18519,7 +18308,7 @@ index d90272e..6bb013b 100644 else if (type == PARAVIRT_PATCH(pv_cpu_ops.iret) || type == PARAVIRT_PATCH(pv_cpu_ops.irq_enable_sysexit) || -@@ -178,7 +185,7 @@ unsigned paravirt_patch_insns(void *insnbuf, unsigned len, +@@ -180,7 +187,7 @@ unsigned paravirt_patch_insns(void *insnbuf, unsigned len, if (insn_len > len || start == NULL) insn_len = len; else @@ -18528,7 +18317,7 @@ index d90272e..6bb013b 100644 return insn_len; } -@@ -302,7 +309,7 @@ void arch_flush_lazy_mmu_mode(void) +@@ -304,7 +311,7 @@ void arch_flush_lazy_mmu_mode(void) preempt_enable(); } @@ -18537,7 +18326,7 @@ index d90272e..6bb013b 100644 .name = "bare hardware", .paravirt_enabled = 0, .kernel_rpl = 0, -@@ -313,16 +320,16 @@ struct pv_info pv_info = { +@@ -315,16 +322,16 @@ struct pv_info pv_info = { #endif }; @@ -18557,7 +18346,7 @@ index d90272e..6bb013b 100644 .save_fl = __PV_IS_CALLEE_SAVE(native_save_fl), .restore_fl = __PV_IS_CALLEE_SAVE(native_restore_fl), .irq_disable = __PV_IS_CALLEE_SAVE(native_irq_disable), -@@ -334,7 +341,7 @@ struct pv_irq_ops pv_irq_ops = { +@@ -336,7 +343,7 @@ struct pv_irq_ops pv_irq_ops = { #endif }; @@ -18566,7 +18355,7 @@ index d90272e..6bb013b 100644 .cpuid = native_cpuid, .get_debugreg = native_get_debugreg, .set_debugreg = native_set_debugreg, -@@ -395,21 +402,26 @@ struct pv_cpu_ops pv_cpu_ops = { +@@ -397,21 +404,26 @@ struct pv_cpu_ops pv_cpu_ops = { .end_context_switch = paravirt_nop, }; @@ -18596,7 +18385,7 @@ index d90272e..6bb013b 100644 .read_cr2 = native_read_cr2, .write_cr2 = native_write_cr2, -@@ -459,6 +471,7 @@ struct pv_mmu_ops pv_mmu_ops = { +@@ -461,6 +473,7 @@ struct pv_mmu_ops pv_mmu_ops = { .make_pud = PTE_IDENT, .set_pgd = native_set_pgd, @@ -18604,7 +18393,7 @@ index d90272e..6bb013b 100644 #endif #endif /* PAGETABLE_LEVELS >= 3 */ -@@ -478,6 +491,12 @@ struct pv_mmu_ops pv_mmu_ops = { +@@ -480,6 +493,12 @@ struct pv_mmu_ops pv_mmu_ops = { }, .set_fixmap = native_set_fixmap, @@ -18631,10 +18420,10 @@ index 35ccf75..7a15747 100644 #define DEBUG 1 diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c -index 15763af..da59ada 100644 +index 1d92a5a..7bc8c29 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c -@@ -48,16 +48,33 @@ void free_thread_xstate(struct task_struct *tsk) +@@ -69,16 +69,33 @@ void free_thread_xstate(struct task_struct *tsk) void free_thread_info(struct thread_info *ti) { @@ -18672,7 +18461,7 @@ index 15763af..da59ada 100644 } /* -@@ -70,7 +87,7 @@ void exit_thread(void) +@@ -91,7 +108,7 @@ void exit_thread(void) unsigned long *bp = t->io_bitmap_ptr; if (bp) { @@ -18681,7 +18470,7 @@ index 15763af..da59ada 100644 t->io_bitmap_ptr = NULL; clear_thread_flag(TIF_IO_BITMAP); -@@ -106,7 +123,7 @@ void show_regs_common(void) +@@ -127,7 +144,7 @@ void show_regs_common(void) printk(KERN_CONT "\n"); printk(KERN_DEFAULT "Pid: %d, comm: %.20s %s %s %.*s", @@ -18690,7 +18479,7 @@ index 15763af..da59ada 100644 init_utsname()->release, (int)strcspn(init_utsname()->version, " "), init_utsname()->version); -@@ -120,6 +137,9 @@ void flush_thread(void) +@@ -141,6 +158,9 @@ void flush_thread(void) { struct task_struct *tsk = current; @@ -18700,7 +18489,7 @@ index 15763af..da59ada 100644 flush_ptrace_hw_breakpoint(tsk); memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array)); /* -@@ -282,10 +302,10 @@ int kernel_thread(int (*fn)(void *), void *arg, unsigned long flags) +@@ -303,10 +323,10 @@ int kernel_thread(int (*fn)(void *), void *arg, unsigned long flags) regs.di = (unsigned long) arg; #ifdef CONFIG_X86_32 @@ -18714,7 +18503,16 @@ index 15763af..da59ada 100644 #else regs.ss = __KERNEL_DS; #endif -@@ -411,7 +431,7 @@ bool set_pm_idle_to_default(void) +@@ -392,7 +412,7 @@ static void __exit_idle(void) + void exit_idle(void) + { + /* idle loop has pid 0 */ +- if (current->pid) ++ if (task_pid_nr(current)) + return; + __exit_idle(); + } +@@ -501,7 +521,7 @@ bool set_pm_idle_to_default(void) return ret; } @@ -18723,7 +18521,7 @@ index 15763af..da59ada 100644 { local_irq_disable(); /* -@@ -653,16 +673,37 @@ static int __init idle_setup(char *str) +@@ -743,16 +763,37 @@ static int __init idle_setup(char *str) } early_param("idle", idle_setup); @@ -18772,18 +18570,18 @@ index 15763af..da59ada 100644 +} +#endif diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c -index c08d1ff..6ae1c81 100644 +index ae68473..7b0bb71 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c -@@ -67,6 +67,7 @@ asmlinkage void ret_from_fork(void) __asm__("ret_from_fork"); +@@ -64,6 +64,7 @@ asmlinkage void ret_from_fork(void) __asm__("ret_from_fork"); unsigned long thread_saved_pc(struct task_struct *tsk) { return ((unsigned long *)tsk->thread.sp)[3]; +//XXX return tsk->thread.eip; } - #ifndef CONFIG_SMP -@@ -132,15 +133,14 @@ void __show_regs(struct pt_regs *regs, int all) + void __show_regs(struct pt_regs *regs, int all) +@@ -73,15 +74,14 @@ void __show_regs(struct pt_regs *regs, int all) unsigned long sp; unsigned short ss, gs; @@ -18801,7 +18599,7 @@ index c08d1ff..6ae1c81 100644 show_regs_common(); -@@ -202,13 +202,14 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +@@ -143,13 +143,14 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, struct task_struct *tsk; int err; @@ -18817,7 +18615,7 @@ index c08d1ff..6ae1c81 100644 p->thread.ip = (unsigned long) ret_from_fork; -@@ -299,7 +300,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -240,7 +241,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) struct thread_struct *prev = &prev_p->thread, *next = &next_p->thread; int cpu = smp_processor_id(); @@ -18826,7 +18624,7 @@ index c08d1ff..6ae1c81 100644 fpu_switch_t fpu; /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */ -@@ -323,6 +324,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -264,6 +265,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) */ lazy_save_gs(prev->gs); @@ -18837,7 +18635,7 @@ index c08d1ff..6ae1c81 100644 /* * Load the per-thread Thread-Local Storage descriptor. */ -@@ -353,6 +358,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -294,6 +299,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) */ arch_end_context_switch(next_p); @@ -18847,7 +18645,7 @@ index c08d1ff..6ae1c81 100644 /* * Restore %gs if needed (which is common) */ -@@ -361,8 +369,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -302,8 +310,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) switch_fpu_finish(next_p, fpu); @@ -18856,25 +18654,16 @@ index c08d1ff..6ae1c81 100644 return prev_p; } -@@ -392,4 +398,3 @@ unsigned long get_wchan(struct task_struct *p) +@@ -333,4 +339,3 @@ unsigned long get_wchan(struct task_struct *p) } while (count++ < 16); return 0; } - diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c -index cfa5c90..4facd28 100644 +index 43d8b48..c45d566 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c -@@ -89,7 +89,7 @@ static void __exit_idle(void) - void exit_idle(void) - { - /* idle loop has pid 0 */ -- if (current->pid) -+ if (task_pid_nr(current)) - return; - __exit_idle(); - } -@@ -270,8 +270,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +@@ -162,8 +162,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, struct pt_regs *childregs; struct task_struct *me = current; @@ -18884,7 +18673,7 @@ index cfa5c90..4facd28 100644 *childregs = *regs; childregs->ax = 0; -@@ -283,6 +282,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +@@ -175,6 +174,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, p->thread.sp = (unsigned long) childregs; p->thread.sp0 = (unsigned long) (childregs+1); p->thread.usersp = me->thread.usersp; @@ -18892,7 +18681,7 @@ index cfa5c90..4facd28 100644 set_tsk_thread_flag(p, TIF_FORK); -@@ -385,7 +385,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -280,7 +280,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) struct thread_struct *prev = &prev_p->thread; struct thread_struct *next = &next_p->thread; int cpu = smp_processor_id(); @@ -18901,7 +18690,7 @@ index cfa5c90..4facd28 100644 unsigned fsindex, gsindex; fpu_switch_t fpu; -@@ -467,10 +467,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -362,10 +362,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) prev->usersp = percpu_read(old_rsp); percpu_write(old_rsp, next->usersp); percpu_write(current_task, next_p); @@ -18914,7 +18703,7 @@ index cfa5c90..4facd28 100644 /* * Now maybe reload the debug registers and handle I/O bitmaps -@@ -525,12 +524,11 @@ unsigned long get_wchan(struct task_struct *p) +@@ -434,12 +433,11 @@ unsigned long get_wchan(struct task_struct *p) if (!p || p == current || p->state == TASK_RUNNING) return 0; stack = (unsigned long)task_stack_page(p); @@ -18930,21 +18719,10 @@ index cfa5c90..4facd28 100644 ip = *(u64 *)(fp+8); if (!in_sched_functions(ip)) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c -index 5026738..574f70a 100644 +index cf11783..e7ce551 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c -@@ -792,6 +792,10 @@ static int ioperm_active(struct task_struct *target, - static int ioperm_get(struct task_struct *target, - const struct user_regset *regset, - unsigned int pos, unsigned int count, -+ void *kbuf, void __user *ubuf) __size_overflow(3,4); -+static int ioperm_get(struct task_struct *target, -+ const struct user_regset *regset, -+ unsigned int pos, unsigned int count, - void *kbuf, void __user *ubuf) - { - if (!target->thread.io_bitmap_ptr) -@@ -823,7 +827,7 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -824,7 +824,7 @@ long arch_ptrace(struct task_struct *child, long request, unsigned long addr, unsigned long data) { int ret; @@ -18953,7 +18731,7 @@ index 5026738..574f70a 100644 switch (request) { /* read the word at location addr in the USER area. */ -@@ -908,14 +912,14 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -909,14 +909,14 @@ long arch_ptrace(struct task_struct *child, long request, if ((int) addr < 0) return -EIO; ret = do_get_thread_area(child, addr, @@ -18970,7 +18748,7 @@ index 5026738..574f70a 100644 break; #endif -@@ -1332,7 +1336,7 @@ static void fill_sigtrap_info(struct task_struct *tsk, +@@ -1426,7 +1426,7 @@ static void fill_sigtrap_info(struct task_struct *tsk, memset(info, 0, sizeof(*info)); info->si_signo = SIGTRAP; info->si_code = si_code; @@ -18979,7 +18757,7 @@ index 5026738..574f70a 100644 } void user_single_step_siginfo(struct task_struct *tsk, -@@ -1361,6 +1365,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, +@@ -1455,6 +1455,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, # define IS_IA32 0 #endif @@ -18990,7 +18768,7 @@ index 5026738..574f70a 100644 /* * We must return the syscall number to actually look up in the table. * This can be -1L to skip running any syscall at all. -@@ -1369,6 +1377,11 @@ long syscall_trace_enter(struct pt_regs *regs) +@@ -1463,6 +1467,11 @@ long syscall_trace_enter(struct pt_regs *regs) { long ret = 0; @@ -19002,7 +18780,7 @@ index 5026738..574f70a 100644 /* * If we stepped into a sysenter/syscall insn, it trapped in * kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP. -@@ -1412,6 +1425,11 @@ void syscall_trace_leave(struct pt_regs *regs) +@@ -1506,6 +1515,11 @@ void syscall_trace_leave(struct pt_regs *regs) { bool step; @@ -19210,10 +18988,10 @@ index 7a6f3b3..bed145d7 100644 1: diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index d7d5099..28555d0 100644 +index 1a29015..712f324 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -448,7 +448,7 @@ static void __init parse_setup_data(void) +@@ -447,7 +447,7 @@ static void __init parse_setup_data(void) switch (data->type) { case SETUP_E820_EXT: @@ -19222,7 +19000,7 @@ index d7d5099..28555d0 100644 break; case SETUP_DTB: add_dtb(pa_data); -@@ -649,7 +649,7 @@ static void __init trim_bios_range(void) +@@ -639,7 +639,7 @@ static void __init trim_bios_range(void) * area (640->1Mb) as ram even though it is not. * take them out. */ @@ -19231,7 +19009,7 @@ index d7d5099..28555d0 100644 sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map); } -@@ -767,14 +767,14 @@ void __init setup_arch(char **cmdline_p) +@@ -763,14 +763,14 @@ void __init setup_arch(char **cmdline_p) if (!boot_params.hdr.root_flags) root_mountflags &= ~MS_RDONLY; @@ -19252,7 +19030,7 @@ index d7d5099..28555d0 100644 bss_resource.start = virt_to_phys(&__bss_start); bss_resource.end = virt_to_phys(&__bss_stop)-1; diff --git a/arch/x86/kernel/setup_percpu.c b/arch/x86/kernel/setup_percpu.c -index 5a98aa2..848d2be 100644 +index 5a98aa2..2f9288d 100644 --- a/arch/x86/kernel/setup_percpu.c +++ b/arch/x86/kernel/setup_percpu.c @@ -21,19 +21,17 @@ @@ -19279,25 +19057,7 @@ index 5a98aa2..848d2be 100644 [0 ... NR_CPUS-1] = BOOT_PERCPU_OFFSET, }; EXPORT_SYMBOL(__per_cpu_offset); -@@ -96,6 +94,8 @@ static bool __init pcpu_need_numa(void) - * Pointer to the allocated area on success, NULL on failure. - */ - static void * __init pcpu_alloc_bootmem(unsigned int cpu, unsigned long size, -+ unsigned long align) __size_overflow(2); -+static void * __init pcpu_alloc_bootmem(unsigned int cpu, unsigned long size, - unsigned long align) - { - const unsigned long goal = __pa(MAX_DMA_ADDRESS); -@@ -124,6 +124,8 @@ static void * __init pcpu_alloc_bootmem(unsigned int cpu, unsigned long size, - /* - * Helpers for first chunk memory allocation - */ -+static void * __init pcpu_fc_alloc(unsigned int cpu, size_t size, size_t align) __size_overflow(2); -+ - static void * __init pcpu_fc_alloc(unsigned int cpu, size_t size, size_t align) - { - return pcpu_alloc_bootmem(cpu, size, align); -@@ -155,10 +157,10 @@ static inline void setup_percpu_segment(int cpu) +@@ -155,10 +153,10 @@ static inline void setup_percpu_segment(int cpu) { #ifdef CONFIG_X86_32 struct desc_struct gdt; @@ -19311,7 +19071,7 @@ index 5a98aa2..848d2be 100644 write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_PERCPU, &gdt, DESCTYPE_S); #endif -@@ -219,6 +221,11 @@ void __init setup_per_cpu_areas(void) +@@ -219,6 +217,11 @@ void __init setup_per_cpu_areas(void) /* alrighty, percpu areas up and running */ delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start; for_each_possible_cpu(cpu) { @@ -19323,7 +19083,7 @@ index 5a98aa2..848d2be 100644 per_cpu_offset(cpu) = delta + pcpu_unit_offsets[cpu]; per_cpu(this_cpu_off, cpu) = per_cpu_offset(cpu); per_cpu(cpu_number, cpu) = cpu; -@@ -259,6 +266,12 @@ void __init setup_per_cpu_areas(void) +@@ -259,6 +262,12 @@ void __init setup_per_cpu_areas(void) */ set_cpu_numa_node(cpu, early_cpu_to_node(cpu)); #endif @@ -19337,10 +19097,10 @@ index 5a98aa2..848d2be 100644 * Up to this point, the boot CPU has been using .init.data * area. Reload any changed state for the boot CPU. diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c -index 46a01bd..2e88e6d 100644 +index 115eac4..c0591d5 100644 --- a/arch/x86/kernel/signal.c +++ b/arch/x86/kernel/signal.c -@@ -198,7 +198,7 @@ static unsigned long align_sigframe(unsigned long sp) +@@ -190,7 +190,7 @@ static unsigned long align_sigframe(unsigned long sp) * Align the stack pointer according to the i386 ABI, * i.e. so that on function entry ((sp + 4) & 15) == 0. */ @@ -19349,7 +19109,7 @@ index 46a01bd..2e88e6d 100644 #else /* !CONFIG_X86_32 */ sp = round_down(sp, 16) - 8; #endif -@@ -249,11 +249,11 @@ get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, size_t frame_size, +@@ -241,11 +241,11 @@ get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, size_t frame_size, * Return an always-bogus address instead so we will die with SIGSEGV. */ if (onsigstack && !likely(on_sig_stack(sp))) @@ -19363,7 +19123,7 @@ index 46a01bd..2e88e6d 100644 return (void __user *)sp; } -@@ -308,9 +308,9 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set, +@@ -300,9 +300,9 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set, } if (current->mm->context.vdso) @@ -19375,7 +19135,7 @@ index 46a01bd..2e88e6d 100644 if (ka->sa.sa_flags & SA_RESTORER) restorer = ka->sa.sa_restorer; -@@ -324,7 +324,7 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set, +@@ -316,7 +316,7 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set, * reasons and because gdb uses it as a signature to notice * signal handler stack frames. */ @@ -19384,7 +19144,7 @@ index 46a01bd..2e88e6d 100644 if (err) return -EFAULT; -@@ -378,7 +378,10 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, +@@ -370,7 +370,10 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, err |= __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set)); /* Set up to return from userspace. */ @@ -19396,7 +19156,7 @@ index 46a01bd..2e88e6d 100644 if (ka->sa.sa_flags & SA_RESTORER) restorer = ka->sa.sa_restorer; put_user_ex(restorer, &frame->pretcode); -@@ -390,7 +393,7 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, +@@ -382,7 +385,7 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, * reasons and because gdb uses it as a signature to notice * signal handler stack frames. */ @@ -19405,7 +19165,7 @@ index 46a01bd..2e88e6d 100644 } put_user_catch(err); if (err) -@@ -765,7 +768,7 @@ static void do_signal(struct pt_regs *regs) +@@ -773,7 +776,7 @@ static void do_signal(struct pt_regs *regs) * X86_32: vm86 regs switched out by assembly code before reaching * here, so testing against kernel CS suffices. */ @@ -19415,10 +19175,10 @@ index 46a01bd..2e88e6d 100644 signr = get_signal_to_deliver(&info, &ka, regs, NULL); diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index 66d250c..f1b10bd 100644 +index 6e1e406..edfb7cb 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c -@@ -715,17 +715,20 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu) +@@ -699,17 +699,20 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu) set_idle_for_cpu(cpu, c_idle.idle); do_rest: per_cpu(current_task, cpu) = c_idle.idle; @@ -19442,7 +19202,7 @@ index 66d250c..f1b10bd 100644 initial_code = (unsigned long)start_secondary; stack_start = c_idle.idle->thread.sp; -@@ -868,6 +871,12 @@ int __cpuinit native_cpu_up(unsigned int cpu) +@@ -851,6 +854,12 @@ int __cpuinit native_cpu_up(unsigned int cpu) per_cpu(cpu_state, cpu) = CPU_UP_PREPARE; @@ -19734,7 +19494,7 @@ index 0b0cb5f..db6b9ed 100644 + return addr; } diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c -index 0514890..3dbebce 100644 +index b4d3c39..82bb73b 100644 --- a/arch/x86/kernel/sys_x86_64.c +++ b/arch/x86/kernel/sys_x86_64.c @@ -95,8 +95,8 @@ out: @@ -19746,7 +19506,7 @@ index 0514890..3dbebce 100644 +static void find_start_end(struct mm_struct *mm, unsigned long flags, + unsigned long *begin, unsigned long *end) { - if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT)) { + if (!test_thread_flag(TIF_ADDR32) && (flags & MAP_32BIT)) { unsigned long new_begin; @@ -115,7 +115,7 @@ static void find_start_end(unsigned long flags, unsigned long *begin, *begin = new_begin; @@ -19779,7 +19539,7 @@ index 0514890..3dbebce 100644 + if (end - len >= addr && check_heap_stack_gap(vma, addr, len)) return addr; } - if (((flags & MAP_32BIT) || test_thread_flag(TIF_IA32)) + if (((flags & MAP_32BIT) || test_thread_flag(TIF_ADDR32)) @@ -172,7 +175,7 @@ full_search: } return -ENOMEM; @@ -19793,13 +19553,13 @@ index 0514890..3dbebce 100644 { struct vm_area_struct *vma; struct mm_struct *mm = current->mm; -- unsigned long addr = addr0; -+ unsigned long base = mm->mmap_base, addr = addr0; +- unsigned long addr = addr0, start_addr; ++ unsigned long base = mm->mmap_base, addr = addr0, start_addr; /* requested length too big for entire address space */ if (len > TASK_SIZE) @@ -208,13 +211,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT)) + if (!test_thread_flag(TIF_ADDR32) && (flags & MAP_32BIT)) goto bottomup; +#ifdef CONFIG_PAX_RANDMMAP @@ -19821,16 +19581,7 @@ index 0514890..3dbebce 100644 } /* check if free_area_cache is useful for us */ -@@ -232,7 +240,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - ALIGN_TOPDOWN); - - vma = find_vma(mm, tmp_addr); -- if (!vma || tmp_addr + len <= vma->vm_start) -+ if (check_heap_stack_gap(vma, tmp_addr, len)) - /* remember the address as a hint for next time */ - return mm->free_area_cache = tmp_addr; - } -@@ -251,7 +259,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -240,7 +248,7 @@ try_again: * return with success: */ vma = find_vma(mm, addr); @@ -19839,7 +19590,7 @@ index 0514890..3dbebce 100644 /* remember the address as a hint for next time */ return mm->free_area_cache = addr; -@@ -260,8 +268,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -249,8 +257,8 @@ try_again: mm->cached_hole_size = vma->vm_start - addr; /* try just below the current vma->vm_start */ @@ -19848,7 +19599,7 @@ index 0514890..3dbebce 100644 + addr = skip_heap_stack_gap(vma, len); + } while (!IS_ERR_VALUE(addr)); - bottomup: + fail: /* @@ -270,13 +278,21 @@ bottomup: * can happen with large stack limits and large mmap() @@ -19875,7 +19626,7 @@ index 0514890..3dbebce 100644 return addr; diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c -index e2410e2..4fe3fbc 100644 +index 6410744..79758f0 100644 --- a/arch/x86/kernel/tboot.c +++ b/arch/x86/kernel/tboot.c @@ -219,7 +219,7 @@ static int tboot_setup_sleep(void) @@ -19896,8 +19647,8 @@ index e2410e2..4fe3fbc 100644 shutdown(); /* should not reach here */ -@@ -298,7 +298,7 @@ void tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control) - tboot_shutdown(acpi_shutdown_map[sleep_state]); +@@ -299,7 +299,7 @@ static int tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control) + return 0; } -static atomic_t ap_wfs_count; @@ -19905,7 +19656,7 @@ index e2410e2..4fe3fbc 100644 static int tboot_wait_for_aps(int num_aps) { -@@ -322,9 +322,9 @@ static int __cpuinit tboot_cpu_callback(struct notifier_block *nfb, +@@ -323,9 +323,9 @@ static int __cpuinit tboot_cpu_callback(struct notifier_block *nfb, { switch (action) { case CPU_DYING: @@ -19917,17 +19668,17 @@ index e2410e2..4fe3fbc 100644 return NOTIFY_BAD; break; } -@@ -343,7 +343,7 @@ static __init int tboot_late_init(void) +@@ -344,7 +344,7 @@ static __init int tboot_late_init(void) tboot_create_trampoline(); - atomic_set(&ap_wfs_count, 0); + atomic_set_unchecked(&ap_wfs_count, 0); register_hotcpu_notifier(&tboot_cpu_notifier); - return 0; - } + + acpi_os_set_prepare_sleep(&tboot_sleep); diff --git a/arch/x86/kernel/time.c b/arch/x86/kernel/time.c -index dd5fbf4..b7f2232 100644 +index c6eba2b..3303326 100644 --- a/arch/x86/kernel/time.c +++ b/arch/x86/kernel/time.c @@ -31,9 +31,9 @@ unsigned long profile_pc(struct pt_regs *regs) @@ -19961,10 +19712,10 @@ index dd5fbf4..b7f2232 100644 return pc; } diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c -index bcfec2d..8f88b4a 100644 +index 9d9d2f9..ed344e4 100644 --- a/arch/x86/kernel/tls.c +++ b/arch/x86/kernel/tls.c -@@ -85,6 +85,11 @@ int do_set_thread_area(struct task_struct *p, int idx, +@@ -84,6 +84,11 @@ int do_set_thread_area(struct task_struct *p, int idx, if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX) return -EINVAL; @@ -19976,18 +19727,6 @@ index bcfec2d..8f88b4a 100644 set_tls_desc(p, idx, &info, 1); return 0; -diff --git a/arch/x86/kernel/tls.h b/arch/x86/kernel/tls.h -index 2f083a2..7d3fecc 100644 ---- a/arch/x86/kernel/tls.h -+++ b/arch/x86/kernel/tls.h -@@ -16,6 +16,6 @@ - - extern user_regset_active_fn regset_tls_active; - extern user_regset_get_fn regset_tls_get; --extern user_regset_set_fn regset_tls_set; -+extern user_regset_set_fn regset_tls_set __size_overflow(4); - - #endif /* _ARCH_X86_KERNEL_TLS_H */ diff --git a/arch/x86/kernel/trampoline_32.S b/arch/x86/kernel/trampoline_32.S index 451c0a7..e57f551 100644 --- a/arch/x86/kernel/trampoline_32.S @@ -20037,7 +19776,7 @@ index 09ff517..df19fbff 100644 .short 0 .quad 0x00cf9b000000ffff # __KERNEL32_CS diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index 4bbe04d..41d0943 100644 +index ff9281f1..30cb4ac 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -70,12 +70,6 @@ asmlinkage int system_call(void); @@ -20090,7 +19829,7 @@ index 4bbe04d..41d0943 100644 @@ -165,8 +159,20 @@ kernel_trap: if (!fixup_exception(regs)) { tsk->thread.error_code = error_code; - tsk->thread.trap_no = trapnr; + tsk->thread.trap_nr = trapnr; + +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) + if (trapnr == 12 && ((regs->cs & 0xFFFF) == __KERNEL_CS || (regs->cs & 0xFFFF) == __KERNEXEC_KERNEL_CS)) @@ -20108,7 +19847,7 @@ index 4bbe04d..41d0943 100644 return; #ifdef CONFIG_X86_32 -@@ -255,14 +261,30 @@ do_general_protection(struct pt_regs *regs, long error_code) +@@ -259,14 +265,30 @@ do_general_protection(struct pt_regs *regs, long error_code) conditional_sti(regs); #ifdef CONFIG_X86_32 @@ -20139,11 +19878,11 @@ index 4bbe04d..41d0943 100644 +#endif + tsk->thread.error_code = error_code; - tsk->thread.trap_no = 13; + tsk->thread.trap_nr = X86_TRAP_GP; -@@ -295,6 +317,13 @@ gp_in_kernel: - if (notify_die(DIE_GPF, "general protection fault", regs, - error_code, 13, SIGSEGV) == NOTIFY_STOP) +@@ -299,6 +321,13 @@ gp_in_kernel: + if (notify_die(DIE_GPF, "general protection fault", regs, error_code, + X86_TRAP_GP, SIGSEGV) == NOTIFY_STOP) return; + +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) @@ -20155,16 +19894,16 @@ index 4bbe04d..41d0943 100644 die("general protection fault", regs, error_code); } -@@ -421,7 +450,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -425,7 +454,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) /* It's safe to allow irq's after DR6 has been saved */ preempt_conditional_sti(regs); - if (regs->flags & X86_VM_MASK) { + if (v8086_mode(regs)) { - handle_vm86_trap((struct kernel_vm86_regs *) regs, - error_code, 1); + handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code, + X86_TRAP_DB); preempt_conditional_cli(regs); -@@ -436,7 +465,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -440,7 +469,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) * We already checked v86 mode above, so we can check for kernel mode * by just checking the CPL of CS. */ @@ -20173,7 +19912,7 @@ index 4bbe04d..41d0943 100644 tsk->thread.debugreg6 &= ~DR_STEP; set_tsk_thread_flag(tsk, TIF_SINGLESTEP); regs->flags &= ~X86_EFLAGS_TF; -@@ -466,7 +495,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) +@@ -471,7 +500,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) return; conditional_sti(regs); @@ -20195,7 +19934,7 @@ index b9242ba..50c5edd 100644 * verify_cpu, returns the status of longmode and SSE in register %eax. * 0: Success 1: Failure diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c -index 328cb37..f37fee1 100644 +index 255f58a..5e91150 100644 --- a/arch/x86/kernel/vm86_32.c +++ b/arch/x86/kernel/vm86_32.c @@ -41,6 +41,7 @@ @@ -20206,17 +19945,7 @@ index 328cb37..f37fee1 100644 #include #include -@@ -109,6 +110,9 @@ static int copy_vm86_regs_to_user(struct vm86_regs __user *user, - /* convert vm86_regs to kernel_vm86_regs */ - static int copy_vm86_regs_from_user(struct kernel_vm86_regs *regs, - const struct vm86_regs __user *user, -+ unsigned extra) __size_overflow(3); -+static int copy_vm86_regs_from_user(struct kernel_vm86_regs *regs, -+ const struct vm86_regs __user *user, - unsigned extra) - { - int ret = 0; -@@ -148,7 +152,7 @@ struct pt_regs *save_v86_state(struct kernel_vm86_regs *regs) +@@ -148,7 +149,7 @@ struct pt_regs *save_v86_state(struct kernel_vm86_regs *regs) do_exit(SIGSEGV); } @@ -20225,7 +19954,7 @@ index 328cb37..f37fee1 100644 current->thread.sp0 = current->thread.saved_sp0; current->thread.sysenter_cs = __KERNEL_CS; load_sp0(tss, ¤t->thread); -@@ -210,6 +214,13 @@ int sys_vm86old(struct vm86_struct __user *v86, struct pt_regs *regs) +@@ -210,6 +211,13 @@ int sys_vm86old(struct vm86_struct __user *v86, struct pt_regs *regs) struct task_struct *tsk; int tmp, ret = -EPERM; @@ -20239,7 +19968,7 @@ index 328cb37..f37fee1 100644 tsk = current; if (tsk->thread.saved_sp0) goto out; -@@ -240,6 +251,14 @@ int sys_vm86(unsigned long cmd, unsigned long arg, struct pt_regs *regs) +@@ -240,6 +248,14 @@ int sys_vm86(unsigned long cmd, unsigned long arg, struct pt_regs *regs) int tmp, ret; struct vm86plus_struct __user *v86; @@ -20254,7 +19983,7 @@ index 328cb37..f37fee1 100644 tsk = current; switch (cmd) { case VM86_REQUEST_IRQ: -@@ -326,7 +345,7 @@ static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk +@@ -326,7 +342,7 @@ static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk tsk->thread.saved_fs = info->regs32->fs; tsk->thread.saved_gs = get_user_gs(info->regs32); @@ -20263,7 +19992,7 @@ index 328cb37..f37fee1 100644 tsk->thread.sp0 = (unsigned long) &info->VM86_TSS_ESP0; if (cpu_has_sep) tsk->thread.sysenter_cs = 0; -@@ -533,7 +552,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i, +@@ -533,7 +549,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i, goto cannot_handle; if (i == 0x21 && is_revectored(AH(regs), &KVM86->int21_revectored)) goto cannot_handle; @@ -20537,12 +20266,12 @@ index 0f703f1..9e15f64 100644 #ifdef CONFIG_SMP diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c -index b07ba93..a212969 100644 +index 7515cf0..331a1a0 100644 --- a/arch/x86/kernel/vsyscall_64.c +++ b/arch/x86/kernel/vsyscall_64.c -@@ -57,15 +57,13 @@ DEFINE_VVAR(struct vsyscall_gtod_data, vsyscall_gtod_data) = - .lock = __SEQLOCK_UNLOCKED(__vsyscall_gtod_data.lock), - }; +@@ -54,15 +54,13 @@ + DEFINE_VVAR(int, vgetcpu_mode); + DEFINE_VVAR(struct vsyscall_gtod_data, vsyscall_gtod_data); -static enum { EMULATE, NATIVE, NONE } vsyscall_mode = EMULATE; +static enum { EMULATE, NONE } vsyscall_mode = EMULATE; @@ -20557,7 +20286,7 @@ index b07ba93..a212969 100644 else if (!strcmp("none", str)) vsyscall_mode = NONE; else -@@ -207,7 +205,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) +@@ -206,7 +204,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) tsk = current; if (seccomp_mode(&tsk->seccomp)) @@ -20566,7 +20295,7 @@ index b07ba93..a212969 100644 /* * With a real vsyscall, page faults cause SIGSEGV. We want to -@@ -279,8 +277,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) +@@ -278,8 +276,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) return true; sigsegv: @@ -20576,7 +20305,7 @@ index b07ba93..a212969 100644 } /* -@@ -333,10 +330,7 @@ void __init map_vsyscall(void) +@@ -332,10 +329,7 @@ void __init map_vsyscall(void) extern char __vvar_page; unsigned long physaddr_vvar_page = __pa_symbol(&__vvar_page); @@ -20602,10 +20331,10 @@ index 9796c2f..f686fbf 100644 EXPORT_SYMBOL(copy_page); EXPORT_SYMBOL(clear_page); diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c -index 7110911..e8cdee5 100644 +index e62728e..5fc3a07 100644 --- a/arch/x86/kernel/xsave.c +++ b/arch/x86/kernel/xsave.c -@@ -130,7 +130,7 @@ int check_for_xstate(struct i387_fxsave_struct __user *buf, +@@ -131,7 +131,7 @@ int check_for_xstate(struct i387_fxsave_struct __user *buf, fx_sw_user->xstate_size > fx_sw_user->extended_size) return -EINVAL; @@ -20614,7 +20343,7 @@ index 7110911..e8cdee5 100644 fx_sw_user->extended_size - FP_XSTATE_MAGIC2_SIZE)); if (err) -@@ -266,7 +266,7 @@ fx_only: +@@ -267,7 +267,7 @@ fx_only: * the other extended state. */ xrstor_state(init_xstate_buf, pcntxt_mask & ~XSTATE_FPSSE); @@ -20623,7 +20352,7 @@ index 7110911..e8cdee5 100644 } /* -@@ -295,7 +295,7 @@ int restore_i387_xstate(void __user *buf) +@@ -296,7 +296,7 @@ int restore_i387_xstate(void __user *buf) if (use_xsave()) err = restore_user_xstate(buf); else @@ -20633,7 +20362,7 @@ index 7110911..e8cdee5 100644 if (unlikely(err)) { /* diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c -index 89b02bf..0f6511d 100644 +index 9fed5be..18fd595 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -124,15 +124,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu, @@ -20684,10 +20413,10 @@ index 89b02bf..0f6511d 100644 out: diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index 0982507..7f6d72f 100644 +index 8375622..b7bca1a 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c -@@ -250,6 +250,7 @@ struct gprefix { +@@ -252,6 +252,7 @@ struct gprefix { #define ____emulate_2op(ctxt, _op, _x, _y, _suffix, _dsttype) \ do { \ @@ -20695,7 +20424,7 @@ index 0982507..7f6d72f 100644 __asm__ __volatile__ ( \ _PRE_EFLAGS("0", "4", "2") \ _op _suffix " %"_x"3,%1; " \ -@@ -264,8 +265,6 @@ struct gprefix { +@@ -266,8 +267,6 @@ struct gprefix { /* Raw emulation: instruction has two explicit operands. */ #define __emulate_2op_nobyte(ctxt,_op,_wx,_wy,_lx,_ly,_qx,_qy) \ do { \ @@ -20704,7 +20433,7 @@ index 0982507..7f6d72f 100644 switch ((ctxt)->dst.bytes) { \ case 2: \ ____emulate_2op(ctxt,_op,_wx,_wy,"w",u16); \ -@@ -281,7 +280,6 @@ struct gprefix { +@@ -283,7 +282,6 @@ struct gprefix { #define __emulate_2op(ctxt,_op,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \ do { \ @@ -20713,7 +20442,7 @@ index 0982507..7f6d72f 100644 case 1: \ ____emulate_2op(ctxt,_op,_bx,_by,"b",u8); \ diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index cfdc6e0..ab92e84 100644 +index 8584322..17d5955 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -54,7 +54,7 @@ @@ -20726,7 +20455,7 @@ index cfdc6e0..ab92e84 100644 #define APIC_LVT_NUM 6 /* 14 is the version for Xeon and Pentium 8.4.8*/ diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h -index 1561028..0ed7f14 100644 +index df5a703..63748a7 100644 --- a/arch/x86/kvm/paging_tmpl.h +++ b/arch/x86/kvm/paging_tmpl.h @@ -197,7 +197,7 @@ retry_walk: @@ -20739,10 +20468,10 @@ index 1561028..0ed7f14 100644 goto error; diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index e385214..f8df033 100644 +index e334389..6839087 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c -@@ -3420,7 +3420,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) +@@ -3509,7 +3509,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) int cpu = raw_smp_processor_id(); struct svm_cpu_data *sd = per_cpu(svm_data, cpu); @@ -20754,7 +20483,7 @@ index e385214..f8df033 100644 load_TR_desc(); } -@@ -3798,6 +3802,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) +@@ -3887,6 +3891,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) #endif #endif @@ -20766,10 +20495,10 @@ index e385214..f8df033 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index a7a6f60..04b745a 100644 +index 4ff0ab9..2ff68d3 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c -@@ -1306,7 +1306,11 @@ static void reload_tss(void) +@@ -1303,7 +1303,11 @@ static void reload_tss(void) struct desc_struct *descs; descs = (void *)gdt->address; @@ -20781,7 +20510,7 @@ index a7a6f60..04b745a 100644 load_TR_desc(); } -@@ -2637,8 +2641,11 @@ static __init int hardware_setup(void) +@@ -2625,8 +2629,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -20795,7 +20524,7 @@ index a7a6f60..04b745a 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3654,7 +3661,7 @@ static void vmx_set_constant_host_state(void) +@@ -3642,7 +3649,7 @@ static void vmx_set_constant_host_state(void) vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ asm("mov $.Lkvm_vmx_return, %0" : "=r"(tmpl)); @@ -20804,7 +20533,7 @@ index a7a6f60..04b745a 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -6192,6 +6199,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6180,6 +6187,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp .Lkvm_vmx_return \n\t" ".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t" ".Lkvm_vmx_return: " @@ -20817,7 +20546,7 @@ index a7a6f60..04b745a 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%"R"sp) \n\t" "pop %0 \n\t" -@@ -6240,6 +6253,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6228,6 +6241,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -20829,7 +20558,7 @@ index a7a6f60..04b745a 100644 : "cc", "memory" , R"ax", R"bx", R"di", R"si" #ifdef CONFIG_X86_64 -@@ -6268,7 +6286,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6256,7 +6274,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) } } @@ -20848,23 +20577,10 @@ index a7a6f60..04b745a 100644 vmx->exit_reason = vmcs_read32(VM_EXIT_REASON); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 8d1c6c6..6e6d611 100644 +index 185a2b8..866d2a6 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -873,6 +873,7 @@ static int do_set_msr(struct kvm_vcpu *vcpu, unsigned index, u64 *data) - return kvm_set_msr(vcpu, index, *data); - } - -+static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock) __size_overflow(2); - static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock) - { - int version; -@@ -1307,12 +1308,13 @@ static int set_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 data) - return 0; - } - -+static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) __size_overflow(2); - static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) +@@ -1357,8 +1357,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) { struct kvm *kvm = vcpu->kvm; int lm = is_long_mode(vcpu); @@ -20875,7 +20591,7 @@ index 8d1c6c6..6e6d611 100644 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 : kvm->arch.xen_hvm_config.blob_size_32; u32 page_num = data & ~PAGE_MASK; -@@ -2145,6 +2147,8 @@ long kvm_arch_dev_ioctl(struct file *filp, +@@ -2213,6 +2213,8 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r = -EFAULT; @@ -20884,7 +20600,7 @@ index 8d1c6c6..6e6d611 100644 if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; -@@ -2266,7 +2270,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, +@@ -2338,7 +2340,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu, struct kvm_interrupt *irq) { @@ -20893,67 +20609,7 @@ index 8d1c6c6..6e6d611 100644 return -EINVAL; if (irqchip_in_kernel(vcpu->kvm)) return -ENXIO; -@@ -3499,6 +3503,9 @@ gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *vcpu, gva_t gva, - - static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int bytes, - struct kvm_vcpu *vcpu, u32 access, -+ struct x86_exception *exception) __size_overflow(1,3); -+static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int bytes, -+ struct kvm_vcpu *vcpu, u32 access, - struct x86_exception *exception) - { - void *data = val; -@@ -3530,6 +3537,9 @@ out: - /* used for instruction fetching */ - static int kvm_fetch_guest_virt(struct x86_emulate_ctxt *ctxt, - gva_t addr, void *val, unsigned int bytes, -+ struct x86_exception *exception) __size_overflow(2,4); -+static int kvm_fetch_guest_virt(struct x86_emulate_ctxt *ctxt, -+ gva_t addr, void *val, unsigned int bytes, - struct x86_exception *exception) - { - struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); -@@ -3554,6 +3564,9 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_virt); - - static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt, - gva_t addr, void *val, unsigned int bytes, -+ struct x86_exception *exception) __size_overflow(2,4); -+static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt, -+ gva_t addr, void *val, unsigned int bytes, - struct x86_exception *exception) - { - struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); -@@ -3667,12 +3680,16 @@ static int read_prepare(struct kvm_vcpu *vcpu, void *val, int bytes) - } - - static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, -+ void *val, int bytes) __size_overflow(2); -+static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, - void *val, int bytes) - { - return !kvm_read_guest(vcpu->kvm, gpa, val, bytes); - } - - static int write_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, -+ void *val, int bytes) __size_overflow(2); -+static int write_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, - void *val, int bytes) - { - return emulator_write_phys(vcpu, gpa, val, bytes); -@@ -3823,6 +3840,12 @@ static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt, - const void *old, - const void *new, - unsigned int bytes, -+ struct x86_exception *exception) __size_overflow(5); -+static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt, -+ unsigned long addr, -+ const void *old, -+ const void *new, -+ unsigned int bytes, - struct x86_exception *exception) - { - struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); -@@ -4782,7 +4805,7 @@ static void kvm_set_mmio_spte_mask(void) +@@ -4860,7 +4862,7 @@ static void kvm_set_mmio_spte_mask(void) kvm_mmu_set_mmio_spte_mask(mask); } @@ -20962,24 +20618,6 @@ index 8d1c6c6..6e6d611 100644 { int r; struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque; -diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h -index cb80c29..aeee86c 100644 ---- a/arch/x86/kvm/x86.h -+++ b/arch/x86/kvm/x86.h -@@ -116,11 +116,11 @@ void kvm_write_tsc(struct kvm_vcpu *vcpu, u64 data); - - int kvm_read_guest_virt(struct x86_emulate_ctxt *ctxt, - gva_t addr, void *val, unsigned int bytes, -- struct x86_exception *exception); -+ struct x86_exception *exception) __size_overflow(2,4); - - int kvm_write_guest_virt_system(struct x86_emulate_ctxt *ctxt, - gva_t addr, void *val, unsigned int bytes, -- struct x86_exception *exception); -+ struct x86_exception *exception) __size_overflow(2,4); - - extern u64 host_xcr0; - diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c index 642d880..44e0f3f 100644 --- a/arch/x86/lguest/boot.c @@ -20996,90 +20634,8 @@ index 642d880..44e0f3f 100644 } /*G:050 -diff --git a/arch/x86/lib/atomic64_32.c b/arch/x86/lib/atomic64_32.c -index 042f682..c92afb6 100644 ---- a/arch/x86/lib/atomic64_32.c -+++ b/arch/x86/lib/atomic64_32.c -@@ -8,18 +8,30 @@ - - long long atomic64_read_cx8(long long, const atomic64_t *v); - EXPORT_SYMBOL(atomic64_read_cx8); -+long long atomic64_read_unchecked_cx8(long long, const atomic64_unchecked_t *v); -+EXPORT_SYMBOL(atomic64_read_unchecked_cx8); - long long atomic64_set_cx8(long long, const atomic64_t *v); - EXPORT_SYMBOL(atomic64_set_cx8); -+long long atomic64_set_unchecked_cx8(long long, const atomic64_unchecked_t *v); -+EXPORT_SYMBOL(atomic64_set_unchecked_cx8); - long long atomic64_xchg_cx8(long long, unsigned high); - EXPORT_SYMBOL(atomic64_xchg_cx8); - long long atomic64_add_return_cx8(long long a, atomic64_t *v); - EXPORT_SYMBOL(atomic64_add_return_cx8); -+long long atomic64_add_return_unchecked_cx8(long long a, atomic64_unchecked_t *v); -+EXPORT_SYMBOL(atomic64_add_return_unchecked_cx8); - long long atomic64_sub_return_cx8(long long a, atomic64_t *v); - EXPORT_SYMBOL(atomic64_sub_return_cx8); -+long long atomic64_sub_return_unchecked_cx8(long long a, atomic64_unchecked_t *v); -+EXPORT_SYMBOL(atomic64_sub_return_unchecked_cx8); - long long atomic64_inc_return_cx8(long long a, atomic64_t *v); - EXPORT_SYMBOL(atomic64_inc_return_cx8); -+long long atomic64_inc_return_unchecked_cx8(long long a, atomic64_unchecked_t *v); -+EXPORT_SYMBOL(atomic64_inc_return_unchecked_cx8); - long long atomic64_dec_return_cx8(long long a, atomic64_t *v); - EXPORT_SYMBOL(atomic64_dec_return_cx8); -+long long atomic64_dec_return_unchecked_cx8(long long a, atomic64_unchecked_t *v); -+EXPORT_SYMBOL(atomic64_dec_return_unchecked_cx8); - long long atomic64_dec_if_positive_cx8(atomic64_t *v); - EXPORT_SYMBOL(atomic64_dec_if_positive_cx8); - int atomic64_inc_not_zero_cx8(atomic64_t *v); -@@ -30,26 +42,46 @@ EXPORT_SYMBOL(atomic64_add_unless_cx8); - #ifndef CONFIG_X86_CMPXCHG64 - long long atomic64_read_386(long long, const atomic64_t *v); - EXPORT_SYMBOL(atomic64_read_386); -+long long atomic64_read_unchecked_386(long long, const atomic64_unchecked_t *v); -+EXPORT_SYMBOL(atomic64_read_unchecked_386); - long long atomic64_set_386(long long, const atomic64_t *v); - EXPORT_SYMBOL(atomic64_set_386); -+long long atomic64_set_unchecked_386(long long, const atomic64_unchecked_t *v); -+EXPORT_SYMBOL(atomic64_set_unchecked_386); - long long atomic64_xchg_386(long long, unsigned high); - EXPORT_SYMBOL(atomic64_xchg_386); - long long atomic64_add_return_386(long long a, atomic64_t *v); - EXPORT_SYMBOL(atomic64_add_return_386); -+long long atomic64_add_return_unchecked_386(long long a, atomic64_unchecked_t *v); -+EXPORT_SYMBOL(atomic64_add_return_unchecked_386); - long long atomic64_sub_return_386(long long a, atomic64_t *v); - EXPORT_SYMBOL(atomic64_sub_return_386); -+long long atomic64_sub_return_unchecked_386(long long a, atomic64_unchecked_t *v); -+EXPORT_SYMBOL(atomic64_sub_return_unchecked_386); - long long atomic64_inc_return_386(long long a, atomic64_t *v); - EXPORT_SYMBOL(atomic64_inc_return_386); -+long long atomic64_inc_return_unchecked_386(long long a, atomic64_unchecked_t *v); -+EXPORT_SYMBOL(atomic64_inc_return_unchecked_386); - long long atomic64_dec_return_386(long long a, atomic64_t *v); - EXPORT_SYMBOL(atomic64_dec_return_386); -+long long atomic64_dec_return_unchecked_386(long long a, atomic64_unchecked_t *v); -+EXPORT_SYMBOL(atomic64_dec_return_unchecked_386); - long long atomic64_add_386(long long a, atomic64_t *v); - EXPORT_SYMBOL(atomic64_add_386); -+long long atomic64_add_unchecked_386(long long a, atomic64_unchecked_t *v); -+EXPORT_SYMBOL(atomic64_add_unchecked_386); - long long atomic64_sub_386(long long a, atomic64_t *v); - EXPORT_SYMBOL(atomic64_sub_386); -+long long atomic64_sub_unchecked_386(long long a, atomic64_unchecked_t *v); -+EXPORT_SYMBOL(atomic64_sub_unchecked_386); - long long atomic64_inc_386(long long a, atomic64_t *v); - EXPORT_SYMBOL(atomic64_inc_386); -+long long atomic64_inc_unchecked_386(long long a, atomic64_unchecked_t *v); -+EXPORT_SYMBOL(atomic64_inc_unchecked_386); - long long atomic64_dec_386(long long a, atomic64_t *v); - EXPORT_SYMBOL(atomic64_dec_386); -+long long atomic64_dec_unchecked_386(long long a, atomic64_unchecked_t *v); -+EXPORT_SYMBOL(atomic64_dec_unchecked_386); - long long atomic64_dec_if_positive_386(atomic64_t *v); - EXPORT_SYMBOL(atomic64_dec_if_positive_386); - int atomic64_inc_not_zero_386(atomic64_t *v); diff --git a/arch/x86/lib/atomic64_386_32.S b/arch/x86/lib/atomic64_386_32.S -index e8e7e0d..56fd1b0 100644 +index 00933d5..3a64af9 100644 --- a/arch/x86/lib/atomic64_386_32.S +++ b/arch/x86/lib/atomic64_386_32.S @@ -48,6 +48,10 @@ BEGIN(read) @@ -21306,7 +20862,7 @@ index e8e7e0d..56fd1b0 100644 + _ASM_EXTABLE(1234b, 2f) +#endif + - cmpl %eax, %esi + cmpl %eax, %ecx je 3f 1: @@ -168,6 +318,13 @@ BEGIN(inc_not_zero) @@ -21338,7 +20894,7 @@ index e8e7e0d..56fd1b0 100644 movl %eax, (v) movl %edx, 4(v) diff --git a/arch/x86/lib/atomic64_cx8_32.S b/arch/x86/lib/atomic64_cx8_32.S -index 391a083..3a2cf39 100644 +index f5cc9eb..51fa319 100644 --- a/arch/x86/lib/atomic64_cx8_32.S +++ b/arch/x86/lib/atomic64_cx8_32.S @@ -35,10 +35,20 @@ ENTRY(atomic64_read_cx8) @@ -21388,7 +20944,7 @@ index 391a083..3a2cf39 100644 ENTRY(atomic64_xchg_cx8) CFI_STARTPROC -@@ -62,12 +87,13 @@ ENTRY(atomic64_xchg_cx8) +@@ -60,12 +85,13 @@ ENTRY(atomic64_xchg_cx8) cmpxchg8b (%esi) jne 1b @@ -21404,7 +20960,7 @@ index 391a083..3a2cf39 100644 CFI_STARTPROC SAVE ebp SAVE ebx -@@ -84,27 +110,44 @@ ENTRY(atomic64_\func\()_return_cx8) +@@ -82,27 +108,44 @@ ENTRY(atomic64_\func\()_return_cx8) movl %edx, %ecx \ins\()l %esi, %ebx \insc\()l %edi, %ecx @@ -21454,7 +21010,7 @@ index 391a083..3a2cf39 100644 CFI_STARTPROC SAVE ebx -@@ -114,21 +157,39 @@ ENTRY(atomic64_\func\()_return_cx8) +@@ -112,21 +155,39 @@ ENTRY(atomic64_\func\()_return_cx8) movl %edx, %ecx \ins\()l $1, %ebx \insc\()l $0, %ecx @@ -21496,7 +21052,7 @@ index 391a083..3a2cf39 100644 ENTRY(atomic64_dec_if_positive_cx8) CFI_STARTPROC -@@ -140,6 +201,13 @@ ENTRY(atomic64_dec_if_positive_cx8) +@@ -138,6 +199,13 @@ ENTRY(atomic64_dec_if_positive_cx8) movl %edx, %ecx subl $1, %ebx sbb $0, %ecx @@ -21510,7 +21066,7 @@ index 391a083..3a2cf39 100644 js 2f LOCK_PREFIX cmpxchg8b (%esi) -@@ -149,6 +217,7 @@ ENTRY(atomic64_dec_if_positive_cx8) +@@ -147,6 +215,7 @@ ENTRY(atomic64_dec_if_positive_cx8) movl %ebx, %eax movl %ecx, %edx RESTORE ebx @@ -21518,9 +21074,9 @@ index 391a083..3a2cf39 100644 ret CFI_ENDPROC ENDPROC(atomic64_dec_if_positive_cx8) -@@ -174,6 +243,13 @@ ENTRY(atomic64_add_unless_cx8) +@@ -171,6 +240,13 @@ ENTRY(atomic64_add_unless_cx8) movl %edx, %ecx - addl %esi, %ebx + addl %ebp, %ebx adcl %edi, %ecx + +#ifdef CONFIG_PAX_REFCOUNT @@ -21530,9 +21086,9 @@ index 391a083..3a2cf39 100644 +#endif + LOCK_PREFIX - cmpxchg8b (%ebp) + cmpxchg8b (%esi) jne 1b -@@ -184,6 +260,7 @@ ENTRY(atomic64_add_unless_cx8) +@@ -181,6 +257,7 @@ ENTRY(atomic64_add_unless_cx8) CFI_ADJUST_CFA_OFFSET -8 RESTORE ebx RESTORE ebp @@ -21540,10 +21096,10 @@ index 391a083..3a2cf39 100644 ret 4: cmpl %edx, 4(%esp) -@@ -206,6 +283,13 @@ ENTRY(atomic64_inc_not_zero_cx8) - movl %edx, %ecx +@@ -203,6 +280,13 @@ ENTRY(atomic64_inc_not_zero_cx8) + xorl %ecx, %ecx addl $1, %ebx - adcl $0, %ecx + adcl %edx, %ecx + +#ifdef CONFIG_PAX_REFCOUNT + into @@ -21554,14 +21110,14 @@ index 391a083..3a2cf39 100644 LOCK_PREFIX cmpxchg8b (%esi) jne 1b -@@ -213,6 +297,7 @@ ENTRY(atomic64_inc_not_zero_cx8) +@@ -210,6 +294,7 @@ ENTRY(atomic64_inc_not_zero_cx8) movl $1, %eax 3: RESTORE ebx + pax_force_retaddr ret - 4: - testl %edx, %edx + CFI_ENDPROC + ENDPROC(atomic64_inc_not_zero_cx8) diff --git a/arch/x86/lib/checksum_32.S b/arch/x86/lib/checksum_32.S index 78d16a5..fbcf666 100644 --- a/arch/x86/lib/checksum_32.S @@ -21866,7 +21422,7 @@ index 1e572c5..2a162cd 100644 CFI_ENDPROC diff --git a/arch/x86/lib/copy_page_64.S b/arch/x86/lib/copy_page_64.S -index 01c805b..dccb07f 100644 +index 6b34d04..dccb07f 100644 --- a/arch/x86/lib/copy_page_64.S +++ b/arch/x86/lib/copy_page_64.S @@ -9,6 +9,7 @@ copy_page_c: @@ -21877,7 +21433,24 @@ index 01c805b..dccb07f 100644 ret CFI_ENDPROC ENDPROC(copy_page_c) -@@ -39,7 +40,7 @@ ENTRY(copy_page) +@@ -20,12 +21,14 @@ ENDPROC(copy_page_c) + + ENTRY(copy_page) + CFI_STARTPROC +- subq $2*8,%rsp +- CFI_ADJUST_CFA_OFFSET 2*8 ++ subq $3*8,%rsp ++ CFI_ADJUST_CFA_OFFSET 3*8 + movq %rbx,(%rsp) + CFI_REL_OFFSET rbx, 0 + movq %r12,1*8(%rsp) + CFI_REL_OFFSET r12, 1*8 ++ movq %r13,2*8(%rsp) ++ CFI_REL_OFFSET r13, 2*8 + + movl $(4096/64)-5,%ecx + .p2align 4 +@@ -37,7 +40,7 @@ ENTRY(copy_page) movq 16 (%rsi), %rdx movq 24 (%rsi), %r8 movq 32 (%rsi), %r9 @@ -21886,7 +21459,7 @@ index 01c805b..dccb07f 100644 movq 48 (%rsi), %r11 movq 56 (%rsi), %r12 -@@ -50,7 +51,7 @@ ENTRY(copy_page) +@@ -48,7 +51,7 @@ ENTRY(copy_page) movq %rdx, 16 (%rdi) movq %r8, 24 (%rdi) movq %r9, 32 (%rdi) @@ -21895,7 +21468,7 @@ index 01c805b..dccb07f 100644 movq %r11, 48 (%rdi) movq %r12, 56 (%rdi) -@@ -69,7 +70,7 @@ ENTRY(copy_page) +@@ -67,7 +70,7 @@ ENTRY(copy_page) movq 16 (%rsi), %rdx movq 24 (%rsi), %r8 movq 32 (%rsi), %r9 @@ -21904,7 +21477,7 @@ index 01c805b..dccb07f 100644 movq 48 (%rsi), %r11 movq 56 (%rsi), %r12 -@@ -78,7 +79,7 @@ ENTRY(copy_page) +@@ -76,7 +79,7 @@ ENTRY(copy_page) movq %rdx, 16 (%rdi) movq %r8, 24 (%rdi) movq %r9, 32 (%rdi) @@ -21913,15 +21486,21 @@ index 01c805b..dccb07f 100644 movq %r11, 48 (%rdi) movq %r12, 56 (%rdi) -@@ -95,6 +96,7 @@ ENTRY(copy_page) - CFI_RESTORE r13 - addq $3*8,%rsp - CFI_ADJUST_CFA_OFFSET -3*8 +@@ -89,8 +92,11 @@ ENTRY(copy_page) + CFI_RESTORE rbx + movq 1*8(%rsp),%r12 + CFI_RESTORE r12 +- addq $2*8,%rsp +- CFI_ADJUST_CFA_OFFSET -2*8 ++ movq 2*8(%rsp),%r13 ++ CFI_RESTORE r13 ++ addq $3*8,%rsp ++ CFI_ADJUST_CFA_OFFSET -3*8 + pax_force_retaddr ret .Lcopy_page_end: CFI_ENDPROC -@@ -105,7 +107,7 @@ ENDPROC(copy_page) +@@ -101,7 +107,7 @@ ENDPROC(copy_page) #include @@ -22299,7 +21878,7 @@ index 51f1504..ddac4c1 100644 CFI_ENDPROC END(bad_get_user) diff --git a/arch/x86/lib/insn.c b/arch/x86/lib/insn.c -index 5a1f9f3..ba9f577 100644 +index b1e6c4b..21ae8fc 100644 --- a/arch/x86/lib/insn.c +++ b/arch/x86/lib/insn.c @@ -21,6 +21,11 @@ @@ -22346,10 +21925,10 @@ index 05a95e7..326f2fa 100644 CFI_ENDPROC ENDPROC(__iowrite32_copy) diff --git a/arch/x86/lib/memcpy_64.S b/arch/x86/lib/memcpy_64.S -index efbf2a0..8893637 100644 +index 1c273be..da9cc0e 100644 --- a/arch/x86/lib/memcpy_64.S +++ b/arch/x86/lib/memcpy_64.S -@@ -34,6 +34,7 @@ +@@ -33,6 +33,7 @@ rep movsq movl %edx, %ecx rep movsb @@ -22357,15 +21936,15 @@ index efbf2a0..8893637 100644 ret .Lmemcpy_e: .previous -@@ -51,6 +52,7 @@ - - movl %edx, %ecx +@@ -49,6 +50,7 @@ + movq %rdi, %rax + movq %rdx, %rcx rep movsb + pax_force_retaddr ret .Lmemcpy_e_e: .previous -@@ -81,13 +83,13 @@ ENTRY(memcpy) +@@ -76,13 +78,13 @@ ENTRY(memcpy) */ movq 0*8(%rsi), %r8 movq 1*8(%rsi), %r9 @@ -22381,7 +21960,7 @@ index efbf2a0..8893637 100644 movq %r11, 3*8(%rdi) leaq 4*8(%rdi), %rdi jae .Lcopy_forward_loop -@@ -110,12 +112,12 @@ ENTRY(memcpy) +@@ -105,12 +107,12 @@ ENTRY(memcpy) subq $0x20, %rdx movq -1*8(%rsi), %r8 movq -2*8(%rsi), %r9 @@ -22396,7 +21975,7 @@ index efbf2a0..8893637 100644 movq %r11, -4*8(%rdi) leaq -4*8(%rdi), %rdi jae .Lcopy_backward_loop -@@ -135,12 +137,13 @@ ENTRY(memcpy) +@@ -130,12 +132,13 @@ ENTRY(memcpy) */ movq 0*8(%rsi), %r8 movq 1*8(%rsi), %r9 @@ -22412,7 +21991,7 @@ index efbf2a0..8893637 100644 retq .p2align 4 .Lless_16bytes: -@@ -153,6 +156,7 @@ ENTRY(memcpy) +@@ -148,6 +151,7 @@ ENTRY(memcpy) movq -1*8(%rsi, %rdx), %r9 movq %r8, 0*8(%rdi) movq %r9, -1*8(%rdi, %rdx) @@ -22420,7 +21999,7 @@ index efbf2a0..8893637 100644 retq .p2align 4 .Lless_8bytes: -@@ -166,6 +170,7 @@ ENTRY(memcpy) +@@ -161,6 +165,7 @@ ENTRY(memcpy) movl -4(%rsi, %rdx), %r8d movl %ecx, (%rdi) movl %r8d, -4(%rdi, %rdx) @@ -22428,8 +22007,8 @@ index efbf2a0..8893637 100644 retq .p2align 4 .Lless_3bytes: -@@ -183,6 +188,7 @@ ENTRY(memcpy) - jnz .Lloop_1 +@@ -179,6 +184,7 @@ ENTRY(memcpy) + movb %cl, (%rdi) .Lend: + pax_force_retaddr @@ -22569,46 +22148,40 @@ index ee16461..c39c199 100644 .Lmemmove_end_forward_efs: .previous diff --git a/arch/x86/lib/memset_64.S b/arch/x86/lib/memset_64.S -index 79bd454..dff325a 100644 +index 2dcb380..963660a 100644 --- a/arch/x86/lib/memset_64.S +++ b/arch/x86/lib/memset_64.S -@@ -31,6 +31,7 @@ - movl %r8d,%ecx +@@ -30,6 +30,7 @@ + movl %edx,%ecx rep stosb movq %r9,%rax + pax_force_retaddr ret .Lmemset_e: .previous -@@ -53,6 +54,7 @@ - movl %edx,%ecx +@@ -52,6 +53,7 @@ + movq %rdx,%rcx rep stosb movq %r9,%rax + pax_force_retaddr ret .Lmemset_e_e: .previous -@@ -60,13 +62,13 @@ +@@ -59,7 +61,7 @@ ENTRY(memset) ENTRY(__memset) CFI_STARTPROC - movq %rdi,%r10 - movq %rdx,%r11 ++ movq %rdi,%r11 /* expand byte value */ movzbl %sil,%ecx - movabs $0x0101010101010101,%rax - mul %rcx /* with rax, clobbers rdx */ -+ movq %rdi,%rdx - - /* align dst */ - movl %edi,%r9d -@@ -120,7 +122,8 @@ ENTRY(__memset) +@@ -117,7 +119,8 @@ ENTRY(__memset) jnz .Lloop_1 .Lende: - movq %r10,%rax -+ movq %rdx,%rax ++ movq %r11,%rax + pax_force_retaddr ret @@ -23253,19 +22826,10 @@ index a63efd6..ccecad8 100644 ret CFI_ENDPROC diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c -index e218d5d..a99a1eb 100644 +index ef2a6a5..3b28862 100644 --- a/arch/x86/lib/usercopy_32.c +++ b/arch/x86/lib/usercopy_32.c -@@ -43,7 +43,7 @@ do { \ - __asm__ __volatile__( \ - " testl %1,%1\n" \ - " jz 2f\n" \ -- "0: lodsb\n" \ -+ "0: "__copyuser_seg"lodsb\n" \ - " stosb\n" \ - " testb %%al,%%al\n" \ - " jz 1f\n" \ -@@ -128,10 +128,12 @@ do { \ +@@ -41,10 +41,12 @@ do { \ int __d0; \ might_fault(); \ __asm__ __volatile__( \ @@ -23278,7 +22842,7 @@ index e218d5d..a99a1eb 100644 ".section .fixup,\"ax\"\n" \ "3: lea 0(%2,%0,4),%0\n" \ " jmp 2b\n" \ -@@ -200,6 +202,7 @@ long strnlen_user(const char __user *s, long n) +@@ -113,6 +115,7 @@ long strnlen_user(const char __user *s, long n) might_fault(); __asm__ __volatile__( @@ -23286,7 +22850,7 @@ index e218d5d..a99a1eb 100644 " testl %0, %0\n" " jz 3f\n" " andl %0,%%ecx\n" -@@ -208,6 +211,7 @@ long strnlen_user(const char __user *s, long n) +@@ -121,6 +124,7 @@ long strnlen_user(const char __user *s, long n) " subl %%ecx,%0\n" " addl %0,%%eax\n" "1:\n" @@ -23294,7 +22858,7 @@ index e218d5d..a99a1eb 100644 ".section .fixup,\"ax\"\n" "2: xorl %%eax,%%eax\n" " jmp 1b\n" -@@ -227,7 +231,7 @@ EXPORT_SYMBOL(strnlen_user); +@@ -140,7 +144,7 @@ EXPORT_SYMBOL(strnlen_user); #ifdef CONFIG_X86_INTEL_USERCOPY static unsigned long @@ -23303,7 +22867,7 @@ index e218d5d..a99a1eb 100644 { int d0, d1; __asm__ __volatile__( -@@ -239,36 +243,36 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) +@@ -152,36 +156,36 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) " .align 2,0x90\n" "3: movl 0(%4), %%eax\n" "4: movl 4(%4), %%edx\n" @@ -23356,7 +22920,7 @@ index e218d5d..a99a1eb 100644 " addl $-64, %0\n" " addl $64, %4\n" " addl $64, %3\n" -@@ -278,10 +282,12 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) +@@ -191,10 +195,12 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -23369,7 +22933,7 @@ index e218d5d..a99a1eb 100644 ".section .fixup,\"ax\"\n" "101: lea 0(%%eax,%0,4),%0\n" " jmp 100b\n" -@@ -334,46 +340,155 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) +@@ -247,46 +253,155 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) } static unsigned long @@ -23543,7 +23107,7 @@ index e218d5d..a99a1eb 100644 " movl %%eax, 56(%3)\n" " movl %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -385,9 +500,9 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) +@@ -298,9 +413,9 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -23555,7 +23119,7 @@ index e218d5d..a99a1eb 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -434,47 +549,49 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) +@@ -347,47 +462,49 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) */ static unsigned long __copy_user_zeroing_intel_nocache(void *to, @@ -23623,7 +23187,7 @@ index e218d5d..a99a1eb 100644 " movnti %%eax, 56(%3)\n" " movnti %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -487,9 +604,9 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, +@@ -400,9 +517,9 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -23635,7 +23199,7 @@ index e218d5d..a99a1eb 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -531,47 +648,49 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, +@@ -444,47 +561,49 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, } static unsigned long __copy_user_intel_nocache(void *to, @@ -23703,7 +23267,7 @@ index e218d5d..a99a1eb 100644 " movnti %%eax, 56(%3)\n" " movnti %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -584,9 +703,9 @@ static unsigned long __copy_user_intel_nocache(void *to, +@@ -497,9 +616,9 @@ static unsigned long __copy_user_intel_nocache(void *to, " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -23715,7 +23279,7 @@ index e218d5d..a99a1eb 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -629,32 +748,36 @@ static unsigned long __copy_user_intel_nocache(void *to, +@@ -542,32 +661,36 @@ static unsigned long __copy_user_intel_nocache(void *to, */ unsigned long __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size); @@ -23757,7 +23321,7 @@ index e218d5d..a99a1eb 100644 ".section .fixup,\"ax\"\n" \ "5: addl %3,%0\n" \ " jmp 2b\n" \ -@@ -682,14 +805,14 @@ do { \ +@@ -595,14 +718,14 @@ do { \ " negl %0\n" \ " andl $7,%0\n" \ " subl %0,%3\n" \ @@ -23775,7 +23339,7 @@ index e218d5d..a99a1eb 100644 "2:\n" \ ".section .fixup,\"ax\"\n" \ "5: addl %3,%0\n" \ -@@ -775,9 +898,9 @@ survive: +@@ -688,9 +811,9 @@ survive: } #endif if (movsl_is_ok(to, from, n)) @@ -23787,7 +23351,7 @@ index e218d5d..a99a1eb 100644 return n; } EXPORT_SYMBOL(__copy_to_user_ll); -@@ -797,10 +920,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from, +@@ -710,10 +833,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from, unsigned long n) { if (movsl_is_ok(to, from, n)) @@ -23800,7 +23364,7 @@ index e218d5d..a99a1eb 100644 return n; } EXPORT_SYMBOL(__copy_from_user_ll_nozero); -@@ -827,65 +949,50 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr +@@ -740,65 +862,50 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr if (n > 64 && cpu_has_xmm2) n = __copy_user_intel_nocache(to, from, n); else @@ -23903,23 +23467,10 @@ index e218d5d..a99a1eb 100644 +EXPORT_SYMBOL(set_fs); +#endif diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c -index b7c2849..8633ad8 100644 +index 0d0326f..6a6155b 100644 --- a/arch/x86/lib/usercopy_64.c +++ b/arch/x86/lib/usercopy_64.c -@@ -42,6 +42,12 @@ long - __strncpy_from_user(char *dst, const char __user *src, long count) - { - long res; -+ -+#ifdef CONFIG_PAX_MEMORY_UDEREF -+ if ((unsigned long)src < PAX_USER_SHADOW_BASE) -+ src += PAX_USER_SHADOW_BASE; -+#endif -+ - __do_strncpy_from_user(dst, src, count, res); - return res; - } -@@ -65,6 +71,12 @@ unsigned long __clear_user(void __user *addr, unsigned long size) +@@ -16,6 +16,12 @@ unsigned long __clear_user(void __user *addr, unsigned long size) { long __d0; might_fault(); @@ -23932,7 +23483,7 @@ index b7c2849..8633ad8 100644 /* no memory constraint because it doesn't change any memory gcc knows about */ asm volatile( -@@ -149,12 +161,20 @@ long strlen_user(const char __user *s) +@@ -100,12 +106,20 @@ long strlen_user(const char __user *s) } EXPORT_SYMBOL(strlen_user); @@ -23958,7 +23509,7 @@ index b7c2849..8633ad8 100644 } EXPORT_SYMBOL(copy_in_user); -@@ -164,7 +184,7 @@ EXPORT_SYMBOL(copy_in_user); +@@ -115,7 +129,7 @@ EXPORT_SYMBOL(copy_in_user); * it is not necessary to optimize tail handling. */ unsigned long @@ -23967,6 +23518,22 @@ index b7c2849..8633ad8 100644 { char c; unsigned zero_len; +@@ -132,3 +146,15 @@ copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest) + break; + return len; + } ++ ++void copy_from_user_overflow(void) ++{ ++ WARN(1, "Buffer overflow detected!\n"); ++} ++EXPORT_SYMBOL(copy_from_user_overflow); ++ ++void copy_to_user_overflow(void) ++{ ++ WARN(1, "Buffer overflow detected!\n"); ++} ++EXPORT_SYMBOL(copy_to_user_overflow); diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c index 1fb85db..8b3540b 100644 --- a/arch/x86/mm/extable.c @@ -23981,7 +23548,7 @@ index 1fb85db..8b3540b 100644 extern u32 pnp_bios_is_utter_crap; pnp_bios_is_utter_crap = 1; diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index f0b4caf..d92fd42 100644 +index 3ecfd1a..304d554 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -13,11 +13,18 @@ @@ -24324,7 +23891,7 @@ index f0b4caf..d92fd42 100644 if (error_code & PF_WRITE) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -1005,18 +1197,32 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1005,18 +1197,33 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) { struct vm_area_struct *vma; struct task_struct *tsk; @@ -24345,6 +23912,7 @@ index f0b4caf..d92fd42 100644 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) + if (!user_mode(regs) && address < 2 * PAX_USER_SHADOW_BASE) { + if (!search_exception_tables(regs->ip)) { ++ printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n"); + bad_area_nosemaphore(regs, error_code, address); + return; + } @@ -24362,7 +23930,7 @@ index f0b4caf..d92fd42 100644 /* * Detect and handle instructions that would cause a page fault for -@@ -1077,7 +1283,7 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1077,7 +1284,7 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) * User-mode registers count as a user access even for any * potential system fault or CPU buglet: */ @@ -24371,7 +23939,7 @@ index f0b4caf..d92fd42 100644 local_irq_enable(); error_code |= PF_USER; } else { -@@ -1132,6 +1338,11 @@ retry: +@@ -1132,6 +1339,11 @@ retry: might_sleep(); } @@ -24383,7 +23951,7 @@ index f0b4caf..d92fd42 100644 vma = find_vma(mm, address); if (unlikely(!vma)) { bad_area(regs, error_code, address); -@@ -1143,18 +1354,24 @@ retry: +@@ -1143,18 +1355,24 @@ retry: bad_area(regs, error_code, address); return; } @@ -24419,7 +23987,7 @@ index f0b4caf..d92fd42 100644 if (unlikely(expand_stack(vma, address))) { bad_area(regs, error_code, address); return; -@@ -1209,3 +1426,292 @@ good_area: +@@ -1209,3 +1427,292 @@ good_area: up_read(&mm->mmap_sem); } @@ -24726,7 +24294,7 @@ index dd74e46..7d26398 100644 return 0; diff --git a/arch/x86/mm/highmem_32.c b/arch/x86/mm/highmem_32.c -index f4f29b1..5cac4fb 100644 +index 6f31ee5..8ee4164 100644 --- a/arch/x86/mm/highmem_32.c +++ b/arch/x86/mm/highmem_32.c @@ -44,7 +44,11 @@ void *kmap_atomic_prot(struct page *page, pgprot_t prot) @@ -24742,7 +24310,7 @@ index f4f29b1..5cac4fb 100644 return (void *)vaddr; diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c -index 8ecbb4b..a269cab 100644 +index f6679a7..8f795a3 100644 --- a/arch/x86/mm/hugetlbpage.c +++ b/arch/x86/mm/hugetlbpage.c @@ -266,13 +266,20 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, @@ -24805,62 +24373,51 @@ index 8ecbb4b..a269cab 100644 } static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, -@@ -308,10 +316,9 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, - { - struct hstate *h = hstate_file(file); +@@ -310,9 +318,8 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, struct mm_struct *mm = current->mm; -- struct vm_area_struct *vma, *prev_vma; -- unsigned long base = mm->mmap_base, addr = addr0; -+ struct vm_area_struct *vma; -+ unsigned long base = mm->mmap_base, addr; + struct vm_area_struct *vma; + unsigned long base = mm->mmap_base; +- unsigned long addr = addr0; ++ unsigned long addr; unsigned long largest_hole = mm->cached_hole_size; -- int first_time = 1; +- unsigned long start_addr; /* don't allow allocations above current base */ if (mm->free_area_cache > base) -@@ -321,14 +328,15 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, +@@ -322,16 +329,15 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, largest_hole = 0; mm->free_area_cache = base; } -try_again: -+ +- start_addr = mm->free_area_cache; + /* make sure it can fit in the remaining address space */ if (mm->free_area_cache < len) goto fail; /* either no address requested or can't fit in requested address hole */ - addr = (mm->free_area_cache - len) & huge_page_mask(h); -+ addr = (mm->free_area_cache - len); ++ addr = mm->free_area_cache - len; do { + addr &= huge_page_mask(h); /* * Lookup failure means no vma is above this address, * i.e. return with success: -@@ -341,46 +349,47 @@ try_again: - * new region fits between prev_vma->vm_end and - * vma->vm_start, use it: - */ -- prev_vma = vma->vm_prev; -- if (addr + len <= vma->vm_start && -- (!prev_vma || (addr >= prev_vma->vm_end))) { +@@ -340,10 +346,10 @@ try_again: + if (!vma) + return addr; + +- if (addr + len <= vma->vm_start) { + if (check_heap_stack_gap(vma, addr, len)) { /* remember the address as a hint for next time */ - mm->cached_hole_size = largest_hole; - return (mm->free_area_cache = addr); -- } else { -- /* pull free_area_cache down to the first hole */ -- if (mm->free_area_cache == vma->vm_end) { -- mm->free_area_cache = vma->vm_start; -- mm->cached_hole_size = largest_hole; -- } + mm->cached_hole_size = largest_hole; + return (mm->free_area_cache = addr); -+ } -+ /* pull free_area_cache down to the first hole */ -+ if (mm->free_area_cache == vma->vm_end) { -+ mm->free_area_cache = vma->vm_start; -+ mm->cached_hole_size = largest_hole; - } + } else if (mm->free_area_cache == vma->vm_end) { + /* pull free_area_cache down to the first hole */ + mm->free_area_cache = vma->vm_start; +@@ -352,29 +358,34 @@ try_again: /* remember the largest hole we saw so far */ if (addr + largest_hole < vma->vm_start) @@ -24878,10 +24435,9 @@ index 8ecbb4b..a269cab 100644 - * if hint left us with no space for the requested - * mapping then try again: - */ -- if (first_time) { +- if (start_addr != base) { - mm->free_area_cache = base; - largest_hole = 0; -- first_time = 0; - goto try_again; - } - /* @@ -24909,7 +24465,7 @@ index 8ecbb4b..a269cab 100644 mm->cached_hole_size = ~0UL; addr = hugetlb_get_unmapped_area_bottomup(file, addr0, len, pgoff, flags); -@@ -388,6 +397,7 @@ fail: +@@ -382,6 +393,7 @@ fail: /* * Restore the topdown base: */ @@ -24917,7 +24473,7 @@ index 8ecbb4b..a269cab 100644 mm->free_area_cache = base; mm->cached_hole_size = ~0UL; -@@ -401,10 +411,19 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -395,10 +407,19 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, struct hstate *h = hstate_file(file); struct mm_struct *mm = current->mm; struct vm_area_struct *vma; @@ -24938,7 +24494,7 @@ index 8ecbb4b..a269cab 100644 return -ENOMEM; if (flags & MAP_FIXED) { -@@ -416,8 +435,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -410,8 +431,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, if (addr) { addr = ALIGN(addr, huge_page_size(h)); vma = find_vma(mm, addr); @@ -24949,18 +24505,19 @@ index 8ecbb4b..a269cab 100644 } if (mm->get_unmapped_area == arch_get_unmapped_area) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c -index 6cabf65..77e9c1c 100644 +index 4f0cec7..00976ce 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c -@@ -17,6 +17,7 @@ +@@ -16,6 +16,8 @@ #include #include #include /* for MAX_DMA_PFN */ +#include ++#include unsigned long __initdata pgt_buf_start; unsigned long __meminitdata pgt_buf_end; -@@ -33,7 +34,7 @@ int direct_gbpages +@@ -32,7 +34,7 @@ int direct_gbpages static void __init find_early_table_space(unsigned long end, int use_pse, int use_gbpages) { @@ -24969,8 +24526,16 @@ index 6cabf65..77e9c1c 100644 phys_addr_t base; puds = (end + PUD_SIZE - 1) >> PUD_SHIFT; -@@ -314,8 +315,29 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, +@@ -311,10 +313,37 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, + * Access has to be given to non-kernel-ram areas as well, these contain the PCI + * mmio resources as well as potential bios/acpi data regions. */ ++ ++#ifdef CONFIG_GRKERNSEC_KMEM ++static unsigned int ebda_start __read_only; ++static unsigned int ebda_end __read_only; ++#endif ++ int devmem_is_allowed(unsigned long pagenr) { +#ifdef CONFIG_GRKERNSEC_KMEM @@ -24978,7 +24543,7 @@ index 6cabf65..77e9c1c 100644 + if (!pagenr) + return 1; + /* allow EBDA */ -+ if ((0x9f000 >> PAGE_SHIFT) == pagenr) ++ if (pagenr >= ebda_start && pagenr < ebda_end) + return 1; +#else + if (!pagenr) @@ -25000,18 +24565,53 @@ index 6cabf65..77e9c1c 100644 if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) return 0; if (!page_is_ram(pagenr)) -@@ -374,6 +396,86 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) +@@ -371,8 +400,116 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) + #endif + } ++#ifdef CONFIG_GRKERNSEC_KMEM ++static inline void gr_init_ebda(void) ++{ ++ unsigned int ebda_addr; ++ unsigned int ebda_size = 0; ++ ++ ebda_addr = get_bios_ebda(); ++ if (ebda_addr) { ++ ebda_size = *(unsigned char *)phys_to_virt(ebda_addr); ++ ebda_size <<= 10; ++ } ++ if (ebda_addr && ebda_size) { ++ ebda_start = ebda_addr >> PAGE_SHIFT; ++ ebda_end = min((unsigned int)PAGE_ALIGN(ebda_addr + ebda_size), (unsigned int)0xa0000) >> PAGE_SHIFT; ++ } else { ++ ebda_start = 0x9f000 >> PAGE_SHIFT; ++ ebda_end = 0xa0000 >> PAGE_SHIFT; ++ } ++} ++#else ++static inline void gr_init_ebda(void) { } ++#endif ++ void free_initmem(void) { -+ +#ifdef CONFIG_PAX_KERNEXEC +#ifdef CONFIG_X86_32 + /* PaX: limit KERNEL_CS to actual size */ + unsigned long addr, limit; + struct desc_struct d; + int cpu; ++#else ++ pgd_t *pgd; ++ pud_t *pud; ++ pmd_t *pmd; ++ unsigned long addr, end; ++#endif ++#endif ++ ++ gr_init_ebda(); + ++#ifdef CONFIG_PAX_KERNEXEC ++#ifdef CONFIG_X86_32 + limit = paravirt_enabled() ? ktva_ktla(0xffffffff) : (unsigned long)&_etext; + limit = (limit - 1UL) >> PAGE_SHIFT; + @@ -25050,11 +24650,6 @@ index 6cabf65..77e9c1c 100644 +#endif + +#else -+ pgd_t *pgd; -+ pud_t *pud; -+ pmd_t *pmd; -+ unsigned long addr, end; -+ + /* PaX: make kernel code/rodata read-only, rest non-executable */ + for (addr = __START_KERNEL_map; addr < __START_KERNEL_map + KERNEL_IMAGE_SIZE; addr += PMD_SIZE) { + pgd = pgd_offset_k(addr); @@ -25088,10 +24683,10 @@ index 6cabf65..77e9c1c 100644 (unsigned long)(&__init_begin), (unsigned long)(&__init_end)); diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c -index 8663f6c..829ae76 100644 +index 575d86f..4987469 100644 --- a/arch/x86/mm/init_32.c +++ b/arch/x86/mm/init_32.c -@@ -74,36 +74,6 @@ static __init void *alloc_low_page(void) +@@ -73,36 +73,6 @@ static __init void *alloc_low_page(void) } /* @@ -25128,7 +24723,7 @@ index 8663f6c..829ae76 100644 * Create a page table and place a pointer to it in a middle page * directory entry: */ -@@ -123,13 +93,28 @@ static pte_t * __init one_page_table_init(pmd_t *pmd) +@@ -122,13 +92,28 @@ static pte_t * __init one_page_table_init(pmd_t *pmd) page_table = (pte_t *)alloc_low_page(); paravirt_alloc_pte(&init_mm, __pa(page_table) >> PAGE_SHIFT); @@ -25157,7 +24752,7 @@ index 8663f6c..829ae76 100644 pmd_t * __init populate_extra_pmd(unsigned long vaddr) { int pgd_idx = pgd_index(vaddr); -@@ -203,6 +188,7 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base) +@@ -202,6 +187,7 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base) int pgd_idx, pmd_idx; unsigned long vaddr; pgd_t *pgd; @@ -25165,7 +24760,7 @@ index 8663f6c..829ae76 100644 pmd_t *pmd; pte_t *pte = NULL; -@@ -212,8 +198,13 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base) +@@ -211,8 +197,13 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base) pgd = pgd_base + pgd_idx; for ( ; (pgd_idx < PTRS_PER_PGD) && (vaddr != end); pgd++, pgd_idx++) { @@ -25181,7 +24776,7 @@ index 8663f6c..829ae76 100644 for (; (pmd_idx < PTRS_PER_PMD) && (vaddr != end); pmd++, pmd_idx++) { pte = page_table_kmap_check(one_page_table_init(pmd), -@@ -225,11 +216,20 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base) +@@ -224,11 +215,20 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base) } } @@ -25206,7 +24801,7 @@ index 8663f6c..829ae76 100644 } /* -@@ -246,9 +246,10 @@ kernel_physical_mapping_init(unsigned long start, +@@ -245,9 +245,10 @@ kernel_physical_mapping_init(unsigned long start, unsigned long last_map_addr = end; unsigned long start_pfn, end_pfn; pgd_t *pgd_base = swapper_pg_dir; @@ -25218,7 +24813,7 @@ index 8663f6c..829ae76 100644 pmd_t *pmd; pte_t *pte; unsigned pages_2m, pages_4k; -@@ -281,8 +282,13 @@ repeat: +@@ -280,8 +281,13 @@ repeat: pfn = start_pfn; pgd_idx = pgd_index((pfn<= end_pfn) continue; -@@ -294,14 +300,13 @@ repeat: +@@ -293,14 +299,13 @@ repeat: #endif for (; pmd_idx < PTRS_PER_PMD && pfn < end_pfn; pmd++, pmd_idx++) { @@ -25250,7 +24845,7 @@ index 8663f6c..829ae76 100644 pgprot_t prot = PAGE_KERNEL_LARGE; /* * first pass will use the same initial -@@ -311,11 +316,7 @@ repeat: +@@ -310,11 +315,7 @@ repeat: __pgprot(PTE_IDENT_ATTR | _PAGE_PSE); @@ -25263,7 +24858,7 @@ index 8663f6c..829ae76 100644 prot = PAGE_KERNEL_LARGE_EXEC; pages_2m++; -@@ -332,7 +333,7 @@ repeat: +@@ -331,7 +332,7 @@ repeat: pte_ofs = pte_index((pfn<> 10, @@ -25341,7 +24936,7 @@ index 8663f6c..829ae76 100644 ((unsigned long)&_etext - (unsigned long)&_text) >> 10); /* -@@ -883,6 +888,7 @@ void set_kernel_text_rw(void) +@@ -882,6 +887,7 @@ void set_kernel_text_rw(void) if (!kernel_set_to_readonly) return; @@ -25349,7 +24944,7 @@ index 8663f6c..829ae76 100644 pr_debug("Set kernel text: %lx - %lx for read write\n", start, start+size); -@@ -897,6 +903,7 @@ void set_kernel_text_ro(void) +@@ -896,6 +902,7 @@ void set_kernel_text_ro(void) if (!kernel_set_to_readonly) return; @@ -25357,7 +24952,7 @@ index 8663f6c..829ae76 100644 pr_debug("Set kernel text: %lx - %lx for read only\n", start, start+size); -@@ -925,6 +932,7 @@ void mark_rodata_ro(void) +@@ -924,6 +931,7 @@ void mark_rodata_ro(void) unsigned long start = PFN_ALIGN(_text); unsigned long size = PFN_ALIGN(_etext) - start; @@ -25366,10 +24961,10 @@ index 8663f6c..829ae76 100644 printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10); diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index 436a030..4f97ffc 100644 +index fc18be0..e539653 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c -@@ -75,7 +75,7 @@ early_param("gbpages", parse_direct_gbpages_on); +@@ -74,7 +74,7 @@ early_param("gbpages", parse_direct_gbpages_on); * around without checking the pgd every time. */ @@ -25378,7 +24973,7 @@ index 436a030..4f97ffc 100644 EXPORT_SYMBOL_GPL(__supported_pte_mask); int force_personality32; -@@ -108,12 +108,22 @@ void sync_global_pgds(unsigned long start, unsigned long end) +@@ -107,12 +107,22 @@ void sync_global_pgds(unsigned long start, unsigned long end) for (address = start; address <= end; address += PGDIR_SIZE) { const pgd_t *pgd_ref = pgd_offset_k(address); @@ -25401,7 +24996,7 @@ index 436a030..4f97ffc 100644 list_for_each_entry(page, &pgd_list, lru) { pgd_t *pgd; spinlock_t *pgt_lock; -@@ -122,6 +132,7 @@ void sync_global_pgds(unsigned long start, unsigned long end) +@@ -121,6 +131,7 @@ void sync_global_pgds(unsigned long start, unsigned long end) /* the pgt_lock only for Xen */ pgt_lock = &pgd_page_get_mm(page)->page_table_lock; spin_lock(pgt_lock); @@ -25409,7 +25004,7 @@ index 436a030..4f97ffc 100644 if (pgd_none(*pgd)) set_pgd(pgd, *pgd_ref); -@@ -129,7 +140,10 @@ void sync_global_pgds(unsigned long start, unsigned long end) +@@ -128,7 +139,10 @@ void sync_global_pgds(unsigned long start, unsigned long end) BUG_ON(pgd_page_vaddr(*pgd) != pgd_page_vaddr(*pgd_ref)); @@ -25420,7 +25015,7 @@ index 436a030..4f97ffc 100644 } spin_unlock(&pgd_lock); } -@@ -162,7 +176,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr) +@@ -161,7 +175,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr) { if (pgd_none(*pgd)) { pud_t *pud = (pud_t *)spp_getpage(); @@ -25429,7 +25024,7 @@ index 436a030..4f97ffc 100644 if (pud != pud_offset(pgd, 0)) printk(KERN_ERR "PAGETABLE BUG #00! %p <-> %p\n", pud, pud_offset(pgd, 0)); -@@ -174,7 +188,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr) +@@ -173,7 +187,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr) { if (pud_none(*pud)) { pmd_t *pmd = (pmd_t *) spp_getpage(); @@ -25438,7 +25033,7 @@ index 436a030..4f97ffc 100644 if (pmd != pmd_offset(pud, 0)) printk(KERN_ERR "PAGETABLE BUG #01! %p <-> %p\n", pmd, pmd_offset(pud, 0)); -@@ -203,7 +217,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte) +@@ -202,7 +216,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte) pmd = fill_pmd(pud, vaddr); pte = fill_pte(pmd, vaddr); @@ -25448,7 +25043,7 @@ index 436a030..4f97ffc 100644 /* * It's enough to flush this one mapping. -@@ -262,14 +278,12 @@ static void __init __init_extra_mapping(unsigned long phys, unsigned long size, +@@ -261,14 +277,12 @@ static void __init __init_extra_mapping(unsigned long phys, unsigned long size, pgd = pgd_offset_k((unsigned long)__va(phys)); if (pgd_none(*pgd)) { pud = (pud_t *) spp_getpage(); @@ -25465,7 +25060,7 @@ index 436a030..4f97ffc 100644 } pmd = pmd_offset(pud, phys); BUG_ON(!pmd_none(*pmd)); -@@ -330,7 +344,7 @@ static __ref void *alloc_low_page(unsigned long *phys) +@@ -329,7 +343,7 @@ static __ref void *alloc_low_page(unsigned long *phys) if (pfn >= pgt_buf_top) panic("alloc_low_page: ran out of memory"); @@ -25474,7 +25069,7 @@ index 436a030..4f97ffc 100644 clear_page(adr); *phys = pfn * PAGE_SIZE; return adr; -@@ -346,7 +360,7 @@ static __ref void *map_low_page(void *virt) +@@ -345,7 +359,7 @@ static __ref void *map_low_page(void *virt) phys = __pa(virt); left = phys & (PAGE_SIZE - 1); @@ -25483,7 +25078,7 @@ index 436a030..4f97ffc 100644 adr = (void *)(((unsigned long)adr) | left); return adr; -@@ -546,7 +560,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end, +@@ -545,7 +559,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end, unmap_low_page(pmd); spin_lock(&init_mm.page_table_lock); @@ -25492,7 +25087,7 @@ index 436a030..4f97ffc 100644 spin_unlock(&init_mm.page_table_lock); } __flush_tlb_all(); -@@ -592,7 +606,7 @@ kernel_physical_mapping_init(unsigned long start, +@@ -591,7 +605,7 @@ kernel_physical_mapping_init(unsigned long start, unmap_low_page(pud); spin_lock(&init_mm.page_table_lock); @@ -25501,7 +25096,7 @@ index 436a030..4f97ffc 100644 spin_unlock(&init_mm.page_table_lock); pgd_changed = true; } -@@ -684,6 +698,12 @@ void __init mem_init(void) +@@ -683,6 +697,12 @@ void __init mem_init(void) pci_iommu_alloc(); @@ -25514,7 +25109,7 @@ index 436a030..4f97ffc 100644 /* clear_bss() already clear the empty_zero_page */ reservedpages = 0; -@@ -844,8 +864,8 @@ int kern_addr_valid(unsigned long addr) +@@ -843,8 +863,8 @@ int kern_addr_valid(unsigned long addr) static struct vm_area_struct gate_vma = { .vm_start = VSYSCALL_START, .vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE), @@ -25525,7 +25120,7 @@ index 436a030..4f97ffc 100644 }; struct vm_area_struct *get_gate_vma(struct mm_struct *mm) -@@ -879,7 +899,7 @@ int in_gate_area_no_mm(unsigned long addr) +@@ -878,7 +898,7 @@ int in_gate_area_no_mm(unsigned long addr) const char *arch_vma_name(struct vm_area_struct *vma) { @@ -25926,10 +25521,10 @@ index 9f0614d..92ae64a 100644 p += get_opcode(p, &opcode); for (i = 0; i < ARRAY_SIZE(imm_wop); i++) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c -index 8573b83..7d9628f 100644 +index 8573b83..4f3ed7e 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c -@@ -84,10 +84,60 @@ static inline void pgd_list_del(pgd_t *pgd) +@@ -84,10 +84,64 @@ static inline void pgd_list_del(pgd_t *pgd) list_del(&page->lru); } @@ -25938,16 +25533,20 @@ index 8573b83..7d9628f 100644 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) +pgdval_t clone_pgd_mask __read_only = ~_PAGE_PRESENT; -+void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count) ++void __shadow_user_pgds(pgd_t *dst, const pgd_t *src) +{ ++ unsigned int count = USER_PGD_PTRS; + + while (count--) + *dst++ = __pgd((pgd_val(*src++) | (_PAGE_NX & __supported_pte_mask)) & ~_PAGE_USER); +} +#endif - ++ +#ifdef CONFIG_PAX_PER_CPU_PGD -+void __clone_user_pgds(pgd_t *dst, const pgd_t *src, int count) ++void __clone_user_pgds(pgd_t *dst, const pgd_t *src) +{ ++ unsigned int count = USER_PGD_PTRS; ++ + while (count--) { + pgd_t pgd; + @@ -25992,7 +25591,7 @@ index 8573b83..7d9628f 100644 static void pgd_set_mm(pgd_t *pgd, struct mm_struct *mm) { BUILD_BUG_ON(sizeof(virt_to_page(pgd)->index) < sizeof(mm)); -@@ -128,6 +178,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -128,6 +182,7 @@ static void pgd_dtor(pgd_t *pgd) pgd_list_del(pgd); spin_unlock(&pgd_lock); } @@ -26000,7 +25599,7 @@ index 8573b83..7d9628f 100644 /* * List of all pgd's needed for non-PAE so it can invalidate entries -@@ -140,7 +191,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -140,7 +195,7 @@ static void pgd_dtor(pgd_t *pgd) * -- wli */ @@ -26009,7 +25608,7 @@ index 8573b83..7d9628f 100644 /* * In PAE mode, we need to do a cr3 reload (=tlb flush) when * updating the top-level pagetable entries to guarantee the -@@ -152,7 +203,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -152,7 +207,7 @@ static void pgd_dtor(pgd_t *pgd) * not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate * and initialize the kernel pmds here. */ @@ -26018,7 +25617,7 @@ index 8573b83..7d9628f 100644 void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) { -@@ -170,36 +221,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) +@@ -170,36 +225,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) */ flush_tlb_mm(mm); } @@ -26068,7 +25667,7 @@ index 8573b83..7d9628f 100644 return -ENOMEM; } -@@ -212,51 +265,55 @@ static int preallocate_pmds(pmd_t *pmds[]) +@@ -212,51 +269,55 @@ static int preallocate_pmds(pmd_t *pmds[]) * preallocate which never got a corresponding vma will need to be * freed manually. */ @@ -26141,7 +25740,7 @@ index 8573b83..7d9628f 100644 pgd = (pgd_t *)__get_free_page(PGALLOC_GFP); -@@ -265,11 +322,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) +@@ -265,11 +326,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) mm->pgd = pgd; @@ -26155,7 +25754,7 @@ index 8573b83..7d9628f 100644 /* * Make sure that pre-populating the pmds is atomic with -@@ -279,14 +336,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) +@@ -279,14 +340,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) spin_lock(&pgd_lock); pgd_ctor(mm, pgd); @@ -26173,7 +25772,7 @@ index 8573b83..7d9628f 100644 out_free_pgd: free_page((unsigned long)pgd); out: -@@ -295,7 +352,7 @@ out: +@@ -295,7 +356,7 @@ out: void pgd_free(struct mm_struct *mm, pgd_t *pgd) { @@ -26183,10 +25782,10 @@ index 8573b83..7d9628f 100644 paravirt_pgd_free(mm, pgd); free_page((unsigned long)pgd); diff --git a/arch/x86/mm/pgtable_32.c b/arch/x86/mm/pgtable_32.c -index cac7184..09a39fa 100644 +index a69bcb8..19068ab 100644 --- a/arch/x86/mm/pgtable_32.c +++ b/arch/x86/mm/pgtable_32.c -@@ -48,10 +48,13 @@ void set_pte_vaddr(unsigned long vaddr, pte_t pteval) +@@ -47,10 +47,13 @@ void set_pte_vaddr(unsigned long vaddr, pte_t pteval) return; } pte = pte_offset_kernel(pmd, vaddr); @@ -26250,7 +25849,7 @@ index d6c0418..06a0ad5 100644 EXPORT_SYMBOL_GPL(leave_mm); diff --git a/arch/x86/net/bpf_jit.S b/arch/x86/net/bpf_jit.S -index 6687022..ceabcfa 100644 +index 877b9a1..a8ecf42 100644 --- a/arch/x86/net/bpf_jit.S +++ b/arch/x86/net/bpf_jit.S @@ -9,6 +9,7 @@ @@ -26261,23 +25860,23 @@ index 6687022..ceabcfa 100644 /* * Calling convention : -@@ -35,6 +36,7 @@ sk_load_word: +@@ -35,6 +36,7 @@ sk_load_word_positive_offset: jle bpf_slow_path_word mov (SKBDATA,%rsi),%eax bswap %eax /* ntohl() */ + pax_force_retaddr ret - -@@ -53,6 +55,7 @@ sk_load_half: + sk_load_half: +@@ -52,6 +54,7 @@ sk_load_half_positive_offset: jle bpf_slow_path_half movzwl (SKBDATA,%rsi),%eax rol $8,%ax # ntohs() + pax_force_retaddr ret - sk_load_byte_ind: -@@ -66,6 +69,7 @@ sk_load_byte: + sk_load_byte: +@@ -66,6 +69,7 @@ sk_load_byte_positive_offset: cmp %esi,%r9d /* if (offset >= hlen) goto bpf_slow_path_byte */ jle bpf_slow_path_byte movzbl (SKBDATA,%rsi),%eax @@ -26285,23 +25884,15 @@ index 6687022..ceabcfa 100644 ret /** -@@ -82,6 +86,7 @@ ENTRY(sk_load_byte_msh) +@@ -87,6 +91,7 @@ sk_load_byte_msh_positive_offset: movzbl (SKBDATA,%rsi),%ebx and $15,%bl shl $2,%bl -+ pax_force_retaddr - ret - CFI_ENDPROC - ENDPROC(sk_load_byte_msh) -@@ -91,6 +96,7 @@ bpf_error: - xor %eax,%eax - mov -8(%rbp),%rbx - leaveq + pax_force_retaddr ret /* rsi contains offset and can be scratched */ -@@ -113,6 +119,7 @@ bpf_slow_path_word: +@@ -109,6 +114,7 @@ bpf_slow_path_word: js bpf_error mov -12(%rbp),%eax bswap %eax @@ -26309,7 +25900,7 @@ index 6687022..ceabcfa 100644 ret bpf_slow_path_half: -@@ -121,12 +128,14 @@ bpf_slow_path_half: +@@ -117,12 +123,14 @@ bpf_slow_path_half: mov -12(%rbp),%ax rol $8,%ax movzwl %ax,%eax @@ -26324,17 +25915,57 @@ index 6687022..ceabcfa 100644 ret bpf_slow_path_byte_msh: -@@ -137,4 +146,5 @@ bpf_slow_path_byte_msh: +@@ -133,6 +141,7 @@ bpf_slow_path_byte_msh: and $15,%al shl $2,%al xchg %eax,%ebx ++ pax_force_retaddr + ret + + #define sk_negative_common(SIZE) \ +@@ -157,6 +166,7 @@ sk_load_word_negative_offset: + sk_negative_common(4) + mov (%rax), %eax + bswap %eax ++ pax_force_retaddr + ret + + bpf_slow_path_half_neg: +@@ -168,6 +178,7 @@ sk_load_half_negative_offset: + mov (%rax),%ax + rol $8,%ax + movzwl %ax,%eax ++ pax_force_retaddr + ret + + bpf_slow_path_byte_neg: +@@ -177,6 +188,7 @@ sk_load_byte_negative_offset: + .globl sk_load_byte_negative_offset + sk_negative_common(1) + movzbl (%rax), %eax ++ pax_force_retaddr + ret + + bpf_slow_path_byte_msh_neg: +@@ -190,6 +202,7 @@ sk_load_byte_msh_negative_offset: + and $15,%al + shl $2,%al + xchg %eax,%ebx ++ pax_force_retaddr + ret + + bpf_error: +@@ -197,4 +210,5 @@ bpf_error: + xor %eax,%eax + mov -8(%rbp),%rbx + leaveq + pax_force_retaddr ret diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c -index 5a5b6e4..201d42e 100644 +index 0597f95..a12c36e 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c -@@ -117,6 +117,10 @@ static inline void bpf_flush_icache(void *start, void *end) +@@ -120,6 +120,11 @@ static inline void bpf_flush_icache(void *start, void *end) set_fs(old_fs); } @@ -26342,10 +25973,11 @@ index 5a5b6e4..201d42e 100644 + struct work_struct work; + void *image; +}; ++ + #define CHOOSE_LOAD_FUNC(K, func) \ + ((int)K < 0 ? ((int)K >= SKF_LL_OFF ? func##_negative_offset : func) : func##_positive_offset) - void bpf_jit_compile(struct sk_filter *fp) - { -@@ -141,6 +145,10 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -146,6 +151,10 @@ void bpf_jit_compile(struct sk_filter *fp) if (addrs == NULL) return; @@ -26356,25 +25988,7 @@ index 5a5b6e4..201d42e 100644 /* Before first pass, make a rough estimation of addrs[] * each bpf instruction is translated to less than 64 bytes */ -@@ -477,7 +485,7 @@ void bpf_jit_compile(struct sk_filter *fp) - common_load: seen |= SEEN_DATAREF; - if ((int)K < 0) { - /* Abort the JIT because __load_pointer() is needed. */ -- goto out; -+ goto error; - } - t_offset = func - (image + addrs[i]); - EMIT1_off32(0xbe, K); /* mov imm32,%esi */ -@@ -492,7 +500,7 @@ common_load: seen |= SEEN_DATAREF; - case BPF_S_LDX_B_MSH: - if ((int)K < 0) { - /* Abort the JIT because __load_pointer() is needed. */ -- goto out; -+ goto error; - } - seen |= SEEN_DATAREF | SEEN_XREG; - t_offset = sk_load_byte_msh - (image + addrs[i]); -@@ -582,17 +590,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -589,17 +598,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; break; default: /* hmm, too complex filter, give up with jit compiler */ @@ -26397,7 +26011,7 @@ index 5a5b6e4..201d42e 100644 } proglen += ilen; addrs[i] = proglen; -@@ -613,11 +622,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -620,11 +630,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; break; } if (proglen == oldproglen) { @@ -26411,7 +26025,7 @@ index 5a5b6e4..201d42e 100644 } oldproglen = proglen; } -@@ -633,7 +640,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -640,7 +648,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; bpf_flush_icache(image, image + proglen); fp->bpf_func = (void *)image; @@ -26423,7 +26037,7 @@ index 5a5b6e4..201d42e 100644 out: kfree(addrs); return; -@@ -641,18 +651,20 @@ out: +@@ -648,18 +659,20 @@ out: static void jit_free_defer(struct work_struct *arg) { @@ -26448,7 +26062,7 @@ index 5a5b6e4..201d42e 100644 } } diff --git a/arch/x86/oprofile/backtrace.c b/arch/x86/oprofile/backtrace.c -index bff89df..377758a 100644 +index d6aa6e8..266395a 100644 --- a/arch/x86/oprofile/backtrace.c +++ b/arch/x86/oprofile/backtrace.c @@ -46,11 +46,11 @@ dump_user_backtrace_32(struct stack_frame_ia32 *head) @@ -26484,20 +26098,20 @@ index bff89df..377758a 100644 if (depth) dump_trace(NULL, regs, (unsigned long *)stack, 0, diff --git a/arch/x86/pci/mrst.c b/arch/x86/pci/mrst.c -index cb29191..036766d 100644 +index 140942f..8a5cc55 100644 --- a/arch/x86/pci/mrst.c +++ b/arch/x86/pci/mrst.c -@@ -234,7 +234,9 @@ int __init pci_mrst_init(void) - printk(KERN_INFO "Moorestown platform detected, using MRST PCI ops\n"); +@@ -238,7 +238,9 @@ int __init pci_mrst_init(void) + printk(KERN_INFO "Intel MID platform detected, using MID PCI ops\n"); pci_mmcfg_late_init(); pcibios_enable_irq = mrst_pci_irq_enable; - pci_root_ops = pci_mrst_ops; + pax_open_kernel(); + memcpy((void *)&pci_root_ops, &pci_mrst_ops, sizeof(pci_mrst_ops)); + pax_close_kernel(); + pci_soc_mode = 1; /* Continue with standard init */ return 1; - } diff --git a/arch/x86/pci/pcbios.c b/arch/x86/pci/pcbios.c index da8fe05..7ee6704 100644 --- a/arch/x86/pci/pcbios.c @@ -27028,59 +26642,32 @@ index 4c07cca..2c8427d 100644 ret ENDPROC(efi_call6) diff --git a/arch/x86/platform/mrst/mrst.c b/arch/x86/platform/mrst/mrst.c -index 475e2cd..1b8e708 100644 +index e31bcd8..f12dc46 100644 --- a/arch/x86/platform/mrst/mrst.c +++ b/arch/x86/platform/mrst/mrst.c -@@ -76,18 +76,20 @@ struct sfi_rtc_table_entry sfi_mrtc_array[SFI_MRTC_MAX]; +@@ -78,13 +78,15 @@ struct sfi_rtc_table_entry sfi_mrtc_array[SFI_MRTC_MAX]; EXPORT_SYMBOL_GPL(sfi_mrtc_array); int sfi_mrtc_num; -static void mrst_power_off(void) +static __noreturn void mrst_power_off(void) { - if (__mrst_cpu_chip == MRST_CPU_CHIP_LINCROFT) - intel_scu_ipc_simple_command(IPCMSG_COLD_RESET, 1); + BUG(); } -static void mrst_reboot(void) +static __noreturn void mrst_reboot(void) { - if (__mrst_cpu_chip == MRST_CPU_CHIP_LINCROFT) - intel_scu_ipc_simple_command(IPCMSG_COLD_RESET, 0); - else - intel_scu_ipc_simple_command(IPCMSG_COLD_BOOT, 0); + intel_scu_ipc_simple_command(IPCMSG_COLD_BOOT, 0); + BUG(); } /* parse all the mtimer info to a static mtimer array */ -diff --git a/arch/x86/platform/uv/tlb_uv.c b/arch/x86/platform/uv/tlb_uv.c -index 3ae0e61..4202d86 100644 ---- a/arch/x86/platform/uv/tlb_uv.c -+++ b/arch/x86/platform/uv/tlb_uv.c -@@ -1424,6 +1424,8 @@ static ssize_t tunables_read(struct file *file, char __user *userbuf, - * 0: display meaning of the statistics - */ - static ssize_t ptc_proc_write(struct file *file, const char __user *user, -+ size_t count, loff_t *data) __size_overflow(3); -+static ssize_t ptc_proc_write(struct file *file, const char __user *user, - size_t count, loff_t *data) - { - int cpu; -@@ -1539,6 +1541,8 @@ static int parse_tunables_write(struct bau_control *bcp, char *instr, - * Handle a write to debugfs. (/sys/kernel/debug/sgi_uv/bau_tunables) - */ - static ssize_t tunables_write(struct file *file, const char __user *user, -+ size_t count, loff_t *data) __size_overflow(3); -+static ssize_t tunables_write(struct file *file, const char __user *user, - size_t count, loff_t *data) - { - int cpu; diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c -index f10c0af..3ec1f95 100644 +index 218cdb1..fd55c08 100644 --- a/arch/x86/power/cpu.c +++ b/arch/x86/power/cpu.c -@@ -131,7 +131,7 @@ static void do_fpu_end(void) +@@ -132,7 +132,7 @@ static void do_fpu_end(void) static void fix_processor_context(void) { int cpu = smp_processor_id(); @@ -27089,7 +26676,7 @@ index f10c0af..3ec1f95 100644 set_tss_desc(cpu, t); /* * This just modifies memory; should not be -@@ -141,7 +141,9 @@ static void fix_processor_context(void) +@@ -142,7 +142,9 @@ static void fix_processor_context(void) */ #ifdef CONFIG_X86_64 @@ -27099,11 +26686,197 @@ index f10c0af..3ec1f95 100644 syscall_init(); /* This sets MSR_*STAR and related */ #endif +diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c +index b685296..0180fa9 100644 +--- a/arch/x86/tools/relocs.c ++++ b/arch/x86/tools/relocs.c +@@ -12,10 +12,13 @@ + #include + #include + ++#include "../../../include/generated/autoconf.h" ++ + static void die(char *fmt, ...); + + #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) + static Elf32_Ehdr ehdr; ++static Elf32_Phdr *phdr; + static unsigned long reloc_count, reloc_idx; + static unsigned long *relocs; + static unsigned long reloc16_count, reloc16_idx; +@@ -323,9 +326,39 @@ static void read_ehdr(FILE *fp) + } + } + ++static void read_phdrs(FILE *fp) ++{ ++ unsigned int i; ++ ++ phdr = calloc(ehdr.e_phnum, sizeof(Elf32_Phdr)); ++ if (!phdr) { ++ die("Unable to allocate %d program headers\n", ++ ehdr.e_phnum); ++ } ++ if (fseek(fp, ehdr.e_phoff, SEEK_SET) < 0) { ++ die("Seek to %d failed: %s\n", ++ ehdr.e_phoff, strerror(errno)); ++ } ++ if (fread(phdr, sizeof(*phdr), ehdr.e_phnum, fp) != ehdr.e_phnum) { ++ die("Cannot read ELF program headers: %s\n", ++ strerror(errno)); ++ } ++ for(i = 0; i < ehdr.e_phnum; i++) { ++ phdr[i].p_type = elf32_to_cpu(phdr[i].p_type); ++ phdr[i].p_offset = elf32_to_cpu(phdr[i].p_offset); ++ phdr[i].p_vaddr = elf32_to_cpu(phdr[i].p_vaddr); ++ phdr[i].p_paddr = elf32_to_cpu(phdr[i].p_paddr); ++ phdr[i].p_filesz = elf32_to_cpu(phdr[i].p_filesz); ++ phdr[i].p_memsz = elf32_to_cpu(phdr[i].p_memsz); ++ phdr[i].p_flags = elf32_to_cpu(phdr[i].p_flags); ++ phdr[i].p_align = elf32_to_cpu(phdr[i].p_align); ++ } ++ ++} ++ + static void read_shdrs(FILE *fp) + { +- int i; ++ unsigned int i; + Elf32_Shdr shdr; + + secs = calloc(ehdr.e_shnum, sizeof(struct section)); +@@ -360,7 +393,7 @@ static void read_shdrs(FILE *fp) + + static void read_strtabs(FILE *fp) + { +- int i; ++ unsigned int i; + for (i = 0; i < ehdr.e_shnum; i++) { + struct section *sec = &secs[i]; + if (sec->shdr.sh_type != SHT_STRTAB) { +@@ -385,7 +418,7 @@ static void read_strtabs(FILE *fp) + + static void read_symtabs(FILE *fp) + { +- int i,j; ++ unsigned int i,j; + for (i = 0; i < ehdr.e_shnum; i++) { + struct section *sec = &secs[i]; + if (sec->shdr.sh_type != SHT_SYMTAB) { +@@ -418,7 +451,9 @@ static void read_symtabs(FILE *fp) + + static void read_relocs(FILE *fp) + { +- int i,j; ++ unsigned int i,j; ++ uint32_t base; ++ + for (i = 0; i < ehdr.e_shnum; i++) { + struct section *sec = &secs[i]; + if (sec->shdr.sh_type != SHT_REL) { +@@ -438,9 +473,22 @@ static void read_relocs(FILE *fp) + die("Cannot read symbol table: %s\n", + strerror(errno)); + } ++ base = 0; ++ ++#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32) ++ for (j = 0; j < ehdr.e_phnum; j++) { ++ if (phdr[j].p_type != PT_LOAD ) ++ continue; ++ if (secs[sec->shdr.sh_info].shdr.sh_offset < phdr[j].p_offset || secs[sec->shdr.sh_info].shdr.sh_offset >= phdr[j].p_offset + phdr[j].p_filesz) ++ continue; ++ base = CONFIG_PAGE_OFFSET + phdr[j].p_paddr - phdr[j].p_vaddr; ++ break; ++ } ++#endif ++ + for (j = 0; j < sec->shdr.sh_size/sizeof(Elf32_Rel); j++) { + Elf32_Rel *rel = &sec->reltab[j]; +- rel->r_offset = elf32_to_cpu(rel->r_offset); ++ rel->r_offset = elf32_to_cpu(rel->r_offset) + base; + rel->r_info = elf32_to_cpu(rel->r_info); + } + } +@@ -449,13 +497,13 @@ static void read_relocs(FILE *fp) + + static void print_absolute_symbols(void) + { +- int i; ++ unsigned int i; + printf("Absolute symbols\n"); + printf(" Num: Value Size Type Bind Visibility Name\n"); + for (i = 0; i < ehdr.e_shnum; i++) { + struct section *sec = &secs[i]; + char *sym_strtab; +- int j; ++ unsigned int j; + + if (sec->shdr.sh_type != SHT_SYMTAB) { + continue; +@@ -482,7 +530,7 @@ static void print_absolute_symbols(void) + + static void print_absolute_relocs(void) + { +- int i, printed = 0; ++ unsigned int i, printed = 0; + + for (i = 0; i < ehdr.e_shnum; i++) { + struct section *sec = &secs[i]; +@@ -551,7 +599,7 @@ static void print_absolute_relocs(void) + static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym), + int use_real_mode) + { +- int i; ++ unsigned int i; + /* Walk through the relocations */ + for (i = 0; i < ehdr.e_shnum; i++) { + char *sym_strtab; +@@ -581,6 +629,22 @@ static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym), + sym = &sh_symtab[ELF32_R_SYM(rel->r_info)]; + r_type = ELF32_R_TYPE(rel->r_info); + ++ /* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */ ++ if (!strcmp(sec_name(sym->st_shndx), ".data..percpu") && strcmp(sym_name(sym_strtab, sym), "__per_cpu_load")) ++ continue; ++ ++#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32) ++ /* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */ ++ if (!strcmp(sec_name(sym->st_shndx), ".module.text") && !strcmp(sym_name(sym_strtab, sym), "_etext")) ++ continue; ++ if (!strcmp(sec_name(sym->st_shndx), ".init.text")) ++ continue; ++ if (!strcmp(sec_name(sym->st_shndx), ".exit.text")) ++ continue; ++ if (!strcmp(sec_name(sym->st_shndx), ".text") && strcmp(sym_name(sym_strtab, sym), "__LOAD_PHYSICAL_ADDR")) ++ continue; ++#endif ++ + shn_abs = sym->st_shndx == SHN_ABS; + + switch (r_type) { +@@ -674,7 +738,7 @@ static int write32(unsigned int v, FILE *f) + + static void emit_relocs(int as_text, int use_real_mode) + { +- int i; ++ unsigned int i; + /* Count how many relocations I have and allocate space for them. */ + reloc_count = 0; + walk_relocs(count_reloc, use_real_mode); +@@ -801,6 +865,7 @@ int main(int argc, char **argv) + fname, strerror(errno)); + } + read_ehdr(fp); ++ read_phdrs(fp); + read_shdrs(fp); + read_strtabs(fp); + read_symtabs(fp); diff --git a/arch/x86/vdso/Makefile b/arch/x86/vdso/Makefile -index 5d17950..2253fc9 100644 +index fd14be1..e3c79c0 100644 --- a/arch/x86/vdso/Makefile +++ b/arch/x86/vdso/Makefile -@@ -137,7 +137,7 @@ quiet_cmd_vdso = VDSO $@ +@@ -181,7 +181,7 @@ quiet_cmd_vdso = VDSO $@ -Wl,-T,$(filter %.lds,$^) $(filter %.o,$^) && \ sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@' @@ -27113,7 +26886,7 @@ index 5d17950..2253fc9 100644 # diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c -index 468d591..8e80a0a 100644 +index 66e6d93..587f435 100644 --- a/arch/x86/vdso/vdso32-setup.c +++ b/arch/x86/vdso/vdso32-setup.c @@ -25,6 +25,7 @@ @@ -27139,10 +26912,10 @@ index 468d591..8e80a0a 100644 gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; - gate_vma.vm_page_prot = __P101; + gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags); - /* - * Make sure the vDSO gets into every core dump. - * Dumping its contents makes post-mortem fully interpretable later -@@ -331,14 +332,14 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) + + return 0; + } +@@ -330,14 +331,14 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) if (compat) addr = VDSO_HIGH_BASE; else { @@ -27159,7 +26932,7 @@ index 468d591..8e80a0a 100644 if (compat_uses_vma || !compat) { /* -@@ -361,11 +362,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -353,11 +354,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) } current_thread_info()->sysenter_return = @@ -27173,7 +26946,7 @@ index 468d591..8e80a0a 100644 up_write(&mm->mmap_sem); -@@ -412,8 +413,14 @@ __initcall(ia32_binfmt_init); +@@ -404,8 +405,14 @@ __initcall(ia32_binfmt_init); const char *arch_vma_name(struct vm_area_struct *vma) { @@ -27189,7 +26962,7 @@ index 468d591..8e80a0a 100644 return NULL; } -@@ -423,7 +430,7 @@ struct vm_area_struct *get_gate_vma(struct mm_struct *mm) +@@ -415,7 +422,7 @@ struct vm_area_struct *get_gate_vma(struct mm_struct *mm) * Check to see if the corresponding task was created in compat vdso * mode. */ @@ -27199,7 +26972,7 @@ index 468d591..8e80a0a 100644 return NULL; } diff --git a/arch/x86/vdso/vma.c b/arch/x86/vdso/vma.c -index 153407c..611cba9 100644 +index 00aaf04..4a26505 100644 --- a/arch/x86/vdso/vma.c +++ b/arch/x86/vdso/vma.c @@ -16,8 +16,6 @@ @@ -27211,7 +26984,7 @@ index 153407c..611cba9 100644 extern char vdso_start[], vdso_end[]; extern unsigned short vdso_sync_cpuid; -@@ -96,7 +94,6 @@ static unsigned long vdso_addr(unsigned long start, unsigned len) +@@ -141,7 +139,6 @@ static unsigned long vdso_addr(unsigned long start, unsigned len) * unaligned here as a result of stack start randomization. */ addr = PAGE_ALIGN(addr); @@ -27219,8 +26992,8 @@ index 153407c..611cba9 100644 return addr; } -@@ -106,40 +103,35 @@ static unsigned long vdso_addr(unsigned long start, unsigned len) - int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -154,30 +151,31 @@ static int setup_additional_pages(struct linux_binprm *bprm, + unsigned size) { struct mm_struct *mm = current->mm; - unsigned long addr; @@ -27236,9 +27009,9 @@ index 153407c..611cba9 100644 + if (!(mm->pax_flags & MF_PAX_RANDMMAP)) +#endif + - addr = vdso_addr(mm->start_stack, vdso_size); + addr = vdso_addr(mm->start_stack, size); + addr = align_addr(addr, NULL, ALIGN_VDSO); - addr = get_unmapped_area(NULL, addr, vdso_size, 0, 0); + addr = get_unmapped_area(NULL, addr, size, 0, 0); if (IS_ERR_VALUE(addr)) { ret = addr; goto up_fail; @@ -27247,23 +27020,23 @@ index 153407c..611cba9 100644 - current->mm->context.vdso = (void *)addr; + mm->context.vdso = addr; - ret = install_special_mapping(mm, addr, vdso_size, + ret = install_special_mapping(mm, addr, size, VM_READ|VM_EXEC| - VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC| - VM_ALWAYSDUMP, - vdso_pages); + VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC, + pages); - if (ret) { - current->mm->context.vdso = NULL; - goto up_fail; - } -+ + if (ret) + mm->context.vdso = 0; up_fail: up_write(&mm->mmap_sem); - return ret; +@@ -197,10 +195,3 @@ int x32_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) + vdsox32_size); } + #endif - -static __init int vdso_setup(char *s) -{ @@ -27272,10 +27045,10 @@ index 153407c..611cba9 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 4e517d4..68a48f5 100644 +index 6c7f1e8..de96944 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c -@@ -86,8 +86,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); +@@ -95,8 +95,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); struct shared_info xen_dummy_shared_info; @@ -27284,7 +27057,7 @@ index 4e517d4..68a48f5 100644 RESERVE_BRK(shared_info_page_brk, PAGE_SIZE); __read_mostly int xen_have_vector_callback; EXPORT_SYMBOL_GPL(xen_have_vector_callback); -@@ -1030,30 +1028,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { +@@ -1157,30 +1155,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { #endif }; @@ -27322,7 +27095,7 @@ index 4e517d4..68a48f5 100644 { if (pm_power_off) pm_power_off(); -@@ -1156,7 +1154,17 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1283,7 +1281,17 @@ asmlinkage void __init xen_start_kernel(void) __userpte_alloc_gfp &= ~__GFP_HIGHMEM; /* Work out if we support NX */ @@ -27341,7 +27114,7 @@ index 4e517d4..68a48f5 100644 xen_setup_features(); -@@ -1187,13 +1195,6 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1314,13 +1322,6 @@ asmlinkage void __init xen_start_kernel(void) machine_ops = xen_machine_ops; @@ -27356,7 +27129,7 @@ index 4e517d4..68a48f5 100644 #ifdef CONFIG_ACPI_NUMA diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index dc19347..1b07a2c 100644 +index 69f5857..0699dc5 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c @@ -1738,6 +1738,9 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, @@ -27381,7 +27154,7 @@ index dc19347..1b07a2c 100644 set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); -@@ -1963,6 +1970,7 @@ static void __init xen_post_allocator_init(void) +@@ -1964,6 +1971,7 @@ static void __init xen_post_allocator_init(void) pv_mmu_ops.set_pud = xen_set_pud; #if PAGETABLE_LEVELS == 4 pv_mmu_ops.set_pgd = xen_set_pgd; @@ -27389,7 +27162,7 @@ index dc19347..1b07a2c 100644 #endif /* This will work as long as patching hasn't happened yet -@@ -2044,6 +2052,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { +@@ -2045,6 +2053,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { .pud_val = PV_CALLEE_SAVE(xen_pud_val), .make_pud = PV_CALLEE_SAVE(xen_make_pud), .set_pgd = xen_set_pgd_hyper, @@ -27398,10 +27171,10 @@ index dc19347..1b07a2c 100644 .alloc_pud = xen_alloc_pmd_init, .release_pud = xen_release_pmd_init, diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c -index f2ce60a..14e08dc 100644 +index 0503c0c..ceb2d16 100644 --- a/arch/x86/xen/smp.c +++ b/arch/x86/xen/smp.c -@@ -209,11 +209,6 @@ static void __init xen_smp_prepare_boot_cpu(void) +@@ -215,11 +215,6 @@ static void __init xen_smp_prepare_boot_cpu(void) { BUG_ON(smp_processor_id() != 0); native_smp_prepare_boot_cpu(); @@ -27413,7 +27186,7 @@ index f2ce60a..14e08dc 100644 xen_filter_cpu_maps(); xen_setup_vcpu_info_placement(); } -@@ -290,12 +285,12 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle) +@@ -296,12 +291,12 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle) gdt = get_cpu_gdt_table(cpu); ctxt->flags = VGCF_IN_KERNEL; @@ -27429,7 +27202,7 @@ index f2ce60a..14e08dc 100644 #else ctxt->gs_base_kernel = per_cpu_offset(cpu); #endif -@@ -346,13 +341,12 @@ static int __cpuinit xen_cpu_up(unsigned int cpu) +@@ -352,13 +347,12 @@ static int __cpuinit xen_cpu_up(unsigned int cpu) int rc; per_cpu(current_task, cpu) = idle; @@ -27593,10 +27366,10 @@ index 623e1cd..ca1e109 100644 bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading); else diff --git a/block/blk-softirq.c b/block/blk-softirq.c -index 1366a89..e17f54b 100644 +index 467c8de..4bddc6d 100644 --- a/block/blk-softirq.c +++ b/block/blk-softirq.c -@@ -17,7 +17,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done); +@@ -18,7 +18,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done); * Softirq action handler - move entries to local list and loop over them * while passing them to the queue registered handler. */ @@ -27729,91 +27502,6 @@ index 260fa80..e8f3caf 100644 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; -diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c -index a0f768c..1da9c73 100644 ---- a/crypto/ablkcipher.c -+++ b/crypto/ablkcipher.c -@@ -307,6 +307,8 @@ int ablkcipher_walk_phys(struct ablkcipher_request *req, - EXPORT_SYMBOL_GPL(ablkcipher_walk_phys); - - static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key, -+ unsigned int keylen) __size_overflow(3); -+static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key, - unsigned int keylen) - { - struct ablkcipher_alg *cipher = crypto_ablkcipher_alg(tfm); -@@ -329,6 +331,8 @@ static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key, - } - - static int setkey(struct crypto_ablkcipher *tfm, const u8 *key, -+ unsigned int keylen) __size_overflow(3); -+static int setkey(struct crypto_ablkcipher *tfm, const u8 *key, - unsigned int keylen) - { - struct ablkcipher_alg *cipher = crypto_ablkcipher_alg(tfm); -diff --git a/crypto/aead.c b/crypto/aead.c -index 04add3dc..983032f 100644 ---- a/crypto/aead.c -+++ b/crypto/aead.c -@@ -27,6 +27,8 @@ - #include "internal.h" - - static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, -+ unsigned int keylen) __size_overflow(3); -+static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, - unsigned int keylen) - { - struct aead_alg *aead = crypto_aead_alg(tfm); -@@ -48,6 +50,7 @@ static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, - return ret; - } - -+static int setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen) __size_overflow(3); - static int setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen) - { - struct aead_alg *aead = crypto_aead_alg(tfm); -diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c -index 1e61d1a..cf06b86 100644 ---- a/crypto/blkcipher.c -+++ b/crypto/blkcipher.c -@@ -359,6 +359,8 @@ int blkcipher_walk_virt_block(struct blkcipher_desc *desc, - EXPORT_SYMBOL_GPL(blkcipher_walk_virt_block); - - static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, -+ unsigned int keylen) __size_overflow(3); -+static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, - unsigned int keylen) - { - struct blkcipher_alg *cipher = &tfm->__crt_alg->cra_blkcipher; -@@ -380,6 +382,7 @@ static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, - return ret; - } - -+static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) __size_overflow(3); - static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) - { - struct blkcipher_alg *cipher = &tfm->__crt_alg->cra_blkcipher; -diff --git a/crypto/cipher.c b/crypto/cipher.c -index 39541e0..802d956 100644 ---- a/crypto/cipher.c -+++ b/crypto/cipher.c -@@ -21,6 +21,8 @@ - #include "internal.h" - - static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, -+ unsigned int keylen) __size_overflow(3); -+static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, - unsigned int keylen) - { - struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher; -@@ -43,6 +45,7 @@ static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, - - } - -+static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) __size_overflow(3); - static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) - { - struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher; diff --git a/crypto/cryptd.c b/crypto/cryptd.c index 671d4d6..5f24030 100644 --- a/crypto/cryptd.c @@ -27837,7 +27525,7 @@ index 671d4d6..5f24030 100644 static void cryptd_queue_worker(struct work_struct *work); diff --git a/drivers/acpi/apei/cper.c b/drivers/acpi/apei/cper.c -index 5d41894..22021e4 100644 +index e6defd8..c26a225 100644 --- a/drivers/acpi/apei/cper.c +++ b/drivers/acpi/apei/cper.c @@ -38,12 +38,12 @@ @@ -27857,22 +27545,8 @@ index 5d41894..22021e4 100644 } EXPORT_SYMBOL_GPL(cper_next_record_id); -diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c -index 86933ca..5cb1a69 100644 ---- a/drivers/acpi/battery.c -+++ b/drivers/acpi/battery.c -@@ -787,6 +787,9 @@ static int acpi_battery_print_alarm(struct seq_file *seq, int result) - - static ssize_t acpi_battery_write_alarm(struct file *file, - const char __user * buffer, -+ size_t count, loff_t * ppos) __size_overflow(3); -+static ssize_t acpi_battery_write_alarm(struct file *file, -+ const char __user * buffer, - size_t count, loff_t * ppos) - { - int result = 0; diff --git a/drivers/acpi/ec_sys.c b/drivers/acpi/ec_sys.c -index b258cab..3fb7da7 100644 +index 7586544..636a2f0 100644 --- a/drivers/acpi/ec_sys.c +++ b/drivers/acpi/ec_sys.c @@ -12,6 +12,7 @@ @@ -27883,7 +27557,7 @@ index b258cab..3fb7da7 100644 #include "internal.h" MODULE_AUTHOR("Thomas Renninger "); -@@ -40,7 +41,7 @@ static ssize_t acpi_ec_read_io(struct file *f, char __user *buf, +@@ -34,7 +35,7 @@ static ssize_t acpi_ec_read_io(struct file *f, char __user *buf, * struct acpi_ec *ec = ((struct seq_file *)f->private_data)->private; */ unsigned int size = EC_SPACE_SIZE; @@ -27892,7 +27566,7 @@ index b258cab..3fb7da7 100644 loff_t init_off = *off; int err = 0; -@@ -53,9 +54,11 @@ static ssize_t acpi_ec_read_io(struct file *f, char __user *buf, +@@ -47,9 +48,11 @@ static ssize_t acpi_ec_read_io(struct file *f, char __user *buf, size = count; while (size) { @@ -27905,7 +27579,7 @@ index b258cab..3fb7da7 100644 *off += 1; size--; } -@@ -71,7 +74,6 @@ static ssize_t acpi_ec_write_io(struct file *f, const char __user *buf, +@@ -65,7 +68,6 @@ static ssize_t acpi_ec_write_io(struct file *f, const char __user *buf, unsigned int size = count; loff_t init_off = *off; @@ -27913,7 +27587,7 @@ index b258cab..3fb7da7 100644 int err = 0; if (*off >= EC_SPACE_SIZE) -@@ -82,7 +84,9 @@ static ssize_t acpi_ec_write_io(struct file *f, const char __user *buf, +@@ -76,7 +78,9 @@ static ssize_t acpi_ec_write_io(struct file *f, const char __user *buf, } while (size) { @@ -27963,10 +27637,10 @@ index 251c7b62..000462d 100644 bool enable = !device_may_wakeup(&dev->dev); device_set_wakeup_enable(&dev->dev, enable); diff --git a/drivers/acpi/processor_driver.c b/drivers/acpi/processor_driver.c -index 8ae05ce..7dbbed9 100644 +index 0734086..3ad3e4c 100644 --- a/drivers/acpi/processor_driver.c +++ b/drivers/acpi/processor_driver.c -@@ -555,7 +555,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device) +@@ -556,7 +556,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device) return 0; #endif @@ -27975,25 +27649,11 @@ index 8ae05ce..7dbbed9 100644 /* * Buggy BIOS check -diff --git a/drivers/acpi/sbs.c b/drivers/acpi/sbs.c -index 6e36d0c..f319944 100644 ---- a/drivers/acpi/sbs.c -+++ b/drivers/acpi/sbs.c -@@ -655,6 +655,9 @@ static int acpi_battery_read_alarm(struct seq_file *seq, void *offset) - - static ssize_t - acpi_battery_write_alarm(struct file *file, const char __user * buffer, -+ size_t count, loff_t * ppos) __size_overflow(3); -+static ssize_t -+acpi_battery_write_alarm(struct file *file, const char __user * buffer, - size_t count, loff_t * ppos) - { - struct seq_file *seq = file->private_data; diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index c06e0ec..a2c06ba 100644 +index d31ee55..8363a8b 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c -@@ -4736,7 +4736,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4742,7 +4742,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -28002,7 +27662,7 @@ index c06e0ec..a2c06ba 100644 ap = qc->ap; qc->flags = 0; -@@ -4752,7 +4752,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4758,7 +4758,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -28011,7 +27671,7 @@ index c06e0ec..a2c06ba 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5816,6 +5816,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5822,6 +5822,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -28019,7 +27679,7 @@ index c06e0ec..a2c06ba 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -5829,8 +5830,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5835,8 +5836,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -28031,7 +27691,7 @@ index c06e0ec..a2c06ba 100644 } diff --git a/drivers/ata/pata_arasan_cf.c b/drivers/ata/pata_arasan_cf.c -index 048589f..4002b98 100644 +index 3239517..343b5f6 100644 --- a/drivers/ata/pata_arasan_cf.c +++ b/drivers/ata/pata_arasan_cf.c @@ -862,7 +862,9 @@ static int __devinit arasan_cf_probe(struct platform_device *pdev) @@ -28152,10 +27812,10 @@ index b22d71c..d6e1049 100644 if (vcc->pop) vcc->pop(vcc,skb); else dev_kfree_skb(skb); diff --git a/drivers/atm/eni.c b/drivers/atm/eni.c -index 956e9ac..133516d 100644 +index 2059ee4..faf51c7 100644 --- a/drivers/atm/eni.c +++ b/drivers/atm/eni.c -@@ -526,7 +526,7 @@ static int rx_aal0(struct atm_vcc *vcc) +@@ -522,7 +522,7 @@ static int rx_aal0(struct atm_vcc *vcc) DPRINTK(DEV_LABEL "(itf %d): trashing empty cell\n", vcc->dev->number); length = 0; @@ -28164,7 +27824,7 @@ index 956e9ac..133516d 100644 } else { length = ATM_CELL_SIZE-1; /* no HEC */ -@@ -581,7 +581,7 @@ static int rx_aal5(struct atm_vcc *vcc) +@@ -577,7 +577,7 @@ static int rx_aal5(struct atm_vcc *vcc) size); } eff = length = 0; @@ -28173,7 +27833,7 @@ index 956e9ac..133516d 100644 } else { size = (descr & MID_RED_COUNT)*(ATM_CELL_PAYLOAD >> 2); -@@ -598,7 +598,7 @@ static int rx_aal5(struct atm_vcc *vcc) +@@ -594,7 +594,7 @@ static int rx_aal5(struct atm_vcc *vcc) "(VCI=%d,length=%ld,size=%ld (descr 0x%lx))\n", vcc->dev->number,vcc->vci,length,size << 2,descr); length = eff = 0; @@ -28182,7 +27842,7 @@ index 956e9ac..133516d 100644 } } skb = eff ? atm_alloc_charge(vcc,eff << 2,GFP_ATOMIC) : NULL; -@@ -771,7 +771,7 @@ rx_dequeued++; +@@ -767,7 +767,7 @@ rx_dequeued++; vcc->push(vcc,skb); pushed++; } @@ -28191,7 +27851,7 @@ index 956e9ac..133516d 100644 } wake_up(&eni_dev->rx_wait); } -@@ -1229,7 +1229,7 @@ static void dequeue_tx(struct atm_dev *dev) +@@ -1227,7 +1227,7 @@ static void dequeue_tx(struct atm_dev *dev) PCI_DMA_TODEVICE); if (vcc->pop) vcc->pop(vcc,skb); else dev_kfree_skb_irq(skb); @@ -28200,7 +27860,7 @@ index 956e9ac..133516d 100644 wake_up(&eni_dev->tx_wait); dma_complete++; } -@@ -1569,7 +1569,7 @@ tx_complete++; +@@ -1567,7 +1567,7 @@ tx_complete++; /*--------------------------------- entries ---------------------------------*/ @@ -28210,10 +27870,10 @@ index 956e9ac..133516d 100644 "UTP", "05?", "06?", "07?", /* 4- 7 */ "TAXI","09?", "10?", "11?", /* 8-11 */ diff --git a/drivers/atm/firestream.c b/drivers/atm/firestream.c -index 5072f8a..fa52520d 100644 +index 86fed1b..6dc4721 100644 --- a/drivers/atm/firestream.c +++ b/drivers/atm/firestream.c -@@ -750,7 +750,7 @@ static void process_txdone_queue (struct fs_dev *dev, struct queue *q) +@@ -749,7 +749,7 @@ static void process_txdone_queue (struct fs_dev *dev, struct queue *q) } } @@ -28222,7 +27882,7 @@ index 5072f8a..fa52520d 100644 fs_dprintk (FS_DEBUG_TXMEM, "i"); fs_dprintk (FS_DEBUG_ALLOC, "Free t-skb: %p\n", skb); -@@ -817,7 +817,7 @@ static void process_incoming (struct fs_dev *dev, struct queue *q) +@@ -816,7 +816,7 @@ static void process_incoming (struct fs_dev *dev, struct queue *q) #endif skb_put (skb, qe->p1 & 0xffff); ATM_SKB(skb)->vcc = atm_vcc; @@ -28231,7 +27891,7 @@ index 5072f8a..fa52520d 100644 __net_timestamp(skb); fs_dprintk (FS_DEBUG_ALLOC, "Free rec-skb: %p (pushed)\n", skb); atm_vcc->push (atm_vcc, skb); -@@ -838,12 +838,12 @@ static void process_incoming (struct fs_dev *dev, struct queue *q) +@@ -837,12 +837,12 @@ static void process_incoming (struct fs_dev *dev, struct queue *q) kfree (pe); } if (atm_vcc) @@ -28392,10 +28052,10 @@ index b182c2f..1c6fa8a 100644 return 0; } diff --git a/drivers/atm/horizon.c b/drivers/atm/horizon.c -index b812103..e391a49 100644 +index 75fd691..2d20b14 100644 --- a/drivers/atm/horizon.c +++ b/drivers/atm/horizon.c -@@ -1035,7 +1035,7 @@ static void rx_schedule (hrz_dev * dev, int irq) { +@@ -1034,7 +1034,7 @@ static void rx_schedule (hrz_dev * dev, int irq) { { struct atm_vcc * vcc = ATM_SKB(skb)->vcc; // VC layer stats @@ -28404,7 +28064,7 @@ index b812103..e391a49 100644 __net_timestamp(skb); // end of our responsibility vcc->push (vcc, skb); -@@ -1187,7 +1187,7 @@ static void tx_schedule (hrz_dev * const dev, int irq) { +@@ -1186,7 +1186,7 @@ static void tx_schedule (hrz_dev * const dev, int irq) { dev->tx_iovec = NULL; // VC layer stats @@ -28572,10 +28232,10 @@ index 1c05212..c28e200 100644 } atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc); diff --git a/drivers/atm/iphase.c b/drivers/atm/iphase.c -index 9e373ba..cf93727 100644 +index d438601..8b98495 100644 --- a/drivers/atm/iphase.c +++ b/drivers/atm/iphase.c -@@ -1146,7 +1146,7 @@ static int rx_pkt(struct atm_dev *dev) +@@ -1145,7 +1145,7 @@ static int rx_pkt(struct atm_dev *dev) status = (u_short) (buf_desc_ptr->desc_mode); if (status & (RX_CER | RX_PTE | RX_OFL)) { @@ -28584,7 +28244,7 @@ index 9e373ba..cf93727 100644 IF_ERR(printk("IA: bad packet, dropping it");) if (status & RX_CER) { IF_ERR(printk(" cause: packet CRC error\n");) -@@ -1169,7 +1169,7 @@ static int rx_pkt(struct atm_dev *dev) +@@ -1168,7 +1168,7 @@ static int rx_pkt(struct atm_dev *dev) len = dma_addr - buf_addr; if (len > iadev->rx_buf_sz) { printk("Over %d bytes sdu received, dropped!!!\n", iadev->rx_buf_sz); @@ -28593,7 +28253,7 @@ index 9e373ba..cf93727 100644 goto out_free_desc; } -@@ -1319,7 +1319,7 @@ static void rx_dle_intr(struct atm_dev *dev) +@@ -1318,7 +1318,7 @@ static void rx_dle_intr(struct atm_dev *dev) ia_vcc = INPH_IA_VCC(vcc); if (ia_vcc == NULL) { @@ -28602,7 +28262,7 @@ index 9e373ba..cf93727 100644 atm_return(vcc, skb->truesize); dev_kfree_skb_any(skb); goto INCR_DLE; -@@ -1331,7 +1331,7 @@ static void rx_dle_intr(struct atm_dev *dev) +@@ -1330,7 +1330,7 @@ static void rx_dle_intr(struct atm_dev *dev) if ((length > iadev->rx_buf_sz) || (length > (skb->len - sizeof(struct cpcs_trailer)))) { @@ -28611,7 +28271,7 @@ index 9e373ba..cf93727 100644 IF_ERR(printk("rx_dle_intr: Bad AAL5 trailer %d (skb len %d)", length, skb->len);) atm_return(vcc, skb->truesize); -@@ -1347,7 +1347,7 @@ static void rx_dle_intr(struct atm_dev *dev) +@@ -1346,7 +1346,7 @@ static void rx_dle_intr(struct atm_dev *dev) IF_RX(printk("rx_dle_intr: skb push");) vcc->push(vcc,skb); @@ -28620,7 +28280,7 @@ index 9e373ba..cf93727 100644 iadev->rx_pkt_cnt++; } INCR_DLE: -@@ -2827,15 +2827,15 @@ static int ia_ioctl(struct atm_dev *dev, unsigned int cmd, void __user *arg) +@@ -2826,15 +2826,15 @@ static int ia_ioctl(struct atm_dev *dev, unsigned int cmd, void __user *arg) { struct k_sonet_stats *stats; stats = &PRIV(_ia_dev[board])->sonet_stats; @@ -28645,7 +28305,7 @@ index 9e373ba..cf93727 100644 } ia_cmds.status = 0; break; -@@ -2940,7 +2940,7 @@ static int ia_pkt_tx (struct atm_vcc *vcc, struct sk_buff *skb) { +@@ -2939,7 +2939,7 @@ static int ia_pkt_tx (struct atm_vcc *vcc, struct sk_buff *skb) { if ((desc == 0) || (desc > iadev->num_tx_desc)) { IF_ERR(printk(DEV_LABEL "invalid desc for send: %d\n", desc);) @@ -28654,7 +28314,7 @@ index 9e373ba..cf93727 100644 if (vcc->pop) vcc->pop(vcc, skb); else -@@ -3045,14 +3045,14 @@ static int ia_pkt_tx (struct atm_vcc *vcc, struct sk_buff *skb) { +@@ -3044,14 +3044,14 @@ static int ia_pkt_tx (struct atm_vcc *vcc, struct sk_buff *skb) { ATM_DESC(skb) = vcc->vci; skb_queue_tail(&iadev->tx_dma_q, skb); @@ -28672,7 +28332,7 @@ index 9e373ba..cf93727 100644 vcc->tx_quota = vcc->tx_quota * 3 / 4; printk("Tx1: vcc->tx_quota = %d \n", (u32)vcc->tx_quota ); diff --git a/drivers/atm/lanai.c b/drivers/atm/lanai.c -index f556969..0da15eb 100644 +index 68c7588..7036683 100644 --- a/drivers/atm/lanai.c +++ b/drivers/atm/lanai.c @@ -1303,7 +1303,7 @@ static void lanai_send_one_aal5(struct lanai_dev *lanai, @@ -28935,7 +28595,7 @@ index 1c70c45..300718d 100644 } diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c -index e8cd652..bbbd1fc 100644 +index 9851093..adb2b1e 100644 --- a/drivers/atm/solos-pci.c +++ b/drivers/atm/solos-pci.c @@ -714,7 +714,7 @@ void solos_bh(unsigned long card_arg) @@ -28947,7 +28607,7 @@ index e8cd652..bbbd1fc 100644 break; case PKT_STATUS: -@@ -1008,7 +1008,7 @@ static uint32_t fpga_tx(struct solos_card *card) +@@ -1009,7 +1009,7 @@ static uint32_t fpga_tx(struct solos_card *card) vcc = SKB_CB(oldskb)->vcc; if (vcc) { @@ -28957,10 +28617,10 @@ index e8cd652..bbbd1fc 100644 } else dev_kfree_skb_irq(oldskb); diff --git a/drivers/atm/suni.c b/drivers/atm/suni.c -index 90f1ccc..04c4a1e 100644 +index 0215934..ce9f5b1 100644 --- a/drivers/atm/suni.c +++ b/drivers/atm/suni.c -@@ -50,8 +50,8 @@ static DEFINE_SPINLOCK(sunis_lock); +@@ -49,8 +49,8 @@ static DEFINE_SPINLOCK(sunis_lock); #define ADD_LIMITED(s,v) \ @@ -29020,10 +28680,10 @@ index 5120a96..e2572bd 100644 } diff --git a/drivers/atm/zatm.c b/drivers/atm/zatm.c -index d889f56..17eb71e 100644 +index abe4e20..83c4727 100644 --- a/drivers/atm/zatm.c +++ b/drivers/atm/zatm.c -@@ -460,7 +460,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy[0],dummy[1]); +@@ -459,7 +459,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy[0],dummy[1]); } if (!size) { dev_kfree_skb_irq(skb); @@ -29032,7 +28692,7 @@ index d889f56..17eb71e 100644 continue; } if (!atm_charge(vcc,skb->truesize)) { -@@ -470,7 +470,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy[0],dummy[1]); +@@ -469,7 +469,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy[0],dummy[1]); skb->len = size; ATM_SKB(skb)->vcc = vcc; vcc->push(vcc,skb); @@ -29041,7 +28701,7 @@ index d889f56..17eb71e 100644 } zout(pos & 0xffff,MTA(mbx)); #if 0 /* probably a stupid idea */ -@@ -734,7 +734,7 @@ if (*ZATM_PRV_DSC(skb) != (uPD98401_TXPD_V | uPD98401_TXPD_DP | +@@ -733,7 +733,7 @@ if (*ZATM_PRV_DSC(skb) != (uPD98401_TXPD_V | uPD98401_TXPD_DP | skb_queue_head(&zatm_vcc->backlog,skb); break; } @@ -29063,8 +28723,27 @@ index 8493536..31adee0 100644 if (err) printk(KERN_INFO "devtmpfs: error mounting %i\n", err); else +diff --git a/drivers/base/node.c b/drivers/base/node.c +index 90aa2a1..af1a177 100644 +--- a/drivers/base/node.c ++++ b/drivers/base/node.c +@@ -592,11 +592,9 @@ static ssize_t print_nodes_state(enum node_states state, char *buf) + { + int n; + +- n = nodelist_scnprintf(buf, PAGE_SIZE, node_states[state]); +- if (n > 0 && PAGE_SIZE > n + 1) { +- *(buf + n++) = '\n'; +- *(buf + n++) = '\0'; +- } ++ n = nodelist_scnprintf(buf, PAGE_SIZE-2, node_states[state]); ++ buf[n++] = '\n'; ++ buf[n] = '\0'; + return n; + } + diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c -index caf995f..6f76697 100644 +index 2a3e581..3d6a73f 100644 --- a/drivers/base/power/wakeup.c +++ b/drivers/base/power/wakeup.c @@ -30,14 +30,14 @@ bool events_check_enabled; @@ -29084,7 +28763,7 @@ index caf995f..6f76697 100644 *cnt = (comb >> IN_PROGRESS_BITS); *inpr = comb & MAX_IN_PROGRESS; -@@ -353,7 +353,7 @@ static void wakeup_source_activate(struct wakeup_source *ws) +@@ -379,7 +379,7 @@ static void wakeup_source_activate(struct wakeup_source *ws) ws->last_time = ktime_get(); /* Increment the counter of events in progress. */ @@ -29093,7 +28772,7 @@ index caf995f..6f76697 100644 } /** -@@ -443,7 +443,7 @@ static void wakeup_source_deactivate(struct wakeup_source *ws) +@@ -475,7 +475,7 @@ static void wakeup_source_deactivate(struct wakeup_source *ws) * Increment the counter of registered wakeup events and decrement the * couter of wakeup events in progress simultaneously. */ @@ -29479,18 +29158,9 @@ index 211fc44..c5116f1 100644 mdev->bm_writ_cnt = mdev->read_cnt = diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c -index af2a250..0fdeb75 100644 +index 946166e..356b39a 100644 --- a/drivers/block/drbd/drbd_nl.c +++ b/drivers/block/drbd/drbd_nl.c -@@ -2297,7 +2297,7 @@ static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms - return; - } - -- if (!cap_raised(current_cap(), CAP_SYS_ADMIN)) { -+ if (!capable(CAP_SYS_ADMIN)) { - retcode = ERR_PERM; - goto fail; - } @@ -2359,7 +2359,7 @@ static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms module_put(THIS_MODULE); } @@ -29626,7 +29296,7 @@ index 43beaca..4a5b1dd 100644 } diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index cd50435..ba1ffb5 100644 +index bbca966..65e37dd 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -226,7 +226,7 @@ static int __do_lo_send_write(struct file *file, @@ -29639,7 +29309,7 @@ index cd50435..ba1ffb5 100644 if (likely(bw == len)) return 0; diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig -index 4364303..9adf4ee 100644 +index ee94686..3e09ad3 100644 --- a/drivers/char/Kconfig +++ b/drivers/char/Kconfig @@ -8,7 +8,8 @@ source "drivers/tty/Kconfig" @@ -29652,7 +29322,7 @@ index 4364303..9adf4ee 100644 help Say Y here if you want to support the /dev/kmem device. The /dev/kmem device is rarely used, but can be used for certain -@@ -596,6 +597,7 @@ config DEVPORT +@@ -581,6 +582,7 @@ config DEVPORT bool depends on !M68K depends on ISA || PCI @@ -29673,56 +29343,11 @@ index 2e04433..22afc64 100644 return -EFAULT; client = agp_find_client_by_pid(reserve.pid); -diff --git a/drivers/char/briq_panel.c b/drivers/char/briq_panel.c -index 095ab90..afad0a4 100644 ---- a/drivers/char/briq_panel.c -+++ b/drivers/char/briq_panel.c -@@ -9,6 +9,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -34,6 +35,7 @@ static int vfd_is_open; - static unsigned char vfd[40]; - static int vfd_cursor; - static unsigned char ledpb, led; -+static DEFINE_MUTEX(vfd_mutex); - - static void update_vfd(void) - { -@@ -140,12 +142,15 @@ static ssize_t briq_panel_write(struct file *file, const char __user *buf, size_ - if (!vfd_is_open) - return -EBUSY; - -+ mutex_lock(&vfd_mutex); - for (;;) { - char c; - if (!indx) - break; -- if (get_user(c, buf)) -+ if (get_user(c, buf)) { -+ mutex_unlock(&vfd_mutex); - return -EFAULT; -+ } - if (esc) { - set_led(c); - esc = 0; -@@ -175,6 +180,7 @@ static ssize_t briq_panel_write(struct file *file, const char __user *buf, size_ - buf++; - } - update_vfd(); -+ mutex_unlock(&vfd_mutex); - - return len; - } diff --git a/drivers/char/genrtc.c b/drivers/char/genrtc.c -index f773a9d..65cd683 100644 +index 21cb980..f15107c 100644 --- a/drivers/char/genrtc.c +++ b/drivers/char/genrtc.c -@@ -273,6 +273,7 @@ static int gen_rtc_ioctl(struct file *file, +@@ -272,6 +272,7 @@ static int gen_rtc_ioctl(struct file *file, switch (cmd) { case RTC_PLL_GET: @@ -29731,10 +29356,10 @@ index f773a9d..65cd683 100644 return -EINVAL; else diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c -index 0833896..cccce52 100644 +index dfd7876..c0b0885 100644 --- a/drivers/char/hpet.c +++ b/drivers/char/hpet.c -@@ -572,7 +572,7 @@ static inline unsigned long hpet_time_div(struct hpets *hpets, +@@ -571,7 +571,7 @@ static inline unsigned long hpet_time_div(struct hpets *hpets, } static int @@ -29744,10 +29369,10 @@ index 0833896..cccce52 100644 { struct hpet_timer __iomem *timer; diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c -index 58c0e63..46c16bf 100644 +index 2c29942..604c5ba 100644 --- a/drivers/char/ipmi/ipmi_msghandler.c +++ b/drivers/char/ipmi/ipmi_msghandler.c -@@ -415,7 +415,7 @@ struct ipmi_smi { +@@ -420,7 +420,7 @@ struct ipmi_smi { struct proc_dir_entry *proc_dir; char proc_dir_name[10]; @@ -29756,7 +29381,7 @@ index 58c0e63..46c16bf 100644 /* * run_to_completion duplicate of smb_info, smi_info -@@ -448,9 +448,9 @@ static DEFINE_MUTEX(smi_watchers_mutex); +@@ -453,9 +453,9 @@ static DEFINE_MUTEX(smi_watchers_mutex); #define ipmi_inc_stat(intf, stat) \ @@ -29768,7 +29393,7 @@ index 58c0e63..46c16bf 100644 static int is_lan_addr(struct ipmi_addr *addr) { -@@ -2868,7 +2868,7 @@ int ipmi_register_smi(struct ipmi_smi_handlers *handlers, +@@ -2884,7 +2884,7 @@ int ipmi_register_smi(struct ipmi_smi_handlers *handlers, INIT_LIST_HEAD(&intf->cmd_rcvrs); init_waitqueue_head(&intf->waitq); for (i = 0; i < IPMI_NUM_STATS; i++) @@ -29778,10 +29403,10 @@ index 58c0e63..46c16bf 100644 intf->proc_dir = NULL; diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c -index 50fcf9c..91b5528 100644 +index 1e638ff..a869ef5 100644 --- a/drivers/char/ipmi/ipmi_si_intf.c +++ b/drivers/char/ipmi/ipmi_si_intf.c -@@ -277,7 +277,7 @@ struct smi_info { +@@ -275,7 +275,7 @@ struct smi_info { unsigned char slave_addr; /* Counters and things for the proc filesystem. */ @@ -29790,7 +29415,7 @@ index 50fcf9c..91b5528 100644 struct task_struct *thread; -@@ -286,9 +286,9 @@ struct smi_info { +@@ -284,9 +284,9 @@ struct smi_info { }; #define smi_inc_stat(smi, stat) \ @@ -29802,7 +29427,7 @@ index 50fcf9c..91b5528 100644 #define SI_MAX_PARMS 4 -@@ -3230,7 +3230,7 @@ static int try_smi_init(struct smi_info *new_smi) +@@ -3209,7 +3209,7 @@ static int try_smi_init(struct smi_info *new_smi) atomic_set(&new_smi->req_events, 0); new_smi->run_to_completion = 0; for (i = 0; i < SI_NUM_STATS; i++) @@ -29812,10 +29437,10 @@ index 50fcf9c..91b5528 100644 new_smi->interrupt_disabled = 1; atomic_set(&new_smi->stop_operation, 0); diff --git a/drivers/char/mbcs.c b/drivers/char/mbcs.c -index 1aeaaba..e018570 100644 +index 47ff7e4..0c7d340 100644 --- a/drivers/char/mbcs.c +++ b/drivers/char/mbcs.c -@@ -800,7 +800,7 @@ static int mbcs_remove(struct cx_dev *dev) +@@ -799,7 +799,7 @@ static int mbcs_remove(struct cx_dev *dev) return 0; } @@ -29961,10 +29586,10 @@ index d6e9d08..4493e89 100644 static int memory_open(struct inode *inode, struct file *filp) diff --git a/drivers/char/nvram.c b/drivers/char/nvram.c -index da3cfee..a5a6606 100644 +index 9df78e2..01ba9ae 100644 --- a/drivers/char/nvram.c +++ b/drivers/char/nvram.c -@@ -248,7 +248,7 @@ static ssize_t nvram_read(struct file *file, char __user *buf, +@@ -247,7 +247,7 @@ static ssize_t nvram_read(struct file *file, char __user *buf, spin_unlock_irq(&rtc_lock); @@ -29974,7 +29599,7 @@ index da3cfee..a5a6606 100644 *ppos = i; diff --git a/drivers/char/random.c b/drivers/char/random.c -index 54ca8b2..4a092ed 100644 +index 4ec04a7..4a092ed 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -261,8 +261,13 @@ @@ -30027,38 +29652,19 @@ index 54ca8b2..4a092ed 100644 static int max_write_thresh = INPUT_POOL_WORDS * 32; static char sysctl_bootid[16]; -@@ -1260,10 +1272,15 @@ static int proc_do_uuid(ctl_table *table, int write, - uuid = table->data; - if (!uuid) { - uuid = tmp_uuid; -- uuid[8] = 0; -- } -- if (uuid[8] == 0) - generate_random_uuid(uuid); -+ } else { -+ static DEFINE_SPINLOCK(bootid_spinlock); -+ -+ spin_lock(&bootid_spinlock); -+ if (!uuid[8]) -+ generate_random_uuid(uuid); -+ spin_unlock(&bootid_spinlock); -+ } - - sprintf(buf, "%pU", uuid); - diff --git a/drivers/char/sonypi.c b/drivers/char/sonypi.c -index 1ee8ce7..b778bef 100644 +index 45713f0..8286d21 100644 --- a/drivers/char/sonypi.c +++ b/drivers/char/sonypi.c -@@ -55,6 +55,7 @@ +@@ -54,6 +54,7 @@ + #include #include - #include +#include #include -@@ -491,7 +492,7 @@ static struct sonypi_device { +@@ -490,7 +491,7 @@ static struct sonypi_device { spinlock_t fifo_lock; wait_queue_head_t fifo_proc_list; struct fasync_struct *fifo_async; @@ -30067,7 +29673,7 @@ index 1ee8ce7..b778bef 100644 int model; struct input_dev *input_jog_dev; struct input_dev *input_key_dev; -@@ -898,7 +899,7 @@ static int sonypi_misc_fasync(int fd, struct file *filp, int on) +@@ -897,7 +898,7 @@ static int sonypi_misc_fasync(int fd, struct file *filp, int on) static int sonypi_misc_release(struct inode *inode, struct file *file) { mutex_lock(&sonypi_device.lock); @@ -30076,7 +29682,7 @@ index 1ee8ce7..b778bef 100644 mutex_unlock(&sonypi_device.lock); return 0; } -@@ -907,9 +908,9 @@ static int sonypi_misc_open(struct inode *inode, struct file *file) +@@ -906,9 +907,9 @@ static int sonypi_misc_open(struct inode *inode, struct file *file) { mutex_lock(&sonypi_device.lock); /* Flush input queue on first open */ @@ -30149,7 +29755,7 @@ index 0636520..169c1d0 100644 acpi_os_unmap_memory(virt, len); return 0; diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c -index b58b561..c9088c8 100644 +index cdf2f54..e55c197 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c @@ -563,7 +563,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, @@ -30170,58 +29776,6 @@ index b58b561..c9088c8 100644 } static ssize_t port_fops_write(struct file *filp, const char __user *ubuf, -diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c -index c9eee6d..f9d5280 100644 ---- a/drivers/edac/amd64_edac.c -+++ b/drivers/edac/amd64_edac.c -@@ -2685,7 +2685,7 @@ static void __devexit amd64_remove_one_instance(struct pci_dev *pdev) - * PCI core identifies what devices are on a system during boot, and then - * inquiry this table to see if this driver is for a given device found. - */ --static const struct pci_device_id amd64_pci_table[] __devinitdata = { -+static const struct pci_device_id amd64_pci_table[] __devinitconst = { - { - .vendor = PCI_VENDOR_ID_AMD, - .device = PCI_DEVICE_ID_AMD_K8_NB_MEMCTL, -diff --git a/drivers/edac/amd76x_edac.c b/drivers/edac/amd76x_edac.c -index e47e73b..348e0bd 100644 ---- a/drivers/edac/amd76x_edac.c -+++ b/drivers/edac/amd76x_edac.c -@@ -321,7 +321,7 @@ static void __devexit amd76x_remove_one(struct pci_dev *pdev) - edac_mc_free(mci); - } - --static const struct pci_device_id amd76x_pci_tbl[] __devinitdata = { -+static const struct pci_device_id amd76x_pci_tbl[] __devinitconst = { - { - PCI_VEND_DEV(AMD, FE_GATE_700C), PCI_ANY_ID, PCI_ANY_ID, 0, 0, - AMD762}, -diff --git a/drivers/edac/e752x_edac.c b/drivers/edac/e752x_edac.c -index 1af531a..3a8ff27 100644 ---- a/drivers/edac/e752x_edac.c -+++ b/drivers/edac/e752x_edac.c -@@ -1380,7 +1380,7 @@ static void __devexit e752x_remove_one(struct pci_dev *pdev) - edac_mc_free(mci); - } - --static const struct pci_device_id e752x_pci_tbl[] __devinitdata = { -+static const struct pci_device_id e752x_pci_tbl[] __devinitconst = { - { - PCI_VEND_DEV(INTEL, 7520_0), PCI_ANY_ID, PCI_ANY_ID, 0, 0, - E7520}, -diff --git a/drivers/edac/e7xxx_edac.c b/drivers/edac/e7xxx_edac.c -index 6ffb6d2..383d8d7 100644 ---- a/drivers/edac/e7xxx_edac.c -+++ b/drivers/edac/e7xxx_edac.c -@@ -525,7 +525,7 @@ static void __devexit e7xxx_remove_one(struct pci_dev *pdev) - edac_mc_free(mci); - } - --static const struct pci_device_id e7xxx_pci_tbl[] __devinitdata = { -+static const struct pci_device_id e7xxx_pci_tbl[] __devinitconst = { - { - PCI_VEND_DEV(INTEL, 7205_0), PCI_ANY_ID, PCI_ANY_ID, 0, 0, - E7205}, diff --git a/drivers/edac/edac_pci_sysfs.c b/drivers/edac/edac_pci_sysfs.c index 97f5064..202b6e6 100644 --- a/drivers/edac/edac_pci_sysfs.c @@ -30309,206 +29863,24 @@ index 97f5064..202b6e6 100644 panic("EDAC: PCI Parity Error"); } } -diff --git a/drivers/edac/i3000_edac.c b/drivers/edac/i3000_edac.c -index c0510b3..6e2a954 100644 ---- a/drivers/edac/i3000_edac.c -+++ b/drivers/edac/i3000_edac.c -@@ -470,7 +470,7 @@ static void __devexit i3000_remove_one(struct pci_dev *pdev) - edac_mc_free(mci); - } - --static const struct pci_device_id i3000_pci_tbl[] __devinitdata = { -+static const struct pci_device_id i3000_pci_tbl[] __devinitconst = { - { - PCI_VEND_DEV(INTEL, 3000_HB), PCI_ANY_ID, PCI_ANY_ID, 0, 0, - I3000}, -diff --git a/drivers/edac/i3200_edac.c b/drivers/edac/i3200_edac.c -index 73f55e200..5faaf59 100644 ---- a/drivers/edac/i3200_edac.c -+++ b/drivers/edac/i3200_edac.c -@@ -445,7 +445,7 @@ static void __devexit i3200_remove_one(struct pci_dev *pdev) - edac_mc_free(mci); - } - --static const struct pci_device_id i3200_pci_tbl[] __devinitdata = { -+static const struct pci_device_id i3200_pci_tbl[] __devinitconst = { - { - PCI_VEND_DEV(INTEL, 3200_HB), PCI_ANY_ID, PCI_ANY_ID, 0, 0, - I3200}, -diff --git a/drivers/edac/i5000_edac.c b/drivers/edac/i5000_edac.c -index 4dc3ac2..67d05a6 100644 ---- a/drivers/edac/i5000_edac.c -+++ b/drivers/edac/i5000_edac.c -@@ -1516,7 +1516,7 @@ static void __devexit i5000_remove_one(struct pci_dev *pdev) - * - * The "E500P" device is the first device supported. - */ --static const struct pci_device_id i5000_pci_tbl[] __devinitdata = { -+static const struct pci_device_id i5000_pci_tbl[] __devinitconst = { - {PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_I5000_DEV16), - .driver_data = I5000P}, - -diff --git a/drivers/edac/i5100_edac.c b/drivers/edac/i5100_edac.c -index bcbdeec..9886d16 100644 ---- a/drivers/edac/i5100_edac.c -+++ b/drivers/edac/i5100_edac.c -@@ -1051,7 +1051,7 @@ static void __devexit i5100_remove_one(struct pci_dev *pdev) - edac_mc_free(mci); - } - --static const struct pci_device_id i5100_pci_tbl[] __devinitdata = { -+static const struct pci_device_id i5100_pci_tbl[] __devinitconst = { - /* Device 16, Function 0, Channel 0 Memory Map, Error Flag/Mask, ... */ - { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_5100_16) }, - { 0, } -diff --git a/drivers/edac/i5400_edac.c b/drivers/edac/i5400_edac.c -index 74d6ec34..baff517 100644 ---- a/drivers/edac/i5400_edac.c -+++ b/drivers/edac/i5400_edac.c -@@ -1383,7 +1383,7 @@ static void __devexit i5400_remove_one(struct pci_dev *pdev) - * - * The "E500P" device is the first device supported. - */ --static const struct pci_device_id i5400_pci_tbl[] __devinitdata = { -+static const struct pci_device_id i5400_pci_tbl[] __devinitconst = { - {PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_5400_ERR)}, - {0,} /* 0 terminated list. */ - }; -diff --git a/drivers/edac/i7300_edac.c b/drivers/edac/i7300_edac.c -index 6104dba..e7ea8e1 100644 ---- a/drivers/edac/i7300_edac.c -+++ b/drivers/edac/i7300_edac.c -@@ -1192,7 +1192,7 @@ static void __devexit i7300_remove_one(struct pci_dev *pdev) - * - * Has only 8086:360c PCI ID - */ --static const struct pci_device_id i7300_pci_tbl[] __devinitdata = { -+static const struct pci_device_id i7300_pci_tbl[] __devinitconst = { - {PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_I7300_MCH_ERR)}, - {0,} /* 0 terminated list. */ - }; -diff --git a/drivers/edac/i7core_edac.c b/drivers/edac/i7core_edac.c -index 8568d9b..42b2fa8 100644 ---- a/drivers/edac/i7core_edac.c -+++ b/drivers/edac/i7core_edac.c -@@ -391,7 +391,7 @@ static const struct pci_id_table pci_dev_table[] = { - /* - * pci_device_id table for which devices we are looking for - */ --static const struct pci_device_id i7core_pci_tbl[] __devinitdata = { -+static const struct pci_device_id i7core_pci_tbl[] __devinitconst = { - {PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_X58_HUB_MGMT)}, - {PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_LYNNFIELD_QPI_LINK0)}, - {0,} /* 0 terminated list. */ -diff --git a/drivers/edac/i82443bxgx_edac.c b/drivers/edac/i82443bxgx_edac.c -index 4329d39..f3022ef 100644 ---- a/drivers/edac/i82443bxgx_edac.c -+++ b/drivers/edac/i82443bxgx_edac.c -@@ -380,7 +380,7 @@ static void __devexit i82443bxgx_edacmc_remove_one(struct pci_dev *pdev) - - EXPORT_SYMBOL_GPL(i82443bxgx_edacmc_remove_one); - --static const struct pci_device_id i82443bxgx_pci_tbl[] __devinitdata = { -+static const struct pci_device_id i82443bxgx_pci_tbl[] __devinitconst = { - {PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82443BX_0)}, - {PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82443BX_2)}, - {PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82443GX_0)}, -diff --git a/drivers/edac/i82860_edac.c b/drivers/edac/i82860_edac.c -index 931a057..fd28340 100644 ---- a/drivers/edac/i82860_edac.c -+++ b/drivers/edac/i82860_edac.c -@@ -270,7 +270,7 @@ static void __devexit i82860_remove_one(struct pci_dev *pdev) - edac_mc_free(mci); - } - --static const struct pci_device_id i82860_pci_tbl[] __devinitdata = { -+static const struct pci_device_id i82860_pci_tbl[] __devinitconst = { - { - PCI_VEND_DEV(INTEL, 82860_0), PCI_ANY_ID, PCI_ANY_ID, 0, 0, - I82860}, -diff --git a/drivers/edac/i82875p_edac.c b/drivers/edac/i82875p_edac.c -index 33864c6..01edc61 100644 ---- a/drivers/edac/i82875p_edac.c -+++ b/drivers/edac/i82875p_edac.c -@@ -511,7 +511,7 @@ static void __devexit i82875p_remove_one(struct pci_dev *pdev) - edac_mc_free(mci); - } - --static const struct pci_device_id i82875p_pci_tbl[] __devinitdata = { -+static const struct pci_device_id i82875p_pci_tbl[] __devinitconst = { - { - PCI_VEND_DEV(INTEL, 82875_0), PCI_ANY_ID, PCI_ANY_ID, 0, 0, - I82875P}, -diff --git a/drivers/edac/i82975x_edac.c b/drivers/edac/i82975x_edac.c -index 4184e01..dcb2cd3 100644 ---- a/drivers/edac/i82975x_edac.c -+++ b/drivers/edac/i82975x_edac.c -@@ -612,7 +612,7 @@ static void __devexit i82975x_remove_one(struct pci_dev *pdev) - edac_mc_free(mci); - } - --static const struct pci_device_id i82975x_pci_tbl[] __devinitdata = { -+static const struct pci_device_id i82975x_pci_tbl[] __devinitconst = { - { - PCI_VEND_DEV(INTEL, 82975_0), PCI_ANY_ID, PCI_ANY_ID, 0, 0, - I82975X diff --git a/drivers/edac/mce_amd.h b/drivers/edac/mce_amd.h -index 0106747..0b40417 100644 +index c6074c5..88a9e2e 100644 --- a/drivers/edac/mce_amd.h +++ b/drivers/edac/mce_amd.h -@@ -83,7 +83,7 @@ struct amd_decoder_ops { +@@ -82,7 +82,7 @@ extern const char * const ii_msgs[]; + struct amd_decoder_ops { bool (*dc_mce)(u16, u8); bool (*ic_mce)(u16, u8); - bool (*nb_mce)(u16, u8); -}; +} __no_const; void amd_report_gart_errors(bool); void amd_register_ecc_decoder(void (*f)(int, struct mce *)); -diff --git a/drivers/edac/r82600_edac.c b/drivers/edac/r82600_edac.c -index e294e1b..a41b05b 100644 ---- a/drivers/edac/r82600_edac.c -+++ b/drivers/edac/r82600_edac.c -@@ -373,7 +373,7 @@ static void __devexit r82600_remove_one(struct pci_dev *pdev) - edac_mc_free(mci); - } - --static const struct pci_device_id r82600_pci_tbl[] __devinitdata = { -+static const struct pci_device_id r82600_pci_tbl[] __devinitconst = { - { - PCI_DEVICE(PCI_VENDOR_ID_RADISYS, R82600_BRIDGE_ID) - }, -diff --git a/drivers/edac/sb_edac.c b/drivers/edac/sb_edac.c -index 1dc118d..8c68af9 100644 ---- a/drivers/edac/sb_edac.c -+++ b/drivers/edac/sb_edac.c -@@ -367,7 +367,7 @@ static const struct pci_id_table pci_dev_descr_sbridge_table[] = { - /* - * pci_device_id table for which devices we are looking for - */ --static const struct pci_device_id sbridge_pci_tbl[] __devinitdata = { -+static const struct pci_device_id sbridge_pci_tbl[] __devinitconst = { - {PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_SBRIDGE_IMC_TA)}, - {0,} /* 0 terminated list. */ - }; -diff --git a/drivers/edac/x38_edac.c b/drivers/edac/x38_edac.c -index b6f47de..c5acf3a 100644 ---- a/drivers/edac/x38_edac.c -+++ b/drivers/edac/x38_edac.c -@@ -440,7 +440,7 @@ static void __devexit x38_remove_one(struct pci_dev *pdev) - edac_mc_free(mci); - } - --static const struct pci_device_id x38_pci_tbl[] __devinitdata = { -+static const struct pci_device_id x38_pci_tbl[] __devinitconst = { - { - PCI_VEND_DEV(INTEL, X38_HB), PCI_ANY_ID, PCI_ANY_ID, 0, 0, - X38}, diff --git a/drivers/firewire/core-card.c b/drivers/firewire/core-card.c -index 85661b0..c784559a 100644 +index cc595eb..4ec702a 100644 --- a/drivers/firewire/core-card.c +++ b/drivers/firewire/core-card.c -@@ -657,7 +657,7 @@ void fw_card_release(struct kref *kref) +@@ -679,7 +679,7 @@ void fw_card_release(struct kref *kref) void fw_core_remove_card(struct fw_card *card) { @@ -30518,10 +29890,10 @@ index 85661b0..c784559a 100644 card->driver->update_phy_reg(card, 4, PHY_LINK_ACTIVE | PHY_CONTENDER, 0); diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c -index 4799393..37bd3ab 100644 +index 2e6b245..c3857d9 100644 --- a/drivers/firewire/core-cdev.c +++ b/drivers/firewire/core-cdev.c -@@ -1331,8 +1331,7 @@ static int init_iso_resource(struct client *client, +@@ -1341,8 +1341,7 @@ static int init_iso_resource(struct client *client, int ret; if ((request->channels == 0 && request->bandwidth == 0) || @@ -30532,7 +29904,7 @@ index 4799393..37bd3ab 100644 r = kmalloc(sizeof(*r), GFP_KERNEL); diff --git a/drivers/firewire/core-transaction.c b/drivers/firewire/core-transaction.c -index 855ab3f..11f4bbd 100644 +index dea2dcc..a4fb978 100644 --- a/drivers/firewire/core-transaction.c +++ b/drivers/firewire/core-transaction.c @@ -37,6 +37,7 @@ @@ -30544,10 +29916,10 @@ index 855ab3f..11f4bbd 100644 #include diff --git a/drivers/firewire/core.h b/drivers/firewire/core.h -index b45be57..5fad18b 100644 +index 9047f55..e47c7ff 100644 --- a/drivers/firewire/core.h +++ b/drivers/firewire/core.h -@@ -101,6 +101,7 @@ struct fw_card_driver { +@@ -110,6 +110,7 @@ struct fw_card_driver { int (*stop_iso)(struct fw_iso_context *ctx); }; @@ -30594,10 +29966,10 @@ index 82d5c20..44a7177 100644 return -EINVAL; } diff --git a/drivers/gpu/drm/drm_crtc_helper.c b/drivers/gpu/drm/drm_crtc_helper.c -index 84a4a80..ce0306e 100644 +index 8111889..367b253 100644 --- a/drivers/gpu/drm/drm_crtc_helper.c +++ b/drivers/gpu/drm/drm_crtc_helper.c -@@ -280,7 +280,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder, +@@ -286,7 +286,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder, struct drm_crtc *tmp; int crtc_mask = 1; @@ -30607,10 +29979,10 @@ index 84a4a80..ce0306e 100644 dev = crtc->dev; diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c -index ebf7d3f..d64c436 100644 +index 6116e3b..c29dd16 100644 --- a/drivers/gpu/drm/drm_drv.c +++ b/drivers/gpu/drm/drm_drv.c -@@ -312,7 +312,7 @@ module_exit(drm_core_exit); +@@ -316,7 +316,7 @@ module_exit(drm_core_exit); /** * Copy and IOCTL return string to user space */ @@ -30619,9 +29991,9 @@ index ebf7d3f..d64c436 100644 { int len; -@@ -391,7 +391,7 @@ long drm_ioctl(struct file *filp, +@@ -399,7 +399,7 @@ long drm_ioctl(struct file *filp, + return -ENODEV; - dev = file_priv->minor->dev; atomic_inc(&dev->ioctl_count); - atomic_inc(&dev->counts[_DRM_STAT_IOCTLS]); + atomic_inc_unchecked(&dev->counts[_DRM_STAT_IOCTLS]); @@ -30629,7 +30001,7 @@ index ebf7d3f..d64c436 100644 DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n", diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c -index 6263b01..7987f55 100644 +index 123de28..43a0897 100644 --- a/drivers/gpu/drm/drm_fops.c +++ b/drivers/gpu/drm/drm_fops.c @@ -71,7 +71,7 @@ static int drm_setup(struct drm_device * dev) @@ -30641,7 +30013,7 @@ index 6263b01..7987f55 100644 dev->sigdata.lock = NULL; -@@ -135,8 +135,8 @@ int drm_open(struct inode *inode, struct file *filp) +@@ -138,8 +138,8 @@ int drm_open(struct inode *inode, struct file *filp) retcode = drm_open_helper(inode, filp, dev); if (!retcode) { @@ -30652,7 +30024,7 @@ index 6263b01..7987f55 100644 retcode = drm_setup(dev); } if (!retcode) { -@@ -473,7 +473,7 @@ int drm_release(struct inode *inode, struct file *filp) +@@ -482,7 +482,7 @@ int drm_release(struct inode *inode, struct file *filp) mutex_lock(&drm_global_mutex); @@ -30661,7 +30033,7 @@ index 6263b01..7987f55 100644 if (dev->driver->preclose) dev->driver->preclose(dev, file_priv); -@@ -482,10 +482,10 @@ int drm_release(struct inode *inode, struct file *filp) +@@ -491,10 +491,10 @@ int drm_release(struct inode *inode, struct file *filp) * Begin inline drm_release */ @@ -30674,7 +30046,7 @@ index 6263b01..7987f55 100644 /* Release any auth tokens that might point to this file_priv, (do that under the drm_global_mutex) */ -@@ -571,8 +571,8 @@ int drm_release(struct inode *inode, struct file *filp) +@@ -584,8 +584,8 @@ int drm_release(struct inode *inode, struct file *filp) * End inline drm_release */ @@ -30813,10 +30185,10 @@ index 637fcc3..e890b33 100644 if (__put_user(count, &request->count) || __put_user(list, &request->list)) diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c -index 956fd38..e52167a 100644 +index cf85155..f2665cb 100644 --- a/drivers/gpu/drm/drm_ioctl.c +++ b/drivers/gpu/drm/drm_ioctl.c -@@ -251,7 +251,7 @@ int drm_getstats(struct drm_device *dev, void *data, +@@ -252,7 +252,7 @@ int drm_getstats(struct drm_device *dev, void *data, stats->data[i].value = (file_priv->master->lock.hw_lock ? file_priv->master->lock.hw_lock->lock : 0); else @@ -30847,11 +30219,24 @@ index c79c713..2048588 100644 if (drm_lock_free(&master->lock, lock->context)) { /* FIXME: Should really bail out here. */ +diff --git a/drivers/gpu/drm/drm_stub.c b/drivers/gpu/drm/drm_stub.c +index aa454f8..6d38580 100644 +--- a/drivers/gpu/drm/drm_stub.c ++++ b/drivers/gpu/drm/drm_stub.c +@@ -512,7 +512,7 @@ void drm_unplug_dev(struct drm_device *dev) + + drm_device_set_unplugged(dev); + +- if (dev->open_count == 0) { ++ if (local_read(&dev->open_count) == 0) { + drm_put_dev(dev); + } + mutex_unlock(&drm_global_mutex); diff --git a/drivers/gpu/drm/i810/i810_dma.c b/drivers/gpu/drm/i810/i810_dma.c -index 7f4b4e1..bf4def2 100644 +index f920fb5..001c52d 100644 --- a/drivers/gpu/drm/i810/i810_dma.c +++ b/drivers/gpu/drm/i810/i810_dma.c -@@ -948,8 +948,8 @@ static int i810_dma_vertex(struct drm_device *dev, void *data, +@@ -945,8 +945,8 @@ static int i810_dma_vertex(struct drm_device *dev, void *data, dma->buflist[vertex->idx], vertex->discard, vertex->used); @@ -30862,7 +30247,7 @@ index 7f4b4e1..bf4def2 100644 sarea_priv->last_enqueue = dev_priv->counter - 1; sarea_priv->last_dispatch = (int)hw_status[5]; -@@ -1109,8 +1109,8 @@ static int i810_dma_mc(struct drm_device *dev, void *data, +@@ -1106,8 +1106,8 @@ static int i810_dma_mc(struct drm_device *dev, void *data, i810_dma_dispatch_mc(dev, dma->buflist[mc->idx], mc->used, mc->last_render); @@ -30889,10 +30274,10 @@ index c9339f4..f5e1b9d 100644 int front_offset; } drm_i810_private_t; diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c -index deaa657..e0fd296 100644 +index e6162a1..b2ff486 100644 --- a/drivers/gpu/drm/i915/i915_debugfs.c +++ b/drivers/gpu/drm/i915/i915_debugfs.c -@@ -499,7 +499,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data) +@@ -500,7 +500,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data) I915_READ(GTIMR)); } seq_printf(m, "Interrupts received: %d\n", @@ -30901,7 +30286,7 @@ index deaa657..e0fd296 100644 for (i = 0; i < I915_NUM_RINGS; i++) { if (IS_GEN6(dev) || IS_GEN7(dev)) { seq_printf(m, "Graphics Interrupt mask (%s): %08x\n", -@@ -1321,7 +1321,7 @@ static int i915_opregion(struct seq_file *m, void *unused) +@@ -1313,7 +1313,7 @@ static int i915_opregion(struct seq_file *m, void *unused) return ret; if (opregion->header) @@ -30911,10 +30296,10 @@ index deaa657..e0fd296 100644 mutex_unlock(&dev->struct_mutex); diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c -index ddfe3d9..f6e6b21 100644 +index ba60f3c..e2dff7f 100644 --- a/drivers/gpu/drm/i915/i915_dma.c +++ b/drivers/gpu/drm/i915/i915_dma.c -@@ -1175,7 +1175,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) +@@ -1178,7 +1178,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -30924,10 +30309,10 @@ index ddfe3d9..f6e6b21 100644 return can_switch; } diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h -index 9689ca3..294f9c1 100644 +index 5fabc6c..0b08aa1 100644 --- a/drivers/gpu/drm/i915/i915_drv.h +++ b/drivers/gpu/drm/i915/i915_drv.h -@@ -231,7 +231,7 @@ struct drm_i915_display_funcs { +@@ -240,7 +240,7 @@ struct drm_i915_display_funcs { /* render clock increase/decrease */ /* display clock increase/decrease */ /* pll clock increase/decrease */ @@ -30936,7 +30321,7 @@ index 9689ca3..294f9c1 100644 struct intel_device_info { u8 gen; -@@ -320,7 +320,7 @@ typedef struct drm_i915_private { +@@ -350,7 +350,7 @@ typedef struct drm_i915_private { int current_page; int page_flipping; @@ -30945,7 +30330,7 @@ index 9689ca3..294f9c1 100644 /* protects the irq masks */ spinlock_t irq_lock; -@@ -896,7 +896,7 @@ struct drm_i915_gem_object { +@@ -937,7 +937,7 @@ struct drm_i915_gem_object { * will be page flipped away on the next vblank. When it * reaches 0, dev_priv->pending_flip_queue will be woken up. */ @@ -30954,7 +30339,7 @@ index 9689ca3..294f9c1 100644 }; #define to_intel_bo(x) container_of(x, struct drm_i915_gem_object, base) -@@ -1276,7 +1276,7 @@ extern int intel_setup_gmbus(struct drm_device *dev); +@@ -1359,7 +1359,7 @@ extern int intel_setup_gmbus(struct drm_device *dev); extern void intel_teardown_gmbus(struct drm_device *dev); extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed); extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit); @@ -30964,7 +30349,7 @@ index 9689ca3..294f9c1 100644 return container_of(adapter, struct intel_gmbus, adapter)->force_bit; } diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -index e159e33..cdcc663 100644 +index de43194..a14c4cc 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c @@ -189,7 +189,7 @@ i915_gem_object_set_to_gpu_domain(struct drm_i915_gem_object *obj, @@ -30976,7 +30361,7 @@ index e159e33..cdcc663 100644 /* The actual obj->write_domain will be updated with * pending_write_domain after we emit the accumulated flush for all -@@ -882,9 +882,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec) +@@ -933,9 +933,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec) static int validate_exec_list(struct drm_i915_gem_exec_object2 *exec, @@ -30989,10 +30374,10 @@ index e159e33..cdcc663 100644 for (i = 0; i < count; i++) { char __user *ptr = (char __user *)(uintptr_t)exec[i].relocs_ptr; diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c -index 5bd4361..0241a42 100644 +index f57e5cf..c82f79d 100644 --- a/drivers/gpu/drm/i915/i915_irq.c +++ b/drivers/gpu/drm/i915/i915_irq.c -@@ -475,7 +475,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS) +@@ -472,7 +472,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS) u32 de_iir, gt_iir, de_ier, pch_iir, pm_iir; struct drm_i915_master_private *master_priv; @@ -31001,7 +30386,7 @@ index 5bd4361..0241a42 100644 /* disable master interrupt before clearing iir */ de_ier = I915_READ(DEIER); -@@ -566,7 +566,7 @@ static irqreturn_t ironlake_irq_handler(DRM_IRQ_ARGS) +@@ -563,7 +563,7 @@ static irqreturn_t ironlake_irq_handler(DRM_IRQ_ARGS) struct drm_i915_master_private *master_priv; u32 bsd_usr_interrupt = GT_BSD_USER_INTERRUPT; @@ -31010,7 +30395,7 @@ index 5bd4361..0241a42 100644 if (IS_GEN6(dev)) bsd_usr_interrupt = GT_GEN6_BSD_USER_INTERRUPT; -@@ -1231,7 +1231,7 @@ static irqreturn_t i915_driver_irq_handler(DRM_IRQ_ARGS) +@@ -1292,7 +1292,7 @@ static irqreturn_t i915_driver_irq_handler(DRM_IRQ_ARGS) int ret = IRQ_NONE, pipe; bool blc_event = false; @@ -31019,7 +30404,7 @@ index 5bd4361..0241a42 100644 iir = I915_READ(IIR); -@@ -1743,7 +1743,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) +@@ -1803,7 +1803,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) { drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; @@ -31028,7 +30413,7 @@ index 5bd4361..0241a42 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); -@@ -1932,7 +1932,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev) +@@ -1980,7 +1980,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -31038,19 +30423,19 @@ index 5bd4361..0241a42 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 2163818..cede019 100644 +index d4d162f..e80037c 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -2238,7 +2238,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, int y, +@@ -2254,7 +2254,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) - wait_event(dev_priv->pending_flip_queue, - atomic_read(&dev_priv->mm.wedged) || -- atomic_read(&obj->pending_flip) == 0); -+ atomic_read_unchecked(&obj->pending_flip) == 0); + wait_event(dev_priv->pending_flip_queue, + atomic_read(&dev_priv->mm.wedged) || +- atomic_read(&obj->pending_flip) == 0); ++ atomic_read_unchecked(&obj->pending_flip) == 0); - /* Big Hammer, we also need to ensure that any pending - * MI_WAIT_FOR_EVENT inside a user batch buffer on the -@@ -2859,7 +2859,7 @@ static void intel_crtc_wait_for_pending_flips(struct drm_crtc *crtc) + /* Big Hammer, we also need to ensure that any pending + * MI_WAIT_FOR_EVENT inside a user batch buffer on the +@@ -2919,7 +2919,7 @@ static void intel_crtc_wait_for_pending_flips(struct drm_crtc *crtc) obj = to_intel_framebuffer(crtc->fb)->obj; dev_priv = crtc->dev->dev_private; wait_event(dev_priv->pending_flip_queue, @@ -31059,7 +30444,7 @@ index 2163818..cede019 100644 } static bool intel_crtc_driving_pch(struct drm_crtc *crtc) -@@ -7171,7 +7171,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, +@@ -7286,7 +7286,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, atomic_clear_mask(1 << intel_crtc->plane, &obj->pending_flip.counter); @@ -31068,22 +30453,7 @@ index 2163818..cede019 100644 wake_up(&dev_priv->pending_flip_queue); schedule_work(&work->work); -@@ -7354,7 +7354,13 @@ static int intel_gen6_queue_flip(struct drm_device *dev, - OUT_RING(fb->pitches[0] | obj->tiling_mode); - OUT_RING(obj->gtt_offset); - -- pf = I915_READ(PF_CTL(intel_crtc->pipe)) & PF_ENABLE; -+ /* Contrary to the suggestions in the documentation, -+ * "Enable Panel Fitter" does not seem to be required when page -+ * flipping with a non-native mode, and worse causes a normal -+ * modeset to fail. -+ * pf = I915_READ(PF_CTL(intel_crtc->pipe)) & PF_ENABLE; -+ */ -+ pf = 0; - pipesrc = I915_READ(PIPESRC(intel_crtc->pipe)) & 0x0fff0fff; - OUT_RING(pf | pipesrc); - ADVANCE_LP_RING(); -@@ -7461,7 +7467,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7582,7 +7582,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, /* Block clients from rendering to the new back buffer until * the flip occurs and the object is no longer visible. */ @@ -31092,7 +30462,7 @@ index 2163818..cede019 100644 ret = dev_priv->display.queue_flip(dev, crtc, fb, obj); if (ret) -@@ -7475,7 +7481,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7596,7 +7596,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, return 0; cleanup_pending: @@ -31158,19 +30528,10 @@ index 2581202..f230a8d9 100644 *sequence = cur_fence; diff --git a/drivers/gpu/drm/nouveau/nouveau_bios.c b/drivers/gpu/drm/nouveau/nouveau_bios.c -index e5cbead..6c354a3 100644 +index 0be4a81..7464804 100644 --- a/drivers/gpu/drm/nouveau/nouveau_bios.c +++ b/drivers/gpu/drm/nouveau/nouveau_bios.c -@@ -199,7 +199,7 @@ struct methods { - const char desc[8]; - void (*loadbios)(struct drm_device *, uint8_t *); - const bool rw; --}; -+} __do_const; - - static struct methods shadow_methods[] = { - { "PRAMIN", load_vbios_pramin, true }, -@@ -5290,7 +5290,7 @@ parse_bit_U_tbl_entry(struct drm_device *dev, struct nvbios *bios, +@@ -5329,7 +5329,7 @@ parse_bit_U_tbl_entry(struct drm_device *dev, struct nvbios *bios, struct bit_table { const char id; int (* const parse_fn)(struct drm_device *, struct nvbios *, struct bit_entry *); @@ -31180,10 +30541,10 @@ index e5cbead..6c354a3 100644 #define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry }) diff --git a/drivers/gpu/drm/nouveau/nouveau_drv.h b/drivers/gpu/drm/nouveau/nouveau_drv.h -index b827098..c31a797 100644 +index 3aef353..0ad1322 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drv.h +++ b/drivers/gpu/drm/nouveau/nouveau_drv.h -@@ -242,7 +242,7 @@ struct nouveau_channel { +@@ -240,7 +240,7 @@ struct nouveau_channel { struct list_head pending; uint32_t sequence; uint32_t sequence_ack; @@ -31192,7 +30553,7 @@ index b827098..c31a797 100644 struct nouveau_vma vma; } fence; -@@ -323,7 +323,7 @@ struct nouveau_exec_engine { +@@ -321,7 +321,7 @@ struct nouveau_exec_engine { u32 handle, u16 class); void (*set_tile_region)(struct drm_device *dev, int i); void (*tlb_flush)(struct drm_device *, int engine); @@ -31201,7 +30562,7 @@ index b827098..c31a797 100644 struct nouveau_instmem_engine { void *priv; -@@ -345,13 +345,13 @@ struct nouveau_instmem_engine { +@@ -343,13 +343,13 @@ struct nouveau_instmem_engine { struct nouveau_mc_engine { int (*init)(struct drm_device *dev); void (*takedown)(struct drm_device *dev); @@ -31217,7 +30578,7 @@ index b827098..c31a797 100644 struct nouveau_fb_engine { int num_tiles; -@@ -566,7 +566,7 @@ struct nouveau_vram_engine { +@@ -590,7 +590,7 @@ struct nouveau_vram_engine { void (*put)(struct drm_device *, struct nouveau_mem **); bool (*flags_valid)(struct drm_device *, u32 tile_flags); @@ -31226,7 +30587,7 @@ index b827098..c31a797 100644 struct nouveau_engine { struct nouveau_instmem_engine instmem; -@@ -714,7 +714,7 @@ struct drm_nouveau_private { +@@ -739,7 +739,7 @@ struct drm_nouveau_private { struct drm_global_reference mem_global_ref; struct ttm_bo_global_ref bo_global_ref; struct ttm_bo_device bdev; @@ -31236,7 +30597,7 @@ index b827098..c31a797 100644 struct { diff --git a/drivers/gpu/drm/nouveau/nouveau_fence.c b/drivers/gpu/drm/nouveau/nouveau_fence.c -index 2f6daae..c9d7b9e 100644 +index c1dc20f..4df673c 100644 --- a/drivers/gpu/drm/nouveau/nouveau_fence.c +++ b/drivers/gpu/drm/nouveau/nouveau_fence.c @@ -85,7 +85,7 @@ nouveau_fence_update(struct nouveau_channel *chan) @@ -31248,7 +30609,7 @@ index 2f6daae..c9d7b9e 100644 if (chan->fence.sequence_ack == sequence) goto out; -@@ -539,7 +539,7 @@ nouveau_fence_channel_init(struct nouveau_channel *chan) +@@ -538,7 +538,7 @@ nouveau_fence_channel_init(struct nouveau_channel *chan) return ret; } @@ -31258,7 +30619,7 @@ index 2f6daae..c9d7b9e 100644 } diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c -index 7ce3fde..cb3ea04 100644 +index ed52a6f..484acdc 100644 --- a/drivers/gpu/drm/nouveau/nouveau_gem.c +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c @@ -314,7 +314,7 @@ validate_init(struct nouveau_channel *chan, struct drm_file *file_priv, @@ -31271,10 +30632,10 @@ index 7ce3fde..cb3ea04 100644 if (++trycnt > 100000) { NV_ERROR(dev, "%s failed and gave up.\n", __func__); diff --git a/drivers/gpu/drm/nouveau/nouveau_state.c b/drivers/gpu/drm/nouveau/nouveau_state.c -index f80c5e0..936baa7 100644 +index c2a8511..4b996f9 100644 --- a/drivers/gpu/drm/nouveau/nouveau_state.c +++ b/drivers/gpu/drm/nouveau/nouveau_state.c -@@ -543,7 +543,7 @@ static bool nouveau_switcheroo_can_switch(struct pci_dev *pdev) +@@ -588,7 +588,7 @@ static bool nouveau_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -31296,6 +30657,32 @@ index dbdea8e..cd6eeeb 100644 return 0; } +diff --git a/drivers/gpu/drm/nouveau/nv50_sor.c b/drivers/gpu/drm/nouveau/nv50_sor.c +index 2746402..c8dc4a4 100644 +--- a/drivers/gpu/drm/nouveau/nv50_sor.c ++++ b/drivers/gpu/drm/nouveau/nv50_sor.c +@@ -304,7 +304,7 @@ nv50_sor_dpms(struct drm_encoder *encoder, int mode) + } + + if (nv_encoder->dcb->type == OUTPUT_DP) { +- struct dp_train_func func = { ++ static struct dp_train_func func = { + .link_set = nv50_sor_dp_link_set, + .train_set = nv50_sor_dp_train_set, + .train_adj = nv50_sor_dp_train_adj +diff --git a/drivers/gpu/drm/nouveau/nvd0_display.c b/drivers/gpu/drm/nouveau/nvd0_display.c +index 0247250..d2f6aaf 100644 +--- a/drivers/gpu/drm/nouveau/nvd0_display.c ++++ b/drivers/gpu/drm/nouveau/nvd0_display.c +@@ -1366,7 +1366,7 @@ nvd0_sor_dpms(struct drm_encoder *encoder, int mode) + nv_wait(dev, 0x61c030 + (or * 0x0800), 0x10000000, 0x00000000); + + if (nv_encoder->dcb->type == OUTPUT_DP) { +- struct dp_train_func func = { ++ static struct dp_train_func func = { + .link_set = nvd0_sor_dp_link_set, + .train_set = nvd0_sor_dp_train_set, + .train_adj = nvd0_sor_dp_train_adj diff --git a/drivers/gpu/drm/r128/r128_cce.c b/drivers/gpu/drm/r128/r128_cce.c index bcac90b..53bfc76 100644 --- a/drivers/gpu/drm/r128/r128_cce.c @@ -31391,10 +30778,10 @@ index 5a82b6b..9e69c73 100644 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { diff --git a/drivers/gpu/drm/radeon/radeon.h b/drivers/gpu/drm/radeon/radeon.h -index 1668ec1..30ebdab 100644 +index 138b952..d74f9cb 100644 --- a/drivers/gpu/drm/radeon/radeon.h +++ b/drivers/gpu/drm/radeon/radeon.h -@@ -250,7 +250,7 @@ struct radeon_fence_driver { +@@ -253,7 +253,7 @@ struct radeon_fence_driver { uint32_t scratch_reg; uint64_t gpu_addr; volatile uint32_t *cpu_addr; @@ -31403,7 +30790,7 @@ index 1668ec1..30ebdab 100644 uint32_t last_seq; unsigned long last_jiffies; unsigned long last_timeout; -@@ -752,7 +752,7 @@ struct r600_blit_cp_primitives { +@@ -753,7 +753,7 @@ struct r600_blit_cp_primitives { int x2, int y2); void (*draw_auto)(struct radeon_device *rdev); void (*set_default_state)(struct radeon_device *rdev); @@ -31412,20 +30799,20 @@ index 1668ec1..30ebdab 100644 struct r600_blit { struct mutex mutex; -@@ -1201,7 +1201,7 @@ struct radeon_asic { - void (*pre_page_flip)(struct radeon_device *rdev, int crtc); - u32 (*page_flip)(struct radeon_device *rdev, int crtc, u64 crtc_base); - void (*post_page_flip)(struct radeon_device *rdev, int crtc); +@@ -1246,7 +1246,7 @@ struct radeon_asic { + u32 (*page_flip)(struct radeon_device *rdev, int crtc, u64 crtc_base); + void (*post_page_flip)(struct radeon_device *rdev, int crtc); + } pflip; -}; +} __no_const; /* * Asic structures diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index 49f7cb7..2fcb48f 100644 +index 5992502..c19c633 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c -@@ -687,7 +687,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) +@@ -691,7 +691,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -31538,10 +30925,10 @@ index e8422ae..d22d4a8 100644 DRM_DEBUG("pid=%d\n", DRM_CURRENTPID); diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c -index c421e77..e6bf2e8 100644 +index f493c64..524ab6b 100644 --- a/drivers/gpu/drm/radeon/radeon_ttm.c +++ b/drivers/gpu/drm/radeon/radeon_ttm.c -@@ -842,8 +842,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma) +@@ -843,8 +843,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma) } if (unlikely(ttm_vm_ops == NULL)) { ttm_vm_ops = vma->vm_ops; @@ -31555,7 +30942,7 @@ index c421e77..e6bf2e8 100644 vma->vm_ops = &radeon_ttm_vm_ops; return 0; diff --git a/drivers/gpu/drm/radeon/rs690.c b/drivers/gpu/drm/radeon/rs690.c -index f68dff2..8df955c 100644 +index f2c3b9d..d5a376b 100644 --- a/drivers/gpu/drm/radeon/rs690.c +++ b/drivers/gpu/drm/radeon/rs690.c @@ -304,9 +304,11 @@ void rs690_crtc_bandwidth_compute(struct radeon_device *rdev, @@ -31572,10 +30959,10 @@ index f68dff2..8df955c 100644 if (rdev->pm.max_bandwidth.full > rdev->pm.k8_bandwidth.full && rdev->pm.k8_bandwidth.full) diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c -index 499debd..66fce72 100644 +index ebc6fac..a8313ed 100644 --- a/drivers/gpu/drm/ttm/ttm_page_alloc.c +++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c -@@ -398,9 +398,9 @@ static int ttm_pool_get_num_unused_pages(void) +@@ -394,9 +394,9 @@ static int ttm_pool_get_num_unused_pages(void) static int ttm_pool_mm_shrink(struct shrinker *shrink, struct shrink_control *sc) { @@ -31684,10 +31071,10 @@ index d391f48..10c8ca3 100644 case VIA_IRQ_ABSOLUTE: break; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h -index dc27970..f18b008 100644 +index d0f2c07..9ebd9c3 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h -@@ -260,7 +260,7 @@ struct vmw_private { +@@ -263,7 +263,7 @@ struct vmw_private { * Fencing and IRQs. */ @@ -31772,10 +31159,10 @@ index 8a8725c..afed796 100644 marker = list_first_entry(&queue->head, struct vmw_marker, head); diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index 75dbe34..f9204a8 100644 +index 4da66b4..e948655 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c -@@ -2021,7 +2021,7 @@ static bool hid_ignore(struct hid_device *hdev) +@@ -2063,7 +2063,7 @@ static bool hid_ignore(struct hid_device *hdev) int hid_add_device(struct hid_device *hdev) { @@ -31784,7 +31171,7 @@ index 75dbe34..f9204a8 100644 int ret; if (WARN_ON(hdev->status & HID_STAT_ADDED)) -@@ -2036,7 +2036,7 @@ int hid_add_device(struct hid_device *hdev) +@@ -2078,7 +2078,7 @@ int hid_add_device(struct hid_device *hdev) /* XXX hack, any other cleaner solution after the driver core * is converted to allow more than 20 bytes as the device name? */ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, @@ -31793,6 +31180,19 @@ index 75dbe34..f9204a8 100644 hid_debug_register(hdev, dev_name(&hdev->dev)); ret = device_add(&hdev->dev); +diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c +index eec3291..8ed706b 100644 +--- a/drivers/hid/hid-wiimote-debug.c ++++ b/drivers/hid/hid-wiimote-debug.c +@@ -66,7 +66,7 @@ static ssize_t wiidebug_eeprom_read(struct file *f, char __user *u, size_t s, + else if (size == 0) + return -EIO; + +- if (copy_to_user(u, buf, size)) ++ if (size > sizeof(buf) || copy_to_user(u, buf, size)) + return -EFAULT; + + *off += size; diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c index b1ec0e2..c295a61 100644 --- a/drivers/hid/usbhid/hiddev.c @@ -31822,7 +31222,7 @@ index 4065374..10ed7dc 100644 ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount); if (ret) diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c -index 12aa97f..c0679f7 100644 +index 15956bd..ea34398 100644 --- a/drivers/hv/hv.c +++ b/drivers/hv/hv.c @@ -132,7 +132,7 @@ static u64 do_hypercall(u64 control, void *input, void *output) @@ -31835,10 +31235,10 @@ index 12aa97f..c0679f7 100644 __asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi), "=a"(hv_status_lo) : "d" (control_hi), diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h -index 6d7d286..92b0873 100644 +index 699f0d8..f4f19250 100644 --- a/drivers/hv/hyperv_vmbus.h +++ b/drivers/hv/hyperv_vmbus.h -@@ -556,7 +556,7 @@ enum vmbus_connect_state { +@@ -555,7 +555,7 @@ enum vmbus_connect_state { struct vmbus_connection { enum vmbus_connect_state conn_state; @@ -31865,7 +31265,7 @@ index a220e57..428f54d 100644 child_device_obj->device.bus = &hv_bus; child_device_obj->device.parent = &hv_acpi_dev->dev; diff --git a/drivers/hwmon/acpi_power_meter.c b/drivers/hwmon/acpi_power_meter.c -index 554f046..f8b4729 100644 +index 9140236..ceaef4e 100644 --- a/drivers/hwmon/acpi_power_meter.c +++ b/drivers/hwmon/acpi_power_meter.c @@ -316,8 +316,6 @@ static ssize_t set_trip(struct device *dev, struct device_attribute *devattr, @@ -31878,7 +31278,7 @@ index 554f046..f8b4729 100644 mutex_lock(&resource->lock); resource->trip[attr->index - 7] = temp; diff --git a/drivers/hwmon/sht15.c b/drivers/hwmon/sht15.c -index 91fdd1f..b66a686 100644 +index 8b011d0..3de24a1 100644 --- a/drivers/hwmon/sht15.c +++ b/drivers/hwmon/sht15.c @@ -166,7 +166,7 @@ struct sht15_data { @@ -31922,7 +31322,7 @@ index 91fdd1f..b66a686 100644 - atomic_set(&data->interrupt_handled, 0); + atomic_set_unchecked(&data->interrupt_handled, 0); enable_irq(gpio_to_irq(data->pdata->gpio_data)); - /* If still not occurred or another handler has been scheduled */ + /* If still not occurred or another handler was scheduled */ if (gpio_get_value(data->pdata->gpio_data) - || atomic_read(&data->interrupt_handled)) + || atomic_read_unchecked(&data->interrupt_handled)) @@ -32745,28 +32145,6 @@ index 40c8353..946b0e4 100644 } PDBG("%s stag_state 0x%0x type 0x%0x pdid 0x%0x, stag_idx 0x%x\n", __func__, stag_state, type, pdid, stag_idx); -diff --git a/drivers/infiniband/hw/ipath/ipath_fs.c b/drivers/infiniband/hw/ipath/ipath_fs.c -index a4de9d5..5fa20c3 100644 ---- a/drivers/infiniband/hw/ipath/ipath_fs.c -+++ b/drivers/infiniband/hw/ipath/ipath_fs.c -@@ -126,6 +126,8 @@ static const struct file_operations atomic_counters_ops = { - }; - - static ssize_t flash_read(struct file *file, char __user *buf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t flash_read(struct file *file, char __user *buf, - size_t count, loff_t *ppos) - { - struct ipath_devdata *dd; -@@ -177,6 +179,8 @@ bail: - } - - static ssize_t flash_write(struct file *file, const char __user *buf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t flash_write(struct file *file, const char __user *buf, - size_t count, loff_t *ppos) - { - struct ipath_devdata *dd; diff --git a/drivers/infiniband/hw/ipath/ipath_rc.c b/drivers/infiniband/hw/ipath/ipath_rc.c index 79b3dbc..96e5fcc 100644 --- a/drivers/infiniband/hw/ipath/ipath_rc.c @@ -32903,7 +32281,7 @@ index c438e46..ca30356 100644 extern u32 int_mod_timer_init; extern u32 int_mod_cq_depth_256; diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/nes/nes_cm.c -index a4972ab..1bcfc31 100644 +index 71edfbb..15b62ae 100644 --- a/drivers/infiniband/hw/nes/nes_cm.c +++ b/drivers/infiniband/hw/nes/nes_cm.c @@ -68,14 +68,14 @@ u32 cm_packets_dropped; @@ -32949,7 +32327,7 @@ index a4972ab..1bcfc31 100644 int nes_add_ref_cm_node(struct nes_cm_node *cm_node) { -@@ -1274,7 +1274,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core, +@@ -1279,7 +1279,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core, kfree(listener); listener = NULL; ret = 0; @@ -32958,7 +32336,7 @@ index a4972ab..1bcfc31 100644 } else { spin_unlock_irqrestore(&cm_core->listen_list_lock, flags); } -@@ -1473,7 +1473,7 @@ static struct nes_cm_node *make_cm_node(struct nes_cm_core *cm_core, +@@ -1482,7 +1482,7 @@ static struct nes_cm_node *make_cm_node(struct nes_cm_core *cm_core, cm_node->rem_mac); add_hte_node(cm_core, cm_node); @@ -32967,7 +32345,7 @@ index a4972ab..1bcfc31 100644 return cm_node; } -@@ -1531,7 +1531,7 @@ static int rem_ref_cm_node(struct nes_cm_core *cm_core, +@@ -1540,7 +1540,7 @@ static int rem_ref_cm_node(struct nes_cm_core *cm_core, } atomic_dec(&cm_core->node_cnt); @@ -32976,7 +32354,7 @@ index a4972ab..1bcfc31 100644 nesqp = cm_node->nesqp; if (nesqp) { nesqp->cm_node = NULL; -@@ -1595,7 +1595,7 @@ static int process_options(struct nes_cm_node *cm_node, u8 *optionsloc, +@@ -1604,7 +1604,7 @@ static int process_options(struct nes_cm_node *cm_node, u8 *optionsloc, static void drop_packet(struct sk_buff *skb) { @@ -32985,7 +32363,7 @@ index a4972ab..1bcfc31 100644 dev_kfree_skb_any(skb); } -@@ -1658,7 +1658,7 @@ static void handle_rst_pkt(struct nes_cm_node *cm_node, struct sk_buff *skb, +@@ -1667,7 +1667,7 @@ static void handle_rst_pkt(struct nes_cm_node *cm_node, struct sk_buff *skb, { int reset = 0; /* whether to send reset in case of err.. */ @@ -32994,7 +32372,7 @@ index a4972ab..1bcfc31 100644 nes_debug(NES_DBG_CM, "Received Reset, cm_node = %p, state = %u." " refcnt=%d\n", cm_node, cm_node->state, atomic_read(&cm_node->ref_count)); -@@ -2299,7 +2299,7 @@ static struct nes_cm_node *mini_cm_connect(struct nes_cm_core *cm_core, +@@ -2308,7 +2308,7 @@ static struct nes_cm_node *mini_cm_connect(struct nes_cm_core *cm_core, rem_ref_cm_node(cm_node->cm_core, cm_node); return NULL; } @@ -33003,7 +32381,7 @@ index a4972ab..1bcfc31 100644 loopbackremotenode->loopbackpartner = cm_node; loopbackremotenode->tcp_cntxt.rcv_wscale = NES_CM_DEFAULT_RCV_WND_SCALE; -@@ -2574,7 +2574,7 @@ static int mini_cm_recv_pkt(struct nes_cm_core *cm_core, +@@ -2583,7 +2583,7 @@ static int mini_cm_recv_pkt(struct nes_cm_core *cm_core, nes_queue_mgt_skbs(skb, nesvnic, cm_node->nesqp); else { rem_ref_cm_node(cm_core, cm_node); @@ -33012,7 +32390,7 @@ index a4972ab..1bcfc31 100644 dev_kfree_skb_any(skb); } break; -@@ -2881,7 +2881,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) +@@ -2890,7 +2890,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) if ((cm_id) && (cm_id->event_handler)) { if (issue_disconn) { @@ -33021,7 +32399,7 @@ index a4972ab..1bcfc31 100644 cm_event.event = IW_CM_EVENT_DISCONNECT; cm_event.status = disconn_status; cm_event.local_addr = cm_id->local_addr; -@@ -2903,7 +2903,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) +@@ -2912,7 +2912,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) } if (issue_close) { @@ -33030,7 +32408,7 @@ index a4972ab..1bcfc31 100644 nes_disconnect(nesqp, 1); cm_id->provider_data = nesqp; -@@ -3039,7 +3039,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) +@@ -3048,7 +3048,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) nes_debug(NES_DBG_CM, "QP%u, cm_node=%p, jiffies = %lu listener = %p\n", nesqp->hwqp.qp_id, cm_node, jiffies, cm_node->listener); @@ -33039,7 +32417,7 @@ index a4972ab..1bcfc31 100644 nes_debug(NES_DBG_CM, "netdev refcnt = %u.\n", netdev_refcnt_read(nesvnic->netdev)); -@@ -3241,7 +3241,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len) +@@ -3250,7 +3250,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len) struct nes_cm_core *cm_core; u8 *start_buff; @@ -33048,7 +32426,7 @@ index a4972ab..1bcfc31 100644 cm_node = (struct nes_cm_node *)cm_id->provider_data; loopback = cm_node->loopbackpartner; cm_core = cm_node->cm_core; -@@ -3301,7 +3301,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) +@@ -3310,7 +3310,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) ntohl(cm_id->local_addr.sin_addr.s_addr), ntohs(cm_id->local_addr.sin_port)); @@ -33057,7 +32435,7 @@ index a4972ab..1bcfc31 100644 nesqp->active_conn = 1; /* cache the cm_id in the qp */ -@@ -3407,7 +3407,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog) +@@ -3416,7 +3416,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog) g_cm_core->api->stop_listener(g_cm_core, (void *)cm_node); return err; } @@ -33066,7 +32444,7 @@ index a4972ab..1bcfc31 100644 } cm_id->add_ref(cm_id); -@@ -3508,7 +3508,7 @@ static void cm_event_connected(struct nes_cm_event *event) +@@ -3517,7 +3517,7 @@ static void cm_event_connected(struct nes_cm_event *event) if (nesqp->destroyed) return; @@ -33075,7 +32453,7 @@ index a4972ab..1bcfc31 100644 nes_debug(NES_DBG_CM, "QP%u attempting to connect to 0x%08X:0x%04X on" " local port 0x%04X. jiffies = %lu.\n", nesqp->hwqp.qp_id, -@@ -3695,7 +3695,7 @@ static void cm_event_reset(struct nes_cm_event *event) +@@ -3704,7 +3704,7 @@ static void cm_event_reset(struct nes_cm_event *event) cm_id->add_ref(cm_id); ret = cm_id->event_handler(cm_id, &cm_event); @@ -33084,7 +32462,7 @@ index a4972ab..1bcfc31 100644 cm_event.event = IW_CM_EVENT_CLOSE; cm_event.status = 0; cm_event.provider_data = cm_id->provider_data; -@@ -3731,7 +3731,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event) +@@ -3740,7 +3740,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event) return; cm_id = cm_node->cm_id; @@ -33093,7 +32471,7 @@ index a4972ab..1bcfc31 100644 nes_debug(NES_DBG_CM, "cm_node = %p - cm_id = %p, jiffies = %lu\n", cm_node, cm_id, jiffies); -@@ -3771,7 +3771,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event) +@@ -3780,7 +3780,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event) return; cm_id = cm_node->cm_id; @@ -33200,7 +32578,7 @@ index f3a3ecf..57d311d 100644 /** diff --git a/drivers/infiniband/hw/nes/nes_verbs.c b/drivers/infiniband/hw/nes/nes_verbs.c -index 0927b5c..ed67986 100644 +index 8b8812d..a5e1133 100644 --- a/drivers/infiniband/hw/nes/nes_verbs.c +++ b/drivers/infiniband/hw/nes/nes_verbs.c @@ -46,9 +46,9 @@ @@ -33235,7 +32613,7 @@ index 0927b5c..ed67986 100644 /* Blow away the connection if it exists. */ diff --git a/drivers/infiniband/hw/qib/qib.h b/drivers/infiniband/hw/qib/qib.h -index b881bdc..c2e360c 100644 +index 6b811e3..f8acf88 100644 --- a/drivers/infiniband/hw/qib/qib.h +++ b/drivers/infiniband/hw/qib/qib.h @@ -51,6 +51,7 @@ @@ -33246,33 +32624,11 @@ index b881bdc..c2e360c 100644 #include "qib_common.h" #include "qib_verbs.h" -diff --git a/drivers/infiniband/hw/qib/qib_fs.c b/drivers/infiniband/hw/qib/qib_fs.c -index 05e0f17..0275789 100644 ---- a/drivers/infiniband/hw/qib/qib_fs.c -+++ b/drivers/infiniband/hw/qib/qib_fs.c -@@ -267,6 +267,8 @@ static const struct file_operations qsfp_ops[] = { - }; - - static ssize_t flash_read(struct file *file, char __user *buf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t flash_read(struct file *file, char __user *buf, - size_t count, loff_t *ppos) - { - struct qib_devdata *dd; -@@ -318,6 +320,8 @@ bail: - } - - static ssize_t flash_write(struct file *file, const char __user *buf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t flash_write(struct file *file, const char __user *buf, - size_t count, loff_t *ppos) - { - struct qib_devdata *dd; diff --git a/drivers/input/gameport/gameport.c b/drivers/input/gameport/gameport.c -index c351aa4..e6967c2 100644 +index da739d9..da1c7f4 100644 --- a/drivers/input/gameport/gameport.c +++ b/drivers/input/gameport/gameport.c -@@ -488,14 +488,14 @@ EXPORT_SYMBOL(gameport_set_phys); +@@ -487,14 +487,14 @@ EXPORT_SYMBOL(gameport_set_phys); */ static void gameport_init_port(struct gameport *gameport) { @@ -33290,7 +32646,7 @@ index c351aa4..e6967c2 100644 gameport->dev.release = gameport_release_port; if (gameport->parent) diff --git a/drivers/input/input.c b/drivers/input/input.c -index 1f78c95..3cddc6c 100644 +index 8921c61..f5cd63d 100644 --- a/drivers/input/input.c +++ b/drivers/input/input.c @@ -1814,7 +1814,7 @@ static void input_cleanse_bitmasks(struct input_dev *dev) @@ -33359,10 +32715,10 @@ index 0110b5a..d3ad144 100644 return count; diff --git a/drivers/input/serio/serio.c b/drivers/input/serio/serio.c -index ba70058..571d25d 100644 +index d0f7533..fb8215b 100644 --- a/drivers/input/serio/serio.c +++ b/drivers/input/serio/serio.c -@@ -497,7 +497,7 @@ static void serio_release_port(struct device *dev) +@@ -496,7 +496,7 @@ static void serio_release_port(struct device *dev) */ static void serio_init_port(struct serio *serio) { @@ -33371,7 +32727,7 @@ index ba70058..571d25d 100644 __module_get(THIS_MODULE); -@@ -508,7 +508,7 @@ static void serio_init_port(struct serio *serio) +@@ -507,7 +507,7 @@ static void serio_init_port(struct serio *serio) mutex_init(&serio->drv_mutex); device_initialize(&serio->dev); dev_set_name(&serio->dev, "serio%ld", @@ -33381,7 +32737,7 @@ index ba70058..571d25d 100644 serio->dev.release = serio_release_port; serio->dev.groups = serio_device_attr_groups; diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c -index e44933d..9ba484a 100644 +index b902794..fc7b85b 100644 --- a/drivers/isdn/capi/capi.c +++ b/drivers/isdn/capi/capi.c @@ -83,8 +83,8 @@ struct capiminor { @@ -33421,136 +32777,11 @@ index e44933d..9ba484a 100644 capimsg_setu32(skb->data, 8, mp->ncci); /* NCCI */ capimsg_setu32(skb->data, 12, (u32)(long)skb->data);/* Data32 */ capimsg_setu16(skb->data, 16, len); /* Data length */ -diff --git a/drivers/isdn/gigaset/common.c b/drivers/isdn/gigaset/common.c -index db621db..825ea1a 100644 ---- a/drivers/isdn/gigaset/common.c -+++ b/drivers/isdn/gigaset/common.c -@@ -723,7 +723,7 @@ struct cardstate *gigaset_initcs(struct gigaset_driver *drv, int channels, - cs->commands_pending = 0; - cs->cur_at_seq = 0; - cs->gotfwver = -1; -- cs->open_count = 0; -+ local_set(&cs->open_count, 0); - cs->dev = NULL; - cs->tty = NULL; - cs->tty_dev = NULL; -diff --git a/drivers/isdn/gigaset/gigaset.h b/drivers/isdn/gigaset/gigaset.h -index 212efaf..f187c6b 100644 ---- a/drivers/isdn/gigaset/gigaset.h -+++ b/drivers/isdn/gigaset/gigaset.h -@@ -35,6 +35,7 @@ - #include - #include - #include -+#include - - #define GIG_VERSION {0, 5, 0, 0} - #define GIG_COMPAT {0, 4, 0, 0} -@@ -433,7 +434,7 @@ struct cardstate { - spinlock_t cmdlock; - unsigned curlen, cmdbytes; - -- unsigned open_count; -+ local_t open_count; - struct tty_struct *tty; - struct tasklet_struct if_wake_tasklet; - unsigned control_state; -diff --git a/drivers/isdn/gigaset/interface.c b/drivers/isdn/gigaset/interface.c -index ee0a549..a7c9798 100644 ---- a/drivers/isdn/gigaset/interface.c -+++ b/drivers/isdn/gigaset/interface.c -@@ -163,9 +163,7 @@ static int if_open(struct tty_struct *tty, struct file *filp) - } - tty->driver_data = cs; - -- ++cs->open_count; -- -- if (cs->open_count == 1) { -+ if (local_inc_return(&cs->open_count) == 1) { - spin_lock_irqsave(&cs->lock, flags); - cs->tty = tty; - spin_unlock_irqrestore(&cs->lock, flags); -@@ -193,10 +191,10 @@ static void if_close(struct tty_struct *tty, struct file *filp) - - if (!cs->connected) - gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */ -- else if (!cs->open_count) -+ else if (!local_read(&cs->open_count)) - dev_warn(cs->dev, "%s: device not opened\n", __func__); - else { -- if (!--cs->open_count) { -+ if (!local_dec_return(&cs->open_count)) { - spin_lock_irqsave(&cs->lock, flags); - cs->tty = NULL; - spin_unlock_irqrestore(&cs->lock, flags); -@@ -231,7 +229,7 @@ static int if_ioctl(struct tty_struct *tty, - if (!cs->connected) { - gig_dbg(DEBUG_IF, "not connected"); - retval = -ENODEV; -- } else if (!cs->open_count) -+ } else if (!local_read(&cs->open_count)) - dev_warn(cs->dev, "%s: device not opened\n", __func__); - else { - retval = 0; -@@ -361,7 +359,7 @@ static int if_write(struct tty_struct *tty, const unsigned char *buf, int count) - retval = -ENODEV; - goto done; - } -- if (!cs->open_count) { -+ if (!local_read(&cs->open_count)) { - dev_warn(cs->dev, "%s: device not opened\n", __func__); - retval = -ENODEV; - goto done; -@@ -414,7 +412,7 @@ static int if_write_room(struct tty_struct *tty) - if (!cs->connected) { - gig_dbg(DEBUG_IF, "not connected"); - retval = -ENODEV; -- } else if (!cs->open_count) -+ } else if (!local_read(&cs->open_count)) - dev_warn(cs->dev, "%s: device not opened\n", __func__); - else if (cs->mstate != MS_LOCKED) { - dev_warn(cs->dev, "can't write to unlocked device\n"); -@@ -444,7 +442,7 @@ static int if_chars_in_buffer(struct tty_struct *tty) - - if (!cs->connected) - gig_dbg(DEBUG_IF, "not connected"); -- else if (!cs->open_count) -+ else if (!local_read(&cs->open_count)) - dev_warn(cs->dev, "%s: device not opened\n", __func__); - else if (cs->mstate != MS_LOCKED) - dev_warn(cs->dev, "can't write to unlocked device\n"); -@@ -472,7 +470,7 @@ static void if_throttle(struct tty_struct *tty) - - if (!cs->connected) - gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */ -- else if (!cs->open_count) -+ else if (!local_read(&cs->open_count)) - dev_warn(cs->dev, "%s: device not opened\n", __func__); - else - gig_dbg(DEBUG_IF, "%s: not implemented\n", __func__); -@@ -496,7 +494,7 @@ static void if_unthrottle(struct tty_struct *tty) - - if (!cs->connected) - gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */ -- else if (!cs->open_count) -+ else if (!local_read(&cs->open_count)) - dev_warn(cs->dev, "%s: device not opened\n", __func__); - else - gig_dbg(DEBUG_IF, "%s: not implemented\n", __func__); -@@ -527,7 +525,7 @@ static void if_set_termios(struct tty_struct *tty, struct ktermios *old) - goto out; - } - -- if (!cs->open_count) { -+ if (!local_read(&cs->open_count)) { - dev_warn(cs->dev, "%s: device not opened\n", __func__); - goto out; - } diff --git a/drivers/isdn/hardware/avm/b1.c b/drivers/isdn/hardware/avm/b1.c -index 2a57da59..e7a12ed 100644 +index 821f7ac..28d4030 100644 --- a/drivers/isdn/hardware/avm/b1.c +++ b/drivers/isdn/hardware/avm/b1.c -@@ -176,7 +176,7 @@ int b1_load_t4file(avmcard *card, capiloaddatapart * t4file) +@@ -176,7 +176,7 @@ int b1_load_t4file(avmcard *card, capiloaddatapart *t4file) } if (left) { if (t4file->user) { @@ -33559,7 +32790,7 @@ index 2a57da59..e7a12ed 100644 return -EFAULT; } else { memcpy(buf, dp, left); -@@ -224,7 +224,7 @@ int b1_load_config(avmcard *card, capiloaddatapart * config) +@@ -224,7 +224,7 @@ int b1_load_config(avmcard *card, capiloaddatapart *config) } if (left) { if (config->user) { @@ -33569,20 +32800,20 @@ index 2a57da59..e7a12ed 100644 } else { memcpy(buf, dp, left); diff --git a/drivers/isdn/hardware/eicon/divasync.h b/drivers/isdn/hardware/eicon/divasync.h -index 85784a7..a19ca98 100644 +index dd6b53a..19d9ee6 100644 --- a/drivers/isdn/hardware/eicon/divasync.h +++ b/drivers/isdn/hardware/eicon/divasync.h @@ -146,7 +146,7 @@ typedef struct _diva_didd_add_adapter { } diva_didd_add_adapter_t; typedef struct _diva_didd_remove_adapter { - IDI_CALL p_request; + IDI_CALL p_request; -} diva_didd_remove_adapter_t; +} __no_const diva_didd_remove_adapter_t; typedef struct _diva_didd_read_adapter_array { - void * buffer; - dword length; + void *buffer; + dword length; diff --git a/drivers/isdn/hardware/eicon/xdi_adapter.h b/drivers/isdn/hardware/eicon/xdi_adapter.h -index a3bd163..8956575 100644 +index d303e65..28bcb7b 100644 --- a/drivers/isdn/hardware/eicon/xdi_adapter.h +++ b/drivers/isdn/hardware/eicon/xdi_adapter.h @@ -44,7 +44,7 @@ typedef struct _xdi_mbox_t { @@ -33595,10 +32826,10 @@ index a3bd163..8956575 100644 typedef struct _diva_os_xdi_adapter { struct list_head link; diff --git a/drivers/isdn/icn/icn.c b/drivers/isdn/icn/icn.c -index 1f355bb..43f1fea 100644 +index e74df7c..03a03ba 100644 --- a/drivers/isdn/icn/icn.c +++ b/drivers/isdn/icn/icn.c -@@ -1045,7 +1045,7 @@ icn_writecmd(const u_char * buf, int len, int user, icn_card * card) +@@ -1045,7 +1045,7 @@ icn_writecmd(const u_char *buf, int len, int user, icn_card *card) if (count > len) count = len; if (user) { @@ -33607,6 +32838,19 @@ index 1f355bb..43f1fea 100644 return -EFAULT; } else memcpy(msg, buf, count); +diff --git a/drivers/leds/leds-mc13783.c b/drivers/leds/leds-mc13783.c +index 8bc4915..4cc6a2e 100644 +--- a/drivers/leds/leds-mc13783.c ++++ b/drivers/leds/leds-mc13783.c +@@ -280,7 +280,7 @@ static int __devinit mc13783_led_probe(struct platform_device *pdev) + return -EINVAL; + } + +- led = kzalloc(sizeof(*led) * pdata->num_leds, GFP_KERNEL); ++ led = kcalloc(pdata->num_leds, sizeof(*led), GFP_KERNEL); + if (led == NULL) { + dev_err(&pdev->dev, "failed to alloc memory\n"); + return -ENOMEM; diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c index b5fdcb7..5b6c59f 100644 --- a/drivers/lguest/core.c @@ -33638,18 +32882,6 @@ index b5fdcb7..5b6c59f 100644 end_switcher_text - start_switcher_text); printk(KERN_INFO "lguest: mapped switcher at %p\n", -diff --git a/drivers/lguest/lguest_user.c b/drivers/lguest/lguest_user.c -index ff4a0bc..f5fdd9c 100644 ---- a/drivers/lguest/lguest_user.c -+++ b/drivers/lguest/lguest_user.c -@@ -198,6 +198,7 @@ static int user_send_irq(struct lg_cpu *cpu, const unsigned long __user *input) - * Once our Guest is initialized, the Launcher makes it run by reading - * from /dev/lguest. - */ -+static ssize_t read(struct file *file, char __user *user, size_t size,loff_t*o) __size_overflow(3); - static ssize_t read(struct file *file, char __user *user, size_t size,loff_t*o) - { - struct lguest *lg = file->private_data; diff --git a/drivers/lguest/x86/core.c b/drivers/lguest/x86/core.c index 3980903..ce25c5e 100644 --- a/drivers/lguest/x86/core.c @@ -33758,7 +32990,7 @@ index 40634b0..4f5855e 100644 // Every interrupt can come to us here // But we must truly tell each apart. diff --git a/drivers/macintosh/macio_asic.c b/drivers/macintosh/macio_asic.c -index 4daf9e5..b8d1d0f 100644 +index 20e5c2c..9e849a9 100644 --- a/drivers/macintosh/macio_asic.c +++ b/drivers/macintosh/macio_asic.c @@ -748,7 +748,7 @@ static void __devexit macio_pci_remove(struct pci_dev* pdev) @@ -33770,11 +33002,24 @@ index 4daf9e5..b8d1d0f 100644 .vendor = PCI_VENDOR_ID_APPLE, .device = PCI_ANY_ID, .subvendor = PCI_ANY_ID, +diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c +index 17e2b47..bcbeec4 100644 +--- a/drivers/md/bitmap.c ++++ b/drivers/md/bitmap.c +@@ -1823,7 +1823,7 @@ void bitmap_status(struct seq_file *seq, struct bitmap *bitmap) + chunk_kb ? "KB" : "B"); + if (bitmap->file) { + seq_printf(seq, ", file: "); +- seq_path(seq, &bitmap->file->f_path, " \t\n"); ++ seq_path(seq, &bitmap->file->f_path, " \t\n\\"); + } + + seq_printf(seq, "\n"); diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c -index 1ce84ed..0fdd40a 100644 +index a1a3e6d..1918bfc 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c -@@ -1589,7 +1589,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param) +@@ -1590,7 +1590,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param) cmd == DM_LIST_VERSIONS_CMD) return 0; @@ -33783,21 +33028,8 @@ index 1ce84ed..0fdd40a 100644 if (!*param->name) { DMWARN("name not supplied when creating device"); return -EINVAL; -diff --git a/drivers/md/dm-log-userspace-transfer.c b/drivers/md/dm-log-userspace-transfer.c -index 1f23e04..08d9a20 100644 ---- a/drivers/md/dm-log-userspace-transfer.c -+++ b/drivers/md/dm-log-userspace-transfer.c -@@ -134,7 +134,7 @@ static void cn_ulog_callback(struct cn_msg *msg, struct netlink_skb_parms *nsp) - { - struct dm_ulog_request *tfr = (struct dm_ulog_request *)(msg + 1); - -- if (!cap_raised(current_cap(), CAP_SYS_ADMIN)) -+ if (!capable(CAP_SYS_ADMIN)) - return; - - spin_lock(&receiving_list_lock); diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c -index 9bfd057..5373ff3 100644 +index d039de8..0cf5b87 100644 --- a/drivers/md/dm-raid1.c +++ b/drivers/md/dm-raid1.c @@ -40,7 +40,7 @@ enum dm_raid1_error { @@ -33854,18 +33086,7 @@ index 9bfd057..5373ff3 100644 m = NULL; if (likely(m)) -@@ -848,6 +848,10 @@ static void do_mirror(struct work_struct *work) - static struct mirror_set *alloc_context(unsigned int nr_mirrors, - uint32_t region_size, - struct dm_target *ti, -+ struct dm_dirty_log *dl) __size_overflow(1); -+static struct mirror_set *alloc_context(unsigned int nr_mirrors, -+ uint32_t region_size, -+ struct dm_target *ti, - struct dm_dirty_log *dl) - { - size_t len; -@@ -937,7 +941,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti, +@@ -938,7 +938,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti, } ms->mirror[mirror].ms = ms; @@ -33874,7 +33095,7 @@ index 9bfd057..5373ff3 100644 ms->mirror[mirror].error_type = 0; ms->mirror[mirror].offset = offset; -@@ -1347,7 +1351,7 @@ static void mirror_resume(struct dm_target *ti) +@@ -1351,7 +1351,7 @@ static void mirror_resume(struct dm_target *ti) */ static char device_status_char(struct mirror *m) { @@ -33884,7 +33105,7 @@ index 9bfd057..5373ff3 100644 return (test_bit(DM_RAID1_FLUSH_ERROR, &(m->error_type))) ? 'F' : diff --git a/drivers/md/dm-stripe.c b/drivers/md/dm-stripe.c -index 3d80cf0..7d98e1a 100644 +index 35c94ff..20d4c17 100644 --- a/drivers/md/dm-stripe.c +++ b/drivers/md/dm-stripe.c @@ -20,7 +20,7 @@ struct stripe { @@ -33896,15 +33117,7 @@ index 3d80cf0..7d98e1a 100644 }; struct stripe_c { -@@ -55,6 +55,7 @@ static void trigger_event(struct work_struct *work) - dm_table_event(sc->ti->table); - } - -+static inline struct stripe_c *alloc_context(unsigned int stripes) __size_overflow(1); - static inline struct stripe_c *alloc_context(unsigned int stripes) - { - size_t len; -@@ -192,7 +193,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv) +@@ -193,7 +193,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv) kfree(sc); return r; } @@ -33913,7 +33126,7 @@ index 3d80cf0..7d98e1a 100644 } ti->private = sc; -@@ -314,7 +315,7 @@ static int stripe_status(struct dm_target *ti, +@@ -315,7 +315,7 @@ static int stripe_status(struct dm_target *ti, DMEMIT("%d ", sc->stripes); for (i = 0; i < sc->stripes; i++) { DMEMIT("%s ", sc->stripe[i].dev->name); @@ -33922,7 +33135,7 @@ index 3d80cf0..7d98e1a 100644 'D' : 'A'; } buffer[i] = '\0'; -@@ -361,8 +362,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio, +@@ -362,8 +362,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio, */ for (i = 0; i < sc->stripes; i++) if (!strcmp(sc->stripe[i].dev->name, major_minor)) { @@ -33934,10 +33147,10 @@ index 3d80cf0..7d98e1a 100644 schedule_work(&sc->trigger_event); } diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c -index 63cc542..8d45caf3 100644 +index 2e227fb..44ead1f 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c -@@ -391,7 +391,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev, +@@ -390,7 +390,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev, if (!dev_size) return 0; @@ -33947,7 +33160,7 @@ index 63cc542..8d45caf3 100644 "start=%llu, len=%llu, dev_size=%llu", dm_device_name(ti->table->md), bdevname(bdev, b), diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c -index 237571a..fb6d19b 100644 +index 737d388..811ad5a 100644 --- a/drivers/md/dm-thin-metadata.c +++ b/drivers/md/dm-thin-metadata.c @@ -432,7 +432,7 @@ static int init_pmd(struct dm_pool_metadata *pmd, @@ -33969,7 +33182,7 @@ index 237571a..fb6d19b 100644 pmd->bl_info.value_type.inc = data_block_inc; pmd->bl_info.value_type.dec = data_block_dec; diff --git a/drivers/md/dm.c b/drivers/md/dm.c -index b89c548..2af3ce4 100644 +index e24143c..ce2f21a1 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -176,9 +176,9 @@ struct mapped_device { @@ -33984,7 +33197,7 @@ index b89c548..2af3ce4 100644 struct list_head uevent_list; spinlock_t uevent_lock; /* Protect access to uevent_list */ -@@ -1844,8 +1844,8 @@ static struct mapped_device *alloc_dev(int minor) +@@ -1845,8 +1845,8 @@ static struct mapped_device *alloc_dev(int minor) rwlock_init(&md->map_lock); atomic_set(&md->holders, 1); atomic_set(&md->open_count, 0); @@ -33995,7 +33208,7 @@ index b89c548..2af3ce4 100644 INIT_LIST_HEAD(&md->uevent_list); spin_lock_init(&md->uevent_lock); -@@ -1979,7 +1979,7 @@ static void event_callback(void *context) +@@ -1980,7 +1980,7 @@ static void event_callback(void *context) dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj); @@ -34004,7 +33217,7 @@ index b89c548..2af3ce4 100644 wake_up(&md->eventq); } -@@ -2621,18 +2621,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, +@@ -2622,18 +2622,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, uint32_t dm_next_uevent_seq(struct mapped_device *md) { @@ -34027,7 +33240,7 @@ index b89c548..2af3ce4 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index 58027d8..d9cddcd 100644 +index 2b30ffd..bf789ce 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -277,10 +277,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); @@ -34052,7 +33265,7 @@ index 58027d8..d9cddcd 100644 wake_up(&md_event_waiters); } -@@ -1524,7 +1524,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ +@@ -1526,7 +1526,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ rdev->preferred_minor = 0xffff; rdev->data_offset = le64_to_cpu(sb->data_offset); @@ -34061,7 +33274,7 @@ index 58027d8..d9cddcd 100644 rdev->sb_size = le32_to_cpu(sb->max_dev) * 2 + 256; bmask = queue_logical_block_size(rdev->bdev->bd_disk->queue)-1; -@@ -1743,7 +1743,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev) +@@ -1745,7 +1745,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev) else sb->resync_offset = cpu_to_le64(0); @@ -34070,7 +33283,7 @@ index 58027d8..d9cddcd 100644 sb->raid_disks = cpu_to_le32(mddev->raid_disks); sb->size = cpu_to_le64(mddev->dev_sectors); -@@ -2689,7 +2689,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store); +@@ -2691,7 +2691,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store); static ssize_t errors_show(struct md_rdev *rdev, char *page) { @@ -34079,7 +33292,7 @@ index 58027d8..d9cddcd 100644 } static ssize_t -@@ -2698,7 +2698,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len) +@@ -2700,7 +2700,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len) char *e; unsigned long n = simple_strtoul(buf, &e, 10); if (*buf && (*e == 0 || *e == '\n')) { @@ -34088,7 +33301,7 @@ index 58027d8..d9cddcd 100644 return len; } return -EINVAL; -@@ -3084,8 +3084,8 @@ int md_rdev_init(struct md_rdev *rdev) +@@ -3086,8 +3086,8 @@ int md_rdev_init(struct md_rdev *rdev) rdev->sb_loaded = 0; rdev->bb_page = NULL; atomic_set(&rdev->nr_pending, 0); @@ -34099,7 +33312,7 @@ index 58027d8..d9cddcd 100644 INIT_LIST_HEAD(&rdev->same_set); init_waitqueue_head(&rdev->blocked_wait); -@@ -6736,7 +6736,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -6738,7 +6738,7 @@ static int md_seq_show(struct seq_file *seq, void *v) spin_unlock(&pers_lock); seq_printf(seq, "\n"); @@ -34108,16 +33321,7 @@ index 58027d8..d9cddcd 100644 return 0; } if (v == (void*)2) { -@@ -6828,7 +6828,7 @@ static int md_seq_show(struct seq_file *seq, void *v) - chunk_kb ? "KB" : "B"); - if (bitmap->file) { - seq_printf(seq, ", file: "); -- seq_path(seq, &bitmap->file->f_path, " \t\n"); -+ seq_path(seq, &bitmap->file->f_path, " \t\n\\"); - } - - seq_printf(seq, "\n"); -@@ -6859,7 +6859,7 @@ static int md_seq_open(struct inode *inode, struct file *file) +@@ -6841,7 +6841,7 @@ static int md_seq_open(struct inode *inode, struct file *file) return error; seq = file->private_data; @@ -34126,7 +33330,7 @@ index 58027d8..d9cddcd 100644 return error; } -@@ -6873,7 +6873,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) +@@ -6855,7 +6855,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) /* always allow read */ mask = POLLIN | POLLRDNORM; @@ -34135,7 +33339,7 @@ index 58027d8..d9cddcd 100644 mask |= POLLERR | POLLPRI; return mask; } -@@ -6917,7 +6917,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) +@@ -6899,7 +6899,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) struct gendisk *disk = rdev->bdev->bd_contains->bd_disk; curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + (int)part_stat_read(&disk->part0, sectors[1]) - @@ -34145,7 +33349,7 @@ index 58027d8..d9cddcd 100644 * as sync_io is counted when a request starts, and * disk_stats is counted when it completes. diff --git a/drivers/md/md.h b/drivers/md/md.h -index 44c63df..b795d1a 100644 +index 1c2063c..9639970 100644 --- a/drivers/md/md.h +++ b/drivers/md/md.h @@ -93,13 +93,13 @@ struct md_rdev { @@ -34164,7 +33368,7 @@ index 44c63df..b795d1a 100644 * for reporting to userspace and storing * in superblock. */ -@@ -421,7 +421,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev) +@@ -429,7 +429,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev) static inline void md_sync_acct(struct block_device *bdev, unsigned long nr_sectors) { @@ -34225,10 +33429,10 @@ index 1cbfc6b..56e1dbb 100644 /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index edc735a..e9b97f1 100644 +index d7e9577..faa512f2 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c -@@ -1645,7 +1645,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) +@@ -1688,7 +1688,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) if (r1_sync_page_io(rdev, sect, s, bio->bi_io_vec[idx].bv_page, READ) != 0) @@ -34237,7 +33441,7 @@ index edc735a..e9b97f1 100644 } sectors -= s; sect += s; -@@ -1859,7 +1859,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, +@@ -1902,7 +1902,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, test_bit(In_sync, &rdev->flags)) { if (r1_sync_page_io(rdev, sect, s, conf->tmppage, READ)) { @@ -34247,10 +33451,10 @@ index edc735a..e9b97f1 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index 1898389..a3aa617 100644 +index d037adb..ed17dc9 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c -@@ -1636,7 +1636,7 @@ static void end_sync_read(struct bio *bio, int error) +@@ -1684,7 +1684,7 @@ static void end_sync_read(struct bio *bio, int error) /* The write handler will notice the lack of * R10BIO_Uptodate and record any errors etc */ @@ -34259,7 +33463,7 @@ index 1898389..a3aa617 100644 &conf->mirrors[d].rdev->corrected_errors); /* for reconstruct, we always reschedule after a read. -@@ -1987,7 +1987,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2033,7 +2033,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) { struct timespec cur_time_mon; unsigned long hours_since_last; @@ -34268,7 +33472,7 @@ index 1898389..a3aa617 100644 ktime_get_ts(&cur_time_mon); -@@ -2009,9 +2009,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2055,9 +2055,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) * overflowing the shift of read_errors by hours_since_last. */ if (hours_since_last >= 8 * sizeof(read_errors)) @@ -34280,7 +33484,7 @@ index 1898389..a3aa617 100644 } static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector, -@@ -2065,8 +2065,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2111,8 +2111,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 return; check_decay_read_errors(mddev, rdev); @@ -34291,7 +33495,7 @@ index 1898389..a3aa617 100644 char b[BDEVNAME_SIZE]; bdevname(rdev->bdev, b); -@@ -2074,7 +2074,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2120,7 +2120,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 "md/raid10:%s: %s: Raid device exceeded " "read_error threshold [cur %d:max %d]\n", mdname(mddev), b, @@ -34300,7 +33504,7 @@ index 1898389..a3aa617 100644 printk(KERN_NOTICE "md/raid10:%s: %s: Failing raid device\n", mdname(mddev), b); -@@ -2223,7 +2223,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2271,7 +2271,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 (unsigned long long)( sect + rdev->data_offset), bdevname(rdev->bdev, b)); @@ -34310,10 +33514,10 @@ index 1898389..a3aa617 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index d1162e5..c7cd902 100644 +index f351422..85c01bb 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c -@@ -1687,18 +1687,18 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1686,18 +1686,18 @@ static void raid5_end_read_request(struct bio * bi, int error) (unsigned long long)(sh->sector + rdev->data_offset), bdevname(rdev->bdev, b)); @@ -34336,7 +33540,7 @@ index d1162e5..c7cd902 100644 if (test_bit(R5_ReadRepl, &sh->dev[i].flags)) printk_ratelimited( KERN_WARNING -@@ -1727,7 +1727,7 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1726,7 +1726,7 @@ static void raid5_end_read_request(struct bio * bi, int error) (unsigned long long)(sh->sector + rdev->data_offset), bdn); @@ -34346,10 +33550,10 @@ index d1162e5..c7cd902 100644 printk(KERN_WARNING "md/raid:%s: Too many read errors, failing device %s.\n", diff --git a/drivers/media/dvb/ddbridge/ddbridge-core.c b/drivers/media/dvb/ddbridge/ddbridge-core.c -index ce4f858..7bcfb46 100644 +index d88c4aa..17c80b1 100644 --- a/drivers/media/dvb/ddbridge/ddbridge-core.c +++ b/drivers/media/dvb/ddbridge/ddbridge-core.c -@@ -1678,7 +1678,7 @@ static struct ddb_info ddb_v6 = { +@@ -1679,7 +1679,7 @@ static struct ddb_info ddb_v6 = { .subvendor = _subvend, .subdevice = _subdev, \ .driver_data = (unsigned long)&_driverdata } @@ -34424,10 +33628,10 @@ index 404f63a..4796533 100644 #if defined(CONFIG_DVB_DIB3000MB) || (defined(CONFIG_DVB_DIB3000MB_MODULE) && defined(MODULE)) extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config, diff --git a/drivers/media/dvb/ngene/ngene-cards.c b/drivers/media/dvb/ngene/ngene-cards.c -index 8418c02..8555013 100644 +index 7539a5d..06531a6 100644 --- a/drivers/media/dvb/ngene/ngene-cards.c +++ b/drivers/media/dvb/ngene/ngene-cards.c -@@ -477,7 +477,7 @@ static struct ngene_info ngene_info_m780 = { +@@ -478,7 +478,7 @@ static struct ngene_info ngene_info_m780 = { /****************************************************************************/ @@ -34437,7 +33641,7 @@ index 8418c02..8555013 100644 NGENE_ID(0x18c3, 0xabc4, ngene_info_cineS2), NGENE_ID(0x18c3, 0xdb01, ngene_info_satixS2), diff --git a/drivers/media/radio/radio-cadet.c b/drivers/media/radio/radio-cadet.c -index 16a089f..ab1667d 100644 +index 16a089f..1661b11 100644 --- a/drivers/media/radio/radio-cadet.c +++ b/drivers/media/radio/radio-cadet.c @@ -326,6 +326,8 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo @@ -34449,6 +33653,15 @@ index 16a089f..ab1667d 100644 mutex_lock(&dev->lock); if (dev->rdsstat == 0) { dev->rdsstat = 1; +@@ -347,7 +349,7 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo + readbuf[i++] = dev->rdsbuf[dev->rdsout++]; + mutex_unlock(&dev->lock); + +- if (copy_to_user(data, readbuf, i)) ++ if (i > sizeof(readbuf) || copy_to_user(data, readbuf, i)) + return -EFAULT; + return i; + } diff --git a/drivers/media/video/au0828/au0828.h b/drivers/media/video/au0828/au0828.h index 9cde353..8c6a1c3 100644 --- a/drivers/media/video/au0828/au0828.h @@ -34462,44 +33675,6 @@ index 9cde353..8c6a1c3 100644 struct i2c_client i2c_client; u32 i2c_rc; -diff --git a/drivers/media/video/cpia2/cpia2_core.c b/drivers/media/video/cpia2/cpia2_core.c -index ee91e295..04ad048 100644 ---- a/drivers/media/video/cpia2/cpia2_core.c -+++ b/drivers/media/video/cpia2/cpia2_core.c -@@ -86,6 +86,7 @@ static inline unsigned long kvirt_to_pa(unsigned long adr) - return ret; - } - -+static void *rvmalloc(unsigned long size) __size_overflow(1); - static void *rvmalloc(unsigned long size) - { - void *mem; -diff --git a/drivers/media/video/cx18/cx18-alsa-pcm.c b/drivers/media/video/cx18/cx18-alsa-pcm.c -index 82d195b..181103c 100644 ---- a/drivers/media/video/cx18/cx18-alsa-pcm.c -+++ b/drivers/media/video/cx18/cx18-alsa-pcm.c -@@ -229,6 +229,8 @@ static int snd_cx18_pcm_ioctl(struct snd_pcm_substream *substream, - - - static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, -+ size_t size) __size_overflow(2); -+static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, - size_t size) - { - struct snd_pcm_runtime *runtime = subs->runtime; -diff --git a/drivers/media/video/cx231xx/cx231xx-audio.c b/drivers/media/video/cx231xx/cx231xx-audio.c -index a2c2b7d..8f1bec7 100644 ---- a/drivers/media/video/cx231xx/cx231xx-audio.c -+++ b/drivers/media/video/cx231xx/cx231xx-audio.c -@@ -389,6 +389,8 @@ static int cx231xx_init_audio_bulk(struct cx231xx *dev) - } - - static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, -+ size_t size) __size_overflow(2); -+static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, - size_t size) - { - struct snd_pcm_runtime *runtime = subs->runtime; diff --git a/drivers/media/video/cx88/cx88-alsa.c b/drivers/media/video/cx88/cx88-alsa.c index 04bf662..e0ac026 100644 --- a/drivers/media/video/cx88/cx88-alsa.c @@ -34513,33 +33688,8 @@ index 04bf662..e0ac026 100644 {0x14f1,0x8801,PCI_ANY_ID,PCI_ANY_ID,0,0,0}, {0x14f1,0x8811,PCI_ANY_ID,PCI_ANY_ID,0,0,0}, {0, } -diff --git a/drivers/media/video/em28xx/em28xx-audio.c b/drivers/media/video/em28xx/em28xx-audio.c -index e2a7b77..753d0ee 100644 ---- a/drivers/media/video/em28xx/em28xx-audio.c -+++ b/drivers/media/video/em28xx/em28xx-audio.c -@@ -225,6 +225,8 @@ static int em28xx_init_audio_isoc(struct em28xx *dev) - } - - static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, -+ size_t size) __size_overflow(2); -+static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, - size_t size) - { - struct snd_pcm_runtime *runtime = subs->runtime; -diff --git a/drivers/media/video/meye.c b/drivers/media/video/meye.c -index b09a3c8..6dcba0a 100644 ---- a/drivers/media/video/meye.c -+++ b/drivers/media/video/meye.c -@@ -72,6 +72,7 @@ static struct meye meye; - /****************************************************************************/ - /* Memory allocation routines (stolen from bttv-driver.c) */ - /****************************************************************************/ -+static void *rvmalloc(unsigned long size) __size_overflow(1); - static void *rvmalloc(unsigned long size) - { - void *mem; diff --git a/drivers/media/video/omap/omap_vout.c b/drivers/media/video/omap/omap_vout.c -index 1fb7d5b..3901e77 100644 +index 88cf9d9..bbc4b2c 100644 --- a/drivers/media/video/omap/omap_vout.c +++ b/drivers/media/video/omap/omap_vout.c @@ -64,7 +64,6 @@ enum omap_vout_channels { @@ -34587,34 +33737,8 @@ index 305e6aa..0143317 100644 pvr2_i2c_func i2c_func[PVR2_I2C_FUNC_CNT]; int i2c_cx25840_hack_state; int i2c_linked; -diff --git a/drivers/media/video/saa7164/saa7164-encoder.c b/drivers/media/video/saa7164/saa7164-encoder.c -index 2fd38a0..ddec3c4 100644 ---- a/drivers/media/video/saa7164/saa7164-encoder.c -+++ b/drivers/media/video/saa7164/saa7164-encoder.c -@@ -1136,6 +1136,8 @@ struct saa7164_user_buffer *saa7164_enc_next_buf(struct saa7164_port *port) - } - - static ssize_t fops_read(struct file *file, char __user *buffer, -+ size_t count, loff_t *pos) __size_overflow(3); -+static ssize_t fops_read(struct file *file, char __user *buffer, - size_t count, loff_t *pos) - { - struct saa7164_encoder_fh *fh = file->private_data; -diff --git a/drivers/media/video/saa7164/saa7164-vbi.c b/drivers/media/video/saa7164/saa7164-vbi.c -index e2e0341..b80056c 100644 ---- a/drivers/media/video/saa7164/saa7164-vbi.c -+++ b/drivers/media/video/saa7164/saa7164-vbi.c -@@ -1081,6 +1081,8 @@ struct saa7164_user_buffer *saa7164_vbi_next_buf(struct saa7164_port *port) - } - - static ssize_t fops_read(struct file *file, char __user *buffer, -+ size_t count, loff_t *pos) __size_overflow(3); -+static ssize_t fops_read(struct file *file, char __user *buffer, - size_t count, loff_t *pos) - { - struct saa7164_vbi_fh *fh = file->private_data; diff --git a/drivers/media/video/timblogiw.c b/drivers/media/video/timblogiw.c -index 4ed1c7c2..8f15e13 100644 +index 02194c0..091733b 100644 --- a/drivers/media/video/timblogiw.c +++ b/drivers/media/video/timblogiw.c @@ -745,7 +745,7 @@ static int timblogiw_mmap(struct file *file, struct vm_area_struct *vma) @@ -34635,44 +33759,8 @@ index 4ed1c7c2..8f15e13 100644 .owner = THIS_MODULE, .open = timblogiw_open, .release = timblogiw_close, -diff --git a/drivers/media/video/videobuf-dma-contig.c b/drivers/media/video/videobuf-dma-contig.c -index c969111..a7910f4 100644 ---- a/drivers/media/video/videobuf-dma-contig.c -+++ b/drivers/media/video/videobuf-dma-contig.c -@@ -184,6 +184,7 @@ static int videobuf_dma_contig_user_get(struct videobuf_dma_contig_memory *mem, - return ret; - } - -+static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) __size_overflow(1); - static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) - { - struct videobuf_dma_contig_memory *mem; -diff --git a/drivers/media/video/videobuf-dma-sg.c b/drivers/media/video/videobuf-dma-sg.c -index f300dea..5fc9c4a 100644 ---- a/drivers/media/video/videobuf-dma-sg.c -+++ b/drivers/media/video/videobuf-dma-sg.c -@@ -419,6 +419,7 @@ static const struct vm_operations_struct videobuf_vm_ops = { - struct videobuf_dma_sg_memory - */ - -+static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) __size_overflow(1); - static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) - { - struct videobuf_dma_sg_memory *mem; -diff --git a/drivers/media/video/videobuf-vmalloc.c b/drivers/media/video/videobuf-vmalloc.c -index df14258..12cc7a3 100644 ---- a/drivers/media/video/videobuf-vmalloc.c -+++ b/drivers/media/video/videobuf-vmalloc.c -@@ -135,6 +135,7 @@ static const struct vm_operations_struct videobuf_vm_ops = { - struct videobuf_dma_sg_memory - */ - -+static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) __size_overflow(1); - static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) - { - struct videobuf_vmalloc_memory *mem; diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c -index a7dc467..a55c423 100644 +index a5c591f..db692a3 100644 --- a/drivers/message/fusion/mptbase.c +++ b/drivers/message/fusion/mptbase.c @@ -6754,8 +6754,13 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v) @@ -35189,10 +34277,10 @@ index 5c3ce24..4915ccb 100644 #ifdef CONFIG_SGI_GRU_DEBUG diff --git a/drivers/misc/sgi-xp/xp.h b/drivers/misc/sgi-xp/xp.h -index 851b2f2..a4ec097 100644 +index c862cd4..0d176fe 100644 --- a/drivers/misc/sgi-xp/xp.h +++ b/drivers/misc/sgi-xp/xp.h -@@ -289,7 +289,7 @@ struct xpc_interface { +@@ -288,7 +288,7 @@ struct xpc_interface { xpc_notify_func, void *); void (*received) (short, int, void *); enum xp_retval (*partid_to_nasids) (short, void *); @@ -35236,10 +34324,10 @@ index 8d082b4..aa749ae 100644 /* * Timer function to enforce the timelimit on the partition disengage. diff --git a/drivers/mmc/host/sdhci-pci.c b/drivers/mmc/host/sdhci-pci.c -index 6ebdc40..9edf5d8 100644 +index 69ef0be..f3ef91e 100644 --- a/drivers/mmc/host/sdhci-pci.c +++ b/drivers/mmc/host/sdhci-pci.c -@@ -631,7 +631,7 @@ static const struct sdhci_pci_fixes sdhci_via = { +@@ -652,7 +652,7 @@ static const struct sdhci_pci_fixes sdhci_via = { .probe = via_probe, }; @@ -35249,10 +34337,10 @@ index 6ebdc40..9edf5d8 100644 .vendor = PCI_VENDOR_ID_RICOH, .device = PCI_DEVICE_ID_RICOH_R5C822, diff --git a/drivers/mtd/devices/doc2000.c b/drivers/mtd/devices/doc2000.c -index 87a431c..4959b43 100644 +index a4eb8b5..8c0628f 100644 --- a/drivers/mtd/devices/doc2000.c +++ b/drivers/mtd/devices/doc2000.c -@@ -764,7 +764,7 @@ static int doc_write(struct mtd_info *mtd, loff_t to, size_t len, +@@ -753,7 +753,7 @@ static int doc_write(struct mtd_info *mtd, loff_t to, size_t len, /* The ECC will not be calculated correctly if less than 512 is written */ /* DBB- @@ -35261,21 +34349,8 @@ index 87a431c..4959b43 100644 printk(KERN_WARNING "ECC needs a full sector write (adr: %lx size %lx)\n", (long) to, (long) len); -diff --git a/drivers/mtd/devices/doc2001.c b/drivers/mtd/devices/doc2001.c -index 9eacf67..4534b5b 100644 ---- a/drivers/mtd/devices/doc2001.c -+++ b/drivers/mtd/devices/doc2001.c -@@ -384,7 +384,7 @@ static int doc_read (struct mtd_info *mtd, loff_t from, size_t len, - struct Nand *mychip = &this->chips[from >> (this->chipshift)]; - - /* Don't allow read past end of device */ -- if (from >= this->totlen) -+ if (from >= this->totlen || !len) - return -EINVAL; - - /* Don't allow a single read to cross a 512-byte block boundary */ diff --git a/drivers/mtd/nand/denali.c b/drivers/mtd/nand/denali.c -index 3984d48..28aa897 100644 +index a9e57d6..c6d8731 100644 --- a/drivers/mtd/nand/denali.c +++ b/drivers/mtd/nand/denali.c @@ -26,6 +26,7 @@ @@ -35298,24 +34373,11 @@ index 51b9d6a..52af9a7 100644 #include #include #include -diff --git a/drivers/mtd/ubi/debug.c b/drivers/mtd/ubi/debug.c -index e2cdebf..d48183a 100644 ---- a/drivers/mtd/ubi/debug.c -+++ b/drivers/mtd/ubi/debug.c -@@ -338,6 +338,8 @@ out: - - /* Write an UBI debugfs file */ - static ssize_t dfs_file_write(struct file *file, const char __user *user_buf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t dfs_file_write(struct file *file, const char __user *user_buf, - size_t count, loff_t *ppos) - { - unsigned long ubi_num = (unsigned long)file->private_data; diff --git a/drivers/net/ethernet/atheros/atlx/atl2.c b/drivers/net/ethernet/atheros/atlx/atl2.c -index 071f4c8..440862e 100644 +index 6762dc4..9956862 100644 --- a/drivers/net/ethernet/atheros/atlx/atl2.c +++ b/drivers/net/ethernet/atheros/atlx/atl2.c -@@ -2862,7 +2862,7 @@ static void atl2_force_ps(struct atl2_hw *hw) +@@ -2859,7 +2859,7 @@ static void atl2_force_ps(struct atl2_hw *hw) */ #define ATL2_PARAM(X, desc) \ @@ -35325,10 +34387,10 @@ index 071f4c8..440862e 100644 MODULE_PARM_DESC(X, desc); #else diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h -index 66da39f..5dc436d 100644 +index 61a7670..7da6e34 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h -@@ -473,7 +473,7 @@ struct bnx2x_rx_mode_obj { +@@ -483,7 +483,7 @@ struct bnx2x_rx_mode_obj { int (*wait_comp)(struct bnx2x *bp, struct bnx2x_rx_mode_ramrod_params *p); @@ -35338,7 +34400,7 @@ index 66da39f..5dc436d 100644 /********************** Set multicast group ***********************************/ diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h -index aea8f72..fcebf75 100644 +index 93865f8..5448741 100644 --- a/drivers/net/ethernet/broadcom/tg3.h +++ b/drivers/net/ethernet/broadcom/tg3.h @@ -140,6 +140,7 @@ @@ -35349,19 +34411,6 @@ index aea8f72..fcebf75 100644 #define CHIPREV_ID_5750_C2 0x4202 #define CHIPREV_ID_5752_A0_HW 0x5000 #define CHIPREV_ID_5752_A0 0x6000 -diff --git a/drivers/net/ethernet/chelsio/cxgb/sge.c b/drivers/net/ethernet/chelsio/cxgb/sge.c -index 47a8435..248e4b3 100644 ---- a/drivers/net/ethernet/chelsio/cxgb/sge.c -+++ b/drivers/net/ethernet/chelsio/cxgb/sge.c -@@ -1052,6 +1052,8 @@ MODULE_PARM_DESC(copybreak, "Receive copy threshold"); - * be copied but there is no memory for the copy. - */ - static inline struct sk_buff *get_packet(struct pci_dev *pdev, -+ struct freelQ *fl, unsigned int len) __size_overflow(3); -+static inline struct sk_buff *get_packet(struct pci_dev *pdev, - struct freelQ *fl, unsigned int len) - { - struct sk_buff *skb; diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h index c4e8643..0979484 100644 --- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h @@ -35375,61 +34424,11 @@ index c4e8643..0979484 100644 #define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb) -diff --git a/drivers/net/ethernet/chelsio/cxgb3/sge.c b/drivers/net/ethernet/chelsio/cxgb3/sge.c -index cfb60e1..94af340 100644 ---- a/drivers/net/ethernet/chelsio/cxgb3/sge.c -+++ b/drivers/net/ethernet/chelsio/cxgb3/sge.c -@@ -611,6 +611,8 @@ static void recycle_rx_buf(struct adapter *adap, struct sge_fl *q, - * of the SW ring. - */ - static void *alloc_ring(struct pci_dev *pdev, size_t nelem, size_t elem_size, -+ size_t sw_size, dma_addr_t * phys, void *metadata) __size_overflow(2,4); -+static void *alloc_ring(struct pci_dev *pdev, size_t nelem, size_t elem_size, - size_t sw_size, dma_addr_t * phys, void *metadata) - { - size_t len = nelem * elem_size; -@@ -777,6 +779,8 @@ static inline unsigned int flits_to_desc(unsigned int n) - * be copied but there is no memory for the copy. - */ - static struct sk_buff *get_packet(struct adapter *adap, struct sge_fl *fl, -+ unsigned int len, unsigned int drop_thres) __size_overflow(3); -+static struct sk_buff *get_packet(struct adapter *adap, struct sge_fl *fl, - unsigned int len, unsigned int drop_thres) - { - struct sk_buff *skb = NULL; -diff --git a/drivers/net/ethernet/chelsio/cxgb4/sge.c b/drivers/net/ethernet/chelsio/cxgb4/sge.c -index 2dae795..73037d2 100644 ---- a/drivers/net/ethernet/chelsio/cxgb4/sge.c -+++ b/drivers/net/ethernet/chelsio/cxgb4/sge.c -@@ -593,6 +593,9 @@ static inline void __refill_fl(struct adapter *adap, struct sge_fl *fl) - */ - static void *alloc_ring(struct device *dev, size_t nelem, size_t elem_size, - size_t sw_size, dma_addr_t *phys, void *metadata, -+ size_t stat_size, int node) __size_overflow(2,4); -+static void *alloc_ring(struct device *dev, size_t nelem, size_t elem_size, -+ size_t sw_size, dma_addr_t *phys, void *metadata, - size_t stat_size, int node) - { - size_t len = nelem * elem_size + stat_size; -diff --git a/drivers/net/ethernet/chelsio/cxgb4vf/sge.c b/drivers/net/ethernet/chelsio/cxgb4vf/sge.c -index 0bd585b..d954ca5 100644 ---- a/drivers/net/ethernet/chelsio/cxgb4vf/sge.c -+++ b/drivers/net/ethernet/chelsio/cxgb4vf/sge.c -@@ -729,6 +729,9 @@ static inline void __refill_fl(struct adapter *adapter, struct sge_fl *fl) - */ - static void *alloc_ring(struct device *dev, size_t nelem, size_t hwsize, - size_t swsize, dma_addr_t *busaddrp, void *swringp, -+ size_t stat_size) __size_overflow(2,4); -+static void *alloc_ring(struct device *dev, size_t nelem, size_t hwsize, -+ size_t swsize, dma_addr_t *busaddrp, void *swringp, - size_t stat_size) - { - /* diff --git a/drivers/net/ethernet/dec/tulip/de4x5.c b/drivers/net/ethernet/dec/tulip/de4x5.c -index 4d71f5a..8004440 100644 +index 18b106c..2b38d36 100644 --- a/drivers/net/ethernet/dec/tulip/de4x5.c +++ b/drivers/net/ethernet/dec/tulip/de4x5.c -@@ -5392,7 +5392,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) +@@ -5388,7 +5388,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) for (i=0; idev_addr[i]; } @@ -35438,7 +34437,7 @@ index 4d71f5a..8004440 100644 break; case DE4X5_SET_HWADDR: /* Set the hardware address */ -@@ -5432,7 +5432,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) +@@ -5428,7 +5428,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) spin_lock_irqsave(&lp->lock, flags); memcpy(&statbuf, &lp->pktStats, ioc->len); spin_unlock_irqrestore(&lp->lock, flags); @@ -35448,7 +34447,7 @@ index 4d71f5a..8004440 100644 break; } diff --git a/drivers/net/ethernet/dec/tulip/eeprom.c b/drivers/net/ethernet/dec/tulip/eeprom.c -index 14d5b61..1398636 100644 +index ed7d1dc..d426748 100644 --- a/drivers/net/ethernet/dec/tulip/eeprom.c +++ b/drivers/net/ethernet/dec/tulip/eeprom.c @@ -79,7 +79,7 @@ static struct eeprom_fixup eeprom_fixups[] __devinitdata = { @@ -35461,7 +34460,7 @@ index 14d5b61..1398636 100644 "21140 MII PHY", "21142 Serial PHY", diff --git a/drivers/net/ethernet/dec/tulip/winbond-840.c b/drivers/net/ethernet/dec/tulip/winbond-840.c -index 52da7b2..4ddfe1c 100644 +index 2ac6fff..2d127d0 100644 --- a/drivers/net/ethernet/dec/tulip/winbond-840.c +++ b/drivers/net/ethernet/dec/tulip/winbond-840.c @@ -236,7 +236,7 @@ struct pci_id_info { @@ -35473,95 +34472,8 @@ index 52da7b2..4ddfe1c 100644 { /* Sometime a Level-One switch card. */ "Winbond W89c840", CanHaveMII | HasBrokenTx | FDXOnNoMII}, { "Winbond W89c840", CanHaveMII | HasBrokenTx}, -diff --git a/drivers/net/ethernet/dlink/dl2k.c b/drivers/net/ethernet/dlink/dl2k.c -index b2dc2c8..2e09edb 100644 ---- a/drivers/net/ethernet/dlink/dl2k.c -+++ b/drivers/net/ethernet/dlink/dl2k.c -@@ -1259,55 +1259,21 @@ rio_ioctl (struct net_device *dev, struct ifreq *rq, int cmd) - { - int phy_addr; - struct netdev_private *np = netdev_priv(dev); -- struct mii_data *miidata = (struct mii_data *) &rq->ifr_ifru; -- -- struct netdev_desc *desc; -- int i; -+ struct mii_ioctl_data *miidata = if_mii(rq); - - phy_addr = np->phy_addr; - switch (cmd) { -- case SIOCDEVPRIVATE: -+ case SIOCGMIIPHY: -+ miidata->phy_id = phy_addr; - break; -- -- case SIOCDEVPRIVATE + 1: -- miidata->out_value = mii_read (dev, phy_addr, miidata->reg_num); -+ case SIOCGMIIREG: -+ miidata->val_out = mii_read (dev, phy_addr, miidata->reg_num); - break; -- case SIOCDEVPRIVATE + 2: -- mii_write (dev, phy_addr, miidata->reg_num, miidata->in_value); -+ case SIOCSMIIREG: -+ if (!capable(CAP_NET_ADMIN)) -+ return -EPERM; -+ mii_write (dev, phy_addr, miidata->reg_num, miidata->val_in); - break; -- case SIOCDEVPRIVATE + 3: -- break; -- case SIOCDEVPRIVATE + 4: -- break; -- case SIOCDEVPRIVATE + 5: -- netif_stop_queue (dev); -- break; -- case SIOCDEVPRIVATE + 6: -- netif_wake_queue (dev); -- break; -- case SIOCDEVPRIVATE + 7: -- printk -- ("tx_full=%x cur_tx=%lx old_tx=%lx cur_rx=%lx old_rx=%lx\n", -- netif_queue_stopped(dev), np->cur_tx, np->old_tx, np->cur_rx, -- np->old_rx); -- break; -- case SIOCDEVPRIVATE + 8: -- printk("TX ring:\n"); -- for (i = 0; i < TX_RING_SIZE; i++) { -- desc = &np->tx_ring[i]; -- printk -- ("%02x:cur:%08x next:%08x status:%08x frag1:%08x frag0:%08x", -- i, -- (u32) (np->tx_ring_dma + i * sizeof (*desc)), -- (u32)le64_to_cpu(desc->next_desc), -- (u32)le64_to_cpu(desc->status), -- (u32)(le64_to_cpu(desc->fraginfo) >> 32), -- (u32)le64_to_cpu(desc->fraginfo)); -- printk ("\n"); -- } -- printk ("\n"); -- break; -- - default: - return -EOPNOTSUPP; - } -diff --git a/drivers/net/ethernet/dlink/dl2k.h b/drivers/net/ethernet/dlink/dl2k.h -index ba0adca..30c2da3 100644 ---- a/drivers/net/ethernet/dlink/dl2k.h -+++ b/drivers/net/ethernet/dlink/dl2k.h -@@ -365,13 +365,6 @@ struct ioctl_data { - char *data; - }; - --struct mii_data { -- __u16 reserved; -- __u16 reg_num; -- __u16 in_value; -- __u16 out_value; --}; -- - /* The Rx and Tx buffer descriptors. */ - struct netdev_desc { - __le64 next_desc; diff --git a/drivers/net/ethernet/dlink/sundance.c b/drivers/net/ethernet/dlink/sundance.c -index 28a3a9b..d96cb63 100644 +index d783f4f..97fa1b0 100644 --- a/drivers/net/ethernet/dlink/sundance.c +++ b/drivers/net/ethernet/dlink/sundance.c @@ -218,7 +218,7 @@ enum { @@ -35574,10 +34486,10 @@ index 28a3a9b..d96cb63 100644 {"D-Link DFE-550FX 100Mbps Fiber-optics Adapter"}, {"D-Link DFE-580TX 4 port Server Adapter"}, diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c -index e703d64..d62ecf9 100644 +index 528a886..e6a98a3 100644 --- a/drivers/net/ethernet/emulex/benet/be_main.c +++ b/drivers/net/ethernet/emulex/benet/be_main.c -@@ -402,7 +402,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) +@@ -403,7 +403,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) if (wrapped) newacc += 65536; @@ -35587,7 +34499,7 @@ index e703d64..d62ecf9 100644 void be_parse_stats(struct be_adapter *adapter) diff --git a/drivers/net/ethernet/faraday/ftgmac100.c b/drivers/net/ethernet/faraday/ftgmac100.c -index 47f85c3..82ab6c4 100644 +index 16b0704..d2c07d7 100644 --- a/drivers/net/ethernet/faraday/ftgmac100.c +++ b/drivers/net/ethernet/faraday/ftgmac100.c @@ -31,6 +31,8 @@ @@ -35600,7 +34512,7 @@ index 47f85c3..82ab6c4 100644 #include "ftgmac100.h" diff --git a/drivers/net/ethernet/faraday/ftmac100.c b/drivers/net/ethernet/faraday/ftmac100.c -index bb336a0..4b472da 100644 +index 829b109..4ae5f6a 100644 --- a/drivers/net/ethernet/faraday/ftmac100.c +++ b/drivers/net/ethernet/faraday/ftmac100.c @@ -31,6 +31,8 @@ @@ -35613,7 +34525,7 @@ index bb336a0..4b472da 100644 #include "ftmac100.h" diff --git a/drivers/net/ethernet/fealnx.c b/drivers/net/ethernet/fealnx.c -index c82d444..0007fb4 100644 +index 1637b98..c42f87b 100644 --- a/drivers/net/ethernet/fealnx.c +++ b/drivers/net/ethernet/fealnx.c @@ -150,7 +150,7 @@ struct chip_info { @@ -35625,45 +34537,32 @@ index c82d444..0007fb4 100644 { "100/10M Ethernet PCI Adapter", HAS_MII_XCVR }, { "100/10M Ethernet PCI Adapter", HAS_CHIP_XCVR }, { "1000/100/10M Ethernet PCI Adapter", HAS_MII_XCVR }, -diff --git a/drivers/net/ethernet/intel/e1000e/80003es2lan.c b/drivers/net/ethernet/intel/e1000e/80003es2lan.c -index e1159e5..e18684d 100644 ---- a/drivers/net/ethernet/intel/e1000e/80003es2lan.c -+++ b/drivers/net/ethernet/intel/e1000e/80003es2lan.c -@@ -205,7 +205,7 @@ static s32 e1000_init_mac_params_80003es2lan(struct e1000_adapter *adapter) - { - struct e1000_hw *hw = &adapter->hw; - struct e1000_mac_info *mac = &hw->mac; -- struct e1000_mac_operations *func = &mac->ops; -+ e1000_mac_operations_no_const *func = &mac->ops; - - /* Set media type */ - switch (adapter->pdev->device) { -diff --git a/drivers/net/ethernet/intel/e1000e/82571.c b/drivers/net/ethernet/intel/e1000e/82571.c -index a3e65fd..f451444 100644 ---- a/drivers/net/ethernet/intel/e1000e/82571.c -+++ b/drivers/net/ethernet/intel/e1000e/82571.c -@@ -239,7 +239,7 @@ static s32 e1000_init_mac_params_82571(struct e1000_adapter *adapter) - { - struct e1000_hw *hw = &adapter->hw; - struct e1000_mac_info *mac = &hw->mac; -- struct e1000_mac_operations *func = &mac->ops; -+ e1000_mac_operations_no_const *func = &mac->ops; - u32 swsm = 0; - u32 swsm2 = 0; - bool force_clear_smbi = false; +diff --git a/drivers/net/ethernet/intel/e1000e/e1000.h b/drivers/net/ethernet/intel/e1000e/e1000.h +index b83897f..b2d970f 100644 +--- a/drivers/net/ethernet/intel/e1000e/e1000.h ++++ b/drivers/net/ethernet/intel/e1000e/e1000.h +@@ -181,7 +181,7 @@ struct e1000_info; + #define E1000_TXDCTL_DMA_BURST_ENABLE \ + (E1000_TXDCTL_GRAN | /* set descriptor granularity */ \ + E1000_TXDCTL_COUNT_DESC | \ +- (5 << 16) | /* wthresh must be +1 more than desired */\ ++ (1 << 16) | /* wthresh must be +1 more than desired */\ + (1 << 8) | /* hthresh */ \ + 0x1f) /* pthresh */ + diff --git a/drivers/net/ethernet/intel/e1000e/hw.h b/drivers/net/ethernet/intel/e1000e/hw.h -index 2967039..ca8c40c 100644 +index f82ecf5..7d59ecb 100644 --- a/drivers/net/ethernet/intel/e1000e/hw.h +++ b/drivers/net/ethernet/intel/e1000e/hw.h -@@ -778,6 +778,7 @@ struct e1000_mac_operations { - void (*write_vfta)(struct e1000_hw *, u32, u32); +@@ -784,6 +784,7 @@ struct e1000_mac_operations { + void (*config_collision_dist)(struct e1000_hw *); s32 (*read_mac_addr)(struct e1000_hw *); }; +typedef struct e1000_mac_operations __no_const e1000_mac_operations_no_const; /* * When to use various PHY register access functions: -@@ -818,6 +819,7 @@ struct e1000_phy_operations { +@@ -824,6 +825,7 @@ struct e1000_phy_operations { void (*power_up)(struct e1000_hw *); void (*power_down)(struct e1000_hw *); }; @@ -35671,7 +34570,7 @@ index 2967039..ca8c40c 100644 /* Function pointers for the NVM. */ struct e1000_nvm_operations { -@@ -829,9 +831,10 @@ struct e1000_nvm_operations { +@@ -836,9 +838,10 @@ struct e1000_nvm_operations { s32 (*validate)(struct e1000_hw *); s32 (*write)(struct e1000_hw *, u16, u16, u16 *); }; @@ -35683,7 +34582,7 @@ index 2967039..ca8c40c 100644 u8 addr[ETH_ALEN]; u8 perm_addr[ETH_ALEN]; -@@ -872,7 +875,7 @@ struct e1000_mac_info { +@@ -879,7 +882,7 @@ struct e1000_mac_info { }; struct e1000_phy_info { @@ -35692,7 +34591,7 @@ index 2967039..ca8c40c 100644 enum e1000_phy_type type; -@@ -906,7 +909,7 @@ struct e1000_phy_info { +@@ -913,7 +916,7 @@ struct e1000_phy_info { }; struct e1000_nvm_info { @@ -35807,10 +34706,10 @@ index 57db3c6..aa825fc 100644 u32 timeout; u32 usec_delay; diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h b/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h -index 9b95bef..7e254ee 100644 +index 8636e83..ab9bbc3 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h -@@ -2708,6 +2708,7 @@ struct ixgbe_eeprom_operations { +@@ -2710,6 +2710,7 @@ struct ixgbe_eeprom_operations { s32 (*update_checksum)(struct ixgbe_hw *); u16 (*calc_checksum)(struct ixgbe_hw *); }; @@ -35818,7 +34717,7 @@ index 9b95bef..7e254ee 100644 struct ixgbe_mac_operations { s32 (*init_hw)(struct ixgbe_hw *); -@@ -2769,6 +2770,7 @@ struct ixgbe_mac_operations { +@@ -2773,6 +2774,7 @@ struct ixgbe_mac_operations { /* Manageability interface */ s32 (*set_fw_drv_ver)(struct ixgbe_hw *, u8, u8, u8, u8); }; @@ -35826,7 +34725,7 @@ index 9b95bef..7e254ee 100644 struct ixgbe_phy_operations { s32 (*identify)(struct ixgbe_hw *); -@@ -2788,9 +2790,10 @@ struct ixgbe_phy_operations { +@@ -2792,9 +2794,10 @@ struct ixgbe_phy_operations { s32 (*write_i2c_eeprom)(struct ixgbe_hw *, u8, u8); s32 (*check_overtemp)(struct ixgbe_hw *); }; @@ -35838,7 +34737,7 @@ index 9b95bef..7e254ee 100644 enum ixgbe_eeprom_type type; u32 semaphore_delay; u16 word_size; -@@ -2800,7 +2803,7 @@ struct ixgbe_eeprom_info { +@@ -2804,7 +2807,7 @@ struct ixgbe_eeprom_info { #define IXGBE_FLAGS_DOUBLE_RESET_REQUIRED 0x01 struct ixgbe_mac_info { @@ -35847,7 +34746,7 @@ index 9b95bef..7e254ee 100644 enum ixgbe_mac_type type; u8 addr[ETH_ALEN]; u8 perm_addr[ETH_ALEN]; -@@ -2828,7 +2831,7 @@ struct ixgbe_mac_info { +@@ -2832,7 +2835,7 @@ struct ixgbe_mac_info { }; struct ixgbe_phy_info { @@ -35856,7 +34755,7 @@ index 9b95bef..7e254ee 100644 struct mdio_if_info mdio; enum ixgbe_phy_type type; u32 id; -@@ -2856,6 +2859,7 @@ struct ixgbe_mbx_operations { +@@ -2860,6 +2863,7 @@ struct ixgbe_mbx_operations { s32 (*check_for_ack)(struct ixgbe_hw *, u16); s32 (*check_for_rst)(struct ixgbe_hw *, u16); }; @@ -35864,7 +34763,7 @@ index 9b95bef..7e254ee 100644 struct ixgbe_mbx_stats { u32 msgs_tx; -@@ -2867,7 +2871,7 @@ struct ixgbe_mbx_stats { +@@ -2871,7 +2875,7 @@ struct ixgbe_mbx_stats { }; struct ixgbe_mbx_info { @@ -35912,7 +34811,7 @@ index 25c951d..cc7cf33 100644 u32 timeout; u32 udelay; diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c -index 8bf22b6..7f5baaa 100644 +index 8bb05b4..074796f 100644 --- a/drivers/net/ethernet/mellanox/mlx4/main.c +++ b/drivers/net/ethernet/mellanox/mlx4/main.c @@ -41,6 +41,7 @@ @@ -35950,10 +34849,10 @@ index 4a518a3..936b334 100644 #define VXGE_HW_VIRTUAL_PATH_HANDLE(vpath) \ ((struct __vxge_hw_vpath_handle *)(vpath)->vpath_handles.next) diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index bbacb37..d60887d 100644 +index ce6b44d..74f10c2 100644 --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c -@@ -695,17 +695,17 @@ struct rtl8169_private { +@@ -708,17 +708,17 @@ struct rtl8169_private { struct mdio_ops { void (*write)(void __iomem *, int, int); int (*read)(void __iomem *, int); @@ -35975,10 +34874,10 @@ index bbacb37..d60887d 100644 int (*set_speed)(struct net_device *, u8 aneg, u16 sp, u8 dpx, u32 adv); int (*get_settings)(struct net_device *, struct ethtool_cmd *); diff --git a/drivers/net/ethernet/sis/sis190.c b/drivers/net/ethernet/sis/sis190.c -index 5b118cd..858b523 100644 +index a9deda8..5507c31 100644 --- a/drivers/net/ethernet/sis/sis190.c +++ b/drivers/net/ethernet/sis/sis190.c -@@ -1622,7 +1622,7 @@ static int __devinit sis190_get_mac_addr_from_eeprom(struct pci_dev *pdev, +@@ -1620,7 +1620,7 @@ static int __devinit sis190_get_mac_addr_from_eeprom(struct pci_dev *pdev, static int __devinit sis190_get_mac_addr_from_apc(struct pci_dev *pdev, struct net_device *dev) { @@ -36002,11 +34901,33 @@ index c07cfe9..81cbf7e 100644 } /* To mask all all interrupts.*/ +diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +index 48d56da..a27e46c 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +@@ -1584,7 +1584,7 @@ static const struct file_operations stmmac_rings_status_fops = { + .open = stmmac_sysfs_ring_open, + .read = seq_read, + .llseek = seq_lseek, +- .release = seq_release, ++ .release = single_release, + }; + + static int stmmac_sysfs_dma_cap_read(struct seq_file *seq, void *v) +@@ -1656,7 +1656,7 @@ static const struct file_operations stmmac_dma_cap_fops = { + .open = stmmac_sysfs_dma_cap_open, + .read = seq_read, + .llseek = seq_lseek, +- .release = seq_release, ++ .release = single_release, + }; + + static int stmmac_init_fs(struct net_device *dev) diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h -index dec5836..6d4db7d 100644 +index c358245..8c1de63 100644 --- a/drivers/net/hyperv/hyperv_net.h +++ b/drivers/net/hyperv/hyperv_net.h -@@ -97,7 +97,7 @@ struct rndis_device { +@@ -98,7 +98,7 @@ struct rndis_device { enum rndis_device_state state; bool link_state; @@ -36016,10 +34937,10 @@ index dec5836..6d4db7d 100644 spinlock_t request_lock; struct list_head req_list; diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c -index 133b7fb..d58c559 100644 +index d6be64b..5d97e3b 100644 --- a/drivers/net/hyperv/rndis_filter.c +++ b/drivers/net/hyperv/rndis_filter.c -@@ -96,7 +96,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev, +@@ -97,7 +97,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev, * template */ set = &rndis_msg->msg.set_req; @@ -36028,7 +34949,7 @@ index 133b7fb..d58c559 100644 /* Add to the request list */ spin_lock_irqsave(&dev->request_lock, flags); -@@ -627,7 +627,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev) +@@ -648,7 +648,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev) /* Setup the rndis set */ halt = &request->request_msg.msg.halt_req; @@ -36038,10 +34959,10 @@ index 133b7fb..d58c559 100644 /* Ignore return since this msg is optional. */ rndis_filter_send_request(dev, request); diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c -index 58dc117..f140c77 100644 +index cb8fd50..003ec38 100644 --- a/drivers/net/macvtap.c +++ b/drivers/net/macvtap.c -@@ -526,6 +526,8 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from, +@@ -528,6 +528,8 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from, } base = (unsigned long)from->iov_base + offset1; size = ((base & ~PAGE_MASK) + len + ~PAGE_MASK) >> PAGE_SHIFT; @@ -36051,7 +34972,7 @@ index 58dc117..f140c77 100644 if ((num_pages != size) || (num_pages > MAX_SKB_FRAGS - skb_shinfo(skb)->nr_frags)) diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c -index 3ed983c..a1bb418 100644 +index 21d7151..8034208 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c @@ -986,7 +986,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) @@ -36073,10 +34994,10 @@ index 3ed983c..a1bb418 100644 err = 0; break; diff --git a/drivers/net/tokenring/abyss.c b/drivers/net/tokenring/abyss.c -index 515f122..41dd273 100644 +index b715e6b..6d2490f 100644 --- a/drivers/net/tokenring/abyss.c +++ b/drivers/net/tokenring/abyss.c -@@ -451,10 +451,12 @@ static struct pci_driver abyss_driver = { +@@ -450,10 +450,12 @@ static struct pci_driver abyss_driver = { static int __init abyss_init (void) { @@ -36093,10 +35014,10 @@ index 515f122..41dd273 100644 return pci_register_driver(&abyss_driver); } diff --git a/drivers/net/tokenring/madgemc.c b/drivers/net/tokenring/madgemc.c -index 6153cfd..cf69c1c 100644 +index 28adcdf..ae82f35 100644 --- a/drivers/net/tokenring/madgemc.c +++ b/drivers/net/tokenring/madgemc.c -@@ -744,9 +744,11 @@ static struct mca_driver madgemc_driver = { +@@ -742,9 +742,11 @@ static struct mca_driver madgemc_driver = { static int __init madgemc_init (void) { @@ -36112,10 +35033,10 @@ index 6153cfd..cf69c1c 100644 return mca_register_driver (&madgemc_driver); } diff --git a/drivers/net/tokenring/proteon.c b/drivers/net/tokenring/proteon.c -index 8d362e6..f91cc52 100644 +index 62d90e4..9d84237 100644 --- a/drivers/net/tokenring/proteon.c +++ b/drivers/net/tokenring/proteon.c -@@ -353,9 +353,11 @@ static int __init proteon_init(void) +@@ -352,9 +352,11 @@ static int __init proteon_init(void) struct platform_device *pdev; int i, num = 0, err = 0; @@ -36131,10 +35052,10 @@ index 8d362e6..f91cc52 100644 err = platform_driver_register(&proteon_driver); if (err) diff --git a/drivers/net/tokenring/skisa.c b/drivers/net/tokenring/skisa.c -index 46db5c5..37c1536 100644 +index ee11e93..c8f19c7 100644 --- a/drivers/net/tokenring/skisa.c +++ b/drivers/net/tokenring/skisa.c -@@ -363,9 +363,11 @@ static int __init sk_isa_init(void) +@@ -362,9 +362,11 @@ static int __init sk_isa_init(void) struct platform_device *pdev; int i, num = 0, err = 0; @@ -36150,7 +35071,7 @@ index 46db5c5..37c1536 100644 err = platform_driver_register(&sk_isa_driver); if (err) diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c -index e1324b4..e1b0041 100644 +index 2d2a688..35f2372 100644 --- a/drivers/net/usb/hso.c +++ b/drivers/net/usb/hso.c @@ -71,7 +71,7 @@ @@ -36250,7 +35171,7 @@ index e1324b4..e1b0041 100644 hso_start_serial_device(serial_table[i], GFP_NOIO); hso_kick_transmit(dev2ser(serial_table[i])); diff --git a/drivers/net/wireless/ath/ath.h b/drivers/net/wireless/ath/ath.h -index efc0111..79c8f5b 100644 +index c54b7d37..af1f359 100644 --- a/drivers/net/wireless/ath/ath.h +++ b/drivers/net/wireless/ath/ath.h @@ -119,6 +119,7 @@ struct ath_ops { @@ -36261,22 +35182,8 @@ index efc0111..79c8f5b 100644 struct ath_common; struct ath_bus_ops; -diff --git a/drivers/net/wireless/ath/ath5k/debug.c b/drivers/net/wireless/ath/ath5k/debug.c -index 8c5ce8b..abf101b 100644 ---- a/drivers/net/wireless/ath/ath5k/debug.c -+++ b/drivers/net/wireless/ath/ath5k/debug.c -@@ -343,6 +343,9 @@ static ssize_t read_file_debug(struct file *file, char __user *user_buf, - - static ssize_t write_file_debug(struct file *file, - const char __user *userbuf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t write_file_debug(struct file *file, -+ const char __user *userbuf, - size_t count, loff_t *ppos) - { - struct ath5k_hw *ah = file->private_data; diff --git a/drivers/net/wireless/ath/ath9k/ar9002_mac.c b/drivers/net/wireless/ath/ath9k/ar9002_mac.c -index 7b6417b..ab5db98 100644 +index aa2abaf..5f5152d 100644 --- a/drivers/net/wireless/ath/ath9k/ar9002_mac.c +++ b/drivers/net/wireless/ath/ath9k/ar9002_mac.c @@ -183,8 +183,8 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) @@ -36359,11 +35266,11 @@ index 7b6417b..ab5db98 100644 | set11nRateFlags(i->rates, 2) | set11nRateFlags(i->rates, 3) diff --git a/drivers/net/wireless/ath/ath9k/ar9003_mac.c b/drivers/net/wireless/ath/ath9k/ar9003_mac.c -index 09b8c9d..905339e 100644 +index a66a13b..0ef399e 100644 --- a/drivers/net/wireless/ath/ath9k/ar9003_mac.c +++ b/drivers/net/wireless/ath/ath9k/ar9003_mac.c -@@ -35,47 +35,47 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) - (i->qcu << AR_TxQcuNum_S) | 0x17; +@@ -39,47 +39,47 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) + (i->qcu << AR_TxQcuNum_S) | desc_len; checksum += val; - ACCESS_ONCE(ads->info) = val; @@ -36425,7 +35332,7 @@ index 09b8c9d..905339e 100644 } ads->ctl20 = 0; -@@ -84,17 +84,17 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) +@@ -89,17 +89,17 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) ctl17 = SM(i->keytype, AR_EncrType); if (!i->is_first) { @@ -36451,7 +35358,7 @@ index 09b8c9d..905339e 100644 | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0) | SM(i->txpower, AR_XmitPower) | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0) -@@ -130,22 +130,22 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) +@@ -135,22 +135,22 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) val = (i->flags & ATH9K_TXDESC_PAPRD) >> ATH9K_TXDESC_PAPRD_S; ctl12 |= SM(val, AR_PAPRDChainMask); @@ -36480,37 +35387,11 @@ index 09b8c9d..905339e 100644 } static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads) -diff --git a/drivers/net/wireless/ath/ath9k/debug.c b/drivers/net/wireless/ath/ath9k/debug.c -index 68d972b..1d9205b 100644 ---- a/drivers/net/wireless/ath/ath9k/debug.c -+++ b/drivers/net/wireless/ath/ath9k/debug.c -@@ -60,6 +60,8 @@ static ssize_t read_file_debug(struct file *file, char __user *user_buf, - } - - static ssize_t write_file_debug(struct file *file, const char __user *user_buf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t write_file_debug(struct file *file, const char __user *user_buf, - size_t count, loff_t *ppos) - { - struct ath_softc *sc = file->private_data; -diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_debug.c b/drivers/net/wireless/ath/ath9k/htc_drv_debug.c -index d3ff33c..c98bcda 100644 ---- a/drivers/net/wireless/ath/ath9k/htc_drv_debug.c -+++ b/drivers/net/wireless/ath/ath9k/htc_drv_debug.c -@@ -464,6 +464,8 @@ static ssize_t read_file_debug(struct file *file, char __user *user_buf, - } - - static ssize_t write_file_debug(struct file *file, const char __user *user_buf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t write_file_debug(struct file *file, const char __user *user_buf, - size_t count, loff_t *ppos) - { - struct ath9k_htc_priv *priv = file->private_data; diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h -index c8261d4..8d88929 100644 +index e88f182..4e57f5d 100644 --- a/drivers/net/wireless/ath/ath9k/hw.h +++ b/drivers/net/wireless/ath/ath9k/hw.h -@@ -773,7 +773,7 @@ struct ath_hw_private_ops { +@@ -614,7 +614,7 @@ struct ath_hw_private_ops { /* ANI */ void (*ani_cache_ini_regs)(struct ath_hw *ah); @@ -36519,7 +35400,7 @@ index c8261d4..8d88929 100644 /** * struct ath_hw_ops - callbacks used by hardware code and driver code -@@ -803,7 +803,7 @@ struct ath_hw_ops { +@@ -644,7 +644,7 @@ struct ath_hw_ops { void (*antdiv_comb_conf_set)(struct ath_hw *ah, struct ath_hw_antcomb_conf *antconf); @@ -36528,7 +35409,7 @@ index c8261d4..8d88929 100644 struct ath_nf_limits { s16 max; -@@ -823,7 +823,7 @@ enum ath_cal_list { +@@ -664,7 +664,7 @@ enum ath_cal_list { #define AH_FASTCC 0x4 struct ath_hw { @@ -36551,40 +35432,25 @@ index af00e2c..ab04d34 100644 struct brcms_phy { struct brcms_phy_pub pubpi_ro; diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c b/drivers/net/wireless/iwlegacy/3945-mac.c -index a2ec369..36fdf14 100644 +index faec404..a5277f1 100644 --- a/drivers/net/wireless/iwlegacy/3945-mac.c +++ b/drivers/net/wireless/iwlegacy/3945-mac.c -@@ -3646,7 +3646,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent) +@@ -3611,7 +3611,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent) */ if (il3945_mod_params.disable_hw_scan) { D_INFO("Disabling hw_scan\n"); -- il3945_hw_ops.hw_scan = NULL; +- il3945_mac_ops.hw_scan = NULL; + pax_open_kernel(); -+ *(void **)&il3945_hw_ops.hw_scan = NULL; ++ *(void **)&il3945_mac_ops.hw_scan = NULL; + pax_close_kernel(); } D_INFO("*** LOAD DRIVER ***\n"); -diff --git a/drivers/net/wireless/iwlwifi/iwl-debug.h b/drivers/net/wireless/iwlwifi/iwl-debug.h -index f8fc239..8cade22 100644 ---- a/drivers/net/wireless/iwlwifi/iwl-debug.h -+++ b/drivers/net/wireless/iwlwifi/iwl-debug.h -@@ -86,8 +86,8 @@ do { \ - } while (0) - - #else --#define IWL_DEBUG(m, level, fmt, args...) --#define IWL_DEBUG_LIMIT(m, level, fmt, args...) -+#define IWL_DEBUG(m, level, fmt, args...) do {} while (0) -+#define IWL_DEBUG_LIMIT(m, level, fmt, args...) do {} while (0) - #define iwl_print_hex_dump(m, level, p, len) - #define IWL_DEBUG_QUIET_RFKILL(p, fmt, args...) \ - do { \ diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c -index 4b9e730..7603659 100644 +index b7ce6a6..5649756 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c -@@ -1677,9 +1677,11 @@ static int __init init_mac80211_hwsim(void) +@@ -1721,9 +1721,11 @@ static int __init init_mac80211_hwsim(void) return -EINVAL; if (fake_hw_scan) { @@ -36600,10 +35466,10 @@ index 4b9e730..7603659 100644 spin_lock_init(&hwsim_radio_lock); diff --git a/drivers/net/wireless/mwifiex/main.h b/drivers/net/wireless/mwifiex/main.h -index 3186aa4..b35b09f 100644 +index 35225e9..95e6bf9 100644 --- a/drivers/net/wireless/mwifiex/main.h +++ b/drivers/net/wireless/mwifiex/main.h -@@ -536,7 +536,7 @@ struct mwifiex_if_ops { +@@ -537,7 +537,7 @@ struct mwifiex_if_ops { void (*cleanup_mpa_buf) (struct mwifiex_adapter *); int (*cmdrsp_complete) (struct mwifiex_adapter *, struct sk_buff *); int (*event_complete) (struct mwifiex_adapter *, struct sk_buff *); @@ -36613,7 +35479,7 @@ index 3186aa4..b35b09f 100644 struct mwifiex_adapter { u8 iface_type; diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c -index a330c69..a81540f 100644 +index d66e298..55b0a89 100644 --- a/drivers/net/wireless/rndis_wlan.c +++ b/drivers/net/wireless/rndis_wlan.c @@ -1278,7 +1278,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold) @@ -36626,7 +35492,7 @@ index a330c69..a81540f 100644 tmp = cpu_to_le32(rts_threshold); diff --git a/drivers/net/wireless/wl1251/wl1251.h b/drivers/net/wireless/wl1251/wl1251.h -index a77f1bb..c608b2b 100644 +index 9d8f581..0f6589e 100644 --- a/drivers/net/wireless/wl1251/wl1251.h +++ b/drivers/net/wireless/wl1251/wl1251.h @@ -266,7 +266,7 @@ struct wl1251_if_operations { @@ -36703,42 +35569,6 @@ index ed2c3ec..deda85a 100644 start_switch_worker(); } -diff --git a/drivers/oprofile/oprofile_files.c b/drivers/oprofile/oprofile_files.c -index 84a208d..f07d177 100644 ---- a/drivers/oprofile/oprofile_files.c -+++ b/drivers/oprofile/oprofile_files.c -@@ -36,6 +36,8 @@ static ssize_t timeout_read(struct file *file, char __user *buf, - - - static ssize_t timeout_write(struct file *file, char const __user *buf, -+ size_t count, loff_t *offset) __size_overflow(3); -+static ssize_t timeout_write(struct file *file, char const __user *buf, - size_t count, loff_t *offset) - { - unsigned long val; -@@ -72,6 +74,7 @@ static ssize_t depth_read(struct file *file, char __user *buf, size_t count, lof - } - - -+static ssize_t depth_write(struct file *file, char const __user *buf, size_t count, loff_t *offset) __size_overflow(3); - static ssize_t depth_write(struct file *file, char const __user *buf, size_t count, loff_t *offset) - { - unsigned long val; -@@ -126,12 +129,14 @@ static const struct file_operations cpu_type_fops = { - }; - - -+static ssize_t enable_read(struct file *file, char __user *buf, size_t count, loff_t *offset) __size_overflow(3); - static ssize_t enable_read(struct file *file, char __user *buf, size_t count, loff_t *offset) - { - return oprofilefs_ulong_to_user(oprofile_started, buf, count, offset); - } - - -+static ssize_t enable_write(struct file *file, char const __user *buf, size_t count, loff_t *offset) __size_overflow(3); - static ssize_t enable_write(struct file *file, char const __user *buf, size_t count, loff_t *offset) - { - unsigned long val; diff --git a/drivers/oprofile/oprofile_stats.c b/drivers/oprofile/oprofile_stats.c index 917d28e..d62d981 100644 --- a/drivers/oprofile/oprofile_stats.c @@ -36782,18 +35612,10 @@ index 38b6fc0..b5cbfce 100644 extern struct oprofile_stat_struct oprofile_stats; diff --git a/drivers/oprofile/oprofilefs.c b/drivers/oprofile/oprofilefs.c -index 2f0aa0f..d5246c3 100644 +index 849357c..b83c1e0 100644 --- a/drivers/oprofile/oprofilefs.c +++ b/drivers/oprofile/oprofilefs.c -@@ -97,6 +97,7 @@ static ssize_t ulong_read_file(struct file *file, char __user *buf, size_t count - } - - -+static ssize_t ulong_write_file(struct file *file, char const __user *buf, size_t count, loff_t *offset) __size_overflow(3); - static ssize_t ulong_write_file(struct file *file, char const __user *buf, size_t count, loff_t *offset) - { - unsigned long value; -@@ -193,7 +194,7 @@ static const struct file_operations atomic_ro_fops = { +@@ -185,7 +185,7 @@ static const struct file_operations atomic_ro_fops = { int oprofilefs_create_ro_atomic(struct super_block *sb, struct dentry *root, @@ -36856,7 +35678,7 @@ index 76ba8a1..20ca857 100644 /* initialize our int15 lock */ diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c -index 2275162..95f1a92 100644 +index b500840..d7159d3 100644 --- a/drivers/pci/pcie/aspm.c +++ b/drivers/pci/pcie/aspm.c @@ -27,9 +27,9 @@ @@ -36873,12 +35695,12 @@ index 2275162..95f1a92 100644 #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c -index 71eac9c..2de27ef 100644 +index 5e1ca3c..08082fe 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c -@@ -136,7 +136,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, - u32 l, sz, mask; +@@ -215,7 +215,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, u16 orig_cmd; + struct pci_bus_region region; - mask = type ? PCI_ROM_ADDRESS_MASK : ~0; + mask = type ? (u32)PCI_ROM_ADDRESS_MASK : ~0; @@ -36906,21 +35728,8 @@ index 27911b5..5b6db88 100644 proc_create("devices", 0, proc_bus_pci_dir, &proc_bus_pci_dev_operations); proc_initialized = 1; -diff --git a/drivers/platform/x86/asus_acpi.c b/drivers/platform/x86/asus_acpi.c -index 6f966d6..68e18ed 100644 ---- a/drivers/platform/x86/asus_acpi.c -+++ b/drivers/platform/x86/asus_acpi.c -@@ -887,6 +887,8 @@ static int lcd_proc_open(struct inode *inode, struct file *file) - } - - static ssize_t lcd_proc_write(struct file *file, const char __user *buffer, -+ size_t count, loff_t *pos) __size_overflow(3); -+static ssize_t lcd_proc_write(struct file *file, const char __user *buffer, - size_t count, loff_t *pos) - { - int rv, value; diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c -index ea0c607..58c4628 100644 +index d68c000..f6094ca 100644 --- a/drivers/platform/x86/thinkpad_acpi.c +++ b/drivers/platform/x86/thinkpad_acpi.c @@ -2094,7 +2094,7 @@ static int hotkey_mask_get(void) @@ -37051,24 +35860,11 @@ index ea0c607..58c4628 100644 /* * Polling driver -diff --git a/drivers/platform/x86/toshiba_acpi.c b/drivers/platform/x86/toshiba_acpi.c -index dcdc1f4..85cee16 100644 ---- a/drivers/platform/x86/toshiba_acpi.c -+++ b/drivers/platform/x86/toshiba_acpi.c -@@ -517,6 +517,8 @@ static int set_lcd_status(struct backlight_device *bd) - } - - static ssize_t lcd_proc_write(struct file *file, const char __user *buf, -+ size_t count, loff_t *pos) __size_overflow(3); -+static ssize_t lcd_proc_write(struct file *file, const char __user *buf, - size_t count, loff_t *pos) - { - struct toshiba_acpi_dev *dev = PDE(file->f_path.dentry->d_inode)->data; diff --git a/drivers/pnp/pnpbios/bioscalls.c b/drivers/pnp/pnpbios/bioscalls.c -index b859d16..5cc6b1a 100644 +index 769d265..a3a05ca 100644 --- a/drivers/pnp/pnpbios/bioscalls.c +++ b/drivers/pnp/pnpbios/bioscalls.c -@@ -59,7 +59,7 @@ do { \ +@@ -58,7 +58,7 @@ do { \ set_desc_limit(&gdt[(selname) >> 3], (size) - 1); \ } while(0) @@ -37077,7 +35873,7 @@ index b859d16..5cc6b1a 100644 (unsigned long)__va(0x400UL), PAGE_SIZE - 0x400 - 1); /* -@@ -96,7 +96,10 @@ static inline u16 call_pnp_bios(u16 func, u16 arg1, u16 arg2, u16 arg3, +@@ -95,7 +95,10 @@ static inline u16 call_pnp_bios(u16 func, u16 arg1, u16 arg2, u16 arg3, cpu = get_cpu(); save_desc_40 = get_cpu_gdt_table(cpu)[0x40 / 8]; @@ -37088,7 +35884,7 @@ index b859d16..5cc6b1a 100644 /* On some boxes IRQ's during PnP BIOS calls are deadly. */ spin_lock_irqsave(&pnp_bios_lock, flags); -@@ -134,7 +137,10 @@ static inline u16 call_pnp_bios(u16 func, u16 arg1, u16 arg2, u16 arg3, +@@ -133,7 +136,10 @@ static inline u16 call_pnp_bios(u16 func, u16 arg1, u16 arg2, u16 arg3, :"memory"); spin_unlock_irqrestore(&pnp_bios_lock, flags); @@ -37099,7 +35895,7 @@ index b859d16..5cc6b1a 100644 put_cpu(); /* If we get here and this is set then the PnP BIOS faulted on us. */ -@@ -468,7 +474,7 @@ int pnp_bios_read_escd(char *data, u32 nvram_base) +@@ -467,7 +473,7 @@ int pnp_bios_read_escd(char *data, u32 nvram_base) return status; } @@ -37108,7 +35904,7 @@ index b859d16..5cc6b1a 100644 { int i; -@@ -476,6 +482,8 @@ void pnpbios_calls_init(union pnp_bios_install_struct *header) +@@ -475,6 +481,8 @@ void pnpbios_calls_init(union pnp_bios_install_struct *header) pnp_bios_callpoint.offset = header->fields.pm16offset; pnp_bios_callpoint.segment = PNP_CS16; @@ -37117,7 +35913,7 @@ index b859d16..5cc6b1a 100644 for_each_possible_cpu(i) { struct desc_struct *gdt = get_cpu_gdt_table(i); if (!gdt) -@@ -487,4 +495,6 @@ void pnpbios_calls_init(union pnp_bios_install_struct *header) +@@ -486,4 +494,6 @@ void pnpbios_calls_init(union pnp_bios_install_struct *header) set_desc_base(&gdt[GDT_ENTRY_PNPBIOS_DS], (unsigned long)__va(header->fields.pm16dseg)); } @@ -37147,7 +35943,7 @@ index b0ecacb..7c9da2e 100644 /* check if the resource is reserved */ diff --git a/drivers/power/bq27x00_battery.c b/drivers/power/bq27x00_battery.c -index 1ed6ea0..77c0bd2 100644 +index 222ccd8..6275fa5 100644 --- a/drivers/power/bq27x00_battery.c +++ b/drivers/power/bq27x00_battery.c @@ -72,7 +72,7 @@ @@ -37160,10 +35956,10 @@ index 1ed6ea0..77c0bd2 100644 enum bq27x00_chip { BQ27000, BQ27500 }; diff --git a/drivers/regulator/max8660.c b/drivers/regulator/max8660.c -index a838e66..a9e1665 100644 +index 4c5b053..104263e 100644 --- a/drivers/regulator/max8660.c +++ b/drivers/regulator/max8660.c -@@ -383,8 +383,10 @@ static int __devinit max8660_probe(struct i2c_client *client, +@@ -385,8 +385,10 @@ static int __devinit max8660_probe(struct i2c_client *client, max8660->shadow_regs[MAX8660_OVER1] = 5; } else { /* Otherwise devices can be toggled via software */ @@ -37177,7 +35973,7 @@ index a838e66..a9e1665 100644 /* diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c -index e8cfc99..072aee2 100644 +index 845aa22..99ec402 100644 --- a/drivers/regulator/mc13892-regulator.c +++ b/drivers/regulator/mc13892-regulator.c @@ -574,10 +574,12 @@ static int __devinit mc13892_regulator_probe(struct platform_device *pdev) @@ -37217,7 +36013,7 @@ index cace6d3..f623fda 100644 case RTC_PIE_ON: diff --git a/drivers/scsi/aacraid/aacraid.h b/drivers/scsi/aacraid/aacraid.h -index ffb5878..e6d785c 100644 +index 3fcf627..f334910 100644 --- a/drivers/scsi/aacraid/aacraid.h +++ b/drivers/scsi/aacraid/aacraid.h @@ -492,7 +492,7 @@ struct adapter_ops @@ -37230,7 +36026,7 @@ index ffb5878..e6d785c 100644 /* * Define which interrupt handler needs to be installed diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c -index 705e13e..91c873c 100644 +index 0d279c44..3d25a97 100644 --- a/drivers/scsi/aacraid/linit.c +++ b/drivers/scsi/aacraid/linit.c @@ -93,7 +93,7 @@ static DECLARE_PCI_DEVICE_TABLE(aac_pci_tbl) = { @@ -37243,11 +36039,11 @@ index 705e13e..91c873c 100644 { 0x1028, 0x0001, 0x1028, 0x0001, 0, 0, 0 }, /* PERC 2/Si (Iguana/PERC2Si) */ { 0x1028, 0x0002, 0x1028, 0x0002, 0, 0, 1 }, /* PERC 3/Di (Opal/PERC3Di) */ diff --git a/drivers/scsi/aic94xx/aic94xx_init.c b/drivers/scsi/aic94xx/aic94xx_init.c -index d5ff142..49c0ebb 100644 +index ff80552..1c4120c 100644 --- a/drivers/scsi/aic94xx/aic94xx_init.c +++ b/drivers/scsi/aic94xx/aic94xx_init.c @@ -1012,7 +1012,7 @@ static struct sas_domain_function_template aic94xx_transport_functions = { - .lldd_control_phy = asd_control_phy, + .lldd_ata_set_dmamode = asd_set_dmamode, }; -static const struct pci_device_id aic94xx_pci_table[] __devinitdata = { @@ -37256,7 +36052,7 @@ index d5ff142..49c0ebb 100644 {PCI_DEVICE(PCI_VENDOR_ID_ADAPTEC2, 0x412),0, 0, 1}, {PCI_DEVICE(PCI_VENDOR_ID_ADAPTEC2, 0x416),0, 0, 1}, diff --git a/drivers/scsi/bfa/bfa.h b/drivers/scsi/bfa/bfa.h -index a796de9..1ef20e1 100644 +index 4ad7e36..d004679 100644 --- a/drivers/scsi/bfa/bfa.h +++ b/drivers/scsi/bfa/bfa.h @@ -196,7 +196,7 @@ struct bfa_hwif_s { @@ -37312,7 +36108,7 @@ index 36f26da..38a34a8 100644 int num_fwtio_reqs; int num_itns; diff --git a/drivers/scsi/bfa/bfa_ioc.h b/drivers/scsi/bfa/bfa_ioc.h -index 546d46b..642fa5b 100644 +index 1a99d4b..e85d64b 100644 --- a/drivers/scsi/bfa/bfa_ioc.h +++ b/drivers/scsi/bfa/bfa_ioc.h @@ -258,7 +258,7 @@ struct bfa_ioc_cbfn_s { @@ -37334,7 +36130,7 @@ index 546d46b..642fa5b 100644 /* * Queue element to wait for room in request queue. FIFO order is diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c -index 351dc0b..951dc32 100644 +index a3a056a..b9bbc2f 100644 --- a/drivers/scsi/hosts.c +++ b/drivers/scsi/hosts.c @@ -42,7 +42,7 @@ @@ -37346,7 +36142,7 @@ index 351dc0b..951dc32 100644 static void scsi_host_cls_release(struct device *dev) -@@ -357,7 +357,7 @@ struct Scsi_Host *scsi_host_alloc(struct scsi_host_template *sht, int privsize) +@@ -360,7 +360,7 @@ struct Scsi_Host *scsi_host_alloc(struct scsi_host_template *sht, int privsize) * subtract one because we increment first then return, but we need to * know what the next host number was before increment */ @@ -37356,10 +36152,10 @@ index 351dc0b..951dc32 100644 /* These three are default values which can be overridden */ diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c -index b96962c..0c82ec2 100644 +index 500e20d..ebd3059 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c -@@ -507,7 +507,7 @@ static inline u32 next_command(struct ctlr_info *h) +@@ -521,7 +521,7 @@ static inline u32 next_command(struct ctlr_info *h) u32 a; if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant))) @@ -37368,7 +36164,7 @@ index b96962c..0c82ec2 100644 if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) { a = *(h->reply_pool_head); /* Next cmd in ring buffer */ -@@ -2991,7 +2991,7 @@ static void start_io(struct ctlr_info *h) +@@ -3002,7 +3002,7 @@ static void start_io(struct ctlr_info *h) while (!list_empty(&h->reqQ)) { c = list_entry(h->reqQ.next, struct CommandList, list); /* can't do anything if fifo is full */ @@ -37377,7 +36173,7 @@ index b96962c..0c82ec2 100644 dev_warn(&h->pdev->dev, "fifo full\n"); break; } -@@ -3001,7 +3001,7 @@ static void start_io(struct ctlr_info *h) +@@ -3012,7 +3012,7 @@ static void start_io(struct ctlr_info *h) h->Qdepth--; /* Tell the controller execute command */ @@ -37386,7 +36182,7 @@ index b96962c..0c82ec2 100644 /* Put job onto the completed Q */ addQ(&h->cmpQ, c); -@@ -3010,17 +3010,17 @@ static void start_io(struct ctlr_info *h) +@@ -3021,17 +3021,17 @@ static void start_io(struct ctlr_info *h) static inline unsigned long get_next_completion(struct ctlr_info *h) { @@ -37407,7 +36203,7 @@ index b96962c..0c82ec2 100644 (h->interrupts_enabled == 0); } -@@ -3919,7 +3919,7 @@ static int __devinit hpsa_pci_init(struct ctlr_info *h) +@@ -3930,7 +3930,7 @@ static int __devinit hpsa_pci_init(struct ctlr_info *h) if (prod_index < 0) return -ENODEV; h->product_name = products[prod_index].product_name; @@ -37416,7 +36212,7 @@ index b96962c..0c82ec2 100644 if (hpsa_board_disabled(h->pdev)) { dev_warn(&h->pdev->dev, "controller appears to be disabled\n"); -@@ -4164,7 +4164,7 @@ static void controller_lockup_detected(struct ctlr_info *h) +@@ -4175,7 +4175,7 @@ static void controller_lockup_detected(struct ctlr_info *h) assert_spin_locked(&lockup_detector_lock); remove_ctlr_from_lockup_detector_list(h); @@ -37425,7 +36221,7 @@ index b96962c..0c82ec2 100644 spin_lock_irqsave(&h->lock, flags); h->lockup_detected = readl(h->vaddr + SA5_SCRATCHPAD_OFFSET); spin_unlock_irqrestore(&h->lock, flags); -@@ -4344,7 +4344,7 @@ reinit_after_soft_reset: +@@ -4355,7 +4355,7 @@ reinit_after_soft_reset: } /* make sure the board interrupts are off */ @@ -37434,7 +36230,7 @@ index b96962c..0c82ec2 100644 if (hpsa_request_irq(h, do_hpsa_intr_msi, do_hpsa_intr_intx)) goto clean2; -@@ -4378,7 +4378,7 @@ reinit_after_soft_reset: +@@ -4389,7 +4389,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); @@ -37443,7 +36239,7 @@ index b96962c..0c82ec2 100644 spin_unlock_irqrestore(&h->lock, flags); free_irq(h->intr[h->intr_mode], h); rc = hpsa_request_irq(h, hpsa_msix_discard_completions, -@@ -4397,9 +4397,9 @@ reinit_after_soft_reset: +@@ -4408,9 +4408,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -37455,7 +36251,7 @@ index b96962c..0c82ec2 100644 rc = controller_reset_failed(h->cfgtable); if (rc) -@@ -4420,7 +4420,7 @@ reinit_after_soft_reset: +@@ -4431,7 +4431,7 @@ reinit_after_soft_reset: } /* Turn the interrupts on so we can service requests */ @@ -37464,7 +36260,7 @@ index b96962c..0c82ec2 100644 hpsa_hba_inquiry(h); hpsa_register_scsi(h); /* hook ourselves into SCSI subsystem */ -@@ -4472,7 +4472,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) +@@ -4483,7 +4483,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) * To write all data in the battery backed cache to disks */ hpsa_flush_cache(h); @@ -37473,7 +36269,7 @@ index b96962c..0c82ec2 100644 free_irq(h->intr[h->intr_mode], h); #ifdef CONFIG_PCI_MSI if (h->msix_vector) -@@ -4636,7 +4636,7 @@ static __devinit void hpsa_enter_performant_mode(struct ctlr_info *h, +@@ -4657,7 +4657,7 @@ static __devinit void hpsa_enter_performant_mode(struct ctlr_info *h, return; } /* Change the access methods to the performant access methods */ @@ -37483,10 +36279,10 @@ index b96962c..0c82ec2 100644 } diff --git a/drivers/scsi/hpsa.h b/drivers/scsi/hpsa.h -index 91edafb..a9b88ec 100644 +index 7b28d54..952f23a 100644 --- a/drivers/scsi/hpsa.h +++ b/drivers/scsi/hpsa.h -@@ -73,7 +73,7 @@ struct ctlr_info { +@@ -72,7 +72,7 @@ struct ctlr_info { unsigned int msix_vector; unsigned int msi_vector; int intr_mode; /* either PERF_MODE_INT or SIMPLE_MODE_INT */ @@ -37509,7 +36305,7 @@ index f2df059..a3a9930 100644 typedef struct ips_ha { uint8_t ha_id[IPS_MAX_CHANNELS+1]; diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c -index 4d70d96..84d0573 100644 +index aceffad..c35c08d 100644 --- a/drivers/scsi/libfc/fc_exch.c +++ b/drivers/scsi/libfc/fc_exch.c @@ -105,12 +105,12 @@ struct fc_exch_mgr { @@ -37634,10 +36430,10 @@ index 4d70d96..84d0573 100644 fc_frame_free(fp); } diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c -index db9238f..4378ed2 100644 +index 441d88a..689ad71 100644 --- a/drivers/scsi/libsas/sas_ata.c +++ b/drivers/scsi/libsas/sas_ata.c -@@ -368,7 +368,7 @@ static struct ata_port_operations sas_sata_ops = { +@@ -529,7 +529,7 @@ static struct ata_port_operations sas_sata_ops = { .postreset = ata_std_postreset, .error_handler = ata_std_error_handler, .post_internal_cmd = sas_ata_post_internal, @@ -37647,7 +36443,7 @@ index db9238f..4378ed2 100644 .qc_issue = sas_ata_qc_issue, .qc_fill_rtf = sas_ata_qc_fill_rtf, diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h -index 825f930..ce42672 100644 +index 3a1ffdd..8eb7c71 100644 --- a/drivers/scsi/lpfc/lpfc.h +++ b/drivers/scsi/lpfc/lpfc.h @@ -413,7 +413,7 @@ struct lpfc_vport { @@ -37659,7 +36455,7 @@ index 825f930..ce42672 100644 #endif uint8_t stat_data_enabled; uint8_t stat_data_blocked; -@@ -821,8 +821,8 @@ struct lpfc_hba { +@@ -826,8 +826,8 @@ struct lpfc_hba { struct timer_list fabric_block_timer; unsigned long bit_flags; #define FABRIC_COMANDS_BLOCKED 0 @@ -37670,7 +36466,7 @@ index 825f930..ce42672 100644 unsigned long last_rsrc_error_time; unsigned long last_ramp_down_time; unsigned long last_ramp_up_time; -@@ -852,7 +852,7 @@ struct lpfc_hba { +@@ -863,7 +863,7 @@ struct lpfc_hba { struct dentry *debug_slow_ring_trc; struct lpfc_debugfs_trc *slow_ring_trc; @@ -37680,7 +36476,7 @@ index 825f930..ce42672 100644 struct dentry *idiag_root; struct dentry *idiag_pci_cfg; diff --git a/drivers/scsi/lpfc/lpfc_debugfs.c b/drivers/scsi/lpfc/lpfc_debugfs.c -index 3587a3f..d45b81b 100644 +index af04b0d..8f1a97e 100644 --- a/drivers/scsi/lpfc/lpfc_debugfs.c +++ b/drivers/scsi/lpfc/lpfc_debugfs.c @@ -106,7 +106,7 @@ MODULE_PARM_DESC(lpfc_debugfs_mask_disc_trc, @@ -37744,7 +36540,7 @@ index 3587a3f..d45b81b 100644 dtp->jif = jiffies; #endif return; -@@ -4040,7 +4040,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) +@@ -4090,7 +4090,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) "slow_ring buffer\n"); goto debug_failed; } @@ -37753,7 +36549,7 @@ index 3587a3f..d45b81b 100644 memset(phba->slow_ring_trc, 0, (sizeof(struct lpfc_debugfs_trc) * lpfc_debugfs_max_slow_ring_trc)); -@@ -4086,7 +4086,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) +@@ -4136,7 +4136,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) "buffer\n"); goto debug_failed; } @@ -37763,11 +36559,11 @@ index 3587a3f..d45b81b 100644 snprintf(name, sizeof(name), "discovery_trace"); vport->debug_disc_trc = diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c -index dfea2da..8e17227 100644 +index 9598fdc..7e9f3d9 100644 --- a/drivers/scsi/lpfc/lpfc_init.c +++ b/drivers/scsi/lpfc/lpfc_init.c -@@ -10145,8 +10145,10 @@ lpfc_init(void) - printk(LPFC_COPYRIGHT "\n"); +@@ -10266,8 +10266,10 @@ lpfc_init(void) + "misc_register returned with status %d", error); if (lpfc_enable_npiv) { - lpfc_transport_functions.vport_create = lpfc_vport_create; @@ -37780,10 +36576,10 @@ index dfea2da..8e17227 100644 lpfc_transport_template = fc_attach_transport(&lpfc_transport_functions); diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c -index c60f5d0..751535c 100644 +index 88f3a83..686d3fa 100644 --- a/drivers/scsi/lpfc/lpfc_scsi.c +++ b/drivers/scsi/lpfc/lpfc_scsi.c -@@ -305,7 +305,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba) +@@ -311,7 +311,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba) uint32_t evt_posted; spin_lock_irqsave(&phba->hbalock, flags); @@ -37792,7 +36588,7 @@ index c60f5d0..751535c 100644 phba->last_rsrc_error_time = jiffies; if ((phba->last_ramp_down_time + QUEUE_RAMP_DOWN_INTERVAL) > jiffies) { -@@ -346,7 +346,7 @@ lpfc_rampup_queue_depth(struct lpfc_vport *vport, +@@ -352,7 +352,7 @@ lpfc_rampup_queue_depth(struct lpfc_vport *vport, unsigned long flags; struct lpfc_hba *phba = vport->phba; uint32_t evt_posted; @@ -37801,7 +36597,7 @@ index c60f5d0..751535c 100644 if (vport->cfg_lun_queue_depth <= queue_depth) return; -@@ -390,8 +390,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) +@@ -396,8 +396,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) unsigned long num_rsrc_err, num_cmd_success; int i; @@ -37812,7 +36608,7 @@ index c60f5d0..751535c 100644 vports = lpfc_create_vport_work_array(phba); if (vports != NULL) -@@ -411,8 +411,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) +@@ -417,8 +417,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) } } lpfc_destroy_vport_work_array(phba, vports); @@ -37823,7 +36619,7 @@ index c60f5d0..751535c 100644 } /** -@@ -446,8 +446,8 @@ lpfc_ramp_up_queue_handler(struct lpfc_hba *phba) +@@ -452,8 +452,8 @@ lpfc_ramp_up_queue_handler(struct lpfc_hba *phba) } } lpfc_destroy_vport_work_array(phba, vports); @@ -37909,7 +36705,7 @@ index ea8a0b4..812a124 100644 return rc; diff --git a/drivers/scsi/pmcraid.h b/drivers/scsi/pmcraid.h -index ca496c7..9c791d5 100644 +index e1d150f..6c6df44 100644 --- a/drivers/scsi/pmcraid.h +++ b/drivers/scsi/pmcraid.h @@ -748,7 +748,7 @@ struct pmcraid_instance { @@ -37942,10 +36738,10 @@ index ca496c7..9c791d5 100644 /* To indicate add/delete/modify during CCN */ u8 change_detected; diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h -index af1003f..be55a75 100644 +index a244303..6015eb7 100644 --- a/drivers/scsi/qla2xxx/qla_def.h +++ b/drivers/scsi/qla2xxx/qla_def.h -@@ -2247,7 +2247,7 @@ struct isp_operations { +@@ -2264,7 +2264,7 @@ struct isp_operations { int (*start_scsi) (srb_t *); int (*abort_isp) (struct scsi_qla_host *); int (*iospace_config)(struct qla_hw_data*); @@ -37955,10 +36751,10 @@ index af1003f..be55a75 100644 /* MSI-X Support *************************************************************/ diff --git a/drivers/scsi/qla4xxx/ql4_def.h b/drivers/scsi/qla4xxx/ql4_def.h -index bfe6854..ceac088 100644 +index 7f2492e..5113877 100644 --- a/drivers/scsi/qla4xxx/ql4_def.h +++ b/drivers/scsi/qla4xxx/ql4_def.h -@@ -261,7 +261,7 @@ struct ddb_entry { +@@ -268,7 +268,7 @@ struct ddb_entry { * (4000 only) */ atomic_t relogin_timer; /* Max Time to wait for * relogin to complete */ @@ -37968,10 +36764,10 @@ index bfe6854..ceac088 100644 uint32_t default_time2wait; /* Default Min time between * relogins (+aens) */ diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c -index ce6d3b7..73fac54 100644 +index ee47820..a83b1f4 100644 --- a/drivers/scsi/qla4xxx/ql4_os.c +++ b/drivers/scsi/qla4xxx/ql4_os.c -@@ -2178,12 +2178,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess) +@@ -2551,12 +2551,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess) */ if (!iscsi_is_session_online(cls_sess)) { /* Reset retry relogin timer */ @@ -37986,7 +36782,7 @@ index ce6d3b7..73fac54 100644 ddb_entry->default_time2wait + 4)); set_bit(DPC_RELOGIN_DEVICE, &ha->dpc_flags); atomic_set(&ddb_entry->retry_relogin_timer, -@@ -3953,7 +3953,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha, +@@ -4453,7 +4453,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha, atomic_set(&ddb_entry->retry_relogin_timer, INVALID_ENTRY); atomic_set(&ddb_entry->relogin_timer, 0); @@ -37996,7 +36792,7 @@ index ce6d3b7..73fac54 100644 ddb_entry->default_relogin_timeout = (def_timeout > LOGIN_TOV) && (def_timeout < LOGIN_TOV * 10) ? diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c -index 2aeb2e9..46e3925 100644 +index 07322ec..91ccc23 100644 --- a/drivers/scsi/scsi.c +++ b/drivers/scsi/scsi.c @@ -655,7 +655,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd) @@ -38009,10 +36805,10 @@ index 2aeb2e9..46e3925 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index b2c95db..227d74e 100644 +index 4037fd5..a19fcc7 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c -@@ -1411,7 +1411,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) +@@ -1415,7 +1415,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) shost = sdev->host; scsi_init_cmd_errh(cmd); cmd->result = DID_NO_CONNECT << 16; @@ -38021,7 +36817,7 @@ index b2c95db..227d74e 100644 /* * SCSI request completion path will do scsi_device_unbusy(), -@@ -1437,9 +1437,9 @@ static void scsi_softirq_done(struct request *rq) +@@ -1441,9 +1441,9 @@ static void scsi_softirq_done(struct request *rq) INIT_LIST_HEAD(&cmd->eh_entry); @@ -38060,10 +36856,10 @@ index 84a1fdf..693b0d6 100644 /* * TODO: need to fixup sg_tablesize, max_segment_size, diff --git a/drivers/scsi/scsi_transport_fc.c b/drivers/scsi/scsi_transport_fc.c -index f59d4a0..1d89407 100644 +index 80fbe2a..efa223b 100644 --- a/drivers/scsi/scsi_transport_fc.c +++ b/drivers/scsi/scsi_transport_fc.c -@@ -484,7 +484,7 @@ static DECLARE_TRANSPORT_CLASS(fc_vport_class, +@@ -498,7 +498,7 @@ static DECLARE_TRANSPORT_CLASS(fc_vport_class, * Netlink Infrastructure */ @@ -38072,7 +36868,7 @@ index f59d4a0..1d89407 100644 /** * fc_get_event_number - Obtain the next sequential FC event number -@@ -497,7 +497,7 @@ static atomic_t fc_event_seq; +@@ -511,7 +511,7 @@ static atomic_t fc_event_seq; u32 fc_get_event_number(void) { @@ -38081,7 +36877,7 @@ index f59d4a0..1d89407 100644 } EXPORT_SYMBOL(fc_get_event_number); -@@ -645,7 +645,7 @@ static __init int fc_transport_init(void) +@@ -659,7 +659,7 @@ static __init int fc_transport_init(void) { int error; @@ -38090,7 +36886,7 @@ index f59d4a0..1d89407 100644 error = transport_class_register(&fc_host_class); if (error) -@@ -835,7 +835,7 @@ static int fc_str_to_dev_loss(const char *buf, unsigned long *val) +@@ -849,7 +849,7 @@ static int fc_str_to_dev_loss(const char *buf, unsigned long *val) char *cp; *val = simple_strtoul(buf, &cp, 0); @@ -38100,7 +36896,7 @@ index f59d4a0..1d89407 100644 /* * Check for overflow; dev_loss_tmo is u32 diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c -index e3e3c7d..ebdab62 100644 +index 1cf640e..78e9014 100644 --- a/drivers/scsi/scsi_transport_iscsi.c +++ b/drivers/scsi/scsi_transport_iscsi.c @@ -79,7 +79,7 @@ struct iscsi_internal { @@ -38112,7 +36908,7 @@ index e3e3c7d..ebdab62 100644 static struct workqueue_struct *iscsi_eh_timer_workq; static DEFINE_IDA(iscsi_sess_ida); -@@ -1063,7 +1063,7 @@ int iscsi_add_session(struct iscsi_cls_session *session, unsigned int target_id) +@@ -1064,7 +1064,7 @@ int iscsi_add_session(struct iscsi_cls_session *session, unsigned int target_id) int err; ihost = shost->shost_data; @@ -38121,7 +36917,7 @@ index e3e3c7d..ebdab62 100644 if (target_id == ISCSI_MAX_TARGET) { id = ida_simple_get(&iscsi_sess_ida, 0, 0, GFP_KERNEL); -@@ -2680,7 +2680,7 @@ static __init int iscsi_transport_init(void) +@@ -2940,7 +2940,7 @@ static __init int iscsi_transport_init(void) printk(KERN_INFO "Loading iSCSI transport class v%s.\n", ISCSI_TRANSPORT_VERSION); @@ -38192,24 +36988,11 @@ index eacd46b..e3f4d62 100644 umode_t mask = leaf->fops->write ? S_IRUGO | S_IWUSR : S_IRUGO; proc_create(leaf->name, mask, sg_proc_sgp, leaf->fops); } -diff --git a/drivers/spi/spi-dw-pci.c b/drivers/spi/spi-dw-pci.c -index f64250e..1ee3049 100644 ---- a/drivers/spi/spi-dw-pci.c -+++ b/drivers/spi/spi-dw-pci.c -@@ -149,7 +149,7 @@ static int spi_resume(struct pci_dev *pdev) - #define spi_resume NULL - #endif - --static const struct pci_device_id pci_ids[] __devinitdata = { -+static const struct pci_device_id pci_ids[] __devinitconst = { - /* Intel MID platform SPI controller 0 */ - { PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x0800) }, - {}, diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c -index b2ccdea..84cde75 100644 +index 3d8f662..070f1a5 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c -@@ -1024,7 +1024,7 @@ int spi_bus_unlock(struct spi_master *master) +@@ -1361,7 +1361,7 @@ int spi_bus_unlock(struct spi_master *master) EXPORT_SYMBOL_GPL(spi_bus_unlock); /* portable code must never pass more than 32 bytes */ @@ -38219,10 +37002,10 @@ index b2ccdea..84cde75 100644 static u8 *buf; diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c -index 400df8c..065d4f4 100644 +index d91751f..a3a9e36 100644 --- a/drivers/staging/octeon/ethernet-rx.c +++ b/drivers/staging/octeon/ethernet-rx.c -@@ -420,11 +420,11 @@ static int cvm_oct_napi_poll(struct napi_struct *napi, int budget) +@@ -421,11 +421,11 @@ static int cvm_oct_napi_poll(struct napi_struct *napi, int budget) /* Increment RX stats for virtual ports */ if (work->ipprt >= CVMX_PIP_NUM_INPUT_PORTS) { #ifdef CONFIG_64BIT @@ -38238,7 +37021,7 @@ index 400df8c..065d4f4 100644 #endif } netif_receive_skb(skb); -@@ -436,9 +436,9 @@ static int cvm_oct_napi_poll(struct napi_struct *napi, int budget) +@@ -437,9 +437,9 @@ static int cvm_oct_napi_poll(struct napi_struct *napi, int budget) dev->name); */ #ifdef CONFIG_64BIT @@ -38251,10 +37034,10 @@ index 400df8c..065d4f4 100644 dev_kfree_skb_irq(skb); } diff --git a/drivers/staging/octeon/ethernet.c b/drivers/staging/octeon/ethernet.c -index 9112cd8..92f8d51 100644 +index 60cba81..71eb239 100644 --- a/drivers/staging/octeon/ethernet.c +++ b/drivers/staging/octeon/ethernet.c -@@ -258,11 +258,11 @@ static struct net_device_stats *cvm_oct_common_get_stats(struct net_device *dev) +@@ -259,11 +259,11 @@ static struct net_device_stats *cvm_oct_common_get_stats(struct net_device *dev) * since the RX tasklet also increments it. */ #ifdef CONFIG_64BIT @@ -38270,34 +37053,8 @@ index 9112cd8..92f8d51 100644 #endif } -diff --git a/drivers/staging/rtl8192e/rtllib_module.c b/drivers/staging/rtl8192e/rtllib_module.c -index f9dae95..ff48901 100644 ---- a/drivers/staging/rtl8192e/rtllib_module.c -+++ b/drivers/staging/rtl8192e/rtllib_module.c -@@ -215,6 +215,8 @@ static int show_debug_level(char *page, char **start, off_t offset, - } - - static int store_debug_level(struct file *file, const char __user *buffer, -+ unsigned long count, void *data) __size_overflow(3); -+static int store_debug_level(struct file *file, const char __user *buffer, - unsigned long count, void *data) - { - char buf[] = "0x00000000"; -diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c b/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c -index e3d47bc..85f4d0d 100644 ---- a/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c -+++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c -@@ -250,6 +250,8 @@ static int show_debug_level(char *page, char **start, off_t offset, - } - - static int store_debug_level(struct file *file, const char *buffer, -+ unsigned long count, void *data) __size_overflow(3); -+static int store_debug_level(struct file *file, const char *buffer, - unsigned long count, void *data) - { - char buf[] = "0x00000000"; diff --git a/drivers/staging/rtl8712/rtl871x_io.h b/drivers/staging/rtl8712/rtl871x_io.h -index 86308a0..feaa925 100644 +index d3d8727..f9327bb8 100644 --- a/drivers/staging/rtl8712/rtl871x_io.h +++ b/drivers/staging/rtl8712/rtl871x_io.h @@ -108,7 +108,7 @@ struct _io_ops { @@ -38340,7 +37097,7 @@ index 42cdafe..2769103 100644 ch = synth_buffer_getc(); } diff --git a/drivers/staging/usbip/usbip_common.h b/drivers/staging/usbip/usbip_common.h -index b8f8c48..1fc5025 100644 +index c7b888c..c94be93 100644 --- a/drivers/staging/usbip/usbip_common.h +++ b/drivers/staging/usbip/usbip_common.h @@ -289,7 +289,7 @@ struct usbip_device { @@ -38366,10 +37123,10 @@ index 88b3298..3783eee 100644 /* * NOTE: diff --git a/drivers/staging/usbip/vhci_hcd.c b/drivers/staging/usbip/vhci_hcd.c -index 2ee97e2..0420b86 100644 +index dca9bf1..80735c9 100644 --- a/drivers/staging/usbip/vhci_hcd.c +++ b/drivers/staging/usbip/vhci_hcd.c -@@ -527,7 +527,7 @@ static void vhci_tx_urb(struct urb *urb) +@@ -488,7 +488,7 @@ static void vhci_tx_urb(struct urb *urb) return; } @@ -38378,7 +37135,7 @@ index 2ee97e2..0420b86 100644 if (priv->seqnum == 0xffff) dev_info(&urb->dev->dev, "seqnum max\n"); -@@ -779,7 +779,7 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) +@@ -740,7 +740,7 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) return -ENOMEM; } @@ -38387,7 +37144,7 @@ index 2ee97e2..0420b86 100644 if (unlink->seqnum == 0xffff) pr_info("seqnum max\n"); -@@ -969,7 +969,7 @@ static int vhci_start(struct usb_hcd *hcd) +@@ -928,7 +928,7 @@ static int vhci_start(struct usb_hcd *hcd) vdev->rhport = rhport; } @@ -38397,7 +37154,7 @@ index 2ee97e2..0420b86 100644 hcd->power_budget = 0; /* no limit */ diff --git a/drivers/staging/usbip/vhci_rx.c b/drivers/staging/usbip/vhci_rx.c -index 3f511b4..d3dbc1e 100644 +index f5fba732..210a16c 100644 --- a/drivers/staging/usbip/vhci_rx.c +++ b/drivers/staging/usbip/vhci_rx.c @@ -77,7 +77,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, @@ -38505,7 +37262,7 @@ index 1ca66ea..76f1343 100644 void tmem_register_pamops(struct tmem_pamops *m) { diff --git a/drivers/staging/zcache/tmem.h b/drivers/staging/zcache/tmem.h -index ed147c4..94fc3c6 100644 +index 0d4aa82..f7832d4 100644 --- a/drivers/staging/zcache/tmem.h +++ b/drivers/staging/zcache/tmem.h @@ -180,6 +180,7 @@ struct tmem_pamops { @@ -38524,55 +37281,24 @@ index ed147c4..94fc3c6 100644 extern void tmem_register_hostops(struct tmem_hostops *m); /* core tmem accessor functions */ -diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c -index 97c74ee..7f6d77d 100644 ---- a/drivers/target/iscsi/iscsi_target.c -+++ b/drivers/target/iscsi/iscsi_target.c -@@ -1361,7 +1361,7 @@ static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf) - * outstanding_r2ts reaches zero, go ahead and send the delayed - * TASK_ABORTED status. - */ -- if (atomic_read(&se_cmd->t_transport_aborted) != 0) { -+ if (atomic_read_unchecked(&se_cmd->t_transport_aborted) != 0) { - if (hdr->flags & ISCSI_FLAG_CMD_FINAL) - if (--cmd->outstanding_r2ts < 1) { - iscsit_stop_dataout_timer(cmd); diff --git a/drivers/target/target_core_tmr.c b/drivers/target/target_core_tmr.c -index dcb0618..97e3d85 100644 +index f015839..b15dfc4 100644 --- a/drivers/target/target_core_tmr.c +++ b/drivers/target/target_core_tmr.c -@@ -260,7 +260,7 @@ static void core_tmr_drain_task_list( +@@ -327,7 +327,7 @@ static void core_tmr_drain_task_list( cmd->se_tfo->get_task_tag(cmd), cmd->pr_res_key, cmd->t_task_list_num, atomic_read(&cmd->t_task_cdbs_left), - atomic_read(&cmd->t_task_cdbs_sent), + atomic_read_unchecked(&cmd->t_task_cdbs_sent), - atomic_read(&cmd->t_transport_active), - atomic_read(&cmd->t_transport_stop), - atomic_read(&cmd->t_transport_sent)); -@@ -291,7 +291,7 @@ static void core_tmr_drain_task_list( - pr_debug("LUN_RESET: got t_transport_active = 1 for" - " task: %p, t_fe_count: %d dev: %p\n", task, - fe_count, dev); -- atomic_set(&cmd->t_transport_aborted, 1); -+ atomic_set_unchecked(&cmd->t_transport_aborted, 1); - spin_unlock_irqrestore(&cmd->t_state_lock, flags); - - core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count); -@@ -299,7 +299,7 @@ static void core_tmr_drain_task_list( - } - pr_debug("LUN_RESET: Got t_transport_active = 0 for task: %p," - " t_fe_count: %d dev: %p\n", task, fe_count, dev); -- atomic_set(&cmd->t_transport_aborted, 1); -+ atomic_set_unchecked(&cmd->t_transport_aborted, 1); - spin_unlock_irqrestore(&cmd->t_state_lock, flags); - - core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count); + (cmd->transport_state & CMD_T_ACTIVE) != 0, + (cmd->transport_state & CMD_T_STOP) != 0, + (cmd->transport_state & CMD_T_SENT) != 0); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index cd5cd95..5249d30 100644 +index 443704f..92d3517 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c -@@ -1330,7 +1330,7 @@ struct se_device *transport_add_device_to_core_hba( +@@ -1355,7 +1355,7 @@ struct se_device *transport_add_device_to_core_hba( spin_lock_init(&dev->se_port_lock); spin_lock_init(&dev->se_tmr_lock); spin_lock_init(&dev->qf_cmd_lock); @@ -38581,7 +37307,7 @@ index cd5cd95..5249d30 100644 se_dev_set_default_attribs(dev, dev_limits); -@@ -1517,7 +1517,7 @@ static int transport_check_alloc_task_attr(struct se_cmd *cmd) +@@ -1542,7 +1542,7 @@ static int transport_check_alloc_task_attr(struct se_cmd *cmd) * Used to determine when ORDERED commands should go from * Dormant to Active status. */ @@ -38590,16 +37316,16 @@ index cd5cd95..5249d30 100644 smp_mb__after_atomic_inc(); pr_debug("Allocated se_ordered_id: %u for Task Attr: 0x%02x on %s\n", cmd->se_ordered_id, cmd->sam_task_attr, -@@ -1862,7 +1862,7 @@ static void transport_generic_request_failure(struct se_cmd *cmd) - " t_transport_active: %d t_transport_stop: %d" - " t_transport_sent: %d\n", cmd->t_task_list_num, +@@ -1956,7 +1956,7 @@ void transport_generic_request_failure(struct se_cmd *cmd) + " CMD_T_ACTIVE: %d CMD_T_STOP: %d CMD_T_SENT: %d\n", + cmd->t_task_list_num, atomic_read(&cmd->t_task_cdbs_left), - atomic_read(&cmd->t_task_cdbs_sent), + atomic_read_unchecked(&cmd->t_task_cdbs_sent), atomic_read(&cmd->t_task_cdbs_ex_left), - atomic_read(&cmd->t_transport_active), - atomic_read(&cmd->t_transport_stop), -@@ -2121,9 +2121,9 @@ check_depth: + (cmd->transport_state & CMD_T_ACTIVE) != 0, + (cmd->transport_state & CMD_T_STOP) != 0, +@@ -2216,9 +2216,9 @@ check_depth: cmd = task->task_se_cmd; spin_lock_irqsave(&cmd->t_state_lock, flags); task->task_flags |= (TF_ACTIVE | TF_SENT); @@ -38609,37 +37335,10 @@ index cd5cd95..5249d30 100644 - if (atomic_read(&cmd->t_task_cdbs_sent) == + if (atomic_read_unchecked(&cmd->t_task_cdbs_sent) == cmd->t_task_list_num) - atomic_set(&cmd->t_transport_sent, 1); - -@@ -4348,7 +4348,7 @@ bool transport_wait_for_tasks(struct se_cmd *cmd) - atomic_set(&cmd->transport_lun_stop, 0); - } - if (!atomic_read(&cmd->t_transport_active) || -- atomic_read(&cmd->t_transport_aborted)) { -+ atomic_read_unchecked(&cmd->t_transport_aborted)) { - spin_unlock_irqrestore(&cmd->t_state_lock, flags); - return false; - } -@@ -4597,7 +4597,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status) - { - int ret = 0; + cmd->transport_state |= CMD_T_SENT; -- if (atomic_read(&cmd->t_transport_aborted) != 0) { -+ if (atomic_read_unchecked(&cmd->t_transport_aborted) != 0) { - if (!send_status || - (cmd->se_cmd_flags & SCF_SENT_DELAYED_TAS)) - return 1; -@@ -4634,7 +4634,7 @@ void transport_send_task_abort(struct se_cmd *cmd) - */ - if (cmd->data_direction == DMA_TO_DEVICE) { - if (cmd->se_tfo->write_pending_status(cmd) != 0) { -- atomic_inc(&cmd->t_transport_aborted); -+ atomic_inc_unchecked(&cmd->t_transport_aborted); - smp_mb__after_atomic_inc(); - } - } diff --git a/drivers/tty/hvc/hvcs.c b/drivers/tty/hvc/hvcs.c -index b9040be..e3f5aab 100644 +index 3436436..772237b 100644 --- a/drivers/tty/hvc/hvcs.c +++ b/drivers/tty/hvc/hvcs.c @@ -83,6 +83,7 @@ @@ -38668,7 +37367,7 @@ index b9040be..e3f5aab 100644 spin_unlock_irqrestore(&hvcsd->lock, flags); printk(KERN_INFO "HVCS: vterm state unchanged. " "The hvcs device node is still in use.\n"); -@@ -1145,7 +1146,7 @@ static int hvcs_open(struct tty_struct *tty, struct file *filp) +@@ -1138,7 +1139,7 @@ static int hvcs_open(struct tty_struct *tty, struct file *filp) if ((retval = hvcs_partner_connect(hvcsd))) goto error_release; @@ -38677,7 +37376,7 @@ index b9040be..e3f5aab 100644 hvcsd->tty = tty; tty->driver_data = hvcsd; -@@ -1179,7 +1180,7 @@ fast_open: +@@ -1172,7 +1173,7 @@ fast_open: spin_lock_irqsave(&hvcsd->lock, flags); kref_get(&hvcsd->kref); @@ -38686,7 +37385,7 @@ index b9040be..e3f5aab 100644 hvcsd->todo_mask |= HVCS_SCHED_READ; spin_unlock_irqrestore(&hvcsd->lock, flags); -@@ -1223,7 +1224,7 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp) +@@ -1216,7 +1217,7 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp) hvcsd = tty->driver_data; spin_lock_irqsave(&hvcsd->lock, flags); @@ -38695,7 +37394,7 @@ index b9040be..e3f5aab 100644 vio_disable_interrupts(hvcsd->vdev); -@@ -1249,10 +1250,10 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp) +@@ -1242,10 +1243,10 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp) free_irq(irq, hvcsd); kref_put(&hvcsd->kref, destroy_hvcs_struct); return; @@ -38708,7 +37407,7 @@ index b9040be..e3f5aab 100644 } spin_unlock_irqrestore(&hvcsd->lock, flags); -@@ -1268,7 +1269,7 @@ static void hvcs_hangup(struct tty_struct * tty) +@@ -1261,7 +1262,7 @@ static void hvcs_hangup(struct tty_struct * tty) spin_lock_irqsave(&hvcsd->lock, flags); /* Preserve this so that we know how many kref refs to put */ @@ -38717,7 +37416,7 @@ index b9040be..e3f5aab 100644 /* * Don't kref put inside the spinlock because the destruction -@@ -1283,7 +1284,7 @@ static void hvcs_hangup(struct tty_struct * tty) +@@ -1276,7 +1277,7 @@ static void hvcs_hangup(struct tty_struct * tty) hvcsd->tty->driver_data = NULL; hvcsd->tty = NULL; @@ -38726,7 +37425,7 @@ index b9040be..e3f5aab 100644 /* This will drop any buffered data on the floor which is OK in a hangup * scenario. */ -@@ -1354,7 +1355,7 @@ static int hvcs_write(struct tty_struct *tty, +@@ -1347,7 +1348,7 @@ static int hvcs_write(struct tty_struct *tty, * the middle of a write operation? This is a crummy place to do this * but we want to keep it all in the spinlock. */ @@ -38735,7 +37434,7 @@ index b9040be..e3f5aab 100644 spin_unlock_irqrestore(&hvcsd->lock, flags); return -ENODEV; } -@@ -1428,7 +1429,7 @@ static int hvcs_write_room(struct tty_struct *tty) +@@ -1421,7 +1422,7 @@ static int hvcs_write_room(struct tty_struct *tty) { struct hvcs_struct *hvcsd = tty->driver_data; @@ -38745,7 +37444,7 @@ index b9040be..e3f5aab 100644 return HVCS_BUFF_LEN - hvcsd->chars_in_buffer; diff --git a/drivers/tty/ipwireless/tty.c b/drivers/tty/ipwireless/tty.c -index ef92869..f4ebd88 100644 +index 4daf962..b4a2281 100644 --- a/drivers/tty/ipwireless/tty.c +++ b/drivers/tty/ipwireless/tty.c @@ -29,6 +29,7 @@ @@ -38765,7 +37464,7 @@ index ef92869..f4ebd88 100644 unsigned int control_lines; struct mutex ipw_tty_mutex; int tx_bytes_queued; -@@ -127,10 +128,10 @@ static int ipw_open(struct tty_struct *linux_tty, struct file *filp) +@@ -117,10 +118,10 @@ static int ipw_open(struct tty_struct *linux_tty, struct file *filp) mutex_unlock(&tty->ipw_tty_mutex); return -ENODEV; } @@ -38778,7 +37477,7 @@ index ef92869..f4ebd88 100644 tty->linux_tty = linux_tty; linux_tty->driver_data = tty; -@@ -146,9 +147,7 @@ static int ipw_open(struct tty_struct *linux_tty, struct file *filp) +@@ -136,9 +137,7 @@ static int ipw_open(struct tty_struct *linux_tty, struct file *filp) static void do_ipw_close(struct ipw_tty *tty) { @@ -38789,7 +37488,7 @@ index ef92869..f4ebd88 100644 struct tty_struct *linux_tty = tty->linux_tty; if (linux_tty != NULL) { -@@ -169,7 +168,7 @@ static void ipw_hangup(struct tty_struct *linux_tty) +@@ -159,7 +158,7 @@ static void ipw_hangup(struct tty_struct *linux_tty) return; mutex_lock(&tty->ipw_tty_mutex); @@ -38798,7 +37497,7 @@ index ef92869..f4ebd88 100644 mutex_unlock(&tty->ipw_tty_mutex); return; } -@@ -198,7 +197,7 @@ void ipwireless_tty_received(struct ipw_tty *tty, unsigned char *data, +@@ -188,7 +187,7 @@ void ipwireless_tty_received(struct ipw_tty *tty, unsigned char *data, return; } @@ -38807,7 +37506,7 @@ index ef92869..f4ebd88 100644 mutex_unlock(&tty->ipw_tty_mutex); return; } -@@ -240,7 +239,7 @@ static int ipw_write(struct tty_struct *linux_tty, +@@ -230,7 +229,7 @@ static int ipw_write(struct tty_struct *linux_tty, return -ENODEV; mutex_lock(&tty->ipw_tty_mutex); @@ -38816,7 +37515,7 @@ index ef92869..f4ebd88 100644 mutex_unlock(&tty->ipw_tty_mutex); return -EINVAL; } -@@ -280,7 +279,7 @@ static int ipw_write_room(struct tty_struct *linux_tty) +@@ -270,7 +269,7 @@ static int ipw_write_room(struct tty_struct *linux_tty) if (!tty) return -ENODEV; @@ -38825,7 +37524,7 @@ index ef92869..f4ebd88 100644 return -EINVAL; room = IPWIRELESS_TX_QUEUE_SIZE - tty->tx_bytes_queued; -@@ -322,7 +321,7 @@ static int ipw_chars_in_buffer(struct tty_struct *linux_tty) +@@ -312,7 +311,7 @@ static int ipw_chars_in_buffer(struct tty_struct *linux_tty) if (!tty) return 0; @@ -38834,7 +37533,7 @@ index ef92869..f4ebd88 100644 return 0; return tty->tx_bytes_queued; -@@ -403,7 +402,7 @@ static int ipw_tiocmget(struct tty_struct *linux_tty) +@@ -393,7 +392,7 @@ static int ipw_tiocmget(struct tty_struct *linux_tty) if (!tty) return -ENODEV; @@ -38843,7 +37542,7 @@ index ef92869..f4ebd88 100644 return -EINVAL; return get_control_lines(tty); -@@ -419,7 +418,7 @@ ipw_tiocmset(struct tty_struct *linux_tty, +@@ -409,7 +408,7 @@ ipw_tiocmset(struct tty_struct *linux_tty, if (!tty) return -ENODEV; @@ -38852,7 +37551,7 @@ index ef92869..f4ebd88 100644 return -EINVAL; return set_control_lines(tty, set, clear); -@@ -433,7 +432,7 @@ static int ipw_ioctl(struct tty_struct *linux_tty, +@@ -423,7 +422,7 @@ static int ipw_ioctl(struct tty_struct *linux_tty, if (!tty) return -ENODEV; @@ -38861,7 +37560,7 @@ index ef92869..f4ebd88 100644 return -EINVAL; /* FIXME: Exactly how is the tty object locked here .. */ -@@ -582,7 +581,7 @@ void ipwireless_tty_free(struct ipw_tty *tty) +@@ -572,7 +571,7 @@ void ipwireless_tty_free(struct ipw_tty *tty) against a parallel ioctl etc */ mutex_lock(&ttyj->ipw_tty_mutex); } @@ -38871,7 +37570,7 @@ index ef92869..f4ebd88 100644 ipwireless_disassociate_network_ttys(network, ttyj->channel_idx); diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c -index fc7bbba..9527e93 100644 +index c43b683..0a88f1c 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -1629,7 +1629,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) @@ -38884,10 +37583,10 @@ index fc7bbba..9527e93 100644 return NULL; } diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c -index d2256d0..97476fa 100644 +index 94b6eda..15f7cec 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c -@@ -2123,6 +2123,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) +@@ -2122,6 +2122,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) { *ops = tty_ldisc_N_TTY; ops->owner = NULL; @@ -38897,11 +37596,11 @@ index d2256d0..97476fa 100644 } EXPORT_SYMBOL_GPL(n_tty_inherit_ops); diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c -index d8653ab..f8afd9d 100644 +index eeae7fa..177a743 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c -@@ -765,8 +765,10 @@ static void __init unix98_pty_init(void) - register_sysctl_table(pty_root_table); +@@ -707,8 +707,10 @@ static void __init unix98_pty_init(void) + panic("Couldn't register Unix98 pts driver"); /* Now create the /dev/ptmx special device */ + pax_open_kernel(); @@ -39015,10 +37714,10 @@ index 2b42a01..32a2ed3 100644 /* This is only available if kgdboc is a built in for early debugging */ static int __init kgdboc_early_init(char *opt) diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c -index 7867b7c..b3c119d 100644 +index 05728894..b9d44c6 100644 --- a/drivers/tty/sysrq.c +++ b/drivers/tty/sysrq.c -@@ -862,7 +862,7 @@ EXPORT_SYMBOL(unregister_sysrq_key); +@@ -865,7 +865,7 @@ EXPORT_SYMBOL(unregister_sysrq_key); static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { @@ -39028,10 +37727,10 @@ index 7867b7c..b3c119d 100644 if (get_user(c, buf)) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index e41b9bb..84002fb 100644 +index d939bd7..33d92cd 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c -@@ -3291,7 +3291,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); +@@ -3278,7 +3278,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); void tty_default_fops(struct file_operations *fops) { @@ -39090,10 +37789,10 @@ index 24b95db..9c078d0 100644 spin_unlock_irqrestore(&tty_ldisc_lock, flags); } diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c -index a605549..6bd3c96 100644 +index 3b0c4e3..f98a992 100644 --- a/drivers/tty/vt/keyboard.c +++ b/drivers/tty/vt/keyboard.c -@@ -657,6 +657,16 @@ static void k_spec(struct vc_data *vc, unsigned char value, char up_flag) +@@ -663,6 +663,16 @@ static void k_spec(struct vc_data *vc, unsigned char value, char up_flag) kbd->kbdmode == VC_OFF) && value != KVAL(K_SAK)) return; /* SAK is allowed even in raw mode */ @@ -39110,11 +37809,7 @@ index a605549..6bd3c96 100644 fn_handler[value](vc); } -diff --git a/drivers/tty/vt/vt_ioctl.c b/drivers/tty/vt/vt_ioctl.c -index 65447c5..0526f0a 100644 ---- a/drivers/tty/vt/vt_ioctl.c -+++ b/drivers/tty/vt/vt_ioctl.c -@@ -207,9 +207,6 @@ do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, struct kbd_str +@@ -1812,9 +1822,6 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, if (copy_from_user(&tmp, user_kbe, sizeof(struct kbentry))) return -EFAULT; @@ -39123,9 +37818,9 @@ index 65447c5..0526f0a 100644 - switch (cmd) { case KDGKBENT: - key_map = key_maps[s]; -@@ -221,6 +218,9 @@ do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, struct kbd_str - val = (i ? K_HOLE : K_NOSUCHMAP); + /* Ensure another thread doesn't free it under us */ +@@ -1829,6 +1836,9 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, + spin_unlock_irqrestore(&kbd_event_lock, flags); return put_user(val, &user_kbe->kb_value); case KDSKBENT: + if (!capable(CAP_SYS_TTY_CONFIG)) @@ -39134,7 +37829,7 @@ index 65447c5..0526f0a 100644 if (!perm) return -EPERM; if (!i && v == K_NOSUCHMAP) { -@@ -322,9 +322,6 @@ do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) +@@ -1919,9 +1929,6 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) int i, j, k; int ret; @@ -39144,7 +37839,7 @@ index 65447c5..0526f0a 100644 kbs = kmalloc(sizeof(*kbs), GFP_KERNEL); if (!kbs) { ret = -ENOMEM; -@@ -358,6 +355,9 @@ do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) +@@ -1955,6 +1962,9 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) kfree(kbs); return ((p && *p) ? -EOVERFLOW : 0); case KDSKBSENT: @@ -39453,10 +38148,10 @@ index 57c01ab..8a05959 100644 /* diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c -index c14c42b..f955cc2 100644 +index 51e4c1e..9d87e2a 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c -@@ -629,7 +629,7 @@ static long vhost_set_memory(struct vhost_dev *d, struct vhost_memory __user *m) +@@ -632,7 +632,7 @@ static long vhost_set_memory(struct vhost_dev *d, struct vhost_memory __user *m) return 0; } @@ -42326,10 +41021,10 @@ index 3c14e43..eafa544 100644 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 +4 4 4 4 4 4 diff --git a/drivers/video/udlfb.c b/drivers/video/udlfb.c -index a40c05e..785c583 100644 +index a159b63..4ab532d 100644 --- a/drivers/video/udlfb.c +++ b/drivers/video/udlfb.c -@@ -619,11 +619,11 @@ int dlfb_handle_damage(struct dlfb_data *dev, int x, int y, +@@ -620,11 +620,11 @@ int dlfb_handle_damage(struct dlfb_data *dev, int x, int y, dlfb_urb_completion(urb); error: @@ -42345,7 +41040,7 @@ index a40c05e..785c583 100644 >> 10)), /* Kcycles */ &dev->cpu_kcycles_used); -@@ -744,11 +744,11 @@ static void dlfb_dpy_deferred_io(struct fb_info *info, +@@ -745,11 +745,11 @@ static void dlfb_dpy_deferred_io(struct fb_info *info, dlfb_urb_completion(urb); error: @@ -42361,7 +41056,7 @@ index a40c05e..785c583 100644 >> 10)), /* Kcycles */ &dev->cpu_kcycles_used); } -@@ -1368,7 +1368,7 @@ static ssize_t metrics_bytes_rendered_show(struct device *fbdev, +@@ -1373,7 +1373,7 @@ static ssize_t metrics_bytes_rendered_show(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; return snprintf(buf, PAGE_SIZE, "%u\n", @@ -42370,7 +41065,7 @@ index a40c05e..785c583 100644 } static ssize_t metrics_bytes_identical_show(struct device *fbdev, -@@ -1376,7 +1376,7 @@ static ssize_t metrics_bytes_identical_show(struct device *fbdev, +@@ -1381,7 +1381,7 @@ static ssize_t metrics_bytes_identical_show(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; return snprintf(buf, PAGE_SIZE, "%u\n", @@ -42379,7 +41074,7 @@ index a40c05e..785c583 100644 } static ssize_t metrics_bytes_sent_show(struct device *fbdev, -@@ -1384,7 +1384,7 @@ static ssize_t metrics_bytes_sent_show(struct device *fbdev, +@@ -1389,7 +1389,7 @@ static ssize_t metrics_bytes_sent_show(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; return snprintf(buf, PAGE_SIZE, "%u\n", @@ -42388,7 +41083,7 @@ index a40c05e..785c583 100644 } static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev, -@@ -1392,7 +1392,7 @@ static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev, +@@ -1397,7 +1397,7 @@ static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; return snprintf(buf, PAGE_SIZE, "%u\n", @@ -42397,7 +41092,7 @@ index a40c05e..785c583 100644 } static ssize_t edid_show( -@@ -1449,10 +1449,10 @@ static ssize_t metrics_reset_store(struct device *fbdev, +@@ -1457,10 +1457,10 @@ static ssize_t metrics_reset_store(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; @@ -42413,7 +41108,7 @@ index a40c05e..785c583 100644 return count; } diff --git a/drivers/video/uvesafb.c b/drivers/video/uvesafb.c -index 8408543..d6f20f1 100644 +index b0e2a42..e2df3ad 100644 --- a/drivers/video/uvesafb.c +++ b/drivers/video/uvesafb.c @@ -19,6 +19,7 @@ @@ -42424,24 +41119,6 @@ index 8408543..d6f20f1 100644 #include